From 4def79504e9c5ce341b8ce33fbc10faa86bed261 Mon Sep 17 00:00:00 2001 From: Ned Wright Date: Mon, 12 Feb 2024 17:56:07 +0200 Subject: [PATCH] open-appsec helm chart update Mon Feb 12 17:56:07 IST 2024 --- .../open-appsec-k8s-nginx-ingress/Chart.lock | 6 + .../open-appsec-k8s-nginx-ingress/Chart.yaml | 14 +- .../open-appsec-k8s-nginx-ingress/README.md | 12 +- .../changelog/helm-chart-4.9.1.md | 10 + .../charts/postgresql/.helmignore | 21 + .../charts/postgresql/Chart.lock | 6 + .../charts/postgresql/Chart.yaml | 31 + .../charts/postgresql/README.md | 685 ++++++ .../postgresql/charts/common/.helmignore | 22 + .../postgresql/charts/common/Chart.yaml | 24 + .../charts/postgresql/charts/common/README.md | 233 ++ .../charts/common/templates/_affinities.tpl | 106 + .../charts/common/templates/_capabilities.tpl | 154 ++ .../charts/common/templates/_errors.tpl | 23 + .../charts/common/templates/_images.tpl | 80 + .../charts/common/templates/_ingress.tpl | 68 + .../charts/common/templates/_labels.tpl | 18 + .../charts/common/templates/_names.tpl | 66 + .../charts/common/templates/_secrets.tpl | 165 ++ .../charts/common/templates/_storage.tpl | 23 + .../charts/common/templates/_tplvalues.tpl | 13 + .../charts/common/templates/_utils.tpl | 62 + .../charts/common/templates/_warnings.tpl | 14 + .../templates/validations/_cassandra.tpl | 72 + .../common/templates/validations/_mariadb.tpl | 103 + .../common/templates/validations/_mongodb.tpl | 108 + .../common/templates/validations/_mysql.tpl | 103 + .../templates/validations/_postgresql.tpl | 129 + .../common/templates/validations/_redis.tpl | 76 + .../templates/validations/_validations.tpl | 46 + .../postgresql/charts/common/values.yaml | 5 + .../charts/postgresql/templates/NOTES.txt | 91 + .../charts/postgresql/templates/_helpers.tpl | 399 ++++ .../postgresql/templates/extra-list.yaml | 4 + .../templates/networkpolicy-egress.yaml | 32 + .../templates/primary/configmap.yaml | 24 + .../templates/primary/extended-configmap.yaml | 18 + .../primary/initialization-configmap.yaml | 15 + .../templates/primary/metrics-configmap.yaml | 16 + .../templates/primary/metrics-svc.yaml | 33 + .../templates/primary/networkpolicy.yaml | 57 + .../templates/primary/servicemonitor.yaml | 48 + .../templates/primary/statefulset.yaml | 640 +++++ .../templates/primary/svc-headless.yaml | 37 + .../postgresql/templates/primary/svc.yaml | 53 + .../postgresql/templates/prometheusrule.yaml | 22 + .../charts/postgresql/templates/psp.yaml | 41 + .../templates/read/extended-configmap.yaml | 18 + .../templates/read/metrics-configmap.yaml | 16 + .../templates/read/metrics-svc.yaml | 33 + .../templates/read/networkpolicy.yaml | 36 + .../templates/read/servicemonitor.yaml | 48 + .../templates/read/statefulset.yaml | 537 +++++ .../templates/read/svc-headless.yaml | 39 + .../charts/postgresql/templates/read/svc.yaml | 55 + .../charts/postgresql/templates/role.yaml | 31 + .../postgresql/templates/rolebinding.yaml | 22 + .../charts/postgresql/templates/secrets.yaml | 103 + .../postgresql/templates/serviceaccount.yaml | 19 + .../postgresql/templates/tls-secrets.yaml | 28 + .../charts/postgresql/values.schema.json | 156 ++ .../charts/postgresql/values.yaml | 1425 +++++++++++ .../templates/appsec.yaml | 2 + .../templates/clusterrolebinding.yaml | 3 + .../templates/tuning-deployment.yaml | 71 + .../templates/tuning-serviceaccount.yaml | 7 + .../templates/tuning-svc.yaml | 13 + .../open-appsec-k8s-nginx-ingress/values.yaml | 31 +- .../charts/open-appsec-kong/CHANGELOG.md | 46 + .../charts/open-appsec-kong/Chart.yaml | 4 +- .../charts/open-appsec-kong/README.md | 6 +- .../open-appsec-kong/ci/.chartsnap.yaml | 26 + .../admin-api-service-clusterip-values.snap | 371 +++ .../__snapshots__/custom-labels-values.snap | 888 +++++++ .../ci/__snapshots__/default-values.snap | 880 +++++++ .../__snapshots__/kong-ingress-1-values.snap | 909 +++++++ .../__snapshots__/kong-ingress-2-values.snap | 911 +++++++ .../__snapshots__/kong-ingress-3-values.snap | 898 +++++++ .../__snapshots__/kong-ingress-4-values.snap | 951 ++++++++ .../ci/__snapshots__/service-account.snap | 874 +++++++ .../single-image-default-values.snap | 880 +++++++ ...est-enterprise-version-3.4.0.0-values.snap | 311 +++ .../ci/__snapshots__/test1-values.snap | 967 ++++++++ .../ci/__snapshots__/test2-values.snap | 2106 +++++++++++++++++ .../ci/__snapshots__/test3-values.snap | 369 +++ .../ci/__snapshots__/test4-values.snap | 386 +++ .../ci/__snapshots__/test5-values.snap | 1983 ++++++++++++++++ .../open-appsec-kong/ci/test2-values.yaml | 14 + .../quickstart-enterprise-licensed-aio.yaml | 1 + .../open-appsec-kong/templates/NOTES.txt | 14 + .../open-appsec-kong/templates/_helpers.tpl | 91 +- .../open-appsec-kong/templates/appsec.yaml | 2 + .../templates/deployment.yaml | 2 + .../templates/migrations-post-upgrade.yaml | 1 + .../templates/migrations-pre-upgrade.yaml | 1 + .../templates/migrations.yaml | 1 + .../charts/open-appsec-kong/values.yaml | 12 +- .../open-appsec-k8s-kong-premium-1.1.5.tgz | Bin 0 -> 210425 bytes .../open-appsec-k8s-kong-premium-latest.tgz | Bin 0 -> 210425 bytes .../kong/open-appsec-k8s-kong-1.1.5.tgz | Bin 0 -> 210414 bytes .../kong/open-appsec-k8s-kong-latest.tgz | Bin 0 -> 210414 bytes ...appsec-k8s-nginx-ingress-premium-1.1.5.tgz | Bin 0 -> 115727 bytes ...ppsec-k8s-nginx-ingress-premium-latest.tgz | Bin 0 -> 115727 bytes .../open-appsec-k8s-nginx-ingress-1.1.5.tgz | Bin 0 -> 115713 bytes .../open-appsec-k8s-nginx-ingress-latest.tgz | Bin 0 -> 115713 bytes 105 files changed, 20582 insertions(+), 44 deletions(-) create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/Chart.lock create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/changelog/helm-chart-4.9.1.md create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/.helmignore create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/Chart.lock create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/Chart.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/README.md create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/.helmignore create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/Chart.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/README.md create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_affinities.tpl create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_capabilities.tpl create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_errors.tpl create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_images.tpl create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_ingress.tpl create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_labels.tpl create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_names.tpl create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_secrets.tpl create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_storage.tpl create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_tplvalues.tpl create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_utils.tpl create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_warnings.tpl create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_cassandra.tpl create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_mariadb.tpl create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_mongodb.tpl create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_mysql.tpl create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_postgresql.tpl create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_redis.tpl create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_validations.tpl create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/values.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/NOTES.txt create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/_helpers.tpl create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/extra-list.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/networkpolicy-egress.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/configmap.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/extended-configmap.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/initialization-configmap.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/metrics-configmap.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/metrics-svc.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/networkpolicy.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/servicemonitor.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/statefulset.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/svc-headless.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/svc.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/prometheusrule.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/psp.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/extended-configmap.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/metrics-configmap.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/metrics-svc.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/networkpolicy.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/servicemonitor.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/statefulset.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/svc-headless.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/svc.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/role.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/rolebinding.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/secrets.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/serviceaccount.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/tls-secrets.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/values.schema.json create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/values.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/templates/tuning-deployment.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/templates/tuning-serviceaccount.yaml create mode 100644 build_system/charts/open-appsec-k8s-nginx-ingress/templates/tuning-svc.yaml create mode 100644 build_system/charts/open-appsec-kong/ci/.chartsnap.yaml create mode 100644 build_system/charts/open-appsec-kong/ci/__snapshots__/admin-api-service-clusterip-values.snap create mode 100644 build_system/charts/open-appsec-kong/ci/__snapshots__/custom-labels-values.snap create mode 100644 build_system/charts/open-appsec-kong/ci/__snapshots__/default-values.snap create mode 100644 build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-1-values.snap create mode 100644 build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-2-values.snap create mode 100644 build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-3-values.snap create mode 100644 build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-4-values.snap create mode 100644 build_system/charts/open-appsec-kong/ci/__snapshots__/service-account.snap create mode 100644 build_system/charts/open-appsec-kong/ci/__snapshots__/single-image-default-values.snap create mode 100644 build_system/charts/open-appsec-kong/ci/__snapshots__/test-enterprise-version-3.4.0.0-values.snap create mode 100644 build_system/charts/open-appsec-kong/ci/__snapshots__/test1-values.snap create mode 100644 build_system/charts/open-appsec-kong/ci/__snapshots__/test2-values.snap create mode 100644 build_system/charts/open-appsec-kong/ci/__snapshots__/test3-values.snap create mode 100644 build_system/charts/open-appsec-kong/ci/__snapshots__/test4-values.snap create mode 100644 build_system/charts/open-appsec-kong/ci/__snapshots__/test5-values.snap create mode 100644 output/helm-charts/kong-premium/open-appsec-k8s-kong-premium-1.1.5.tgz create mode 100644 output/helm-charts/kong-premium/open-appsec-k8s-kong-premium-latest.tgz create mode 100644 output/helm-charts/kong/open-appsec-k8s-kong-1.1.5.tgz create mode 100644 output/helm-charts/kong/open-appsec-k8s-kong-latest.tgz create mode 100644 output/helm-charts/nginx-ingress-premium/open-appsec-k8s-nginx-ingress-premium-1.1.5.tgz create mode 100644 output/helm-charts/nginx-ingress-premium/open-appsec-k8s-nginx-ingress-premium-latest.tgz create mode 100644 output/helm-charts/nginx-ingress/open-appsec-k8s-nginx-ingress-1.1.5.tgz create mode 100644 output/helm-charts/nginx-ingress/open-appsec-k8s-nginx-ingress-latest.tgz diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/Chart.lock b/build_system/charts/open-appsec-k8s-nginx-ingress/Chart.lock new file mode 100644 index 0000000..05e322c --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 12.2.8 +digest: sha256:0d13b8b0c66b8e18781eac510ce58b069518ff14a6a15ad90375e7f0ffad71fe +generated: "2024-02-11T17:18:56.196746248Z" diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/Chart.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/Chart.yaml index 0f28dfc..7741ec8 100644 --- a/build_system/charts/open-appsec-k8s-nginx-ingress/Chart.yaml +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/Chart.yaml @@ -1,13 +1,15 @@ annotations: artifacthub.io/changes: |- - - "Add controller.metrics.serviceMonitor.annotations in Helm chart" - - "fix(labels): use complete labels variable on default-backend deployment" - - "chart: allow setting allocateLoadBalancerNodePorts (#10693)" - - "[release-1.9] feat(helm): add documentation about metric args (#10695)" - - "Update Ingress-Nginx version controller-v1.9.5" + - "update web hook cert gen to latest release v20231226-1a7112e06" + - "Update Ingress-Nginx version controller-v1.9.6" artifacthub.io/prerelease: "false" apiVersion: v2 appVersion: latest +dependencies: +- condition: appsec.tuning.enabled + name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 12.2.8 keywords: - ingress - nginx @@ -15,4 +17,4 @@ kubeVersion: '>=1.20.0-0' name: open-appsec-k8s-nginx-ingress sources: - https://github.com/kubernetes/ingress-nginx -version: 4.9.0 +version: 4.9.1 diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/README.md b/build_system/charts/open-appsec-k8s-nginx-ingress/README.md index 7c351e4..44bb10b 100644 --- a/build_system/charts/open-appsec-k8s-nginx-ingress/README.md +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/README.md @@ -2,7 +2,7 @@ [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer -![Version: 4.9.0](https://img.shields.io/badge/Version-4.9.0-informational?style=flat-square) ![AppVersion: 1.9.5](https://img.shields.io/badge/AppVersion-1.9.5-informational?style=flat-square) +![Version: 4.9.1](https://img.shields.io/badge/Version-4.9.1-informational?style=flat-square) ![AppVersion: 1.9.6](https://img.shields.io/badge/AppVersion-1.9.6-informational?style=flat-square) To use, add `ingressClassName: nginx` spec field or the `kubernetes.io/ingress.class: nginx` annotation to your Ingress resources. @@ -253,11 +253,11 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.admissionWebhooks.namespaceSelector | object | `{}` | | | controller.admissionWebhooks.objectSelector | object | `{}` | | | controller.admissionWebhooks.patch.enabled | bool | `true` | | -| controller.admissionWebhooks.patch.image.digest | string | `"sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80"` | | +| controller.admissionWebhooks.patch.image.digest | string | `"sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084"` | | | controller.admissionWebhooks.patch.image.image | string | `"ingress-nginx/kube-webhook-certgen"` | | | controller.admissionWebhooks.patch.image.pullPolicy | string | `"IfNotPresent"` | | | controller.admissionWebhooks.patch.image.registry | string | `"registry.k8s.io"` | | -| controller.admissionWebhooks.patch.image.tag | string | `"v20231011-8b53cabe0"` | | +| controller.admissionWebhooks.patch.image.tag | string | `"v20231226-1a7112e06"` | | | controller.admissionWebhooks.patch.labels | object | `{}` | Labels to be added to patch job resources | | controller.admissionWebhooks.patch.networkPolicy.enabled | bool | `false` | Enable 'networkPolicy' or not | | controller.admissionWebhooks.patch.nodeSelector."kubernetes.io/os" | string | `"linux"` | | @@ -317,8 +317,8 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.hostname | object | `{}` | Optionally customize the pod hostname. | | controller.image.allowPrivilegeEscalation | bool | `false` | | | controller.image.chroot | bool | `false` | | -| controller.image.digest | string | `"sha256:b3aba22b1da80e7acfc52b115cae1d4c687172cbf2b742d5b502419c25ff340e"` | | -| controller.image.digestChroot | string | `"sha256:9a8d7b25a846a6461cd044b9aea9cf6cad972bcf2e64d9fd246c0279979aad2d"` | | +| controller.image.digest | string | `"sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c"` | | +| controller.image.digestChroot | string | `"sha256:7eb46ff733429e0e46892903c7394aff149ac6d284d92b3946f3baf7ff26a096"` | | | controller.image.image | string | `"ingress-nginx/controller"` | | | controller.image.pullPolicy | string | `"IfNotPresent"` | | | controller.image.readOnlyRootFilesystem | bool | `false` | | @@ -326,7 +326,7 @@ As of version `1.26.0` of this chart, by simply not providing any clusterIP valu | controller.image.runAsNonRoot | bool | `true` | | | controller.image.runAsUser | int | `101` | | | controller.image.seccompProfile.type | string | `"RuntimeDefault"` | | -| controller.image.tag | string | `"v1.9.5"` | | +| controller.image.tag | string | `"v1.9.6"` | | | controller.ingressClass | string | `"nginx"` | For backwards compatibility with ingress.class annotation, use ingressClass. Algorithm is as follows, first ingressClassName is considered, if not present, controller looks for ingress.class annotation | | controller.ingressClassByName | bool | `false` | Process IngressClass per name (additionally as per spec.controller). | | controller.ingressClassResource.controllerValue | string | `"k8s.io/ingress-nginx"` | Controller-value of the controller that is processing this ingressClass | diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/changelog/helm-chart-4.9.1.md b/build_system/charts/open-appsec-k8s-nginx-ingress/changelog/helm-chart-4.9.1.md new file mode 100644 index 0000000..c6120e7 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/changelog/helm-chart-4.9.1.md @@ -0,0 +1,10 @@ +# Changelog + +This file documents all notable changes to [ingress-nginx](https://github.com/kubernetes/ingress-nginx) Helm Chart. The release numbering uses [semantic versioning](http://semver.org). + +### 4.9.1 + +* - "update web hook cert gen to latest release v20231226-1a7112e06" +* - "Update Ingress-Nginx version controller-v1.9.6" + +**Full Changelog**: https://github.com/kubernetes/ingress-nginx/compare/helm-chart-4.9.0...helm-chart-4.9.1 diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/.helmignore b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/Chart.lock b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/Chart.lock new file mode 100644 index 0000000..2b9dadc --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 2.2.4 +digest: sha256:634d19e9b7f6e4c07d7c04a0161ab96b3f83335ebdd70b35b952319ef0a2586b +generated: "2023-03-14T07:26:55.449518929Z" diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/Chart.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/Chart.yaml new file mode 100644 index 0000000..3b41745 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + category: Database + licenses: Apache-2.0 +apiVersion: v2 +appVersion: 15.2.0 +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 2.x.x +description: PostgreSQL (Postgres) is an open source object-relational database known + for reliability and data integrity. ACID-compliant, it supports foreign keys, joins, + views, triggers and stored procedures. +home: https://github.com/bitnami/charts/tree/main/bitnami/postgresql +icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-220x234.png +keywords: +- postgresql +- postgres +- database +- sql +- replication +- cluster +maintainers: +- name: Bitnami + url: https://github.com/bitnami/charts +name: postgresql +sources: +- https://github.com/bitnami/containers/tree/main/bitnami/postgresql +- https://www.postgresql.org/ +version: 12.2.8 diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/README.md b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/README.md new file mode 100644 index 0000000..324baa5 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/README.md @@ -0,0 +1,685 @@ + + +# PostgreSQL packaged by Bitnami + +PostgreSQL (Postgres) is an open source object-relational database known for reliability and data integrity. ACID-compliant, it supports foreign keys, joins, views, triggers and stored procedures. + +[Overview of PostgreSQL](http://www.postgresql.org) + +Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. + +## TL;DR + +```console +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/postgresql +``` + +## Introduction + +This chart bootstraps a [PostgreSQL](https://github.com/bitnami/containers/tree/main/bitnami/postgresql) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +For HA, please see [this repo](https://github.com/bitnami/charts/tree/main/bitnami/postgresql-ha) + +Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm repo add my-repo https://charts.bitnami.com/bitnami +helm install my-release my-repo/postgresql +``` + +The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +helm delete my-release +``` + +The command removes all the Kubernetes components but PVC's associated with the chart and deletes the release. + +To delete the PVC's associated with `my-release`: + +```console +kubectl delete pvc -l release=my-release +``` + +> **Note**: Deleting the PVC's will delete postgresql data as well. Please be cautious before doing it. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | +| `global.postgresql.auth.postgresPassword` | Password for the "postgres" admin user (overrides `auth.postgresPassword`) | `""` | +| `global.postgresql.auth.username` | Name for a custom user to create (overrides `auth.username`) | `""` | +| `global.postgresql.auth.password` | Password for the custom user to create (overrides `auth.password`) | `""` | +| `global.postgresql.auth.database` | Name for a custom database to create (overrides `auth.database`) | `""` | +| `global.postgresql.auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials (overrides `auth.existingSecret`). | `""` | +| `global.postgresql.auth.secretKeys.adminPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.adminPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set. | `""` | +| `global.postgresql.auth.secretKeys.userPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.userPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set. | `""` | +| `global.postgresql.auth.secretKeys.replicationPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.replicationPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set. | `""` | +| `global.postgresql.service.ports.postgresql` | PostgreSQL service port (overrides `service.ports.postgresql`) | `""` | + +### Common parameters + +| Name | Description | Value | +| ------------------------ | -------------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Override Kubernetes version | `""` | +| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | +| `fullnameOverride` | String to fully override common.names.fullname template | `""` | +| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` | +| `commonLabels` | Add labels to all the deployed resources | `{}` | +| `commonAnnotations` | Add annotations to all the deployed resources | `{}` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the statefulset | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the statefulset | `["infinity"]` | + +### PostgreSQL common parameters + +| Name | Description | Value | +| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `image.registry` | PostgreSQL image registry | `docker.io` | +| `image.repository` | PostgreSQL image repository | `bitnami/postgresql` | +| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.2.0-debian-11-r21` | +| `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify image pull secrets | `[]` | +| `image.debug` | Specify if debug values should be set | `false` | +| `auth.enablePostgresUser` | Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user | `true` | +| `auth.postgresPassword` | Password for the "postgres" admin user. Ignored if `auth.existingSecret` is provided | `""` | +| `auth.username` | Name for a custom user to create | `""` | +| `auth.password` | Password for the custom user to create. Ignored if `auth.existingSecret` is provided | `""` | +| `auth.database` | Name for a custom database to create | `""` | +| `auth.replicationUsername` | Name of the replication user | `repl_user` | +| `auth.replicationPassword` | Password for the replication user. Ignored if `auth.existingSecret` is provided | `""` | +| `auth.existingSecret` | Name of existing secret to use for PostgreSQL credentials. `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case. | `""` | +| `auth.secretKeys.adminPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `postgres-password` | +| `auth.secretKeys.userPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `password` | +| `auth.secretKeys.replicationPasswordKey` | Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. | `replication-password` | +| `auth.usePasswordFiles` | Mount credentials as a files instead of using an environment variable | `false` | +| `architecture` | PostgreSQL architecture (`standalone` or `replication`) | `standalone` | +| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | +| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `readReplicas.replicaCount`. | `0` | +| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | +| `containerPorts.postgresql` | PostgreSQL container port | `5432` | +| `audit.logHostname` | Log client hostnames | `false` | +| `audit.logConnections` | Add client log-in operations to the log file | `false` | +| `audit.logDisconnections` | Add client log-outs operations to the log file | `false` | +| `audit.pgAuditLog` | Add operations to log using the pgAudit extension | `""` | +| `audit.pgAuditLogCatalog` | Log catalog using pgAudit | `off` | +| `audit.clientMinMessages` | Message log level to share with the user | `error` | +| `audit.logLinePrefix` | Template for log line prefix (default if not set) | `""` | +| `audit.logTimezone` | Timezone for the log timestamps | `""` | +| `ldap.enabled` | Enable LDAP support | `false` | +| `ldap.server` | IP address or name of the LDAP server. | `""` | +| `ldap.port` | Port number on the LDAP server to connect to | `""` | +| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `""` | +| `ldap.suffix` | String to append to the user name when forming the DN to bind | `""` | +| `ldap.basedn` | Root DN to begin the search for the user in | `""` | +| `ldap.binddn` | DN of user to bind to LDAP | `""` | +| `ldap.bindpw` | Password for the user to bind to LDAP | `""` | +| `ldap.searchAttribute` | Attribute to match against the user name in the search | `""` | +| `ldap.searchFilter` | The search filter to use when doing search+bind authentication | `""` | +| `ldap.scheme` | Set to `ldaps` to use LDAPS | `""` | +| `ldap.tls.enabled` | Se to true to enable TLS encryption | `false` | +| `ldap.uri` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn`. If provided, all the other LDAP parameters will be ignored. | `""` | +| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql/data` | +| `postgresqlSharedPreloadLibraries` | Shared preload libraries (comma-separated list) | `pgaudit` | +| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for PostgreSQL pod(s) | `true` | +| `shmVolume.sizeLimit` | Set this to enable a size limit on the shm tmpfs | `""` | +| `tls.enabled` | Enable TLS traffic support | `false` | +| `tls.autoGenerated` | Generate automatically self-signed TLS certificates | `false` | +| `tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` | +| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `""` | +| `tls.certFilename` | Certificate filename | `""` | +| `tls.certKeyFilename` | Certificate key filename | `""` | +| `tls.certCAFilename` | CA Certificate filename | `""` | +| `tls.crlFilename` | File containing a Certificate Revocation List | `""` | + +### PostgreSQL Primary parameters + +| Name | Description | Value | +| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------- | +| `primary.name` | Name of the primary database (eg primary, master, leader, ...) | `primary` | +| `primary.configuration` | PostgreSQL Primary main configuration to be injected as ConfigMap | `""` | +| `primary.pgHbaConfiguration` | PostgreSQL Primary client authentication configuration | `""` | +| `primary.existingConfigmap` | Name of an existing ConfigMap with PostgreSQL Primary configuration | `""` | +| `primary.extendedConfiguration` | Extended PostgreSQL Primary configuration (appended to main or default configuration) | `""` | +| `primary.existingExtendedConfigmap` | Name of an existing ConfigMap with PostgreSQL Primary extended configuration | `""` | +| `primary.initdb.args` | PostgreSQL initdb extra arguments | `""` | +| `primary.initdb.postgresqlWalDir` | Specify a custom location for the PostgreSQL transaction log | `""` | +| `primary.initdb.scripts` | Dictionary of initdb scripts | `{}` | +| `primary.initdb.scriptsConfigMap` | ConfigMap with scripts to be run at first boot | `""` | +| `primary.initdb.scriptsSecret` | Secret with scripts to be run at first boot (in case it contains sensitive information) | `""` | +| `primary.initdb.user` | Specify the PostgreSQL username to execute the initdb scripts | `""` | +| `primary.initdb.password` | Specify the PostgreSQL password to execute the initdb scripts | `""` | +| `primary.standby.enabled` | Whether to enable current cluster's primary as standby server of another cluster or not | `false` | +| `primary.standby.primaryHost` | The Host of replication primary in the other cluster | `""` | +| `primary.standby.primaryPort` | The Port of replication primary in the other cluster | `""` | +| `primary.extraEnvVars` | Array with extra environment variables to add to PostgreSQL Primary nodes | `[]` | +| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for PostgreSQL Primary nodes | `""` | +| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for PostgreSQL Primary nodes | `""` | +| `primary.command` | Override default container command (useful when using custom images) | `[]` | +| `primary.args` | Override default container args (useful when using custom images) | `[]` | +| `primary.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL Primary containers | `true` | +| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `primary.readinessProbe.enabled` | Enable readinessProbe on PostgreSQL Primary containers | `true` | +| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `primary.startupProbe.enabled` | Enable startupProbe on PostgreSQL Primary containers | `false` | +| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `primary.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `primary.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `primary.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `primary.lifecycleHooks` | for the PostgreSQL Primary container to automate configuration before or after startup | `{}` | +| `primary.resources.limits` | The resources limits for the PostgreSQL Primary containers | `{}` | +| `primary.resources.requests.memory` | The requested memory for the PostgreSQL Primary containers | `256Mi` | +| `primary.resources.requests.cpu` | The requested cpu for the PostgreSQL Primary containers | `250m` | +| `primary.podSecurityContext.enabled` | Enable security context | `true` | +| `primary.podSecurityContext.fsGroup` | Group ID for the pod | `1001` | +| `primary.containerSecurityContext.enabled` | Enable container security context | `true` | +| `primary.containerSecurityContext.runAsUser` | User ID for the container | `1001` | +| `primary.hostAliases` | PostgreSQL primary pods host aliases | `[]` | +| `primary.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (postgresql primary) | `false` | +| `primary.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` | +| `primary.labels` | Map of labels to add to the statefulset (postgresql primary) | `{}` | +| `primary.annotations` | Annotations for PostgreSQL primary pods | `{}` | +| `primary.podLabels` | Map of labels to add to the pods (postgresql primary) | `{}` | +| `primary.podAnnotations` | Map of annotations to add to the pods (postgresql primary) | `{}` | +| `primary.podAffinityPreset` | PostgreSQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.podAntiAffinityPreset` | PostgreSQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `primary.nodeAffinityPreset.type` | PostgreSQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.nodeAffinityPreset.key` | PostgreSQL primary node label key to match Ignored if `primary.affinity` is set. | `""` | +| `primary.nodeAffinityPreset.values` | PostgreSQL primary node label values to match. Ignored if `primary.affinity` is set. | `[]` | +| `primary.affinity` | Affinity for PostgreSQL primary pods assignment | `{}` | +| `primary.nodeSelector` | Node labels for PostgreSQL primary pods assignment | `{}` | +| `primary.tolerations` | Tolerations for PostgreSQL primary pods assignment | `[]` | +| `primary.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `primary.priorityClassName` | Priority Class to use for each pod (postgresql primary) | `""` | +| `primary.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `primary.terminationGracePeriodSeconds` | Seconds PostgreSQL primary pod needs to terminate gracefully | `""` | +| `primary.updateStrategy.type` | PostgreSQL Primary statefulset strategy type | `RollingUpdate` | +| `primary.updateStrategy.rollingUpdate` | PostgreSQL Primary statefulset rolling update configuration parameters | `{}` | +| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the PostgreSQL Primary container(s) | `[]` | +| `primary.extraVolumes` | Optionally specify extra list of additional volumes for the PostgreSQL Primary pod(s) | `[]` | +| `primary.sidecars` | Add additional sidecar containers to the PostgreSQL Primary pod(s) | `[]` | +| `primary.initContainers` | Add additional init containers to the PostgreSQL Primary pod(s) | `[]` | +| `primary.extraPodSpec` | Optionally specify extra PodSpec for the PostgreSQL Primary pod(s) | `{}` | +| `primary.service.type` | Kubernetes Service type | `ClusterIP` | +| `primary.service.ports.postgresql` | PostgreSQL service port | `5432` | +| `primary.service.nodePorts.postgresql` | Node port for PostgreSQL | `""` | +| `primary.service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `primary.service.annotations` | Annotations for PostgreSQL primary service | `{}` | +| `primary.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | +| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `primary.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | +| `primary.service.extraPorts` | Extra ports to expose in the PostgreSQL primary service | `[]` | +| `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `primary.service.headless.annotations` | Additional custom annotations for headless PostgreSQL primary service | `{}` | +| `primary.persistence.enabled` | Enable PostgreSQL Primary data persistence using PVC | `true` | +| `primary.persistence.existingClaim` | Name of an existing PVC to use | `""` | +| `primary.persistence.mountPath` | The path the volume will be mounted at | `/bitnami/postgresql` | +| `primary.persistence.subPath` | The subdirectory of the volume to mount to | `""` | +| `primary.persistence.storageClass` | PVC Storage Class for PostgreSQL Primary data volume | `""` | +| `primary.persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `["ReadWriteOnce"]` | +| `primary.persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | +| `primary.persistence.annotations` | Annotations for the PVC | `{}` | +| `primary.persistence.labels` | Labels for the PVC | `{}` | +| `primary.persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` | +| `primary.persistence.dataSource` | Custom PVC data source | `{}` | + +### PostgreSQL read only replica parameters (only used when `architecture` is set to `replication`) + +| Name | Description | Value | +| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------- | +| `readReplicas.name` | Name of the read replicas database (eg secondary, slave, ...) | `read` | +| `readReplicas.replicaCount` | Number of PostgreSQL read only replicas | `1` | +| `readReplicas.extendedConfiguration` | Extended PostgreSQL read only replicas configuration (appended to main or default configuration) | `""` | +| `readReplicas.extraEnvVars` | Array with extra environment variables to add to PostgreSQL read only nodes | `[]` | +| `readReplicas.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for PostgreSQL read only nodes | `""` | +| `readReplicas.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for PostgreSQL read only nodes | `""` | +| `readReplicas.command` | Override default container command (useful when using custom images) | `[]` | +| `readReplicas.args` | Override default container args (useful when using custom images) | `[]` | +| `readReplicas.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL read only containers | `true` | +| `readReplicas.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `readReplicas.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `readReplicas.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `readReplicas.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `readReplicas.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readReplicas.readinessProbe.enabled` | Enable readinessProbe on PostgreSQL read only containers | `true` | +| `readReplicas.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `readReplicas.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readReplicas.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readReplicas.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `readReplicas.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `readReplicas.startupProbe.enabled` | Enable startupProbe on PostgreSQL read only containers | `false` | +| `readReplicas.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `readReplicas.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `readReplicas.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `readReplicas.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `readReplicas.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `readReplicas.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `readReplicas.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `readReplicas.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `readReplicas.lifecycleHooks` | for the PostgreSQL read only container to automate configuration before or after startup | `{}` | +| `readReplicas.resources.limits` | The resources limits for the PostgreSQL read only containers | `{}` | +| `readReplicas.resources.requests.memory` | The requested memory for the PostgreSQL read only containers | `256Mi` | +| `readReplicas.resources.requests.cpu` | The requested cpu for the PostgreSQL read only containers | `250m` | +| `readReplicas.podSecurityContext.enabled` | Enable security context | `true` | +| `readReplicas.podSecurityContext.fsGroup` | Group ID for the pod | `1001` | +| `readReplicas.containerSecurityContext.enabled` | Enable container security context | `true` | +| `readReplicas.containerSecurityContext.runAsUser` | User ID for the container | `1001` | +| `readReplicas.hostAliases` | PostgreSQL read only pods host aliases | `[]` | +| `readReplicas.hostNetwork` | Specify if host network should be enabled for PostgreSQL pod (PostgreSQL read only) | `false` | +| `readReplicas.hostIPC` | Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) | `false` | +| `readReplicas.labels` | Map of labels to add to the statefulset (PostgreSQL read only) | `{}` | +| `readReplicas.annotations` | Annotations for PostgreSQL read only pods | `{}` | +| `readReplicas.podLabels` | Map of labels to add to the pods (PostgreSQL read only) | `{}` | +| `readReplicas.podAnnotations` | Map of annotations to add to the pods (PostgreSQL read only) | `{}` | +| `readReplicas.podAffinityPreset` | PostgreSQL read only pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `readReplicas.podAntiAffinityPreset` | PostgreSQL read only pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `readReplicas.nodeAffinityPreset.type` | PostgreSQL read only node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `readReplicas.nodeAffinityPreset.key` | PostgreSQL read only node label key to match Ignored if `primary.affinity` is set. | `""` | +| `readReplicas.nodeAffinityPreset.values` | PostgreSQL read only node label values to match. Ignored if `primary.affinity` is set. | `[]` | +| `readReplicas.affinity` | Affinity for PostgreSQL read only pods assignment | `{}` | +| `readReplicas.nodeSelector` | Node labels for PostgreSQL read only pods assignment | `{}` | +| `readReplicas.tolerations` | Tolerations for PostgreSQL read only pods assignment | `[]` | +| `readReplicas.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `readReplicas.priorityClassName` | Priority Class to use for each pod (PostgreSQL read only) | `""` | +| `readReplicas.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `readReplicas.terminationGracePeriodSeconds` | Seconds PostgreSQL read only pod needs to terminate gracefully | `""` | +| `readReplicas.updateStrategy.type` | PostgreSQL read only statefulset strategy type | `RollingUpdate` | +| `readReplicas.updateStrategy.rollingUpdate` | PostgreSQL read only statefulset rolling update configuration parameters | `{}` | +| `readReplicas.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the PostgreSQL read only container(s) | `[]` | +| `readReplicas.extraVolumes` | Optionally specify extra list of additional volumes for the PostgreSQL read only pod(s) | `[]` | +| `readReplicas.sidecars` | Add additional sidecar containers to the PostgreSQL read only pod(s) | `[]` | +| `readReplicas.initContainers` | Add additional init containers to the PostgreSQL read only pod(s) | `[]` | +| `readReplicas.extraPodSpec` | Optionally specify extra PodSpec for the PostgreSQL read only pod(s) | `{}` | +| `readReplicas.service.type` | Kubernetes Service type | `ClusterIP` | +| `readReplicas.service.ports.postgresql` | PostgreSQL service port | `5432` | +| `readReplicas.service.nodePorts.postgresql` | Node port for PostgreSQL | `""` | +| `readReplicas.service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `readReplicas.service.annotations` | Annotations for PostgreSQL read only service | `{}` | +| `readReplicas.service.loadBalancerIP` | Load balancer IP if service type is `LoadBalancer` | `""` | +| `readReplicas.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `readReplicas.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | +| `readReplicas.service.extraPorts` | Extra ports to expose in the PostgreSQL read only service | `[]` | +| `readReplicas.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `readReplicas.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `readReplicas.service.headless.annotations` | Additional custom annotations for headless PostgreSQL read only service | `{}` | +| `readReplicas.persistence.enabled` | Enable PostgreSQL read only data persistence using PVC | `true` | +| `readReplicas.persistence.existingClaim` | Name of an existing PVC to use | `""` | +| `readReplicas.persistence.mountPath` | The path the volume will be mounted at | `/bitnami/postgresql` | +| `readReplicas.persistence.subPath` | The subdirectory of the volume to mount to | `""` | +| `readReplicas.persistence.storageClass` | PVC Storage Class for PostgreSQL read only data volume | `""` | +| `readReplicas.persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `["ReadWriteOnce"]` | +| `readReplicas.persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | +| `readReplicas.persistence.annotations` | Annotations for the PVC | `{}` | +| `readReplicas.persistence.labels` | Labels for the PVC | `{}` | +| `readReplicas.persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` | +| `readReplicas.persistence.dataSource` | Custom PVC data source | `{}` | + +### NetworkPolicy parameters + +| Name | Description | Value | +| ------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `networkPolicy.enabled` | Enable network policies | `false` | +| `networkPolicy.metrics.enabled` | Enable network policies for metrics (prometheus) | `false` | +| `networkPolicy.metrics.namespaceSelector` | Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace. | `{}` | +| `networkPolicy.metrics.podSelector` | Monitoring pod selector labels. These labels will be used to identify the Prometheus pods. | `{}` | +| `networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled` | Enable ingress rule that makes PostgreSQL primary node only accessible from a particular origin. | `false` | +| `networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector` | Namespace selector label that is allowed to access the PostgreSQL primary node. This label will be used to identified the allowed namespace(s). | `{}` | +| `networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector` | Pods selector label that is allowed to access the PostgreSQL primary node. This label will be used to identified the allowed pod(s). | `{}` | +| `networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules` | Custom network policy for the PostgreSQL primary node. | `{}` | +| `networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled` | Enable ingress rule that makes PostgreSQL read-only nodes only accessible from a particular origin. | `false` | +| `networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector` | Namespace selector label that is allowed to access the PostgreSQL read-only nodes. This label will be used to identified the allowed namespace(s). | `{}` | +| `networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector` | Pods selector label that is allowed to access the PostgreSQL read-only nodes. This label will be used to identified the allowed pod(s). | `{}` | +| `networkPolicy.ingressRules.readReplicasAccessOnlyFrom.customRules` | Custom network policy for the PostgreSQL read-only nodes. | `{}` | +| `networkPolicy.egressRules.denyConnectionsToExternal` | Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). | `false` | +| `networkPolicy.egressRules.customRules` | Custom network policy rule | `{}` | + +### Volume Permissions parameters + +| Name | Description | Value | +| ------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r106` | +| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | +| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | +| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | +| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | + +### Other Parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` | +| `serviceAccount.create` | Enable creation of ServiceAccount for PostgreSQL pod | `false` | +| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `true` | +| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | +| `rbac.create` | Create Role and RoleBinding (required for PSP to work) | `false` | +| `rbac.rules` | Custom RBAC rules to set | `[]` | +| `psp.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | + +### Metrics Parameters + +| Name | Description | Value | +| ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------------------- | +| `metrics.enabled` | Start a prometheus exporter | `false` | +| `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` | +| `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` | +| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.12.0-debian-11-r77` | +| `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify image pull secrets | `[]` | +| `metrics.customMetrics` | Define additional custom metrics | `{}` | +| `metrics.extraEnvVars` | Extra environment variables to add to PostgreSQL Prometheus exporter | `[]` | +| `metrics.containerSecurityContext.enabled` | Enable PostgreSQL Prometheus exporter containers' Security Context | `true` | +| `metrics.containerSecurityContext.runAsUser` | Set PostgreSQL Prometheus exporter containers' Security Context runAsUser | `1001` | +| `metrics.containerSecurityContext.runAsNonRoot` | Set PostgreSQL Prometheus exporter containers' Security Context runAsNonRoot | `true` | +| `metrics.livenessProbe.enabled` | Enable livenessProbe on PostgreSQL Prometheus exporter containers | `true` | +| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `metrics.readinessProbe.enabled` | Enable readinessProbe on PostgreSQL Prometheus exporter containers | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `metrics.startupProbe.enabled` | Enable startupProbe on PostgreSQL Prometheus exporter containers | `false` | +| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `metrics.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `metrics.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `metrics.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `metrics.containerPorts.metrics` | PostgreSQL Prometheus exporter metrics container port | `9187` | +| `metrics.resources.limits` | The resources limits for the PostgreSQL Prometheus exporter container | `{}` | +| `metrics.resources.requests` | The requested resources for the PostgreSQL Prometheus exporter container | `{}` | +| `metrics.service.ports.metrics` | PostgreSQL Prometheus Exporter service port | `9187` | +| `metrics.service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `metrics.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `metrics.service.annotations` | Annotations for Prometheus to auto-discover the metrics endpoint | `{}` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` | +| `metrics.serviceMonitor.namespace` | Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) | `""` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.labels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | +| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | +| `metrics.prometheusRule.enabled` | Create a PrometheusRule for Prometheus Operator | `false` | +| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` | +| `metrics.prometheusRule.labels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.rules` | PrometheusRule definitions | `[]` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install my-release \ + --set auth.postgresPassword=secretpassword + my-repo/postgresql +``` + +The above command sets the PostgreSQL `postgres` account password to `secretpassword`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. +> **Warning** Setting a password will be ignored on new installation in case when previous Posgresql release was deleted through the helm command. In that case, old PVC will have an old password, and setting it through helm won't take effect. Deleting persistent volumes (PVs) will solve the issue. Refer to [issue 2061](https://github.com/bitnami/charts/issues/2061) for more details + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +helm install my-release -f values.yaml my-repo/postgresql +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Customizing primary and read replica services in a replicated configuration + +At the top level, there is a service object which defines the services for both primary and readReplicas. For deeper customization, there are service objects for both the primary and read types individually. This allows you to override the values in the top level service object so that the primary and read can be of different service types and with different clusterIPs / nodePorts. Also in the case you want the primary and read to be of type nodePort, you will need to set the nodePorts to different values to prevent a collision. The values that are deeper in the primary.service or readReplicas.service objects will take precedence over the top level service object. + +### Use a different PostgreSQL version + +To modify the application version used in this chart, specify a different version of the image using the `image.tag` parameter and/or a different repository using the `image.repository` parameter. Refer to the [chart documentation for more information on these parameters and how to use them with images from a private registry](https://docs.bitnami.com/kubernetes/infrastructure/postgresql/configuration/change-image-version/). + +### postgresql.conf / pg_hba.conf files as configMap + +This helm chart also supports to customize the PostgreSQL configuration file. You can add additional PostgreSQL configuration parameters using the `primary.extendedConfiguration`/`readReplicas.extendedConfiguration` parameters as a string. Alternatively, to replace the entire default configuration use `primary.configuration`. + +You can also add a custom pg_hba.conf using the `primary.pgHbaConfiguration` parameter. + +In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `primary.existingConfigmap` parameter. Note that this will override the two previous options. + +### Initialize a fresh instance + +The [Bitnami PostgreSQL](https://github.com/bitnami/containers/tree/main/bitnami/postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, you can specify custom scripts using the `primary.initdb.scripts` parameter as a string. + +In addition, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `primary.initdb.scriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `primary.initdb.scriptsSecret` parameter. + +The allowed extensions are `.sh`, `.sql` and `.sql.gz`. + +### Securing traffic using TLS + +TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart: + +- `tls.enabled`: Enable TLS support. Defaults to `false` +- `tls.certificatesSecret`: Name of an existing secret that contains the certificates. No defaults. +- `tls.certFilename`: Certificate filename. No defaults. +- `tls.certKeyFilename`: Certificate key filename. No defaults. + +For example: + +- First, create the secret with the cetificates files: + + ```console + kubectl create secret generic certificates-tls-secret --from-file=./cert.crt --from-file=./cert.key --from-file=./ca.crt + ``` + +- Then, use the following parameters: + + ```console + volumePermissions.enabled=true + tls.enabled=true + tls.certificatesSecret="certificates-tls-secret" + tls.certFilename="cert.crt" + tls.certKeyFilename="cert.key" + ``` + + > Note TLS and VolumePermissions: PostgreSQL requires certain permissions on sensitive files (such as certificate keys) to start up. Due to an on-going [issue](https://github.com/kubernetes/kubernetes/issues/57923) regarding kubernetes permissions and the use of `containerSecurityContext.runAsUser`, you must enable `volumePermissions` to ensure everything works as expected. + +### Sidecars + +If you need additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. + +```yaml +# For the PostgreSQL primary +primary: + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +# For the PostgreSQL replicas +readReplicas: + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +### Metrics + +The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). + +The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details. + +### Use of global variables + +In more complex scenarios, we may have the following tree of dependencies + +```text + +--------------+ + | | + +------------+ Chart 1 +-----------+ + | | | | + | --------+------+ | + | | | + | | | + | | | + | | | + v v v ++-------+------+ +--------+------+ +--------+------+ +| | | | | | +| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 | +| | | | | | ++--------------+ +---------------+ +---------------+ +``` + +The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters: + +```text +postgresql.auth.username=testuser +subchart1.postgresql.auth.username=testuser +subchart2.postgresql.auth.username=testuser +postgresql.auth.password=testpass +subchart1.postgresql.auth.password=testpass +subchart2.postgresql.auth.password=testpass +postgresql.auth.database=testdb +subchart1.postgresql.auth.database=testdb +subchart2.postgresql.auth.database=testdb +``` + +If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows: + +```text +global.postgresql.auth.username=testuser +global.postgresql.auth.password=testpass +global.postgresql.auth.database=testdb +``` + +This way, the credentials will be available in all of the subcharts. + +## Persistence + +The [Bitnami PostgreSQL](https://github.com/bitnami/containers/tree/main/bitnami/postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. + +Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. +See the [Parameters](#parameters) section to configure the PVC or to disable persistence. + +If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to the [code present in the container repository](https://github.com/bitnami/containers/tree/main/bitnami/postgresql). If you need to use those data, please covert them to sql and import after `helm install` finished. + +## NetworkPolicy + +To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. + +For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: + +```console +kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" +``` + +With NetworkPolicy enabled, traffic will be limited to just port 5432. + +For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. +This label will be displayed in the output of a successful install. + +## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image + +- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. +- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. +- For OpenShift up to 4.10, let set the volume permissions, security context, runAsUser and fsGroup automatically by OpenShift and disable the predefined settings of the helm chart: primary.securityContext.enabled=false,primary.containerSecurityContext.enabled=false,volumePermissions.enabled=false,shmVolume.enabled=false +- For OpenShift 4.11 and higher, let set OpenShift the runAsUser and fsGroup automatically. Configure the pod and container security context to restrictive defaults and disable the volume permissions setup: primary. + podSecurityContext.fsGroup=null,primary.podSecurityContext.seccompProfile.type=RuntimeDefault,primary.containerSecurityContext.runAsUser=null,primary.containerSecurityContext.allowPrivilegeEscalation=false,primary.containerSecurityContext.runAsNonRoot=true,primary.containerSecurityContext.seccompProfile.type=RuntimeDefault,primary.containerSecurityContext.capabilities.drop=['ALL'],volumePermissions.enabled=false,shmVolume.enabled=false + +### Setting Pod's affinity + +This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +### To 12.0.0 + +This major version changes the default PostgreSQL image from 14.x to 15.x. Follow the [official instructions](https://www.postgresql.org/docs/15/upgrading.html) to upgrade to 15.x. + +### To any previous version + +Refer to the [chart documentation for more information about how to upgrade from previous releases](https://docs.bitnami.com/kubernetes/infrastructure/postgresql/administration/upgrade/). + +## License + +Copyright © 2023 Bitnami + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/.helmignore b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/Chart.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/Chart.yaml new file mode 100644 index 0000000..8583e62 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + category: Infrastructure + licenses: Apache-2.0 +apiVersion: v2 +appVersion: 2.2.4 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://github.com/bitnami/charts/tree/main/bitnami/common +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- name: Bitnami + url: https://github.com/bitnami/charts +name: common +sources: +- https://github.com/bitnami/charts +- https://www.bitnami.com/ +type: library +version: 2.2.4 diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/README.md b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/README.md new file mode 100644 index 0000000..825639f --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/README.md @@ -0,0 +1,233 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 1.x.x + repository: https://charts.bitnami.com/bitnami +``` + +```console +helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ + +## Parameters + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets (evaluated as templates). + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +#### What changes were introduced in this major version? + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +#### Considerations when upgrading to this version + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +#### Useful links + +- +- +- + +## License + +Copyright © 2023 Bitnami + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_affinities.tpl b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_affinities.tpl new file mode 100644 index 0000000..81902a6 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_affinities.tpl @@ -0,0 +1,106 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . | quote }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a topologyKey definition +{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}} +*/}} +{{- define "common.affinities.topologyKey" -}} +{{ .topologyKey | default "kubernetes.io/hostname" -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} + weight: 1 +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +{{- $extraMatchLabels := default (dict) .extraMatchLabels -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + {{- range $key, $value := $extraMatchLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }} +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_capabilities.tpl b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_capabilities.tpl new file mode 100644 index 0000000..9d9b760 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_capabilities.tpl @@ -0,0 +1,154 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for poddisruptionbudget. +*/}} +{{- define "common.capabilities.policy.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "common.capabilities.networkPolicy.apiVersion" -}} +{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for cronjob. +*/}} +{{- define "common.capabilities.cronjob.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for APIService. +*/}} +{{- define "common.capabilities.apiService.apiVersion" -}} +{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiregistration.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiregistration.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for Horizontal Pod Autoscaler. +*/}} +{{- define "common.capabilities.hpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_errors.tpl b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_errors.tpl new file mode 100644 index 0000000..a79cc2e --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_errors.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_images.tpl b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_images.tpl new file mode 100644 index 0000000..2e7b151 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_images.tpl @@ -0,0 +1,80 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $separator := ":" -}} +{{- $termination := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if .imageRoot.digest }} + {{- $separator = "@" -}} + {{- $termination = .imageRoot.digest | toString -}} +{{- end -}} +{{- if $registryName }} + {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}} +{{- else -}} + {{- printf "%s%s%s" $repositoryName $separator $termination -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead) +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names evaluating values as templates +{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }} +*/}} +{{- define "common.images.renderPullSecrets" -}} + {{- $pullSecrets := list }} + {{- $context := .context }} + + {{- if $context.Values.global }} + {{- range $context.Values.global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_ingress.tpl b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_ingress.tpl new file mode 100644 index 0000000..831da9c --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_ingress.tpl @@ -0,0 +1,68 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }} + number: {{ .servicePort | int }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the ingressClassname field is supported +Usage: +{{ include "common.ingress.supportsIngressClassname" . }} +*/}} +{{- define "common.ingress.supportsIngressClassname" -}} +{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if cert-manager required annotations for TLS signed +certificates are set in the Ingress annotations +Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations +Usage: +{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }} +*/}} +{{- define "common.ingress.certManagerRequest" -}} +{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_labels.tpl b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_labels.tpl new file mode 100644 index 0000000..252066c --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_labels.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Kubernetes standard labels +*/}} +{{- define "common.labels.standard" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "common.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_names.tpl b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_names.tpl new file mode 100644 index 0000000..617a234 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_names.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified dependency name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +Usage: +{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }} +*/}} +{{- define "common.names.dependency.fullname" -}} +{{- if .chartValues.fullnameOverride -}} +{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .chartName .chartValues.nameOverride -}} +{{- if contains $name .context.Release.Name -}} +{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts. +*/}} +{{- define "common.names.namespace" -}} +{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a fully qualified app name adding the installation's namespace. +*/}} +{{- define "common.names.fullname.namespace" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_secrets.tpl b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_secrets.tpl new file mode 100644 index 0000000..a1708b2 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_secrets.tpl @@ -0,0 +1,165 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. + +The order in which this function returns a secret password: + 1. Already existing 'Secret' resource + (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned) + 2. Password provided via the values.yaml + (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned) + 3. Randomly generated secret password + (A new random secret password with the length specified in the 'length' parameter will be generated and returned) + +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }} +{{- if $secretData }} + {{- if hasKey $secretData .key }} + {{- $password = index $secretData .key | quote }} + {{- else }} + {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString | b64enc | quote }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} + {{- else }} + {{- $password = randAlphaNum $passwordLength | b64enc | quote }} + {{- end }} +{{- end -}} +{{- printf "%s" $password -}} +{{- end -}} + +{{/* +Reuses the value from an existing secret, otherwise sets its value to a default value. + +Usage: +{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - context - Context - Required - Parent context. + +*/}} +{{- define "common.secrets.lookup" -}} +{{- $value := "" -}} +{{- $defaultValue := required "\n'common.secrets.lookup': Argument 'defaultValue' missing or empty" .defaultValue -}} +{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}} +{{- if and $secretData (hasKey $secretData .key) -}} + {{- $value = index $secretData .key -}} +{{- else -}} + {{- $value = $defaultValue | toString | b64enc -}} +{{- end -}} +{{- printf "%s" $value -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_storage.tpl b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_storage.tpl new file mode 100644 index 0000000..60e2a84 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_storage.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_tplvalues.tpl b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_tplvalues.tpl new file mode 100644 index 0000000..2db1668 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,13 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_utils.tpl b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_utils.tpl new file mode 100644 index 0000000..b1ead50 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_utils.tpl @@ -0,0 +1,62 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_warnings.tpl b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_warnings.tpl new file mode 100644 index 0000000..ae10fa4 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/_warnings.tpl @@ -0,0 +1,14 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_cassandra.tpl b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 0000000..ded1ae3 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,72 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_mariadb.tpl b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 0000000..b6906ff --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,103 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_mongodb.tpl b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 0000000..f820ec1 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,108 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB® required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_mysql.tpl b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_mysql.tpl new file mode 100644 index 0000000..74472a0 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_mysql.tpl @@ -0,0 +1,103 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MySQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mysql.passwords" -}} + {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mysql.values.enabled" . -}} + {{- $architecture := include "common.mysql.values.architecture" . -}} + {{- $authPrefix := include "common.mysql.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mysql. + +Usage: +{{ include "common.mysql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mysql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mysql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mysql.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false +*/}} +{{- define "common.mysql.values.key.auth" -}} + {{- if .subchart -}} + mysql.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_postgresql.tpl b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 0000000..164ec0d --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,129 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_redis.tpl b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_redis.tpl new file mode 100644 index 0000000..dcccfc1 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,76 @@ + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis® required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $standarizedVersion := include "common.redis.values.standarized.version" . }} + + {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }} + {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }} + + {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }} + {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }} + + {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}} + {{- if eq $useAuth "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} + +{{/* +Checks whether the redis chart's includes the standarizations (version >= 14) + +Usage: +{{ include "common.redis.values.standarized.version" (dict "context" $) }} +*/}} +{{- define "common.redis.values.standarized.version" -}} + + {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}} + {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }} + + {{- if $standarizedAuthValues -}} + {{- true -}} + {{- end -}} +{{- end -}} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_validations.tpl b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_validations.tpl new file mode 100644 index 0000000..9a814cf --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,46 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/values.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/values.yaml new file mode 100644 index 0000000..f2df68e --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/charts/common/values.yaml @@ -0,0 +1,5 @@ +## bitnami/common +## It is required by CI/CD tools and processes. +## @skip exampleValue +## +exampleValue: common-chart diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/NOTES.txt b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/NOTES.txt new file mode 100644 index 0000000..21b3d29 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/NOTES.txt @@ -0,0 +1,91 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ .Release.Namespace }} -ti -- /opt/bitnami/scripts/postgresql/entrypoint.sh /bin/bash + +In order to replicate the container startup scripts execute this command: + + /opt/bitnami/scripts/postgresql/entrypoint.sh /opt/bitnami/scripts/postgresql/run.sh + +{{- else }} + +PostgreSQL can be accessed via port {{ include "postgresql.service.port" . }} on the following DNS names from within your cluster: + + {{ include "postgresql.primary.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection + +{{- if eq .Values.architecture "replication" }} + + {{ include "postgresql.readReplica.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read only connection + +{{- end }} + +{{- $customUser := include "postgresql.username" . }} +{{- if and (not (empty $customUser)) (ne $customUser "postgres") .Values.auth.enablePostgresUser }} + +To get the password for "postgres" run: + + export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.{{include "postgresql.adminPasswordKey" .}}}" | base64 -d) + +To get the password for "{{ $customUser }}" run: + + export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.{{include "postgresql.userPasswordKey" .}}}" | base64 -d) + +{{- else }} + +To get the password for "{{ default "postgres" $customUser }}" run: + + export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ include "postgresql.secretName" . }} -o jsonpath="{.data.{{ ternary "password" (include "postgresql.adminPasswordKey" .) (and (not (empty $customUser)) (ne $customUser "postgres")) }}}" | base64 -d) + +{{- end }} + +To connect to your database run the following command: + + kubectl run {{ include "common.names.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ include "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" \ + --command -- psql --host {{ include "postgresql.primary.fullname" . }} -U {{ default "postgres" $customUser }} -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }} -p {{ include "postgresql.service.port" . }} + + > NOTE: If you access the container using bash, make sure that you execute "/opt/bitnami/scripts/postgresql/entrypoint.sh /bin/bash" in order to avoid the error "psql: local user with ID {{ .Values.primary.containerSecurityContext.runAsUser }}} does not exist" + +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.primary.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "postgresql.primary.fullname" . }}) + PGPASSWORD="$POSTGRES_PASSWORD" psql --host $NODE_IP --port $NODE_PORT -U {{ default "postgres" $customUser }} -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }} + +{{- else if contains "LoadBalancer" .Values.primary.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ include "postgresql.primary.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "postgresql.primary.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + PGPASSWORD="$POSTGRES_PASSWORD" psql --host $SERVICE_IP --port {{ include "postgresql.service.port" . }} -U {{ default "postgres" $customUser }} -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }} + +{{- else if contains "ClusterIP" .Values.primary.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ include "postgresql.primary.fullname" . }} {{ include "postgresql.service.port" . }}:{{ include "postgresql.service.port" . }} & + PGPASSWORD="$POSTGRES_PASSWORD" psql --host 127.0.0.1 -U {{ default "postgres" $customUser }} -d {{- if include "postgresql.database" . }} {{ include "postgresql.database" . }}{{- else }} postgres{{- end }} -p {{ include "postgresql.service.port" . }} + +{{- end }} +{{- end }} + +WARNING: The configured password will be ignored on new installation in case when previous Posgresql release was deleted through the helm command. In that case, old PVC will have an old password, and setting it through helm won't take effect. Deleting persistent volumes (PVs) will solve the issue. + +{{- include "postgresql.validateValues" . -}} +{{- include "common.warnings.rollingTag" .Values.image -}} +{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/_helpers.tpl b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/_helpers.tpl new file mode 100644 index 0000000..8189380 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/_helpers.tpl @@ -0,0 +1,399 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Create a default fully qualified app name for PostgreSQL Primary objects +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.primary.fullname" -}} +{{- if eq .Values.architecture "replication" }} + {{- printf "%s-%s" (include "common.names.fullname" .) .Values.primary.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} + {{- include "common.names.fullname" . -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified app name for PostgreSQL read-only replicas objects +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.readReplica.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) .Values.readReplicas.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the default FQDN for PostgreSQL primary headless service +We truncate at 63 chars because of the DNS naming spec. +*/}} +{{- define "postgresql.primary.svc.headless" -}} +{{- printf "%s-hl" (include "postgresql.primary.fullname" .) | trunc 63 | trimSuffix "-" }} +{{- end -}} + +{{/* +Create the default FQDN for PostgreSQL read-only replicas headless service +We truncate at 63 chars because of the DNS naming spec. +*/}} +{{- define "postgresql.readReplica.svc.headless" -}} +{{- printf "%s-hl" (include "postgresql.readReplica.fullname" .) | trunc 63 | trimSuffix "-" }} +{{- end -}} + +{{/* +Return the proper PostgreSQL image name +*/}} +{{- define "postgresql.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper PostgreSQL metrics image name +*/}} +{{- define "postgresql.metrics.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "postgresql.volumePermissions.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "postgresql.imagePullSecrets" -}} +{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }} +{{- end -}} + +{{/* +Return the name for a custom user to create +*/}} +{{- define "postgresql.username" -}} +{{- if .Values.global.postgresql.auth.username }} + {{- .Values.global.postgresql.auth.username -}} +{{- else -}} + {{- .Values.auth.username -}} +{{- end -}} +{{- end -}} + +{{/* +Return the name for a custom database to create +*/}} +{{- define "postgresql.database" -}} +{{- if .Values.global.postgresql.auth.database }} + {{- printf "%s" (tpl .Values.global.postgresql.auth.database $) -}} +{{- else if .Values.auth.database -}} + {{- printf "%s" (tpl .Values.auth.database $) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the password secret. +*/}} +{{- define "postgresql.secretName" -}} +{{- if .Values.global.postgresql.auth.existingSecret }} + {{- printf "%s" (tpl .Values.global.postgresql.auth.existingSecret $) -}} +{{- else if .Values.auth.existingSecret -}} + {{- printf "%s" (tpl .Values.auth.existingSecret $) -}} +{{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the replication-password key. +*/}} +{{- define "postgresql.replicationPasswordKey" -}} +{{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret }} + {{- if .Values.global.postgresql.auth.secretKeys.replicationPasswordKey }} + {{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.replicationPasswordKey $) -}} + {{- else if .Values.auth.secretKeys.replicationPasswordKey -}} + {{- printf "%s" (tpl .Values.auth.secretKeys.replicationPasswordKey $) -}} + {{- else -}} + {{- "replication-password" -}} + {{- end -}} +{{- else -}} + {{- "replication-password" -}} +{{- end -}} +{{- end -}} + +{{/* +Get the admin-password key. +*/}} +{{- define "postgresql.adminPasswordKey" -}} +{{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret }} + {{- if .Values.global.postgresql.auth.secretKeys.adminPasswordKey }} + {{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.adminPasswordKey $) -}} + {{- else if .Values.auth.secretKeys.adminPasswordKey -}} + {{- printf "%s" (tpl .Values.auth.secretKeys.adminPasswordKey $) -}} + {{- end -}} +{{- else -}} + {{- "postgres-password" -}} +{{- end -}} +{{- end -}} + +{{/* +Get the user-password key. +*/}} +{{- define "postgresql.userPasswordKey" -}} +{{- if or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret }} + {{- if or (empty (include "postgresql.username" .)) (eq (include "postgresql.username" .) "postgres") }} + {{- printf "%s" (include "postgresql.adminPasswordKey" .) -}} + {{- else -}} + {{- if .Values.global.postgresql.auth.secretKeys.userPasswordKey }} + {{- printf "%s" (tpl .Values.global.postgresql.auth.secretKeys.userPasswordKey $) -}} + {{- else if .Values.auth.secretKeys.userPasswordKey -}} + {{- printf "%s" (tpl .Values.auth.secretKeys.userPasswordKey $) -}} + {{- end -}} + {{- end -}} +{{- else -}} + {{- ternary "password" "postgres-password" (and (not (empty (include "postgresql.username" .))) (ne (include "postgresql.username" .) "postgres")) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created +*/}} +{{- define "postgresql.createSecret" -}} +{{- if not (or .Values.global.postgresql.auth.existingSecret .Values.auth.existingSecret) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL service port +*/}} +{{- define "postgresql.service.port" -}} +{{- if .Values.global.postgresql.service.ports.postgresql }} + {{- .Values.global.postgresql.service.ports.postgresql -}} +{{- else -}} + {{- .Values.primary.service.ports.postgresql -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL service port +*/}} +{{- define "postgresql.readReplica.service.port" -}} +{{- if .Values.global.postgresql.service.ports.postgresql }} + {{- .Values.global.postgresql.service.ports.postgresql -}} +{{- else -}} + {{- .Values.readReplicas.service.ports.postgresql -}} +{{- end -}} +{{- end -}} + +{{/* +Get the PostgreSQL primary configuration ConfigMap name. +*/}} +{{- define "postgresql.primary.configmapName" -}} +{{- if .Values.primary.existingConfigmap -}} + {{- printf "%s" (tpl .Values.primary.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s-configuration" (include "postgresql.primary.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for PostgreSQL primary with the configuration +*/}} +{{- define "postgresql.primary.createConfigmap" -}} +{{- if and (or .Values.primary.configuration .Values.primary.pgHbaConfiguration) (not .Values.primary.existingConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Get the PostgreSQL primary extended configuration ConfigMap name. +*/}} +{{- define "postgresql.primary.extendedConfigmapName" -}} +{{- if .Values.primary.existingExtendedConfigmap -}} + {{- printf "%s" (tpl .Values.primary.existingExtendedConfigmap $) -}} +{{- else -}} + {{- printf "%s-extended-configuration" (include "postgresql.primary.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the PostgreSQL read replica extended configuration ConfigMap name. +*/}} +{{- define "postgresql.readReplicas.extendedConfigmapName" -}} + {{- printf "%s-extended-configuration" (include "postgresql.readReplica.fullname" .) -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for PostgreSQL primary with the extended configuration +*/}} +{{- define "postgresql.primary.createExtendedConfigmap" -}} +{{- if and .Values.primary.extendedConfiguration (not .Values.primary.existingExtendedConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for PostgreSQL read replica with the extended configuration +*/}} +{{- define "postgresql.readReplicas.createExtendedConfigmap" -}} +{{- if .Values.readReplicas.extendedConfiguration }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* + Create the name of the service account to use + */}} +{{- define "postgresql.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap should be mounted with PostgreSQL configuration +*/}} +{{- define "postgresql.mountConfigurationCM" -}} +{{- if or .Values.primary.configuration .Values.primary.pgHbaConfiguration .Values.primary.existingConfigmap }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "postgresql.initdb.scriptsCM" -}} +{{- if .Values.primary.initdb.scriptsConfigMap -}} + {{- printf "%s" (tpl .Values.primary.initdb.scriptsConfigMap $) -}} +{{- else -}} + {{- printf "%s-init-scripts" (include "postgresql.primary.fullname" .) -}} +{{- end -}} +{{- end -}} + +{/* +Return true if TLS is enabled for LDAP connection +*/}} +{{- define "postgresql.ldap.tls.enabled" -}} +{{- if and (kindIs "string" .Values.ldap.tls) (not (empty .Values.ldap.tls)) }} + {{- true -}} +{{- else if and (kindIs "map" .Values.ldap.tls) .Values.ldap.tls.enabled }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Get the readiness probe command +*/}} +{{- define "postgresql.readinessProbeCommand" -}} +{{- $customUser := include "postgresql.username" . }} +- | +{{- if (include "postgresql.database" .) }} + exec pg_isready -U {{ default "postgres" $customUser | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if .Values.tls.enabled }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} +{{- else }} + exec pg_isready -U {{ default "postgres" $customUser | quote }} {{- if .Values.tls.enabled }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} +{{- end }} +{{- if contains "bitnami/" .Values.image.repository }} + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "postgresql.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}} +{{- $messages := append $messages (include "postgresql.validateValues.psp" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap +*/}} +{{- define "postgresql.validateValues.ldapConfigurationMethod" -}} +{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }} +postgresql: ldap.url, ldap.server + You cannot set both `ldap.url` and `ldap.server` at the same time. + Please provide a unique way to configure LDAP. + More info at https://www.postgresql.org/docs/current/auth-ldap.html +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql - If PSP is enabled RBAC should be enabled too +*/}} +{{- define "postgresql.validateValues.psp" -}} +{{- if and .Values.psp.create (not .Values.rbac.create) }} +postgresql: psp.create, rbac.create + RBAC should be enabled if PSP is enabled in order for PSP to work. + More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies +{{- end -}} +{{- end -}} + +{{/* +Return the path to the cert file. +*/}} +{{- define "postgresql.tlsCert" -}} +{{- if .Values.tls.autoGenerated }} + {{- printf "/opt/bitnami/postgresql/certs/tls.crt" -}} +{{- else -}} + {{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the cert key file. +*/}} +{{- define "postgresql.tlsCertKey" -}} +{{- if .Values.tls.autoGenerated }} + {{- printf "/opt/bitnami/postgresql/certs/tls.key" -}} +{{- else -}} +{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the CA cert file. +*/}} +{{- define "postgresql.tlsCACert" -}} +{{- if .Values.tls.autoGenerated }} + {{- printf "/opt/bitnami/postgresql/certs/ca.crt" -}} +{{- else -}} + {{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.certCAFilename -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the CRL file. +*/}} +{{- define "postgresql.tlsCRL" -}} +{{- if .Values.tls.crlFilename -}} +{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.crlFilename -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a TLS credentials secret object should be created +*/}} +{{- define "postgresql.createTlsSecret" -}} +{{- if and .Values.tls.autoGenerated (not .Values.tls.certificatesSecret) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path to the CA cert file. +*/}} +{{- define "postgresql.tlsSecretName" -}} +{{- if .Values.tls.autoGenerated }} + {{- printf "%s-crt" (include "common.names.fullname" .) -}} +{{- else -}} + {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} +{{- end -}} +{{- end -}} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/extra-list.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/extra-list.yaml new file mode 100644 index 0000000..9ac65f9 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/networkpolicy-egress.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/networkpolicy-egress.yaml new file mode 100644 index 0000000..e862147 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/networkpolicy-egress.yaml @@ -0,0 +1,32 @@ +{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.egressRules.denyConnectionsToExternal .Values.networkPolicy.egressRules.customRules) }} +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ printf "%s-egress" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + policyTypes: + - Egress + egress: + {{- if .Values.networkPolicy.egressRules.denyConnectionsToExternal }} + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP + - to: + - namespaceSelector: {} + {{- end }} + {{- if .Values.networkPolicy.egressRules.customRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.egressRules.customRules "context" $) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/configmap.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/configmap.yaml new file mode 100644 index 0000000..d654a22 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/configmap.yaml @@ -0,0 +1,24 @@ +{{- if (include "postgresql.primary.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-configuration" (include "postgresql.primary.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + {{- if .Values.primary.configuration }} + postgresql.conf: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.configuration "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.primary.pgHbaConfiguration }} + pg_hba.conf: | + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.pgHbaConfiguration "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/extended-configmap.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/extended-configmap.yaml new file mode 100644 index 0000000..d129bd3 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/extended-configmap.yaml @@ -0,0 +1,18 @@ +{{- if (include "postgresql.primary.createExtendedConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-extended-configuration" (include "postgresql.primary.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + override.conf: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.extendedConfiguration "context" $ ) | nindent 4 }} +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/initialization-configmap.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/initialization-configmap.yaml new file mode 100644 index 0000000..d3d26cb --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/initialization-configmap.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.primary.initdb.scripts (not .Values.primary.initdb.scriptsConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-init-scripts" (include "postgresql.primary.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: {{- include "common.tplvalues.render" (dict "value" .Values.primary.initdb.scripts "context" .) | nindent 2 }} +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/metrics-configmap.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/metrics-configmap.yaml new file mode 100644 index 0000000..8ad2f35 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/metrics-configmap.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-metrics" (include "postgresql.primary.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }} +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/metrics-svc.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/metrics-svc.yaml new file mode 100644 index 0000000..a38b52a --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/metrics-svc.yaml @@ -0,0 +1,33 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "postgresql.primary.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.commonAnnotations .Values.metrics.service.annotations }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + sessionAffinity: {{ .Values.metrics.service.sessionAffinity }} + {{- if .Values.metrics.service.clusterIP }} + clusterIP: {{ .Values.metrics.service.clusterIP }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.metrics.service.ports.metrics }} + targetPort: http-metrics + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: primary +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/networkpolicy.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/networkpolicy.yaml new file mode 100644 index 0000000..ce0052d --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/networkpolicy.yaml @@ -0,0 +1,57 @@ +{{- if and .Values.networkPolicy.enabled (or .Values.networkPolicy.metrics.enabled .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled) }} +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ printf "%s-ingress" (include "postgresql.primary.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: primary + ingress: + {{- if and .Values.metrics.enabled .Values.networkPolicy.metrics.enabled (or .Values.networkPolicy.metrics.namespaceSelector .Values.networkPolicy.metrics.podSelector) }} + - from: + {{- if .Values.networkPolicy.metrics.namespaceSelector }} + - namespaceSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.namespaceSelector "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.networkPolicy.metrics.podSelector }} + - podSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.metrics.podSelector "context" $) | nindent 14 }} + {{- end }} + ports: + - port: {{ .Values.metrics.containerPorts.metrics }} + {{- end }} + {{- if and .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled (or .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector) }} + - from: + {{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector }} + - namespaceSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector }} + - podSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector "context" $) | nindent 14 }} + {{- end }} + ports: + - port: {{ .Values.containerPorts.postgresql }} + {{- end }} + {{- if and .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled (eq .Values.architecture "replication") }} + - from: + - podSelector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 14 }} + app.kubernetes.io/component: read + ports: + - port: {{ .Values.containerPorts.postgresql }} + {{- end }} + {{- if .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules "context" $) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/servicemonitor.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/servicemonitor.yaml new file mode 100644 index 0000000..c4a19fe --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/servicemonitor.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "postgresql.primary.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.metrics.serviceMonitor.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + app.kubernetes.io/component: metrics + endpoints: + - port: http-metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/statefulset.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/statefulset.yaml new file mode 100644 index 0000000..0e312ea --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/statefulset.yaml @@ -0,0 +1,640 @@ +{{- $customUser := include "postgresql.username" . }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ include "postgresql.primary.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.primary.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.labels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.commonAnnotations .Values.primary.annotations }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.primary.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + replicas: 1 + serviceName: {{ include "postgresql.primary.svc.headless" . }} + {{- if .Values.primary.updateStrategy }} + updateStrategy: {{- toYaml .Values.primary.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: primary + template: + metadata: + name: {{ include "postgresql.primary.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.primary.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.podLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if or (include "postgresql.primary.createConfigmap" .) (include "postgresql.primary.createExtendedConfigmap" .) .Values.primary.podAnnotations }} + annotations: + {{- if (include "postgresql.primary.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/primary/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if (include "postgresql.primary.createExtendedConfigmap" .) }} + checksum/extended-configuration: {{ include (print $.Template.BasePath "/primary/extended-configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.primary.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- if .Values.primary.extraPodSpec }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraPodSpec "context" $) | nindent 6 }} + {{- end }} + serviceAccountName: {{ include "postgresql.serviceAccountName" . }} + {{- include "postgresql.imagePullSecrets" . | nindent 6 }} + {{- if .Values.primary.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.primary.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.primary.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.primary.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAffinityPreset "component" "primary" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAntiAffinityPreset "component" "primary" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.primary.nodeAffinityPreset.type "key" .Values.primary.nodeAffinityPreset.key "values" .Values.primary.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.primary.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.primary.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.primary.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.primary.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.primary.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.primary.priorityClassName }} + priorityClassName: {{ .Values.primary.priorityClassName }} + {{- end }} + {{- if .Values.primary.schedulerName }} + schedulerName: {{ .Values.primary.schedulerName | quote }} + {{- end }} + {{- if .Values.primary.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.primary.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.primary.podSecurityContext.enabled }} + securityContext: {{- omit .Values.primary.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + hostNetwork: {{ .Values.primary.hostNetwork }} + hostIPC: {{ .Values.primary.hostIPC }} + {{- if or (and .Values.tls.enabled (not .Values.volumePermissions.enabled)) (and .Values.volumePermissions.enabled (or .Values.primary.persistence.enabled .Values.shmVolume.enabled)) .Values.primary.initContainers }} + initContainers: + {{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }} + - name: copy-certs + image: {{ include "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.primary.resources }} + resources: {{- toYaml .Values.primary.resources | nindent 12 }} + {{- end }} + # We don't require a privileged container in this case + {{- if .Values.primary.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.primary.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -ec + - | + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + chmod 600 {{ include "postgresql.tlsCertKey" . }} + volumeMounts: + - name: raw-certificates + mountPath: /tmp/certs + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + {{- else if and .Values.volumePermissions.enabled (or .Values.primary.persistence.enabled .Values.shmVolume.enabled) }} + - name: init-chmod-data + image: {{ include "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -ec + - | + {{- if .Values.primary.persistence.enabled }} + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.primary.persistence.mountPath }} + {{- else }} + chown {{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }} {{ .Values.primary.persistence.mountPath }} + {{- end }} + mkdir -p {{ .Values.primary.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.primary.persistence.mountPath }}/conf {{- end }} + chmod 700 {{ .Values.primary.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.primary.persistence.mountPath }}/conf {{- end }} + find {{ .Values.primary.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + xargs -r chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs -r chown -R {{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }} + {{- end }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + chmod -R 777 /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ + {{- else }} + chown -R {{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }} /opt/bitnami/postgresql/certs/ + {{- end }} + chmod 600 {{ include "postgresql.tlsCertKey" . }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.primary.persistence.enabled }} + - name: data + mountPath: {{ .Values.primary.persistence.mountPath }} + {{- if .Values.primary.persistence.subPath }} + subPath: {{ .Values.primary.persistence.subPath }} + {{- end }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + mountPath: /tmp/certs + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + {{- end }} + {{- end }} + {{- if .Values.primary.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.initContainers "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + containers: + - name: postgresql + image: {{ include "postgresql.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.primary.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.primary.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.primary.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.primary.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.primary.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.primary.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: POSTGRESQL_PORT_NUMBER + value: {{ .Values.containerPorts.postgresql | quote }} + - name: POSTGRESQL_VOLUME_DIR + value: {{ .Values.primary.persistence.mountPath | quote }} + {{- if .Values.primary.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} + # Authentication + {{- if and (not (empty $customUser)) (ne $customUser "postgres") }} + - name: POSTGRES_USER + value: {{ $customUser | quote }} + {{- if .Values.auth.enablePostgresUser }} + {{- if .Values.auth.usePasswordFiles }} + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgres-password" + {{- else }} + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: {{ include "postgresql.adminPasswordKey" . }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.auth.usePasswordFiles }} + - name: POSTGRES_PASSWORD_FILE + value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres"))) }} + {{- else }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: {{ include "postgresql.userPasswordKey" . }} + {{- end }} + {{- if (include "postgresql.database" .) }} + - name: POSTGRES_DB + value: {{ (include "postgresql.database" .) | quote }} + {{- end }} + # Replication + {{- if or (eq .Values.architecture "replication") .Values.primary.standby.enabled }} + - name: POSTGRES_REPLICATION_MODE + value: {{ ternary "slave" "master" .Values.primary.standby.enabled | quote }} + - name: POSTGRES_REPLICATION_USER + value: {{ .Values.auth.replicationUsername | quote }} + {{- if .Values.auth.usePasswordFiles }} + - name: POSTGRES_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/replication-password" + {{- else }} + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: {{ include "postgresql.replicationPasswordKey" . }} + {{- end }} + {{- if not (eq .Values.replication.synchronousCommit "off") }} + - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE + value: {{ .Values.replication.synchronousCommit | quote }} + - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS + value: {{ .Values.replication.numSynchronousReplicas | quote }} + {{- end }} + - name: POSTGRES_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + {{- end }} + # Initdb + {{- if .Values.primary.initdb.args }} + - name: POSTGRES_INITDB_ARGS + value: {{ .Values.primary.initdb.args | quote }} + {{- end }} + {{- if .Values.primary.initdb.postgresqlWalDir }} + - name: POSTGRES_INITDB_WALDIR + value: {{ .Values.primary.initdb.postgresqlWalDir | quote }} + {{- end }} + {{- if .Values.primary.initdb.user }} + - name: POSTGRESQL_INITSCRIPTS_USERNAME + value: {{ .Values.primary.initdb.user }} + {{- end }} + {{- if .Values.primary.initdb.password }} + - name: POSTGRESQL_INITSCRIPTS_PASSWORD + value: {{ .Values.primary.initdb.password | quote }} + {{- end }} + # Standby + {{- if .Values.primary.standby.enabled }} + - name: POSTGRES_MASTER_HOST + value: {{ .Values.primary.standby.primaryHost }} + - name: POSTGRES_MASTER_PORT_NUMBER + value: {{ .Values.primary.standby.primaryPort | quote }} + {{- end }} + # LDAP + - name: POSTGRESQL_ENABLE_LDAP + value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} + {{- if .Values.ldap.enabled }} + {{- if or .Values.ldap.url .Values.ldap.uri }} + - name: POSTGRESQL_LDAP_URL + value: {{ coalesce .Values.ldap.url .Values.ldap.uri }} + {{- else }} + - name: POSTGRESQL_LDAP_SERVER + value: {{ .Values.ldap.server }} + - name: POSTGRESQL_LDAP_PORT + value: {{ .Values.ldap.port | quote }} + - name: POSTGRESQL_LDAP_SCHEME + value: {{ .Values.ldap.scheme }} + {{- if (include "postgresql.ldap.tls.enabled" .) }} + - name: POSTGRESQL_LDAP_TLS + value: "1" + {{- end }} + - name: POSTGRESQL_LDAP_PREFIX + value: {{ .Values.ldap.prefix | quote }} + - name: POSTGRESQL_LDAP_SUFFIX + value: {{ .Values.ldap.suffix | quote }} + - name: POSTGRESQL_LDAP_BASE_DN + value: {{ coalesce .Values.ldap.baseDN .Values.ldap.basedn }} + - name: POSTGRESQL_LDAP_BIND_DN + value: {{ coalesce .Values.ldap.bindDN .Values.ldap.binddn}} + {{- if or (not (empty .Values.ldap.bind_password)) (not (empty .Values.ldap.bindpw)) }} + - name: POSTGRESQL_LDAP_BIND_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: ldap-password + {{- end }} + - name: POSTGRESQL_LDAP_SEARCH_ATTR + value: {{ coalesce .Values.ldap.search_attr .Values.ldap.searchAttribute }} + - name: POSTGRESQL_LDAP_SEARCH_FILTER + value: {{ coalesce .Values.ldap.search_filter .Values.ldap.searchFilter }} + {{- end }} + {{- end }} + # TLS + - name: POSTGRESQL_ENABLE_TLS + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS + value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} + - name: POSTGRESQL_TLS_CERT_FILE + value: {{ include "postgresql.tlsCert" . }} + - name: POSTGRESQL_TLS_KEY_FILE + value: {{ include "postgresql.tlsCertKey" . }} + {{- if .Values.tls.certCAFilename }} + - name: POSTGRESQL_TLS_CA_FILE + value: {{ include "postgresql.tlsCACert" . }} + {{- end }} + {{- if .Values.tls.crlFilename }} + - name: POSTGRESQL_TLS_CRL_FILE + value: {{ include "postgresql.tlsCRL" . }} + {{- end }} + {{- end }} + # Audit + - name: POSTGRESQL_LOG_HOSTNAME + value: {{ .Values.audit.logHostname | quote }} + - name: POSTGRESQL_LOG_CONNECTIONS + value: {{ .Values.audit.logConnections | quote }} + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: {{ .Values.audit.logDisconnections | quote }} + {{- if .Values.audit.logLinePrefix }} + - name: POSTGRESQL_LOG_LINE_PREFIX + value: {{ .Values.audit.logLinePrefix | quote }} + {{- end }} + {{- if .Values.audit.logTimezone }} + - name: POSTGRESQL_LOG_TIMEZONE + value: {{ .Values.audit.logTimezone | quote }} + {{- end }} + {{- if .Values.audit.pgAuditLog }} + - name: POSTGRESQL_PGAUDIT_LOG + value: {{ .Values.audit.pgAuditLog | quote }} + {{- end }} + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: {{ .Values.audit.pgAuditLogCatalog | quote }} + # Others + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: {{ .Values.audit.clientMinMessages | quote }} + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: {{ .Values.postgresqlSharedPreloadLibraries | quote }} + {{- if .Values.primary.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.primary.extraEnvVarsCM .Values.primary.extraEnvVarsSecret }} + envFrom: + {{- if .Values.primary.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.primary.extraEnvVarsCM }} + {{- end }} + {{- if .Values.primary.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.primary.extraEnvVarsSecret }} + {{- end }} + {{- end }} + ports: + - name: tcp-postgresql + containerPort: {{ .Values.containerPorts.postgresql }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.primary.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.primary.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.primary.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ default "postgres" $customUser | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- else }} + - exec pg_isready -U {{ default "postgres" $customUser | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- end }} + {{- end }} + {{- if .Values.primary.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.primary.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.primary.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ default "postgres" $customUser | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- else }} + - exec pg_isready -U {{ default "postgres" $customUser | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- end }} + {{- end }} + {{- if .Values.primary.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.primary.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.primary.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /bin/sh + - -c + - -e + {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} + {{- end }} + {{- end }} + {{- if .Values.primary.resources }} + resources: {{- toYaml .Values.primary.resources | nindent 12 }} + {{- end }} + {{- if .Values.primary.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.primary.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + {{- if or .Values.primary.initdb.scriptsConfigMap .Values.primary.initdb.scripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d/ + {{- end }} + {{- if .Values.primary.initdb.scriptsSecret }} + - name: custom-init-scripts-secret + mountPath: /docker-entrypoint-initdb.d/secret + {{- end }} + {{- if or .Values.primary.extendedConfiguration .Values.primary.existingExtendedConfigmap }} + - name: postgresql-extended-config + mountPath: /bitnami/postgresql/conf/conf.d/ + {{- end }} + {{- if .Values.auth.usePasswordFiles }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + readOnly: true + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.primary.persistence.enabled }} + - name: data + mountPath: {{ .Values.primary.persistence.mountPath }} + {{- if .Values.primary.persistence.subPath }} + subPath: {{ .Values.primary.persistence.subPath }} + {{- end }} + {{- end }} + {{- if or .Values.primary.configuration .Values.primary.pgHbaConfiguration .Values.primary.existingConfigmap }} + - name: postgresql-config + mountPath: /bitnami/postgresql/conf + {{- end }} + {{- if .Values.primary.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ include "postgresql.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.customMetrics }} + args: ["--extend.query-path", "/conf/custom-metrics.yaml"] + {{- end }} + env: + {{- $database := required "In order to enable metrics you need to specify a database (.Values.auth.database or .Values.global.postgresql.auth.database)" (include "postgresql.database" .) }} + - name: DATA_SOURCE_URI + value: {{ printf "127.0.0.1:%d/%s?sslmode=disable" (int (include "postgresql.service.port" .)) $database }} + {{- if .Values.auth.usePasswordFiles }} + - name: DATA_SOURCE_PASS_FILE + value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres"))) }} + {{- else }} + - name: DATA_SOURCE_PASS + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: {{ include "postgresql.userPasswordKey" . }} + {{- end }} + - name: DATA_SOURCE_USER + value: {{ default "postgres" $customUser | quote }} + {{- if .Values.metrics.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + ports: + - name: http-metrics + containerPort: {{ .Values.metrics.containerPorts.metrics }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: http-metrics + {{- end }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: / + port: http-metrics + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: / + port: http-metrics + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.auth.usePasswordFiles }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.metrics.customMetrics }} + - name: custom-metrics + mountPath: /conf + readOnly: true + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.primary.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.sidecars "context" $ ) | nindent 8 }} + {{- end }} + volumes: + {{- if or .Values.primary.configuration .Values.primary.pgHbaConfiguration .Values.primary.existingConfigmap }} + - name: postgresql-config + configMap: + name: {{ include "postgresql.primary.configmapName" . }} + {{- end }} + {{- if or .Values.primary.extendedConfiguration .Values.primary.existingExtendedConfigmap }} + - name: postgresql-extended-config + configMap: + name: {{ include "postgresql.primary.extendedConfigmapName" . }} + {{- end }} + {{- if .Values.auth.usePasswordFiles }} + - name: postgresql-password + secret: + secretName: {{ include "postgresql.secretName" . }} + {{- end }} + {{- if or .Values.primary.initdb.scriptsConfigMap .Values.primary.initdb.scripts }} + - name: custom-init-scripts + configMap: + name: {{ include "postgresql.initdb.scriptsCM" . }} + {{- end }} + {{- if .Values.primary.initdb.scriptsSecret }} + - name: custom-init-scripts-secret + secret: + secretName: {{ tpl .Values.primary.initdb.scriptsSecret $ }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + secret: + secretName: {{ include "postgresql.tlsSecretName" . }} + - name: postgresql-certificates + emptyDir: {} + {{- end }} + {{- if .Values.primary.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} + - name: custom-metrics + configMap: + name: {{ printf "%s-metrics" (include "postgresql.primary.fullname" .) }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + {{- if .Values.shmVolume.sizeLimit }} + sizeLimit: {{ .Values.shmVolume.sizeLimit }} + {{- end }} + {{- end }} + {{- if and .Values.primary.persistence.enabled .Values.primary.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + claimName: {{ tpl .Values.primary.persistence.existingClaim $ }} + {{- else if not .Values.primary.persistence.enabled }} + - name: data + emptyDir: {} + {{- else }} + volumeClaimTemplates: + - metadata: + name: data + {{- if .Values.primary.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.primary.persistence.labels }} + labels: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.labels "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.primary.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + {{- if .Values.primary.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.dataSource "context" $) | nindent 10 }} + {{- end }} + resources: + requests: + storage: {{ .Values.primary.persistence.size | quote }} + {{- if .Values.primary.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.selector "context" $) | nindent 10 }} + {{- end }} + {{- include "common.storage.class" (dict "persistence" .Values.primary.persistence "global" .Values.global) | nindent 8 }} + {{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/svc-headless.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/svc-headless.yaml new file mode 100644 index 0000000..684177a --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/svc-headless.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "postgresql.primary.svc.headless" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: primary + {{- if or .Values.primary.service.headless.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.primary.service.headless.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.service.headless.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + # Use this annotation in addition to the actual publishNotReadyAddresses + # field below because the annotation will stop being respected soon but the + # field is broken in some versions of Kubernetes: + # https://github.com/kubernetes/kubernetes/issues/58662 + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" +spec: + type: ClusterIP + clusterIP: None + # We want all pods in the StatefulSet to have their addresses published for + # the sake of the other Postgresql pods even before they're ready, since they + # have to be able to talk to each other in order to become ready. + publishNotReadyAddresses: true + ports: + - name: tcp-postgresql + port: {{ template "postgresql.service.port" . }} + targetPort: tcp-postgresql + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: primary diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/svc.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/svc.yaml new file mode 100644 index 0000000..6ddd55b --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/primary/svc.yaml @@ -0,0 +1,53 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "postgresql.primary.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: primary + {{- if or .Values.commonAnnotations .Values.primary.service.annotations }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.primary.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.primary.service.type }} + {{- if or (eq .Values.primary.service.type "LoadBalancer") (eq .Values.primary.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.primary.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.primary.service.type "LoadBalancer") (not (empty .Values.primary.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ .Values.primary.service.loadBalancerSourceRanges }} + {{- end }} + {{- if and (eq .Values.primary.service.type "LoadBalancer") (not (empty .Values.primary.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.primary.service.loadBalancerIP }} + {{- end }} + {{- if and .Values.primary.service.clusterIP (eq .Values.primary.service.type "ClusterIP") }} + clusterIP: {{ .Values.primary.service.clusterIP }} + {{- end }} + {{- if .Values.primary.service.sessionAffinity }} + sessionAffinity: {{ .Values.primary.service.sessionAffinity }} + {{- end }} + {{- if .Values.primary.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - name: tcp-postgresql + port: {{ template "postgresql.service.port" . }} + targetPort: tcp-postgresql + {{- if and (or (eq .Values.primary.service.type "NodePort") (eq .Values.primary.service.type "LoadBalancer")) (not (empty .Values.primary.service.nodePorts.postgresql)) }} + nodePort: {{ .Values.primary.service.nodePorts.postgresql }} + {{- else if eq .Values.primary.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.primary.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: primary diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/prometheusrule.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/prometheusrule.yaml new file mode 100644 index 0000000..24be710 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/prometheusrule.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.prometheusRule.namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.prometheusRule.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.labels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + groups: + - name: {{ include "common.names.fullname" . }} + rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 8 }} +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/psp.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/psp.yaml new file mode 100644 index 0000000..48d1175 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/psp.yaml @@ -0,0 +1,41 @@ +{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- if and $pspAvailable .Values.psp.create }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + privileged: false + volumes: + - 'configMap' + - 'secret' + - 'persistentVolumeClaim' + - 'emptyDir' + - 'projected' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/extended-configmap.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/extended-configmap.yaml new file mode 100644 index 0000000..e329d13 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/extended-configmap.yaml @@ -0,0 +1,18 @@ +{{- if (include "postgresql.readReplicas.createExtendedConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-extended-configuration" (include "postgresql.readReplica.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: read + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + override.conf: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.extendedConfiguration "context" $ ) | nindent 4 }} +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/metrics-configmap.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/metrics-configmap.yaml new file mode 100644 index 0000000..b00a6ec --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/metrics-configmap.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.metrics.enabled .Values.metrics.customMetrics (eq .Values.architecture "replication") }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-metrics" (include "postgresql.readReplica.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }} +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/metrics-svc.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/metrics-svc.yaml new file mode 100644 index 0000000..6f54ed2 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/metrics-svc.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.metrics.enabled (eq .Values.architecture "replication") }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-metrics" (include "postgresql.readReplica.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics-read + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.commonAnnotations .Values.metrics.service.annotations }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + sessionAffinity: {{ .Values.metrics.service.sessionAffinity }} + {{- if .Values.metrics.service.clusterIP }} + clusterIP: {{ .Values.metrics.service.clusterIP }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.metrics.service.ports.metrics }} + targetPort: http-metrics + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: read +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/networkpolicy.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/networkpolicy.yaml new file mode 100644 index 0000000..c969cd7 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/networkpolicy.yaml @@ -0,0 +1,36 @@ +{{- if and .Values.networkPolicy.enabled (eq .Values.architecture "replication") .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled }} +apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ printf "%s-ingress" (include "postgresql.readReplica.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: read + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + podSelector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: read + ingress: + {{- if and .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled (or .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector) }} + - from: + {{- if .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector }} + - namespaceSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector "context" $) | nindent 14 }} + {{- end }} + {{- if .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector }} + - podSelector: + matchLabels: {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector "context" $) | nindent 14 }} + {{- end }} + ports: + - port: {{ .Values.containerPorts.postgresql }} + {{- end }} + {{- if .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.customRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.networkPolicy.ingressRules.readReplicasAccessOnlyFrom.customRules "context" $) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/servicemonitor.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/servicemonitor.yaml new file mode 100644 index 0000000..d511d6b --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/servicemonitor.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled (eq .Values.architecture "replication") }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "postgresql.readReplica.fullname" . }} + namespace: {{ default .Release.Namespace .Values.metrics.serviceMonitor.namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics-read + {{- if .Values.metrics.serviceMonitor.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.labels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} + app.kubernetes.io/component: metrics-read + endpoints: + - port: http-metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/statefulset.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/statefulset.yaml new file mode 100644 index 0000000..6d35e47 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/statefulset.yaml @@ -0,0 +1,537 @@ +{{- if eq .Values.architecture "replication" }} +{{- $customUser := include "postgresql.username" . }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ include "postgresql.readReplica.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: read + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.readReplicas.labels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.labels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.commonAnnotations .Values.readReplicas.annotations }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.readReplicas.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + replicas: {{ .Values.readReplicas.replicaCount }} + serviceName: {{ include "postgresql.readReplica.svc.headless" . }} + {{- if .Values.readReplicas.updateStrategy }} + updateStrategy: {{- toYaml .Values.readReplicas.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: read + template: + metadata: + name: {{ include "postgresql.readReplica.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: read + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.readReplicas.podLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.podLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if or (include "postgresql.readReplicas.createExtendedConfigmap" .) .Values.readReplicas.podAnnotations }} + annotations: + {{- if (include "postgresql.readReplicas.createExtendedConfigmap" .) }} + checksum/extended-configuration: {{ include (print $.Template.BasePath "/read/extended-configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.readReplicas.podAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- if .Values.readReplicas.extraPodSpec }} + {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.extraPodSpec "context" $) | nindent 6 }} + {{- end }} + serviceAccountName: {{ include "postgresql.serviceAccountName" . }} + {{- include "postgresql.imagePullSecrets" . | nindent 6 }} + {{- if .Values.readReplicas.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.readReplicas.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.readReplicas.podAffinityPreset "component" "read" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.readReplicas.podAntiAffinityPreset "component" "read" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.readReplicas.nodeAffinityPreset.type "key" .Values.readReplicas.nodeAffinityPreset.key "values" .Values.readReplicas.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.readReplicas.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.readReplicas.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.readReplicas.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.topologySpreadConstraints "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.readReplicas.priorityClassName }} + priorityClassName: {{ .Values.readReplicas.priorityClassName }} + {{- end }} + {{- if .Values.readReplicas.schedulerName }} + schedulerName: {{ .Values.readReplicas.schedulerName | quote }} + {{- end }} + {{- if .Values.readReplicas.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.readReplicas.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.readReplicas.podSecurityContext.enabled }} + securityContext: {{- omit .Values.readReplicas.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + hostNetwork: {{ .Values.readReplicas.hostNetwork }} + hostIPC: {{ .Values.readReplicas.hostIPC }} + {{- if or (and .Values.tls.enabled (not .Values.volumePermissions.enabled)) (and .Values.volumePermissions.enabled (or .Values.readReplicas.persistence.enabled .Values.shmVolume.enabled)) .Values.readReplicas.initContainers }} + initContainers: + {{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }} + - name: copy-certs + image: {{ include "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.readReplicas.resources }} + resources: {{- toYaml .Values.readReplicas.resources | nindent 12 }} + {{- end }} + # We don't require a privileged container in this case + {{- if .Values.readReplicas.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.readReplicas.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -ec + - | + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + chmod 600 {{ include "postgresql.tlsCertKey" . }} + volumeMounts: + - name: raw-certificates + mountPath: /tmp/certs + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + {{- else if and .Values.volumePermissions.enabled (or .Values.readReplicas.persistence.enabled .Values.shmVolume.enabled) }} + - name: init-chmod-data + image: {{ include "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.readReplicas.resources }} + resources: {{- toYaml .Values.readReplicas.resources | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -ec + - | + {{- if .Values.readReplicas.persistence.enabled }} + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.readReplicas.persistence.mountPath }} + {{- else }} + chown {{ .Values.readReplicas.containerSecurityContext.runAsUser }}:{{ .Values.readReplicas.podSecurityContext.fsGroup }} {{ .Values.readReplicas.persistence.mountPath }} + {{- end }} + mkdir -p {{ .Values.readReplicas.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.readReplicas.persistence.mountPath }}/conf {{- end }} + chmod 700 {{ .Values.readReplicas.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.readReplicas.persistence.mountPath }}/conf {{- end }} + find {{ .Values.readReplicas.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + xargs -r chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs -r chown -R {{ .Values.readReplicas.containerSecurityContext.runAsUser }}:{{ .Values.readReplicas.podSecurityContext.fsGroup }} + {{- end }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + chmod -R 777 /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ + {{- else }} + chown -R {{ .Values.readReplicas.containerSecurityContext.runAsUser }}:{{ .Values.readReplicas.podSecurityContext.fsGroup }} /opt/bitnami/postgresql/certs/ + {{- end }} + chmod 600 {{ include "postgresql.tlsCertKey" . }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.containerSecurityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + {{ if .Values.readReplicas.persistence.enabled }} + - name: data + mountPath: {{ .Values.readReplicas.persistence.mountPath }} + {{- if .Values.readReplicas.persistence.subPath }} + subPath: {{ .Values.readReplicas.persistence.subPath }} + {{- end }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + mountPath: /tmp/certs + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + {{- end }} + {{- end }} + {{- if .Values.readReplicas.initContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.initContainers "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + containers: + - name: postgresql + image: {{ include "postgresql.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.readReplicas.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.readReplicas.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.readReplicas.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.readReplicas.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: POSTGRESQL_PORT_NUMBER + value: {{ .Values.containerPorts.postgresql | quote }} + - name: POSTGRESQL_VOLUME_DIR + value: {{ .Values.readReplicas.persistence.mountPath | quote }} + {{- if .Values.readReplicas.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} + # Authentication + {{- if and (not (empty $customUser)) (ne $customUser "postgres") .Values.auth.enablePostgresUser }} + {{- if .Values.auth.usePasswordFiles }} + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgres-password" + {{- else }} + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: {{ include "postgresql.adminPasswordKey" . }} + {{- end }} + {{- end }} + {{- if .Values.auth.usePasswordFiles }} + - name: POSTGRES_PASSWORD_FILE + value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres"))) }} + {{- else }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: {{ include "postgresql.userPasswordKey" . }} + {{- end }} + # Replication + - name: POSTGRES_REPLICATION_MODE + value: "slave" + - name: POSTGRES_REPLICATION_USER + value: {{ .Values.auth.replicationUsername | quote }} + {{- if .Values.auth.usePasswordFiles }} + - name: POSTGRES_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/replication-password" + {{- else }} + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: {{ include "postgresql.replicationPasswordKey" . }} + {{- end }} + - name: POSTGRES_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + - name: POSTGRES_MASTER_HOST + value: {{ include "postgresql.primary.fullname" . }} + - name: POSTGRES_MASTER_PORT_NUMBER + value: {{ include "postgresql.service.port" . | quote }} + # TLS + - name: POSTGRESQL_ENABLE_TLS + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS + value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} + - name: POSTGRESQL_TLS_CERT_FILE + value: {{ include "postgresql.tlsCert" . }} + - name: POSTGRESQL_TLS_KEY_FILE + value: {{ include "postgresql.tlsCertKey" . }} + {{- if .Values.tls.certCAFilename }} + - name: POSTGRESQL_TLS_CA_FILE + value: {{ include "postgresql.tlsCACert" . }} + {{- end }} + {{- if .Values.tls.crlFilename }} + - name: POSTGRESQL_TLS_CRL_FILE + value: {{ include "postgresql.tlsCRL" . }} + {{- end }} + {{- end }} + # Audit + - name: POSTGRESQL_LOG_HOSTNAME + value: {{ .Values.audit.logHostname | quote }} + - name: POSTGRESQL_LOG_CONNECTIONS + value: {{ .Values.audit.logConnections | quote }} + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: {{ .Values.audit.logDisconnections | quote }} + {{- if .Values.audit.logLinePrefix }} + - name: POSTGRESQL_LOG_LINE_PREFIX + value: {{ .Values.audit.logLinePrefix | quote }} + {{- end }} + {{- if .Values.audit.logTimezone }} + - name: POSTGRESQL_LOG_TIMEZONE + value: {{ .Values.audit.logTimezone | quote }} + {{- end }} + {{- if .Values.audit.pgAuditLog }} + - name: POSTGRESQL_PGAUDIT_LOG + value: {{ .Values.audit.pgAuditLog | quote }} + {{- end }} + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: {{ .Values.audit.pgAuditLogCatalog | quote }} + # Others + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: {{ .Values.audit.clientMinMessages | quote }} + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: {{ .Values.postgresqlSharedPreloadLibraries | quote }} + {{- if .Values.readReplicas.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.readReplicas.extraEnvVarsCM .Values.readReplicas.extraEnvVarsSecret }} + envFrom: + {{- if .Values.readReplicas.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.readReplicas.extraEnvVarsCM }} + {{- end }} + {{- if .Values.readReplicas.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.readReplicas.extraEnvVarsSecret }} + {{- end }} + {{- end }} + ports: + - name: tcp-postgresql + containerPort: {{ .Values.containerPorts.postgresql }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.readReplicas.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.readReplicas.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readReplicas.startupProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ default "postgres" $customUser| quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- else }} + - exec pg_isready -U {{ default "postgres" $customUser | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- end }} + {{- end }} + {{- if .Values.readReplicas.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.readReplicas.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readReplicas.livenessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ default "postgres" $customUser | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- else }} + - exec pg_isready -U {{default "postgres" $customUser | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ .Values.containerPorts.postgresql }} + {{- end }} + {{- end }} + {{- if .Values.readReplicas.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readReplicas.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readReplicas.readinessProbe "enabled") "context" $) | nindent 12 }} + exec: + command: + - /bin/sh + - -c + - -e + {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} + {{- end }} + {{- end }} + {{- if .Values.readReplicas.resources }} + resources: {{- toYaml .Values.readReplicas.resources | nindent 12 }} + {{- end }} + {{- if .Values.readReplicas.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.auth.usePasswordFiles }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.readReplicas.extendedConfiguration }} + - name: postgresql-extended-config + mountPath: /bitnami/postgresql/conf/conf.d/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + readOnly: true + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.readReplicas.persistence.enabled }} + - name: data + mountPath: {{ .Values.readReplicas.persistence.mountPath }} + {{- if .Values.readReplicas.persistence.subPath }} + subPath: {{ .Values.readReplicas.persistence.subPath }} + {{- end }} + {{- end }} + {{- if .Values.readReplicas.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ include "postgresql.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.metrics.customMetrics }} + args: [ "--extend.query-path", "/conf/custom-metrics.yaml" ] + {{- end }} + env: + {{- $database := required "In order to enable metrics you need to specify a database (.Values.auth.database or .Values.global.postgresql.auth.database)" (include "postgresql.database" .) }} + - name: DATA_SOURCE_URI + value: {{ printf "127.0.0.1:%d/%s?sslmode=disable" (int (include "postgresql.service.port" .)) $database }} + {{- if .Values.auth.usePasswordFiles }} + - name: DATA_SOURCE_PASS_FILE + value: {{ printf "/opt/bitnami/postgresql/secrets/%s" (ternary "password" "postgres-password" (and (not (empty $customUser)) (ne $customUser "postgres"))) }} + {{- else }} + - name: DATA_SOURCE_PASS + valueFrom: + secretKeyRef: + name: {{ include "postgresql.secretName" . }} + key: {{ include "postgresql.userPasswordKey" . }} + {{- end }} + - name: DATA_SOURCE_USER + value: {{ default "postgres" $customUser | quote }} + {{- if .Values.metrics.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + ports: + - name: http-metrics + containerPort: {{ .Values.metrics.containerPorts.metrics }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.metrics.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: http-metrics + {{- end }} + {{- if .Values.metrics.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: / + port: http-metrics + {{- end }} + {{- if .Values.metrics.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: / + port: http-metrics + {{- end }} + {{- end }} + volumeMounts: + {{- if .Values.auth.usePasswordFiles }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.metrics.customMetrics }} + - name: custom-metrics + mountPath: /conf + readOnly: true + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.readReplicas.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.sidecars "context" $ ) | nindent 8 }} + {{- end }} + volumes: + {{- if .Values.readReplicas.extendedConfiguration }} + - name: postgresql-extended-config + configMap: + name: {{ include "postgresql.readReplicas.extendedConfigmapName" . }} + {{- end }} + {{- if .Values.auth.usePasswordFiles }} + - name: postgresql-password + secret: + secretName: {{ include "postgresql.secretName" . }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + secret: + secretName: {{ include "postgresql.tlsSecretName" . }} + - name: postgresql-certificates + emptyDir: {} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} + - name: custom-metrics + configMap: + name: {{ printf "%s-metrics" (include "postgresql.readReplica.fullname" .) }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + {{- if .Values.shmVolume.sizeLimit }} + sizeLimit: {{ .Values.shmVolume.sizeLimit }} + {{- end }} + {{- end }} + {{- if .Values.readReplicas.extraVolumes }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.extraVolumes "context" $ ) | nindent 8 }} + {{- end }} + {{- if and .Values.readReplicas.persistence.enabled .Values.readReplicas.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + claimName: {{ tpl .Values.readReplicas.persistence.existingClaim $ }} + {{- else if not .Values.readReplicas.persistence.enabled }} + - name: data + emptyDir: {} + {{- else }} + volumeClaimTemplates: + - metadata: + name: data + {{- if .Values.readReplicas.persistence.annotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.persistence.annotations "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.readReplicas.persistence.labels }} + labels: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.persistence.labels "context" $) | nindent 10 }} + {{- end }} + spec: + accessModes: + {{- range .Values.readReplicas.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + {{- if .Values.readReplicas.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.persistence.dataSource "context" $) | nindent 10 }} + {{- end }} + resources: + requests: + storage: {{ .Values.readReplicas.persistence.size | quote }} + {{- if .Values.readReplicas.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.persistence.selector "context" $) | nindent 10 }} + {{- end -}} + {{- include "common.storage.class" (dict "persistence" .Values.readReplicas.persistence "global" .Values.global) | nindent 8 }} + {{- end }} +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/svc-headless.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/svc-headless.yaml new file mode 100644 index 0000000..ee8f756 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/svc-headless.yaml @@ -0,0 +1,39 @@ +{{- if eq .Values.architecture "replication" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "postgresql.readReplica.svc.headless" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: read + {{- if or .Values.readReplicas.service.headless.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.readReplicas.service.headless.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.service.headless.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + # Use this annotation in addition to the actual publishNotReadyAddresses + # field below because the annotation will stop being respected soon but the + # field is broken in some versions of Kubernetes: + # https://github.com/kubernetes/kubernetes/issues/58662 + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" +spec: + type: ClusterIP + clusterIP: None + # We want all pods in the StatefulSet to have their addresses published for + # the sake of the other Postgresql pods even before they're ready, since they + # have to be able to talk to each other in order to become ready. + publishNotReadyAddresses: true + ports: + - name: tcp-postgresql + port: {{ include "postgresql.readReplica.service.port" . }} + targetPort: tcp-postgresql + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: read +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/svc.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/svc.yaml new file mode 100644 index 0000000..c308c3f --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/read/svc.yaml @@ -0,0 +1,55 @@ +{{- if eq .Values.architecture "replication" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "postgresql.readReplica.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + app.kubernetes.io/component: read + {{- if or .Values.commonAnnotations .Values.readReplicas.service.annotations }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.readReplicas.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.readReplicas.service.type }} + {{- if or (eq .Values.readReplicas.service.type "LoadBalancer") (eq .Values.readReplicas.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.readReplicas.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.readReplicas.service.type "LoadBalancer") (not (empty .Values.readReplicas.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ .Values.readReplicas.service.loadBalancerSourceRanges }} + {{- end }} + {{- if and (eq .Values.readReplicas.service.type "LoadBalancer") (not (empty .Values.readReplicas.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.readReplicas.service.loadBalancerIP }} + {{- end }} + {{- if and .Values.readReplicas.service.clusterIP (eq .Values.readReplicas.service.type "ClusterIP") }} + clusterIP: {{ .Values.readReplicas.service.clusterIP }} + {{- end }} + {{- if .Values.readReplicas.service.sessionAffinity }} + sessionAffinity: {{ .Values.readReplicas.service.sessionAffinity }} + {{- end }} + {{- if .Values.readReplicas.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + ports: + - name: tcp-postgresql + port: {{ include "postgresql.readReplica.service.port" . }} + targetPort: tcp-postgresql + {{- if and (or (eq .Values.readReplicas.service.type "NodePort") (eq .Values.readReplicas.service.type "LoadBalancer")) (not (empty .Values.readReplicas.service.nodePorts.postgresql)) }} + nodePort: {{ .Values.readReplicas.service.nodePorts.postgresql }} + {{- else if eq .Values.readReplicas.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.readReplicas.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: read +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/role.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/role.yaml new file mode 100644 index 0000000..00f9222 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/role.yaml @@ -0,0 +1,31 @@ +{{- if .Values.rbac.create }} +kind: Role +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +# yamllint disable rule:indentation +rules: + {{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} + {{- if and $pspAvailable .Values.psp.create }} + - apiGroups: + - 'policy' + resources: + - 'podsecuritypolicies' + verbs: + - 'use' + resourceNames: + - {{ include "common.names.fullname" . }} + {{- end }} + {{- if .Values.rbac.rules }} + {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} + {{- end }} +# yamllint enable rule:indentation +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/rolebinding.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/rolebinding.yaml new file mode 100644 index 0000000..0311c0e --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/rolebinding.yaml @@ -0,0 +1,22 @@ +{{- if .Values.rbac.create }} +kind: RoleBinding +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + kind: Role + name: {{ include "common.names.fullname" . }} + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ include "postgresql.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/secrets.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/secrets.yaml new file mode 100644 index 0000000..bbd03d6 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/secrets.yaml @@ -0,0 +1,103 @@ +{{- $host := include "postgresql.primary.fullname" . }} +{{- $port := include "postgresql.service.port" . }} +{{- $postgresPassword := "" }} +{{- if .Values.auth.enablePostgresUser }} +{{- $postgresPassword = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" $.Values.auth.secretKeys.adminPasswordKey "providedValues" (list "global.postgresql.auth.postgresPassword" "auth.postgresPassword") "context" $) | trimAll "\"" | b64dec }} +{{- end }} +{{- $replicationPassword := "" }} +{{- if eq .Values.architecture "replication" }} +{{- $replicationPassword = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" $.Values.auth.secretKeys.replicationPasswordKey "providedValues" (list "auth.replicationPassword") "context" $) | trimAll "\"" | b64dec }} +{{- end }} +{{- $ldapPassword := "" }} +{{- if and .Values.ldap.enabled (or .Values.ldap.bind_password .Values.ldap.bindpw) }} +{{- $ldapPassword = coalesce .Values.ldap.bind_password .Values.ldap.bindpw }} +{{- end }} +{{- $customUser := include "postgresql.username" . }} +{{- $password := "" }} +{{- if not (empty (include "postgresql.username" .)) }} +{{- $password = include "common.secrets.passwords.manage" (dict "secret" (include "postgresql.secretName" .) "key" $.Values.auth.secretKeys.userPasswordKey "providedValues" (list "global.postgresql.auth.password" "auth.password") "context" $) | trimAll "\"" | b64dec }} +{{- end }} +{{- $database := include "postgresql.database" . }} +{{- if (include "postgresql.createSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if .Values.auth.enablePostgresUser }} + postgres-password: {{ $postgresPassword | b64enc | quote }} + {{- end }} + {{- if not (empty (include "postgresql.username" .)) }} + password: {{ $password | b64enc | quote }} + {{- end }} + {{- if eq .Values.architecture "replication" }} + replication-password: {{ $replicationPassword | b64enc | quote }} + {{- end }} + # We don't auto-generate LDAP password when it's not provided as we do for other passwords + {{- if and .Values.ldap.enabled (or .Values.ldap.bind_password .Values.ldap.bindpw) }} + ldap-password: {{ $ldapPassword | b64enc | quote }} + {{- end }} +{{- end }} +{{- if .Values.serviceBindings.enabled }} +{{- if .Values.auth.enablePostgresUser }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }}-svcbind-postgres + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: servicebinding.io/postgresql +data: + provider: {{ print "bitnami" | b64enc | quote }} + type: {{ print "postgresql" | b64enc | quote }} + host: {{ $host | b64enc | quote }} + port: {{ $port | b64enc | quote }} + user: {{ print "postgres" | b64enc | quote }} + database: {{ print "postgres" | b64enc | quote }} + password: {{ $postgresPassword | b64enc | quote }} + uri: {{ printf "postgresql://postgres:%s@%s:%s/postgres" $postgresPassword $host $port | b64enc | quote }} +{{- end }} +{{- if and (not (empty $customUser)) (ne $customUser "postgres") }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }}-svcbind-custom-user + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: servicebinding.io/postgresql +data: + provider: {{ print "bitnami" | b64enc | quote }} + type: {{ print "postgresql" | b64enc | quote }} + host: {{ $host | b64enc | quote }} + port: {{ $port | b64enc | quote }} + user: {{ $customUser | b64enc | quote }} + password: {{ $password | b64enc | quote }} + {{- if $database }} + database: {{ $database | b64enc | quote }} + {{- end }} + uri: {{ printf "postgresql://%s:%s@%s:%s/%s" $customUser $password $host $port $database | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/serviceaccount.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/serviceaccount.yaml new file mode 100644 index 0000000..179f8f2 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "postgresql.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.serviceAccount.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/tls-secrets.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/tls-secrets.yaml new file mode 100644 index 0000000..482e298 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/templates/tls-secrets.yaml @@ -0,0 +1,28 @@ +{{- if (include "postgresql.createTlsSecret" . ) }} +{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }} +{{- $ca := genCA "postgresql-ca" 365 }} +{{- $fullname := include "common.names.fullname" . }} +{{- $releaseNamespace := .Release.Namespace }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $primaryHeadlessServiceName := include "postgresql.primary.svc.headless" . }} +{{- $readHeadlessServiceName := include "postgresql.readReplica.svc.headless" . }} +{{- $altNames := list (printf "*.%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $primaryHeadlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $primaryHeadlessServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $readHeadlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $readHeadlessServiceName $releaseNamespace $clusterDomain) $fullname }} +{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/values.schema.json b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/values.schema.json new file mode 100644 index 0000000..fc41483 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/values.schema.json @@ -0,0 +1,156 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "architecture": { + "type": "string", + "title": "PostgreSQL architecture", + "form": true, + "description": "Allowed values: `standalone` or `replication`" + }, + "auth": { + "type": "object", + "title": "Authentication configuration", + "form": true, + "properties": { + "enablePostgresUser": { + "type": "boolean", + "title": "Enable \"postgres\" admin user", + "description": "Assign a password to the \"postgres\" admin user. Otherwise, remote access will be blocked for this user", + "form": true + }, + "postgresPassword": { + "type": "string", + "title": "Password for the \"postgres\" admin user", + "description": "Defaults to a random 10-character alphanumeric string if not set", + "form": true + }, + "database": { + "type": "string", + "title": "PostgreSQL custom database", + "description": "Name of the custom database to be created during the 1st initialization of PostgreSQL", + "form": true + }, + "username": { + "type": "string", + "title": "PostgreSQL custom user", + "description": "Name of the custom user to be created during the 1st initialization of PostgreSQL. This user only has permissions on the PostgreSQL custom database", + "form": true + }, + "password": { + "type": "string", + "title": "Password for the custom user to create", + "description": "Defaults to a random 10-character alphanumeric string if not set", + "form": true + }, + "replicationUsername": { + "type": "string", + "title": "PostgreSQL replication user", + "description": "Name of user used to manage replication.", + "form": true, + "hidden": { + "value": "standalone", + "path": "architecture" + } + }, + "replicationPassword": { + "type": "string", + "title": "Password for PostgreSQL replication user", + "description": "Defaults to a random 10-character alphanumeric string if not set", + "form": true, + "hidden": { + "value": "standalone", + "path": "architecture" + } + } + } + }, + "persistence": { + "type": "object", + "properties": { + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi" + } + } + }, + "resources": { + "type": "object", + "title": "Required Resources", + "description": "Configure resource requests", + "form": true, + "properties": { + "requests": { + "type": "object", + "properties": { + "memory": { + "type": "string", + "form": true, + "render": "slider", + "title": "Memory Request", + "sliderMin": 10, + "sliderMax": 2048, + "sliderUnit": "Mi" + }, + "cpu": { + "type": "string", + "form": true, + "render": "slider", + "title": "CPU Request", + "sliderMin": 10, + "sliderMax": 2000, + "sliderUnit": "m" + } + } + } + } + }, + "replication": { + "type": "object", + "form": true, + "title": "Replication Details", + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Replication", + "form": true + }, + "readReplicas": { + "type": "integer", + "title": "read Replicas", + "form": true, + "hidden": { + "value": "standalone", + "path": "architecture" + } + } + } + }, + "volumePermissions": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable Init Containers", + "description": "Change the owner of the persist volume mountpoint to RunAsUser:fsGroup" + } + } + }, + "metrics": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Configure metrics exporter", + "form": true + } + } + } + } +} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/values.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/values.yaml new file mode 100644 index 0000000..b7039b1 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/charts/postgresql/values.yaml @@ -0,0 +1,1425 @@ +## @section Global parameters +## Please, note that this will override the parameters, including dependencies, configured to use the global value +## +global: + ## @param global.imageRegistry Global Docker image registry + ## + imageRegistry: "" + ## @param global.imagePullSecrets Global Docker registry secret names as an array + ## e.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + ## @param global.storageClass Global StorageClass for Persistent Volume(s) + ## + storageClass: "" + postgresql: + ## @param global.postgresql.auth.postgresPassword Password for the "postgres" admin user (overrides `auth.postgresPassword`) + ## @param global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`) + ## @param global.postgresql.auth.password Password for the custom user to create (overrides `auth.password`) + ## @param global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`) + ## @param global.postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials (overrides `auth.existingSecret`). + ## @param global.postgresql.auth.secretKeys.adminPasswordKey Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.adminPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set. + ## @param global.postgresql.auth.secretKeys.userPasswordKey Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.userPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set. + ## @param global.postgresql.auth.secretKeys.replicationPasswordKey Name of key in existing secret to use for PostgreSQL credentials (overrides `auth.secretKeys.replicationPasswordKey`). Only used when `global.postgresql.auth.existingSecret` is set. + ## + auth: + postgresPassword: "" + username: "" + password: "" + database: "" + existingSecret: "" + secretKeys: + adminPasswordKey: "" + userPasswordKey: "" + replicationPasswordKey: "" + ## @param global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) + ## + service: + ports: + postgresql: "" + +## @section Common parameters +## + +## @param kubeVersion Override Kubernetes version +## +kubeVersion: "" +## @param nameOverride String to partially override common.names.fullname template (will maintain the release name) +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname template +## +fullnameOverride: "" +## @param clusterDomain Kubernetes Cluster Domain +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template) +## +extraDeploy: [] +## @param commonLabels Add labels to all the deployed resources +## +commonLabels: {} +## @param commonAnnotations Add annotations to all the deployed resources +## +commonAnnotations: {} +## Enable diagnostic mode in the statefulset +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the statefulset + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the statefulset + ## + args: + - infinity + +## @section PostgreSQL common parameters +## + +## Bitnami PostgreSQL image version +## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ +## @param image.registry PostgreSQL image registry +## @param image.repository PostgreSQL image repository +## @param image.tag PostgreSQL image tag (immutable tags are recommended) +## @param image.digest PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag +## @param image.pullPolicy PostgreSQL image pull policy +## @param image.pullSecrets Specify image pull secrets +## @param image.debug Specify if debug values should be set +## +image: + registry: docker.io + repository: bitnami/postgresql + tag: 15.2.0-debian-11-r21 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## + debug: false +## Authentication parameters +## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#setting-the-root-password-on-first-run +## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#creating-a-database-on-first-run +## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#creating-a-database-user-on-first-run +## +auth: + ## @param auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user + ## + enablePostgresUser: true + ## @param auth.postgresPassword Password for the "postgres" admin user. Ignored if `auth.existingSecret` is provided + ## + postgresPassword: "" + ## @param auth.username Name for a custom user to create + ## + username: "" + ## @param auth.password Password for the custom user to create. Ignored if `auth.existingSecret` is provided + ## + password: "" + ## @param auth.database Name for a custom database to create + ## + database: "" + ## @param auth.replicationUsername Name of the replication user + ## + replicationUsername: repl_user + ## @param auth.replicationPassword Password for the replication user. Ignored if `auth.existingSecret` is provided + ## + replicationPassword: "" + ## @param auth.existingSecret Name of existing secret to use for PostgreSQL credentials. `auth.postgresPassword`, `auth.password`, and `auth.replicationPassword` will be ignored and picked up from this secret. The secret might also contains the key `ldap-password` if LDAP is enabled. `ldap.bind_password` will be ignored and picked from this secret in this case. + ## + existingSecret: "" + ## @param auth.secretKeys.adminPasswordKey Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. + ## @param auth.secretKeys.userPasswordKey Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. + ## @param auth.secretKeys.replicationPasswordKey Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set. + ## + secretKeys: + adminPasswordKey: postgres-password + userPasswordKey: password + replicationPasswordKey: replication-password + ## @param auth.usePasswordFiles Mount credentials as a files instead of using an environment variable + ## + usePasswordFiles: false +## @param architecture PostgreSQL architecture (`standalone` or `replication`) +## +architecture: standalone +## Replication configuration +## Ignored if `architecture` is `standalone` +## +replication: + ## @param replication.synchronousCommit Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` + ## @param replication.numSynchronousReplicas Number of replicas that will have synchronous replication. Note: Cannot be greater than `readReplicas.replicaCount`. + ## ref: https://www.postgresql.org/docs/current/runtime-config-wal.html#GUC-SYNCHRONOUS-COMMIT + ## + synchronousCommit: "off" + numSynchronousReplicas: 0 + ## @param replication.applicationName Cluster application name. Useful for advanced replication settings + ## + applicationName: my_application +## @param containerPorts.postgresql PostgreSQL container port +## +containerPorts: + postgresql: 5432 +## Audit settings +## https://github.com/bitnami/containers/tree/main/bitnami/postgresql#auditing +## @param audit.logHostname Log client hostnames +## @param audit.logConnections Add client log-in operations to the log file +## @param audit.logDisconnections Add client log-outs operations to the log file +## @param audit.pgAuditLog Add operations to log using the pgAudit extension +## @param audit.pgAuditLogCatalog Log catalog using pgAudit +## @param audit.clientMinMessages Message log level to share with the user +## @param audit.logLinePrefix Template for log line prefix (default if not set) +## @param audit.logTimezone Timezone for the log timestamps +## +audit: + logHostname: false + logConnections: false + logDisconnections: false + pgAuditLog: "" + pgAuditLogCatalog: "off" + clientMinMessages: error + logLinePrefix: "" + logTimezone: "" +## LDAP configuration +## @param ldap.enabled Enable LDAP support +## DEPRECATED ldap.url It will removed in a future, please use 'ldap.uri' instead +## @param ldap.server IP address or name of the LDAP server. +## @param ldap.port Port number on the LDAP server to connect to +## @param ldap.prefix String to prepend to the user name when forming the DN to bind +## @param ldap.suffix String to append to the user name when forming the DN to bind +## DEPRECATED ldap.baseDN It will removed in a future, please use 'ldap.basedn' instead +## DEPRECATED ldap.bindDN It will removed in a future, please use 'ldap.binddn' instead +## DEPRECATED ldap.bind_password It will removed in a future, please use 'ldap.bindpw' instead +## @param ldap.basedn Root DN to begin the search for the user in +## @param ldap.binddn DN of user to bind to LDAP +## @param ldap.bindpw Password for the user to bind to LDAP +## DEPRECATED ldap.search_attr It will removed in a future, please use 'ldap.searchAttribute' instead +## DEPRECATED ldap.search_filter It will removed in a future, please use 'ldap.searchFilter' instead +## @param ldap.searchAttribute Attribute to match against the user name in the search +## @param ldap.searchFilter The search filter to use when doing search+bind authentication +## @param ldap.scheme Set to `ldaps` to use LDAPS +## DEPRECATED ldap.tls as string is deprecated,please use 'ldap.tls.enabled' instead +## @param ldap.tls.enabled Se to true to enable TLS encryption +## +ldap: + enabled: false + server: "" + port: "" + prefix: "" + suffix: "" + basedn: "" + binddn: "" + bindpw: "" + searchAttribute: "" + searchFilter: "" + scheme: "" + tls: + enabled: false + ## @param ldap.uri LDAP URL beginning in the form `ldap[s]://host[:port]/basedn`. If provided, all the other LDAP parameters will be ignored. + ## Ref: https://www.postgresql.org/docs/current/auth-ldap.html + ## + uri: "" +## @param postgresqlDataDir PostgreSQL data dir folder +## +postgresqlDataDir: /bitnami/postgresql/data +## @param postgresqlSharedPreloadLibraries Shared preload libraries (comma-separated list) +## +postgresqlSharedPreloadLibraries: "pgaudit" +## Start PostgreSQL pod(s) without limitations on shm memory. +## By default docker and containerd (and possibly other container runtimes) limit `/dev/shm` to `64M` +## ref: https://github.com/docker-library/postgres/issues/416 +## ref: https://github.com/containerd/containerd/issues/3654 +## +shmVolume: + ## @param shmVolume.enabled Enable emptyDir volume for /dev/shm for PostgreSQL pod(s) + ## + enabled: true + ## @param shmVolume.sizeLimit Set this to enable a size limit on the shm tmpfs + ## Note: the size of the tmpfs counts against container's memory limit + ## e.g: + ## sizeLimit: 1Gi + ## + sizeLimit: "" +## TLS configuration +## +tls: + ## @param tls.enabled Enable TLS traffic support + ## + enabled: false + ## @param tls.autoGenerated Generate automatically self-signed TLS certificates + ## + autoGenerated: false + ## @param tls.preferServerCiphers Whether to use the server's TLS cipher preferences rather than the client's + ## + preferServerCiphers: true + ## @param tls.certificatesSecret Name of an existing secret that contains the certificates + ## + certificatesSecret: "" + ## @param tls.certFilename Certificate filename + ## + certFilename: "" + ## @param tls.certKeyFilename Certificate key filename + ## + certKeyFilename: "" + ## @param tls.certCAFilename CA Certificate filename + ## If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate + ## ref: https://www.postgresql.org/docs/9.6/auth-methods.html + ## + certCAFilename: "" + ## @param tls.crlFilename File containing a Certificate Revocation List + ## + crlFilename: "" + +## @section PostgreSQL Primary parameters +## +primary: + ## @param primary.name Name of the primary database (eg primary, master, leader, ...) + ## + name: primary + ## @param primary.configuration PostgreSQL Primary main configuration to be injected as ConfigMap + ## ref: https://www.postgresql.org/docs/current/static/runtime-config.html + ## + configuration: "" + ## @param primary.pgHbaConfiguration PostgreSQL Primary client authentication configuration + ## ref: https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html + ## e.g:# + ## pgHbaConfiguration: |- + ## local all all trust + ## host all all localhost trust + ## host mydatabase mysuser 192.168.0.0/24 md5 + ## + pgHbaConfiguration: "" + ## @param primary.existingConfigmap Name of an existing ConfigMap with PostgreSQL Primary configuration + ## NOTE: `primary.configuration` and `primary.pgHbaConfiguration` will be ignored + ## + existingConfigmap: "" + ## @param primary.extendedConfiguration Extended PostgreSQL Primary configuration (appended to main or default configuration) + ## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf + ## + extendedConfiguration: "" + ## @param primary.existingExtendedConfigmap Name of an existing ConfigMap with PostgreSQL Primary extended configuration + ## NOTE: `primary.extendedConfiguration` will be ignored + ## + existingExtendedConfigmap: "" + ## Initdb configuration + ## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#specifying-initdb-arguments + ## + initdb: + ## @param primary.initdb.args PostgreSQL initdb extra arguments + ## + args: "" + ## @param primary.initdb.postgresqlWalDir Specify a custom location for the PostgreSQL transaction log + ## + postgresqlWalDir: "" + ## @param primary.initdb.scripts Dictionary of initdb scripts + ## Specify dictionary of scripts to be run at first boot + ## e.g: + ## scripts: + ## my_init_script.sh: | + ## #!/bin/sh + ## echo "Do something." + ## + scripts: {} + ## @param primary.initdb.scriptsConfigMap ConfigMap with scripts to be run at first boot + ## NOTE: This will override `primary.initdb.scripts` + ## + scriptsConfigMap: "" + ## @param primary.initdb.scriptsSecret Secret with scripts to be run at first boot (in case it contains sensitive information) + ## NOTE: This can work along `primary.initdb.scripts` or `primary.initdb.scriptsConfigMap` + ## + scriptsSecret: "" + ## @param primary.initdb.user Specify the PostgreSQL username to execute the initdb scripts + ## + user: "" + ## @param primary.initdb.password Specify the PostgreSQL password to execute the initdb scripts + ## + password: "" + ## Configure current cluster's primary server to be the standby server in other cluster. + ## This will allow cross cluster replication and provide cross cluster high availability. + ## You will need to configure pgHbaConfiguration if you want to enable this feature with local cluster replication enabled. + ## @param primary.standby.enabled Whether to enable current cluster's primary as standby server of another cluster or not + ## @param primary.standby.primaryHost The Host of replication primary in the other cluster + ## @param primary.standby.primaryPort The Port of replication primary in the other cluster + ## + standby: + enabled: false + primaryHost: "" + primaryPort: "" + ## @param primary.extraEnvVars Array with extra environment variables to add to PostgreSQL Primary nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param primary.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for PostgreSQL Primary nodes + ## + extraEnvVarsCM: "" + ## @param primary.extraEnvVarsSecret Name of existing Secret containing extra env vars for PostgreSQL Primary nodes + ## + extraEnvVarsSecret: "" + ## @param primary.command Override default container command (useful when using custom images) + ## + command: [] + ## @param primary.args Override default container args (useful when using custom images) + ## + args: [] + ## Configure extra options for PostgreSQL Primary containers' liveness, readiness and startup probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes + ## @param primary.livenessProbe.enabled Enable livenessProbe on PostgreSQL Primary containers + ## @param primary.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param primary.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param primary.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param primary.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param primary.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## @param primary.readinessProbe.enabled Enable readinessProbe on PostgreSQL Primary containers + ## @param primary.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param primary.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param primary.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param primary.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param primary.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## @param primary.startupProbe.enabled Enable startupProbe on PostgreSQL Primary containers + ## @param primary.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param primary.startupProbe.periodSeconds Period seconds for startupProbe + ## @param primary.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param primary.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param primary.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + ## @param primary.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param primary.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param primary.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param primary.lifecycleHooks for the PostgreSQL Primary container to automate configuration before or after startup + ## + lifecycleHooks: {} + ## PostgreSQL Primary resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param primary.resources.limits The resources limits for the PostgreSQL Primary containers + ## @param primary.resources.requests.memory The requested memory for the PostgreSQL Primary containers + ## @param primary.resources.requests.cpu The requested cpu for the PostgreSQL Primary containers + ## + resources: + limits: {} + requests: + memory: 256Mi + cpu: 250m + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param primary.podSecurityContext.enabled Enable security context + ## @param primary.podSecurityContext.fsGroup Group ID for the pod + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param primary.containerSecurityContext.enabled Enable container security context + ## @param primary.containerSecurityContext.runAsUser User ID for the container + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + ## @param primary.hostAliases PostgreSQL primary pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param primary.hostNetwork Specify if host network should be enabled for PostgreSQL pod (postgresql primary) + ## + hostNetwork: false + ## @param primary.hostIPC Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) + ## + hostIPC: false + ## @param primary.labels Map of labels to add to the statefulset (postgresql primary) + ## + labels: {} + ## @param primary.annotations Annotations for PostgreSQL primary pods + ## + annotations: {} + ## @param primary.podLabels Map of labels to add to the pods (postgresql primary) + ## + podLabels: {} + ## @param primary.podAnnotations Map of annotations to add to the pods (postgresql primary) + ## + podAnnotations: {} + ## @param primary.podAffinityPreset PostgreSQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param primary.podAntiAffinityPreset PostgreSQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## PostgreSQL Primary node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param primary.nodeAffinityPreset.type PostgreSQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param primary.nodeAffinityPreset.key PostgreSQL primary node label key to match Ignored if `primary.affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param primary.nodeAffinityPreset.values PostgreSQL primary node label values to match. Ignored if `primary.affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param primary.affinity Affinity for PostgreSQL primary pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: primary.podAffinityPreset, primary.podAntiAffinityPreset, and primary.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param primary.nodeSelector Node labels for PostgreSQL primary pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param primary.tolerations Tolerations for PostgreSQL primary pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param primary.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: [] + ## @param primary.priorityClassName Priority Class to use for each pod (postgresql primary) + ## + priorityClassName: "" + ## @param primary.schedulerName Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param primary.terminationGracePeriodSeconds Seconds PostgreSQL primary pod needs to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + ## + terminationGracePeriodSeconds: "" + ## @param primary.updateStrategy.type PostgreSQL Primary statefulset strategy type + ## @param primary.updateStrategy.rollingUpdate PostgreSQL Primary statefulset rolling update configuration parameters + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + type: RollingUpdate + rollingUpdate: {} + ## @param primary.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the PostgreSQL Primary container(s) + ## + extraVolumeMounts: [] + ## @param primary.extraVolumes Optionally specify extra list of additional volumes for the PostgreSQL Primary pod(s) + ## + extraVolumes: [] + ## @param primary.sidecars Add additional sidecar containers to the PostgreSQL Primary pod(s) + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param primary.initContainers Add additional init containers to the PostgreSQL Primary pod(s) + ## Example + ## + ## initContainers: + ## - name: do-something + ## image: busybox + ## command: ['do', 'something'] + ## + initContainers: [] + ## @param primary.extraPodSpec Optionally specify extra PodSpec for the PostgreSQL Primary pod(s) + ## + extraPodSpec: {} + ## PostgreSQL Primary service configuration + ## + service: + ## @param primary.service.type Kubernetes Service type + ## + type: ClusterIP + ## @param primary.service.ports.postgresql PostgreSQL service port + ## + ports: + postgresql: 5432 + ## Node ports to expose + ## NOTE: choose port between <30000-32767> + ## @param primary.service.nodePorts.postgresql Node port for PostgreSQL + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + postgresql: "" + ## @param primary.service.clusterIP Static clusterIP or None for headless services + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param primary.service.annotations Annotations for PostgreSQL primary service + ## + annotations: {} + ## @param primary.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` + ## Set the LoadBalancer service type to internal only + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param primary.service.externalTrafficPolicy Enable client source IP preservation + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param primary.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param primary.service.extraPorts Extra ports to expose in the PostgreSQL primary service + ## + extraPorts: [] + ## @param primary.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param primary.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## Headless service properties + ## + headless: + ## @param primary.service.headless.annotations Additional custom annotations for headless PostgreSQL primary service + ## + annotations: {} + ## PostgreSQL Primary persistence configuration + ## + persistence: + ## @param primary.persistence.enabled Enable PostgreSQL Primary data persistence using PVC + ## + enabled: true + ## @param primary.persistence.existingClaim Name of an existing PVC to use + ## + existingClaim: "" + ## @param primary.persistence.mountPath The path the volume will be mounted at + ## Note: useful when using custom PostgreSQL images + ## + mountPath: /bitnami/postgresql + ## @param primary.persistence.subPath The subdirectory of the volume to mount to + ## Useful in dev environments and one PV for multiple services + ## + subPath: "" + ## @param primary.persistence.storageClass PVC Storage Class for PostgreSQL Primary data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param primary.persistence.accessModes PVC Access Mode for PostgreSQL volume + ## + accessModes: + - ReadWriteOnce + ## @param primary.persistence.size PVC Storage Request for PostgreSQL volume + ## + size: 8Gi + ## @param primary.persistence.annotations Annotations for the PVC + ## + annotations: {} + ## @param primary.persistence.labels Labels for the PVC + ## + labels: {} + ## @param primary.persistence.selector Selector to match an existing Persistent Volume (this value is evaluated as a template) + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param primary.persistence.dataSource Custom PVC data source + ## + dataSource: {} + +## @section PostgreSQL read only replica parameters (only used when `architecture` is set to `replication`) +## +readReplicas: + ## @param readReplicas.name Name of the read replicas database (eg secondary, slave, ...) + ## + name: read + ## @param readReplicas.replicaCount Number of PostgreSQL read only replicas + ## + replicaCount: 1 + ## @param readReplicas.extendedConfiguration Extended PostgreSQL read only replicas configuration (appended to main or default configuration) + ## ref: https://github.com/bitnami/containers/tree/main/bitnami/postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf + ## + extendedConfiguration: "" + ## @param readReplicas.extraEnvVars Array with extra environment variables to add to PostgreSQL read only nodes + ## e.g: + ## extraEnvVars: + ## - name: FOO + ## value: "bar" + ## + extraEnvVars: [] + ## @param readReplicas.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for PostgreSQL read only nodes + ## + extraEnvVarsCM: "" + ## @param readReplicas.extraEnvVarsSecret Name of existing Secret containing extra env vars for PostgreSQL read only nodes + ## + extraEnvVarsSecret: "" + ## @param readReplicas.command Override default container command (useful when using custom images) + ## + command: [] + ## @param readReplicas.args Override default container args (useful when using custom images) + ## + args: [] + ## Configure extra options for PostgreSQL read only containers' liveness, readiness and startup probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes + ## @param readReplicas.livenessProbe.enabled Enable livenessProbe on PostgreSQL read only containers + ## @param readReplicas.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param readReplicas.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param readReplicas.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param readReplicas.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param readReplicas.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## @param readReplicas.readinessProbe.enabled Enable readinessProbe on PostgreSQL read only containers + ## @param readReplicas.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param readReplicas.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param readReplicas.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param readReplicas.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param readReplicas.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## @param readReplicas.startupProbe.enabled Enable startupProbe on PostgreSQL read only containers + ## @param readReplicas.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param readReplicas.startupProbe.periodSeconds Period seconds for startupProbe + ## @param readReplicas.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param readReplicas.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param readReplicas.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + ## @param readReplicas.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param readReplicas.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param readReplicas.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param readReplicas.lifecycleHooks for the PostgreSQL read only container to automate configuration before or after startup + ## + lifecycleHooks: {} + ## PostgreSQL read only resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param readReplicas.resources.limits The resources limits for the PostgreSQL read only containers + ## @param readReplicas.resources.requests.memory The requested memory for the PostgreSQL read only containers + ## @param readReplicas.resources.requests.cpu The requested cpu for the PostgreSQL read only containers + ## + resources: + limits: {} + requests: + memory: 256Mi + cpu: 250m + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param readReplicas.podSecurityContext.enabled Enable security context + ## @param readReplicas.podSecurityContext.fsGroup Group ID for the pod + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + ## Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## @param readReplicas.containerSecurityContext.enabled Enable container security context + ## @param readReplicas.containerSecurityContext.runAsUser User ID for the container + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + ## @param readReplicas.hostAliases PostgreSQL read only pods host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + ## @param readReplicas.hostNetwork Specify if host network should be enabled for PostgreSQL pod (PostgreSQL read only) + ## + hostNetwork: false + ## @param readReplicas.hostIPC Specify if host IPC should be enabled for PostgreSQL pod (postgresql primary) + ## + hostIPC: false + ## @param readReplicas.labels Map of labels to add to the statefulset (PostgreSQL read only) + ## + labels: {} + ## @param readReplicas.annotations Annotations for PostgreSQL read only pods + ## + annotations: {} + ## @param readReplicas.podLabels Map of labels to add to the pods (PostgreSQL read only) + ## + podLabels: {} + ## @param readReplicas.podAnnotations Map of annotations to add to the pods (PostgreSQL read only) + ## + podAnnotations: {} + ## @param readReplicas.podAffinityPreset PostgreSQL read only pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param readReplicas.podAntiAffinityPreset PostgreSQL read only pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## PostgreSQL read only node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param readReplicas.nodeAffinityPreset.type PostgreSQL read only node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param readReplicas.nodeAffinityPreset.key PostgreSQL read only node label key to match Ignored if `primary.affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param readReplicas.nodeAffinityPreset.values PostgreSQL read only node label values to match. Ignored if `primary.affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param readReplicas.affinity Affinity for PostgreSQL read only pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: primary.podAffinityPreset, primary.podAntiAffinityPreset, and primary.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param readReplicas.nodeSelector Node labels for PostgreSQL read only pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param readReplicas.tolerations Tolerations for PostgreSQL read only pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param readReplicas.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods + ## + topologySpreadConstraints: [] + ## @param readReplicas.priorityClassName Priority Class to use for each pod (PostgreSQL read only) + ## + priorityClassName: "" + ## @param readReplicas.schedulerName Use an alternate scheduler, e.g. "stork". + ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ + ## + schedulerName: "" + ## @param readReplicas.terminationGracePeriodSeconds Seconds PostgreSQL read only pod needs to terminate gracefully + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods + ## + terminationGracePeriodSeconds: "" + ## @param readReplicas.updateStrategy.type PostgreSQL read only statefulset strategy type + ## @param readReplicas.updateStrategy.rollingUpdate PostgreSQL read only statefulset rolling update configuration parameters + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + type: RollingUpdate + rollingUpdate: {} + ## @param readReplicas.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the PostgreSQL read only container(s) + ## + extraVolumeMounts: [] + ## @param readReplicas.extraVolumes Optionally specify extra list of additional volumes for the PostgreSQL read only pod(s) + ## + extraVolumes: [] + ## @param readReplicas.sidecars Add additional sidecar containers to the PostgreSQL read only pod(s) + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + ## @param readReplicas.initContainers Add additional init containers to the PostgreSQL read only pod(s) + ## Example + ## + ## initContainers: + ## - name: do-something + ## image: busybox + ## command: ['do', 'something'] + ## + initContainers: [] + ## @param readReplicas.extraPodSpec Optionally specify extra PodSpec for the PostgreSQL read only pod(s) + ## + extraPodSpec: {} + ## PostgreSQL read only service configuration + ## + service: + ## @param readReplicas.service.type Kubernetes Service type + ## + type: ClusterIP + ## @param readReplicas.service.ports.postgresql PostgreSQL service port + ## + ports: + postgresql: 5432 + ## Node ports to expose + ## NOTE: choose port between <30000-32767> + ## @param readReplicas.service.nodePorts.postgresql Node port for PostgreSQL + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePorts: + postgresql: "" + ## @param readReplicas.service.clusterIP Static clusterIP or None for headless services + ## e.g: + ## clusterIP: None + ## + clusterIP: "" + ## @param readReplicas.service.annotations Annotations for PostgreSQL read only service + ## + annotations: {} + ## @param readReplicas.service.loadBalancerIP Load balancer IP if service type is `LoadBalancer` + ## Set the LoadBalancer service type to internal only + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param readReplicas.service.externalTrafficPolicy Enable client source IP preservation + ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param readReplicas.service.loadBalancerSourceRanges Addresses that are allowed when service is LoadBalancer + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param readReplicas.service.extraPorts Extra ports to expose in the PostgreSQL read only service + ## + extraPorts: [] + ## @param readReplicas.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP" + ## If "ClientIP", consecutive client requests will be directed to the same Pod + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies + ## + sessionAffinity: None + ## @param readReplicas.service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + ## Headless service properties + ## + headless: + ## @param readReplicas.service.headless.annotations Additional custom annotations for headless PostgreSQL read only service + ## + annotations: {} + ## PostgreSQL read only persistence configuration + ## + persistence: + ## @param readReplicas.persistence.enabled Enable PostgreSQL read only data persistence using PVC + ## + enabled: true + ## @param readReplicas.persistence.existingClaim Name of an existing PVC to use + ## + existingClaim: "" + ## @param readReplicas.persistence.mountPath The path the volume will be mounted at + ## Note: useful when using custom PostgreSQL images + ## + mountPath: /bitnami/postgresql + ## @param readReplicas.persistence.subPath The subdirectory of the volume to mount to + ## Useful in dev environments and one PV for multiple services + ## + subPath: "" + ## @param readReplicas.persistence.storageClass PVC Storage Class for PostgreSQL read only data volume + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param readReplicas.persistence.accessModes PVC Access Mode for PostgreSQL volume + ## + accessModes: + - ReadWriteOnce + ## @param readReplicas.persistence.size PVC Storage Request for PostgreSQL volume + ## + size: 8Gi + ## @param readReplicas.persistence.annotations Annotations for the PVC + ## + annotations: {} + ## @param readReplicas.persistence.labels Labels for the PVC + ## + labels: {} + ## @param readReplicas.persistence.selector Selector to match an existing Persistent Volume (this value is evaluated as a template) + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + ## @param readReplicas.persistence.dataSource Custom PVC data source + ## + dataSource: {} + +## @section NetworkPolicy parameters +## + +## Add networkpolicies +## +networkPolicy: + ## @param networkPolicy.enabled Enable network policies + ## + enabled: false + ## @param networkPolicy.metrics.enabled Enable network policies for metrics (prometheus) + ## @param networkPolicy.metrics.namespaceSelector [object] Monitoring namespace selector labels. These labels will be used to identify the prometheus' namespace. + ## @param networkPolicy.metrics.podSelector [object] Monitoring pod selector labels. These labels will be used to identify the Prometheus pods. + ## + metrics: + enabled: false + ## e.g: + ## namespaceSelector: + ## label: monitoring + ## + namespaceSelector: {} + ## e.g: + ## podSelector: + ## label: monitoring + ## + podSelector: {} + ## Ingress Rules + ## + ingressRules: + ## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.enabled Enable ingress rule that makes PostgreSQL primary node only accessible from a particular origin. + ## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.namespaceSelector [object] Namespace selector label that is allowed to access the PostgreSQL primary node. This label will be used to identified the allowed namespace(s). + ## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.podSelector [object] Pods selector label that is allowed to access the PostgreSQL primary node. This label will be used to identified the allowed pod(s). + ## @param networkPolicy.ingressRules.primaryAccessOnlyFrom.customRules [object] Custom network policy for the PostgreSQL primary node. + ## + primaryAccessOnlyFrom: + enabled: false + ## e.g: + ## namespaceSelector: + ## label: ingress + ## + namespaceSelector: {} + ## e.g: + ## podSelector: + ## label: access + ## + podSelector: {} + ## custom ingress rules + ## e.g: + ## customRules: + ## - from: + ## - namespaceSelector: + ## matchLabels: + ## label: example + ## + customRules: {} + ## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.enabled Enable ingress rule that makes PostgreSQL read-only nodes only accessible from a particular origin. + ## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.namespaceSelector [object] Namespace selector label that is allowed to access the PostgreSQL read-only nodes. This label will be used to identified the allowed namespace(s). + ## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.podSelector [object] Pods selector label that is allowed to access the PostgreSQL read-only nodes. This label will be used to identified the allowed pod(s). + ## @param networkPolicy.ingressRules.readReplicasAccessOnlyFrom.customRules [object] Custom network policy for the PostgreSQL read-only nodes. + ## + readReplicasAccessOnlyFrom: + enabled: false + ## e.g: + ## namespaceSelector: + ## label: ingress + ## + namespaceSelector: {} + ## e.g: + ## podSelector: + ## label: access + ## + podSelector: {} + ## custom ingress rules + ## e.g: + ## CustomRules: + ## - from: + ## - namespaceSelector: + ## matchLabels: + ## label: example + ## + customRules: {} + ## @param networkPolicy.egressRules.denyConnectionsToExternal Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53). + ## @param networkPolicy.egressRules.customRules [object] Custom network policy rule + ## + egressRules: + # Deny connections to external. This is not compatible with an external database. + denyConnectionsToExternal: false + ## Additional custom egress rules + ## e.g: + ## customRules: + ## - to: + ## - namespaceSelector: + ## matchLabels: + ## label: example + ## + customRules: {} + +## @section Volume Permissions parameters +## + +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each node +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume + ## + enabled: false + ## @param volumePermissions.image.registry Init container volume-permissions image registry + ## @param volumePermissions.image.repository Init container volume-permissions image repository + ## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended) + ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy + ## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets + ## + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: 11-debian-11-r106 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param volumePermissions.resources.limits Init container volume-permissions resource limits + ## @param volumePermissions.resources.requests Init container volume-permissions resource requests + ## + resources: + limits: {} + requests: {} + ## Init container' Security Context + ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser + ## and not the below volumePermissions.containerSecurityContext.runAsUser + ## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container + ## + containerSecurityContext: + runAsUser: 0 + +## @section Other Parameters +## + +## @param serviceBindings.enabled Create secret for service binding (Experimental) +## Ref: https://servicebinding.io/service-provider/ +## +serviceBindings: + enabled: false + +## Service account for PostgreSQL to use. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## @param serviceAccount.create Enable creation of ServiceAccount for PostgreSQL pod + ## + create: false + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created + ## Can be set to false if pods using this serviceAccount do not need to use K8s API + ## + automountServiceAccountToken: true + ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount + ## + annotations: {} +## Creates role for ServiceAccount +## @param rbac.create Create Role and RoleBinding (required for PSP to work) +## +rbac: + create: false + ## @param rbac.rules Custom RBAC rules to set + ## e.g: + ## rules: + ## - apiGroups: + ## - "" + ## resources: + ## - pods + ## verbs: + ## - get + ## - list + ## + rules: [] +## Pod Security Policy +## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## @param psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later +## +psp: + create: false + +## @section Metrics Parameters +## + +metrics: + ## @param metrics.enabled Start a prometheus exporter + ## + enabled: false + ## @param metrics.image.registry PostgreSQL Prometheus Exporter image registry + ## @param metrics.image.repository PostgreSQL Prometheus Exporter image repository + ## @param metrics.image.tag PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) + ## @param metrics.image.digest PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag + ## @param metrics.image.pullPolicy PostgreSQL Prometheus Exporter image pull policy + ## @param metrics.image.pullSecrets Specify image pull secrets + ## + image: + registry: docker.io + repository: bitnami/postgres-exporter + tag: 0.12.0-debian-11-r77 + digest: "" + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param metrics.customMetrics Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + ## customMetrics: + ## pg_database: + ## query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + ## metrics: + ## - name: + ## usage: "LABEL" + ## description: "Name of the database" + ## - size_bytes: + ## usage: "GAUGE" + ## description: "Size of the database in bytes" + ## + customMetrics: {} + ## @param metrics.extraEnvVars Extra environment variables to add to PostgreSQL Prometheus exporter + ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables + ## For example: + ## extraEnvVars: + ## - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS + ## value: "true" + ## + extraEnvVars: [] + ## PostgreSQL Prometheus exporter containers' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param metrics.containerSecurityContext.enabled Enable PostgreSQL Prometheus exporter containers' Security Context + ## @param metrics.containerSecurityContext.runAsUser Set PostgreSQL Prometheus exporter containers' Security Context runAsUser + ## @param metrics.containerSecurityContext.runAsNonRoot Set PostgreSQL Prometheus exporter containers' Security Context runAsNonRoot + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + ## Configure extra options for PostgreSQL Prometheus exporter containers' liveness, readiness and startup probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes + ## @param metrics.livenessProbe.enabled Enable livenessProbe on PostgreSQL Prometheus exporter containers + ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## @param metrics.readinessProbe.enabled Enable readinessProbe on PostgreSQL Prometheus exporter containers + ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + ## @param metrics.startupProbe.enabled Enable startupProbe on PostgreSQL Prometheus exporter containers + ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe + ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe + ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe + ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe + ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe + ## + startupProbe: + enabled: false + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 + ## @param metrics.customLivenessProbe Custom livenessProbe that overrides the default one + ## + customLivenessProbe: {} + ## @param metrics.customReadinessProbe Custom readinessProbe that overrides the default one + ## + customReadinessProbe: {} + ## @param metrics.customStartupProbe Custom startupProbe that overrides the default one + ## + customStartupProbe: {} + ## @param metrics.containerPorts.metrics PostgreSQL Prometheus exporter metrics container port + ## + containerPorts: + metrics: 9187 + ## PostgreSQL Prometheus exporter resource requests and limits + ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## @param metrics.resources.limits The resources limits for the PostgreSQL Prometheus exporter container + ## @param metrics.resources.requests The requested resources for the PostgreSQL Prometheus exporter container + ## + resources: + limits: {} + requests: {} + ## Service configuration + ## + service: + ## @param metrics.service.ports.metrics PostgreSQL Prometheus Exporter service port + ## + ports: + metrics: 9187 + ## @param metrics.service.clusterIP Static clusterIP or None for headless services + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#choosing-your-own-ip-address + ## + clusterIP: "" + ## @param metrics.service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param metrics.service.annotations [object] Annotations for Prometheus to auto-discover the metrics endpoint + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}" + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace for the ServiceMonitor Resource (defaults to the Release Namespace) + ## + namespace: "" + ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.labels Additional labels that can be used so ServiceMonitor will be discovered by Prometheus + ## + labels: {} + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration + ## + selector: {} + ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping + ## + relabelings: [] + ## @param metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. + ## + jobLabel: "" + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + ## @param metrics.prometheusRule.enabled Create a PrometheusRule for Prometheus Operator + ## + enabled: false + ## @param metrics.prometheusRule.namespace Namespace for the PrometheusRule Resource (defaults to the Release Namespace) + ## + namespace: "" + ## @param metrics.prometheusRule.labels Additional labels that can be used so PrometheusRule will be discovered by Prometheus + ## + labels: {} + ## @param metrics.prometheusRule.rules PrometheusRule definitions + ## Make sure to constraint the rules to the current postgresql service. + ## rules: + ## - alert: HugeReplicationLag + ## expr: pg_replication_lag{service="{{ printf "%s-metrics" (include "common.names.fullname" .) }}"} / 3600 > 1 + ## for: 1m + ## labels: + ## severity: critical + ## annotations: + ## description: replication for {{ include "common.names.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). + ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). + ## + rules: [] diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/appsec.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/appsec.yaml index c2eb2eb..ceebe86 100644 --- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/appsec.yaml +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/appsec.yaml @@ -142,6 +142,8 @@ spec: value: {{ .Values.appsec.storage.name }}-svc - name: LEARNING_HOST value: {{ .Values.appsec.learning.name }}-svc + - name: TUNING_HOST + value: {{ .Values.appsec.tuning.name }}-svc {{- else }} - name: PLAYGROUND value: "true" diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/clusterrolebinding.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/clusterrolebinding.yaml index 8f91aac..4d921c9 100644 --- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/clusterrolebinding.yaml +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/clusterrolebinding.yaml @@ -16,4 +16,7 @@ subjects: - kind: ServiceAccount name: {{ template "ingress-nginx.serviceAccountName" . }} namespace: {{ include "ingress-nginx.namespace" . }} + - kind: ServiceAccount + name: tuning-svc-account + namespace: {{ .Release.Namespace | quote }} {{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/tuning-deployment.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/tuning-deployment.yaml new file mode 100644 index 0000000..b82cad7 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/tuning-deployment.yaml @@ -0,0 +1,71 @@ +{{- if and (eq "standalone" .Values.appsec.mode) (eq .Values.appsec.playground false) .Values.appsec.tuning.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.appsec.tuning.name }}-deployment + labels: + app: {{ .Values.appsec.tuning.name }}-lbl +spec: + replicas: {{ .Values.appsec.tuning.replicaCount }} + selector: + matchLabels: + app: {{ .Values.appsec.tuning.name }}-lbl + template: + metadata: + labels: + app: {{ .Values.appsec.tuning.name }}-lbl + group: fog-core + spec: + securityContext: + {{- with .Values.appsec.tuning.securityContext }} + fsGroup: {{ .fsGroup }} + runAsGroup: {{ .runAsGroup }} + runAsUser: {{ .runAsUser }} + {{- end }} + serviceAccountName: tuning-svc-account + containers: + - name: {{ .Values.appsec.tuning.name }} + imagePullPolicy: Always + {{- with .Values.appsec.tuning.image }} + image: {{ .registry }}/{{ .image }}:{{ .tag }} + {{- end }} + ports: + - containerPort: {{ .Values.appsec.tuning.port }} + livenessProbe: + failureThreshold: {{ .Values.appsec.tuning.failureThreshold }} + httpGet: + path: /health/live + port: {{ .Values.appsec.tuning.port }} + scheme: HTTP + initialDelaySeconds: {{ .Values.appsec.tuning.initialDelaySeconds }} + periodSeconds: {{ .Values.appsec.tuning.periodSeconds }} + timeoutSeconds: {{ .Values.appsec.tuning.timeoutSeconds }} + readinessProbe: + failureThreshold: {{ .Values.appsec.tuning.failureThreshold }} + httpGet: + path: /health/ready + port: {{ .Values.appsec.tuning.port }} + scheme: HTTP + initialDelaySeconds: {{ .Values.appsec.tuning.initialDelaySeconds }} + periodSeconds: {{ .Values.appsec.tuning.periodSeconds }} + successThreshold: {{ .Values.appsec.tuning.successThreshold }} + timeoutSeconds: {{ .Values.appsec.tuning.timeoutSeconds }} + env: + - name: K8S_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MODE + value: "stand-alone" + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.names.fullname" .Subcharts.postgresql }} + key: {{ include "postgresql.adminPasswordKey" .Subcharts.postgresql }} + - name: QUERY_DB_NAME_FMT + value: "postgres://postgres:%s@{{ include "postgresql.primary.fullname" .Subcharts.postgresql }}:5432/i2datatubeschemasecurityeventlogsv03?sslmode=disable" + - name: QUERY_DB_ROOT_FMT + value: "postgres://postgres:%s@{{ include "postgresql.primary.fullname" .Subcharts.postgresql }}:5432/?sslmode=disable" + - name: RP_BASEURL + value: http://{{ .Values.appsec.storage.name }}-svc/api +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/tuning-serviceaccount.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/tuning-serviceaccount.yaml new file mode 100644 index 0000000..abea011 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/tuning-serviceaccount.yaml @@ -0,0 +1,7 @@ +{{- if and .Values.appsec.tuning.serviceAccount.create .Values.appsec.tuning.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tuning-svc-account + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/tuning-svc.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/tuning-svc.yaml new file mode 100644 index 0000000..3c16804 --- /dev/null +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/tuning-svc.yaml @@ -0,0 +1,13 @@ +{{- if and (eq "standalone" .Values.appsec.mode) (eq .Values.appsec.playground false) .Values.appsec.tuning.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.appsec.tuning.name }}-svc +spec: + ports: + - name: "http" + port: 80 + targetPort: {{ .Values.appsec.tuning.port }} + selector: + app: {{ .Values.appsec.tuning.name }}-lbl +{{- end }} diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/values.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/values.yaml index f44b77d..834c504 100644 --- a/build_system/charts/open-appsec-k8s-nginx-ingress/values.yaml +++ b/build_system/charts/open-appsec-k8s-nginx-ingress/values.yaml @@ -26,9 +26,9 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: "v1.9.5" - digest: sha256:b3aba22b1da80e7acfc52b115cae1d4c687172cbf2b742d5b502419c25ff340e - digestChroot: sha256:9a8d7b25a846a6461cd044b9aea9cf6cad972bcf2e64d9fd246c0279979aad2d + tag: "v1.9.6" + digest: sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c + digestChroot: sha256:7eb46ff733429e0e46892903c7394aff149ac6d284d92b3946f3baf7ff26a096 pullPolicy: IfNotPresent runAsNonRoot: true # www-data -> uid 101 @@ -781,8 +781,8 @@ controller: ## for backwards compatibility consider setting the full image url via the repository value below ## use *either* current default registry/image or repository format or installing chart by providing the values.yaml will fail ## repository: - tag: v20231011-8b53cabe0 - digest: sha256:a7943503b45d552785aa3b5e457f169a5661fb94d82b8a3373bcd9ebaf9aac80 + tag: v20231226-1a7112e06 + digest: sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084 pullPolicy: IfNotPresent # -- Provide a priority class name to the webhook patching job ## @@ -1193,6 +1193,27 @@ appsec: image: smartsync-shared-files tag: latest + tuning: + name: open-appsec-tuning + image: + registry: ghcr.io/openappsec + image: smartsync-tuning + tag: 1.1.3 + enabled: false + replicaCount: 1 + securityContext: + fsGroup: 2000 + runAsGroup: 2000 + runAsUser: 1000 + port: 8080 + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 10 + successThreshold: 1 + serviceAccount: + create: true + # -- For nginx vanilla installation use kind Vanilla (no appsec components). # -- For nginx with appsec installation use kind AppSec (default: nginx + appsec without state). # -- For nginx with appsec (statefulset) installation use kind AppSecStateful. diff --git a/build_system/charts/open-appsec-kong/CHANGELOG.md b/build_system/charts/open-appsec-kong/CHANGELOG.md index f4f5c53..bce8df9 100644 --- a/build_system/charts/open-appsec-kong/CHANGELOG.md +++ b/build_system/charts/open-appsec-kong/CHANGELOG.md @@ -1,7 +1,53 @@ # Changelog +## Unreleased + +Nothing yet. + +## 2.35.1 + +### Fixed + +* The plugin helper no longer sets the plugin list when not in use. + [#1002](https://github.com/Kong/charts/pull/1002) + +## 2.35.0 + +### Added + +* Added controller's RBAC rules for `KongVault` CRD (installed only when KIC + version >= 3.1.0). + [#992](https://github.com/Kong/charts/pull/992) + +### Fixed + +* Added a missing `envFrom` render in the main Kong proxy container. + [#994](https://github.com/Kong/charts/pull/994) + +## 2.34.0 + +### Added + +* The `envFrom` and `ingressController.envFrom` values.yaml keys now populate + the container field of the same name. This loads environment variables from + ConfigMap or Secret resource keys in bulk: + https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables + [#987](https://github.com/Kong/charts/pull/987) +* Kong listens now use both IPv4 and IPv6 addresses. + [#986](https://github.com/Kong/charts/pull/986) + +## 2.33.3 + +### Fixed + +* Add RBAC rules for get, list and watch operations on namespaces so that Gateway API + controllers in KIC can access using a cached controller-runtime client. + [#974](https://github.com/Kong/charts/pull/974) + ## 2.33.2 +### Fixed + * Fix a template bug related to the `affinity` field for migrations Pods. [#972](https://github.com/Kong/charts/pull/972) diff --git a/build_system/charts/open-appsec-kong/Chart.yaml b/build_system/charts/open-appsec-kong/Chart.yaml index be441cf..7ec5dba 100644 --- a/build_system/charts/open-appsec-kong/Chart.yaml +++ b/build_system/charts/open-appsec-kong/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.1.3 +appVersion: 1.1.5 dependencies: - condition: postgresql.enabled name: postgresql @@ -14,4 +14,4 @@ maintainers: name: open-appsec-kong sources: - https://github.com/Kong/charts/tree/main/charts/kong -version: 2.33.2 +version: 2.35.1 diff --git a/build_system/charts/open-appsec-kong/README.md b/build_system/charts/open-appsec-kong/README.md index 3c1cdbd..48483e7 100644 --- a/build_system/charts/open-appsec-kong/README.md +++ b/build_system/charts/open-appsec-kong/README.md @@ -613,10 +613,11 @@ directory. | image.effectiveSemver | Semantic version to use for version-dependent features (if `tag` is not a semver) | | | image.pullPolicy | Image pull policy | `IfNotPresent` | | image.pullSecrets | Image pull secrets | `null` | -| replicaCount | Kong instance count. It has no effect when `autoscaling.enabled` is set to true | `1` | +| replicaCount | Kong instance count. It has no effect when `autoscaling.enabled` is set to true | `1` | | plugins | Install custom plugins into Kong via ConfigMaps or Secrets | `{}` | | env | Additional [Kong configurations](https://getkong.org/docs/latest/configuration/) | | -| customEnv | Custom Environment variables without `KONG_` prefix | | +| customEnv | Custom Environment variables without `KONG_` prefix | | +| envFrom | Populate environment variables from ConfigMap or Secret keys | | | migrations.preUpgrade | Run "kong migrations up" jobs | `true` | | migrations.postUpgrade | Run "kong migrations finish" jobs | `true` | | migrations.annotations | Annotations for migration job pods | `{"sidecar.istio.io/inject": "false" | @@ -741,6 +742,7 @@ section of `values.yaml` file: | installCRDs | Legacy toggle for Helm 2-style CRD management. Should not be set [unless necessary due to cluster permissions](#removing-cluster-scoped-permissions). | false | | env | Specify Kong Ingress Controller configuration via environment variables | | | customEnv | Specify custom environment variables (without the CONTROLLER_ prefix) | | +| envFrom | Populate environment variables from ConfigMap or Secret keys | | | ingressClass | The name of this controller's ingressClass | kong | | ingressClassAnnotations | The ingress-class value for controller | kong | | args | List of ingress-controller cli arguments | [] | diff --git a/build_system/charts/open-appsec-kong/ci/.chartsnap.yaml b/build_system/charts/open-appsec-kong/ci/.chartsnap.yaml new file mode 100644 index 0000000..110e0b2 --- /dev/null +++ b/build_system/charts/open-appsec-kong/ci/.chartsnap.yaml @@ -0,0 +1,26 @@ +# It's a configuration file used by helm-chartsnap to ignore dynamically generated fields +# when comparing the chart's snapshot with the rendered chart. +# See https://github.com/jlandowner/helm-chartsnap?tab=readme-ov-file#handling-dynamic-values-. +dynamicFields: + - apiVersion: v1 + kind: Secret + name: chartsnap-postgresql + jsonPath: + - /data/postgres-password + - apiVersion: v1 + kind: Secret + name: chartsnap-kong-validation-webhook-keypair + jsonPath: + - /data/tls.crt + - /data/tls.key + - apiVersion: v1 + kind: Secret + name: chartsnap-kong-validation-webhook-ca-keypair + jsonPath: + - /data/tls.crt + - /data/tls.key + - apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + name: chartsnap-kong-validations + jsonPath: + - /webhooks/0/clientConfig/caBundle diff --git a/build_system/charts/open-appsec-kong/ci/__snapshots__/admin-api-service-clusterip-values.snap b/build_system/charts/open-appsec-kong/ci/__snapshots__/admin-api-service-clusterip-values.snap new file mode 100644 index 0000000..e4a642b --- /dev/null +++ b/build_system/charts/open-appsec-kong/ci/__snapshots__/admin-api-service-clusterip-values.snap @@ -0,0 +1,371 @@ +[admin-api-service-clusterip-values] +SnapShot = """ +- object: + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: + metadata: + annotations: + checksum/dbless.config: 626be043e4a43b0d55af934d06216254abe132b29af82450379439ecd927219a + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: \"\" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + version: \"3.5\" + spec: + automountServiceAccountToken: false + containers: + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 0.0.0.0:8444 http2 ssl, [::]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_DECLARATIVE_CONFIG + value: /kong_dbless/kong.yml + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + - name: KONG_NGINX_DAEMON + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8444 + name: admin-tls + protocol: TCP + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + - mountPath: /kong_dbless/ + name: kong-custom-dbless-config-volume + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 0.0.0.0:8444 http2 ssl, [::]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_DECLARATIVE_CONFIG + value: /kong_dbless/kong.yml + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + - mountPath: /kong_dbless/ + name: kong-custom-dbless-config-volume + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + name: chartsnap-kong-custom-dbless-config + name: kong-custom-dbless-config-volume +- object: + apiVersion: v1 + data: + kong.yml: | + _format_version: \"1.1\" + services: + - name: example.com + url: http://example.com + routes: + - name: example + paths: + - \"/example\" + kind: ConfigMap + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-custom-dbless-config + namespace: default +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-admin + namespace: default + spec: + ports: + - name: kong-admin-tls + port: 8444 + protocol: TCP + targetPort: 8444 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: ClusterIP +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-manager + namespace: default + spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + enable-metrics: \"true\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-proxy + namespace: default + spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +- object: + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default +""" diff --git a/build_system/charts/open-appsec-kong/ci/__snapshots__/custom-labels-values.snap b/build_system/charts/open-appsec-kong/ci/__snapshots__/custom-labels-values.snap new file mode 100644 index 0000000..48a17cc --- /dev/null +++ b/build_system/charts/open-appsec-kong/ci/__snapshots__/custom-labels-values.snap @@ -0,0 +1,888 @@ +[custom-labels-values] +SnapShot = """ +- object: + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validations + namespace: default + webhooks: + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - \"\" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None +- object: + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: \"\" + labels: + acme.com/some-key: some-value + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + version: \"3.5\" + spec: + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: \"true\" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + image: kong/kubernetes-ingress-controller:3.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook + protocol: TCP + - containerPort: 10255 + name: cmetrics + protocol: TCP + - containerPort: 10254 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-kong-token + readOnly: true + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + - name: KONG_NGINX_DAEMON + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong + subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + rules: + - apiGroups: + - \"\" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - \"\" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - \"\" + resources: + - configmaps + verbs: + - create + - apiGroups: + - \"\" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong + subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-manager + namespace: default + spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + enable-metrics: \"true\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-proxy + namespace: default + spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook + namespace: default + spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + acme.com/some-key: some-value + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 +- object: + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + acme.com/some-key: some-value + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default +""" diff --git a/build_system/charts/open-appsec-kong/ci/__snapshots__/default-values.snap b/build_system/charts/open-appsec-kong/ci/__snapshots__/default-values.snap new file mode 100644 index 0000000..4a3009a --- /dev/null +++ b/build_system/charts/open-appsec-kong/ci/__snapshots__/default-values.snap @@ -0,0 +1,880 @@ +[default-values] +SnapShot = """ +- object: + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validations + namespace: default + webhooks: + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - \"\" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None +- object: + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: \"\" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + version: \"3.5\" + spec: + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ANONYMOUS_REPORTS + value: \"false\" + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: \"true\" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + image: kong/kubernetes-ingress-controller:3.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook + protocol: TCP + - containerPort: 10255 + name: cmetrics + protocol: TCP + - containerPort: 10254 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-kong-token + readOnly: true + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + - name: KONG_NGINX_DAEMON + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong + subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + rules: + - apiGroups: + - \"\" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - \"\" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - \"\" + resources: + - configmaps + verbs: + - create + - apiGroups: + - \"\" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong + subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-manager + namespace: default + spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + enable-metrics: \"true\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-proxy + namespace: default + spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook + namespace: default + spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 +- object: + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default +""" diff --git a/build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-1-values.snap b/build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-1-values.snap new file mode 100644 index 0000000..7ffab2b --- /dev/null +++ b/build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-1-values.snap @@ -0,0 +1,909 @@ +[kong-ingress-1-values] +SnapShot = """ +- object: + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validations + namespace: default + webhooks: + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - \"\" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None +- object: + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: \"\" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + version: \"3.5\" + spec: + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: \"true\" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + image: kong/kubernetes-ingress-controller:3.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook + protocol: TCP + - containerPort: 10255 + name: cmetrics + protocol: TCP + - containerPort: 10254 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-kong-token + readOnly: true + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + - name: KONG_NGINX_DAEMON + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +- object: + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-proxy + namespace: default + spec: + rules: + - http: + paths: + - backend: + service: + name: chartsnap-kong-proxy + port: + number: 443 + path: / + pathType: ImplementationSpecific + tls: + - hosts: null + secretName: kong.proxy.example.secret +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong + subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + rules: + - apiGroups: + - \"\" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - \"\" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - \"\" + resources: + - configmaps + verbs: + - create + - apiGroups: + - \"\" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong + subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoakNDQW00Q0NRQ0tyTDdSS1Y0NTBEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmhERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhHekFaCkJnTlZCQU1NRW5CeWIzaDVMbXR2Ym1jdVpYaGhiWEJzWlRBZUZ3MHlNekEyTWprd09ERTBNekJhRncwek16QTIKTWpZd09ERTBNekJhTUlHRU1Rc3dDUVlEVlFRR0V3SllXREVTTUJBR0ExVUVDQXdKVTNSaGRHVk9ZVzFsTVJFdwpEd1lEVlFRSERBaERhWFI1VG1GdFpURVVNQklHQTFVRUNnd0xRMjl0Y0dGdWVVNWhiV1V4R3pBWkJnTlZCQXNNCkVrTnZiWEJoYm5sVFpXTjBhVzl1VG1GdFpURWJNQmtHQTFVRUF3d1NjSEp2ZUhrdWEyOXVaeTVsZUdGdGNHeGwKTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE4Wmd4czI1RXdtaXRsRG1HMitWVwpscUZ4R3lkVHU2dWlCVldFZjNoV0h2R3YvUWpYZHBBWXlkc3ZpNS92b1FtcjNUeVJBb3VaR1lCR3RuVEF0cU5rCnFLUmFVaWppVlN3TTNzeUl1cHluMlRjSjk1N2RLUCtUYTRaL0VNUlRwSCtya1psV01LNVYrNUszTmFIL21leDUKVWRRWkl4WUxNM0xIM0t0cmt2OWZRNlhSZ2dkeXo0MEt2YUV6SW1scEVoQnBoS0g5UWJiL3RFRE0vdFFqbC9FUApmbUF5M2Y5WE1uRDNSeFY3TnFrZktpUjNXZ1JDMnFyNWtPbXlJTGp1YWxERk1Zb3lDZUlmSnd1WmVDaEpGb3ZHClFKUFY2WU9xTG5aRWN3MU9BaVBXQnMycXVmWmlsNXplekRDZUFGZDV3eXVrS1dPZ3pTZ3Q2VzZvN2FBRTBDK3YKclFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNGZHhFOFVsMVorcWxBbW1lTk5BdlAyZVVxSElTbQpHWXZidzdGdW82bXNJY3V3cjZKeENBWjIwako5UkphalMzWS9TS3BteXM2OXZxU21ic25oeUJzc01mL1ZtenFSClBVLzVkUUZiblNybUJqMnFBNWxtRCtENDVLUEtrTjc1V21NeDRQWkZseEw3WHVLYnZhYVZBUjFFUmRNZy90NisKUXpPV3BVWVZrcFJnQmlxTDBTTjhvTStOTjdScGFESFNkZjlTY1FtUmhNVklNNDdVZ1ZXNWhta21mQjBkUTFhQQo5NWdTQ3E0cGVwUFRzY3NsbVBzM0lOck5BTk45KytyMnM1bXRTWnp5VktRU0cwRjQ0Y1puWjdTdkdTVFJORDlUCnRKVzNTcko3elBwS0JqWi9qVDRRVnpBdGtHN3FSV2ZhYnlWTmVrK29wMTgwSVY5Um9IR1JDU0kyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRHhtREd6YmtUQ2FLMlUKT1liYjVWYVdvWEViSjFPN3E2SUZWWVIvZUZZZThhLzlDTmQya0JqSjJ5K0xuKytoQ2F2ZFBKRUNpNWtaZ0VhMgpkTUMybzJTb3BGcFNLT0pWTEF6ZXpJaTZuS2ZaTnduM250MG8vNU5yaG44UXhGT2tmNnVSbVZZd3JsWDdrcmMxCm9mK1o3SGxSMUJrakZnc3pjc2ZjcTJ1Uy8xOURwZEdDQjNMUGpRcTlvVE1pYVdrU0VHbUVvZjFCdHYrMFFNeisKMUNPWDhROStZRExkLzFjeWNQZEhGWHMycVI4cUpIZGFCRUxhcXZtUTZiSWd1TzVxVU1VeGlqSUo0aDhuQzVsNApLRWtXaThaQWs5WHBnNm91ZGtSekRVNENJOVlHemFxNTltS1huTjdNTUo0QVYzbkRLNlFwWTZETktDM3BicWp0Cm9BVFFMNit0QWdNQkFBRUNnZ0VCQUs3N1I0d3BJcDRZU1JoaGJoN1loWldHQ3JEYkZCZUtZVWd4djB5LzhNaHEKenNlYlhzdGQ1TVpXL2FISVRqdzZFQU9tT1hVNWZNTHVtTWpQMlVDdktWbkg2QzgzczI1ekFFTmlxdWxXUzIvVgpJRi83N1Qwamx6ZTY2MDlPa3pKQzBoWWJsRVNnRUdDc3pBdUpjT0tnVnVLQWwxQkZTQW1VYWRPWFNNdm9NS3lDCkJlekZaVEhOcGRWQ2xwUHVLNGQrWFJJZ1hHWS84RzNmWlFXRWNjV2tTYmRjQUlLdVYvWktHQ0IyT2dXS1VzSHgKTStscEw1TTZ3aXdYOEFNdUVWVHJsMWNwKzAzTjdOaUYwMFpYdCszZzVZUkJmRitYWjZ1b3hmbENQZ3VHdzh6bgpvN2tFRVNKZ2YycHZyZWYveHBjSVFSM090aHZjSzR5RldOcndPbExHQk9FQ2dZRUErNmJBREF0bDAvRlpzV08zCnVvNlBRNXZTL0tqbS9XaUkzeUo5TUdLNzQxTFZpMlRMUGpVZ092SDdkZUVjNVJjUmoxV1Nna3d1bUdzZWE2WkQKWXRWSTRZTDdMM1NUQ3JyZUNFTDRhOUJPcFB0azcxWWw3TmhxZktEaXhzU1FnNmt4dDJ1TlYvZXNSQ1JPeENoWgp5bk9JTmkvN3lOeFpVek4zcndyVjBCMUFNYVVDZ1lFQTljVDBZNkJWRHZLdFFaV1gvR1REZ2pUUzN6QWlPWmFNCjVFM3NleHh6MXY4eDF0N3JvWDV3aHNaVjlzQ05nNlJaNjIyT3hJejhHQnVvMnU1M2h2WFJabmdDaG1PcHYwRjgKcm5STWFNR0tIeGN2TmNrVUZUMW9TdDJCeEhNT1FNZTM2cERVTnZ0S3pvNGJoakpVUU94Mm14RU9TNERscm4rMApRU3FqVFpyWGwya0NnWUJ1UmIyMkNYQ1BsUjBHbkhtd0tEUWpIaTh3UkJza1JDQm1Gc2pnNFFNUU5BWWJWUW15CnNyankyNEtqUHdmWVkybHdjOEVGazdoL1ZjRTR6dHlNZklXNVBCb3h5MVY3eURMdlQ5bG45Um5oTmNBZkdKTDUKM0VPZFpTcTZpdndBbGEyUmdIR3BjSUJ1UTdLNFJpNUNocW5UaE9kQ056eDFOd0psRTh4cHE4ZXJlUUtCZ1FEeQppV3B3UXRLT0ROa0VCdi9WT1E5am1JT2RjOS9pbXZyeGR5RHZvWFdENzVXY3FhTTVYUkRwUUNPbmZnQnBzREI0CjBFWjdHM0xReThNSVF4czcyYXpMaFpWZ1VFdzlEUUJoSFM0bWx4Q2FmQU8vL1c3UFF5bC84RGJXeW9CL1YxamQKcUExMU1PcHpDdlNJcTNSUUdjczJYaytRSFdVTW5zUWhKMVcvQ1JiSE9RS0JnRTVQZ0hrbW1PY1VXZkJBZUtzTApvb2FNNzBINVN1YUNYN1Y1enBhM3hFMW5WVWMxend5aldOdkdWbTA5WkpEOFFMR1ZDV2U0R1o5R1NvV2tqSUMvCklFKzA0M29kUERuL2JwSDlTMDF2a0s1ZDRJSGc3QUcwWXI5SW1zS0paT0djT1dmdUdKSlZ5em1CRXhaSU9pbnoKVFFuaFdhZWs0NE1hdVJYOC9pRjZyZWorCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + kind: Secret + metadata: + name: kong.proxy.example.secret + type: kubernetes.io/tls +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-manager + namespace: default + spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + enable-metrics: \"true\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-proxy + namespace: default + spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook + namespace: default + spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 +- object: + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default +""" diff --git a/build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-2-values.snap b/build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-2-values.snap new file mode 100644 index 0000000..80ae782 --- /dev/null +++ b/build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-2-values.snap @@ -0,0 +1,911 @@ +[kong-ingress-2-values] +SnapShot = """ +- object: + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validations + namespace: default + webhooks: + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - \"\" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None +- object: + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: \"\" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + version: \"3.5\" + spec: + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: \"true\" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + image: kong/kubernetes-ingress-controller:3.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook + protocol: TCP + - containerPort: 10255 + name: cmetrics + protocol: TCP + - containerPort: 10254 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-kong-token + readOnly: true + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + - name: KONG_NGINX_DAEMON + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +- object: + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-proxy + namespace: default + spec: + rules: + - host: proxy.kong.example + http: + paths: + - backend: + service: + name: chartsnap-kong-proxy + port: + number: 443 + path: / + pathType: ImplementationSpecific + tls: + - hosts: + - proxy.kong.example + secretName: kong.proxy.example.secret +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong + subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + rules: + - apiGroups: + - \"\" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - \"\" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - \"\" + resources: + - configmaps + verbs: + - create + - apiGroups: + - \"\" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong + subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoakNDQW00Q0NRQ0tyTDdSS1Y0NTBEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmhERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhHekFaCkJnTlZCQU1NRW5CeWIzaDVMbXR2Ym1jdVpYaGhiWEJzWlRBZUZ3MHlNekEyTWprd09ERTBNekJhRncwek16QTIKTWpZd09ERTBNekJhTUlHRU1Rc3dDUVlEVlFRR0V3SllXREVTTUJBR0ExVUVDQXdKVTNSaGRHVk9ZVzFsTVJFdwpEd1lEVlFRSERBaERhWFI1VG1GdFpURVVNQklHQTFVRUNnd0xRMjl0Y0dGdWVVNWhiV1V4R3pBWkJnTlZCQXNNCkVrTnZiWEJoYm5sVFpXTjBhVzl1VG1GdFpURWJNQmtHQTFVRUF3d1NjSEp2ZUhrdWEyOXVaeTVsZUdGdGNHeGwKTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE4Wmd4czI1RXdtaXRsRG1HMitWVwpscUZ4R3lkVHU2dWlCVldFZjNoV0h2R3YvUWpYZHBBWXlkc3ZpNS92b1FtcjNUeVJBb3VaR1lCR3RuVEF0cU5rCnFLUmFVaWppVlN3TTNzeUl1cHluMlRjSjk1N2RLUCtUYTRaL0VNUlRwSCtya1psV01LNVYrNUszTmFIL21leDUKVWRRWkl4WUxNM0xIM0t0cmt2OWZRNlhSZ2dkeXo0MEt2YUV6SW1scEVoQnBoS0g5UWJiL3RFRE0vdFFqbC9FUApmbUF5M2Y5WE1uRDNSeFY3TnFrZktpUjNXZ1JDMnFyNWtPbXlJTGp1YWxERk1Zb3lDZUlmSnd1WmVDaEpGb3ZHClFKUFY2WU9xTG5aRWN3MU9BaVBXQnMycXVmWmlsNXplekRDZUFGZDV3eXVrS1dPZ3pTZ3Q2VzZvN2FBRTBDK3YKclFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNGZHhFOFVsMVorcWxBbW1lTk5BdlAyZVVxSElTbQpHWXZidzdGdW82bXNJY3V3cjZKeENBWjIwako5UkphalMzWS9TS3BteXM2OXZxU21ic25oeUJzc01mL1ZtenFSClBVLzVkUUZiblNybUJqMnFBNWxtRCtENDVLUEtrTjc1V21NeDRQWkZseEw3WHVLYnZhYVZBUjFFUmRNZy90NisKUXpPV3BVWVZrcFJnQmlxTDBTTjhvTStOTjdScGFESFNkZjlTY1FtUmhNVklNNDdVZ1ZXNWhta21mQjBkUTFhQQo5NWdTQ3E0cGVwUFRzY3NsbVBzM0lOck5BTk45KytyMnM1bXRTWnp5VktRU0cwRjQ0Y1puWjdTdkdTVFJORDlUCnRKVzNTcko3elBwS0JqWi9qVDRRVnpBdGtHN3FSV2ZhYnlWTmVrK29wMTgwSVY5Um9IR1JDU0kyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRHhtREd6YmtUQ2FLMlUKT1liYjVWYVdvWEViSjFPN3E2SUZWWVIvZUZZZThhLzlDTmQya0JqSjJ5K0xuKytoQ2F2ZFBKRUNpNWtaZ0VhMgpkTUMybzJTb3BGcFNLT0pWTEF6ZXpJaTZuS2ZaTnduM250MG8vNU5yaG44UXhGT2tmNnVSbVZZd3JsWDdrcmMxCm9mK1o3SGxSMUJrakZnc3pjc2ZjcTJ1Uy8xOURwZEdDQjNMUGpRcTlvVE1pYVdrU0VHbUVvZjFCdHYrMFFNeisKMUNPWDhROStZRExkLzFjeWNQZEhGWHMycVI4cUpIZGFCRUxhcXZtUTZiSWd1TzVxVU1VeGlqSUo0aDhuQzVsNApLRWtXaThaQWs5WHBnNm91ZGtSekRVNENJOVlHemFxNTltS1huTjdNTUo0QVYzbkRLNlFwWTZETktDM3BicWp0Cm9BVFFMNit0QWdNQkFBRUNnZ0VCQUs3N1I0d3BJcDRZU1JoaGJoN1loWldHQ3JEYkZCZUtZVWd4djB5LzhNaHEKenNlYlhzdGQ1TVpXL2FISVRqdzZFQU9tT1hVNWZNTHVtTWpQMlVDdktWbkg2QzgzczI1ekFFTmlxdWxXUzIvVgpJRi83N1Qwamx6ZTY2MDlPa3pKQzBoWWJsRVNnRUdDc3pBdUpjT0tnVnVLQWwxQkZTQW1VYWRPWFNNdm9NS3lDCkJlekZaVEhOcGRWQ2xwUHVLNGQrWFJJZ1hHWS84RzNmWlFXRWNjV2tTYmRjQUlLdVYvWktHQ0IyT2dXS1VzSHgKTStscEw1TTZ3aXdYOEFNdUVWVHJsMWNwKzAzTjdOaUYwMFpYdCszZzVZUkJmRitYWjZ1b3hmbENQZ3VHdzh6bgpvN2tFRVNKZ2YycHZyZWYveHBjSVFSM090aHZjSzR5RldOcndPbExHQk9FQ2dZRUErNmJBREF0bDAvRlpzV08zCnVvNlBRNXZTL0tqbS9XaUkzeUo5TUdLNzQxTFZpMlRMUGpVZ092SDdkZUVjNVJjUmoxV1Nna3d1bUdzZWE2WkQKWXRWSTRZTDdMM1NUQ3JyZUNFTDRhOUJPcFB0azcxWWw3TmhxZktEaXhzU1FnNmt4dDJ1TlYvZXNSQ1JPeENoWgp5bk9JTmkvN3lOeFpVek4zcndyVjBCMUFNYVVDZ1lFQTljVDBZNkJWRHZLdFFaV1gvR1REZ2pUUzN6QWlPWmFNCjVFM3NleHh6MXY4eDF0N3JvWDV3aHNaVjlzQ05nNlJaNjIyT3hJejhHQnVvMnU1M2h2WFJabmdDaG1PcHYwRjgKcm5STWFNR0tIeGN2TmNrVUZUMW9TdDJCeEhNT1FNZTM2cERVTnZ0S3pvNGJoakpVUU94Mm14RU9TNERscm4rMApRU3FqVFpyWGwya0NnWUJ1UmIyMkNYQ1BsUjBHbkhtd0tEUWpIaTh3UkJza1JDQm1Gc2pnNFFNUU5BWWJWUW15CnNyankyNEtqUHdmWVkybHdjOEVGazdoL1ZjRTR6dHlNZklXNVBCb3h5MVY3eURMdlQ5bG45Um5oTmNBZkdKTDUKM0VPZFpTcTZpdndBbGEyUmdIR3BjSUJ1UTdLNFJpNUNocW5UaE9kQ056eDFOd0psRTh4cHE4ZXJlUUtCZ1FEeQppV3B3UXRLT0ROa0VCdi9WT1E5am1JT2RjOS9pbXZyeGR5RHZvWFdENzVXY3FhTTVYUkRwUUNPbmZnQnBzREI0CjBFWjdHM0xReThNSVF4czcyYXpMaFpWZ1VFdzlEUUJoSFM0bWx4Q2FmQU8vL1c3UFF5bC84RGJXeW9CL1YxamQKcUExMU1PcHpDdlNJcTNSUUdjczJYaytRSFdVTW5zUWhKMVcvQ1JiSE9RS0JnRTVQZ0hrbW1PY1VXZkJBZUtzTApvb2FNNzBINVN1YUNYN1Y1enBhM3hFMW5WVWMxend5aldOdkdWbTA5WkpEOFFMR1ZDV2U0R1o5R1NvV2tqSUMvCklFKzA0M29kUERuL2JwSDlTMDF2a0s1ZDRJSGc3QUcwWXI5SW1zS0paT0djT1dmdUdKSlZ5em1CRXhaSU9pbnoKVFFuaFdhZWs0NE1hdVJYOC9pRjZyZWorCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + kind: Secret + metadata: + name: kong.proxy.example.secret + type: kubernetes.io/tls +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-manager + namespace: default + spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + enable-metrics: \"true\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-proxy + namespace: default + spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook + namespace: default + spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 +- object: + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default +""" diff --git a/build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-3-values.snap b/build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-3-values.snap new file mode 100644 index 0000000..f3cc171 --- /dev/null +++ b/build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-3-values.snap @@ -0,0 +1,898 @@ +[kong-ingress-3-values] +SnapShot = """ +- object: + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validations + namespace: default + webhooks: + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - \"\" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None +- object: + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: \"\" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + version: \"3.5\" + spec: + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: \"true\" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + image: kong/kubernetes-ingress-controller:3.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook + protocol: TCP + - containerPort: 10255 + name: cmetrics + protocol: TCP + - containerPort: 10254 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-kong-token + readOnly: true + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + - name: KONG_NGINX_DAEMON + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +- object: + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-proxy + namespace: default + spec: + rules: + - host: proxy.kong.example + http: + paths: + - backend: + service: + name: chartsnap-kong-proxy + port: + number: 443 + path: / + pathType: ImplementationSpecific +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong + subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + rules: + - apiGroups: + - \"\" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - \"\" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - \"\" + resources: + - configmaps + verbs: + - create + - apiGroups: + - \"\" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong + subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-manager + namespace: default + spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + enable-metrics: \"true\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-proxy + namespace: default + spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook + namespace: default + spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 +- object: + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default +""" diff --git a/build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-4-values.snap b/build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-4-values.snap new file mode 100644 index 0000000..cadb9ee --- /dev/null +++ b/build_system/charts/open-appsec-kong/ci/__snapshots__/kong-ingress-4-values.snap @@ -0,0 +1,951 @@ +[kong-ingress-4-values] +SnapShot = """ +- object: + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validations + namespace: default + webhooks: + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - \"\" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None +- object: + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: \"\" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + version: \"3.5\" + spec: + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: \"true\" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + image: kong/kubernetes-ingress-controller:3.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook + protocol: TCP + - containerPort: 10255 + name: cmetrics + protocol: TCP + - containerPort: 10254 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-kong-token + readOnly: true + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + - name: KONG_NGINX_DAEMON + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +- object: + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-proxy + namespace: default + spec: + rules: + - host: proxy.kong.example + http: + paths: + - backend: + service: + name: chartsnap-kong-proxy + port: + number: 443 + path: / + pathType: ImplementationSpecific + - host: proxy2.kong.example + http: + paths: + - backend: + service: + name: chartsnap-kong-proxy + port: + number: 443 + path: /foo + pathType: Prefix + - backend: + service: + name: chartsnap-kong-proxy + port: + number: 443 + path: /bar + pathType: Prefix + - host: proxy3.kong.example + http: + paths: + - backend: + service: + name: chartsnap-kong-proxy + port: + number: 443 + path: /baz + pathType: Prefix + tls: + - hosts: + - proxy.kong.example + secretName: proxy.kong.example.secret + - hosts: + - proxy2.kong.example + - proxy3.kong.example + secretName: proxy.kong.example.secret2 +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong + subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + rules: + - apiGroups: + - \"\" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - \"\" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - \"\" + resources: + - configmaps + verbs: + - create + - apiGroups: + - \"\" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong + subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoakNDQW00Q0NRQ0tyTDdSS1Y0NTBEQU5CZ2txaGtpRzl3MEJBUXNGQURDQmhERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhHekFaCkJnTlZCQU1NRW5CeWIzaDVMbXR2Ym1jdVpYaGhiWEJzWlRBZUZ3MHlNekEyTWprd09ERTBNekJhRncwek16QTIKTWpZd09ERTBNekJhTUlHRU1Rc3dDUVlEVlFRR0V3SllXREVTTUJBR0ExVUVDQXdKVTNSaGRHVk9ZVzFsTVJFdwpEd1lEVlFRSERBaERhWFI1VG1GdFpURVVNQklHQTFVRUNnd0xRMjl0Y0dGdWVVNWhiV1V4R3pBWkJnTlZCQXNNCkVrTnZiWEJoYm5sVFpXTjBhVzl1VG1GdFpURWJNQmtHQTFVRUF3d1NjSEp2ZUhrdWEyOXVaeTVsZUdGdGNHeGwKTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE4Wmd4czI1RXdtaXRsRG1HMitWVwpscUZ4R3lkVHU2dWlCVldFZjNoV0h2R3YvUWpYZHBBWXlkc3ZpNS92b1FtcjNUeVJBb3VaR1lCR3RuVEF0cU5rCnFLUmFVaWppVlN3TTNzeUl1cHluMlRjSjk1N2RLUCtUYTRaL0VNUlRwSCtya1psV01LNVYrNUszTmFIL21leDUKVWRRWkl4WUxNM0xIM0t0cmt2OWZRNlhSZ2dkeXo0MEt2YUV6SW1scEVoQnBoS0g5UWJiL3RFRE0vdFFqbC9FUApmbUF5M2Y5WE1uRDNSeFY3TnFrZktpUjNXZ1JDMnFyNWtPbXlJTGp1YWxERk1Zb3lDZUlmSnd1WmVDaEpGb3ZHClFKUFY2WU9xTG5aRWN3MU9BaVBXQnMycXVmWmlsNXplekRDZUFGZDV3eXVrS1dPZ3pTZ3Q2VzZvN2FBRTBDK3YKclFJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUNGZHhFOFVsMVorcWxBbW1lTk5BdlAyZVVxSElTbQpHWXZidzdGdW82bXNJY3V3cjZKeENBWjIwako5UkphalMzWS9TS3BteXM2OXZxU21ic25oeUJzc01mL1ZtenFSClBVLzVkUUZiblNybUJqMnFBNWxtRCtENDVLUEtrTjc1V21NeDRQWkZseEw3WHVLYnZhYVZBUjFFUmRNZy90NisKUXpPV3BVWVZrcFJnQmlxTDBTTjhvTStOTjdScGFESFNkZjlTY1FtUmhNVklNNDdVZ1ZXNWhta21mQjBkUTFhQQo5NWdTQ3E0cGVwUFRzY3NsbVBzM0lOck5BTk45KytyMnM1bXRTWnp5VktRU0cwRjQ0Y1puWjdTdkdTVFJORDlUCnRKVzNTcko3elBwS0JqWi9qVDRRVnpBdGtHN3FSV2ZhYnlWTmVrK29wMTgwSVY5Um9IR1JDU0kyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRHhtREd6YmtUQ2FLMlUKT1liYjVWYVdvWEViSjFPN3E2SUZWWVIvZUZZZThhLzlDTmQya0JqSjJ5K0xuKytoQ2F2ZFBKRUNpNWtaZ0VhMgpkTUMybzJTb3BGcFNLT0pWTEF6ZXpJaTZuS2ZaTnduM250MG8vNU5yaG44UXhGT2tmNnVSbVZZd3JsWDdrcmMxCm9mK1o3SGxSMUJrakZnc3pjc2ZjcTJ1Uy8xOURwZEdDQjNMUGpRcTlvVE1pYVdrU0VHbUVvZjFCdHYrMFFNeisKMUNPWDhROStZRExkLzFjeWNQZEhGWHMycVI4cUpIZGFCRUxhcXZtUTZiSWd1TzVxVU1VeGlqSUo0aDhuQzVsNApLRWtXaThaQWs5WHBnNm91ZGtSekRVNENJOVlHemFxNTltS1huTjdNTUo0QVYzbkRLNlFwWTZETktDM3BicWp0Cm9BVFFMNit0QWdNQkFBRUNnZ0VCQUs3N1I0d3BJcDRZU1JoaGJoN1loWldHQ3JEYkZCZUtZVWd4djB5LzhNaHEKenNlYlhzdGQ1TVpXL2FISVRqdzZFQU9tT1hVNWZNTHVtTWpQMlVDdktWbkg2QzgzczI1ekFFTmlxdWxXUzIvVgpJRi83N1Qwamx6ZTY2MDlPa3pKQzBoWWJsRVNnRUdDc3pBdUpjT0tnVnVLQWwxQkZTQW1VYWRPWFNNdm9NS3lDCkJlekZaVEhOcGRWQ2xwUHVLNGQrWFJJZ1hHWS84RzNmWlFXRWNjV2tTYmRjQUlLdVYvWktHQ0IyT2dXS1VzSHgKTStscEw1TTZ3aXdYOEFNdUVWVHJsMWNwKzAzTjdOaUYwMFpYdCszZzVZUkJmRitYWjZ1b3hmbENQZ3VHdzh6bgpvN2tFRVNKZ2YycHZyZWYveHBjSVFSM090aHZjSzR5RldOcndPbExHQk9FQ2dZRUErNmJBREF0bDAvRlpzV08zCnVvNlBRNXZTL0tqbS9XaUkzeUo5TUdLNzQxTFZpMlRMUGpVZ092SDdkZUVjNVJjUmoxV1Nna3d1bUdzZWE2WkQKWXRWSTRZTDdMM1NUQ3JyZUNFTDRhOUJPcFB0azcxWWw3TmhxZktEaXhzU1FnNmt4dDJ1TlYvZXNSQ1JPeENoWgp5bk9JTmkvN3lOeFpVek4zcndyVjBCMUFNYVVDZ1lFQTljVDBZNkJWRHZLdFFaV1gvR1REZ2pUUzN6QWlPWmFNCjVFM3NleHh6MXY4eDF0N3JvWDV3aHNaVjlzQ05nNlJaNjIyT3hJejhHQnVvMnU1M2h2WFJabmdDaG1PcHYwRjgKcm5STWFNR0tIeGN2TmNrVUZUMW9TdDJCeEhNT1FNZTM2cERVTnZ0S3pvNGJoakpVUU94Mm14RU9TNERscm4rMApRU3FqVFpyWGwya0NnWUJ1UmIyMkNYQ1BsUjBHbkhtd0tEUWpIaTh3UkJza1JDQm1Gc2pnNFFNUU5BWWJWUW15CnNyankyNEtqUHdmWVkybHdjOEVGazdoL1ZjRTR6dHlNZklXNVBCb3h5MVY3eURMdlQ5bG45Um5oTmNBZkdKTDUKM0VPZFpTcTZpdndBbGEyUmdIR3BjSUJ1UTdLNFJpNUNocW5UaE9kQ056eDFOd0psRTh4cHE4ZXJlUUtCZ1FEeQppV3B3UXRLT0ROa0VCdi9WT1E5am1JT2RjOS9pbXZyeGR5RHZvWFdENzVXY3FhTTVYUkRwUUNPbmZnQnBzREI0CjBFWjdHM0xReThNSVF4czcyYXpMaFpWZ1VFdzlEUUJoSFM0bWx4Q2FmQU8vL1c3UFF5bC84RGJXeW9CL1YxamQKcUExMU1PcHpDdlNJcTNSUUdjczJYaytRSFdVTW5zUWhKMVcvQ1JiSE9RS0JnRTVQZ0hrbW1PY1VXZkJBZUtzTApvb2FNNzBINVN1YUNYN1Y1enBhM3hFMW5WVWMxend5aldOdkdWbTA5WkpEOFFMR1ZDV2U0R1o5R1NvV2tqSUMvCklFKzA0M29kUERuL2JwSDlTMDF2a0s1ZDRJSGc3QUcwWXI5SW1zS0paT0djT1dmdUdKSlZ5em1CRXhaSU9pbnoKVFFuaFdhZWs0NE1hdVJYOC9pRjZyZWorCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + kind: Secret + metadata: + name: kong.proxy.example.secret + type: kubernetes.io/tls +- object: + apiVersion: v1 + data: + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURmakNDQW1ZQ0NRREVtWjF0cnJwaURqQU5CZ2txaGtpRzl3MEJBUXNGQURDQmdERUxNQWtHQTFVRUJoTUMKV0ZneEVqQVFCZ05WQkFnTUNWTjBZWFJsVG1GdFpURVJNQThHQTFVRUJ3d0lRMmwwZVU1aGJXVXhGREFTQmdOVgpCQW9NQzBOdmJYQmhibmxPWVcxbE1Sc3dHUVlEVlFRTERCSkRiMjF3WVc1NVUyVmpkR2x2Yms1aGJXVXhGekFWCkJnTlZCQU1NRGlvdWEyOXVaeTVsZUdGdGNHeGxNQjRYRFRJek1EWXlPVEE0TVRjek4xb1hEVE16TURZeU5qQTQKTVRjek4xb3dnWUF4Q3pBSkJnTlZCQVlUQWxoWU1SSXdFQVlEVlFRSURBbFRkR0YwWlU1aGJXVXhFVEFQQmdOVgpCQWNNQ0VOcGRIbE9ZVzFsTVJRd0VnWURWUVFLREF0RGIyMXdZVzU1VG1GdFpURWJNQmtHQTFVRUN3d1NRMjl0CmNHRnVlVk5sWTNScGIyNU9ZVzFsTVJjd0ZRWURWUVFEREE0cUxtdHZibWN1WlhoaGJYQnNaVENDQVNJd0RRWUoKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTDlSR1g1VytsRW8wcGg2eTJqeHN6TGZOcjMvNlpFOQpPR0pPMGl1WmpwRml2dHBya24ydDlqYTRaNUdYOGh4NUczS1FsRkhrVFBmV01BWmUzdldINTF0alZzYjZwY2UwCjlkMUo4WXNxWkh5RHVlUzBrS3RUbEFmc0F5MnVjL3ZvUUdmOTdZeUI2TlJ4TEJmNHBnSVJ4eHpGM3o0Q1ZOSTgKTzE5Ym1PYVo1Vkk1QWZpbENSMUI1ekxuN2VoeEJHOHhTQmRtQUg0eWFob2t5RXk2a0ZtRzJCaEtJWjdsL1BZYQpqbU1yQ3cwekRVampvblBublZTWTkxL0EwNUJVTVk5OEZsME00QVV5T1V3enBaajhqMXhLMTNqUVlGeXJwUHQwCklHNUdLR044akVCcnRkdGVlcGZIdFZuekFWYnhoT0hkcXZoUWhrSDJDSGVwOStIQkNIL25VL1VDQXdFQUFUQU4KQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBQkcxVVYyUFRJekhrNEt4cjBHT0NXalhjTTdKUU9hbUJQM3dZSCswRgpyc09YUG9IOHVLV25XYjhSSGE1MDhMenU4MGNzS1lYcnZ4SEhDcmcxdXJjRnl3bnNMaUtMNGhsQklTd2ZMNzFFClVXODhQdGYyWTdjTnJZRzNLc2MvMWVpait1RWd5bVdCbjkraVYzbzE5VERwRjlZZWZwYzNUUDJqMGhNUHcwMlgKa1gzSlh3b250NnBQaDhlQjhXRU1OZkF5NzZmb0lMcytVd0Fjck56QkpjSVZSTERoZWFNMFNFd0xCNUpuaWZ5ZwplRE1aSE56MkhLais0NU1wTzFOSDBtd3ZJRTRLQjNITUNSSlMybmZFbWVMcFdCMWpmZTV6T2o1bWhTeS82M0RVCldDQll1aUhtelFWaGxJS21lQzBlVmd3bGtkMTFrUDRNM1hoWnB6V09aQ1BoaGc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQy9VUmwrVnZwUktOS1kKZXN0bzhiTXkzemE5LyttUlBUaGlUdElybVk2UllyN2FhNUo5cmZZMnVHZVJsL0ljZVJ0eWtKUlI1RXozMWpBRwpYdDcxaCtkYlkxYkcrcVhIdFBYZFNmR0xLbVI4Zzdua3RKQ3JVNVFIN0FNdHJuUDc2RUJuL2UyTWdlalVjU3dYCitLWUNFY2NjeGQ4K0FsVFNQRHRmVzVqbW1lVlNPUUg0cFFrZFFlY3k1KzNvY1FSdk1VZ1haZ0IrTW1vYUpNaE0KdXBCWmh0Z1lTaUdlNWZ6MkdvNWpLd3NOTXcxSTQ2Sno1NTFVbVBkZndOT1FWREdQZkJaZERPQUZNamxNTTZXWQovSTljU3RkNDBHQmNxNlQ3ZENCdVJpaGpmSXhBYTdYYlhucVh4N1ZaOHdGVzhZVGgzYXI0VUlaQjlnaDNxZmZoCndRaC81MVAxQWdNQkFBRUNnZ0VCQUlCZ0l3TXJ5ZnY3c0pTd2tSMXlVaFNvdzByckZnZG5WUlppWFpUMERUNXgKVEMrMFR6QVdNMGkwcElxRnN1aDRPM3E4bVVuNkw4dDk1ZXZnYlN2RWJmSmN6alhtcXFjL1BsdW02blcvbEg0WQp4Znc1VFhvcE13Tzkwc1FzYzVkdFdRcHUwWitlN0dUaEsvMUowOXMvb3FRa0FwRFJiNmxDMFhSRE9tNUNoaWFNCi95Z2M2dGUzUHkrRXpzSmRMRm9YWndFQnVQWTB2KzlBclhpNmlUMllaN1ZacE9iZzQxcm1ocHNObTFLNmdJajUKZFZKNGZYa2Z5V0hsSmJBYzVTRDkrVWMrTGFjUEcxSjVJUWx6eTM0WlM0ZG9VQ2lmODZuVHFzSnFVTU1sNXYxcAp3SFFUZFI2MkdnWnRPM1grOU4vdHE3SExqU0tHY0JEd3E4bEM4QXZ0VHdFQ2dZRUErWWpVdzI1em42aWhjaXFpCmo3dDJiQVdLdzdlbng1RXFzU25ZOG1PYzR2TDdNa1YyN2ZhYXp1cW8wUEtOeWJOa1grUlhIMDN4S0NDd0x0N0UKLzRDUlFHMGNkQmhBQ2szMkpadllrQmxESUZ3VmtnMHVnNGk4Snp6VjVCT2hEeWdwZUhJTDVVTkx2eGJDbVh6MAo1bXNYRktPYW1HYkFCbE9KTEZsR1R4WWdzeWtDZ1lFQXhFWWI0dFVmRmhiTmpJTUMyd1hFRXdWZkJYOFJqNzVqCjN6SkwxV3o4YWxUQmxFemZYOTZiNmg3VjFNT1NHcmlabFJ1cGpEaUFsUkhPZytDSXlPbmdISFkwd2xTaHNmemQKSDluL2dOdUZsanFuQkF3OVpaSW9hbE1zUVVER3RLSnVIejhEYzlVNzRFMGM3WldQWk1Ub0pNdFV2Zkl5T0pZSgpQODh1YnYvam4rMENnWUJaNmpzNFhKRmZRNFZCUFNtc2Z4RXg1V0ZXR3RSakxlVGpSNy83djNjbHRBWmQyL2Y1CjBUV0JQNzhxNDJ2QjlWbEMwR1d3U3dhTnZoR2VJZmw4VTVpRFRZM0dLNExQODcyeFdaSFVnclhVY0RuNWtiUmsKQXg1QlNVT05WcUZmYzhwVnMwcWtCdmJCV1hNdm1YNHBsUWNSRWM3QUFhNUoyVW9CWi8zVXU1VjIyUUtCZ0ZnVQpKanQ2N0lKYkpVN2pGQXI1NFcydndWNlVFV3R5UXh0TVZOK29FdlljcHVwSVBRMm10azB3SFVGbnFrODNmQ1IvCnoyeFBodFJlczFCWEdNc2d1U1BNb0F4OU1qclBnT1BrVGxhakxLV29HSDhtaHY3bndoOUV4OTFZbGxORmVTbW8KZTRJbHRNTUpsK3UrYkNVS2dDclMzR3FKSDZScElDbDBiaC85MFVaWkFvR0FaUEsrdldLQ0N6aHNhSnVWak1VSQpiTEJlMi9CM0xxTVBhakFLTjVTNU9GYlpBZm5NeE9BT1lnd25iWmdpZGVkcVk2QkIyLytVVGt4MW1IUjhKcmpGCnRyN20wS2VvRFY4dmQxSENvSkF3b2hqQ1B6SkJhSW9WYWNkRFNsMDNIOVFEck4yd0RFYUxoWFBlVkRoNGZ2NmQKa3d6V3FZWUlETzRKQlp5L21Wa0t4NFU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + kind: Secret + metadata: + name: kong.proxy.example.secret2 + type: kubernetes.io/tls +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-manager + namespace: default + spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + enable-metrics: \"true\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-proxy + namespace: default + spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook + namespace: default + spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 +- object: + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default +""" diff --git a/build_system/charts/open-appsec-kong/ci/__snapshots__/service-account.snap b/build_system/charts/open-appsec-kong/ci/__snapshots__/service-account.snap new file mode 100644 index 0000000..17b345e --- /dev/null +++ b/build_system/charts/open-appsec-kong/ci/__snapshots__/service-account.snap @@ -0,0 +1,874 @@ +[service-account] +SnapShot = """ +- object: + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validations + namespace: default + webhooks: + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - \"\" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None +- object: + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: my-kong-sa-token + traffic.sidecar.istio.io/includeInboundPorts: \"\" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + version: \"3.5\" + spec: + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: \"true\" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + image: kong/kubernetes-ingress-controller:3.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook + protocol: TCP + - containerPort: 10255 + name: cmetrics + protocol: TCP + - containerPort: 10254 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: my-kong-sa-token + readOnly: true + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + - name: KONG_NGINX_DAEMON + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: my-kong-sa + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: my-kong-sa-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong + subjects: + - kind: ServiceAccount + name: my-kong-sa + namespace: default +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + rules: + - apiGroups: + - \"\" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - \"\" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - \"\" + resources: + - configmaps + verbs: + - create + - apiGroups: + - \"\" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong + subjects: + - kind: ServiceAccount + name: my-kong-sa + namespace: default +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-manager + namespace: default + spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + enable-metrics: \"true\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-proxy + namespace: default + spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook + namespace: default + spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 +- object: + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: my-kong-sa + namespace: default +""" diff --git a/build_system/charts/open-appsec-kong/ci/__snapshots__/single-image-default-values.snap b/build_system/charts/open-appsec-kong/ci/__snapshots__/single-image-default-values.snap new file mode 100644 index 0000000..8ff4201 --- /dev/null +++ b/build_system/charts/open-appsec-kong/ci/__snapshots__/single-image-default-values.snap @@ -0,0 +1,880 @@ +[single-image-default-values] +SnapShot = """ +- object: + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validations + namespace: default + webhooks: + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - \"\" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None +- object: + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: \"\" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + version: \"3.5\" + spec: + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ANONYMOUS_REPORTS + value: \"false\" + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: \"true\" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + image: kong/kubernetes-ingress-controller:3.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook + protocol: TCP + - containerPort: 10255 + name: cmetrics + protocol: TCP + - containerPort: 10254 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-kong-token + readOnly: true + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + - name: KONG_NGINX_DAEMON + value: \"off\" + image: kong:3.4.1 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + image: kong:3.4.1 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong + subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + rules: + - apiGroups: + - \"\" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - \"\" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - \"\" + resources: + - configmaps + verbs: + - create + - apiGroups: + - \"\" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong + subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-manager + namespace: default + spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + enable-metrics: \"true\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-proxy + namespace: default + spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook + namespace: default + spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 +- object: + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default +""" diff --git a/build_system/charts/open-appsec-kong/ci/__snapshots__/test-enterprise-version-3.4.0.0-values.snap b/build_system/charts/open-appsec-kong/ci/__snapshots__/test-enterprise-version-3.4.0.0-values.snap new file mode 100644 index 0000000..a954f81 --- /dev/null +++ b/build_system/charts/open-appsec-kong/ci/__snapshots__/test-enterprise-version-3.4.0.0-values.snap @@ -0,0 +1,311 @@ +['test-enterprise-version-3.4.0.0-values'] +SnapShot = """ +- object: + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: \"\" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + version: \"3.5\" + spec: + automountServiceAccountToken: false + containers: + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + - name: KONG_NGINX_DAEMON + value: \"off\" + image: kong/kong-gateway:3.4.0.0 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 1 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + image: kong/kong-gateway:3.4.0.0 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-manager + namespace: default + spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + enable-metrics: \"true\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-proxy + namespace: default + spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +- object: + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default +""" diff --git a/build_system/charts/open-appsec-kong/ci/__snapshots__/test1-values.snap b/build_system/charts/open-appsec-kong/ci/__snapshots__/test1-values.snap new file mode 100644 index 0000000..4e38489 --- /dev/null +++ b/build_system/charts/open-appsec-kong/ci/__snapshots__/test1-values.snap @@ -0,0 +1,967 @@ +[test1-values] +SnapShot = """ +- object: + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validations + namespace: default + webhooks: + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - \"\" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None +- object: + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + spec: + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: \"\" + labels: + app: kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + environment: test + helm.sh/chart: kong-2.35.1 + version: \"3.5\" + spec: + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ANONYMOUS_REPORTS + value: \"false\" + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_HEADER + value: foo:bar + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: \"true\" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + image: kong/kubernetes-ingress-controller:3.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook + protocol: TCP + - containerPort: 10255 + name: cmetrics + protocol: TCP + - containerPort: 10254 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-kong-token + readOnly: true + - mountPath: /tmp/foo + name: tmpdir + readOnly: true + - mountPath: /tmp/controller + name: controllerdir + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http://admin.kong.example + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http://admin.kong.example + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + - name: KONG_NGINX_DAEMON + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + - mountPath: /tmp/foo + name: tmpdir + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http://admin.kong.example + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http://admin.kong.example + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + - command: + - /bin/sh + - -c + - \"true\" + image: bash:latest + name: bash + resources: + limits: + cpu: 100m + memory: 64Mi + requests: + cpu: 100m + memory: 64Mi + volumeMounts: + - mountPath: /tmp/foo + name: tmpdir + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair + - emptyDir: {} + name: tmpdir + - emptyDir: {} + name: controllerdir +- object: + apiVersion: autoscaling/v2 + kind: HorizontalPodAutoscaler + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + spec: + maxReplicas: 5 + metrics: + - resource: + name: cpu + target: + averageUtilization: 80 + type: Utilization + type: Resource + minReplicas: 2 + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: chartsnap-kong +- object: + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-proxy + namespace: default + spec: + rules: + - host: proxy.kong.example + http: + paths: + - backend: + service: + name: chartsnap-kong-proxy + port: + number: 443 + path: / + pathType: ImplementationSpecific +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong + subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + rules: + - apiGroups: + - \"\" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - \"\" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - \"\" + resources: + - configmaps + verbs: + - create + - apiGroups: + - \"\" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong + subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-manager + namespace: default + spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + enable-metrics: \"true\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-proxy + namespace: default + spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook + namespace: default + spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 +- object: + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default +""" diff --git a/build_system/charts/open-appsec-kong/ci/__snapshots__/test2-values.snap b/build_system/charts/open-appsec-kong/ci/__snapshots__/test2-values.snap new file mode 100644 index 0000000..4e4688c --- /dev/null +++ b/build_system/charts/open-appsec-kong/ci/__snapshots__/test2-values.snap @@ -0,0 +1,2106 @@ +[test2-values] +SnapShot = """ +- object: + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validations + namespace: default + webhooks: + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - \"\" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None + timeoutSeconds: 5 +- object: + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: \"\" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + version: \"3.5\" + spec: + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ANONYMOUS_REPORTS + value: \"false\" + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: \"true\" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + - name: CONTROLLER_WATCH_NAMESPACE + value: default + - name: TZ + value: Europe/Berlin + envFrom: + - configMapRef: + name: env-config + image: kong/kubernetes-ingress-controller:3.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook + protocol: TCP + - containerPort: 10255 + name: cmetrics + protocol: TCP + - containerPort: 10254 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-kong-token + readOnly: true + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: \"5432\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl + - name: KONG_NGINX_DAEMON + value: \"off\" + envFrom: + - configMapRef: + name: env-config + image: kong:3.5 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 9000 + name: stream-9000 + protocol: TCP + - containerPort: 9001 + name: stream-9001 + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: \"5432\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl + envFrom: + - configMapRef: + name: env-config + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + - command: + - /bin/sh + - -c + - \"true\" + image: bash:latest + name: bash + resources: + limits: + cpu: 100m + memory: 64Mi + requests: + cpu: 100m + memory: 64Mi + - args: + - /bin/bash + - -c + - export KONG_NGINX_DAEMON=on KONG_PREFIX=`mktemp -d` KONG_KEYRING_ENABLED=off; until kong start; do echo 'waiting for db'; sleep 1; done; kong stop + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: \"5432\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl + envFrom: + - configMapRef: + name: env-config + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: wait-for-db + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + defaultMode: 493 + name: chartsnap-kong-bash-wait-for-postgres + name: chartsnap-kong-bash-wait-for-postgres + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +- object: + apiVersion: apps/v1 + kind: StatefulSet + metadata: + annotations: null + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-11.9.13 + name: chartsnap-postgresql + namespace: default + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: postgresql + serviceName: chartsnap-postgresql-hl + template: + metadata: + annotations: null + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-11.9.13 + name: chartsnap-postgresql + spec: + affinity: + nodeAffinity: null + podAffinity: null + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: postgresql + namespaces: + - default + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - env: + - name: BITNAMI_DEBUG + value: \"false\" + - name: POSTGRESQL_PORT_NUMBER + value: \"5432\" + - name: POSTGRESQL_VOLUME_DIR + value: /bitnami/postgresql + - name: PGDATA + value: /bitnami/postgresql/data + - name: POSTGRES_USER + value: kong + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: postgres-password + name: chartsnap-postgresql + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: POSTGRES_DB + value: kong + - name: POSTGRESQL_ENABLE_LDAP + value: \"no\" + - name: POSTGRESQL_ENABLE_TLS + value: \"no\" + - name: POSTGRESQL_LOG_HOSTNAME + value: \"false\" + - name: POSTGRESQL_LOG_CONNECTIONS + value: \"false\" + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: \"false\" + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: \"off\" + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: error + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: pgaudit + image: docker.io/bitnami/postgresql:13.11.0-debian-11-r20 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U \"kong\" -d \"dbname=kong\" -h 127.0.0.1 -p 5432 + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: postgresql + ports: + - containerPort: 5432 + name: tcp-postgresql + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + - | + exec pg_isready -U \"kong\" -d \"dbname=kong\" -h 127.0.0.1 -p 5432 + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: {} + requests: + cpu: 250m + memory: 256Mi + securityContext: + runAsUser: 1001 + volumeMounts: + - mountPath: /dev/shm + name: dshm + - mountPath: /bitnami/postgresql + name: data + hostIPC: false + hostNetwork: false + initContainers: null + securityContext: + fsGroup: 1001 + serviceAccountName: default + volumes: + - emptyDir: + medium: Memory + name: dshm + updateStrategy: + rollingUpdate: {} + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi +- object: + apiVersion: batch/v1 + kind: Job + metadata: + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/hook-delete-policy: BeforeHookCreation + labels: + app.kubernetes.io/component: init-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-init-migrations + namespace: default + spec: + backoffLimit: null + template: + metadata: + annotations: + kuma.io/service-account-token-volume: chartsnap-kong-token + sidecar.istio.io/inject: \"false\" + labels: + app.kubernetes.io/component: init-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: kong-init-migrations + spec: + automountServiceAccountToken: false + containers: + - args: + - kong + - migrations + - bootstrap + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: \"5432\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl + - name: KONG_NGINX_DAEMON + value: \"off\" + envFrom: + - configMapRef: + name: env-config + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: kong-migrations + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - /bin/sh + - -c + - \"true\" + image: bash:latest + name: bash + resources: + limits: + cpu: 100m + memory: 64Mi + requests: + cpu: 100m + memory: 64Mi + - command: + - bash + - /wait_postgres/wait.sh + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: \"5432\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl + - name: KONG_NGINX_DAEMON + value: \"off\" + envFrom: + - configMapRef: + name: env-config + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: wait-for-postgres + resources: {} + volumeMounts: + - mountPath: /wait_postgres + name: chartsnap-kong-bash-wait-for-postgres + restartPolicy: OnFailure + securityContext: {} + serviceAccountName: chartsnap-kong + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + defaultMode: 493 + name: chartsnap-kong-bash-wait-for-postgres + name: chartsnap-kong-bash-wait-for-postgres + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +- object: + apiVersion: batch/v1 + kind: Job + metadata: + annotations: + helm.sh/hook: post-upgrade + helm.sh/hook-delete-policy: before-hook-creation + labels: + app.kubernetes.io/component: post-upgrade-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-post-upgrade-migrations + namespace: default + spec: + backoffLimit: null + template: + metadata: + annotations: + kuma.io/service-account-token-volume: chartsnap-kong-token + sidecar.istio.io/inject: \"false\" + labels: + app.kubernetes.io/component: post-upgrade-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: kong-post-upgrade-migrations + spec: + automountServiceAccountToken: false + containers: + - args: + - kong + - migrations + - finish + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: \"5432\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl + - name: KONG_NGINX_DAEMON + value: \"off\" + envFrom: + - configMapRef: + name: env-config + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: kong-post-upgrade-migrations + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - /bin/sh + - -c + - \"true\" + image: bash:latest + name: bash + resources: + limits: + cpu: 100m + memory: 64Mi + requests: + cpu: 100m + memory: 64Mi + - command: + - bash + - /wait_postgres/wait.sh + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: \"5432\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl + - name: KONG_NGINX_DAEMON + value: \"off\" + envFrom: + - configMapRef: + name: env-config + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: wait-for-postgres + resources: {} + volumeMounts: + - mountPath: /wait_postgres + name: chartsnap-kong-bash-wait-for-postgres + restartPolicy: OnFailure + securityContext: {} + serviceAccountName: chartsnap-kong + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + defaultMode: 493 + name: chartsnap-kong-bash-wait-for-postgres + name: chartsnap-kong-bash-wait-for-postgres + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +- object: + apiVersion: batch/v1 + kind: Job + metadata: + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/hook-delete-policy: BeforeHookCreation + helm.sh/hook: pre-upgrade + helm.sh/hook-delete-policy: before-hook-creation + labels: + app.kubernetes.io/component: pre-upgrade-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-pre-upgrade-migrations + namespace: default + spec: + backoffLimit: null + template: + metadata: + annotations: + kuma.io/service-account-token-volume: chartsnap-kong-token + sidecar.istio.io/inject: \"false\" + labels: + app.kubernetes.io/component: pre-upgrade-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: kong-pre-upgrade-migrations + spec: + automountServiceAccountToken: false + containers: + - args: + - kong + - migrations + - up + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: \"5432\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl + - name: KONG_NGINX_DAEMON + value: \"off\" + envFrom: + - configMapRef: + name: env-config + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: kong-upgrade-migrations + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - /bin/sh + - -c + - \"true\" + image: bash:latest + name: bash + resources: + limits: + cpu: 100m + memory: 64Mi + requests: + cpu: 100m + memory: 64Mi + - command: + - bash + - /wait_postgres/wait.sh + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: \"5432\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl + - name: KONG_NGINX_DAEMON + value: \"off\" + envFrom: + - configMapRef: + name: env-config + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: wait-for-postgres + resources: {} + volumeMounts: + - mountPath: /wait_postgres + name: chartsnap-kong-bash-wait-for-postgres + restartPolicy: OnFailure + securityContext: {} + serviceAccountName: chartsnap-kong + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + defaultMode: 493 + name: chartsnap-kong-bash-wait-for-postgres + name: chartsnap-kong-bash-wait-for-postgres + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +- object: + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-proxy + namespace: default + spec: + rules: + - host: proxy.kong.example + http: + paths: + - backend: + service: + name: chartsnap-kong-proxy + port: + number: 443 + path: / + pathType: ImplementationSpecific +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong + subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + rules: + - apiGroups: + - \"\" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - \"\" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - \"\" + resources: + - configmaps + verbs: + - create + - apiGroups: + - \"\" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-default + namespace: default + rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong + subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-default + namespace: default + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong-default + subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +- object: + apiVersion: v1 + data: + wait.sh: | + until timeout 2 bash -c \"9<>/dev/tcp/${KONG_PG_HOST}/${KONG_PG_PORT}\" + do echo \"waiting for db - trying ${KONG_PG_HOST}:${KONG_PG_PORT}\" + sleep 2 + done + kind: ConfigMap + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-bash-wait-for-postgres + namespace: default +- object: + apiVersion: v1 + data: + test-env: test + kind: ConfigMap + metadata: + name: env-config +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + data: + password: a29uZw== + postgres-password: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-11.9.13 + name: chartsnap-postgresql + namespace: default + type: Opaque +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-manager + namespace: default + spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + enable-metrics: \"true\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-proxy + namespace: default + spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + - name: stream-9000 + port: 9000 + protocol: TCP + targetPort: 9000 + - name: stream-9001 + port: 9001 + protocol: TCP + targetPort: 9001 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook + namespace: default + spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 +- object: + apiVersion: v1 + kind: Service + metadata: + annotations: null + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-11.9.13 + name: chartsnap-postgresql + namespace: default + spec: + ports: + - name: tcp-postgresql + nodePort: null + port: 5432 + targetPort: tcp-postgresql + selector: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: postgresql + sessionAffinity: None + type: ClusterIP +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-11.9.13 + service.alpha.kubernetes.io/tolerate-unready-endpoints: \"true\" + name: chartsnap-postgresql-hl + namespace: default + spec: + clusterIP: None + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: postgresql + type: ClusterIP +- object: + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default +""" diff --git a/build_system/charts/open-appsec-kong/ci/__snapshots__/test3-values.snap b/build_system/charts/open-appsec-kong/ci/__snapshots__/test3-values.snap new file mode 100644 index 0000000..19e84fa --- /dev/null +++ b/build_system/charts/open-appsec-kong/ci/__snapshots__/test3-values.snap @@ -0,0 +1,369 @@ +[test3-values] +SnapShot = """ +- object: + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: + metadata: + annotations: + checksum/dbless.config: 95c0309e6b27de23d64edae3a3602472635243f133fba88af3034ed4d5703d4a + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: \"\" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + version: \"3.5\" + spec: + automountServiceAccountToken: false + containers: + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_DECLARATIVE_CONFIG + value: /kong_dbless/kong.yml + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + - name: KONG_NGINX_DAEMON + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + - mountPath: /kong_dbless/ + name: kong-custom-dbless-config-volume + - mountPath: /opt/tmp + name: tmpdir + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_DECLARATIVE_CONFIG + value: /kong_dbless/kong.yml + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + - mountPath: /kong_dbless/ + name: kong-custom-dbless-config-volume + - command: + - /bin/sh + - -c + - \"true\" + image: bash:latest + name: bash + resources: + limits: + cpu: 100m + memory: 64Mi + requests: + cpu: 100m + memory: 64Mi + volumeMounts: + - mountPath: /opt/tmp + name: tmpdir + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + name: chartsnap-kong-custom-dbless-config + name: kong-custom-dbless-config-volume + - emptyDir: {} + name: tmpdir +- object: + apiVersion: v1 + data: + kong.yml: | + _format_version: \"1.1\" + services: + - name: example.com + url: http://example.com + routes: + - name: example + paths: + - \"/example\" + kind: ConfigMap + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-custom-dbless-config + namespace: default +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-manager + namespace: default + spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + enable-metrics: \"true\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-proxy + namespace: default + spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +- object: + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default +""" diff --git a/build_system/charts/open-appsec-kong/ci/__snapshots__/test4-values.snap b/build_system/charts/open-appsec-kong/ci/__snapshots__/test4-values.snap new file mode 100644 index 0000000..496dc25 --- /dev/null +++ b/build_system/charts/open-appsec-kong/ci/__snapshots__/test4-values.snap @@ -0,0 +1,386 @@ +[test4-values] +SnapShot = """ +- object: + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + template: + metadata: + annotations: + checksum/dbless.config: 95c0309e6b27de23d64edae3a3602472635243f133fba88af3034ed4d5703d4a + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: \"\" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + version: \"3.5\" + spec: + automountServiceAccountToken: false + containers: + - env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_DECLARATIVE_CONFIG + value: /kong_dbless/kong.yml + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl + - name: KONG_NGINX_DAEMON + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 9000 + name: stream-9000 + protocol: TCP + - containerPort: 9001 + name: stream-9001 + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + - mountPath: /kong_dbless/ + name: kong-custom-dbless-config-volume + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: \"off\" + - name: KONG_DECLARATIVE_CONFIG + value: /kong_dbless/kong.yml + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: 0.0.0.0:9000, [::]:9000, 0.0.0.0:9001 ssl, [::]:9001 ssl + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + - mountPath: /kong_dbless/ + name: kong-custom-dbless-config-volume + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + name: chartsnap-kong-custom-dbless-config + name: kong-custom-dbless-config-volume +- object: + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-proxy + namespace: default + spec: + rules: + - http: + paths: + - backend: + service: + name: chartsnap-kong-proxy + port: + number: 443 + path: / + pathType: ImplementationSpecific +- object: + apiVersion: v1 + data: + kong.yml: | + _format_version: \"1.1\" + services: + - name: example.com + url: http://example.com + routes: + - name: example + paths: + - \"/example\" + kind: ConfigMap + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-custom-dbless-config + namespace: default +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-manager + namespace: default + spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + enable-metrics: \"true\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-proxy + namespace: default + spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + - name: stream-9000 + port: 9000 + protocol: TCP + targetPort: 9000 + - name: stream-9001 + port: 9001 + protocol: TCP + targetPort: 9001 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +- object: + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default +""" diff --git a/build_system/charts/open-appsec-kong/ci/__snapshots__/test5-values.snap b/build_system/charts/open-appsec-kong/ci/__snapshots__/test5-values.snap new file mode 100644 index 0000000..020e835 --- /dev/null +++ b/build_system/charts/open-appsec-kong/ci/__snapshots__/test5-values.snap @@ -0,0 +1,1983 @@ +[test5-values] +SnapShot = """ +- object: + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validations + namespace: default + webhooks: + - admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: '###DYNAMIC_FIELD###' + service: + name: chartsnap-kong-validation-webhook + namespace: default + failurePolicy: Ignore + name: validations.kong.konghq.com + objectSelector: + matchExpressions: + - key: owner + operator: NotIn + values: + - helm + rules: + - apiGroups: + - configuration.konghq.com + apiVersions: + - '*' + operations: + - CREATE + - UPDATE + resources: + - kongconsumers + - kongplugins + - kongclusterplugins + - kongingresses + - apiGroups: + - \"\" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - secrets + - services + - apiGroups: + - networking.k8s.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - ingresses + - apiGroups: + - gateway.networking.k8s.io + apiVersions: + - v1alpha2 + - v1beta1 + - v1 + operations: + - CREATE + - UPDATE + resources: + - gateways + - httproutes + sideEffects: None +- object: + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + kuma.io/gateway: enabled + kuma.io/service-account-token-volume: chartsnap-kong-token + traffic.sidecar.istio.io/includeInboundPorts: \"\" + labels: + app: chartsnap-kong + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + version: \"3.5\" + spec: + automountServiceAccountToken: false + containers: + - args: null + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN + value: 0.0.0.0:8080 + - name: CONTROLLER_ANONYMOUS_REPORTS + value: \"false\" + - name: CONTROLLER_ELECTION_ID + value: kong-ingress-controller-leader-kong + - name: CONTROLLER_INGRESS_CLASS + value: kong + - name: CONTROLLER_KONG_ADMIN_TLS_SKIP_VERIFY + value: \"true\" + - name: CONTROLLER_KONG_ADMIN_URL + value: https://localhost:8444 + - name: CONTROLLER_PUBLISH_SERVICE + value: default/chartsnap-kong-proxy + image: kong/kubernetes-ingress-controller:3.0 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: ingress-controller + ports: + - containerPort: 8080 + name: webhook + protocol: TCP + - containerPort: 10255 + name: cmetrics + protocol: TCP + - containerPort: 10254 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: 10254 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /admission-webhook + name: webhook-cert + readOnly: true + - mountPath: /var/run/secrets/kubernetes.io/serviceaccount + name: chartsnap-kong-token + readOnly: true + - env: + - name: CLIENT_ID + value: exampleId + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: \"5432\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + - name: KONG_NGINX_DAEMON + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + lifecycle: + preStop: + exec: + command: + - kong + - quit + - --wait=15 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /status + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: proxy + ports: + - containerPort: 8000 + name: proxy + protocol: TCP + - containerPort: 8443 + name: proxy-tls + protocol: TCP + - containerPort: 8100 + name: status + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /status/ready + port: status + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - rm + - -vrf + - $KONG_PREFIX/pids + env: + - name: CLIENT_ID + value: exampleId + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: \"5432\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: clear-stale-pid + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + - args: + - /bin/bash + - -c + - export KONG_NGINX_DAEMON=on KONG_PREFIX=`mktemp -d` KONG_KEYRING_ENABLED=off; until kong start; do echo 'waiting for db'; sleep 1; done; kong stop + env: + - name: CLIENT_ID + value: exampleId + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: \"5432\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: wait-for-db + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + securityContext: {} + serviceAccountName: chartsnap-kong + terminationGracePeriodSeconds: 30 + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + defaultMode: 493 + name: chartsnap-kong-bash-wait-for-postgres + name: chartsnap-kong-bash-wait-for-postgres + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +- object: + apiVersion: apps/v1 + kind: StatefulSet + metadata: + annotations: null + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-11.9.13 + name: chartsnap-postgresql + namespace: default + spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: postgresql + serviceName: chartsnap-postgresql-hl + template: + metadata: + annotations: null + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-11.9.13 + name: chartsnap-postgresql + spec: + affinity: + nodeAffinity: null + podAffinity: null + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: postgresql + namespaces: + - default + topologyKey: kubernetes.io/hostname + weight: 1 + containers: + - env: + - name: BITNAMI_DEBUG + value: \"false\" + - name: POSTGRESQL_PORT_NUMBER + value: \"5432\" + - name: POSTGRESQL_VOLUME_DIR + value: /bitnami/postgresql + - name: PGDATA + value: /bitnami/postgresql/data + - name: POSTGRES_USER + value: kong + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: postgres-password + name: chartsnap-postgresql + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: POSTGRES_DB + value: kong + - name: POSTGRESQL_ENABLE_LDAP + value: \"no\" + - name: POSTGRESQL_ENABLE_TLS + value: \"no\" + - name: POSTGRESQL_LOG_HOSTNAME + value: \"false\" + - name: POSTGRESQL_LOG_CONNECTIONS + value: \"false\" + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: \"false\" + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: \"off\" + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: error + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: pgaudit + image: docker.io/bitnami/postgresql:13.11.0-debian-11-r20 + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U \"kong\" -d \"dbname=kong\" -h 127.0.0.1 -p 5432 + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: postgresql + ports: + - containerPort: 5432 + name: tcp-postgresql + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + - | + exec pg_isready -U \"kong\" -d \"dbname=kong\" -h 127.0.0.1 -p 5432 + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: {} + requests: + cpu: 250m + memory: 256Mi + securityContext: + runAsUser: 1001 + volumeMounts: + - mountPath: /dev/shm + name: dshm + - mountPath: /bitnami/postgresql + name: data + hostIPC: false + hostNetwork: false + initContainers: null + securityContext: + fsGroup: 1001 + serviceAccountName: default + volumes: + - emptyDir: + medium: Memory + name: dshm + updateStrategy: + rollingUpdate: {} + type: RollingUpdate + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi +- object: + apiVersion: batch/v1 + kind: Job + metadata: + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/hook-delete-policy: BeforeHookCreation + labels: + app.kubernetes.io/component: init-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-init-migrations + namespace: default + spec: + backoffLimit: null + template: + metadata: + annotations: + kuma.io/service-account-token-volume: chartsnap-kong-token + sidecar.istio.io/inject: \"false\" + labels: + app.kubernetes.io/component: init-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: kong-init-migrations + spec: + automountServiceAccountToken: false + containers: + - args: + - kong + - migrations + - bootstrap + env: + - name: CLIENT_ID + value: exampleId + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: \"5432\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + - name: KONG_NGINX_DAEMON + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: kong-migrations + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - bash + - /wait_postgres/wait.sh + env: + - name: CLIENT_ID + value: exampleId + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: \"5432\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + - name: KONG_NGINX_DAEMON + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: wait-for-postgres + resources: {} + volumeMounts: + - mountPath: /wait_postgres + name: chartsnap-kong-bash-wait-for-postgres + restartPolicy: OnFailure + securityContext: {} + serviceAccountName: chartsnap-kong + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + defaultMode: 493 + name: chartsnap-kong-bash-wait-for-postgres + name: chartsnap-kong-bash-wait-for-postgres + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +- object: + apiVersion: batch/v1 + kind: Job + metadata: + annotations: + helm.sh/hook: post-upgrade + helm.sh/hook-delete-policy: before-hook-creation + labels: + app.kubernetes.io/component: post-upgrade-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-post-upgrade-migrations + namespace: default + spec: + backoffLimit: null + template: + metadata: + annotations: + kuma.io/service-account-token-volume: chartsnap-kong-token + sidecar.istio.io/inject: \"false\" + labels: + app.kubernetes.io/component: post-upgrade-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: kong-post-upgrade-migrations + spec: + automountServiceAccountToken: false + containers: + - args: + - kong + - migrations + - finish + env: + - name: CLIENT_ID + value: exampleId + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: \"5432\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + - name: KONG_NGINX_DAEMON + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: kong-post-upgrade-migrations + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - bash + - /wait_postgres/wait.sh + env: + - name: CLIENT_ID + value: exampleId + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: \"5432\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + - name: KONG_NGINX_DAEMON + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: wait-for-postgres + resources: {} + volumeMounts: + - mountPath: /wait_postgres + name: chartsnap-kong-bash-wait-for-postgres + restartPolicy: OnFailure + securityContext: {} + serviceAccountName: chartsnap-kong + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + defaultMode: 493 + name: chartsnap-kong-bash-wait-for-postgres + name: chartsnap-kong-bash-wait-for-postgres + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +- object: + apiVersion: batch/v1 + kind: Job + metadata: + annotations: + argocd.argoproj.io/hook: Sync + argocd.argoproj.io/hook-delete-policy: BeforeHookCreation + helm.sh/hook: pre-upgrade + helm.sh/hook-delete-policy: before-hook-creation + labels: + app.kubernetes.io/component: pre-upgrade-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-pre-upgrade-migrations + namespace: default + spec: + backoffLimit: null + template: + metadata: + annotations: + kuma.io/service-account-token-volume: chartsnap-kong-token + sidecar.istio.io/inject: \"false\" + labels: + app.kubernetes.io/component: pre-upgrade-migrations + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: kong-pre-upgrade-migrations + spec: + automountServiceAccountToken: false + containers: + - args: + - kong + - migrations + - up + env: + - name: CLIENT_ID + value: exampleId + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: \"5432\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + - name: KONG_NGINX_DAEMON + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: kong-upgrade-migrations + resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /kong_prefix/ + name: chartsnap-kong-prefix-dir + - mountPath: /tmp + name: chartsnap-kong-tmp + initContainers: + - command: + - bash + - /wait_postgres/wait.sh + env: + - name: CLIENT_ID + value: exampleId + - name: KONG_ADMIN_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_API_URI + value: http:// + - name: KONG_ADMIN_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_GUI_ACCESS_LOG + value: /dev/stdout + - name: KONG_ADMIN_GUI_API_URL + value: http:// + - name: KONG_ADMIN_GUI_ERROR_LOG + value: /dev/stderr + - name: KONG_ADMIN_LISTEN + value: 127.0.0.1:8444 http2 ssl, [::1]:8444 http2 ssl + - name: KONG_ANONYMOUS_REPORTS + value: \"off\" + - name: KONG_CLUSTER_LISTEN + value: \"off\" + - name: KONG_DATABASE + value: postgres + - name: KONG_KIC + value: \"on\" + - name: KONG_LUA_PACKAGE_PATH + value: /opt/?.lua;/opt/?/init.lua;; + - name: KONG_NGINX_WORKER_PROCESSES + value: \"2\" + - name: KONG_PG_HOST + value: chartsnap-postgresql + - name: KONG_PG_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: chartsnap-postgresql + - name: KONG_PG_PORT + value: \"5432\" + - name: KONG_PORTAL_API_ACCESS_LOG + value: /dev/stdout + - name: KONG_PORTAL_API_ERROR_LOG + value: /dev/stderr + - name: KONG_PORT_MAPS + value: 80:8000, 443:8443 + - name: KONG_PREFIX + value: /kong_prefix/ + - name: KONG_PROXY_ACCESS_LOG + value: /dev/stdout + - name: KONG_PROXY_ERROR_LOG + value: /dev/stderr + - name: KONG_PROXY_LISTEN + value: 0.0.0.0:8000, [::]:8000, 0.0.0.0:8443 http2 ssl, [::]:8443 http2 ssl + - name: KONG_PROXY_STREAM_ACCESS_LOG + value: /dev/stdout basic + - name: KONG_PROXY_STREAM_ERROR_LOG + value: /dev/stderr + - name: KONG_ROUTER_FLAVOR + value: traditional + - name: KONG_STATUS_ACCESS_LOG + value: \"off\" + - name: KONG_STATUS_ERROR_LOG + value: /dev/stderr + - name: KONG_STATUS_LISTEN + value: 0.0.0.0:8100, [::]:8100 + - name: KONG_STREAM_LISTEN + value: \"off\" + - name: KONG_NGINX_DAEMON + value: \"off\" + image: kong:3.5 + imagePullPolicy: IfNotPresent + name: wait-for-postgres + resources: {} + volumeMounts: + - mountPath: /wait_postgres + name: chartsnap-kong-bash-wait-for-postgres + restartPolicy: OnFailure + securityContext: {} + serviceAccountName: chartsnap-kong + volumes: + - emptyDir: + sizeLimit: 256Mi + name: chartsnap-kong-prefix-dir + - emptyDir: + sizeLimit: 1Gi + name: chartsnap-kong-tmp + - name: chartsnap-kong-token + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + - configMap: + defaultMode: 493 + name: chartsnap-kong-bash-wait-for-postgres + name: chartsnap-kong-bash-wait-for-postgres + - name: webhook-cert + secret: + secretName: chartsnap-kong-validation-webhook-keypair +- object: + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-proxy + namespace: default + spec: + rules: + - host: proxy.kong.example + http: + paths: + - backend: + service: + name: chartsnap-kong-proxy + port: + number: 443 + path: / + pathType: ImplementationSpecific +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + rules: + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongupstreampolicies/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumergroups/status + verbs: + - get + - patch + - update + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - secrets + verbs: + - list + - watch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get + - list + - watch + - apiGroups: + - \"\" + resources: + - services/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - ingressclassparameterses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongconsumers/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - tcpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - udpingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - get + - patch + - update + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins + verbs: + - get + - list + - watch + - apiGroups: + - configuration.konghq.com + resources: + - kongclusterplugins/status + verbs: + - get + - patch + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: chartsnap-kong + subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + rules: + - apiGroups: + - \"\" + resources: + - configmaps + - pods + - secrets + - namespaces + verbs: + - get + - apiGroups: + - \"\" + resourceNames: + - kong-ingress-controller-leader-kong-kong + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - \"\" + resources: + - configmaps + verbs: + - create + - apiGroups: + - \"\" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - \"\" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - \"\" + resources: + - services + verbs: + - get +- object: + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: chartsnap-kong + subjects: + - kind: ServiceAccount + name: chartsnap-kong + namespace: default +- object: + apiVersion: v1 + data: + wait.sh: | + until timeout 2 bash -c \"9<>/dev/tcp/${KONG_PG_HOST}/${KONG_PG_PORT}\" + do echo \"waiting for db - trying ${KONG_PG_HOST}:${KONG_PG_PORT}\" + sleep 2 + done + kind: ConfigMap + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-bash-wait-for-postgres + namespace: default +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook-ca-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + data: + tls.crt: '###DYNAMIC_FIELD###' + tls.key: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook-keypair + namespace: default + type: kubernetes.io/tls +- object: + apiVersion: v1 + data: + password: a29uZw== + postgres-password: '###DYNAMIC_FIELD###' + kind: Secret + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-11.9.13 + name: chartsnap-postgresql + namespace: default + type: Opaque +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-manager + namespace: default + spec: + ports: + - name: kong-manager + port: 8002 + protocol: TCP + targetPort: 8002 + - name: kong-manager-tls + port: 8445 + protocol: TCP + targetPort: 8445 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: NodePort +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + enable-metrics: \"true\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-proxy + namespace: default + spec: + ports: + - name: kong-proxy + port: 80 + protocol: TCP + targetPort: 8000 + - name: kong-proxy-tls + port: 443 + protocol: TCP + targetPort: 8443 + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: kong + type: LoadBalancer +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong-validation-webhook + namespace: default + spec: + ports: + - name: webhook + port: 443 + protocol: TCP + targetPort: webhook + selector: + app.kubernetes.io/component: app + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 +- object: + apiVersion: v1 + kind: Service + metadata: + annotations: null + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-11.9.13 + name: chartsnap-postgresql + namespace: default + spec: + ports: + - name: tcp-postgresql + nodePort: null + port: 5432 + targetPort: tcp-postgresql + selector: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: postgresql + sessionAffinity: None + type: ClusterIP +- object: + apiVersion: v1 + kind: Service + metadata: + labels: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-11.9.13 + service.alpha.kubernetes.io/tolerate-unready-endpoints: \"true\" + name: chartsnap-postgresql-hl + namespace: default + spec: + clusterIP: None + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + publishNotReadyAddresses: true + selector: + app.kubernetes.io/component: primary + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/name: postgresql + type: ClusterIP +- object: + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + app.kubernetes.io/instance: chartsnap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kong + app.kubernetes.io/version: \"3.5\" + helm.sh/chart: kong-2.35.1 + name: chartsnap-kong + namespace: default +""" diff --git a/build_system/charts/open-appsec-kong/ci/test2-values.yaml b/build_system/charts/open-appsec-kong/ci/test2-values.yaml index b635642..ba77b5c 100644 --- a/build_system/charts/open-appsec-kong/ci/test2-values.yaml +++ b/build_system/charts/open-appsec-kong/ci/test2-values.yaml @@ -11,6 +11,9 @@ ingressController: timeoutSeconds: 5 env: anonymous_reports: "false" + envFrom: + - configMapRef: + name: env-config customEnv: TZ: "Europe/Berlin" watchNamespaces: @@ -23,6 +26,9 @@ postgresql: env: anonymous_reports: "off" database: "postgres" +envFrom: +- configMapRef: + name: env-config # - ingress resources are created without hosts admin: ingress: @@ -63,3 +69,11 @@ deployment: requests: cpu: "100m" memory: "64Mi" + +extraObjects: +- apiVersion: v1 + kind: ConfigMap + metadata: + name: env-config + data: + test-env: test diff --git a/build_system/charts/open-appsec-kong/example-values/doc-examples/quickstart-enterprise-licensed-aio.yaml b/build_system/charts/open-appsec-kong/example-values/doc-examples/quickstart-enterprise-licensed-aio.yaml index 3b8423d..84e232c 100644 --- a/build_system/charts/open-appsec-kong/example-values/doc-examples/quickstart-enterprise-licensed-aio.yaml +++ b/build_system/charts/open-appsec-kong/example-values/doc-examples/quickstart-enterprise-licensed-aio.yaml @@ -1,3 +1,4 @@ +demo: true admin: annotations: konghq.com/protocol: https diff --git a/build_system/charts/open-appsec-kong/templates/NOTES.txt b/build_system/charts/open-appsec-kong/templates/NOTES.txt index 2d7e4ea..ea035aa 100644 --- a/build_system/charts/open-appsec-kong/templates/NOTES.txt +++ b/build_system/charts/open-appsec-kong/templates/NOTES.txt @@ -26,3 +26,17 @@ Kong: https://docs.konghq.com/kubernetes-ingress-controller/latest/guides/gettin {{- end -}} {{- include "kong.deprecation-warnings" $warnings -}} + +{{- if .Values.demo -}} + +############################################################################################# +##### WARNING: DEMO VALUES USED +############################################################################################# + +The values file used has been marked as a demo configuration. +It should NOT be used in production without comprehensive review of all settings provided. + +############################################################################################# +##### WARNING: DEMO VALUES USED +############################################################################################# +{{- end -}} \ No newline at end of file diff --git a/build_system/charts/open-appsec-kong/templates/_helpers.tpl b/build_system/charts/open-appsec-kong/templates/_helpers.tpl index a452f8a..4b478b3 100644 --- a/build_system/charts/open-appsec-kong/templates/_helpers.tpl +++ b/build_system/charts/open-appsec-kong/templates/_helpers.tpl @@ -267,6 +267,7 @@ Generic tool for creating KONG_PROXY_LISTEN, KONG_ADMIN_LISTEN, etc. */}} {{- define "kong.listen" -}} {{- $unifiedListen := list -}} + {{- $defaultAddrs := (list "0.0.0.0" "[::]") -}} {{/* Some services do not support these blocks at all, so these checks are a two-stage "is it safe to evaluate this?" and then "should we evaluate @@ -276,9 +277,12 @@ Generic tool for creating KONG_PROXY_LISTEN, KONG_ADMIN_LISTEN, etc. {{- if .http.enabled -}} {{- $listenConfig := dict -}} {{- $listenConfig := merge $listenConfig .http -}} - {{- $_ := set $listenConfig "address" (default "0.0.0.0" .address) -}} - {{- $httpListen := (include "kong.singleListen" $listenConfig) -}} - {{- $unifiedListen = append $unifiedListen $httpListen -}} + {{- $addresses := (default $defaultAddrs .addresses) -}} + {{- range $addresses -}} + {{- $_ := set $listenConfig "address" . -}} + {{- $httpListen := (include "kong.singleListen" $listenConfig) -}} + {{- $unifiedListen = append $unifiedListen $httpListen -}} + {{- end -}} {{- end -}} {{- end -}} @@ -295,9 +299,12 @@ Generic tool for creating KONG_PROXY_LISTEN, KONG_ADMIN_LISTEN, etc. {{- $listenConfig := merge $listenConfig .tls -}} {{- $parameters := append .tls.parameters "ssl" -}} {{- $_ := set $listenConfig "parameters" $parameters -}} - {{- $_ := set $listenConfig "address" (default "0.0.0.0" .address) -}} - {{- $tlsListen := (include "kong.singleListen" $listenConfig) -}} - {{- $unifiedListen = append $unifiedListen $tlsListen -}} + {{- $addresses := (default $defaultAddrs .addresses) -}} + {{- range $addresses -}} + {{- $_ := set $listenConfig "address" . -}} + {{- $tlsListen := (include "kong.singleListen" $listenConfig) -}} + {{- $unifiedListen = append $unifiedListen $tlsListen -}} + {{- end -}} {{- end -}} {{- end -}} @@ -332,19 +339,22 @@ Create KONG_STREAM_LISTEN string */}} {{- define "kong.streamListen" -}} {{- $unifiedListen := list -}} - {{- $address := (default "0.0.0.0" .address) -}} + {{- $defaultAddrs := (list "0.0.0.0" "[::]") -}} {{- range .stream -}} {{- $listenConfig := dict -}} {{- $listenConfig := merge $listenConfig . -}} - {{- $_ := set $listenConfig "address" $address -}} - {{/* You set NGINX stream listens to UDP using a parameter due to historical reasons. - Our configuration is dual-purpose, for both the Service and listen string, so we - forcibly inject this parameter if that's the Service protocol. The default handles - configs that predate the addition of the protocol field, where we only supported TCP. */}} - {{- if (eq (default "TCP" .protocol) "UDP") -}} - {{- $_ := set $listenConfig "parameters" (append (default (list) .parameters) "udp") -}} + {{- $addresses := (default $defaultAddrs .addresses) -}} + {{- range $addresses -}} + {{- $_ := set $listenConfig "address" . -}} + {{/* You set NGINX stream listens to UDP using a parameter due to historical reasons. + Our configuration is dual-purpose, for both the Service and listen string, so we + forcibly inject this parameter if that's the Service protocol. The default handles + configs that predate the addition of the protocol field, where we only supported TCP. */}} + {{- if (eq (default "TCP" $listenConfig.protocol) "UDP") -}} + {{- $_ := set $listenConfig "parameters" (append (default (list) $listenConfig.parameters) "udp") -}} + {{- end -}} + {{- $unifiedListen = append $unifiedListen (include "kong.singleListen" $listenConfig ) -}} {{- end -}} - {{- $unifiedListen = append $unifiedListen (include "kong.singleListen" $listenConfig ) -}} {{- end -}} {{- $listenString := ($unifiedListen | join ", ") -}} @@ -827,6 +837,7 @@ The name of the Service which will be used by the controller to update the Ingre {{ toYaml .Values.containerSecurityContext | nindent 4 }} env: {{- include "kong.env" . | nindent 2 }} + {{- include "kong.envFrom" .Values.envFrom | nindent 2 }} {{/* TODO the prefix override is to work around https://github.com/Kong/charts/issues/295 Note that we use args instead of command here to /not/ override the standard image entrypoint. */}} args: [ "/bin/bash", "-c", "export KONG_NGINX_DAEMON=on KONG_PREFIX=`mktemp -d` KONG_KEYRING_ENABLED=off; until kong start; do echo 'waiting for db'; sleep 1; done; kong stop"] @@ -879,6 +890,9 @@ The name of the Service which will be used by the controller to update the Ingre containerPort: 10255 protocol: TCP {{- end }} + - name: status + containerPort: 10254 + protocol: TCP env: - name: POD_NAME valueFrom: @@ -891,6 +905,7 @@ The name of the Service which will be used by the controller to update the Ingre apiVersion: v1 fieldPath: metadata.namespace {{- include "kong.ingressController.env" . | indent 2 }} +{{ include "kong.envFrom" .Values.ingressController.envFrom | indent 2 }} image: {{ include "kong.getRepoTag" .Values.ingressController.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} {{/* disableReadiness is a hidden setting to drop this block entirely for use with a debugger @@ -967,13 +982,11 @@ the template that it itself is using form the above sections. {{- end -}} {{- with .Values.admin -}} - {{- $address := "0.0.0.0" -}} - {{- if (not .enabled) -}} - {{- $address = "127.0.0.1" -}} - {{- end -}} {{- $listenConfig := dict -}} {{- $listenConfig := merge $listenConfig . -}} - {{- $_ := set $listenConfig "address" (default $address .address) -}} + {{- if (and (not (hasKey . "addresses")) (not .enabled)) -}} + {{- $_ := set $listenConfig "addresses" (list "127.0.0.1" "[::1]") -}} + {{- end -}} {{- $_ := set $autoEnv "KONG_ADMIN_LISTEN" (include "kong.listen" $listenConfig) -}} {{- if or .tls.client.secretName .tls.client.caBundle -}} @@ -1145,7 +1158,9 @@ the template that it itself is using form the above sections. {{- end }} {{- end }} +{{- if (.Values.plugins) }} {{- $_ := set $autoEnv "KONG_PLUGINS" (include "kong.plugins" .) -}} +{{- end }} {{/* ====== USER-SET ENVIRONMENT VARIABLES ====== @@ -1222,6 +1237,7 @@ Environment variables are sorted alphabetically imagePullPolicy: {{ .Values.waitImage.pullPolicy }} env: {{- include "kong.no_daemon_env" . | nindent 2 }} + {{- include "kong.envFrom" .Values.envFrom | nindent 2 }} command: [ "bash", "/wait_postgres/wait.sh" ] volumeMounts: - name: {{ template "kong.fullname" . }}-bash-wait-for-postgres @@ -1255,7 +1271,6 @@ Kubernetes namespace-scoped resources it uses to build Kong configuration. Collectively, these are built from: kubectl kustomize github.com/kong/kubernetes-ingress-controller/config/rbac?ref=main -kubectl kustomize github.com/kong/kubernetes-ingress-controller/config/rbac/knative?ref=main kubectl kustomize github.com/kong/kubernetes-ingress-controller/config/rbac/gateway?ref=main However, there is no way to generate the split between cluster and namespaced @@ -1648,6 +1663,24 @@ Kubernetes Cluster-scoped resources it uses to build Kong configuration. - get - list - watch +{{- if (semverCompare ">= 3.1.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }} +- apiGroups: + - configuration.konghq.com + resources: + - kongvaults + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongvaults/status + verbs: + - get + - patch + - update +{{- end }} - apiGroups: - configuration.konghq.com resources: @@ -1689,6 +1722,14 @@ Kubernetes Cluster-scoped resources it uses to build Kong configuration. verbs: - get - update +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch {{- end }} - apiGroups: - networking.k8s.io @@ -1745,6 +1786,14 @@ extensions/v1beta1 {{- end -}} {{- (toYaml $proxyReadiness) -}} {{- end -}} + +{{- define "kong.envFrom" -}} + {{- if (gt (len .) 0) -}} +envFrom: +{{- toYaml . | nindent 2 -}} + {{- else -}} + {{- end -}} +{{- end -}} {{/* appsec labels */}} diff --git a/build_system/charts/open-appsec-kong/templates/appsec.yaml b/build_system/charts/open-appsec-kong/templates/appsec.yaml index 262bb3d..8af1b5d 100644 --- a/build_system/charts/open-appsec-kong/templates/appsec.yaml +++ b/build_system/charts/open-appsec-kong/templates/appsec.yaml @@ -112,6 +112,7 @@ spec: - "$KONG_PREFIX/pids" env: {{- include "kong.env" . | nindent 8 }} + {{- include "kong.envFrom" .Values.envFrom | nindent 8 }} volumeMounts: {{- include "kong.volumeMounts" . | nindent 8 }} {{- if .Values.deployment.initContainers }} @@ -229,6 +230,7 @@ spec: {{ toYaml .Values.containerSecurityContext | nindent 10 }} env: {{- include "kong.no_daemon_env" . | nindent 8 }} + {{- include "kong.envFrom" .Values.envFrom | nindent 8 }} lifecycle: {{- toYaml .Values.lifecycle | nindent 10 }} ports: diff --git a/build_system/charts/open-appsec-kong/templates/deployment.yaml b/build_system/charts/open-appsec-kong/templates/deployment.yaml index bce3262..b2af643 100644 --- a/build_system/charts/open-appsec-kong/templates/deployment.yaml +++ b/build_system/charts/open-appsec-kong/templates/deployment.yaml @@ -101,6 +101,7 @@ spec: - "$KONG_PREFIX/pids" env: {{- include "kong.env" . | nindent 8 }} + {{- include "kong.envFrom" .Values.envFrom | nindent 8 }} volumeMounts: {{- include "kong.volumeMounts" . | nindent 8 }} {{- if .Values.deployment.initContainers }} @@ -136,6 +137,7 @@ spec: {{ toYaml .Values.containerSecurityContext | nindent 10 }} env: {{- include "kong.no_daemon_env" . | nindent 8 }} + {{- include "kong.envFrom" .Values.envFrom | nindent 8 }} lifecycle: {{- toYaml .Values.lifecycle | nindent 10 }} ports: diff --git a/build_system/charts/open-appsec-kong/templates/migrations-post-upgrade.yaml b/build_system/charts/open-appsec-kong/templates/migrations-post-upgrade.yaml index 61fc6c5..a0a5956 100644 --- a/build_system/charts/open-appsec-kong/templates/migrations-post-upgrade.yaml +++ b/build_system/charts/open-appsec-kong/templates/migrations-post-upgrade.yaml @@ -72,6 +72,7 @@ spec: {{ toYaml .Values.containerSecurityContext | nindent 10 }} env: {{- include "kong.no_daemon_env" . | nindent 8 }} + {{- include "kong.envFrom" .Values.envFrom | nindent 8 }} args: [ "kong", "migrations", "finish" ] volumeMounts: {{- include "kong.volumeMounts" . | nindent 8 }} diff --git a/build_system/charts/open-appsec-kong/templates/migrations-pre-upgrade.yaml b/build_system/charts/open-appsec-kong/templates/migrations-pre-upgrade.yaml index ae7f104..8ed825b 100644 --- a/build_system/charts/open-appsec-kong/templates/migrations-pre-upgrade.yaml +++ b/build_system/charts/open-appsec-kong/templates/migrations-pre-upgrade.yaml @@ -74,6 +74,7 @@ spec: {{ toYaml .Values.containerSecurityContext | nindent 10 }} env: {{- include "kong.no_daemon_env" . | nindent 8 }} + {{- include "kong.envFrom" .Values.envFrom | nindent 8 }} args: [ "kong", "migrations", "up" ] volumeMounts: {{- include "kong.volumeMounts" . | nindent 8 }} diff --git a/build_system/charts/open-appsec-kong/templates/migrations.yaml b/build_system/charts/open-appsec-kong/templates/migrations.yaml index 8faf5e9..e1a85fb 100644 --- a/build_system/charts/open-appsec-kong/templates/migrations.yaml +++ b/build_system/charts/open-appsec-kong/templates/migrations.yaml @@ -78,6 +78,7 @@ spec: {{ toYaml .Values.containerSecurityContext | nindent 10 }} env: {{- include "kong.no_daemon_env" . | nindent 8 }} + {{- include "kong.envFrom" .Values.envFrom | nindent 8 }} args: [ "kong", "migrations", "bootstrap" ] volumeMounts: {{- include "kong.volumeMounts" . | nindent 8 }} diff --git a/build_system/charts/open-appsec-kong/values.yaml b/build_system/charts/open-appsec-kong/values.yaml index afd8751..85fdeba 100644 --- a/build_system/charts/open-appsec-kong/values.yaml +++ b/build_system/charts/open-appsec-kong/values.yaml @@ -120,6 +120,10 @@ env: # name: api_key # client_name: testClient +# Load all ConfigMap or Secret keys as environment variables: +# https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables +envFrom: [] + # This section can be used to configure some extra labels that will be added to each Kubernetes object generated. extraLabels: {} @@ -565,6 +569,10 @@ ingressController: # customEnv: # TZ: "Europe/Berlin" + # Load all ConfigMap or Secret keys as environment variables: + # https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#configure-all-key-value-pairs-in-a-configmap-as-container-environment-variables + envFrom: [] + admissionWebhook: enabled: true failurePolicy: Ignore @@ -1247,7 +1255,7 @@ appsec: #registry: repository: ghcr.io/openappsec image: "agent" - tag: "1.1.3" + tag: "1.1.5" pullPolicy: Always securityContext: @@ -1261,7 +1269,7 @@ appsec: kong: image: repository: "ghcr.io/openappsec/kong-attachment" - tag: "1.1.3" + tag: "1.1.5" configMapName: appsec-settings-configmap configMapContent: crowdsec: diff --git a/output/helm-charts/kong-premium/open-appsec-k8s-kong-premium-1.1.5.tgz b/output/helm-charts/kong-premium/open-appsec-k8s-kong-premium-1.1.5.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4a41c7d6944fd8b1fb69b778d5535bb0866a3ea1 GIT binary patch literal 210425 zcmV)8K*qlxiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvHf7~{*APnc3l_6`nT?C%c-hcCYVVz77c{P629 z(BR21Sn^YHfr~E&AKh1daKDouoYNmj!70mz=zhP4^W6Tq7wtudVP23qE$6+2dI%LHXPgRFEQV+%M9zo(ek|FI zM`J27Jf~62=6(Hp521UD%3kzMwD-K15FQsaSKZ#s2s%z#nS>Wu(0hW;GT9YJI7`sc z)mb>l8J?0k$wY6)BsQi~$>_6RptBy0B`ouXKacPn|AS@tfy4WRJ!C1v36EfPlo^#s zkv`^}2;P@p!@3D+7KbS=rXX2cCNRxN0mLG6Ow%C}1kb~}m;8TK2v|y)cj1_c zo_bVYn?26TB39%#2v4b)m198ljYLqf3gMti+4zWAbJ{iiIx zdomtdwf>(UylAZd=YOpK&+=1W)}LnC(kbC$i1-ZeAHEn44)^w79u8i-h{u4my{M-F$tp9tQmV`g4 z0#^G`o%$g{lD0M{>S?N96wv=giLUm3Zy0;O;~~CPV$VS?@2mGYCq`7c5#Xe zg6?ra>ndd1Mgh#!t-WD2>Snk(+*xN!OIw5(=7IIHU zIWF*=2vTr(BRj1>Gdub*%S6G_loa(AS6WgbUXDYMO7#|RDUV5-;*7A8w|07(2~y+* z<-~n0-#_IKkg#L$Puh=E)pR$*9zt?e%YPBtLZ_gfAy%M-a`+VpKm{l1M7J3cA!s&5 zVn$(#CphH8W*MgmDM*6wJ*KI|P-44<<}|yOuty4^ zA$l=T-;Z(<)5!vf89|&B_cSI5$1y820BR_bCAtgDIh|$%{*>QT^M(2-!DP-dP6T`) zQIk#PbXs6oMm=QuI8t4xxmBH5N=kf>O2Os|iB`n!NEV@Q7bsBzU{}pJ<%TzsU4`?E zsK)XY%pm|J31S(%tfttRb0BntMr=-yq-Tr^jtcTiNeiOp-SAk1E|?%l%&_oZAo4zE zoN)A}9Frm=f^a#^gk*x^6nIl|ukQ4`#3*J7*+n#y#NZN4&V*`>un;)DL%b{|IM(ck z4S_};L2u+>U7oyz0|!pi1>(+BOI1no)*913lmBK+s40|hagr#mQW}@~)oC+CAAaq1 zb}zY_ycY#Fw5@1v#4^p|v`j!S*O*K*Eg{u;$PzfBte>!$_X{#11<7L4x5}2&EW|nO z-|t0xFZ)}z=kR_nj9CFhGk6`d>KFt=L`KEb4fIol=p0Y0$3xga098aYD(Y|y6!|V@ znTDca=!Y(h8ROz8rI-^7faXIK?CpOY4WdD`7ibW&p#<&V8%!9J2O^vX)w3}!%riyL z6EdM0ftk5yX*nnA918r!<;I8}u$21+;c}ttSy7u_!QL;b8H7$sP6`Dw`9Xp62Og+S zF7TWftjIhUixXM^>$Jjn3&^Yl1UO$|F&mthbT}}DYyRHydV?$UU3IXXn{EWhXkpfOMZcAkWbI)oQfgZKYa0)DvalO z^FuMu+rHX+O?zAD@}3k0O_X%ZIgW|dD3ManEL+q!AEFy5!O0!|(Thdv4gi|xAjb7n z%<%$cOh~zx5KaqV$cGupP|59fqM&1rFtVrKg#=;Y4N*Ye<9VKv;8Uo7EgJ5V_Ry9 z(TD&1{O0oF_3c+b_qGtp?rFg?Sc=sFp_+LszSWcwS}3Zc87YWS-sV`uGrP5NDKcRD z>aumgd3Bt!aet2G(trn%9Cf7Gs^{->a%YPiII7JB&n5J^Z zeo&_*KwA<~E~8lLBr!qko)q>NRj@f?Vnzz7z^ZMZO^|cC-j!sFrV-*=;m)VGQqU^c zpi48em?TZ$Q;HCL4@N${r$gmLau^r@OEdX?n{QBU{}&W1^tX zERa0u$#*2>hd$~(21oUL)1^meV>bjl~S(5?y&Oxw4_Vg$V~{Rw>V$g z2oNDf!3zI1DGJ-qiq{g2&L$2P-EClB8lt|ld-Z!peCfp`8Cf1s4{gpkujO z-s1dO_UxJnGkLm$rbbYV`cN@JD%NnP7L@ZD5vIdpU~=TL}dn8SITJs8TJ zX7^@dBRSLd>98mDQOPbq4fQ8d0_(ei&CLUOCXNdt-jKyLnN&{^x+9CBBBk?CDM=FS z9a+HhIHe>Lx8^E_i(_~okvV5Lft~Ugwu!emm$Ng1{v>#yY%BF79!ri`0`og=Hy;w_ zED0@@n$IV6I>$MjxAY5~rr{k~gg}lk$F$%f%|cwY4l%Dlh7OXUMN*1&ASL?i-x{kd z#+lTqfY0TT)^v@yJlCreXo|-q)e8*RWi0jCM14VUJafs0TpK0fsvB z`bx|*j!sy7CpCY0xC5T6E+ovx40~5k9sg=K7I(@-AnqPG=%r1Uo&1$YdfZ zeosaKM~)#c)AWj^G+qqR+2n$WD|K>QViQ2PD6lej$$qcOG*xWMBXj15ztFtopexUD zRssxTNz;n9qhP~#1(^&V&&hHmAz&2d1--|Dgaw&WE{a7T-~%o53ft=FJzrd_mT$;H zy_DzFhN4>?pR64wOHfL=AYktE^k8VLy6{e}5{}EN29z(*uGup36w^$Q_X2%?b91FRsg)C2ctP@>I(A}ob3QU(!!FvzCq9d|nnmo$<hsU|2$$-(v!?4n?dU&G|?J7NnTdOdG{ADWFf!zm4=u zbGFmA=NstWPT}AaP2s`8^G`E{@V9bH+3y+T9b@_N5sFD6q@s(Z;;F=%B(x;*Jt@>1 zV?Ue`bYzLGlruD5814wQx+gaS6lw!J=wq<6>8VCos%Nm7B`6RnkK#fEmGrzieH)T2 zW^y4qxJ9;;7=K%4NlMUmM^nT_L9^+O`Q&VZ#!Sr2;d!@$pzJM`tw4RD2Bt=ZY-4S{ ztF+n+W7Dft7sZKYchMFE9-()N9reK&EY4C3gNu}kssKk)mQ55mRtj$H40kU%(zZs4 zrS8LDn0<472#}>hsCZvDj=Ch6xj>XV&4s@Afc@rtWM)uKm!YQ=2%w6EFy2TT=c1U+ zLy>Yrbxj3h{)ETY7OES8+CH%qb9NSe7u48lT+lfdvq-bNm<>_iP(!M>@{yDfIJ50( zb=H#fpW%CgFp60rH$;{tVD6Eh$t4@1?K3$nsh0x=BYh(5pT5Vj=wHG4bjNmo1DkmJ zCk@qz3oJ_Br3-0wUkd=K$4E^i!zo6e8I};476S)cvw-*yy|e+ zYf9#g_gN434q;yx>w8*sK6-a)cB+@0*6rmgrf@t*`_Z1UJ@GP!jRF|ig}@Cj>vNSd z^?{fw$XrS(b-xaGsdAB;Zn~CGeZYrWqSpt!g+MyOik9f>`vkqR>+)DFzMg)2j7K%W zQ@1Q@C~K(OTgtA|_~a`|gRfv0xH%sIt0jzZkD3zsK(bAM#wm;MdRxxMCwB^MUj>NT z-K4FrB|L1`>@EVcgqoV16cbj=drC6t{pTL1G*MerLJJa$RGUB)(v=laZ810JqtI#q z*|fI>Ruf8iB=-p^o-?8k$x1v^Ay3q>{L+Oo)B-Y+L;+~-+8SXL_CTweQnuV2UnvI* zssAFQ|Dx@9M&dhl7_H7W3YUADkm4Cf35!cBNOsMYly4Nb(o8KAs!VHy??i@YhHdAK z4NelZIs2WSC9IHHLw!H&P~Q)`1Q^KuV@0R4tM=1dr6L%DuB#;QJf#91Ujb8{TP5;Q1yAz31Vz%ZvqL!2FPsxm z(3l(AJ<1AYR@-V5$e?4R`BX-R--w-PZ2}piNYh00d?OQ)Ctv^iYhusqt{Pk~vdxNR1H=t(f>rJVFaFUW(D9sgodbA{jg$gYyv?6q_ z4qIS(NfsHN!v(D|{@{sJgao*qc$2JFx1xd?LHNyJFbM4QTIsGXOos@kVg@G%sX9q1 zt?|?h2jUiPqjpUT<7M&gB(>%(gio?Pxx*#}U~8zSQ}q zk_t63<-MtnAvecY4u0;%AP5yMStzb#3-ukAJA_HMNMBc|aGpwWvP!lnfY930j^)IT zF3wy(8xBSS>X`@>iLGhoKlUSsM2(GO%hi1w=OSm7|71_+GvoBGPfOUIYH+5^56u`A zbysZ9^}h`Z>$*xZwdRmz>hWU~#Yob^Ezl-Sg|o`O0bf*^ki5J!s8&Xc8aFHG?DckEGA{`WFPc&N%JJB}ZX&8wb?CF?@E( z@;IE+_oTAWfX#sSwm|b}`tsPLf!0D4NhNVbfhQ9ht20yOpVv^yxz)mZM$6yO!e^(F zfIzTdFP?uqXNo@iOMoV4Ga{Kik(&f#VKbM_zS!>2wUzB~Eje7M&6Q0_(G z$FB~F+HGH3;^m4oSq|X+SjRytw?CrWLkMzjOSJ>@K21r;7hI6J^|qex}nW2 zeaitt%79(;Fr(Udqy_;_2i?H*NYzz4&U1nx4vuDkuS9NCj@9it16jSTL;eebm}cD_ z8^6JcoI~N@$otmgc?$(ngAEYP61Y3yS}qyz3%w;md_AU_LC(G(!Yi#M^|q9d(o5OK z)yv6*SQ9qU8Wuna3-VAn-A7pHfLd@bH!b>Aiy-Q0zO$Q0Y=>szb}K>;k%6H- zrXAh7hK6pyJ?hqDvRB~Wb590CRC~c)=k3R0DbGd_A)upTNMhisz)cmbZ1@G)uy9FQ zIO_C?h>Zr{|Db*eWrx4^Z3Ltr)L?_`bj%2=&_5dL7 zNioKP&Q10NEC8BhFr(zL3ChbX7Nt6$tAK!?qn~#GHx(2|IWLJ9{!`bS6$Umse9Kqy zMarv3;64YB{ExKUtC^ha#G=2mF*izr@KiOuanE}d7kK()UXZZNrv*;jCS<;7F2L4$oK?LfRm` z;ixY;)vV5K)cb2HE^`GA!b{ztH67OA?f1A~Wv1=1a%N1n0jVebosExLH2H?ABh?Ew znLxZcXmuIOhz^zAMgLop6;`qhB-I`?CYTs`5LBR%Ny%qAHH)<%n6pfCh;sUqtPt2Q zf}svNvPu1vaD=n1{R^QuFNbJvFqqpXb25j`sS49aKqtZ*-yODmwzvOMefImzEV6~( z5R%Kj=TxOu;l#zU(x2=KN)S$!60SYJHc*^`GI_m!!uU&~rUO4$SgaFaG zQW@3FgSF_IgIfLaK~Y=slhW|AIvgo3qyUloW!7>#5%rRBs{Qug!(h*(h}p9KrbGR=yX@<6Jm$UO8sEBS z-Xc^Msfw^0_WNCJ)FEf+J*&a>-Z_S6_hE>FzRhy+bYh^sp3H9Xd&xBP3G#ic%wG4T z{h0(K&0e2@&-xq}3zV0I@->E8YHjY=Kt$&9=;KUeiHN|U3o_hzd)qV=CP>%` z54M5CDzIo*gEUGLTsPKkp;3^L_acx`B5f$6_ULWnitW%eL^D8E;V^{JYRMpxt977a znISPshRRGQ<4Mr-XwMo|G}v7~*9No*^p$lp(is<1dqc0ItxqVAB^NC^ovDqifOw{( zoN5EP+XUBM^{V?PlkF$yxpz`QEv%bn3B9LDiPP#M7|{b5@+MW-OO2b|ZefkQZR<+&pe`<>}8MvEr8T0>5S{Tww*l2GIbq0%hbud0oJWF6>Y$7ZLCNszrqRip4#}?a3cNeBE333xAaQ z@W`9Nk7LU@Ha(7$`bs9<6Sm6Nh#eoSkiivhXlknim*xCls@lhK{wQwOD zi%Rh#Qhv+tXnqTrFTA9aXGU(+GpmB`cKz+qv02SaZzeP}usnF#HKnT8zautXp6m)F zn2Ly0SuOR~F3Ku>h%x;-2}G(pWo*HwCgc<6{DX%#s9cgWS zM;5*64E?0ZY>qE4ZmuuS&rh$bls2wv`h?kIz%E(kXi+1-`G1BeI4uj7lm54)NNJ|U z>Bl5c0Ve&;r%-{VUL{dcTMs0V`jL!hjNJ`8+>j@jre#5Fo{wp!v|8-|fnJ(>6=yw~ zeN0DidAp(&yCb;MV};{arQJ5%g#^ZW*qcD+JMn-jy&=E{5r-Wo3!{|yA%ZQP93P>v z3V$}%e*>~5+}aqGFuFQ@i%hU}1w!2ec$QYdOiZ4#*E}d zXbqv^EO%38L>pn$rs3@Tg3bvmg-%y2=U{JOvMC!U7O%+=?G1W8--pm9(AjF3f6ts| zb`M6|o&&|+%RlebAl6NFy^lzr+MZseN~5}kelWnmbfQumf_EOowpq(n)XcYPytF?} z3e_G$#Tds!f87w!@xc}YTV<63vodSxgP9TwZr0~sr6Hu|VvoW&QhHA^!ueIf#+n5o?txsRIwLq0vws-9SV^J1!T#Zae!}A!kz@Y;=H^N}oKit?dO}iMWyV$^jCJnP zfsLe~EOA*5;Fh4g-pmTZXDm&IXwQ|9&hzJBcf|=^Z$yv|{C6;*->V^6Wth)MELzWM z4gSVbGnCEIb(u+mqSpm0^Jg5Lom97L^%Fr}@);zJt5V-;MH~sHq+_AL0kpFdbDHbw z{OIb;af$8f7H$IAI=$Dgh}32V$6$uujZi_Rlx1LvVM(dfJ{Jckg-HE?Uq#?5AiGZN ziGSS3xm@-Il^dcRoK81J%IJ>95zeWT0X5Lh(Kx5ySIL7*-qy5@n)(t{U2-bHD`tYNyu#-*5%OsG%rRDu-lwCVGRNV&?_)Yga{}*paCcYwLuB=X1Fa=H3W zWFv6MWGq!))||+G-L@hvvuO^6SG%g>2TX=JY5Ipt*~@~JQ7a6&3GG_$CGT?*YbQ;u z_o;&#d&msmY;)qOqPr+|5>M<@y+|CcYU-|o!f`9R!6{K{^xjoH@LVU-(*{{m z9c@4+bqCtIl;tp$rC_}H&66W;q%-*h#{QLsXr8n`W9*mYE6S`YcVg2sBb{@fsH;7T z9xKo><{W29fqPrZt46!;!?%J9FziE3l=>|lxWd%;IW<^qMdHTav5pTUcGbJv14z}B z-q}Q8RXeah7DOf5ePEhZw13OClRR%nC+%0~1YK{>C4ll=T7w!23D+Oa0jZ3wP$0bcgNVAF!C|dWAoxDAb<_To;`SIxb z;_Tw}&@pQ&1GOE9!lN>bVpQNPVRM-J2Ua9tZ|Mcqb9?Qq z52BIlln)n0y)6g&`#hyF73rd5_-nzRFul(8iFAtwThqFq0uWgRzB1yw1mC1P9O~AWjTzYxc z{oX-!vA6d;+S`i;VM4|fXW`ynSnLmaH5&|kZ%>F7jZkoS@O=N16n!|hF&T1W)HO*9 zNVGP!u6$41Y0uT!TIOF}a}Z(nhM!?>il61)@Uy;KIn$3?e0X(?0E`FO@j!c%^aL(I z$0^S4XZC~^-b8hR1Kst0v4b$kN@?QX8 zjboL2q^Hb)RCZ^_q{8nq+p11ikj;<`rx21LY7F3g(B_9~&8&5zDaFPkO&f94=kLHf zYCdPmGh5O($sjVASC`SIiNaa8k%;R;97<5?q{3hj^;JPIT*^%(LO;?piE)v@wp1kg zp3^$xj~Ci*r+r7dMpvOcL;=q8$njWFcYF}x0tw>&`Zt{j&0K3p;hIf}>%DDiZlTf9 zg&KsRf)~}=)>VjtuOgi1y!8b*B2`6W3~%Usm4+cbZoI1!c;cLD^+hwq3a+%dtN-B2 ze>qqBGyiGXQcq78x2duk-SQ8kgxr&q<)qMUSIa+W_6Mu|CRokR-ZFms@at#eH=B2_ zTfUj{Wg_J(dCkcn+0JZgQguNnO+n*qhV{7>DYLBBCUuR2xpmZ0C)N73<61n_SoOD6 zDYl?V#803@E-PXCq+RtMFcoJ;-QPk#Vp^rTvIlFZ1R~dVmeNcfh$pOo#JPpAo*%40 zg+9R6;)Kp7Ha1N%qdsH$GxkV?DB#XIuIr+9i8vB8u2B)fUs_T2|0`b5r{~QQe ziCVlKyQ+QY;vy0WZD56{(wVjbkScPkvLJx$nvwX9`vDNu{dh|$FEw4VH|4IyCKDP{ zoK_ii;H7mL04(&SROO{9sf=m}Z_4i2sX>Z9?(D^k>Q<_cR zK^xVv`^4O3&GGwDSxn_J-Wv@56jYDjWj52=5C!s;W300IQ5EIwMO)p0$!2owZ6UcZ zAcxN1CI3OlI_4-Nl5cRa*wrUrE4|~gNEc{aC|^GaqJCE0=sk;i%?m>BeotNQso(9j z-fKMv-i=;I%idP)Qnhl~g&?TrjjMOxYHnLq?rU}F8aR$D>bbfY^)FmIuUp$LTidQ$ z+b>$%u32GToSX345F5ATOGfxx92*GWGH)B2|5DY*vZHfjI;-*Nr|t-~o18nwt?mo+ zt=0?kt>%UKes8PezI?0ozWiVSrbxeNE=uWy#ETfRxUf5k?DdMOMK*Uw71~h!8d`WE z!0Y$ygP{sl90{fqc9Qobt}Ycp{rRP&0t%gBYkbhO@cnRn&ZHdYLbNrB1nw;Y>RF&b4o_qqg=U(cxSd?puO@Uzg9kLQvyguFx|j{Tgx(KwyMn9Tl{M zzP~zhlB7!9t&5}4sGz7*n!2HJ_Z0WGT<0t)-*>BMnp%BY6g1+VBIjG0xdnrJ&X8Jf zb>=j?R&<436*SxGfz&a^WQOmlbqn6w(m9Qfuim`_t2>bLiWD))ggjk9fQKq`I`Lzo zwfDIx)#2dQzu%X~KmW;?2n=NymvuMP@rd?><^+3KulJ3*gaTbir`whk(TTTvY7f)L z2TgIkxtR&5wnBA57U!jXqQ+6RFzK(HVL9*cJt^>%I4>cGomo;>EI}uf7bP6?(6?nW zB|Y;kpQDftsJ%+$^$uph4s;QF8!@}%Xj1orU5Oin`NOPJU)t^h`MkFo^Di-<# z*M^$suG~zvB~MgZxi08EP07^vW}k3y<}*|-N{PUAnH}+?Y+-!xJ# z5B&L$z38y!-DoRX)|%C9Hm>K8_VFY*xy;hVHDlsCi<$9%?m=ZHDi&4tTfNnB&8t$( zlJ~+t9Ywv`YqOKIedSiNx4(~S-}hEvy3RaStc~_mVlQ}d!7>Tb0^%f=6L3{9IaAt` zP)RlA4|`&b=`qgnn5I-v!~ zHzvJ+N%*5eE4X?PqF`?j?F|Nz{I5D}I*vY7>~@wg!QHCQQUa;=oZup!5&MCOdgJ$T zWDL|Pi*c&ocRg==R`QTwF2cP?61Nm2GWq6uJ#CYG%Q7l8x?Z~@>BwsZq`NBET)r$h zV!6~nS<&j&Us;}X0oW-9kb3XZ=@Cr&2j!kq<+f1Q+s539woU9XwiUp%;T-JcJG+Pz z;>THS|IB* zcCJ?uHkZ~$mL@FbP7p=EqF`U;9Z^N*^<8M+ck1tJOto#X#gvk8w(d9+UocaT)MN3ah3b?_Tsu=4n z^c^d_lRBA$AFmNWyC{eIU(mnIMWVmGt)3El-5x6btyz`$T;v-<^d{NK5DnN%EpBd# zKea3cg~Y8I>Foru9VdV>M8(-3pj;7`N^R%i5^~`tsLC z&U1LLt{x6we(ivkY@@W>XV0p~oTo#S0U^y3feQgC;H?)yo-ScTfObkwgcKWZZC z{nfbZ=jDoVW}%ssFPMi^$z{O8_|`h-ZJaH{O!6($Mtlsy2@ZZ1oKF5yS)Y_{h_I1u zAjom1>0~^S{e@_uRpYcR-Lwi+C{4==TSh+mlGw{f0d#ynyTk*$cAlF^}o^z0IT3xP2;x!7)4feICOufY1zT+k&k z##A~uXs`Hcp8t-^!2LGL!5Xi%Kgz+bE(cp_<{K7yJ+YpoR{-L3$Y9mezmo{=p!7PT zxV@I8dH&y06hE3;2L~@YMDmM2MDkOJWaF9sheTdeB4d>f;3I`HI=VXhjDq>->g?ZL zIBSZpBcKmD1oXkbmw;ZIVh0CbcL?dP{}9qoC!}#s|B%yb$Z36FD2RM3igwS34P>bC zsIdTl=b}_JE(0nSt&75T?aMrG5j8L~`m*`#s(lBm?m_BP)vWo8-l+r#wC?MlQe|(} zRkTm8AYYu##AKY3K41ObRg1Vj)<4$r8fzI++*ie;fX%j0{b{dC^*3MWTb6K+^Ik2} zpUUmm7py;D^ivjNn{I@cW7TB72zfb%(NwM$yO#a*g}eB}wF+?z0M+}rhx42(ueLc$B)L^K zu%79NgEj#f#aE6|0WM)jX>5rPdSaLZ$q<7RLOwdrpGGXt3o6$*h9jr zFpw6>Za6}ha?;OIHl5OJ>iTjcm5{G;E_I88n2th|*W~5k<)DAR*H1`H;j*}|N@yBD z&b1dX|BNMafK*+4yP3l3qjqjxJM%WxGrGae)Um{IMB;jmI=Sqe3tAieR^6qKQx@M@ zw3brX9~i7?6bx4U1YW95y)QYDbc&U|RGIpb36=Y10I4$lM48QRY9C1DORmxzm4>`m zh1;NhoQE0CSO^W|8^{g(9h-J0jb_uMBmtEJ1?CQ#X5_t4FnAQFtW2V8O0o!oJ#$7g z0RmD5aqHwJJt@NQVhW|Toa8XMl(X`%V~clhxpGT|TVI(*Lg&~;Bf$zhB?xpE^WE9R zq}|;`Ts3gKGylVV^q&xZvL)|G zrCE2Cm1(+*GS=u0)ObYgh>$AV5YHI1F8wBa%l1x+2%+t1zK>Xjj(!};QQ$1WMS`?v zI6!*+=5$xSM*n|wnUicJaD1mLn499}E;>U=kPfa;dz#|CDj%_3)!OX{WIp`|8KS+{ z)F|JRCEv-{t>2{t7a27&8OBqkk~dhR7?MMSQ~-|*DDx;c#f1r?hN@M%19zx)X>V~5l_e3G5ME{ymL7bNk<^wfBnKEP?c4aqGO zhTuX3L7MkCqiKr$T7_~~llmk2LBHM3n4TDLb!V9ru{%)>mU78Z&D!A|<+Lg3{U4SC=>#r>>CS{t+R;qzc z@fI@lcg`|-Tz&QIL!^S(BiCRQX$!|+2Y-ub{_C@y-qq#xzYM>e#1SMYl<3G`BtjoP zAd+(8Q`(rWJE+`3fpg}?sVBkv)4 z@ap>Vzka$syL$EI2T8AAhhKh>nE%>~%OXWzn%BMFWfnUT26lC5wL(=El}lu*qw2x; zkR)2y5KKK#=D(g?V8c$w(WN!)j9LP4d0%%I>hAhIImRy^)UMCb@Rh3aB}d%*@FA28 zv^~T84Ov*GX~dqQK%Xj)VhHgKcHn#SIV)C!h*eXKeri^eYdwV8)D`;v#L`;VfC!#_Q-O;|K~z zW;k>Effgo9CwV}|a#sr;4lDu9I&gnCQw&Jy8M59~I%rf*fBl_gWZR(rQl#9x^Y|!Z z0&TlJ`NFVHy-r5L#VH&5@|3o zL$zVR09)|KS<;syY~b&v?Ng6xy+c{e?{99d`ZwpJXq^dFvHx0tCL}M2;*HP{BXH>A z@_`|8Lgq}p*!q+|3VN07`Q-HNCHmp${N3pYy&IjLeB$1FH>&tjNjSv2s(|+y6ig!- zn&aY5PMk{SGH3Oa=x4%2C|z9M*y2<)b4z^~?OvWB3Nj-Zr}y$idr!%O%8{5>g2a@` zivD|(-Qm}NwHEyE`?KWycRM3#P6{50JpHIXmY)Ci4i66phxPN{*M|pxoc}(@&xa5F zuh2c64?$y+(oY^DUP)~O$1^fSU-e;Y>3`KbHc=?X+9_4?1^T7LsVd!p^ITs}|48Ik zmZ=gx0=;++DFwORRv`${@n-{#XhKP<^QD4C-b8v*j<$8GsFRD4Y)f?^>7A$t=z%Cv z2Hxg*!fcHO>*!inSg^%k?RHn4P+Ip>uLqrIbOro10I5Sw1IqCX7ec{s(YrKBa{s9) zENLr$rSnlanb7wr2%DNgv(xG{WpyT)gW;?7F{q=wofk9{6BPW3hkxQhjSvd{60CP@ zF9x|rPu=5zko0OWbxho$sNeNnGWsVNA?1_@e-2P^8+;^T=S1Lh?S&&-;5@H+)hNqo z`w>_jZhJG5&Lcikf%a`}^>Cqavj>wDV2FYbA8OO^>#sq}7y6bu94~6$=#cx4&+g5I zy!=Gb^(fCP(*9C10cIabrUH@?e+jYDU#cM6;VV1maN(~rQo#q%68-us0QWW7f@BFP zZt^rh+X;;Y3IJSSzy`6p%?{9)J9RAN%&nY6uG4jW^h7p4vLkUB={B_xTNeg?cjk0Z7WB*P3*(ag>tjVNdpo*R3fu-*{Xux zqq~=C^Vrk3QkpEi$}`JcA4&lznNkbCQ2wpQq#yN=o9;!vuXH$gTcv!FNITmz`X|aL zl+i*5s_BwV$_y{H8ateOaHsFF)A?dJ|D21KbN#Tnm40lV9{)14(zx zx_3XFV49*JDZ!rvEUs+g6cwe8YkIH-HkQYt6+9OCJk|oTP3YUpFoRbhQXc4GiPRH= za*sUYC{Rg3f{I^7$}J%j!&)|6&fSI?ySTfBCK{QVpm6|o3Yr#RuFt8vMF_LAy0Wbr ze@fwYxNZ0?;}z95T_cXyyn`&wQLHhJ>hD$Cs`p2yx@gYco2!fZZP3udtj?uje;S?3 zh_qEI%@T#?af(bgy(=~F;}pTV0=NlECf%*D!b5nQ6P+OPi+)&hrt!$?da#^b>G65b z6!f-sttzP7a0IM&El1Crpxw8%8H{OCC=xA&rlbWlUNL2D*n#@kL`yrz)(7phUfm6O zuM&KoUFlDp2eqNn90uC>LXC~)elKCOPg{o6bS@PNA06+`SVOPsw00?2DrXi5cKLnF z7Oe7IUit0306c%Ef(@7zunD)Z=8pTu`X%k`plwj!A+eS2#rWem8+a9TYjLqryiKw} zRZbmwcyoNU*0j18?CX%xhRRi>lpxliq-4W1FCVR(5sS@RL(qcCwP-ZllN1 z+f`;jMD5~dfZnUlw3N&&GA*>Hqu~>J*`Y~<=_=~)3f6%6%EL*Q1I@=2keZ+ zUBFpF-tVF>6~3pLC>F4y)!z-ZM-f&J)B7ke1PXkm6wtesFgX!jpEL*1r89LMU0i$( zU#n-zH&Zgowl&28(IeCSjv|&syG(NJAE)>G7VdNx#2SmC6+#<_f7#9AU#{ZumHh4V z_7d&}P2S8xwNxEGU4H|)QKdLkw4J||c&}8iOTKFD#gr(#^4FlGrXtNRZkynOWd!JE z4pN$?HiX)Uljb*?ruK!N*k=FjWHEOrj?U#@tJL)_PY?DK;Ww8TuWv`E*FT&cpWdFI zjc!gabdE&cdrdM@&=?8ER2h4lFa^F+Zk+0yUG?bb}wQ3b{rD&QmCJ z16hMjx(5vqmX2J~H|Hjq43E&6c&5BCbH+JTozPW$F}lYE#rg@(5QFe>NSCi6>N}{4 z^XDv~6R%>5`iL8MKqv~3E_M-4#f+8HnTFJoD}P2({U4|*%lil4y!;x`EKzm%VI`VG z<`Fu}xF9&$?N#ecr+JkW%*ca5A42EJgOdzH5k^(jhgtxDcR{B#!>P&Os@Ln&uRoVJ z^mh(wL(84OFwPq_)wM6X7FP9L;DP@gtb392&%5la4nJbmYg|UKs{-b=ZvKh>&S-{$ zT@>s%V3f^bJC%sIAa>Be>)eO`3I%L330lx;YrXUySncwc*EhFskFG{qE$Cf2nPUXL zgEeKYg|{JVlNUI%gD{6g$her6P)JFYXBB0U@p>03Zx0qWb54i)ASK@I9OvBAAmr1x zIIjh0tlUHEUsv2uaE07Falioqu8tvh6U~vg$gd{`xZC|Kzb!cZJN|T;hWE z{1YqTgNxT^7yqSCzeZb-iom;*E1h}?S9>T*RGh_(a={83;}jJHbDQ8u|6Dc#Z74@c ziPJDIi=1(?3(^3>KjbECEcQ}*=yY)=mpfN+l9 zb4FElxDDx5O;hedS6FjX9h@Y_XU0@xG5U@@^@8`UskHN;EB|T5jU?#i_$sO^73~%V zZ|0ijhP5|YR|nYE0>yR(t750#m;GV~Y)C&j^lb`>La>@L#1gJ?knID_ra(K0Io zkY=-gqB5hupeAXXC~1f*=xk>eb$Je6gYu!5tcd_KDvWZMcU;{P%42pfa~B~60elxME3ZEX4RX0Lm1}(7g)u~$>X1kiiiWUC z-o_>JfIjgT$1QG;#AgWT3Cm3DFmuhdZX=#E-5LHdr44az7mLO12 zbpvX**Io@!I}sX}hK{Y5lleUX$b+I5=sod43c+jV}V!}lL$5GYKydEm4g)NFe5+B3!9iv zl`YFS7CV?WuPuxKteiEZ0J=a$zsPH2clFlU1#9lbUa|&v{Z;F>FX!3ms*}k-_|D_i z#2n-7nSg{g(*~73e(kB6vMXb#{f!umfzEdP?)rRJD%TTIfZC+eUds)^ERAK`@wtTd z?)p6NHM`FEc4%hoj(`d{DSr6S@=3?_vT>?f5?*gQS>DGouK_!o4KUw)^UXJC3r=j1 zDMa_+0l z!PVWTa`$oV0G*!uzAL^PzR_Y*>2NxzEtO6;kL6=}t@mXp=a=UN%L^+1G#8PQtGyDl z8u~MCY2Y1+d-BYXb0i8(q1Zl8F`p4$nWiBhuuZst1(Fg?ROQyx@m1Yu^=KwYn$juB zM5^+}0uyL0n+mS7P0Bt{L8iEnCttp6O#061)N)rr@2M({qQL6g&cM;ye7!5u#&lT~ z#wg!JP+9)DH7N#xut5 zx~ODKpVb#Xst-CMW@^cMs?S2xQOoUbeIQ1IRGA-vEljcn9Ukn64#7~FTdRlJAXVxj zW$Wl0=+s+2>Xx!TIraLwa?d;Uic5<(D$MrQgYAE0vn)q@_l2`D9j^5o|hObXA zPOpz{PEXM3#SdrKmltnOFK*BeN7rXZ-=3e2bXz@(YF2P5*lBiOGj-O?Or}wAe0gzm zeR+O_v?8cACHc>3-4mzQt!9YN5rP<>gq zP_2(x-gXJ%IRP05Ag~N}Lw>*_p4sFFd#dY0M=8~r|by!HLJpQ(=s*Qx^@%h>5#m(*U>GjR+cW39P0Sfv=#C;VP z!TYMRGtOxklS1^NYoiT+RF7{?e_FT0JF=)7!P_|R&E>_#>G91v8_!Bw->LMPO#{Tg z#+LI&XZz%fEdC9failDJ#EPyN5jOa;GV#HF4Vn3^3^C;$?fQ;i{snV3%NK>+SH{rKwQ7OxH)@! zdi(nN^4%3^9LuoV1oF|ziPVyut=Jsfmg_2}dz{nn^|{PbS-uo0KPI*4dnI}9$f6(< zo18?c&2~KUJCL~Y>roXm7JzIDj9By(L6L&*`6uW~{L zo3??od7ctM^q9c|N1m)ztpv-@)yy=oGZ@tp5ve>$r}B{Pbz+a_-Dh>#*NLi_p{jfE zRY_->Uzl~IW7aqNX00?$_bz53>dME|$Q(^3^nIAnqK6PflAKT-rNHSw$T^);9X`@T zSbcj!i^w)boAfQ_`R1L9dEV&pgBwcY>Pky83YUUGX|7Q-+0BlZb$4Ydq4je4DE+RR zHl0a#qH4+Zzd|R{qwg_CfjriSCfzus zlnPLlxlF#L6BT{onS5%SnAc9nx48)(6uhOe@yvn&1&QtAef{ ziLnD@O?>@S=^NmyOgbNluLGnTUy=z@J;e3 zsxF_f<%?{MZ`+-z+U9#D)35rruKTSiEjv=^Mx6;Ix)`8R~xk?6~DK3=Ytuk?lq@5my@w5ZQjbN^-q`m)9SPu=J_cy>36 z@wX)$l%4s|3KBF3WBlk{x(=uAu%az`3Qt`{)-me2&l{V{>b13Uf2`Gcf4UvHrJGT6 z5B}(_apmeE6?ubpd@*@Bu1KN((CHN2H|x%F*P-HHfZPfl zQ8Si}4Eb`tIHz3LIR9V_axe+jmK8P#Lqn>9@bv?iG20^imM<8yMQskhhL=toP&qxX zq2XJbb~5%AYUf1{A#k8ZYJ{n?<>OX^*94LB--& zmDEy6i|Z~OHWF~;w{E7^CfU8sd+d9UX7>T)T{j=>S1i|P`CY;0fxFAg2la0uJIu}H z$)(P7A`cYEBlD2#FH&QS{tu=0L()YhPR2P~TOlTK?2M9t!xR`PX z(&$@tk{5Kjro(VlFQk-wOaSRVYXhmd+fimJm%wC z0Q<6*u9?UG>PtDz^0?+zmMcgy!y*7C*x7u*66QvO^gpN%toF9WX0?2Ga{|Wfp5bqE z&Cs&8P3U8`AP}i)8(V&{P)zx+wRAx%y-r~hfUiPR5u%|w)&6J{19)U0T z{ab<07Kn+Nfex>r(u}&C$7$+)Gbsr9hmLZpFhe;8rGVu`c?sxjh$B7N21NuzM;AZo zVd%Hq9;THJ>Lcmv(@(oe7!$N_&$A#xcQ09PN%?&^qgMoYjI*puqkCNRi!!rzPrrz> zhNTta736!=d8fH-mLHwhxk7CmzdMyVKln_(_BJB*`VCpwji}9*_op`F;H#IaBZe?jNvtXQm^He z%5KJP6HMkTyLIwhG=g;WF6yYjjRSp8@AE@-htWc&n;DT>2`yL#M_`@3KF6G^qnSJd z{zYw4IthKu<^@{Xe6$#D7u0_Gv~1{QZ|;4Unp! z$kFlf>1cF&e)(F0Ovrtoi-eVq8^Q_zI+b)695lw9#%n-RvG5;(&gkao=H1ALU~{vt zF_6>i>&xp}&!i|eCB);wC<;9Odrg3)09Nn1Eg4U{I(&0>ENPr|Sc5^E^R5J4pi2^Z zx4vJN&bzT~JC(d_f^J)M$=cOPZ*R^=0SfXvx+cBNhojT$A5O2~ za2+g1IA-%X%P#6kd{_2xe56C=gKh^N6-Bin>MNnHooJ;2R)yrR0Ns*Or9BPJ5+9_s zFoX5bHCW|vwAoM%z|LV-Kp!_q->+#coSdcKHB{xwwAoO7u$=?0Ksy6&jIrHSN|}|` zz~c40vqueZW8jY&=E~YwD`~Kl>wTB8HAi-Jd3|$qetUGaf^OPZY*WIufbU)rRTm!V z*6U*B%zxYn)|&gS5p+*}+wST6Y?-8?ZCOcHF{>ndTdJ?NM5L{~uF4qbo)e(2vybho zL68+X{t9i)%XPWqKvl(DR80!MVA6-S9GfjVxQO$S1Ej4amshB#1r^jtuh)PY1a+m@ z$NZJ8Us8Kfht!qW)BW8UcA4Z?T_Z1($Bo>;>>PX@@Z$$xgS5`zJrIz;+=uBDOmPWj zlOlS}chJBqV&DURRXYcJXmlSYoeEJw4dUwMqR*mht`~K6wbLq>I#>)L(S-RG7YOxE9RJ_?Sr2Rs2fa#%}^80(MfW585{T5eHU z8_b&QqPO>&*s8s4->BC{Wz%iC*6Z?Qo$kGf!`}B);Cc!B6$t-uc5?*B;FcPTt0&Mb z)0@-t)3>KL*K2Rzdcg{kk~tB@qAS6#Gq`31#hR*K&7`tEYp<({0AgzzADjia5qO+a zOQQyrG-)~*cKrc=e>u9TcWj~Bg!4WjyU`FSuTWSYiL2|&o6F-%Ic?x&S)VyKboL|Q zHo&%4(C?-;&gsVy{4u(Gqw8h?x%vuTx~7UTjyGCSrx)K{ULT*{UVnRZyossO*}mT0 zd>?e;0tblOX-RK!=>I3)uD8-p-yWTvk8Z!azI@wCLBK{W?OQU( zH08J875s=ku1~Mdf4aT7T(_TsLIy-*_}$532{`^|IMmU`E~Ux_goT zxplkRpa*|TZG|j1)=hAhtNrGutJ75oOOYZL`I=V`0DCk#Ujdc#bOU&jIadG#$I%Ti zyg9nQfs32%UrOe9^t59ua3Mrm+a{OD1W7dYX~{|9x}U6r+`G}~wSOzL2K<`1moKj{ z=MSt%K0+$jddoG$nr!yot-tlCxjh<l*WJ)mR_W8*lcSrXKw;DzU-i4HTYZ`(CKc&v6_cUeN{uUNYl(qo zmbP__AFs9CYFKwHFegZTEt~Sy>zXidV3`6@;N0%KaN*|DO&7(Qxa(Q0ErNB1Q}Mrp zTn5Vv(w_`49@uC$yJLmZP-RrZ97K^Hhh>dpY{r+o`&3mckFDjbs`?f)QfPm8<#{d`!btW_a0ZSo5b_3X3j)>ksc;AJ|LeZ& zGuI~@rPqhq{Z#qG{RL(5t3^RHub1?>Urv_?>UqZ=ByATK{(B4cuWM1ahi73ba&9NE?;2A z<-}Ic)V$x31qTOj*~O8BZ^f79g*+|eI}~Xc|J1RWq0_1)H}dS^F#exz0(Z8Jysp{? zbDaNGE%CoWn9Bsm1bz55s3&>Qp+nlY8elrnKrLIa+llHRaAFbM*huS|9@u!imY(Zf zx;?h0p3^Sb)u-z4(z1^{0fl7(#bRgkcr6R2Mkb{l8ylfuAm%}yt9ULQ82_jQ2;TW+Sxi_p#(F-4&IATEZ~rGv zWq?dF0Z0X4vHor2`=X9zf%GQszukm(5@`A)V zO(rffc}ntbB+Wz5QAEAdTc2*BcZ9ZPCUUcc#hY!l#Ca=?D! zJ%ak-!uhbXb}=AVg;HIAdvtuw;tMQjtY(-^kZgjAQnuNak|KcL1GUxm z*aTrDAs|+uV|76(|J+d_E;>DIM@3|W<5&kdiW%v>v1nCQ3_>2WoFov8yUy!~QQnQTZc=JxPXGr05Rx82S%_oXjMUvZ*3eOGVbc z>a$;rar{3EGI=$}Gw5})KL6=+Pv z10fmGH^(aFgduIxE9AU!BDkvYOjQwnm5wDs@A3qz2wb3^u71Z6Cpj+E8+m%ruzO~P zPyzfzGc~KUFdtOmPo42hHO5qorZ!ldQz%fUg>4YjWnx&3Ov=l9QjGO;$;qBmelw2# zd9?R5arE|v6(Q%4rzG3*`0QvxuqX?1D`%bWKpn}c4&M9@$2cKSQ$Nu8^=kB>SzL~> zVAdDH;i*UtX7-EZz$Ve;J8esvKrc1oO^K+8D1U*9v!4`!zD*g>f=3SB%imP>@wPD8 zw)uUkJPB>Y_l3`@!IrslTFa%CW#!GpE1qh#m!hVlW zP2c~J)If`1-~XV&BA?d-FWR=(5Z{XF!voqg6J zYD50#7@$ed`niTD;{3Bspxf7H8(^7yz5%*@edGYidqFZ&4zgXKJ$5{6f!}xq3vO zOJ}Z&-8SfFCPZGaQaqOZ9@W*S9#lalq##*LrUh>3g`Z$#wf;JX_c48l_;byZ?delb zlSujJ8j|VhQxB<3KG!VSo<8-ErbQlqrZH7ree_v(#eU%+0~eebPNTaF%R_IJkbARz z?R8kjR($^CoBZSZdo&@J;m|dIPdCbyJ$$4>mQWtEdr~Yqd$NX#bnOH4S~nxkea3I? zfNk z)VzPjlegdFqs~9=_UKP(FvU5oj&q%oNx4Xwhp^hH&&JDN}jK?^o*|bp>VGV`O`MiI>ul+3iho1YxX7D7NwgZJX zeqjKw!QKXW_TeIJ@tD!8FYS6l3RC~7k7U!uSMSX>k@XDU6Xb(HM^|T2fOb~6gtWRm z-sEW`HI-Q8?G>)HnYMw+Ud8`}Kq8;>1({0_>q?1Yq@B>FN;mF!EY~u7yL6SiQR9O0 zdGvgv?EnaJz22wh4d15Y)^&C+!H~z9$-4vP^CgQZib%6Wa!7IHT~@T z-}_(n)G-02cuZ2>Jb&m@gnHeQxAlwP?~gnrg=%~u_F53-;OI zJ701B_1B)M$0X0dYldx9%*gdez_e{&dU6OWTcB>{A7@`X%&NBT}l`|RYzd|%4sig7*)3hu|TTQRk zBlJF2m~)ztQ#hY-*?&ePZ<_C}$vq_xMt}^_UjuVw{#y^J3l?j7tt?6@CyPqChpm@&MCUzYtGS9WB-1%_q0RNyzs%#bGMu=jQ8(nibOD-YER*H{q*;r z5`&g$ZL>+Y%yQ>EZ@3oStLzqRmYMszcu!rJJgXjnAbR$B=M`vEW516elj9oq|FQSx z-EAA$;^6$vPfhJ|Ufc5lf7~1&REua)U@xqDD|S;?jJhtJ9u^m@bRxq!NP^2GhAd zJuX;+=cGjbJ69wmn3K*s^SDwUg;0Az!exgqx`u1@ls7~B1lvU=?)ais0aH2^Hjhz^>aAqZ7|DDh5Ay)y?kPLg635%J z1Dojo=&UnGYMGQQIw4+IETt)t<_> ziw{iq&F0+k6LuGH;;XBBcJ=;m=hv^#KEHl<`u$I@&)3ec*o75qojK2N$VnTOeGRsl zS_j9pFg;yvYP;#-n0C@6bf>ovB0lMM%_p9*0vz>@dfnT8Hy}P$UfwEAmy_Q^>&MbPMp=m3FNz4zZ^A;{q~^?3E6xuCG-3sKfQnR29m07vmDcvvm$-_*00D8 zW}NnJy(Zf6YXDT_NnY} z6V>P1TeqI%yAJJDbIoXeqpxad%lYYt)B1H(lNC@({?izL$_S_YuP598jrae7y1)Np z_|#NcHhKYg$x_nN*+{@VG4IibM1L>P45HiNWv#BLjXv)|0e+bFWW+PYI4cORj+ zN^N*WM7q`CNY}DQg{P z&ysuzvZ_0`zutmi=d+LY*56&@VVICOq(0_3(yAY-5@2gLv*>dK4(LBQSEcH*m?l*h z=Acs8QCStPMS=yHuPQ&O!%zt28=sWK6<&N}nSz2RSYZ~nh)rEEK=tgFG`b= z`4tt$ZAmr6(q%cxSlGl zYx^W5srfp?917cp;vc#FHlX_U!$w?-`rR6qPGX6(1x`fgG>$c+SGVN+ru|fKd_`Np zx!g?wZ*=mhBCrK0eCLhRDBsx85t<`6_p8>n5&n>Jw0m2a_>7({-PfkAxGh zu&F5+ENt7gr-|A!X-diC++AB?O}}xkmBPRcIzgyhH?MZv8eXTIz?w}rqM)yVdW}vH zkQ&_&2~H%x91<_4ft}sG3en{n*VLe+mG$S$!S_?Rhzh;A^q@#+Z3W8fd>aQH_IqyM zj+MULn_IlCvb8Bx=j>iPS+?Cjz1w7#d+?2_mV5R3hl~H+jcLHMx4PV(v!TTTdTXd$ z<@cKk?&W$YmeH&0*ZpqOgep&D{_GXo6nUrGb|rbG=4w z;VSrS`@OxeM{7p&Yw=&Lr;~#?+>~4y(BU3`$+#->E1?QAAYYUod4B29x1W$VLtP^L zt{-=Q6e9kR;D}?W&if;d0;pFPdl8P9w-6%sME2fWs1MNJ(f|5ih}_0T{6ss5#7 zKFtr3V&d?eggBFfhrQf4F-a&3?Avkfr4BX!ut*4BurN45{XxDtPr-Z2{bDn&ufq13 z@u3da4~n<$8-eGp^kY)y!WGw58{O}>vGtZ{tTW_ysBJw1`kleBKk^d4-)?}ns{Gfg zNh`3go-R@exi{q9ltnm<*4-(IGkTj)F1qj*q9KsXsnA=uHnt)6w*B<{x?EVSnI_#{Iy< zhX+FsWOXIvdJRLX0p;+G|%2 zb>Wwoh86g%9H*3h-M+kf|I5YsYwz{Xrx!nYKfbR)|;ggr!lSix%e=aokd z>YLWz0-KjI>(&y+D>BQoIgjb~n7h%+?V#~^+j(15ONs7HSSK%5vmn(Xme~><+~UY5 zid49V-YrI6^HGI8d1Dk}h1x*_L&u<0jjvhI+!uw`IvQY2>)aQcFnWC=+I)+gAeI$w z@GP5OE0Jx``nakq8W0~RRnqHvajV>LozQiEy^h(6Hc+y50dv=|zbbok6%YIxn`-BmT+{ z$w^_)3M;hV)h@|q-^d-cTzXaQ$9qCPS!88ab1+FjqM{Tndp5lly4> zUC0_O7#HR5&C|M}s#_HmFQ_v4$eN2%4MP#~`-0FDA>RUwkQHJ}D9Scl1F^o*qr*@o zaIZXv>eV_R=H-rc0Ca|F4ne2U79iZ%>WN@jbq@0&tb<_VW0(!JEfBXnhMO8a7=(Gt zks40Lk5rvA^+vfaOHOdlGPxhlF59SMhTcc*kLQ=*W0(f9<$gT5vNaH^0C)rVHUZ~- zpeNgzzZ&S#@{mk}__7f&(;)s+gQa*!RRM%*M5o`axu&)#&l=cN4AlIVx~;ajr<6$a|YWQmRq8{jjbLXk~*DgB`D3ib+FXmGzO+SUUO)=t+oK? z=4Oup&y2GdB#9HsNu9N#2>d0E@SG&o2*JEu2YvlbBgp3lYYzHcvn^oXpxvV%W;15h zVcr6qjSsUs-u4jP@-T01_V_#{O9T#U7<2V*EoTm&G-E2Ak+xtfomSg0mK&Qr6(lR! z^QM4o&Y@?6Z4Jw9dGt-Ko(PgSrt6NSe7zZ(H)m_*9IRAR$>2kyMN7rH>l0USeC`D?f#;nXr8G?YXfg?H>&N!lQ?K z-{p0y<(4TY$vG5x3x3IWQZg>A@t4fIJ(WB`*AzPJ)VWcH^p@oNENPOR59)d;OE-x~ zW7Wh}(L2wp#>%x@GgM*w9_C1zb%?%x?Y=~>qX4m)trxCNKX~gSsMlAqUOa<>#*R6{ zJgJ(I{krTZ_qCif-5Ex(n1yVhIAakP38sjYb4&T?$1E`4 z+8~Ka3rS(M5eo_xYUIy-TD7KJs|L#uBw5l30&w0W*e92H|2hXht^Klg$3j!5z}=(J zt>sbPm8?yJ1t^@fjYZqq534Nq`BvKcpZku*a&9;*`Taj$cE{3EDlOxcA+h;2`SQ`b zW=S6_hb)-WA8Sab+iI(G1=%V2dwXk|l;}-O>n8i=#MCz4zuOEvA55MHmFmA3kXgOM zZg7;F@DF`L?Oe9MHu}5%>;-y9NPq-GI!Xo?()Aij(5Xb>n-lq=f-mCM$@~ziN$7_v zJ%%2h*v~y*#j3h?mtI;S|J6SnAMW!1Jj?H^lmBN^y;ON1JfqOoB~mly!#OUQiXK-?9B* zyY98)hyjaR3L5^`&S&>F2@v4lZBD`&hkD(f+8CWvub9s&H`AOe8gdIfmu}E9<>F_O z%n90)|2!uoK4bB!emyn!7KW^XOL^3`lU1m#iYZ4k z`DKkUcmH|drsi`mz^SH>47r+<@3@pb6I>v8=w4s}XYFTzO2J=ZJzVmXs{G00K~7KW zUa-?`9}{}+zXQ-XKK4^k3z=;^wo8^5Qm0Vkbw=H}#nRcvIPO z=)XX&AxDjVQ10LPxWS|^x9Pgnq|xlld=f&60k9!j*?G@@tTh7qvbe7bi=mA=rxm?c zc2~g!ZtAMZB`V?WEPCTarwj-sVI+cnanVE0ZdF z?YUBLawHgP{{@_ND2qHA{MGx5-fa&|w|{NhHa`+6ceei`!ROhJGQ<%Q9FW9|<}~{9 zSMM+CzghDS3(C;~!;n*gaDZb$0(l@;EJgkTkZ1 zP6%rM1r0j=UZ+>GPLSD5?*A>(*SNiIp-VisiLkevJc)vs(MZ%D_MBAx0)0>BG(vAL z&d{Lq1*ttlF-ew`gQaT23>3Ur5@?q(jfu9nyP)A;b2ar>lxKh3Vc{=|8&cYJjT&;_ z2BuEHwott#H6SgFZid^kf2{_q1w&B@*pLK#PoscF^WQxsU?I`k2?Mn?OKce(1rWK$ z3(`6?O>s;aB{x@ZUOBQ&(&Mc__0{Hw+6zgv1`WV5w}ox_KI&EJgBu(Ltu87t1rI89 z(h%&L%9otDvux>C-=Cgc$*(MY)_!Uhg?{~N>0RAJKXuf;bHSoZx+cVPh!23K+QPmJ($(|>}q|IM~%{~J`Ulm4ee z;ycXzhsVqXLyxypP;UEMr~iYbvsUfrf!Uuz1k83Czzz1FVgKNusQ)`W=;)HM#8POiprt-D&Zwb(Jg~Wn#lxRmlrQp(k$;P*o zr9528N0bDJMWD6%%b?RUlQdm7TKIP&NnsRX*Qk|dcPtG9tv^u9U=d2=d4dD-%8YTh zp#DOC>SONXfS4vY3=!s>`4kHhptCEk7n4ThOH6$EFl3w~Hq%-X?QkL?ImLk;gEIvZ zKg6kmfgn-9VcllV0S%&W?bNmQZ-H+Kq)PrmxuDV9f>A86&;T@p$YCYq+;b$c*=3l{ zX(Ts0cdWB;ll2bIIHu%_Adz}xDS!72Fyoa*jOP|FwsT<}g&BN@_Cm&P(zv$YHfq=R z+-@sE7(<7qw3-Gw7;6{5b$qsTZeQ*`=o|6j{rUS7l#nI6C9ns#{V5T+k76tqN~3y5 zP{dHkqB%(rPve*+0^J;O^p}38e~^#1-Fl5M*b^+&hScbtElkWS1Pp0}mj9|_7&p{* z>Ji#;P(I)&@9n!cC!(&qj?Uy<+|U-e54=@qf?pbERE*7EHYci>tMmdzoNgP`}Db zt546AaN)(~GviQuN2VSY0{b^wwq>^@NoYVIlKljDA`%G?lJ>&~OB&H-x>Pal0g0qI zxS;a|)Rz|2n=G4&;LsyoOJs+nS^SF=l8a`9BG)E=Q1=&Sti zKmCLX>f`W#j0GuX5hvc11uM6@pnc)PVbHw;-w==>KZi64y%*JU)VA6R|G zp&0dsvg;`g0utHtpsq{~Xda8g6?*X^W5TB)fe-l!`Z^7nf8)h?PX3vYfF{Hj|139` zo3tdH<2msJ6`_fOHqR8u;1NK#uxq2+VBN~RdU0XRl=Of&}AGqKdCeK~>wqJ7EttpwWaOXKZx;CyM+Bm1* z*_N)f@lbbyr}ig6%_?%&La9`&yiiU5>&A-bYx+V@RrI_NE@S^N#Ln>xw+Sv%!MKk> zg_ld#Tk&n(Awp1|i~2a9MoK?CV`(JT&krGP6I}r(goVHODOZ=hy#J<2)fqU*t-+>a z2fv_ekzhgQtIAL6mzZyS(kkXN;l(#bLN8{$D$K$rzN!v+s+--CMppy}t6WyD!o#|{ z>6LBWh(u)XrrwW2Mw`NA$m?-R!3_7U$^8_C!gEQtZqg-|XhDDIVfCddTT_gMBS3} zo2Daw^Du7+=W;g%kk=NLa$xLc(W*z53&ushw6b|pha$@@N}IcWxOYU{vE(K{qJCJ) zC%CTPIH3%(PnslI*_WkP`TSW`Eo+M{>QNsba9Tm2AXQ-dJ!l_R{F&<3D>`d2v zRz4EBL}}}rW?B`rsmNefR_IoQNwDvk!RQ&M(tl+V8Pm-@`HjSJb?2C(E|`r+1soau2?F z`~KaV&zD!Pf4KPH-IxYEd%K}{;8T|je0Xx}@`Nf+Wd7_G+tiomEVQev&Do4`+!zIH zUfy9UF5qldrJXIqMt<+jSmFiK+CrueyUvmjo`w{2!t>NoKRjs&Ot+tPRZeTC6!GF! zwU6>_f&H+=6Kz~}q?zX280t~gh0VS%=R>X-%`f4WbR_>1f8T#_O)e z>#oLY!$yw|!(ENn$AaOm#_O)e>#oM@?*%No8m~=&x~uWpyw#&aa#!PZSL1ap=yx?< zcQsyjHC}f$UUxNKcQsyjHC}f$UUxNKD_ibryrNx=*W%Z^8n3$=ua8~hwGL@LL50w- zj}}V1CjNtb5efboM|4KGct`^H4e_77ey^DSqc=Dl@8Un6Y}t+@P%z z@9VV5k_96hll3D@=szSg7hba9RDW9;3Ekf04c>m2C#PQZso7p18RV?(wa zjT484&{oTXaF>esBzI$+Z`2x>_{-)-**B`unw_7L1-_+*_cMQ$Ya*>{x~V)846d1c zj@nKi-P=Ja9d-2?)55ouS*gz(%};+@Gd=6aEMT|KEFv6p6g_^B9pQdy9+9*fX zSDPZM++nf4N!7{GypP+irpRTZ<5Wqp*Ee~1Q23Vpqhbi7?y*tOx67y9lS|7y!B0@R zya#tO$93gDcS&R6w}$>hN+uf3y@w_OSx^7_y+Mio_Xj)q?|FV-o$7mQ@_#ru(WDA# zbAh7(hb(g9V|Bu#B@0MC8eG4KL%f73kxBxr(< zH+2wB!>wgbgODooOcV!7ax&S*%o5wpdwpVrV!-!yeXHMGB^#fyx#zP)XUlTJoY$Eu zpr%Oie8_Xa1&RF3RSU?s!%57zPH{fy^?I2lDveI-Uwq_}EcCPIUrS-Dxi5PK9>soD zj$+Epz72rqFi)jmo73c%`KWi)bG|6p6y2sXOv5xG9~KGW3l;_^ zXqbDy5F&mLg@Nxkw}z(}lXp`s)+vo}^-v*xgKH=P1OTYOx<>I=KbBj(dFRx#peg66V`Rl?;fS&{> z;VAHc@Kknib@}=G)9cqCuYRg-FF}0L?UpYq7c9YZVi6s`^}Bgbq->D4N7tX%1-0x*%j<4c`^ZxEnJ6hIb3| zREwXJ5SyBgwdcSY?|89^5lFg}QtD4vCFIf-KX zr(z_`IFG|eRL}ZR*of+`)o;f|tmh&Mu-l4>s3V7_&nKsbwTS*-ghJ7dv$`i|wc~3x z0O^^ib1*Qhg)BEvT|K8lT!yDKnE0TJd94m$(=|7dpzrZr&8uEP0(P&uTG|#wi zqme60KlcJ;g#`R3hGUgT^6y5U*5Lmoooi=kFJ@eLx_a35RA8h1r#~px|LYwLcliG~ zeqS5sovIA$wMV2QkH|-LLYifL1JwTl{cW*Alq)BL|6)@Vq@c(UBmhbydrCQt<_HR1 zEJ(OS3&w8v|J{0lu8CIX@sn>dse2083F#ll}?%Ax;a z(|crz&s_^IgT=EJqeq)^?$%GTlo{K&jz|EXptjqxUHZUNl>&8ns1wwlk{L^g2k*d7 zh_a~N$kV_%M!&M@gFOoj1)5_2hRtR_(IqVeY-i)S-)Psrwc4(_lhNo@pl3?6ynY77 zp!W<*q;0_XNe7NJ5(&*L1li zE$XJ7+nBr6!S~yxPF>ru*=)Us5aqJUHm~|{&;0{(t5z9`w&_kwtnj|7>%7tBca+B! z**<fZW}yBs_sWfQE*ffi0_V5f7{&P{Hmk} zj~`^dRqTH45}XkJni19!$0m{OwL=#I-0v~`=AiW2!Sk`{O~y_LBy})2;C=Live8wW zh8jk%A3P{}{h%1V{%@gU`#t{}>i-gQfA!x+{oiodFZzEU931TQf6wuIJpErn{_WI% z*{%5fYX9oyxKa6+HGF{X54bJn2OasJIAOoa>8TN}SCPN&i{cpH!w^3*c5|i&_;=JT z)@>(xF4f|?3G6hBJI&%wv$)eN?lg-#&0@oy`{QdCcS^-wai~o?#Weo+(I@WIi92=T zPM!Ei`8Cr2JunU6CjH;|a8$_ucR1SV|DNZ!wf@g$Bf8)h5f?ZN^(E}SL@qs$SQSyo z)f2H~iNkP($d{OL5+E9>055g0ULj5+pCBp_U$8XP1(4??A_+9Z5YvW|G(s#wRE_F+ zVnGt3o1lo?k_1f&!qEyP1alT4!BkHH<#H8>idUdi!~)&1gbPH)w;W*9z&Qrp>!(s18^}ZxH;^>YbAM_C@Y2-_gAi;F{EQHa51_9Af zc!d@uGT~{mDYi8v{f43^x^5ja2u$|KMF_orefTL&9mR66v zQj zovA3-=>Oti`YiQ72ED^Ux&B9gr~iA7-`8U0#^9XtB#q?_{5}olL{#ViOQK&z*^qs- z7ZS8bqwFi4qwGv#{e9HmH$BcU4N?2GY)7Lxx-8E@>A~FgC#bI-1d%g1iW726BEeD2 z0)rVi3erTr)RtP_uDFtVRcjVhUQbO;j{7XFrYpJ1do9UTsVQAhrcTTan(6>$J$z8iq=$> z0lO@A+KA@VX)3*##}75rd@W|iEU#PjpM74Vb6;;2DOy7+{@5^$k_NwdEsy&dY$~ib zd5Tq-Ae89+r;+7s>C^$LNXwf{u`gMt1xs{=tWw#OGgXiJiiI_4tDfzYBx$H*M-Snc zLSk4;VLi=RwJH@8@~zbvz=xD5)z>Xarp{-n)+?JH6xA!^t$ajY@^1jNLWa8V%qXKzBeGvxm&ZB4`9pI(0>kw2ajWAD7!x| zurdE*vHs_vH|+1^|7ZEhlhb{P&QpQ}LvP-`mgotJs-Zp7nRn1_zcUzi`eSc?LpuHA zUT+`W5fl*;$Oa1>1tEc`AYE?^#W)d&&A^jI_k}P=cO(out!tv3V-gZVj9}3Cs}^| zLRabXB(?S8gqR9xX2q>5Ju4Uy9DVBJ3vG|U8&VGYFXK5HJDpcsrF`_l;$DvP!j$F#sq$d~2@2$cAP5Ls% zr<(qXuN(FWe=4B0Vei^m7(=0d__ST@13u1q-oR1Q8|a>8&+}R(-L?L%y4(6P(YZK? z0K7u<{7+-5S(%Pc5}~9lwZJUm!i0(J#R-kX47LA*D`e~8n0hy46=RyLJx2R$xH2;j zxNm+)6|Z6DvE>@@eOBP(Cs~9$nd)VHqrUuwBy_fVt@nOydF!fi+)DILuV*9?mkGP2 z!F@XQ-PU@--IwS>DNWQz=vGdg`bslGIWjYurUFF_sa-^On4{Qq1;yG4N;yehp^%7g zxsIX|1j#W~e}s3?%WkoxMH}!B89SL?YVz`&E!_(D;U|+{RkqF~`Il%x`>L z+&-)ir+oFV**kYKPqlZruygLd;o`30>OI4ocMMnVSGi%$ZmlU@(?l=1@x+$&08ed^ zs!}?NkhjbtG!S7O(}NL-eCN`rm^THj(id+*1Muh&!+$_{;SJEj8dgQT(0z%{Oc?Ij zDN;<{&o~CV!dp4l+~ri)-=+26lqH#Z&gz?K8U-O~*51e8!`HdET9%Y1QS7ut@LZBB zFMFZA_h@vZ2`n1Xi+j-u2;lNuS4)Qn?fwThxLa~DGnPidqpqgx&}|pFc7Gb5fJQjd zp5Ob#Nh{__jqUmPSU zw#5JUvH)%L|2h~I^S=*w^&g+-_ZaxU4(&f5w%;N7KQfYkEZn|B>D&LB;{PR%@cfDJ z|9DWW|K1<=cliHVeh`DF4@n{P?md`7m;<+?5QSe; z{2#MK;LyV{eeC-0z5cOF}9PRW!&+^+E|7Qt^1WDqAa9C_Sf&wpwsL0O2nMZX2citmShZ2ZRb!!#njQt9}ZuwXLmgQrN_hm@hh9c zViX8XdCqsXE||qz*X5kyPO{OeRHNm9pN)CP)uHtC5jjC^3E=j9lajCB1$8Lh&2^tN zfPAilbtv=epEWt$8vaiZF4X^fzq08AiU4nv|A%G%Z@lyWc$S~OU{wkLx${LuTxAI2 zB?~Hev~~qH^58TXaHPiM9k_{}wvZmBeu|S%)ZWex;gl)GZ-wBeB z;GeuJ|7pvvEtfb7PMpen&Rh8>h@2s$Bbkoh?5$_}SAYCj&l zWseC<1=&Ho7UCK{e_A|W_iKj#ZFcjg@c$kT4|_%Z?`XKg|IhM!X8doFTV7f3IWFmu#fmrVn>#jO`-R$xc=;GZxU z%qU@k`7As^AI>h}i7Q^gM|nOw2Ooq~z6_mR{^GK$;Te|3cB;d+b+H zFguLJ!Y#Z2eHKoE`sxEf?lK`W`o+GOV*iG?G{@Fab{{o`Q}%;B&pkmXN|#fTR35uI z7UT}EI#s(jB?6l*e51Yt=rr9&AdK=tw{zD^$@&?H_14@_-_x`4vdk^Aa;qu8J zxQQ0j|90Hn=HD9ruT;O<<9PNCW3W@e5b+lbwdEKzngdY@rpQAg zS;@Z({hZYF!$U%1G-#QcelQM6y^B>9jiM z*PpKiOGxVlI%CTvi_kA;*C?O~Z*}HWbm9Ni^jn?jKawu|zj?5jcjfHV9|GI*ph*53a?Z_q2o|MW+L!FYH7pX2ue zoh@)QCn1}+S}$IpkCCp56|`FKn2=W&t%&Hr%Ry&2?)2q9U!Wi4-EFmAq7Ms#;xL`l z2rWn`uWZCn$f7w(5GR5|N^1Q9WLyU95;1{jgi=nV!1U=wztrkpI;TNE0wm|7{*{TX-*R;I{pp#KS%AP!WS_rCDQ<$!uFlaOjkv&J zNCLzp3W5o~y*O(jTfpqE-=Sfr-|6kE*&ZJ^ob2(jnyUjZH9w4&lyeE)35jlhNZ4|M z5)uU@kzkP^TVfhPK2oF{*{$BnOkvb?3L^`yQ4U;Y_p%vCHgHnqXrSNUDke}00O*FS zIEvUEidmdW9;}5_`f@W*G@~R8Oer`np0g^?u1f9N(P6_~J38ENy;S?Jv$Mnr0$5tB+YDOSEPa5){dTqo0rO(cZTJYi|9Qk2t3Av>+e{sH?qAd?nycC~}9 z$c!X%ouA%boV^$i*CFEUc6sHQsAb6x_FD)5ln|IkLNI3$jpiCc2S*Jdba3QANTaR` z$!pybdAYa*6mX3=4A~u;ykilWWQuV(kM=K5tYTtx`ew5Z`c0?O-`6dgZtuZB-r(=k zWlREfkqtEw3=KPDJ%e#mj4%d_aIKhcMaZ&4X^@p-t{0f2DIt->3+fEpql$iIQ+v{R zr}Yw@QyzzSg)q9qiQFZ$B%I^9mIGksKkFU1iD1Lg%A#aX0iy~k?Df5n>@L;;H4Z5J3UD>7IeO_ z1asUJRg6db&H0G@)vDzuS_qZCMl*s%nh;R=B9SH$v;erc>nSoH2g9Z(aA>d3pziue z93PQ8G;u6{3&w@KxSHU@`N1~?(SSsP&OkE(YmC%pWk@{^aYVWS78w4OKb9O3%&Fav zQPX9NvSswwEThS8eT=zC2wp0O2G}k=n|{-4*gwophc*-Oj4ctY;+QHZs08yDXKFut zot_!_xar8pa^#OOTq;v_N26h9=`NbNm1q-288jVbaI6vCu-CA~uvg@9C0D5of5;*$ z<28!-f~BFp8dHLB9EX$yh$=p@Vm%qs(GVLn4BP!Xxm<3>k*Ucra3vd!>;YDkaIl>Vl(TpWN2~d(kq3e{B1YMj%e3D?O-|O`{ z=;OtC3&FqTX-+v&3?!S)s84aIh^+F4LJSJehy{+&X&BRpm=}9@3+gXG1hD<>1GO+v z(;otM`A@XRLXaobL){D=jK{;leg|Es$H1Tmtc5@%Hy^=FC0EXc+%~y14J9@GK3T>r!O5zHP(Ty#fuMxj zPvlBrt1@64G}@Gt>-PbH1IMVO4a*Lpy<3XWM8x4_U-1<@CcdV46XjSY3FG@)k|Z=B z6Ek*G)}n8vkil`~rGANi21+Xtr-q$i>MT{=EXhx4Q^Ym#Srl-4ZyQeOC{qs%jw+Qq z)z{fx0TnC?N5=yP6g4PU^7EGXPNeKL(HB7Ax#H|cdfcOi49?NfaKG4d z6&Z9#0sLtBkPI-u@F;{YPjn=ioK!PCpmRY}9OB3aAv>J2go?!y33>m|uFiP}efk*B z6Um&eSen4IjfF=IZqPb!Qp8NP%VHo?xDz1YGhLaJd|^1&Bqf z9*weba9FnqKRFr^9EQdsfhHZT2q_3e`e5B*g|WX-E+{w@aUz5o9;;e<5(yfPBu-dN zl5hp!^HF+m#Jb#J!Sjjd21aI5QJ?&e2{-ZwMltc?V4-%zB;PM6vBhP4x*!V|UZ_ zMf*M>_(l$>R8PFsl5fplK!Xg1Qd;SR;DAOFs3w|FL6h8(B&YP?>JGMioN~oDQO;91 zz8FO~N!T4C!JHspVgPh8gNv<|$1^6WHQ=m-K*-jKgwTJp6gU0r=7 zrw?iY;ET*Rl9R|Q8(`yMVo}&QgVkr$!-CD zsm7@i;U%dLSM}j&buc*S?RTm%z&I?*Q?0a%A)Vdj3wkp#%|8E zz%W6dfF+5gKu?JSRh-P3=La3RHnAXpaVYDONX~E?lCHes-aMrN>6%;lS@y-d@+N7$ zuM$bA&}V{pW-A@t?|-o=*R*)E1|o+exTAqM8aI@;kH)=B4-nJ{{)0}xZ_yW6$vpJN z)PhwC?LrYiSK%{D*b+^0zI79nU@Mrk5L)0Q@EJG=NIC$FkXpyEp{C(zcx(~SsE*QK zr4gtkfhR|Jj^z~s?CeRR4|H0GJj)$&+(ng?MI-0ls`)i#){lT$N9gqzEV;^)7DAKB zWQCU@xON9_+~ckBerh{mtiZ5!B*XSU|IUnpz$ROuC=VHR9nEzB;>c0aG{F^n_3wGBRu+6w3L^#s!)1* zd7)3?pefTj7@CX99hLMl4F!!uf)$SH9C`h|mkfFnq-5z#kWZEeBP}ZHSqz(=li{eS|B|HJFdGsCKVF_H zeUK4%f;0gt>*QNN{(|^7iY=A<(3Ff1GBRFkBLU2ma>17BvJ}h(EY5T#awVl7IsW(gyO@&`faLbb@0GvRb|P6=?W)INBW?e8Z)a(zB8!845k3k3dgV`)|&dwZ3F>-AO5|Xc~XFqvu zCIiz;2#|Jb_?Gx|wPXoFds7088=`=GdDikeq(0%3{rjy#tI-__< z3+R!S>A>>G5!UCsh1^Q#XmXY{kcVYTvTEsoIF;2y4hXNQ0Xy-dln!Gz($VgkXJX?!V}vI%0wA4E!cYV|&jJF#Re7Z%u8*pmgmDel$CD!+@FF*-eE*Gr8xdc? z>20AkJNkiX>k6Xc6=)hK^;tn~RIeR9L*oSgofOF|B5O#!508fqG^(UupCyT0gP=>o z1ztjp<|S6lcmfC-O(;J*oyZlt2t&`Lp@Qb{xbMuQ@%6;_+OQUCvSnzm!7k*WZ!mCE z52M2)%Q*CpE5Sd}`d&{$c7mn^d;?e-380H}oCG1LQ)cUqjGp8~9YRhF8aZqzCLA6f zJM*mBoa>^UM_Xk$h_)Ws8WYBZGCHidAWQceXsZsW|5^xJ>c-Lp&WU5*t3AGRd<(9ectCo zTfotWpRToImSjEDHMAP|!=t8CI_jAj9ah>RCSF2<1r`&;)7gxEku)(gqGc8^*h=Gt z>a&Q`08EZCP6T2z?W(BqCLt~ob6*YH1iUzZz)7uDU6%oxBQ9DIDv`A>CBl`Q!{4Y_ zRQYAY!IWl?hL$zY^cDk#RzAu^?~BYNE|ZAmXz;mtqEQ%1|qh!t&rD!@>7p)+33EQl=65 z$$1Fjx7J(94BPa89~{=K`OVekneyGUsIuu&4q++hTCUG|M^cWa%4rg$`+@1YDO-6s ztT`>_Xuz=$%*FyL{h@(MQvp`{roKQQl|pVo(1J1RH+_>%i5EiZIz#%;E>KKk64D5` z0TOX}Wn*RI4kU|6XM_u`{Zaruiv^^_Nh8VJObHh#POvYWZ5%gca>tU%U5{r^P^W8g z^9!*cCJli7($fgr(7C)l)A~|pZbf!m10qyYGw-HHWvq@0i@p_h%P{gof)kGm91<_4 z0VwG+zaPMQV1P7KEo1JqVNm;+I&O~|D>bF|qm0_;jiwR`KeB}WLry2WWWlKh2OxY$ z4+v5jfW@&kn`tx^az`U)8buF&xf#~2T^ZbB5fNl{svmDHW%_|3eU z9=B27nO9NPt@bN%g;dzVdWS&s-7AE-=H|-%SyF{9pK7%~(^XCHoov=c4wUDO^g0ZX z81uZGm-QL2qM&wKdh_p-3~fOoxX|r+H5D#Giu7P4SQ;x@-~P}yIhg)Du25> zpxu%G%Dd)(XU;@9y%%l3j+apgW_BgO+)72AeQLxNqs+H_uN<)3%(*bI%f(W2>CGx zDyr@I_g<)}gPc8`p$OvB9U=mAbh<9m3}r_`sg&FZ=QvrRnaZIkdkv_vyh)IMdU0^v zkP;jmkN2H1*I4}k+KRv{xu>I0$^_kzmDvt;*FhomN*Pp?Pn>dtQr>}JZC@d50x|W0 zrio@BY>)#rYVoaBQ(;OrOwvT>J(?JAAlKs**aS_yK(mkqwmn6c2o5AL?!w7>EoM=ch?g{qFWmrYo^fD+xf8H-!EFHjcF6d z@uf~oB}bjnFX;5`wd*Ac*cMjYltt-{_f5z}$Qa~RU?6!M zxSY!Cp+8VZ#qkXTgRSx{CXoO~ecMAvz1X)pDs8J&5e1I7i(u%(*`@5(akht~0cJ$< zMcx)F!j;-7Wua8?kkT=Ubd+Pj5N8_u95v*G4vq#+TqU@UNt-2e$bd_h94woG zLr-RA@Dt2c1{T>X6`FT;l;Vza-<}%=2mwJjSeeLzeGP@9hANVSqa%RAMI`6XNs#j& zU6LhBR>nt3NhKj&Qk`1QIxofyws!DFkAB>c^E){1**(CHTfF?xc(xb6+(}8inwZEp9YQOQHMfV6M(E~<8_7}mCBp70lf4QLkze#XgYkcwqu&%nN4@=) z!JRe)z2r)&9SzOKRXZGhQV4gAxU)WXJVTIf2AUUx!(PVetn+Uo0gxDPX(N?+N|M~| zQz*_X0~`&sOWYEC)bjS@y-zR3OCsUGyEUZilmB5>VmC0rgkiA?gOW`Z? zU1l5xJ?Oa308W_2n~ z3%IKbW*m`wmMjfA2Xduz8fLs*%W;9@% z;NbA?fesT>&LiZDNbq~m@GGpLFfzh{;^1)zm(YoS;>OmfG{YoZX5lR`l?M7xGnKK8 zOX^$iAy>sm0!Oa2Q3-SgUJ+9IWHTfM8_Dp8BnuV!^x~j_9BpQyBIQKU zkR&Pc1UL*)$mYC*t~JMXM-l>taP2T0n=GIv$Zw_W;Tkv%d@t>^M*EqVH4!9P(g;@g zCc!?rBnbtK3lvNVT5m7TzI7?2q{@iX$R}XCY$1KCtT8PHW__wppCrPsjH8^+P_3su zY7Whj37W19FspOw9-D!hAD)q8G@6(!i#C8!cB^?YrL2osvczGgw1EU3%0h1TX0t3{ z_h#&vV(34JOW@%^p3_8$+IHicFKn3Iin22m1XZcTTL?;Q-^LNIw}q+-q{1yAj?E4f~!3x~=L zklrJ?dEn?+hu3`j!z%*2mU>A^FZ(J_Kgv zXDPhCeW#N(Iu4IkFNH%$pmTL@LL#h@Vcm#k;#*{4ZEoF(4a1+AQP@i?3m8XSFULMQmNa~PfWXnie zpxn}7V7&&vEYNHTu9rC_nY)qdl3H&o6U;x$H2{`adzeFt|13q0y3N|dTkFu3hzn|6 z{V4>c$#wBGCQ5M>nJ`VYoQ688@$uN%{WXD)N0|XpBX#gO#SoTgo&H^Zy$}Fz)l3W0 zx-{`AJe_)K%Qa>1pdZo%@JK)erlF4VwH`d5G`=(XCJ0%31ed`hkgPr|h(3W(7O&E+ zNAG~#!V^_ZSBGMC4BthCGT=baxSJ(VGNGWY@zW$BkpRmm;Up3r^f3a(F|^S`s6+iJ z#QqI$6`ZgWf`irrlx>+~18gIW=APfmNfMqj;=Z}*ciBbPW)c#}IVPC_a# zfV;W;6?|)Q-blIx{&B_-1zHcC-N9NaTFNOvUUN7XD;>%zKMKhl`zt`odTgbpToSQh zLFSW;!*ErjB~&!V&=E(V0&9)FO-+**jE{!X+Az^iti3a&XQ{Gw_w^Zz??NSh1tQ-T?0`wHUPV$Vc_E=Kqd{B z>3-Z$`#2se?V~cmD-CYOE#g4(;sNoo!#8oG3Cr@t<%OHQPvZu{jT(N`bCe;_YYv9) z8Bw0MkY7yri_93Mf;Ua#3bX#E49@s)zuE;1;zq#?T?m|Y42E_yn=bdDS2LRH1vN4B zePX(AXuugC^wn8WmpB_iVvf9}0`$8MPS7q4fK8L!xb6`VYCS$R>uyS=55_r_ zT3nUa3Pcbkk94g`PYNUUnE`jxJfY*m(SDQY>R}xhe0KHv^uud4we@Oc#6X{9LZ4v! zOg=1mPeVG_S(l7Qiq2cHUX!Y|)#C;#0)1Tv#$+ei-UQEP)JF+RRY3x|jted*`xdhG zvXxe&8kL^<%Tc_Uk55yvU1R%qOZU(()XrfD_S%OvWku)Jrr(KYvC>J`#j_$krLNKr2 z@AY&l3{D8TlRGG(5fNo=)oym{n9S5m}_a1tlv zTCjLxN{K2II`N>I%y;rDoXml0+Qb#;x0H&Bok&y4JnYvH{)k1|hhu_lnTvHiuo<~2 zUL5vvL@INp11TGDcE&p?tWtK=eq&ueYgpV^5WjX79Q_j7AWO1Bz znBHV;%$bh{ox@i}M5_>Hr>E>Nt3~Ds0VmR!In=<14 zV`s&~>J?|!aiS896td-6LwK$L08FFlL9Orsa@HPY?w^nwLb2kGbDEw+ovY5cX}XSa zf9QZ?unuoba2#uFui37N@m?0p>bK?KP5p$%y^%&6cPzOfQtF-w2H}6qzac6z6ru{E zGzR|bmQg7wEoq3sc03KqlDp*$fTzYhn@ZD*&^s#ahw%wG)A6e+!r3a5G>I1sU0$5q zS>|INaHxD=U@A?wq^Bg&bK`bj?XS%u^dkwEhCO|SX7q~=4OBq|cfb-*(L#=r1e$1M zq}X6%XhEhTn4ND^%-2(xFSl|n=cI1RE0rR|Jc8mA@aQrPL!BW9b4{wVN*kps)@ypj zdYTp(UX1XCm9kx5d&?jNN=01u35H>tO1iy6=SCG3*>+R&;30ILq&~S}$LM^WV#t z1tlB^Y&|3v2}|b-u%q@IZ8@Mo?NHou{DUAlmx?=9xnE-}7Dmr>hq-}8M;&ztri~!T z{EMLBAqC_kkFO;;#UnXXP+t;uB4lDwNQLb&-W2sS!AXWpC3*r(s+HEt@s-UG zhQs07Qk7>~!Qt4o?iy1Zv4Y)PpxGLpA4nt*}>!bp_Ke8!TcF4F@k!VyH*E=d6T7$X%s z4iR$jDWr_lZ$Vchlt??!zGw;Y01>En9du39b*dAy@2gbNld90zc@Rt^@xb7V$uH^2 z&GJB_=H*oY;GqtNLQr*N2}L_)FAAgWz#$}|F{W9^TPsyIxXi=aDdB>O-T69|Q&wc= zleu>$1lsW*o|xngD&aXw zYVUPZW$;KVgG;&rl9eB;rX&ixWUl09;HDIGRHmR~FQ9WORP+H99ECa(l1vwL5TmBG zWJaT*qfrLvfrFc^$nfr`?;U>Kh~#z;8%lVi@sTqOE_iuqk%@{0@QvScH1Rx6geMuN ziOuDqRFYt_vH@rLfHY%Bu!Zt0d1GCIic_;4K_*ID7UYqMbJmwx8mBSk(aj~b9T zAwHZNZH`fHSHqf2TsLL6tKl&e+B!Y^aPj^fx_bTpe!RGPeSTsyG~r^Huax7cfC5D- z65MEhfv2}_@+##?Chyo-Y)A$T4RM5S`NN*sYFn}dk>64b zkyOx&p*)#~fP{sVPjqB4@fVSn45(1TLqb3nbxS`eeA+^g=?Ln1*qKjPDy^8|ondQ? z6#(G{!GX?oM3)5ZLAG!T@&fpFNnCI9!sJ~G_`Z(27T`f%K#Zo6ixWbUMmA)jqm-2b|PU*A{Hcdw81)kyOaM%Iq`o{0MtbLm_+1@nCwGGpCz;T*%Vr7p-ML>Rreko_vkIThR&TDX*i!ytcB!}Nm!f! ze=0$)T%BN&d*B1D$jd9cUIQ24jeDNtg#%!Qp{Pz81~5Yv#5I9$tO(cCcrXIvK_lh6 zo0f-b2XwUe{`z`fM-PtW4A5Stjo;7oL_oNl#H4x6fjNkR>GbJp5lvO7qu!CWfM~L$ z>`AVL=~fdcO^9l|tsRokLa5&v3}9)hihv?IKyUc^wy57Zgoc2kU*)i8m68p@AtG{{ zK|<~`)Js+5D^kZmIZGOf*D-pSEb64-BWJ*B?xqIopy}Bd$g`mlOhY5bsDJDrn2Kvt zkT^g69b7aVqihHL4N5H$@k(Dl2U7qNR%H~eix8Ay3EWDvP;ybxI|x3>UcJ)UVf2~a zS9T)kRmbpLF_WO5V1JP{&37tENEU{)-^u4)Du0lo@Le+nXQ6xP5H29b{BzaMdp zSU{v$6b2FR?%R1br6vRImBaI{Vqj_II+!Pf{KG{y3#6+W7AQ?`z~DG9 zyEyLaS)vM?hDomE9FrxBuA!i{3O%udHWio#na9YW-itZYjak2nCI0d;vVz*gx}xgX zCKOn!Cz^uUvnaef=~At>4IGwKMKwvmG)FX9(#RbvtGJ|S{gU7)OSF@aeBMqRInkPq zB2>+Xiv&}L6@bjeRYu!fmRxyM94BRSr)U6DykP^w6?7*jP}yY>gwUCx)1bD(LC~b> zckOZSKiYs0UDxS#N_bFLiK@PH5I})9Aaa>Xg3g@O=PJPceN3Y3 z1)T{r>U_x)Z99X8$ZmM3kX_z1=$=r}_yEiH`rU`C|Gs>G@$N%DFTDyQfiMR7oh0Ur z33+y7q+)iJZ+jZ)$h$C`WIPHdU&KpaqC&DT z-qrL1vDRsxOc^M%x`v$I@bGAzGq2T*R8-w9WZHz)Hr;w{SkNX^n?4Tb!_!n1JBV*^ zOb>RjhV)~2bX?MXm21l?L#)z)X$B}$yH=SvUMZ`5eRjMw+l{97pW)HSO!eHgYUR?( zIN5D(hz=AqzAaf=F+ed*ae?-+J_~U|XOsl41JEoX#1v_e0-EW&p~`c3pj4i(zr^x9 zzkYk|)Ql@C0(q85z#inLXwos6Y*7Ou=d!NL0KUpQtSgols#KNlchkDo!@j!TAF>GX z%zTi!pJYtmf3Ydl8g%_mhE20W4o7vqb6T2rI3$N>EO|-{n`UVqjt+A!bGEt};4CYb znd%cEflyw%ST>uX?`b3wyaE+S%s5q*Y3)RsUiOg^moCr0M-)P4c?D2SuT9;UhvPx* zz059+!D34m$=PdO%}L*F7t<6?j&VM=SqnlBAI}BXP_8KiZ1)o_m6M7VO@yY?`0{zRAH^IcFFA*k+zLNckRi z#O>w{U+b%K-)Tb`G!IyHWyF7)Sv%(^8_|Oijh%VjoLdvfOQI$9NtUt3s>6-3V^7Uv zUnx%Fghm2k6Paw{l3P?uVvykrEcz-Tm8z|-xC7T2zaUj=K~7mzTb!u&dJvBAOlWS$ zSmq6;)Hr3-s66lah`E%IARZ*d4F0yQNlPoQ~Y!239oo8=Rtea15@fpQn< z^t{CH*9vFr_|MFj+AM-5K(Q$ftw)|!v1=DfuHxS_AzS-H$@v3X1oE4CmF0c+urE^W z{M0>G^+qC)2#bYY^s zoqkl#Qn?Z8t8Z06j7s&S3p=VxDz9`{oSQ7q4NlQge-uDn^|jpo{1jyr;Mq787A zQ9b0c{5r`GGLE7(OCw*YW2sOlV4z1tETMA>MhZPK(@bX>xg|-K&E->HrSDYp3EBMb zdoTL^QEwm6x*{p2A2Uj?1{b?wWN!HyX32r!3B;2oCMB`EJ^EBc?D~VoTQPl z;N+I2lxNn~8?d`5WQtnjtY)_!)5P7vTRAxZj9GzAFqBbR>Ut$=HKr3+0CZL*sX#Da zvwKbTOM|0vwtMdGfOnr+XwLgr0wia00oDhKc1t)#>`o=3xBhz)(krCOc2+nbX_LoN z@>o_dBz$2-+U*x(G(fpDpE=pq(Woe1#e^ulO_%svuHq)FdgVh&eF&_NO6_G%v1OLP zzywrI14p~u+-oUX+Q?^S$eFa^+AG!eD~nAs&xy=?@@Fk=tLQ3f54uf#qa*|)-?+6A zK5`S?q6o7ssgQ3186hFrH|2U5!EAOa^A*&w3`61zNF@Xw9|k^6ld2AmdkQ{3yW7gO zlWEBAvcz$}rA*)wi=RL4zy~f!0$EWcOPp`bt$~6jkn+-}z%f+D>I|BuGa4L^EOpNn zB(e7{D~Io*8tY|eGjQtZ=9(>mvZL0}h1fWS~+;-lS zrX2M(WDro}V#KITVk~C zu|B5kmY9p!k{hA4vz;#rv4x?lF)UgBjjtalfw-dulBc|t=}a;i+a#kE)+12z9CWe#7)Io(Ek+B2%mv8vdbauCLVJ@hg%W3tn6=5}KH zE5iX4HS%^iUIQ8vq!Ils%_6c2C5_Y}QH-ag>lWC#Xqb%5>uz45Pn?)2gDmVrm7>X% zg4-zSZIccLVJ zXzXeV^ScJ8tf+i`3vJAzDzzn8MYSz0HdG#*(vTpRWsVtH4NmQ#uAIzay8X_m(?dFe zcni5gYriw@^!~4$^kTfmb$74wp3RWCU9yglhmPSu%UUc9D(C+QVNi+;csdqUN**Nf z03mycPU+!E3gjsmd5Wq@wglya#lT0?qC8~+RfN5Oqw^Jzv~LWsAGaiXToQYWxeT44 zH0_`XSCoOct5Q*Eu3F`wQuCkKv)h!z8;{HEsV1jRz&*%rx%yK`u=zYos4{4p$7C?< zX9}m<6#JFF!DW4kQk8>++rwc@BT|(VzD{ZBbkgtiO$DEcb;&Gxj^_NHjM6G|;G{DY z5U%Q_+!H1)<53oQaug?G0kO%v@~26q8psk2v{2cUJs39B{0@dk`J4@|e!{XiD$_L8 zmI6~hFS4P1a>S+?{RTRtpV0;X_vz0+Il23=dN5@yBsjWX=j(K>D?>IE*PD3>ENqcY za9qT;%w~26ni@BT2iYB{twxZgYB2{Ha*4>@R!%`^kYx_ZG1FN5|LnbabKA(dH+ufY zr|6OZRzRu0@4c3M2x###w%$ytG_q%+Hy&HZk|&j`GbMmTQ$z%!88j%FiSpfV^|SPX zg`#9nlDF<*sxlS{^u9dn?Jx84Kvi|383BOyHGNxJfgW;=m&WkbB%}3GUa3)Ah zJr5JYb>ih0qN~(_l91ll)3M`EZ^d{8dmlE}p$}P{%ThKHGb}l?5PaAZRo%!M)>2rW z#-N&uiK~GCV!moHD*2_s;2ucG*SnY;52$-{S;wwA3vgma%<}NYnSB=09!Qo%Co<;l zc|PWC0^307J5JB)8Ms-7wyZQ;ERrx01B=e%@#+u?B?zmXkp(jVLqL0&P}|@G?b$Q* z@I8AL#v`CsgS*0AI;DaxxH3Dj`z@u2H?&oaQu(EkmB#3xqtg@iU5BJqXpBSs)xL_6 z77V@$Z$BV~DiTiRG2L?MRCH+UZwm0f|7I|QelsqseRT7M$|Gc>c(SF7nnV0zCU198 z3O1gDA|DDP4ygKiN|E7&S%pD3e2}NMw;QIk@4tE8&OSMI0S}(T1<~}G*iu!N_0{F5 zfE-s;xs|~L+AclbI{z}eDKeWz1KbP@s-kUx9;XJ`>vU78aBt5Y{A)uChYtQdc+WI| zrLb1wI5hIARAbmBzzc^!DJj~55P*o8r8uXwau5%IUqhj}iTEU^mg?Uef2mV?&G}2A z!*<*5C41@DYtszT>E8igv+{A!hOmv{d?2;f_cg%x=f|g(Ru7PFa2an(7P$ZVwViOw zx3VVqq6>X}(V5?(g2MKG-F~wFW^V_hd@#(?8Um|Ts8E_OwQRIVZ?mE~0spZJaYywt0)`jYMlMR*D%RzVlL zCKgO}HoML_-We4+%0y~9mJ0brPL>Vgjzk};3FhxZe8WJ)VRpQN@qmEHg9{5aR7EyK z&xez<@rP|A412S`6}k!z)-$u|4Q@$>9idq}}@fB5W~Sm0_mXO+C|xmQ59YrP$rS@mtXbCidXE${$dZGvMrEnXxHz_lc)( z(GK2;GA(W)`T7@HZ2QUUz>|mq9Rhu{Q?tDmlY=V?NPjRF+xKsnV%;bv;k zmzjC<+yORGgk5bRnrY;X7jECfVnmvMI;H{>vfcfmZlZlhs$Ud5<8>+mxE- zQU-#^r;iJxW2l<(1@<>h#@nZ4yrTd}W|mbs1wLI=@)pjg%XzlYE}wjjX~Fy-Q5C(~ z-|-?b)fam#+IDVwZold$`1W^hXiOd6v?%Tc`_qlvrn3kMl0zJNp3A71Gjv*PqZ}x1 z1P%JyE}%`1+Lyxzza_0HD$ozZ!&Oa1Dyy5e6lwdusRI1!xjpN@+c>e(sA$KZ-p1x& z+Du-9(gz4|CUvf%C`;1d-D`06@tL$)U103$uL^zFrK+S4Az7(hYP)PUb$jeTe|6ub zEhsYUg6{5+x8wfq5T`{;)TP2=EQ&SQo2&+Pp@lcb=`I%F-yOEL!<$N&&tKTJ0)W}) zUg{sajKR>&IwS@ufcG8PshG2mAuy0piy~7ZZ>Jfln+s-KET_D^+SJcFeAMsR&To3S zK0oLcHoJ1B=8UHo3EJWCCOfb-Zh9;|_b(TglzpcyiW4>%o-5ejbOGaPG{UxMW6 zUjBgnO&wADuC6b?bU`u(OP&M$xvG2(?lbhR?vYg@H!4!<)|GKF;BpY=p~= zY!n~jssbG85>gKtN{#UZZJ#$i+7E0p6H?<`HbAroybM~Gsf)LRfQNarNL_3l)U;uG z_Wr?l9+0#6eDbyxTpH3N*mbz6aq0Q%VIT8gq+&S331r^fWF?+|cH%bO3j2EjRJFrM zNQ3mb;EJ@BY&u~C_IJhxXGbbh786-%$$n1D0zd{@JEEIz2QO%35X`!V5|6CMl$#mC z>QWmvl_O zNwV|k^$2mjLw>J5Ro)y9@Qyvobt4x#v4suX%I+xi^T%v%iGQ|nj3Y#}gE$fVj%wRH zYs~3(?mK+KV(_7WNDSpxHcEq++>6Aq5S?QO98pvv6VoNZZ6a37vuEOcPrD=Gr|oIq zeeLHYdBCjP5GNL4N~IV}m!%_&yud-1AkCDNfMTV2%GjgW88Ru8Lm1<>AHgcoF$O#a zx5V=h8zo_;ZoSBT3|jA=F5hjqh`$RJOFxxrNPm6pgM3!IEA_FnJBaeT0Mu($X8;ANW_H2y|w%Z*iBsaxjTg|!AZK6oX&{+qZ~ z%f=aXrb|dDqSypnRvQX$->v2GHeWzmRhM%^9KSzt!6;nohQj=JL&AJZd4YGH>Mo?p zrsV$L4V)yNwGSyK|Z^yVn~Y6R!`}@K92+o-bq_L+YA$9&O6U^?KN> zi8rYWdFn|^^!0IGI~y7r0`~TMYV748%muDumO2Y2jt3Q4CGnh)lEt9K74{+ju9XnffL0!WZXj9 zyanDsBL$YBgK!@&v(71ne!%k|1GWOzsL8#$FD?k~WW3zWS@?4A%?=i95hjd;!MR>U z*GOr@ev2UaWz*aj82I-p%YVqqteUtm49$_-0I9G*+A1>uA5<<+mB)&>DNH}Yds@$@ zmoaWCK^a$zKb)VR?jDHktjb4Xyb?AXcqFbqogQ1n_zgGXi=it#g$XK}70>{F01|e( z0AV6Kx9Y}J`mcPP;$av5UK_qR5Kq6ep7c#!umn--v?~X^PRNd;4@;7TO<*$du-+i6 zmm;byb~341e&Rf$MbdvTd7jDayH9Be^75q-UN7$+duUTk)))81 zVZo9w#!Kia%nD}xAnV72P7^E;ZC{q{&yz9C!d+@kMPa_EK)Bh|a~ssywdoN1rf05( zcO8Fw9mk?(9wx5`D(N@n_et$w_->E*ZmaRK*Q*R(5a`$>|7?c`TlexZ{awRk% znu@Gk%(AhhxFHJ+v?(r7JCDM~y<5i779l2YQ9i^83dZ4aDl!|O3CJ1`!eX9kFJVU~ zH- z-J}$yczn|3b+J;*csXDAdD3QJ7d7JG@gZ5sTgSk!a#>oy8MDEEFE%=d`-T6r;;I73 zPS}pMoMw;)j~QjvO}hK8y7?uumzo(Q@@E0ZA)+TrOaFx6b{u=u@4npzjVZ*(cc%o1 zK<@7=3pWbVJ4W@;jRg@#p5(Jbyud(*;?8z}*Q1bo!goS*qa&eUQW-j;u9jJyRSn^6 zG}$#+$R}p2BbL;Sti6^|6Fg9&k@virxdK7svM_C~Fr($JL$d^~QFFP?Fz?@;l_Hze zN^3M-JNq~Fpav4*V>KVcWLP)4Sv(X#FcKt0wjohuGfA*k?vYu;C}jRou0F|W%Hso< zSSHL?DJ4E$OggAid&%=CiV>KKA~Rh29nvsJ{~`v%uqtIjFWt_HhWWv~d#M{&SDTFbs=EWF=eEeiX3*s@)@At4K&| zZj$azVfzR-i}cn`QPG-q1wzc4#lPSd>_rix!Qvt{Ya@3kuV zX1bI5(-i$?5p}O=*xruo)bj^)YX8lfHwUdwnN4h#GVR({JUaBpVrp6xTG*vBe?)|%?vv(=Y3~m%`i=NbGcv?)(=0rqBNdVi;)olfo%k1zr z2Op!__MR4aCpZL+rwrq&8BfSJM8YEP9SVDny?p4R*zc9=V$N}4*6-dt>+hmid|Wie zy!e}sor+Nfw8&{$L-+-XPlT!AI-xqfVK9&)wmryti1*V%V!|dv9|#)sR1A4tz{wgwu^NtIy}yvokND^J#NqQ za6ksQpL%EXU}!+XkRcF>X+uF$6&(0QGb<{QPKzolFCigkCd&oGkwU|Qff_*e>TB4G zJyy>tymV6FKw0OuUXF2zyDM*uru*f>jL_?3KWPgFY?lf6HIb|oX1zPsN#FRRjtHKC zdRcK!B4D{KRBqXrQHipoqzmv+j!PNE9wgjf)R=rV6It9a%%mx*PkCk6LlCl*F>S4v za=B2sQD;sZjGM=(O}vpXvpk-o;9UmhzRgyMWlffEJNjm8Hh>QsAmLK4b5%*=US<$1NLs&EJy!OxZ&nIui{@$Js^`QN`eJp3$ zO`&S5XZ%t$2)}l9g~?v@g&*XIkyU_yjmi0){B@T-@1XFk=fWN+Fq=$q;8ost-I<@0BgfA&9jljj_^ZlgH560VM%wQ z*xVlQo9E@kEWD11piv_ALrKzy%BYAStHgft;!(2ftK@(;1;eMitVjr6!q9Jyw!SGc z(dsdPFnS|;&|3R%l@Dg<%d>2{(brcq>wZp^f@dyTk zcrQ7bMNK=i$`!3)8i^4Ab10Liu*4ayxG{4t(Up`$zAw`V9quh7v@I~KOk{PP!7(vY zx&aRsqLbm(OSeCV`PWNM-j&&8mh@9b5XLWsQno-GFbN-2V`zkS3KKWLhUK9yNqQs% zO}3!jt2|Sr>z*jgcIB27i`ygTxJC^UE2Y>%8Dw9 zBHQcJUyil7;1~}qH+N=SP9np%3mwrDEtIk`rlNs)-z6&UPP4!6HnmzB@pz_`nTht_ zVa^zY2RvDDKPECJb5Fdu(Qz%o{+P#REMp!?&db(2qbQ6#2mA4Og|vaNcDX0o$iT!E zTuUvhCJ|=^YZeetmquW_wew$Saa$KnBP&u?uZg9@!F&=3Z1FcHD>uRnn(E6OihHVq z0_B$l#U5%f>UmAell@`mL7^$KFLMcvZ+#jbM{iR&TuG< zJfSHpi5Amg6s2hznT0cHN?!4cn~CTx3?7aGiYG=(Cjw1(QejyfI}xLVXg8l8A#O40 zt=Y8{dWnu&Y6NT#*bSyKFF=5Xo|?|F0TQ$b^}ocXeG%B1Coa|jRV$uZJlu$ZosG_I z3B45zVc#BM#B85FXQopx%LbiUW+~RSs;M{cfQ*tAy+brOZc(9T1z`%gr@?vQb@7&2 z*;7@Ii#(UrAyHeFN)a4~LzpE!u3hjUKfw=ls@{TSI#tUm$MJi|U^O1Ayq~hurvN#X zmVz_T9TrhoS*g{K0-f}RpR^TcVB_^D|7KY(D#E?CjPxK|hqRt!_>FB9Blt@%Clk<5BSElzSl{3O9@}(KY@`_gjM*`*yb~2h zfQT2S#pZEY={V=C}nm-t%&Z;Q)zYf0wrS~NP}3* zR26yB6^EDIyGcpXd%m~BlK&@4lZBPQ1#Qv&=ZWThfKUHhjp-8PWZTp)CB;LP2MCL_ zS?#DJfC&z6s)!9QG|2WC@Gr+h=1~5cX(O0+Pnn| z3-+pM{-OE5WW4dquuL#8JV_Fy*oe%R^EuKR;4%geyP8avH3+g;1zMgC>KC z2W`y-2bV;s)SQ9ga3|ueL{@!s1wlX4mOS(qH5MB*1r{Hgi@h0)8ilY>=2koQ2^X}u zf^A7AJj6)zgf>%caIf*|d;3E?&L-E4g-}hTwqW2!t3(knh=hiOR^G>Rsb^7i=KUo- zvc40eCL=2Ca-NNlZjy?EV!&cdIqZJ{TU=&I5*h_!$w=g?dfGUrzp2Cvd~cLUPpYCh z<{*t!k0RbTpj}dV&>t->ft>3SY_07V#k8mjJxij<^FotofMKL)%?&8}F%1^QXO^d& zW~3v9$j)XIW|{VnDQ3MUv4!2G&}|Cep|lgU=4O$eD@x2U&n_2a>C|R`yaWqGHS{LM z4ua1U8F}27jiMNVu=&lbR?DlI9rwh{HTsV|+7P4416YtW}jj)K_UV=W4}+VN}d%QRSnkt7xJbhopZbC<-k) z&VCje#E6A2JfiVDbLKRRwTq%72cnHT{UCWg^2PVU4{@}nlY`{7ifw5T)Zr!iO5ZC%)O{3MG040L@fFapss zB$|Kj$Kie9?j)e>AH4kTWfGkS13<~UsFV+v1pj9RotMukmx)ZCI0mz9v5*zwgPXtY zjM(Khql{f6_t?=HFPn(1MdSttdO?vFQ*eZlFquF<1_{K4F`MPkjz{52B`7I4xsKP6&_Xm^{S$bS=jXk=*j#2=P%;-`!AjY zLJh1%vPq03ZV?(JroCq#3>=1*QIyBd-b`c;Eo+(OD_(PC)(Q5o5wVqS(AMws?E8oR zAN({V;2QKR@3r@{+F8q(t_Z8fW`Hb@JIOX=L(gu<|7W2lzMYS0t^e=f;NbbeLEHcL z-QM&6@&ElZK32F;wVzZTUG#kWND#{%qrsXR-7GZ7ig|&x}JivwAWs8aZi}HQoqTw;3zd=%&sVnEQ_L)$@g_AXJbLGAQ~M`mQRG zMHlVfAMWl3B)>a0ipL(j(S_OGZm`G(wj&nVCacHka(35a+G)t{)+FnVvc{^e$v9WgQq-Y;3Hq%PaH5< zO!xT?gw$WWCE3b6L;u_XtD*UgVz}JP=BY7!8M`m-^PlZ4+D%k4odfFWW+ojeqx~7n zfKqyroI(sFSo9wkvO1d;Q&VuaxHx9>$lf@sa-=vRLLw@~QWp8n8(YL0 zLL+?t4~|sp*X<`BQI?&rV_7!=AiK2k#lw9(O|}Uq82jujpAlM(Nl5wRO~%vTZ2;n+f2??btc_$ zk;OTDr)3j7n^&4Vm*A|gG;UM-US4T*nZWMKD~*eZ%6Lbd0b$a@uiHJz#av3%b zuj%rUEsFOa+otxL@=H^bW35x4`3b#pu1DQFy=N(S(6wRzVsY{D#>}|9{dN0^qJPpa zYo!sd-R=6{BVbWa;L9bZicsaW=8#*kg#Gm-yLt^Qt+BgAyHwsoAi6WZ>~$vhb~u5TE4K@uOeR zD>Anx)Ops_#g}2S(DifyL?vnyYV&{(;tYl$`#s?r*(!8}N#M6zc39pPaq9{6dHhlBk;lE0?v&tAW$*N{Ev>DU8MIk3(q|$2I z+-B@pnq(CQ8)L{t1R)pIaz4gDOy@JZ%~pCOkl?UD%O3cems-XXJY|l`(i~LdqRKo( zP{cMOTZ$=y%u2e8-(vG_vsy;M)dZ`=QRgRcZu(0mTP$jop)b#4xbIP8(480J#$=_L zC^%02M8(8MFtIqN$Vg%afIDZ#J1*soECbsqyUJW7${{6S(h$&`nK`g{1*(Ssn#(=r?;UsD&j2g48!REiS*CUr_{B7S7JG2$N@i3MI@d@G0x zS>5z#c06QWAW_SHNResyg+20%Dwu`splOE)R*>#cJ_Gi%f3CNC$WiF9XTHT94A#e^ zL9we-Wa0u5OEb)d4R!q?x$-J&f;mMmYj5^-PsA3O6f+ z4TQI3Z-wcOznX~DAd-D17Zxf5J|Vhhr>$j(&OtK>OCwChv6fA2u4&QJhVOS5Su@*h z)NXgMsqKW08j&=HzWe1^H$}6=pwG;Ouyhv(NeGccG;~@0!m@1HxzQFnc9!WG(&9BW zhuL{sBqWbLbMd6MC>vb@j#6el1)CjSh2{*c-cW-YEA1NN8j`LNDkK$0@5IN%3ENyQYr$ZpN#bo|aFMqUsX z*i-FdZ^#F+p?iHWguyv_cOr-}vF%Mz%5;y~2sjilA-)5{r+h%LL~yo7`1N)M)_8OX7w^g5gd)Md7aAh1eVkT zokvmhc4?s~`4CFmI87-ZQ;SaNnD*#LEP$FCrc4l4NM95X(|RHI^T*d`-q5m> ze!MKoT#MyGz?xn#h?_U$!GMjIRbC<(Mh3K@=3!S0qMtFZS*FFUEX#1j!X|Ana2+ag z8oG4@7pR7fbT`HmaBKrLPo&q0(6PRwP82;ey4<12%4S9xE)ZLd5}Fx}qA^X_T3^l< znrR}vC=2W85{;b9s^YI0G*ABOa^(RdgXmbT{9OmxVom^RRtr!1fw~gz69cB<5Vu-{ zlvYxxX@tO?wPehZrIwK4Oqm&`$r$mBgg3zTZ?tv?Z#iBza6nJ8DuOd7=%-f>wZOFH zEuyuX1&U;j(5#Uw{;F2Xg^tuTXf~xR(O~y+?Q3FaYHn41EwsF{o0cv#n=n)~B3BZZ z94Wv`%v^{RSeQZF@OB;rE3pHoFxN&lX|xk9thMbK=X%exl{H`EI3NRQi=Pv%DRux{ zrX7ZGR^=)(mmcQIOj*gZ*j(F1A`_Sg(9&B;h#bFey1t66dTbUD=_}YiN}f)@*~O5P z0XIJcbXK-`C?%17KpTbk?3ZJ^5l0dHX--S`9X`^O+WQJNtofRbC~qqpF-Aox8tX=c zG-{p&SVuy=9?=nC{y_m>=ATGtnT{X}6aUB-Mao$l3~U>)KiCvV1mJ;mw@hn*{pC!I zT3S-LEFx$R1VE?FP3j@a1{mvvovfFYMvh_+MN=#hM>z7o!`!b_{6&q8oURyyfQr+! zmIn7_@96|~JOYv2T-k5n5B zCBQfUyBY)YZBd$KnXwVXtWQWNq~l!AfF7(R2^)QhI~21EENa;(e}pVKFei`5U}Q0; zsMx??>u20V{j_*yvtmjjU5t)tnBqJt_C`mY_W8BxpgNmy8+OwiCDxoBLE+?04c2}; zq=3DZ7%L3tQ9Pv{$H6|BLKPTPj9*!!MpzWa4Q@~rid?OttQlubta96sOT<97qrq^6 zQZIoAuZaLM@cOh8!$4=LWdyvQ6l3638~SDEOAR_O8)S2% z&|pd~;RQuZ!--gxRAAS;yVP>JEHT{__o>}Eu6BJGMbG+J{*8bO*y#1CGYbj@GaJOIbo$z*O363q=7VLP|s7=j$Eiq>|m>* z$+1O6N%YO+@b!xqFVf*oE|%l6(6dWw(r_;kkyLQoM?xl7iAZf_ofZ*iMt{}(O_^z( zdTDS}tDjE_OUZ(%LihuTSj@)fsd<}B=CmjqSzk8U)h0EQehrD7>uVkkty$M5BTT~p zrf@z9-}yr4RL6^luww`+?xSdv5@>Ff-a|rL2bObPGyDWOhgtN@bYOsrLdYr$y5?7Yd$XUcLmGdF)kp;VBA{J8IS#Dh`spTzUaKX-WwQHXIvg?`?RtF&yT6!u6%aBfeL?t9tcD9dCcUV6oVO**K<}Tr5`)#Y(h+WwZw-;mLfC{KjE|_#uQM4E2K=+C_Q-M6L%`taj;fJgk66me4 zqfEh(QI+mb)ENm-!x6bM5 zdt*k}SZUs(U=g!^gFXDDHxAjNMEU7kQS^H>+HshLo~c_cX6lxsqtIvS?GDspXy`8I zO{ot_08EqU_aJ0LlnIunrtN1J*F_5WAYgQ-cKbP4{O%*eM>!P-SKe+<1-m;@DnYTc|OHs)ZDO((-zrTQCjWsUx#NH?vR!9hj6j6)8$-Pqq!h7ofkwx>(3qx4@yp=lJ$vto{E)AxA;3e#MwyGhyxe;u@aTbW%+8RL!{2T5 zqjCZ^PXY3l8G^<0*Dvb*9r53h5b?EKsbwQ}oB3jwrZO=_#GP*^b%U?u*-DH3y*DpK zte4}zh^^h@58s1~K#vyH)fTD&b|=H`u#rSsh64(s0!AWvedQ<+#Mq9Ge0k@o5M(mT9xvUyK)I#i3HaQOZ8Cf z%4V{Q<>Mv{irsBWZAQBF+U2!eZS<<0jUSh_**0@kOYaEw!ehd*XgR>xNr2myAv9MD zyi%+g(~1?|&{4T&IIM!$)F4ndWjlg`ez5ArDG;2$-rIW_hDUhcM^s^dyn`p?VX!lt zz?K0DfiGbwz^>ji9*r#JTsHM8qBeE=W*_;=PQDuG|>_1F=oAKB_9D|;+Uu3 zo|3p{aUXS5G+L0_Cz`CjLdEA=%7u%mXtD;7!d*%Xa$V+G!^p!OodyTt20Pu-D-Y?Y zwigYniXbpKeGxnSN#c=~;!7z`9-?pI<)WW@H1g<@>M0msM8KkKZq>H8ry>kx5^IyC zqsaTYMXh1R+f$9g(+S#Tj)F8as#!Ca7r}))i+C`dI-08KH1#AmQ(@H9boAS`+OD;z za{S{Ku%3u9WEa9DP}{=#mKwmrrUg0{dnA4@tw1+*0l+^lzrb@)_(ws=p|xEQd|RcO z2z*DXvhygiYIU2f(ADL%aZ5dBRPq~DLx1R7s ziO{N1c$6L6V+c;CQRE$W!P90F%NwGnC9ZJ@4ldBFfN|d*5X{pk+ zYnp5_lNQ$vFxP^!YGf_bFrS`vnh(B|aB7h?K$Z(=BHVZo7H%#E3sy(}K+|lx>tyd; zr`)FzFItXY8bHbjflMiTr1WI(avJO6s*-sqxdW+eMhsf!!aje077>U5!-Nq`ESq*< zO{v?8VuY*@fVinHd}Yop0smXO2zCN>*S6t|{nSPl45aosJhM_u@TOXHcrRIdWW6AM zjU#Ryvt8CB^mO}!kpu!%+r2On%(jW#5>QHHx%q;E@J9p=4t}6XKB3=(o!-o3gfD_m zKM{6~(*&S1j62{0WJesjVY}V{Pbup77yjHI`}N;5Il=zeHKkx7yH6~D)Bd4$2I8np>RdTJWw7k9|$3&0gS|qLp?0zqVk4dNeCmyM>r{yvH+7P3NC=83uxrg zQbQ6ac&&QE4Qz}7NK(|?6j@csbOu>|VZYL-loU2IQ%XypvQ07jE)5MWH=}RMNdqeb zzF5@7P1eXi$`#oZ7Iaavlr_#Yl1;$+fToXH2HRHjClL_CKaWmNuv5MTb#C@JAG;%S zzAq&31p-<$?W-V)#@ClyCSZHog4k%Gn6tTE%+&Ux?vo-piYvtNiK2H|T^4@!JBZX4 z!fg9@2g%-!CEY##^tLypnw6Nyb01_{EKCt$`~*c&*I5Bc6t~J$RF<;3lE`NMb1OK* zx@Mp~#LlOxX<4x49CBGJaGQXe1MJZ7Ado6sm|Hrc&B3Q`F|SWep-V{=iysK!I%mM~ z48{r+0!RI_V%}ayiryZM0_ZEfVtP9=Ax0+M)M|y??x7|^IU|r)VD1BylviRdvkEzz zB|rg)!dzK!AwLI$uF97aAo})5%fngcKtvFkZZj=(HU*dPvT=qyh@C=TEjXvp@tRTd zGvFTuSs}Mo=tEi{Oav+ONV&rj_>$$ynzb3(lCXbKW8fccxrkNGsVbHiz|>9Cl8BGX z7BYslFPpmSB^@mj(+V@D&=u-iW&;#mN_@iz2)H_M$(k{Qup;n)H0F@JT8TnO?Og1+ z!VLQ;(NvwEtla&_tD0Ku%9cgIE$ zS}q{W#apDffFrknNiqT~?f|aTlxb1>mzBBvp_67LaD9`XpkR^k`BU9qYtCxtjnl{l zhE57yzz*9J@5|Pqfr)=Ri8#^#?LYEPhFmss(%8-sWqJvRMDH*} z6h+(=6(vgX?O=Lqro&R!_|X#+pYA{$Bzym9sl9Rqqf>jQoX^jd&SjG&%(D{eMK1qx z$1Kt4E0(BeFVX1HOY{k#rTEx%eqc?Z1;-GRAG8Rb6_D_bi^yXVpzvyl67_>qU}-|0i1(4N<%G49uG1y~XtHa#ksOh&0+EMMAg&}t>QcHtK%JAmW!H6T z#F2#8MyFORmqz}&6@SZ9!`^>~=r=I1$VLH@n;^75=Re0PyTeK`KX_gj%~S1I$?*b2 z*n5X>lB;=ERA?JSwa+HuluBL8JYFs$i+2r+Ca=h!P@|sJRyV0z{j(6Qp9O353rD)Y z*bRoc3vf6PALb3oq<0xxXReoc7kQ}=?k!|~12hU`O{dY%wAf+}4EOX_BJ3rMkK*{IKcHe(P)zs`>G|B!c;Q_%4CJChct!`7zAH^S2JFGKx+r zXAd#=UUzgcU$bRD*=!np(bEh^o^$!O%fZ801L4=0^56n%aU#4g{!J&MpZaYCDZ+i6 zaAy4MpJv)>wVW8G>5oz_Okd^&S@^wCa@OssIXo?_`pWyIk@dW&Koqtc&sF4aGf-e| z3%a`fXG~F7ghGOjoG9afV<0mp--BCsq0WRr2SzJ`jHF^N)spR8eb}e>A1Z`~y8dFc zdq3j6-%|pf()L&aoR-L+NjXn;E>+BYXd6#U~5S+ zs+Q@uy{>>ll~ur|BCw6V?b@PqST)xL1l6hxq6mFga3qXwP+V1LnD%ZfJMwK3#3&XY zJ;;;(ev!InR47ZdHMKBZHMB`=W4b8(o82I{U4B5$9&_}|K}0;dY6Q2>2(qe_J1(gX zH7mP*%oak^LuU~Hyo(6PTa9Q7?)NG5#x<)Bp8gyW(_E6 zl;2&B!=Oe&eDX8{i-(UK24Kwgsiw{iNB7(sZnB~ zat3m0KW2^s;NK>u=vI_%cB_+Yp8ZW#7%G2lQQ6FCc(p8YxywbySR^n*m?D!|GcWn< z=!b_l2MFFl>@f2MiU5d)wc(2}i1ph!{Txe7qu%x#~7|Uy({DuQ1?l6it z6`hf?a4G9v_8P@z(QnhJ=gG^o{jF`3oKDdzcqZpJ?e%ph&g49+nquM@5AixNyO|^0 z(Y*~;MkayZE~X-dj3`2i$b^RScc|RnrrJg=mSst2Y+sLnrBs-Q#A4{FM~&3U^n+?n z(IJ%fHHz6B*EdQJJ@u$YRm-yMSyQzH^oe6o%Z6SKvakeEbe|x}VxYkPFUksEj|@;h)DVv0wR`QVEd{_>u3)4%_t(<;*_ zS>3FA5nn!X#(|4&nwfw4%LcMkRegmwsza{v;wW~w+}_%vJ7I|`)-{U2b>8)+J+n}h z{_*37pDt6esO7Zya$ir^HcD1EKh|o#{^e5!H|)>G2D7$V{k>mxPV@4cpp1?U!w*VnQPRbkj0lFBbC~A zI1pHj4#}jmL)GB^*PO0|VOwDAO|^I*k&6GY1())=PdRfQyQ@gCy~hpeRIm z$Oa!m!b=Mh%q5`MUm_QoxIRPhho20HSxXJnZGe`&lAbwj6_wfFboTudc{TYQfMQ1V%szI z+M!=bJN(hS_#$(0etf!X-hQvL{D-VG*G+A$xH~X$m;CyrKXr&@la54cR>vq(we`AK zsBX<%G;XPsD?~jE8k_uE+T8G`=x!4W*+vgN;OSktaI=2pG{llrSW!3u(u+tc4vcw zmj31~3sQ+&C0GymH*MRdEvwkk(^J9+bNYYV0ee8pW=c0hE&GGg&A+Z?o`BdX;fNzr zykHs1-*R0K3HoP^5_U1pUWt>k&6L$`93fNT7{G``Rt96yDtSUo3!knhad3Spk<}kMF31}m(YE{TVufhS?VFMyL{7@A>qg;j2Gh)(8}tCTT#H$ z@yXjykg@_qn2?<6rW~-R{bqNZq4(cTe#?4h=}vr-Kr8B*rV0=Hq?m}4Q)?R9{My=J z%vkw8IqltGcf$N&YDV>up#uZB4-AbfwSpmCG@_}q>9m-%TKvE<n6oXy9X3Sd1<=qlc*057(H53F5QI*&Rz)ZC7@HzCoJw^tUlz#hXZ_9i< zQ?Pq-31<|D-FX0VA}ECk(};6QMJFMCmjbfXbj4BaxbZkeQCVl=^<(4NeViSyK+2 zXY2+btTwwhRV_3(I>jG9P)=Zut<>qT5BdQ+V8FF{=ken>5=ekj3DHvs+M@1(-aS~lc{wk5EJa?gVg{A|#& zfwAhg?4Ad|Wy{dngE-$@J)k&59|J}4Pzj`rENVHCxvU`VV!eU)x3cWI($T(qpE>upvg5W(H``)x4AIJQ6u`o@ z)J}hXc$qrDdYZ)T(|13|vYMz|<~vEaE9jQ*ZHHS;-FDD501`)R0YHI}AOlxGGN~Il z_+9F$*9^a`Bxnb2#)mWgpOIe^eJJXCoPOT zVMqyqWzoIH?ic>{@ZZvN@oyU~yr@;9CTfj3A?_gAfvp+z{D{$mx6Y4Gx6B#1_4)1T z*26}s_uJ@how3HfJZyB#!qxVWHmzyY8atzVdC1=QHBDOAs5K@=_j0eP@#|W&woz-W zi|*xKE8}n2s13|;|6Jq$9m8U*;X#a|qq5}N#8EQ4=nur}ks$lv8403KC)qBImWxiFDYsq1eZA>*^JN;*W?uf2x9aHP3`8BT0UnrA> z&Xs?Ie%hv`&y&3Yo05HKv&Vfa z?I(jDfBbO%>ErwN?>=2p{?l-P*jIcu?(PN&RIbe5CXwnJd>*iO2VF|tGS36rghGcH z8V@MyTYpf@xbLA>cYE`e{4&qoWgAbRSB`n`Un*;C+}*6c+H@-J#Crl{>5Z3EIDL8WqO;ueehO*+@tv<)?)PIsqSQ7&uQla_TS{-AEf zva01oT~)>3WG-Y~t6Dq4C)ZsD?gvu@@_y%H`{b%pHTWcd%!=~c-AQ+XN`7#67i(;Z zVASR?`W^)VJSb!cA_rz?zJHUAeJ5V;z23X;p}y{Bc@Di8>MsBOH9a0-hGHZ368PUY z=%mgHtHt)nlArBJ6BbLiU@&7zPc+L^<<-m`nu~oZHTWT=Q2NQDKcTd4g5QQ zLMm`Dx`MnuY6BGx0EA^>Igjk_hAP6^?s~qkARNN<%#Mn0WCUa&lT~G3#G7yjNu9XnZWC_SXUYSREF1o){cn0+( z5vK?&%f|7}-(X=J5~afy7onz&6J zD%z8|k$Q}-T+6>MrEaui4%gK3Z>XF-e!K~R^h{1vmA688ys=BOMS;l7=~KLRzzq_`tcjr-ny=9^YL=-|R0l z=q^6^*gg+e^P6^;@q7za{ZwZYc`EBd0u*_&eQY`2!+pjuyq4jU2xdKY47% z9#ata7c4E~jPjv93LO09|DZw0!p^(<(z7Yy-?T#!lDsn_|I{wui8T2{oI}>8(1*gd zQFpn_^A_{yze7){X~U?ms;6r+J=jnyIW&Rpdlx32g>Yi_ERmERq@xQ6h$s8BeBZ*+ldvMeKx+H zxVzb+_`^ME0Is`c<#G_Y2j>AW&kNv_f|>n%7T59$!aslGkC7^p>tbTM;j#Y@ceg3^ zF+?gJ%epxW6f{?+uc$Fc`Yf~2ih6MRDR>fsVZT}l?d>l0BgUHIzR-KWyJazvm0kl% z<%}5#+8k6r;jyFzvkHw@eZH=uvLiHC`Q!WlAT`_^#C{~|eHlXo5zAJP zv>~w}v^F>~L4CCrhk(Ab#m@Cl>#k|UX<%QWGCva!dfaDc(GZ{=npy7Y;Wt~&U)5dR zyLFA?(7Oe9ujNWCvZD5bkP~rCDAT~5E*V|ZA4V^<%}mB^;U}iwDb5?Xmt=Kgp<<#RAs}<2<_ln3 zW5NLdE)Cu85Kd^xSv6p}BMOjT;7BY`{;p+~JL#=^(mmDDMOXvp549k(-PN={M2Zng zoqcCg7P0ln?d~N0AXtyR8;WS)2M?({50K|!l={8e3jIhkmykFZ(2zt&)e0i_(Q~?3 zHa5x=aA~m-3;~ZWxZYZm=pAD1%N0QXEP#F$lp{t%^eCVEib$g9sABB!L&xB5=HM_A zq7!mzz7#I}0sj=@{Qo@^Tkn>&TFBiWWL*~37P5%D323iWZytu?KyD6_H-PEuF>q2b zp5lvEQXmIGW+l(z(J1>MU&vO6CN#;y66(8ohLnXUtGrwf&xAtyND@VeoDb7RF=Y<& zDieB97LGiV0)nipZ{-7zWyn=3!O})6Hr4 zRs9Ft)cd-huc~ZLUZzrk6QZZb#N5LN6UAl9+=tW?Zks)BBmly2Xe5C9&WpWw#s;=U zP0Q>`6R4&#%ajOp%_XSnoRV5;LBrUgWKJHXbn zsc9~COJEdwvBvN33H3wWThFMzBPOptoomh&fop%=+BpLPtJ}%{_^hA zpD*8jIJ-PM|8#Wz?x#PeJ4tlX5C(=8&v};U*aq$@bi8FNY$$J8H!#7N97eH7H7|@9 zfd)Armk7R84!kfhjfWy#s5~wfF%`(@PT)yP<}2q>OZ3fzF=k@q9Zl%6N=>Z`m2-{G zJ_>c-S7lJkLgnjfDHf^Nwpwg0(U8G3Prfu#R3N16P@8IbwKTW&$*CK=DEgD52kuHi zxFnqfqKn)U7Cl|lO7|D-Z+R4(Si+GBoAkE|=oV;e_l zz_Fb_W~6$*jqW_gOR!e-*-x$QRMkc{gn!~|gX9DoHfo5$z-!dJs6NRoU$s5xcjD)w zD(1_%sFw4wtO;-ip7Fr6fj`#XQu@B(`508FmRj^T`EMH=0hA>vo@-vDdHpK_e{1DGTNb=X` zpK=geuKuT5q)C@V9R&9TmuM{+z`W3iF|9qP)~0*JV;*cZiuQ>200V-Liz>Gix6}yb z_#MA~q=q7jeyi}IjYeuH?&r4(^4X|SBz7JV4J-lRi!S6fJz=Z%mijJj2Szds8PGe^ zcmEOBY81GV%)icp@6XjW01nud7XB<6_}#ut-nf8S`XOto)hN3WLpNz_xJJNAidQm7 z;uP=cbkJfdN;z%BxXh~S5MZXyad6K_d2!SIQPl0}eBkF!{QV#IHmZ@j*X?L0%3>0l zL6h3Q$){wagrJBmUJdtyo7N^S@@k)5;NNv(6xXghRPj?$N z@7(8g&$AC~)ImQBUeKuQ%bG@IU%q{#I%JRCMp+HL{jv)gw2y$%f+lUbKrR<`TWvrx zTQ7||2mJv~yqT(tzZuz~j29}8xj}OGi8Wb|OBqvTF}Gl64MUdSsRqE3k54~;cHI4^ zvYyDQ$*v$+3?2~PcPPry!N#2=c7DjNPsGQnT%m)jm|AtdLmlFiC+^-H5Gq>m-B>o+ zL2CN)dN1u+C$g!FNe?1B|6sH9{kB3fAvTJPau$1P^CpE0K#B{`h4SmR_s0%~+%EF0 zk!NJP8(4+-kYEcR0UJJ2p!3QdS_m6p1l+Nt_Kk4>hDC!7GWn@d-#lA?4Ukil)y;CT z4qbp6MNfV^1c7xUMbX6TUOr{qHBz74OJ9?KhU{By>a7ift^a+4to1;YHJm%ssnO%s zqr!Ypx!hf-oS!bfNu2-i5@^&ymFjABwlF*NSXJiiD1spSJGTFenYtCgZVw2M@CGw{ z@fn@X%^IdGPcmK)^k6-}SSKx~{W1WI5lkqtoQq8B;;Q;>&N_FF4kn?8@~T61{n{h= zPW0^-_d57{Z6U6M3ZvS-|bfW~4TF@WGAh z{T3T_+{+2s)2RC%{AP_>sQhiA>m}I0e^};MvZFLwh4Hle>>~+1soWvmtglh??91oM zS~Y<#_dayT zd~LHfZV^}!!#9srSvvU1i_=b1m>qI6Nf8->jc68YDkrAzp4`r|CN6ZG#XUcpZGoV- zg)(2a*(HKTpGnNs)03IZmnGtE;(G$&Z0rC&fHSy6NBP* z???@tV68?$fX7Y99djqnCUv$z!k+HWkN(_=^!c9dyMS7a>T}xy-cF6Np1ni%=tlK^ z+ig@I=fPdO5#NXyVR)gp8in?~P@eBJs_&uSvQaZtsk&8Nr%`{VGAkV=b?i(&?uP6k3^6#^fKKz9-jI2YyDNRE@I70K6~~-HS+M; zGY%%sI7LFF{a$|Xj*W{77Fnro3C>@OZSgy?zjyFrhu!@1Y-Q99Gq$Lt8eE7c72 zE)rsrEwXV@f>{xBW3oIy6c-=fonQWN^5N~}*}G4_oE*RVH4>)4BMsTGhhmTa{-CN) zN;QX=T*lvi*0MGaK}wCAj`Nw5{?gD=m2#9X#~u~cSS_m@Sw7gu^2g;o6A>h!=%!FE z);e1(YPG0=b?w%LuVP}pkxV%aX9`IwM7kd_!5&vuR1~wp{QFTvOXxPMEJuJXwQ~IZ zNJi3S@D~+_iI`F%ic6AJ&_|5u!GF)Co zg#rF{S!a<~Cs?gb@lRW1YKaI^(-6c~=IFCeAx$HNh4;9mwI7#tGn4gP)p7(KPALxW zCiOWTAfVYJfXu`^TaZ-jLb4(p5$LbxK;~8{6t^EHBhAhIj=Y?3v)-3YC###ofwT7s z(36VOpTr{5`c~CB23=>Ind)WMV9wp*>T(Ikf+^j8#cy+B9?tfUwVK;+1Qq#5x%woh z-q%8y>GBJtkGbUz#X{-ks)p1Y^W9ZZeYrGSQP!7>T1_C>{ZMQj&{F;p0AX8crmV(# ztb3fVHkru@9OcnP_bHJpALXl^CrX*1!7DpS6#ZU2dv;zdo;^Dhf2PC_PHy9KbJ#2V zn`Dm?26VVTz2wnvyj24OqsD{<+OCUoc~w-c$!Klc-yoy3l{%U&ic1K>;&s@wUWb+| zELM0qYOhsO?6t(5f>GO-_=8y|nD*W|aE;)F+Dzx*?fGeVnzfos6yq%YpqT{@>&o(6 zI)988w1=!%F6=9bC<(0TlevWDZ)%KTG~iz_geg|OrlRr6tSmd3E*Y+< zFccmVCU8f16X^|xnT)lK;4#L1|IS?Qi@MMF@$K}Z$P6|MnYjuF2r@~}WMgh*E}FTM%2kci$5> z38vI}KM*y_CwW!qre2xiw~>)JD|f^N1Zj$t?~?vB%3rsi)Z=Wj5;wkJd$o}m2Utq8 zSp3aRZ(ZU|lt#-+%O(*g6(RncwV|qV1r^K-!2ei|DdpR-&F~Fivmc^&SzQ*=Qq*YP z9A2la$^=Vzkrfm!=elARsCgh)u)pBBOia{b#aT_7Q94k=oisS~XBbqMh;W+}&4`Av zEbSqv8(4P`BAt;b32%jQrf1Rhax5oJ$tM8`t#FqW6ObrlZ!s}wQXCs0H#X6j$YuTSSXx zSyHzW@$4C`q$O@CvxzEsE9;@%kUV<^Kn;9o!Rn~xL>4zPH)90QZ5cXBOLc|%evU1g zEys8$M~h`WnPtv^;5wOzBRIB8b#;Z3highLo4SxUlofe&dSd1-0;TA`e+S>0Yr;&* zfB#id6# z;2G1OG2-ohKU`x)-c_rK$RSrDqYQSnMGf8TzE@8|D-$N%cQLLJ<_r@ge? z2REDU$}+s!P(Cs1jLgecLQbNitE_MULH~^H=IE^z>JlYA)Oovy~$Vlen(bt&uisNw+VS00e5DH)+# zj!sYX4qcuRo&eZ=gqCQOm@X^SGf-75R|zX_tholE>{-*u`NGH=5$weY$z!IgW5BKG z2nx%pEUuw}2v{LN8w3h&4~N4O{d6LJkdw@u9>jGMB(Fo-tx+{Bv-aiHvbbEraLG}^>;nk3&$lr`a;N9JJ~d=N@2To@S|USS?#oQ^+!IukRQ<&dp-CQ)|2I7PF- zN_=8WtB_=W*aG7AHXB38#ITATKGsguK~O~?3T^dzP5a15+IaRujz9Su?AkLwqkwNt zE8@{Z*}Gg>An_D(b4Z*`BQK@@UhRUpp zXz-2@xrh4*ro>C)na7QLJ5zx42FYSoF29|qAN;yC3D_DPUW>7w=)eB_VTDkz^I zACZtbipU7WD8pGL{_ykBF&P~Ep?Io!m<9@8)2Il9giKpYl_DdVm*U(SUsXBHZ7+HL z>OT{Kz$`{Iqi6ct(-Kxll-Gf`g5C^`Fe49vZ!9@5Fh`E3Oqd1bwxzkc%q7qI&LnGu zlg+67OH)3ccxjq~9{%^OiBi{v1UvfH;TFC_&u@+RS0lRXqA^dX>2zzfh0B~@i1E+( z_zy=PetP%wJMTpRC)zq}>ZKfQnF-IXOeqk=@ekV;+h!61H*awG!X_=oH@;1iH?WUT z%VM0{z&6r9LBS*I#sga5Yl5w+0`>14BO@jadx)$JbDpitLASCF0`GuJ(22rk78K8- ztOSJ1u_Tx=G+n_(+44I@5n2N5r3e*Zafs++PH{H;`1_=&qQK%~uDZk@2DbfJ^PrXV zXgh|RDZ(qmTzW?OOnL@3CAldJqzyWw-_5h4+&%mG{4|Q---KOR*bz5J*&HV-Yj+!+dZ#4wb3V4<;nRj z$-oSWTTEFaR5g(x7@OnlMplK9;YX~s*3z1?`_0#hX-1!(mqcfb9M*n3;Sh~Ofj$}# z{Q>3)ViHUnFMs}c{KxNAMF3xAscvy{cHLnQeMZMC_`WH!K`k4YVpBKFLLxq>MvlZx z-O3wTkI*5DJp^kSn~Pc9&&r}%4V1-};F^cBz5&Z01I`9_FRJEn$1%JZ3?N&VF!~}j zgJOdQd@HGD`KvR8rk*s3241xZBt0NrS=Fi#XAiV1)|#}}L#w7m0gxN~w$xIK^yu^X zA5xK?zCSwokfIuDy3IZIOq9I)YyQz2IVeWF|M=6%hm>H~pqZwpm(6M+4@GI@trWI+ zZ&WuV$uPFz*roS^OP!qpLR9c}|(70qlphP}J6&&7(K>-%m; zG%A{4!iG(~x3VgP@`G>GvY-|k1|mxPBjCU9_i(c4CBH0`nV-3wt9m7tI=ccdq#28f z{pW~6<8*_>#%N$AHk!<~*Nm82Hj;yG$U-w-b?_4X@w-o?oh`?Blor**8#}-cKc97i z)ZKoo%mo414%EU!v1P_(i+%5^0xJ-jmm*jZPc@f^_Gp@tJZrL$I{_q4EQUaM2{ROI zW)XwE8YPWvA>e>=_@bFGcT~wM@yuaIW;d$HMZQD`3mIYMbUAXopsmWjxh<2c1WTT+ z#&wa~05D{%VaUfwu`nD%llc1`oVCWBxa^^GOVV2?{~vpA-qk3!_lx)6yb4y;{jKgg z*F;E+ReGND++_yTXwVP_O+9BRfvv$XH4ru4bKm=K?Flx74AyKn{L$5h&7Ozv{tllH z=}mNbD3=`twF^mzIJ$I=fHj=)(^Zw1EUn?dWs%Lu6k z6pu)SmM}VyYr@=hvAaeZT8{*>2;c(Ys3s0RVYmrMo&fN3Y6@!n#+Tyz$h1LR=i5+F z!&?YC-A%NIy^9yVg&ehEowx);D^Ej*@iEp&uY7^6%0UPZ> z9H~NFXZO#T!Vuh!7QRK`gxknWei8(;4gm?e}Y8h-5sZSVz8tJs$OW17E znssS-KZrb}H$`U}9LC?{+!wdFJ&QW&amMkB*tMW=e0v!I+)Fq$y%s)Uhl5l}g32VW z2BzzBa5(vJia8vJ2YH?E1}U^XN&9F$e#tTmrl>h|I`w7uf2Kq({_{IT}EeEE`WK;Ib%Z z)EyFw5hDPgxXw?38>UA7XzpVxs_FAi9M6$?|DF#bYSu>~^99}wYsw=$-ypSHaaQ1Y za|DI~w-J29kc&11C${D>dlr63ZR5n3AP51e2h#9;h67M4hfIO%?V>dse?X{#F+406 z9O-h;bkg8F>{ftXcl;p1$nS6=Jq7;n2IW`wWH6O7Uh;O=gt zRuotvS=MG`Y^72Z6l#)ryh{a$I>*UDLQK|h?}fr%Iw{B%eW^3hrNE@=sO-uRVIXTD zMmfGixd1AQBmH|1|Gh{5CK;sPH%Osr38Vn}w}Af^@ZVxx#2Jd>Uiynjei74O1oBJz z6>bP^hgio=75C}iE&O+j{!I!=%fPipt%d`$mVswhitx85-uoK;lVCB@MWB zq5Jyo#0@69o*5?~Vop11Ysxzz(1pORxi~bRd=hqsuR#yNg!+vlb0EhEZ}ae$TGf2| zDcpfFtOz8SVgVDcRyu)^sglE5Ka_F;tiU5!+NehG;(qU>4M%$m(SE=(;T94STriFT zvH_deK&f$xikGEr#P{ZP4ZL%FC!XGB4yTyE3hB&>ptuB-%$vK36S@H3JqZeb%>R*k z+HpvQfb{^dA=n6n{`3PI#5*K_5Sh?FWI9XkGv?hxA)@KDc!2jvSof4g2Kxb$`Gb6? zR?itMozhw3`1A)fmr^>b_b~`fc#Kfu1|NCVJuhmg!XN6~3DM=^eoyb?W*A~$Dxw_m z0voWFIaF_Wp=P>#GEca4r~I7lgp6sPC|Af-;_jR%UPG8iLJ?CRAlJk#z(co-t5$BWjJlj#6e-Jiw|{oIV84O**Happ}zF>(xIo4eY4loX+K;N;R z|8y8bGnv+Np~krrfZin}hlzw(xAM$X*=9_etSL23Y$l#dhO z5nVGq_Z`;5kWnH8Q7#FNeb7)_pp*)Hq)z~tASsF{%5643@M^Q2ICK%S9`BmbJ>Vy9 zV9og8jzd^6#HNBHQSTh!+Hmu9Ja3LfncFN1I$4B-%gmk==Q4O1r~5p&tPgq!CaK!R zjLE1#8QIRS2@E;}vqa}@oo=~V6H))7M(z;h7BZkLc<_vLdG{sSD6~JqG2tv1m=W(J z#3qRYj*zCPqjY1AJ7FC2V)PqtCQI7D$vojdr;9oh(mf72rL0i|Q0)V=+fJP@hX1Jv zf+(VMnjZxoQHy712Z@g+rKMFapp%86>kx}7qbnk^B*^?!Q9IKXr1XUFASMMcb~4ZO zu^I<$uCZLu2#Pi_171gPC{v|A$csgAn_E=VG{E*(h7_V8b10seRH zRI(yF-o+7Ivs^qrP9?BXJ#QTfmLH{errptX^MF zVm-scbt+_JSQ3oy7Tt{+by0x30tQ(yDSSctzKMbuxT$kL#Z=n#@MctdnQoFrG9c<) zmfrHi4zaCVVqq@TQf0ClKlfb_V^Z7{e~b0c$xxVqZ-;^7lNcE;59EBv@jUGKV~}8L z1Ux1Vd2(x`ei%%w?>(Htj2WDq^I0_N`li)64t9IGyRucrJ-S?Rs!qJ6cS+O(w_N%@ zPlJYzw`RRbcF#0b${-TW36um%IW^-#Bv~32wZms#S0K9$(t6yoc_;J8hxjhrZaNOfR_)NSDk01Qc@Yt z21ypH3^PgTNQ=IobUmT*DZE1za=givEG^u%Xr&NOAL{VFP0$##A zUc%IVoXTi%Idgr4p7o z%pGGgEz0@=D*-(?$8#qJTp?uc#K?snw~QPYD}jhO9u574?=F-eNTjr@DPj;hJE((R z&MAt_;3k>D&ALE^tvJVg%c?#t=>(++(Nr4QZ!**z}1SYm`0zy?qLK?2kg^PbGCWq0c*AQg_v&jc_I5qLI7Sy+K|szM+~;lXuT%$ttKtUtyD$UcLuz!uzsA@@ z5!G=y_$0lxB8z;wsd3Hv^XihbjkZQ|tYtaw!in>|i}Fhq?*KwWi&?z6J6tUnrjEEaJ6#imHhI;1jGI*mj znAghkAhf}huy~HFz^k*3<}Qfo`u_x%KfDu?Ob}Ww+wsW9maqb+J%QIgzK8<2jz47= zG`bduE2^E#`S<0#5j!o7l`6hOj@eSojm>-ZQ^7&}+7 z;$-S$kDt6md{_`6x!k7?yrQNNjmWtTxrAY%93{kZr9-V^6E0I0;g~$So!3#j z;TBIJ+7L02!<39UU$L7hnt%X%tDs8`!=`;IA1l4l=%#aiG#b$loF%!K4QE3NGUtx- z$<$t&T4;{Y*vd=dB9^(0(M<+V&*k;C`U|92`&8ere?rP6u`brd7P*7bvw(HNX3sU` zDNS|7BxSX9y${z@lDUk>Ev4ng0(*p z?)HH2QQQ~z#l5{&b0Rjt9r!5TH5x#$1i{?fPe0CF?RJ@Fy+0Q}eZaiR>}`bB6Dd8j zHA@7-+%fx^D5%@GoZn-P`sStz6kx%H!ZI|O*|Jio_f-nF2YkpcVf0TsL>e2M#!PcmmnymQcg+QWI?-CF_1(6*yKrVEOW%j(B<`qo_uEc%yUj&65xjLeN zn0p+JpZg{A=tn|05^FgYMKmR*gt%7jJ42Mkwb@pe1sKXryU-d?CS-sGwFB^ zYuVXK{4D$ZZp8}v z)ch16okOE8X8Im{(0@iffczWr4JUQbMAtoG&9!B%z>iLqM>r;8{ysx*OEq#r;+sfn zRDd^J$t976RPanc!a7Q<R)`g}-MZ zI9!b{*|E_Z4pW+9H(plrR5D1UpV*i&5Zwilhqm!dILRD7;sk{8A;(E@w(RiXvV6>% zn3+8Q&nYyY@!<#iHE==xW>Tv?nNETLk7_j({kd9e^RNHvXo}L4)f+~L*L%w7^g{k` zk_9u*>jL>L0~q?R>kCb}VQ)jD%cD*Yf4uzizq7j%MNF~+-`?RF|L|NK&2o=_UDIdywYtP1+{~{unyW{wGw}`&6080p6PJjN1gYCX%1z25 zdmF4&jl3362n`f-;gtj9Cn1l2;G0modvbg`cp@m2*gGN#m@UT1E`Eeb^ct>DFF=?60xC9ZDzUT3QCcA=;Mxur$>@zMn?O06q#ryHZ@jo9 zA13?~xlN`bG!ZbbLxBt*1C8W)n$+}}yn4+SSb^!*(Q zpjK(XA`VK$;t82M9OJu*8=E;hnF(Lwy24l?b0<^`l9;>AoN4M|1c+yA?gGT72;wB4 zgy>yZr5_S4NMFNC&fPqjrvf%0nyw7;kZzWY;~l(ZF5lhKy5Hq!73ir`7-iP@L~#^Y z$CrS>EEY`iBm#W(6lN`hXvm(-2uEN$cf3O_&~Oa=T1rz^COid^a}SS<47V?h<)%J8 z9E;$7TR0Z%XiB>NUz?=QxRz>GXQg{3+C8M4id4ORK(WUn++VGj?zVOrBwOA zp~Spt+t>#_{XLpStGItt7R?BbfU%;0PUKupr7j$U>>X)0UpbbhF{e|BzrEenG%o>F&Gw z^2bkz&t!ruZ)OBIqWVOUtjK2-Tb@&2O}NWB2|A)_fG3~xCdZdrvcc_eNihP1de@R; z0-evNos#33oNLHEG~GVAG^PumyGxzRU^VbD@E%j^dSc#Zq6aqQ6H8$P(3!`2l~Vtu z^i$fmI7{R|?>Z)0@1w-@Z8Ng7W*`r)IRe);4P67_CKcwS* zc07z~g$hkAN2NZgxE8b@k^bK2=6mm z`MU)#Erx_IIUv(DOdU_4eDpUR5wcL~iYFAC*zCa9JuT}j4+xtln(X%N$J zhhkPtS9ob!68A|2qYoU{Gp#8*edvzu#8{CRn!ba#_biAXOYmU`%qXVHZUFD$cU(R) zncOciz!scwWUi50oN=Vcr}8l-vO`yoR5-^g)&=*bwaA>eGG9}C#sU;QhGaofx40NS zmpM|9h#VvtBab3sC%0MP_e@t5VmW*pWW8f}Wzo_#nxtdf>R26{oup&iwr$(CZQHhO z+qQOY&iUT=x!-f|pS4!ioV$MQIoFzFRE^p=n~jcV0y+4Ka|$BOE@u$EXc`C(ZI9*? zM0XwrgMc1&wb`ZUqqvT;1lt6QGueM-!xtGx(e>b-x1DkwQsYlL-6ZUF3_5$-ePQpK znzQ28O2V2~pB~}oAwc2_;VdcE!ynR=pTc0o`dv{P^^{Kaxtd4Il zIpxVGYs46Xw!hyHi5Qb#;?Ew2@HTTZE8;W>2&=)q0ZiR_`rB=rll&%=-b+Doz%uTP zMBE>{X&Q`zx~EGCHpvT00zG2!Cr$Q|g1D~j^kjATC1>`wDu-ES6j1`sWcFY|3ua^| z4{F}JY`?%B&}+ns5SycKhhM_`R88IoAEFs`Q)`Z$lZiXyoy@VqiA2EtwpJ*?Bg%kI zjh-|Ax6*x?H{r_ionxtC>CL%M#W*BJN?hgNJ4Q5Z$E8c@4DIjWf7=>Rt51i%5N(y&g)Rz*NI*3(h6-6af7YQX-x}W;K6*GnKh#laI)8^{!a-s?kzR}kt5P>o<%@abK>4O=MU&Ftz zFG^w${ySa*j^=HfZk45h>48TRbX7axAP;h#9=>Qq8S=c*|9}x`gzmP@NSezTLVSt* z)1-ms;%b*Gwv{{|vp7?plP5#WR4a<2)DDV85ya?aXm$#cj2-5W5No#<2z0tox;&gg zHH!WSj8>rb2<26QbX2)1Rx)Kqm_Rm-sGI1#K9mw78#-ku%(0jxj}rj0fRLZ<0wIlE z^Q09X$+@0_oOuXIapqf^0dF;&FwyV(%g-Nj{%HIt7{2BX_Xen6nr6}sReE9+Q&nYm zcS8)Dv+aU2253k&SdL!Ll@9aKkcjgZ9~grc3YzWV+Qd-Yq#SA1i9@>CxbFC(*oW&^&5_BiYGwm|n4zrgI)F1&PfyPTe)i5+FpM zWVjl~G9lAHiw*+Q=M3)7aAe9;7SeY`7nv_>th!~P7JnsYL!~7iLv-T2zKl``URvOW zG>i_79twz^y)CP;I{cnQ^Mm_+@DKG7qQtb5#D?jm*i&hNN?t6Mzh2@C*N$h+>h~=H zf1)8U1vO*T-rFO`KuyUYo6Zr;Rlo^o#hxjuVPt1+*ji^YT1vX(MfMkd79=Fqxa5NO z-w|2sQq_&;f-uwyR|UVRLRGC)wL;MSy6k{g@^#5Vl%j5l)p?27)T+^Fo3K;te~ZE` zxzNzj=1fqkzj>SHzZPIDPptb29>T9B@$ZVpYB9% zUM>=|PMORh69=FNw&dDtHsk~87zTRyY?{qaK62(mHFCZs10Y)ZD1m06Zm-mzyH)qs zsV=)mjQZ9B?$Y;?|I_PPa<^%WQ#UpMl~^_N8MGn+00$d?Kp zq{iQ*C^JKQaE2uPFd!M*1IMtaomy#lhn*V!%5zhiivG>IL99V9oa(2IejF&nN)gUF z;K61M#U6_H^*be0RR+F?%EiE@=&?I<;(4gjF(1Fr{G;$d3OsVH&>AIadU0?0Crn%l zxCVFS$a-{zqp)1bV-xOR>jWGXH1ue{Zq>R7-B2~EG3uGqhcFmmU=c&e1bgw8^cT8Z z3O&S>)~K4_Fv$ZS-9Fw8^yhD#BU|?)9nI&0-YciNewq?j0?>8F=3O3 ziaBz8ka!&pGm(ua-ZIY!6C-h1IJw##lfk=JkYgga>XT;ox#TwY8nv*W&GjZ7~GdnRYVFZr$5Xy7XCWp}r zvJKtSbh)SIWWyE$vLG7fLh=WX^2E=Uiz$xijZ9JY;147*{+N-(C>F)mX{$`W<4ry| zkT3GRcx94&xgHeDyxBn}Ml4biJ|~*|EmZ>~0D#_|*5k45?EmvcbbPa=tKZHJ=Z002 z0ZG4cL@k&(T~79LWEZ)Q)yd@TnT`R9fXR;h{xS29`>kY4&s#7lCuv z;JhXzLviF=(0i)P4q7BK8@G`Yd+A7y6QDvgVb3SkOf~e!Y)Nu{)i>t##L13H3*&(&S+6<2DW{eo>D2s{1AEs67VmI0>yNKEf)v(-2`s)*Oh3 z`=4e-MZ3n(n~4AHc%ZgkPClZ%0xKeoFXb~tU++yMOU;F(U)$AjD=UZOAy#akBkPDF zMu*JZ#*1D;|3c`s?48Cf2EiS>g%=A5k2+-B(eyt>mg?EOjs8PtKy~tx5WZ-hb_sYJ z1Y;QvqC z#8W>84~c`5J0Z&XUOa$5Xy3KL_ZQPVq4TVUL=7ks6wXVD5HV;24gW3vgAB6V8F^MU zvo=SfK_cXGyN(6R%nK~!`kZ5?khA5vA0H963RXYT`tK3#l_d<7pwuiij;*Qv69lhA z=KRWq+?6TVOjUi=&wLLb6U1{V+czjV<(#QI&R(3<*#E0@>zR+ES}mMmE@=3^7#+r$ z$R84!lL;Eqew=`MX-TFPl=>Ut8MZiT=xo%UL^q4e6S2q-jL;t6FRCU?y8hRN=K;i+ zl=(2#6lX|Q=!IxI(6qKrYTGUE+haM5;X(2^>L?Mla#u;8s0IaglNB)bfYgK=WBFz0TRyssm3bUs@ zvXVC@bi$%!i}~4a0qX^5GA|xX7qUp$5}c_gOc_5r40V{5fFX-Pc0is0FCmJ;!SfQb zzZB$0hJxOn8+O|k3B-rl={g<(3+peL*9Q=^DdZ>muZjE(?hcyT2>fv8f4`Li`RPpH z`#Ml6B6GVVAlt{qUdfq`L$3>@J&_#-;VV0P_aTvw?D={8Au(F8^b zay2|VsQIf+zVIf@e<7U|kOJb<;hk6%$=OoB?dcexNG@=CkV(@HWbxYu7x!{+<$@>2 zeQCJZ0c1Lk48uXU&*-CLV}bpu3wG<4jQVeoY{+~nst{%6)FMQEIooz-u&Q%jKyMy< zv-d^#6A*z(P1NvyN;)uHnT&kI*aGz$B^H=Mf+iI)X5v_njbl~dEx}THqD9GcR2*u= zKF>Kq>SXw6# z$rZ89z*+`hV?Q9;VL67pL+1v4qYNS^SS^;RYI84ly?sD=Ic0bUIF2}#ksthWI9WaO z@QZOF8O*!6T^#cr z%#eP*+X!ziaq_KmiTqM6SlQjF~o5Qz++w`bbw{(L)BW8X&WeY%`{OHc^(awN-u~D zJxPhBG~7G$Np~l0)d(LbLr~h-twK~qr#Dc)56-Gn`?r||B%&P)pEV39H#ppAasmMt zM{x|%j&LoD=$$7G20bdt7IJ#7Ixr0_>U-j0K3hK}=;ttwT;wwCFA zNxfs=!}t4&&%^gC1Rv3oUfdbr4x#!tb71;xB?~WOPILO_-QOd=i0|Vf;-}NkSP^i; z;jLpWEJ!-Z2l%H?FVsmvS2j;*q7}03YMhDl=fwgA)m0-_T-dyUPo231rtgqjIYi!A z%#sUKJ`kAf#V~H18D>nzqI+GTg%Uy-OmUDvnO?%&?f3@@x?YAk0yTM8_LD+Bd&Ywn zEhdHzX~)r;bC&26f?qDzz{N-G#-urBC%fl4A^xt3lL z4$pps0zry#x1AHNdr>T}h2XyAEEWedzRK{P`M83e2=17-?E?nBN|HUapG>a!Hho^V zItW*@Qjs$0KYi$zkiF_#I#3?K08rm!+H^kAOL5eECf|qOg05rV5@o)|Cl9pu zruqH&4j8$6xQRHaf$)1+{(>_5lWFiKqrEdIPm+vMYw4w=Jj@JH8CY;(p5dc+ zxq`uAkHvk9>pR6ZU5|xg8J+Xgm)AH_`%?39*5qkWD{Kw9edNE+ztdzk@Y)%rA&3JI~>d!#KCdLp@# zX9r5U!sADrs~H01^_c9vgnXX(IH)yR@N15yu&HYi;z!>DQ=*E3nCYS5nAVoA{B4%Z zW#;!1wHDzK;=6h*HNRw4ar3`{7fG5xAPHU?sfFa2`ZEL~y7hQ#W<}N}erf9(%w>m- zc#5&tLEi`44ZaU~)~|)ULn6lrzcpj4?x;Z`ng7Z;#^`kLDnKU2>LJERQaJ08qqccV zAJEb#w-5Wk-w3{9KkkJmndDof~ev41BscS{Dc_chyahaFzZ&cQF+rAi+?DVj3b=J zKZEQ4q6e*Z{#rdu6#g{gP|*6<0J`xTjCl|1HUW0F5Ysr*i7%ug&Yfj{%_pO6XOTew z`t1b#Sfc+|%EDl3_yu^fbHG-JbpwtG;9rQ(c3KSoAcPAp*qb4IxxA_JF5kAi?;Nv^ zYZbqL^+BHdD^${l>QaZS&Gq*U9{xflZEZZgXfg9G%s7+itiYV-p@+3^wJ)en>YoIv zu2oSQ^oRg>!SPo2R7O|Zo9KIkfU1O>Sw&YiB1>cT+Z(+5=lTG0zT+v9Ak2HwCe=V+ ztpfoLLDkI;S7v83FK5ak$W6}eIQA14%xwA!rgpt-tum5oT9^yAD*=hXSFa zY)%3}GQsN`J6|Gd6IL6-H=8<8U~3lhKKX{#X^(nV7CpojOic-X9q!kg+JX%OQ4@f5 z!l4sFW7)z|U>rX3*y1N$xX(}R#?FAlL3K-L^!^spCccTq9r|0$FjwC)q!rxrXG_61 zC)by&6+un|#+>7qe_v}xgW|j`OkX%{aZ#@ix8?@TeQ*_QGTdA=nUG(|ci}FTiEf@R z*E`M(3U{I>-)ss~EjtZ0u+yT=lEO3LKm}GXL#_EL-QZf4!BdV+@M+-NIU^`P;`7V% zY>z)7>NlE3)Yr~n*RprPZ^){zm>wwoiv#ToHtkokKbyCc2ZNFSSCTQGly{6f`N$1Z-+ahu=p%Bixe|+2F8o@WQiT ztVY>BF`WR3!zGB7$2~Fl{4LKRfQ-I001bHI`R^as%09Br5~>#LGIKZy=_XDQ?^szQ zhT{Y*&cTk;Sf4?cuuKOZwPg?57_*TPa6v=8A1b3d>+@0UY!rfTWyVhTH zfUOP}%_syigkJI6@X@Mi`pAch+6-ZkJOZBBR9i0-WIS-^F~G1Ixg7^44W~N7>tnXk zO$o;;4#^uUQCoPwBq#F3bG(U2gg2TM%(-JQx$Xs|Uw3X}rk(Epx-Au(ug%T7C>4Fo zjEmBYx0xpB_5whZ_S;%41}5;L-uMn*a6V87FIoDs+g36mohyvC@t9vM^?H6^v#EO= zgN9BG7uxA=dzoK01s;zCbR7fNUIq-01iR`cqqAmskXd5pb?_Cs^f!f_&66blZ6Zkp z?g_T~mVm%?S4+oJB1K8bZAT%O_8kE)qnG&-qkp-YAQabUH-SM()~VA>o73P>gE`Y? zOB?4~Hx@|pX>)F?0ay;z>wNXCAIaqWX$F2)%P{f2DnZL22L`DdU*IaU%|;~so@Yy| zQGHWgakXEe^D#HP5Wub}xZYLl<~Vo!*)FEuhVI5|La}#acbfVRtTR{pxZR|Xc!b(y zwN*eu^H&mWE3*Kh!M*z3J_ge=BIYvNnO(lQDM14=9v&X6fg>Yz9RohR+@CIcBUj-! znHI!NC6-!#-)-~PS)q9j^s`*Pg`9a+zPWTA`Ozqgz`$@zW09Xc3~4iw(bhg)T* z-N&bj?0?!o+cZk?u{K``m80~0PEUkVo_JIft4>bsp4vx9zmwqp)Pd-Q>}*){3oUHc zgBFozXQH1n$Pgu@x3x_86yleypDJlRmwRO%e)DvM zqTZd0Q5q-6qXt?{2oM9bq~$&F9b?=BB5J0whuHMbo@>=?swA8^T(ofcokw%F$N25T z(i&$U=`P#@I3 zB{Y|!IC}S%l)9MkT=0RNu>D-ITc3aTyvzD;>@bKfw`9m7>s~fLQO1?5qC**2K<@@} z%PmbLL5ZCzVYD8DB$SVYe3nn|y&?XChgKeh8d{Qwx_x8dQS_z^klA-7OeM#eFrmOx zF8n*IaB;0%fqT7-7W(8F)=}LtKp_f3ZHwU6)X?6NGJ&ytsl37bYB8=&E_O5ykhaok zQCPTVn|`o@o)L`ru2kxZ!0o7L(#ocFSUmZ@`PPUlCeiKsbY3(RGjQw@lBj0iNOlksJ*)fsE+?LNS%GC=pbW+y(*`wF=xv8r01x-#aqA^oZ{ zfn}{9xkmG%tvJ#tC$TZ`l#Vso|DG(A=oLqxOc-@Z0_)JWOZgm&OZ|Nc%)kgaA755ENi%sJ_csBWzAP z^INlLX`4Yim8M;~(f!ll1T2#)I|27TY8lY0)|1p}KB%MC>H1mTuObz+9)3u@H5a@6 z0IY{zRYoqu{>;a%)-m5)^~eGk`tk1Xr+BPjRz*JkAbv%gW3& zff2;1Ms~p7qm|Y28Avnz2D+F}C~B_ZsVw;TSH{?oKr7q(U^zcDUK4kv3ls(bB?LUyr&sP+)*}N2+i+<`q#5h{RtXwTkzU>} zF$${IAQb`|pjH;Un5snPs72ydY!XdIhk}1BL!xy_B?~*=#i=Un^q68(6EVW)azyib z!$xLBZM6scvw^5x=bLV044ef~yv3@Os_{53^pCd3C#2~SPoI3J%i|?@zqx0rfdh~c zdhhyfiFKFdvpnMCgQ`(w{2S0Q_x@TJ{tZByIjP_Ck{Wzz88le6U#REyt+V-suoz1Q z`$bUxvE%Nc(O<1vx73$I87#Ei(qu`Gc6;heF5aY=h=e}`B`T?0F`Tb^sGuMkDF}FZ zx!L*AGc4#cI}zr*%5vH1@%i>hb2e4OXdvAeJ#!(I8bP>Akg9TroDZf(AAh6>4x8AW zNo{m>ic}t1ddVJu93<@;Gdb4`G;4T_Cx09!`gO8uTU)uvEpmWowR}gn6`K|9ouXgl6WnmY7B+CQ9+UKIaFM;TbeQ9=Mv; zG0A>a)@9Q9Ev;C~j79?|^*E(x1{fD*(5T@shNQAg>w#;I#M&AO>Ev@!ag(z~i?VZ@ z>xzp3$I&`aTV1<1@qh?a;l!`BXJ2i%f-HN7W3}xP0kbkX5l~KwczDS6*Jr2KZ=SQr z(bUZJ^22zH-*&eO>w3@@2?EP@X2THBt&P)FH5jeY)Lkc3@6xHF_)z3k{&~qtoqU=$ z2DN-yG??V;FFwpoonAiP3*S(d%s(C1i%+3%q?AxrdAbp6AMA!eAg)#RM?Iq-_WG#EnKuv@F9!}8D#d$(H>{37FbMz)ahBo?

vWp} z*&<^1yhKDTqcS9^$bj-`ZCtT~pp}ciKCZDi z)V5|Mdv`+f3i^>hLaPSi`sPKt)IT6@e+V^VxZK|%5B<7qY*2~@G-E02owqeB>78ek zYX_C7=$$L2zAwN1+%q1kWjRuEppzV?6!Po=xQf%zXbxU)K2R)LLE&m<7vkCC8ZRk- z*~<{AsK2y}cBrcai*_m=J(9d@=5LhVyTp51oB%(@VVN$)LP>j}Qc7c!QKFYTzkqUV ztdWpPY^=son}49@$0xh!XqDDtZOB^slizlVl|3o{!+*bp8{jR-(o>bUGRYSR?X{JE zaU=RNliKQlohasUR7RB2{JW@uW!$C`_Yo?kWeuGkU=Q;>3zF@2w3lm(Axx+7azKdh zr>jQ6@Ns8Ev3O@P@3FkztVhzT9)4|cGtGc{MViW`0DGZ$X<-3hA^gIaqI`{~?z7Y?P+*Ykw``gkHIZyY?Y5 z9=D%jho2gK{0ox*T7~z|h@Hu%Y~99ozp{VZ?blYe@<){O2P5G;&Z(pP8Qbbn7+QB< z*!1!{ob&spcSP3D6S)(otF$k{NiQTD!8c!fOiyh*Uzx;8UdWd@&xe!Kml&QUR~;I+ zzv*2#=dT_3Un4U5FC#lJ-RjpGV3x1P=YRyVNG#4Z^!sqJ06Uj63!Kg0Dciaan4guT zVb?}Gj_y7ZQ4Sk-Rw1X7)I&^e-Qst+t%N2zc?srIr-fz{a3B^F5htd!hmKp+b60GK zNnP9N#-a*_m)V|ghYDzjyP~F|<^=*ejvK!#K zm90S9D`*BpW^MWeq7%xF!(kC`xHhilAEp8ecPHd$v_Et98H{9R#4odti2MsaK+7l~2okA2i-@Fo24k zjZMwI&)3g;;PV!+KUw3`fLFBdparPjcc^;Rq~=`-pK026Fv<>}VetSwv;9p!l!&ZB zldxb|=wXtu7;00ut2UPT@6Fq0dWrZ=pc`M)v;e2b#VxN?V^239>zh+xK76C8u`+xk zi5IQq;=IsDV_mFg-?^$)ONAS)#bOA(?!C-cl-hbFe8Wir3hia!__7D$WdLKVUE2?! zWhbGyi9FP-w2Az)cK>UjwG95O-5>j*y44^hC!EW9O2KYKd9#js;(r{?^We(sz2V8F z`_Wa8AxQvRCl;zNy&}HK{~8y_|7&O@DcLP3r}Um9ze;F=P+PBuXEaxyhG#feaH?!J zTI7UhJaaiL0PqR~sfX9-D!yv5^O|RmsbKkRw?c3Tw zp{`oFvce}rNZzhYS+l$cHsxGH>mQon`Ak+z&w8$p%l1N#Zq6J@O;`PQy=C#z!@3F6 zw}o^QjW-nBr8+=G&XoCIUhnt1X%jZu_eG2=ZwkDP(60|_t06SF%X=3zI7^{l8gsqM z%(ZB6G!Kf*wQCP8J%|e=I{GnHrn(Vn{~h?5GokXI8J7sTepRPx5)_4b{@` zEk@Cg)b7jS*-k@04&^}DiX7;OhJ2HsX>3WdbJUj80FPN}#YYIVFaA0!w6DJ6a+UuY zLO!)lfFJv~llpz}s3c!T>p}6c49)9&y#9Y2RgF$b&DHwTWv2@N-Iq1wLd1Ji&R(eg zvq}GVf3~^!{23Wjn9C@ZaT2SbHM5u~J(Z$%UkKlBWZnticKrGo@}}%MlUFt4WxPlI z;4ILgx(u`l3Q@)uN2n2;IDju%8CNjTS7)k~=4eC4^7CpoRay&(#Ls9+Ze#Nkm_NVZ zU}&y%s~~DSU4+rv1tt&?ix$x3aGBJirIa4T=7ZZW!}v? zqn6**i6$&20t1{0%Ep2C=xI^O??$my{CA|K38s6=yr(ZrAr9ob(b^}$&>xNRHsVlv*5!N?~sWXDt!f zkMleD!|ms{a|6nSy-TIvL!y2vuy1doqSGS!B6FAB=ZziV+bhEBt$e5?Qv5f8g-j?P z#8Oa`X`6W1{`9DZMieA4O%^f2`%Q!uSKG1{PQy`$YuwTTM?+Td?qAK$qyz{oMO=@? zJVGAHA;R{Iilka|?|$WQ(~f$V0oi~P*%VHLJR?|>_!{&2Jl@8U;Ki6HgS*va0jar< zd)cgcn~dgNs$Vx}W|bECZks*xHN_+1GV&qWUU@qqS$TGZ2s-N+%_}|l?g}RRJUZCz zPuyo=#1&>artKRGT4Hh@;wH=rnSB9^%#IR?PF8sydy;0{Y}H+<$6g@D@oQ;MUQ2i` z!RZv#!WF+F7cd$sezH@=57to#EO|OvV@jfb4ilKw^Y|7A$Gd|`eU&Y;QS|je0onP@ zM)VglXgls8Om;q{+1X{n?8ZA~=^pu}`T8tZv{fZUr&Dnk+LSz6N=@DxNbWQ3#V#Q# z&uP`;#1E<*b0!c5UqazZU3618d`@oc4q`sz-G8{L10Ymd z(Ju`)W}VhjIonHbD5q+zW}S7$>`jVA%K3t=V5_^7D<$@l-e8z7m=2AlN@l49h zBJKxDF<6J!nd_sr_xHuw{K`iRrg)oUj!F?huA z&8$sUYiIU$!k0IgxIJdvIna`*xfp5^RXNaQz@_z1W%Mk~4tR>rrXNwN^l+?2T&&DK z2_f3)tth50M5Z8XM#!(4?T)4^kJ%GNAfm!3NS6aDfxC9HnVl4nwxZ`1kKJXEX{yki zJkK;ANVb^!WnGSn%g5>dItX11W+7-E={?e;90l7~J0V}GD@{7^r?9BFVLQbKQ3lu1 zhMv@WXhq5N=V+lzu=FUk2EJlyfdmhij+AV_R60E^68{% zZjgB=g{LA@ZV7=a{%-7uuj}3v^!hkW>FUjHciixmVF#JCumiD$t7w)LoVR9ESNE06 zppk^**TMsFlXS-|`o;j0r&c4X;7wdp2rC5}9k{Q){`PsE0SALOD#t#_vuKtx*UhDj zUGW&7A*$XIQxM`R-S5L+yS`r@oQ+`9NnX9nh?dO$C&07USsw+7nJSthR11JaPm#cKP z);{Kv)rSBl1sipQ1E$%8jp2c_1P&PWb(+ld>)jztywU<=E?|{_;i08hHH*;bB~!4! z7d@)}r&$pPps(|#2hC3p7+%F@1}6LC5n;>U4!aUoYp&9X((?%&?`_KxL{ELlPr(!c z)r`!>2bho9>BC{(-d8atEAOpUJfiW(l=rT7grm})#aclr?hREq@9g!3-F%OmCQTd4 zOCe_koZ_^L5FUnj5?yg5Gs6hg?tjF?j-`yej>qj+mPhtq#aWBP))2e)1U-t&<{jB# z)$8>t28?BDqo2s77+KbuoK*fq=D=8Jl~NIu5Pq|)!HfNBsL=`)GSZ*ni;QJdE+s+rupmQ^9~ z6oxXHh!@>^#5QMI@zu$EMjji@(snnXY0b(jZd_8^Vat%$W!+4OpuR9;58xVWu2M>8t(CGA#cgId>?_itIph zy3psvuF%w{e?PB6KJ{EjI(AZyh;1&jPM{OyrGPgh5>;3B{_Htx3Kei56H~veo;u>; zvA*=EYDJQLc~KC?i@!1DZRvP5dJjH>chk#-5^#L_>c%|#9>;<6q0Ho2i+ungaTT$? zzwi)L%pK+7?D9&8(0CwQr}!dw6Smi6Es~y_Bgy<__etnAV`8+F^P0BW`0{D&t_@Pqv$XHoEzXOF&Lcui)55{zB*Y0_r;7P}x2v znmN4$p`qOL7xR3DE+NgHwqrgaFWTdr<_tdFYJ^cB?*OmSNep{bng|w71An@ZmHTVh ze;do(P67R=`}x|nhL%xf*jF$2HAMX>c(6qdY{u92ljSCs#h5DFCC^9R7N<|z__5dx z>}$Qpm9);~L0;+k-jbUjC*Ik3&hvySwmC!?m9*0u=EQkecBwEsZmauBHtDdT^A2YB zW>4<|%p{4})27LWYxlgiG{MtHZ4G-)dOf=*W7o-7o%gAy0VvIjO99g zSezM|^)PQ*0t8~g^OuqR$3aZ5bp>t18QUW2p;&@P;e2h6@c~(f8LO}Nxl~ee!9B-3 z*2{{x(w<1^>zPG4WQ{IzIi(S)hw<)U@}{b@VDI@Dh~Q7hXZy!|-c^iZ=P%~iev1y2 zo=Ba?I@Sx1@B~d91OvPIO!tIrZd|q}ln44yPa0hy8T)sj}vAdR_2=Fe@PjGoFxcI>ujt?-X^wzHT{S8J*Z1cqJT zxo&+8wBy}tjYDC^J&{q`1F3K`k<>$&W#g(>>j8cg76ZmU49kXMS5ylyRX%27R(+mz z*>DGCW$p_ncQj{dDhn7=iJof`&zIIZidz>WcS+pX;a?K73BL|_Ev1Yhyp}R}#-(0B zMDyT{J?N5c=pI9yO>)KVo2p$#@~PpJUifdCNA4?aD98^SG~y+-I(-!X6|q?drau$i zAi%xM-;%UFAEAb%F&ZQntD&`7&u2j~fy2 zi^&Cbd~jdW*-a&Jf*0Ayv$t4ch9oWy-^JWo`5HQxMOjGHkm40=Y1kBHq8+U&;Ua%6 zT|aZ>vLz|W#gCll>OG-qJ&p92V)2fTeD!7qwHM=E!g1Tl%)u+Rl?*1gV8BHS2w8~x zoXfY;N9Ujy6Mh6QW3b#fGNg{J2-e|QAY3JkS*EWF%r8XVE-IEtSuOi840*ephK(o_ zKN^X}vs5jyMt0|6=~o;~z%1naIn=%{an|<;=GBmtz6^=T_O|R^?Q3KAmQ^&`;k7%u zo9v2zayFUIYzBXKLNOihbq=W-yVI6`#VcFB44V0&fe(N!NYO= zhk1rqDg7!0sj|g9XF{GYk%gl+GTHbU-dHfN388&H=uco>zVu6F!uIxS`Hi{yJXVA} z0_=dSO>@S2l6^Jwco5|&-UbJ~V%-WOPhAabVo1asKYJTCU2omIy!3EPu;I%g#@Bf} zrIeCV&$97&Lh)D%ip?d$*K@=?7aAvm)tGCo40wM7$YL4yd=byZkh-Q$&@Tn(sJc># z=ZKAkMsNCf@cu#9Z5&n-n^G@#Zj7p8GO;SLlZ9;i%^r|p{u9kkZ`Q88w4$eM2<%J@ zy%p!9?xJyGsRn||6hKp(Xkwh-xmB3{T-|)_{6x`7c?b;=pZv@hQSF7 zxgPA9_p7?(&Qg)RgTmiq_Yxn9%SLzV2{k_#P;U=TQ|ThVIYvi=+aFOYqxR<@o`$F} z_eDlyy&Hje@No9)b2us4!Q7(I`+{vz0IpfU$n<2=w03kL|AB7tQ{tOj!8h}H`*|)k zi{x+g5v?LV&gOK%DR;(dX$@jQPb{dsGU(?3s`c!uH4|c&O_1zWx$5F$Q7%YwZ`)#t z`OU=3v(-?rHgajJE+4Ns4#*^k))+83>HWC%f;e953!W=)lGB6C!G<9Dp&i7=N2T3xGb5)q${max>pb)dBkSc1tBU5Q#-_%(c2GDo~$brjA~sE zsZr)r<|9^V5yL%~j9 z4Q<70E8D#%E#9_|1Mv>5$O7Ts_t3ymTX1y_W1rCOc36UGlS-m=wD|XSuZe7kQ)kWd zbdm=-vEg7wA&hvqTJigMuu5Yy;2wBh3y7*82H(Nma)(_|hRno%1~gEmNdtTthCG%kzUJ^?X1ZS}!b z;yZHgBIk_QPEjkg9TRlQuMYQWw^Cx6Tp!*X`4lft<+a4Da%!9F!_!*#WZSE861}E; zl>`%-D{o5L4LBOzw5=y8*THnyCmu||GROJd#P>!8 z^-e0}y)ar#l#rwoOw?10F9C*2^ZqlI*J-sh^^EXg%FVdyb|4XJeaB}1(LUH-Xwg*(sy%&{71 z0*=w5jvE*mE$W=EA5i*UZd$K^=@` z!p_njWfQLPvbVE)275%2D9&mkeV+EfLqm66-_jgK*Nd*9{J)6-u&J>hVt_s5|3?h` z@%S$>0Q|PVnEQ!NaDCnGXVktxD2-S&XCdCXxPDSnkdPrKGbh7V6RUW?>IF9ZM{u*Z z_A6!5f56ylY4U^7dMQVogcGbdLsDm%T*w$-&a_cE2KzgOglmw=&JDg&6yUBr$C82B zvuv6|{XF5yv*%lV{i--gt_`$P^67+fPWO){98;)5NIAQjsG@At{B>)wuvT6yhesoU z`c_iM=Ct0^3V+I!E&Ze8UtC*8&ri{3a~tZQmiC+qVzH&#p861i`dxtXXKoS4&jpRo zbO@onEijy*aUY`UmA{4R0_Q#;IU8cDV0(8TqZr>Qi%a)Ur4w5qJxGD!!Vn~PiW*+{ zj4-(Ob6J&2%5egK!=<@kq2jJ-J>iVx8(GEaKt_4PYB5|ks2?5b+Z`LMvv=9dL#L)p zqd~(`f$;mty}l`4vidSUG|@&5(4KWqS5!O@)w|wqZk1G0@gErL+Dcwxz-W2xw5nF_ z{ikJe8v&%Znn&dIawkA%GRc9>@lt6+R`07*GM~LUK3wt zbC0?vtQRKXM`KAjM(DEB*I~pVUa)&^oq+u!<*CB`J839lq=w3KNpxBJW*S+z?^i8y z?J;K;BN>g3qb71(t=$OFOkTjiN`2fm2Cwxee8n%ew=+YenqLkPR}*5sEqQ5b-4xR+ zj2Fx5E5%2gHg8Z+vS~7Z|3Lc}HV>JwY{O@Nk~7uE(8~1KS+pRi=FU+6!Z>{}0)~Bq zaCv;MG2iGY)kA1tx%kyZw{f`409OegtO-p$B_f=yuVeBk5tMaX1vDuxcqT^y%DSmL z2n2GenhJfp+{n$dOQY$=E+uIJzI;Zn0zy$cgC0fa5o=}m0MGnFCY!A86+zCL#$uyH z!kg94``{ZBKq>OOHk0dkJO%ZH`ucUA@G#1tk9K$|G;=2&P^TVxs)l9X$s@G05?}v6 zRLt%8aVHDsrvB9qp%w?sv|Wt7kA`4u&4&!OZ_8-o$^T2NK$B$g=}ue82&;l>zL{k` zVrviPsC2Nke%CoJ_WA7EtvKpda?Q4>zUDLQPt8lP`dyRCyv!{P64Tw> zhj$;3z#7vxqaJ^%{VY}T(y~b0g16%wI^8HwUZYG7K|6{?bf&1baALM@fAqC}zt4fa zmkI7ciZB@5S-%42v8XarFpgN~Mxye_^P}4{)T~b9$>?gV`VXDfl;RCdb+W0lyk@;t zTgPcl(>}kEh;70@=t9Ay&YpZaoFKtJ;H38T$e2E=ZL7X zWoJ?vR#VDaF3j@bo>*rU3tW3`5t*2J20hgpIo)?h!S zG}i!c04Uy7k<+8Rgq)wHnFks?XO*{+hm%n$FI>;NQ~7V>wp}O9FDNNpw4mj^R9d*Z zxEkf0m2)%3B%ydY(=Y23sxE!Rf1y5GBKdHgQ(85YNWz^dPQELogfOK%mRxT1H~i$H z23hp+Hp6M9M3ogpyl2nDZh%|8B+zpR-Eh3zPUq~B z)0-*yBHi^2Dy4`wPXEwWJED}jb1z>Se5mpQkI0ymA3ujMz0AyW6rPO;O10xc$J@^( z9L60x2g7~f0;){Acm^6?DpM5X+Uijr#KV#d?hJQHf&r+*$*kK7>DQ8cbJ)#$&W;TVNhNaRYN`5| z7yhoa7b|gQb@R8@Lg(WgrBIRDTdp`r+_PX_13qo?j|{ z^rxgz7E(I|So)SvkGiKV0dclF^O4;S+lnMbh_=gpBt2gkTX1{U9jtM-ibK!8gd(34gU{m?--t0v+e!HNyoNr+v(Ws*tTtS*fBb` zZQHhOt79kU?q{vN_uA)N=l$}2xo1_)nsv{4T@(Kr^&4XxJ)|B=`4m!63By%AJ&r0Q zW}_)y=?RSR$7x{g&k%gI8KBZ~1&Zima^5L=I zv^dJh%TzTK{Q+|PSUhwfb*0DgQ1rma56ahS!<)gMTAx!m*;jfBuNyfVz-`%tV$Wu- ztsRx!7;>T>r3%#W`HL)UtCdsEACS__R!hKd)+~+PmAtAW#r#Xa>v}DNbE*<<`uI&v zL0NuL<l$1$Z>eb2*;`7V}E-u_GeI(Z2XmTTOk7< ziZPwVskcR?i{$o!;6Xr_ggzgVAgEhh?7-TJA=5BOJ22WN8+j9B^$Fbu9#{xV4@AsR zUYIvjxAt`#Jk<0ZP*ww9z znr5lAhk~Y|J|(9@D*d(~NJf*p>IM+jtc$}UB=oa2ln?s-!Vf^Mf1u5OtRjDBd zsWF;U+9D%HgM~@E2laO3ZA+wYYsrCtJM#TODX=$GdsGlN>YUY&d;lhA(di*^q1_6I z=qVkUaoNbi8exQ;bZDcg&V3o1GcK?@Q!jH#8EmMR`5uhIC49hx7yxw=Zo#+`M?kD5 zeCyZ}-(V1Ir%8NbDN|q-=x%dQGP)31I)+t*9$PxGh}rt$0ij@H!CwAj!7U9t`I)fi z3=s#SR05?_$Z$Lv!{uw}y2e1%hF%3rvi1}^;79lnx>+Qhtl{kKU0&$U2BL&87AO`Q ziMhoVEQ~d452+ZeEgVu7mQk&oW{^6%sD2DN9##NP=Wb6{8m5AJ%VrX1lS>X};QWHt z?OfkwS#Vy{Eb2KT9d5ZDsRWBynVh;!Fa{>T9o%zU1(n&fKb4w>7r0pw<4kgU0atmJ zf~|89vZvc1$~13{en1dN3BikQ9Row~4mruCXe|W@E;up}vOE{2y$9vE%@isvo%H}( zpzc1b^o@fTT@))4S#0*3f_9wVwJ$`_Idqx|(7LHaaB>9%DsWLS1d2pM!rj#f$ zM3o|kf}wt<%4kZpiyAzm*7sp}e~v#HXcp8JA^E<^DC^WA+aqI$XwC`d6+r>EK$XEL zvN5Qu{cwBauQNV7iHrS~onEU|l$Kr1gs*uqs+U;4VWga|+Q1de93O*?xp17VyPK&= zCHWQ43d@Dx1_=GbSSzFkP*9`T$iLb9w@2{nQC8(rasPtk?wA(^3iAV9h*&OZk2h-% z2?sAWW6Q0w|HWmwOK(nHOD`4Q%T1^Ap&d-KbDp&l%8hA6KMTQ+OEYqg%$ss*JExTL zsI)JkXL2KD!{^M(ma5*DvB;Wl_&BQHsf_Z|Wh0)v4*n=}@lpyWAuAlhNh1=XfL{ZP z#+p#=c9#4x#41@UiN$lHN6}5mO(8LeMbI;Ot<~urb7CvP&^{WCMO`p z?NZ{`!a9pNxolyy^*~f;78ZnrmT)KcvCd}Uyhc?O!Bx{VY1g!{97q#g_1`Nnfdoq9 zLk29j^iA&r%4+5^>HHP^!YqZK#OA!+AgFbx(Mhb^7n9Ip$?)%7u)_8I9s2e86lXh_ zZ2v&mli@W*(j$qY)FZHreDB>M{;9g7Iorvzi6P_@DcTCc+kU7${votz8wOh0lOpOjYqUHZ zI4FC=mqqoiD8jO^?HWwFha+zbX2O}c0pjk?L>)#2b>F}tZ>tmTZwAP~r;6(f8PJY} zNuyG5gJ$XI7~q1az~9+)m&xz|ni}7~5UWL+kaSz&*E6?kaz8rO6W9i;8tFyd5T@my zv<6=N7F`1UF8&HmHY@~c_CV&F#I+iYN}_IbOa2|WWakEmvk}-XmH~-+RuW?1-B4MB zaPPSgG~bG<^U64S#6l=SL`_e))V`>4#zw1lqDLqc*_bsvg#N25ikR!oP zKYKQ3I6%mD)D+BF9+();jOOA~!5i2hOVlegX{@+T#OtWU+IkJ+DtLj3s8mE#vCe*# z^@Vo@@=v!_{1D1h$5|3kGf+NTf0gYVhet1}cBUnzHEzJiPz-VxtYgg~78zQS!cG|n zDGveaCx-t+3VVs>IjHWa>bbp$$;vKumgo% z0R{o>fmi3*!E4l&tO%<$s*?vnKCA?nDvieYoLa%JM!$-QFd`HWR5FkGOnl{ zpa^qTnJ!u7*9!F+R+*J$h3$h!A1tLp9-g6qMN|*fx0os47P0Tp9qxPH86deWi-5z2 zIT13caj@T`0xARJl9R6f4i7IV8F6Nu&%Hi&^qn(wD~PI>dfe;7L+RvBExjjc7&YgZ zn2Fr^CkfKCw#PXkSJ3KcB^?4Y2|lzgVJf99XmjB`#bVPf58_NwxaM zZleV$gRCzgJ$H{L^I5l-hBfYQxdslPCNhMIt7hba1vh6%J5DR5d5)Vu+vW0_ zy#(CrN8{yY?$(67w9n+3ZT*_$x~)Sl1Q6%L9Z!wEvi&|^ss+s3XoKVM5+^CsR+hwi z)s{}qK7A{%!%@f+-rmYV0jRnMiki)>MP_~pY=}Y1xuwe;LqDVV*XJY?+7&{RX8RFm zNU6@(2V}oPO(!If2554sPM) zuMseeb%cCLWV3XZ-A#N9-jnso{4P5td5q2pQM+qr#!(*hi^oG@(4}Gez(;H2X*V4= zN9~kaVIHQZein_b5%_o;4!ol#8DDI~=_wW_s!SL?r&CGF;?wm8BOG_=#b?ByH(eS# zswY`u%}B;dA8buVy0Uz0&!&c4eZ-p6>B=^?Y;7KM(8og5;5L}6wXO6`V0{Id=xx?K z81gV%=vTPWYYRD|SdY<#dGIuaL8DokV|rf?%iVL>zmvM*gS9SMv0Yk!USSst7-Jg# z&gwK(!d-as6L10Ne&!z6GZ#=!>({7ql%Mc-Li0ezybL{Mnmp=AG`UJ!zje~(5@^KM zU6@8NHJqM2ELLk?yC)vzh4`9FK0MajlK#=IS`3FpA(_XSK@Mq|5gA73{n1t%O&7pe zGmS@?XYS~3Z@v$?-lV-XF1 zvERG^_1y5OURGwnYPQM5zy-q8)X1=kzUftQy$QbDaB+lef<4N-hHQ9KI@0C(n8^au ze&}ej65~T%-!jHtTkAR7Rc~d+I5+W7Znlo*DHD`+u6aF%Sn6a1y;h6O*{0103Hu-K z=Z#_2B`?9CPFpp9oDkd}HcvgB^nWUKtM5Qw!xK1C>yd-26qc7j)}y?Mz~50A;x-{< zDND|LI=#x#bGTX?p82MTD$BRZGaonk(Dk)&55}c@;%Vp+dN2In<(Zd`n@5w&X&4%0 z>`?9>of8!vQeKH`l-*W=u|A(-p*rl>tlk!Uh~Y=lr{b9{&*Xo>TfJ zw67ZLCBXDh!trXUC4IgDM-*YhHrkH4`l~@LbU$&tr#pM>cz3S9V!J5c(Ao1)sg;*Q zd{n^tH}*DG)3~T8K5#GymLH#p0Z;E#Zf7!yi<#;#Vi0MD;nArqV|e4@miUg~cPE-d z2Jm?soLbTIlMSh9@mcPOB_A2f(+Ae_V@;ZaEdH@V&P{mZHzN;pKfb%Wuhn)(T~U(w zMsEf0m_0AlZE2dgznlDL-7c_*YsJ5f!N#3LT~8l^Et_1+^^+~Uk}}iu;()XT_MVdY z$qg}{l05iH7W;0F`kC-k;vL&X1JNINdSWc>bZ=LP!lfCH$Ev%j%OdMB@g_#7W>160 z4R!4#fb0%b4vkhG&c2#@1s^bj^^?DTnmri5I6D2Ngdc87S~07dPX#2z$)ljc|JF(q z(itYE_0)Kr)n)oQ^(w!48gOWpxZ*3vl0Clp{Gxe8ab96DZ;=V(Tj!*Z z3V-Q{8zR}-V|IxA?YMU%a`aN?ElNvk!(f+5=cMINitbU5eM(aV|JRS!mhiQuzKe#?yRUw%|-LO zwfMoQ>GLxU+HbfasaS#r0%+#mnrj_V2i1bgel7gcCfj>%cFbnJi|oV2kD6v(c-EOz ziz7{9dg4pz@f35bHJ9}=O9OpiZqtvs8|MWZR{{d!VpRTz0Ggo{- zLhaMNbY0-=6}QrRK!|7x@b=AjdGC|zN|2fst$JH!eQRs$N(dY^HwiN5`J_BUSx=w+5)9u1ps!+Pr*~0VOndr;zVe-XKqe-)TN$%P2t4iT>8xZL=bFDM+ z>&Z;BlrJA@|=MwgI~e-@5@v zs=tyADt~UH#QoPE+*3d+sUlzu%I`soMHK%GH64-jPMAml$aI#GEcqftDKO$e^iNg6 zH#U%%A74P?%vTWbk0^&4wIiBb_Wg{w}^o&3F#C#@r!}squ z!awha-CL@zS6; zpOtZMfqvC(xAgi^yPU|})YD@JIV{Ma%I}a`Qd}{wleb|b3wDkjFV;z!*ouU12AkU& z@+^L7yyD{Y)Rz}?w~6N$DU>Qy(RJy{u6NndrxA7O-Ch_9u6Gzq!FB1!OOgNVh-rlO zU9j})2}nQ#JP{=youk@R?JuE9TqYcTkcEIFF{m^Dc61uE{k)?`G82aIYiR>CzmF-o z-W}h2^^GQOX8beKN5(%TGpg8ss@wK_#TQ43$7yxx^SWPyE0Zj39p%iDY9{B1NRogc z?O|jE#KKCLNWGJGGD>b5lA?^PIx`B+A&QtlXyh7}aCv1H{=nD_lqIShEyf1y2~brX z5wsG#XF)}Q`ocGOz_M|}v-Nc0b z9Ey#sm{8Rh%VN>{vi$jwEI}&D>2XJmYV(YKfn(Cu612u@*@ODss=JQ6iq>CA1sq|y zfY$<@HMUhYtC@n1_wye>@bi#!VyDQO6~N3%JrUXw<`Xyb>bLhP&F7~ua)2zj>$k^) zf?C(lRSP2b$FaM4m^Y9b4sw8VU6l95&^d=Sw9dkEijsmX&c+t8K z-PI1Z1DOK*w+M3#Sf6e85Acz65NGGwN&a&b(7^}SS1^FXq5{6xgg=pNo)N6G*-s7a z;H0o+g7rsD(Wkch99X~W<8L&7;y*_pcZyXX*JNrz6mQX{C{qQC*3U?c;1#DIv7w!XNl*DoUEvNrj$rLxIB ze#r^`j2`m!c=7P){&ehR;#MnlNhC{phCXB+Ktc;qx)lYoOWtd0` zb}d9SF6sfwv|*9KmJWP~?IReqrQ%4Bf}-<1V`BJLjUA;Iy|vt~ z8a=)AWfbN)LiOYN{=A%O=c9AR`QJ=e=zD@Nb4I1^23?bl_}T-w)k78BI?JNb1x?Xy zQYA6RNK`6qlcxm9;toiG|tLz}K4uAvTd z>AFtL5He5m$$dk|0E5Vg^}fe3tiaBZ@K#Wdv?dEGC!k$I!qCRLHpM7l(?8-08$~Nc z?H>IK9;6>jKSuoVh#wo z@IQio*bwxuje<5j;tuK(#dGXsH-CsyR1#cNMmU3 zs9V0=d=$~HD+#OHo0HojDaeUTNWTjQaTnoBV&iMa^$m68p+`QpFI;C;7%%EUEQo0d zGG)RUIA)>N9g-TPm{@q(!ON7epOJO=w5lWIh(R^gSM_bLaW;ljnWc!@EJahWh*{0(;OH1ju(5Ep zLRE3w!cu!L2&i1x8nb{{_8uafPEU8?1K`sfg4WooU_v@rWCf;5hOL#s)WjMtIzIgi zKhQ~-5Y7bFcp);U(1V4xW)>&`lc|MG#N9Mk_! ze8zbik-6<$EY17K97)mD_8)ar6GkaaQ3^o^QQyutEZ8a=yI%lO2!BrVd*ErPXWrR2;~n~Chd78FI#~pzxXv9&7O(kcTSwZYsNP2 zF_uHvcMd|_%vAHD>-L0olF1Q+fQaX6sFCCqSeH^rdw{Q~U%hi%LW)jk@lXE9VE_|; z!YR<`=3hx=U1F1?XJjq@Z0n;tDhY1SDII8|l!Q2MaDH$?tMae*G9)Ew(+k#+>RZs>FW4Um`4k;YI;5)nMNhqSHJ$b-LWs z->he!=mbYIS+WamF}*8%BPpscEkpvNA~Bd8JMNae9)RSD4#GP-Q3hCkSD{gMJ}u23UzcT{-K4JusmkLjSq=?L_wk z`Jt9=BVmhsJaYUA(3GXNK+d$+>NUaeAm9m^KqZ~;)|8SLE zTumAiDH@8c9YW3~oKxh>H+{3ld&E-~<(OrJ;!#H}E|S0%&Sn(U#|tbJs`f?cz463@ z*$+aA87Ze`cc;yPOzIu#4KD^Nxs5dSUTdQ-Y*FeYaon+s16@+U1j_YC@u6i_C7hH6 zo450k9|3+D84;Ry75xC>GWV>%*ZKoOX~gMIoM@elcHiX|3LY@ah`Vm;N+KrctzP`c*(_CCGiM?=*f3e#^p{5yfAgd zBr`mq97cB^eshFi3Kd{v2uSWg?mk1e&f-2(FRG{T05!_}M}(#3FSt5|Cm|S!m3~{B zJS)M*v`aEUd6SrLMm;*KAgEwN-+%pVh@4e`thnMjuU`@T<{u6|qreyo1)3Y(7d^I_ zQg&qzS~O&585s|?e~o*pOwOl=EgJ!+RzlY*oqZ)+ zR2JKBvz}iAS;(70@Q%$I%qo?WZM}g6{S;`b*jM;Prnywvgv3ygPg>ZKUNgYlIJn$OeYKN{KVdGQQd}$ zyBe?*wk(n5y)Kp1au8}CU$jr&%+bpW6e-BD6u*(QK9#d3E*Dev*6H1YZX>Q{(&wXh zA8bU&MEGsa(w%_`CAo-wM;8SQNQgR=CdLi5$tg@qBAg~Fgs^x3sK@Rf7NJ@ z;neu4e^FwotbZ6nvJPA}CR?MVVW$r+_5&>=ZTwTDYpXdKw(D++ADAtCf28eqf*=q~@x<&TtImMw>{Jx@g3B3->Q$W7G+6&RRdPP_Q5_^UW#n z#<0aDtYnp>PX-q_RuosbBfJ$bTa#B+gfm$R64uL=K)$n?+R6kU3fEg~Zcy!-`kfMQ z1U*D{9`9!R>4stwsz5Pe+93s<05K{2=D>Wp!-O2dZIzTa*^HiroUlKPZ0KsQ^T}P( zA^&#kZp_Xn0%pfGKp)C$_lIyP;(BIjTWBR zV(oB7X+GS{(>;>fSb=~{2M^exC!lsyr3_CjLm!E<2HdBkZ##th+yG&N=)Oli4-+Tv z1df`1T_a%CAMM9p-HJZmy#88kQGGpdgg+G{-rVtd+chJ^xdk~f{!EnBDj7?TxQ-Gq zU!@(LitO$Jp>Y8D9?_8w2_at;nhPc3pgq|<;!b8Dto|!Zj)j<>T3>3JhmlGEz4;%y zK}eV#Dl}mrm%zdiYq731x90#c2+-+N&6QG+B}Om0xdEEtp2^U~oNZIaTN#rJa8poP z*lnnD-~iJP7MlI_K`O(YMYy4IbDvUEu%L)R5$s*$A6H&0sJ)RD&xMEB0kajSBfp4s zB4cReoG2st)e$=qQuftIX$cv^{7LNVn7c&g(=#<6`!Fx~xw+78P3 zTiE$1YG3zS#&1#bST<(rO@(&@W|K-R!O(w+nwfsH7S(EX`h}(zgytG9k+b;S$tTg> zpJ)V?oCPcRPFF7rj)s^O%K={00_7#$A{nq&0U)$okCB*xYfg2JgFT(#tIsD_|Y zg=@1$bMy?l{%zL$hykM4bv|+)TI}+*4Tg0wi1F2-5|2 z_Qb!4iIFQm1j{V%6>d*4oV~0hFATPJa+LntJ)o;!ZLH%jPZg?p6CZ< za~zl(#PVSQRpKcXYZaGjT*_`krh1WQzUoA976tlqWHftlL6GQ=gJ^q}V%4KtaH_HM z*kCCa`rkPFvF=Hh<^-nWV(+bW&QdRgBYBJII0S!~2nI32Kroif>-0k04*cE#tJ>q~ z=#y2g!$}>uGaS@|qGqOEkq2oF2Ay#(w?x$0XR5NwAX(u~#TkiffEY?^-?=DSz%)G8 z?1Ec0Ab`zD-+*&&VzVE7RcJXi4`d3UtvKV>SoN$Eg?)`KIkyQ3TM6xAnR}O*i|rt- zAnD_ug;T@67dgdI-?e*SYEj*M0a5Ea6VxLd)C+5}gY`^f0{IjMj}gtO%`th&;zA`` zvJ?vpANb~&$zznty3pmuaWAQbw#l`Np0*0obxDKQxGUR^dx~T%Ga;BkU8R1yJEHP{ zV@6p+^RpI+rluUC#U=*NpyrlQT}aV(3~iGn;;PPkM8rQVg+;r%h$$|YUqq^Uw$gZ76xaa2h6ttByT>T3pl`hAr1=p7fV^qSC8S)Nk6oTtlRFcX+hxOF*H`tO%1rm zrrK{E+n%Li-oD5J|D<{#xNzm6EPm7jE@MgXA7T06Vo+SPSf3pcY`8*5*v!Ihg6fo= zA&m{9hGoR?w9~zy5OM)ok+A}&lpm0)H$Y1%X|_cD1Qi)v@CU7h6fS$xE)(4T&lf-q z&)?<(pj}$?awhR>2VP}$2z+#R`3-McIyVR*B9ZjT&Qb#UfQQauH=sc2EvY})VMMGX zLGnNmezkyDm0UAovwPxQiIHY;G-sU9rnf|mGcew*7NeusPhj^1{<~gqCc|LwCtChSju6Bl~@sOS(_Iz zTG77GiD}IJY&9}hz-}U(QD8k)QQ)-)R^^(j;q?HgF%-AKEF*J|G6*6_eVAs`7$~}m zU>OM`Mwkx(<}X3(G_Md|C<@_v3xphY*l6?L+dkN`JA+nnNSW-H#MH;U+ZK?0m>mG?{5hVjjcc z(%k1W)&w1lzYcQ{m{9eb^85#E;HnSL*WQuOrgtp4SNh>w3w(E^sHt7`pTL1ZCw+=w z5&}y=Tdt)0yjHR+ecI7Aclg%S!JkQTX>OZmE67WSQi0Kyk5%rEI;=W7WjTtm!cSlT zZ*biG`Rt*L35Wn6nHO$jljdj=Rdsc}Oqb4Sz}(vHS1`?R{d^}->DMj;(a$*H(%ANr zY><-g_hm}GyzE!AxW+cjBy;(CEr1!_c|`4(m~y>%^1+%(YWfa&XQ?q9^+tHQEx!4d z?N=IrRVtT~_(@ecZ2PEbfb7Sr@nvQ$5J@hXacT0??M>oOjvdCyYZnQRjyf~O?@m1T z_~wVJ$1dUSx&HwU>d2;7ax+uj0#@nlj3Gyx(&3%7$OYiS%#J;L6Q_ckJMSCf=I?FR zZX)^P8hF7BI<705(b|eQ}OOXxnWt%>wJjZ zW|i?7yGx+q32z#Q%whZWG!KObsb>~^vof8C4oR-oO0m`28o`?@@@(KK;{?uN;*opQ z^sZeKnXL)OaCQvIQhR)KJ72D4;~8g!4{CinetXAoU09}5J|7a9K&prGfh&*_2*ht!>WfmHi{1_#^%EaCJ5LLt}_`;&bQ1+FJ(P^w5`E>u6WSyKIH^8;6Xo zCG@Z=#Bg@fc)raLLIOjf{+UUfD!O4y*T1O)Hrjtt2XU{Zh{FrP8%i1(O2O+zTboM) zhM?04rhH9xTcFq%F6|&2e+>n+nUfMh?JMK&W+BU*oZaeE-v)JA=0&W@<>Z(|vsNTCpoG9A$j<4l!m+jKl z@yIpt#1YGwUbK8b4tEQ?ZdzRGq!!$m$|jO8jxL7@vw1wxtj@wXPE`C;cuQq<(D`#> z5ohwECrjpP4-kI4!VFT-T+UiPV}?XeYBgioDwt!MX*4OT)D3t29+~2ouUWFo-DfYe zHeLJjl7%7HW81N2n(KS)Z3cTBnryX!*U@eGFQ#93%_cZW$(4FVftjb9agnmQsp3ZJwTTBVZ@l$_7%4b6HhRDz573 zsaSf0^E;N1hPrsV%dQ;Occg@xo}w^1tuSg$+8137Zc^<(KfmI#1u{&VX+(bl86fDA z_eM`6MPy5u=RL-lk7!Oj*~!eV!;gP-wqDnyliZmCY_B?1%Q-s-fA^Ih z$`%#zR&uTuc%IsL^XYp!M`Zl&QD*XusngAyC%#u&q* zgN3jWU1+{fe&0||gMeB0Ot-=xA zf=*6c3YvSLJKXXIU+U~oDTI38^ysO~g{S)8<4#VA@BOBwH~+m<_siLFtbTc}Pqs*LdYBuYE9!Hql)-_m}19vy$xyB&5!h>=>o z6P# z`eB2VL>O;X`Z#<1iOH0Wt;X$^#=%Tf{Q2N1=$KOzIhat3@{>Egq+jWUHkD&j6ETz5 zJKu}CnvLzZ-;;)9NA4YIr|NWi2>27K+%mneW#d->mI@zDTpx_B0|NE8`Qh=vD2aVb z`l*tSHB;UpQ1_L@&)T+~nyc#tV1hVW9w^CAXD``l^vV&W=}!bqr@@zj7$e?}^mzJQ zcE9d5pPmQ1;}2txBV**$+SB!LJU;@EFM^u?UiUsc0<3$Nt`VqQ7UzcY`_H*0efm?& zSDb*t-+yTO2^PwaimL#)k8R1*N8;L`QK6OY_scKw^XK3sZ;GU>U-J+37LP72J`~^y zvjfm(t{ojYQ?7z}_Nb&N*MIXPD|#Fd zZ3eys9m|Ou8{=Ef?%ib36EPsnYX(KAa#JA*!qfcjFdn$nX3n399C#f9G#IkPJa^7nwfq+bIqTvx{tJWD{1*&TgqnO&{BIcK{=Z-lr+>j9D=lEu|G*$1 z|G*&rf9A7cr{>?X&A{CEl&7Xt{eQ+r4>-f1jC(UPk75-wn3@-Ke$GFO(cD=5iHjY&#!`K2lMq|2g9jlD!?%1LtR@hB=)HB+(dQBWMb_m%>E9aFmh zxwsu7tLsoU^pI9ii-lng{Yo&=xC;BKzkS;FQ~sO=&>=oWUQ`$-@@+TD^a^9(Z8RB< z0ZM;MQmujjIt1h|9a4D0RfCA6Copd;+!j|F~Pg)%1HKhs5h#ac| z`61q9#I;1LI2A|lnzg1ZJAsv0_79%AwQ)y{~`Yf!`quf zx++T+2W7iOZ$;wfJ);lh1aZzqksVcbU3%8Rm(MZ!ASf07GgG(|WjmE9B2{3@54Z?I zC9pW+FjOI0+JL{C0w_ZwjqNDD2OEPf|J&j@s~rYEIBzOH%jje9Lj^i|-WcHrkObVZ z{MQW17)#U9MDd4-_Z;3bv-b7_w6xO{0g`|0M(78Ovf_cg~aKvw3UPc zYshds@f&l)WH+O7?H84g0dGTSh2E@Vzsi~oHm89v&2m-Fv9DK>x$ZCOrEWi+?-0_h z>sxq&g&Q`*!Ae)`W1Ej!_RX_9I;`%?<3Vmd13Q|m=u1ND=Cl8&&!;??%|C@{$afl*5RgCg7x<zMI1b0+X+UxM>N52p;gM+CbWT}k zez6ebpH4F72S9;R`?Wx@oK4@^l#9~B z_Xj<{51L8?jhAzUmPNVjf~CZVOqjhzs#q^l-keY*`g^#%uduG99Z8mD#ZKUozcFj&dm1?=ztE znPnk(T3%yX?te6Tclm#4^pvi$|Ip}|Wtls($7F%{m?L}zTf)0lkd5D$($kUjdVDSA zqi4|0*4hj%#kziiAU*sqUf6uQaPS(7uKDMBh(gcEr4^| z7njF}V@5p83O*YNDx*v3!zdqt?Zw&IT3H4M)#G~GtWfoka+4>`Qw&#UUOZ5&RfZ=| z-g?sHsiA6K06W~>|1WmJQl6&m_{$JdBm#u9m)V0v#W?n7HZrHd0^b zDd!ioIVZQ_V<}!UKBJMhyBCYCt;TC4YYd(n-_|wQ)64xS3NM4#xMaWmw;!F~o6Bh2 zHQXD|e0>BKFm$FE>}_7de5*2DI~Br#T`~%z>lYl@)j5AOTc5|9Z zZCiFfm&>8c-Lyz+#;AYk#j)7X)TSd&fP1<8+*ovevS+-jEt&nw-WQXhJF%)fwHI-j z?UlWeLO^CmTI`A@4jFqlUaUn1MV3Sxy^JNw-he_MS#7#n9h+Z zPIIiPGjihn2g#dxsuiKP5LGC8ml+7WOoF`+D;_w4TD=Weh|NZTDrStTL2SyFj)bjS zt8399tJ3WGKJ@bu2>;EjfSx;kKKry8@N zS^4Q~U=eQ-Kmj;$7mite9Z!EKOSfhEw-w!UYd)GLv#Nj5#Hm<_2(sr1T(TJt-?Q;r zs=A_(!G*7zp?u%c8o$il%^>8dQGIClK{^_X(*MO7LwClpafh+9*6;6*av-=m-ecIY za(&Kk$j~11S^8PhsMR3N3Pm;hrHc*7ToBAg4xd;dq|XVcV&E=)WODCN0%HCLU#8-b zwl>xqdg<9}f^X;0{|}p-7yG`$q}E_sjP$T2D@jH4?n^CdWAy~Q+^r)5G0sAfFcK-d zEqCF5JIkKe@SI8j5UTb&#)GIIK$d=GkB~p!EOM3+a_#{^jdI3NXkPt60bnwL!m08t zQc{=Rxtmg3r^JQ6Bcd^%-`m$Lx32-&wq)UP9`ToTnvagowq&m{Yi(aD9s@&3Jzgv& zF8Juc+s#v;TJ~EVNE3kc?4I{$%AdVMcI?fmElME0C-5VGT#gb@PuYgNW+UTxs^h@h zvI{4<%lD6TO`!@-sNX%9sYlov!4Dn7$`m-1g}j~~OPAr`^Y+&_yLCNGe0aZ`&7UbB zM)C<8xgLexOs4nDr;ISPaf8^7j4maKMjTUuSQYyZep$@qkQg{B=KqIZe)Rdj;Fl5B zxz~qESa{Zrq?guF@S;*XlT9DZQz?GOU>UhsQMsy*52VlNe))HPcDBDa8*LUX+$W}G zDa|WedP>QDWi8xy_mg_I|JAX-oreOJ;n((+{Nf$n>RnzOsT(j{zn`P~# zbn#D~@0LT4pQlT?EQ8~OkqVQKhVSQLr%I!h%UY~MJZVI~g=5apXxK{Ma&`J}Ju+0# z2lxwX(Nk*wP?ofJ8O^&i0%G^7&lA)5xe@1pJTUwUZmdDQfvd9T{vN)EMm4JH!x5sD z04;(QR%jLnH2%zx%w7XrwH=9y4r0uITN4fS zQ*VlANwI?0v+6sjYS()iGawFZgW?Kpa!wOoN-q@?aYD=Q<8yz1D#q>p2AC5E3E%1? zMTy>m>VNecQP)UZ{Pkk0f|W;0C*LLio}Pv*OhbZLkc3mQ6-hv@C)K+!9$~FX8TqbL z?SNo=xZ%HGi2J%)n1nCPgBC&LVsKGXk)rsISUH+s{Q3#UOMprfocq;8)cm7y6ZEOA zr`fY}3WgXZd-uD1!gIX-1wfq;>R)By=F%)Qy7aF_d4B`1;QIfnlipd7>Ov2DCY7U>jYt@`I6_<~54}G@Pve_&L8Mu5;eRf`HYopwfi_rg2EpLus z0JhMVYJ;5|VUSK4GBDP=alMGD%fnpjy?Ae{$Jk+XJ6u(rgf~6BtTvMioR zW=N9Pu<9LOIo(Q%nEWeWDBt`%yDnF_{!uN*COq|(iBnx)_+dU+ENgAT^=MztkQ-Qu z-UNW$bqfq4lTEwE`3baq1W~l|B;(0dSzCF`dTv?DyM#@JeE(aq0C#hD2wvMG+zpfo z02B*Y5xx5EZM9&CtK@1o+rw(%p>ke*zNNQFUOi<7>A8_vts~XE1{0FoCwk#W!V{D%CFIbAglF{Vj~6^U~8QEz>y4@BZG{={kx24j^bq221uBb zTffhWA2f-P^v%{%V&bDGlvp~xFNu*?Uh%VhV{IN;Kpc=LJ0S)uow;An-N_d>|5(pn ztskZsZ*UTBJo2lX8XKl``tw&*6L{}?bqn~K@Qby%8$ML{zdW5%9@d>zB5_KzsgsY7 zC|^P+mG*gz_FHH6Ni5X}_pAROy52Fm(x7P@4JWoeNp@`8_QbYr+qOM%vSUw-iEZ1? z#7@3E&-b2n&X4!3b+4-GtGn;j`^Vk8yQ=GIsC8S4iMHXg@!fwcGFm8sCF#Ml=JDE4 z4a&UG+k&5Ri7oaOpkrK~`g+06_P4`qoas*`z7BRWZzWscEwL;7a5E2Nd_=yOzo)^7 zk{#UmCePZ!tRSH+_iaiSoGN&ud-7ghzAg;G)n_A2=!ou#iEAJ4i39loGvOgcS##kK zuL=J$PDH?bB}eG8{)2u43F^GxMg037%(b3%7QXeE@#KN~3n$jGHA^Z~;lzaa$dHsM z5(4$ViVkd!Q+))->}B}j`J1eSS!l=6=H!nD?^Qa-2iUxM-YtfW3$@9Z|{{04DDX-ICcbfx` zMM|0PJ)4uN*uCr)TW~vR*RZkv{k8gE9Zh*LTV@~ha;PlwpBur?qWd(&Bw0 zr`Fi%BmZi@=;e6VRnPfhzGL3<`68VfSIFndds477WHb{ z&HhK>Ku+C8mG!RLL*`U7*dNv!>X3`TX7Q23W__UkUcD)o#p_89PSE^Wa+0io%Jb;1 z5;D2cbkQMl-aTgNZ-a$ADlwFbSzKxyQ!0` z5n(laC&hKmcAoFeUzG|);!RWzHb?%JZDzuNkMHvCNAD;MwaJLFN<-;*{r2E zlpeq6hRK!f(Rpp82;BTJF4d}j+;1Xk+&rU=bJ4?2_5D$C z*G456xSemOmN;}il4H>#FBwUUuwDNQS2c-egw&+aH}MX^7xllh zS~o?NaD-e}S+Uxek7B0!)lX^twrvttCbyxx7ghWD3%O5fFIZTwn{8UP+P~&CP?T-i!U=YyukYw#sywu49$0S2?K6H!nJPrB zwTBAte{K6R_dQ=7Zve74 z!=-DEKEF=`q)f5P3t*$ZGebk@krkwE!8D%^hMxex57(s9vJ4?7hZ)jTTj}@Db)ug) zOvKVz$dgv+u&J(HyX^2Had(D zk1i24$rTP44O~G|A<1x!i+;Z60}MO4#Qp5zraH^vCkLDm^Hqu+tSy~BsSX9}a0Egy zUz$ECqW<1s`oV58kh$V$h&iQ2Uam&!#<@|bY<=PmxzWIHdf5mhlcww4S~ccroBH1) z6U{=E`9E8;;H5RDD4vvkm;P>|A%>e^v?D)OC#@-Qe=EsJ2SzBZvx?OO>gYFw%c>T-s zaL&CvNQ2fl+)MhNAgWvB5L51dYR72ux9c&cQKoEZxBg>mXm^_JcgyZ{HX|Ftmr&{M%U_0$ob7dHUVZ1DEW_s%@ypU_ z-Sjkt{Ej%FP=3dW^YYj9mOleWoC)0Czjs}Qz+bka*LLt^0phB2U0rXH06|hzbVDgw zh4SPPbWjpQSaDYG>!*vJfC4DVv2ZU-5M`{7Ydk?!$P&BjJ* zc1N6Res+hG^Riy$F;D36=T4h|#}!iETX0#*1`+QQ)HH@kThPS}yc6WAUr$>Qt$M;C zY=e%Fo5R`vQ%HXMZyTH1gU_Ap#>tO9Xa9fyx9b(xcmI#R{BtBbVt=cSFuU04*z5YI z!%};Xaab&jTC45lN7kNG{jKZOyvf!qd{<{T@J^WqxDYe%MC)3M@9j_#>lo)7Mod0|doZOs9xY&z9MOE6sw?Z8{ z@M;J+y%~v;UwY+QHd}_);++?_bd17gX&z(M_C*{W7?)aUH{wSKE`6EAKc^Tpp4|Mi z!1Ncl{I9U`kluH2WE@(KWB~Nr$j>J!VjvO{EJT{bKRsYJ@*6&o8>` z#6Za$Ei{7P{K5l!J+wVlIy4WQ9XoKjs~xc>RdU^jBzZYv-$wr~Wrnojy)5t78ic+f zeWZ!Y+|hB!dn}plpZ&*Yqo7YEOnwL6ZL!{%pos?#p;`Bw52(nW3~5C+<8ZPEaYb7K z%P2O}AHj$_EOVygVZ*bRWE9?KqHY@P?g4G{wKcj^w}07Bsaj8lC$G@vdgKnnz;z5r zh}!J`(sYAkyjRVCh6JFs$OjxZ3XNN><-4p4lr+2=H!m<`cGYs{BhPS{f533?1>`%< ze_KM?-RwiWyRZJ&e11m&0Sg&@BQ~$=T;Ek40gK>*tBOZbr(=Z-mWJQP=V{lw>S=I# zVle61`+7Dio^2&p>MXN|f)7@(Tkaq=)onhE31q*U5E!LSZrN`1wY7;fy5nH|!IK z*2#7#4^%cipP%I8mxsOX8HEuQ-y8U%LfI2aTkb(870K~r<2?$x@uz$aULZ~Q^w267 zAj=4*_3DO|p@z2FaIXf5^n3iOkyf+qD&3}=PUJt%muvlP*rGSO8nfvXRbA2eNy1B1 zG^8DWs`ZV9KZ8i3R6>xgH{RE$=f6_$K0NW=nle7HfkvqZGJo7nyQ&IL!=AJEOa+<` z1YPIsx2pygPSs9TC>=SLx_JCM@Irh>`Mp2fJb304mis}e5=G&SZr>6Niod>zKtO9_ zcDr`z^0CNvlM9IMz^J)g2gcUI6u7l2AA`Hcym#Cy%>SSZImzL6XzRpF_q^@R&i8^Q zU2NSn4rok#$LAb2I6D262FA`5RmU#6+vE&b6+tx#L=lHXd#S1MT0XU`+hQs|!X_*U z1=7}^yl{#V;xM8GKa%R^1qhZbC>p!x^)LEOwRwy*MWGFEyt(*KY%=yQW_V+i#Y_3( z3eVPqR)OI^x>0Uixszem4(D{^Dz04GfAq;DIJYk6Lwr;3i1=f`ulnqnzSU=#^PUuC z_vU`#zkLP<^^LCVS3)IeYQiixIa8m@*G5XWHI28~6)K89P4||za<5Jl-6miO-%g64 zqj4a4O2S=kU`nAYonP_QM(Ja2M7l!XarMUia0|P!jnUaD5;kaq?)5Y@^_AV#YIH37 z&4=Qh`uhQ2Fe*1zHo9vukx|?$N5>0Fcs48=v); zO4@j_uTXkXdx27|(ZP%cXtupSA~i@RZcBgt9O2Nsk%!?W`t$WupLgkMk6-F#`RL~J z4bC1keAy=dIT;#-Et@gyXX9nTFA2n!V{$KI)Az}NjN>FlBLOmar@9)j>nzUFJI26T ztK66}(tH<^X`a;N*4IV-3l+9vTs;H5UKH^>cf$45+Q`Z%>9i3V7cOeQ;Bt+ibW;dW z>cBZNOh192&x6oA`K@`VvR|6rhN%)-vz%n^MTTW)*eFvNas6L9eulp29+)O5} z?)bK`KVbBko=fy_NA$r~GKb84V0J7w=bEPw+)0}NuiZ<=nM+g>L}WkW8EQ_pkDc!Z zNS{^nVMd&1j=4@0u!*OI@{fN{JI~~^E+sq72v}C?v6Q^8m$(nVf-4=L6|~;tW8Hk# zQ$Wnp#`0~`N$8WV(@JdJZri<*&M1s)>;8mIynD)5SzH*+$72J!c z{aa9v27g5Y@_;l9j2_9z+*kAJc-LM3ex_e)E(22m zufat{qQ1jiS#UQTQpjqB(fp3G>o*EoDfZl!9rsp9_wB0;!s$R`(z+p_LeJHE9h>9N(Ej+~c8gpOQRrIa(9rP-H2eAaz+K2U`T%&zYaR2))b z+RL6h-PKu>Bi%Khlx_NtWL1Z#&Ft1m z@-HNH`}$Hr+9QnO=gie-`RU|cxZC&hB>i1f?3ElWZGwCHdCPy7rH7JWGvyX7FTnIP zqcqr*Eq?vk=O(waZSQfTbi7c5Wq<3?d$mLd^XoR?T>f?Un>VC8ZriEr59h*EGq^zP z*+ooZ16!s-e^}0_(}anbXMa~R3o1Uu`*HF5xUeh))WV*1<7whH0b2jQW9_Hg$1g}=DBLI*e7p6~92U%nUP zyq`SrUsD8l&cj2;Zh1WHM{%)j#`{vb$N$mBS1TS>Z~CM4j$BKNxS%yH$U9Mh3WOQ` z&zBT9021~#t!M9ZU=mc!G3b7#agSWD$Cx+v+rGH~@P?a(^8mexCs@Sx?)S^Y=%LV^ z=Zue8C2zt{B!EY0xDnxYUS*&&o5K>T6Pv>rNEIJLIs>a>5v@#j!{0h4%md6SrVt5*^3{_ ztJT6y%oI*gjzQ8=Wy+16ITEFN>j_oy8eDS(`lzj)3bk?!`q(ou^({REKJ0@5-*Ot+ zpohzfzKv#vQxj230sBsa@_1T=@>UcqpEzi!}9&I51Kr%n_ zez!oB$6R}hN!|e0{&FY|V@YD5K!QLnxoCYKnXm%ow(p3b#E3xC&qsE>TJ;wKZNx0w z&G2%q{<+9w={j(eg|1!s>-FKB$g=RM+r!(WI@E-&V!MQvk3MqxdJLDd#l~IvAP#DC zW%f?87Wp&((O9A?-Y{=^DpznCAIp=fL#k@A_i`y{;^bO5uV?D2N^>vLabt-oPyne$bA6)0| z@?NrZK}EBzEaRVM>#@W|!NoVF-)R*!5+ed=6O?7*t-st7vA`Ir`5#P+r^4OT^-^^sdMaquQ}%Wjb$0p z=>9>wz>5=WH&v5Lb}F-X=*vvj=B`sJaHN#stx@N*Z6Z4iZ?PFda*m7qD;7-Y(EG^i zIwf>nHP>0^wL$0GoZgN6M9}m@ps0=Q>8S7>f+Td?(5PuxGKQ>KKAq7)@9w{=CiG^Q zUo@+Ae}lii;3Iq5Maf62K^1z3k^hUgKSR(?9s*~*7$1*Z;Lu--DJ%+WPk(^P2!`CY z>cV7vfw{h8k=Ik}YWIw`^t5or0Tv&E=s&&Pa&<+PWzFBd;Kn=Z+$m}((j#impsVb zX&IZF0!@5Yh`L%jM2^@h0J>(CNj~n4jJW1-!XG4XoXPyWxm}QYow&S`(sk@dPZ-F4 z@X4*`RFmWt-EFgX5s(KsQ`QJ2oCC?UEqWx-Q4zt2=u`}{dHQ;K?U4H4g~3y+<6Zm> zrt6KK5Lcmi8d#B6k4DjyoT*hN zf3GeVGxNv((PP&m|2*2j6InnWLCSt(d-GrC#(vz~?Y>v}vr>oHU9yW}V(KPn9!K-$ z#k!%Un|?}3v| zOXipZrtsfvnNg2dJ)YLTy8onB);VK59#0tEpPLR%rfxyKO{H!roCv6UUCWZHdmT$( z>zsCJJC(TC-1D!w*4%&Bw#~h1JoUuS@l5x0QnwwEEbHLolk%L}p%1ti>_jKp>Ba<< z5zNWsle}3RtSs4)is(&AuTIW}ZF4%1Y;AJ_sK*_QCF*cF^+SInAt+9VlK-t1=yC#}x4hn-|m>YK_iS6Fa><*8{nf=RFvGh7xp zcrAF*#uD{DmGj41lodbGVOv~*eEh0;{zysaMDn>uHXt-T4B3!PZp{_B7+w7iOK=48 z2;BDZn8r-Z$X^_IXtz@TT6kIHY7Xl}TOe4PPQqZeJI4#F8*JhZpH3v_pW-M5OG@)NRoYL;3tpk9($t6a z+;<*p9{x-+Pc{Gh&9<2fyIuC+hWgJg4FiWSQ)*4YJYUaey}q6=Z##_k;E|SX{jOT1 zjdY(`>{a7#URWmX_>gxrLE9GQLaxtkwjItp8unf9e zz)gUc4eV>jj$Yzn5zVetxoE=QY=#zpSpd_GuvMPH9%ldimZ9(;atBLEU4HkeP7VcQ z4FfXZQ|^7)pDe$a^?Qx(2K{&kwPWrU>Z<&Nr0M)u&ktgRCnV5NF?T16Qf=fSz?@`G zA+v=?z~&G4s$Zuq*W_BwF*YY@JlN%ok`W0Q65HC;F7dVSfbq4L;LZ!f_*H80ZF{+~yHn!xH1Ti-O@LrNNC1mmq@ zpA_c;wO5_)LX&OLQQ<@5?*Zp3c49jWS>KB*-ki+O-P(^Wbz*B4`G)(L0IL-wq{y;9 z%vi6+;Yz(zK46M_IY|iT&td-cM}r*V8AtYBQ@0o838V4FSqPSLaa$C*S2WAVA4&W92;?<1*1 z677?zL~XaE>VDran)o+D5tBe8;PjvB=iF4HvLD&`g`XaAf?Z@R{HkkwOe>pWie~eN zTlci&Zrq#J&*Glaw^gKXMMs(vZe`zO4WpEvONqSaBZ05W1i zVst?i%^G!UR}>F0v?HF52mR`^l}A2|)0g)W z+vG(-%x_3=Jk3t}x;PVU7J(l~C+NU9d8FvTB+&@Dc~7VQY(oXuCVmU`AbbK6^`QSY zNLux;fmpRmeLFegZ*PmYyDI9Kx4$a#{&Vo(qR;F9XLH~^VEcOBQstm{1AP1-Qn)ky zIP_J#T=l6ORa{o)=2wJpYwP~+4zId+OcouGLf`&?B{DC4QRx{OWA^nYel90vI zMu0dUkA|7AhQH1SGF3SR?i{jVO`^RNdn%sx2X_fJ5vLgADl@Wbg(%%U0Vr^C1`6*W zA;7=nw)OVpN=nMx^`;g1@6wtl&g)A@qK@wgi94WYswIKJx&H)3^K*7p429xk=Ra=PG=%t~ zbs71`g-A|zAM*?zS2L!{M`ar&r@pTyJdEjYPpSalQM@WV?=&bqV`99{b)&AR4E3{S z*#`_Lg-tHVw0UsaVw1pW%YPQ|OBCz(CUf}?|FVy_uGUk<;WMbnM+-zI?cE^3dSQo=T%_AdpO z(l%}`?OYqS}dW7XXx0gGG%1asT5DZ#0-@q3F(mg;}L7Z#nE>9~z-EfcWWT zY`s0D$!|*|U))(+%P!!{&I7!gAC3#J*DcqsP&wf;2uAV1d*pDf7F|0+%j^`-xjAD~ zI5lUs;}z5Wqz>UdhR~Cp)}I3Sz+U|X&9w!Q>PM`N{90Q(>%DcAeQuAu=%t8Kq$O4S z71=XY^Lh6rnm5*crt=>E)ry0Bw~gn&{lK}~^VI25Aoo+X@w-jGp{unl?+QJrglOQu z|IJn0c2pvu5l52w({+OM^3dVP_*w^{?EZh-ENV}ZAWdAD$;7~{{(hHijAtDzQ-Gvt z?FOfisoLvrH9s|G5O`4VIJ@>f7@z6021Bm}GkrbIKL>_Xp)c9`<$_N~_-t?uyHtcL`@3QN^tIA@ zk4FmAoknN9RTWPkP59ETYzpcM`{h3j>j+xVvs|t_PM#bpX9s~C0uRXIK>Lni5OY!q zT8Fs4iTMIrNE;(`L)(ac%VWugaKH!{X$&m+t*-7vKYKUcg&DY?gus)rN6Haj_dwzC zKC-7tuPpqUJHI~|SSmjPn5zv)B}jM|K@|LpZsN&9MvJ;g+UDmHQ743jyZ49G&Z9Zc zy?S55B>c^K+fn`vVSpW&`=|588x->dg>if>p`@h|*~Y+BMHNpMIrZTjy+muIIL@X3 zc=pzr2}}H#h#vI!vDidnf5KZe%(XT;)OpMQ*YVr5`M)@R56hDKCr$U|g}g~#%g2?s z0t1f=7iAcSVZ=3_SeG8#9N_GJ#&lJ>G1K_{fbhnFwbep(Dm|}ID`;$NWcV5xj~sMM zPz8zGCuUn)g;VVTnOXQt^w591nH3^?B2O%Ru$Ma>7^y%Q43N5Q(24t$NjkXlABC0r z45n76j}}X+((!wP(xgr6QT-H3uy4ODhR8$O@K0bMw03vQFBUZ?Kuy*N2T>nzOAqmV zk^bk$DE*EJy-hA_@UwpzxxScf0J@?jvQVe}j=>=$@p$k@r$fN=-;(Ov|LYX1E&q$- zDnHm{Xc-zWwQ;*9Rk+9DLl2Hs%WQJB-0rqhOZU#xRdt3t)Szbzw!`#F4-7y4Z2i8*ASZv3o(F~0t+;QOXVfBgJKcxWBdg+0tc%e3el z`%jowoMjslruByGwWx8AH^55#j~hx0t>{wEi9Sk|k5|rft~Bl^Ma}|^fuBy?-dF1w z;-|hIrt`ahdQ#LE49I}yTPK6mr<1|z(nb^b^_Ez@k7Uj&5|X**lS$G&?`7l3)x_$3 z{_o=5uQVCP2Pb9+>@TVY52?%TFO|5jYsGHVX3SmE>G;l%yQS4q67 zp}thZQcx9sGB@w3y9aP6vX1U#k(;7fOiyLaHwmS!Jnr85$KsLL)Q=z9*W-Xy3e6gY zSLXsm&ph0us$V5qA~)nsLIMCQ5ziCGRT^m87df=mflLiR)Rw)Tosd#khU+jFi9EbS@RVnk?0mp zP;-LT4y>g2ax2M0^3@Fb^&eu*P?L{!_ExVWIh&(N+<3F-wP^;*DU5W6VQ3aLLwGq` zxr}6*N>pm7$4RHyI*w}iSz8U)ZlmBuG z`(1F#ys0;mQAu5>bjHpU4ev!i5(hU*lZ6JPWnRNIuTVDmmF`>MN;4AIph*$&XEYMM zEX}}|OCc^r`a3r=E)7D+Mx84uPpVMm8fm8*P{(WGAUFC)sTgt}MkzZ`IXq0|ole17 zRnR$WqN)7BPuga?chs)|6JW069yCe}gZC>9ptj@^nKY&|S}`{6ilotECRt-ZwTpXM zpm_rr!huc(lGFWbw{M$#oIK=WA(N~}%X5p0DsTH$dfXKVk?_+q3L3Ajk6qE&izedF zCda>c6>QWJaeb4kSHRx~i?Bm6opUThiuY`^(*~RVhIR|Z4UkuZUQeB1D>qmDw9>e; zDCtZZLlLVeG0Od{5aJ?P4Q-NU5_Meus0J35tVJMiZ`5XPBd|4?Y{ZAzGYNM=mhk_E1!D! z2rG|ufYgOZr)Y~7Y6UH2gB6Tf2iAZNxXd2ZXQf4nV7q#bUuH&$bBjiU;zr&DNhzxZ z=tP?E`hQg`8WZ3ZRqj#Dj!El3imaJb)$(3+Cd*da7f>v>G03UOFsLvW+q!Ki2@A`} z+NfN^(h3pCN~qvfFpOAmWQldVLuqTpMx z(=_Y>s#v;jl|OP_~TDTmYCz3{SPeC{EnEsV9=c;A$FDM9(qaHOecwV?+h~54hDUI6EZ$ao-{fY1AAky$wwbRDQFrlT%IYZ9Q)ZQ{ zn`ytpXdN=lsDjMA5HmHBx{1p1({~B2twQ*(mw&(8VA$UZFuxRwF&ya`45g% zR^1f(tA4JT=;P9h|5!F;Vo8Mz#f0zKqEmHMbsNd@R87S$9Y5n= zO($OG$guLbqbgQ8kJgJU(E`w_u3P0Qivn$f#n;WKY{s$K-%8l|SW~h{UZVhinR8TV zazlrL$bF+}F_G$90%G~eB&U8Wn`m_od<4LSo<^&83tFPm&{WN&_z1bZ>e4P2?2eNf z>s&AlMgKbz{_z)@JWt4z9T}@y!t$bt>%%*;ViXOvI<6`NCfRd~ALu@hauw_`P zYA~{{CM|~=JvUPDHO)jSx0^Tj0YU6!JcTu-jVIGk(?YM_2WHt?9FJ546t((c;RnT2 zbYsOz3b#$s^_Xl&^)D^uqn`9ONb9i-90z8e#HemY);1~q0Rl<{BGbS2kE2UEl>MLz zQgGc|-54I*%BNIh(9$sQJB*zr1(c&ojhC*bZeAUKG@;Q}!1o;1Omm21<0To<%}+qXh9sd(BNrwc(8?&2@w z0eyr33)%z=bqEx<6)}Hu#;Ey0od~ETVLgl&ZdP=~tU4uclB`GBLJhc-pKPeR!ilGa zHuv_2pcHptWzeoGmr7MD49&+;Bh13N^Ik@8@}@w5MmdXSUK)gQHdUBHa9|5E)sT@~ z5B#~UbnjmY)81QOpl`UvQrfV*sfkWAUmnbKyVT1qB6c4i$S?n3SwzI@y0 zvl<&s=T8<|iC4M>gXo~q_N4L%-52SA2RDRST$*3-mC&1o(#}Z+Q~-S^!d3D0A7P}C zd#Y{LN~ZFis2W*!DvcLz_W1I&Oag$R%<XNekr^M! z*Ct9Hx}O$gvla{>i#1PjzyeHyXj5!8bQ)DnyYWI)1(hs*H-cSAq+#{LGkD zGCfT&JEmAq=`Z-$*ErHtAem#YD@4*cs1i`ZW@QH6KYKz z&kSzqMvM?fCXNPSNr}6mg1*|3SfSxt*}ijvshO>U;|Z3n>oi0xWb7G9RSDy#!6FwIZkzWw=hCbpSX8DDBFeaSRyk1kx|5(v7HLs4Z&_XAl@CsYeMw;1< zr!*(Xw5BR{kJTT0$4Sjh+fm-45m^#O!edfF99jijqO+7$uNg_&$R&nT0}11^5cC9W zsF?gM@P?m1q%5Jw5KAh$fR(6^SDO9mi{2d03d~#|L|CQM!y%c3%r){JTdtp}W)Tzg zN>Msq`(_G$5ObwQ(!$Uy#pFE&2@F9C3?fJ0rHfC6Wv;;Gm;qtX<02jJPQ@k%fnPvh zCDqKD`@KN;Xr+$G0dtyhY3Ilzn|l2HKR&ycK|y93yuKOT=EV5_19m%d0l#Rvnm^+KGA2=90-5JuTSYeKUq%S}PWOptQ|nVcpMd6V>Y(Eh zv~+DD&d@F_qWJEc=UMOP%yGqch90(0tO``siH9#Dm6jWUcL_;Qm3916%pmRJpUm(e zaHX@M1i^hk`YP#(9~$bj)>;Tkl(HKw8FQRua}2~RNRMXiM{Lz?(OXH|_5xs6^^fcG zRD71)q;;H2UGc5od|urd&D!e>l4Y#gINFGhIo+-2ulIv_>@G|k_XlBl8#BpxUQQwk zb|<34@)?5X1ivi)Lu?$}hhmnMN^%1N=WsP*&LXmu9x_omLE~i>>$SDA9kt0M zk?KiCK2<-C%&?we+D5b3!w)3WkJ(=D07x3f!s*1BdSiuz9clJ@&S$X7PZi25Xf0aX z^aCG2CWFbPnUW#zVeb^X)X5VN)r8Da?9HBXMLH=oX_B2oW;j~z(a?KqRm5gKsJe|N zNv$)-F*(ax5ye8pj^PVvOo?eu*v5UN!<1yzzLv4UOTwp!ex%dy1naEA2sbIgl?uqH za6+(fRB9d*v&|g#L($4vseyH!a9+qrI_e%C-7d2-))5tcgR*K!7Zy3KNWLPCCMaEY zzv7&0J7;Gk%brSMaYSLSbpAyfrUrm?VnhiYgaelj%!NR_Cf%037= zP&Wt*4^!8GEuV5)M=5WOX5%8(L5sAKX=8y=LuKfw==y?65oa-^B2_xqTr5>q%o|0* z>J6rnutE*{M;G&?Wt6=Vlc9OM{FJqwEc-%PIv#7NwLho^Uhd3}ay7*STSZ?j2W9eB zm+64O98^2SMzl4%tCaj+Zt6PP7>;(4P`7rbdZjbi5fm#XQCyI+i` z)fPj=d_wJy(mT%nMS~CwAt!zj@Yodpy_831aUV!-6W>uWIGNGlckw=kAnvQR9GsqcN+B{MDfsAeoiF35Ud3oYrs`v zm84uKTGmZXxJv0g28H(9X+`p`nTSQ9zH_a~$D zgJRsU2mT>+WHus0@gK38*$hg5ddiJPLrN6?a0k(fM<)#3C7Pg%#T?rt&T7ool$RE|&{b4O+SZEfMUpg20p40k z>=ZY8^;}HL#^iE|t14N3-Nh2Kn~8|Hs!CZ4m2#_KFCC0%ngg20#=w639@u=8v5id4 zz?5O8wP^vbufgQ1Cvb_{(@7xyp^+6q##wdhCxNMHreQ)+KFhG36hpyelW*-*+LYiI zV*)Fa(S*+JvVOl+!@=+o>oLod)XbUywpmf8&6SUkxZ!6y4$x0VUKse$%<8s|JEZ%x)24yBUe#z9 zj+08kY8Y#Uxdto!h+-SCNlacRw{J)XvF_$JASVEx31xmWkiK#j4i|5@k42Rzp%(E0 zSyfRnhg3>31|5iT5(0D9(90UGjMG9$es>MmSSWZ0U+tFI;&kX<4(`2 z`%(IWWExt(s)|v$Mb{D250vgYft&Yb>!h>PhBZKDc9T7r7HDAqYtWT!wY&`++rce;v{c%LoOAotfH|J1Hc;Fn|tj5;o;rW@doh2jV;R$!G}Z-Ap! zscz6i%T~Gp6#Y*^P2(s$M!0$nMK6RiyFWWo!UPQgxKpczg$PiHC1cxVB$rPK8&{xK z7f~A4uIDzH6sz0-bAU`#Yc8ZZ7SsF%yGD_{)uP|5whIE3V9aJWSCOY8l~k#{Yj)Bg zdknKZSNfbN5JoIkoH>WOa0&A)34q;5V%2m`D%EkZwX$H*i^%o22X9Qp*@Ced#n+W) zCTdtwM>A~~Y}Bs`1=}KqwpDUOlHA;?-GJLx=wgbvglPk0ENYhUG2;=*jrgNnZbfD* zW2!hwmvD@w-hK+(g!*sZ?~^JndMUIp49b>@EbN#J_7Zk{+=v(o+_hZhr}KA^?O55B zJse}$XckabO|;Ap?e4f>d6dWB3?}Lp96a1UyC5hoOcoA+4XgR?Q6fP0iYV08t4286 zp{4b~Pl$2ScAi5@4OE$5XtaYzQA*lOWu{UI_;I@_^e{ZMeCJPRXZTFW|6)ukG?K#r zSal7x(WUO|L@^coW@Ld?Bf#>EzoG1@RaYvhAGoaRY>{&s7D^&5nh&Cxhg@yiXVJ3+ zOz8)eSyle}lHiF+1S}M3i>3-7O)+I+RQ9O% z1W6&KPB$@Yu_JCoZKajr!BIIQrWvVw=Q4DS)p}BOw zxkD(>p- z=1d%x%Rj0YL|%E51^^FEdhRZQbHQ_esMJc&nS`hSf(D;Lqe&SIRt_Qas18=uMRWsU z(OV4a3&+V_Qo>BilN2xTsy)rGWR(6gxSImWn#;{5x;&9RmR`YLI z-$w9cEmao$?kmp7?3>v1x|710tsUUczdw*l3Z^Ejl;ebhi~`O^)6yui;KtQ3C6mcd zI?6toiUG=o2us7h&BuD>Q*z{t%JA*I=@h|?E zJ(sWkx_)nIZ~k2}FG*P-n6$}tXfW_Tfg^p78=`9WVWF)LzryBeKO4Ls$}BL7ZuHI(xj=9o ztbkz;x4yZacKXQsdUh<#LDb_4`2N7MMl?D+uc`^B%1!Qp43+xpPvq$bs>$y}p#JoW z*t4hzISEKlY0<)ot6qtvHJ7vqysKFgBTuy4KMrQgnBc{|A3okmpEt_=;;< z@91he13lQU)`a8Dwnxe{p*!EQz$7@nM^FBae?B`iUwM2ZPHc@ zVIe=alz~-g?>B{)1n}q$GN8kPc(b<*cVE6Bw>g@7vqnagATjL8f5&nKO)iN*kx;%^ z4AnlD6OXgLr<1MZV|$oQZ8dQrx>4j^h=K}z;ECU>{#;K4goLB28lgxDg9fm`7xBj(@8^<~O%@r5B>=uuf9bo{nP=71wghq64 zNW3hCXe>h<0*9WMQ_f;^1YWNrf#EW_2^#(FMXze21PB(H6J3nwHRZpf@iWbqWkIg7jL~)UERG_KbVEHegWs%CSa+r%>`!2b1a<_=CHZ4B5 z{(dQT=<7DU^{-2Ka#oMK^FO?L7fc^fsReqb-^qOJ7^m3<8%FDR_eKXu8*P2#Ay8B| z*nd5RGCgJzwo~C*$p?Q)Z?3PrZR< zdlCTmN_yzEjw5>|Ou;~5OQP*>Mw#-sZBb^htNQaT-`ODq$2}VXi_=Hsn3i-+>bD`E zDL+fC-6#ZST-y~`xG2(;H>u~%H`a2v#Sn(XZ#CKAiIM92zwz5!gBdEvM>^5nx|`f@ zL8iu10S@|QwLCX1Vh6{>?kAy^&>q`MZpL?u%)J3xfz#hb2E3<>DeE<>=xyCQD?Uw+ zaYc)+Zkv5Wpr5}V%^(_#`){hl!(u{>8)Rpt+u(CeGHH8(ny&k*|IqUU58L+1OI(FY z+=MRO5}0iB!uxz)WgrkC{Ql5G3E<524g23umIW zkJfDIWzMh*jM#WGd~$xm-C?x@ZXZe^{+YFV;&36$KYj_tIyBxazVvode9^ug|MyK> zkinsk^(=>H!_@RiqxXSR)y}!)rGEsFxOeupPg1kp0#0a0KDBmcLzzFf;)x#76s_Kv z6WpQy!bj)~(Tie- z&z-8M71#IUX3$5AIR#$^UUSvgB zbp(wE029+>3lOAiYSkOtuL53st^Y3%ljyq0Lp{=^lfzH!W(x3+Bp~F<8{&pfciCi_ zVE%J3_!486N`)C5fHX+6c&5zh`eSqau*(MWm693G2Mm1q2Bu#A-(#McX9o*I+hDiI;~8)t;}ybj2Q!6Or%%{{G%kMY7shlB ztH8r~1OqVj>3u4VKyQSn@xvS60L?=B9)s^4U487jF5%PiEG^x{4EW_{YP5L^bNZXJ^Vie@bU07DQQJi9ARZQq?HEoCn5f+CwF%!YUT(Y2Y} z0(sa8A)CB7T69Y+WHHPV2rzS>2+n?A9*3K5o*SgcHP&T^L&Pdxf--~;i7vRhnsZ(o zxVwO>L{J`Rz47s1AHVO%LigDkQ_Kh6ohKrkD1LF7qQUE`PG6B6=8lfbS8%$@a)RGy z6`)3Xm*GtBpG__=rzhAcU)J}1woKOJ6?eYA%jX|3fUSz!s$=uv;HEIF<_51zB(RX5)5urUofL(Nk23L3fB@W!c zXNIHLLx0$MBI0IlH9hi5~q%K6x{Oe&k*nAI<7i zC#bEV8ot?qC*ir-{p=*NQh!Pnv1ZMx?(<`id>g^Q#0(y$KA?$vWtwWxtuz+v<>4p@axnNa7S4*n zr0f}jD29n(Hwe=suJ+7rm)zNVs7FsnIIrhTY)18Fp47=zP<=xzhXfiwEu_d|@u9)3 zK*!b9P!m+au2IFp%xX9yS;Je6)~!4HA4UL7?_MDk1A~}bg+(3f#hzrqCZ?_WAMqH{ z3c~}P56`c<_%Osbp)-0@xOSAryzuWIjVw# zRfPIJdU1BbdLSV-?`M0rh^Sz{GAj>5;u_KC#Z2q{Ir#5nY$#*Dn;cgE~t9Q)fS z#*6~jk)PGBAB0Uk#M1MGE-kxIT)x=hV}eXi%I42p#kl;DK%aJQIXMMW@%V$$3WFi@3K5Njda! zAQU4rc9xL_jGo@j10+q%@fY*yQNjx61#MU}nAj}y)Mi7T1V_%;B8vp$Id$t?&m<~< zAV!kMvtdE(aWi}nWr+Q@vou*%Je?ATu`H625|)WFf(ar}58wu`^sHv<9TkG+=cu%l31ykW7Xv4>)Wk3j+eL3_wFIy zZ`syCdZroO>0dUqG>rwp_zk`J3_u;73#0x87*lw)||-r=&dl{{Gb+JXs`aV?3wmXO@8o?O!5+a z{Unp$ZTLXiDcAoryw%MEp88JWo&r%L*6Pzf45Io0Q4j(?^8Dl!4{Lip4PPTd+7I1A z&1QQ~LM_%CVR_`v=t<&uFvNN21h(#QdJ#r1bt!J~*C;=|_Vt^QUU}318U)8~M8==% zY`DGymi!3kMu5rxfN>3XE%(5meZCu0K-K9}U{?xf5fFBm4)nOK=u=SZAb0dkShUo(ktM>*Vgf4=i9z4O#Y7%Pz9YdQ~1J&?P21k+so z$_c55KJ~wC)auxr0ZRDN9>4Bvm-vv6j*Hl*%(F}$_{w7qz*GoO#K6EjK$3i|j*ohM zTs}l=Nh6E=1-dQ_<;Rye-{pK9OwpF%tb3QZ@COfKX`k%jNe0FdI~C7rGVUgvsGa8M zk<-dx6#UxtJP%nL=Z#NCXGe8;ztZbDkH$2Tl(pZ!glE6!2_09}=Xa8s(m^U5yLz}S zbA0nez+W$H-`s4O?fbq#a1z;_i)>^q6YdS8NdhB!$*Db(>4liIX^jPkrK9u@+s8#U zez@>*mV63<(007d9gKqm;Opu@hLA-F63@{XR4yAz7&Uyor`pU8B*onzC8i{6A%D~D z3}5eL8Y#3>!FBwoj{QpF8xaGzp%m&OJw2M!9Fd1rv|2%>UCkY|IXo)wZq&MiE|3ml z<_R!>XfC@DR`~4}!SDVHwLH_1dzF82O@)1qXUxPKd^>?TM#>R_xgy32I9&8VKaWN9 zhjR}v_B2in;pBX&CEO3T$yUxE4~nbN^?Q)a0rx0VWyH$t zysp{SCiZ#HDHk^l$0{UCW#FUK!B7UL7-Ziq7puXhsYAwo*FdXpM3F+ftfkr zWQjUyN+DqX+1`0_e#T84!qhQaf=CqO{&@lPm*8UXnzvxytLIONDHQzU_<<9ZH>(H9 zc1obkLkYVP+Z~tSomUtu(`G?Q+)~u!_jms_e9_yZpCdr*#Xl6Kzh9+TzmfE-7`dbk zk@D;mxnftERX+5phwzzf-0rnOiRz;oPj>uQdBe@ou2Hpa-Aq+^zof~=GC)Ohl_hj} zW7k%MOO|Y~%Tk3`ZpPq~K(MK=`UlFq)P4wnZ+5%P>KktY#>3XIAXg-^CxP!*~8%%o}2YP%K3&MPp!S=t2)e?EJobb zbV)00{Fs}^Bi4}@RLe|$B{L3-2O$S-=!94;{c6q&cU)eAtLHhi%9peuf`ou@NL0>jR`-+qXBF%VBwd$sT^hXbU>@!YL+FUSU zNM$|BUJ>*m39Z*|$W6i-i9f8J>?}L_wp%N)*Ix?Z<0CgZ!*c0MBZR*O<60#ixglI< zS;`0gs0Ibr5H}IHnUrdn;_LPSn)UOb$1p)hLa=3qA+N&oTFMrm6pa3}v6>PxzB=Dac_6hY%B^DDWsGV_#t5iCDSUz14HC z3t_+3wH{+na_q6WfzTEGcqc_2Ls-=?k6P_K6K=ePNPnFgmxe#4=p{b23G_a6Jt(V|)vIRe!(97M(UggNzD7NQkTd(Ul#wEFHfT zWxB^syRiZ~%z&k4!8c_BG@Q#}&2PQnoutg(Q=neWr4K2JH^+UG0hMylOgH3mSVRi7 z3U5QvH(N^X{l0#t@m-YD{;nY7D%9m4aX<5(E4U4Usqx%Ys7?sBk>QS?95c57;f&99 zK8kZ@H{GM+pn-qA*Xiva@Co&Rd|61#F60hxYQna;>hxx9?uk*l3iRzI57=LpVM|15 zXM@Km4sT=Ig`sViXCw8B*7RpHsM&;C3(H}k+(Z)wV+WEck$bkA)8&b$I_?kdE^0{gR>oVt;Sp0P*M82u}G7<`|ZNfXu*S zNaUCGwLV~+MVps5(?yJyTWd?y3;G>;#Px$GVY~-ntrbB9_t2N9r5fox@IXw0Vm;&2 z##$BLIiiJYnU}bVXY1S;zWRVwYw$@QLgGzEon_fYoiy#Q>+rF7LK@4jLD1mv@C2gJ z`rZGC;2fR{c4Lt$^jSqh^xs{2uRNJ?KMh-^$)D__(_dQ)8t=Nn2If}No9g00&#C^C zq~pnP(U*|MRLAuWKW?#YN~`OMJq>}FXkF1vi&pz17=|~KCm`5hUoE+nXF{`dL0z7< z7D1ZqTt_!jI+Kq1INfn3o=6D+W`YQ9kK~vtp#jE@QQOw(L|fbr+bGXpzD&wkr^L;tG`pQy!!yG z%EC@$f@7B=0k!9?sw=NAC6oWp`ii}|`bI3I)>K%-n>Ye9Um`haSOQaGnO!$_AA;OF zrBa0C)+@c)4Hzhs0HpUX`b%PX^ChET=@{+4e%Hh!%6vu?zO90WhId$2uS%*u4OR=> zSrszYAAE+th5rylvID=XTCR_=bO~yKe;|^&Yok-fVvZE%3n^bHu1rC7MG({DMAVhQkwXoTNKqGe zp1psoRzM!>KUuv&KA}Giaf84l5Cx-jnwHWQz0=Z4-+*v|AkKaUq-i);8?^V4XiT{0 zRFQ_6ydyPs$uev%j)o^0C^Z!xb~QJw;xgo zeRRgHHy8qT>KzqGJK#+ZZ*Q>%n! zY^+Gz3)3LY96-iCY3WOQf1^Clf$a}*f_XzgRmb&B#b&WK^Sf&yE`l+1>KlD*|?w&(}}pQ zS42*m{^c~g;9^dek0{)0fsketVhF0#SZU$7Xv#fxj;1TI)CxnWG~yZ0)jRAt2#@g} zInp#rRx^YJ2(ZQzNpO)_39670tz&$uv$&6XeCs25uzOZGH)*mPBHEk&1mRbH&z~Rb z;>p|i)gyr+tAFk7e#Y=~~I--=u8eDJ}k;N+g^){;~@7 z;tzRPJY@Dj4pX_)u{Jt<%w$q0kDIq;z|=mN6<&0&&x|=EwZkF2h#0XW|>B3+f@h>><*1!(vhAXHAmz zRwE`#(t3g3h2nTgG-TCtph;9pAT5l61COOjYD+vSC*1Lq^N(Y${yu7vsjg|VdEyVm zL>DGdRy@tZ861ZQ@O?3*jyxFF5e-5t;ptDGAp@5ta#H`IG4IrdQKod^#KsB950Z}A z=&_>v^}%e}%Kd6#_-cN3Ia`J|`jfz>sjAETD&XaZnf=-p9z$fU(aADxrqaqINCdv8 zAME=7-F4`*s}Ot&a;SBW^Lw9sJ8{_Xe-lh2w-dmwdgInzPA!|ZUtM@wuIe`BJ><=T zX)PX!j1I}c6Ve|wuKKSwtN3d%#ry%YGWRrpjH z8$*XPF9l|M!9{}RSMk)MIZAi z3mR;}tOA_@d)U!&q9YWWZIlhE+fycm{a;}?g$ZTFWKhy&pN$#je2kVlyUep|8NOtW z!lg-(5!?I* z7N0g&7z5wVX+JIB6?OX%d3GH9$-~Wa_jdeXE5Z3*E~_pDwXa*#`DV95OS3Op+A@Ew zc3Iono>?qon~*2}uD5w@9`@&7nzdbZc#@W0XdvhB`ZF6d3q9q7t(Z~EN6 z-nx*32TUAn#Za~!Z`t~<(|XttL!VII@qR(fwyGz*{3U36;&JobYQ4WwtPz*2Z?$_`l&tUn=t$&e~)~6U#BzcU*R> z`=5EdMwa917;eR1)2}BjOFs4zS%~j)WmctIG>gV5o<82wia|#_>ky*DQt}p7nHn<7 zs|^_+hXNmBkrut}wzO~){L=!o(Q}xlx3G50PU++W3&Q8!_7uEO<}w5LMbmz|L>b|J z!Grve+WE2qG{qe$u5CvO9ns5!l|L!@_iHg?5E}1HTxM1#ixzTdO39JkTEVPAYmtyG zUg?s9b+34?SoZhiJ)WSJRfL4qqy7}g9rUHC*nXdRO0(OmU`-DA;P~o{8}e3Z6LTOG zRP!Y6xp~SIX)SF4pjpyWj*|K6S_rCZtxTaLyC6g;!dDt)1|~fdiIomK^6wvM$tQEIM+>yEe|U7GgV4=D0tg+pjwNgIw$JY+queoNt<_ zBVq~H);dE$k;Gz?XGXiCcz5u9mJc&|+s$&RTnVf}2zfSWjKDuo0@y+%%*=|1DOVmx zLeDI>+DNmSo~P!we^%K^Yv}&1ZY9@wEYo?U)O{?|z0^y|Stvij-nrm85Y^aZO-tI( zLsJ&nzIs8lIrG4fM8&sO7NI7VKPVDfFG$XRCITl|#gC?!EUpllgEUNnpaR>3F1F&v zZ`5m)IwR$FkfWUw>XDORQz$S;8RPv2x}ooS+nn4tcM!zCR|@u$KUW*H$2Zn$y(b$G z{!b>JZpWs^(SV|TNT{k^?M{DZwY5JEK;Mc?g2#X_o-m8HnaK&`c@{s-uh&bC^92pq#w}(erSD7@%=kKKeK(D*1YT;AMYduuZfLHDric8*Y>FMFqTcxOdN?XllynW9nj{w`OPUu> zhfD&?MzeB+=&Z!RY-Rw>)h9Gtmrae~j5(_KR#u&HV|mr{jF?^MQZ@O4(!qfPV(%hm z*fN&>eaEt$s{zOm@>GcO+9mvWehev9{!7KZI6T8mPa#;|sv}A{9Cz+@P>m+%} z^4jLkPU<_G=_D^gJL-Z})@lB&nbrLC?&z5_MF7r!UUC%65%*r}=?tZ_u%efW5eRYq z!$7e;W2!8tYE+00k{04sdmpKliUb++fT47q3qbeH3~povvsYngC`E+JU*>Yc>l29I(xaJqR{pI{ew)gz0Tp+~g3-b1=z@S<*JOz^3 zNUo?=8sef=tZRDeX4R>lXP;iaVS2_<(J5bR@FoJXan?e8$Y*gaq6~Ci#=_Kujg{bK z+0$cE|4yet88eajI)Vo?4_@N15t4ghuCx@;N)nflQk>*mR*rphu~ow7ONsr(nhgGC8RDy`3n=o^k}=K@={ zkU+tPfE~G*pqSWBD+}Id;#tx(;N=oz8(4BG>AV3D+NQcv+Wc2r@#Yfl(@w-$HkqQ; zqZ!cle&%h-k_H$a9%5XwUFj^mH9lb@;WAvcKK30T4}v&)Yi~fkiR-oJ23~BLvdQmW4z5OV zQ>wMS#|Vmvgs?W}7DhF>URAr;!Uv1r4aYq75;FnARvH*&wVKbAGJ&Z_w`wdE^MZ=f z!`N@YlWMB_6eSN;`ud)nUU6y9$%n}_)wHR;1Gz6o8JU;3ozdwwdtVfn*#6_)35i7{ z8JOYEi*hh->VNcAn{NDzU`gc(QCR9FJ1qbl1C{exB7m6#mEapw$<4wN{DZ`xp={b* zt(8FhWBu)o;34POtCmTTfay`XNV~(3ln|i`!agV|UN7_xZNE6*3|5<>by!fE(J~q05)ZFp-6S;Y1!4Z{ zpWexTkt#@vS_wCjRaCegZPH{_lyGEmG5JDO^$NH7ly`u$!0S zt5(Gwt2F7xhh})Ze(}S-u7@H}@(h{}S1a zJr_M+9QANkPUzSxW~1BhN(1@9>5s_P3}utPB~CRP(SvNvHnhT3;F(yvn;k}MT`1{Z z>OVTXjd8t5Sy?@_TJ7%}JNpJO_Hi3qMqx1FyvHrx;-E(az6?E{_5ZObp51hs;zmQu z6GILObL(E2hxmjq>}SEMxz{DNscZ-ULdo;SD!pX)X-BYN(Xu+a4;f4?IvlKiTS`m4 zvg|0w+vI#^(L4x6!|;*AaBj`#G`njMzGmmS97NDri~S^ zxl*+q!0@4;fIiZa$Y*mv(|n#cu=r|}&_2}y9;RHFQSXxNfns9AF(=C7VRyaWv#O0G zT3>E^lsX8msDiX2+-1TN1DcJ{vhH#8x*j}`;Z(CJK@^R#RjPJ&Q1iMqy>qX+j^t0* z`6mhfrFs)*Nw)7b3==B~n(2p&Zg2ClfAPu~41c?{SSi21Y$bP4c~w$&P|?88Er+O= z>d|7wz-?H}v8pNQ3tL8*%+gbEGma%=#4170pu#@a6lXsxw=(N+p$(DTIO=frHFh`l za*U~*S`*+Q?fL%ug9$Rmr89+(t+s~G$;k)L%4YV!w&O+=>| zYf5W=le2XQA%`j_$ZF!BJ4`{ML>V__!&8xWc|t<6^XFBx#u4#Xp^mg{n|-a;aQc1>9GtJ{hh! ztkD&iF>3=aCCD2RoOqHwl7S2TIokb0*3keX1Cw}wlL9M@L;B5;eTY72;hgb>#V0ngBV?_fK=!q>e4 z&nr#;1VcSDIY<;Yht3AQX@)0$si4{XC#~aAXZ%tLLTje*q;nafFZdLlN|NmMR zu&pxRJl0lS&`w=&=5>bLuIkO|3(6N+rTVNaQT?;|zs>sNKji@f$=GYZGW!8oe3qIm z0+W(l;mIiPyq!sJ%~+ZPX}sAu8g|Je`D&A)0_l&n6v@TcgIVLlo4>A%Znz#>G3Tm7 z;`VR2=>p*McbEjv1N@~2{n1Ri!z!95VhJ}rX7Zv%#+R2$^LqN48ckhn6v{)Vs4`NX{~g5SIynH^v40kNf#u^YCm+>Lgyxcf&tj1vMCRfcjBB%E zZvPel6uuhp?^;Xb^P3%yeRE$#bjaT3!&NBMWsxy7BBaqL=#2jDaeX%CzNzRmDL8mND@yyt#fU}@i_4kgVC6CO_g_%#FyfEc zcqu)YCYQr4#dOUU9t+eU$mQM2$OX_>BD30eEep;%4&?pADvzAI9A9-^O2R*es&{#q z(~{7{HAbD<0SAQHGPCM?13{iXey!Bw&t)eA=bxfRE`ubQfdKgGDcgF9uf1HJP??nf{6n(DA(y(5zj;2eEBVG z`ATYG$q5v9aWrZ?d}f*XoM?YL%fVG@fXzRDBUi=5$3orC0bR?*zC2P~s}85zd-fA+KF0q?&dRynU>sp_4>IbNDQ3zHb@*JLc0IzGnM;$jMop zOVaNoV5sb~G#C2|3n-A&^_H`d+A}{AFma@9z=}hx3qlxE( z9;j+w7k68u1?KSrs;ZnnGc6{nNv8E#$=7?3)wI_);2u&kL>hhF{y0eVrx{o6{(H0R z;)MW$@U=7cy_y>=(h%#o7j-M9w$zUb?NMgESRs#+ohhAi-#5_ZuV|!d!jEplJa9r4 zr>p~(gUtN~8kL>P-y!oYG#WYRT^9MVw#1rVksv{Ess)jt*v9 zui3tSXkRJ5k##sIRNgWt`KLCDXs3}WU;j~TskYS^^qsQ7XuKVx%i=tMKHhbA{$pg* zBpaAc^&l$R?^W-nn7Ocne@ACR_6u^Vtnx0M`aG+_XZYUAVZR236K?)Do@d-tFDdX% zmKu&Eeu<41hFp{K&iKV_xW6-=J!ZB(O8blQ&9f zqi!QJx%KSto1JWj^}8$Y4I?+;L6xas=TXLOvq1c<>DaESiL!0#a@qElrj}uYK)YpP zk!l#0*x$1QjPU^H;fY@jkIj zfzi?6=)rDf)?9ZP0ZcwV??7}z_0%yn-P#BF8fX2}Y>j8VbB7X#H_CZV{#vn%r0Z7_ z#~4^}?LzVceYM?x>+GpMF`NVCi3xLG9Z5}v0zHR^i1oCv>u9Ze0HZ%55leq`%kikQ;j6_h<1!Sg+Q#m%<(OZFA@ zY5E2G1N^>)AQ92K=`s%F{?OEB2H9u`ZX7BeV(vtPKJ@j7b~8F^Z7>91+eMN(1gpxI z*Mw%CIDpHk_CkJDq*wpu1t?As0%5p`TcJt5a5vT|{9j1dC^IMrb#D*{6SJLzJ={7- zv+J5|0u)RaaF>CPeQv*!KPt{!E|&E#Mkq@pw^70AWO zQp8VVccmB&nmwU>NoE3L!m|N}KElfp&tuwh29D$36%oS3j$|MZ|cfHKSrx6Wj zYb0)X*JieHwGm9N9y%wR*%MEmIi>dpzcT6pCIod9bDD`2i^RqAvqQa9udr}+hPpFx z((rVCNIit)!YZ%F7xKXPVkxkd{Z7)bO8R*^c3NHEDjbBRdB4}QHetQ0!|3|uCPfw2 z7stjF^{Ew={uP66b;u2Mx7_chn659Gt8_kn=ChcGT7PNI?I}B_dV!A%j@CRnZ4g^D zY>g$~qubX>e0CqrV(ixF9%Z#9cSOZg>PQ2JT1K4TnyK)pfSusp+>dA8FdycOQBi%3 zCr6~)*?Gtj!qrT^JL_>3JDhECgZB%n)4(cGy_F{%E-NcPk(&6AqFh(p=F-NX3`hbN zD(YVZ;VvJ=dl-#+d54{`s49v3-j?507D4L5n_k^c&RO~#p#+}&(mO(m%Uj%YykK-Z zC&X=|PWSbVXM`(Nj@;T3t6jnx>w*0~pT4EMu_VVesIU7>P4fEa%i`mTI3!MzL zo|*7y_bfEYrV?@jHbGXkGhxMIW{Y;>Nf)l+O8B9O*dmO*yu{%8jWMfsj<|m$B<;IxrSiR$Q11#Yv~lb0NSzHQ>`sYp9bW%*@cAIH;O%*9R)J z!kHp7fe)SswB+)BO!Yq;x$roU#gqFH3+cK-O zJfMP@61^$$4c^#x4Vs!>$(SgU?W4*(B8}s+ZQ)YC3n&yN9Hacmg3-wM6{Ewgx;Vq; zuTgoVoEfuECQQtZ;nh$OqB2P&<%H7{D!y`3$ebgQiB z%WB#vDk1RyeRf%*l9U*nr!r1kp8Z5oG7+VTViZR;7&MSH_{&f_Hh5#A@LlBPn5OKP1#ecWMN6PTtwi zukCjWkUUIVV$m1d{u1^rupKY87n_>y>LD4>mEY!e*fykja;(ZQbCfEncm238f!AqH zMI!MfzvnvVUue1?%iUk|bPn6e&yiU<5FPzH6%^JM&#ylr?!x2F0g;&X>^>`!Cs}{{ zs0^8rt15syK;J03ia%vRwWyW}<$Gdqr=Ck>C8MQt$olHLnJH${i{#no0rqO*IjhSe zxGtEUl`|Rt?HMDMKarVOZ`JctY-3IWl}L$2m5Sh07F0rVID`Tg_Lc1%xvP?JsS(5% zN)gqM5tg^orbJD3R2pTtA}FR>7b$}aLb{Mm*7T)EIfp4hG#VE3hwf8=7M%IAJ$Nz+ ztW?GgOHxEPc)qbJJWALGc;&u$;3tFv0q78{IK=wD#PTc9=AJ(}G!$EO87tstB;?EM ziRWrzUHngm4euEF6lB6cOPYdtPs^p2Nv zLMM@!ry3-`dduF!Fif)G6P*#wqaTC*f(Sf&1(7VtvAl4}8iHjngUb`IZ;0B!Q-qI` zyTdad->-_Z9^4b^-djK=w^J4som&&${g8z8^=fe|m{0TWVmrNBgN0aV-}OrT`|Aj> zw#RkyU(?;n>#2Nno5Ew!UX6(&sOFHzxmumZHc$SrZkbLih6BF$?RSsXAvd*cmhyR} zVfG^ZvPM<@P#NE?e%LH0DWzE4+4}Xm9VKZ!r#j}J-xM!aVr&eu=D1LF*e#mQpw7M0 zSRNrlnYjz}I9oA#2dQJoUxh5zOreA@vA-QPJ%yrv0P7oV&lftD_|)*Z91f)08}0e$ zL9%Uj_~KXm-`^fNUyd5wCe5_z=-e!0k!8GRAVIFUAFecn=p(pOkDGNG%EY43L@`Px~KYNvz$H~jZm^M9i6!FAud|8xqzzQ^DnKPP5_fp^@W9;1H) z%rlLQe@`vm)^^&0ZT5FzmW?@V=OUIafWNJ7Y;1Tx?n8dKJ2=!m?R@qG1E7J8!2P4D z;NYH~^g09J)b>}EW;irZ1cm0a3c=3Vv$9NZsxs7B6kAD$x`MT6nSkhy}W8W?Sv`wVyz zL!2lkE#3F153nrqtp2a&i*cr$3G8V> z#$!S3znTO1YPH%sGv?J8Pk6KbGEXfu>ju7LNOzDixCG2Qvc;-8`S?j({gR>T@bbnM z@_=Q^3K8<3_3=!7m;?|I03I=2)4Sp5CFXMIF7wZIyr_+AI{vMClzWvA!JSRPymd%7sodH zcWx1j)&UFSIR{^DDrMfi1c%c?a4AJn%!LUVDM@x9GCTyq7PagYL1S@=Oy2`3Z|{h? zh$GeEWI8T^cfw6dtj7K0H3cP)!f_Jnu(5!fi=HbVj{gVxqRyeC7FiPwjhk$oRINda z_`FMU6A5&cL(T>{9EhUIoz!$hWpD?Dw)aGCL6S$OCEpLEB?IH+z*Ruw{!g)eoxF zO{j94YNVySAoeyf)J>7{f4SJ#$R-%ezZd)%c}tRfbxC)VFtX!P+QIYq4$Xc1MazGK z{G+EY6rF|eM7}a%9_S>xW6dH_q|UxD3es?gyXtT0nh)?9bLJ1gM~z>B0SQl(GgqD+ z`{w6Ndt`b;L-f?3IDs$XjY|?2VOe1=18LA~c0 zQj${ofB^yJspsyawW2yZrABan?QCFf;b1=w;j2WKCSoQd@h{ACB+>)6eG^#s9{V9PrF;CL2{prpsZak z=yX&-q30Eh>cum%rYTy{tg*75zqy>3w|<-(Wd(l*0|pH0F)xt*a^VhZxgei($u?nq zX-h$9Q+Di61t$cCt{(nS9nL%2EmP?AyWJO`;`;9sp?%QFAu1kLbj6b^fN8$kE6C?| z?G*=Kc$HKwb=t!v2jjNk5vG}xH0^}WOZC{1r}qaX9ZfP9etxW~Jwd*osj+s3Wdn#2 zHJ2t`+oThP%XpG(T7QeV?yPV%&u7LF4Se1w15ul;o0w(V@`{4xYI8^S#1tNZUUYxoX*8QpNS>T9=nSw%9%1F7^7K|H={J((0*c?=l?{@b&x7*4SIC z+zm2+llyS{Ur-j=PO1(>MZExcE4W}7brLJuC8*J#6T(k3nxgNB)s27GYu8y}7%r+L zi884{-#MH=whsdUDlV>F62=_;7By7hNec%y%yvDb*ZV+u1x;*B9v!G+`hW9dImB0R<0QM0YJz3%KBUISR7;bIBgl-{; z(Dsv#yVoH2qpqCncLdJ$cw4stiDiE9^mMUB_97*4W&|3Aq6U+uTUYiL-DXdVgL4}6 zI}#Hm!lw((i2nh9K!CsGh^+I`Xx;q#`i|xCXy!aFg}l}D(2{Z-r{ahV%QQ+@v?Jvl zG(n~4$)(7KKE3!)BoM6|+-lUi!>u;X_H4hx)B)5VHp!EE6Y^YKV}?<2L^i+LtX_4W zORLemVOJ-!`^v3aH_xZ_vM&azuWTB+#Kvj@>9xsnHi|zU5uhR0_^(~fS#%*5-nZiv zUSrbhxlmNIR$%hVxSsOxR&M%K?s=4nnuG}JOBcDMSkZNy3G;4uZ|CS}cdxo-)W!0# z$mv_d$5>oU$fp^XGKtMDuEkS2hD$qV85eQEb46EnQKyc|8#x9#mg39c<@#DfkL|nk z)eT2%B87$Vt^t$+a$Ok!u9XXM{i`Ao*WxzL452WWwB3l`GLu)LvCY~xn%-)4;@P>w zoPM2Ck?@cvaO8}51x+R8hrA_6#Ga#4WnCNo67XK<ikb^Re5vy)}$u{&{ndTh@&nRSuv`O33BaR4-n zS6a|{TF@umBAu$r-n-=WBkYpb-d%!%-Cq+Q5d;2R=|F1o5_o##6%k)Enybbx$Z|eq z#e|ip8iwJlfAjLi!Mf+Q2y-fjXclt;g7x)Y$C~Lz^-bH@(zX%|Uj|Z2jzckD1@+>^ z;oKo$8(auGoPI55SrUizgqM;>-Csk7>(4wXr&3t{<+rseaYKKsAP2pG8tr9$4v3g9 zz(--8{jZOQ`Mf^n#sBQ>*W!N;Uaai@&-B|^FeJbi4PiMut!=27hX?{3uHIe-`t6y? zJ4wDp$44bE#Oe5GZG(J8F4-N+X`+j72(l#@&BIBR%mQ=Et)KjG{QmpXcc<&y#uZ6Y z)<8ue$x#qhtpZ*21k?XCUZdLEY3PhaWj>RmG2^Y$E1AHi^*^YK;@`k)VW0=3L$%k< zm1p{w{ld6p-xHdSF@q0H2@Q*qCguxtmCc#p$sPE$g6AGO=fS{EQ-Kb<=uw+%y>mU> zO8XE)`C?IJiYSF#5Eu&$b1sC2V*50Lq~M2)D0HC%G}D7lB?2{X3Ipx<9BLWj#&QB? zXgVWr*d4@3(*%GS2RY@^TNV?R7AiNLZwUVG)xekntpa}FPe?zxlrlrB;@k8_9wqRy zI$KMpU|ByznXw$VyaGx#^d4OEswu4Zm7%}EyYymt*MYBGU$Za7dG;f%+Gw*VxAA1H zoQLTLctkxnCEyl`uvIS=`w6f8M|K`ptEHEUX=`u?P4>h^Dfy3otocQQHmh5UkhxdK znPhYpSPso{wXtFytAT1tJ(X^*usM4Nk%X|1m=^WyTuq_dCb(hN*~!ScOe{pZIkCUt zvE5SF*C^RsCf5$xFjKZ$7}Xo4c=W(>zo{LVaT!A=@OdvYrBT?kDUB0xJ(84+q&#K+ z-AY&DX(&1N*>%BN8Y?s8T%b<7IWR$WZhz3#4y_;Z&w=+n%3?3Ser+O(i03Zptms2IB!-BU38n&&HtjuoRtduCRP*vc~EJioi zrn7sjwNpx<)}_Pu54`DH7f@*kKkXX&87lq!L2LNBQ=|5{Ye=(r-ZIiGeu|asr^TzO z>^zFSz-DY{AFU*C*fab*i93H;ftLgs^Uc6lC z|DNRs;XSyZgnfjv>4Hr7Jt??}g#>*Krg#B!whEI6y^Kj)L(_^3YNF}(oL<{KwcJE3607$VmV~i(L+@JTsjxFrp$x2wVRupAr+Ig z2}`C1x+eOBhw;(wZqCNBDDqjbKd4+H)Xg#{S5pC4gL$8MY6r%Z+iqSYZ8{FNNLlzc^s+tgt zd{VbV8JvIUlnc8NzfTiRqusmx!T$bW&uKOY^9U0Yxl8ry8X0^p?6`rD z>XJ~FgN7bJEKZIMH)Olzdtg|FsY%XxVY}+ZceG$XGUf44lQGZZVlq7jW?;FJSlbfja&}7@?N#xK6=fI-hTUP1LCBel1DsaT@ z&GUKG`MEnToZr7!DMeC#k9l`tl6je`yz+K#mlc;=`z^!&xyv}ek9qOmuMX?>-^16h zR`H+D@>61I&J%W|(~Vr~Ff?y4gZBD2&w`3a8brf^xC;l0l^B3?tIs`uY!sG9#Aa^R zxMZ+lm5Wy^WKvUyisx>nES0wm@>Fls()DVTD7{H7g=5C^A{g=fp5~FzmEHtm zjF-jQ1{sw(J8%Bt;!Kp0SyE9(qK^1Ndr;vQTx3@28>OMrb96^Z7 zavn{sK0%9^r1o1(Qv1IL&kpVR;C1cLFFn2;`cRue*JoN|3AmicmKP0R2w(2)sZ58yWY$>{{LBi59R;KmMZ+Q{TWFD%R2RUv#6JhIVosK z&c-y4k_2z2cU6*EwLNZlb~o*qVPVb(U<^)Nf&asM!F%-Y765#qRtB>Y?=3BAf1 zzfsm$VOU-qkzH1VyT}BHUE2Z!CcE7t5rYtX(e2N!K`qnc(_1!MLN&OQedkkVv23^H zy7>gw0@A=!w<@cbq3EBR^IVcm{L~lc@8tJD{?8QM>gr>j{jcf&^K$>y%K!UWe*O7B zDhPGTq}58JNtWWQkPH$_BcThRWjPa&I)RTGWx14t@Qws6Cj34nak{p#oB?Qgu|?Sp z8ChrP-N5VPu#W1Him|HlH=yUVJ*~A3!*Og1Q~F1gN1&>^isP_92RSP#7c3J;pUn_;wc-fJ&e=wc$&2Mm6$*=^*m6Qxd{WS zT)NvlO?-)aSsG~~3wQNOrSugdxz?FCEi5j{r#%aM*N4SfaWQkbm`B%x zJrDg~=>Bi7z1G>sJpKRSUPJ%0cd+vRdzN2Y0{_NNHHuZG%YnNPie>mp9c~I$HBsMt zaOdgIne&*Gf?>VHj1~pUQ?mXCyFlT;SzfX03dWfVNidZURS~(2rjmcD*Ex&@K#Iuv z_w~CURUr;Zm5K4*hNmiOGhGF}hM8(WA-%MsHP_}c-l$pFYg#4bx#MAU2|@5R&hNWV+5lkEdhnp8+%o4i5G{9vr?H zWa)VAmd);Y9>F48T~+^B3k)vT0)p?98eO7#Ezr#HnjAJ>L)Mo0)@%W%M0P6%)^wEs zGZb860NM4mz5?gqumW;_e?PF&9P)g;yJq&{{{G;b!T#YFd8_rN{|OIom+WJn{qL}m z|8H;Q|MyJ4$EMvDf!-UuSc~E@gL+C6dhqhq5er|wK6n+rjJ_W2vlp*lgyF03n~;99 z7w&(}M&aSh(Tivp?Y|5|Iy#6(`!BwJ{p!UxFJ4D4Y4nP|3fIOgWjQS*C%JyGcW@Bw z?*#`hul8RYz1TZCcs)3HefZ*=7yGXc{^$A^c^sep*W>&zlpcJauMZDj)&0Nr z4)<5*|5<(;8|1%h)AjcWAJW9C@3XeCLC%%BHsytKhyhO_aD?H?g-UrG>CbjZoQ6pW zp8Ym`*)ak*YE(;A3}TG^!aiHu*jU4VD`&I+4scbQ0f^Was%(QE@EfSzK;RwGH67sV zHA0*(j>!6YE7p1l@Q_Xr5E-40H(iR~??3i)3l1Gd-9e*{t#r za)xVvNq+gwH)6>)(lLXoM|!lE_A|-Co=ajZ3YHcGb%k4ETX$pwP-t`Q4v3b; z#QghQCwMb|XjiRu-DF)kvOy7yExmCBx$y$J+3q(0t&V^S3(zT5d0erhN}t{6Qh(aF ztE_d7Jv+=6oSP9!nsYO+I=a(s`gX@Y#-fPRG44C;l#hshY&puwV+*^hlDEQ~MJz31 znuz8|T*x=ugMI@txd_DowvNX8k8EZ}cgtoZP9I~C9lhOb56Fi!nMs%txu39<-1I`? zjTAlwD;A%y+)K|k-&$v%V7iuw_-wQG_xWg(N8ewoxM!WjDVpmlRn4QU*~&7a=|}Dm ztQXZhD+k;9wzit%5Zd1PF=d)`Ewr}PfmXzNVK10Y#RPt=_KLNAY$%$oF}Il08-E(MpJ$}O7A zDjo`Dt^pQ}AC*ahF34<}B|zYTHDBB49hNh7YC78;;bpy58B9hx;mx#Sde4+KTCBdKi7T5=_pR)V&+mK`wD9#OiDj$w?(0+B1I%; zqe@jXDTlhUUC5`qxkt&lThOuCwe~1L92k+O(U%dhnxAN0k?$k@uJKtx$IbTg;Z{7I zmIZ7&IYvmxlrwa}j##wafP~7XCNT9}t}B(gTY{+L|iT5#-hUf4v9zdR^Rc+ zy9FILMv#?Ba?X=D^q@e#BN@E(ey2sxOAJ=Azf!Iu%?Yz%Ij%k!5qzM^WvQ}QLq^o0 zx9rne95!VSYq~yXholvul1m4CD9^c@bw!uqGf_~ zd-FKCr!%oBCs3_^EXby$(xTYhAuJIv3ut~ede4hZ_SM}i1}{BL$M2~ z)5c{Sv0dmv>~3T^3nX&mbR6I_eO9YQJR){q*wu#&jYi2#hZPwufV`FJ^1D(9)Kjxf zX<7mdouf@{&dQgm-^2GXajlBHWO7+&yd?Lq8lhi(-N1dWHpn+!cpS3SI9kmYEwCqyR z9F%(Cn%3skp9IUvu@Lb%CA7-(ud1V4De=&vCV$<%NZRac(QfnDP;L5%=kd}b@lY>JQ<7vHjwvy+&BY1diTDA4l zzNhM)EreI=gr9*!+Fz&u^V&DV}%#lJd5GPml+x5e2S+Y zhlWW+)i9^=cv29W2(H;~jCKa(B@xYRtc}RqH^=7^drGz#V4J}(PNVCr&v@#CF{MyL z73_;7$)|>?t;17lGn*=_ISQ)wu|2lp@ezmiL`uRXM!42gur-xyjhkW3t7miGwrSdY zWWjrX=&!zu6DG(zh+MT5qM-j6!AlkRDp7|{yfh^&y^C|6LLBTJ&11;!TU|B|bc-$1 zgUG{4T(A&|V_V2}o^Rb$PUJU)=MK%g0hNs1{)kk~Wmgv#b#=UX1q>squTtjJQ z>)-czTrl}>PeWHglnrIGGsV24BB_{0;Bj}*u#VVUPFEp}C|p8(e_xTncrQcRPL z?|(W8F8}@g$qyGF-hcS%GC2A0?%mmyIcfDJsDeoR=r|&Ktq7D$p#BEBp*51$b4;Z` zeiCd{Vkrz7-O)4zJzUjFC-6239vAWvna-}QXO0fg^1p6Vikn8D&_=zV{n?Rgt|c#D z93G&A6vag~xD9V$)uJ*3l|bXvR(HUoLBhvBs3<4$mXCGX4juU@=(LMWsBRNo|g z9K_(KnOB-nd9^2e3>3=;3zDz2g5zZ&76F)z0ef;H5|aC+{Hh9eP)(%-%TnR4ZyneP zEvWn&5TyP_NUBZaTb#qYIDN;2pkqnN@ede9!tPiCBJ_mjtWtLa&+0+a+c;(C5L`g6 zv@t<$Yk(D}OvNFPtq658l6*>PAXu^OgLf5A+244|i1|aaz7nE5;i90^OrQ`M#gG=l z+9{QW*WC@yb9ZH}A|(c`+GnATXS-Z&4UI>HhYBqUk~KAL&;b6iam^@%04rHj zj>8Aa3s^RNb9#PpdUAYq`Uabqc|y( zT(JC(<>c&~&?wR|Ge3c$M->Y-;|Zx zzO7>ehjmShB3}>}_~mg?;OPRK) zZFXmM{7|uLB`f11;u9qR!Fh=|N=EYie*>hu8MYdr!wH)*t;_}CS=?xda*}eY8U0&xYE{}c$XjT7crnP7qK=n<4#QCR- zw|HbzOkf0iLy|&Vp38vzT8^@3|+GM5Y!RZTm`Dn-_U}-i5(#w0&b!>CnKIjz}u`f+8+_0NmG95?d4Lk zOwoDH5>BJH@i3=(%ml&5atFxgBrz|xz)TznCIJ;pz7oI{t<8gZMAox0us<;0%Yx>P zWisQ@me@8is!2SJwF`ihE+$hlWmBHd;NJdrMl^GV20M@y4f`IEEzntUA>v^&Q!84D z5K8b8+t>}c*^SuUu9!^WEZ@9(@$RO}#DHA}h?SYa^DY$G7rQU^Uv+(5jne*8eS7%o z6G|Ml6grCIOM3SnXCk!^cd{6{XyIzEeVAy%Z0MAA*Wbkn0~X<=`Ua%i z)Uwdp4O=1o$Yx$(w`}GGXti&Jd2(EVJZ>MNdoNi>7cL=-MS*>~dwKa*EtnuftijI^ z%f*CE-6SassHwggyuvGM%8Ch(gub=RjH}uBC!8l{w(<|X&RBcWp8N&7<4TS6HWrmj zQU##ttY~57JddX|pVj<>GJNWuboFr1Fo~%bmC0?3jrGGFf;AO(NWy3&|2r5A3;|Uk zm)O+XnVV(7GjQ+=Y~*5)%trbb7Ailz6L|lQW=m)qF(G74;pncX-Fss>^-Qwy4?}t~ zZ#w>DwJsT6dJeE7vvDvPQkX|I3%DINl;cKYphx8Ifp*~l{W9=-!1Lv$+H-_}s?NND zcJQRxW;!!lWjYfen(TjbFxY?f^(`wv&AN94x4EtR&teW4p>!Md@}47g)z1vsj?8|YL$ojVD#g}M)nm4Y+FbHfKZ zO}9P!>mmByB;oggRw4%l4~8s|+%1cOQO>6USdao>GXr^tg0GAkSx^CzW315TLB`x& zaq4`v{O-`b_t+-hfzI6xje%BEJ4@pt8qTE$5Aj$s>8*npItyq%E~oN>G+|}%ydKu2 z=ZtUB$JO>*#F3+$mJPBBaLC8P69`a)TMhMRnn6U9|^Ce__jt-tv)qnbomuyLf12WfJ?6+X4h>Q4+*)E9N zp1FlICHFkPB{bpbxOH-1&7Om39|mgCJFU})OIL5o+95H%V^UE4$U;ymLe4JF&NiM1 zJ&vwc*|zj+yZrU*x9J_GDJ>(4_t9}6knkP}cx8|nGVNoZMnm&LUXG~sP$48%r3#cH zfjSBOT6gpTmAb7$u3?^ z7=b@3rv!A_RedV0rPD_r;9#)2Qbm{-1`c7*0Ix;mN{BTHb2_ZPyO_P4o~Czyrnyit zO0b@IdHNh{gh@cheJo4LBc&0r)IfGGmWMXVWZ!-Gux9QGa6vgD>qDBaTRd3xbv>@! zH<6QfO^3nirm*B&GfO!;QP;pVr&Jrv$-7>7ZS!GN&mV6*ElQV4lEA+wi!%L2SvM~CpfcW=nI>8>gQtYYdiR7AI+tzt_zNfO_& zlnJpzaz>+A{;9HB(Yz=#6&Usyu?*F7-DhCB3{-akcDK7>0kH;9L#c*yE}PU9qRvaw zBKR9b^nfpK#F!>;SVCu)EaYh@z&*FF2QY*H*iRSQyf2@9?xxb+#S0Z zxE{N8F@QaH>S929?$QQOmx^og|U#OYl2gnnYOMkTpF(Wu2J?yI(Gri>HX3^hpKPqY%bEX4Xm}_Bp$JF7AEWm z&ToZJ`PU!-AT*(Enbq{=LpI_$laeYONs(2Jy}Ik|&Z;qadeaFPv~3Z2S}@G_eS|^m5 za*9we;Su{-_*Xjvq6Q6B-;G;Qk1e#vHXqDLKrv;4|9kevpgH4KJZk;3Hugb5lazOF z-$;wm+3JEJH!82ST&zmmSr!DjtbbvDvY_pacx`^E{fwM zrh+;48LjWicqFtX7aAdujx`8*8nUbqyDEE<2vSzu^ZYhW$GbF&0+tqe%)s_1*M}8h zAUhDjeOyf7&p`FHt0!&^vQ>*A+q}n~?6egyb~OSkZG~RUrb8FmvchH*@NIh_suQ0Z zkv*2P^OMFn65t}DAnwagT?yegSm^S)mgqn3aR^h7|15~(&t(ZgsRYrzu}WqW1){S1pQ zx%2`Sx*CKTyfv=YEnD!6Cwx4+%yLGf6P}79moVi_@D0IN#C|7d2DhJ?1rgYaqTd15 znbd*lQ=X2sW-EvwPo@}%FFe7pIZ?z7fm z=T1K7(PhTM_MNO7EVgacSDls*os7Ndt-e-EweH#WDqlO$Wh?EsF6636a7|!SDR|D# z=Rob7Lf-Wcx01m((&cDJU&$e3**9)q}YFPbcevb-QJ=@)oI0o6Kjv6y2A9`BlPd%ehFB-XoFeOqw z0GUH2g_$rKB}@ptK*Hx8Z$3SO5A8u(ujUSEK_#d9%n4>_r~-CR?voCaa4?>NR zKf;8UQJ}ou^I#O`?4Bmc?ncf;k;h>XC@@mWlT*)}w2|got@+bXJ%6Z&!(BU4`nq9SA8I zGO{iy-nyij>nE@W&(6)+IvZIJp>&#HVF~dn>IfO{gsSdBj`6eFegxt)j~``FYWQ&|d{3OBbFw@zhK*K%iH7~DePP0`e1I&?WvGyQWXD+5 zU5gI)_Btk{V0Lj-nXbXs##LDj+Bhq#N!`Nj=@Ig#*xjNh`1zktoPFM~M9=A0$Gs*r zo_fPD&;NX)lr`>ovcBuMJM6xuQrtVI#RR-YGO9A%sbn8|w?iuy5n9EgfqJ&p3BF#E z!P%;&Pj5<@9)lL;&X}Mt9)R~-olw!bSh$_IAzg}Q&bQYSAVb{{hRfTs^+jB ztouG&U*943lQ^8{S~7w}Gr1-qMrp}Ih_ac6SEgzdWXp0)+m^Idb(NM$vO`kd=nkYS z5{rrsfU+Lgew|)UJGzmR=S# zymjkWHR~|WTROaz-|>jy${nLSrhHIeH)pAk%dI}vtbaf*7>$0;0S^4i#& z<^r#x`Q6JekI2{G$9?A6!P3Kp?ozaV{JY(OvWvW}%p)GKj&sFa#Av&VF~C%*-E2}> zFU%=7Z7k481{urSN>-V>O&M0Iod&%q4+{H6qgi%DrZdS4x;L3)nwd8-dGL`h)2^X% z`GFiD+ib(G8UysUL?&SMkOGa4;7;+kiDqZ3>=SiVK2AVq zh3V%G>1>_PBgJ+4W;Q>vvvpLD72ernSSdpek1I^xrZ zkG|bJR^Vqx7Y~U3?11{95YP^|4~_%vfc?7<2CeZFOGkt*wxgdaFtn?aheU^V!F^bW zXcy#%$BA}9|NRGxI6{S<+t?Hw#1J=zZQAt9vgP#+pc+79`5A57}goTv!%96vc)r-u8gno&z|=!8o;1YNmb;%X$h3B^EE#FKD9`ZFfYS%}*E{aCwWr@t zvNS}XDYGXc+6PfD6M&H=f#*jWm zfU0|gE*PcSIs2A4Rag7f&yUO9Xhzx95zSdATD@adJEznhwOa3QiO|(~J$D7KHo9+( z$#hWp&l|(qT(7P`)*8}Qp{yR&`)3@?>KX#)N3?cN?73rF=Z(G=*jgL>=M~yIZ!XRF zR_}B^-w0RtcAFRGT4SJAfv%oF*T$CV6Ycsy#6B?I)fsZnpx39_3QLE*)~2wEeO*5G z)nzr73V`iq4d;fyx(eDaHV)R^lZyt!x;)$$6AtT4dQMDiHN}2Wv0boRLu37&{GNkj zn?5X079s0VO)eB8+cwlk3zT(EQQuHmm;O8?Ue??FKSji>gTsf0&HB;!`3KH6xA#M$ zXFKXh2pk$_}RzfwvPNW4$5sG^FooiwH>#L&3(Su+}0I*-T>Y9jr8bIy6rQ5 z%uwCdULF>&+m5H-L(p#P>>e$0SNSa|F~ic}%2vlwr2V8a*+4QR8yjn>{f!%o>%6L8 zsoLerz|xACy2p1LyeX4hwU`GN2{^VTTUieJCsu0xS10I{PMOGPSeYMx;lsbMu=tI< z<7r&*T<#jv$}FDRp#ym-31hC*wb})Wzox8cVA47ZFpMKIHDh*^E{zYZgJJhz;h`^V`xC=so~4ri5agmv zm{nXI9>TLa59uz8-BOpd#mnJCn#{h-`Lw=a)fXf$6Xhg7rMDgVzJU|KDENN`?AZP9TeduoKNd#(F1Q+MTYe@vr2$rPMhGptF_!nuS7eR23 zt(u{EqyA{837(D`biwTcm#^MKlQO99bOg3_W<^`i7V@2*130qIBVr6J?KsiD218MM zZ>GkKX-EF-(KLCBj-6$*9S^2t;9^ll?mq=F>lp8oQncFCo{^|^%=qys+apYKVdB;? z!G}?}`ebY(*WT%h($#uC`OGO@t4Lz)v52L!6P~6h3W+Ozs_Ye-y0JQOi&!e<3tkpu z4vGpiY{&;9ju?jPpqXHYu#X|jP%eM-{*r8g8S~}gb{C6p4{w2eE=OpjsRrLl-mnxr zP4rArtB-S4r#TiRW7z z59wgih>Ri7PU$qWN>72`Z;5SGZ)QAB3;C~tlg%pBO9j|%5}u-mp(J-wdT(~`?8nCI z=9O>H4$nn6L95&%6X+rRH^%}hYu3&4Is#{#UKIScu83JI{bdvzMcVUU3PL`>+x%U4H~ z4hDk(IZqfBOcD*bZ)0nh@1POC*g@t%$A1Hyf{uF)HZyKmy$38mQS`8P7nm|iEY^p> zkBp)K{Gb&7fZObdL_EA@`5@-%x!xW}M4LU-e*-aL30gi1IzA%%`$5EpF-?R0{UCpV z=?QQxjIuhjeALcH?|A_Z_^Gkbc$}nYN+_f|5)%cxDVmiA}pZ>^Z*x)^N_2BlW z#`CPU1D-REzqvsh!Tj_0rx~z4#vUD*`7O|e{${~odQ0DCceU9P?u~Xv;HW12KGpXK z=(tBbiC8X~mWZcd>6;%{jZoz>N=8S58nT4nd$7|NRx5g!2=aDs)qauQR$TX<%cFcK zCM+lCE?c5~4QUvHS+r&_LeuhK?Gf|5X=eu250Xn4kF@!rIev|pcIV!__ZL%=VvA$tYZSkgQ9)< zwu!PKX;6>R((R@###~MqW-mz26EyJFzO<}#LmKMMieHfn`H|cg@{e!hG?EC~lB6)s zbzJ}DxkQN+<1oSPkcLN{TNe5Ou}O=87vCPApdckdnP}W95oxZaD0My3EC#Wl?#8Y+ z84_%ZoLg;7a0~qVj^)F8i?JSnevrh%pcscDFWh>%6y#<45FX=Gg?t`Fc$vf=>Y24L znaK3I{5)Ym6XjKbPta#veXPW9^7HY<`?L4oA2r{>Wy7+Zg_;$zT+#0K2M7BEG;6>B zmnprYaiZiUc>U76mW!Q34f>Tmo^c%EO6B%>qb#Xq(rD?UIY)myr`~~4v|Yk zs|i|8)_4Q=RKe|%vg!bhY}FH_SFmz{N)f3Sw1s6Uw;v@E)jgb^NmO#jVhKpSrrstU zHKA%Lz+@O0|hI%i)lau#1$k4U$gXr?;ILPNH)IKib?A> z`fJJLmRr9(eS3OxMWR7OAwY{9U&7+;kdx!fQ}XiHcS*1HYTC1r;O94S$>u-<0 zJ$<`ge;Y9o=5eO-tlL@k^_bV)KB|ef_VoSnPv4);>FF~5Tcan534m*{`&O)I{$ESb$W6A=IrwL+qb9J zZ%)5E{^{-2^}Exni?fqUgJGR1J@P^duF|#H;*qd z|Gi$=rBmN`Bc(@QkCp%45B&kD@BIKDl=a>Z^1%u3{a`;$uKVXp2d-zGFQ4UpiOrio zQL6hE_z%f)-vaVs3GQ2fK0LR53*g^>T6;b5B{SMDv4@``t-Tla@)_;D;2x69-V5-d zdF;JFKS>Jv{bx*J@5=Shn!Vob`neO=yS+bO&iV%Tjma%^T*@3`pqo_|S(Tf@<*Tja z6k5tB-|T<=x|jU+oJQ{IqF6FdeJ917)0LT@n>W7dcB%fBuzX)Gkw?amD<{uO_ck)h z-(HDd>N}^a_lKr4d7P+u9Vr?>9w&aE25}ZpObKC6vnwk~eP;Fa11Fe@OzGh2Spvp< z$4Ly3@kk;d=VclNIUmL*B=yfKgQ!kFpz+ifBi0$yIN7!5*e5MOeXh1))VP*5vcOdP zNfplsqF98IHp0C17G!AzK8W_9Y@Y0<8*8=r?Lk$hijwK zA8FS;s470O3Ua6!z#AjnQrDbGBzD2jZe>6?VbrFJ`A18S3R33W(S)4oKWL$X&NW7= z6!^G7BENyfQm}?RXI$)7TPNTOiMzvu4|k^&lD53zVL4@Kp;G5&@n9Nl_;#)yWdCX5 zNHt%p|BJO`aCSf?pcOX!I28p=n=!fbP;F}2PH0|u>)19IVZ(Y>rzNCEV0X*3 zat1?&Tr3y(H>x?21ZPgS^6#{CkB={`LAbx!TqNF1;nCoI9Hf{0~^Y5&C6M^Lj>Q!l*4FR+QD=w z@R>Zz5z82)K_LT8{CQ6PfA;>pyKx&y7{=#se+oS6=+s)R>Z@Vx*ML7kg^~RbTwrXR|L9oeUf?M9LT54M87q zMe^rpjxN)z@~3dFzXn2|LUIVg`L&jK{@RE0&#M0)xE>l3FJLp!`oNKAg|F-a1|J4*0x$BSpxUFFjs+fg_?n_EZQ&%OxbM z!|Yqk6rScCtJ}fYtMG5nB`!EbK_7-8MNa<~2lH69Ntey8%xfW{#4q9C-xLQ8$JpE3 z+k5-^wfOJe-d^s%`+M(Rz53h!>o;!?4)*rmynXk#y@UNXuiyL)>}?3=Oo=Fi&9^bGJcXv6J`-@vwF3vne zdxzk&SZ_T@oQ21b!ygCzW6~~_nAJDnlnt6J$b{EeAC1i@1vMz zM}z?Lae!p99ZjO#$j$T1O9gkt7AAN#e6#QlBep;Ri{(>B%dZC7Fm2+yR5;W;2sek! z?;223jC};tVX}~^>!pA8;`RK`9uT=0_#RKPjq(#Hl5~i03zUAuB#CZW(%C>hCHd%4 z^b!!X#0SO0t`Lqk~)*=wvBqg7}q&1SE#|o&jY02?cj=y4zVtuU5{2Xbj z8UzFeE?$EDy*?M9&=Cnt{BQw-Xo-mD00|KAlD8nu@J_tuTH%|nC*_NobXSF;?zNX| zr_L3zud5r8_`S-$aBmhjSl%DWE1VR9W@vLN2<@U9v}=iKK$*8`kFI(%FFFySBo>eY z{iz%-#LBHCQSJKZbY0}8K;r)utqM(sf9Qx)bVbveUBm>%aZQ#mQ121qjs~SzWxg*w z*F`}N0RVbp3zIm+TUe$;L3XiaWw%_d%9pz7>rS4woy(1J&Lhn6mj2&ZtXvyS-_>~jhmDRKn6u3eM=~3Tv^OTg|&OAP^`=(#ur=D=rH2n4<@EGs+z1ORm zzvKqBk#2SwKcu@%nwP1Jsheowy1Shgm$WV+R}Sc^zQk`bxp?7wH3L-9wVt-w$vl&} z+EpCcV#N$2?3Mj2xZz;$_1{Y>#4K^<^)eN{p9QZXn*Jj#X%ietE^5stV9ahZ>9RJXgtR@w)iuvDBR zn@{2_p*(XeSU!u<7XSY*c2-Uc`(Jz~M0d|Gu8t=I_K7vKG1b`r4qm_8FWUcJKimHv zqKtkXUS5Io;o0#a`21O2;0?sN=F68Y`RlL8my?r=bG^c^eC^?Y*BOq-rW(UA)GBR# z|9$+nc`7nU2p6f33(r@P@OT^GQ7}bZt9Mc8;}vqj_up@Aeg53%YJTk5<9cu&V9Gq_ z47=&=-j^?1S4l_wkUd2xNIUWZkTwKM5qNj#`|8aOSin1^TF9IRu5fUS190%alRohs zA|Hvz7z#w>yTh$5EtQ>sHg{9PLSGrtm3{%XUC&|hmQaRTJaSJxUF(5wcECLdyujtN z_nPAj03>tT>9D-R$}zXztAtu{qDT?hW4Z$9lgN}4%*B-4MpNW4AIuSxHTwPZPLwl> zy4)P3_oH9FfW8l47!I=DZLz<`5BX*SoM9S@G{i1g;Rt+$avN~bG@55X(;?#@Eumr_ z_)oq{z{OAC>gQuHzBu|X(C>p?9J0jwLvC9c;fVr9R$^Bg&;{6?dcp1#(#6)+NdPc$ zrClXf($rc={CMMsWvX9=go+FhbKI5?`VHZzsZF9_z=7mkg?uWfSvQ28Q*dN$8?Iwa zGVufx+fF97ZQFJxPCB-2+qP{^Y};nx}W<|81po=*b<>@ zy*EZFon$pw(;J49(?O%^ScZS+{Tf~Vm}~R0lQBuv>#px4NI=%i(_|9OwB`0BOl6DN4^tT%Rsq^&THC@Tk1Qj%DPVjY9a@I!+X{2kuY z6Nk=y>-ca3P0Sw_rUHVzKYlpv;)}H+IuTp-5bfg9>*C9#L;m^bGEW)4VkqA^f|RRc zK=^Age9=bCg3njjFTdqqK<|s8*`8n|M9`W?5fwTO!&TH zo@|g32d`2(Oi#oz&x>`z2Y@1yr`50ser(L}d9&$w^jHPe`|bf$qur;*sj=@?fpJgW z=#QnK7is7a z&qQj96c_e2UGo3+a$QLL{EbXx+#w!B{Y>v*K-4dqg9AEc!&jUjLJ&x=*A0R}j1{R# zVsWNIkDjNB*>7iMnPfmZH((4@<5!sFQXBK}gzRNr%`jS{sB`ggaQ5QO-b@#gKf!3OK1ciF%6-2owV8fI3NDoN`Cm23}*sW*W%IV)EC z;2&x+^N)!mMsE0whzpj3P25@>i1a!gDA%|{=H3XoZSu6qwZ1<;V%i9#Ymg-yN$JUs zgqIrf_z3Rc=lkOT8x;iPLna%s@j3g1*n2EGo{CbE_wB+Ja2D|tG4=Uz(xiWacAr{u ziKr|Wb(j$Om@LR*3K8uH2p$s?*XFX#b)B|lj;_sq6!Lug0RCVCH1CW$@)&mr%Ggim~fd;%EDFM&0>mzO;2X9&a@U@xcwCK zjF|SxSM9;V9?dM_i;o)J+~##lJTyxk!JeWMq)$vP{Q`R*L*jMv55Feka(4GP(Uvbi z5Ml)an(SD=mYTrTY=25eePQHWx3GuQwt6|l*J}8FD!iGI(;U{jtPtX_&QIa`h>Q>I(wv*#r@ zuznlMP&Irj&#Y+~Ku?*oVvG8J8?!Z$v!)4F+;CP%bO}z&*&f9f%K;%D58GnLLHv)F zu!jYt|77dhX=bKUH^;xfVgkHbb^|!QoLb8+%MwS&r8I1CaNbdtQ?Esza!EP}P3dJ) zLuA;!z&=8vp_hfud&$g130WffSZXF2fVRXYSvWw)aPp2y&F*TS@?l}-ZkvlXH^!TY zrfxK_To*e-+Rn--DIcVHijqe%;m4&ikxqVPb(BvUO6Qd@PT0-%jxnXuLdDH3(@LY) zjpj_5rtuXgw@_DkG%c{Cb!^(PChd(ip?<+fHNNUs`sNiiIdRwEf^#Yj1b9_@YevNS ziDsltf}#wG)4N)wZn?LzY~a_~pdr&dYUQUfiO`Ci=sXEC)|&i~=CB6UlM<)Y^?i%= z-R}yIjQN`O3vyxge_i_3O9cuGmwq~FEBF<)osq2R(6-IGPfIv-D5QZS4Dg5u_T)mS|NP@)owfL7W7o5QH>riSD?5Gq4aB08uwSqRIeZ>%ijBj@Hv4? z@7wDZt53t>mlwt-8B(*KSY6Fxy7~F2(u~f0R|&G`sySMns5BAdDZ`UTd^0QUhfbzv zjb+?8rz4?>YH4rdgh~3L2WS^-^_m|aYE+|U$KrKb<-@wQv^Xt)Y|@q9TKki9V$T-M zwE-$>Qk^PKmc+!0`f_TUn=A8*GV?8`a(yf_MbxHCu;S_fN^nt0WvgkYx~KzO2e_=e zQ-_i4pF4fj0vkAiq)E}TN~#81xEO}RhGIy`Mk2oxjXeHBudvhs!~<&@U&O}TofpTMf-0O5#f;P1J# zdGMyS>0&E%M#gc~xSq>DR(X#se1?O2+!&RVKAOwI z*7tN9r~Ir_yE!2|Y8+U_bHN%*VTUeb8P6*FSAWKc7Id;?jsH2m`X^7+Efnmk1M*Z^ zYr5eEK<^Vi{)ymTEx~P|rUyQWA5q%2C2+K3_*BImy($E<(;&nF^Z5j9#}X}g1#a;; zd_3i;rxvvT5U&zt)qnR1zU}a4TN6i^N9S1*4ZW}0`&=p@OpZ^>JmP)e83ZSGSk7cQ zBKg!hicYOh)+ZoRJmLzgYv@gu5GS_oE1qrVtH|hBj7DtgCt0}y@;r}%-|myN!E!Dr zUmKo`Z9m&8vVZV4U}r{enN2~uWu1y=`7w9z-mVv9iiKsP>Pqj~DNnl62+rtDr3 zAU}^n0>Pf2%fs?Knk};$aCC#SV?Z9fkvx&W>5=j#N--wAA(BHC*~RFCq#fLbupU0n zvPiFQGigj0u@0p)UZ^kuet9tC**?tG`xgX)ktWUC%!BAFQ`R8oF(~u3onqC|JE0c% zo+2CWLjWUskS+iePn9K~17S|l-**n^N&r+3f*c=?TyM?5LPEjr;@HsZE+2UJHkr&7 zq&H3AQ_Tl}*Kmv@f zVWmm*9kOa4;+@X9wGEKb`9X4T)&&O9oZmjbk^M^45am869IatFo znEW(V^$iR^_Y-7}cBG1D75LCfQ<~lXyBKsSf~Oy)r1Szq1};Q++1`T(&Hk7wl-+_C zp3|0WgSP3jTHc<0VS!=KAsCZ~Y>3~Ms{rW^ylEWEH}t`;CV75r+Cu*Ql^32kc)I`u z*&&^+^uUA*9Y5#ljt-~m-QQAfFEyA4A%rcVPKbSn$qGis%Im;i?Bozs{GTPRI`5I3 z!-S_4QcuwzjB%9)uL#vA=BysoE4O;P$17$ixO-t>zP=sXYESOs!1S~EN?=_`hOrIw zl6~{1^Fhg97HQL_PidWO&FT3=i&Hd?L3;jq6j~vKwAiCDwJieiNHsZvaq zPO3x>=52#x(=JJrw{?02JSib`QCom~xyW8#J^+HMy~QU)^MRRXzuSth}6*0mf z@Ng3H4PW2Kjfol{8?@*9%sG%STp&bA84r%CB$?>akX}vbrqASnnA2XN_BUw@&%+OV z07`U9w}@6!eh!cp0t%kzm%!63TIZx6VWvm-NT*==zNRvGA=ElL$V6*kR7QaYD*;X<&_-9RfoMao7_=Rw`U8u01 zk-PfLxR#1InEo@x(Jgy9qO%XiyG({v$^Nx)@{gdFJBztRgpTZ&LKm`o7ad>)q{h>G zjoH$gT{J~o<8_6poti-o@ngK~*%giV@ofk)57rH>XtZyu#-Fz#LN`ZAN1?bVleGb# zLN~kS)>@C2EUH2bmCrd0pCmbb>;srTYyS=M3%UHM58dQnBur)={b+kg6@Bk_(0^+d4Kmjxteds7g+}O0}pR7`PywKOfE3xwCnG7r|h5Zjqqh zpAVr8V>*ZU8gP5kd}(WKIn7B{eDWQ8>6XC!y8yo1Js~>21J?sSk3VJ*6)&Cv0TpiK z9=&gN9NEA8dtwEBuaO9|N23=W$?SYq{wz0IvfR%{emvr*vKs}5-K)2`T+h)TD zAk^>CeU3835pW}8t?4d z=t)8eNCtr5DLy}!Eeb!SBCeYzH1Be@IR3El|9$4G`SGP!vyF?xJpl}%;24Wb`81jL z&hNJbY8ZPKv5FDiHrau-yU~X<)lxfy*#}hRPBRmj_OUOaUSRH&e`WaMy~ot5gdzyU zPnpAkgbRzG>{<`Y5mpF&N?7|mXzT2Mk09<38jY=u@livMvyRX5-~T?XFzM8%xj2tR zOazDzAu&-cGpWFva6ygX)YX}1ohKK|64QQIr>`33JVGd0Gy%;%_|I8=(?5Zi=K*T& zz!|mc?0X=$_-QY&;i5COs_5=eVwrkKoXO!`WT(c5$PLT&hLs&aWuDW#b>{{5_>d`z zjihpGF1p-Mx365Y_4ZfS{vmY{a*7b~iFYqH=ax8#H$ z^)2Nl;3vF8G`j5<4{+Dx*rh(2u*VSD6qrLG17TNpTe6Ns(?KCR%5E1g` z^Wpr8rW9pr`yT(rr5{&OG=rwf9viG{NJ}!b+vE1~8M#q&>R8mDh z_>r91cuuRxy$WX7en$gSycZ4hG_!z7eP&_cF$RiOAf+6@9v`RJXQ2E2(c=B*bwDEe zb5Ho2S@;{N8e}*}r#`PegMfNwhs!+%OgZYk`v$Lp=k5XShyqJyuhlGUcQbV`3j62P z^wlD9rNuO$nWfUqqIN$RuwRynyejiiLuJ*~W@6fYGE9Tx@*Qu!>x?E-U=t6kj}71~ zxYMMwKx-v@@_z^?W!Vf`nTfz)5Wbo>>j4?mvxd>N*6E#y=SJ`&Y`;r}5u>rme6&y5E2I^*=@WM;9h*rZgMj0+ftn(Mz!q}x1DCE}hXPp>!=7e( zit{TO3@0>BmB-p^Q0dvq29m@eT|NMyu+l|%MO6KAsUCr!U24#tK`->4&@;Dsc!gfJ zzo@#$E;FZTNL`&!RZRTVkIDUxxmr~%J-It@@t7TTzDTn&_Bc+~%EtcLVVjYez!!z+ z>*0V5x_H<&z@KI@s}r2O?X7v~bK4L7Etn00{~qvwpGulhddkp_;ZWO&KU%!LW^)a# z(|*2vDg&7v#HPO##-Xo*T;Bfc)X;QOkEV}EJovSBaYP2|@4FeDNBgvaaNzH@P-~8w zL3-7%L2#TbIs^RXXD&87R z@IqS6$G8|>e;#T!YXPR2SE{rFyhN{`qVFp|Z{8?$`tc0$XVem62}b{djKe&DCHEB; zN~*af3CQ31c0wi--ZI>-SRM#T&ZyYRk&@r>nM7uy(6@HlU;j3nog*r9QL zAaKKgPt%czhUa!N%+%{+A8(&c3;{vSJMM?beJ~1@dYP^o4*$Oy3Rekw?YM+!;WR9Y zQzIm@#fV7VK4u679AxM@>&pYDA`4=h%1cA&AqS^pL=atH06~(rEGaZ->_h_BjF?jz zsiq=|8>l{93>dVca*WJ;wF@qb7M#haY7I<9nf#bigRX~nE!U&JPW!0$B{BK)A@6bc zaUg$Td?JTOH@yrSC18e4m!=MG>*_Lz(Vn-VcuDu}5R0#NmYd1359y_@hTLuJC!Hhf z{ry#5uwPvP8o~NkIT@kn%0H&_rSPE0fWJh4kn`|NDD36?$iwK8d%~xwAR}N%NyO(| z2?OL5+R-{JNX^RI-8W2Bo58U|^=^_?Z04@@u^G6L$MX7IAm@t|qlEin!y{_5aAyOM z2fFs`r@;X5y-~;hKF&@QU+;Ju;N*rx*K{X-Ul%*WrR^3gBo$+ka!;KZxNEZwkfM6s zIO+UUsk;hyn=juD%0Y%rV-5!2b}FBVL! zDgdxsU7pY`I?gRp7!%0@SoL>S;8g{)JmacHeX3J+rEB_l@r#=Lx^(I57HdVgd<0GB zF|tnue!5JVpN!?b2%@2yAPY}8YCc~UHPpl8{u_)S#&T@u7Cfx6bLN(|6+Wf7-Hie9 zO$xVdVS%#6)fCB(0eKSk>jLtGjXC3fEf5;-*!z`pRrlEY+Rv9>ziL2gdbqPco=+cN_U_K!J_c4}MpBA;7kdVp z@voO777)!wmc_^)2UN~!Nrg1c>5JOsz^>lE-^gn5x*>qXqdRe8<@!t~2=u)ShHz*M zkIp@<)~{z6DGKZ6SoKL)husa}&ESc*o^mdQTe7%>)qK)aCsnSNY*XJKAM!SW4CItr zY!0XREhNcjxc7DN>aJ7^`tT65YkU_IF;Q@yBP$y-HTp2_jF(ox>rFh5_`MK_=ny_+ z(j!;;<|8p|1PKFnoZkFznCXz7)rM7BGH~0T=-?2&N-{&p^%U~q*X~h^a=j4@P#5jw9&MHDS?S^N0v~;9a?kW z3-?of9Q84aEonW)qVpH(pH%e`OG@?<2F%t4l}$n>f%iK%FAt{Qx>?$pdO12cN%WC{ z%Vmhyt-*DHi4I+*2w)RcJm3_GcuKmIwldGi+nO<6^l#EZP2L8_pQbEhF=i?@f5_T1gP_}Q!($e3gRv(0NN z12<4vVM%Q4ARW>k%IsJ8(#*^pZQM^co=z`4zPjSCj45N*-qZRQ=!e&|UX&LAyj(_R z*tqC9O44XPN)V7H={Uv2m zcI@!KpZ7xt{;0)k~W+jFA@8|AaBN`*L5WWJfX5yoHGnEwl z(80@{8r)gLE(MXRs-eikWZFdacCCMiO~y ztdvXrR<}S$<@RO5YbW>D=>brEnnHm2T4|r-^CsaDh9$iTb9ZF-;N|V4lW_aKVQbF) zHUnEd#?#T~pP@FrJ>0&B-#Jv#JfV>l1xsi2Gme2rX(^@;O*%f6!@DFRE>7NobrZt9 zTy#iEK~7DGn%ZIgxU_Ki3)a_fCQ)fVcr4;A7Ry?35|ZyHP*-JiN>bf4dnWd~boqeZ zD)si|DLsY%u*0gXvV2SXvBI&VYjMv}C*bPLnP_nHwrDM~u8nddM9-TLS6?WXql|^&M@-rn+Pskq;+J+o6^=Z?Ro( zMlc!o(}Sh+ce9@%1lGfZpF1cW=C!Z$9 z(|U4SGqV}Q)zPA1vyZw8oAfvxb*Q6P{J>KY%))B+*HW#qd5A5b5>|2>jOeLmOIXAe z#z}*hLvkM=^FNBN(RiD?gi>%FNBP-%o+t!nb^N}dd0xEECgt~jk>J_4Ds@x%P$-16 zVjfu4j*mPig~0Qd&G04vOyZ!v9d9vLQDWn`EkwzMeuJw8+}PH#tzcgqZ@p?%@8Gc6 z8J{huOUSnToHmsMpe`R;YrtZ=7A_!#s+qODW&8yaG65aGk}+AV7mB5YW#lF zFwP#@ZD99850O*F(Iq`b$YJa*deu?+T$-{R{n<2)nz%Mn43!ah zXOxFfr;%H%n|3HpciA1PQc!-BN_Rhr!qpP`pwK%iNs@9}p|G*ZdhtU;e1Zn9 z=;o z+M@oSEudzXZ4}R6EnS>NZFbumaNoRST#G=+l0FaR20*jjpSDuem*_ie~>JghTrevMT{Ze~$*enpfOX%l3muX>z9TpKDbanGn;{my&hws%~*QhI^d%hDAiTW&orfdMITS?6~>}8dkd7&O>IImQlOAFp<3ih zAHvg(+Guf{RvL5~s%))Ogu1S5V(}jB;e;d+-{hnEVk++JD`WLYq)`hIYssM}c;2Cf zRl@(F@PLPe;+ zD)?`#m^;O98ULo2dQ=@nGLt%SM3bo*o2b&3uf?p*CLL_cLwznQX@d3jPEj^@^aDeK zTbEUs0XCPHf19Kl!a+7;#*=Efzh5T5o+MLcqq!Yncv}c_ObxDmdPbeQP1AKYEhy~T zT2zTGRYKc~(AN99iyVwLOG}R=4uY5ODX&?yG?P;NNiqCkv5j|hiIyXhLw4Y48OtI~ z;-V$G_-4ySRE{#gl0IVV+|*erl}zE$nk6QTDpBp;c^{I8Ehe^f$ZXPt1sf-(^9J}- z!gCx!x+Rb!M((bfAf7hHXVUqv6`l7c2PJRMFy;fmm4N6eb-^EZ1SzKN30l4N zj8%%!YY~Fpm_4z59aN}qoG`CJky}6Q=a{L%L2#iJJc2hnqh<6N#1MQ2cx!rxT@tmPU^s1~b6R=l5o7`UD1lFS32vQ7?0X-0QC%2@&W~kJ zuE5qQj$(~&Ub373Ei|>*d5JBi^l37nHUQ&sUs#^l{J?7b@iV)JCuM}{|4p9hn1P0& zuRps2Qid{=<5|9m*e9fabxdhzXf>XZ-S>W&%k$;E9#2otS0G-e_x+pQd(Czy5Btix z=l#>>_7lR^MVHS#TkSIvDv|=!*!I&B9(BwHDkZ~%&*20HbjXe^;QZU(2r|RtI#i>d+xDk7YwRJ0D_AyfFC&b@A+g8r$Gv0b8+@BY`$_4Uk0onY_iw zLb+UMzLe<(L~q*OVzCT6HM(GD4m`d9w9hdE##AB#?QnK{exNElmVjB_+cV2{0i`3m zjj(F~t^7Fkn26sIrTl9@ccc#39&Xim8~I`aCW+HvA)i3rw&kTPY~?ri7W@&3l4e4R z{)Z5_eg#Bd_ffQb`sVpH&ra{aiU2m~nRlR2qU|$as`jb#xn=YHQKt*1%%5o%*7PTf zFPMjkTK28(%I}@C2sxo=(qjYEozC=+iIk37ieFkY+QPO@lLO9vcURBfe1xQg z(#i`<91x!q>t}ts0w32mUaud&(f;xMwooEE9S$Xiwj`z{O?+}s=pEp;Z+(fzLs z*Z2SKAKEP*cj4|0f=732F2@I`wNhiJka1uNAqmXGmlMGLrntxKro>qvrX>5C5mBLT zr0i3#JNk;6@_P{Ff_*G6Fc>_9fZ|z8CkQ6!)biOD5RNI027NJ{hfruyA+)(mZZS-GabZGh7a*){O-ZR-9DNO0&R(yJ$X#cou+ zmJfHmvPX_K?0ImYljI(=q-%YUD#=qq9rmN3&%|x~c2>*d@H9K%t@GBk<#vQS@IPS^ zituX^q0bxei8X28@%q<{G*ixr+KLXCB+#q-u{;h`yT1G4v(vro@lFOJDlGZ*m*`y! z?9p%s}+Wwf?>sE5G3-u@smCdgd$Jfmkx72K+unk0 zoc?-#d+hl5-2Tc?o4NZoZ$Te=YW->+3A_rgwoXOMfFI+)@2V~qShSYr28%~p^{5sL z+LJ?iuJVoDyMmPV0hLMdY44efd$onqY4Rx~L24Sffl{sltbB$uI*T@2{Qh@wn#~^n z=2?zFlE2qq*_e&W$v4`(YS&^7~{KkEzV!iNt$eC%kMx$eO) zY-|N8z}pvN>dP=2OmX>1m@>R$oRa={OQ(l&Eaf|k@Kd}ugssKCnPiKpEvCGF)vn)a z8;r*OiYhS_HD4hFvHO7!$}+_?c08&O$SrTrK+B zy3!?K9}+%}tCYt+s%J&MYo*;clQaqkOvw3=7CE}nzAQiXTpE{zdBmYXCEh+r)2A>rSs z>Lwu1-CS|dS51Go!XRfG5a4=Kjs(1Y>{~y62SQU?YG|BZF?O7NkCy`|WMWFnHe{?{ zIRQ!PcTJ-%*c`~*S{E4=msroM2s6KneSq< z+m#E!diz8@q(_z$ng!E{7Jx|ngZ4fT)17?Kc7!0sc^l!yKla~^#=C?3Mot6&^tW?( zWivkW76~S98Pef?F-1Ba#r%Mw{4LZB(ls7p-i6!e$diuM95fAU)*zv* zAScJF5ET96`9N0iz}bk1^16EnR?Y@gXk>R?PzI&eYcbMyJh#wnDZJrh;y`xks2D!| z|EdUL(>sSQsfqbKNwSCQC$XaoyqsHHG!*`O?hBYNVJ_R=O`q}^MgcU&xwMU7kB=Ad&1@Z?pLMZmEyyrUKFfhj|A~k=wPt^XYZb84 z{=Loce<#T@wsVrVs7-bx=P866<}x>15z{~3mJyakO>3huT7EF*Y&JH=;O6HcE^?p~ zKHYk;!oD6OBTx{}!l^@*#8YJ%szZs6yaW#p3>sC$AyOWCrXMNB1Is?lRpz9K%}X2j zZ4Zd!FNyElaKf$61(}LWy?jUK;UHqV$Y%wNgt?I+prEU#;ZzpK37amuut*m$S&7Gp zhBh2nv;>%}$#7j{QY>_>?eTLoFH;#%8w;&<8zonhiRvX(DiUtRdyMW@C|q2r@MxWT zzI35q;1n;R;$Rof*-`WOq$}y_>e)rp_ zJTSr}oE2vpE_(f=O8F~+7=@x)(MUvx&}~GNkuHYhtJ#Vh+gdwjO^gSLP&kTGQ|NF> zWl^U%&RL^NubR-`f{fX!0T|-_FXl|AbI|=1m+r6v z`_?c_=f=gZhA89`2Kgyswzu9b(X6~hybR8jO99M0px$(=uEXnMc8c3h^Nv%#tu{DEr)3SJKL)}LdgI`va= zE;;Z6jEgH5nmE{VXg3q`3)2^S2J-XdNdDuQrxjXukbfJJXBPZ(wNIw)sw6LwhLTxv zwZX;ZqyCE4{{8N-7Ogd3u~0C|k6w>cfO1Cqe=@<>XT{A|r#q3FHaFjej6ZU8v3mh3 zO9vXd!I7r07C;{KxgcV61Zlg^D*zZH6(2>{$A3t-oE0Z~5t9Y+jn)x3gi%@~xvmYl&BbWdS$ec%tXyi5A`vo z5=JmvdwbaVsOkZYzm$KPab#*EPJ>IQ9cLP}7{iVv`!>-zI)az+O4&(HJY_pNj()X6 zZ?H?F)^g>7sJ(M#`8Y(MSYC;k;SOlw=x0%i^<}NLzU_}KzTR9Myq&y^AYMBOYV#K= zzQlpVCym1*co6A(&>M{;f(?l*nCl9y;x<%D82r|guHMqallyvq@bGeQ|Lgs=doi*< zp}2FVSHB+fd_Hs<(y)JCknpxk^Disj!6qqNv5OM) zu1!Mm9bO_${{^VJtxbx8v$gVQ6RDU#n$__T;Ql-kGCIYRuUTm>wByledXfAK@s<44 z>p}#AN>$PjtB7aaq6@>tHEhwamq|XvfGko7*<(-XoYoC2%Z{7azdao@cl+z;;N$(> zc+=eYEd}Ifx+@S-BXq=TE1wik13bKq+prq<-Ehb00@J@;fa4Uz+QN>q4T>hCwE>lA z2|k(HNXqiS?aP~&n<`zp;uL|OKFGkqbtQ)Kn7)}11-StBfHTpGA^kL!Z>8jWz{!%rBJCYyx zaQxt_5~I}n%OS`fT00jTG1+SvHi*h#4ZTup40a*o^8bKk)7a!pFzuK{KX;E?T^L+y zP-yoUaQqp-aH7g(JSlh--SkY1n3o-;oDkG5W7z+JWh7>D;0T_mO`>VZ08?#EC+QnFbhDG^Uq_b@0R1%fjWiQK^i8l+ z-$sd>tx=*I--o@k<4|97pz3)yR_$VeUQDpsz#sWYf&d?m@4^=FY$NwA*nZ&%t;i)N;F3!dA68c^XO5J&@0$qdN6>-zLMJ zs449a=Ls@5lz2|9r@l~Mrw2|M_Y)W>u#>r^_XI5aoZi(Juv@FCL2(X}vYA@#H|qHG zh%&Pexmt2P^+S3~Zod|18ri2p7Rff;rF1L3s2>uZ2tt*_=6^U{H3}hM!5lB+9b(q- z0|W5X8Cly-lUtQ<;93Y>$Ct+tN#7cw{2!z$y?7Mec|jB3K8#l7(~Qt-zEgp$e-j22 zsn9%fdqCcyuc17@m+JaVgDyHM9Iv!Dq%A*fJetNY*aS4JE_gF_WXe!$=+a}$b#b8) zNdD}fTLzqIbDBb5NphR&|Cty;m@P+&^+B)d=?sLJA#yY#y3-Kk4GioQo_&-QCK>x! zYKxrwxtSC@DQJ@%ucNO@NG5^MP$Mn-B!Hh5WF~=@hn5ltL5Q7f0<0pX{mE+Y=Qygj_l&Ah=c*OLtoL6Q z%8pQ0@$(%s!+>VKE>KnSE#94C?xiP+vyUbITt;V2pTB)hyk!9XA}k+y zok67nz`MHF4xxI)LMz`0jU%?CW|h{}7y+J$9~IHzkkFR8=NT`Va0q}Iw zZDEiB{&_ZCQ~e-fB!Yvx9P>~dyJj#Xl1*!~hxmgA7cJ)h(cevQrJ8o7c;fms3M9CI zZ)tnu;ds02=8Z zEd%OhHm0550C?~~=r&PXsG<_yggs-9)pK+4eY5J?y`?(Ed)41^iUakDrvfdx|~^>MJTEM}up*4eR|ES2su)LBEJyYA1L;9&;@Y zRG)B;0#PqEh>}yVi#P%#U+d#X5uNrGSWTgweIh*(_E)OJrz~E#_|4r%H)&q+$1}A! zETM63*hRJPPxPo!KSVA((Zz6R8;y@Jl|ae)9x5%Msr?#~HrrQP=iJ-3PU0S&ZnY13 zWrD!OJ?tku118?TEGP_7qcec$(YT?{;Vm%;lfXEmS(VFO!S4oivo^iN)`g zBzbm7ldU7nv1tuVx*cIye68%bFvw?!V{rUu{;d2N8`Pp|w1iZ}r5`T2wX@hzXLBrt zq=`2@jY)P%M{b<2*E3v{Gi3&UMrqS+``H1Dv(_qoo zbGA%A{TVhh2{R>9>L*bZP?oIraiDMnc^`+^RTKwZk3lJ+MTU%gSr5N^BR95ZYA}Xt z%Yn9C_%f_n=%a1xNUH2FB1>mnCFM$K=kvNRrW-AHR zJgz-wPkCze8Z;=SLRq;aT9sN<4XWzFgb$LtParu{o1vxw1AjDXn7r_$VL{5AkREAm zHOYM38#c@ExOBSwbE@T!wU(^p<8h?or)Qw~SECRX*{zMvXII&C$Zb{PZ^b?E3b)gy zrogmUE*SB*Yy{HEA*7PIs@aHjE<7$B)g~iZZ@R#4G|& zt}=Rhygh3n=Ql#YPeR~QiJK+sg5DGea8}+a?1g9=w8wVrC608Of6NhLz9O51W=6KW z2#9}r!%RE$&Y`C1@b>$Hp1czb(j`%9$7ZW${Qp_%TWSR1Ebfn9v?&H;@9J)1@!G31 z(pcJTb7~3eRZXS5k8j$w>Yoy2&2)I9b?AZ7M+?WF0 zfq>Y%mv>;n@gCsL6PUx;=Uq?O9K5ziHO3%1me)eH*|p&;#Y|W(Ak3@085|C~vXrdj zUa&K~qtoT`_qofORe; z1vR=V*(TsGc4^*&YfHPQ!-ppiFwH~qeXgcFy;>ZVMd0AvX~TXS{W%hBCCX-f4e6)L zWzGJ|<6@%eG2cZ&uvt%!#tHxtLHBqX@P4h!lLN#nJXpR%=@)7$N6yf zt4@vr7h-?(ig9$k++uV{Yg2GQ1h(e3s1$bt|*C=goZ7yWgN zA4o^2>l(y@vn4Qt@fQ&QvW`Z3jfAyp0s{-y1>C^L={&v0>WpK;8HIEj_vYd{^HEen zuO}WF4QBbbl4Hfj@F2|DdVt=F*bO&Cc+x?;KUMd#8I>atUXGVve}_w?)MY5F(2UVH zYXSKVsaO_#cSupJ@!r*tZFrXNsJtMLUZwf_k?gRI7w%qRu@re|Ln zZ0~KKz{S3fuK!Zs;g?^)0+RQJ-#3*|ENbAb8}c!ltWotGulrpuNa9Q3D`2SCh-sC( zPuCwv%_0S-J#oZUsNS({IhdRX(O_6IT}PBvx_rl3E=42fzw7 z$XCG4+vB;}D-h|MX(|h~A&!zG)wu%3KJjbrXjXw9@j6@HI)OLOFg8PtY&`5#Qp{?h zYx>6N>NkT)C;G79$navTaAk&y8EjNtT8&I25hpEuDUpKyO&{1O5sfW&uqVi*v9RVGc) z?}mEN!6duZdSEHsgZ828l!c=GK=X;Dr_sSQwb;`?AwJ6u{sgs0EVk1t=%wt6TFP3$ z_bm97loI-sI~kHc8(Ol||9l0iYymy5SApjSl3(t|M+XHOVC5g(drnDB?`lJ@XBvpo z2k$w9Rn#Mjm$>bdH>%Ft5cb^x;V=jq+1>pu6r2)uj+vAgrBK=aVyA8FL zuenI!hTPECE@JT%0jQ`)JQ+05BuoM!v6JH<~d&7UzzXq~e* zvpQ4nmqJ~y<7z!5DUDbF<=jAL3ZRxS&2TxSK}0z=((p(U9T zNc9PdCA`@up5lfa1{MQLcbQIi-wk9U=?ZkW?qLG2w%f;*VeS&hH~Y{-j%N)8&oiiw z4RGchvSu!51f0W&mnd*(|Le(P>ogg*YDsmSP4=SLpz}$gVFN=!w&7;=t?XIavKgdjm*5ys_7Fcf(?OProvj$2SE^t1 zV8531-=J520kHwh7k#*%K}-{}rwI~V?)K^)fQ*YoE>^e&_aCEoIihWVAH zNGGn1gmOW^Mx9!LaGCrQ1cHQ0IYW8!D37cyf<$JHHaDW%yS{ma3HmIs{EiBp0ObA;rLPn#?ILT zkfVKLt-Y-+O|X4suN;(sVi2UAPQChV@0uOKKamvtSDnhBkUU@_SeGB`!FyFU6Mv76 z<#k|WZBHl%B2u3X1@^P0dC)5Yv=_}t6w8kg66qtET$heO2#5DiSc0r8mVkLm&LDi9 ziK}mfAb!ou0SL|w=zJ^UDF{}O2f5E06wx^Bh{faj%&1=RBgY$f`$||F_^6c_)5_W# zEb7hu4e9@3=^KMH>AJ3C+qUgovF(X%V`5Bf+qP}nw(U%kiOnzf^M3tfRi9Jcr@M9? z*4}GvsN*2TpuXQE@({VHR!K!?HNvI6emvUR5%9+kN_%}kvdHE*&DgMLuO)F}alY7X zXLfE9RjRf|fLSTHBi?Bs3Ct*yZ#^UhD1A#tJwIk45+}$1oi zOVu%;0g~JMr#x+A!uBw~k5w-a#CT%S{EdM&qDBPHajHW)h$uP$*HDTyWIN zOlBYc0{3nGE|&IT45>)A5{V?K;+*&evj)a#H6kL4c_zpH38fE z{e_hEM@1Y_iAs6+jMGT^MbUBC2db-~J@z2iRriRLqOkc4wYokv%Lx(^?Ojs7(<*6& zQJz^y#w(O6jJis}=0hK=ot<3vqu2PcswU-g~>=b zTNPMShwf~8>0A~o==&bro$-Tj>d<3V1^#kt_xOBg%Fq0=)w`v?oT(aqNp$4 zYfn?%uSo2%!dxPT>*XTNPX!?DmM2$#GTca$n zM{t&kYmV)8wqH-fqMzJuf`dt0fiDvNteAURPo!rI-F}sZU^a(5qG6{bFm_Yf0%u2S zd4xQaYW4ve9DsAhVT#l<7PzEJDd5|pO^G82+VfOpzJDcx-jh;Lgu&<3TaRa>=C2`3 z3bH`xW0blAD3Cv|Ln5Z)`a7VYy}3giOw>=AYv8Q~qsh*KA_y_Sq(ORXWhHL8^8}8H z2}tQmKnjOhS{~WKob48%3oJM@!Kx09Jehb@=;rlhxDtS))eG@FI7vO&MJ(+?y}cTC z4)jpJK}eV}!{UnfnyfvV=R>P)MtL zWts|~#LVgiVYUV-q=gFm1nF;K5}?bcq^kgbUzf*bb5QUIbGC5D_mo^o&x}%-iPqC4 zje|)COA^t9B**vIGlqQQM8QGcI+IN6bM#_GD;3TcX98Jnj%e#n#%L@+cEa5j5FxK<2V>?Zw+lA9r=X$n>GSbcr0&BN)j%snbf0e;z%lMv*Mu@%w-lCQy zpG#vcy`#U@24s>`+Gl9uNMqo{x zJ9m1U;AL0oasHVO6X%p5-&@lUPwRZw`wu^sZ>aaK{Nl=WOonAW^IOXBXVtn}jvu<*Bf=nZyD&V-0r-F~J0Y+}v@* zW=6FF~Qfi?#t)Sx^~fNao(TT+q+9yyJNu}Srm0Kjm(aF zmyiRK6d!H0eN3tY+~EiLdxt<6fCZO;y9UIX{6?n4uLtrQg35@ocp%k6tcy_ox>t~z zVDf=bc_JwOdXnl0z6kp_n8{iXe8CMR{qx?5iEGSy8c{^RR>7E3$s5H3fvoUP=w7ls z#$&;aq5Z2<@_~cyw^E{+1&-=98;+@&pbF$2GfW;VUig-D-a7GRt!~7q)2D=ddO{sQ zObh{z`tbzV&r%jK8F$j%jTZ>h#(zvAwjgx?I)XS^oQ;`6*1Lvdq&1Ep`8n1%{%43| zg-bKgC{H-MX9@sO9_;&1uBP06$!}cR&BJV=4WNWihLPD!=C&_c1L1Sy@TNixC$QkZ z39@Ok`nDG*pvg=)pXS`^&_$A)HdS6Ak_XUt^QN|PO9l2W^=#|5Lvnhd)RGo$+FwVQEV*s@bC0_mT$a=otoB*Zof-c+XRs|?MV>n=o^g3^=z z)DEE7b);fS-SO%NdZ3P}9X>h)?Was9`oo#kC^{t&TXFMtCAcy!K3^F`i5S&nP%ZD$dLGdch^02FT?S&xA)<+d!7 z2%-sR0CUuMfX@mjq$gH@M14IMu^%3x?VMaLeU%CBGx_N{cE~vFTiat6IvQ@)ECn&) z3+}iFW*@{fz=BJvlz*n8Oq381o1!e**7eJFiPkWmD`M$`d;7tspUdnFDJtk2U!CQ2 zz@Se-jA@U^f*Mb?6B#p`)AwNegkbA3nZ?MTC98RP_tb;6&->s{#WKoOGw6+ff##9S zWV9zFsDwLLNi&s^SFCT3;o{F|(5$IxZl7vvmS$8wj!IK#|C4x4eW+4~BX#|Cy3n;1 zn8{hIkFT;b+eU!<;{L^2QguMFN04>EW$zVhtp%(4?1A3Iz~Pn=!9t1$#&Q=lk1qJf zigx0~edk%UiYTGOwh{b50E+$3eH!26f**?nfeTHTavod^mUoHVg^^6UJ^#@+-*B-V zP6CUjv^`A`bBGEdkhc-l*$Mu9Zrhp$TVoQo5QI0V{}Ml`uj)gX<*iOe>f3!(QB=|| zb3OYIs$i!;?-PQu+@C1NdHlQAhJ08_#W(r$SB&YFtw3B+D2AO3{{eodAD;r9uvf~~ ztj=)k(@VQp+$bzkoRUz#E8eBF>2N_9-==9rL^a#}?ZN@dfLd(xMa&<&xeD{g>JN~FPcL8bp*kl)IO9p z>=b=+OX~p^-YB`mE>vt+p!_i&NpITKS6w_c-`;hc>KUN{1vgoJ($2;JPlf7Jl`q>b zai1<}jkf76K2}6*Jd`OuRc5>!cw{aQ9!~?-$Mpa*;kYTMHpho)Y$=+a%bS~=V|A5G zS+S)iI=wb5YxBWk(Dd;sFhmo8texjKtUfbKu53enNT+z*S+eF9Vz?f#Gi0()V$*=V z_r3J<-&3V77&!9S`IL#0AL?q5>ZPcDAfZ(`q~PqdDJ$t=?k+WY&yIoL_8v4YCxT|2 zNIWnC17kTph2Pv;+qwo5K0I*DhTj{iFt0#aQwfk*jER0mEap8E&ACM?V;*bY)b#w1 z))X!&Tmf(d9>?!dCp@GL=xqeRte2g$oGi9KJ)D`$d;OTzGqH5a1Q^$Y*es4T{UR3(+peX_`BGOoKLjpH%HJV8Thhh}PdhV%jkS6g z0P8}&@u*z;nt~om*}r_Hscu-hX2q~dKmQ9@9>MZ&Oh4t-&ueCU?7%LCi^B4W1tD_{ z|7D4>`a?zS3i^Qh`%WtuFL0q8|DmNgEfnOz>eJ)px?e@*ngk7nkFb}93X~J`L+yXjFWzWvS`hepL8rt; zg!SxO`b3fL zXnt)48mm?kEZF`H4AJ>ZwillDIAXGAH&*a@^?N3;r63S2#FT2tIzm~O|HY} zN)j=d9;d8JIBu%2STeple*rA?Vda2uZdRYNI6pG6E!d|jb%;O!Cnc)SPdFJJzZO%g z8ydk8mw|Yg4{!%2nI&{XM-gn*h!KSWI9kA2K8U+<=NA=9c{V;f4iPK>5`-`#$cK|< zzWSwaBLvy#a7-|E?Fwac-yM6sn`7pfPnAb-fAxX^7&Nh@P0!dfh|($B&s!0Rxj*b{ zKX5%jbtFk{?cp)AZYrq^7*09J3+?j}#Sk|fE?WKq`{YfE=yj>`BAZ$F!twsYMVw$wiuCmE(1P`7@r) ztL`C@92jy2^Iuue^$3vNP$Rs8xLy|96GSSH@(?7P&vYl zm&G)Zd)NQ~7(Ng|4FN9cD`y?@=jcfe>X)G);k=E+rWu!CRpfvv-X4Hv%+$=4KoS1O zQeJXEBJ3MiV)-QYNu%Nt*59DDbMn|FlzM@&B6F5BofAI#JCazlV)i4}UgsCK^CC z1gBVO)#vPEldj2U3mstBwH#|_9|9yP50$3zr3pe4Z!PX`v=8?Nsqd`ql&<=*;ed01 zH8nfA(HOn4Oe`>7(dwIpIQA8L6(U7R>excM&MnebXr@|v__-O?06}Yf)udwV_+U5L zsCmQ)gWSK!02ZR2M50v=Y12P5Qzf&|QW{%>Yzs)4R)8YgwAq7fo2sg`QyKalmJ+Wq z%kC10*{9y+hc*{}ntHed7XtA88?M+9|Ce5{h@Wnfm_eVKA^&nTFys!C0#sk7YeWz_ zJ{(}Hpv%dH8o?+&5>irXjFtz?Mn)U&XlQHgkO-H|Vhv>g1rk=kzv!YO#)yuV6H>CA zGqr{-8=ba&sMIOI>!>av@4TS!-ejTjxou{?ZouDAU`9%*UO~UOnE)^JkDd`=h(D*6 zf>>w{f8UPd-)$Ovzw0t0FJVJIJpJ5ru)=@+-g%RLwDkvKmI z`ORbuzap3cP~I#O^veg?v>pgs8lqq#ezwuFAefIsnnQU&M#NfoTwN0WR+4R?!- z``{BDO_=ahaDtt5HEJHcS56-y1v8jf3_zJ!^w3<*6ZHxVsgZrI3935PE7XEF0*A_6 zzUwi469IMC_xWStF74-O0k3P$tW^wuS_O-A+o0D3vAjf$v0BRuc@pP5kJn+JYtVQj zc`I;V39mkyprg}Cx|*3HR7K#LT;tL>l->NcjS(S#c><2Dvd_zj%!2vWS)ZSCabZ#= z-EOFu5w-^2!ho!Sh(=MIm~r63b1#Gx%tL03uIGV{Ukpf9nY6UD`)dI~ti9Q(NBiUoc8Jj$=FMbGd22%awk{ zP&{o~f$ZxS*8c?nP(+a9%VC-1fF?+PEO`=8zG(g^b%ZUXiRxxd;Or}!UN<(}5A&|r zS~it<{~t%9R5HrbJ|Z8s`Q)F6kUJK zRVn&A`r7{})6xTWTnU*1+p)F%X0}|XqkL4TbWpU<9U3&5SpL!hOesRe&RP=5Z-SRB z2X=_6Km;qNjo^cN5I^TvU_-GrZ6V4zoHQdMYv$q$RQ#rTnA zwE?|M6`--!{eKD!6N3>H)*E^7;Xlesl;`BrFRM!G0FABs3&7AVvey|sYYX)<#ba_F?2yn3&?GZ>D^y4@l=SvA5B#snKYaMRI26g8Xd($xty1K8)2xU77<3ca@8y<#RvSng&r9s|$eT6FFcIh#*8lMbtuxxuX6{|C*LRtTTr>qa=K%Yn62^O+hm9@D9hnu+qA<#cJ3)_u9>!aJgZ&?3;rxe!|3i!aVH^%uaeZYQ4lc6x z)2|C^$kj68BPp@9|1fy{KOElp55c#_h!#|rqNmHWmKn1rkUfm@Ise1k|Dh1zzx(+A z;Xa_j{D~4TanNsU5pK#*@W@j9bSzs!E98vn(hnDE!7x^`)q$IPcXyL$L98xDj_4Ob zRUtxr3o;K!zMZQ0xjs*qgx$2W&L#3+nh}ZBB8xytH-G+) z(GqNu=mKvO4a>t@{>$1@+|Z9P;)eY^!enBBh8-cfLm!jcFHZc|!5ot4K;I*zb^Djt zW~A~MAR|!|V`f1dcm67L2(s32XF{kUJ*#SbSd+%KHPQxG!MJErqj4<-E*eQ!!oPHE zW8z6@p5>28hk+)Vm9}wlmk7P(OvF!NY%ypFBsWO)!Zf78D#X7C8HS?9NWtyFL>1p3{#Pci{==W#cM_ICcBfGqWvX0 zlRSkj;UZCBz6*mVQ6Tw{TzQ#efsmRI#f=tT=ri1dh9sdDJ1Q3={SSl5s3nTLbrQA` z{?Y-&c|>!x>=PU#cwMry@}0yfTT7hsyF_6= z;A(_-F7p|v~6gnW7Y|MOzL^2*w8&~$#HCaYw)*}tATBu-ISbI4kk6fdO z%gR|tf9{N!gd&9A{nna82Wy+IvNtNJReT2NG$Bt@9 z05geDy|NJ^AZojdQLtDZ++7ZGh@uw8TGK6)?wQf16Dp8QbfW|{f2VdwZn z*3B*|jA9jG0IV3pG5&e^+z&+5&)Kc%n$>8QOW7>h1qTt>KV`rqBFsS`0$4z|MaZ2u ztv!_}QgAqU{=@HUC1N#&ry&|DIu(Z8dDiF5^Mv(@qY#g^zis{wi3KTyl((2>Afz}@ zw1Hnf*xcIuJ9KO1AO^k&=pU7HbN1#GwnoOV!#Jk#uz$JhrC!_4DQgEWc9$87T}{%# z!wh~Jg7C&ATIW(sc!CqesTSiw!K!yl))7V~CS0cczisB>{_AEv zPkm~g$9n7K*L$x~44FoJTp-7|TqJneJAxryhy{hP(-Wm6&q8W+Ip^`Ax8&R~A}Qo7 zP+SfS>`V0q_}41T?2I-B+aYqWa_W1(ZRMr8wN1$y3umlXV~4`I^sz&p#@lr((|AxC zu{oo`gu%;uCy4awXcMS>fLb-cMbTKUXqq+s8^Xv(UMtyt@f}-d6c3nIIFPYk$EE75 z$l6>=x715aqbT}IURZ;P&EZp+vfH3FwC@-6fm_NRbV>bu@&0|| zhm)oJL(FR=7iIT&j>l-HS*Iy@wV7`FVzr~IdB#8rFM22sq7KO=-gy8mTj~Yo)J8QK z#yi(b0+X=$tNuq?;t%dMu&_o5c~PeQs04BgASuP)}Xm!F|7@9$ML6YBe24(z1RV-cL%-S9^X$IWWC7_ii-*2IOR2uh2KW~l6je3fPz zB{y(?+8Og|WQaG%=9wiKw>z=VX+FKzF#5}oa8MF`zokZypxXZ%-Q$X*b-JQym*#HE zRy?x>kK?}Yf0eP*C~Nv;F43L@PMGV~DNIRp33Vgj-wci`bnsu7Z0rm#Zt>-2*f;-r z3JRs8wWn-tIcB_k8(LZh(oG(bv~uTDBz3~w-pzeuhm z5necgWtii%vHDT=QU@!W=V!b?U%3lw=!JMAhe#SFoZQf3Y{C!2#R5<)X9iKmvB~yM zJdP^29Bjv0?#U3`tCZ)dJTgqBj+|CXC-ER!#Yi%Mzp|3x;hC3UU|81cKEfgt>y@yA zO~uHPz&U(7(ZD6W z#}XFf3({cTO`6&NxEsqNF15)o&yf5VIsr{+!@3k+k+IAg%1DO8J^Mkg8kI~-GFJ?41vv3+8#eAjn(4Y9*xoFs`|$Y`w%@D52FL(Fi>3nu-^cTO-Yk|$@(r?Bm`JZOF0ardRvM!36xk+=lvFX z>FUmC9A<^Uatd2qF*1sXSn|cUPYr(#h204H?wmJnwHSiR0Sd|VEY!bs4XQKIm!yxm(6W;N_tqM6^gS`3UH{+)5t%T#9QJa3qX!E_bK_y)+xLxk_WT_V+Ml4*mKR7 zl9klobde_dgvd+sZi{1m-k+uB&iic$LU9)Zv5$x*O3}`;Xq&(=R{@S~gh`>W<@z`A zPR1QEfXbugnwX(|4LaaU-0@l&e8r?O*}U(LfIbsVfnv!OtwFr6o9;JD?u{q!IXLDV zs9_^AR#4K9sW#Wv1h3_KFdm-pvXgiXBDumfs6be8nOKL@wcUnlyvI8Zb$LkyDk`q8qZsrl;2s@B7)BYp?z~%0TKKB1%6jqXKDg0G5x}SNz9+ z4lkasH4|Y&%%rO~B)-C#Xl~HV1?4p4u!LsHmn#i~;F_G2sA&6qUf8VOA{RvLF~)Nu zcr6aRLOXrWfQ8dIHZti{4BLq%Bo1^_E!dP@n(LrlOQ-h_>f}h6E$vp#n1TcPJY+6FrrCQ9G#v&OI z(Vd@emV8o*MQ!oa8f?wog_dpx8~`K1Jbwz{z|mqC-s{Znbe}J?yVu-lYSvtaUZzzR zxv+m-$iLFN4X@QzHx`L&{8rpy)YP4gXOH# zx@3N8aALv^VWOyAJuLguJj0~FH>3P^f&4dJiDVMR#KuBMf$z@3PUT(Nb9pEx%E?%o zCzx3o(VDlBO6>Eviou5W(wTWjTW zkXAu%AW)UTM@eMt#>J9Nk=2g?RD07HCdp|3amIz7GoC}1h=vPrJL{4pE|-xIrcuBy z?gs=Zg|J*3!XNp|L;Ru1*l%PZLLoy&bCykw)^^!Y4V{E}Y$~8=f|JsBrKz2Qr34Vx z5#tYw{JTu`$I`W{{Qkt&9~c4lg&6eJ#R*tVrO3*2{ByM{ebiRoWU-q|dR zD{`B+mx3`!KQ_XggA(vd!JlotTS^w&a!;`m+ebc$Yj84eh4#43Cy2HcU<2Md?nkCO zB?~+6J%9MiyE_(>a06!lTz%U$d(xeo zxsO~tEz3W&L9w%5Hf3eB>Xnzxb1H<1coyP`0KalYx=HxYK^=q=@aE|(k7Q~Y8-EUx z<_)~ORO~eDdK4{h{IXx#p*YVH5=YL(3burQo<6QSJ+-ABhw+3((8Q$YD*7v+)ljD) z&K&(C9WoYUSc&Q1%SLfKg1k|qP{L%Pawp256Q4MG%-iwzmusMABPUcj~YtsM%tifCH?NDpGAyry~1@=WFzx? zm7S6d-}LFayO(dbK?0F`QMX7g)qu5WvV^H`%{8eEr2(*#E96@&MX>R7{+nd>xuzHu zn5bXhS=M;!-(MRrA^x{uzq=h9hbyT}t^|g1!f4(Ktd4hc0kh95EL!^xa`+zWH%FOw z@KczQL-)xrYp#vxF8v_A@~x|t4zGS-G|jJcWcg$=2YI%Dm}OZ3jI)J$68(Xw0QUmq zyb~c?7wLSqw0Wkm2K)kK)YU9gQ8Ka_)s$V^M|f~umIqYFf4F6z(8K&s>;Z;}HMsBi z?})g0hEs0O(0>Rb?v= zHUdE(bp+cxU8nNdW#!3{^IhViQ{cyn-3V8KS*zCi*kAcw{RNX;>}FkE*X$H>>^OSz zUDr5sce?oM&FXrKa4LpxTQ}0G&i9C$5vQ8Fi1hGYHC-F*=;{~s(iLU$J;lr?MX9;s zlkr-3Z+HlgQd2e4EcJGb)GH@8ek*Z~em*9v(qJ3nBo~d!f zasbfU;I)WUkct2=tTUrV*X0$6X(f4;A&_(#A?qJIM(yi%y%sH!0hH(ZxjL~=?9Z0u zs%I^FXf}@m+Z!p4E7Yr>c|dZIvq=cGnGuGh1vmEhW7CSfj|c>UmSXY%v#BT~D2`b@ z+?-N?y`i_*YKlQtA^NIpA$iO>M6sl{asoMlu91Jc9koVoMoK{R8ra1edyd`eUaLH8 zahWwB<{zlE^Q-ktYmz8+32(r5#-z{NL z-m+1toU4PFWQCaI8TXMa)G6Htvmnh=(%M`QOu7JG?}oU<^-S~ga2kaQw70+caO1Ps zS;sC1CyddyuyAPz6P!wB+Z|pMcdVf(xNJryfJvRrp^6Qa6b5*Y4LCIIW6s{s5-y2P zPPnj!Qfas34=^%wO#g0>biHjbtA==&ml62-vx`p2)<6oa|8V}Qmc^i!_C39jwqx2{ z;g)zge>#ea(kADQu!?S44$n&3!wBunyyB4^^Fnv3RkrZH=b!E>jeTx zKd>YJGx(Ew@`E3H!GzWg#%lVIG9CKBU@GAFEP8g%x9s~LPYP15R4tBD6M`eavq zWe?f-(m0IzR>b_t3+O1CLIUuiy)Mn@$2B0vH}ujXnWbC1_w3y2SSTTxRLtPi`>5|_z{ z{eT>bO93=)mxz>7&rXQ%yqBV^AQcT>8%{YQs#uQlsr(i#T>fGOcA~^YnxgpBNkN0C zWqH!Ko}_V-C6ZBaJ&}~Wun4x1Md4+$bXnH0`pEcpbKWtdPL+p0o|Z9lBK9_^t3hOC zJ-usM`z(X)TB*Y80ultGUy zvEn!4`W5D1*RWP>HsczSX`*WLS~B~B*dRq%voU*ORNLU?0Yas}XBd3|o-SYSwWqZ+ zEs?p5`Tzm>*qPbgZZ6NiUEChtj<E} zRQ&KGBjR)Yy%L@$!LGd)nM-|B(icU6k5so@#`ZNPYBl-iTh8!wYSXZ@QFjAT`ZL8; znLdx@sjhIS9H=seR}97MtEX|$9YxT|qpr0baC696MGsQK5Gv==Dk?Lz<@R`y8Yaae zCi_C(1u5L4`Cy|oYh^)NC(^eORfcKF0jJ_BlJf8ADLz0w$R|qk7Go&HTqRby;eXME ze*a3yiaisgk)<_D=v{*-mZG)|67JGBehj9b0qv%)gE)Yc)J??oJER8GOYtw0u7+fl zXY|jN8A8IFQx;6a_^$P*n`Hm90`{x{sj~6ZOX63SjT+Iaf*qJo6FaVbic`LpET#KH zhs5C~6}@DGFTWM&Hf*yU=%zi)hy8v1{dEm=y86qh9>KBDTOpZD!{wykJ7pXOsXc#z z>%gLZlpP9^SVlNOTFGIiUwF>&pp@<|Id65luKN`b?v*8ZzR9WWe~J$cFsDi?xN~Tl zHYf@b&`cg%{(=j|Ea|rWoct#YOB9E~M(C0soko7&6Nfx{h(T*IoZiMDeBR;Or1B4Z zWb(P7jt2`L@r2PdzFQNHS>pKE^_Dok=_%gfQ#ZQgZeB^`(af!1vjpoXj9JV(hcl8U zN<>}MzG}6d0G1?+wFaOc6+LF4acT^F^-QInH1DaA*|0^6W5!0p>ebsshontu(ArTe zYF-`w{$?W2qs80q*+%xIGUepG5^Q`)oVGG`Mu7qZe zIhR}e`$o`pL>Y;#i9_U(x#lUMV+J$=l^Y!Ru`Ql#v%dYOwqnE-NsOB8UhU-Gzh2+ZKef%*i=Meun34c>Z<#wdMKh=wOty zS1->^!rWY}C2Ql@gQkw_a``=Wb!)>bIysc9&1PtsB!FbFfNyRA7%- zvX*(X-DZ0?L7WT~vwTQ83VVpOr|i@}$YgqY?6a3%S`Pg(Kboi^jtKF8mi~a7{VbBBM1_`E~Ok|`K@~o%{+yhW-CIJvk)I}_{ z{Bq)4gUlnQP3y+}Xk3qSyu7AbFk$j|64JQDj)do4JjoiOL|1SuEpk z)j6*wyLa+QUGOW;9m$=Pg96gRg?h3uKVXw%&u$XAQ{E_qbUu1LE}ZvqAM3u7NG@at zJw0Ia(El{k(1RZ*9zeczA5V6uBE^#v3!w>u@oTn~^bw6}B&@8$nh?5Ejx_1k-CxP0 zBjfMp5bm$(=~~SsrOrwo8wGh~M?WLJ*qtKYP5n%pA2oG8nS0++TH|^ClOMb6eE9@_ zU;pFX^xpe+yS1^&gQ4776MR!Eq7@;`b&l1~h#Zmrmg9mAM-m0A`1nRvXKU`^ilZOf zT)WxYP2sWpyzuwl$~6D``1_f4{f9m& z8c*22a6^!NPAC%@p8Q-V-V)NK$M?P@ko%9@-@NHGm~d{!m>KT#-S59Pw#46)n233= z596&TJ6u1h?WyrT9Z|Z2Dv3|`!$dV@6ZgaUr{-$)`-e%$_x&)dYD5#_@URGLm{a!8 zlGWy`o2m#2b>sg6zdb4_3Rx%d{_9#9;RBM@Cx*Er8wvW$VaCB#!o|J;0cOXF zx$8}AImEaa;ZM^IFBj38p}>T{AY^Fps1PLhaA=neJX9%6lqKvkux>UxriOat1_Li( zwzaZbBl@sl5;SdV`dsI%OufG?NH1`h{sEg@<^A^2bz*V}$$5ZmGb-! z@>?(HLOa0MiP~xZ(d~YDweCqx#{;&uQ#$pL-K`P5b?i@O{lH2~+m$%dJYTgCf`jYC zV>s~)OfF?`mHu~U_!r>;8{#M1BnXrC_w}P|E?@Q8_j~v0JL227E-&rbx4eqxYU>IZ zz)CxY+(-#;G>Z^@69@l@r?fq9uO|0gq7}Y%FX~s1GF(d4{ia=be?9D}g4n;l79$=D z+jZU6lGMkCx;Q(d0%?a7M;Jqw`#_$HZ8W8RRzTT>`Fz}%K|PmDbf(>op5+M`wgQxZ z*&&)!0QdJgtgGjjd}+^W>!MIyGAGnK`}r9|XQE!N8*?C+>b6154V7aHErz{=kKkzVWh^4!IFc-@JQ$*J^xFY=ov&#|to&T` zN5vRaM#0CmB6ZXF-=8D+ob`*%_WO`k+mAagPX}jhW1G!;6$jpU4E?|DdUh`mSh||DqGRg#SCP- z*joEUDO~(3(zc>g$G$XB6ClWp%TYH>myYbqA?Q3U(rX-Z1w!Ts)KRrWY@tS zvt+rHcg-KeJ6fS>%6G9l9xfFj8fP^EO&^qVw*P7}j3^iM?B8+ocMGbyRXMdM+EW$zous?Ba~@6_}6#s%L$)z4nn9KM(D-SNh>Pt3KCV5we^ z#Tslmv)Y;T%Az+s21GEOh-t)n3^dRSR9%LfE`4x<1W<29u72idK`i%T?zMFx$k1lv z#DX}c9CqNLA!1;*bVADh*4#Zb>S0GT$&}Ed_4U7bG2uE^-|o?)MShrth(3oadCaqTy_ljD0yQ)gykk`IU8GS+6}U*&~oEg;F#owV_UZ!u3A1kvgLabJ=biJbY{g zCVx#&Mflc@k-M^FC5?o)><>;L7CZ{JkQ9x1Rl(wrP%QgpW5$+xx>-^ctg-VHp_CF< zK%SnlLt!(o&5rAkO0CW{&xCi%doz_m;l%%v#;)U;hpKaKoHMxyvbrhpaTqWvC2o-bCC$lcM7FR0kbai3cf$ac?ZFE7bM7*mj z7O&I~xNkkL@nb6xAt{25Vcq+&pFr~VF#f%vhzNY4D^F{ThcEheFU+HUDNDoo2VgGg zE$1h<2$?mAQZ`WfvHJoxf-`|$6Lx$Os-%b;&^-Ob(ufoavQNfveGPdPvxW5tiDcwK za&cVbW_4wL>-LweTcrlA>1?VPhCDQlgtN;ItuVw5ntbKM--Ph?tG$H$NK%1k+p0(V zFngGMPnq98YWeivchb6ZTh`b<{cINo0ga#jIM(QUE*Qz z$eC6ozD3JRxa*_mca!66TR*Wy^|Z0ADIX&$xI(*d_tF)PPAXL~(Ft39QzX(j0M8cnK4P!e;&;6ccWI?SQ;FZX z{I%;p8%@Hi{{~{z_cbEL9L@RRjr2T&lrxeT97bDQv@#vBkY^6)tOF81H(!0J!T|f{ ziW{nkT1l$cc4kuL2#QrthW^PW^=Q3(3iIp+cO#TISt$HdjE z95NQc8);_Hrtvmt*xqDFYEJXVGtm=Z3-ZzMvBCrNaZO_8Rs;&f@T}_gMG9(BZble6 zGVFwm^7~@pEbG%QCjXjcb5AHsb?2Vj#-eQ?t;{T)cL(`hM1<3 z<&TEHzt}(&?@Tz$8sHa1Q?xf}df<&hj=vVq-8S*#thxthBZhFEn$~lGOE-!I9h(ht zXMu(xlkDA?<)8!Z;UxR*NFf;eur4hh$}Niv-8MbQv};e0Hp~J;r*>1G;>z2{1lLy9 zXK--1Dm^sQ^6^JCp!PU82TrAmo5^prYWX*TEj=D~xLuu&LV{#`qfmK+P@$djj=^L= zub`zk|1uHBpPq=baUI-Gfj}_Zxm-uVMU3g${q|tnlAYFGC2H@CS17yYVD)uW-RwOp zS>_N7qHAI)Eyl3UI$oUVGq=`b{nK2Ul%X13_Yy9vRQ^{U9hrj1j~`|~VwzFKR{rOJ zB!LY}7;3z*?zq0$8_7B$cjW72`&{z$tykNs9sko$e7`<~zIr3gq2GH+Cq)j>r%1i` zwVN71MgCs^n<`}0A-1^Y0rgARxs20(pV{n1BNC4TG14?SqY8XCb?W`u+~QiyvB&9F zP^*{MtR?dM({c^tblYruGncuVQ}iy2 zs{e%y@!#yZ3IEsRGnf6(KmXmUp8r1GfAIgin`a6B|LS9EQ&cC$K$54fYd09UJjO4I zn5)oG7r2QPKUK*$6T&%-2>Pt#up~tLd+;Y6pJ#&s{fIh#U8dJS9-G9o5Hc9RR4`kw zXDqaT9~90JH^}06 zivG-SOb1jcCTR+T4ZL?mw+`i{>O(;;au;;L#-;pSh1RIm7AKn%1ohvv34C6ktFmAT zOG&sDcqaqv3#J>%o$MXl)55?7cn3Fn1-yZFHqKSSnj&fG#D2_a#jjjJtQA-Y@2(2@ zC@~%Z3)8CuXO0ftN_p$dVJ*E~8o(+QmRi&OE<rlCQMWaqGqS8Zc)Kj zTNyVT*Va7%q& z+5^>dbHAm@>|8FRwp7?i6#vkxrGq--Y5wP|1KvtgK6+Jp(arCkyh-(~P<=)U*_TZo zFy{!^`upiTi$x{`G^7)fShWHYW9uk;xwPS27=^sdW@}^#fz*`jTAwITX&Jvh9kh32 zHX*gDK0MBmzXetLIJ~;XJSq<0X-wrb00_RL$$;G?G0KJ=z3vxqTAL2{4o`tcokajf z52-@w09_NE-C2+c;W(~hR4Bgg#>Tnr)9f;Z)&!XOOuuwyo$sIx2r4ywSlwNWpi{56 zq^{_j3(-}oFLrnEc&eQ{7bk1Fe&R}47UrON+pdd#twmix3k=xdHwyw)u5(4E3o#uC zA$bFyqeD<$5pX;1JTR8KU@TW;+I$`GwPSBmg)F~-s`HmO%w$zmnVLiJAt-C`rN3u7kC~-kqgdpZNcORw$;WwAA#^<=TxWL7aZCjg z60&R0S__qy8y163U*RGO`EZ~1KXqgORc@`yl;2upl(rEGh6hRn6Mx1zhC2az zN8=c!G`vCs%7rX)$Qp-0vpyr;mluW6ONKD6lrqAXUXu7aoG>AEs`OrojV9aoLR$v+x`RlZ3V{K0& z>l@qoy!*+>uU$~~AOky(;2Nq4bE31bnj~}PhBS0kUd@Vldunsg3pn3}YE-Hj)aJ4N+ZfVbA_pvZF3u>?iy&P73u7G7jH%06gAoe_!tnLd7kzWEvkFUsd zW;fCXN70mRQ=eD%;bKWzd!a@piMBk1b^~;p-)px+olsm|Bn9#m!z`Aous~b%l-KG^ z_`&ZJ7HGa?vC9Hn!9k&PgiVDEGWnOrP0Sk2k!lJy4tg&@XRtKlsk2%t=rSWdLJ7IH zE2)lAGks>+n>@B4$7pou506W{LjzQFtj1P=H+TE5Z#((M_$Y_$;1G2>D8J-q)@J2( z!3wH@_wx_7sBPGAF{gZQ2L)#Md0|5Xma=}*B1&~1%_NOQFeLIPGX0*jvEu4(`W?|h zL51}@8(5*Nv~~N|#;|Yg7)q$Fe{#fY*rprDFtc|(Juk7uplij9U1cfiOw{&mCG|&* zhFEPxH1oR^M5>8G#c>;UML6RN=6-gQ{FKST3S+g>r9k?h8X`$sS*s!J!bKrwf9U*G zeCVKv5gq5su(^Cw*WW)R9Xm|h`>ZSX#uK<@UY)B?#VA|KI@dNoqyGL=l7#Na-Elj& z0xMUYNP_z@iOQEr?ZP^AS5w;^ok!O7^3++T)%YpRlxIasi#{7V1<=^BV00Xa8i>`s zFIEKwf*`CE0j54Gzdko_8^VX^uq@4hINHj(!oak{(zve6cdG&;kyR%DT=IM*n=!j4 z9Brz-;wVl>81=Tc^v~DXm~a}R-WJ--(zIUcvx%khd#7#vLU|EVTI0oS708f$Jky8u zM{)c!m0+XleE9Ir!3A7_{;Y&IAvt=sXyb(j20EC*L{Xx&;KV2!3}Vu_^qQGYZQu$~ zud{Ityctb4JM@=S$J8a*b{F+)BW`1qax$ST6LqNpyW*!7!qd%Tl%In(ObI2o1A$fI0ksXMg8;mH$86e~ABeC(ly+KZyv>EsEM;o114XUCeT% zYzXOr$}v3}wgPRCSky1F-bICj*Us=Jg>j_dd@_yg7dQM%Q}!^o%4RUh%_slF<9MsN z_C1OKa+CG1t%5hd|FN@EjsNj<|M`Re*PT2|tbcu(pC&q9K3t`h3=NeoZ#8RkuGh{1 zG|8Bw${~?v-OpC(ZO~)$7V7x+<$`>nrQ=+?o?vdhewty1{w~<7Wbzhso2iq0Oc|FZ zldEpv%a_APn^#$%gfa%?SfhjEw)^Q*vxBkzT3BXG6b7TGBcGu^1WOciJnVb|vv;6M z=u7`!zI^GR&!~?D*?)?B2uD{n(7ecK93hfS&;)aRgr*%#u=cy3J98B*=xMW4F`oMQ zVetI9s5Ir6K;a8GL8UPTi-%BuKul;Q@0tNSHNZr8j0O3=RuwFbel?0!wGVfbXl<>5xOk zT`Z`do6WS|n?;B2hvfP2+=u5T^8YpF2~CD`Re-tn-<_KMcW?h8|M#6dOUVE4^mHTK zXPGn!UpR|nxP^s>v&8^Je(2!`;0L;i`zH0=Gshg5~0o9GSRV)#~tJZ^xiVj zKdZ61KkIYg?`aaDj?X`Qh`xLDS&Z=Rv;BjP4h;J4=mLr#SuuJP5lKQxBDASQ zawl;3moEqEjVkly%honBB1e+vzR&^v^l^DSMVzQ%lEk>s;R&Nr9or^1SPBWsz&VU0 z6UtelFHV4ac6$a2gB!wyO+o=qd=RI_H@*0(7vCxAIkt<3E#!a6a|8bG__=g{53vw9 zi8yZ94Ce6vXFI+9GXLM(+1Y(K|GSfC3I1=qfCxIab6rHnD^dnwuG19OQhY7qCsj~U z-e8+?$OeAR9l5L{e_3N#%>AQ$!^D)+E+55UZ7_6BjNga#gU_MP%^$)y(CU7zhgp+% zdXPJ(7d_c)b66C08CPfx&`YiL9q944?vaZk*U>>M*IybmnxX~MWbI;AsXgQVw@^d6 zY^8;$|EnPUl#>DdxKJ}!WE$v7m6oixpzB9i=tjjIhDx7hmo^Y97}tWsqw3ush(KGt zMFwZATlS+thz?3wzAaSq>JwGt)iNHDwc)n9LpBg^XC7dM9jyMX*|)JcfSJz&AjUyj z%a>={ZE&A-{Sh185obhT$Uf4TVm@^)322)(L}j4Ek+dc^#w&OJW-_<8XS-HhfmYaLa-I^zT@yW35 zEHDeMsjz)U?7(K=zGQP$oUg^ryUF5xQ@mSmcs<`s;oRK{tOSwE3MMS@y(nH9xokeKW1k_HjEpUjs^)()etB(;Uv^Xl13Z(pIy|hj}=nl7uqjjfZMg zfSlshmNGeNR~;+usEt-tXi*!_7?UlkBX>S^O1(C;qqbk`X5zGwnb&jc&sSe(*FPg^ zOhX`%w&B!E)LXr$Dsgp|TGirG!FJWy(1@?5c+J{z34-!y07#cmR=JE@Be*6Fx$GF} z=0YpMuvK?(U$+s$V!DpxwVENS{`T(hbpj!m`*fVO(3ydRmPOT0eGTOoAi|>7Eug6h zrr8+#cQNEFvIDNoma|4-U=g@iFy`218`@jNkh5SjYc}K9K`b%vE1GcHTDhSC$2NP< z%{MMPU1p7ygt}Wa-rVAHD-Gc$>&)GemRVRW_10{dQ|ot$nJvWZZ*o=(@aN2^%O#s; z%zgiL&2Ve8|FC4pR_2L*U%vPcPKN(jzY)j~()}?4 zxub2j1Zl8uXbWK(zAJ;$IkERV>ZT<9ZEj0PnH;?;XvJwKr;8Rd6uf@bPG-y4OI#@C=%Tk^ z{n9oF7leCh7Bj5w-@q)UE4Yj7CcWnE%s0j<%Bl>x0?X~&Mpq zG0v1+farC3Ul8f%VWrn-fir+S*xnWuHr8i*1L3Q`7PWB!xL2_Wm}b9i+nX8067#;Q z?X9Jio7&z?v-jNgwy=e!O@h8n3(cDKoYpbSGt)Q=Y6UaRt(rt z?V?}XG;=4<+U$Rj3!wQT=sf?gXSMvl&v*A8?tk9Nvy%O9dj9|Xyne%9DVxOCH~YaL zZ`Jb)dblMsUlp0l8Tp|0T1~!Q1P>+pDhO!;1blFlv2mU#}A9 zyjNDGuk7ii3Gl(s>+9H>=I(jxvox)1T+-xpxBFwqr{r2Np^;wtwrzl@H0?qON z>g`wUKYKg75BLA>=2^x5bE@b1HjF?H8QmL8PytiBIjAUeGnA<=SOl-c`Tmx2m|keJct>$DBSKU1^4QQFCvNhLxba*?dK7O1)SkX4}>L zdhvF>wqb3oDa1@2in4jdV91%srKr%I#bWl#c7%p5s`D`e*~=OfW)kN@GjO}+h1ny! zPlkro#OH{FG$MI^JE8znJEBPzWZ;~&=hcZV6C|)1j!H4PugKJA1K)m|wXd}%&WFh2 zCiB0AR%hX*iGkW~VHGCcx~a?_L0O!xC^0QLl^RPq{W#>QDFw3R&#hHT*V;sTU(MDu ze+OO85;4C$XQR`IYEAXK1c6pNneQ;$tSQ?-=9|?ybzo_>A#Ih1Gee(l?PJ-7*KDeC zhPWiftY);D(a;SoSMFrpZ}XKkcGN_|C8wZ8th_~I$a>X-g-3KN+@mP^YknX)pM!v` zTwj_q=oYzaEUk%*<(y7UmFgvvR?@ERLd`wi0w-~W)zw%@S={}Gskm`G>*H=NqL<`! z)mG;;wPt?j_Li>B@)~v9ZsV0TOx=#{(t*> zJ3CeXzurUs$GdsFRSdvqYO-(V`md&=dt>_raN5nj@cCvIU){s)7<+5TT+A%1t1V`c zZFRUSHF8C!B1oZZr6EW;fjRvbiQW<}T1<4M#+)j_MAzx)TuALUY^fwnK1G{_^Bbf@ zs*I!42=Zf}*V7x4qD8jG8~!0Jwd5f!fSaVb>gCdBzja*HmE zo)VP53UZXm(em?YNO(SsnINZ2fq5^i`A+7-0z)_PBrIXO-GZ8rUBPd=HgaFtWas#w zRj6%-@0?q*-L_q3!L1!H?I-8<{_PvC=b522gPpZkH*X5d8K0WlxS?jI8@-n%C%xn8 zT#{B1)1zM)(_oP?8|N+RSZk9)+PD4oY1VbzIh&38;}Hq3M1Beb_y+i)#mB;8RA_n5 zGH|^n(Wa3Z(0?7G-qWpxXQEN;xB>k)w&xhT+?~fV_44+$xrEHMrT4;4i|nO3Flj+o z+&ik!&K5uDpsjm%#VYcivlzd&{`9Rs>(c+-U9V~dn4|wc-QU}(`hV>`fBvBV-^H_v z`ft=>RR$FOKB?>aT6Tx>u&|F=GT7Ns%w@AG^5sc?;Z>(i*Uz09jELm#>=-e*rMKRC zd+X)BEh6%@NqRc%aU*V;hEPv|T$u)xI-9*6WwVjvVr0@t7c$V>7@+SmNd`+Wj6Dkn4-B zN@t7?a_d-0VVX}pf+oY7x=_$?kWX~0USx9QH>8(dOuWsh%%+^5x!UKCsdX%!YKnrn zOL9E*-Li!=?ELw#Xzq5=R8);x>&Pz;&lZIQxX$<-L$VrS3L3~DSY}a{*G|=DxoV>J zV#T#xuGAv69hhUI>U3PYQ_v}tpDlX{(|J=r?Vi-mxgSk%eq&TE2eXxxiVTT7&NwGY zVN~pNs)ie!L^ww_nD?Ift5(Ku3EJjLM^9ug6F8|Y$01rk}BGA;!YBNE5p^Mb}$h9jB` zw-F~XmULpa&Eh>yB5wmFWT?HQH??WPc%!2KYb!u+l6Z<(0yPy#C?y=lG$DZ(ygdK? zTy1jR208{pL~oDJQAD}$f+3Y%_*aAP1^s{VF8pg>jD}tHkNqhoNw;XIkHf1h1>Hw@ zPXckBdQXBrzVe;~a-4ck{y%R6y~UieOrVpOuY?z*oc%#U=>;?*xU0)?_JPK#rv4O{`YsD_nueQ|8DQuL;RmRc{b1sDib`Wb~XG=`&>ya z$7)$p1tbdSKdv zecqT-4^S`o7<{x|H%w5;`1Al-z)dHn&md&uuK8Pa20iw%7x%(Fk>Z zByr5pJI3Rvqk-7iKqrahEXv>*!t;PhYe6LCY(gU<5VknC_B%DMlyHHrM>HIv5GP6m z0`osybeNEsr6?iSWnOdDs5TT92^z3CX4h)m68B>QN3Qx*!D0_jFpc4xQI-t# z8?=JUNXSwG%2Y%L0|J7sAfZ-TRJR-GXfU7&l~e)xSwW?CJ{plk(g7tLxzA_xl8BH~ z(5%qH&u8@NV@g7$VVxvtCg)f1KKrwudEeJn?X&k8U7A&bb4&#ZifitAY+a(6po}n&N}#A0 zcMVF)B8!w7R#FyONV@9pMA9b6a!^7xPFX?{nFCbVRW8e<(h7=3N)0Qw2MR2xW1QkX zjTc-}4U1)^HMaQEv>N9xxSKDfb#&m)cIe$x33-K9W)&Vno*avYK3wt_yvQ@rm) zqH7w*h$JF|I~k2vPKIt1nUF57m}rV8ES|T230;Nbd_ocRj&{G!SVUXU-h<7S+y~%@nnpL^HrIeyhB4>=rPOkJ=hb1{8x-ZnR z7pfm!ZX-bmdVgZ8{kFLQWjJGUD|b2;l4lS)FhC6hNV7QBcM`;9;{aZ=@QQFvgXoM5 zsgQh%%r%DBcuWM^j7Z8!h$V>*)CPshU2u{_gr622A({wDaI{q!dcIg%N8j6S|F*kT z;HDfHn6)tJHE!2eRteuZO?M1nXj?Ae=`C_ z@st*%QLOtoydp_-*)Rp@2jlL9uw9sj|KC4mNKGVzi==3C)l$V=!yK042 zR;(i$W1alnDFcVIKIR?6j8&KKEohc4s=gB@X-LY)9ohmGP}c3oY}no1>HWRC^Ss;p zTNkI)cWMitCVtQF?ROovK20S4m>(;IM4%?5TK(b_%hAO&C6~?sPdQDbus2DJf{~hn z)(tE_@+Z+6)>4DYanGMwNHr6E9AhEW&VJd3R9Y#xR^K@B4i;~ z)sUL&0jid74jvIs5+==6AGJ;{em+Nn4ii(34rmD5G@Q&4X^-vfdUdPk%inp~B9>Xp zVo|Vxh205KK^FKK_ep$P+Cp2`D;#O8ch{PCSP=tO?8U37Y_W2VBWwYrD=dYB*=8RD z0XRkJIa2IG|Aiz2!I>rKQrqnVk&-YFBqpI`yj)A^6qjNWmdjkuGU$M$x|n#lF3MQ_ zm}^~>F^?v+*M(->4X`UTEB25$&dd3|NHtrRmK~@PZzhCu8kL)xM-yegkFu5Wm=i7V z*t0NIY>NKOaI7XSLO4wUwwY$s#UOxxQyh}gdBag0vukt3Qv1c`Q|K?8ZZ3Wb7MuRTBz^_X{s70!!SR!f1PIo zxX;`fPxC)rTL>7#UX|+qwz**&6eb!+gIR1H)K^2_6`AG-IXU{wb&D&q!~xxn(3eLO z2KDu8;%L?g9rP7P09vTOY(QUrONepAiR6?_2>6cE0m3mSIGUmmc8(};_4v}oGT%g< zEMo|DjMrrJw(Ndok!<_!b?WbSJ6os|lVm7I9n{-F9U(bOhDCrX#s5t=rN0Xz-bT9q zHqv!L*3)H=tlFsc7na}MYN9@vQE^#1Mzk>#FiJU@fJ=LRi_D_dqEFWk&|LI2dt!Y{ zkKKnQ<9JBc=Y#omHr@4kZhoCzuSCpxN`f%P!Zpvk_IWdH2uv#lwWdl;6Otq$X=ap8 zfrcZM)8gxIn;TBqmSYv5po>(8rCpaScaNpEHHlmISg>;GP^NJnR4<7L*QBWa68RNr zxXh}UA*M-j`cpa=&RR%OUkNPl0{K1P{C+VKBbLPx(je$SJ+_waBofJD4WfraSk`Z1VMCRPOBN=5kQoxxT_8Y$z>kWfC1jU};*I zBe>YnnYYl1Z(o*=SgXUR+!og&sw{ZHfU|LK9J)lT{|5=BnGh<4jz5p(XsKabl>(UP zU&{zzjl=kfOw}NMroz24AkctvA)O&8h~eT6Hka@tGgQV+S)&hvunb~&j1rdkwzNBp zx=?*ZroHmuK$LD8p5a<=i@X0TxcGm4ceQ)Gx8L=%!qtbbFFAbe{_oM_GL|_ZIo!kN z1%k}nCefATvW0>}1<6f9(OjC{Y}*|DD!o1r8Bx~fPZAVj0k*bj;oZ3HTs_pzh{M7s zV#KcPw&`r80XkR8%v(3K)Nh*`Hrxt~a|_LxzjBsg~8=A52Ulq{H-Ut*5zWTx|h$q`KyFj66WX=E(*Kk)aGFeGxUpU<>iY?eD~F- zwJx0*IQ?SP%?NdRS*)Ghlfo__Z88I0sZX@;yn+Wza8w!(A%R$8A}mc=rV)?{f(#T! zYqBSR8cnyvkLJx^DUy`PZOTi|A7oNq*X%XUA4G-v%Co0nxJPr>lyLQO>A7=K?yhA5 z>vQMii2S+}=%jnOlUbZIf0Y~xE3Q2!W5$i zGt3Ac@A?p?rI+A?RhL2vYX2+s+E^7*0A!>tVuM$e(kMKLvgp8 zADCj^VV=-rINuJlfX(GbW|6sugawrL8|n2fRbLyd1f0b&O@##lHv$y8HC_#$rZv>bQ{$!SUsRD(1b zdI&|ubRF1>Ft)f8o>bpUq5{PX?f`iRk&k$s#^eA+P%EI!^PEUbbGkaqO9CMmH>cc| zO~j^dGNj2z&y#pKuUXxW#6!24UeMbQdVWOu6eoUf$LITdo|k5Etgm9vYZQ<@m?Es3 zKg}!VSrfpZ{rD)p##8Ya(Ln)+!r5cEBqSei>--0TNGN_Xc+KP~CxRsMv4+PuiWLB1 z&hgYkh)Sa4+0KU4hGUJVNLZi~-3VfX0(^T(YqQ81UAoT{cwR*MnS<`WPA*YHjUJ1= zy$tLMxLZuGz=2RvH~A{9;m?!`L^2I9+I!fbW#6b|4fYl_K9C%iew4o(WkIv8E zy*Yd76+-639{e77uI#B%38~8lxB>71t(6s3Ui|Y`6Dk?u%>sM<=Hk_PAU|q86|zLInA{}Q$j;8) zCL7u5t&nbH!F(fgQ_S5s@d(V#$v|X&(I%&B?`R5&Zj`}yuhKuFCE3; zups+Sksob&O(^KCgo2)ng5G*i(7Oc`^r|SZVQ_!70bh(WCPTeoC)n}4_iqyPnoY>K zPdMuBZKK_t-JNX{LuuDuz(v;>?u?E>K^oA6iV=y5``SY)M_C_Y1uNn;F@!gS#4-~; z8~AcWd=nddYa7WC6=;nAVBC$X&DMyQ7h31z2Mf9cV$L^s1zg~D76an{DPH5 z*{e4{2cGxj$vg0QG=N_dP7pP*h>6J`Qbof5{p5+~`RLU8pPSc0qk{@}yl}&=ERtNJ zO?$~pp`kxTeI`e`(k={d&*I)`NX@Jc+zi7nx4BzyQwIh{EQzOE0eb%<;beBuYa8rZ zkpNDq8I*P=+XB5e#EGJ*2#pzFsnB+{AxL5O(hXOpz4kmG{i?8_S0`mdF?p8#TEzkdR;^U(+k)K}6wToSQ8RyyrzKOXjTr5Obyg&HtOzwC+}z5B2v0?5Cs-sjCnHT#E4McTZUy+9;rq_%DTg-yHj104ra55m= zvZ?oMFrZ*`gklj3Go{(Utj%6KlilAZd%utAP)~7pBmdLS1o1;Gh}bf##C%GIdh+ZT zBtw%uMJ&GxGRR^S)8tBMTChE<9!v4wWhNP?I2K(_1dAucSHSJUzk7blg!BtQ^gMT+ z_7)jQLvaZ6p-T{7jRE@eC%e96=Fhz@>}EgHkR(czJZ9-sCzSns zIE|@Ro9$*{nh3mqng&>3Vp!w~O1rz6QV2^eB`ACxbi3Er*8v771ICBlSeFvrpHGfo zy*_{C@2YM4*CZxF6dPoJs`tiF2V=+ANO6xLCz`9%1YL6~A=`*x19^=(@ggcDr~OQp z5M-gE0=WegGfq(F=p3D#chHNY^ON&!@7>A8k8ggxK<|#u&W>JRoV+?mZ_d#1o7XQ- zE>7OOK1Xl9M@O&!iGDhH{c;--sttJ`Q-~+QIHF_N&I9k<1c$Mm=hk~L#nKSPI2mSm zNYIc?h(07p2_I9TH%OdBUQEZ-#;2$aC-{aEk32jN&%^W8pZ`Aq0RR6ir;7RjiWdO6 CE~_&D literal 0 HcmV?d00001 diff --git a/output/helm-charts/kong-premium/open-appsec-k8s-kong-premium-latest.tgz b/output/helm-charts/kong-premium/open-appsec-k8s-kong-premium-latest.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4a41c7d6944fd8b1fb69b778d5535bb0866a3ea1 GIT binary patch literal 210425 zcmV)8K*qlxiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvHf7~{*APnc3l_6`nT?C%c-hcCYVVz77c{P629 z(BR21Sn^YHfr~E&AKh1daKDouoYNmj!70mz=zhP4^W6Tq7wtudVP23qE$6+2dI%LHXPgRFEQV+%M9zo(ek|FI zM`J27Jf~62=6(Hp521UD%3kzMwD-K15FQsaSKZ#s2s%z#nS>Wu(0hW;GT9YJI7`sc z)mb>l8J?0k$wY6)BsQi~$>_6RptBy0B`ouXKacPn|AS@tfy4WRJ!C1v36EfPlo^#s zkv`^}2;P@p!@3D+7KbS=rXX2cCNRxN0mLG6Ow%C}1kb~}m;8TK2v|y)cj1_c zo_bVYn?26TB39%#2v4b)m198ljYLqf3gMti+4zWAbJ{iiIx zdomtdwf>(UylAZd=YOpK&+=1W)}LnC(kbC$i1-ZeAHEn44)^w79u8i-h{u4my{M-F$tp9tQmV`g4 z0#^G`o%$g{lD0M{>S?N96wv=giLUm3Zy0;O;~~CPV$VS?@2mGYCq`7c5#Xe zg6?ra>ndd1Mgh#!t-WD2>Snk(+*xN!OIw5(=7IIHU zIWF*=2vTr(BRj1>Gdub*%S6G_loa(AS6WgbUXDYMO7#|RDUV5-;*7A8w|07(2~y+* z<-~n0-#_IKkg#L$Puh=E)pR$*9zt?e%YPBtLZ_gfAy%M-a`+VpKm{l1M7J3cA!s&5 zVn$(#CphH8W*MgmDM*6wJ*KI|P-44<<}|yOuty4^ zA$l=T-;Z(<)5!vf89|&B_cSI5$1y820BR_bCAtgDIh|$%{*>QT^M(2-!DP-dP6T`) zQIk#PbXs6oMm=QuI8t4xxmBH5N=kf>O2Os|iB`n!NEV@Q7bsBzU{}pJ<%TzsU4`?E zsK)XY%pm|J31S(%tfttRb0BntMr=-yq-Tr^jtcTiNeiOp-SAk1E|?%l%&_oZAo4zE zoN)A}9Frm=f^a#^gk*x^6nIl|ukQ4`#3*J7*+n#y#NZN4&V*`>un;)DL%b{|IM(ck z4S_};L2u+>U7oyz0|!pi1>(+BOI1no)*913lmBK+s40|hagr#mQW}@~)oC+CAAaq1 zb}zY_ycY#Fw5@1v#4^p|v`j!S*O*K*Eg{u;$PzfBte>!$_X{#11<7L4x5}2&EW|nO z-|t0xFZ)}z=kR_nj9CFhGk6`d>KFt=L`KEb4fIol=p0Y0$3xga098aYD(Y|y6!|V@ znTDca=!Y(h8ROz8rI-^7faXIK?CpOY4WdD`7ibW&p#<&V8%!9J2O^vX)w3}!%riyL z6EdM0ftk5yX*nnA918r!<;I8}u$21+;c}ttSy7u_!QL;b8H7$sP6`Dw`9Xp62Og+S zF7TWftjIhUixXM^>$Jjn3&^Yl1UO$|F&mthbT}}DYyRHydV?$UU3IXXn{EWhXkpfOMZcAkWbI)oQfgZKYa0)DvalO z^FuMu+rHX+O?zAD@}3k0O_X%ZIgW|dD3ManEL+q!AEFy5!O0!|(Thdv4gi|xAjb7n z%<%$cOh~zx5KaqV$cGupP|59fqM&1rFtVrKg#=;Y4N*Ye<9VKv;8Uo7EgJ5V_Ry9 z(TD&1{O0oF_3c+b_qGtp?rFg?Sc=sFp_+LszSWcwS}3Zc87YWS-sV`uGrP5NDKcRD z>aumgd3Bt!aet2G(trn%9Cf7Gs^{->a%YPiII7JB&n5J^Z zeo&_*KwA<~E~8lLBr!qko)q>NRj@f?Vnzz7z^ZMZO^|cC-j!sFrV-*=;m)VGQqU^c zpi48em?TZ$Q;HCL4@N${r$gmLau^r@OEdX?n{QBU{}&W1^tX zERa0u$#*2>hd$~(21oUL)1^meV>bjl~S(5?y&Oxw4_Vg$V~{Rw>V$g z2oNDf!3zI1DGJ-qiq{g2&L$2P-EClB8lt|ld-Z!peCfp`8Cf1s4{gpkujO z-s1dO_UxJnGkLm$rbbYV`cN@JD%NnP7L@ZD5vIdpU~=TL}dn8SITJs8TJ zX7^@dBRSLd>98mDQOPbq4fQ8d0_(ei&CLUOCXNdt-jKyLnN&{^x+9CBBBk?CDM=FS z9a+HhIHe>Lx8^E_i(_~okvV5Lft~Ugwu!emm$Ng1{v>#yY%BF79!ri`0`og=Hy;w_ zED0@@n$IV6I>$MjxAY5~rr{k~gg}lk$F$%f%|cwY4l%Dlh7OXUMN*1&ASL?i-x{kd z#+lTqfY0TT)^v@yJlCreXo|-q)e8*RWi0jCM14VUJafs0TpK0fsvB z`bx|*j!sy7CpCY0xC5T6E+ovx40~5k9sg=K7I(@-AnqPG=%r1Uo&1$YdfZ zeosaKM~)#c)AWj^G+qqR+2n$WD|K>QViQ2PD6lej$$qcOG*xWMBXj15ztFtopexUD zRssxTNz;n9qhP~#1(^&V&&hHmAz&2d1--|Dgaw&WE{a7T-~%o53ft=FJzrd_mT$;H zy_DzFhN4>?pR64wOHfL=AYktE^k8VLy6{e}5{}EN29z(*uGup36w^$Q_X2%?b91FRsg)C2ctP@>I(A}ob3QU(!!FvzCq9d|nnmo$<hsU|2$$-(v!?4n?dU&G|?J7NnTdOdG{ADWFf!zm4=u zbGFmA=NstWPT}AaP2s`8^G`E{@V9bH+3y+T9b@_N5sFD6q@s(Z;;F=%B(x;*Jt@>1 zV?Ue`bYzLGlruD5814wQx+gaS6lw!J=wq<6>8VCos%Nm7B`6RnkK#fEmGrzieH)T2 zW^y4qxJ9;;7=K%4NlMUmM^nT_L9^+O`Q&VZ#!Sr2;d!@$pzJM`tw4RD2Bt=ZY-4S{ ztF+n+W7Dft7sZKYchMFE9-()N9reK&EY4C3gNu}kssKk)mQ55mRtj$H40kU%(zZs4 zrS8LDn0<472#}>hsCZvDj=Ch6xj>XV&4s@Afc@rtWM)uKm!YQ=2%w6EFy2TT=c1U+ zLy>Yrbxj3h{)ETY7OES8+CH%qb9NSe7u48lT+lfdvq-bNm<>_iP(!M>@{yDfIJ50( zb=H#fpW%CgFp60rH$;{tVD6Eh$t4@1?K3$nsh0x=BYh(5pT5Vj=wHG4bjNmo1DkmJ zCk@qz3oJ_Br3-0wUkd=K$4E^i!zo6e8I};476S)cvw-*yy|e+ zYf9#g_gN434q;yx>w8*sK6-a)cB+@0*6rmgrf@t*`_Z1UJ@GP!jRF|ig}@Cj>vNSd z^?{fw$XrS(b-xaGsdAB;Zn~CGeZYrWqSpt!g+MyOik9f>`vkqR>+)DFzMg)2j7K%W zQ@1Q@C~K(OTgtA|_~a`|gRfv0xH%sIt0jzZkD3zsK(bAM#wm;MdRxxMCwB^MUj>NT z-K4FrB|L1`>@EVcgqoV16cbj=drC6t{pTL1G*MerLJJa$RGUB)(v=laZ810JqtI#q z*|fI>Ruf8iB=-p^o-?8k$x1v^Ay3q>{L+Oo)B-Y+L;+~-+8SXL_CTweQnuV2UnvI* zssAFQ|Dx@9M&dhl7_H7W3YUADkm4Cf35!cBNOsMYly4Nb(o8KAs!VHy??i@YhHdAK z4NelZIs2WSC9IHHLw!H&P~Q)`1Q^KuV@0R4tM=1dr6L%DuB#;QJf#91Ujb8{TP5;Q1yAz31Vz%ZvqL!2FPsxm z(3l(AJ<1AYR@-V5$e?4R`BX-R--w-PZ2}piNYh00d?OQ)Ctv^iYhusqt{Pk~vdxNR1H=t(f>rJVFaFUW(D9sgodbA{jg$gYyv?6q_ z4qIS(NfsHN!v(D|{@{sJgao*qc$2JFx1xd?LHNyJFbM4QTIsGXOos@kVg@G%sX9q1 zt?|?h2jUiPqjpUT<7M&gB(>%(gio?Pxx*#}U~8zSQ}q zk_t63<-MtnAvecY4u0;%AP5yMStzb#3-ukAJA_HMNMBc|aGpwWvP!lnfY930j^)IT zF3wy(8xBSS>X`@>iLGhoKlUSsM2(GO%hi1w=OSm7|71_+GvoBGPfOUIYH+5^56u`A zbysZ9^}h`Z>$*xZwdRmz>hWU~#Yob^Ezl-Sg|o`O0bf*^ki5J!s8&Xc8aFHG?DckEGA{`WFPc&N%JJB}ZX&8wb?CF?@E( z@;IE+_oTAWfX#sSwm|b}`tsPLf!0D4NhNVbfhQ9ht20yOpVv^yxz)mZM$6yO!e^(F zfIzTdFP?uqXNo@iOMoV4Ga{Kik(&f#VKbM_zS!>2wUzB~Eje7M&6Q0_(G z$FB~F+HGH3;^m4oSq|X+SjRytw?CrWLkMzjOSJ>@K21r;7hI6J^|qex}nW2 zeaitt%79(;Fr(Udqy_;_2i?H*NYzz4&U1nx4vuDkuS9NCj@9it16jSTL;eebm}cD_ z8^6JcoI~N@$otmgc?$(ngAEYP61Y3yS}qyz3%w;md_AU_LC(G(!Yi#M^|q9d(o5OK z)yv6*SQ9qU8Wuna3-VAn-A7pHfLd@bH!b>Aiy-Q0zO$Q0Y=>szb}K>;k%6H- zrXAh7hK6pyJ?hqDvRB~Wb590CRC~c)=k3R0DbGd_A)upTNMhisz)cmbZ1@G)uy9FQ zIO_C?h>Zr{|Db*eWrx4^Z3Ltr)L?_`bj%2=&_5dL7 zNioKP&Q10NEC8BhFr(zL3ChbX7Nt6$tAK!?qn~#GHx(2|IWLJ9{!`bS6$Umse9Kqy zMarv3;64YB{ExKUtC^ha#G=2mF*izr@KiOuanE}d7kK()UXZZNrv*;jCS<;7F2L4$oK?LfRm` z;ixY;)vV5K)cb2HE^`GA!b{ztH67OA?f1A~Wv1=1a%N1n0jVebosExLH2H?ABh?Ew znLxZcXmuIOhz^zAMgLop6;`qhB-I`?CYTs`5LBR%Ny%qAHH)<%n6pfCh;sUqtPt2Q zf}svNvPu1vaD=n1{R^QuFNbJvFqqpXb25j`sS49aKqtZ*-yODmwzvOMefImzEV6~( z5R%Kj=TxOu;l#zU(x2=KN)S$!60SYJHc*^`GI_m!!uU&~rUO4$SgaFaG zQW@3FgSF_IgIfLaK~Y=slhW|AIvgo3qyUloW!7>#5%rRBs{Qug!(h*(h}p9KrbGR=yX@<6Jm$UO8sEBS z-Xc^Msfw^0_WNCJ)FEf+J*&a>-Z_S6_hE>FzRhy+bYh^sp3H9Xd&xBP3G#ic%wG4T z{h0(K&0e2@&-xq}3zV0I@->E8YHjY=Kt$&9=;KUeiHN|U3o_hzd)qV=CP>%` z54M5CDzIo*gEUGLTsPKkp;3^L_acx`B5f$6_ULWnitW%eL^D8E;V^{JYRMpxt977a znISPshRRGQ<4Mr-XwMo|G}v7~*9No*^p$lp(is<1dqc0ItxqVAB^NC^ovDqifOw{( zoN5EP+XUBM^{V?PlkF$yxpz`QEv%bn3B9LDiPP#M7|{b5@+MW-OO2b|ZefkQZR<+&pe`<>}8MvEr8T0>5S{Tww*l2GIbq0%hbud0oJWF6>Y$7ZLCNszrqRip4#}?a3cNeBE333xAaQ z@W`9Nk7LU@Ha(7$`bs9<6Sm6Nh#eoSkiivhXlknim*xCls@lhK{wQwOD zi%Rh#Qhv+tXnqTrFTA9aXGU(+GpmB`cKz+qv02SaZzeP}usnF#HKnT8zautXp6m)F zn2Ly0SuOR~F3Ku>h%x;-2}G(pWo*HwCgc<6{DX%#s9cgWS zM;5*64E?0ZY>qE4ZmuuS&rh$bls2wv`h?kIz%E(kXi+1-`G1BeI4uj7lm54)NNJ|U z>Bl5c0Ve&;r%-{VUL{dcTMs0V`jL!hjNJ`8+>j@jre#5Fo{wp!v|8-|fnJ(>6=yw~ zeN0DidAp(&yCb;MV};{arQJ5%g#^ZW*qcD+JMn-jy&=E{5r-Wo3!{|yA%ZQP93P>v z3V$}%e*>~5+}aqGFuFQ@i%hU}1w!2ec$QYdOiZ4#*E}d zXbqv^EO%38L>pn$rs3@Tg3bvmg-%y2=U{JOvMC!U7O%+=?G1W8--pm9(AjF3f6ts| zb`M6|o&&|+%RlebAl6NFy^lzr+MZseN~5}kelWnmbfQumf_EOowpq(n)XcYPytF?} z3e_G$#Tds!f87w!@xc}YTV<63vodSxgP9TwZr0~sr6Hu|VvoW&QhHA^!ueIf#+n5o?txsRIwLq0vws-9SV^J1!T#Zae!}A!kz@Y;=H^N}oKit?dO}iMWyV$^jCJnP zfsLe~EOA*5;Fh4g-pmTZXDm&IXwQ|9&hzJBcf|=^Z$yv|{C6;*->V^6Wth)MELzWM z4gSVbGnCEIb(u+mqSpm0^Jg5Lom97L^%Fr}@);zJt5V-;MH~sHq+_AL0kpFdbDHbw z{OIb;af$8f7H$IAI=$Dgh}32V$6$uujZi_Rlx1LvVM(dfJ{Jckg-HE?Uq#?5AiGZN ziGSS3xm@-Il^dcRoK81J%IJ>95zeWT0X5Lh(Kx5ySIL7*-qy5@n)(t{U2-bHD`tYNyu#-*5%OsG%rRDu-lwCVGRNV&?_)Yga{}*paCcYwLuB=X1Fa=H3W zWFv6MWGq!))||+G-L@hvvuO^6SG%g>2TX=JY5Ipt*~@~JQ7a6&3GG_$CGT?*YbQ;u z_o;&#d&msmY;)qOqPr+|5>M<@y+|CcYU-|o!f`9R!6{K{^xjoH@LVU-(*{{m z9c@4+bqCtIl;tp$rC_}H&66W;q%-*h#{QLsXr8n`W9*mYE6S`YcVg2sBb{@fsH;7T z9xKo><{W29fqPrZt46!;!?%J9FziE3l=>|lxWd%;IW<^qMdHTav5pTUcGbJv14z}B z-q}Q8RXeah7DOf5ePEhZw13OClRR%nC+%0~1YK{>C4ll=T7w!23D+Oa0jZ3wP$0bcgNVAF!C|dWAoxDAb<_To;`SIxb z;_Tw}&@pQ&1GOE9!lN>bVpQNPVRM-J2Ua9tZ|Mcqb9?Qq z52BIlln)n0y)6g&`#hyF73rd5_-nzRFul(8iFAtwThqFq0uWgRzB1yw1mC1P9O~AWjTzYxc z{oX-!vA6d;+S`i;VM4|fXW`ynSnLmaH5&|kZ%>F7jZkoS@O=N16n!|hF&T1W)HO*9 zNVGP!u6$41Y0uT!TIOF}a}Z(nhM!?>il61)@Uy;KIn$3?e0X(?0E`FO@j!c%^aL(I z$0^S4XZC~^-b8hR1Kst0v4b$kN@?QX8 zjboL2q^Hb)RCZ^_q{8nq+p11ikj;<`rx21LY7F3g(B_9~&8&5zDaFPkO&f94=kLHf zYCdPmGh5O($sjVASC`SIiNaa8k%;R;97<5?q{3hj^;JPIT*^%(LO;?piE)v@wp1kg zp3^$xj~Ci*r+r7dMpvOcL;=q8$njWFcYF}x0tw>&`Zt{j&0K3p;hIf}>%DDiZlTf9 zg&KsRf)~}=)>VjtuOgi1y!8b*B2`6W3~%Usm4+cbZoI1!c;cLD^+hwq3a+%dtN-B2 ze>qqBGyiGXQcq78x2duk-SQ8kgxr&q<)qMUSIa+W_6Mu|CRokR-ZFms@at#eH=B2_ zTfUj{Wg_J(dCkcn+0JZgQguNnO+n*qhV{7>DYLBBCUuR2xpmZ0C)N73<61n_SoOD6 zDYl?V#803@E-PXCq+RtMFcoJ;-QPk#Vp^rTvIlFZ1R~dVmeNcfh$pOo#JPpAo*%40 zg+9R6;)Kp7Ha1N%qdsH$GxkV?DB#XIuIr+9i8vB8u2B)fUs_T2|0`b5r{~QQe ziCVlKyQ+QY;vy0WZD56{(wVjbkScPkvLJx$nvwX9`vDNu{dh|$FEw4VH|4IyCKDP{ zoK_ii;H7mL04(&SROO{9sf=m}Z_4i2sX>Z9?(D^k>Q<_cR zK^xVv`^4O3&GGwDSxn_J-Wv@56jYDjWj52=5C!s;W300IQ5EIwMO)p0$!2owZ6UcZ zAcxN1CI3OlI_4-Nl5cRa*wrUrE4|~gNEc{aC|^GaqJCE0=sk;i%?m>BeotNQso(9j z-fKMv-i=;I%idP)Qnhl~g&?TrjjMOxYHnLq?rU}F8aR$D>bbfY^)FmIuUp$LTidQ$ z+b>$%u32GToSX345F5ATOGfxx92*GWGH)B2|5DY*vZHfjI;-*Nr|t-~o18nwt?mo+ zt=0?kt>%UKes8PezI?0ozWiVSrbxeNE=uWy#ETfRxUf5k?DdMOMK*Uw71~h!8d`WE z!0Y$ygP{sl90{fqc9Qobt}Ycp{rRP&0t%gBYkbhO@cnRn&ZHdYLbNrB1nw;Y>RF&b4o_qqg=U(cxSd?puO@Uzg9kLQvyguFx|j{Tgx(KwyMn9Tl{M zzP~zhlB7!9t&5}4sGz7*n!2HJ_Z0WGT<0t)-*>BMnp%BY6g1+VBIjG0xdnrJ&X8Jf zb>=j?R&<436*SxGfz&a^WQOmlbqn6w(m9Qfuim`_t2>bLiWD))ggjk9fQKq`I`Lzo zwfDIx)#2dQzu%X~KmW;?2n=NymvuMP@rd?><^+3KulJ3*gaTbir`whk(TTTvY7f)L z2TgIkxtR&5wnBA57U!jXqQ+6RFzK(HVL9*cJt^>%I4>cGomo;>EI}uf7bP6?(6?nW zB|Y;kpQDftsJ%+$^$uph4s;QF8!@}%Xj1orU5Oin`NOPJU)t^h`MkFo^Di-<# z*M^$suG~zvB~MgZxi08EP07^vW}k3y<}*|-N{PUAnH}+?Y+-!xJ# z5B&L$z38y!-DoRX)|%C9Hm>K8_VFY*xy;hVHDlsCi<$9%?m=ZHDi&4tTfNnB&8t$( zlJ~+t9Ywv`YqOKIedSiNx4(~S-}hEvy3RaStc~_mVlQ}d!7>Tb0^%f=6L3{9IaAt` zP)RlA4|`&b=`qgnn5I-v!~ zHzvJ+N%*5eE4X?PqF`?j?F|Nz{I5D}I*vY7>~@wg!QHCQQUa;=oZup!5&MCOdgJ$T zWDL|Pi*c&ocRg==R`QTwF2cP?61Nm2GWq6uJ#CYG%Q7l8x?Z~@>BwsZq`NBET)r$h zV!6~nS<&j&Us;}X0oW-9kb3XZ=@Cr&2j!kq<+f1Q+s539woU9XwiUp%;T-JcJG+Pz z;>THS|IB* zcCJ?uHkZ~$mL@FbP7p=EqF`U;9Z^N*^<8M+ck1tJOto#X#gvk8w(d9+UocaT)MN3ah3b?_Tsu=4n z^c^d_lRBA$AFmNWyC{eIU(mnIMWVmGt)3El-5x6btyz`$T;v-<^d{NK5DnN%EpBd# zKea3cg~Y8I>Foru9VdV>M8(-3pj;7`N^R%i5^~`tsLC z&U1LLt{x6we(ivkY@@W>XV0p~oTo#S0U^y3feQgC;H?)yo-ScTfObkwgcKWZZC z{nfbZ=jDoVW}%ssFPMi^$z{O8_|`h-ZJaH{O!6($Mtlsy2@ZZ1oKF5yS)Y_{h_I1u zAjom1>0~^S{e@_uRpYcR-Lwi+C{4==TSh+mlGw{f0d#ynyTk*$cAlF^}o^z0IT3xP2;x!7)4feICOufY1zT+k&k z##A~uXs`Hcp8t-^!2LGL!5Xi%Kgz+bE(cp_<{K7yJ+YpoR{-L3$Y9mezmo{=p!7PT zxV@I8dH&y06hE3;2L~@YMDmM2MDkOJWaF9sheTdeB4d>f;3I`HI=VXhjDq>->g?ZL zIBSZpBcKmD1oXkbmw;ZIVh0CbcL?dP{}9qoC!}#s|B%yb$Z36FD2RM3igwS34P>bC zsIdTl=b}_JE(0nSt&75T?aMrG5j8L~`m*`#s(lBm?m_BP)vWo8-l+r#wC?MlQe|(} zRkTm8AYYu##AKY3K41ObRg1Vj)<4$r8fzI++*ie;fX%j0{b{dC^*3MWTb6K+^Ik2} zpUUmm7py;D^ivjNn{I@cW7TB72zfb%(NwM$yO#a*g}eB}wF+?z0M+}rhx42(ueLc$B)L^K zu%79NgEj#f#aE6|0WM)jX>5rPdSaLZ$q<7RLOwdrpGGXt3o6$*h9jr zFpw6>Za6}ha?;OIHl5OJ>iTjcm5{G;E_I88n2th|*W~5k<)DAR*H1`H;j*}|N@yBD z&b1dX|BNMafK*+4yP3l3qjqjxJM%WxGrGae)Um{IMB;jmI=Sqe3tAieR^6qKQx@M@ zw3brX9~i7?6bx4U1YW95y)QYDbc&U|RGIpb36=Y10I4$lM48QRY9C1DORmxzm4>`m zh1;NhoQE0CSO^W|8^{g(9h-J0jb_uMBmtEJ1?CQ#X5_t4FnAQFtW2V8O0o!oJ#$7g z0RmD5aqHwJJt@NQVhW|Toa8XMl(X`%V~clhxpGT|TVI(*Lg&~;Bf$zhB?xpE^WE9R zq}|;`Ts3gKGylVV^q&xZvL)|G zrCE2Cm1(+*GS=u0)ObYgh>$AV5YHI1F8wBa%l1x+2%+t1zK>Xjj(!};QQ$1WMS`?v zI6!*+=5$xSM*n|wnUicJaD1mLn499}E;>U=kPfa;dz#|CDj%_3)!OX{WIp`|8KS+{ z)F|JRCEv-{t>2{t7a27&8OBqkk~dhR7?MMSQ~-|*DDx;c#f1r?hN@M%19zx)X>V~5l_e3G5ME{ymL7bNk<^wfBnKEP?c4aqGO zhTuX3L7MkCqiKr$T7_~~llmk2LBHM3n4TDLb!V9ru{%)>mU78Z&D!A|<+Lg3{U4SC=>#r>>CS{t+R;qzc z@fI@lcg`|-Tz&QIL!^S(BiCRQX$!|+2Y-ub{_C@y-qq#xzYM>e#1SMYl<3G`BtjoP zAd+(8Q`(rWJE+`3fpg}?sVBkv)4 z@ap>Vzka$syL$EI2T8AAhhKh>nE%>~%OXWzn%BMFWfnUT26lC5wL(=El}lu*qw2x; zkR)2y5KKK#=D(g?V8c$w(WN!)j9LP4d0%%I>hAhIImRy^)UMCb@Rh3aB}d%*@FA28 zv^~T84Ov*GX~dqQK%Xj)VhHgKcHn#SIV)C!h*eXKeri^eYdwV8)D`;v#L`;VfC!#_Q-O;|K~z zW;k>Effgo9CwV}|a#sr;4lDu9I&gnCQw&Jy8M59~I%rf*fBl_gWZR(rQl#9x^Y|!Z z0&TlJ`NFVHy-r5L#VH&5@|3o zL$zVR09)|KS<;syY~b&v?Ng6xy+c{e?{99d`ZwpJXq^dFvHx0tCL}M2;*HP{BXH>A z@_`|8Lgq}p*!q+|3VN07`Q-HNCHmp${N3pYy&IjLeB$1FH>&tjNjSv2s(|+y6ig!- zn&aY5PMk{SGH3Oa=x4%2C|z9M*y2<)b4z^~?OvWB3Nj-Zr}y$idr!%O%8{5>g2a@` zivD|(-Qm}NwHEyE`?KWycRM3#P6{50JpHIXmY)Ci4i66phxPN{*M|pxoc}(@&xa5F zuh2c64?$y+(oY^DUP)~O$1^fSU-e;Y>3`KbHc=?X+9_4?1^T7LsVd!p^ITs}|48Ik zmZ=gx0=;++DFwORRv`${@n-{#XhKP<^QD4C-b8v*j<$8GsFRD4Y)f?^>7A$t=z%Cv z2Hxg*!fcHO>*!inSg^%k?RHn4P+Ip>uLqrIbOro10I5Sw1IqCX7ec{s(YrKBa{s9) zENLr$rSnlanb7wr2%DNgv(xG{WpyT)gW;?7F{q=wofk9{6BPW3hkxQhjSvd{60CP@ zF9x|rPu=5zko0OWbxho$sNeNnGWsVNA?1_@e-2P^8+;^T=S1Lh?S&&-;5@H+)hNqo z`w>_jZhJG5&Lcikf%a`}^>Cqavj>wDV2FYbA8OO^>#sq}7y6bu94~6$=#cx4&+g5I zy!=Gb^(fCP(*9C10cIabrUH@?e+jYDU#cM6;VV1maN(~rQo#q%68-us0QWW7f@BFP zZt^rh+X;;Y3IJSSzy`6p%?{9)J9RAN%&nY6uG4jW^h7p4vLkUB={B_xTNeg?cjk0Z7WB*P3*(ag>tjVNdpo*R3fu-*{Xux zqq~=C^Vrk3QkpEi$}`JcA4&lznNkbCQ2wpQq#yN=o9;!vuXH$gTcv!FNITmz`X|aL zl+i*5s_BwV$_y{H8ateOaHsFF)A?dJ|D21KbN#Tnm40lV9{)14(zx zx_3XFV49*JDZ!rvEUs+g6cwe8YkIH-HkQYt6+9OCJk|oTP3YUpFoRbhQXc4GiPRH= za*sUYC{Rg3f{I^7$}J%j!&)|6&fSI?ySTfBCK{QVpm6|o3Yr#RuFt8vMF_LAy0Wbr ze@fwYxNZ0?;}z95T_cXyyn`&wQLHhJ>hD$Cs`p2yx@gYco2!fZZP3udtj?uje;S?3 zh_qEI%@T#?af(bgy(=~F;}pTV0=NlECf%*D!b5nQ6P+OPi+)&hrt!$?da#^b>G65b z6!f-sttzP7a0IM&El1Crpxw8%8H{OCC=xA&rlbWlUNL2D*n#@kL`yrz)(7phUfm6O zuM&KoUFlDp2eqNn90uC>LXC~)elKCOPg{o6bS@PNA06+`SVOPsw00?2DrXi5cKLnF z7Oe7IUit0306c%Ef(@7zunD)Z=8pTu`X%k`plwj!A+eS2#rWem8+a9TYjLqryiKw} zRZbmwcyoNU*0j18?CX%xhRRi>lpxliq-4W1FCVR(5sS@RL(qcCwP-ZllN1 z+f`;jMD5~dfZnUlw3N&&GA*>Hqu~>J*`Y~<=_=~)3f6%6%EL*Q1I@=2keZ+ zUBFpF-tVF>6~3pLC>F4y)!z-ZM-f&J)B7ke1PXkm6wtesFgX!jpEL*1r89LMU0i$( zU#n-zH&Zgowl&28(IeCSjv|&syG(NJAE)>G7VdNx#2SmC6+#<_f7#9AU#{ZumHh4V z_7d&}P2S8xwNxEGU4H|)QKdLkw4J||c&}8iOTKFD#gr(#^4FlGrXtNRZkynOWd!JE z4pN$?HiX)Uljb*?ruK!N*k=FjWHEOrj?U#@tJL)_PY?DK;Ww8TuWv`E*FT&cpWdFI zjc!gabdE&cdrdM@&=?8ER2h4lFa^F+Zk+0yUG?bb}wQ3b{rD&QmCJ z16hMjx(5vqmX2J~H|Hjq43E&6c&5BCbH+JTozPW$F}lYE#rg@(5QFe>NSCi6>N}{4 z^XDv~6R%>5`iL8MKqv~3E_M-4#f+8HnTFJoD}P2({U4|*%lil4y!;x`EKzm%VI`VG z<`Fu}xF9&$?N#ecr+JkW%*ca5A42EJgOdzH5k^(jhgtxDcR{B#!>P&Os@Ln&uRoVJ z^mh(wL(84OFwPq_)wM6X7FP9L;DP@gtb392&%5la4nJbmYg|UKs{-b=ZvKh>&S-{$ zT@>s%V3f^bJC%sIAa>Be>)eO`3I%L330lx;YrXUySncwc*EhFskFG{qE$Cf2nPUXL zgEeKYg|{JVlNUI%gD{6g$her6P)JFYXBB0U@p>03Zx0qWb54i)ASK@I9OvBAAmr1x zIIjh0tlUHEUsv2uaE07Falioqu8tvh6U~vg$gd{`xZC|Kzb!cZJN|T;hWE z{1YqTgNxT^7yqSCzeZb-iom;*E1h}?S9>T*RGh_(a={83;}jJHbDQ8u|6Dc#Z74@c ziPJDIi=1(?3(^3>KjbECEcQ}*=yY)=mpfN+l9 zb4FElxDDx5O;hedS6FjX9h@Y_XU0@xG5U@@^@8`UskHN;EB|T5jU?#i_$sO^73~%V zZ|0ijhP5|YR|nYE0>yR(t750#m;GV~Y)C&j^lb`>La>@L#1gJ?knID_ra(K0Io zkY=-gqB5hupeAXXC~1f*=xk>eb$Je6gYu!5tcd_KDvWZMcU;{P%42pfa~B~60elxME3ZEX4RX0Lm1}(7g)u~$>X1kiiiWUC z-o_>JfIjgT$1QG;#AgWT3Cm3DFmuhdZX=#E-5LHdr44az7mLO12 zbpvX**Io@!I}sX}hK{Y5lleUX$b+I5=sod43c+jV}V!}lL$5GYKydEm4g)NFe5+B3!9iv zl`YFS7CV?WuPuxKteiEZ0J=a$zsPH2clFlU1#9lbUa|&v{Z;F>FX!3ms*}k-_|D_i z#2n-7nSg{g(*~73e(kB6vMXb#{f!umfzEdP?)rRJD%TTIfZC+eUds)^ERAK`@wtTd z?)p6NHM`FEc4%hoj(`d{DSr6S@=3?_vT>?f5?*gQS>DGouK_!o4KUw)^UXJC3r=j1 zDMa_+0l z!PVWTa`$oV0G*!uzAL^PzR_Y*>2NxzEtO6;kL6=}t@mXp=a=UN%L^+1G#8PQtGyDl z8u~MCY2Y1+d-BYXb0i8(q1Zl8F`p4$nWiBhuuZst1(Fg?ROQyx@m1Yu^=KwYn$juB zM5^+}0uyL0n+mS7P0Bt{L8iEnCttp6O#061)N)rr@2M({qQL6g&cM;ye7!5u#&lT~ z#wg!JP+9)DH7N#xut5 zx~ODKpVb#Xst-CMW@^cMs?S2xQOoUbeIQ1IRGA-vEljcn9Ukn64#7~FTdRlJAXVxj zW$Wl0=+s+2>Xx!TIraLwa?d;Uic5<(D$MrQgYAE0vn)q@_l2`D9j^5o|hObXA zPOpz{PEXM3#SdrKmltnOFK*BeN7rXZ-=3e2bXz@(YF2P5*lBiOGj-O?Or}wAe0gzm zeR+O_v?8cACHc>3-4mzQt!9YN5rP<>gq zP_2(x-gXJ%IRP05Ag~N}Lw>*_p4sFFd#dY0M=8~r|by!HLJpQ(=s*Qx^@%h>5#m(*U>GjR+cW39P0Sfv=#C;VP z!TYMRGtOxklS1^NYoiT+RF7{?e_FT0JF=)7!P_|R&E>_#>G91v8_!Bw->LMPO#{Tg z#+LI&XZz%fEdC9failDJ#EPyN5jOa;GV#HF4Vn3^3^C;$?fQ;i{snV3%NK>+SH{rKwQ7OxH)@! zdi(nN^4%3^9LuoV1oF|ziPVyut=Jsfmg_2}dz{nn^|{PbS-uo0KPI*4dnI}9$f6(< zo18?c&2~KUJCL~Y>roXm7JzIDj9By(L6L&*`6uW~{L zo3??od7ctM^q9c|N1m)ztpv-@)yy=oGZ@tp5ve>$r}B{Pbz+a_-Dh>#*NLi_p{jfE zRY_->Uzl~IW7aqNX00?$_bz53>dME|$Q(^3^nIAnqK6PflAKT-rNHSw$T^);9X`@T zSbcj!i^w)boAfQ_`R1L9dEV&pgBwcY>Pky83YUUGX|7Q-+0BlZb$4Ydq4je4DE+RR zHl0a#qH4+Zzd|R{qwg_CfjriSCfzus zlnPLlxlF#L6BT{onS5%SnAc9nx48)(6uhOe@yvn&1&QtAef{ ziLnD@O?>@S=^NmyOgbNluLGnTUy=z@J;e3 zsxF_f<%?{MZ`+-z+U9#D)35rruKTSiEjv=^Mx6;Ix)`8R~xk?6~DK3=Ytuk?lq@5my@w5ZQjbN^-q`m)9SPu=J_cy>36 z@wX)$l%4s|3KBF3WBlk{x(=uAu%az`3Qt`{)-me2&l{V{>b13Uf2`Gcf4UvHrJGT6 z5B}(_apmeE6?ubpd@*@Bu1KN((CHN2H|x%F*P-HHfZPfl zQ8Si}4Eb`tIHz3LIR9V_axe+jmK8P#Lqn>9@bv?iG20^imM<8yMQskhhL=toP&qxX zq2XJbb~5%AYUf1{A#k8ZYJ{n?<>OX^*94LB--& zmDEy6i|Z~OHWF~;w{E7^CfU8sd+d9UX7>T)T{j=>S1i|P`CY;0fxFAg2la0uJIu}H z$)(P7A`cYEBlD2#FH&QS{tu=0L()YhPR2P~TOlTK?2M9t!xR`PX z(&$@tk{5Kjro(VlFQk-wOaSRVYXhmd+fimJm%wC z0Q<6*u9?UG>PtDz^0?+zmMcgy!y*7C*x7u*66QvO^gpN%toF9WX0?2Ga{|Wfp5bqE z&Cs&8P3U8`AP}i)8(V&{P)zx+wRAx%y-r~hfUiPR5u%|w)&6J{19)U0T z{ab<07Kn+Nfex>r(u}&C$7$+)Gbsr9hmLZpFhe;8rGVu`c?sxjh$B7N21NuzM;AZo zVd%Hq9;THJ>Lcmv(@(oe7!$N_&$A#xcQ09PN%?&^qgMoYjI*puqkCNRi!!rzPrrz> zhNTta736!=d8fH-mLHwhxk7CmzdMyVKln_(_BJB*`VCpwji}9*_op`F;H#IaBZe?jNvtXQm^He z%5KJP6HMkTyLIwhG=g;WF6yYjjRSp8@AE@-htWc&n;DT>2`yL#M_`@3KF6G^qnSJd z{zYw4IthKu<^@{Xe6$#D7u0_Gv~1{QZ|;4Unp! z$kFlf>1cF&e)(F0Ovrtoi-eVq8^Q_zI+b)695lw9#%n-RvG5;(&gkao=H1ALU~{vt zF_6>i>&xp}&!i|eCB);wC<;9Odrg3)09Nn1Eg4U{I(&0>ENPr|Sc5^E^R5J4pi2^Z zx4vJN&bzT~JC(d_f^J)M$=cOPZ*R^=0SfXvx+cBNhojT$A5O2~ za2+g1IA-%X%P#6kd{_2xe56C=gKh^N6-Bin>MNnHooJ;2R)yrR0Ns*Or9BPJ5+9_s zFoX5bHCW|vwAoM%z|LV-Kp!_q->+#coSdcKHB{xwwAoO7u$=?0Ksy6&jIrHSN|}|` zz~c40vqueZW8jY&=E~YwD`~Kl>wTB8HAi-Jd3|$qetUGaf^OPZY*WIufbU)rRTm!V z*6U*B%zxYn)|&gS5p+*}+wST6Y?-8?ZCOcHF{>ndTdJ?NM5L{~uF4qbo)e(2vybho zL68+X{t9i)%XPWqKvl(DR80!MVA6-S9GfjVxQO$S1Ej4amshB#1r^jtuh)PY1a+m@ z$NZJ8Us8Kfht!qW)BW8UcA4Z?T_Z1($Bo>;>>PX@@Z$$xgS5`zJrIz;+=uBDOmPWj zlOlS}chJBqV&DURRXYcJXmlSYoeEJw4dUwMqR*mht`~K6wbLq>I#>)L(S-RG7YOxE9RJ_?Sr2Rs2fa#%}^80(MfW585{T5eHU z8_b&QqPO>&*s8s4->BC{Wz%iC*6Z?Qo$kGf!`}B);Cc!B6$t-uc5?*B;FcPTt0&Mb z)0@-t)3>KL*K2Rzdcg{kk~tB@qAS6#Gq`31#hR*K&7`tEYp<({0AgzzADjia5qO+a zOQQyrG-)~*cKrc=e>u9TcWj~Bg!4WjyU`FSuTWSYiL2|&o6F-%Ic?x&S)VyKboL|Q zHo&%4(C?-;&gsVy{4u(Gqw8h?x%vuTx~7UTjyGCSrx)K{ULT*{UVnRZyossO*}mT0 zd>?e;0tblOX-RK!=>I3)uD8-p-yWTvk8Z!azI@wCLBK{W?OQU( zH08J875s=ku1~Mdf4aT7T(_TsLIy-*_}$532{`^|IMmU`E~Ux_goT zxplkRpa*|TZG|j1)=hAhtNrGutJ75oOOYZL`I=V`0DCk#Ujdc#bOU&jIadG#$I%Ti zyg9nQfs32%UrOe9^t59ua3Mrm+a{OD1W7dYX~{|9x}U6r+`G}~wSOzL2K<`1moKj{ z=MSt%K0+$jddoG$nr!yot-tlCxjh<l*WJ)mR_W8*lcSrXKw;DzU-i4HTYZ`(CKc&v6_cUeN{uUNYl(qo zmbP__AFs9CYFKwHFegZTEt~Sy>zXidV3`6@;N0%KaN*|DO&7(Qxa(Q0ErNB1Q}Mrp zTn5Vv(w_`49@uC$yJLmZP-RrZ97K^Hhh>dpY{r+o`&3mckFDjbs`?f)QfPm8<#{d`!btW_a0ZSo5b_3X3j)>ksc;AJ|LeZ& zGuI~@rPqhq{Z#qG{RL(5t3^RHub1?>Urv_?>UqZ=ByATK{(B4cuWM1ahi73ba&9NE?;2A z<-}Ic)V$x31qTOj*~O8BZ^f79g*+|eI}~Xc|J1RWq0_1)H}dS^F#exz0(Z8Jysp{? zbDaNGE%CoWn9Bsm1bz55s3&>Qp+nlY8elrnKrLIa+llHRaAFbM*huS|9@u!imY(Zf zx;?h0p3^Sb)u-z4(z1^{0fl7(#bRgkcr6R2Mkb{l8ylfuAm%}yt9ULQ82_jQ2;TW+Sxi_p#(F-4&IATEZ~rGv zWq?dF0Z0X4vHor2`=X9zf%GQszukm(5@`A)V zO(rffc}ntbB+Wz5QAEAdTc2*BcZ9ZPCUUcc#hY!l#Ca=?D! zJ%ak-!uhbXb}=AVg;HIAdvtuw;tMQjtY(-^kZgjAQnuNak|KcL1GUxm z*aTrDAs|+uV|76(|J+d_E;>DIM@3|W<5&kdiW%v>v1nCQ3_>2WoFov8yUy!~QQnQTZc=JxPXGr05Rx82S%_oXjMUvZ*3eOGVbc z>a$;rar{3EGI=$}Gw5})KL6=+Pv z10fmGH^(aFgduIxE9AU!BDkvYOjQwnm5wDs@A3qz2wb3^u71Z6Cpj+E8+m%ruzO~P zPyzfzGc~KUFdtOmPo42hHO5qorZ!ldQz%fUg>4YjWnx&3Ov=l9QjGO;$;qBmelw2# zd9?R5arE|v6(Q%4rzG3*`0QvxuqX?1D`%bWKpn}c4&M9@$2cKSQ$Nu8^=kB>SzL~> zVAdDH;i*UtX7-EZz$Ve;J8esvKrc1oO^K+8D1U*9v!4`!zD*g>f=3SB%imP>@wPD8 zw)uUkJPB>Y_l3`@!IrslTFa%CW#!GpE1qh#m!hVlW zP2c~J)If`1-~XV&BA?d-FWR=(5Z{XF!voqg6J zYD50#7@$ed`niTD;{3Bspxf7H8(^7yz5%*@edGYidqFZ&4zgXKJ$5{6f!}xq3vO zOJ}Z&-8SfFCPZGaQaqOZ9@W*S9#lalq##*LrUh>3g`Z$#wf;JX_c48l_;byZ?delb zlSujJ8j|VhQxB<3KG!VSo<8-ErbQlqrZH7ree_v(#eU%+0~eebPNTaF%R_IJkbARz z?R8kjR($^CoBZSZdo&@J;m|dIPdCbyJ$$4>mQWtEdr~Yqd$NX#bnOH4S~nxkea3I? zfNk z)VzPjlegdFqs~9=_UKP(FvU5oj&q%oNx4Xwhp^hH&&JDN}jK?^o*|bp>VGV`O`MiI>ul+3iho1YxX7D7NwgZJX zeqjKw!QKXW_TeIJ@tD!8FYS6l3RC~7k7U!uSMSX>k@XDU6Xb(HM^|T2fOb~6gtWRm z-sEW`HI-Q8?G>)HnYMw+Ud8`}Kq8;>1({0_>q?1Yq@B>FN;mF!EY~u7yL6SiQR9O0 zdGvgv?EnaJz22wh4d15Y)^&C+!H~z9$-4vP^CgQZib%6Wa!7IHT~@T z-}_(n)G-02cuZ2>Jb&m@gnHeQxAlwP?~gnrg=%~u_F53-;OI zJ701B_1B)M$0X0dYldx9%*gdez_e{&dU6OWTcB>{A7@`X%&NBT}l`|RYzd|%4sig7*)3hu|TTQRk zBlJF2m~)ztQ#hY-*?&ePZ<_C}$vq_xMt}^_UjuVw{#y^J3l?j7tt?6@CyPqChpm@&MCUzYtGS9WB-1%_q0RNyzs%#bGMu=jQ8(nibOD-YER*H{q*;r z5`&g$ZL>+Y%yQ>EZ@3oStLzqRmYMszcu!rJJgXjnAbR$B=M`vEW516elj9oq|FQSx z-EAA$;^6$vPfhJ|Ufc5lf7~1&REua)U@xqDD|S;?jJhtJ9u^m@bRxq!NP^2GhAd zJuX;+=cGjbJ69wmn3K*s^SDwUg;0Az!exgqx`u1@ls7~B1lvU=?)ais0aH2^Hjhz^>aAqZ7|DDh5Ay)y?kPLg635%J z1Dojo=&UnGYMGQQIw4+IETt)t<_> ziw{iq&F0+k6LuGH;;XBBcJ=;m=hv^#KEHl<`u$I@&)3ec*o75qojK2N$VnTOeGRsl zS_j9pFg;yvYP;#-n0C@6bf>ovB0lMM%_p9*0vz>@dfnT8Hy}P$UfwEAmy_Q^>&MbPMp=m3FNz4zZ^A;{q~^?3E6xuCG-3sKfQnR29m07vmDcvvm$-_*00D8 zW}NnJy(Zf6YXDT_NnY} z6V>P1TeqI%yAJJDbIoXeqpxad%lYYt)B1H(lNC@({?izL$_S_YuP598jrae7y1)Np z_|#NcHhKYg$x_nN*+{@VG4IibM1L>P45HiNWv#BLjXv)|0e+bFWW+PYI4cORj+ zN^N*WM7q`CNY}DQg{P z&ysuzvZ_0`zutmi=d+LY*56&@VVICOq(0_3(yAY-5@2gLv*>dK4(LBQSEcH*m?l*h z=Acs8QCStPMS=yHuPQ&O!%zt28=sWK6<&N}nSz2RSYZ~nh)rEEK=tgFG`b= z`4tt$ZAmr6(q%cxSlGl zYx^W5srfp?917cp;vc#FHlX_U!$w?-`rR6qPGX6(1x`fgG>$c+SGVN+ru|fKd_`Np zx!g?wZ*=mhBCrK0eCLhRDBsx85t<`6_p8>n5&n>Jw0m2a_>7({-PfkAxGh zu&F5+ENt7gr-|A!X-diC++AB?O}}xkmBPRcIzgyhH?MZv8eXTIz?w}rqM)yVdW}vH zkQ&_&2~H%x91<_4ft}sG3en{n*VLe+mG$S$!S_?Rhzh;A^q@#+Z3W8fd>aQH_IqyM zj+MULn_IlCvb8Bx=j>iPS+?Cjz1w7#d+?2_mV5R3hl~H+jcLHMx4PV(v!TTTdTXd$ z<@cKk?&W$YmeH&0*ZpqOgep&D{_GXo6nUrGb|rbG=4w z;VSrS`@OxeM{7p&Yw=&Lr;~#?+>~4y(BU3`$+#->E1?QAAYYUod4B29x1W$VLtP^L zt{-=Q6e9kR;D}?W&if;d0;pFPdl8P9w-6%sME2fWs1MNJ(f|5ih}_0T{6ss5#7 zKFtr3V&d?eggBFfhrQf4F-a&3?Avkfr4BX!ut*4BurN45{XxDtPr-Z2{bDn&ufq13 z@u3da4~n<$8-eGp^kY)y!WGw58{O}>vGtZ{tTW_ysBJw1`kleBKk^d4-)?}ns{Gfg zNh`3go-R@exi{q9ltnm<*4-(IGkTj)F1qj*q9KsXsnA=uHnt)6w*B<{x?EVSnI_#{Iy< zhX+FsWOXIvdJRLX0p;+G|%2 zb>Wwoh86g%9H*3h-M+kf|I5YsYwz{Xrx!nYKfbR)|;ggr!lSix%e=aokd z>YLWz0-KjI>(&y+D>BQoIgjb~n7h%+?V#~^+j(15ONs7HSSK%5vmn(Xme~><+~UY5 zid49V-YrI6^HGI8d1Dk}h1x*_L&u<0jjvhI+!uw`IvQY2>)aQcFnWC=+I)+gAeI$w z@GP5OE0Jx``nakq8W0~RRnqHvajV>LozQiEy^h(6Hc+y50dv=|zbbok6%YIxn`-BmT+{ z$w^_)3M;hV)h@|q-^d-cTzXaQ$9qCPS!88ab1+FjqM{Tndp5lly4> zUC0_O7#HR5&C|M}s#_HmFQ_v4$eN2%4MP#~`-0FDA>RUwkQHJ}D9Scl1F^o*qr*@o zaIZXv>eV_R=H-rc0Ca|F4ne2U79iZ%>WN@jbq@0&tb<_VW0(!JEfBXnhMO8a7=(Gt zks40Lk5rvA^+vfaOHOdlGPxhlF59SMhTcc*kLQ=*W0(f9<$gT5vNaH^0C)rVHUZ~- zpeNgzzZ&S#@{mk}__7f&(;)s+gQa*!RRM%*M5o`axu&)#&l=cN4AlIVx~;ajr<6$a|YWQmRq8{jjbLXk~*DgB`D3ib+FXmGzO+SUUO)=t+oK? z=4Oup&y2GdB#9HsNu9N#2>d0E@SG&o2*JEu2YvlbBgp3lYYzHcvn^oXpxvV%W;15h zVcr6qjSsUs-u4jP@-T01_V_#{O9T#U7<2V*EoTm&G-E2Ak+xtfomSg0mK&Qr6(lR! z^QM4o&Y@?6Z4Jw9dGt-Ko(PgSrt6NSe7zZ(H)m_*9IRAR$>2kyMN7rH>l0USeC`D?f#;nXr8G?YXfg?H>&N!lQ?K z-{p0y<(4TY$vG5x3x3IWQZg>A@t4fIJ(WB`*AzPJ)VWcH^p@oNENPOR59)d;OE-x~ zW7Wh}(L2wp#>%x@GgM*w9_C1zb%?%x?Y=~>qX4m)trxCNKX~gSsMlAqUOa<>#*R6{ zJgJ(I{krTZ_qCif-5Ex(n1yVhIAakP38sjYb4&T?$1E`4 z+8~Ka3rS(M5eo_xYUIy-TD7KJs|L#uBw5l30&w0W*e92H|2hXht^Klg$3j!5z}=(J zt>sbPm8?yJ1t^@fjYZqq534Nq`BvKcpZku*a&9;*`Taj$cE{3EDlOxcA+h;2`SQ`b zW=S6_hb)-WA8Sab+iI(G1=%V2dwXk|l;}-O>n8i=#MCz4zuOEvA55MHmFmA3kXgOM zZg7;F@DF`L?Oe9MHu}5%>;-y9NPq-GI!Xo?()Aij(5Xb>n-lq=f-mCM$@~ziN$7_v zJ%%2h*v~y*#j3h?mtI;S|J6SnAMW!1Jj?H^lmBN^y;ON1JfqOoB~mly!#OUQiXK-?9B* zyY98)hyjaR3L5^`&S&>F2@v4lZBD`&hkD(f+8CWvub9s&H`AOe8gdIfmu}E9<>F_O z%n90)|2!uoK4bB!emyn!7KW^XOL^3`lU1m#iYZ4k z`DKkUcmH|drsi`mz^SH>47r+<@3@pb6I>v8=w4s}XYFTzO2J=ZJzVmXs{G00K~7KW zUa-?`9}{}+zXQ-XKK4^k3z=;^wo8^5Qm0Vkbw=H}#nRcvIPO z=)XX&AxDjVQ10LPxWS|^x9Pgnq|xlld=f&60k9!j*?G@@tTh7qvbe7bi=mA=rxm?c zc2~g!ZtAMZB`V?WEPCTarwj-sVI+cnanVE0ZdF z?YUBLawHgP{{@_ND2qHA{MGx5-fa&|w|{NhHa`+6ceei`!ROhJGQ<%Q9FW9|<}~{9 zSMM+CzghDS3(C;~!;n*gaDZb$0(l@;EJgkTkZ1 zP6%rM1r0j=UZ+>GPLSD5?*A>(*SNiIp-VisiLkevJc)vs(MZ%D_MBAx0)0>BG(vAL z&d{Lq1*ttlF-ew`gQaT23>3Ur5@?q(jfu9nyP)A;b2ar>lxKh3Vc{=|8&cYJjT&;_ z2BuEHwott#H6SgFZid^kf2{_q1w&B@*pLK#PoscF^WQxsU?I`k2?Mn?OKce(1rWK$ z3(`6?O>s;aB{x@ZUOBQ&(&Mc__0{Hw+6zgv1`WV5w}ox_KI&EJgBu(Ltu87t1rI89 z(h%&L%9otDvux>C-=Cgc$*(MY)_!Uhg?{~N>0RAJKXuf;bHSoZx+cVPh!23K+QPmJ($(|>}q|IM~%{~J`Ulm4ee z;ycXzhsVqXLyxypP;UEMr~iYbvsUfrf!Uuz1k83Czzz1FVgKNusQ)`W=;)HM#8POiprt-D&Zwb(Jg~Wn#lxRmlrQp(k$;P*o zr9528N0bDJMWD6%%b?RUlQdm7TKIP&NnsRX*Qk|dcPtG9tv^u9U=d2=d4dD-%8YTh zp#DOC>SONXfS4vY3=!s>`4kHhptCEk7n4ThOH6$EFl3w~Hq%-X?QkL?ImLk;gEIvZ zKg6kmfgn-9VcllV0S%&W?bNmQZ-H+Kq)PrmxuDV9f>A86&;T@p$YCYq+;b$c*=3l{ zX(Ts0cdWB;ll2bIIHu%_Adz}xDS!72Fyoa*jOP|FwsT<}g&BN@_Cm&P(zv$YHfq=R z+-@sE7(<7qw3-Gw7;6{5b$qsTZeQ*`=o|6j{rUS7l#nI6C9ns#{V5T+k76tqN~3y5 zP{dHkqB%(rPve*+0^J;O^p}38e~^#1-Fl5M*b^+&hScbtElkWS1Pp0}mj9|_7&p{* z>Ji#;P(I)&@9n!cC!(&qj?Uy<+|U-e54=@qf?pbERE*7EHYci>tMmdzoNgP`}Db zt546AaN)(~GviQuN2VSY0{b^wwq>^@NoYVIlKljDA`%G?lJ>&~OB&H-x>Pal0g0qI zxS;a|)Rz|2n=G4&;LsyoOJs+nS^SF=l8a`9BG)E=Q1=&Sti zKmCLX>f`W#j0GuX5hvc11uM6@pnc)PVbHw;-w==>KZi64y%*JU)VA6R|G zp&0dsvg;`g0utHtpsq{~Xda8g6?*X^W5TB)fe-l!`Z^7nf8)h?PX3vYfF{Hj|139` zo3tdH<2msJ6`_fOHqR8u;1NK#uxq2+VBN~RdU0XRl=Of&}AGqKdCeK~>wqJ7EttpwWaOXKZx;CyM+Bm1* z*_N)f@lbbyr}ig6%_?%&La9`&yiiU5>&A-bYx+V@RrI_NE@S^N#Ln>xw+Sv%!MKk> zg_ld#Tk&n(Awp1|i~2a9MoK?CV`(JT&krGP6I}r(goVHODOZ=hy#J<2)fqU*t-+>a z2fv_ekzhgQtIAL6mzZyS(kkXN;l(#bLN8{$D$K$rzN!v+s+--CMppy}t6WyD!o#|{ z>6LBWh(u)XrrwW2Mw`NA$m?-R!3_7U$^8_C!gEQtZqg-|XhDDIVfCddTT_gMBS3} zo2Daw^Du7+=W;g%kk=NLa$xLc(W*z53&ushw6b|pha$@@N}IcWxOYU{vE(K{qJCJ) zC%CTPIH3%(PnslI*_WkP`TSW`Eo+M{>QNsba9Tm2AXQ-dJ!l_R{F&<3D>`d2v zRz4EBL}}}rW?B`rsmNefR_IoQNwDvk!RQ&M(tl+V8Pm-@`HjSJb?2C(E|`r+1soau2?F z`~KaV&zD!Pf4KPH-IxYEd%K}{;8T|je0Xx}@`Nf+Wd7_G+tiomEVQev&Do4`+!zIH zUfy9UF5qldrJXIqMt<+jSmFiK+CrueyUvmjo`w{2!t>NoKRjs&Ot+tPRZeTC6!GF! zwU6>_f&H+=6Kz~}q?zX280t~gh0VS%=R>X-%`f4WbR_>1f8T#_O)e z>#oLY!$yw|!(ENn$AaOm#_O)e>#oM@?*%No8m~=&x~uWpyw#&aa#!PZSL1ap=yx?< zcQsyjHC}f$UUxNKcQsyjHC}f$UUxNKD_ibryrNx=*W%Z^8n3$=ua8~hwGL@LL50w- zj}}V1CjNtb5efboM|4KGct`^H4e_77ey^DSqc=Dl@8Un6Y}t+@P%z z@9VV5k_96hll3D@=szSg7hba9RDW9;3Ekf04c>m2C#PQZso7p18RV?(wa zjT484&{oTXaF>esBzI$+Z`2x>_{-)-**B`unw_7L1-_+*_cMQ$Ya*>{x~V)846d1c zj@nKi-P=Ja9d-2?)55ouS*gz(%};+@Gd=6aEMT|KEFv6p6g_^B9pQdy9+9*fX zSDPZM++nf4N!7{GypP+irpRTZ<5Wqp*Ee~1Q23Vpqhbi7?y*tOx67y9lS|7y!B0@R zya#tO$93gDcS&R6w}$>hN+uf3y@w_OSx^7_y+Mio_Xj)q?|FV-o$7mQ@_#ru(WDA# zbAh7(hb(g9V|Bu#B@0MC8eG4KL%f73kxBxr(< zH+2wB!>wgbgODooOcV!7ax&S*%o5wpdwpVrV!-!yeXHMGB^#fyx#zP)XUlTJoY$Eu zpr%Oie8_Xa1&RF3RSU?s!%57zPH{fy^?I2lDveI-Uwq_}EcCPIUrS-Dxi5PK9>soD zj$+Epz72rqFi)jmo73c%`KWi)bG|6p6y2sXOv5xG9~KGW3l;_^ zXqbDy5F&mLg@Nxkw}z(}lXp`s)+vo}^-v*xgKH=P1OTYOx<>I=KbBj(dFRx#peg66V`Rl?;fS&{> z;VAHc@Kknib@}=G)9cqCuYRg-FF}0L?UpYq7c9YZVi6s`^}Bgbq->D4N7tX%1-0x*%j<4c`^ZxEnJ6hIb3| zREwXJ5SyBgwdcSY?|89^5lFg}QtD4vCFIf-KX zr(z_`IFG|eRL}ZR*of+`)o;f|tmh&Mu-l4>s3V7_&nKsbwTS*-ghJ7dv$`i|wc~3x z0O^^ib1*Qhg)BEvT|K8lT!yDKnE0TJd94m$(=|7dpzrZr&8uEP0(P&uTG|#wi zqme60KlcJ;g#`R3hGUgT^6y5U*5Lmoooi=kFJ@eLx_a35RA8h1r#~px|LYwLcliG~ zeqS5sovIA$wMV2QkH|-LLYifL1JwTl{cW*Alq)BL|6)@Vq@c(UBmhbydrCQt<_HR1 zEJ(OS3&w8v|J{0lu8CIX@sn>dse2083F#ll}?%Ax;a z(|crz&s_^IgT=EJqeq)^?$%GTlo{K&jz|EXptjqxUHZUNl>&8ns1wwlk{L^g2k*d7 zh_a~N$kV_%M!&M@gFOoj1)5_2hRtR_(IqVeY-i)S-)Psrwc4(_lhNo@pl3?6ynY77 zp!W<*q;0_XNe7NJ5(&*L1li zE$XJ7+nBr6!S~yxPF>ru*=)Us5aqJUHm~|{&;0{(t5z9`w&_kwtnj|7>%7tBca+B! z**<fZW}yBs_sWfQE*ffi0_V5f7{&P{Hmk} zj~`^dRqTH45}XkJni19!$0m{OwL=#I-0v~`=AiW2!Sk`{O~y_LBy})2;C=Live8wW zh8jk%A3P{}{h%1V{%@gU`#t{}>i-gQfA!x+{oiodFZzEU931TQf6wuIJpErn{_WI% z*{%5fYX9oyxKa6+HGF{X54bJn2OasJIAOoa>8TN}SCPN&i{cpH!w^3*c5|i&_;=JT z)@>(xF4f|?3G6hBJI&%wv$)eN?lg-#&0@oy`{QdCcS^-wai~o?#Weo+(I@WIi92=T zPM!Ei`8Cr2JunU6CjH;|a8$_ucR1SV|DNZ!wf@g$Bf8)h5f?ZN^(E}SL@qs$SQSyo z)f2H~iNkP($d{OL5+E9>055g0ULj5+pCBp_U$8XP1(4??A_+9Z5YvW|G(s#wRE_F+ zVnGt3o1lo?k_1f&!qEyP1alT4!BkHH<#H8>idUdi!~)&1gbPH)w;W*9z&Qrp>!(s18^}ZxH;^>YbAM_C@Y2-_gAi;F{EQHa51_9Af zc!d@uGT~{mDYi8v{f43^x^5ja2u$|KMF_orefTL&9mR66v zQj zovA3-=>Oti`YiQ72ED^Ux&B9gr~iA7-`8U0#^9XtB#q?_{5}olL{#ViOQK&z*^qs- z7ZS8bqwFi4qwGv#{e9HmH$BcU4N?2GY)7Lxx-8E@>A~FgC#bI-1d%g1iW726BEeD2 z0)rVi3erTr)RtP_uDFtVRcjVhUQbO;j{7XFrYpJ1do9UTsVQAhrcTTan(6>$J$z8iq=$> z0lO@A+KA@VX)3*##}75rd@W|iEU#PjpM74Vb6;;2DOy7+{@5^$k_NwdEsy&dY$~ib zd5Tq-Ae89+r;+7s>C^$LNXwf{u`gMt1xs{=tWw#OGgXiJiiI_4tDfzYBx$H*M-Snc zLSk4;VLi=RwJH@8@~zbvz=xD5)z>Xarp{-n)+?JH6xA!^t$ajY@^1jNLWa8V%qXKzBeGvxm&ZB4`9pI(0>kw2ajWAD7!x| zurdE*vHs_vH|+1^|7ZEhlhb{P&QpQ}LvP-`mgotJs-Zp7nRn1_zcUzi`eSc?LpuHA zUT+`W5fl*;$Oa1>1tEc`AYE?^#W)d&&A^jI_k}P=cO(out!tv3V-gZVj9}3Cs}^| zLRabXB(?S8gqR9xX2q>5Ju4Uy9DVBJ3vG|U8&VGYFXK5HJDpcsrF`_l;$DvP!j$F#sq$d~2@2$cAP5Ls% zr<(qXuN(FWe=4B0Vei^m7(=0d__ST@13u1q-oR1Q8|a>8&+}R(-L?L%y4(6P(YZK? z0K7u<{7+-5S(%Pc5}~9lwZJUm!i0(J#R-kX47LA*D`e~8n0hy46=RyLJx2R$xH2;j zxNm+)6|Z6DvE>@@eOBP(Cs~9$nd)VHqrUuwBy_fVt@nOydF!fi+)DILuV*9?mkGP2 z!F@XQ-PU@--IwS>DNWQz=vGdg`bslGIWjYurUFF_sa-^On4{Qq1;yG4N;yehp^%7g zxsIX|1j#W~e}s3?%WkoxMH}!B89SL?YVz`&E!_(D;U|+{RkqF~`Il%x`>L z+&-)ir+oFV**kYKPqlZruygLd;o`30>OI4ocMMnVSGi%$ZmlU@(?l=1@x+$&08ed^ zs!}?NkhjbtG!S7O(}NL-eCN`rm^THj(id+*1Muh&!+$_{;SJEj8dgQT(0z%{Oc?Ij zDN;<{&o~CV!dp4l+~ri)-=+26lqH#Z&gz?K8U-O~*51e8!`HdET9%Y1QS7ut@LZBB zFMFZA_h@vZ2`n1Xi+j-u2;lNuS4)Qn?fwThxLa~DGnPidqpqgx&}|pFc7Gb5fJQjd zp5Ob#Nh{__jqUmPSU zw#5JUvH)%L|2h~I^S=*w^&g+-_ZaxU4(&f5w%;N7KQfYkEZn|B>D&LB;{PR%@cfDJ z|9DWW|K1<=cliHVeh`DF4@n{P?md`7m;<+?5QSe; z{2#MK;LyV{eeC-0z5cOF}9PRW!&+^+E|7Qt^1WDqAa9C_Sf&wpwsL0O2nMZX2citmShZ2ZRb!!#njQt9}ZuwXLmgQrN_hm@hh9c zViX8XdCqsXE||qz*X5kyPO{OeRHNm9pN)CP)uHtC5jjC^3E=j9lajCB1$8Lh&2^tN zfPAilbtv=epEWt$8vaiZF4X^fzq08AiU4nv|A%G%Z@lyWc$S~OU{wkLx${LuTxAI2 zB?~Hev~~qH^58TXaHPiM9k_{}wvZmBeu|S%)ZWex;gl)GZ-wBeB z;GeuJ|7pvvEtfb7PMpen&Rh8>h@2s$Bbkoh?5$_}SAYCj&l zWseC<1=&Ho7UCK{e_A|W_iKj#ZFcjg@c$kT4|_%Z?`XKg|IhM!X8doFTV7f3IWFmu#fmrVn>#jO`-R$xc=;GZxU z%qU@k`7As^AI>h}i7Q^gM|nOw2Ooq~z6_mR{^GK$;Te|3cB;d+b+H zFguLJ!Y#Z2eHKoE`sxEf?lK`W`o+GOV*iG?G{@Fab{{o`Q}%;B&pkmXN|#fTR35uI z7UT}EI#s(jB?6l*e51Yt=rr9&AdK=tw{zD^$@&?H_14@_-_x`4vdk^Aa;qu8J zxQQ0j|90Hn=HD9ruT;O<<9PNCW3W@e5b+lbwdEKzngdY@rpQAg zS;@Z({hZYF!$U%1G-#QcelQM6y^B>9jiM z*PpKiOGxVlI%CTvi_kA;*C?O~Z*}HWbm9Ni^jn?jKawu|zj?5jcjfHV9|GI*ph*53a?Z_q2o|MW+L!FYH7pX2ue zoh@)QCn1}+S}$IpkCCp56|`FKn2=W&t%&Hr%Ry&2?)2q9U!Wi4-EFmAq7Ms#;xL`l z2rWn`uWZCn$f7w(5GR5|N^1Q9WLyU95;1{jgi=nV!1U=wztrkpI;TNE0wm|7{*{TX-*R;I{pp#KS%AP!WS_rCDQ<$!uFlaOjkv&J zNCLzp3W5o~y*O(jTfpqE-=Sfr-|6kE*&ZJ^ob2(jnyUjZH9w4&lyeE)35jlhNZ4|M z5)uU@kzkP^TVfhPK2oF{*{$BnOkvb?3L^`yQ4U;Y_p%vCHgHnqXrSNUDke}00O*FS zIEvUEidmdW9;}5_`f@W*G@~R8Oer`np0g^?u1f9N(P6_~J38ENy;S?Jv$Mnr0$5tB+YDOSEPa5){dTqo0rO(cZTJYi|9Qk2t3Av>+e{sH?qAd?nycC~}9 z$c!X%ouA%boV^$i*CFEUc6sHQsAb6x_FD)5ln|IkLNI3$jpiCc2S*Jdba3QANTaR` z$!pybdAYa*6mX3=4A~u;ykilWWQuV(kM=K5tYTtx`ew5Z`c0?O-`6dgZtuZB-r(=k zWlREfkqtEw3=KPDJ%e#mj4%d_aIKhcMaZ&4X^@p-t{0f2DIt->3+fEpql$iIQ+v{R zr}Yw@QyzzSg)q9qiQFZ$B%I^9mIGksKkFU1iD1Lg%A#aX0iy~k?Df5n>@L;;H4Z5J3UD>7IeO_ z1asUJRg6db&H0G@)vDzuS_qZCMl*s%nh;R=B9SH$v;erc>nSoH2g9Z(aA>d3pziue z93PQ8G;u6{3&w@KxSHU@`N1~?(SSsP&OkE(YmC%pWk@{^aYVWS78w4OKb9O3%&Fav zQPX9NvSswwEThS8eT=zC2wp0O2G}k=n|{-4*gwophc*-Oj4ctY;+QHZs08yDXKFut zot_!_xar8pa^#OOTq;v_N26h9=`NbNm1q-288jVbaI6vCu-CA~uvg@9C0D5of5;*$ z<28!-f~BFp8dHLB9EX$yh$=p@Vm%qs(GVLn4BP!Xxm<3>k*Ucra3vd!>;YDkaIl>Vl(TpWN2~d(kq3e{B1YMj%e3D?O-|O`{ z=;OtC3&FqTX-+v&3?!S)s84aIh^+F4LJSJehy{+&X&BRpm=}9@3+gXG1hD<>1GO+v z(;otM`A@XRLXaobL){D=jK{;leg|Es$H1Tmtc5@%Hy^=FC0EXc+%~y14J9@GK3T>r!O5zHP(Ty#fuMxj zPvlBrt1@64G}@Gt>-PbH1IMVO4a*Lpy<3XWM8x4_U-1<@CcdV46XjSY3FG@)k|Z=B z6Ek*G)}n8vkil`~rGANi21+Xtr-q$i>MT{=EXhx4Q^Ym#Srl-4ZyQeOC{qs%jw+Qq z)z{fx0TnC?N5=yP6g4PU^7EGXPNeKL(HB7Ax#H|cdfcOi49?NfaKG4d z6&Z9#0sLtBkPI-u@F;{YPjn=ioK!PCpmRY}9OB3aAv>J2go?!y33>m|uFiP}efk*B z6Um&eSen4IjfF=IZqPb!Qp8NP%VHo?xDz1YGhLaJd|^1&Bqf z9*weba9FnqKRFr^9EQdsfhHZT2q_3e`e5B*g|WX-E+{w@aUz5o9;;e<5(yfPBu-dN zl5hp!^HF+m#Jb#J!Sjjd21aI5QJ?&e2{-ZwMltc?V4-%zB;PM6vBhP4x*!V|UZ_ zMf*M>_(l$>R8PFsl5fplK!Xg1Qd;SR;DAOFs3w|FL6h8(B&YP?>JGMioN~oDQO;91 zz8FO~N!T4C!JHspVgPh8gNv<|$1^6WHQ=m-K*-jKgwTJp6gU0r=7 zrw?iY;ET*Rl9R|Q8(`yMVo}&QgVkr$!-CD zsm7@i;U%dLSM}j&buc*S?RTm%z&I?*Q?0a%A)Vdj3wkp#%|8E zz%W6dfF+5gKu?JSRh-P3=La3RHnAXpaVYDONX~E?lCHes-aMrN>6%;lS@y-d@+N7$ zuM$bA&}V{pW-A@t?|-o=*R*)E1|o+exTAqM8aI@;kH)=B4-nJ{{)0}xZ_yW6$vpJN z)PhwC?LrYiSK%{D*b+^0zI79nU@Mrk5L)0Q@EJG=NIC$FkXpyEp{C(zcx(~SsE*QK zr4gtkfhR|Jj^z~s?CeRR4|H0GJj)$&+(ng?MI-0ls`)i#){lT$N9gqzEV;^)7DAKB zWQCU@xON9_+~ckBerh{mtiZ5!B*XSU|IUnpz$ROuC=VHR9nEzB;>c0aG{F^n_3wGBRu+6w3L^#s!)1* zd7)3?pefTj7@CX99hLMl4F!!uf)$SH9C`h|mkfFnq-5z#kWZEeBP}ZHSqz(=li{eS|B|HJFdGsCKVF_H zeUK4%f;0gt>*QNN{(|^7iY=A<(3Ff1GBRFkBLU2ma>17BvJ}h(EY5T#awVl7IsW(gyO@&`faLbb@0GvRb|P6=?W)INBW?e8Z)a(zB8!845k3k3dgV`)|&dwZ3F>-AO5|Xc~XFqvu zCIiz;2#|Jb_?Gx|wPXoFds7088=`=GdDikeq(0%3{rjy#tI-__< z3+R!S>A>>G5!UCsh1^Q#XmXY{kcVYTvTEsoIF;2y4hXNQ0Xy-dln!Gz($VgkXJX?!V}vI%0wA4E!cYV|&jJF#Re7Z%u8*pmgmDel$CD!+@FF*-eE*Gr8xdc? z>20AkJNkiX>k6Xc6=)hK^;tn~RIeR9L*oSgofOF|B5O#!508fqG^(UupCyT0gP=>o z1ztjp<|S6lcmfC-O(;J*oyZlt2t&`Lp@Qb{xbMuQ@%6;_+OQUCvSnzm!7k*WZ!mCE z52M2)%Q*CpE5Sd}`d&{$c7mn^d;?e-380H}oCG1LQ)cUqjGp8~9YRhF8aZqzCLA6f zJM*mBoa>^UM_Xk$h_)Ws8WYBZGCHidAWQceXsZsW|5^xJ>c-Lp&WU5*t3AGRd<(9ectCo zTfotWpRToImSjEDHMAP|!=t8CI_jAj9ah>RCSF2<1r`&;)7gxEku)(gqGc8^*h=Gt z>a&Q`08EZCP6T2z?W(BqCLt~ob6*YH1iUzZz)7uDU6%oxBQ9DIDv`A>CBl`Q!{4Y_ zRQYAY!IWl?hL$zY^cDk#RzAu^?~BYNE|ZAmXz;mtqEQ%1|qh!t&rD!@>7p)+33EQl=65 z$$1Fjx7J(94BPa89~{=K`OVekneyGUsIuu&4q++hTCUG|M^cWa%4rg$`+@1YDO-6s ztT`>_Xuz=$%*FyL{h@(MQvp`{roKQQl|pVo(1J1RH+_>%i5EiZIz#%;E>KKk64D5` z0TOX}Wn*RI4kU|6XM_u`{Zaruiv^^_Nh8VJObHh#POvYWZ5%gca>tU%U5{r^P^W8g z^9!*cCJli7($fgr(7C)l)A~|pZbf!m10qyYGw-HHWvq@0i@p_h%P{gof)kGm91<_4 z0VwG+zaPMQV1P7KEo1JqVNm;+I&O~|D>bF|qm0_;jiwR`KeB}WLry2WWWlKh2OxY$ z4+v5jfW@&kn`tx^az`U)8buF&xf#~2T^ZbB5fNl{svmDHW%_|3eU z9=B27nO9NPt@bN%g;dzVdWS&s-7AE-=H|-%SyF{9pK7%~(^XCHoov=c4wUDO^g0ZX z81uZGm-QL2qM&wKdh_p-3~fOoxX|r+H5D#Giu7P4SQ;x@-~P}yIhg)Du25> zpxu%G%Dd)(XU;@9y%%l3j+apgW_BgO+)72AeQLxNqs+H_uN<)3%(*bI%f(W2>CGx zDyr@I_g<)}gPc8`p$OvB9U=mAbh<9m3}r_`sg&FZ=QvrRnaZIkdkv_vyh)IMdU0^v zkP;jmkN2H1*I4}k+KRv{xu>I0$^_kzmDvt;*FhomN*Pp?Pn>dtQr>}JZC@d50x|W0 zrio@BY>)#rYVoaBQ(;OrOwvT>J(?JAAlKs**aS_yK(mkqwmn6c2o5AL?!w7>EoM=ch?g{qFWmrYo^fD+xf8H-!EFHjcF6d z@uf~oB}bjnFX;5`wd*Ac*cMjYltt-{_f5z}$Qa~RU?6!M zxSY!Cp+8VZ#qkXTgRSx{CXoO~ecMAvz1X)pDs8J&5e1I7i(u%(*`@5(akht~0cJ$< zMcx)F!j;-7Wua8?kkT=Ubd+Pj5N8_u95v*G4vq#+TqU@UNt-2e$bd_h94woG zLr-RA@Dt2c1{T>X6`FT;l;Vza-<}%=2mwJjSeeLzeGP@9hANVSqa%RAMI`6XNs#j& zU6LhBR>nt3NhKj&Qk`1QIxofyws!DFkAB>c^E){1**(CHTfF?xc(xb6+(}8inwZEp9YQOQHMfV6M(E~<8_7}mCBp70lf4QLkze#XgYkcwqu&%nN4@=) z!JRe)z2r)&9SzOKRXZGhQV4gAxU)WXJVTIf2AUUx!(PVetn+Uo0gxDPX(N?+N|M~| zQz*_X0~`&sOWYEC)bjS@y-zR3OCsUGyEUZilmB5>VmC0rgkiA?gOW`Z? zU1l5xJ?Oa308W_2n~ z3%IKbW*m`wmMjfA2Xduz8fLs*%W;9@% z;NbA?fesT>&LiZDNbq~m@GGpLFfzh{;^1)zm(YoS;>OmfG{YoZX5lR`l?M7xGnKK8 zOX^$iAy>sm0!Oa2Q3-SgUJ+9IWHTfM8_Dp8BnuV!^x~j_9BpQyBIQKU zkR&Pc1UL*)$mYC*t~JMXM-l>taP2T0n=GIv$Zw_W;Tkv%d@t>^M*EqVH4!9P(g;@g zCc!?rBnbtK3lvNVT5m7TzI7?2q{@iX$R}XCY$1KCtT8PHW__wppCrPsjH8^+P_3su zY7Whj37W19FspOw9-D!hAD)q8G@6(!i#C8!cB^?YrL2osvczGgw1EU3%0h1TX0t3{ z_h#&vV(34JOW@%^p3_8$+IHicFKn3Iin22m1XZcTTL?;Q-^LNIw}q+-q{1yAj?E4f~!3x~=L zklrJ?dEn?+hu3`j!z%*2mU>A^FZ(J_Kgv zXDPhCeW#N(Iu4IkFNH%$pmTL@LL#h@Vcm#k;#*{4ZEoF(4a1+AQP@i?3m8XSFULMQmNa~PfWXnie zpxn}7V7&&vEYNHTu9rC_nY)qdl3H&o6U;x$H2{`adzeFt|13q0y3N|dTkFu3hzn|6 z{V4>c$#wBGCQ5M>nJ`VYoQ688@$uN%{WXD)N0|XpBX#gO#SoTgo&H^Zy$}Fz)l3W0 zx-{`AJe_)K%Qa>1pdZo%@JK)erlF4VwH`d5G`=(XCJ0%31ed`hkgPr|h(3W(7O&E+ zNAG~#!V^_ZSBGMC4BthCGT=baxSJ(VGNGWY@zW$BkpRmm;Up3r^f3a(F|^S`s6+iJ z#QqI$6`ZgWf`irrlx>+~18gIW=APfmNfMqj;=Z}*ciBbPW)c#}IVPC_a# zfV;W;6?|)Q-blIx{&B_-1zHcC-N9NaTFNOvUUN7XD;>%zKMKhl`zt`odTgbpToSQh zLFSW;!*ErjB~&!V&=E(V0&9)FO-+**jE{!X+Az^iti3a&XQ{Gw_w^Zz??NSh1tQ-T?0`wHUPV$Vc_E=Kqd{B z>3-Z$`#2se?V~cmD-CYOE#g4(;sNoo!#8oG3Cr@t<%OHQPvZu{jT(N`bCe;_YYv9) z8Bw0MkY7yri_93Mf;Ua#3bX#E49@s)zuE;1;zq#?T?m|Y42E_yn=bdDS2LRH1vN4B zePX(AXuugC^wn8WmpB_iVvf9}0`$8MPS7q4fK8L!xb6`VYCS$R>uyS=55_r_ zT3nUa3Pcbkk94g`PYNUUnE`jxJfY*m(SDQY>R}xhe0KHv^uud4we@Oc#6X{9LZ4v! zOg=1mPeVG_S(l7Qiq2cHUX!Y|)#C;#0)1Tv#$+ei-UQEP)JF+RRY3x|jted*`xdhG zvXxe&8kL^<%Tc_Uk55yvU1R%qOZU(()XrfD_S%OvWku)Jrr(KYvC>J`#j_$krLNKr2 z@AY&l3{D8TlRGG(5fNo=)oym{n9S5m}_a1tlv zTCjLxN{K2II`N>I%y;rDoXml0+Qb#;x0H&Bok&y4JnYvH{)k1|hhu_lnTvHiuo<~2 zUL5vvL@INp11TGDcE&p?tWtK=eq&ueYgpV^5WjX79Q_j7AWO1Bz znBHV;%$bh{ox@i}M5_>Hr>E>Nt3~Ds0VmR!In=<14 zV`s&~>J?|!aiS896td-6LwK$L08FFlL9Orsa@HPY?w^nwLb2kGbDEw+ovY5cX}XSa zf9QZ?unuoba2#uFui37N@m?0p>bK?KP5p$%y^%&6cPzOfQtF-w2H}6qzac6z6ru{E zGzR|bmQg7wEoq3sc03KqlDp*$fTzYhn@ZD*&^s#ahw%wG)A6e+!r3a5G>I1sU0$5q zS>|INaHxD=U@A?wq^Bg&bK`bj?XS%u^dkwEhCO|SX7q~=4OBq|cfb-*(L#=r1e$1M zq}X6%XhEhTn4ND^%-2(xFSl|n=cI1RE0rR|Jc8mA@aQrPL!BW9b4{wVN*kps)@ypj zdYTp(UX1XCm9kx5d&?jNN=01u35H>tO1iy6=SCG3*>+R&;30ILq&~S}$LM^WV#t z1tlB^Y&|3v2}|b-u%q@IZ8@Mo?NHou{DUAlmx?=9xnE-}7Dmr>hq-}8M;&ztri~!T z{EMLBAqC_kkFO;;#UnXXP+t;uB4lDwNQLb&-W2sS!AXWpC3*r(s+HEt@s-UG zhQs07Qk7>~!Qt4o?iy1Zv4Y)PpxGLpA4nt*}>!bp_Ke8!TcF4F@k!VyH*E=d6T7$X%s z4iR$jDWr_lZ$Vchlt??!zGw;Y01>En9du39b*dAy@2gbNld90zc@Rt^@xb7V$uH^2 z&GJB_=H*oY;GqtNLQr*N2}L_)FAAgWz#$}|F{W9^TPsyIxXi=aDdB>O-T69|Q&wc= zleu>$1lsW*o|xngD&aXw zYVUPZW$;KVgG;&rl9eB;rX&ixWUl09;HDIGRHmR~FQ9WORP+H99ECa(l1vwL5TmBG zWJaT*qfrLvfrFc^$nfr`?;U>Kh~#z;8%lVi@sTqOE_iuqk%@{0@QvScH1Rx6geMuN ziOuDqRFYt_vH@rLfHY%Bu!Zt0d1GCIic_;4K_*ID7UYqMbJmwx8mBSk(aj~b9T zAwHZNZH`fHSHqf2TsLL6tKl&e+B!Y^aPj^fx_bTpe!RGPeSTsyG~r^Huax7cfC5D- z65MEhfv2}_@+##?Chyo-Y)A$T4RM5S`NN*sYFn}dk>64b zkyOx&p*)#~fP{sVPjqB4@fVSn45(1TLqb3nbxS`eeA+^g=?Ln1*qKjPDy^8|ondQ? z6#(G{!GX?oM3)5ZLAG!T@&fpFNnCI9!sJ~G_`Z(27T`f%K#Zo6ixWbUMmA)jqm-2b|PU*A{Hcdw81)kyOaM%Iq`o{0MtbLm_+1@nCwGGpCz;T*%Vr7p-ML>Rreko_vkIThR&TDX*i!ytcB!}Nm!f! ze=0$)T%BN&d*B1D$jd9cUIQ24jeDNtg#%!Qp{Pz81~5Yv#5I9$tO(cCcrXIvK_lh6 zo0f-b2XwUe{`z`fM-PtW4A5Stjo;7oL_oNl#H4x6fjNkR>GbJp5lvO7qu!CWfM~L$ z>`AVL=~fdcO^9l|tsRokLa5&v3}9)hihv?IKyUc^wy57Zgoc2kU*)i8m68p@AtG{{ zK|<~`)Js+5D^kZmIZGOf*D-pSEb64-BWJ*B?xqIopy}Bd$g`mlOhY5bsDJDrn2Kvt zkT^g69b7aVqihHL4N5H$@k(Dl2U7qNR%H~eix8Ay3EWDvP;ybxI|x3>UcJ)UVf2~a zS9T)kRmbpLF_WO5V1JP{&37tENEU{)-^u4)Du0lo@Le+nXQ6xP5H29b{BzaMdp zSU{v$6b2FR?%R1br6vRImBaI{Vqj_II+!Pf{KG{y3#6+W7AQ?`z~DG9 zyEyLaS)vM?hDomE9FrxBuA!i{3O%udHWio#na9YW-itZYjak2nCI0d;vVz*gx}xgX zCKOn!Cz^uUvnaef=~At>4IGwKMKwvmG)FX9(#RbvtGJ|S{gU7)OSF@aeBMqRInkPq zB2>+Xiv&}L6@bjeRYu!fmRxyM94BRSr)U6DykP^w6?7*jP}yY>gwUCx)1bD(LC~b> zckOZSKiYs0UDxS#N_bFLiK@PH5I})9Aaa>Xg3g@O=PJPceN3Y3 z1)T{r>U_x)Z99X8$ZmM3kX_z1=$=r}_yEiH`rU`C|Gs>G@$N%DFTDyQfiMR7oh0Ur z33+y7q+)iJZ+jZ)$h$C`WIPHdU&KpaqC&DT z-qrL1vDRsxOc^M%x`v$I@bGAzGq2T*R8-w9WZHz)Hr;w{SkNX^n?4Tb!_!n1JBV*^ zOb>RjhV)~2bX?MXm21l?L#)z)X$B}$yH=SvUMZ`5eRjMw+l{97pW)HSO!eHgYUR?( zIN5D(hz=AqzAaf=F+ed*ae?-+J_~U|XOsl41JEoX#1v_e0-EW&p~`c3pj4i(zr^x9 zzkYk|)Ql@C0(q85z#inLXwos6Y*7Ou=d!NL0KUpQtSgols#KNlchkDo!@j!TAF>GX z%zTi!pJYtmf3Ydl8g%_mhE20W4o7vqb6T2rI3$N>EO|-{n`UVqjt+A!bGEt};4CYb znd%cEflyw%ST>uX?`b3wyaE+S%s5q*Y3)RsUiOg^moCr0M-)P4c?D2SuT9;UhvPx* zz059+!D34m$=PdO%}L*F7t<6?j&VM=SqnlBAI}BXP_8KiZ1)o_m6M7VO@yY?`0{zRAH^IcFFA*k+zLNckRi z#O>w{U+b%K-)Tb`G!IyHWyF7)Sv%(^8_|Oijh%VjoLdvfOQI$9NtUt3s>6-3V^7Uv zUnx%Fghm2k6Paw{l3P?uVvykrEcz-Tm8z|-xC7T2zaUj=K~7mzTb!u&dJvBAOlWS$ zSmq6;)Hr3-s66lah`E%IARZ*d4F0yQNlPoQ~Y!239oo8=Rtea15@fpQn< z^t{CH*9vFr_|MFj+AM-5K(Q$ftw)|!v1=DfuHxS_AzS-H$@v3X1oE4CmF0c+urE^W z{M0>G^+qC)2#bYY^s zoqkl#Qn?Z8t8Z06j7s&S3p=VxDz9`{oSQ7q4NlQge-uDn^|jpo{1jyr;Mq787A zQ9b0c{5r`GGLE7(OCw*YW2sOlV4z1tETMA>MhZPK(@bX>xg|-K&E->HrSDYp3EBMb zdoTL^QEwm6x*{p2A2Uj?1{b?wWN!HyX32r!3B;2oCMB`EJ^EBc?D~VoTQPl z;N+I2lxNn~8?d`5WQtnjtY)_!)5P7vTRAxZj9GzAFqBbR>Ut$=HKr3+0CZL*sX#Da zvwKbTOM|0vwtMdGfOnr+XwLgr0wia00oDhKc1t)#>`o=3xBhz)(krCOc2+nbX_LoN z@>o_dBz$2-+U*x(G(fpDpE=pq(Woe1#e^ulO_%svuHq)FdgVh&eF&_NO6_G%v1OLP zzywrI14p~u+-oUX+Q?^S$eFa^+AG!eD~nAs&xy=?@@Fk=tLQ3f54uf#qa*|)-?+6A zK5`S?q6o7ssgQ3186hFrH|2U5!EAOa^A*&w3`61zNF@Xw9|k^6ld2AmdkQ{3yW7gO zlWEBAvcz$}rA*)wi=RL4zy~f!0$EWcOPp`bt$~6jkn+-}z%f+D>I|BuGa4L^EOpNn zB(e7{D~Io*8tY|eGjQtZ=9(>mvZL0}h1fWS~+;-lS zrX2M(WDro}V#KITVk~C zu|B5kmY9p!k{hA4vz;#rv4x?lF)UgBjjtalfw-dulBc|t=}a;i+a#kE)+12z9CWe#7)Io(Ek+B2%mv8vdbauCLVJ@hg%W3tn6=5}KH zE5iX4HS%^iUIQ8vq!Ils%_6c2C5_Y}QH-ag>lWC#Xqb%5>uz45Pn?)2gDmVrm7>X% zg4-zSZIccLVJ zXzXeV^ScJ8tf+i`3vJAzDzzn8MYSz0HdG#*(vTpRWsVtH4NmQ#uAIzay8X_m(?dFe zcni5gYriw@^!~4$^kTfmb$74wp3RWCU9yglhmPSu%UUc9D(C+QVNi+;csdqUN**Nf z03mycPU+!E3gjsmd5Wq@wglya#lT0?qC8~+RfN5Oqw^Jzv~LWsAGaiXToQYWxeT44 zH0_`XSCoOct5Q*Eu3F`wQuCkKv)h!z8;{HEsV1jRz&*%rx%yK`u=zYos4{4p$7C?< zX9}m<6#JFF!DW4kQk8>++rwc@BT|(VzD{ZBbkgtiO$DEcb;&Gxj^_NHjM6G|;G{DY z5U%Q_+!H1)<53oQaug?G0kO%v@~26q8psk2v{2cUJs39B{0@dk`J4@|e!{XiD$_L8 zmI6~hFS4P1a>S+?{RTRtpV0;X_vz0+Il23=dN5@yBsjWX=j(K>D?>IE*PD3>ENqcY za9qT;%w~26ni@BT2iYB{twxZgYB2{Ha*4>@R!%`^kYx_ZG1FN5|LnbabKA(dH+ufY zr|6OZRzRu0@4c3M2x###w%$ytG_q%+Hy&HZk|&j`GbMmTQ$z%!88j%FiSpfV^|SPX zg`#9nlDF<*sxlS{^u9dn?Jx84Kvi|383BOyHGNxJfgW;=m&WkbB%}3GUa3)Ah zJr5JYb>ih0qN~(_l91ll)3M`EZ^d{8dmlE}p$}P{%ThKHGb}l?5PaAZRo%!M)>2rW z#-N&uiK~GCV!moHD*2_s;2ucG*SnY;52$-{S;wwA3vgma%<}NYnSB=09!Qo%Co<;l zc|PWC0^307J5JB)8Ms-7wyZQ;ERrx01B=e%@#+u?B?zmXkp(jVLqL0&P}|@G?b$Q* z@I8AL#v`CsgS*0AI;DaxxH3Dj`z@u2H?&oaQu(EkmB#3xqtg@iU5BJqXpBSs)xL_6 z77V@$Z$BV~DiTiRG2L?MRCH+UZwm0f|7I|QelsqseRT7M$|Gc>c(SF7nnV0zCU198 z3O1gDA|DDP4ygKiN|E7&S%pD3e2}NMw;QIk@4tE8&OSMI0S}(T1<~}G*iu!N_0{F5 zfE-s;xs|~L+AclbI{z}eDKeWz1KbP@s-kUx9;XJ`>vU78aBt5Y{A)uChYtQdc+WI| zrLb1wI5hIARAbmBzzc^!DJj~55P*o8r8uXwau5%IUqhj}iTEU^mg?Uef2mV?&G}2A z!*<*5C41@DYtszT>E8igv+{A!hOmv{d?2;f_cg%x=f|g(Ru7PFa2an(7P$ZVwViOw zx3VVqq6>X}(V5?(g2MKG-F~wFW^V_hd@#(?8Um|Ts8E_OwQRIVZ?mE~0spZJaYywt0)`jYMlMR*D%RzVlL zCKgO}HoML_-We4+%0y~9mJ0brPL>Vgjzk};3FhxZe8WJ)VRpQN@qmEHg9{5aR7EyK z&xez<@rP|A412S`6}k!z)-$u|4Q@$>9idq}}@fB5W~Sm0_mXO+C|xmQ59YrP$rS@mtXbCidXE${$dZGvMrEnXxHz_lc)( z(GK2;GA(W)`T7@HZ2QUUz>|mq9Rhu{Q?tDmlY=V?NPjRF+xKsnV%;bv;k zmzjC<+yORGgk5bRnrY;X7jECfVnmvMI;H{>vfcfmZlZlhs$Ud5<8>+mxE- zQU-#^r;iJxW2l<(1@<>h#@nZ4yrTd}W|mbs1wLI=@)pjg%XzlYE}wjjX~Fy-Q5C(~ z-|-?b)fam#+IDVwZold$`1W^hXiOd6v?%Tc`_qlvrn3kMl0zJNp3A71Gjv*PqZ}x1 z1P%JyE}%`1+Lyxzza_0HD$ozZ!&Oa1Dyy5e6lwdusRI1!xjpN@+c>e(sA$KZ-p1x& z+Du-9(gz4|CUvf%C`;1d-D`06@tL$)U103$uL^zFrK+S4Az7(hYP)PUb$jeTe|6ub zEhsYUg6{5+x8wfq5T`{;)TP2=EQ&SQo2&+Pp@lcb=`I%F-yOEL!<$N&&tKTJ0)W}) zUg{sajKR>&IwS@ufcG8PshG2mAuy0piy~7ZZ>Jfln+s-KET_D^+SJcFeAMsR&To3S zK0oLcHoJ1B=8UHo3EJWCCOfb-Zh9;|_b(TglzpcyiW4>%o-5ejbOGaPG{UxMW6 zUjBgnO&wADuC6b?bU`u(OP&M$xvG2(?lbhR?vYg@H!4!<)|GKF;BpY=p~= zY!n~jssbG85>gKtN{#UZZJ#$i+7E0p6H?<`HbAroybM~Gsf)LRfQNarNL_3l)U;uG z_Wr?l9+0#6eDbyxTpH3N*mbz6aq0Q%VIT8gq+&S331r^fWF?+|cH%bO3j2EjRJFrM zNQ3mb;EJ@BY&u~C_IJhxXGbbh786-%$$n1D0zd{@JEEIz2QO%35X`!V5|6CMl$#mC z>QWmvl_O zNwV|k^$2mjLw>J5Ro)y9@Qyvobt4x#v4suX%I+xi^T%v%iGQ|nj3Y#}gE$fVj%wRH zYs~3(?mK+KV(_7WNDSpxHcEq++>6Aq5S?QO98pvv6VoNZZ6a37vuEOcPrD=Gr|oIq zeeLHYdBCjP5GNL4N~IV}m!%_&yud-1AkCDNfMTV2%GjgW88Ru8Lm1<>AHgcoF$O#a zx5V=h8zo_;ZoSBT3|jA=F5hjqh`$RJOFxxrNPm6pgM3!IEA_FnJBaeT0Mu($X8;ANW_H2y|w%Z*iBsaxjTg|!AZK6oX&{+qZ~ z%f=aXrb|dDqSypnRvQX$->v2GHeWzmRhM%^9KSzt!6;nohQj=JL&AJZd4YGH>Mo?p zrsV$L4V)yNwGSyK|Z^yVn~Y6R!`}@K92+o-bq_L+YA$9&O6U^?KN> zi8rYWdFn|^^!0IGI~y7r0`~TMYV748%muDumO2Y2jt3Q4CGnh)lEt9K74{+ju9XnffL0!WZXj9 zyanDsBL$YBgK!@&v(71ne!%k|1GWOzsL8#$FD?k~WW3zWS@?4A%?=i95hjd;!MR>U z*GOr@ev2UaWz*aj82I-p%YVqqteUtm49$_-0I9G*+A1>uA5<<+mB)&>DNH}Yds@$@ zmoaWCK^a$zKb)VR?jDHktjb4Xyb?AXcqFbqogQ1n_zgGXi=it#g$XK}70>{F01|e( z0AV6Kx9Y}J`mcPP;$av5UK_qR5Kq6ep7c#!umn--v?~X^PRNd;4@;7TO<*$du-+i6 zmm;byb~341e&Rf$MbdvTd7jDayH9Be^75q-UN7$+duUTk)))81 zVZo9w#!Kia%nD}xAnV72P7^E;ZC{q{&yz9C!d+@kMPa_EK)Bh|a~ssywdoN1rf05( zcO8Fw9mk?(9wx5`D(N@n_et$w_->E*ZmaRK*Q*R(5a`$>|7?c`TlexZ{awRk% znu@Gk%(AhhxFHJ+v?(r7JCDM~y<5i779l2YQ9i^83dZ4aDl!|O3CJ1`!eX9kFJVU~ zH- z-J}$yczn|3b+J;*csXDAdD3QJ7d7JG@gZ5sTgSk!a#>oy8MDEEFE%=d`-T6r;;I73 zPS}pMoMw;)j~QjvO}hK8y7?uumzo(Q@@E0ZA)+TrOaFx6b{u=u@4npzjVZ*(cc%o1 zK<@7=3pWbVJ4W@;jRg@#p5(Jbyud(*;?8z}*Q1bo!goS*qa&eUQW-j;u9jJyRSn^6 zG}$#+$R}p2BbL;Sti6^|6Fg9&k@virxdK7svM_C~Fr($JL$d^~QFFP?Fz?@;l_Hze zN^3M-JNq~Fpav4*V>KVcWLP)4Sv(X#FcKt0wjohuGfA*k?vYu;C}jRou0F|W%Hso< zSSHL?DJ4E$OggAid&%=CiV>KKA~Rh29nvsJ{~`v%uqtIjFWt_HhWWv~d#M{&SDTFbs=EWF=eEeiX3*s@)@At4K&| zZj$azVfzR-i}cn`QPG-q1wzc4#lPSd>_rix!Qvt{Ya@3kuV zX1bI5(-i$?5p}O=*xruo)bj^)YX8lfHwUdwnN4h#GVR({JUaBpVrp6xTG*vBe?)|%?vv(=Y3~m%`i=NbGcv?)(=0rqBNdVi;)olfo%k1zr z2Op!__MR4aCpZL+rwrq&8BfSJM8YEP9SVDny?p4R*zc9=V$N}4*6-dt>+hmid|Wie zy!e}sor+Nfw8&{$L-+-XPlT!AI-xqfVK9&)wmryti1*V%V!|dv9|#)sR1A4tz{wgwu^NtIy}yvokND^J#NqQ za6ksQpL%EXU}!+XkRcF>X+uF$6&(0QGb<{QPKzolFCigkCd&oGkwU|Qff_*e>TB4G zJyy>tymV6FKw0OuUXF2zyDM*uru*f>jL_?3KWPgFY?lf6HIb|oX1zPsN#FRRjtHKC zdRcK!B4D{KRBqXrQHipoqzmv+j!PNE9wgjf)R=rV6It9a%%mx*PkCk6LlCl*F>S4v za=B2sQD;sZjGM=(O}vpXvpk-o;9UmhzRgyMWlffEJNjm8Hh>QsAmLK4b5%*=US<$1NLs&EJy!OxZ&nIui{@$Js^`QN`eJp3$ zO`&S5XZ%t$2)}l9g~?v@g&*XIkyU_yjmi0){B@T-@1XFk=fWN+Fq=$q;8ost-I<@0BgfA&9jljj_^ZlgH560VM%wQ z*xVlQo9E@kEWD11piv_ALrKzy%BYAStHgft;!(2ftK@(;1;eMitVjr6!q9Jyw!SGc z(dsdPFnS|;&|3R%l@Dg<%d>2{(brcq>wZp^f@dyTk zcrQ7bMNK=i$`!3)8i^4Ab10Liu*4ayxG{4t(Up`$zAw`V9quh7v@I~KOk{PP!7(vY zx&aRsqLbm(OSeCV`PWNM-j&&8mh@9b5XLWsQno-GFbN-2V`zkS3KKWLhUK9yNqQs% zO}3!jt2|Sr>z*jgcIB27i`ygTxJC^UE2Y>%8Dw9 zBHQcJUyil7;1~}qH+N=SP9np%3mwrDEtIk`rlNs)-z6&UPP4!6HnmzB@pz_`nTht_ zVa^zY2RvDDKPECJb5Fdu(Qz%o{+P#REMp!?&db(2qbQ6#2mA4Og|vaNcDX0o$iT!E zTuUvhCJ|=^YZeetmquW_wew$Saa$KnBP&u?uZg9@!F&=3Z1FcHD>uRnn(E6OihHVq z0_B$l#U5%f>UmAell@`mL7^$KFLMcvZ+#jbM{iR&TuG< zJfSHpi5Amg6s2hznT0cHN?!4cn~CTx3?7aGiYG=(Cjw1(QejyfI}xLVXg8l8A#O40 zt=Y8{dWnu&Y6NT#*bSyKFF=5Xo|?|F0TQ$b^}ocXeG%B1Coa|jRV$uZJlu$ZosG_I z3B45zVc#BM#B85FXQopx%LbiUW+~RSs;M{cfQ*tAy+brOZc(9T1z`%gr@?vQb@7&2 z*;7@Ii#(UrAyHeFN)a4~LzpE!u3hjUKfw=ls@{TSI#tUm$MJi|U^O1Ayq~hurvN#X zmVz_T9TrhoS*g{K0-f}RpR^TcVB_^D|7KY(D#E?CjPxK|hqRt!_>FB9Blt@%Clk<5BSElzSl{3O9@}(KY@`_gjM*`*yb~2h zfQT2S#pZEY={V=C}nm-t%&Z;Q)zYf0wrS~NP}3* zR26yB6^EDIyGcpXd%m~BlK&@4lZBPQ1#Qv&=ZWThfKUHhjp-8PWZTp)CB;LP2MCL_ zS?#DJfC&z6s)!9QG|2WC@Gr+h=1~5cX(O0+Pnn| z3-+pM{-OE5WW4dquuL#8JV_Fy*oe%R^EuKR;4%geyP8avH3+g;1zMgC>KC z2W`y-2bV;s)SQ9ga3|ueL{@!s1wlX4mOS(qH5MB*1r{Hgi@h0)8ilY>=2koQ2^X}u zf^A7AJj6)zgf>%caIf*|d;3E?&L-E4g-}hTwqW2!t3(knh=hiOR^G>Rsb^7i=KUo- zvc40eCL=2Ca-NNlZjy?EV!&cdIqZJ{TU=&I5*h_!$w=g?dfGUrzp2Cvd~cLUPpYCh z<{*t!k0RbTpj}dV&>t->ft>3SY_07V#k8mjJxij<^FotofMKL)%?&8}F%1^QXO^d& zW~3v9$j)XIW|{VnDQ3MUv4!2G&}|Cep|lgU=4O$eD@x2U&n_2a>C|R`yaWqGHS{LM z4ua1U8F}27jiMNVu=&lbR?DlI9rwh{HTsV|+7P4416YtW}jj)K_UV=W4}+VN}d%QRSnkt7xJbhopZbC<-k) z&VCje#E6A2JfiVDbLKRRwTq%72cnHT{UCWg^2PVU4{@}nlY`{7ifw5T)Zr!iO5ZC%)O{3MG040L@fFapss zB$|Kj$Kie9?j)e>AH4kTWfGkS13<~UsFV+v1pj9RotMukmx)ZCI0mz9v5*zwgPXtY zjM(Khql{f6_t?=HFPn(1MdSttdO?vFQ*eZlFquF<1_{K4F`MPkjz{52B`7I4xsKP6&_Xm^{S$bS=jXk=*j#2=P%;-`!AjY zLJh1%vPq03ZV?(JroCq#3>=1*QIyBd-b`c;Eo+(OD_(PC)(Q5o5wVqS(AMws?E8oR zAN({V;2QKR@3r@{+F8q(t_Z8fW`Hb@JIOX=L(gu<|7W2lzMYS0t^e=f;NbbeLEHcL z-QM&6@&ElZK32F;wVzZTUG#kWND#{%qrsXR-7GZ7ig|&x}JivwAWs8aZi}HQoqTw;3zd=%&sVnEQ_L)$@g_AXJbLGAQ~M`mQRG zMHlVfAMWl3B)>a0ipL(j(S_OGZm`G(wj&nVCacHka(35a+G)t{)+FnVvc{^e$v9WgQq-Y;3Hq%PaH5< zO!xT?gw$WWCE3b6L;u_XtD*UgVz}JP=BY7!8M`m-^PlZ4+D%k4odfFWW+ojeqx~7n zfKqyroI(sFSo9wkvO1d;Q&VuaxHx9>$lf@sa-=vRLLw@~QWp8n8(YL0 zLL+?t4~|sp*X<`BQI?&rV_7!=AiK2k#lw9(O|}Uq82jujpAlM(Nl5wRO~%vTZ2;n+f2??btc_$ zk;OTDr)3j7n^&4Vm*A|gG;UM-US4T*nZWMKD~*eZ%6Lbd0b$a@uiHJz#av3%b zuj%rUEsFOa+otxL@=H^bW35x4`3b#pu1DQFy=N(S(6wRzVsY{D#>}|9{dN0^qJPpa zYo!sd-R=6{BVbWa;L9bZicsaW=8#*kg#Gm-yLt^Qt+BgAyHwsoAi6WZ>~$vhb~u5TE4K@uOeR zD>Anx)Ops_#g}2S(DifyL?vnyYV&{(;tYl$`#s?r*(!8}N#M6zc39pPaq9{6dHhlBk;lE0?v&tAW$*N{Ev>DU8MIk3(q|$2I z+-B@pnq(CQ8)L{t1R)pIaz4gDOy@JZ%~pCOkl?UD%O3cems-XXJY|l`(i~LdqRKo( zP{cMOTZ$=y%u2e8-(vG_vsy;M)dZ`=QRgRcZu(0mTP$jop)b#4xbIP8(480J#$=_L zC^%02M8(8MFtIqN$Vg%afIDZ#J1*soECbsqyUJW7${{6S(h$&`nK`g{1*(Ssn#(=r?;UsD&j2g48!REiS*CUr_{B7S7JG2$N@i3MI@d@G0x zS>5z#c06QWAW_SHNResyg+20%Dwu`splOE)R*>#cJ_Gi%f3CNC$WiF9XTHT94A#e^ zL9we-Wa0u5OEb)d4R!q?x$-J&f;mMmYj5^-PsA3O6f+ z4TQI3Z-wcOznX~DAd-D17Zxf5J|Vhhr>$j(&OtK>OCwChv6fA2u4&QJhVOS5Su@*h z)NXgMsqKW08j&=HzWe1^H$}6=pwG;Ouyhv(NeGccG;~@0!m@1HxzQFnc9!WG(&9BW zhuL{sBqWbLbMd6MC>vb@j#6el1)CjSh2{*c-cW-YEA1NN8j`LNDkK$0@5IN%3ENyQYr$ZpN#bo|aFMqUsX z*i-FdZ^#F+p?iHWguyv_cOr-}vF%Mz%5;y~2sjilA-)5{r+h%LL~yo7`1N)M)_8OX7w^g5gd)Md7aAh1eVkT zokvmhc4?s~`4CFmI87-ZQ;SaNnD*#LEP$FCrc4l4NM95X(|RHI^T*d`-q5m> ze!MKoT#MyGz?xn#h?_U$!GMjIRbC<(Mh3K@=3!S0qMtFZS*FFUEX#1j!X|Ana2+ag z8oG4@7pR7fbT`HmaBKrLPo&q0(6PRwP82;ey4<12%4S9xE)ZLd5}Fx}qA^X_T3^l< znrR}vC=2W85{;b9s^YI0G*ABOa^(RdgXmbT{9OmxVom^RRtr!1fw~gz69cB<5Vu-{ zlvYxxX@tO?wPehZrIwK4Oqm&`$r$mBgg3zTZ?tv?Z#iBza6nJ8DuOd7=%-f>wZOFH zEuyuX1&U;j(5#Uw{;F2Xg^tuTXf~xR(O~y+?Q3FaYHn41EwsF{o0cv#n=n)~B3BZZ z94Wv`%v^{RSeQZF@OB;rE3pHoFxN&lX|xk9thMbK=X%exl{H`EI3NRQi=Pv%DRux{ zrX7ZGR^=)(mmcQIOj*gZ*j(F1A`_Sg(9&B;h#bFey1t66dTbUD=_}YiN}f)@*~O5P z0XIJcbXK-`C?%17KpTbk?3ZJ^5l0dHX--S`9X`^O+WQJNtofRbC~qqpF-Aox8tX=c zG-{p&SVuy=9?=nC{y_m>=ATGtnT{X}6aUB-Mao$l3~U>)KiCvV1mJ;mw@hn*{pC!I zT3S-LEFx$R1VE?FP3j@a1{mvvovfFYMvh_+MN=#hM>z7o!`!b_{6&q8oURyyfQr+! zmIn7_@96|~JOYv2T-k5n5B zCBQfUyBY)YZBd$KnXwVXtWQWNq~l!AfF7(R2^)QhI~21EENa;(e}pVKFei`5U}Q0; zsMx??>u20V{j_*yvtmjjU5t)tnBqJt_C`mY_W8BxpgNmy8+OwiCDxoBLE+?04c2}; zq=3DZ7%L3tQ9Pv{$H6|BLKPTPj9*!!MpzWa4Q@~rid?OttQlubta96sOT<97qrq^6 zQZIoAuZaLM@cOh8!$4=LWdyvQ6l3638~SDEOAR_O8)S2% z&|pd~;RQuZ!--gxRAAS;yVP>JEHT{__o>}Eu6BJGMbG+J{*8bO*y#1CGYbj@GaJOIbo$z*O363q=7VLP|s7=j$Eiq>|m>* z$+1O6N%YO+@b!xqFVf*oE|%l6(6dWw(r_;kkyLQoM?xl7iAZf_ofZ*iMt{}(O_^z( zdTDS}tDjE_OUZ(%LihuTSj@)fsd<}B=CmjqSzk8U)h0EQehrD7>uVkkty$M5BTT~p zrf@z9-}yr4RL6^luww`+?xSdv5@>Ff-a|rL2bObPGyDWOhgtN@bYOsrLdYr$y5?7Yd$XUcLmGdF)kp;VBA{J8IS#Dh`spTzUaKX-WwQHXIvg?`?RtF&yT6!u6%aBfeL?t9tcD9dCcUV6oVO**K<}Tr5`)#Y(h+WwZw-;mLfC{KjE|_#uQM4E2K=+C_Q-M6L%`taj;fJgk66me4 zqfEh(QI+mb)ENm-!x6bM5 zdt*k}SZUs(U=g!^gFXDDHxAjNMEU7kQS^H>+HshLo~c_cX6lxsqtIvS?GDspXy`8I zO{ot_08EqU_aJ0LlnIunrtN1J*F_5WAYgQ-cKbP4{O%*eM>!P-SKe+<1-m;@DnYTc|OHs)ZDO((-zrTQCjWsUx#NH?vR!9hj6j6)8$-Pqq!h7ofkwx>(3qx4@yp=lJ$vto{E)AxA;3e#MwyGhyxe;u@aTbW%+8RL!{2T5 zqjCZ^PXY3l8G^<0*Dvb*9r53h5b?EKsbwQ}oB3jwrZO=_#GP*^b%U?u*-DH3y*DpK zte4}zh^^h@58s1~K#vyH)fTD&b|=H`u#rSsh64(s0!AWvedQ<+#Mq9Ge0k@o5M(mT9xvUyK)I#i3HaQOZ8Cf z%4V{Q<>Mv{irsBWZAQBF+U2!eZS<<0jUSh_**0@kOYaEw!ehd*XgR>xNr2myAv9MD zyi%+g(~1?|&{4T&IIM!$)F4ndWjlg`ez5ArDG;2$-rIW_hDUhcM^s^dyn`p?VX!lt zz?K0DfiGbwz^>ji9*r#JTsHM8qBeE=W*_;=PQDuG|>_1F=oAKB_9D|;+Uu3 zo|3p{aUXS5G+L0_Cz`CjLdEA=%7u%mXtD;7!d*%Xa$V+G!^p!OodyTt20Pu-D-Y?Y zwigYniXbpKeGxnSN#c=~;!7z`9-?pI<)WW@H1g<@>M0msM8KkKZq>H8ry>kx5^IyC zqsaTYMXh1R+f$9g(+S#Tj)F8as#!Ca7r}))i+C`dI-08KH1#AmQ(@H9boAS`+OD;z za{S{Ku%3u9WEa9DP}{=#mKwmrrUg0{dnA4@tw1+*0l+^lzrb@)_(ws=p|xEQd|RcO z2z*DXvhygiYIU2f(ADL%aZ5dBRPq~DLx1R7s ziO{N1c$6L6V+c;CQRE$W!P90F%NwGnC9ZJ@4ldBFfN|d*5X{pk+ zYnp5_lNQ$vFxP^!YGf_bFrS`vnh(B|aB7h?K$Z(=BHVZo7H%#E3sy(}K+|lx>tyd; zr`)FzFItXY8bHbjflMiTr1WI(avJO6s*-sqxdW+eMhsf!!aje077>U5!-Nq`ESq*< zO{v?8VuY*@fVinHd}Yop0smXO2zCN>*S6t|{nSPl45aosJhM_u@TOXHcrRIdWW6AM zjU#Ryvt8CB^mO}!kpu!%+r2On%(jW#5>QHHx%q;E@J9p=4t}6XKB3=(o!-o3gfD_m zKM{6~(*&S1j62{0WJesjVY}V{Pbup77yjHI`}N;5Il=zeHKkx7yH6~D)Bd4$2I8np>RdTJWw7k9|$3&0gS|qLp?0zqVk4dNeCmyM>r{yvH+7P3NC=83uxrg zQbQ6ac&&QE4Qz}7NK(|?6j@csbOu>|VZYL-loU2IQ%XypvQ07jE)5MWH=}RMNdqeb zzF5@7P1eXi$`#oZ7Iaavlr_#Yl1;$+fToXH2HRHjClL_CKaWmNuv5MTb#C@JAG;%S zzAq&31p-<$?W-V)#@ClyCSZHog4k%Gn6tTE%+&Ux?vo-piYvtNiK2H|T^4@!JBZX4 z!fg9@2g%-!CEY##^tLypnw6Nyb01_{EKCt$`~*c&*I5Bc6t~J$RF<;3lE`NMb1OK* zx@Mp~#LlOxX<4x49CBGJaGQXe1MJZ7Ado6sm|Hrc&B3Q`F|SWep-V{=iysK!I%mM~ z48{r+0!RI_V%}ayiryZM0_ZEfVtP9=Ax0+M)M|y??x7|^IU|r)VD1BylviRdvkEzz zB|rg)!dzK!AwLI$uF97aAo})5%fngcKtvFkZZj=(HU*dPvT=qyh@C=TEjXvp@tRTd zGvFTuSs}Mo=tEi{Oav+ONV&rj_>$$ynzb3(lCXbKW8fccxrkNGsVbHiz|>9Cl8BGX z7BYslFPpmSB^@mj(+V@D&=u-iW&;#mN_@iz2)H_M$(k{Qup;n)H0F@JT8TnO?Og1+ z!VLQ;(NvwEtla&_tD0Ku%9cgIE$ zS}q{W#apDffFrknNiqT~?f|aTlxb1>mzBBvp_67LaD9`XpkR^k`BU9qYtCxtjnl{l zhE57yzz*9J@5|Pqfr)=Ri8#^#?LYEPhFmss(%8-sWqJvRMDH*} z6h+(=6(vgX?O=Lqro&R!_|X#+pYA{$Bzym9sl9Rqqf>jQoX^jd&SjG&%(D{eMK1qx z$1Kt4E0(BeFVX1HOY{k#rTEx%eqc?Z1;-GRAG8Rb6_D_bi^yXVpzvyl67_>qU}-|0i1(4N<%G49uG1y~XtHa#ksOh&0+EMMAg&}t>QcHtK%JAmW!H6T z#F2#8MyFORmqz}&6@SZ9!`^>~=r=I1$VLH@n;^75=Re0PyTeK`KX_gj%~S1I$?*b2 z*n5X>lB;=ERA?JSwa+HuluBL8JYFs$i+2r+Ca=h!P@|sJRyV0z{j(6Qp9O353rD)Y z*bRoc3vf6PALb3oq<0xxXReoc7kQ}=?k!|~12hU`O{dY%wAf+}4EOX_BJ3rMkK*{IKcHe(P)zs`>G|B!c;Q_%4CJChct!`7zAH^S2JFGKx+r zXAd#=UUzgcU$bRD*=!np(bEh^o^$!O%fZ801L4=0^56n%aU#4g{!J&MpZaYCDZ+i6 zaAy4MpJv)>wVW8G>5oz_Okd^&S@^wCa@OssIXo?_`pWyIk@dW&Koqtc&sF4aGf-e| z3%a`fXG~F7ghGOjoG9afV<0mp--BCsq0WRr2SzJ`jHF^N)spR8eb}e>A1Z`~y8dFc zdq3j6-%|pf()L&aoR-L+NjXn;E>+BYXd6#U~5S+ zs+Q@uy{>>ll~ur|BCw6V?b@PqST)xL1l6hxq6mFga3qXwP+V1LnD%ZfJMwK3#3&XY zJ;;;(ev!InR47ZdHMKBZHMB`=W4b8(o82I{U4B5$9&_}|K}0;dY6Q2>2(qe_J1(gX zH7mP*%oak^LuU~Hyo(6PTa9Q7?)NG5#x<)Bp8gyW(_E6 zl;2&B!=Oe&eDX8{i-(UK24Kwgsiw{iNB7(sZnB~ zat3m0KW2^s;NK>u=vI_%cB_+Yp8ZW#7%G2lQQ6FCc(p8YxywbySR^n*m?D!|GcWn< z=!b_l2MFFl>@f2MiU5d)wc(2}i1ph!{Txe7qu%x#~7|Uy({DuQ1?l6it z6`hf?a4G9v_8P@z(QnhJ=gG^o{jF`3oKDdzcqZpJ?e%ph&g49+nquM@5AixNyO|^0 z(Y*~;MkayZE~X-dj3`2i$b^RScc|RnrrJg=mSst2Y+sLnrBs-Q#A4{FM~&3U^n+?n z(IJ%fHHz6B*EdQJJ@u$YRm-yMSyQzH^oe6o%Z6SKvakeEbe|x}VxYkPFUksEj|@;h)DVv0wR`QVEd{_>u3)4%_t(<;*_ zS>3FA5nn!X#(|4&nwfw4%LcMkRegmwsza{v;wW~w+}_%vJ7I|`)-{U2b>8)+J+n}h z{_*37pDt6esO7Zya$ir^HcD1EKh|o#{^e5!H|)>G2D7$V{k>mxPV@4cpp1?U!w*VnQPRbkj0lFBbC~A zI1pHj4#}jmL)GB^*PO0|VOwDAO|^I*k&6GY1())=PdRfQyQ@gCy~hpeRIm z$Oa!m!b=Mh%q5`MUm_QoxIRPhho20HSxXJnZGe`&lAbwj6_wfFboTudc{TYQfMQ1V%szI z+M!=bJN(hS_#$(0etf!X-hQvL{D-VG*G+A$xH~X$m;CyrKXr&@la54cR>vq(we`AK zsBX<%G;XPsD?~jE8k_uE+T8G`=x!4W*+vgN;OSktaI=2pG{llrSW!3u(u+tc4vcw zmj31~3sQ+&C0GymH*MRdEvwkk(^J9+bNYYV0ee8pW=c0hE&GGg&A+Z?o`BdX;fNzr zykHs1-*R0K3HoP^5_U1pUWt>k&6L$`93fNT7{G``Rt96yDtSUo3!knhad3Spk<}kMF31}m(YE{TVufhS?VFMyL{7@A>qg;j2Gh)(8}tCTT#H$ z@yXjykg@_qn2?<6rW~-R{bqNZq4(cTe#?4h=}vr-Kr8B*rV0=Hq?m}4Q)?R9{My=J z%vkw8IqltGcf$N&YDV>up#uZB4-AbfwSpmCG@_}q>9m-%TKvE<n6oXy9X3Sd1<=qlc*057(H53F5QI*&Rz)ZC7@HzCoJw^tUlz#hXZ_9i< zQ?Pq-31<|D-FX0VA}ECk(};6QMJFMCmjbfXbj4BaxbZkeQCVl=^<(4NeViSyK+2 zXY2+btTwwhRV_3(I>jG9P)=Zut<>qT5BdQ+V8FF{=ken>5=ekj3DHvs+M@1(-aS~lc{wk5EJa?gVg{A|#& zfwAhg?4Ad|Wy{dngE-$@J)k&59|J}4Pzj`rENVHCxvU`VV!eU)x3cWI($T(qpE>upvg5W(H``)x4AIJQ6u`o@ z)J}hXc$qrDdYZ)T(|13|vYMz|<~vEaE9jQ*ZHHS;-FDD501`)R0YHI}AOlxGGN~Il z_+9F$*9^a`Bxnb2#)mWgpOIe^eJJXCoPOT zVMqyqWzoIH?ic>{@ZZvN@oyU~yr@;9CTfj3A?_gAfvp+z{D{$mx6Y4Gx6B#1_4)1T z*26}s_uJ@how3HfJZyB#!qxVWHmzyY8atzVdC1=QHBDOAs5K@=_j0eP@#|W&woz-W zi|*xKE8}n2s13|;|6Jq$9m8U*;X#a|qq5}N#8EQ4=nur}ks$lv8403KC)qBImWxiFDYsq1eZA>*^JN;*W?uf2x9aHP3`8BT0UnrA> z&Xs?Ie%hv`&y&3Yo05HKv&Vfa z?I(jDfBbO%>ErwN?>=2p{?l-P*jIcu?(PN&RIbe5CXwnJd>*iO2VF|tGS36rghGcH z8V@MyTYpf@xbLA>cYE`e{4&qoWgAbRSB`n`Un*;C+}*6c+H@-J#Crl{>5Z3EIDL8WqO;ueehO*+@tv<)?)PIsqSQ7&uQla_TS{-AEf zva01oT~)>3WG-Y~t6Dq4C)ZsD?gvu@@_y%H`{b%pHTWcd%!=~c-AQ+XN`7#67i(;Z zVASR?`W^)VJSb!cA_rz?zJHUAeJ5V;z23X;p}y{Bc@Di8>MsBOH9a0-hGHZ368PUY z=%mgHtHt)nlArBJ6BbLiU@&7zPc+L^<<-m`nu~oZHTWT=Q2NQDKcTd4g5QQ zLMm`Dx`MnuY6BGx0EA^>Igjk_hAP6^?s~qkARNN<%#Mn0WCUa&lT~G3#G7yjNu9XnZWC_SXUYSREF1o){cn0+( z5vK?&%f|7}-(X=J5~afy7onz&6J zD%z8|k$Q}-T+6>MrEaui4%gK3Z>XF-e!K~R^h{1vmA688ys=BOMS;l7=~KLRzzq_`tcjr-ny=9^YL=-|R0l z=q^6^*gg+e^P6^;@q7za{ZwZYc`EBd0u*_&eQY`2!+pjuyq4jU2xdKY47% z9#ata7c4E~jPjv93LO09|DZw0!p^(<(z7Yy-?T#!lDsn_|I{wui8T2{oI}>8(1*gd zQFpn_^A_{yze7){X~U?ms;6r+J=jnyIW&Rpdlx32g>Yi_ERmERq@xQ6h$s8BeBZ*+ldvMeKx+H zxVzb+_`^ME0Is`c<#G_Y2j>AW&kNv_f|>n%7T59$!aslGkC7^p>tbTM;j#Y@ceg3^ zF+?gJ%epxW6f{?+uc$Fc`Yf~2ih6MRDR>fsVZT}l?d>l0BgUHIzR-KWyJazvm0kl% z<%}5#+8k6r;jyFzvkHw@eZH=uvLiHC`Q!WlAT`_^#C{~|eHlXo5zAJP zv>~w}v^F>~L4CCrhk(Ab#m@Cl>#k|UX<%QWGCva!dfaDc(GZ{=npy7Y;Wt~&U)5dR zyLFA?(7Oe9ujNWCvZD5bkP~rCDAT~5E*V|ZA4V^<%}mB^;U}iwDb5?Xmt=Kgp<<#RAs}<2<_ln3 zW5NLdE)Cu85Kd^xSv6p}BMOjT;7BY`{;p+~JL#=^(mmDDMOXvp549k(-PN={M2Zng zoqcCg7P0ln?d~N0AXtyR8;WS)2M?({50K|!l={8e3jIhkmykFZ(2zt&)e0i_(Q~?3 zHa5x=aA~m-3;~ZWxZYZm=pAD1%N0QXEP#F$lp{t%^eCVEib$g9sABB!L&xB5=HM_A zq7!mzz7#I}0sj=@{Qo@^Tkn>&TFBiWWL*~37P5%D323iWZytu?KyD6_H-PEuF>q2b zp5lvEQXmIGW+l(z(J1>MU&vO6CN#;y66(8ohLnXUtGrwf&xAtyND@VeoDb7RF=Y<& zDieB97LGiV0)nipZ{-7zWyn=3!O})6Hr4 zRs9Ft)cd-huc~ZLUZzrk6QZZb#N5LN6UAl9+=tW?Zks)BBmly2Xe5C9&WpWw#s;=U zP0Q>`6R4&#%ajOp%_XSnoRV5;LBrUgWKJHXbn zsc9~COJEdwvBvN33H3wWThFMzBPOptoomh&fop%=+BpLPtJ}%{_^hA zpD*8jIJ-PM|8#Wz?x#PeJ4tlX5C(=8&v};U*aq$@bi8FNY$$J8H!#7N97eH7H7|@9 zfd)Armk7R84!kfhjfWy#s5~wfF%`(@PT)yP<}2q>OZ3fzF=k@q9Zl%6N=>Z`m2-{G zJ_>c-S7lJkLgnjfDHf^Nwpwg0(U8G3Prfu#R3N16P@8IbwKTW&$*CK=DEgD52kuHi zxFnqfqKn)U7Cl|lO7|D-Z+R4(Si+GBoAkE|=oV;e_l zz_Fb_W~6$*jqW_gOR!e-*-x$QRMkc{gn!~|gX9DoHfo5$z-!dJs6NRoU$s5xcjD)w zD(1_%sFw4wtO;-ip7Fr6fj`#XQu@B(`508FmRj^T`EMH=0hA>vo@-vDdHpK_e{1DGTNb=X` zpK=geuKuT5q)C@V9R&9TmuM{+z`W3iF|9qP)~0*JV;*cZiuQ>200V-Liz>Gix6}yb z_#MA~q=q7jeyi}IjYeuH?&r4(^4X|SBz7JV4J-lRi!S6fJz=Z%mijJj2Szds8PGe^ zcmEOBY81GV%)icp@6XjW01nud7XB<6_}#ut-nf8S`XOto)hN3WLpNz_xJJNAidQm7 z;uP=cbkJfdN;z%BxXh~S5MZXyad6K_d2!SIQPl0}eBkF!{QV#IHmZ@j*X?L0%3>0l zL6h3Q$){wagrJBmUJdtyo7N^S@@k)5;NNv(6xXghRPj?$N z@7(8g&$AC~)ImQBUeKuQ%bG@IU%q{#I%JRCMp+HL{jv)gw2y$%f+lUbKrR<`TWvrx zTQ7||2mJv~yqT(tzZuz~j29}8xj}OGi8Wb|OBqvTF}Gl64MUdSsRqE3k54~;cHI4^ zvYyDQ$*v$+3?2~PcPPry!N#2=c7DjNPsGQnT%m)jm|AtdLmlFiC+^-H5Gq>m-B>o+ zL2CN)dN1u+C$g!FNe?1B|6sH9{kB3fAvTJPau$1P^CpE0K#B{`h4SmR_s0%~+%EF0 zk!NJP8(4+-kYEcR0UJJ2p!3QdS_m6p1l+Nt_Kk4>hDC!7GWn@d-#lA?4Ukil)y;CT z4qbp6MNfV^1c7xUMbX6TUOr{qHBz74OJ9?KhU{By>a7ift^a+4to1;YHJm%ssnO%s zqr!Ypx!hf-oS!bfNu2-i5@^&ymFjABwlF*NSXJiiD1spSJGTFenYtCgZVw2M@CGw{ z@fn@X%^IdGPcmK)^k6-}SSKx~{W1WI5lkqtoQq8B;;Q;>&N_FF4kn?8@~T61{n{h= zPW0^-_d57{Z6U6M3ZvS-|bfW~4TF@WGAh z{T3T_+{+2s)2RC%{AP_>sQhiA>m}I0e^};MvZFLwh4Hle>>~+1soWvmtglh??91oM zS~Y<#_dayT zd~LHfZV^}!!#9srSvvU1i_=b1m>qI6Nf8->jc68YDkrAzp4`r|CN6ZG#XUcpZGoV- zg)(2a*(HKTpGnNs)03IZmnGtE;(G$&Z0rC&fHSy6NBP* z???@tV68?$fX7Y99djqnCUv$z!k+HWkN(_=^!c9dyMS7a>T}xy-cF6Np1ni%=tlK^ z+ig@I=fPdO5#NXyVR)gp8in?~P@eBJs_&uSvQaZtsk&8Nr%`{VGAkV=b?i(&?uP6k3^6#^fKKz9-jI2YyDNRE@I70K6~~-HS+M; zGY%%sI7LFF{a$|Xj*W{77Fnro3C>@OZSgy?zjyFrhu!@1Y-Q99Gq$Lt8eE7c72 zE)rsrEwXV@f>{xBW3oIy6c-=fonQWN^5N~}*}G4_oE*RVH4>)4BMsTGhhmTa{-CN) zN;QX=T*lvi*0MGaK}wCAj`Nw5{?gD=m2#9X#~u~cSS_m@Sw7gu^2g;o6A>h!=%!FE z);e1(YPG0=b?w%LuVP}pkxV%aX9`IwM7kd_!5&vuR1~wp{QFTvOXxPMEJuJXwQ~IZ zNJi3S@D~+_iI`F%ic6AJ&_|5u!GF)Co zg#rF{S!a<~Cs?gb@lRW1YKaI^(-6c~=IFCeAx$HNh4;9mwI7#tGn4gP)p7(KPALxW zCiOWTAfVYJfXu`^TaZ-jLb4(p5$LbxK;~8{6t^EHBhAhIj=Y?3v)-3YC###ofwT7s z(36VOpTr{5`c~CB23=>Ind)WMV9wp*>T(Ikf+^j8#cy+B9?tfUwVK;+1Qq#5x%woh z-q%8y>GBJtkGbUz#X{-ks)p1Y^W9ZZeYrGSQP!7>T1_C>{ZMQj&{F;p0AX8crmV(# ztb3fVHkru@9OcnP_bHJpALXl^CrX*1!7DpS6#ZU2dv;zdo;^Dhf2PC_PHy9KbJ#2V zn`Dm?26VVTz2wnvyj24OqsD{<+OCUoc~w-c$!Klc-yoy3l{%U&ic1K>;&s@wUWb+| zELM0qYOhsO?6t(5f>GO-_=8y|nD*W|aE;)F+Dzx*?fGeVnzfos6yq%YpqT{@>&o(6 zI)988w1=!%F6=9bC<(0TlevWDZ)%KTG~iz_geg|OrlRr6tSmd3E*Y+< zFccmVCU8f16X^|xnT)lK;4#L1|IS?Qi@MMF@$K}Z$P6|MnYjuF2r@~}WMgh*E}FTM%2kci$5> z38vI}KM*y_CwW!qre2xiw~>)JD|f^N1Zj$t?~?vB%3rsi)Z=Wj5;wkJd$o}m2Utq8 zSp3aRZ(ZU|lt#-+%O(*g6(RncwV|qV1r^K-!2ei|DdpR-&F~Fivmc^&SzQ*=Qq*YP z9A2la$^=Vzkrfm!=elARsCgh)u)pBBOia{b#aT_7Q94k=oisS~XBbqMh;W+}&4`Av zEbSqv8(4P`BAt;b32%jQrf1Rhax5oJ$tM8`t#FqW6ObrlZ!s}wQXCs0H#X6j$YuTSSXx zSyHzW@$4C`q$O@CvxzEsE9;@%kUV<^Kn;9o!Rn~xL>4zPH)90QZ5cXBOLc|%evU1g zEys8$M~h`WnPtv^;5wOzBRIB8b#;Z3highLo4SxUlofe&dSd1-0;TA`e+S>0Yr;&* zfB#id6# z;2G1OG2-ohKU`x)-c_rK$RSrDqYQSnMGf8TzE@8|D-$N%cQLLJ<_r@ge? z2REDU$}+s!P(Cs1jLgecLQbNitE_MULH~^H=IE^z>JlYA)Oovy~$Vlen(bt&uisNw+VS00e5DH)+# zj!sYX4qcuRo&eZ=gqCQOm@X^SGf-75R|zX_tholE>{-*u`NGH=5$weY$z!IgW5BKG z2nx%pEUuw}2v{LN8w3h&4~N4O{d6LJkdw@u9>jGMB(Fo-tx+{Bv-aiHvbbEraLG}^>;nk3&$lr`a;N9JJ~d=N@2To@S|USS?#oQ^+!IukRQ<&dp-CQ)|2I7PF- zN_=8WtB_=W*aG7AHXB38#ITATKGsguK~O~?3T^dzP5a15+IaRujz9Su?AkLwqkwNt zE8@{Z*}Gg>An_D(b4Z*`BQK@@UhRUpp zXz-2@xrh4*ro>C)na7QLJ5zx42FYSoF29|qAN;yC3D_DPUW>7w=)eB_VTDkz^I zACZtbipU7WD8pGL{_ykBF&P~Ep?Io!m<9@8)2Il9giKpYl_DdVm*U(SUsXBHZ7+HL z>OT{Kz$`{Iqi6ct(-Kxll-Gf`g5C^`Fe49vZ!9@5Fh`E3Oqd1bwxzkc%q7qI&LnGu zlg+67OH)3ccxjq~9{%^OiBi{v1UvfH;TFC_&u@+RS0lRXqA^dX>2zzfh0B~@i1E+( z_zy=PetP%wJMTpRC)zq}>ZKfQnF-IXOeqk=@ekV;+h!61H*awG!X_=oH@;1iH?WUT z%VM0{z&6r9LBS*I#sga5Yl5w+0`>14BO@jadx)$JbDpitLASCF0`GuJ(22rk78K8- ztOSJ1u_Tx=G+n_(+44I@5n2N5r3e*Zafs++PH{H;`1_=&qQK%~uDZk@2DbfJ^PrXV zXgh|RDZ(qmTzW?OOnL@3CAldJqzyWw-_5h4+&%mG{4|Q---KOR*bz5J*&HV-Yj+!+dZ#4wb3V4<;nRj z$-oSWTTEFaR5g(x7@OnlMplK9;YX~s*3z1?`_0#hX-1!(mqcfb9M*n3;Sh~Ofj$}# z{Q>3)ViHUnFMs}c{KxNAMF3xAscvy{cHLnQeMZMC_`WH!K`k4YVpBKFLLxq>MvlZx z-O3wTkI*5DJp^kSn~Pc9&&r}%4V1-};F^cBz5&Z01I`9_FRJEn$1%JZ3?N&VF!~}j zgJOdQd@HGD`KvR8rk*s3241xZBt0NrS=Fi#XAiV1)|#}}L#w7m0gxN~w$xIK^yu^X zA5xK?zCSwokfIuDy3IZIOq9I)YyQz2IVeWF|M=6%hm>H~pqZwpm(6M+4@GI@trWI+ zZ&WuV$uPFz*roS^OP!qpLR9c}|(70qlphP}J6&&7(K>-%m; zG%A{4!iG(~x3VgP@`G>GvY-|k1|mxPBjCU9_i(c4CBH0`nV-3wt9m7tI=ccdq#28f z{pW~6<8*_>#%N$AHk!<~*Nm82Hj;yG$U-w-b?_4X@w-o?oh`?Blor**8#}-cKc97i z)ZKoo%mo414%EU!v1P_(i+%5^0xJ-jmm*jZPc@f^_Gp@tJZrL$I{_q4EQUaM2{ROI zW)XwE8YPWvA>e>=_@bFGcT~wM@yuaIW;d$HMZQD`3mIYMbUAXopsmWjxh<2c1WTT+ z#&wa~05D{%VaUfwu`nD%llc1`oVCWBxa^^GOVV2?{~vpA-qk3!_lx)6yb4y;{jKgg z*F;E+ReGND++_yTXwVP_O+9BRfvv$XH4ru4bKm=K?Flx74AyKn{L$5h&7Ozv{tllH z=}mNbD3=`twF^mzIJ$I=fHj=)(^Zw1EUn?dWs%Lu6k z6pu)SmM}VyYr@=hvAaeZT8{*>2;c(Ys3s0RVYmrMo&fN3Y6@!n#+Tyz$h1LR=i5+F z!&?YC-A%NIy^9yVg&ehEowx);D^Ej*@iEp&uY7^6%0UPZ> z9H~NFXZO#T!Vuh!7QRK`gxknWei8(;4gm?e}Y8h-5sZSVz8tJs$OW17E znssS-KZrb}H$`U}9LC?{+!wdFJ&QW&amMkB*tMW=e0v!I+)Fq$y%s)Uhl5l}g32VW z2BzzBa5(vJia8vJ2YH?E1}U^XN&9F$e#tTmrl>h|I`w7uf2Kq({_{IT}EeEE`WK;Ib%Z z)EyFw5hDPgxXw?38>UA7XzpVxs_FAi9M6$?|DF#bYSu>~^99}wYsw=$-ypSHaaQ1Y za|DI~w-J29kc&11C${D>dlr63ZR5n3AP51e2h#9;h67M4hfIO%?V>dse?X{#F+406 z9O-h;bkg8F>{ftXcl;p1$nS6=Jq7;n2IW`wWH6O7Uh;O=gt zRuotvS=MG`Y^72Z6l#)ryh{a$I>*UDLQK|h?}fr%Iw{B%eW^3hrNE@=sO-uRVIXTD zMmfGixd1AQBmH|1|Gh{5CK;sPH%Osr38Vn}w}Af^@ZVxx#2Jd>Uiynjei74O1oBJz z6>bP^hgio=75C}iE&O+j{!I!=%fPipt%d`$mVswhitx85-uoK;lVCB@MWB zq5Jyo#0@69o*5?~Vop11Ysxzz(1pORxi~bRd=hqsuR#yNg!+vlb0EhEZ}ae$TGf2| zDcpfFtOz8SVgVDcRyu)^sglE5Ka_F;tiU5!+NehG;(qU>4M%$m(SE=(;T94STriFT zvH_deK&f$xikGEr#P{ZP4ZL%FC!XGB4yTyE3hB&>ptuB-%$vK36S@H3JqZeb%>R*k z+HpvQfb{^dA=n6n{`3PI#5*K_5Sh?FWI9XkGv?hxA)@KDc!2jvSof4g2Kxb$`Gb6? zR?itMozhw3`1A)fmr^>b_b~`fc#Kfu1|NCVJuhmg!XN6~3DM=^eoyb?W*A~$Dxw_m z0voWFIaF_Wp=P>#GEca4r~I7lgp6sPC|Af-;_jR%UPG8iLJ?CRAlJk#z(co-t5$BWjJlj#6e-Jiw|{oIV84O**Happ}zF>(xIo4eY4loX+K;N;R z|8y8bGnv+Np~krrfZin}hlzw(xAM$X*=9_etSL23Y$l#dhO z5nVGq_Z`;5kWnH8Q7#FNeb7)_pp*)Hq)z~tASsF{%5643@M^Q2ICK%S9`BmbJ>Vy9 zV9og8jzd^6#HNBHQSTh!+Hmu9Ja3LfncFN1I$4B-%gmk==Q4O1r~5p&tPgq!CaK!R zjLE1#8QIRS2@E;}vqa}@oo=~V6H))7M(z;h7BZkLc<_vLdG{sSD6~JqG2tv1m=W(J z#3qRYj*zCPqjY1AJ7FC2V)PqtCQI7D$vojdr;9oh(mf72rL0i|Q0)V=+fJP@hX1Jv zf+(VMnjZxoQHy712Z@g+rKMFapp%86>kx}7qbnk^B*^?!Q9IKXr1XUFASMMcb~4ZO zu^I<$uCZLu2#Pi_171gPC{v|A$csgAn_E=VG{E*(h7_V8b10seRH zRI(yF-o+7Ivs^qrP9?BXJ#QTfmLH{errptX^MF zVm-scbt+_JSQ3oy7Tt{+by0x30tQ(yDSSctzKMbuxT$kL#Z=n#@MctdnQoFrG9c<) zmfrHi4zaCVVqq@TQf0ClKlfb_V^Z7{e~b0c$xxVqZ-;^7lNcE;59EBv@jUGKV~}8L z1Ux1Vd2(x`ei%%w?>(Htj2WDq^I0_N`li)64t9IGyRucrJ-S?Rs!qJ6cS+O(w_N%@ zPlJYzw`RRbcF#0b${-TW36um%IW^-#Bv~32wZms#S0K9$(t6yoc_;J8hxjhrZaNOfR_)NSDk01Qc@Yt z21ypH3^PgTNQ=IobUmT*DZE1za=givEG^u%Xr&NOAL{VFP0$##A zUc%IVoXTi%Idgr4p7o z%pGGgEz0@=D*-(?$8#qJTp?uc#K?snw~QPYD}jhO9u574?=F-eNTjr@DPj;hJE((R z&MAt_;3k>D&ALE^tvJVg%c?#t=>(++(Nr4QZ!**z}1SYm`0zy?qLK?2kg^PbGCWq0c*AQg_v&jc_I5qLI7Sy+K|szM+~;lXuT%$ttKtUtyD$UcLuz!uzsA@@ z5!G=y_$0lxB8z;wsd3Hv^XihbjkZQ|tYtaw!in>|i}Fhq?*KwWi&?z6J6tUnrjEEaJ6#imHhI;1jGI*mj znAghkAhf}huy~HFz^k*3<}Qfo`u_x%KfDu?Ob}Ww+wsW9maqb+J%QIgzK8<2jz47= zG`bduE2^E#`S<0#5j!o7l`6hOj@eSojm>-ZQ^7&}+7 z;$-S$kDt6md{_`6x!k7?yrQNNjmWtTxrAY%93{kZr9-V^6E0I0;g~$So!3#j z;TBIJ+7L02!<39UU$L7hnt%X%tDs8`!=`;IA1l4l=%#aiG#b$loF%!K4QE3NGUtx- z$<$t&T4;{Y*vd=dB9^(0(M<+V&*k;C`U|92`&8ere?rP6u`brd7P*7bvw(HNX3sU` zDNS|7BxSX9y${z@lDUk>Ev4ng0(*p z?)HH2QQQ~z#l5{&b0Rjt9r!5TH5x#$1i{?fPe0CF?RJ@Fy+0Q}eZaiR>}`bB6Dd8j zHA@7-+%fx^D5%@GoZn-P`sStz6kx%H!ZI|O*|Jio_f-nF2YkpcVf0TsL>e2M#!PcmmnymQcg+QWI?-CF_1(6*yKrVEOW%j(B<`qo_uEc%yUj&65xjLeN zn0p+JpZg{A=tn|05^FgYMKmR*gt%7jJ42Mkwb@pe1sKXryU-d?CS-sGwFB^ zYuVXK{4D$ZZp8}v z)ch16okOE8X8Im{(0@iffczWr4JUQbMAtoG&9!B%z>iLqM>r;8{ysx*OEq#r;+sfn zRDd^J$t976RPanc!a7Q<R)`g}-MZ zI9!b{*|E_Z4pW+9H(plrR5D1UpV*i&5Zwilhqm!dILRD7;sk{8A;(E@w(RiXvV6>% zn3+8Q&nYyY@!<#iHE==xW>Tv?nNETLk7_j({kd9e^RNHvXo}L4)f+~L*L%w7^g{k` zk_9u*>jL>L0~q?R>kCb}VQ)jD%cD*Yf4uzizq7j%MNF~+-`?RF|L|NK&2o=_UDIdywYtP1+{~{unyW{wGw}`&6080p6PJjN1gYCX%1z25 zdmF4&jl3362n`f-;gtj9Cn1l2;G0modvbg`cp@m2*gGN#m@UT1E`Eeb^ct>DFF=?60xC9ZDzUT3QCcA=;Mxur$>@zMn?O06q#ryHZ@jo9 zA13?~xlN`bG!ZbbLxBt*1C8W)n$+}}yn4+SSb^!*(Q zpjK(XA`VK$;t82M9OJu*8=E;hnF(Lwy24l?b0<^`l9;>AoN4M|1c+yA?gGT72;wB4 zgy>yZr5_S4NMFNC&fPqjrvf%0nyw7;kZzWY;~l(ZF5lhKy5Hq!73ir`7-iP@L~#^Y z$CrS>EEY`iBm#W(6lN`hXvm(-2uEN$cf3O_&~Oa=T1rz^COid^a}SS<47V?h<)%J8 z9E;$7TR0Z%XiB>NUz?=QxRz>GXQg{3+C8M4id4ORK(WUn++VGj?zVOrBwOA zp~Spt+t>#_{XLpStGItt7R?BbfU%;0PUKupr7j$U>>X)0UpbbhF{e|BzrEenG%o>F&Gw z^2bkz&t!ruZ)OBIqWVOUtjK2-Tb@&2O}NWB2|A)_fG3~xCdZdrvcc_eNihP1de@R; z0-evNos#33oNLHEG~GVAG^PumyGxzRU^VbD@E%j^dSc#Zq6aqQ6H8$P(3!`2l~Vtu z^i$fmI7{R|?>Z)0@1w-@Z8Ng7W*`r)IRe);4P67_CKcwS* zc07z~g$hkAN2NZgxE8b@k^bK2=6mm z`MU)#Erx_IIUv(DOdU_4eDpUR5wcL~iYFAC*zCa9JuT}j4+xtln(X%N$J zhhkPtS9ob!68A|2qYoU{Gp#8*edvzu#8{CRn!ba#_biAXOYmU`%qXVHZUFD$cU(R) zncOciz!scwWUi50oN=Vcr}8l-vO`yoR5-^g)&=*bwaA>eGG9}C#sU;QhGaofx40NS zmpM|9h#VvtBab3sC%0MP_e@t5VmW*pWW8f}Wzo_#nxtdf>R26{oup&iwr$(CZQHhO z+qQOY&iUT=x!-f|pS4!ioV$MQIoFzFRE^p=n~jcV0y+4Ka|$BOE@u$EXc`C(ZI9*? zM0XwrgMc1&wb`ZUqqvT;1lt6QGueM-!xtGx(e>b-x1DkwQsYlL-6ZUF3_5$-ePQpK znzQ28O2V2~pB~}oAwc2_;VdcE!ynR=pTc0o`dv{P^^{Kaxtd4Il zIpxVGYs46Xw!hyHi5Qb#;?Ew2@HTTZE8;W>2&=)q0ZiR_`rB=rll&%=-b+Doz%uTP zMBE>{X&Q`zx~EGCHpvT00zG2!Cr$Q|g1D~j^kjATC1>`wDu-ES6j1`sWcFY|3ua^| z4{F}JY`?%B&}+ns5SycKhhM_`R88IoAEFs`Q)`Z$lZiXyoy@VqiA2EtwpJ*?Bg%kI zjh-|Ax6*x?H{r_ionxtC>CL%M#W*BJN?hgNJ4Q5Z$E8c@4DIjWf7=>Rt51i%5N(y&g)Rz*NI*3(h6-6af7YQX-x}W;K6*GnKh#laI)8^{!a-s?kzR}kt5P>o<%@abK>4O=MU&Ftz zFG^w${ySa*j^=HfZk45h>48TRbX7axAP;h#9=>Qq8S=c*|9}x`gzmP@NSezTLVSt* z)1-ms;%b*Gwv{{|vp7?plP5#WR4a<2)DDV85ya?aXm$#cj2-5W5No#<2z0tox;&gg zHH!WSj8>rb2<26QbX2)1Rx)Kqm_Rm-sGI1#K9mw78#-ku%(0jxj}rj0fRLZ<0wIlE z^Q09X$+@0_oOuXIapqf^0dF;&FwyV(%g-Nj{%HIt7{2BX_Xen6nr6}sReE9+Q&nYm zcS8)Dv+aU2253k&SdL!Ll@9aKkcjgZ9~grc3YzWV+Qd-Yq#SA1i9@>CxbFC(*oW&^&5_BiYGwm|n4zrgI)F1&PfyPTe)i5+FpM zWVjl~G9lAHiw*+Q=M3)7aAe9;7SeY`7nv_>th!~P7JnsYL!~7iLv-T2zKl``URvOW zG>i_79twz^y)CP;I{cnQ^Mm_+@DKG7qQtb5#D?jm*i&hNN?t6Mzh2@C*N$h+>h~=H zf1)8U1vO*T-rFO`KuyUYo6Zr;Rlo^o#hxjuVPt1+*ji^YT1vX(MfMkd79=Fqxa5NO z-w|2sQq_&;f-uwyR|UVRLRGC)wL;MSy6k{g@^#5Vl%j5l)p?27)T+^Fo3K;te~ZE` zxzNzj=1fqkzj>SHzZPIDPptb29>T9B@$ZVpYB9% zUM>=|PMORh69=FNw&dDtHsk~87zTRyY?{qaK62(mHFCZs10Y)ZD1m06Zm-mzyH)qs zsV=)mjQZ9B?$Y;?|I_PPa<^%WQ#UpMl~^_N8MGn+00$d?Kp zq{iQ*C^JKQaE2uPFd!M*1IMtaomy#lhn*V!%5zhiivG>IL99V9oa(2IejF&nN)gUF z;K61M#U6_H^*be0RR+F?%EiE@=&?I<;(4gjF(1Fr{G;$d3OsVH&>AIadU0?0Crn%l zxCVFS$a-{zqp)1bV-xOR>jWGXH1ue{Zq>R7-B2~EG3uGqhcFmmU=c&e1bgw8^cT8Z z3O&S>)~K4_Fv$ZS-9Fw8^yhD#BU|?)9nI&0-YciNewq?j0?>8F=3O3 ziaBz8ka!&pGm(ua-ZIY!6C-h1IJw##lfk=JkYgga>XT;ox#TwY8nv*W&GjZ7~GdnRYVFZr$5Xy7XCWp}r zvJKtSbh)SIWWyE$vLG7fLh=WX^2E=Uiz$xijZ9JY;147*{+N-(C>F)mX{$`W<4ry| zkT3GRcx94&xgHeDyxBn}Ml4biJ|~*|EmZ>~0D#_|*5k45?EmvcbbPa=tKZHJ=Z002 z0ZG4cL@k&(T~79LWEZ)Q)yd@TnT`R9fXR;h{xS29`>kY4&s#7lCuv z;JhXzLviF=(0i)P4q7BK8@G`Yd+A7y6QDvgVb3SkOf~e!Y)Nu{)i>t##L13H3*&(&S+6<2DW{eo>D2s{1AEs67VmI0>yNKEf)v(-2`s)*Oh3 z`=4e-MZ3n(n~4AHc%ZgkPClZ%0xKeoFXb~tU++yMOU;F(U)$AjD=UZOAy#akBkPDF zMu*JZ#*1D;|3c`s?48Cf2EiS>g%=A5k2+-B(eyt>mg?EOjs8PtKy~tx5WZ-hb_sYJ z1Y;QvqC z#8W>84~c`5J0Z&XUOa$5Xy3KL_ZQPVq4TVUL=7ks6wXVD5HV;24gW3vgAB6V8F^MU zvo=SfK_cXGyN(6R%nK~!`kZ5?khA5vA0H963RXYT`tK3#l_d<7pwuiij;*Qv69lhA z=KRWq+?6TVOjUi=&wLLb6U1{V+czjV<(#QI&R(3<*#E0@>zR+ES}mMmE@=3^7#+r$ z$R84!lL;Eqew=`MX-TFPl=>Ut8MZiT=xo%UL^q4e6S2q-jL;t6FRCU?y8hRN=K;i+ zl=(2#6lX|Q=!IxI(6qKrYTGUE+haM5;X(2^>L?Mla#u;8s0IaglNB)bfYgK=WBFz0TRyssm3bUs@ zvXVC@bi$%!i}~4a0qX^5GA|xX7qUp$5}c_gOc_5r40V{5fFX-Pc0is0FCmJ;!SfQb zzZB$0hJxOn8+O|k3B-rl={g<(3+peL*9Q=^DdZ>muZjE(?hcyT2>fv8f4`Li`RPpH z`#Ml6B6GVVAlt{qUdfq`L$3>@J&_#-;VV0P_aTvw?D={8Au(F8^b zay2|VsQIf+zVIf@e<7U|kOJb<;hk6%$=OoB?dcexNG@=CkV(@HWbxYu7x!{+<$@>2 zeQCJZ0c1Lk48uXU&*-CLV}bpu3wG<4jQVeoY{+~nst{%6)FMQEIooz-u&Q%jKyMy< zv-d^#6A*z(P1NvyN;)uHnT&kI*aGz$B^H=Mf+iI)X5v_njbl~dEx}THqD9GcR2*u= zKF>Kq>SXw6# z$rZ89z*+`hV?Q9;VL67pL+1v4qYNS^SS^;RYI84ly?sD=Ic0bUIF2}#ksthWI9WaO z@QZOF8O*!6T^#cr z%#eP*+X!ziaq_KmiTqM6SlQjF~o5Qz++w`bbw{(L)BW8X&WeY%`{OHc^(awN-u~D zJxPhBG~7G$Np~l0)d(LbLr~h-twK~qr#Dc)56-Gn`?r||B%&P)pEV39H#ppAasmMt zM{x|%j&LoD=$$7G20bdt7IJ#7Ixr0_>U-j0K3hK}=;ttwT;wwCFA zNxfs=!}t4&&%^gC1Rv3oUfdbr4x#!tb71;xB?~WOPILO_-QOd=i0|Vf;-}NkSP^i; z;jLpWEJ!-Z2l%H?FVsmvS2j;*q7}03YMhDl=fwgA)m0-_T-dyUPo231rtgqjIYi!A z%#sUKJ`kAf#V~H18D>nzqI+GTg%Uy-OmUDvnO?%&?f3@@x?YAk0yTM8_LD+Bd&Ywn zEhdHzX~)r;bC&26f?qDzz{N-G#-urBC%fl4A^xt3lL z4$pps0zry#x1AHNdr>T}h2XyAEEWedzRK{P`M83e2=17-?E?nBN|HUapG>a!Hho^V zItW*@Qjs$0KYi$zkiF_#I#3?K08rm!+H^kAOL5eECf|qOg05rV5@o)|Cl9pu zruqH&4j8$6xQRHaf$)1+{(>_5lWFiKqrEdIPm+vMYw4w=Jj@JH8CY;(p5dc+ zxq`uAkHvk9>pR6ZU5|xg8J+Xgm)AH_`%?39*5qkWD{Kw9edNE+ztdzk@Y)%rA&3JI~>d!#KCdLp@# zX9r5U!sADrs~H01^_c9vgnXX(IH)yR@N15yu&HYi;z!>DQ=*E3nCYS5nAVoA{B4%Z zW#;!1wHDzK;=6h*HNRw4ar3`{7fG5xAPHU?sfFa2`ZEL~y7hQ#W<}N}erf9(%w>m- zc#5&tLEi`44ZaU~)~|)ULn6lrzcpj4?x;Z`ng7Z;#^`kLDnKU2>LJERQaJ08qqccV zAJEb#w-5Wk-w3{9KkkJmndDof~ev41BscS{Dc_chyahaFzZ&cQF+rAi+?DVj3b=J zKZEQ4q6e*Z{#rdu6#g{gP|*6<0J`xTjCl|1HUW0F5Ysr*i7%ug&Yfj{%_pO6XOTew z`t1b#Sfc+|%EDl3_yu^fbHG-JbpwtG;9rQ(c3KSoAcPAp*qb4IxxA_JF5kAi?;Nv^ zYZbqL^+BHdD^${l>QaZS&Gq*U9{xflZEZZgXfg9G%s7+itiYV-p@+3^wJ)en>YoIv zu2oSQ^oRg>!SPo2R7O|Zo9KIkfU1O>Sw&YiB1>cT+Z(+5=lTG0zT+v9Ak2HwCe=V+ ztpfoLLDkI;S7v83FK5ak$W6}eIQA14%xwA!rgpt-tum5oT9^yAD*=hXSFa zY)%3}GQsN`J6|Gd6IL6-H=8<8U~3lhKKX{#X^(nV7CpojOic-X9q!kg+JX%OQ4@f5 z!l4sFW7)z|U>rX3*y1N$xX(}R#?FAlL3K-L^!^spCccTq9r|0$FjwC)q!rxrXG_61 zC)by&6+un|#+>7qe_v}xgW|j`OkX%{aZ#@ix8?@TeQ*_QGTdA=nUG(|ci}FTiEf@R z*E`M(3U{I>-)ss~EjtZ0u+yT=lEO3LKm}GXL#_EL-QZf4!BdV+@M+-NIU^`P;`7V% zY>z)7>NlE3)Yr~n*RprPZ^){zm>wwoiv#ToHtkokKbyCc2ZNFSSCTQGly{6f`N$1Z-+ahu=p%Bixe|+2F8o@WQiT ztVY>BF`WR3!zGB7$2~Fl{4LKRfQ-I001bHI`R^as%09Br5~>#LGIKZy=_XDQ?^szQ zhT{Y*&cTk;Sf4?cuuKOZwPg?57_*TPa6v=8A1b3d>+@0UY!rfTWyVhTH zfUOP}%_syigkJI6@X@Mi`pAch+6-ZkJOZBBR9i0-WIS-^F~G1Ixg7^44W~N7>tnXk zO$o;;4#^uUQCoPwBq#F3bG(U2gg2TM%(-JQx$Xs|Uw3X}rk(Epx-Au(ug%T7C>4Fo zjEmBYx0xpB_5whZ_S;%41}5;L-uMn*a6V87FIoDs+g36mohyvC@t9vM^?H6^v#EO= zgN9BG7uxA=dzoK01s;zCbR7fNUIq-01iR`cqqAmskXd5pb?_Cs^f!f_&66blZ6Zkp z?g_T~mVm%?S4+oJB1K8bZAT%O_8kE)qnG&-qkp-YAQabUH-SM()~VA>o73P>gE`Y? zOB?4~Hx@|pX>)F?0ay;z>wNXCAIaqWX$F2)%P{f2DnZL22L`DdU*IaU%|;~so@Yy| zQGHWgakXEe^D#HP5Wub}xZYLl<~Vo!*)FEuhVI5|La}#acbfVRtTR{pxZR|Xc!b(y zwN*eu^H&mWE3*Kh!M*z3J_ge=BIYvNnO(lQDM14=9v&X6fg>Yz9RohR+@CIcBUj-! znHI!NC6-!#-)-~PS)q9j^s`*Pg`9a+zPWTA`Ozqgz`$@zW09Xc3~4iw(bhg)T* z-N&bj?0?!o+cZk?u{K``m80~0PEUkVo_JIft4>bsp4vx9zmwqp)Pd-Q>}*){3oUHc zgBFozXQH1n$Pgu@x3x_86yleypDJlRmwRO%e)DvM zqTZd0Q5q-6qXt?{2oM9bq~$&F9b?=BB5J0whuHMbo@>=?swA8^T(ofcokw%F$N25T z(i&$U=`P#@I3 zB{Y|!IC}S%l)9MkT=0RNu>D-ITc3aTyvzD;>@bKfw`9m7>s~fLQO1?5qC**2K<@@} z%PmbLL5ZCzVYD8DB$SVYe3nn|y&?XChgKeh8d{Qwx_x8dQS_z^klA-7OeM#eFrmOx zF8n*IaB;0%fqT7-7W(8F)=}LtKp_f3ZHwU6)X?6NGJ&ytsl37bYB8=&E_O5ykhaok zQCPTVn|`o@o)L`ru2kxZ!0o7L(#ocFSUmZ@`PPUlCeiKsbY3(RGjQw@lBj0iNOlksJ*)fsE+?LNS%GC=pbW+y(*`wF=xv8r01x-#aqA^oZ{ zfn}{9xkmG%tvJ#tC$TZ`l#Vso|DG(A=oLqxOc-@Z0_)JWOZgm&OZ|Nc%)kgaA755ENi%sJ_csBWzAP z^INlLX`4Yim8M;~(f!ll1T2#)I|27TY8lY0)|1p}KB%MC>H1mTuObz+9)3u@H5a@6 z0IY{zRYoqu{>;a%)-m5)^~eGk`tk1Xr+BPjRz*JkAbv%gW3& zff2;1Ms~p7qm|Y28Avnz2D+F}C~B_ZsVw;TSH{?oKr7q(U^zcDUK4kv3ls(bB?LUyr&sP+)*}N2+i+<`q#5h{RtXwTkzU>} zF$${IAQb`|pjH;Un5snPs72ydY!XdIhk}1BL!xy_B?~*=#i=Un^q68(6EVW)azyib z!$xLBZM6scvw^5x=bLV044ef~yv3@Os_{53^pCd3C#2~SPoI3J%i|?@zqx0rfdh~c zdhhyfiFKFdvpnMCgQ`(w{2S0Q_x@TJ{tZByIjP_Ck{Wzz88le6U#REyt+V-suoz1Q z`$bUxvE%Nc(O<1vx73$I87#Ei(qu`Gc6;heF5aY=h=e}`B`T?0F`Tb^sGuMkDF}FZ zx!L*AGc4#cI}zr*%5vH1@%i>hb2e4OXdvAeJ#!(I8bP>Akg9TroDZf(AAh6>4x8AW zNo{m>ic}t1ddVJu93<@;Gdb4`G;4T_Cx09!`gO8uTU)uvEpmWowR}gn6`K|9ouXgl6WnmY7B+CQ9+UKIaFM;TbeQ9=Mv; zG0A>a)@9Q9Ev;C~j79?|^*E(x1{fD*(5T@shNQAg>w#;I#M&AO>Ev@!ag(z~i?VZ@ z>xzp3$I&`aTV1<1@qh?a;l!`BXJ2i%f-HN7W3}xP0kbkX5l~KwczDS6*Jr2KZ=SQr z(bUZJ^22zH-*&eO>w3@@2?EP@X2THBt&P)FH5jeY)Lkc3@6xHF_)z3k{&~qtoqU=$ z2DN-yG??V;FFwpoonAiP3*S(d%s(C1i%+3%q?AxrdAbp6AMA!eAg)#RM?Iq-_WG#EnKuv@F9!}8D#d$(H>{37FbMz)ahBo?

vWp} z*&<^1yhKDTqcS9^$bj-`ZCtT~pp}ciKCZDi z)V5|Mdv`+f3i^>hLaPSi`sPKt)IT6@e+V^VxZK|%5B<7qY*2~@G-E02owqeB>78ek zYX_C7=$$L2zAwN1+%q1kWjRuEppzV?6!Po=xQf%zXbxU)K2R)LLE&m<7vkCC8ZRk- z*~<{AsK2y}cBrcai*_m=J(9d@=5LhVyTp51oB%(@VVN$)LP>j}Qc7c!QKFYTzkqUV ztdWpPY^=son}49@$0xh!XqDDtZOB^slizlVl|3o{!+*bp8{jR-(o>bUGRYSR?X{JE zaU=RNliKQlohasUR7RB2{JW@uW!$C`_Yo?kWeuGkU=Q;>3zF@2w3lm(Axx+7azKdh zr>jQ6@Ns8Ev3O@P@3FkztVhzT9)4|cGtGc{MViW`0DGZ$X<-3hA^gIaqI`{~?z7Y?P+*Ykw``gkHIZyY?Y5 z9=D%jho2gK{0ox*T7~z|h@Hu%Y~99ozp{VZ?blYe@<){O2P5G;&Z(pP8Qbbn7+QB< z*!1!{ob&spcSP3D6S)(otF$k{NiQTD!8c!fOiyh*Uzx;8UdWd@&xe!Kml&QUR~;I+ zzv*2#=dT_3Un4U5FC#lJ-RjpGV3x1P=YRyVNG#4Z^!sqJ06Uj63!Kg0Dciaan4guT zVb?}Gj_y7ZQ4Sk-Rw1X7)I&^e-Qst+t%N2zc?srIr-fz{a3B^F5htd!hmKp+b60GK zNnP9N#-a*_m)V|ghYDzjyP~F|<^=*ejvK!#K zm90S9D`*BpW^MWeq7%xF!(kC`xHhilAEp8ecPHd$v_Et98H{9R#4odti2MsaK+7l~2okA2i-@Fo24k zjZMwI&)3g;;PV!+KUw3`fLFBdparPjcc^;Rq~=`-pK026Fv<>}VetSwv;9p!l!&ZB zldxb|=wXtu7;00ut2UPT@6Fq0dWrZ=pc`M)v;e2b#VxN?V^239>zh+xK76C8u`+xk zi5IQq;=IsDV_mFg-?^$)ONAS)#bOA(?!C-cl-hbFe8Wir3hia!__7D$WdLKVUE2?! zWhbGyi9FP-w2Az)cK>UjwG95O-5>j*y44^hC!EW9O2KYKd9#js;(r{?^We(sz2V8F z`_Wa8AxQvRCl;zNy&}HK{~8y_|7&O@DcLP3r}Um9ze;F=P+PBuXEaxyhG#feaH?!J zTI7UhJaaiL0PqR~sfX9-D!yv5^O|RmsbKkRw?c3Tw zp{`oFvce}rNZzhYS+l$cHsxGH>mQon`Ak+z&w8$p%l1N#Zq6J@O;`PQy=C#z!@3F6 zw}o^QjW-nBr8+=G&XoCIUhnt1X%jZu_eG2=ZwkDP(60|_t06SF%X=3zI7^{l8gsqM z%(ZB6G!Kf*wQCP8J%|e=I{GnHrn(Vn{~h?5GokXI8J7sTepRPx5)_4b{@` zEk@Cg)b7jS*-k@04&^}DiX7;OhJ2HsX>3WdbJUj80FPN}#YYIVFaA0!w6DJ6a+UuY zLO!)lfFJv~llpz}s3c!T>p}6c49)9&y#9Y2RgF$b&DHwTWv2@N-Iq1wLd1Ji&R(eg zvq}GVf3~^!{23Wjn9C@ZaT2SbHM5u~J(Z$%UkKlBWZnticKrGo@}}%MlUFt4WxPlI z;4ILgx(u`l3Q@)uN2n2;IDju%8CNjTS7)k~=4eC4^7CpoRay&(#Ls9+Ze#Nkm_NVZ zU}&y%s~~DSU4+rv1tt&?ix$x3aGBJirIa4T=7ZZW!}v? zqn6**i6$&20t1{0%Ep2C=xI^O??$my{CA|K38s6=yr(ZrAr9ob(b^}$&>xNRHsVlv*5!N?~sWXDt!f zkMleD!|ms{a|6nSy-TIvL!y2vuy1doqSGS!B6FAB=ZziV+bhEBt$e5?Qv5f8g-j?P z#8Oa`X`6W1{`9DZMieA4O%^f2`%Q!uSKG1{PQy`$YuwTTM?+Td?qAK$qyz{oMO=@? zJVGAHA;R{Iilka|?|$WQ(~f$V0oi~P*%VHLJR?|>_!{&2Jl@8U;Ki6HgS*va0jar< zd)cgcn~dgNs$Vx}W|bECZks*xHN_+1GV&qWUU@qqS$TGZ2s-N+%_}|l?g}RRJUZCz zPuyo=#1&>artKRGT4Hh@;wH=rnSB9^%#IR?PF8sydy;0{Y}H+<$6g@D@oQ;MUQ2i` z!RZv#!WF+F7cd$sezH@=57to#EO|OvV@jfb4ilKw^Y|7A$Gd|`eU&Y;QS|je0onP@ zM)VglXgls8Om;q{+1X{n?8ZA~=^pu}`T8tZv{fZUr&Dnk+LSz6N=@DxNbWQ3#V#Q# z&uP`;#1E<*b0!c5UqazZU3618d`@oc4q`sz-G8{L10Ymd z(Ju`)W}VhjIonHbD5q+zW}S7$>`jVA%K3t=V5_^7D<$@l-e8z7m=2AlN@l49h zBJKxDF<6J!nd_sr_xHuw{K`iRrg)oUj!F?huA z&8$sUYiIU$!k0IgxIJdvIna`*xfp5^RXNaQz@_z1W%Mk~4tR>rrXNwN^l+?2T&&DK z2_f3)tth50M5Z8XM#!(4?T)4^kJ%GNAfm!3NS6aDfxC9HnVl4nwxZ`1kKJXEX{yki zJkK;ANVb^!WnGSn%g5>dItX11W+7-E={?e;90l7~J0V}GD@{7^r?9BFVLQbKQ3lu1 zhMv@WXhq5N=V+lzu=FUk2EJlyfdmhij+AV_R60E^68{% zZjgB=g{LA@ZV7=a{%-7uuj}3v^!hkW>FUjHciixmVF#JCumiD$t7w)LoVR9ESNE06 zppk^**TMsFlXS-|`o;j0r&c4X;7wdp2rC5}9k{Q){`PsE0SALOD#t#_vuKtx*UhDj zUGW&7A*$XIQxM`R-S5L+yS`r@oQ+`9NnX9nh?dO$C&07USsw+7nJSthR11JaPm#cKP z);{Kv)rSBl1sipQ1E$%8jp2c_1P&PWb(+ld>)jztywU<=E?|{_;i08hHH*;bB~!4! z7d@)}r&$pPps(|#2hC3p7+%F@1}6LC5n;>U4!aUoYp&9X((?%&?`_KxL{ELlPr(!c z)r`!>2bho9>BC{(-d8atEAOpUJfiW(l=rT7grm})#aclr?hREq@9g!3-F%OmCQTd4 zOCe_koZ_^L5FUnj5?yg5Gs6hg?tjF?j-`yej>qj+mPhtq#aWBP))2e)1U-t&<{jB# z)$8>t28?BDqo2s77+KbuoK*fq=D=8Jl~NIu5Pq|)!HfNBsL=`)GSZ*ni;QJdE+s+rupmQ^9~ z6oxXHh!@>^#5QMI@zu$EMjji@(snnXY0b(jZd_8^Vat%$W!+4OpuR9;58xVWu2M>8t(CGA#cgId>?_itIph zy3psvuF%w{e?PB6KJ{EjI(AZyh;1&jPM{OyrGPgh5>;3B{_Htx3Kei56H~veo;u>; zvA*=EYDJQLc~KC?i@!1DZRvP5dJjH>chk#-5^#L_>c%|#9>;<6q0Ho2i+ungaTT$? zzwi)L%pK+7?D9&8(0CwQr}!dw6Smi6Es~y_Bgy<__etnAV`8+F^P0BW`0{D&t_@Pqv$XHoEzXOF&Lcui)55{zB*Y0_r;7P}x2v znmN4$p`qOL7xR3DE+NgHwqrgaFWTdr<_tdFYJ^cB?*OmSNep{bng|w71An@ZmHTVh ze;do(P67R=`}x|nhL%xf*jF$2HAMX>c(6qdY{u92ljSCs#h5DFCC^9R7N<|z__5dx z>}$Qpm9);~L0;+k-jbUjC*Ik3&hvySwmC!?m9*0u=EQkecBwEsZmauBHtDdT^A2YB zW>4<|%p{4})27LWYxlgiG{MtHZ4G-)dOf=*W7o-7o%gAy0VvIjO99g zSezM|^)PQ*0t8~g^OuqR$3aZ5bp>t18QUW2p;&@P;e2h6@c~(f8LO}Nxl~ee!9B-3 z*2{{x(w<1^>zPG4WQ{IzIi(S)hw<)U@}{b@VDI@Dh~Q7hXZy!|-c^iZ=P%~iev1y2 zo=Ba?I@Sx1@B~d91OvPIO!tIrZd|q}ln44yPa0hy8T)sj}vAdR_2=Fe@PjGoFxcI>ujt?-X^wzHT{S8J*Z1cqJT zxo&+8wBy}tjYDC^J&{q`1F3K`k<>$&W#g(>>j8cg76ZmU49kXMS5ylyRX%27R(+mz z*>DGCW$p_ncQj{dDhn7=iJof`&zIIZidz>WcS+pX;a?K73BL|_Ev1Yhyp}R}#-(0B zMDyT{J?N5c=pI9yO>)KVo2p$#@~PpJUifdCNA4?aD98^SG~y+-I(-!X6|q?drau$i zAi%xM-;%UFAEAb%F&ZQntD&`7&u2j~fy2 zi^&Cbd~jdW*-a&Jf*0Ayv$t4ch9oWy-^JWo`5HQxMOjGHkm40=Y1kBHq8+U&;Ua%6 zT|aZ>vLz|W#gCll>OG-qJ&p92V)2fTeD!7qwHM=E!g1Tl%)u+Rl?*1gV8BHS2w8~x zoXfY;N9Ujy6Mh6QW3b#fGNg{J2-e|QAY3JkS*EWF%r8XVE-IEtSuOi840*ephK(o_ zKN^X}vs5jyMt0|6=~o;~z%1naIn=%{an|<;=GBmtz6^=T_O|R^?Q3KAmQ^&`;k7%u zo9v2zayFUIYzBXKLNOihbq=W-yVI6`#VcFB44V0&fe(N!NYO= zhk1rqDg7!0sj|g9XF{GYk%gl+GTHbU-dHfN388&H=uco>zVu6F!uIxS`Hi{yJXVA} z0_=dSO>@S2l6^Jwco5|&-UbJ~V%-WOPhAabVo1asKYJTCU2omIy!3EPu;I%g#@Bf} zrIeCV&$97&Lh)D%ip?d$*K@=?7aAvm)tGCo40wM7$YL4yd=byZkh-Q$&@Tn(sJc># z=ZKAkMsNCf@cu#9Z5&n-n^G@#Zj7p8GO;SLlZ9;i%^r|p{u9kkZ`Q88w4$eM2<%J@ zy%p!9?xJyGsRn||6hKp(Xkwh-xmB3{T-|)_{6x`7c?b;=pZv@hQSF7 zxgPA9_p7?(&Qg)RgTmiq_Yxn9%SLzV2{k_#P;U=TQ|ThVIYvi=+aFOYqxR<@o`$F} z_eDlyy&Hje@No9)b2us4!Q7(I`+{vz0IpfU$n<2=w03kL|AB7tQ{tOj!8h}H`*|)k zi{x+g5v?LV&gOK%DR;(dX$@jQPb{dsGU(?3s`c!uH4|c&O_1zWx$5F$Q7%YwZ`)#t z`OU=3v(-?rHgajJE+4Ns4#*^k))+83>HWC%f;e953!W=)lGB6C!G<9Dp&i7=N2T3xGb5)q${max>pb)dBkSc1tBU5Q#-_%(c2GDo~$brjA~sE zsZr)r<|9^V5yL%~j9 z4Q<70E8D#%E#9_|1Mv>5$O7Ts_t3ymTX1y_W1rCOc36UGlS-m=wD|XSuZe7kQ)kWd zbdm=-vEg7wA&hvqTJigMuu5Yy;2wBh3y7*82H(Nma)(_|hRno%1~gEmNdtTthCG%kzUJ^?X1ZS}!b z;yZHgBIk_QPEjkg9TRlQuMYQWw^Cx6Tp!*X`4lft<+a4Da%!9F!_!*#WZSE861}E; zl>`%-D{o5L4LBOzw5=y8*THnyCmu||GROJd#P>!8 z^-e0}y)ar#l#rwoOw?10F9C*2^ZqlI*J-sh^^EXg%FVdyb|4XJeaB}1(LUH-Xwg*(sy%&{71 z0*=w5jvE*mE$W=EA5i*UZd$K^=@` z!p_njWfQLPvbVE)275%2D9&mkeV+EfLqm66-_jgK*Nd*9{J)6-u&J>hVt_s5|3?h` z@%S$>0Q|PVnEQ!NaDCnGXVktxD2-S&XCdCXxPDSnkdPrKGbh7V6RUW?>IF9ZM{u*Z z_A6!5f56ylY4U^7dMQVogcGbdLsDm%T*w$-&a_cE2KzgOglmw=&JDg&6yUBr$C82B zvuv6|{XF5yv*%lV{i--gt_`$P^67+fPWO){98;)5NIAQjsG@At{B>)wuvT6yhesoU z`c_iM=Ct0^3V+I!E&Ze8UtC*8&ri{3a~tZQmiC+qVzH&#p861i`dxtXXKoS4&jpRo zbO@onEijy*aUY`UmA{4R0_Q#;IU8cDV0(8TqZr>Qi%a)Ur4w5qJxGD!!Vn~PiW*+{ zj4-(Ob6J&2%5egK!=<@kq2jJ-J>iVx8(GEaKt_4PYB5|ks2?5b+Z`LMvv=9dL#L)p zqd~(`f$;mty}l`4vidSUG|@&5(4KWqS5!O@)w|wqZk1G0@gErL+Dcwxz-W2xw5nF_ z{ikJe8v&%Znn&dIawkA%GRc9>@lt6+R`07*GM~LUK3wt zbC0?vtQRKXM`KAjM(DEB*I~pVUa)&^oq+u!<*CB`J839lq=w3KNpxBJW*S+z?^i8y z?J;K;BN>g3qb71(t=$OFOkTjiN`2fm2Cwxee8n%ew=+YenqLkPR}*5sEqQ5b-4xR+ zj2Fx5E5%2gHg8Z+vS~7Z|3Lc}HV>JwY{O@Nk~7uE(8~1KS+pRi=FU+6!Z>{}0)~Bq zaCv;MG2iGY)kA1tx%kyZw{f`409OegtO-p$B_f=yuVeBk5tMaX1vDuxcqT^y%DSmL z2n2GenhJfp+{n$dOQY$=E+uIJzI;Zn0zy$cgC0fa5o=}m0MGnFCY!A86+zCL#$uyH z!kg94``{ZBKq>OOHk0dkJO%ZH`ucUA@G#1tk9K$|G;=2&P^TVxs)l9X$s@G05?}v6 zRLt%8aVHDsrvB9qp%w?sv|Wt7kA`4u&4&!OZ_8-o$^T2NK$B$g=}ue82&;l>zL{k` zVrviPsC2Nke%CoJ_WA7EtvKpda?Q4>zUDLQPt8lP`dyRCyv!{P64Tw> zhj$;3z#7vxqaJ^%{VY}T(y~b0g16%wI^8HwUZYG7K|6{?bf&1baALM@fAqC}zt4fa zmkI7ciZB@5S-%42v8XarFpgN~Mxye_^P}4{)T~b9$>?gV`VXDfl;RCdb+W0lyk@;t zTgPcl(>}kEh;70@=t9Ay&YpZaoFKtJ;H38T$e2E=ZL7X zWoJ?vR#VDaF3j@bo>*rU3tW3`5t*2J20hgpIo)?h!S zG}i!c04Uy7k<+8Rgq)wHnFks?XO*{+hm%n$FI>;NQ~7V>wp}O9FDNNpw4mj^R9d*Z zxEkf0m2)%3B%ydY(=Y23sxE!Rf1y5GBKdHgQ(85YNWz^dPQELogfOK%mRxT1H~i$H z23hp+Hp6M9M3ogpyl2nDZh%|8B+zpR-Eh3zPUq~B z)0-*yBHi^2Dy4`wPXEwWJED}jb1z>Se5mpQkI0ymA3ujMz0AyW6rPO;O10xc$J@^( z9L60x2g7~f0;){Acm^6?DpM5X+Uijr#KV#d?hJQHf&r+*$*kK7>DQ8cbJ)#$&W;TVNhNaRYN`5| z7yhoa7b|gQb@R8@Lg(WgrBIRDTdp`r+_PX_13qo?j|{ z^rxgz7E(I|So)SvkGiKV0dclF^O4;S+lnMbh_=gpBt2gkTX1{U9jtM-ibK!8gd(34gU{m?--t0v+e!HNyoNr+v(Ws*tTtS*fBb` zZQHhOt79kU?q{vN_uA)N=l$}2xo1_)nsv{4T@(Kr^&4XxJ)|B=`4m!63By%AJ&r0Q zW}_)y=?RSR$7x{g&k%gI8KBZ~1&Zima^5L=I zv^dJh%TzTK{Q+|PSUhwfb*0DgQ1rma56ahS!<)gMTAx!m*;jfBuNyfVz-`%tV$Wu- ztsRx!7;>T>r3%#W`HL)UtCdsEACS__R!hKd)+~+PmAtAW#r#Xa>v}DNbE*<<`uI&v zL0NuL<l$1$Z>eb2*;`7V}E-u_GeI(Z2XmTTOk7< ziZPwVskcR?i{$o!;6Xr_ggzgVAgEhh?7-TJA=5BOJ22WN8+j9B^$Fbu9#{xV4@AsR zUYIvjxAt`#Jk<0ZP*ww9z znr5lAhk~Y|J|(9@D*d(~NJf*p>IM+jtc$}UB=oa2ln?s-!Vf^Mf1u5OtRjDBd zsWF;U+9D%HgM~@E2laO3ZA+wYYsrCtJM#TODX=$GdsGlN>YUY&d;lhA(di*^q1_6I z=qVkUaoNbi8exQ;bZDcg&V3o1GcK?@Q!jH#8EmMR`5uhIC49hx7yxw=Zo#+`M?kD5 zeCyZ}-(V1Ir%8NbDN|q-=x%dQGP)31I)+t*9$PxGh}rt$0ij@H!CwAj!7U9t`I)fi z3=s#SR05?_$Z$Lv!{uw}y2e1%hF%3rvi1}^;79lnx>+Qhtl{kKU0&$U2BL&87AO`Q ziMhoVEQ~d452+ZeEgVu7mQk&oW{^6%sD2DN9##NP=Wb6{8m5AJ%VrX1lS>X};QWHt z?OfkwS#Vy{Eb2KT9d5ZDsRWBynVh;!Fa{>T9o%zU1(n&fKb4w>7r0pw<4kgU0atmJ zf~|89vZvc1$~13{en1dN3BikQ9Row~4mruCXe|W@E;up}vOE{2y$9vE%@isvo%H}( zpzc1b^o@fTT@))4S#0*3f_9wVwJ$`_Idqx|(7LHaaB>9%DsWLS1d2pM!rj#f$ zM3o|kf}wt<%4kZpiyAzm*7sp}e~v#HXcp8JA^E<^DC^WA+aqI$XwC`d6+r>EK$XEL zvN5Qu{cwBauQNV7iHrS~onEU|l$Kr1gs*uqs+U;4VWga|+Q1de93O*?xp17VyPK&= zCHWQ43d@Dx1_=GbSSzFkP*9`T$iLb9w@2{nQC8(rasPtk?wA(^3iAV9h*&OZk2h-% z2?sAWW6Q0w|HWmwOK(nHOD`4Q%T1^Ap&d-KbDp&l%8hA6KMTQ+OEYqg%$ss*JExTL zsI)JkXL2KD!{^M(ma5*DvB;Wl_&BQHsf_Z|Wh0)v4*n=}@lpyWAuAlhNh1=XfL{ZP z#+p#=c9#4x#41@UiN$lHN6}5mO(8LeMbI;Ot<~urb7CvP&^{WCMO`p z?NZ{`!a9pNxolyy^*~f;78ZnrmT)KcvCd}Uyhc?O!Bx{VY1g!{97q#g_1`Nnfdoq9 zLk29j^iA&r%4+5^>HHP^!YqZK#OA!+AgFbx(Mhb^7n9Ip$?)%7u)_8I9s2e86lXh_ zZ2v&mli@W*(j$qY)FZHreDB>M{;9g7Iorvzi6P_@DcTCc+kU7${votz8wOh0lOpOjYqUHZ zI4FC=mqqoiD8jO^?HWwFha+zbX2O}c0pjk?L>)#2b>F}tZ>tmTZwAP~r;6(f8PJY} zNuyG5gJ$XI7~q1az~9+)m&xz|ni}7~5UWL+kaSz&*E6?kaz8rO6W9i;8tFyd5T@my zv<6=N7F`1UF8&HmHY@~c_CV&F#I+iYN}_IbOa2|WWakEmvk}-XmH~-+RuW?1-B4MB zaPPSgG~bG<^U64S#6l=SL`_e))V`>4#zw1lqDLqc*_bsvg#N25ikR!oP zKYKQ3I6%mD)D+BF9+();jOOA~!5i2hOVlegX{@+T#OtWU+IkJ+DtLj3s8mE#vCe*# z^@Vo@@=v!_{1D1h$5|3kGf+NTf0gYVhet1}cBUnzHEzJiPz-VxtYgg~78zQS!cG|n zDGveaCx-t+3VVs>IjHWa>bbp$$;vKumgo% z0R{o>fmi3*!E4l&tO%<$s*?vnKCA?nDvieYoLa%JM!$-QFd`HWR5FkGOnl{ zpa^qTnJ!u7*9!F+R+*J$h3$h!A1tLp9-g6qMN|*fx0os47P0Tp9qxPH86deWi-5z2 zIT13caj@T`0xARJl9R6f4i7IV8F6Nu&%Hi&^qn(wD~PI>dfe;7L+RvBExjjc7&YgZ zn2Fr^CkfKCw#PXkSJ3KcB^?4Y2|lzgVJf99XmjB`#bVPf58_NwxaM zZleV$gRCzgJ$H{L^I5l-hBfYQxdslPCNhMIt7hba1vh6%J5DR5d5)Vu+vW0_ zy#(CrN8{yY?$(67w9n+3ZT*_$x~)Sl1Q6%L9Z!wEvi&|^ss+s3XoKVM5+^CsR+hwi z)s{}qK7A{%!%@f+-rmYV0jRnMiki)>MP_~pY=}Y1xuwe;LqDVV*XJY?+7&{RX8RFm zNU6@(2V}oPO(!If2554sPM) zuMseeb%cCLWV3XZ-A#N9-jnso{4P5td5q2pQM+qr#!(*hi^oG@(4}Gez(;H2X*V4= zN9~kaVIHQZein_b5%_o;4!ol#8DDI~=_wW_s!SL?r&CGF;?wm8BOG_=#b?ByH(eS# zswY`u%}B;dA8buVy0Uz0&!&c4eZ-p6>B=^?Y;7KM(8og5;5L}6wXO6`V0{Id=xx?K z81gV%=vTPWYYRD|SdY<#dGIuaL8DokV|rf?%iVL>zmvM*gS9SMv0Yk!USSst7-Jg# z&gwK(!d-as6L10Ne&!z6GZ#=!>({7ql%Mc-Li0ezybL{Mnmp=AG`UJ!zje~(5@^KM zU6@8NHJqM2ELLk?yC)vzh4`9FK0MajlK#=IS`3FpA(_XSK@Mq|5gA73{n1t%O&7pe zGmS@?XYS~3Z@v$?-lV-XF1 zvERG^_1y5OURGwnYPQM5zy-q8)X1=kzUftQy$QbDaB+lef<4N-hHQ9KI@0C(n8^au ze&}ej65~T%-!jHtTkAR7Rc~d+I5+W7Znlo*DHD`+u6aF%Sn6a1y;h6O*{0103Hu-K z=Z#_2B`?9CPFpp9oDkd}HcvgB^nWUKtM5Qw!xK1C>yd-26qc7j)}y?Mz~50A;x-{< zDND|LI=#x#bGTX?p82MTD$BRZGaonk(Dk)&55}c@;%Vp+dN2In<(Zd`n@5w&X&4%0 z>`?9>of8!vQeKH`l-*W=u|A(-p*rl>tlk!Uh~Y=lr{b9{&*Xo>TfJ zw67ZLCBXDh!trXUC4IgDM-*YhHrkH4`l~@LbU$&tr#pM>cz3S9V!J5c(Ao1)sg;*Q zd{n^tH}*DG)3~T8K5#GymLH#p0Z;E#Zf7!yi<#;#Vi0MD;nArqV|e4@miUg~cPE-d z2Jm?soLbTIlMSh9@mcPOB_A2f(+Ae_V@;ZaEdH@V&P{mZHzN;pKfb%Wuhn)(T~U(w zMsEf0m_0AlZE2dgznlDL-7c_*YsJ5f!N#3LT~8l^Et_1+^^+~Uk}}iu;()XT_MVdY z$qg}{l05iH7W;0F`kC-k;vL&X1JNINdSWc>bZ=LP!lfCH$Ev%j%OdMB@g_#7W>160 z4R!4#fb0%b4vkhG&c2#@1s^bj^^?DTnmri5I6D2Ngdc87S~07dPX#2z$)ljc|JF(q z(itYE_0)Kr)n)oQ^(w!48gOWpxZ*3vl0Clp{Gxe8ab96DZ;=V(Tj!*Z z3V-Q{8zR}-V|IxA?YMU%a`aN?ElNvk!(f+5=cMINitbU5eM(aV|JRS!mhiQuzKe#?yRUw%|-LO zwfMoQ>GLxU+HbfasaS#r0%+#mnrj_V2i1bgel7gcCfj>%cFbnJi|oV2kD6v(c-EOz ziz7{9dg4pz@f35bHJ9}=O9OpiZqtvs8|MWZR{{d!VpRTz0Ggo{- zLhaMNbY0-=6}QrRK!|7x@b=AjdGC|zN|2fst$JH!eQRs$N(dY^HwiN5`J_BUSx=w+5)9u1ps!+Pr*~0VOndr;zVe-XKqe-)TN$%P2t4iT>8xZL=bFDM+ z>&Z;BlrJA@|=MwgI~e-@5@v zs=tyADt~UH#QoPE+*3d+sUlzu%I`soMHK%GH64-jPMAml$aI#GEcqftDKO$e^iNg6 zH#U%%A74P?%vTWbk0^&4wIiBb_Wg{w}^o&3F#C#@r!}squ z!awha-CL@zS6; zpOtZMfqvC(xAgi^yPU|})YD@JIV{Ma%I}a`Qd}{wleb|b3wDkjFV;z!*ouU12AkU& z@+^L7yyD{Y)Rz}?w~6N$DU>Qy(RJy{u6NndrxA7O-Ch_9u6Gzq!FB1!OOgNVh-rlO zU9j})2}nQ#JP{=youk@R?JuE9TqYcTkcEIFF{m^Dc61uE{k)?`G82aIYiR>CzmF-o z-W}h2^^GQOX8beKN5(%TGpg8ss@wK_#TQ43$7yxx^SWPyE0Zj39p%iDY9{B1NRogc z?O|jE#KKCLNWGJGGD>b5lA?^PIx`B+A&QtlXyh7}aCv1H{=nD_lqIShEyf1y2~brX z5wsG#XF)}Q`ocGOz_M|}v-Nc0b z9Ey#sm{8Rh%VN>{vi$jwEI}&D>2XJmYV(YKfn(Cu612u@*@ODss=JQ6iq>CA1sq|y zfY$<@HMUhYtC@n1_wye>@bi#!VyDQO6~N3%JrUXw<`Xyb>bLhP&F7~ua)2zj>$k^) zf?C(lRSP2b$FaM4m^Y9b4sw8VU6l95&^d=Sw9dkEijsmX&c+t8K z-PI1Z1DOK*w+M3#Sf6e85Acz65NGGwN&a&b(7^}SS1^FXq5{6xgg=pNo)N6G*-s7a z;H0o+g7rsD(Wkch99X~W<8L&7;y*_pcZyXX*JNrz6mQX{C{qQC*3U?c;1#DIv7w!XNl*DoUEvNrj$rLxIB ze#r^`j2`m!c=7P){&ehR;#MnlNhC{phCXB+Ktc;qx)lYoOWtd0` zb}d9SF6sfwv|*9KmJWP~?IReqrQ%4Bf}-<1V`BJLjUA;Iy|vt~ z8a=)AWfbN)LiOYN{=A%O=c9AR`QJ=e=zD@Nb4I1^23?bl_}T-w)k78BI?JNb1x?Xy zQYA6RNK`6qlcxm9;toiG|tLz}K4uAvTd z>AFtL5He5m$$dk|0E5Vg^}fe3tiaBZ@K#Wdv?dEGC!k$I!qCRLHpM7l(?8-08$~Nc z?H>IK9;6>jKSuoVh#wo z@IQio*bwxuje<5j;tuK(#dGXsH-CsyR1#cNMmU3 zs9V0=d=$~HD+#OHo0HojDaeUTNWTjQaTnoBV&iMa^$m68p+`QpFI;C;7%%EUEQo0d zGG)RUIA)>N9g-TPm{@q(!ON7epOJO=w5lWIh(R^gSM_bLaW;ljnWc!@EJahWh*{0(;OH1ju(5Ep zLRE3w!cu!L2&i1x8nb{{_8uafPEU8?1K`sfg4WooU_v@rWCf;5hOL#s)WjMtIzIgi zKhQ~-5Y7bFcp);U(1V4xW)>&`lc|MG#N9Mk_! ze8zbik-6<$EY17K97)mD_8)ar6GkaaQ3^o^QQyutEZ8a=yI%lO2!BrVd*ErPXWrR2;~n~Chd78FI#~pzxXv9&7O(kcTSwZYsNP2 zF_uHvcMd|_%vAHD>-L0olF1Q+fQaX6sFCCqSeH^rdw{Q~U%hi%LW)jk@lXE9VE_|; z!YR<`=3hx=U1F1?XJjq@Z0n;tDhY1SDII8|l!Q2MaDH$?tMae*G9)Ew(+k#+>RZs>FW4Um`4k;YI;5)nMNhqSHJ$b-LWs z->he!=mbYIS+WamF}*8%BPpscEkpvNA~Bd8JMNae9)RSD4#GP-Q3hCkSD{gMJ}u23UzcT{-K4JusmkLjSq=?L_wk z`Jt9=BVmhsJaYUA(3GXNK+d$+>NUaeAm9m^KqZ~;)|8SLE zTumAiDH@8c9YW3~oKxh>H+{3ld&E-~<(OrJ;!#H}E|S0%&Sn(U#|tbJs`f?cz463@ z*$+aA87Ze`cc;yPOzIu#4KD^Nxs5dSUTdQ-Y*FeYaon+s16@+U1j_YC@u6i_C7hH6 zo450k9|3+D84;Ry75xC>GWV>%*ZKoOX~gMIoM@elcHiX|3LY@ah`Vm;N+KrctzP`c*(_CCGiM?=*f3e#^p{5yfAgd zBr`mq97cB^eshFi3Kd{v2uSWg?mk1e&f-2(FRG{T05!_}M}(#3FSt5|Cm|S!m3~{B zJS)M*v`aEUd6SrLMm;*KAgEwN-+%pVh@4e`thnMjuU`@T<{u6|qreyo1)3Y(7d^I_ zQg&qzS~O&585s|?e~o*pOwOl=EgJ!+RzlY*oqZ)+ zR2JKBvz}iAS;(70@Q%$I%qo?WZM}g6{S;`b*jM;Prnywvgv3ygPg>ZKUNgYlIJn$OeYKN{KVdGQQd}$ zyBe?*wk(n5y)Kp1au8}CU$jr&%+bpW6e-BD6u*(QK9#d3E*Dev*6H1YZX>Q{(&wXh zA8bU&MEGsa(w%_`CAo-wM;8SQNQgR=CdLi5$tg@qBAg~Fgs^x3sK@Rf7NJ@ z;neu4e^FwotbZ6nvJPA}CR?MVVW$r+_5&>=ZTwTDYpXdKw(D++ADAtCf28eqf*=q~@x<&TtImMw>{Jx@g3B3->Q$W7G+6&RRdPP_Q5_^UW#n z#<0aDtYnp>PX-q_RuosbBfJ$bTa#B+gfm$R64uL=K)$n?+R6kU3fEg~Zcy!-`kfMQ z1U*D{9`9!R>4stwsz5Pe+93s<05K{2=D>Wp!-O2dZIzTa*^HiroUlKPZ0KsQ^T}P( zA^&#kZp_Xn0%pfGKp)C$_lIyP;(BIjTWBR zV(oB7X+GS{(>;>fSb=~{2M^exC!lsyr3_CjLm!E<2HdBkZ##th+yG&N=)Oli4-+Tv z1df`1T_a%CAMM9p-HJZmy#88kQGGpdgg+G{-rVtd+chJ^xdk~f{!EnBDj7?TxQ-Gq zU!@(LitO$Jp>Y8D9?_8w2_at;nhPc3pgq|<;!b8Dto|!Zj)j<>T3>3JhmlGEz4;%y zK}eV#Dl}mrm%zdiYq731x90#c2+-+N&6QG+B}Om0xdEEtp2^U~oNZIaTN#rJa8poP z*lnnD-~iJP7MlI_K`O(YMYy4IbDvUEu%L)R5$s*$A6H&0sJ)RD&xMEB0kajSBfp4s zB4cReoG2st)e$=qQuftIX$cv^{7LNVn7c&g(=#<6`!Fx~xw+78P3 zTiE$1YG3zS#&1#bST<(rO@(&@W|K-R!O(w+nwfsH7S(EX`h}(zgytG9k+b;S$tTg> zpJ)V?oCPcRPFF7rj)s^O%K={00_7#$A{nq&0U)$okCB*xYfg2JgFT(#tIsD_|Y zg=@1$bMy?l{%zL$hykM4bv|+)TI}+*4Tg0wi1F2-5|2 z_Qb!4iIFQm1j{V%6>d*4oV~0hFATPJa+LntJ)o;!ZLH%jPZg?p6CZ< za~zl(#PVSQRpKcXYZaGjT*_`krh1WQzUoA976tlqWHftlL6GQ=gJ^q}V%4KtaH_HM z*kCCa`rkPFvF=Hh<^-nWV(+bW&QdRgBYBJII0S!~2nI32Kroif>-0k04*cE#tJ>q~ z=#y2g!$}>uGaS@|qGqOEkq2oF2Ay#(w?x$0XR5NwAX(u~#TkiffEY?^-?=DSz%)G8 z?1Ec0Ab`zD-+*&&VzVE7RcJXi4`d3UtvKV>SoN$Eg?)`KIkyQ3TM6xAnR}O*i|rt- zAnD_ug;T@67dgdI-?e*SYEj*M0a5Ea6VxLd)C+5}gY`^f0{IjMj}gtO%`th&;zA`` zvJ?vpANb~&$zznty3pmuaWAQbw#l`Np0*0obxDKQxGUR^dx~T%Ga;BkU8R1yJEHP{ zV@6p+^RpI+rluUC#U=*NpyrlQT}aV(3~iGn;;PPkM8rQVg+;r%h$$|YUqq^Uw$gZ76xaa2h6ttByT>T3pl`hAr1=p7fV^qSC8S)Nk6oTtlRFcX+hxOF*H`tO%1rm zrrK{E+n%Li-oD5J|D<{#xNzm6EPm7jE@MgXA7T06Vo+SPSf3pcY`8*5*v!Ihg6fo= zA&m{9hGoR?w9~zy5OM)ok+A}&lpm0)H$Y1%X|_cD1Qi)v@CU7h6fS$xE)(4T&lf-q z&)?<(pj}$?awhR>2VP}$2z+#R`3-McIyVR*B9ZjT&Qb#UfQQauH=sc2EvY})VMMGX zLGnNmezkyDm0UAovwPxQiIHY;G-sU9rnf|mGcew*7NeusPhj^1{<~gqCc|LwCtChSju6Bl~@sOS(_Iz zTG77GiD}IJY&9}hz-}U(QD8k)QQ)-)R^^(j;q?HgF%-AKEF*J|G6*6_eVAs`7$~}m zU>OM`Mwkx(<}X3(G_Md|C<@_v3xphY*l6?L+dkN`JA+nnNSW-H#MH;U+ZK?0m>mG?{5hVjjcc z(%k1W)&w1lzYcQ{m{9eb^85#E;HnSL*WQuOrgtp4SNh>w3w(E^sHt7`pTL1ZCw+=w z5&}y=Tdt)0yjHR+ecI7Aclg%S!JkQTX>OZmE67WSQi0Kyk5%rEI;=W7WjTtm!cSlT zZ*biG`Rt*L35Wn6nHO$jljdj=Rdsc}Oqb4Sz}(vHS1`?R{d^}->DMj;(a$*H(%ANr zY><-g_hm}GyzE!AxW+cjBy;(CEr1!_c|`4(m~y>%^1+%(YWfa&XQ?q9^+tHQEx!4d z?N=IrRVtT~_(@ecZ2PEbfb7Sr@nvQ$5J@hXacT0??M>oOjvdCyYZnQRjyf~O?@m1T z_~wVJ$1dUSx&HwU>d2;7ax+uj0#@nlj3Gyx(&3%7$OYiS%#J;L6Q_ckJMSCf=I?FR zZX)^P8hF7BI<705(b|eQ}OOXxnWt%>wJjZ zW|i?7yGx+q32z#Q%whZWG!KObsb>~^vof8C4oR-oO0m`28o`?@@@(KK;{?uN;*opQ z^sZeKnXL)OaCQvIQhR)KJ72D4;~8g!4{CinetXAoU09}5J|7a9K&prGfh&*_2*ht!>WfmHi{1_#^%EaCJ5LLt}_`;&bQ1+FJ(P^w5`E>u6WSyKIH^8;6Xo zCG@Z=#Bg@fc)raLLIOjf{+UUfD!O4y*T1O)Hrjtt2XU{Zh{FrP8%i1(O2O+zTboM) zhM?04rhH9xTcFq%F6|&2e+>n+nUfMh?JMK&W+BU*oZaeE-v)JA=0&W@<>Z(|vsNTCpoG9A$j<4l!m+jKl z@yIpt#1YGwUbK8b4tEQ?ZdzRGq!!$m$|jO8jxL7@vw1wxtj@wXPE`C;cuQq<(D`#> z5ohwECrjpP4-kI4!VFT-T+UiPV}?XeYBgioDwt!MX*4OT)D3t29+~2ouUWFo-DfYe zHeLJjl7%7HW81N2n(KS)Z3cTBnryX!*U@eGFQ#93%_cZW$(4FVftjb9agnmQsp3ZJwTTBVZ@l$_7%4b6HhRDz573 zsaSf0^E;N1hPrsV%dQ;Occg@xo}w^1tuSg$+8137Zc^<(KfmI#1u{&VX+(bl86fDA z_eM`6MPy5u=RL-lk7!Oj*~!eV!;gP-wqDnyliZmCY_B?1%Q-s-fA^Ih z$`%#zR&uTuc%IsL^XYp!M`Zl&QD*XusngAyC%#u&q* zgN3jWU1+{fe&0||gMeB0Ot-=xA zf=*6c3YvSLJKXXIU+U~oDTI38^ysO~g{S)8<4#VA@BOBwH~+m<_siLFtbTc}Pqs*LdYBuYE9!Hql)-_m}19vy$xyB&5!h>=>o z6P# z`eB2VL>O;X`Z#<1iOH0Wt;X$^#=%Tf{Q2N1=$KOzIhat3@{>Egq+jWUHkD&j6ETz5 zJKu}CnvLzZ-;;)9NA4YIr|NWi2>27K+%mneW#d->mI@zDTpx_B0|NE8`Qh=vD2aVb z`l*tSHB;UpQ1_L@&)T+~nyc#tV1hVW9w^CAXD``l^vV&W=}!bqr@@zj7$e?}^mzJQ zcE9d5pPmQ1;}2txBV**$+SB!LJU;@EFM^u?UiUsc0<3$Nt`VqQ7UzcY`_H*0efm?& zSDb*t-+yTO2^PwaimL#)k8R1*N8;L`QK6OY_scKw^XK3sZ;GU>U-J+37LP72J`~^y zvjfm(t{ojYQ?7z}_Nb&N*MIXPD|#Fd zZ3eys9m|Ou8{=Ef?%ib36EPsnYX(KAa#JA*!qfcjFdn$nX3n399C#f9G#IkPJa^7nwfq+bIqTvx{tJWD{1*&TgqnO&{BIcK{=Z-lr+>j9D=lEu|G*$1 z|G*&rf9A7cr{>?X&A{CEl&7Xt{eQ+r4>-f1jC(UPk75-wn3@-Ke$GFO(cD=5iHjY&#!`K2lMq|2g9jlD!?%1LtR@hB=)HB+(dQBWMb_m%>E9aFmh zxwsu7tLsoU^pI9ii-lng{Yo&=xC;BKzkS;FQ~sO=&>=oWUQ`$-@@+TD^a^9(Z8RB< z0ZM;MQmujjIt1h|9a4D0RfCA6Copd;+!j|F~Pg)%1HKhs5h#ac| z`61q9#I;1LI2A|lnzg1ZJAsv0_79%AwQ)y{~`Yf!`quf zx++T+2W7iOZ$;wfJ);lh1aZzqksVcbU3%8Rm(MZ!ASf07GgG(|WjmE9B2{3@54Z?I zC9pW+FjOI0+JL{C0w_ZwjqNDD2OEPf|J&j@s~rYEIBzOH%jje9Lj^i|-WcHrkObVZ z{MQW17)#U9MDd4-_Z;3bv-b7_w6xO{0g`|0M(78Ovf_cg~aKvw3UPc zYshds@f&l)WH+O7?H84g0dGTSh2E@Vzsi~oHm89v&2m-Fv9DK>x$ZCOrEWi+?-0_h z>sxq&g&Q`*!Ae)`W1Ej!_RX_9I;`%?<3Vmd13Q|m=u1ND=Cl8&&!;??%|C@{$afl*5RgCg7x<zMI1b0+X+UxM>N52p;gM+CbWT}k zez6ebpH4F72S9;R`?Wx@oK4@^l#9~B z_Xj<{51L8?jhAzUmPNVjf~CZVOqjhzs#q^l-keY*`g^#%uduG99Z8mD#ZKUozcFj&dm1?=ztE znPnk(T3%yX?te6Tclm#4^pvi$|Ip}|Wtls($7F%{m?L}zTf)0lkd5D$($kUjdVDSA zqi4|0*4hj%#kziiAU*sqUf6uQaPS(7uKDMBh(gcEr4^| z7njF}V@5p83O*YNDx*v3!zdqt?Zw&IT3H4M)#G~GtWfoka+4>`Qw&#UUOZ5&RfZ=| z-g?sHsiA6K06W~>|1WmJQl6&m_{$JdBm#u9m)V0v#W?n7HZrHd0^b zDd!ioIVZQ_V<}!UKBJMhyBCYCt;TC4YYd(n-_|wQ)64xS3NM4#xMaWmw;!F~o6Bh2 zHQXD|e0>BKFm$FE>}_7de5*2DI~Br#T`~%z>lYl@)j5AOTc5|9Z zZCiFfm&>8c-Lyz+#;AYk#j)7X)TSd&fP1<8+*ovevS+-jEt&nw-WQXhJF%)fwHI-j z?UlWeLO^CmTI`A@4jFqlUaUn1MV3Sxy^JNw-he_MS#7#n9h+Z zPIIiPGjihn2g#dxsuiKP5LGC8ml+7WOoF`+D;_w4TD=Weh|NZTDrStTL2SyFj)bjS zt8399tJ3WGKJ@bu2>;EjfSx;kKKry8@N zS^4Q~U=eQ-Kmj;$7mite9Z!EKOSfhEw-w!UYd)GLv#Nj5#Hm<_2(sr1T(TJt-?Q;r zs=A_(!G*7zp?u%c8o$il%^>8dQGIClK{^_X(*MO7LwClpafh+9*6;6*av-=m-ecIY za(&Kk$j~11S^8PhsMR3N3Pm;hrHc*7ToBAg4xd;dq|XVcV&E=)WODCN0%HCLU#8-b zwl>xqdg<9}f^X;0{|}p-7yG`$q}E_sjP$T2D@jH4?n^CdWAy~Q+^r)5G0sAfFcK-d zEqCF5JIkKe@SI8j5UTb&#)GIIK$d=GkB~p!EOM3+a_#{^jdI3NXkPt60bnwL!m08t zQc{=Rxtmg3r^JQ6Bcd^%-`m$Lx32-&wq)UP9`ToTnvagowq&m{Yi(aD9s@&3Jzgv& zF8Juc+s#v;TJ~EVNE3kc?4I{$%AdVMcI?fmElME0C-5VGT#gb@PuYgNW+UTxs^h@h zvI{4<%lD6TO`!@-sNX%9sYlov!4Dn7$`m-1g}j~~OPAr`^Y+&_yLCNGe0aZ`&7UbB zM)C<8xgLexOs4nDr;ISPaf8^7j4maKMjTUuSQYyZep$@qkQg{B=KqIZe)Rdj;Fl5B zxz~qESa{Zrq?guF@S;*XlT9DZQz?GOU>UhsQMsy*52VlNe))HPcDBDa8*LUX+$W}G zDa|WedP>QDWi8xy_mg_I|JAX-oreOJ;n((+{Nf$n>RnzOsT(j{zn`P~# zbn#D~@0LT4pQlT?EQ8~OkqVQKhVSQLr%I!h%UY~MJZVI~g=5apXxK{Ma&`J}Ju+0# z2lxwX(Nk*wP?ofJ8O^&i0%G^7&lA)5xe@1pJTUwUZmdDQfvd9T{vN)EMm4JH!x5sD z04;(QR%jLnH2%zx%w7XrwH=9y4r0uITN4fS zQ*VlANwI?0v+6sjYS()iGawFZgW?Kpa!wOoN-q@?aYD=Q<8yz1D#q>p2AC5E3E%1? zMTy>m>VNecQP)UZ{Pkk0f|W;0C*LLio}Pv*OhbZLkc3mQ6-hv@C)K+!9$~FX8TqbL z?SNo=xZ%HGi2J%)n1nCPgBC&LVsKGXk)rsISUH+s{Q3#UOMprfocq;8)cm7y6ZEOA zr`fY}3WgXZd-uD1!gIX-1wfq;>R)By=F%)Qy7aF_d4B`1;QIfnlipd7>Ov2DCY7U>jYt@`I6_<~54}G@Pve_&L8Mu5;eRf`HYopwfi_rg2EpLus z0JhMVYJ;5|VUSK4GBDP=alMGD%fnpjy?Ae{$Jk+XJ6u(rgf~6BtTvMioR zW=N9Pu<9LOIo(Q%nEWeWDBt`%yDnF_{!uN*COq|(iBnx)_+dU+ENgAT^=MztkQ-Qu z-UNW$bqfq4lTEwE`3baq1W~l|B;(0dSzCF`dTv?DyM#@JeE(aq0C#hD2wvMG+zpfo z02B*Y5xx5EZM9&CtK@1o+rw(%p>ke*zNNQFUOi<7>A8_vts~XE1{0FoCwk#W!V{D%CFIbAglF{Vj~6^U~8QEz>y4@BZG{={kx24j^bq221uBb zTffhWA2f-P^v%{%V&bDGlvp~xFNu*?Uh%VhV{IN;Kpc=LJ0S)uow;An-N_d>|5(pn ztskZsZ*UTBJo2lX8XKl``tw&*6L{}?bqn~K@Qby%8$ML{zdW5%9@d>zB5_KzsgsY7 zC|^P+mG*gz_FHH6Ni5X}_pAROy52Fm(x7P@4JWoeNp@`8_QbYr+qOM%vSUw-iEZ1? z#7@3E&-b2n&X4!3b+4-GtGn;j`^Vk8yQ=GIsC8S4iMHXg@!fwcGFm8sCF#Ml=JDE4 z4a&UG+k&5Ri7oaOpkrK~`g+06_P4`qoas*`z7BRWZzWscEwL;7a5E2Nd_=yOzo)^7 zk{#UmCePZ!tRSH+_iaiSoGN&ud-7ghzAg;G)n_A2=!ou#iEAJ4i39loGvOgcS##kK zuL=J$PDH?bB}eG8{)2u43F^GxMg037%(b3%7QXeE@#KN~3n$jGHA^Z~;lzaa$dHsM z5(4$ViVkd!Q+))->}B}j`J1eSS!l=6=H!nD?^Qa-2iUxM-YtfW3$@9Z|{{04DDX-ICcbfx` zMM|0PJ)4uN*uCr)TW~vR*RZkv{k8gE9Zh*LTV@~ha;PlwpBur?qWd(&Bw0 zr`Fi%BmZi@=;e6VRnPfhzGL3<`68VfSIFndds477WHb{ z&HhK>Ku+C8mG!RLL*`U7*dNv!>X3`TX7Q23W__UkUcD)o#p_89PSE^Wa+0io%Jb;1 z5;D2cbkQMl-aTgNZ-a$ADlwFbSzKxyQ!0` z5n(laC&hKmcAoFeUzG|);!RWzHb?%JZDzuNkMHvCNAD;MwaJLFN<-;*{r2E zlpeq6hRK!f(Rpp82;BTJF4d}j+;1Xk+&rU=bJ4?2_5D$C z*G456xSemOmN;}il4H>#FBwUUuwDNQS2c-egw&+aH}MX^7xllh zS~o?NaD-e}S+Uxek7B0!)lX^twrvttCbyxx7ghWD3%O5fFIZTwn{8UP+P~&CP?T-i!U=YyukYw#sywu49$0S2?K6H!nJPrB zwTBAte{K6R_dQ=7Zve74 z!=-DEKEF=`q)f5P3t*$ZGebk@krkwE!8D%^hMxex57(s9vJ4?7hZ)jTTj}@Db)ug) zOvKVz$dgv+u&J(HyX^2Had(D zk1i24$rTP44O~G|A<1x!i+;Z60}MO4#Qp5zraH^vCkLDm^Hqu+tSy~BsSX9}a0Egy zUz$ECqW<1s`oV58kh$V$h&iQ2Uam&!#<@|bY<=PmxzWIHdf5mhlcww4S~ccroBH1) z6U{=E`9E8;;H5RDD4vvkm;P>|A%>e^v?D)OC#@-Qe=EsJ2SzBZvx?OO>gYFw%c>T-s zaL&CvNQ2fl+)MhNAgWvB5L51dYR72ux9c&cQKoEZxBg>mXm^_JcgyZ{HX|Ftmr&{M%U_0$ob7dHUVZ1DEW_s%@ypU_ z-Sjkt{Ej%FP=3dW^YYj9mOleWoC)0Czjs}Qz+bka*LLt^0phB2U0rXH06|hzbVDgw zh4SPPbWjpQSaDYG>!*vJfC4DVv2ZU-5M`{7Ydk?!$P&BjJ* zc1N6Res+hG^Riy$F;D36=T4h|#}!iETX0#*1`+QQ)HH@kThPS}yc6WAUr$>Qt$M;C zY=e%Fo5R`vQ%HXMZyTH1gU_Ap#>tO9Xa9fyx9b(xcmI#R{BtBbVt=cSFuU04*z5YI z!%};Xaab&jTC45lN7kNG{jKZOyvf!qd{<{T@J^WqxDYe%MC)3M@9j_#>lo)7Mod0|doZOs9xY&z9MOE6sw?Z8{ z@M;J+y%~v;UwY+QHd}_);++?_bd17gX&z(M_C*{W7?)aUH{wSKE`6EAKc^Tpp4|Mi z!1Ncl{I9U`kluH2WE@(KWB~Nr$j>J!VjvO{EJT{bKRsYJ@*6&o8>` z#6Za$Ei{7P{K5l!J+wVlIy4WQ9XoKjs~xc>RdU^jBzZYv-$wr~Wrnojy)5t78ic+f zeWZ!Y+|hB!dn}plpZ&*Yqo7YEOnwL6ZL!{%pos?#p;`Bw52(nW3~5C+<8ZPEaYb7K z%P2O}AHj$_EOVygVZ*bRWE9?KqHY@P?g4G{wKcj^w}07Bsaj8lC$G@vdgKnnz;z5r zh}!J`(sYAkyjRVCh6JFs$OjxZ3XNN><-4p4lr+2=H!m<`cGYs{BhPS{f533?1>`%< ze_KM?-RwiWyRZJ&e11m&0Sg&@BQ~$=T;Ek40gK>*tBOZbr(=Z-mWJQP=V{lw>S=I# zVle61`+7Dio^2&p>MXN|f)7@(Tkaq=)onhE31q*U5E!LSZrN`1wY7;fy5nH|!IK z*2#7#4^%cipP%I8mxsOX8HEuQ-y8U%LfI2aTkb(870K~r<2?$x@uz$aULZ~Q^w267 zAj=4*_3DO|p@z2FaIXf5^n3iOkyf+qD&3}=PUJt%muvlP*rGSO8nfvXRbA2eNy1B1 zG^8DWs`ZV9KZ8i3R6>xgH{RE$=f6_$K0NW=nle7HfkvqZGJo7nyQ&IL!=AJEOa+<` z1YPIsx2pygPSs9TC>=SLx_JCM@Irh>`Mp2fJb304mis}e5=G&SZr>6Niod>zKtO9_ zcDr`z^0CNvlM9IMz^J)g2gcUI6u7l2AA`Hcym#Cy%>SSZImzL6XzRpF_q^@R&i8^Q zU2NSn4rok#$LAb2I6D262FA`5RmU#6+vE&b6+tx#L=lHXd#S1MT0XU`+hQs|!X_*U z1=7}^yl{#V;xM8GKa%R^1qhZbC>p!x^)LEOwRwy*MWGFEyt(*KY%=yQW_V+i#Y_3( z3eVPqR)OI^x>0Uixszem4(D{^Dz04GfAq;DIJYk6Lwr;3i1=f`ulnqnzSU=#^PUuC z_vU`#zkLP<^^LCVS3)IeYQiixIa8m@*G5XWHI28~6)K89P4||za<5Jl-6miO-%g64 zqj4a4O2S=kU`nAYonP_QM(Ja2M7l!XarMUia0|P!jnUaD5;kaq?)5Y@^_AV#YIH37 z&4=Qh`uhQ2Fe*1zHo9vukx|?$N5>0Fcs48=v); zO4@j_uTXkXdx27|(ZP%cXtupSA~i@RZcBgt9O2Nsk%!?W`t$WupLgkMk6-F#`RL~J z4bC1keAy=dIT;#-Et@gyXX9nTFA2n!V{$KI)Az}NjN>FlBLOmar@9)j>nzUFJI26T ztK66}(tH<^X`a;N*4IV-3l+9vTs;H5UKH^>cf$45+Q`Z%>9i3V7cOeQ;Bt+ibW;dW z>cBZNOh192&x6oA`K@`VvR|6rhN%)-vz%n^MTTW)*eFvNas6L9eulp29+)O5} z?)bK`KVbBko=fy_NA$r~GKb84V0J7w=bEPw+)0}NuiZ<=nM+g>L}WkW8EQ_pkDc!Z zNS{^nVMd&1j=4@0u!*OI@{fN{JI~~^E+sq72v}C?v6Q^8m$(nVf-4=L6|~;tW8Hk# zQ$Wnp#`0~`N$8WV(@JdJZri<*&M1s)>;8mIynD)5SzH*+$72J!c z{aa9v27g5Y@_;l9j2_9z+*kAJc-LM3ex_e)E(22m zufat{qQ1jiS#UQTQpjqB(fp3G>o*EoDfZl!9rsp9_wB0;!s$R`(z+p_LeJHE9h>9N(Ej+~c8gpOQRrIa(9rP-H2eAaz+K2U`T%&zYaR2))b z+RL6h-PKu>Bi%Khlx_NtWL1Z#&Ft1m z@-HNH`}$Hr+9QnO=gie-`RU|cxZC&hB>i1f?3ElWZGwCHdCPy7rH7JWGvyX7FTnIP zqcqr*Eq?vk=O(waZSQfTbi7c5Wq<3?d$mLd^XoR?T>f?Un>VC8ZriEr59h*EGq^zP z*+ooZ16!s-e^}0_(}anbXMa~R3o1Uu`*HF5xUeh))WV*1<7whH0b2jQW9_Hg$1g}=DBLI*e7p6~92U%nUP zyq`SrUsD8l&cj2;Zh1WHM{%)j#`{vb$N$mBS1TS>Z~CM4j$BKNxS%yH$U9Mh3WOQ` z&zBT9021~#t!M9ZU=mc!G3b7#agSWD$Cx+v+rGH~@P?a(^8mexCs@Sx?)S^Y=%LV^ z=Zue8C2zt{B!EY0xDnxYUS*&&o5K>T6Pv>rNEIJLIs>a>5v@#j!{0h4%md6SrVt5*^3{_ ztJT6y%oI*gjzQ8=Wy+16ITEFN>j_oy8eDS(`lzj)3bk?!`q(ou^({REKJ0@5-*Ot+ zpohzfzKv#vQxj230sBsa@_1T=@>UcqpEzi!}9&I51Kr%n_ zez!oB$6R}hN!|e0{&FY|V@YD5K!QLnxoCYKnXm%ow(p3b#E3xC&qsE>TJ;wKZNx0w z&G2%q{<+9w={j(eg|1!s>-FKB$g=RM+r!(WI@E-&V!MQvk3MqxdJLDd#l~IvAP#DC zW%f?87Wp&((O9A?-Y{=^DpznCAIp=fL#k@A_i`y{;^bO5uV?D2N^>vLabt-oPyne$bA6)0| z@?NrZK}EBzEaRVM>#@W|!NoVF-)R*!5+ed=6O?7*t-st7vA`Ir`5#P+r^4OT^-^^sdMaquQ}%Wjb$0p z=>9>wz>5=WH&v5Lb}F-X=*vvj=B`sJaHN#stx@N*Z6Z4iZ?PFda*m7qD;7-Y(EG^i zIwf>nHP>0^wL$0GoZgN6M9}m@ps0=Q>8S7>f+Td?(5PuxGKQ>KKAq7)@9w{=CiG^Q zUo@+Ae}lii;3Iq5Maf62K^1z3k^hUgKSR(?9s*~*7$1*Z;Lu--DJ%+WPk(^P2!`CY z>cV7vfw{h8k=Ik}YWIw`^t5or0Tv&E=s&&Pa&<+PWzFBd;Kn=Z+$m}((j#impsVb zX&IZF0!@5Yh`L%jM2^@h0J>(CNj~n4jJW1-!XG4XoXPyWxm}QYow&S`(sk@dPZ-F4 z@X4*`RFmWt-EFgX5s(KsQ`QJ2oCC?UEqWx-Q4zt2=u`}{dHQ;K?U4H4g~3y+<6Zm> zrt6KK5Lcmi8d#B6k4DjyoT*hN zf3GeVGxNv((PP&m|2*2j6InnWLCSt(d-GrC#(vz~?Y>v}vr>oHU9yW}V(KPn9!K-$ z#k!%Un|?}3v| zOXipZrtsfvnNg2dJ)YLTy8onB);VK59#0tEpPLR%rfxyKO{H!roCv6UUCWZHdmT$( z>zsCJJC(TC-1D!w*4%&Bw#~h1JoUuS@l5x0QnwwEEbHLolk%L}p%1ti>_jKp>Ba<< z5zNWsle}3RtSs4)is(&AuTIW}ZF4%1Y;AJ_sK*_QCF*cF^+SInAt+9VlK-t1=yC#}x4hn-|m>YK_iS6Fa><*8{nf=RFvGh7xp zcrAF*#uD{DmGj41lodbGVOv~*eEh0;{zysaMDn>uHXt-T4B3!PZp{_B7+w7iOK=48 z2;BDZn8r-Z$X^_IXtz@TT6kIHY7Xl}TOe4PPQqZeJI4#F8*JhZpH3v_pW-M5OG@)NRoYL;3tpk9($t6a z+;<*p9{x-+Pc{Gh&9<2fyIuC+hWgJg4FiWSQ)*4YJYUaey}q6=Z##_k;E|SX{jOT1 zjdY(`>{a7#URWmX_>gxrLE9GQLaxtkwjItp8unf9e zz)gUc4eV>jj$Yzn5zVetxoE=QY=#zpSpd_GuvMPH9%ldimZ9(;atBLEU4HkeP7VcQ z4FfXZQ|^7)pDe$a^?Qx(2K{&kwPWrU>Z<&Nr0M)u&ktgRCnV5NF?T16Qf=fSz?@`G zA+v=?z~&G4s$Zuq*W_BwF*YY@JlN%ok`W0Q65HC;F7dVSfbq4L;LZ!f_*H80ZF{+~yHn!xH1Ti-O@LrNNC1mmq@ zpA_c;wO5_)LX&OLQQ<@5?*Zp3c49jWS>KB*-ki+O-P(^Wbz*B4`G)(L0IL-wq{y;9 z%vi6+;Yz(zK46M_IY|iT&td-cM}r*V8AtYBQ@0o838V4FSqPSLaa$C*S2WAVA4&W92;?<1*1 z677?zL~XaE>VDran)o+D5tBe8;PjvB=iF4HvLD&`g`XaAf?Z@R{HkkwOe>pWie~eN zTlci&Zrq#J&*Glaw^gKXMMs(vZe`zO4WpEvONqSaBZ05W1i zVst?i%^G!UR}>F0v?HF52mR`^l}A2|)0g)W z+vG(-%x_3=Jk3t}x;PVU7J(l~C+NU9d8FvTB+&@Dc~7VQY(oXuCVmU`AbbK6^`QSY zNLux;fmpRmeLFegZ*PmYyDI9Kx4$a#{&Vo(qR;F9XLH~^VEcOBQstm{1AP1-Qn)ky zIP_J#T=l6ORa{o)=2wJpYwP~+4zId+OcouGLf`&?B{DC4QRx{OWA^nYel90vI zMu0dUkA|7AhQH1SGF3SR?i{jVO`^RNdn%sx2X_fJ5vLgADl@Wbg(%%U0Vr^C1`6*W zA;7=nw)OVpN=nMx^`;g1@6wtl&g)A@qK@wgi94WYswIKJx&H)3^K*7p429xk=Ra=PG=%t~ zbs71`g-A|zAM*?zS2L!{M`ar&r@pTyJdEjYPpSalQM@WV?=&bqV`99{b)&AR4E3{S z*#`_Lg-tHVw0UsaVw1pW%YPQ|OBCz(CUf}?|FVy_uGUk<;WMbnM+-zI?cE^3dSQo=T%_AdpO z(l%}`?OYqS}dW7XXx0gGG%1asT5DZ#0-@q3F(mg;}L7Z#nE>9~z-EfcWWT zY`s0D$!|*|U))(+%P!!{&I7!gAC3#J*DcqsP&wf;2uAV1d*pDf7F|0+%j^`-xjAD~ zI5lUs;}z5Wqz>UdhR~Cp)}I3Sz+U|X&9w!Q>PM`N{90Q(>%DcAeQuAu=%t8Kq$O4S z71=XY^Lh6rnm5*crt=>E)ry0Bw~gn&{lK}~^VI25Aoo+X@w-jGp{unl?+QJrglOQu z|IJn0c2pvu5l52w({+OM^3dVP_*w^{?EZh-ENV}ZAWdAD$;7~{{(hHijAtDzQ-Gvt z?FOfisoLvrH9s|G5O`4VIJ@>f7@z6021Bm}GkrbIKL>_Xp)c9`<$_N~_-t?uyHtcL`@3QN^tIA@ zk4FmAoknN9RTWPkP59ETYzpcM`{h3j>j+xVvs|t_PM#bpX9s~C0uRXIK>Lni5OY!q zT8Fs4iTMIrNE;(`L)(ac%VWugaKH!{X$&m+t*-7vKYKUcg&DY?gus)rN6Haj_dwzC zKC-7tuPpqUJHI~|SSmjPn5zv)B}jM|K@|LpZsN&9MvJ;g+UDmHQ743jyZ49G&Z9Zc zy?S55B>c^K+fn`vVSpW&`=|588x->dg>if>p`@h|*~Y+BMHNpMIrZTjy+muIIL@X3 zc=pzr2}}H#h#vI!vDidnf5KZe%(XT;)OpMQ*YVr5`M)@R56hDKCr$U|g}g~#%g2?s z0t1f=7iAcSVZ=3_SeG8#9N_GJ#&lJ>G1K_{fbhnFwbep(Dm|}ID`;$NWcV5xj~sMM zPz8zGCuUn)g;VVTnOXQt^w591nH3^?B2O%Ru$Ma>7^y%Q43N5Q(24t$NjkXlABC0r z45n76j}}X+((!wP(xgr6QT-H3uy4ODhR8$O@K0bMw03vQFBUZ?Kuy*N2T>nzOAqmV zk^bk$DE*EJy-hA_@UwpzxxScf0J@?jvQVe}j=>=$@p$k@r$fN=-;(Ov|LYX1E&q$- zDnHm{Xc-zWwQ;*9Rk+9DLl2Hs%WQJB-0rqhOZU#xRdt3t)Szbzw!`#F4-7y4Z2i8*ASZv3o(F~0t+;QOXVfBgJKcxWBdg+0tc%e3el z`%jowoMjslruByGwWx8AH^55#j~hx0t>{wEi9Sk|k5|rft~Bl^Ma}|^fuBy?-dF1w z;-|hIrt`ahdQ#LE49I}yTPK6mr<1|z(nb^b^_Ez@k7Uj&5|X**lS$G&?`7l3)x_$3 z{_o=5uQVCP2Pb9+>@TVY52?%TFO|5jYsGHVX3SmE>G;l%yQS4q67 zp}thZQcx9sGB@w3y9aP6vX1U#k(;7fOiyLaHwmS!Jnr85$KsLL)Q=z9*W-Xy3e6gY zSLXsm&ph0us$V5qA~)nsLIMCQ5ziCGRT^m87df=mflLiR)Rw)Tosd#khU+jFi9EbS@RVnk?0mp zP;-LT4y>g2ax2M0^3@Fb^&eu*P?L{!_ExVWIh&(N+<3F-wP^;*DU5W6VQ3aLLwGq` zxr}6*N>pm7$4RHyI*w}iSz8U)ZlmBuG z`(1F#ys0;mQAu5>bjHpU4ev!i5(hU*lZ6JPWnRNIuTVDmmF`>MN;4AIph*$&XEYMM zEX}}|OCc^r`a3r=E)7D+Mx84uPpVMm8fm8*P{(WGAUFC)sTgt}MkzZ`IXq0|ole17 zRnR$WqN)7BPuga?chs)|6JW069yCe}gZC>9ptj@^nKY&|S}`{6ilotECRt-ZwTpXM zpm_rr!huc(lGFWbw{M$#oIK=WA(N~}%X5p0DsTH$dfXKVk?_+q3L3Ajk6qE&izedF zCda>c6>QWJaeb4kSHRx~i?Bm6opUThiuY`^(*~RVhIR|Z4UkuZUQeB1D>qmDw9>e; zDCtZZLlLVeG0Od{5aJ?P4Q-NU5_Meus0J35tVJMiZ`5XPBd|4?Y{ZAzGYNM=mhk_E1!D! z2rG|ufYgOZr)Y~7Y6UH2gB6Tf2iAZNxXd2ZXQf4nV7q#bUuH&$bBjiU;zr&DNhzxZ z=tP?E`hQg`8WZ3ZRqj#Dj!El3imaJb)$(3+Cd*da7f>v>G03UOFsLvW+q!Ki2@A`} z+NfN^(h3pCN~qvfFpOAmWQldVLuqTpMx z(=_Y>s#v;jl|OP_~TDTmYCz3{SPeC{EnEsV9=c;A$FDM9(qaHOecwV?+h~54hDUI6EZ$ao-{fY1AAky$wwbRDQFrlT%IYZ9Q)ZQ{ zn`ytpXdN=lsDjMA5HmHBx{1p1({~B2twQ*(mw&(8VA$UZFuxRwF&ya`45g% zR^1f(tA4JT=;P9h|5!F;Vo8Mz#f0zKqEmHMbsNd@R87S$9Y5n= zO($OG$guLbqbgQ8kJgJU(E`w_u3P0Qivn$f#n;WKY{s$K-%8l|SW~h{UZVhinR8TV zazlrL$bF+}F_G$90%G~eB&U8Wn`m_od<4LSo<^&83tFPm&{WN&_z1bZ>e4P2?2eNf z>s&AlMgKbz{_z)@JWt4z9T}@y!t$bt>%%*;ViXOvI<6`NCfRd~ALu@hauw_`P zYA~{{CM|~=JvUPDHO)jSx0^Tj0YU6!JcTu-jVIGk(?YM_2WHt?9FJ546t((c;RnT2 zbYsOz3b#$s^_Xl&^)D^uqn`9ONb9i-90z8e#HemY);1~q0Rl<{BGbS2kE2UEl>MLz zQgGc|-54I*%BNIh(9$sQJB*zr1(c&ojhC*bZeAUKG@;Q}!1o;1Omm21<0To<%}+qXh9sd(BNrwc(8?&2@w z0eyr33)%z=bqEx<6)}Hu#;Ey0od~ETVLgl&ZdP=~tU4uclB`GBLJhc-pKPeR!ilGa zHuv_2pcHptWzeoGmr7MD49&+;Bh13N^Ik@8@}@w5MmdXSUK)gQHdUBHa9|5E)sT@~ z5B#~UbnjmY)81QOpl`UvQrfV*sfkWAUmnbKyVT1qB6c4i$S?n3SwzI@y0 zvl<&s=T8<|iC4M>gXo~q_N4L%-52SA2RDRST$*3-mC&1o(#}Z+Q~-S^!d3D0A7P}C zd#Y{LN~ZFis2W*!DvcLz_W1I&Oag$R%<XNekr^M! z*Ct9Hx}O$gvla{>i#1PjzyeHyXj5!8bQ)DnyYWI)1(hs*H-cSAq+#{LGkD zGCfT&JEmAq=`Z-$*ErHtAem#YD@4*cs1i`ZW@QH6KYKz z&kSzqMvM?fCXNPSNr}6mg1*|3SfSxt*}ijvshO>U;|Z3n>oi0xWb7G9RSDy#!6FwIZkzWw=hCbpSX8DDBFeaSRyk1kx|5(v7HLs4Z&_XAl@CsYeMw;1< zr!*(Xw5BR{kJTT0$4Sjh+fm-45m^#O!edfF99jijqO+7$uNg_&$R&nT0}11^5cC9W zsF?gM@P?m1q%5Jw5KAh$fR(6^SDO9mi{2d03d~#|L|CQM!y%c3%r){JTdtp}W)Tzg zN>Msq`(_G$5ObwQ(!$Uy#pFE&2@F9C3?fJ0rHfC6Wv;;Gm;qtX<02jJPQ@k%fnPvh zCDqKD`@KN;Xr+$G0dtyhY3Ilzn|l2HKR&ycK|y93yuKOT=EV5_19m%d0l#Rvnm^+KGA2=90-5JuTSYeKUq%S}PWOptQ|nVcpMd6V>Y(Eh zv~+DD&d@F_qWJEc=UMOP%yGqch90(0tO``siH9#Dm6jWUcL_;Qm3916%pmRJpUm(e zaHX@M1i^hk`YP#(9~$bj)>;Tkl(HKw8FQRua}2~RNRMXiM{Lz?(OXH|_5xs6^^fcG zRD71)q;;H2UGc5od|urd&D!e>l4Y#gINFGhIo+-2ulIv_>@G|k_XlBl8#BpxUQQwk zb|<34@)?5X1ivi)Lu?$}hhmnMN^%1N=WsP*&LXmu9x_omLE~i>>$SDA9kt0M zk?KiCK2<-C%&?we+D5b3!w)3WkJ(=D07x3f!s*1BdSiuz9clJ@&S$X7PZi25Xf0aX z^aCG2CWFbPnUW#zVeb^X)X5VN)r8Da?9HBXMLH=oX_B2oW;j~z(a?KqRm5gKsJe|N zNv$)-F*(ax5ye8pj^PVvOo?eu*v5UN!<1yzzLv4UOTwp!ex%dy1naEA2sbIgl?uqH za6+(fRB9d*v&|g#L($4vseyH!a9+qrI_e%C-7d2-))5tcgR*K!7Zy3KNWLPCCMaEY zzv7&0J7;Gk%brSMaYSLSbpAyfrUrm?VnhiYgaelj%!NR_Cf%037= zP&Wt*4^!8GEuV5)M=5WOX5%8(L5sAKX=8y=LuKfw==y?65oa-^B2_xqTr5>q%o|0* z>J6rnutE*{M;G&?Wt6=Vlc9OM{FJqwEc-%PIv#7NwLho^Uhd3}ay7*STSZ?j2W9eB zm+64O98^2SMzl4%tCaj+Zt6PP7>;(4P`7rbdZjbi5fm#XQCyI+i` z)fPj=d_wJy(mT%nMS~CwAt!zj@Yodpy_831aUV!-6W>uWIGNGlckw=kAnvQR9GsqcN+B{MDfsAeoiF35Ud3oYrs`v zm84uKTGmZXxJv0g28H(9X+`p`nTSQ9zH_a~$D zgJRsU2mT>+WHus0@gK38*$hg5ddiJPLrN6?a0k(fM<)#3C7Pg%#T?rt&T7ool$RE|&{b4O+SZEfMUpg20p40k z>=ZY8^;}HL#^iE|t14N3-Nh2Kn~8|Hs!CZ4m2#_KFCC0%ngg20#=w639@u=8v5id4 zz?5O8wP^vbufgQ1Cvb_{(@7xyp^+6q##wdhCxNMHreQ)+KFhG36hpyelW*-*+LYiI zV*)Fa(S*+JvVOl+!@=+o>oLod)XbUywpmf8&6SUkxZ!6y4$x0VUKse$%<8s|JEZ%x)24yBUe#z9 zj+08kY8Y#Uxdto!h+-SCNlacRw{J)XvF_$JASVEx31xmWkiK#j4i|5@k42Rzp%(E0 zSyfRnhg3>31|5iT5(0D9(90UGjMG9$es>MmSSWZ0U+tFI;&kX<4(`2 z`%(IWWExt(s)|v$Mb{D250vgYft&Yb>!h>PhBZKDc9T7r7HDAqYtWT!wY&`++rce;v{c%LoOAotfH|J1Hc;Fn|tj5;o;rW@doh2jV;R$!G}Z-Ap! zscz6i%T~Gp6#Y*^P2(s$M!0$nMK6RiyFWWo!UPQgxKpczg$PiHC1cxVB$rPK8&{xK z7f~A4uIDzH6sz0-bAU`#Yc8ZZ7SsF%yGD_{)uP|5whIE3V9aJWSCOY8l~k#{Yj)Bg zdknKZSNfbN5JoIkoH>WOa0&A)34q;5V%2m`D%EkZwX$H*i^%o22X9Qp*@Ced#n+W) zCTdtwM>A~~Y}Bs`1=}KqwpDUOlHA;?-GJLx=wgbvglPk0ENYhUG2;=*jrgNnZbfD* zW2!hwmvD@w-hK+(g!*sZ?~^JndMUIp49b>@EbN#J_7Zk{+=v(o+_hZhr}KA^?O55B zJse}$XckabO|;Ap?e4f>d6dWB3?}Lp96a1UyC5hoOcoA+4XgR?Q6fP0iYV08t4286 zp{4b~Pl$2ScAi5@4OE$5XtaYzQA*lOWu{UI_;I@_^e{ZMeCJPRXZTFW|6)ukG?K#r zSal7x(WUO|L@^coW@Ld?Bf#>EzoG1@RaYvhAGoaRY>{&s7D^&5nh&Cxhg@yiXVJ3+ zOz8)eSyle}lHiF+1S}M3i>3-7O)+I+RQ9O% z1W6&KPB$@Yu_JCoZKajr!BIIQrWvVw=Q4DS)p}BOw zxkD(>p- z=1d%x%Rj0YL|%E51^^FEdhRZQbHQ_esMJc&nS`hSf(D;Lqe&SIRt_Qas18=uMRWsU z(OV4a3&+V_Qo>BilN2xTsy)rGWR(6gxSImWn#;{5x;&9RmR`YLI z-$w9cEmao$?kmp7?3>v1x|710tsUUczdw*l3Z^Ejl;ebhi~`O^)6yui;KtQ3C6mcd zI?6toiUG=o2us7h&BuD>Q*z{t%JA*I=@h|?E zJ(sWkx_)nIZ~k2}FG*P-n6$}tXfW_Tfg^p78=`9WVWF)LzryBeKO4Ls$}BL7ZuHI(xj=9o ztbkz;x4yZacKXQsdUh<#LDb_4`2N7MMl?D+uc`^B%1!Qp43+xpPvq$bs>$y}p#JoW z*t4hzISEKlY0<)ot6qtvHJ7vqysKFgBTuy4KMrQgnBc{|A3okmpEt_=;;< z@91he13lQU)`a8Dwnxe{p*!EQz$7@nM^FBae?B`iUwM2ZPHc@ zVIe=alz~-g?>B{)1n}q$GN8kPc(b<*cVE6Bw>g@7vqnagATjL8f5&nKO)iN*kx;%^ z4AnlD6OXgLr<1MZV|$oQZ8dQrx>4j^h=K}z;ECU>{#;K4goLB28lgxDg9fm`7xBj(@8^<~O%@r5B>=uuf9bo{nP=71wghq64 zNW3hCXe>h<0*9WMQ_f;^1YWNrf#EW_2^#(FMXze21PB(H6J3nwHRZpf@iWbqWkIg7jL~)UERG_KbVEHegWs%CSa+r%>`!2b1a<_=CHZ4B5 z{(dQT=<7DU^{-2Ka#oMK^FO?L7fc^fsReqb-^qOJ7^m3<8%FDR_eKXu8*P2#Ay8B| z*nd5RGCgJzwo~C*$p?Q)Z?3PrZR< zdlCTmN_yzEjw5>|Ou;~5OQP*>Mw#-sZBb^htNQaT-`ODq$2}VXi_=Hsn3i-+>bD`E zDL+fC-6#ZST-y~`xG2(;H>u~%H`a2v#Sn(XZ#CKAiIM92zwz5!gBdEvM>^5nx|`f@ zL8iu10S@|QwLCX1Vh6{>?kAy^&>q`MZpL?u%)J3xfz#hb2E3<>DeE<>=xyCQD?Uw+ zaYc)+Zkv5Wpr5}V%^(_#`){hl!(u{>8)Rpt+u(CeGHH8(ny&k*|IqUU58L+1OI(FY z+=MRO5}0iB!uxz)WgrkC{Ql5G3E<524g23umIW zkJfDIWzMh*jM#WGd~$xm-C?x@ZXZe^{+YFV;&36$KYj_tIyBxazVvode9^ug|MyK> zkinsk^(=>H!_@RiqxXSR)y}!)rGEsFxOeupPg1kp0#0a0KDBmcLzzFf;)x#76s_Kv z6WpQy!bj)~(Tie- z&z-8M71#IUX3$5AIR#$^UUSvgB zbp(wE029+>3lOAiYSkOtuL53st^Y3%ljyq0Lp{=^lfzH!W(x3+Bp~F<8{&pfciCi_ zVE%J3_!486N`)C5fHX+6c&5zh`eSqau*(MWm693G2Mm1q2Bu#A-(#McX9o*I+hDiI;~8)t;}ybj2Q!6Or%%{{G%kMY7shlB ztH8r~1OqVj>3u4VKyQSn@xvS60L?=B9)s^4U487jF5%PiEG^x{4EW_{YP5L^bNZXJ^Vie@bU07DQQJi9ARZQq?HEoCn5f+CwF%!YUT(Y2Y} z0(sa8A)CB7T69Y+WHHPV2rzS>2+n?A9*3K5o*SgcHP&T^L&Pdxf--~;i7vRhnsZ(o zxVwO>L{J`Rz47s1AHVO%LigDkQ_Kh6ohKrkD1LF7qQUE`PG6B6=8lfbS8%$@a)RGy z6`)3Xm*GtBpG__=rzhAcU)J}1woKOJ6?eYA%jX|3fUSz!s$=uv;HEIF<_51zB(RX5)5urUofL(Nk23L3fB@W!c zXNIHLLx0$MBI0IlH9hi5~q%K6x{Oe&k*nAI<7i zC#bEV8ot?qC*ir-{p=*NQh!Pnv1ZMx?(<`id>g^Q#0(y$KA?$vWtwWxtuz+v<>4p@axnNa7S4*n zr0f}jD29n(Hwe=suJ+7rm)zNVs7FsnIIrhTY)18Fp47=zP<=xzhXfiwEu_d|@u9)3 zK*!b9P!m+au2IFp%xX9yS;Je6)~!4HA4UL7?_MDk1A~}bg+(3f#hzrqCZ?_WAMqH{ z3c~}P56`c<_%Osbp)-0@xOSAryzuWIjVw# zRfPIJdU1BbdLSV-?`M0rh^Sz{GAj>5;u_KC#Z2q{Ir#5nY$#*Dn;cgE~t9Q)fS z#*6~jk)PGBAB0Uk#M1MGE-kxIT)x=hV}eXi%I42p#kl;DK%aJQIXMMW@%V$$3WFi@3K5Njda! zAQU4rc9xL_jGo@j10+q%@fY*yQNjx61#MU}nAj}y)Mi7T1V_%;B8vp$Id$t?&m<~< zAV!kMvtdE(aWi}nWr+Q@vou*%Je?ATu`H625|)WFf(ar}58wu`^sHv<9TkG+=cu%l31ykW7Xv4>)Wk3j+eL3_wFIy zZ`syCdZroO>0dUqG>rwp_zk`J3_u;73#0x87*lw)||-r=&dl{{Gb+JXs`aV?3wmXO@8o?O!5+a z{Unp$ZTLXiDcAoryw%MEp88JWo&r%L*6Pzf45Io0Q4j(?^8Dl!4{Lip4PPTd+7I1A z&1QQ~LM_%CVR_`v=t<&uFvNN21h(#QdJ#r1bt!J~*C;=|_Vt^QUU}318U)8~M8==% zY`DGymi!3kMu5rxfN>3XE%(5meZCu0K-K9}U{?xf5fFBm4)nOK=u=SZAb0dkShUo(ktM>*Vgf4=i9z4O#Y7%Pz9YdQ~1J&?P21k+so z$_c55KJ~wC)auxr0ZRDN9>4Bvm-vv6j*Hl*%(F}$_{w7qz*GoO#K6EjK$3i|j*ohM zTs}l=Nh6E=1-dQ_<;Rye-{pK9OwpF%tb3QZ@COfKX`k%jNe0FdI~C7rGVUgvsGa8M zk<-dx6#UxtJP%nL=Z#NCXGe8;ztZbDkH$2Tl(pZ!glE6!2_09}=Xa8s(m^U5yLz}S zbA0nez+W$H-`s4O?fbq#a1z;_i)>^q6YdS8NdhB!$*Db(>4liIX^jPkrK9u@+s8#U zez@>*mV63<(007d9gKqm;Opu@hLA-F63@{XR4yAz7&Uyor`pU8B*onzC8i{6A%D~D z3}5eL8Y#3>!FBwoj{QpF8xaGzp%m&OJw2M!9Fd1rv|2%>UCkY|IXo)wZq&MiE|3ml z<_R!>XfC@DR`~4}!SDVHwLH_1dzF82O@)1qXUxPKd^>?TM#>R_xgy32I9&8VKaWN9 zhjR}v_B2in;pBX&CEO3T$yUxE4~nbN^?Q)a0rx0VWyH$t zysp{SCiZ#HDHk^l$0{UCW#FUK!B7UL7-Ziq7puXhsYAwo*FdXpM3F+ftfkr zWQjUyN+DqX+1`0_e#T84!qhQaf=CqO{&@lPm*8UXnzvxytLIONDHQzU_<<9ZH>(H9 zc1obkLkYVP+Z~tSomUtu(`G?Q+)~u!_jms_e9_yZpCdr*#Xl6Kzh9+TzmfE-7`dbk zk@D;mxnftERX+5phwzzf-0rnOiRz;oPj>uQdBe@ou2Hpa-Aq+^zof~=GC)Ohl_hj} zW7k%MOO|Y~%Tk3`ZpPq~K(MK=`UlFq)P4wnZ+5%P>KktY#>3XIAXg-^CxP!*~8%%o}2YP%K3&MPp!S=t2)e?EJobb zbV)00{Fs}^Bi4}@RLe|$B{L3-2O$S-=!94;{c6q&cU)eAtLHhi%9peuf`ou@NL0>jR`-+qXBF%VBwd$sT^hXbU>@!YL+FUSU zNM$|BUJ>*m39Z*|$W6i-i9f8J>?}L_wp%N)*Ix?Z<0CgZ!*c0MBZR*O<60#ixglI< zS;`0gs0Ibr5H}IHnUrdn;_LPSn)UOb$1p)hLa=3qA+N&oTFMrm6pa3}v6>PxzB=Dac_6hY%B^DDWsGV_#t5iCDSUz14HC z3t_+3wH{+na_q6WfzTEGcqc_2Ls-=?k6P_K6K=ePNPnFgmxe#4=p{b23G_a6Jt(V|)vIRe!(97M(UggNzD7NQkTd(Ul#wEFHfT zWxB^syRiZ~%z&k4!8c_BG@Q#}&2PQnoutg(Q=neWr4K2JH^+UG0hMylOgH3mSVRi7 z3U5QvH(N^X{l0#t@m-YD{;nY7D%9m4aX<5(E4U4Usqx%Ys7?sBk>QS?95c57;f&99 zK8kZ@H{GM+pn-qA*Xiva@Co&Rd|61#F60hxYQna;>hxx9?uk*l3iRzI57=LpVM|15 zXM@Km4sT=Ig`sViXCw8B*7RpHsM&;C3(H}k+(Z)wV+WEck$bkA)8&b$I_?kdE^0{gR>oVt;Sp0P*M82u}G7<`|ZNfXu*S zNaUCGwLV~+MVps5(?yJyTWd?y3;G>;#Px$GVY~-ntrbB9_t2N9r5fox@IXw0Vm;&2 z##$BLIiiJYnU}bVXY1S;zWRVwYw$@QLgGzEon_fYoiy#Q>+rF7LK@4jLD1mv@C2gJ z`rZGC;2fR{c4Lt$^jSqh^xs{2uRNJ?KMh-^$)D__(_dQ)8t=Nn2If}No9g00&#C^C zq~pnP(U*|MRLAuWKW?#YN~`OMJq>}FXkF1vi&pz17=|~KCm`5hUoE+nXF{`dL0z7< z7D1ZqTt_!jI+Kq1INfn3o=6D+W`YQ9kK~vtp#jE@QQOw(L|fbr+bGXpzD&wkr^L;tG`pQy!!yG z%EC@$f@7B=0k!9?sw=NAC6oWp`ii}|`bI3I)>K%-n>Ye9Um`haSOQaGnO!$_AA;OF zrBa0C)+@c)4Hzhs0HpUX`b%PX^ChET=@{+4e%Hh!%6vu?zO90WhId$2uS%*u4OR=> zSrszYAAE+th5rylvID=XTCR_=bO~yKe;|^&Yok-fVvZE%3n^bHu1rC7MG({DMAVhQkwXoTNKqGe zp1psoRzM!>KUuv&KA}Giaf84l5Cx-jnwHWQz0=Z4-+*v|AkKaUq-i);8?^V4XiT{0 zRFQ_6ydyPs$uev%j)o^0C^Z!xb~QJw;xgo zeRRgHHy8qT>KzqGJK#+ZZ*Q>%n! zY^+Gz3)3LY96-iCY3WOQf1^Clf$a}*f_XzgRmb&B#b&WK^Sf&yE`l+1>KlD*|?w&(}}pQ zS42*m{^c~g;9^dek0{)0fsketVhF0#SZU$7Xv#fxj;1TI)CxnWG~yZ0)jRAt2#@g} zInp#rRx^YJ2(ZQzNpO)_39670tz&$uv$&6XeCs25uzOZGH)*mPBHEk&1mRbH&z~Rb z;>p|i)gyr+tAFk7e#Y=~~I--=u8eDJ}k;N+g^){;~@7 z;tzRPJY@Dj4pX_)u{Jt<%w$q0kDIq;z|=mN6<&0&&x|=EwZkF2h#0XW|>B3+f@h>><*1!(vhAXHAmz zRwE`#(t3g3h2nTgG-TCtph;9pAT5l61COOjYD+vSC*1Lq^N(Y${yu7vsjg|VdEyVm zL>DGdRy@tZ861ZQ@O?3*jyxFF5e-5t;ptDGAp@5ta#H`IG4IrdQKod^#KsB950Z}A z=&_>v^}%e}%Kd6#_-cN3Ia`J|`jfz>sjAETD&XaZnf=-p9z$fU(aADxrqaqINCdv8 zAME=7-F4`*s}Ot&a;SBW^Lw9sJ8{_Xe-lh2w-dmwdgInzPA!|ZUtM@wuIe`BJ><=T zX)PX!j1I}c6Ve|wuKKSwtN3d%#ry%YGWRrpjH z8$*XPF9l|M!9{}RSMk)MIZAi z3mR;}tOA_@d)U!&q9YWWZIlhE+fycm{a;}?g$ZTFWKhy&pN$#je2kVlyUep|8NOtW z!lg-(5!?I* z7N0g&7z5wVX+JIB6?OX%d3GH9$-~Wa_jdeXE5Z3*E~_pDwXa*#`DV95OS3Op+A@Ew zc3Iono>?qon~*2}uD5w@9`@&7nzdbZc#@W0XdvhB`ZF6d3q9q7t(Z~EN6 z-nx*32TUAn#Za~!Z`t~<(|XttL!VII@qR(fwyGz*{3U36;&JobYQ4WwtPz*2Z?$_`l&tUn=t$&e~)~6U#BzcU*R> z`=5EdMwa917;eR1)2}BjOFs4zS%~j)WmctIG>gV5o<82wia|#_>ky*DQt}p7nHn<7 zs|^_+hXNmBkrut}wzO~){L=!o(Q}xlx3G50PU++W3&Q8!_7uEO<}w5LMbmz|L>b|J z!Grve+WE2qG{qe$u5CvO9ns5!l|L!@_iHg?5E}1HTxM1#ixzTdO39JkTEVPAYmtyG zUg?s9b+34?SoZhiJ)WSJRfL4qqy7}g9rUHC*nXdRO0(OmU`-DA;P~o{8}e3Z6LTOG zRP!Y6xp~SIX)SF4pjpyWj*|K6S_rCZtxTaLyC6g;!dDt)1|~fdiIomK^6wvM$tQEIM+>yEe|U7GgV4=D0tg+pjwNgIw$JY+queoNt<_ zBVq~H);dE$k;Gz?XGXiCcz5u9mJc&|+s$&RTnVf}2zfSWjKDuo0@y+%%*=|1DOVmx zLeDI>+DNmSo~P!we^%K^Yv}&1ZY9@wEYo?U)O{?|z0^y|Stvij-nrm85Y^aZO-tI( zLsJ&nzIs8lIrG4fM8&sO7NI7VKPVDfFG$XRCITl|#gC?!EUpllgEUNnpaR>3F1F&v zZ`5m)IwR$FkfWUw>XDORQz$S;8RPv2x}ooS+nn4tcM!zCR|@u$KUW*H$2Zn$y(b$G z{!b>JZpWs^(SV|TNT{k^?M{DZwY5JEK;Mc?g2#X_o-m8HnaK&`c@{s-uh&bC^92pq#w}(erSD7@%=kKKeK(D*1YT;AMYduuZfLHDric8*Y>FMFqTcxOdN?XllynW9nj{w`OPUu> zhfD&?MzeB+=&Z!RY-Rw>)h9Gtmrae~j5(_KR#u&HV|mr{jF?^MQZ@O4(!qfPV(%hm z*fN&>eaEt$s{zOm@>GcO+9mvWehev9{!7KZI6T8mPa#;|sv}A{9Cz+@P>m+%} z^4jLkPU<_G=_D^gJL-Z})@lB&nbrLC?&z5_MF7r!UUC%65%*r}=?tZ_u%efW5eRYq z!$7e;W2!8tYE+00k{04sdmpKliUb++fT47q3qbeH3~povvsYngC`E+JU*>Yc>l29I(xaJqR{pI{ew)gz0Tp+~g3-b1=z@S<*JOz^3 zNUo?=8sef=tZRDeX4R>lXP;iaVS2_<(J5bR@FoJXan?e8$Y*gaq6~Ci#=_Kujg{bK z+0$cE|4yet88eajI)Vo?4_@N15t4ghuCx@;N)nflQk>*mR*rphu~ow7ONsr(nhgGC8RDy`3n=o^k}=K@={ zkU+tPfE~G*pqSWBD+}Id;#tx(;N=oz8(4BG>AV3D+NQcv+Wc2r@#Yfl(@w-$HkqQ; zqZ!cle&%h-k_H$a9%5XwUFj^mH9lb@;WAvcKK30T4}v&)Yi~fkiR-oJ23~BLvdQmW4z5OV zQ>wMS#|Vmvgs?W}7DhF>URAr;!Uv1r4aYq75;FnARvH*&wVKbAGJ&Z_w`wdE^MZ=f z!`N@YlWMB_6eSN;`ud)nUU6y9$%n}_)wHR;1Gz6o8JU;3ozdwwdtVfn*#6_)35i7{ z8JOYEi*hh->VNcAn{NDzU`gc(QCR9FJ1qbl1C{exB7m6#mEapw$<4wN{DZ`xp={b* zt(8FhWBu)o;34POtCmTTfay`XNV~(3ln|i`!agV|UN7_xZNE6*3|5<>by!fE(J~q05)ZFp-6S;Y1!4Z{ zpWexTkt#@vS_wCjRaCegZPH{_lyGEmG5JDO^$NH7ly`u$!0S zt5(Gwt2F7xhh})Ze(}S-u7@H}@(h{}S1a zJr_M+9QANkPUzSxW~1BhN(1@9>5s_P3}utPB~CRP(SvNvHnhT3;F(yvn;k}MT`1{Z z>OVTXjd8t5Sy?@_TJ7%}JNpJO_Hi3qMqx1FyvHrx;-E(az6?E{_5ZObp51hs;zmQu z6GILObL(E2hxmjq>}SEMxz{DNscZ-ULdo;SD!pX)X-BYN(Xu+a4;f4?IvlKiTS`m4 zvg|0w+vI#^(L4x6!|;*AaBj`#G`njMzGmmS97NDri~S^ zxl*+q!0@4;fIiZa$Y*mv(|n#cu=r|}&_2}y9;RHFQSXxNfns9AF(=C7VRyaWv#O0G zT3>E^lsX8msDiX2+-1TN1DcJ{vhH#8x*j}`;Z(CJK@^R#RjPJ&Q1iMqy>qX+j^t0* z`6mhfrFs)*Nw)7b3==B~n(2p&Zg2ClfAPu~41c?{SSi21Y$bP4c~w$&P|?88Er+O= z>d|7wz-?H}v8pNQ3tL8*%+gbEGma%=#4170pu#@a6lXsxw=(N+p$(DTIO=frHFh`l za*U~*S`*+Q?fL%ug9$Rmr89+(t+s~G$;k)L%4YV!w&O+=>| zYf5W=le2XQA%`j_$ZF!BJ4`{ML>V__!&8xWc|t<6^XFBx#u4#Xp^mg{n|-a;aQc1>9GtJ{hh! ztkD&iF>3=aCCD2RoOqHwl7S2TIokb0*3keX1Cw}wlL9M@L;B5;eTY72;hgb>#V0ngBV?_fK=!q>e4 z&nr#;1VcSDIY<;Yht3AQX@)0$si4{XC#~aAXZ%tLLTje*q;nafFZdLlN|NmMR zu&pxRJl0lS&`w=&=5>bLuIkO|3(6N+rTVNaQT?;|zs>sNKji@f$=GYZGW!8oe3qIm z0+W(l;mIiPyq!sJ%~+ZPX}sAu8g|Je`D&A)0_l&n6v@TcgIVLlo4>A%Znz#>G3Tm7 z;`VR2=>p*McbEjv1N@~2{n1Ri!z!95VhJ}rX7Zv%#+R2$^LqN48ckhn6v{)Vs4`NX{~g5SIynH^v40kNf#u^YCm+>Lgyxcf&tj1vMCRfcjBB%E zZvPel6uuhp?^;Xb^P3%yeRE$#bjaT3!&NBMWsxy7BBaqL=#2jDaeX%CzNzRmDL8mND@yyt#fU}@i_4kgVC6CO_g_%#FyfEc zcqu)YCYQr4#dOUU9t+eU$mQM2$OX_>BD30eEep;%4&?pADvzAI9A9-^O2R*es&{#q z(~{7{HAbD<0SAQHGPCM?13{iXey!Bw&t)eA=bxfRE`ubQfdKgGDcgF9uf1HJP??nf{6n(DA(y(5zj;2eEBVG z`ATYG$q5v9aWrZ?d}f*XoM?YL%fVG@fXzRDBUi=5$3orC0bR?*zC2P~s}85zd-fA+KF0q?&dRynU>sp_4>IbNDQ3zHb@*JLc0IzGnM;$jMop zOVaNoV5sb~G#C2|3n-A&^_H`d+A}{AFma@9z=}hx3qlxE( z9;j+w7k68u1?KSrs;ZnnGc6{nNv8E#$=7?3)wI_);2u&kL>hhF{y0eVrx{o6{(H0R z;)MW$@U=7cy_y>=(h%#o7j-M9w$zUb?NMgESRs#+ohhAi-#5_ZuV|!d!jEplJa9r4 zr>p~(gUtN~8kL>P-y!oYG#WYRT^9MVw#1rVksv{Ess)jt*v9 zui3tSXkRJ5k##sIRNgWt`KLCDXs3}WU;j~TskYS^^qsQ7XuKVx%i=tMKHhbA{$pg* zBpaAc^&l$R?^W-nn7Ocne@ACR_6u^Vtnx0M`aG+_XZYUAVZR236K?)Do@d-tFDdX% zmKu&Eeu<41hFp{K&iKV_xW6-=J!ZB(O8blQ&9f zqi!QJx%KSto1JWj^}8$Y4I?+;L6xas=TXLOvq1c<>DaESiL!0#a@qElrj}uYK)YpP zk!l#0*x$1QjPU^H;fY@jkIj zfzi?6=)rDf)?9ZP0ZcwV??7}z_0%yn-P#BF8fX2}Y>j8VbB7X#H_CZV{#vn%r0Z7_ z#~4^}?LzVceYM?x>+GpMF`NVCi3xLG9Z5}v0zHR^i1oCv>u9Ze0HZ%55leq`%kikQ;j6_h<1!Sg+Q#m%<(OZFA@ zY5E2G1N^>)AQ92K=`s%F{?OEB2H9u`ZX7BeV(vtPKJ@j7b~8F^Z7>91+eMN(1gpxI z*Mw%CIDpHk_CkJDq*wpu1t?As0%5p`TcJt5a5vT|{9j1dC^IMrb#D*{6SJLzJ={7- zv+J5|0u)RaaF>CPeQv*!KPt{!E|&E#Mkq@pw^70AWO zQp8VVccmB&nmwU>NoE3L!m|N}KElfp&tuwh29D$36%oS3j$|MZ|cfHKSrx6Wj zYb0)X*JieHwGm9N9y%wR*%MEmIi>dpzcT6pCIod9bDD`2i^RqAvqQa9udr}+hPpFx z((rVCNIit)!YZ%F7xKXPVkxkd{Z7)bO8R*^c3NHEDjbBRdB4}QHetQ0!|3|uCPfw2 z7stjF^{Ew={uP66b;u2Mx7_chn659Gt8_kn=ChcGT7PNI?I}B_dV!A%j@CRnZ4g^D zY>g$~qubX>e0CqrV(ixF9%Z#9cSOZg>PQ2JT1K4TnyK)pfSusp+>dA8FdycOQBi%3 zCr6~)*?Gtj!qrT^JL_>3JDhECgZB%n)4(cGy_F{%E-NcPk(&6AqFh(p=F-NX3`hbN zD(YVZ;VvJ=dl-#+d54{`s49v3-j?507D4L5n_k^c&RO~#p#+}&(mO(m%Uj%YykK-Z zC&X=|PWSbVXM`(Nj@;T3t6jnx>w*0~pT4EMu_VVesIU7>P4fEa%i`mTI3!MzL zo|*7y_bfEYrV?@jHbGXkGhxMIW{Y;>Nf)l+O8B9O*dmO*yu{%8jWMfsj<|m$B<;IxrSiR$Q11#Yv~lb0NSzHQ>`sYp9bW%*@cAIH;O%*9R)J z!kHp7fe)SswB+)BO!Yq;x$roU#gqFH3+cK-O zJfMP@61^$$4c^#x4Vs!>$(SgU?W4*(B8}s+ZQ)YC3n&yN9Hacmg3-wM6{Ewgx;Vq; zuTgoVoEfuECQQtZ;nh$OqB2P&<%H7{D!y`3$ebgQiB z%WB#vDk1RyeRf%*l9U*nr!r1kp8Z5oG7+VTViZR;7&MSH_{&f_Hh5#A@LlBPn5OKP1#ecWMN6PTtwi zukCjWkUUIVV$m1d{u1^rupKY87n_>y>LD4>mEY!e*fykja;(ZQbCfEncm238f!AqH zMI!MfzvnvVUue1?%iUk|bPn6e&yiU<5FPzH6%^JM&#ylr?!x2F0g;&X>^>`!Cs}{{ zs0^8rt15syK;J03ia%vRwWyW}<$Gdqr=Ck>C8MQt$olHLnJH${i{#no0rqO*IjhSe zxGtEUl`|Rt?HMDMKarVOZ`JctY-3IWl}L$2m5Sh07F0rVID`Tg_Lc1%xvP?JsS(5% zN)gqM5tg^orbJD3R2pTtA}FR>7b$}aLb{Mm*7T)EIfp4hG#VE3hwf8=7M%IAJ$Nz+ ztW?GgOHxEPc)qbJJWALGc;&u$;3tFv0q78{IK=wD#PTc9=AJ(}G!$EO87tstB;?EM ziRWrzUHngm4euEF6lB6cOPYdtPs^p2Nv zLMM@!ry3-`dduF!Fif)G6P*#wqaTC*f(Sf&1(7VtvAl4}8iHjngUb`IZ;0B!Q-qI` zyTdad->-_Z9^4b^-djK=w^J4som&&${g8z8^=fe|m{0TWVmrNBgN0aV-}OrT`|Aj> zw#RkyU(?;n>#2Nno5Ew!UX6(&sOFHzxmumZHc$SrZkbLih6BF$?RSsXAvd*cmhyR} zVfG^ZvPM<@P#NE?e%LH0DWzE4+4}Xm9VKZ!r#j}J-xM!aVr&eu=D1LF*e#mQpw7M0 zSRNrlnYjz}I9oA#2dQJoUxh5zOreA@vA-QPJ%yrv0P7oV&lftD_|)*Z91f)08}0e$ zL9%Uj_~KXm-`^fNUyd5wCe5_z=-e!0k!8GRAVIFUAFecn=p(pOkDGNG%EY43L@`Px~KYNvz$H~jZm^M9i6!FAud|8xqzzQ^DnKPP5_fp^@W9;1H) z%rlLQe@`vm)^^&0ZT5FzmW?@V=OUIafWNJ7Y;1Tx?n8dKJ2=!m?R@qG1E7J8!2P4D z;NYH~^g09J)b>}EW;irZ1cm0a3c=3Vv$9NZsxs7B6kAD$x`MT6nSkhy}W8W?Sv`wVyz zL!2lkE#3F153nrqtp2a&i*cr$3G8V> z#$!S3znTO1YPH%sGv?J8Pk6KbGEXfu>ju7LNOzDixCG2Qvc;-8`S?j({gR>T@bbnM z@_=Q^3K8<3_3=!7m;?|I03I=2)4Sp5CFXMIF7wZIyr_+AI{vMClzWvA!JSRPymd%7sodH zcWx1j)&UFSIR{^DDrMfi1c%c?a4AJn%!LUVDM@x9GCTyq7PagYL1S@=Oy2`3Z|{h? zh$GeEWI8T^cfw6dtj7K0H3cP)!f_Jnu(5!fi=HbVj{gVxqRyeC7FiPwjhk$oRINda z_`FMU6A5&cL(T>{9EhUIoz!$hWpD?Dw)aGCL6S$OCEpLEB?IH+z*Ruw{!g)eoxF zO{j94YNVySAoeyf)J>7{f4SJ#$R-%ezZd)%c}tRfbxC)VFtX!P+QIYq4$Xc1MazGK z{G+EY6rF|eM7}a%9_S>xW6dH_q|UxD3es?gyXtT0nh)?9bLJ1gM~z>B0SQl(GgqD+ z`{w6Ndt`b;L-f?3IDs$XjY|?2VOe1=18LA~c0 zQj${ofB^yJspsyawW2yZrABan?QCFf;b1=w;j2WKCSoQd@h{ACB+>)6eG^#s9{V9PrF;CL2{prpsZak z=yX&-q30Eh>cum%rYTy{tg*75zqy>3w|<-(Wd(l*0|pH0F)xt*a^VhZxgei($u?nq zX-h$9Q+Di61t$cCt{(nS9nL%2EmP?AyWJO`;`;9sp?%QFAu1kLbj6b^fN8$kE6C?| z?G*=Kc$HKwb=t!v2jjNk5vG}xH0^}WOZC{1r}qaX9ZfP9etxW~Jwd*osj+s3Wdn#2 zHJ2t`+oThP%XpG(T7QeV?yPV%&u7LF4Se1w15ul;o0w(V@`{4xYI8^S#1tNZUUYxoX*8QpNS>T9=nSw%9%1F7^7K|H={J((0*c?=l?{@b&x7*4SIC z+zm2+llyS{Ur-j=PO1(>MZExcE4W}7brLJuC8*J#6T(k3nxgNB)s27GYu8y}7%r+L zi884{-#MH=whsdUDlV>F62=_;7By7hNec%y%yvDb*ZV+u1x;*B9v!G+`hW9dImB0R<0QM0YJz3%KBUISR7;bIBgl-{; z(Dsv#yVoH2qpqCncLdJ$cw4stiDiE9^mMUB_97*4W&|3Aq6U+uTUYiL-DXdVgL4}6 zI}#Hm!lw((i2nh9K!CsGh^+I`Xx;q#`i|xCXy!aFg}l}D(2{Z-r{ahV%QQ+@v?Jvl zG(n~4$)(7KKE3!)BoM6|+-lUi!>u;X_H4hx)B)5VHp!EE6Y^YKV}?<2L^i+LtX_4W zORLemVOJ-!`^v3aH_xZ_vM&azuWTB+#Kvj@>9xsnHi|zU5uhR0_^(~fS#%*5-nZiv zUSrbhxlmNIR$%hVxSsOxR&M%K?s=4nnuG}JOBcDMSkZNy3G;4uZ|CS}cdxo-)W!0# z$mv_d$5>oU$fp^XGKtMDuEkS2hD$qV85eQEb46EnQKyc|8#x9#mg39c<@#DfkL|nk z)eT2%B87$Vt^t$+a$Ok!u9XXM{i`Ao*WxzL452WWwB3l`GLu)LvCY~xn%-)4;@P>w zoPM2Ck?@cvaO8}51x+R8hrA_6#Ga#4WnCNo67XK<ikb^Re5vy)}$u{&{ndTh@&nRSuv`O33BaR4-n zS6a|{TF@umBAu$r-n-=WBkYpb-d%!%-Cq+Q5d;2R=|F1o5_o##6%k)Enybbx$Z|eq z#e|ip8iwJlfAjLi!Mf+Q2y-fjXclt;g7x)Y$C~Lz^-bH@(zX%|Uj|Z2jzckD1@+>^ z;oKo$8(auGoPI55SrUizgqM;>-Csk7>(4wXr&3t{<+rseaYKKsAP2pG8tr9$4v3g9 zz(--8{jZOQ`Mf^n#sBQ>*W!N;Uaai@&-B|^FeJbi4PiMut!=27hX?{3uHIe-`t6y? zJ4wDp$44bE#Oe5GZG(J8F4-N+X`+j72(l#@&BIBR%mQ=Et)KjG{QmpXcc<&y#uZ6Y z)<8ue$x#qhtpZ*21k?XCUZdLEY3PhaWj>RmG2^Y$E1AHi^*^YK;@`k)VW0=3L$%k< zm1p{w{ld6p-xHdSF@q0H2@Q*qCguxtmCc#p$sPE$g6AGO=fS{EQ-Kb<=uw+%y>mU> zO8XE)`C?IJiYSF#5Eu&$b1sC2V*50Lq~M2)D0HC%G}D7lB?2{X3Ipx<9BLWj#&QB? zXgVWr*d4@3(*%GS2RY@^TNV?R7AiNLZwUVG)xekntpa}FPe?zxlrlrB;@k8_9wqRy zI$KMpU|ByznXw$VyaGx#^d4OEswu4Zm7%}EyYymt*MYBGU$Za7dG;f%+Gw*VxAA1H zoQLTLctkxnCEyl`uvIS=`w6f8M|K`ptEHEUX=`u?P4>h^Dfy3otocQQHmh5UkhxdK znPhYpSPso{wXtFytAT1tJ(X^*usM4Nk%X|1m=^WyTuq_dCb(hN*~!ScOe{pZIkCUt zvE5SF*C^RsCf5$xFjKZ$7}Xo4c=W(>zo{LVaT!A=@OdvYrBT?kDUB0xJ(84+q&#K+ z-AY&DX(&1N*>%BN8Y?s8T%b<7IWR$WZhz3#4y_;Z&w=+n%3?3Ser+O(i03Zptms2IB!-BU38n&&HtjuoRtduCRP*vc~EJioi zrn7sjwNpx<)}_Pu54`DH7f@*kKkXX&87lq!L2LNBQ=|5{Ye=(r-ZIiGeu|asr^TzO z>^zFSz-DY{AFU*C*fab*i93H;ftLgs^Uc6lC z|DNRs;XSyZgnfjv>4Hr7Jt??}g#>*Krg#B!whEI6y^Kj)L(_^3YNF}(oL<{KwcJE3607$VmV~i(L+@JTsjxFrp$x2wVRupAr+Ig z2}`C1x+eOBhw;(wZqCNBDDqjbKd4+H)Xg#{S5pC4gL$8MY6r%Z+iqSYZ8{FNNLlzc^s+tgt zd{VbV8JvIUlnc8NzfTiRqusmx!T$bW&uKOY^9U0Yxl8ry8X0^p?6`rD z>XJ~FgN7bJEKZIMH)Olzdtg|FsY%XxVY}+ZceG$XGUf44lQGZZVlq7jW?;FJSlbfja&}7@?N#xK6=fI-hTUP1LCBel1DsaT@ z&GUKG`MEnToZr7!DMeC#k9l`tl6je`yz+K#mlc;=`z^!&xyv}ek9qOmuMX?>-^16h zR`H+D@>61I&J%W|(~Vr~Ff?y4gZBD2&w`3a8brf^xC;l0l^B3?tIs`uY!sG9#Aa^R zxMZ+lm5Wy^WKvUyisx>nES0wm@>Fls()DVTD7{H7g=5C^A{g=fp5~FzmEHtm zjF-jQ1{sw(J8%Bt;!Kp0SyE9(qK^1Ndr;vQTx3@28>OMrb96^Z7 zavn{sK0%9^r1o1(Qv1IL&kpVR;C1cLFFn2;`cRue*JoN|3AmicmKP0R2w(2)sZ58yWY$>{{LBi59R;KmMZ+Q{TWFD%R2RUv#6JhIVosK z&c-y4k_2z2cU6*EwLNZlb~o*qVPVb(U<^)Nf&asM!F%-Y765#qRtB>Y?=3BAf1 zzfsm$VOU-qkzH1VyT}BHUE2Z!CcE7t5rYtX(e2N!K`qnc(_1!MLN&OQedkkVv23^H zy7>gw0@A=!w<@cbq3EBR^IVcm{L~lc@8tJD{?8QM>gr>j{jcf&^K$>y%K!UWe*O7B zDhPGTq}58JNtWWQkPH$_BcThRWjPa&I)RTGWx14t@Qws6Cj34nak{p#oB?Qgu|?Sp z8ChrP-N5VPu#W1Him|HlH=yUVJ*~A3!*Og1Q~F1gN1&>^isP_92RSP#7c3J;pUn_;wc-fJ&e=wc$&2Mm6$*=^*m6Qxd{WS zT)NvlO?-)aSsG~~3wQNOrSugdxz?FCEi5j{r#%aM*N4SfaWQkbm`B%x zJrDg~=>Bi7z1G>sJpKRSUPJ%0cd+vRdzN2Y0{_NNHHuZG%YnNPie>mp9c~I$HBsMt zaOdgIne&*Gf?>VHj1~pUQ?mXCyFlT;SzfX03dWfVNidZURS~(2rjmcD*Ex&@K#Iuv z_w~CURUr;Zm5K4*hNmiOGhGF}hM8(WA-%MsHP_}c-l$pFYg#4bx#MAU2|@5R&hNWV+5lkEdhnp8+%o4i5G{9vr?H zWa)VAmd);Y9>F48T~+^B3k)vT0)p?98eO7#Ezr#HnjAJ>L)Mo0)@%W%M0P6%)^wEs zGZb860NM4mz5?gqumW;_e?PF&9P)g;yJq&{{{G;b!T#YFd8_rN{|OIom+WJn{qL}m z|8H;Q|MyJ4$EMvDf!-UuSc~E@gL+C6dhqhq5er|wK6n+rjJ_W2vlp*lgyF03n~;99 z7w&(}M&aSh(Tivp?Y|5|Iy#6(`!BwJ{p!UxFJ4D4Y4nP|3fIOgWjQS*C%JyGcW@Bw z?*#`hul8RYz1TZCcs)3HefZ*=7yGXc{^$A^c^sep*W>&zlpcJauMZDj)&0Nr z4)<5*|5<(;8|1%h)AjcWAJW9C@3XeCLC%%BHsytKhyhO_aD?H?g-UrG>CbjZoQ6pW zp8Ym`*)ak*YE(;A3}TG^!aiHu*jU4VD`&I+4scbQ0f^Was%(QE@EfSzK;RwGH67sV zHA0*(j>!6YE7p1l@Q_Xr5E-40H(iR~??3i)3l1Gd-9e*{t#r za)xVvNq+gwH)6>)(lLXoM|!lE_A|-Co=ajZ3YHcGb%k4ETX$pwP-t`Q4v3b; z#QghQCwMb|XjiRu-DF)kvOy7yExmCBx$y$J+3q(0t&V^S3(zT5d0erhN}t{6Qh(aF ztE_d7Jv+=6oSP9!nsYO+I=a(s`gX@Y#-fPRG44C;l#hshY&puwV+*^hlDEQ~MJz31 znuz8|T*x=ugMI@txd_DowvNX8k8EZ}cgtoZP9I~C9lhOb56Fi!nMs%txu39<-1I`? zjTAlwD;A%y+)K|k-&$v%V7iuw_-wQG_xWg(N8ewoxM!WjDVpmlRn4QU*~&7a=|}Dm ztQXZhD+k;9wzit%5Zd1PF=d)`Ewr}PfmXzNVK10Y#RPt=_KLNAY$%$oF}Il08-E(MpJ$}O7A zDjo`Dt^pQ}AC*ahF34<}B|zYTHDBB49hNh7YC78;;bpy58B9hx;mx#Sde4+KTCBdKi7T5=_pR)V&+mK`wD9#OiDj$w?(0+B1I%; zqe@jXDTlhUUC5`qxkt&lThOuCwe~1L92k+O(U%dhnxAN0k?$k@uJKtx$IbTg;Z{7I zmIZ7&IYvmxlrwa}j##wafP~7XCNT9}t}B(gTY{+L|iT5#-hUf4v9zdR^Rc+ zy9FILMv#?Ba?X=D^q@e#BN@E(ey2sxOAJ=Azf!Iu%?Yz%Ij%k!5qzM^WvQ}QLq^o0 zx9rne95!VSYq~yXholvul1m4CD9^c@bw!uqGf_~ zd-FKCr!%oBCs3_^EXby$(xTYhAuJIv3ut~ede4hZ_SM}i1}{BL$M2~ z)5c{Sv0dmv>~3T^3nX&mbR6I_eO9YQJR){q*wu#&jYi2#hZPwufV`FJ^1D(9)Kjxf zX<7mdouf@{&dQgm-^2GXajlBHWO7+&yd?Lq8lhi(-N1dWHpn+!cpS3SI9kmYEwCqyR z9F%(Cn%3skp9IUvu@Lb%CA7-(ud1V4De=&vCV$<%NZRac(QfnDP;L5%=kd}b@lY>JQ<7vHjwvy+&BY1diTDA4l zzNhM)EreI=gr9*!+Fz&u^V&DV}%#lJd5GPml+x5e2S+Y zhlWW+)i9^=cv29W2(H;~jCKa(B@xYRtc}RqH^=7^drGz#V4J}(PNVCr&v@#CF{MyL z73_;7$)|>?t;17lGn*=_ISQ)wu|2lp@ezmiL`uRXM!42gur-xyjhkW3t7miGwrSdY zWWjrX=&!zu6DG(zh+MT5qM-j6!AlkRDp7|{yfh^&y^C|6LLBTJ&11;!TU|B|bc-$1 zgUG{4T(A&|V_V2}o^Rb$PUJU)=MK%g0hNs1{)kk~Wmgv#b#=UX1q>squTtjJQ z>)-czTrl}>PeWHglnrIGGsV24BB_{0;Bj}*u#VVUPFEp}C|p8(e_xTncrQcRPL z?|(W8F8}@g$qyGF-hcS%GC2A0?%mmyIcfDJsDeoR=r|&Ktq7D$p#BEBp*51$b4;Z` zeiCd{Vkrz7-O)4zJzUjFC-6239vAWvna-}QXO0fg^1p6Vikn8D&_=zV{n?Rgt|c#D z93G&A6vag~xD9V$)uJ*3l|bXvR(HUoLBhvBs3<4$mXCGX4juU@=(LMWsBRNo|g z9K_(KnOB-nd9^2e3>3=;3zDz2g5zZ&76F)z0ef;H5|aC+{Hh9eP)(%-%TnR4ZyneP zEvWn&5TyP_NUBZaTb#qYIDN;2pkqnN@ede9!tPiCBJ_mjtWtLa&+0+a+c;(C5L`g6 zv@t<$Yk(D}OvNFPtq658l6*>PAXu^OgLf5A+244|i1|aaz7nE5;i90^OrQ`M#gG=l z+9{QW*WC@yb9ZH}A|(c`+GnATXS-Z&4UI>HhYBqUk~KAL&;b6iam^@%04rHj zj>8Aa3s^RNb9#PpdUAYq`Uabqc|y( zT(JC(<>c&~&?wR|Ge3c$M->Y-;|Zx zzO7>ehjmShB3}>}_~mg?;OPRK) zZFXmM{7|uLB`f11;u9qR!Fh=|N=EYie*>hu8MYdr!wH)*t;_}CS=?xda*}eY8U0&xYE{}c$XjT7crnP7qK=n<4#QCR- zw|HbzOkf0iLy|&Vp38vzT8^@3|+GM5Y!RZTm`Dn-_U}-i5(#w0&b!>CnKIjz}u`f+8+_0NmG95?d4Lk zOwoDH5>BJH@i3=(%ml&5atFxgBrz|xz)TznCIJ;pz7oI{t<8gZMAox0us<;0%Yx>P zWisQ@me@8is!2SJwF`ihE+$hlWmBHd;NJdrMl^GV20M@y4f`IEEzntUA>v^&Q!84D z5K8b8+t>}c*^SuUu9!^WEZ@9(@$RO}#DHA}h?SYa^DY$G7rQU^Uv+(5jne*8eS7%o z6G|Ml6grCIOM3SnXCk!^cd{6{XyIzEeVAy%Z0MAA*Wbkn0~X<=`Ua%i z)Uwdp4O=1o$Yx$(w`}GGXti&Jd2(EVJZ>MNdoNi>7cL=-MS*>~dwKa*EtnuftijI^ z%f*CE-6SassHwggyuvGM%8Ch(gub=RjH}uBC!8l{w(<|X&RBcWp8N&7<4TS6HWrmj zQU##ttY~57JddX|pVj<>GJNWuboFr1Fo~%bmC0?3jrGGFf;AO(NWy3&|2r5A3;|Uk zm)O+XnVV(7GjQ+=Y~*5)%trbb7Ailz6L|lQW=m)qF(G74;pncX-Fss>^-Qwy4?}t~ zZ#w>DwJsT6dJeE7vvDvPQkX|I3%DINl;cKYphx8Ifp*~l{W9=-!1Lv$+H-_}s?NND zcJQRxW;!!lWjYfen(TjbFxY?f^(`wv&AN94x4EtR&teW4p>!Md@}47g)z1vsj?8|YL$ojVD#g}M)nm4Y+FbHfKZ zO}9P!>mmByB;oggRw4%l4~8s|+%1cOQO>6USdao>GXr^tg0GAkSx^CzW315TLB`x& zaq4`v{O-`b_t+-hfzI6xje%BEJ4@pt8qTE$5Aj$s>8*npItyq%E~oN>G+|}%ydKu2 z=ZtUB$JO>*#F3+$mJPBBaLC8P69`a)TMhMRnn6U9|^Ce__jt-tv)qnbomuyLf12WfJ?6+X4h>Q4+*)E9N zp1FlICHFkPB{bpbxOH-1&7Om39|mgCJFU})OIL5o+95H%V^UE4$U;ymLe4JF&NiM1 zJ&vwc*|zj+yZrU*x9J_GDJ>(4_t9}6knkP}cx8|nGVNoZMnm&LUXG~sP$48%r3#cH zfjSBOT6gpTmAb7$u3?^ z7=b@3rv!A_RedV0rPD_r;9#)2Qbm{-1`c7*0Ix;mN{BTHb2_ZPyO_P4o~Czyrnyit zO0b@IdHNh{gh@cheJo4LBc&0r)IfGGmWMXVWZ!-Gux9QGa6vgD>qDBaTRd3xbv>@! zH<6QfO^3nirm*B&GfO!;QP;pVr&Jrv$-7>7ZS!GN&mV6*ElQV4lEA+wi!%L2SvM~CpfcW=nI>8>gQtYYdiR7AI+tzt_zNfO_& zlnJpzaz>+A{;9HB(Yz=#6&Usyu?*F7-DhCB3{-akcDK7>0kH;9L#c*yE}PU9qRvaw zBKR9b^nfpK#F!>;SVCu)EaYh@z&*FF2QY*H*iRSQyf2@9?xxb+#S0Z zxE{N8F@QaH>S929?$QQOmx^og|U#OYl2gnnYOMkTpF(Wu2J?yI(Gri>HX3^hpKPqY%bEX4Xm}_Bp$JF7AEWm z&ToZJ`PU!-AT*(Enbq{=LpI_$laeYONs(2Jy}Ik|&Z;qadeaFPv~3Z2S}@G_eS|^m5 za*9we;Su{-_*Xjvq6Q6B-;G;Qk1e#vHXqDLKrv;4|9kevpgH4KJZk;3Hugb5lazOF z-$;wm+3JEJH!82ST&zmmSr!DjtbbvDvY_pacx`^E{fwM zrh+;48LjWicqFtX7aAdujx`8*8nUbqyDEE<2vSzu^ZYhW$GbF&0+tqe%)s_1*M}8h zAUhDjeOyf7&p`FHt0!&^vQ>*A+q}n~?6egyb~OSkZG~RUrb8FmvchH*@NIh_suQ0Z zkv*2P^OMFn65t}DAnwagT?yegSm^S)mgqn3aR^h7|15~(&t(ZgsRYrzu}WqW1){S1pQ zx%2`Sx*CKTyfv=YEnD!6Cwx4+%yLGf6P}79moVi_@D0IN#C|7d2DhJ?1rgYaqTd15 znbd*lQ=X2sW-EvwPo@}%FFe7pIZ?z7fm z=T1K7(PhTM_MNO7EVgacSDls*os7Ndt-e-EweH#WDqlO$Wh?EsF6636a7|!SDR|D# z=Rob7Lf-Wcx01m((&cDJU&$e3**9)q}YFPbcevb-QJ=@)oI0o6Kjv6y2A9`BlPd%ehFB-XoFeOqw z0GUH2g_$rKB}@ptK*Hx8Z$3SO5A8u(ujUSEK_#d9%n4>_r~-CR?voCaa4?>NR zKf;8UQJ}ou^I#O`?4Bmc?ncf;k;h>XC@@mWlT*)}w2|got@+bXJ%6Z&!(BU4`nq9SA8I zGO{iy-nyij>nE@W&(6)+IvZIJp>&#HVF~dn>IfO{gsSdBj`6eFegxt)j~``FYWQ&|d{3OBbFw@zhK*K%iH7~DePP0`e1I&?WvGyQWXD+5 zU5gI)_Btk{V0Lj-nXbXs##LDj+Bhq#N!`Nj=@Ig#*xjNh`1zktoPFM~M9=A0$Gs*r zo_fPD&;NX)lr`>ovcBuMJM6xuQrtVI#RR-YGO9A%sbn8|w?iuy5n9EgfqJ&p3BF#E z!P%;&Pj5<@9)lL;&X}Mt9)R~-olw!bSh$_IAzg}Q&bQYSAVb{{hRfTs^+jB ztouG&U*943lQ^8{S~7w}Gr1-qMrp}Ih_ac6SEgzdWXp0)+m^Idb(NM$vO`kd=nkYS z5{rrsfU+Lgew|)UJGzmR=S# zymjkWHR~|WTROaz-|>jy${nLSrhHIeH)pAk%dI}vtbaf*7>$0;0S^4i#& z<^r#x`Q6JekI2{G$9?A6!P3Kp?ozaV{JY(OvWvW}%p)GKj&sFa#Av&VF~C%*-E2}> zFU%=7Z7k481{urSN>-V>O&M0Iod&%q4+{H6qgi%DrZdS4x;L3)nwd8-dGL`h)2^X% z`GFiD+ib(G8UysUL?&SMkOGa4;7;+kiDqZ3>=SiVK2AVq zh3V%G>1>_PBgJ+4W;Q>vvvpLD72ernSSdpek1I^xrZ zkG|bJR^Vqx7Y~U3?11{95YP^|4~_%vfc?7<2CeZFOGkt*wxgdaFtn?aheU^V!F^bW zXcy#%$BA}9|NRGxI6{S<+t?Hw#1J=zZQAt9vgP#+pc+79`5A57}goTv!%96vc)r-u8gno&z|=!8o;1YNmb;%X$h3B^EE#FKD9`ZFfYS%}*E{aCwWr@t zvNS}XDYGXc+6PfD6M&H=f#*jWm zfU0|gE*PcSIs2A4Rag7f&yUO9Xhzx95zSdATD@adJEznhwOa3QiO|(~J$D7KHo9+( z$#hWp&l|(qT(7P`)*8}Qp{yR&`)3@?>KX#)N3?cN?73rF=Z(G=*jgL>=M~yIZ!XRF zR_}B^-w0RtcAFRGT4SJAfv%oF*T$CV6Ycsy#6B?I)fsZnpx39_3QLE*)~2wEeO*5G z)nzr73V`iq4d;fyx(eDaHV)R^lZyt!x;)$$6AtT4dQMDiHN}2Wv0boRLu37&{GNkj zn?5X079s0VO)eB8+cwlk3zT(EQQuHmm;O8?Ue??FKSji>gTsf0&HB;!`3KH6xA#M$ zXFKXh2pk$_}RzfwvPNW4$5sG^FooiwH>#L&3(Su+}0I*-T>Y9jr8bIy6rQ5 z%uwCdULF>&+m5H-L(p#P>>e$0SNSa|F~ic}%2vlwr2V8a*+4QR8yjn>{f!%o>%6L8 zsoLerz|xACy2p1LyeX4hwU`GN2{^VTTUieJCsu0xS10I{PMOGPSeYMx;lsbMu=tI< z<7r&*T<#jv$}FDRp#ym-31hC*wb})Wzox8cVA47ZFpMKIHDh*^E{zYZgJJhz;h`^V`xC=so~4ri5agmv zm{nXI9>TLa59uz8-BOpd#mnJCn#{h-`Lw=a)fXf$6Xhg7rMDgVzJU|KDENN`?AZP9TeduoKNd#(F1Q+MTYe@vr2$rPMhGptF_!nuS7eR23 zt(u{EqyA{837(D`biwTcm#^MKlQO99bOg3_W<^`i7V@2*130qIBVr6J?KsiD218MM zZ>GkKX-EF-(KLCBj-6$*9S^2t;9^ll?mq=F>lp8oQncFCo{^|^%=qys+apYKVdB;? z!G}?}`ebY(*WT%h($#uC`OGO@t4Lz)v52L!6P~6h3W+Ozs_Ye-y0JQOi&!e<3tkpu z4vGpiY{&;9ju?jPpqXHYu#X|jP%eM-{*r8g8S~}gb{C6p4{w2eE=OpjsRrLl-mnxr zP4rArtB-S4r#TiRW7z z59wgih>Ri7PU$qWN>72`Z;5SGZ)QAB3;C~tlg%pBO9j|%5}u-mp(J-wdT(~`?8nCI z=9O>H4$nn6L95&%6X+rRH^%}hYu3&4Is#{#UKIScu83JI{bdvzMcVUU3PL`>+x%U4H~ z4hDk(IZqfBOcD*bZ)0nh@1POC*g@t%$A1Hyf{uF)HZyKmy$38mQS`8P7nm|iEY^p> zkBp)K{Gb&7fZObdL_EA@`5@-%x!xW}M4LU-e*-aL30gi1IzA%%`$5EpF-?R0{UCpV z=?QQxjIuhjeALcH?|A_Z_^Gkbc$}nYN+_f|5)%cxDVmiA}pZ>^Z*x)^N_2BlW z#`CPU1D-REzqvsh!Tj_0rx~z4#vUD*`7O|e{${~odQ0DCceU9P?u~Xv;HW12KGpXK z=(tBbiC8X~mWZcd>6;%{jZoz>N=8S58nT4nd$7|NRx5g!2=aDs)qauQR$TX<%cFcK zCM+lCE?c5~4QUvHS+r&_LeuhK?Gf|5X=eu250Xn4kF@!rIev|pcIV!__ZL%=VvA$tYZSkgQ9)< zwu!PKX;6>R((R@###~MqW-mz26EyJFzO<}#LmKMMieHfn`H|cg@{e!hG?EC~lB6)s zbzJ}DxkQN+<1oSPkcLN{TNe5Ou}O=87vCPApdckdnP}W95oxZaD0My3EC#Wl?#8Y+ z84_%ZoLg;7a0~qVj^)F8i?JSnevrh%pcscDFWh>%6y#<45FX=Gg?t`Fc$vf=>Y24L znaK3I{5)Ym6XjKbPta#veXPW9^7HY<`?L4oA2r{>Wy7+Zg_;$zT+#0K2M7BEG;6>B zmnprYaiZiUc>U76mW!Q34f>Tmo^c%EO6B%>qb#Xq(rD?UIY)myr`~~4v|Yk zs|i|8)_4Q=RKe|%vg!bhY}FH_SFmz{N)f3Sw1s6Uw;v@E)jgb^NmO#jVhKpSrrstU zHKA%Lz+@O0|hI%i)lau#1$k4U$gXr?;ILPNH)IKib?A> z`fJJLmRr9(eS3OxMWR7OAwY{9U&7+;kdx!fQ}XiHcS*1HYTC1r;O94S$>u-<0 zJ$<`ge;Y9o=5eO-tlL@k^_bV)KB|ef_VoSnPv4);>FF~5Tcan534m*{`&O)I{$ESb$W6A=IrwL+qb9J zZ%)5E{^{-2^}Exni?fqUgJGR1J@P^duF|#H;*qd z|Gi$=rBmN`Bc(@QkCp%45B&kD@BIKDl=a>Z^1%u3{a`;$uKVXp2d-zGFQ4UpiOrio zQL6hE_z%f)-vaVs3GQ2fK0LR53*g^>T6;b5B{SMDv4@``t-Tla@)_;D;2x69-V5-d zdF;JFKS>Jv{bx*J@5=Shn!Vob`neO=yS+bO&iV%Tjma%^T*@3`pqo_|S(Tf@<*Tja z6k5tB-|T<=x|jU+oJQ{IqF6FdeJ917)0LT@n>W7dcB%fBuzX)Gkw?amD<{uO_ck)h z-(HDd>N}^a_lKr4d7P+u9Vr?>9w&aE25}ZpObKC6vnwk~eP;Fa11Fe@OzGh2Spvp< z$4Ly3@kk;d=VclNIUmL*B=yfKgQ!kFpz+ifBi0$yIN7!5*e5MOeXh1))VP*5vcOdP zNfplsqF98IHp0C17G!AzK8W_9Y@Y0<8*8=r?Lk$hijwK zA8FS;s470O3Ua6!z#AjnQrDbGBzD2jZe>6?VbrFJ`A18S3R33W(S)4oKWL$X&NW7= z6!^G7BENyfQm}?RXI$)7TPNTOiMzvu4|k^&lD53zVL4@Kp;G5&@n9Nl_;#)yWdCX5 zNHt%p|BJO`aCSf?pcOX!I28p=n=!fbP;F}2PH0|u>)19IVZ(Y>rzNCEV0X*3 zat1?&Tr3y(H>x?21ZPgS^6#{CkB={`LAbx!TqNF1;nCoI9Hf{0~^Y5&C6M^Lj>Q!l*4FR+QD=w z@R>Zz5z82)K_LT8{CQ6PfA;>pyKx&y7{=#se+oS6=+s)R>Z@Vx*ML7kg^~RbTwrXR|L9oeUf?M9LT54M87q zMe^rpjxN)z@~3dFzXn2|LUIVg`L&jK{@RE0&#M0)xE>l3FJLp!`oNKAg|F-a1|J4*0x$BSpxUFFjs+fg_?n_EZQ&%OxbM z!|Yqk6rScCtJ}fYtMG5nB`!EbK_7-8MNa<~2lH69Ntey8%xfW{#4q9C-xLQ8$JpE3 z+k5-^wfOJe-d^s%`+M(Rz53h!>o;!?4)*rmynXk#y@UNXuiyL)>}?3=Oo=Fi&9^bGJcXv6J`-@vwF3vne zdxzk&SZ_T@oQ21b!ygCzW6~~_nAJDnlnt6J$b{EeAC1i@1vMz zM}z?Lae!p99ZjO#$j$T1O9gkt7AAN#e6#QlBep;Ri{(>B%dZC7Fm2+yR5;W;2sek! z?;223jC};tVX}~^>!pA8;`RK`9uT=0_#RKPjq(#Hl5~i03zUAuB#CZW(%C>hCHd%4 z^b!!X#0SO0t`Lqk~)*=wvBqg7}q&1SE#|o&jY02?cj=y4zVtuU5{2Xbj z8UzFeE?$EDy*?M9&=Cnt{BQw-Xo-mD00|KAlD8nu@J_tuTH%|nC*_NobXSF;?zNX| zr_L3zud5r8_`S-$aBmhjSl%DWE1VR9W@vLN2<@U9v}=iKK$*8`kFI(%FFFySBo>eY z{iz%-#LBHCQSJKZbY0}8K;r)utqM(sf9Qx)bVbveUBm>%aZQ#mQ121qjs~SzWxg*w z*F`}N0RVbp3zIm+TUe$;L3XiaWw%_d%9pz7>rS4woy(1J&Lhn6mj2&ZtXvyS-_>~jhmDRKn6u3eM=~3Tv^OTg|&OAP^`=(#ur=D=rH2n4<@EGs+z1ORm zzvKqBk#2SwKcu@%nwP1Jsheowy1Shgm$WV+R}Sc^zQk`bxp?7wH3L-9wVt-w$vl&} z+EpCcV#N$2?3Mj2xZz;$_1{Y>#4K^<^)eN{p9QZXn*Jj#X%ietE^5stV9ahZ>9RJXgtR@w)iuvDBR zn@{2_p*(XeSU!u<7XSY*c2-Uc`(Jz~M0d|Gu8t=I_K7vKG1b`r4qm_8FWUcJKimHv zqKtkXUS5Io;o0#a`21O2;0?sN=F68Y`RlL8my?r=bG^c^eC^?Y*BOq-rW(UA)GBR# z|9$+nc`7nU2p6f33(r@P@OT^GQ7}bZt9Mc8;}vqj_up@Aeg53%YJTk5<9cu&V9Gq_ z47=&=-j^?1S4l_wkUd2xNIUWZkTwKM5qNj#`|8aOSin1^TF9IRu5fUS190%alRohs zA|Hvz7z#w>yTh$5EtQ>sHg{9PLSGrtm3{%XUC&|hmQaRTJaSJxUF(5wcECLdyujtN z_nPAj03>tT>9D-R$}zXztAtu{qDT?hW4Z$9lgN}4%*B-4MpNW4AIuSxHTwPZPLwl> zy4)P3_oH9FfW8l47!I=DZLz<`5BX*SoM9S@G{i1g;Rt+$avN~bG@55X(;?#@Eumr_ z_)oq{z{OAC>gQuHzBu|X(C>p?9J0jwLvC9c;fVr9R$^Bg&;{6?dcp1#(#6)+NdPc$ zrClXf($rc={CMMsWvX9=go+FhbKI5?`VHZzsZF9_z=7mkg?uWfSvQ28Q*dN$8?Iwa zGVufx+fF97ZQFJxPCB-2+qP{^Y};nx}W<|81po=*b<>@ zy*EZFon$pw(;J49(?O%^ScZS+{Tf~Vm}~R0lQBuv>#px4NI=%i(_|9OwB`0BOl6DN4^tT%Rsq^&THC@Tk1Qj%DPVjY9a@I!+X{2kuY z6Nk=y>-ca3P0Sw_rUHVzKYlpv;)}H+IuTp-5bfg9>*C9#L;m^bGEW)4VkqA^f|RRc zK=^Age9=bCg3njjFTdqqK<|s8*`8n|M9`W?5fwTO!&TH zo@|g32d`2(Oi#oz&x>`z2Y@1yr`50ser(L}d9&$w^jHPe`|bf$qur;*sj=@?fpJgW z=#QnK7is7a z&qQj96c_e2UGo3+a$QLL{EbXx+#w!B{Y>v*K-4dqg9AEc!&jUjLJ&x=*A0R}j1{R# zVsWNIkDjNB*>7iMnPfmZH((4@<5!sFQXBK}gzRNr%`jS{sB`ggaQ5QO-b@#gKf!3OK1ciF%6-2owV8fI3NDoN`Cm23}*sW*W%IV)EC z;2&x+^N)!mMsE0whzpj3P25@>i1a!gDA%|{=H3XoZSu6qwZ1<;V%i9#Ymg-yN$JUs zgqIrf_z3Rc=lkOT8x;iPLna%s@j3g1*n2EGo{CbE_wB+Ja2D|tG4=Uz(xiWacAr{u ziKr|Wb(j$Om@LR*3K8uH2p$s?*XFX#b)B|lj;_sq6!Lug0RCVCH1CW$@)&mr%Ggim~fd;%EDFM&0>mzO;2X9&a@U@xcwCK zjF|SxSM9;V9?dM_i;o)J+~##lJTyxk!JeWMq)$vP{Q`R*L*jMv55Feka(4GP(Uvbi z5Ml)an(SD=mYTrTY=25eePQHWx3GuQwt6|l*J}8FD!iGI(;U{jtPtX_&QIa`h>Q>I(wv*#r@ zuznlMP&Irj&#Y+~Ku?*oVvG8J8?!Z$v!)4F+;CP%bO}z&*&f9f%K;%D58GnLLHv)F zu!jYt|77dhX=bKUH^;xfVgkHbb^|!QoLb8+%MwS&r8I1CaNbdtQ?Esza!EP}P3dJ) zLuA;!z&=8vp_hfud&$g130WffSZXF2fVRXYSvWw)aPp2y&F*TS@?l}-ZkvlXH^!TY zrfxK_To*e-+Rn--DIcVHijqe%;m4&ikxqVPb(BvUO6Qd@PT0-%jxnXuLdDH3(@LY) zjpj_5rtuXgw@_DkG%c{Cb!^(PChd(ip?<+fHNNUs`sNiiIdRwEf^#Yj1b9_@YevNS ziDsltf}#wG)4N)wZn?LzY~a_~pdr&dYUQUfiO`Ci=sXEC)|&i~=CB6UlM<)Y^?i%= z-R}yIjQN`O3vyxge_i_3O9cuGmwq~FEBF<)osq2R(6-IGPfIv-D5QZS4Dg5u_T)mS|NP@)owfL7W7o5QH>riSD?5Gq4aB08uwSqRIeZ>%ijBj@Hv4? z@7wDZt53t>mlwt-8B(*KSY6Fxy7~F2(u~f0R|&G`sySMns5BAdDZ`UTd^0QUhfbzv zjb+?8rz4?>YH4rdgh~3L2WS^-^_m|aYE+|U$KrKb<-@wQv^Xt)Y|@q9TKki9V$T-M zwE-$>Qk^PKmc+!0`f_TUn=A8*GV?8`a(yf_MbxHCu;S_fN^nt0WvgkYx~KzO2e_=e zQ-_i4pF4fj0vkAiq)E}TN~#81xEO}RhGIy`Mk2oxjXeHBudvhs!~<&@U&O}TofpTMf-0O5#f;P1J# zdGMyS>0&E%M#gc~xSq>DR(X#se1?O2+!&RVKAOwI z*7tN9r~Ir_yE!2|Y8+U_bHN%*VTUeb8P6*FSAWKc7Id;?jsH2m`X^7+Efnmk1M*Z^ zYr5eEK<^Vi{)ymTEx~P|rUyQWA5q%2C2+K3_*BImy($E<(;&nF^Z5j9#}X}g1#a;; zd_3i;rxvvT5U&zt)qnR1zU}a4TN6i^N9S1*4ZW}0`&=p@OpZ^>JmP)e83ZSGSk7cQ zBKg!hicYOh)+ZoRJmLzgYv@gu5GS_oE1qrVtH|hBj7DtgCt0}y@;r}%-|myN!E!Dr zUmKo`Z9m&8vVZV4U}r{enN2~uWu1y=`7w9z-mVv9iiKsP>Pqj~DNnl62+rtDr3 zAU}^n0>Pf2%fs?Knk};$aCC#SV?Z9fkvx&W>5=j#N--wAA(BHC*~RFCq#fLbupU0n zvPiFQGigj0u@0p)UZ^kuet9tC**?tG`xgX)ktWUC%!BAFQ`R8oF(~u3onqC|JE0c% zo+2CWLjWUskS+iePn9K~17S|l-**n^N&r+3f*c=?TyM?5LPEjr;@HsZE+2UJHkr&7 zq&H3AQ_Tl}*Kmv@f zVWmm*9kOa4;+@X9wGEKb`9X4T)&&O9oZmjbk^M^45am869IatFo znEW(V^$iR^_Y-7}cBG1D75LCfQ<~lXyBKsSf~Oy)r1Szq1};Q++1`T(&Hk7wl-+_C zp3|0WgSP3jTHc<0VS!=KAsCZ~Y>3~Ms{rW^ylEWEH}t`;CV75r+Cu*Ql^32kc)I`u z*&&^+^uUA*9Y5#ljt-~m-QQAfFEyA4A%rcVPKbSn$qGis%Im;i?Bozs{GTPRI`5I3 z!-S_4QcuwzjB%9)uL#vA=BysoE4O;P$17$ixO-t>zP=sXYESOs!1S~EN?=_`hOrIw zl6~{1^Fhg97HQL_PidWO&FT3=i&Hd?L3;jq6j~vKwAiCDwJieiNHsZvaq zPO3x>=52#x(=JJrw{?02JSib`QCom~xyW8#J^+HMy~QU)^MRRXzuSth}6*0mf z@Ng3H4PW2Kjfol{8?@*9%sG%STp&bA84r%CB$?>akX}vbrqASnnA2XN_BUw@&%+OV z07`U9w}@6!eh!cp0t%kzm%!63TIZx6VWvm-NT*==zNRvGA=ElL$V6*kR7QaYD*;X<&_-9RfoMao7_=Rw`U8u01 zk-PfLxR#1InEo@x(Jgy9qO%XiyG({v$^Nx)@{gdFJBztRgpTZ&LKm`o7ad>)q{h>G zjoH$gT{J~o<8_6poti-o@ngK~*%giV@ofk)57rH>XtZyu#-Fz#LN`ZAN1?bVleGb# zLN~kS)>@C2EUH2bmCrd0pCmbb>;srTYyS=M3%UHM58dQnBur)={b+kg6@Bk_(0^+d4Kmjxteds7g+}O0}pR7`PywKOfE3xwCnG7r|h5Zjqqh zpAVr8V>*ZU8gP5kd}(WKIn7B{eDWQ8>6XC!y8yo1Js~>21J?sSk3VJ*6)&Cv0TpiK z9=&gN9NEA8dtwEBuaO9|N23=W$?SYq{wz0IvfR%{emvr*vKs}5-K)2`T+h)TD zAk^>CeU3835pW}8t?4d z=t)8eNCtr5DLy}!Eeb!SBCeYzH1Be@IR3El|9$4G`SGP!vyF?xJpl}%;24Wb`81jL z&hNJbY8ZPKv5FDiHrau-yU~X<)lxfy*#}hRPBRmj_OUOaUSRH&e`WaMy~ot5gdzyU zPnpAkgbRzG>{<`Y5mpF&N?7|mXzT2Mk09<38jY=u@livMvyRX5-~T?XFzM8%xj2tR zOazDzAu&-cGpWFva6ygX)YX}1ohKK|64QQIr>`33JVGd0Gy%;%_|I8=(?5Zi=K*T& zz!|mc?0X=$_-QY&;i5COs_5=eVwrkKoXO!`WT(c5$PLT&hLs&aWuDW#b>{{5_>d`z zjihpGF1p-Mx365Y_4ZfS{vmY{a*7b~iFYqH=ax8#H$ z^)2Nl;3vF8G`j5<4{+Dx*rh(2u*VSD6qrLG17TNpTe6Ns(?KCR%5E1g` z^Wpr8rW9pr`yT(rr5{&OG=rwf9viG{NJ}!b+vE1~8M#q&>R8mDh z_>r91cuuRxy$WX7en$gSycZ4hG_!z7eP&_cF$RiOAf+6@9v`RJXQ2E2(c=B*bwDEe zb5Ho2S@;{N8e}*}r#`PegMfNwhs!+%OgZYk`v$Lp=k5XShyqJyuhlGUcQbV`3j62P z^wlD9rNuO$nWfUqqIN$RuwRynyejiiLuJ*~W@6fYGE9Tx@*Qu!>x?E-U=t6kj}71~ zxYMMwKx-v@@_z^?W!Vf`nTfz)5Wbo>>j4?mvxd>N*6E#y=SJ`&Y`;r}5u>rme6&y5E2I^*=@WM;9h*rZgMj0+ftn(Mz!q}x1DCE}hXPp>!=7e( zit{TO3@0>BmB-p^Q0dvq29m@eT|NMyu+l|%MO6KAsUCr!U24#tK`->4&@;Dsc!gfJ zzo@#$E;FZTNL`&!RZRTVkIDUxxmr~%J-It@@t7TTzDTn&_Bc+~%EtcLVVjYez!!z+ z>*0V5x_H<&z@KI@s}r2O?X7v~bK4L7Etn00{~qvwpGulhddkp_;ZWO&KU%!LW^)a# z(|*2vDg&7v#HPO##-Xo*T;Bfc)X;QOkEV}EJovSBaYP2|@4FeDNBgvaaNzH@P-~8w zL3-7%L2#TbIs^RXXD&87R z@IqS6$G8|>e;#T!YXPR2SE{rFyhN{`qVFp|Z{8?$`tc0$XVem62}b{djKe&DCHEB; zN~*af3CQ31c0wi--ZI>-SRM#T&ZyYRk&@r>nM7uy(6@HlU;j3nog*r9QL zAaKKgPt%czhUa!N%+%{+A8(&c3;{vSJMM?beJ~1@dYP^o4*$Oy3Rekw?YM+!;WR9Y zQzIm@#fV7VK4u679AxM@>&pYDA`4=h%1cA&AqS^pL=atH06~(rEGaZ->_h_BjF?jz zsiq=|8>l{93>dVca*WJ;wF@qb7M#haY7I<9nf#bigRX~nE!U&JPW!0$B{BK)A@6bc zaUg$Td?JTOH@yrSC18e4m!=MG>*_Lz(Vn-VcuDu}5R0#NmYd1359y_@hTLuJC!Hhf z{ry#5uwPvP8o~NkIT@kn%0H&_rSPE0fWJh4kn`|NDD36?$iwK8d%~xwAR}N%NyO(| z2?OL5+R-{JNX^RI-8W2Bo58U|^=^_?Z04@@u^G6L$MX7IAm@t|qlEin!y{_5aAyOM z2fFs`r@;X5y-~;hKF&@QU+;Ju;N*rx*K{X-Ul%*WrR^3gBo$+ka!;KZxNEZwkfM6s zIO+UUsk;hyn=juD%0Y%rV-5!2b}FBVL! zDgdxsU7pY`I?gRp7!%0@SoL>S;8g{)JmacHeX3J+rEB_l@r#=Lx^(I57HdVgd<0GB zF|tnue!5JVpN!?b2%@2yAPY}8YCc~UHPpl8{u_)S#&T@u7Cfx6bLN(|6+Wf7-Hie9 zO$xVdVS%#6)fCB(0eKSk>jLtGjXC3fEf5;-*!z`pRrlEY+Rv9>ziL2gdbqPco=+cN_U_K!J_c4}MpBA;7kdVp z@voO777)!wmc_^)2UN~!Nrg1c>5JOsz^>lE-^gn5x*>qXqdRe8<@!t~2=u)ShHz*M zkIp@<)~{z6DGKZ6SoKL)husa}&ESc*o^mdQTe7%>)qK)aCsnSNY*XJKAM!SW4CItr zY!0XREhNcjxc7DN>aJ7^`tT65YkU_IF;Q@yBP$y-HTp2_jF(ox>rFh5_`MK_=ny_+ z(j!;;<|8p|1PKFnoZkFznCXz7)rM7BGH~0T=-?2&N-{&p^%U~q*X~h^a=j4@P#5jw9&MHDS?S^N0v~;9a?kW z3-?of9Q84aEonW)qVpH(pH%e`OG@?<2F%t4l}$n>f%iK%FAt{Qx>?$pdO12cN%WC{ z%Vmhyt-*DHi4I+*2w)RcJm3_GcuKmIwldGi+nO<6^l#EZP2L8_pQbEhF=i?@f5_T1gP_}Q!($e3gRv(0NN z12<4vVM%Q4ARW>k%IsJ8(#*^pZQM^co=z`4zPjSCj45N*-qZRQ=!e&|UX&LAyj(_R z*tqC9O44XPN)V7H={Uv2m zcI@!KpZ7xt{;0)k~W+jFA@8|AaBN`*L5WWJfX5yoHGnEwl z(80@{8r)gLE(MXRs-eikWZFdacCCMiO~y ztdvXrR<}S$<@RO5YbW>D=>brEnnHm2T4|r-^CsaDh9$iTb9ZF-;N|V4lW_aKVQbF) zHUnEd#?#T~pP@FrJ>0&B-#Jv#JfV>l1xsi2Gme2rX(^@;O*%f6!@DFRE>7NobrZt9 zTy#iEK~7DGn%ZIgxU_Ki3)a_fCQ)fVcr4;A7Ry?35|ZyHP*-JiN>bf4dnWd~boqeZ zD)si|DLsY%u*0gXvV2SXvBI&VYjMv}C*bPLnP_nHwrDM~u8nddM9-TLS6?WXql|^&M@-rn+Pskq;+J+o6^=Z?Ro( zMlc!o(}Sh+ce9@%1lGfZpF1cW=C!Z$9 z(|U4SGqV}Q)zPA1vyZw8oAfvxb*Q6P{J>KY%))B+*HW#qd5A5b5>|2>jOeLmOIXAe z#z}*hLvkM=^FNBN(RiD?gi>%FNBP-%o+t!nb^N}dd0xEECgt~jk>J_4Ds@x%P$-16 zVjfu4j*mPig~0Qd&G04vOyZ!v9d9vLQDWn`EkwzMeuJw8+}PH#tzcgqZ@p?%@8Gc6 z8J{huOUSnToHmsMpe`R;YrtZ=7A_!#s+qODW&8yaG65aGk}+AV7mB5YW#lF zFwP#@ZD99850O*F(Iq`b$YJa*deu?+T$-{R{n<2)nz%Mn43!ah zXOxFfr;%H%n|3HpciA1PQc!-BN_Rhr!qpP`pwK%iNs@9}p|G*ZdhtU;e1Zn9 z=;o z+M@oSEudzXZ4}R6EnS>NZFbumaNoRST#G=+l0FaR20*jjpSDuem*_ie~>JghTrevMT{Ze~$*enpfOX%l3muX>z9TpKDbanGn;{my&hws%~*QhI^d%hDAiTW&orfdMITS?6~>}8dkd7&O>IImQlOAFp<3ih zAHvg(+Guf{RvL5~s%))Ogu1S5V(}jB;e;d+-{hnEVk++JD`WLYq)`hIYssM}c;2Cf zRl@(F@PLPe;+ zD)?`#m^;O98ULo2dQ=@nGLt%SM3bo*o2b&3uf?p*CLL_cLwznQX@d3jPEj^@^aDeK zTbEUs0XCPHf19Kl!a+7;#*=Efzh5T5o+MLcqq!Yncv}c_ObxDmdPbeQP1AKYEhy~T zT2zTGRYKc~(AN99iyVwLOG}R=4uY5ODX&?yG?P;NNiqCkv5j|hiIyXhLw4Y48OtI~ z;-V$G_-4ySRE{#gl0IVV+|*erl}zE$nk6QTDpBp;c^{I8Ehe^f$ZXPt1sf-(^9J}- z!gCx!x+Rb!M((bfAf7hHXVUqv6`l7c2PJRMFy;fmm4N6eb-^EZ1SzKN30l4N zj8%%!YY~Fpm_4z59aN}qoG`CJky}6Q=a{L%L2#iJJc2hnqh<6N#1MQ2cx!rxT@tmPU^s1~b6R=l5o7`UD1lFS32vQ7?0X-0QC%2@&W~kJ zuE5qQj$(~&Ub373Ei|>*d5JBi^l37nHUQ&sUs#^l{J?7b@iV)JCuM}{|4p9hn1P0& zuRps2Qid{=<5|9m*e9fabxdhzXf>XZ-S>W&%k$;E9#2otS0G-e_x+pQd(Czy5Btix z=l#>>_7lR^MVHS#TkSIvDv|=!*!I&B9(BwHDkZ~%&*20HbjXe^;QZU(2r|RtI#i>d+xDk7YwRJ0D_AyfFC&b@A+g8r$Gv0b8+@BY`$_4Uk0onY_iw zLb+UMzLe<(L~q*OVzCT6HM(GD4m`d9w9hdE##AB#?QnK{exNElmVjB_+cV2{0i`3m zjj(F~t^7Fkn26sIrTl9@ccc#39&Xim8~I`aCW+HvA)i3rw&kTPY~?ri7W@&3l4e4R z{)Z5_eg#Bd_ffQb`sVpH&ra{aiU2m~nRlR2qU|$as`jb#xn=YHQKt*1%%5o%*7PTf zFPMjkTK28(%I}@C2sxo=(qjYEozC=+iIk37ieFkY+QPO@lLO9vcURBfe1xQg z(#i`<91x!q>t}ts0w32mUaud&(f;xMwooEE9S$Xiwj`z{O?+}s=pEp;Z+(fzLs z*Z2SKAKEP*cj4|0f=732F2@I`wNhiJka1uNAqmXGmlMGLrntxKro>qvrX>5C5mBLT zr0i3#JNk;6@_P{Ff_*G6Fc>_9fZ|z8CkQ6!)biOD5RNI027NJ{hfruyA+)(mZZS-GabZGh7a*){O-ZR-9DNO0&R(yJ$X#cou+ zmJfHmvPX_K?0ImYljI(=q-%YUD#=qq9rmN3&%|x~c2>*d@H9K%t@GBk<#vQS@IPS^ zituX^q0bxei8X28@%q<{G*ixr+KLXCB+#q-u{;h`yT1G4v(vro@lFOJDlGZ*m*`y! z?9p%s}+Wwf?>sE5G3-u@smCdgd$Jfmkx72K+unk0 zoc?-#d+hl5-2Tc?o4NZoZ$Te=YW->+3A_rgwoXOMfFI+)@2V~qShSYr28%~p^{5sL z+LJ?iuJVoDyMmPV0hLMdY44efd$onqY4Rx~L24Sffl{sltbB$uI*T@2{Qh@wn#~^n z=2?zFlE2qq*_e&W$v4`(YS&^7~{KkEzV!iNt$eC%kMx$eO) zY-|N8z}pvN>dP=2OmX>1m@>R$oRa={OQ(l&Eaf|k@Kd}ugssKCnPiKpEvCGF)vn)a z8;r*OiYhS_HD4hFvHO7!$}+_?c08&O$SrTrK+B zy3!?K9}+%}tCYt+s%J&MYo*;clQaqkOvw3=7CE}nzAQiXTpE{zdBmYXCEh+r)2A>rSs z>Lwu1-CS|dS51Go!XRfG5a4=Kjs(1Y>{~y62SQU?YG|BZF?O7NkCy`|WMWFnHe{?{ zIRQ!PcTJ-%*c`~*S{E4=msroM2s6KneSq< z+m#E!diz8@q(_z$ng!E{7Jx|ngZ4fT)17?Kc7!0sc^l!yKla~^#=C?3Mot6&^tW?( zWivkW76~S98Pef?F-1Ba#r%Mw{4LZB(ls7p-i6!e$diuM95fAU)*zv* zAScJF5ET96`9N0iz}bk1^16EnR?Y@gXk>R?PzI&eYcbMyJh#wnDZJrh;y`xks2D!| z|EdUL(>sSQsfqbKNwSCQC$XaoyqsHHG!*`O?hBYNVJ_R=O`q}^MgcU&xwMU7kB=Ad&1@Z?pLMZmEyyrUKFfhj|A~k=wPt^XYZb84 z{=Loce<#T@wsVrVs7-bx=P866<}x>15z{~3mJyakO>3huT7EF*Y&JH=;O6HcE^?p~ zKHYk;!oD6OBTx{}!l^@*#8YJ%szZs6yaW#p3>sC$AyOWCrXMNB1Is?lRpz9K%}X2j zZ4Zd!FNyElaKf$61(}LWy?jUK;UHqV$Y%wNgt?I+prEU#;ZzpK37amuut*m$S&7Gp zhBh2nv;>%}$#7j{QY>_>?eTLoFH;#%8w;&<8zonhiRvX(DiUtRdyMW@C|q2r@MxWT zzI35q;1n;R;$Rof*-`WOq$}y_>e)rp_ zJTSr}oE2vpE_(f=O8F~+7=@x)(MUvx&}~GNkuHYhtJ#Vh+gdwjO^gSLP&kTGQ|NF> zWl^U%&RL^NubR-`f{fX!0T|-_FXl|AbI|=1m+r6v z`_?c_=f=gZhA89`2Kgyswzu9b(X6~hybR8jO99M0px$(=uEXnMc8c3h^Nv%#tu{DEr)3SJKL)}LdgI`va= zE;;Z6jEgH5nmE{VXg3q`3)2^S2J-XdNdDuQrxjXukbfJJXBPZ(wNIw)sw6LwhLTxv zwZX;ZqyCE4{{8N-7Ogd3u~0C|k6w>cfO1Cqe=@<>XT{A|r#q3FHaFjej6ZU8v3mh3 zO9vXd!I7r07C;{KxgcV61Zlg^D*zZH6(2>{$A3t-oE0Z~5t9Y+jn)x3gi%@~xvmYl&BbWdS$ec%tXyi5A`vo z5=JmvdwbaVsOkZYzm$KPab#*EPJ>IQ9cLP}7{iVv`!>-zI)az+O4&(HJY_pNj()X6 zZ?H?F)^g>7sJ(M#`8Y(MSYC;k;SOlw=x0%i^<}NLzU_}KzTR9Myq&y^AYMBOYV#K= zzQlpVCym1*co6A(&>M{;f(?l*nCl9y;x<%D82r|guHMqallyvq@bGeQ|Lgs=doi*< zp}2FVSHB+fd_Hs<(y)JCknpxk^Disj!6qqNv5OM) zu1!Mm9bO_${{^VJtxbx8v$gVQ6RDU#n$__T;Ql-kGCIYRuUTm>wByledXfAK@s<44 z>p}#AN>$PjtB7aaq6@>tHEhwamq|XvfGko7*<(-XoYoC2%Z{7azdao@cl+z;;N$(> zc+=eYEd}Ifx+@S-BXq=TE1wik13bKq+prq<-Ehb00@J@;fa4Uz+QN>q4T>hCwE>lA z2|k(HNXqiS?aP~&n<`zp;uL|OKFGkqbtQ)Kn7)}11-StBfHTpGA^kL!Z>8jWz{!%rBJCYyx zaQxt_5~I}n%OS`fT00jTG1+SvHi*h#4ZTup40a*o^8bKk)7a!pFzuK{KX;E?T^L+y zP-yoUaQqp-aH7g(JSlh--SkY1n3o-;oDkG5W7z+JWh7>D;0T_mO`>VZ08?#EC+QnFbhDG^Uq_b@0R1%fjWiQK^i8l+ z-$sd>tx=*I--o@k<4|97pz3)yR_$VeUQDpsz#sWYf&d?m@4^=FY$NwA*nZ&%t;i)N;F3!dA68c^XO5J&@0$qdN6>-zLMJ zs449a=Ls@5lz2|9r@l~Mrw2|M_Y)W>u#>r^_XI5aoZi(Juv@FCL2(X}vYA@#H|qHG zh%&Pexmt2P^+S3~Zod|18ri2p7Rff;rF1L3s2>uZ2tt*_=6^U{H3}hM!5lB+9b(q- z0|W5X8Cly-lUtQ<;93Y>$Ct+tN#7cw{2!z$y?7Mec|jB3K8#l7(~Qt-zEgp$e-j22 zsn9%fdqCcyuc17@m+JaVgDyHM9Iv!Dq%A*fJetNY*aS4JE_gF_WXe!$=+a}$b#b8) zNdD}fTLzqIbDBb5NphR&|Cty;m@P+&^+B)d=?sLJA#yY#y3-Kk4GioQo_&-QCK>x! zYKxrwxtSC@DQJ@%ucNO@NG5^MP$Mn-B!Hh5WF~=@hn5ltL5Q7f0<0pX{mE+Y=Qygj_l&Ah=c*OLtoL6Q z%8pQ0@$(%s!+>VKE>KnSE#94C?xiP+vyUbITt;V2pTB)hyk!9XA}k+y zok67nz`MHF4xxI)LMz`0jU%?CW|h{}7y+J$9~IHzkkFR8=NT`Va0q}Iw zZDEiB{&_ZCQ~e-fB!Yvx9P>~dyJj#Xl1*!~hxmgA7cJ)h(cevQrJ8o7c;fms3M9CI zZ)tnu;ds02=8Z zEd%OhHm0550C?~~=r&PXsG<_yggs-9)pK+4eY5J?y`?(Ed)41^iUakDrvfdx|~^>MJTEM}up*4eR|ES2su)LBEJyYA1L;9&;@Y zRG)B;0#PqEh>}yVi#P%#U+d#X5uNrGSWTgweIh*(_E)OJrz~E#_|4r%H)&q+$1}A! zETM63*hRJPPxPo!KSVA((Zz6R8;y@Jl|ae)9x5%Msr?#~HrrQP=iJ-3PU0S&ZnY13 zWrD!OJ?tku118?TEGP_7qcec$(YT?{;Vm%;lfXEmS(VFO!S4oivo^iN)`g zBzbm7ldU7nv1tuVx*cIye68%bFvw?!V{rUu{;d2N8`Pp|w1iZ}r5`T2wX@hzXLBrt zq=`2@jY)P%M{b<2*E3v{Gi3&UMrqS+``H1Dv(_qoo zbGA%A{TVhh2{R>9>L*bZP?oIraiDMnc^`+^RTKwZk3lJ+MTU%gSr5N^BR95ZYA}Xt z%Yn9C_%f_n=%a1xNUH2FB1>mnCFM$K=kvNRrW-AHR zJgz-wPkCze8Z;=SLRq;aT9sN<4XWzFgb$LtParu{o1vxw1AjDXn7r_$VL{5AkREAm zHOYM38#c@ExOBSwbE@T!wU(^p<8h?or)Qw~SECRX*{zMvXII&C$Zb{PZ^b?E3b)gy zrogmUE*SB*Yy{HEA*7PIs@aHjE<7$B)g~iZZ@R#4G|& zt}=Rhygh3n=Ql#YPeR~QiJK+sg5DGea8}+a?1g9=w8wVrC608Of6NhLz9O51W=6KW z2#9}r!%RE$&Y`C1@b>$Hp1czb(j`%9$7ZW${Qp_%TWSR1Ebfn9v?&H;@9J)1@!G31 z(pcJTb7~3eRZXS5k8j$w>Yoy2&2)I9b?AZ7M+?WF0 zfq>Y%mv>;n@gCsL6PUx;=Uq?O9K5ziHO3%1me)eH*|p&;#Y|W(Ak3@085|C~vXrdj zUa&K~qtoT`_qofORe; z1vR=V*(TsGc4^*&YfHPQ!-ppiFwH~qeXgcFy;>ZVMd0AvX~TXS{W%hBCCX-f4e6)L zWzGJ|<6@%eG2cZ&uvt%!#tHxtLHBqX@P4h!lLN#nJXpR%=@)7$N6yf zt4@vr7h-?(ig9$k++uV{Yg2GQ1h(e3s1$bt|*C=goZ7yWgN zA4o^2>l(y@vn4Qt@fQ&QvW`Z3jfAyp0s{-y1>C^L={&v0>WpK;8HIEj_vYd{^HEen zuO}WF4QBbbl4Hfj@F2|DdVt=F*bO&Cc+x?;KUMd#8I>atUXGVve}_w?)MY5F(2UVH zYXSKVsaO_#cSupJ@!r*tZFrXNsJtMLUZwf_k?gRI7w%qRu@re|Ln zZ0~KKz{S3fuK!Zs;g?^)0+RQJ-#3*|ENbAb8}c!ltWotGulrpuNa9Q3D`2SCh-sC( zPuCwv%_0S-J#oZUsNS({IhdRX(O_6IT}PBvx_rl3E=42fzw7 z$XCG4+vB;}D-h|MX(|h~A&!zG)wu%3KJjbrXjXw9@j6@HI)OLOFg8PtY&`5#Qp{?h zYx>6N>NkT)C;G79$navTaAk&y8EjNtT8&I25hpEuDUpKyO&{1O5sfW&uqVi*v9RVGc) z?}mEN!6duZdSEHsgZ828l!c=GK=X;Dr_sSQwb;`?AwJ6u{sgs0EVk1t=%wt6TFP3$ z_bm97loI-sI~kHc8(Ol||9l0iYymy5SApjSl3(t|M+XHOVC5g(drnDB?`lJ@XBvpo z2k$w9Rn#Mjm$>bdH>%Ft5cb^x;V=jq+1>pu6r2)uj+vAgrBK=aVyA8FL zuenI!hTPECE@JT%0jQ`)JQ+05BuoM!v6JH<~d&7UzzXq~e* zvpQ4nmqJ~y<7z!5DUDbF<=jAL3ZRxS&2TxSK}0z=((p(U9T zNc9PdCA`@up5lfa1{MQLcbQIi-wk9U=?ZkW?qLG2w%f;*VeS&hH~Y{-j%N)8&oiiw z4RGchvSu!51f0W&mnd*(|Le(P>ogg*YDsmSP4=SLpz}$gVFN=!w&7;=t?XIavKgdjm*5ys_7Fcf(?OProvj$2SE^t1 zV8531-=J520kHwh7k#*%K}-{}rwI~V?)K^)fQ*YoE>^e&_aCEoIihWVAH zNGGn1gmOW^Mx9!LaGCrQ1cHQ0IYW8!D37cyf<$JHHaDW%yS{ma3HmIs{EiBp0ObA;rLPn#?ILT zkfVKLt-Y-+O|X4suN;(sVi2UAPQChV@0uOKKamvtSDnhBkUU@_SeGB`!FyFU6Mv76 z<#k|WZBHl%B2u3X1@^P0dC)5Yv=_}t6w8kg66qtET$heO2#5DiSc0r8mVkLm&LDi9 ziK}mfAb!ou0SL|w=zJ^UDF{}O2f5E06wx^Bh{faj%&1=RBgY$f`$||F_^6c_)5_W# zEb7hu4e9@3=^KMH>AJ3C+qUgovF(X%V`5Bf+qP}nw(U%kiOnzf^M3tfRi9Jcr@M9? z*4}GvsN*2TpuXQE@({VHR!K!?HNvI6emvUR5%9+kN_%}kvdHE*&DgMLuO)F}alY7X zXLfE9RjRf|fLSTHBi?Bs3Ct*yZ#^UhD1A#tJwIk45+}$1oi zOVu%;0g~JMr#x+A!uBw~k5w-a#CT%S{EdM&qDBPHajHW)h$uP$*HDTyWIN zOlBYc0{3nGE|&IT45>)A5{V?K;+*&evj)a#H6kL4c_zpH38fE z{e_hEM@1Y_iAs6+jMGT^MbUBC2db-~J@z2iRriRLqOkc4wYokv%Lx(^?Ojs7(<*6& zQJz^y#w(O6jJis}=0hK=ot<3vqu2PcswU-g~>=b zTNPMShwf~8>0A~o==&bro$-Tj>d<3V1^#kt_xOBg%Fq0=)w`v?oT(aqNp$4 zYfn?%uSo2%!dxPT>*XTNPX!?DmM2$#GTca$n zM{t&kYmV)8wqH-fqMzJuf`dt0fiDvNteAURPo!rI-F}sZU^a(5qG6{bFm_Yf0%u2S zd4xQaYW4ve9DsAhVT#l<7PzEJDd5|pO^G82+VfOpzJDcx-jh;Lgu&<3TaRa>=C2`3 z3bH`xW0blAD3Cv|Ln5Z)`a7VYy}3giOw>=AYv8Q~qsh*KA_y_Sq(ORXWhHL8^8}8H z2}tQmKnjOhS{~WKob48%3oJM@!Kx09Jehb@=;rlhxDtS))eG@FI7vO&MJ(+?y}cTC z4)jpJK}eV}!{UnfnyfvV=R>P)MtL zWts|~#LVgiVYUV-q=gFm1nF;K5}?bcq^kgbUzf*bb5QUIbGC5D_mo^o&x}%-iPqC4 zje|)COA^t9B**vIGlqQQM8QGcI+IN6bM#_GD;3TcX98Jnj%e#n#%L@+cEa5j5FxK<2V>?Zw+lA9r=X$n>GSbcr0&BN)j%snbf0e;z%lMv*Mu@%w-lCQy zpG#vcy`#U@24s>`+Gl9uNMqo{x zJ9m1U;AL0oasHVO6X%p5-&@lUPwRZw`wu^sZ>aaK{Nl=WOonAW^IOXBXVtn}jvu<*Bf=nZyD&V-0r-F~J0Y+}v@* zW=6FF~Qfi?#t)Sx^~fNao(TT+q+9yyJNu}Srm0Kjm(aF zmyiRK6d!H0eN3tY+~EiLdxt<6fCZO;y9UIX{6?n4uLtrQg35@ocp%k6tcy_ox>t~z zVDf=bc_JwOdXnl0z6kp_n8{iXe8CMR{qx?5iEGSy8c{^RR>7E3$s5H3fvoUP=w7ls z#$&;aq5Z2<@_~cyw^E{+1&-=98;+@&pbF$2GfW;VUig-D-a7GRt!~7q)2D=ddO{sQ zObh{z`tbzV&r%jK8F$j%jTZ>h#(zvAwjgx?I)XS^oQ;`6*1Lvdq&1Ep`8n1%{%43| zg-bKgC{H-MX9@sO9_;&1uBP06$!}cR&BJV=4WNWihLPD!=C&_c1L1Sy@TNixC$QkZ z39@Ok`nDG*pvg=)pXS`^&_$A)HdS6Ak_XUt^QN|PO9l2W^=#|5Lvnhd)RGo$+FwVQEV*s@bC0_mT$a=otoB*Zof-c+XRs|?MV>n=o^g3^=z z)DEE7b);fS-SO%NdZ3P}9X>h)?Was9`oo#kC^{t&TXFMtCAcy!K3^F`i5S&nP%ZD$dLGdch^02FT?S&xA)<+d!7 z2%-sR0CUuMfX@mjq$gH@M14IMu^%3x?VMaLeU%CBGx_N{cE~vFTiat6IvQ@)ECn&) z3+}iFW*@{fz=BJvlz*n8Oq381o1!e**7eJFiPkWmD`M$`d;7tspUdnFDJtk2U!CQ2 zz@Se-jA@U^f*Mb?6B#p`)AwNegkbA3nZ?MTC98RP_tb;6&->s{#WKoOGw6+ff##9S zWV9zFsDwLLNi&s^SFCT3;o{F|(5$IxZl7vvmS$8wj!IK#|C4x4eW+4~BX#|Cy3n;1 zn8{hIkFT;b+eU!<;{L^2QguMFN04>EW$zVhtp%(4?1A3Iz~Pn=!9t1$#&Q=lk1qJf zigx0~edk%UiYTGOwh{b50E+$3eH!26f**?nfeTHTavod^mUoHVg^^6UJ^#@+-*B-V zP6CUjv^`A`bBGEdkhc-l*$Mu9Zrhp$TVoQo5QI0V{}Ml`uj)gX<*iOe>f3!(QB=|| zb3OYIs$i!;?-PQu+@C1NdHlQAhJ08_#W(r$SB&YFtw3B+D2AO3{{eodAD;r9uvf~~ ztj=)k(@VQp+$bzkoRUz#E8eBF>2N_9-==9rL^a#}?ZN@dfLd(xMa&<&xeD{g>JN~FPcL8bp*kl)IO9p z>=b=+OX~p^-YB`mE>vt+p!_i&NpITKS6w_c-`;hc>KUN{1vgoJ($2;JPlf7Jl`q>b zai1<}jkf76K2}6*Jd`OuRc5>!cw{aQ9!~?-$Mpa*;kYTMHpho)Y$=+a%bS~=V|A5G zS+S)iI=wb5YxBWk(Dd;sFhmo8texjKtUfbKu53enNT+z*S+eF9Vz?f#Gi0()V$*=V z_r3J<-&3V77&!9S`IL#0AL?q5>ZPcDAfZ(`q~PqdDJ$t=?k+WY&yIoL_8v4YCxT|2 zNIWnC17kTph2Pv;+qwo5K0I*DhTj{iFt0#aQwfk*jER0mEap8E&ACM?V;*bY)b#w1 z))X!&Tmf(d9>?!dCp@GL=xqeRte2g$oGi9KJ)D`$d;OTzGqH5a1Q^$Y*es4T{UR3(+peX_`BGOoKLjpH%HJV8Thhh}PdhV%jkS6g z0P8}&@u*z;nt~om*}r_Hscu-hX2q~dKmQ9@9>MZ&Oh4t-&ueCU?7%LCi^B4W1tD_{ z|7D4>`a?zS3i^Qh`%WtuFL0q8|DmNgEfnOz>eJ)px?e@*ngk7nkFb}93X~J`L+yXjFWzWvS`hepL8rt; zg!SxO`b3fL zXnt)48mm?kEZF`H4AJ>ZwillDIAXGAH&*a@^?N3;r63S2#FT2tIzm~O|HY} zN)j=d9;d8JIBu%2STeple*rA?Vda2uZdRYNI6pG6E!d|jb%;O!Cnc)SPdFJJzZO%g z8ydk8mw|Yg4{!%2nI&{XM-gn*h!KSWI9kA2K8U+<=NA=9c{V;f4iPK>5`-`#$cK|< zzWSwaBLvy#a7-|E?Fwac-yM6sn`7pfPnAb-fAxX^7&Nh@P0!dfh|($B&s!0Rxj*b{ zKX5%jbtFk{?cp)AZYrq^7*09J3+?j}#Sk|fE?WKq`{YfE=yj>`BAZ$F!twsYMVw$wiuCmE(1P`7@r) ztL`C@92jy2^Iuue^$3vNP$Rs8xLy|96GSSH@(?7P&vYl zm&G)Zd)NQ~7(Ng|4FN9cD`y?@=jcfe>X)G);k=E+rWu!CRpfvv-X4Hv%+$=4KoS1O zQeJXEBJ3MiV)-QYNu%Nt*59DDbMn|FlzM@&B6F5BofAI#JCazlV)i4}UgsCK^CC z1gBVO)#vPEldj2U3mstBwH#|_9|9yP50$3zr3pe4Z!PX`v=8?Nsqd`ql&<=*;ed01 zH8nfA(HOn4Oe`>7(dwIpIQA8L6(U7R>excM&MnebXr@|v__-O?06}Yf)udwV_+U5L zsCmQ)gWSK!02ZR2M50v=Y12P5Qzf&|QW{%>Yzs)4R)8YgwAq7fo2sg`QyKalmJ+Wq z%kC10*{9y+hc*{}ntHed7XtA88?M+9|Ce5{h@Wnfm_eVKA^&nTFys!C0#sk7YeWz_ zJ{(}Hpv%dH8o?+&5>irXjFtz?Mn)U&XlQHgkO-H|Vhv>g1rk=kzv!YO#)yuV6H>CA zGqr{-8=ba&sMIOI>!>av@4TS!-ejTjxou{?ZouDAU`9%*UO~UOnE)^JkDd`=h(D*6 zf>>w{f8UPd-)$Ovzw0t0FJVJIJpJ5ru)=@+-g%RLwDkvKmI z`ORbuzap3cP~I#O^veg?v>pgs8lqq#ezwuFAefIsnnQU&M#NfoTwN0WR+4R?!- z``{BDO_=ahaDtt5HEJHcS56-y1v8jf3_zJ!^w3<*6ZHxVsgZrI3935PE7XEF0*A_6 zzUwi469IMC_xWStF74-O0k3P$tW^wuS_O-A+o0D3vAjf$v0BRuc@pP5kJn+JYtVQj zc`I;V39mkyprg}Cx|*3HR7K#LT;tL>l->NcjS(S#c><2Dvd_zj%!2vWS)ZSCabZ#= z-EOFu5w-^2!ho!Sh(=MIm~r63b1#Gx%tL03uIGV{Ukpf9nY6UD`)dI~ti9Q(NBiUoc8Jj$=FMbGd22%awk{ zP&{o~f$ZxS*8c?nP(+a9%VC-1fF?+PEO`=8zG(g^b%ZUXiRxxd;Or}!UN<(}5A&|r zS~it<{~t%9R5HrbJ|Z8s`Q)F6kUJK zRVn&A`r7{})6xTWTnU*1+p)F%X0}|XqkL4TbWpU<9U3&5SpL!hOesRe&RP=5Z-SRB z2X=_6Km;qNjo^cN5I^TvU_-GrZ6V4zoHQdMYv$q$RQ#rTnA zwE?|M6`--!{eKD!6N3>H)*E^7;Xlesl;`BrFRM!G0FABs3&7AVvey|sYYX)<#ba_F?2yn3&?GZ>D^y4@l=SvA5B#snKYaMRI26g8Xd($xty1K8)2xU77<3ca@8y<#RvSng&r9s|$eT6FFcIh#*8lMbtuxxuX6{|C*LRtTTr>qa=K%Yn62^O+hm9@D9hnu+qA<#cJ3)_u9>!aJgZ&?3;rxe!|3i!aVH^%uaeZYQ4lc6x z)2|C^$kj68BPp@9|1fy{KOElp55c#_h!#|rqNmHWmKn1rkUfm@Ise1k|Dh1zzx(+A z;Xa_j{D~4TanNsU5pK#*@W@j9bSzs!E98vn(hnDE!7x^`)q$IPcXyL$L98xDj_4Ob zRUtxr3o;K!zMZQ0xjs*qgx$2W&L#3+nh}ZBB8xytH-G+) z(GqNu=mKvO4a>t@{>$1@+|Z9P;)eY^!enBBh8-cfLm!jcFHZc|!5ot4K;I*zb^Djt zW~A~MAR|!|V`f1dcm67L2(s32XF{kUJ*#SbSd+%KHPQxG!MJErqj4<-E*eQ!!oPHE zW8z6@p5>28hk+)Vm9}wlmk7P(OvF!NY%ypFBsWO)!Zf78D#X7C8HS?9NWtyFL>1p3{#Pci{==W#cM_ICcBfGqWvX0 zlRSkj;UZCBz6*mVQ6Tw{TzQ#efsmRI#f=tT=ri1dh9sdDJ1Q3={SSl5s3nTLbrQA` z{?Y-&c|>!x>=PU#cwMry@}0yfTT7hsyF_6= z;A(_-F7p|v~6gnW7Y|MOzL^2*w8&~$#HCaYw)*}tATBu-ISbI4kk6fdO z%gR|tf9{N!gd&9A{nna82Wy+IvNtNJReT2NG$Bt@9 z05geDy|NJ^AZojdQLtDZ++7ZGh@uw8TGK6)?wQf16Dp8QbfW|{f2VdwZn z*3B*|jA9jG0IV3pG5&e^+z&+5&)Kc%n$>8QOW7>h1qTt>KV`rqBFsS`0$4z|MaZ2u ztv!_}QgAqU{=@HUC1N#&ry&|DIu(Z8dDiF5^Mv(@qY#g^zis{wi3KTyl((2>Afz}@ zw1Hnf*xcIuJ9KO1AO^k&=pU7HbN1#GwnoOV!#Jk#uz$JhrC!_4DQgEWc9$87T}{%# z!wh~Jg7C&ATIW(sc!CqesTSiw!K!yl))7V~CS0cczisB>{_AEv zPkm~g$9n7K*L$x~44FoJTp-7|TqJneJAxryhy{hP(-Wm6&q8W+Ip^`Ax8&R~A}Qo7 zP+SfS>`V0q_}41T?2I-B+aYqWa_W1(ZRMr8wN1$y3umlXV~4`I^sz&p#@lr((|AxC zu{oo`gu%;uCy4awXcMS>fLb-cMbTKUXqq+s8^Xv(UMtyt@f}-d6c3nIIFPYk$EE75 z$l6>=x715aqbT}IURZ;P&EZp+vfH3FwC@-6fm_NRbV>bu@&0|| zhm)oJL(FR=7iIT&j>l-HS*Iy@wV7`FVzr~IdB#8rFM22sq7KO=-gy8mTj~Yo)J8QK z#yi(b0+X=$tNuq?;t%dMu&_o5c~PeQs04BgASuP)}Xm!F|7@9$ML6YBe24(z1RV-cL%-S9^X$IWWC7_ii-*2IOR2uh2KW~l6je3fPz zB{y(?+8Og|WQaG%=9wiKw>z=VX+FKzF#5}oa8MF`zokZypxXZ%-Q$X*b-JQym*#HE zRy?x>kK?}Yf0eP*C~Nv;F43L@PMGV~DNIRp33Vgj-wci`bnsu7Z0rm#Zt>-2*f;-r z3JRs8wWn-tIcB_k8(LZh(oG(bv~uTDBz3~w-pzeuhm z5necgWtii%vHDT=QU@!W=V!b?U%3lw=!JMAhe#SFoZQf3Y{C!2#R5<)X9iKmvB~yM zJdP^29Bjv0?#U3`tCZ)dJTgqBj+|CXC-ER!#Yi%Mzp|3x;hC3UU|81cKEfgt>y@yA zO~uHPz&U(7(ZD6W z#}XFf3({cTO`6&NxEsqNF15)o&yf5VIsr{+!@3k+k+IAg%1DO8J^Mkg8kI~-GFJ?41vv3+8#eAjn(4Y9*xoFs`|$Y`w%@D52FL(Fi>3nu-^cTO-Yk|$@(r?Bm`JZOF0ardRvM!36xk+=lvFX z>FUmC9A<^Uatd2qF*1sXSn|cUPYr(#h204H?wmJnwHSiR0Sd|VEY!bs4XQKIm!yxm(6W;N_tqM6^gS`3UH{+)5t%T#9QJa3qX!E_bK_y)+xLxk_WT_V+Ml4*mKR7 zl9klobde_dgvd+sZi{1m-k+uB&iic$LU9)Zv5$x*O3}`;Xq&(=R{@S~gh`>W<@z`A zPR1QEfXbugnwX(|4LaaU-0@l&e8r?O*}U(LfIbsVfnv!OtwFr6o9;JD?u{q!IXLDV zs9_^AR#4K9sW#Wv1h3_KFdm-pvXgiXBDumfs6be8nOKL@wcUnlyvI8Zb$LkyDk`q8qZsrl;2s@B7)BYp?z~%0TKKB1%6jqXKDg0G5x}SNz9+ z4lkasH4|Y&%%rO~B)-C#Xl~HV1?4p4u!LsHmn#i~;F_G2sA&6qUf8VOA{RvLF~)Nu zcr6aRLOXrWfQ8dIHZti{4BLq%Bo1^_E!dP@n(LrlOQ-h_>f}h6E$vp#n1TcPJY+6FrrCQ9G#v&OI z(Vd@emV8o*MQ!oa8f?wog_dpx8~`K1Jbwz{z|mqC-s{Znbe}J?yVu-lYSvtaUZzzR zxv+m-$iLFN4X@QzHx`L&{8rpy)YP4gXOH# zx@3N8aALv^VWOyAJuLguJj0~FH>3P^f&4dJiDVMR#KuBMf$z@3PUT(Nb9pEx%E?%o zCzx3o(VDlBO6>Eviou5W(wTWjTW zkXAu%AW)UTM@eMt#>J9Nk=2g?RD07HCdp|3amIz7GoC}1h=vPrJL{4pE|-xIrcuBy z?gs=Zg|J*3!XNp|L;Ru1*l%PZLLoy&bCykw)^^!Y4V{E}Y$~8=f|JsBrKz2Qr34Vx z5#tYw{JTu`$I`W{{Qkt&9~c4lg&6eJ#R*tVrO3*2{ByM{ebiRoWU-q|dR zD{`B+mx3`!KQ_XggA(vd!JlotTS^w&a!;`m+ebc$Yj84eh4#43Cy2HcU<2Md?nkCO zB?~+6J%9MiyE_(>a06!lTz%U$d(xeo zxsO~tEz3W&L9w%5Hf3eB>Xnzxb1H<1coyP`0KalYx=HxYK^=q=@aE|(k7Q~Y8-EUx z<_)~ORO~eDdK4{h{IXx#p*YVH5=YL(3burQo<6QSJ+-ABhw+3((8Q$YD*7v+)ljD) z&K&(C9WoYUSc&Q1%SLfKg1k|qP{L%Pawp256Q4MG%-iwzmusMABPUcj~YtsM%tifCH?NDpGAyry~1@=WFzx? zm7S6d-}LFayO(dbK?0F`QMX7g)qu5WvV^H`%{8eEr2(*#E96@&MX>R7{+nd>xuzHu zn5bXhS=M;!-(MRrA^x{uzq=h9hbyT}t^|g1!f4(Ktd4hc0kh95EL!^xa`+zWH%FOw z@KczQL-)xrYp#vxF8v_A@~x|t4zGS-G|jJcWcg$=2YI%Dm}OZ3jI)J$68(Xw0QUmq zyb~c?7wLSqw0Wkm2K)kK)YU9gQ8Ka_)s$V^M|f~umIqYFf4F6z(8K&s>;Z;}HMsBi z?})g0hEs0O(0>Rb?v= zHUdE(bp+cxU8nNdW#!3{^IhViQ{cyn-3V8KS*zCi*kAcw{RNX;>}FkE*X$H>>^OSz zUDr5sce?oM&FXrKa4LpxTQ}0G&i9C$5vQ8Fi1hGYHC-F*=;{~s(iLU$J;lr?MX9;s zlkr-3Z+HlgQd2e4EcJGb)GH@8ek*Z~em*9v(qJ3nBo~d!f zasbfU;I)WUkct2=tTUrV*X0$6X(f4;A&_(#A?qJIM(yi%y%sH!0hH(ZxjL~=?9Z0u zs%I^FXf}@m+Z!p4E7Yr>c|dZIvq=cGnGuGh1vmEhW7CSfj|c>UmSXY%v#BT~D2`b@ z+?-N?y`i_*YKlQtA^NIpA$iO>M6sl{asoMlu91Jc9koVoMoK{R8ra1edyd`eUaLH8 zahWwB<{zlE^Q-ktYmz8+32(r5#-z{NL z-m+1toU4PFWQCaI8TXMa)G6Htvmnh=(%M`QOu7JG?}oU<^-S~ga2kaQw70+caO1Ps zS;sC1CyddyuyAPz6P!wB+Z|pMcdVf(xNJryfJvRrp^6Qa6b5*Y4LCIIW6s{s5-y2P zPPnj!Qfas34=^%wO#g0>biHjbtA==&ml62-vx`p2)<6oa|8V}Qmc^i!_C39jwqx2{ z;g)zge>#ea(kADQu!?S44$n&3!wBunyyB4^^Fnv3RkrZH=b!E>jeTx zKd>YJGx(Ew@`E3H!GzWg#%lVIG9CKBU@GAFEP8g%x9s~LPYP15R4tBD6M`eavq zWe?f-(m0IzR>b_t3+O1CLIUuiy)Mn@$2B0vH}ujXnWbC1_w3y2SSTTxRLtPi`>5|_z{ z{eT>bO93=)mxz>7&rXQ%yqBV^AQcT>8%{YQs#uQlsr(i#T>fGOcA~^YnxgpBNkN0C zWqH!Ko}_V-C6ZBaJ&}~Wun4x1Md4+$bXnH0`pEcpbKWtdPL+p0o|Z9lBK9_^t3hOC zJ-usM`z(X)TB*Y80ultGUy zvEn!4`W5D1*RWP>HsczSX`*WLS~B~B*dRq%voU*ORNLU?0Yas}XBd3|o-SYSwWqZ+ zEs?p5`Tzm>*qPbgZZ6NiUEChtj<E} zRQ&KGBjR)Yy%L@$!LGd)nM-|B(icU6k5so@#`ZNPYBl-iTh8!wYSXZ@QFjAT`ZL8; znLdx@sjhIS9H=seR}97MtEX|$9YxT|qpr0baC696MGsQK5Gv==Dk?Lz<@R`y8Yaae zCi_C(1u5L4`Cy|oYh^)NC(^eORfcKF0jJ_BlJf8ADLz0w$R|qk7Go&HTqRby;eXME ze*a3yiaisgk)<_D=v{*-mZG)|67JGBehj9b0qv%)gE)Yc)J??oJER8GOYtw0u7+fl zXY|jN8A8IFQx;6a_^$P*n`Hm90`{x{sj~6ZOX63SjT+Iaf*qJo6FaVbic`LpET#KH zhs5C~6}@DGFTWM&Hf*yU=%zi)hy8v1{dEm=y86qh9>KBDTOpZD!{wykJ7pXOsXc#z z>%gLZlpP9^SVlNOTFGIiUwF>&pp@<|Id65luKN`b?v*8ZzR9WWe~J$cFsDi?xN~Tl zHYf@b&`cg%{(=j|Ea|rWoct#YOB9E~M(C0soko7&6Nfx{h(T*IoZiMDeBR;Or1B4Z zWb(P7jt2`L@r2PdzFQNHS>pKE^_Dok=_%gfQ#ZQgZeB^`(af!1vjpoXj9JV(hcl8U zN<>}MzG}6d0G1?+wFaOc6+LF4acT^F^-QInH1DaA*|0^6W5!0p>ebsshontu(ArTe zYF-`w{$?W2qs80q*+%xIGUepG5^Q`)oVGG`Mu7qZe zIhR}e`$o`pL>Y;#i9_U(x#lUMV+J$=l^Y!Ru`Ql#v%dYOwqnE-NsOB8UhU-Gzh2+ZKef%*i=Meun34c>Z<#wdMKh=wOty zS1->^!rWY}C2Ql@gQkw_a``=Wb!)>bIysc9&1PtsB!FbFfNyRA7%- zvX*(X-DZ0?L7WT~vwTQ83VVpOr|i@}$YgqY?6a3%S`Pg(Kboi^jtKF8mi~a7{VbBBM1_`E~Ok|`K@~o%{+yhW-CIJvk)I}_{ z{Bq)4gUlnQP3y+}Xk3qSyu7AbFk$j|64JQDj)do4JjoiOL|1SuEpk z)j6*wyLa+QUGOW;9m$=Pg96gRg?h3uKVXw%&u$XAQ{E_qbUu1LE}ZvqAM3u7NG@at zJw0Ia(El{k(1RZ*9zeczA5V6uBE^#v3!w>u@oTn~^bw6}B&@8$nh?5Ejx_1k-CxP0 zBjfMp5bm$(=~~SsrOrwo8wGh~M?WLJ*qtKYP5n%pA2oG8nS0++TH|^ClOMb6eE9@_ zU;pFX^xpe+yS1^&gQ4776MR!Eq7@;`b&l1~h#Zmrmg9mAM-m0A`1nRvXKU`^ilZOf zT)WxYP2sWpyzuwl$~6D``1_f4{f9m& z8c*22a6^!NPAC%@p8Q-V-V)NK$M?P@ko%9@-@NHGm~d{!m>KT#-S59Pw#46)n233= z596&TJ6u1h?WyrT9Z|Z2Dv3|`!$dV@6ZgaUr{-$)`-e%$_x&)dYD5#_@URGLm{a!8 zlGWy`o2m#2b>sg6zdb4_3Rx%d{_9#9;RBM@Cx*Er8wvW$VaCB#!o|J;0cOXF zx$8}AImEaa;ZM^IFBj38p}>T{AY^Fps1PLhaA=neJX9%6lqKvkux>UxriOat1_Li( zwzaZbBl@sl5;SdV`dsI%OufG?NH1`h{sEg@<^A^2bz*V}$$5ZmGb-! z@>?(HLOa0MiP~xZ(d~YDweCqx#{;&uQ#$pL-K`P5b?i@O{lH2~+m$%dJYTgCf`jYC zV>s~)OfF?`mHu~U_!r>;8{#M1BnXrC_w}P|E?@Q8_j~v0JL227E-&rbx4eqxYU>IZ zz)CxY+(-#;G>Z^@69@l@r?fq9uO|0gq7}Y%FX~s1GF(d4{ia=be?9D}g4n;l79$=D z+jZU6lGMkCx;Q(d0%?a7M;Jqw`#_$HZ8W8RRzTT>`Fz}%K|PmDbf(>op5+M`wgQxZ z*&&)!0QdJgtgGjjd}+^W>!MIyGAGnK`}r9|XQE!N8*?C+>b6154V7aHErz{=kKkzVWh^4!IFc-@JQ$*J^xFY=ov&#|to&T` zN5vRaM#0CmB6ZXF-=8D+ob`*%_WO`k+mAagPX}jhW1G!;6$jpU4E?|DdUh`mSh||DqGRg#SCP- z*joEUDO~(3(zc>g$G$XB6ClWp%TYH>myYbqA?Q3U(rX-Z1w!Ts)KRrWY@tS zvt+rHcg-KeJ6fS>%6G9l9xfFj8fP^EO&^qVw*P7}j3^iM?B8+ocMGbyRXMdM+EW$zous?Ba~@6_}6#s%L$)z4nn9KM(D-SNh>Pt3KCV5we^ z#Tslmv)Y;T%Az+s21GEOh-t)n3^dRSR9%LfE`4x<1W<29u72idK`i%T?zMFx$k1lv z#DX}c9CqNLA!1;*bVADh*4#Zb>S0GT$&}Ed_4U7bG2uE^-|o?)MShrth(3oadCaqTy_ljD0yQ)gykk`IU8GS+6}U*&~oEg;F#owV_UZ!u3A1kvgLabJ=biJbY{g zCVx#&Mflc@k-M^FC5?o)><>;L7CZ{JkQ9x1Rl(wrP%QgpW5$+xx>-^ctg-VHp_CF< zK%SnlLt!(o&5rAkO0CW{&xCi%doz_m;l%%v#;)U;hpKaKoHMxyvbrhpaTqWvC2o-bCC$lcM7FR0kbai3cf$ac?ZFE7bM7*mj z7O&I~xNkkL@nb6xAt{25Vcq+&pFr~VF#f%vhzNY4D^F{ThcEheFU+HUDNDoo2VgGg zE$1h<2$?mAQZ`WfvHJoxf-`|$6Lx$Os-%b;&^-Ob(ufoavQNfveGPdPvxW5tiDcwK za&cVbW_4wL>-LweTcrlA>1?VPhCDQlgtN;ItuVw5ntbKM--Ph?tG$H$NK%1k+p0(V zFngGMPnq98YWeivchb6ZTh`b<{cINo0ga#jIM(QUE*Qz z$eC6ozD3JRxa*_mca!66TR*Wy^|Z0ADIX&$xI(*d_tF)PPAXL~(Ft39QzX(j0M8cnK4P!e;&;6ccWI?SQ;FZX z{I%;p8%@Hi{{~{z_cbEL9L@RRjr2T&lrxeT97bDQv@#vBkY^6)tOF81H(!0J!T|f{ ziW{nkT1l$cc4kuL2#QrthW^PW^=Q3(3iIp+cO#TISt$HdjE z95NQc8);_Hrtvmt*xqDFYEJXVGtm=Z3-ZzMvBCrNaZO_8Rs;&f@T}_gMG9(BZble6 zGVFwm^7~@pEbG%QCjXjcb5AHsb?2Vj#-eQ?t;{T)cL(`hM1<3 z<&TEHzt}(&?@Tz$8sHa1Q?xf}df<&hj=vVq-8S*#thxthBZhFEn$~lGOE-!I9h(ht zXMu(xlkDA?<)8!Z;UxR*NFf;eur4hh$}Niv-8MbQv};e0Hp~J;r*>1G;>z2{1lLy9 zXK--1Dm^sQ^6^JCp!PU82TrAmo5^prYWX*TEj=D~xLuu&LV{#`qfmK+P@$djj=^L= zub`zk|1uHBpPq=baUI-Gfj}_Zxm-uVMU3g${q|tnlAYFGC2H@CS17yYVD)uW-RwOp zS>_N7qHAI)Eyl3UI$oUVGq=`b{nK2Ul%X13_Yy9vRQ^{U9hrj1j~`|~VwzFKR{rOJ zB!LY}7;3z*?zq0$8_7B$cjW72`&{z$tykNs9sko$e7`<~zIr3gq2GH+Cq)j>r%1i` zwVN71MgCs^n<`}0A-1^Y0rgARxs20(pV{n1BNC4TG14?SqY8XCb?W`u+~QiyvB&9F zP^*{MtR?dM({c^tblYruGncuVQ}iy2 zs{e%y@!#yZ3IEsRGnf6(KmXmUp8r1GfAIgin`a6B|LS9EQ&cC$K$54fYd09UJjO4I zn5)oG7r2QPKUK*$6T&%-2>Pt#up~tLd+;Y6pJ#&s{fIh#U8dJS9-G9o5Hc9RR4`kw zXDqaT9~90JH^}06 zivG-SOb1jcCTR+T4ZL?mw+`i{>O(;;au;;L#-;pSh1RIm7AKn%1ohvv34C6ktFmAT zOG&sDcqaqv3#J>%o$MXl)55?7cn3Fn1-yZFHqKSSnj&fG#D2_a#jjjJtQA-Y@2(2@ zC@~%Z3)8CuXO0ftN_p$dVJ*E~8o(+QmRi&OE<rlCQMWaqGqS8Zc)Kj zTNyVT*Va7%q& z+5^>dbHAm@>|8FRwp7?i6#vkxrGq--Y5wP|1KvtgK6+Jp(arCkyh-(~P<=)U*_TZo zFy{!^`upiTi$x{`G^7)fShWHYW9uk;xwPS27=^sdW@}^#fz*`jTAwITX&Jvh9kh32 zHX*gDK0MBmzXetLIJ~;XJSq<0X-wrb00_RL$$;G?G0KJ=z3vxqTAL2{4o`tcokajf z52-@w09_NE-C2+c;W(~hR4Bgg#>Tnr)9f;Z)&!XOOuuwyo$sIx2r4ywSlwNWpi{56 zq^{_j3(-}oFLrnEc&eQ{7bk1Fe&R}47UrON+pdd#twmix3k=xdHwyw)u5(4E3o#uC zA$bFyqeD<$5pX;1JTR8KU@TW;+I$`GwPSBmg)F~-s`HmO%w$zmnVLiJAt-C`rN3u7kC~-kqgdpZNcORw$;WwAA#^<=TxWL7aZCjg z60&R0S__qy8y163U*RGO`EZ~1KXqgORc@`yl;2upl(rEGh6hRn6Mx1zhC2az zN8=c!G`vCs%7rX)$Qp-0vpyr;mluW6ONKD6lrqAXUXu7aoG>AEs`OrojV9aoLR$v+x`RlZ3V{K0& z>l@qoy!*+>uU$~~AOky(;2Nq4bE31bnj~}PhBS0kUd@Vldunsg3pn3}YE-Hj)aJ4N+ZfVbA_pvZF3u>?iy&P73u7G7jH%06gAoe_!tnLd7kzWEvkFUsd zW;fCXN70mRQ=eD%;bKWzd!a@piMBk1b^~;p-)px+olsm|Bn9#m!z`Aous~b%l-KG^ z_`&ZJ7HGa?vC9Hn!9k&PgiVDEGWnOrP0Sk2k!lJy4tg&@XRtKlsk2%t=rSWdLJ7IH zE2)lAGks>+n>@B4$7pou506W{LjzQFtj1P=H+TE5Z#((M_$Y_$;1G2>D8J-q)@J2( z!3wH@_wx_7sBPGAF{gZQ2L)#Md0|5Xma=}*B1&~1%_NOQFeLIPGX0*jvEu4(`W?|h zL51}@8(5*Nv~~N|#;|Yg7)q$Fe{#fY*rprDFtc|(Juk7uplij9U1cfiOw{&mCG|&* zhFEPxH1oR^M5>8G#c>;UML6RN=6-gQ{FKST3S+g>r9k?h8X`$sS*s!J!bKrwf9U*G zeCVKv5gq5su(^Cw*WW)R9Xm|h`>ZSX#uK<@UY)B?#VA|KI@dNoqyGL=l7#Na-Elj& z0xMUYNP_z@iOQEr?ZP^AS5w;^ok!O7^3++T)%YpRlxIasi#{7V1<=^BV00Xa8i>`s zFIEKwf*`CE0j54Gzdko_8^VX^uq@4hINHj(!oak{(zve6cdG&;kyR%DT=IM*n=!j4 z9Brz-;wVl>81=Tc^v~DXm~a}R-WJ--(zIUcvx%khd#7#vLU|EVTI0oS708f$Jky8u zM{)c!m0+XleE9Ir!3A7_{;Y&IAvt=sXyb(j20EC*L{Xx&;KV2!3}Vu_^qQGYZQu$~ zud{Ityctb4JM@=S$J8a*b{F+)BW`1qax$ST6LqNpyW*!7!qd%Tl%In(ObI2o1A$fI0ksXMg8;mH$86e~ABeC(ly+KZyv>EsEM;o114XUCeT% zYzXOr$}v3}wgPRCSky1F-bICj*Us=Jg>j_dd@_yg7dQM%Q}!^o%4RUh%_slF<9MsN z_C1OKa+CG1t%5hd|FN@EjsNj<|M`Re*PT2|tbcu(pC&q9K3t`h3=NeoZ#8RkuGh{1 zG|8Bw${~?v-OpC(ZO~)$7V7x+<$`>nrQ=+?o?vdhewty1{w~<7Wbzhso2iq0Oc|FZ zldEpv%a_APn^#$%gfa%?SfhjEw)^Q*vxBkzT3BXG6b7TGBcGu^1WOciJnVb|vv;6M z=u7`!zI^GR&!~?D*?)?B2uD{n(7ecK93hfS&;)aRgr*%#u=cy3J98B*=xMW4F`oMQ zVetI9s5Ir6K;a8GL8UPTi-%BuKul;Q@0tNSHNZr8j0O3=RuwFbel?0!wGVfbXl<>5xOk zT`Z`do6WS|n?;B2hvfP2+=u5T^8YpF2~CD`Re-tn-<_KMcW?h8|M#6dOUVE4^mHTK zXPGn!UpR|nxP^s>v&8^Je(2!`;0L;i`zH0=Gshg5~0o9GSRV)#~tJZ^xiVj zKdZ61KkIYg?`aaDj?X`Qh`xLDS&Z=Rv;BjP4h;J4=mLr#SuuJP5lKQxBDASQ zawl;3moEqEjVkly%honBB1e+vzR&^v^l^DSMVzQ%lEk>s;R&Nr9or^1SPBWsz&VU0 z6UtelFHV4ac6$a2gB!wyO+o=qd=RI_H@*0(7vCxAIkt<3E#!a6a|8bG__=g{53vw9 zi8yZ94Ce6vXFI+9GXLM(+1Y(K|GSfC3I1=qfCxIab6rHnD^dnwuG19OQhY7qCsj~U z-e8+?$OeAR9l5L{e_3N#%>AQ$!^D)+E+55UZ7_6BjNga#gU_MP%^$)y(CU7zhgp+% zdXPJ(7d_c)b66C08CPfx&`YiL9q944?vaZk*U>>M*IybmnxX~MWbI;AsXgQVw@^d6 zY^8;$|EnPUl#>DdxKJ}!WE$v7m6oixpzB9i=tjjIhDx7hmo^Y97}tWsqw3ush(KGt zMFwZATlS+thz?3wzAaSq>JwGt)iNHDwc)n9LpBg^XC7dM9jyMX*|)JcfSJz&AjUyj z%a>={ZE&A-{Sh185obhT$Uf4TVm@^)322)(L}j4Ek+dc^#w&OJW-_<8XS-HhfmYaLa-I^zT@yW35 zEHDeMsjz)U?7(K=zGQP$oUg^ryUF5xQ@mSmcs<`s;oRK{tOSwE3MMS@y(nH9xokeKW1k_HjEpUjs^)()etB(;Uv^Xl13Z(pIy|hj}=nl7uqjjfZMg zfSlshmNGeNR~;+usEt-tXi*!_7?UlkBX>S^O1(C;qqbk`X5zGwnb&jc&sSe(*FPg^ zOhX`%w&B!E)LXr$Dsgp|TGirG!FJWy(1@?5c+J{z34-!y07#cmR=JE@Be*6Fx$GF} z=0YpMuvK?(U$+s$V!DpxwVENS{`T(hbpj!m`*fVO(3ydRmPOT0eGTOoAi|>7Eug6h zrr8+#cQNEFvIDNoma|4-U=g@iFy`218`@jNkh5SjYc}K9K`b%vE1GcHTDhSC$2NP< z%{MMPU1p7ygt}Wa-rVAHD-Gc$>&)GemRVRW_10{dQ|ot$nJvWZZ*o=(@aN2^%O#s; z%zgiL&2Ve8|FC4pR_2L*U%vPcPKN(jzY)j~()}?4 zxub2j1Zl8uXbWK(zAJ;$IkERV>ZT<9ZEj0PnH;?;XvJwKr;8Rd6uf@bPG-y4OI#@C=%Tk^ z{n9oF7leCh7Bj5w-@q)UE4Yj7CcWnE%s0j<%Bl>x0?X~&Mpq zG0v1+farC3Ul8f%VWrn-fir+S*xnWuHr8i*1L3Q`7PWB!xL2_Wm}b9i+nX8067#;Q z?X9Jio7&z?v-jNgwy=e!O@h8n3(cDKoYpbSGt)Q=Y6UaRt(rt z?V?}XG;=4<+U$Rj3!wQT=sf?gXSMvl&v*A8?tk9Nvy%O9dj9|Xyne%9DVxOCH~YaL zZ`Jb)dblMsUlp0l8Tp|0T1~!Q1P>+pDhO!;1blFlv2mU#}A9 zyjNDGuk7ii3Gl(s>+9H>=I(jxvox)1T+-xpxBFwqr{r2Np^;wtwrzl@H0?qON z>g`wUKYKg75BLA>=2^x5bE@b1HjF?H8QmL8PytiBIjAUeGnA<=SOl-c`Tmx2m|keJct>$DBSKU1^4QQFCvNhLxba*?dK7O1)SkX4}>L zdhvF>wqb3oDa1@2in4jdV91%srKr%I#bWl#c7%p5s`D`e*~=OfW)kN@GjO}+h1ny! zPlkro#OH{FG$MI^JE8znJEBPzWZ;~&=hcZV6C|)1j!H4PugKJA1K)m|wXd}%&WFh2 zCiB0AR%hX*iGkW~VHGCcx~a?_L0O!xC^0QLl^RPq{W#>QDFw3R&#hHT*V;sTU(MDu ze+OO85;4C$XQR`IYEAXK1c6pNneQ;$tSQ?-=9|?ybzo_>A#Ih1Gee(l?PJ-7*KDeC zhPWiftY);D(a;SoSMFrpZ}XKkcGN_|C8wZ8th_~I$a>X-g-3KN+@mP^YknX)pM!v` zTwj_q=oYzaEUk%*<(y7UmFgvvR?@ERLd`wi0w-~W)zw%@S={}Gskm`G>*H=NqL<`! z)mG;;wPt?j_Li>B@)~v9ZsV0TOx=#{(t*> zJ3CeXzurUs$GdsFRSdvqYO-(V`md&=dt>_raN5nj@cCvIU){s)7<+5TT+A%1t1V`c zZFRUSHF8C!B1oZZr6EW;fjRvbiQW<}T1<4M#+)j_MAzx)TuALUY^fwnK1G{_^Bbf@ zs*I!42=Zf}*V7x4qD8jG8~!0Jwd5f!fSaVb>gCdBzja*HmE zo)VP53UZXm(em?YNO(SsnINZ2fq5^i`A+7-0z)_PBrIXO-GZ8rUBPd=HgaFtWas#w zRj6%-@0?q*-L_q3!L1!H?I-8<{_PvC=b522gPpZkH*X5d8K0WlxS?jI8@-n%C%xn8 zT#{B1)1zM)(_oP?8|N+RSZk9)+PD4oY1VbzIh&38;}Hq3M1Beb_y+i)#mB;8RA_n5 zGH|^n(Wa3Z(0?7G-qWpxXQEN;xB>k)w&xhT+?~fV_44+$xrEHMrT4;4i|nO3Flj+o z+&ik!&K5uDpsjm%#VYcivlzd&{`9Rs>(c+-U9V~dn4|wc-QU}(`hV>`fBvBV-^H_v z`ft=>RR$FOKB?>aT6Tx>u&|F=GT7Ns%w@AG^5sc?;Z>(i*Uz09jELm#>=-e*rMKRC zd+X)BEh6%@NqRc%aU*V;hEPv|T$u)xI-9*6WwVjvVr0@t7c$V>7@+SmNd`+Wj6Dkn4-B zN@t7?a_d-0VVX}pf+oY7x=_$?kWX~0USx9QH>8(dOuWsh%%+^5x!UKCsdX%!YKnrn zOL9E*-Li!=?ELw#Xzq5=R8);x>&Pz;&lZIQxX$<-L$VrS3L3~DSY}a{*G|=DxoV>J zV#T#xuGAv69hhUI>U3PYQ_v}tpDlX{(|J=r?Vi-mxgSk%eq&TE2eXxxiVTT7&NwGY zVN~pNs)ie!L^ww_nD?Ift5(Ku3EJjLM^9ug6F8|Y$01rk}BGA;!YBNE5p^Mb}$h9jB` zw-F~XmULpa&Eh>yB5wmFWT?HQH??WPc%!2KYb!u+l6Z<(0yPy#C?y=lG$DZ(ygdK? zTy1jR208{pL~oDJQAD}$f+3Y%_*aAP1^s{VF8pg>jD}tHkNqhoNw;XIkHf1h1>Hw@ zPXckBdQXBrzVe;~a-4ck{y%R6y~UieOrVpOuY?z*oc%#U=>;?*xU0)?_JPK#rv4O{`YsD_nueQ|8DQuL;RmRc{b1sDib`Wb~XG=`&>ya z$7)$p1tbdSKdv zecqT-4^S`o7<{x|H%w5;`1Al-z)dHn&md&uuK8Pa20iw%7x%(Fk>Z zByr5pJI3Rvqk-7iKqrahEXv>*!t;PhYe6LCY(gU<5VknC_B%DMlyHHrM>HIv5GP6m z0`osybeNEsr6?iSWnOdDs5TT92^z3CX4h)m68B>QN3Qx*!D0_jFpc4xQI-t# z8?=JUNXSwG%2Y%L0|J7sAfZ-TRJR-GXfU7&l~e)xSwW?CJ{plk(g7tLxzA_xl8BH~ z(5%qH&u8@NV@g7$VVxvtCg)f1KKrwudEeJn?X&k8U7A&bb4&#ZifitAY+a(6po}n&N}#A0 zcMVF)B8!w7R#FyONV@9pMA9b6a!^7xPFX?{nFCbVRW8e<(h7=3N)0Qw2MR2xW1QkX zjTc-}4U1)^HMaQEv>N9xxSKDfb#&m)cIe$x33-K9W)&Vno*avYK3wt_yvQ@rm) zqH7w*h$JF|I~k2vPKIt1nUF57m}rV8ES|T230;Nbd_ocRj&{G!SVUXU-h<7S+y~%@nnpL^HrIeyhB4>=rPOkJ=hb1{8x-ZnR z7pfm!ZX-bmdVgZ8{kFLQWjJGUD|b2;l4lS)FhC6hNV7QBcM`;9;{aZ=@QQFvgXoM5 zsgQh%%r%DBcuWM^j7Z8!h$V>*)CPshU2u{_gr622A({wDaI{q!dcIg%N8j6S|F*kT z;HDfHn6)tJHE!2eRteuZO?M1nXj?Ae=`C_ z@st*%QLOtoydp_-*)Rp@2jlL9uw9sj|KC4mNKGVzi==3C)l$V=!yK042 zR;(i$W1alnDFcVIKIR?6j8&KKEohc4s=gB@X-LY)9ohmGP}c3oY}no1>HWRC^Ss;p zTNkI)cWMitCVtQF?ROovK20S4m>(;IM4%?5TK(b_%hAO&C6~?sPdQDbus2DJf{~hn z)(tE_@+Z+6)>4DYanGMwNHr6E9AhEW&VJd3R9Y#xR^K@B4i;~ z)sUL&0jid74jvIs5+==6AGJ;{em+Nn4ii(34rmD5G@Q&4X^-vfdUdPk%inp~B9>Xp zVo|Vxh205KK^FKK_ep$P+Cp2`D;#O8ch{PCSP=tO?8U37Y_W2VBWwYrD=dYB*=8RD z0XRkJIa2IG|Aiz2!I>rKQrqnVk&-YFBqpI`yj)A^6qjNWmdjkuGU$M$x|n#lF3MQ_ zm}^~>F^?v+*M(->4X`UTEB25$&dd3|NHtrRmK~@PZzhCu8kL)xM-yegkFu5Wm=i7V z*t0NIY>NKOaI7XSLO4wUwwY$s#UOxxQyh}gdBag0vukt3Qv1c`Q|K?8ZZ3Wb7MuRTBz^_X{s70!!SR!f1PIo zxX;`fPxC)rTL>7#UX|+qwz**&6eb!+gIR1H)K^2_6`AG-IXU{wb&D&q!~xxn(3eLO z2KDu8;%L?g9rP7P09vTOY(QUrONepAiR6?_2>6cE0m3mSIGUmmc8(};_4v}oGT%g< zEMo|DjMrrJw(Ndok!<_!b?WbSJ6os|lVm7I9n{-F9U(bOhDCrX#s5t=rN0Xz-bT9q zHqv!L*3)H=tlFsc7na}MYN9@vQE^#1Mzk>#FiJU@fJ=LRi_D_dqEFWk&|LI2dt!Y{ zkKKnQ<9JBc=Y#omHr@4kZhoCzuSCpxN`f%P!Zpvk_IWdH2uv#lwWdl;6Otq$X=ap8 zfrcZM)8gxIn;TBqmSYv5po>(8rCpaScaNpEHHlmISg>;GP^NJnR4<7L*QBWa68RNr zxXh}UA*M-j`cpa=&RR%OUkNPl0{K1P{C+VKBbLPx(je$SJ+_waBofJD4WfraSk`Z1VMCRPOBN=5kQoxxT_8Y$z>kWfC1jU};*I zBe>YnnYYl1Z(o*=SgXUR+!og&sw{ZHfU|LK9J)lT{|5=BnGh<4jz5p(XsKabl>(UP zU&{zzjl=kfOw}NMroz24AkctvA)O&8h~eT6Hka@tGgQV+S)&hvunb~&j1rdkwzNBp zx=?*ZroHmuK$LD8p5a<=i@X0TxcGm4ceQ)Gx8L=%!qtbbFFAbe{_oM_GL|_ZIo!kN z1%k}nCefATvW0>}1<6f9(OjC{Y}*|DD!o1r8Bx~fPZAVj0k*bj;oZ3HTs_pzh{M7s zV#KcPw&`r80XkR8%v(3K)Nh*`Hrxt~a|_LxzjBsg~8=A52Ulq{H-Ut*5zWTx|h$q`KyFj66WX=E(*Kk)aGFeGxUpU<>iY?eD~F- zwJx0*IQ?SP%?NdRS*)Ghlfo__Z88I0sZX@;yn+Wza8w!(A%R$8A}mc=rV)?{f(#T! zYqBSR8cnyvkLJx^DUy`PZOTi|A7oNq*X%XUA4G-v%Co0nxJPr>lyLQO>A7=K?yhA5 z>vQMii2S+}=%jnOlUbZIf0Y~xE3Q2!W5$i zGt3Ac@A?p?rI+A?RhL2vYX2+s+E^7*0A!>tVuM$e(kMKLvgp8 zADCj^VV=-rINuJlfX(GbW|6sugawrL8|n2fRbLyd1f0b&O@##lHv$y8HC_#$rZv>bQ{$!SUsRD(1b zdI&|ubRF1>Ft)f8o>bpUq5{PX?f`iRk&k$s#^eA+P%EI!^PEUbbGkaqO9CMmH>cc| zO~j^dGNj2z&y#pKuUXxW#6!24UeMbQdVWOu6eoUf$LITdo|k5Etgm9vYZQ<@m?Es3 zKg}!VSrfpZ{rD)p##8Ya(Ln)+!r5cEBqSei>--0TNGN_Xc+KP~CxRsMv4+PuiWLB1 z&hgYkh)Sa4+0KU4hGUJVNLZi~-3VfX0(^T(YqQ81UAoT{cwR*MnS<`WPA*YHjUJ1= zy$tLMxLZuGz=2RvH~A{9;m?!`L^2I9+I!fbW#6b|4fYl_K9C%iew4o(WkIv8E zy*Yd76+-639{e77uI#B%38~8lxB>71t(6s3Ui|Y`6Dk?u%>sM<=Hk_PAU|q86|zLInA{}Q$j;8) zCL7u5t&nbH!F(fgQ_S5s@d(V#$v|X&(I%&B?`R5&Zj`}yuhKuFCE3; zups+Sksob&O(^KCgo2)ng5G*i(7Oc`^r|SZVQ_!70bh(WCPTeoC)n}4_iqyPnoY>K zPdMuBZKK_t-JNX{LuuDuz(v;>?u?E>K^oA6iV=y5``SY)M_C_Y1uNn;F@!gS#4-~; z8~AcWd=nddYa7WC6=;nAVBC$X&DMyQ7h31z2Mf9cV$L^s1zg~D76an{DPH5 z*{e4{2cGxj$vg0QG=N_dP7pP*h>6J`Qbof5{p5+~`RLU8pPSc0qk{@}yl}&=ERtNJ zO?$~pp`kxTeI`e`(k={d&*I)`NX@Jc+zi7nx4BzyQwIh{EQzOE0eb%<;beBuYa8rZ zkpNDq8I*P=+XB5e#EGJ*2#pzFsnB+{AxL5O(hXOpz4kmG{i?8_S0`mdF?p8#TEzkdR;^U(+k)K}6wToSQ8RyyrzKOXjTr5Obyg&HtOzwC+}z5B2v0?5Cs-sjCnHT#E4McTZUy+9;rq_%DTg-yHj104ra55m= zvZ?oMFrZ*`gklj3Go{(Utj%6KlilAZd%utAP)~7pBmdLS1o1;Gh}bf##C%GIdh+ZT zBtw%uMJ&GxGRR^S)8tBMTChE<9!v4wWhNP?I2K(_1dAucSHSJUzk7blg!BtQ^gMT+ z_7)jQLvaZ6p-T{7jRE@eC%e96=Fhz@>}EgHkR(czJZ9-sCzSns zIE|@Ro9$*{nh3mqng&>3Vp!w~O1rz6QV2^eB`ACxbi3Er*8v771ICBlSeFvrpHGfo zy*_{C@2YM4*CZxF6dPoJs`tiF2V=+ANO6xLCz`9%1YL6~A=`*x19^=(@ggcDr~OQp z5M-gE0=WegGfq(F=p3D#chHNY^ON&!@7>A8k8ggxK<|#u&W>JRoV+?mZ_d#1o7XQ- zE>7OOK1Xl9M@O&!iGDhH{c;--sttJ`Q-~+QIHF_N&I9k<1c$Mm=hk~L#nKSPI2mSm zNYIc?h(07p2_I9TH%OdBUQEZ-#;2$aC-{aEk32jN&%^W8pZ`Aq0RR6ir;7RjiWdO6 CE~_&D literal 0 HcmV?d00001 diff --git a/output/helm-charts/kong/open-appsec-k8s-kong-1.1.5.tgz b/output/helm-charts/kong/open-appsec-k8s-kong-1.1.5.tgz new file mode 100644 index 0000000000000000000000000000000000000000..a57efadce71a447dcfa135ba750bfa22109d58c7 GIT binary patch literal 210414 zcmV)1K+V4&iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POvHf7~{*APncKm==Wpl13!M|K3CB-lDJ=)>)M`H=gyy4FyJjefF8GhjKK4A}8%5cIXSQTYPB~ql1IVXbm z<=3!YLYl>4ii;_U@@(3hW10y}Gg1Jt$Q;vjhy=m&@a`r5UljtDQs!MaW}>Ga)z@T? zv$BX4`3=HTDrV&vP<WX_akBUF`E$Jg&HnyDf+v$C8TY0nBLx;D8KPi+u)iPf z?T35c-0bZQ4_^!qUPRvg)f-{{A29|8x9op%XH}Wh#)Gcr;-Jk~_*Xj=m@99I5@FC)>p-E(p5E1(lmU zM}na-LAl%#6GSt?(1Mi(5@epISP&ldwt8D=L}Iyb^I>lbh3JIjDO<#`$1D>COH)$RTU=>Lg?Kp*K`PZ-yrn!QX^Jz#O5WP(X(mXK7nBqCwS51S zKS08c!9Qs~Qf1TK40{O4RW1KTXbYW!nub_`63XFMAOIDdq!Zm{M1-K(6p0yyDW2ez z6ZAmE3{f>5)od8O@0BP@*(Oa!Wvp^+lDMl7pNd9!JI_!T7Nx6^79@-TU+QY z&FH+GqpX~dNrBh|aUxYt#h4E>8qW|$8F@$-x~l}`EJ1w6$~2MuSP+~n0AE%LgtLVN zLInp@Ks7^gf%%MP(_Pi4giM8I=a^-jCZr$T zNlYgTBxVG0Qry#+ARNc6%mApNNS5d>Fz0ld5%^PnQ_UCZqXd&V%QzA6fkaI3 zVHx$1>ElRsq2^X~Vks%{Jt_s8DXU>7p5gM^ML6V*^E;uU4FC{IAns>uv5xQW4ATh(je}TyRoN>a@n{rHw zj0nQzFcXpqic{cC$-TPM^Ae+&C1e-TOcH}jFgX*dHNryR_zv;1nBZ8mA2tLUc?7+Y zgLQfG5)K|XO&5qeQ!P~`$y;ko`%M0uF`=eVzQswRxJqeU>Q|@D5PkTy*V(<~YVuwb z*wD73xe?1Wi_Q#a605u$TEtsW0y0|8VK&8VouF;L{Ym}MG@hM^z2 zFlLO4qm*J!EC8AhQLwlFbu@?u(O#fI$c7TMgKsclOdg1E8dT55xG>KYJx|DlW&~#D zo~7lSsPicB7nd6&dcacd7lg}&u4hGUdIfvGsAdp4DLE+=$m9nF&L4Q7I=R4eVz46f zTr5s#0j$#s<1HYw5)j~gg~e=$f)+lhjXIl{=EdKVIeg*QY2d5`CLN`g3Ua^Et*D%YlS zflpD!in&q+h)^8fVujt3s+w#tCMkP}&{>AmE}rhfPNeBASBz|R?~I9pKC?jbq$l5z zl#>VfChC#weh9)<;4$WMv9QS`u#!zNRw)%WP#Fts$ycyakOFO6es~_e|MLzSlNifw zK{nS%i=KaGKt}oCO?W(#$jad)42EJrRiA@?4^5HGCB_>1rj~59@4+uPEvf&ilGNyQYf3!?ES6Wd`NMd7c3@R zY9c7u4?q&L_lsK`%cr*~n+{PwA@_YQ5>`sN4!gt3_tTOtX(KlwoZjMmX(K>{6a_2% z*Q6+HKPz5KG&-9&Sai36eQAjL&hFLk8S$kTlVotIYQ-fNY%UiW2tFFSl8C#u3b_|2 zjPUH4u;&nvU%Eprm^jfeJ4BjX7h;jqSjtW#p!64cT2854=LMVxNRblG?Nh;eTS(E~ zgKaT)&o=VdCyyZ@FHhB;B)2YD(7UM2Vm61b>BNjC0cnks#1&jvh=PvgYLQ=?mJ(=n z=n^pM_TefqBoBQ!&(noDu_}#K_9u01_rP~kt>w_s$(%zWnqdy-arR&+cbeUsiH+n; z+o!{x)JG+|05#N~NC~X(3N|+nO%YfwHaClXxsSVhPOexZQk6n6o6bRBAq- z(CHlKaNg1{aGHj9WDx>6!W`3rhcpXu)jGty0vS3;h89UF)`67huYYT-vKVJlrvg5g zM_SW0;__UtPM|3slT3x^uDXyg8#C-(J$3x6-B{cy6M?|fAqt*Hhib#B+5O;I{VNbap;Yi6@Iq~K z6%ciLFvoGk$s9I+b@QP&CWEuUQz@_H9>p?(wqe%~GCG}!bP??I5F(R_r1(7<0USAo zyiC(8meP1JL}!x=Ca%=UafwX;;iACG+$H2XO3lbJ&O1UT&eSi-9H9$)Z&@LuEGwKHn^DW$K7wQ=8YdS`yQyL)P)N46fi$zX`=z=BWN*zj5 zhLdk`inEv$$0_ET_BYI7tIBT03bWdMqG(d>!tMiy1ieobM1qlw4PXNYm{PSAxBw*- z1P+Fyh|*enO?w!yh3+gG6M-Y28Sw)T<%q(u9#RM!mHe+@F-wOi_)4z-)Dbrb7`tZ6 z$Wu%+LEa1W{mspl=A>3mXyFCPd+OMU(arhDd=0y37oYen+G-ZDBbQS*L@x(}J!Sbd z3$6BC88^lWS6xkS*|wWXXgY%WI@Su;u&ZegtVX2hx_$vY5$*=-?LF zPGbCRnI$Pf+Z|027X{6xJLZ$K2^upoGl%Eh3WBn?RJH>3g&LR|6|#-B`L5DxFN{sE zQe6}$n%zZP5O{>%DR$HcW3V_&EetMFDyjk;Nm({g;8-cRu`}GgAme_{5` z^&vo(3ZdeC-8kx!VCDi*?lc$r-UIfV^O2cBIbDXHQXqgT7Q%QVZJdi@HV;M04b?Rj zjQJBDTU)4Z1Zw-lQq0*|^j%P6t8qc+Sj-~L@?thbeM1eY-pWT(Lg37{r`1_Y(tn2U z3Bo95h1?KXmVmiOekPY}gtpJ*u%uoN7>x9Zuz&g<$D)4)=hGeA{S9p5?VmJMBQCHg zd6zDv)qO1hq#h$RkqoDBSsS48;2rF8mukRD|%C5^}wfK7a?J*wJ1W(BSBn`fTUEtizLxN? zU9-Cg%o1v9a#BoKG4CnKr1zhDoYF*XQ3)+bEK+R(QAk%-M771-oR31Q0c6wO7FbOv z;gQ@Yq90xoc~LQP=~mYD(F1b9|*7ETsO6jQ)$Z z;~9zX)M2zb+bCS_X+nx;93?C+tsvPoS5m%F+)6XGOsF!g5xx@{o*A~CH#Rs))aLAW zdX}(4W)1cIutR-6>=Ixg_m35w&aT=|Zpj&3XGcahhDI;UZ5Kc&k zK#B{-dH4^O5%&enrlFqX04}>q@+jz>r=iqBBoJI=L;S#pIGzu$PhX#1UJQ?pk1yX{ z+zcH>rT<^>6aH8GzyI}UG^D=4B_1GHl&BXee-u2)?-CSA$IcGnNWXASL_uS2X!j^9 zlv!=7O(27gjpkDs8Ga*nqO}QRj3P}F(esT=M4o*4_b~HVzc(%lg6C-a=J;x-Iy`}J zR@C2>=N)!WQ1I8k1?~-|w%&l6sjoMs2Es{7Vxcrw@afT#5Ed%5sL+bgxjJltx-cCgoQfHo9Hi3?( zRaFUpe@>7lR;FxMZQYk}cGCSnd!e-6DNmp~878#mOq!q5wi`Pdk zEUfD)$<&%dmZ`^&QIOjYQ_lH$gJYX}07KjQ_Jt%$(pisPJZAS~=aU`KR(AZ92e>A2 z)Jb07KUZ$iV2njEn~%-ilaHIIIALC1RJeEBBx^=b=e}5TwDAkO3h5Zb%`2^nr8eJhGdY|Ij#J0pVbv zVWp>6jihX^e~5HYm_5;KHS9#&e5YX~YOtqcBDyT3T(`>r*u2lRmyFy1coh|}uFBGfCBO znW&{fgis*Bx<*P zZHbpF(quV+_hTIgt=#^IZVw^Iy)D%a%=j*VR4G*zzuvdf=kkMS|whs9(2x6LbcWnFyCvpyj zgCp--kLN8ENDVeXG)v&_fNQyAz%TTc2=VopW(GO?eh9C$meku)LP{@X8&@wU6Jkx+ zL~B?8B`nB8K?NzoDs&%Vp#y5cz1+0uS1p35r}@rq9lzxm z0r#j|kI7zvf6qM`3{mX`cb&H%i={jpL4<&giXn-Cs{%Jwu(IJ7WW&NGY2m2TCn7c) zeE);`C6pch+P4vqeo%uAvePkxXf!%^ePe)?z9k4hKm~k(rZP){VyeGvN3pzL1 z6R-eilEI9U$0jH*vsjese69ilevW?L0o+tj9Ob+uUieR4b5{K%pnRQ zFUULfNtJ!U!ed;l4{$;=%4Z5F2$^gWkAI@1DoD>yb8Z*flLMh~~ zGOO;m6zqt~?xp&wuyVa~oQ=AkpQ1q#=(mb~ryR{lnu8-rW;r}#SqN!^^oFCpY&wS zEF(Hpb{G9`Nmf|NHjq?%(3oIiC`ONf?&=v%^}L^PqIQ_zX*mp=*TAb zQ^FC>w)QWC;=CN9y}@8^pUlY|Hm52~9|4^RZ+v&y^4Z@0OZD0BGqcDRdP7Jq`<_#k zT7?rA$4Y;)D=0xYRZ6(_{Fb}Df>m*M1>!05m*}YfXS{YLCVAoH+Ykao=SpQ%HxJgL zYYuAl%Lhem$xlkd%j$5XxR3%w?w481?L^c|#;MBUG@(;1v?*L=w4w^>6*4@PO1Bg` zI78&UlqqWe)ww7#nXv_`g$_E#qTB4&?m_Eu`+wzllEs4j5K?F z20rU^Tr5yt7RuKcW|3n-`D9@~v71qE%MA&=d#R4rklW$-`h@GawL%_mGlHfChSVWu z--bLGl3Ud^Y0}%OGJ#al?(Ry7dX3a_Z4m@Ez_%IV>#|Hs{JH$ZMDGraWua*cA#o^ie-kxC>bg< zos1_z&!atSRMB8}{ahQ+BG6aX%}8flOzjQ5jx&py%F61+}nlnkDp}CM8a*k6=U(V91+PVJ|gqc8?22#g%;Gg0V4TwLo5g zt#k9Z&6TG=hs26o#tZzKrEsA;EpR4GatXm)6TXvf=|{spDdkn(34mAi)I>^>#0r#=2jz7EBf79dsa!<7`>Pfa?kg7e6t^dT0P%Hi-7ox6>cb;%20xB1 z=h*Z(PLjha9S$eyB-CjnU1Nm1x><(D`RULM8`*MAl1T!Y%D6pi%9t` zzoYprV7~B@PM#ULQO~Rjy4&@)N5^J0FTI)2(7^KGW!IFdUjL5Rba}EXkYFkzQf0N& zU%M!)^dZLd>m(4V?wI`)BHrDzk`KqjYeS2!mDH3L=Bd5IPkaVQA^&MICsx$PH zCbK!dytui(JU>6Zu2R~#s_7GEj{&=6m7_(C{O11|qTsYFSWf!ik|L#<7N;MRKn0le zH=jZUmU@*$MQuHhK~KS#V49W%v3WkGnbK;t0|a_$?p2)iX!bE3!R76W zR_u=8PLCCiUzK*-a2FC7>tSyKneW5{s`Q2cA4D8>oGgq|;)e*fbaH%z#wz^TSpN;k zmT+rhRKn=$^er;M))feK58zo^1v4>u%3kxJi0wfKfs|Qm@-EVMF`|GFOvVH^mvA_z zDs7WiuN0>PubaqhyUhQIj?`7OgQ30&Kq^~W!vn_MTXe#x+GV#BU}%P7E~7PshO^vF znGtP-QJaRd^9wpBtQ0z3v7Cdwfyt(9oLIajL$o*O^?V;fn?Pr)Vg5aHn%O-VZF>$B zdoTaIQ-fGH)%89ieQJApl`4(u7W%;e1Jj90aR}ad5Zh)gS5Y(Hs`1kPG$~Yj2o+-- z5B+sRK*tAL3~ZHE3e3u^r4MFGEVx;pdzFTenu|RO<4EZ}$q46H1siK_ltT42vAG9w zjp~fxRLuTi^kOB2_6GZh2l@$*XGD(q`&%P6pIKJ4fT3eqSXIE_qwiHfriiP<6?v1h0Io1Lh%i-c9<_ zB(sL;5*wFdMlzv3!BYuRxYMT3BO>K0N8d3igqN;Bvty{RfG9qNdrD)H@y2%SO5OIX zS`#9m?0^QK4AcfC(3|15Ow|xDR_xcxl)=s3-CP*PKru7}vYBAKyfDr!sFRJrA(OFG zd0BHJ`*qujw9KYC6khGBiXSi;=A`K#E@dwZRz|HbkU4hqMu>;|VqsnL5^^}vHIr}|C~RCf-L+`CCy7`}_0 zv*q?1|3gUi^iWYsZ7Cqs9Z@-pSU_8Izw~l)l3^?Np-XVnbaL< z>r$4(RF;DA;x|u@xRK7}6Bzqf7NU95{*19-lCLPUs@#c9&x~}=eWI@REPAX!$Cz`R zB?aznDX$vsz7O9DF2Jx4HBsufbl?h8-{;g|wH1jQf5$pLkl0o4ZVw<;Q+j6;fmQ9m z{#X!|X!n6>R?+?~+fMSl9i6maofCB3J(mE=bCuh4CYiFfK)zR#H`I9Z$uq8O_A{hC zx4CF#pFio%)_4UdFR-7hwA(*BQ!bc3R5*yJ9JVRTreP&aFq9$^s*ZtnVF&g$1#+Z% zlxYRP1w=EGyk4~D6RZ@BT{JG$Djt_K6(P+kHlQ4!>GXB-yI)Eg-nrc%YS)F~OhrOBVY_)%5wm}NdUW#kG@2)n&F9CX>x;9C*F(pw zsSMP1APSGlFp5!uvxLoI>K|Bj^VrI8THux@{IlOj{Xmi=E)YgYRU5f4+RUkz=a6Gp*ozAbZ)$# z!iO2jLPN2T^04G22_I%ygb532n6O^2B4}$~9=XFQ^+KLYD}OwAR3&)VkDO~a6}N1l zqyIpA2T1DO;H%TmF{v6IK>Aki&nu{b2pHwE}Z8rh$j&bSbRrh-b)y3Z4 z^Js4`8iWZMQ=El+dttFZ=+$g6@Vz}DRy0Dv;lcC$Pg3;Z*v4eYjZxPoEg;d_)VlIL zZKpj~XKR^%bQJ=p9@2L5lDbH+4 z-z0;`U|wBDnCgP9 zWlKFhUEHS1YIMs#j1qEBQkIiKw_Pp&pxGa+_M2ceJA2Fc?ZdC1jo)nEy>9tt%9n|h zujDl+gJe6isY%rZp)>`Jvl-UsR;0|bTAS204(8TTN1asb*N$uPP-E5KR;Ad2CJ{e@ z4!Nv^?UQ!Zd%#qj8FhaP{fKFm>dGFhp%RE(+gVC8c_5y!0utvI!g_wN0u}lITZ3{qut}*H2CzMA$5g>=W|wD9kymY;Fr_X`P16WnN}czCs?&Ty zp6QAuC?PmWS$wBPe&!aPM3OA#=H=wu3Tf;If*PEv!l|zBsSCsdul#c$WF>0xdhDw9 zp^J-1B(#AQqDp7l3P7sJt;&J`vTH`-JMITSRQKa8rM%R1$=;N^7Mo0HOmSLe)Pa}Q zWdN|ymr|9NrhN#-lM`baU%Xn`v_)}0lewW!yYeN*sSB|mD=0{bOw-;@72PT`zvA2cf!hjq)f0z6R zA?uiNPJ2z56|Nxu<@&*Ltt@9C$Z+ z9W8rXwM*5?Wfy{=nm4ZAeXF@`Rk^R#rEB0gvZ&|kV${EI?YwSnyKHT{YHh!0ZM$ZL zd2w#SYeQ_@k}nzIZ*goOfXlpXX#Pu8AIpx;jp?k$r=Pkb)NXR_7`M7F%(q%E%(t2s z=KH;^j{EYh*8B2<0hl8FqPZxg6A~|C$l}88B(m2lsutPY9aU&U^=oM1g#fSLvk!(U zRByrL-JuQurX7Fvj^)j>-A+Sr|%eU+o<}gS0P1@Os~9 zDm&Nnt+pj5`_J)1R%vpM!%$U*H+u33+>-x2G1(ONg^1#F?O>dD7cL=2ufC?S|znWmBmVNO22= z>qUW~@^BMNv~3j?hu;7B3hhOE-|TEMh6h&Mr3@#$FDFy}Clnf$P@xh!sPubV$h;oG z+vDn`tvSb1QaGMvPeowK2?B^IY!Cfj^?Ow+fhENC#@iTyl9M8wmNX%KIhCQxsRG@} zzdd)%o*RCwgQ;x6yh>*0EIIN+dhg0PmOW~V_|RyIazjyRfTEU|UpQ!{`(k zc2&@9s|QlY7?T;kr`9caYfI-eKE8VQ4y^7#$}3XDBop#<0RbMW%<06BiPqldrc{T6 zTmODv9{>C&VJkccA)RhpQbZ@-?x{UYA0ITu_2yf=p1X20 z*_J#}Y2~`0_cSF_-<=KR&xUu0OguJ8>Uvp||)>okCk$$2G4?F-zVH|8x}f zYOl>s()N{G$=?1xs(s&Ef$2K)Sg|(RQ;EIc$pylw(aFWAC24_src5$!%r`nh?>ky>q28GE0w&>) z3a#MkL5PCAL9{m*MDoAtu<1DZRI%Gx!UT7#K1&It+H-=7ct-38ChCpf$B{8mr!2;) ze&6-H?ODk~g1HFyB1zm*kjUhl>-Drv@-54#)aZKcj-(^66_D<#U~~DhXx+MitoJyT=PX_$r444<)hS|XG_7c7BN+YI(;=Fxrc_6;RFycu zvcT97jkR%BZRqD-gHSe6w;nT=vBGG>75ZvQt_c99+4Pg$0Mw=Br*$p7Vbf{a6wxO3 z9ZIhih)pK)Wc2OPF&HsMZ*Q(@0z+jauHp&x5?7iWNO`QR?@H1u%SKNtfHpC^Gtu@$ z05@JFyAP^XDsHrLAL>w+>Vq;q-Hz+17ogcvRaCp{J=32)Lw97c+XzSB_p76d)uVi z8xn0@2Fz|vausl$sfZiu_dSH}slbh@XL@&Py+yV=oQ;2KiSJioyVH{1g0GsSCXGY+ zd!rq|>6zf#EEpwJR06Brs%v;H;a_TfdIUjdqp|%;TgV-1ckF$3j&DyzMMc7~(vn__t=^L%3<8PA1rI966nic8#&M6y}Eih zeEGElTC$DOZl67?9&?@!Q3ixGPXsOmq=2_x1eMEcrC}9n)6!ADw*07xsP|XnuAi4H z#+ij?QodjwQYDuG3*%esoVRhd5HrcQOdIhr2q!rBS#Ub}OJ#jhx*@_wwt*nWnWmHR zMD`b=g;tHzwsg}fP@yy}Cu|w{=u2WFlfF4;Tqx)5#;hVApXSn*uS4^?*VF4^!!+cu z!M(MYoovM)n}J++^?S}izG-#28j05^FgMuOo-*|kbNi0F*nhJUa~o6X;Gn(Y zt9kxAE(7=5C@y1HqpP!jcj2rlzK(!C z=n&8c|6T%mZHgTneBB|Wzy3o=Kb?@qIsHRUuOX-PeW4)otti?(A2yJo#-qjp{GE$Z z(YOq#ShOw*+qEzAyhYT&%;?MJv#a(UthxuOPgS$#FM6jEAkez6e@d0TSy$0Mxq^Ig zHWQO^O8R{Ddsi*u`dI&1%WJGJ8jInH~vOn)l3Uth5P ze9=!?jBUCRUXE3h`6A@y7)DdMTI^c((-;1#x|F?Wydw)+)d6msG64x+4TgFgy7HAf z2=mAv0XIdweoNS2jv=ti#ojyu>~T(iFx43RoHWkO%e{&jxT9Gz1QDP`#T8sgsSy)_ z6D+Wadr(xVoEPA6>^QGLyuxkFGG5L}Vb&_dF#uHW;~vg)uDsgjERp0^*}!_HBbJja zRE=txH3~ANT$q&SZsgQ-78g<;%Wv(cwvIu7rz8_f)lez!_oBV%Q0pE}h}BX0fET={ z1#!b;N&e`y3{heYZz1IrQTYrRCyAr;bNlxSwwT7Ytl`Ux_d-_$;kN|#)nH!A&juL`q4{WuRZoUsrZ$TyG^ z_&YZ3Ocu?iM@a&z1`5pGGtJ0*pF`{+NN zZ}c^35C(0Z1%XN0WE1G?612*NL9PRH^{L>MnMwM)?PN*bk;<~}Dl5};7iFx`9jNb! z+7TgDt|6W=W?lJB*p}^`6cIw((|jMX3?2PAlB2*`f{O%ck8ptW`pxOCe2xD9=rSkS zNZ|NRS1vb2&0Tbck{}&iq4qMxdsQA{yQ;Oj5y*V{4>Cl1uc=YGCriGQuUo%M2`(~f zWHOAWN+EBsMlmFX2B`p^7*O6(ZiWjJJPp;VbO-KG?b6=bLP!6QinEj8%uR`@_ERjI zOlV5H?|vK&wRBOJ_7Iul`)l9_9^pCu2g{Vt#vM1#8YL%%3gsaa9>$zTGcivaJ?oeD zd8I&un1WHhWeMR!bWL#bqolxFoGrR(Zb%zyf;8ygtCPQ>Q&<>AiO|6xdu=gx692bHwve?~3P1z(neO(yw87@fTjp?cJGJSxvdK;2kC=9`M2!b>3aYoY=`!x#X zt|s+H^n-r8oiRNz;Ns3QDPnh`8Z70Cp_;YBJIZspCvIz5p^j_l&*meODUk~-$Wrjz z&}34koQR#JosD$EsHZex^|bdz%a1!#;Lt0`JO{G%FD`FRN0E3h+P>T5NAAEc4i3K1 zn{oZ$!~MaFFZK=&U+nJ>28S=c{$jBAVsQBU3pDuHj@S7qxxmF2gOBd3KDgh>&kZxF zF-@SI)znmoY+Y5;3Jf3iK75cTKb!VBa7+IODEdJ~uBp^)V08WU*WUM+qnlS>Zr_z- z5{nc~i9q~5MqyahuKw@=86MP0mh8I#Md;UGTUt!YG?lGX1D)b6Wa#glW%9WC>e+`# z1+ho2!6?!ej=v867Sa6IXFI*C%jdOz3 zUcU~%{2(#^wHKE~ioP_jd%epnb|MVy>d@+isw^s($W%wwgYO|pw9X-zdZ5gIJ-NV! zosOeRYuFj}1mN<%?k?2b^?P!RUp}bapQGU`Rpm>LxcA{hC>dybhWQ(^uuRj4Jw<^& zT^_{{;v4M1_vUj}tOgPJ5KsVfw)2P&UE}sng-A8TS5QDcOPoi6JgtHOkyq(0SN0XD zOl9k|bWNe?25QgR00ih)9&W*m89Bv8+PcG8vaF5Q(ND$^6pqet_VxoUOqNdafQ;p? z7CanS0-AN;{%)oikkT_`y{UB2sGR=#JITnlLH(sjxq0XDQN{$?c6;)ZCA$5nH?6&> zS8gBc@`&rWr$QwpMq`2|WftqpK2v+mOQ~->=yiusUri;_U}A=9!+-&{;E%JUFGtwG z-%Z=69@Tn>vYOxD++6i<&PUNY6RKkWwE#^>UJ%6_p&>@#(8c8gL*#_anR>DHDSs67 zD%tbN>Dx>6!_oP>(-C?%Iz9Qsz4vZZ@uiY*h<8;1?=vWvMlv+V#hsiumCR+%>M7CB zgo#kPxV*8&sc7bw`Y>9)JV_K}Mlw$C<;nJ*k_VL|F|7oNDU%ib_a?i;um5T-_}}+u z$@%YgM$()VJQ8{OQGF~u|Lq+f9u5xc=fAHH5B@m+eU6_GANpURdpaM2#w4YmJVd;b z+6IniWQe}%!`9OOs&{OnP>j`6s^kmwONmoex&!CAzMTG%$gM0>C42;W@f=bLa=WcU z5TfJH1{%?Xl2qqQ1r_!E7bDr0>O#^xQ4i1qQKAgJ&GUrW8V%ObwXU#W zi@)0Kt~#N#?x$W4I??C~_-g=ChnfbI;~6f5g5jcfX_DmrQ&CvbR{l!oqjEB#?@$_z1PcTNxDG&Y}px`$6NW#vEz~|ZvN4CIuUh}F^7Si@3usYoKW+a_Qe5L~J z+uG{kLgQu+CMm!W1s^`trs3CLgO)G!Ep<3v)V|Rn_Z^?zn+tjQiK6RKo>!#(rDOuk zK9WoYBqRP3Vx_-SLAJwJcFy6#UuUF(51=Lb^;ZDyYqAB&5>njcX@Is98VeKvxWIr7 zVs)z>pf7joSjd@MIf-1S>-y-4Y<^@-$zb(=#N;i$; zv4oOws?OjOx|W~{l>ZZ4pN8sVeRE$8%7githE;8u^$Hrs6%}h+hc0QQx7r3Xx`u%Z zj~3oht;>|4qeta82qDR^R$}|>$}zF+tN}MuEUAW_^41;#{Y$VZy!JEgGLnKH!h{tq z)V(9wCNzfIdY8~O`O`KdV3dTOx^XrRZ#I#f#8xMA(J(vk({?Fm5jdWdaxM4>8Ye@i zkrqhsEjVyV*=yRt0}I+#j&z&YhoKAQW|5NyBzUMqX63R~1-(aiFV*I;r*Ee;S$dUc zmbpfh0#Gug7Ji}pTaQUU>LEAXi+o?{aPYQD`67{awrBKDlu;<7g$`8HC7YBPUTQZe z#pj{grF>9;hyK{veN=nB|ENFY@-?7cC*fb~`O<86EAVRofyL-F8FS&&B{*53Wp&*Zsa>V>dVlH-cU}T+|6REi`%)m`WltF zy*vE%*v|cdR0XwX2xaAbObSJHce#3>D;HVW1QucAo$_Bb?{D-qnw}(mF;o%A&;wE{ z$dBxs+JyhRQq1LXwU&IIYETd!Z$Lc9*V;t4rtF~3|k4|;boV_H4TVaKV@HQtpLF5ayV{r?~87CBfZBkE6G%%z%zU@I3JLAsvxL0gMPDj>Pcu<0 zU`4CH8)}attRANKQD6uZ_)00DcPn9XBDy|l4xmeC>N>i(_!_=e&y;VbWRz`diUXoY zru!X5EQxlRs_86>?y);E-zl+j!v(CI6FSQJwF@WoL=Z0iM;okWTc=m z5{#)b_BLS(e5Kqt)i=B9(b37Xz)`|fmR4QlLV%AU#K&=jAz|_^;!HnR zrTpN^+(h{x@c^~srvwF*BPtNb6XjGU)l+3Vr~H2grbc0g0`0!^Kx`We44U?kas#L- zETO-yeVrxrWwj!vx`2Vp8ybsMZRVtq(%O6M_pCp(uE;=gvwHo>sQi_8YM<*(p#lgKU zT}8?T-~USgYHC7YG*>Fq+}`4m_Yu#TJM_)|VA>jRu^jQ04}*2Agyb8XznkxukE- zO)?oCp)>JJd12;^bErC@tN3Dcj|+hQx#G>Ob3be3^JaI)L0)|pQ8 zDk+$e2ZKI@&XWfx8HOT^s;UpQ008fTPHBcylfhN5*QZ~9E^p}X9Mp!EJAq-GH)^VD zUv@35>bt-L|2tUsBITcV*;gHY#H!c0j9^y<%xm5J6aAgh3O8hVjkH?OyK*we2z&=?%3KR?L)IoQaApT# z4vCO)F)g8xk}A(C$|B?SE>zwgENteS4)sAwyxTd>xu-$Mr*Cmy3(#1(ht|KYxWPWE z+^>@1pOQfGo_KN4v;^$B7tug@<2OP_v? zwjdROcPCdm^%Ac3P?V@Riy7sD6*R^vDhTE_!IA#CYy{d+j*=3mVO|zF<75}40fc|Z zP1soMrS#D0;!G}g&d>vKVNX~Q({Z}c70s0fP$3BA_OR4-T)^gxs_JkX(yN-L+=Z^N z=B7G0NsP~osm5aT9ee5p?^{!8=RsHg(~28O(9Q8xR97n6EezhwHO&ocZ?diqu&o7( z?Fv@KPQ5St#SYkzg8Gi{->+`4$*#YTqn+RIru!s2u1)NuIeh!<>d%r%{#-F{%;saZ z(mrZLJ9)-E?8Dxe-0Yta$_pj_`C~ah&0t9ktP%kVU@g%OXLNGklv-LVkbRn zszh^EU#$ov2=qWyr65l*x{fc^-eS|!1dkx9nywi(HHj@jprGmo)NZf68lZL}G%gJt zTQ4W`dr};;d5#N$g8xAK(Kk{vtZh=NA~U@w`u0Cqf-NLeF&5t@Prg=zsl-ezxo+mv zG)6iofJ?N1CCfZQCqzIMQzYl}DG_aur^U}$_2OOveyCiAI+{tuH<(p96Z2A(I87Ib zypPio0z4&@759^%-9_P z6>w7g@S)|Cj_YOPRJA0$-gL6Ok7Zs1b~YPezWL^xZ_pN;*dSLz#xybYaqWM=sm2i{ zHaP!*6?dr2Qpw~Cec$Mjn7%TUfQ&kL3pRQ_o$A|+RQC1y4BXWY`jI}-QgnIY#$ z6qrJ>eV$@IBfK(ALq1@eZ~+S>C7P(pt*PUyy3y*eAk%tozFnb5_33DIdwhO08ZA|t zo!Fc8!JnR=9^af@UfiCY1Qlz6+gvj_RhSZ-kU|~T)RH8D}(-wEFS%+wU(g-{?DnpkblZnN7&1c zFE743d;RYENHV0q@Yi6V751r31;prwf^e(3SjcXJew)#C=dv<0BxwIsGZHL#^E=m=UEkCK)Hq^}b$j z=V!;K7o)R_*PZNI3(9NT9Nvviufx&l+PlM-B_~DwRPv!E#%#H?Albb$+%nGz#9OIf zAPmi+{XK@4hUFbnfMHgB)Or*!$N~t!s@=@s5ajsX=;rb*kVKzJP}SkuR8k3C^hy2W z$)&)ZZbGz*2n}5Hrz_}TDf0I8`t>O~x;R1Crxz!R2awpBRXIad`QWRP&NRO;>qy6}Z}iPt zX`1d`%tF+akExM4noQ{XFrh^cA&4Y7p*l)|(|?e2I;T2(q=~Tl_JkIZZHhMOTg>y# zI~DW1(c=dPbT{mqylkP;-lI?$mPL!+G z>o=#BPO5x3@Asnp=h5C_IK3m$-Zz864tgLcBc_fVn3eN_gys@0$AvJ~L=6jJjvhz~ ze$yjDbeTnoWr7kGm$qmeBoqK`9nD!%g25UK^gT)EC?Pq?5{_7=y)qo7e%NdE7JrMm zAjOa;e5TG^6ezbgeOiUct?LxRxvW^Ot*rS_nt&;V_a z(bd_K-oS`_O(uR8j9Rq4`wBkLh4ggTePxnuAnd;JeH)bKr-|<8AlPt)d85+wtBBq< z4NVd^$g3OGN7gZ_hPvhW)NI!{@#yMI)0RiyV~zrOtPf4PaY!i@pel2jd`l-P`oc5$ z)HX4%osMsF6--BhExpyypMtSr`82H$rb(DqtkpHaBXCv)T|W|I2gsWE`l-@4z*m`c zJ`!ICNH@MD6Qsxs>K`_iPJ*s=|A<+DFF$%394Osu%O9;$AX-vC+Qj|l-2ua- zdbNq>Gsb)tN*LjU6`|?Kt*hwPk9s^fWG=PdLea&+*N2DoVQYVRGiE5_2`&@5-m5z< zRUaFgKxDM~wMx0rg}s-|&^YLq$d?m+_Hgfn1ZR5mQ9bOJmJ4xuD zCWZ*cn#Gl(2G@FK4Hrj*&5%rJ5#mI z_e!Q;^=)1ETT@zgq|l8z6H0V1xaCg8^{OnJ-QJqX)lML78{p=*!_J-@S#MoE?hf*A z2(=^8m*afATrFSe4HMpxMUH7vpR4Bn%?k8oi~FCt(R1+ZZWQBhOE@Sy^Pv?aXb{Hu z(YtgVPTgTeTl5s3x|*zG)N`LVHkH+DYvuk}tMmSJJ90}mqvjs`(Ocun)w%4NclDZX zFod~DUH1%H_braSTZo`_hFYzCadSw=q|lu47Alpw2fKe2QQTts-S^N?idt1k*JXU` z%VGnwEDXM8o9$>+H^;7Mwt)rKMdER0SeJ6L@vVB>-_)||!jVt@+ZYq-tmPux*KPZs z*IKX?C1|-eLQi83Sc(v|T!zrU?!3R8kkGV&c>Axvw^K})-tV4bKE;`DgF{6_GO2d` zm1^`V<;?0`Yw2%Gm9shn)mrpd?>N4~(y4bjidWZOx0d47ZgT++ws76+>psf`P`|Ig zRK6R&(ZV9R%C_O4{^5h$BfM>))cQt_whrn+QB{B2*2mxGh6E@(otQk*>hs@#vKtZB z$=baZ5jQ&Ir$>?_pHiylJY zK-r>bOo_NAIlIA5?IUQbCJ=tTD$~?WLFqP&a{JOAOUr_a#jz@>rIHrcT{>(e;K*;? zOs!3_dz<&z_a4pe1IW8>KG?5VuF>+lg3SYWmzNLf-$Hhno6D0+o##XzD3D3eizs+| zLR=v(SeYel_vmk=V1!z0+}xz^e{-lVG%uLYE&vY@goJQ0)!_5980PuGqQ+$%Pj`~{VnpeaarRj~Xo zC}D`iGlrf?)}z@Jd>fMSv%eso5|X1m*(4)>F(0u!_*)Ml_e|J6*Z!$7YEQuKf6{sI zZMvc~!I=d57M&XV+V@LSk^(=~ot#Z}u}n`PIIKbBqf>i3Qu$%crz7P>qJoik5d?Xw zOkN zZX=<0m?+4Uynl;DJVU|%``1DE&ENhUdH)2<0KnJZ(JXn)$F%_VWi4GZkN?$|a+>9F z&8sX|kYt8M08Fs6`G6(NjRxs|P#;+BZHvun`R?WfjM+WI-{zX3Wo?_#$813$Qq?xL z{9>V)@?UG|f>wH+!X^M;g{C4zLv^bC(I^J+$UwN-WeV(4UWoptS01^W{CjyK__kP< z|9pk^RrK8x1d4>-5aT%!1&w*z821MIhli_iuF|DrQFa14Xa%H|7z5(!@&v-+pe=}f zsg4-8u%??>hl^O3dss_P5P0{Ax>Md+%^kQSdN)GopU79cR_SZ4khBKpD}Nhlx$V63 zIK3D4`h;@1ysimOXhyhBZakw&LNZgVUv7Iz!E%+p57KnYEtVD}UBG50H(=OWF-pj| zoK8)8V{qYA86>FMlZkdTmHTS;OrVqqNOoZg6bmQi-}g5+S0?+n0-r4q6Eg!HUO}Z9 zbvcjI)ca;q5b_Tle$vCxZ@I}UI40c5jasjx z&^d1?(15N0gmu#>Ot0{~Z4YR&fd5U!UwSJ@={?yHqW4J+peJA)rE@(@D;?BF($}Y- zc9SqBXy2Y^L4@vJvfPsL`*23D2=EwZS(irlxab#UX6>GS5oZlcE5s|v_o(wubJ;9E zI7z9M`8I;713&ms(Hti+`D3l)dG<&@2#;( z5Y3QI><-TNDpTFNvlDsr&;qkFM{{DJ+M40oOywBEYx<;K%PW=LjNK-f%vpBpF8b5QGpu=`kvnBhw2Wag-kayBDE4)undmCI(vPNIafzBc?SH8+N5+6`k2iL!V^IX zxj8_79E%wo-l+UPC+S4)dn$wOgcT~K4<567sJRRk+PX4eKV5o{4_(PU)SH%|aUkOP zyQAByqvJP6uTO8Uj&8mWw88s-Mrn!vqJHhuj0*VsFTolhRY8%XMR8080U^-gR3to_2Nk=ImI~IP0(mgEr?~3A#X+B=l~5zbu`1W7~ErdD#Tr zw&;?*VeQO}(wecG@W7-n-`oEh^0DlxB<6d6Ya{_#gL-cDp2o>C?XIj)jaTXx?U$^r z*R!j#Q#jIErw19G>(oIyu-TdIjR849)@R?H9UtA;Bp3Bd-dZ}1248u9d}5y%pSRX> zjj@gV=d0830NIYu-;HiguW#SpoR0z&J~YD3glLR~x2N&~D4$zK7wC8bJx8k!|ONNZsR>!E9~%He3Up&Edl z!>oWlZjioT(^@z=OTTNV%9Uxeq55Du2V8-62HY59yQ`EkE3JXW>vw058sNsjA2ZCA zwXs&xU@6!8E@Nws?CSFR=IH$P=xPPsw6EBvglhrcy&|eEJkqV##mbrgxDl*1_gy3C zp8U4m)A!jjNkiMRlB{A@N%po>Uu}ss$H zin*wo6n?>^4{bR%TXb*{=OYJ5TS+djP)`dgsF7Z;0W}EfO0kdmD_g&$_M#4{E3v2h zyEE)E$*;ObUM7zlxq;a^_&VUn555Lzoxyt`Ab+_J(gsBzRW5a|h-D%a>YFvXb?TV4ERXeNfl(~i9GzA% z+lSY+`>wmsEjO5~zuSBi9A^)B0(9iCmKrhEAJxZzsRp&&qOvxaHQ7aP?=`Vid)vNI zuZ_y4+jOnh<;gnTdlQGf@2SA`680+){^9KA2#&!mH5OM-pjoCjr{||{Pj9Z*-oEvM z6(l8dB8o*ZLOf+O>Lahk0bbF zbooZt%>r`u6})s!6=NK4w4zQgzPr3WKE1vE_UL#MQ>C+gy}S87=)?sM5VzBk-r~{= zb_n2-Ba}~r#yYUY?AL?p!rG}#+O(ucrI;PFY_e_!&GmY{jafFi)j?4@r)EowMj662 zNqT#HdGTG~J$IlZ0vGpBF;=cXEgz)YC|FZoI)<84l{LK@sEdDN=UU45eC|}S zSrr!iG#dSQd3_SpaPC$}S_>|&61G`e3jSsDsIxwsk$S9^()c52T7#@($gv?L%Wq4SJKuJ1I;XL>li;?Yq{01?pR<> zkosCS<*U~kOyje+RkHjn`07>+J#N2A^QP z`B20Q4iBF12W=shpCa=8!|x|cz=w5m1T3ZT$?5U=(e=^I*$=0;s)9^_0xyam*l00N zeKT*zT-4%4D|&X$@%g*gXBRCNRTB{#?bQ4I*CdQD%dg4>i$1Nf}5;eu6N zY9p5ufVhK#F=J_C&++SzNY4BdS4D^W99tmd4cZn2s_RqX4&wjUec5NOPc}-g53~Jg6YFo5 zMSoKUc!Fg4ztJrDPm~_N|5fiby;s2!6ue$>v5@=sJuax^*H?-Yb4&}qixg;ttC%7r z*BET-QSa3A)K%YeC?U*QAxMI7n$Pf<2pZ!w?W*bSpkH0Sz>Ld@t)8iQzat9{4&Jhh zBMIM%FU<>iTE=%M(lGw1V>3giRY`8-*~4M{KivfGY#Vu9wGHMt|EpT!e}gcW362T+ z@M};{@}NV9v~M-QbfSS;wqUmt)j{CIBDk@U)-^q_@pvsg*SmCkY)w6k9{uizH@*XkWRpL69)Rw${)A86Qz^&wf{la?$^}~hpVQ1}PK&}d< zy8ia)_?pShk(DAZ1(d}XSkPF_Fq0KW%ntL?D~!bn0utU$-=f>Qpu zqe5JCdf1MN$Oy-=4ssMT(tBgks;U@-JZ3pbD)vWIsJse-p>au5t%`c7m!n?qSatw0 z(CK1VRlbJ(Uw)$UM+|$C46#Vj9q2Li9|Sp>Ng!oYMW~jFtbNsIzZm2Ae->o&YL034 zltBBslwJkA_dReq$x|xOn1}~LGNf;gRmurN+N4*= zdE-QIRpXheBK#^HON8F#304ufKs{akjw4QTT&Oql^q^t)%nYFd_=#p}R%u~AsKTE* z*tb_J*WI;9R2fX?`h)b?F}nJ&LK}p zw&n5J(S%@87UWjWI^Tghl2aYL`5lgNLZGI8p!4h1=s~l%9Am+(FNDKWksQqI7s-K5 zqRDsKmNbE0YQ&ooQ4vx80u^UJDFS_)GN1*I9J-gksp{ixVX|%W`&4-n+KBH9pH+h` zbLF&_OQnZCmfj!N=O-ZXezf;QYv>7R9J7p<@&pSIJ_m*U9-o@N{~^iyDOtEpo{}tq zTv=`6w4$4X{CZIDNdu$`G3c_fFlLDS*tACH!niBF1}g18xT ze#E-aEEuPlbEyK%i6904JQB~W$Isi@XCtkAr^)+y=xICqtV7g>{Le8!lb-c+4Nt`R zXPZE`ug^BXGWmQ1bo=_q0h0HEWTqTsyFh#Fc-8{Fx$2-ouD4f28tcPklo6rpU`BT@ zxr#XkbNGI+^HD&?MBu%Tgc0ntsS%xDG|8x&u9_fCy(M$?h(4FjTo=1-(9cYWykMnx zEc-pGt4}?sf=oz3vY1Q@+|Ua@!N_X;bq?=i`VjHwnkU=Sr=BK}^3OFS)6=IOQki_N zS+YHS>LE>wJpN2$s=E5$E)k>e6McU#q zqgP+r^@J3r{!<^xri-uMn{6WN8NMgT2Z4^R&Y}SAtZ)fwb$PtW(?)74vB=38uRH-G z<&J3_Kl9W)iA?fXH>5>7=$WS5x~)m|y3_vEIt4N{b3bM#+65FqXnVC0Pc9RnT^+Pc zeYM5-@7Lo|NKpdCJ_L2MiaSX=p-q);-0@hhW%hRIDtDvC1?BVT`DWX#-dwlWtAE{k zBl<+z;ZCdPeT_EJOo;q75vufAp!b5lB-6t4$ZxoBx5Gh!1Qb|E?TNDLzi%7=T_0#i zs+fARVC4(xCGgmu3YEDhf^0p&bgH3Bg>KvoJ&(!Ik56m*+4;Zszv`)D0!s0iq`Z0l z(5DFXx+QPx7r);hc}NP?_(JgivR+WlH1JT&=n;Jk27|$ig9G??Fc{SS-P?b0IQU}k z;PA!%{$OzU;_EL4`-88a?|p#=pJ2R=pOOn)d@=awzUqVfo&0=gNz}SQQGqqW(u^#R zNg<9&0pSUOBje@sH)PRxj9VMyX46{ooDGZlYZFIRyf4nY2nQbhiAVfC4$yYZd)ve~ zR`vTe`~XF0r_tPM)#|k~B-!7TWXDIUWmqk|7zgP2i^G9WE!}=Zrx{6rN)qWzs$gLC z`7+LS)MpZS*qDG<>h}o#Xv~9o`$ot6xU(VO;re&je1+{d=8Y;)2`7zm=+Bwi5*=PiB3LYC_id_>L^xkNs19HGd5*sDZ|-vBIr5H9zdeNdJ0Avt)>V z(8SNCdd(fXHXZBFzT#wN)>%QOlnY}IvdXsX&aIxbqP-XFv%z=1;{5BcJyVZKo`Kg4 z+o+h4>yLnG+rISV5U5510yQgP|X>VS^P* zvZC(V%1#i3S*b!JHslHpc{b>(JL8gG;CyIfsT_hw$~^6w5kJ%u`LBVootF_wp%k*h zqVc$zrxxY+pko}HA|vRWuu=*PmL-~k{xdg@&FhYh|4w4zV>`zpo}IqW3zgnS^IE71 zz_5qRl�r&uvW7fhUG`l%{sGSq*CXhu>=-Rf+%y}Fn{RTVD#=J@*b=;l=a z@$Txx{NY*DP>YKpsyVDJvr7-6gQqe}JIMHE`!!v*Up}3Myh5eATKwP_1Z+&)vuB-C zbidb}qov0F{b=uLhoX7mgP-SaIa?U--_I0@U^>;F!t46!?>{95Ez{a&lWv*i&UxN& zExK3PE!ZqG_jmE0x-fZGJpe)U?DNhm(5A+IA3-L^H4gdSWL_Vt;EB@qhV_JjPjCd3 z5KZkD*iyzX4oDXNf9$<^ciTp`I5>avQ`FFTzes)tcWRqX&nS}P=sB@9lAZp&cz7=ZYiX2p1PQVtMSu=r0 z>iTPKUQGF?zN_W}Y$%miE%{na<5pa#=XtF{rBcP|>lm{}O!4M;pHpF0pa#w- zD%)5?a#L?LGt~RfW8$B<^@ytq3dc|ycQhKRzY2wM5fV6=6QK&|X6<;1b=?w>IF38{ z3X48l#w;R{IFTh~|F52gL?svS;#>cI7J&8o|6YIG z9~boh{r+gU)Bium?`w6sWqDgs`xhM1FvRVg$`WGK$#1C51&#t7vdBrTs4Znn7La^G zI{hM+7=a5C`B~)#k)%Y8pm4;c`9@c#Jqs~i7STy11}O}tbA5VTumsOZiTro2NJuaz zopQ~5*w%z})qEzimYfw@~9J;k#SbKY^f zQ4=aK%L(}{C0tlJMK`VjLG@ttAEcOU$gOGAbe>r*Rrm2b*p2pm7Op#NxAN?Dx%aPM zO~Qu&wNK3l2z-d3?7Hb6fo7R<`+4c8HeY6y1^Ic9^b`IzK*mExBYHFe5$;>Rhlj*zkP=9%Cp+O-zv|Atw5BDMR7JC zKm7Rl=hq*8e81&3LZOW%5epXNj~|8V0&5}Qj%ivvbZtu(6vz4b{rT(d76qL+tBDiH zceQ>wY8d!>Cxpp^WlG5(YhPWfL?w*MRN{{wY@|HsDrKN|GlttPz8CG+* zAkjGqi6C(JM3o>6- zeo}{_5Xv_`DTyn*_{K5?1y8WTENl^*x?q6n*)3^wMR2gn`TQ3i=5}LK+poFmjs}tG z{cuntprNA4-Ep5Q7r}Ez)<^r)_vN90`vP@Ju5-^nup1K9(yu}vD&2E~4<$0*cdAVz zbdxTz#G(2_534UdA;9WDHt09rqq6{iXiurIoRa)2fNk~%jb%r?f0_ zy>_x}yMKDO$t?Ha8&xg$>h%v7|GOL0fM;)Yxjkn?iv{%7P`S$QHx=B=^-wIMSJ$um z-KGgup2+;!E4C@}PPOey@=DFss9+p7R*x>%MsyWA^{}zU1cPa%NcHgRED7OhNHHfo zPaXBclZL=_`>C9!o>T3VB3`_z_EDZKupgFqqK(UrG}D|L!^Fc?@Y(izdtr~(jON$k zzgkZx2XVM5xiX-`J^qq$RpwVh6=p!bC_VE0(xY!bA#aAdMEG4l?*1r5{2{>+$55U3 zM;rxEuP*i?95HVpMC^&|y|+*wpueO4^}i7LLIvuffBsYbOUHbgA0)-Z;W-I$CI=6D zxo={UP!`y?-*02EX;j^2Wpdz#EPGfrk$dh91VV!=uB&VQ=X7 zYB}NRk;`zwbE5g<=GfY71mxNMfmJY_YV;YKuir`A!HmsMg8&k7Z#xUf$yXd19bFEI@(@L4%dDf_y8 zdG-F6i}Tms>z_|Ae)4{Nef2trqf{p|^(i>_g6qYUujUC$qd>`n)l<6u@$~BT`RD5o@2^hZy#D;-`|A(Q=BE8! zvnZ`wzoPq}UaM-$TXbxrc*;Fj-TrK>%b!mF`_0w+kMGVaj~diBt-l2}FJ;!PC5%^O zmS=Mw)9o>Lqm|o1;8HjvlVTiWbFdxu3>*w_U0-c_))mvJRdCC-`=p(mkh9X+gGWI zOJ6tSgtM7fv%~ep+1GNMzeiQo2JKM9J}Z;!=cm>ag>**zl^>Fm!k!gYXuqpnlFh!6 zJ8HS~tT@s6qj2-S#Azgu%nZBd>zu&EfR`7L!@ZE;UGH+ytsr-!V zV}$1nwlyrbM0p!qJvt(+CzO*q zYeffKt-96o8rR5~MV!B#r0wqYzcHhU^aRsHGxQ%;g|DDoEk zlJBHsTv+2TnRk0Cd4jGfbl9nLqYUXS$@f{(Bs(9}^-`8@5|PHLiL0V_o>z^PYqw^o z!uCDPku>WNef`>fiC#wmVl!JWT%CUK)<;mUuVTG;1_g~BbA)+PH6#0V*-`FmIcd5x zj9@Vf*?e^!%cF3{A}$h4BiD(!_LHiK)c3b>X0_&)^3ji3V7|3M5|tK`!fGQH6e`rn zpZm0GO}SPLmLW*8q!9$*yh*T6F7y6%4t`quW$liIrcQyoN1e=#7ldWYTMC^z9B`h?oKY=3R^ zcm3H5^p21K35Il(3@)VWHI$%JiNZH0@gte<^Oq>-&ZI9&!&2*@<4b-p{+}#X3U3kTrw3&Rt$JfB9c)5Ec;5wC7pbSAd1`8 zip@&X*S2ZT(lAt!ylYDBZr7!gT4!wy;H^4!qw)9F1nO_u?L1^t9A0pqf(vKW4p4Y` zpKi~T#%FEszWdF62Dwh5OlVE_T)n+d$CnAc#e%#gtD3%J`@weIYsV1-7Pk~M{I8wQ z?rjnvz`xs^gfkBHx;?cqI;UPSpH*(AIaf5~7I-e*pk>O%&m@@>v?u?0PDp&l;#K{6 zYVIuzSp}E!sBI^!P+JvKj+~ ztfKT=nQ1Wjz_W%mi9rpKH-31|B9$0Z$d#87YW2F98qXoQ#Z-7kz|G=enoPlyi)*Q9 zOcrIWvcJ_tf(RtWLQ=dv9LEx@9rN04Xv^0^){FWCb_t2d-S=e15^{ou2fama+2e9Z zU2pmX4f@$rox;^6uL$YC%5}xfXBFkeZIZ-Jj+}4mG5_(VvgOc!fm}n58vUT$zw>c} zNndW$b*V|C*_ZhwgcJi{L$tEWQu*yS|%R1{!_m<9Q2FzpGLi1{ikR7eJxi@DC2Xv z{lz4Q^&#k90l`9RoQefY=s!Rx>D(OgoGf_7!e$lz|AmM)Nkd~S$1#1Aurzj(WNEWu z$$Dp!KrC_0?W33l*&m8{Wq;dAt4FsanL54AiFoi7%okQBRrcC*rQqa9Fx37FIO|Xr zc{KQ|_ZPj}9++d72B*Ml`ynvMID8y;xFK9GJVnGlLP%)8C2Bi&C zb;H_AN8CKoCf%(*Zr5+8`nO8s{ovg#jG(Tq<=!}1-jd{uEn}Pz)cy+^bo#wcuVkGd zvzgrgTcWRVd)-2pcy1G6Z#j7q1u>(Ms6FgCsrm)_p3G^4-d>!cLFWrndxm0?EGY*| z)rJ`;c(EkVE@K)KZE<%&!@uTg>aQrz{7U%@4H~l4uPYfMae8+wy(XtI`KII0{-_RALGqRO+N5*fo_eIdNy%(yzWh zJ-d=$S@^8|)GWqn@i34)=#o7DsdqQ?k9qiw8`#%!+UiYr;GVnvfRq2teNO&2hL@?r zq}yMMZyvDh`0v-&m;_9Cm;pe9R1ZV%7ZO{HUs9Y!gPlv>JnE4NnnG1#ON# z_P0*|2T5nG+Rp>CKZOXG?KFTJ>_5Z)!9h{~cX-g>>HnVN2d*VF;sS@^+0{8mC*SF8 zuTIJLy#?lP$*P|3L2aiC?b?QP+}@Wsq&^kl3UMM{p#_Urg6`%fY2ZNAQ&< z^W9qYO7@-SvTDxYKan~1S2nRJBz>pRyo1iJ&XMi_a3i7|eU6y;jI6`H03LFYIj z2!{#5!3xC*;UqGmJ*Z9PYvtb(py>*U1?4Ewj(|$RrT>zRZz)T8xRQ@32@s1wYxS2w zr)MTh_@ z%sKNZ79>DtS6nY9jmVdn`0`=MI7e)zwItf%L_%_k13Lz13M77rQw0M-qJYD?&71=o zMBmz}Ywh0x-x5fb{DpEsqqzm6SYV+6XaEnaNr!a52w_zvxbjNPPhZNF{QuJ5_sR)jEy4ozt_4RkQp zE`ICyZ0X#-+65e?evMFl&Nx-`=fd^=74ahg<0|^Bn=m6cYXo+;tNi_K@oq4thU zJuC$FZ?tU7Zb_2RfIuYs3GhTD5*{S&hYyxCqRVutV%!4~NpWyN=L@JWEvPqT+Od>I zzXBiPeZ0EhC+L%kJiWys4RGNxk60o+PUjI8X<{rH*1Ds=QtPK4_ZMV|J>8Q8O~vO$ zRlz#o{lw-U5;~ugq#k@Bn|nfkWPq2wn$u{mW)ToUeBmhzj}z=~09ks0!_bqvV53NF zbw3;gR3#1Yc*BOsaUB!LNCx)`QLx~2^G}G;r|#5Qp_Sw zyeSJ-ZgoNX!iU44dk4NDAVGc(X%c!dq|CRIkdJ;#NwRXDL8Ye!*adlhC|G`B3KHr8 zk^H5*(IHC%w=EX|OKmQV8B3N}oSb`ies_>J4SrQyK&$vgbiv znHSYw5rB1$|KX?*{rmI6Un2i}Ams!@-XJKgZ9F|1BjN`2|Nb z3~{@*a(d23xPd=#!81&ryY6kjRPQSA)U1{T??gUTmPk@?L zodT%>|=AA<@nm#nwq+qy%9pgb4# zaXyWdet5>xNUWb9Lfj_00!|1EfALeUE_-?ZO_QoKaFAPrO~(#?LDwR|g3MQypVTig z-}t0e%xA)jZ;XUq%z9Org-v`_9r9E+yCsdT2o6@ctXzeMb#>D#+qw~n$lgu8ABBuI zh0BoFl5X9kODxfX{?NnfOI5hgQ;D56Tijr_r4r~H(_ubNya(DZ zmkQn(s$stN7sS8e>9VWik<=F_6=j5~BOdqy55@;PT{c+u`i$W*3o5WALQN3uy0%Y( zWt*=v%%QMth*+)^QUgL}KWs#Z)$i8u3=&JI%nGM*tT~CgCFeIyNB-tv-Vn~^ZVDi; zEiC20*v+Cco^c(kD6@2vSJINO}->_{DDnXbp(_bvD?uP^?9v3(yUQDe~)70!M zVW~M0S0rX1@VuR0rn|J?W4*qIWdyFMdEHKyZTC;_HksufeDn7GyEmUNuU`Lf@xQw< z4S4o;L-D|;E*bdn$X z&ABnuqpAy=eP7OpTrrwo!hc0{zbk6noTAhfwf)o4j9rb_U5(dWjn{^a9vz0e8n2H9 z!(ENnU5(dWjo04`SavmDn*eoJsrw7YP{}hyzXke?rOa5YP{}h zyzXke?rOa5YP?pq+|_tRyBe>>uXi@ly*)02l*lr{4}(U>(_#c7OVZougFeSN7%SQTP5DtX_F-jMm8qvN0!ik zNM# z#yH=oH7@a&&5g2eRHHRJKP3x%OAYU5{wmi*TGw<_c_bKIGx;2~oj$s^gHk%`>NBQ= zZz;1Xm@;DW!W&W>su#5kFmLJI7I`cmg3_>Wuox#%R4F- zS-z^O)@{_zwMXr>Y4Dv-t8zw}Bzl{(Ol57zZ|IwfL{kqPrE0VmU)7opmKQ+?qrVZ%75;X#=>t6 z{fCrHG@5%4O$4%@{`Y%>68-NFcJklz{JuKX_txb9aB!kY71HJcM*$95dG~=YR_m`I)O0 zkZ*^Rm~oxre9-IlGD}n%oz}nj$R%0mXV1Tu!d7!%_6j_T{i+MN_ToaE2r?y!TqE*P@2KZ|QLrhxO=p;fX+l0M62ccO3{KE6_kJNn{Dz2pBZO4S zweEu8P%OH#|KbN#^MJkg7es>P#}6MabFU!PD-O>|h_mb;gM9NiZwwmeUJAM-EEV=` zzgJ*NfwiyOic;8<8#UEQ$eePKNG_%eb(8hiC-M)0=auI0{KKNP_|bO(a#26cHVoJ8 zLO;I^JoSCTxwDpj^KHt-bs^^#onBsEzdrl?^ZWDHg_Qt52~NUM-~r*O?BMG1^Y^FM zuRmV>RNY>J_@vt{Usf(yg6G5{I)3YS^PWiAAa9SZKfgQu`StbX=~?AGe@NJ}xQhtQ zCekt zOKOHf88**CObZb5<)e2s#NFq8(>-PtIz`*K7dNGg0SYT0@p;NVrY~ zw~;!RzeUeMr2pjxuiY>AYoh-%)n4yw1Ki~QF&dTZe}}_e{r6}2{oeF{mS5M&!|tc| zF$P%Bs7G4I6XDvpL zHs#!{pJXXBws9Si06sx&w`IHZfu|}3>he%0s68b!mJko#fu9g%QM-|+fpd(0Wzz?H z78nXN#r_SO&3>XwS_s(A#&f^Xu77K_U3Dj;(WyYslxBJT42nVT88C2FYU+yo>09k+ zWv7j{6s<{=x69mK51#cYr*~PCcUhDFrCF2Z7OK6>!oInfCxrjzBwH}=DssYBY*#*6 zt+N2DKvcgY)tQ&;xt_XgxfO2ZTjt7Lf2{8biZzjhHaV{8a!p#)O*^+ScdLW%w@aP6 zwqdi`dJiGWWtDAS_2HiT2jo_*G8Apoot9YPeO1?aqs#9ok1Mi${B9Dt;$+TG&?nWp z{R*|S;~@W<(TMUz8~xojc#2frkC39^s3s8K9jE@bxxx8WNe>=B$b75V{n{lsA^bHX ztRs$1BHL?+E(EyWWBAQM>9vFBW7C_Aoe)UsU~s_u=m%w^t2PZaj9x!@Q1tpiF?#*q zLdW)d{x#J9CFK6O)y;9E@-J)n z0No#OTg(qS@;`CHewEWxBV4Z{f87_wF}{Z(eq`+COb_tys9UVtPV`)=#dQcpKo@sILrr2l(h8o*8Z zzwzOykpJ&+wA24R&u?q}pUp;e!7m~%a2V=K*nNpydLXeXqL8a6V#yMR;R=y2G2R`P>oJKxDR3N@!X{ZYz&q+iQXoexC4JB!WScIq=)$_!HBt$ns5xFG^ni7Pg z6-o%^EJA{*o&w6{Di9T~K&glYx?>3!h>CAH!YE=Mi#zB?b|*V|RjX2j|D&9zgm;I- z-jV8kNpQr`9YH?mBT&i-5({Eez0K0dmmooc>GW9$qXi8DqM`5#El6a-(`3s#mfT?F zBoC2$pd9@sNuvu1(_5TSxtvbRNx5ZSo;cZ#z83OMm1s6<%T2PGr*a)tDqLVsi>Z=w zis3!e!TuIn;K$d@%8CANRkG#Dl@wt+rRifTP0IjB&!jD_9(kuG-Kj};YSNvWbf+fW zsYx5|+#g>}TB3q~o?7*PJRip?V}gqW{~M_#cW#b5z2xsfFZnxDQLfSd#liGh>VFJ+ zhl6tckN!^o_Z+{k#mbGrIps+j%NzK88qA5P&;gc2zlyRU`)DsDXpctOS2{=8nZ)}0 zsK0M|oM9TG_G{UWMssvoo`ceZx$RF-UpojQXK)lJ{5&>h_-hVfhqYg;%))W}d!t^v-$Q@v z=s%C2hyEW9`bGNR@9pxxKg-Xh=nh6Q60hQ_bLx(@wZIgusVW0@S?shC&8gE=dNGe5 zYNq*G%#2xHx9UIpyhi7~-YQbGhE)8qVHzb3e)C!$_cPd3Sa0$at1v+*(fdy$%h}SY z15}ZgH<@BzvQ7(@=n7e-vMFb(9`zLqYtmLd+bK!XP|1!S!ZC%!u$IDlnzL$EDkkJx zt1*BNDN(AgTarwj&r+>dHa*DcJFmA~?Zcq`J&ghy%^w5k&&V96s#>Yqrd-l9Jvr!g z+jZDRjaQMdkm$s;<#T**K$>&6W-lMWmaU=x91IU0$I4K4e_mi?{>Nhd&p~h4-^u^a z@{=d0`x2d}1PO-TynQXv6BJcLd!#e(pxb_DFzocl-u#Ai`p3QAKDr|)A|#Lv7B~t* z0#QM_-WZB;A`qK_CyVY2VUF%d7S>Y5(ONw2+dfcKRaW~7$@YURpGJoGv=yncpy)*{Q8Bi(&b5N>%|E%71GR# zTUUBkFd{hm)W;X*oPmz|z04WMuv1TADBa5~9JT+_?+kjKp4V%me099H>6B<9(9!>0 zmupkr^m}0af=wK4kM~Q?4SDgiV6yLQjl{(&CMWAVRp{;CRJ2`-|MReaGW_2gm+}AM z&j0gSewz_i&JWaDSnEo5Hu2@qIImbov6!*eFmDfGMz=>u^_~eukCX=&SlpuT2MKTw z;;z5$$|U}oe+}@zeC*+1N$)EHZ1VpfjEANC?>qnh=lN~z|DUsx!J)ABF^7JrHzm|n%7H`Nc@_Ao*O7@{8={OL=-=7Yg%TNmW9&u z#n+wv27S)bFjQ2i(3@jKYtoNHp9&qhl&eWkE|T9{ga4cKWsFZX{S{v~>=XV}Kx@O^ zwX-mWLjUk-yVwVOob$Yaqoy~|J9`9=bv-FCo467iO-oX7fkBp;cRqAuuv@D9KA+i0)oF6lDo z4i53L>|;)%vs2xLK51<H9h z;E&S!%vkfo^PNZ*~?9sOI}sCLcTL}=}dfw_NE7; zfcR){E>V8=Ed+w0Hr$CswDR+>W?qr^7 z?{Hz~+5}lba+_O`pn7p5H40eULa;~|{ zsjk0E>%S>WGWDF*H`6o4{mU`y7VCVn$EWZco|Ma2A z&O}kySNgzF`#q7?uQ=pR0r-bh02a6L!MecGQG6z~;J^BUZ}@GA|LJM zAMWZuKF{wl@P8fJe?Dx#L-K!QB>z~reTUMw|24(`OB~_(6XE~ypjiLCKkV=D|Fira zg#XQ3^Q(w>AFH5)cWJ#0lkO1CdZCM;@FiGLgNlBox`}XCM`JupP1ZLlO(S ze-9=X*|B>jg7GgS9^2vn`#At_#Q(ig{lEUm zoF{NHC*qPN;skMlMXJ&ja(_XVIuTZ@BH4dod>RRo+~Uwo*!;Z?vc)!E^Ev+454d2F zAy1}(^T;XsvsJH4A`GI`hyCMMHig9~5SsFw?`&N#i?^=J zIm4Y~qgAO!%K<+d^Ny=S>FFbKg4z{HV9a+pY;r@Q zh=@f(sQ5=W|3%Ca;Uv_z-6~<`sJAYg25^g8FV3vMj_kodVKA6c!UXeKc!EBhUBVMr zyn>JNe0B~#2&sG-I=lSEWoZEs5jxj(DcS#pqP_RnuM*+V@2t%(pT8p^cL^25Q!6_` zU6tLLMf1gPpzYxzp|KZZv9Lmdft!&=L(I9VVJzE8a+H;004iX17>k8lcmet>oC5XL z2Y}pVLT2=feKE!U4RL9Xt)uKdY6_?92Ya4-f>4w$rzEL7c5^Jq9bR>+c5g}qHe2{c zeFxBKx{p8@<%MqNu9uSaGZ5>oxuL$NXX9m`J#@nNm}^yj@NAl9ifN?W`-9R!nmeF+ z*Kov;azOy=AoK!#OMRFD$zBobugkI7}&=3i_BrFwZfaFY(=cD%VU;f$+$Zc2narc|AZ{NRr z^ZD}4=O5o+fA}Bg@5}dBAO6Q+r+^{iFBodeF=#Xgq7qDzheWcHe;4{Wsp*G@gv4mj zQhi3G_4R8*L|3~1odpS(bRMyUJk}Z8bpOYLg8xr{G#>B#KcD6ILegYGl87V0klJ^2 zw;&OkrZfzorY`nx@SN~Y>jnC-pd9fu2FV8T1qnkm57|^P0W_MwQl)+9EdeILd5)u? z^#Vm?t}@#0#lQ!UKxNkaKleN6eH5+`i=d^P5{ijru_DrGbLcX8`w zXNqrHFFRrxw_g5#trzGQoKTi>baDQgw>ojcekHzWb!b3vSACbTUt910_U`r7^&g72 zDBb_FA5Y)CdHvJ-H=SkhNMo$M|AXG3SB(GZj|PMB?*2c=?*%$r;Al=lHgC0Fyg(l# zT@@>6wcaryuP#~<(SetP&T!o6%YVK=Kghe=YQ01s76ip%I;Rm@kWgOPh@p^0bCMuV z1c#K=`UA+g4A>=N0?`PioJfJ`(~EwuH~9NrMX{~7@=*EWsB0;vqG=hAj zNI9}wy_K25sOc0&7F?qoxXkWlGmvcHq{`7izrR&XpcDYm4Owv%u{#vAIF&qD3#s(w zW}aw9Nf?+?a9qk~l0WMxA`&tja73b8ny_dI3D0ptB}>WCEMdzQa#FLhL}#|ORWjA^ zRFbLiMsjHe6nQOFz^n)_5sOKpixsgbW6(L`OjYpH3KVpD zd682*!3Ms)I72>;5cYk-IZEMDVB}+ek-NuUB02A+$&arWdf4<99FClY4hjqXfqp?a z6DFqV+*T+Q436&v&p^Yon&@LKfw81>v+zq67}y^+#SMo8XG%r1`jHdl18RmV>8Dey zd|}{nI%>I2rV*P+2%~wz(paS^r;$Q-T9N$&_HjTaE#&NK2VIdFN#r^|y}dYlF&?f% z#M$lg$}>^Rk{#@~5CAA4FpY#@&LSGkHG~e18bavc$bpbXT^Ewqx+U^*aS15k8gUr1 zJ2ZL6A~MMo<8U7BU!GXS#OU1u%1nMFiY9bgKcE)-J ze{BG2e=iWrxxrE5%$dFh^5DB8eB&8Ma3i{mQ2Hr1MVeB|4`(4)F?MbcYkU zOK3?r$8#+Qz|4QvS#+E_6!QMdn{f(dcI3gM90ioaTiNd~IHZBRPR{lJmZOROQ&StO z#++m|lnn`ViFgYk901K^5xOJO1!FgPa&5s&IU06)l4vaGd|?UZxGAa_kM^7M5&5fC z%TKfrDt(P+1dB8wpz=i`O(JLkaBHnt&TCeHl?7`(cvm%Hozz@fXd=Z)XPEN^Z%UI%PDi*pbHJ3+JvVAcNzzVOM zOI#P=B+$Z()*^F+BSfMZOMDWbB!xoPDJKcKIEVNo!BD@~>vhn_i}MzOf6LRHa-tYW zHk(nO;!qJ;aa%mb$YWm45xl}H&puQSF>CX@b->^HD zgn_3xdMdAqoTTR8JyrfS$QmH?M3Q~7j9G${RSThjCg1}>3AdlfmBLnKz&2>KDJR$O z0|Ez*QArz?9YTAz6r+iV!^ytlD|k$NP4Onmu}l)i_qQZTXh0@r?53=#B#T(efb~V1VIK z2w$G)NHRI8W_m#9f~Gjckq<(4IA;kJizO2B{-0f)^A7s-F`g%qIbE?dfoB^RF%8+Y zyTmjy4?vOp@$${p>G|u|8NWSiVh{xKQ&NL1BHgppj5l>6V4*Qe#UTa)$6NrXg@4G;;J1E#zn- zjt(1=&7;FZXM&^R1l9HhXaeP8KI52vP7^wj$520-r&K=}b zoK`?scqi+BQ0!mIO-6+)g+AHg8H;$jB*`1lz{nBF7eS&xhtnaRPOYFI$CS4#8={DN zCEFU~1V(UXCh(l2y^!7zL^|^hnn;-SI=zWv+mD*+6OP92rt6FLeM0b!98jsAc&jDf zn!kVs84RVg(h0!A}?*`W)+Ldg;WQ*&dBweXN(0h0xAL>>i+ANs(t2Mdl2W111o6yPI=bKg zVpFbZ@n#J~4o7fD193ENC~qH)dzl^}s1f`Joqpe)j$uPh!_n~ABA`(nrN2reP)Pz$j_@4ID+Jit zlSCirv<`WeJLI^FDk+Ob&b?LhYs#!20ke+K>n~Vxl_xEPCX>kuFGFzc4&1oMTjTxI zcEVVJVe3eS?SKBKjnE79H;|>2l`mLDcu9R68Vx2>GDScl6tKHUv21Egpaz(R64JVP zCbB@|OBP&fSyidFfSF0iZz?rgbnh7nM6I z>17%U8ixce7}vau2zgNtXqb16Wha_28`-7bbPoNDaW*bu7H?@rdD0)stI+cTGNm~3 z`h71M^d?Bj(wQKiEDuInRMxW?Ha#c9QBnUTNw;A(BnW=IJXQK2Bklxg0#w$?w}AWw z@oyAcD)*r&86RY1yw*knm?`CgE!AZym0Z|CN>eeaKPZVafFIUdk0vDn2Na|Y zagyGxCJX-*GfiH6ytph~Uf~ zpoz`8U|y)%A09VU3?3eX4)O=HS>~LbIg(=J+72WnUscb3^4d%Wrk4;P?bh%u@#$*G z5`y-o1Q<6&0r~Q*<#kAX!YBLpTZLAmI|#%`WRqOMaucxUgUc4sBQ4W`<&Pt*&vy&C zmCn)RENdVS%aml*(gATQtA`vAfN7K&G(wBjG@(HYp(P85Runq(Sn?cJ&}?x-JaBjnc;F27h5p0Um;cQul8UJb6uOiXVv4C;Dqci8 zp6CfQg!iN5dp{Q3T6#b=shO#X@2x)KEu$cx=5b z2ECFK!f7hl5)`WPN<~~BRXGXc8mx~eM>^m|Zch3B8v!>WzJSx)LTh&P1Jl+OM8zx6 zG*0TXg50QHJ9>u33H&=Ll37I7ka`~;4;^S!Nxwcz61fIJmxK$vgc{9DteEix5Hy-l zes(&MD|Qivo=HOm&Eaw1nMvd8iSM;xE!1So&|ZUG$U)y=;HDl%hewui=pR>tf1>rh zo`mcKO$qo0urv}t7w0$$LQtp7)*Tr=$%#6IoES86*icM3JUn*hS+hCUMLUnS%5V^E zJ+L(9Z>(Z5F%e;Y1QL(7<%hVsA+i%TXGsedW zV1_zAQ65cscs2Sj4Q+h!qVj&rSxF8Qm_r&Vv<#v|q*VDaXbuo3M5)05mGhWIpfR|5 zeR}@0Jh+Gx(1!i}(+%}M>lu8uGx#iT?~?o-=#=c%c+60){0A~Mc!8UPeNi^c23+!> zb6j*6Ivh2{qa(*5L}HGFg2Fp2-I}sZ=UZ-(K3_$?T^?8=>+$}}iNg>*8(biQ1A$V3 zNeDcdwUsFoF6Z4Zm8Eu_W`jYf0Lb)MxcLux7qO%c>VuX-vIo=$%yzF{Nd zgx+F7-jdZsn~^}oXL&Bg4BnKXRvv}r!9#|F@4>7`5*4LPBlMH=5W;V*w~`sQ=>b1D ztXcD$tIIRxyJt~l)1@53QqHwppYx8S98HzeBuMuI({)p}@^DylTFlXaVf z7hLN6cUpU)1Zp!42C6l`z&z_)8*W%_EVnIwA0Q;q<5w@Xo zd3&byrOw=n?6w9(sHSG#O^?c09TgURE9{nGLYBq%r`DV{JCmXe#86 zM$R;f9{h4MtXsP>xW&q642XeZSA(f!xc{M$5qrNk*qO4o(SKjf z?Q5ff=jgBBp}rI~6-b8-^_GXju>;aN*9fA_Biy(y$z{?6vAd|wP@>{Glx-*|n-cUa z2TeDA(064tFHkDXlNwAc)XK5I&&@^wn?x5F3 zF`Mf%>(1D2Uulr6z!N$%c4OsrWoCV+jk_>S^#=|)Yauxo^;jJ&2@?agrbKoCMD~ir zA(q5IyVfZkvZ4d!;}(^%*Ptm@9SqcXuoxPF2N4RHfmL4PHf&0JheO9jS)&*0@{lD- z0i_z4uLQasbdEZG6Z5s%PM~Mhlwlk8)H>yD5SezlBHva1c6UI#Bmb3m%>mDxiE?@` z+JGG|qY%vOO5&G-kdXn-OB>dd+zc{uGcMuzvn*1m$dg;!zSbfO1_t|yas>DXJkT@& zG|L9{`)ny8rPcw?4H6E~9F2M-iRUP@jLoFVnlqybS7J?e18oDaFiqt8`%Q&_{=t4n zQ8XalMmIR2vk97p%)db_(czQ&e!%Xzu`U*TMRIh`6h090V-QqS+wDnx*;pG9qO)wLh6+=s3@N}H|#^%|6&52Wr&fTdk(T zlx&!!iOzd8G2TF~$0@K0ns|X`Aq#AKiY^h_`}E?l*YwQx4)*sQH+=;|*=LY~qrI?^ z(ZJXm=Z%R<^6}HhHy7`&Cx}G1HaONyp{cj?VZXm$v`!n-CXVAvotR3FI-_6E>Dz19 zOBApzthgzQ(i`uakc*Hp$g98-batAv%JJ+7m3RXSgV}hLMAc7eh~$gBEmVXnwNuJMso)`{ zV-o2o$ABTuH1;`a$O#=B4V<`2aC6P1*Y53LqQjQ=KD{_-stGix!b2uoLL4q8fcfeCHSc2 z?Zs!>BneqqnG`C4Hw7z`%^o0oxm1?ISLVCSI1GB+OPt^(0hNJ~ zqO`2axjG-JyMU3K$nCm=d(! zUYvdFQbe-M|z!+|`f zi4wK##y4NsFuN6HXDSG)QsH4-OY^)KWF^=QQIgI)s3O5GAi3VeAll~psN99C_eQy--l=^Rf!JO7|%6j#aVRX>^BSW|CW{5kdZfEn}rXo+j)j zpF+BYT=&9`9ix}+t%JqRNr(*x4kxB;u~+=*__(2}d3<~b%*xMFczyd$Cu?*Z9<5#q zhmb($>fDG3a7sHhtZlg~bw*tMiaQL?(#joGWn=;X*TI%Xps%>RLNCV0V*`PPI)m|X zrZXtVJgcF>KS+tTmX%q>!i8P7DNrG33K0u(1db-51Ru3<5fFg!e zEjI870GEs@S>RjB5+&g#gr}iC>pCk>3z@t;md}yYAbyVZyv9tSY0w0eu1ENOi;B$&0EYUjsyZm|~0N$#Z7Nm7);!}7!_0*PY%HBag zqzT}WfCx-O9p!61cs^--XY@@Fvi1lrgGV4)eOM5E0--EkrCX2Q0l9@Is+z72#p)Qo ziwb4HfuM0WOQ2*zL0jXeNkSq4mQlh}QiB#?7f$Sn(DZxNh?R9*mgbNMUy*5tgAbP4?9 zj3ElN9y+^&wN$i}Q-HkYa4uFllvREdk~#KQfRy#vN=>;WV!?vUCmDy~szytwXpEsF zjz9(08hx9ZCNCHt4fm_kW#wHQl_jt;+oK+@so%}`z$lf}^e3jQ$0Xz0Rc;rJ@T}5& ze9#o%9gLhM)!c8vv|)fbYiJ6ygQ2?yqGoIWc1Od&$4P)p8ZOiQxS{rOJXYFAWr9~4 z+>Beqf#k&l;$w$z;zkpe<%!D+H+!GP4TKvt{HW(BL!j3j4Ba!LJZ~YtnD7^wF-iq* zn#2`m{Y@F1@!@{83mC+Wf*HCHIO`Y;?PfMz?m@3+G}jAiV(9zCbl=c`Gd}36v!X6> zHiE<)c}oT8cO9IdT^InHN+Bk%HF0p=BO=s#d}`L+lu93rb1JpCDz6oYAW9zTT9cj> zM(i^K?xuM{$A_c+CehWyIxhI^>hTnBhIcmb=KsYHpi)7mmly>QA87!{-@GJ_l2W zrB#+K@EGL+M}iu>c0*Q)N`|O_@!F>8Fwi7Aj?v?tojM zjrGmSkbLAMQRxYkbG3bOjs>1#4k>LRA+(A42ObLs{+8#)F$#qVPQ{{=x*fNWej1ow zA=w46Z$#*{Y*lPLbpHx0Y9J;qk?A9@v)ycsu@8mdDjE7CH%1}8~SXa4;s(#WRLlod7PRO-j@x+u8RVZ}gK{c80 zv&)@a#OrG?B$45=1d1tHsI`x zcT!lT?5O?5x_s8KxUnR7Tp;WxjB_i^x{k_n*8QfOd;iGdIO{OI$=H}P9}PN(uZoCP zA{?Tmb->M$>~@;REEXJ<8laAvc6##U1A~J&8J3opIB29pnDc0mon+-k9Jx*4SRN zT@&NIESS}A%fXxa35|OrjW+IBazmulJrfMV|CoP6RAeYb6+~$a{MRj`Qc_yd5QFV_ z8j>Y<%NYPqjd?berWc`iRN4>Y6L6;ES5<_wRVHZ?FBrPKIJdLR$2{Or`M$tZnr=x? zNuuY*?Y`Pyn?>kH5-tsU`U=hH7aba?f(q_{C7_~(93=@f(a1=#!N$;nOhqs|-=>(a zr!Ze`#V6p=Wg3P$Lk{MeRA-eoN>{Ac^osQ~Eik+o;R`EeyT108 zK?;q9hFEO1E*7ZX{RAjj(jd?jcoqP6J z$O&p=z4mO_H!HS>DpvubN-zCl)YR=_bUbjD-)psAz69sLmoE!SI1t!+NGuYT&KF=u z?K#?VK!Mt!xaIfJUsDL6G?uWl7Fy;}AG!0DILz z#*0vXN(Gv(P@*zjowQn$$)qKDH(!Ks^H<25+4?34zUwHMNahv7-6K%~Pl>ztlYn;> z3u3EzdyYdsaK|w68mtU(a#4TOChz)tt(a}K(qrZFq;q`S#d=UjL zO-Q2~Q_4j$Ri0oTD9S=+V&*gLrfYXoLFq`)`9hFLQ3K=J<0#owm^L^Xs&fa{7Bs1< zCp)nVZAe8&M~aI65Yjj%fz2VqQOM@hSIS;MFp4_lFpn<$RCoySTgE0}rqfVKG&&mZ z?>ovD*UMffsLShcvg2ih06SzuOg}p6>mj*diGvR-P=w}NU2LMURjto{&VyI!R*c>$ z&A5HzJLMd=OA~lzya7tMSi!&G7v<#SkWe^m3i!j!hBhkM&>UUC+lw^ASZU`}*- z&q~;mQe$K!Z)G$A1qXzYD3ke&B}-kV2U3J1h^}3d0Q50NDs~(qc|p`cFJB9M%#fyNJ3*wvyQh`s%&tXhqY6}1r@vVbt4}Bu__eVKqfBH;QLas@7s8WEMg`p#?R;TC&}eDZ#doq!1V(&~+5kGq(^J z>0M6AaGF)|r0Qyon_jK)c)!Lq>}R)#56>(CIb#>#WHy`qM3>aw>!!-!kyZwmbOR(S zKUPgi6n4p6$<4q`Dd?z7LC0P|=TxZZ11LBObtEL2F6baeO>4=FMngxV4A27yH(Qb6 z-A~^;{JIgz?H)Fi@J8b!XBb@Y^3oy`6${`SzvXD+d7KDOGENhl%R{Lo!DM9v&hi0i z#*knO z%5GP~V<@zBdiLSs{X2B^`v3iSarOHA#Aay1#V}tf$58q5Z2;KHO{e#Yz4$5W0H|BA{5Vq874#?EDWC3n`!I z$YSCzA}twEp@fHofGp~keo*+dg&@-r)bp@2pRQC|F~d8<))*@Q!V7`}o$H7$3EG2f z;S}Tr@a>Yg-sXkLyB6?$9d|9jgS>zkO(hp6gd~k@$U;XczX5#Nrq`BbH2PI_GXN$F8hgE7jnZyG!e!TH`f$kKg2udSns%0f4#F8V zO?Eo!k88Bl4qI$WGa2nf!j?oVNa|>Vb^3NE|BrIw|DptBb>s5#uJU4m{BY_T6>C{Q zf7u;%!thKJf#-@tUEazA!j^GJaU?9;2u3KKrAo><&~4_#TWkmY?eWxKNUSl5$QLo$ zhmJl=X7jTtw9-PAZcwW3Jvi>sTXGGZJ2ld9KA~6($s?1nI061tf?T;e!6f&<2U?Mr zS9ZMyF2Ec2Jjn|OzzjoCoiq$!hAN0_0^e8>uBq{01jd6#%6B&{57!RpXz%^?^}dcC z9LpJ?y-XXwpXrH!a5;%d^O^&55Czle)72uHs!&J0BW(fEWJ%eRTnp2!CQzCX)p%Pw zB%y^+zcU!X(o_`zMRb7P@bzs`zjFu;0Y$&cVb3Zh8-zndoNQj)8KP zG!(C6^e|b}Nx?_XfYsbh4c0-^voVloLnD}mMvhVc*g-HA*QOwGe)>DOXgEgM4*DCE zS|Z|=zI+a*03@u+C|VaGD8mxCm1d#jqM~;Ye3HF-rL)86Grh0uM9`~_;kjZaK|jI% zB5RuORFaS^3~9fU&%0JaiuVG16_)-KMBFH>fgubc9m#(`;u^7lNUs0Zpk+53ytB%(2|3zFZ5{>{qmI^7`Nb_zn%;oHab9+D+}E>26*di%T*)~m zOBP*2L2DIyVh3$1Fby(~kwLu|bEX@!eicjnPEMe*%OVJ&Gef6AZH0rNNz?DzJZN|lhX)6B z9Hvupz#Q;l)AY2%LxmDmedi#60&hU%GL;0KIjPT8fcyKHMAr*C6KK@=k|)}B1`Uzj z@K7PUylK!qp`h^rmhJVs4_E(v`TpYFhkRao6-EMK4Dvfk%o!8%?8ZpN>?+^(G}4iG zVK&W%M!?}=&fT?`30Ysbtn{Ai)ca!CG+p%YNR8swvsSs<3rxMM=>=k~(>$3nP-b-v zIlbZG(K=^ds~M@Nx?9M!39D_o_1dtYO{g|~9L|TQsVa65-{6=Y>|hP)$MER5r28t@ zmQ{vWr32FpP^NaRGI6|8R{8qucxkp9P3=F!qmh~Fxog$RrIm5A+uRTxC}@0Jvb17= zVw&Ot?PGlw;)Kp930w!DSwe^@(jWyi(|1Fa=kP$OJYRo_<#~Sn_S&f#S5yS@ERldc z$W76tV=~#I21L$fU6%oTm3LTIEG<;2D&Oy>b*+beb-zDk5#pKoAag&-n7;pFQ>ZoQ z`kf4$W``V(>U`(4H1BXo4$oNflo&S6(mWg;=3M4%bu++ORxUHuCqe?Dymql{HbdXj zNF;a#Dv+3Qsw&gki8Q_JBPA|fo_~)hgv{~^pqgHrx-k#OgW7wUT^fVMmMoI9*SwmO zzS}OQDViK*XS%nJ2?eFxAkW@q8bk1gc==K?PA^}gPYN7b_o|35XqODDtkiMPrK9#= zkZ{@I3oZVznEJeXJNSG%{A|J7-OtQ{+93(zh4aNnU&>=<)YzXcSt4+Va4Hs-ls2e8BbJUQ^w`V`NB}4^@M0LzlOvKy=tTMj!&Yn)gY4VFJ!QD+M5~Tg{?jB$ zBWp(Dmid3Q73n?q1oJG|yV~tgZ8)L_wn#aCUoWu!@1i~gV*~BHc zsFuVa!xvceRYEFNTU~Jnt}}i?s?>sWu#8%(W(ELCw_l@v=C z_FgE?AcH9a^TvSpaU?g(Cq(;PZ)NRFza->99CAS)Lo5qNV;UP!7#P?P0DTK&ne{0)wQ&h9WjifH>^cnOiPdfF^>) zEM)W5bu5qRnbl(Oi5;k^T%(59fwEd?wnioU z23-i3TqKQB66|+uJ`gu`o9;yoVVR*-vCu_Mkz4dv$~+9#OKxtld31gHj+YhrCQ<$y zh9sJDg`sIm!;G71TETGGAMBd|s5R_Vsxm8W$T?&;w&~y|dmQTP+^*`sVEm4h&l9!D zqzpp?SUbc~1o^PkD>hSDtD_^f?xZwmQeYa*wYeO31nEQ@;3%Vd$YuF;k{@IoMQfHu zzEa0hp-#X+kBC@8=M;<-dSa%T&N6aKk}R9cr@l(xspb>1`QP_m^!uaUKA?3)QcOQ) zlwJ)kcEiZt7D`LV<22|DRb|rRcaBu4n;7Z|jXH8rH`YCKy4jd`N?(mQAs!bjMj@RM zf8~c#K6ipC28RtLsKH@>e_y$ZDk_o*5yp!Sq8W>Fp~DG4P6KQpV9lp_-x3;Cm}(-H zSt_-wDG5{(JD8)XEL3*MS0{rD90fQDoEKS=)~WIe))YBOBV)nIElVlStgSa-cTva` zwZ>V^Zat=nyM?!MasU{!0-IncqqNlZO4MphC$0eKtV&XWV7_Men(CJZN8@bw+}#21 zKC{rA_pby<&g25D4;1Z|aEjQSN{R9}sACz1#21iC2s}Ove3~Xz9US)*e13Mfm1`%{klkg8<9TAd#pvJ|BQJch8 zb~e!26wO6f)r^&DI)ZwDnUbP|F0?sTUnLG`81l3Mn>>XGYb7Z{u1(WV)`wy3iLTuN zr%lhqnRBra&$Tx+A$q0ysAdKBsL^T zSdv+vB~V4M*Cg+37h)HJG)G4?6w-bl_A~DafS@+8IzG z8Y5q*j1_jFPItxpZCQM&2`9`>l1}&wP?tpS7 z40HAL4N1!!zKnCajrO!>RGDK{u{Gr&i~)P-Wn{)=r{m1+#P(N)11M_b?QpyXG$u$R z`dgYsWEDypsY9X|Pf6D;uyfHc8JXAJyh5KiF;NCt*oP`blPLwaQ!b7ktXvdKM(Ke1=GDTg;6m)TQIPMv^zklk|ir;uRtd6rOR&@_+9VA#(TPPHlaD}95@`Vyro z2Mf1{!Rp!7+XDA?C)l0c2OkBpJEb`M&lS(y^B^qd<%Y6q+bhphzscqVfq;5AX_x z9W}2W=n^NYn#j5$^5m7hLC>?Ylu&2um(pzef8dUTq%8#FK9#T9~0dPXO(%-h~9+G#+!X_d3Kubxxu- z*Jj`nvk%%d-~J%Tw-2(4J^#83o0JYM!0Pxh!QPvBHuo3n7L*QPqvCVJ?O3X-ulQn7AhpK+IPS zMkT*AnA`&e`FaW7i>R6*}Y4ezmt^rUiqq!rc!jp^Ahv zc}%xlITdXh`FEwVOC)h4sYbC?d^so?fY+@x2sQ%UBZJGa6vSECbm?SWqoxuDxk*|Rc>`Kfxb(R zx6VJzZi>v7(Ev9CgQ{qopvR>__Bh>CE8N?28~@tW!l8|S5AHJpuol)T90wtK_6IU+{a6Ehe|~&wY4rf<2B-0+WP$syU)vXM`Bv5>Uv#0bFFNnH zsGzaEU$>v^zuDWtEFVm>w2r`P6&jT0OD!8M(%YM4K@4kBE^%X? zDJ^Xy)|J8mJ?}kux~t7CCu(L2d3sj_S;~nWr8Q3CH_4uJd1Vlz#%f~7KPAI zIm$$8I+hCgMNXCt;*LZgs|nWcLw>`6;P7_5hH-;{%!3OHHB?15MbC$mv-yW@Ck#ik zzZJR-q@x=7Z`FzGol~0juZx~+q6`H z@eXZS8t(y{g0Jrr_`1zGQ;(gx{NN33s(s>X{g*xXf#&V=?j9Y2Gg`zFS<1O=YM0_+ zUOEC2x38ruA^|>4yMJ%0biIB#=*F?=fm{XT^~{68B7NC9LHsBzkL#w=*kYS~dS-NPU7Bg^XqRSt5>tRH3P^vj7Tb?+m}cE5CgQYKIfk?-mzSB2BTh%<^U(^_ zihO(#8qNS)D8iw(5Y065WL>K)t?^^+yQ91#3YVZO496rd#5P3R+{=k2may-Tv*Ey8 zl^k@hyMEnIsyd{+y-D_YrEJQvu>W!hd7zcP)MWLQY~CXX^EQ>Hxsrh(^XcQl*chs2 ze1ZKyPKi$!mAr-h>2jVew5umy<61EPM^r_x_IJEYO!dWXi&oA} z_w85x1mFJ34V|gOix$c z#&1b$iVEz*aC22tk;>|(twq|tZ)yO)dT#gn?=~*1G$z{dr?;`$m^Rbbp!ER)oJpN) zXv&f_c;_1IeY_`a_AGFA^*;(@*QKhY4w?bikhkOh z?hvO%OVy>uVr+^n*qf{dbD@Pd#^o*+;NNYww!@ohn9pC>xdMRM=U(X_hm66|%{C+^ zDM0ic*r}Mak0CISQHwHDB5$P`t(zNWTr6k2z1lR+I=t2I+0JjexjsMWRW`eNrsj&L z7YX{|@FY91Puz4{dhQ=CtSS3JTT~}(GCV(Ef71!P|Em812>TKgPxtZ%>~9)~+NVI& zk44$QuBltcql2AgG&Rb$wM3|usxW;9jx9_yvK`*^9q!{hJd=%ZwULeDOoRruc98HeZx*S`t%E0RSf0Iq@SO+bEIyyS zZ6%k6^ayqyZt7fm{(3mZJea8%zTpHaZ*H;@_domMHeCw)djV9n!$?Sj^10xMv=7(`|>mEux@*Y!dW(ccGGHl9Y{N}qM zrZ!8Y$reK|=?*zfx%j1ziQvtK>foC<13ENOKvDKF5Avq$9Q(x1fhn&6HKUhYf+!%F zNatQ%H#+;_APSWp>nma>)?W~pE0+rij{kDS^#m<72H(b7eEDBNk;o+(HqK=E)$H6wjbDddzv zV>S^T4}>4^vW0fAngUq=RzqTp^$GE9T{P0q7zNEU%=QEES-PGep7pkB2s@_9FWB`( z`_jaWO=6z=u_{-elxlvo5-}xk^6VMEoK3Z{y%(JPbEiGU`t=Us(~Y7=L;=J|26 zvi~T+XXk~U)N+wkla(0D=2pro^qlt15v!l`&at5a^TyX-dfa2=_NE%;9xG|nfZG0E zixi`qDN zSDz_wHV3%JZsod>3!T`;22N$S75epKwzkCI+c?J>K3%2!2PiZJsq|cRTk3K4CL> zQ9vYydMi7nAxiFL;#i2zu>+1MDv^ollHfKGtL51<@xDjyNcd%Y+7Dm*HAx;YD+}V( zA}pyCW9h1NgwYo`=@PV=k_u3)Hcu6MlsiK%WeNym-u5F{B|6T4$KaND5n^K`%+#%y zxsOTf-QDH84JYw;p<(HlQVrR!uYHiuO5R4Ihq1)W0~c4uBpujo&EDce-_q2Y(+e;L z7QTY4)ZqN3&|#{Zx>#HyNlP24g5RxWelGwHqAaduxx(xL2RYtK>pzoHT!eK!MpO8W z(!lm!@5OO^uy?Sx_x#{xn;10yMsv%JRa~iC=G%q21}8p5CA;yPxK_)?Id!H>C@7-b z1e{hIDsSJd^?Es06!?6zno zGmJW#c7H$$S4TAq_l!7+96csQ#oQ4d{>BVy3Xziqa~SLXX@F?+frAdffiZsK(ZfDz zW`&N;R)h40)^%Lb2$9wZ@37Cu%>d`PvP8rW; zjP}Ek@Aen&{rmYZ)uj>3V{I6ek=ABQhROEw2jQc%X!v zvcR;c_RV=irBeYmAdl&QUU`g(JPSO!sVLruPteOT0)!)QqBw_&TPT~iz#HhKz&3P{ z?&DR~Iit`|c>ZI+R=^fDg;)2*1;L$+mzxC(U+%rx!GW{tcaV!^dr2djeL3)_1 zS3XYha0q{|4PP9nr{CE~`lcaRf~a-Yl>=TUWJl45CCSPrFqwE*Z&1}s8Pyg$nanJ| za30Yj=|5OJ&t&%9tF#1t`O+w_m$><)e$9NFD*w?|S(`*J65onO?;Am8PN_WIR#7Xv zt>B`bqhqhfZ_M*?!_C!&$6G$GX0=eD$Jr{jQ&Jt36KoKDUzY99(=p7%U1}~xVZNw9x!E*w8$7Y=(;@av&s`1MN!u;=a#Lbu zf7|-;=)V9#e?_yV|W-4ZHfC*=Tenp{A}Ih-=Z~rF+0G<*SHZ zL73^=eq#1T`*=R``wJrbcJ+a|Y{P+@MgtL%yEkgXpwuv%%<u$Rbrd%5-7=202r+qy@+MADFbHuF?_1v@&SaF4C*!^(DV zt3n+KGU1e&oZ8xkPEez1ib6B4napvot^rJMBCD(}l*2{b6c&+54co-;=GmP*Wmp-^ ztZ@z0jW9^e`-CBjqC#31Clo>!ZHidbzuEEJWNeaJUS%}|v;yRGTbsXWX}+sT>9Z^x z7ce5(F&Gg=9kPKYG#lqo&_9-h@L1d{S$)Qaqdxn_;wpCrVt}R z(m|ElOP)tjjKEZsnc>RskcL6}2QfH?RVfp?>2_8$%n#WcmyN?qq{S@0HDT*%IVT zHX=2%<{fZ<@?ma)t3N@UkIE(p?APJJ({M&H@bIc-!}}?s57A-6h?9$2jirXN^0CA> z1|>-dFtktDLN9gdy0`zZ?!9=`>R#v*MVdtyTmyGy2z}s9+`WfAd!L@o^vWlmUTZ}8 zQx7}u@Ai`CFO$8ID5@Cnp=cIcEgO6i)2x6f!Aa90rXvUgv$w#0%qkF4{=rwdEJYkI zmi3hs|JSE?@82Dry-VrM;6g!J^rSY!(_(TqJ0dbl0@!Y@ZY!W%=76`^_!!l;celVZ z!69foWf)h@ctXA-5+-@?P}qI!LR7op*Ld*`Bez2xb4@nrwa>j4j8Pj_FxeANpO z5DThrF-jI-C35{YIFDgLE;-1pM3$rVgKkSuAmDUjZx_TC%q54BurK1~APJ~ya(N?5 zwJ55qOA_*lUR7q(i&tt{Q{2s+X59G~c3Z>F_xn+LJO5&5P2xK!)HekZkXw5L7OkZl zn<0Y1oE%R=fc7aLS`c$_^ehaAm&EYI_BKnA#1;K)W8bJ2y6YRwvo9C2XIw^3V zY;apI$2i5^kvB%y{c>SO=ykH6v=syP%LM$INLC7Oy*t)P-}s}A2$6w$S#eDwV7V<+ zZrPa8h_a-l3y4sTOBux;B-~%rm|`^(S==zpq-mwxlp+=XHFc9 zo5!e4ypix`c|1qKy$sBKo2?Mbnmpfj^v%+203S9$!lhp4s*=RL%m~Kzbw$Fp0@so{ zX~aDev#iczV_D=L4kH*gg+`E6BZfH_56N|#c0>T2evKeg&d?dJV56n%A@&>;x+x~+ z0g$td)SFn6ZfxT^5|(TeL8OBm``*p%N5v4IY#YJuRw*GdWw92#Ng^Y>J|w-L1EHT7 z%lxgJ0*-*OaR#=?z#@)>2kTY9L^I8{D9$%&snbr{@zSN<3$iPa{Wlc!$z|+7#(7gX zU=LXP2<6JC%#5?}i{B6q*0(oZC(K++Xk+NhTyR%vSKL4#L;^unq2pH=%|eV-a0)N7 zD_pC3!hm`%G+<8V*g6lb5^Nnu@N+wHq5bPkHeZmk2wB-;p8W;Llip-F(rk-WD}8M`EmGx0x@< zhJpCn<)W6;;!A2-oN1dF%x3SLsnA#_!Cadc`k4Uru^~ze@YsPVUw{Nm+#!mzx!p8< zOEqmfmjPdsx%DI0l?5oj>F!e3yHFPe{WTW3=`d?SkAJWLe#lms`_UV>cCEjcRetJY z2?)wzJ~?$wu9+A(0GC(G04=pMl#@BLiW>EP6>{(&6=A5!m9FBzZq3o?I1UJU1 zVncc!UtKM)mSt9Vx}o`8@rI(WFov}`un3!4Ws{}|vL~pz!Mu^ZrdO zB0%FQv{TLh)#w_ zFP;9J=3g(lcvohVS<+7#K^VW3O4$N&z#@DwjX?%9rsbh6Np>V8O}3!jt2|Ip4`TYO+qZYD?v&BNo2^5g+{&@6XI+^F+@)>)3dwZ{5 zynz4i?d`SxyZ_?5=gSr+qMf2|KpOFW7$OahVmwbZrOhDl4iaifpe>e>v9T zf^$5u-Q2lxxrhw!E_6g!v{1^%Sc(SjeOIWsJI(&O+tg}l)Z>{_=1sK!4r|6BJ>bcL z`!SI*xqITpjgD&x{>MBvV;S>Ea$UCG8AV~{IrxvqE2IsCxywD#Mh7OY;96=~HHkPY z*s_3xx-s3aRU-W=Wj>a*Sy@j^`_D8h}nW&y0WPGuiw;cGY<17bH_Cs$72geVT}qX=G-r zxiSwXlSrpZp~}HIn3fg<@cMYB1pEx6$kId6%qP7FC7UYci?f%Sd4@w_^a)LANi>-b zqbN<&$V{9`Q}T>o+)PAoV{ma4P&_eOIuU5PoeJCH+=&=9M7#L(2yu(aZq2Tx&`S)| zk`S;wU^SSBc?kkE^dvgx21u|X)c+Ej_C;W4p152GG_Cl};^syS?Cf-IYv`?H2z&Pk zGiLkjIrBR8vTQJzWu{_XtD1WA4#+6k&^ttj;}$h)W)PN;dlsCRUKekfnLSnYxX5!^ z9TK%=sT9F+ID}cUB#Hp>lZ$-lcJ8v!wLV@&HtJB-spw+&-5 zor}Okri7P^N;MJVd_n0-rVAfB)7;`i(Lsj%#(CdK6rtBhRv-%&u#ys>mzHUW{R0KK z`g2Q&7hUxC-FkT+Sr}wfRCm|7_RIm2=RA$3Hn2ytW2~A+&1sGN{qN=oQMDL`!eRR# z9MODPx0IDH8@@t^vk%|sj)?#9k0_4gC|eYiQg$eA_M_{f$`9Ln#9TI+*?>1yw5D0XBWW}vN2nq^kDFHOV|Q035b5K5lLXGF!o z^QCU0THZ+XmIGrzU0fAaRtCPbo;3qyAEnH0NQ&s*I+a#uFHke~fi#G0=VGd zq>9+_LW69#0snA3WFA%V}oPu)}ZiaBE7fm6jGrI4VDZR9<(hN99&YN zQnLq!!<~q?5?S@l5d{5ATl&yn)L3jF3QRt97kh6oY81jknN#i9CtT3t3YI0g@DL-- zQ`*d9gL92%-`gMJaW=VTEQD$zwFLt=Rwb%{K_)a5wDLNhOFfICGw(0yk@cMzGZ|57 zm-B3dbd%H+Gy@)Es$u^N_~J54lF%qnOGYAB)ziiW{mnzX#P>#t^rR}9V@}dY^(f+X z1J)(A2mR6F63DqO!PnZpQA~@f(6c0pyeKrO2AD>Q-rRtqAIo4-eP(^iSw=cii0o`e zVU}rsn_|{$Qd>A&3f-pk9V$CPZ*CUpxuU`xbM10Lo=$BB$SbfwR73Bj*g^1lA|sFc zvQd;H5Q^W-YPGzY*>O+IyT+C?xi)z_G z9Oi@=*1Ueg)0a>U7j{xjr*&@ z{K4|4Hv|}r9fniZSk|gaAnU6%mUFe@!7wJ~w5ak?)HO8GjYHZ$5)_3V9p^s_9b&}7 z7jDtGpE-9L=GsNkkpt1jm41-C9{K8f;iouS*U3Th+GR|6K7+_5ZGsoiA}5#)0`s^r zKEqif);U5%fS4ODvl|K1XD%`w7h2Sri_@4R>b5RyIerpFe+Ig~6*z%t8WPPv_v7%s zbazrv_77fu_cDpjg8`u8T{OyvTY~?yiq6aDRLevzPaK0;wphpt@xjgC_Kn!-HKU4M zqxaa+884fNy+srT2YNw~7gGq4H}+bOMV{SZc$@&K4_y=?drd1tU`i}uMry6fB||ed zUN4G((>!w`(sikGcBD9^>}d8K7`}7N9KJ4{v(Bnq&C3<-^u)^)S-+{O_ypCMnQm(> zRR!@skEQ6`cWdGFvLYwy<1vn6-*ZOiG#60DsNIf(7if%uk6JBHEoMsPbUES!zrB%89I; zxrUIo6IoY~Lx&>r+C5{G5Gt_J;5LD|iOZc!2QKJ}iMW=ljm8*E`s~&Ii&xpc%%8tG zn7n@V`uXJf-uPf&KA+0zo4uF$>sRBw{2+hT^A>i!0ebR&|M`pf{r-#RfKUT-k$e(k ziA#hAiD~bd2Lp$p3XO$CYFS*)X!(iT_!siEkHUS{wg6I5>EIaL|tbeYf}gf8u}t zjE_|=RP7g)M;ATcJ`%)o$5^oDL^o57QsM`)V!VoUDutLDCHm;}gm`*EF`Q%zWO^u= z*)!wR&8(ixibhVFWsN6-wQa^qHM*&@1=hY}e)W8zDo7P1gbd2Qg}$pwWYI;t_lLW? z0m<)<&El~eZ**anw;L?-f$fMzHo4BOBz1)nz0TkNueYE67x*B?nVv;6c3y}q&#`iF zu#DQf7}c~W@@;sy8~mgqwiOg{mCYqbC&YOx{~XeOE>3F+mXt1_-%l3)-#g}t6MVw2 z+fV3O@a^ZSu-`8$|Cb++{>wBp&Hjq_w{nhu-G0)-wu7rYW8fnn-A^1aSWM^n4y4py zyd~YrTtold0k5I?jdHl$&E~2xd>Okh?e(ASDcUVmGMxkJ>1HM!DWm-v+kjSjikw0W zB$)Ic7qU8=6;so2x4AgH18O(SO48;I>iMT7)|=7<`*r(Cjo-xd4P6&z8eyjBuiH;T zoGkpB?l?mL5yor=(}ik9#NKkU&pd;0Dc4~?8N)iU4xB_MVVC+o*qVaa3stnFB)_jf!TllPHjTKWe7pVVeSaA;Kg_8${?+`yj znMwbBG1j2)+L3d053ciMMmCzhmG zqlS0r5Jk^j$v)E4&K-(2r<71%n=7cqTd=Y2=F z2&C$2D1EY>Gjb851pT`G#BBJox{2wV@LH@PdDp!Ie`wtoi;JJ&L@q<&@R%+iDN(%t zSee>)$}de#fwj)_%ug7Vb3N*w={-}ygRTwx7mJIJH|CAY+h4bzDEcS;vQ``MJe;762JZ~nkOW-?p?CvqkKm zucqjl2XfMVib&;w}hkhOh7ROt`IS>+1-$kRGQD4Jyr{xmOH5gl!0 zBH9WpqvGjC)r40@7Eu(PJ0HHe?(kn_+F4@^M6%}CF1ewy&2!5=Flk&z_wZi)YUcf$D`|S!l_j&5bb- zqXb~jjj9;dsb3i zdkB9{PCn1WXR~z=EfQ6?eilKYpn?`^<~+w}3T4|~S+yU$q-3+KpTpYRbe1)R#w;$; z+$s?qzG5s(b<1qJ4?23O^zWj3>VBfbbo1lZ$hnOUf~?#T7g{zV6RC5u_to|B8SA0( zBlsi-VfAt$Ycy*UaXy1UF_xZUEvCzXuccWAvf}N5Q2u9G6A5u!=oyc*Ioly=$7QUK zC8BI#G|xU;Hp@j4MIWn)blzu-Fl*V2D2nOl`}uoLK#<#72oUj(Ix0`+gkPtyneLdq z6D)UFk&Xv+mLYbZyOl!+6I?W1r%n`coIVq?;%Zi|oHb*5w7OOvd^ zWMfRZh#=*nTF%Fqi0NWxx7kXM1QHw;=-Go<^HR%rg1gL7S(=S%TvVBd2#VN7d%AqosiE>B-Y4IA3}Lwe;^*2vpz6)UY-i)8mGcpY4e|HYbnGnCGo;09YEHBBmPkk* zd*<>=RD|2$^M*GwahV~mJ{<v$gLYt# z7!GliD?CszODZml8<|Ib(<5=~o$N@i3r_h~gJ$+JMiFd{uy~!x^8}{U1A|9V^mb{X zD0ve~+c-@rZ&Qm->sa>aXDoo38kS5DR!CnK5YvA&N?ggtJ%CfSRON(43)5^~#-azW z{HgP#W3GRA+QChxq1ZALZYvUEQ5W;9Ug0G+$Z*!*K+mJRvXAu_ zbDfuH1>t;{?PgX>86K#UF2ydyzWf^JMb)8~(`&%B}KApLk*l(`nm zg@8G|U=TNN$b$hJFRQ#nFpLanL(RqRDTsc?yk?mex3Vn55er4yVBk7bbC# znFht#96DtZ<`E%~ArnEnZ9Lbr&+;w2D0{JP1m z(#Yo*rpz$}F#(aO>2PZBgV{I%OC2&GA01K&%@@%Z_xB9AvGh?zO-Gws#RlymylS3z zrn|?V-fDi=J@_y-=^p$VFl?lGr7dr6T%i_vbb6u_Z|cB2yspf&$u!Tojxo$nYRzw` zir2LMdNu|wwGK82+8(+cBJVYKi5PC7SN@P>VhRk#7cJ;d{gsY+NmfO$=LG%q+93&yEN>C5-Aqs< za|E$QuKBB4Ef+dc(?D!0S)#%2<_kPGOFXY|?0_T3Bz}Gp_ZXXDjQz#&JLf(iT4_dQ7X(6(Mr|y6O5VvgWawKxD6=d{jK0K(LD;Cj)MNNa(Dr zc&H_je?S|9_w1KryAVea{AqSe_Z?o+l-m0W7OeT2wkU5Y8#P8nDLU&$gfwcd1z1Ny zy&lmPVE#b~U*?}kXqk?n3KRdx7DdWc8w_k4us_%mNCe=4a<@!tfc@o4j9OY!xGW-Q z4+KD`#ZBfR>IRtWgq^IHl}3(Y4@FZf5l1-kzr)(ERQyGajh?O;gMgaTG?xa~W#nGW zVYHuEt`J=Jet1y(6dpVZRDb&6=;wDL4tTwc0SCS|pRRXNOL_pfH+n8my5TGET_(|i zlghkivylYS&9j1N=QffP1Per6DSSC~8Rk@dNg6?Af_EbpN}`TFtm@skW>l8m))7{+RPvS}lG!*T9yUC=BLMah-6?2MD`=Tl*1-u%ADK3oN`QF)b~Xm? z+oCknGGix*nV(QlNZYxd0Xia;7%Tq!^mPzQL{n3)~~pU z`f2gZV#Sg~Iv5?(Fy(nv9F2}T^7&8G!Q*VfZP-n-l~{Ln1dUTPHJJPDlmd=cVy-ak zNAZ+;90%)Q3Xi~~V*JWFHNvJaZ*YUAP~~bhW!*Sya+TYTTp|Xt9Sw#n)Orat3YJ@? z2#|)oQoys#^=EhFIdq#Oh9v0+?xzSLj?vqLsF1`U?v5?)Zm zG@OW4NeyN*mjlQdAK4CZ;t){#qfi5+Y;h#Xr~ltkZ5 z4qv}`@gg1WqtbL8U2suZ^}&T)GLFdr~37z zFqJHrDx^PfGO-x!VkXC zKGlihA?z4}iu)+qWCWU1rFWCiHh|?q*9<>F!C_WCGaWdfq7bsmg06WBnRC4SNFFL_ z!GVH%m{%`BZXSEoU3i8<gq4ymQs7`CxVsSP~#!aeuis+!h7+oTsv zQkwwgO*4~`uM@D|zlzAlyj|&fh&Tf}5Nz)kj3E_y4M1U(oW*jZ`r zqGS;>e}gsrq&E-QqD1-STT%3TblP#6g`TNfEoSPLv!gI(>a7m6Vrb|t=S`^(NdZig z==Y#xLzW4)r>5;|7uQ7!_#ohPC%OF^EWY=V>7!hVgEMcp=K;GrQRMdska*7DpP`*$ z>(h@`i9cWC`r1)lt@}9l-RDP&e)R5pIVq?t3UtaFL5xDihH)dtX$>Hy|`BFInpQiwQ z%M8Kd`Rf<;{*L(XNQn4auGF#-yUl#DORq99O~jpVCv}6jadwaT80A(ssd&rd41(96WRm_#-k}U5}`F<-?w|`L5kj2%INjMdF8wN0giv8h%5>&@U|?HU4dQa(S&(CPz5^j0F-iy?9h(a z0NtF4I0-BkFZPcQpd!D+DDDms_L;Aj)y-ifM6F7B$X&UFu0(>L3RCq^?8;`ci|ykg z44U0-N^M5Eb=&2&Ty1o#eH%Y6YqMssH>Oo9 zyrH9Z&2U%)v8h3!ZpwBB1^r;ni&G#tf4#T&GE9%~zK`gE{rL`_l84F8umf8LC2saetSylp2dCC zQPF5YW}j%X`U(x7Ybh5lr=rOkKniyyG01h9XAL6{cWfFQgd6O1%dR}6t=b+mY$}4n zV zGv1zQ6z)zSm)Q!^(5YtKTwVqjt}NogbmnNPrqk5Z+{^=`rlzgm&eir)iz>%IZUO6w z7(;d;O#-bgeBM$6c-XYSz+#Wa@0AtkrY->Z$JG~j0SbRB2syO23xaQ}R1-n$NLBVd zimY1QW-APJIcwZfj~SEvMisfo{^KC>xqgv@&PH2%?9L4`5A7zs+q-#rc5iQGQ2z^d zdm+kYcByrF3G+kdm)@*+i~#=WWe+nlZg`bBOm0>KaLFe6W|Ht%ppPBWX3ovqz4KC5 zIq(o}{0w{R+K0UoPukf{_%eN3bm3E@XE`8rc95FA!BMH#)t;5x?<3nu@lTMwhEg#rnb(A$tHknC_ z>js!>!Cp18o@scWo_CrzzLaokku^Y;3lI@bJV*;S2ZIHxqko`lHr;i)_pUSU(}*W6 z=PwN)WrRScR6SC9x_3E^b#Yb6Jk;EQR5l|9EpuR>zdwrzM1Wz!2quc4R2RN6=ca)Ft(^orfw^mCIO90A(FFsoeGb>G)Dohp79HLz)*jg?i2uY9OUG=N z^#~)~{$M150@V&Lj0Cf7BDVyz5?OA(pdtJbfrEn|=p~=f@4-rMW-`JXA*P=QJICn- zU@(k3;1XmKZJqAqT- zM*dN*$fvNNgOatZai)=M0_F#ZK598^TiKsPKn(vpIz7Qo`5x4{S>wFzj?DhPkiZuR zXwkH;f-D-}UT(R7?QRQdqlIG5=5{iZ>_y$DMRFEbh~pDQ@3Oiq{OWg5sV#)r_U{go zy&X%sd;IBbZ%H*9F_9NO$h26PCc^v)%A&5b0*WYZm3dHE%IZoYoB7YJ zPgT>hV9z|tz}}QFk=c`p}u7{LD7}OH;jOQvjeBB8AC`bf(S@sHp#1%D0I}W#hxo%ppZFv zW`=Ru$!#Nj370DlTIkxR6Ui^;F_%%Dld-RErMNV+r@AUvmtGAJyj64W*eF8F1*Exn zlN2X#uMl%0nm+R}wOHsoWo+&dJ`g^Ex%^NWycY z^Hgk?M*g~$f6K3iqyG-kZ(v}NjRG_`L1=$2evXgq4lCvS;C@{+Pqkwu#{&>y?;XBL zuI5=$p>Gh)K3jxSDs?UMc)5ry-Ze~`yrOtQjdoVs+@x;xzlCW1Td+>QaHRX2-C&rz z0EYwlVcw8TdZ)1s=6Z#9kyi@g?n34_K%+p`bQ=9ki!J8Ba93|7!oJ05Y?HQN0w9MH zr<)rMyTEh2R99DppEliDZ=EGVPk#I=iQxS_e3igollC%+{2b=t_qPtJGKx+r=MORG zUUzh{UbE#t+3Yp?s;3!_Jm>apmxGJ52GXywtMe&dN%ciy7IVf`~KM&_07f`ex`qP zihK6-VJO-5Yru%Pk1orj*i|7qBY{m)mlOm$A0uFyj55EOIHk*=f{r*&f z#ee2b=WRn51*w_P9Ae*jZ6)Hp5ezHPKon=qbDlO)wl*qsH#nrX?%aTfeXvhSF{_s8 zx4o`_L6ud&rXo;A-*;`%IjouM5`t<~23drDC^!2rZI>UAtH&Jua*z>^p&G&R8AVo=a>o_bp=D*~ zk6A+Kdgx37fOioAd8<)vA)FsR7EEL_q!*bes^Q}6d10@)^^SCL$Euq^zM$2k3f8F=G7kk>C9r%P~op5aB7rTsGNbE z+LxKF0Qk3wDY}(qo89Upn`eJh6{gBxTU0i)8(uAoT<&s{F*XUz5T?mw*33)ZJNn__ z%?5&J5C_bBg(3i=VQcsz0B}H$zf5BNHkq(HWdExgDLX@?3hY4(h(3z$95#R${M?DR zQcvmv4xZu59{e%wBBn&}ZFDE%dp}~6iyramZx@7W1D5pm2y=POmEUln#2sc4r=l}b z7A|Go&7M%~7X3CtJx^Yy?QgA6ayrGR;F+A?wCC5IIFs|NYKnxI%oS3OFoYFU;&bE=krK5-0Y+0e~F6_y~1?h_ubYnfq%EFak zrjDQx4nil?etSltPz?99wnrzNxq-(b-vfssmUtAI558#OFYjqL{rf*UQW>FSb+hh9 zy!psE2QIp0X8!Ik8>muM^%b6|4!Oq5quAkgd!H8F2}@M5PACG`dDmO^%t}%E$B!R= zx=h8Qmeb99+$MoPC908wuqBk+yC=@_q?Ol7UnlG_=PF^>=p2 zCxvbbWi(FIf42_B7Ff7jZ7Khv#z%dE2Fo#9C-B3B9o{26p~gtK49<-3=8v511Flev z;|^W@ErjYYa`)YQ28gO14s%SdC>R&e%MI^iC+`z#V3IkZ29+#63>m4^%Hcq)l^Dy3 znjrR|!h@DnEOt|4Ux3N%z`plj9lX-mc ztrePKU8W0i+jH~TqJRpG41h=$9jso95cg1_$k7#i8{PGRK%288y!iu_T=c?c^W3*- zyKqLYEE@z`){wl$%mPrH>aI)fM4Aps)9uQijosKPbS_HimK!u8wmtCacD*hal;0s! zdz-}q#>Qhq?-Guo%YlLI0hH;P51mGZz?p*#Bkv{O62L`8+d+}|NKh6cTx63Eq2Q$j z3FZn=>@ShaOxz)^6X0#elq1YMZYQ0M00or0iEPD90YEfW4!?0dk^3!S>lCAt&~T1U z?_!GZ!N4ob;7gEwTjj+~kuL$~1N(jmub_=!j>3AEx1i3W2*ItW-WuID4u+gE^1!96 zrialp&Pg@@TIP#W`v+#Intw4O7F>+!s_viJqJY0RbJhE|tzm#KF-(_65&uh2_O#6s z1MiwSU6+)f6k>-Y;&TN6ArKa{S)?J22V;;p+;E%-bOjfM`)o$+DF+DoeTTwI1FOC9uBQ|dGVAf704dA!UFuc{yqwyzM$Jk)x>8SvH24F`huEOnA>_ZF#Z z3vP1${tOC20Epi6;hE zlq=>%nGwDjj1`!ERK{4iN=DU1=naN3;(9JOkL~cA>Gk>Tsn7v;q1g6Zy>{qV(hh$# zFTTiJoFAX=n!DetEdL=Z&2dv(FYXS!xJ$nM(tmY`Ws{CXYG%hMQnih`Sg3BzTr_T~ zlq*C%41`VoEq!kIQ*^h9his#Z9`RYzt~okAM8V;{9plE(uC{~saQ4fw*oN)Uo zLpGCSXU&)m|3s4c;D)^|0G_|pKvG7v8aBB1_|K-2d1btv7VN1Av)%dNK+@k_vY?c> z)q;(He^c2um8{}GPfrUU%RKX&A(1EPeJUoaKsrYUa|~T@(;tiv!%Jom_aG)-~w2?0*tJ`v1G%W#+qH@YvkHkvf-sU zv^Kv^tj#4GUYbK|^PeRd*OSqUI|n!g6xDM-={2v_hRW4)GPCZTwexo)$=0m?-*VU3 zGCS76R(tcXlC2i&mj9i&e(ln8u-uX;_zrE3z{r+Mo{mDbb4|O$Kapfy40*bVWcOVB zfX@b!m0lMCFtOc2_X2N@1p{QMhrsXhO(jFZkx!T}#x0Kk=-=Ue=zF`33>Yc>{?A^?d^}U|dvXhBl!)EA z0BRzrgbDMp*ja`=Miu|vv*aH#W?cN-X@MU%aKR%#cOu=|T0hTNvPIU+dRwqw!>pMl z-$pEyY`0&qUdhh8CsiofIi5}ks-B+A7p1g_8)uZcn~p^K?n_3M<>@Ize7m8e!P|S^ zW^XpbSy>=1EnX1@!$(w3g9)e%iZK$Y=?A&#xJ#)Y_uXLEV9A1L)#YELb>O{2Yxn?Y+$UqlHGIRx0DQn zJ&5zoj|UWo=wrahM!_6UwWhd7HdZ%;<3KS5t87>oyLT5v)1Ajz+{ha78lWyTI+;Sr zzgbTR2M(4nT$)U>AAtT1H=@qZ!TPI-!n+IQ1&T*V#?>eW0azp2$rOn>Y}4xmgoi-M z$fA}Lnac{wF4jAEe=Eu4^LAESWho; z`}Ez_P-a0=%-7a$ra95S2N2Bq6W2o>i;@W}Nzn_!|#y-|bT?sMm7 z;SXN4Srv?H^R1d(OHPYyW2*Vq=|B5(M|4%|m|8cjuW@buLX|AEulyVI(~6cpPxc0U zO7^17DtBC)_jlK3?QlVlDXrmx~oyeB}G9t~|$7N)Hw^4R^eKX>Bd*ZVJm za-9HZW__FQyZAFuO9Y@Ze{%RZ{sqNU$oZoAHr2|*qHWmSETUwQr?4M>5 zc_9O88_@m;DwSIkx7gfo(z!m-HnfO3-JNDdxvXVRS=OESgSr*Vs+JRVRTY1exsY|O zYV8Q0Tz46`A6ya0`<;vJldDSA5R?2dE6Q(oCfx~Y`N7>?tnnp+Q=8N1dkh4KppYYo z0+^lm{hKW8JMnt&_1=9K^>sJPbLhoTclr0P>G23F6dSRZ!2iBMcQ?7Hx4VOLnyq zAS?^pd1QAtG!fQz*NcS(=@6zL=kL!r9>y=)jstJYe(dZw{d}9Z>xCduXMXpy;LzRi zkr?BTnA^tDWUlO`<4OKg2IBGEwHm^iECCtFYx5}2MfZ0~&!ChQ`_B$D0sH&*Vf^c`Jp-8@n`H6o|~6KGh6c8iMa38a}@Ta=agk{XMe^ zP2=A(+ib(`c0owjv`Lj%7RNJ~NNeU1Z#XyiJmJxw$9EUeH~ZTRx{DV+w$HS-sAUaqH_s_U2rgE~HlrjcgX!nWv zPmBt19m_9rvP6z*Glm{8;zH%(PCUO~Su))vzU8-t2AuuXM#Xy}<`JhF<=lqYZjp>> zsQtcZKZ|Qdf4#WMFZth(+Q2qG_&eQY{R1*-juyq4%^bfIKY47%9#ata7d$QFjOw91 z3LO09|DZw0!p^(%((@_d-?TyzlDsn_|I{wui8T2{oI}>9(1*gdQFpn`^A_{yze7(+ zw5|J-UrcweRaMDJb6=6L@K&_Yt7~U?S6bN- zZNtgT-K|j)5ai_TK%2c{Kh(Da2^2jyZ}Bac(b3+;#yuo`sZ)_F^46}krv=^RYQ~HP zZ8oZ(a9h%XS%t={zF1dL*%6wn{PF#NkQr_^Vm}l0zKWrNjAg4x+LYK3S{s6xV7^+9 zLqOlzV(0p&b=L@S8u(YJ&CkSx9{2fKG$d$;ZkBs`_|0bXS9MqSE?r|d^e(~OYq=7O ztf>7Y<6==x*dIG>76zGm~*!`HAUw%JT;9C0X5AsF>(SNXVS1`2yJ1m~a4qOT(}`q!U_l zRt;G0hyvs{I1&rgziXN0PJ8R_bWe435k7(Ihgy)??r2({BE<-$&c8D$i`Yiwc6Sng z5NyQW4MjBYgNIa}2gvgj^rD@YtnXh@=?Y6Y457&%=m8=K_`xU?t)L%?GQ zuJ@@)^bWE1JqLXrJz7#I~0sj=@ z{Qo@^Tkn>&TFBiWWL*~37P5%D7to%m-g_9z1Gza!-T~sJn$RQ*OQ`SOGn6buS>@GwcrFyON0KN)oDT;=Ymp$va^@KZvaDR9i%RB9jN6@r)|uhv z+UHO2btJ^L)k0hn_)MuBGNMv1M+lITkKX=#^5OFHr}t^^N;kXVSM?uoQ}643zN)f0 zMVU$kL5Q9n6LSx5Oq7=?b01PqxMlXZkpKw8p^*UYJ1_U%IUCp)H7&C%O`w{}Oj9D% zHHV<8b1G`3k&A@4A2kZ7eGko3;*Ey8&o`2O)!pcqF%l5v?EqWPrmnfvO@UD)+R;U; z`;yLJMkcLXm9mp4blnjPYv{s5ZlZvcrO{(SlN!`bE8`KP1v zcR&3(-ASU8hA=R+c+PK$wr$|9!oXX$LP2@Sx`7GCdws(E6>2sFs`xJ2-!a^Qu5 z*LWz>h05b%5mSSV?gWvvWWI6{wM5@c7-J?z-qC~(tJFMop>lqr^N+$a?|WqMl!eOI zJ*8NrV%u7=wM0h-(>(dwNKt{3vO_Y}@@i>L>yuMAc2V>vM-SZ9f^bSY4MZ2Yr!evi zKMLxLskUmUkQk}3uO-r2Tf!k^xRFWpC!1-SH6xK#D^*ExJ5$JEN$4{{p(`W^6(C!H zutF=z9@{;;eS%fqp<2cZ-ZVH07Dq3MQFq^3v|=kH3t zhv;w>XNw}fmMdd2B7t6JtjY~IsNZV3Ox+Xl%AHWX@z!N3!0UR0lCmap0o^gHo$Q5Ey$TvW^XSk?qM z1J`(9TJpAB5zcjv)ESO?7r6ttSb=~v3dGW(%I!&=X`|ea5R$tg1)2{xnLARlWV1nT zF~@uTq1=b?f`?~6v>vdLP?j&T^M){2&+;>hAvVPazxg4afso{{FFxfUw%qfdYLO;g z5_M4A6P%*8WB~I*BgVA$f?Aud5s!JWB^0d@?*aw{9~V__DQ-y!<@g=Hex!ynihir~ zp^ZjrDDUUDO7huAC{jC*hz6Db@I@E$ny#>q_NMwSEeA$23>nZnukZdXt|b(NlFYx( zg744OH2@CSnHK&m8u;DbOwqW2S^6P!swI?Nh+&wtHC!WLCB-8dG;zxJbT())6{Vau zVq9j`bqFxi7dW_Qq`bW8{w(VD>wMtnPW=5J_X^cW-5YkaFUn#Pnn9D=Kgp-$qlBc0 zEno^ZSF8=848Oh}ez@+}cD z{LSbNWxP;%%mT^XC)Q;>E@ey)i&=u5H4IsPry2lDK0f{Y*>U%u%6cNJCcA=UF}Of@ z-=Qi;8yk0$*!iKlJ`o?Qa)kk|VrtF#4t0o6p16B+K&WWJcVpRP2dU}H>%FvRp2(&y zCOwGk{DZC1_hp4*LKKReau$1PbCJRcAjO3jLiu&u`(p=FZWnph$TRZY4a`EkNU(>G zfDIq1(0T0+O@s|F0`6E-`^Go`!>YjsmHZ^sH?P)T1LV|Xb+cToLl+>S=*n-0Ah2$v zD4TfQ&8LjJM&^^d>1ztmkbSF7y|rPo^}lbDwI0Z_hJ9x`HFn&3RG1Gcm%9s<^VP*S z$@3qc0*zXzQeCai7G{MWtIF&hMUZ5F$NqmYQ?~-x?EwK2?qG&5-lMa*nZs1&NzUtm z9;^o#>y+iRZw7!df(a#-bCGFXTvfl#Ug!4F!6NifUv;RiU%Lh0iN4i>yn^{XCGmqo z0YRD>v`2o{3ibXT_|`k|z72i*wenEA!$;Mb?uV znNSOrzb$mV1RwYh%lt}qj7DoPo_4Q&B%vp@J7k;n2{q5Ye6Fll6NnQiUqF+qqiv?a zHt$Eimfro_Mb*eFb0Hx2kX{cK!^^$@yRY7&SE!;ovQ3JvP<_HM_22!nZ1(!jJQK#;G=#2SVu{M?nyolkQ$EqwH z{N%-HM-*m<+)PtMhG3(b#hTiQ>ANSlv#f~=9cOXR&t_R5=xw3Q*KKx*Ky$^l6!S#tpK02;MZe(BYjT)d!tu^pe&$8f3-AJw*VXM@tM7pgBnw5d>M zEt*^*0(jt`RaG>q?)4A0z2I~$h;&-3xol=~sl~^IQ6>h}?cR|Z*uh#tL4wCk$Q^Sh z&L(xXK*FBx&yW7xiS+rN?mK{5LiL4h0dJ?qT+iMid$dr!-*$!S<2<-)3-OJJ5r!vv zODOd3h5CF)sJ@GSOQB|}Qg!Qb9ijRz`YnY*m*FP~ZwP3IdxYw{=$i^9zch7b@#}_4 z^4;(5u!azm%pVUgFubFKP-k>>4BgDXe?y7Z3T5^HOYS#x^C!6|0Y+@=T2)tD=B%>@ zB5Wcf0gT;SpWeNHcXamd!_m+0V!!1rKfE4Xg$)j$&C_LB-Xo)9C)89!(G;}|C8T_x zhYs3+Q1B){5<$Yy&2-{;c;?ry^;hM(h&6BW*|QI-k%!NoaWZknB@!a-kMcuwY+O_@ z$x3xgaQ<3si{FX;y@MA!9Oj>AD`Re$vCX9}YMBd#8Bg1I$Ll>%Xp%}myFRm%}{IHf$io7CrYfP`j`05TKvY(ZMF zOUa6GM4-Q#6Pa7BP~Lu6j5IgrJMwbE$$DQkovdyS2ln14Ku;=8e-evK>swXlm~@?S zWvW+MgEe=HtIH*93#N7Z72nN;dHA+}tkv9pBdEzg%GD=1^}ZIuye_{%`j}JhP%M;g zu4*XFG2dMk)t5`N6lHz6sMQ3L-4Dgq0Zru}0T8xTX3A!)$GXS$YLl6qz*ZhzbgvS* z@=?Cpb)r-W8r-szMA7fXvuEeU;@Pu9@nhR#!EGD zFlsDVpyj$KmsdsAdKs-{`x{i0wn|5{MR5s9SUeAV=IhXOg~Se9eQ#D>Jj~%XGzXMTM#GP%wcj!h4b4V3?P& zRtO$rT=(zH;l8K~ErV=$^9GETeN)I=ss;A0wDq(wte(aj?hln}gi#935o7fgZ0zGg zRx$D}C*s^wIowl5B5Qm<{U|bn%}Qpj!U2Lx(lgnZ6Pa7+sXj5|*e%;lqF8*!EE3=0 zM5<8M87X9^Fb~X{LQj#trMXq+NQJS{g?XoAS*lx5TfBSU6E+E!)OkM;HOeP>Rp_Q( zndY~VkvJ=N#04a2ij>ci{xZs6x1ZGGY_j9IbIj%~AeXwxN}-o#^T6r}aXy1{)4V2n zqxlH8v%(lI6E&a9DyLK+bFSg4fx1#XzX*`28ojh79dQS{qWSLsDtEJ?x&cM?Ts%4LrN09G+K7KhQH!(~utab+wD-04}M$Rm+T+?+-F zz@qXeqIoIsrshgF!d+|0Q=;&JvUL9oT`cHaZ6xLameNcXe{s`Ymv|DT(X!IA zNyJG-i2r78sH$AS1Lg(be=NsT^6l7W_yn-k57E1WXYBVnnuT$1!f+@Vn3QCuA zT`?2XT#zeRUvOO}CTg+bswT}S9cbZB8XWpFOsY#nxJ-&>M8jB?b`#VM%sWVt&d8O7 zr@}bXv*>y`mXoIBoq&{9ILnF&Xq2%xnHV%Fj*XHVn|<+n`tJK=mwWyfttvc0Jh#7P z#cc1cBR1>(Dc*i_I3X!*-qZGhVV0XOv@L$2CbfB>b7>b9dM|LEnl-236ooPu^oYRm z-8;!?@2zR?rGm@uoVQcrAUS|(DQT`O2?@HmF(ch+uF4}fi5APUq;4hR*)y6+OI%WB z5moY5)G7OZK>I&`s93`49$G9m+i)B5TWzK=% zI+=(g*tSb`b%mOT6Q!0-UC0}%iaa_!G4Cz{qv*eX2j7`v!n~CK{=N9`--~y7(TLMp znaO1S2G9<XeySggbg>gT!U2htZC$YVRVfM*5ZWpG1JvC;8t`Lg=JM1*B~GQRtT^L zfr8t^;qX*HoroXgBs04Qaoq&P>ri%UObyGdeR;JkE|+zgjw0_1W1GR3#QbajfB_DE z#&66`Go_mpii{)wYbLHudsUB?ZX%+(`EtZDBgSB;QSx zHQ_st%*8bLpp;fPF*0<#!h3{qI{x_SOw44KL$%_WMBVw~6x{+V@rg05LX!Pq4~Sda z>T&1Q6t%yAE*T;WeVyhW9c$d_7a%H>SZ45;*PJ4v>ED2YNHw z+q!)t_H2j(XNmn5Hu{q(x%Gz_K?}60wFQMhLzu=vi(6TiBQah@XdHm&+#5Y~?7-_Q z8r|=q^2VYUYfO@(sNE`!MAut19|qbo{zC39R}My!V{c<38~jn=#H!~*J63RUeIOMN%Xb5JvAA8286umR1s zr&(tF`Ws^t=?0DoJd>gQ$cn7_CA%xOQ`#(2G4@b6%nkqxd<^(9(Elj4x22sOpbIHs z_JkeJXz{!cA^m4Pf^)urn75g;{{Dc$2XMr|-q4-6krjp94@HxRPjar%mEdn-_DaxC z>7e!|eB_VIyQHkP64TaS(1n3VcywXa z9B!Dr!jGSJ%VuV50xFGT`F0Wn!SSM0H$~R=JD3wV)KWMb6^u{Nk4VWJMdSoxl;Nxr zfB5<6m>drNP(0NinPiP{x*4^9Y1+pfFHKXh z!~ecDQR=#o;78v&+`@b4`mGWFYE*Y!H0BC5oo0YP1(&QF z50JpO1Y3^^%)fKYjF>bWA+kQqdA2ee-O2_CybUhFAPT!#P(6#X5)dxOl3>Qrbp;1y zEAA9U=n1fgB0K<_Lqs35i?id$UnfNs1s)%B)Fu8fu0eqFEy2Y2X>o$AnGX`EE_Dz`$YT3XmHqVB)kcbbeks~ovxAI2TBMiu555b$p z?qW9gv$AMb18uP5i8aSSg81IXSb%)Us?pxC4V-%F}l|LP2( zc}|){1Gm}&k{%GRtZF?F-yT?3Y&B`Ght^Ds0w6c|ZKCxx&Kcpf(eSdWFAw@IP zbentZxhQ${*ZiY5a?p%;|M91j4=KT}ftaSJm(6M+4@GJ8trV7cZ&o)H$uPFUKcC6uJ5}Y(Wq#G1sk^X-s-B5 z$`7$o%Ys^H7>FqC&w&5FKf=kXm;AC&=Kaj&T-7VF)Y%n8A#Mx5yg@BRV*{aDi}C69=C#+yo>~0QfmI1vP%-OYwbV+90m;Z78VWEd-tJCfdW^#S7m; zj@qzJTmm95CZ3}hT_nbhO5vUOelUr79M+G-H`;HtiD}J%jrJgpR3Waj`)5pH2yRCU z-y(3rZDb}t34&RNfCSz0HgExI-Dkvti6X-szz98NbRX0#yB-14PNo2D0#2|C{M{Jo zBX*G%=zi|lV3%&oHyEDa0~b(Zhwmh{47Q5YCyYRibXx8uY&L1lx-`5WL>|(cqB9K+ z7FT2MH?y^H|vC7haG3!kvVL8>G{WfE5d({(vGoP0RN91g^T zyv}!n6xyDoeKaE{n8$osdj5}iZcTX;1MufTwmzVF!XnQ0`G=3gmY2)<#+MH_+> zTl1Jb3qPc`apFr5gn-loY4|?F0VtJ2roi=f(VC4vAk@GZ9+nG^bh&3bX>cBPE5NQh zevn|~ces$A0{?e}^A!fZUFUwQo>x3@q-tgu#=t^>FT2|1v2xVy)jj*0l_3a%u)nv5 z{uKlv|F0;tnl14+aj&)CXb3`U|Ko3hxF<9}{>BU6tOjeIIb3|d313}Sv2kzYdCzNj zTT5NbsK_FNr%WZuGA!aF*26&WeC*u&2*KD-&>on-kp>ZGgD?V!H3>&SxeGqR%J9G~ zTwsYfKy8;i!a9!;ybW6D(*=ip{D|mE^zcLljBidk-6-7J%o!B%9!-pK7Tn=l66Y!? zbmE;B@FogOfd@)jWjjp>Z_z$+vUPX(Nd!!^3u6UUoP9!SgW5(txX4L}noWc?kE6X& z=Z&f3f>bc0D&nQyf!~{sA1|@A$J5}6Gx;Yo!q?>qMrj9dcehb13apSUYcn#oQYi`w zHOV~Qr2<5q{=J9) z-lKn$4ASo#q|mekQULv1z<&$)Z?P`o3`KD-{Y50di0Ll^`6c}dH-xrBtmCGN`}FS? z{<}s0CWWMB;98?r!-3gy2w16}@cv=j2KSi^4Rc{2@g${^2Hd*PeSLT029sUSj1v$s zryaF5<(&}dLSWZi9GXu)2|L5rpod^W{YH^FkYj|md3Z~$YCioG?m!t<1QJZKfQeTt zoxsRc$ziP@N;v^m;1MisR3mtCzjxAxqrHV_KVX?~3keA>7)JrwfK68x>l`U9Fv zDV^2(7=$J~MksNEkG$%h7d2Gj4|VQ@=yGwtr}uF)46!d2QI2?l4Oq(@syDn)GhIHJ zCtSKye$IA6#xzfqD`YBhcTN}& zhdRgMW2}JC43D}PxQ~PkhAv^7oorcOu*9Am>n;Tc7za|I?^w@&I*g&2OzXK&{bLP?_nT-m4j_x}6KKn%*&--RAp5NbtI01Hg z*M~)ZfWpb=f(PR3%rSJ~?Peo_^pmMSNi;Q^Ap_ zcMfoExOqCBH%Fq(Z59QcEJDI%X3vRp8N7_seV$v^2R#InRPAEMWK^JxZ0FYm1|5P~ zqVu*+x7@6WsDDu-cZhNe8Bi8Hct*Os`x0#w+8^PVaFz?qh<6fVlf(f>NK@2Nx-rL{ zFphaK`i(b}C2injp75X3MV$%h9*3M#)+hp~_JP@Lr%o8d|I`FQ6wx`&j{=XV#j~@6 z#7C3T(kd6w$->Zeh((pr6%knyWPYlsooNeFdO~;*lL8n!nP>V~jf1vwIE6hb@n=&E zoj9bn*o}gxwtaj8)b2RiEs^>hHxDK=};6~nlL0wT+udgSuo?+oS6*4j`3C4Ge z?naHeD8O9-gDjX7z94LBeIS|x&hb28J7xml3P#Q(NFBRF z43BWmM<9kx#)9@U%SoB}&+|#ZA=7$>Pf9icB&SbJyGZBD+-#<1j7-HA;Rtt;FhaXB zaNz)E9eBrB*-YQ&mRCSb6|u-c{|O+|8M$S^%LmP?&NEUesSIa>B#TvsnWS{2Mc+@l zp3wLd-XRJ(-sDP_7VcWKQi!Jyb$?~+M%#&_H$3wmaEwL)FJT@pVQN24Wwbb*SEwkm z(6M+!&!d2?ZKE!VMDg!L91fX^kv54sn3U_1ki6oB5jv`~#Xw^$=+-43z^x1Zi%nCR zNBn0BNrx2_&&d`{0;y*Jf;CLRXLeJ7Lz30*2kbXu11M%8ZedtOe2+qaG$^WM0Y$A$ zp0yZ0BxJTUQ>+yz^__M&G#FT(rqJatuymcpT%cCa=(O}p5)<>s?QY`XOE!0l&XpSs8?t+gP4QWcu-gn=v~YFBbIfmu z%*$z9K(R$$5GNcoQXC_)4B8lbWJu&RViddA#R3CkSjjxm`QWqpB_fF7LV zxf27f5HfdSKtvpmhW^5L7fKK$QrguNF$kR<)Il%j6h&rmlg!{|U7*5N zoN6qfsD=G7kVN#ETxyZPM8zYdOhd9$EeUGy=>NbiiAhjGr-EuGEx}?-4 z!HQA$<@Eh&hrWi=2XBDv9+zD#F+vMqgD3wW0cwePPiEG#KY5no17Ff}NbpBDR@CgA zkv@wocH^M%J_YNfmC1Z80%r3<70w16?~v&?xdu05X>PecVn9f|;kA}~ z^|cmzyPjVhql>K|AmbM+ylHOX8MLyls zxMux%b;;RATO&EvvK)8e#ChID`K5|+WGbsQpFhx(2XVP1$5m!F5Q}PosfAy zaNH%mpR*c9=B|i)0&7RgGOK5Fvs~(L4EOw8i8)!W*cEo>&PK{7hXcKDk~)y7j?s(% z3;zQ%*rAY$nTy?jbF4C)Ct!&;^3kA&e9+N8z}M?_e2gfJovT=JGWD^?PhKKEEQpX? z?o$U|QPYS<!{sui>DB6h#1IWO2(Y8 z*v%A8K!Ckf&?Sdq(>|4tmELG{(>XsHjpzr?l3dJ&vmphUbI18)YA;PKG)HJ`l+1=6d1s_)l7A!U+S7wck++`;Hsz&c^G=Nj_zEuOS#QK|7lWo}{I zs$@vr^;s0_AL~NR1{25hYobt#njcFKor#n9rsw2z@~s2G+Mft_dqDUo?u+~4-d?LY z5gXtRd=&2*4Io&8VD9awA7`$1yG*m*pNpS9U|wbRHbU!(l%Cm|B?4jYnEgx?)NNeO z?=eSxb5n(JdeWEnXHJn%b*}&Z;{%PE`CO$__C=7+d=(#AQ4>|+bfJ^?fJ@-N~C>(V` z+`g0HMSdREU?#Ym@s&Lb;!H2dX>IaoG;r^5{5e&3p+!q}bT&?!_ZBspLoL5xYt&3l zR{ZipAW^D!35cG8$c`Bx7dpi7Pw95&=DR})0enaLBkMI|!- zMT*&vb>RyXvs|kAF5ctnIs6yK%*j}}QM=}T;<%|oH;iDnVg-F_ehQGzp-~qzeGfk9 zKcgN%{*CyClR9Xk>z=UY+Ok&QN2kgo91}5rpP{#<8aW~HO(Zocz#B=1N( zb!^<0Lp+cKC2vK4wkK%pQQ}6q?WY@Pqvt zxFCNssnwoLCqaNmwHk{4T&=bF*MD_1Md``v4I{+sJ!N!yA^$hYf|=)af&7*M4E@*j zg{IuFx1rJHQKyGLUVi!C*O&crK1+xyQe*>A91cNx4k=Z00z-(Zu*6 zJt8?iTs}K|1ZrtaS?Saxz?+PS{%!h(Y3j!LBlnD-Hg_^-o4n112CD9`iXX;nBEJXy zL2jGb{TPElg}lB@sJ% z4cDg^pi6%N6`M7c*jeN#tq>G&Z3l~F^v0D23nqCI0ls<) zvz9?LWKU*7uw&s(j#3V&1fE>;s%(36YPG zy#iebpHUyhfMm98YUN-$vHpxqNVr1_#bL+$C;m~~K}7ndMRl@Fe8ZzS0f{N@aL6YL zM<6iAg;;N36w$zcG9$a5%l}biY#!`4;y#ih5lCpAc#Sn`ak6l6C9%dIsX%i&hUKen z7TitzG6SwKPWXzFD}u>>lA_8Ll;HOOZZbAHR-w!=_dpca^CwnjBI0WSk5noD;qN05 z^6xy5m~}Xr>hW}!+*Q!&{w~Ex!R&7l>{ad&w~Kklm;KAj$8BsGG{C zQF*^JR{upX=U6Qf#rlfoRGssjo=`C;@>Y=h8wz>=HaGXvpzeCk!o~`AB$9|vU32JG zl3L;s%zYYggpM&-5M>@@q151MOHX6E*>L24NU#pSAYiU^_g#JY<0r&tGC`I%GXfk@ zeWFNK?DeYUFCGwwl9TTnh zQDXYG8QEDgkO$Ws0c_?|!okK6p-UnRB1`OQ0icrC$U<=cn@sMkvc$9=l8@0f*Kf((yh!9!9l7g{GFHQlC^@ z3)+uJfA4d1KUJmPA|>iAYkXgVnY}Gk>JV#QGY?aGk~4<)Fko*8`~)*ZQ+*a=@kO8S zOt33I87z3rWa3uvyDWDQh#6!!5iZn=X-qu@?#k@7v~M1UX4i zyYamSxvg)m_-%G8AXAGfL{Zcy(vt=l{XR7b{y|-EO7kZh7{y&;?=J{vW{WzJ_#h|> zq3H{rL)WpK1gq(`ACEF8pVU2y&YVGdAqnp8__pIGk-6YF@;`Wb6tUNtK0}!PTlgSSWg=b{~-cF@3v+iot)Upf)66hmyzTpuK%O$>MZxAniPvPqNT{2c$86 zTq$wIzEZb^yqXMPv+ebwTr#e6+)cD!`43 zUXWL{12&jyam#vyP7Z-iju8{$iv>X5j)E`*HayRTx_~@PD<2Guj(8^~ z{1GYby5pmqIqdiv0fgX~lKQb)ctj0LBpxK|pfCr=Cr4a*2GZf~yhO2))c_4sQYO9^|ZVCP=|ar!JMQvEyqHI##^<*tmIY-lVtOT_k7|bmmMf zq-Cx!S;naWn`A^2#J_W?*dpU6nC^%O< zO&u3-R4hWqisiU)M*2ebrGN$EMq(VCRx$mQEB%xP^)uh{G$#F!aCOC%(uR0@T ze~%h$y0zf0W&;~xLD>ZGua*astL3DSTE>m{0cMW?ZlbwAU_y~dG5`MKJrP-INsz@V z)gFRLK2Ma<2mw~rV&v7kgyxhNh4MKQR7;euB;&!{O`O^^h-tV(F)OAkyfiI|`y_(V z2afBR)|8z-bjNmLtjG&Z-@)5^7Q~Mw_%H-!6jNn4fcNk_E+3gp?w1%~3(hz)*T^l- zI8x+O`4|(~p{qwKoZ}Vif_u|iWX@ZeuPHub0g4_&vSj^Zc%@CSHVn_i6Hja>E4DeY zjTPIrZD*p1lZkEH$;7s8o9oTKzx^EFi$8sJRpZxHjq~iPA}ZC=hR+$pqmmFoOo)yb zkFQBwqrLVjqJgc&>x#K>HWwek4!HUJ*Vcz3zkpTnuxcPIqBERB49Bw<2o7o7!C{}I zkM<}~SBGWFy66UmFSce-8 zv2gJjWx>pWu=gXk<9u#Y&;T&T4Rq+v-^*#omVk^}d_5M?3eTb|26MCjq`5l;@sc9l zUq9U^6?lu&i!#<-1n#D;%b(F2P}1OiP8mI4H>ezx*6_lX5?IGc1;(ar)oPI`xXqja z{ZGD@Gfp|jb16|jOt@;utv72Ad@}_^{=Zk{EH>Kc-qv=12dX&5cks6;>&WJ1f zN9O6usdxJ}O@03`#aFiX4><7@okyN|vlL`uk}KK$0b>%eLL%*R1t*AeJZ;j`-E_Bq zdFzrgF9V1EmcP!Vqqg0PkjDWg{g8;&20v?1qIL9F*i|P@HCv&eT z^iO+YMP)qApA08VqG_YGg%ywmTqU8*gYvhXxK{WE_1|Rv&e!~e6#c1~!tL7yH55## z;vn;JIeZB186(&eqs`mh?nDb6bg`|OI~ZYblr4-oDF81Sw?yQ?M25l@ggjCR^~d`P z^E`be?S+6I%(}YwMghVGD{R(?2Es+N*C8!@5A%7Qxfs74yzmtDvtHxRgX=ZE#5$@X zys{is)>oRehAJ_%`IcZD>VUd8!(&qj)Xb1SB)D7j-ytVRWJ^PtmVVUkh0qIC?g(Oh!D$T6!4N+)CN*xr9_#ka0Dy7G3tMbr3|~QGe|AgErFLqcz4G8%J=3 zEO;|P_EOe3Mpi~IeuD&*sf50OH{~HZMCcjVPcmNde;#Q**|42ydNNQ&{?5o$7O-3| z3Xt0xUdC%!k}q5lPHm)htOBqzZ)Vg*pz21KxjTMX#svEL=SgOv< zx@TmlduGHy%$CADo67eHjY`@07p|N9b!M*nx zZAL5dVPsF}ZwC_C*C1t9-Gt^eFXgT>3-nU5e?%*VzOgOY=S|4ZaYRye-;&VNhOWI| zGk2DhcQdMQLmqpb0vGIAVVT8rrw6Qc$0DU=+gzr6M2 zs&yZABam3;YbiiNiZ`Y~R3PVQ zo_wA_HaRtK&v=NsQN%sZ?gO(>on-2_Z{f}}xv0N@E19iUaHiP7;Ww92xqECjh*5)( zolDA%B^#=~l+>NA91g9Y@hv!7#m%4_-$UH#O)a-CpXO;${l4f2OL%_P~z##3&p{E5t`hK}`0LJmv~>RD4FLkKNQ|Lm&o5_W z+VXEN5Yuo7Nn0)VZP_o23~VMIlYdHI68w#xsMf_O8eBY@{)iM7`2%Cm969#S@RYtz zE0>`+mrmfYU;~af>ekIlaLg5At72YR0?5Lk+D7r;*r5;aQbdpo6j8#gDa=bmb)$Sp za9kt2fnUG1e2Mzf{Avyl+%_ex&HdOvWk1IDSo|Kzp8;Mhbvgy={=<%KFXZ0)11yvy z@wSZ<17r#9CwH#b`^AVar6p-`kNN<-t{mSIhLw4yR4k`|eUkTFkWfOtnCiTua^QL{ z?!?Ho+E{TGYdu5Sp>ik;l87Gs2zAA1+c?-sOz$42zb06Cu=sTXIYFe3^y7pqNfCiN zQ+#c_g+fn+#!os0GS_n0{|uUV;rv^)ZG-v$4)!x+Veo9PJ^RrKnsoKu!JYk7Clx$} zIY@uHv85uXRQp!supVt-n`{o4}o^Nn!P)_?c+?hAcU7Z+GBg8piU&Zr+o`oAj z;{TOnEDJ_3NQ@t8sziKFRDVdiypu=>rT)XL2u_(SrdnHV%$;!T#-UWH$K@Tn$jfb) zZ1Tx2;%E3QHL1(b!{0@~Z^V9(_D3}YoVq)Ie1G0O*)lTeWQKM`FUdlrUfd=VPn!Lz z;eOW2#(QQr5r zMGH2V`7^GYjFO$ZD>`{2GIf-GbLcyUolz_FQ{-Q{-QhDkjt!Jw0Lj+&^1^wGcErEy zC}*1l6udsJOzcfX+?&AA5pyCgIB6S-IcG4!=@*(Hz%DL~fKigI#)p!5l5Kmavuw2C z@4cFps**aZ`JeNTa%G67MQo_e(cc$7Tj-c^r}zh(36%=34=v|kNS6i$1!&Mx2k2n7 zx+4d_ul0)XE?fNG^Hh26KLpEDp{}Gj;X7T6YZUnrj%q8+)DaOVnNL)aOH}NflDpTD zDX2z}zbdpXtD^PH)j5N{-VPIV2n3hGEH}vFF4E7|L||HVaGIA0m5y?z z(2)u;MX6Gp2&Qw;+&b1H#*IXKql_21#nc%ixgH^qPlI?AG{D@92jl4Q*)XeQ&jM)+ zlh=|ReED|wF~r}eD#qekDof`5!a||aNCNQIp+i(#G%O9W;`AC)j~CrHY~($d^%D6T zRI_G(FLBxjb;m2JOia4pI^mA7<0&>@)9h_b5``7n)%AL@v)7jrCc3Ad z(%I2GQnp(gLhcn}zXGEz@{NIgp#Fj}BabI7VTcx|Q~DZKA2YLNMlc+a&MBz>UucO_ z{FL9RLzsikH3w2JS=AjTKM*3aca}JRdTcPiRvT;(xe$wNJ^h)vOHB(`YX~+NT7jU$ zxF2AVYcVb05&+zRGq|4{+pcm`tL&V0r0yhdc}VB*m%*KX27wlsFWX4W>|;4Bf!LzzCknQ>pby!P;}f$6>a098;p2N#6bFL$t9`$#6dCL5ag;zw!k$B0mkT(?_W z*RcV(tO$o9)2VgYz9+U-OyaE{);O8-u90%38Hh(IJl`rELkk8DCH-rhe=5$r)D6%Nlrl2a2Oe;*Rh;4y5alIrQ z)P&Cy)6S{S9qorHZ}S62OrNbk)aK1 zPsrU1Zhzlc$e`kc(}o?p);kzCB8R3TNM#|JG=5wDs)ZG*;+Wt6z0=&U<0L~sr3h0nO&%rOermX^qxJEywCb13x`gZm=CRI(-Q{jTbC6Ce<$ZfuTbYLBAV z|3vs3tJVlydsDFPazXixl8N5pvdbX{)J%(56TA1}dayp-nc>7c*eQc-tjBA|{w`h1 zi6BQD`R=I5cxe6e6}&u@HUPtZpM{WmUZx{Y<_^aoA}kW+(yXn=SvLtsrH*L`)H3w` z_W`aGnrSF7U~bqm#581*!DfZ7uHb6lEdWNC1<2XSbi}8LcDoqvK%lT&q zB3Vp<93N5kZLJabSoCi6Sm=A-4Sbyd`nr-FXCK8=+5u3^Wf(#xl^7B7Fe#eaXxr>F z#l4ta6S}V$NkwyuCVnxc#z4aXJcB`=whJGQNOuPP zay*F@zV5q&W;0zU+esP-&U7);ce1r7G&9cK|NZYZ5EBV;@I%<3nx6GVS)*e!J=?n~_+ZQ; zk1)?qe%M3e4qSf7cq>%9r5FLG~v@K>u9GrN=nJ(JrPN0OnU*_jscIQwf>c))U2Hg26n6S zR)_3^da#V6>X}4sSZG3r1H6dYqL=U2zQzIgUm?+`SdjL}z>31)dFNe`jgEapz6FzI zYr7y{@S~lb3&+06TPh1_g8<1lhq zp8~0t5&SD_8xb#HpkR=3b&A07>A&QhdcRu`aR=?dnG?!Rp~|oNI}c0`Rz-ujR=8<< z#8Ctpp|ETC-dupgp-dQy@%B-KCq-J3wd{NXL3*m#f@IwedF&>}RXLfn1xo$kTwh$5Hw?mzaIU~oS0&w9s<@a$ zPX&DpUtb6e+(HiCaB-E?JGyp0LPPsVk3U&4P@TLFdd3WSOHxlWz;Ni>DgTbZM5-hu z+3!EiFL4j~%VNvXitnPgZ~tr&gxQwFCohuzhR*aZ`CSv^!N4-|uP+8(eh$FOjEdS! zGNwm;^RXluHaS>3*8JWaCqqhz_isgpZO^?iIS;nL_Yu@@{C;_5DWqt(-#~F(*9xDl z^@w&DSEabLKNb$%mp@KlDEZ(e0euAA`vMmi7qy18cQl!I#r!`^Rz}>Q$uVk2zqF_%S#DzF_Fx8KaZXV8Dv74`SG*n48m=6NQ#Q{nlKKE@J- zA1@h#rnl;^--JK!x?5>i8;R)m$8am@k&(n-{Lx^^0vc)}5Lngct%$TJ6w?3llQrjO z=jFJ1s<63cl=Jqwh2@VPK%?}Z8mR|o9{%|XrETl^+`yiwP43Fc+n>dW0COL8t&^$` zr3da1?7TxCVV6LO9d>EPN!Lb)LZRrLWt`UL;7y!JmeEOujiPkiIYn#hp4z*nvmb}S zfmkD(>(hyUReU{~Va>pr_--eBFB6jT<6J4*wvM=!AP+k@&X_UoCn^Ot z1!Yfr???B*$6+y_tEzqJ;~5KjBvTzM;=(YwweWsOmyjRn))Du}#YgM21tFoF_764O z?^{MhVtaV~9O#b`n*n{vP!4_ZX~8`tX;44?JX;_y*pG)4j@V8yk}T^7xlMe9HHe~w ztT(?~J4%s$)@7E`=V=69{02+EhJXG7f|TG{CfjoQ7bH4yZqB&&1Wd>cqrQ3Tig_~DmSp4$(1+K=2iFSi{VgtRIp;f6^X|4(FsCvxP89Ek;1eb0U z_}+s@eJW0MN;sZCPl$0AYMAPhSY*mL&yWY$Wahc%{I`4@zkt628OHxeChJ<0VMGlI zh7p@+^T}ZIwz!GE)b=ipxS3OT;QnN1!Fzr}^zd5gO(eWCO%Q_jDA1%8>Zx+b%_OG1 z)ZxWxZ{TlFQi8C>zmmwjT(=nw>|j^IXXh@0>Zl7wS6E z{x?haV+X<&KMZ<%c~i;HD6jw}h%AgPY)gL$?9$b6C{|Va2+Qxy541%Gg63am)Pu~< z$uW|84W(-*W2y3Ys*mKf;|9=6#oApYRJaOwm#{n+|G0uSKS%B`P}30k7WKo{^jk1C zG!qMtD+~iNkQrL5feQ_R{tJQZ8Bk|1=3ktB`8RWTnCt84puyS#X5^n72et_Xha3XW z36%ur_)5STH|oN7Vru`-EGQIWtB`K{H(7POn?$T3(Ojze%Gxe{|JI*NsvdcT9{lyN zl1j+N%k}H(7A+zAqL_0^+X4htHW(iLYEWaL=HiKYJ^g-4_Q@c-G{rRoJw2c)uTII-AKlu7q$Mr-7+FDMUw{)m4GHa2FqZc>K4}p zk>8#MS-oD9LC@HB8G-;z08pgAh1XvU-bH=XP32^*7?s9Q@?y;_QUQsQI;^`9c>G-* z=YImbJa^+a7s4o7!zQ>2nx-*33PII`yFJ~kiBuc4mb^;y#gT6~t|(HuF?)t zt_1_AZ`RiucMf8Q-U)BtVm^K#Kc?$Xty{@Kv@bAUA*OpZ)odX@;a2iFfen}%&2lnc z@v}W@3f=AX>fU`*e-zv^66R%;hRc}XLuHSi-XNUi*;yTMwm^~ktBEr1uh-uMDg=k` zq@9Q@ONfwG*oZ&{^cV%Hq!xdYrM^9yAd@p?)`$EUt5&ZXKd#KI2yw2?kU1cocXskw_wDU1Z|n#V5`4B_@3{`TO*Y1_DmPX2 zfI8qVFV$#s3dh^UPZi(H=ie4r9=VUiN8>%qo_KV#M%t8Sd3gFBuvDur&W&$IkP zWp@meS6;3yj=8;+THFG&3`r9&fOyG?^|b>5r8pIv`!ag31%A0(P_~Xpr29hwTD>F{ zY+sW}?oSXsfQlcfO}w*r5NH;&i(BjLwOrA>SlE`?P9ICevoC+OPt-a(U)7^)Zx|A2NSfW?-P1y`=l4_s>h7dofCDe`cw)=}OA;cD647y~i(9!W zqT3nlfM?f$&eDbf8d(5(OIXLM#>U#%0i2a?8d?>y?hGS=^f|^R4Jj1QltAx(@86lchFy(7LxW)k=UER6b|H`^8+$YYj8 z`z^=#XP~fd+MB(0d-SFEOE34LAmh`L-H1fDYXopq4Ool5DE_W7;kr1IZfy_&ta{K^ z9%_@9(iFPK#FZBGKo$A@7SVC^AL?oUWG%LY-N8lwrb?ueE0w|tXgT$ zHL6~%qjoVXysVhdvVtp_&q{8qS8`K3os`Jx^v_b!Z+v{^EES5=}SW7 zzFwxdm{nXxFJw8q@fbOfCsn3#9vzZY-{s~bK?*s7fjF7z?9+gxY$->`Ra=%lL=wFU zDgUTgY3&U5OQmft=NcY&_Sv_-;g~IhnB%t48B2{MH+v_OObB<}^t6L0p)A@&hs>?2 zNiAO?j3aL_OGRX|Mmqj-V$Z(-mby54`ECa*MG;AQMC&G6Y}4I7gbP{i|5r~JFI>MFZ zKtxf{Xb#N#+5%d`un526_q$NTGpe3X3tdWQg)DRZ5zie0P4Q@ASU^6S%a@AG*y){4 ze=a>L>Iuk7<1KN>3E_l@^eUBQ>&@I@jhV>;@1%YE$R7`J+Px~6@x#h1rq0IGu*0l( z=59-Z2?=18Fzo$B{J@a?JT+t&?btPbeCuz{sv4B3ul`*wv?mR)x|ypJTB=OQ3*133 zFL*Fji@;lkAt=)%la7Lbew~L&;gLxcak`FCQ`+o2%&5p`j>B(@?D9tVfeWkM8u-Ts zrds{i1V_F9B>0?d2K_jl=K%>x%2s#3<||@t;?-uSm$1Xy*69i!NLIvy*QY7^c~anP zuUjCpQmq~tv|;Y^u0H4o3O{mMx$dIaebd@yvTn7|Am~|c4uH0lKn?vwTKKT*?4&aQ zRxF=xPoedboULiHr^32B_n;PPQjfyK?Lv@Il&cykGTxR_kqr@p-rk=x`>UX#E2w*Jd)B9o%B&d#7Gg z1`xXmoBJ#-^nDE)o+GHC4Mc%`E{>W-4nyUx$yA2vIgK;xI%+*>xlVYHcQp;J<($`W zlJz#ZtSMWd8y?_djp_-H)Rlyet5w;}s)^eRBzS!1J0!^i(!2X*fcZ){Qui>7d-*1c zO!Pwp%saM8!oTA`nJf1HtSKDL^84@R>X8dg7(g4D_-JQfJ_rtvK(t)b}4J>kuq_VNzO=E$Lzj^oXL;z2Q0H?-&0 zFZG?^eKhz;YFv2M8|=X#LlU+SWN%_RnNu$s->SAmzX~8$w0vqjd0fBZd3(CQeJvo412dfLBoEzqB`9}FVy{7x&N)W$2sw2?6u(EH3@9YV%xv_ZbKNx z?1(WZebHOs@N4zjfcZ)Jy@5=v9>xVCw6n`_F($a-?mPd1T`2dnbnsd}=bL4Ga&fsK zMOo?(Uk)~41?x9sd0V3j4gE?EmWwk4oj=tR`Pdg?PJStrl5TfPY>o^Z*r*?0M$s4M zI|d8%&+^NGajm`ix#2NThvj;6g*xEty1GIw?zaYC&iJ6cR>t@st6JSR|0Ph%_?*3e zeJ4DCC7EOLA)~E_r3zerh}32wk*!_t-NETqLW30zF68osm2c8SnJO^J$-dRISILXH zvsbFGol@PvlPBsA-NLOkZqS!-tHPLcqO3DpCcV1KJj!26L`);`uP*Pas65pc6sq#^ z#UtBaq_~6Lz;fz3|_ch*z35fS_Q-!2JucWs%oIvjlzu9kSLW)2&EM72y6?GmOFzZ$m^mizi z8*r~X$G7zOjV2NUeb6>nv(3bxcz~}aAo-WhyApng)f3c{01Asqt0`WXsj(-~cg6Qb z#60HAv}TnH4o(L(gR71JTlw-2v34J9ll+NV6>TaqYY(rvnT zJEY6|qsg9O;6DmP{A#XZpe!zC>Xvu`y$y}t;>)|#%ODi}^BIneZhjz$Ld%z2=e;Kj zbOss6LF|xJXGLMF-K=j{WhU)EGM%ZJ72O0uV7$=r0d?0j?l#1%{FH`JkMm}8XqDFD zz$WlHd$;E$AIoq!T`pFeSMYUvDnC$(2deEScSCuYG_Ei2Z^=Qun2wd<89i7PyD=@H zvvlkpuef@8yNxbe-h3qgGvT=FPN4Aqc}L^Re$x$0I0yzRZ)t7@-gJL{?E}8e|e@(*BC93j2GxU9x8Lv-3lgtmTvP2q!6}ukNH@8eKn%C^=Wdj=5 zNQX7&1$-no?M6bmzO+X|HRT0Vn(NcxEJs59@u0?8K7U!$3%5vM zs2x^gtr?X0ui>lD!GD!U=;_A|J5x+s^l1*-3-Kcj86R;6#4mgxhe8fUwMJ%KOs+GnH%&aJ8h!-oZc$W6jymr zzs^VUyO^x}uR?9LO-c*Mbfj`$`ro=-St4AxRetaFpYY%M-0brCCG3|T%gzeSS4{Cv7@YRj?9bdqnzV%`l+5_BHnj(;yUvE#)3Kgw0tU zl(H~YVyhQtYDYx(@M|@coePS^O=yj+XZ#|zczDRf(pv0Ljn{TQ4WYmGkIN?$C$7ol zIiycP0~p5SKshK8SPoT@1W)>>Ye7#@&=$n%0SkK2sjeBsk(J}YK=;HY5&_*c^k15x zbk+Y_)>a|6EE~7B2TCOZ{4|@pC7F98(VmANJw##OQMo%wAgjLgwo_^aJ>Ab3it%86 zK|j7`vOC@S>V>HU_-}f9QP}aK3W)$3rEOJw^?0x^rCJ9MY7R(nERSo$o!=UjFk-7I3wZHD(!?*uq! zR0t>)p6Z&u>YtqE{2j({0k?Lhhtyfha+A$~u;H0~KM=prAkVsSaZ*)K!dJ+WPBpnL zXo=HCKHAna-DzLMnvJ`pD|5&Hon_>F{I%;emPc4N2|a(|`_M_$$^vvEO`*d@1X2@$ zZpN_k@YiJm9%vEQ=-_0(JF35^RU(G9(kCddxW=6NP#kH;7m(H>pdvq|LW);^r82>% z$f{VI?wYcw{PX_spG$R8c2${XcO^`xna*5$Kh2vA@F3o!BJ;RDsP>a&uxvBsytu|J z>Um93-Xep~#8RTza51NiH?y@sz+?*}JGnQAMjP(2*5TFS><{sEI?Z0&eVI4-t+zCrZGU>*+F$OdOc%+A4~Fyq(4UacwN z+VJfUPG4?iwq}9MR=+=!#Igbema_*6zmuY}$>La>S*(|juI)t6F0ivZ%{nt9N0YNs zfl?KCQ2=lN(|s{xQ^QU6th3o`#9|FXbAEdhtM6}comBRu!-ss+;HAAp*R>W$Gc_l? z(fptxktCEe!A1W~JNfjs(r{aG3u>oMz>hzRk=$L*RUQepI0hx{j>@WEQMOz2Ty`g+ zt8N)RQzIOOxt6#iTq~&$TmO!wm-EJOkMyDSt78s0X>`XL)A=g$o!oa2xBV^8Itk6g zVsV?A&OQjZ_U1-L>Ag)D3Sm++cH_q3ILB^*4Hjgu(6)O0{D*8*UJNbVjUOHS_Q&)- z>#m4|if?D;Pk{g+3tW;1wljjF5h~{F&kX936p-NiNn7cw5^FYj?jw<2%%HE^wlv&| z1U&#~tH*~pXtmc`JU(z!aN;_geiq}c#md`h_1L#3>Eu1@P{<y6%~U*tTT?#z36Dr;XTPCCmqVa+AOQdo^

iWYcE!zYPtY2Vo_ADZ`G5$*_j6}+@a-^6CO@hN!-j)yu5@#f`Elfq0OK)NTY zi#~cBK-O_tv|PKKF|0V7%FiyB3*CuuU~@gk1;6MWZkX}qY>v7>$CjJ1^0F>-z(TehAkVw{yyl@3f@l+I)Hgw%sZ^TzC`iQHPo^= z91Mz_fw-;OQh<{Yoe%9Z^7vQ%2v6Z8K_E6xy#u_byzHKcK=ES*ws2D-!E6s2*ojdn za#vKx?_|&}Boy#|;V!@3EMYmG3U{DWGAAU`wpki2(<;p(3ND0{1 zRj*gm%DQNr#27K$Mj9AN&cpFto;8ce`>~jK%ZOGrXm88AT*gis zDPN>D2W$RdMS1nZne5H+1S&cUSg#F_M64%?c^dI{KI#ZR+#gpsT(c@%<%qqyNZ%pK zq1SFL1h3@nZP$yOt7&@6S z)+ZH|S5GUhGGwV3aW6*(lOI?!d$Ww!2~Hi|IHkSY4c;_KE#e?M`B)KOk3U9O6+It6 z8&k~tL!J5U8(CDHv(BJ5S{5(F^NV@%p-+@-A8|-+tg&8C_SA9XhEJV6KX+YK?OGT^ zK6CQJe9vUuvvcSY^p}6*7?t`InLASAMsQ)=pKSAImaghEd7P9dn!YV3>^rH#AT$Cl z;;Q?)N@I`mhn7`*y!g!9Up#?7G1747Nv#93y87!$ zc40{Io>6JO`IPdRWv2P*GB$QoN!RgI8^!7N@`qCaWZ+8HWEg`dEn&z}WW09T={z2e z!x*QI8#ZDa_>fS;kEbVz1OxY@o&f>-d3EmTp(fg9FOl~v4(1HSqMPv9EP z;QfvAp%cDWp6r*=jm8zYkJ%s7wpraWCU*sHP~Iz@uEh+GHwr2b*QXuCS+ULs@^2=z z2#rA^=*4Z;(IyWf@?V<;qIRd%6p9gZyB)mVrQY@lq-jFImtolO>RB)p$G!S212g4i zHSqY;Ht#;wJ8j|HE(=%Sr$QMndKh18^TxXJR&>g-n{4R36+#AtS(@r15Av{J0!dn2RIsOzc&Jy^?PR1=9He_C%?Gy|9_6StaeazT1m2$*UJ* zPM+VP2woNDof40)Hidv6iI+3^yP*ti*C&O0XK{6FYWwB2p7dmXa$?ZHB6hFun$t>b zZ`!`t{N=NpcrCEn(68#8=Fx4B))gm6b(?&9}mLfnH{3Jgf32-26qNoq*I-MXmDDwJVpa5Opi8KrwRgnX&)%gIx-Ef- z<1J1MXqOJCD-~#A5Y9aqv)xJ}l*6=iT7^cMOU$hnK=hWyV=Y1uKFvU#x=bJ5Ep&1G zDBxYs(a^Ojz)7fp8KL6*gIfj=Z)0DC8Vay;x%@rkSvFV1e%768*v)f4U{wC|wT^5gebEwEY-<|6cH!nAN#| zr&SD{_1^&_YgVjX8y?=4vy}Hn& z^4G)uqq}KNsm_Hp(Q%3ql?t5;-fGuIHr^9Px>*kO#A83qqE_RSNh#rII-a_iG>aE> zeeU!sw9ZK%MxVN3vDc!cot^iB8ynq8v}h@Gs6h$Gn(T!X7ZCEG5A8no0uQTf*(xo2 z8HhXDKX^=(sU3s4t!_aD*b^77^SX`lb=gQNDl5~oVmXkU+aHVIcntG>6Ftd-%?fKW z=3NGW?`V8KRUtT;&3-VXtE%n`pb8mMpC^ACys*#|z>)+vFyy^Lz)j$o=jY3gQd3SW zSS+}+kmtJ8`@Z+riC$MAWAl1^)^iFRVKS=5s@-u*=^(yn1!++lw5m-uDpBXMVBTpy zbZ`AvD^9rfD%ulzRO0w8vJ7dsk2M`@_n@&vFUIWSQC(VhKL6Tb_P6m%p%3+0oqOfT zQk^>;ST`R&Yw>K4Id&V9J5<*Ov(8&z_R5e5pCxvEjT^BfxG0|6LnsBM;k1&-i=rKw zUu;9Kk=db?8H0G=UkAoH&(Zge89y8s9hd23oFe3?y{cJ4e65LGQ$B29ab-MlS9I{S z3gnw0y3N$$d3`*O?RWWeN}#e+0e2OuUJg{{=1v-LpWI%;v#W_Q;yUhpXR`fwm6 z;6~zNMuM>UA=^~|<=#PVcSWdl*A7PWm3l%@j!MJAMa{~^-h`vf{?@>coHCKklsAQW zqDv?|QS@@s1vxSTdn0JS?)?iWm#!fZhUL%*u3T=@f1GpVA10K`(-2z-SBt`1{-)Oc zA8O7by9jeP1^cIl5R1Rv0zY}MYF73Bz)E6SVS5z40q^xS5^~;~1@4%a@uKOZZ+#Im z6QqMV(_ByJT|cNaS#j5x*pzz4z-;H&DCoBVYk)AYAmmY53)*ORTen-dQ_d!W@SXS{ z{@y&(mCo$x5DHO?7a`&K(3Imybg_h3yRijP*;*@<2&V6Ili(GI9Q@v$H*FqC=!g2G z`4$sO)bJ?qNx_O!`Eh91aqW{4o8yt0I%C%dOi{I7$MxV(LA>g2jkgQUxA=Vx+TFR; z7G9E1+a|HU8jx&QrI7-N7y8+4vy}96ZvwrJMmrOKGVjXHLUL{1`PMjxqg@~S1DKtq zm4^Sv8+fFTMWYJ*9Rf+2ztN=WsOut7HkY+mKbt#sMbHJJ$>Ca}n8O zmQOdHV$z$Z>hjNw5?Wguqa%6`RJ-$knCo}aZvB`scb#ee z04K%&gS>MO{J)U*=s=Hzv!Uf$!K+I|u9aKI?I0I0QLG`4-ds2#4t4i!8U}U0dR*Es z#Hwlul9v~`?TdA%C6;Yn{e~ZTM4o?h`tzkuaiy&sbvvXg?JG&gL0You>6>7krA4n9 z`;&}1h6Z++2#prviwtVwMWa|r1QVwfg3(GBSSwq^cstK{f zqWSfl_s|ZPu-L}^MB?l@HLov@PD_!R`88Na&z10VcxJn287QZ zvytmsUfj*ij7*di9~Wl;C8#~lyTJDT5Zmf6e@dJ78q{}L9{ON6pURV?WP#1e7BQS9 zlCZ>4vTBx#$AF|0@ORT%c%jwE{P@a`(`BRetQyA9-%L8P?SBE?yr~aS8T_x5Kihsh zV3J^nM&~V%(8vSh7gUVd-fb-HWO@oHe@G<4hZHCq8uY{;f~weK~!u zX~XW)S0B^BC^uEuSMEYrJ`2+LPS4_f6_JDuyU-ijLW4+}H$iIef3=by5MBhOr-CjO z?d)&hl;hea@oO*^+i-=j0u<{`3?Z_|Di8JQ?<7H)JZm#23(uMtBhCqa z5#?<+fbt7=OVJV`gQ#FXz8ElF{j-M7>ZSS06}l#>-ylc66-`MBpsS?FXfvhXhTKbv z(%g=izKu>})99S)|G-#J?4^Y}%xBj3YRi;9^Uo#gND$o>d}3}^x*&$b(Nsgx~r`1C{vPyHYsnAM0c^a`nXd_3Nq-2~OtEo1ONCN{7N!qL zJ|rcTudQZzE$owfR{LgJn0rr&28L_PX!z~BE3FKqyOm}(fjveQZze?%8~B-XD$RGa zWwWTE6uy7#bso^^UZ|APm0g3V8RO~A)F?S}200!*!@WuQ$m)~$P6yJFcj#{37Ra|l zwfdNQmLijOk|1?Dk^2gGuFdScD=SHj|D|HwO`JAy@NH`!?S5BfLLRkCIBfdSk-%joF@Xq?o{~(?m9@l?Q}X?28oR5b!Y!+%M#PO ze8D#e)eL=q9{2dMVb!i-EybZ{^H*`ARCh1Ee8n|_oO9EnUCrFlqt^LXO`vqH*9q*M zGpx7uTcGDG~*o$9{Ij;`Bvn7x>h@UU1x^ z=AGgIKIO0)j8Bg={RYb5SP=jM#P!y;zkFVyGlsX#=p>yP-iqelv`*vKV(oZD%rr|A zf#r$dnEUYY&Se!RcdRz8x4t$WH+V7jazUL5(1yagD`$axr{zbACgIDx314`&UviA0 z799pZHZKb;2^=PC(mO2ep{Cjb&_=zwy3LxNYi7QwcZo*sY{_Nt56@LIFvCtSBkuK(<_ko3%>PUb#Y4r2 z!WXT7E1SEd_SD0**!xuY%?g=_4aiDcCbW>!pWMHkMh?y;q7f$6DADm^MX83=uz3pA zEN8JLn>utrp=Pjknm%i8qp0)+>0?4`Ztm&QkWX{@G5W2d_)C zE@;p``B5F00~$~TZ`v7R85~cCcaPRc7o_1=_PmIi8u9jpmB_I5F}=wxtfPveqL*8^ zS@59?+Qn)=Nu8XOl|8IQPJ1n~b@Fu7O*yL)qz#Wo@bh4uF(_4>`i%I(dNqZ2<3A)d zttc0TI#Zi|l#cbMNxv#T+U#h2y+!S7)F)gEtr{DepAq$uw+OWfYI>9U!^6U-^uc6p zWPj0Ur~_L)ANHu?=TP4f)5Uv#%qcCal|(4kS;Mqg6mN5nfeCE;p~6RC^;qjeo8!M% z%%bY_)}Qufc7iv1zn4p)g9s_vdMtS>;l$G)>VpVUYuL=*S@BvND=pDpiSQ^K7_D_@ zwnq{6gEf-Iy`qwJE6OoPShMG8vy$F}=9&(%5Vp`2uoQFWZ>18_wnBHkT2h zswFT+IR1DnD9wmGc1frIPZ(+}x{8BmYV!1CykF~;XtA>p+v2jLPMAd{ zu#tRqn&tZ4kUyPau4FacVvEh^Q008^^LJH78H4Da28t!p?SlHb8+2F0@0fi@$Aia( zJ%tYTY_CxnJo$86w~E%yf6b!(bM2-KyxFY70DK_#T)|mrEJAzPQx9dl`2u?3_(V%!OL=dNrmVor<7-sv_FYDmuwDm|G0hlE=2N*Bu_(ODJ(B zIk^EKla9ID$|KCEnpHGj5Hbw5e(;~RoEl?iVXGSr`35+>DjPXcJXNK8&Us>I2V|{t z63S(dYfjIa?#w$wGYuXC2sqYYn{nA0D+i~vM4ZdT=|HqT2hc>XwDGCBQ^X0HDzdwd z*<|tf(A9Ni>OZo<^(@B*o${RHv(^_r{T??PcpNgm<7G`fRpk_Am6ohNOxGY9^LALB zR$yCq>!Xe(BXmCLctjpV_Y83!YP=404UoV>Zd3x`NZTTFF=&=+1m^=7T{n^G76%5<`7P!5+hdilii%kGZrD9^&ORluiU2c*4>O zS^}!GbMpnoQQ?*xV!+%9R*?cW-4U?21pYe6{!l$oR`&syep>OpX+2rOOkI8|mX9J)?r4U?>zqXFYcuL^TPze6@4NC(sUYI+ft%}Zm# z#kKPc6i<6XLQg@@w=t*bxyqLbh179Q(gj#4 z24dx3Wh{<&cL+JFv({>5zpvOi7;l9A7f3h}l;S8ogZh)1m`*={NLydTs`hWzc*8jk zurjnLhDq%2Y5jQzM`Fl5EhMoatWd0$;?uM3I9SW({!)?H>$s%+Y=efG^-wkR5#5Bc zysThuo_zrV94tB2_HA?y)@J|~h~ko_{lefiRd_L*e40fPEpD|f$yn1!mCWi@I3{Mp znvMI;5^Ce|5H?jccQD(0#`%QK5}u+wc}vfq$o_tPxD%ocI$;4I1%!`UjZBRGhZMAD zG7T)CxNta-$Z8^ATmz^kT_#Z2xh#e;eT`30m7na~=_6RNDI)XGbDBxJHs2ATmN3~% zKpH1v;g~cL&570ECWJuZ#5w!DdbNah^OX6Ad&MNWs8-GL-fY@#G(9No7 zAWFP5QZ=d~bj2l+&>mCHXh4H+fM~%}r4iE9hT`?h-siq{)0BlScs|wYD9(G^3Eztm zRjjhTp-9=^w}5Gw*uMO<62Y@~>}zAAQb}#-3g7OLV8?#E$jbh3b5glG`%JQqu4wln=ugag)@2fiTP`rh#)Re^4{?HiPP#ELQUt&mgMEz!$SaRXVA0(iC2ujo;dkK3Mv`avx_ z^H2_mKZZc0jrK#~#{;{|QC!1@N2ej>+>)XKtY|$Tdm%lZd3hd2>)VLi-*~NYbVws8O^Hlng9CfSU@E#B^1R$y znF3$1e>y_CyNik0#G!tfryn_bw#&NLpF>=AV1^6wUBiAZtp)B(LHTE ziAKB#7NkfwgTP)m?MxOqEvx#tLMzIJi?ZE+TUO(ZC#-_nWx%3!I`KSf49Fo17xVR^ zY17ZCeuId5UYvG8>m>)9&2KE>!QB5wmym=TF~!Ni2ni*7|OtU3EON@DYfO8b8$5s${H30a9j!|1t69hEZ9_p zr{^2~13rC8?%))37o2H`JgEMdTTs~5;1E#$1l6wHe2xRCCLKjaI=aiCCBFzyP*aXY zE*gv4;-=BXaB9WDox%dFHGl!14H%z`NIlft1ZwJ9O^h!G#lSLLc`Pb9`DJaxGDc)H z@5gmNf6E3l@iiyXMH61jnzqj45459+-n31d-jF0ahkFhW!?$Vev z5p0jt0j(UUn*8)~S1^54#Th^sLj#x+Gn5(s(<65|DD{ zjuBHTAPJc*pfy*@eeQdT>!jVgTc)Vplkc@@0!3!dQA5yU^L)1P`iFILY2qpKwPX0XI-^k?l&_Vg}NGEhMLv3#}SaP+47Ft{CZ<2&dM}1 zRO0>8c{rP(AUD@!F~oU|QF=oHv*%OST`?^XWlJ_(@M2{>)Sl*9e>2hV_(QBdi>r8b z-O~B40CO@(1#XqO*2qc68uo`2AA|FXD`OT`JHt8;enW}yPu6n+X)yw|Z_o(>4T)VJ zXH|ZM9Q1U41aM8O7VM{vup1n5e#6ZD^a5TJ1>C={K7CK&oUdJyyQY1M*hA~I53*80 zk7#ennOBkLjM64NXvWq#nhuWI9epi1+J9#gjrV7zkI7frHk^n>dmwxiGL21jwWpN2 zR>j7j_Dkc8lb8nZ>L$eA)&BgFF&WutbG=47bLB$;9ht%S{7M0s+ zx|L?zuNxES;-XM*-|_bEx?_BnyEgWVx17lrka6D=mfv1njD57GSjQrTq9{kG*GtE4 zi~4P$`|NRJ+YrSQ8`%n{as+}8#m{Bcz2!cO{8S2J=DPU#!0Uv@Qo~n>GBV?0O1j6_ z<;}+UGos}&(bngmxd^}9GNS*-_s=Sgu9jT8}T ztDiMOS^hd>$`r|(j;YgVzc$~t_99`u{e0aLQ&Ilp59PH{3BrZIQ@VN?;H9(uy+ij1 z@*bVaj@66;PA9jr05PTv^7JR1bE4z(AG5u_%v8)pP# zRXlgpBe#73p3i?Yubg5y3VU7Q$Q?BY5@&^qhop#Y%P9jm_ zZBS9NFB?j^{pj@f^6f{^t{N!tRs%Uq=(3rf~g7+0;%`)DNrS^+O z719t*N`RkG(o|nzsAiX}#K7_WXrZHrZFIcfGCfBpn{~?12!1d)NY)R}uwK`|Oc5_8 ziPOn)EHQ{=-ROi&ff4*+IR^?4_~#?FQ9Zb#HBQ5yi!&`rSuuGo7!|Ln^Rs6bYEunr z!va2u(hjWz!;eF^^dFvwN1t_W2kjB!=|qd43~t}Yi!)geJ;b~6)6NZE?RWDMWW>04$%YfW@^wa< zT5COSkc24lTufE;vQ>pQ5>bo|Qcqs~95FX>llY*1R@${(x;=iY@05J~5@DA91$OFm z1x zQR}qB4ok;)zz(wwrq4&2qXT+FMKCZvTg|h8O&p&DYU~Aq$F7>^G0w{7DzDwgS0k!+ z)%_Y3^_M8R{>L3tJQn>gaX04F<#w{geMSOsY+S{;7A=oF2yATry}q>5f9mT!@J93k ziazXpl1DoSt~QM)-%4$w<$*AaH{UX^a%r4RRA+QK7lnL5oxz&fuk!F<*h^h$3*IP7 zDeH9K`cAGWLEK;G4i`eiD^I>ZB12_Qh|1uR&OYP_u2DTs17r8)o0jgaXCm+wwLkn> z)H6n}xKBsgXim`7dY;NQptV0AN3zJ+IDPnP_K4&NKGn*$B`O}F@wqh}vIYHDvrFHF z7d}WvUbj*jJ~@mpEuZFhZb$u?!;7Xr&PCw+p2P4I&q=zAc z2Giu?r~Tf3E$eX=of`NOwJ#;Eua9jyyLVAU%alC*>=~&#S`vb~ni};oOM4I83lkLG ze=-ial>XA8h#^+f$QNWMKD6T#gEFcl4%okSQf1PrW~}06mZ#So6$@M^Kt3B&QM5ns z@mg+ow~5ZV+pTRf>`gt7j9^?*t_z7WOW!*BlfJsBly)oq%M8)b>#^#!*#TDjgA$%c z0Jhyz!0(-8MvGF9ZnT&Ag^cAUzoETiVdP*-*J zOh~87?~1V)A~f;alLm9)?E3~4Y~gI7N-MBl%mdlJVw|hedbNC#_$@{0WcGgX>kn4+A6Cng$FcCD=dn?mGDitiq8*) z2<9+Nxcr_NbIuQ$%Hd78rYdm$=^(PgeEYrd;SWwlSGobM@amP&qU3sqT{FdZoD1okWPjmeAv4Ho1c>k&kv_go_-|IwDJ6N!Yj`|r70!if2v(Oo^mS_ zG*cYFTF1xFnshT~4|S9H%F#s<(s<5YJQQh3v5*30(!lhs)Pl>}_y~RT)|}j9gnVWY zTAA8;Tv62(P;ho#1%(P*`;lI2N>ptROwCyLd1zV4o{(KWFj4rNV=3twQG_@QOUX<9 zK^SXLKjmr-uGF;3X2Tqk94n*EX)%kybnApL)Ibfeh(mtg?hx!a7db`TlvoohpN`5Iw zx)k07h>O{Jbh`!@7D=!e*h2ii>2{@nhFV;AU9l3ga$^@@ee|1)T?z~fRtsh)JcGs2 zRurg0hAg*`+$ABSXYNHTl;_m|FJ1Y;aK4G{P9eumA8t$t`(wkm3@(-n^7z;=-Di;s zD&p+o9u};ZK8OD?6;vcmbO`%+5~i*hjt;d-sId(hurW}Bg?+{u0^Y^hV>rJw*dC<5 z>9o=cf$>?BJpgCWqk%~}36PUZR?|N=24WabPLWaA+ zk@aQ~gJF8O1e0w%e2S2(xMZtTsHO+|#Hadj2go*3#GnyO<%b7H(w4h3+LA;c>k@d0 zvJVpXNA~rM>WAE$>({&MUU^ljvXJI%+KZ^kl(PUhlm8e%rpG>=}L=*)iMe#3MdMK|18M&O-`UmN#$WH@;OjCM5JnSnM6ADMf(Z{QG{GnL@ z2}y@PFBpeBUBO+dk#a9RRS6jU$LUvD6PS~;?FBacyPZ^m$SOCGaWo~HL3@`13FN2gaAkk_O4~C?Rnj^eG z(Q)hpw7~>g@E!%Eti;a&dN9)_Q3eB6*u!@V{?)B9ctt22p_uuqPyI+}&>7LTSXytB|aeC)tp;>_Br4Tx(j*zE@{_cTmKG8Mzw^YiT8O~yf}ZWZ?M zGDmZaJn|qQQEANuww{xF10jtA*s;MuNwn2zA?PIaRq6@9*HG<-NA@kxetA2K4)#b#3JnG5+gKl?fuR=#NT%EomLZlTbFX=Uwf4SN03EWou<9kM>mBH&S2 z#+9bEgWksE)X`Z3z~`%N)-orvFkva*GKuO(5^cD=X>RLf{5oiU9B_alwY3k}59pNC z7eEDoyT!%!uPz(141u+QVs3CyHZoToGprLpgs^o(#SG?!dBa2=AcBi0Ae~CMHTN13 z;MGuk15T0f6+Kp~%fBovXXge*8`AP}BDy&SvpDq!AfA!BE1>~F`av8o05`M*BOjCT zHc4~>F<2`ARhkkic3Jq5*DmIW=dU-Sn6(@>w^C&DUywqU46 z6FV9PP}b}VL!xAiGu6}&`h6k~Agi5sAJCpvWbJy+iF93anGWljLMOjf1Q94mKfb2sX)kyg;ef6jsrpr%%kUYJP;?; zlPSr3l!ufm`sj-?P0(mFhH*%@0$@Y|@-jg^(Qha%xbZ1{NkBQqdk#%l-H22Nz27RI zNUF$GMs*HnNHpkx$n#;0J}sxx3TL=|a-n(t`%kO`-; zD7o}n(zSPo4YTwFr67%n_V^Qp*WbC8ACD2;$XbxhR3jKxiwYEHM77hQFu)sLj#|6;MiT!ThYUTpKpCt{@b_^=csF6?a2LgR zghh*!(<54KP`#&q!TBC+r*O{e9SvdKlfJvgpw!}! zO~a!tgo2`M-4vw#IY#zDg$u07A%dwZ48G-tib=ol2CZ?7Tp+Ec$pq+#-9!v#l-BVS zcfvs9P{8$ebBS5|1}_jiXW-bf)gM5n{D(xQx#}4cyzxr8e9&9y@PauI;}|t);APoK zSAxzw{1FdBl=1pGPzb^4qvD7dnc>0ezAlrH(usWG-caTBBswjHLaY!r{sk#nA}I|H zs%Ql$4lUr5-p6q=VQ}`*o$)p^Xb#tZ%)~St0Qn=8#7?eu2gR0;tP-4bX$|`0MMMR! zl`HXH)>C#hPrlg&3S zO%Et89hgW0kF>uAJc4+IDBE=6*SRR>uUx7tW@RWF<^X^6v8usa8wf?Qw~ztz60RfZ z1kiwJa;)cz!t=m@-dl9`!|x(XQZNZHk}<1Ahbpmj6*6j;)PigE&D0=yFes%rt&As< zW>ya%^b_4WU?k5WTK!8kZTOAD%~ab(Eu;o19D@o$O9cm@eGe}ncMk>wB_r+%HK>W< z#q%K(mWa;{3U{D(%?0@!3KFK*nIz(Ag*d3NFhbUF()$UV<<~|oI(AXc0n}n30n@Wq z!x*;O!6iCth&2+a=3pGfmJL5jXHxio#JBcD1XhTmR$gPyhw4NH2qg5lu(r-{sQvyW zNN0hM|1_U&zRZ>EioU2nmU=>p+70&vjX5*J&JSSBAcMFJ=|rUl?F#&wUJ~P>NR*H~ zPM=f30~jz|(9#?e7K)c;nMK6-4KtekYxnV8sQv9nthRHB4;y4LZtpQ@Ken`uHdc?lw#zX()X>wc(-WOQ=)q{eT z)ob<^5=TllgD9xP`65-tSdOLFi?q@@x}ppuY3VRUTQ6C$;J0ycK}8o4FQAUo_ogRJ+mH%__8?-^ zD~xorD+}MnVu>QAgU9tNz2tdOYKUp4ctHRL*Dv1FgmCh|!N?JioFQC(3|xB32TwdI zU7~|mDGXi^mD_#d8RuRGVIfq9Zmfzf`CD?VN&9Dw5~2_Kx79*Y!$byS!CK(t=OSrr zI4zph1fYSS!{_Ac6Qe?XB?u-+YGYB|*nyIX+FC~uhzpfP1B~CJzP->q8;+BZ`A)P3L9vceUxqM!2r5-vc|8YJUP#U-Hjl+SZ75MBSLa6~nw zV8`eC)+s1yknUUwm~n-QS_WV#yk__{)xcvzf^IjCb6RxpK5{|ddK?-*ZD}ZrF2B0; zspqR(Ca$#sa>XBw3IIEX=$2uB8veFJli@fDsjoa)NYrY^p_Hm@toQUTIHt5}8z#rW zw_)n?8Rdr1=teY4@azt}?bw0JG1^vCM97>`bDv6W8PHIX@3C4P$@w&bG8p&W%dOZ* zEd@}ojApFjVCqU67-&*N2~sHsQ2}T^c%-f+D&@~F<2Eld*2gz{#mO{#+9^ce0m!I-1~Hz+gF%4#35~mft|?_ZjBUbQqLAT|!VA&6 z3CpvY%c5#g<$qcO2QZz*bd9<_wXY+r7?=s^XH0#0SWx0iIS#+$g1;0UMRG(rqqI7N zNGk2avCO{!(^usc4y+?6+!bwD?Jyo%zV|FEE);c-B1$xZt0blC7uIfe!$p?TawCp4 zVHGe%8EmVDfX2!u4(FW6U@XnSm<{VwM7SV7c_B)WO!O!%4Qs%YgI5BUcK3gk?+xQq z(9cWRgh}~uyBaz96l=nA(0B9TdxhlU-Sxl`&&PI-$U^5NbEI^HMvn-Vt4x(3wBUk+ z>9XKO7e{6aids+E58!Ixe8k=uTm91S4Ko_6(4n(sSF6dj1Vcd7fvANM?WI2j5mQ#? zvK-{U&FM}nRcK4rDYlBHL;##?e-9UE=%FewlvD`PF+o_x1uH!r8OyZ`6CoH&mOQN` zd=3ez;$SomZOvafHIp+XuJkI%btkkUrK%B7M8f_)WM^4=t#j)^lGkN`5(I$hoe=}_D83wcI7^Z{dv597%2dK^*CI#(bgZ0>#R4&1vApt&Hjb$p}0G-u_-K=J9P%JCzs~^@KI-bYZe^FXP zs$2)g_f4!9Tr(Ww^m-TU4L++wh|S-NbVj| z1%3Dz_uwu>m&HE9W|8B78c`Nb(HT4y?Z!H=I#9aOev_IW-lCp*BUv*ua12moecpnp zC6_G&gvB`-QT`mfrCMoIKul`^n5Wj3*6+0565(Mm*?y7nHgSL_F5RgDam3EIB9d-C zNSyBbFMzqo&dMKbs&|9G!E~m#zegZrbt}_`fSf`|$E`$qH(XtVM-yjI7)zRtCRFK7Bfisioctq z*l#43EHF1+3d9tS7jfom5NMYXbsu{hPdUSf0f&?WDp9lMT(gOgUhsT6#RV98te=zP zXv-0ejz?H@l~8o&XmNnD;KLW{8xWCL8W~eoxTB6vempf%bJkt_h*_9FKSStwX)$c$ zA1?am#T1A(<`Lu$CDAJs#-a>_v`PdMbN$$+!AWUB)tsY_cIR`=psH?u4rXjnxUk!!%a zL{bzmRocj!I?J0z9wMr7PhD|D(%6R6aiG+MEW`eVu545k#ZYk!(-U;ijzQZKRzjOY zOW9`8XiKaAgrpX5=#vMOKhO`W7TPg4i)EpJ>%=f?HfXL@ITl?;PIO`~yjOq4ot5k< zkXGx*gF>c1|4G-s5UHEcfmcpk%mKr^(t~Cn!gefCUg(!aMsl*!I?uKeitQoy-PXT! z)E~+K3qfC@xGfNIKb)ZjR(rtBJvhDGn2R<1Xdt2sMa5X9Ivc_f9y;elZGpIT&`5iU zTcX;9l`EFa0x^=qt!G8Hgr$G7!5go(PY@fx)q;0yZM7ZokZV6T17QTFsj=WvTl--A z6Z@V(acK%#sbKrUr1UYS+y6#g&|LO)BWC!x(|8>8m5!uMzU~>K_BaCPO91GE*`53>b)< z3B~-KcG=rEAqhD)g~XMph6sLI#)s4vF8a;tO*5E@(Lm$HvzX zAq^fU{9z|)`P2TC(^MCbn-x&=8}tHj%u`1(;dBAR@Q3tP!I$=4pZ;A3uNGkhY_jfe z^DN-O;E_u>&8Se?^C~YkSYeCt5Tek8SPqbj3R?#3*7v;YQIh<2)(zL%1N@0T$t>#L zVwet2*kKM;px(hYQ>Vhs^!mOLwz4CH1jUBbD~6W0iuKmeQ$(WZcObJXVM&BAzjTL_U0<@?w{5Rx$*M0Ryd`LIZv#vsi& zj*~v(rnEEYdCiuyo@$I|p2Xu;JC-oehaO3Jh_MqKRSKDK{V&+yyc^%s)kDInb26b{ z`Sslp{BR<_zFGUffrCCz9p(U9B2zFIk%a4_CdLbG_K7VQw2sV?opjk`=hf>aq}4qo zzj%k&I+qs{Hsh_L47o(e% zUM+Z~#{VE6F4RWjJqgct#k4*NeJX*oDP=O#yen(PY@9drl7E=jeoQU%@Yr_++hq566ep!ULw)ee1g&owI!Yntnxz0Y;;duB?FIA5%k~ zUebsQsR+&{+>Lg;;JfX8@eUgP{~->d>h(o*6O^tS?T_r|i$dt8>_zA?qsSC_Q_o8Z z-yZb*-svg~G@s8Dniu3ejz=k+m$=_a`h;rl@yAIiY}Y@oicxuyIw#@wYO-kVF4-hQ31d2Z3i5o*BIou5KBHJq9_C{}M;y(b;whgzOZIXKeW z1lq-F#fUgmQhD4Nl+czLkzowp@2w763<1p5Qv}p`=8o?6=F4$k7=2!onqs!jJ)cq! zC@RM#WUyWLqv)M#<;606i#M$!HWD|Rn4H@=mwoqtjm+fkI~xmN;zAh2b2KcD zWWF3~E!vuTuLvif7~94Cijmv+u2poKJa8&KqGu~FihhTnr;L`a*A-nZe}-fF>!x^y z94Gj@s^(_m@`XOO9JpgskN&J{;r&Wo@wj$YrE}rYz0He+*bCSDSX~{{Yh9#f>U+=1 z%AZuY@zHnZ#__(AKPojAXtt^A^BB<;2+=}xDH3auM3j2pdgjMSE9m>}ef~`ySZVx= zIv{&cCW$VAZz-(hE`)26?P#m;>xassn((wX>40WmK68a^-WgC^a7A7}1KT=%;AJAt z6!5s?rc*qIbFpEl-WdL(L~J}wQM;A{3#r;s9XL}FxS~O1ZMp+ z$Xl~SUU%StBvrQWncT?7HQl?V_4e!7J!d3$cGz4(VK3NUKxug;K;YNl4c1o`$Z|$0bot;^l{ol;= z>X7=gJbHM^d^U1dBK&xFud;@^Vt^5D7Fkv{e*1fNZzzv0J?NV0*lk3itqHey*R- z_aY5iJX!-EPWMC7r-haZ%}IKtd$ZFS_%kA35}pJwk-W@1xPNYZUk`ddpsJDLlz}uA z9w=F@2$}z>;yUxKgYMI-)SPN}S9nAa`P<|8uRoHDMMGUXxJ`lUUM@3U#|wY4 zmh{E3>yoO*hWg13q`YOdgm&q;4oNQuZaKB%*Fzq)vv(CigUi2r9D0o*OsthvQ!1)y{b@3h^Zedb|JHwnhX&z^d0zQd|vT9v6;I?H(0k*6^UIK zqD?maSS9&RbOJ=#gm{F38x59rni50z>Dn$PtVs^cr(f)1|0~;~pA42|YK7j)x zEox73?%k5J2(;lx%|>;fP( z)PmQgJN9Or$zjG@;nXAVDn~Pys}tSFO!MVWxi;wze`-2QONSLOzUfas8vY{qOiaSL zu?#GvIklOiF4`|#(ra2tnZJnAw|atQeC$THJD=&I(qm5!G%`%u{Dr(Jb*^}y*we^s zfJ((nJ@*S^`-o8WV{uFhBwpO$f_8@DYr}+lB=mJP&AX9HkHN-P3AiAsrYlPP+sR{E z7K2tCS=Kud^I^nYIMI;1I~Rq{SDO#thFAZyt;yGs+wl={R-?HlbiNNkhz}wC|JnB* zodE88D>n%JUX>R?_5mrpqJ0Nd&C-~G#y@^-`0)Rh9Ut=>$bEDr%wC8YLMH@O`#rCH z#w^~z(>=@43VbO(Gn+dlRWqH4_i%_ErN63o1l9YO-oBk$H}#?H2yClNaOlG8Jdg?M5@p% zpKGjJZk5U7HyS%$cR#gF|8;!^Pwvca!e-b%Vc`o={)l)st94# zM)$|m8Gra5CX?RehcAPW`a|Bp>1`?a-Tr&0HhIC4gLc(l7-Yf6Yxpk=qW>QlM23cO zMgHF~$nk$*kRybDV32ADSe1WZ5XgUE5YU}sA)JijC!r~r>;B@5%nA@#5`yp(EXw3( zW8-)>Ilb{|Nw4?fvxlpVgGAb>ct=9`qJoUBSMuC~jKsu*c*hU+Vt=l5`ozRL0=~?6 z$4=M00&P2G(|&om;pZS_(2ps_>+O|;C~0Gl;{My@oJ!&^=18AZW3}t3pJoSFU7tm7 z*+4qvRpv>FaXQ<1uUI=L5#Cvy`v9!)Zz<6+07!>Gz5wZv?+1VB5Od&ZdtbMJzL(q} z5C`BB&+)ebN`eZb&}nPk$lcJM@Sgg_PqCiJ!N3U-Zopza^3T{XE6tU8Dg7wlODgr1 zx$ELqG8#)xdw!xDJDK99;;3nCrg@IcC|?@pR-9vul5ODA0j2v)#aZC-eB!IWBN2X6 zlq1o;YNjKR!X@~qk3zHes86iksfG`MuDR4|5 z4rvb+zgvpH+uxl%{<-|69xsLbr9!9~Z;I|JY}wjOhBEourFNW-tj>CQ+NFuoNsc8- zjH;uBFK6XPLINqLYZ*w?b%#^TxHQ?c7cQg4FUk*y2g-%srCk%`x!$FT@=3QP|M_{y zKLCFoz-luc-+{{eZ<_2+jv6Yd6(lsi=-ruq#;ZZKmfMn-@aKMvoIru8Pc4HMtHZEQ zAVOrH2#otz;P}qIXyite3|_-JC>U7$`(!9hiM6|(595D+pSaf%=U|iriJ}`-+eBa z|J?SA9qlI~FN+Q>okUJajKRO8ce2c0$gkF`?_h-x0{$$EO=m@&KUbc~ zO`@~8no}Kq_)Of2yT)3#oiI0<+|K#CyXwZ~&9ad?d-}D{!wdagSJdHo_SzB!GH-SX z*alx(IHR9)3G80Ej+d=`IQ)A}Aw2~U=0=vYRq6Lrj z|Cs5l&NRmTp8qn_mogM0MLyram2b>`!)IsLW@Y}bjqa!J^}jYci;wDm+33tFd_DP7 z(hvg7v0joLp}jiDmciv*Tx6a8@AFysxpealE`6&}-ms9Qr+WX*3r}}S|J-8JvW0Cz z%=M33TVj4=WxuQFn=LfgdCXoXkY3~%>CD?7VX>h56LutA@dY$t)Jv~30GT>#_@LG*k8eB~o#e4PbEX&U~O4r>j zpETRxN3KCoAG>UrWja50=Y?Xe)w_IfH3FCAm*}4#qwm-OaUkSZ$FlGrI1+ zJ2v3Vt_@|%Kla{}F?|j`m3ao+s;XbtURy4_zW_6Vwr1#Uuim4+Yx7-r=Awb0a!V7K zmF!tpLj0#hqDjPjI8T)ELh8^Qe-mB;(ty((6h1=6iBMDp zTt{1bhuX(zUL5$4>gY%7vXASn*+!L}>4PFpyWThBGEF%{Ar*HAas%V5?qq(>mFi0) z5k=_%DLyVtHtRcY%(}ibI_hjeB$Zb8HkR_fsog1&>*}NwK#4iZ{ugDMcr(3<8Sc)l z^$Q^?<6OGRGOve~wzsLTwXgj5eI?R{L>(`jU(aRYk29=GfIopsNDSUn5csK-J1^$E zaDz9rfGCwT}@|K1$uO}eAck}%^uldDw-j)oyga|`f z_h7{4=6u}HwV3-Bd`yQ9gQDW&xU?=RDR3$k*5)2{C;bZFk=!u7ZHKAdZMU4vV1QKu_ZjY&*RP={LpImnNP*N&K$%gyozk~&_>ueWab7*T&xHjE>Dc^ zL>*ZHOL$)oc^u5ODt#__6LB)EgfPv$wN|l-_lcnX;>28&;wEk($Y#C^oaogZiz}XL z)>GR5qKVnqhzZjcshrZd&w>T{>~(zbDBwai?NHwyIjlZst|t+)RH$Dx27y5qWV!yu z8Dn^oSvjNFn41puCD;+3?;kU5nmfJ~xBSwW^qT*eSF6+~%L~G_`{axY`?V~ThZ8fi zM95j_SI)>?{>talt>~XM4!6d}C+TQqHt^WFUJutPtn7AL&H~aZEq82x7LP`xn+ub7(G%uj@A1W8frH^xf zDk8v1+c!Tz5|!FLC^QgE7Rs3|-Y28==~}!haQ2E@?%5|E_WXGK%y)U~{nnZAZAwh+ zV}<>-wY4)LaKzj&n2k?YSHX;rSdkkpKKuz7mbyyt$pq5+)856e7}Q8S|A=BgP}oS8 zO6pkXL*~2+&##)f3whJ(o9(5E9dG*Dl`T1;;SeY+DxSYjO#2WhIq?gXx_AA@jy;J4uOg@)D*Pbd zdo(+{A2S{P;D`YVidE-+AJ0c!o9X9SMF|+uyj%%kN1Iey`6Z@a z&F<#2XOf$~LEl+w4n@5ZpKQHuyk`5A1mKj&r6zvRR8XDcT#ZOfX8cQ1#JlKkn_vU_ zFtsW9dA| zSMw0}nf9F*-46~3+}7&Sl%GzJEc$8?F0vvC*kSPJME&Zw0QYvvmD_{nWAN;-V^q+e z9FH?YT9POdxpw@*Z`k#xcnf_krXAg*IOwg!M;L`tldhY$MR`k`%Zn?Z>wJ6v-rPUt zms=aaV~C>#u|;K5{C6uc;s2{NS$#fSgTEi;tWd(k7y_NN6>VsCE zUCfxe4K7FPD$)qXN7w9FS+B%2H_7JZelh9MX4ftTrqs-J&|#+kHD44SKkvQQYMlPD zS|-O_O~2D*`g{tYyt10syM&t3eViaQvr#__-cBL@)(cCs=^GKJ()1L>)yxu4X3`Pp z5Hsn#eLENUjP z@Fz^vOp#k^acI);K&hzCkn}R`sUoZNAmzE;RLHfzDGy(H;Vg;ZmxK}MrN&qJ zAzdsWw`d9($Mb8vkNfA)5f6c#9Fv7PGS>9L=bL7k8a0lN?Mh-~bo`7WYwO!B4bH|B zdA?Vo%N;+cEfQrnVqdkF$mfk8)5;#+U-j%^| zQ}z8hU)8Q&-B<74yML|fb@jp_!&&o5DJHvot1{j6q{1y?M$wSl(2!H!u-HPiz>pqd z6HxY_Q>|H`bXQVu z+v_QhQk{_2zw3O^bI+ta`Ce%Rav=D~cFsN17oFf2VSddGtxA_2D0-m#@!s8it@i({ z&PN*60!@h~!c`qoux+`U8OS|lBg=`v-)_OfLOz8tE&a`b zYP3$Ja-%U@?M1)Ow(9DTQ>WYh)Me{ZT5Gv`HRyO(Y^xqCU}io5E@ZzGd>2w3>xkhg z=vl9Bz)-*>FNq!e3hMo&e8~AaY7f5g1!{)M!Cg)XF-2kj_>aO~)W3c`pYmHU!(<+y$@$lB!Ek8lZI0>nw@8PevUo|O zvb>QB)bA;zvH6li64nby&XVVlxSn5?LS@uhth$9R`6SPOu2b>M{~diSFkZzRT=ikZ zsye?M!6(&|)V|od9;am<79?z*x+9h zthXv%yglB;Gd(L1DG5S`ev~S9fEul` zd0TVY%-eYh0?29)8|Z^w1@fl2-n5sl@2Ip{zF{&qiEAxZMwGX+1tsRzw@0u5JW;6* z4mw-ZSZ`+CL+|TA!#z_03b9$59H(TB$N5R}M~{899^-%<(odW8L%re;Sd}(lL`>*) zwr1ARL`}F#2HprW`P$h5j92U2T(`Fh$ubUV?X$eEG=#xW6h+ndO;CUWKziBr7xLR9 zqnPW$A_WPA6U6B8W97iy65?$I?l7B$^q#_Xu4ar(@g{})N&?sUCk>6YRa{wp?15o08t&GhBsGis)BHS>=5t&UM(8agsR63zPCuZY z?+@P695lIvJ)Ptw+vLS;U}9k_usj9no5 z_6q5LESos`a$g=U&5|7B-&Hv!x44b9wg~jwb0~0jBcplR7_w=iKiV9C?;9_^sCKW? zIyQNln``g9fVGRiKB3oMSt2^+1!?N7*x zovB9PU5X_}KY5fzNq*fOdHTQR@JpE}ez&9c8%19{pQ9dZgjC4|bKiP|@?b&dlZ)A| zoZb@#>f@hpgg%DHTYnJ}{gmaMf~6taN?L>{%X3<&DJQ-kP3mWJkIs%)%+1mLmEz0U z(jnEsbK3LlV#x+3ewDT2tK5m-m)nzsnW#min&gPMlCe6~B3gaI9GP2CO1piepOn`wPEBpSx4k z`#MgRhXPi5_yG=InfT7q-2S`Ln7=-=FBI*q#fKbf=pOAmYMY+qDN}94J`D=69;F@U zLbkNygEi_x6|?PO#g|Nsu5*9Ul(%{8^O%q?A5r$}dfAkX#*DIHMrwMdVg34SIjg9* z7yDtu{B<+TgFe{7j+t<3-AM2K(b2ZY1mpUx?u1v3z)3x2Gf?Sj;)D=#YwYCSrq}?J z>^nx^J0SN`)uXZGQgvY?qD>2TF{w>U!L4Fgc%!PcUB!0xzvws6v0K)TM#{r6`amRC zJt@Ne6e8Z)TFSmWe1GU!uRp^gtSI@4B}9UDJe~<6q4uqm*ZFnj*uI`9@4#T94i>XP zjZiTQdR7!cck>xPB>8NXq4ng0j{eVQ8g|A=#v<+DFH2bo_H0!H*dv=A_AFr`|tZk!&}I@ZM&j zoUDR6mqa|Uc?ZbqnCo%1^by(7R}QLtb!`GW^&l)GKU!!HDT3FGbG#pK-8mqB>bnYd zH`=%&Eq++Ct?7yNhII+ex>39$h-~HEjul@leHA3@$)`oHTIG~Y_KEvtO^6s&A4t3DJ8%u;2m`i_}p++0{Pr#kLX_4T{4fIFnlh*H~hcA ze>QxXKdtkh4Wr6l^p^2*G(wgOc;{pfY_yVe#= zp&mh)Bv6aHc*>w2afHyQCKyLEhAhec-vM{)*MHx6l)Oaj;smba^E^RL|99zm_V@aA z{P)(+ZS>ocCadG6=k;eiFFo7WkmgEzg`4t69~-&5jL(CQ?2A?Jictl2GxnZ#l6C>} zCXCj{wfYy2l^f3VAM?HKn8+v8Pd&r~Bj_VWZSkZ^p^blxiL8RXOo^x;KMrvVPZ8TZLBQ6Ln4N}O=B#|EkdQ_` z<9#1t>$95}M*COq0WNk=C6w1H7avEyJ1;$m*>&J%R^LqGExdoMtOmHfGs|5(8fZXj z&j%%}JlJ&eqzS7qVq4LbCsrZdHYsXQqYuE6FHW&0C_W0S6`Y3EXok-z)x%(7gLNL?<+lR~UeS2j4v8eJK9tMl7vADsd8 zS1aRIvr~#3Fam}0>ZExk5`oNxO(E>qX(%SNPN!6>O!=5oKM=`%qvC8^GrVDvoXI1a zW9pGr4w{!}-0u{+Nah;tFhN|D+{RaSWJ`T6gxfZjp6r<3WCv{cP6vE~Vno{y1=VMG z)h`a}){t|osiQ~ulH>Hl3Agugo&Okwk65S4+8t*@*AY-6YaCkS1^JKr<8l9L!$XZiK>EMRq7*Q z^{xC4`iGCxQjYyR*fSRUcMree#L8#_rTXh>bI(lnHn8cQRJGt~b2WAHA&?F8G~1G& z$n7(TlNgq($@T@$*Q9k@CCR>(^Kwu$IaTY_mlZ_^LAj=Q+Xr%cEqxpkOaoLB2$C2? zr-$;@+4$gpaQ5%o1!dJ=4zy8FsA^P1ml z7G#Dju6%Vs&upi*jg<_~I`wZsoRZ7Y&K5VXF8ZWl`oi3@1g=fO61Z9fBHv7mPrp5;@6wdTvhu_I6FeJNel8_6CdZ;am2r z==FB0KY~0~FoDEFgHG&=RKoG7yGZgt>i}Q5)lq{c!T8`7$Uj0P;!FJzNU&u*$W40f zz5N;JeWTtU`9^Y}mofa7qvsCG(P8>FkRu#cx*Eg?o@Rp>%;i|i%RUQBxo1Z<#FH9@ z{6=XI7wCfKzC6H~6$5B51m9eYWSjc15l<+kwR21yJrC1>JAJ=)}SI*4@tH&hE5SY z)gM0+9PSZQV(6B=&pM&>(|e&+*n&X(R`1!j#ibEoVVX-L2sG{(H}P*sBLg?hBC&^8 z#MxldC-@(}h%v}@#73?;S1&`ya?cUH^bd0apU6E^EPQ)XAaZ9Z)h@Ozzw=0EpBnMT z8)P|ODHz?o9YntPax%#AdTU;#1+oMArUm`_pga&>c_4kV13wGvvXcToCA1#WDG#>j zI=PqdyT1wnO-N_4 zBY(2pj@AmmfVaQQLNQn{Jkq0gSmS*tgZFD3D8v}+WS848;#20Bn6xryW|UY_L5-Du zxzb*rAs^&{x5O~~s{y2#*&qmVj4ax;Sc>DiS2D`0?0fv?PRe5EhVJIz@-^J$h!bKT zRBq6Kv3jBJCq5|yLl*PKMTqtZOI*d~9;7^F9pV?J3{UQ!L*n2zvB&sP>c^p~BRn*L z(>w<}xLP~BTJxQ9vq7vRnZ?J!B|YVyn$-^LmI$at*0~QiT8r_U%lDp_02Zlv>X2`~5uHAK9brvO6~d;IpWSFeXl#%RyA5@H5|gpZ=5NU0Z)jKh9>#)-Qn3~3 zv_Qr`r7hn_{55uJ(sF(cZw*bMD&Ao6d_rup0{!ysk4)t%aqVXY@uvs7L`;r>W$2{FP&mUMm>gdnUxv8O|Z>RzM-29OEg{G zz-^zcbK)kJz|%fA9j9|*CYFm~j61fs?dQ+&JipsLZin^d^Ag>$9{W{%`+W68@wLXY z$@BR(ABRX3`!%)KefNB2q<46;^MG{uO-wH-+fs zv|hrJ+zl)o%M8d#Gg&&s^y$DuW~~E%a1VlBW?t00=SOY$%nJYd;`j=GrJo~bo_@#9cMiI{tf@(^uzlT zPmcVY6b>#M`Bl@Q^X^wCoE-6X^Oc&+^ZCU)*3B0CM0xWyv(R~+Lx+8qjemBgh=z>( z9g)~&8*RceXAKN9`A6_cBK9g>h=@qK#tFQQaR8lnw_U~mTg+y?F4yRNiKBEr4FZX+Xi2Oj zKIlwN93;Gb)s}kdOxiPu+<1A&#^2r(wSPsHQ1EOs7U`1vuknPE}W9x5bnN*CuoY}ZA|6=yu#O; zLr+=k8k%MA>-tjm|8;fxh6Z_yG^{{dZsXw}zV4$p*s|H%tKJN-RKaoQb3|mHGZLY? z%?7kmrlH1I?`Pw^Z#>Qll}Ele9MCtK%4xi0YrfW7_t#Hxj-EJt?y7*Do9n9u$IGTH zv*I_ZjF!&}h~D{-s|MLBdvXci_k$_=(37|=5!Q=l%Tvfv+^;KfdQ=dLqD3D8>z!?) zT&!rg?CF=~JKC`DTa1#>@r(k}%>Bi3jTm57^KEbice4PiADWiF7we)PZFxK!Gpa9@ zCn0~iAFH9Mdo=I@$RYCAA5NdnWu8jM`S#Wh4GNA=d=cdC?M7~`I6Q3LH)JlD>8@+{ zh8&X{@u=-PWkV11uhFvY9#*{4s@c3cfoASzSCp-YvCoI5>*8d~9x-Wetsa8XP`!HH1qD*|q+h%!XwNH&cA!*bp>K5@S;$)A4iBK! zyWD^;N5i`vM?R3ofkG@7-O)h#=^92NPVVLs{`IkOXt6LR%^NW!eOn0AV;bWM8Sudz zG5@?zLVyfAaJ;8s-59E!mZJEDXZ|=;Ly|FY`O3D34_c~6Q6QK!Mj!^bclCf0#{>PN zU0F$y<{Iv@N)!cwhU+|~d-)Jg3(TG*wx?h3X%lyD#sC@`5KRWcd%fm`^AVD44?ySq zqi$NVn60!&9?#$qYy#{y@KN3MOzNEJ?rWAfq%C8RhfIG4Xu$7AbH(HO?TQ{~pePpK zVAYdxG#!O@oLhWsHd&HSE^xWzcUu|;4f)g$!w$b`>w%94K08>7d+vQ+h8!K>xh19G zFAEK(uFu4z0(GZT(bH_TQ_=VARPyF<+m}z$rpM=j$|x&F z>*4M;=Bk8S0YNbsm|m3gnISmOMV#yIuT?STVb>3z{)L>T#!;5{mu8FS5$7<_cWxw- zW5Q*_-%l)FN*6N^{1>62e#CuX14vUS*@)U-TTtdG;)~Y1v6M4D8`vm_O;SCx_+O&# zn1rFZePrmb%?DzxONR$z@mZfv2jbN@qshc#ZIj8wt&SvWG5cfjD54|D#N<(N)MAeR znSMD*CeEu>aj)F~#W{$GHyK4E?hY~}@gt%7er%54<4Y3{Gx?ESYTuP(g-Jbh+t`Gc zgG2fxc%?E7pN zgo4~rP?PVQrgvQ67|KndpR}|=ufN12Zc-W934 zI&b$G+Krr&t0og6=X&e-tjL+Vo$x9ey>3npBBWsxUV>$jTD+Dv)MKW%N2TX{ zx!&$~fick+H}7o5gw1AUtJ!wAW4KtUlyk%BIp~^>JoHBrA?ub>`rp>t8~4!pLsqeBEBt0v>!?0Gpsu!K%LIcR%FuD=6d zmw&&2Z3jR2TU-k4ZG)J*mOCkk{!xT|o5_U!uV+yd0=qTL95Au>(+6^EYuup}9Ks_c z#xVf=KJTxr=|xL)ZvY(>`aaO-tdeRtRV zF;;Sh4~aI~DDUfvau(kqx5W5pnL$ET`H(;n86cY_ohCo5B+sxV%C2hf!tmu(f7%KD z=h~GI8h~w&L~0tUH00wt&K=u&wv^qg<1~4*K++?W>Q5M$<9WReeJBWBd*IepblC$q zQ*Xj^SZXnXJ)+pXmKXxBEepVA>uy6DMHmmSao!IPFF91~U`OFw4fPk?UYF)9g(UqK zzzW>oQSfkA#=~>j{gp${L-jEBxr$P32URRa+Q#!r72EZiIjdHaBL5^lmmWzu^YKR7 zjQQb`{UTWXzH-8^=DR-@tNr3o2-JRwr{;G&5UYOYFbMia`k-2GiT^vjrSalmS^GkH z8hZq_pvAPORJ4H-xS@k;!lrX6Gi_*CGT#|umsCPB%?04M%yuz$)AU%1k4iAZ9j%YS zDfR2DB(B*bZg-A~#5L;gqyV2hfB2jgW#NF^~X_0yc&8Ghio~h z&?VzP!;$X~q{nHaBv}2C#im{k+Q)0)CVk4~W%Iri%KJvQi z+|MGkpJDBPww+0FxGnpTyKU@kr*2GNT~v8_ANjJHZ4gY`W@MDe{w8CWJ2))+-tJ-9 zI!|&&iR0bE_umf7zPCH6)apUSF848YSSHRe>ErB#zp*aH{xr+WB~T4MnoJNX_T981 z8#g~`LnlxR&Y`DK3p$dH%n~}1ivRb8w2vdnxC_Fp_7L0X>FBFEvGw9^+i@5Sv>MB;uNxM2{&lDKSEh+B5;S{gTvs)Vz6!lY`f!>he2$llMG<8 z@z2&cyuzUBSDK*aPIlTz#D{|iWZ7$AHC_*h8~B3LujllO)5zljW$DtLp1b(*)zR?% zmAIe36b=yFG5RiSzYosmz24G?VC<`|Kx`}iDHSiLa4RzJBVet|wtH9PUo4N!Gp&Uu zq}GB?yP=V-7l^aXOF5$jDsimm!0W=Iy{LW#fZ@Lx~rFF0LY1#!G z==7Bf_Izdy`@%#Xg%^K-pQVH95P%^2O~V?lUURf{?i<8F}CXiZm1k7+7cP z1CWs;`+#mk!5oqcsaJ*OqU=hAK{F@6qk zzX4i(XMPH8C|!u{PvtO}84C_C(Qfr$(PMP{yNXnC$hpPa%6^0V0cU^D3hez1+8r;8i<=Cv)atS_idqL11tDT@dc4Rym~Yw@9(#MWyqhk-{26hQ-5$JuKalP# z*+xK~S^XJDa(&_{qu&mWg9Op%_J2^t`{}8l`kWEQ0Sk<=4XOQU zv7Jt=nREDh-M&?bs~NTxuG0<2vL9#5HGbBtkvt6b8MKUK#(}rQlYDciIeci9>#qoz zG<6ZMTiHdio$m|$J7wKh@$^EFHPG@MFi9sle$^Go07doY7Z(H`;#-F!oaHJQR2N?t z*<_|z=A!;U@@1!0{8lhoU@fnTNXJ3X8$qUlCzrX@GBCH z^(uRtEma$D8K}ngEUs@0ZGWrCFP+VtQ21!UfBaxWzAO=P^L;@Gv#jd^4=ghpr>=+d zC$n5A0JSz;A*hiMrX-7a6fc1QHj07j--w&bA}sLPwl)L)8TVs7c1I!o=@~gPJ632v z{s%Lo`PR!jG?ely3)Dj0k4jLSM^_4_eK(Q(WurA+cn#M#Ex&8z+>MI|a(`gX#f%<= z5F7J=-BG&VkQc~*j-k_aSNJ0gIZ?b_o&-hV$@VDRC4kHO^wK1$cAO0|Y!l}%IBU;} z#7Q11L=QreEgs>JcaIS*4fCTWap{u(kNBN+{lAFc99bCl)M##qi}2$DIyn!>pWj7A z>3ea=F%356)qzKSv@QM&kJW3VmCsne&P^y9EF?zKs!KG3r>3U5-ihhS(Sd@hKR9AS z7tGD*l|MiQlo0(EV8`98keTwhgDK)8-S{BM_&neeNJhsUIbZ1|6578=sYzZC%e7l+ z&?NwlFBka6b?Tq0FOY&=Cu51o?tJ!Nf?e*F8-qRx$XPDp(uTO8+DJehJI3N#_0HD(yPK}B?g3p+O?yYM1FL|FdU`$Nnty9!l%`fW zyXS-WKECv{7SH(YUg*1#hZ>mOIx#!^Dl~R`{0|pet(kjYUP(2KkA^r~wFAmetbMR` zn3LWZBP^7CYxY$Qs|-8D?-w=n7`&H^?2O z{i6LimXeksq;}lWrx7$ZF;G-7F20a}FaLohwqM8w#ArBZCKWfVwvsK0AW_Vn#S;gs z>Ya_6VK0ZkT4VlAMNpsq1bDoN!;T0%v?%&WhePS_ey6lB#9YC4#R zX+|Jjp5D-N)^)%JWKTVsNFo@Nbzh^T%0K**mi_b-Ss-AalE}K}Cr~*0q>5nIb*qP8 z(Lg*2+b6#DED>(G04oK)KAXa2xLGJuk`%IV6h7z$SblLfhh*Vr)v@Lbc)+Z@F(r%9OD&ZQ@?kUu+p{d>VSAPrD6GTbQrE#S_83m&G|6U;$`KYc zdzTckiCPl%s0z$3V%Zh{KaFQPk!ke+KX&ZxrWyOvJe~s1Kt)kfZ8c%*Tl7L>rE;(} zizrFS`j9lOcr0|28%r`4s=tY=ifSF@pk-XgS{toganh>;c-;03Of79hOz=f?$uk0u z9x$7fq+;@tANdXPc&kK82SJt}O)MQMjPr-)A!m_P1GXIZt$Wm z@x%_yJ_w+EI`+H~Ne%UCHPv)Eaav!1LfId0W;GIvp?P)8hpb{AdFK`=gEub+7JXoU zg0dp{7;XM)Igf>mzk!-?|18KQo$;sSwv-A!eB0orKw7wnq*^4}@9>LYNk!98MQ>w9 zZ+Nw$sXt7@3bSJWvSJ4wW2*<1H9QWTSaVFz6vYaC)c%zwDHp0MAH4$d+{3a{_KO#= zG$YuOlFB&@FlYDGO?*WFZEn;EncQW{$;J{6D#bPrGCU}!DuVyaV?nQ;f}r;oe+u2f zSy7Cb)eSr2 zm35pY)|H|qRT##Sfvx;knmU#&+u*B?R0%syL}jwA5;-`EvIKIuAn+98((S{Gb?Wsk zS{A)9vN9^@vDFc@n$2_Kn{DaJ zO5<9VFj~v?8))SXt>p(MHwCgDqvIkd7P|(P-a_npi5dp-^;E>m)>3QM6nvEKII(pR zWc1E4(qu6rn?Zvgc7zi`k-d{FB#y`@aJBLyJ4#0Y3!citA`0L#XEgRY3~x>XO@7yj zt_LZZ5Y0|oml$dJead#6@hV)mlSFx4qX@R1xGzbkL^7k@J3D5C`6txSF`&`Z{_1qO{YKOEYsn0`E zR}nTCm=Q%OncaZ#(E*v zTl(cYlO=JARrH>uDVFiI$~F})vPfl3@YpsPMYXg>E9a?e_cQXA5y#XCaO3uhRnF+x zu<7@-0Ck>$HBh$KB!ce>Iq?=Z$WLH&sKxZUFQ7#dm6f%Blx`tbPu%L1Lqq6eqa5nG zG3omSQXH2z$>boKfJ#pO*xhG=WJIFGN{uUcFWygf5cGHN&(`L*P)a5 zwP`w*%R7^So@gbIy1d>xFR`QM(JRf#A6^=VnB;j3-jZt9VA({$L5MdjDgDk|r=Kb| zR64DV?xJSCX!>IzllG;1h+au)WZE-&E=={>H?vRXgXEUW;++KFy-Kd-lm`XLLrVL6 z_^i6^BUe{Wpp>eN^^f#&fXmc9s0&*+`nK_sY@b`4wI zXRx9~>&~8UHreGccpoXhBfMrZ>6%=C<*3~4v0qysH*yu3PRa{t8LI;mIga~`Me<_> z$*&X0*Fh3qF~Imp>!Fava3aJLhw)I^Kbw&kw&;_*2sdA24mYHg4_FWnf)y!_1k83P zLuO9EW)dwJG)vVPb}wX86OBW;$ex8?a3_}~=;uutduSp{+Z1E+!T((QQ-~SK`oUD$ zO!)&5Kl#V_Q`sYKzJ?YacXGVLBD(ZmJnasiAr3UwL9k_SD@)l@8&N+3X<4=WzY|z@ zqQwdrs|J(mGG~H*kZ^2%M^rIt5iwMZa}&KGH^69ZWB7ox6pg6N1%MkfMInoDRq;)s zT8eb$I|q1gB%el|`uflFLRJh(&EGN&rdtVk?J43ek(vsoYx>50T;}p_mQEZ8WP4hR zmDd3iwKylu@`1E4WM`83M6L(aKbC;3!d8_6jFm*rkyMis0Y!1%qaMb;ZGL0MkVL2* zR7)gt-bm_OOeswQfSnE;bp!8lm}YeB#ZCf%6q+W=S?kI6pWNq4Dsq|18N@<&geUX) z=M8^zlZ6X9L6qA!*~>ySooP}G)D|g3I*ColM%H4tW_AdtK>24+6$da z7-Di^BEV?XaaoUB&HK>R%4MJJH$l&9rGW+_OR5JEP{-5-a;kI+Sto*XHync06*6s= zaBJ$QAL)M>Sx&iQl*>~Fek>!2S3`=I{d}O-$UTN(C~K16C*%Db!-7xZw6sU7F5?-4 zD_jj`!A!xF`Bj)_Zm*hkwWQ|Ks&w*#Pi9_&|y6`Z@_|#Th z0&LJ+4Q*BrihXLYbfoq?f6b6I1v}zAt|$Z*P_Efr$f(mwB<1K9LZkiz^D+0wLA7T#090^@So->)E_4b zl37-F@Qn)?i)B3KD(-2T*M(r<$gGDC%JgQV9g_i3AU>)uUQ8aI=hW|hqZ3XPiD2QL^@vQv}Fg(Ho!lak;3-$pN9@gKWpxnUilMf;weABjH|!AVgXfOk*waMvts4kcHDO_i3`3JP}#(C z+O`losE@kdJg-B0Vplt6bYeH%?@P~mg_6pQ%U^!-t3zMc_=FJhHco|FP`2>_BMcxk z|3ood;eJ-M)lxD3*4GiKv0xR?V{iZ(O710zcLz=ItYn;|FE3>Y&0~12%?z&3B>whv6q2(&9);&^ z%_C>O-w(=od$h7pw*J`C%onZFc%B!;xcg&<&Yxcf@xdy1>BqUps{4gvY zW6d3uSfs*eG{JilF?TR*r&?f~RxpxGf5Rj9%PEg`K!U!&FCEo|fiEhNZHuLG{inOt zx+i{A4eUv>=2Ds(5Lv0560GA1b$KUFTGK#6@Pe!Hi{QQ8O$r7FJYQMaB5l zk50`%(lchrp-|kP&ru~)JBxM!;L$e&m=^T#RH069utUCb>Q*fu7Xvi3YbL}R@KDp1noI28!}{EuUV23a+I zzc6ImTtP1?wzv6o|BOl~ZX69dFro4?bhDn2pv926fGFgkXQl=gEdo{{T#6^;9 z<(CkaiyPkxyV@$*IwF@+@%F)c5z+I=17H`lj>?iYK{;AW>C!85{We@NRh%^x#$s3A z6o~}~2J!oxcFN=UY2g~GxGP948xpuXb%ffQxb;&zY3Vhq-B@&1tE4Xc;E+niauSzf z9TTQ3OSavNa&xsyJZVZhylbzLd#R>mT1jJ@WjQm4xf};u0 z9hXa~IAgMMh1T=mQ$eYyy1AU+c3IPSEgXp%tEw|70X3S*seVi`h@2W-d&ts{HZcGZ zD;m0VY>k?ay5d@9kIO4c6KNRD^xmbnG1Y{4N*fiJmCh<7nqV7h1RHAt>yMkQNS%a4 zOU$J=OeKK@?;tEJ7E_xp@tx272vU?3QTVN6m?-Kc&L$~~CTkUX(p#AOvT}Ir(?y-F zn9I}{iiZ}>p$%qPycLfWQ2|uBIVfqv=)d(vNXOGPB(s@q2}RN({Z}_h4i#|fjtw); z2KqE{5^7vdTNn;1;P5nmu&2cm6i^wn>qSJ3MB4MyBjy?li-{UL5yHtM7Rchyw<21; z?R2l%RS;>X@&@XO#AaFX3slswn17Mofb@-|s)m|0 zqqViG2m@`J`va~slo3vXA(;9WL@C>~#c#M8#%TueS-GO!-cn521GPTYqiJ)0UKtZ8 zX$&4^QHKl17^?di+|`*%fe>#Tg_wBQNrm#*@+03K`3rmU&gue*&GzzDqs5|BsOW#8 z7^$gKb-?%lfO&t?CUUq1Ec*M%4ilxy9&zF_OA7RJXjEb+mUC*+-xMrv%NS_r|Cm*O zCHb#6<9qy&8$dRzeXy*z12CgMNx@7m;6w5O$6_Qyti2=*F)p3#q}DH?IB_R7*HZ1BMtzzbj0!{4hj$14m3HU9rNNORBZ5 zlZxHWTlWr?;T&FK#xFc)hcLun zy#(~s3&3sp>uwxPY1>0HU?_6JTH3x7Kn>$E0&2-&78${Y!;wVgmlM&jCFIx+Sz1SJ zShZMHZ<1|%7MB@ML%HdSuB|g5T@Tcc?kZDx6S13R#Q|Y-eLIXg6e%J}>sqvtLzWD0KANp3Vv|!!+qIOC{5<|E{NVQRtZq! zi8+{Pgus%#)rsooG6L3#2#M1&%T5AL8X)SpLz9N=!6>Ljy;h9Y_*a7O3)l?kJ&d># zC0#uzrU$w>jpEASyaMv;4_ioNFjaF`iY*Np4A+v@?9B<7vdzui#@1`@z`WU+3?j{< zC~2m^XN+ZxAMIYa5V%BE0`qr&L_)v*R63PF*gl}P5mtg#NHDJ+aB-Ki%nKJq#85ZH zz?rvkmSPI=S?p~z4MJ3+f= ztcxyv)5edX`1M~hIDn`k-w**~O&QRpr1EGrW4%lwX_O}cziPUOVv=&SZ(Bw$>NcRA zP-6-B^dW>7mP~Irj2Hc@OjCBX4qBmSEaA<~f)h^575$kjQWwP)ik_rF!>AZu5e62G zN>b#e)nQ05gwjYU<54!|A`<}~X&G)-I5c9ouA9aBrhHasy6QBbY%|hO*QRgD1h3Hu zMHycXAWoos5reM*h1&ZX!U(WujN$o zD*=NMbQv=W*a>-(qIGr+hgq%k67b#Y$z>@Vv$iVp77H}CQ|P0VdP#Vkrs^T4ena!; z#C8lt3JPztCFQ9dvrFzTl6Yg4y^NL1RrOWb12g3c*+L0MA-fYPX;dk2Q>MQq<5}OD zbHVA0kPAkLii08CfWxvyN`=M(uO=x-HJgIO@)JJ%daZ>oezf&nfzP-B803F>55F|t zo6f#mUM{pQzaHogq%1+zYo+^SNf@pnh#-MZC>pcB(KnZb&=^mL@U29X$A6yrG0j!tWA7}FbbLA`DZejQF^WQLfEy{h2OG}}Uw3P--F(q0E|_G0 zJ?M;4zT|Wx`-g^MQiVZLC6N5my=MfCtHp=H;A|>+`*xDP?tLClEj0*h@h{>(hH@OK zgJ6iUdpeu*c*%UdbuBA`He~gEg`-=-85mpE&_PtU*EyZ4M7-k0G6=gk6f7srlRcShr% z_{cjwBIX<-CUDX09=2e&2`m`A-&TpY`Na?>!9B~>1~#H zlY+}U<@X@cdrqA64y|OLF8za|!7$h+76+LYEWZkF_NIo0(m;u#*9!-o?P%9fjHV~J zwvmHSZyvHhl=|V;5urzc3i4=e9qR+UBXr!GdNfBylET*=$XfB2`#ZA64~j?h>DE{I zoX)ncsk;*`9#B)Ih2xCIDi`3$&euYF; z8-_&WY!#r)ACY@=p@KP?-W&D_?M&?{^T`qt5+;7>b8ooZ83H0~t8N2aCf?2#QCf?u zdL+BmZ}(EvY0GS+%p*m@8M&VFhemILDAv8djkPjT2B~(D3HpL8-fTpeI6M2D*4rMvp)V9N# zxw1>@5@ySp4$qpq8u}_VJNSrtThpg|^W@xi$!2%M$@*W1Tf;gJ2w^~wo!GxRbbo04 zG}$n0J)GaR9TEE+6&OhDfA_fhs%1vVwD(v2D~Mu2=p^?wG4D1NwkJ~;>#fO$B}DYj z#ndh(f&Y)KZw$^P>bi|>+qR8~ZQB#u&IA)XdE#VZ+t$RM*tYFFU*7ktTlfCBUFXL> z=ltmIs;=(cYp=ETx$W~FZof7zX?8di@9^%m71qFccZ+yz4)xCTH`^b;D#5CR2J|5O zz6j<@^>vP4khPKDQmb$7H-1~A%OzA}MP{c@j?0!Yc* zFGs9m4=h*)>=ZZ^aU#A^JKO5*2TIyymV#pUhbsGoVwcg~b%lfMd&`@d5+T1-3^Q#* zJ&795h&gMt4P%C<4Iq5s=l}Ae_S+OEZH)Yhw4|{)a$lB=zA`!QH9C4rO=L#dtf_be zmH0T?)`E+^!L!u?Pk=p zT~gtk%e$J$z|Z6Ndo|SDA8jFGq}0Tpb;053AyLHoy<{>j_tu*^Muh(%l#upfGSgOr z(=~(Jw1$M5+zWghPH2%ik=&5mv);^keNld8DSdSr>bTDE;D_H8;4FrRUpsuEJlh0+ zleJ0br5J%&j5jcD1P(WxB1cu`3;nkwZz~W+dV5O0F$1FA?7k)VYr7-jRj()T49v`Q zIv?BgMgF>}O93?MV1TP zon=~u?E*P+5dmX6%6lev@OzwYh%Ni!WFHf5h|H=aRX_b<)YE zBI{kwNs{)@lVakh$vc90e5TWR=)DVg=#@@Yy#TfYuRBwa=YVkCKJiY8*1}{1Mo3EX zoaPeh{hd8+IOjcBF=TT0_7DI(C;w~F=PnR$?4e58qWR`q@?fJLNo-IGw{7yE5UIo{+%^xCmb;|zBwi(N?iD2K!Q&;{&wMPht!#zDN{sH zkeswhQO8_i%8lGQD5`20jm(3)sBId^eopPLQ~lOnKiJpEy2q7f@Z-#t8p;Uqt`(Ir zK~?etaJqKd0erg^E)jPBGVuE{Q&byJukT z1QNhfOW8gGt|jc-i%>Ebdbn)oTqxk}Bh4t@jwkSLgfvTgCDYUcoAjDP(m}SnT(1K+ zeHkKEdV_z_7)wj5rlu#(2M-X5ZV z4yV+(Nn`m0hv?B0fcYUD`Bj(^m5s8TM~z5y4}6tO^1U@GcI5pGjK7O|2$cD%jl}Hw z_!&yv#uotwhx_8mEs0h?@MnfO6F zE^r%{r{=N{CZ-^bU@OpX2TTo&=cTM(_~&Z=D3Fz0ij?%K3(#-SJ+VXF?BaS#;dHQ$ zzB=$2+ct<=L&uda;&a|=AjDD>b6#uc1I+siH1XBHG4L0VymIB~Bmda8c)fE;1Je6X zy!Lw1I#K}5e6v9&_3DC*VDZY<8cx}?>E{536kJBqF-H)@tkHkLq4w|XzHaH~8uv=8 zMS0We7@N-45d?%UHXv$HbwtTH{RfIoTwq^3ltYOJ+B%73$XSZ;H2qh~FS0b2>SbHpmJ3=9nN0gB|o3SCTQB z63Bdl9mpn}L5^VEX|cF;gXyTg!MExSdE9^@+#MP6j1+GIUMg(*@T34oUb4_HH~ZOd zsD_^>d;2bS@Oxk+`s-TA@tz4NC==?G)NU!&K~!WRpN*%9$71}W*#oeh9^<(~Oh(~L z-g_Q|B{|~aB-DmcKW%$uNOM!-jrp1i!v_HIB1_q>=>oIKw(n1slcy<#$Vy9Ejc&ir zxj@|%Q`@=C6A1Ht4H`+^Jum9(Zufg$E%qzp0c(b}*%Uy2uBFA-Mg!3JQDCa6#R#xd z8ZgoR0c1LiJpjU(K5(;s91jTJb_@ift$#x4TLO&0Z}|q6RQZNs+E(?&OlV_>Z2@kc zO@-iyZt!J2U+Gt_yKN@LnN#pxXi6@|N@>r#BU8pBsTZ$Rj^bf(Z{tKy`Wk_4w4~^u z@V>X+N*9*Z`@r-|M48~PKb4T&eWw#V0$;!CcOiW$K=zU@k1yhT% z<<%8Q>8Viwg++%DdoFMfgkinOPp>$M-n|*w(sqhx=WfBSdsI2%Zi=1M@o2fND|hI{ zb(GX?45k~jUU zqc`EFAySYMp!@q#0_j0k-v=3dvU{Bf5U;5eQy+z_pK54=maLyb(HUv_%e;nNf}=FG{a>kts};#KhDl?mb%2_=O&=xEUk>L@i`hu2TJ-cc+p zd`wG%0R&ZO>>~^JkE*V;`BJ#tV)i z3mD;Bp(`}jxgHoYDiav?e!$#T-57VO?TA7Q1{OE@`o;g5MZYfaAKh+GdBU^XQ1sJZ zUaMK}EqQwPV*1Jx2YSY&*5&|9UoO`Tzw%5Kf!}!o>ZcOPPgs^-%*#NZH{wlG@W$sp z%Xct>C41ja^L@syz+6eFR#4+`2nP*^1Yy#z93xuhZ*H|M3QT1 z-?7x_uWT?%(pO$I(U%`XPV(^qv5_I~;_McE@i{KW@F*YhF%O&@LL$CCEqTp895!F85nhe@awwVI~bK^EYphTo}DGC=`Q)e2zr#p z3&+mS*q+QH4ILiUxPN_T5FMb_df01ARbMdFxjb)D4~#PXS$3eoW4f^Kq>8E+WFrzp z4W@tA+i5SM!L-K~1Bs-F+6=w?A#r}A+(qc;IVIY}Gy2z`t?TtL;tSI?(6i_YxiAKq zy;21Lry*PiBveK%jO`!N4rr-5TB2b#ed=nt)o7Vn<(n1Q>)Zl~di^Wo!L~iR;UkDp zdu|?_LE9=y-lZSGu?;|^n8npvO~)MvYAfa20{zAgP?m(HSORw-M4gcPK`8QuE43Zn zUewz738vsHDZ1uNF0KLyLOb4O^@v5lp&NW2fv7pv~B6q)nhVoxx4#Wyx!n6=StvPg!lwI97 z=^YR8OB}u;G{a<_MppvHQ!)4{k?v ze`KB`{_)DJI2^c#Zrmf-t9JN4%r}4>K5+F&(vDaZ<|}B>}DV$$R9*z&k-*5=oMx;pp`!eu-8`yh)lO+rk_(o0Y;pNf$ z8-e$EGV_;%2ArdKc4I=qSBWy~YA zBDE1HS=$z4XG9*Pv;v5lRx%ldHPu|1Z5B^I6ee zC!oa&W99*Cikrw|hG#}xGjf`x%lj+igZtm*UvpG(95l4uqJ55x{~KC32p{Tu55 z$}At_6UuqKO{ok5r-*yNWhr6@v&$La7+g-``TbAZp!dinnKPMwi^Pf|LnuZ4c>U)> zYvkW1VdQm&PGPrwD&(kBL+NlLFamT#?z*KPSWjL0WfJM2Pmh-)7|HwhbCb_sxU6Yo z6RJRpi%00nG$JLw1bxVtcJ-hZ_{7e%JLmUFADOJwWV^{E-Cc#)G?L#xr4dcbne2#e zO9C$lb-mVW3=!b-8C13ANae2EeA+Ssft`h*$e$zIa(t*c;$GK8wQlr=iurD$mOehA5K6mk3FD$#bxJh_ElyKf11UR02y0q$DgqWSFBn)=7jt)1Up-Qi*{*=H?z^Xi_?4b^I@NbOWqREsoY>2-kfwH zDG^*&OrxjFIx3KJ5>sUc3^eAQEASLYbQDm6`TmqNV{UO1C1PJ}{5RL_mfJJ$71j1O zIY%{pefT+)a^Wl0elS*#90PjgkNtr8PYwX&z{vY0Slc=iI`(}1EMnDr$T&Y!ozD_g ziXFHE80}nTZ^!woT*j(ch5hAE&E`$*pk_OqN}~moL3AB9Qy5ru@3rBq+x5PtK(H{c zg`90wC}tFpeYHC3rGG>X#*&C!>3`E7;q|d~0`6YX`sWex@H_KZ3QMEzY&l(9b{Qnt z2K(+IvBl34weJHJvQ@OUN5Nz;rDaLR&QAizb>J8kwpKc+%u$R!=J?yzkFqv3K$*$d zMuTyYQHQeRBkGap?x$Dg;~kki_vNQ;Dr05nB(2W1m+;fPId0oaU}pn${@U|Qxiil_ zkVRj*Yrh9Z_Hwy>2IgEknjIZx)W*4lnDw(SpUr>;95xL(p2NYx!>r^!4<0O$aIU_Vo+|@IZrrqM5UZrcJs@xCL5J z!V-Z%_w~1bV>h??Mc4}rG>@VL&ONl*$zxDxI7}s$DYL>%XK(cYng9bwTxKR-IF#O+ zLXV5(M{c|9dFd;#)y2RGD^$g;dcVm4^G0D&=%ae3jE|9Wzw1l!76nrk{VBGm5!$KA z5Kj(vkm@Pmgrllz=Q?q^rC}X+U?TLx@}tcazaQPRmF8rC0rm7rT!2CN?dh=(n^bSj z#8%+r9Kuj2!o=KM?RkQenPnigx{Q(jpq?TUQbmY#<&9WPnsTtlg{DjWBT|RRy)^3<4Mu;Z==vfo@I^Hf&?R0N( z)X}td46RVZi{N0-U4tm#Fn(Oh89Q~;VqiAMEqG5CvblXaZxR!0m|El}uLMxxGQt5$r4E2!hdeKN z953sRdS~(7J6Y#Bh1)$1U$5&=d0+7sGFeK)6#>(l?uWFE_#RFEk95qdNUw2J!IxIf z1&At}tQF^IDR~*cmS?5j-#t`*Kgg0W;y;MMIQjXR&$CZB{Rl#moA&&ZZm;a4{yS_b zmYOoylOrcFYK2T#Ul_F@VS@wFl_?a}cpcdlZJW(B-J0T33`-S-{LV!GfFp19E<<)W zo~lf zeQ{56S_;%Ju89c@0fP}r*4Y8vj2^APrpIr3RFbLW^=XPfH)D%03-o*KQSM;1(M{85 z%cI<%uQyrYwXgZ5+K}nzb)&I-9m|(iqu?_T%)$V;9T=~IUEe++FF?8vdUxH{+%9z4aX zeiCl3u)!VN3k5Y35R7R@ezvo^uJ^>imy7PK)G6XFfH3~`PtLMy3(K3DqfNWsXJ2mq z`2qJkFYbMrYH#lKyeGIV-O>Kn$d5STUyb&d6g^EN)!lIhM6J^{H3AO31o7*sYU62# zDR(a(gzj!yRD}4wc^gG$=v%3*mKKvbxUQPR+5a~r06JPs)=Rdq9aY8fPJhSNAOGDC z|DMvDO()~Het9!;=4B<83<}L#XIi(8yWv<6Z4=!m8@I=C^`o$=&g7bmKI>qd>a}>4LhEQWmDj~0PCtYE{|P^PQ+fa4t&S74vq|xN z#|^i7|Jj#rV3VquOjI(BgUA=iOHNrx&(y^%F1CniNG%e4$OQU9saWLuJ-nGr;E8MG z;CY>`i7n#S@-9q*X%$%`#omUQA;l_aeac0Xrc+kCcR(q1)=y8GSya8d#JJO|jiy<^ z{nAy~grygro-`@{AUS|i(hy;q3}Kwyo$}VhYDM4cnENvtlfZ7K= zIM=GHjrJP%(%HC3$jZh{3f)@JXsv?5W~r0z!#m5a`Z(8;%@~%W;bDnQrWhs&XIV8m z1T7h)z(Th$;@p37ruDjz)A$ANIPdpkYm^WH);sdv}Mj2j<0(*pbSD z>MK!YV-`Hb%qhMFGy}NE7_4O8m$i+5xO1()R-pz#YdV?gj0qW_@rB6$5q#LeneIz@ zv^bdbfvfDBH{RClO?yHcae5yiIp|Q!=7i(*g-^G@t$+kVkRax(=&aJ*M!Neu=kw`4 zUq&2Ve6lrh583D?Edn?y?ISfm%QZj8G(S%@`LQW2InKO?xjUy{5-^`*ii_Hg#ZwYm z`FjSxHCsc8;^Dd}%Cge)Z8Qm7CkMxZqe0LfBc>B`Ru!|Z{b>}SQ6SI#R=SGe3~3BW zZ_?BF^W*Hw%*m*+=w&*8Z;^cZJhTi1E)TBn+l-ak%0a%48!L@@X6mbTU(j|)JN}VR zJnPzKr@>ya%%0IKO>c05yT}ekz7_OKsgio(h#}gO^sAeRr){<`;3l2M$e$2aMp=W1 zn}}F72sqEBab~dKc}D{SCB65!1N%fYHKAr#j?C$JjcN0PHJ35qqF1D93;cQ1<~1nQ z+<%n zH5Y8%^}P9CxZ>HYB0j~SzhJ&~3Ww}8hqJ3<^cZqQ_0lXX+wODOhYE#e@PrA8YTz*!>>ct?XZ#O`KZA5+wb6A(3ra9%zNAoV^Q8@Dc9Jz**&~lr97cgXBu2Fyw zT2VbnqpL6i7;tfz6`uOPN1&K$(YC7#9q@`_wX&{+fy+QFmXDI6)dp}kQmI!JCEBjo ztruJORt&UT#=IITG`(rxj?qYO>&?=#oCiccnHT>+44PRv;-G+@uec79V>!-kH@-f z>ItZKpBxp0($ycQBc2{J$-yG#V1B^7xHSbQy$+2LFHYU^B%|rr!Fjmtc z`L3ejc!x)Nr2!PCcOe%Y@eS{)Eh&DNAvn~l$$f^qOI#=o*|B@^skh@!d~ZcxZnqvH zzb1y;FIdXXC)3u0)e+^8=owqT&22n!CU8gbV{muaRtRm95;KiXm9tT5USsZD z_Ph~g#vF38-rm4-W;Hul`K|EA!c1egWO^GpMg9Thg*tYqJt}tj;3GTdWuB)QePvNx z_8j#&gvFAlNpCus4^>ftNVSmj5~E&1*RA8ou4X2=(BAaj;*#38Uckw&MU1mU#g+B& z5-gBmE84x(zl6t3zE;;WqxrAW z>lr~9kk|2gHOxJPpn*9H z^H=;(g!7r8Yc-f@3ZkGZB9qiO^}KBUowm@yKI*=TKOQe6PwU6=2-cl=vz&C;Xq!1> zCTJ({f&4nTkf;Jnj9^%zEIw8=5WUZOfW3cd@12au4-W2i{KCf~} z+B{$;42@jhM?2W{A#`Ws1W)2 zgteR;B0y1^It0n{kEPK}8-|@;k$FXOjISd{tOA7LaruqSy5+lvbsmq2D^As(Nza9S zJWJq_qzn@m&!GxCGHLvpZQdo#^7u^K$u;7=tt4IFe)nRzBfige%E#GeM%J!px59f zQd2DF?@W~Pv~_~YP3lGezZ|m(tX#!@(kS-gKaqC(XX<)cpbwgr*REfh`jMaS$Giu5 zv|0@v6zc(%at+P%i2$15dz^{!MwAM(9L_?5B?qo-mZt_;98@eJsGka3 zz6jj{t$8nJruLdB#*|0QQ_1!xWD1m00EYZ53a`4h~G4@X36*#OSP|_Xt z8pm{`!x9fM!@mS&Q^&x?IQ~9HMV_#J|EIf;$A-C5*vL;4-3bdxfev7wq?MW1>6Yy= z)LFTAk+B?tVE;869K*{#xs2%HEcP`sfqZ?4@EE;sg;#oqv0zNs<18iiD+d$aU;O9z zPPHEgqF3&DZ|}tGLkW~RCGw&SVwtE+k z!TQ!Dg1wDP3j9@0urfMSV=Wk~O{?bD<)lqh<>G1Xb8zKLi+&RO6@$$PMr2E&;&f=` zlwEN+m=R&4wIP%T-QMDP6LEJbKH*~SJa|PF|L5I{smRrHe}Dm#8{%Hl#8!=aAL-ZV zPi#95CBA-$%sQ`OcEA8_(2YFjdhkA<*j*-l?Xq(PFS#_D&{PsnOtg7P4mb%RcL5Yh zejvZ@8V?E(poJLXQKg&P}Oqe()%6^cJ6+G z?q2PBP>e#?(8{Q380!uo)ox7g_RPHi!lomZn9P%M@j#}t7h!_W-?3Ch=3~-)o5L46 zFmF9yR>uBdI3ttjS+dr>Y<=g}LzY>lOEGLDdpMdi#)ap%TwO{wW19b67(twzShye~ zB|VQU8HVqMQg;x1sz>4PTRjbZ3)LbH>cb0{uNqJMKyr1u6}W?7Y`1+9Y5wK(TObZY zFLzvyeNGPny()--G7CJgZB?7Y`&K2VOXG?Src@x+&K)paJZI3g3d1b#jdmdq6ozkxzpY&hp5y=LsDH-a$4mCzU z=dABLL5qqV1_sV+Ii>zin{lbPkNPAHVJyl1yZFd{SuHnYZiEEJRvQfc17lcEi(QD< zh6dQPI@^0uub+SZl{ z4STuAt#?}*h2vgm;f;l|Q!3u*=PN8$Xn|aZb8cU4t~k71Zky4YP=?(5ZwpR|Szp7& zGrKFVUM!LW+v7qia){It0LeR}%Sj5{K3&arvQqLf+cO(XV}n^i z2RN57R4s59O_WR+{&IjNiQ)}~+cMnsa!NMlz$P!&jW!CZ(tfCDk|K1Jht$eH&6tSr zfi<^Io9pWWy;G*x5@)@J00n@xl3CEPQ=)lM|0-FMDZUsF{~s8?Hbs*KboQ>~RYb4ax3QW=w| zBBSj>EZ~a(^=^)v{@O@>6<0VXUOgRU#W>Rw;xYrnh{t+(TMZl?#^m+jV*BK1*aHlN z-p})g8r9Pop~fPdZ8oNEKZK++&V`m%rz#Ocd0y#=N(C&97MI4LPnT1=jv?>oM5O7{ z9k6y@MoN-gza2Y`iSqL7;qE?9y>EPgC^$KF(m!|H)m|g}ZLF>MHu-Z8;JK0}OdVCU z;r}o$8ivm=>O+cvl{$o&H!W6}1gpZ=JoP8ZG0-B9=@gIK_H$g|G*cv10yGru z56ytQ?<=+XJ3S28JX72)Rm&E`qTEDe4`E3C61z&~b+Uioi>dZLS(s-m8K<#v!TUIOuOr0YxUpSba;E11&Bm_IaQNtfVhVPj2+W7D9Sj%8^+_ zhFVquqzLjhodr=|6D6)aLMQ*wi4wMDGe_YT#cGj@oA>NWXOcV!EwIMu=#e;kSV;k> zuo9J8m=iOOA!i(Kl?`(qbpvwcY+Y3ov4~mULH6M2E>TqjGlO}{uOKW)ef-d9o>mhc zea4)Lo9H&cNi)Bci?)8+F3tC^p&CsO9hkFMNnQC9mTrbdHM1+O=5VWgoP0*)hOXKp z(co#k_jvm8>`XuKNQbQw#&uaf(t{a71Mt)WCP-P5V3$XDnuS_tu|mhwA+&ad)GrKz zd^O?Nld;?+8?lr_bFF5<_-!Ho5=j++7s?vRr|vWD$1qXatZ}#)T+a>m8QV`&{Pai= zaniB9dNNPJ>WxO1wWjsa@fpwv4S0+ZSmDWKjxP_tKTEc-d?qp=S}7N+SYid zcuy9Rxynkm@ryYyDy~unP|7UupQ4$H&W&T&~jr#dqFO%g~9NEItxyMma zbw^Xcx@yf@z$Vg%+%)GW2EvJFcM>7DRpM8b_xjnz*rkgvr(Rc7 zkUpu)P`Iz&SKP}@)7o<$A-!SfgmOe>G7=bREt3Mp(Ij?JihhQU5W3AAvr1=t{q0Tx zi{pa)aZb_T9?={=4X}qq(Ug+4 z^-~kgwfp}2JWBfZ)c||L=EWB^_CyBl(SN~lvAwB6mcZBVzJ2Rks;wu1U$sDmD;`)%OvGlnsUs=>uwB*BgYDMCP%O9 zAoD4XzXH!F={Key)$T@wMHM41e?ChCSW=Jzjogh{U`N}VCp`dQ>(znHxyHZ4lX zh{&dK3#rH)y^(qEojc9GAk@8WEz2S=rV*MU+wiD!@X*1>t5ux4Ymz!q=`%OFYoP?H zHE4cPVJH|Nv$Ic=6x7^y6_IZP&mlK8uDM+y3C`JM)bnPKvP}0%X7_lJynqmp&0w+E z(2P;njP0n=?~!U?nQCx6Z?UXGy};MVx7}075H2Nr@ zhN&Hq6v-a8jXl?w{PqY}AUyq7jh3!?YV~w}aLJLSxh%{n`g{#J_hU;P8VJSj&`>wA zS*GoIfnZF#`Ss`ey^6UmN5+k_3}X$HR-)RC?4M~0`BFqq|F~z>+&!o7ztyVK-lNs^ z8v<2TZ{d$N`qO^)Q;!o4eth(tXQuuC?s!QdI{hp1!Rvg{sHtNMoV22fbhUS86CNA(; z28fO;yOcsm`_(8;fB&);C}u%fEzQc{iDkAz!)YA~{UNir@yLfTT=n1WLEKg4Aa@MI zg}3G63xcs-wvJs|T$d}eq3gs=FiWE3Pz(w7w+n}B)Xw9ghB8wZx^_+q0v(L~X9=nzEQ;}X zo9JhtveMpOv*?4PltePfEd!Wk72Z~o$2^dr=!w*@8)jL*fHU6M-O^EuyYAWGs8l{j zy?hg~s4T6B0ulE7(n5iV`&7A_Va#RDAxeA$<=2&aE-9UF#nC5%8q=75DxJPeXc=5z z6v%g(i@cmjwEn z@Ec*ejV@SKeUR-zR%w)55ku0ODBg@Vb zTb-(qM@CsXHq4NLW;dlS5n~on!cMG@z_W!Y`#|8D1+?wNG|d2Op5wXrS;SZpMU2}- zw~2Z9@KBEtmcd(wNdkTSVBMQjn!a4q8)1zskts(*qpl+J8PnH(af=}HbIC?`!uq^A zl1>EL2gsBeDqX(pa|q9#$tMA^u#yn9CzpWk-e1ypPy1`Gyf`uo>2QXw%b;l) zdoUSk4D2HRh1=-()Kx>{$wobNyBtxAQHsCwU~-jkKM^%!on@9ujxW96Cz8oY31IZ` zh}ursERUVo8mLT6gWph&KgV|OP%C|-nd~{8^_&*vzd`p?hd`Cqju7Z~8jNLs7$R*n zCNS-z^l?iRX%{&lWH#gT5O9s_s5rZ?mb{K{%NL| zs`QRrBL-y7(&ZYS0`iYrc%AsL&MO-6OW;&UBC0e~Xt)867}N*{v!(-(g8)GiK(J2pdS8(=7#dYq z3Yzt{5=>uj;n^sK z{^udY44KUByO3i$?V7h5ydgK+N+F6oRt1yh`*8zBi!-!6PVO!}Jz`6NKH$K1fp$Kl zyub>d>tXLG$B$;4xNIu8=uL)^k2;lq{7+@oAjFI>91idr7q}|B*PW010RgwYwvIV$ zZ&h9H0Y3A4)oR^VUgs-neTytxe2bN-t<%)EOXYy-A-xg9uJ75np5IXU@XOt#qqlaEk9-IBmU{jt6Dm&AJ#)ROQh%2 zfK>oAfn`H>V7A6I&gHm;MBJqF-f0|Pkntu|V9vOd1S`Qkgo*pC7880;TD&Dul|!E4 zQGdnjxIh~la?NB2{r%2=L!ZF^6MZjwZ2xys_MbIT|3H`fonAjh;oN$TKRQ&}I2(6v zU6o8(Alx@sL#MY{o~0qy4?#jt--lth7btLZeZBJ2Gw^!nvA_4C*X#9c$Jp`uuyPsL z&!ooB~>0_xmqWKZkvAjnXo;weU}!aFj2z8ze7WZ^v(UL;kM3 z8;;-04uedS=W$U`g-9ew20IP@bumSnr`SH8j9t&L%U)(mFADf4a1=b6_L~f0X{m>- zH|S?1Rh=*+KO4ehYjsWQI)$QyNV52kcw4Ixit!KgHdaPQ9i$Iu*)2bOin~*cyFM-` zGPq1hj$PV&#Gs!Wmagd}bR3i~Mpd3lMQ>1eVwTZT|5dElb4|Da_L zV#kZ1kKUSm3La}r5ECgQFcukDq7d&1560}$M-qkVdp^&t>#KuzyZ`h7^9kd;?UD8~ zyQbMQ=S5{zU<-ruk5GGqx~r(;;N{?D8$wHBiUdrROZ78amZd3oG}}mbLruj?kRnt6 zpah?xithZ(j3y5bu_m9;ahkc;qdfwG2@xs^3g4~+ERu6m#88k9$*x4>O+C|Zc5A*x zY2a;}Q|>(`;Om;y{hT8mg$iwK@X2yi+X|(By4B&ZQT}Sk>~aQYg;Mrw=fi#vdc zZry{?<0j!UHwQ~rOYtX-(o9Q;?4gdeq1>{7#+o)06pZWei_1BRBeiXw{*HDP%ZV2xEpMQtXLCsk_MqjGE>RE_qZ z;U9ZMg7qb*2%xbSoEg{1EE&2`mr>+iq4Y;u;o?yJ+aeuoAmKQ+z|(O4ErFm12c;T? zrXJ$rXm939DH2JWX0Ct%(WvCM&3CWl=xGKNaR`|ADB;)jAa)e8neAANG|G8djC{_0 zapnl$b>OX1wjY3BN;v*+_lE5xP z6#A|$U&j>j5mPd%HcrK#{%0{KnBVD=iGyVORv+0o{BI#ASf2?+vQEl9tDK3zcjxLY zP!UJl(2YJ0=)1Xae!#Kw->)*#9XgQ^{N^t1C{}@TP2xJ&>>)UQkP0ZU%#F!)tGh%2 z7FX`<`5R~M+%1pPKo`#WD2pu!fG*On2pv2dSdsccRENx~?heUO9a%3T6WU_hZpdFE zM9YN4fX9@3w$zc2_w2OQ)hv8A5n^>|C9-h_In#My>>JgO>(L*_&Z9ai{*pJ-kEiB)Evw zUh~o&w7oMED1tP?%$#f3?^&h5XfK=-cOy;Qm1^Mny6^2imE3TgT2S#-zj+^oil=@siFs^PwMTx60bL zt99S9X66=d$$HoQrRT&aORqIQ}={G8jk`4t#JH%Wh3vu(wB8GO@|!4jacyc-3NLPsY+qb>nI4Sry)5z$rcG|=^fjO%dR4YDhP zdu5U@W4O)s41-Q{WTp4O^<%ONcMc-maYUnTE_xpM2eQlW6zU)MI^RkS!oxEOQjrW~T7U{GxrH&ob~Ps8k6TlzW3r3z2DWXK@eTCQXM5kud5q z*5&<)m_xNp*{8|L4xvrH3PvDb`jIhk$Gr~w0`fhCV;YJTi}3I3)jx*cfmmoFOENVt zcO>Spo*3rhI(q#bAhMUHmsBXxH zC2TlIqI9ZW1-PPADhmH>9}l+dg&$?iB1Fx!Xl|b0=rU6R$bTE$j%DDR{VrPMT!#L$ z1~S*vAb1}`?I-ZA;&J9twrtQmv}d5LJF9t5;5}{0AU<|?goVO@8|jtZK+{L1syhtH zcURMqkKKd#%cJKxM^B9nrh~?W8zQ12>E$6f(bSrlW@{d`c+Vg6FJ8h_EuOz!jgD8D zCn$co4E17(@IRUhK22X=W3#yCvJqq2;EO0~CbCUmxo} zf=suM%@_uoH7ei!pvkDsjesY(*3%|rYN>LyU?Z1!~dDCHHeM-}dj6!Rj&eEbhHH#@OWNT#@I zg9$GnUe+gP?gkLI+T8KSTl3<}Iw9r32jt+PweE1Mjk7)5uP}80^@mOJq~3%)7uT3!R2-4buQsb!-RIJ3G;i3| z$?U#ztJcl)X}#==f$A%phAy$Onm~GOvYd_Lk4FS($Tj|JS92C!h=upw5t~S1 zVZ3VqrGQ*l27qhjLR|l7*Liu^Qj*u#E9I_L#KT)m6oac)dEmBWYr%y) z80_z@S7Q80LWQtLr}T6u7jJ~-XQt>D^_W_PCJTGu=cJlE?7`FMAePk!*m$fYrH4!U z4;S;>3QxBe5Bu)L!_Q40218wc$j0ns8G7taT%R7>vrT4QWP85yY)>2j&El07beu?w=CPgyZxC8~yD zIP2fMd~vYuc`d@6$|0J?T!3JGz1Oj3x>0@8Hny~_1jCnsl#=66%vV9ZcyTy)2-pS} z!Vafj%UPDhAwA)xPs*tjmVfzetxDX`A1lZ~FQ7(yS)T(U<_qvqm}md% z<6%Cpk9qMwd;7KcpMw`G`~NfjHWmyC@I^yd&Q5C^D&`@A0Eer$mw|qJX7WywZ_)8l z$qR8hK3dx#Uy)08$8wtJ;v0f&2}bj9QYEv%+;ZzDKODdR{`B4H`nGXJl9V-2QAlzW zL{+Om7d^rBKaJO@_I4UNV^NvU%ztMp1Huxb4d>Z15J@LCw?0qIcfb#vvJ{$;-~ zF4^~lrenvV8%gCx%8IBgr$YbP3Ieezk4+>ra-HJANUi}PcEg*(5m=0y^%)=ysXaF(kWQh z4^d_;$1Sgbk`28F*Su;9>wRVDZ}2X?Sl)HuE7#ZT3vr(PNUJv5EXr*>Su5vZ`T-tM z&rJ!qMIvm~OT~V|YyXj*$JJ`-rDEC|+(DB)aZyVC;~#5&(V)%h)*@u?)o~^noduRd zvs`VgSjTFhno>`tn=5S2-a#ZG>?5W{Jv&!Z=(Y)Nn00nCaxN1K(QZ!cZ+L9C)b%w= zHkZk@LpIEm?G{G$MkyXWu-tEI2WDKx&q$_H0VyL|l&~B_k;*UCqH0r#h?|>o%d^3F0N2QrO8K)fXgw@N=bI}mUz=-U&DO~J3D|oc>D-A6 z-v_N)kHzkamz`?K$GR&NCfaWc)u7|PSd_k1WZ_wG-|EcaC;$5S@)wKI&9&+59&7EC z5~y|Q@cjdC`ql+h8p2PzhJJ=hKY!2~zV6hhJ?e~NCHradYAQRAVsCld z=CTIJ2M7i2V!@}@M67&4A}1^_v|?v%ZG)UC0Ov*v@{_jgqMOH$iGL2XcnRWCKl|Prxg{>*`U~TQ@=4MF6WNpHdse!JE zKH*_}w7Z+LaV&~_7VHlymk2d9B{x>r1PM|S4M`B7+9@!GXxY`;8Wxbo;jm~&E2n7H zCj>?6oC0uvz$nFEleLqJ)8ngC^3&z%1(0>}^V!u8&%`XW$bLs_0P(F}|fC!DN1b)QU$CsTvS zsp({K74?cy4uYIwQOXL54*E@KO(%X`2}HiRgg4$ARqZ`i;RK%krZYQkAf&n^l;xnI z2M~*sW5W&EZuuSWty01{NK zy#YskB;_W93AqWgz{>juvHj#Gsy#H>c6kyx^ual>==YXYx^qb|@xKZjaeMQ89(8{1 zjtl4a?^Q~Xl;30CU6^EErYf(zo!e!_<<@@7@PF`(X;*kc?a3Jo&fnp^F;N0qS&mS9wDL z?})b=x$O*YbFZinYBV|uVUHb1sXANK0ZRP$JMb#vX?yQJ&-yQO{-Z}e|1S>@o9BO( z|MgjZ&iSt*q@2UAgKTsVltU)8!@JtM`s9PYu0aYgoa)Ot<4sF>_ZfE@ed?v{^_zG8 zd*){C>|@UPKRA3*&;Rh^_5RD%`G1bz2Kg3JHrv^s!5OTlSJ>Ldqq=Q9$Z2bBgMd2A zeq80^)e4!^)S=?JTPaKBErUGO8?|)38YN0^QcK~O@w^B|Jin)TBy^=Wff(auv9>`* zWe)k>8fn~U1X`}?(b|R);%sm#OZM)Jmw8ZyTf-?NU+?YhOPab5(Je<1;#zV zA||Q*7L(Ne@4>S}dp>wwJM>GBZ-;)>>P+FY3OjG==0^2$aVNCT$Or9t&2OKY%6`7T z-uJ&JyMEt3=JEfB2lf1K2d`hhUfuuC@$=pP?j6;}4QzF!h~MtGg_d=tMJZ%;+8_6~ z(E0Zll$hJcobxY_ek1Ql{SLMGdOtgI+l{#4AY#aTZMU+eWJeH6ZS8OmQNWjDwvmT!TLBG-ue%G>LWsS_s5 zaq0Wir}goF%hG>ONr%=x=FtDcgV*~t`v3Cv;fnr0%TLq)7M`yb{>RIrh2yj8VpKjs zq8tKUdqTww6dzJ|h?u8`(OQ_bjdnfE4tU%@OdGSd@nwWKt|AFPmqZMkkffwh1% z@YJo!>SZYU=jJ?@WD`I2#rZq=J&^x1MYp>8m}mcM`v1J#f3@=eewJT<{*MYmoib^) z(rA*UI4dNB#L`IU0%%#z1f)*jqefXS|G_R$_-~e1?7D(+ra}@-u*l~*(9+7qJ6A*a*NB`Dss{E-B&=>w&p8ofD0hvetU%!4?_y2yex1#^g z@>|jW75#ro`md*dWDSbM3uWcli@yC4K#5=~( zmhk(*+J^n|2yBO+rIX@9=YJ8W59>FN|9f><_y0Y7`D$-<{-5JFNB_Ta`snZU@%S#! zzXM-@1;d0E_Z;wb;Ljfkp{Gw~>3`IqmFLp{FGK%(8GWtaeEGlb|9!Z3u%iFZ@|#2d zzg(m5%F_D?mfj}{;(2x}@E2;DZB0M$ST@@Q=|802qlw%bk0}4|@4u?k|AW^n`Tu!- zEB^mW;QybT@BSTfwyR&CUxWTP@}BOV$R`UC{Mv6G{eQV%*Z=J89j^R8pXFCeQ7<{7 zG0?3y>R7uOO%K*+mYIL>cI54p8bk_%ikAshE5ffn^X9YY`H_+w(cuThQZM02dAuk!Z&57V;E`^feUszZK zIm0`NCWeHO+mzqSZsh%!vm~a&IEjmy$=XZev|!^rE@lIAd~)_i4lGMznie~fmltIw z?+qcpXYn{Cw`?YM$X|GziXHGDWA|c*6nQ)zvmA3Ki-PAYB2eK!Dsv_VYZET<=i%%X zI`kPWa>kIk*DtD5yB3EMCmM*2Xexx{J0Y2_bI{}I*!pJx4T6J%y^jZnF9umUUb|(p zd!9$I$W~X?Kh^?+%e8>uJEcaKs9p;+GrT5;jn|O1Wxh3Az$ua4ih(s>lb18D*Ps--|U6^U$aqo z_;U0j8b+qS5|~uV24<@y(0Z(MuY=qOZcWF-uua3&}~YAM70*1p9lz!ON@t z7e_Dljt*WA4qhL=_~ym_tAqc!{zV?gXaDs${|n{%^!+-||NiU4!&i0xuf4{@7i?zeZq${vFiJ*ZETQprLIkRp&VksQwSVkxN@OV9!L7K9TKNuQi5l{O<#75 z0FD~fQWb+3W52M^);2cQ@ZZYW?7stC)n))9_Ju0jpa=X0YBvygM|4dG_k0X1wmcmme|%E*#Hz;TqS^~Q;P$lWic`TKGzA} z%pclSYh5>4SB`8@1Y=8Y96@fpfNr+?4M3|Spuz%lN>v_L?5NUbH@eiH_U$Tbony}q zvjyj7gp%gm%&U&>beq22v5&DR;&hDr4m;%|q90q1a`M>1?yBUiFlP}5MEG0L+ka#17Pr-`C zCoK2Uv(2~G*(aE;B_clCto?mH+T_vq*DCH=Cvl4Ax=K~^C~LN|jA;6iI|S=RHP6by zw!W>c<~W45cYaKnCS41yZFQg(v0m5|>ErRl(+1@>_T_6**PPJTUv9Wrmovlo~x-Omdcx2?yL6 z^i%+47HD9#tZ4uq-qImU1UZf(lHi{OCp1a0+!%bvBB<66iYJ(q^&!++s>3|4bglr{ z(!utHeq1X&yJ6htqnM6UE{Zrr=K-}>L_rHSDigs938iZFjz`R8wcU3EWx8pDzXf&G zaz12AC>Y8%0>7bYq(cd&@^9ThZMKM|h97ODoNFDB26m$UTkvZ0%E46HJ>TS2cM8an zs$eP-#2B^(a_$y%EOxCu3J?cIz~4@LwZsB&4VEY^?_b?7bov=)a= z*~6Ny&!Y@iHf*%{1Q8p?G!6FmgZ%L28X;QIr{!xsC|XIhh!}kRhK*>MAl=?PPVVVU zY|05#s~-!pDXFw5Hg^b11k3`OpN-!0;v8JeicJLPZ2DVs;|yZH8}U%=Lh7_}8Aogv zdJwxCSs2-2>c2~I9hb@Kwf^t%ZE6uo`a1&}SHvB-SNic4Ip zA}^U-))_C!J?zFLz6G&WFs5$sI34kPiY^&EB?%v!m4NN6Z-k8va_q)~xr!+C=FEWeKh+aWodN}_8Vc91(5CLF5FqJkyH%Be1& zU=N^5G2#w&N$u2toQ+ek$;KnU1_N14DV5$-HPEznM-ncRq){IczwB2VZ*OIm23wOG z>(gIMVYS$_J7?QD%Z1chh7h>2Zw;g+p#J3GP{nv!@13pW`R)iFUYk~J{j~3?dS?sa z)%v)5M|pYkG zX*`}3geHP(wi~0J0eMM8GaG9o^7hT~xx}85Ee6K(c4baleF>@{5A%NK_SC?Q30 zQ4Max8(6id%s?g3IJMOs@Mw_m@eeA>iM-`wowh?qJ_+9kCzue*C_mLV2_FYB_-W>q zCRASS2_FN+^1*`SE3M#oS%^gdW@EsfoQQ7S*u8iL96yzsN>l#S6f5l5n*}GbL^o)i-KfLO&c_Te{5Vc3L(Hs)|BJ$f${>D zP2ZfJU!0yCU!A_e=4GCcGewx?EpUgLA4*20yr_0ahN?)(vTUj^;!S;5*E<(1zhgN$ zJ0~=XbPSE1+y;jOtp@dv!Q6HZxntDzk=DNfISf~U6ubcdw~b}f%E8x1pED3IVKl&2 zjd(uQ$LGy^NU9&F%_)^57bwk^f>}qr6dvEaUl8~5qbPOI-+&vZ(c*C9H0lA@h$u^d z&+c1y4bF;Oa9(Jnv9Y#XxWy;{-Em{n{`jnxQO^f2|#dOB94-geE;77>28Lt2Iz3Yrc5hyL3kE78lqgROCKH!6f{&NlUR_5 zWjPCJ!J_}~|NVa&s4Eho$!II)tTyD58O?IRm1qx1!&n;TvrNrnO@8NzJR^#>8JD+Q z3+$PF86X`}|G*QY{{frd`bT!Jzj2q>d5X)U9|2m`KbmPRng&pP6CiQ^>EbOO*%T8P z!QPOh5Lf6I@!QevuH?afIg-=+Z5PLXGazRpqe$8@W@Zj`i2-t@P_HXR6u*D52){4) zRschnY(4~a#5Gre>hm|Wpl@PFNQZ!%D9*`=e6Yz*uV%=faOxnr5kc(f(9 zO^j+1Ph;%@Af=1RluX%_=QFssznu}yoT0%EWJSZiM`R0hR$Pd9n9S6QRw9HFyu>zk zLvD5>cDE}gQ#i{vuU@>n=`t~3mjPmBX7IcVMfSz+i~Uz!Ust2F|5V=|zIypWVpB|} z=%DI~;^uLk&tlW8n91#O2e08m(UYp{dJxkMH-m=Fpz2J-e`9ZBE$xH8uc9=R$kz&! zif59&7Sn8m(x4Km;e~9fm@#NTLMc8AL+1@jHicSnglrs&6++CAj>!J^v5}3dr+BO& zcVdlST~idMnyF1qt)z=ZPDi6SH2mv)#|#OGmIeP_M`aNG7i2%1QhBj}rIaP3K*Zye zML0$~?Sz(~Z9r|kNg~biOCaGVaW;{p>gNfA4R3jrBaPn_*cr4V_$h-zP&vgfCKMMC zMTO1E1l;V#vtuB|gEfnlKwWW!?36al(K_IH|q?={B`2w06T* zNI$Zf7uYSEc>!AOTVb9YS0Inuhv?o**3pGa$YN1opYC2>zEuk*$PjDrGsJQ+VN*9r z$^vStZw9aM%9^rb!Xu$?Ei>b4HvS3ciJ7hZL$5Q|p0p=_!S1+HBfX79<&snZXgVue zSUJz*Da~g!|DX(?x+h&d95hT~>P2O8+hSw=aED+`g&mSG8p;0-1_MJtRmdea^>*fF zS?~-T`~n-f7$mci{)L6gPwxcYzoXd_nnp|rSyMQ=>uLAiSWZ2YZ2ZHJp3Iw$KUu9y zhL@fL?8s~!OokNZQOyEwhYjVp(HQ6v`Fo&UI6%J){2uUpd8zgsA)u-=Z=fAKX||cp z%vPDs1c)a4-y96~Uwu8;8|>{Kydcx)r6Hf5;k2MwQ%Gz*rJ0v}n$3XfF5e@x%Im|6jjYVHO)RZr(mf^4Dg17oG&%<$asflkwH&;ELd zzBftueV~=dLBWF|3nX{TqF|KsX#f_a0NBhx-l5K)zr??xQK>x>A^!hmP~r$ly?QJE`(Jj4ak?ue&QlgnI9Y$giQtk+iPQ05-HC-z9g+X|M=vx~2d8#~ zdQK9L&Q&uW^v2)cjc2f?=iZB_*lhKmKI0`@lHq{N^%narSSsQozGJov;-t5vow z{n{>n{rYWshiOX7h~j;890(-5M*?0MB!*1;*r(CZypWe8YCTj4iB+irr3iVa5iC-y zGd0@wTu`8(3{q<~iN_N{?`WK;Y%mJ;zw;77rwp%X#e%|0nE<+l5u@N5 z0XrFaHQxxe6O;GCROm2by(JT?uG(=6x>^UDaKAeE1j`aHI{Q}t{z0;fR})6ykIE?l zU3OKUN^9x#(FZsftgciM=7oVn*fYRuQMnRgO~RZGtM4vmFQ=#J-JfYLRE!d=CtjXD z#~NW0&~YEjlJZDt1S~a>-HYX+jWXGHA3m&^y8>KLj>!6u=Ia&@R()NMEB8(0?2w$% zD3*V!tX4EH%1i}@Jw_};^<4KEm@Wg=U4Y%~ZdgF90n|{c;hf7Rb%m(&lC%i^1`$2r z%NsGK$s3l?*(D2k8VL{$Vw#XhJ|sdt1?LR=+aAy}md8BOaL?gi4+2=kQ^w0eL%hO& zJ_zK9#z~p8t4YqpgeMXC4j+)hJXr>;C?R^F0(*%M=7NPPpw`2-G@723J0gdBcs1B~ zKO+11)J5JA!F=@f`5zIiMqi)65!v@n+iZ95hIQXAw_|HPEVgCckNd!%yJ;5(*<;%- z4z%aST^w-Ft?K~{AprK%g*NZYXWzSuKznzt{cgE^>p)*@*V>=Xhdp=4E(Wg0Ze0vu z&z-s$(4M=r0Tj7y^Q@KSemH&IZ`q^!FBjUR$Sb{dZvGRcpmH998L!Gzfx-I7kzrvh zWa*mVlxC)_>kF5LtG;WLeUZ*xfOC4kw9ldH+c}$y^lSrb?Kg=>ES!Z2`+@UY;Zy!K z2mlC8Xj^7Aeff}$c+RAxN=H&;Rb#L2db_h~OrG9!!Ub(xM4lE5^F4W4E8sZf)2xKZ zTb0FOx8-V3uLsxr>bw_<+U|A@Ur%bF91gG}c*Y{_h482yg;`naMLy}@1>ANf zwW~bRhz_IZ)II6MFF1)Ka`5uiyI2>T%u4xSZ>pC)l7eHI$Hh!aKn43)JcgVi6ij%; zJ{JDf&VZ;vL)CZVR@7q)?Xk@VGZIitnc)APy)kIcxD}6D|E!IDP|zgh-P=+v)^;+AqFSDz z79#X^{#;;_c1^;7>FUTHzUr->J!!En>xq=w`W<1;9!LdJv|x=;)d~w>6>jLaSq;_5 z#FRF}1_d7#Xil2YJi6&eSF1A}PFPezViR_Uw#!`#IU3+Br#xc28*y5&9R97x6VNmY zXj;VPiH#;_{_PGk5}`%h6I*s)zeAKY5OGB0C|kKs*-L#3J;gla|276JAJ#_OVi|0< z92B#R`BvFCBPcBVh|6pYi&(I@)u8Da_AQ&Wjv8nfI6s=$j9x?5y`N$(VE7wqeyzLf z#tv9O{|2?o925SnH?v~LBvi7e?s=$2dMZ89@0*KSiOMY@AUKu%=A#39VtNVN>>GNQ z=;?LcP6YS#)FfrTB{wrk+>*Z-EjEp4^$OpUN(Q0m`-3@DS0Ux>Bq-)%*vn{iT7VNUfX~D*`2G^na zC|hb0sxfc}eSqd1QUd-2Pv=2bjS0f2sUt1-{AF=jRa%5{O}gLR4eT&bvx_S)26r|` z7Grc_PYg8=_LEi$4K4u~81)WgmpmB|(QhD$(cy2nNwvFQ@|~o8PNqiPMZ*aQYE)v%$11)C ztSpfH(|TWfb#7(7#Dttx1Cvx+JEEHIjsN$TlH0^hMPDiT~1*i;Ihv-3Gn`=*e0 z{ll$f@Qrji+R;~X$XK=yoLDn1nCk=_PB<4TLH&>w_l%|F4~Khudwap*!RuGA|836D zB`4fS_G7xO@wysTf0^H-!d1_9HzbZhwyC4WjLCYikKjXlkk+fYLt0SDsXlXp85*j>>Tw%`JE;;dTKqGYcT5vR+_Df$%Z^;fgXrEH%R^rV^wK>aYz9U zDTp(B^4_@^vbDe_xdiAJG#xXz)^a8UQ<>Um&d@_$3;lZiW8v%z-Q9ywW8{x8;bjyk zulGC{#W}mDNwT|DkyIZL>8;Js|sg1N{HJ-Gdixd(8P3 zZ^}8lO}zAG{wGsG#-eS}-AEo*JFiCH~u0Vp&(A`fdk8N`{QAONzHH zY3BL~?7_2hbGFV#)^yO3l2thOJ4IL)KSB^Y;cUX(Nm;!J@0 zM7@w3>0`{CV2>Jp917nPr|6t44~$`>RbZlFe`;Ttuqz)ROLG}2@$yeW3K=m~!Q=M!h2H!RU}`qgo-35}=TFwFBm zpD1OGd!DTCI_?g;uc;LG&S^0LuaS(Z40kHohu-bbibaH0@o1o)ZFPdLmt=6Zs_E04 zQl`hCML9G>7UdAnBFCUXYxD)ju1LW(P?c*kPD#Y>>{t=>JCfYg`JZ98YmHHzp;B&c zLmYoE96JRB<_`7*eWR*5tOx79&(_y> z$o(V^C%Tr5Akj>&Nr+Ke@(`kIrs0*T8U@+19MiTXZB<>RWs>ZWlsCEq>59anq646; z2ex0Qm(z}JrgxSP2-zBE2Sn2QpD%Y*rrKOCSOw|(A5VAWYw};ohm56{1r2ZA`c=(3 zjPsTbZ{>G9Vz_e0=#D8L)Yr{fD&%sjk2UKbkPAkmpYyn2AJVW7F@U@__NKYOt7v}r z^2;Og_4jd~d3Lb$aG|>ttsnnxccAPdZ!7bN2dv{A{{3W|xlm^x>m#H;)zg z+0n%VqCY#JJ}3mV1MY+4Ks#Xn?t?*VJjK!xp^NS4rwR=1>f|BOp<02eZ0{!1)oa-4lE6nAUltuLZW&2LE}5w$7VNGrrY3ozFMI z)xF*3g}K%ks8yh=C(yOAW%@+BJ`k}FjCXa0+%xF)X|}@BVXw6*tYTl6k9~Dnjimx$ zyII4zA+WB3_KS^!b@$|=!LTk5_r-+6I+LCg6I)HOUsP-t?AFj&e<#1^;Mk@Q%acXO zdQ_7O#mKe|_0a-lom12|RMw?G4~duccK=TiG3(&)p<%OrG=Bbpv(4@Okm%XYz1$T) zYmvYuB52*y@Tg(5UeI4qEUkC^Uw%NXcUqr8RIPVh3#()o4zBffyNa-#gP?!fFx$D? zWfg1tNU^qU`)<*I+fLfh8FK3#!7A?d;c>Tp5c{PD-&%a!1Hx}zHBGM=+^XY;N8z@2 z|3sm$@wlxc|BQoj+sC|6WNvN8tzvVZFE+Pz1)n!Sw|yf$dX#Saj2|;px3!mt z#p|}?>Gu${+d8{Pi`-RyOG?bJG`OQ}0ExiYY{ zBBt)~-3D*UBv&ow!9@a&ZOK-agZ_z?TL0AvI;B%4G8$Iq$6xsHFDxv6Bky<`7d)4{ z#a-L+fDJJy>|?3)}w0@R(<*d;E?{Yq^Z&>vO$;(7J$xrERN4{_11n>%p<@ckUPYDFp7jal7 zG$%Zd$8kD%=r}ue|NE9LkK>Pp5x)zrhT4{&Nls~iRh$t*%WjP2zb2JjZw9v|wjVrG z?-@Ghk@#fOL*?{?C#HfqWQ%HI>W**-rPn*(nS^t2e4S}l#zPF;!`ej<++(X|Xx^wl z+G&EPqXu1YyTIkE_t2ya>N_2QZJk-s*0Y6tr{@5Utn-K%14}zj^sm8C)ZUw^F=N`1 zKYKJy-lAh?*=)yyDH*s}RFV5nLCiYF`=k`DHnnFYY8^9ve9HC+(_EOibxiPK6s|rQ zo5;0yx}tQoo=-k=O4llqSbHpD>Fk83DT+ekik~Wbg{E$-PTV4vO8J79#h8Pl0u3AT zfrul9;W}t0*dgp=$TF16-@LyhTVTd~dAQxh;@iVpV4uqo8fmJ*w~{w31y2(_Q`G9? zT-9lg1xa~9LO#uC0dyG>Vu5TGYknvzlW@_4-J@M$L@%{Si5t&~%L3hu=dwm^30| z2((i=&8*T>;P+c%8`YZ`kJCc_tKej_3iVO}cAJE!=wT?yos{02-8=iS@w$2C+q1)S z5l+x5x5xx~NdL{TfJ%9gvvDknd{)D>Y9D0Q(!d8qf6x)?QPRjzYU(m4tYiG_vKAl1WtnFT%M)8=5qIbWlxw87*(-{#Hdhqhq5v7B{U_j0j zMg@~ZL+;zy+T}ZF#4mP`IneRn0H>hiUW3hy8&>ZD%TE+N?A-;Xj1r6WA@C!kC;&ew z#XsOSJ0cMeZ&^Nwxq7a*#}UzH5B1+bOjv@JkAjYm$o_s1v0+TpV1GZzUtoFyTnnSD z&MY6bv(bBAfCGMNEHoY`DVh=r>CX75@^e$OH(Z&<#%-=2WEZ?bfLdlFqq!bx7l57wuF15oe?;y3BOPEJpwxJ5lq%ELw9|=~#o>F6t1sMHz2t`1#AY+!Y9LQ&BjGOZ6 z<|!&C2BR`bps^G6Vlt4{0tIU0hMXqyFL$h0{FbE{l_((Zi86&ZaEA?fs@y)D`6{xn zvNNEQjWX>5KIJ_RQA~Pbv8aQHIAAGds2wN;BR_sE$np7^2?*<$fbpPcpT2FPY)Bf^ zW3+U;X^SzJ6NcFflJf)&ytOYaE8UQWdb8qJ_njB_2=e|auZ zBE>jNa66>oQRkM0en4!}V&KKM$0sOANl+#lw@O5sYbi=yk2H%xEU3G&>rI9P+al*y z8x!0D|Gs1Su-;;<2cRD$u`npcp~wrjo-PG>nLdQa_*5aE2N7N-v4?tQElegdy)Hjb z7|=v{Rp1l!8CM@G@tgd7eDVJ5{r5-BcW~LTEN7u+g)CRJyZynzJ^{@dFu-L>?`WJT zc?n*>G_U1iXCiB^wL`++Df^{O#4QV4HOabB6cQ;BYMB?ogD)?tYo$Zv($H#xmXkH! zz&%xPyQHi-KqFiA1nCv5T%b}!>IH3KS<3B4i9~e|r)LtC+_6{!Qm?7ENk>hnS_&{3 zN*-JC(GFjMwJnwOvp3k^A2<@w!NE!bdL9X=wjuBe)l}#WxO&;qN9u}I%{?-al`Z@} z=Oq&$TsIAk%S>vim^63hrVW&;W4-iNV(_z2G~C1`?8uueD;*x{dx?GP&i} zFHhf|o?MY=5K#!wBFC4ocsu0e`0|we{KM&c2_d8fP55{)p~67BmMak_Y|OUI=R0Kc z-rzcmN+vKYDu{Dxw5&zBlY@3|Ey*wp*d;a^P}lm~<8M#juGim2 zOoVxysXXg;mVG_ub+?adqOCoBfBe(;r*nF`jQ`f?Nn!#Zo3!cf{-~P)%r$AJfInR{ z@B4YnrAh>23vYd^-@x?S7V7BDDX$~+&cDAt{lCsXTwI-AT)#QHJpT6W>Ghk_?~Z?Z zdv*Qp^y=d5g}r=6doQ?$B(wJdd}tnfFVIht z!hZi5Q`oz5{j+ATce{S>#Px3P&zG~l!F^+L3mum-hZyK)l|@$Nrf~UcD>;Rh^2s;* zU%&1pzdfgsySgZr%v0Y(uex2Tza=c+mrLZ4G33h0^U}SIjPkcv;+Oi) z>FWKV=}aCcYFz-={&G1r$?4*wgIFic+6hJ^jE5rXo{1xO$d=G2d|#17tjs z2*`PvMnTSpu?b22v&tZ<(+_Ao^~H#F#xzcL?K$>I3s9e{Z5TDKrHw2w)qYaNGlD1< zp`?v4Z@mRs8i5a@Jt*6rs@;waI5{;D<}|a_P|YS8WX)RtkN+S8#NnX(DE#9eN{wg@ z{6ofaT2#hc6(!es09Bhg=TNmWJfAZB*7~{7Bo>$lIp;VX8_cQf0nOpssPsqLbq}hF zPppC*Y6kGe2)EQVXA+5BFtl445Kb7i>0bva9YkF`_E0qi(0M~I;TFk{i06@#C`}~-&s{66(kxgBEy-r z+wI}C#&@^jT!*q)hbK-&LDObT?mSeRTDB9K7v4Iy%|+O-p4Djy=@Ho7GOe7!kRcb# z1^$g{P9(uumOy@Q0fqsgD;H_H;)b#qNS^#VE#2ee3u_SX>?b{j5~pJ(>Ud~??LVRk zPkF9V189S^{mfX>jk%^eYQAG&eY+4r{Rdw`=YZ)r+cZKzI1TEX@3E+C>+ierr*GZa$NIr7VHqgcQEBJnwEAjT?%|A&vL{v z25C^pKoftSlfj8R7~K}$c5=0WqLSv6VbDNJj2l7bOs?(Pbz9Z1UHbpC_wU_}+epGN zK7adD;87>P*x8nR>D&DLZuU8f>~wtMi`H^yo_#WNY>0#;jwylxKzA$cen0zra3Kkj zAPG{G-A;_NJ8@IERG|umLZMKVpQ4-s(|Tjg4O_Lb<{;SQ#+rkwk(ADX*{PJy!6iM@ zasy^LK=g73ZxNuvgd;q8Rg7(!zdiPD6MmBsAzTgDB1FczU?SxU?}ng{xFY#;G)I?d zR{2vn*IxsnPa!!3;rv=lJb&%O`DfMt4_proi5IXL=zU9LUxgmn_5#O`Tm*VXr_LT2 z>~PKW3)ls(-tO&z{{s8^xHG;z>@W3CzUi$JMR$k@_1+;K^Bm~wzZcZ)q+RABUBgXq z?dQ*+7JBgIOUC1g0w2!jTyLGOcn5r5zL6s2%a{a-;=MonjqM#4MkRqpli-UQr+N8^7SLU@4QR0_y@NbHPhGXpQ?d`pN{aXBY zZ*MR6-~GLJuU`Fa|Mi=<2M2q5Z{EK9+up(co7Zpt2KF|DbEZU;LGrh~wa3aM_e9F) zEdYAoNZR%eL62|Phr7F+%6&y~Oy;}t&lkOyygFNjh}V_Y0QoH>d>3aPqP;`#S**7n zB+kNP$YBvd$ycpCWyA~SqP_g?F<<t9;spcWV&{ZIY7DU(y=M&|?Ku*|g+%E5~0kMzKEDW`2$|RSg0H0~asB z{$8I8Q0RyRCVsepL9|4~bASX0c*$FkW_TxFbFJ`A*OT(aOuDPWQ1{x)wNvMc*w@vK zNc>)9U${4m8!YdSD6@+%t4cfItHK5Gfv`1IHnHQaiP!bDBf&Nqu7h>gB zlBjllbh<8bQy}sGidKat!#{MyDY~L*%`Res;!Gp&+~1va(yQR^?0G^mQjs+s@_2IOh@OcuW6ptX6128Ev$SGSz^3f3#%s zLj1}J@5*Z02nt-GgY>BHxp_*;Z)YB#*L~A3@KaB?X&Qd}5O|FD``+u-%wKYY+DJFM zj33fnCe6!K#?(!;aNXTbi%VLUkShmtRbS#anOwZ^y_x~4=vq(P>|~zFTK_xkT86=Ie+^Lm*IUvdl538P1xi_!Q)M-#DERw15f4;!2rL*E+sv12@$V(kNYJ5O@JY^Sne$AQ0iTlPoRH+ygA|7SK1jRAj(+EdggSgB`H>%rRVk_+fPgp8WlFcV^mQbEK z7A&8|Xp8^<7dtDbh5awS6QaB47gxuV0sF+7*_dkVe+RGM?HBETub=II4^c)x4==C4 z`S9%c5PbfuF7O88T=V72mi+bC~TFf4=`n(bB5jYcJIrV zt*fLXe#o986r>$_0Z1Eyr3kz`^nLYa2Q1(nQY~ao16MdW#sN6^-$|eN4v~+#=t{o;+pg!ZcuOclEgre2p04%4H#^`S1YY3s*?Y}#1^|*d z?Q~e)Vda=x?^QyrI8mgC>@i&d^hspO3Fcx-Zlfu3m=ETN$r}BBdMC;mMO|(V()-ab zUqIgnFboG-@3z=qwPQ74v3h82N>m&e}xYDi?D`{#i zgq>4#C0*F9!wx&@bZn<%cD!TTwr$(CZL?#mW81bn=Fa}}{bQVQ&fU4Ln;NyMYE?aR zzH^fKcHIs#FVzVOihK*_w3UJdhT1PKQYbL)@;lZF@}(?PXO$oFHn851U~YOa!zmwU zGF~wpgp|?4r)*h;`VjgZT78~s_q3KWPcrCf=*Ex1*2vRglgj?i?T*JwPH^VG$zBz4 z*)@WB`!zLOJK9(<)F(}b^2V#d+!2_n@@Gg{#lNDW*eWRVFl3595`y^q(9VuHLasZf z=SvW3{@=g9{KFlN9L>1<5Uq<$MpZq&hK0Ue5&_%47sJ4w@XKU-@;SGn* zTZ)vi0J^lEwh^^l`o~rdpV+%-6wNh4d!N94LW? zOMKrzr5wBCugKjqBn6_0?tcgeK_xKP{pgAhPi&{1+&?*dKeIDB8T2aSeXLn0>Leeevykj#HTy}Bx-qTHS3_~x(oo=vgO%*>Cd1y*;ti&`!iOJW9L^ekF>3Ucye0d znhtR;tM1HvkdTQ56p&9N&^NE)=c(6+p7^CGz}qeM8s&A`aU(fFay*>KH~OSEF0hl( z^Wd3!3c-375~NI-;|oxYee*$?-|?BfVPK@&@}JCtJoN)(r-gr`mv@|7^l(%n<)#BC z){@c!L_{e{y38V9wJJ)SgB0Oh}7vKhb+=|oN+=*@9d|3 zXW@WxisIc%lXiOjtThIisgB}M(GJloHk)RVt&cVCCKb}B$*hvyC0?Wj;`dLWLcx$5 z?b}cru$Jpb=VUB|mG2VvoYY<`3-ea{X7DralLC>^yyjYJ*~M$F7xf}Ehx^8ZpZVml{etHI~#|O`a{l+Gs2YR=Ev!y(n~P^wN=mx z;pKbgk^|Nn`hUD)XAwg>ozNKa$Zcv1b`D7XFB&-0#wK`A?Qjk&>F&_90qn# z5)3~qwmryY$H^#BsYZWhlmcptZGQ~)(leQQq*VQWzD0jKGkd+s!I&N4LrqmT7F4N= zktuC$Zje*}+c-`pD3J(p{gptkpt>U3D-EaXMiMLhVrTy+x#CRa#U0yPlh3{8M467+ z4L`R)S7js>q_k;l*1jSQ%#>KO0MLvr!%x{hrz9ol?ptt4V+01M>TFI8**Mb;w@6e_ zB(?)-R2i1|eo+egxfn8GpTRBrGA9yWQj%IEW+2*>8`2%n{(Ps-DS3X?V)uwq>6STD z(|P(qLVK>usCF?|e)iPIjsOhh^=VY%HE2Kg$x5&proI{#+-oe0cI6STh3Ti$T(Uq5 z3B&5mR|(ZlXU#sTY@drmYR)ElJ;7`$B)1>lYBq^~14pMj0FU-o+L7A9m}bi#kDFs* z5@y(tHLK()Q*CNB62HxC0H=w3(_{N_Oney+gxC3P+$H$FOsj?+gMP^=DxA=0 zhNTNceSuC|T^ew&obSqXb?sw+>+aDUj;e^XEsc$wFx4l<$GP>fEp$QQ)(3ju;PkFJ z`t?Nl{(#-+D_UK#lxcD~tT>@R+g=Fowq}h~C#6V8cgFJKmDtF{_@tliR%;eF!EcXe zrcu^kKVqJ8?DpTrQM>BPixAbU**brgR(-Q!rzplC8kKxzu+j0N7}v8)eXfs)7+0^# zoh~-9uC|)g?&`$0uFP=9|D`dCojh#IEmU!705>?Vq^ixLOIy?yvISn&)xO0BgbQgqxn;)o5&r=`hRK3iA73BY791i$E0Y zHC2Ha7qk3_$h|#`CXW`J>Pv_^bXE6+i3bcOpI>VB2Jy{mjxbIcdmSzmtb?}fjh351 zQwtr(tl(Fba&Z}wP7$Lf*^6}g1*nyW6D7=3*#bN|wqq$qNw@||mG+H1Qr+!~guGR< z>x`P?2KzCrj^vnUH|^CP;t%n}z|-o>(H+;U=2_27LMB6pT!dwGK#dhiiwEYlbAIOW zznQ_@s%*ps^Fi8+zmA=UQ}2}yZdt|&XSK4F%$Dum0ux88XLI(|z4BF=YC9o&{;v|g z=Y>da7tq&mGJ;-Y_vo#gV|ZH#z02bFA5?;P7-6G+b9qFq#^YbbSMG6my}acq#}@Qi z3Dya+8uw{_KK6uiEeRs5Bl2ts`#@`s-X|&;Q?Sb#cb(Xox` z+89jo8xl!%HN)`&s^q2v^`qTfWoa$z;gD_pcynj(EU%Lg@KusNK<+8|L&J-?^>b52 z4mxk`yR6tv<1s|nv~%%vANJ0_mn((oBHp5Af$w;vy0LMOF6ps5j}k$rxTyuWicAh zqwh*+y?;jc_Q^w;$n|2cIJlw^4>NDvU>hP_nzH*piosc^Zn6GG+V5?^ z^xp;q<*GL4wZ+fOcL1{?mjOX~VP%A|l)Ec?XJd2!&JXuL{^f!1*d{~ zz|&O?d7-CL*)u~LT7`!r8=s2ZBFc7|z|bT07!mQ`;r3Y*D>5)qaEKpXI2)|`ON^hX zIr5;@4;2>bUr#SahW9EplsNMKOu%oiDFq{-IPHbfrrc;3=(D?#J@JL}!DL5hB0vTc4WLnehp0InbLh6m{@M!9Sd13Rn5= z4}MgfoSO$`?6!|UGo^#{AVJt**4QdBo_z*ea48#~V?XJ`9T=HqGZHP~eOcR4H+lGu zViv+trAChk&3neQ9*rB%TC3+Xc2I~%p`Sv1Yu2US?76{-7pwKa>Y&V@7Dy|O4PUOi z1uh(l#&zFPdO13?v%4neNW6VaB8!OBg0gSlh^E7l1nA-0G^M!P06ljVd+-`Nc9A@Z zYp#Zd6)D08GzZJShplekir1OuBX@dBeER2Nx?r7B`;^BKjYukr;xQ-5v70$*5;&T) z_l?au$CF=H>*jJNgwjNB0CSY0`gwT(7@D>wUkFX$r<0u>=qhXTeMZge<|%i_k53p? zGZxkrMe4i2At~x_1$F3mpM|2x_0_;N*gy@h86#4lcH+D_usW*4rK-o>8(dQd&~O1u&W2+rB7#q<}Lr z0(hp)a!-vk`|uxmGA&I*;lW0m*A4z*7)tFVnout~4y1{eUt<F}fzFo(u$=AbD@QKOss zRoSerD6LyFz%gb_i1*dE7Oh<^vr z@8(L^7UT!?1YO;Kf>27%2YMHqUFBEvZl0D1vR+CTuj^`beqXU~JXCfi$+Ti6ZT3%~ zz)e``2y*?Vk8zFWG z^)cr1V))h4-L#vREPduV@zp6oSw4Y)zu#fnfuO7YPp8il80x3@-hP#?AH4d&R=gSb zem!yGKDTfbIpdKt&!peI*5y#QV>i(?hknapJ+7GLNuWA}Tfk1YFYsF96Clj=8jVee zpH3*7!XtfZsAv9ezNg?CWJbJ`6R$V1sW#9>4GW1M7z7AG)GKRB1pOk*EqT+U0qI?x z+<>;PyM3lXFGNE`pacJ~+bO-z&Zexqity|Ugg1`+^Tue<#pnxNz9IMUA|{$JO5z?U zK&m(Nf_470WaxR_gzi=D1}_UYzvDem4H{Ipa)X4Fdjt|n&ORKS_+&ogQ!r=-(f;Y4 z&n$|6S^o{L)0H-;x%!g}ysckV{sbGPQ6KLD&K1#K1th~C2NYZVB^*XHX4(V|CPG5? zV9$O~7Qa;RNyZNFtgUt6o@sU1Z!o?(%u9hh!Z9(=_lS8|V%BBEcybwr83z;_!eXab zW&8^LgCArZyQjt{}o!0UkP7WrHIAyQy3O$2sH_|_&1`B^|xEReXtxHw@ zY}4zvw1R#X#V};~^_7cd1A9@LYG=YxE>ovn6&zaH<1^c~dYaew~$`79tA^{yuZWDx-- zRzVEm=`s>>q!ZCj>vX;%KrKbQ^4R9pciZ2^9#G-P?y{Xi>23TJg3I=GGkZQqU1mK2 zXyGh3vaUJ|_TDN_hF?;As--k1(T+-PkXn3mlx-y%A=CK z$OkV-XIc`jXwPF5wdj*^FCLyq{Rj-nV-GS#4U8e~>;tD*vw;M=D*A4Q{XW{KWH^Mv zEM1OxyH=@ZH{+Km7Vi262tu49$s?)amrr>EeQs9;bqju^bqAfiFd!@PwZi}0IdqjZ zOHJ%-kEmo8sJ>6?yT{k2Y39w{LW;v~rw1iY%iQ8QUo9G+x5ls}F^A3z)iWT08FKTs zYJ@&aW7DEI`#9L}F%q=xcPN|+hEhcHhaQigP`}I6j%3r=OWdD7KWB0ORj++_e^&-G z-;YUiC5cU24!pSOXkXKG*MP4NLpAiXb9G9B66muXnZ@w3g>e+gqm6fx zDmt<~c5n&ZYYEvvcrmpv!E*UWT5OKE2Js+C^7-HjB{T=k<9?qiD#dMCeLvjgANRWC z?(|nu5W8t`w(n;seuY$N<634V2Se)nPw{Z~e4|TQ!9!=G2&SjaeIgC%2i0E^GMszg z$X8D@dQ$CUhZAllX2+Jl)nE-mms+2C#TQNzv%juRX^HtHCt7@T0zG&X$eHQK1jQ|o zrY?kX9_-*86FI3NB?nf$nUn|0GXIfEgzIGbkEj}qtt)QDz!io^_#O_gLh`EAsClaO zlreBM$Y-pud26O!3}WeHYCw+CtO%65QT5~gi_E8-r&C}2+SZ477At$IHA4&NHtu7i zbaCHSY*zs+vTjwW280P8zC}Kl-`stY=?#z@;!dh0#8D2pz)YY#!6)<;6-#Kk#)+sr z__rY@;@#8Tt=aB~OHO{ZmL>jp&0`jojY6_E$e)I2Plyw5@i=aDxU?ROCN4oOLDldK z(9eH{;xhm0tlENewBJ2ntgSQ+p7~>Br5VvevNbC{56HVrup-WYPei?)r};KP_4LhC zVm|c!rO9eU+j~Zh{%Sa4)^~=T3p-8{H#=JFEhlkAwBcUkiSm7jM@&glW(z%Fe z-7a<@Rcv^Wd5h~^`+QRZ`?708(0*I{Jq#E_A0S?mzAP~aZ1iX>=cK585{-@;t_!R_ zL@WT3x^jfVLah@ivnJ$^Zs>UVx;X)MyFTp4>dKF=T=!~I;SS>f_=%;+5DyGg>B6M7u;R63Dc zO^GZjTRhjyG#dfm|1!8wRJNSD)qlsz4L_XK?}Rv0tPm~K7atN?oklwC58u;u;4ljS zeA^v%5&(2?qJw;puLFKCCAeWe@cX&i8!2zGS|=_U4^w(=Pa)Zyu0a$r=po4v{Zz@u z_K~wkAEzC(+KWHI)=h1#6?2RTym;F_nrNAiHJ_GZhz^VS=4j7I6Q&b+@1~dyVB0m* z-DN*RdPvhI2(|`)67Yiq4EfP03u~^Ho<4YdEtSPcoN{CCH@o8z@bCKKnCXwqc|Ou> zev|g-u+V#XaWt@CFHmFIfqV)GjeZ(57}aSV756Y&FD+5+cQ7*9m``VanwNT^ZnnE2 zJLx+%N}^0A_7F8*n*){=P6HICcVrc-Nrj?%uKLoC^!2XnFJvQayjGD8uwWq}%?Ud%T zUq7dw_5}LlJST{qx^7iMZmA8lE}oEfrW1M4jgZ#~-jV{#W|j?Zew=#ZjdE zFf8yrU~V0r^C!BSHwmDzV3NHrXjGfna~r!5`UgD4fJ13<;y8B z7)d3Q42mq6>k7@_H?m3?;OI%$ZtD@qeZD_uhMlBzIbJBMNFV>Lj-r+aqjX}5Sk zMopC4G$F1@K0EHLfp371zjRY_E83OCqO1^7{CrsEZq72rY6#iyX@C&SDY4WNL60FW zA!Ks!yZh*(UIp`f8?k489T_^Bdz7Or8!m)lF~=6*A?Or*QWj z|7#Q;1$Bhk)FIrsU&nUctULj-<3PQ0j8ZL`D(HL&bbp%~8K=N$&q>@&ynI|--p^Z_ z18S{9ZbZz=gy+f1j-%*zJ~D4o(+YcqdMbLOD+p^gDr87x5Zaf;7j{9`IP}E&(jG;; zO=pc?O|Wi9!r@9+8#SY6D`6pSo>g9>WaRsJ@bK|sf3K6JpRSvsj~&Mp9k^HwbJHGF z7aVWXRfY*TTFwn9c61vH2e)D8D}UCIX~`Z|6b}0n1r!SM+oJmmwZ5PZTqmn0g(?n~ zS&3P`@~?$36R`IuXJK8&i4YYQWueRmk?^ znBdPh=dob*MxmpmhLU`m4Hc{cTR(jmJUoB7^W-4V%R`>YoPtG6>TSGsOJVE+qa-Pb zi5aL(+(Do5{-!KDEms@s+eM(;QM zp56UU$ramY?CinZlQ;rTWBLcHa_fQSbphr2mxmT7=+<6_Ej(h=#D>wT5-t1tP{-%1 zp`%HREKlg$^GrJPhC?P6iexCRk>W2!DYJhM<{Y)8x3{nVMive(1XYR*n*^I+Ji%pE zNOnRDatM-1HA^GfD^2H7n@RUi0PYx<6A2xk_8yv%=|Kf?XM> zIRTbTwU})o4&8k&L5gSb4Q%K*x+7k(jJ(RqhyaW!SSn%Uw2^LuR~LET9z5JQP?TDyEL{*cWjUJCuZo)m~BEHvZy= zLwShl)0ex-b#INm2P1Vd^1%$81Du^U1I()o zG3-Ugpqs}A=JMz)Q`Omn<`e^~LR0rLLg@MBfAiaF-bvIp%KT{y$+fiQ^7-qB`xl4YutX%9&UG0qQ*P|9onY8zAv>~$hLIA&-ftgJ#xrfK5 z5s{P^mNp`m-7m)wDz;Ka3D8AikfRNiHQ6@?hjSc(dd2D}+fL@+PZ^XqghVx9j}7Y7 zBc@J=?6e1sKG>aoQ@nC8a)&BKX6CB;&=@|aa!*HZwvT$n$@vL)^*19XCelm($+@Fr z!}MDxmosPjUHB}4s8jEg+DiK(6u%bPB;32GoIrjjW-M+Q^XO#8C(_!mOVy;Fytb?y z78x!42$bBt?)*9fetYdtvCBSi>9EGXD-Jf&Eit(XtU(givuh2QKTnl#im8s!1}}u< z-yjq|=iT55H?|8VkT{Krvh}=@iB4?b`HLrn6QSeTDegyFO_dc{+3t#PvyedORe<~NuW9@5Pfj-VYbx6w>hdv%Wcya({B1kt&mygQ=M6_Hfx% zyVHBwcwcu7?J7uJz>s6&v~uZ@SgTPH^EH^p(#pxxG%-5IEKQO^() zxa*mGKubgoXI=US7S>M#X+D-c1;5gkOY~sR`0m8FIb&ow_;lsjy6Uk=hIB)f_qDNQ zPvutcPl4?yX5T8vvj^xIU6 zVYFs4XcCTcwOxdkfl^ZGHucVgJc01ov)XbJ>GT6@#b~%eD4G{PG7_snhUX#yITbi^ARiW(ie1xRm0 z?z9j4z6(D|aoJ)n$lcj8O^gI-%~{i$M?jjorf8JROV58`vw|F%ZJ#O&=GX?gMvHjR zV<`GHz1Je>sgwSw7l-{hK4}qM)B>GPU$57GZ+5KDVWWt@ve7Nd;z4k1sCVzQ4&KA% z_CCK(q%9n1F=jrdk^k;(>gPo+O({me36-}IFV|S_)~jdCrN=T=d(E2Mx~Wx#+Wbp+ zOEL0Fe`mg}!B$!Mp3HIZ;x*YVldfi5sy`8-KlnSdJww8U$b^u6XllCh@E`G!;%&my z#e-i?vLH#{QFR_#oMmd3Z}1z%M@-8Rtv-aFQU^^YH}pv@(j>&|CMUCddB29_IKg&` zVTa3zwl&)j^4+Mp983*M+#eCn`U5Kbq9)XZd_Cf&ShmLK^w-i=sl~2D z3izV+Mt5~m;C%3dKLkZ@zO|iZq=5U!22t@2+Ukx_Fs2usTgYUYs@dsPyCi|PZT)p5 z$O=D*+hzo=1EH))TTId)w9_~*fds^vfDoln32!0ov#?#Dfp?X~0i=RB-o#Q2{lYMg zn3h%Z5tw2ltG&1Q0($RyeF|ehZr9nxk?kj zU*?xYrrb^TCxpO?n6j?0T3kbGYwPpVqt)$BcX#)PAM$pO2e1{mVz*6zcX`$A@qTUR z1!MQ5+xv>U>J<(bP8D=$=VcX_B6b~tj^){VcN7&QWZ&BB@}=Gor;mDF)9K(gFf;zA zx3Y*jTBC8f!Qzv9FeJngi3HuhIH@kH+8p2g#s>eMn637Bq5kLSu*upha}H;jOVEUi zmYd5Yf9@|m;$XiGs|XoC;#@$OTT=2>7{APcDjd>am*R?OPSt>g`SPxG_|dEmT)1QcorYN z4}FRe)u* zL3NaJSjc~mUhZu`Fia1A8>@P>nRG6Jn8;~3pO-&t*X&vbwfx1siJ?U!CjX!zWW|GQ zp8cY10Mu;nUp#;1{fiDS^=Ad0071l(t?#|2>R#LL8`r?MTHRP>0qj$##&0{ zX51O9zuP|!l@+`v-q*wZyHvG;Z>@Se`N_;ar(FnP1l*<$y^fm=3kVXo8!7DPbVc2< z+&{fMO|oBmsDsU(;u+b^&Ak~}CFz_Vm+qRnW%@fi`TL=nVt&;LE{L-h6MFEb}|{pqH?4{~VP1i$PUL zc9-yoT0i~S33{`+{&@Dhx!S&ey&;xFz>G~spy$LiZ{2@0aEySAGuVf|4+w%A*bi>V z!ebiAkhPS}G?~UNWikEG9=2bu79d+)END`kK8vN-dpv9YyTkrF!q;t9HEtI1qs&+? zF0R-qu!ynjajg#C0h!>{Tt`~6oT#JL70;_@*9W3x?Ne@$!gZ%@@d^aHrfii#}mtS-khR4HF}_6sxoH1x-(QQyPI zY~aB`?#u)xfM~hcd1Ny9P?E9M;6%I9u-#6nPZzA}o*!bDN(|wADIkK7g1A&F{aL>{ zYWT`?4dIM(`hJS}!pg-!K6TH2;#IkizSMsU#P09MQ&qpUz$VL2>#DBz&2-YRSZ)=K zMX)u8m2Rs^c^oa8Ku((1$6s0A1~szsji8%ePWPl|kSFli1LPNf*G{s_KBUzO_ND7tHlsq{F06>=24dVLPZy7Ek-Ade$~KYL zbtlr5Z7mm zGA>td~cQM2{)pUIqnZjdOk(K3amD+a>E2~7q7f7g{I4MBUG;k>Uo1HKBG z`wB&=A&`_#{a|pW7D+gW62=c&=BpRc38;s^ne5j(1)eVp^6Sit1KquCZJa#sAS-Ha zf~dZ6C?VFDX4D_&^pUZo1EU_$pnaw=AvqTbABXrWJQ|=@zq=o2iK#CnKYP<_+-Mt) zdiq#3TiJa^6MVBC*R0f{$$yhLa7)97x@o~ z!8E|AnI6rm)icdoFGY(KAYf-QLSSdoq(xl*HZm=*n6R-=PvFfG?qrPU8~laNwET6CgqpTvcR4%!VeGc&&D#m45H|!*f*aS!D$C2t zGRp{0k2L*%VN~srOil@|(!dvsevje402?S~)3woBBUe z1S-pG+jfb`nLPQAH@A0EC)c={7bJMNd=COwC_m%S8pCs1sgDBN#E%%Fi*VOFFp>LXEFA?Y)=n(HG-bF*RRcu^?t z?md~oANQ~@$*8B$v_VP|DY8tokVQt`Li+~$4NIe8$#=XmPSj%{W#6XC(-KtHMGd0g zcc^1e39s5nA}ub&8Hy}?{KjX{fg{^LPV<>aa$zBYAk|JnDlL!VHJ`Sl6D^`M6O0oK zuQ@Vnh_Km{kUC2zSQ*&c;^b;vrPJXw71=m9*JbCJZcsQlv?HRkJ@3Q|UQ;TQhQNh^+WT@#2rGo&4cesM zu!1FAlw=z$`7Bc=I*P+Y;c8SgQ88h5m=a{BNMZTuHj%`&SB+ax;~-!ZjU&|N+gwwc z)TvE!)ao#+B=$C75jU%Q4GI6VIj7M(>b;MS`Lxe`;DS*?by{Oz!<%jadsw|XKX`ZC z8~)O}cebh}47vuxzKfXaYw(P-ENK-lLboel!+jf$J#Rcbey_?5zJyaBGF>(iuP7gV zVKF1O5+PU+>`*KEiyDyx&HL8QlRsm4;-IE}M4^+j#04ng zCFmQFgFhRDI@rB$KMmoB*cWpW=8t{3!TdMuMATODkj9qc5 z!Oi_uw1Cm(^XjM$udP6>STNj|#*mYrY)0|FVgf(Fnx~ImZ#)Gc$Ss~LsM5{wye(xa~nK42=@|)BP^`{mwc_K8cNcD`?WBUt6S(}C& zB-j0c|2M{Bgh|hg8NSj>fGG!jF#8u(OThv24m6e($Sa55?5$2AUMA^Zd?kg2-FVb} z4YDC|^O<{O=8p*pc5U?7%0ev5vx$VPDT3h}M>6TxpK2&yPb3IC)7+J(@7}05 zFTn>8ZCxPiKNSV&GG_xhtNXA-!!^Mco`}?a{rAyr>+GLo&OS}%V#V=KCD|G0%`LC_ zf%-7w77XMQCHqc4ZgVD$6-+O}WRjFygYpFn0VzVxaDTotj5T8POlc>c44a?q?_y2H z4`H|Pb^iub)%h{|Rfaa=$=1T0fR|1>P1kGv2{w}I)5PR#4^Yl4`CVe-CCABW?6(DJ zi&qM_iZAb91=#_(1kg2e&5F z_Kyr}S0nF_`wxR_w~uoYKzodH*|D}3Nx6#cWU$ZAFEUXb!kQC7I=Y)6Rtd&pj?2); zXo!H$c;v08Jx+pMluE5|KaR=AvDh$u;+@&>WE(7#=|r z__mVp$^|sy$oM$ezdL;^OIk3xXMGx9#LQ?T_Q{?{{)yPVpNxZ)^vIvF`%3*opNt+Y z`OCb7HWk^s?7lia4Bg7sy;-PY;dDyhO_b|q;y0tAE?)c-XXmMQl1$-x_x;tX6@o?=ji3@Sb%kL5;dlB#z9ei(A71(g0W<@MrHMr zU{QkpG%@84LOVzH9KG$}elMpJj=@q|~+M@3Ba8-(}auv#Fk)tSMcD7gPGShiphmy!jq9Xapg>2_xbj!p3o z>KX}%I{_GtSGtZR28d#woQ#n6v?kZ(52%ykL5(KZ4orn|b7eH)+>RE>0`s9|_?!72 zAy_HQkA40?{RfuS!!wdVM#x3%l8p-n*sE&WXutr-jrMLXPVUcM%#-i#6xjKY?t|_6 z*GfFCOp;xMz8qZb`}$gfRW3V-tLJldVuMu%xKyI?0=;uS<_> zW3P{Ex5muge%75-csoMi-1mVj{}~-AXdLeD|J}WWv%H)Q{X2boI2@VSJBk>Zt&q;9 zB@(z!Cn6MjUd%!h?{dVl+-bmvaqAUSlwaudnZiIewD?xt(w)jlbWR#GeSR@IVg;>b zq>#~?GdQP_0GU{wF)YL{fA*ob)tVD-9?T1)PQbGqyu8`o%|wp*_QO0Xg41BfeFEyC zs>0zwz93_5q5IfI`Xj|nX26u$Aikao?+4G+PQO*Jv&WhOUP~1XB>sLPZez2W3*a6 zNC3GyJ#*7pO8eJK$VNQ((ZyjHnvW)=z#F-04?zV_9+;%hXM=V5BvX`Hk4RN!$Cv^2 zPk7#0J%3=3TTplZwm#s*-?F{j$$D#T(#q@FlV$9zrGM@6j4wlHx-^BhF6}GX2_GJ% zbX^9C11$9YIJ;_NDjeRe) zMUO+TCB;n(*rmqk8LLo|$imjtC@A0a<0c0h$s*+=C&UBezfb%DEhqlOy*(lAaj1fr zcs3o?;N*M5KG4eC@m{jSuT9x>zi8uDc@=K$wO!KIJCK^gbJA$*9#*TyUnNG==)WMI z5vi=??>lUa3d(rN3)uJu9yRgjdk3bJfjjC;l~A8}uqM&Jm)h+a-4EQmeTMZt-=*MD zQ<=_;gyn`CUv`*M_J5+2m}{q3`O6DD*MHhaJW5TJX70(dTt{S2T!5b@z^PuYFe@iM z7s$!p0A0N+$DkcjVO1c?ACVjK(~7IA^xkfmPZhDDKuET_M;Y&F=rF+F0txL|Za6Rs zdJ=yFqBC3umihrySQN)sIacA=-&)|XiMA~)o)UK&oi!Q%OMkBeD%7^9$51tF(8ELe zzeHPi-u4%JPOhFWB~5WQJ8C*oJL44z%Xx^!=-BRag( zsUSF6cPjz}QF|L!cvDVyYeLO$hl+_>f(>mv5BpR`R;u^Mrb?Y$S1G01cG_QOsKu|; zB?SM_q*_FpVp8jw^*Et$`kGsFqLNM$#E|;UaILe9_vwCWHbYd!Vje8Kw6fY(<8m%S zU`RARh)Hoz!D?EpF*KZ0Hf98PMQAf<5(Kg|{WUgm%i`|_%vOy2KFw~D^Bv8uqs6IZ z;9{G22>okj8hlK$*jK#VuRKBHdq;I2_&OT4JwFP$7L{B~mlPiEsu61cQfBPXSbvDr ziWh08=xs!&2%!Jnj`pjcgc9@5a!Dt80|!VZ5r#c)5-$C%wVQyM3=J}0N75)t`!_kH zmPxI7Tk=E0hv0rmCAz9rk?N%43K$J<1~S;J14@b6>Qogi)Hf$%rU{Gp>ZZgD2^rBA zw&M(^U19Td&x?nP&|@v!7COq3Hz(1GPhLS*zx4vdq?eZ3&+Wzc!57u>x2Kl)SYavJ z){M342|JtI3EwH(5>uPqm-td@lO~4?Vn|*O)P)J1Ni0|Tn1MXP-@Vr>x|)ZeZl^bg zW06j%zOOExXQb`!Et*4+&vQ2DSz!ERX6g=fp5cA-bl}}}r`e!GuWLjx6E;1Pl{BKK zR;rUFogoSZKZdYT?t)*^I<@xz;hir|fg}+Cp$nFO;kj=Y3a&*2hL0gY7(BQ5e7cX< zC!Z>ov8VLNgW!SeB_rchuEB^7d9ZhLyKWF+J#uQwnwJ4B6tN0A zKTqxK^zg1iSX>W+KMX=oqH2|_3IeH6kS=}D+lW&&YK`sN$nNR2LQYYlKf;-XWrwvs zh>Ab?piVe;Pa`Jj2@U$d9(+&?)5g*1#pSA|{{Jl1XL1PT6bV{C(lkAsPi+U4Ox^7f zO+L=<`lIMn4k@Z19ei)N{}t@5b)W%~3t_3Z?A1#;VbFrK1J^o0QCC8`Zhgz@=zfy1 z$G9fNpxyje1oK~_3{naPD+D2B8b=qn0Ng{gy4e8DD^RKj=s>X%)a!Boreg~NxHp2j zKmc)%4c@$v{~mA|b4_6&ixFwwkEz zQn*1EdKNn!>=P(%HQG4G>kPN!;WbGS%L`t~_7mB)KIZ&pXJBMDY`R9SZc1z$k$YUH zwzj^qE^$9Yj(8kC+~Z}^yKPpEoR@gQV$d9WtD@zp2S!il&7jZUEek<*H&id;eX+gmyx1WGVh!uomnZ+-9_620K zfSaG7^WClO|6Jcgt{{*?B2eSIyDDU66}Yx-xmZo6=vwy2t*$pLnU#ojK*V#H^s@cC zn=kA};oQT{Xu@&?-{__sB0h{*Ky<0@eX?p@-uk#(^E!m_CLCIaiw=!h;!Gn%~4 z$y|$I(zK|c8!Ug+K_Dl5a2^&1FHY=_VK72WDlmfgSoo*N0Gx%9L(o5%1=DyiQeKVNe`uZo<+xIflgJJ(DRz%$kLTiaTlYN4p@=o1Ba-mCr|hS- z$H1ghv^PVu;x1$d<<;0AW^cet>K*8SuD68OCN}CmH77HtDG8~As!xHb?uz)LbOEB; z1lrDyZS)7mI^0m6sl?_KtLbvds~kj`~L zhTM;h97vehJCTp!0LXr~W2ctMQd~9i>RMYoPvu1*bWOBMudBSt&H>(plRiAq1A5B{#|+>Ce8$`OXmha5H;neJy8d8OM^2kp@??CX^e?9k z&@X!2koKrAH2#oti9t|;!u~hV=JjkGnc8w#6y_JuSa7#6zW6f!7pNU<>0Z`qA9YZE zR*b-)%SccRfcCia!*AbjzEl7Al{tLQ1{D;`jF|JqJ2()_)(4P2uu*dZV~uU=0|ME0 zgY^pT?}Y~@6&ZD~!NPt1c3fTVb3)xrd4&CZRzlanxB%U`yF0t`sCU?mlxu_Pp1!h2 zj;{Tlce*{_uRVZYL%1`brJHAP#KE5NSK2ea*BhnT8_>$~G6FCv5sE&&wl9tu@nkvm z>D|@4w-xelr*B_7g7}Q6e~6x_UL*`2Kj3@6AMS2kKwCJ`=yNgToa83&zh8X_SeZZK zYQE`naB-e((ozfSJcpL3}7F}4p4+S@Z8w|9J`5u2ooVVmI-YcyBA1(J`P z@gK@hM+{+B-`HL#deOV{5v@?ZyrrN1jTt9iibzHSKk22Z_DPYM3t}BjE`|{7UEV-= zI<_`jo14v1E3Kee+SYMPKU{2u_$ zKrz3D*s?poMWK&Zd~yH|_yB3#hjf69LcJ3|Z37YIgyXdO?PugK)A}6!0bT6G+yUgZ zBN=RM{e%hldH529azZFV;5QK`gU?GfN>X%Jq0?W$ovkg!hI0BSa9{wYh%=4aj0K8( zQ^+F7zYJV-x4R?Osx~p4=OhMlo@Rif3r4bkFNi0Eue290z?dMBxr2HP(XFk%7D@x` z5BC56|FPAV9lRPG4EFfH#=pv&OMbFNBwq9J5{dY6$zO>D7t9Exj6~vYSn-YEvX~MA zsI9FloUkANDmh7DFPD~_eR0~pN%`~UFvt51SeUQ*I3tXlJE{v;EOF7MBIY86Wt=a; z(WB8yQS#du61YTshX1wwB250V11J*fMF=D+x=DWpYynwJ{kT`;0yiRZDg|nCn60h< z0^fgs<%QpWe+W)JDx-%el&NC$8!;t(D7j)k1YX(PNAXX)F7gqR(OUG0*4RtVxq}0W zeI%z{HA?FjrDxfDdy0#G-yeXn zWKT|O7%`#Fs(>sm7W8InbtVkL|M>#E7ycX?-)wE&17X=}SMI?Pq7Lyw!I)2{+yh~M z0ry+?px?THbs9fniQyLL-zXm+kyq>z%{|J<>c(;w6+aze=avgM-UT44kBt+tb-4#O zz1|HdqCbv&Us_nH#SG-pPY{>)YSOIA*DMSGBm{mfGjb1Ze*0GreHGJjfOyjFBXWZk^~K`iJC6d2*q|Nyxg>fw zMe1(^{rs?9Vc!&egCnz;g$<)$GVJ=ZP=mf6wnmT2k{1B?I#Q~U2#%A%s<`Z35^JDbRi&@c# zxsC3i9|?;TKUgNyWe_XzF)u$insZE+Z-%a`oO?I~v8_!)g4{GZM%%gh{G|*U&Hv>_ zher1R?i8dFXv~>Y`IdJqLtUg5z!JL%Y>T+d1W%DN+)Ys&9mN&4My6RY;|gj8xG303 zpqW8mSGY~ksBSnkBh@3r>2l(bq!%Hvp_!^U&=j!-bMsq|`Ur(R#XcrzAel>AaW00LQFk|%V}ezOx$Smi2UiwJ-8{}y(j8zN*M;{HHLEo zWf+`;ZEv}Zn9Pp==T!KH5X84Mksh?)&~NlyjJ$VRd5@)528UBH7kZx10H3=5?XF2&=y z{v)SMNm!hsA_s<)dh-ClG^U5jjb*$$9)JtBK;)xG(M#b3#gIxPnivzNK35y#TS$+} z`^UdXxd%6lL?suMDP=mm%^!dh@$kUqYs+|lCvA4OXa#NxVTr_LL=v{;&s^#?fDRoE zo=bybNtq6PAeyb2zuZzuiX~;bbI*7#mc^1X+ST=k62X>Up37UEq`_Zm-|nv5gBw1H z*O5`(GEt^X2{1^rJb4-kGE?Zdzmib1Tr->Xwi=XafG_jgoP2Cm!7Z`E?I{-E)k9C{ z-cbl<1TUrjEkToSITV;nZ@ypv`V`04V)F5U;FC-cy&KM1BIch*Rd{`OAnRnK=vBg# z2S!@4JPI60(ZH5658?<`^y;zkWcss~d*hiQ{?SC4&H1Q3Q${cMx@KDV(L|Zexz9aQ zMlbheTP?_+G-ERSC)w~C1I0{(CQ&BkCh;Rbp4IP3mr<{Bu2LphDJCEQ%yp+6y z#1pqT&qWpsyO|dI*ZO`Y6EJxDM#dWQae!_BCK+aU%y$M~b-4$bY0Le%m0eN;x(b{H z!2yow2rri&%XrjH5Cd8b;fv!j;T|;rL*K_Ak*n;_hu{VWT=kNs%xf5i{!07zN8&NW z|E;{|ghqyEGs_1_e}-~jg>Zo~LA0EtQy*tlRH6@@N6RT9TwbX*>Xoq297Sq=oo;%+ z;2bk_2u8yHjw_jSVKCsQA{cNGv=ol2-H40Mn?Lbxa}RFzN*S?08P3}3@AJGF;68CZ z)oKa%+5z}L(Jb<%<;J~(fg`*e(^?cUzQ;e`uxaHU+$>ku+FWMbTBVn%az@OjT)oNn zlyNFljih(~b7@}g!Off3uMR5jXIzgBd_4adQ&w>ka1T!L95}wmHLZoJ`@9NT7n?gx zMVS!}0vUP2=n5b`wH0N2JnwrVRuDAcMYvKx&_nzbbmf zw0JJfOZ|C9QbtOtGcPzpl)|~eK64M$PhzF`=nnaO+0X?fD19gOe2ZpV?!gTr1Q&13 zKw+Ob^#U{&AwEm)XRhK$d;HuY$m0bF$f%%TI}UcGvSLxhp6xPK#a5d6cz)$A(H{mI zPSR6cA-U7!)M4HdQ3jXcvjW|$)Kf-JtW|B%R4)p}WnUZv@42)s^}3m$3`OM5;3$yo z>0}I`>k>pMz(j@(RQ?*0SfYpR_gR9dCK!HP6&yj+f6-(<(M7%mz zuY0+{f4DrAI&&bi8;Bi+A7NxqztMjk?(QxyWxpMUn6Q8CDusLiPG-pijF(A3F_|-8 z<=RhDD&#!u|CAP=`Zbd}%N#)lkG%4IM)RE!*$P~bfEo7P=Np+e)zOUJ6l3M_@4B6_)Bj8Rn6Q`S97v1gB#WMdAAjIxh6;J;wD)sRIQp!;8 z4|M7+jYLdzvxP^s{T~9}2>85JY=7niV#{#$e3e#N>h~E7wM_MNoN8l?z}d`mo-fea zmwMfdQwBy1zefQQyF{rpi)-*BBwj*(g!KItpva%~sYre;sOBKTycs`VKD%&M6g$d< z1kDhch#Rnx7cLMn`Of@ffrO5$j+oK_!<&3ZB}qg}AUi{WgD47*#o;Rnj0iod~pvdW_zZiaAIW@&@pW)N^ljozV&@=a7luowrj}6-ANqa60 zDDw+iRT3vlnOn4arp{W$o-(6h^{TlCqv7+i>8@B(hWK^D4BP`=CEiTL>*WlgF3}xU z_I{BO^tn`*8p;$R)Q^d`gk-f&=FLY8Q(qR*y=nT)M-1p*HncLON%9P8V$rF|&_g(> zmT7pcZ8VQRz6481MMPj9L6`q`Fc_?3xk({41a6IS$mA5ZG1kVsDbk>1T1(dy;06Ci zj!HQ)62G6pa19)cD<^|PIRAMHN7aZJaZsvh-+6hj@P0 zAcz$XUf?lznkHQ_cch2P77bKhAxP%YQl!Y(-JRhPU%lk3( zazh|d03ZW1k5C4t7ei1*+5dWrEmPq?duJE}oXyESxecun`CK@1Ly{J6Eg@ zgXR%nw^iCZV~&AR97bnldt4zTXS!i%Mur4Ejuy?|WVgblF&*kn?+FfS!`LhWwm2mD z{wh04Qjcm{vp}kr`EWHs4h~#Sq9iEzYnNXSRqIARZv#67rq zWAyGX$6*FNKO*RAK@eSFKaRTzev;n-i+^}1EbhV0+lDyMNaR#0;4qQj9|ec~S{w+1 zu2&teMYayS?TlTj{h82A*2dbyOt!6=x_a_K>k zXhR31U@DVK4}gW0T*~2K6ij7u>0xlFmrImE!lJNBT}tJWUim@PCF}Eaii25Qs+3C^ zw7M@=`cei5v$|xKOB)70#i3p7XdBPDdPUI>*@#3Q@4mv{0%62btxXeiUqHI+-40bs9-V8Y_$45V7d|P@CWVo>^Y-+;FC%vUn?iO*1W|$y= z34k+(l7-Y24g^sg5eLzMc+gN1-1SQ2K~gp4(+6sW*t)xQLmUYDJwlYx!4fUA+0kPh z#P7%jvcf~*aPa2sS>aV<9S%+y<xKQX85%Jh+gad{?v7+Xe z>U^rE026(B0B19+v#0@w8GTQ16zVvL58&h|nf?$zOq3jBzy%m5;~+Z z=%FZLMTb%xNE8fJUfp}Z|ErTBMP|driVh1*+0geOH71&gJJRn$WB)+xQW4)AK-qj# zIMmy{ITYuJeZ=I};(pqjNw5RiLQ6HRSkLf`5p1WaU7(R@u=nwC6B|& zc(i%=t#R<-6!|r`DEHtDh5*litgKxfikChNGBk^PirCs9n{cS#r$r(WSQ(C z6=qvsADtH~9761#){&x`4g&bj3D6LSVI3(F95kXm5F*w%%w}HTvDKI$YD^kgCR+hi zEkP)nW;1#w+^Q<2In)Yyj3}NlnQv+Vvwkmj{;ix2%&Wws9EX5;{f#1WAAhgHA;2!m zA~0a9FrVtifCF!sCj{V4J4M2Z4h9@>;?p@nK5|$|P<7GKc{1tMdtB#eSmD61 zALpc~*r%`3S`UsxJufjFVjs^}laL_jj&ML3fnLC}>)}e(0Is~LpiSYYvKDj* zrWCAjlscEeB@X658Fu?FUP3RR18~gO6jZM!AYgHbd@CG6;$d<0@gb#!1Y$7`V^s@? zYI@>O1f4}E8fqyWEd2SL1#%-FkrMc2M;|BxFaXeJhy;9ol4dUf8q5cvM;Ru!z0RXA zS>eDCS$ctB_4foiXl%Gf5q`$v-l1f_4iIu>vK`eM0(0KkEb{%;=5dHZ7cw+q1Tr*V z758Y6-ydQtl74KUs=3&w*MixA!zK28FPMK2fZkZ(K#UFQa8Rv)>?~(&)#84&!l7Qa z3RglId`9G%HK(Ax5YPK$*bH?nl|G2RCmna8>w2<^3Kk?gvoZ%(#SOCe4V5@l__sF4 zp%Q%ifJat1P|rn9g@3N>Xz02+n5vO(SygADwE%9516PAa2`FXfxEv0=(E}jRh?mCL zorK6~!Aq)TH;iM(p?*zMMD9EXnT2Z7(J#>ykpMA7!9+IbUW}FueWOy1o{Vqma0n}M zV`gNlYVbg5G0SpD8gbw{cv+55rF#pgb6V>I;9#LIDI6RV#gdLD3^LCFNhN;jJ&zOo zED&^kL}^T-E=^^PaHz8PS=sqw9_zL=TGKv;?vK!ifm0;LJvhbC1yl7iI2rSkGSwHi zN5Rdh)3}{7wc5Xuani=v_ncLtx5oEC^3Aloh2*FRlMK1rT=?fyF5T4Q zpwnR@V7!EZ$`B{^ID#leDz`Nx2tZ{X63+!}>ZM4oiOa8bh`y*zT_u2!v2& zrBqQ}!Px`@MXy-Nh$ ze-MwMi@-rWv0aqY!TX~mJ%~<+OXy|#Fa0nLy7KM)LX^&+>!XK!=c&! zQ06mm4^GpohX(^+4c!n2T5^}dbq)E8mT5-cDdIjDkd`X2E#f$fJ1(vVBC}=QF0Ml} z9Jo-CI&1#?p!{3;{0qsWwC~NAavTal%fyuj4*XU8(q6ZcZi^ox8Y|j2kT?sEA%{f- z#aDzPyNUKp|7NFg*fRz6laGB?8HMZtN_7AgXPS+LCLd*pXlT@j zcWCV(Xh4B$)-*GSD2PT}OR2b$RS89BmAt43*KAEcS>z<#-txM4occj0_^3Mb1c>r{k9mc(bNt?HLf<%m47&>Q85JhAv2<%m47AROh0Jh4a| z<%m47a2(k)`xB1IVL;?*2Iepz@-(A!J z5GfDVQHMy|h#i|yw<;rcWDt4EVLR#&c`~s(az^Z@8^FU3ktYzvBZEleP#)=$eu!Wm z_SX1^i05IN2Fr^E`xD|*4(gFrQM!%nvBu<=A!50+uN~eaw`Mvn_K0*9(+rVD(LOS)wDEW!_Se&mLw@8C*>KR0%8(yf@1Uk}KeAW6~5PL)#M+!+1c!*dbm61ZK5UCFrVn$?B0YmJ? z@59FoF&HGvV<E?k0Vd}tYiBxRzFMj>h7Fz|!}k(46x)S{7;BJ$Kil9VIT zJ}yaa$#fPRqa7koEjURzMV?rMl5&bXu`ng2h&;7eCFQL3!~&L-BJu>ImMF(2dFs$? zv+cr-ltb}oVMxkL8la?ANRp=ULLRlGKuH!3bh4Lfq*jxtl-AhaE#zH#8_K_B4OHw& zW9E^3qZ zAQsl@{(ZnTOPbuq$GWiyZ^SV0Tof>GwvtX!$-I1*cG&FxF%@SO$O@-sTQm*GhT>gW zYc$6Rn&Rrd{RL|!vR=TC1oSfUk+|DlLb8(T5G+l0|Hj#U5E*i>zO`P1Y>$xvzx`+SszSU$Yg+8WwIBYc@9t>o40*C~H`_Yp&T2 z@H8yjPLMS$+y-m5fY`=LC9+7v)kVQ-go6M%!bot1kJa5xnHPXsvnao0T@-Mw5l3u} zxyHfd-4FjjJr~I*J@WSDB|x7X6iSoI(fI^yiyPB7uL^S38rkwSt0P+`c1!y;Q&u4T zSVgC-Jnt$)!5ERHCvFC4H;3M@;e=ZjadVvm?$>adEr&t!u(U2}B(*x*X*;U!nA~sy$g1LAHsVwJVYJF;L-Yk3a1j-N-A?OAK%{|IUiMzK9@}XfQyXl7- z&x?LQ+)oS0>k)IYbBoBp!-o6ga>PPR`7z9hS`)? zd>Lhn7=v@L?JbuP6RgYNoQkV-f*ibDig2VYZ4UR~W`Do$qN(@)vG@MpZQID==>E*V z0#DA~*r`cbPU7r(ukZUfPTKmkP5f-PxqFko8X_SHHAS!hC`a4m{q65y0FdA}iLzzK zxoh^E)FSa^Fc=JG27?)#_=ADZpV^Qa3kMd_F%b)5#C9E+ZpR*@U*S0t6TJI;Zy)0z z2m*8x6D$Zym{hwXb-4Dn_U(|{THLXL6rdf2uC{ZVB?C*dI4=2OTytQm9lIB<_xXe_ zjz@2pgqtg+IK4{;rh||+JH@UvFrgb-`@k9<9a;z0Ez-mCf!TI!7>IR0ZN~Tx1G51W znvQ!`7?^G5OAqXNx7;f`^&LE)&_z?MCr6-sD<_1blN-p8_d#@Yp}F>{$bFC%i>G?z zVSI@W!;oc(3_?zvOAU1_SjRh6Ow9`$S+`-+LemxaTbq-T&Q=-8;;8f5^&@d&&R2$^ zeR6KsD&~&FY{pF^flxu}uQG_|?2;skAHXeE0TG3ayGm_Vpe$mEasDceR8RSuW~p$Q zY8=VJJLDyoH4|JKH#i?uX6lxniur>Nakyl4xOI=9Bsyg=0Ub&G@scJHO~z4`ttAytQO$jDaai-);B?8MIfCbMWmgl1bss9 zCIogR$qdaSeO<%swZ_YXjOjFp3r{ZwuflGv)LtSu% z=5qalS-X|QVm}AJi+u#4YRdC`1h4G~)@dJUw}rHVzsL%*3i#`=f;bir>xk;xnZ9TO zf3dBjJNWCdbtnlw7z~1vZDV)WwQZEaUu@B+g8${L7cJl~wp(<^{(9^d?KX-9;I~^R zH0QAas&3f~vCtAx17C}AW^Y?0j=v%!nh^JLsF47z|Ik{&Z&Ax@;CIO{go^7gE94bA zx%LLJ3idmM|3l4JESlgeZt6ZpwncQbVu--DOBJht@0df3L#(_J?0I{gz;BH7w=(!| zSaQmkyjU0broHuHze~Cumv|Os+*v%N$Jsq zUkZLply`KuId!g${g&A7=x#IVv}K`K3VusOcXYS;bK0V~H-O(IWsb{v7G}*^6YE)l z^K?m+vxM`kJr~FdwBIE?P8;XBtsEvRaGownaauXgEx~_%?6(YL!$aA+DZQ63!ECat)5{O<1^+H`)~pQv;xsib z_;-=1W)<-5zM`W_OyxdVKKeO+Wm1g1I z+Zp_>*ze+walfw@HGHNwr{j?>XdGJ0I*V_2885DqV;%ST_61R zxG9cTmd#NDmqB#=Gq^=3Se2mcB|E#QNrZ-TcQLeqf6b-a9xcV`lO{sqq<&q06$~$W zt`9yZ00~XTRbBT~f6>9+G_y?87?MN?JWXRFY|_A-0o?%nt|yBX@b&A{+8{m|x2Eoc zpvjns>p3r7AN&bR7;nhbQ=FQv{A9OS%h%Yh9PqEn_kU+Y0Ig2@RVP<{0oM3| zO3cSZ76CwY6gsRmnBUn@*QAN#%(Q^JuE2SU_D-{Sk$wLtchf7?s0t9>_SMDD3fQlJ zzsjy#8OImdbt~ZCl!&JU5dp~>1kiOq%Q%ncSw5oEW#kM*i->B% zFMMARi7v_f00MQr-_HO1^#Wl&&cLfgGITK^@l;Qk-%!qb!4P8z$AErM4?9%<$Dd$yqkmvM*4lp_u?3 zCziJevW-|AK} zLqGH-SUl6{r9xyRK&ND+xB2(*0`2bX4SwC6NSTWLet%5mBpU`Ho901DVdg|1N{hZK zzNMpJDcL3>64O|C-l0i9LuVwOZzGKUdHBQ3^JF;-fYin&+L(ktGTjDqJdInIzaph`nm&25kN(LrfX5Q3HG#f&+WB?U z`LX4B8yo1Tlm$giYl+Nqlx=Kmp!X(U3;N{@9hW>{i#dr{C;~GZFf+xOTYti?e98J* z5)rNxfyg&0S$x%o@08r~yklT4LUNXjxbeeF_==N(Ed%(4{4WJcm` z^^=2Eoi~Em@OKhg+W|-dW^LuYsMR%Oa#8~*4`~T2C?X^!-1w%_e*p}(N6bm3L#J6C z>8&zWIZt7L5uMQ}Q?qR-1?wwabCxM$E4e=#ZeX0M^I=zqDwt*^jr|(F!A1`0xOo5s z6b0%k3gm`Uf%>ROVSx@~!7MniB`Bz`6k#-vnVGI3;ec&tTh~(Lnh?FjAerN&C<3x^ z0Zx%$Q0+eI4Mw3_&WdayFkN26M%FizXJEBC2y?`7)D&espGp7@c9oQqP;K|>qqSGI zO@twN$UEjh??wUEE6wxH8Je=l#>;c13%eLWMgZ`wK(w8wpK)8SEMDyr?#Pywr|!Riakgy^fJL;_R5J=zGm6J~j796C+ePyPG1J3A?iF zR!+!N(GtJ2|x=|oR*f_8+~sEm^>9t zH)XC^A)1>Z7|JycK#I;V8gU{fxp7o0b?>bRQ4rH&!M6~eBqyY=1cruC{ac0^l{dId z?;3VrMfwIKtOwc-D5wpLN1ES|k0i__vBo%6znCt|BrEMVkca9o8V06Bi9b4YT_Tg~ zQAIv5O%|rZj)YN$GVfsx=%KUTx_fV{SjZl#sPl@<9}Tkg4dTOoS<@g?$3Wb^StvP&nyqN zqLEGLZ{-?b*26s6TRtH&7D0*oX%$SzM*ywbNZ(o_88HPv$h}3C;tb1j3M~MooTY@v za{~-?=z{9Pw(ohqhQ?Y`_pOhjQ$;Dlg`LqDJZ;60a0w#4Bo_VqjVVjCwZq6; zQ-*=yGDajRc2n|sbDM70S zt0q`YG#jCd4j1Dzr=4a(TJ}+oH*^8}CKx3UnGrsh69vQ--OfD6bM4 zzUj*??H8OYm`~#^Bd+CWH}ZZFdZlu^TkG-#2T)}BM@BeRlEfL&2s%51E4gBN8D=FsDpxqbq`@c&-mX%Gr$v4fVK2=XG8>@eVke&xLsD3Nj{j{jv#y(1g@&=18m(*DB^1j!Y zHPvW%IrF}0K+89ET-9EAO*2r1=~KfiRng5qY%88+LqD`M@Tu}@*HpY-k5y7db@DBZ zF(pqWtNF`dr7f2X9Ki`lmqlVyHX<1HWJy;R2~2?*@Z=Djnbix zb6yGNfCaiDaa=Y?fOyi>o^9(gVOKRPU+Hj~!36@nwE<_*henD8gjQ!X$HR6_=2}dP zGNAC}m@UBpz#e`dNFt>A;aQ*uLHDw|9m-ZqSi=C6P(K#*++MccbG>Y}M1&Msl|vDD zUOn+2q@dMer%iToNl2a96G;ypn6C(-%;4}e;nEcRi zglP-2ynJE>+4pr^rrg4oD}lwK*IH=9T3hoi zL0fW|(4*W&sXn;}Pdcejz|`RWh_$*g1$9LG8J+>ubLy5C7H6A-ku_iz{Rn@tiLs6;E1q{&yMc?`_5$+pRs2`Cq z#+>*D0AGW;q5XyZIm`SZ8PjAdcM59F<0qL3;$X~z<>-yi(SNA_?Kzecu;7<8WOn$NXyfXqNKwruGY$9cy&z|lY{Db0?auQNu@vz-AfuKCvq%sHEYHj$GKGlFsPO6Yb zUM>THF;+W`==)M8i%^Rk7kCX>f+8x?7|#n;n`JW1AjU36=AQ8=i|ta;>+O{}LJz^Q zU0xBAp!)t|&%%-jy?+I<5YbzOK#JpHsVLrJ0wpRI^IOh8%+6xWz^KwdLo`0?Wn|9} ztWOP)r(r~DLk2%Z=VN17vu#7lR;n<*g4%8Z6VeCKHV;UzIy5WI5|8!d-wMAmGkQO&GGrGm%kmJes@-X`|j|^SI4J-^ONsh9iATs z=+KLNggaFQ}42^mqTD^XE7zox=* zEMk$B4v~ci4T)On9ETDdt6-xNYMCp=E3$@RRtlaQQ6V`UW?K3I_$HV~MWZ20gyfj2 zeI}-t1iej3ayFqOsW7dWN&aFRlqRLL5eo5sjnx;XI1luuz#56~AazY{0FLM2#3uP% zk6asa=4u8*qlWD_oSld^EBrwZXOi`{s|D=23b3;6Wl{P}F)^8Hu`UQFQx=uK+Cxsg zBb~75u|U||B{fpBbvSVk-W9WT58iDR_hkIP|NFlKoL@`L#X881_AOPCVAYui4_PKF zK;(u>=ZK@l9@iioge(b3Dn-RP2Ma;RiJ!8_SAt%D!}jLmB=T`0sc+wG1)g^(;GCgQ zips~)HiMB8{$y1mSNk&@UYPc_^)I&zEr38u(0tT|He!~{`$9&XPFt*y6=&kQ2&wDZ z(NeV+7%$)R!tP*nJea?fMfPSf#2l3u+r@`O(%MJH^>;Oz%11{H)tlWpXPIJ<6UG$v zdEO$bFb-W2!LeTFdMt==&bZ=yF*YKDVV#c!xZk5(QAY1!ZOU@5Xq?fAEb#r(vOsK| zfZgi85}mas?(35|?cjxePRATaFs5tzwUq{)L31Y4WbS!k90V5mFn97>b6x*g(l?zM zUp4e24N0Q-#1Tv9oQ@|F{YS{s`9IL^&hD;7w&$605dtr180}$-!wIo1Y@=U{cj0cZ zgEm!xp83?<`iBRyGoFK>p|u&RPtk3{KJX)+rZI(!n7OECnh3zLOEtiTaA=E>g3_){ zQwm|JkF^!X_WS*-tE&J5lmX-8eymH0{*T8;uiu=#_IHCF&-*!n3;ucV{o&mDSVHtl ze5HsUkGWCBXo9XdRiw3z1RKdK%!!xpQzZmhsHn4%>1z`>LA}E>bbQuBFAvX-&$hjH z$LHU_{rMcdJ3Ku-d~<&M`V752MMrPnygEKVe*5MOz5Ny)zWFEm;rPv~ZM%b!k13=| zWE}J@s?<8Gb=%JE^?+PLiE%Q{l&CRQ+GApFKe%Vg9th}$!PSNn{N>^KcYat(5+A3j zAfbQBlCj;6Tvu8BMziofn4sZMu5%wdJ3Bjj&z`~mcXoEF{~zq^z4*)E+4H^K-JPB1 zdoTX7v%9-Dc>Wi(bE_jaPbMVhf7!WlU)8~VC65!*W8Xt4#FC5|pYNmN(iY_5l$sr3 zAI)|>oTmBD-C!qp=0!zDihXp5exyT=`CRYn`q)D8F32LOPc}dxh}oEix${D<>_jsZxe4wHMhKGQAX{q?yx;MPsu)t^*nmB@@#);vVC~g^sLPP9j}b8eJtVs zJA=Kw3jcq)^L+P#|KG*4v4JX_aAO1MTam5|eRSMEdSxyeEB!a+EF?k@5vcP2M_kg> z`sP5kAa7&CbAMazr1h@{_Hl2XmDj)B&qV*X!ZH!abOAS5vi|q>o>$lZ^A|fi59|Lf zoWQsLFUe=t>O2`6M9J?Ve`?0Kq~cS_)t41=bOT%(Z_cfH~7p$&Cl922h zAFe5u;pDYe(XF(sA0J(k`9AvdPXyllpFcaEcgzH>QS!9&S`Tx-5 zT2lR}F3>0RN5&+nepS^;64}>RgpMb29}PVF!LQFFSl@3lkE(&&ok!h+s$#dJ?$fAR zI5RQ8&IzC9uE<}}TrQZs8%$h2XKJzcP*1OxTbV&Ud3sEAgvcK#fIH!)Pcw4(+Kp=j zPJ<*Cq}-~emsMKTHA<}-d@sN~a6rf2-mjS0yU$0;q6$9@*)(MdNn}13kf7=(MYK9N zSq}xjXfeF{Mb(C5r5<|Jd7c~)?64o@K%o7D!sDQag5pD7wg!Y#1;(_6>VRIKH5XV{ zi`p(cIM27My;zOYqRV}l+|BA-=%`o0w1i%R#Vzy+B~<(I4R*@Q)DU#SB-$j?RL&iw zZB>h+l+#3xP!FeR#a$z>w2%HOdM@T`-8uZd%4Z&3lKD1z1glozzdk8dh#qMM2h7gY zYh*{Yj&o0x65ni~awu3tPAkw_??|$g#cVwPL2=(QekM#5H%7W|YwKH_rA_Y3EY4yV zyt~D@`hM#-FT(XL!N0kb*?IlleDyV~y=$(#&g-tyWqr-vY{hk1Zwpq~+7{Q{2qL%ONe>c(pL!9QJpB7mF7VH0m!S3^C75#s2@M7;l|G$gp8v4Hz zRo3;bH35#=mSc%n6vr{=N5!^ANBPcaE-1L`r~1)t!!5X=lC3~TB5zm6RmF!mT!G)*e81Nn zW^%%~iQcvn3KvyhA1aSdUv))b$fFhTcXQIiDJ{r;CDgUlTp!jBPmWEVosPJ}DYX^4 zqi|;(C^X?%SEs+$y6Z#Z_lmSxBH@}`gbp*wM2KU;J7RT`;uR#)r>mkfw{N;Ttis%G z4Oa$onvDCiT_~~yxwQ&yXkA*l`*a8-c}8p?bGV5P&Yw0+F%{@(@bsI&J49D_u5&n$ z@Uo@!71r*aG?5T&9bEAxjq?IegQvlczFAP#s8urt%iAUvcpks79DuC%=jYEogmNd> zz+RzJU{T@r4Pik!8IzA-*oAwb1V@OCzzjQThXH;5jD{q{nIO7lnv8Qd{!5}gWNlfR zp#OXtJXO07#BYSF5j{wmHo_qRjEq>8L_K|#Ch(p-Ifqc&oJ`pak^>MMq+8;cjUNlR z!#~ZErrCJ%q@z%6Vi!BGmezxVnckn9v-dmx-+$eD^8Ww*{Ogm?pC9$mW(hs$6O!x< zVyq%#saNd)`7ENgFKsLP-}v0b{;O|uE%yET%X0s(r-NsMs{hx{^9TR`J9)a^osqt2I1hgARMd!;UI^w28vmq=8jbYT`>)dqX}lTY-;k%>ezV0AM4hvBOlk=ZGRL;sd`vt>AU!H=VxS3US9X(B z{n~?2A06d?75$xT%X z#n0xhseAtL2w*fg-9JFR4~Y$*aE4x=p1wWRX?$QknxsPZdN>Cx6zjLL$aVY#-FdIQ z(*q+)mR|Ng)RR3H!OO{vBqqcSCvI*aohQl-0X4;QMF0sQkrvG4gv{;ROLO_OmH`Td z5G83XV1Ju&xUlJ70k+9j;6AH@OQQ8$QtodQgZDN0`4E2G&*#OIw^xj>F~q-CDj9!? zQn5Nge$oM%?)u33;aTHz6ZubPXt}Zc_iS(Hc}@NsJbRG;?&4WN{&TD@I%$Cka$}r@ zYT}0>5BOgXZ6Ymgz|T|0WZ@@g_9&$O&<_Lnc2Kxsn$omZJ zC%3Q-_SRTDPmPpU5JZVHl5yBv_nm$v;ZvIE{h-{A#A8?KbuB*4t`5d~LAPLGw(eo| zK_0Z!X!T2Q{#M-;kVbS&gml4i27G{e|EIFMxMMzOXsBV-Zs*o9@2{f&SE2svRYq2w z9|xLJ-%AaJhGb13s$(Ft98WsKfzHE=HY1X90%_>>A-YAG+Biuf!cVd|*0qE+25l`^ z1Zh#cvJ`T0yLB}Tw%fn$ZWU{#?D^7V;gq0qL|5m%B4hwh;j~JhE}59?4lWtGIP!Df z###>t2&WLbxAZn>B;N8buhg|k80Oc3O792|IzpSSKdRHr7R*N#E&CNnOC3Wm_D(ol z7pcHe0%LvjPn2q^6WbX5T?yHC+h0KBwUx1UQm?3*OUSzcp5;VtzFKur@p1ciX`*e3 zc9%6XrH$p*us~{O4Kj_5!9fqaY-;GCz{Q_Eeb~A$%k0jFbB`A57nJ{QB>x*Hk7WwL zGWq}6i<!;@os z`XpS_Z+$m0WMz8E*S$%(YAm7VtNCTVoiHwoZ{}CkK6&C;Bb_#LLuAmB4^1b0HEp}K zRX=&{{&6A$1g{h`K%0!4u<%=XkaBZYkB(&?fL3yxh&(D@k(?D0bL(L8kjUAZJ8hCe zr1PTCM3OP7nL1x7#JP6Pa}(%VeYS^?c17nKKTFyTptZ@#wIAp7eg9y|NqCbFTH}E@ z<7kuoQEI%&TWPCas@=6nci_ytX4oz%6yJ4XBIi5IZ1woue1l8JZ4K&lNc*murjk=1(I4B~NyPD%&7UWVyAi;@c=@SnfTmez)BLsn$FEq)4n`Ph0F6aH3rb zBv%`@@eELWKnZu}^OPVs&wv!{HezrG#$ZpQPfRO4z1uD$*?KjH&^8-9Wd63YhfK{y z2Ew*3cGl3yxt^DW8QM{dg#d1IBYYlLT3ZpX_3DcqkXA?Utz$PwZb-QFr#Qi5IFT?1 zT28Pu;GU3lla3P-d2Vh*lOsOQEMO4hR`*WHsEF+4_LfJ(&D6a04U+pC`GopzGs`De zwf&QBT5SVF$U-Y~T57SzSw8Iye6i-WpjUfJsae$oiyz1wm74BV5n-|e=%Wy>*nFpI zONy88I|0@zDb>nY_&A)B-j>VW{#~3=ZX*AiYr8kK{|^R(-HQDG?8S>05Ay$AJS*7$ z9a$a{uV5bO3*VxZ9T*C+#WfG8U&791oc8<7W-pqMcp8X_rpX0W;Jc|)@6YBI*J6%6 zPPc+uy}V{Ekw2W5YZ#~7X4{*&{B82Ru*6*Y2_VI&Fn8qLJMTKP$t*0FSccourTLqp zcU4sVFJy@SX3tIdzb2oh?0@%G> zvN)cjKQbKC5mkywn!;cM?;X*tLwTwCP>_q<1zoUdDSua?HEOlR$>sz>{Wom_pEqZ! zELg%)5^e?F@yPmu=|*xVdk6QlFmM6h!Hr%4Z=hX_b5*dWNLo6vA9GsqD_0O}1v=r~ zRUscG#v`CJy*hB_=+Lc{x6T~a(%Y2*tWsgAHQnzj#I{&NUP^>{p5pmeNsH~Ow5G;l zcn)FOs8FgKV~Q@y8NWPTQkVI~1hcW!Q!U*2h;sobt1`^OT+@<;oDePi+AG z<(smJ6V(YyUe)r^Us&9qrGg8RD zZ1R9PN5IzKPv==IG9jQbosq<<6_6NPN7>7z4d=or?Vm(Htgtizkt))bhvkT3Owp8 z0x)_=6-r0wis!5sp*62?qUR; zdc75OMc-VAu2OxmyMxD5?cBLIS=03sSHiL|2hH1dUG!@$>H=C|zz)Az5U6sUOET}o zbRdM}4S0?YL3v5Q?YQ^ASnh(cT#|Y7b-*`{y-5|a`~s>jU*0g6IgP3Y_78M`_tLU$ zST*G^v$b_ou2FVAthcCo{0XP2b%uBRBNZ$Mh$a#FxTw~n9O!lz$EAzSHnDuI^ zN1RAb$&5hWT{_CM^@kv+N1fJWaa~fMs5q`&rOU2XWiGEl)HAmgqhHD)VXOCN2Mu>> zcY9l?7n5WxCp|RSfjMMq4#9_@tihN5Ug$h#mVS+5kzXR&$9g6o=TU{w)r4@J*)hj4 z6-Y?PuDxh2R9bFW3_5*mQhg>Br@p2hBCVQLoCU=4aXtomF5%Z6@>*eyWpc`8}m7ZxJF1dJYE zlKH}Jqz#UuDchz#uk6FclC<_hjY<-2c?j(W=p?__ZihOfxVlIRhjQ9{G zj(TLIqE?Z3Y51LUsLvBVNNc-8hDYz3b_Dg(U`ED`xC6OHps8wr?w` zKWa3@Y9peV->o20O%y7Q+psIb8DB8>vzz3nOb%8UtCcPV(*Ls|lC+hz8p1A|7h?8@ z-e1Ls9*P*zajp!T%QtoX{X^2T!?e9Gx^izkfm`O)x%yO$vZbtZZSxZv?mZ((=#JbS zw{t77a@C0>co>tYe3{fPtOIv7wcXKqWL+;$oMl>#pVCZuR;0A(v!PP}jXeuS&w;3c zSl#<#RZt)Z!nGp6)JNsl=jNA&@F6-ZOEVyjwz94;Fzv83uIuvMs=!EOmB~MoJRiws z%&rJWn`*B(jME85gRL$7^G!A-oQ7zyg*LM^t(W>_VyXPrYg@liUWAm^cyU_=GA18S z^j-GdIywJcv2Q!!`N|Y9ym}H|-Od6M7Gt;RJ zTp{XBHm!lTpvh*3{*vmLx&+(qqJCw>ZH!V*W|U>3E;V3R{1jcZM_qE6&iKU?wiN~V zWkQP`tzX_QZ?;v|cgctFd;i|gjn4lh<9JMNdjE4U*sJD$dA>V%$p3mL&+74C+-L%4 zngS5q`Dx_chD1VDptyLFhv$Mr@dj(WQ=n@wm`YcLif29mj9~b68V^bz{d!!Mszuja z->+43^LCYcJXl<5;UNj|>3S{mX_Nc`2SKGGTNTr?-M`&3`qJZv-iMwW5y6!ymetil zOfzJyqj}g!?%#70{$E6BSiA!);r}~(J1?sI|M}iS{I5HCR^tCjM0jpd)CSw!JZtG< zkt1b8NDoww>CvziXoEyozsPzQ6%JlI!( zt>)VIC<4e$*1xt2-u(W@&Q3M{$Fsc`5B^_w@~p7_^<{pV=y>^Xl~yt|R=T{^tj)Pz zI|tAtV~#4vM4ENKSf#f?kIh@CHqWR&pq@B4Y445&yWw{=&A;qml=&CM3NbrVXlwRw1WxOe)mgfu7U+UZFVZA zb3Z=}UOpFC7!Wyvf}q^sklHRITB{ zVx>l7jGB-!-1{VWQxm; zu`@M)#rdPI0xhBic3FMmYjNnD{FeMO5aXt#v4+AD0+*i{B`onx=`JMKeo$HQ-MJ+5 zL75K0V`o)LEcI9Q_%g$XL-_m~Co{qY`9ZzhKS1WEDOIL2w`g^euXkt~G#)x_m5wbP za;UhA1@&{Yh1Pqs=+OO;JRhF>@Z3cHzrsAB$#|&>u+;v$Q?vg*-FwLYeJ9Tf^8Y(M z-3Sj^CQZT@&f*wuVd3#2u|KC2Q~n%}7li*lWlS#O_KmH%HdCBLXfwA=^sM7?4>t5AbU;6STprI6Cu*1^F)nm?#%NT>w#f~aLV_}I z4kO8oa+c_e6X2fRo`J&PhHzn%P=FI3#A)$OFTU!jvF?ECH(*S&S0<1|DW#c>^_|T-N~~8|2JMh1RdGAE+XR0Ef0S>Sm~z_XqZq6WhR%uc`>=lSIn=rNL-+<--LLg9 zYw}JHa_97-CwpxUi=r;$3atTprM13&J>J$mvMX{O9kg=&r9q=9S};x4E>@M=Gwy$# z8q#GeEkwhg1>q;0jOfQs&0Laspet2cvfhHOA7P;z6?YgaeU@F?K&)U~3l5K}cYh!P zZS@uzoUv}%j|L$+C}sJ!P|d4PRE<}wctqBQ+v*P4K)k(WfE9MI`nP7^#^L~GIS+ss z2Wc%|o^7|mebV(uY;;Fl5P>24NMnlm+_@y6ZQ2l(fsQBAn%o$#-1%F`+?FmC8#!bF zyZQobV=34r16xpl=uk}64Y+7iudV7mJ8SQ*cp@xnvU5Z0ns~Evi=nJG_m;agPkQ&s zu|eOY<<%l&gA6UN?)a|W|a@~a6%;sWyTv1 z)v5qF#j7o4a?-9kR@zY;t*X$XHl8vjTU1BxeCm~YZD>brzt+vfX(KbQm)2jdzAmnR zO468yKq76!sh6m?dQVm2>MXUY#ifGns5<lKGH#9Fnl$9H zW2Bo4tpvkX-NAj`MhJ`PI+E9FhN$}6yTjKBgk0{^bJjv{0TNmkRXg=Hl4?uTz0z38Y>BPw`jb%#pPBS!cEqhyCbc#uv+S^*)XTp?+Pz%-)@J`<$(UWs{xjHl_Ou%R_r>#_hx;FQ@?6XQqvrb6%m3hH{Ezh;feazt zA0v=E+ICBj2K$D#Ah)YqG6>btyP84B)L)B1sN7bIL1?iVr`$w~8E2_csWPZ`qtbmd z2))7*53#7$kId`4GANx9d(We8O48q!wse@u$?JkvoOW`$XfZ><>(}jMwu-&Pg<^>= zdJEPsZG&(@xR+)z!|MJG%woENyU1?RYu?UsW1OO_%8)Ct+`dh&vZLKAo17rBgGsJn zOUsOLrep`A*X4adq@RbCUZVxh0Pnd!l&-Mnw*KjRrV+XjeV-qmVe%-b=Gl&)D z{kpcdmR4?Rdo#`6bK6^I3r(8@eVZ1VHS0O8V_0UUaTe4y%rv)Z5?!Q{e7#e1bGxXW zvfH?+5hHe|Id%>H~f{dNql*; z9}MzVJ-?ubTQc)ik-3_Y4{EQ)#OJnjO^>eIXArDeq7gm)@A=G%GZrR zOZ>kEdsX|-)1BRi`+s-yT*v-%qUZWHj6e<<-5X0#0aLpzYn~>Aj?HGod5xkOh z$Z6t+VPG0sYBUk$+GSqeRlk zgMh4DUz!W(7P)IIt%;1~oK8)Z>Lrs_(yr}7%{|@%Cvk<<>#>ruxce1TapQQ_$K6~+ zugK}DtuAS5&HT>oExkU=Yt(JOVsdF6(-M+tA&IoI%w2j|RPM{zkJn}Y(y)#uZY@NyV4K~7cz^Ill&=hHm0XSi*L@1vMYLg5P#+6EIk#lHZM)2ZTRUFaPtNWA>o;64GecuaJ?qcrjZ%Ye;uH~v#riE(I|G@fc_iXbBtZ?&SRN+dHdR2LFU@hdtt9d_EH^~ zw4m4AJF3tw7C-2yt$TOHD)L^k7{9ds^tC_h(*NCEuWAKYqW?eJd%9Eg|9bl3#e@ET z7teLnf1?hoGN9-WNnO|1vOAQAg?+@5(aw%yE}K=6FHialuX=5|e(ua*L?nM_$B4-- zy$#me+aT|)i^$g|>FKn`jkswVLOlg?Wg1ZGZ1#4P%|?#%iAifMnUzEU>SS!1qKPA+ z1amx%OSc^hWv|7aQiv6;_LSy+1saota4bpG?|#kFWPxASzbx->QXN(SV>sU!)T24KJCgYmAP|$FYPjstZWOC#;q?hg{-sV(hQ_e43?aRm1I+k8F zMZwY~Ii34%*+Lq2{(M+8ce`jRsz$AKMM~W|c%+IO zE})>mNfan8tRRhI_MLYYfi+Cr54~n(`9GMDcuL0!LG zCo~yvBTiy0>C9}K#e1AY-Udp@SbIrtYSV=AMn(VER)F3n@f@)PYATRWN;ryXLIN*% zb@tnt+T^?qbOeNmemOcr5#_=Q##HvR(t8rfY3e=s|GW+K3+9w%0v*44ExaJ*>~|7MFQ5^@eO->T-@RZa zLKcz!S7en~dHtWhK794l>tGsn?_=@$-`jaHcu`sZyMyNs@qg~**+4I;Oz@Q2)$k)7 zawWAKsaf~DL-hW85>Lyof8Cr&nTq{>Uu_0~nDiqSioRqi4MjiJMSnANv!Tjtf&F{T zS(Yl6qG<`mY)nHmB=U+VhGPKH^#ae^*g)q${^QlD=UrS}D9PH3NJ^53Bq1e6dRKev zzG)Bkd1Ff5M}y#F@X>nRFhM2b^L=CiH=US1gOE-8=5N&*^f<&~;ypqNe3W-QM_H=m z)VvhHg;V;A?RPftE@=|&Bc;L9@lQDQrbJ>TJu8qkzzr&s`XGW)7RTBb5>B*jt?68g zMyU5aiDQP|F&;-f4aCLGq>gbQ>vq2UCD zI8h=HnE&CT!;Hi%MG3hw^MNuYSZivi&Ht9&B+wKmcuaWUc`r-TS?T~d{`()YAyJ&C zXzkLx2_iD0CHbOv|N4kBQpfJvaB;1hB2`8X_3o425JRhn4 zctRu*Xb=qk{*CAB2A&4H!Ol0jj?xQ>YC~a>pb?8>cBRHG@h~QEo`d>xx9k+$zS{|`@XJfpS(}#!mJXUV=72kq|`k&k{9R` zIwdmW3BpLdKRjuLvPMfd3f4W|Nc*J>jEtVWrBHB z0!6*JYfw@aS)|mklCsD`(pP^ck~Tq>gA%f7$`X>u9H7Fka#1FgR!}rjYFN2FP+&nF z;S>*P+;K@YES77nvF=aPYFxhHZoZV((SbYLp@Zi@v2U{tUQ~x`W?ykgiMi7I9d>L_ zWHSPMW~ImK)5w zZDBQJt_mj~;;;e872rI5d3c045iH{&Sq0n`*HP3AW@k8$PG4OEnXAH?vY3YRCQ!S= zsdh3FW}M2oY3w%OOo+T<{PLs@ZdW)>3#-AnGMqT2XN1paNUqD54o{A43%5A$lN8^O zKEG$2{);6N$LNGb=rEH^gg9O%KCH?=jXh0iBV}MMoI<<8PM&KX}xc)E3|XP7nYH)(3bmBun)&)DR;Ks(euBD%B3EULW>@AmYGYR8@f44jt1@?G z8@TqfY>nKNN#WX$OSu&0ME|c*l2rQ&(WEoV;ut|mumIL)z|am9Ib}@ta;3*QEXfJc zeW9McQ2pp)8woN{bQhNOJlp)FtmW&L5y#{J!$!QcBk zFZzSO^>Iplr?&8E;t%}6Uf*Hs^F-p0`LRMs1ZqO6)h|x4oSe^7a^Vc{gwsR{dy~W{ z7^x{}-N5oAe-f=>Ej6ed_xxFeR5Q^>F&0AY>=$iFrImtfMehF+q=tmcpY#dhDfuHK zLKbpW4XL>vplbQ%;1S^@VbWanQS0RV$1^18I5Fkuh=#CD!^s?x_Snv@SGRh;{GFFA zVwtrp76ltv*qtC1WPu;?ki@s8EwpugjU$cq?pn(ZD`LQky?7OsEmqEPge`z{g_Ury z*z98<0H-KDM~YqOzmQ}gII{#@XuEwNQW6GYoAmuo4V;zG>Aa+!-o1|5)8yNQSE zqKxYwbFGUqmeGXvy3mZf0d|FE#U2vJc{#rqsb=fKvIAA(?Tm0vqjFQrXrk=*QMOVZ zaiRqtdlsgO&Cwqjj@86P2&XB)w$O~)4FdQ##UUx3Hyp+>yE0cSwO?#r&V-d@de9MB zKq#x>zy-y@LEG37jzHSeo2-yHj)4U~77nc4Ab_c@on7i$&{Y~|;(D^=qLpd1&&6x= zhHLUG)VfxD7BiL`GL)}SzgqEeSA%w}cln~DepUIQ@xos`H&&FYg$i$wrmAr=4D(a_ z*I71#`^>%RJpa?Rg@7^ab*cWZn;W)4VWM#~n8nsXeKqu5l6iiRlcUdEx40xL9MIhe zeR(utP+z|!juws3L0@qMpoRL22K42(gcwJhNKVO&fbTdRAslmpqd5v;=ZFGVk1t&; z^G(#rGKNskcuhvXl-;i^l5O9EUj5x}ZwvKel8oh~hXy;SCnRUdxCl_C_`m6<^mjqT z+ep{nM!GJ@db;ePRU5Vb!t%RYP1FZ7DlSULh&E;dMkyyVaB0tPky+GQ^y&HmT8h4A zPpq%$vHP%O9FNKRd@#Svrn^4R%`da-m55nSNf5?ZxaN7+K5wQCfoY|n)>MgULXspT z&5Y71&~T)3Qhfb&bHgdya;yRrbe`(4wCj@P?y=OiCUNT?3sx>2$~4Y{>Ln53niSPv zBEKRHmsu4v#55^Re@f@VSqmxZD}m)*Aiw9E-!DdD!m>C*8U!7v$9A)wD-|P7{>Vro zRN9E4+Mgv|ZY{dq)1tKzdI$5uEt1^Yns#Zg;ij$L)n8^bju1&^ zl(S^2FVJ!dw-G=<*DeuQiwrBegK3g&x^utECSM;$<<4$yE(g_}>nkk6hSI`TCebkj zR;Gm|f{PuUc?+HR_GS5qwK|N-ZE-E4%7Pb+IGg6ip$o)@zmrg!387Nx`14p!RvN}- zDS(OowTkf7IE)|2Tn*w!D%>jr0*xpa(iwt+7%uK$a|u5(LuK5QHTob3%OHlwC}D|j zOS{9U3)PooJ}3_kMCqpC8Lst9argfkF8*KMUF{z4?RWiLnhUd=ZJVQCrPt>nBg*>xae_iDz}7Y|yc@TjtB2Yd zaa{OBOxTs(Hl3|BKxays`Na(__3P$_4Yva0+(Jv{uN>#-qG|qYk@nzV=vX3d_7;r9 z1S?Xf9r{^b|NP5NnG=2aZq{6fc?+=+ zIEgqe&E2Z=c4S*w6W^@QUk>LNp2HlDyPC&kdmc;1?B+6yYUS0-HLN_eXc7&uUwZ4) zP~7e22d0>Jm?tzDFSo;Vu({mGEV9&)&_QXxkzVgo^_9U&z*!vAWPFatYUek|LU_nB zX~OE55=i1PF!}sG&&BHZd%TSebe58k;uulDpa>^qiiLBNOf^-6FXHA-%f5$@oTp@8 zHAs`Ohfq{Z*S@_7V~acCN%g%XDp1Ve4v>cs`G}`!O!iR(wF1gK&xypeq^r}sBoK0O zbINVmL~QCOW14*QJc-B4n$_({Ja(HI1cSX`;74RgapDhle7^V8^U^Gi^;PU;jRLYq zbA)yCCwav@YXTUwA0Nh7crG3zIx65$IC~72gyiFGo&P`(3B`{`Zv5>Ii7n6QAu<>+r^ODaIEnh2@7h-loGt0-N#7_4PEkw4C%9n$>fm~oW5Xz-WRmdi3`hm=IR4QD; zfE8ew;#BX~IOjRZ*qg|Miw7D2*vgWJ(0KkVE_f=vmMbV`J3;0h-UR6)w z+Z6wikvtq?F&lsW>G)F^!T%E)?mZ((m?!`L{MjoFI!fbW#6b|4fYl_K?R!>|w4o(W z4$scsy*+*96+-6B9{lcmuI#B%38~9Qy@cG==HWM*gWXvp@L7y%c+~r=SMpGxWP)i30DS_h+DZUf|H- z=bmD4SdhJE$d9(XCKL>=g@S>Lg28%FFt`O245}!wVQ_!80bh(WCPRZ@C)n}4_iq#Q zhRw)yNH`ii-A21RyF1$^hSILRfQzm$+!>vMf;6HD6%!H__qE4VPO>4y3Rc8xVhC>t ziDf2yHuB|!_$D^^);5w8D$o@F&bS+=NnfQBYQRQ>DekdOa55%B?T<0lad_4DBFe2< zWuPKRrq}}GDa$Wq6yaq@1j~%8rlLrPp4CHrs%0o>MXf|5^nzPY-jx{vqEe7}q|_?R z^9xoMWv}1<76JA|@t(NEHeH_md}{=c5zre{Nn2jSec@@xl$e zvPg1)Hti)Zg@)lA4Vj$iO1m(;rxy24LuzJq;AR+pxy{{rn>sKsVo5yT3efxS2`7t# zUfW>TiUe><&7ib1*%s)%Ax;!cMQF+ZONF+p4M7UK7jC#R?X~Cm=x2omEeDzC!WT7| zW>13>SR?#Lf5Vja0XW}K`4VVUhv#Kt(iaX=t^ZnS`w1Wx_WLIgJ0DH3KtmrsgVq7?xBPv8jME5SWjBZwu zp;Hl(1ar#rkfwP&04&P2BSwVk-ZCt^8gVjL^H_jUj6(a#m)Dv*G`(gN*kTdfWn`G0 zgp(2BmQB59qY(w8BNU5Rm?_N$W^M7>neF~Id-~gyj`bAxH}XIIOb|cBf`~1%O3bHZ ztS8ToK{7OZs)*%hK}K1OVwzkEO$)YX)nh5%yUZlx6vv{^iD2=J_zJjP`1h%wG9mo} z5IxU*r@byCX($e1K6DA4PZ54+iqG$e`AB#&4+*9m3+BV_6PA8Pm7 zwX4PROt}bUNo3NY9;P^)5Zl5wvM~*JgB`S~3iQmU-qt@nMK4o42hz*H=ZFfuqRGdQ zq_E;cHcexy)n>a{m?i@6pQZselo%Gdg3|78rWC?bO9=`e`~Cja)m4B2%7F24Kh~v0 z|HtE_*Kf{V`@3q}{yB+>5XA;Loa?}hYB?MWhs6cK3#f%fwJ3K?jXFc@t@a*_(+k1C>{{7pZ&(XWX)6>H@=f|(l(A!gV z^!ClGDc zVQyr3R8em|NM&qo0POvHf7~{*APncKm==Wpl13!M|K3CB-lDJ=)>)M`H=gyy4FyJjefF8GhjKK4A}8%5cIXSQTYPB~ql1IVXbm z<=3!YLYl>4ii;_U@@(3hW10y}Gg1Jt$Q;vjhy=m&@a`r5UljtDQs!MaW}>Ga)z@T? zv$BX4`3=HTDrV&vP<WX_akBUF`E$Jg&HnyDf+v$C8TY0nBLx;D8KPi+u)iPf z?T35c-0bZQ4_^!qUPRvg)f-{{A29|8x9op%XH}Wh#)Gcr;-Jk~_*Xj=m@99I5@FC)>p-E(p5E1(lmU zM}na-LAl%#6GSt?(1Mi(5@epISP&ldwt8D=L}Iyb^I>lbh3JIjDO<#`$1D>COH)$RTU=>Lg?Kp*K`PZ-yrn!QX^Jz#O5WP(X(mXK7nBqCwS51S zKS08c!9Qs~Qf1TK40{O4RW1KTXbYW!nub_`63XFMAOIDdq!Zm{M1-K(6p0yyDW2ez z6ZAmE3{f>5)od8O@0BP@*(Oa!Wvp^+lDMl7pNd9!JI_!T7Nx6^79@-TU+QY z&FH+GqpX~dNrBh|aUxYt#h4E>8qW|$8F@$-x~l}`EJ1w6$~2MuSP+~n0AE%LgtLVN zLInp@Ks7^gf%%MP(_Pi4giM8I=a^-jCZr$T zNlYgTBxVG0Qry#+ARNc6%mApNNS5d>Fz0ld5%^PnQ_UCZqXd&V%QzA6fkaI3 zVHx$1>ElRsq2^X~Vks%{Jt_s8DXU>7p5gM^ML6V*^E;uU4FC{IAns>uv5xQW4ATh(je}TyRoN>a@n{rHw zj0nQzFcXpqic{cC$-TPM^Ae+&C1e-TOcH}jFgX*dHNryR_zv;1nBZ8mA2tLUc?7+Y zgLQfG5)K|XO&5qeQ!P~`$y;ko`%M0uF`=eVzQswRxJqeU>Q|@D5PkTy*V(<~YVuwb z*wD73xe?1Wi_Q#a605u$TEtsW0y0|8VK&8VouF;L{Ym}MG@hM^z2 zFlLO4qm*J!EC8AhQLwlFbu@?u(O#fI$c7TMgKsclOdg1E8dT55xG>KYJx|DlW&~#D zo~7lSsPicB7nd6&dcacd7lg}&u4hGUdIfvGsAdp4DLE+=$m9nF&L4Q7I=R4eVz46f zTr5s#0j$#s<1HYw5)j~gg~e=$f)+lhjXIl{=EdKVIeg*QY2d5`CLN`g3Ua^Et*D%YlS zflpD!in&q+h)^8fVujt3s+w#tCMkP}&{>AmE}rhfPNeBASBz|R?~I9pKC?jbq$l5z zl#>VfChC#weh9)<;4$WMv9QS`u#!zNRw)%WP#Fts$ycyakOFO6es~_e|MLzSlNifw zK{nS%i=KaGKt}oCO?W(#$jad)42EJrRiA@?4^5HGCB_>1rj~59@4+uPEvf&ilGNyQYf3!?ES6Wd`NMd7c3@R zY9c7u4?q&L_lsK`%cr*~n+{PwA@_YQ5>`sN4!gt3_tTOtX(KlwoZjMmX(K>{6a_2% z*Q6+HKPz5KG&-9&Sai36eQAjL&hFLk8S$kTlVotIYQ-fNY%UiW2tFFSl8C#u3b_|2 zjPUH4u;&nvU%Eprm^jfeJ4BjX7h;jqSjtW#p!64cT2854=LMVxNRblG?Nh;eTS(E~ zgKaT)&o=VdCyyZ@FHhB;B)2YD(7UM2Vm61b>BNjC0cnks#1&jvh=PvgYLQ=?mJ(=n z=n^pM_TefqBoBQ!&(noDu_}#K_9u01_rP~kt>w_s$(%zWnqdy-arR&+cbeUsiH+n; z+o!{x)JG+|05#N~NC~X(3N|+nO%YfwHaClXxsSVhPOexZQk6n6o6bRBAq- z(CHlKaNg1{aGHj9WDx>6!W`3rhcpXu)jGty0vS3;h89UF)`67huYYT-vKVJlrvg5g zM_SW0;__UtPM|3slT3x^uDXyg8#C-(J$3x6-B{cy6M?|fAqt*Hhib#B+5O;I{VNbap;Yi6@Iq~K z6%ciLFvoGk$s9I+b@QP&CWEuUQz@_H9>p?(wqe%~GCG}!bP??I5F(R_r1(7<0USAo zyiC(8meP1JL}!x=Ca%=UafwX;;iACG+$H2XO3lbJ&O1UT&eSi-9H9$)Z&@LuEGwKHn^DW$K7wQ=8YdS`yQyL)P)N46fi$zX`=z=BWN*zj5 zhLdk`inEv$$0_ET_BYI7tIBT03bWdMqG(d>!tMiy1ieobM1qlw4PXNYm{PSAxBw*- z1P+Fyh|*enO?w!yh3+gG6M-Y28Sw)T<%q(u9#RM!mHe+@F-wOi_)4z-)Dbrb7`tZ6 z$Wu%+LEa1W{mspl=A>3mXyFCPd+OMU(arhDd=0y37oYen+G-ZDBbQS*L@x(}J!Sbd z3$6BC88^lWS6xkS*|wWXXgY%WI@Su;u&ZegtVX2hx_$vY5$*=-?LF zPGbCRnI$Pf+Z|027X{6xJLZ$K2^upoGl%Eh3WBn?RJH>3g&LR|6|#-B`L5DxFN{sE zQe6}$n%zZP5O{>%DR$HcW3V_&EetMFDyjk;Nm({g;8-cRu`}GgAme_{5` z^&vo(3ZdeC-8kx!VCDi*?lc$r-UIfV^O2cBIbDXHQXqgT7Q%QVZJdi@HV;M04b?Rj zjQJBDTU)4Z1Zw-lQq0*|^j%P6t8qc+Sj-~L@?thbeM1eY-pWT(Lg37{r`1_Y(tn2U z3Bo95h1?KXmVmiOekPY}gtpJ*u%uoN7>x9Zuz&g<$D)4)=hGeA{S9p5?VmJMBQCHg zd6zDv)qO1hq#h$RkqoDBSsS48;2rF8mukRD|%C5^}wfK7a?J*wJ1W(BSBn`fTUEtizLxN? zU9-Cg%o1v9a#BoKG4CnKr1zhDoYF*XQ3)+bEK+R(QAk%-M771-oR31Q0c6wO7FbOv z;gQ@Yq90xoc~LQP=~mYD(F1b9|*7ETsO6jQ)$Z z;~9zX)M2zb+bCS_X+nx;93?C+tsvPoS5m%F+)6XGOsF!g5xx@{o*A~CH#Rs))aLAW zdX}(4W)1cIutR-6>=Ixg_m35w&aT=|Zpj&3XGcahhDI;UZ5Kc&k zK#B{-dH4^O5%&enrlFqX04}>q@+jz>r=iqBBoJI=L;S#pIGzu$PhX#1UJQ?pk1yX{ z+zcH>rT<^>6aH8GzyI}UG^D=4B_1GHl&BXee-u2)?-CSA$IcGnNWXASL_uS2X!j^9 zlv!=7O(27gjpkDs8Ga*nqO}QRj3P}F(esT=M4o*4_b~HVzc(%lg6C-a=J;x-Iy`}J zR@C2>=N)!WQ1I8k1?~-|w%&l6sjoMs2Es{7Vxcrw@afT#5Ed%5sL+bgxjJltx-cCgoQfHo9Hi3?( zRaFUpe@>7lR;FxMZQYk}cGCSnd!e-6DNmp~878#mOq!q5wi`Pdk zEUfD)$<&%dmZ`^&QIOjYQ_lH$gJYX}07KjQ_Jt%$(pisPJZAS~=aU`KR(AZ92e>A2 z)Jb07KUZ$iV2njEn~%-ilaHIIIALC1RJeEBBx^=b=e}5TwDAkO3h5Zb%`2^nr8eJhGdY|Ij#J0pVbv zVWp>6jihX^e~5HYm_5;KHS9#&e5YX~YOtqcBDyT3T(`>r*u2lRmyFy1coh|}uFBGfCBO znW&{fgis*Bx<*P zZHbpF(quV+_hTIgt=#^IZVw^Iy)D%a%=j*VR4G*zzuvdf=kkMS|whs9(2x6LbcWnFyCvpyj zgCp--kLN8ENDVeXG)v&_fNQyAz%TTc2=VopW(GO?eh9C$meku)LP{@X8&@wU6Jkx+ zL~B?8B`nB8K?NzoDs&%Vp#y5cz1+0uS1p35r}@rq9lzxm z0r#j|kI7zvf6qM`3{mX`cb&H%i={jpL4<&giXn-Cs{%Jwu(IJ7WW&NGY2m2TCn7c) zeE);`C6pch+P4vqeo%uAvePkxXf!%^ePe)?z9k4hKm~k(rZP){VyeGvN3pzL1 z6R-eilEI9U$0jH*vsjese69ilevW?L0o+tj9Ob+uUieR4b5{K%pnRQ zFUULfNtJ!U!ed;l4{$;=%4Z5F2$^gWkAI@1DoD>yb8Z*flLMh~~ zGOO;m6zqt~?xp&wuyVa~oQ=AkpQ1q#=(mb~ryR{lnu8-rW;r}#SqN!^^oFCpY&wS zEF(Hpb{G9`Nmf|NHjq?%(3oIiC`ONf?&=v%^}L^PqIQ_zX*mp=*TAb zQ^FC>w)QWC;=CN9y}@8^pUlY|Hm52~9|4^RZ+v&y^4Z@0OZD0BGqcDRdP7Jq`<_#k zT7?rA$4Y;)D=0xYRZ6(_{Fb}Df>m*M1>!05m*}YfXS{YLCVAoH+Ykao=SpQ%HxJgL zYYuAl%Lhem$xlkd%j$5XxR3%w?w481?L^c|#;MBUG@(;1v?*L=w4w^>6*4@PO1Bg` zI78&UlqqWe)ww7#nXv_`g$_E#qTB4&?m_Eu`+wzllEs4j5K?F z20rU^Tr5yt7RuKcW|3n-`D9@~v71qE%MA&=d#R4rklW$-`h@GawL%_mGlHfChSVWu z--bLGl3Ud^Y0}%OGJ#al?(Ry7dX3a_Z4m@Ez_%IV>#|Hs{JH$ZMDGraWua*cA#o^ie-kxC>bg< zos1_z&!atSRMB8}{ahQ+BG6aX%}8flOzjQ5jx&py%F61+}nlnkDp}CM8a*k6=U(V91+PVJ|gqc8?22#g%;Gg0V4TwLo5g zt#k9Z&6TG=hs26o#tZzKrEsA;EpR4GatXm)6TXvf=|{spDdkn(34mAi)I>^>#0r#=2jz7EBf79dsa!<7`>Pfa?kg7e6t^dT0P%Hi-7ox6>cb;%20xB1 z=h*Z(PLjha9S$eyB-CjnU1Nm1x><(D`RULM8`*MAl1T!Y%D6pi%9t` zzoYprV7~B@PM#ULQO~Rjy4&@)N5^J0FTI)2(7^KGW!IFdUjL5Rba}EXkYFkzQf0N& zU%M!)^dZLd>m(4V?wI`)BHrDzk`KqjYeS2!mDH3L=Bd5IPkaVQA^&MICsx$PH zCbK!dytui(JU>6Zu2R~#s_7GEj{&=6m7_(C{O11|qTsYFSWf!ik|L#<7N;MRKn0le zH=jZUmU@*$MQuHhK~KS#V49W%v3WkGnbK;t0|a_$?p2)iX!bE3!R76W zR_u=8PLCCiUzK*-a2FC7>tSyKneW5{s`Q2cA4D8>oGgq|;)e*fbaH%z#wz^TSpN;k zmT+rhRKn=$^er;M))feK58zo^1v4>u%3kxJi0wfKfs|Qm@-EVMF`|GFOvVH^mvA_z zDs7WiuN0>PubaqhyUhQIj?`7OgQ30&Kq^~W!vn_MTXe#x+GV#BU}%P7E~7PshO^vF znGtP-QJaRd^9wpBtQ0z3v7Cdwfyt(9oLIajL$o*O^?V;fn?Pr)Vg5aHn%O-VZF>$B zdoTaIQ-fGH)%89ieQJApl`4(u7W%;e1Jj90aR}ad5Zh)gS5Y(Hs`1kPG$~Yj2o+-- z5B+sRK*tAL3~ZHE3e3u^r4MFGEVx;pdzFTenu|RO<4EZ}$q46H1siK_ltT42vAG9w zjp~fxRLuTi^kOB2_6GZh2l@$*XGD(q`&%P6pIKJ4fT3eqSXIE_qwiHfriiP<6?v1h0Io1Lh%i-c9<_ zB(sL;5*wFdMlzv3!BYuRxYMT3BO>K0N8d3igqN;Bvty{RfG9qNdrD)H@y2%SO5OIX zS`#9m?0^QK4AcfC(3|15Ow|xDR_xcxl)=s3-CP*PKru7}vYBAKyfDr!sFRJrA(OFG zd0BHJ`*qujw9KYC6khGBiXSi;=A`K#E@dwZRz|HbkU4hqMu>;|VqsnL5^^}vHIr}|C~RCf-L+`CCy7`}_0 zv*q?1|3gUi^iWYsZ7Cqs9Z@-pSU_8Izw~l)l3^?Np-XVnbaL< z>r$4(RF;DA;x|u@xRK7}6Bzqf7NU95{*19-lCLPUs@#c9&x~}=eWI@REPAX!$Cz`R zB?aznDX$vsz7O9DF2Jx4HBsufbl?h8-{;g|wH1jQf5$pLkl0o4ZVw<;Q+j6;fmQ9m z{#X!|X!n6>R?+?~+fMSl9i6maofCB3J(mE=bCuh4CYiFfK)zR#H`I9Z$uq8O_A{hC zx4CF#pFio%)_4UdFR-7hwA(*BQ!bc3R5*yJ9JVRTreP&aFq9$^s*ZtnVF&g$1#+Z% zlxYRP1w=EGyk4~D6RZ@BT{JG$Djt_K6(P+kHlQ4!>GXB-yI)Eg-nrc%YS)F~OhrOBVY_)%5wm}NdUW#kG@2)n&F9CX>x;9C*F(pw zsSMP1APSGlFp5!uvxLoI>K|Bj^VrI8THux@{IlOj{Xmi=E)YgYRU5f4+RUkz=a6Gp*ozAbZ)$# z!iO2jLPN2T^04G22_I%ygb532n6O^2B4}$~9=XFQ^+KLYD}OwAR3&)VkDO~a6}N1l zqyIpA2T1DO;H%TmF{v6IK>Aki&nu{b2pHwE}Z8rh$j&bSbRrh-b)y3Z4 z^Js4`8iWZMQ=El+dttFZ=+$g6@Vz}DRy0Dv;lcC$Pg3;Z*v4eYjZxPoEg;d_)VlIL zZKpj~XKR^%bQJ=p9@2L5lDbH+4 z-z0;`U|wBDnCgP9 zWlKFhUEHS1YIMs#j1qEBQkIiKw_Pp&pxGa+_M2ceJA2Fc?ZdC1jo)nEy>9tt%9n|h zujDl+gJe6isY%rZp)>`Jvl-UsR;0|bTAS204(8TTN1asb*N$uPP-E5KR;Ad2CJ{e@ z4!Nv^?UQ!Zd%#qj8FhaP{fKFm>dGFhp%RE(+gVC8c_5y!0utvI!g_wN0u}lITZ3{qut}*H2CzMA$5g>=W|wD9kymY;Fr_X`P16WnN}czCs?&Ty zp6QAuC?PmWS$wBPe&!aPM3OA#=H=wu3Tf;If*PEv!l|zBsSCsdul#c$WF>0xdhDw9 zp^J-1B(#AQqDp7l3P7sJt;&J`vTH`-JMITSRQKa8rM%R1$=;N^7Mo0HOmSLe)Pa}Q zWdN|ymr|9NrhN#-lM`baU%Xn`v_)}0lewW!yYeN*sSB|mD=0{bOw-;@72PT`zvA2cf!hjq)f0z6R zA?uiNPJ2z56|Nxu<@&*Ltt@9C$Z+ z9W8rXwM*5?Wfy{=nm4ZAeXF@`Rk^R#rEB0gvZ&|kV${EI?YwSnyKHT{YHh!0ZM$ZL zd2w#SYeQ_@k}nzIZ*goOfXlpXX#Pu8AIpx;jp?k$r=Pkb)NXR_7`M7F%(q%E%(t2s z=KH;^j{EYh*8B2<0hl8FqPZxg6A~|C$l}88B(m2lsutPY9aU&U^=oM1g#fSLvk!(U zRByrL-JuQurX7Fvj^)j>-A+Sr|%eU+o<}gS0P1@Os~9 zDm&Nnt+pj5`_J)1R%vpM!%$U*H+u33+>-x2G1(ONg^1#F?O>dD7cL=2ufC?S|znWmBmVNO22= z>qUW~@^BMNv~3j?hu;7B3hhOE-|TEMh6h&Mr3@#$FDFy}Clnf$P@xh!sPubV$h;oG z+vDn`tvSb1QaGMvPeowK2?B^IY!Cfj^?Ow+fhENC#@iTyl9M8wmNX%KIhCQxsRG@} zzdd)%o*RCwgQ;x6yh>*0EIIN+dhg0PmOW~V_|RyIazjyRfTEU|UpQ!{`(k zc2&@9s|QlY7?T;kr`9caYfI-eKE8VQ4y^7#$}3XDBop#<0RbMW%<06BiPqldrc{T6 zTmODv9{>C&VJkccA)RhpQbZ@-?x{UYA0ITu_2yf=p1X20 z*_J#}Y2~`0_cSF_-<=KR&xUu0OguJ8>Uvp||)>okCk$$2G4?F-zVH|8x}f zYOl>s()N{G$=?1xs(s&Ef$2K)Sg|(RQ;EIc$pylw(aFWAC24_src5$!%r`nh?>ky>q28GE0w&>) z3a#MkL5PCAL9{m*MDoAtu<1DZRI%Gx!UT7#K1&It+H-=7ct-38ChCpf$B{8mr!2;) ze&6-H?ODk~g1HFyB1zm*kjUhl>-Drv@-54#)aZKcj-(^66_D<#U~~DhXx+MitoJyT=PX_$r444<)hS|XG_7c7BN+YI(;=Fxrc_6;RFycu zvcT97jkR%BZRqD-gHSe6w;nT=vBGG>75ZvQt_c99+4Pg$0Mw=Br*$p7Vbf{a6wxO3 z9ZIhih)pK)Wc2OPF&HsMZ*Q(@0z+jauHp&x5?7iWNO`QR?@H1u%SKNtfHpC^Gtu@$ z05@JFyAP^XDsHrLAL>w+>Vq;q-Hz+17ogcvRaCp{J=32)Lw97c+XzSB_p76d)uVi z8xn0@2Fz|vausl$sfZiu_dSH}slbh@XL@&Py+yV=oQ;2KiSJioyVH{1g0GsSCXGY+ zd!rq|>6zf#EEpwJR06Brs%v;H;a_TfdIUjdqp|%;TgV-1ckF$3j&DyzMMc7~(vn__t=^L%3<8PA1rI966nic8#&M6y}Eih zeEGElTC$DOZl67?9&?@!Q3ixGPXsOmq=2_x1eMEcrC}9n)6!ADw*07xsP|XnuAi4H z#+ij?QodjwQYDuG3*%esoVRhd5HrcQOdIhr2q!rBS#Ub}OJ#jhx*@_wwt*nWnWmHR zMD`b=g;tHzwsg}fP@yy}Cu|w{=u2WFlfF4;Tqx)5#;hVApXSn*uS4^?*VF4^!!+cu z!M(MYoovM)n}J++^?S}izG-#28j05^FgMuOo-*|kbNi0F*nhJUa~o6X;Gn(Y zt9kxAE(7=5C@y1HqpP!jcj2rlzK(!C z=n&8c|6T%mZHgTneBB|Wzy3o=Kb?@qIsHRUuOX-PeW4)otti?(A2yJo#-qjp{GE$Z z(YOq#ShOw*+qEzAyhYT&%;?MJv#a(UthxuOPgS$#FM6jEAkez6e@d0TSy$0Mxq^Ig zHWQO^O8R{Ddsi*u`dI&1%WJGJ8jInH~vOn)l3Uth5P ze9=!?jBUCRUXE3h`6A@y7)DdMTI^c((-;1#x|F?Wydw)+)d6msG64x+4TgFgy7HAf z2=mAv0XIdweoNS2jv=ti#ojyu>~T(iFx43RoHWkO%e{&jxT9Gz1QDP`#T8sgsSy)_ z6D+Wadr(xVoEPA6>^QGLyuxkFGG5L}Vb&_dF#uHW;~vg)uDsgjERp0^*}!_HBbJja zRE=txH3~ANT$q&SZsgQ-78g<;%Wv(cwvIu7rz8_f)lez!_oBV%Q0pE}h}BX0fET={ z1#!b;N&e`y3{heYZz1IrQTYrRCyAr;bNlxSwwT7Ytl`Ux_d-_$;kN|#)nH!A&juL`q4{WuRZoUsrZ$TyG^ z_&YZ3Ocu?iM@a&z1`5pGGtJ0*pF`{+NN zZ}c^35C(0Z1%XN0WE1G?612*NL9PRH^{L>MnMwM)?PN*bk;<~}Dl5};7iFx`9jNb! z+7TgDt|6W=W?lJB*p}^`6cIw((|jMX3?2PAlB2*`f{O%ck8ptW`pxOCe2xD9=rSkS zNZ|NRS1vb2&0Tbck{}&iq4qMxdsQA{yQ;Oj5y*V{4>Cl1uc=YGCriGQuUo%M2`(~f zWHOAWN+EBsMlmFX2B`p^7*O6(ZiWjJJPp;VbO-KG?b6=bLP!6QinEj8%uR`@_ERjI zOlV5H?|vK&wRBOJ_7Iul`)l9_9^pCu2g{Vt#vM1#8YL%%3gsaa9>$zTGcivaJ?oeD zd8I&un1WHhWeMR!bWL#bqolxFoGrR(Zb%zyf;8ygtCPQ>Q&<>AiO|6xdu=gx692bHwve?~3P1z(neO(yw87@fTjp?cJGJSxvdK;2kC=9`M2!b>3aYoY=`!x#X zt|s+H^n-r8oiRNz;Ns3QDPnh`8Z70Cp_;YBJIZspCvIz5p^j_l&*meODUk~-$Wrjz z&}34koQR#JosD$EsHZex^|bdz%a1!#;Lt0`JO{G%FD`FRN0E3h+P>T5NAAEc4i3K1 zn{oZ$!~MaFFZK=&U+nJ>28S=c{$jBAVsQBU3pDuHj@S7qxxmF2gOBd3KDgh>&kZxF zF-@SI)znmoY+Y5;3Jf3iK75cTKb!VBa7+IODEdJ~uBp^)V08WU*WUM+qnlS>Zr_z- z5{nc~i9q~5MqyahuKw@=86MP0mh8I#Md;UGTUt!YG?lGX1D)b6Wa#glW%9WC>e+`# z1+ho2!6?!ej=v867Sa6IXFI*C%jdOz3 zUcU~%{2(#^wHKE~ioP_jd%epnb|MVy>d@+isw^s($W%wwgYO|pw9X-zdZ5gIJ-NV! zosOeRYuFj}1mN<%?k?2b^?P!RUp}bapQGU`Rpm>LxcA{hC>dybhWQ(^uuRj4Jw<^& zT^_{{;v4M1_vUj}tOgPJ5KsVfw)2P&UE}sng-A8TS5QDcOPoi6JgtHOkyq(0SN0XD zOl9k|bWNe?25QgR00ih)9&W*m89Bv8+PcG8vaF5Q(ND$^6pqet_VxoUOqNdafQ;p? z7CanS0-AN;{%)oikkT_`y{UB2sGR=#JITnlLH(sjxq0XDQN{$?c6;)ZCA$5nH?6&> zS8gBc@`&rWr$QwpMq`2|WftqpK2v+mOQ~->=yiusUri;_U}A=9!+-&{;E%JUFGtwG z-%Z=69@Tn>vYOxD++6i<&PUNY6RKkWwE#^>UJ%6_p&>@#(8c8gL*#_anR>DHDSs67 zD%tbN>Dx>6!_oP>(-C?%Iz9Qsz4vZZ@uiY*h<8;1?=vWvMlv+V#hsiumCR+%>M7CB zgo#kPxV*8&sc7bw`Y>9)JV_K}Mlw$C<;nJ*k_VL|F|7oNDU%ib_a?i;um5T-_}}+u z$@%YgM$()VJQ8{OQGF~u|Lq+f9u5xc=fAHH5B@m+eU6_GANpURdpaM2#w4YmJVd;b z+6IniWQe}%!`9OOs&{OnP>j`6s^kmwONmoex&!CAzMTG%$gM0>C42;W@f=bLa=WcU z5TfJH1{%?Xl2qqQ1r_!E7bDr0>O#^xQ4i1qQKAgJ&GUrW8V%ObwXU#W zi@)0Kt~#N#?x$W4I??C~_-g=ChnfbI;~6f5g5jcfX_DmrQ&CvbR{l!oqjEB#?@$_z1PcTNxDG&Y}px`$6NW#vEz~|ZvN4CIuUh}F^7Si@3usYoKW+a_Qe5L~J z+uG{kLgQu+CMm!W1s^`trs3CLgO)G!Ep<3v)V|Rn_Z^?zn+tjQiK6RKo>!#(rDOuk zK9WoYBqRP3Vx_-SLAJwJcFy6#UuUF(51=Lb^;ZDyYqAB&5>njcX@Is98VeKvxWIr7 zVs)z>pf7joSjd@MIf-1S>-y-4Y<^@-$zb(=#N;i$; zv4oOws?OjOx|W~{l>ZZ4pN8sVeRE$8%7githE;8u^$Hrs6%}h+hc0QQx7r3Xx`u%Z zj~3oht;>|4qeta82qDR^R$}|>$}zF+tN}MuEUAW_^41;#{Y$VZy!JEgGLnKH!h{tq z)V(9wCNzfIdY8~O`O`KdV3dTOx^XrRZ#I#f#8xMA(J(vk({?Fm5jdWdaxM4>8Ye@i zkrqhsEjVyV*=yRt0}I+#j&z&YhoKAQW|5NyBzUMqX63R~1-(aiFV*I;r*Ee;S$dUc zmbpfh0#Gug7Ji}pTaQUU>LEAXi+o?{aPYQD`67{awrBKDlu;<7g$`8HC7YBPUTQZe z#pj{grF>9;hyK{veN=nB|ENFY@-?7cC*fb~`O<86EAVRofyL-F8FS&&B{*53Wp&*Zsa>V>dVlH-cU}T+|6REi`%)m`WltF zy*vE%*v|cdR0XwX2xaAbObSJHce#3>D;HVW1QucAo$_Bb?{D-qnw}(mF;o%A&;wE{ z$dBxs+JyhRQq1LXwU&IIYETd!Z$Lc9*V;t4rtF~3|k4|;boV_H4TVaKV@HQtpLF5ayV{r?~87CBfZBkE6G%%z%zU@I3JLAsvxL0gMPDj>Pcu<0 zU`4CH8)}attRANKQD6uZ_)00DcPn9XBDy|l4xmeC>N>i(_!_=e&y;VbWRz`diUXoY zru!X5EQxlRs_86>?y);E-zl+j!v(CI6FSQJwF@WoL=Z0iM;okWTc=m z5{#)b_BLS(e5Kqt)i=B9(b37Xz)`|fmR4QlLV%AU#K&=jAz|_^;!HnR zrTpN^+(h{x@c^~srvwF*BPtNb6XjGU)l+3Vr~H2grbc0g0`0!^Kx`We44U?kas#L- zETO-yeVrxrWwj!vx`2Vp8ybsMZRVtq(%O6M_pCp(uE;=gvwHo>sQi_8YM<*(p#lgKU zT}8?T-~USgYHC7YG*>Fq+}`4m_Yu#TJM_)|VA>jRu^jQ04}*2Agyb8XznkxukE- zO)?oCp)>JJd12;^bErC@tN3Dcj|+hQx#G>Ob3be3^JaI)L0)|pQ8 zDk+$e2ZKI@&XWfx8HOT^s;UpQ008fTPHBcylfhN5*QZ~9E^p}X9Mp!EJAq-GH)^VD zUv@35>bt-L|2tUsBITcV*;gHY#H!c0j9^y<%xm5J6aAgh3O8hVjkH?OyK*we2z&=?%3KR?L)IoQaApT# z4vCO)F)g8xk}A(C$|B?SE>zwgENteS4)sAwyxTd>xu-$Mr*Cmy3(#1(ht|KYxWPWE z+^>@1pOQfGo_KN4v;^$B7tug@<2OP_v? zwjdROcPCdm^%Ac3P?V@Riy7sD6*R^vDhTE_!IA#CYy{d+j*=3mVO|zF<75}40fc|Z zP1soMrS#D0;!G}g&d>vKVNX~Q({Z}c70s0fP$3BA_OR4-T)^gxs_JkX(yN-L+=Z^N z=B7G0NsP~osm5aT9ee5p?^{!8=RsHg(~28O(9Q8xR97n6EezhwHO&ocZ?diqu&o7( z?Fv@KPQ5St#SYkzg8Gi{->+`4$*#YTqn+RIru!s2u1)NuIeh!<>d%r%{#-F{%;saZ z(mrZLJ9)-E?8Dxe-0Yta$_pj_`C~ah&0t9ktP%kVU@g%OXLNGklv-LVkbRn zszh^EU#$ov2=qWyr65l*x{fc^-eS|!1dkx9nywi(HHj@jprGmo)NZf68lZL}G%gJt zTQ4W`dr};;d5#N$g8xAK(Kk{vtZh=NA~U@w`u0Cqf-NLeF&5t@Prg=zsl-ezxo+mv zG)6iofJ?N1CCfZQCqzIMQzYl}DG_aur^U}$_2OOveyCiAI+{tuH<(p96Z2A(I87Ib zypPio0z4&@759^%-9_P z6>w7g@S)|Cj_YOPRJA0$-gL6Ok7Zs1b~YPezWL^xZ_pN;*dSLz#xybYaqWM=sm2i{ zHaP!*6?dr2Qpw~Cec$Mjn7%TUfQ&kL3pRQ_o$A|+RQC1y4BXWY`jI}-QgnIY#$ z6qrJ>eV$@IBfK(ALq1@eZ~+S>C7P(pt*PUyy3y*eAk%tozFnb5_33DIdwhO08ZA|t zo!Fc8!JnR=9^af@UfiCY1Qlz6+gvj_RhSZ-kU|~T)RH8D}(-wEFS%+wU(g-{?DnpkblZnN7&1c zFE743d;RYENHV0q@Yi6V751r31;prwf^e(3SjcXJew)#C=dv<0BxwIsGZHL#^E=m=UEkCK)Hq^}b$j z=V!;K7o)R_*PZNI3(9NT9Nvviufx&l+PlM-B_~DwRPv!E#%#H?Albb$+%nGz#9OIf zAPmi+{XK@4hUFbnfMHgB)Or*!$N~t!s@=@s5ajsX=;rb*kVKzJP}SkuR8k3C^hy2W z$)&)ZZbGz*2n}5Hrz_}TDf0I8`t>O~x;R1Crxz!R2awpBRXIad`QWRP&NRO;>qy6}Z}iPt zX`1d`%tF+akExM4noQ{XFrh^cA&4Y7p*l)|(|?e2I;T2(q=~Tl_JkIZZHhMOTg>y# zI~DW1(c=dPbT{mqylkP;-lI?$mPL!+G z>o=#BPO5x3@Asnp=h5C_IK3m$-Zz864tgLcBc_fVn3eN_gys@0$AvJ~L=6jJjvhz~ ze$yjDbeTnoWr7kGm$qmeBoqK`9nD!%g25UK^gT)EC?Pq?5{_7=y)qo7e%NdE7JrMm zAjOa;e5TG^6ezbgeOiUct?LxRxvW^Ot*rS_nt&;V_a z(bd_K-oS`_O(uR8j9Rq4`wBkLh4ggTePxnuAnd;JeH)bKr-|<8AlPt)d85+wtBBq< z4NVd^$g3OGN7gZ_hPvhW)NI!{@#yMI)0RiyV~zrOtPf4PaY!i@pel2jd`l-P`oc5$ z)HX4%osMsF6--BhExpyypMtSr`82H$rb(DqtkpHaBXCv)T|W|I2gsWE`l-@4z*m`c zJ`!ICNH@MD6Qsxs>K`_iPJ*s=|A<+DFF$%394Osu%O9;$AX-vC+Qj|l-2ua- zdbNq>Gsb)tN*LjU6`|?Kt*hwPk9s^fWG=PdLea&+*N2DoVQYVRGiE5_2`&@5-m5z< zRUaFgKxDM~wMx0rg}s-|&^YLq$d?m+_Hgfn1ZR5mQ9bOJmJ4xuD zCWZ*cn#Gl(2G@FK4Hrj*&5%rJ5#mI z_e!Q;^=)1ETT@zgq|l8z6H0V1xaCg8^{OnJ-QJqX)lML78{p=*!_J-@S#MoE?hf*A z2(=^8m*afATrFSe4HMpxMUH7vpR4Bn%?k8oi~FCt(R1+ZZWQBhOE@Sy^Pv?aXb{Hu z(YtgVPTgTeTl5s3x|*zG)N`LVHkH+DYvuk}tMmSJJ90}mqvjs`(Ocun)w%4NclDZX zFod~DUH1%H_braSTZo`_hFYzCadSw=q|lu47Alpw2fKe2QQTts-S^N?idt1k*JXU` z%VGnwEDXM8o9$>+H^;7Mwt)rKMdER0SeJ6L@vVB>-_)||!jVt@+ZYq-tmPux*KPZs z*IKX?C1|-eLQi83Sc(v|T!zrU?!3R8kkGV&c>Axvw^K})-tV4bKE;`DgF{6_GO2d` zm1^`V<;?0`Yw2%Gm9shn)mrpd?>N4~(y4bjidWZOx0d47ZgT++ws76+>psf`P`|Ig zRK6R&(ZV9R%C_O4{^5h$BfM>))cQt_whrn+QB{B2*2mxGh6E@(otQk*>hs@#vKtZB z$=baZ5jQ&Ir$>?_pHiylJY zK-r>bOo_NAIlIA5?IUQbCJ=tTD$~?WLFqP&a{JOAOUr_a#jz@>rIHrcT{>(e;K*;? zOs!3_dz<&z_a4pe1IW8>KG?5VuF>+lg3SYWmzNLf-$Hhno6D0+o##XzD3D3eizs+| zLR=v(SeYel_vmk=V1!z0+}xz^e{-lVG%uLYE&vY@goJQ0)!_5980PuGqQ+$%Pj`~{VnpeaarRj~Xo zC}D`iGlrf?)}z@Jd>fMSv%eso5|X1m*(4)>F(0u!_*)Ml_e|J6*Z!$7YEQuKf6{sI zZMvc~!I=d57M&XV+V@LSk^(=~ot#Z}u}n`PIIKbBqf>i3Qu$%crz7P>qJoik5d?Xw zOkN zZX=<0m?+4Uynl;DJVU|%``1DE&ENhUdH)2<0KnJZ(JXn)$F%_VWi4GZkN?$|a+>9F z&8sX|kYt8M08Fs6`G6(NjRxs|P#;+BZHvun`R?WfjM+WI-{zX3Wo?_#$813$Qq?xL z{9>V)@?UG|f>wH+!X^M;g{C4zLv^bC(I^J+$UwN-WeV(4UWoptS01^W{CjyK__kP< z|9pk^RrK8x1d4>-5aT%!1&w*z821MIhli_iuF|DrQFa14Xa%H|7z5(!@&v-+pe=}f zsg4-8u%??>hl^O3dss_P5P0{Ax>Md+%^kQSdN)GopU79cR_SZ4khBKpD}Nhlx$V63 zIK3D4`h;@1ysimOXhyhBZakw&LNZgVUv7Iz!E%+p57KnYEtVD}UBG50H(=OWF-pj| zoK8)8V{qYA86>FMlZkdTmHTS;OrVqqNOoZg6bmQi-}g5+S0?+n0-r4q6Eg!HUO}Z9 zbvcjI)ca;q5b_Tle$vCxZ@I}UI40c5jasjx z&^d1?(15N0gmu#>Ot0{~Z4YR&fd5U!UwSJ@={?yHqW4J+peJA)rE@(@D;?BF($}Y- zc9SqBXy2Y^L4@vJvfPsL`*23D2=EwZS(irlxab#UX6>GS5oZlcE5s|v_o(wubJ;9E zI7z9M`8I;713&ms(Hti+`D3l)dG<&@2#;( z5Y3QI><-TNDpTFNvlDsr&;qkFM{{DJ+M40oOywBEYx<;K%PW=LjNK-f%vpBpF8b5QGpu=`kvnBhw2Wag-kayBDE4)undmCI(vPNIafzBc?SH8+N5+6`k2iL!V^IX zxj8_79E%wo-l+UPC+S4)dn$wOgcT~K4<567sJRRk+PX4eKV5o{4_(PU)SH%|aUkOP zyQAByqvJP6uTO8Uj&8mWw88s-Mrn!vqJHhuj0*VsFTolhRY8%XMR8080U^-gR3to_2Nk=ImI~IP0(mgEr?~3A#X+B=l~5zbu`1W7~ErdD#Tr zw&;?*VeQO}(wecG@W7-n-`oEh^0DlxB<6d6Ya{_#gL-cDp2o>C?XIj)jaTXx?U$^r z*R!j#Q#jIErw19G>(oIyu-TdIjR849)@R?H9UtA;Bp3Bd-dZ}1248u9d}5y%pSRX> zjj@gV=d0830NIYu-;HiguW#SpoR0z&J~YD3glLR~x2N&~D4$zK7wC8bJx8k!|ONNZsR>!E9~%He3Up&Edl z!>oWlZjioT(^@z=OTTNV%9Uxeq55Du2V8-62HY59yQ`EkE3JXW>vw058sNsjA2ZCA zwXs&xU@6!8E@Nws?CSFR=IH$P=xPPsw6EBvglhrcy&|eEJkqV##mbrgxDl*1_gy3C zp8U4m)A!jjNkiMRlB{A@N%po>Uu}ss$H zin*wo6n?>^4{bR%TXb*{=OYJ5TS+djP)`dgsF7Z;0W}EfO0kdmD_g&$_M#4{E3v2h zyEE)E$*;ObUM7zlxq;a^_&VUn555Lzoxyt`Ab+_J(gsBzRW5a|h-D%a>YFvXb?TV4ERXeNfl(~i9GzA% z+lSY+`>wmsEjO5~zuSBi9A^)B0(9iCmKrhEAJxZzsRp&&qOvxaHQ7aP?=`Vid)vNI zuZ_y4+jOnh<;gnTdlQGf@2SA`680+){^9KA2#&!mH5OM-pjoCjr{||{Pj9Z*-oEvM z6(l8dB8o*ZLOf+O>Lahk0bbF zbooZt%>r`u6})s!6=NK4w4zQgzPr3WKE1vE_UL#MQ>C+gy}S87=)?sM5VzBk-r~{= zb_n2-Ba}~r#yYUY?AL?p!rG}#+O(ucrI;PFY_e_!&GmY{jafFi)j?4@r)EowMj662 zNqT#HdGTG~J$IlZ0vGpBF;=cXEgz)YC|FZoI)<84l{LK@sEdDN=UU45eC|}S zSrr!iG#dSQd3_SpaPC$}S_>|&61G`e3jSsDsIxwsk$S9^()c52T7#@($gv?L%Wq4SJKuJ1I;XL>li;?Yq{01?pR<> zkosCS<*U~kOyje+RkHjn`07>+J#N2A^QP z`B20Q4iBF12W=shpCa=8!|x|cz=w5m1T3ZT$?5U=(e=^I*$=0;s)9^_0xyam*l00N zeKT*zT-4%4D|&X$@%g*gXBRCNRTB{#?bQ4I*CdQD%dg4>i$1Nf}5;eu6N zY9p5ufVhK#F=J_C&++SzNY4BdS4D^W99tmd4cZn2s_RqX4&wjUec5NOPc}-g53~Jg6YFo5 zMSoKUc!Fg4ztJrDPm~_N|5fiby;s2!6ue$>v5@=sJuax^*H?-Yb4&}qixg;ttC%7r z*BET-QSa3A)K%YeC?U*QAxMI7n$Pf<2pZ!w?W*bSpkH0Sz>Ld@t)8iQzat9{4&Jhh zBMIM%FU<>iTE=%M(lGw1V>3giRY`8-*~4M{KivfGY#Vu9wGHMt|EpT!e}gcW362T+ z@M};{@}NV9v~M-QbfSS;wqUmt)j{CIBDk@U)-^q_@pvsg*SmCkY)w6k9{uizH@*XkWRpL69)Rw${)A86Qz^&wf{la?$^}~hpVQ1}PK&}d< zy8ia)_?pShk(DAZ1(d}XSkPF_Fq0KW%ntL?D~!bn0utU$-=f>Qpu zqe5JCdf1MN$Oy-=4ssMT(tBgks;U@-JZ3pbD)vWIsJse-p>au5t%`c7m!n?qSatw0 z(CK1VRlbJ(Uw)$UM+|$C46#Vj9q2Li9|Sp>Ng!oYMW~jFtbNsIzZm2Ae->o&YL034 zltBBslwJkA_dReq$x|xOn1}~LGNf;gRmurN+N4*= zdE-QIRpXheBK#^HON8F#304ufKs{akjw4QTT&Oql^q^t)%nYFd_=#p}R%u~AsKTE* z*tb_J*WI;9R2fX?`h)b?F}nJ&LK}p zw&n5J(S%@87UWjWI^Tghl2aYL`5lgNLZGI8p!4h1=s~l%9Am+(FNDKWksQqI7s-K5 zqRDsKmNbE0YQ&ooQ4vx80u^UJDFS_)GN1*I9J-gksp{ixVX|%W`&4-n+KBH9pH+h` zbLF&_OQnZCmfj!N=O-ZXezf;QYv>7R9J7p<@&pSIJ_m*U9-o@N{~^iyDOtEpo{}tq zTv=`6w4$4X{CZIDNdu$`G3c_fFlLDS*tACH!niBF1}g18xT ze#E-aEEuPlbEyK%i6904JQB~W$Isi@XCtkAr^)+y=xICqtV7g>{Le8!lb-c+4Nt`R zXPZE`ug^BXGWmQ1bo=_q0h0HEWTqTsyFh#Fc-8{Fx$2-ouD4f28tcPklo6rpU`BT@ zxr#XkbNGI+^HD&?MBu%Tgc0ntsS%xDG|8x&u9_fCy(M$?h(4FjTo=1-(9cYWykMnx zEc-pGt4}?sf=oz3vY1Q@+|Ua@!N_X;bq?=i`VjHwnkU=Sr=BK}^3OFS)6=IOQki_N zS+YHS>LE>wJpN2$s=E5$E)k>e6McU#q zqgP+r^@J3r{!<^xri-uMn{6WN8NMgT2Z4^R&Y}SAtZ)fwb$PtW(?)74vB=38uRH-G z<&J3_Kl9W)iA?fXH>5>7=$WS5x~)m|y3_vEIt4N{b3bM#+65FqXnVC0Pc9RnT^+Pc zeYM5-@7Lo|NKpdCJ_L2MiaSX=p-q);-0@hhW%hRIDtDvC1?BVT`DWX#-dwlWtAE{k zBl<+z;ZCdPeT_EJOo;q75vufAp!b5lB-6t4$ZxoBx5Gh!1Qb|E?TNDLzi%7=T_0#i zs+fARVC4(xCGgmu3YEDhf^0p&bgH3Bg>KvoJ&(!Ik56m*+4;Zszv`)D0!s0iq`Z0l z(5DFXx+QPx7r);hc}NP?_(JgivR+WlH1JT&=n;Jk27|$ig9G??Fc{SS-P?b0IQU}k z;PA!%{$OzU;_EL4`-88a?|p#=pJ2R=pOOn)d@=awzUqVfo&0=gNz}SQQGqqW(u^#R zNg<9&0pSUOBje@sH)PRxj9VMyX46{ooDGZlYZFIRyf4nY2nQbhiAVfC4$yYZd)ve~ zR`vTe`~XF0r_tPM)#|k~B-!7TWXDIUWmqk|7zgP2i^G9WE!}=Zrx{6rN)qWzs$gLC z`7+LS)MpZS*qDG<>h}o#Xv~9o`$ot6xU(VO;re&je1+{d=8Y;)2`7zm=+Bwi5*=PiB3LYC_id_>L^xkNs19HGd5*sDZ|-vBIr5H9zdeNdJ0Avt)>V z(8SNCdd(fXHXZBFzT#wN)>%QOlnY}IvdXsX&aIxbqP-XFv%z=1;{5BcJyVZKo`Kg4 z+o+h4>yLnG+rISV5U5510yQgP|X>VS^P* zvZC(V%1#i3S*b!JHslHpc{b>(JL8gG;CyIfsT_hw$~^6w5kJ%u`LBVootF_wp%k*h zqVc$zrxxY+pko}HA|vRWuu=*PmL-~k{xdg@&FhYh|4w4zV>`zpo}IqW3zgnS^IE71 zz_5qRl�r&uvW7fhUG`l%{sGSq*CXhu>=-Rf+%y}Fn{RTVD#=J@*b=;l=a z@$Txx{NY*DP>YKpsyVDJvr7-6gQqe}JIMHE`!!v*Up}3Myh5eATKwP_1Z+&)vuB-C zbidb}qov0F{b=uLhoX7mgP-SaIa?U--_I0@U^>;F!t46!?>{95Ez{a&lWv*i&UxN& zExK3PE!ZqG_jmE0x-fZGJpe)U?DNhm(5A+IA3-L^H4gdSWL_Vt;EB@qhV_JjPjCd3 z5KZkD*iyzX4oDXNf9$<^ciTp`I5>avQ`FFTzes)tcWRqX&nS}P=sB@9lAZp&cz7=ZYiX2p1PQVtMSu=r0 z>iTPKUQGF?zN_W}Y$%miE%{na<5pa#=XtF{rBcP|>lm{}O!4M;pHpF0pa#w- zD%)5?a#L?LGt~RfW8$B<^@ytq3dc|ycQhKRzY2wM5fV6=6QK&|X6<;1b=?w>IF38{ z3X48l#w;R{IFTh~|F52gL?svS;#>cI7J&8o|6YIG z9~boh{r+gU)Bium?`w6sWqDgs`xhM1FvRVg$`WGK$#1C51&#t7vdBrTs4Znn7La^G zI{hM+7=a5C`B~)#k)%Y8pm4;c`9@c#Jqs~i7STy11}O}tbA5VTumsOZiTro2NJuaz zopQ~5*w%z})qEzimYfw@~9J;k#SbKY^f zQ4=aK%L(}{C0tlJMK`VjLG@ttAEcOU$gOGAbe>r*Rrm2b*p2pm7Op#NxAN?Dx%aPM zO~Qu&wNK3l2z-d3?7Hb6fo7R<`+4c8HeY6y1^Ic9^b`IzK*mExBYHFe5$;>Rhlj*zkP=9%Cp+O-zv|Atw5BDMR7JC zKm7Rl=hq*8e81&3LZOW%5epXNj~|8V0&5}Qj%ivvbZtu(6vz4b{rT(d76qL+tBDiH zceQ>wY8d!>Cxpp^WlG5(YhPWfL?w*MRN{{wY@|HsDrKN|GlttPz8CG+* zAkjGqi6C(JM3o>6- zeo}{_5Xv_`DTyn*_{K5?1y8WTENl^*x?q6n*)3^wMR2gn`TQ3i=5}LK+poFmjs}tG z{cuntprNA4-Ep5Q7r}Ez)<^r)_vN90`vP@Ju5-^nup1K9(yu}vD&2E~4<$0*cdAVz zbdxTz#G(2_534UdA;9WDHt09rqq6{iXiurIoRa)2fNk~%jb%r?f0_ zy>_x}yMKDO$t?Ha8&xg$>h%v7|GOL0fM;)Yxjkn?iv{%7P`S$QHx=B=^-wIMSJ$um z-KGgup2+;!E4C@}PPOey@=DFss9+p7R*x>%MsyWA^{}zU1cPa%NcHgRED7OhNHHfo zPaXBclZL=_`>C9!o>T3VB3`_z_EDZKupgFqqK(UrG}D|L!^Fc?@Y(izdtr~(jON$k zzgkZx2XVM5xiX-`J^qq$RpwVh6=p!bC_VE0(xY!bA#aAdMEG4l?*1r5{2{>+$55U3 zM;rxEuP*i?95HVpMC^&|y|+*wpueO4^}i7LLIvuffBsYbOUHbgA0)-Z;W-I$CI=6D zxo={UP!`y?-*02EX;j^2Wpdz#EPGfrk$dh91VV!=uB&VQ=X7 zYB}NRk;`zwbE5g<=GfY71mxNMfmJY_YV;YKuir`A!HmsMg8&k7Z#xUf$yXd19bFEI@(@L4%dDf_y8 zdG-F6i}Tms>z_|Ae)4{Nef2trqf{p|^(i>_g6qYUujUC$qd>`n)l<6u@$~BT`RD5o@2^hZy#D;-`|A(Q=BE8! zvnZ`wzoPq}UaM-$TXbxrc*;Fj-TrK>%b!mF`_0w+kMGVaj~diBt-l2}FJ;!PC5%^O zmS=Mw)9o>Lqm|o1;8HjvlVTiWbFdxu3>*w_U0-c_))mvJRdCC-`=p(mkh9X+gGWI zOJ6tSgtM7fv%~ep+1GNMzeiQo2JKM9J}Z;!=cm>ag>**zl^>Fm!k!gYXuqpnlFh!6 zJ8HS~tT@s6qj2-S#Azgu%nZBd>zu&EfR`7L!@ZE;UGH+ytsr-!V zV}$1nwlyrbM0p!qJvt(+CzO*q zYeffKt-96o8rR5~MV!B#r0wqYzcHhU^aRsHGxQ%;g|DDoEk zlJBHsTv+2TnRk0Cd4jGfbl9nLqYUXS$@f{(Bs(9}^-`8@5|PHLiL0V_o>z^PYqw^o z!uCDPku>WNef`>fiC#wmVl!JWT%CUK)<;mUuVTG;1_g~BbA)+PH6#0V*-`FmIcd5x zj9@Vf*?e^!%cF3{A}$h4BiD(!_LHiK)c3b>X0_&)^3ji3V7|3M5|tK`!fGQH6e`rn zpZm0GO}SPLmLW*8q!9$*yh*T6F7y6%4t`quW$liIrcQyoN1e=#7ldWYTMC^z9B`h?oKY=3R^ zcm3H5^p21K35Il(3@)VWHI$%JiNZH0@gte<^Oq>-&ZI9&!&2*@<4b-p{+}#X3U3kTrw3&Rt$JfB9c)5Ec;5wC7pbSAd1`8 zip@&X*S2ZT(lAt!ylYDBZr7!gT4!wy;H^4!qw)9F1nO_u?L1^t9A0pqf(vKW4p4Y` zpKi~T#%FEszWdF62Dwh5OlVE_T)n+d$CnAc#e%#gtD3%J`@weIYsV1-7Pk~M{I8wQ z?rjnvz`xs^gfkBHx;?cqI;UPSpH*(AIaf5~7I-e*pk>O%&m@@>v?u?0PDp&l;#K{6 zYVIuzSp}E!sBI^!P+JvKj+~ ztfKT=nQ1Wjz_W%mi9rpKH-31|B9$0Z$d#87YW2F98qXoQ#Z-7kz|G=enoPlyi)*Q9 zOcrIWvcJ_tf(RtWLQ=dv9LEx@9rN04Xv^0^){FWCb_t2d-S=e15^{ou2fama+2e9Z zU2pmX4f@$rox;^6uL$YC%5}xfXBFkeZIZ-Jj+}4mG5_(VvgOc!fm}n58vUT$zw>c} zNndW$b*V|C*_ZhwgcJi{L$tEWQu*yS|%R1{!_m<9Q2FzpGLi1{ikR7eJxi@DC2Xv z{lz4Q^&#k90l`9RoQefY=s!Rx>D(OgoGf_7!e$lz|AmM)Nkd~S$1#1Aurzj(WNEWu z$$Dp!KrC_0?W33l*&m8{Wq;dAt4FsanL54AiFoi7%okQBRrcC*rQqa9Fx37FIO|Xr zc{KQ|_ZPj}9++d72B*Ml`ynvMID8y;xFK9GJVnGlLP%)8C2Bi&C zb;H_AN8CKoCf%(*Zr5+8`nO8s{ovg#jG(Tq<=!}1-jd{uEn}Pz)cy+^bo#wcuVkGd zvzgrgTcWRVd)-2pcy1G6Z#j7q1u>(Ms6FgCsrm)_p3G^4-d>!cLFWrndxm0?EGY*| z)rJ`;c(EkVE@K)KZE<%&!@uTg>aQrz{7U%@4H~l4uPYfMae8+wy(XtI`KII0{-_RALGqRO+N5*fo_eIdNy%(yzWh zJ-d=$S@^8|)GWqn@i34)=#o7DsdqQ?k9qiw8`#%!+UiYr;GVnvfRq2teNO&2hL@?r zq}yMMZyvDh`0v-&m;_9Cm;pe9R1ZV%7ZO{HUs9Y!gPlv>JnE4NnnG1#ON# z_P0*|2T5nG+Rp>CKZOXG?KFTJ>_5Z)!9h{~cX-g>>HnVN2d*VF;sS@^+0{8mC*SF8 zuTIJLy#?lP$*P|3L2aiC?b?QP+}@Wsq&^kl3UMM{p#_Urg6`%fY2ZNAQ&< z^W9qYO7@-SvTDxYKan~1S2nRJBz>pRyo1iJ&XMi_a3i7|eU6y;jI6`H03LFYIj z2!{#5!3xC*;UqGmJ*Z9PYvtb(py>*U1?4Ewj(|$RrT>zRZz)T8xRQ@32@s1wYxS2w zr)MTh_@ z%sKNZ79>DtS6nY9jmVdn`0`=MI7e)zwItf%L_%_k13Lz13M77rQw0M-qJYD?&71=o zMBmz}Ywh0x-x5fb{DpEsqqzm6SYV+6XaEnaNr!a52w_zvxbjNPPhZNF{QuJ5_sR)jEy4ozt_4RkQp zE`ICyZ0X#-+65e?evMFl&Nx-`=fd^=74ahg<0|^Bn=m6cYXo+;tNi_K@oq4thU zJuC$FZ?tU7Zb_2RfIuYs3GhTD5*{S&hYyxCqRVutV%!4~NpWyN=L@JWEvPqT+Od>I zzXBiPeZ0EhC+L%kJiWys4RGNxk60o+PUjI8X<{rH*1Ds=QtPK4_ZMV|J>8Q8O~vO$ zRlz#o{lw-U5;~ugq#k@Bn|nfkWPq2wn$u{mW)ToUeBmhzj}z=~09ks0!_bqvV53NF zbw3;gR3#1Yc*BOsaUB!LNCx)`QLx~2^G}G;r|#5Qp_Sw zyeSJ-ZgoNX!iU44dk4NDAVGc(X%c!dq|CRIkdJ;#NwRXDL8Ye!*adlhC|G`B3KHr8 zk^H5*(IHC%w=EX|OKmQV8B3N}oSb`ies_>J4SrQyK&$vgbiv znHSYw5rB1$|KX?*{rmI6Un2i}Ams!@-XJKgZ9F|1BjN`2|Nb z3~{@*a(d23xPd=#!81&ryY6kjRPQSA)U1{T??gUTmPk@?L zodT%>|=AA<@nm#nwq+qy%9pgb4# zaXyWdet5>xNUWb9Lfj_00!|1EfALeUE_-?ZO_QoKaFAPrO~(#?LDwR|g3MQypVTig z-}t0e%xA)jZ;XUq%z9Org-v`_9r9E+yCsdT2o6@ctXzeMb#>D#+qw~n$lgu8ABBuI zh0BoFl5X9kODxfX{?NnfOI5hgQ;D56Tijr_r4r~H(_ubNya(DZ zmkQn(s$stN7sS8e>9VWik<=F_6=j5~BOdqy55@;PT{c+u`i$W*3o5WALQN3uy0%Y( zWt*=v%%QMth*+)^QUgL}KWs#Z)$i8u3=&JI%nGM*tT~CgCFeIyNB-tv-Vn~^ZVDi; zEiC20*v+Cco^c(kD6@2vSJINO}->_{DDnXbp(_bvD?uP^?9v3(yUQDe~)70!M zVW~M0S0rX1@VuR0rn|J?W4*qIWdyFMdEHKyZTC;_HksufeDn7GyEmUNuU`Lf@xQw< z4S4o;L-D|;E*bdn$X z&ABnuqpAy=eP7OpTrrwo!hc0{zbk6noTAhfwf)o4j9rb_U5(dWjn{^a9vz0e8n2H9 z!(ENnU5(dWjo04`SavmDn*eoJsrw7YP{}hyzXke?rOa5YP{}h zyzXke?rOa5YP?pq+|_tRyBe>>uXi@ly*)02l*lr{4}(U>(_#c7OVZougFeSN7%SQTP5DtX_F-jMm8qvN0!ik zNM# z#yH=oH7@a&&5g2eRHHRJKP3x%OAYU5{wmi*TGw<_c_bKIGx;2~oj$s^gHk%`>NBQ= zZz;1Xm@;DW!W&W>su#5kFmLJI7I`cmg3_>Wuox#%R4F- zS-z^O)@{_zwMXr>Y4Dv-t8zw}Bzl{(Ol57zZ|IwfL{kqPrE0VmU)7opmKQ+?qrVZ%75;X#=>t6 z{fCrHG@5%4O$4%@{`Y%>68-NFcJklz{JuKX_txb9aB!kY71HJcM*$95dG~=YR_m`I)O0 zkZ*^Rm~oxre9-IlGD}n%oz}nj$R%0mXV1Tu!d7!%_6j_T{i+MN_ToaE2r?y!TqE*P@2KZ|QLrhxO=p;fX+l0M62ccO3{KE6_kJNn{Dz2pBZO4S zweEu8P%OH#|KbN#^MJkg7es>P#}6MabFU!PD-O>|h_mb;gM9NiZwwmeUJAM-EEV=` zzgJ*NfwiyOic;8<8#UEQ$eePKNG_%eb(8hiC-M)0=auI0{KKNP_|bO(a#26cHVoJ8 zLO;I^JoSCTxwDpj^KHt-bs^^#onBsEzdrl?^ZWDHg_Qt52~NUM-~r*O?BMG1^Y^FM zuRmV>RNY>J_@vt{Usf(yg6G5{I)3YS^PWiAAa9SZKfgQu`StbX=~?AGe@NJ}xQhtQ zCekt zOKOHf88**CObZb5<)e2s#NFq8(>-PtIz`*K7dNGg0SYT0@p;NVrY~ zw~;!RzeUeMr2pjxuiY>AYoh-%)n4yw1Ki~QF&dTZe}}_e{r6}2{oeF{mS5M&!|tc| zF$P%Bs7G4I6XDvpL zHs#!{pJXXBws9Si06sx&w`IHZfu|}3>he%0s68b!mJko#fu9g%QM-|+fpd(0Wzz?H z78nXN#r_SO&3>XwS_s(A#&f^Xu77K_U3Dj;(WyYslxBJT42nVT88C2FYU+yo>09k+ zWv7j{6s<{=x69mK51#cYr*~PCcUhDFrCF2Z7OK6>!oInfCxrjzBwH}=DssYBY*#*6 zt+N2DKvcgY)tQ&;xt_XgxfO2ZTjt7Lf2{8biZzjhHaV{8a!p#)O*^+ScdLW%w@aP6 zwqdi`dJiGWWtDAS_2HiT2jo_*G8Apoot9YPeO1?aqs#9ok1Mi${B9Dt;$+TG&?nWp z{R*|S;~@W<(TMUz8~xojc#2frkC39^s3s8K9jE@bxxx8WNe>=B$b75V{n{lsA^bHX ztRs$1BHL?+E(EyWWBAQM>9vFBW7C_Aoe)UsU~s_u=m%w^t2PZaj9x!@Q1tpiF?#*q zLdW)d{x#J9CFK6O)y;9E@-J)n z0No#OTg(qS@;`CHewEWxBV4Z{f87_wF}{Z(eq`+COb_tys9UVtPV`)=#dQcpKo@sILrr2l(h8o*8Z zzwzOykpJ&+wA24R&u?q}pUp;e!7m~%a2V=K*nNpydLXeXqL8a6V#yMR;R=y2G2R`P>oJKxDR3N@!X{ZYz&q+iQXoexC4JB!WScIq=)$_!HBt$ns5xFG^ni7Pg z6-o%^EJA{*o&w6{Di9T~K&glYx?>3!h>CAH!YE=Mi#zB?b|*V|RjX2j|D&9zgm;I- z-jV8kNpQr`9YH?mBT&i-5({Eez0K0dmmooc>GW9$qXi8DqM`5#El6a-(`3s#mfT?F zBoC2$pd9@sNuvu1(_5TSxtvbRNx5ZSo;cZ#z83OMm1s6<%T2PGr*a)tDqLVsi>Z=w zis3!e!TuIn;K$d@%8CANRkG#Dl@wt+rRifTP0IjB&!jD_9(kuG-Kj};YSNvWbf+fW zsYx5|+#g>}TB3q~o?7*PJRip?V}gqW{~M_#cW#b5z2xsfFZnxDQLfSd#liGh>VFJ+ zhl6tckN!^o_Z+{k#mbGrIps+j%NzK88qA5P&;gc2zlyRU`)DsDXpctOS2{=8nZ)}0 zsK0M|oM9TG_G{UWMssvoo`ceZx$RF-UpojQXK)lJ{5&>h_-hVfhqYg;%))W}d!t^v-$Q@v z=s%C2hyEW9`bGNR@9pxxKg-Xh=nh6Q60hQ_bLx(@wZIgusVW0@S?shC&8gE=dNGe5 zYNq*G%#2xHx9UIpyhi7~-YQbGhE)8qVHzb3e)C!$_cPd3Sa0$at1v+*(fdy$%h}SY z15}ZgH<@BzvQ7(@=n7e-vMFb(9`zLqYtmLd+bK!XP|1!S!ZC%!u$IDlnzL$EDkkJx zt1*BNDN(AgTarwj&r+>dHa*DcJFmA~?Zcq`J&ghy%^w5k&&V96s#>Yqrd-l9Jvr!g z+jZDRjaQMdkm$s;<#T**K$>&6W-lMWmaU=x91IU0$I4K4e_mi?{>Nhd&p~h4-^u^a z@{=d0`x2d}1PO-TynQXv6BJcLd!#e(pxb_DFzocl-u#Ai`p3QAKDr|)A|#Lv7B~t* z0#QM_-WZB;A`qK_CyVY2VUF%d7S>Y5(ONw2+dfcKRaW~7$@YURpGJoGv=yncpy)*{Q8Bi(&b5N>%|E%71GR# zTUUBkFd{hm)W;X*oPmz|z04WMuv1TADBa5~9JT+_?+kjKp4V%me099H>6B<9(9!>0 zmupkr^m}0af=wK4kM~Q?4SDgiV6yLQjl{(&CMWAVRp{;CRJ2`-|MReaGW_2gm+}AM z&j0gSewz_i&JWaDSnEo5Hu2@qIImbov6!*eFmDfGMz=>u^_~eukCX=&SlpuT2MKTw z;;z5$$|U}oe+}@zeC*+1N$)EHZ1VpfjEANC?>qnh=lN~z|DUsx!J)ABF^7JrHzm|n%7H`Nc@_Ao*O7@{8={OL=-=7Yg%TNmW9&u z#n+wv27S)bFjQ2i(3@jKYtoNHp9&qhl&eWkE|T9{ga4cKWsFZX{S{v~>=XV}Kx@O^ zwX-mWLjUk-yVwVOob$Yaqoy~|J9`9=bv-FCo467iO-oX7fkBp;cRqAuuv@D9KA+i0)oF6lDo z4i53L>|;)%vs2xLK51<H9h z;E&S!%vkfo^PNZ*~?9sOI}sCLcTL}=}dfw_NE7; zfcR){E>V8=Ed+w0Hr$CswDR+>W?qr^7 z?{Hz~+5}lba+_O`pn7p5H40eULa;~|{ zsjk0E>%S>WGWDF*H`6o4{mU`y7VCVn$EWZco|Ma2A z&O}kySNgzF`#q7?uQ=pR0r-bh02a6L!MecGQG6z~;J^BUZ}@GA|LJM zAMWZuKF{wl@P8fJe?Dx#L-K!QB>z~reTUMw|24(`OB~_(6XE~ypjiLCKkV=D|Fira zg#XQ3^Q(w>AFH5)cWJ#0lkO1CdZCM;@FiGLgNlBox`}XCM`JupP1ZLlO(S ze-9=X*|B>jg7GgS9^2vn`#At_#Q(ig{lEUm zoF{NHC*qPN;skMlMXJ&ja(_XVIuTZ@BH4dod>RRo+~Uwo*!;Z?vc)!E^Ev+454d2F zAy1}(^T;XsvsJH4A`GI`hyCMMHig9~5SsFw?`&N#i?^=J zIm4Y~qgAO!%K<+d^Ny=S>FFbKg4z{HV9a+pY;r@Q zh=@f(sQ5=W|3%Ca;Uv_z-6~<`sJAYg25^g8FV3vMj_kodVKA6c!UXeKc!EBhUBVMr zyn>JNe0B~#2&sG-I=lSEWoZEs5jxj(DcS#pqP_RnuM*+V@2t%(pT8p^cL^25Q!6_` zU6tLLMf1gPpzYxzp|KZZv9Lmdft!&=L(I9VVJzE8a+H;004iX17>k8lcmet>oC5XL z2Y}pVLT2=feKE!U4RL9Xt)uKdY6_?92Ya4-f>4w$rzEL7c5^Jq9bR>+c5g}qHe2{c zeFxBKx{p8@<%MqNu9uSaGZ5>oxuL$NXX9m`J#@nNm}^yj@NAl9ifN?W`-9R!nmeF+ z*Kov;azOy=AoK!#OMRFD$zBobugkI7}&=3i_BrFwZfaFY(=cD%VU;f$+$Zc2narc|AZ{NRr z^ZD}4=O5o+fA}Bg@5}dBAO6Q+r+^{iFBodeF=#Xgq7qDzheWcHe;4{Wsp*G@gv4mj zQhi3G_4R8*L|3~1odpS(bRMyUJk}Z8bpOYLg8xr{G#>B#KcD6ILegYGl87V0klJ^2 zw;&OkrZfzorY`nx@SN~Y>jnC-pd9fu2FV8T1qnkm57|^P0W_MwQl)+9EdeILd5)u? z^#Vm?t}@#0#lQ!UKxNkaKleN6eH5+`i=d^P5{ijru_DrGbLcX8`w zXNqrHFFRrxw_g5#trzGQoKTi>baDQgw>ojcekHzWb!b3vSACbTUt910_U`r7^&g72 zDBb_FA5Y)CdHvJ-H=SkhNMo$M|AXG3SB(GZj|PMB?*2c=?*%$r;Al=lHgC0Fyg(l# zT@@>6wcaryuP#~<(SetP&T!o6%YVK=Kghe=YQ01s76ip%I;Rm@kWgOPh@p^0bCMuV z1c#K=`UA+g4A>=N0?`PioJfJ`(~EwuH~9NrMX{~7@=*EWsB0;vqG=hAj zNI9}wy_K25sOc0&7F?qoxXkWlGmvcHq{`7izrR&XpcDYm4Owv%u{#vAIF&qD3#s(w zW}aw9Nf?+?a9qk~l0WMxA`&tja73b8ny_dI3D0ptB}>WCEMdzQa#FLhL}#|ORWjA^ zRFbLiMsjHe6nQOFz^n)_5sOKpixsgbW6(L`OjYpH3KVpD zd682*!3Ms)I72>;5cYk-IZEMDVB}+ek-NuUB02A+$&arWdf4<99FClY4hjqXfqp?a z6DFqV+*T+Q436&v&p^Yon&@LKfw81>v+zq67}y^+#SMo8XG%r1`jHdl18RmV>8Dey zd|}{nI%>I2rV*P+2%~wz(paS^r;$Q-T9N$&_HjTaE#&NK2VIdFN#r^|y}dYlF&?f% z#M$lg$}>^Rk{#@~5CAA4FpY#@&LSGkHG~e18bavc$bpbXT^Ewqx+U^*aS15k8gUr1 zJ2ZL6A~MMo<8U7BU!GXS#OU1u%1nMFiY9bgKcE)-J ze{BG2e=iWrxxrE5%$dFh^5DB8eB&8Ma3i{mQ2Hr1MVeB|4`(4)F?MbcYkU zOK3?r$8#+Qz|4QvS#+E_6!QMdn{f(dcI3gM90ioaTiNd~IHZBRPR{lJmZOROQ&StO z#++m|lnn`ViFgYk901K^5xOJO1!FgPa&5s&IU06)l4vaGd|?UZxGAa_kM^7M5&5fC z%TKfrDt(P+1dB8wpz=i`O(JLkaBHnt&TCeHl?7`(cvm%Hozz@fXd=Z)XPEN^Z%UI%PDi*pbHJ3+JvVAcNzzVOM zOI#P=B+$Z()*^F+BSfMZOMDWbB!xoPDJKcKIEVNo!BD@~>vhn_i}MzOf6LRHa-tYW zHk(nO;!qJ;aa%mb$YWm45xl}H&puQSF>CX@b->^HD zgn_3xdMdAqoTTR8JyrfS$QmH?M3Q~7j9G${RSThjCg1}>3AdlfmBLnKz&2>KDJR$O z0|Ez*QArz?9YTAz6r+iV!^ytlD|k$NP4Onmu}l)i_qQZTXh0@r?53=#B#T(efb~V1VIK z2w$G)NHRI8W_m#9f~Gjckq<(4IA;kJizO2B{-0f)^A7s-F`g%qIbE?dfoB^RF%8+Y zyTmjy4?vOp@$${p>G|u|8NWSiVh{xKQ&NL1BHgppj5l>6V4*Qe#UTa)$6NrXg@4G;;J1E#zn- zjt(1=&7;FZXM&^R1l9HhXaeP8KI52vP7^wj$520-r&K=}b zoK`?scqi+BQ0!mIO-6+)g+AHg8H;$jB*`1lz{nBF7eS&xhtnaRPOYFI$CS4#8={DN zCEFU~1V(UXCh(l2y^!7zL^|^hnn;-SI=zWv+mD*+6OP92rt6FLeM0b!98jsAc&jDf zn!kVs84RVg(h0!A}?*`W)+Ldg;WQ*&dBweXN(0h0xAL>>i+ANs(t2Mdl2W111o6yPI=bKg zVpFbZ@n#J~4o7fD193ENC~qH)dzl^}s1f`Joqpe)j$uPh!_n~ABA`(nrN2reP)Pz$j_@4ID+Jit zlSCirv<`WeJLI^FDk+Ob&b?LhYs#!20ke+K>n~Vxl_xEPCX>kuFGFzc4&1oMTjTxI zcEVVJVe3eS?SKBKjnE79H;|>2l`mLDcu9R68Vx2>GDScl6tKHUv21Egpaz(R64JVP zCbB@|OBP&fSyidFfSF0iZz?rgbnh7nM6I z>17%U8ixce7}vau2zgNtXqb16Wha_28`-7bbPoNDaW*bu7H?@rdD0)stI+cTGNm~3 z`h71M^d?Bj(wQKiEDuInRMxW?Ha#c9QBnUTNw;A(BnW=IJXQK2Bklxg0#w$?w}AWw z@oyAcD)*r&86RY1yw*knm?`CgE!AZym0Z|CN>eeaKPZVafFIUdk0vDn2Na|Y zagyGxCJX-*GfiH6ytph~Uf~ zpoz`8U|y)%A09VU3?3eX4)O=HS>~LbIg(=J+72WnUscb3^4d%Wrk4;P?bh%u@#$*G z5`y-o1Q<6&0r~Q*<#kAX!YBLpTZLAmI|#%`WRqOMaucxUgUc4sBQ4W`<&Pt*&vy&C zmCn)RENdVS%aml*(gATQtA`vAfN7K&G(wBjG@(HYp(P85Runq(Sn?cJ&}?x-JaBjnc;F27h5p0Um;cQul8UJb6uOiXVv4C;Dqci8 zp6CfQg!iN5dp{Q3T6#b=shO#X@2x)KEu$cx=5b z2ECFK!f7hl5)`WPN<~~BRXGXc8mx~eM>^m|Zch3B8v!>WzJSx)LTh&P1Jl+OM8zx6 zG*0TXg50QHJ9>u33H&=Ll37I7ka`~;4;^S!Nxwcz61fIJmxK$vgc{9DteEix5Hy-l zes(&MD|Qivo=HOm&Eaw1nMvd8iSM;xE!1So&|ZUG$U)y=;HDl%hewui=pR>tf1>rh zo`mcKO$qo0urv}t7w0$$LQtp7)*Tr=$%#6IoES86*icM3JUn*hS+hCUMLUnS%5V^E zJ+L(9Z>(Z5F%e;Y1QL(7<%hVsA+i%TXGsedW zV1_zAQ65cscs2Sj4Q+h!qVj&rSxF8Qm_r&Vv<#v|q*VDaXbuo3M5)05mGhWIpfR|5 zeR}@0Jh+Gx(1!i}(+%}M>lu8uGx#iT?~?o-=#=c%c+60){0A~Mc!8UPeNi^c23+!> zb6j*6Ivh2{qa(*5L}HGFg2Fp2-I}sZ=UZ-(K3_$?T^?8=>+$}}iNg>*8(biQ1A$V3 zNeDcdwUsFoF6Z4Zm8Eu_W`jYf0Lb)MxcLux7qO%c>VuX-vIo=$%yzF{Nd zgx+F7-jdZsn~^}oXL&Bg4BnKXRvv}r!9#|F@4>7`5*4LPBlMH=5W;V*w~`sQ=>b1D ztXcD$tIIRxyJt~l)1@53QqHwppYx8S98HzeBuMuI({)p}@^DylTFlXaVf z7hLN6cUpU)1Zp!42C6l`z&z_)8*W%_EVnIwA0Q;q<5w@Xo zd3&byrOw=n?6w9(sHSG#O^?c09TgURE9{nGLYBq%r`DV{JCmXe#86 zM$R;f9{h4MtXsP>xW&q642XeZSA(f!xc{M$5qrNk*qO4o(SKjf z?Q5ff=jgBBp}rI~6-b8-^_GXju>;aN*9fA_Biy(y$z{?6vAd|wP@>{Glx-*|n-cUa z2TeDA(064tFHkDXlNwAc)XK5I&&@^wn?x5F3 zF`Mf%>(1D2Uulr6z!N$%c4OsrWoCV+jk_>S^#=|)Yauxo^;jJ&2@?agrbKoCMD~ir zA(q5IyVfZkvZ4d!;}(^%*Ptm@9SqcXuoxPF2N4RHfmL4PHf&0JheO9jS)&*0@{lD- z0i_z4uLQasbdEZG6Z5s%PM~Mhlwlk8)H>yD5SezlBHva1c6UI#Bmb3m%>mDxiE?@` z+JGG|qY%vOO5&G-kdXn-OB>dd+zc{uGcMuzvn*1m$dg;!zSbfO1_t|yas>DXJkT@& zG|L9{`)ny8rPcw?4H6E~9F2M-iRUP@jLoFVnlqybS7J?e18oDaFiqt8`%Q&_{=t4n zQ8XalMmIR2vk97p%)db_(czQ&e!%Xzu`U*TMRIh`6h090V-QqS+wDnx*;pG9qO)wLh6+=s3@N}H|#^%|6&52Wr&fTdk(T zlx&!!iOzd8G2TF~$0@K0ns|X`Aq#AKiY^h_`}E?l*YwQx4)*sQH+=;|*=LY~qrI?^ z(ZJXm=Z%R<^6}HhHy7`&Cx}G1HaONyp{cj?VZXm$v`!n-CXVAvotR3FI-_6E>Dz19 zOBApzthgzQ(i`uakc*Hp$g98-batAv%JJ+7m3RXSgV}hLMAc7eh~$gBEmVXnwNuJMso)`{ zV-o2o$ABTuH1;`a$O#=B4V<`2aC6P1*Y53LqQjQ=KD{_-stGix!b2uoLL4q8fcfeCHSc2 z?Zs!>BneqqnG`C4Hw7z`%^o0oxm1?ISLVCSI1GB+OPt^(0hNJ~ zqO`2axjG-JyMU3K$nCm=d(! zUYvdFQbe-M|z!+|`f zi4wK##y4NsFuN6HXDSG)QsH4-OY^)KWF^=QQIgI)s3O5GAi3VeAll~psN99C_eQy--l=^Rf!JO7|%6j#aVRX>^BSW|CW{5kdZfEn}rXo+j)j zpF+BYT=&9`9ix}+t%JqRNr(*x4kxB;u~+=*__(2}d3<~b%*xMFczyd$Cu?*Z9<5#q zhmb($>fDG3a7sHhtZlg~bw*tMiaQL?(#joGWn=;X*TI%Xps%>RLNCV0V*`PPI)m|X zrZXtVJgcF>KS+tTmX%q>!i8P7DNrG33K0u(1db-51Ru3<5fFg!e zEjI870GEs@S>RjB5+&g#gr}iC>pCk>3z@t;md}yYAbyVZyv9tSY0w0eu1ENOi;B$&0EYUjsyZm|~0N$#Z7Nm7);!}7!_0*PY%HBag zqzT}WfCx-O9p!61cs^--XY@@Fvi1lrgGV4)eOM5E0--EkrCX2Q0l9@Is+z72#p)Qo ziwb4HfuM0WOQ2*zL0jXeNkSq4mQlh}QiB#?7f$Sn(DZxNh?R9*mgbNMUy*5tgAbP4?9 zj3ElN9y+^&wN$i}Q-HkYa4uFllvREdk~#KQfRy#vN=>;WV!?vUCmDy~szytwXpEsF zjz9(08hx9ZCNCHt4fm_kW#wHQl_jt;+oK+@so%}`z$lf}^e3jQ$0Xz0Rc;rJ@T}5& ze9#o%9gLhM)!c8vv|)fbYiJ6ygQ2?yqGoIWc1Od&$4P)p8ZOiQxS{rOJXYFAWr9~4 z+>Beqf#k&l;$w$z;zkpe<%!D+H+!GP4TKvt{HW(BL!j3j4Ba!LJZ~YtnD7^wF-iq* zn#2`m{Y@F1@!@{83mC+Wf*HCHIO`Y;?PfMz?m@3+G}jAiV(9zCbl=c`Gd}36v!X6> zHiE<)c}oT8cO9IdT^InHN+Bk%HF0p=BO=s#d}`L+lu93rb1JpCDz6oYAW9zTT9cj> zM(i^K?xuM{$A_c+CehWyIxhI^>hTnBhIcmb=KsYHpi)7mmly>QA87!{-@GJ_l2W zrB#+K@EGL+M}iu>c0*Q)N`|O_@!F>8Fwi7Aj?v?tojM zjrGmSkbLAMQRxYkbG3bOjs>1#4k>LRA+(A42ObLs{+8#)F$#qVPQ{{=x*fNWej1ow zA=w46Z$#*{Y*lPLbpHx0Y9J;qk?A9@v)ycsu@8mdDjE7CH%1}8~SXa4;s(#WRLlod7PRO-j@x+u8RVZ}gK{c80 zv&)@a#OrG?B$45=1d1tHsI`x zcT!lT?5O?5x_s8KxUnR7Tp;WxjB_i^x{k_n*8QfOd;iGdIO{OI$=H}P9}PN(uZoCP zA{?Tmb->M$>~@;REEXJ<8laAvc6##U1A~J&8J3opIB29pnDc0mon+-k9Jx*4SRN zT@&NIESS}A%fXxa35|OrjW+IBazmulJrfMV|CoP6RAeYb6+~$a{MRj`Qc_yd5QFV_ z8j>Y<%NYPqjd?berWc`iRN4>Y6L6;ES5<_wRVHZ?FBrPKIJdLR$2{Or`M$tZnr=x? zNuuY*?Y`Pyn?>kH5-tsU`U=hH7aba?f(q_{C7_~(93=@f(a1=#!N$;nOhqs|-=>(a zr!Ze`#V6p=Wg3P$Lk{MeRA-eoN>{Ac^osQ~Eik+o;R`EeyT108 zK?;q9hFEO1E*7ZX{RAjj(jd?jcoqP6J z$O&p=z4mO_H!HS>DpvubN-zCl)YR=_bUbjD-)psAz69sLmoE!SI1t!+NGuYT&KF=u z?K#?VK!Mt!xaIfJUsDL6G?uWl7Fy;}AG!0DILz z#*0vXN(Gv(P@*zjowQn$$)qKDH(!Ks^H<25+4?34zUwHMNahv7-6K%~Pl>ztlYn;> z3u3EzdyYdsaK|w68mtU(a#4TOChz)tt(a}K(qrZFq;q`S#d=UjL zO-Q2~Q_4j$Ri0oTD9S=+V&*gLrfYXoLFq`)`9hFLQ3K=J<0#owm^L^Xs&fa{7Bs1< zCp)nVZAe8&M~aI65Yjj%fz2VqQOM@hSIS;MFp4_lFpn<$RCoySTgE0}rqfVKG&&mZ z?>ovD*UMffsLShcvg2ih06SzuOg}p6>mj*diGvR-P=w}NU2LMURjto{&VyI!R*c>$ z&A5HzJLMd=OA~lzya7tMSi!&G7v<#SkWe^m3i!j!hBhkM&>UUC+lw^ASZU`}*- z&q~;mQe$K!Z)G$A1qXzYD3ke&B}-kV2U3J1h^}3d0Q50NDs~(qc|p`cFJB9M%#fyNJ3*wvyQh`s%&tXhqY6}1r@vVbt4}Bu__eVKqfBH;QLas@7s8WEMg`p#?R;TC&}eDZ#doq!1V(&~+5kGq(^J z>0M6AaGF)|r0Qyon_jK)c)!Lq>}R)#56>(CIb#>#WHy`qM3>aw>!!-!kyZwmbOR(S zKUPgi6n4p6$<4q`Dd?z7LC0P|=TxZZ11LBObtEL2F6baeO>4=FMngxV4A27yH(Qb6 z-A~^;{JIgz?H)Fi@J8b!XBb@Y^3oy`6${`SzvXD+d7KDOGENhl%R{Lo!DM9v&hi0i z#*knO z%5GP~V<@zBdiLSs{X2B^`v3iSarOHA#Aay1#V}tf$58q5Z2;KHO{e#Yz4$5W0H|BA{5Vq874#?EDWC3n`!I z$YSCzA}twEp@fHofGp~keo*+dg&@-r)bp@2pRQC|F~d8<))*@Q!V7`}o$H7$3EG2f z;S}Tr@a>Yg-sXkLyB6?$9d|9jgS>zkO(hp6gd~k@$U;XczX5#Nrq`BbH2PI_GXN$F8hgE7jnZyG!e!TH`f$kKg2udSns%0f4#F8V zO?Eo!k88Bl4qI$WGa2nf!j?oVNa|>Vb^3NE|BrIw|DptBb>s5#uJU4m{BY_T6>C{Q zf7u;%!thKJf#-@tUEazA!j^GJaU?9;2u3KKrAo><&~4_#TWkmY?eWxKNUSl5$QLo$ zhmJl=X7jTtw9-PAZcwW3Jvi>sTXGGZJ2ld9KA~6($s?1nI061tf?T;e!6f&<2U?Mr zS9ZMyF2Ec2Jjn|OzzjoCoiq$!hAN0_0^e8>uBq{01jd6#%6B&{57!RpXz%^?^}dcC z9LpJ?y-XXwpXrH!a5;%d^O^&55Czle)72uHs!&J0BW(fEWJ%eRTnp2!CQzCX)p%Pw zB%y^+zcU!X(o_`zMRb7P@bzs`zjFu;0Y$&cVb3Zh8-zndoNQj)8KP zG!(C6^e|b}Nx?_XfYsbh4c0-^voVloLnD}mMvhVc*g-HA*QOwGe)>DOXgEgM4*DCE zS|Z|=zI+a*03@u+C|VaGD8mxCm1d#jqM~;Ye3HF-rL)86Grh0uM9`~_;kjZaK|jI% zB5RuORFaS^3~9fU&%0JaiuVG16_)-KMBFH>fgubc9m#(`;u^7lNUs0Zpk+53ytB%(2|3zFZ5{>{qmI^7`Nb_zn%;oHab9+D+}E>26*di%T*)~m zOBP*2L2DIyVh3$1Fby(~kwLu|bEX@!eicjnPEMe*%OVJ&Gef6AZH0rNNz?DzJZN|lhX)6B z9Hvupz#Q;l)AY2%LxmDmedi#60&hU%GL;0KIjPT8fcyKHMAr*C6KK@=k|)}B1`Uzj z@K7PUylK!qp`h^rmhJVs4_E(v`TpYFhkRao6-EMK4Dvfk%o!8%?8ZpN>?+^(G}4iG zVK&W%M!?}=&fT?`30Ysbtn{Ai)ca!CG+p%YNR8swvsSs<3rxMM=>=k~(>$3nP-b-v zIlbZG(K=^ds~M@Nx?9M!39D_o_1dtYO{g|~9L|TQsVa65-{6=Y>|hP)$MER5r28t@ zmQ{vWr32FpP^NaRGI6|8R{8qucxkp9P3=F!qmh~Fxog$RrIm5A+uRTxC}@0Jvb17= zVw&Ot?PGlw;)Kp930w!DSwe^@(jWyi(|1Fa=kP$OJYRo_<#~Sn_S&f#S5yS@ERldc z$W76tV=~#I21L$fU6%oTm3LTIEG<;2D&Oy>b*+beb-zDk5#pKoAag&-n7;pFQ>ZoQ z`kf4$W``V(>U`(4H1BXo4$oNflo&S6(mWg;=3M4%bu++ORxUHuCqe?Dymql{HbdXj zNF;a#Dv+3Qsw&gki8Q_JBPA|fo_~)hgv{~^pqgHrx-k#OgW7wUT^fVMmMoI9*SwmO zzS}OQDViK*XS%nJ2?eFxAkW@q8bk1gc==K?PA^}gPYN7b_o|35XqODDtkiMPrK9#= zkZ{@I3oZVznEJeXJNSG%{A|J7-OtQ{+93(zh4aNnU&>=<)YzXcSt4+Va4Hs-ls2e8BbJUQ^w`V`NB}4^@M0LzlOvKy=tTMj!&Yn)gY4VFJ!QD+M5~Tg{?jB$ zBWp(Dmid3Q73n?q1oJG|yV~tgZ8)L_wn#aCUoWu!@1i~gV*~BHc zsFuVa!xvceRYEFNTU~Jnt}}i?s?>sWu#8%(W(ELCw_l@v=C z_FgE?AcH9a^TvSpaU?g(Cq(;PZ)NRFza->99CAS)Lo5qNV;UP!7#P?P0DTK&ne{0)wQ&h9WjifH>^cnOiPdfF^>) zEM)W5bu5qRnbl(Oi5;k^T%(59fwEd?wnioU z23-i3TqKQB66|+uJ`gu`o9;yoVVR*-vCu_Mkz4dv$~+9#OKxtld31gHj+YhrCQ<$y zh9sJDg`sIm!;G71TETGGAMBd|s5R_Vsxm8W$T?&;w&~y|dmQTP+^*`sVEm4h&l9!D zqzpp?SUbc~1o^PkD>hSDtD_^f?xZwmQeYa*wYeO31nEQ@;3%Vd$YuF;k{@IoMQfHu zzEa0hp-#X+kBC@8=M;<-dSa%T&N6aKk}R9cr@l(xspb>1`QP_m^!uaUKA?3)QcOQ) zlwJ)kcEiZt7D`LV<22|DRb|rRcaBu4n;7Z|jXH8rH`YCKy4jd`N?(mQAs!bjMj@RM zf8~c#K6ipC28RtLsKH@>e_y$ZDk_o*5yp!Sq8W>Fp~DG4P6KQpV9lp_-x3;Cm}(-H zSt_-wDG5{(JD8)XEL3*MS0{rD90fQDoEKS=)~WIe))YBOBV)nIElVlStgSa-cTva` zwZ>V^Zat=nyM?!MasU{!0-IncqqNlZO4MphC$0eKtV&XWV7_Men(CJZN8@bw+}#21 zKC{rA_pby<&g25D4;1Z|aEjQSN{R9}sACz1#21iC2s}Ove3~Xz9US)*e13Mfm1`%{klkg8<9TAd#pvJ|BQJch8 zb~e!26wO6f)r^&DI)ZwDnUbP|F0?sTUnLG`81l3Mn>>XGYb7Z{u1(WV)`wy3iLTuN zr%lhqnRBra&$Tx+A$q0ysAdKBsL^T zSdv+vB~V4M*Cg+37h)HJG)G4?6w-bl_A~DafS@+8IzG z8Y5q*j1_jFPItxpZCQM&2`9`>l1}&wP?tpS7 z40HAL4N1!!zKnCajrO!>RGDK{u{Gr&i~)P-Wn{)=r{m1+#P(N)11M_b?QpyXG$u$R z`dgYsWEDypsY9X|Pf6D;uyfHc8JXAJyh5KiF;NCt*oP`blPLwaQ!b7ktXvdKM(Ke1=GDTg;6m)TQIPMv^zklk|ir;uRtd6rOR&@_+9VA#(TPPHlaD}95@`Vyro z2Mf1{!Rp!7+XDA?C)l0c2OkBpJEb`M&lS(y^B^qd<%Y6q+bhphzscqVfq;5AX_x z9W}2W=n^NYn#j5$^5m7hLC>?Ylu&2um(pzef8dUTq%8#FK9#T9~0dPXO(%-h~9+G#+!X_d3Kubxxu- z*Jj`nvk%%d-~J%Tw-2(4J^#83o0JYM!0Pxh!QPvBHuo3n7L*QPqvCVJ?O3X-ulQn7AhpK+IPS zMkT*AnA`&e`FaW7i>R6*}Y4ezmt^rUiqq!rc!jp^Ahv zc}%xlITdXh`FEwVOC)h4sYbC?d^so?fY+@x2sQ%UBZJGa6vSECbm?SWqoxuDxk*|Rc>`Kfxb(R zx6VJzZi>v7(Ev9CgQ{qopvR>__Bh>CE8N?28~@tW!l8|S5AHJpuol)T90wtK_6IU+{a6Ehe|~&wY4rf<2B-0+WP$syU)vXM`Bv5>Uv#0bFFNnH zsGzaEU$>v^zuDWtEFVm>w2r`P6&jT0OD!8M(%YM4K@4kBE^%X? zDJ^Xy)|J8mJ?}kux~t7CCu(L2d3sj_S;~nWr8Q3CH_4uJd1Vlz#%f~7KPAI zIm$$8I+hCgMNXCt;*LZgs|nWcLw>`6;P7_5hH-;{%!3OHHB?15MbC$mv-yW@Ck#ik zzZJR-q@x=7Z`FzGol~0juZx~+q6`H z@eXZS8t(y{g0Jrr_`1zGQ;(gx{NN33s(s>X{g*xXf#&V=?j9Y2Gg`zFS<1O=YM0_+ zUOEC2x38ruA^|>4yMJ%0biIB#=*F?=fm{XT^~{68B7NC9LHsBzkL#w=*kYS~dS-NPU7Bg^XqRSt5>tRH3P^vj7Tb?+m}cE5CgQYKIfk?-mzSB2BTh%<^U(^_ zihO(#8qNS)D8iw(5Y065WL>K)t?^^+yQ91#3YVZO496rd#5P3R+{=k2may-Tv*Ey8 zl^k@hyMEnIsyd{+y-D_YrEJQvu>W!hd7zcP)MWLQY~CXX^EQ>Hxsrh(^XcQl*chs2 ze1ZKyPKi$!mAr-h>2jVew5umy<61EPM^r_x_IJEYO!dWXi&oA} z_w85x1mFJ34V|gOix$c z#&1b$iVEz*aC22tk;>|(twq|tZ)yO)dT#gn?=~*1G$z{dr?;`$m^Rbbp!ER)oJpN) zXv&f_c;_1IeY_`a_AGFA^*;(@*QKhY4w?bikhkOh z?hvO%OVy>uVr+^n*qf{dbD@Pd#^o*+;NNYww!@ohn9pC>xdMRM=U(X_hm66|%{C+^ zDM0ic*r}Mak0CISQHwHDB5$P`t(zNWTr6k2z1lR+I=t2I+0JjexjsMWRW`eNrsj&L z7YX{|@FY91Puz4{dhQ=CtSS3JTT~}(GCV(Ef71!P|Em812>TKgPxtZ%>~9)~+NVI& zk44$QuBltcql2AgG&Rb$wM3|usxW;9jx9_yvK`*^9q!{hJd=%ZwULeDOoRruc98HeZx*S`t%E0RSf0Iq@SO+bEIyyS zZ6%k6^ayqyZt7fm{(3mZJea8%zTpHaZ*H;@_domMHeCw)djV9n!$?Sj^10xMv=7(`|>mEux@*Y!dW(ccGGHl9Y{N}qM zrZ!8Y$reK|=?*zfx%j1ziQvtK>foC<13ENOKvDKF5Avq$9Q(x1fhn&6HKUhYf+!%F zNatQ%H#+;_APSWp>nma>)?W~pE0+rij{kDS^#m<72H(b7eEDBNk;o+(HqK=E)$H6wjbDddzv zV>S^T4}>4^vW0fAngUq=RzqTp^$GE9T{P0q7zNEU%=QEES-PGep7pkB2s@_9FWB`( z`_jaWO=6z=u_{-elxlvo5-}xk^6VMEoK3Z{y%(JPbEiGU`t=Us(~Y7=L;=J|26 zvi~T+XXk~U)N+wkla(0D=2pro^qlt15v!l`&at5a^TyX-dfa2=_NE%;9xG|nfZG0E zixi`qDN zSDz_wHV3%JZsod>3!T`;22N$S75epKwzkCI+c?J>K3%2!2PiZJsq|cRTk3K4CL> zQ9vYydMi7nAxiFL;#i2zu>+1MDv^ollHfKGtL51<@xDjyNcd%Y+7Dm*HAx;YD+}V( zA}pyCW9h1NgwYo`=@PV=k_u3)Hcu6MlsiK%WeNym-u5F{B|6T4$KaND5n^K`%+#%y zxsOTf-QDH84JYw;p<(HlQVrR!uYHiuO5R4Ihq1)W0~c4uBpujo&EDce-_q2Y(+e;L z7QTY4)ZqN3&|#{Zx>#HyNlP24g5RxWelGwHqAaduxx(xL2RYtK>pzoHT!eK!MpO8W z(!lm!@5OO^uy?Sx_x#{xn;10yMsv%JRa~iC=G%q21}8p5CA;yPxK_)?Id!H>C@7-b z1e{hIDsSJd^?Es06!?6zno zGmJW#c7H$$S4TAq_l!7+96csQ#oQ4d{>BVy3Xziqa~SLXX@F?+frAdffiZsK(ZfDz zW`&N;R)h40)^%Lb2$9wZ@37Cu%>d`PvP8rW; zjP}Ek@Aen&{rmYZ)uj>3V{I6ek=ABQhROEw2jQc%X!v zvcR;c_RV=irBeYmAdl&QUU`g(JPSO!sVLruPteOT0)!)QqBw_&TPT~iz#HhKz&3P{ z?&DR~Iit`|c>ZI+R=^fDg;)2*1;L$+mzxC(U+%rx!GW{tcaV!^dr2djeL3)_1 zS3XYha0q{|4PP9nr{CE~`lcaRf~a-Yl>=TUWJl45CCSPrFqwE*Z&1}s8Pyg$nanJ| za30Yj=|5OJ&t&%9tF#1t`O+w_m$><)e$9NFD*w?|S(`*J65onO?;Am8PN_WIR#7Xv zt>B`bqhqhfZ_M*?!_C!&$6G$GX0=eD$Jr{jQ&Jt36KoKDUzY99(=p7%U1}~xVZNw9x!E*w8$7Y=(;@av&s`1MN!u;=a#Lbu zf7|-;=)V9#e?_yV|W-4ZHfC*=Tenp{A}Ih-=Z~rF+0G<*SHZ zL73^=eq#1T`*=R``wJrbcJ+a|Y{P+@MgtL%yEkgXpwuv%%<u$Rbrd%5-7=202r+qy@+MADFbHuF?_1v@&SaF4C*!^(DV zt3n+KGU1e&oZ8xkPEez1ib6B4napvot^rJMBCD(}l*2{b6c&+54co-;=GmP*Wmp-^ ztZ@z0jW9^e`-CBjqC#31Clo>!ZHidbzuEEJWNeaJUS%}|v;yRGTbsXWX}+sT>9Z^x z7ce5(F&Gg=9kPKYG#lqo&_9-h@L1d{S$)Qaqdxn_;wpCrVt}R z(m|ElOP)tjjKEZsnc>RskcL6}2QfH?RVfp?>2_8$%n#WcmyN?qq{S@0HDT*%IVT zHX=2%<{fZ<@?ma)t3N@UkIE(p?APJJ({M&H@bIc-!}}?s57A-6h?9$2jirXN^0CA> z1|>-dFtktDLN9gdy0`zZ?!9=`>R#v*MVdtyTmyGy2z}s9+`WfAd!L@o^vWlmUTZ}8 zQx7}u@Ai`CFO$8ID5@Cnp=cIcEgO6i)2x6f!Aa90rXvUgv$w#0%qkF4{=rwdEJYkI zmi3hs|JSE?@82Dry-VrM;6g!J^rSY!(_(TqJ0dbl0@!Y@ZY!W%=76`^_!!l;celVZ z!69foWf)h@ctXA-5+-@?P}qI!LR7op*Ld*`Bez2xb4@nrwa>j4j8Pj_FxeANpO z5DThrF-jI-C35{YIFDgLE;-1pM3$rVgKkSuAmDUjZx_TC%q54BurK1~APJ~ya(N?5 zwJ55qOA_*lUR7q(i&tt{Q{2s+X59G~c3Z>F_xn+LJO5&5P2xK!)HekZkXw5L7OkZl zn<0Y1oE%R=fc7aLS`c$_^ehaAm&EYI_BKnA#1;K)W8bJ2y6YRwvo9C2XIw^3V zY;apI$2i5^kvB%y{c>SO=ykH6v=syP%LM$INLC7Oy*t)P-}s}A2$6w$S#eDwV7V<+ zZrPa8h_a-l3y4sTOBux;B-~%rm|`^(S==zpq-mwxlp+=XHFc9 zo5!e4ypix`c|1qKy$sBKo2?Mbnmpfj^v%+203S9$!lhp4s*=RL%m~Kzbw$Fp0@so{ zX~aDev#iczV_D=L4kH*gg+`E6BZfH_56N|#c0>T2evKeg&d?dJV56n%A@&>;x+x~+ z0g$td)SFn6ZfxT^5|(TeL8OBm``*p%N5v4IY#YJuRw*GdWw92#Ng^Y>J|w-L1EHT7 z%lxgJ0*-*OaR#=?z#@)>2kTY9L^I8{D9$%&snbr{@zSN<3$iPa{Wlc!$z|+7#(7gX zU=LXP2<6JC%#5?}i{B6q*0(oZC(K++Xk+NhTyR%vSKL4#L;^unq2pH=%|eV-a0)N7 zD_pC3!hm`%G+<8V*g6lb5^Nnu@N+wHq5bPkHeZmk2wB-;p8W;Llip-F(rk-WD}8M`EmGx0x@< zhJpCn<)W6;;!A2-oN1dF%x3SLsnA#_!Cadc`k4Uru^~ze@YsPVUw{Nm+#!mzx!p8< zOEqmfmjPdsx%DI0l?5oj>F!e3yHFPe{WTW3=`d?SkAJWLe#lms`_UV>cCEjcRetJY z2?)wzJ~?$wu9+A(0GC(G04=pMl#@BLiW>EP6>{(&6=A5!m9FBzZq3o?I1UJU1 zVncc!UtKM)mSt9Vx}o`8@rI(WFov}`un3!4Ws{}|vL~pz!Mu^ZrdO zB0%FQv{TLh)#w_ zFP;9J=3g(lcvohVS<+7#K^VW3O4$N&z#@DwjX?%9rsbh6Np>V8O}3!jt2|Ip4`TYO+qZYD?v&BNo2^5g+{&@6XI+^F+@)>)3dwZ{5 zynz4i?d`SxyZ_?5=gSr+qMf2|KpOFW7$OahVmwbZrOhDl4iaifpe>e>v9T zf^$5u-Q2lxxrhw!E_6g!v{1^%Sc(SjeOIWsJI(&O+tg}l)Z>{_=1sK!4r|6BJ>bcL z`!SI*xqITpjgD&x{>MBvV;S>Ea$UCG8AV~{IrxvqE2IsCxywD#Mh7OY;96=~HHkPY z*s_3xx-s3aRU-W=Wj>a*Sy@j^`_D8h}nW&y0WPGuiw;cGY<17bH_Cs$72geVT}qX=G-r zxiSwXlSrpZp~}HIn3fg<@cMYB1pEx6$kId6%qP7FC7UYci?f%Sd4@w_^a)LANi>-b zqbN<&$V{9`Q}T>o+)PAoV{ma4P&_eOIuU5PoeJCH+=&=9M7#L(2yu(aZq2Tx&`S)| zk`S;wU^SSBc?kkE^dvgx21u|X)c+Ej_C;W4p152GG_Cl};^syS?Cf-IYv`?H2z&Pk zGiLkjIrBR8vTQJzWu{_XtD1WA4#+6k&^ttj;}$h)W)PN;dlsCRUKekfnLSnYxX5!^ z9TK%=sT9F+ID}cUB#Hp>lZ$-lcJ8v!wLV@&HtJB-spw+&-5 zor}Okri7P^N;MJVd_n0-rVAfB)7;`i(Lsj%#(CdK6rtBhRv-%&u#ys>mzHUW{R0KK z`g2Q&7hUxC-FkT+Sr}wfRCm|7_RIm2=RA$3Hn2ytW2~A+&1sGN{qN=oQMDL`!eRR# z9MODPx0IDH8@@t^vk%|sj)?#9k0_4gC|eYiQg$eA_M_{f$`9Ln#9TI+*?>1yw5D0XBWW}vN2nq^kDFHOV|Q035b5K5lLXGF!o z^QCU0THZ+XmIGrzU0fAaRtCPbo;3qyAEnH0NQ&s*I+a#uFHke~fi#G0=VGd zq>9+_LW69#0snA3WFA%V}oPu)}ZiaBE7fm6jGrI4VDZR9<(hN99&YN zQnLq!!<~q?5?S@l5d{5ATl&yn)L3jF3QRt97kh6oY81jknN#i9CtT3t3YI0g@DL-- zQ`*d9gL92%-`gMJaW=VTEQD$zwFLt=Rwb%{K_)a5wDLNhOFfICGw(0yk@cMzGZ|57 zm-B3dbd%H+Gy@)Es$u^N_~J54lF%qnOGYAB)ziiW{mnzX#P>#t^rR}9V@}dY^(f+X z1J)(A2mR6F63DqO!PnZpQA~@f(6c0pyeKrO2AD>Q-rRtqAIo4-eP(^iSw=cii0o`e zVU}rsn_|{$Qd>A&3f-pk9V$CPZ*CUpxuU`xbM10Lo=$BB$SbfwR73Bj*g^1lA|sFc zvQd;H5Q^W-YPGzY*>O+IyT+C?xi)z_G z9Oi@=*1Ueg)0a>U7j{xjr*&@ z{K4|4Hv|}r9fniZSk|gaAnU6%mUFe@!7wJ~w5ak?)HO8GjYHZ$5)_3V9p^s_9b&}7 z7jDtGpE-9L=GsNkkpt1jm41-C9{K8f;iouS*U3Th+GR|6K7+_5ZGsoiA}5#)0`s^r zKEqif);U5%fS4ODvl|K1XD%`w7h2Sri_@4R>b5RyIerpFe+Ig~6*z%t8WPPv_v7%s zbazrv_77fu_cDpjg8`u8T{OyvTY~?yiq6aDRLevzPaK0;wphpt@xjgC_Kn!-HKU4M zqxaa+884fNy+srT2YNw~7gGq4H}+bOMV{SZc$@&K4_y=?drd1tU`i}uMry6fB||ed zUN4G((>!w`(sikGcBD9^>}d8K7`}7N9KJ4{v(Bnq&C3<-^u)^)S-+{O_ypCMnQm(> zRR!@skEQ6`cWdGFvLYwy<1vn6-*ZOiG#60DsNIf(7if%uk6JBHEoMsPbUES!zrB%89I; zxrUIo6IoY~Lx&>r+C5{G5Gt_J;5LD|iOZc!2QKJ}iMW=ljm8*E`s~&Ii&xpc%%8tG zn7n@V`uXJf-uPf&KA+0zo4uF$>sRBw{2+hT^A>i!0ebR&|M`pf{r-#RfKUT-k$e(k ziA#hAiD~bd2Lp$p3XO$CYFS*)X!(iT_!siEkHUS{wg6I5>EIaL|tbeYf}gf8u}t zjE_|=RP7g)M;ATcJ`%)o$5^oDL^o57QsM`)V!VoUDutLDCHm;}gm`*EF`Q%zWO^u= z*)!wR&8(ixibhVFWsN6-wQa^qHM*&@1=hY}e)W8zDo7P1gbd2Qg}$pwWYI;t_lLW? z0m<)<&El~eZ**anw;L?-f$fMzHo4BOBz1)nz0TkNueYE67x*B?nVv;6c3y}q&#`iF zu#DQf7}c~W@@;sy8~mgqwiOg{mCYqbC&YOx{~XeOE>3F+mXt1_-%l3)-#g}t6MVw2 z+fV3O@a^ZSu-`8$|Cb++{>wBp&Hjq_w{nhu-G0)-wu7rYW8fnn-A^1aSWM^n4y4py zyd~YrTtold0k5I?jdHl$&E~2xd>Okh?e(ASDcUVmGMxkJ>1HM!DWm-v+kjSjikw0W zB$)Ic7qU8=6;so2x4AgH18O(SO48;I>iMT7)|=7<`*r(Cjo-xd4P6&z8eyjBuiH;T zoGkpB?l?mL5yor=(}ik9#NKkU&pd;0Dc4~?8N)iU4xB_MVVC+o*qVaa3stnFB)_jf!TllPHjTKWe7pVVeSaA;Kg_8${?+`yj znMwbBG1j2)+L3d053ciMMmCzhmG zqlS0r5Jk^j$v)E4&K-(2r<71%n=7cqTd=Y2=F z2&C$2D1EY>Gjb851pT`G#BBJox{2wV@LH@PdDp!Ie`wtoi;JJ&L@q<&@R%+iDN(%t zSee>)$}de#fwj)_%ug7Vb3N*w={-}ygRTwx7mJIJH|CAY+h4bzDEcS;vQ``MJe;762JZ~nkOW-?p?CvqkKm zucqjl2XfMVib&;w}hkhOh7ROt`IS>+1-$kRGQD4Jyr{xmOH5gl!0 zBH9WpqvGjC)r40@7Eu(PJ0HHe?(kn_+F4@^M6%}CF1ewy&2!5=Flk&z_wZi)YUcf$D`|S!l_j&5bb- zqXb~jjj9;dsb3i zdkB9{PCn1WXR~z=EfQ6?eilKYpn?`^<~+w}3T4|~S+yU$q-3+KpTpYRbe1)R#w;$; z+$s?qzG5s(b<1qJ4?23O^zWj3>VBfbbo1lZ$hnOUf~?#T7g{zV6RC5u_to|B8SA0( zBlsi-VfAt$Ycy*UaXy1UF_xZUEvCzXuccWAvf}N5Q2u9G6A5u!=oyc*Ioly=$7QUK zC8BI#G|xU;Hp@j4MIWn)blzu-Fl*V2D2nOl`}uoLK#<#72oUj(Ix0`+gkPtyneLdq z6D)UFk&Xv+mLYbZyOl!+6I?W1r%n`coIVq?;%Zi|oHb*5w7OOvd^ zWMfRZh#=*nTF%Fqi0NWxx7kXM1QHw;=-Go<^HR%rg1gL7S(=S%TvVBd2#VN7d%AqosiE>B-Y4IA3}Lwe;^*2vpz6)UY-i)8mGcpY4e|HYbnGnCGo;09YEHBBmPkk* zd*<>=RD|2$^M*GwahV~mJ{<v$gLYt# z7!GliD?CszODZml8<|Ib(<5=~o$N@i3r_h~gJ$+JMiFd{uy~!x^8}{U1A|9V^mb{X zD0ve~+c-@rZ&Qm->sa>aXDoo38kS5DR!CnK5YvA&N?ggtJ%CfSRON(43)5^~#-azW z{HgP#W3GRA+QChxq1ZALZYvUEQ5W;9Ug0G+$Z*!*K+mJRvXAu_ zbDfuH1>t;{?PgX>86K#UF2ydyzWf^JMb)8~(`&%B}KApLk*l(`nm zg@8G|U=TNN$b$hJFRQ#nFpLanL(RqRDTsc?yk?mex3Vn55er4yVBk7bbC# znFht#96DtZ<`E%~ArnEnZ9Lbr&+;w2D0{JP1m z(#Yo*rpz$}F#(aO>2PZBgV{I%OC2&GA01K&%@@%Z_xB9AvGh?zO-Gws#RlymylS3z zrn|?V-fDi=J@_y-=^p$VFl?lGr7dr6T%i_vbb6u_Z|cB2yspf&$u!Tojxo$nYRzw` zir2LMdNu|wwGK82+8(+cBJVYKi5PC7SN@P>VhRk#7cJ;d{gsY+NmfO$=LG%q+93&yEN>C5-Aqs< za|E$QuKBB4Ef+dc(?D!0S)#%2<_kPGOFXY|?0_T3Bz}Gp_ZXXDjQz#&JLf(iT4_dQ7X(6(Mr|y6O5VvgWawKxD6=d{jK0K(LD;Cj)MNNa(Dr zc&H_je?S|9_w1KryAVea{AqSe_Z?o+l-m0W7OeT2wkU5Y8#P8nDLU&$gfwcd1z1Ny zy&lmPVE#b~U*?}kXqk?n3KRdx7DdWc8w_k4us_%mNCe=4a<@!tfc@o4j9OY!xGW-Q z4+KD`#ZBfR>IRtWgq^IHl}3(Y4@FZf5l1-kzr)(ERQyGajh?O;gMgaTG?xa~W#nGW zVYHuEt`J=Jet1y(6dpVZRDb&6=;wDL4tTwc0SCS|pRRXNOL_pfH+n8my5TGET_(|i zlghkivylYS&9j1N=QffP1Per6DSSC~8Rk@dNg6?Af_EbpN}`TFtm@skW>l8m))7{+RPvS}lG!*T9yUC=BLMah-6?2MD`=Tl*1-u%ADK3oN`QF)b~Xm? z+oCknGGix*nV(QlNZYxd0Xia;7%Tq!^mPzQL{n3)~~pU z`f2gZV#Sg~Iv5?(Fy(nv9F2}T^7&8G!Q*VfZP-n-l~{Ln1dUTPHJJPDlmd=cVy-ak zNAZ+;90%)Q3Xi~~V*JWFHNvJaZ*YUAP~~bhW!*Sya+TYTTp|Xt9Sw#n)Orat3YJ@? z2#|)oQoys#^=EhFIdq#Oh9v0+?xzSLj?vqLsF1`U?v5?)Zm zG@OW4NeyN*mjlQdAK4CZ;t){#qfi5+Y;h#Xr~ltkZ5 z4qv}`@gg1WqtbL8U2suZ^}&T)GLFdr~37z zFqJHrDx^PfGO-x!VkXC zKGlihA?z4}iu)+qWCWU1rFWCiHh|?q*9<>F!C_WCGaWdfq7bsmg06WBnRC4SNFFL_ z!GVH%m{%`BZXSEoU3i8<gq4ymQs7`CxVsSP~#!aeuis+!h7+oTsv zQkwwgO*4~`uM@D|zlzAlyj|&fh&Tf}5Nz)kj3E_y4M1U(oW*jZ`r zqGS;>e}gsrq&E-QqD1-STT%3TblP#6g`TNfEoSPLv!gI(>a7m6Vrb|t=S`^(NdZig z==Y#xLzW4)r>5;|7uQ7!_#ohPC%OF^EWY=V>7!hVgEMcp=K;GrQRMdska*7DpP`*$ z>(h@`i9cWC`r1)lt@}9l-RDP&e)R5pIVq?t3UtaFL5xDihH)dtX$>Hy|`BFInpQiwQ z%M8Kd`Rf<;{*L(XNQn4auGF#-yUl#DORq99O~jpVCv}6jadwaT80A(ssd&rd41(96WRm_#-k}U5}`F<-?w|`L5kj2%INjMdF8wN0giv8h%5>&@U|?HU4dQa(S&(CPz5^j0F-iy?9h(a z0NtF4I0-BkFZPcQpd!D+DDDms_L;Aj)y-ifM6F7B$X&UFu0(>L3RCq^?8;`ci|ykg z44U0-N^M5Eb=&2&Ty1o#eH%Y6YqMssH>Oo9 zyrH9Z&2U%)v8h3!ZpwBB1^r;ni&G#tf4#T&GE9%~zK`gE{rL`_l84F8umf8LC2saetSylp2dCC zQPF5YW}j%X`U(x7Ybh5lr=rOkKniyyG01h9XAL6{cWfFQgd6O1%dR}6t=b+mY$}4n zV zGv1zQ6z)zSm)Q!^(5YtKTwVqjt}NogbmnNPrqk5Z+{^=`rlzgm&eir)iz>%IZUO6w z7(;d;O#-bgeBM$6c-XYSz+#Wa@0AtkrY->Z$JG~j0SbRB2syO23xaQ}R1-n$NLBVd zimY1QW-APJIcwZfj~SEvMisfo{^KC>xqgv@&PH2%?9L4`5A7zs+q-#rc5iQGQ2z^d zdm+kYcByrF3G+kdm)@*+i~#=WWe+nlZg`bBOm0>KaLFe6W|Ht%ppPBWX3ovqz4KC5 zIq(o}{0w{R+K0UoPukf{_%eN3bm3E@XE`8rc95FA!BMH#)t;5x?<3nu@lTMwhEg#rnb(A$tHknC_ z>js!>!Cp18o@scWo_CrzzLaokku^Y;3lI@bJV*;S2ZIHxqko`lHr;i)_pUSU(}*W6 z=PwN)WrRScR6SC9x_3E^b#Yb6Jk;EQR5l|9EpuR>zdwrzM1Wz!2quc4R2RN6=ca)Ft(^orfw^mCIO90A(FFsoeGb>G)Dohp79HLz)*jg?i2uY9OUG=N z^#~)~{$M150@V&Lj0Cf7BDVyz5?OA(pdtJbfrEn|=p~=f@4-rMW-`JXA*P=QJICn- zU@(k3;1XmKZJqAqT- zM*dN*$fvNNgOatZai)=M0_F#ZK598^TiKsPKn(vpIz7Qo`5x4{S>wFzj?DhPkiZuR zXwkH;f-D-}UT(R7?QRQdqlIG5=5{iZ>_y$DMRFEbh~pDQ@3Oiq{OWg5sV#)r_U{go zy&X%sd;IBbZ%H*9F_9NO$h26PCc^v)%A&5b0*WYZm3dHE%IZoYoB7YJ zPgT>hV9z|tz}}QFk=c`p}u7{LD7}OH;jOQvjeBB8AC`bf(S@sHp#1%D0I}W#hxo%ppZFv zW`=Ru$!#Nj370DlTIkxR6Ui^;F_%%Dld-RErMNV+r@AUvmtGAJyj64W*eF8F1*Exn zlN2X#uMl%0nm+R}wOHsoWo+&dJ`g^Ex%^NWycY z^Hgk?M*g~$f6K3iqyG-kZ(v}NjRG_`L1=$2evXgq4lCvS;C@{+Pqkwu#{&>y?;XBL zuI5=$p>Gh)K3jxSDs?UMc)5ry-Ze~`yrOtQjdoVs+@x;xzlCW1Td+>QaHRX2-C&rz z0EYwlVcw8TdZ)1s=6Z#9kyi@g?n34_K%+p`bQ=9ki!J8Ba93|7!oJ05Y?HQN0w9MH zr<)rMyTEh2R99DppEliDZ=EGVPk#I=iQxS_e3igollC%+{2b=t_qPtJGKx+r=MORG zUUzh{UbE#t+3Yp?s;3!_Jm>apmxGJ52GXywtMe&dN%ciy7IVf`~KM&_07f`ex`qP zihK6-VJO-5Yru%Pk1orj*i|7qBY{m)mlOm$A0uFyj55EOIHk*=f{r*&f z#ee2b=WRn51*w_P9Ae*jZ6)Hp5ezHPKon=qbDlO)wl*qsH#nrX?%aTfeXvhSF{_s8 zx4o`_L6ud&rXo;A-*;`%IjouM5`t<~23drDC^!2rZI>UAtH&Jua*z>^p&G&R8AVo=a>o_bp=D*~ zk6A+Kdgx37fOioAd8<)vA)FsR7EEL_q!*bes^Q}6d10@)^^SCL$Euq^zM$2k3f8F=G7kk>C9r%P~op5aB7rTsGNbE z+LxKF0Qk3wDY}(qo89Upn`eJh6{gBxTU0i)8(uAoT<&s{F*XUz5T?mw*33)ZJNn__ z%?5&J5C_bBg(3i=VQcsz0B}H$zf5BNHkq(HWdExgDLX@?3hY4(h(3z$95#R${M?DR zQcvmv4xZu59{e%wBBn&}ZFDE%dp}~6iyramZx@7W1D5pm2y=POmEUln#2sc4r=l}b z7A|Go&7M%~7X3CtJx^Yy?QgA6ayrGR;F+A?wCC5IIFs|NYKnxI%oS3OFoYFU;&bE=krK5-0Y+0e~F6_y~1?h_ubYnfq%EFak zrjDQx4nil?etSltPz?99wnrzNxq-(b-vfssmUtAI558#OFYjqL{rf*UQW>FSb+hh9 zy!psE2QIp0X8!Ik8>muM^%b6|4!Oq5quAkgd!H8F2}@M5PACG`dDmO^%t}%E$B!R= zx=h8Qmeb99+$MoPC908wuqBk+yC=@_q?Ol7UnlG_=PF^>=p2 zCxvbbWi(FIf42_B7Ff7jZ7Khv#z%dE2Fo#9C-B3B9o{26p~gtK49<-3=8v511Flev z;|^W@ErjYYa`)YQ28gO14s%SdC>R&e%MI^iC+`z#V3IkZ29+#63>m4^%Hcq)l^Dy3 znjrR|!h@DnEOt|4Ux3N%z`plj9lX-mc ztrePKU8W0i+jH~TqJRpG41h=$9jso95cg1_$k7#i8{PGRK%288y!iu_T=c?c^W3*- zyKqLYEE@z`){wl$%mPrH>aI)fM4Aps)9uQijosKPbS_HimK!u8wmtCacD*hal;0s! zdz-}q#>Qhq?-Guo%YlLI0hH;P51mGZz?p*#Bkv{O62L`8+d+}|NKh6cTx63Eq2Q$j z3FZn=>@ShaOxz)^6X0#elq1YMZYQ0M00or0iEPD90YEfW4!?0dk^3!S>lCAt&~T1U z?_!GZ!N4ob;7gEwTjj+~kuL$~1N(jmub_=!j>3AEx1i3W2*ItW-WuID4u+gE^1!96 zrialp&Pg@@TIP#W`v+#Intw4O7F>+!s_viJqJY0RbJhE|tzm#KF-(_65&uh2_O#6s z1MiwSU6+)f6k>-Y;&TN6ArKa{S)?J22V;;p+;E%-bOjfM`)o$+DF+DoeTTwI1FOC9uBQ|dGVAf704dA!UFuc{yqwyzM$Jk)x>8SvH24F`huEOnA>_ZF#Z z3vP1${tOC20Epi6;hE zlq=>%nGwDjj1`!ERK{4iN=DU1=naN3;(9JOkL~cA>Gk>Tsn7v;q1g6Zy>{qV(hh$# zFTTiJoFAX=n!DetEdL=Z&2dv(FYXS!xJ$nM(tmY`Ws{CXYG%hMQnih`Sg3BzTr_T~ zlq*C%41`VoEq!kIQ*^h9his#Z9`RYzt~okAM8V;{9plE(uC{~saQ4fw*oN)Uo zLpGCSXU&)m|3s4c;D)^|0G_|pKvG7v8aBB1_|K-2d1btv7VN1Av)%dNK+@k_vY?c> z)q;(He^c2um8{}GPfrUU%RKX&A(1EPeJUoaKsrYUa|~T@(;tiv!%Jom_aG)-~w2?0*tJ`v1G%W#+qH@YvkHkvf-sU zv^Kv^tj#4GUYbK|^PeRd*OSqUI|n!g6xDM-={2v_hRW4)GPCZTwexo)$=0m?-*VU3 zGCS76R(tcXlC2i&mj9i&e(ln8u-uX;_zrE3z{r+Mo{mDbb4|O$Kapfy40*bVWcOVB zfX@b!m0lMCFtOc2_X2N@1p{QMhrsXhO(jFZkx!T}#x0Kk=-=Ue=zF`33>Yc>{?A^?d^}U|dvXhBl!)EA z0BRzrgbDMp*ja`=Miu|vv*aH#W?cN-X@MU%aKR%#cOu=|T0hTNvPIU+dRwqw!>pMl z-$pEyY`0&qUdhh8CsiofIi5}ks-B+A7p1g_8)uZcn~p^K?n_3M<>@Ize7m8e!P|S^ zW^XpbSy>=1EnX1@!$(w3g9)e%iZK$Y=?A&#xJ#)Y_uXLEV9A1L)#YELb>O{2Yxn?Y+$UqlHGIRx0DQn zJ&5zoj|UWo=wrahM!_6UwWhd7HdZ%;<3KS5t87>oyLT5v)1Ajz+{ha78lWyTI+;Sr zzgbTR2M(4nT$)U>AAtT1H=@qZ!TPI-!n+IQ1&T*V#?>eW0azp2$rOn>Y}4xmgoi-M z$fA}Lnac{wF4jAEe=Eu4^LAESWho; z`}Ez_P-a0=%-7a$ra95S2N2Bq6W2o>i;@W}Nzn_!|#y-|bT?sMm7 z;SXN4Srv?H^R1d(OHPYyW2*Vq=|B5(M|4%|m|8cjuW@buLX|AEulyVI(~6cpPxc0U zO7^17DtBC)_jlK3?QlVlDXrmx~oyeB}G9t~|$7N)Hw^4R^eKX>Bd*ZVJm za-9HZW__FQyZAFuO9Y@Ze{%RZ{sqNU$oZoAHr2|*qHWmSETUwQr?4M>5 zc_9O88_@m;DwSIkx7gfo(z!m-HnfO3-JNDdxvXVRS=OESgSr*Vs+JRVRTY1exsY|O zYV8Q0Tz46`A6ya0`<;vJldDSA5R?2dE6Q(oCfx~Y`N7>?tnnp+Q=8N1dkh4KppYYo z0+^lm{hKW8JMnt&_1=9K^>sJPbLhoTclr0P>G23F6dSRZ!2iBMcQ?7Hx4VOLnyq zAS?^pd1QAtG!fQz*NcS(=@6zL=kL!r9>y=)jstJYe(dZw{d}9Z>xCduXMXpy;LzRi zkr?BTnA^tDWUlO`<4OKg2IBGEwHm^iECCtFYx5}2MfZ0~&!ChQ`_B$D0sH&*Vf^c`Jp-8@n`H6o|~6KGh6c8iMa38a}@Ta=agk{XMe^ zP2=A(+ib(`c0owjv`Lj%7RNJ~NNeU1Z#XyiJmJxw$9EUeH~ZTRx{DV+w$HS-sAUaqH_s_U2rgE~HlrjcgX!nWv zPmBt19m_9rvP6z*Glm{8;zH%(PCUO~Su))vzU8-t2AuuXM#Xy}<`JhF<=lqYZjp>> zsQtcZKZ|Qdf4#WMFZth(+Q2qG_&eQY{R1*-juyq4%^bfIKY47%9#ata7d$QFjOw91 z3LO09|DZw0!p^(%((@_d-?TyzlDsn_|I{wui8T2{oI}>9(1*gdQFpn`^A_{yze7(+ zw5|J-UrcweRaMDJb6=6L@K&_Yt7~U?S6bN- zZNtgT-K|j)5ai_TK%2c{Kh(Da2^2jyZ}Bac(b3+;#yuo`sZ)_F^46}krv=^RYQ~HP zZ8oZ(a9h%XS%t={zF1dL*%6wn{PF#NkQr_^Vm}l0zKWrNjAg4x+LYK3S{s6xV7^+9 zLqOlzV(0p&b=L@S8u(YJ&CkSx9{2fKG$d$;ZkBs`_|0bXS9MqSE?r|d^e(~OYq=7O ztf>7Y<6==x*dIG>76zGm~*!`HAUw%JT;9C0X5AsF>(SNXVS1`2yJ1m~a4qOT(}`q!U_l zRt;G0hyvs{I1&rgziXN0PJ8R_bWe435k7(Ihgy)??r2({BE<-$&c8D$i`Yiwc6Sng z5NyQW4MjBYgNIa}2gvgj^rD@YtnXh@=?Y6Y457&%=m8=K_`xU?t)L%?GQ zuJ@@)^bWE1JqLXrJz7#I~0sj=@ z{Qo@^Tkn>&TFBiWWL*~37P5%D7to%m-g_9z1Gza!-T~sJn$RQ*OQ`SOGn6buS>@GwcrFyON0KN)oDT;=Ymp$va^@KZvaDR9i%RB9jN6@r)|uhv z+UHO2btJ^L)k0hn_)MuBGNMv1M+lITkKX=#^5OFHr}t^^N;kXVSM?uoQ}643zN)f0 zMVU$kL5Q9n6LSx5Oq7=?b01PqxMlXZkpKw8p^*UYJ1_U%IUCp)H7&C%O`w{}Oj9D% zHHV<8b1G`3k&A@4A2kZ7eGko3;*Ey8&o`2O)!pcqF%l5v?EqWPrmnfvO@UD)+R;U; z`;yLJMkcLXm9mp4blnjPYv{s5ZlZvcrO{(SlN!`bE8`KP1v zcR&3(-ASU8hA=R+c+PK$wr$|9!oXX$LP2@Sx`7GCdws(E6>2sFs`xJ2-!a^Qu5 z*LWz>h05b%5mSSV?gWvvWWI6{wM5@c7-J?z-qC~(tJFMop>lqr^N+$a?|WqMl!eOI zJ*8NrV%u7=wM0h-(>(dwNKt{3vO_Y}@@i>L>yuMAc2V>vM-SZ9f^bSY4MZ2Yr!evi zKMLxLskUmUkQk}3uO-r2Tf!k^xRFWpC!1-SH6xK#D^*ExJ5$JEN$4{{p(`W^6(C!H zutF=z9@{;;eS%fqp<2cZ-ZVH07Dq3MQFq^3v|=kH3t zhv;w>XNw}fmMdd2B7t6JtjY~IsNZV3Ox+Xl%AHWX@z!N3!0UR0lCmap0o^gHo$Q5Ey$TvW^XSk?qM z1J`(9TJpAB5zcjv)ESO?7r6ttSb=~v3dGW(%I!&=X`|ea5R$tg1)2{xnLARlWV1nT zF~@uTq1=b?f`?~6v>vdLP?j&T^M){2&+;>hAvVPazxg4afso{{FFxfUw%qfdYLO;g z5_M4A6P%*8WB~I*BgVA$f?Aud5s!JWB^0d@?*aw{9~V__DQ-y!<@g=Hex!ynihir~ zp^ZjrDDUUDO7huAC{jC*hz6Db@I@E$ny#>q_NMwSEeA$23>nZnukZdXt|b(NlFYx( zg744OH2@CSnHK&m8u;DbOwqW2S^6P!swI?Nh+&wtHC!WLCB-8dG;zxJbT())6{Vau zVq9j`bqFxi7dW_Qq`bW8{w(VD>wMtnPW=5J_X^cW-5YkaFUn#Pnn9D=Kgp-$qlBc0 zEno^ZSF8=848Oh}ez@+}cD z{LSbNWxP;%%mT^XC)Q;>E@ey)i&=u5H4IsPry2lDK0f{Y*>U%u%6cNJCcA=UF}Of@ z-=Qi;8yk0$*!iKlJ`o?Qa)kk|VrtF#4t0o6p16B+K&WWJcVpRP2dU}H>%FvRp2(&y zCOwGk{DZC1_hp4*LKKReau$1PbCJRcAjO3jLiu&u`(p=FZWnph$TRZY4a`EkNU(>G zfDIq1(0T0+O@s|F0`6E-`^Go`!>YjsmHZ^sH?P)T1LV|Xb+cToLl+>S=*n-0Ah2$v zD4TfQ&8LjJM&^^d>1ztmkbSF7y|rPo^}lbDwI0Z_hJ9x`HFn&3RG1Gcm%9s<^VP*S z$@3qc0*zXzQeCai7G{MWtIF&hMUZ5F$NqmYQ?~-x?EwK2?qG&5-lMa*nZs1&NzUtm z9;^o#>y+iRZw7!df(a#-bCGFXTvfl#Ug!4F!6NifUv;RiU%Lh0iN4i>yn^{XCGmqo z0YRD>v`2o{3ibXT_|`k|z72i*wenEA!$;Mb?uV znNSOrzb$mV1RwYh%lt}qj7DoPo_4Q&B%vp@J7k;n2{q5Ye6Fll6NnQiUqF+qqiv?a zHt$Eimfro_Mb*eFb0Hx2kX{cK!^^$@yRY7&SE!;ovQ3JvP<_HM_22!nZ1(!jJQK#;G=#2SVu{M?nyolkQ$EqwH z{N%-HM-*m<+)PtMhG3(b#hTiQ>ANSlv#f~=9cOXR&t_R5=xw3Q*KKx*Ky$^l6!S#tpK02;MZe(BYjT)d!tu^pe&$8f3-AJw*VXM@tM7pgBnw5d>M zEt*^*0(jt`RaG>q?)4A0z2I~$h;&-3xol=~sl~^IQ6>h}?cR|Z*uh#tL4wCk$Q^Sh z&L(xXK*FBx&yW7xiS+rN?mK{5LiL4h0dJ?qT+iMid$dr!-*$!S<2<-)3-OJJ5r!vv zODOd3h5CF)sJ@GSOQB|}Qg!Qb9ijRz`YnY*m*FP~ZwP3IdxYw{=$i^9zch7b@#}_4 z^4;(5u!azm%pVUgFubFKP-k>>4BgDXe?y7Z3T5^HOYS#x^C!6|0Y+@=T2)tD=B%>@ zB5Wcf0gT;SpWeNHcXamd!_m+0V!!1rKfE4Xg$)j$&C_LB-Xo)9C)89!(G;}|C8T_x zhYs3+Q1B){5<$Yy&2-{;c;?ry^;hM(h&6BW*|QI-k%!NoaWZknB@!a-kMcuwY+O_@ z$x3xgaQ<3si{FX;y@MA!9Oj>AD`Re$vCX9}YMBd#8Bg1I$Ll>%Xp%}myFRm%}{IHf$io7CrYfP`j`05TKvY(ZMF zOUa6GM4-Q#6Pa7BP~Lu6j5IgrJMwbE$$DQkovdyS2ln14Ku;=8e-evK>swXlm~@?S zWvW+MgEe=HtIH*93#N7Z72nN;dHA+}tkv9pBdEzg%GD=1^}ZIuye_{%`j}JhP%M;g zu4*XFG2dMk)t5`N6lHz6sMQ3L-4Dgq0Zru}0T8xTX3A!)$GXS$YLl6qz*ZhzbgvS* z@=?Cpb)r-W8r-szMA7fXvuEeU;@Pu9@nhR#!EGD zFlsDVpyj$KmsdsAdKs-{`x{i0wn|5{MR5s9SUeAV=IhXOg~Se9eQ#D>Jj~%XGzXMTM#GP%wcj!h4b4V3?P& zRtO$rT=(zH;l8K~ErV=$^9GETeN)I=ss;A0wDq(wte(aj?hln}gi#935o7fgZ0zGg zRx$D}C*s^wIowl5B5Qm<{U|bn%}Qpj!U2Lx(lgnZ6Pa7+sXj5|*e%;lqF8*!EE3=0 zM5<8M87X9^Fb~X{LQj#trMXq+NQJS{g?XoAS*lx5TfBSU6E+E!)OkM;HOeP>Rp_Q( zndY~VkvJ=N#04a2ij>ci{xZs6x1ZGGY_j9IbIj%~AeXwxN}-o#^T6r}aXy1{)4V2n zqxlH8v%(lI6E&a9DyLK+bFSg4fx1#XzX*`28ojh79dQS{qWSLsDtEJ?x&cM?Ts%4LrN09G+K7KhQH!(~utab+wD-04}M$Rm+T+?+-F zz@qXeqIoIsrshgF!d+|0Q=;&JvUL9oT`cHaZ6xLameNcXe{s`Ymv|DT(X!IA zNyJG-i2r78sH$AS1Lg(be=NsT^6l7W_yn-k57E1WXYBVnnuT$1!f+@Vn3QCuA zT`?2XT#zeRUvOO}CTg+bswT}S9cbZB8XWpFOsY#nxJ-&>M8jB?b`#VM%sWVt&d8O7 zr@}bXv*>y`mXoIBoq&{9ILnF&Xq2%xnHV%Fj*XHVn|<+n`tJK=mwWyfttvc0Jh#7P z#cc1cBR1>(Dc*i_I3X!*-qZGhVV0XOv@L$2CbfB>b7>b9dM|LEnl-236ooPu^oYRm z-8;!?@2zR?rGm@uoVQcrAUS|(DQT`O2?@HmF(ch+uF4}fi5APUq;4hR*)y6+OI%WB z5moY5)G7OZK>I&`s93`49$G9m+i)B5TWzK=% zI+=(g*tSb`b%mOT6Q!0-UC0}%iaa_!G4Cz{qv*eX2j7`v!n~CK{=N9`--~y7(TLMp znaO1S2G9<XeySggbg>gT!U2htZC$YVRVfM*5ZWpG1JvC;8t`Lg=JM1*B~GQRtT^L zfr8t^;qX*HoroXgBs04Qaoq&P>ri%UObyGdeR;JkE|+zgjw0_1W1GR3#QbajfB_DE z#&66`Go_mpii{)wYbLHudsUB?ZX%+(`EtZDBgSB;QSx zHQ_st%*8bLpp;fPF*0<#!h3{qI{x_SOw44KL$%_WMBVw~6x{+V@rg05LX!Pq4~Sda z>T&1Q6t%yAE*T;WeVyhW9c$d_7a%H>SZ45;*PJ4v>ED2YNHw z+q!)t_H2j(XNmn5Hu{q(x%Gz_K?}60wFQMhLzu=vi(6TiBQah@XdHm&+#5Y~?7-_Q z8r|=q^2VYUYfO@(sNE`!MAut19|qbo{zC39R}My!V{c<38~jn=#H!~*J63RUeIOMN%Xb5JvAA8286umR1s zr&(tF`Ws^t=?0DoJd>gQ$cn7_CA%xOQ`#(2G4@b6%nkqxd<^(9(Elj4x22sOpbIHs z_JkeJXz{!cA^m4Pf^)urn75g;{{Dc$2XMr|-q4-6krjp94@HxRPjar%mEdn-_DaxC z>7e!|eB_VIyQHkP64TaS(1n3VcywXa z9B!Dr!jGSJ%VuV50xFGT`F0Wn!SSM0H$~R=JD3wV)KWMb6^u{Nk4VWJMdSoxl;Nxr zfB5<6m>drNP(0NinPiP{x*4^9Y1+pfFHKXh z!~ecDQR=#o;78v&+`@b4`mGWFYE*Y!H0BC5oo0YP1(&QF z50JpO1Y3^^%)fKYjF>bWA+kQqdA2ee-O2_CybUhFAPT!#P(6#X5)dxOl3>Qrbp;1y zEAA9U=n1fgB0K<_Lqs35i?id$UnfNs1s)%B)Fu8fu0eqFEy2Y2X>o$AnGX`EE_Dz`$YT3XmHqVB)kcbbeks~ovxAI2TBMiu555b$p z?qW9gv$AMb18uP5i8aSSg81IXSb%)Us?pxC4V-%F}l|LP2( zc}|){1Gm}&k{%GRtZF?F-yT?3Y&B`Ght^Ds0w6c|ZKCxx&Kcpf(eSdWFAw@IP zbentZxhQ${*ZiY5a?p%;|M91j4=KT}ftaSJm(6M+4@GJ8trV7cZ&o)H$uPFUKcC6uJ5}Y(Wq#G1sk^X-s-B5 z$`7$o%Ys^H7>FqC&w&5FKf=kXm;AC&=Kaj&T-7VF)Y%n8A#Mx5yg@BRV*{aDi}C69=C#+yo>~0QfmI1vP%-OYwbV+90m;Z78VWEd-tJCfdW^#S7m; zj@qzJTmm95CZ3}hT_nbhO5vUOelUr79M+G-H`;HtiD}J%jrJgpR3Waj`)5pH2yRCU z-y(3rZDb}t34&RNfCSz0HgExI-Dkvti6X-szz98NbRX0#yB-14PNo2D0#2|C{M{Jo zBX*G%=zi|lV3%&oHyEDa0~b(Zhwmh{47Q5YCyYRibXx8uY&L1lx-`5WL>|(cqB9K+ z7FT2MH?y^H|vC7haG3!kvVL8>G{WfE5d({(vGoP0RN91g^T zyv}!n6xyDoeKaE{n8$osdj5}iZcTX;1MufTwmzVF!XnQ0`G=3gmY2)<#+MH_+> zTl1Jb3qPc`apFr5gn-loY4|?F0VtJ2roi=f(VC4vAk@GZ9+nG^bh&3bX>cBPE5NQh zevn|~ces$A0{?e}^A!fZUFUwQo>x3@q-tgu#=t^>FT2|1v2xVy)jj*0l_3a%u)nv5 z{uKlv|F0;tnl14+aj&)CXb3`U|Ko3hxF<9}{>BU6tOjeIIb3|d313}Sv2kzYdCzNj zTT5NbsK_FNr%WZuGA!aF*26&WeC*u&2*KD-&>on-kp>ZGgD?V!H3>&SxeGqR%J9G~ zTwsYfKy8;i!a9!;ybW6D(*=ip{D|mE^zcLljBidk-6-7J%o!B%9!-pK7Tn=l66Y!? zbmE;B@FogOfd@)jWjjp>Z_z$+vUPX(Nd!!^3u6UUoP9!SgW5(txX4L}noWc?kE6X& z=Z&f3f>bc0D&nQyf!~{sA1|@A$J5}6Gx;Yo!q?>qMrj9dcehb13apSUYcn#oQYi`w zHOV~Qr2<5q{=J9) z-lKn$4ASo#q|mekQULv1z<&$)Z?P`o3`KD-{Y50di0Ll^`6c}dH-xrBtmCGN`}FS? z{<}s0CWWMB;98?r!-3gy2w16}@cv=j2KSi^4Rc{2@g${^2Hd*PeSLT029sUSj1v$s zryaF5<(&}dLSWZi9GXu)2|L5rpod^W{YH^FkYj|md3Z~$YCioG?m!t<1QJZKfQeTt zoxsRc$ziP@N;v^m;1MisR3mtCzjxAxqrHV_KVX?~3keA>7)JrwfK68x>l`U9Fv zDV^2(7=$J~MksNEkG$%h7d2Gj4|VQ@=yGwtr}uF)46!d2QI2?l4Oq(@syDn)GhIHJ zCtSKye$IA6#xzfqD`YBhcTN}& zhdRgMW2}JC43D}PxQ~PkhAv^7oorcOu*9Am>n;Tc7za|I?^w@&I*g&2OzXK&{bLP?_nT-m4j_x}6KKn%*&--RAp5NbtI01Hg z*M~)ZfWpb=f(PR3%rSJ~?Peo_^pmMSNi;Q^Ap_ zcMfoExOqCBH%Fq(Z59QcEJDI%X3vRp8N7_seV$v^2R#InRPAEMWK^JxZ0FYm1|5P~ zqVu*+x7@6WsDDu-cZhNe8Bi8Hct*Os`x0#w+8^PVaFz?qh<6fVlf(f>NK@2Nx-rL{ zFphaK`i(b}C2injp75X3MV$%h9*3M#)+hp~_JP@Lr%o8d|I`FQ6wx`&j{=XV#j~@6 z#7C3T(kd6w$->Zeh((pr6%knyWPYlsooNeFdO~;*lL8n!nP>V~jf1vwIE6hb@n=&E zoj9bn*o}gxwtaj8)b2RiEs^>hHxDK=};6~nlL0wT+udgSuo?+oS6*4j`3C4Ge z?naHeD8O9-gDjX7z94LBeIS|x&hb28J7xml3P#Q(NFBRF z43BWmM<9kx#)9@U%SoB}&+|#ZA=7$>Pf9icB&SbJyGZBD+-#<1j7-HA;Rtt;FhaXB zaNz)E9eBrB*-YQ&mRCSb6|u-c{|O+|8M$S^%LmP?&NEUesSIa>B#TvsnWS{2Mc+@l zp3wLd-XRJ(-sDP_7VcWKQi!Jyb$?~+M%#&_H$3wmaEwL)FJT@pVQN24Wwbb*SEwkm z(6M+!&!d2?ZKE!VMDg!L91fX^kv54sn3U_1ki6oB5jv`~#Xw^$=+-43z^x1Zi%nCR zNBn0BNrx2_&&d`{0;y*Jf;CLRXLeJ7Lz30*2kbXu11M%8ZedtOe2+qaG$^WM0Y$A$ zp0yZ0BxJTUQ>+yz^__M&G#FT(rqJatuymcpT%cCa=(O}p5)<>s?QY`XOE!0l&XpSs8?t+gP4QWcu-gn=v~YFBbIfmu z%*$z9K(R$$5GNcoQXC_)4B8lbWJu&RViddA#R3CkSjjxm`QWqpB_fF7LV zxf27f5HfdSKtvpmhW^5L7fKK$QrguNF$kR<)Il%j6h&rmlg!{|U7*5N zoN6qfsD=G7kVN#ETxyZPM8zYdOhd9$EeUGy=>NbiiAhjGr-EuGEx}?-4 z!HQA$<@Eh&hrWi=2XBDv9+zD#F+vMqgD3wW0cwePPiEG#KY5no17Ff}NbpBDR@CgA zkv@wocH^M%J_YNfmC1Z80%r3<70w16?~v&?xdu05X>PecVn9f|;kA}~ z^|cmzyPjVhql>K|AmbM+ylHOX8MLyls zxMux%b;;RATO&EvvK)8e#ChID`K5|+WGbsQpFhx(2XVP1$5m!F5Q}PosfAy zaNH%mpR*c9=B|i)0&7RgGOK5Fvs~(L4EOw8i8)!W*cEo>&PK{7hXcKDk~)y7j?s(% z3;zQ%*rAY$nTy?jbF4C)Ct!&;^3kA&e9+N8z}M?_e2gfJovT=JGWD^?PhKKEEQpX? z?o$U|QPYS<!{sui>DB6h#1IWO2(Y8 z*v%A8K!Ckf&?Sdq(>|4tmELG{(>XsHjpzr?l3dJ&vmphUbI18)YA;PKG)HJ`l+1=6d1s_)l7A!U+S7wck++`;Hsz&c^G=Nj_zEuOS#QK|7lWo}{I zs$@vr^;s0_AL~NR1{25hYobt#njcFKor#n9rsw2z@~s2G+Mft_dqDUo?u+~4-d?LY z5gXtRd=&2*4Io&8VD9awA7`$1yG*m*pNpS9U|wbRHbU!(l%Cm|B?4jYnEgx?)NNeO z?=eSxb5n(JdeWEnXHJn%b*}&Z;{%PE`CO$__C=7+d=(#AQ4>|+bfJ^?fJ@-N~C>(V` z+`g0HMSdREU?#Ym@s&Lb;!H2dX>IaoG;r^5{5e&3p+!q}bT&?!_ZBspLoL5xYt&3l zR{ZipAW^D!35cG8$c`Bx7dpi7Pw95&=DR})0enaLBkMI|!- zMT*&vb>RyXvs|kAF5ctnIs6yK%*j}}QM=}T;<%|oH;iDnVg-F_ehQGzp-~qzeGfk9 zKcgN%{*CyClR9Xk>z=UY+Ok&QN2kgo91}5rpP{#<8aW~HO(Zocz#B=1N( zb!^<0Lp+cKC2vK4wkK%pQQ}6q?WY@Pqvt zxFCNssnwoLCqaNmwHk{4T&=bF*MD_1Md``v4I{+sJ!N!yA^$hYf|=)af&7*M4E@*j zg{IuFx1rJHQKyGLUVi!C*O&crK1+xyQe*>A91cNx4k=Z00z-(Zu*6 zJt8?iTs}K|1ZrtaS?Saxz?+PS{%!h(Y3j!LBlnD-Hg_^-o4n112CD9`iXX;nBEJXy zL2jGb{TPElg}lB@sJ% z4cDg^pi6%N6`M7c*jeN#tq>G&Z3l~F^v0D23nqCI0ls<) zvz9?LWKU*7uw&s(j#3V&1fE>;s%(36YPG zy#iebpHUyhfMm98YUN-$vHpxqNVr1_#bL+$C;m~~K}7ndMRl@Fe8ZzS0f{N@aL6YL zM<6iAg;;N36w$zcG9$a5%l}biY#!`4;y#ih5lCpAc#Sn`ak6l6C9%dIsX%i&hUKen z7TitzG6SwKPWXzFD}u>>lA_8Ll;HOOZZbAHR-w!=_dpca^CwnjBI0WSk5noD;qN05 z^6xy5m~}Xr>hW}!+*Q!&{w~Ex!R&7l>{ad&w~Kklm;KAj$8BsGG{C zQF*^JR{upX=U6Qf#rlfoRGssjo=`C;@>Y=h8wz>=HaGXvpzeCk!o~`AB$9|vU32JG zl3L;s%zYYggpM&-5M>@@q151MOHX6E*>L24NU#pSAYiU^_g#JY<0r&tGC`I%GXfk@ zeWFNK?DeYUFCGwwl9TTnh zQDXYG8QEDgkO$Ws0c_?|!okK6p-UnRB1`OQ0icrC$U<=cn@sMkvc$9=l8@0f*Kf((yh!9!9l7g{GFHQlC^@ z3)+uJfA4d1KUJmPA|>iAYkXgVnY}Gk>JV#QGY?aGk~4<)Fko*8`~)*ZQ+*a=@kO8S zOt33I87z3rWa3uvyDWDQh#6!!5iZn=X-qu@?#k@7v~M1UX4i zyYamSxvg)m_-%G8AXAGfL{Zcy(vt=l{XR7b{y|-EO7kZh7{y&;?=J{vW{WzJ_#h|> zq3H{rL)WpK1gq(`ACEF8pVU2y&YVGdAqnp8__pIGk-6YF@;`Wb6tUNtK0}!PTlgSSWg=b{~-cF@3v+iot)Upf)66hmyzTpuK%O$>MZxAniPvPqNT{2c$86 zTq$wIzEZb^yqXMPv+ebwTr#e6+)cD!`43 zUXWL{12&jyam#vyP7Z-iju8{$iv>X5j)E`*HayRTx_~@PD<2Guj(8^~ z{1GYby5pmqIqdiv0fgX~lKQb)ctj0LBpxK|pfCr=Cr4a*2GZf~yhO2))c_4sQYO9^|ZVCP=|ar!JMQvEyqHI##^<*tmIY-lVtOT_k7|bmmMf zq-Cx!S;naWn`A^2#J_W?*dpU6nC^%O< zO&u3-R4hWqisiU)M*2ebrGN$EMq(VCRx$mQEB%xP^)uh{G$#F!aCOC%(uR0@T ze~%h$y0zf0W&;~xLD>ZGua*astL3DSTE>m{0cMW?ZlbwAU_y~dG5`MKJrP-INsz@V z)gFRLK2Ma<2mw~rV&v7kgyxhNh4MKQR7;euB;&!{O`O^^h-tV(F)OAkyfiI|`y_(V z2afBR)|8z-bjNmLtjG&Z-@)5^7Q~Mw_%H-!6jNn4fcNk_E+3gp?w1%~3(hz)*T^l- zI8x+O`4|(~p{qwKoZ}Vif_u|iWX@ZeuPHub0g4_&vSj^Zc%@CSHVn_i6Hja>E4DeY zjTPIrZD*p1lZkEH$;7s8o9oTKzx^EFi$8sJRpZxHjq~iPA}ZC=hR+$pqmmFoOo)yb zkFQBwqrLVjqJgc&>x#K>HWwek4!HUJ*Vcz3zkpTnuxcPIqBERB49Bw<2o7o7!C{}I zkM<}~SBGWFy66UmFSce-8 zv2gJjWx>pWu=gXk<9u#Y&;T&T4Rq+v-^*#omVk^}d_5M?3eTb|26MCjq`5l;@sc9l zUq9U^6?lu&i!#<-1n#D;%b(F2P}1OiP8mI4H>ezx*6_lX5?IGc1;(ar)oPI`xXqja z{ZGD@Gfp|jb16|jOt@;utv72Ad@}_^{=Zk{EH>Kc-qv=12dX&5cks6;>&WJ1f zN9O6usdxJ}O@03`#aFiX4><7@okyN|vlL`uk}KK$0b>%eLL%*R1t*AeJZ;j`-E_Bq zdFzrgF9V1EmcP!Vqqg0PkjDWg{g8;&20v?1qIL9F*i|P@HCv&eT z^iO+YMP)qApA08VqG_YGg%ywmTqU8*gYvhXxK{WE_1|Rv&e!~e6#c1~!tL7yH55## z;vn;JIeZB186(&eqs`mh?nDb6bg`|OI~ZYblr4-oDF81Sw?yQ?M25l@ggjCR^~d`P z^E`be?S+6I%(}YwMghVGD{R(?2Es+N*C8!@5A%7Qxfs74yzmtDvtHxRgX=ZE#5$@X zys{is)>oRehAJ_%`IcZD>VUd8!(&qj)Xb1SB)D7j-ytVRWJ^PtmVVUkh0qIC?g(Oh!D$T6!4N+)CN*xr9_#ka0Dy7G3tMbr3|~QGe|AgErFLqcz4G8%J=3 zEO;|P_EOe3Mpi~IeuD&*sf50OH{~HZMCcjVPcmNde;#Q**|42ydNNQ&{?5o$7O-3| z3Xt0xUdC%!k}q5lPHm)htOBqzZ)Vg*pz21KxjTMX#svEL=SgOv< zx@TmlduGHy%$CADo67eHjY`@07p|N9b!M*nx zZAL5dVPsF}ZwC_C*C1t9-Gt^eFXgT>3-nU5e?%*VzOgOY=S|4ZaYRye-;&VNhOWI| zGk2DhcQdMQLmqpb0vGIAVVT8rrw6Qc$0DU=+gzr6M2 zs&yZABam3;YbiiNiZ`Y~R3PVQ zo_wA_HaRtK&v=NsQN%sZ?gO(>on-2_Z{f}}xv0N@E19iUaHiP7;Ww92xqECjh*5)( zolDA%B^#=~l+>NA91g9Y@hv!7#m%4_-$UH#O)a-CpXO;${l4f2OL%_P~z##3&p{E5t`hK}`0LJmv~>RD4FLkKNQ|Lm&o5_W z+VXEN5Yuo7Nn0)VZP_o23~VMIlYdHI68w#xsMf_O8eBY@{)iM7`2%Cm969#S@RYtz zE0>`+mrmfYU;~af>ekIlaLg5At72YR0?5Lk+D7r;*r5;aQbdpo6j8#gDa=bmb)$Sp za9kt2fnUG1e2Mzf{Avyl+%_ex&HdOvWk1IDSo|Kzp8;Mhbvgy={=<%KFXZ0)11yvy z@wSZ<17r#9CwH#b`^AVar6p-`kNN<-t{mSIhLw4yR4k`|eUkTFkWfOtnCiTua^QL{ z?!?Ho+E{TGYdu5Sp>ik;l87Gs2zAA1+c?-sOz$42zb06Cu=sTXIYFe3^y7pqNfCiN zQ+#c_g+fn+#!os0GS_n0{|uUV;rv^)ZG-v$4)!x+Veo9PJ^RrKnsoKu!JYk7Clx$} zIY@uHv85uXRQp!supVt-n`{o4}o^Nn!P)_?c+?hAcU7Z+GBg8piU&Zr+o`oAj z;{TOnEDJ_3NQ@t8sziKFRDVdiypu=>rT)XL2u_(SrdnHV%$;!T#-UWH$K@Tn$jfb) zZ1Tx2;%E3QHL1(b!{0@~Z^V9(_D3}YoVq)Ie1G0O*)lTeWQKM`FUdlrUfd=VPn!Lz z;eOW2#(QQr5r zMGH2V`7^GYjFO$ZD>`{2GIf-GbLcyUolz_FQ{-Q{-QhDkjt!Jw0Lj+&^1^wGcErEy zC}*1l6udsJOzcfX+?&AA5pyCgIB6S-IcG4!=@*(Hz%DL~fKigI#)p!5l5Kmavuw2C z@4cFps**aZ`JeNTa%G67MQo_e(cc$7Tj-c^r}zh(36%=34=v|kNS6i$1!&Mx2k2n7 zx+4d_ul0)XE?fNG^Hh26KLpEDp{}Gj;X7T6YZUnrj%q8+)DaOVnNL)aOH}NflDpTD zDX2z}zbdpXtD^PH)j5N{-VPIV2n3hGEH}vFF4E7|L||HVaGIA0m5y?z z(2)u;MX6Gp2&Qw;+&b1H#*IXKql_21#nc%ixgH^qPlI?AG{D@92jl4Q*)XeQ&jM)+ zlh=|ReED|wF~r}eD#qekDof`5!a||aNCNQIp+i(#G%O9W;`AC)j~CrHY~($d^%D6T zRI_G(FLBxjb;m2JOia4pI^mA7<0&>@)9h_b5``7n)%AL@v)7jrCc3Ad z(%I2GQnp(gLhcn}zXGEz@{NIgp#Fj}BabI7VTcx|Q~DZKA2YLNMlc+a&MBz>UucO_ z{FL9RLzsikH3w2JS=AjTKM*3aca}JRdTcPiRvT;(xe$wNJ^h)vOHB(`YX~+NT7jU$ zxF2AVYcVb05&+zRGq|4{+pcm`tL&V0r0yhdc}VB*m%*KX27wlsFWX4W>|;4Bf!LzzCknQ>pby!P;}f$6>a098;p2N#6bFL$t9`$#6dCL5ag;zw!k$B0mkT(?_W z*RcV(tO$o9)2VgYz9+U-OyaE{);O8-u90%38Hh(IJl`rELkk8DCH-rhe=5$r)D6%Nlrl2a2Oe;*Rh;4y5alIrQ z)P&Cy)6S{S9qorHZ}S62OrNbk)aK1 zPsrU1Zhzlc$e`kc(}o?p);kzCB8R3TNM#|JG=5wDs)ZG*;+Wt6z0=&U<0L~sr3h0nO&%rOermX^qxJEywCb13x`gZm=CRI(-Q{jTbC6Ce<$ZfuTbYLBAV z|3vs3tJVlydsDFPazXixl8N5pvdbX{)J%(56TA1}dayp-nc>7c*eQc-tjBA|{w`h1 zi6BQD`R=I5cxe6e6}&u@HUPtZpM{WmUZx{Y<_^aoA}kW+(yXn=SvLtsrH*L`)H3w` z_W`aGnrSF7U~bqm#581*!DfZ7uHb6lEdWNC1<2XSbi}8LcDoqvK%lT&q zB3Vp<93N5kZLJabSoCi6Sm=A-4Sbyd`nr-FXCK8=+5u3^Wf(#xl^7B7Fe#eaXxr>F z#l4ta6S}V$NkwyuCVnxc#z4aXJcB`=whJGQNOuPP zay*F@zV5q&W;0zU+esP-&U7);ce1r7G&9cK|NZYZ5EBV;@I%<3nx6GVS)*e!J=?n~_+ZQ; zk1)?qe%M3e4qSf7cq>%9r5FLG~v@K>u9GrN=nJ(JrPN0OnU*_jscIQwf>c))U2Hg26n6S zR)_3^da#V6>X}4sSZG3r1H6dYqL=U2zQzIgUm?+`SdjL}z>31)dFNe`jgEapz6FzI zYr7y{@S~lb3&+06TPh1_g8<1lhq zp8~0t5&SD_8xb#HpkR=3b&A07>A&QhdcRu`aR=?dnG?!Rp~|oNI}c0`Rz-ujR=8<< z#8Ctpp|ETC-dupgp-dQy@%B-KCq-J3wd{NXL3*m#f@IwedF&>}RXLfn1xo$kTwh$5Hw?mzaIU~oS0&w9s<@a$ zPX&DpUtb6e+(HiCaB-E?JGyp0LPPsVk3U&4P@TLFdd3WSOHxlWz;Ni>DgTbZM5-hu z+3!EiFL4j~%VNvXitnPgZ~tr&gxQwFCohuzhR*aZ`CSv^!N4-|uP+8(eh$FOjEdS! zGNwm;^RXluHaS>3*8JWaCqqhz_isgpZO^?iIS;nL_Yu@@{C;_5DWqt(-#~F(*9xDl z^@w&DSEabLKNb$%mp@KlDEZ(e0euAA`vMmi7qy18cQl!I#r!`^Rz}>Q$uVk2zqF_%S#DzF_Fx8KaZXV8Dv74`SG*n48m=6NQ#Q{nlKKE@J- zA1@h#rnl;^--JK!x?5>i8;R)m$8am@k&(n-{Lx^^0vc)}5Lngct%$TJ6w?3llQrjO z=jFJ1s<63cl=Jqwh2@VPK%?}Z8mR|o9{%|XrETl^+`yiwP43Fc+n>dW0COL8t&^$` zr3da1?7TxCVV6LO9d>EPN!Lb)LZRrLWt`UL;7y!JmeEOujiPkiIYn#hp4z*nvmb}S zfmkD(>(hyUReU{~Va>pr_--eBFB6jT<6J4*wvM=!AP+k@&X_UoCn^Ot z1!Yfr???B*$6+y_tEzqJ;~5KjBvTzM;=(YwweWsOmyjRn))Du}#YgM21tFoF_764O z?^{MhVtaV~9O#b`n*n{vP!4_ZX~8`tX;44?JX;_y*pG)4j@V8yk}T^7xlMe9HHe~w ztT(?~J4%s$)@7E`=V=69{02+EhJXG7f|TG{CfjoQ7bH4yZqB&&1Wd>cqrQ3Tig_~DmSp4$(1+K=2iFSi{VgtRIp;f6^X|4(FsCvxP89Ek;1eb0U z_}+s@eJW0MN;sZCPl$0AYMAPhSY*mL&yWY$Wahc%{I`4@zkt628OHxeChJ<0VMGlI zh7p@+^T}ZIwz!GE)b=ipxS3OT;QnN1!Fzr}^zd5gO(eWCO%Q_jDA1%8>Zx+b%_OG1 z)ZxWxZ{TlFQi8C>zmmwjT(=nw>|j^IXXh@0>Zl7wS6E z{x?haV+X<&KMZ<%c~i;HD6jw}h%AgPY)gL$?9$b6C{|Va2+Qxy541%Gg63am)Pu~< z$uW|84W(-*W2y3Ys*mKf;|9=6#oApYRJaOwm#{n+|G0uSKS%B`P}30k7WKo{^jk1C zG!qMtD+~iNkQrL5feQ_R{tJQZ8Bk|1=3ktB`8RWTnCt84puyS#X5^n72et_Xha3XW z36%ur_)5STH|oN7Vru`-EGQIWtB`K{H(7POn?$T3(Ojze%Gxe{|JI*NsvdcT9{lyN zl1j+N%k}H(7A+zAqL_0^+X4htHW(iLYEWaL=HiKYJ^g-4_Q@c-G{rRoJw2c)uTII-AKlu7q$Mr-7+FDMUw{)m4GHa2FqZc>K4}p zk>8#MS-oD9LC@HB8G-;z08pgAh1XvU-bH=XP32^*7?s9Q@?y;_QUQsQI;^`9c>G-* z=YImbJa^+a7s4o7!zQ>2nx-*33PII`yFJ~kiBuc4mb^;y#gT6~t|(HuF?)t zt_1_AZ`RiucMf8Q-U)BtVm^K#Kc?$Xty{@Kv@bAUA*OpZ)odX@;a2iFfen}%&2lnc z@v}W@3f=AX>fU`*e-zv^66R%;hRc}XLuHSi-XNUi*;yTMwm^~ktBEr1uh-uMDg=k` zq@9Q@ONfwG*oZ&{^cV%Hq!xdYrM^9yAd@p?)`$EUt5&ZXKd#KI2yw2?kU1cocXskw_wDU1Z|n#V5`4B_@3{`TO*Y1_DmPX2 zfI8qVFV$#s3dh^UPZi(H=ie4r9=VUiN8>%qo_KV#M%t8Sd3gFBuvDur&W&$IkP zWp@meS6;3yj=8;+THFG&3`r9&fOyG?^|b>5r8pIv`!ag31%A0(P_~Xpr29hwTD>F{ zY+sW}?oSXsfQlcfO}w*r5NH;&i(BjLwOrA>SlE`?P9ICevoC+OPt-a(U)7^)Zx|A2NSfW?-P1y`=l4_s>h7dofCDe`cw)=}OA;cD647y~i(9!W zqT3nlfM?f$&eDbf8d(5(OIXLM#>U#%0i2a?8d?>y?hGS=^f|^R4Jj1QltAx(@86lchFy(7LxW)k=UER6b|H`^8+$YYj8 z`z^=#XP~fd+MB(0d-SFEOE34LAmh`L-H1fDYXopq4Ool5DE_W7;kr1IZfy_&ta{K^ z9%_@9(iFPK#FZBGKo$A@7SVC^AL?oUWG%LY-N8lwrb?ueE0w|tXgT$ zHL6~%qjoVXysVhdvVtp_&q{8qS8`K3os`Jx^v_b!Z+v{^EES5=}SW7 zzFwxdm{nXxFJw8q@fbOfCsn3#9vzZY-{s~bK?*s7fjF7z?9+gxY$->`Ra=%lL=wFU zDgUTgY3&U5OQmft=NcY&_Sv_-;g~IhnB%t48B2{MH+v_OObB<}^t6L0p)A@&hs>?2 zNiAO?j3aL_OGRX|Mmqj-V$Z(-mby54`ECa*MG;AQMC&G6Y}4I7gbP{i|5r~JFI>MFZ zKtxf{Xb#N#+5%d`un526_q$NTGpe3X3tdWQg)DRZ5zie0P4Q@ASU^6S%a@AG*y){4 ze=a>L>Iuk7<1KN>3E_l@^eUBQ>&@I@jhV>;@1%YE$R7`J+Px~6@x#h1rq0IGu*0l( z=59-Z2?=18Fzo$B{J@a?JT+t&?btPbeCuz{sv4B3ul`*wv?mR)x|ypJTB=OQ3*133 zFL*Fji@;lkAt=)%la7Lbew~L&;gLxcak`FCQ`+o2%&5p`j>B(@?D9tVfeWkM8u-Ts zrds{i1V_F9B>0?d2K_jl=K%>x%2s#3<||@t;?-uSm$1Xy*69i!NLIvy*QY7^c~anP zuUjCpQmq~tv|;Y^u0H4o3O{mMx$dIaebd@yvTn7|Am~|c4uH0lKn?vwTKKT*?4&aQ zRxF=xPoedboULiHr^32B_n;PPQjfyK?Lv@Il&cykGTxR_kqr@p-rk=x`>UX#E2w*Jd)B9o%B&d#7Gg z1`xXmoBJ#-^nDE)o+GHC4Mc%`E{>W-4nyUx$yA2vIgK;xI%+*>xlVYHcQp;J<($`W zlJz#ZtSMWd8y?_djp_-H)Rlyet5w;}s)^eRBzS!1J0!^i(!2X*fcZ){Qui>7d-*1c zO!Pwp%saM8!oTA`nJf1HtSKDL^84@R>X8dg7(g4D_-JQfJ_rtvK(t)b}4J>kuq_VNzO=E$Lzj^oXL;z2Q0H?-&0 zFZG?^eKhz;YFv2M8|=X#LlU+SWN%_RnNu$s->SAmzX~8$w0vqjd0fBZd3(CQeJvo412dfLBoEzqB`9}FVy{7x&N)W$2sw2?6u(EH3@9YV%xv_ZbKNx z?1(WZebHOs@N4zjfcZ)Jy@5=v9>xVCw6n`_F($a-?mPd1T`2dnbnsd}=bL4Ga&fsK zMOo?(Uk)~41?x9sd0V3j4gE?EmWwk4oj=tR`Pdg?PJStrl5TfPY>o^Z*r*?0M$s4M zI|d8%&+^NGajm`ix#2NThvj;6g*xEty1GIw?zaYC&iJ6cR>t@st6JSR|0Ph%_?*3e zeJ4DCC7EOLA)~E_r3zerh}32wk*!_t-NETqLW30zF68osm2c8SnJO^J$-dRISILXH zvsbFGol@PvlPBsA-NLOkZqS!-tHPLcqO3DpCcV1KJj!26L`);`uP*Pas65pc6sq#^ z#UtBaq_~6Lz;fz3|_ch*z35fS_Q-!2JucWs%oIvjlzu9kSLW)2&EM72y6?GmOFzZ$m^mizi z8*r~X$G7zOjV2NUeb6>nv(3bxcz~}aAo-WhyApng)f3c{01Asqt0`WXsj(-~cg6Qb z#60HAv}TnH4o(L(gR71JTlw-2v34J9ll+NV6>TaqYY(rvnT zJEY6|qsg9O;6DmP{A#XZpe!zC>Xvu`y$y}t;>)|#%ODi}^BIneZhjz$Ld%z2=e;Kj zbOss6LF|xJXGLMF-K=j{WhU)EGM%ZJ72O0uV7$=r0d?0j?l#1%{FH`JkMm}8XqDFD zz$WlHd$;E$AIoq!T`pFeSMYUvDnC$(2deEScSCuYG_Ei2Z^=Qun2wd<89i7PyD=@H zvvlkpuef@8yNxbe-h3qgGvT=FPN4Aqc}L^Re$x$0I0yzRZ)t7@-gJL{?E}8e|e@(*BC93j2GxU9x8Lv-3lgtmTvP2q!6}ukNH@8eKn%C^=Wdj=5 zNQX7&1$-no?M6bmzO+X|HRT0Vn(NcxEJs59@u0?8K7U!$3%5vM zs2x^gtr?X0ui>lD!GD!U=;_A|J5x+s^l1*-3-Kcj86R;6#4mgxhe8fUwMJ%KOs+GnH%&aJ8h!-oZc$W6jymr zzs^VUyO^x}uR?9LO-c*Mbfj`$`ro=-St4AxRetaFpYY%M-0brCCG3|T%gzeSS4{Cv7@YRj?9bdqnzV%`l+5_BHnj(;yUvE#)3Kgw0tU zl(H~YVyhQtYDYx(@M|@coePS^O=yj+XZ#|zczDRf(pv0Ljn{TQ4WYmGkIN?$C$7ol zIiycP0~p5SKshK8SPoT@1W)>>Ye7#@&=$n%0SkK2sjeBsk(J}YK=;HY5&_*c^k15x zbk+Y_)>a|6EE~7B2TCOZ{4|@pC7F98(VmANJw##OQMo%wAgjLgwo_^aJ>Ab3it%86 zK|j7`vOC@S>V>HU_-}f9QP}aK3W)$3rEOJw^?0x^rCJ9MY7R(nERSo$o!=UjFk-7I3wZHD(!?*uq! zR0t>)p6Z&u>YtqE{2j({0k?Lhhtyfha+A$~u;H0~KM=prAkVsSaZ*)K!dJ+WPBpnL zXo=HCKHAna-DzLMnvJ`pD|5&Hon_>F{I%;emPc4N2|a(|`_M_$$^vvEO`*d@1X2@$ zZpN_k@YiJm9%vEQ=-_0(JF35^RU(G9(kCddxW=6NP#kH;7m(H>pdvq|LW);^r82>% z$f{VI?wYcw{PX_spG$R8c2${XcO^`xna*5$Kh2vA@F3o!BJ;RDsP>a&uxvBsytu|J z>Um93-Xep~#8RTza51NiH?y@sz+?*}JGnQAMjP(2*5TFS><{sEI?Z0&eVI4-t+zCrZGU>*+F$OdOc%+A4~Fyq(4UacwN z+VJfUPG4?iwq}9MR=+=!#Igbema_*6zmuY}$>La>S*(|juI)t6F0ivZ%{nt9N0YNs zfl?KCQ2=lN(|s{xQ^QU6th3o`#9|FXbAEdhtM6}comBRu!-ss+;HAAp*R>W$Gc_l? z(fptxktCEe!A1W~JNfjs(r{aG3u>oMz>hzRk=$L*RUQepI0hx{j>@WEQMOz2Ty`g+ zt8N)RQzIOOxt6#iTq~&$TmO!wm-EJOkMyDSt78s0X>`XL)A=g$o!oa2xBV^8Itk6g zVsV?A&OQjZ_U1-L>Ag)D3Sm++cH_q3ILB^*4Hjgu(6)O0{D*8*UJNbVjUOHS_Q&)- z>#m4|if?D;Pk{g+3tW;1wljjF5h~{F&kX936p-NiNn7cw5^FYj?jw<2%%HE^wlv&| z1U&#~tH*~pXtmc`JU(z!aN;_geiq}c#md`h_1L#3>Eu1@P{<y6%~U*tTT?#z36Dr;XTPCCmqVa+AOQdo^

iWYcE!zYPtY2Vo_ADZ`G5$*_j6}+@a-^6CO@hN!-j)yu5@#f`Elfq0OK)NTY zi#~cBK-O_tv|PKKF|0V7%FiyB3*CuuU~@gk1;6MWZkX}qY>v7>$CjJ1^0F>-z(TehAkVw{yyl@3f@l+I)Hgw%sZ^TzC`iQHPo^= z91Mz_fw-;OQh<{Yoe%9Z^7vQ%2v6Z8K_E6xy#u_byzHKcK=ES*ws2D-!E6s2*ojdn za#vKx?_|&}Boy#|;V!@3EMYmG3U{DWGAAU`wpki2(<;p(3ND0{1 zRj*gm%DQNr#27K$Mj9AN&cpFto;8ce`>~jK%ZOGrXm88AT*gis zDPN>D2W$RdMS1nZne5H+1S&cUSg#F_M64%?c^dI{KI#ZR+#gpsT(c@%<%qqyNZ%pK zq1SFL1h3@nZP$yOt7&@6S z)+ZH|S5GUhGGwV3aW6*(lOI?!d$Ww!2~Hi|IHkSY4c;_KE#e?M`B)KOk3U9O6+It6 z8&k~tL!J5U8(CDHv(BJ5S{5(F^NV@%p-+@-A8|-+tg&8C_SA9XhEJV6KX+YK?OGT^ zK6CQJe9vUuvvcSY^p}6*7?t`InLASAMsQ)=pKSAImaghEd7P9dn!YV3>^rH#AT$Cl z;;Q?)N@I`mhn7`*y!g!9Up#?7G1747Nv#93y87!$ zc40{Io>6JO`IPdRWv2P*GB$QoN!RgI8^!7N@`qCaWZ+8HWEg`dEn&z}WW09T={z2e z!x*QI8#ZDa_>fS;kEbVz1OxY@o&f>-d3EmTp(fg9FOl~v4(1HSqMPv9EP z;QfvAp%cDWp6r*=jm8zYkJ%s7wpraWCU*sHP~Iz@uEh+GHwr2b*QXuCS+ULs@^2=z z2#rA^=*4Z;(IyWf@?V<;qIRd%6p9gZyB)mVrQY@lq-jFImtolO>RB)p$G!S212g4i zHSqY;Ht#;wJ8j|HE(=%Sr$QMndKh18^TxXJR&>g-n{4R36+#AtS(@r15Av{J0!dn2RIsOzc&Jy^?PR1=9He_C%?Gy|9_6StaeazT1m2$*UJ* zPM+VP2woNDof40)Hidv6iI+3^yP*ti*C&O0XK{6FYWwB2p7dmXa$?ZHB6hFun$t>b zZ`!`t{N=NpcrCEn(68#8=Fx4B))gm6b(?&9}mLfnH{3Jgf32-26qNoq*I-MXmDDwJVpa5Opi8KrwRgnX&)%gIx-Ef- z<1J1MXqOJCD-~#A5Y9aqv)xJ}l*6=iT7^cMOU$hnK=hWyV=Y1uKFvU#x=bJ5Ep&1G zDBxYs(a^Ojz)7fp8KL6*gIfj=Z)0DC8Vay;x%@rkSvFV1e%768*v)f4U{wC|wT^5gebEwEY-<|6cH!nAN#| zr&SD{_1^&_YgVjX8y?=4vy}Hn& z^4G)uqq}KNsm_Hp(Q%3ql?t5;-fGuIHr^9Px>*kO#A83qqE_RSNh#rII-a_iG>aE> zeeU!sw9ZK%MxVN3vDc!cot^iB8ynq8v}h@Gs6h$Gn(T!X7ZCEG5A8no0uQTf*(xo2 z8HhXDKX^=(sU3s4t!_aD*b^77^SX`lb=gQNDl5~oVmXkU+aHVIcntG>6Ftd-%?fKW z=3NGW?`V8KRUtT;&3-VXtE%n`pb8mMpC^ACys*#|z>)+vFyy^Lz)j$o=jY3gQd3SW zSS+}+kmtJ8`@Z+riC$MAWAl1^)^iFRVKS=5s@-u*=^(yn1!++lw5m-uDpBXMVBTpy zbZ`AvD^9rfD%ulzRO0w8vJ7dsk2M`@_n@&vFUIWSQC(VhKL6Tb_P6m%p%3+0oqOfT zQk^>;ST`R&Yw>K4Id&V9J5<*Ov(8&z_R5e5pCxvEjT^BfxG0|6LnsBM;k1&-i=rKw zUu;9Kk=db?8H0G=UkAoH&(Zge89y8s9hd23oFe3?y{cJ4e65LGQ$B29ab-MlS9I{S z3gnw0y3N$$d3`*O?RWWeN}#e+0e2OuUJg{{=1v-LpWI%;v#W_Q;yUhpXR`fwm6 z;6~zNMuM>UA=^~|<=#PVcSWdl*A7PWm3l%@j!MJAMa{~^-h`vf{?@>coHCKklsAQW zqDv?|QS@@s1vxSTdn0JS?)?iWm#!fZhUL%*u3T=@f1GpVA10K`(-2z-SBt`1{-)Oc zA8O7by9jeP1^cIl5R1Rv0zY}MYF73Bz)E6SVS5z40q^xS5^~;~1@4%a@uKOZZ+#Im z6QqMV(_ByJT|cNaS#j5x*pzz4z-;H&DCoBVYk)AYAmmY53)*ORTen-dQ_d!W@SXS{ z{@y&(mCo$x5DHO?7a`&K(3Imybg_h3yRijP*;*@<2&V6Ili(GI9Q@v$H*FqC=!g2G z`4$sO)bJ?qNx_O!`Eh91aqW{4o8yt0I%C%dOi{I7$MxV(LA>g2jkgQUxA=Vx+TFR; z7G9E1+a|HU8jx&QrI7-N7y8+4vy}96ZvwrJMmrOKGVjXHLUL{1`PMjxqg@~S1DKtq zm4^Sv8+fFTMWYJ*9Rf+2ztN=WsOut7HkY+mKbt#sMbHJJ$>Ca}n8O zmQOdHV$z$Z>hjNw5?Wguqa%6`RJ-$knCo}aZvB`scb#ee z04K%&gS>MO{J)U*=s=Hzv!Uf$!K+I|u9aKI?I0I0QLG`4-ds2#4t4i!8U}U0dR*Es z#Hwlul9v~`?TdA%C6;Yn{e~ZTM4o?h`tzkuaiy&sbvvXg?JG&gL0You>6>7krA4n9 z`;&}1h6Z++2#prviwtVwMWa|r1QVwfg3(GBSSwq^cstK{f zqWSfl_s|ZPu-L}^MB?l@HLov@PD_!R`88Na&z10VcxJn287QZ zvytmsUfj*ij7*di9~Wl;C8#~lyTJDT5Zmf6e@dJ78q{}L9{ON6pURV?WP#1e7BQS9 zlCZ>4vTBx#$AF|0@ORT%c%jwE{P@a`(`BRetQyA9-%L8P?SBE?yr~aS8T_x5Kihsh zV3J^nM&~V%(8vSh7gUVd-fb-HWO@oHe@G<4hZHCq8uY{;f~weK~!u zX~XW)S0B^BC^uEuSMEYrJ`2+LPS4_f6_JDuyU-ijLW4+}H$iIef3=by5MBhOr-CjO z?d)&hl;hea@oO*^+i-=j0u<{`3?Z_|Di8JQ?<7H)JZm#23(uMtBhCqa z5#?<+fbt7=OVJV`gQ#FXz8ElF{j-M7>ZSS06}l#>-ylc66-`MBpsS?FXfvhXhTKbv z(%g=izKu>})99S)|G-#J?4^Y}%xBj3YRi;9^Uo#gND$o>d}3}^x*&$b(Nsgx~r`1C{vPyHYsnAM0c^a`nXd_3Nq-2~OtEo1ONCN{7N!qL zJ|rcTudQZzE$owfR{LgJn0rr&28L_PX!z~BE3FKqyOm}(fjveQZze?%8~B-XD$RGa zWwWTE6uy7#bso^^UZ|APm0g3V8RO~A)F?S}200!*!@WuQ$m)~$P6yJFcj#{37Ra|l zwfdNQmLijOk|1?Dk^2gGuFdScD=SHj|D|HwO`JAy@NH`!?S5BfLLRkCIBfdSk-%joF@Xq?o{~(?m9@l?Q}X?28oR5b!Y!+%M#PO ze8D#e)eL=q9{2dMVb!i-EybZ{^H*`ARCh1Ee8n|_oO9EnUCrFlqt^LXO`vqH*9q*M zGpx7uTcGDG~*o$9{Ij;`Bvn7x>h@UU1x^ z=AGgIKIO0)j8Bg={RYb5SP=jM#P!y;zkFVyGlsX#=p>yP-iqelv`*vKV(oZD%rr|A zf#r$dnEUYY&Se!RcdRz8x4t$WH+V7jazUL5(1yagD`$axr{zbACgIDx314`&UviA0 z799pZHZKb;2^=PC(mO2ep{Cjb&_=zwy3LxNYi7QwcZo*sY{_Nt56@LIFvCtSBkuK(<_ko3%>PUb#Y4r2 z!WXT7E1SEd_SD0**!xuY%?g=_4aiDcCbW>!pWMHkMh?y;q7f$6DADm^MX83=uz3pA zEN8JLn>utrp=Pjknm%i8qp0)+>0?4`Ztm&QkWX{@G5W2d_)C zE@;p``B5F00~$~TZ`v7R85~cCcaPRc7o_1=_PmIi8u9jpmB_I5F}=wxtfPveqL*8^ zS@59?+Qn)=Nu8XOl|8IQPJ1n~b@Fu7O*yL)qz#Wo@bh4uF(_4>`i%I(dNqZ2<3A)d zttc0TI#Zi|l#cbMNxv#T+U#h2y+!S7)F)gEtr{DepAq$uw+OWfYI>9U!^6U-^uc6p zWPj0Ur~_L)ANHu?=TP4f)5Uv#%qcCal|(4kS;Mqg6mN5nfeCE;p~6RC^;qjeo8!M% z%%bY_)}Qufc7iv1zn4p)g9s_vdMtS>;l$G)>VpVUYuL=*S@BvND=pDpiSQ^K7_D_@ zwnq{6gEf-Iy`qwJE6OoPShMG8vy$F}=9&(%5Vp`2uoQFWZ>18_wnBHkT2h zswFT+IR1DnD9wmGc1frIPZ(+}x{8BmYV!1CykF~;XtA>p+v2jLPMAd{ zu#tRqn&tZ4kUyPau4FacVvEh^Q008^^LJH78H4Da28t!p?SlHb8+2F0@0fi@$Aia( zJ%tYTY_CxnJo$86w~E%yf6b!(bM2-KyxFY70DK_#T)|mrEJAzPQx9dl`2u?3_(V%!OL=dNrmVor<7-sv_FYDmuwDm|G0hlE=2N*Bu_(ODJ(B zIk^EKla9ID$|KCEnpHGj5Hbw5e(;~RoEl?iVXGSr`35+>DjPXcJXNK8&Us>I2V|{t z63S(dYfjIa?#w$wGYuXC2sqYYn{nA0D+i~vM4ZdT=|HqT2hc>XwDGCBQ^X0HDzdwd z*<|tf(A9Ni>OZo<^(@B*o${RHv(^_r{T??PcpNgm<7G`fRpk_Am6ohNOxGY9^LALB zR$yCq>!Xe(BXmCLctjpV_Y83!YP=404UoV>Zd3x`NZTTFF=&=+1m^=7T{n^G76%5<`7P!5+hdilii%kGZrD9^&ORluiU2c*4>O zS^}!GbMpnoQQ?*xV!+%9R*?cW-4U?21pYe6{!l$oR`&syep>OpX+2rOOkI8|mX9J)?r4U?>zqXFYcuL^TPze6@4NC(sUYI+ft%}Zm# z#kKPc6i<6XLQg@@w=t*bxyqLbh179Q(gj#4 z24dx3Wh{<&cL+JFv({>5zpvOi7;l9A7f3h}l;S8ogZh)1m`*={NLydTs`hWzc*8jk zurjnLhDq%2Y5jQzM`Fl5EhMoatWd0$;?uM3I9SW({!)?H>$s%+Y=efG^-wkR5#5Bc zysThuo_zrV94tB2_HA?y)@J|~h~ko_{lefiRd_L*e40fPEpD|f$yn1!mCWi@I3{Mp znvMI;5^Ce|5H?jccQD(0#`%QK5}u+wc}vfq$o_tPxD%ocI$;4I1%!`UjZBRGhZMAD zG7T)CxNta-$Z8^ATmz^kT_#Z2xh#e;eT`30m7na~=_6RNDI)XGbDBxJHs2ATmN3~% zKpH1v;g~cL&570ECWJuZ#5w!DdbNah^OX6Ad&MNWs8-GL-fY@#G(9No7 zAWFP5QZ=d~bj2l+&>mCHXh4H+fM~%}r4iE9hT`?h-siq{)0BlScs|wYD9(G^3Eztm zRjjhTp-9=^w}5Gw*uMO<62Y@~>}zAAQb}#-3g7OLV8?#E$jbh3b5glG`%JQqu4wln=ugag)@2fiTP`rh#)Re^4{?HiPP#ELQUt&mgMEz!$SaRXVA0(iC2ujo;dkK3Mv`avx_ z^H2_mKZZc0jrK#~#{;{|QC!1@N2ej>+>)XKtY|$Tdm%lZd3hd2>)VLi-*~NYbVws8O^Hlng9CfSU@E#B^1R$y znF3$1e>y_CyNik0#G!tfryn_bw#&NLpF>=AV1^6wUBiAZtp)B(LHTE ziAKB#7NkfwgTP)m?MxOqEvx#tLMzIJi?ZE+TUO(ZC#-_nWx%3!I`KSf49Fo17xVR^ zY17ZCeuId5UYvG8>m>)9&2KE>!QB5wmym=TF~!Ni2ni*7|OtU3EON@DYfO8b8$5s${H30a9j!|1t69hEZ9_p zr{^2~13rC8?%))37o2H`JgEMdTTs~5;1E#$1l6wHe2xRCCLKjaI=aiCCBFzyP*aXY zE*gv4;-=BXaB9WDox%dFHGl!14H%z`NIlft1ZwJ9O^h!G#lSLLc`Pb9`DJaxGDc)H z@5gmNf6E3l@iiyXMH61jnzqj45459+-n31d-jF0ahkFhW!?$Vev z5p0jt0j(UUn*8)~S1^54#Th^sLj#x+Gn5(s(<65|DD{ zjuBHTAPJc*pfy*@eeQdT>!jVgTc)Vplkc@@0!3!dQA5yU^L)1P`iFILY2qpKwPX0XI-^k?l&_Vg}NGEhMLv3#}SaP+47Ft{CZ<2&dM}1 zRO0>8c{rP(AUD@!F~oU|QF=oHv*%OST`?^XWlJ_(@M2{>)Sl*9e>2hV_(QBdi>r8b z-O~B40CO@(1#XqO*2qc68uo`2AA|FXD`OT`JHt8;enW}yPu6n+X)yw|Z_o(>4T)VJ zXH|ZM9Q1U41aM8O7VM{vup1n5e#6ZD^a5TJ1>C={K7CK&oUdJyyQY1M*hA~I53*80 zk7#ennOBkLjM64NXvWq#nhuWI9epi1+J9#gjrV7zkI7frHk^n>dmwxiGL21jwWpN2 zR>j7j_Dkc8lb8nZ>L$eA)&BgFF&WutbG=47bLB$;9ht%S{7M0s+ zx|L?zuNxES;-XM*-|_bEx?_BnyEgWVx17lrka6D=mfv1njD57GSjQrTq9{kG*GtE4 zi~4P$`|NRJ+YrSQ8`%n{as+}8#m{Bcz2!cO{8S2J=DPU#!0Uv@Qo~n>GBV?0O1j6_ z<;}+UGos}&(bngmxd^}9GNS*-_s=Sgu9jT8}T ztDiMOS^hd>$`r|(j;YgVzc$~t_99`u{e0aLQ&Ilp59PH{3BrZIQ@VN?;H9(uy+ij1 z@*bVaj@66;PA9jr05PTv^7JR1bE4z(AG5u_%v8)pP# zRXlgpBe#73p3i?Yubg5y3VU7Q$Q?BY5@&^qhop#Y%P9jm_ zZBS9NFB?j^{pj@f^6f{^t{N!tRs%Uq=(3rf~g7+0;%`)DNrS^+O z719t*N`RkG(o|nzsAiX}#K7_WXrZHrZFIcfGCfBpn{~?12!1d)NY)R}uwK`|Oc5_8 ziPOn)EHQ{=-ROi&ff4*+IR^?4_~#?FQ9Zb#HBQ5yi!&`rSuuGo7!|Ln^Rs6bYEunr z!va2u(hjWz!;eF^^dFvwN1t_W2kjB!=|qd43~t}Yi!)geJ;b~6)6NZE?RWDMWW>04$%YfW@^wa< zT5COSkc24lTufE;vQ>pQ5>bo|Qcqs~95FX>llY*1R@${(x;=iY@05J~5@DA91$OFm z1x zQR}qB4ok;)zz(wwrq4&2qXT+FMKCZvTg|h8O&p&DYU~Aq$F7>^G0w{7DzDwgS0k!+ z)%_Y3^_M8R{>L3tJQn>gaX04F<#w{geMSOsY+S{;7A=oF2yATry}q>5f9mT!@J93k ziazXpl1DoSt~QM)-%4$w<$*AaH{UX^a%r4RRA+QK7lnL5oxz&fuk!F<*h^h$3*IP7 zDeH9K`cAGWLEK;G4i`eiD^I>ZB12_Qh|1uR&OYP_u2DTs17r8)o0jgaXCm+wwLkn> z)H6n}xKBsgXim`7dY;NQptV0AN3zJ+IDPnP_K4&NKGn*$B`O}F@wqh}vIYHDvrFHF z7d}WvUbj*jJ~@mpEuZFhZb$u?!;7Xr&PCw+p2P4I&q=zAc z2Giu?r~Tf3E$eX=of`NOwJ#;Eua9jyyLVAU%alC*>=~&#S`vb~ni};oOM4I83lkLG ze=-ial>XA8h#^+f$QNWMKD6T#gEFcl4%okSQf1PrW~}06mZ#So6$@M^Kt3B&QM5ns z@mg+ow~5ZV+pTRf>`gt7j9^?*t_z7WOW!*BlfJsBly)oq%M8)b>#^#!*#TDjgA$%c z0Jhyz!0(-8MvGF9ZnT&Ag^cAUzoETiVdP*-*J zOh~87?~1V)A~f;alLm9)?E3~4Y~gI7N-MBl%mdlJVw|hedbNC#_$@{0WcGgX>kn4+A6Cng$FcCD=dn?mGDitiq8*) z2<9+Nxcr_NbIuQ$%Hd78rYdm$=^(PgeEYrd;SWwlSGobM@amP&qU3sqT{FdZoD1okWPjmeAv4Ho1c>k&kv_go_-|IwDJ6N!Yj`|r70!if2v(Oo^mS_ zG*cYFTF1xFnshT~4|S9H%F#s<(s<5YJQQh3v5*30(!lhs)Pl>}_y~RT)|}j9gnVWY zTAA8;Tv62(P;ho#1%(P*`;lI2N>ptROwCyLd1zV4o{(KWFj4rNV=3twQG_@QOUX<9 zK^SXLKjmr-uGF;3X2Tqk94n*EX)%kybnApL)Ibfeh(mtg?hx!a7db`TlvoohpN`5Iw zx)k07h>O{Jbh`!@7D=!e*h2ii>2{@nhFV;AU9l3ga$^@@ee|1)T?z~fRtsh)JcGs2 zRurg0hAg*`+$ABSXYNHTl;_m|FJ1Y;aK4G{P9eumA8t$t`(wkm3@(-n^7z;=-Di;s zD&p+o9u};ZK8OD?6;vcmbO`%+5~i*hjt;d-sId(hurW}Bg?+{u0^Y^hV>rJw*dC<5 z>9o=cf$>?BJpgCWqk%~}36PUZR?|N=24WabPLWaA+ zk@aQ~gJF8O1e0w%e2S2(xMZtTsHO+|#Hadj2go*3#GnyO<%b7H(w4h3+LA;c>k@d0 zvJVpXNA~rM>WAE$>({&MUU^ljvXJI%+KZ^kl(PUhlm8e%rpG>=}L=*)iMe#3MdMK|18M&O-`UmN#$WH@;OjCM5JnSnM6ADMf(Z{QG{GnL@ z2}y@PFBpeBUBO+dk#a9RRS6jU$LUvD6PS~;?FBacyPZ^m$SOCGaWo~HL3@`13FN2gaAkk_O4~C?Rnj^eG z(Q)hpw7~>g@E!%Eti;a&dN9)_Q3eB6*u!@V{?)B9ctt22p_uuqPyI+}&>7LTSXytB|aeC)tp;>_Br4Tx(j*zE@{_cTmKG8Mzw^YiT8O~yf}ZWZ?M zGDmZaJn|qQQEANuww{xF10jtA*s;MuNwn2zA?PIaRq6@9*HG<-NA@kxetA2K4)#b#3JnG5+gKl?fuR=#NT%EomLZlTbFX=Uwf4SN03EWou<9kM>mBH&S2 z#+9bEgWksE)X`Z3z~`%N)-orvFkva*GKuO(5^cD=X>RLf{5oiU9B_alwY3k}59pNC z7eEDoyT!%!uPz(141u+QVs3CyHZoToGprLpgs^o(#SG?!dBa2=AcBi0Ae~CMHTN13 z;MGuk15T0f6+Kp~%fBovXXge*8`AP}BDy&SvpDq!AfA!BE1>~F`av8o05`M*BOjCT zHc4~>F<2`ARhkkic3Jq5*DmIW=dU-Sn6(@>w^C&DUywqU46 z6FV9PP}b}VL!xAiGu6}&`h6k~Agi5sAJCpvWbJy+iF93anGWljLMOjf1Q94mKfb2sX)kyg;ef6jsrpr%%kUYJP;?; zlPSr3l!ufm`sj-?P0(mFhH*%@0$@Y|@-jg^(Qha%xbZ1{NkBQqdk#%l-H22Nz27RI zNUF$GMs*HnNHpkx$n#;0J}sxx3TL=|a-n(t`%kO`-; zD7o}n(zSPo4YTwFr67%n_V^Qp*WbC8ACD2;$XbxhR3jKxiwYEHM77hQFu)sLj#|6;MiT!ThYUTpKpCt{@b_^=csF6?a2LgR zghh*!(<54KP`#&q!TBC+r*O{e9SvdKlfJvgpw!}! zO~a!tgo2`M-4vw#IY#zDg$u07A%dwZ48G-tib=ol2CZ?7Tp+Ec$pq+#-9!v#l-BVS zcfvs9P{8$ebBS5|1}_jiXW-bf)gM5n{D(xQx#}4cyzxr8e9&9y@PauI;}|t);APoK zSAxzw{1FdBl=1pGPzb^4qvD7dnc>0ezAlrH(usWG-caTBBswjHLaY!r{sk#nA}I|H zs%Ql$4lUr5-p6q=VQ}`*o$)p^Xb#tZ%)~St0Qn=8#7?eu2gR0;tP-4bX$|`0MMMR! zl`HXH)>C#hPrlg&3S zO%Et89hgW0kF>uAJc4+IDBE=6*SRR>uUx7tW@RWF<^X^6v8usa8wf?Qw~ztz60RfZ z1kiwJa;)cz!t=m@-dl9`!|x(XQZNZHk}<1Ahbpmj6*6j;)PigE&D0=yFes%rt&As< zW>ya%^b_4WU?k5WTK!8kZTOAD%~ab(Eu;o19D@o$O9cm@eGe}ncMk>wB_r+%HK>W< z#q%K(mWa;{3U{D(%?0@!3KFK*nIz(Ag*d3NFhbUF()$UV<<~|oI(AXc0n}n30n@Wq z!x*;O!6iCth&2+a=3pGfmJL5jXHxio#JBcD1XhTmR$gPyhw4NH2qg5lu(r-{sQvyW zNN0hM|1_U&zRZ>EioU2nmU=>p+70&vjX5*J&JSSBAcMFJ=|rUl?F#&wUJ~P>NR*H~ zPM=f30~jz|(9#?e7K)c;nMK6-4KtekYxnV8sQv9nthRHB4;y4LZtpQ@Ken`uHdc?lw#zX()X>wc(-WOQ=)q{eT z)ob<^5=TllgD9xP`65-tSdOLFi?q@@x}ppuY3VRUTQ6C$;J0ycK}8o4FQAUo_ogRJ+mH%__8?-^ zD~xorD+}MnVu>QAgU9tNz2tdOYKUp4ctHRL*Dv1FgmCh|!N?JioFQC(3|xB32TwdI zU7~|mDGXi^mD_#d8RuRGVIfq9Zmfzf`CD?VN&9Dw5~2_Kx79*Y!$byS!CK(t=OSrr zI4zph1fYSS!{_Ac6Qe?XB?u-+YGYB|*nyIX+FC~uhzpfP1B~CJzP->q8;+BZ`A)P3L9vceUxqM!2r5-vc|8YJUP#U-Hjl+SZ75MBSLa6~nw zV8`eC)+s1yknUUwm~n-QS_WV#yk__{)xcvzf^IjCb6RxpK5{|ddK?-*ZD}ZrF2B0; zspqR(Ca$#sa>XBw3IIEX=$2uB8veFJli@fDsjoa)NYrY^p_Hm@toQUTIHt5}8z#rW zw_)n?8Rdr1=teY4@azt}?bw0JG1^vCM97>`bDv6W8PHIX@3C4P$@w&bG8p&W%dOZ* zEd@}ojApFjVCqU67-&*N2~sHsQ2}T^c%-f+D&@~F<2Eld*2gz{#mO{#+9^ce0m!I-1~Hz+gF%4#35~mft|?_ZjBUbQqLAT|!VA&6 z3CpvY%c5#g<$qcO2QZz*bd9<_wXY+r7?=s^XH0#0SWx0iIS#+$g1;0UMRG(rqqI7N zNGk2avCO{!(^usc4y+?6+!bwD?Jyo%zV|FEE);c-B1$xZt0blC7uIfe!$p?TawCp4 zVHGe%8EmVDfX2!u4(FW6U@XnSm<{VwM7SV7c_B)WO!O!%4Qs%YgI5BUcK3gk?+xQq z(9cWRgh}~uyBaz96l=nA(0B9TdxhlU-Sxl`&&PI-$U^5NbEI^HMvn-Vt4x(3wBUk+ z>9XKO7e{6aids+E58!Ixe8k=uTm91S4Ko_6(4n(sSF6dj1Vcd7fvANM?WI2j5mQ#? zvK-{U&FM}nRcK4rDYlBHL;##?e-9UE=%FewlvD`PF+o_x1uH!r8OyZ`6CoH&mOQN` zd=3ez;$SomZOvafHIp+XuJkI%btkkUrK%B7M8f_)WM^4=t#j)^lGkN`5(I$hoe=}_D83wcI7^Z{dv597%2dK^*CI#(bgZ0>#R4&1vApt&Hjb$p}0G-u_-K=J9P%JCzs~^@KI-bYZe^FXP zs$2)g_f4!9Tr(Ww^m-TU4L++wh|S-NbVj| z1%3Dz_uwu>m&HE9W|8B78c`Nb(HT4y?Z!H=I#9aOev_IW-lCp*BUv*ua12moecpnp zC6_G&gvB`-QT`mfrCMoIKul`^n5Wj3*6+0565(Mm*?y7nHgSL_F5RgDam3EIB9d-C zNSyBbFMzqo&dMKbs&|9G!E~m#zegZrbt}_`fSf`|$E`$qH(XtVM-yjI7)zRtCRFK7Bfisioctq z*l#43EHF1+3d9tS7jfom5NMYXbsu{hPdUSf0f&?WDp9lMT(gOgUhsT6#RV98te=zP zXv-0ejz?H@l~8o&XmNnD;KLW{8xWCL8W~eoxTB6vempf%bJkt_h*_9FKSStwX)$c$ zA1?am#T1A(<`Lu$CDAJs#-a>_v`PdMbN$$+!AWUB)tsY_cIR`=psH?u4rXjnxUk!!%a zL{bzmRocj!I?J0z9wMr7PhD|D(%6R6aiG+MEW`eVu545k#ZYk!(-U;ijzQZKRzjOY zOW9`8XiKaAgrpX5=#vMOKhO`W7TPg4i)EpJ>%=f?HfXL@ITl?;PIO`~yjOq4ot5k< zkXGx*gF>c1|4G-s5UHEcfmcpk%mKr^(t~Cn!gefCUg(!aMsl*!I?uKeitQoy-PXT! z)E~+K3qfC@xGfNIKb)ZjR(rtBJvhDGn2R<1Xdt2sMa5X9Ivc_f9y;elZGpIT&`5iU zTcX;9l`EFa0x^=qt!G8Hgr$G7!5go(PY@fx)q;0yZM7ZokZV6T17QTFsj=WvTl--A z6Z@V(acK%#sbKrUr1UYS+y6#g&|LO)BWC!x(|8>8m5!uMzU~>K_BaCPO91GE*`53>b)< z3B~-KcG=rEAqhD)g~XMph6sLI#)s4vF8a;tO*5E@(Lm$HvzX zAq^fU{9z|)`P2TC(^MCbn-x&=8}tHj%u`1(;dBAR@Q3tP!I$=4pZ;A3uNGkhY_jfe z^DN-O;E_u>&8Se?^C~YkSYeCt5Tek8SPqbj3R?#3*7v;YQIh<2)(zL%1N@0T$t>#L zVwet2*kKM;px(hYQ>Vhs^!mOLwz4CH1jUBbD~6W0iuKmeQ$(WZcObJXVM&BAzjTL_U0<@?w{5Rx$*M0Ryd`LIZv#vsi& zj*~v(rnEEYdCiuyo@$I|p2Xu;JC-oehaO3Jh_MqKRSKDK{V&+yyc^%s)kDInb26b{ z`Sslp{BR<_zFGUffrCCz9p(U9B2zFIk%a4_CdLbG_K7VQw2sV?opjk`=hf>aq}4qo zzj%k&I+qs{Hsh_L47o(e% zUM+Z~#{VE6F4RWjJqgct#k4*NeJX*oDP=O#yen(PY@9drl7E=jeoQU%@Yr_++hq566ep!ULw)ee1g&owI!Yntnxz0Y;;duB?FIA5%k~ zUebsQsR+&{+>Lg;;JfX8@eUgP{~->d>h(o*6O^tS?T_r|i$dt8>_zA?qsSC_Q_o8Z z-yZb*-svg~G@s8Dniu3ejz=k+m$=_a`h;rl@yAIiY}Y@oicxuyIw#@wYO-kVF4-hQ31d2Z3i5o*BIou5KBHJq9_C{}M;y(b;whgzOZIXKeW z1lq-F#fUgmQhD4Nl+czLkzowp@2w763<1p5Qv}p`=8o?6=F4$k7=2!onqs!jJ)cq! zC@RM#WUyWLqv)M#<;606i#M$!HWD|Rn4H@=mwoqtjm+fkI~xmN;zAh2b2KcD zWWF3~E!vuTuLvif7~94Cijmv+u2poKJa8&KqGu~FihhTnr;L`a*A-nZe}-fF>!x^y z94Gj@s^(_m@`XOO9JpgskN&J{;r&Wo@wj$YrE}rYz0He+*bCSDSX~{{Yh9#f>U+=1 z%AZuY@zHnZ#__(AKPojAXtt^A^BB<;2+=}xDH3auM3j2pdgjMSE9m>}ef~`ySZVx= zIv{&cCW$VAZz-(hE`)26?P#m;>xassn((wX>40WmK68a^-WgC^a7A7}1KT=%;AJAt z6!5s?rc*qIbFpEl-WdL(L~J}wQM;A{3#r;s9XL}FxS~O1ZMp+ z$Xl~SUU%StBvrQWncT?7HQl?V_4e!7J!d3$cGz4(VK3NUKxug;K;YNl4c1o`$Z|$0bot;^l{ol;= z>X7=gJbHM^d^U1dBK&xFud;@^Vt^5D7Fkv{e*1fNZzzv0J?NV0*lk3itqHey*R- z_aY5iJX!-EPWMC7r-haZ%}IKtd$ZFS_%kA35}pJwk-W@1xPNYZUk`ddpsJDLlz}uA z9w=F@2$}z>;yUxKgYMI-)SPN}S9nAa`P<|8uRoHDMMGUXxJ`lUUM@3U#|wY4 zmh{E3>yoO*hWg13q`YOdgm&q;4oNQuZaKB%*Fzq)vv(CigUi2r9D0o*OsthvQ!1)y{b@3h^Zedb|JHwnhX&z^d0zQd|vT9v6;I?H(0k*6^UIK zqD?maSS9&RbOJ=#gm{F38x59rni50z>Dn$PtVs^cr(f)1|0~;~pA42|YK7j)x zEox73?%k5J2(;lx%|>;fP( z)PmQgJN9Or$zjG@;nXAVDn~Pys}tSFO!MVWxi;wze`-2QONSLOzUfas8vY{qOiaSL zu?#GvIklOiF4`|#(ra2tnZJnAw|atQeC$THJD=&I(qm5!G%`%u{Dr(Jb*^}y*we^s zfJ((nJ@*S^`-o8WV{uFhBwpO$f_8@DYr}+lB=mJP&AX9HkHN-P3AiAsrYlPP+sR{E z7K2tCS=Kud^I^nYIMI;1I~Rq{SDO#thFAZyt;yGs+wl={R-?HlbiNNkhz}wC|JnB* zodE88D>n%JUX>R?_5mrpqJ0Nd&C-~G#y@^-`0)Rh9Ut=>$bEDr%wC8YLMH@O`#rCH z#w^~z(>=@43VbO(Gn+dlRWqH4_i%_ErN63o1l9YO-oBk$H}#?H2yClNaOlG8Jdg?M5@p% zpKGjJZk5U7HyS%$cR#gF|8;!^Pwvca!e-b%Vc`o={)l)st94# zM)$|m8Gra5CX?RehcAPW`a|Bp>1`?a-Tr&0HhIC4gLc(l7-Yf6Yxpk=qW>QlM23cO zMgHF~$nk$*kRybDV32ADSe1WZ5XgUE5YU}sA)JijC!r~r>;B@5%nA@#5`yp(EXw3( zW8-)>Ilb{|Nw4?fvxlpVgGAb>ct=9`qJoUBSMuC~jKsu*c*hU+Vt=l5`ozRL0=~?6 z$4=M00&P2G(|&om;pZS_(2ps_>+O|;C~0Gl;{My@oJ!&^=18AZW3}t3pJoSFU7tm7 z*+4qvRpv>FaXQ<1uUI=L5#Cvy`v9!)Zz<6+07!>Gz5wZv?+1VB5Od&ZdtbMJzL(q} z5C`BB&+)ebN`eZb&}nPk$lcJM@Sgg_PqCiJ!N3U-Zopza^3T{XE6tU8Dg7wlODgr1 zx$ELqG8#)xdw!xDJDK99;;3nCrg@IcC|?@pR-9vul5ODA0j2v)#aZC-eB!IWBN2X6 zlq1o;YNjKR!X@~qk3zHes86iksfG`MuDR4|5 z4rvb+zgvpH+uxl%{<-|69xsLbr9!9~Z;I|JY}wjOhBEourFNW-tj>CQ+NFuoNsc8- zjH;uBFK6XPLINqLYZ*w?b%#^TxHQ?c7cQg4FUk*y2g-%srCk%`x!$FT@=3QP|M_{y zKLCFoz-luc-+{{eZ<_2+jv6Yd6(lsi=-ruq#;ZZKmfMn-@aKMvoIru8Pc4HMtHZEQ zAVOrH2#otz;P}qIXyite3|_-JC>U7$`(!9hiM6|(595D+pSaf%=U|iriJ}`-+eBa z|J?SA9qlI~FN+Q>okUJajKRO8ce2c0$gkF`?_h-x0{$$EO=m@&KUbc~ zO`@~8no}Kq_)Of2yT)3#oiI0<+|K#CyXwZ~&9ad?d-}D{!wdagSJdHo_SzB!GH-SX z*alx(IHR9)3G80Ej+d=`IQ)A}Aw2~U=0=vYRq6Lrj z|Cs5l&NRmTp8qn_mogM0MLyram2b>`!)IsLW@Y}bjqa!J^}jYci;wDm+33tFd_DP7 z(hvg7v0joLp}jiDmciv*Tx6a8@AFysxpealE`6&}-ms9Qr+WX*3r}}S|J-8JvW0Cz z%=M33TVj4=WxuQFn=LfgdCXoXkY3~%>CD?7VX>h56LutA@dY$t)Jv~30GT>#_@LG*k8eB~o#e4PbEX&U~O4r>j zpETRxN3KCoAG>UrWja50=Y?Xe)w_IfH3FCAm*}4#qwm-OaUkSZ$FlGrI1+ zJ2v3Vt_@|%Kla{}F?|j`m3ao+s;XbtURy4_zW_6Vwr1#Uuim4+Yx7-r=Awb0a!V7K zmF!tpLj0#hqDjPjI8T)ELh8^Qe-mB;(ty((6h1=6iBMDp zTt{1bhuX(zUL5$4>gY%7vXASn*+!L}>4PFpyWThBGEF%{Ar*HAas%V5?qq(>mFi0) z5k=_%DLyVtHtRcY%(}ibI_hjeB$Zb8HkR_fsog1&>*}NwK#4iZ{ugDMcr(3<8Sc)l z^$Q^?<6OGRGOve~wzsLTwXgj5eI?R{L>(`jU(aRYk29=GfIopsNDSUn5csK-J1^$E zaDz9rfGCwT}@|K1$uO}eAck}%^uldDw-j)oyga|`f z_h7{4=6u}HwV3-Bd`yQ9gQDW&xU?=RDR3$k*5)2{C;bZFk=!u7ZHKAdZMU4vV1QKu_ZjY&*RP={LpImnNP*N&K$%gyozk~&_>ueWab7*T&xHjE>Dc^ zL>*ZHOL$)oc^u5ODt#__6LB)EgfPv$wN|l-_lcnX;>28&;wEk($Y#C^oaogZiz}XL z)>GR5qKVnqhzZjcshrZd&w>T{>~(zbDBwai?NHwyIjlZst|t+)RH$Dx27y5qWV!yu z8Dn^oSvjNFn41puCD;+3?;kU5nmfJ~xBSwW^qT*eSF6+~%L~G_`{axY`?V~ThZ8fi zM95j_SI)>?{>talt>~XM4!6d}C+TQqHt^WFUJutPtn7AL&H~aZEq82x7LP`xn+ub7(G%uj@A1W8frH^xf zDk8v1+c!Tz5|!FLC^QgE7Rs3|-Y28==~}!haQ2E@?%5|E_WXGK%y)U~{nnZAZAwh+ zV}<>-wY4)LaKzj&n2k?YSHX;rSdkkpKKuz7mbyyt$pq5+)856e7}Q8S|A=BgP}oS8 zO6pkXL*~2+&##)f3whJ(o9(5E9dG*Dl`T1;;SeY+DxSYjO#2WhIq?gXx_AA@jy;J4uOg@)D*Pbd zdo(+{A2S{P;D`YVidE-+AJ0c!o9X9SMF|+uyj%%kN1Iey`6Z@a z&F<#2XOf$~LEl+w4n@5ZpKQHuyk`5A1mKj&r6zvRR8XDcT#ZOfX8cQ1#JlKkn_vU_ zFtsW9dA| zSMw0}nf9F*-46~3+}7&Sl%GzJEc$8?F0vvC*kSPJME&Zw0QYvvmD_{nWAN;-V^q+e z9FH?YT9POdxpw@*Z`k#xcnf_krXAg*IOwg!M;L`tldhY$MR`k`%Zn?Z>wJ6v-rPUt zms=aaV~C>#u|;K5{C6uc;s2{NS$#fSgTEi;tWd(k7y_NN6>VsCE zUCfxe4K7FPD$)qXN7w9FS+B%2H_7JZelh9MX4ftTrqs-J&|#+kHD44SKkvQQYMlPD zS|-O_O~2D*`g{tYyt10syM&t3eViaQvr#__-cBL@)(cCs=^GKJ()1L>)yxu4X3`Pp z5Hsn#eLENUjP z@Fz^vOp#k^acI);K&hzCkn}R`sUoZNAmzE;RLHfzDGy(H;Vg;ZmxK}MrN&qJ zAzdsWw`d9($Mb8vkNfA)5f6c#9Fv7PGS>9L=bL7k8a0lN?Mh-~bo`7WYwO!B4bH|B zdA?Vo%N;+cEfQrnVqdkF$mfk8)5;#+U-j%^| zQ}z8hU)8Q&-B<74yML|fb@jp_!&&o5DJHvot1{j6q{1y?M$wSl(2!H!u-HPiz>pqd z6HxY_Q>|H`bXQVu z+v_QhQk{_2zw3O^bI+ta`Ce%Rav=D~cFsN17oFf2VSddGtxA_2D0-m#@!s8it@i({ z&PN*60!@h~!c`qoux+`U8OS|lBg=`v-)_OfLOz8tE&a`b zYP3$Ja-%U@?M1)Ow(9DTQ>WYh)Me{ZT5Gv`HRyO(Y^xqCU}io5E@ZzGd>2w3>xkhg z=vl9Bz)-*>FNq!e3hMo&e8~AaY7f5g1!{)M!Cg)XF-2kj_>aO~)W3c`pYmHU!(<+y$@$lB!Ek8lZI0>nw@8PevUo|O zvb>QB)bA;zvH6li64nby&XVVlxSn5?LS@uhth$9R`6SPOu2b>M{~diSFkZzRT=ikZ zsye?M!6(&|)V|od9;am<79?z*x+9h zthXv%yglB;Gd(L1DG5S`ev~S9fEul` zd0TVY%-eYh0?29)8|Z^w1@fl2-n5sl@2Ip{zF{&qiEAxZMwGX+1tsRzw@0u5JW;6* z4mw-ZSZ`+CL+|TA!#z_03b9$59H(TB$N5R}M~{899^-%<(odW8L%re;Sd}(lL`>*) zwr1ARL`}F#2HprW`P$h5j92U2T(`Fh$ubUV?X$eEG=#xW6h+ndO;CUWKziBr7xLR9 zqnPW$A_WPA6U6B8W97iy65?$I?l7B$^q#_Xu4ar(@g{})N&?sUCk>6YRa{wp?15o08t&GhBsGis)BHS>=5t&UM(8agsR63zPCuZY z?+@P695lIvJ)Ptw+vLS;U}9k_usj9no5 z_6q5LESos`a$g=U&5|7B-&Hv!x44b9wg~jwb0~0jBcplR7_w=iKiV9C?;9_^sCKW? zIyQNln``g9fVGRiKB3oMSt2^+1!?N7*x zovB9PU5X_}KY5fzNq*fOdHTQR@JpE}ez&9c8%19{pQ9dZgjC4|bKiP|@?b&dlZ)A| zoZb@#>f@hpgg%DHTYnJ}{gmaMf~6taN?L>{%X3<&DJQ-kP3mWJkIs%)%+1mLmEz0U z(jnEsbK3LlV#x+3ewDT2tK5m-m)nzsnW#min&gPMlCe6~B3gaI9GP2CO1piepOn`wPEBpSx4k z`#MgRhXPi5_yG=InfT7q-2S`Ln7=-=FBI*q#fKbf=pOAmYMY+qDN}94J`D=69;F@U zLbkNygEi_x6|?PO#g|Nsu5*9Ul(%{8^O%q?A5r$}dfAkX#*DIHMrwMdVg34SIjg9* z7yDtu{B<+TgFe{7j+t<3-AM2K(b2ZY1mpUx?u1v3z)3x2Gf?Sj;)D=#YwYCSrq}?J z>^nx^J0SN`)uXZGQgvY?qD>2TF{w>U!L4Fgc%!PcUB!0xzvws6v0K)TM#{r6`amRC zJt@Ne6e8Z)TFSmWe1GU!uRp^gtSI@4B}9UDJe~<6q4uqm*ZFnj*uI`9@4#T94i>XP zjZiTQdR7!cck>xPB>8NXq4ng0j{eVQ8g|A=#v<+DFH2bo_H0!H*dv=A_AFr`|tZk!&}I@ZM&j zoUDR6mqa|Uc?ZbqnCo%1^by(7R}QLtb!`GW^&l)GKU!!HDT3FGbG#pK-8mqB>bnYd zH`=%&Eq++Ct?7yNhII+ex>39$h-~HEjul@leHA3@$)`oHTIG~Y_KEvtO^6s&A4t3DJ8%u;2m`i_}p++0{Pr#kLX_4T{4fIFnlh*H~hcA ze>QxXKdtkh4Wr6l^p^2*G(wgOc;{pfY_yVe#= zp&mh)Bv6aHc*>w2afHyQCKyLEhAhec-vM{)*MHx6l)Oaj;smba^E^RL|99zm_V@aA z{P)(+ZS>ocCadG6=k;eiFFo7WkmgEzg`4t69~-&5jL(CQ?2A?Jictl2GxnZ#l6C>} zCXCj{wfYy2l^f3VAM?HKn8+v8Pd&r~Bj_VWZSkZ^p^blxiL8RXOo^x;KMrvVPZ8TZLBQ6Ln4N}O=B#|EkdQ_` z<9#1t>$95}M*COq0WNk=C6w1H7avEyJ1;$m*>&J%R^LqGExdoMtOmHfGs|5(8fZXj z&j%%}JlJ&eqzS7qVq4LbCsrZdHYsXQqYuE6FHW&0C_W0S6`Y3EXok-z)x%(7gLNL?<+lR~UeS2j4v8eJK9tMl7vADsd8 zS1aRIvr~#3Fam}0>ZExk5`oNxO(E>qX(%SNPN!6>O!=5oKM=`%qvC8^GrVDvoXI1a zW9pGr4w{!}-0u{+Nah;tFhN|D+{RaSWJ`T6gxfZjp6r<3WCv{cP6vE~Vno{y1=VMG z)h`a}){t|osiQ~ulH>Hl3Agugo&Okwk65S4+8t*@*AY-6YaCkS1^JKr<8l9L!$XZiK>EMRq7*Q z^{xC4`iGCxQjYyR*fSRUcMree#L8#_rTXh>bI(lnHn8cQRJGt~b2WAHA&?F8G~1G& z$n7(TlNgq($@T@$*Q9k@CCR>(^Kwu$IaTY_mlZ_^LAj=Q+Xr%cEqxpkOaoLB2$C2? zr-$;@+4$gpaQ5%o1!dJ=4zy8FsA^P1ml z7G#Dju6%Vs&upi*jg<_~I`wZsoRZ7Y&K5VXF8ZWl`oi3@1g=fO61Z9fBHv7mPrp5;@6wdTvhu_I6FeJNel8_6CdZ;am2r z==FB0KY~0~FoDEFgHG&=RKoG7yGZgt>i}Q5)lq{c!T8`7$Uj0P;!FJzNU&u*$W40f zz5N;JeWTtU`9^Y}mofa7qvsCG(P8>FkRu#cx*Eg?o@Rp>%;i|i%RUQBxo1Z<#FH9@ z{6=XI7wCfKzC6H~6$5B51m9eYWSjc15l<+kwR21yJrC1>JAJ=)}SI*4@tH&hE5SY z)gM0+9PSZQV(6B=&pM&>(|e&+*n&X(R`1!j#ibEoVVX-L2sG{(H}P*sBLg?hBC&^8 z#MxldC-@(}h%v}@#73?;S1&`ya?cUH^bd0apU6E^EPQ)XAaZ9Z)h@Ozzw=0EpBnMT z8)P|ODHz?o9YntPax%#AdTU;#1+oMArUm`_pga&>c_4kV13wGvvXcToCA1#WDG#>j zI=PqdyT1wnO-N_4 zBY(2pj@AmmfVaQQLNQn{Jkq0gSmS*tgZFD3D8v}+WS848;#20Bn6xryW|UY_L5-Du zxzb*rAs^&{x5O~~s{y2#*&qmVj4ax;Sc>DiS2D`0?0fv?PRe5EhVJIz@-^J$h!bKT zRBq6Kv3jBJCq5|yLl*PKMTqtZOI*d~9;7^F9pV?J3{UQ!L*n2zvB&sP>c^p~BRn*L z(>w<}xLP~BTJxQ9vq7vRnZ?J!B|YVyn$-^LmI$at*0~QiT8r_U%lDp_02Zlv>X2`~5uHAK9brvO6~d;IpWSFeXl#%RyA5@H5|gpZ=5NU0Z)jKh9>#)-Qn3~3 zv_Qr`r7hn_{55uJ(sF(cZw*bMD&Ao6d_rup0{!ysk4)t%aqVXY@uvs7L`;r>W$2{FP&mUMm>gdnUxv8O|Z>RzM-29OEg{G zz-^zcbK)kJz|%fA9j9|*CYFm~j61fs?dQ+&JipsLZin^d^Ag>$9{W{%`+W68@wLXY z$@BR(ABRX3`!%)KefNB2q<46;^MG{uO-wH-+fs zv|hrJ+zl)o%M8d#Gg&&s^y$DuW~~E%a1VlBW?t00=SOY$%nJYd;`j=GrJo~bo_@#9cMiI{tf@(^uzlT zPmcVY6b>#M`Bl@Q^X^wCoE-6X^Oc&+^ZCU)*3B0CM0xWyv(R~+Lx+8qjemBgh=z>( z9g)~&8*RceXAKN9`A6_cBK9g>h=@qK#tFQQaR8lnw_U~mTg+y?F4yRNiKBEr4FZX+Xi2Oj zKIlwN93;Gb)s}kdOxiPu+<1A&#^2r(wSPsHQ1EOs7U`1vuknPE}W9x5bnN*CuoY}ZA|6=yu#O; zLr+=k8k%MA>-tjm|8;fxh6Z_yG^{{dZsXw}zV4$p*s|H%tKJN-RKaoQb3|mHGZLY? z%?7kmrlH1I?`Pw^Z#>Qll}Ele9MCtK%4xi0YrfW7_t#Hxj-EJt?y7*Do9n9u$IGTH zv*I_ZjF!&}h~D{-s|MLBdvXci_k$_=(37|=5!Q=l%Tvfv+^;KfdQ=dLqD3D8>z!?) zT&!rg?CF=~JKC`DTa1#>@r(k}%>Bi3jTm57^KEbice4PiADWiF7we)PZFxK!Gpa9@ zCn0~iAFH9Mdo=I@$RYCAA5NdnWu8jM`S#Wh4GNA=d=cdC?M7~`I6Q3LH)JlD>8@+{ zh8&X{@u=-PWkV11uhFvY9#*{4s@c3cfoASzSCp-YvCoI5>*8d~9x-Wetsa8XP`!HH1qD*|q+h%!XwNH&cA!*bp>K5@S;$)A4iBK! zyWD^;N5i`vM?R3ofkG@7-O)h#=^92NPVVLs{`IkOXt6LR%^NW!eOn0AV;bWM8Sudz zG5@?zLVyfAaJ;8s-59E!mZJEDXZ|=;Ly|FY`O3D34_c~6Q6QK!Mj!^bclCf0#{>PN zU0F$y<{Iv@N)!cwhU+|~d-)Jg3(TG*wx?h3X%lyD#sC@`5KRWcd%fm`^AVD44?ySq zqi$NVn60!&9?#$qYy#{y@KN3MOzNEJ?rWAfq%C8RhfIG4Xu$7AbH(HO?TQ{~pePpK zVAYdxG#!O@oLhWsHd&HSE^xWzcUu|;4f)g$!w$b`>w%94K08>7d+vQ+h8!K>xh19G zFAEK(uFu4z0(GZT(bH_TQ_=VARPyF<+m}z$rpM=j$|x&F z>*4M;=Bk8S0YNbsm|m3gnISmOMV#yIuT?STVb>3z{)L>T#!;5{mu8FS5$7<_cWxw- zW5Q*_-%l)FN*6N^{1>62e#CuX14vUS*@)U-TTtdG;)~Y1v6M4D8`vm_O;SCx_+O&# zn1rFZePrmb%?DzxONR$z@mZfv2jbN@qshc#ZIj8wt&SvWG5cfjD54|D#N<(N)MAeR znSMD*CeEu>aj)F~#W{$GHyK4E?hY~}@gt%7er%54<4Y3{Gx?ESYTuP(g-Jbh+t`Gc zgG2fxc%?E7pN zgo4~rP?PVQrgvQ67|KndpR}|=ufN12Zc-W934 zI&b$G+Krr&t0og6=X&e-tjL+Vo$x9ey>3npBBWsxUV>$jTD+Dv)MKW%N2TX{ zx!&$~fick+H}7o5gw1AUtJ!wAW4KtUlyk%BIp~^>JoHBrA?ub>`rp>t8~4!pLsqeBEBt0v>!?0Gpsu!K%LIcR%FuD=6d zmw&&2Z3jR2TU-k4ZG)J*mOCkk{!xT|o5_U!uV+yd0=qTL95Au>(+6^EYuup}9Ks_c z#xVf=KJTxr=|xL)ZvY(>`aaO-tdeRtRV zF;;Sh4~aI~DDUfvau(kqx5W5pnL$ET`H(;n86cY_ohCo5B+sxV%C2hf!tmu(f7%KD z=h~GI8h~w&L~0tUH00wt&K=u&wv^qg<1~4*K++?W>Q5M$<9WReeJBWBd*IepblC$q zQ*Xj^SZXnXJ)+pXmKXxBEepVA>uy6DMHmmSao!IPFF91~U`OFw4fPk?UYF)9g(UqK zzzW>oQSfkA#=~>j{gp${L-jEBxr$P32URRa+Q#!r72EZiIjdHaBL5^lmmWzu^YKR7 zjQQb`{UTWXzH-8^=DR-@tNr3o2-JRwr{;G&5UYOYFbMia`k-2GiT^vjrSalmS^GkH z8hZq_pvAPORJ4H-xS@k;!lrX6Gi_*CGT#|umsCPB%?04M%yuz$)AU%1k4iAZ9j%YS zDfR2DB(B*bZg-A~#5L;gqyV2hfB2jgW#NF^~X_0yc&8Ghio~h z&?VzP!;$X~q{nHaBv}2C#im{k+Q)0)CVk4~W%Iri%KJvQi z+|MGkpJDBPww+0FxGnpTyKU@kr*2GNT~v8_ANjJHZ4gY`W@MDe{w8CWJ2))+-tJ-9 zI!|&&iR0bE_umf7zPCH6)apUSF848YSSHRe>ErB#zp*aH{xr+WB~T4MnoJNX_T981 z8#g~`LnlxR&Y`DK3p$dH%n~}1ivRb8w2vdnxC_Fp_7L0X>FBFEvGw9^+i@5Sv>MB;uNxM2{&lDKSEh+B5;S{gTvs)Vz6!lY`f!>he2$llMG<8 z@z2&cyuzUBSDK*aPIlTz#D{|iWZ7$AHC_*h8~B3LujllO)5zljW$DtLp1b(*)zR?% zmAIe36b=yFG5RiSzYosmz24G?VC<`|Kx`}iDHSiLa4RzJBVet|wtH9PUo4N!Gp&Uu zq}GB?yP=V-7l^aXOF5$jDsimm!0W=Iy{LW#fZ@Lx~rFF0LY1#!G z==7Bf_Izdy`@%#Xg%^K-pQVH95P%^2O~V?lUURf{?i<8F}CXiZm1k7+7cP z1CWs;`+#mk!5oqcsaJ*OqU=hAK{F@6qk zzX4i(XMPH8C|!u{PvtO}84C_C(Qfr$(PMP{yNXnC$hpPa%6^0V0cU^D3hez1+8r;8i<=Cv)atS_idqL11tDT@dc4Rym~Yw@9(#MWyqhk-{26hQ-5$JuKalP# z*+xK~S^XJDa(&_{qu&mWg9Op%_J2^t`{}8l`kWEQ0Sk<=4XOQU zv7Jt=nREDh-M&?bs~NTxuG0<2vL9#5HGbBtkvt6b8MKUK#(}rQlYDciIeci9>#qoz zG<6ZMTiHdio$m|$J7wKh@$^EFHPG@MFi9sle$^Go07doY7Z(H`;#-F!oaHJQR2N?t z*<_|z=A!;U@@1!0{8lhoU@fnTNXJ3X8$qUlCzrX@GBCH z^(uRtEma$D8K}ngEUs@0ZGWrCFP+VtQ21!UfBaxWzAO=P^L;@Gv#jd^4=ghpr>=+d zC$n5A0JSz;A*hiMrX-7a6fc1QHj07j--w&bA}sLPwl)L)8TVs7c1I!o=@~gPJ632v z{s%Lo`PR!jG?ely3)Dj0k4jLSM^_4_eK(Q(WurA+cn#M#Ex&8z+>MI|a(`gX#f%<= z5F7J=-BG&VkQc~*j-k_aSNJ0gIZ?b_o&-hV$@VDRC4kHO^wK1$cAO0|Y!l}%IBU;} z#7Q11L=QreEgs>JcaIS*4fCTWap{u(kNBN+{lAFc99bCl)M##qi}2$DIyn!>pWj7A z>3ea=F%356)qzKSv@QM&kJW3VmCsne&P^y9EF?zKs!KG3r>3U5-ihhS(Sd@hKR9AS z7tGD*l|MiQlo0(EV8`98keTwhgDK)8-S{BM_&neeNJhsUIbZ1|6578=sYzZC%e7l+ z&?NwlFBka6b?Tq0FOY&=Cu51o?tJ!Nf?e*F8-qRx$XPDp(uTO8+DJehJI3N#_0HD(yPK}B?g3p+O?yYM1FL|FdU`$Nnty9!l%`fW zyXS-WKECv{7SH(YUg*1#hZ>mOIx#!^Dl~R`{0|pet(kjYUP(2KkA^r~wFAmetbMR` zn3LWZBP^7CYxY$Qs|-8D?-w=n7`&H^?2O z{i6LimXeksq;}lWrx7$ZF;G-7F20a}FaLohwqM8w#ArBZCKWfVwvsK0AW_Vn#S;gs z>Ya_6VK0ZkT4VlAMNpsq1bDoN!;T0%v?%&WhePS_ey6lB#9YC4#R zX+|Jjp5D-N)^)%JWKTVsNFo@Nbzh^T%0K**mi_b-Ss-AalE}K}Cr~*0q>5nIb*qP8 z(Lg*2+b6#DED>(G04oK)KAXa2xLGJuk`%IV6h7z$SblLfhh*Vr)v@Lbc)+Z@F(r%9OD&ZQ@?kUu+p{d>VSAPrD6GTbQrE#S_83m&G|6U;$`KYc zdzTckiCPl%s0z$3V%Zh{KaFQPk!ke+KX&ZxrWyOvJe~s1Kt)kfZ8c%*Tl7L>rE;(} zizrFS`j9lOcr0|28%r`4s=tY=ifSF@pk-XgS{toganh>;c-;03Of79hOz=f?$uk0u z9x$7fq+;@tANdXPc&kK82SJt}O)MQMjPr-)A!m_P1GXIZt$Wm z@x%_yJ_w+EI`+H~Ne%UCHPv)Eaav!1LfId0W;GIvp?P)8hpb{AdFK`=gEub+7JXoU zg0dp{7;XM)Igf>mzk!-?|18KQo$;sSwv-A!eB0orKw7wnq*^4}@9>LYNk!98MQ>w9 zZ+Nw$sXt7@3bSJWvSJ4wW2*<1H9QWTSaVFz6vYaC)c%zwDHp0MAH4$d+{3a{_KO#= zG$YuOlFB&@FlYDGO?*WFZEn;EncQW{$;J{6D#bPrGCU}!DuVyaV?nQ;f}r;oe+u2f zSy7Cb)eSr2 zm35pY)|H|qRT##Sfvx;knmU#&+u*B?R0%syL}jwA5;-`EvIKIuAn+98((S{Gb?Wsk zS{A)9vN9^@vDFc@n$2_Kn{DaJ zO5<9VFj~v?8))SXt>p(MHwCgDqvIkd7P|(P-a_npi5dp-^;E>m)>3QM6nvEKII(pR zWc1E4(qu6rn?Zvgc7zi`k-d{FB#y`@aJBLyJ4#0Y3!citA`0L#XEgRY3~x>XO@7yj zt_LZZ5Y0|oml$dJead#6@hV)mlSFx4qX@R1xGzbkL^7k@J3D5C`6txSF`&`Z{_1qO{YKOEYsn0`E zR}nTCm=Q%OncaZ#(E*v zTl(cYlO=JARrH>uDVFiI$~F})vPfl3@YpsPMYXg>E9a?e_cQXA5y#XCaO3uhRnF+x zu<7@-0Ck>$HBh$KB!ce>Iq?=Z$WLH&sKxZUFQ7#dm6f%Blx`tbPu%L1Lqq6eqa5nG zG3omSQXH2z$>boKfJ#pO*xhG=WJIFGN{uUcFWygf5cGHN&(`L*P)a5 zwP`w*%R7^So@gbIy1d>xFR`QM(JRf#A6^=VnB;j3-jZt9VA({$L5MdjDgDk|r=Kb| zR64DV?xJSCX!>IzllG;1h+au)WZE-&E=={>H?vRXgXEUW;++KFy-Kd-lm`XLLrVL6 z_^i6^BUe{Wpp>eN^^f#&fXmc9s0&*+`nK_sY@b`4wI zXRx9~>&~8UHreGccpoXhBfMrZ>6%=C<*3~4v0qysH*yu3PRa{t8LI;mIga~`Me<_> z$*&X0*Fh3qF~Imp>!Fava3aJLhw)I^Kbw&kw&;_*2sdA24mYHg4_FWnf)y!_1k83P zLuO9EW)dwJG)vVPb}wX86OBW;$ex8?a3_}~=;uutduSp{+Z1E+!T((QQ-~SK`oUD$ zO!)&5Kl#V_Q`sYKzJ?YacXGVLBD(ZmJnasiAr3UwL9k_SD@)l@8&N+3X<4=WzY|z@ zqQwdrs|J(mGG~H*kZ^2%M^rIt5iwMZa}&KGH^69ZWB7ox6pg6N1%MkfMInoDRq;)s zT8eb$I|q1gB%el|`uflFLRJh(&EGN&rdtVk?J43ek(vsoYx>50T;}p_mQEZ8WP4hR zmDd3iwKylu@`1E4WM`83M6L(aKbC;3!d8_6jFm*rkyMis0Y!1%qaMb;ZGL0MkVL2* zR7)gt-bm_OOeswQfSnE;bp!8lm}YeB#ZCf%6q+W=S?kI6pWNq4Dsq|18N@<&geUX) z=M8^zlZ6X9L6qA!*~>ySooP}G)D|g3I*ColM%H4tW_AdtK>24+6$da z7-Di^BEV?XaaoUB&HK>R%4MJJH$l&9rGW+_OR5JEP{-5-a;kI+Sto*XHync06*6s= zaBJ$QAL)M>Sx&iQl*>~Fek>!2S3`=I{d}O-$UTN(C~K16C*%Db!-7xZw6sU7F5?-4 zD_jj`!A!xF`Bj)_Zm*hkwWQ|Ks&w*#Pi9_&|y6`Z@_|#Th z0&LJ+4Q*BrihXLYbfoq?f6b6I1v}zAt|$Z*P_Efr$f(mwB<1K9LZkiz^D+0wLA7T#090^@So->)E_4b zl37-F@Qn)?i)B3KD(-2T*M(r<$gGDC%JgQV9g_i3AU>)uUQ8aI=hW|hqZ3XPiD2QL^@vQv}Fg(Ho!lak;3-$pN9@gKWpxnUilMf;weABjH|!AVgXfOk*waMvts4kcHDO_i3`3JP}#(C z+O`losE@kdJg-B0Vplt6bYeH%?@P~mg_6pQ%U^!-t3zMc_=FJhHco|FP`2>_BMcxk z|3ood;eJ-M)lxD3*4GiKv0xR?V{iZ(O710zcLz=ItYn;|FE3>Y&0~12%?z&3B>whv6q2(&9);&^ z%_C>O-w(=od$h7pw*J`C%onZFc%B!;xcg&<&Yxcf@xdy1>BqUps{4gvY zW6d3uSfs*eG{JilF?TR*r&?f~RxpxGf5Rj9%PEg`K!U!&FCEo|fiEhNZHuLG{inOt zx+i{A4eUv>=2Ds(5Lv0560GA1b$KUFTGK#6@Pe!Hi{QQ8O$r7FJYQMaB5l zk50`%(lchrp-|kP&ru~)JBxM!;L$e&m=^T#RH069utUCb>Q*fu7Xvi3YbL}R@KDp1noI28!}{EuUV23a+I zzc6ImTtP1?wzv6o|BOl~ZX69dFro4?bhDn2pv926fGFgkXQl=gEdo{{T#6^;9 z<(CkaiyPkxyV@$*IwF@+@%F)c5z+I=17H`lj>?iYK{;AW>C!85{We@NRh%^x#$s3A z6o~}~2J!oxcFN=UY2g~GxGP948xpuXb%ffQxb;&zY3Vhq-B@&1tE4Xc;E+niauSzf z9TTQ3OSavNa&xsyJZVZhylbzLd#R>mT1jJ@WjQm4xf};u0 z9hXa~IAgMMh1T=mQ$eYyy1AU+c3IPSEgXp%tEw|70X3S*seVi`h@2W-d&ts{HZcGZ zD;m0VY>k?ay5d@9kIO4c6KNRD^xmbnG1Y{4N*fiJmCh<7nqV7h1RHAt>yMkQNS%a4 zOU$J=OeKK@?;tEJ7E_xp@tx272vU?3QTVN6m?-Kc&L$~~CTkUX(p#AOvT}Ir(?y-F zn9I}{iiZ}>p$%qPycLfWQ2|uBIVfqv=)d(vNXOGPB(s@q2}RN({Z}_h4i#|fjtw); z2KqE{5^7vdTNn;1;P5nmu&2cm6i^wn>qSJ3MB4MyBjy?li-{UL5yHtM7Rchyw<21; z?R2l%RS;>X@&@XO#AaFX3slswn17Mofb@-|s)m|0 zqqViG2m@`J`va~slo3vXA(;9WL@C>~#c#M8#%TueS-GO!-cn521GPTYqiJ)0UKtZ8 zX$&4^QHKl17^?di+|`*%fe>#Tg_wBQNrm#*@+03K`3rmU&gue*&GzzDqs5|BsOW#8 z7^$gKb-?%lfO&t?CUUq1Ec*M%4ilxy9&zF_OA7RJXjEb+mUC*+-xMrv%NS_r|Cm*O zCHb#6<9qy&8$dRzeXy*z12CgMNx@7m;6w5O$6_Qyti2=*F)p3#q}DH?IB_R7*HZ1BMtzzbj0!{4hj$14m3HU9rNNORBZ5 zlZxHWTlWr?;T&FK#xFc)hcLun zy#(~s3&3sp>uwxPY1>0HU?_6JTH3x7Kn>$E0&2-&78${Y!;wVgmlM&jCFIx+Sz1SJ zShZMHZ<1|%7MB@ML%HdSuB|g5T@Tcc?kZDx6S13R#Q|Y-eLIXg6e%J}>sqvtLzWD0KANp3Vv|!!+qIOC{5<|E{NVQRtZq! zi8+{Pgus%#)rsooG6L3#2#M1&%T5AL8X)SpLz9N=!6>Ljy;h9Y_*a7O3)l?kJ&d># zC0#uzrU$w>jpEASyaMv;4_ioNFjaF`iY*Np4A+v@?9B<7vdzui#@1`@z`WU+3?j{< zC~2m^XN+ZxAMIYa5V%BE0`qr&L_)v*R63PF*gl}P5mtg#NHDJ+aB-Ki%nKJq#85ZH zz?rvkmSPI=S?p~z4MJ3+f= ztcxyv)5edX`1M~hIDn`k-w**~O&QRpr1EGrW4%lwX_O}cziPUOVv=&SZ(Bw$>NcRA zP-6-B^dW>7mP~Irj2Hc@OjCBX4qBmSEaA<~f)h^575$kjQWwP)ik_rF!>AZu5e62G zN>b#e)nQ05gwjYU<54!|A`<}~X&G)-I5c9ouA9aBrhHasy6QBbY%|hO*QRgD1h3Hu zMHycXAWoos5reM*h1&ZX!U(WujN$o zD*=NMbQv=W*a>-(qIGr+hgq%k67b#Y$z>@Vv$iVp77H}CQ|P0VdP#Vkrs^T4ena!; z#C8lt3JPztCFQ9dvrFzTl6Yg4y^NL1RrOWb12g3c*+L0MA-fYPX;dk2Q>MQq<5}OD zbHVA0kPAkLii08CfWxvyN`=M(uO=x-HJgIO@)JJ%daZ>oezf&nfzP-B803F>55F|t zo6f#mUM{pQzaHogq%1+zYo+^SNf@pnh#-MZC>pcB(KnZb&=^mL@U29X$A6yrG0j!tWA7}FbbLA`DZejQF^WQLfEy{h2OG}}Uw3P--F(q0E|_G0 zJ?M;4zT|Wx`-g^MQiVZLC6N5my=MfCtHp=H;A|>+`*xDP?tLClEj0*h@h{>(hH@OK zgJ6iUdpeu*c*%UdbuBA`He~gEg`-=-85mpE&_PtU*EyZ4M7-k0G6=gk6f7srlRcShr% z_{cjwBIX<-CUDX09=2e&2`m`A-&TpY`Na?>!9B~>1~#H zlY+}U<@X@cdrqA64y|OLF8za|!7$h+76+LYEWZkF_NIo0(m;u#*9!-o?P%9fjHV~J zwvmHSZyvHhl=|V;5urzc3i4=e9qR+UBXr!GdNfBylET*=$XfB2`#ZA64~j?h>DE{I zoX)ncsk;*`9#B)Ih2xCIDi`3$&euYF; z8-_&WY!#r)ACY@=p@KP?-W&D_?M&?{^T`qt5+;7>b8ooZ83H0~t8N2aCf?2#QCf?u zdL+BmZ}(EvY0GS+%p*m@8M&VFhemILDAv8djkPjT2B~(D3HpL8-fTpeI6M2D*4rMvp)V9N# zxw1>@5@ySp4$qpq8u}_VJNSrtThpg|^W@xi$!2%M$@*W1Tf;gJ2w^~wo!GxRbbo04 zG}$n0J)GaR9TEE+6&OhDfA_fhs%1vVwD(v2D~Mu2=p^?wG4D1NwkJ~;>#fO$B}DYj z#ndh(f&Y)KZw$^P>bi|>+qR8~ZQB#u&IA)XdE#VZ+t$RM*tYFFU*7ktTlfCBUFXL> z=ltmIs;=(cYp=ETx$W~FZof7zX?8di@9^%m71qFccZ+yz4)xCTH`^b;D#5CR2J|5O zz6j<@^>vP4khPKDQmb$7H-1~A%OzA}MP{c@j?0!Yc* zFGs9m4=h*)>=ZZ^aU#A^JKO5*2TIyymV#pUhbsGoVwcg~b%lfMd&`@d5+T1-3^Q#* zJ&795h&gMt4P%C<4Iq5s=l}Ae_S+OEZH)Yhw4|{)a$lB=zA`!QH9C4rO=L#dtf_be zmH0T?)`E+^!L!u?Pk=p zT~gtk%e$J$z|Z6Ndo|SDA8jFGq}0Tpb;053AyLHoy<{>j_tu*^Muh(%l#upfGSgOr z(=~(Jw1$M5+zWghPH2%ik=&5mv);^keNld8DSdSr>bTDE;D_H8;4FrRUpsuEJlh0+ zleJ0br5J%&j5jcD1P(WxB1cu`3;nkwZz~W+dV5O0F$1FA?7k)VYr7-jRj()T49v`Q zIv?BgMgF>}O93?MV1TP zon=~u?E*P+5dmX6%6lev@OzwYh%Ni!WFHf5h|H=aRX_b<)YE zBI{kwNs{)@lVakh$vc90e5TWR=)DVg=#@@Yy#TfYuRBwa=YVkCKJiY8*1}{1Mo3EX zoaPeh{hd8+IOjcBF=TT0_7DI(C;w~F=PnR$?4e58qWR`q@?fJLNo-IGw{7yE5UIo{+%^xCmb;|zBwi(N?iD2K!Q&;{&wMPht!#zDN{sH zkeswhQO8_i%8lGQD5`20jm(3)sBId^eopPLQ~lOnKiJpEy2q7f@Z-#t8p;Uqt`(Ir zK~?etaJqKd0erg^E)jPBGVuE{Q&byJukT z1QNhfOW8gGt|jc-i%>Ebdbn)oTqxk}Bh4t@jwkSLgfvTgCDYUcoAjDP(m}SnT(1K+ zeHkKEdV_z_7)wj5rlu#(2M-X5ZV z4yV+(Nn`m0hv?B0fcYUD`Bj(^m5s8TM~z5y4}6tO^1U@GcI5pGjK7O|2$cD%jl}Hw z_!&yv#uotwhx_8mEs0h?@MnfO6F zE^r%{r{=N{CZ-^bU@OpX2TTo&=cTM(_~&Z=D3Fz0ij?%K3(#-SJ+VXF?BaS#;dHQ$ zzB=$2+ct<=L&uda;&a|=AjDD>b6#uc1I+siH1XBHG4L0VymIB~Bmda8c)fE;1Je6X zy!Lw1I#K}5e6v9&_3DC*VDZY<8cx}?>E{536kJBqF-H)@tkHkLq4w|XzHaH~8uv=8 zMS0We7@N-45d?%UHXv$HbwtTH{RfIoTwq^3ltYOJ+B%73$XSZ;H2qh~FS0b2>SbHpmJ3=9nN0gB|o3SCTQB z63Bdl9mpn}L5^VEX|cF;gXyTg!MExSdE9^@+#MP6j1+GIUMg(*@T34oUb4_HH~ZOd zsD_^>d;2bS@Oxk+`s-TA@tz4NC==?G)NU!&K~!WRpN*%9$71}W*#oeh9^<(~Oh(~L z-g_Q|B{|~aB-DmcKW%$uNOM!-jrp1i!v_HIB1_q>=>oIKw(n1slcy<#$Vy9Ejc&ir zxj@|%Q`@=C6A1Ht4H`+^Jum9(Zufg$E%qzp0c(b}*%Uy2uBFA-Mg!3JQDCa6#R#xd z8ZgoR0c1LiJpjU(K5(;s91jTJb_@ift$#x4TLO&0Z}|q6RQZNs+E(?&OlV_>Z2@kc zO@-iyZt!J2U+Gt_yKN@LnN#pxXi6@|N@>r#BU8pBsTZ$Rj^bf(Z{tKy`Wk_4w4~^u z@V>X+N*9*Z`@r-|M48~PKb4T&eWw#V0$;!CcOiW$K=zU@k1yhT% z<<%8Q>8Viwg++%DdoFMfgkinOPp>$M-n|*w(sqhx=WfBSdsI2%Zi=1M@o2fND|hI{ zb(GX?45k~jUU zqc`EFAySYMp!@q#0_j0k-v=3dvU{Bf5U;5eQy+z_pK54=maLyb(HUv_%e;nNf}=FG{a>kts};#KhDl?mb%2_=O&=xEUk>L@i`hu2TJ-cc+p zd`wG%0R&ZO>>~^JkE*V;`BJ#tV)i z3mD;Bp(`}jxgHoYDiav?e!$#T-57VO?TA7Q1{OE@`o;g5MZYfaAKh+GdBU^XQ1sJZ zUaMK}EqQwPV*1Jx2YSY&*5&|9UoO`Tzw%5Kf!}!o>ZcOPPgs^-%*#NZH{wlG@W$sp z%Xct>C41ja^L@syz+6eFR#4+`2nP*^1Yy#z93xuhZ*H|M3QT1 z-?7x_uWT?%(pO$I(U%`XPV(^qv5_I~;_McE@i{KW@F*YhF%O&@LL$CCEqTp895!F85nhe@awwVI~bK^EYphTo}DGC=`Q)e2zr#p z3&+mS*q+QH4ILiUxPN_T5FMb_df01ARbMdFxjb)D4~#PXS$3eoW4f^Kq>8E+WFrzp z4W@tA+i5SM!L-K~1Bs-F+6=w?A#r}A+(qc;IVIY}Gy2z`t?TtL;tSI?(6i_YxiAKq zy;21Lry*PiBveK%jO`!N4rr-5TB2b#ed=nt)o7Vn<(n1Q>)Zl~di^Wo!L~iR;UkDp zdu|?_LE9=y-lZSGu?;|^n8npvO~)MvYAfa20{zAgP?m(HSORw-M4gcPK`8QuE43Zn zUewz738vsHDZ1uNF0KLyLOb4O^@v5lp&NW2fv7pv~B6q)nhVoxx4#Wyx!n6=StvPg!lwI97 z=^YR8OB}u;G{a<_MppvHQ!)4{k?v ze`KB`{_)DJI2^c#Zrmf-t9JN4%r}4>K5+F&(vDaZ<|}B>}DV$$R9*z&k-*5=oMx;pp`!eu-8`yh)lO+rk_(o0Y;pNf$ z8-e$EGV_;%2ArdKc4I=qSBWy~YA zBDE1HS=$z4XG9*Pv;v5lRx%ldHPu|1Z5B^I6ee zC!oa&W99*Cikrw|hG#}xGjf`x%lj+igZtm*UvpG(95l4uqJ55x{~KC32p{Tu55 z$}At_6UuqKO{ok5r-*yNWhr6@v&$La7+g-``TbAZp!dinnKPMwi^Pf|LnuZ4c>U)> zYvkW1VdQm&PGPrwD&(kBL+NlLFamT#?z*KPSWjL0WfJM2Pmh-)7|HwhbCb_sxU6Yo z6RJRpi%00nG$JLw1bxVtcJ-hZ_{7e%JLmUFADOJwWV^{E-Cc#)G?L#xr4dcbne2#e zO9C$lb-mVW3=!b-8C13ANae2EeA+Ssft`h*$e$zIa(t*c;$GK8wQlr=iurD$mOehA5K6mk3FD$#bxJh_ElyKf11UR02y0q$DgqWSFBn)=7jt)1Up-Qi*{*=H?z^Xi_?4b^I@NbOWqREsoY>2-kfwH zDG^*&OrxjFIx3KJ5>sUc3^eAQEASLYbQDm6`TmqNV{UO1C1PJ}{5RL_mfJJ$71j1O zIY%{pefT+)a^Wl0elS*#90PjgkNtr8PYwX&z{vY0Slc=iI`(}1EMnDr$T&Y!ozD_g ziXFHE80}nTZ^!woT*j(ch5hAE&E`$*pk_OqN}~moL3AB9Qy5ru@3rBq+x5PtK(H{c zg`90wC}tFpeYHC3rGG>X#*&C!>3`E7;q|d~0`6YX`sWex@H_KZ3QMEzY&l(9b{Qnt z2K(+IvBl34weJHJvQ@OUN5Nz;rDaLR&QAizb>J8kwpKc+%u$R!=J?yzkFqv3K$*$d zMuTyYQHQeRBkGap?x$Dg;~kki_vNQ;Dr05nB(2W1m+;fPId0oaU}pn${@U|Qxiil_ zkVRj*Yrh9Z_Hwy>2IgEknjIZx)W*4lnDw(SpUr>;95xL(p2NYx!>r^!4<0O$aIU_Vo+|@IZrrqM5UZrcJs@xCL5J z!V-Z%_w~1bV>h??Mc4}rG>@VL&ONl*$zxDxI7}s$DYL>%XK(cYng9bwTxKR-IF#O+ zLXV5(M{c|9dFd;#)y2RGD^$g;dcVm4^G0D&=%ae3jE|9Wzw1l!76nrk{VBGm5!$KA z5Kj(vkm@Pmgrllz=Q?q^rC}X+U?TLx@}tcazaQPRmF8rC0rm7rT!2CN?dh=(n^bSj z#8%+r9Kuj2!o=KM?RkQenPnigx{Q(jpq?TUQbmY#<&9WPnsTtlg{DjWBT|RRy)^3<4Mu;Z==vfo@I^Hf&?R0N( z)X}td46RVZi{N0-U4tm#Fn(Oh89Q~;VqiAMEqG5CvblXaZxR!0m|El}uLMxxGQt5$r4E2!hdeKN z953sRdS~(7J6Y#Bh1)$1U$5&=d0+7sGFeK)6#>(l?uWFE_#RFEk95qdNUw2J!IxIf z1&At}tQF^IDR~*cmS?5j-#t`*Kgg0W;y;MMIQjXR&$CZB{Rl#moA&&ZZm;a4{yS_b zmYOoylOrcFYK2T#Ul_F@VS@wFl_?a}cpcdlZJW(B-J0T33`-S-{LV!GfFp19E<<)W zo~lf zeQ{56S_;%Ju89c@0fP}r*4Y8vj2^APrpIr3RFbLW^=XPfH)D%03-o*KQSM;1(M{85 z%cI<%uQyrYwXgZ5+K}nzb)&I-9m|(iqu?_T%)$V;9T=~IUEe++FF?8vdUxH{+%9z4aX zeiCl3u)!VN3k5Y35R7R@ezvo^uJ^>imy7PK)G6XFfH3~`PtLMy3(K3DqfNWsXJ2mq z`2qJkFYbMrYH#lKyeGIV-O>Kn$d5STUyb&d6g^EN)!lIhM6J^{H3AO31o7*sYU62# zDR(a(gzj!yRD}4wc^gG$=v%3*mKKvbxUQPR+5a~r06JPs)=Rdq9aY8fPJhSNAOGDC z|DMvDO()~Het9!;=4B<83<}L#XIi(8yWv<6Z4=!m8@I=C^`o$=&g7bmKI>qd>a}>4LhEQWmDj~0PCtYE{|P^PQ+fa4t&S74vq|xN z#|^i7|Jj#rV3VquOjI(BgUA=iOHNrx&(y^%F1CniNG%e4$OQU9saWLuJ-nGr;E8MG z;CY>`i7n#S@-9q*X%$%`#omUQA;l_aeac0Xrc+kCcR(q1)=y8GSya8d#JJO|jiy<^ z{nAy~grygro-`@{AUS|i(hy;q3}Kwyo$}VhYDM4cnENvtlfZ7K= zIM=GHjrJP%(%HC3$jZh{3f)@JXsv?5W~r0z!#m5a`Z(8;%@~%W;bDnQrWhs&XIV8m z1T7h)z(Th$;@p37ruDjz)A$ANIPdpkYm^WH);sdv}Mj2j<0(*pbSD z>MK!YV-`Hb%qhMFGy}NE7_4O8m$i+5xO1()R-pz#YdV?gj0qW_@rB6$5q#LeneIz@ zv^bdbfvfDBH{RClO?yHcae5yiIp|Q!=7i(*g-^G@t$+kVkRax(=&aJ*M!Neu=kw`4 zUq&2Ve6lrh583D?Edn?y?ISfm%QZj8G(S%@`LQW2InKO?xjUy{5-^`*ii_Hg#ZwYm z`FjSxHCsc8;^Dd}%Cge)Z8Qm7CkMxZqe0LfBc>B`Ru!|Z{b>}SQ6SI#R=SGe3~3BW zZ_?BF^W*Hw%*m*+=w&*8Z;^cZJhTi1E)TBn+l-ak%0a%48!L@@X6mbTU(j|)JN}VR zJnPzKr@>ya%%0IKO>c05yT}ekz7_OKsgio(h#}gO^sAeRr){<`;3l2M$e$2aMp=W1 zn}}F72sqEBab~dKc}D{SCB65!1N%fYHKAr#j?C$JjcN0PHJ35qqF1D93;cQ1<~1nQ z+<%n zH5Y8%^}P9CxZ>HYB0j~SzhJ&~3Ww}8hqJ3<^cZqQ_0lXX+wODOhYE#e@PrA8YTz*!>>ct?XZ#O`KZA5+wb6A(3ra9%zNAoV^Q8@Dc9Jz**&~lr97cgXBu2Fyw zT2VbnqpL6i7;tfz6`uOPN1&K$(YC7#9q@`_wX&{+fy+QFmXDI6)dp}kQmI!JCEBjo ztruJORt&UT#=IITG`(rxj?qYO>&?=#oCiccnHT>+44PRv;-G+@uec79V>!-kH@-f z>ItZKpBxp0($ycQBc2{J$-yG#V1B^7xHSbQy$+2LFHYU^B%|rr!Fjmtc z`L3ejc!x)Nr2!PCcOe%Y@eS{)Eh&DNAvn~l$$f^qOI#=o*|B@^skh@!d~ZcxZnqvH zzb1y;FIdXXC)3u0)e+^8=owqT&22n!CU8gbV{muaRtRm95;KiXm9tT5USsZD z_Ph~g#vF38-rm4-W;Hul`K|EA!c1egWO^GpMg9Thg*tYqJt}tj;3GTdWuB)QePvNx z_8j#&gvFAlNpCus4^>ftNVSmj5~E&1*RA8ou4X2=(BAaj;*#38Uckw&MU1mU#g+B& z5-gBmE84x(zl6t3zE;;WqxrAW z>lr~9kk|2gHOxJPpn*9H z^H=;(g!7r8Yc-f@3ZkGZB9qiO^}KBUowm@yKI*=TKOQe6PwU6=2-cl=vz&C;Xq!1> zCTJ({f&4nTkf;Jnj9^%zEIw8=5WUZOfW3cd@12au4-W2i{KCf~} z+B{$;42@jhM?2W{A#`Ws1W)2 zgteR;B0y1^It0n{kEPK}8-|@;k$FXOjISd{tOA7LaruqSy5+lvbsmq2D^As(Nza9S zJWJq_qzn@m&!GxCGHLvpZQdo#^7u^K$u;7=tt4IFe)nRzBfige%E#GeM%J!px59f zQd2DF?@W~Pv~_~YP3lGezZ|m(tX#!@(kS-gKaqC(XX<)cpbwgr*REfh`jMaS$Giu5 zv|0@v6zc(%at+P%i2$15dz^{!MwAM(9L_?5B?qo-mZt_;98@eJsGka3 zz6jj{t$8nJruLdB#*|0QQ_1!xWD1m00EYZ53a`4h~G4@X36*#OSP|_Xt z8pm{`!x9fM!@mS&Q^&x?IQ~9HMV_#J|EIf;$A-C5*vL;4-3bdxfev7wq?MW1>6Yy= z)LFTAk+B?tVE;869K*{#xs2%HEcP`sfqZ?4@EE;sg;#oqv0zNs<18iiD+d$aU;O9z zPPHEgqF3&DZ|}tGLkW~RCGw&SVwtE+k z!TQ!Dg1wDP3j9@0urfMSV=Wk~O{?bD<)lqh<>G1Xb8zKLi+&RO6@$$PMr2E&;&f=` zlwEN+m=R&4wIP%T-QMDP6LEJbKH*~SJa|PF|L5I{smRrHe}Dm#8{%Hl#8!=aAL-ZV zPi#95CBA-$%sQ`OcEA8_(2YFjdhkA<*j*-l?Xq(PFS#_D&{PsnOtg7P4mb%RcL5Yh zejvZ@8V?E(poJLXQKg&P}Oqe()%6^cJ6+G z?q2PBP>e#?(8{Q380!uo)ox7g_RPHi!lomZn9P%M@j#}t7h!_W-?3Ch=3~-)o5L46 zFmF9yR>uBdI3ttjS+dr>Y<=g}LzY>lOEGLDdpMdi#)ap%TwO{wW19b67(twzShye~ zB|VQU8HVqMQg;x1sz>4PTRjbZ3)LbH>cb0{uNqJMKyr1u6}W?7Y`1+9Y5wK(TObZY zFLzvyeNGPny()--G7CJgZB?7Y`&K2VOXG?Src@x+&K)paJZI3g3d1b#jdmdq6ozkxzpY&hp5y=LsDH-a$4mCzU z=dABLL5qqV1_sV+Ii>zin{lbPkNPAHVJyl1yZFd{SuHnYZiEEJRvQfc17lcEi(QD< zh6dQPI@^0uub+SZl{ z4STuAt#?}*h2vgm;f;l|Q!3u*=PN8$Xn|aZb8cU4t~k71Zky4YP=?(5ZwpR|Szp7& zGrKFVUM!LW+v7qia){It0LeR}%Sj5{K3&arvQqLf+cO(XV}n^i z2RN57R4s59O_WR+{&IjNiQ)}~+cMnsa!NMlz$P!&jW!CZ(tfCDk|K1Jht$eH&6tSr zfi<^Io9pWWy;G*x5@)@J00n@xl3CEPQ=)lM|0-FMDZUsF{~s8?Hbs*KboQ>~RYb4ax3QW=w| zBBSj>EZ~a(^=^)v{@O@>6<0VXUOgRU#W>Rw;xYrnh{t+(TMZl?#^m+jV*BK1*aHlN z-p})g8r9Pop~fPdZ8oNEKZK++&V`m%rz#Ocd0y#=N(C&97MI4LPnT1=jv?>oM5O7{ z9k6y@MoN-gza2Y`iSqL7;qE?9y>EPgC^$KF(m!|H)m|g}ZLF>MHu-Z8;JK0}OdVCU z;r}o$8ivm=>O+cvl{$o&H!W6}1gpZ=JoP8ZG0-B9=@gIK_H$g|G*cv10yGru z56ytQ?<=+XJ3S28JX72)Rm&E`qTEDe4`E3C61z&~b+Uioi>dZLS(s-m8K<#v!TUIOuOr0YxUpSba;E11&Bm_IaQNtfVhVPj2+W7D9Sj%8^+_ zhFVquqzLjhodr=|6D6)aLMQ*wi4wMDGe_YT#cGj@oA>NWXOcV!EwIMu=#e;kSV;k> zuo9J8m=iOOA!i(Kl?`(qbpvwcY+Y3ov4~mULH6M2E>TqjGlO}{uOKW)ef-d9o>mhc zea4)Lo9H&cNi)Bci?)8+F3tC^p&CsO9hkFMNnQC9mTrbdHM1+O=5VWgoP0*)hOXKp z(co#k_jvm8>`XuKNQbQw#&uaf(t{a71Mt)WCP-P5V3$XDnuS_tu|mhwA+&ad)GrKz zd^O?Nld;?+8?lr_bFF5<_-!Ho5=j++7s?vRr|vWD$1qXatZ}#)T+a>m8QV`&{Pai= zaniB9dNNPJ>WxO1wWjsa@fpwv4S0+ZSmDWKjxP_tKTEc-d?qp=S}7N+SYid zcuy9Rxynkm@ryYyDy~unP|7UupQ4$H&W&T&~jr#dqFO%g~9NEItxyMma zbw^Xcx@yf@z$Vg%+%)GW2EvJFcM>7DRpM8b_xjnz*rkgvr(Rc7 zkUpu)P`Iz&SKP}@)7o<$A-!SfgmOe>G7=bREt3Mp(Ij?JihhQU5W3AAvr1=t{q0Tx zi{pa)aZb_T9?={=4X}qq(Ug+4 z^-~kgwfp}2JWBfZ)c||L=EWB^_CyBl(SN~lvAwB6mcZBVzJ2Rks;wu1U$sDmD;`)%OvGlnsUs=>uwB*BgYDMCP%O9 zAoD4XzXH!F={Key)$T@wMHM41e?ChCSW=Jzjogh{U`N}VCp`dQ>(znHxyHZ4lX zh{&dK3#rH)y^(qEojc9GAk@8WEz2S=rV*MU+wiD!@X*1>t5ux4Ymz!q=`%OFYoP?H zHE4cPVJH|Nv$Ic=6x7^y6_IZP&mlK8uDM+y3C`JM)bnPKvP}0%X7_lJynqmp&0w+E z(2P;njP0n=?~!U?nQCx6Z?UXGy};MVx7}075H2Nr@ zhN&Hq6v-a8jXl?w{PqY}AUyq7jh3!?YV~w}aLJLSxh%{n`g{#J_hU;P8VJSj&`>wA zS*GoIfnZF#`Ss`ey^6UmN5+k_3}X$HR-)RC?4M~0`BFqq|F~z>+&!o7ztyVK-lNs^ z8v<2TZ{d$N`qO^)Q;!o4eth(tXQuuC?s!QdI{hp1!Rvg{sHtNMoV22fbhUS86CNA(; z28fO;yOcsm`_(8;fB&);C}u%fEzQc{iDkAz!)YA~{UNir@yLfTT=n1WLEKg4Aa@MI zg}3G63xcs-wvJs|T$d}eq3gs=FiWE3Pz(w7w+n}B)Xw9ghB8wZx^_+q0v(L~X9=nzEQ;}X zo9JhtveMpOv*?4PltePfEd!Wk72Z~o$2^dr=!w*@8)jL*fHU6M-O^EuyYAWGs8l{j zy?hg~s4T6B0ulE7(n5iV`&7A_Va#RDAxeA$<=2&aE-9UF#nC5%8q=75DxJPeXc=5z z6v%g(i@cmjwEn z@Ec*ejV@SKeUR-zR%w)55ku0ODBg@Vb zTb-(qM@CsXHq4NLW;dlS5n~on!cMG@z_W!Y`#|8D1+?wNG|d2Op5wXrS;SZpMU2}- zw~2Z9@KBEtmcd(wNdkTSVBMQjn!a4q8)1zskts(*qpl+J8PnH(af=}HbIC?`!uq^A zl1>EL2gsBeDqX(pa|q9#$tMA^u#yn9CzpWk-e1ypPy1`Gyf`uo>2QXw%b;l) zdoUSk4D2HRh1=-()Kx>{$wobNyBtxAQHsCwU~-jkKM^%!on@9ujxW96Cz8oY31IZ` zh}ursERUVo8mLT6gWph&KgV|OP%C|-nd~{8^_&*vzd`p?hd`Cqju7Z~8jNLs7$R*n zCNS-z^l?iRX%{&lWH#gT5O9s_s5rZ?mb{K{%NL| zs`QRrBL-y7(&ZYS0`iYrc%AsL&MO-6OW;&UBC0e~Xt)867}N*{v!(-(g8)GiK(J2pdS8(=7#dYq z3Yzt{5=>uj;n^sK z{^udY44KUByO3i$?V7h5ydgK+N+F6oRt1yh`*8zBi!-!6PVO!}Jz`6NKH$K1fp$Kl zyub>d>tXLG$B$;4xNIu8=uL)^k2;lq{7+@oAjFI>91idr7q}|B*PW010RgwYwvIV$ zZ&h9H0Y3A4)oR^VUgs-neTytxe2bN-t<%)EOXYy-A-xg9uJ75np5IXU@XOt#qqlaEk9-IBmU{jt6Dm&AJ#)ROQh%2 zfK>oAfn`H>V7A6I&gHm;MBJqF-f0|Pkntu|V9vOd1S`Qkgo*pC7880;TD&Dul|!E4 zQGdnjxIh~la?NB2{r%2=L!ZF^6MZjwZ2xys_MbIT|3H`fonAjh;oN$TKRQ&}I2(6v zU6o8(Alx@sL#MY{o~0qy4?#jt--lth7btLZeZBJ2Gw^!nvA_4C*X#9c$Jp`uuyPsL z&!ooB~>0_xmqWKZkvAjnXo;weU}!aFj2z8ze7WZ^v(UL;kM3 z8;;-04uedS=W$U`g-9ew20IP@bumSnr`SH8j9t&L%U)(mFADf4a1=b6_L~f0X{m>- zH|S?1Rh=*+KO4ehYjsWQI)$QyNV52kcw4Ixit!KgHdaPQ9i$Iu*)2bOin~*cyFM-` zGPq1hj$PV&#Gs!Wmagd}bR3i~Mpd3lMQ>1eVwTZT|5dElb4|Da_L zV#kZ1kKUSm3La}r5ECgQFcukDq7d&1560}$M-qkVdp^&t>#KuzyZ`h7^9kd;?UD8~ zyQbMQ=S5{zU<-ruk5GGqx~r(;;N{?D8$wHBiUdrROZ78amZd3oG}}mbLruj?kRnt6 zpah?xithZ(j3y5bu_m9;ahkc;qdfwG2@xs^3g4~+ERu6m#88k9$*x4>O+C|Zc5A*x zY2a;}Q|>(`;Om;y{hT8mg$iwK@X2yi+X|(By4B&ZQT}Sk>~aQYg;Mrw=fi#vdc zZry{?<0j!UHwQ~rOYtX-(o9Q;?4gdeq1>{7#+o)06pZWei_1BRBeiXw{*HDP%ZV2xEpMQtXLCsk_MqjGE>RE_qZ z;U9ZMg7qb*2%xbSoEg{1EE&2`mr>+iq4Y;u;o?yJ+aeuoAmKQ+z|(O4ErFm12c;T? zrXJ$rXm939DH2JWX0Ct%(WvCM&3CWl=xGKNaR`|ADB;)jAa)e8neAANG|G8djC{_0 zapnl$b>OX1wjY3BN;v*+_lE5xP z6#A|$U&j>j5mPd%HcrK#{%0{KnBVD=iGyVORv+0o{BI#ASf2?+vQEl9tDK3zcjxLY zP!UJl(2YJ0=)1Xae!#Kw->)*#9XgQ^{N^t1C{}@TP2xJ&>>)UQkP0ZU%#F!)tGh%2 z7FX`<`5R~M+%1pPKo`#WD2pu!fG*On2pv2dSdsccRENx~?heUO9a%3T6WU_hZpdFE zM9YN4fX9@3w$zc2_w2OQ)hv8A5n^>|C9-h_In#My>>JgO>(L*_&Z9ai{*pJ-kEiB)Evw zUh~o&w7oMED1tP?%$#f3?^&h5XfK=-cOy;Qm1^Mny6^2imE3TgT2S#-zj+^oil=@siFs^PwMTx60bL zt99S9X66=d$$HoQrRT&aORqIQ}={G8jk`4t#JH%Wh3vu(wB8GO@|!4jacyc-3NLPsY+qb>nI4Sry)5z$rcG|=^fjO%dR4YDhP zdu5U@W4O)s41-Q{WTp4O^<%ONcMc-maYUnTE_xpM2eQlW6zU)MI^RkS!oxEOQjrW~T7U{GxrH&ob~Ps8k6TlzW3r3z2DWXK@eTCQXM5kud5q z*5&<)m_xNp*{8|L4xvrH3PvDb`jIhk$Gr~w0`fhCV;YJTi}3I3)jx*cfmmoFOENVt zcO>Spo*3rhI(q#bAhMUHmsBXxH zC2TlIqI9ZW1-PPADhmH>9}l+dg&$?iB1Fx!Xl|b0=rU6R$bTE$j%DDR{VrPMT!#L$ z1~S*vAb1}`?I-ZA;&J9twrtQmv}d5LJF9t5;5}{0AU<|?goVO@8|jtZK+{L1syhtH zcURMqkKKd#%cJKxM^B9nrh~?W8zQ12>E$6f(bSrlW@{d`c+Vg6FJ8h_EuOz!jgD8D zCn$co4E17(@IRUhK22X=W3#yCvJqq2;EO0~CbCUmxo} zf=suM%@_uoH7ei!pvkDsjesY(*3%|rYN>LyU?Z1!~dDCHHeM-}dj6!Rj&eEbhHH#@OWNT#@I zg9$GnUe+gP?gkLI+T8KSTl3<}Iw9r32jt+PweE1Mjk7)5uP}80^@mOJq~3%)7uT3!R2-4buQsb!-RIJ3G;i3| z$?U#ztJcl)X}#==f$A%phAy$Onm~GOvYd_Lk4FS($Tj|JS92C!h=upw5t~S1 zVZ3VqrGQ*l27qhjLR|l7*Liu^Qj*u#E9I_L#KT)m6oac)dEmBWYr%y) z80_z@S7Q80LWQtLr}T6u7jJ~-XQt>D^_W_PCJTGu=cJlE?7`FMAePk!*m$fYrH4!U z4;S;>3QxBe5Bu)L!_Q40218wc$j0ns8G7taT%R7>vrT4QWP85yY)>2j&El07beu?w=CPgyZxC8~yD zIP2fMd~vYuc`d@6$|0J?T!3JGz1Oj3x>0@8Hny~_1jCnsl#=66%vV9ZcyTy)2-pS} z!Vafj%UPDhAwA)xPs*tjmVfzetxDX`A1lZ~FQ7(yS)T(U<_qvqm}md% z<6%Cpk9qMwd;7KcpMw`G`~NfjHWmyC@I^yd&Q5C^D&`@A0Eer$mw|qJX7WywZ_)8l z$qR8hK3dx#Uy)08$8wtJ;v0f&2}bj9QYEv%+;ZzDKODdR{`B4H`nGXJl9V-2QAlzW zL{+Om7d^rBKaJO@_I4UNV^NvU%ztMp1Huxb4d>Z15J@LCw?0qIcfb#vvJ{$;-~ zF4^~lrenvV8%gCx%8IBgr$YbP3Ieezk4+>ra-HJANUi}PcEg*(5m=0y^%)=ysXaF(kWQh z4^d_;$1Sgbk`28F*Su;9>wRVDZ}2X?Sl)HuE7#ZT3vr(PNUJv5EXr*>Su5vZ`T-tM z&rJ!qMIvm~OT~V|YyXj*$JJ`-rDEC|+(DB)aZyVC;~#5&(V)%h)*@u?)o~^noduRd zvs`VgSjTFhno>`tn=5S2-a#ZG>?5W{Jv&!Z=(Y)Nn00nCaxN1K(QZ!cZ+L9C)b%w= zHkZk@LpIEm?G{G$MkyXWu-tEI2WDKx&q$_H0VyL|l&~B_k;*UCqH0r#h?|>o%d^3F0N2QrO8K)fXgw@N=bI}mUz=-U&DO~J3D|oc>D-A6 z-v_N)kHzkamz`?K$GR&NCfaWc)u7|PSd_k1WZ_wG-|EcaC;$5S@)wKI&9&+59&7EC z5~y|Q@cjdC`ql+h8p2PzhJJ=hKY!2~zV6hhJ?e~NCHradYAQRAVsCld z=CTIJ2M7i2V!@}@M67&4A}1^_v|?v%ZG)UC0Ov*v@{_jgqMOH$iGL2XcnRWCKl|Prxg{>*`U~TQ@=4MF6WNpHdse!JE zKH*_}w7Z+LaV&~_7VHlymk2d9B{x>r1PM|S4M`B7+9@!GXxY`;8Wxbo;jm~&E2n7H zCj>?6oC0uvz$nFEleLqJ)8ngC^3&z%1(0>}^V!u8&%`XW$bLs_0P(F}|fC!DN1b)QU$CsTvS zsp({K74?cy4uYIwQOXL54*E@KO(%X`2}HiRgg4$ARqZ`i;RK%krZYQkAf&n^l;xnI z2M~*sW5W&EZuuSWty01{NK zy#YskB;_W93AqWgz{>juvHj#Gsy#H>c6kyx^ual>==YXYx^qb|@xKZjaeMQ89(8{1 zjtl4a?^Q~Xl;30CU6^EErYf(zo!e!_<<@@7@PF`(X;*kc?a3Jo&fnp^F;N0qS&mS9wDL z?})b=x$O*YbFZinYBV|uVUHb1sXANK0ZRP$JMb#vX?yQJ&-yQO{-Z}e|1S>@o9BO( z|MgjZ&iSt*q@2UAgKTsVltU)8!@JtM`s9PYu0aYgoa)Ot<4sF>_ZfE@ed?v{^_zG8 zd*){C>|@UPKRA3*&;Rh^_5RD%`G1bz2Kg3JHrv^s!5OTlSJ>Ldqq=Q9$Z2bBgMd2A zeq80^)e4!^)S=?JTPaKBErUGO8?|)38YN0^QcK~O@w^B|Jin)TBy^=Wff(auv9>`* zWe)k>8fn~U1X`}?(b|R);%sm#OZM)Jmw8ZyTf-?NU+?YhOPab5(Je<1;#zV zA||Q*7L(Ne@4>S}dp>wwJM>GBZ-;)>>P+FY3OjG==0^2$aVNCT$Or9t&2OKY%6`7T z-uJ&JyMEt3=JEfB2lf1K2d`hhUfuuC@$=pP?j6;}4QzF!h~MtGg_d=tMJZ%;+8_6~ z(E0Zll$hJcobxY_ek1Ql{SLMGdOtgI+l{#4AY#aTZMU+eWJeH6ZS8OmQNWjDwvmT!TLBG-ue%G>LWsS_s5 zaq0Wir}goF%hG>ONr%=x=FtDcgV*~t`v3Cv;fnr0%TLq)7M`yb{>RIrh2yj8VpKjs zq8tKUdqTww6dzJ|h?u8`(OQ_bjdnfE4tU%@OdGSd@nwWKt|AFPmqZMkkffwh1% z@YJo!>SZYU=jJ?@WD`I2#rZq=J&^x1MYp>8m}mcM`v1J#f3@=eewJT<{*MYmoib^) z(rA*UI4dNB#L`IU0%%#z1f)*jqefXS|G_R$_-~e1?7D(+ra}@-u*l~*(9+7qJ6A*a*NB`Dss{E-B&=>w&p8ofD0hvetU%!4?_y2yex1#^g z@>|jW75#ro`md*dWDSbM3uWcli@yC4K#5=~( zmhk(*+J^n|2yBO+rIX@9=YJ8W59>FN|9f><_y0Y7`D$-<{-5JFNB_Ta`snZU@%S#! zzXM-@1;d0E_Z;wb;Ljfkp{Gw~>3`IqmFLp{FGK%(8GWtaeEGlb|9!Z3u%iFZ@|#2d zzg(m5%F_D?mfj}{;(2x}@E2;DZB0M$ST@@Q=|802qlw%bk0}4|@4u?k|AW^n`Tu!- zEB^mW;QybT@BSTfwyR&CUxWTP@}BOV$R`UC{Mv6G{eQV%*Z=J89j^R8pXFCeQ7<{7 zG0?3y>R7uOO%K*+mYIL>cI54p8bk_%ikAshE5ffn^X9YY`H_+w(cuThQZM02dAuk!Z&57V;E`^feUszZK zIm0`NCWeHO+mzqSZsh%!vm~a&IEjmy$=XZev|!^rE@lIAd~)_i4lGMznie~fmltIw z?+qcpXYn{Cw`?YM$X|GziXHGDWA|c*6nQ)zvmA3Ki-PAYB2eK!Dsv_VYZET<=i%%X zI`kPWa>kIk*DtD5yB3EMCmM*2Xexx{J0Y2_bI{}I*!pJx4T6J%y^jZnF9umUUb|(p zd!9$I$W~X?Kh^?+%e8>uJEcaKs9p;+GrT5;jn|O1Wxh3Az$ua4ih(s>lb18D*Ps--|U6^U$aqo z_;U0j8b+qS5|~uV24<@y(0Z(MuY=qOZcWF-uua3&}~YAM70*1p9lz!ON@t z7e_Dljt*WA4qhL=_~ym_tAqc!{zV?gXaDs${|n{%^!+-||NiU4!&i0xuf4{@7i?zeZq${vFiJ*ZETQprLIkRp&VksQwSVkxN@OV9!L7K9TKNuQi5l{O<#75 z0FD~fQWb+3W52M^);2cQ@ZZYW?7stC)n))9_Ju0jpa=X0YBvygM|4dG_k0X1wmcmme|%E*#Hz;TqS^~Q;P$lWic`TKGzA} z%pclSYh5>4SB`8@1Y=8Y96@fpfNr+?4M3|Spuz%lN>v_L?5NUbH@eiH_U$Tbony}q zvjyj7gp%gm%&U&>beq22v5&DR;&hDr4m;%|q90q1a`M>1?yBUiFlP}5MEG0L+ka#17Pr-`C zCoK2Uv(2~G*(aE;B_clCto?mH+T_vq*DCH=Cvl4Ax=K~^C~LN|jA;6iI|S=RHP6by zw!W>c<~W45cYaKnCS41yZFQg(v0m5|>ErRl(+1@>_T_6**PPJTUv9Wrmovlo~x-Omdcx2?yL6 z^i%+47HD9#tZ4uq-qImU1UZf(lHi{OCp1a0+!%bvBB<66iYJ(q^&!++s>3|4bglr{ z(!utHeq1X&yJ6htqnM6UE{Zrr=K-}>L_rHSDigs938iZFjz`R8wcU3EWx8pDzXf&G zaz12AC>Y8%0>7bYq(cd&@^9ThZMKM|h97ODoNFDB26m$UTkvZ0%E46HJ>TS2cM8an zs$eP-#2B^(a_$y%EOxCu3J?cIz~4@LwZsB&4VEY^?_b?7bov=)a= z*~6Ny&!Y@iHf*%{1Q8p?G!6FmgZ%L28X;QIr{!xsC|XIhh!}kRhK*>MAl=?PPVVVU zY|05#s~-!pDXFw5Hg^b11k3`OpN-!0;v8JeicJLPZ2DVs;|yZH8}U%=Lh7_}8Aogv zdJwxCSs2-2>c2~I9hb@Kwf^t%ZE6uo`a1&}SHvB-SNic4Ip zA}^U-))_C!J?zFLz6G&WFs5$sI34kPiY^&EB?%v!m4NN6Z-k8va_q)~xr!+C=FEWeKh+aWodN}_8Vc91(5CLF5FqJkyH%Be1& zU=N^5G2#w&N$u2toQ+ek$;KnU1_N14DV5$-HPEznM-ncRq){IczwB2VZ*OIm23wOG z>(gIMVYS$_J7?QD%Z1chh7h>2Zw;g+p#J3GP{nv!@13pW`R)iFUYk~J{j~3?dS?sa z)%v)5M|pYkG zX*`}3geHP(wi~0J0eMM8GaG9o^7hT~xx}85Ee6K(c4baleF>@{5A%NK_SC?Q30 zQ4Max8(6id%s?g3IJMOs@Mw_m@eeA>iM-`wowh?qJ_+9kCzue*C_mLV2_FYB_-W>q zCRASS2_FN+^1*`SE3M#oS%^gdW@EsfoQQ7S*u8iL96yzsN>l#S6f5l5n*}GbL^o)i-KfLO&c_Te{5Vc3L(Hs)|BJ$f${>D zP2ZfJU!0yCU!A_e=4GCcGewx?EpUgLA4*20yr_0ahN?)(vTUj^;!S;5*E<(1zhgN$ zJ0~=XbPSE1+y;jOtp@dv!Q6HZxntDzk=DNfISf~U6ubcdw~b}f%E8x1pED3IVKl&2 zjd(uQ$LGy^NU9&F%_)^57bwk^f>}qr6dvEaUl8~5qbPOI-+&vZ(c*C9H0lA@h$u^d z&+c1y4bF;Oa9(Jnv9Y#XxWy;{-Em{n{`jnxQO^f2|#dOB94-geE;77>28Lt2Iz3Yrc5hyL3kE78lqgROCKH!6f{&NlUR_5 zWjPCJ!J_}~|NVa&s4Eho$!II)tTyD58O?IRm1qx1!&n;TvrNrnO@8NzJR^#>8JD+Q z3+$PF86X`}|G*QY{{frd`bT!Jzj2q>d5X)U9|2m`KbmPRng&pP6CiQ^>EbOO*%T8P z!QPOh5Lf6I@!QevuH?afIg-=+Z5PLXGazRpqe$8@W@Zj`i2-t@P_HXR6u*D52){4) zRschnY(4~a#5Gre>hm|Wpl@PFNQZ!%D9*`=e6Yz*uV%=faOxnr5kc(f(9 zO^j+1Ph;%@Af=1RluX%_=QFssznu}yoT0%EWJSZiM`R0hR$Pd9n9S6QRw9HFyu>zk zLvD5>cDE}gQ#i{vuU@>n=`t~3mjPmBX7IcVMfSz+i~Uz!Ust2F|5V=|zIypWVpB|} z=%DI~;^uLk&tlW8n91#O2e08m(UYp{dJxkMH-m=Fpz2J-e`9ZBE$xH8uc9=R$kz&! zif59&7Sn8m(x4Km;e~9fm@#NTLMc8AL+1@jHicSnglrs&6++CAj>!J^v5}3dr+BO& zcVdlST~idMnyF1qt)z=ZPDi6SH2mv)#|#OGmIeP_M`aNG7i2%1QhBj}rIaP3K*Zye zML0$~?Sz(~Z9r|kNg~biOCaGVaW;{p>gNfA4R3jrBaPn_*cr4V_$h-zP&vgfCKMMC zMTO1E1l;V#vtuB|gEfnlKwWW!?36al(K_IH|q?={B`2w06T* zNI$Zf7uYSEc>!AOTVb9YS0Inuhv?o**3pGa$YN1opYC2>zEuk*$PjDrGsJQ+VN*9r z$^vStZw9aM%9^rb!Xu$?Ei>b4HvS3ciJ7hZL$5Q|p0p=_!S1+HBfX79<&snZXgVue zSUJz*Da~g!|DX(?x+h&d95hT~>P2O8+hSw=aED+`g&mSG8p;0-1_MJtRmdea^>*fF zS?~-T`~n-f7$mci{)L6gPwxcYzoXd_nnp|rSyMQ=>uLAiSWZ2YZ2ZHJp3Iw$KUu9y zhL@fL?8s~!OokNZQOyEwhYjVp(HQ6v`Fo&UI6%J){2uUpd8zgsA)u-=Z=fAKX||cp z%vPDs1c)a4-y96~Uwu8;8|>{Kydcx)r6Hf5;k2MwQ%Gz*rJ0v}n$3XfF5e@x%Im|6jjYVHO)RZr(mf^4Dg17oG&%<$asflkwH&;ELd zzBftueV~=dLBWF|3nX{TqF|KsX#f_a0NBhx-l5K)zr??xQK>x>A^!hmP~r$ly?QJE`(Jj4ak?ue&QlgnI9Y$giQtk+iPQ05-HC-z9g+X|M=vx~2d8#~ zdQK9L&Q&uW^v2)cjc2f?=iZB_*lhKmKI0`@lHq{N^%narSSsQozGJov;-t5vow z{n{>n{rYWshiOX7h~j;890(-5M*?0MB!*1;*r(CZypWe8YCTj4iB+irr3iVa5iC-y zGd0@wTu`8(3{q<~iN_N{?`WK;Y%mJ;zw;77rwp%X#e%|0nE<+l5u@N5 z0XrFaHQxxe6O;GCROm2by(JT?uG(=6x>^UDaKAeE1j`aHI{Q}t{z0;fR})6ykIE?l zU3OKUN^9x#(FZsftgciM=7oVn*fYRuQMnRgO~RZGtM4vmFQ=#J-JfYLRE!d=CtjXD z#~NW0&~YEjlJZDt1S~a>-HYX+jWXGHA3m&^y8>KLj>!6u=Ia&@R()NMEB8(0?2w$% zD3*V!tX4EH%1i}@Jw_};^<4KEm@Wg=U4Y%~ZdgF90n|{c;hf7Rb%m(&lC%i^1`$2r z%NsGK$s3l?*(D2k8VL{$Vw#XhJ|sdt1?LR=+aAy}md8BOaL?gi4+2=kQ^w0eL%hO& zJ_zK9#z~p8t4YqpgeMXC4j+)hJXr>;C?R^F0(*%M=7NPPpw`2-G@723J0gdBcs1B~ zKO+11)J5JA!F=@f`5zIiMqi)65!v@n+iZ95hIQXAw_|HPEVgCckNd!%yJ;5(*<;%- z4z%aST^w-Ft?K~{AprK%g*NZYXWzSuKznzt{cgE^>p)*@*V>=Xhdp=4E(Wg0Ze0vu z&z-s$(4M=r0Tj7y^Q@KSemH&IZ`q^!FBjUR$Sb{dZvGRcpmH998L!Gzfx-I7kzrvh zWa*mVlxC)_>kF5LtG;WLeUZ*xfOC4kw9ldH+c}$y^lSrb?Kg=>ES!Z2`+@UY;Zy!K z2mlC8Xj^7Aeff}$c+RAxN=H&;Rb#L2db_h~OrG9!!Ub(xM4lE5^F4W4E8sZf)2xKZ zTb0FOx8-V3uLsxr>bw_<+U|A@Ur%bF91gG}c*Y{_h482yg;`naMLy}@1>ANf zwW~bRhz_IZ)II6MFF1)Ka`5uiyI2>T%u4xSZ>pC)l7eHI$Hh!aKn43)JcgVi6ij%; zJ{JDf&VZ;vL)CZVR@7q)?Xk@VGZIitnc)APy)kIcxD}6D|E!IDP|zgh-P=+v)^;+AqFSDz z79#X^{#;;_c1^;7>FUTHzUr->J!!En>xq=w`W<1;9!LdJv|x=;)d~w>6>jLaSq;_5 z#FRF}1_d7#Xil2YJi6&eSF1A}PFPezViR_Uw#!`#IU3+Br#xc28*y5&9R97x6VNmY zXj;VPiH#;_{_PGk5}`%h6I*s)zeAKY5OGB0C|kKs*-L#3J;gla|276JAJ#_OVi|0< z92B#R`BvFCBPcBVh|6pYi&(I@)u8Da_AQ&Wjv8nfI6s=$j9x?5y`N$(VE7wqeyzLf z#tv9O{|2?o925SnH?v~LBvi7e?s=$2dMZ89@0*KSiOMY@AUKu%=A#39VtNVN>>GNQ z=;?LcP6YS#)FfrTB{wrk+>*Z-EjEp4^$OpUN(Q0m`-3@DS0Ux>Bq-)%*vn{iT7VNUfX~D*`2G^na zC|hb0sxfc}eSqd1QUd-2Pv=2bjS0f2sUt1-{AF=jRa%5{O}gLR4eT&bvx_S)26r|` z7Grc_PYg8=_LEi$4K4u~81)WgmpmB|(QhD$(cy2nNwvFQ@|~o8PNqiPMZ*aQYE)v%$11)C ztSpfH(|TWfb#7(7#Dttx1Cvx+JEEHIjsN$TlH0^hMPDiT~1*i;Ihv-3Gn`=*e0 z{ll$f@Qrji+R;~X$XK=yoLDn1nCk=_PB<4TLH&>w_l%|F4~Khudwap*!RuGA|836D zB`4fS_G7xO@wysTf0^H-!d1_9HzbZhwyC4WjLCYikKjXlkk+fYLt0SDsXlXp85*j>>Tw%`JE;;dTKqGYcT5vR+_Df$%Z^;fgXrEH%R^rV^wK>aYz9U zDTp(B^4_@^vbDe_xdiAJG#xXz)^a8UQ<>Um&d@_$3;lZiW8v%z-Q9ywW8{x8;bjyk zulGC{#W}mDNwT|DkyIZL>8;Js|sg1N{HJ-Gdixd(8P3 zZ^}8lO}zAG{wGsG#-eS}-AEo*JFiCH~u0Vp&(A`fdk8N`{QAONzHH zY3BL~?7_2hbGFV#)^yO3l2thOJ4IL)KSB^Y;cUX(Nm;!J@0 zM7@w3>0`{CV2>Jp917nPr|6t44~$`>RbZlFe`;Ttuqz)ROLG}2@$yeW3K=m~!Q=M!h2H!RU}`qgo-35}=TFwFBm zpD1OGd!DTCI_?g;uc;LG&S^0LuaS(Z40kHohu-bbibaH0@o1o)ZFPdLmt=6Zs_E04 zQl`hCML9G>7UdAnBFCUXYxD)ju1LW(P?c*kPD#Y>>{t=>JCfYg`JZ98YmHHzp;B&c zLmYoE96JRB<_`7*eWR*5tOx79&(_y> z$o(V^C%Tr5Akj>&Nr+Ke@(`kIrs0*T8U@+19MiTXZB<>RWs>ZWlsCEq>59anq646; z2ex0Qm(z}JrgxSP2-zBE2Sn2QpD%Y*rrKOCSOw|(A5VAWYw};ohm56{1r2ZA`c=(3 zjPsTbZ{>G9Vz_e0=#D8L)Yr{fD&%sjk2UKbkPAkmpYyn2AJVW7F@U@__NKYOt7v}r z^2;Og_4jd~d3Lb$aG|>ttsnnxccAPdZ!7bN2dv{A{{3W|xlm^x>m#H;)zg z+0n%VqCY#JJ}3mV1MY+4Ks#Xn?t?*VJjK!xp^NS4rwR=1>f|BOp<02eZ0{!1)oa-4lE6nAUltuLZW&2LE}5w$7VNGrrY3ozFMI z)xF*3g}K%ks8yh=C(yOAW%@+BJ`k}FjCXa0+%xF)X|}@BVXw6*tYTl6k9~Dnjimx$ zyII4zA+WB3_KS^!b@$|=!LTk5_r-+6I+LCg6I)HOUsP-t?AFj&e<#1^;Mk@Q%acXO zdQ_7O#mKe|_0a-lom12|RMw?G4~duccK=TiG3(&)p<%OrG=Bbpv(4@Okm%XYz1$T) zYmvYuB52*y@Tg(5UeI4qEUkC^Uw%NXcUqr8RIPVh3#()o4zBffyNa-#gP?!fFx$D? zWfg1tNU^qU`)<*I+fLfh8FK3#!7A?d;c>Tp5c{PD-&%a!1Hx}zHBGM=+^XY;N8z@2 z|3sm$@wlxc|BQoj+sC|6WNvN8tzvVZFE+Pz1)n!Sw|yf$dX#Saj2|;px3!mt z#p|}?>Gu${+d8{Pi`-RyOG?bJG`OQ}0ExiYY{ zBBt)~-3D*UBv&ow!9@a&ZOK-agZ_z?TL0AvI;B%4G8$Iq$6xsHFDxv6Bky<`7d)4{ z#a-L+fDJJy>|?3)}w0@R(<*d;E?{Yq^Z&>vO$;(7J$xrERN4{_11n>%p<@ckUPYDFp7jal7 zG$%Zd$8kD%=r}ue|NE9LkK>Pp5x)zrhT4{&Nls~iRh$t*%WjP2zb2JjZw9v|wjVrG z?-@Ghk@#fOL*?{?C#HfqWQ%HI>W**-rPn*(nS^t2e4S}l#zPF;!`ej<++(X|Xx^wl z+G&EPqXu1YyTIkE_t2ya>N_2QZJk-s*0Y6tr{@5Utn-K%14}zj^sm8C)ZUw^F=N`1 zKYKJy-lAh?*=)yyDH*s}RFV5nLCiYF`=k`DHnnFYY8^9ve9HC+(_EOibxiPK6s|rQ zo5;0yx}tQoo=-k=O4llqSbHpD>Fk83DT+ekik~Wbg{E$-PTV4vO8J79#h8Pl0u3AT zfrul9;W}t0*dgp=$TF16-@LyhTVTd~dAQxh;@iVpV4uqo8fmJ*w~{w31y2(_Q`G9? zT-9lg1xa~9LO#uC0dyG>Vu5TGYknvzlW@_4-J@M$L@%{Si5t&~%L3hu=dwm^30| z2((i=&8*T>;P+c%8`YZ`kJCc_tKej_3iVO}cAJE!=wT?yos{02-8=iS@w$2C+q1)S z5l+x5x5xx~NdL{TfJ%9gvvDknd{)D>Y9D0Q(!d8qf6x)?QPRjzYU(m4tYiG_vKAl1WtnFT%M)8=5qIbWlxw87*(-{#Hdhqhq5v7B{U_j0j zMg@~ZL+;zy+T}ZF#4mP`IneRn0H>hiUW3hy8&>ZD%TE+N?A-;Xj1r6WA@C!kC;&ew z#XsOSJ0cMeZ&^Nwxq7a*#}UzH5B1+bOjv@JkAjYm$o_s1v0+TpV1GZzUtoFyTnnSD z&MY6bv(bBAfCGMNEHoY`DVh=r>CX75@^e$OH(Z&<#%-=2WEZ?bfLdlFqq!bx7l57wuF15oe?;y3BOPEJpwxJ5lq%ELw9|=~#o>F6t1sMHz2t`1#AY+!Y9LQ&BjGOZ6 z<|!&C2BR`bps^G6Vlt4{0tIU0hMXqyFL$h0{FbE{l_((Zi86&ZaEA?fs@y)D`6{xn zvNNEQjWX>5KIJ_RQA~Pbv8aQHIAAGds2wN;BR_sE$np7^2?*<$fbpPcpT2FPY)Bf^ zW3+U;X^SzJ6NcFflJf)&ytOYaE8UQWdb8qJ_njB_2=e|auZ zBE>jNa66>oQRkM0en4!}V&KKM$0sOANl+#lw@O5sYbi=yk2H%xEU3G&>rI9P+al*y z8x!0D|Gs1Su-;;<2cRD$u`npcp~wrjo-PG>nLdQa_*5aE2N7N-v4?tQElegdy)Hjb z7|=v{Rp1l!8CM@G@tgd7eDVJ5{r5-BcW~LTEN7u+g)CRJyZynzJ^{@dFu-L>?`WJT zc?n*>G_U1iXCiB^wL`++Df^{O#4QV4HOabB6cQ;BYMB?ogD)?tYo$Zv($H#xmXkH! zz&%xPyQHi-KqFiA1nCv5T%b}!>IH3KS<3B4i9~e|r)LtC+_6{!Qm?7ENk>hnS_&{3 zN*-JC(GFjMwJnwOvp3k^A2<@w!NE!bdL9X=wjuBe)l}#WxO&;qN9u}I%{?-al`Z@} z=Oq&$TsIAk%S>vim^63hrVW&;W4-iNV(_z2G~C1`?8uueD;*x{dx?GP&i} zFHhf|o?MY=5K#!wBFC4ocsu0e`0|we{KM&c2_d8fP55{)p~67BmMak_Y|OUI=R0Kc z-rzcmN+vKYDu{Dxw5&zBlY@3|Ey*wp*d;a^P}lm~<8M#juGim2 zOoVxysXXg;mVG_ub+?adqOCoBfBe(;r*nF`jQ`f?Nn!#Zo3!cf{-~P)%r$AJfInR{ z@B4YnrAh>23vYd^-@x?S7V7BDDX$~+&cDAt{lCsXTwI-AT)#QHJpT6W>Ghk_?~Z?Z zdv*Qp^y=d5g}r=6doQ?$B(wJdd}tnfFVIht z!hZi5Q`oz5{j+ATce{S>#Px3P&zG~l!F^+L3mum-hZyK)l|@$Nrf~UcD>;Rh^2s;* zU%&1pzdfgsySgZr%v0Y(uex2Tza=c+mrLZ4G33h0^U}SIjPkcv;+Oi) z>FWKV=}aCcYFz-={&G1r$?4*wgIFic+6hJ^jE5rXo{1xO$d=G2d|#17tjs z2*`PvMnTSpu?b22v&tZ<(+_Ao^~H#F#xzcL?K$>I3s9e{Z5TDKrHw2w)qYaNGlD1< zp`?v4Z@mRs8i5a@Jt*6rs@;waI5{;D<}|a_P|YS8WX)RtkN+S8#NnX(DE#9eN{wg@ z{6ofaT2#hc6(!es09Bhg=TNmWJfAZB*7~{7Bo>$lIp;VX8_cQf0nOpssPsqLbq}hF zPppC*Y6kGe2)EQVXA+5BFtl445Kb7i>0bva9YkF`_E0qi(0M~I;TFk{i06@#C`}~-&s{66(kxgBEy-r z+wI}C#&@^jT!*q)hbK-&LDObT?mSeRTDB9K7v4Iy%|+O-p4Djy=@Ho7GOe7!kRcb# z1^$g{P9(uumOy@Q0fqsgD;H_H;)b#qNS^#VE#2ee3u_SX>?b{j5~pJ(>Ud~??LVRk zPkF9V189S^{mfX>jk%^eYQAG&eY+4r{Rdw`=YZ)r+cZKzI1TEX@3E+C>+ierr*GZa$NIr7VHqgcQEBJnwEAjT?%|A&vL{v z25C^pKoftSlfj8R7~K}$c5=0WqLSv6VbDNJj2l7bOs?(Pbz9Z1UHbpC_wU_}+epGN zK7adD;87>P*x8nR>D&DLZuU8f>~wtMi`H^yo_#WNY>0#;jwylxKzA$cen0zra3Kkj zAPG{G-A;_NJ8@IERG|umLZMKVpQ4-s(|Tjg4O_Lb<{;SQ#+rkwk(ADX*{PJy!6iM@ zasy^LK=g73ZxNuvgd;q8Rg7(!zdiPD6MmBsAzTgDB1FczU?SxU?}ng{xFY#;G)I?d zR{2vn*IxsnPa!!3;rv=lJb&%O`DfMt4_proi5IXL=zU9LUxgmn_5#O`Tm*VXr_LT2 z>~PKW3)ls(-tO&z{{s8^xHG;z>@W3CzUi$JMR$k@_1+;K^Bm~wzZcZ)q+RABUBgXq z?dQ*+7JBgIOUC1g0w2!jTyLGOcn5r5zL6s2%a{a-;=MonjqM#4MkRqpli-UQr+N8^7SLU@4QR0_y@NbHPhGXpQ?d`pN{aXBY zZ*MR6-~GLJuU`Fa|Mi=<2M2q5Z{EK9+up(co7Zpt2KF|DbEZU;LGrh~wa3aM_e9F) zEdYAoNZR%eL62|Phr7F+%6&y~Oy;}t&lkOyygFNjh}V_Y0QoH>d>3aPqP;`#S**7n zB+kNP$YBvd$ycpCWyA~SqP_g?F<<t9;spcWV&{ZIY7DU(y=M&|?Ku*|g+%E5~0kMzKEDW`2$|RSg0H0~asB z{$8I8Q0RyRCVsepL9|4~bASX0c*$FkW_TxFbFJ`A*OT(aOuDPWQ1{x)wNvMc*w@vK zNc>)9U${4m8!YdSD6@+%t4cfItHK5Gfv`1IHnHQaiP!bDBf&Nqu7h>gB zlBjllbh<8bQy}sGidKat!#{MyDY~L*%`Res;!Gp&+~1va(yQR^?0G^mQjs+s@_2IOh@OcuW6ptX6128Ev$SGSz^3f3#%s zLj1}J@5*Z02nt-GgY>BHxp_*;Z)YB#*L~A3@KaB?X&Qd}5O|FD``+u-%wKYY+DJFM zj33fnCe6!K#?(!;aNXTbi%VLUkShmtRbS#anOwZ^y_x~4=vq(P>|~zFTK_xkT86=Ie+^Lm*IUvdl538P1xi_!Q)M-#DERw15f4;!2rL*E+sv12@$V(kNYJ5O@JY^Sne$AQ0iTlPoRH+ygA|7SK1jRAj(+EdggSgB`H>%rRVk_+fPgp8WlFcV^mQbEK z7A&8|Xp8^<7dtDbh5awS6QaB47gxuV0sF+7*_dkVe+RGM?HBETub=II4^c)x4==C4 z`S9%c5PbfuF7O88T=V72mi+bC~TFf4=`n(bB5jYcJIrV zt*fLXe#o986r>$_0Z1Eyr3kz`^nLYa2Q1(nQY~ao16MdW#sN6^-$|eN4v~+#=t{o;+pg!ZcuOclEgre2p04%4H#^`S1YY3s*?Y}#1^|*d z?Q~e)Vda=x?^QyrI8mgC>@i&d^hspO3Fcx-Zlfu3m=ETN$r}BBdMC;mMO|(V()-ab zUqIgnFboG-@3z=qwPQ74v3h82N>m&e}xYDi?D`{#i zgq>4#C0*F9!wx&@bZn<%cD!TTwr$(CZL?#mW81bn=Fa}}{bQVQ&fU4Ln;NyMYE?aR zzH^fKcHIs#FVzVOihK*_w3UJdhT1PKQYbL)@;lZF@}(?PXO$oFHn851U~YOa!zmwU zGF~wpgp|?4r)*h;`VjgZT78~s_q3KWPcrCf=*Ex1*2vRglgj?i?T*JwPH^VG$zBz4 z*)@WB`!zLOJK9(<)F(}b^2V#d+!2_n@@Gg{#lNDW*eWRVFl3595`y^q(9VuHLasZf z=SvW3{@=g9{KFlN9L>1<5Uq<$MpZq&hK0Ue5&_%47sJ4w@XKU-@;SGn* zTZ)vi0J^lEwh^^l`o~rdpV+%-6wNh4d!N94LW? zOMKrzr5wBCugKjqBn6_0?tcgeK_xKP{pgAhPi&{1+&?*dKeIDB8T2aSeXLn0>Leeevykj#HTy}Bx-qTHS3_~x(oo=vgO%*>Cd1y*;ti&`!iOJW9L^ekF>3Ucye0d znhtR;tM1HvkdTQ56p&9N&^NE)=c(6+p7^CGz}qeM8s&A`aU(fFay*>KH~OSEF0hl( z^Wd3!3c-375~NI-;|oxYee*$?-|?BfVPK@&@}JCtJoN)(r-gr`mv@|7^l(%n<)#BC z){@c!L_{e{y38V9wJJ)SgB0Oh}7vKhb+=|oN+=*@9d|3 zXW@WxisIc%lXiOjtThIisgB}M(GJloHk)RVt&cVCCKb}B$*hvyC0?Wj;`dLWLcx$5 z?b}cru$Jpb=VUB|mG2VvoYY<`3-ea{X7DralLC>^yyjYJ*~M$F7xf}Ehx^8ZpZVml{etHI~#|O`a{l+Gs2YR=Ev!y(n~P^wN=mx z;pKbgk^|Nn`hUD)XAwg>ozNKa$Zcv1b`D7XFB&-0#wK`A?Qjk&>F&_90qn# z5)3~qwmryY$H^#BsYZWhlmcptZGQ~)(leQQq*VQWzD0jKGkd+s!I&N4LrqmT7F4N= zktuC$Zje*}+c-`pD3J(p{gptkpt>U3D-EaXMiMLhVrTy+x#CRa#U0yPlh3{8M467+ z4L`R)S7js>q_k;l*1jSQ%#>KO0MLvr!%x{hrz9ol?ptt4V+01M>TFI8**Mb;w@6e_ zB(?)-R2i1|eo+egxfn8GpTRBrGA9yWQj%IEW+2*>8`2%n{(Ps-DS3X?V)uwq>6STD z(|P(qLVK>usCF?|e)iPIjsOhh^=VY%HE2Kg$x5&proI{#+-oe0cI6STh3Ti$T(Uq5 z3B&5mR|(ZlXU#sTY@drmYR)ElJ;7`$B)1>lYBq^~14pMj0FU-o+L7A9m}bi#kDFs* z5@y(tHLK()Q*CNB62HxC0H=w3(_{N_Oney+gxC3P+$H$FOsj?+gMP^=DxA=0 zhNTNceSuC|T^ew&obSqXb?sw+>+aDUj;e^XEsc$wFx4l<$GP>fEp$QQ)(3ju;PkFJ z`t?Nl{(#-+D_UK#lxcD~tT>@R+g=Fowq}h~C#6V8cgFJKmDtF{_@tliR%;eF!EcXe zrcu^kKVqJ8?DpTrQM>BPixAbU**brgR(-Q!rzplC8kKxzu+j0N7}v8)eXfs)7+0^# zoh~-9uC|)g?&`$0uFP=9|D`dCojh#IEmU!705>?Vq^ixLOIy?yvISn&)xO0BgbQgqxn;)o5&r=`hRK3iA73BY791i$E0Y zHC2Ha7qk3_$h|#`CXW`J>Pv_^bXE6+i3bcOpI>VB2Jy{mjxbIcdmSzmtb?}fjh351 zQwtr(tl(Fba&Z}wP7$Lf*^6}g1*nyW6D7=3*#bN|wqq$qNw@||mG+H1Qr+!~guGR< z>x`P?2KzCrj^vnUH|^CP;t%n}z|-o>(H+;U=2_27LMB6pT!dwGK#dhiiwEYlbAIOW zznQ_@s%*ps^Fi8+zmA=UQ}2}yZdt|&XSK4F%$Dum0ux88XLI(|z4BF=YC9o&{;v|g z=Y>da7tq&mGJ;-Y_vo#gV|ZH#z02bFA5?;P7-6G+b9qFq#^YbbSMG6my}acq#}@Qi z3Dya+8uw{_KK6uiEeRs5Bl2ts`#@`s-X|&;Q?Sb#cb(Xox` z+89jo8xl!%HN)`&s^q2v^`qTfWoa$z;gD_pcynj(EU%Lg@KusNK<+8|L&J-?^>b52 z4mxk`yR6tv<1s|nv~%%vANJ0_mn((oBHp5Af$w;vy0LMOF6ps5j}k$rxTyuWicAh zqwh*+y?;jc_Q^w;$n|2cIJlw^4>NDvU>hP_nzH*piosc^Zn6GG+V5?^ z^xp;q<*GL4wZ+fOcL1{?mjOX~VP%A|l)Ec?XJd2!&JXuL{^f!1*d{~ zz|&O?d7-CL*)u~LT7`!r8=s2ZBFc7|z|bT07!mQ`;r3Y*D>5)qaEKpXI2)|`ON^hX zIr5;@4;2>bUr#SahW9EplsNMKOu%oiDFq{-IPHbfrrc;3=(D?#J@JL}!DL5hB0vTc4WLnehp0InbLh6m{@M!9Sd13Rn5= z4}MgfoSO$`?6!|UGo^#{AVJt**4QdBo_z*ea48#~V?XJ`9T=HqGZHP~eOcR4H+lGu zViv+trAChk&3neQ9*rB%TC3+Xc2I~%p`Sv1Yu2US?76{-7pwKa>Y&V@7Dy|O4PUOi z1uh(l#&zFPdO13?v%4neNW6VaB8!OBg0gSlh^E7l1nA-0G^M!P06ljVd+-`Nc9A@Z zYp#Zd6)D08GzZJShplekir1OuBX@dBeER2Nx?r7B`;^BKjYukr;xQ-5v70$*5;&T) z_l?au$CF=H>*jJNgwjNB0CSY0`gwT(7@D>wUkFX$r<0u>=qhXTeMZge<|%i_k53p? zGZxkrMe4i2At~x_1$F3mpM|2x_0_;N*gy@h86#4lcH+D_usW*4rK-o>8(dQd&~O1u&W2+rB7#q<}Lr z0(hp)a!-vk`|uxmGA&I*;lW0m*A4z*7)tFVnout~4y1{eUt<F}fzFo(u$=AbD@QKOss zRoSerD6LyFz%gb_i1*dE7Oh<^vr z@8(L^7UT!?1YO;Kf>27%2YMHqUFBEvZl0D1vR+CTuj^`beqXU~JXCfi$+Ti6ZT3%~ zz)e``2y*?Vk8zFWG z^)cr1V))h4-L#vREPduV@zp6oSw4Y)zu#fnfuO7YPp8il80x3@-hP#?AH4d&R=gSb zem!yGKDTfbIpdKt&!peI*5y#QV>i(?hknapJ+7GLNuWA}Tfk1YFYsF96Clj=8jVee zpH3*7!XtfZsAv9ezNg?CWJbJ`6R$V1sW#9>4GW1M7z7AG)GKRB1pOk*EqT+U0qI?x z+<>;PyM3lXFGNE`pacJ~+bO-z&Zexqity|Ugg1`+^Tue<#pnxNz9IMUA|{$JO5z?U zK&m(Nf_470WaxR_gzi=D1}_UYzvDem4H{Ipa)X4Fdjt|n&ORKS_+&ogQ!r=-(f;Y4 z&n$|6S^o{L)0H-;x%!g}ysckV{sbGPQ6KLD&K1#K1th~C2NYZVB^*XHX4(V|CPG5? zV9$O~7Qa;RNyZNFtgUt6o@sU1Z!o?(%u9hh!Z9(=_lS8|V%BBEcybwr83z;_!eXab zW&8^LgCArZyQjt{}o!0UkP7WrHIAyQy3O$2sH_|_&1`B^|xEReXtxHw@ zY}4zvw1R#X#V};~^_7cd1A9@LYG=YxE>ovn6&zaH<1^c~dYaew~$`79tA^{yuZWDx-- zRzVEm=`s>>q!ZCj>vX;%KrKbQ^4R9pciZ2^9#G-P?y{Xi>23TJg3I=GGkZQqU1mK2 zXyGh3vaUJ|_TDN_hF?;As--k1(T+-PkXn3mlx-y%A=CK z$OkV-XIc`jXwPF5wdj*^FCLyq{Rj-nV-GS#4U8e~>;tD*vw;M=D*A4Q{XW{KWH^Mv zEM1OxyH=@ZH{+Km7Vi262tu49$s?)amrr>EeQs9;bqju^bqAfiFd!@PwZi}0IdqjZ zOHJ%-kEmo8sJ>6?yT{k2Y39w{LW;v~rw1iY%iQ8QUo9G+x5ls}F^A3z)iWT08FKTs zYJ@&aW7DEI`#9L}F%q=xcPN|+hEhcHhaQigP`}I6j%3r=OWdD7KWB0ORj++_e^&-G z-;YUiC5cU24!pSOXkXKG*MP4NLpAiXb9G9B66muXnZ@w3g>e+gqm6fx zDmt<~c5n&ZYYEvvcrmpv!E*UWT5OKE2Js+C^7-HjB{T=k<9?qiD#dMCeLvjgANRWC z?(|nu5W8t`w(n;seuY$N<634V2Se)nPw{Z~e4|TQ!9!=G2&SjaeIgC%2i0E^GMszg z$X8D@dQ$CUhZAllX2+Jl)nE-mms+2C#TQNzv%juRX^HtHCt7@T0zG&X$eHQK1jQ|o zrY?kX9_-*86FI3NB?nf$nUn|0GXIfEgzIGbkEj}qtt)QDz!io^_#O_gLh`EAsClaO zlreBM$Y-pud26O!3}WeHYCw+CtO%65QT5~gi_E8-r&C}2+SZ477At$IHA4&NHtu7i zbaCHSY*zs+vTjwW280P8zC}Kl-`stY=?#z@;!dh0#8D2pz)YY#!6)<;6-#Kk#)+sr z__rY@;@#8Tt=aB~OHO{ZmL>jp&0`jojY6_E$e)I2Plyw5@i=aDxU?ROCN4oOLDldK z(9eH{;xhm0tlENewBJ2ntgSQ+p7~>Br5VvevNbC{56HVrup-WYPei?)r};KP_4LhC zVm|c!rO9eU+j~Zh{%Sa4)^~=T3p-8{H#=JFEhlkAwBcUkiSm7jM@&glW(z%Fe z-7a<@Rcv^Wd5h~^`+QRZ`?708(0*I{Jq#E_A0S?mzAP~aZ1iX>=cK585{-@;t_!R_ zL@WT3x^jfVLah@ivnJ$^Zs>UVx;X)MyFTp4>dKF=T=!~I;SS>f_=%;+5DyGg>B6M7u;R63Dc zO^GZjTRhjyG#dfm|1!8wRJNSD)qlsz4L_XK?}Rv0tPm~K7atN?oklwC58u;u;4ljS zeA^v%5&(2?qJw;puLFKCCAeWe@cX&i8!2zGS|=_U4^w(=Pa)Zyu0a$r=po4v{Zz@u z_K~wkAEzC(+KWHI)=h1#6?2RTym;F_nrNAiHJ_GZhz^VS=4j7I6Q&b+@1~dyVB0m* z-DN*RdPvhI2(|`)67Yiq4EfP03u~^Ho<4YdEtSPcoN{CCH@o8z@bCKKnCXwqc|Ou> zev|g-u+V#XaWt@CFHmFIfqV)GjeZ(57}aSV756Y&FD+5+cQ7*9m``VanwNT^ZnnE2 zJLx+%N}^0A_7F8*n*){=P6HICcVrc-Nrj?%uKLoC^!2XnFJvQayjGD8uwWq}%?Ud%T zUq7dw_5}LlJST{qx^7iMZmA8lE}oEfrW1M4jgZ#~-jV{#W|j?Zew=#ZjdE zFf8yrU~V0r^C!BSHwmDzV3NHrXjGfna~r!5`UgD4fJ13<;y8B z7)d3Q42mq6>k7@_H?m3?;OI%$ZtD@qeZD_uhMlBzIbJBMNFV>Lj-r+aqjX}5Sk zMopC4G$F1@K0EHLfp371zjRY_E83OCqO1^7{CrsEZq72rY6#iyX@C&SDY4WNL60FW zA!Ks!yZh*(UIp`f8?k489T_^Bdz7Or8!m)lF~=6*A?Or*QWj z|7#Q;1$Bhk)FIrsU&nUctULj-<3PQ0j8ZL`D(HL&bbp%~8K=N$&q>@&ynI|--p^Z_ z18S{9ZbZz=gy+f1j-%*zJ~D4o(+YcqdMbLOD+p^gDr87x5Zaf;7j{9`IP}E&(jG;; zO=pc?O|Wi9!r@9+8#SY6D`6pSo>g9>WaRsJ@bK|sf3K6JpRSvsj~&Mp9k^HwbJHGF z7aVWXRfY*TTFwn9c61vH2e)D8D}UCIX~`Z|6b}0n1r!SM+oJmmwZ5PZTqmn0g(?n~ zS&3P`@~?$36R`IuXJK8&i4YYQWueRmk?^ znBdPh=dob*MxmpmhLU`m4Hc{cTR(jmJUoB7^W-4V%R`>YoPtG6>TSGsOJVE+qa-Pb zi5aL(+(Do5{-!KDEms@s+eM(;QM zp56UU$ramY?CinZlQ;rTWBLcHa_fQSbphr2mxmT7=+<6_Ej(h=#D>wT5-t1tP{-%1 zp`%HREKlg$^GrJPhC?P6iexCRk>W2!DYJhM<{Y)8x3{nVMive(1XYR*n*^I+Ji%pE zNOnRDatM-1HA^GfD^2H7n@RUi0PYx<6A2xk_8yv%=|Kf?XM> zIRTbTwU})o4&8k&L5gSb4Q%K*x+7k(jJ(RqhyaW!SSn%Uw2^LuR~LET9z5JQP?TDyEL{*cWjUJCuZo)m~BEHvZy= zLwShl)0ex-b#INm2P1Vd^1%$81Du^U1I()o zG3-Ugpqs}A=JMz)Q`Omn<`e^~LR0rLLg@MBfAiaF-bvIp%KT{y$+fiQ^7-qB`xl4YutX%9&UG0qQ*P|9onY8zAv>~$hLIA&-ftgJ#xrfK5 z5s{P^mNp`m-7m)wDz;Ka3D8AikfRNiHQ6@?hjSc(dd2D}+fL@+PZ^XqghVx9j}7Y7 zBc@J=?6e1sKG>aoQ@nC8a)&BKX6CB;&=@|aa!*HZwvT$n$@vL)^*19XCelm($+@Fr z!}MDxmosPjUHB}4s8jEg+DiK(6u%bPB;32GoIrjjW-M+Q^XO#8C(_!mOVy;Fytb?y z78x!42$bBt?)*9fetYdtvCBSi>9EGXD-Jf&Eit(XtU(givuh2QKTnl#im8s!1}}u< z-yjq|=iT55H?|8VkT{Krvh}=@iB4?b`HLrn6QSeTDegyFO_dc{+3t#PvyedORe<~NuW9@5Pfj-VYbx6w>hdv%Wcya({B1kt&mygQ=M6_Hfx% zyVHBwcwcu7?J7uJz>s6&v~uZ@SgTPH^EH^p(#pxxG%-5IEKQO^() zxa*mGKubgoXI=US7S>M#X+D-c1;5gkOY~sR`0m8FIb&ow_;lsjy6Uk=hIB)f_qDNQ zPvutcPl4?yX5T8vvj^xIU6 zVYFs4XcCTcwOxdkfl^ZGHucVgJc01ov)XbJ>GT6@#b~%eD4G{PG7_snhUX#yITbi^ARiW(ie1xRm0 z?z9j4z6(D|aoJ)n$lcj8O^gI-%~{i$M?jjorf8JROV58`vw|F%ZJ#O&=GX?gMvHjR zV<`GHz1Je>sgwSw7l-{hK4}qM)B>GPU$57GZ+5KDVWWt@ve7Nd;z4k1sCVzQ4&KA% z_CCK(q%9n1F=jrdk^k;(>gPo+O({me36-}IFV|S_)~jdCrN=T=d(E2Mx~Wx#+Wbp+ zOEL0Fe`mg}!B$!Mp3HIZ;x*YVldfi5sy`8-KlnSdJww8U$b^u6XllCh@E`G!;%&my z#e-i?vLH#{QFR_#oMmd3Z}1z%M@-8Rtv-aFQU^^YH}pv@(j>&|CMUCddB29_IKg&` zVTa3zwl&)j^4+Mp983*M+#eCn`U5Kbq9)XZd_Cf&ShmLK^w-i=sl~2D z3izV+Mt5~m;C%3dKLkZ@zO|iZq=5U!22t@2+Ukx_Fs2usTgYUYs@dsPyCi|PZT)p5 z$O=D*+hzo=1EH))TTId)w9_~*fds^vfDoln32!0ov#?#Dfp?X~0i=RB-o#Q2{lYMg zn3h%Z5tw2ltG&1Q0($RyeF|ehZr9nxk?kj zU*?xYrrb^TCxpO?n6j?0T3kbGYwPpVqt)$BcX#)PAM$pO2e1{mVz*6zcX`$A@qTUR z1!MQ5+xv>U>J<(bP8D=$=VcX_B6b~tj^){VcN7&QWZ&BB@}=Gor;mDF)9K(gFf;zA zx3Y*jTBC8f!Qzv9FeJngi3HuhIH@kH+8p2g#s>eMn637Bq5kLSu*upha}H;jOVEUi zmYd5Yf9@|m;$XiGs|XoC;#@$OTT=2>7{APcDjd>am*R?OPSt>g`SPxG_|dEmT)1QcorYN z4}FRe)u* zL3NaJSjc~mUhZu`Fia1A8>@P>nRG6Jn8;~3pO-&t*X&vbwfx1siJ?U!CjX!zWW|GQ zp8cY10Mu;nUp#;1{fiDS^=Ad0071l(t?#|2>R#LL8`r?MTHRP>0qj$##&0{ zX51O9zuP|!l@+`v-q*wZyHvG;Z>@Se`N_;ar(FnP1l*<$y^fm=3kVXo8!7DPbVc2< z+&{fMO|oBmsDsU(;u+b^&Ak~}CFz_Vm+qRnW%@fi`TL=nVt&;LE{L-h6MFEb}|{pqH?4{~VP1i$PUL zc9-yoT0i~S33{`+{&@Dhx!S&ey&;xFz>G~spy$LiZ{2@0aEySAGuVf|4+w%A*bi>V z!ebiAkhPS}G?~UNWikEG9=2bu79d+)END`kK8vN-dpv9YyTkrF!q;t9HEtI1qs&+? zF0R-qu!ynjajg#C0h!>{Tt`~6oT#JL70;_@*9W3x?Ne@$!gZ%@@d^aHrfii#}mtS-khR4HF}_6sxoH1x-(QQyPI zY~aB`?#u)xfM~hcd1Ny9P?E9M;6%I9u-#6nPZzA}o*!bDN(|wADIkK7g1A&F{aL>{ zYWT`?4dIM(`hJS}!pg-!K6TH2;#IkizSMsU#P09MQ&qpUz$VL2>#DBz&2-YRSZ)=K zMX)u8m2Rs^c^oa8Ku((1$6s0A1~szsji8%ePWPl|kSFli1LPNf*G{s_KBUzO_ND7tHlsq{F06>=24dVLPZy7Ek-Ade$~KYL zbtlr5Z7mm zGA>td~cQM2{)pUIqnZjdOk(K3amD+a>E2~7q7f7g{I4MBUG;k>Uo1HKBG z`wB&=A&`_#{a|pW7D+gW62=c&=BpRc38;s^ne5j(1)eVp^6Sit1KquCZJa#sAS-Ha zf~dZ6C?VFDX4D_&^pUZo1EU_$pnaw=AvqTbABXrWJQ|=@zq=o2iK#CnKYP<_+-Mt) zdiq#3TiJa^6MVBC*R0f{$$yhLa7)97x@o~ z!8E|AnI6rm)icdoFGY(KAYf-QLSSdoq(xl*HZm=*n6R-=PvFfG?qrPU8~laNwET6CgqpTvcR4%!VeGc&&D#m45H|!*f*aS!D$C2t zGRp{0k2L*%VN~srOil@|(!dvsevje402?S~)3woBBUe z1S-pG+jfb`nLPQAH@A0EC)c={7bJMNd=COwC_m%S8pCs1sgDBN#E%%Fi*VOFFp>LXEFA?Y)=n(HG-bF*RRcu^?t z?md~oANQ~@$*8B$v_VP|DY8tokVQt`Li+~$4NIe8$#=XmPSj%{W#6XC(-KtHMGd0g zcc^1e39s5nA}ub&8Hy}?{KjX{fg{^LPV<>aa$zBYAk|JnDlL!VHJ`Sl6D^`M6O0oK zuQ@Vnh_Km{kUC2zSQ*&c;^b;vrPJXw71=m9*JbCJZcsQlv?HRkJ@3Q|UQ;TQhQNh^+WT@#2rGo&4cesM zu!1FAlw=z$`7Bc=I*P+Y;c8SgQ88h5m=a{BNMZTuHj%`&SB+ax;~-!ZjU&|N+gwwc z)TvE!)ao#+B=$C75jU%Q4GI6VIj7M(>b;MS`Lxe`;DS*?by{Oz!<%jadsw|XKX`ZC z8~)O}cebh}47vuxzKfXaYw(P-ENK-lLboel!+jf$J#Rcbey_?5zJyaBGF>(iuP7gV zVKF1O5+PU+>`*KEiyDyx&HL8QlRsm4;-IE}M4^+j#04ng zCFmQFgFhRDI@rB$KMmoB*cWpW=8t{3!TdMuMATODkj9qc5 z!Oi_uw1Cm(^XjM$udP6>STNj|#*mYrY)0|FVgf(Fnx~ImZ#)Gc$Ss~LsM5{wye(xa~nK42=@|)BP^`{mwc_K8cNcD`?WBUt6S(}C& zB-j0c|2M{Bgh|hg8NSj>fGG!jF#8u(OThv24m6e($Sa55?5$2AUMA^Zd?kg2-FVb} z4YDC|^O<{O=8p*pc5U?7%0ev5vx$VPDT3h}M>6TxpK2&yPb3IC)7+J(@7}05 zFTn>8ZCxPiKNSV&GG_xhtNXA-!!^Mco`}?a{rAyr>+GLo&OS}%V#V=KCD|G0%`LC_ zf%-7w77XMQCHqc4ZgVD$6-+O}WRjFygYpFn0VzVxaDTotj5T8POlc>c44a?q?_y2H z4`H|Pb^iub)%h{|Rfaa=$=1T0fR|1>P1kGv2{w}I)5PR#4^Yl4`CVe-CCABW?6(DJ zi&qM_iZAb91=#_(1kg2e&5F z_Kyr}S0nF_`wxR_w~uoYKzodH*|D}3Nx6#cWU$ZAFEUXb!kQC7I=Y)6Rtd&pj?2); zXo!H$c;v08Jx+pMluE5|KaR=AvDh$u;+@&>WE(7#=|r z__mVp$^|sy$oM$ezdL;^OIk3xXMGx9#LQ?T_Q{?{{)yPVpNxZ)^vIvF`%3*opNt+Y z`OCb7HWk^s?7lia4Bg7sy;-PY;dDyhO_b|q;y0tAE?)c-XXmMQl1$-x_x;tX6@o?=ji3@Sb%kL5;dlB#z9ei(A71(g0W<@MrHMr zU{QkpG%@84LOVzH9KG$}elMpJj=@q|~+M@3Ba8-(}auv#Fk)tSMcD7gPGShiphmy!jq9Xapg>2_xbj!p3o z>KX}%I{_GtSGtZR28d#woQ#n6v?kZ(52%ykL5(KZ4orn|b7eH)+>RE>0`s9|_?!72 zAy_HQkA40?{RfuS!!wdVM#x3%l8p-n*sE&WXutr-jrMLXPVUcM%#-i#6xjKY?t|_6 z*GfFCOp;xMz8qZb`}$gfRW3V-tLJldVuMu%xKyI?0=;uS<_> zW3P{Ex5muge%75-csoMi-1mVj{}~-AXdLeD|J}WWv%H)Q{X2boI2@VSJBk>Zt&q;9 zB@(z!Cn6MjUd%!h?{dVl+-bmvaqAUSlwaudnZiIewD?xt(w)jlbWR#GeSR@IVg;>b zq>#~?GdQP_0GU{wF)YL{fA*ob)tVD-9?T1)PQbGqyu8`o%|wp*_QO0Xg41BfeFEyC zs>0zwz93_5q5IfI`Xj|nX26u$Aikao?+4G+PQO*Jv&WhOUP~1XB>sLPZez2W3*a6 zNC3GyJ#*7pO8eJK$VNQ((ZyjHnvW)=z#F-04?zV_9+;%hXM=V5BvX`Hk4RN!$Cv^2 zPk7#0J%3=3TTplZwm#s*-?F{j$$D#T(#q@FlV$9zrGM@6j4wlHx-^BhF6}GX2_GJ% zbX^9C11$9YIJ;_NDjeRe) zMUO+TCB;n(*rmqk8LLo|$imjtC@A0a<0c0h$s*+=C&UBezfb%DEhqlOy*(lAaj1fr zcs3o?;N*M5KG4eC@m{jSuT9x>zi8uDc@=K$wO!KIJCK^gbJA$*9#*TyUnNG==)WMI z5vi=??>lUa3d(rN3)uJu9yRgjdk3bJfjjC;l~A8}uqM&Jm)h+a-4EQmeTMZt-=*MD zQ<=_;gyn`CUv`*M_J5+2m}{q3`O6DD*MHhaJW5TJX70(dTt{S2T!5b@z^PuYFe@iM z7s$!p0A0N+$DkcjVO1c?ACVjK(~7IA^xkfmPZhDDKuET_M;Y&F=rF+F0txL|Za6Rs zdJ=yFqBC3umihrySQN)sIacA=-&)|XiMA~)o)UK&oi!Q%OMkBeD%7^9$51tF(8ELe zzeHPi-u4%JPOhFWB~5WQJ8C*oJL44z%Xx^!=-BRag( zsUSF6cPjz}QF|L!cvDVyYeLO$hl+_>f(>mv5BpR`R;u^Mrb?Y$S1G01cG_QOsKu|; zB?SM_q*_FpVp8jw^*Et$`kGsFqLNM$#E|;UaILe9_vwCWHbYd!Vje8Kw6fY(<8m%S zU`RARh)Hoz!D?EpF*KZ0Hf98PMQAf<5(Kg|{WUgm%i`|_%vOy2KFw~D^Bv8uqs6IZ z;9{G22>okj8hlK$*jK#VuRKBHdq;I2_&OT4JwFP$7L{B~mlPiEsu61cQfBPXSbvDr ziWh08=xs!&2%!Jnj`pjcgc9@5a!Dt80|!VZ5r#c)5-$C%wVQyM3=J}0N75)t`!_kH zmPxI7Tk=E0hv0rmCAz9rk?N%43K$J<1~S;J14@b6>Qogi)Hf$%rU{Gp>ZZgD2^rBA zw&M(^U19Td&x?nP&|@v!7COq3Hz(1GPhLS*zx4vdq?eZ3&+Wzc!57u>x2Kl)SYavJ z){M342|JtI3EwH(5>uPqm-td@lO~4?Vn|*O)P)J1Ni0|Tn1MXP-@Vr>x|)ZeZl^bg zW06j%zOOExXQb`!Et*4+&vQ2DSz!ERX6g=fp5cA-bl}}}r`e!GuWLjx6E;1Pl{BKK zR;rUFogoSZKZdYT?t)*^I<@xz;hir|fg}+Cp$nFO;kj=Y3a&*2hL0gY7(BQ5e7cX< zC!Z>ov8VLNgW!SeB_rchuEB^7d9ZhLyKWF+J#uQwnwJ4B6tN0A zKTqxK^zg1iSX>W+KMX=oqH2|_3IeH6kS=}D+lW&&YK`sN$nNR2LQYYlKf;-XWrwvs zh>Ab?piVe;Pa`Jj2@U$d9(+&?)5g*1#pSA|{{Jl1XL1PT6bV{C(lkAsPi+U4Ox^7f zO+L=<`lIMn4k@Z19ei)N{}t@5b)W%~3t_3Z?A1#;VbFrK1J^o0QCC8`Zhgz@=zfy1 z$G9fNpxyje1oK~_3{naPD+D2B8b=qn0Ng{gy4e8DD^RKj=s>X%)a!Boreg~NxHp2j zKmc)%4c@$v{~mA|b4_6&ixFwwkEz zQn*1EdKNn!>=P(%HQG4G>kPN!;WbGS%L`t~_7mB)KIZ&pXJBMDY`R9SZc1z$k$YUH zwzj^qE^$9Yj(8kC+~Z}^yKPpEoR@gQV$d9WtD@zp2S!il&7jZUEek<*H&id;eX+gmyx1WGVh!uomnZ+-9_620K zfSaG7^WClO|6Jcgt{{*?B2eSIyDDU66}Yx-xmZo6=vwy2t*$pLnU#ojK*V#H^s@cC zn=kA};oQT{Xu@&?-{__sB0h{*Ky<0@eX?p@-uk#(^E!m_CLCIaiw=!h;!Gn%~4 z$y|$I(zK|c8!Ug+K_Dl5a2^&1FHY=_VK72WDlmfgSoo*N0Gx%9L(o5%1=DyiQeKVNe`uZo<+xIflgJJ(DRz%$kLTiaTlYN4p@=o1Ba-mCr|hS- z$H1ghv^PVu;x1$d<<;0AW^cet>K*8SuD68OCN}CmH77HtDG8~As!xHb?uz)LbOEB; z1lrDyZS)7mI^0m6sl?_KtLbvds~kj`~L zhTM;h97vehJCTp!0LXr~W2ctMQd~9i>RMYoPvu1*bWOBMudBSt&H>(plRiAq1A5B{#|+>Ce8$`OXmha5H;neJy8d8OM^2kp@??CX^e?9k z&@X!2koKrAH2#oti9t|;!u~hV=JjkGnc8w#6y_JuSa7#6zW6f!7pNU<>0Z`qA9YZE zR*b-)%SccRfcCia!*AbjzEl7Al{tLQ1{D;`jF|JqJ2()_)(4P2uu*dZV~uU=0|ME0 zgY^pT?}Y~@6&ZD~!NPt1c3fTVb3)xrd4&CZRzlanxB%U`yF0t`sCU?mlxu_Pp1!h2 zj;{Tlce*{_uRVZYL%1`brJHAP#KE5NSK2ea*BhnT8_>$~G6FCv5sE&&wl9tu@nkvm z>D|@4w-xelr*B_7g7}Q6e~6x_UL*`2Kj3@6AMS2kKwCJ`=yNgToa83&zh8X_SeZZK zYQE`naB-e((ozfSJcpL3}7F}4p4+S@Z8w|9J`5u2ooVVmI-YcyBA1(J`P z@gK@hM+{+B-`HL#deOV{5v@?ZyrrN1jTt9iibzHSKk22Z_DPYM3t}BjE`|{7UEV-= zI<_`jo14v1E3Kee+SYMPKU{2u_$ zKrz3D*s?poMWK&Zd~yH|_yB3#hjf69LcJ3|Z37YIgyXdO?PugK)A}6!0bT6G+yUgZ zBN=RM{e%hldH529azZFV;5QK`gU?GfN>X%Jq0?W$ovkg!hI0BSa9{wYh%=4aj0K8( zQ^+F7zYJV-x4R?Osx~p4=OhMlo@Rif3r4bkFNi0Eue290z?dMBxr2HP(XFk%7D@x` z5BC56|FPAV9lRPG4EFfH#=pv&OMbFNBwq9J5{dY6$zO>D7t9Exj6~vYSn-YEvX~MA zsI9FloUkANDmh7DFPD~_eR0~pN%`~UFvt51SeUQ*I3tXlJE{v;EOF7MBIY86Wt=a; z(WB8yQS#du61YTshX1wwB250V11J*fMF=D+x=DWpYynwJ{kT`;0yiRZDg|nCn60h< z0^fgs<%QpWe+W)JDx-%el&NC$8!;t(D7j)k1YX(PNAXX)F7gqR(OUG0*4RtVxq}0W zeI%z{HA?FjrDxfDdy0#G-yeXn zWKT|O7%`#Fs(>sm7W8InbtVkL|M>#E7ycX?-)wE&17X=}SMI?Pq7Lyw!I)2{+yh~M z0ry+?px?THbs9fniQyLL-zXm+kyq>z%{|J<>c(;w6+aze=avgM-UT44kBt+tb-4#O zz1|HdqCbv&Us_nH#SG-pPY{>)YSOIA*DMSGBm{mfGjb1Ze*0GreHGJjfOyjFBXWZk^~K`iJC6d2*q|Nyxg>fw zMe1(^{rs?9Vc!&egCnz;g$<)$GVJ=ZP=mf6wnmT2k{1B?I#Q~U2#%A%s<`Z35^JDbRi&@c# zxsC3i9|?;TKUgNyWe_XzF)u$insZE+Z-%a`oO?I~v8_!)g4{GZM%%gh{G|*U&Hv>_ zher1R?i8dFXv~>Y`IdJqLtUg5z!JL%Y>T+d1W%DN+)Ys&9mN&4My6RY;|gj8xG303 zpqW8mSGY~ksBSnkBh@3r>2l(bq!%Hvp_!^U&=j!-bMsq|`Ur(R#XcrzAel>AaW00LQFk|%V}ezOx$Smi2UiwJ-8{}y(j8zN*M;{HHLEo zWf+`;ZEv}Zn9Pp==T!KH5X84Mksh?)&~NlyjJ$VRd5@)528UBH7kZx10H3=5?XF2&=y z{v)SMNm!hsA_s<)dh-ClG^U5jjb*$$9)JtBK;)xG(M#b3#gIxPnivzNK35y#TS$+} z`^UdXxd%6lL?suMDP=mm%^!dh@$kUqYs+|lCvA4OXa#NxVTr_LL=v{;&s^#?fDRoE zo=bybNtq6PAeyb2zuZzuiX~;bbI*7#mc^1X+ST=k62X>Up37UEq`_Zm-|nv5gBw1H z*O5`(GEt^X2{1^rJb4-kGE?Zdzmib1Tr->Xwi=XafG_jgoP2Cm!7Z`E?I{-E)k9C{ z-cbl<1TUrjEkToSITV;nZ@ypv`V`04V)F5U;FC-cy&KM1BIch*Rd{`OAnRnK=vBg# z2S!@4JPI60(ZH5658?<`^y;zkWcss~d*hiQ{?SC4&H1Q3Q${cMx@KDV(L|Zexz9aQ zMlbheTP?_+G-ERSC)w~C1I0{(CQ&BkCh;Rbp4IP3mr<{Bu2LphDJCEQ%yp+6y z#1pqT&qWpsyO|dI*ZO`Y6EJxDM#dWQae!_BCK+aU%y$M~b-4$bY0Le%m0eN;x(b{H z!2yow2rri&%XrjH5Cd8b;fv!j;T|;rL*K_Ak*n;_hu{VWT=kNs%xf5i{!07zN8&NW z|E;{|ghqyEGs_1_e}-~jg>Zo~LA0EtQy*tlRH6@@N6RT9TwbX*>Xoq297Sq=oo;%+ z;2bk_2u8yHjw_jSVKCsQA{cNGv=ol2-H40Mn?Lbxa}RFzN*S?08P3}3@AJGF;68CZ z)oKa%+5z}L(Jb<%<;J~(fg`*e(^?cUzQ;e`uxaHU+$>ku+FWMbTBVn%az@OjT)oNn zlyNFljih(~b7@}g!Off3uMR5jXIzgBd_4adQ&w>ka1T!L95}wmHLZoJ`@9NT7n?gx zMVS!}0vUP2=n5b`wH0N2JnwrVRuDAcMYvKx&_nzbbmf zw0JJfOZ|C9QbtOtGcPzpl)|~eK64M$PhzF`=nnaO+0X?fD19gOe2ZpV?!gTr1Q&13 zKw+Ob^#U{&AwEm)XRhK$d;HuY$m0bF$f%%TI}UcGvSLxhp6xPK#a5d6cz)$A(H{mI zPSR6cA-U7!)M4HdQ3jXcvjW|$)Kf-JtW|B%R4)p}WnUZv@42)s^}3m$3`OM5;3$yo z>0}I`>k>pMz(j@(RQ?*0SfYpR_gR9dCK!HP6&yj+f6-(<(M7%mz zuY0+{f4DrAI&&bi8;Bi+A7NxqztMjk?(QxyWxpMUn6Q8CDusLiPG-pijF(A3F_|-8 z<=RhDD&#!u|CAP=`Zbd}%N#)lkG%4IM)RE!*$P~bfEo7P=Np+e)zOUJ6l3M_@4B6_)Bj8Rn6Q`S97v1gB#WMdAAjIxh6;J;wD)sRIQp!;8 z4|M7+jYLdzvxP^s{T~9}2>85JY=7niV#{#$e3e#N>h~E7wM_MNoN8l?z}d`mo-fea zmwMfdQwBy1zefQQyF{rpi)-*BBwj*(g!KItpva%~sYre;sOBKTycs`VKD%&M6g$d< z1kDhch#Rnx7cLMn`Of@ffrO5$j+oK_!<&3ZB}qg}AUi{WgD47*#o;Rnj0iod~pvdW_zZiaAIW@&@pW)N^ljozV&@=a7luowrj}6-ANqa60 zDDw+iRT3vlnOn4arp{W$o-(6h^{TlCqv7+i>8@B(hWK^D4BP`=CEiTL>*WlgF3}xU z_I{BO^tn`*8p;$R)Q^d`gk-f&=FLY8Q(qR*y=nT)M-1p*HncLON%9P8V$rF|&_g(> zmT7pcZ8VQRz6481MMPj9L6`q`Fc_?3xk({41a6IS$mA5ZG1kVsDbk>1T1(dy;06Ci zj!HQ)62G6pa19)cD<^|PIRAMHN7aZJaZsvh-+6hj@P0 zAcz$XUf?lznkHQ_cch2P77bKhAxP%YQl!Y(-JRhPU%lk3( zazh|d03ZW1k5C4t7ei1*+5dWrEmPq?duJE}oXyESxecun`CK@1Ly{J6Eg@ zgXR%nw^iCZV~&AR97bnldt4zTXS!i%Mur4Ejuy?|WVgblF&*kn?+FfS!`LhWwm2mD z{wh04Qjcm{vp}kr`EWHs4h~#Sq9iEzYnNXSRqIARZv#67rq zWAyGX$6*FNKO*RAK@eSFKaRTzev;n-i+^}1EbhV0+lDyMNaR#0;4qQj9|ec~S{w+1 zu2&teMYayS?TlTj{h82A*2dbyOt!6=x_a_K>k zXhR31U@DVK4}gW0T*~2K6ij7u>0xlFmrImE!lJNBT}tJWUim@PCF}Eaii25Qs+3C^ zw7M@=`cei5v$|xKOB)70#i3p7XdBPDdPUI>*@#3Q@4mv{0%62btxXeiUqHI+-40bs9-V8Y_$45V7d|P@CWVo>^Y-+;FC%vUn?iO*1W|$y= z34k+(l7-Y24g^sg5eLzMc+gN1-1SQ2K~gp4(+6sW*t)xQLmUYDJwlYx!4fUA+0kPh z#P7%jvcf~*aPa2sS>aV<9S%+y<xKQX85%Jh+gad{?v7+Xe z>U^rE026(B0B19+v#0@w8GTQ16zVvL58&h|nf?$zOq3jBzy%m5;~+Z z=%FZLMTb%xNE8fJUfp}Z|ErTBMP|driVh1*+0geOH71&gJJRn$WB)+xQW4)AK-qj# zIMmy{ITYuJeZ=I};(pqjNw5RiLQ6HRSkLf`5p1WaU7(R@u=nwC6B|& zc(i%=t#R<-6!|r`DEHtDh5*litgKxfikChNGBk^PirCs9n{cS#r$r(WSQ(C z6=qvsADtH~9761#){&x`4g&bj3D6LSVI3(F95kXm5F*w%%w}HTvDKI$YD^kgCR+hi zEkP)nW;1#w+^Q<2In)Yyj3}NlnQv+Vvwkmj{;ix2%&Wws9EX5;{f#1WAAhgHA;2!m zA~0a9FrVtifCF!sCj{V4J4M2Z4h9@>;?p@nK5|$|P<7GKc{1tMdtB#eSmD61 zALpc~*r%`3S`UsxJufjFVjs^}laL_jj&ML3fnLC}>)}e(0Is~LpiSYYvKDj* zrWCAjlscEeB@X658Fu?FUP3RR18~gO6jZM!AYgHbd@CG6;$d<0@gb#!1Y$7`V^s@? zYI@>O1f4}E8fqyWEd2SL1#%-FkrMc2M;|BxFaXeJhy;9ol4dUf8q5cvM;Ru!z0RXA zS>eDCS$ctB_4foiXl%Gf5q`$v-l1f_4iIu>vK`eM0(0KkEb{%;=5dHZ7cw+q1Tr*V z758Y6-ydQtl74KUs=3&w*MixA!zK28FPMK2fZkZ(K#UFQa8Rv)>?~(&)#84&!l7Qa z3RglId`9G%HK(Ax5YPK$*bH?nl|G2RCmna8>w2<^3Kk?gvoZ%(#SOCe4V5@l__sF4 zp%Q%ifJat1P|rn9g@3N>Xz02+n5vO(SygADwE%9516PAa2`FXfxEv0=(E}jRh?mCL zorK6~!Aq)TH;iM(p?*zMMD9EXnT2Z7(J#>ykpMA7!9+IbUW}FueWOy1o{Vqma0n}M zV`gNlYVbg5G0SpD8gbw{cv+55rF#pgb6V>I;9#LIDI6RV#gdLD3^LCFNhN;jJ&zOo zED&^kL}^T-E=^^PaHz8PS=sqw9_zL=TGKv;?vK!ifm0;LJvhbC1yl7iI2rSkGSwHi zN5Rdh)3}{7wc5Xuani=v_ncLtx5oEC^3Aloh2*FRlMK1rT=?fyF5T4Q zpwnR@V7!EZ$`B{^ID#leDz`Nx2tZ{X63+!}>ZM4oiOa8bh`y*zT_u2!v2& zrBqQ}!Px`@MXy-Nh$ ze-MwMi@-rWv0aqY!TX~mJ%~<+OXy|#Fa0nLy7KM)LX^&+>!XK!=c&! zQ06mm4^GpohX(^+4c!n2T5^}dbq)E8mT5-cDdIjDkd`X2E#f$fJ1(vVBC}=QF0Ml} z9Jo-CI&1#?p!{3;{0qsWwC~NAavTal%fyuj4*XU8(q6ZcZi^ox8Y|j2kT?sEA%{f- z#aDzPyNUKp|7NFg*fRz6laGB?8HMZtN_7AgXPS+LCLd*pXlT@j zcWCV(Xh4B$)-*GSD2PT}OR2b$RS89BmAt43*KAEcS>z<#-txM4occj0_^3Mb1c>r{k9mc(bNt?HLf<%m47&>Q85JhAv2<%m47AROh0Jh4a| z<%m47a2(k)`xB1IVL;?*2Iepz@-(A!J z5GfDVQHMy|h#i|yw<;rcWDt4EVLR#&c`~s(az^Z@8^FU3ktYzvBZEleP#)=$eu!Wm z_SX1^i05IN2Fr^E`xD|*4(gFrQM!%nvBu<=A!50+uN~eaw`Mvn_K0*9(+rVD(LOS)wDEW!_Se&mLw@8C*>KR0%8(yf@1Uk}KeAW6~5PL)#M+!+1c!*dbm61ZK5UCFrVn$?B0YmJ? z@59FoF&HGvV<E?k0Vd}tYiBxRzFMj>h7Fz|!}k(46x)S{7;BJ$Kil9VIT zJ}yaa$#fPRqa7koEjURzMV?rMl5&bXu`ng2h&;7eCFQL3!~&L-BJu>ImMF(2dFs$? zv+cr-ltb}oVMxkL8la?ANRp=ULLRlGKuH!3bh4Lfq*jxtl-AhaE#zH#8_K_B4OHw& zW9E^3qZ zAQsl@{(ZnTOPbuq$GWiyZ^SV0Tof>GwvtX!$-I1*cG&FxF%@SO$O@-sTQm*GhT>gW zYc$6Rn&Rrd{RL|!vR=TC1oSfUk+|DlLb8(T5G+l0|Hj#U5E*i>zO`P1Y>$xvzx`+SszSU$Yg+8WwIBYc@9t>o40*C~H`_Yp&T2 z@H8yjPLMS$+y-m5fY`=LC9+7v)kVQ-go6M%!bot1kJa5xnHPXsvnao0T@-Mw5l3u} zxyHfd-4FjjJr~I*J@WSDB|x7X6iSoI(fI^yiyPB7uL^S38rkwSt0P+`c1!y;Q&u4T zSVgC-Jnt$)!5ERHCvFC4H;3M@;e=ZjadVvm?$>adEr&t!u(U2}B(*x*X*;U!nA~sy$g1LAHsVwJVYJF;L-Yk3a1j-N-A?OAK%{|IUiMzK9@}XfQyXl7- z&x?LQ+)oS0>k)IYbBoBp!-o6ga>PPR`7z9hS`)? zd>Lhn7=v@L?JbuP6RgYNoQkV-f*ibDig2VYZ4UR~W`Do$qN(@)vG@MpZQID==>E*V z0#DA~*r`cbPU7r(ukZUfPTKmkP5f-PxqFko8X_SHHAS!hC`a4m{q65y0FdA}iLzzK zxoh^E)FSa^Fc=JG27?)#_=ADZpV^Qa3kMd_F%b)5#C9E+ZpR*@U*S0t6TJI;Zy)0z z2m*8x6D$Zym{hwXb-4Dn_U(|{THLXL6rdf2uC{ZVB?C*dI4=2OTytQm9lIB<_xXe_ zjz@2pgqtg+IK4{;rh||+JH@UvFrgb-`@k9<9a;z0Ez-mCf!TI!7>IR0ZN~Tx1G51W znvQ!`7?^G5OAqXNx7;f`^&LE)&_z?MCr6-sD<_1blN-p8_d#@Yp}F>{$bFC%i>G?z zVSI@W!;oc(3_?zvOAU1_SjRh6Ow9`$S+`-+LemxaTbq-T&Q=-8;;8f5^&@d&&R2$^ zeR6KsD&~&FY{pF^flxu}uQG_|?2;skAHXeE0TG3ayGm_Vpe$mEasDceR8RSuW~p$Q zY8=VJJLDyoH4|JKH#i?uX6lxniur>Nakyl4xOI=9Bsyg=0Ub&G@scJHO~z4`ttAytQO$jDaai-);B?8MIfCbMWmgl1bss9 zCIogR$qdaSeO<%swZ_YXjOjFp3r{ZwuflGv)LtSu% z=5qalS-X|QVm}AJi+u#4YRdC`1h4G~)@dJUw}rHVzsL%*3i#`=f;bir>xk;xnZ9TO zf3dBjJNWCdbtnlw7z~1vZDV)WwQZEaUu@B+g8${L7cJl~wp(<^{(9^d?KX-9;I~^R zH0QAas&3f~vCtAx17C}AW^Y?0j=v%!nh^JLsF47z|Ik{&Z&Ax@;CIO{go^7gE94bA zx%LLJ3idmM|3l4JESlgeZt6ZpwncQbVu--DOBJht@0df3L#(_J?0I{gz;BH7w=(!| zSaQmkyjU0broHuHze~Cumv|Os+*v%N$Jsq zUkZLply`KuId!g${g&A7=x#IVv}K`K3VusOcXYS;bK0V~H-O(IWsb{v7G}*^6YE)l z^K?m+vxM`kJr~FdwBIE?P8;XBtsEvRaGownaauXgEx~_%?6(YL!$aA+DZQ63!ECat)5{O<1^+H`)~pQv;xsib z_;-=1W)<-5zM`W_OyxdVKKeO+Wm1g1I z+Zp_>*ze+walfw@HGHNwr{j?>XdGJ0I*V_2885DqV;%ST_61R zxG9cTmd#NDmqB#=Gq^=3Se2mcB|E#QNrZ-TcQLeqf6b-a9xcV`lO{sqq<&q06$~$W zt`9yZ00~XTRbBT~f6>9+G_y?87?MN?JWXRFY|_A-0o?%nt|yBX@b&A{+8{m|x2Eoc zpvjns>p3r7AN&bR7;nhbQ=FQv{A9OS%h%Yh9PqEn_kU+Y0Ig2@RVP<{0oM3| zO3cSZ76CwY6gsRmnBUn@*QAN#%(Q^JuE2SU_D-{Sk$wLtchf7?s0t9>_SMDD3fQlJ zzsjy#8OImdbt~ZCl!&JU5dp~>1kiOq%Q%ncSw5oEW#kM*i->B% zFMMARi7v_f00MQr-_HO1^#Wl&&cLfgGITK^@l;Qk-%!qb!4P8z$AErM4?9%<$Dd$yqkmvM*4lp_u?3 zCziJevW-|AK} zLqGH-SUl6{r9xyRK&ND+xB2(*0`2bX4SwC6NSTWLet%5mBpU`Ho901DVdg|1N{hZK zzNMpJDcL3>64O|C-l0i9LuVwOZzGKUdHBQ3^JF;-fYin&+L(ktGTjDqJdInIzaph`nm&25kN(LrfX5Q3HG#f&+WB?U z`LX4B8yo1Tlm$giYl+Nqlx=Kmp!X(U3;N{@9hW>{i#dr{C;~GZFf+xOTYti?e98J* z5)rNxfyg&0S$x%o@08r~yklT4LUNXjxbeeF_==N(Ed%(4{4WJcm` z^^=2Eoi~Em@OKhg+W|-dW^LuYsMR%Oa#8~*4`~T2C?X^!-1w%_e*p}(N6bm3L#J6C z>8&zWIZt7L5uMQ}Q?qR-1?wwabCxM$E4e=#ZeX0M^I=zqDwt*^jr|(F!A1`0xOo5s z6b0%k3gm`Uf%>ROVSx@~!7MniB`Bz`6k#-vnVGI3;ec&tTh~(Lnh?FjAerN&C<3x^ z0Zx%$Q0+eI4Mw3_&WdayFkN26M%FizXJEBC2y?`7)D&espGp7@c9oQqP;K|>qqSGI zO@twN$UEjh??wUEE6wxH8Je=l#>;c13%eLWMgZ`wK(w8wpK)8SEMDyr?#Pywr|!Riakgy^fJL;_R5J=zGm6J~j796C+ePyPG1J3A?iF zR!+!N(GtJ2|x=|oR*f_8+~sEm^>9t zH)XC^A)1>Z7|JycK#I;V8gU{fxp7o0b?>bRQ4rH&!M6~eBqyY=1cruC{ac0^l{dId z?;3VrMfwIKtOwc-D5wpLN1ES|k0i__vBo%6znCt|BrEMVkca9o8V06Bi9b4YT_Tg~ zQAIv5O%|rZj)YN$GVfsx=%KUTx_fV{SjZl#sPl@<9}Tkg4dTOoS<@g?$3Wb^StvP&nyqN zqLEGLZ{-?b*26s6TRtH&7D0*oX%$SzM*ywbNZ(o_88HPv$h}3C;tb1j3M~MooTY@v za{~-?=z{9Pw(ohqhQ?Y`_pOhjQ$;Dlg`LqDJZ;60a0w#4Bo_VqjVVjCwZq6; zQ-*=yGDajRc2n|sbDM70S zt0q`YG#jCd4j1Dzr=4a(TJ}+oH*^8}CKx3UnGrsh69vQ--OfD6bM4 zzUj*??H8OYm`~#^Bd+CWH}ZZFdZlu^TkG-#2T)}BM@BeRlEfL&2s%51E4gBN8D=FsDpxqbq`@c&-mX%Gr$v4fVK2=XG8>@eVke&xLsD3Nj{j{jv#y(1g@&=18m(*DB^1j!Y zHPvW%IrF}0K+89ET-9EAO*2r1=~KfiRng5qY%88+LqD`M@Tu}@*HpY-k5y7db@DBZ zF(pqWtNF`dr7f2X9Ki`lmqlVyHX<1HWJy;R2~2?*@Z=Djnbix zb6yGNfCaiDaa=Y?fOyi>o^9(gVOKRPU+Hj~!36@nwE<_*henD8gjQ!X$HR6_=2}dP zGNAC}m@UBpz#e`dNFt>A;aQ*uLHDw|9m-ZqSi=C6P(K#*++MccbG>Y}M1&Msl|vDD zUOn+2q@dMer%iToNl2a96G;ypn6C(-%;4}e;nEcRi zglP-2ynJE>+4pr^rrg4oD}lwK*IH=9T3hoi zL0fW|(4*W&sXn;}Pdcejz|`RWh_$*g1$9LG8J+>ubLy5C7H6A-ku_iz{Rn@tiLs6;E1q{&yMc?`_5$+pRs2`Cq z#+>*D0AGW;q5XyZIm`SZ8PjAdcM59F<0qL3;$X~z<>-yi(SNA_?Kzecu;7<8WOn$NXyfXqNKwruGY$9cy&z|lY{Db0?auQNu@vz-AfuKCvq%sHEYHj$GKGlFsPO6Yb zUM>THF;+W`==)M8i%^Rk7kCX>f+8x?7|#n;n`JW1AjU36=AQ8=i|ta;>+O{}LJz^Q zU0xBAp!)t|&%%-jy?+I<5YbzOK#JpHsVLrJ0wpRI^IOh8%+6xWz^KwdLo`0?Wn|9} ztWOP)r(r~DLk2%Z=VN17vu#7lR;n<*g4%8Z6VeCKHV;UzIy5WI5|8!d-wMAmGkQO&GGrGm%kmJes@-X`|j|^SI4J-^ONsh9iATs z=+KLNggaFQ}42^mqTD^XE7zox=* zEMk$B4v~ci4T)On9ETDdt6-xNYMCp=E3$@RRtlaQQ6V`UW?K3I_$HV~MWZ20gyfj2 zeI}-t1iej3ayFqOsW7dWN&aFRlqRLL5eo5sjnx;XI1luuz#56~AazY{0FLM2#3uP% zk6asa=4u8*qlWD_oSld^EBrwZXOi`{s|D=23b3;6Wl{P}F)^8Hu`UQFQx=uK+Cxsg zBb~75u|U||B{fpBbvSVk-W9WT58iDR_hkIP|NFlKoL@`L#X881_AOPCVAYui4_PKF zK;(u>=ZK@l9@iioge(b3Dn-RP2Ma;RiJ!8_SAt%D!}jLmB=T`0sc+wG1)g^(;GCgQ zips~)HiMB8{$y1mSNk&@UYPc_^)I&zEr38u(0tT|He!~{`$9&XPFt*y6=&kQ2&wDZ z(NeV+7%$)R!tP*nJea?fMfPSf#2l3u+r@`O(%MJH^>;Oz%11{H)tlWpXPIJ<6UG$v zdEO$bFb-W2!LeTFdMt==&bZ=yF*YKDVV#c!xZk5(QAY1!ZOU@5Xq?fAEb#r(vOsK| zfZgi85}mas?(35|?cjxePRATaFs5tzwUq{)L31Y4WbS!k90V5mFn97>b6x*g(l?zM zUp4e24N0Q-#1Tv9oQ@|F{YS{s`9IL^&hD;7w&$605dtr180}$-!wIo1Y@=U{cj0cZ zgEm!xp83?<`iBRyGoFK>p|u&RPtk3{KJX)+rZI(!n7OECnh3zLOEtiTaA=E>g3_){ zQwm|JkF^!X_WS*-tE&J5lmX-8eymH0{*T8;uiu=#_IHCF&-*!n3;ucV{o&mDSVHtl ze5HsUkGWCBXo9XdRiw3z1RKdK%!!xpQzZmhsHn4%>1z`>LA}E>bbQuBFAvX-&$hjH z$LHU_{rMcdJ3Ku-d~<&M`V752MMrPnygEKVe*5MOz5Ny)zWFEm;rPv~ZM%b!k13=| zWE}J@s?<8Gb=%JE^?+PLiE%Q{l&CRQ+GApFKe%Vg9th}$!PSNn{N>^KcYat(5+A3j zAfbQBlCj;6Tvu8BMziofn4sZMu5%wdJ3Bjj&z`~mcXoEF{~zq^z4*)E+4H^K-JPB1 zdoTX7v%9-Dc>Wi(bE_jaPbMVhf7!WlU)8~VC65!*W8Xt4#FC5|pYNmN(iY_5l$sr3 zAI)|>oTmBD-C!qp=0!zDihXp5exyT=`CRYn`q)D8F32LOPc}dxh}oEix${D<>_jsZxe4wHMhKGQAX{q?yx;MPsu)t^*nmB@@#);vVC~g^sLPP9j}b8eJtVs zJA=Kw3jcq)^L+P#|KG*4v4JX_aAO1MTam5|eRSMEdSxyeEB!a+EF?k@5vcP2M_kg> z`sP5kAa7&CbAMazr1h@{_Hl2XmDj)B&qV*X!ZH!abOAS5vi|q>o>$lZ^A|fi59|Lf zoWQsLFUe=t>O2`6M9J?Ve`?0Kq~cS_)t41=bOT%(Z_cfH~7p$&Cl922h zAFe5u;pDYe(XF(sA0J(k`9AvdPXyllpFcaEcgzH>QS!9&S`Tx-5 zT2lR}F3>0RN5&+nepS^;64}>RgpMb29}PVF!LQFFSl@3lkE(&&ok!h+s$#dJ?$fAR zI5RQ8&IzC9uE<}}TrQZs8%$h2XKJzcP*1OxTbV&Ud3sEAgvcK#fIH!)Pcw4(+Kp=j zPJ<*Cq}-~emsMKTHA<}-d@sN~a6rf2-mjS0yU$0;q6$9@*)(MdNn}13kf7=(MYK9N zSq}xjXfeF{Mb(C5r5<|Jd7c~)?64o@K%o7D!sDQag5pD7wg!Y#1;(_6>VRIKH5XV{ zi`p(cIM27My;zOYqRV}l+|BA-=%`o0w1i%R#Vzy+B~<(I4R*@Q)DU#SB-$j?RL&iw zZB>h+l+#3xP!FeR#a$z>w2%HOdM@T`-8uZd%4Z&3lKD1z1glozzdk8dh#qMM2h7gY zYh*{Yj&o0x65ni~awu3tPAkw_??|$g#cVwPL2=(QekM#5H%7W|YwKH_rA_Y3EY4yV zyt~D@`hM#-FT(XL!N0kb*?IlleDyV~y=$(#&g-tyWqr-vY{hk1Zwpq~+7{Q{2qL%ONe>c(pL!9QJpB7mF7VH0m!S3^C75#s2@M7;l|G$gp8v4Hz zRo3;bH35#=mSc%n6vr{=N5!^ANBPcaE-1L`r~1)t!!5X=lC3~TB5zm6RmF!mT!G)*e81Nn zW^%%~iQcvn3KvyhA1aSdUv))b$fFhTcXQIiDJ{r;CDgUlTp!jBPmWEVosPJ}DYX^4 zqi|;(C^X?%SEs+$y6Z#Z_lmSxBH@}`gbp*wM2KU;J7RT`;uR#)r>mkfw{N;Ttis%G z4Oa$onvDCiT_~~yxwQ&yXkA*l`*a8-c}8p?bGV5P&Yw0+F%{@(@bsI&J49D_u5&n$ z@Uo@!71r*aG?5T&9bEAxjq?IegQvlczFAP#s8urt%iAUvcpks79DuC%=jYEogmNd> zz+RzJU{T@r4Pik!8IzA-*oAwb1V@OCzzjQThXH;5jD{q{nIO7lnv8Qd{!5}gWNlfR zp#OXtJXO07#BYSF5j{wmHo_qRjEq>8L_K|#Ch(p-Ifqc&oJ`pak^>MMq+8;cjUNlR z!#~ZErrCJ%q@z%6Vi!BGmezxVnckn9v-dmx-+$eD^8Ww*{Ogm?pC9$mW(hs$6O!x< zVyq%#saNd)`7ENgFKsLP-}v0b{;O|uE%yET%X0s(r-NsMs{hx{^9TR`J9)a^osqt2I1hgARMd!;UI^w28vmq=8jbYT`>)dqX}lTY-;k%>ezV0AM4hvBOlk=ZGRL;sd`vt>AU!H=VxS3US9X(B z{n~?2A06d?75$xT%X z#n0xhseAtL2w*fg-9JFR4~Y$*aE4x=p1wWRX?$QknxsPZdN>Cx6zjLL$aVY#-FdIQ z(*q+)mR|Ng)RR3H!OO{vBqqcSCvI*aohQl-0X4;QMF0sQkrvG4gv{;ROLO_OmH`Td z5G83XV1Ju&xUlJ70k+9j;6AH@OQQ8$QtodQgZDN0`4E2G&*#OIw^xj>F~q-CDj9!? zQn5Nge$oM%?)u33;aTHz6ZubPXt}Zc_iS(Hc}@NsJbRG;?&4WN{&TD@I%$Cka$}r@ zYT}0>5BOgXZ6Ymgz|T|0WZ@@g_9&$O&<_Lnc2Kxsn$omZJ zC%3Q-_SRTDPmPpU5JZVHl5yBv_nm$v;ZvIE{h-{A#A8?KbuB*4t`5d~LAPLGw(eo| zK_0Z!X!T2Q{#M-;kVbS&gml4i27G{e|EIFMxMMzOXsBV-Zs*o9@2{f&SE2svRYq2w z9|xLJ-%AaJhGb13s$(Ft98WsKfzHE=HY1X90%_>>A-YAG+Biuf!cVd|*0qE+25l`^ z1Zh#cvJ`T0yLB}Tw%fn$ZWU{#?D^7V;gq0qL|5m%B4hwh;j~JhE}59?4lWtGIP!Df z###>t2&WLbxAZn>B;N8buhg|k80Oc3O792|IzpSSKdRHr7R*N#E&CNnOC3Wm_D(ol z7pcHe0%LvjPn2q^6WbX5T?yHC+h0KBwUx1UQm?3*OUSzcp5;VtzFKur@p1ciX`*e3 zc9%6XrH$p*us~{O4Kj_5!9fqaY-;GCz{Q_Eeb~A$%k0jFbB`A57nJ{QB>x*Hk7WwL zGWq}6i<!;@os z`XpS_Z+$m0WMz8E*S$%(YAm7VtNCTVoiHwoZ{}CkK6&C;Bb_#LLuAmB4^1b0HEp}K zRX=&{{&6A$1g{h`K%0!4u<%=XkaBZYkB(&?fL3yxh&(D@k(?D0bL(L8kjUAZJ8hCe zr1PTCM3OP7nL1x7#JP6Pa}(%VeYS^?c17nKKTFyTptZ@#wIAp7eg9y|NqCbFTH}E@ z<7kuoQEI%&TWPCas@=6nci_ytX4oz%6yJ4XBIi5IZ1woue1l8JZ4K&lNc*murjk=1(I4B~NyPD%&7UWVyAi;@c=@SnfTmez)BLsn$FEq)4n`Ph0F6aH3rb zBv%`@@eELWKnZu}^OPVs&wv!{HezrG#$ZpQPfRO4z1uD$*?KjH&^8-9Wd63YhfK{y z2Ew*3cGl3yxt^DW8QM{dg#d1IBYYlLT3ZpX_3DcqkXA?Utz$PwZb-QFr#Qi5IFT?1 zT28Pu;GU3lla3P-d2Vh*lOsOQEMO4hR`*WHsEF+4_LfJ(&D6a04U+pC`GopzGs`De zwf&QBT5SVF$U-Y~T57SzSw8Iye6i-WpjUfJsae$oiyz1wm74BV5n-|e=%Wy>*nFpI zONy88I|0@zDb>nY_&A)B-j>VW{#~3=ZX*AiYr8kK{|^R(-HQDG?8S>05Ay$AJS*7$ z9a$a{uV5bO3*VxZ9T*C+#WfG8U&791oc8<7W-pqMcp8X_rpX0W;Jc|)@6YBI*J6%6 zPPc+uy}V{Ekw2W5YZ#~7X4{*&{B82Ru*6*Y2_VI&Fn8qLJMTKP$t*0FSccourTLqp zcU4sVFJy@SX3tIdzb2oh?0@%G> zvN)cjKQbKC5mkywn!;cM?;X*tLwTwCP>_q<1zoUdDSua?HEOlR$>sz>{Wom_pEqZ! zELg%)5^e?F@yPmu=|*xVdk6QlFmM6h!Hr%4Z=hX_b5*dWNLo6vA9GsqD_0O}1v=r~ zRUscG#v`CJy*hB_=+Lc{x6T~a(%Y2*tWsgAHQnzj#I{&NUP^>{p5pmeNsH~Ow5G;l zcn)FOs8FgKV~Q@y8NWPTQkVI~1hcW!Q!U*2h;sobt1`^OT+@<;oDePi+AG z<(smJ6V(YyUe)r^Us&9qrGg8RD zZ1R9PN5IzKPv==IG9jQbosq<<6_6NPN7>7z4d=or?Vm(Htgtizkt))bhvkT3Owp8 z0x)_=6-r0wis!5sp*62?qUR; zdc75OMc-VAu2OxmyMxD5?cBLIS=03sSHiL|2hH1dUG!@$>H=C|zz)Az5U6sUOET}o zbRdM}4S0?YL3v5Q?YQ^ASnh(cT#|Y7b-*`{y-5|a`~s>jU*0g6IgP3Y_78M`_tLU$ zST*G^v$b_ou2FVAthcCo{0XP2b%uBRBNZ$Mh$a#FxTw~n9O!lz$EAzSHnDuI^ zN1RAb$&5hWT{_CM^@kv+N1fJWaa~fMs5q`&rOU2XWiGEl)HAmgqhHD)VXOCN2Mu>> zcY9l?7n5WxCp|RSfjMMq4#9_@tihN5Ug$h#mVS+5kzXR&$9g6o=TU{w)r4@J*)hj4 z6-Y?PuDxh2R9bFW3_5*mQhg>Br@p2hBCVQLoCU=4aXtomF5%Z6@>*eyWpc`8}m7ZxJF1dJYE zlKH}Jqz#UuDchz#uk6FclC<_hjY<-2c?j(W=p?__ZihOfxVlIRhjQ9{G zj(TLIqE?Z3Y51LUsLvBVNNc-8hDYz3b_Dg(U`ED`xC6OHps8wr?w` zKWa3@Y9peV->o20O%y7Q+psIb8DB8>vzz3nOb%8UtCcPV(*Ls|lC+hz8p1A|7h?8@ z-e1Ls9*P*zajp!T%QtoX{X^2T!?e9Gx^izkfm`O)x%yO$vZbtZZSxZv?mZ((=#JbS zw{t77a@C0>co>tYe3{fPtOIv7wcXKqWL+;$oMl>#pVCZuR;0A(v!PP}jXeuS&w;3c zSl#<#RZt)Z!nGp6)JNsl=jNA&@F6-ZOEVyjwz94;Fzv83uIuvMs=!EOmB~MoJRiws z%&rJWn`*B(jME85gRL$7^G!A-oQ7zyg*LM^t(W>_VyXPrYg@liUWAm^cyU_=GA18S z^j-GdIywJcv2Q!!`N|Y9ym}H|-Od6M7Gt;RJ zTp{XBHm!lTpvh*3{*vmLx&+(qqJCw>ZH!V*W|U>3E;V3R{1jcZM_qE6&iKU?wiN~V zWkQP`tzX_QZ?;v|cgctFd;i|gjn4lh<9JMNdjE4U*sJD$dA>V%$p3mL&+74C+-L%4 zngS5q`Dx_chD1VDptyLFhv$Mr@dj(WQ=n@wm`YcLif29mj9~b68V^bz{d!!Mszuja z->+43^LCYcJXl<5;UNj|>3S{mX_Nc`2SKGGTNTr?-M`&3`qJZv-iMwW5y6!ymetil zOfzJyqj}g!?%#70{$E6BSiA!);r}~(J1?sI|M}iS{I5HCR^tCjM0jpd)CSw!JZtG< zkt1b8NDoww>CvziXoEyozsPzQ6%JlI!( zt>)VIC<4e$*1xt2-u(W@&Q3M{$Fsc`5B^_w@~p7_^<{pV=y>^Xl~yt|R=T{^tj)Pz zI|tAtV~#4vM4ENKSf#f?kIh@CHqWR&pq@B4Y445&yWw{=&A;qml=&CM3NbrVXlwRw1WxOe)mgfu7U+UZFVZA zb3Z=}UOpFC7!Wyvf}q^sklHRITB{ zVx>l7jGB-!-1{VWQxm; zu`@M)#rdPI0xhBic3FMmYjNnD{FeMO5aXt#v4+AD0+*i{B`onx=`JMKeo$HQ-MJ+5 zL75K0V`o)LEcI9Q_%g$XL-_m~Co{qY`9ZzhKS1WEDOIL2w`g^euXkt~G#)x_m5wbP za;UhA1@&{Yh1Pqs=+OO;JRhF>@Z3cHzrsAB$#|&>u+;v$Q?vg*-FwLYeJ9Tf^8Y(M z-3Sj^CQZT@&f*wuVd3#2u|KC2Q~n%}7li*lWlS#O_KmH%HdCBLXfwA=^sM7?4>t5AbU;6STprI6Cu*1^F)nm?#%NT>w#f~aLV_}I z4kO8oa+c_e6X2fRo`J&PhHzn%P=FI3#A)$OFTU!jvF?ECH(*S&S0<1|DW#c>^_|T-N~~8|2JMh1RdGAE+XR0Ef0S>Sm~z_XqZq6WhR%uc`>=lSIn=rNL-+<--LLg9 zYw}JHa_97-CwpxUi=r;$3atTprM13&J>J$mvMX{O9kg=&r9q=9S};x4E>@M=Gwy$# z8q#GeEkwhg1>q;0jOfQs&0Laspet2cvfhHOA7P;z6?YgaeU@F?K&)U~3l5K}cYh!P zZS@uzoUv}%j|L$+C}sJ!P|d4PRE<}wctqBQ+v*P4K)k(WfE9MI`nP7^#^L~GIS+ss z2Wc%|o^7|mebV(uY;;Fl5P>24NMnlm+_@y6ZQ2l(fsQBAn%o$#-1%F`+?FmC8#!bF zyZQobV=34r16xpl=uk}64Y+7iudV7mJ8SQ*cp@xnvU5Z0ns~Evi=nJG_m;agPkQ&s zu|eOY<<%l&gA6UN?)a|W|a@~a6%;sWyTv1 z)v5qF#j7o4a?-9kR@zY;t*X$XHl8vjTU1BxeCm~YZD>brzt+vfX(KbQm)2jdzAmnR zO468yKq76!sh6m?dQVm2>MXUY#ifGns5<lKGH#9Fnl$9H zW2Bo4tpvkX-NAj`MhJ`PI+E9FhN$}6yTjKBgk0{^bJjv{0TNmkRXg=Hl4?uTz0z38Y>BPw`jb%#pPBS!cEqhyCbc#uv+S^*)XTp?+Pz%-)@J`<$(UWs{xjHl_Ou%R_r>#_hx;FQ@?6XQqvrb6%m3hH{Ezh;feazt zA0v=E+ICBj2K$D#Ah)YqG6>btyP84B)L)B1sN7bIL1?iVr`$w~8E2_csWPZ`qtbmd z2))7*53#7$kId`4GANx9d(We8O48q!wse@u$?JkvoOW`$XfZ><>(}jMwu-&Pg<^>= zdJEPsZG&(@xR+)z!|MJG%woENyU1?RYu?UsW1OO_%8)Ct+`dh&vZLKAo17rBgGsJn zOUsOLrep`A*X4adq@RbCUZVxh0Pnd!l&-Mnw*KjRrV+XjeV-qmVe%-b=Gl&)D z{kpcdmR4?Rdo#`6bK6^I3r(8@eVZ1VHS0O8V_0UUaTe4y%rv)Z5?!Q{e7#e1bGxXW zvfH?+5hHe|Id%>H~f{dNql*; z9}MzVJ-?ubTQc)ik-3_Y4{EQ)#OJnjO^>eIXArDeq7gm)@A=G%GZrR zOZ>kEdsX|-)1BRi`+s-yT*v-%qUZWHj6e<<-5X0#0aLpzYn~>Aj?HGod5xkOh z$Z6t+VPG0sYBUk$+GSqeRlk zgMh4DUz!W(7P)IIt%;1~oK8)Z>Lrs_(yr}7%{|@%Cvk<<>#>ruxce1TapQQ_$K6~+ zugK}DtuAS5&HT>oExkU=Yt(JOVsdF6(-M+tA&IoI%w2j|RPM{zkJn}Y(y)#uZY@NyV4K~7cz^Ill&=hHm0XSi*L@1vMYLg5P#+6EIk#lHZM)2ZTRUFaPtNWA>o;64GecuaJ?qcrjZ%Ye;uH~v#riE(I|G@fc_iXbBtZ?&SRN+dHdR2LFU@hdtt9d_EH^~ zw4m4AJF3tw7C-2yt$TOHD)L^k7{9ds^tC_h(*NCEuWAKYqW?eJd%9Eg|9bl3#e@ET z7teLnf1?hoGN9-WNnO|1vOAQAg?+@5(aw%yE}K=6FHialuX=5|e(ua*L?nM_$B4-- zy$#me+aT|)i^$g|>FKn`jkswVLOlg?Wg1ZGZ1#4P%|?#%iAifMnUzEU>SS!1qKPA+ z1amx%OSc^hWv|7aQiv6;_LSy+1saota4bpG?|#kFWPxASzbx->QXN(SV>sU!)T24KJCgYmAP|$FYPjstZWOC#;q?hg{-sV(hQ_e43?aRm1I+k8F zMZwY~Ii34%*+Lq2{(M+8ce`jRsz$AKMM~W|c%+IO zE})>mNfan8tRRhI_MLYYfi+Cr54~n(`9GMDcuL0!LG zCo~yvBTiy0>C9}K#e1AY-Udp@SbIrtYSV=AMn(VER)F3n@f@)PYATRWN;ryXLIN*% zb@tnt+T^?qbOeNmemOcr5#_=Q##HvR(t8rfY3e=s|GW+K3+9w%0v*44ExaJ*>~|7MFQ5^@eO->T-@RZa zLKcz!S7en~dHtWhK794l>tGsn?_=@$-`jaHcu`sZyMyNs@qg~**+4I;Oz@Q2)$k)7 zawWAKsaf~DL-hW85>Lyof8Cr&nTq{>Uu_0~nDiqSioRqi4MjiJMSnANv!Tjtf&F{T zS(Yl6qG<`mY)nHmB=U+VhGPKH^#ae^*g)q${^QlD=UrS}D9PH3NJ^53Bq1e6dRKev zzG)Bkd1Ff5M}y#F@X>nRFhM2b^L=CiH=US1gOE-8=5N&*^f<&~;ypqNe3W-QM_H=m z)VvhHg;V;A?RPftE@=|&Bc;L9@lQDQrbJ>TJu8qkzzr&s`XGW)7RTBb5>B*jt?68g zMyU5aiDQP|F&;-f4aCLGq>gbQ>vq2UCD zI8h=HnE&CT!;Hi%MG3hw^MNuYSZivi&Ht9&B+wKmcuaWUc`r-TS?T~d{`()YAyJ&C zXzkLx2_iD0CHbOv|N4kBQpfJvaB;1hB2`8X_3o425JRhn4 zctRu*Xb=qk{*CAB2A&4H!Ol0jj?xQ>YC~a>pb?8>cBRHG@h~QEo`d>xx9k+$zS{|`@XJfpS(}#!mJXUV=72kq|`k&k{9R` zIwdmW3BpLdKRjuLvPMfd3f4W|Nc*J>jEtVWrBHB z0!6*JYfw@aS)|mklCsD`(pP^ck~Tq>gA%f7$`X>u9H7Fka#1FgR!}rjYFN2FP+&nF z;S>*P+;K@YES77nvF=aPYFxhHZoZV((SbYLp@Zi@v2U{tUQ~x`W?ykgiMi7I9d>L_ zWHSPMW~ImK)5w zZDBQJt_mj~;;;e872rI5d3c045iH{&Sq0n`*HP3AW@k8$PG4OEnXAH?vY3YRCQ!S= zsdh3FW}M2oY3w%OOo+T<{PLs@ZdW)>3#-AnGMqT2XN1paNUqD54o{A43%5A$lN8^O zKEG$2{);6N$LNGb=rEH^gg9O%KCH?=jXh0iBV}MMoI<<8PM&KX}xc)E3|XP7nYH)(3bmBun)&)DR;Ks(euBD%B3EULW>@AmYGYR8@f44jt1@?G z8@TqfY>nKNN#WX$OSu&0ME|c*l2rQ&(WEoV;ut|mumIL)z|am9Ib}@ta;3*QEXfJc zeW9McQ2pp)8woN{bQhNOJlp)FtmW&L5y#{J!$!QcBk zFZzSO^>Iplr?&8E;t%}6Uf*Hs^F-p0`LRMs1ZqO6)h|x4oSe^7a^Vc{gwsR{dy~W{ z7^x{}-N5oAe-f=>Ej6ed_xxFeR5Q^>F&0AY>=$iFrImtfMehF+q=tmcpY#dhDfuHK zLKbpW4XL>vplbQ%;1S^@VbWanQS0RV$1^18I5Fkuh=#CD!^s?x_Snv@SGRh;{GFFA zVwtrp76ltv*qtC1WPu;?ki@s8EwpugjU$cq?pn(ZD`LQky?7OsEmqEPge`z{g_Ury z*z98<0H-KDM~YqOzmQ}gII{#@XuEwNQW6GYoAmuo4V;zG>Aa+!-o1|5)8yNQSE zqKxYwbFGUqmeGXvy3mZf0d|FE#U2vJc{#rqsb=fKvIAA(?Tm0vqjFQrXrk=*QMOVZ zaiRqtdlsgO&Cwqjj@86P2&XB)w$O~)4FdQ##UUx3Hyp+>yE0cSwO?#r&V-d@de9MB zKq#x>zy-y@LEG37jzHSeo2-yHj)4U~77nc4Ab_c@on7i$&{Y~|;(D^=qLpd1&&6x= zhHLUG)VfxD7BiL`GL)}SzgqEeSA%w}cln~DepUIQ@xos`H&&FYg$i$wrmAr=4D(a_ z*I71#`^>%RJpa?Rg@7^ab*cWZn;W)4VWM#~n8nsXeKqu5l6iiRlcUdEx40xL9MIhe zeR(utP+z|!juws3L0@qMpoRL22K42(gcwJhNKVO&fbTdRAslmpqd5v;=ZFGVk1t&; z^G(#rGKNskcuhvXl-;i^l5O9EUj5x}ZwvKel8oh~hXy;SCnRUdxCl_C_`m6<^mjqT z+ep{nM!GJ@db;ePRU5Vb!t%RYP1FZ7DlSULh&E;dMkyyVaB0tPky+GQ^y&HmT8h4A zPpq%$vHP%O9FNKRd@#Svrn^4R%`da-m55nSNf5?ZxaN7+K5wQCfoY|n)>MgULXspT z&5Y71&~T)3Qhfb&bHgdya;yRrbe`(4wCj@P?y=OiCUNT?3sx>2$~4Y{>Ln53niSPv zBEKRHmsu4v#55^Re@f@VSqmxZD}m)*Aiw9E-!DdD!m>C*8U!7v$9A)wD-|P7{>Vro zRN9E4+Mgv|ZY{dq)1tKzdI$5uEt1^Yns#Zg;ij$L)n8^bju1&^ zl(S^2FVJ!dw-G=<*DeuQiwrBegK3g&x^utECSM;$<<4$yE(g_}>nkk6hSI`TCebkj zR;Gm|f{PuUc?+HR_GS5qwK|N-ZE-E4%7Pb+IGg6ip$o)@zmrg!387Nx`14p!RvN}- zDS(OowTkf7IE)|2Tn*w!D%>jr0*xpa(iwt+7%uK$a|u5(LuK5QHTob3%OHlwC}D|j zOS{9U3)PooJ}3_kMCqpC8Lst9argfkF8*KMUF{z4?RWiLnhUd=ZJVQCrPt>nBg*>xae_iDz}7Y|yc@TjtB2Yd zaa{OBOxTs(Hl3|BKxays`Na(__3P$_4Yva0+(Jv{uN>#-qG|qYk@nzV=vX3d_7;r9 z1S?Xf9r{^b|NP5NnG=2aZq{6fc?+=+ zIEgqe&E2Z=c4S*w6W^@QUk>LNp2HlDyPC&kdmc;1?B+6yYUS0-HLN_eXc7&uUwZ4) zP~7e22d0>Jm?tzDFSo;Vu({mGEV9&)&_QXxkzVgo^_9U&z*!vAWPFatYUek|LU_nB zX~OE55=i1PF!}sG&&BHZd%TSebe58k;uulDpa>^qiiLBNOf^-6FXHA-%f5$@oTp@8 zHAs`Ohfq{Z*S@_7V~acCN%g%XDp1Ve4v>cs`G}`!O!iR(wF1gK&xypeq^r}sBoK0O zbINVmL~QCOW14*QJc-B4n$_({Ja(HI1cSX`;74RgapDhle7^V8^U^Gi^;PU;jRLYq zbA)yCCwav@YXTUwA0Nh7crG3zIx65$IC~72gyiFGo&P`(3B`{`Zv5>Ii7n6QAu<>+r^ODaIEnh2@7h-loGt0-N#7_4PEkw4C%9n$>fm~oW5Xz-WRmdi3`hm=IR4QD; zfE8ew;#BX~IOjRZ*qg|Miw7D2*vgWJ(0KkVE_f=vmMbV`J3;0h-UR6)w z+Z6wikvtq?F&lsW>G)F^!T%E)?mZ((m?!`L{MjoFI!fbW#6b|4fYl_K?R!>|w4o(W z4$scsy*+*96+-6B9{lcmuI#B%38~9Qy@cG==HWM*gWXvp@L7y%c+~r=SMpGxWP)i30DS_h+DZUf|H- z=bmD4SdhJE$d9(XCKL>=g@S>Lg28%FFt`O245}!wVQ_!80bh(WCPRZ@C)n}4_iq#Q zhRw)yNH`ii-A21RyF1$^hSILRfQzm$+!>vMf;6HD6%!H__qE4VPO>4y3Rc8xVhC>t ziDf2yHuB|!_$D^^);5w8D$o@F&bS+=NnfQBYQRQ>DekdOa55%B?T<0lad_4DBFe2< zWuPKRrq}}GDa$Wq6yaq@1j~%8rlLrPp4CHrs%0o>MXf|5^nzPY-jx{vqEe7}q|_?R z^9xoMWv}1<76JA|@t(NEHeH_md}{=c5zre{Nn2jSec@@xl$e zvPg1)Hti)Zg@)lA4Vj$iO1m(;rxy24LuzJq;AR+pxy{{rn>sKsVo5yT3efxS2`7t# zUfW>TiUe><&7ib1*%s)%Ax;!cMQF+ZONF+p4M7UK7jC#R?X~Cm=x2omEeDzC!WT7| zW>13>SR?#Lf5Vja0XW}K`4VVUhv#Kt(iaX=t^ZnS`w1Wx_WLIgJ0DH3KtmrsgVq7?xBPv8jME5SWjBZwu zp;Hl(1ar#rkfwP&04&P2BSwVk-ZCt^8gVjL^H_jUj6(a#m)Dv*G`(gN*kTdfWn`G0 zgp(2BmQB59qY(w8BNU5Rm?_N$W^M7>neF~Id-~gyj`bAxH}XIIOb|cBf`~1%O3bHZ ztS8ToK{7OZs)*%hK}K1OVwzkEO$)YX)nh5%yUZlx6vv{^iD2=J_zJjP`1h%wG9mo} z5IxU*r@byCX($e1K6DA4PZ54+iqG$e`AB#&4+*9m3+BV_6PA8Pm7 zwX4PROt}bUNo3NY9;P^)5Zl5wvM~*JgB`S~3iQmU-qt@nMK4o42hz*H=ZFfuqRGdQ zq_E;cHcexy)n>a{m?i@6pQZselo%Gdg3|78rWC?bO9=`e`~Cja)m4B2%7F24Kh~v0 z|HtE_*Kf{V`@3q}{yB+>5XA;Loa?}hYB?MWhs6cK3#f%fwJ3K?jXFc@t@a*_(+k1C>{{7pZ&(XWX)6>H@=f|(l(A!gV z^!ClGDc zVQyr3R8em|NM&qo0PMYcciT3$INHDUDRAUDzr=G)y=>Wzev_`_+G*=EiQ{WK?VLMn zRsxZbgfU651Snfgdq4YKcoKYyde}`{ajm8n32bZt8yg!N`#~ZUIxvbTa-I8A>V#7q zJ~}v@#)#7H`3%Oavw(sB)do+m*Xtc09f|+!h zCx>5w-X@JUeGWC%QPQNpBq8J4@30fYCQ0Sr1#fXkt4sX!IOca!Bp~I38htm!U;n+uB3xE&? zXapic8OQi1zXd>yB0@1E@nQsKj74J%NH+axDjlCD^)8#>im*;_KJ_&Y;)nIlUJxiAn9kZBdfMuI!t}Y>LIuaf~?Z zI7AH5uBsrbw+w$fJ(-Sgy66aMcL_kNQ$mhk`H;Zd)^|A!|#{{I|Lo)bO= zoAdA#Q8of}1_#6AQP1lij!(xu_xN~xiu$J~r+oz7VZZ01;pw<{{A$=golN>i@EG=o z(0kQ8JQ<>sNpCWN-bsIgT2mCF7&7FIKzq;|967y#)9>H)Pe%RI(eSu)a&&y!KRrGi z{J-rT3tRHkum3sp6GS%^0BhHO|M2MWC@=q=^pB2q>;E~Py*(*!a1m&Nr%5bi!Ped$ zxIvTAD#Al|?2~affH>@W#HHPYqS%=x*h5`ORGAjKIP}nCC-7Q(doAAF`#FkZ>>&y! zBnD=QgBVF!MsOzD+5@);0fvG|2%FuHGvr4orX3dftvyjlLmIXAz$Eeg?7P+;a2(Sb zU^4_f6!~NkppeN%BIu(33p_M|iO(n(Y&$nn)a+d8?=4f(fClY0@5oy?M!u*8qsU)~ zKYZWxgYpi$BnU_-OOC+jUt4>Cy1@+6*$BX~+aDaZ_CT-@1x5hE`}@FawNkNoWCYUm zT?+syt)3Z?{s-t|PYL%x$jB`KZ~&)hB;@eDJ@9vgBKZkGs{1UaAS4g}AxgQkm=Kl% z;5)(;Q^xlL{a5Gyly)!?Uu6RzOB@+IMa#U6F?8=AVC+%gk|2T%kFk&0g7=DI55<5Y z#&9?l)5Pae0tZR#gE@xcb-FzP!LGm<`Q$;jl28QxiZGj@_^-fC;+W5}?xx1RE1{Cu z1~wsa02zOYL&~7jhe+L!2|YvFoD?DC|LWac*Wp!1lsAr27ufK z*+1$HUH75mdEV)G0QA7IP9~GVG3>oM7LcRF_pgbM-Ngu8POb>MjuAy6lcbS^XY`7MH=1!bgkFaCr$M6p=9Es(yrDlX+RSP_XiJDNcz zej2W-8}Kn@D5QXdHt=f_GdVt-nUBC}&-|bxaCCI2Tl;4dn-5hM0{0!?GBBeWUlw1=UF|1 zo>$VD_k!x6?=OHJ5v10F2fUEV6~brM{AgT#MkqV;F{Frc0M^eD_~*YQ2!JDgj5+D_ zI=xO`yptux_CHcD955k-ACsYP-i%>vy-|RAoqlJ~Ijn~hqku4!0c5>u(kl*BcS(u~ zE}x$gdyrmb>8prVJ0eDt1Xm(rv54UCZ!AO?LSn<$Q?#SpuX ztE?9(e0Ik$Mgo3!Z;qkEX2{_X9R*R~p_HY7GRP7N9v}r{ABOi}j9ke3$E6$uFa;q2 zwiWYw+bDd)r?fH}UIm|EHClM=HOpd2Sk#y+MqhpOf#KAiHg_Bcq& zVCccv1FlaJj|+22M1e;T$B;?+SSc7{c11jN88Q@y(7%jwTk~~HT;6p(1Z4bg6)k2$&bvnL*<(AS%3nl<)*P^*xk5iIlJaUP4bQsKvsC@(YcS+es1G=X7j$_?v|k zEHdrf@ztK4X?bj*;EqJZC({Kudw?+lHzX0_&ICc0#OOdyDKQ!%g!lXbQ^ho~IINDb=b;dEffth~LXx^3W++q*@V%JL z2(?FvN{0EJPsY#(sx8jEl+5=IMu5)&WmujaBjhpxTA+R_D`e!D%)s2BpAsA+Pf#^y z4Pv&=uP(tD@>xtLN1tvKJ9|kJcg6{f@Ij=Afh6MR9bN%?!Ty10f#T3b0vrtGmcv&t z@JRTAfdD^(1!5g=4nr=jc_@mJD-QF7SF0C~Y)OgI1kvu`@YSFvn#B|ZD4vRO$m~I; z?|VXs7Ys{E%cnhoq7rlWzy+q_Mu+#wGY14-A(fNG2)+?CDEB)4=>-sHVtJfU*FyGz zL^P+*Ap(L`m3LW`P~S6>czJP}FK-F!s^4uQJf`f>JC=}aTXqPPMUFLgz7iB#k zxnh}JUhsv(DT_C+b|iT>cwmh!z%1S0EhGg~b4f79A@U?~LO_$r1V3^P`@$EZ;0w+R zREw7v`joXNmpxUO#Au?Hv1mga()f90V()m8ooXG7gi`v6%4L^CeDsm0D4k0ZU%v+Z zPXAPpQ>>R){`0FG3%*fct)Um&kiyO`DoRLcOH}HOrf_{EHCMA@+br&f;(&@NKcny+O-d0t^rd3S)cJvf8iBUdB4s6{ zcG~zgjA4KnpKeS61U?S$g?>$+b&Rr5oql=S>CUMDW%moyd4o(x(if)c%nN%o*l^>%x_x~|F%W}CRT(RhK`$)YNRl052xHs&ipBfF`ETqbojjT zy@DQq2^VESK^BsGrx0e5cfdQzyAnxl&VfCpJ|Xv#PO5Oq(S1t8qN|op)H4Tnep*R& zB3$_OAcOpHOFT<8D$YUoXfcvN1~J z)Xi(bvm%W+uro;SX%~6{4l!Rmj#@-r3EBK?0o|5qUjJ4ny>^IL$0af9P!hmLmxN(^ z1lp(lSA%xbKAYjBwg#xC|7U_iKt|i3m$X_+nvq`fxs$?o48Hw;F0S}IO3__z&Y{iH z^p+sx?M~)oh?!8wQB_>(S$Vrsr>X>~@j@b@q)C1t^yJhU3WHs(YoaXu_3|1eeHZVS2}fq*6VQaIkU=HWdiL7oFE6j(Uwphed-vw{`t1D8zS$xL7}YJU z_TmD!Kt>zwfY+}j3J10pR~*O0zTo>QEP4PQQ2H%>4<3Z%?hAgTS|g#q00A#6`Lrp0 zD})sicQ|hkAOk+W=K>OWJ%({7bJRgW#1;o2Krp0LICZl9)zEEibKUwisy5ICwknRl zskrAV8E{vhN3L??&fI8JAm~y=m>X&R08MddFx8c9H`5F=H_EDn0~pB*hJyY#@tSrf z@qU}mBwpjr2ypM|2T3-}&Zl(X8(TNZN7*CS`g>r}^E`BglsnHU^-gKrNalRJ}ZIO|HZ*SiU z+eOh0CbgR`6lZpExx-?37EjHP?pd$oZzCf+l=_YZY6RLj=Iq9ZN#5Mnbr}wjGfv!l z#OMgLd!1fyc+l(g`uv}P_>=#`e~MqjgZ{ywGdvg`^m_(~kHRUNSz!9TgF)}$uy=6O zI~ev3j(Z0uy@S)auzn9jd_-B-@)$fV_FsE84J6V6k8diutwx8;fF+xPF)8z9BJZ(|aS%qwx<7bEs}wBQ1n^Nto)tWaiI2VZe+^N2VE2tB_% z{@4r1Y=fc)enCh#$O}b!#J9EVCl=%B6vZRJJJ?Fqcu46E0A(>`Xu8PQPw-AH8BJOJ zR@F{%;^TnBsWdk>gcHEW4~oSG0d=#Zu8-|12FFhU4sQ_j7PrVHp+`Rn4Ce%U z;2ulk0DfxF*K7|+C=$4!yU;l1AdEmy1HanQRS-%Q6wgr%s3Ze*x2WV-E_QI? zo;5tCxFmE@#Ar8r8wV-pfLk53J>9g}^)kqqwXS{}y4(Y2AyAjST(XEn?_=bN<3|PtmrU_= zCR8fwj1`M}yS~%!NeYUHcNQ|N2St;)0eX?dIGo;^ak!j@#JrZHj7gaCWZB>dX!ugU z>1p_PD9-R^!3T_Vn&HDjN`CVg@jY7m7^GhnMZqY_-4-YViL|6mX_sN{leE4W<=#43 z3#4WZ3uSod{x*#p&F$u`=Ppa-qwipZyp?TQ-xRk>sne)C3&dGRe!AAG)K^JPb;Q)1 zlqyHFY%HtiaWxWp>PE{+XT?@ah$cfa?Q)t)xw5%Hq!Hivgm#g|Vw(an@)v-FQW4`D z*#&zjWLh@YtpSe&5Qi`6z7$FjbZ2sp6g;rABKv+I@jXBD&@SJh`9F@ij+B@>7N*uF zD9hZ6BIjud%RHolRt2Rh9i}zN<FFt<;ICTBQL!h0R`;Hi3&;h^x`l1$)raB2M zW3Rfjt|6X+4O)%>^p9NqpQS$t*OYiV!;o<=<{*(h* z!F<;qLnEXz6bCpIa>{oxbkQ}6u~2}oBeH@Ah{gRcBVdB(hzqa@L+OQ)$Jc`}jU-_x zuj9<&pca!6IP7JGU&RrMdUznkEqw%AVcDm0pM&Putrd9r51aZxZi)yU0Uw9Sqr~AY zo}&xn2fbC@a8PP(?icte~q#fF|<`9Bw^;mz^E+}pd3$0LTr5dYc~xX&YTW22}%KNb^rQ0>-kL=2egPDE5y2trfHPrc^HYMTkX2lS=fYma7+x#GA`gt^mX*T#*%9B(C9mM36B0kb z*b{be(xy$TGB6c`DC{${L!4i2O4}wbsLVZ3Wfw$^OL0sbBgW)q4n<5hnd)-nt((M2 zN@MD}Oy1&6mKX|}n=ySD{Zz09{R9Hyp3Mlf%F#vF9IB%X#nDi>qS;^ z^x^=7XpUkqCUQdU3N|+IQDBpV&G7-36aM)ij|G>2w!ZsPUyl`o5ZU+hABI)qm#qop7`4(0pHJ^;jlmG9lh!) z+pJ3u@nv$L>{u0F8Y2*@`@;Mc1>*1#;^)W?4n2fCacLpEQGGHsHx_P`IBXUZ#)LEw zqp3PVIurcZ6;xy#=7DtDQ4OZQ0dS*4s6+zmU4R1N7yGLB4l73!Io_JRW-Apc?16U) zO9XR3kFK9kE@lbs-aYalfC(eig&gY^uz!uJZd!|4WurrNo4L1bVrrMlG|TSdp15FqNm4ZP>s!TFFUt)%DK@TGtZ@Q z6NxQbCc6R%5R0)Z8F<{tU?on3*DogkAs5d`jDO}^zb|BC4IFj%lqsAuA+e*}Q0(S% zy_Q4cS%)=Q*gm{jHf|pkqxhJz{Eza3G9LS=*V9KvnDMUAL}){mXq?Sa45vugli5c# z>$O;pd_mSOzgd)DeSAU6*|x)swE61}optAZ=tncyZ)@(5mQs!u)LPj6&LfypFz7t$ z;)Bj3cn$K<^w)m+RoTd8N|Z2yhKoLummR|Jehz(3CbyF4E;4XE#q$13b8(mljN-h!Z!X? z$mL?+$hVfInIJ29VWo9GHpxdZ2@sp1Bwg;>h;3x8c6ke-A1h>_j)g^Pd_DyZ#FauUdE82mnDEcr{2%6+rh#~f3|=9 z=OFmk{(fu6%vWUQwt-ZD1L*t21&{(LTm&2(ie&*^B(5_#rOGm$dI2lIZcHedu&xHG zMPs@C->J98*vxXP2Up)+Uj4&3&bNTFZZVrp(MH9Xr2Kmax7xbNDN1 ztx|@pF*)FepR#$Ez%oVx`kr8s8Xwm6UDar=@zZu$%B=y1Q~j>Hrz|V^0l<_~e>i-x z%XKc7{aXUPZ=erD*O+<>7cJyyEr7D?O$W1Jc3MBHckmto7sg1cPkkSYD=jG^7!UO9 zP%6gp@Okk~#%^Zbi`>73$EQy|s!-gmp$XBQK_BcJQ#ekdGIG;|MQgn z<@k$pZi>EYO}#)iK3Bv;*TUgXZuHi0=&tIp3ep&^5!G-e&Io9~B`);a!pb#9;`pGc z`SKd1eiAX&eriG++n5}b%ZgZQwi3Yjs)$X2^9aS{G9%U9Q%G^1&SuDw0V5oVp@X9g zKfIHppk3>2!nu_yIAa^tXo$4;gAx(jS0qGjPDAZ;fyU)^8(^V0&6?ZGf=x$A*iCWK zv}+O09LFq?EWf))mHyDOgW*E4cxmilvfY(V6*|;`t-?>&&dV?fP%Nk>W*|(0F^cz_ zEF;~sOXnvmT!p%imAC+~K}4bLqOr#`yn01tq)Uc5-4FJ5qp zR4&-&ogTe!G4eeMKH=zF7+}uxJ_%{;lM#eI0U4E1Uq4xnmRNgKZG#o2Bf<$#WyuT|WXCMS_U4UEu$2(#GxbMwH5s+D8i4=L|^bN1}*}1B|%DFK{x^3%(ArO{EH% z+ay9UMINF?rf`h&UtXE&iDva#QANHojc->rvo{Uhf>OOl*Xp-LnxPTL?8&&wi=-+X zM)gdKOIIIFn0C)wx_Oci$(=KGxJzQ>mG7LIYTE6!(7b(KJZUweoKQt%7!s!_-kqld zNms{^%}}rkihJOVG*C|G+;}8P-Rx=av?uhuhSBf>_O-$CPJOuetvh8r6J@7{hoVcv zL-me-)?L!Ns48V=jpEO+gc}qfE_Eu+g2ZduF1gssDNC2CZb2@hQbv3%n?-)s z{OEIHn~BCdyxZ0Z ztyXuML8yuDbZv}i4ke|4)dxFE2U|9H^(xZpVJ&D#S3T{fc$JUq8VcQ-G2b@2C4(+? z!`b6cy?Qu1y3eW}eg*|`m5R7TN!&pHT26^iu6`{jidRMT8CAtaWpS-$)u8#z>f#dJ zYEETbr8Lf~jhl7vnH9$s-LsU(hSQ&B_oX;D9ZDm^Bo0i zS4riUCPTB!2;d@cywt19m?Hcrj;DN_d@=>G4jnI34t%=Dz7L!aw>SMyatt7#*h4Oi zIp|U(b7878A>?#O)Fq*^4Cc3}G)B3P0uuTjjGS<4C8MZ%4wzO5C>FMv&%RR^eOSl zlo8526z4vgkcF@Fu@MWvtt@m31PbRFd}Qx67(0kbY3Mirq&QiK9H&1>-&^gw(aA=P z$u}pkev&qIq*WO>i}*=^-jO6^>0~%2>07iAPRCrZy~iO9ht`g#tfzCT!xsHa087L4l#3rh1wz%Mru8e6S^1^9TiAL z$Q*%xzM!)g2jGR{@_&<%VIPFlC*(effC2S?fkyyxXGFyI(7TrPnfeGtV8F|T=>NX> zm+ARC;w3)HbX!cF^l;Z>AFH%v5?SfIU?;~D?g@aJT>yHX$Yjlsj{?Nv1qehtdYn|N zg#ii{oE@67>F}79P?w`nmMG0rSOWNYvK5+^e%p+N290diLhW^_G8gtbJrm5&WG`&n zuP9%HD4XS`CM0<}ZDsibtxqyj;NL`+G3c>}W!q=npp^0Td!vMYHp ziLznH&fdPYXs|r%pw+F^^IQpGN_awwcEml48a4pIr*1;yuE;Ca9pkXe8O29QtsOf1 z1ds@)CZnW_g(|>_2_7T$6?t4X!5I#8z!zgc<_KV>GwJ|7LevuOWV`{j=q20jaQ={4 zz?GiqY1(>Iwgo^YAL+8pq7`el2=loTjD7(Nwsg5#i*?W&9QIBIediDjddCBVhWebA z&pLWIM(A)d91IRmPY=CA7ak8L2%Q}EUO}%n@CF0q_Ii^^&pYWI9->3^3cBzFzM35O zCf?D>z(7rxzBzr@t^3MV4~zwbUJWnO47HpA8~_~7P>jVfn4c3k?T#VUYv+?YjXNHi zcikDp;WUA<*OiyAMvr3gl;h#>P>=G~gjc4q{v;f0Q1R zsvWuf%tvWWSL)~|!;3iL8bky*b9`~E6=BwhBjV+e&|f$)A#B1={?f72%A$;rN5KQ1 z8S8497neLmbfMi*w%U8PG?(*TEcF4^?r?%nX47gJR+l;D={(5cRE^1bUJI=O^3wl9 z##G!4X^mMG0#(kQjRRyCLu7+|kZhpbk?kjM=(Bp;J8iL1(~ zSjDAT6coYBRDy-qH4d*udJr|rJY82yDO{FRIOl6!Z7Nn~+*4&GQ)w2`z&1mnBQN#z ztZAlqu91*)DXtT51zG(M8S5UXgO~W2y@D>uZX<~@^$*XaxKZR@wx!f;DwS-%DdVqZ z{k6=$iv1Tifb15~U=t{A18SnJC`L*ImjQ_a>y?g4G|)kefQTcL4P?}`t_b?B*hFE@ zbwv33Dc7$4Q8psoZo-#LxEL=DwYWLuMD69mc7?btL;^KOBJaf%g{hMHndI&-MDnhX zy_NJWgzx@faP0KqNxwfpz2j8o%Szvap?3_2lYW2D@4N2MJ)FFn491h;a4;U84i8U` z;AC)mGCuOqcyj#e(1q?84Lo>s;z2mT?Xb(2%h+Db~p^+^J!D)&-F%?3%1i}|-07E#HcKuTn^4_FV z%)e73eZ7+<3ydUdw@;Bjag@!6knAnFOLHhf*g1-sJ$HI_%JCX5()FOEaf^bCoK+8` zUkgN>XedokY{X%p_Aa?6wdL1#=9A3+($?aPDWSs7j4a7D4SFiFSWES!iI4_#Oie5k zx{9QW(pvmLCt$b3h;n9YXCE?o`29tzVm2DehiSkmPT|yzp)kJZ+e5pekVL30de~l0 z^d)h5@=>=+s6Q*WW?D&&mnsa>`Dvay=usqVEw@ECEbHlP(G5F%a&g-Zuv;c@tK;Jm zYtPWwR<49>q<49}P2v=YiK9hA-_kMO5nUhpzRb%i zBpQ)<)x_x(MT_{P-}vAyGNPJ3#YhZ34yX28xlnIP zzNI|iCP_uzRjFaGbW&pLHb<5+N}L#heB=8Zj6P6r1iNp7$Fc@=BOLvNN#Im=-GB?6Fdcu zx^YuK8KO)`sF{8PK$9SVT-HxQCGrYNm39RwOckk;5tSofL6yTG)p&>|0kY;V&Fu;x zn816Kkqzt|dzc#8L)<}_YN2Pr!(x*Z(Tnkf|3Z%uj*+yY`Q$hiY4<*Xi4UjJCKcK6 zM2aXb#p5hC5u_A(n!Z%xvkCV3PQt}65!m{ZoXP*N;Jw5h)R8V;2z>g?OZ~^|_Q&?G zp8(~E-m>&zdS=BfZze4 z`*O06QHUO7EpgVfw1jCyY>zyMV|>N<-x2Z-hKpgZM++n0@Abf6!AlWqvpTq~)~bA# z>5E_gf9+xCzuLcoeb5y(msZ>doc9b1GZ8eNi3b>mGNSEj6LCif2w=DX!+-pPmXGl} zX#oL4F#Jz0xWQ~teU`+WBMkrXj{_+Xs|-<8vUA873Nt=GrK5ke&Cx&l-HrayhNFMf zVDyFbeHlbCnIkK=i_G^T4F33PtInM*d84Q7`5-WvOaMP_%KP#krPDR0fUisbUZh~g zAwTYNzHIZ*+GH~F?(eV%6g!jY83;J+^$z4NrZqVR|7^;dk`y;8n}WLkaT(4G1O+Jc zQi~tR4z%r~wh$IOl=bmMSRG zBXZM|v$i<0w3iO(K0wS20<9{|kaYbaGJv#HPPg{-M%h5PmXs>b_^Pz7pV5TYYeAI;Gz-9ifp@H;`8nm0DOAU2azRD|J zq zR>`zg%yw0q=R}}SQttjjI=iN zLOL2AYQ*^g20sdt?8%O_gu6HWredNwuRdDT{G9 z-3MpFmF4)zL7_`HzrDbd2}aKM$oB&nrul|Dt*p0wdd12QuOsk@L@1=x2i{E70Y|-8 z$6)X^=z3`04HMr7zo@o8tu^s1M#!3YeSzPV8OD?p(WTUPyqP0VXnC`1{(rec!ziLs z!yFKgOKZXa%>ymlY0QzO05IBHAa_Nhzg3z%qoV}VnJb)Dcy(FZR_V6k6ot%*Vie#c zXlFEZX}>3~YGvR6tINh7 zBpsr5ag4g6o};H2G6vn5$OmZ5OfrL%%NZwuI7;75Q;FLydM>45t@I=h9!;+pN-a$! zWkfNWr?#vr_h``q)`n2*wfv?pkrpHY4=P0DOG2w1;cUmm$p*B0OP+Q|c zT%zD>REj38mgVi&fF+jy&3^T@Rfnp;l}@{?TDz^i_dQJIJ%G0eVSrt^2l6GL z@1`ZZB-FukUs|I6J`g%n(G=f44nRl>&52-#+So;yxQT4$I!bZo=wMn$aR-2x(`W!l z2+n@I<-LHR2V)QDd`ukDcYl9#z(0fk1Kvj{6jAT??c>v42AvTfkP5O$v$g7&8<_>I z^n`-t#3(A#J-2W?oO3n{; z19n%Q|t|b-j93)-obEDJ?467 z9W@|@@o(jazaU*07+RLdXjUpb)homdBWTb7#*8jP*WN!>JfD`CzAB7FxFavqr)}e< z+Yr9F&uX+<&;OmHSut{mW56mco$rKioTWySx}wREI>${<7a4ZIX(CW%iG+plfzRu$~Dr2mF| z+iHEad#WCL8Q-6(6P*_RyE?i zj|YQZ@3`OpsyFBlPL93;y{GAN_DLv%@mIZ#+sb$Dck+Dx-2E$<<6tE1L9mb5B0{eN zJ}mAGjlf^Kzy8|drCM(uBOR|-s61431Yt?kX{mCKl3PJLqazRj&f369%Lu`*b1o_i zd9foi3y6}&+u|3_%t99&ABsP5aGOjf_>l{A1{exG@wdeCTqZLspWz$xp7>8^E+W$$N|D^3~PvqY}s5XDm+1^3>zuKVvvAuq;pcy%7 zQ}|N?eGyPx#2n+j?X-SG61phQcpDsZ3dYEVoL^EBAnkyT5e6IEvY6#}hNl`lFd?U8b@?qe1g&3h6JRXQS86sm;Pu>5Qp@ zlJO2oam~D48NoaWWuVD+SD}=uze`uI@^G3c%R||4OQrE3azJD@0~sMM@fmi~idO1- zAc6q~W0|psk1%b-4FsSPmQeJ=vga!6jJ3u>O0~hMMF`EAqAceHX{_cdqm)vrZ&1%v zW8{Bf;ICEHP+3-A`1x}gG#RPSE(vr^Df=$1#*6Vf)rOg$KLZk1L#e7*UBjKl3eoBj zmL;>6pu9%THk2b*J=Uc_egPp4Jrpu902Y<~`fDq%`_(#Mt?PxJCx2eOx%>Fd<<-T< z+c!5qT#AUI%X*Ubd3o7luX&@l|9kuK?BdKz=(d&&@?$H>PnW>!rZmH;il0}PpP zLikjIb6Wn>3PYIIN;~xz4^7^rt&d*Y!|EgGp}67D8i*(ZP7__Oq1sMmr#J&~*<=XA zQpje;G(u(Aa7^}});B_;m`lGZNua{1g5n_Z7sgxsZ$_~By8E{jO(AZ5Edq0ja38sY zmp1xH?|VC~6^X&*s54|RCJ8?+RS<*f;jPXF0@+N9VyjR`7R)tdvn-XU4_8WjPsyaq zS6@3HLA;u3N*A?FKr}@mPeC>ks|^Lnl9b&>;}stSBvjT@%LZ1KlAvbD4?1+#6=Jy9 zq^m|o9%eg0Z3pG0sIoPFtD5N80+&2Yokfv8=W+?K5T!vKyrsZUsPYT=DIpBygs38v z2*%7I6Dg}Hom9Dop;Hb(nG`tVg~UW3GSvK)3X*&dWY6Uw6@r=A45X+P&A(QVza0t!g&{vc9NP2r~JlNlb+}vri{D6`NXDlv;h%^Fg?DteP)+ zCUSu{*PofXNp3na!e;)qGnPl@sb(y1I{t;tQr0te%j_)&e6u0W z@5*@xhU}IM9O2|AZ$d;UhlqGu2dW}EV=5!rXw$mYhN|JFUR$efkGBS1b+y^(R}TLM zf*}hF6xg+3DmB2v4K4C&eU+v0(oZ7KS-Ob8($_gejr?g0oCVgUFCKMZp}! z=Ol>uhSC1|b-&X;a(ZphIk$$T!#5dqRPB6+nLf2pmY+rmy%)cm++b#O~l!q)Nz)RY(|k zSs1WhXK>Q#i6N`H24HZSs#+!x`=DKV`zBT9ygPIzjHJg1NbrEfV1}nN6gL^QOF34; z4l?zQsJV<3B|B-!wqo-&mn&Aq8)XY^0WjNye9{l2QvE?=u)hGch>sM0)rtn`aw;hu3vxc^4}V$ z>B@+|XMmau2iRGX^zD{JO%kEHZbSuP!_8-4lOcF9lMNDI{i&8H!>T&g7v8TX9T zA6|X=DBfjA^tU#4+C7D*vHhQ5M{Ak?EwTUW9S;r%dHcV9|8Qsj_Z(04u|ZC_-Xn5e zVOA2@>fKVF9aAr2ora0aCjzMB$RbYaIPA<#q1VEWIj2^y7NpflRYT65&h)KZG5>6} z{=D-1-zm}e330KiM5g~y{g8|YHQeX z$ta|Wmu=NW@d~xv%q(^6l$Ll>dRytXwWQa~jWl|~FI@-7*Z^1NMl0i+MUtaZ!)y}I z;A}gvZ-R5;ZH#l`)!}R}PnSd}za}3bb7!eh=juI>P(us#3adW#wjsG8HmMBQC3o@LqJOB)9X<=9wk=>Bxcoc>^SWeT`RdavVx{pL%v6g#t`q(qVZ@2 z@G-!l_ZGV-r0DOmCdWa2aD4ft27yu#jT)C3VT2m!dqT~?>O?V|o+{cbsab4MsC3Xz zOX>@Ym3CJ(+TPD%A@hSe5oELFs0dI^J8$o3-z>C6LSa92#tX6Vmx+lMWWgBB{$KnC>J%g`!;VyuBtl{5uZ#KXAdw&HzX0UVY5;%Q$-xe%Q&$tRN7K35(WL` z9xV>QUu2+`(d*L2b(C3Mv-?+Y=DH|i;2tfg@w=0OegTQ4mPa^L0!UTlVWT#}6M%jK zFIAJ;T;~_yqi|oUlzD$Xe-@}^#KgiUP9+LXxwTAApY>axjQ$)?)APS!rke4}9ITE? zD<&dFSGBR^{6FmV`nmJ}@Z{uVcm98lr(VFR78x4v;3}J(shGQ2SQ(DV`CK6_7~vnZO=D&S zVA7rUmE*BQprs?tj!Yz@#*)32LdTI^Ze`M3)m!~3-zstVqLB>z!Xe%YfFfFv<2bE7 z@SRQt2>Fm$`DLVW03%{hve{C!y|WsoW+P&O-eg$#9vY)TDMYklLc{^RqNGVj_}e zOEgG4g`tY_Wde{m*`%?G-1K4%)e4arF%pWXy!suJxgEbOw@Mk2BcSqCKGRARlfIoL z=&DdN8xo(b;t|6-O;@oBWu9Yh>S7&hwS~6LebS{{Yl$Wa`WcpR11vUM%9$*srR(|h zz;##wPpWu5eDL3JvVzen0R%~3qIs!S0xf6J^$d985K9M!sV$s#WS{WEhfUT4k9 z>F{5<&L|i!^5*;)(HH-+dXSnZ{_{mbk@~jU1X>Bs^!#WgDKyZ;~d2fdyC_gS7l%l`k3q|2Qc@W&DZ zh>w*1MDL6>gwX<^C>L&l4AfCv$s@9fY;u)G+L8w3wx-6cW)Iv7|L1?%UcR|Q;1d3S za(r~0L|eW79OAg%;?PCl{*;1#r$1-`z?iSX zfuBtnioeAnrZeP?K(Cb0y-jE7GFa`VLXLAbqbM+La@mYwbv|+pA*Zu; zT1uM$Wa)Da8a)M;m){z6x*b}rq1V%V8LRjD@@%b1%qIv;+bPK%*w}Kk9(E4@9M*+Y zat5PfHn$>q6>2x3o-`$KN>K@?3iII>VHlS4~zPr;ZFba9M4Yw(;x)jQ|o`8{4QXp0orMRwzv>>8las9 zXr}=x)c}dU>=Z!Hs{qOmx>T2F5Ap5kOIFs{2*jKqVZyNNwVlvBEwpvDj@`COP^tum z#-8%3TG<5blt#~~G|KPAPpULp*4Q)lbL&c@>IQa7qn*;|PpdTAivA~*v2ElYQ}h5? z=Ks;_7wmrq{hj{jS)OOq|E$7lBthkD=C`asQjOqnS}+{FvfKY6oL+aPreB1*2LR!d zq4rU!Z{cv?W)uoFV^B<~l{R~9X+>5Y4LM_XizxM=Re_GwuQ&P!5`P#s+ntBRpZeL# z{vXk(E&$N7{r~v*Bo18|6~J{(9s4jnvrJ%*r*&Zn`X0#{oUHnbkrDNuGG zqq`f=Ivl{Uz95c$_oRXW>%pId;{upMODZQ6+Cu?qpyRNgRJ4KjZ4% zfxVAOr3{Fpa1#CrZNH2y9U7S{d#DZ;y! z1Ijyi`B(#RUW0ridr>;)->#gb|HR?U+P8{&{e*3|V~+XEXPg0q(VW!WfY?U>4~&Z- z;=?^)E~1kAJLoGB34#FRBcM(0>&}gDOHnv=2$*#~pZU`oj{x(h{DvPm5&`B%z=5Lg zpPx^TWgx%Yqo+<#mcH=FcMpOO`=V_-Gle{)X8;?XS_rZu97u$pf9wpT_$~M|79=v# zn0Qc~(r>E7M(}Tnv@CwLREtP~i%Us1bOp6+r8N~CLQWz6Por>MH_!$$Oy;VY zbG82_>t)7hzUc40<=JN}XWsoXn30evN@{jIpbU!$_ywqV6I5(>-O%^hWT;)~&a*K+ z{0An)7u*otJ#QS{)S>UjP961OtQmkqaI>a+ja|&ry*PT;09EGx)dyt796ZM@cGq50 zeVbH*%M~Z7z-Uo{k$H@FU?ai^tN#fxT8(&v2y{ z-usu4^qnT(G6ymKq`qxKERjZHqyyRG`mi*j&+()gxhvMc$lt2ZoHO<_ghgTRu<2W! z!ct^Oh%U)oF-ks7(Y%=!URt`#1q{;cHh%o8n_j>yqBC_~*a2{IIJMZUj)L>`!+CXN zJIJJmx!+|OY>O-_&t5z4s-H&Z?OcqfE2-qE0dvdH0EAmc6tZkXO~+@ZbQ zl*pU5H)xyWa33^Kl$7%hVw^s@jjq#!{dPfO6z)gT@^n${N1n&=3fDvzTma*TUdY+k zK$)Z{D%g|l5cJOOOn2xUdm ze=r0R8LOV^2MuJj4v3&=TQ9zm-voPj_%wEJ&3~y{6-Tgo-KnE&@$RSd=7Y`Oe&B$S ztJRKrlh_53wBmZ%Yh-(2Y z=?Qg$XG_j9Ij_GVt+dra0LZ^xCOXcg`-r?$tm&}JPtOx%p{Ci=@xXeE45t@76-2eP z2wbxnm|E8Hm8gru!YVQ~Hrrfk+Ea`_1yKnoAosar5qJPA=fKGVnqv)5wOc?qSAbYW@6L~}$8m8Qz-PjhOG_^NowlDO*C#0&hl+c0~S4VdHTm_FI2KiK889BK!!t@l0pS*B2!TYpR4UavnSG z{FlXV+b{9L~W(I z7+-dLnzYy<+_O4{OZ^bS(;SXA-=cV`+~mOOy)lM<#foWc6Rk$mby`XLvSU3Btx9e6 zfG#`7tFAQ8V!xR`$kg<_5@!tmxM@)QpmT=%(+QeykWj*!PW%9R_$EJrgz*V4Z$ZN2 zjdP!d4O3J^jO%aau0v7;fXqdp{c>8#X^ZcAVLjrq>$JnqN@s_5-cEt4OX-&u^5jHd zz|9RB{3d#++WXnqA)xsI*l~GPRdV)KX%wdcL0^t3-J7p~Sm_#Ut8Co?@HtWxITG-- z^jrdkKB8>+s0!|5Ohh-n6W1fZH(UJz^9kZ!`Fpg6cW4Q4I0rNvT{-DHc9&g^ZRPzW z$pA5pl}Rr?L2xYIP4>|l%7jp~$dn4rQYyF!3p=Gh{j$>gC!D+lTED6txb#ht<9Q}@ z$n0IkgBfcYRb@EI;J^ym&3BM?Syo)e)qNH%X~^3oE8I}j4BZIR};Y_ z@-cW{3G^ab&;>zMXfR|QcYVWz*dKD*Hd<5CUZ(?U35zRc&LirRVk0C98_H@i&8tmC~*40W~4MI2m)! zGJjjc-`lDMSy$cD7!L^(S04oF315z}^OvS1iWHCnz{0+sgD9$RM(rk47mGu$wYh85 zeNRl-6ejrrz>T6I@aHJjlW#@KRlNsB5`MyTyAE(vmSTF=$dBt#r_**7Rd!Wex;FZh zpHv)=EiEw}^d*x310kdU9My_ug@SZVd5xbsZb|W-U#oIP99i?8s4fc?dIE}phN%hG zHVj}DH-|OpK@_OXj$dk$bPr)5b5`T65C|WgCqyNNgy%qJEP*B!89h6g>i;Ve44rAMvsoGO&dzMhEq5Lx0`=cX^{yi`VRG;|G70c@SRo?3V)prR->jBaW%cV|ygAjWHJMA9-w5D|REKpU?*=d^8iP{>z8v~sjn{=c-J(FIV9hF+2Vl6qt`0V(;)>t2)g1s7+isAWcI&bmH5YXJQ zX~2!k3T-wX3sM2Jn>S{^Rdg@M+d)3#G*AkoW0SRsGh7W73471cw!fW=1r10qtivMEJ*qrO)~p*Pu<; z4%RI}$~U@psK|t;ghEgI98C83_5bQw#3iUiodiVssi<#+^?sNp{?3iY*Is4rm>IU+?T~3Z%ZEtUJU1YM8%OUL|c$J%DIBaKc>ggN!wW2$ka&{xWZib~8Hx{Ei zzwkFVpmhtqZC}}M0opps)2Xp(%Jr3UX|s=9u(b;`<(;wZ<};~U&-eZ2;O+jnC!|`{ zEP&VlSo@VIAuaXCPdYLF;DZ7Ba3*VDMl$ihQq!iFVeDRMGtz|WHLc_ibqPcjKCZd7 zUM!@E{c=o4J3Alj-?c_;vCPusbJO;f2)F;v?wO&0IQaXCvCLL0_XSbtVa`X zIRlCg7#UMyJ#r1>W9F%&%|AV@)9e1&GgJzDKYIpkgq$6r^3wINJtd?Q5mL^55>x2i*hU_kOz?7yb?` z!Uo%2UT>e(CQoP7oR_bIA^yuFrk{rSr0%p<4KfVzx-6|*7-n-AUTcZR{M38zforb~ zW*6oGwn$tg(<C4PgmIcfk?2W^!kO;|@fmo;PU5C) zNH={o1Dy#pJKUG#OuounnWgvmFX34sqM9(Yd@pBS7M6ex(YK1i@fV3{2G?>*#5MO0 z4WMH>!Qw=o!hm=GA5+f0IMoC7k6E@yn-f)+bOI(r`;zfnFKk_}^(v-}*B!+!OTx>+ zb>B7-J>QCf8YRGihmb0Ydzt-&OV~9%+dj-$TL->KdC+sLXGEM_U;=Ci;!C(ogXENy zl!*G#(QA)G(LpjZBwRV^TuS2)FGXidHZrP-abe_fc75niQzJ1_%fl{-@g(TR;?GcB zeI`7tZ;XI7oFfWT8Qsdx1n$<3a0(hhO;yV!wszO0^NEi2jJ?A2#UJ0jbN@l#Ky~)p zK1X<~=v7qZ@vtvyCMu?#O>>xBOGQ+t*{o=^L1TXi^WY>-IuzewW$8)t{8LIJv%p@U zF*4QFjG&j@)ObpQ&sGu(y61=7lZuoJqnQiAX zrNMrs8u6rRlws?8Fw&Cf9kaf{s|#9cxOGVP1K4Ok(qK$A)o|r+GjiN5WAPCD4u3Z5 zXp3npcUBbpYZA@@A!VLGJsh5rl9fS?Z|aG4zLh>{wNrnL70;3z;XkHK_)mFa?f*%8 zS%s@ORR7d0*gk>86fMwqlVFK6d~@>0+{*BNpLc)PW^z-=rjsTYCYzZKU&?F6->jHP znPZq&jZ3%9)BCJ6y45DWuV@M-And3tAF3G-+th@k2 z+jL1li7$)V0}Ds!3<`=q-R1NuA?7diC)`>_yq?`Pi@Gg}9@##))K7nTFqZ`GX4@^g zq)L2=bqGG2*%S(UaAh<%gyd6Xp12-pxoSRydo2^;lsM~e+=vscu3M8DEm=?7CtaFS zP3zXInWZ-*dLjjgL-Oo?X(Hpdp!?UCXO`ek=FhV`!S*2rXX8qB&{-{$z@bMetefm_ zdXA2W+SLg=Qi8@8c1$n9WZsH~)9BtP%x45qOUfG|Rw=NLWYN64A{_OYE-;pt`Z5N_ z@+SfE<>)Ztl2B`sCIKr~xMmC2<#T2&eO-$6^L9P*km9{{SQwQue&2pn6uuYdO~$q1 z%8X1++I#XK@zfr;mliXB$wB!qA>Ia+nua7Qou>Po5#~>ffYs}zzE#bs8)jEC`J^tMFIaByJC%av{Df`E#i@VfwOZ^G(pODhfquP+_s_iDQ*UCpE7SKqhO$7UGW~~d z@w*78S}k5aHrUYJz+byL2}*XgIWH>{Tcfj+>ga-{Pz?@uNSGE+jS>)X5A| z{%2GVo!P7aQ3)907&>tlNE&hUyC2>K#Md|BLS=We`O z+TWMy9dlt9*f+^upZGoy;%8mspUAe8+0e0Rn%g(!;nlhAM{eG|d2;W9BA#5|0coHE z?Oeh=`7R>RbjY`-ui=+d-Tg1>hR@r($juijp>${456apCW7+`)_sx<5KrZZrm(O1y zkbsnfm$>3}Q~XpuUlj|)%I{U(fYu~^X(ft#zuSK^sM2UAilshS8bXD`HP!J%dG3>* zI`ndU@f9Yn&`q6L$A$!xJ_cdr@hR|xkt;6w*^Aif6c>|!j1eIt$Vz(lCJE6-90W$y z)%1`{)cYMX_R;#Iw1>+Y4k9DLt_7_2GIF^d0ZL}q1qzJ-=5^4Q!=ORm=iXQ2qV)^w zFkJ;K9Dr=I;ddFAjLdX&~1rt5%p3{{I1gZk8r< zj-W)TfxTTNs3ftN`ZLG;duW+{BI?(evYy@L32)C%&n)H>~SXFR(xh56st(EmnD_UR5CvJE!E1{M6*1S-8>amA<7d&Dx> z>qqqF@L$Klx(e`T^tY?ME#ocFSvjEL4&XRh6@;hz^1bHE8c-4lraJH!8-@4q*@#(TN{=a*ge_fYIpdwgb-!e!(A6`Ypig4@UT$Tkq}KJ|wMi*@aVcn$)Sj6#+s_)7LmWFIC9 z%Jj6X#Es-2hHtQgJ}eBa<3L-x^HeapnTfKm((GGokM>y+PI5& zc9t0g%b@(X`r|y@=(M~e_E`|Z?(22m?g~mrN(Q z{;g(tGwrsz4>WXRhXvjH_5YnE%>&svvL9dkCjl+J0LEnfhH$~!Dg3amo3y;?fd@3a zS0B&Yqnmsnk>)#KI<$4nGxZMGX&@IoYP>)#nqJ{X z-VK zD1WY3dCikFY9g2e|5jJBIVVYln0010|4`QZMV>E+>PpbCV?{3#xD_5&BNPMPKrJj) z<8VoSR2zT?XtzJAzicxg$yNG4zqk7vA$pcsn<+L@Bu(4ATVf(D$AcEg7}1H#6`=ae zUqE3WV((>1eV1P#qEd{0dbY*MFI&SJ9>I9S)dvrg4QvNqiTB?uw6Tf%P##e-x&(YW z1V#Scvm%(}9Y2SMoCPjZ6ibpcejdoR2MI~VOdAJ>5(uE$Zx>n;ZKS?Hq?)uR<{2i9 z{q?l0nKhgGVw&C4+ssk^jlVh)30SEc{v<)09^h0Y_pcD>7tHmIIIP>t<7bb`6)q`P0^xk< zT%ekFLj!z9OEmqcx8~|k*~v{d{}0QY4-sl`6OQB=-WwH2i~#c|5Dksj+w{)AV&FO` zZ?FEVeUa_?cotRCo+%k$_#kPhLfsW;(jGq%lsqwd*+UHJEH*9qN=P-vU0oWZ~l94VcQEo zi4tAhCPbscIdS}@7nZf?p@U9k^r6N(OfL*H|Eucp3o|b2{{Y<>)$M_%Z+^A*ZtNU6 zd`ua&{ar1SKyU8vI!qpA2~jd?zd|oX44b#X$6ED&984u{ZK$apyh4yp3L3(YWInPa zB8qIFuy=AHM0pkV65Vq9LA@eP{_7OB3AFZEMEDea$T#eAUPN~*Wdz|DsY9PW_dm^= zA#3FGyfZPvb#sC+z??&jm9IF=`(*Q+PkyBYO_{ChvvJi=Nuu77{*wBXVmmh_NmGLSY)F4_(8pDj}h5EQ@=V-YS1G4Y%^l=|3`a7uA{W z>u;EPiH+=kiqqk#cNJjVxetZbbOs2;d#+pY28$1$Y{_;{E;_^s{zhSa{7U1C1Q$fL z{&Lc%sqGcdJkEHxI$%GJJ@oPk@m?JNr&ZKtjv>S&N4uER)4q+W&r6Jq5>~?ryM#n` zu6s_=k&g&XHxSFWfPy(xGO3>sueos05{{!#I4TVek9QB`xV<}c9D4MvdHVBZ`|5uh zq1H1t3hS(nl{J(-PkoNV7GX;!r#7;>-ipt+pMurq?ecV!HC`1J*Xm&J--d~nZ&Tfl zaKXY*B|$*dTpac95#S(_tKZex^|zMw>*?z1){xFSYG8jhmz_=Da;NZ+G9{v+ zc6e7@W(R7s6#QMp0lQg(;WKYC>5 zqKz#G5i8bkm*7V_>pF&Qozb0(xbtg^$l!@(jOo5kC11rO8a@TCu@B^a?b=1OW#z+A zZ-T%c;gIRs+0Ri7hM?pic`yoVga6bEGJI4YF=8y_yk=auqd>nO^CT$o?Tw2GYGfrX zD;j;#HI-Iefi^AOFk3L`R(rIfcxG_WUtsJng%{QLeO~tUObQ?XA{_!n%?bZl%jyi( zlWwm;b0~l>stmJ&_E_%NJeWLddK_NYO0zA)E(uXj%tQ$qTQ?{u zF5g}UkYY`uRya!)+=e>*MYyb60CM@U6}3ygyG+Vn0$(d7Tz=MnB1sI%oR;% zvZVfVz>PH=f|DyFVl<7=BTn2^R@h_td^JHT9Jgy;Je}=_PjLLqXcwi`SU#Yl`d|p_ z3c3kubW&G3R%0t<`80p{mVT7Sf*!fh+Tpi2x0;C%J&_n+UMAx=6|%t0u=%U#L({+P z69fL5K-lIl$n>Oq^BlMC{1f2FIk65RxjYBu9k}NhsfmYddnddH=5aj(1>b7&!FBpUJ|iO^ zgdh>Y^NY)`QfKT2;NXsAii_z9+_`4Ay39*xci7C=j?3f02$bVTgJ(~3@Mg|U#`)9y z30>vkNPB+zQIehS|M3JfV6gRR$;(T8x%9QPK49-#SDy8!pOJ^+YtY#cY%kXlsxS<= zI9u>DXtOVv81sr#cLT#K9OigAoX1TF70m~I87l5@taK|nbtm!DmMT!RI=J^Z3C+~P zwDA1u$+O)2TfB@J^u!ggR2r7L-|M4`$NyV(Q1iMk_e*cLRtINYa+ATWWB| z=O&l>DqHF7!n2j~pOEg2k4uY^{gyq;BlEeXPc&!??SI>SN8@`ttEA9g{ks&V9=gFm z3SbUys9|gSW`x!%2PlM)n86;)Arp6Cn)xzR>1V9X!3X=9Y8CCvlst*Eq>o60alS^k zA}_)<+=_nf?Wsy>pESkpW$VmBu%`iGD^zU(`)cbhEPmOYi(sCq{XT=+37;>C$m4YR z6WkpC2~&EzAM6bwOSIt%|EU(%y1P%)vF_0N zAZgYN%Br3V(8QcPbhy8p8$M7E87?{7c7x(sI%Au~ENQ;}W=-pQQ0Rhls04Yx#v)7CR3Hq)oTVrE{?7ns4cd7 zHWz9B7erWbmNqAcFMn)hC0W!&T%%Rg0$1b6x?Y+hI5FImh%~BFWK|W_Q{OOr5$7z> z9{6ea#&3rY+9}^=IR?FbaTmTy*267VhU23&$i--*;9eoO{7R)#!&n31I1v5oOJs*q zNtx!PP)VlncF{q{lW&Z=`c?A-ftB_xDz|dia-fd%cRkYh=Eci#vJcRC_n9{VPYdk| z@CB21F1P-G3Hz$Jc(wZ}fr@G=_TpH^o#x|Yzp}?#368 zD3nr&jPvvW^(SAiOg(&cNJ#StbLqq-IB5g-N!hr~JiRzT3`QZsi|5O#yLFw8G(U+e zZG|nl!B|WFtf`0!#8|@rp}7Ta7V_aywK+Zvx^ngDd>7HBBWMJ1v#4UxJ8?X22yk51 znhtj(on73PuBbEBRS_6C^lo{pSu82F{_!tVd1zcy6^Vj-C}k|;F=y?D7C4#Aly+F7 z_vRR$$*K$VuROVb-L_0$#on#Dng{dQVIGU%*TIF7{APP)<3Z-c15GCz zOK~CbxEWSle+EHt0sHWaSCapARkpFmWYpgau(y3xo+;MKgU$@r={mogWOTz^QncS@ z5i`~A%HV-f3f)d7<%4O9icG6EzSh$6o(Ij;H9bAdnckOW)(E3==+m+bnfH(>JQJXeKN1QWz3UD&Uxqp$1o9mRQbgR(ILh5qms|#&lqrT4rfV6g_6cw+t0^_Ywj$qwmAR7BT?#Cti6`#w!!PBKDFkuD+@F(3J_7 zRC}4yO8-$V@1-qNd7OnTDLqP8;lQDZ--dMH^!^Rwcm zcIUT7UsW=jt~%`2(NAxzjz92+dFc|5X@vsuHr?E1$@=P|+M+{*)zlo! zr>l9XfusHYOIZrpnrG2oL4wqTTVAhW&ZvnOHHgV8)C#^3s;5<0XmC6|lFI-tu-+Hy ztCAjUsWfIMj=e;k*q0-q1T9ajeqs8itbl4Y&*{Lpt5(m zugyP38L6JkT}2Rnphcxxzo=|7ax#-e7rsYU)H|^%W^3UwL^^*|=HffdRM=q{=KHW8 zIfgT0!oKc@L!WAqbyM`~`NeHg@y|D$=Ab%^!0!vhP}&zj92cx z*em4wO(vj7IinMej6E-?< zQLSB$ijgX^R#L%zU$?;e25Rw&`L4Rs05=2)>sd*M@rgvmt~lJ7xIGwj5`@>BR^j47 z`+#Ct`32*~$-@L_2ZGi=Gf4HVJ+kI)g7Zp7fyEdH;+5~&UP14|mW2T`^Oh)UD~mek`;u~;vwr_Zn%}~+j)jw* zmO9dO@EmgV{XQAX+mJ&cmv4#HgDPvEW_;-)*T4(_Wbre#d<_^dJ zn34iQ>Zl?5+?Jwq01@~^0*Rw|eW%z5Cb!WZ2Ena~80{Lu9%jPJ9?eHt%9THwph21bnx-53jz zxG{A8g5N(3YUiuy_S#8=Jp3oqpJO|IPq&lKkG}B5=lCB|(h^=!+?ffeIRww|7F>0j z$q5GPAE!E$8n(@79>%j!Qk5O(AFe>$+Q>leX2VParR`}|uD`66Y@x8h%LE%HO1xq6 zwPxjIG?ciS(jpSyEU;#68!E$+dls=Kf;!z_u)dl>PUWJR`#nu07Za1SSn=fwlX*j{3E%5Oiv@fHe|4B^ZfJ$2OCK_9Z@E za}v3!({`KS^uGPJ&JSFT;5dH*qj2}G6zSPns>~cH-Nx=whL1I z2Fhso`&qU)^$KY9+1x?~ITTSkHFY7J($jj`{tcz>Z5g$&(}Y#r&L!I^yv(u=)%GPF z;Kznof5NYC#Djx4jekw%+lP7q&p=aJ&<}z<5aK8y&Iwh+((NV79rVKB&kcwdoq3J7 zf+0Mmdy9EJI+OPgvTvS(>s;u|sBIsCP&slvH%9w5d`lW>kZ)7*FwZ|o)bF;Lw2>Kf zs=fVap7oR)BLeLzNG*xSbpP0HtB2E(xZ3qx#`Z95jg5>pi0!u0Y$oB?n9xpAceZpu z2erQ(@A#4wi5iBQC@xWfbt)w^=Ev$2OVXu_yIwuRb>aSc@JnWAp}4iZR{9Dd@8=LsOFk>MQT!T9V<| zde>+gI`VZ)#-4l25QTZpb}Q#6tu^uAZSbvaFSl|c_QI=cByT*=m_Pb$j+oy1h!WzX z>b~bXe6m0>hh*=uRUpvoIR`yHqHk9S1=kw+aEvV3xw~Wbl2j-Afxt!79J)0AdFZDC zK{XbQSqC8gkHe`?4~Bz0C&DW;G3SWfnXTh4B1$4r(ku2CtP7_=A(+mIr1wz! zGPImQffK}|SD5XgJEvZ;X_a4GN9!u|4P9w5P}M#>X$yn0vU*F1J`sMvpD>p*F?IIF z8@ILtqz8H3a~Z}tUW{>1IVd&V2HTa+~oA-&5g# zeAB!XhlRuzK?KBHahVbL@?u?w!5r?Yz_f_@)%Xuf2Fyvw8lu?79Q)je@>Thd^qA;X zxt2+|Uk%droJJ4*unQ5r^BH~4PVQ-v;+vy%qu__rE{HkiWixUl;=+l)s@~bq95e`L zz82rp!`<`oFp_B&c80+485-EF1b#uv5F$N8KQA9|mz$SYKPR8|A(|K|Vy$)~aN;D` z*_({bUSTG}{jj1e77`^9y$!vbT&$_P&H#nRvhbO3^yLVXc+7WqXc#+XH^#zssNIP{ zvdL-$33uz~(DYZNF^Fp^i(Km)iWgm`RdaCe9~xq(%oTX>Sb&>}Az;#>)Qv#b7&xlZwoKZ*#&_nuF4Mp&&YS02-R_gxvn zc^_`N;cY;4ISB!|3i6VsA~g-$xl{vP%eH?RCCoc+i{pQnxeamb_GbNdE|EJE>1@V9 zP0pTHy+=Q^w?ReoTSK5V#h0ahfIMT=a{Sv(M$YuQzk*&6U%fE(e8b31y)$))&#l5n zRY@M-2b&c-Zns}WsNiP9`URtXrUlGW!a7rQUH8-@*7X>R{Zr&h)~2o|F(|68^3js& z^9qT7^&Oa_==0wMEGQ$S_FX?$vX3l}a(Px?6YI<@GcD!x*kYBjc@bIw`fep&udL2e zJ(qNeE>Y_^;kocU11=*ryYw?2W0JCRFb@aTu~6>TRIlu(Gil81^TeOM-z>Xp{dxD_ z93&o#I(^+|mGIcc`=O7L>}sfjv{$ZfCybR+ma6Ls?~^fIGm?De{$h$J#Vk9^Wt0s^+t@^8CAm zSw#G>WX@sO4eNe)0ZJ!J)ebA%C_mU7`U`~m0{^8>x5fW_sM&$|QsTA*1ZYT{JfpwsHTAa?zYC0Jzbn4Vv9#NS(ER-i#<2+6f&T zb~s%;dRL!kzHjr}8>(pcfw;c5cLV{d*0*l}>$K3HhT6_Oqun-q!J0!asth-&>ORXy>ff_e>5-~)hY$th zJdydS13)ga%j8%g?0A~!di2lEj3*%1FD{R3U`j*WpE^{^YhHB3iXtf#jNJlb8T~MC z(|yx7;yAcg>$l_i-_GHbjK+vJa8CN1?yJfX{1rUH65vkt`5X}0zPmo>e9eCQ32dHP z1>)VgP~8@5o4= zllW@00YK|lE}LiFnE>En)L0uCC_T>ikZU(KbfpKy&)iAH$MgmU_&AKe`?f|P|KnpV z3)I;X_ZbTLS1gu!n#FT+uAs;U+YQ#f+#CE&dNR`~i?3Ma?KZ?`bQS4cB; z02C+U*VWeJb&6Yc0*d}xTnWzK0WE5evq)qzKVVfYV+bu=hTP;@Jbw&P66$bgaqpJH zBV{R+6-WV_y&R79(5L!NfsrWb!xTKYj#Eik2HlSF}O9 zy^JoDrQ_H8)L_TsQK3XJNCTIxrI1vmc}d&I0G};nm+SQ7JD}Iy`}ctmF1K9HVbx~` zx7Qj)YLHsh_SP(Do$k%*x^mH8Ef3(;O^8uUPm+FamoE;VewGLpqZQyEj-MYdpSZjC zltu!ON~eg1AWwk!?%zv%)Em}@DDbP?G-%Npw8y=R*|Ai=7+EG!W*VhL>qG>5&ptSn z&gpu+9kSDm9e%NSG*4dmntU@1&mFJ*ZsKlqT(aNXc_+)Gt! zbar+&W{hOWTRX#Ij^^zXm!+ANCZxCYOx)z2u9J9Rydq;uAcIpFdg~c2OIkWZ+BARh zZ_5&)hI4tn?!EKz5pkgDSnR4DS2wY|6g^ z#c)e(IwgQuV!TCcNTs1GSQ@V|n8aJnV$bLki2LD!rS?fJ4`n94?Y!^R#F}O~QQ$DN znDigy`%B>&7cv-@M3s>{Y`csRzM)Z)h!1D?poO&XGlnJ*(f$-J;9>kC63pSa4CJ~kJ=1#E8Qht#DGj^7VcT`Hg zvxJh4u?F9)RL2_OI^#fT@D~vcbbw!a=zo-!DX~FHV#4Ws$Ny(NDK7nrS3vD1w4@MAYF$Wq5yQqTz7T{P}p0g_i_pX=!7J(F3QxWr11QOjp&b4`1}m7kr}KVdP_R=yy4THi;PE8BTFuTcLIWA8h& zSZj(2W4>R}j+vaxc6n(*0u||JAQALo6mEok3)S+R6c7HuhmIny7kFC;9-<=rCTiV- zE6fgqxRC{3KUs;qjfW|5w#;_-=T2YEWkA; z*Nx|}VAjlMRuo!g>8g6I0>SAIbPk$_Kkc+UgvV$KCLP;joG@ISQDBh27RSWKv6nDw z9K7dict;k4WudNwfKh?kbb^n1sS4rA5AA)O*P73>T#`wzt0^&`!?(d@bnXQvjFv*| z@8_6(sa>t`F(WY(-;^HM4I$4Vw+DvH4C~Q4w-|MNE=qj zywjC+#jtKyAWg(0enNd$l$od@VEck6ZhaT$k?$wT!T2f`PmkxsTNSDnm7L$HexpiJ z%61RqMejG%bGbcc)%c%@&U$e4&7R>QNrdamaN;GvSq~t`2fvt&I{wRtvGs(f$yDn! z<>KKeb1$nnO6H~i4Sh_ja#rrOz?l_EwR{uK+jtcriegqCtGc5^ctA7^(LOQ!M=w=f zeDohQT%LzJZrhg;Jkg??G%CKB3W7Df+hQ#hfM-}*C9blxN7Ew_x;QrI4QdAq4|Tk8 z#3-AVjl-3k?HdBQZJ*HTn*{Cc0k=ZaibWZB>!Pz5c!dooB@L-hY=Bt*Y)I@b%ZYwW zS%bu2#UAN-!MemEmRhw7{~=NmY5t|>J1Ip=f{RxkY>0z$uy-ld%JMmsXa2LtjF=_I z>@XkVzEOzRuLCFg15cCOeKaM%w9ymY8v(%UJd(GFD9+V3J^aDpq0p;DPz7?TR#i^r zjSCOB3n{%|Fd+xcIdVJ;nso@|@BlI~A<;T+l7Ad(XH<^x31a7m@tNn04RWV+jWOU? zQfOi-=QX55TX5)BbBBO(v1r01$3_rHIXtyIFODP{Vp3hVw4Kn|DRi$ahd&K zuG`dRhXRCCkmJ9ce=z<*7bj!WBFlhJ?N7d!)np9qsMzutXsdLVGiboi3idSGBah@# zQgfyH$ByJcso`0N8Ux!yuSk?iwGk>eyAIzV1Gm@7!>Yl>7-B!y6S{CPUU3JCmj+cU z476AD#n9|%F-@yps?}Yzu|CdFNo8Uynt!#oK)B@!DL3}EYyk>rG(DPV;a^E9Bfd;PAQVpR+8y*t2&h}`T@`l#EQeFbmX}hPUSNd#fz*o%HJcPjL^k{pn7O- zOOp*aGj{^ebK^rg7+uMcji>rG11&JCbtbFj8pO&(Hj@VmEH;k)1=dpvMQk8%T1rDwp{3_NDaMj@ev2E9XHqhuHLV z8Rcjza5x*sFk2k?785au!o1!69st0-{=p9bS`s5cJgdSos4oH2!?T%K(V9h(y$u^p z%lc)-;Zu&V#M({W8s)t=c)dMl{^^M3Ld#Uer3^2|*rcb7tz;gN=HcS2v`<&8BwA9n z*2&20!UxqCC@+hOl=RHkT8u^HaBQmtKnPC!y^U|F32(MPy58O^@@>T(jvrFO(@Lx%&HO^A%OIrcJOXwT^oxUj$mQvQyNcNRD*Wc4#DnBcgGD$&@P?_3r6fSoR2A$%v^XGzP zvS7flXo5NlsV2;c46kcNjDHf!`Rd3#3JxtPHv(Z#fJwxod?GdqMrAvGayZ56?<6&JY%;e;g(!WHk3tGk}h$X@$jW2*mf5h;jDFXQWu-Hy0n|W z|GbEK_$C{m+zO7J)&|a0wfONQu3Z}^b&s|Q0T!U=DYUhSqTf1u(X1MaxMQWpxc8$g%p7*DHI6eBp8%!`AIX>e_}m>AIp`lbB@ zYgyIb=pBww(NXt!qmm5qy#I%>caF|0`qoB+H;o$GW@EdtZ6}RwCvDiqW@Fnnnxt{# z#X+%H^ zJzTg(g#jG~>bA4j$wvrr3Md{toyhK{1P19`4{e4{6!Z;!5G3N168eFJBovJ?lNHs> zuA$GRqWGT)U(!*Q>ok^Trm!Xf2wa|gv?#h@AO0_*j1~4xd%wNnQBCDR%CIbSsp}Yr ztW`=s@N#k|wKj}$vW;>t6qz@SGNq6WtuA`ZWIBKOx~P@v3Wq0WS+UD3S@9wDnMtcG zALI(8DvgN;{K2E0#qa&7~$WV5EC0 zFWM59sA>{;g`H)4ix_r*>e>>2omMgbP3m(T z?=#WY^cT=u%pXoX8er%w0BR!oTg{tcs>B;7Q1}j;W79){Wi4{#HGLt;@XX)-a?o== zbpcn#2T$s`UdEsTlk5+re$MkD`ovFF8qZVO2Ek)#S0v~fs`@VJ)BF`vO#@h^*% z{V+{;wE!LFTe|2{G%cBqDG7g!j7PGOF?M88LvhV|uDLeL^Ia6^m&-?uXZ~%d%C>J( zp4a%5D^+mB5)#BC?7D8pf!xq$Y{Adz|E*1`9jjYzNJa zOPsgTJ{8%B!EMN4i-dD(d?ER9FX|!{lN|Bi0zN7lJm+}sW#%sQv?jVgnZOabQpU5G_7kVIgP%GBoC5RnjQ1?XW46bM6t{LDm4ql_x}dq;KVLV1%Fu} z>sJ9$31T7!4Bh?2r8*C6G z#O92Js@PdyBU`^ht7=@Xc2niy4MT{Z>IcG#grO9DMd_EEUtf zrr7qCi6y(*&9IoH0HdR`+=U|YR+ZZ+vO1a5;g0F9N2~0su5U)j_B#eC`iOEwpBYDf zw!q$Nc6NGB?LleMmdYM!5~xxX+gNby4BlB(%Xdv$U}9RRow`6&NU%gn;btezmGAyo z$o06sVUtA9Ie~-3H3*u=v|p=C}>CC&MZ9DZ&3V!k>z&NHJa>x#b=3 z9&|NO+)0Lo?7FTrN+VvSCw_&#-|>p{F27XI$Bv2mM99Sy;bS$=X_LF#zQ>LB^6ZcI zCOH1SVQBQ`MLdKhM4OiA(|aRsBU(mElcG|F(@sZwZPy3)Y#@g&Vf^anGAA&HJx;Uc za9{)zTt=!B&#Vt-*Fod3c?a%n=TAG9$N!QT8=vMouKn0MaPTUonWXv%!EDnNU_Z>| zDe$cs4hqAAYhTp5gJeIq^viiZA2G8@HYd>)5mKv3cH&xaWSGw~NNlA1vkI&CQ0t>~ z?;l9JoP7p$uFe|jW1JCmdbLq4Y*~DZPkL1LdA+SHnh~ML^?~$sbBd17&BHb|JbZu` zbcEj?>ln?GEd_2n&A_6@7#c)G!aC1`lmId7uG#dci!Yo!z4`i{cORbNA<6V!Tl^R# zU6FojRE6U&%+Lrg?{Ju2>_t01P^eO^b8lE^0ovCjo}FaGh$yYLw!Q+~9o~XMBVj5m zZa}ys;bT1_rF!~&PC7nnwxlYL`*GlB`eriO@N3BLeAvrUA_>~^Rv0C7$heji(_ud2 zXm~b?IcbynT-iB7n*sU_%B2R(Vh?4=JZuJ}htNM28+FF=5PV4&(*pV+?b=iXspWBz zShK0Uzn^y?_f5I7{Ot@175Z#%T7vV~{HHXL$zN5k7Tf3+o~ zxD%Z&bU8yAF+3ZtJMLU)@Z2fbz~=VL#YRxQpaEv%VY?d0qLZb1dxpjvO6MutgifSk zYMo&yUJ$Oc`CkV0OR{|oCDc^;aJYRd zgdI%9GskeZ{IPr9pB{~yvcljgA#xF(B1jr0N%@eQf6RR}j(Go24|Jz0$)HJ;u10PO zsZFXV5jM`$kwjJH*NG6Klg*tJd#Iv&PO^;{|b3x z9O&u7;0s#ko`!v`+)ez{vBkTjUrf zmcxvwa%ivwV~;Ek2_JsgcPJ4aSS|jpGVEBeF>zU~hb`Rr4f1>$lIpUUwf6jRrrF}T z>bSjCXE3}$DJ976IuR>K+V9}cf$zq*cF$^^-~b%9eqB9X4F2Pc6DwJD&f5H<_)>a8 z*b@plVe{a8)2iL2scQXmD=E^qtTKV4e2DzY|H-tXx_#~p1K|g{?2$Od zFfEQ;fBN@p7LCtUIkc$embaLZzN5D4WCLc-k>Z3SZWKI*RyRb5q@7KEj9zBiiU#zJ ziDLAHW$PeIXOFd)d!gmvLh>nmzBrB-;oGh@?I>#j^+qP8X8{d^X$yeck} zw%o9#$+TYz>ju`Ge65p~NbH{sz44|x=SDq=zpZRD_3ZmOv$KyQ;ns z&`@Eh)Q@{bB8iMUm66HcZClnkg>tRjnN)YaAycUE&jTo*&?>P<( zsIyO7`~ zBEA1^;_phBKvCWAhac#x^8N%obD3866L)?ZcE>50Rcug>L9zck^;P(dGl{tTo3%Zx z`U9T0BXrFeo=2js_98W@er z{91a~mSqHJwj(CiNbQl0=AP(^7u&L)OT-HtyL4p*(31?P#)H(T0i;A9rXcc{(kwZ) z2?T#;UQQHIm`vJpi>;nNLAIfdZ}2}I5PMTLziJ^S-YYsh;G?8P@a2Sv8lH9;y%$v? zGnJsO6A#AAs29py;-{n5kY0ygRjF=SWDO%RWG{r&y70- z(eB4;V@6CGv`aFhm-+K{5AAyd6>+#nyqzz%WsCddYZ5B-a|0Zjo^gr+?V7Xte`fc> z1lD*G58S+G>Aq#EPI@cZZ#%12;=kk`lWJ**KA2VOo0AA!2EJz3KB&iW@eM(tB-5II zMi=`?Ci?RjDg^D!;-q!jhFez(NpXl+I$cm@!TIJmXkJ5^^EkS%7IZ23RX*(#Y#F~r z+^Xu#6~$PmSh36qe@bQc0`##FVvXh;8-kq|Q9C70L*2k^OKu5$q~ZfA=4d<)XSKz9 zvVGV1;Yru)faKxz=&&e!DlNzT%a6EdcPuLoWI9+kTTEsrB-4_jK8k!V*Ewb{n}(Be zVG^_c6iK)H^1O20PIG?xMpr#}1dX#5*$=D+fTDz;;GT&ER9!W+#!uq8g$0lU=?W6VG~-^893$80iNZG^*k#F6p^hbYR?&=vIE zAx9?l6zrn9t2wy}>dBJmLGGMz2-Mm;{Sq%+pOM1VjwSQ)f}e3 zKpP}wzrnucW!E6PB$1m^V7S`sy!ufv!d>+*id`1XK%8|K=c5}hOiDpmHapor(VOBO z$i0GZ!-OV0IZ+aEl)sY8=xeo4Iw9hl?6Ss74Xkd{H%600-SVtw6WySwLZ$I5^b~tv zSN55Y#Du;A-Is21$hE4gUDB8O&A{Ej(#dUlif8a%S3NJ8?9*F>lz_#sj8j-CHyI?B zGd&ElkDvy@+R{$1%W&lvC6+tzy!Xr>2)=Hq&?gDAt08HEf^+zjTJ2jlS*n)O(w1|! zE&NhaL?xy>-+aY~b7uv9D>j@pt_(PENfi{cTY2ymipA7L!#;Y=ImTq3=Ngz?TOjMd z%kvn$2qmdw6yYalYq<|9s5lO0TTF;_Xk5g3G;B~8YUMWws2X`XpFFNtx{c|Y)MrR8 zz+g5_W`4&smKP6Z6^ayRMzbPIG-=CSDapvh=G9GhW*lqz5_>~Ho=uoThL$2S#I|3S z`|*=J)XXI*l&E@uvln3#JeFgjUCv#J1S=jXGI36t7wu7~fhpAv%AP6fle1({0H4`~ znUdhe*l87~QQ_yo(>zMn?iZs25)B3n>*jG6A>2-b7HOybk1sj!umcHADviY5dj1F zDBBt}idCJpfEs6`J}3C_$W&~6ST!OKg)B6T4nV7;1eP9A3@##H&p$V~CX|Sch0!3s z)w5N78l}OxQ;jh-obq9WH!qGwARm=Su^pjhw_m_iwa~4hD*8C{T!f{eLrUpu3>9wp zECHI*BaCbJqh6JctjQ_I8;tL3uVXVBLXr&KCD{%T2BP2a2IF{T?yU;t;z=?j2~pAt z@*=x@IVidQ!c(fFO2 zf!)8%Y%W)#v=xq^+%P5F$YhADFHWw6I#uJ>cwp55kch|LM`k(nqtyE7`}-X$>WEdh=n+qwg&QQ%ri_kK8S>-_x;cJa!r=^nYr$F#rF$_`^LGc)98jiod4Gse^(RKQCbg4< z6ZODsq`y;c<{Yg}WNkj=4`NCFrqf)5f$I^!xZ>JbSz_4xkE2HtjpZ%|X#AAo7+VNA z2C6FxvVN__>hq1)H%iDA+DC5>kBm|EQsNxS5%^LoXR5mMs=#SZ#bp?0LY7ILlhH-E zvJ*Hc;dYYV@gfHE`CcB+)nu&c)LtPpbgKPrN3@cIJN(3)+vefi{c9C_h}&f^K*G)+ zyfJ}<+!o?x_?Koi;E<|teHaP8@E|je#}JkPkCj!}g)1{bCL&7(#F%|)%2)FHI$GCd zt3bm~v+YY#R=%bu7!dshLc2-x=8u&$rrgl zJGKVh{c6}ACG+9?rq+EeOg)vPP(mS)e=Kx$in21}i_^9C9f?)0BL_YSI?`782!=az z7TcAwc->ivsiIvIy!h~`KqucMi!U{JqZ30={0DnlvK2+y2F8Fp_Q+}JmR*iwLmoz-h2WQ*mM&hM>IY{sYF z?V>Vp$XV)ED;08t>wEpZMpNLWXdEC$1>hGbVp7msI5jYw zX!q60D2gw8O4l|;9N`PSb_9e!mB@8F(Nl!Ms}fx+`??-7<)dC*Hn|9x8HVi7h>}*m zsbAcR?jPf?;)OpZo)=-5wETf-z94u(3)FX!I*@p{`r%`mx;jk!kknIjUo~A#IPFDS z_Q2$>RwG~OpM|WyeKX(`dOd<0zbP=lb)?sMY7tqXgy&yvv$5-?M9tqD#mR<|2QatfqW*qSnI9dS(J; zPuV3{#Mh>hj>>@}Vr7PTr%D+|wrt_VH~$W+B+V`gNai{y?s*TL{Fu=li5pI=5e8ujGQn3;6}iH{xRV z&2m&n!u(#!5F8wxuZwtoFT@smDq~}O@iA;@tU^#+D$G`GN_r)azWR5KieZu@RL$|+ zTS9eeET24oOl6x54f;}Ng`L^@=|>Ng`qZSQx?QG1>1^_M1!RwwGA-#(%vA0q^Rqyp zesQGH{Q=oY>ItqPr4C>>_d3({>Z*EU`<%uw6UpGGlQT@oAXtYpMrjwvUD_V#FTB24 z#?UuYhagMxp@d6~9!(zf8|`8@Tv8-!fkc>3^g` zrI(EN)|IHgG-Nt$S9IAeKX*2N_8ad@YC0@$IO-dI7-eQOkUN> z`^i}w5=&V@Z)}mmbCoqol7<_!W`JWB`YFFKe?-YyQHB!M+Xc@1%gfc4xLB1Xd%FOe zEEmW0+RX6@c!$xL9wEO(yb%hdKO(6&;{D1XCj(+OsQ(p#Ni$jqtu|udz_2DWousjQ zNMPhJhV%vu3w*I_^U{RMVx3G9wU1xDuj@0aL#uEMV%He z=q!AhD2&IVszEoLj&g5;;M#64#|INZPoW_@&7$vG>>&J-Y9w9bk_y(F&F}l4*)6$2 z{~k0*Y%~3&)PqDqIC?S%8yOa;4zI55nIoNEQC)&Zpio}qBSts<$J}h(Sb1qxwC!zZ z+g);edhevGJ64ZR=zovh)0Ee|_ztT%**`i!J#BsyJKi$xCQWKze{LBKv(o7<_;q|@ zUZXSPlN@`RQ2af9X}L(3DR#QK(ENKP$0uJsZgz!Yv6t`>fvA`8I+})AJVCaCDsRIK zq}iMkKj+f-?{@`_%7~&Gm`&cQrOyMzJ)G3Ozk|WEv5TBnv>NFba!ulPe;FdYcDM_E z%{lfuzQxc{LG;yO{^;}t=VVY)dumWuac}Tz5?o$w>lYzeQBUuRQ4vH0-?68@mdf>C z)L20b<|+z&H8#ya0^}7RB8|3Cw!S5qhXHr->dd~mK3A$o?XYb_OX*XB6+dG6XIoI_ zxYJVry!C3`<+(izzGCx%g2cec`dwAX;0VJ$9T_>o{v=LJeVsPiQ#H5vJcEx5`;%6N z6rxC*TUfY!$4vFjTY@0Npc!I`(VrVXGV-!bzwXY^CY2?6np^!ltUPtLyXZy7uO1de zIF*C@CrgNWX6^5pTbMWuHeHWD5c#G7Lvv$$jRsW_q{x-*<>pSBUVD-4qKvtRoJGMa z*#yg<#L3aVP0dda4qJThwA-!YjV+`_&eW)sJ<=eU6uviyEHAFa$wgkGXxg$KifaBr zL&9Fe6=0D*a5Bxyg{Gj+VKUu>Moc2xh4-{+W53a6g z-*`Mv{uEYQkS-umK5HDdbH{~!bIzv<35E#H{GTl z0@E=zednbH7+YGmn5Xbgns+|?^ZMe&?_1GLUAoy%iDSm#*@tPQ42ubi$2^3MOV3l@ zU9_yeSTzAH=Yu+#-?`Tx%g3FBI}f9BOt0b4VfSVVUjE=-c?CrU^K8km4BR95eb6B7 z9{hENF#Iv|a$SWBGDAHJ>)vRKP8;!| zCh#=Uo@&>e4Y7^JHLGcGh+|m93{QaFZHXn&68$Jo0XL()_RU9?$5DakE6*S`%5}Ow z0sHG%^($J0pX|xv18?2QgVghCG=72eS7)F1tzYSUf78OtE;I=Wmh8A*)|g&b?6}y0 z=9el(fVs+{X2XFy<4yB~dE#&G0^TbOCwJFkKDtX_a1Te0fToADf86z?KlvBc{fi|G zLO8iWhE*}_=Y<}d7P^p2u)KTikVv7ETqpFk^&^?$Yw0hCudnadJCpPqF2WX+n;?-> zDX%s)C9^6`maU(%Hn-UPruoGN$}-pVW46W{fL?Wp?iq$zyAbGU*g%uYEC0HGU8Ekb ziexT!!yuhj&YUYUor*0J{>MJU$9#pz0^fO?2>g_WB<75`khVz-RqeRD`T=~eskeUYYC(8@P$tq;g_@xQ?2&WSH}F$o6s&~ z<@4REs6h^D8}HXXpYNU^kiy4^E18QuTo~IDHI=$vA^f`!eWIc5vkJBPPFdKvQw1+B z3MPpa99=zLL~FdDC#Y4tPfF}0c|byA4saRIp~(HL6^$>r|9;1;ZPH< zg(<`nrhD53>EV>2=;Kb$+5~+)ecq06)N4-a<~%45D)6hbtIAt^s$UMF zVI=zrK4EAgt8n9&Es#{(=emKm1Ixr`QM{1HS234AHN$#n-??hdp_P)Ir$CHk@pUHZ zR>8zy$3-lr`3tooH1j~+1!%QEBQOcaH~e5*p-NNx1(S}>ssd>OBi0fwwh{Yo6dH(< zix=G6Xv6BV;jr@z(%~8|-CyrhjL+sHV8&n9E=pZPfpPcjATO z#bmOCU8|MTGTLFc^t|a?02mE{`V$slY^O98JhW*W&!Jz{eLQ^r%@2u%WV!RTJPMX= z4QY}7ABmE=aUQRMsNYTZ7(?N&#CA~~VBJbrrK^uHU2g-I%p~pckHu~NK|1p*w|!Y3 z5mQ9YuO&2yE=FA0Q?y#}NTVw9Fkg51qR>QyOUQtU>o6;M1xxq7V{6fI(Gq>%-YSqN z57hDZQ6W*mf~QaAvl%O2APDT5b=P0E1Y}#QYZoF~WD4krVM~HBY9UIpsZRdd1fWkg z;{HKp2(X{lE1I1{73;c!vXj|^v4v>6fnho5CVD9Ol|B4^EGuQB%y#!1HZCCs1IkgY zF)Yv41=)tTS`1Xoq~Az4B@${S*%t0i|MG2cy2@p+Vc+Zc{d(DkQizyP7J&_JOV>H! z%ABLaJ;C4bF+>m-rzaUR+z%Q7z1gg{tW-AB8=eU?r5I;!z-x14S43xyx@Yw<0q-o~ zw}6W_1rtpe!fmhUf{2cG6aXq56OJz|A8mLXaqq&Tc zo?=4@RArr}#hAAO zB`5~%++32sl}UHHLM07|gOG$;e<%~Vj{k_3HLFf8fJpk(f%h)Q#S+l z2ZT%wQS|Q}NsHhTpPx05_kk4+-y;r+s7D zya3+w#f)CO7`DO5AR*Th%?UD`yiI$D7?J9Y;L99Umed}&e|8D?+O&45BZM%+7gp4 zrO;5O?LrhA#{QBGcPsoumjv#SU6a%_P~XB-i)pN!%|#F43^MweTEuHGg(L`1O0~R%>VL;&(z{Az4QyTa7K}oC z523)wQJCqVruF*~#^X*HBIuS;+HMlzt~k_*cCq+d#_LlAJ;_vU4j8m7G?hsWJM$qB1c%TIOtYJrg_N)1Xzh@OIO9 zzjy}tg)4s|WFhvr+&ozG9%=jhe}FL&T{;nFSd9K6zL%<+GyR@g z03iyBj9%0pw+qLX^KT{lgcD^Q&pC(7jQtNFrhThII|7#amOUlvhdMM$J>_^&Qc3oZ z)+Dn?DN5KO(#KK<=C(dsaXH!c@o5&!;Vg{EH4qjsUAiuP|J#_l5$zV5Z#>@A6SxM1JyaT()gKDsm~ZCPuUbW(DKtBEm}ryX zJnDy-r+Per2(pwAiMZ&}?o5udPhr&!=JDx!w?;7ODz!G84fG=jS?_LY$f4=Z1rIWe zx1f>a;|l~QYSEWNdAhxVEa36o{`SPD6;>58D_3xKemy~jX}#ww5iAC;^qju!xYe4K zQZ)zfb{Y4AvnG0D0GEzxd~SF!H6`gYo#Oe+gC&mM#>0an<85DUH=nIy}ROOzEC#27S>OGHqq8SWrm)xvY@7Q}YF$O_B<)!Y2r3)(VNU z%Hv`KtFKj=;fP&|N|?f!Kv+QPVjpDNK7)&!kfz?6@gVj<(YG6jvE&Xh|UB&%=G{Q+qN8YM{Wq7V?nA#+DskOVV=B&?+#ry}A zChorkAf25}uHJ2Q?p*VxcHkTB$=!6AP`(}nL>ywxP{(uL30HfUhn&pW{WSl5+>{8e zNbq05o?vJpi7Vv(n^f#x>#STGG!i^HFXF>f2jdLkxmfhf&s{xrQ&fIgNk7Lv5j|5= z*aUTepw_=YyrtV-P9-@*h6R!YsZN7|>tTc9a_*`Ogh~vxC|dtJViGqAy6DpqI~CK1 zy{KaiR3jLgIXvmcA&mbze(ar2#!pkc}DC~UbMk1 z@2kOGSd62SPNEt+NYroMGI>3Vx(ZO$B{vwtNk)_hQJF#xLE^9;qdd};$_c>MTb0DX ziYh~PQvM#OcA136v8&qnp_3p*->P9-(WMuGu^B}!($X!cy-s3pfhF@AMT#2-)2S4| zkB(7qLj;GH+BrocnkSSduYiYTdo5j-DhY4E1NB?t`Qx@(gJnrwcY1KL-`s)|vgd~; zV{Foh8K=f|&|T#A2@6`Sm-}EXWI@C1BktYsb;Kv~UmPJBBU^vUM|iH1bp+T%?n9in z$H4IFvCb0EftsfGn8>v7TJ>Ywp6;G%82Z($$$jqopi49#DY)WN*2JCg%a7U(~02q1{Pq8ZO44^CGvp48DsB&VtNbRB zu+9m-))!*Lfd7^qOib;%2ytBH*PJM8OA#w(&%q^d%2mtM(J7>6P_$16dYq)Jd{q2OOQPAaQ2<+oz_g3{P_n z9S4Bq=n|s2(OiDThO?@e(|t6iZuPxq>GWa6`UUW?ow@+a>$Rxds}x$ymnX&V&O}d? zvJKp&Dboox9UHOSQuaW2VFjA2g5v7hZ+{)dfg_+ZFMV6pPu> zwHa_p4qG(W#&pk++Se|K-1)Jz`Ik;1zG|M=0HmU*zEBFs>4#8R>uFx2t__;LH~SsR zOZ*jrem53^u%9-upc3Aj*PCOiQp|Oh9KU?c5Cm*4H{bWfyAD}T+(zPw_xeo@0+4m^19(S%Z&5MCfAz$CeaOfvK)7ViDB9c@ zKC4muoYm#4`RIt#?|+aH0^D2deO`KGMt@)VZ=<=cbG|jGNxV~J5ap^3$-F!i3!*i_ z?sGzth%Vsb(K2J~Wt1LFooS|vwfF{f7sMW3l#r}br1}K;>{t#8W|6PXuET$O2Z62K zs07R04gnpHMtXGrZ2kC7a!bFpE^+~}HZI6d_ZseUktSU`85XrNNS=G|8Xi#I=Wp3? zYh+tn0CcPVb3ph}&kp^w{}MwA@F!ifq=fU^+rA1`V7;A3fCF)9EzPI}gvZ5un4T$r zEv=XrrF6ji56Heuv3tJTEV(z!LDuiTivPrHzT70+Joa>`ywr%a2m>vNfMZc7!|O)$ zrGJG^_=5vy2iS>wT=>&cS^1nef5lIrL&c@%zAA-9(8a+4{ceYaX5tT);)hu#`E`0w zd0N51y2VycLoiUIVTk?uVDfxX%EPiM>tYXa{aL#AOMN^4fYGh;UZ!={Ix1wrNbb(}pW*w|cguhoO# zb3<0Q2ky~gjUZsBskaB*j%WPGNh+8Agg^aJVk*M?%^RSleX2|p0DP0w7+Poae1c@f zd1R|BI;{cA#1H<@SFb}*Ag5QxUV!g72mRKc8y2V{dh1EP{_?I3{&6ULn({A4f zcV|~=4!6-(w%ay4)gCoHv-_($+{zFDf+oNQYtjGg^mDT+IM!RpADN*aoaHZ-<--V% zbu`?wOqgv2uWDT0=QsTeu1M0m93WpWwtMWr?tfgkB5`nwxg!Y+p0=jNZK->SlDvJE zUShkL+;`mM=>E0Q`RMSg14u)@<*Qr#Qa^ib36;A9E;r9H>_R zx~|_eL_^t7yDDJj4i;p0phG~MT2j^yu(|9}0eUQYv~q!sX#ku8i0`IAk6}f^d(XnL z>|;*-PXu6^YpK^AStsrz-}pB!9pe%nY~h2p*Q@eAK=SQ#`kP_jOHTpNq6&_)p?8ul zo9-6D9bemew8K?vVMH%4S<-p*fluFrK+3z&f4!-JDDW$FUI5W&e;Q!pUu2Q20G=<& zuRzD!4zwFW9pJv}Z#s&2MBIzc^OJPe_2UmONk3(?^$j}9^`3h5U|?byc!2eO+W^bg zDE`;&4>8Zl>p(%b5AY9Fk>vBo*9Idtk!1K4%S>2PhEX6%dJ%|dUY)6+y+etSRiF%l{GSqjrOfCGy$Q!cDHZLVgHiY{@>F#{=Ve+ zque+>+xNVdgAM5WapsTk2xI{pnxkVuK%fuM1mka`&S9%-P(2B2_X8v~xd7j!6hMTPJ2~;g#w$e?{(Xhu9w0p3?)h4Eoxj;b#2$IZfViT)P~8Pw8PiEA^yj6P5%m7}7(>VO?|qlJkHE@u<_ zz&V%a6-l?|zhV>t*8GsY0$`>1Ad;Hj2eS1$2HACQJqeYTQ;rhO z7XC;-N%c)=S;JivvX;3J1@r9wl$A8g<7NE}{3OwecMBUIJob~oMI^{}AN`hvjCh;t z2HvEb&1L6DD=WY5NP&aXT%_pnaQPi9TPBN#QHu=e?*X;EyWRaix|)uONA5S2a@aTD zZr0l-jmozGqyymO;0*A1-S8M4`vuei8!8P3FnUCsD+s{Qz7RDA>FyKz#jpQy#30It zvQknqRUX0;t1DO#1c%jULyjDT7!+%Nr#%2)4wjE?MhKfX(Ckgs06%}?*&llZ@O<>= z-!tC={vbU0KP>G6XC9FCuh3?5Y=o1v} za_rZI=ufR;eyJ0C=K?rPN0^%l(O$m$a-5GFwSeX4Pk`fC4p{%xyt{F&?QK5I z58b_I`CSq%k^fa({9Z#n8kUy&0Iq)twuAfLp^;P*Y|&Bn=x+~7GzP#aI6Nq}4TY0y z4ndM81+!v|z4*$XA%Scp2$&A(D!sMLyce+34g;;=6fWwdeT?nzY0gL<2bL%PK(MzD6FO`L=4i7QN+hO8X5y8G-fq~(o^{%7VWz+eSfy6A%Du-E{V`Tn$zEi86heH+V z5B#L|L7=V4G@?45Kh6gzXi`V9y8nqb09lv+^wtkpk;b{SLnR1CTKREM8#l z`Y(?B*J?ok^oUfjKbkX2t8H!^e++cp)_cTTov?LQTNBWANl1L<84;XToz2OYMvgYPTTFtbzrvEB4YIsU6751@wzUPArfy3CM)sUBlD7D(UTYpOf4V% zvk><^_S8S7VhJE5Ibfi?+s#J7!?8qOQ{A4Dz3j<;d9ZoB!0rY92?+j|F>BVE5nT(` z_en6BF;7AI$KPXzO%=tv1ZjwAw_mfTA6}TjwO#PxV*Yx=Fc2701Uizzi-bRFzkh}5 z^M+!De}K>rHFRT~AiL*rUWLP;GRu6C6BOFyeZBWXnj7l|4;AfpI? z^?s?j|0hl7{pHf}5K!y@_e?Jl@193dULme=6Ce;jrcfXn?sZ+7wECtnIlSUPasMSY zgd>@>V}MvG2srufuT2M>H6h-9?s#MdFKGzxJC`U~J2tm~b7tixi8!2z5`JVN_F>+K zWbz635A-vH&T(V4H`pDE4Khy9&%3rwlN8vb$8+9zb`nA#^&?tLS^hLOkqO)F+IRln9g=HiDvoGA!0;ihY- z+u?un<7o@id+Dc=uL=Pc5CIiYAZHR-U0wpfK}!2d5(*qPS8OFV-vbH5|A=hP5pZ`uLf(m+lDu@wC7T@b zA3G)!CG|fqde6<2Yy1H2C3gUvULfXQH)wsi@%IAQES-7z%oCFjV4Fb{8``~(P5U=& z-L$?O!g8V1oJ}M`X@GxirXPE}-zJ&fhdf5*f&t`SK&3$k=G~kf6@USezXfTAP#5IR z-ywe1aQ3g_&2FCzg?om8 z;i1x~wY_e-5=ayoBZ`nK9KSK_zW%-zxaSJ0Jb%zgo!$YP}bs>A@Vv19kV?RNQ4Ky~jA{{fv!OeuH zqTdUF?AoykE}XY_jJ01cK!t;VYW~dVH8A2IBa-I=M<#*E;T$ zvyu=&vhw{53G>%W z_q>4QeaPa2wDN+4>F;nP5#3d=D$&x$$yPa}M2o${ajNwp!g0qg;$3TRw!$OMemryY zzebWdX!$|h5AU{}NYJFI;Z(BLIS9;n4{w_^W`a5^Sum{+@A0#!l_>RfrI=JSwi@-@y|a+5b4T5Dr&sxE7;Tie*710E0tE_wg^-s zu0)El3009!@V|TY@weUWIvuShXzTvKOf}>TN5aA4aaJ%fmo#q>C%52`_DQZ0Ch4S6 zG>ONCZGJecn4F?|Bnp2#2g=xs=-vN*-Mzz^PzLvO;~PTd8o%{|T zAdVoPk81FkT9~Zj7igq&V(O>nc_a!>5Kc}t4OmtTcbd7&m*)Fax0^e{v|7XnyAESA zLI4T2Z#^7ez!>3)~4xqpBbkfdK}AQiX&QqFBUfzc4!fcn&Z_{HHb zNX7}BPpDn0dlcbHy&~m&&*lf?_Xc7#E-JL{e#ktCNm1GJcvaf_p^!hhZoER6NXBW- zn5{R^qzf23qC08gi?fI=Ivp~={MXUsK-TK%1V8nT- zQUXpNJ=|RBxA0WDVfwh4P=k_)s%=wVtllxw-ljM_y^wd@_E)Y88_~z>T8X^!ex=-znTs{g^ z=Q71vj}@OP-9s=`6pS@!w^u4eFw5VxZc$*hua7MoG~E#^HM$(fDBdSEj+cR$1xtYB z7UA08VG`h0Gt79q&|U(TY1~ax#G9ZC?d|1({TA7U8L#tv$U8T50sLTLDKsm8h}LS#_NFwO>t;Fkt)Z#w=t&kF7o>flvk{iPuFQfADp-rQKUrU1d0Q)dCL>z#Y!-saqSSCeL#Z4yY z>YHkB4#|Uy@wK2ZXuWKqND=6@G7=LbM-vk=k;jK7K=A2UN3cTKZXH`xXEakPxEQ=j z89MXG8dg+MP=xOlsdROcq8E$#gk-F|ennBJc;X=Y73)A*2VKZ!m;|HisGzyv$bGST z$YZ$*+DQ?V1LI;}8lFf(-er@&$wZ10=>1Wjq`px~RX}?mihRCMGfO@!e_7;@V*1DN z_!Cpi%h=HrYx%S)@PtE~lbd*t21Rlvm9yN0=|&6!g^p#bWe1OwFQ@d^yjYFU2FTwc zBzt2+>ofz7>pGP+SzhF=nW~XPS`*io!b2U|7eLGbVY6@FZU*c6y#4S9g8x2za!RDw)bMZ%R?TUW2rUvyj zs~i+ONQoMJT+VVMAs-f#tL9-v*W!os@UX0N{LwiyMFdGKV6vctb?!>EW4hHey+pS`uUM)YhjaZB?SV^sLM z!ne<(DvxuWigjceIUHHN%=CHCPV!78goEZK&PA?IJR>~DYX5deLgmNKD4x5|>C{wH zobh3n51Fdd7*CAx>Sx%wcQ5nP83=&xb*>-rxjdk&n~ZGtI5t#6?6a;@&~LV1{`GY} zNjX>d@cv7|1dgfxi16bs&EITu&}@ib#{+6Wqe|hT(HRx@w>a{T1qeuSuHmv zH%tCawS)2Rj&0Z4kJH5pjH9S-8SbIUxe1pEF) zPegqt*7G|VhK7?!#ybtsVPB(Mo+bL3fZ_!2EcNugQi$7@E~@A~}K-n>|J-fr8CHoJc%ubxN|Q zRKZ*^1-^qSnY0)d&zGdnl|3dTp2Lxn(x)Q2ND}fS{<-CFuQhiOpA*HE4tJ4q;rZXb zmM83;;$+QoT88mYXmFrFWgz{e+Um9+@ zj%;Ap*Z5#EcaI#yms+aVk}26z`iVV!{&S)VVxx~J)6ax^%A@P$q!1eIuJt_=(ezn| z3}J5B2;z~lGVskhdwWYJ!kRt@48Q(q+G|`~055Ycz6`6re{m~jYWQ$R0F zFZQJl0G|!9=5~h1WFP9a)sv->0-*cF|8e0V2CK8Y??^}qM)IM`h=zUZy_M|RQk=Ue zW)LeY`w}QDXNaFP@~oYd=vn=aCW>!RpC0VdVm2}Jll|3+Q$^hIaVohXvdGsCU z_W7l94hbvu1kPaScgmT9GG%8z%1%7(zyf{!KYF7LkGACw_YHBv_$i5Ua_Liz0f|bL z&n++oFoXG23*pesuRX218nbu7CUK7!ihXtR|9q`y7i9`Y9>OV73JhLxzfO^5GazpG zkv9EQ)cpi&gx!G^D#n2SE{xi|SxM4dk%ocON_Ca8a4|n_Aa1Ml$|T9xa46SvP&ijc zHd8jtBSLZJ-;^24M} z#GZk1qpd#Ge1M&$CE|Y25%-m#l#>5MeCO zM|_W|PO2ZJDAyo_6QSYMpKQ8Y26{;zcXmSky5!(PK+{3mR6J~$Ad4K)F|0&PM#Yn( zwJ&>Gg{^8&j>o>be0KWu%+P-pTIje_%oZkQY>tg+HV-Ie} zSaTf4kDHzSCreebe_CvFDeg5h-z3b)l{c1a*+*HkiY!Xps>If29r4X4L{ykeV@$dD8w;#1PyvVPG z6n{j2DCa=w%@Wo&p`qaC_jx#NnlxV^KDNY8W&YwE65%S5x@p%#zk-jjNLb>@_Q3C1 zL$9LlD}KCaU0$>|$k~*!KC?rCkc)^!qNs;!Bt5G9lMF8_KdAyc@$l9n>F3t?6$a++ ztBowT)|l%GzEkak;GzZ~ZI^NMeIElrMXh_YvhnkG)Srm^ZPlBlx~-GWj`;W&rhF^XG=fO>sDT;>h?hhYwAkUt4`V z;X-r`3$tu^*K*2B(h&~isT?BPCwC(Zp5O|#>Fwlpter7-litHOGkIf0&YEpvHyatY z&BX;6N;n40^2>(p4xclN=(sPY$>wXS5jOEG?`0n#^xJf=UO*F)u{Y_jP^MXWB%Sd^VM3dNVcC0^92=5hyipJ0 z9i_I3RVw47LC)Cf7Sp-W%XM;DfMl5avZTh8)_UObMbCdzK?@T+vx_FHik%<^p@Y1TtGl%EG_YXA7KfAD$-Vi z6`BYcMw|q%*-Rr%jx_6?Pt2sRO)2UkV1qj2r?WIpi`a_zv8;X|GI!NzxR)w`KDpqp6(Ox zq?%FmI}a=UEyH~i#qIa8jTsn!*Q4nVJI+AOBeFRQ*d#CWUqCIrQ^14lf&LB9ybCbC zR1S6Pw<_H%jyy3-C!V~eD2q90NlnLzzY8>W{ZJwDyghK`AWIyzGSaMtX<+~1V)|y< z&uW3>^2jTnsuCd?8|Cn4Eg!D?eeD`I6%9bq{i7kK&u3%%1@rtJxL449H}l9q=;0u& z{BCdb=}km7A`>NX+tYzazja=v=+B;dn)OGyLAv-Yndwg*%?qn9n5J}bOWhgA@b8tZ zLJQ$;P-L%U^Vns!-dAD+sGDLsc=kW;U_IfPTI78C);3ECfvcuJK<5(6DA4)Xo^(JQCa49W0P1eXh|~G zMxv6<8rvvQ3&|T_b;Y$}B6(R-Ab>r0F%TCjUm<-kA;6Kg`pu*CGL1ki-J3g`rTXBa z^OO;T@A8%n{z6{RoNC|vbRd{Zb8YgyE+JX3n*ccJlF#FZtE88{+gbm=sZ8V7zCMGO zzRk<_j>i%r)|NzI;fAI;A7*DP{MF zXY8IRy8Vb$fA#I|8!LtF(bG_cLD{5(OoAJNiip@o|o^HUC>d+-lXb|R(pz^s3Gp2Ty`R(h&8m- z9^o*54zLe}8a7A<-&Gw#f%79^{dF5=0i1xVhC2WhI|QD2J|0dYX5#a?PPGg61-C!b zmOy$l_FMt#uXOpQQmh08KHArshBYLix5jLWuYs9s9j-W4?&`;rKiL_q+{?cRh_SgH z%^bun&8#V@rGSMl{rh@m-%4#o1bCh+34AGI!Awo zr-YoT>JpPn0$GEYUCK{9v!8OzNHh$*hN<|?5|gr2)A08<^wK)aQrfaz_>Z8EsNcEu zV#H#@K)O_ne;QRDO8;aFG{^cSlO$CJ-~1abp!S(W2;v=R9^0VjX0D*W7Z*#Y4OXGR zL@ygla#?CRd|usu4S~)EeaX5LGIP2G9>#$p4ggelJN^t(D*@=Rq)B8>_Tch#g9BLc z)HAW06I~ha;^q)qS+w?Pw4?%2y-x%Bp;~5f%>G@i1uRFrH#`ODC>N^Et!Wom?fFy7 zW8*>3UGh*F^L;931*nu--5BuaGhp3PA_Z)30pIfe`=dYwzQ?bPH{#Ci(mfFH^w6g{ zz@y?M5j%!p3U1;7V25;~^m0I8;S4KSbNL|o{^Bc^5ndsWD23UkOK1D`ckHRPq5&Ca zIc(A(xoy;We=Pghs96QL))i!S?<+C}`JcLVDwU4X!AyUBs%mRo=Es6Jxj|7+ncN|# z*34ke`i|rRgC(ue+#8p>$D(^()$%dDxOVY-c--HOZ>IJxq+fKG`-WSdi8LY1xLA7;J$5FHFmMlnOQ|-lvkx+!v1zmkV9n&FOEc;HvTx z$SswQe=p&)(uRu?&@B9GujkE;{{`V-{{42qBLq|cIMN+t&4KI>AVAmdZgN6q@$}gW zpt*bj>^jd zCh!6nUr0e@wqQ6Y@L%i+-JXB7Xb8n}K$=&jWa^LMRce>{yzSZ{*5v!+>f27~l2e6U zA7;$C6j6-$7+Jc;vc0l#5tNLtg@-1H5UlUPUIEDPu>tLYy)LiYisNkMz)XqEp2TPD zegSne*GuJ)_mXc!Beq%f10_FH4-!`op*|H76J| zrC?-gvxvgXaETSXTcrd!V_}=^n`}R-r6(ou3(g+YCm zC$r>1M%m*)L?fhSVXYW;@*3>{qU`{wx`#5!XU!uNbo){5m-$s}e`aiF>G%hsSbHhP zdw3nJfa$E%=XSH;PliE{tq70;a+YK%<0KUJP2h(Sq_1rXXe(>w1Y6KDg$mEut-^;h zXG9qa=my%FoAw=A$Mm8lc%$L^&gd3(eyI3 zFYPw*o~i-h+8l9V;bNNwDT^n_w9G;OxY!>6t}Q>RfTT>HxxU9Ql!TOE4jfF`-6A_b zXlgpit}gyql4N9%D3TJX${b4MEzOFHzpf4nPhcp)FIHNwa_`voBNcIqVFIujt(3sl5YR^g*Qj0E?Q{ z^?_&=~-eIcpZkzO|@juK^(mKnmcVV94al zbBRVnuLQ8Jyow6x^JeO-`qn57tbxH8w;;X(plRXM^#bNfbGZSa6P#zS9D-vhn;8b6 z(-Su8fG@DEyqfq*g?okEg)=)ec{7iA!^8nQTN=41{rx6MMC>(y>8nL& zUps7y;#ts!^J|k^;4^IYAY_Qt5%6d25Li)PMS@L$so0gknmpId)_>MtXBe42k1RJC-?HCkkO*)YUa9%SY7= zY+(;gF_8KJ_^q%1vk=rZs028odRtr3A%EV(ebWQ3_F;8*Q%wNypK`M?{$15GF3q7V zl#($jf*N8WnkoWCg@C4C0bngxr30PGDu?t7uFeSQ8I%Ftn9{J_HxPu@EUd!v71ifq zoeq-&qcH;%J4mC8&xgq-0&`-HlwUW$TId=@L3Ppktz4-MP+)1^#W)>g-%}ie${p+!CXG!Z1GoLQy7oKyJmBYWoQMR+oFPfsw5$8 z*j@gKn+F)MlVraK5^H)Cg!=K>GJrt=V0}%(yE4|EJGG|B@4c%kgu zK-&@M!rZF>@S?Mgf(47i0Qv+>)F*`hEbZ69|4ax5EJOSVyvq{3@ACype7As>&i@wSrw$l&^6_OMQ~v}ox(7BOR2QzG zPcRXU6o75J8_@s6FM#ugX*L8vHu(ojemeaF1lNx~vH2WZM2DFoJ?W>w<*Wh5tFIQl z8lThvG8VQXz|aOuR7<%Ldr#xjZe+;wHH~l0k`ZJ$(nhko_j}h=2!Rq1mHK1Bs&hAo za>DKFVi_o&IIcEfSpk3)zHXo0cih1Act#H3R7kBL+t(QcA`&sWhTk&Xv_9QnteZc< zegDXh)O0xcnO}}i_DF8l_2+K`@xOhvg9a^ZB(azMhN~S(yq*7(73cxnYT7pc+i{irr|2oFUe z$a{NDyAz>sETC_BeP4uh56(+Hyoh9XHi8^s04ov+E4p7era|Br=@{72vbF8E?0$R; zQ>J{`IAvE>7POcKj0YT7=6}FM zKp}sR&EYTg8@^b9k0x6n!Th(~C$#NHFA%_IoAe5+IHZZq87)b? zkyHJc{oX3s?hQL=K%;C?Nj=SQaDg1oOyqo(C_#|8l#SquP^}|Rfh@@Z>&NepCu+y> zRa)S+ipn0&gkM@;$~r4+jhraVqZ7b-{518M>Ir6D-qN(EZj^PG%`phcBgAu4oz#_) zbX|#q&G!h;G*N99RU*%}?tSW=HIX+t1Lx_?JKiA%v}P_yFKQ1#f^zUJ{hVy^QDe!u zX{dWd+1&nVpR=UY3&t^9&IELq4uelQ|&O(PA5Oo{!OlNvt$ z;|%Tan`@Fvzfr_gcu57t9exXepS&X8wuq6b^Tb}?cs`^))Bi-M=MA@24jr2~Ee*uK zX6Ol!k4>>OpCnLFPSQk3|I%uIS`!mld%vF?ttacxOMd)s8j(~);YeqRMrI}hA1gRU zfqjsZ5of_AaQG{K4OV+#%ak~#+*7QTxq}OW{(b3Ce(H{au6Q1&|Ao%v*SC;guq!17 zc?uYMrx!X6E1uk*MAxZLi5aBY+i4zK?f+P)U)f~u(c~DKVs*uYY$=%YYm2#EWGip6 z_k=@jjlp;^>klgTNa$8xjB5_lkp5z^r~xE+4et!X(Z3T64-Bo~`RRsMXH*z778Cut zLW!OglJpTtBSP&4+`E2aqJn8Qfe4Qj`KtG|+)nz#&g#b)oagpKe~l-_!faCe+7KoT zpm<6G@pLWz?G;}$L@PKy-TA)f45in-Yp!^&Uv0hxIm=!}$Z(_OYOMD%5mi<^(b)Q6 z{A9x0)lPYsV$o>K)zse9(%1}4m=qi}$is2W0f86hg3!L+Bw$-BfDy87deN&7?F%`u zK=~vQv1oMo2X48-ndD+cDK%T|U9$FYPH^=A$D40Eh~&~ad;hFT5@7AkUAx%7Fy`3| zyxIs+{{f&*F{Ebru-$*tFtIN5Bu-!ogvH_cxivs6xg+BZGlHxF?;D zeqE(v49;Pe#$jaaR*VD+bGB9v`q?^pb$TD!2#64^S7jRn^H*vgTb@q-n{Q*zyZhJ4s{FaGgTFG>P@U6G7j+pAm3{VHE(ybY_Tlv6^v)G7PK_xoE<^ ziu)qY4ePzV*LdWyH}b`I6AuSo>wlL$pUJde2jvX9EdQ3&%&=2uieYFXjM8hVSE`fV$kQz7=1I`Vmr1P=^X7bAXSINE^HVY{j|6QvFz!FT8V+W+Sz&DiDS6~w=2z&jG^WA`Yl_yDGbZ?+b z3&74!F#kX9pDa&rJ~*%28Fk!{Z%H+L9k@pr{nEdvmH^qTKN1?d6F*b?6YO~VayVfH zox#~VXCA{j9t4*lN@yx+1mjz9tRZLL02(lNxoi7Uu=5p!7p0K<);PI__|@!H>(AG) zz6jkJM5(%ft-lV0V6BpVv@X}bt*LBQ_Av$ix+s>C_(&8ll&GkGRIK2?UH|2I&J1;t zo>}-V1wU!S5RGqd%Pd$=WI!BFeY;e~VuPXWYO9$m>#MQhkeyVQ#ljR_+LhsQG0xGn zF-{C~r)uE;>dI5J&xoET(4?YiIz3bnfMQo?!uyO%Qg66V)L$vUhDf?~E{pGb>>}Jy zCEa?L>bhV|Cgw0E6X7e(Z8PHOvX@xj{)l4xU+g)5)BRPE=~9f}O{*=;cA7ff0jcRD z0qqo)EWperuno&9^_8_I0v2(O=8h;|h=xfY;m|ITZ4QaKqx5zh$V6e3vxaEgqbLX{Y~zmDWulGLgh zH4}^2$NB!F9Y)9FmcoKYRp7>jn~giv78Wa&z`Rwj{~W5Qdn(OaT4ZdHUK%33bV-!M z!cIwn6Pq`lxTWM93Tf?QYob>6qlK9nd4L|}oP8(oaYPPc>x!x-Iw`wP3dg?vSL0zi zSFH7Z>cb0V-ks#b&+x5+ruo!Pn}_@x0azCffj{;S#xB92WmP$=WnVccZY(t>wk_ZQ zZTn*OQr5QCrKneL@@B~-Nng+c}?G#1)pb9iKzW#B9Av1ksEDHC)-OvjyGWD{w0H!+~Vb7C{ zEo##cI(>8dEgab{A8y~~LrcQ$f~^7=3mZgzuW_(fJC2$SixkWsVFk3O&JTS_u-yQ) zFdEt0u-GHj4QWAYx!y=l5F-4ujlUh4wNFs)`*Jv2-!Yugmv8prSC8uFYiDs*i5Ux? zjJ0fgHnv+(k^brcyb^zCNEL@A32=3I3A*(82jKv=#uHPED0}w zn7|alN}oCQQahYkS)v)Kf5Vqo^&hKEl``+dlR;YXTXVZ zr|JkO+JK}$n*K912++R5GsB}twMeV`XCyQ!lb5{bkRnd@kFN(3{_n*4Z_DVdNlegv zxBr*h^E0H})M-+IGdOz7b6qnf|M!WNf7!D3Zv;2i+i0Qar`LOnDB$d^Y$1;KmDY~P zahh(fKOEN*LiRP_E93{=-W~_YSo49B1{UOP*aw6{WR;FLb6SY`#aVmt9c0ekM~)QN zc^+M5&VleYAUn710sYvI=a}YsMC#8E`&785l`a;WR>E8DpwC^)lEY0xMg(?VY~BsF zJ{s6NvM{9C_wYX?Ad}cwc#bvBhJSraMdF zBd@T_yBf1kW#0_VnfXRHPXzKyM@}0UB2Aqi^O`R@p*6wRN7}|`=RgB%nA!{oy!z_4 zY3@Y^{7BR326C9g7(SI1Gk%!79M9_GeSAI#Z-qw_*7>WgJ`2?>olu?_Sx7p}n~BqB zM(o+mq2}AtNv8ew-v|PmJ0Mb!#MBG@mLf)J#W_?aTJlpT;pq_g{Pyu-`&{}9Iq|5s zyJ%p(#`>Yw{>0zVpP9}>*r7i{#ZmdKW#JVhqv_7AC38BM@?JC;?J9C-$ae0}Z%z5x z?|CquY5K{(FlQzzEGqfqqQd7;w=LA#4@<=*3cyil{L05* z^*X8bp1VYmE-)6O-7|i64r7-(ByIKz(|0JBnEFxrt>V}!PDT#SDt(GQ-dPQul>6Gn zq4kdim&gH|Bg`o()Q5d~liGADF%9u-F-)y1Z|U?&>SH*=qjbEf<*z(r=`WJz2sjUH ziT%m-b^;7PZD))=h$T-LiASTQ#>B)Z-j>T8?>jJ=Cp7t1Yzjli{SrUFZZln)`H-tU zgW49x4nYonpG|=Ol5l*E33#1kn-o}@*cqO*&QIXqAvI_18na^#+?N&2>*W53ovTq( z27Paom>}BrK^rIDpB?rCA`WX8$cpaQik8txg+Bi9+n~Bo*9v9cm&M$05n89HS@kg9 zTtBp2xx@5IV3)fqw0a9 z!CpE1QNPgBoYqH7xH?j~FF#DsA6ai9|3&Ub$gN>$xj{|0n+VJb${Ct|Zdj$mm1WTJ zUkkx$+2dV~lQRy@=6!~1{`00ksztL#+dnXgN#4;Um;_o&;kBM-Sq>*wghp7zQBBQC zigCv}!+rjM%WHV*fmz3J+8?XAw{4ipLjxcFj1^|4e$o75LnQ4MjmUF^e_jyvyT3+O zx&*UcKw3J3q-F?PwNlFh+=%UArH&_(S?#2+_tBAxjTXc3+@vvh{~uwWap-iAE&;{o z!Nfhw^5r5~)!}||K{bnvCR4LGs{d{IW7xT7??ONYq|9NF3WM|1v#z< zltrbK=;RRxaro+!Yi)yBVL0Jn&v2HT4SMibcRA%D+=rt$j4E$V$9(%FkNtn1)_fye zmKLg}!;-W@l<}3$j2`5%b}OU27u;}f*J#c4U1Ov(qOxSFTttrK`IjlVgFnJ)xgk|9 z*2w9${ly~!6UqmSHidT&)TMSVP7ksy8i+B1%Xo3?Do_IbAJbCVqvn|vI=-`cjdXigq&gltEThg=@`?$lddJ&8ecx9|pJ2$($g@Y_V_vZ!jbGyqcZY*c zL=)xxtH179lf%2bdmsuiz-L^1D(Re~F_Fhnt`^dy^BLCwiJ6qCI^U7s$zLZX&5qRA za!P#H{a13M04t54RTfhWo57b`{luo)+Vp^&hT*^TK(GJz6#KT=2?eG#X1XnA+z2{; z)hlWg6_SG6{(CP8F)Vl2No{OF(xhkukEG}XBi`E>xRjyhkPoF-p2B18)QLeBC{aho zG+XclY!)A8YKw(vJa7D6|LClXO!yHem8Ce5qa$GY-q}gV_O42QruO$| zkI_$l&L$RNOD2^4xxXn!5n&rYUTL{J{lZj#jmgwxc}+bSZS`*8Xqt63RC%D! zKeBCBh)nv!h!qYY37hMpsS1{hII^U%AXb||hD19I{kpPxPp6Wy~{_(aoCdF5_Jn-$1_D@ ze@IWOamzMeZ`Itk-%jthGnQeS%F_AjFUlsHs`wMprg1xIWAGtY-3_fZ$DffaUABtS zEiK7cVvv4xO;DUo+7j7s1ihhPiyVSxZMzQ=lg4yd`bh6rV}s)BaL+3Os|OW%;c6X1SvI>gYdCYLV3p=00^sr7TflzgGYu-*czU>vRAEwG(zx9EjMgR6Od zg+1{!&KEmdFE+=MxYI0%ood7_(eq)=I0j9c4T++|mgW8a&u9hWkd`wlDKA{%cSi;xNwr;H-i=1~CTg zasm%S*yKzg77L-CwF^1RaW=j!smvzJ;phR5!lPwP@fFC59GUW7B~%h#c7UnDtEBSH z5HtieedbO5r-VRK8vU-<^NT8yx;OIE#Yu*iUuUbUaL*JXrV#y9RitTs747&YtH_-s zvg!p6=RN1(YG6QTYRy9x&9gkh09BUOElzZqRA-2k)@0fo~`)S=@bKAACmanU3<7=yr! z>3kL$w0J$X&-Cj%e(hE|ntL$&hY>v~YXyR7Wo+iRS*`k~qLO*SAHbUPgYGOHz9s7P zBdp;*$$2K2$?}Cw2;7CEb9fXusq+E~979Z1pTfcTgPmktaK6YQ`0WR9Cw&C;koV2a zr@zI>d*l)a;&%2=u~yNkHt8&!dUTbwt%|aF9S5j;hv2)*9TKSqn!Z93Y&kyug$vW_ z-S{(o6&`&0Zx%CtXLFYX9D#&72qK;{kjBTK7A}lZKMA7DhCVH;s$jI9ETw)fE?(W& z=WQGwq86J*3mkp7hfS?|5PVhlaW1v7IqwdIMe4AFM1oo;b8@BC_RU2Ro1{eFci6Q* zvEE)`!xE)Ml$?B?1hXA;5+`b6C94Wiq_S3W^t6Md=CJMDUeN?obEEeI2Lz$TN>RVm zYP-2i*aYiEZW|OkTE!{wdgQ-ocLgJ@it5bhw806F!D~$ni-woa3yjR>=@Hm|s{A0p z=xsN8^xFHZ9Q(J6Q(=!^i+DLakHWuF;iT1Due7wo@n; zm8xOVDZzKf$O0KTJg?c%$PIkFZ{)6pCinG_@>YDxC0QJ-p*|}JzCJ3|ZMVD8=D9OyvlK4U4uJ+*EFP=XihF6GaWhlg@M(f`m3oH?*z7EBq3%_xv^)@axIa(6?XuI}@HCWv!^3gtx=6PP|PMxjeVApxk3$bx!Ng zkGFH{ax@B@`=kE==r+J4Unsf}3PHg{cm$I#gK_UWZk4?nIXIYbGym?;EU@B9l>xUF%llr{}O+832sk0sr% zHQQ(Lb2bZko~-ZB_HOnXzc94<#vXWbSxlG>d9!}H)}|}+dN;cIf@gyPgl$<>+^SVr z{BotnZh2648c?x3XmfAWlWj7ZAllXCNE^e_!{$uL3l^t$%Pn?)BjSs&jEF1bh-xgg z`$0ydn6(wRhnwx&rGsF`{i0nR5gOhBe)7mlQq;=9G(G}$qVUU{ybj!5&WhP6M*OBi zu`4a;oLd|%wPr1rdBpnb1HDoei?rK zmcI55Ei$v7K(*HU(s`mS`jL(R{x@uj{G*pD!?T!g)zfuH7Y@(L(?)+!l4QR-rTUUm zS?HdN6BAE=>3aYX+_Bn%FiAb}@COE}NczPqy)YsTKt# zUB-1V^bWCm(5b@hQ(!b{ca{4ipNQ`*;MLbSs{X+u>+<4)(25wYE8*Q;V^30NV6y$} zq5g->Pnwh)cIvPE;7HSokI3ru{r*4=#GsE88nK<$5PWvt!`_fjmbaq1nYhFwQ6l)b z;hkR`nNgxBN;4gP>F`6>xOn=@-?iXWHr_(vg*4UJtb5r@%)qr(+CQ^2&r~Dd&6Mfd z@WGWkN_4%4aH)^o&q=Qul4G!9hY=Y2w7rg$W6?LVCa6cnssm;F56i;`t4E{R!gLxz z^4m%JDHfX&l|weiJJ$TjSNA@^JrH(v96hH>uq#K?`_h>^aF3lZTD5BL==R~aZHAJQo_3UNFmy%WUk)yF2&MwFBB`6#}| zr~-r;Qw;F*Yq=OE1D5P&1VnYl4~8)V<{$I$1-(z4Mg{m!)@(z&gp9|rig#@*gGMT! z^5hStMdQ?UxCzi1OYG&os+TO89OO9tBdyP7`@>3RgPSSM)Yu;&g(&2B>NZQH6SzBD zvndwTMn!s;x`eLrvA=ZfO)&4*IeU06xA^gc{(g~cxS=&_>jiDdyfk;yz0Ni%s?$ih zHXJp|{5o19>fh>C!p*Gf=K8@t_}nQe^g^no0^|bB0f63Zs1F#KLq$Po-z9FAwy3^_wIvmV2P zY20Ib-dCu@ayCvA2hwOmvizH{4pGwE)O^zGc*N@(lL2aWd{42q-A zLnvF!AvA(Ywhyx(snES!`45VbO;w5cwkt7xs^Aq)sPkH?{dwP9Q(9TnIL&{VZ(NzBL~wP=EV13weFf zVH_eLP<-njcOCWp;i@F^yT6!%G&Iehky*$jNw{I=@r0gFdO^udIT~T3xY(K|NbG#6Nkg~w2BNE2 zRFda|fl<@E9b)0$f6@oi*H%AVmnRqYP6WPV6pO0b9`42OwKjTd`co}$xUjc@zu7i9 z5&QyP)3x$e;YTB2#~(W92ubd-SDBkUTNIQfYgORmHxKy9%RPMC{*V^676? z{`|^h>9!bAWoauYdiK#yGuBIvaB>6NTTgLx@jI4`n#6moE$sXK1!o|pv}Leg9YrsG zI;eB+!2G-Ag44acCXQ*WMkg*#M^X#O^^0-=i8(eoTJVpmv~)6_s@W(t9DKI5EeqnNd(-ZZ`l&VW zoC6`&3uVJa;0-XVE@F8uCs~~)Glj<;XZQ2RMiYo6Gf817t|y)1zFuF>$29< z4yM4~Bz8w#c)<+%fkF<}JOj!}!%W*I>W?{-zmydxPAA_gF_=VzY-;&eW|K)RjGGRshyRM#A42fHxV;1$_nJKe$T*Vh!yaF$<$*&W;UR?MD%P)<2!BKk*o>Smz4Te9t5 zx~+88&%u1nY3z69oi%x>cHJ2Azo_wTHsEIl3Fg9G^x9|`NEp7bY!L@)_EB)~P0=h` zKH-xb$fjGz<2eCbZcpo><{o;g$_CWB_)V&RTz!c)VyF&G@MS7pzGv5{)XS6BA+;{% z&&KX}Jm=gb!X)DRB^NvnYmL(7jekpyawp^|y31kohh?)FX@_i|E(edb1tdUrE2^}p z9CD9WC_XB}m2#Oaj!^ow(VtCwFXOZGbmod_va^bgCPKQ2A zH`utXnx!MjgWux;;cCrfr;OQO>JurCw=;!2X=1c$!%a5os!BYSxyk}#F^OXpn`{uI z+WkEPQY@s+6P-CRlrMV5b3Yi$aWA+q#?C+e>}k)V!|s#JTwNL9+>6}0XwH29o)Klh zij_j5D*I3@At+gnN`$9czCg9T=^G0990}&WC?rjm$gJvo;cHR%2PiuBt)4?qba=l! zT$%_BBX4@u5nXE|JxcZXoX76u=jc`etCreyM;FPT^n#_!Dx90*PEx{tk_WPAsoIeC zS?n*^&OVGt4~*v0aXh_tTj!bLa$f21`lmeN%PKu#GMQtXY+-N=9IsvGwu-N4s)~H` zM$-z@zS29_ky(~K5ZbXmxJHz~I{Vaec@eLV5#n2GKzL_WLhxW)bjaas#27UBOK*)l zT4G;Sih8E)>&cOCwqa8p=kVJQ>>jQxv$@hy5%{=Gxf)0H-B0^03F<43y)!-Ct-Sj6 z^!Z~b9<e2@3_dsY1RuF5Hm?+Z+sta7V=o$lfj61 zN!48OC3XinJGyAd6`Un$Q^xKF{f?59w#dVUJT`>@eqlaTqUL?J-Ob2R4vVqFh^6eN z=JxCT-}G8DfelwS^A$wwfkoD4x3+Bhon0fkZ99p-s_(8%%{ju11ug>Dq&8G{iYM}{ z$%CUJ8!s0#G#Y6>GG8E_YoL7;t$RhiL5W1TzACb7TlE&bkO5skF}x>Acjw&GOcbO$ zBmJ=C14Y1V4)OiQGz?=jS}luP*W(wj0@s|RePVpKG0M%5DxNADGmXKgFnfn%Z5RF_ z%`eE*hna0H>6VAdiK}?9m{l}eg*FJ_>L^=qWsd=5v%-FA- zfYB{uAIYJQ$jS#nUo5H{JZZV2D#PK^rN`|)nbIPEOT6|_Cpr&P@oWEOTB`Ks)<6OO zjD7h~T`_9n1aEnQ&6cSADS9clSs%Ok;OkH8gEiGi=e)^Do_8uw?-`x5U6$$s^fSnp z=uu*PkKX>nZEGSR97~D}c^83}zD}x;NK@4OPN!0QF=^iIkg9F5oBOz!pZ_cLFPQ$8 z{Nh2Qh^P7(9t@qMR7li4_f(3&F)luiCy}lR{S4bZBR6XuKk0^5E#MQ(wYL4lu5Wme zsb)~HvVnxym%45poks?`b~2?7Gk_P6OZL%<(Uq2HI7g2k$VBhQphY0{X*#9y{{gK)QolM)y!A4SdrWx* zeFuk3nosl#v5+1yN(Fml#wW$$D~_phP8I|ci_tnTF&2L^HR7WY6piFv?6YHd^J|e)a2FigI&j>r3#ONM0Y}Sz%!5)vssT z{FLSpR=owgp^a-M6xb`sr_v85ggSAbPG4f^SAK;&0FwwiX>cxe>(5>cky>Lh&cY-) z6&lT=QQTw}jTCnwDh$$UJtqnk;KTscDKv2aJalhIzbH>CAs=4-D%Yv8fn`NR?YK8m z?XNV(scQ_y)ag46fpv*t$=Xsqu{f`X#yCLUVd`o_Ws3WE`_bR6I{HqDU1ztb+V1Wl zc$i{$YHqY)z?+LXaaG)zU@J=7H1MK8w*u^2u674vx6r79$oCIHKyv7$z6dZ&IGa3v zkcy1SnrB@1V(f@E0N9^|Z6J2A-);_d0$wU6EP?dn&liW{HTXC1Aw_u~}HrM6o zMa>~N{t;K{=K>`~iYRH0R!t+Z5$Kbix5YQ24$GZ0shf4jP9dqDL?e%En@=M+~VnpG0Anrhl6<5p9Mzk=Y^WC*|Y@YU4F){bE<8jq@I z))mUS0L2sHSr$&lhqq>AirO)*tF7qg3UytCcl6w~X8rA>|1 z69a0O!FttEwHYJ9T0?8A!G59m+En98f@~8)`uf9cbNyLQtZmU~RE@UHHR&ZnZqqyH zigC9KdtVZHo3?&c^Gr)GwAk3SAU-wAv?@p8F6>fy9Bvk0jbPkmm=}fP=Fpc$nWl#F z&l{DSpRYxsxtT%R2Im%--oN7T-1I@<@)+I49oux2?y}ZrLUl8Z|GI*8m-Qtdv0K=k zuQz5ly}K<7+|3A3+tA&D(B0gUsS>~Y#DRTc1aGRz6~lO+XDQSUP;JHzuCy%^qO2Xyf-bweKP^RsZKA6@=dx}EzWll?9yQ0VkECQ+&AyT z@@z4`1*XZBqJGPoy0*~Y6ctqs{!R0rr$hi3qW@FG0H?I02STmBVC8<)3vrI6#yirWSqZ!YM#bOtvY zd0f7b)*gOb-s5$~AeUl!S|D=yIK75wt)KDt!4+KFf-c>1naQG#3!7{ozC4&wrp~mR+#A2B49z0{~|5 zZb5c-DGaDx1dIA(D#UIy*tEcjZfaRJEzzZh zx^r7WC|QkI{F){n#FU&&k$E3?4aLV+slM6G%F7uGmY6MqJej3QKawOp!EX6EcE;v*<9LjPz4+TQwAQ7JsX}wU#IN|}r9#X+c>QLkmphp*lN?AXDe*^aAp>3~out?~) zo43M(7cGqStDGbY&QT!!YD`bn8HVbsCTq+d$&mOr|JBJEen{ zQ4;bNWRzWJ*)!ej8q+I`laz|RV0A5CTgz9LIYG{>s+2aZO$b+r&akxCvjUa+GUJev zd@&TSmEpz$F$8B*7);bcA`dbRPT+xw3^3Ft&oD7#sQUZtKv_RSf&(soaRS~XA#OUb z@C_h=@~jjbP_!_QKD9D)uk%uX-8)4g?o^#duF`=DmVta*q{X>G(F8M2=b4e#-#ei- zJF)^W6)Hjx3B%IfTphltQV9cxlggmQxBGZDi?|$p4kt{W@>1lI*-R$>I;e!y!xO}K zWxV=xecJf|=YUONyVoB=*l08w;L1mkA;CVxy2aKiKUB^O{7}gYChlFr;c!x^v0?0f zR=L5Visp=!QK(c|Y&9HARf>%W(*H|~6l$3bfk)gsL>rjs=Vo~ffjJe?|2k}ne04Cw z;baI}EyqJ63h8y<(zjpeowfJJP6_woC5DK7yu~qypeI@;HSGE zOKN5~W)b7^YzPLCgrZy_JhK{7maIyLz>8y&MSrxHVo32ll(GJ5D31(=i^SnkNkd8d zQ~SkieyywijOOZt_b_cIx2wi3cbO%y$pi-Z6`IRpuzZ2W4Yu1@0YTiq6;PNuD`pX} zjBz%qHzjfI>KsxES5xv3n2ki*z{kY*5Eb%^M*?{gxICa-K^4;|WF7%(gnaT)FgjIX zl@4!>==SusS}nxg3TSVp<&+P6iYU0si6*+m`polt9C$dGBwPHMq;t*TRIVEBY%o%v zg8hrf5K%ls0f+vZrW2 zv&Mvcrm-5M-PTj}C@n0d-!&AQjGffPFEJTpY`St<+!HHvgaT0{3}tZ11h2Q685`Qj zpfMw4PISe(XNXH0&~3#`Ix!pqr~qLGCMZBuvim4LtQE2b36z1QF^+s+ew+$Vic`gA zB04hdmdR(tU+K2qk~N1YpThM{nBc#0hE4kU^=d>&tfatL7Jp+{Z>cBcv z(>iq=LDwu+P4d^Gl2{kwkM9k!3)YRPNx*P(C5A+3pehsb2)e_COIG5M8lTZ%ufIP% zQ#zmk6^BhH8DptY0QGhbLoD@}Y`lS4WNL%4wjb-8I0{MrzDIPF{bFJoU>^9G#Y3!` zA_RnNUK=HQRbf1_^P3V(Whh>pfki*FCMIN|nU~+DNb+#8wW%k{xnEb-mILtH>Gk`| z_dgEv@8sr)LW*1?x>-Jh_pL^|1*COQO6*Yp?;-ZJf+t`1;@4ubLl)-eI<@7z(}%H{ zO~*P>O!}EU6R!(F5qW&y_fU`3FH%3vC( zQ0po|TUq~0Rq}mmQq)#>tz~U9;#7X;%qYO*4B&8c zI2x97kD&t{HC8f-`;KMRe3#;Z0ECl|#;j^>NdJnESaQ2J7jG}lZh_bEpbVx1r#Eu) z4#C;!%?0@Fr;GOjf(tqH$)qubEQa<`%mnt)1ntMw55b$W5AWY!oZY@T0JoXSR!crI z{D)QT09?Gixd2UY@%~)2K)n4pnv2cjhwBgTN`L?vc0i?;CfhEADI9?PH%3-$zBvT( zkCymh#`n#EwWrTALzY;6hdUW#Zp35&-tODe?=Rl&X5V^xpn+90xm3w22vTruov`8!1u+l0{E69BDksn4WfU8KD<$d4uAD{KpPG7RJsA#6@T((p zZjpz;!Jz|H`i_+U;ere{*`8%nMVzU$aoPr#&FC;8hp8kEA@RfjP!a{6L&*roQMSM8 zY_BF&gc+x*BVy5*8IvQsk5y7QWczBLjmD0#xr{x@deRr2I38xM;El51W(lIelYWzS zqwFJ9<2@aNldcRdg`sVR%6}5d3}?HaKZAxE!^UD#`0_=Y5v_)Q2oZ%mIlt9We+vmv zf3t)R^;cPUj|`q`!(yfIAo`4hNj!2oAws^n_D~i_4lZs~5^tHrYGls9b1mH0+gzOV z?HZ|bs~AKoGCW4HoU}}A*w9 z8DE~UTd77?@0*T)wY)3L{Rh%jS-FMC5Ee$VD=SHQqnHNrz-Vr*cDs3{A?syhZX$9l z;=uvqFv!OkFB|Ik-r*^vyztK9{3PsI&$7G(RESkC=@vz@$ue)wwfb9`ITZ^ILto}% zXYycxnOmj|Ur9&g#E=SdC6%C8kFTvpytAKFXbKJ{h-Jqi2ex{PrX(O#XFD(l()P3X zBt1T^Nl2}T46M2N?Lx&NogkiMj8i^OP-zjrlaY1{3+#=~Zk@rB z_6ZM)Q6&7%hE6$0!9v1dT4dDbf_}G$ZCR?Jrp9D*#$HV^CuKE z&IDmBKH)8AS9?lTGLo`vwB#kR8$p=rT-mmp{wlle!t4-b1en?zYXJCJ+8Km=JI;1pd&+35n>7a2e{L5=CBt(G&!;m4@xjSY~Fu}p2qk~P2)RIudk-A<) zChMQU#_x;-%W*WD&1S#bmH#%I&CI{8=AhI0ORL-Kx7*ETzt#Rrv)yeDx_<%9O$GtYb zlH+i92tG^d*@e`dVvbxMQ4~M5>N8GpFp>4ubIg7D!lL37jQGnjp|f3eUK2mFn2~^y zzu-vbDDz2x)HO#IfB2-f!Y_xq-4UM_wb$xzy1l0npQ3;pZj+MP7dN_K*yM91KIn0f zP7A5`R-;CQ_y{Iw(k;`6MgP5PNcg{ZfxHDn?ASD2DLa7jdK8%hg0TleBnj!fnPBL<9o;@)W|b?K{`Z-g~S@#8Pa7cuH9-Ker*$*ir+`Z7H-(p8=D zIkyBa2q+9ZG6SuqBX}ls<<&8MIE6tpLlnC}H3;B1xMQ_`$3Aei`kT;`_NP6H9ptPj3vOJH%f5c%mNefo%wwMJeE3Bv6ODDCU%c4&G?&|n`2}I_% zm_i2ZSUr-vTWqYnT;u?mWGgcm=;#6is8QOh z)blC!JQQR)0Kl%?!c-s37M21ir(JGY=`Gj#!5^UZGP?d&_qQH|f$S(7-mz_!V>>U>4+A4YjA9tnGWx=~&0?Y;6 zAMx&z@r%zxSCY-HO=R44T)j+WOq@P*hu8I_xVU!7bY&X72$p=Ou655nU%UVo&Fk{H zO%LWfbxXcZbesP$wGf(RujOiJH@n9rADAWa4)3Nu_>v(=H;i6zEY7ZeS<^r?%RVpz zG0Tj@3QWgh!BxnnXmwkpl(6%2#3AJK7>NQ`!?5MZDUR>W?et2(x@T;Ib5{Pe3uda%| zI1NMVqn+=*Gm*+8dBufvczT#(UuWeLbpU2ygoIS@q0lFDe$-c)nJYSFs*cedphtN}Q81B1aud#5;%ZHfu3(A2Z5^(H@81tU)+2=J%4xk{^Ql@&CPEguFwDW*L|DO z=!{sEh`MyKnzRObsX7Gw&PX7H^S|wWmN$MhK7TH%Dvu6~HSA|J-vx~?U%u>u{{bV& zP`?Wt?_fdiKYvb*s;F5$3}58{h{d$D|0%ArXfRA{gtaWbq45DS;Vzw9MtRGjWAUmv z0ARm12_As5LD!t&mKdfXb|1-N~pW74J8|`2|#2xxn#&X0=7Y*&D>~i_x{8A#mCF543AS+I#eU4H0#0~&DcMh|7_dkP-i<(u%n+6zNA`=*zwY z*<7^&ng?>y_1x=e7K+7gjRl?b+^p&9I@-6kF_qful@T?Ch5O=+_+IlYOotI~}jF-P)ErbN0!e zWkVz+aZC{$0(7?~p8MPH!h$tcjb#qY70h6bgkZ;ILhur`8Q4^yuN3 zKZ=#!;gNK;{|pImk&k%p?L~y+xsZAb9*X@AuN@P|2>rwzw7eM+|+DTMUMwc!gF9lO_@wii=dT_g4gH6bIbm z4Jml{nqS)xFhvfG2?7K!ks1V9^ywkr6(MzbC>FHfLoa+m9N@QmEl6D#dO^u8b?8r z&N@UpAKNSd+?9%>wvU)pHuQlx_j$e~_!CbD}HKwo7Q{5yMs@qRx%{a!6EEGd~$|%Q(eoCbWw5roM zN)LAUeX&9=95tNhs<}~*7`2=r_~$QZMGSBz-L++q`T-;@lL54RQ{PM97S1)GDvr_9 zF+?xlPGzbhr&hGLV@U3V(0~=oP77Zf6BZ%tko`(sH)On0`_?R13rQu@q}g)Xa14(f zXwNVu*P!k23yu>18SUvy@qRlv0Q=}4_0@9TZdG)%_VuZi4vqM}FwrWA9k70}cZJ_< zxxd&&zX^nG;F0WWwI(!9Te@XZ^3JN~F5$D)h`nqyibQjcVm|3G@o*D1I3?&|l60|Z zk%~HEA>~#m$F$33n&)~By)~|iVIUWSwpzPYFAuHs+k7NYB`lQHfyvmq_Uu%=vo`mz ziHXWtwO-Do6~#xGpk9%oP+yaXW*m=wS&%<0&htnJku3(!%b5V{UGD z%*n@_Y+~GPA*j;XFv=>E6`Z^I(M2)VwG|0?&*{A6h`?pKBINR9O9)^5HJtxEg(J1f zf!G;piE;ppA}}FQYi31XD31l(0oNv7jT&?Bd9h_XE-rUt$;}Dmn`CPZ4fvyBc_8b8 z5INaaL5+21z<3q0y#=kGtp+Q*#4Dv0Ugk2jMM9s-68CSsd);Z6s# zX#xKt?1jqdFpV}$Qzw?&C2QW7jl0_<%S?BBIT5ky#Y<}@$1cx?WA!Ct)x7#H3k9@Si*=D|ns^vdr*e5`P8#S^m+x>e9Ll4+p8ZM=tmq zczTjeG}ZG}>zwNFGW2`|pznjk)fspJ4{=AlVD2NZM1;UO68_!}t2l$6U%j&wU9;20 zEIT7?DRZ9&?JqFoq4=|J+I5^Cgp0A<_Iris0=u~lVEs`-5}JEt>Ijah^08OOomKoh z_5#rR@1Unt?I+I#yjfPaUvSj=@8Fl=<)`xr_+@x`aW=fY_;`K#-vQfi(An^@gy5I@7_-g=}Q`UuH112%k z&u~2AuqC3RWbV$@iX;D^VoPOuDvA!owweKWnxg*-DE0W>_+K~%4i7xf{gS7cF2H?K z{hq^lue7-bkY?$!sJE1_&}7J&Fv5?XivR?1;Qb>;;4@swYydLm5>r1!lPi&FWQJLn zNivGhpFgWsN*v8)LNSpt;1I@i(dY0i=+a-GFUFIxsvzC`I26%u`hcJ4sRx6%rL-3t{9Tl;BTC`ULJr{tyY0$WB!!1e6j@b zTViveTs6xNXk|as#cSn`C;LI|K4-AdPxN0T?CmD|FKD&h`5q0MF!pehtnI)W&bFV9 z;8!S&shdm7S-QD2PLUJ&B}iJLrRk}G0f;f86CoD`Osypy+#lciM016#?l)x~ z$!$9cvE)i3$(3>I8{@TjeNychX~pl~l0N6?MqY#kOJF8th6$16QOFDCf{e1xs}4T z7ao}+kp`TuXFP5uxAyh>xuq)Kyq`!%MLXmxUTFNVn2QP3>!L?dxZ;2>$A%&-VA}uB#MD?8D zpxNeN+{@+GG{ueCQ_@^&o^6ZY1|mLu#5A;WxZjdPuxKk&)>ga;*GO!j4F{a-P?6$5 z6MQ&xsOA6Ef~KZ^7ZHn|p;Cd^#K3 zR=pjKLTChGCL^k&yUA)k4=3}YWLUHE}3?lZFU9T$);P5N$=og zhyxVR)5ME$w>x*YJ13lD@RoAQPKBx!5(l$W@YG*_w)NxLqhUlqWAXdi@^(cj>+k;s4|9zoP_zFZzdb(5@Bgol-oDx8|K3Wm-~Tl(;GO6J>%Y<1 zDFlBYg#bUIDDrrAq^>u4{fmW45MTVxxW4?)JId>JfjasB=C~05^Y!uj_wRP{e;Y;T z3#NTcpnni$cyQ3gzR>nD!n5oKJ0ahlkYCH(XJFn8gnT{vN z2}$vP!KGirbqZ9?oX$e6u=LAJG;;Db&>}3dJ@~GM1>F{x?~nX7}$Q*{>M<*6yivF*T0pkJLUYA&j9Err^7 zl$wDv_>>;M0h;*4=77(&lbWA}5@&7+e-)s1m>YbTHELlYUQ9tR)Sn2uF;0DZff~fhI!ib%C$=9Xk1L|(5!Cf&(EtU zl`24lpu6cwZ$04~eZJ9f{6Flg4*RnH`Cr;-mN@Vzj&ufqn)CmgwKdn4h~2ix&v86a9JIKD&PDJiqo!0#*#>scD?xZ&@3%4bA$ll-g7rmk<9n=Z033x^$2q@+Brqe;{aVo(+e zQ0G)$%O#BhH^g3$U4(?X8w>k+@dApX$L!fJ0Ld2{f|pyD@UkS26TuMOdP{_3nl;XS zwgJe{PfMsG#QBhi$xNFnAJ<&c7NfRcBs49VH5UvJNUkw=IQ^nVH|n#Ddrra(}Y`v39Ko8$K<#rwb4Z+Gv% zwo-m;6#~A=?VQRVhP%0mtTI8g^OL~t4z88jp3H8C$BaUkn{#eT2Kv1^H5u{ih(Mh> zF-h|(IR(f3NWnMgYnz2l9-YAgLD%OO@dNDtQxSb#i6B0+>TiMbF;gkG^_%4JBGI0b32eT zf!R2=OY6tr8XPpjR3nEKfZIf(NxEK$-qCkuG;_8p0rcAT=#i~15i`Zw~;5i`VUXosOKwYysoHhXCOs!%>8n^Xl> zJRIs6yOR((-58>@J-0YVm-E*d#l9}p-N1m2n!s!c=V%=JzK95IZO=NsS=d)o90qW@w#3g>a>4Lkkf=vIZ#qgXRD(UKG}qw$U^Lr z6g;{L4U0{7H;xcNl=mZc@gC^OYCWT?z>&HN`O2kU*YGJ_t`B2?U1SX)t6T@6+Mxh% zz$$_s&mv(_`vI*a^AM~0qN)i)TefE%mz`GBuidbJZk+B`EyX^HiW`vfu^ZskQM!aZ z#6F&{CSimiQwj);pcl{_CWb0q;bnrr@P57pmSN=K$fK)~4+*)JDNCiCDE^eQ@mh3X z3j=W$$c=pz<(ua|Ysbzv%-N9|Q5r={FW?OHA%YGXqsYVV1UWcxRccpN)52%ju{EuD zTb@N}B95(ccu)b zi-R#rT)>EWW2k;Fox;{c8I)W_Pl1EORi7uYQGDIFhG|q=%LDNGIo&nwh3TonO)N)X zLmz`MtzKTo6-y#Q1jmtsNWOOZxzfy(HC8t1lk&KQ^A-T#fWIP{5>Tde0g#EyN6$xd zk=t8P5_kci3y%N?5>$^(+OBq)H(TnaeybO})l|row|O7TJ~*6u!68``zV?w*`0|wd zHvmoucmhz7S?POYl2Gw`vGHPwUGVPc$i%?Ke5gu$!IxL;JVuJhhy@eD&wVv5PhoJL zVVj-rPZbQb9c2L7_E$9t`NOr64|y8`PA6D+peRm?z6&XQiPELqO)EK5)y?xRGn0a$ zA$|@Fr7ijg*as9(cuH@uUxBnyszq@yB>bB5-~jYsOmVL~oU_26190!Tpda6#^8bDS zPr!*O&z1~&pg%jg*J`E;HtA~8hJN&c3o@MOMC(dn~ReV&Mrofv051>W3`0}{ZHEHLfmKKq!^f1lwv;0nTj zKd&GF;0uiA1oR`hF#9*PV!?W;>pI`s!na+_l|LxrytGf7)>i)pynp{59J=W7kSvxh zhs)=%?^23sDPT z+MeUg=b!evVsauV90Nf9bhDn;Qv(@^r~0BuR zL50wMDFp@o_2bRi-A@;n=Xzv%CMAdn=dbirKa?=^%9PWbI_rVb!Shot{6gfJ0>4E)J z=%&QaCMRPEans#u86K1tqCG>sC_ah_idwUg$;Ql1yi-U}(Suk!UuQoWd7{4argHlx z3$LTY21nMRc}mVW6b9~eRd=dP(Y`q!UtWxcw-+C;@2)%@nTOv6}0LYZDv z2Z80*o`a-vcgcwXWi~#^=Xg!FoW@c_g|dtNLxF$YEkp;}%UJ!&B&;I@goMr3jneIa ztO92d;Q+^EgqQ5_+QYM%g`zY0uj|pzHy^J*ewy5kK3-j2+*Yp>yTNT2#r3DF90Zca zlSab_@p6(uAY~6}D6~qTjV?b;ZqIM-hU4+w_3*0MjKDDcJMV5-3Bxzwf@d(YQP^d! zqw<+ggUZGA#qHUTcf*?x^%JY>zu8Py1Dq|3ze1m#2`qvC>+rJ4naDI+m#D-V4PJAi zV+c$}Hy7huajdXnCX1okO}~^s4dJemx0Ums4A)eHn22502D7Fr!PStj>z_YPZmrQt z#*qL1853$dP7?!yVYo4lj3U)IgO_K+aUF@zuZKTgp5K+KY89guB0bOxaHbOZE)47R zpaRiyP4rb2lMb&PM}F~xXTiPEi!b&S->Y-j~L6`spX@5lB31F~X0-$@$&cbwj>qXT7uQ@;5iI9{1wfO2B-fD5%u0VHtIpN~&{6_9iccY8(&*wL-fo1X#MH9Y%jl6JyBIC)y0M6+A z=C;~=S>XkwStN#G{&N0btw%AR+Y5wnP((+=pFAH0nggI|0*37X8yY6S-b=%Y{HCzp zT($%D=5kFdy0{r~Jz6VEK7Qb8zSW5fvK|LMo-^gX%FbpOX!P;=`h0YI@$tI;ke!Y- z!a;x>@u;-faAy~jRwJHy#Hk;&WJ{E-FTDVbh2CQa=H~|NZD3W2g>O3;{5vd?&{+D?&^Fp8GbmoT@;S*p@3d_!4)C|&QX(*=fUGIFe;e? zyKw)=^>670Qtff0c@?G(GPp~_9pez#Vgng~2AW+>4$Bi>ro7DnwrBIaS$i^MMQ(aXfBfX`PZ6#Jl$^paBR&!yrr5+D@v`@OSd zJ6m3So)|<1V0>?eoR#CFpD}(Q#a&hY*3D`t47JV^l-k#)8k>alVD@#3+SzI(9h^$35YB&|LOa3HL}0X)6YE-s ze^EBHjamJ3gREovFJMy4II7f4rZ}G`57a(0Pr7XW+&tH^>9g}vhWd`4o!9mIhkbVb z)xE$@DaG}rEAcNK%)j>fQoR`bBSz7xA40n5y#hU{Hwb+z>5ivq_*)$fOE0Tgtv@AJ z6ma@O53MsT0WETp{Nr|2D3WD@N>K2iyJ?vTo#7=0WO& z6YM-7T9gyU%*#f;tR(VwuE(mz?10YCaXqFTyA`P!Ek9@oElyjTCI7ar11d-DfCHZA zIzT`A*UAL#0~o$2JD$byrDPM@6U6pbdqT721w zE+LchSY(H?=I6FX)LZ}R&hFZ-4YdleT{R|-70(Xf2GtcBrEcKFoYC0T@t zZOLTRm!N9+%>MR@n@-NW=oI|chJ1>Jz5D$l*ZG<`kX5IlqUGLNji^;2>XuSs2m6*J zjSWV{WD1m&*9XlOSmo8A;aV_dh8*-uIw)3#I~!Q18M&|#k{g^(G5KV=9eXCc+-V|fE> zfW5H(^M=sJ44ouFvsAzOr3~&s*T2P;EYxRTRe8tCH2P zgOFcJy50a6HJ>y9&~XqUSJ*9T+7S%qsCrtnruo&|=WAVO25vX8jK?PY5TrKDzIH#s z%7|?lCOh5bj(q=!5hg3Yjg?_5VFEpI-`6YL|7mm!1)hJ~m9L=S5Cwf0h6FkNhd+~kF!zEleJ^0j6FGDi zFj6A_{=+|{$>wz^8R3vTI{gKLu8)YgrY?(G#2>Z>vjFoq;1fY2V{e8!@B#o`*W-Uv4Cn#@ z=+GGYAdIKJM;6zZ-XQ3%hOW!xv@}C}17;rbT`)yH{tTwbfidqKseOO;e4lAWA($dB zm@{1}L=HtRAQ%T=8dKIH*PlngG{O&v14i%?fkz=S2*5M&mz0}NWvd0HAvrxfoO^T; zPuY|mW-PD%=@Akma`^Vo@7|s43AIV^1N6fMEUXimbRYHOfWLX_qrl}p<>XYRg4j#c zZ@LQ6DH!=Np(wf-@3BLp{QDGK`xG7v%i3k zd=kBg5k*XQLI>o68IE{wtR;aDh)oIm8`A}fz&LxA#D_qSC;(G5!x8Uu^<9McO~~pM zARbet*hk)<7#4#m0^B!?@d5N7xVIK`7P5a&apIaHhtY<2H`oJ4UP*6U6qk$2r}|;y zTaj%3RbEn=s!3rqM^rdwl=`h!kfoqsLh3Appf$*PD{=bVd+gU-I?@01YF}Dv^uM>S z-@h*Ce{bI%z2E77+bG@Ye~OKDr~7rM`<0arlOk18)aq2euTx8^)lAzfq*nT>K#}#xW+DGn{ko|0Da-!!TxOoXEV>y zyo4zBqivC2!KQnJ=J;sBwH6!tN)usGyn(?Sk;Ez4^m`?erbf?<-^Eym71L)eak&^* zV_@nd)toJGOf~L=#}u`@0?cd(BZQ`=1o8Z|!`aLWJh~EX3Lh)S)^@N41j4sK3y1ir z8;fxD=+z=Chuw3Y0YLsvdEZLzDPpYYqO)6dfgC^$DWN`dNPe$mD_tj97wY|EgGHr- zA&7l-D(!br?h(L2+{6Z|^xkOy+#L(IT-G`N;U%IA6q6|SQPmN!=KObZ{N`QZ{P*t7 z?)DLJ4SIJy6e=kk3i z1*C$JA16IJkZ|Bc2#WnyRUtxdU^;v}o+1iU#R0oX>QHz1L))ic;uaZ3-lONE zIdV_I4EhA^72Y=W!FQ=6`FF_|@ggAor`G2<{WbCG&8kQE@BG4?eOX{auMz!>qlXLv z_VHpo%6}MNoMj)PI2iJ*?*dA;nVy30ZrImhu=qP_zFZzdd=I-~V6ppLhHJ7RqlG5uh1`lN8Ewi!MEE zOkUGy?~&7ocKSV9dBRiRBl*74@S;b7OY^E{+gp0&>7IeQ+xWZN_!Az&k0^>f9xg1H zor0(S`ZJj0cKvhTN;qHUR<@@6m)3zw@n0+dU%x*t`hUNB^L8iyw^7!9)2Uv1L@{THPCTREGi;rV{&&Zf0^c66~><89jP zHIe!4OO-oZ5fr04T*dSh-1qc8e>IKje9|=0+Co#rPt_Ss6Yx`YNh@@_4eui^6uurk zWX=6Q5Vmh|Q)AKqYWDv(C+|wUM5cau7ni{RLn zNiSA+k^W`=?_BEqL9%?0Uxzj16x=(*gx0nl{2C73&8&eJpS zYvf8jZ+ZiN`jS)M##PE>#39v_Mk>GjhVqAZ_03HJq4J(o%!wtpTQJUTI>a2$e9ds{ zL@)l?PwS#TXx3aj`a(*#aH$q$pDM?%Pn9E~z9{kkQaLEuoX+c!g~I%`MKDPxV)R)w z7zRcL zICItRl{1*t?9v0DIi1Otv`(|j&v+h|0h4&G{#*y!3HWCZ#~X^Vrs=oGbM?Ye1+PRo z_}>d-9MCb-(yI9g0LzaRgzE7k7!hXLCYosS(eE`*3>vsY{d| zzGs$Xrl_)H4iJ`?2$%VpHL7Dmt;JY;;!aUvwob@+5wdiKV=DS^2AVXz@MeyY>$Wnj zl#ruOsCb*AJ(|=aISA|@-A3nrQm1G_x^FQ6f1D+eeq(zCqH%<|f_tZ49D2ikpB{$D zY4?-d-t&$r_)!tpGGLzl%K~>VI7_)0K@itz>9RJW7&_n`K_i7p1a zWWrAVr*QACsIr?bJXb27Gj81r-zXF6;CabHm&WTFrqncl6Pe}izyZa)ER5MtYwHPJ zecZiFA4f{oB}i1C_0UJa+J^AN)Rz$?ertf|#f&|G)bHhqrevL;C`TXY&*D`H%FGc5SK4<_ygKxSj3q7s8S)!wb53Jf?=z!kGD5{QXwh#jpE^tQ?N2&BJQj3MYiyl(I(bilc zxUTo{c;;irl4or{lc$HPYGRgm2-!1smG%A=YP z^X}rn`!6cefctc(nkKq;SG4d0(SzGVY_ym2{)wBa8X3EyuWBw;khdr`C^R`!pB@pz zF5~;y0!HLj7yv*B?PFqjG#_L?>yM&`edK_r1HEJ zCR%=FuR;-jUzG=}=C>1rQi;uxzqv>_ue@Z-*_teakL|}!DjDCECqyE5t=l(lhMVuaKNu6 zivX^a_&Cyh^ByDtHIV&F(MBz*zV>9DvzZK|ws$o@laJj|Ri$pzog+9&R;Kv7O`lF? z`14pKsL#Pk>W%i+SFuW0pSd?)FFW6r-iozn5V%{2zQblHPPX(`8Oc+Z1pcn7L4X_< zi1p|%86T1ZOdC9aY{IP|++i^c4?y2abBP&RvwYUI1~1cKH7!PzF3Xx4-#wjt_}g2X zd3issX2XM24^W3+BbC4kQ{}W!y!inB%oa-+5Ch_~p8BH8kR27nhIj$rSN)rLa$gVj z)*g4p&(=QaH}RxHOt+bRbO{*r{m$F<)%EQBC$|-UbHsX%H`3K%94eD41_f~AuLEpI z$IZ8qls)&w)j(Er@ebWAC5RY`PbCHIDPB}^l=8*bOF`5%Vl4;QM-#2zvPTL?Q7Hf1duV zo%Dux9i37AG2H9F3I$k+>V!FIVS6)*!*5gopkda0fQLEC$T+9~>$SINO8&m0+*`ta zVlW-MaO-Sf@T9Fg-lC*f-uE%W`(Dp4OY>CZyICr%W$tbv+vs>6;b6INBG8=<7)p)bQ3bn_$(#U3H`aOI{AD*8on-l-R_?R}rzbk;yqs!gmjW;^fS_c@Z2_?zr5AH`y!4v30$+wmk&S z8C~B$G)|Pp%BzInV8vZIOv%`5G|7gckXFDsIpjbc$dmt@U)SLlg{go}KHEDn3;J)0 z49av1FYI&=-sH08tF;vwx%_`%I5r*5ZOQ)lvO* znCmaQEM`kfG$BuzE4a;^I&)Tg-x4W-;HKdu4c>mb9AywU(_du-YcUh^3YCip zJ$p60U!tL%itYXp+x;eDFDmjc&IaOs;%r?Btgv$#sr~!~*&pdCFm837wHD9A-*=YzDt;ZfJjS9jgQjX#E6H;cVvtL3&2mR5(xF21CD=^^Eqjkv7_=rZ2 ztd|<4APH9M!0wwD|BKaUuH6NL#=f@#xWw@+cNg+XlZ`idVh7zme0YQ1;Ok&*g`1+$ zeWHVwGfI2=jnvo-CJK?&#fPX9Qj}5=p78MDUxib%aY4nq9EK^f^Lh6b1 zIu`XhHrAeVJWjkL)%m>V>s*#SREnE_!%z^|X{3f>}3j4Fh2unvA}#^V1dJ&7gq62zVq2dt{vf*Ky&mB68})5((?>mNAl?n;>4p5{%m z5sTp_(8BP{x^mQikIvd#MSV$^q~s0a5GX}%%JG_} zeH@2bp@L6~6)9IYoWC-5#{2k}9LGuJRvhHvTG89R!o2u@t>!^W8@k)xqiq(EC8#_- z$BcMTa6PK6Y$bV^C3dD}j1D_NR2q=zAQjHS&u?LwuPJx?uI4hpOqBoWTYH+)vGyVf zC{AiDh5)WJO`-x`QkY!u@a$d26<=xlxTdM+gI$tGNg=VI;S-zK`OPCJr2}Wgx&|7w zKSA=Dcp_C7KG>PFx()>x8`j%dlQEFgx{Inh76x1#8zVJ#JhZb#F2{F*#$r(iL?TWp zt1I&xdEOs$omq9AgN((dO3JTx=A0*J87BvI2K73_TKL=o6k6JZW~<&qLJGRWw+I>> zSwCd+FC8Ycg`Psw-EIU0zrIlzl(2%ky1gG1E;_7tFz*Ejcy*0_w8vhrIE-HlmS=t^ zj!*U-+kUUrV=}iJnYTMIVTw4Zrk|~omzmx8MNCe`)qkWNnzcI^c01sv6@LbMY)o|~ zslzUNy_h-H@?TWzBK!Z3YTG$%|36UePpSW)+JXNQsulSUs;&QjquSH|C#nr(7~KbZ z-h#kdh>_b5dv@w3M!Hqn4Ab0ILGO8-k(+hJEKp&&HW5*BWnDKJlz)1lZTBb;i96^&U*h#IZo4W| z4i-OTrfc0>H~zL7XpNSs=E{84{xS04b}ZqZW#tn(r%(L5#&6-5hnHD@Mzm_&5Ib5q zmM=k|pP5=V{v8vmYe0wq5&^~?z*a}k1iKcwh59073j4g{XhXu0^M)XHv9*!iuKpE) zYfYg+OyLT@()Nu0Ead762F67UjaYg1;*L98+yBdzxoTI;@p^)q-cU}mZnuO`PzW}%U2ly z7D<3#mjkmh=GKz+GN)!!Ac2hEM`ddZb=TreZdGXo@m)c~QPi9;dVlBFL1Zo`|IzWl zwI!k|q-jgU0Ik94FB1Vvl6Mwe0p)@pKfZr&r~Ur1{=J=d`Nv12QdG1Z!jC|7QkoQI zr}nlUff2%2)kylMzk#IRy*nj4iqb0rQ<~>XMVC^5>J!$3)3X%y2CMSf^La9L54q(QBq)hWU}(Ypl(9W*HL)@_8QY764^ig z&pfu`!pcXf{-$?Ny99FC@<;qeCqL8QfDOWn(=Hv_#+Q%ypc&pThNUnZ8ju-f3Dvon zv2{F8$sLava0^jK5R&VH;_C6?g7qphM3JQdl5s4=x5DTC#)sV80I{XFEUrcCw_f%@ zD!#`%2kW!FF5e$!PEZwTAA^GzaZ%SF<1Y`AyiZ-Ry{YHWR4KG8$Vp3ZW`vS|-0_mL zZOMO8T%>5e=rcdHJmyK~{`s~sjbfIoI$SW!OUH9D61tv%Dh29CKNCK&HWQ80fb_&T-|$7)nT6FuNn&{$)evPXP;h>HL@?fcX`guHijn4i?bvXd&NkI4W_DxRoQwr5?B01! zdOd=ZDqi))cB_8w>|BEMU4Ae+nPsU+*(*Aa&i0Sop7~(4W!kF%K1%&ZQeUJkLF0z> zsdfKJm^_T($l0#;c$YNEK$Q#VDa{-(MVz*$j0JoOu-3VFW8Jk*D{zPh9=A_c0nJj< zEGP-?VFmq8rzKd zTv$PZ>j>AA|L!VjzFuFRaVb&0g3{k}Rzv2EykA=0AQE1BZK)&?y|O?$TOCa>u3dL3 z$X59q%B+{*TiR>aM%{;?YVUX|3~I7zPG}v-DmToJ9zt9KWZ1AWobp5N$=Xat;JPr> zvTQM|U5mBV>KmC^mllm`D%rk{c(boggmEVLuc)-++B<}C_LYx?+7IW>&|WEhGnlHb z4<9|>kC*51i4O~U@oI(9Y?M8!n&UM|=W64(*TQXov!>MI-Xo7|xWaB_y)M|Q!%q0k zQ@(N0w>__CEWtbyVya&(`r>WXvNI>LK2HjMGfi!f711A;?}ufFA6NHpSN}lsIs8zE zWJfQ#AanJnF;Bp^07b}A9^ky^LFzYlEd_un|CkaB-mks~!X?P+jSl$}%2=2Eb2^p! z_JVC*sm8$X?|Ccg%7!7c&$#*`%$siLEg3JQ9oeW&g@U7xkjikn*!gp-rPjUrQl9xM zd2LxzcE?xMkgWArRTt9ZM+xJTMNluD_nPePQ$83CtT8|o_ z$|H@>!0k3nIA3T*$(@~$yl~xcsIwg+K4e5k#mt`c$gO; zgkOsx12^u{NE{8rT}Zyp#(etYrt+1SRX^|<61r~p!Q&F{aK1cmOt0)TLBCz>p1rI+ z1$;gcvxKD-(2#(PN#N+2P)lnM+VojqNnMFH2@-qOxi;OmfI`~|T~kn|fxg6_H_yFi@6E+i+*$z$`C=1VjNJSMc}29xz{|SIlm3hhZTI z(kRdcv}Fw!clN40P2AKvmtlW8?xPt8colYHN6%_u`0EGsqfhXWV4>*y$8h+-Yr>ns zwZb(HfjOak{tarl;r>&^sh=Q8ZePa*tjc4}!yAa{bNSKL;n2;@a_uPBJ+REPj2{Ag z=XE|@?{)$5Vce0uK2+a?Xy|2CePrKkEzdt09&zFnI=^)Z2ncuwC~JNUUMRSqd>(;- zw|M_96hoZ*P$KG!Khz&y@Xv1_ODiuDZ)B8#h$Zxwh0T6TD=PjQ3ib;qU?@^BI3D0v zb?}Dg>1){A;ILDZ&cFGg9$mWE(8zXuw!wR%40>wmx)EuzB#HEpyB%Gf7Cb(qi~KlK z8r_AN99dg%UN>NTd6-_%?{OWVc8GYQXE}XvJg*y`D7cFh7UAt6mR^AKPK0!0hk>8~ zn>fB7jAu#SYttKa@z&AS*1=@1S~?TKILiIKJ^5h)Wem~K&y*NX3Bf+ND-*2bA4Jpg zf5BFn6w!EMBW1GOq0(p!XMiJ20?C7xhJrgf96G_9(my7b$Jf{2-a3LIgZvr>-ThGW zQ6Udo4O@_|!gmJS z_(^(VFgeze5D69vuponIF*>mr+3U!n$oe7DSk$kk2Nd#kiIAHGQ-k!J@L;gEAO;pa zPN8q~0#e3upbQoW)~wfO_Um*lzp!@@0|1Q)tXGf~@AT{~g#7a65)*D91U00)nlFJk zJKZ`ZM72t!vO{u8+y3M{g1$NEaoO+y^<0UlS$f5u24x@j-fN?L)H6c2s@-KCZ;r-X8vI8Q#s)f8U-*_Mn*{rBCmZy@JFgg)iDsV2eoO0;(4Pl26DF^#4>Y(m{@|Jii>WB5$jL=_3==Js77|e=> z^1Sh2L5F#S&!K}M4`#;>P;c8cdPW-Qa4g@(=7hMWFq8Gc$>EuY7P7#=DW`Wo$~SeFPZ;GP%2oVUd)GuaHR=;jjjr`gqp zip^{H-STMfHCN{hJTH_y99*Rum`FWxwJMTv9-*Iz-6l>x$j(2J`5=N3Hnu}gAmNJ6 zUv#(ke@TbO8-U)|50$t>KgXbeOBsjA5~2b%G&x4=cDtAWX$lGRMkj)-|i z6|LDvCE-LdHE}8r#AT``(07aX2qTOmJ^$*g43=>3%flTeqMb-X52k37kd_-4D`_E( z;LON2@adPNIhDSj7KSWr$-~^)=2=Fff#=XC2~vG{PdhXCWj<|5Pal8DCZAzoLwm7z z9FKfj$vofs{5x&r2_yPDzA&s(C6K!mvJ0d9LPIyhcaL*7FkH4ir%)~;QnEIaQ+tFW zmNS0nqKYr@<$A#H*P3}szN5Yg=b~a*FVE6L+Gs}9se|LUW=QFfrL-^z>=uK>wO4w2 zh0XWJvrSXSIgjbNVBwF)X5t?N^mNgAF(>1|>FleS9GMhgEZY1YyDoSgh}vP}hX^+g z(#*>um`dgntD1m5xC0DaL3K!HI-Ph0vBZU-5N+3fR6Lp*PJ>zBnm2NuC|9tal_CS}Y(8wi{rD25?1<~Z_geb2fh4xi!~k`$;b_&wK=HS~ zn<&2>JT!8;`Lp}mG|TOeXiStLIA$uOa(doDmC*D zLsWPlI<4^ndKh|T^8*m4`b_}v`!m_hG$4VV;mQn8ze|w%rU16bLyi*`3i>H9GkBCR z;_H)8XX+(JAW)s*pJ)|FP4SreYWIi$Kc~N3*WxwQx$IUGdnr4i8RtQMV_}Roj#&&| zZ5ms)OU{at1fwz}jfA6yJ$O>Gxk%Wj5B{hkOJNgX5PbZJ)|nWe$OR-=AUb81g6^D9*h($v|whd!_ST4>-_kUlOw4)R{XxaI?{cJssvtkmmy`Bw*(|pbxHYDUFPZGV5l(SP3P;RQ!LV?dD>*6Kg!-uge^3)AWxp*5`p1ZCUN5CxO5c^Rxiqx zA&XvJ7u{~jl)~)4%*}r=egpwMx=dvDzvCk<{e*)-f}#Yr*>V{d+`N0VuYCUg$;rvn zX!yzVxSqi?*G zHlmhC6M{B&Hm|&NCJ+Dt^cFcmAR+ioY39p!;lr1wnBrwO3vDdu_{IAsqvLi4#AZR{ zL>Hk_fD}i&JYC{eTP(*-T=$`GT$mk}Czpd3gP;W>TZR=fph0N$lDOq%;=~%~GyBw1 z3`9vL{=DpXR(s@h3D@F#QwS^;k{0Ub_LaPk!Xrxh=O49Q#f}$PesI!`b}q_FKDG5Kv-=iZ!`nZAm{#;0t)${Bcyk&0{Vv(uOXn!WGTd^H0Iz+;SjyjeKanawUD7iSP>u~G^i})|6LrtxuHWur1 z?WB;>c+YVo?E19geBR6f$)Gl+`Uz6r@q#ql<2P!H%U6tB%yB+++H)gm;EJ@^X_7*G zI3sURUtBb-qZrM`cmo!a(VR&{ND-8~%&QWvzVuhqS#WDpS$wazQMWpV4sg}TRIV*T zinNfYf$SqRT3}2|$rK4%%?o4W!kIO#n&$JOh&SA2P1T;sB^Lnao zZE;M!Q0he%+6HcvIHGfILTF^ousP^M4_kIbF?UYO6347LhhX5ftKe&M$9FIc?rCdm z+A^)$hKc?}jf3Mm3eLyRl#hr7K+GGmv#^Fd=I}`4x@oqr51Q(BaTZnb)*)P(lo%AP z^(?fbhNpn^=?xW|l=&7K6#jNGv#ru)&SsIxF13|uv2KB}ftyp_eMiR9*V)#VXr+?V z-9cqCMw-3+LS{yVh(qc@KuRq7Fq198a$QH?KuzKgn_mX@S_HFnz`FMg#oAapw1+F` z-o!p1D*yJ~py%-W5U$yfF>UYqqAkY}BbauWtJ}W#W+K<8r(P7BpD1ad?h%co|6Bu8 z{)3+G?h1@;1oa=^wvKgV#<4kKJk5(BR0Z%-tGxex3{EV4%hn@RUF-M(7xA~;y=#t@ z2}e+U=D{h`)ZcXPwHPIsKNtZ*;M;8>N?DX&mVju?q`V@}pTnVcC!a$~fA6chD2jF9 z@*14$a??iQCAfJCynCInJ!F$NwYK?BH0f(iy8 z5TvPfT{~Bl#>{iKp6W0;x%eF>^dUvYWrcF) ze27Q>YazXo3X}4LsI7)Zt&j=Z@K?#A(pVvLy2g8+FL2ti$+nd~EhX~xs}W2NSb35y z)$5&eoFdmDP}WCK0lt-fzBr6+0PJpONT=8G_qV^}7BR{W2#4z&9{cQnT)2=K8Lfi& zg0mD|o!RE#zSWsw>DdsEC&yQJqoEO@E=f+AeGnqSoZ#5ANquqBK__tL3AMBR4exMG zLDRC(%MR_?vyn)S9vAa?p~0dH347K%y!B5^qgUw*nKr?$Nog;#InmF%XiPvP8}pQA zuOhyaNa>q}%UJH0!zo>2Qdt6;cwv3!HEs!iCf0dDW~#wS+;|SFm^zek^pLhSJksArH%V*l zZgbe?=ax}M_QeNL#u^IcjYY*RMpvvu!PX+_o6cY~KpuB5I#hk!MpxK$pFyvUzmGx|eVLR;h;3F>F;ZEy2;?Fj6jGahnNQmx; zma(||rf1aIzVry=H!JoCSAEVGp>}e4+Uv*O?PqiF^B7yOl-C%D`m&uT(d{om;7RiR z=-2f*sfA!_y6`swak<3=_>E5TpG#PheMd5Nd#~#^-^z&T{yc(R0e`Yw zv3pTs-ipLRwhGt-by}5nw@wQ<3W8rBG#`k>HoFZ1eN(wF-|qQ5U!kpIF0CZVj)<{k zje{4&f#^@?x}9G+vLr!k>e3etv@kK;F;#Lty0l~#jYc$_VHo^jShV`4O})jegvX2* zv;gP6B?gE_?xN-QPk4?VPp91wqn&I@xEe1mM|yrntKT5I7Db(6c_d>vAe)L%jtr;> zMkY0k4!+=>7{DBIsE|zZkpI1N|J=;nI0ucBSqQZ4 zan87-`$SKO2Z!GiZ{`H%Q#U(sYfNNfSW61M_CdM*9zw~)jiCeR%>j$3uxK|abd&^C z+b{K-j=IsJA$ceBa3!itd-M*XELy|G5CH8SRmyY(OE{WPK((=txf2DFmuy-Mdrqw!RjoTyEE>NW$CgZy%B$mQd?7oDSuz9&rzP- zxP}Gm>-|cRO2=wLaGwnG}mCM4kG+Re!!=nj)*y9Yn2U zC-&cs-uyJc_K@dKYX`iS8L9QJyD5C<;pw|hm~o!NN|>;Oq-JJq*xakT6nS`pi|wN_F9@L4hjjxv~1dq265 zn)`Ai5m7AEZp-odeogI2$%GK_4F`MD$&27S%Q^xCJV0{v*hP29Et>oK&^iP%s&lGt zKmEwJjtUmtZ#k$sb6!g|xG%;x!ja$?_a(~aHp7p1R0nD)z+!sb$cpatgCuHa5FRZd z8*T$*l;(6#geV5AXr}rDe9gx%)1icA$J&BE2=uSF{89~G=1FmLZBzY%sBIzPT(F89 z8yJ8)cL$h(F9o?yw}wuFXX8*yftLBES!oreUITFV>=p^8Fco%B>Id8~GXtKgF5$}k zTgH5U`Cb>eA04A!vvg9Z9ic@*7DB4(Re&c^;{SBnaJ5Tti<%@^o2unyOM6TB^ zURGa}JQzR-M{P@YD=I62gza>J;OIBfl#IfF4Ykw}>BkHI*X#cYS}a{8vP|hgb(C;k zv%VseDLQ7w458YzvA`a7x*2&!!}W`SiLTV?K<`w~3@5m<#SI!Vh2aM}0*KQBJ_yKG zgy>9r4(^&TaS^bE1{I2m!@Qm?aLga&vD}y96C1?E!0J=f8b&)ORCE`I_+ZO~0wY;C zSptSvsF|wruQD|is{|yZ>$=S|uId%LXxS6+*NLLYtn*%yi$_Ho7fwG4jY1&@{F9Oj zjB`83t?dZIz4Z&Y|J!dOkGB^*A9xFqWq{IDhlM&1QjXv0hqi+e1pdxLHxlVa7|e9R z)!jA(6d5&LY*XGsuz?-e$_qbPLqKGS4K?+W#_)~B3kXmYr3f&uVhN9ENY ziiv)i>FLe=bi{soIZZ(ZuD6jSV31&bQ3arJg}vg+K57>pgD z`sZ-Cua*@p5?lU%Ue|kS3}E3}$QI*Hkpp>7Y_VS6t#7#d^ATyYrr?x03{oE~6<3MT z=##u{N$PkuN*9B)g8Pu~{g^WXwn6JUo2XX!b6X@j;L}mL#s|A>Dbg04#!3aG%-1c*11$S6}LA25`@cKp6w87 zZ3*#V^I*QW6cpy4{4yMo_+_S+6S@G=%m|P}#w*Utm~et7&@5ymnTkmNv-D};wd#?r zGvkUW9L)EZN5|mz2FxJNHxzdDt6)G!kU>xt2tOFlvD|iyad@+KR`-!sNX2F*SJw5U z)fs0gOIbS^er={5D4pxznS-u$L*&*xltqJ;l&ozigb$r_5z>zQ;a#2lDu4*3M+{6# zD3evuA}9ED>Zk7B88X<)7`xCApZ`MsIomKL@(SuxWbILXM`HSOS|m3&a0YY?`01*2 z0J8xG>+>~_S-0}uK|G^@^`74%^|*4FKf#lo(Vi5SZj}O^-=68&g)060#7XgpWs7CK zTZk%R$455=PMGcYml#yg3}1gPA_d14oZ`=EcmP(bgamBkqWIV1_^#YI5^OoLrOkBI zWDdD!Dr`w|0ywh%z8*!3Uq%)r?>6fag|@zR=^EXE;2C67CL-m7MH&wMPZ!3kHqm{* znZUD<0o&ustwdo_o#{o(-{zu4M%DAww+xxn(MYS&>v#xu@o_a18jq-^87-EV&y~dZ zM3go&$O}uHr3p&G{0?_~*Z~wd)+|zvBv*5HWcC?) zlukMnUojBnS|_m=G5{gla1+3$JxtdN0|`Si|I`wJK3=g-J__^6Ajn-n-e-O<0~QJ( zxL>kLKryQ15mkhO5b_)O z^hR;+H7D+w7Wi5O3i0$`r&SP?Mz!TWY9eZEMv}5qIfF{U1f5p^dydL}IyR5k z-*B|q&1pZ?S{b#{h@mhOUsJfIh-)RU5-zg3Wg+59RBOpZWQi9`Su7thednQg0y1Wv zb4ftrL{Na~*zDB~QhiSWL}EH7c+o!<=HH6=Z$Ff`j{nvSQXa8Z1cEwTwesiMG~7gNEdKtOAw)z{V~O3+0U#^+b#G8)2GGk0 zD1L2mk4>O17CbZ>!&o4^YX*Zu`(0970(bfpgdf3f952aRS5iYf3NwJ)?F2RT9WAn-> zl5|+ob6wE$9`cy9leDXrVjrAb!TLlc#^7=Pn>+<$L2ht>D6y(H#Z^9vGr|?SyvWBk zi*$y@P&zJ^lc=u$-MiIkE(wARKTby(_cz4_;T(sn^!stZY>(_I?F_fSG!V>iKF}fB3x?lE5jsxfO@)Ri!Gal#VMRH}r>EZ#h#C#_`Jf$-f1k zqD>FENZ}Wa53xzp^TNCsg``I?DYk!8J%(EtS)!RVS5Bf7>y<$j6?jkp@~%&HJeN7xYpdupe<;i3C>KiOwOA?mDa^Thv7=qc z^KE*U3GR$JiazlU!kvtSt2X|T@C{9ZK40D+>2+QKsK1cQZbnQJ<@fa69G*CVbAjez zWlQF_q9y-=KUQra=gOC|gMNV+u(;~bMq*%s;FHX%%e_Y$?S?;B*6$&-UED-ia zsREsXBu!CZ1TL4lurl+RLhW)1kXrL9BKvZ?aoTp5FEN_b#gD6_D}0atSYsrl%BX$A zv)MS`1+JLZN~)`oonYH1e;M^Yr_Yb)Y_vUFw1uwA3SAkfLD|twsRnP0L5~dAWC!p3o+@(XXegqpGzz)lkriyLG`# zt$S^zABQr*VC47j5pLzV@kfT$RoR?!n`koVGg?3jHZ(HQQI)cGYf#}-oga{@P_XE6 zFns#jpX(LT)(!3Q{$1toc;DFl+}~y^?-ppeh$|`YV7PI95%S>0)(Eu%LyFd;aD>Sl zf1w!##Gw2b(uv6#Rq@e!p@O{3?(HjHLs*bnuX2=G)r= z(cdW6!E(0{5}^6KUd}Okdkk5?Oo)Ypgg~?_1pMOGU1&^nx2aR^NuH?f#GHC1I@x&r zy-N=+Oq7g3lQ#+-qozIhRfDlA);$zQ=dCasAbPFpU1vuuDtSTS1aS7*1_xM=sHqgM zIir9!UT|W}HlRb2*6%l^ch4cjaJ1h7w0Y3%s!?&s=L_`F8~P=e`znP^1F`c(b*Ng{ zMK#~b@AJA`7Nte2?rdZVhaIod{JAiho)~obe3kmIbB)de8-~PJeMB!igQk`BezVa@mxRfzCXJKa-b+)h z%oXTy(xz4s(q}AOf&j_Y=iW6t_`kiPu!J0uOw?=(2~$}VoA9r0fsgMpwYy#XX z`NxF-%4(m*<=3Y6w`@kSydSBSc-`z;EmYvupeSD zgVe#~^Ab1je$K;sFkOGyRG>bdDp+7H%g>na>o;QG25fD9f^FEE0h6dBu^WwCWQxU$ zp*p9wch}X6V{`K}u}SVKt5m_zxyruvaAjc2Y_1gfKrGu7!C2+|spN{Fs&@d!0uPC! z4mU@Mz6HQ05%rWA^-IjoCQxnCn-d-_$Swx)pG_k8+HDT}*)-VMgfa2nze(pP~c`#N%!p*QVIWZ{P%cNK!)IewyL zel=_T5+y|>zc=wAPJ_=%*x8`x7eT~YrYy>o3aY97W#rSdLf1>XjK323ew3P9b-!>f zN695wsL-0>NfBieh)WFDlRmCYc1qvce&JDq95zXgFB7@8Mex=6T!u=e@?l0sv?_aL zEqU2Gqs&X?Ow5*ZXtr|VhX1n@E2F8#Fq;R3Ynh&< z>q6^hsO>OgCg^xfEmpsebaPp^9M{!lezHrKQMUGXjd_V&j-bBb6u{NFyKU;6ym(#C!kP~tQtrL!^n{m$40o=! z&McL2Nv+Nl>&>k)aeflGPlF?kH$#`d@gU|EA_&7*-*bZO#|{HIAlHAl>ZE3#$QK+m zclMj}TcVKyNw)@_Ll0y$lsy+f^Q?zUGC=8jT~Z3`t5P(amS! z#*H53F%LEwW*WrMcj{QaM8C$dH+ne&QN?Cv7b-H%S;#XuFtOA z!&*s&@Rx1*@Zj6aOZDnH+@V{)lHpQBDC8;7;!_98qC}yOZCt4~+(Haw{uF8DOyJWB z;Hot+`+UgP_in)whwimEsANJm?*j8r)@uR{)}OXQUoNJ;K&NmrJs@soziQ@2fm$ML z7IeYSTIZy5I>cfkb}4_pqT-PiKKOMhphBZq-a*E5-k+4;PIj$9;*6V|tBSBT8;}Ih zy0dL`5rc9ap{B5z#0<{P);2bHxk;8JeXRLwbnnQAl|MQLL1;TY8B8-7oB!<&2iKLa z_@1nBa3)$25@#xUcE$=0S^5YBhhCj1HWWFeXhRf~|nujFi;-Jf~ zc?}@$2fGp=YjaA-cH_HK$IU~Y3&=O8HIO)|3P#K1O(skIn87|f(*+K)XL!cjeyvde zaY6p1zc#!O?0(qzz?2BY9_#ubk`pV^C+ZSarqJrm8OsfYM9rIor-%3L0OO9y^c*{6 z5s4>?^O{1<^kg$?oJ^29UFO8y@?=sqnE0M#2D3>fC59+m4R)_bv=rA@3yS9p1iWMj zJt9a+>?HX7&u|Z+El7wDK_7>WwZ>SExbuxyjAqx?TIJ*st19pY~t%Le4z)qo#VJq0)L#|$0;1-he3s-q>_Z3sh zzMfJ$`NcKbFL^08Ir4Mva5`MnABmQo!7R@QTMm=c5yvM4ra`d3d?V?qGl!pacI}js zxTTk4!W;v+LN#4*s2R1uis>WZ9g4K?4?OXHBY^eDTX1;YT7uq(orR?9%iM!H>o;F* zR-UJwzE?83s>;ZcOEmUdg<0$9=p6o#$qQcpUa+H#WXsAxir8EY0|isMY;KNeEJG`g2bHDNqS9 zm4g_4VretbBtuVqXR*?x40%g(W0+pOhy-k!V_tgpuufm&jv`>VIUn#rAOvLu&q6Jt z0g3@pylJ^hHr@K8QKuAp*Jp=}AViuJjAjiGi@Nc?NFUGGO5cKYPo`hgpeY-uc`0&j#G@=DXMr4 z-6QlTbbjOe@UARH?0Eae4Va~dUL`gY&ONrpV3w4qs+zx#+<%vUm$sT&szM{QHLZ>N zkr61Wv{_XEa{A#sCocXC=!)Z1G99QUZ0JXdQ`j;o_XQc3gyTD*mTZlU+%87&X;yLp zoaG?&SMgrSTChki9BAXOh>fB6_j14=$3n3KD*CTn3vTF?! z6d1=eaeYj(vW^vfXutp72O>fCYjcQCdnhl3Fn~d;yZ@<(;2^4X{RK$+BU4$2#ofb( z?w&tj$4RO(oD2fv;)*YJr8*V!V=?Q|cC??cakJu+VV#`e8@f)>MAT`bFlbe7_L?dx zJ^XuCro?FdRDg9{VESsr)_b89X#U0#NTitG-k?``XjYGF?o2Nm`oO0 zvXH74UC!SoVEbmx#pOI#t+g!TTH~oF0{N7|`c_(!KXz;Rsu~KFh7AO7meP1EghNT$ z$rwm-9LVkoojEO3g)*{Y%nfd(Pr^hnT^9s|{_7(H_7F7mG8z9e#BJF7j&mFvQYtp) z1Ti>K$EB1q&4LXTBb_@&=`z3JL@mrhUQDW)_kb&um>2d8i-}PDwLV)J5tR}FAWU&m znrbiP$r%vxlsBD~xnPBMuDYN&SA_rxKEr5~5 zXh=EGQNpOaz~yq)(CaFaXBc5V&~`+@a$spF4wn1Dr zspl0lp`}amxKnv%o>{jHf*6wbk%*Q3qt7QFcf>z`L?2<{fIt25zdtI5m&Yco+wtVs zpFKZyoU`YrS_W&?NO>iVUIW54_n*4*t z)GO*93u&`Uc96=n4MFgq7VO-&+xUq_1a4;-prfJ!$VKtGz2dKA-ct9R%-iZamgx&b z`iZ7I+tEkBr40c6f!Qg$VR|8@^}qoym}NGLpF)`kvPeTxP{t%CDGf@r@Un<|>bvI& zwZ#)~5B#nu&~K^x(QP6DFiC!8wpiCX6s3gZ_rZ5I$J5B! z0(U_3&CrheciNy~5HEnk;ivtnc>BtnULK&s=mO6;2 zuy|!4qEcMo0QGnG_M6dG&K2(1n*JR`9;ASETZU8#0v-jH6rgX{tXp~V!*X=)t5gT@= zSfJA_S@2!emR;H_B$q#*MjfTD8L}&Vzqos)a=u&I@`VHtZ23n{QYtiwQz8j;Bu4rn zM;|RO@<$j^P){TQ#5jnhP8gJmG7<+~_CqvM;v!`^;W3Gf$?`#0-xAoxV=pEbp2FIj zQS4z)5*QZgy1(D@|F97nM{J0r;&eFJ5l}o}0{c&h2PDQRWqb!+5H!Vexd&2S-i3t) z-aC>AV>}M10QK?XN3jSvjoXmlmoGT^zPZ$w>fU8z_3sgqV}bhBZw1^hi{Li4Q7U8r z7ELaxvEb!huQ6+?(eQHSeBVHp@9VUxy>gmHpo-I%hF7AZofKMEJk5t*pn2d+<<+jL zc(oR*tcvRFTk4}>J+mjBO~eF|+i_?}B6gvsiVl8Buyknywu+T~^b5NXYS0ei`A}8v zgFM-ViKrdZfxNW6a-{?2=z>I1*(m`kN)tQ{>pW%`HBVn@i<-eP0=c|_bdeiJLJS1j zZd9AZdQKWkro|x8g2HlNLMVXV20zFM&%_T$Bi{E{FT1-!*=h;xAb=9$$AXsI%hp@2 zm#vlvafXMOOWeZYf_B?V)?2NX1in0$zW6ww4oPYY?@X|Vr}%@$VtwRTHd{4A(1)W`)yO0C4(pPzutfQossJ8gWE0?=su^8Q3@J?Mf@YTGKpE`Wbu-M* zc~?g>k6#x{Zg~=qSPF-y4CO!IDEa^?-!$hL zP=itgk9I>U_*OZyuja-i^M@qEewo%~Djs}(@2X@x@7;m;!I_N0dG8M1yH>B>yO)=) zl)-PsdQ_%{BJqy#v}K)EKxPSY5IEvb{`97rd& z5>;}O12R;JLXv()9RlC1j3JQ+s8n{O7M0F-8nPdSlqV6M7nV26vm}Q*cQH~2k4Jf= zXN#P2Pt}fk0Fmz51tBr2FEM&+EDq7Tr*JtUdMOARlF5V zQi5K+JU#pQ-1qy^aGlWcL>S1LjztleG0SP?n}APZSVrl*+Rt7Y0vR(R z_#puM#hjI>61qN~0>wNjXsbNWVU=hK(}OsVB17Vaa-0MKn)D*RPc7x+_ajIS~Vo^HN7rOY_$lyD-56M zw8hO{37D_jMY68$Efw00iex`4oN7vr!}ujE)Q9KcTHWm9PVphmXze3Q<#*AW%16t; zBGtFEl;vW{pD-r4&v6!Ug^E}V36A8-CHsO%nzB@^xm{awH3_tcD<;@??n zqDk#McG|S4DKfB;)8F?$i5~VJ`=5OD6Q~4|IhfJwVi|lXc(3Tx#l?l~`(f!=PLKZM zZmv=FC)qTDJ$dX7YMvFb8W z;il+04M;2`;So#bDIHHT^yh#j^S`0p-tL}eC&y9cLIejLptpw!4kkoH*gXX~~n*$~ygL=;X_8}mwm@F6x+0ANFiyTC|bsilu9 zg>dFLe;4FZ!;S$(81hIK;oaxQN6%iIKJ#|{-aj1YbqsfOnDiOLxek(s3uy6$nACWj zD*p+M(M3wd)Y(Ctjj{`z631wkCGu#TsHJ+!qfaqVvtM4m zK0|L0PfiYBoE<+qMK4d#(aRT4kI#-@zBolMe?o^Z{)v7)e(`h%5ehjc$fpF7wz3qQ zB$R}Ot4uepkN6myBEs=F7jtUNW&}=bRf9qtFsYRQuXV@&)BW=w@UVo$9!?TY0`L4U z+>6IF{^Ti7jb1|S_;vY4E<0V=6M~)cMQ!wYz21}kefYQ6>s9~l_xn%&)Zc&nWOujM zd(z+iQ*ZZifA5Dsq26r}AmDC30f{Wc6^4XvRr2@|_8rk^#E9j_A-p;H?4JOK!+6;)vmp zcOy1t+~ioD;`H24;<0m1<`9)Ua6Hv5#}h_*LQ=;=8JQ+RS93fx%45(}98dSu5vVA? zzNjuknDi2iP@YCB^vaRdRNLx8Fad6P&7zE0Jne2f!eASqNRFd3E06Zq=H~ln-RFAp z-wKsl(8dz^-|IiA$^ZRc|6cyz#Twkmvd+&y}#j{FNVJxN(WI49f} z<^PAD(?rL}LEbKBYs;~JYcV9v#Cth$XP)cLf4z$F?uWvg;%7-&8Z4RrKkWAR%JYA( zx7&YwKmTvz`TV*22+inp03I)4hl59UD##K{$N)X+US2wmDCV3H*rCQ?@FLr{W!-?| zeEy7R97K6YkSp25w|E1>BzytDMcW|_GUT3>V^5O$H0@F^V8It?Zy%p)3)kL50+eEkd#_z6`8qS0j~ z5(i|U;wYy$3ntH`rLDDP`FQA@%m?W6X9TBeE-$UJRO5uhE zUmYzkK@#nVCeRo3N6s=*{VJ-HIMlB%2pvzd0qQ&YgI6C%*!H^4I0^taJC3piQAICD zs}G}qaH?+OJ0t1T90~Y_#&W^vU1Q+Pn2E{mB3I6q8yP`4c(PA)gvcKV_Iz}ks^{=^ zHL2lS07=A28LH%$b)d=`C8&zt3uvFQghgyT|COvkdaF_~0QNhe^2+2bRh9T6`z88P z#ORbag(i%{VHkH=H$l)_yC2=khR5oCPgqzH`vIFKEGBVgSPnAc{U+w7ybaMs{u^mv zRKGOQO+bY0K^Hw(nT8fxniLNVVrXzsP|!tw@xhd>A!b#9es)kD`Kzx=#YhNwrezMq z5NSbI2%>4xOFs2BDtbs2Yo>?l_A9aURgq^xg4_$ZIfw|%`KvJszp(f z(l{F-7bi(2M9fqgpzpYAQ@+-mwX{`5?1OVM-$4&RUH1)vrq@bY!OraXv44z zE-2+$#XzcAzqNYcAK7^RTGaM66x~28WLvbURyNbZO17!G-7jTHO5uWYvqP(c@IuPd z9Cl=fc{nDSzuK53>U@NOR~k7^rZbWrv1x)+g51CN{oTITbL)CfJ0JKR0}yl<R^cK_-a(D941+nSU+5wR>hrFtI?}CW#ym$1=PY#k}gPD z{5u=2NHksgHhF6(l-1QprHgKkJjF4{6)9v@SeZ!u{aa@$p-60$P&~sK8RZdQSxnhA zZj)51>tBONN?TizK)Q4barEM&iY@qLK`^COD5C9&ufwp-4gdAp4L6C?jY#2ps@?Y5 zb@JokQISD$#aWdOaj=HGx&C@D8_cr_OVur!YmsnK_05s;=;Z0D1Psz}4f9K9 zwqJ{MEj2eswZm7(D&yITw8IJ26;>x@c6BQYaOo2Ur&+p0OA!UnN zfKgQ5Q8^jRJ+kGCAl=WGmo7pk$l2E?{RCQ++ik=3%qba@PvGQ+14aagh>gHAJ!;1R zU0$Lg32@GdgiPbHIgN2nWGJ*QOJnr+J%3NEK5z;Z&bPRbymEvC0u&jsJPuuX;>&j) zJvxJw2Pv7d8RTgpI$1)7BQ}1>;r^6q9yg7~qem+$)#?s;3)j+ouqfkx-k!bdd4K&^ z=h3_W@A6-dE-xRrXuCun^aW+?6z;l4YS%)*0rpwMZC~40_MiA{%>OG-Al734{+;bxY*pSF_ zzT>>+cuWRz({_d<8iF$LOf=Bzp}|3IXQ?Q}Rb-V9cajkwK$;yl_$GIu6P!)_jG61e zdOa7p>IP~3#|sFCaYvLyAykn?y z5sQzy7Z+HMW;#dPBxM(RkreIf3m-gmWd17Jd!?>yR2K}iu8PY@TI_IENd-X&zcU&` z&_bOG_Wmu7!-o1=WAs%5Pyd*|RtJXd{f7sDqoV2H0J-mDeQ(VvdUkU1@88+|CFb2?$$oXt&?8Cp=5zqhBkASzPnX)-jnR- zK^h3pjEgF-&xv25i{Di$so0THu{uM3k(c4!@9KZU&&KpWnKtVx`rqST|8Z6S+q*yi zdppk>`k&=>k;!A!r5tdreuMgEGyy&wf>V$h%Aj%h5sCl6X`v_>gde~ab{OhY;*JhRcUI(&fK|Ea7scApO# z05$Zw(s;Qi^(D#uj(5M~;y<@iwmNnerX{>;zOQ-<68!oQS8-UXsiSTpJO*|*BP284 z$jt0$J0wX;AT8+tu1YEMc}n7tq_6TQlC`*YN_7@Y#-u1-nUY5BZ=IF>o%V0Lowhl< z%9Jf(WvS5CdohIoJwemz%&_@H9lNn7fK4OM#GBSyI6ydoYurn3{l;li{^gXKRtY4% zI#S6kAwoxJ+l~>oz;s|ds$>~dFfBC{Y#;Mh_Hj}jW2<9{MdWSQtp`4NP&uQiSZ zOkSHA8)x;3$-9KT8}M1q#MlpB-M(Mw<`6y z@`S6e>X-WViltfcP5r9+r(ap#XbYxsMEfmyNoC@71>3GI+A+1e$8qK(cqN1|+GeRr z%hE9kLR72*jz}>kWPpEY_e)EVg@J$&ivP6^fFI3=wibDAi~4gdo_@ z68vng>R&-H=xBsj3W_VWoMkLquVyjYc0+{JU)GM0s)b0w?b3^bbtG}F7GKft(B+a}jj`0|Fq|}C{by*@vPe^`E$1w>VJ4dlh z-at%NA4M3ux^qHC#T9;bYv$7KT#Q>+YhqhwKs_7G^1&6bf0LlaGC+7%Si=^i7H_PU z(^kh9Tf7Te)w|SER827dmCR8Iv|A;F%FH9T!crmTSE{z8c=LLV{YmLR~(3cOXzPY+D!oL4OW)+(Sc*#b>sP`CrWRZQ73#w&`bqwr7{q={BPMah>l zlBP5y=!?+9;s8C_gFor?G#`!VC**oTk zedjHa(4l-L+7Os?a|D62X(@MRVKqv##Y&?HnK`y~=DZiDqAYmA5)yQL=Xj)J0VNP~ z$ikvMEgW1xcQ{5NkXP6)rnx9sGbA;i=#Pe1yvh;OT7i}5Zkvz~Vig0jGQV1Q8gfV| z<)zc$T6()Sf>kaoL6hyS!)%K!#x$dbs>XedMe`F4hMh83lgomd^Gj5GTb#UWOV`ZJ8fkw;C^Qfe`v2qod;ia^JZtFxX8TtTwOTe8tecu8N=v2QP(4-Wo0{Ct4^IxuW!IAk$_oY3q-?kLbq3x2sfsLw`iLr!zKd2EQ^fht2BoL}HHEH>b2 zL^G9-_InzS*mW`>ZRy_2c7dj~;jqte6?BwYM4D6rX0?6iVrNa( zk8KT0^+UW>ujobaap;eVuf~<4m)d;xjYAvt4^ziZ_2kOSIB$N-X}E_D zmWa=%Lnim;RsdaiFB;UG%6Ld84hUvAJIyf-i$s-Dwb8yOo)4ApeA)SQB=?InmpyXx)6Ve`-BNJ(KDbRl}#Iy-G(7dWzo!2xnzWR7*JxmkH#h=OVo3iCl1)qs^0v- z$XDGrg%uBI&iYlVDAjc|&uGN`G0A=<^Pf^S6;j zS*Zs)6!VoeZL9a`G;^X>F*W)0RXRXMSEJ!t7&S1jeQvLc3S5eDr5l0jz4Gc~^QPfC z8F@`lGa{DtvZ-r<+Hq-|=jAhQzS7VtgMXT(rYGAGyC5mr7Hh|0luR({cRKRti+oB_ z8lZj$ZRbf+FZD&;t@FWco4-(=2b9)ib6W*6CZA5^=KWz5J*OG?tlanS-&(YQL-1dO zGRLzNJzf>Kec0SJlqgD+CLEvSqftZ}r(UzrsdZcs>P0@Sp|=2JbAW%zluT@fZ3?Q+ zIpLP(F-qCAa;ip5#vR0jdVWDU#7%QVGj(^ERB`mmsmz8IEKRwXtZQGYcHXFiol0y? z=TZiKqqd;ksTL?-+Xh_M_F1Oz>CyMBo7<#f<619Egc%$ZVgBy>_+cZ&hXZt&j`OL& z=Am8vA(~Ro)p0B(M*TA3Z%6B~JiTyZcUrh+CIZ2ky5#8GgV{Voy>st8z zb+32p+1&nr#!@^cS2+LO??2hE?f>83|8+ah`uBg?x44|jK}T@ruTi!tt_Vbd;^3LN zo-rWJyKz>5;$or25pk8K3Kx(1064ee~)#aaDJ8)U_$KYIY9Ga*GFxD=pk4 z1-V(Tr9N$wKVT!cRHRecTGETFT}B>ye(%0_?VD(98)8{qX|yzB*4mqU!G8CijmiJw znw;7Sutfg%p7egG=6~$>_wMEYZ9Hqq|2QP6*-?-iHfDQ9v%;c4>V~V7Q28#UhNYm{ z_-P=K6cx?}VRyaco$(JRO{$gLd)s#KbuCndVjOFuBJdHZdweQf)OBM>ab_pQ4M7gKNBvbQ#vB|A3 zy;pCcj;CL)C>L59wmd|sj{0lH8QMEz&*Iq|oa$uO>ti<3}S8Jyn!KEX&a4*+HPsv|vO|cr_!oehZqjt8f5%k@%Z?V}~3#&}_ za`?OW@Sw7@Xo{)PG%eLa_$)YH!yauSPvN9wMu|L_L*k64$~(?R=;3$#p>ioA8Y7*) z|H0zT*ov2QTf0{aWXc?3eK=_Ih?X3uGckTeID)JK5YYlRs&vq68d`xMB^NznsVb?Q zmoSAO0x&``i#=6(6_#s{Td0Kcos)UL%!d%bw=O4^+N%bDs_sKfj`^078A&<$RlI~f z0r;s(mAT9=S{>x8#ZdT-d(NFw)PlthmFQ8wzHPqH)2=2Rx*Lk<{qt3xjp_dvIE`sM zZZZLu`hR;h|L+g|d;R}bo;CFUw{nCL9{|xgl79paU7y;v!2=grDI7ZL*5zt8hA%Si<0l%2$o10q@5ApOeBl$k`}oPg zl@~IUIw^XOLXwdnBO%%rI=Gc8;_`AJ-iR`nmz^D?bd1>KK9U!D%J7(I zj#47JNn#a3i)W06b!w~JkO?HHgy2vT&uGeGd2kAjXS8P^QnVo{*GY&Vh!^f@@>DCH zXvMQiI+pL^e$Ds~c{U~gtsuAVhX8Yq<1oc?F<2u1ANTrCD*oTyz5VgmdgOR<0Pr&OVw~2!lmu_H(P`E9fD*EQ21>))}h>fLampp2IfuhAR)v*5prkq>VbGF*SU5P|k z1af6Sn;LjEbBnI5H}+b(H4pmggQ4N9FbcMBuzf^y#}?4ORRwSKl|)XEE)6aENdFh@|XLN%lqeM?7t~aDGrC)6}ZIy`{Bv% z)+ddxAI)Y{`*Y~@6#VQZvAPtxihw(?r5v!2d7`IXZ7heZpP+oAn95bpRTXK z;XIpM+32glYBu?B8cb+Lf-FxPchRZ{S;ec6@@&#>I#%F_g;rE(F&j@9%UVpw)cWL> zT5W(MmR}uaV!_DO>!tOVo3D%OpO7S?0kBA0cj_hTQ17ToTpguWv$#~S-85D_;)x;N zuytI*pxhfk(q@#a9LBFPT$6=d4ve&OP?m7$)C1f%?S#;jt`m8qZis5Uz1@A8K+Kjt zt~D3j1w?3>RPEf?P<{m_ENa~VnVN7~OtJqKN6soM;KqD88&n2X!TSo%91XSs-c=kq zD}vdu8%K9yjd8!C3#SdrH61t_>>YRC*y41ZIaX5YZqRvigVU|lh3m{SdqrAjVzt!U zuwzcl-!(?IP_w_uQ7zD4GNQJWY#K59{nvHF-HiW-#bdUr|EJ&EuipQ?x7*v>zxV&# z#&aeAj~L#kKmIu-X1=&sAkVB|W-t`u2q3wvNBV#$t&rdIR1s>4UIQxRY)%CF=eQ++wnVJ;|=qs)4iI83&g) zmAhQQ<>q~Il@;wy`Q$jsR&dD`VriK(PL*7N>1BD3lgu;M%5TsErx3aKy{)QjY|i%v z%GYosX5$KYU&SY&z<%4lH`R$X#{H_kw-zYZ^}Q*ucii{3vWKQkgT6@*&4%rq);=tA z(^wPg3T~Pkb%`!ANxt2oxxQai582K8MZdOd=2o7Y@&Cc4u;w7>viPsZd)4@_{^KY2 z=Ra@dxsv~He)|7B-@N0mbd&Jccl$vnZ#41?TDT!MUzM2aIr*UWMqGS0q$@^zm5{k| zyq68-KHBR(+N*Bi!;JnfaB6++Sg(@gyi;DKuN>(m8Sp;N>+ATMmaci5^E7R0;a`sP zRV*w3`fdA|pbIOH_Er5$jWDk3T>_wY+_$u{6Qf;qyGa+u%}lRrdoJX>`o`nAn$_rU zZZubS5gKWDx8u03`rL^Brzj6jpe6BN{UA}kOktJ*T6JDYIG49>(Z3B&9CK9g|ydidEw|-(uQR# zEr>2^ZmrR=;+Gejujoyw7i*+!yP01v-fq`6%#96QF;mB)>|Rk6vIcT3F0@Cn7`?I| zp`nTDcq}0Hx(DC+^lb zIh7hqS?yTtDLEx1pH`?)&y_t`ciVlXogFomaLplT zQ7doI8M0aPVC5d&i1a9mzBU`8%Owct%Jr$afNzmK$C8@LSkCFxRHEogM$FaRva;H09@*A_yAqIdGUt8*Wh;On->iVWxAmT?D^D4x~yy+@>Ik&eB@-3gnN*u4&g`o4dVLuU;h%tm-Uo zjsmL(35Jy0&d0S#Wn75MiDVaDnLH&dUvqMpXOs2EQ?c-J9CJ=yt%c^D@a9{o3JVHd zCz7y4?RF2U>AS#RH?8!(vdhkjKdW%tg4j8`WV>&>EP`7bUOP_CZvESLTrYD&NddcP zt!`cv)^k2J!?>npCV}2bmy=xaWb#ODh{@isOlk1QsD<+eZLE!HA??e4`!LHo_Lwau z{n3O3=iKbV0KEZ!fcTJWigKyXX#phE_}9*IV^;~MgDBYdkvkdBiBN=MfVa7s63!oTsx}RE>=J2sI7T>#tQacG8wo|CKo`%7CFiBz0R~>h4e;CiW4FN4=g9F56X=&t&<9 zS8kiFZ-N<=isbcrN=N$@q!+;WNvDdw9c5<9e zR37V$X-x#Mj>ifVjV%qupW|s%I_+2(doBKyLak`^r!=?A(U`;}#Tf~^s~@veY2TN% zFN>+ZDP%&N;pQgV;~rMf>x-pIrik{9cdTSEE$1Fi<8jSgD0tX61KnyDsigP~`J`7< zZw;5}9P`u_QkEHC|Eirr*qFPTWG`9pZAmIb|+26)Tlv6Ub%a^C?vqO`e!+k zMGq6OKt}#Lld?Q_sy@rBW@ayDT-)JFsZ#5XSw1S)wf#=MTNpnbeF)QfQ{U~L)%Lj` z%&<8zDyD;4%1TAXBstv-pB7_9gX-Me;+qkI`_2|Rn^2B; zo+K>IIN}o$MG*6XrZ@{GG#>AultehAGqr3M?{OSDTPP-D86~|fT@xxA75!fwAH9sD zIbt!?6eyvDq$r{>@g4u^>4#IX$T?f+2zU>@IXXolO}XQbY1W1ROY|Lo`0um}|JN@j zf)?w*WN6!Fis5?Zcf%KEFtuNB$6>JCFQqnmCXCe`gE5!6{`qN5@Z}amPzaH1_|K8ny+`FIu zxAJVEA88ijDb=&#IUS}#YdI1F?Kp?%-7h4XmS6vCdy-`dA9TAy{`-8=4Ozgu8B1uu zyOAvVL9xn~DANJ|_c&#FB1DR09~7}M4bYHe7eojgg@~-@JI>Y?I(z=Nrzei{@#9CK zSvw&~NF0(lphRi!Vr?BLc(BeZSLy)u{ZIZU9d*Mv%~(1gAdR?cM78M$Y}!?Si^ibE zfW@3e#1Z%-)AAhUiBMEcF+dC_^o?$K)_2Zn91f5$;pzA{oH$dGVWB#QUf6J-~E~oi4Z*nv~%^w56P@6c_t)D#O70>9SUt#f`^}Mgn%`VBzzj9Aj)}0 zQpG#3QUdljry1dn;~~*r8k3B0)c5;;{oe5;fIWZL?|m=p2*Z#F81VBnApyk^qH&UE zhzAog#qebd9Z&I?oG_LZOpuZ>jvEkD^yBqQO#Jf!L!t!V>%|Q_*ZbfsXRV*GEPIs_PU7sL#7Azx^8z89rg-ikL^C4Y0*f)# zR&6v#Tq7MzAc89m`l=nYT^zl^+)O~;@f{~5!`veGQ0~#yNF)0K`yq6M<}61SERRAI z(Q_ica6%CIl%*Kac*N4F)Ul+9<@O-S-8;eChcTit&u|w#3;{59FSsWsh!!Sbkf_Ivb@kAH7wsIf}o@0 z@QkH+OpYSV`7+-8dBV8#fD{O3=naeVDM60*3xWnxT8mYL#^VykuID-q4g$jYZ!9Fs&^?5bXv)GO0=O0LQbQ*Mhi_Awk(V$4 zoc?=hW2f}rWQ`X7@-uZDVH+%i`%1aphQ&aJB}it)Uc}Ctb>yILm4-vobqiU9tq@=f z0R;f*EwE^;W)06iD+TrxYzs^Ml3v8s<701qftqi z2?>PcIVW?F{IC#+FR|6K_(hTVab{sK86aNz5r&moOLMG8$V&pfSP<@g2n3l%R}G2^Rn^a14`jENW*= zKu=|aK*BhuLmJU+E}Ip-&nASXyh;tBTIkW;DkOPV(F)#sp4Y4oDym#v8AK?;LlUVK z3Ma|xRpk)AOzMYLs+xBK5Ale+y%CJQ5OV#L_^loQ#`2b#+o3HU)&tqEQ68 z9f&d9V+Z04`6d|GgqUl_1!hq+xGEfJuyHla%f$IXtKdcm8(KTLe;DMg#9|VYs zyS&}y@0eLfJ|!&8kOk)8!M3mqgDir|dJD}1IhWvon8UpVFCdSh-#Lo~dI#=jNQmTH zTzKgU@rF5hvX8v5<1~?=eVIGZWO!Q)$3}-p_*vQK!#8VE|&JM~Zl%pyBou%5dBTPLR^2bGol>%dS+Jgy>$ApX3F{09! zA-)%$0yW3LK**R73M@@niZiLihIBL{Ff1d2vpf}`!jQmbsO;*V)Sv*0n1@Q`1)qj# zO7#HIjFV_2j4GUlO0O^^d-n3VucY$Z3C;}e7bGQ!DwhsX`><6y{NIk_p;sxHfn!>| zoBEv1+h4q zcYO5j7m||2u0!oI6g+?vsygL?Snq(@8{k+lRfwhxXjB-xc*t@&uPnSi%AIWA@z85Q z1*rxp59P-iPP09~gw_cE(cMy|JwVP=Y`z2=(coE`n*<&lCDQ!W%Jw55EG+krUNvWf&d88PX2PDQRWkNs*nXN`jIbH19AtPKguSJ%gk2s!-fh^D{ zdI5GqWwO~_laofE%@^TaCWcx|QZgc`7F6%pXhgy32*pAc2pB4eh+Pn z0<&r&+fvl4kUPLw0NfDp+sat}|@@u`b`JUl%< z-ErO?pZ)Uk^%;75cye<1;_Ud@DSCN=j$XcadVF^L^2I57`4c*P@lW*Y@r$QBh*0Ux z`y`|$7YNcRtm?jVN=T`3?d6jGSQ?-R$KxE22^zB*Nn_Z^Ch3%NxlH0XbRs&XnG%Mz g?)cx(Chq-n|J*Dc zVQyr3R8em|NM&qo0PMYcciT3$INHDUDRAUDzr=G)y=>Wzev_`_+G*=EiQ{WK?VLMn zRsxZbgfU651Snfgdq4YKcoKYyde}`{ajm8n32bZt8yg!N`#~ZUIxvbTa-I8A>V#7q zJ~}v@#)#7H`3%Oavw(sB)do+m*Xtc09f|+!h zCx>5w-X@JUeGWC%QPQNpBq8J4@30fYCQ0Sr1#fXkt4sX!IOca!Bp~I38htm!U;n+uB3xE&? zXapic8OQi1zXd>yB0@1E@nQsKj74J%NH+axDjlCD^)8#>im*;_KJ_&Y;)nIlUJxiAn9kZBdfMuI!t}Y>LIuaf~?Z zI7AH5uBsrbw+w$fJ(-Sgy66aMcL_kNQ$mhk`H;Zd)^|A!|#{{I|Lo)bO= zoAdA#Q8of}1_#6AQP1lij!(xu_xN~xiu$J~r+oz7VZZ01;pw<{{A$=golN>i@EG=o z(0kQ8JQ<>sNpCWN-bsIgT2mCF7&7FIKzq;|967y#)9>H)Pe%RI(eSu)a&&y!KRrGi z{J-rT3tRHkum3sp6GS%^0BhHO|M2MWC@=q=^pB2q>;E~Py*(*!a1m&Nr%5bi!Ped$ zxIvTAD#Al|?2~affH>@W#HHPYqS%=x*h5`ORGAjKIP}nCC-7Q(doAAF`#FkZ>>&y! zBnD=QgBVF!MsOzD+5@);0fvG|2%FuHGvr4orX3dftvyjlLmIXAz$Eeg?7P+;a2(Sb zU^4_f6!~NkppeN%BIu(33p_M|iO(n(Y&$nn)a+d8?=4f(fClY0@5oy?M!u*8qsU)~ zKYZWxgYpi$BnU_-OOC+jUt4>Cy1@+6*$BX~+aDaZ_CT-@1x5hE`}@FawNkNoWCYUm zT?+syt)3Z?{s-t|PYL%x$jB`KZ~&)hB;@eDJ@9vgBKZkGs{1UaAS4g}AxgQkm=Kl% z;5)(;Q^xlL{a5Gyly)!?Uu6RzOB@+IMa#U6F?8=AVC+%gk|2T%kFk&0g7=DI55<5Y z#&9?l)5Pae0tZR#gE@xcb-FzP!LGm<`Q$;jl28QxiZGj@_^-fC;+W5}?xx1RE1{Cu z1~wsa02zOYL&~7jhe+L!2|YvFoD?DC|LWac*Wp!1lsAr27ufK z*+1$HUH75mdEV)G0QA7IP9~GVG3>oM7LcRF_pgbM-Ngu8POb>MjuAy6lcbS^XY`7MH=1!bgkFaCr$M6p=9Es(yrDlX+RSP_XiJDNcz zej2W-8}Kn@D5QXdHt=f_GdVt-nUBC}&-|bxaCCI2Tl;4dn-5hM0{0!?GBBeWUlw1=UF|1 zo>$VD_k!x6?=OHJ5v10F2fUEV6~brM{AgT#MkqV;F{Frc0M^eD_~*YQ2!JDgj5+D_ zI=xO`yptux_CHcD955k-ACsYP-i%>vy-|RAoqlJ~Ijn~hqku4!0c5>u(kl*BcS(u~ zE}x$gdyrmb>8prVJ0eDt1Xm(rv54UCZ!AO?LSn<$Q?#SpuX ztE?9(e0Ik$Mgo3!Z;qkEX2{_X9R*R~p_HY7GRP7N9v}r{ABOi}j9ke3$E6$uFa;q2 zwiWYw+bDd)r?fH}UIm|EHClM=HOpd2Sk#y+MqhpOf#KAiHg_Bcq& zVCccv1FlaJj|+22M1e;T$B;?+SSc7{c11jN88Q@y(7%jwTk~~HT;6p(1Z4bg6)k2$&bvnL*<(AS%3nl<)*P^*xk5iIlJaUP4bQsKvsC@(YcS+es1G=X7j$_?v|k zEHdrf@ztK4X?bj*;EqJZC({Kudw?+lHzX0_&ICc0#OOdyDKQ!%g!lXbQ^ho~IINDb=b;dEffth~LXx^3W++q*@V%JL z2(?FvN{0EJPsY#(sx8jEl+5=IMu5)&WmujaBjhpxTA+R_D`e!D%)s2BpAsA+Pf#^y z4Pv&=uP(tD@>xtLN1tvKJ9|kJcg6{f@Ij=Afh6MR9bN%?!Ty10f#T3b0vrtGmcv&t z@JRTAfdD^(1!5g=4nr=jc_@mJD-QF7SF0C~Y)OgI1kvu`@YSFvn#B|ZD4vRO$m~I; z?|VXs7Ys{E%cnhoq7rlWzy+q_Mu+#wGY14-A(fNG2)+?CDEB)4=>-sHVtJfU*FyGz zL^P+*Ap(L`m3LW`P~S6>czJP}FK-F!s^4uQJf`f>JC=}aTXqPPMUFLgz7iB#k zxnh}JUhsv(DT_C+b|iT>cwmh!z%1S0EhGg~b4f79A@U?~LO_$r1V3^P`@$EZ;0w+R zREw7v`joXNmpxUO#Au?Hv1mga()f90V()m8ooXG7gi`v6%4L^CeDsm0D4k0ZU%v+Z zPXAPpQ>>R){`0FG3%*fct)Um&kiyO`DoRLcOH}HOrf_{EHCMA@+br&f;(&@NKcny+O-d0t^rd3S)cJvf8iBUdB4s6{ zcG~zgjA4KnpKeS61U?S$g?>$+b&Rr5oql=S>CUMDW%moyd4o(x(if)c%nN%o*l^>%x_x~|F%W}CRT(RhK`$)YNRl052xHs&ipBfF`ETqbojjT zy@DQq2^VESK^BsGrx0e5cfdQzyAnxl&VfCpJ|Xv#PO5Oq(S1t8qN|op)H4Tnep*R& zB3$_OAcOpHOFT<8D$YUoXfcvN1~J z)Xi(bvm%W+uro;SX%~6{4l!Rmj#@-r3EBK?0o|5qUjJ4ny>^IL$0af9P!hmLmxN(^ z1lp(lSA%xbKAYjBwg#xC|7U_iKt|i3m$X_+nvq`fxs$?o48Hw;F0S}IO3__z&Y{iH z^p+sx?M~)oh?!8wQB_>(S$Vrsr>X>~@j@b@q)C1t^yJhU3WHs(YoaXu_3|1eeHZVS2}fq*6VQaIkU=HWdiL7oFE6j(Uwphed-vw{`t1D8zS$xL7}YJU z_TmD!Kt>zwfY+}j3J10pR~*O0zTo>QEP4PQQ2H%>4<3Z%?hAgTS|g#q00A#6`Lrp0 zD})sicQ|hkAOk+W=K>OWJ%({7bJRgW#1;o2Krp0LICZl9)zEEibKUwisy5ICwknRl zskrAV8E{vhN3L??&fI8JAm~y=m>X&R08MddFx8c9H`5F=H_EDn0~pB*hJyY#@tSrf z@qU}mBwpjr2ypM|2T3-}&Zl(X8(TNZN7*CS`g>r}^E`BglsnHU^-gKrNalRJ}ZIO|HZ*SiU z+eOh0CbgR`6lZpExx-?37EjHP?pd$oZzCf+l=_YZY6RLj=Iq9ZN#5Mnbr}wjGfv!l z#OMgLd!1fyc+l(g`uv}P_>=#`e~MqjgZ{ywGdvg`^m_(~kHRUNSz!9TgF)}$uy=6O zI~ev3j(Z0uy@S)auzn9jd_-B-@)$fV_FsE84J6V6k8diutwx8;fF+xPF)8z9BJZ(|aS%qwx<7bEs}wBQ1n^Nto)tWaiI2VZe+^N2VE2tB_% z{@4r1Y=fc)enCh#$O}b!#J9EVCl=%B6vZRJJJ?Fqcu46E0A(>`Xu8PQPw-AH8BJOJ zR@F{%;^TnBsWdk>gcHEW4~oSG0d=#Zu8-|12FFhU4sQ_j7PrVHp+`Rn4Ce%U z;2ulk0DfxF*K7|+C=$4!yU;l1AdEmy1HanQRS-%Q6wgr%s3Ze*x2WV-E_QI? zo;5tCxFmE@#Ar8r8wV-pfLk53J>9g}^)kqqwXS{}y4(Y2AyAjST(XEn?_=bN<3|PtmrU_= zCR8fwj1`M}yS~%!NeYUHcNQ|N2St;)0eX?dIGo;^ak!j@#JrZHj7gaCWZB>dX!ugU z>1p_PD9-R^!3T_Vn&HDjN`CVg@jY7m7^GhnMZqY_-4-YViL|6mX_sN{leE4W<=#43 z3#4WZ3uSod{x*#p&F$u`=Ppa-qwipZyp?TQ-xRk>sne)C3&dGRe!AAG)K^JPb;Q)1 zlqyHFY%HtiaWxWp>PE{+XT?@ah$cfa?Q)t)xw5%Hq!Hivgm#g|Vw(an@)v-FQW4`D z*#&zjWLh@YtpSe&5Qi`6z7$FjbZ2sp6g;rABKv+I@jXBD&@SJh`9F@ij+B@>7N*uF zD9hZ6BIjud%RHolRt2Rh9i}zN<FFt<;ICTBQL!h0R`;Hi3&;h^x`l1$)raB2M zW3Rfjt|6X+4O)%>^p9NqpQS$t*OYiV!;o<=<{*(h* z!F<;qLnEXz6bCpIa>{oxbkQ}6u~2}oBeH@Ah{gRcBVdB(hzqa@L+OQ)$Jc`}jU-_x zuj9<&pca!6IP7JGU&RrMdUznkEqw%AVcDm0pM&Putrd9r51aZxZi)yU0Uw9Sqr~AY zo}&xn2fbC@a8PP(?icte~q#fF|<`9Bw^;mz^E+}pd3$0LTr5dYc~xX&YTW22}%KNb^rQ0>-kL=2egPDE5y2trfHPrc^HYMTkX2lS=fYma7+x#GA`gt^mX*T#*%9B(C9mM36B0kb z*b{be(xy$TGB6c`DC{${L!4i2O4}wbsLVZ3Wfw$^OL0sbBgW)q4n<5hnd)-nt((M2 zN@MD}Oy1&6mKX|}n=ySD{Zz09{R9Hyp3Mlf%F#vF9IB%X#nDi>qS;^ z^x^=7XpUkqCUQdU3N|+IQDBpV&G7-36aM)ij|G>2w!ZsPUyl`o5ZU+hABI)qm#qop7`4(0pHJ^;jlmG9lh!) z+pJ3u@nv$L>{u0F8Y2*@`@;Mc1>*1#;^)W?4n2fCacLpEQGGHsHx_P`IBXUZ#)LEw zqp3PVIurcZ6;xy#=7DtDQ4OZQ0dS*4s6+zmU4R1N7yGLB4l73!Io_JRW-Apc?16U) zO9XR3kFK9kE@lbs-aYalfC(eig&gY^uz!uJZd!|4WurrNo4L1bVrrMlG|TSdp15FqNm4ZP>s!TFFUt)%DK@TGtZ@Q z6NxQbCc6R%5R0)Z8F<{tU?on3*DogkAs5d`jDO}^zb|BC4IFj%lqsAuA+e*}Q0(S% zy_Q4cS%)=Q*gm{jHf|pkqxhJz{Eza3G9LS=*V9KvnDMUAL}){mXq?Sa45vugli5c# z>$O;pd_mSOzgd)DeSAU6*|x)swE61}optAZ=tncyZ)@(5mQs!u)LPj6&LfypFz7t$ z;)Bj3cn$K<^w)m+RoTd8N|Z2yhKoLummR|Jehz(3CbyF4E;4XE#q$13b8(mljN-h!Z!X? z$mL?+$hVfInIJ29VWo9GHpxdZ2@sp1Bwg;>h;3x8c6ke-A1h>_j)g^Pd_DyZ#FauUdE82mnDEcr{2%6+rh#~f3|=9 z=OFmk{(fu6%vWUQwt-ZD1L*t21&{(LTm&2(ie&*^B(5_#rOGm$dI2lIZcHedu&xHG zMPs@C->J98*vxXP2Up)+Uj4&3&bNTFZZVrp(MH9Xr2Kmax7xbNDN1 ztx|@pF*)FepR#$Ez%oVx`kr8s8Xwm6UDar=@zZu$%B=y1Q~j>Hrz|V^0l<_~e>i-x z%XKc7{aXUPZ=erD*O+<>7cJyyEr7D?O$W1Jc3MBHckmto7sg1cPkkSYD=jG^7!UO9 zP%6gp@Okk~#%^Zbi`>73$EQy|s!-gmp$XBQK_BcJQ#ekdGIG;|MQgn z<@k$pZi>EYO}#)iK3Bv;*TUgXZuHi0=&tIp3ep&^5!G-e&Io9~B`);a!pb#9;`pGc z`SKd1eiAX&eriG++n5}b%ZgZQwi3Yjs)$X2^9aS{G9%U9Q%G^1&SuDw0V5oVp@X9g zKfIHppk3>2!nu_yIAa^tXo$4;gAx(jS0qGjPDAZ;fyU)^8(^V0&6?ZGf=x$A*iCWK zv}+O09LFq?EWf))mHyDOgW*E4cxmilvfY(V6*|;`t-?>&&dV?fP%Nk>W*|(0F^cz_ zEF;~sOXnvmT!p%imAC+~K}4bLqOr#`yn01tq)Uc5-4FJ5qp zR4&-&ogTe!G4eeMKH=zF7+}uxJ_%{;lM#eI0U4E1Uq4xnmRNgKZG#o2Bf<$#WyuT|WXCMS_U4UEu$2(#GxbMwH5s+D8i4=L|^bN1}*}1B|%DFK{x^3%(ArO{EH% z+ay9UMINF?rf`h&UtXE&iDva#QANHojc->rvo{Uhf>OOl*Xp-LnxPTL?8&&wi=-+X zM)gdKOIIIFn0C)wx_Oci$(=KGxJzQ>mG7LIYTE6!(7b(KJZUweoKQt%7!s!_-kqld zNms{^%}}rkihJOVG*C|G+;}8P-Rx=av?uhuhSBf>_O-$CPJOuetvh8r6J@7{hoVcv zL-me-)?L!Ns48V=jpEO+gc}qfE_Eu+g2ZduF1gssDNC2CZb2@hQbv3%n?-)s z{OEIHn~BCdyxZ0Z ztyXuML8yuDbZv}i4ke|4)dxFE2U|9H^(xZpVJ&D#S3T{fc$JUq8VcQ-G2b@2C4(+? z!`b6cy?Qu1y3eW}eg*|`m5R7TN!&pHT26^iu6`{jidRMT8CAtaWpS-$)u8#z>f#dJ zYEETbr8Lf~jhl7vnH9$s-LsU(hSQ&B_oX;D9ZDm^Bo0i zS4riUCPTB!2;d@cywt19m?Hcrj;DN_d@=>G4jnI34t%=Dz7L!aw>SMyatt7#*h4Oi zIp|U(b7878A>?#O)Fq*^4Cc3}G)B3P0uuTjjGS<4C8MZ%4wzO5C>FMv&%RR^eOSl zlo8526z4vgkcF@Fu@MWvtt@m31PbRFd}Qx67(0kbY3Mirq&QiK9H&1>-&^gw(aA=P z$u}pkev&qIq*WO>i}*=^-jO6^>0~%2>07iAPRCrZy~iO9ht`g#tfzCT!xsHa087L4l#3rh1wz%Mru8e6S^1^9TiAL z$Q*%xzM!)g2jGR{@_&<%VIPFlC*(effC2S?fkyyxXGFyI(7TrPnfeGtV8F|T=>NX> zm+ARC;w3)HbX!cF^l;Z>AFH%v5?SfIU?;~D?g@aJT>yHX$Yjlsj{?Nv1qehtdYn|N zg#ii{oE@67>F}79P?w`nmMG0rSOWNYvK5+^e%p+N290diLhW^_G8gtbJrm5&WG`&n zuP9%HD4XS`CM0<}ZDsibtxqyj;NL`+G3c>}W!q=npp^0Td!vMYHp ziLznH&fdPYXs|r%pw+F^^IQpGN_awwcEml48a4pIr*1;yuE;Ca9pkXe8O29QtsOf1 z1ds@)CZnW_g(|>_2_7T$6?t4X!5I#8z!zgc<_KV>GwJ|7LevuOWV`{j=q20jaQ={4 zz?GiqY1(>Iwgo^YAL+8pq7`el2=loTjD7(Nwsg5#i*?W&9QIBIediDjddCBVhWebA z&pLWIM(A)d91IRmPY=CA7ak8L2%Q}EUO}%n@CF0q_Ii^^&pYWI9->3^3cBzFzM35O zCf?D>z(7rxzBzr@t^3MV4~zwbUJWnO47HpA8~_~7P>jVfn4c3k?T#VUYv+?YjXNHi zcikDp;WUA<*OiyAMvr3gl;h#>P>=G~gjc4q{v;f0Q1R zsvWuf%tvWWSL)~|!;3iL8bky*b9`~E6=BwhBjV+e&|f$)A#B1={?f72%A$;rN5KQ1 z8S8497neLmbfMi*w%U8PG?(*TEcF4^?r?%nX47gJR+l;D={(5cRE^1bUJI=O^3wl9 z##G!4X^mMG0#(kQjRRyCLu7+|kZhpbk?kjM=(Bp;J8iL1(~ zSjDAT6coYBRDy-qH4d*udJr|rJY82yDO{FRIOl6!Z7Nn~+*4&GQ)w2`z&1mnBQN#z ztZAlqu91*)DXtT51zG(M8S5UXgO~W2y@D>uZX<~@^$*XaxKZR@wx!f;DwS-%DdVqZ z{k6=$iv1Tifb15~U=t{A18SnJC`L*ImjQ_a>y?g4G|)kefQTcL4P?}`t_b?B*hFE@ zbwv33Dc7$4Q8psoZo-#LxEL=DwYWLuMD69mc7?btL;^KOBJaf%g{hMHndI&-MDnhX zy_NJWgzx@faP0KqNxwfpz2j8o%Szvap?3_2lYW2D@4N2MJ)FFn491h;a4;U84i8U` z;AC)mGCuOqcyj#e(1q?84Lo>s;z2mT?Xb(2%h+Db~p^+^J!D)&-F%?3%1i}|-07E#HcKuTn^4_FV z%)e73eZ7+<3ydUdw@;Bjag@!6knAnFOLHhf*g1-sJ$HI_%JCX5()FOEaf^bCoK+8` zUkgN>XedokY{X%p_Aa?6wdL1#=9A3+($?aPDWSs7j4a7D4SFiFSWES!iI4_#Oie5k zx{9QW(pvmLCt$b3h;n9YXCE?o`29tzVm2DehiSkmPT|yzp)kJZ+e5pekVL30de~l0 z^d)h5@=>=+s6Q*WW?D&&mnsa>`Dvay=usqVEw@ECEbHlP(G5F%a&g-Zuv;c@tK;Jm zYtPWwR<49>q<49}P2v=YiK9hA-_kMO5nUhpzRb%i zBpQ)<)x_x(MT_{P-}vAyGNPJ3#YhZ34yX28xlnIP zzNI|iCP_uzRjFaGbW&pLHb<5+N}L#heB=8Zj6P6r1iNp7$Fc@=BOLvNN#Im=-GB?6Fdcu zx^YuK8KO)`sF{8PK$9SVT-HxQCGrYNm39RwOckk;5tSofL6yTG)p&>|0kY;V&Fu;x zn816Kkqzt|dzc#8L)<}_YN2Pr!(x*Z(Tnkf|3Z%uj*+yY`Q$hiY4<*Xi4UjJCKcK6 zM2aXb#p5hC5u_A(n!Z%xvkCV3PQt}65!m{ZoXP*N;Jw5h)R8V;2z>g?OZ~^|_Q&?G zp8(~E-m>&zdS=BfZze4 z`*O06QHUO7EpgVfw1jCyY>zyMV|>N<-x2Z-hKpgZM++n0@Abf6!AlWqvpTq~)~bA# z>5E_gf9+xCzuLcoeb5y(msZ>doc9b1GZ8eNi3b>mGNSEj6LCif2w=DX!+-pPmXGl} zX#oL4F#Jz0xWQ~teU`+WBMkrXj{_+Xs|-<8vUA873Nt=GrK5ke&Cx&l-HrayhNFMf zVDyFbeHlbCnIkK=i_G^T4F33PtInM*d84Q7`5-WvOaMP_%KP#krPDR0fUisbUZh~g zAwTYNzHIZ*+GH~F?(eV%6g!jY83;J+^$z4NrZqVR|7^;dk`y;8n}WLkaT(4G1O+Jc zQi~tR4z%r~wh$IOl=bmMSRG zBXZM|v$i<0w3iO(K0wS20<9{|kaYbaGJv#HPPg{-M%h5PmXs>b_^Pz7pV5TYYeAI;Gz-9ifp@H;`8nm0DOAU2azRD|J zq zR>`zg%yw0q=R}}SQttjjI=iN zLOL2AYQ*^g20sdt?8%O_gu6HWredNwuRdDT{G9 z-3MpFmF4)zL7_`HzrDbd2}aKM$oB&nrul|Dt*p0wdd12QuOsk@L@1=x2i{E70Y|-8 z$6)X^=z3`04HMr7zo@o8tu^s1M#!3YeSzPV8OD?p(WTUPyqP0VXnC`1{(rec!ziLs z!yFKgOKZXa%>ymlY0QzO05IBHAa_Nhzg3z%qoV}VnJb)Dcy(FZR_V6k6ot%*Vie#c zXlFEZX}>3~YGvR6tINh7 zBpsr5ag4g6o};H2G6vn5$OmZ5OfrL%%NZwuI7;75Q;FLydM>45t@I=h9!;+pN-a$! zWkfNWr?#vr_h``q)`n2*wfv?pkrpHY4=P0DOG2w1;cUmm$p*B0OP+Q|c zT%zD>REj38mgVi&fF+jy&3^T@Rfnp;l}@{?TDz^i_dQJIJ%G0eVSrt^2l6GL z@1`ZZB-FukUs|I6J`g%n(G=f44nRl>&52-#+So;yxQT4$I!bZo=wMn$aR-2x(`W!l z2+n@I<-LHR2V)QDd`ukDcYl9#z(0fk1Kvj{6jAT??c>v42AvTfkP5O$v$g7&8<_>I z^n`-t#3(A#J-2W?oO3n{; z19n%Q|t|b-j93)-obEDJ?467 z9W@|@@o(jazaU*07+RLdXjUpb)homdBWTb7#*8jP*WN!>JfD`CzAB7FxFavqr)}e< z+Yr9F&uX+<&;OmHSut{mW56mco$rKioTWySx}wREI>${<7a4ZIX(CW%iG+plfzRu$~Dr2mF| z+iHEad#WCL8Q-6(6P*_RyE?i zj|YQZ@3`OpsyFBlPL93;y{GAN_DLv%@mIZ#+sb$Dck+Dx-2E$<<6tE1L9mb5B0{eN zJ}mAGjlf^Kzy8|drCM(uBOR|-s61431Yt?kX{mCKl3PJLqazRj&f369%Lu`*b1o_i zd9foi3y6}&+u|3_%t99&ABsP5aGOjf_>l{A1{exG@wdeCTqZLspWz$xp7>8^E+W$$N|D^3~PvqY}s5XDm+1^3>zuKVvvAuq;pcy%7 zQ}|N?eGyPx#2n+j?X-SG61phQcpDsZ3dYEVoL^EBAnkyT5e6IEvY6#}hNl`lFd?U8b@?qe1g&3h6JRXQS86sm;Pu>5Qp@ zlJO2oam~D48NoaWWuVD+SD}=uze`uI@^G3c%R||4OQrE3azJD@0~sMM@fmi~idO1- zAc6q~W0|psk1%b-4FsSPmQeJ=vga!6jJ3u>O0~hMMF`EAqAceHX{_cdqm)vrZ&1%v zW8{Bf;ICEHP+3-A`1x}gG#RPSE(vr^Df=$1#*6Vf)rOg$KLZk1L#e7*UBjKl3eoBj zmL;>6pu9%THk2b*J=Uc_egPp4Jrpu902Y<~`fDq%`_(#Mt?PxJCx2eOx%>Fd<<-T< z+c!5qT#AUI%X*Ubd3o7luX&@l|9kuK?BdKz=(d&&@?$H>PnW>!rZmH;il0}PpP zLikjIb6Wn>3PYIIN;~xz4^7^rt&d*Y!|EgGp}67D8i*(ZP7__Oq1sMmr#J&~*<=XA zQpje;G(u(Aa7^}});B_;m`lGZNua{1g5n_Z7sgxsZ$_~By8E{jO(AZ5Edq0ja38sY zmp1xH?|VC~6^X&*s54|RCJ8?+RS<*f;jPXF0@+N9VyjR`7R)tdvn-XU4_8WjPsyaq zS6@3HLA;u3N*A?FKr}@mPeC>ks|^Lnl9b&>;}stSBvjT@%LZ1KlAvbD4?1+#6=Jy9 zq^m|o9%eg0Z3pG0sIoPFtD5N80+&2Yokfv8=W+?K5T!vKyrsZUsPYT=DIpBygs38v z2*%7I6Dg}Hom9Dop;Hb(nG`tVg~UW3GSvK)3X*&dWY6Uw6@r=A45X+P&A(QVza0t!g&{vc9NP2r~JlNlb+}vri{D6`NXDlv;h%^Fg?DteP)+ zCUSu{*PofXNp3na!e;)qGnPl@sb(y1I{t;tQr0te%j_)&e6u0W z@5*@xhU}IM9O2|AZ$d;UhlqGu2dW}EV=5!rXw$mYhN|JFUR$efkGBS1b+y^(R}TLM zf*}hF6xg+3DmB2v4K4C&eU+v0(oZ7KS-Ob8($_gejr?g0oCVgUFCKMZp}! z=Ol>uhSC1|b-&X;a(ZphIk$$T!#5dqRPB6+nLf2pmY+rmy%)cm++b#O~l!q)Nz)RY(|k zSs1WhXK>Q#i6N`H24HZSs#+!x`=DKV`zBT9ygPIzjHJg1NbrEfV1}nN6gL^QOF34; z4l?zQsJV<3B|B-!wqo-&mn&Aq8)XY^0WjNye9{l2QvE?=u)hGch>sM0)rtn`aw;hu3vxc^4}V$ z>B@+|XMmau2iRGX^zD{JO%kEHZbSuP!_8-4lOcF9lMNDI{i&8H!>T&g7v8TX9T zA6|X=DBfjA^tU#4+C7D*vHhQ5M{Ak?EwTUW9S;r%dHcV9|8Qsj_Z(04u|ZC_-Xn5e zVOA2@>fKVF9aAr2ora0aCjzMB$RbYaIPA<#q1VEWIj2^y7NpflRYT65&h)KZG5>6} z{=D-1-zm}e330KiM5g~y{g8|YHQeX z$ta|Wmu=NW@d~xv%q(^6l$Ll>dRytXwWQa~jWl|~FI@-7*Z^1NMl0i+MUtaZ!)y}I z;A}gvZ-R5;ZH#l`)!}R}PnSd}za}3bb7!eh=juI>P(us#3adW#wjsG8HmMBQC3o@LqJOB)9X<=9wk=>Bxcoc>^SWeT`RdavVx{pL%v6g#t`q(qVZ@2 z@G-!l_ZGV-r0DOmCdWa2aD4ft27yu#jT)C3VT2m!dqT~?>O?V|o+{cbsab4MsC3Xz zOX>@Ym3CJ(+TPD%A@hSe5oELFs0dI^J8$o3-z>C6LSa92#tX6Vmx+lMWWgBB{$KnC>J%g`!;VyuBtl{5uZ#KXAdw&HzX0UVY5;%Q$-xe%Q&$tRN7K35(WL` z9xV>QUu2+`(d*L2b(C3Mv-?+Y=DH|i;2tfg@w=0OegTQ4mPa^L0!UTlVWT#}6M%jK zFIAJ;T;~_yqi|oUlzD$Xe-@}^#KgiUP9+LXxwTAApY>axjQ$)?)APS!rke4}9ITE? zD<&dFSGBR^{6FmV`nmJ}@Z{uVcm98lr(VFR78x4v;3}J(shGQ2SQ(DV`CK6_7~vnZO=D&S zVA7rUmE*BQprs?tj!Yz@#*)32LdTI^Ze`M3)m!~3-zstVqLB>z!Xe%YfFfFv<2bE7 z@SRQt2>Fm$`DLVW03%{hve{C!y|WsoW+P&O-eg$#9vY)TDMYklLc{^RqNGVj_}e zOEgG4g`tY_Wde{m*`%?G-1K4%)e4arF%pWXy!suJxgEbOw@Mk2BcSqCKGRARlfIoL z=&DdN8xo(b;t|6-O;@oBWu9Yh>S7&hwS~6LebS{{Yl$Wa`WcpR11vUM%9$*srR(|h zz;##wPpWu5eDL3JvVzen0R%~3qIs!S0xf6J^$d985K9M!sV$s#WS{WEhfUT4k9 z>F{5<&L|i!^5*;)(HH-+dXSnZ{_{mbk@~jU1X>Bs^!#WgDKyZ;~d2fdyC_gS7l%l`k3q|2Qc@W&DZ zh>w*1MDL6>gwX<^C>L&l4AfCv$s@9fY;u)G+L8w3wx-6cW)Iv7|L1?%UcR|Q;1d3S za(r~0L|eW79OAg%;?PCl{*;1#r$1-`z?iSX zfuBtnioeAnrZeP?K(Cb0y-jE7GFa`VLXLAbqbM+La@mYwbv|+pA*Zu; zT1uM$Wa)Da8a)M;m){z6x*b}rq1V%V8LRjD@@%b1%qIv;+bPK%*w}Kk9(E4@9M*+Y zat5PfHn$>q6>2x3o-`$KN>K@?3iII>VHlS4~zPr;ZFba9M4Yw(;x)jQ|o`8{4QXp0orMRwzv>>8las9 zXr}=x)c}dU>=Z!Hs{qOmx>T2F5Ap5kOIFs{2*jKqVZyNNwVlvBEwpvDj@`COP^tum z#-8%3TG<5blt#~~G|KPAPpULp*4Q)lbL&c@>IQa7qn*;|PpdTAivA~*v2ElYQ}h5? z=Ks;_7wmrq{hj{jS)OOq|E$7lBthkD=C`asQjOqnS}+{FvfKY6oL+aPreB1*2LR!d zq4rU!Z{cv?W)uoFV^B<~l{R~9X+>5Y4LM_XizxM=Re_GwuQ&P!5`P#s+ntBRpZeL# z{vXk(E&$N7{r~v*Bo18|6~J{(9s4jnvrJ%*r*&Zn`X0#{oUHnbkrDNuGG zqq`f=Ivl{Uz95c$_oRXW>%pId;{upMODZQ6+Cu?qpyRNgRJ4KjZ4% zfxVAOr3{Fpa1#CrZNH2y9U7S{d#DZ;y! z1Ijyi`B(#RUW0ridr>;)->#gb|HR?U+P8{&{e*3|V~+XEXPg0q(VW!WfY?U>4~&Z- z;=?^)E~1kAJLoGB34#FRBcM(0>&}gDOHnv=2$*#~pZU`oj{x(h{DvPm5&`B%z=5Lg zpPx^TWgx%Yqo+<#mcH=FcMpOO`=V_-Gle{)X8;?XS_rZu97u$pf9wpT_$~M|79=v# zn0Qc~(r>E7M(}Tnv@CwLREtP~i%Us1bOp6+r8N~CLQWz6Por>MH_!$$Oy;VY zbG82_>t)7hzUc40<=JN}XWsoXn30evN@{jIpbU!$_ywqV6I5(>-O%^hWT;)~&a*K+ z{0An)7u*otJ#QS{)S>UjP961OtQmkqaI>a+ja|&ry*PT;09EGx)dyt796ZM@cGq50 zeVbH*%M~Z7z-Uo{k$H@FU?ai^tN#fxT8(&v2y{ z-usu4^qnT(G6ymKq`qxKERjZHqyyRG`mi*j&+()gxhvMc$lt2ZoHO<_ghgTRu<2W! z!ct^Oh%U)oF-ks7(Y%=!URt`#1q{;cHh%o8n_j>yqBC_~*a2{IIJMZUj)L>`!+CXN zJIJJmx!+|OY>O-_&t5z4s-H&Z?OcqfE2-qE0dvdH0EAmc6tZkXO~+@ZbQ zl*pU5H)xyWa33^Kl$7%hVw^s@jjq#!{dPfO6z)gT@^n${N1n&=3fDvzTma*TUdY+k zK$)Z{D%g|l5cJOOOn2xUdm ze=r0R8LOV^2MuJj4v3&=TQ9zm-voPj_%wEJ&3~y{6-Tgo-KnE&@$RSd=7Y`Oe&B$S ztJRKrlh_53wBmZ%Yh-(2Y z=?Qg$XG_j9Ij_GVt+dra0LZ^xCOXcg`-r?$tm&}JPtOx%p{Ci=@xXeE45t@76-2eP z2wbxnm|E8Hm8gru!YVQ~Hrrfk+Ea`_1yKnoAosar5qJPA=fKGVnqv)5wOc?qSAbYW@6L~}$8m8Qz-PjhOG_^NowlDO*C#0&hl+c0~S4VdHTm_FI2KiK889BK!!t@l0pS*B2!TYpR4UavnSG z{FlXV+b{9L~W(I z7+-dLnzYy<+_O4{OZ^bS(;SXA-=cV`+~mOOy)lM<#foWc6Rk$mby`XLvSU3Btx9e6 zfG#`7tFAQ8V!xR`$kg<_5@!tmxM@)QpmT=%(+QeykWj*!PW%9R_$EJrgz*V4Z$ZN2 zjdP!d4O3J^jO%aau0v7;fXqdp{c>8#X^ZcAVLjrq>$JnqN@s_5-cEt4OX-&u^5jHd zz|9RB{3d#++WXnqA)xsI*l~GPRdV)KX%wdcL0^t3-J7p~Sm_#Ut8Co?@HtWxITG-- z^jrdkKB8>+s0!|5Ohh-n6W1fZH(UJz^9kZ!`Fpg6cW4Q4I0rNvT{-DHc9&g^ZRPzW z$pA5pl}Rr?L2xYIP4>|l%7jp~$dn4rQYyF!3p=Gh{j$>gC!D+lTED6txb#ht<9Q}@ z$n0IkgBfcYRb@EI;J^ym&3BM?Syo)e)qNH%X~^3oE8I}j4BZIR};Y_ z@-cW{3G^ab&;>zMXfR|QcYVWz*dKD*Hd<5CUZ(?U35zRc&LirRVk0C98_H@i&8tmC~*40W~4MI2m)! zGJjjc-`lDMSy$cD7!L^(S04oF315z}^OvS1iWHCnz{0+sgD9$RM(rk47mGu$wYh85 zeNRl-6ejrrz>T6I@aHJjlW#@KRlNsB5`MyTyAE(vmSTF=$dBt#r_**7Rd!Wex;FZh zpHv)=EiEw}^d*x310kdU9My_ug@SZVd5xbsZb|W-U#oIP99i?8s4fc?dIE}phN%hG zHVj}DH-|OpK@_OXj$dk$bPr)5b5`T65C|WgCqyNNgy%qJEP*B!89h6g>i;Ve44rAMvsoGO&dzMhEq5Lx0`=cX^{yi`VRG;|G70c@SRo?3V)prR->jBaW%cV|ygAjWHJMA9-w5D|REKpU?*=d^8iP{>z8v~sjn{=c-J(FIV9hF+2Vl6qt`0V(;)>t2)g1s7+isAWcI&bmH5YXJQ zX~2!k3T-wX3sM2Jn>S{^Rdg@M+d)3#G*AkoW0SRsGh7W73471cw!fW=1r10qtivMEJ*qrO)~p*Pu<; z4%RI}$~U@psK|t;ghEgI98C83_5bQw#3iUiodiVssi<#+^?sNp{?3iY*Is4rm>IU+?T~3Z%ZEtUJU1YM8%OUL|c$J%DIBaKc>ggN!wW2$ka&{xWZib~8Hx{Ei zzwkFVpmhtqZC}}M0opps)2Xp(%Jr3UX|s=9u(b;`<(;wZ<};~U&-eZ2;O+jnC!|`{ zEP&VlSo@VIAuaXCPdYLF;DZ7Ba3*VDMl$ihQq!iFVeDRMGtz|WHLc_ibqPcjKCZd7 zUM!@E{c=o4J3Alj-?c_;vCPusbJO;f2)F;v?wO&0IQaXCvCLL0_XSbtVa`X zIRlCg7#UMyJ#r1>W9F%&%|AV@)9e1&GgJzDKYIpkgq$6r^3wINJtd?Q5mL^55>x2i*hU_kOz?7yb?` z!Uo%2UT>e(CQoP7oR_bIA^yuFrk{rSr0%p<4KfVzx-6|*7-n-AUTcZR{M38zforb~ zW*6oGwn$tg(<C4PgmIcfk?2W^!kO;|@fmo;PU5C) zNH={o1Dy#pJKUG#OuounnWgvmFX34sqM9(Yd@pBS7M6ex(YK1i@fV3{2G?>*#5MO0 z4WMH>!Qw=o!hm=GA5+f0IMoC7k6E@yn-f)+bOI(r`;zfnFKk_}^(v-}*B!+!OTx>+ zb>B7-J>QCf8YRGihmb0Ydzt-&OV~9%+dj-$TL->KdC+sLXGEM_U;=Ci;!C(ogXENy zl!*G#(QA)G(LpjZBwRV^TuS2)FGXidHZrP-abe_fc75niQzJ1_%fl{-@g(TR;?GcB zeI`7tZ;XI7oFfWT8Qsdx1n$<3a0(hhO;yV!wszO0^NEi2jJ?A2#UJ0jbN@l#Ky~)p zK1X<~=v7qZ@vtvyCMu?#O>>xBOGQ+t*{o=^L1TXi^WY>-IuzewW$8)t{8LIJv%p@U zF*4QFjG&j@)ObpQ&sGu(y61=7lZuoJqnQiAX zrNMrs8u6rRlws?8Fw&Cf9kaf{s|#9cxOGVP1K4Ok(qK$A)o|r+GjiN5WAPCD4u3Z5 zXp3npcUBbpYZA@@A!VLGJsh5rl9fS?Z|aG4zLh>{wNrnL70;3z;XkHK_)mFa?f*%8 zS%s@ORR7d0*gk>86fMwqlVFK6d~@>0+{*BNpLc)PW^z-=rjsTYCYzZKU&?F6->jHP znPZq&jZ3%9)BCJ6y45DWuV@M-And3tAF3G-+th@k2 z+jL1li7$)V0}Ds!3<`=q-R1NuA?7diC)`>_yq?`Pi@Gg}9@##))K7nTFqZ`GX4@^g zq)L2=bqGG2*%S(UaAh<%gyd6Xp12-pxoSRydo2^;lsM~e+=vscu3M8DEm=?7CtaFS zP3zXInWZ-*dLjjgL-Oo?X(Hpdp!?UCXO`ek=FhV`!S*2rXX8qB&{-{$z@bMetefm_ zdXA2W+SLg=Qi8@8c1$n9WZsH~)9BtP%x45qOUfG|Rw=NLWYN64A{_OYE-;pt`Z5N_ z@+SfE<>)Ztl2B`sCIKr~xMmC2<#T2&eO-$6^L9P*km9{{SQwQue&2pn6uuYdO~$q1 z%8X1++I#XK@zfr;mliXB$wB!qA>Ia+nua7Qou>Po5#~>ffYs}zzE#bs8)jEC`J^tMFIaByJC%av{Df`E#i@VfwOZ^G(pODhfquP+_s_iDQ*UCpE7SKqhO$7UGW~~d z@w*78S}k5aHrUYJz+byL2}*XgIWH>{Tcfj+>ga-{Pz?@uNSGE+jS>)X5A| z{%2GVo!P7aQ3)907&>tlNE&hUyC2>K#Md|BLS=We`O z+TWMy9dlt9*f+^upZGoy;%8mspUAe8+0e0Rn%g(!;nlhAM{eG|d2;W9BA#5|0coHE z?Oeh=`7R>RbjY`-ui=+d-Tg1>hR@r($juijp>${456apCW7+`)_sx<5KrZZrm(O1y zkbsnfm$>3}Q~XpuUlj|)%I{U(fYu~^X(ft#zuSK^sM2UAilshS8bXD`HP!J%dG3>* zI`ndU@f9Yn&`q6L$A$!xJ_cdr@hR|xkt;6w*^Aif6c>|!j1eIt$Vz(lCJE6-90W$y z)%1`{)cYMX_R;#Iw1>+Y4k9DLt_7_2GIF^d0ZL}q1qzJ-=5^4Q!=ORm=iXQ2qV)^w zFkJ;K9Dr=I;ddFAjLdX&~1rt5%p3{{I1gZk8r< zj-W)TfxTTNs3ftN`ZLG;duW+{BI?(evYy@L32)C%&n)H>~SXFR(xh56st(EmnD_UR5CvJE!E1{M6*1S-8>amA<7d&Dx> z>qqqF@L$Klx(e`T^tY?ME#ocFSvjEL4&XRh6@;hz^1bHE8c-4lraJH!8-@4q*@#(TN{=a*ge_fYIpdwgb-!e!(A6`Ypig4@UT$Tkq}KJ|wMi*@aVcn$)Sj6#+s_)7LmWFIC9 z%Jj6X#Es-2hHtQgJ}eBa<3L-x^HeapnTfKm((GGokM>y+PI5& zc9t0g%b@(X`r|y@=(M~e_E`|Z?(22m?g~mrN(Q z{;g(tGwrsz4>WXRhXvjH_5YnE%>&svvL9dkCjl+J0LEnfhH$~!Dg3amo3y;?fd@3a zS0B&Yqnmsnk>)#KI<$4nGxZMGX&@IoYP>)#nqJ{X z-VK zD1WY3dCikFY9g2e|5jJBIVVYln0010|4`QZMV>E+>PpbCV?{3#xD_5&BNPMPKrJj) z<8VoSR2zT?XtzJAzicxg$yNG4zqk7vA$pcsn<+L@Bu(4ATVf(D$AcEg7}1H#6`=ae zUqE3WV((>1eV1P#qEd{0dbY*MFI&SJ9>I9S)dvrg4QvNqiTB?uw6Tf%P##e-x&(YW z1V#Scvm%(}9Y2SMoCPjZ6ibpcejdoR2MI~VOdAJ>5(uE$Zx>n;ZKS?Hq?)uR<{2i9 z{q?l0nKhgGVw&C4+ssk^jlVh)30SEc{v<)09^h0Y_pcD>7tHmIIIP>t<7bb`6)q`P0^xk< zT%ekFLj!z9OEmqcx8~|k*~v{d{}0QY4-sl`6OQB=-WwH2i~#c|5Dksj+w{)AV&FO` zZ?FEVeUa_?cotRCo+%k$_#kPhLfsW;(jGq%lsqwd*+UHJEH*9qN=P-vU0oWZ~l94VcQEo zi4tAhCPbscIdS}@7nZf?p@U9k^r6N(OfL*H|Eucp3o|b2{{Y<>)$M_%Z+^A*ZtNU6 zd`ua&{ar1SKyU8vI!qpA2~jd?zd|oX44b#X$6ED&984u{ZK$apyh4yp3L3(YWInPa zB8qIFuy=AHM0pkV65Vq9LA@eP{_7OB3AFZEMEDea$T#eAUPN~*Wdz|DsY9PW_dm^= zA#3FGyfZPvb#sC+z??&jm9IF=`(*Q+PkyBYO_{ChvvJi=Nuu77{*wBXVmmh_NmGLSY)F4_(8pDj}h5EQ@=V-YS1G4Y%^l=|3`a7uA{W z>u;EPiH+=kiqqk#cNJjVxetZbbOs2;d#+pY28$1$Y{_;{E;_^s{zhSa{7U1C1Q$fL z{&Lc%sqGcdJkEHxI$%GJJ@oPk@m?JNr&ZKtjv>S&N4uER)4q+W&r6Jq5>~?ryM#n` zu6s_=k&g&XHxSFWfPy(xGO3>sueos05{{!#I4TVek9QB`xV<}c9D4MvdHVBZ`|5uh zq1H1t3hS(nl{J(-PkoNV7GX;!r#7;>-ipt+pMurq?ecV!HC`1J*Xm&J--d~nZ&Tfl zaKXY*B|$*dTpac95#S(_tKZex^|zMw>*?z1){xFSYG8jhmz_=Da;NZ+G9{v+ zc6e7@W(R7s6#QMp0lQg(;WKYC>5 zqKz#G5i8bkm*7V_>pF&Qozb0(xbtg^$l!@(jOo5kC11rO8a@TCu@B^a?b=1OW#z+A zZ-T%c;gIRs+0Ri7hM?pic`yoVga6bEGJI4YF=8y_yk=auqd>nO^CT$o?Tw2GYGfrX zD;j;#HI-Iefi^AOFk3L`R(rIfcxG_WUtsJng%{QLeO~tUObQ?XA{_!n%?bZl%jyi( zlWwm;b0~l>stmJ&_E_%NJeWLddK_NYO0zA)E(uXj%tQ$qTQ?{u zF5g}UkYY`uRya!)+=e>*MYyb60CM@U6}3ygyG+Vn0$(d7Tz=MnB1sI%oR;% zvZVfVz>PH=f|DyFVl<7=BTn2^R@h_td^JHT9Jgy;Je}=_PjLLqXcwi`SU#Yl`d|p_ z3c3kubW&G3R%0t<`80p{mVT7Sf*!fh+Tpi2x0;C%J&_n+UMAx=6|%t0u=%U#L({+P z69fL5K-lIl$n>Oq^BlMC{1f2FIk65RxjYBu9k}NhsfmYddnddH=5aj(1>b7&!FBpUJ|iO^ zgdh>Y^NY)`QfKT2;NXsAii_z9+_`4Ay39*xci7C=j?3f02$bVTgJ(~3@Mg|U#`)9y z30>vkNPB+zQIehS|M3JfV6gRR$;(T8x%9QPK49-#SDy8!pOJ^+YtY#cY%kXlsxS<= zI9u>DXtOVv81sr#cLT#K9OigAoX1TF70m~I87l5@taK|nbtm!DmMT!RI=J^Z3C+~P zwDA1u$+O)2TfB@J^u!ggR2r7L-|M4`$NyV(Q1iMk_e*cLRtINYa+ATWWB| z=O&l>DqHF7!n2j~pOEg2k4uY^{gyq;BlEeXPc&!??SI>SN8@`ttEA9g{ks&V9=gFm z3SbUys9|gSW`x!%2PlM)n86;)Arp6Cn)xzR>1V9X!3X=9Y8CCvlst*Eq>o60alS^k zA}_)<+=_nf?Wsy>pESkpW$VmBu%`iGD^zU(`)cbhEPmOYi(sCq{XT=+37;>C$m4YR z6WkpC2~&EzAM6bwOSIt%|EU(%y1P%)vF_0N zAZgYN%Br3V(8QcPbhy8p8$M7E87?{7c7x(sI%Au~ENQ;}W=-pQQ0Rhls04Yx#v)7CR3Hq)oTVrE{?7ns4cd7 zHWz9B7erWbmNqAcFMn)hC0W!&T%%Rg0$1b6x?Y+hI5FImh%~BFWK|W_Q{OOr5$7z> z9{6ea#&3rY+9}^=IR?FbaTmTy*267VhU23&$i--*;9eoO{7R)#!&n31I1v5oOJs*q zNtx!PP)VlncF{q{lW&Z=`c?A-ftB_xDz|dia-fd%cRkYh=Eci#vJcRC_n9{VPYdk| z@CB21F1P-G3Hz$Jc(wZ}fr@G=_TpH^o#x|Yzp}?#368 zD3nr&jPvvW^(SAiOg(&cNJ#StbLqq-IB5g-N!hr~JiRzT3`QZsi|5O#yLFw8G(U+e zZG|nl!B|WFtf`0!#8|@rp}7Ta7V_aywK+Zvx^ngDd>7HBBWMJ1v#4UxJ8?X22yk51 znhtj(on73PuBbEBRS_6C^lo{pSu82F{_!tVd1zcy6^Vj-C}k|;F=y?D7C4#Aly+F7 z_vRR$$*K$VuROVb-L_0$#on#Dng{dQVIGU%*TIF7{APP)<3Z-c15GCz zOK~CbxEWSle+EHt0sHWaSCapARkpFmWYpgau(y3xo+;MKgU$@r={mogWOTz^QncS@ z5i`~A%HV-f3f)d7<%4O9icG6EzSh$6o(Ij;H9bAdnckOW)(E3==+m+bnfH(>JQJXeKN1QWz3UD&Uxqp$1o9mRQbgR(ILh5qms|#&lqrT4rfV6g_6cw+t0^_Ywj$qwmAR7BT?#Cti6`#w!!PBKDFkuD+@F(3J_7 zRC}4yO8-$V@1-qNd7OnTDLqP8;lQDZ--dMH^!^Rwcm zcIUT7UsW=jt~%`2(NAxzjz92+dFc|5X@vsuHr?E1$@=P|+M+{*)zlo! zr>l9XfusHYOIZrpnrG2oL4wqTTVAhW&ZvnOHHgV8)C#^3s;5<0XmC6|lFI-tu-+Hy ztCAjUsWfIMj=e;k*q0-q1T9ajeqs8itbl4Y&*{Lpt5(m zugyP38L6JkT}2Rnphcxxzo=|7ax#-e7rsYU)H|^%W^3UwL^^*|=HffdRM=q{=KHW8 zIfgT0!oKc@L!WAqbyM`~`NeHg@y|D$=Ab%^!0!vhP}&zj92cx z*em4wO(vj7IinMej6E-?< zQLSB$ijgX^R#L%zU$?;e25Rw&`L4Rs05=2)>sd*M@rgvmt~lJ7xIGwj5`@>BR^j47 z`+#Ct`32*~$-@L_2ZGi=Gf4HVJ+kI)g7Zp7fyEdH;+5~&UP14|mW2T`^Oh)UD~mek`;u~;vwr_Zn%}~+j)jw* zmO9dO@EmgV{XQAX+mJ&cmv4#HgDPvEW_;-)*T4(_Wbre#d<_^dJ zn34iQ>Zl?5+?Jwq01@~^0*Rw|eW%z5Cb!WZ2Ena~80{Lu9%jPJ9?eHt%9THwph21bnx-53jz zxG{A8g5N(3YUiuy_S#8=Jp3oqpJO|IPq&lKkG}B5=lCB|(h^=!+?ffeIRww|7F>0j z$q5GPAE!E$8n(@79>%j!Qk5O(AFe>$+Q>leX2VParR`}|uD`66Y@x8h%LE%HO1xq6 zwPxjIG?ciS(jpSyEU;#68!E$+dls=Kf;!z_u)dl>PUWJR`#nu07Za1SSn=fwlX*j{3E%5Oiv@fHe|4B^ZfJ$2OCK_9Z@E za}v3!({`KS^uGPJ&JSFT;5dH*qj2}G6zSPns>~cH-Nx=whL1I z2Fhso`&qU)^$KY9+1x?~ITTSkHFY7J($jj`{tcz>Z5g$&(}Y#r&L!I^yv(u=)%GPF z;Kznof5NYC#Djx4jekw%+lP7q&p=aJ&<}z<5aK8y&Iwh+((NV79rVKB&kcwdoq3J7 zf+0Mmdy9EJI+OPgvTvS(>s;u|sBIsCP&slvH%9w5d`lW>kZ)7*FwZ|o)bF;Lw2>Kf zs=fVap7oR)BLeLzNG*xSbpP0HtB2E(xZ3qx#`Z95jg5>pi0!u0Y$oB?n9xpAceZpu z2erQ(@A#4wi5iBQC@xWfbt)w^=Ev$2OVXu_yIwuRb>aSc@JnWAp}4iZR{9Dd@8=LsOFk>MQT!T9V<| zde>+gI`VZ)#-4l25QTZpb}Q#6tu^uAZSbvaFSl|c_QI=cByT*=m_Pb$j+oy1h!WzX z>b~bXe6m0>hh*=uRUpvoIR`yHqHk9S1=kw+aEvV3xw~Wbl2j-Afxt!79J)0AdFZDC zK{XbQSqC8gkHe`?4~Bz0C&DW;G3SWfnXTh4B1$4r(ku2CtP7_=A(+mIr1wz! zGPImQffK}|SD5XgJEvZ;X_a4GN9!u|4P9w5P}M#>X$yn0vU*F1J`sMvpD>p*F?IIF z8@ILtqz8H3a~Z}tUW{>1IVd&V2HTa+~oA-&5g# zeAB!XhlRuzK?KBHahVbL@?u?w!5r?Yz_f_@)%Xuf2Fyvw8lu?79Q)je@>Thd^qA;X zxt2+|Uk%droJJ4*unQ5r^BH~4PVQ-v;+vy%qu__rE{HkiWixUl;=+l)s@~bq95e`L zz82rp!`<`oFp_B&c80+485-EF1b#uv5F$N8KQA9|mz$SYKPR8|A(|K|Vy$)~aN;D` z*_({bUSTG}{jj1e77`^9y$!vbT&$_P&H#nRvhbO3^yLVXc+7WqXc#+XH^#zssNIP{ zvdL-$33uz~(DYZNF^Fp^i(Km)iWgm`RdaCe9~xq(%oTX>Sb&>}Az;#>)Qv#b7&xlZwoKZ*#&_nuF4Mp&&YS02-R_gxvn zc^_`N;cY;4ISB!|3i6VsA~g-$xl{vP%eH?RCCoc+i{pQnxeamb_GbNdE|EJE>1@V9 zP0pTHy+=Q^w?ReoTSK5V#h0ahfIMT=a{Sv(M$YuQzk*&6U%fE(e8b31y)$))&#l5n zRY@M-2b&c-Zns}WsNiP9`URtXrUlGW!a7rQUH8-@*7X>R{Zr&h)~2o|F(|68^3js& z^9qT7^&Oa_==0wMEGQ$S_FX?$vX3l}a(Px?6YI<@GcD!x*kYBjc@bIw`fep&udL2e zJ(qNeE>Y_^;kocU11=*ryYw?2W0JCRFb@aTu~6>TRIlu(Gil81^TeOM-z>Xp{dxD_ z93&o#I(^+|mGIcc`=O7L>}sfjv{$ZfCybR+ma6Ls?~^fIGm?De{$h$J#Vk9^Wt0s^+t@^8CAm zSw#G>WX@sO4eNe)0ZJ!J)ebA%C_mU7`U`~m0{^8>x5fW_sM&$|QsTA*1ZYT{JfpwsHTAa?zYC0Jzbn4Vv9#NS(ER-i#<2+6f&T zb~s%;dRL!kzHjr}8>(pcfw;c5cLV{d*0*l}>$K3HhT6_Oqun-q!J0!asth-&>ORXy>ff_e>5-~)hY$th zJdydS13)ga%j8%g?0A~!di2lEj3*%1FD{R3U`j*WpE^{^YhHB3iXtf#jNJlb8T~MC z(|yx7;yAcg>$l_i-_GHbjK+vJa8CN1?yJfX{1rUH65vkt`5X}0zPmo>e9eCQ32dHP z1>)VgP~8@5o4= zllW@00YK|lE}LiFnE>En)L0uCC_T>ikZU(KbfpKy&)iAH$MgmU_&AKe`?f|P|KnpV z3)I;X_ZbTLS1gu!n#FT+uAs;U+YQ#f+#CE&dNR`~i?3Ma?KZ?`bQS4cB; z02C+U*VWeJb&6Yc0*d}xTnWzK0WE5evq)qzKVVfYV+bu=hTP;@Jbw&P66$bgaqpJH zBV{R+6-WV_y&R79(5L!NfsrWb!xTKYj#Eik2HlSF}O9 zy^JoDrQ_H8)L_TsQK3XJNCTIxrI1vmc}d&I0G};nm+SQ7JD}Iy`}ctmF1K9HVbx~` zx7Qj)YLHsh_SP(Do$k%*x^mH8Ef3(;O^8uUPm+FamoE;VewGLpqZQyEj-MYdpSZjC zltu!ON~eg1AWwk!?%zv%)Em}@DDbP?G-%Npw8y=R*|Ai=7+EG!W*VhL>qG>5&ptSn z&gpu+9kSDm9e%NSG*4dmntU@1&mFJ*ZsKlqT(aNXc_+)Gt! zbar+&W{hOWTRX#Ij^^zXm!+ANCZxCYOx)z2u9J9Rydq;uAcIpFdg~c2OIkWZ+BARh zZ_5&)hI4tn?!EKz5pkgDSnR4DS2wY|6g^ z#c)e(IwgQuV!TCcNTs1GSQ@V|n8aJnV$bLki2LD!rS?fJ4`n94?Y!^R#F}O~QQ$DN znDigy`%B>&7cv-@M3s>{Y`csRzM)Z)h!1D?poO&XGlnJ*(f$-J;9>kC63pSa4CJ~kJ=1#E8Qht#DGj^7VcT`Hg zvxJh4u?F9)RL2_OI^#fT@D~vcbbw!a=zo-!DX~FHV#4Ws$Ny(NDK7nrS3vD1w4@MAYF$Wq5yQqTz7T{P}p0g_i_pX=!7J(F3QxWr11QOjp&b4`1}m7kr}KVdP_R=yy4THi;PE8BTFuTcLIWA8h& zSZj(2W4>R}j+vaxc6n(*0u||JAQALo6mEok3)S+R6c7HuhmIny7kFC;9-<=rCTiV- zE6fgqxRC{3KUs;qjfW|5w#;_-=T2YEWkA; z*Nx|}VAjlMRuo!g>8g6I0>SAIbPk$_Kkc+UgvV$KCLP;joG@ISQDBh27RSWKv6nDw z9K7dict;k4WudNwfKh?kbb^n1sS4rA5AA)O*P73>T#`wzt0^&`!?(d@bnXQvjFv*| z@8_6(sa>t`F(WY(-;^HM4I$4Vw+DvH4C~Q4w-|MNE=qj zywjC+#jtKyAWg(0enNd$l$od@VEck6ZhaT$k?$wT!T2f`PmkxsTNSDnm7L$HexpiJ z%61RqMejG%bGbcc)%c%@&U$e4&7R>QNrdamaN;GvSq~t`2fvt&I{wRtvGs(f$yDn! z<>KKeb1$nnO6H~i4Sh_ja#rrOz?l_EwR{uK+jtcriegqCtGc5^ctA7^(LOQ!M=w=f zeDohQT%LzJZrhg;Jkg??G%CKB3W7Df+hQ#hfM-}*C9blxN7Ew_x;QrI4QdAq4|Tk8 z#3-AVjl-3k?HdBQZJ*HTn*{Cc0k=ZaibWZB>!Pz5c!dooB@L-hY=Bt*Y)I@b%ZYwW zS%bu2#UAN-!MemEmRhw7{~=NmY5t|>J1Ip=f{RxkY>0z$uy-ld%JMmsXa2LtjF=_I z>@XkVzEOzRuLCFg15cCOeKaM%w9ymY8v(%UJd(GFD9+V3J^aDpq0p;DPz7?TR#i^r zjSCOB3n{%|Fd+xcIdVJ;nso@|@BlI~A<;T+l7Ad(XH<^x31a7m@tNn04RWV+jWOU? zQfOi-=QX55TX5)BbBBO(v1r01$3_rHIXtyIFODP{Vp3hVw4Kn|DRi$ahd&K zuG`dRhXRCCkmJ9ce=z<*7bj!WBFlhJ?N7d!)np9qsMzutXsdLVGiboi3idSGBah@# zQgfyH$ByJcso`0N8Ux!yuSk?iwGk>eyAIzV1Gm@7!>Yl>7-B!y6S{CPUU3JCmj+cU z476AD#n9|%F-@yps?}Yzu|CdFNo8Uynt!#oK)B@!DL3}EYyk>rG(DPV;a^E9Bfd;PAQVpR+8y*t2&h}`T@`l#EQeFbmX}hPUSNd#fz*o%HJcPjL^k{pn7O- zOOp*aGj{^ebK^rg7+uMcji>rG11&JCbtbFj8pO&(Hj@VmEH;k)1=dpvMQk8%T1rDwp{3_NDaMj@ev2E9XHqhuHLV z8Rcjza5x*sFk2k?785au!o1!69st0-{=p9bS`s5cJgdSos4oH2!?T%K(V9h(y$u^p z%lc)-;Zu&V#M({W8s)t=c)dMl{^^M3Ld#Uer3^2|*rcb7tz;gN=HcS2v`<&8BwA9n z*2&20!UxqCC@+hOl=RHkT8u^HaBQmtKnPC!y^U|F32(MPy58O^@@>T(jvrFO(@Lx%&HO^A%OIrcJOXwT^oxUj$mQvQyNcNRD*Wc4#DnBcgGD$&@P?_3r6fSoR2A$%v^XGzP zvS7flXo5NlsV2;c46kcNjDHf!`Rd3#3JxtPHv(Z#fJwxod?GdqMrAvGayZ56?<6&JY%;e;g(!WHk3tGk}h$X@$jW2*mf5h;jDFXQWu-Hy0n|W z|GbEK_$C{m+zO7J)&|a0wfONQu3Z}^b&s|Q0T!U=DYUhSqTf1u(X1MaxMQWpxc8$g%p7*DHI6eBp8%!`AIX>e_}m>AIp`lbB@ zYgyIb=pBww(NXt!qmm5qy#I%>caF|0`qoB+H;o$GW@EdtZ6}RwCvDiqW@Fnnnxt{# z#X+%H^ zJzTg(g#jG~>bA4j$wvrr3Md{toyhK{1P19`4{e4{6!Z;!5G3N168eFJBovJ?lNHs> zuA$GRqWGT)U(!*Q>ok^Trm!Xf2wa|gv?#h@AO0_*j1~4xd%wNnQBCDR%CIbSsp}Yr ztW`=s@N#k|wKj}$vW;>t6qz@SGNq6WtuA`ZWIBKOx~P@v3Wq0WS+UD3S@9wDnMtcG zALI(8DvgN;{K2E0#qa&7~$WV5EC0 zFWM59sA>{;g`H)4ix_r*>e>>2omMgbP3m(T z?=#WY^cT=u%pXoX8er%w0BR!oTg{tcs>B;7Q1}j;W79){Wi4{#HGLt;@XX)-a?o== zbpcn#2T$s`UdEsTlk5+re$MkD`ovFF8qZVO2Ek)#S0v~fs`@VJ)BF`vO#@h^*% z{V+{;wE!LFTe|2{G%cBqDG7g!j7PGOF?M88LvhV|uDLeL^Ia6^m&-?uXZ~%d%C>J( zp4a%5D^+mB5)#BC?7D8pf!xq$Y{Adz|E*1`9jjYzNJa zOPsgTJ{8%B!EMN4i-dD(d?ER9FX|!{lN|Bi0zN7lJm+}sW#%sQv?jVgnZOabQpU5G_7kVIgP%GBoC5RnjQ1?XW46bM6t{LDm4ql_x}dq;KVLV1%Fu} z>sJ9$31T7!4Bh?2r8*C6G z#O92Js@PdyBU`^ht7=@Xc2niy4MT{Z>IcG#grO9DMd_EEUtf zrr7qCi6y(*&9IoH0HdR`+=U|YR+ZZ+vO1a5;g0F9N2~0su5U)j_B#eC`iOEwpBYDf zw!q$Nc6NGB?LleMmdYM!5~xxX+gNby4BlB(%Xdv$U}9RRow`6&NU%gn;btezmGAyo z$o06sVUtA9Ie~-3H3*u=v|p=C}>CC&MZ9DZ&3V!k>z&NHJa>x#b=3 z9&|NO+)0Lo?7FTrN+VvSCw_&#-|>p{F27XI$Bv2mM99Sy;bS$=X_LF#zQ>LB^6ZcI zCOH1SVQBQ`MLdKhM4OiA(|aRsBU(mElcG|F(@sZwZPy3)Y#@g&Vf^anGAA&HJx;Uc za9{)zTt=!B&#Vt-*Fod3c?a%n=TAG9$N!QT8=vMouKn0MaPTUonWXv%!EDnNU_Z>| zDe$cs4hqAAYhTp5gJeIq^viiZA2G8@HYd>)5mKv3cH&xaWSGw~NNlA1vkI&CQ0t>~ z?;l9JoP7p$uFe|jW1JCmdbLq4Y*~DZPkL1LdA+SHnh~ML^?~$sbBd17&BHb|JbZu` zbcEj?>ln?GEd_2n&A_6@7#c)G!aC1`lmId7uG#dci!Yo!z4`i{cORbNA<6V!Tl^R# zU6FojRE6U&%+Lrg?{Ju2>_t01P^eO^b8lE^0ovCjo}FaGh$yYLw!Q+~9o~XMBVj5m zZa}ys;bT1_rF!~&PC7nnwxlYL`*GlB`eriO@N3BLeAvrUA_>~^Rv0C7$heji(_ud2 zXm~b?IcbynT-iB7n*sU_%B2R(Vh?4=JZuJ}htNM28+FF=5PV4&(*pV+?b=iXspWBz zShK0Uzn^y?_f5I7{Ot@175Z#%T7vV~{HHXL$zN5k7Tf3+o~ zxD%Z&bU8yAF+3ZtJMLU)@Z2fbz~=VL#YRxQpaEv%VY?d0qLZb1dxpjvO6MutgifSk zYMo&yUJ$Oc`CkV0OR{|oCDc^;aJYRd zgdI%9GskeZ{IPr9pB{~yvcljgA#xF(B1jr0N%@eQf6RR}j(Go24|Jz0$)HJ;u10PO zsZFXV5jM`$kwjJH*NG6Klg*tJd#Iv&PO^;{|b3x z9O&u7;0s#ko`!v`+)ez{vBkTjUrf zmcxvwa%ivwV~;Ek2_JsgcPJ4aSS|jpGVEBeF>zU~hb`Rr4f1>$lIpUUwf6jRrrF}T z>bSjCXE3}$DJ976IuR>K+V9}cf$zq*cF$^^-~b%9eqB9X4F2Pc6DwJD&f5H<_)>a8 z*b@plVe{a8)2iL2scQXmD=E^qtTKV4e2DzY|H-tXx_#~p1K|g{?2$Od zFfEQ;fBN@p7LCtUIkc$embaLZzN5D4WCLc-k>Z3SZWKI*RyRb5q@7KEj9zBiiU#zJ ziDLAHW$PeIXOFd)d!gmvLh>nmzBrB-;oGh@?I>#j^+qP8X8{d^X$yeck} zw%o9#$+TYz>ju`Ge65p~NbH{sz44|x=SDq=zpZRD_3ZmOv$KyQ;ns z&`@Eh)Q@{bB8iMUm66HcZClnkg>tRjnN)YaAycUE&jTo*&?>P<( zsIyO7`~ zBEA1^;_phBKvCWAhac#x^8N%obD3866L)?ZcE>50Rcug>L9zck^;P(dGl{tTo3%Zx z`U9T0BXrFeo=2js_98W@er z{91a~mSqHJwj(CiNbQl0=AP(^7u&L)OT-HtyL4p*(31?P#)H(T0i;A9rXcc{(kwZ) z2?T#;UQQHIm`vJpi>;nNLAIfdZ}2}I5PMTLziJ^S-YYsh;G?8P@a2Sv8lH9;y%$v? zGnJsO6A#AAs29py;-{n5kY0ygRjF=SWDO%RWG{r&y70- z(eB4;V@6CGv`aFhm-+K{5AAyd6>+#nyqzz%WsCddYZ5B-a|0Zjo^gr+?V7Xte`fc> z1lD*G58S+G>Aq#EPI@cZZ#%12;=kk`lWJ**KA2VOo0AA!2EJz3KB&iW@eM(tB-5II zMi=`?Ci?RjDg^D!;-q!jhFez(NpXl+I$cm@!TIJmXkJ5^^EkS%7IZ23RX*(#Y#F~r z+^Xu#6~$PmSh36qe@bQc0`##FVvXh;8-kq|Q9C70L*2k^OKu5$q~ZfA=4d<)XSKz9 zvVGV1;Yru)faKxz=&&e!DlNzT%a6EdcPuLoWI9+kTTEsrB-4_jK8k!V*Ewb{n}(Be zVG^_c6iK)H^1O20PIG?xMpr#}1dX#5*$=D+fTDz;;GT&ER9!W+#!uq8g$0lU=?W6VG~-^893$80iNZG^*k#F6p^hbYR?&=vIE zAx9?l6zrn9t2wy}>dBJmLGGMz2-Mm;{Sq%+pOM1VjwSQ)f}e3 zKpP}wzrnucW!E6PB$1m^V7S`sy!ufv!d>+*id`1XK%8|K=c5}hOiDpmHapor(VOBO z$i0GZ!-OV0IZ+aEl)sY8=xeo4Iw9hl?6Ss74Xkd{H%600-SVtw6WySwLZ$I5^b~tv zSN55Y#Du;A-Is21$hE4gUDB8O&A{Ej(#dUlif8a%S3NJ8?9*F>lz_#sj8j-CHyI?B zGd&ElkDvy@+R{$1%W&lvC6+tzy!Xr>2)=Hq&?gDAt08HEf^+zjTJ2jlS*n)O(w1|! zE&NhaL?xy>-+aY~b7uv9D>j@pt_(PENfi{cTY2ymipA7L!#;Y=ImTq3=Ngz?TOjMd z%kvn$2qmdw6yYalYq<|9s5lO0TTF;_Xk5g3G;B~8YUMWws2X`XpFFNtx{c|Y)MrR8 zz+g5_W`4&smKP6Z6^ayRMzbPIG-=CSDapvh=G9GhW*lqz5_>~Ho=uoThL$2S#I|3S z`|*=J)XXI*l&E@uvln3#JeFgjUCv#J1S=jXGI36t7wu7~fhpAv%AP6fle1({0H4`~ znUdhe*l87~QQ_yo(>zMn?iZs25)B3n>*jG6A>2-b7HOybk1sj!umcHADviY5dj1F zDBBt}idCJpfEs6`J}3C_$W&~6ST!OKg)B6T4nV7;1eP9A3@##H&p$V~CX|Sch0!3s z)w5N78l}OxQ;jh-obq9WH!qGwARm=Su^pjhw_m_iwa~4hD*8C{T!f{eLrUpu3>9wp zECHI*BaCbJqh6JctjQ_I8;tL3uVXVBLXr&KCD{%T2BP2a2IF{T?yU;t;z=?j2~pAt z@*=x@IVidQ!c(fFO2 zf!)8%Y%W)#v=xq^+%P5F$YhADFHWw6I#uJ>cwp55kch|LM`k(nqtyE7`}-X$>WEdh=n+qwg&QQ%ri_kK8S>-_x;cJa!r=^nYr$F#rF$_`^LGc)98jiod4Gse^(RKQCbg4< z6ZODsq`y;c<{Yg}WNkj=4`NCFrqf)5f$I^!xZ>JbSz_4xkE2HtjpZ%|X#AAo7+VNA z2C6FxvVN__>hq1)H%iDA+DC5>kBm|EQsNxS5%^LoXR5mMs=#SZ#bp?0LY7ILlhH-E zvJ*Hc;dYYV@gfHE`CcB+)nu&c)LtPpbgKPrN3@cIJN(3)+vefi{c9C_h}&f^K*G)+ zyfJ}<+!o?x_?Koi;E<|teHaP8@E|je#}JkPkCj!}g)1{bCL&7(#F%|)%2)FHI$GCd zt3bm~v+YY#R=%bu7!dshLc2-x=8u&$rrgl zJGKVh{c6}ACG+9?rq+EeOg)vPP(mS)e=Kx$in21}i_^9C9f?)0BL_YSI?`782!=az z7TcAwc->ivsiIvIy!h~`KqucMi!U{JqZ30={0DnlvK2+y2F8Fp_Q+}JmR*iwLmoz-h2WQ*mM&hM>IY{sYF z?V>Vp$XV)ED;08t>wEpZMpNLWXdEC$1>hGbVp7msI5jYw zX!q60D2gw8O4l|;9N`PSb_9e!mB@8F(Nl!Ms}fx+`??-7<)dC*Hn|9x8HVi7h>}*m zsbAcR?jPf?;)OpZo)=-5wETf-z94u(3)FX!I*@p{`r%`mx;jk!kknIjUo~A#IPFDS z_Q2$>RwG~OpM|WyeKX(`dOd<0zbP=lb)?sMY7tqXgy&yvv$5-?M9tqD#mR<|2QatfqW*qSnI9dS(J; zPuV3{#Mh>hj>>@}Vr7PTr%D+|wrt_VH~$W+B+V`gNai{y?s*TL{Fu=li5pI=5e8ujGQn3;6}iH{xRV z&2m&n!u(#!5F8wxuZwtoFT@smDq~}O@iA;@tU^#+D$G`GN_r)azWR5KieZu@RL$|+ zTS9eeET24oOl6x54f;}Ng`L^@=|>Ng`qZSQx?QG1>1^_M1!RwwGA-#(%vA0q^Rqyp zesQGH{Q=oY>ItqPr4C>>_d3({>Z*EU`<%uw6UpGGlQT@oAXtYpMrjwvUD_V#FTB24 z#?UuYhagMxp@d6~9!(zf8|`8@Tv8-!fkc>3^g` zrI(EN)|IHgG-Nt$S9IAeKX*2N_8ad@YC0@$IO-dI7-eQOkUN> z`^i}w5=&V@Z)}mmbCoqol7<_!W`JWB`YFFKe?-YyQHB!M+Xc@1%gfc4xLB1Xd%FOe zEEmW0+RX6@c!$xL9wEO(yb%hdKO(6&;{D1XCj(+OsQ(p#Ni$jqtu|udz_2DWousjQ zNMPhJhV%vu3w*I_^U{RMVx3G9wU1xDuj@0aL#uEMV%He z=q!AhD2&IVszEoLj&g5;;M#64#|INZPoW_@&7$vG>>&J-Y9w9bk_y(F&F}l4*)6$2 z{~k0*Y%~3&)PqDqIC?S%8yOa;4zI55nIoNEQC)&Zpio}qBSts<$J}h(Sb1qxwC!zZ z+g);edhevGJ64ZR=zovh)0Ee|_ztT%**`i!J#BsyJKi$xCQWKze{LBKv(o7<_;q|@ zUZXSPlN@`RQ2af9X}L(3DR#QK(ENKP$0uJsZgz!Yv6t`>fvA`8I+})AJVCaCDsRIK zq}iMkKj+f-?{@`_%7~&Gm`&cQrOyMzJ)G3Ozk|WEv5TBnv>NFba!ulPe;FdYcDM_E z%{lfuzQxc{LG;yO{^;}t=VVY)dumWuac}Tz5?o$w>lYzeQBUuRQ4vH0-?68@mdf>C z)L20b<|+z&H8#ya0^}7RB8|3Cw!S5qhXHr->dd~mK3A$o?XYb_OX*XB6+dG6XIoI_ zxYJVry!C3`<+(izzGCx%g2cec`dwAX;0VJ$9T_>o{v=LJeVsPiQ#H5vJcEx5`;%6N z6rxC*TUfY!$4vFjTY@0Npc!I`(VrVXGV-!bzwXY^CY2?6np^!ltUPtLyXZy7uO1de zIF*C@CrgNWX6^5pTbMWuHeHWD5c#G7Lvv$$jRsW_q{x-*<>pSBUVD-4qKvtRoJGMa z*#yg<#L3aVP0dda4qJThwA-!YjV+`_&eW)sJ<=eU6uviyEHAFa$wgkGXxg$KifaBr zL&9Fe6=0D*a5Bxyg{Gj+VKUu>Moc2xh4-{+W53a6g z-*`Mv{uEYQkS-umK5HDdbH{~!bIzv<35E#H{GTl z0@E=zednbH7+YGmn5Xbgns+|?^ZMe&?_1GLUAoy%iDSm#*@tPQ42ubi$2^3MOV3l@ zU9_yeSTzAH=Yu+#-?`Tx%g3FBI}f9BOt0b4VfSVVUjE=-c?CrU^K8km4BR95eb6B7 z9{hENF#Iv|a$SWBGDAHJ>)vRKP8;!| zCh#=Uo@&>e4Y7^JHLGcGh+|m93{QaFZHXn&68$Jo0XL()_RU9?$5DakE6*S`%5}Ow z0sHG%^($J0pX|xv18?2QgVghCG=72eS7)F1tzYSUf78OtE;I=Wmh8A*)|g&b?6}y0 z=9el(fVs+{X2XFy<4yB~dE#&G0^TbOCwJFkKDtX_a1Te0fToADf86z?KlvBc{fi|G zLO8iWhE*}_=Y<}d7P^p2u)KTikVv7ETqpFk^&^?$Yw0hCudnadJCpPqF2WX+n;?-> zDX%s)C9^6`maU(%Hn-UPruoGN$}-pVW46W{fL?Wp?iq$zyAbGU*g%uYEC0HGU8Ekb ziexT!!yuhj&YUYUor*0J{>MJU$9#pz0^fO?2>g_WB<75`khVz-RqeRD`T=~eskeUYYC(8@P$tq;g_@xQ?2&WSH}F$o6s&~ z<@4REs6h^D8}HXXpYNU^kiy4^E18QuTo~IDHI=$vA^f`!eWIc5vkJBPPFdKvQw1+B z3MPpa99=zLL~FdDC#Y4tPfF}0c|byA4saRIp~(HL6^$>r|9;1;ZPH< zg(<`nrhD53>EV>2=;Kb$+5~+)ecq06)N4-a<~%45D)6hbtIAt^s$UMF zVI=zrK4EAgt8n9&Es#{(=emKm1Ixr`QM{1HS234AHN$#n-??hdp_P)Ir$CHk@pUHZ zR>8zy$3-lr`3tooH1j~+1!%QEBQOcaH~e5*p-NNx1(S}>ssd>OBi0fwwh{Yo6dH(< zix=G6Xv6BV;jr@z(%~8|-CyrhjL+sHV8&n9E=pZPfpPcjATO z#bmOCU8|MTGTLFc^t|a?02mE{`V$slY^O98JhW*W&!Jz{eLQ^r%@2u%WV!RTJPMX= z4QY}7ABmE=aUQRMsNYTZ7(?N&#CA~~VBJbrrK^uHU2g-I%p~pckHu~NK|1p*w|!Y3 z5mQ9YuO&2yE=FA0Q?y#}NTVw9Fkg51qR>QyOUQtU>o6;M1xxq7V{6fI(Gq>%-YSqN z57hDZQ6W*mf~QaAvl%O2APDT5b=P0E1Y}#QYZoF~WD4krVM~HBY9UIpsZRdd1fWkg z;{HKp2(X{lE1I1{73;c!vXj|^v4v>6fnho5CVD9Ol|B4^EGuQB%y#!1HZCCs1IkgY zF)Yv41=)tTS`1Xoq~Az4B@${S*%t0i|MG2cy2@p+Vc+Zc{d(DkQizyP7J&_JOV>H! z%ABLaJ;C4bF+>m-rzaUR+z%Q7z1gg{tW-AB8=eU?r5I;!z-x14S43xyx@Yw<0q-o~ zw}6W_1rtpe!fmhUf{2cG6aXq56OJz|A8mLXaqq&Tc zo?=4@RArr}#hAAO zB`5~%++32sl}UHHLM07|gOG$;e<%~Vj{k_3HLFf8fJpk(f%h)Q#S+l z2ZT%wQS|Q}NsHhTpPx05_kk4+-y;r+s7D zya3+w#f)CO7`DO5AR*Th%?UD`yiI$D7?J9Y;L99Umed}&e|8D?+O&45BZM%+7gp4 zrO;5O?LrhA#{QBGcPsoumjv#SU6a%_P~XB-i)pN!%|#F43^MweTEuHGg(L`1O0~R%>VL;&(z{Az4QyTa7K}oC z523)wQJCqVruF*~#^X*HBIuS;+HMlzt~k_*cCq+d#_LlAJ;_vU4j8m7G?hsWJM$qB1c%TIOtYJrg_N)1Xzh@OIO9 zzjy}tg)4s|WFhvr+&ozG9%=jhe}FL&T{;nFSd9K6zL%<+GyR@g z03iyBj9%0pw+qLX^KT{lgcD^Q&pC(7jQtNFrhThII|7#amOUlvhdMM$J>_^&Qc3oZ z)+Dn?DN5KO(#KK<=C(dsaXH!c@o5&!;Vg{EH4qjsUAiuP|J#_l5$zV5Z#>@A6SxM1JyaT()gKDsm~ZCPuUbW(DKtBEm}ryX zJnDy-r+Per2(pwAiMZ&}?o5udPhr&!=JDx!w?;7ODz!G84fG=jS?_LY$f4=Z1rIWe zx1f>a;|l~QYSEWNdAhxVEa36o{`SPD6;>58D_3xKemy~jX}#ww5iAC;^qju!xYe4K zQZ)zfb{Y4AvnG0D0GEzxd~SF!H6`gYo#Oe+gC&mM#>0an<85DUH=nIy}ROOzEC#27S>OGHqq8SWrm)xvY@7Q}YF$O_B<)!Y2r3)(VNU z%Hv`KtFKj=;fP&|N|?f!Kv+QPVjpDNK7)&!kfz?6@gVj<(YG6jvE&Xh|UB&%=G{Q+qN8YM{Wq7V?nA#+DskOVV=B&?+#ry}A zChorkAf25}uHJ2Q?p*VxcHkTB$=!6AP`(}nL>ywxP{(uL30HfUhn&pW{WSl5+>{8e zNbq05o?vJpi7Vv(n^f#x>#STGG!i^HFXF>f2jdLkxmfhf&s{xrQ&fIgNk7Lv5j|5= z*aUTepw_=YyrtV-P9-@*h6R!YsZN7|>tTc9a_*`Ogh~vxC|dtJViGqAy6DpqI~CK1 zy{KaiR3jLgIXvmcA&mbze(ar2#!pkc}DC~UbMk1 z@2kOGSd62SPNEt+NYroMGI>3Vx(ZO$B{vwtNk)_hQJF#xLE^9;qdd};$_c>MTb0DX ziYh~PQvM#OcA136v8&qnp_3p*->P9-(WMuGu^B}!($X!cy-s3pfhF@AMT#2-)2S4| zkB(7qLj;GH+BrocnkSSduYiYTdo5j-DhY4E1NB?t`Qx@(gJnrwcY1KL-`s)|vgd~; zV{Foh8K=f|&|T#A2@6`Sm-}EXWI@C1BktYsb;Kv~UmPJBBU^vUM|iH1bp+T%?n9in z$H4IFvCb0EftsfGn8>v7TJ>Ywp6;G%82Z($$$jqopi49#DY)WN*2JCg%a7U(~02q1{Pq8ZO44^CGvp48DsB&VtNbRB zu+9m-))!*Lfd7^qOib;%2ytBH*PJM8OA#w(&%q^d%2mtM(J7>6P_$16dYq)Jd{q2OOQPAaQ2<+oz_g3{P_n z9S4Bq=n|s2(OiDThO?@e(|t6iZuPxq>GWa6`UUW?ow@+a>$Rxds}x$ymnX&V&O}d? zvJKp&Dboox9UHOSQuaW2VFjA2g5v7hZ+{)dfg_+ZFMV6pPu> zwHa_p4qG(W#&pk++Se|K-1)Jz`Ik;1zG|M=0HmU*zEBFs>4#8R>uFx2t__;LH~SsR zOZ*jrem53^u%9-upc3Aj*PCOiQp|Oh9KU?c5Cm*4H{bWfyAD}T+(zPw_xeo@0+4m^19(S%Z&5MCfAz$CeaOfvK)7ViDB9c@ zKC4muoYm#4`RIt#?|+aH0^D2deO`KGMt@)VZ=<=cbG|jGNxV~J5ap^3$-F!i3!*i_ z?sGzth%Vsb(K2J~Wt1LFooS|vwfF{f7sMW3l#r}br1}K;>{t#8W|6PXuET$O2Z62K zs07R04gnpHMtXGrZ2kC7a!bFpE^+~}HZI6d_ZseUktSU`85XrNNS=G|8Xi#I=Wp3? zYh+tn0CcPVb3ph}&kp^w{}MwA@F!ifq=fU^+rA1`V7;A3fCF)9EzPI}gvZ5un4T$r zEv=XrrF6ji56Heuv3tJTEV(z!LDuiTivPrHzT70+Joa>`ywr%a2m>vNfMZc7!|O)$ zrGJG^_=5vy2iS>wT=>&cS^1nef5lIrL&c@%zAA-9(8a+4{ceYaX5tT);)hu#`E`0w zd0N51y2VycLoiUIVTk?uVDfxX%EPiM>tYXa{aL#AOMN^4fYGh;UZ!={Ix1wrNbb(}pW*w|cguhoO# zb3<0Q2ky~gjUZsBskaB*j%WPGNh+8Agg^aJVk*M?%^RSleX2|p0DP0w7+Poae1c@f zd1R|BI;{cA#1H<@SFb}*Ag5QxUV!g72mRKc8y2V{dh1EP{_?I3{&6ULn({A4f zcV|~=4!6-(w%ay4)gCoHv-_($+{zFDf+oNQYtjGg^mDT+IM!RpADN*aoaHZ-<--V% zbu`?wOqgv2uWDT0=QsTeu1M0m93WpWwtMWr?tfgkB5`nwxg!Y+p0=jNZK->SlDvJE zUShkL+;`mM=>E0Q`RMSg14u)@<*Qr#Qa^ib36;A9E;r9H>_R zx~|_eL_^t7yDDJj4i;p0phG~MT2j^yu(|9}0eUQYv~q!sX#ku8i0`IAk6}f^d(XnL z>|;*-PXu6^YpK^AStsrz-}pB!9pe%nY~h2p*Q@eAK=SQ#`kP_jOHTpNq6&_)p?8ul zo9-6D9bemew8K?vVMH%4S<-p*fluFrK+3z&f4!-JDDW$FUI5W&e;Q!pUu2Q20G=<& zuRzD!4zwFW9pJv}Z#s&2MBIzc^OJPe_2UmONk3(?^$j}9^`3h5U|?byc!2eO+W^bg zDE`;&4>8Zl>p(%b5AY9Fk>vBo*9Idtk!1K4%S>2PhEX6%dJ%|dUY)6+y+etSRiF%l{GSqjrOfCGy$Q!cDHZLVgHiY{@>F#{=Ve+ zque+>+xNVdgAM5WapsTk2xI{pnxkVuK%fuM1mka`&S9%-P(2B2_X8v~xd7j!6hMTPJ2~;g#w$e?{(Xhu9w0p3?)h4Eoxj;b#2$IZfViT)P~8Pw8PiEA^yj6P5%m7}7(>VO?|qlJkHE@u<_ zz&V%a6-l?|zhV>t*8GsY0$`>1Ad;Hj2eS1$2HACQJqeYTQ;rhO z7XC;-N%c)=S;JivvX;3J1@r9wl$A8g<7NE}{3OwecMBUIJob~oMI^{}AN`hvjCh;t z2HvEb&1L6DD=WY5NP&aXT%_pnaQPi9TPBN#QHu=e?*X;EyWRaix|)uONA5S2a@aTD zZr0l-jmozGqyymO;0*A1-S8M4`vuei8!8P3FnUCsD+s{Qz7RDA>FyKz#jpQy#30It zvQknqRUX0;t1DO#1c%jULyjDT7!+%Nr#%2)4wjE?MhKfX(Ckgs06%}?*&llZ@O<>= z-!tC={vbU0KP>G6XC9FCuh3?5Y=o1v} za_rZI=ufR;eyJ0C=K?rPN0^%l(O$m$a-5GFwSeX4Pk`fC4p{%xyt{F&?QK5I z58b_I`CSq%k^fa({9Z#n8kUy&0Iq)twuAfLp^;P*Y|&Bn=x+~7GzP#aI6Nq}4TY0y z4ndM81+!v|z4*$XA%Scp2$&A(D!sMLyce+34g;;=6fWwdeT?nzY0gL<2bL%PK(MzD6FO`L=4i7QN+hO8X5y8G-fq~(o^{%7VWz+eSfy6A%Du-E{V`Tn$zEi86heH+V z5B#L|L7=V4G@?45Kh6gzXi`V9y8nqb09lv+^wtkpk;b{SLnR1CTKREM8#l z`Y(?B*J?ok^oUfjKbkX2t8H!^e++cp)_cTTov?LQTNBWANl1L<84;XToz2OYMvgYPTTFtbzrvEB4YIsU6751@wzUPArfy3CM)sUBlD7D(UTYpOf4V% zvk><^_S8S7VhJE5Ibfi?+s#J7!?8qOQ{A4Dz3j<;d9ZoB!0rY92?+j|F>BVE5nT(` z_en6BF;7AI$KPXzO%=tv1ZjwAw_mfTA6}TjwO#PxV*Yx=Fc2701Uizzi-bRFzkh}5 z^M+!De}K>rHFRT~AiL*rUWLP;GRu6C6BOFyeZBWXnj7l|4;AfpI? z^?s?j|0hl7{pHf}5K!y@_e?Jl@193dULme=6Ce;jrcfXn?sZ+7wECtnIlSUPasMSY zgd>@>V}MvG2srufuT2M>H6h-9?s#MdFKGzxJC`U~J2tm~b7tixi8!2z5`JVN_F>+K zWbz635A-vH&T(V4H`pDE4Khy9&%3rwlN8vb$8+9zb`nA#^&?tLS^hLOkqO)F+IRln9g=HiDvoGA!0;ihY- z+u?un<7o@id+Dc=uL=Pc5CIiYAZHR-U0wpfK}!2d5(*qPS8OFV-vbH5|A=hP5pZ`uLf(m+lDu@wC7T@b zA3G)!CG|fqde6<2Yy1H2C3gUvULfXQH)wsi@%IAQES-7z%oCFjV4Fb{8``~(P5U=& z-L$?O!g8V1oJ}M`X@GxirXPE}-zJ&fhdf5*f&t`SK&3$k=G~kf6@USezXfTAP#5IR z-ywe1aQ3g_&2FCzg?om8 z;i1x~wY_e-5=ayoBZ`nK9KSK_zW%-zxaSJ0Jb%zgo!$YP}bs>A@Vv19kV?RNQ4Ky~jA{{fv!OeuH zqTdUF?AoykE}XY_jJ01cK!t;VYW~dVH8A2IBa-I=M<#*E;T$ zvyu=&vhw{53G>%W z_q>4QeaPa2wDN+4>F;nP5#3d=D$&x$$yPa}M2o${ajNwp!g0qg;$3TRw!$OMemryY zzebWdX!$|h5AU{}NYJFI;Z(BLIS9;n4{w_^W`a5^Sum{+@A0#!l_>RfrI=JSwi@-@y|a+5b4T5Dr&sxE7;Tie*710E0tE_wg^-s zu0)El3009!@V|TY@weUWIvuShXzTvKOf}>TN5aA4aaJ%fmo#q>C%52`_DQZ0Ch4S6 zG>ONCZGJecn4F?|Bnp2#2g=xs=-vN*-Mzz^PzLvO;~PTd8o%{|T zAdVoPk81FkT9~Zj7igq&V(O>nc_a!>5Kc}t4OmtTcbd7&m*)Fax0^e{v|7XnyAESA zLI4T2Z#^7ez!>3)~4xqpBbkfdK}AQiX&QqFBUfzc4!fcn&Z_{HHb zNX7}BPpDn0dlcbHy&~m&&*lf?_Xc7#E-JL{e#ktCNm1GJcvaf_p^!hhZoER6NXBW- zn5{R^qzf23qC08gi?fI=Ivp~={MXUsK-TK%1V8nT- zQUXpNJ=|RBxA0WDVfwh4P=k_)s%=wVtllxw-ljM_y^wd@_E)Y88_~z>T8X^!ex=-znTs{g^ z=Q71vj}@OP-9s=`6pS@!w^u4eFw5VxZc$*hua7MoG~E#^HM$(fDBdSEj+cR$1xtYB z7UA08VG`h0Gt79q&|U(TY1~ax#G9ZC?d|1({TA7U8L#tv$U8T50sLTLDKsm8h}LS#_NFwO>t;Fkt)Z#w=t&kF7o>flvk{iPuFQfADp-rQKUrU1d0Q)dCL>z#Y!-saqSSCeL#Z4yY z>YHkB4#|Uy@wK2ZXuWKqND=6@G7=LbM-vk=k;jK7K=A2UN3cTKZXH`xXEakPxEQ=j z89MXG8dg+MP=xOlsdROcq8E$#gk-F|ennBJc;X=Y73)A*2VKZ!m;|HisGzyv$bGST z$YZ$*+DQ?V1LI;}8lFf(-er@&$wZ10=>1Wjq`px~RX}?mihRCMGfO@!e_7;@V*1DN z_!Cpi%h=HrYx%S)@PtE~lbd*t21Rlvm9yN0=|&6!g^p#bWe1OwFQ@d^yjYFU2FTwc zBzt2+>ofz7>pGP+SzhF=nW~XPS`*io!b2U|7eLGbVY6@FZU*c6y#4S9g8x2za!RDw)bMZ%R?TUW2rUvyj zs~i+ONQoMJT+VVMAs-f#tL9-v*W!os@UX0N{LwiyMFdGKV6vctb?!>EW4hHey+pS`uUM)YhjaZB?SV^sLM z!ne<(DvxuWigjceIUHHN%=CHCPV!78goEZK&PA?IJR>~DYX5deLgmNKD4x5|>C{wH zobh3n51Fdd7*CAx>Sx%wcQ5nP83=&xb*>-rxjdk&n~ZGtI5t#6?6a;@&~LV1{`GY} zNjX>d@cv7|1dgfxi16bs&EITu&}@ib#{+6Wqe|hT(HRx@w>a{T1qeuSuHmv zH%tCawS)2Rj&0Z4kJH5pjH9S-8SbIUxe1pEF) zPegqt*7G|VhK7?!#ybtsVPB(Mo+bL3fZ_!2EcNugQi$7@E~@A~}K-n>|J-fr8CHoJc%ubxN|Q zRKZ*^1-^qSnY0)d&zGdnl|3dTp2Lxn(x)Q2ND}fS{<-CFuQhiOpA*HE4tJ4q;rZXb zmM83;;$+QoT88mYXmFrFWgz{e+Um9+@ zj%;Ap*Z5#EcaI#yms+aVk}26z`iVV!{&S)VVxx~J)6ax^%A@P$q!1eIuJt_=(ezn| z3}J5B2;z~lGVskhdwWYJ!kRt@48Q(q+G|`~055Ycz6`6re{m~jYWQ$R0F zFZQJl0G|!9=5~h1WFP9a)sv->0-*cF|8e0V2CK8Y??^}qM)IM`h=zUZy_M|RQk=Ue zW)LeY`w}QDXNaFP@~oYd=vn=aCW>!RpC0VdVm2}Jll|3+Q$^hIaVohXvdGsCU z_W7l94hbvu1kPaScgmT9GG%8z%1%7(zyf{!KYF7LkGACw_YHBv_$i5Ua_Liz0f|bL z&n++oFoXG23*pesuRX218nbu7CUK7!ihXtR|9q`y7i9`Y9>OV73JhLxzfO^5GazpG zkv9EQ)cpi&gx!G^D#n2SE{xi|SxM4dk%ocON_Ca8a4|n_Aa1Ml$|T9xa46SvP&ijc zHd8jtBSLZJ-;^24M} z#GZk1qpd#Ge1M&$CE|Y25%-m#l#>5MeCO zM|_W|PO2ZJDAyo_6QSYMpKQ8Y26{;zcXmSky5!(PK+{3mR6J~$Ad4K)F|0&PM#Yn( zwJ&>Gg{^8&j>o>be0KWu%+P-pTIje_%oZkQY>tg+HV-Ie} zSaTf4kDHzSCreebe_CvFDeg5h-z3b)l{c1a*+*HkiY!Xps>If29r4X4L{ykeV@$dD8w;#1PyvVPG z6n{j2DCa=w%@Wo&p`qaC_jx#NnlxV^KDNY8W&YwE65%S5x@p%#zk-jjNLb>@_Q3C1 zL$9LlD}KCaU0$>|$k~*!KC?rCkc)^!qNs;!Bt5G9lMF8_KdAyc@$l9n>F3t?6$a++ ztBowT)|l%GzEkak;GzZ~ZI^NMeIElrMXh_YvhnkG)Srm^ZPlBlx~-GWj`;W&rhF^XG=fO>sDT;>h?hhYwAkUt4`V z;X-r`3$tu^*K*2B(h&~isT?BPCwC(Zp5O|#>Fwlpter7-litHOGkIf0&YEpvHyatY z&BX;6N;n40^2>(p4xclN=(sPY$>wXS5jOEG?`0n#^xJf=UO*F)u{Y_jP^MXWB%Sd^VM3dNVcC0^92=5hyipJ0 z9i_I3RVw47LC)Cf7Sp-W%XM;DfMl5avZTh8)_UObMbCdzK?@T+vx_FHik%<^p@Y1TtGl%EG_YXA7KfAD$-Vi z6`BYcMw|q%*-Rr%jx_6?Pt2sRO)2UkV1qj2r?WIpi`a_zv8;X|GI!NzxR)w`KDpqp6(Ox zq?%FmI}a=UEyH~i#qIa8jTsn!*Q4nVJI+AOBeFRQ*d#CWUqCIrQ^14lf&LB9ybCbC zR1S6Pw<_H%jyy3-C!V~eD2q90NlnLzzY8>W{ZJwDyghK`AWIyzGSaMtX<+~1V)|y< z&uW3>^2jTnsuCd?8|Cn4Eg!D?eeD`I6%9bq{i7kK&u3%%1@rtJxL449H}l9q=;0u& z{BCdb=}km7A`>NX+tYzazja=v=+B;dn)OGyLAv-Yndwg*%?qn9n5J}bOWhgA@b8tZ zLJQ$;P-L%U^Vns!-dAD+sGDLsc=kW;U_IfPTI78C);3ECfvcuJK<5(6DA4)Xo^(JQCa49W0P1eXh|~G zMxv6<8rvvQ3&|T_b;Y$}B6(R-Ab>r0F%TCjUm<-kA;6Kg`pu*CGL1ki-J3g`rTXBa z^OO;T@A8%n{z6{RoNC|vbRd{Zb8YgyE+JX3n*ccJlF#FZtE88{+gbm=sZ8V7zCMGO zzRk<_j>i%r)|NzI;fAI;A7*DP{MF zXY8IRy8Vb$fA#I|8!LtF(bG_cLD{5(OoAJNiip@o|o^HUC>d+-lXb|R(pz^s3Gp2Ty`R(h&8m- z9^o*54zLe}8a7A<-&Gw#f%79^{dF5=0i1xVhC2WhI|QD2J|0dYX5#a?PPGg61-C!b zmOy$l_FMt#uXOpQQmh08KHArshBYLix5jLWuYs9s9j-W4?&`;rKiL_q+{?cRh_SgH z%^bun&8#V@rGSMl{rh@m-%4#o1bCh+34AGI!Awo zr-YoT>JpPn0$GEYUCK{9v!8OzNHh$*hN<|?5|gr2)A08<^wK)aQrfaz_>Z8EsNcEu zV#H#@K)O_ne;QRDO8;aFG{^cSlO$CJ-~1abp!S(W2;v=R9^0VjX0D*W7Z*#Y4OXGR zL@ygla#?CRd|usu4S~)EeaX5LGIP2G9>#$p4ggelJN^t(D*@=Rq)B8>_Tch#g9BLc z)HAW06I~ha;^q)qS+w?Pw4?%2y-x%Bp;~5f%>G@i1uRFrH#`ODC>N^Et!Wom?fFy7 zW8*>3UGh*F^L;931*nu--5BuaGhp3PA_Z)30pIfe`=dYwzQ?bPH{#Ci(mfFH^w6g{ zz@y?M5j%!p3U1;7V25;~^m0I8;S4KSbNL|o{^Bc^5ndsWD23UkOK1D`ckHRPq5&Ca zIc(A(xoy;We=Pghs96QL))i!S?<+C}`JcLVDwU4X!AyUBs%mRo=Es6Jxj|7+ncN|# z*34ke`i|rRgC(ue+#8p>$D(^()$%dDxOVY-c--HOZ>IJxq+fKG`-WSdi8LY1xLA7;J$5FHFmMlnOQ|-lvkx+!v1zmkV9n&FOEc;HvTx z$SswQe=p&)(uRu?&@B9GujkE;{{`V-{{42qBLq|cIMN+t&4KI>AVAmdZgN6q@$}gW zpt*bj>^jd zCh!6nUr0e@wqQ6Y@L%i+-JXB7Xb8n}K$=&jWa^LMRce>{yzSZ{*5v!+>f27~l2e6U zA7;$C6j6-$7+Jc;vc0l#5tNLtg@-1H5UlUPUIEDPu>tLYy)LiYisNkMz)XqEp2TPD zegSne*GuJ)_mXc!Beq%f10_FH4-!`op*|H76J| zrC?-gvxvgXaETSXTcrd!V_}=^n`}R-r6(ou3(g+YCm zC$r>1M%m*)L?fhSVXYW;@*3>{qU`{wx`#5!XU!uNbo){5m-$s}e`aiF>G%hsSbHhP zdw3nJfa$E%=XSH;PliE{tq70;a+YK%<0KUJP2h(Sq_1rXXe(>w1Y6KDg$mEut-^;h zXG9qa=my%FoAw=A$Mm8lc%$L^&gd3(eyI3 zFYPw*o~i-h+8l9V;bNNwDT^n_w9G;OxY!>6t}Q>RfTT>HxxU9Ql!TOE4jfF`-6A_b zXlgpit}gyql4N9%D3TJX${b4MEzOFHzpf4nPhcp)FIHNwa_`voBNcIqVFIujt(3sl5YR^g*Qj0E?Q{ z^?_&=~-eIcpZkzO|@juK^(mKnmcVV94al zbBRVnuLQ8Jyow6x^JeO-`qn57tbxH8w;;X(plRXM^#bNfbGZSa6P#zS9D-vhn;8b6 z(-Su8fG@DEyqfq*g?okEg)=)ec{7iA!^8nQTN=41{rx6MMC>(y>8nL& zUps7y;#ts!^J|k^;4^IYAY_Qt5%6d25Li)PMS@L$so0gknmpId)_>MtXBe42k1RJC-?HCkkO*)YUa9%SY7= zY+(;gF_8KJ_^q%1vk=rZs028odRtr3A%EV(ebWQ3_F;8*Q%wNypK`M?{$15GF3q7V zl#($jf*N8WnkoWCg@C4C0bngxr30PGDu?t7uFeSQ8I%Ftn9{J_HxPu@EUd!v71ifq zoeq-&qcH;%J4mC8&xgq-0&`-HlwUW$TId=@L3Ppktz4-MP+)1^#W)>g-%}ie${p+!CXG!Z1GoLQy7oKyJmBYWoQMR+oFPfsw5$8 z*j@gKn+F)MlVraK5^H)Cg!=K>GJrt=V0}%(yE4|EJGG|B@4c%kgu zK-&@M!rZF>@S?Mgf(47i0Qv+>)F*`hEbZ69|4ax5EJOSVyvq{3@ACype7As>&i@wSrw$l&^6_OMQ~v}ox(7BOR2QzG zPcRXU6o75J8_@s6FM#ugX*L8vHu(ojemeaF1lNx~vH2WZM2DFoJ?W>w<*Wh5tFIQl z8lThvG8VQXz|aOuR7<%Ldr#xjZe+;wHH~l0k`ZJ$(nhko_j}h=2!Rq1mHK1Bs&hAo za>DKFVi_o&IIcEfSpk3)zHXo0cih1Act#H3R7kBL+t(QcA`&sWhTk&Xv_9QnteZc< zegDXh)O0xcnO}}i_DF8l_2+K`@xOhvg9a^ZB(azMhN~S(yq*7(73cxnYT7pc+i{irr|2oFUe z$a{NDyAz>sETC_BeP4uh56(+Hyoh9XHi8^s04ov+E4p7era|Br=@{72vbF8E?0$R; zQ>J{`IAvE>7POcKj0YT7=6}FM zKp}sR&EYTg8@^b9k0x6n!Th(~C$#NHFA%_IoAe5+IHZZq87)b? zkyHJc{oX3s?hQL=K%;C?Nj=SQaDg1oOyqo(C_#|8l#SquP^}|Rfh@@Z>&NepCu+y> zRa)S+ipn0&gkM@;$~r4+jhraVqZ7b-{518M>Ir6D-qN(EZj^PG%`phcBgAu4oz#_) zbX|#q&G!h;G*N99RU*%}?tSW=HIX+t1Lx_?JKiA%v}P_yFKQ1#f^zUJ{hVy^QDe!u zX{dWd+1&nVpR=UY3&t^9&IELq4uelQ|&O(PA5Oo{!OlNvt$ z;|%Tan`@Fvzfr_gcu57t9exXepS&X8wuq6b^Tb}?cs`^))Bi-M=MA@24jr2~Ee*uK zX6Ol!k4>>OpCnLFPSQk3|I%uIS`!mld%vF?ttacxOMd)s8j(~);YeqRMrI}hA1gRU zfqjsZ5of_AaQG{K4OV+#%ak~#+*7QTxq}OW{(b3Ce(H{au6Q1&|Ao%v*SC;guq!17 zc?uYMrx!X6E1uk*MAxZLi5aBY+i4zK?f+P)U)f~u(c~DKVs*uYY$=%YYm2#EWGip6 z_k=@jjlp;^>klgTNa$8xjB5_lkp5z^r~xE+4et!X(Z3T64-Bo~`RRsMXH*z778Cut zLW!OglJpTtBSP&4+`E2aqJn8Qfe4Qj`KtG|+)nz#&g#b)oagpKe~l-_!faCe+7KoT zpm<6G@pLWz?G;}$L@PKy-TA)f45in-Yp!^&Uv0hxIm=!}$Z(_OYOMD%5mi<^(b)Q6 z{A9x0)lPYsV$o>K)zse9(%1}4m=qi}$is2W0f86hg3!L+Bw$-BfDy87deN&7?F%`u zK=~vQv1oMo2X48-ndD+cDK%T|U9$FYPH^=A$D40Eh~&~ad;hFT5@7AkUAx%7Fy`3| zyxIs+{{f&*F{Ebru-$*tFtIN5Bu-!ogvH_cxivs6xg+BZGlHxF?;D zeqE(v49;Pe#$jaaR*VD+bGB9v`q?^pb$TD!2#64^S7jRn^H*vgTb@q-n{Q*zyZhJ4s{FaGgTFG>P@U6G7j+pAm3{VHE(ybY_Tlv6^v)G7PK_xoE<^ ziu)qY4ePzV*LdWyH}b`I6AuSo>wlL$pUJde2jvX9EdQ3&%&=2uieYFXjM8hVSE`fV$kQz7=1I`Vmr1P=^X7bAXSINE^HVY{j|6QvFz!FT8V+W+Sz&DiDS6~w=2z&jG^WA`Yl_yDGbZ?+b z3&74!F#kX9pDa&rJ~*%28Fk!{Z%H+L9k@pr{nEdvmH^qTKN1?d6F*b?6YO~VayVfH zox#~VXCA{j9t4*lN@yx+1mjz9tRZLL02(lNxoi7Uu=5p!7p0K<);PI__|@!H>(AG) zz6jkJM5(%ft-lV0V6BpVv@X}bt*LBQ_Av$ix+s>C_(&8ll&GkGRIK2?UH|2I&J1;t zo>}-V1wU!S5RGqd%Pd$=WI!BFeY;e~VuPXWYO9$m>#MQhkeyVQ#ljR_+LhsQG0xGn zF-{C~r)uE;>dI5J&xoET(4?YiIz3bnfMQo?!uyO%Qg66V)L$vUhDf?~E{pGb>>}Jy zCEa?L>bhV|Cgw0E6X7e(Z8PHOvX@xj{)l4xU+g)5)BRPE=~9f}O{*=;cA7ff0jcRD z0qqo)EWperuno&9^_8_I0v2(O=8h;|h=xfY;m|ITZ4QaKqx5zh$V6e3vxaEgqbLX{Y~zmDWulGLgh zH4}^2$NB!F9Y)9FmcoKYRp7>jn~giv78Wa&z`Rwj{~W5Qdn(OaT4ZdHUK%33bV-!M z!cIwn6Pq`lxTWM93Tf?QYob>6qlK9nd4L|}oP8(oaYPPc>x!x-Iw`wP3dg?vSL0zi zSFH7Z>cb0V-ks#b&+x5+ruo!Pn}_@x0azCffj{;S#xB92WmP$=WnVccZY(t>wk_ZQ zZTn*OQr5QCrKneL@@B~-Nng+c}?G#1)pb9iKzW#B9Av1ksEDHC)-OvjyGWD{w0H!+~Vb7C{ zEo##cI(>8dEgab{A8y~~LrcQ$f~^7=3mZgzuW_(fJC2$SixkWsVFk3O&JTS_u-yQ) zFdEt0u-GHj4QWAYx!y=l5F-4ujlUh4wNFs)`*Jv2-!Yugmv8prSC8uFYiDs*i5Ux? zjJ0fgHnv+(k^brcyb^zCNEL@A32=3I3A*(82jKv=#uHPED0}w zn7|alN}oCQQahYkS)v)Kf5Vqo^&hKEl``+dlR;YXTXVZ zr|JkO+JK}$n*K912++R5GsB}twMeV`XCyQ!lb5{bkRnd@kFN(3{_n*4Z_DVdNlegv zxBr*h^E0H})M-+IGdOz7b6qnf|M!WNf7!D3Zv;2i+i0Qar`LOnDB$d^Y$1;KmDY~P zahh(fKOEN*LiRP_E93{=-W~_YSo49B1{UOP*aw6{WR;FLb6SY`#aVmt9c0ekM~)QN zc^+M5&VleYAUn710sYvI=a}YsMC#8E`&785l`a;WR>E8DpwC^)lEY0xMg(?VY~BsF zJ{s6NvM{9C_wYX?Ad}cwc#bvBhJSraMdF zBd@T_yBf1kW#0_VnfXRHPXzKyM@}0UB2Aqi^O`R@p*6wRN7}|`=RgB%nA!{oy!z_4 zY3@Y^{7BR326C9g7(SI1Gk%!79M9_GeSAI#Z-qw_*7>WgJ`2?>olu?_Sx7p}n~BqB zM(o+mq2}AtNv8ew-v|PmJ0Mb!#MBG@mLf)J#W_?aTJlpT;pq_g{Pyu-`&{}9Iq|5s zyJ%p(#`>Yw{>0zVpP9}>*r7i{#ZmdKW#JVhqv_7AC38BM@?JC;?J9C-$ae0}Z%z5x z?|CquY5K{(FlQzzEGqfqqQd7;w=LA#4@<=*3cyil{L05* z^*X8bp1VYmE-)6O-7|i64r7-(ByIKz(|0JBnEFxrt>V}!PDT#SDt(GQ-dPQul>6Gn zq4kdim&gH|Bg`o()Q5d~liGADF%9u-F-)y1Z|U?&>SH*=qjbEf<*z(r=`WJz2sjUH ziT%m-b^;7PZD))=h$T-LiASTQ#>B)Z-j>T8?>jJ=Cp7t1Yzjli{SrUFZZln)`H-tU zgW49x4nYonpG|=Ol5l*E33#1kn-o}@*cqO*&QIXqAvI_18na^#+?N&2>*W53ovTq( z27Paom>}BrK^rIDpB?rCA`WX8$cpaQik8txg+Bi9+n~Bo*9v9cm&M$05n89HS@kg9 zTtBp2xx@5IV3)fqw0a9 z!CpE1QNPgBoYqH7xH?j~FF#DsA6ai9|3&Ub$gN>$xj{|0n+VJb${Ct|Zdj$mm1WTJ zUkkx$+2dV~lQRy@=6!~1{`00ksztL#+dnXgN#4;Um;_o&;kBM-Sq>*wghp7zQBBQC zigCv}!+rjM%WHV*fmz3J+8?XAw{4ipLjxcFj1^|4e$o75LnQ4MjmUF^e_jyvyT3+O zx&*UcKw3J3q-F?PwNlFh+=%UArH&_(S?#2+_tBAxjTXc3+@vvh{~uwWap-iAE&;{o z!Nfhw^5r5~)!}||K{bnvCR4LGs{d{IW7xT7??ONYq|9NF3WM|1v#z< zltrbK=;RRxaro+!Yi)yBVL0Jn&v2HT4SMibcRA%D+=rt$j4E$V$9(%FkNtn1)_fye zmKLg}!;-W@l<}3$j2`5%b}OU27u;}f*J#c4U1Ov(qOxSFTttrK`IjlVgFnJ)xgk|9 z*2w9${ly~!6UqmSHidT&)TMSVP7ksy8i+B1%Xo3?Do_IbAJbCVqvn|vI=-`cjdXigq&gltEThg=@`?$lddJ&8ecx9|pJ2$($g@Y_V_vZ!jbGyqcZY*c zL=)xxtH179lf%2bdmsuiz-L^1D(Re~F_Fhnt`^dy^BLCwiJ6qCI^U7s$zLZX&5qRA za!P#H{a13M04t54RTfhWo57b`{luo)+Vp^&hT*^TK(GJz6#KT=2?eG#X1XnA+z2{; z)hlWg6_SG6{(CP8F)Vl2No{OF(xhkukEG}XBi`E>xRjyhkPoF-p2B18)QLeBC{aho zG+XclY!)A8YKw(vJa7D6|LClXO!yHem8Ce5qa$GY-q}gV_O42QruO$| zkI_$l&L$RNOD2^4xxXn!5n&rYUTL{J{lZj#jmgwxc}+bSZS`*8Xqt63RC%D! zKeBCBh)nv!h!qYY37hMpsS1{hII^U%AXb||hD19I{kpPxPp6Wy~{_(aoCdF5_Jn-$1_D@ ze@IWOamzMeZ`Itk-%jthGnQeS%F_AjFUlsHs`wMprg1xIWAGtY-3_fZ$DffaUABtS zEiK7cVvv4xO;DUo+7j7s1ihhPiyVSxZMzQ=lg4yd`bh6rV}s)BaL+3Os|OW%;c6X1SvI>gYdCYLV3p=00^sr7TflzgGYu-*czU>vRAEwG(zx9EjMgR6Od zg+1{!&KEmdFE+=MxYI0%ood7_(eq)=I0j9c4T++|mgW8a&u9hWkd`wlDKA{%cSi;xNwr;H-i=1~CTg zasm%S*yKzg77L-CwF^1RaW=j!smvzJ;phR5!lPwP@fFC59GUW7B~%h#c7UnDtEBSH z5HtieedbO5r-VRK8vU-<^NT8yx;OIE#Yu*iUuUbUaL*JXrV#y9RitTs747&YtH_-s zvg!p6=RN1(YG6QTYRy9x&9gkh09BUOElzZqRA-2k)@0fo~`)S=@bKAACmanU3<7=yr! z>3kL$w0J$X&-Cj%e(hE|ntL$&hY>v~YXyR7Wo+iRS*`k~qLO*SAHbUPgYGOHz9s7P zBdp;*$$2K2$?}Cw2;7CEb9fXusq+E~979Z1pTfcTgPmktaK6YQ`0WR9Cw&C;koV2a zr@zI>d*l)a;&%2=u~yNkHt8&!dUTbwt%|aF9S5j;hv2)*9TKSqn!Z93Y&kyug$vW_ z-S{(o6&`&0Zx%CtXLFYX9D#&72qK;{kjBTK7A}lZKMA7DhCVH;s$jI9ETw)fE?(W& z=WQGwq86J*3mkp7hfS?|5PVhlaW1v7IqwdIMe4AFM1oo;b8@BC_RU2Ro1{eFci6Q* zvEE)`!xE)Ml$?B?1hXA;5+`b6C94Wiq_S3W^t6Md=CJMDUeN?obEEeI2Lz$TN>RVm zYP-2i*aYiEZW|OkTE!{wdgQ-ocLgJ@it5bhw806F!D~$ni-woa3yjR>=@Hm|s{A0p z=xsN8^xFHZ9Q(J6Q(=!^i+DLakHWuF;iT1Due7wo@n; zm8xOVDZzKf$O0KTJg?c%$PIkFZ{)6pCinG_@>YDxC0QJ-p*|}JzCJ3|ZMVD8=D9OyvlK4U4uJ+*EFP=XihF6GaWhlg@M(f`m3oH?*z7EBq3%_xv^)@axIa(6?XuI}@HCWv!^3gtx=6PP|PMxjeVApxk3$bx!Ng zkGFH{ax@B@`=kE==r+J4Unsf}3PHg{cm$I#gK_UWZk4?nIXIYbGym?;EU@B9l>xUF%llr{}O+832sk0sr% zHQQ(Lb2bZko~-ZB_HOnXzc94<#vXWbSxlG>d9!}H)}|}+dN;cIf@gyPgl$<>+^SVr z{BotnZh2648c?x3XmfAWlWj7ZAllXCNE^e_!{$uL3l^t$%Pn?)BjSs&jEF1bh-xgg z`$0ydn6(wRhnwx&rGsF`{i0nR5gOhBe)7mlQq;=9G(G}$qVUU{ybj!5&WhP6M*OBi zu`4a;oLd|%wPr1rdBpnb1HDoei?rK zmcI55Ei$v7K(*HU(s`mS`jL(R{x@uj{G*pD!?T!g)zfuH7Y@(L(?)+!l4QR-rTUUm zS?HdN6BAE=>3aYX+_Bn%FiAb}@COE}NczPqy)YsTKt# zUB-1V^bWCm(5b@hQ(!b{ca{4ipNQ`*;MLbSs{X+u>+<4)(25wYE8*Q;V^30NV6y$} zq5g->Pnwh)cIvPE;7HSokI3ru{r*4=#GsE88nK<$5PWvt!`_fjmbaq1nYhFwQ6l)b z;hkR`nNgxBN;4gP>F`6>xOn=@-?iXWHr_(vg*4UJtb5r@%)qr(+CQ^2&r~Dd&6Mfd z@WGWkN_4%4aH)^o&q=Qul4G!9hY=Y2w7rg$W6?LVCa6cnssm;F56i;`t4E{R!gLxz z^4m%JDHfX&l|weiJJ$TjSNA@^JrH(v96hH>uq#K?`_h>^aF3lZTD5BL==R~aZHAJQo_3UNFmy%WUk)yF2&MwFBB`6#}| zr~-r;Qw;F*Yq=OE1D5P&1VnYl4~8)V<{$I$1-(z4Mg{m!)@(z&gp9|rig#@*gGMT! z^5hStMdQ?UxCzi1OYG&os+TO89OO9tBdyP7`@>3RgPSSM)Yu;&g(&2B>NZQH6SzBD zvndwTMn!s;x`eLrvA=ZfO)&4*IeU06xA^gc{(g~cxS=&_>jiDdyfk;yz0Ni%s?$ih zHXJp|{5o19>fh>C!p*Gf=K8@t_}nQe^g^no0^|bB0f63Zs1F#KLq$Po-z9FAwy3^_wIvmV2P zY20Ib-dCu@ayCvA2hwOmvizH{4pGwE)O^zGc*N@(lL2aWd{42q-A zLnvF!AvA(Ywhyx(snES!`45VbO;w5cwkt7xs^Aq)sPkH?{dwP9Q(9TnIL&{VZ(NzBL~wP=EV13weFf zVH_eLP<-njcOCWp;i@F^yT6!%G&Iehky*$jNw{I=@r0gFdO^udIT~T3xY(K|NbG#6Nkg~w2BNE2 zRFda|fl<@E9b)0$f6@oi*H%AVmnRqYP6WPV6pO0b9`42OwKjTd`co}$xUjc@zu7i9 z5&QyP)3x$e;YTB2#~(W92ubd-SDBkUTNIQfYgORmHxKy9%RPMC{*V^676? z{`|^h>9!bAWoauYdiK#yGuBIvaB>6NTTgLx@jI4`n#6moE$sXK1!o|pv}Leg9YrsG zI;eB+!2G-Ag44acCXQ*WMkg*#M^X#O^^0-=i8(eoTJVpmv~)6_s@W(t9DKI5EeqnNd(-ZZ`l&VW zoC6`&3uVJa;0-XVE@F8uCs~~)Glj<;XZQ2RMiYo6Gf817t|y)1zFuF>$29< z4yM4~Bz8w#c)<+%fkF<}JOj!}!%W*I>W?{-zmydxPAA_gF_=VzY-;&eW|K)RjGGRshyRM#A42fHxV;1$_nJKe$T*Vh!yaF$<$*&W;UR?MD%P)<2!BKk*o>Smz4Te9t5 zx~+88&%u1nY3z69oi%x>cHJ2Azo_wTHsEIl3Fg9G^x9|`NEp7bY!L@)_EB)~P0=h` zKH-xb$fjGz<2eCbZcpo><{o;g$_CWB_)V&RTz!c)VyF&G@MS7pzGv5{)XS6BA+;{% z&&KX}Jm=gb!X)DRB^NvnYmL(7jekpyawp^|y31kohh?)FX@_i|E(edb1tdUrE2^}p z9CD9WC_XB}m2#Oaj!^ow(VtCwFXOZGbmod_va^bgCPKQ2A zH`utXnx!MjgWux;;cCrfr;OQO>JurCw=;!2X=1c$!%a5os!BYSxyk}#F^OXpn`{uI z+WkEPQY@s+6P-CRlrMV5b3Yi$aWA+q#?C+e>}k)V!|s#JTwNL9+>6}0XwH29o)Klh zij_j5D*I3@At+gnN`$9czCg9T=^G0990}&WC?rjm$gJvo;cHR%2PiuBt)4?qba=l! zT$%_BBX4@u5nXE|JxcZXoX76u=jc`etCreyM;FPT^n#_!Dx90*PEx{tk_WPAsoIeC zS?n*^&OVGt4~*v0aXh_tTj!bLa$f21`lmeN%PKu#GMQtXY+-N=9IsvGwu-N4s)~H` zM$-z@zS29_ky(~K5ZbXmxJHz~I{Vaec@eLV5#n2GKzL_WLhxW)bjaas#27UBOK*)l zT4G;Sih8E)>&cOCwqa8p=kVJQ>>jQxv$@hy5%{=Gxf)0H-B0^03F<43y)!-Ct-Sj6 z^!Z~b9<e2@3_dsY1RuF5Hm?+Z+sta7V=o$lfj61 zN!48OC3XinJGyAd6`Un$Q^xKF{f?59w#dVUJT`>@eqlaTqUL?J-Ob2R4vVqFh^6eN z=JxCT-}G8DfelwS^A$wwfkoD4x3+Bhon0fkZ99p-s_(8%%{ju11ug>Dq&8G{iYM}{ z$%CUJ8!s0#G#Y6>GG8E_YoL7;t$RhiL5W1TzACb7TlE&bkO5skF}x>Acjw&GOcbO$ zBmJ=C14Y1V4)OiQGz?=jS}luP*W(wj0@s|RePVpKG0M%5DxNADGmXKgFnfn%Z5RF_ z%`eE*hna0H>6VAdiK}?9m{l}eg*FJ_>L^=qWsd=5v%-FA- zfYB{uAIYJQ$jS#nUo5H{JZZV2D#PK^rN`|)nbIPEOT6|_Cpr&P@oWEOTB`Ks)<6OO zjD7h~T`_9n1aEnQ&6cSADS9clSs%Ok;OkH8gEiGi=e)^Do_8uw?-`x5U6$$s^fSnp z=uu*PkKX>nZEGSR97~D}c^83}zD}x;NK@4OPN!0QF=^iIkg9F5oBOz!pZ_cLFPQ$8 z{Nh2Qh^P7(9t@qMR7li4_f(3&F)luiCy}lR{S4bZBR6XuKk0^5E#MQ(wYL4lu5Wme zsb)~HvVnxym%45poks?`b~2?7Gk_P6OZL%<(Uq2HI7g2k$VBhQphY0{X*#9y{{gK)QolM)y!A4SdrWx* zeFuk3nosl#v5+1yN(Fml#wW$$D~_phP8I|ci_tnTF&2L^HR7WY6piFv?6YHd^J|e)a2FigI&j>r3#ONM0Y}Sz%!5)vssT z{FLSpR=owgp^a-M6xb`sr_v85ggSAbPG4f^SAK;&0FwwiX>cxe>(5>cky>Lh&cY-) z6&lT=QQTw}jTCnwDh$$UJtqnk;KTscDKv2aJalhIzbH>CAs=4-D%Yv8fn`NR?YK8m z?XNV(scQ_y)ag46fpv*t$=Xsqu{f`X#yCLUVd`o_Ws3WE`_bR6I{HqDU1ztb+V1Wl zc$i{$YHqY)z?+LXaaG)zU@J=7H1MK8w*u^2u674vx6r79$oCIHKyv7$z6dZ&IGa3v zkcy1SnrB@1V(f@E0N9^|Z6J2A-);_d0$wU6EP?dn&liW{HTXC1Aw_u~}HrM6o zMa>~N{t;K{=K>`~iYRH0R!t+Z5$Kbix5YQ24$GZ0shf4jP9dqDL?e%En@=M+~VnpG0Anrhl6<5p9Mzk=Y^WC*|Y@YU4F){bE<8jq@I z))mUS0L2sHSr$&lhqq>AirO)*tF7qg3UytCcl6w~X8rA>|1 z69a0O!FttEwHYJ9T0?8A!G59m+En98f@~8)`uf9cbNyLQtZmU~RE@UHHR&ZnZqqyH zigC9KdtVZHo3?&c^Gr)GwAk3SAU-wAv?@p8F6>fy9Bvk0jbPkmm=}fP=Fpc$nWl#F z&l{DSpRYxsxtT%R2Im%--oN7T-1I@<@)+I49oux2?y}ZrLUl8Z|GI*8m-Qtdv0K=k zuQz5ly}K<7+|3A3+tA&D(B0gUsS>~Y#DRTc1aGRz6~lO+XDQSUP;JHzuCy%^qO2Xyf-bweKP^RsZKA6@=dx}EzWll?9yQ0VkECQ+&AyT z@@z4`1*XZBqJGPoy0*~Y6ctqs{!R0rr$hi3qW@FG0H?I02STmBVC8<)3vrI6#yirWSqZ!YM#bOtvY zd0f7b)*gOb-s5$~AeUl!S|D=yIK75wt)KDt!4+KFf-c>1naQG#3!7{ozC4&wrp~mR+#A2B49z0{~|5 zZb5c-DGaDx1dIA(D#UIy*tEcjZfaRJEzzZh zx^r7WC|QkI{F){n#FU&&k$E3?4aLV+slM6G%F7uGmY6MqJej3QKawOp!EX6EcE;v*<9LjPz4+TQwAQ7JsX}wU#IN|}r9#X+c>QLkmphp*lN?AXDe*^aAp>3~out?~) zo43M(7cGqStDGbY&QT!!YD`bn8HVbsCTq+d$&mOr|JBJEen{ zQ4;bNWRzWJ*)!ej8q+I`laz|RV0A5CTgz9LIYG{>s+2aZO$b+r&akxCvjUa+GUJev zd@&TSmEpz$F$8B*7);bcA`dbRPT+xw3^3Ft&oD7#sQUZtKv_RSf&(soaRS~XA#OUb z@C_h=@~jjbP_!_QKD9D)uk%uX-8)4g?o^#duF`=DmVta*q{X>G(F8M2=b4e#-#ei- zJF)^W6)Hjx3B%IfTphltQV9cxlggmQxBGZDi?|$p4kt{W@>1lI*-R$>I;e!y!xO}K zWxV=xecJf|=YUONyVoB=*l08w;L1mkA;CVxy2aKiKUB^O{7}gYChlFr;c!x^v0?0f zR=L5Visp=!QK(c|Y&9HARf>%W(*H|~6l$3bfk)gsL>rjs=Vo~ffjJe?|2k}ne04Cw z;baI}EyqJ63h8y<(zjpeowfJJP6_woC5DK7yu~qypeI@;HSGE zOKN5~W)b7^YzPLCgrZy_JhK{7maIyLz>8y&MSrxHVo32ll(GJ5D31(=i^SnkNkd8d zQ~SkieyywijOOZt_b_cIx2wi3cbO%y$pi-Z6`IRpuzZ2W4Yu1@0YTiq6;PNuD`pX} zjBz%qHzjfI>KsxES5xv3n2ki*z{kY*5Eb%^M*?{gxICa-K^4;|WF7%(gnaT)FgjIX zl@4!>==SusS}nxg3TSVp<&+P6iYU0si6*+m`polt9C$dGBwPHMq;t*TRIVEBY%o%v zg8hrf5K%ls0f+vZrW2 zv&Mvcrm-5M-PTj}C@n0d-!&AQjGffPFEJTpY`St<+!HHvgaT0{3}tZ11h2Q685`Qj zpfMw4PISe(XNXH0&~3#`Ix!pqr~qLGCMZBuvim4LtQE2b36z1QF^+s+ew+$Vic`gA zB04hdmdR(tU+K2qk~N1YpThM{nBc#0hE4kU^=d>&tfatL7Jp+{Z>cBcv z(>iq=LDwu+P4d^Gl2{kwkM9k!3)YRPNx*P(C5A+3pehsb2)e_COIG5M8lTZ%ufIP% zQ#zmk6^BhH8DptY0QGhbLoD@}Y`lS4WNL%4wjb-8I0{MrzDIPF{bFJoU>^9G#Y3!` zA_RnNUK=HQRbf1_^P3V(Whh>pfki*FCMIN|nU~+DNb+#8wW%k{xnEb-mILtH>Gk`| z_dgEv@8sr)LW*1?x>-Jh_pL^|1*COQO6*Yp?;-ZJf+t`1;@4ubLl)-eI<@7z(}%H{ zO~*P>O!}EU6R!(F5qW&y_fU`3FH%3vC( zQ0po|TUq~0Rq}mmQq)#>tz~U9;#7X;%qYO*4B&8c zI2x97kD&t{HC8f-`;KMRe3#;Z0ECl|#;j^>NdJnESaQ2J7jG}lZh_bEpbVx1r#Eu) z4#C;!%?0@Fr;GOjf(tqH$)qubEQa<`%mnt)1ntMw55b$W5AWY!oZY@T0JoXSR!crI z{D)QT09?Gixd2UY@%~)2K)n4pnv2cjhwBgTN`L?vc0i?;CfhEADI9?PH%3-$zBvT( zkCymh#`n#EwWrTALzY;6hdUW#Zp35&-tODe?=Rl&X5V^xpn+90xm3w22vTruov`8!1u+l0{E69BDksn4WfU8KD<$d4uAD{KpPG7RJsA#6@T((p zZjpz;!Jz|H`i_+U;ere{*`8%nMVzU$aoPr#&FC;8hp8kEA@RfjP!a{6L&*roQMSM8 zY_BF&gc+x*BVy5*8IvQsk5y7QWczBLjmD0#xr{x@deRr2I38xM;El51W(lIelYWzS zqwFJ9<2@aNldcRdg`sVR%6}5d3}?HaKZAxE!^UD#`0_=Y5v_)Q2oZ%mIlt9We+vmv zf3t)R^;cPUj|`q`!(yfIAo`4hNj!2oAws^n_D~i_4lZs~5^tHrYGls9b1mH0+gzOV z?HZ|bs~AKoGCW4HoU}}A*w9 z8DE~UTd77?@0*T)wY)3L{Rh%jS-FMC5Ee$VD=SHQqnHNrz-Vr*cDs3{A?syhZX$9l z;=uvqFv!OkFB|Ik-r*^vyztK9{3PsI&$7G(RESkC=@vz@$ue)wwfb9`ITZ^ILto}% zXYycxnOmj|Ur9&g#E=SdC6%C8kFTvpytAKFXbKJ{h-Jqi2ex{PrX(O#XFD(l()P3X zBt1T^Nl2}T46M2N?Lx&NogkiMj8i^OP-zjrlaY1{3+#=~Zk@rB z_6ZM)Q6&7%hE6$0!9v1dT4dDbf_}G$ZCR?Jrp9D*#$HV^CuKE z&IDmBKH)8AS9?lTGLo`vwB#kR8$p=rT-mmp{wlle!t4-b1en?zYXJCJ+8Km=JI;1pd&+35n>7a2e{L5=CBt(G&!;m4@xjSY~Fu}p2qk~P2)RIudk-A<) zChMQU#_x;-%W*WD&1S#bmH#%I&CI{8=AhI0ORL-Kx7*ETzt#Rrv)yeDx_<%9O$GtYb zlH+i92tG^d*@e`dVvbxMQ4~M5>N8GpFp>4ubIg7D!lL37jQGnjp|f3eUK2mFn2~^y zzu-vbDDz2x)HO#IfB2-f!Y_xq-4UM_wb$xzy1l0npQ3;pZj+MP7dN_K*yM91KIn0f zP7A5`R-;CQ_y{Iw(k;`6MgP5PNcg{ZfxHDn?ASD2DLa7jdK8%hg0TleBnj!fnPBL<9o;@)W|b?K{`Z-g~S@#8Pa7cuH9-Ker*$*ir+`Z7H-(p8=D zIkyBa2q+9ZG6SuqBX}ls<<&8MIE6tpLlnC}H3;B1xMQ_`$3Aei`kT;`_NP6H9ptPj3vOJH%f5c%mNefo%wwMJeE3Bv6ODDCU%c4&G?&|n`2}I_% zm_i2ZSUr-vTWqYnT;u?mWGgcm=;#6is8QOh z)blC!JQQR)0Kl%?!c-s37M21ir(JGY=`Gj#!5^UZGP?d&_qQH|f$S(7-mz_!V>>U>4+A4YjA9tnGWx=~&0?Y;6 zAMx&z@r%zxSCY-HO=R44T)j+WOq@P*hu8I_xVU!7bY&X72$p=Ou655nU%UVo&Fk{H zO%LWfbxXcZbesP$wGf(RujOiJH@n9rADAWa4)3Nu_>v(=H;i6zEY7ZeS<^r?%RVpz zG0Tj@3QWgh!BxnnXmwkpl(6%2#3AJK7>NQ`!?5MZDUR>W?et2(x@T;Ib5{Pe3uda%| zI1NMVqn+=*Gm*+8dBufvczT#(UuWeLbpU2ygoIS@q0lFDe$-c)nJYSFs*cedphtN}Q81B1aud#5;%ZHfu3(A2Z5^(H@81tU)+2=J%4xk{^Ql@&CPEguFwDW*L|DO z=!{sEh`MyKnzRObsX7Gw&PX7H^S|wWmN$MhK7TH%Dvu6~HSA|J-vx~?U%u>u{{bV& zP`?Wt?_fdiKYvb*s;F5$3}58{h{d$D|0%ArXfRA{gtaWbq45DS;Vzw9MtRGjWAUmv z0ARm12_As5LD!t&mKdfXb|1-N~pW74J8|`2|#2xxn#&X0=7Y*&D>~i_x{8A#mCF543AS+I#eU4H0#0~&DcMh|7_dkP-i<(u%n+6zNA`=*zwY z*<7^&ng?>y_1x=e7K+7gjRl?b+^p&9I@-6kF_qful@T?Ch5O=+_+IlYOotI~}jF-P)ErbN0!e zWkVz+aZC{$0(7?~p8MPH!h$tcjb#qY70h6bgkZ;ILhur`8Q4^yuN3 zKZ=#!;gNK;{|pImk&k%p?L~y+xsZAb9*X@AuN@P|2>rwzw7eM+|+DTMUMwc!gF9lO_@wii=dT_g4gH6bIbm z4Jml{nqS)xFhvfG2?7K!ks1V9^ywkr6(MzbC>FHfLoa+m9N@QmEl6D#dO^u8b?8r z&N@UpAKNSd+?9%>wvU)pHuQlx_j$e~_!CbD}HKwo7Q{5yMs@qRx%{a!6EEGd~$|%Q(eoCbWw5roM zN)LAUeX&9=95tNhs<}~*7`2=r_~$QZMGSBz-L++q`T-;@lL54RQ{PM97S1)GDvr_9 zF+?xlPGzbhr&hGLV@U3V(0~=oP77Zf6BZ%tko`(sH)On0`_?R13rQu@q}g)Xa14(f zXwNVu*P!k23yu>18SUvy@qRlv0Q=}4_0@9TZdG)%_VuZi4vqM}FwrWA9k70}cZJ_< zxxd&&zX^nG;F0WWwI(!9Te@XZ^3JN~F5$D)h`nqyibQjcVm|3G@o*D1I3?&|l60|Z zk%~HEA>~#m$F$33n&)~By)~|iVIUWSwpzPYFAuHs+k7NYB`lQHfyvmq_Uu%=vo`mz ziHXWtwO-Do6~#xGpk9%oP+yaXW*m=wS&%<0&htnJku3(!%b5V{UGD z%*n@_Y+~GPA*j;XFv=>E6`Z^I(M2)VwG|0?&*{A6h`?pKBINR9O9)^5HJtxEg(J1f zf!G;piE;ppA}}FQYi31XD31l(0oNv7jT&?Bd9h_XE-rUt$;}Dmn`CPZ4fvyBc_8b8 z5INaaL5+21z<3q0y#=kGtp+Q*#4Dv0Ugk2jMM9s-68CSsd);Z6s# zX#xKt?1jqdFpV}$Qzw?&C2QW7jl0_<%S?BBIT5ky#Y<}@$1cx?WA!Ct)x7#H3k9@Si*=D|ns^vdr*e5`P8#S^m+x>e9Ll4+p8ZM=tmq zczTjeG}ZG}>zwNFGW2`|pznjk)fspJ4{=AlVD2NZM1;UO68_!}t2l$6U%j&wU9;20 zEIT7?DRZ9&?JqFoq4=|J+I5^Cgp0A<_Iris0=u~lVEs`-5}JEt>Ijah^08OOomKoh z_5#rR@1Unt?I+I#yjfPaUvSj=@8Fl=<)`xr_+@x`aW=fY_;`K#-vQfi(An^@gy5I@7_-g=}Q`UuH112%k z&u~2AuqC3RWbV$@iX;D^VoPOuDvA!owweKWnxg*-DE0W>_+K~%4i7xf{gS7cF2H?K z{hq^lue7-bkY?$!sJE1_&}7J&Fv5?XivR?1;Qb>;;4@swYydLm5>r1!lPi&FWQJLn zNivGhpFgWsN*v8)LNSpt;1I@i(dY0i=+a-GFUFIxsvzC`I26%u`hcJ4sRx6%rL-3t{9Tl;BTC`ULJr{tyY0$WB!!1e6j@b zTViveTs6xNXk|as#cSn`C;LI|K4-AdPxN0T?CmD|FKD&h`5q0MF!pehtnI)W&bFV9 z;8!S&shdm7S-QD2PLUJ&B}iJLrRk}G0f;f86CoD`Osypy+#lciM016#?l)x~ z$!$9cvE)i3$(3>I8{@TjeNychX~pl~l0N6?MqY#kOJF8th6$16QOFDCf{e1xs}4T z7ao}+kp`TuXFP5uxAyh>xuq)Kyq`!%MLXmxUTFNVn2QP3>!L?dxZ;2>$A%&-VA}uB#MD?8D zpxNeN+{@+GG{ueCQ_@^&o^6ZY1|mLu#5A;WxZjdPuxKk&)>ga;*GO!j4F{a-P?6$5 z6MQ&xsOA6Ef~KZ^7ZHn|p;Cd^#K3 zR=pjKLTChGCL^k&yUA)k4=3}YWLUHE}3?lZFU9T$);P5N$=og zhyxVR)5ME$w>x*YJ13lD@RoAQPKBx!5(l$W@YG*_w)NxLqhUlqWAXdi@^(cj>+k;s4|9zoP_zFZzdb(5@Bgol-oDx8|K3Wm-~Tl(;GO6J>%Y<1 zDFlBYg#bUIDDrrAq^>u4{fmW45MTVxxW4?)JId>JfjasB=C~05^Y!uj_wRP{e;Y;T z3#NTcpnni$cyQ3gzR>nD!n5oKJ0ahlkYCH(XJFn8gnT{vN z2}$vP!KGirbqZ9?oX$e6u=LAJG;;Db&>}3dJ@~GM1>F{x?~nX7}$Q*{>M<*6yivF*T0pkJLUYA&j9Err^7 zl$wDv_>>;M0h;*4=77(&lbWA}5@&7+e-)s1m>YbTHELlYUQ9tR)Sn2uF;0DZff~fhI!ib%C$=9Xk1L|(5!Cf&(EtU zl`24lpu6cwZ$04~eZJ9f{6Flg4*RnH`Cr;-mN@Vzj&ufqn)CmgwKdn4h~2ix&v86a9JIKD&PDJiqo!0#*#>scD?xZ&@3%4bA$ll-g7rmk<9n=Z033x^$2q@+Brqe;{aVo(+e zQ0G)$%O#BhH^g3$U4(?X8w>k+@dApX$L!fJ0Ld2{f|pyD@UkS26TuMOdP{_3nl;XS zwgJe{PfMsG#QBhi$xNFnAJ<&c7NfRcBs49VH5UvJNUkw=IQ^nVH|n#Ddrra(}Y`v39Ko8$K<#rwb4Z+Gv% zwo-m;6#~A=?VQRVhP%0mtTI8g^OL~t4z88jp3H8C$BaUkn{#eT2Kv1^H5u{ih(Mh> zF-h|(IR(f3NWnMgYnz2l9-YAgLD%OO@dNDtQxSb#i6B0+>TiMbF;gkG^_%4JBGI0b32eT zf!R2=OY6tr8XPpjR3nEKfZIf(NxEK$-qCkuG;_8p0rcAT=#i~15i`Zw~;5i`VUXosOKwYysoHhXCOs!%>8n^Xl> zJRIs6yOR((-58>@J-0YVm-E*d#l9}p-N1m2n!s!c=V%=JzK95IZO=NsS=d)o90qW@w#3g>a>4Lkkf=vIZ#qgXRD(UKG}qw$U^Lr z6g;{L4U0{7H;xcNl=mZc@gC^OYCWT?z>&HN`O2kU*YGJ_t`B2?U1SX)t6T@6+Mxh% zz$$_s&mv(_`vI*a^AM~0qN)i)TefE%mz`GBuidbJZk+B`EyX^HiW`vfu^ZskQM!aZ z#6F&{CSimiQwj);pcl{_CWb0q;bnrr@P57pmSN=K$fK)~4+*)JDNCiCDE^eQ@mh3X z3j=W$$c=pz<(ua|Ysbzv%-N9|Q5r={FW?OHA%YGXqsYVV1UWcxRccpN)52%ju{EuD zTb@N}B95(ccu)b zi-R#rT)>EWW2k;Fox;{c8I)W_Pl1EORi7uYQGDIFhG|q=%LDNGIo&nwh3TonO)N)X zLmz`MtzKTo6-y#Q1jmtsNWOOZxzfy(HC8t1lk&KQ^A-T#fWIP{5>Tde0g#EyN6$xd zk=t8P5_kci3y%N?5>$^(+OBq)H(TnaeybO})l|row|O7TJ~*6u!68``zV?w*`0|wd zHvmoucmhz7S?POYl2Gw`vGHPwUGVPc$i%?Ke5gu$!IxL;JVuJhhy@eD&wVv5PhoJL zVVj-rPZbQb9c2L7_E$9t`NOr64|y8`PA6D+peRm?z6&XQiPELqO)EK5)y?xRGn0a$ zA$|@Fr7ijg*as9(cuH@uUxBnyszq@yB>bB5-~jYsOmVL~oU_26190!Tpda6#^8bDS zPr!*O&z1~&pg%jg*J`E;HtA~8hJN&c3o@MOMC(dn~ReV&Mrofv051>W3`0}{ZHEHLfmKKq!^f1lwv;0nTj zKd&GF;0uiA1oR`hF#9*PV!?W;>pI`s!na+_l|LxrytGf7)>i)pynp{59J=W7kSvxh zhs)=%?^23sDPT z+MeUg=b!evVsauV90Nf9bhDn;Qv(@^r~0BuR zL50wMDFp@o_2bRi-A@;n=Xzv%CMAdn=dbirKa?=^%9PWbI_rVb!Shot{6gfJ0>4E)J z=%&QaCMRPEans#u86K1tqCG>sC_ah_idwUg$;Ql1yi-U}(Suk!UuQoWd7{4argHlx z3$LTY21nMRc}mVW6b9~eRd=dP(Y`q!UtWxcw-+C;@2)%@nTOv6}0LYZDv z2Z80*o`a-vcgcwXWi~#^=Xg!FoW@c_g|dtNLxF$YEkp;}%UJ!&B&;I@goMr3jneIa ztO92d;Q+^EgqQ5_+QYM%g`zY0uj|pzHy^J*ewy5kK3-j2+*Yp>yTNT2#r3DF90Zca zlSab_@p6(uAY~6}D6~qTjV?b;ZqIM-hU4+w_3*0MjKDDcJMV5-3Bxzwf@d(YQP^d! zqw<+ggUZGA#qHUTcf*?x^%JY>zu8Py1Dq|3ze1m#2`qvC>+rJ4naDI+m#D-V4PJAi zV+c$}Hy7huajdXnCX1okO}~^s4dJemx0Ums4A)eHn22502D7Fr!PStj>z_YPZmrQt z#*qL1853$dP7?!yVYo4lj3U)IgO_K+aUF@zuZKTgp5K+KY89guB0bOxaHbOZE)47R zpaRiyP4rb2lMb&PM}F~xXTiPEi!b&S->Y-j~L6`spX@5lB31F~X0-$@$&cbwj>qXT7uQ@;5iI9{1wfO2B-fD5%u0VHtIpN~&{6_9iccY8(&*wL-fo1X#MH9Y%jl6JyBIC)y0M6+A z=C;~=S>XkwStN#G{&N0btw%AR+Y5wnP((+=pFAH0nggI|0*37X8yY6S-b=%Y{HCzp zT($%D=5kFdy0{r~Jz6VEK7Qb8zSW5fvK|LMo-^gX%FbpOX!P;=`h0YI@$tI;ke!Y- z!a;x>@u;-faAy~jRwJHy#Hk;&WJ{E-FTDVbh2CQa=H~|NZD3W2g>O3;{5vd?&{+D?&^Fp8GbmoT@;S*p@3d_!4)C|&QX(*=fUGIFe;e? zyKw)=^>670Qtff0c@?G(GPp~_9pez#Vgng~2AW+>4$Bi>ro7DnwrBIaS$i^MMQ(aXfBfX`PZ6#Jl$^paBR&!yrr5+D@v`@OSd zJ6m3So)|<1V0>?eoR#CFpD}(Q#a&hY*3D`t47JV^l-k#)8k>alVD@#3+SzI(9h^$35YB&|LOa3HL}0X)6YE-s ze^EBHjamJ3gREovFJMy4II7f4rZ}G`57a(0Pr7XW+&tH^>9g}vhWd`4o!9mIhkbVb z)xE$@DaG}rEAcNK%)j>fQoR`bBSz7xA40n5y#hU{Hwb+z>5ivq_*)$fOE0Tgtv@AJ z6ma@O53MsT0WETp{Nr|2D3WD@N>K2iyJ?vTo#7=0WO& z6YM-7T9gyU%*#f;tR(VwuE(mz?10YCaXqFTyA`P!Ek9@oElyjTCI7ar11d-DfCHZA zIzT`A*UAL#0~o$2JD$byrDPM@6U6pbdqT721w zE+LchSY(H?=I6FX)LZ}R&hFZ-4YdleT{R|-70(Xf2GtcBrEcKFoYC0T@t zZOLTRm!N9+%>MR@n@-NW=oI|chJ1>Jz5D$l*ZG<`kX5IlqUGLNji^;2>XuSs2m6*J zjSWV{WD1m&*9XlOSmo8A;aV_dh8*-uIw)3#I~!Q18M&|#k{g^(G5KV=9eXCc+-V|fE> zfW5H(^M=sJ44ouFvsAzOr3~&s*T2P;EYxRTRe8tCH2P zgOFcJy50a6HJ>y9&~XqUSJ*9T+7S%qsCrtnruo&|=WAVO25vX8jK?PY5TrKDzIH#s z%7|?lCOh5bj(q=!5hg3Yjg?_5VFEpI-`6YL|7mm!1)hJ~m9L=S5Cwf0h6FkNhd+~kF!zEleJ^0j6FGDi zFj6A_{=+|{$>wz^8R3vTI{gKLu8)YgrY?(G#2>Z>vjFoq;1fY2V{e8!@B#o`*W-Uv4Cn#@ z=+GGYAdIKJM;6zZ-XQ3%hOW!xv@}C}17;rbT`)yH{tTwbfidqKseOO;e4lAWA($dB zm@{1}L=HtRAQ%T=8dKIH*PlngG{O&v14i%?fkz=S2*5M&mz0}NWvd0HAvrxfoO^T; zPuY|mW-PD%=@Akma`^Vo@7|s43AIV^1N6fMEUXimbRYHOfWLX_qrl}p<>XYRg4j#c zZ@LQ6DH!=Np(wf-@3BLp{QDGK`xG7v%i3k zd=kBg5k*XQLI>o68IE{wtR;aDh)oIm8`A}fz&LxA#D_qSC;(G5!x8Uu^<9McO~~pM zARbet*hk)<7#4#m0^B!?@d5N7xVIK`7P5a&apIaHhtY<2H`oJ4UP*6U6qk$2r}|;y zTaj%3RbEn=s!3rqM^rdwl=`h!kfoqsLh3Appf$*PD{=bVd+gU-I?@01YF}Dv^uM>S z-@h*Ce{bI%z2E77+bG@Ye~OKDr~7rM`<0arlOk18)aq2euTx8^)lAzfq*nT>K#}#xW+DGn{ko|0Da-!!TxOoXEV>y zyo4zBqivC2!KQnJ=J;sBwH6!tN)usGyn(?Sk;Ez4^m`?erbf?<-^Eym71L)eak&^* zV_@nd)toJGOf~L=#}u`@0?cd(BZQ`=1o8Z|!`aLWJh~EX3Lh)S)^@N41j4sK3y1ir z8;fxD=+z=Chuw3Y0YLsvdEZLzDPpYYqO)6dfgC^$DWN`dNPe$mD_tj97wY|EgGHr- zA&7l-D(!br?h(L2+{6Z|^xkOy+#L(IT-G`N;U%IA6q6|SQPmN!=KObZ{N`QZ{P*t7 z?)DLJ4SIJy6e=kk3i z1*C$JA16IJkZ|Bc2#WnyRUtxdU^;v}o+1iU#R0oX>QHz1L))ic;uaZ3-lONE zIdV_I4EhA^72Y=W!FQ=6`FF_|@ggAor`G2<{WbCG&8kQE@BG4?eOX{auMz!>qlXLv z_VHpo%6}MNoMj)PI2iJ*?*dA;nVy30ZrImhu=qP_zFZzdd=I-~V6ppLhHJ7RqlG5uh1`lN8Ewi!MEE zOkUGy?~&7ocKSV9dBRiRBl*74@S;b7OY^E{+gp0&>7IeQ+xWZN_!Az&k0^>f9xg1H zor0(S`ZJj0cKvhTN;qHUR<@@6m)3zw@n0+dU%x*t`hUNB^L8iyw^7!9)2Uv1L@{THPCTREGi;rV{&&Zf0^c66~><89jP zHIe!4OO-oZ5fr04T*dSh-1qc8e>IKje9|=0+Co#rPt_Ss6Yx`YNh@@_4eui^6uurk zWX=6Q5Vmh|Q)AKqYWDv(C+|wUM5cau7ni{RLn zNiSA+k^W`=?_BEqL9%?0Uxzj16x=(*gx0nl{2C73&8&eJpS zYvf8jZ+ZiN`jS)M##PE>#39v_Mk>GjhVqAZ_03HJq4J(o%!wtpTQJUTI>a2$e9ds{ zL@)l?PwS#TXx3aj`a(*#aH$q$pDM?%Pn9E~z9{kkQaLEuoX+c!g~I%`MKDPxV)R)w z7zRcL zICItRl{1*t?9v0DIi1Otv`(|j&v+h|0h4&G{#*y!3HWCZ#~X^Vrs=oGbM?Ye1+PRo z_}>d-9MCb-(yI9g0LzaRgzE7k7!hXLCYosS(eE`*3>vsY{d| zzGs$Xrl_)H4iJ`?2$%VpHL7Dmt;JY;;!aUvwob@+5wdiKV=DS^2AVXz@MeyY>$Wnj zl#ruOsCb*AJ(|=aISA|@-A3nrQm1G_x^FQ6f1D+eeq(zCqH%<|f_tZ49D2ikpB{$D zY4?-d-t&$r_)!tpGGLzl%K~>VI7_)0K@itz>9RJW7&_n`K_i7p1a zWWrAVr*QACsIr?bJXb27Gj81r-zXF6;CabHm&WTFrqncl6Pe}izyZa)ER5MtYwHPJ zecZiFA4f{oB}i1C_0UJa+J^AN)Rz$?ertf|#f&|G)bHhqrevL;C`TXY&*D`H%FGc5SK4<_ygKxSj3q7s8S)!wb53Jf?=z!kGD5{QXwh#jpE^tQ?N2&BJQj3MYiyl(I(bilc zxUTo{c;;irl4or{lc$HPYGRgm2-!1smG%A=YP z^X}rn`!6cefctc(nkKq;SG4d0(SzGVY_ym2{)wBa8X3EyuWBw;khdr`C^R`!pB@pz zF5~;y0!HLj7yv*B?PFqjG#_L?>yM&`edK_r1HEJ zCR%=FuR;-jUzG=}=C>1rQi;uxzqv>_ue@Z-*_teakL|}!DjDCECqyE5t=l(lhMVuaKNu6 zivX^a_&Cyh^ByDtHIV&F(MBz*zV>9DvzZK|ws$o@laJj|Ri$pzog+9&R;Kv7O`lF? z`14pKsL#Pk>W%i+SFuW0pSd?)FFW6r-iozn5V%{2zQblHPPX(`8Oc+Z1pcn7L4X_< zi1p|%86T1ZOdC9aY{IP|++i^c4?y2abBP&RvwYUI1~1cKH7!PzF3Xx4-#wjt_}g2X zd3issX2XM24^W3+BbC4kQ{}W!y!inB%oa-+5Ch_~p8BH8kR27nhIj$rSN)rLa$gVj z)*g4p&(=QaH}RxHOt+bRbO{*r{m$F<)%EQBC$|-UbHsX%H`3K%94eD41_f~AuLEpI z$IZ8qls)&w)j(Er@ebWAC5RY`PbCHIDPB}^l=8*bOF`5%Vl4;QM-#2zvPTL?Q7Hf1duV zo%Dux9i37AG2H9F3I$k+>V!FIVS6)*!*5gopkda0fQLEC$T+9~>$SINO8&m0+*`ta zVlW-MaO-Sf@T9Fg-lC*f-uE%W`(Dp4OY>CZyICr%W$tbv+vs>6;b6INBG8=<7)p)bQ3bn_$(#U3H`aOI{AD*8on-l-R_?R}rzbk;yqs!gmjW;^fS_c@Z2_?zr5AH`y!4v30$+wmk&S z8C~B$G)|Pp%BzInV8vZIOv%`5G|7gckXFDsIpjbc$dmt@U)SLlg{go}KHEDn3;J)0 z49av1FYI&=-sH08tF;vwx%_`%I5r*5ZOQ)lvO* znCmaQEM`kfG$BuzE4a;^I&)Tg-x4W-;HKdu4c>mb9AywU(_du-YcUh^3YCip zJ$p60U!tL%itYXp+x;eDFDmjc&IaOs;%r?Btgv$#sr~!~*&pdCFm837wHD9A-*=YzDt;ZfJjS9jgQjX#E6H;cVvtL3&2mR5(xF21CD=^^Eqjkv7_=rZ2 ztd|<4APH9M!0wwD|BKaUuH6NL#=f@#xWw@+cNg+XlZ`idVh7zme0YQ1;Ok&*g`1+$ zeWHVwGfI2=jnvo-CJK?&#fPX9Qj}5=p78MDUxib%aY4nq9EK^f^Lh6b1 zIu`XhHrAeVJWjkL)%m>V>s*#SREnE_!%z^|X{3f>}3j4Fh2unvA}#^V1dJ&7gq62zVq2dt{vf*Ky&mB68})5((?>mNAl?n;>4p5{%m z5sTp_(8BP{x^mQikIvd#MSV$^q~s0a5GX}%%JG_} zeH@2bp@L6~6)9IYoWC-5#{2k}9LGuJRvhHvTG89R!o2u@t>!^W8@k)xqiq(EC8#_- z$BcMTa6PK6Y$bV^C3dD}j1D_NR2q=zAQjHS&u?LwuPJx?uI4hpOqBoWTYH+)vGyVf zC{AiDh5)WJO`-x`QkY!u@a$d26<=xlxTdM+gI$tGNg=VI;S-zK`OPCJr2}Wgx&|7w zKSA=Dcp_C7KG>PFx()>x8`j%dlQEFgx{Inh76x1#8zVJ#JhZb#F2{F*#$r(iL?TWp zt1I&xdEOs$omq9AgN((dO3JTx=A0*J87BvI2K73_TKL=o6k6JZW~<&qLJGRWw+I>> zSwCd+FC8Ycg`Psw-EIU0zrIlzl(2%ky1gG1E;_7tFz*Ejcy*0_w8vhrIE-HlmS=t^ zj!*U-+kUUrV=}iJnYTMIVTw4Zrk|~omzmx8MNCe`)qkWNnzcI^c01sv6@LbMY)o|~ zslzUNy_h-H@?TWzBK!Z3YTG$%|36UePpSW)+JXNQsulSUs;&QjquSH|C#nr(7~KbZ z-h#kdh>_b5dv@w3M!Hqn4Ab0ILGO8-k(+hJEKp&&HW5*BWnDKJlz)1lZTBb;i96^&U*h#IZo4W| z4i-OTrfc0>H~zL7XpNSs=E{84{xS04b}ZqZW#tn(r%(L5#&6-5hnHD@Mzm_&5Ib5q zmM=k|pP5=V{v8vmYe0wq5&^~?z*a}k1iKcwh59073j4g{XhXu0^M)XHv9*!iuKpE) zYfYg+OyLT@()Nu0Ead762F67UjaYg1;*L98+yBdzxoTI;@p^)q-cU}mZnuO`PzW}%U2ly z7D<3#mjkmh=GKz+GN)!!Ac2hEM`ddZb=TreZdGXo@m)c~QPi9;dVlBFL1Zo`|IzWl zwI!k|q-jgU0Ik94FB1Vvl6Mwe0p)@pKfZr&r~Ur1{=J=d`Nv12QdG1Z!jC|7QkoQI zr}nlUff2%2)kylMzk#IRy*nj4iqb0rQ<~>XMVC^5>J!$3)3X%y2CMSf^La9L54q(QBq)hWU}(Ypl(9W*HL)@_8QY764^ig z&pfu`!pcXf{-$?Ny99FC@<;qeCqL8QfDOWn(=Hv_#+Q%ypc&pThNUnZ8ju-f3Dvon zv2{F8$sLava0^jK5R&VH;_C6?g7qphM3JQdl5s4=x5DTC#)sV80I{XFEUrcCw_f%@ zD!#`%2kW!FF5e$!PEZwTAA^GzaZ%SF<1Y`AyiZ-Ry{YHWR4KG8$Vp3ZW`vS|-0_mL zZOMO8T%>5e=rcdHJmyK~{`s~sjbfIoI$SW!OUH9D61tv%Dh29CKNCK&HWQ80fb_&T-|$7)nT6FuNn&{$)evPXP;h>HL@?fcX`guHijn4i?bvXd&NkI4W_DxRoQwr5?B01! zdOd=ZDqi))cB_8w>|BEMU4Ae+nPsU+*(*Aa&i0Sop7~(4W!kF%K1%&ZQeUJkLF0z> zsdfKJm^_T($l0#;c$YNEK$Q#VDa{-(MVz*$j0JoOu-3VFW8Jk*D{zPh9=A_c0nJj< zEGP-?VFmq8rzKd zTv$PZ>j>AA|L!VjzFuFRaVb&0g3{k}Rzv2EykA=0AQE1BZK)&?y|O?$TOCa>u3dL3 z$X59q%B+{*TiR>aM%{;?YVUX|3~I7zPG}v-DmToJ9zt9KWZ1AWobp5N$=Xat;JPr> zvTQM|U5mBV>KmC^mllm`D%rk{c(boggmEVLuc)-++B<}C_LYx?+7IW>&|WEhGnlHb z4<9|>kC*51i4O~U@oI(9Y?M8!n&UM|=W64(*TQXov!>MI-Xo7|xWaB_y)M|Q!%q0k zQ@(N0w>__CEWtbyVya&(`r>WXvNI>LK2HjMGfi!f711A;?}ufFA6NHpSN}lsIs8zE zWJfQ#AanJnF;Bp^07b}A9^ky^LFzYlEd_un|CkaB-mks~!X?P+jSl$}%2=2Eb2^p! z_JVC*sm8$X?|Ccg%7!7c&$#*`%$siLEg3JQ9oeW&g@U7xkjikn*!gp-rPjUrQl9xM zd2LxzcE?xMkgWArRTt9ZM+xJTMNluD_nPePQ$83CtT8|o_ z$|H@>!0k3nIA3T*$(@~$yl~xcsIwg+K4e5k#mt`c$gO; zgkOsx12^u{NE{8rT}Zyp#(etYrt+1SRX^|<61r~p!Q&F{aK1cmOt0)TLBCz>p1rI+ z1$;gcvxKD-(2#(PN#N+2P)lnM+VojqNnMFH2@-qOxi;OmfI`~|T~kn|fxg6_H_yFi@6E+i+*$z$`C=1VjNJSMc}29xz{|SIlm3hhZTI z(kRdcv}Fw!clN40P2AKvmtlW8?xPt8colYHN6%_u`0EGsqfhXWV4>*y$8h+-Yr>ns zwZb(HfjOak{tarl;r>&^sh=Q8ZePa*tjc4}!yAa{bNSKL;n2;@a_uPBJ+REPj2{Ag z=XE|@?{)$5Vce0uK2+a?Xy|2CePrKkEzdt09&zFnI=^)Z2ncuwC~JNUUMRSqd>(;- zw|M_96hoZ*P$KG!Khz&y@Xv1_ODiuDZ)B8#h$Zxwh0T6TD=PjQ3ib;qU?@^BI3D0v zb?}Dg>1){A;ILDZ&cFGg9$mWE(8zXuw!wR%40>wmx)EuzB#HEpyB%Gf7Cb(qi~KlK z8r_AN99dg%UN>NTd6-_%?{OWVc8GYQXE}XvJg*y`D7cFh7UAt6mR^AKPK0!0hk>8~ zn>fB7jAu#SYttKa@z&AS*1=@1S~?TKILiIKJ^5h)Wem~K&y*NX3Bf+ND-*2bA4Jpg zf5BFn6w!EMBW1GOq0(p!XMiJ20?C7xhJrgf96G_9(my7b$Jf{2-a3LIgZvr>-ThGW zQ6Udo4O@_|!gmJS z_(^(VFgeze5D69vuponIF*>mr+3U!n$oe7DSk$kk2Nd#kiIAHGQ-k!J@L;gEAO;pa zPN8q~0#e3upbQoW)~wfO_Um*lzp!@@0|1Q)tXGf~@AT{~g#7a65)*D91U00)nlFJk zJKZ`ZM72t!vO{u8+y3M{g1$NEaoO+y^<0UlS$f5u24x@j-fN?L)H6c2s@-KCZ;r-X8vI8Q#s)f8U-*_Mn*{rBCmZy@JFgg)iDsV2eoO0;(4Pl26DF^#4>Y(m{@|Jii>WB5$jL=_3==Js77|e=> z^1Sh2L5F#S&!K}M4`#;>P;c8cdPW-Qa4g@(=7hMWFq8Gc$>EuY7P7#=DW`Wo$~SeFPZ;GP%2oVUd)GuaHR=;jjjr`gqp zip^{H-STMfHCN{hJTH_y99*Rum`FWxwJMTv9-*Iz-6l>x$j(2J`5=N3Hnu}gAmNJ6 zUv#(ke@TbO8-U)|50$t>KgXbeOBsjA5~2b%G&x4=cDtAWX$lGRMkj)-|i z6|LDvCE-LdHE}8r#AT``(07aX2qTOmJ^$*g43=>3%flTeqMb-X52k37kd_-4D`_E( z;LON2@adPNIhDSj7KSWr$-~^)=2=Fff#=XC2~vG{PdhXCWj<|5Pal8DCZAzoLwm7z z9FKfj$vofs{5x&r2_yPDzA&s(C6K!mvJ0d9LPIyhcaL*7FkH4ir%)~;QnEIaQ+tFW zmNS0nqKYr@<$A#H*P3}szN5Yg=b~a*FVE6L+Gs}9se|LUW=QFfrL-^z>=uK>wO4w2 zh0XWJvrSXSIgjbNVBwF)X5t?N^mNgAF(>1|>FleS9GMhgEZY1YyDoSgh}vP}hX^+g z(#*>um`dgntD1m5xC0DaL3K!HI-Ph0vBZU-5N+3fR6Lp*PJ>zBnm2NuC|9tal_CS}Y(8wi{rD25?1<~Z_geb2fh4xi!~k`$;b_&wK=HS~ zn<&2>JT!8;`Lp}mG|TOeXiStLIA$uOa(doDmC*D zLsWPlI<4^ndKh|T^8*m4`b_}v`!m_hG$4VV;mQn8ze|w%rU16bLyi*`3i>H9GkBCR z;_H)8XX+(JAW)s*pJ)|FP4SreYWIi$Kc~N3*WxwQx$IUGdnr4i8RtQMV_}Roj#&&| zZ5ms)OU{at1fwz}jfA6yJ$O>Gxk%Wj5B{hkOJNgX5PbZJ)|nWe$OR-=AUb81g6^D9*h($v|whd!_ST4>-_kUlOw4)R{XxaI?{cJssvtkmmy`Bw*(|pbxHYDUFPZGV5l(SP3P;RQ!LV?dD>*6Kg!-uge^3)AWxp*5`p1ZCUN5CxO5c^Rxiqx zA&XvJ7u{~jl)~)4%*}r=egpwMx=dvDzvCk<{e*)-f}#Yr*>V{d+`N0VuYCUg$;rvn zX!yzVxSqi?*G zHlmhC6M{B&Hm|&NCJ+Dt^cFcmAR+ioY39p!;lr1wnBrwO3vDdu_{IAsqvLi4#AZR{ zL>Hk_fD}i&JYC{eTP(*-T=$`GT$mk}Czpd3gP;W>TZR=fph0N$lDOq%;=~%~GyBw1 z3`9vL{=DpXR(s@h3D@F#QwS^;k{0Ub_LaPk!Xrxh=O49Q#f}$PesI!`b}q_FKDG5Kv-=iZ!`nZAm{#;0t)${Bcyk&0{Vv(uOXn!WGTd^H0Iz+;SjyjeKanawUD7iSP>u~G^i})|6LrtxuHWur1 z?WB;>c+YVo?E19geBR6f$)Gl+`Uz6r@q#ql<2P!H%U6tB%yB+++H)gm;EJ@^X_7*G zI3sURUtBb-qZrM`cmo!a(VR&{ND-8~%&QWvzVuhqS#WDpS$wazQMWpV4sg}TRIV*T zinNfYf$SqRT3}2|$rK4%%?o4W!kIO#n&$JOh&SA2P1T;sB^Lnao zZE;M!Q0he%+6HcvIHGfILTF^ousP^M4_kIbF?UYO6347LhhX5ftKe&M$9FIc?rCdm z+A^)$hKc?}jf3Mm3eLyRl#hr7K+GGmv#^Fd=I}`4x@oqr51Q(BaTZnb)*)P(lo%AP z^(?fbhNpn^=?xW|l=&7K6#jNGv#ru)&SsIxF13|uv2KB}ftyp_eMiR9*V)#VXr+?V z-9cqCMw-3+LS{yVh(qc@KuRq7Fq198a$QH?KuzKgn_mX@S_HFnz`FMg#oAapw1+F` z-o!p1D*yJ~py%-W5U$yfF>UYqqAkY}BbauWtJ}W#W+K<8r(P7BpD1ad?h%co|6Bu8 z{)3+G?h1@;1oa=^wvKgV#<4kKJk5(BR0Z%-tGxex3{EV4%hn@RUF-M(7xA~;y=#t@ z2}e+U=D{h`)ZcXPwHPIsKNtZ*;M;8>N?DX&mVju?q`V@}pTnVcC!a$~fA6chD2jF9 z@*14$a??iQCAfJCynCInJ!F$NwYK?BH0f(iy8 z5TvPfT{~Bl#>{iKp6W0;x%eF>^dUvYWrcF) ze27Q>YazXo3X}4LsI7)Zt&j=Z@K?#A(pVvLy2g8+FL2ti$+nd~EhX~xs}W2NSb35y z)$5&eoFdmDP}WCK0lt-fzBr6+0PJpONT=8G_qV^}7BR{W2#4z&9{cQnT)2=K8Lfi& zg0mD|o!RE#zSWsw>DdsEC&yQJqoEO@E=f+AeGnqSoZ#5ANquqBK__tL3AMBR4exMG zLDRC(%MR_?vyn)S9vAa?p~0dH347K%y!B5^qgUw*nKr?$Nog;#InmF%XiPvP8}pQA zuOhyaNa>q}%UJH0!zo>2Qdt6;cwv3!HEs!iCf0dDW~#wS+;|SFm^zek^pLhSJksArH%V*l zZgbe?=ax}M_QeNL#u^IcjYY*RMpvvu!PX+_o6cY~KpuB5I#hk!MpxK$pFyvUzmGx|eVLR;h;3F>F;ZEy2;?Fj6jGahnNQmx; zma(||rf1aIzVry=H!JoCSAEVGp>}e4+Uv*O?PqiF^B7yOl-C%D`m&uT(d{om;7RiR z=-2f*sfA!_y6`swak<3=_>E5TpG#PheMd5Nd#~#^-^z&T{yc(R0e`Yw zv3pTs-ipLRwhGt-by}5nw@wQ<3W8rBG#`k>HoFZ1eN(wF-|qQ5U!kpIF0CZVj)<{k zje{4&f#^@?x}9G+vLr!k>e3etv@kK;F;#Lty0l~#jYc$_VHo^jShV`4O})jegvX2* zv;gP6B?gE_?xN-QPk4?VPp91wqn&I@xEe1mM|yrntKT5I7Db(6c_d>vAe)L%jtr;> zMkY0k4!+=>7{DBIsE|zZkpI1N|J=;nI0ucBSqQZ4 zan87-`$SKO2Z!GiZ{`H%Q#U(sYfNNfSW61M_CdM*9zw~)jiCeR%>j$3uxK|abd&^C z+b{K-j=IsJA$ceBa3!itd-M*XELy|G5CH8SRmyY(OE{WPK((=txf2DFmuy-Mdrqw!RjoTyEE>NW$CgZy%B$mQd?7oDSuz9&rzP- zxP}Gm>-|cRO2=wLaGwnG}mCM4kG+Re!!=nj)*y9Yn2U zC-&cs-uyJc_K@dKYX`iS8L9QJyD5C<;pw|hm~o!NN|>;Oq-JJq*xakT6nS`pi|wN_F9@L4hjjxv~1dq265 zn)`Ai5m7AEZp-odeogI2$%GK_4F`MD$&27S%Q^xCJV0{v*hP29Et>oK&^iP%s&lGt zKmEwJjtUmtZ#k$sb6!g|xG%;x!ja$?_a(~aHp7p1R0nD)z+!sb$cpatgCuHa5FRZd z8*T$*l;(6#geV5AXr}rDe9gx%)1icA$J&BE2=uSF{89~G=1FmLZBzY%sBIzPT(F89 z8yJ8)cL$h(F9o?yw}wuFXX8*yftLBES!oreUITFV>=p^8Fco%B>Id8~GXtKgF5$}k zTgH5U`Cb>eA04A!vvg9Z9ic@*7DB4(Re&c^;{SBnaJ5Tti<%@^o2unyOM6TB^ zURGa}JQzR-M{P@YD=I62gza>J;OIBfl#IfF4Ykw}>BkHI*X#cYS}a{8vP|hgb(C;k zv%VseDLQ7w458YzvA`a7x*2&!!}W`SiLTV?K<`w~3@5m<#SI!Vh2aM}0*KQBJ_yKG zgy>9r4(^&TaS^bE1{I2m!@Qm?aLga&vD}y96C1?E!0J=f8b&)ORCE`I_+ZO~0wY;C zSptSvsF|wruQD|is{|yZ>$=S|uId%LXxS6+*NLLYtn*%yi$_Ho7fwG4jY1&@{F9Oj zjB`83t?dZIz4Z&Y|J!dOkGB^*A9xFqWq{IDhlM&1QjXv0hqi+e1pdxLHxlVa7|e9R z)!jA(6d5&LY*XGsuz?-e$_qbPLqKGS4K?+W#_)~B3kXmYr3f&uVhN9ENY ziiv)i>FLe=bi{soIZZ(ZuD6jSV31&bQ3arJg}vg+K57>pgD z`sZ-Cua*@p5?lU%Ue|kS3}E3}$QI*Hkpp>7Y_VS6t#7#d^ATyYrr?x03{oE~6<3MT z=##u{N$PkuN*9B)g8Pu~{g^WXwn6JUo2XX!b6X@j;L}mL#s|A>Dbg04#!3aG%-1c*11$S6}LA25`@cKp6w87 zZ3*#V^I*QW6cpy4{4yMo_+_S+6S@G=%m|P}#w*Utm~et7&@5ymnTkmNv-D};wd#?r zGvkUW9L)EZN5|mz2FxJNHxzdDt6)G!kU>xt2tOFlvD|iyad@+KR`-!sNX2F*SJw5U z)fs0gOIbS^er={5D4pxznS-u$L*&*xltqJ;l&ozigb$r_5z>zQ;a#2lDu4*3M+{6# zD3evuA}9ED>Zk7B88X<)7`xCApZ`MsIomKL@(SuxWbILXM`HSOS|m3&a0YY?`01*2 z0J8xG>+>~_S-0}uK|G^@^`74%^|*4FKf#lo(Vi5SZj}O^-=68&g)060#7XgpWs7CK zTZk%R$455=PMGcYml#yg3}1gPA_d14oZ`=EcmP(bgamBkqWIV1_^#YI5^OoLrOkBI zWDdD!Dr`w|0ywh%z8*!3Uq%)r?>6fag|@zR=^EXE;2C67CL-m7MH&wMPZ!3kHqm{* znZUD<0o&ustwdo_o#{o(-{zu4M%DAww+xxn(MYS&>v#xu@o_a18jq-^87-EV&y~dZ zM3go&$O}uHr3p&G{0?_~*Z~wd)+|zvBv*5HWcC?) zlukMnUojBnS|_m=G5{gla1+3$JxtdN0|`Si|I`wJK3=g-J__^6Ajn-n-e-O<0~QJ( zxL>kLKryQ15mkhO5b_)O z^hR;+H7D+w7Wi5O3i0$`r&SP?Mz!TWY9eZEMv}5qIfF{U1f5p^dydL}IyR5k z-*B|q&1pZ?S{b#{h@mhOUsJfIh-)RU5-zg3Wg+59RBOpZWQi9`Su7thednQg0y1Wv zb4ftrL{Na~*zDB~QhiSWL}EH7c+o!<=HH6=Z$Ff`j{nvSQXa8Z1cEwTwesiMG~7gNEdKtOAw)z{V~O3+0U#^+b#G8)2GGk0 zD1L2mk4>O17CbZ>!&o4^YX*Zu`(0970(bfpgdf3f952aRS5iYf3NwJ)?F2RT9WAn-> zl5|+ob6wE$9`cy9leDXrVjrAb!TLlc#^7=Pn>+<$L2ht>D6y(H#Z^9vGr|?SyvWBk zi*$y@P&zJ^lc=u$-MiIkE(wARKTby(_cz4_;T(sn^!stZY>(_I?F_fSG!V>iKF}fB3x?lE5jsxfO@)Ri!Gal#VMRH}r>EZ#h#C#_`Jf$-f1k zqD>FENZ}Wa53xzp^TNCsg``I?DYk!8J%(EtS)!RVS5Bf7>y<$j6?jkp@~%&HJeN7xYpdupe<;i3C>KiOwOA?mDa^Thv7=qc z^KE*U3GR$JiazlU!kvtSt2X|T@C{9ZK40D+>2+QKsK1cQZbnQJ<@fa69G*CVbAjez zWlQF_q9y-=KUQra=gOC|gMNV+u(;~bMq*%s;FHX%%e_Y$?S?;B*6$&-UED-ia zsREsXBu!CZ1TL4lurl+RLhW)1kXrL9BKvZ?aoTp5FEN_b#gD6_D}0atSYsrl%BX$A zv)MS`1+JLZN~)`oonYH1e;M^Yr_Yb)Y_vUFw1uwA3SAkfLD|twsRnP0L5~dAWC!p3o+@(XXegqpGzz)lkriyLG`# zt$S^zABQr*VC47j5pLzV@kfT$RoR?!n`koVGg?3jHZ(HQQI)cGYf#}-oga{@P_XE6 zFns#jpX(LT)(!3Q{$1toc;DFl+}~y^?-ppeh$|`YV7PI95%S>0)(Eu%LyFd;aD>Sl zf1w!##Gw2b(uv6#Rq@e!p@O{3?(HjHLs*bnuX2=G)r= z(cdW6!E(0{5}^6KUd}Okdkk5?Oo)Ypgg~?_1pMOGU1&^nx2aR^NuH?f#GHC1I@x&r zy-N=+Oq7g3lQ#+-qozIhRfDlA);$zQ=dCasAbPFpU1vuuDtSTS1aS7*1_xM=sHqgM zIir9!UT|W}HlRb2*6%l^ch4cjaJ1h7w0Y3%s!?&s=L_`F8~P=e`znP^1F`c(b*Ng{ zMK#~b@AJA`7Nte2?rdZVhaIod{JAiho)~obe3kmIbB)de8-~PJeMB!igQk`BezVa@mxRfzCXJKa-b+)h z%oXTy(xz4s(q}AOf&j_Y=iW6t_`kiPu!J0uOw?=(2~$}VoA9r0fsgMpwYy#XX z`NxF-%4(m*<=3Y6w`@kSydSBSc-`z;EmYvupeSD zgVe#~^Ab1je$K;sFkOGyRG>bdDp+7H%g>na>o;QG25fD9f^FEE0h6dBu^WwCWQxU$ zp*p9wch}X6V{`K}u}SVKt5m_zxyruvaAjc2Y_1gfKrGu7!C2+|spN{Fs&@d!0uPC! z4mU@Mz6HQ05%rWA^-IjoCQxnCn-d-_$Swx)pG_k8+HDT}*)-VMgfa2nze(pP~c`#N%!p*QVIWZ{P%cNK!)IewyL zel=_T5+y|>zc=wAPJ_=%*x8`x7eT~YrYy>o3aY97W#rSdLf1>XjK323ew3P9b-!>f zN695wsL-0>NfBieh)WFDlRmCYc1qvce&JDq95zXgFB7@8Mex=6T!u=e@?l0sv?_aL zEqU2Gqs&X?Ow5*ZXtr|VhX1n@E2F8#Fq;R3Ynh&< z>q6^hsO>OgCg^xfEmpsebaPp^9M{!lezHrKQMUGXjd_V&j-bBb6u{NFyKU;6ym(#C!kP~tQtrL!^n{m$40o=! z&McL2Nv+Nl>&>k)aeflGPlF?kH$#`d@gU|EA_&7*-*bZO#|{HIAlHAl>ZE3#$QK+m zclMj}TcVKyNw)@_Ll0y$lsy+f^Q?zUGC=8jT~Z3`t5P(amS! z#*H53F%LEwW*WrMcj{QaM8C$dH+ne&QN?Cv7b-H%S;#XuFtOA z!&*s&@Rx1*@Zj6aOZDnH+@V{)lHpQBDC8;7;!_98qC}yOZCt4~+(Haw{uF8DOyJWB z;Hot+`+UgP_in)whwimEsANJm?*j8r)@uR{)}OXQUoNJ;K&NmrJs@soziQ@2fm$ML z7IeYSTIZy5I>cfkb}4_pqT-PiKKOMhphBZq-a*E5-k+4;PIj$9;*6V|tBSBT8;}Ih zy0dL`5rc9ap{B5z#0<{P);2bHxk;8JeXRLwbnnQAl|MQLL1;TY8B8-7oB!<&2iKLa z_@1nBa3)$25@#xUcE$=0S^5YBhhCj1HWWFeXhRf~|nujFi;-Jf~ zc?}@$2fGp=YjaA-cH_HK$IU~Y3&=O8HIO)|3P#K1O(skIn87|f(*+K)XL!cjeyvde zaY6p1zc#!O?0(qzz?2BY9_#ubk`pV^C+ZSarqJrm8OsfYM9rIor-%3L0OO9y^c*{6 z5s4>?^O{1<^kg$?oJ^29UFO8y@?=sqnE0M#2D3>fC59+m4R)_bv=rA@3yS9p1iWMj zJt9a+>?HX7&u|Z+El7wDK_7>WwZ>SExbuxyjAqx?TIJ*st19pY~t%Le4z)qo#VJq0)L#|$0;1-he3s-q>_Z3sh zzMfJ$`NcKbFL^08Ir4Mva5`MnABmQo!7R@QTMm=c5yvM4ra`d3d?V?qGl!pacI}js zxTTk4!W;v+LN#4*s2R1uis>WZ9g4K?4?OXHBY^eDTX1;YT7uq(orR?9%iM!H>o;F* zR-UJwzE?83s>;ZcOEmUdg<0$9=p6o#$qQcpUa+H#WXsAxir8EY0|isMY;KNeEJG`g2bHDNqS9 zm4g_4VretbBtuVqXR*?x40%g(W0+pOhy-k!V_tgpuufm&jv`>VIUn#rAOvLu&q6Jt z0g3@pylJ^hHr@K8QKuAp*Jp=}AViuJjAjiGi@Nc?NFUGGO5cKYPo`hgpeY-uc`0&j#G@=DXMr4 z-6QlTbbjOe@UARH?0Eae4Va~dUL`gY&ONrpV3w4qs+zx#+<%vUm$sT&szM{QHLZ>N zkr61Wv{_XEa{A#sCocXC=!)Z1G99QUZ0JXdQ`j;o_XQc3gyTD*mTZlU+%87&X;yLp zoaG?&SMgrSTChki9BAXOh>fB6_j14=$3n3KD*CTn3vTF?! z6d1=eaeYj(vW^vfXutp72O>fCYjcQCdnhl3Fn~d;yZ@<(;2^4X{RK$+BU4$2#ofb( z?w&tj$4RO(oD2fv;)*YJr8*V!V=?Q|cC??cakJu+VV#`e8@f)>MAT`bFlbe7_L?dx zJ^XuCro?FdRDg9{VESsr)_b89X#U0#NTitG-k?``XjYGF?o2Nm`oO0 zvXH74UC!SoVEbmx#pOI#t+g!TTH~oF0{N7|`c_(!KXz;Rsu~KFh7AO7meP1EghNT$ z$rwm-9LVkoojEO3g)*{Y%nfd(Pr^hnT^9s|{_7(H_7F7mG8z9e#BJF7j&mFvQYtp) z1Ti>K$EB1q&4LXTBb_@&=`z3JL@mrhUQDW)_kb&um>2d8i-}PDwLV)J5tR}FAWU&m znrbiP$r%vxlsBD~xnPBMuDYN&SA_rxKEr5~5 zXh=EGQNpOaz~yq)(CaFaXBc5V&~`+@a$spF4wn1Dr zspl0lp`}amxKnv%o>{jHf*6wbk%*Q3qt7QFcf>z`L?2<{fIt25zdtI5m&Yco+wtVs zpFKZyoU`YrS_W&?NO>iVUIW54_n*4*t z)GO*93u&`Uc96=n4MFgq7VO-&+xUq_1a4;-prfJ!$VKtGz2dKA-ct9R%-iZamgx&b z`iZ7I+tEkBr40c6f!Qg$VR|8@^}qoym}NGLpF)`kvPeTxP{t%CDGf@r@Un<|>bvI& zwZ#)~5B#nu&~K^x(QP6DFiC!8wpiCX6s3gZ_rZ5I$J5B! z0(U_3&CrheciNy~5HEnk;ivtnc>BtnULK&s=mO6;2 zuy|!4qEcMo0QGnG_M6dG&K2(1n*JR`9;ASETZU8#0v-jH6rgX{tXp~V!*X=)t5gT@= zSfJA_S@2!emR;H_B$q#*MjfTD8L}&Vzqos)a=u&I@`VHtZ23n{QYtiwQz8j;Bu4rn zM;|RO@<$j^P){TQ#5jnhP8gJmG7<+~_CqvM;v!`^;W3Gf$?`#0-xAoxV=pEbp2FIj zQS4z)5*QZgy1(D@|F97nM{J0r;&eFJ5l}o}0{c&h2PDQRWqb!+5H!Vexd&2S-i3t) z-aC>AV>}M10QK?XN3jSvjoXmlmoGT^zPZ$w>fU8z_3sgqV}bhBZw1^hi{Li4Q7U8r z7ELaxvEb!huQ6+?(eQHSeBVHp@9VUxy>gmHpo-I%hF7AZofKMEJk5t*pn2d+<<+jL zc(oR*tcvRFTk4}>J+mjBO~eF|+i_?}B6gvsiVl8Buyknywu+T~^b5NXYS0ei`A}8v zgFM-ViKrdZfxNW6a-{?2=z>I1*(m`kN)tQ{>pW%`HBVn@i<-eP0=c|_bdeiJLJS1j zZd9AZdQKWkro|x8g2HlNLMVXV20zFM&%_T$Bi{E{FT1-!*=h;xAb=9$$AXsI%hp@2 zm#vlvafXMOOWeZYf_B?V)?2NX1in0$zW6ww4oPYY?@X|Vr}%@$VtwRTHd{4A(1)W`)yO0C4(pPzutfQossJ8gWE0?=su^8Q3@J?Mf@YTGKpE`Wbu-M* zc~?g>k6#x{Zg~=qSPF-y4CO!IDEa^?-!$hL zP=itgk9I>U_*OZyuja-i^M@qEewo%~Djs}(@2X@x@7;m;!I_N0dG8M1yH>B>yO)=) zl)-PsdQ_%{BJqy#v}K)EKxPSY5IEvb{`97rd& z5>;}O12R;JLXv()9RlC1j3JQ+s8n{O7M0F-8nPdSlqV6M7nV26vm}Q*cQH~2k4Jf= zXN#P2Pt}fk0Fmz51tBr2FEM&+EDq7Tr*JtUdMOARlF5V zQi5K+JU#pQ-1qy^aGlWcL>S1LjztleG0SP?n}APZSVrl*+Rt7Y0vR(R z_#puM#hjI>61qN~0>wNjXsbNWVU=hK(}OsVB17Vaa-0MKn)D*RPc7x+_ajIS~Vo^HN7rOY_$lyD-56M zw8hO{37D_jMY68$Efw00iex`4oN7vr!}ujE)Q9KcTHWm9PVphmXze3Q<#*AW%16t; zBGtFEl;vW{pD-r4&v6!Ug^E}V36A8-CHsO%nzB@^xm{awH3_tcD<;@??n zqDk#McG|S4DKfB;)8F?$i5~VJ`=5OD6Q~4|IhfJwVi|lXc(3Tx#l?l~`(f!=PLKZM zZmv=FC)qTDJ$dX7YMvFb8W z;il+04M;2`;So#bDIHHT^yh#j^S`0p-tL}eC&y9cLIejLptpw!4kkoH*gXX~~n*$~ygL=;X_8}mwm@F6x+0ANFiyTC|bsilu9 zg>dFLe;4FZ!;S$(81hIK;oaxQN6%iIKJ#|{-aj1YbqsfOnDiOLxek(s3uy6$nACWj zD*p+M(M3wd)Y(Ctjj{`z631wkCGu#TsHJ+!qfaqVvtM4m zK0|L0PfiYBoE<+qMK4d#(aRT4kI#-@zBolMe?o^Z{)v7)e(`h%5ehjc$fpF7wz3qQ zB$R}Ot4uepkN6myBEs=F7jtUNW&}=bRf9qtFsYRQuXV@&)BW=w@UVo$9!?TY0`L4U z+>6IF{^Ti7jb1|S_;vY4E<0V=6M~)cMQ!wYz21}kefYQ6>s9~l_xn%&)Zc&nWOujM zd(z+iQ*ZZifA5Dsq26r}AmDC30f{Wc6^4XvRr2@|_8rk^#E9j_A-p;H?4JOK!+6;)vmp zcOy1t+~ioD;`H24;<0m1<`9)Ua6Hv5#}h_*LQ=;=8JQ+RS93fx%45(}98dSu5vVA? zzNjuknDi2iP@YCB^vaRdRNLx8Fad6P&7zE0Jne2f!eASqNRFd3E06Zq=H~ln-RFAp z-wKsl(8dz^-|IiA$^ZRc|6cyz#Twkmvd+&y}#j{FNVJxN(WI49f} z<^PAD(?rL}LEbKBYs;~JYcV9v#Cth$XP)cLf4z$F?uWvg;%7-&8Z4RrKkWAR%JYA( zx7&YwKmTvz`TV*22+inp03I)4hl59UD##K{$N)X+US2wmDCV3H*rCQ?@FLr{W!-?| zeEy7R97K6YkSp25w|E1>BzytDMcW|_GUT3>V^5O$H0@F^V8It?Zy%p)3)kL50+eEkd#_z6`8qS0j~ z5(i|U;wYy$3ntH`rLDDP`FQA@%m?W6X9TBeE-$UJRO5uhE zUmYzkK@#nVCeRo3N6s=*{VJ-HIMlB%2pvzd0qQ&YgI6C%*!H^4I0^taJC3piQAICD zs}G}qaH?+OJ0t1T90~Y_#&W^vU1Q+Pn2E{mB3I6q8yP`4c(PA)gvcKV_Iz}ks^{=^ zHL2lS07=A28LH%$b)d=`C8&zt3uvFQghgyT|COvkdaF_~0QNhe^2+2bRh9T6`z88P z#ORbag(i%{VHkH=H$l)_yC2=khR5oCPgqzH`vIFKEGBVgSPnAc{U+w7ybaMs{u^mv zRKGOQO+bY0K^Hw(nT8fxniLNVVrXzsP|!tw@xhd>A!b#9es)kD`Kzx=#YhNwrezMq z5NSbI2%>4xOFs2BDtbs2Yo>?l_A9aURgq^xg4_$ZIfw|%`KvJszp(f z(l{F-7bi(2M9fqgpzpYAQ@+-mwX{`5?1OVM-$4&RUH1)vrq@bY!OraXv44z zE-2+$#XzcAzqNYcAK7^RTGaM66x~28WLvbURyNbZO17!G-7jTHO5uWYvqP(c@IuPd z9Cl=fc{nDSzuK53>U@NOR~k7^rZbWrv1x)+g51CN{oTITbL)CfJ0JKR0}yl<R^cK_-a(D941+nSU+5wR>hrFtI?}CW#ym$1=PY#k}gPD z{5u=2NHksgHhF6(l-1QprHgKkJjF4{6)9v@SeZ!u{aa@$p-60$P&~sK8RZdQSxnhA zZj)51>tBONN?TizK)Q4barEM&iY@qLK`^COD5C9&ufwp-4gdAp4L6C?jY#2ps@?Y5 zb@JokQISD$#aWdOaj=HGx&C@D8_cr_OVur!YmsnK_05s;=;Z0D1Psz}4f9K9 zwqJ{MEj2eswZm7(D&yITw8IJ26;>x@c6BQYaOo2Ur&+p0OA!UnN zfKgQ5Q8^jRJ+kGCAl=WGmo7pk$l2E?{RCQ++ik=3%qba@PvGQ+14aagh>gHAJ!;1R zU0$Lg32@GdgiPbHIgN2nWGJ*QOJnr+J%3NEK5z;Z&bPRbymEvC0u&jsJPuuX;>&j) zJvxJw2Pv7d8RTgpI$1)7BQ}1>;r^6q9yg7~qem+$)#?s;3)j+ouqfkx-k!bdd4K&^ z=h3_W@A6-dE-xRrXuCun^aW+?6z;l4YS%)*0rpwMZC~40_MiA{%>OG-Al734{+;bxY*pSF_ zzT>>+cuWRz({_d<8iF$LOf=Bzp}|3IXQ?Q}Rb-V9cajkwK$;yl_$GIu6P!)_jG61e zdOa7p>IP~3#|sFCaYvLyAykn?y z5sQzy7Z+HMW;#dPBxM(RkreIf3m-gmWd17Jd!?>yR2K}iu8PY@TI_IENd-X&zcU&` z&_bOG_Wmu7!-o1=WAs%5Pyd*|RtJXd{f7sDqoV2H0J-mDeQ(VvdUkU1@88+|CFb2?$$oXt&?8Cp=5zqhBkASzPnX)-jnR- zK^h3pjEgF-&xv25i{Di$so0THu{uM3k(c4!@9KZU&&KpWnKtVx`rqST|8Z6S+q*yi zdppk>`k&=>k;!A!r5tdreuMgEGyy&wf>V$h%Aj%h5sCl6X`v_>gde~ab{OhY;*JhRcUI(&fK|Ea7scApO# z05$Zw(s;Qi^(D#uj(5M~;y<@iwmNnerX{>;zOQ-<68!oQS8-UXsiSTpJO*|*BP284 z$jt0$J0wX;AT8+tu1YEMc}n7tq_6TQlC`*YN_7@Y#-u1-nUY5BZ=IF>o%V0Lowhl< z%9Jf(WvS5CdohIoJwemz%&_@H9lNn7fK4OM#GBSyI6ydoYurn3{l;li{^gXKRtY4% zI#S6kAwoxJ+l~>oz;s|ds$>~dFfBC{Y#;Mh_Hj}jW2<9{MdWSQtp`4NP&uQiSZ zOkSHA8)x;3$-9KT8}M1q#MlpB-M(Mw<`6y z@`S6e>X-WViltfcP5r9+r(ap#XbYxsMEfmyNoC@71>3GI+A+1e$8qK(cqN1|+GeRr z%hE9kLR72*jz}>kWPpEY_e)EVg@J$&ivP6^fFI3=wibDAi~4gdo_@ z68vng>R&-H=xBsj3W_VWoMkLquVyjYc0+{JU)GM0s)b0w?b3^bbtG}F7GKft(B+a}jj`0|Fq|}C{by*@vPe^`E$1w>VJ4dlh z-at%NA4M3ux^qHC#T9;bYv$7KT#Q>+YhqhwKs_7G^1&6bf0LlaGC+7%Si=^i7H_PU z(^kh9Tf7Te)w|SER827dmCR8Iv|A;F%FH9T!crmTSE{z8c=LLV{YmLR~(3cOXzPY+D!oL4OW)+(Sc*#b>sP`CrWRZQ73#w&`bqwr7{q={BPMah>l zlBP5y=!?+9;s8C_gFor?G#`!VC**oTk zedjHa(4l-L+7Os?a|D62X(@MRVKqv##Y&?HnK`y~=DZiDqAYmA5)yQL=Xj)J0VNP~ z$ikvMEgW1xcQ{5NkXP6)rnx9sGbA;i=#Pe1yvh;OT7i}5Zkvz~Vig0jGQV1Q8gfV| z<)zc$T6()Sf>kaoL6hyS!)%K!#x$dbs>XedMe`F4hMh83lgomd^Gj5GTb#UWOV`ZJ8fkw;C^Qfe`v2qod;ia^JZtFxX8TtTwOTe8tecu8N=v2QP(4-Wo0{Ct4^IxuW!IAk$_oY3q-?kLbq3x2sfsLw`iLr!zKd2EQ^fht2BoL}HHEH>b2 zL^G9-_InzS*mW`>ZRy_2c7dj~;jqte6?BwYM4D6rX0?6iVrNa( zk8KT0^+UW>ujobaap;eVuf~<4m)d;xjYAvt4^ziZ_2kOSIB$N-X}E_D zmWa=%Lnim;RsdaiFB;UG%6Ld84hUvAJIyf-i$s-Dwb8yOo)4ApeA)SQB=?InmpyXx)6Ve`-BNJ(KDbRl}#Iy-G(7dWzo!2xnzWR7*JxmkH#h=OVo3iCl1)qs^0v- z$XDGrg%uBI&iYlVDAjc|&uGN`G0A=<^Pf^S6;j zS*Zs)6!VoeZL9a`G;^X>F*W)0RXRXMSEJ!t7&S1jeQvLc3S5eDr5l0jz4Gc~^QPfC z8F@`lGa{DtvZ-r<+Hq-|=jAhQzS7VtgMXT(rYGAGyC5mr7Hh|0luR({cRKRti+oB_ z8lZj$ZRbf+FZD&;t@FWco4-(=2b9)ib6W*6CZA5^=KWz5J*OG?tlanS-&(YQL-1dO zGRLzNJzf>Kec0SJlqgD+CLEvSqftZ}r(UzrsdZcs>P0@Sp|=2JbAW%zluT@fZ3?Q+ zIpLP(F-qCAa;ip5#vR0jdVWDU#7%QVGj(^ERB`mmsmz8IEKRwXtZQGYcHXFiol0y? z=TZiKqqd;ksTL?-+Xh_M_F1Oz>CyMBo7<#f<619Egc%$ZVgBy>_+cZ&hXZt&j`OL& z=Am8vA(~Ro)p0B(M*TA3Z%6B~JiTyZcUrh+CIZ2ky5#8GgV{Voy>st8z zb+32p+1&nr#!@^cS2+LO??2hE?f>83|8+ah`uBg?x44|jK}T@ruTi!tt_Vbd;^3LN zo-rWJyKz>5;$or25pk8K3Kx(1064ee~)#aaDJ8)U_$KYIY9Ga*GFxD=pk4 z1-V(Tr9N$wKVT!cRHRecTGETFT}B>ye(%0_?VD(98)8{qX|yzB*4mqU!G8CijmiJw znw;7Sutfg%p7egG=6~$>_wMEYZ9Hqq|2QP6*-?-iHfDQ9v%;c4>V~V7Q28#UhNYm{ z_-P=K6cx?}VRyaco$(JRO{$gLd)s#KbuCndVjOFuBJdHZdweQf)OBM>ab_pQ4M7gKNBvbQ#vB|A3 zy;pCcj;CL)C>L59wmd|sj{0lH8QMEz&*Iq|oa$uO>ti<3}S8Jyn!KEX&a4*+HPsv|vO|cr_!oehZqjt8f5%k@%Z?V}~3#&}_ za`?OW@Sw7@Xo{)PG%eLa_$)YH!yauSPvN9wMu|L_L*k64$~(?R=;3$#p>ioA8Y7*) z|H0zT*ov2QTf0{aWXc?3eK=_Ih?X3uGckTeID)JK5YYlRs&vq68d`xMB^NznsVb?Q zmoSAO0x&``i#=6(6_#s{Td0Kcos)UL%!d%bw=O4^+N%bDs_sKfj`^078A&<$RlI~f z0r;s(mAT9=S{>x8#ZdT-d(NFw)PlthmFQ8wzHPqH)2=2Rx*Lk<{qt3xjp_dvIE`sM zZZZLu`hR;h|L+g|d;R}bo;CFUw{nCL9{|xgl79paU7y;v!2=grDI7ZL*5zt8hA%Si<0l%2$o10q@5ApOeBl$k`}oPg zl@~IUIw^XOLXwdnBO%%rI=Gc8;_`AJ-iR`nmz^D?bd1>KK9U!D%J7(I zj#47JNn#a3i)W06b!w~JkO?HHgy2vT&uGeGd2kAjXS8P^QnVo{*GY&Vh!^f@@>DCH zXvMQiI+pL^e$Ds~c{U~gtsuAVhX8Yq<1oc?F<2u1ANTrCD*oTyz5VgmdgOR<0Pr&OVw~2!lmu_H(P`E9fD*EQ21>))}h>fLampp2IfuhAR)v*5prkq>VbGF*SU5P|k z1af6Sn;LjEbBnI5H}+b(H4pmggQ4N9FbcMBuzf^y#}?4ORRwSKl|)XEE)6aENdFh@|XLN%lqeM?7t~aDGrC)6}ZIy`{Bv% z)+ddxAI)Y{`*Y~@6#VQZvAPtxihw(?r5v!2d7`IXZ7heZpP+oAn95bpRTXK z;XIpM+32glYBu?B8cb+Lf-FxPchRZ{S;ec6@@&#>I#%F_g;rE(F&j@9%UVpw)cWL> zT5W(MmR}uaV!_DO>!tOVo3D%OpO7S?0kBA0cj_hTQ17ToTpguWv$#~S-85D_;)x;N zuytI*pxhfk(q@#a9LBFPT$6=d4ve&OP?m7$)C1f%?S#;jt`m8qZis5Uz1@A8K+Kjt zt~D3j1w?3>RPEf?P<{m_ENa~VnVN7~OtJqKN6soM;KqD88&n2X!TSo%91XSs-c=kq zD}vdu8%K9yjd8!C3#SdrH61t_>>YRC*y41ZIaX5YZqRvigVU|lh3m{SdqrAjVzt!U zuwzcl-!(?IP_w_uQ7zD4GNQJWY#K59{nvHF-HiW-#bdUr|EJ&EuipQ?x7*v>zxV&# z#&aeAj~L#kKmIu-X1=&sAkVB|W-t`u2q3wvNBV#$t&rdIR1s>4UIQxRY)%CF=eQ++wnVJ;|=qs)4iI83&g) zmAhQQ<>q~Il@;wy`Q$jsR&dD`VriK(PL*7N>1BD3lgu;M%5TsErx3aKy{)QjY|i%v z%GYosX5$KYU&SY&z<%4lH`R$X#{H_kw-zYZ^}Q*ucii{3vWKQkgT6@*&4%rq);=tA z(^wPg3T~Pkb%`!ANxt2oxxQai582K8MZdOd=2o7Y@&Cc4u;w7>viPsZd)4@_{^KY2 z=Ra@dxsv~He)|7B-@N0mbd&Jccl$vnZ#41?TDT!MUzM2aIr*UWMqGS0q$@^zm5{k| zyq68-KHBR(+N*Bi!;JnfaB6++Sg(@gyi;DKuN>(m8Sp;N>+ATMmaci5^E7R0;a`sP zRV*w3`fdA|pbIOH_Er5$jWDk3T>_wY+_$u{6Qf;qyGa+u%}lRrdoJX>`o`nAn$_rU zZZubS5gKWDx8u03`rL^Brzj6jpe6BN{UA}kOktJ*T6JDYIG49>(Z3B&9CK9g|ydidEw|-(uQR# zEr>2^ZmrR=;+Gejujoyw7i*+!yP01v-fq`6%#96QF;mB)>|Rk6vIcT3F0@Cn7`?I| zp`nTDcq}0Hx(DC+^lb zIh7hqS?yTtDLEx1pH`?)&y_t`ciVlXogFomaLplT zQ7doI8M0aPVC5d&i1a9mzBU`8%Owct%Jr$afNzmK$C8@LSkCFxRHEogM$FaRva;H09@*A_yAqIdGUt8*Wh;On->iVWxAmT?D^D4x~yy+@>Ik&eB@-3gnN*u4&g`o4dVLuU;h%tm-Uo zjsmL(35Jy0&d0S#Wn75MiDVaDnLH&dUvqMpXOs2EQ?c-J9CJ=yt%c^D@a9{o3JVHd zCz7y4?RF2U>AS#RH?8!(vdhkjKdW%tg4j8`WV>&>EP`7bUOP_CZvESLTrYD&NddcP zt!`cv)^k2J!?>npCV}2bmy=xaWb#ODh{@isOlk1QsD<+eZLE!HA??e4`!LHo_Lwau z{n3O3=iKbV0KEZ!fcTJWigKyXX#phE_}9*IV^;~MgDBYdkvkdBiBN=MfVa7s63!oTsx}RE>=J2sI7T>#tQacG8wo|CKo`%7CFiBz0R~>h4e;CiW4FN4=g9F56X=&t&<9 zS8kiFZ-N<=isbcrN=N$@q!+;WNvDdw9c5<9e zR37V$X-x#Mj>ifVjV%qupW|s%I_+2(doBKyLak`^r!=?A(U`;}#Tf~^s~@veY2TN% zFN>+ZDP%&N;pQgV;~rMf>x-pIrik{9cdTSEE$1Fi<8jSgD0tX61KnyDsigP~`J`7< zZw;5}9P`u_QkEHC|Eirr*qFPTWG`9pZAmIb|+26)Tlv6Ub%a^C?vqO`e!+k zMGq6OKt}#Lld?Q_sy@rBW@ayDT-)JFsZ#5XSw1S)wf#=MTNpnbeF)QfQ{U~L)%Lj` z%&<8zDyD;4%1TAXBstv-pB7_9gX-Me;+qkI`_2|Rn^2B; zo+K>IIN}o$MG*6XrZ@{GG#>AultehAGqr3M?{OSDTPP-D86~|fT@xxA75!fwAH9sD zIbt!?6eyvDq$r{>@g4u^>4#IX$T?f+2zU>@IXXolO}XQbY1W1ROY|Lo`0um}|JN@j zf)?w*WN6!Fis5?Zcf%KEFtuNB$6>JCFQqnmCXCe`gE5!6{`qN5@Z}amPzaH1_|K8ny+`FIu zxAJVEA88ijDb=&#IUS}#YdI1F?Kp?%-7h4XmS6vCdy-`dA9TAy{`-8=4Ozgu8B1uu zyOAvVL9xn~DANJ|_c&#FB1DR09~7}M4bYHe7eojgg@~-@JI>Y?I(z=Nrzei{@#9CK zSvw&~NF0(lphRi!Vr?BLc(BeZSLy)u{ZIZU9d*Mv%~(1gAdR?cM78M$Y}!?Si^ibE zfW@3e#1Z%-)AAhUiBMEcF+dC_^o?$K)_2Zn91f5$;pzA{oH$dGVWB#QUf6J-~E~oi4Z*nv~%^w56P@6c_t)D#O70>9SUt#f`^}Mgn%`VBzzj9Aj)}0 zQpG#3QUdljry1dn;~~*r8k3B0)c5;;{oe5;fIWZL?|m=p2*Z#F81VBnApyk^qH&UE zhzAog#qebd9Z&I?oG_LZOpuZ>jvEkD^yBqQO#Jf!L!t!V>%|Q_*ZbfsXRV*GEPIs_PU7sL#7Azx^8z89rg-ikL^C4Y0*f)# zR&6v#Tq7MzAc89m`l=nYT^zl^+)O~;@f{~5!`veGQ0~#yNF)0K`yq6M<}61SERRAI z(Q_ica6%CIl%*Kac*N4F)Ul+9<@O-S-8;eChcTit&u|w#3;{59FSsWsh!!Sbkf_Ivb@kAH7wsIf}o@0 z@QkH+OpYSV`7+-8dBV8#fD{O3=naeVDM60*3xWnxT8mYL#^VykuID-q4g$jYZ!9Fs&^?5bXv)GO0=O0LQbQ*Mhi_Awk(V$4 zoc?=hW2f}rWQ`X7@-uZDVH+%i`%1aphQ&aJB}it)Uc}Ctb>yILm4-vobqiU9tq@=f z0R;f*EwE^;W)06iD+TrxYzs^Ml3v8s<701qftqi z2?>PcIVW?F{IC#+FR|6K_(hTVab{sK86aNz5r&moOLMG8$V&pfSP<@g2n3l%R}G2^Rn^a14`jENW*= zKu=|aK*BhuLmJU+E}Ip-&nASXyh;tBTIkW;DkOPV(F)#sp4Y4oDym#v8AK?;LlUVK z3Ma|xRpk)AOzMYLs+xBK5Ale+y%CJQ5OV#L_^loQ#`2b#+o3HU)&tqEQ68 z9f&d9V+Z04`6d|GgqUl_1!hq+xGEfJuyHla%f$IXtKdcm8(KTLe;DMg#9|VYs zyS&}y@0eLfJ|!&8kOk)8!M3mqgDir|dJD}1IhWvon8UpVFCdSh-#Lo~dI#=jNQmTH zTzKgU@rF5hvX8v5<1~?=eVIGZWO!Q)$3}-p_*vQK!#8VE|&JM~Zl%pyBou%5dBTPLR^2bGol>%dS+Jgy>$ApX3F{09! zA-)%$0yW3LK**R73M@@niZiLihIBL{Ff1d2vpf}`!jQmbsO;*V)Sv*0n1@Q`1)qj# zO7#HIjFV_2j4GUlO0O^^d-n3VucY$Z3C;}e7bGQ!DwhsX`><6y{NIk_p;sxHfn!>| zoBEv1+h4q zcYO5j7m||2u0!oI6g+?vsygL?Snq(@8{k+lRfwhxXjB-xc*t@&uPnSi%AIWA@z85Q z1*rxp59P-iPP09~gw_cE(cMy|JwVP=Y`z2=(coE`n*<&lCDQ!W%Jw55EG+krUNvWf&d88PX2PDQRWkNs*nXN`jIbH19AtPKguSJ%gk2s!-fh^D{ zdI5GqWwO~_laofE%@^TaCWcx|QZgc`7F6%pXhgy32*pAc2pB4eh+Pn z0<&r&+fvl4kUPLw0NfDp+sat}|@@u`b`JUl%< z-ErO?pZ)Uk^%;75cye<1;_Ud@DSCN=j$XcadVF^L^2I57`4c*P@lW*Y@r$QBh*0Ux z`y`|$7YNcRtm?jVN=T`3?d6jGSQ?-R$KxE22^zB*Nn_Z^Ch3%NxlH0XbRs&XnG%Mz g?)cx(Chq-n|J*Dc zVQyr3R8em|NM&qo0PMYcciT3$INHDUDRAUDzr=G)y=>Wzev_`_+G*=EiQ{WK?VLMn zRsxZbgfU651Snfgdq4YKcoKYyde}`{ajm8n32bZt8yg!N`#~ZUIxvbTa-I8A>V#7q zJ~}v@#)#7H`3%Oavw(sB)do+m*Xtc09f|+!h zCx>5w-X@JUeGWC%Q6nZFhF`}cE!&~w&6D8y#=&&Tj;k1K7IQEg(0w9C|8i9yV#!>yr zZvhaah)~Q(ycmHQV-X#7`B24-cE*^6Fu)y`1YPxa3+RrGK!4B~bWU6MXz@T|PoSXI zTFU`q?X~WcF*0bs`1*CfGw5}CPVYraVp6+eTa+ZREBmG~n_@9$93u`p4iQ7Nt18Iq zErZ}u=T)cQ`mL#Q_dM6rg#Y`*z2BsbCH%j4c+@NK|KZ7w|3Al*XNXV1?L0h1l#KwL z!NKr&)bsj>r*#M^10x^!s=HlTrV4G(7I~Umc$u9S@F9|KIkGlP!7b z*Z&;)38I?{fVJzte|U6wc#>QHC;g-0Zv8*Uv$rS34lW5z@HB~qEZExH12;ztGZ?DChdp}2Uj6Fobgv7usaS$UZ z(g@B(TYKOZA;3@&35l-zafbW|#k9jBzqKa{X-K2i9+)J)pMBTb1CC=_18jzXha#UW z0u(aYNCaK&M8qlEK<{fzp$H*78U=;Za@rUo5eo)?F zmjnR`Wyulv{A+6uP&b%CIvW8vcKd_F)*c8JqQD41cz+*wtyU@)kBnTJzH0#>h1N48 z(*FQ`>?z?M2pPEr01n_3jf5P&w+H@?P$WMANOhmZ6olmAKSU{a78Al!0DMQ7V#@e_ zp#SRJpVAH{;;U=`WQik#r)ZhCF^2B_1B^WiToOc(;W73xTku{{?4cM?#25~zVw(6| zO5h-geK5yRyiT_#AlMZcBcD9zRuYQ9UlC?A6#o^tNgVT8*4@4`6>d81{P*z3RIs=y(7TJUV`LI_&kl!Qpt&KN`L|?!oaZ*MfPj z=1xIALF1$2$>ikl@M!P~_0ZAr>8ru3-l2PP`05DqP4^XakG;X^k@spaK74g_JUJZ0 z$;o6gIEKAf#{zPc`2IEVvAY<7%gGgC*D<0fWRf(J@QhxO@J2Mt;zUx+9(Z_oa6HH$ zaJ~i!_CUYaPb++&C?1(t(D%v1b&TiOM^p5My3mL6jFyrhMJ^|q>zGWiugDnywusOO z+$15x0lJX0tSAlXGb&0#81Ojbpt-8 z422Ys&<1`@VkXCjGxHHR?U^5R1dfglb!$Iz!iAm(+=Ma`WOoEWBEd&EJClcXy)~r! zK}YQpnB;bbC0l{~6~L$~@t)wRV2TQ_l%I*#$A}||JpOlageQ2KL)<{`80Z#6yP^C5 z%nylW0B`a;3EJn!MG|?jrA|KJNL;?S- zMo9c}6hbY)+0WzR7P0T;n>Bh7BN~yABD*_cIDO1nq}`#>lg#xV^gOFa(DO<<^IlLL z^!)|UBZAag@PHRmxkC8Nnjej;&j@8_K86%g4#4_30{{G%1Oafwk1;2mUZ>aTi+8f5 z*#1ZAg##vp@MALc&6_cdtv3o#uhZ`gI*0XeViXXDGJvdCO?t(F>Mlt!p?pY$b`P)_ z77Od#Pbfq2w>YNkN6cp56Uwd-12_aOqzEiX0%mZIz>Asu@<8Hy$>U#i1o&?jdTTuZ z4>Rl|kWfxSygUeHg#*F;ggE3UVu2=9@i$)V1qByZw;gaf5$!!-Ix8?b(H0}%p35!* z(44m-hLSUEE!W+j(zI1B2vqb?k&oWf>{5EvzJW1v0>q$iWD~`av>0Odah3HVh0pF7 z#z?^L?#(fD*bF%wqN5-RJe0B&PzG5-!2_gV?8ERLjFAg@|G1Qc0Hz=$;1>_|3 zx%8prl&re-Jms7?1Te=p6H_ZYeNtkU0+i!K$=Jtq=1|q##D`Np)*c5*84Nubd%*Qc z;&EXvi74<0;utb1A1ehz%&v%sE<=Xm5c-!a@G|d%nwp2}Zsrpr!{7DK>I>)Nvjlb7%Ve>nQM!E8vR0kx72n8RHPf3jy=O zIx}ee1w@7Sj}o3hr@n`>Cy^2sz)R>!J+)Z4P=28iayuy^`<#yL4u7+df<>mCJHFbp zGcAt|6x@-B_++{OXAdw&;D#hZ+?gQAk{BJxX=P-JIGu^12YTAmA=j@u7VTrwWeT!-SD`<&a5)G&%wsh0OBKcxZw{&IcxjSS&iHGm`k8lrVXJV$m)|a-p*s!Z9EZ zA^599LmWkjSv{i%fbgC_V5*oV7Kha__B<4VF7RR!MMzTD!wiM00lpWr8KL$lQOPjB z^T`&SA)Zeu@M`tqku51vnjqR89KIU#M6;NJ0L4==4w*g3^nFhV@q%GV zY5BA#P*h^>9=O0%TUPLJkcj5=IYdCP zs`4(266$+K5-%@K^W`mJUG-aTSYnDZLU0g~5QSn}3+<96y~}*B@1m^dBUdc5%L~46 zIA!tX)s7_Z1`n*U1(>D#yM?4+YAy-JI7FT#P6%i+nczpxVPE({6nw#Xfok#cLZ7ns ztkx)uMQMv4rh>t$<6s2=X;_KI--|3$Ua*Flx z%71>9W5G8HtTpsv8&cTWMMViIt;st%Q{$2Z?Y@5aXP#jP(~s?#rTJKZ@IpzMBOI&YBaNczH5oq3_pHc~>H-%{j2A)F&YdL_8{i>5}KNpgjk4L0#t4in@6%cvhql z2X+SOJ?%m-z#-;~$5D%@D$oIF9ZCZD=#nsOk3jph|7y@~ z+GjJI)Ybsi^#4py2*_v~^paLfNi))GK6g_1j={J8&&3s=M=83?%{jDLn%)wGyxqy1 z3^5bxII4Qt2gHC{+0lr+f?gr3~H&#*cW_1g+&j*14_T8@4Z-uZz;tuES z0c60(_gp|Cug5U%WR5y0h}hx)1PF$-3a3uCzZ$x&ZLV9tM%4zoz*fcaHx>6>B?Ip2 z^T<_h+?gAV3Itt>2y-K?AD}4?4W_!X?Pi)`=0;hSZ~!BD!BEiuCSKFdB;Ie+nZ#?{ z83FDcd<;0_@Ue?Riuex7L3!jM^a=F9cZj^j3=O~qWN@sNpnH2}vm5(l+6g2SaY!5V z`mehELAQU}rFa^04go{vC>ueC5eK?T;B#Q;IYNQtOcC*UJL2+3w9^7Wfqg4+`#ay< zEt)n08yAWKC^``$0OM&ApimBR#KjLrDm7XH*qhF@BhL4Np)E2J@a^qeVY?{0!K8N6 zh2qREE_YZA&*G^W(mm^y{B2}phf?3MK#f2<$DG|5G0B_Tx-P>3a>j{!j~E?+cCXXx z4G(&qUZ4Ln5P$N2_)qa`c+fu>bcP4RgMQBd@liNsGYd?=cQEK39QF>5dI!Va!Ex{4 zq<3)IJ9yPQ==aik6#tB}wfa5rpZrJt+dJr^|LPr!e^1)2lIcO=9LFRSH|KL0W2r_m z3KcP8Z^C)1Pfy<%^|n0meEa^rdIO}G_iapqk$ENV`(niYjuu=Xv)(Jw(5|1Jqhuw= z9Q!gCec;mtL;(qJ5&OiquTK}o4B%4>fO{NzBapsZ{WdDC%fXw*#3Z!J*Dbh5$nVfu zHzK}&>&}pu_?({p8_iL?0LQ%`orhGWUL6N)@KkNCEh{lsECouYUIcn4dl8V@Pm0iY~~3{4jq`w8BuC8H^;->TXvPJA42 zIF;tchHwJ-_#uRIh<#47BcN_})b+7l#o+iUz~K#o-r^RyB=qPff#IBB58PvE9KcTv z`kL(l2}J@IbQc=O9E1_*Y2a5}I%UK+w+ce3g5o)f0hMH+?iQ8&%Eb;Y+_Q$q6qkf9 ziWu!?Z{r~4oZN|s=WxJXjj4r-S-ZfIORas67HvI{B;w_SO!DTZ1p2?cdBl`a^L?%k z_TvBMEt*V_%SNDmMKqEBaxL^Y){86h<`KCGLofTCV1VG25_r`wx^pGyIuwvv)0vbLzjEtEClMZmrE9r=zWYlas0@@;F2kx&V))uov~tZ zZ`XJFJxM_k@yCnaGY*&2keJtUlrafYo-7+20S#a3H$4si4#gSX zEck$tPBVO1NXc&=Bfdv#AA|I(q9_zm?MDRmlkXMs5D$WPZ=mHH~lsg9VMlTzhqmW^fg zJg!DUPu*xa>8#jl3DIOord>`mDOWZZh&19GpU^I{SZq@uM*aejP%2`4BfDS^g-pxl zx;5aD0OIf^-IqcMg6>T2k%9+yR%G7~B);co9@^zQH2=pj*O3xa$HLUw1ZA09QRF-= zVVQ?i(5j$RrNguaxtuyj;Kk?90Ee!hcnGvJbKemI3_9S~UtiP$(o`pbW$aa#)-}Xa zutCcafc}xI|FblR+mnLT?LB%h5|y|I{SZ>fFr8p2Z0Q~TEL=Rm#h-E@E12)vV`zj_ zhT;H+LQeTEhAz5BF%}B&bwpP10I|6LWduy{9B~0QVJN*Y^7wiXrjaBJ<#n7n9Mobm z0*Ae<@T)jNQ4bHKxTTL^D=hm|?sL!_yR`x@|6x-f$W0NUBjDpOd6YQ3#d8!QaRK6q z0mI@~6qB(w2Hu=U`FMidh3lj4o>ApHq6ss|dwYN~7_%h0=I@PWg17h`V&=EFZjh!A zQg3Mhc4i3rY<50F?)^1nv$RG8*=z*bU0LAgw)KU?LO2`@kJ6WXwD}VJ{_gHtzvbcp zhW-WeVS4Bp>aS6jB8IkVge1&-7#OuhBJ@jlvl!7C@jbOd_@@cPei9?=69?z3X)=S8 z8JQJ_rD9Bq15z>?6+_XN1^~H%P;c|YAZ??|$DnEe3~Bx;N5EJ%bNsdbRw52u-YPx#SgGbVA|>7<ZZmFBG1#Jj*WPQ;jelXz34hVMemF_8Wu;6;GLGYvpoalObYj$Ryq5Y15x z#zao2UBSi%J_>A-usJ^9a>73!Wt(;BA-+rw zlpU+$OJf8=bzhjjqCgxzLi`-r!J&tcCoV07H>yvj=ElN}5{J!V!kCZ-Vl-7pNN0i{ zyMl_0-#m~`JF3C-Hvn#w2$e`+y$etv{9<4A-eKivBF9^^*KDOig+1^tVToW4=+X5P z%Ec_9-MdE~1TbNQx{zbt0`{*_)lF+rtE}{nVwo5w8o)>ERbTlf#Z$!2uRnZ9=l>eT zE()1&=oPwE%49+n>ekw%v07oBPkcUv;wgE1{j180@ap;kUoRp}vS;WWE zOIg2hl*0B}GKtLnf$pf1SaSQzY0t*zL-h36463m??q%opPB}N4W9GRuZX&T|%Vbvo z0b((BB?FHe8LY&K@cQKhAmrj1iSf^T>-U9htbwEMo-&1VCM0&08;adruGeyCJnOI~ z3)_b`%f{`aViX@!mj6+HP{v~)^?Lfq2s7Rlnh0&E5{4)qB;ms>yXD z4fuJT;z}@UAszP@{a){d_35Vs@y&)N!OIvj^s)rd=hXZ8bvsx%>Cg7B{~QGW+TU;O znE8s#+%}L3Z~%RuxByZBg^PfLL$NHNi^O#%r&L*{Q!iiz*o_G#6V}y0wP-BY|2y^8 z7@Jvc_2BBe%d3AF$N3ge)-7hUDcYzQ^Az(oHPoP0ws4m0uB~L0ZJ08vH72t-ocIX} zT~x5!R^m5*4ZQ#hNew)pv4}UNR8MLTGWLNL#&+mY9&|E>`3hAIMt?8C+o1h{qDkT_ z>sMLa5hh^iQcJNu6cDc^wvVTjU z_YL%6=o(XR;i82ctp!kaz3E^U%uefP^$y-6;KCS5^{MY;ait|i1ml689ZKc+Anoq? zIWPzk#_5d{2@}pW!n)Rlp;%#Kq$Cf|_{n+5M*^}`Tsp?5-L|#e>ae>rBK!}X1xaFu zJcJI8oK)ig^hjP_XU*Z>V#@f~2n|I#xQGJCz{3o?v!x3d)Aanm-A?IN9URdNpSirw zND2J3zeovAuwNYenU!`UX+X%!Sjr(seBz5FyG_5GZTt^UI4H+R=uaFkEQsbv?+b zOH!wR&#fqWqe30pv-dVLiqhv{!|9^pmI1)r4B;U1g*c#gLA3+IP!Ulp+_a2}zUTxO)YdkQJe)7cC;GGK%wF?4X0;fHr}6tru- zO*pqw1!rud8V!;5eo!J}`-+69&1tB8F3`BVZUZb7r&)7*S+MB{3A-sSnszP1nd6ux zlI3^zsL~%=b}(Eh7B7t*Ot!nysX~W3uvPf!+Ibl!0g46H#0-Qgy-V(GqKqs%@~sbVN8o%kT24PNKHZ%hu{@ zQ9!%A1{2j0@Dg>V9dLO)KRV$59`CE$`-VrIJJUZdyCpPH(GC;{m@pD>aYekAj_f2f zqIlM?6ROLyPub3VddBfH8U+9xF(`#ylOy>3-QBec-GpM^pQ`he-YTu5?)SovJbTv6 zfxg`YHno5k9o+en%T8*xFPLg~Hgy8gr{psC_i|vj4WSw5c&!?~F2^?Ocb)ZGuIont zqeu{OwhR2v*rt$5{X7;9`TTrU^=vw`@NHa9zm^~R+d686w!>FEVap~%# z3DfR*OE*svBDr&>4tGh6yz-q>Q%$?Q7Mi!uizlr{loP6m3`61+#k=!#AnEEDvKb0i zL2(bfkp{}?oEwisshd6Ro%V#D*DxAhz`izE-l-24zjddKXQJ%X@KAJVc&Og-&$>%m z7geR~tWo?KmT-dt#HCK9S&;aypnnu`Z^QSh*9J4bb_4at0(H&=`-6a=WIc4cm)h)vHAmx)Zl`ezbeYYXbwCsfE*t7NyQlx-xEJ%d{I%OSUV)$Cfz*;*ppo^p1}>e;7L zFfLcoZlt8G7pk9GN&5_=Xenwls#>k|%$>-Ls?v;8L%rvUXEV`whj-gLq1Eb6GYB=& zovw`$&7q_eu=-$U>0rwSuU8hvQ6tD7eT|=Q;Gv?byw`9bH1Zs?JBAK(qw3M z839}bj+c6M8B>HG#qpGnlTW4~)}iBN%7IV!*!O|+;r6EgNsa*o6nn^pF$Z0WWG+l~ zCWM?0iMk|ImcjfMmBuLdQ9wf9gOL+Xtz;Bc?*XK`yB!@1?cCsEM^%#kFu}r6oz#9S zDvy@%hZ(8-wV5gvE$8Z+QsJ};*HN!C=$KGHP{+8F1mb|IYIYgNfj%WZnKD9|hvM8v z6SDAiJ~m?DGeP5fD|VSk>m6S>3gevH#*sfG5O{M)=$!= zjaY7ekqN4(-2$>`B&lhy| z;sCsGT>ftoGVFtp`h?sk5ip?sFYpLJ?u>}o9(vcZK2sl|2n=|+5dGg5|1v#)N4&&G znQn`zlOFDR>|>RdOd>0t7wqJC!aV^{vkO4a6A7&u@=<_Tya0h{M~{!i1p!G>+3jCYMGKRgc&Bx_A1GP6^K5t;wfwYi2P=2!6IivU}skK9Ap8yi!)MS)& zu}}p#F~MV`z9NsyCOE@^4)|gW$Q%L8bVeP(M~GU&os2i27QJM<9nK#z3%JrVJxd@#|Rxx zhJ(T3>FJ?&=)&W{1fi3|-Ye+!2Hs$R++J@o>3Ju;!$Wk4UO^Y0z*m#w-o!gP85pSP z(l@8?x^-W<>VdI<(5vA^nxU36fCGTT8H%wu2J>?Qr`<86dhL92r*X$a^R7FCIGiRh z_PX-&)#yNmgaK4i={rG+8s{t$!uCJ!|F1pJe>zQoT@Q7&ugJIKwkQP$e4*St4+nqjC-oAWGc-<8rWtibmXO;o;A(%&NUKp zF2!}?tstxaA!FSGb?_1&vsch1*=;0IrvBlX6gP_8%eIu7O{J3UH)Z_QtiP7|SF!)% z29VtX8f*f^Z9q-56~#!2;4&alV7<~Yi3U1|5fE`?vVn}6))hhD6`Lr`xsC{5Kjqrh zKgvd=+fDeA2^Zs~p%yo%oT$BA*sc(_g-D?0NaVekqA*o5Ka<@3g-G5NvbU1Hh49@U z433>XJn8obsCS&od|ByxF!YY$aMJG&`hC|Ox`&fjlfig091h0A)8XOC5u6N8PsT?c z8c&X29lFpRqk#vHPCN*Qz0)HDw>CRJFu7*u*h9iF5fi!ogn6Av%cz8=%qrw#@ozFV z=MD9Tu5NP5SzAeIxIT$OF@I&IG0ifHxhp}=n%fO-)@ zvaWxVak@1 z=mhL`7*Wn_?d(G)55K=?Rm?_1`7jMQ#VMS+F%-u4e0ykD6p{$FMGxD{iM}K*Pd@5a z3H4{?)=Vp@@lu6BIzP=*2R({pt>w1phGjjSExKWcPcClT0d~s-ZgqTIV(l3ko4o7^ z;~fdH#S}{yej0)BZGI{%2v2G=#l-8B!6I=ai!qwZ3lq*K#nv;4Nzh3v{+o$m==vz9*JEH4D-)*RMfuAAAjZ7T5`= zu0FNi_$Fro0O{Ss9L2&4*^RNVkhDIR1|tL_%N%uM9La5M3_aTpZGxx3Q8#YtCqtA8 z2{qGi0B8~fkjwf>s6<{tsnV_>g{dM{GNN+iE2wf9q#6&=BtX{urMX=J1QU3VGO~f4 zV-Hg!dx$#-Q!Vr?cvx(bB6=~N@L%XL!ZDIoG@l%&BJJKMF!AA3+N2^Io=6eJrFfjh zCW4eAPt%u5d^W*8-$}UmB?4Q2k~8@q7QC0ZgF4d13xQ9cd8z++-Tv7A^%J0c*r?nI zs}c=jYQYjpR%09!VJW`sR}pmz<_#~rC{XrGIG+}{U(1IN9i)821F@s#@Z@V%t_@(?Eb!KEc%=$B_G1Q0wRbYD*PF$&Rx ztR>ERmXwmJGozq`>t+Hmxb8jQY>zAu9) zCUa!vc9HpBgux$QZPmH6C2#bUJs$)nlL_F*O?hAbqjb8)6!3M)--{H?IONA&&X;W- zTANHp-u)f+fMRDdJp%!Uz21S`#k3~J;Ga!dQ-#zquDxAJZl%gg`9c*KC%Tfg;dPHt|a@H0{ zmiE#C-3N%7L7-Ko8IrC)LCi@bbFX?5s6 zbH!;y#a|Y8Vs>O3Tc;{qt9aqtOw~JbkHRdj4X>b;FL+=o;u?q=%xhcNfVB%mtA3UN`8N3`Z(6RySp7h1^e7aq3Gm6CKuN zCaTIol)vJx%E45`QbdL;PZ98%`; zx6+Etf|_ckp=XrRTre}0jnTct@NFT9xyk>Kp&2VdVM%wtz$}GJA}dwQ*(#Z~irKCT z)~uERLe7Ao#CRZUbg-;^o!i0QGH-@TI_o@<*Fu>SLJ5|Y2paFC)g2eK>ygaiP~N)n z&shP1VBrYRsdJB`GnQJ1;5}RPk|on(I#}X>R>slgY{7z2vo~bdzD?LtdZqspak`;X7(z( zz%MQ+l?s;=P03Au!(049mot~0<@T#37m5w96Z4&@yia_(+eCGjSe{Ry;vRA7En?;l zQ8~62uMew?IhNe`<_FC-c(AT}_xAL3-+Xg+4j|FD5DlcIs{g-!a5p} zX0#&fueRiH)Vr1?MWqWUw=Rlj$y{HobL0xA$efFR&b>~r4k!V%itAB8c^_%h?l^`b ztdLMrTqnLSEkmi^eT8Hn<2fH(t!KFGh2-17wu=z9X7$MgBA1=NW{Iw7Io^()e3kyT3gOS#TUPwp7Lyb5; zz~Dzgl6(&M%IAF%!Aaz;Gr*KF{Z23-%$ zyJ6z{;1|`_r?n=Y#RypwuP^YsGQ*gXBD$3NjyH1z3N3GT&HpcVXc$FQYM2A!acNB$ zpn0HWJB>NA6aYqh3*@e7^tVcrXLOWcI&+273a>6}+bZ2QoT5-U5lBs@ybCWXGtc}7 zxKKe>stoOf;89}iyO%Te-OHK!?lm#>-K%quvUH^Vp17lx5d*Bg8bgqDY}&=a>56)e zo?FNmbZ3DXqv9y#vc*X#j?#3~RMxhOo=Z7ct2@bqN7KuNQX3OV6H$!jsTHeFrc*8| z>l)e|CBo^oL=yWZ+oEnrGoBG=lihj0>mgUhgzZumBdG83V8Ui8qyVuQ@puREJzBJY zwG|Y5Ex+mOqXkL8gGgg6Sc|fM5*KddA=DP0LdkT_alA#YXq@kODuN?Fco-{~7zroM zjExZ(`$RltM|XW%;>x z-N*@HNE}hXYV3^^TS>g zlgGsf@V_G;E~YU_LPMo3p_`>5){DuAxR>Ese4N3xF2sP;1AtpbVmL+M+ywiSQl<)6 zdjO~`U;=+yUU_G#UUBg0mlQc`sn-!Po;j z6BCE@-QV9F@Xz4?fcFs!MZCLx`{1;fL1)AVq=GEcJgqv~MrJ`P4WZ!q_-8Z%{qH0p zb5>SUkAE($=OcObZ<+lmiNXU=W3BA)1w-H)gL0x2H~-3$lJi5|fZbKIs`vK5+0Thk ziOWRm9`bC%XXOdXi%hVOGWCAE9Vx~lFQ0|{W`qI0y?5XP?Z5#3OhU0j&^_(SEkQ_p zO5mGN$E8>(MhY#fkLJC2YktXIz9Sw#zuq9|{m4h)9Sj%MW3GqRQ3FyK|5kqZ3vz{l zp{0n7PNl*}y+Xh+A_fg$%;+L??G02#@@bjrtHMYGI`T4o+BROg4dInrjwDO!MooU* z4lWifg+;&9?;KXCzKZ(j8rQH1{Vpa+Gy;QOFAeM^M5oFR8JQ|~1G?g6;;{M(ufi*~ z>SnL();M?Cm*B~Ir4KN$3f!>{^B!{foA*E{a_zv>P8 zgOj7LK<{a~oP83?VEk2Yzs?qLTc>D%mSjM@wWJd zv$W6!$A{ui9NZ?834Y{aodJeIPy8*hJeSH@Y2PI9ybhdZU{;xJ@e{8ScD`-Ye+7$kjKwktD7cs|p zZ#%6Yk%TVFGu{TroPsfOA?KQu1PJ`y=yH_fjf{E?VIT&}h(nnnL=E=-KFXb855jR61j-pk%y*Qd~1{S4J>T zLK$eX-Bl>1>hIFkt2~@0%JNV)+)`;gh#U}^%|J$oOMHf%w4#;z9*AIo!B}SO;Ui2N zaRULUge4UHuKoKE)fo9-82D>dHB^>W z8-D&=22Dolvr7V9Q%b-~tMOvIPPJj?=g)w|)ljM`R@ZQ6u|l+Zgk{OBB`B|vvkm3Q zRgZNkkY7NELl1=v41h&tzy8|FtAMrYSF3!X=gFT}Z|**Rb9r^~@%GKl50@gM=(3)q zeO_L+*lXVC?f>3>JiB;zd8HsIr1hus?{D6}zsr8B(oWYBMQI(dltq1qOo|Lw9uJqT zLs2NZ($pxG@L2h!4P>olEV)=t4oDNURd9z!*k6dEwSC~PB*gRb&i%JQx3q|jb=px2 zWG%22_n4(pigg$Fg$XMb5f|l_+(!KphpwM^H3Cm(zif4^yrY{fi?TQod8?8T|CAsg zYydF{FE2VR&VA+GU!=o&gn9=@@}4pT=rQuKih;GCBKw89Xk zwbD-g#Y2-fY3rlc_OSX0dMIu{Yeix( zIqD1zOBKYRdU&g|fj~CXqSz|bkp*)N*(^&X>cf>1-%~Q_^3~VQM-Z>3n$ksW z6A(>N$WxGw#A-tUvLt1<(RjrN0ST4$)UttN1$w!kG1Q)f}6&$(OzEJSHg2X84b6sr6Jeo6>KIU%YDC4wAX}`XOz@mvrS-+<&t~nev^nRXhIa3@ zw3LIdO{?0CfUGYn6@pBDX%bT*&g|0(PQ|9y6{S`m^?VR69joSxo{3!G&Gl!dZjzhM zRUVn=o4Yg$+ZR7$xv-hP?TqD-d8!%9n~r~Bvy}CW-7`5_+Vl3EygoSyI&|F;S9brl+zu+v>(I7J9O;IpM@i_@1zG1Y#e%F`ZP9aTHuVWv;5S)EZ^a?H9rKF~&w428nbxc=TwadnY_x+3SOzRG4Y z*coIXAd~?%ixJWv`DQu8>blQ|l<6zJ5?(>mE3rE`6{!+3V-*qxUKR$d*BP92dSb|` zt^pXFrmB_+#6D=3-o8ndIqwdg2~+7Y0unqRF__`$48=`G?NW}Fu!c;%BWf-qMafQD zvaQ&B&E<+!@kUuhTL8>9A)oZas8oN@80;@VE#f1EU$vq^x}3_4KxJLGvueryYX2s_ zwDsO3$3U23sap{7Qkm?j`vWV)%&))l+W8k^A?Q!ao$J?MyZpBXYPvGwZ#fN!ch>d9 zufP5`|73opozH|KO7BT@`Wc|+!U1-cBz?OjQBwuzO#R`wx=LM|rTpz#;fJ`xsoLv) zmBC-~ZX_vvRMt$H`B6>7#!_Ftwq5emHqt`%K=Ww`EthIZL&ixX^@mqqK8kl468)`> zopw**X>9)|*wI?%e@pEDddGvqLEiqa-#^^h|2@Z3eQb~uuJ?$XbC{I`wtBaeXUEiw zSf^p)@`(WIII@V7Iu1K?Q|Ps@X3nYAs|9IwQq_=ir!##kSIj?Ktv|0k|949C{dgh_ z4VPaPX*^3x(p-^R^A=NBg$l?IK<+y7b4#9SYoYYORuVNv)UTATrvu2;$>TPQM^Je zH#1A!JEbL_l-^dlZ7u0Fb0dwO@JrVLGB&`KxzWn_W|8Em)G(XGGdSB0?3>`6cpKxK zcy&12%hM$h%CE@>$lO_K)VX>OB-GGCy@D&gBZGOKKKd6e=C`(~|naVx`?xjkfo* zSjhaKP6XL(IVu8F)6UyF+BXYrkxkx|dDy6p@C2Zrz)RJnHrM$D_$b_$ zDrMfE&z}Wq88NZ&iBpM!Q*JGj(`WtGC!;^d)Aamrn5kyGG6$=p(u#?Q(N%3MIsXrP zy?*ZeKRh`(*`5ENedT^E5oqa1 zvm+D9sIg>krOvL zPBv+*A~(HQL$yL=MvR0aDzARWWNybV%dJvI@)Tf_{c2+yINsmU1RbY3X`CJvnZ&oL4!ym+y$i zNU6?yv?;K{#bEK~bfcA&yJ_@75j@J=GOnR#bWGQ_0i)BLBA>Oj4xPK}uwZL+cE_yU zqn-`UfBz<9M_3AXRmAO>_^9k4xa9mdI2<13&VMJz!(IHBXL+9V{3ocxRH?cIXmoDe zS3XdwydnaB!-UO9tT>;_+hs{Ek}hwEzjeu_khQO^eeZaMwg_12sEAbu{O=^1#?V6t z5uq&oz<;POMJSHUqo*Q)w?``DjUzSc$|2=I{1V~9kS8Lc+6f57^py6#i`QARaytB1t}_b8i@Z5M zM)bwMtRAE$ivN6(P^7-CHi1@xGd({V5h=&X&ZKDOg~zheYp%zC<;kP`&)=HYeu>Yv z_x~{tJseImV!)F9zkhPv%kKY&{XuW1|9zI{&$9o2Bk6J{2K=$a0OBL1KhZm54PmqZ zD9VLfAOm$2SMrE#BAZ;Lk+!4(xvi-&tJwp$!vFbSwwG`25V(Z@pBx_@=lFkb*xT9v zKFjm_<^N+rdWP5k4;gRB+^e1DH_=wFzej9sCs>s!TL`bglm8q$kGzD?$Gwc#;Mw)1 zB2wD<9#YWOlnVW52K#LZZ4aFBpE{2_pg439xId+!-{}up05ImOpx|c{hT?B=i0KS@ zBhYJQMqBe}Io|dXSZ~u=x(rsksgUEG%_s_tn_Mj{qoo4orlx>TUp>Ro?7EB$G$M? z!j;ol$*zAXcd*%&UfzaY-P~odOwI4}#S2B{g|{?%-S8M89~92>V=3u4gGi=?N;Lj$ zOoCDF1CT*j%zbvrH|Zg&_o!4>%8^uK`}Ic_!#ClaX1lfe4R{JD}Sp)SwH2D$(uE>La$=P4}MJZsQ2NwGNDULkAFUb&BjOf)i+!_ z-+PLACJX#}LQ@9t@=b4b%o*`foEP@2muuo}gMA9LE0^S^%ds4MeHWhP=3;C5A3J8) ziu#|E!^5KfXSmbDFFOU$ z^D2PygD%x2+CzMM`jVA3HUcpxNSH7zdu^vRPYZ2btz);X(v&KJp|PjDs#Z1uJEhTc zDvk1c@slczmNoW_{oK0JsJelj(rBkN`qL_nwxa(DWo#R{#}qw4mid45`UU%+L4T+J zd6wrH^*^hy8c9$&oB1s(kW?c$oE8j6uk7}}2&dPbsp%J??g2pfWT<^q>RUM6w;6>( z%@`C@YNgE{TUwD-M?=oo-6BdoXjPyi_3MrPfy5ui&35M@@uz;avj0akstW+LZ2vz# zKFRri9`^@>-Twa^kJ|t90sjBi?+k`2zJFy(1oi)YP#!3;+WGCtZ<O*;!osMA`UftD>BEDj=0mvZB`;33i4DI66N97{%iZsCM)QKFy07g z-CVt6kR?IaE!?(k+qP}n)3$Bf?rBYP+O}=mJ#E`Ox1Z;|@BJdah>WVptU7sq<;L23 zt=f%Ma`*E}@^kX?%kwJ$n|myQ8**r|L*>-?dL9#f1v0t0d{^m4mi-4Zdj409rGijd z?mJG8!rWD)WHa^^jZy$7$OGDpQ`(b491_`k?%o^TkqgAHh#dOg0Tdo$M1*LP?H@k7 zSQy;Y<0EPtdGg!&qn1bv`NANL2JHtKsJ&hCCg++{_d=xy=8xo3nFNOn!-{^UT ztz2>hcEw;K7JK{U`r54x08MazrCAoh?A|ZNUI1de`w76p%fI)T5dKpzpX7G%`tjRm zE9v4uylInOi2z;1K3ld(kP7y3cTd{e=CgO|&X8aBsW;;7wU%-)1s@QQeu6j)$RE24 zXode|XbpPW2fqXXzswUnZA|+zT<0&NTLecoT7SE_wM^^<@Nb<3rl4Pp zz#f{luh8kE94oenc9P=01P&>m5HEKXpc;HKCwU%fx74rVr>g`# zxe5*{{J?%h*-rEDSehs{V$ZF5_<20NzMVZ)iMWdSTp3J&vo`;!KJyeCA>o3VU1buH zR=lqp`PFiVJV@Zpngyi~-bPY@CIH`r%QkvSEC^EiQj?%OMmC6NCV#LY+Re6SWe&Icj6xO6z-+e# z5mPu~H&L~y?WZcj}q0fLhc z?R=zkn8CsykXXjM5m$b^Hu+;GvHl=-6Go@P`Jq(ub#&v!Kit+U3!n-_g~2r6S#wdq`C$( z%zGoA;Um(U{?*Ro)r(Hxb-Cjtx)5IvCyz$!0*l~*V@tI6xmK@%i%@+_XpD*05B5Jc zh2rZMM;Q7WfW~&0@5c!%LbSgMhJ4?R-~C52qUfrZU31nR$U@mQX6xA>l!KwFFF!J< zlPrhrct_E{q9uK5;o)(FVu)OK;)lzWz-)f%cUo9|h2R^zx`u75V6}_{60ACDd-eMx zZFB6t+h|-NMYK+Tcm#jci{}35$o=r6>5x`L^fPMQL!a7o_$!}e#F48c-c<<7sQMto zJN*hU{E=UjvSa^q94($64CA%pD5E14k)m%QOI9CGM$Af}Z`h2)$*5!%wWTAo4m)ss zS#x;p`}5A_jv`@gewE7F9?4Q> z)vhYlfM~toi)%m=-Ms2>qbcA9pYZ6bHvuA|^RsvMzN!h3QRN~HIr;35tzSPsl5hT0 zyZK~R-a)_HVo5j1zWsokR zus(bL$u!Q6ZUWwaBC*!*`~&4mah#JC$3V8RkOj#=j?xneRY%Cb1I88bJm8}G3Ow6h zy8^nJme`GuwB9a7&A5{2I3O zAF^annAtU%km~Y`0i9xToP?p%HD(F>qK_dKT@){E!b`rVClO?zMU-pVCXeBcFm>lo zfRPmF055B1owrm4CHgO?&o~NLt42%O$F2Um@^6dutzXP=Bo@^_#urN`pl=enj{egp z8b@v{<$T5HS6z|uEToLzAzvIp?=HIM)|=MTD>|4_0pqdV)pkWSGFA`ynu?(R!qlwo zRH=@alhM;Ow#g2!f4uUsiPRO>+=^_J*kMSK~8;3&kiU(GguKEalK76Vju#)JZxGB_4dG_F^=BrHpkOM#72q@%QQ0#tD&` zRlA15i#cjnD4-{rNnP}ljNNo507_tHXe<)R=45OV*rGSD?Tcw zG)e=**05HpUrphtjuv?AMRJ(hZ#XSbbzv`Wu6xr|>wJyKEdVCO-)AyfA{OKbIr!wt z`se|{leJWvXLieM*g}5`$2CD`=SLQ94d+|K3OHJkahUIq2aBhVRl{og)(rS?*gB6qFO9pW?TI}3t zUwUj6%k-4tmI5tn(i{_lcvjt5lS}STn`>Co7pkc)7t#|)7J?4SFI9_31Ve5~%F{LO zr|>baCu?6e_lVKa?z{2%S4&?OC&k>oUjhH{;6L&}72^@{p(rW;Qii1L6l_j5;JNsh zIrMTVI7W-OkHV(cGgH3Qn4*)XCjHZ8p*Lj5i-XQ$$TkHv6)CmI8x1?usnH3O|0&Xm zBZJ;~LnDM$l&EzwAE{FmNmE4&76KUyKCJJ!JHy}MICzGAN|Xr8Fa#MN`V~{<=~9Nl z9X>C6WM~4Al%bWjW)d8uq`MF?7c@ z$OLge9y7TnnZB(r2EpCdHHYV04UphNykvr3) z=iyLPRc=OCBoGMX5qa#ra}P~lkXM8>c`u{TUL_-qTVETHU=0%erJtoXnCSjHH$4v-Uu6=bt$8`!g73@CU zWdbm%BJpK@(=EUpu1r?HfMq?3<+YG?#E)|Y{AuZ-)Aqq8(iNQ^{UJum$U08?>P%qS zGU*O7NX!kQpPKd3_cKCTii44&SPX}yU6aEhc2F=^>X4qHi`&PUT5sZ1h>TNF#I_9) z26aAMY;m#=1(Yj6x~v^-QYm?xE%Feyj(Q6jx0!mV{Hleykcrj`k^>nszFepvSb}Bh zU>WV88cbE}M`4;iF&~cCh!CzgbrzU^fWfDM4r$4)S!TpLmSBIdSggydyTFpaEmHGR z4{(kB(&|PqY%N>r--ddF9l?9YL3oXbX?X5eTl$8hrp3Hw9ejCGDNI$nPo~~xt zAA_DvTgq~iW5{LaZM=3rZlf}1S53^L^c3dnuVKRVFEl{YJU>5)lY2@lUOak#h{fts zCb>AmX+gIS67QXz4l{kgJ@Xx=Se=J|T{Mf#0)K*D!eqG^egVv{nXmnPFU9nz1+ zj>TiNqnd)gPW|IsBVm)=M2FAnLac`L)(gI%_-t?4$`hlyWFh+E9DQasvmo%85#&bs zD9slAvNyxJX-HX}MFKA|iEr?T6?93CckZ)T*AdG4RBR>lX-0LXbXOPHd^wC*W$^u_?*`4sK%qV+PZmjUlKlkso4)FS#Q1rxFM`!*adxML%>J#gX#h~x?t zRXn7(B;em5bJ)_ph_T2*g5+~2pQqyLq>O#C{+DMku;*X#W9$b7lH~;(kXH&g`XbfX z+w7gN8mlW~96k&gQp9Jk90S5j$^cm@t1(sy9}m2>VtXF%M%$a z=#4v9UK*JNF0@ zOph1wIVnjmuCuY~T6K2hllU51$1MEuB`<`VZH3vflZP(a#g{~s%N|o1 z&{^#=vGzvC%WUe&H0p6J+AF2S^}b%juzTn1LIaF`!FwnUTEM>r(6OF#3PR9L0$jAl z0FGREmxn(&c?FoS8-%Ae0|90ub1em70IBq80u2Q!AvFMTddUW&3|#2$v(7o24LNEm z)z#oP7Vet&dou&vYV3In8sXXT* zD0B5TT>3D8pPO&u4sftDzxSV1M%6?8(2tR_mFLOdOAa6?{W+3Q4oz> zW3LJM$7`H`<5mY8b4UXkA3s-lXKnzJgGJl#0qK;j-&wd{)R^9J;$^sYD84*~{1GD* zT@v0Z_G3CSQ|ei`R~8Vq`0d6op8|PtuL1k~_<-G`0Izh)(N`3QQGiQ9fA`OF&pXCj zuj|#006?(|9{^b7%f1Daatg`50*oBl#&!WYa1p#eAkb|5yzWjSDj$6@tL4mj3=qe! zXN-SWrmORdP=5J*Tx>(ip_wUX24U(6WlprTrlWuLS@Y7PRS--ou=Ihit|{JEB_8rt z3!qF(Kq5$<@u)1C#h0ag8f~x!g^Z=jZ#-Eghwe5JoR`ruM6J@8^eDVSZ;jLM%5B>V zNq{~THatr$;=XoKv3)HUFY_m#0sXgansorKpTfn}57wdeOz8F|h zRvBbN@1NQ}hM1~0>UQlsmYEd{9l7IK>biF#hm#Y-eN@=Ob+S+Y-+&uqSRQ0p7VSCw zzxT;bHN^inHleU!+{+1m#!#c|lTxpWrl7;63P0N__Vv$|phUkSLeP05u%mpV#QT-y z#I^*s?Pux#4f?;{p3#H9he14|Kz=qrtCK~$^-(~(eS>9oG#vfL6&KJ3qq4OI>KXd} zX!FQ?0q~sXUw-!H9ldqIe>jLDZL$Gz3VC4sHOan{)eA8Jj~C2=5F-8el{!Gac%9cZpf>#^fcuj0 z=pg_;e6;h^aQ5Dpp%vg^WA}-xBhw2fUH+uKqQ`RsL1a446?zBKL|?Z3_9r)hSpp7W z$2^$Ef3@%ByOr=DVW62Bp3 z=-cu~@&YaREJnxpAN*#8k{gWN#`O79vCU-1KNzLhgbkb#o~CHlk3ru3p_Iz z>nrsimKXLqQ!0=BO!2j1n4Za}IAitm_Z&fy{9hT~`zo%%_l{Dc0hm-48$n)@OrDAw zQh@}a?4NLdlQ$@RUWH8KT;=^MVyUK1?uD*G8rEe?8m;2hRIH1}MSp+t69XkQqYgTFMZdk3Kzb!r={i#z*j*)7fJNpm_DkXda|P z+9S;s=xr1S0(Piy19JznFsZDh+r^X&{8)s2+4_W6>?E76ucoFLSP!9xOvyvL-zf0Y zu|`cIAlR%Q4ma#_x?0nsrw!dlKJ+psO68zzb72v4tWH3ZDQx$J<0lz1p=~C)y^nT8 zIrlO;r;dUAo^eQk8u|4jXYgOO5cS#z2l|UNQGT2CK7{vG6y6M)&uOv-EXBVA0=8DI zuFBAZ$2{wZ?PG-~|Rzh7iR zk}C)W0%{1cKzGVo6_?vfv(UbP*YM|2E0OibVX%NSUF-BVt%2Lz+|lR=iJ% z>RB)EQG)V;%i5p45rojq)>CcBRyK10Lh^Trnr>I{PU40PH|ZfVTMfrBJ3Su!pB$c_lb7iEJfzrBn-Y%x!GuH zPzLRmoeOl%Rmk^uk8SA$%MU~LYhr|j_^}GZ`cnE(VLA6@b7j|L=(YTlT)aOgUmzH2 z1nR%tD{$|*d5bn7RYBvsDah+1v>Nt-gN@un z0)~>#bJRIn-5L zJYo$2+7^HW>A*EOayA9ur9LpD^)JA<^v<^n7uVU%^N*Ld{V88i=6$^zQ`>Ek2~4b1 za4x_}MPf(2&DLo_0BEuXR%x30MRp zS2f3dhqsi{A`(CHO?jA~_Ew{*tw6T;wi;sZaXoqDjgUnR&FK`VSL7Tz3owC9S$5mY zpgH?h?hvo;0oXPwzJ4&{GDkoFAJ*k7z=dyvp2_3&O}Cd7tH$}6I!UaWsg|4kUUm;v z>$)?PdT{UYw}g00K7W15XtgaZ?cK+~e6i7;SkmO1wq!)%Wu)#F-e^dVB0-`DehTz+ z64Y-VkgMJn0M#gekyrd3-iKv$7jmXheqlOHsq6n1YwCZ4ew=h5jk>Ro?Bze|n&9lt z0SCBLKN6JD%#Ty!;`^`Bs4GL>*5CFRZRoq~&=97iy{E%IYOb`~CfU8reAg$t3xpI^ zJI)p?Yw_3K*{Kx}U&}tdW*MYb9%sB*WXbfFTDYmh`q}!z)tZcDUvg!;Fs@9Q;KKAM7Ry_3?j|StsgD5S~EAovd6m$qv!o z+UfVjQ>cFUvmy{*H?f~x+ci&DCr!{F;&LRqkqb*s z&(GBo2wrC3H9K2=pU3y-`v+Iq*@O(@V5c}X*CHR26EyP@()4E}ZC|^a2^N?)47K;P zashmR@8hqJ&QHzgoqZ;+roVD>tJ-a4+|p)+mzDLeNGe>ytyVyQ+3c`uk4wid_KO$A zGAX@-PfS!oyT$L1)4EfDpL16yz~?7AWIAAW<+YC`5)C`Zc!fZvn0f}orCa;lO3dlG zLUel9KEP^Ew^pd|3mt)ySla=5t90i*$g=ihc08QnlDu1c=Rv<8iY6-ghte1MTk}8p zf{KE4K+#+b6oNK9#JvOI;^Qc&>9wufp_)`VeTzDiNu{-p{J-CJH$gAJ<{Mlv|B)#b z4mBp%QSCt!W@`=hQ0sF2v1~GMpQhfVACmKq$y(`0Vd{fEJH6CocqDCx8$S{^1!A z!TZsB;?=?kpe6j?W;VJq0lG_y)+^Tbp8nVBibm@6tb;B28%j{#?NaHxH7l{&7%P3p zXf@nxdr4`p)qpJEp9TCkhI9Rqd>cJ#{%v0p8A3MVRf8QneDO@ zRFITSD|etrm*M`>RT7)|?l_myXlZ!*l}7vmGnPO3$JPd}23TvTdLh3I2)Rkz*cHcI9R7U%=3a`++8(T7eO9c)Mjy`96|Qh0;n)Enf-IY{f7&c1rHZW0(1_UTR{iYXc>lc5xf472(~MlZ z%ZgF5BC0Zw#azm|z7i%+6`R=Dg|Fdd5~PJeDLnGWz^c7iT|>A`X)>9(`9^E~ z-TIhM>3Bo`@Ko8gI=oND$+Ww<^u)yrLn_`p{k>S$wuDgxI7(?1t*EZo;TKBHL|a3h z3_1!teMC&C>?Bo&y+ntr`bLSOLKnO;jmC%Zc!mJw*Mc1ilbu9=+|@un>4%SaUk1d| zyBL*U&5V@+>*q=tHP8Z$B|Ou5&{*P-hEclGb4QbL*1e$Q`FlxI@(7Bzj?O$)wIuCI znVkqN-c*YfIbtJowJE6clI6yEp+i-b(?`*kg8d)BYL7zpNC4OQ3+y|<|EG5$ApLJU z=Qhmy+mR4E=^BxvB7WI<%2`HH#_U0Fw0}?Gwd&cKx{G3Y>FkST`!&CziTbjS-Is(; zI$tO}+KtURl26M(mjEA@XIZ za)3oqb&W?&t;i|B;zoaUv#nmd|9kpxU($0dy+gexCHeGqcLE)Cy}PZXWCQP+B4s|f zMi80Kut-T@;gG9$kJoRnIqw!eEOm$`z4s>oS00ZY%wGYJ?q{0vC=={Z}f3u)oKI^?lAfmnO z)x9#{_zw8Hxp@Rwms!vJYV}I0P>RZ~KiSE03czQ*w$pOR;2f^84$|Mg^#*-j$!2Nv z?{IrUjjPCCPJh>yE8{fd?xqeoqhFJDSmE&$5x-Pzdp#X;woZ|>PC?6aAhbyb6waei-DCBmPE1X>#nSiyO0dbdl*rZs}=abCpePg)d}o@g^$Sa4~~Gqc%`A%;hA zoi+w)_K<6o868gH%JjR_pwS0a6E>SMo<&3wcW49O{X)S#|GZo~#uKB_UxOjF$ z&CNyM8*!Q${q%#70%p*6K+1diTo9h>7vM!hsT# zy@_;qG3zGSkVkpkqPa}gNXHB|Y|%%zdU5x=iwyHWoqf9?WXwVql*BKwaDP6O?B zBoHhM2Z!i;O8clbh_M&uBz7A0Qw_BHG3StZUZblhi~5sj&3t1I8uXfOvr0bqUoV&S zwAk5u1C5j^t70W!X1rm3bs>Zc(nxZteJWkb=9#q3{G${Y?Srssn7>I`p~Cp><3i7? zm2+hF-MoAiaxb?vl$2kO>f)V|%EiTnIPDKjXep;&Xg)1@hA7x&zk+P1a7T!m76{EzO42Ef!kpnFAD{a?mMYJo z;uGK744{kD@AZ;qctV!t;&;ZMKjrL+?}MR~Z$)Q+HWQrzl2Pei8|n;@xzdZKNnR&_ zEZ*y_npeA!Fn8!&9EY;g`cRw>%tB69ZWgfbpiVS_ag$S)dK5x$dnrl2$VCJ&Qc#za zMuvLL0;ZzzT-xZcKS_DOd_>4}ykE{1)z2x7Z4}ugR1FrY*p8XBIU~(dkLU8Kz30*zm8obMZb(EN=3$ji_IZ zGW%PgkE30NblSgh$QCs)X^kJ;z|5Ut*}u8wLXq)$Hm%}5VC}VIx(gX!vA&lL=2GTk zR)dukaMSwxr-ee7`sfgVoVW z)BjtY3i2@v?$GCL-9xqk$-;N*$Rz0#bsnef!}u|r2(`5%TDypl^H(#YgVnx!kZ%>% zQ>r542p{&;A=%KiHq)h|GO3CDj0W1%S-M0XRI}{eed1Q0X7DJ>9|V>xmx@s3=;Y@> zyl|s}hvo_R%#GBn7*jH;6h>Wx3f62(Zi&4V#5S&UFHLw}T%JEz2JKz(uI*#inyBdmN&FuxssI0%7*Nxp>tAo_x`DnnMnb;=LGF>j-s;pLQVL1(J$c1fN?1$A38n`sWV+NOBj20uGJp4Pvyy1CVr)+TlsR z{rW@<-S9$DW&@zw+Yq`{hoix06r84SaaGTA|7Z+Z%H176pTGR5dCOzZex0^I*o+K$ zERp-pfM-d}%m!UPvQi4~SrTSZZf1Go=3pTD?UJkRLtl!t`m%lvg!QmQ_!3id)8DX+ zVk8=h;vk*y8Tq4RWxDYB0SE}bUzT7AQ&NJVbG;t~M^xV<=+t)sf$b%%LRG1Nr^dHl zp8NdmkKQnqTYE@R+w3|+MgPf0L^juWQRZJk=`kl{!K+i`0oLEv#KX!_^~q&u9JTRv zitNXlo}V0ML|K9+s)kRGvNEzLPj?d*@dciNpM{~lDsC2JSiik1?8lQo0bK(D%{%?q6E zHMSAM{0Is}H6wT2Z|0o9(YAX%FRoO+bbo&s&~Oqpl7VBMm3Kw>>gQ%+=gtzEZ$nDx zt)Fvl^~{6)6SS~-JOVUinqL`@SidnuuQ!liWLzKA8{hp+6h|AaEuG&sFz{xAbL?QP zGbT1QO0NVlM`U#8ythB?$UCTW6K#bJZH}F2wQ%_hHw9c9x zbj+nq9S;k}m2+w|Iz|$;lnvI9lb&bCO??IGw=yUa6ZM9NPUfqHa)l=1k;qgloe;m2 z%WIFhQJw{{+qZ1xF0PB^$~HVtK*$0vT8(Wd)7cyiv(-E>v-oNFlNIt(Ot zsdPE(WM=-mr>Eo>kVaWU;o(RGL*vbb071$w=>A;b+Ww30LjbWO^&wt@w7$|_GHO$6 z#;d{=wlDZ*Hg}7CV`CA}w^7OE2jXj%_dzpA??uDsmjiqDHXUH~jML-!$E^Wk4?HPR zlVu-6pTEQT&pSMCh|YjOyfVgXEfZibx!26{4mn+U<4(zTq%F8s1z#ER5!{WhUe+W_fk7DoWtvR!&Pd7u~ zZ2A$61Y>mWUc`eeQQ1|OCnR(j>b;;f2lcl0R9}E+y+*K^F`t-Fw{FY4mgJVSQ1;mg zbLvyxyXA6b!Y>7N3oHpNuN-r(Tp#4brVY+VZB3^%8tfE=Quw1wfGaU2ez;(HGjQoK zjh%Ej=MoCS2uuNaCZ}|~VH)pP_eo;9M+s4$jr)Ole>F8ZF)a)QK0W=Dw4ud91%z+o zm-dLMFaN!tPi`(|$IPzY#B5H|3s|w;_f3Gq-e!tL#?M|tJX`G%3F2-0zIndy?H`{% zRypSFg4_P)7Y~(4ZBsxCDgM_=%Vil-VS>C(fn-5}U}dgP)Sx=ZIke;;g%QZf@}L$& zIKFE=&H!8Ys{uvDLwZ`N>@~)Mp)?D>;YhQ+?#nxDzPwCzg7lP*^oeYN$Om(!1g_y~ z5(T1k+x#@RP}??=j_O(`4PU)3hi2?@TSu(F@MQY&?Xq@LWaukRiDW}r2A#SDKexd+ zrR8yhXApdr&JDV@(m=#^VbZJ?sRQ>W(8&gD+W{i|W9db1$yU4X;f_%Yzhb>qJV_(b?T3+DWu z4hG?ktUdm^qe6>vv8zf=l5^6$yqaN+I&(DqkSC14@*b>SA!$e?VF=S~R&LDoknJfV z$C5&s{JTpi5LG>y@PMZz8PqCv#KIk)(ieFZP)E$vp1p&)?!dlR1Z~Dl=xs+RVdx9T{fSM=PkL{5RYT>0I5HA$q@;7(*O1 z$?i7Ca$hmRhVIBPE-+qDCWgBQT235#^>TN%J|7RByxz_#g^UFg--5{xzgX=!a#<9s zNzW3zP!X=65x`n~N5YCb0^A;2HPd}q6g{vx>*`obcF>PMgTQAHO${1M8X*A}55rHp zy*a&MDWCV-5sI)Ji;u1gmSTV}!B>DD6Sd$URlF(Ls^{X>t0vqg`UIU&(Ly*!cw*p@ zG6viS?ZyYgoX%u~uS(H&GK!d4Hl5k01VR6I>kDem)i|5hRTHz-L%@pDNAv{DckQ~> z$tOT}`#T=6DM5V;m`HvQzt*3`?xLA7+%YcfiX}T&r0w%E*2es{c=qlQ44?)Ebo+CB zJJ{640Ge{|;l~1K#;aJ3;RPBwiDMc1)l!o=FroB&l);+uzN?{~{<>b)2lD-jO}pKl z?gCT`SGI=$s#E=3!@`JyMw5)B@Y%gHkr3fU&v}+`NeMS!JmuQdHzo5aQboyrL7PM> zMqU)wPln4ZNq657!$ih_=OX_*MBO!+Ex#g7i0vPQ>3#-fDNGnrMyUfh85I!nd&Fl# z(jTRg(Z=bWBUhT|?)tVP(-AfMxk6N-y>G6=J6rbItYk(*e5xkmIc2{?_jL%nhK6jh_9y#%pFq~bz{QGUv5%BdJ z%S0VTmtofgtyf|IO^kIF!*dQ zl0Sn=b%C5C#BNd{{GMe0R+h?_>uw-zAw-^dWQOU>CM8P+hL<9@ZJGn8sJyiFxZk@q zSgjLz27vqF-yT}wopv>}5df>0e@_S*s>&aVnbQXXDi<~LEVEsb3qCW znXL(n;-gk+d=R!G|D9`&uh!rr=fT(Y6^XhK`jbKIK2lsjyINqM>pj7Y%eMuHiD{Sp z=5eksdoUEmO9Xusv{&>K#Q9@}ult1#I`nj*S)BhgP1< zb_c)AAng{n9!Tk4pC>ua-fF$UYKbmBh>E(68#d$=t59oOqZ%R=7m9X1k-1+y&@a9& zLm&W+b`JRgNuu>`z1)x6icO`FhpFKGael&Uw}|6<_ar4IZcJ4IajGju0=pUhPvKOvy zGS;}ErYE!b7q#8*w(L2NIwEH%tha>&kWL1k6kM&!ZZ8+^G%}{=q48`^DBl~iO@!!i zll?;rDL2m6Rm>Yk1qTM9f8Vm+Jz3QKa02pB$q6-Jh;AZ$jZ$9ksL7#hE_7;Ng`jOi zcfdp&4%N@%J%HA7hXAkc{CD5L@F6qA6--s$_Vg`gPBL&{!hf@v`n66#WkfpQjiO`X zAd9ac*`Mo0XLd98hNtKbf7Z!pYClt_p(Gnr+(qSxsN$JUrb@N2u0>bW>I&S~!XWN9 zg-{T`#i2e2uCWs$(+?j46-^!xMf60-IY!$+^#n4CP#5$N$KM`@ z@Q@8WRKVYnu3l-F^Pm$V1g5yJP4W$h1g(6?)a0C(j`f2Q3}vOvR2=~Sjl%pZ9?YtL z&TfD1r3kS4>mR7)h#sX*>{jb$o4>GK0-uz@>J%3zI&`alU(TFHnO|_2ba9A3DR3q4 zWk0H`3=^B7ytN|4A>iu3m!L=;eh#F7T3 znMRK1Ie3gl`pq>z?q6Ok7G`PuI8=ypU}eNKPKsp1$d&u{sc%a2LB4D;QUxZ-qB*yd zF=(=sy)tek9mVrV{fBYTkot5e*#sr1+Gmb~RWhT79{O5W+QY*o0Qh0U*n zEO9%oq(*szKsyqb4^dT4i=WC`ajDUD&GxIaCJ^XjG& zM4)xbV;Oz3hno8y>q6t9&Ln2OhOo?fz#O4PblHZlh;+n9W*IPNjR>QS$EEF-grk(f zX{!Ikq;Mpjq}E&VLTq$jPDCt87ztHYohJ~YdvVUr6Qi6G$1g@8{5R2(SKSVg9L$jf zsOH8v)ckBW4oAE@ngnV*SH1EpH*Bt&ECAJy0<_rXv8t09F^*z027)HC!QWz8K|j)k z{xr7jLDb6trA@S^SSqSM;88jd92V_y@IN01n|%oKQtMlkT-w&-M%^aa0EW%=j^C^kQaCkC&`Lvwz@xa(%-KFeFuPd<6szYyvGX4wIa@ehI$!BlM;aQRKhGRsi z#iQFMB_dKPvDLz0vwU>oT{y^-avOJUPDJ3?0k5@Y&8a`2x!CK7c^g$dZFx?#c?GvjbSYN)~yfnbz+?P?tC6MyQsEUV!SoQmL*&!1Q z*lqLx61zSwXYxag$~OdOiIu*;$DFbcbhtMJgC{$RW9AnTB<++aZGtNGDCz@Qg6Das zn8I%K?%QI%{oDs|hbKTonTnJ1W}Xs7&aG}p=SnRuzY{tWRCy2kFq8Y2N1$(%5-lDR zf&1;h)3uSzN1xC&{mVybi?u66-O&&OmoYMMeMb z_V0(;``Pi?(ws3JS1~&}sX-Xb<|YM6C&@2rYln*ZJ^r zHt;<;7wb|LZdj%MIw;>3b-gfuFG36nceDtD*19mazC zO`G`i!wix|zRQUe4O1Ym4(ASnks$+0!9pRsdaL2iSAAGdV*Iw)qT!A)NbZqFd zObmat*3L!|B1LKChKNl!kHoITJs--Xkmh;23=N3|8_U5;X@&5bc4{@CqoN>vp;5kk zeKf{Y-+X+uV!Rt^8CKs$(}Vw;&@veriT0OD78L8*5|hnd7uBx|KVxs#U&5sf2PiN+ zM8sr@T4`4YsUR5_90fOc(#UpoWgqyEC=&aD(C9DknDu8(52%f_*v^kq9oo&5UL{0YdMWxD( zOBJJzbNvdOE+ahy-M)(q%X0~~XM{EUlNqj1`{P;6^W=T|;lCy?nCCKYa6ZI|q=P|a z7hY~32VGb}wwuVZZ1?v9S>8kxZsi0Lv7B~G3I&P|f!QFUtGt2Qd88x<3S{jbvwe+b z1@ipcgn;X{|J{P4$u=1#H+g0%O*g**=Z>=)EGxP~CVy#7MBV|F~nJEsJuU^Nd!iD$uU8>^h8=P&EB}*iu{o$1Gkmk5mkj08i zKVAaX3H3UqWXWN2pS5YuKP<{Mt~!UtkSk(eYTD=y&;&aWsV|d9+uk zE2TXOr|H%gquI)0gWh=+o~9-z>X5ZIk_1~|96OjlgPB8;Jom1~AaP8=lS~ST#sQXZ zQTKU(h@Wv4ZTFg)V)Qc?NG%j1rpi;U)MGSZ>e2<-Ag#( z?Z;M_aEbv0bU1KvSL1)$5oce!t)kND_ZZJl=87aS_s4Da=3k(qa@XMPX9>8Y4rQ6n zkmN{{l!88klowD7wAdF_|J&jRF0B5*s&rO+*Fr%;ss<=|n=H{ke2BT)b_hgyY|KEc zS7IvkZRFy0B87$$9%_tuN|e_~3D~5e`O~9==D=@xVsVQ6Sjiy}ACb1X7>H-Ns2E}H zB5(AelRjT6O7b>A(cm)CQUO$nBucD-*LFQte$2}fuxDiSlaCo)dS zE$ZZyt`iK)Y{esa4jlrr+TMY!Xw&{P{oBW|V^105T8eI@DpZ-i2xjicmgLLDh=vx)d%RBVL(2f#Ge{^>V=x!2PHloS= zC6M68Kz1nm@S~u$o8!a2(|hI!MG6Eg!IIVMDH7CVlSxwN!bpwuif4rwbb^M~t*UA@ z>^qeW2f4Sfmx8qesbmJ{y-}AKqY0T3-3IoT(FY-7XA}-hmPjXQYa*fk4`pW=R7V%B zX*9S)2<~pdJ!o)ux8M-m-GaNj6WrZhg9dkZ2?V#(bH4B1J9nn)R!zZ>ltB+Xp6t60?1MdlG zcUZpEOs7flT!2o)T;&S^l9aZ@g>gIzg*Y|(4XxELZQ0%ggUgoGubL??@YjG^gcMeY zy~5~sbgo)UzjLa`WWDG2sc$ypsU%G|I>n*T$}nB(B2ra4mogav=y8L(77(QP7=7bo zI(OA6rXoJgdIMCldpKK3S)z+jGF2DiS<({{^H%WGVv)bUz#X>x=ul(63BU=;9o0cD=sw%h zr1V^?wDP^%0T8)-vxEVJvfqs&A$-8UXelAClD$c}F9pSmrk~Y%po_@+q^u>O3NJ~> zk>Oq$tn7`@CowjgtK7D&w@MaWWz6JCdx}jnX1jt13~qT+8rJ&6TppWpdf0z6AFwGJ zSemaJ=bzSeirag8yVLb+2@8a!cg7@->Qz7RzXVRs{W+Q6pgD1OsTt>a7P5oGwzRwR zzI^OpJga@Cxfgm;dnGEDLXsJc^5Zs{+n(DL0$juVB&8OmA=+;h%p&N^-mvnWMp-TO zj*~wZzAsT4~_!)qd{g)w!_kJ(rq7QMrg(OyuTQuARkLzIk1)HqD9| zK~k?8D83?Qyd)&MZ@3RWe_#~;ILs)R4sY>4ALn9y_WyI>_UG>Xwc8Nn+D0?p0{+tC zH6(NlFNcwwO@@U*pb=&uda)tjCe5mxWOH9*3Nl^pERmhxB6yC1* zpzu&5R+qK_Z~n)y4wl?}!P@i8ku$t@^hq^_AX9JLm+3?i-v(q?%KU zI)<-5F*`ciq5cLMjn|#5dVNFxmi$Qu=4l{n+-6q=70%-|ijca1jbbbM!z8qQ03K?Y z9v-*A-UJzkU`1hG$?`4H&#PQ~MvB=nmHNyTJ>C_;jI`iMZ#EVL>8nB-@m{9L&S**; zWw_8jW=HM6b;OHwyyM|fU2}e?DSdj)9xAwf<^rb=mBggcIft{XfwCDZ_+R=j4S?cJ z=a)8a>*lrU)bEcM(}UwQq9S< zuYRSlQ`RUj3>-aWwzxF!oVRX$z5htur1SmvMeX8cCOTZqtk4QN6>+;0h1GNG+J)J| z$d5e^!xH>1(H&tWD7dq^bgcf;<}_u2>+U=14)D3$@){Qy&QPR0b&-TLyY3*^ZVJ*o zkvXM8m-xvA<X_uEXB6B771AKRcS|;GLS2%vBg-f@IOXt8Fmy%ny_fI)1hw3Q= z+Qn%dfx0f$RgRVJ#`8#GX~`!yG3b&fimBU+YYg(d_wp&BqMYG(paXsW#Vek&H}fVmukC zPUVL>E8AS}q+|wr8KmMa8lJ);Da~~BJsYx`MCmZSEpPduD1-t?6EtEkRqm0t2mG;VfC z>PSX)CsluxVm3RN>h0D!Dldpt)+j?$Ei?5-tSke+PW~7_01q!`qqjUY*CPGd3(&bV zDp)eGy!FvC-Lvu{2^L5avww6FX`%LylZuWCT8zG&y72?_pX6Z2BYk!Yo3rrR;>VE) zadBh(RAaE2b72+`7K zK2OHu6BGk2AwU>&QZ$5DtEXhzH8F)kJp5?}kLn$YzP#-jjxWVDUZ1q!cNJ)1A>f)L zaiClk?M=BJMOh{pjdr1a_6uU-kcns(Pl;O}4?%>)!nfElCFhqRpQDDGw>wC$ic6*CBhq&R=Bj#FmEx5&tZy`l-~x+F!O9OTT4iyr~FQ z6KbGBTvw$F$+`@)2pa{$oq4`eX2y|=?4jF7CX!b4&;aH!!zpz&BVX~AvIAqBJ@YjnJ=SPjf)Wrj-BM5q=(z|7lT5w)EVW0J`G)w z)6q9hG%6{Xfpmv&aeUcg&=+!OsLj<87czw&ylBnAJD%JnahA+hS?u2u?7KYFA9OSaQU+dPuO4?5qBz@-s3wR2BIpfSy=w!ET?dab3!$OO@6a`W9o@Hd%_+3Ea zxxE(6<uIILac>NnljB=wKm1TP5PUyG*E<31EAcgAIn z4xcqA%KSnu)!UFYODR?s{1^fJBGGkSEV0W|`kbsJLxV3O(XNHR#F!jb{$lkm9!Sey zRI0V1YEXnoMjfR~xhM6Lp#MfR>yH-1ZuOx}KgFQanMy$pp$ZulR#m_rev;T2uI(fg zJ@pP&RJ+^AVVEUlyG(M7P5IOal_Fy95Z|x5+N(+9!~utX9nmjXQAdroH}=OmNAaDi znrn40Z0+hjyTXQ}7{(jzdhu^xwZ$c%i4HKd3TthuBV;)sDo5@d%VaZCVewa!?bJ27 zhU)tm_wH%5crD9P#2-3O2U%FfXxJ(zFMm@lL&d{nC7o^a&}D=tnvLk%!kdK3q8L}; z3Pt^(I7q3unI8BNF0i<~Q4zjGzxTOzkAwftXjtv>~GY@x1IqMkQ96;C(JEAgeR z0M+oJqSp%$pXbkjLW*#zLqE?yBV$}`%%_rR==33 zGs(dVSF_{SL)%X>MQI`;5A#3>2ChH|nA6VzAJC^p1d1@WPsR^I?3sx$yzM&i_S|OB z#$t>>TjN5HV-)p=y*lYl?oOS{9(`&H&y?7IP5!+9WifMg;Qev^KpQJpNG>0=JR9Nx zn;;ZzpMuDJE^cRZ(?uP@U-TgrEC|(QMzGMT}O}3U@uxk}& zyU8{D=Xpv?MvHP$XOl~7dMhgUR4EAxlS*M{^aUtmi_jE_*(V`!Ooi+F$UB*lJjK61 zDZ^ub!9)h;sM#|gmTi9jTYOi)c%U)oDs9?2Wx*Yzp8SWUpy& zYpl2=lf@M{b-4Bl%nlmoL;Ba9K(vF$knYl;ra9h^9%bTmuL++_;4voDa7m*rxphZl zG&<+_tR46sgnwT|bi`(9;#SoJRVdpdhf)P_pM4w9T|2b~F-$}> z`{!|oE+Jki``sxu7Oj{ii!y4G1Jzx=X~>0nm11~F3B{6>NtW(%1b*rJnaO|^5u`Qq zkq@rq13C7|gXZ|O2t3F-l0?W`Ijj~nLDHNuAl{yr`J)#1#lbiVDc%*EQ1Bn7T-LLE zZ$!E5%$lDvBx+^uIK*UO^@v^9sZp|dqeY~ryz$1WPIfRfYpxJir;)f#Rc7a=5|^Sy%WoP#u?vypvvP~EXnDndYi&9~9c^>@OOyOPeSQ2 za}@8Oa&A<|9S*gXqE14swCp45p^MXkC6AupD4OTVd}5+}MFyRlynJUoLznSPb!v96$O- zo6;*n7%2n$7wqPj&4Z?~xr%5T?H&~G>}~X$gD2#OI%K|7Rz+AdEo031P&f?qLa6A$ z{WAG74+^u_Dj}xGaR|rjr=cM+X`u^z20VXSlBn@Gc1)NBGH)91GfzWv`|4-%cRF)4 zs)(CSfDb4$$$*fpWipAjRnc`49gAxcWWb4tmx*}Fqn0x^Z8mu#a^V$4J#?Zfhj^sV z4#&?urY`%5{2(Zd#v5{8N9U0NqfYR2K%9EV#WE+2m&v$kgrS^z%H=5>CBL6hQE*tH z{8^lsz(gWd1=$y#S6uEnE}ZIlX2k!*%kaP*$jC_&AkvW#&^}2^vC>!m(q5M4M0gvt zWFt+>?yH8bZ0@BcE0JN<`7@qv-iwLOEPjclx@-c9Y!wh3oSdBE0Qz``N>u7r-y zyV?|OEb>xJ$}^wcXFf^*9S-Kj{$hqUbW*xOl0rZ7ZG~gcqmK|p|6;Rv>-^> zi!qWBc9$WB{9C1%qcsHHRF1Pv zUwenQi{Km_7m&GNP}JK4`zolpS;ua;hed~F30NPN$xy43F$6PSO#H%s!g%}4**c-= z@zUKQF4xhn+3g7zTD*l;g=^(SQlLG|{*sKU@`#eqZ4xka@{RW{+`0LpiIGNe>yY$w zpsR82<)9H##`HOl;L?w(oZYpa$p!0$az|W+i2BV*-zuRzM<-3M6!FfsF7ziuQGYec z_##$2N#PqoR0|#Iod$MG;6hBGV>X_Ky<9Ggt{2UhUGE^<_QQNKH+`Z@>?^;6-^QsW zOgiM>ZLlR3445IQ+l39+R@ejgk}G~ih}H##Zoup#O9?umNh@b(tvYxQ?7)`KXn$H* z4c096+q{?#iqT9z%xPHC7uFROHuQv?YL2?aIcnkQNnn6uGOJn>CWTXaah~qW+8hDq)gLw|tVpfai($STyW@113DJdk*3D}7^XwvTZ;3?C7b?shNF@-j1dKX=)| z%%chAPgWcWhdCy5+eM1VZ0fYQ%lXlh)HzbLSsb$6|8bOc;1A^~%ODyg(4^dDTWz1^sG!`RykPZr$Cu0za|IHE$jVU*2Z zSXG+jcW33+rpQS$OFA{B?1!xG6;zr=GmA$Oa~48RG8SY`zssX{e@bi{T8NOIX&TpO zlwVEd((0mi`u5$}i7~A|mHy;QruF;p)x&2_kB7iWL~rL?^bF_l;PxtNjDuVMlsnz& z@jxnHh&599Feu_x-WEzK3P{dES&4yg$s}GZ%yahlz+WEOf2b0gN1{eh5A13>Gs%&a zym+~{m%KtQaUC*ltbeXNl6lC9P6vL;87>`IHvCYm!UWbkr@V$iSQiq3C*q9Dq$!)X zCFWe#`gWqGwSRp3y_VI*D5e{=s%}}kU9^PD@Vj@S%@_jwyuyB6#_G9Gk##<;xEUUy zE%u_0L+fLLr>UX}w6}$@fPuj!8K0qAZOMSRZe2psd4}9D;p$$}GjhvjPPyF#{ zqHS5Xr)*b&teW#jE3yg1<0BcgN!u5SF2lF>*JUU(IdJ1QMcOh!S^AIB_#D_7FmIJP zI@N(SUavUrbIhw@eM<@}Cmxn6Ga_zyDmHYy@$m;``E$uwf=RP~uEr~m>e+ZB zJh^M!8P`jCPF&r4X$J8aE)|ZvU!=1PIqw+wod{_?4vhxiS}<$wFhRMYAmS=j!*Hhg z4pLPaU685}hjd4VYfWZ)-$Gl4+~YJ6N28cWnVKkF=E~{YsY2w>Dssu~CntvK^wF>R zAEuZ|BMqkt=+m>aIv^d76HD$enX7}y&d?RpuP4nZ59;WCZrS+di;kn)DlS|J53$n7A`)DDK6jm(RjTB5zW-jQL&Mzp3VcVxVw7%iBQGkubP_kHSi%{CpRcN`^l&r(HF z@{jp^_bm%$E!bw3|!%*JY9RQG z3?=cGtIN}z#6A!0Z+xAG(aE>FZ3F9=N8qDoaCXhYrhWc&%G{Zk6?Hw>uIoJNJMhVM%-j;YBwp9qr=J5~zF{<>H~x9Fo2#j{>~R#gWeD)#HN`JYegrA%+IEfr6;yKXmtq;uQzc9QPz~+|KtO(@6X^o>QUOC?ILzO@s!1<$&9xnu8E# z)KrRESMabnFN0(fHMI?(UqRbWf{WI9r1SS=W0F@5^!->VBoC;GQ0C}_{VFdWsH0KX>QcVxG+mE9IO6;vk^P43nycdC z?Rx{-yE}qf*zGMo&dR`?+`&Q@qbF{km*JXn9WAjc6X0(B6LG=}+SOVCj|BxQ^>J zOkl|sF`+AD#y&uHt?eeZvS2~1w4Cm2J|9k{Hbfl|wq~4Wi6oD0nM=`pXGzR}OR~t= z=;Kdl1b^Lb`K%OZYCm(i+Btu&*qiUAA6L>s!E3naaBr*Lz399tNkaP>e@iQ)&MCZO zPO2N^@Ey8@0v%0`D$}pe+34u!tUV<9dBPXJJAe<_2V&|I%un^GgjY9$ zWtKAVNarB|6Z7n>$Pis2BZacWz(CGK>E%ZP1g%YDwESoO5W>IlIOmYwPzY`+V(yVw&SSrpu z6mzrcyE>*IjP+1Tc4(H3qv4_WP@e5mCB?s4^Hm~gC}Np>**df#i(l%;~ zKIdoXr?VJbBUySDE$FcvmH^(z%QhjL2k{3@O+J<2#B%O00m&}e=pI>xUy=2boRxk# z5|Mv)-7S<4MCB7_pOBwaU43MTwM${hZ;FP)h@uh4hDAGjtlhDeCEL!w^sC!DZ5a&I8P{2gR zB4}FlL?f{`;tPAfS`?-+-9)!#K2*$Vjyk`qNOSRTdQly7gbluYC#MS%UreKZDA@Np z^OCCNzq~p6w5U66PShDq%I+WeV83S4&eLYSO#F*!?umc@zc9_&HG$7CQeKyq9K_sg z1Okh{d{FAp^m3T=D9OlFDeQF9n$P|^3(gtmNIyxqvMAqP32*k_1w;A+kGMoHYop(w z##P%i$QP|OAv2UeIu&~w61T6?Q-0}39k5DsTHW$;PV1);OIv*m)0sl3ZzB0`LNiC^ zfoVqbm@Ju~1zuRex|y%zZua}U^?mh{j!JOIs($+vB3&y4N*;+N;DfH5JQ(GqD99mdjXvq}Szqc9R zPB?llB3768t-Yc|vRvRs01qyGL!abHR1swQpSetp42CmG)HFC^^$)a^gc(n^iCdf^ zyX@ja<@=-;1?%FAII307d`B@-G=DtaNGaMAoTd5L@D}oOtq>kK`5}pELHdcK2r$(> z!nC~UuvYEWO#;%yrEr*KLjuheD*q#uS-R3)qA}l*wISa}7>+nYIy#Ba34I_NqO%)t zQx^;;Im$IsyiGB5Wm2lhH)!X-!bg0UIe4XPvqG{qM2Xag*0qZo?JK@XM5|K1@j#uu zJ^27-)VDo^D{%8)K<2~eYiPyM-_uMfwwUj@ zNN4osujMayfm`ktlq5!soOzmhEt<&}49n^SwM-Yrz`R<>o+{;AYIufMYnMi1PxT_R zWF2+$G@VC@3bAzSKj5XlWV$+S7*E1Jm#s|k2@CsfFMW5T0A5^4xQD_}foQ4G_5gyK z5;{@YbD2@|kQ(iD1G+rtNgop_Jkt3laW3KQR5FgC*xer6 zn3xaSG@cj5CsK9@s?gT!0)7RA@@XMBk+1tfL5`3OFA-WZy&J7)t0c zsQdxHQCzH-%x$lxCA5ihc*H9UlOme!#U&zNIp2`El*L`i6<*O@zePHR57!F$ zF|7@fsdDlCQB1owPT~$@6AB_g&qHu)5lz2!?y^}|#=13bt3E6QbpRf}>FSw?@R}~t z{Znpl6NJJ!jC$15nAX6pu!TGHI!vKo^3L1od(02!-Sgr}J%iI(ZaihI4J!0&ROpjs zz2LB)(MZC`Z|KR9S7kL~jMO?6NhZ4c?*_Tg9t3RGg=g3NHp;jC8M9)(& zEnFy=`@e}v7-KJCa%2Iqr7VV$BEg0^+P_!a6SQa2cCl@$lr)|*OtV~hq8{AeQXxD; zA)FZ!VN2b?M=F{7bP?6r_oAOw)NmN_ka$qr!j=8|6h-v+c;mnFy9%HOA?{GIQoE&i z6So=JymL(^3aIo~>*!u?s$@f0U?X(gU-th6S+ZA3?ODL|2QcpVLTx0Z$E%+UkF_2A z0HGt^_nTTzlxZbN%5-zcoD5)mX8vt~PLn0bA9KG*Sand;6YAW?UIyC;p`09AbWdGo zh;0}a5infI5Q_3CCud}|Ofpqd4+G;T*@hgdyN3KoMD65W0zv~#G!~lGD0`A}kkg{> zcnycBjHSEBrOKz_uxu45$uT4c2F2!@>UR8bv>!Z<#+T5~JbRQ)NI^W#VgW9nPa&&z zD4X_1US)m>L3NGc6COv#5BHW01MD`E06c#OEz z^)2Du=ZwJ*O7@41IchHhvYTgjo$t^dXTr`9PK?cgbWqnfH#e;0?<>iXjXcHQi~oz0 zEEEsvqczYA*){T~xTK#zD33l}NK0nK%5+y+v5DPVkgp32JGrvr z_q8b2A2ZACnw@MJ6rR_2kJx&6xKatK5AZ-$cJCZR#HIAIDw?VNzS+f4IpOpQNQJ@G zl`wr<)2OuKtS(n|i#~h+rp$Y{71n`P-C#d=3!pcqAPQlliAGR@9bB89AGG(_g6 zTpb81pm~PvtAuAvA`ggOEWuR>qf|0w+dWB5qI;n9%%8I`U3C3z>A;qg&}Y*BB;4D4 zX0T*!KYQu-r)<5vZ*ANh?xfMl{~Zn^Xa&nsWmz2ewSx>Z8PJq2|uLs^^0fCU|@-Qw|DX4;qUeKT0g)w@hb?>Kn8;MWv+#I zVt4#8v-V@P0?fh5q&c(V6=Wn|NxkUnKg%afaxExAZ5v;FAF88Kcwk6x7l66$NsBm9 zK>vkgB#^rs;;@M;*2(RVfL{H^-zMqKur^~9$RPr4OL$s6^_JWKj?VH}ia+w>vZkPm z_tmh4AgV3I`>Vgww%yy(w$Z<}aw7nnP@vk@V6X;O+6Uk}G#HtKS#zv)4cH1*H5?R# z-=4ajL45x4ma8{&o9nOs^hbdE?a}?ZH|Fo}o!+9I-t7xQ^#K1>Mp!_?&foRr^kTDd zz`yeoh<}?Be02t3e8fNDdVA|X7u}Ko+-2p^|0P+yfXLxfSnK7!j3^WQT#N98-Z3&J z?3qEkEiM>l*ZP~VV-xz0$XDE7=>3|weF1BMK#1Y$6ni)KLE-wAhF1LsFh3N^5dduu z18Xw>tkvuq$k#-8MD>C@F~3@s-c?NY9u*Jrl`!34{s`HeCkvy70^-jq0d#_i-XBx` zF@S;`K%_Yb{4%e9b6;xW6Rf^D=Z>p@Pd00WcDWV)A*jp+UFZEMxq-hP_!Vz}LImoL z8yWtHuwl92kKUOOLo6LOm#Z7hc3!R8Ag~#;=8w_=`_h~9=Ff0wwhP#W0J>8$UG9~u zg2E)Ut#jdD&akW7>!@`|cql~+ue?Rod;#Y<;vuSdcchOCLy%6DxUb)Y24E?~* z_g-Dkr$3h$LMIk>;u_Y0QD*V_&QF%KVDnhx1cZ+(F3KKii&e= zZ|(C4|CHO>4*)?7Fni&OwBwHpn1RjT-x~`!6ggJ`!i3QZV*PC~n-&~}%Pc04dj7X_ zSQP_+#5MpP|Lk0s1eP!A;&|eI*zPu`di`V2=pImmfJBIy@2*+u*ubCWgp-;E`xxo* zlp9In+m3gU;V7%D6)+t-0HqcT#Jm8Uuia4Z0JzOs##8&6bKpOc-y*3 zF~Y|R&^mpCs!-*rqy{&)WC7$Pb<^z67T{Y>tpT{d0sd#;U(Z?r^{&?*0Na-&B>Af0 z@3j;FfvSPjBSdQ7I7~+Fx6ecDd%@(lAO+rAP)Z5@oBa}~S7_`UaJvKC{&7t3-`y8# z??5E?i?0BfswiD>-crr-$bJ((swIVPkg?t^5FY?pguIbM1Jhm~KnyZqqZGf@E>Eok zmplIahb8^~#Q=EP!Xx1ccI6Cw#n+`5FA2lf=(H5;>t0wO@4pv!>dw#&#Iu}WC*t-f zmIN$l7fP&^;zobqu(__1Dlya6Kz-<`c^8^AF8bpy@&*oK`+u$uv}^%y-sxfU_OFMU z;02&@*#fG4z@Ik&>{%b*&=y{6nVwXO3bp6Y=-+qP3j*F$1)r9x{lNyF3%wP(-1Gl8 zhymK4Kpg!ra799d_Y6e0?Xpwc`VLWQP3qPMCger=Pvf&}MA zeFbn&6Z~ICh>XHjsjr36K?%0Ae@TI#78omYt#N&BhtehZAVU@iajF-48ekJ_{wKf# z_I=s&%gdiK2wyucwZX<@8F1dM1CEVwflHedTv*_81=44>9J|JS)`~da`2*g}Wq=gp z->Wn1p`JDJi)t?TB8oC`fp+%Tdp*lTo;Z!QEEn8rM1bHPu>3d#mYen0rDH(>iGZ>` z?2s@|D+W4(C+uPTCxzTrVm7SwZ7G#hLGUFyXwR(?J-fFszYT14F2KFDJqoyP{&&-R z1Cgjl0zy2$A@iH=X&w&Ns3Zc^w^vrErsD>|x>6^OFDa&i!F~*p?5{RsFuRyy5z@&v zXA3RbCkSTF3WCjM6DO0%dUOL*`9k4@dea;6NSJ!;Y58FYH|VVyis-i~2?X3jF{^Vj z#IC_b2G}Z+8r4GayCL4PIGtwOKUU4e5_rkJG*&6%@dp2QU<} z2U_=m7FC0fpg3?;WnR*+oRzI=JPC0>azxid_pz-UC09_o*Q0Gz7p}T$faTlYQVk~ zDgKazv`B;VX}b=vsBLWo-ekb}!~X*C+^8}I95)1h-;rqf_o+1R^xEn56YX`{GP@tQ zJ4ly8q}dLwvl~|Q1EKFiuiDT4x}dILfGIf*7N`e~9cvRkF4{`}3XusEGvheJL;S(Y ziamk{D`IM&L}Vq0Utx99%=~0I`Dhe`;^nXL13-E8zju2OGOX-ke2RPTjfG3u6Cy;5 zMZ1gTk-+vJhDwNslaGKup@tSd%v)j{vR^u6PzT@p^UDxNQ(j&`*5=^eZ14`;N9( z8J(Wao=NzZyv}-49!PRTL_nk95N0_1+V4*YYTm3e1ufgTq0VyR8SB=Oo(6j=9?_k5 zYV;<0N>|oS$(rn=#8?@rju*}FuwsVN-ccT%P&f;t7Dx(Jh;KB-X41Fmo48!a(V337 zQ?ttugMM;l()>P7ht*6hZF(8C9#eGABReDe8(!KY8&6V4hk=FZgdK8qOEsrHPJbKN z4uYsytxk@7@=pTW=+f>BNYU8>=uY`NaNR2n%w4IAYF=*D4*}L(2+;hS7E~!to$fB^ zl9ZyVgd1Ri0Ws$LEBVny;z|RW+>0tJ*DMWH_m%P`V@ZNu$v9EA6-X;AN_hW~i|}E` zSbqO-9vT0I|L`{V*|pVw^Ut;a0l;rbtVuR&#=cKH*iSTSk*)e2sZW9yCbSRS0ZkK) zBt2(vLYPQGCM<9i?h!k4B60imxWpc>T)4DC(E;q5wxChJQc_@00rc-~vHb*~=;ZXX z*ob680U8z%F!9naFd&kN{Xw)9ha_8TkjPZfokrLEKfZa}i*o|F{rQiK?*;=@TVHRh zT<5vGrts`+E}lAz_ys1ZTSO^nEbjOZK5s|9XAAYG0hcbVm~W4rBOX$CD0HnZ zM4AWMJH37OWsP5VUBFLO1GKSWce-vi{=0B`{LyoD_({IkM=YkyO~S#Jt-{KR8H zR!;NiGuFoAe3FV8rV#|(Z}e&o`nN)W{uL1XcQJny8dWa36&gz!cU&fM4^&uu#EG5B z&n|gygfWgEqkFdf%MpR|cK_N`-~kaF#xL98!VMM({shuZ`3<<~yhGoyW+y^)qMOcJ zOk0WK$_Zjsdj7DE)-!M4<-D+SjG(S7l8!{UWdaG25#kaB3{shqEt_YEN_D{ z&-S(Y`M~P1|Ei3q@-<1A{|TXH5fHa;3JZ{mqI>_=%5D-y<1E9rs$o}3I0_He3(aX= z8P1gtBABHytn?+Whfr3`NTYBs^Ht>Uwr;Cl*6fOr*0yF>jF$}L!3gsD7MpJIL`-z1 z60`hWL&kCLdrQ-{>V+7#XVVBr3SLp-s7mW9uW%YM4tA$>MhwyR>G9zB*Nrt2W@Brr zw_by%ILsHo2XwqN4YB~ImtBD8O|n%VC9kO&?w~ytNKfzmQ=>ozqG_#{?Y0nSko-}+ zbxVa=4FTxebl>??-3fU~DFC73-$uF)Pww=%%Dlou|il`&{fY zL?9<-1eiMace@b+Z?yPt?hv53%qjY7maM=h7E<(6+$M4kJlN_Q!>97dSDUGu1>Y}( zv&?;vIa7N971!IoOK*luSGeGWsiITIj3J;B}yxYC>gU{z1PBZG9OGy>lr!J{}%V9JH3l`8i9aD zX9PMMc^|8I6{_eAMIaYUlnXRdWyuF?B2D}<*X&PHpLtU+T#fEsTT@QbG|r{mDxp4+ zhdn{o*OQ_;oqq0vqu6fTq9j4Lz-|bNE5s)Sjc+VztTo}tgvEO0u=D;T)T*7VLm|)2VKzi1CE@T*Pk9- zSZtNjY|rqR*+t+HcOrs7d4$^iyk^vM*OqIT&Rv(u`49vGL)(;hzMrdx=-+Atp3vnJL zs}%;#2O)}-`+k<0HCLx@%zlK4)TGduqa8E936GA^H;KuJ>aHKsi*ejpHy^V5WnDqm zd6T~Q& zf>D`c#vK%c1@3s4n)H2`5IIO#Dey`W6j5A}&%36|u*v~OYP zc9`PoaxikBg$gQl{Z|ph1ci}xJUmv&h=h1)WmGh3;C@U!AP!F=5R($qpxy)kg!Hu~HOg#`pUnR#43z_ouN^uH@l#|LOBsg&J9Ocay zj6m2BgXj5hWuc#OL>zI@6@u_Y7#+rdnXOJc?pO+h;P-XKz-Din%NIFq_f@`m-!EyG z6@S$Xx>_o&&AnetMJXu@dG2ytPjxu?QguH_mNg@nySl%D8+oJP`z+c+e+O!l2sMof2o-<6TJw?OM+2<205@ zxpd3g^Ti`st=)6_A>tAy9vI=3b<@wLv~Gtkb{WNcSiI7+I7KkCLt^8u5^5Vn1r{qx zyxTL4Wp}G2L*%7H{x}HJ_BF;QdKY6yzOxpv)9S~feTDvHP6&JT1~GO&)HcgQjqz|d z@O_D5-dvVFkSrZt(yr-vs9Q`8xs;EBr<^^wFf)Kruy0iw~#W|gFz?7Mr3&rPGMfdVzIYo1OUtTq@>Y2qfUNv!BiKhvn$ zGiEMS;}>+kpX{f4iShC%2Sq9p7klJQb!MXX2-qr@S(~{D;vw%{hCh?gy%4p(?PGr+ z&Klq^55m)6<|SGjvwlvUAbqBrWt=|Gu$;;*dzs5uF zgLF^>9W*r3&J{vS)Kr=kiiB8(U_&+7PHC;@h<4`R-?~ zA`&QIohL2^=z-8RB z_Tp2#S(OwntHxhu%5ga)F<--#*^;&C^{F$`M*;RyI4wA@5aW8^xC$rVi;*Q6XA-2c z#@-ZRL#T@v^3$FXEyy|t4|xYhxsO7DHnc~=z+RhE7w-2~XKmU|ztR~cn}1**BXyF; znTAb!W!5lbQ-1&j;v%a;wW)RCTA*6osPYaypz+$E8`(9+>D{xyZ)Wq!fllR^@iPSO zRdROGERA!~1#zo_HEZ3HG|kDH(FyjlvHV{weN|LkP17#!F2UU`XmBUEJA@G2-GdVxg1fuB1ebx}?hb(f z!QFNCKks+W#jG_qd+)C9s_OE`Imt>&(h6G>!6k@Ms7M{_HpH^Hm?+@@q1I?luiHluZ{@?c?S3grY3xvhSa`8RA=%Rcuk zL-WV-XGUR%^@{N^jJ!y$tp;tLEE~{n#mTF)KA?HW;Hbk1?+*wN7IGF=-bax)X3qE| z87ayIm~PCn&y?&G5_SlGSDpXJe*^b5*T>Dxt|-mhVkvqTrKB3 z;OYF~S;?RWW?}i7&uP8N2GFN_E0%oog3Ql4f5*&bs-FZG4~V^tcwoeSZgGF}QbgjL zp@6C5V%}e!;12cOS5SU2f;>U~?sOaIP}0ryqWhO3M51|_>TiL7+(MwQ+no{CY2$%f z{BMn9u&xVGCkt%6ZIdw7$AEpaz+E1jAn6vKcQ0O90N#Z>o1ed49(eaS0M6WR4?!Dm zs*nZ5fL{gQrJ8kK()TR+lz}bbcg6dnG^5sv53=cdSBU%r;J4_f)m+8wjDS#VO?|5U zV-+r~=*FdJ6Rf4aq2kGJ5h)Yvs%>q$I}C9CqS_b>+(o1p2qDQ|rp-f=;~EV=SSo!Q zbIUuVHl$15=eGv3+h&BlD#rjsyB?rEIUd-)fv7XxVE|F^UAA@b?E46fBIC)7al?Gx?Q5 z`~tHBN5@BtiAMr?$|cPL3^z0Cq5fp`=`W$ zJ*C(hjow@)Wy8B|8UCec9r_9SrPm$qFC1L*$goHW`hm)vlDCc8zDe}gfMRl{OP%l> z&O*!tpJ_Y^OmzhEGDaxi_^p7PW+t(NAKDUXN>WsJs^+j@>--+G?;op{io=Vj;|>)b z3@K8Ylkj2ZeNIwm&ptU3W*Fm@+K%b@(c<}%tJ?WPC#MqW_oGJ61)w{39pg`U{t!bV?k`am%f;+_nvXO3*C z^!)MYoZm(nGq%R3>+?U5t5+OBZ~9oZEt=vS8!5TJ zXfF6s0h@L!H@6op8$MkMbQx-nFT=9!g;PJ#U#UAMs-K>0rrHb+w8ls$wnO(eT1Pd0 z0&OdmKwH*%(QAGySPUY3(Lh@&*lBtdKK)g|F;qAJGRnCh)?6@1`}%6n2Rmt`_5ixQ zNbZU!>O@rjgV$zF3mYk4e3+?QJR@R4r=~NeP12v!c6~(x5yyvL1%Y0y^)>CdcYfPC zMgCoLPRw(?TZB9wvj;9c#v^-W_@K}Bx8W9JP>;DX)%A0W>kDz&=de2}$kI}jk?E(2 z@#*SvQ9m;@S`isqEKQw@_>Nw6inp{m%SbsfEE6=}DkN4kx)B)Y`AL1qzkB&STn{Ld zlF<<)MGw1{7=;gO*@+@Bl8GB2KqW^; zy~SMF#FF-(z8FeJ*2+|uUoRCU^cU1#V-F9@PSW9ZB=|6e&J&HmDYky<^f@(|)o8pg z9(}|{e!4Icd-#RU$6Z4VBk>WOMfMsGPmGBeFz%$F=C+ zy-i@OW?a<&o1uW=5$}gXZCgrDvZ(0Ad4!3kukcXRKG8ES5DmLC_T8!xKE$YQ`@~|i zzAfgprxaE7rQ>lgY(@LY=l;XDdc!`Vn>Fn&dRvfHhGdWRgoG2F%A$@OBD%6+j}J@p z3J-!HAsj6VYxZ`50j7By5j!$(7*xwp`KE$M>?V^uPBIy$;C+VmA%COd>HY)v_Xwy1 zD2Z_F)XyKVxRNf1KbKnWF~Svhyy+I#x7`SZgz$@HVxeg@k?@8Q+xDQhEQlqn?fK1Q zN>6%8j+PS}i+FAwlO7rG66KA~8XD!vQ&KSfzK#;yN_dSeoAt3=l@P+8sK<>%+pBS) z@MmnM2{4!AkPNB*!)(Wg*++y>Xv#&bQ%w%C&m|4oUc|Se%Zzy_Jt{8|7nnmNHeqXi zDp(SM)MiAjVLcI&gnT#C3_3;Lf~9iTTiNd!u$}&O1tfp zCa}-X{Z0J{_efxt)_%@aOE&6LEuky2!TN!vx7mN0(VmkoEI zB;62YpNjD$=X1IG5_K_HUbonl>CNn7a>p#kbeonXb!>!us&!3w!%{Zpw3!InZO-ZZ zykka2LHTuC@G{WpQ>IV$O77Z=9pBtbyg@r&vEt)6?L6Gj+L znUfDrhzlcIcp4ds&Aq&t+|aj;EcmZC%_W}A zb16`RkYKl4X|m6u0>f0u>P4UYW?8#Dz;ClWK1p9iHcF=M6lp1j=Ud7v+RrJArzBVH zF|Sc!D*zV_vDL@FbL@yEjFm8pkneKWChOFi=N4tnn;$wKgzQTq``bkbJ90hVmNdnR ztkh*r{8@OGxl4yEvda>@Z3nR}depqN-$2z*AbC-nM#t1Mb>aJK5fm)57fIP8lV_F^ z^U&S5yfl(!YYed0l~5Lz4Any;OG?NRkxrLe_igT~d-&^f&H-X&5Y6C^4)&86I8u=+ z-bvZfz=(^BlfO=6k6yj7z99ki=sEoVI+m3Ey$g=s_;39C3;y**Ar7DUdt+Sb(O1T? z*V~S^zGGcS7I`JyX4Rg$d-lSv$eFfW(E5lkBob0Gh`;@q?NXyxOz^^G8WfX!j9VOB zyAWP*oE|B-i^ z6<&SDXy?DCPaO8ooYKkjy12}B&o;bHR4V-VjTEgvLd}Bf@i57#%(XQ;bX8s^z(aiq z@|>?THRT+m+Ow;&qB*YvX@#%(P#i5;j77AK_iJq@@<2@2n}WDdV(bcHN4k&m_CzwT z+d|5a%%wqWK=G^6W?lBo*QE`?s{roO55Q%;HrT1nx3>2EFl?M<58wjIyXC&zo^l2( zt{@*5h(j=));_?0VZi$OmTS5D>dWw6XIYPnB4YlgBNV$V{xX(%_;Qg9(dC=Z7&)3a z;{#5lN^yFPOBGAjUdwB}<7a`CGv%p@itGAjGTo!HT*y$FltKl2dCw?OT(cgS%o48^c!C*qw{gEoE zR=eP@)PTp!MQv}3{+jzNP5D)>eUrw{e#ivWZS#{T5^@7m;{+YAmgenPwAUQ=a6SgK zv}8Thp;)CeNujs;Ac<>=FOH1s>*$=oXKtKLN>MnczevxNwB!qIj(!Sk*Wn5T*YYsL z?)%1IcMm~0j$JO)Y(3h?bL`y)3+V>(;6!&Aq{iMX2|lAa^eja{p}A?0kBl1y6sol0f@am1H8ba z<#_cv@OttFP?$D?xkWo&Xokm>$b?Ju^K%2(dPl7w!^t31OytfY=~vIW03RY`fen9d^F6!7 zfsH>vSK>|869`9vE}2ZBga3RB|5Wfsu-6>*s^seoR=UQ${KoF^N!(iT<>&NEEEEa3 zs7ZX8HurnWWGhzOCib~Q8bs1^v|6#(Un@le?Rds9x& zdJF8i3ACC3jHK0B{;YPwmo0eKo7RFfgC^44eXj3fiom&qlOph+ zMFmdw=%DfUJ(F67vx-rX)%DtNIOqHLx!Kdo8EXS86k&UoFPP`g0Ffz`J9ZFjD>UlX zs|<4DrIsy@4YAs`{C7j96Ps*zS0lbjqrW0_G5Ifq(Y-&bYWK>tKjCp%`fYUkGrXrH zS#xQdvSIoM4RY8?+_rZW6?mJ*|GniH-h9sc#unlH)V6vC9TNVuWuL25Z(Rtn@msg7SFF_!P`%C!QK{a9mn7d4CFzs{!;^MO zNcmv_+N2XlfwPn2f#=_xNPxD)o9H9p)@t^9JUN^*^2VTA;B(XMb2G}IU1WN6O{UKU z6f-Ub@8HZOE!wRll1o(`_>^eWV5h6-h&(wGpGR2v2~|+f7o0vTCffA$HK`-!b+S=& zyMiSzb8<3uq%j6;u=On*j5syD3~o+LQo3|Tq|N*puuyqCC}n(@uZ9^kuKc5$YKKQs zs4qvgdc}{th>HJ~W*EDtdtKqy$Vop8tWDYCef*NZX>~RrPqdZY6a(JqsR2~$+hT!j zCHVyacKrem( z=f`DoL^f0e)oyuIhda{ntX0KV^T^{rer;;vtI+EtDm`(8u96Dmhr6Jh_CbnZ!~T!0 zO2%6j7B85Q5t5S6D5S`23VKQb<&@Gpqp0qm#~V3jjL&_fwuI=xU4_rM zLCKcQ0&uyOw|5jy>>aqcd0EM>XtzZ7em_qIV32IR`k03qEArhDMHr&W|peG?R_Ku-&<0rD^2B)Ru>*y2&=6-Ucn=?u)y#XlgfYV>ChY-#? zT?2-^{;1meS73q{o`3u%a@Fc}=Y=Cjfg?#UeMjG2i%0ekT9nFjqoWOQ(A{3g&+n-b z2k2#^_u_T-pcNkhM;+kO{uZ#WsQC#_A4R5|Zr1k^B)jg${H@r)S7N9M=6z-MO&dZ_t>XiDM5VmB1#l`6rgmyC7KV5AA~g|V5dn&!Aqn5h*K);5%)_7Xq+N?Ksq!)U6J<2+ zpbPzwJPoEi>$?oD@;Wqmq!ely{gex>m-1Du^?ramNCXoJ1W!s1$k6t>krco8YdnMU z?;)xvd*fA%PlJ~h7#Rk??Gh2k2a!!2fsUHbq5Fsx(O(F-Brx<80D;#) zP)847$8AA#2f~Qnl4tLtTE)j~O?eyC2m!A+0W({`ip@joAw+3!qrHRf#CztOsNd_A zUIQy7fvpcX_ypjO>)|dkm z8_O)HwO2IcZF}+{@bp)w!7Id+p4b44eBi*F7Vs~aYi?seZ4Th%+pq;dsGtEN2D>C2 zKXc|AVN-OuT^nX8cHfD=$wRia9@kQk<4R`_e&Se+09ZM9I)^M#wG?0$dP{o){ei4L zUjmqU23lI5#dtM&B_InJabRM{KiV#7bT=MEb}NhziQ<;j{2o7+G$~faS`0V}RRfRN zQ*7@}CFVB(E%#TYL#T`>K8%-LH+L0smck0qh6*+ed@RH%j+o#2n4(&5+R? zI)>FKQ1&*CWw-H(O3mvYLt?@Qk2<SzO9N2pbAb$pz{1u6 zu&P#>0=Si0i!~@e+@hyyAA#y%XCbGb8Vek|L*fwKf4-cU&$XcBE3 z@**Zu&h~K>{3W=9^;NpQ$NC0F5Vd@Y0QIpL(76ETtCV;B$44h~0Pp%`OA2JK9AS1! z@A7Yf^SkwpcZejuA3_+T*g?M(au7^3@ec@GtvS-dCQR>bO*cRR=zsK#fz!W0NoPYO z+R{LW?SD(#QM?B%|3LT@49aY>c@E4ze?4VpnG2kPqnvmI&Yq3BRyGfSO*wrNU_1O8 z^!q%>r*GGPDg^f3srfxn zsubhBehVnieFRSbw+ZzrU?U$rFpq`yOW=ohF)u*2Yh!yILZZ$b(5C-p^gr_Hp$ruO zh(FxF48fdlS_gxs9-h|~$X?P-C<*%gmuUJ*A3!?1fNuT5`aB>ru5bw8uZ3XX;jj$0 zFJ$o-Qi%FRZrOO~fHn_1&T2M zkAgi8ZxA`Yodqdk?;jy_;9UchG*Wffzva8n{DlWvS45y33DG601)9mHW@Bcbv3_M= zHsGs1)gv`7ohl#{30-NoIuuXV{*P9%OJL*J{te6Lh;S+xR|V zyHhMy1U+*5jzngVTf#6DFz_1aTGQ>Bz;7MnhA)oj7r>w3iYZd83u* zimdxDkQgeiLPQWDLE$W?a%kg& zX_u%7QkR@t}@WLT2>^1 z>f6A(BWj`pP~B7gbV24%;LPzd@Q;!{4ZwF6h_p+0!(jH7ppjvboKdU~Jz>g zxsQL%gD9?x;rlRDgpP2eFw`}awWbkU;l=jNx%>5@o*HAM2K)cRN&CZbJEnrJL(e?NuMp?xdKv-l_8Pn7&c zbqml<2mH8P_=l2_iy*OQx*H?0e4w1$+UXx8WneWA_;bzK?F)SF6LE&#s(i+4=YXOy zuSt<5x4gmR$O<80VhwJ@WQcWrcER*R!V3C<7@CJF7i7BH9O(k>hj2`G17#khnuyIm zr5jtXgkiV_MODHxOzMF4fmSrCKBy|jmECWF9D8e3y8If%CA zEc4}SMrE!;%R_GVmUc*L+XNf6@u&Qt`$nD%>(sH-`5!y( z_<>oGq6~sB+2Z&j){XSE?Mry7WvJh}@Z8QML08GEIog)ku&F*>i_ER0F`Mwh`yzWK zGK*g3IbP=hC`dpwmj7=xd6wP9X=Q!HX!btamxK*Jf+P|#nYf1$M)nj)@S-zcHpOs8kOssbs zCZkf0Eq0$;Yo=DFdjXvmt$q91qo~yYd4aY0K|vN{+P=&wB*b%Zhdmr!3W{ zz|Hc(Gc&fh;vMjYttaI22YEU*ECIagd5Qq{ z#$5gcw6n$5DReC9sDS(B2PFHJdv@1&#vyXo*60kwN$&zBp`$|M%+x1&Gj1vJI7?K~ z@8gMo(L@EY@5#ae@oDSnbQ|`cHN7xtUu@zcep@iOO;E;0^65@>l8B%u3FaFp65wJE z(~0N#S?_WQdZv+n4Y?=J)zUW9QTtX^$)1Xrfx?Ui6{#UfhRMCcz*=N26r35K7FU3G zsAN9l`NT!RM%EhyHw~!(IFwrnBHGp5)mDpA5V3@b%f_!B$f{)z&J^KqC{V&h&^-ZA7Lau;|p#O5Yhw$}= zk{8aI)BlcCSdpj#+=oL&#ZRbI-?Xo`-syuSSuUiXQ}fqSTq*Rr7Giz8G6T}L%WgPM z=7EzpF*nza@Heq@30@$u4KxKn@{CGvM(jAvGGMLl!23Hf{_hl1qA^b6{?H#bTJ_T$ zgd-kjZ0$LEptx8$?&nPd+fJU9Z-i%F<~@wE{Cc08G61(hejx={IKf8nq4>-~q9(6oWO~vV>e*zAOtfTZ{21D(ee#gDzJ^mNu?oaQ?K7_!FMG?0IwCiz$-% z@8mD<)u+Ku`!3%c5cS3Zw@2Wy?GbRQVBG_B zO|x{@q0hn^!$rh{yCnQtVktH42D&8Fvvuw2TiCmQzl%S34w0F3;R-8OP5|jB?>hRw zf$Xh-kAPeC_Sy}^r44%np@57=cW-NMvj2T`Sur9=)=vbBL|W1sN7g5UU#HIA*|(M- z-ki8gBf&HOXtybQgTQ-XYO!Fm1by{m48**Yc+WjmPl8eTag_|7D}i=-;un@f`s(>W zKaxolG~-P0%H`n^Xk!y%P$^Kok0f_TLJv}C??WNaT2Za@JRO#;qin%pW~fRas^Pt? zhOtgO-`#T0iH$)Ep+4okU#kUXlKf7>XvXS5fST}X*X-dwh-3BV*6Ec!=vM8iFL<=9 z=GkY{@3Hh#UM_N)y4UZ~G1$&;nNP@Q*-8MxQAfglUK7g#SnYKKj%qyXuv1TTpn2D( zJ}m&zZ-Kd{X?Y?k?zmvd#gcRziCA$IEH52y@g&fjP>O9dpHN7}6+ zP2)4oG{TMC!9$1U+h5TM;X)^ZbRUq#qtjNG$7TCm6Y3+`iO}S)#pSY@`m` z`rtBN{kGT|xpp!zgH^t2c=5tE0ddZ<_ki4GUI=XJxG5M=QFeoWs3-XB!6vTDXqJxf zhnZDO^DxsKAVxQ$emq=%_tS|&=hE7$79$dSUsezSgR+pnA3p~&cmZaCrw~Qc6a=sz zzASaT;}jB#h)VpP(FvgMH7Z9{Bn?cCoC(6lz;J>kdMa159{{k<;SXOXbLU`XXeD?9^$@>&rf*=LbTT{6Z zLA(LNqYr>X+vxsB$ZxwpEMtGLS+E?I)d0^!Dv;;vRzf&j_Af~do~$sxJh}t>9+($H zG#@1J_00VR5v@3jrz1*cO_(2E{?5^Ji(T0k*fO~F-#BPAxxREC;(V*FpE*NmCcb9u|&vV@?0R0ka3?Y0SnH6wMU)f~ z82eDQKN5!<|1S=9QHU&omK#a1Z>eMdbF+uNQj>Xae7gAOcNCh2;wpXRD5o{I56f|T zt{>t}VD|t1ElljT#u5}*k6JOU-m>P41Kp4nlLL=YzPe;1IN3&%66F z!f>7p_&%~Qbk~>EC;%EbbxC(C%&5npPe-0z9Z#Tuw*Q4)dql24nVq=kZ%4`4cM?cU zIaG0s8*3Y|x}w2oWGHmx(4t|Gu@aU$(60f0^5NYd#40_JoOfOlBSMfHo+k=>MX7O; z&>1LAs}4T@O;xnBa&nS=|4@`?of}#Wve_ZZDX`<|k6Gxjxe{=>#Dc#eD|jib>46om z8pb-iNDJtxA-{|i0pVgVr8Xvk0&OOGR9o=17?q4$)Xw)P@}b$G=Ts5!H(j&cc}hD0r$3+bObr)9)CuKM|naLCrA9$ z{E9h?u5OWD2j1A`!mQPES_xI4ptY7=g5(o-Rx@O3vE^o<%x$}emoH0X+B}%~A=TXH1>T20cZRQzwKqRQHv6c)sOR(;U0g?j{kLu}@X{AIiP! z7{l@PQnUvC}dIt>#sc_Fc2YqhGW zah;s|HKZ4iipJf-cC?&Ezusl`Q^-nVO#Y|P3F=aAmv!hbWmG?or0JPCq&X;;!I&x< zTm5_mVPq`MdY6ABnUY4Vn^+o+pWnTyrI>ORvkvslNS}K*S0}GgSJQFQ8{hUKO)S)G45kIJV_OiFj0m9?NuZhTk7pO{p9aHv;nm4q zs|y^RnfKXRxLr_Mmg1rUDq=pL9QBju`P0%W7V;=0vRy=za-sghYpHP@b@`4eJ8H#+ z-dPXchZEmUC&ZK4ABu9>$7y20=s#o^$S9AR(uQfZZ_q9@phSyC^%jQ_Mq_|BA?-4j z5r(__VnXW56XzG+9+c#Fud?lw&cpRSP1>E(zfCZO&O}62ix)G z)%!R0HyXdj58sT1xyt;{zbY60u|Rh6i@i10UDvrN-tkDj=)oPN*mLOKfWkaIbUXl3Qp%dvPJ~U3S%w2V; z9Qjo^Z=+?=bNYr%rr0`3ixBo+e9d}t?M!Y6`QrS1Q~@$>nfs*S8|lqD*~YT2@qHR1 z$AR<6^(@jrpG^zty5l*NF`B;&h&MJkN`_=4^YWZ15LRB-3vw3+`3SUB#mpb3HYOr&A_ZCYLCRUQ8%)Bg8>r*YXV;Edb zmcT$V6XLAZpxl@e#tB(gh-xq5Kt@{t&cO4-+nvJ8Ba3!HVXsY$^Nv4S^)H4E!j@`N zgs-D_ah;l`pT;H!+=wY|Ka|lul-#t|Zm6^mmx&}R*UO-K-8?jOvrS?tbW?kwOqo`; zS%h<*cA$R*5oCOUbh>a}#eIfWU1KlpFl9B`4RV2$j=N*y!Xm&zniG`dDQ|E8NJYah z>5<5ybka#@%BXoo3%GiJP83+N9vV-x07&y2AjGOY)G)IRG9o0F?M)Kv_9bkew@>pc4SUgR9u+4KUVAIP zXSHZr2)ox^3e;uJr5Qc-FbE#PxMZn)YG<4(Jw_ThnTPXhbnO-cWL$K#ajw}xS_loc zRW%eEgX`UAS-28+Wp%}C`QxktQTXfgVbq{p2@Gim0r3|nc=^EO>gty(48%(;GiPf4 zju)xc-?ERR>BN_K8Yz0^rAl8oKKXlWS#Bo0aJZNJ$`XYE%wKj+b-k$7tvoK z)Zg2_hl44hVXi4;e&J)mhjC+AQE3Y1N0b6REgCo>_CB9V^2)7vy;ISuT{uVM+xL5}4JWQvU`SN3Mo5}_7u)UdS=LWer|aryI(x$x9I6*y;Z$8rEJw%M#=TV~ z*0QROz_DZ7YdKO#w8kwqFS0_ZxI!&9HO3WGxKDAq(`!qw5i{w;BIgp_2n4c=;+TG~ zQ=H>R#|v*UwnY5K7;$*1OX{mWhN>};AMz8{$)lbBin$L0;qqi{MT}J zc94{Zl8SE#jxB=Z@I#L+sDd?2wnc4F>bhP}Od9`pMEA$9I($OJRr(ZEhwej-YM)dE z%D>~e{BoZBl*aiGCZ~otgV}Tfiufi}>k2u1}u2Prqr>VvPXXLKR+;ul?=Jn8Y_QTM>Tt-gU{6uI}hjR;y)A*3ol0ED)?9h5wyD59@L6uOfb)< z#ILE|rPO1dsR%&#G=3Z&^9$KNRb?Z>Ndr}Z&PLS?=Il6!azm&y`UMvH2j!6-qJ zrLOzfKSy1z##zQ)Q0JJK{rKpHn^%FkR`Q#0;);AVJ)Gq?A^EeLNNp5(VGFxw!EBJK zEP1Dx=|U#$k?Q+Jm+H?rcsvE!*l}U1jsg*})wK1xKS2z>|pA_eSSQz!hTZl~|rVN+ATf`}Qk& zsmHJN>_x`ZZBW#Rc>61{dlLQL&>}SZ>jSc>J9gOEorjLLIl`0z5Vf@N+9RP+v}2jH za4YV@_{JI?$d&t}vC*4+lQ@43z$EYE-TZp)w5Gk`a0|Bxc|km*VPeRk^C*cX(JQZd zh$u}6khzsK_OkwlH2czvcd%vybMvb^>Ue65+OPvx-!=Mcxhx-_(|sr>M;2@}7@z9X zxL>p-)cRgqaP3LSobKx~+BMU)p6#i^V_EyaV!SU4nB$fey{2;7sMxp2LEec|aWfJJ z${SJ2POFYFPeO3!=?>DLkTrilAak*)2$F;JYRnA^3&U}bmJCF*vyY0x#mdlF76_7S z_zTJ~zKN^i;+PwtFl&&YCYaq|Fb@Y=v5_p8ukzjt5HB6N0X-=+Q0IH~O7-IhDDn`i0?KrW#Tb$D1X4{xQS5C&T{(Pq}#{dW0~yyc^1zRnoJ< zdUrHEmDuK`*ycC1{_@`zmC6_YaC3!7Ci9+#(7(-o`j|U0k9s62X1I>rP>)8*+$%qi zR@g|I@p4yS>@PBObo#pA&zWW(fol~?O0`8jL!`;&w$GVFGo&PYRyYqDGIx`QisGdo z(BU9d)E$zp(s^GpY0%Z94?{QXBz8qt?(`%wzKBh`2`T?h#I((M>`$L4kf1`HjHeV9 zJa)LI#=2m2uk&2G-Wy)^Z@gt3Arp>n7MaEQ&rF|k)(gp9*kT_4oy{Z0_F2TRuz5?c zCLu?Kr$oMz{hfZ_M0Sy@0EcrNop>Yf=&HLGhzCoFrDw4XA$Yyf8V_pp$DJn(jbwXe zjkFhCcQy016O`p`Jj|i&eOZ5*)Rown!SyBJ!t=WyJG(58+DoDDLI64ji3%PudDxLT zK!OG)AEZSb9_q|RtJRns?e2KXnUf!V?ayp&AJcKOZ^LN-XqNUE8zGUJUj9ydf@Bss zMjl5!NrV}XvQc5L#E-~=M3L!BbCYG)6%jhE;kdB*O1ILp>-1BIsH1ZGLyKM_zuM^M z6z!&xb18k)7S_1kqFYY$|5L38JPfM$EmSdHalP18))jKby$xcOl{jIP$<~)va ztHr#b#FO_!cLj~r<;}N{F%^^JHWzm3OTA^7^h=F0POD4iSi4L}uBNy5A%)NoM_Cdc zb?DkDO|4G3?jZSHP9S-do6zH~UYZ=A!8sw8iaGlOQ#PA8!Fj&Ekw-@H7&4gXf{3Af!GCxq!YCdbD}uY2NrwpKxW(=~g0h7|>&-!W=%Z+r zKiud<$A~{`vP(qmQeb|De=?OFoE4K5&Do|*ha*p}f({qG8kFk0(>yLTS*e8*`HY7< z)7O&(%7aVTBcjIU!*W`hVfaBRbta3qrNU&Yx$C=wcn@{;Bv01BnnVsDuaevwGwEf< zPWxo6;qGoGz;pA#k)>jDeY%jE)lgjs;e!)-=Gg$Kj#xN37NAp$xVO*0cMyDBz1#3% z;SDiqq06rO3J;!_?h+hDneg-|z$dsk31a!U1=Gic(HGD;zkBZBcW#Sd*zS7nb-(O@ z@?u-PT-QnZFpu9w+>TQ1@hJ#j_rzA5rEZ>7jm}|YMnU?b{B}iWjM(8`=Szu#j!*Xb z^USXw%=c>Kdvt4bT0uQYqjCv3N&ot7CX|RyPI)j_+PQQ5@%L?l6dSfz-78$mt=;e^ zc^fpkMagNrE?$lpBro(5uh~bSO6E(Z)6|E*iAtJDCeCX8)vKuKJRke!M5DN_6*NUF z&tdgbp)3{g7T-djMQ)X@nImbgN$~c!`q*-T5g#6T<-cLfPd5ruTCHs)Pi30u=gtLK zV^*Ww-;nI2_rui@ety>=3)?*3?XC_kS#ll>R|y%TwNuX}4EC%CFix!;38N6FGBZ6@ z8RM{r{65yRO2zw;`JgOt{G+)W{b?nXqNE&9;d1CHy}-NTxZ%oS_CQ0YjF_Je5@CEs@zJO4P`teBGNIv_1#oN93<~uAU{_-g4iMYp`(ty!)a6Be-V${-xPCoo26RG zmR;^Z5W5P%D4{pa?tWgvBrnDM4LlS=qoWzsdnHUIf68tBJ{8({MR&{5(?~p?oZTRe zccUbw!R{6oi+D?Syg97z^+AU8_qn_cl9y=#6J(ZyL9Sn2e%XJmcOG?x<%BCrE!8OR zOEQ$4nZvx^{u(kgpk$}0f^cgzp3U&nvZF%wCT;qYikn|UMcoXm$SkY%16fvj>z5mj z<2OP?Yc1QR{(!=p$8pf5dHBFxcOkFq4uuMo6{AOJpl$}biv)vvaM{rNEJbFW7Ad%> z_b5|t6Nj{*bADXRc7u#tQ_r*4L?`O_Ptg`~#V3)UxJ=sg2`R%F46$^fwIW@Lk6{Bt zF;{B&Tzo0QsL0GC|PDOwryRz(_8>KN|pXLJAwKrH!;YC**H3{f=|2$ z=0RwVyW@4J2TI8wK6M)s(HLtK%1JafWi^Ona5HE^XlI<3tjzK@^bigWJ;Oa}q~WaF z6^lDgE?%eo#j$Wx-1Ek5rL-S6n&iSllsvDF#ze27d_!e+WBsTg2F?83o;nOG;nk^i zHx132s&nTURq^>1Rf_91i`~iL0BNuu6Eg9sVS>NVtBb`#GkHv+Awxk{wX*binmT`P zR#qj3X|7Def#n=p);%1yLnW|eR$7 zf!u@$=t7S^J#?Zg1?^9u9Rq9aps+F|Aez`ZQK^iheGe;_Kgb8NHJm%=Fz5Po^ z?mun2s-M@v6mXY{7P>r)t}5cDkFz$!$xp=IuQuznWHRkBp?xe{-WWd z!E7FKC~?7=F|1$fxsH=7N&^!Js-wJCV^9|1YTbtZZ|;@~3*kK?3BySw(((L_KOG#A zWU;g3N6l`8ueZGS68R!_l)pYsiJ?!U{SIS!j{eR^QEkU2{LF#8c>Cu> zDD&itjANo4@=*7;VnP6K?U;XeWY>M=q!@v^t;c zJc=`|Q`yscmlq#hwGwROv!5jo%g3dJOp94EUC2G4gnj2Xn2|}Tvrk5$OEwgS${AIpsx%IwO=wypPLG6UqwynMfcG_?H>~9#I8y)7t&Ke-__IYIS^cl;OX&TL z!dlo-kIAPpJN!^P@0v@!j#eBh1A1;ZC8>G;WaMlM0}tD8OSH0|#`+7lo`3fa+S`Rm zyV4XI4HyUSx5{9f$(7rM;4xu(6yIe(kFd6UMC)WgSFQqK+Hs9oaY&KC0 zDeo;JDM#8pZ64&IKgeT-$XY`)S+_KmD!5KPXnW+E8k|er`m+~9q}EuBvoJ|cg+{Yz6gQbgBgI{a z3WKy-&xt|>I59wV3QZgU58d0*FUpfj$cIKa2ab@~oN zU|nKZvbI!DEY9npF%FP-n7Z0fnd1K4e)M;%j=oc3*V!$qw!3=>9;Voxnj38x@aAGp zTordF*ox9N4ZJAOtpNL$tKEUvEi|ei^8G^)kQ_RxF9OUG&L)o^q#|Ro<{8($7(1d3 z0QM(g8;Bk3x0^$qfR~C1OCbID^TnZf4gL*$2vKmup?jCUMJshI2AvJTS z%E44T$j)18s+8QGR5t9?0oMq6zfsK5hrq4E3}mJrd(m90&2>3?QF926f5cV#xj;#g zB1)R0Rntgp1p1`sZF1mK05;_=vUFg~Nm6{Ilw_>4S!MQmP_bw+Q^$TX5qsIiS@CYI zkBX9&Cb4Lr5POe?VK@Y{xsYztdvofrX<5ev;VVhgIJ=7Jm+U|(0ygaAV+p-1HH$pQ z5h|LAOSJQSo=sQ%I^O(a0m)=F`Xy<$6L?labzZkZNgv))c8))U)NW zs->-3SHNn8W|f4jrkb|NxYZQmuON6e8NzQpd^I()wPRR|#-l2lb%nAnK=Fil)&)?X z6x6x^?vo>17r=h?;jI~&qIQhyYAgD=LR}Xjc}l$NBDhZrdR+wh>5;FCpuhg`*HrIo z#=x$&uAd_mwj4qIc-V57PYH@Ghx*jW*mB6PK0G!pLvB7swgCU817!=Eu(@d2jBv0l zWVV1`JZsRbt#@xOY&Ns6)Qp{7Rc3f<2Njt;$ij3%gVvhnvM$BN%rX=0)MSIrODbrm3O)^G4<7=W9`DZf4N7 z!MO#d_pdlSH+>MeJVtkM$2J|MyR7w@P~A-9zph~2Wqrv<>=t(C>y6n>?{3QicQXRi zHgvZjbT_wTs>JU;abTYq!JBGw#W3FISqilSc{5$uM)TH>=1q$lwL*Fqi-t>sdea8l zZ#J?wy(U);?@h~a-%NmSs?$rNe3LF#i}PIsyENFh7|Cl6_s#pTJX_3ffoXE3sNb@t zt}XO8MMYJEf7ATuDG|Vh=>HTkz^O5OY9Mg&Fn;}^!1?9MQ#-#|q`at8-mVd?3#^r5ZDdae_;~42fA|pi^B*XgWf!cj0chmw0Du|1TacYy3Il2v!J__{ z3b9)dEXQu-LkbAR6C5<2+Rg>5|9#1lSMA3vHZ5?Xn_8AlOLVEB?%Y-oN>(Elzov=J zB5vG1J9u(W3u)+zc>ZS})Wwj(EVZhg5KqIutns=+Q-?Qr6Gk-++C2Xxr-?EE4+d=B=>cMGIs7DksT; za}-Fw8q-sChN1eZ$r>{d5Dr{23n7;bTBZS#`m-JslPOBkPU+xfl!Uwm8D-a5_Dnas z#`Fr~B&A|6SY39d;>_JJSznU6fMl7 zPp!<{>%0_T_fAoWJ5{HVt8}1(Wgy=cX>o2)G{KD1d1j>b_fBZdj;sJog^JKa!mzYA zSBGz^RKmdFq%vsn?LMB(A}&Xt!wHk8ycD@)Hj|0J4k{t_@B}el8L$3apLRaLIbc)R z?)8TdHX4lvxbhKXNU#sFZn3q>50&!*KUDI9iF=oDIGj{!Y#6(rRc^4TqB&z_6e?8~ zTMY+Om0}};^#9T#g<57q;1Tx@(FP{^xmg}VU`|E!zYd!sUmc8aI2nRg%kj_%!@y~^ z9NKECWvss%$|Hl}B5`0EO-m8(WO8;sPaVE^JVL=?|Zz@dMz zlZ{HzpX;v$Em)2m(mUu#G$n(7m=^^_PQYlW;q0%c%nj3eKdAE&~T;#9Gjh>lFVW%3#ESGujY zDAUZ62&j2O9I+es`lny9B#bMJ)##m|; zK)s#A5KBEK8*gA1nc85i?Z^5ijzW^Z?-3nkznGW?m1|1QvJ);)6AiSCa+u2SAH%)Sa2IKYS%9%VSP^8QGMEM`)VfO0R@VR0c(fXq zb=umHdY5jCrPNjGdYML-hiVj;IGfD6wKe0z=2**8Yi!L%tKDeYTH9c-RoXVAv}G2A z+C>c`I+xyScBGizW%cI;YMhnX{ehAQu>kq;+5ZJcLvVI_a{+$)>EgYB z;6e_4GHFa9i=llKGl6|HLHlv_L-6M8!~6FaXSZ(-z-^|o)sl}4|6x@-02gm>E>)1cz*H2=`U|@Kfb%Ty}mrViAUJn4j`oKCD#Ki?szKY`$p31 z?J>k(5Wb!^XkgV$ zE>*G$f)rd^C#-lw!LojQi+2^6iLHH2!Qw%wfNNcM6%<2%!ZiiO0H1V2K{3cDUrtaA z_GRuR*j(y%(`#D)MuHlPmp;?A1SRmFaw934+Plf{%{OZV@TjU{daOgmlz9Z#- zxFCZ~wrAN?5oaoGoVLMbGdfJjVJeA3NIWqBlth8&P%^@Cl<J(R_fgNqxL#9Jn@8ksZjTnqR0HWw#-yGH8VDh82?43AMP zCoR(|ncnCg`ry+10lAK&HzSf0R&F6OgoTmp%1V;nD5iltFq&Jd-ELlK$a>kBn}{5XcyPct4DvC?%Z56> zcX$dZFT8U&KM8x*vn($G6=Ky(xhK71FP;z z4E1+1lC^SPVk($RyHIgRCx|B*f)Hu+qM4|*J=(?aUK)u<66K7t9F zbj$Q%(SPq668`U9AaB7CJ2p*M$_}8s9!2JWVC;d=IIn04u!f3ddB6-E0*YpYBa^wn zhyf#?xOdt~UHYo#8(|Gn{P;`qMU47NH>zw{GHWZdzD$pdbX8}3&Mmi<_n6&4TwWlbx^78@%s7db#C*~$zCI=a9BYLxaW^?Zsw4+WVH0I(~! zFx3aMg{1(>X_s48ddsyw`Lb;I*2holj^(qhoEI459s6G+R#;ght4J4Rq5;Ey)Li7b z1e-SkRHb2~DDb2VvdetzWoJ@7dxyoiwu;`s$6e`kS@7uzGMi}4Wkzvi?gd=)-({!vJcEa%rfJ!0@JZra22vC zTHO{YCG7khafp4koLy-{=#$hJ3-PM*L6SPGtOYpWXp-eJP7uPqJAKu#^{3>XV1mc_1tE-|fPQ%dpXy?1{Or-Ki zUU4BEo*t&y*ID^Q9e^1aAtBX!DD=r3dEmS6c6L60c7&L3{B%4FCjns`yYGmXoYj5# zvU3{)5=!<6p&$W-1CUe%Gnp3n)c17+4w%Awq-&^47d+{%XfkSuzhju>9?=JiIY)ua z!Z+O6u`Usmt<9W!@X*(Gb1h$heGj|bYzbvuGnjXEAlfeY>jC&55a7TQqt_LE1_06t zTPs=ta3Ri}AN5sc=88_4s$(<<=uzHL6inoh+(jegavw|(S6?_za>6MViax4rB&VHU zz5vGuFbo@MUp3=>@waR>*__iPKWa!kFeedsfNC4?&?uUunr635JgnF%j={eRDghsU z0JlF~fU6JZe+P~Oj!4L3UkM6U55z;g* z#9p~3OiaVoozQXqX2tDDroUo4mV8a4pdlJ5Ru%G@8fM!>rA~d7c^7%$9;@rOQipyC zyp&I!KK9dguQBm`@*rsb{Jn~vW-9lvpe!7u?&8*6Ex}vLW5}l663G=L#oD%` z1P-84pyyl3LE!4c&FzoZ7dIbI&);3X|9EwJbMxDW>+`?;b>C(*IwMvkqAp#mCar;9 zsty6aGZF~l{BOIT<&7VW&!3B`%A*5g4f`3*cR}OJmoK~Ef4~Sb)b9evJ6O>B&!1DH zDr%Mw!&f-~Vlgf4e~POt8VnN~VJ(YqXncT7xJ&1jQQmUsSiEWu0NAfhf(M{%&^2ec zC5CB;-AA(6_+W=dS;m~+Xv|oO?<%@@=qopYm|+|F_+%ACsk!TOGULzqRt@I7Z%b91ya9`M`0egq7}T#rq9#egRch zE^s`cS#1&U`0z&oEonmfD~qgRAEsp1ffH8Woz+zTUEh{`IhHb&m4-eMQIwat5NQtO zB?H>iY6`imVFQs_o8u=`%$+`OA>cKO2lg9ab)NI8u#w2C2VUyO)V(<7U4>ZN)tN= zGdKra&@u#L^Z;f!h`1HUmb$?D@=BkL$7$&rv03UjdB>Y{nwG0cY0KbEYCFEKs)0SM zHurB*baHcX{p;mf0jX5Rzv3?77(ci^u^KUCJ zhgN&gXf~RS)>k{XE6OR>qOjLToNe=VngqlmFHtd!OB$X8M7$sY2+)HH^YMM{H5>p} z?DFzz-H@VtOd=T+tG&aicC~-_|Ji%{@5XIpL3DohUx8I7Cw6X2w)=C|Z*%u4veWSy z+pTN4GkZ5P$A(Bq;+P^B0(7?~p7*!EgAbA*36LN~$?cAC=1klaKB`cKLZMKof&{q8 zM?ClTBEs=pNWBH}m&u+#0OvvCF;CD7fPI%IisW!`>mv;K#{|L`B2bV>bPYV3_RM?z zgoE#>5YlKiLk=B)Qw9OgI9N>JK*0X^7jhuRBG`WrdWlC!j0RE_(MnZSnr+-P^aj`=4!;-+w>+9z1x<6CQti=J|;2kUuQhv^WcN0=_>KV)pR+ zz4SR$vTLv{ZUugep)Yca!7voB&`M#_L?T0RkxKUdh5(J?fLpvF1#e&RYa0Tl$bm6I zfZ!!kgCL7OJ>??!UTVeXj23h=jP3mU3 z+vMDkFO1N7lY24?YY;A%6xyD8x@lKK!Tj`Jr&p!S19Ax!V_(!xv2>Ow%$VKEAP>$U z8BjZ63*TVU)F{CRm6Nm1+-MkZE7PR%Rr{$jTnM$8u4_c&C`i&-hbSsX6K9=Q;w0^- z0)diT;lGlklDtjk|GLJQ7InVf+{aVsXP?Et4_ZK<_{3OZkqbP&Ha5B5*2XGB0qpB@ z${5pH9aJK1(3aOm-=u}FI}xWmm^(PCuM$JmjDVrWkp*~;hVxuC zH|i0imJkrIQQ|+N zJ$)(OZwCipAN^KeE$8i4MK^0-pIYhAi0=y%t%BGA>lb@h_|2C4i(T}aK-dNz$-Y)= zLgTchTP7v%ta|PeK3k30%SNL}H0LPhlMWLPH(`TQf*vMG7poSjs3R6qZiRA8yIiJu zuIJEOyCLRlS{jIC?WPQ^QGa}S%CsGL>n`Ak~Q7Q4pG zCA*u(_L__9B2&a%LSYoQGpLFlmM}D)vXYv~Vi_eZ><&2Q=61)Ne7wmf#@!ZzDxD3Z ztTI`_xtkwd6k}amk%0G{&P$F6T&62RE>E_E@Wo%l`Oi~0QmY(@ouQT}2f!!-6B4y% zR`i+jSg;*%ZPL}KG54MoTejokayORToIt)ww${*qKN^+?vMvablWi5$Sa$}DR}tG= z(E8bGu(C_MQd;3l}1^r>9Ir9swS$sNpPj_cN$&>Xwj%&K+|)=%r2(*%?&K{Zk? zDP*7*(Q)^Hg+?f|ZX0EqK6QMy+|sMbCO5~r9PxU2mbvK3KYCW3v|+T2!}wczai;d0B_M_X78vq#~us87{fGG&%UlD}I|oJ(t^d6vOwBwA!s*8GKNA3P?L ztz{9#+gDB`e`g)eZ#}|*S=sp>KZ4(4Op)|K?zvM2!Vgv+#zmW1e)0h!zJnra>Wlhh zgi;@CLi~HQs;Mgsd5Lec^w;k%RCnu8eUns3+mt^g|E@fbTz~GWr-IGw2B)Lou%lSoi1kC8DUGA`!r~OfgumY zpMBG=kty)y2s;yH}+JQwh0 zS>1lYQS0x)FT;zEXA|(t@Z$V*cys>Y>g4YM+i%k*kDNXhLi-nqnG8X!#0BM+C~!Ul zd~1j!ABYg4{B0wTc>rAQ;2$9I4Pd(93Agxb0GU(Pg<%6GG1Jd*JmRn=qM~H(&ee(| z|Da+^WqK-#4#c*a0eF(4{{krW_}=*6I0g<6JkR}-r9VM| zl&{ca$eA$051xwv1aaW~79;Qpu4Fa<8FPuLAEL>n$TTv;tji=B#ivi7R4XNp<}#s} zNEvVlW4h>bcouZ&ug@3b$yim8u74bk6zx3uOfhc40DNhg&cY;2PByuNZ#0FD{Gmj> ztj!Cc)Z?>gfY>XcmOk(0huH~#P522%_Z7sbO6(S5-*Z-nA$GGg?(*9=j7T{0{^bR8 z@y$cT-YY4D>_9CuMW9Id%2!M2bm!El{cInGF~#pufFgdH*Qn&C9gB@m4p|qD+I>m2 zkCNDzJqCw26ES8O;38KH$!hR7PFyb!K&n=&z_KxaN?JZzg7_`5xlpc}<$JWUpXuVY za>tW>uXdj^Sm-DEuM+llll@n;+U|UhhD{iIxJlM_U=3&6Pe*ZDN5gbh+t1YXh2<<= zUl^yziTn~IEz#2S)W8757}1H4ivp(Bk`C^VZ+xP;LRR;iGLPi8orG9&C6VOHxb=}0WzGx|hnOW!ezvPjiBJ7%ZCAP~ z?caZ*&oqL4cE}v8;IiroX!ZNgqod=uZwl`}-@HEFz5m=w;o1w2Op!;K)Gm+yA#e;Y-k zn@PfsIbkykkaA&HsKH5p9s7t3TokNE=`9Yq!DpYjL#1!gR@krk-&|n8(325_Pjr#y z92ml>=X=yE^_sPmR~GkP;GTdhwbI@aQRqSnPxeGwOg@O}Il)1*&B3^r%dKgO8?&dR zxzs${7QYQdeE5iIXytIfC5K?qR;H}2coVLX*gzW&IM<;f#epXHaOP0U|EUE{P5mw+ z7ApxQy8u-kpaxzAS`s3M(LTiPB*~@BFa7?{NXDC0n4}EtgEP)k zdjJULI?>Uy&Ek@@=yUJRG%0@a;RL*Sr8roJ5vJI|{t5VaI<~EPGaAbwC|3JVnSN5t zN1bDg23RU$pdmYJS;TIj>JZyGWWFvvrv3geJpm3={}JOcpl<&^dRvVD|MuPM*Sr0H z8>Q+Z-{>+sDDBS=$8wKNeNJlk*VZnXcAIT>1>VV~TaHQZ;AMyd6ws5zi*dI*cegty zoMZ5oa>`DHsudCkvlH;xUw^js_E~YTSpgROKje;|bbKcFb`cy^?& zH+lVwg-Q^g{m!_){Leee>vn-U`TzR35dZVl@w<0#cJhB4Mdu5qeN3Q#5M_99(8a#c z_A$bf>;^j_-<^KAu_qua*C=j^7mZ|JTPack+K5 zMI--{fQQM=U-7%Jn_tR^oa+nvB=hc0#{Y3-{2q|89TVzvp}`4B@qfdmU&D0@Y5&mT zd+pMl{3j2N;RdMg{^!l{yQ2Tc%hx;qkFAt~3SEWh1f)r=_5dJ=2b&(w zX6$^kI#D0d7C|Z0)hY_bHcm2@sGa_^a-c$^99D`yN?!_y1*KtMT~a`Lo>UAW;&?4H zl~c5%Fq$Je=B*3elFS{Yg$GYFEAMmGK-S;?bAF&&4WMTKfBX97tK$Cu?&a}r|KCRG z!2i>9Ud-2$EG1m8B=3mC{T~8<^;3kGNe5qo^QVONdFw5^Td3#fG}?ful1FpunT;K% zdiB;;`t%cHLNXwf2%~1@0HH z+FHTAk%icdN>95+8^XG&P!v66&wc?&zSt1F+`5F9C3&0(hUmsyA{^7KaqhDXK!$!=LKPv-hdfMX z+En?t=90D;wFM*Dp(Z|G>kuscv>7zZ5Nr(D1rBhO-!=eHKH6}WwvQY<1}g@aVO(WM z&Q|?;d;YULLUf@2Q%KP)_6aftf~wU2kB?p-zk6A{|9kaj_x@`u<@Z)0;G5jesr+HM zo14fg6GS^d3GD9RTB+^H>~?s}D0I0w=cZ(!uhpr^h+jtp>ePuznpepQIOazRzCmBv zENt@N3>FBwKEH?`XpeA7-8gh1MH3o9issVSDgRBZ@Pc!(p?UR-{>>eWEG0>@2TK4H zfyqicp~*^XQTP|tfNd=fEk)vX#NuC?-36s#6|mbewB?@Lft(4<#<5*mKL*#}pb@4T zIjjKOCK653g|k4;J&Bixxu@j0#jwwve88UvH*ygTeuM;#Azgr;A*507fHON;z?W~{ zl6YyyDeJtbFX5wqBi|e`L#&2&7}`?1y9Hshht{tOr&kf4A`g%%$9JD#x^F0~Y|>-C{d`?mx+O$e0(CFOLsIx69lP1uPn#4bs}qpQ%c*kpI(2oXei zKVlc}fu5|^Gr9^KsjHB$T2B3h?4zi-0VyB50bU)YOV~r~2=YObf|X z5R8bIUO84sxi`>Db5T4dM{_&oVtc;y=+{n!@_W9~`FLb(a6TSs&rij~C8i5zq zY)zCw$yM|OI5=GOc>){7*NtnKMzys(0I#3ZUDIBeo+{kLas)Q?F$mM@<#k-KBqBs` z965;OYp0(p%}iNiWs`nc9=CAb0^l3)HzZR6%9JhuGI9Cf`DiY3dkabeF93Am5#T_A z>aj`N)h_d9OWo9O^@6vW3YqdY?}OO~hf^;&B#Xk=K5`0Q9&`T&zzG3Q04g#oeQ!(> zDt<3EUM#T--X0y97`T`ZRcSBy@{*m$ND&#aU?TXbucqZG49+ubv-AClf`PW93?SS7 zswN?SxK{EZZ$rT81Pc!o#Yxe3A%)LTx|F+VC1-WQZO{c&w-(|MZbZ4K=Fj9 z^alGCNE@YE6bD1XuQ?A6Ko7T z%~ZiAT}^s?^2ho7(3+ktF#7kuPjn!aHMkjhAK^F@xuMs>p~y3=Ebm<}Dx`O=>-&%` z+e*7Bubm6aIJ%U^(nbS0IGCAX7vlV#5a-Vg_?Z{DO}Yd9C6fmsU4UcIU&7DH-x3v` z%(p2zeb%ba6A`i#+r?b@gCfpL`?P6o^{>IZckjTViyjWiV%c)Id=C3A6}l(cYAo2Q zITlqL%r;rA1>|PY+)mRrcDzMu*B_niM+3cdIQwH%i5;{MwE(8=InI3kX|F3LCxXH; z0OU_M>uEhTkdb(*Z!3SO9p2c1VQo}=ZX%)6sVj?R^o+;AuXPJl z7)bVMygoJUGFl>tuDXZ0I6@O(JD7K-!go69{7lfnjPrgv1~u3BIunh82ffAf$Mc)3 z;pO@5>DiAT-xs7c2Sx;lMNt5w73k53f!CWspP*jOxF|%1i>C3shMos{X_CP-{xG?D ze|y>;(rP$JoTa~m^8}7H((gk1q!H))KFfwZ1wZoseQBz=}LXnaBu+j1C)E_ zknTvmgE~UoewAlKaLI2zj`wZ50zVhJ<{=k^7V97j45D(6c{=lgZyc zT%X?lbbfKBN2X^|f{1YbN2WWUr^T67H^!?%$Fg*iVISO8jhcGKLU0-L014 zL1`h{Gt{%N{^Lx39DCIy!7{WF4BP$CC2`Dl1^{^9EO^24clVWhlHeE7gLj3p$L=|y!ASZ?h(NGf-ioET7M z-44hqa262`a7;#c$quhQ zJeyf4I+Opt8vT6z;p)T3$?fRF<>mQJ^*XT|+;&l1eZ0&;AZa{lG<*;*Cm94%_K=1` zs|4EU;^XAz?D}>%9^YOKFPqH>4AZ~!?uL~xd;`vT1|u7VUFJF}pZPSXoL`;aoc?$_ zynbIlvAX`7&15ye*|PW>^x2uf68OIjFPfZ*Orv#)O03b~H77cTz+`lNKE4sh3M*!^ z7^>a$OZn3f?kag(IseIUO*M##*kx@nYpN1l4*9zN`NQPK8l7Ye`R|`Gp|;~RF(4R* z8{^0*QjIfsaXK8=k@)Ot_~XUdZK$9KE|BvO2Mrh`J zZak+Sf3hBd#IqJ7{5YJP-JV`G73JH0A@a|7#f&#z8fjOzt%XoEW1YgKnMp#bTs_Q^HHEV0GcLX*bcCvVFK*EG@Qt93hVVnJ7BLb*0iFFn<3Yu zwX)>Hd#>hNowy+Dap2=QQ|_zmY=(hGAFi&>MmOgluIdlj=~yEi1jrGON}COLdOm42 z;;BcR`aw&!MA`bn3(#2TJ$7JToL`;UYE`;X);h1J9o~3L^e-IP&h5?l<=OxJaMgfk z(g8YvH=J|kzQA*v>*@EykEiE13~WnimG0NGkmX0e9Sv`WZJ-!I3Vky$-+&L4Z6$S} zj4sa4u5NBG&#!JT&nA=M`!m}`;rJd3=%p82B0}ICHCc(1pNH3Hr;NcbJ`7K9FV26w z9$ueY44uiu$pS{m9Y@H=(7o`c5sW-D3$Xcto2d1au)!jBT*wvxSz!XP>_Au)EwZFP9 zWTF7dBB4&$*Ln&9)xB`sICDjA&eVs=Hm+MHe?fjZJ)tn7aX60fwCFai{L+!@T6x3{ z9KcjK4ZeK~8#PhJq*Z7r(3_ys_KAMKgot0SSd$g*l zo1S8XOlM{#mZz0yl4D>ere{Mz;;lW>0-2*X3+l3GPZkc;P*u z01={*guePym!dE~W(Tq`2dQ2dc7Tjt8v1!;cH(d+4tL`4*^0w!1YOS{52M^~T?)j) zs2xbeJgj<=*abd%nHUxD`ND)^AM}x4QfmFVR9r>^ghGD5x0Y;Y%ZpDFgUA4k@6C|2 za(whN#`mPStIFTHSq+7u)_HDt%YqT!zOXs816$L!8hE{xNC}`UqfuyTd4zhw zycBNPgsSpCQO$+p24Cfh-ReW& zuTB7sV$=eGr+*>6d+1&}TaBcHQz;d~`Oi~mCpel2jJ9%OUF+~K%7(TvtAB2gbxi*S zOo|ytm72*E=kw%&+GplTm(8D>=UO&>c3#R*-_f)4x_J7Q(35(D(6^HAc$$WP)X}i?vYOTUb7DmSCqE?NLtW524*-r_ z6ak8Xpl-6rzzWA8K*(i3kq|lFYy}`lyV=iaDCuWK1kZguh5kT&J*ieb=(T^vb~?Nn z-cCMzydIt1e!M<6-mWIE8&mVa$+zy|x8#2l;xDm_esDd)aORL0BAv;s3EW?nfpnlu zWrwPpiqUvDnS9-^HjCKm5dHF=ZMA;1sb$-$Cx6y9yej@nH`ERJ0%-eR&ljNL{#cVJ zH!0@Z6^P z`d4>$*LH2FRe*q_tt7etqM`MloC7GwYU@%A3)0#ESuiidi>pC-VyNP8yHsOaLwPE(P`w3P?Y|Aj&=`MHV`z=PK zcoruVN69^Lr8k22FYSv>8&8N*x?HAobeSwyJK9>StpJdmrGeu^k|j1)hOLAN^u&E% zuWk&lFxauTeYu?-$Y0>7!};CUnfGYAhJc52~7=ZmO)t=wb@3 z25LIBTDq6!pcCQ`TZ37E`5W+&Ad#^*LmhYlfUfKDzbOWEfdF)941EyBQ{N+tD@?Bu zbXP;yWpY}YA-(}K5BV;bA|HPOQ{=#ycaGG)KY6~-w4xA9kr&LFE)^n&A{P*h12By# zYmw{EBVZcgd&B`Fc!|J+5E%sE8Tf0;%_p+eg3^$j93IX+x`?N2$__J@SO4?~i4i$` z^Ov`8U+xLDN$>;o!v!p?6Pa`$_2YoQdFrFUIEPkQ>EBP-k%s2gDC>s zH;eHB^zXU17IYS}e@}7Znj(kMhIcpE14dp+Z(J0Yi^`|^Vd7hnZ2nbVQkkkrVKhfn zIA)aktyYkwpkG4jEQFvn$a*Vr`qX>ums~p0|MY5KT59yaH?Q8kD(HW2-X6W(>3`cO z-RggejdiE{b*KB4l@604RZ`UIRK71$ORCjO+bg72`ly9fvsS&!D!5opqDcSUUC6cB_PmJIBScetUXDx9#A6H{w>Lb;hEpSXV?u5q_ zwYvh$YzQNSrlth({ItW_%nLla5^V|}E63J$um%Lew?GSr_^BIIsf4$q6-w0DE3j+5wPa`_wxAl+rs(p?d#q7Z#$)hPftepYesm* zK|(!DE^**d9C^Wf;NS>hekeFhkC@|JCp9Ncx%~NIvhIwTyr0sXHER$FHgzbilt!xO z(-(buH8@}wCeiN>+UgOSo89YAy=^>YIywMr4vzB($6-M?vtJe5B_j6Gx|kTKz`L&Y zB;4KgKZCNy{!hXhyKhqJ_Wzg1FAMws>*M2hyZwI~g)P!Qha?<6K+oqFO(#EqeS($` zC>r5q2qOe~|Lb`0@=gCpb+DCU#DO84dcH?JMED*j_kZzRzAvSKR50@6q(=u54x9)< zvEQmHM92+HhY!b7L}98pU^j_JEQs`}A|%BE!gg@O(5!?g^MdpP;?M+onGF zE_EdTF8Lx}1f>7e`W&afCSJW+^$7oyUzoEm3ry%0qMvYdpFzMro{vZQ599OG>_Zd> zL!R|rK*=`K6Y$+N`#KC(-|>U+g%`x1&A-QC=%XbHDD>Yeih`_q857E@3$P<$_mpZu zA1uA#1RSR>flK)L1iXFo=GB`$0A_^u*Hw4PJHKm;DStY&A`~r?so3cVPh8sX|BSGQ zg@P9NIo_h{t_ zPl1o*`%1%$9tAGVtDbFd>6NE@2I_9(?{4EycnCkBDDrr?uwZrq9{cOhV2<1M&wVT5 ze4bm`n(|*-2P(yXt^9xW?zkxbS@oU#-$GgYO{aPZ2P0?UQRL8=of?%S_`NRni0Wsa zU)H9u6Zf5pdrdGzaT%?T>yhVBg|yF8MsKooB>yX&KnYa;X8mnwI-A}B_8xQgj1 zxbNwG{%RW4`J`#0wS}gLpQjJg5nh^{i8L2_xtquQ zU|CCf&nNVdE45OsHXe7$9C9MQJ6={B?7W@ct) zW{jDcnH@7TGdnS3%nUKdj+q@ZGc)7#IrmEQ&1f`#R_{_vC3RKp-n*W6y=!T8vNo@Y zqzRaCVWbn}%r{S*wV%MRYpD--2$oinWS4QisZj}hAHEFLVbb&qPVNNPhs&RXDa}V< z?KxfUTP*LS-&PDZHH3&2VLh8F6>ENH$jF$+W(%b2yRfW99qln%RJT*p(#%&{C8Y|L z9+tbGx|ptomk5mn7$x+)x1@7E1bQ!~Ol?L$i2VHgdTb~7I`YE)vZ5~?`baE!DJ^-) zu^hYK8Xbsd(VQMLkrwJkh`O`S$Q(q_%b!@MFj5B<^yLH zZ|mrMb9zcY9}JIOL~12VP8~wpd6NMA!vU`VpiTb8xZml)9%O=7+PWKPT zsUcGC)uq!d<#_YV`_qLc(U_ulqCEU>i#R(x1*6enP8aDbM(X_qNXGh{{w~L2F;pBO z7?Y*F5}&zT5IP#f{{X&Ro_`yYWk(;GrI{&et(gNw6{RBODs#s5%&2u3OV2zgsx3AN z8Lz^YFL2DopDu!?&98iz;}rUA%xk0+=##2HW@t~Qbx4l#2FG{Nd0sRr+7KT*i~!Gf zB(fiD&p!{;_*i>roL2f4ItX(maQL@v>%%%TAKFg}HGg_#2h5HMN!=%;+17MfSkJjs47@ zPdwWg!HZ;5I5s-J0C=~MAN7n#hU~sC1K&?bGWw2OcgwF!&Vp)w%8^*0dq}`HSr(-phpMJn!pQ>6hsk~yQQ8!_W->%c{Dv#*G1 z&U4p`)Ay-Ow`3N$N!P6v>o>>qa88$ym!ur)6R_JRAd=a3X%WuVv#=H_;JFm z908GG;|s872);$o{WP@(FE;c0Gx8@{T8o?*ZQzk($f)c&^(9DaR-W8Cs!7E0yqIQ7 z`mzZ(#_vpZuHMowsHha%naGz|6eeC}{|1(u$63R$;+JK_LgSNV+64G@9As>o8%2sA zRDXTP{uQTzrOtN0nX5;u*?_(T)_fOD`YogPa>g&sqrK!u_hLTfiWj@5fA1+|9FtkV zaN#DIDnf#NUlz@Y4vWL1dNOt^+TfGm9f_gGJeA!aQVY3a556bLEmXG!`-a}&1O&BS zMFyPI3|cPnK5pJ%hP_GCT8{%57K$To;>4jWHMR0++TF&wr4`)wGc-!w3a)#*+x%nm z0Gs#FpLr*m3OxN#+0^8mBhorF^8b%s5z>R;^FM-xC8d@q zt%0gf$*olQ`*YbPqw^a`u!!qRZxP02L4JSR`dOfEPNkXgREr%PuS-kOUTC9&E$>v@#s_IgB_ASfcv;Y*vK`nr6vCpGn*YzcgAJL$ymT zID3bK47>2Ddly}Sm*f9!GyDHiD|jC4)rhPK1+Qg2Xb_<75+wg++;b=_fx|T2JC^^# z=iemTI72ahEDkp0`|-hBJ&2xh`mH{qzcO5C*?S97KSCXS zj|K@A=?Xe1J_5)A%vQ@7;6sx0UWVc;5Z%?I#(05Q>s`Gh{kCYtE$F^*Kolm_(*6K*2fkxp9fVyJqZN@@hz zEF?Phv6LZTD8G~yb)|VzDNrhw-Y$nw*GqI9VV_KuN*IQ)8puH7jvF1kRN9_;Rb>^h zQtYEA=;u`xCQP)g5dRt7cOtG;ath?@<(XG9n=YA-@*`MbFAktFIZiKEck8T%k%O65 z>S$+`1r~tPQ)_3d-|gZfo2>O+m(|7vb#ZgWJx`!U@6VKy{|Xiu&O69%`83j*G@Zh} zGoA#0sDqWMPg#-{ceSH9wV)y+H_uxR@lMB>n1&Q#y$_Vke1EL2@{y{Y{)>H7yfgU{ zS+zEfQeIZ7==U7t^Jw7zL;GCphebM!HSs|)+xTPw;c%6*2k8PxZ%DV}o5_PIr%RoQ zF_Bke?R@6x;Qif0m@wR?^+&$RdW<6!BLwgtso>KnqMs?!uR32?!7*;{xc*xTnVr#Z z^+b!}YK`ZF^5}LX`U8AtH`YqE?Wx)bVZ$FASa!DQE0|=0GYHN~b~+7uby%%9P@TE4 zqZiMw=jBajYojX<%vMWn#dkN;R!cR(NaP%5k^9F0NpfcWf+&s|4_uz&rnB7B_{ITy z`+fq~tlqp2&oh;Ys@ng-*XCsG_1a{kkcevlE)IpDZlvkx_p*9Jqh^T5*CO1K2(_TI zSw0qKp{^sbVYxoh#l61aJCN+4@w>#NU^cRdxF{14%xOD1L#^)3m*Vjg!7`@3?hC8LFKFsB);I zN|g9sGHc;acw=8@ZpT1>*XqX8$>1iEgQ(#P3rm+TsQ%B=>%(MsuuQ%BM54N`JJmB_@kLuh$_~?NL2Iy_s3N&%n1PSB^p2b}PiCTcK+GL<;P!_oEF zPya8(21eY#-wXe`VPj9twT&K!6n-LiEw}&qZah-u#plFh$=H;JNp)YPIfgO)pDoCIpY7A%sVYv0defn zTc4Hx<=DUk5XU~6V-p`=)j9*K`0`5Cqz5!NL&^MFXk zHukaD5yybIk)AXmUXz((V5~_>RSa%vl=b60RA>%CNnE59F*6yAlsM_|xrUOSYj>L3 z?_Lusl^N`RQY`2ruz|7?EW&iE7a{?#=T{~fE? z`X36Z!M$Nn-g?iN&5Q3g@pp9wUgaj;z;9C>+xw9en$ZY8M}WTMSTYe-)O*DYThBGyl2>Eh*x;GTo3%MXRH;5+lcp>I)4Tmn(%V?Ua_R6FbR^!~6W zB7^QFgYK=3*F4WNpJ+`1pMQ;RE1qhl?JaO+In47&ZM&LYf(N4fAuVGw@4u8&JE&<7 zV+ZDH`4+7>VSa949ePGO=woQcE%!6EeVmDIjMSX-F2GSQcStwWaK}{^#QEvS?q95X zsmHGXe&+AyiSv8VtFr6%ETQTWxN^&XI%K=iOJ4**{Wl3N9mFtV+}P-;Jp&-d6@iJd#v`On&uI0j>?b!#ng_0AC$1V#dhB?g3o8 zggimb`6Xu56SMnHLro{i(>$>&HDheV8G_1?R5z(;4t`+=%fI@n?>{u$hNg)M4Oxg^ zKnU5JB(O9Egph%oOw*{yZ)r?!czBL(lgjVBf4FC<|Ao4xj*~)QLBS=ru?w0xwM(UPvZW_2PqFxN7QAfUzOkr*{|csHzU%%G1{WN{OzC*X2brfv8>xlL8YN z77f!kZL8>#V96qn)tOp7DovLWtYUAgVV#bHpw?ef*RwL>=GYpmci^R+FL674aAGAJ zaziQPk-NM&byDsQv@ufD+1krcZKR?7XUz2Tjf!&fTUEs5RNR9ny5Twd!x8sG-*pl% zU`|b`E~NF?{yCpy6HxVOng$=u{4_^!dh43_o+)ew)t0mm~quOxBhJJ1>?LWU3NkzL2bN099DGf*EO7wdwYfM z91amdq*QYU2aO@J1w-l)JyICDaDH$9hvRk**x;VdA<{ayrw0UydEso48gQ{Kmv6S}LKV4xc4Zap5(@E7CQnl@Hn= zq5N8^u&J&4!u{9Nyzn0)OW4f_`baRmxbLk=D_{DOn{Dvu+*<84(iyK%&zIxV{WTG3qXnKd|-cV|mP`bgdvA>|d2)nt#gLacZBUYWi zdf>^`4PZUaOZ+awcF+cAd$ea8M#nFQ>8RJG<{)SyBWY0=%7;Gz>ulj0;uVu(!gS%c zVU~@V03k&~SK`b1HCI`oXGK_+S2) zVUOQSr}L-p$L+<<<$GJas=mG2F(Qaz7Wzf+ZE!xSTyB@k>5ncUBknBR37%4Rn!w43!f~VdD80M|}MD;dKLKwEuY?rP6;I1A`kGppnxJFVq z%txzJ7(~H58J6#8$DvnZ0dg;nN@v=Afu5;Pja|PYqblBmiYj$ksc5zktd6TgKENv% z&{tgd=d0h>Uq30&CI(@ctDZ%Ab{QJ_m#p>up)I;U0#Bi8u_x>nf^t5-o+oqniawq$ zZl*qer;MXiiUrA)tRNqO%+~=RSGh$$zpQe|ByF-X#Yasr@Tn^ zdR5woy%Qzgzod>x2;CD2+o+TCtWG5;Jg1s%?2-~J{CVbG?a?n7U`+jeOKp$x4r{&6@k;97q_23oNG$~TNk zsJ678T+-b~AiC|)_e793zUu&_tXy4n6L~?-x78W!W0auevnpbh&7JERLE`)R>9QTO zE8<40D6lT}GrTb&#?M!6`qsysxS?@=QGW$jF1C%vr3b zlf%uMB!HRH0F1rUM@0nG_UX#l&?}lC)}aqx_;z{vb{@h6wS~TNDEJ`hUUI(>G*&1Q zK)$vc%b#TTFNK4$Ps^TILU^#p(x5=c;a|gD*X6IPTGrWfe968tj?+0G0fFoTwMs+; zT$m>f6!##CHwPI-3OKM27xPjz+8ntB^;+yDB=`1mSBbFAeE%A&Yq zNP|*%<2cs?(y)O;7H@njJ2xN0rdPX7CT5fn@8;T{jG0w*L!*706f69N!Ma5^aIhwZ zF^;IL(X5_Wqh+19{MnZ9k$K06A$3c~?)>qwRki!JrB&zoDXd59H>#kfI}VhG%%c;0zr+x~tcn3I%!?id**fNn z1K|hRtxM#3rq4gWi;F?lgIrJP|3Gt9CyXB1fdf{!9GwI9Jzky{Q6z>V3H807T6~k{ zg1ku&EYkhf706qj#wcArZ&Wpz98=l9s}v@0V`8pIR-j#PLml;GgMr`9%Dv#agO(Kc zO)n$w9mUoYJ{k5EgW z+l^|hyC;m_W#s3CR;MC&()6pa)?JXEmCd77Q^mBvH2Wv6oR=fU4-$S5K%qMkk$4UY znLmI}Yw?8DaJQ1I>3>y_nUs$UdNxUrdPOLy>Om?+>-c$Tv?o2V_9Xt9;$shh8zB)4E%H5_iUeW*&G>SUb{l22%lH#qVkC0GS46^kWtY?e0I>_YiXl1D%(=XQGd}7|yvn z>Ky5iNO1p)xo-+8ZFA|N<9(hPh`X?kRnB<@-`S^Nn)FLt}I0(&PgAe*}Dbk6<5C?83Q zc^X>2tsf`-?Camn&Ft^Y@Q1+n%LB&`r_%Sjui2|70OFsXnZ5mu=lxzLk>0O-U*D|? zqY?_|es`z4fd*2+xi9;2;Z(J7UriU zK%#v^&!Y+D1(3WODXs$GBupv2Asa^Yz(Bl$dvT;nu@jIw5e4}+lQH*!Jcmix+x_DC zBM2hoPD0Yaou6n_GWw`e%c711tfQ?@XOS>v*2PL-(->)A4ZQ^%0=xq6_a~{RbK%7= z{hOPLkOs|Rvx2c zZB%XaPKzoy>jz^mXS_{1aKI2HizaOkrymza9@U2E&s9Ya1`>6j!U+BX)hL}MQ1QL% z+ny%5w-0x}c)K^(e*gaM<}6a5__$n)LWW@qW`ND0<^So4R-qUb9o&_)3s~FVDk{WA zh4(jV-ir(>L3pS=ySz+D3?Q0;{oU{^H9jS2Oyl?-``Xw^sWCT82%G>Xh}Lw1 zl-nSI4E@s^awRhulwpnXoTE+^ag)&}GBJ#ce#p%V%WBP^nMOMqV(ts{Gy810cY+_2_Glsd^7)w;FILp^awr58_ zLpcPZrOh)`?a|B#irVFT2o0@iI&r`gH*oW(0MZ+KM^Xtk=G`}SK-`c3&3u+~!H+_U zm%QRKF5vFr5^LNx8tdu1*;g*h$1s2-s*aPX8TN|m4RZ#n1n!8Un+&_%g<_;n1^v(Y z#Rv8C=Nmrr`{x_F^9~S*r&6S_Pu8)gHV}bU^NY5d>Z*q5NCe=Nm$SOTmzU zGw?;5_b|%f+~PoL{~hnVQ#+0)*mzCPj3%0w6Ab<*g`Nf`5sJ5E9-v;PwDZ#0Mljp! z-ttrULz?!42=D{L#Y6zDOrzD(1k4ztpV>l+sDGpGi>82?9U{(8#$FkQ?iIb1QA_Ht zjV%s|>!0(~P(^YJBlm?m-{aEk6zL=%Cbl2hU|RYNFY@e{rcjSJ5HV!al91~s{9C8{ z%LVz*`&!N+>s&ae%7>k3$Et`W(sFP&&1=;A(DbLdm3iOQih2$x!j!}w5HEf1Q^^Cx zPs=kx;P>Zi^P?c_XOvWxqvJ*R;n4gAAY>0D4%H^6AN1iZrNODinBXg5{8jT(2fScH z%O!hvJI)Q@K75-^%X5$|3vHJN&l!-15HPgor^tgy_^cxXc35`|vS0BDjGYhAcLT(L*ZYkP#+zed_ z)OyqjCb<00={%XWrQozYGGRVLOMcttB(1P_X5ovry|1sc3ew>|F=_dWb^MDomC|qB ze8-gGLAN$&5ZPscee8HJffIC0WYpP0R+ym>#3WTMH2Ho`s$=Eo`pM;K`#oHQ?Upua z%9Jq8em^*o@OTT(+AD5O%@LCRdNPR^z5`2?oQB!xnXs-tJ6*Bh?HKUN+9uoJX2EBG zSDEtTHpZ>^d3gWD^0;%ZH&Qf7dkvCeWYYAw4hqF--@9B%`$|Xlm@qHjc1GNQZ|@L^nWq-xPoMnLcYK>!Eh9Z(I;^ z;PKc|B>%bt&EGPA>2R!$jgbo|p&w@Ij`?=HnnC!UxwX^=RF=954Urv5&4{YoK~A0Y zO%I*EL19xFbs%|f@61&n(V&~|s@RvsXRyf@PmS#Z^oGK$?Q{B#A~{n^WE*dzn>3$Pmm48n%cztS6IBvYJ@x zN?3$8e{6x6eJl)Q`qCFeD#5jbl(4@-D!NY3kaqSI`aR%IKpGM)bFWP6{@Kcrkg`l+&ld#RXBloeJUa#4KNQj%j3o3;1B(1kbiNn{T!h& zi_+E5-0w?5bs_@G3J0WS2exnzLtFskC_4b;Zod6?>kYw?#J-&j@}SUd-PiWT(; z9>zFlla5hUuq=e1%KG78Y&E>2EQX^}BUlxYkN#7FI7{rc>hTsh$4!=aNXPvl0(^mz zvnxH7A@O=KX8ZWiMz`6Ip+Atm5{KKaFh$>llAI_7B#px`$N!^MBH7b6VRF|uDka7f z&oAi`^&8N>dmOr#6;B)rEO?};AQZ=`kT0rQx=p$9k5x$8f(^l5jxmb3&MAysryi02 z)VKrc@A4Gz3QJy^{V_wnmUf5jjC0+MCqM*)C+dQQdCxw8h!Y5iZK5yIUY<;wd0%{D z@9_G3^CVkMN`!ESaZWRfDEG6tmdun+%55D;^nIb^B&q7tk>KfL#oalWE9Q;tgewxM z?DuyO80#*EHa>oPMt3d!c!6Bs392+4Nb^ScGh;;i^@-t)(GVzq#9N!ZvodkZJGZ1v zRE5f$jQ69O;2ehX6XETw{0N~}0Oi-YJn@&APj&PM z{fsg06H!KM822Ej;=AhE-8ck2(YUw`61aa?Z?CF~aJN|>1T<`2u2uohGBXU1;Rk>H zgM$D3BxurwRB0W)a$HUWJr)^NdKOG>hBX7D>aS!8RR(Xwci+Mrldmtf(hosXq}%)B z)Z*YH?rb(V@krQAjNTEPs2?g1V)!YmtR?BYXH~)XhK~8PG~68$)I#d!TCf2XJ=MR% zcRj-p@RHd}Tm~eM5L(6Di7Rf*NHlJz!153t%CYUN6ha4GY`w9tJJPo+D6UQ$*s*=u z{)!|hniPMq`|P5ETq_A9mxc!GLt6F_j8{DHQGcm-x|8G?Q>~oL*SolaxFpp~L+5DN zV7GYxL*PjMv)s)r#O+EWDFRO6dG^93)?}+d2tS5oyPqAj+}lJrb^&W5gl&6%hwSEg zgBt>MA~p$$SY*ft#cH|&lq~ATip8&(8jic0_rH2Yfj0I$HcGPL_uo=gB7Ni~X!Ila zp*nRc%j0rln^ucxi7{@+dnkf7YnvG#I&sSpMQ20*s*r5Wzu<^0#iNpfNs}EG+%KUH z?)v);Wz;&x9^{z3JKY3O6_F%aP8P_ZU9M0}iJwm!RMNJlv0lCFD9Mck!-mtyeB^Y9 z{ar%s{qs_8O6>Pp0}DCORHVq`EJQ@~4AW`TR<(qOa}C8C(>GH{?U1_L zPZkJCZj$-O`K{D3M9uGDD1*&#dr|f9UT*z1Rxq3yGG<7#i9TK)Vk|7*mPYM%b{%LF zZ~A-MIh&(|SDV?51W>XF)B<)MmCQH(?Q zl7jxk^Izrx$=I#0&^ogJ7{9Dt54z|(OyzN{g6Xz6DSOy4VzKs_NDtqcxG*}X)AOZnx_VnwT@07XtR_r#H^q{KmYI-srvl6Xpppv+K-X}NFVA(0{skDSBTRZ+djZ7ldX-7k!IS&?Qf~9he?y?2FYxxP;p882}y~CzB`KKINmFm ztK_J?p~~uD0jdz^cUi9fAvkMl`?qn#zt^%)2g(Ab>WtmL?Z>g1H(;1t*>UCEV}UV> zck(@uUH9eQ%uoK0w@}9q4%PH2Hm2+gD*e?94At(E`4ysq0XUYerKxS!0POg}J(64*?_ENODC@#~YZnUqWJe!i@MyAWy- zv4#U8IA0QAQ?4^a+#|qYfT*IgrhxDgbSA#73mVI&>1)3g_}tt)ZmT*#;UOi7(rH-_ z&SuSz9MiVxdYk{4g*1+{rCG+Pa^HrbFPcg&$MJQ&sV7)1X(EeMXaJP`AxP zbg4>iD0inE{yVt6j@*ch3=YveQAHX)UR+y9>J_%w+Lpw_(P3<3I5-s8bMoWHFJ$P@ z?}*&EB{}UiaL64$2Dn;R!??ZC()8_ivcbEy^GA~5q@~`UAnL-3Ij+1S<$CKd5Kh4Y_Hyob|x?$))5NtDQG!z6WNL*zWEEvKX# z*i69REe0SXh!Y=z`K`Gi+I42Lb9=e@MSojl}xP#p_{F@ zu!ElbkdG^y!;el%4eh8HsEIx(_6VSV2^;$Cob3W6{fcdpCGp_9)b@^d*Ijm3)9kh$ zeoMRNvMSRdJQrnhV_{Nc0n{mX4ezI$gl>@diYZ>f=RerCXL z(2ab7I;Kq^6QVKb3T_FTDRv_4!2AtRB^z*_&F*8|pt*JSP{ErO{q(K&MIm$Et`q5z zA$Sh({g0oDQ|h^yJo!E`ma;+gtSBnl&y&fB5O0#a&#|h+a}@(Zia;u}Ot2OsnSG4~ z17AFbNIVvUxlwOtE(`e~;|T+%!^9p7phqxgADB*98ZC{CfFfQ%?zL;-T047p=! z1VgMD3m)f_5!X_U^aqbe-NQ}|d2Tlng8_S^s5f|<`Ir;8FVmS?HKCA6K}L1U8EV4# zmnR4C{2k|YRG3pnV1f+*?#2>-*!@jLAmlfJ9`$Xxp6kKiic^1Yg z#Y`mj>g5c^_EU7d=}%K0y!rl!)-h>}l@jP~VAK24Mur+1%#D{KLFDf!GiSQ;9RH&X z)nA22n_L2Y!8TUPXxyJ#!BzCX2Rq90FfQg@$}QaS{x%d&gsyT#Pk-cZ+u^0V_A6pS z6OtMmHxLMF-BNlO^eBdaYOnJ-T;nlFSuvZiBT+TQ40qP$OYM zMVQ1!jiWPO_K)F^-#z!iRZR4Fy8P}Q8}BO`kYT9fVvpJdkiX$LK?Orb7F#^CJ~kdCjR`GOsCt844%A>XAF*%Oo;3-EBYY*ISOql$mOeGG z-X)GQ82FP5L6hSIAL;X(J9HO*R*9#xtv&zI68v1GS(!~yesR9b6!I;bU4{)}vDL52 zjR4}rPvBRFIPET|e1QW|fE|G!k7U3k;~05+7-=6n2_3ywK)kNqJO zkwHAUL^ChBVk4%=3R+l~jZmT0SWTm9hFDG7->7X|%#$)Kma8Yzqph)Hk#0GG2_DFW zGbfDX;eB6BWPpbXQ82(Dd`N*Ck3jnm87Y|EDlM9(`^>g;V$9S(DS~IRqpQTZC@l}z z<&0LIsOXNSVNnj5*?P(_N@T16aGNC!LP~8-M`Y0Z2$Q}IAHAk)wBixu%Sd5F)@fI9 zmHS-PQ~T6x{Xnp(u&k^~gVL6HOKXC-AhQaADe<&cDvQ_*;m-e5o2ZM#*FlJ~6{#F{ z*$v?e&5zQZiDn@+4&R&TKxA@Zftjmc^SnXx0pJF)x0V(7aRLB}WczwMs8U3S(!|7Q zs$;|%+bkI^V0C4ONRl%;?nQ-oC&oL|M+`~$Z!~Ou%zUphs6l`rAxV|KLu!Xd@Pd9n zFrTp9i2;2h%CrAj6@2vNKSfvI-fGkNq53QFT#79{NMPd9%eY%wAXmfV zn_uD6IagdeIV6ZvK0n?hR6CR8#r}Z*(x083`L4lYLH@6iZd%L^u#N>&1|6@etZ>v0 zj$A#9g=#%0Z+8AoY`=M%a-|Xf@9ds(Zy8(+kpRp|xb5n!(H?CKxC9V@K3m|+YK!yw z%@R+LcIGx6H zfzU^09;#HQyN|H#zm+>H+(Mm#LInwDtZFsixXBb&ao+Npgd!bq}L@uXlyY>0NJq0n-?AS)J*Az=^<$crJ? z&d7ew4R0w)Cm~P)?XTUUWbvr{Q)7#P$dJI@9pei2fA#FBUz|?GDqKP<;|SY*U<$xv z*1~^gb5-2C@18=JEkiqUnP8L9FgKR81}Nf^Tk>=E)Tfe#7WB$h&h?q{(Md~iD+I{5 z@rVpEYwoGX8BOQ*Pc&pig*46+$tr3cC9}s~+9svwFL>7P;}uAtS` z7Y0p<6NiE)$?Mby$URY;($0uR7z0JMafD!}03+rCc@(vF3*Y&~OwI!Al~c>#AtW;* zLTjS#2e`t_$e&|PK!8UUI-^(!W3wKk9$vGIPfmP^7ZyMVGrD1oSl3s)QSjAaH7%KI!O#=|8BR1gr(!U)+A3Ti3 zjWk{746qA@2uz1WP)6#0dymYbunOnL;YCO!i~I|ebL907z@nV%+YsFwaX>q?BJQbS zOIpQ}18oJRPVGdg=g5-qk1%AdQc#YlHq)|HK%m|Bhk*JBC+P z#`_JA)Cg>_U~b8C^Gl+W$kRyrZ!Gz5Z2xbZNFpFJfI?o0`=#-rJsvm09!q2@wVxf1 z%1VAau^W{I^tSAmn1~W+iXwYqe`80cFB0AN{);tBaw`B4hcQLYSR7~V(T6mM+aO)C zrcD0x>dFE2gluz!3YB#jzf!!!VJ2CzLN8rZ+BHhxXoUQGltAt^ITZQhUA(Aiwom^YL>|&N5I#~w)+bU2F-mYxV zG*L#&M6Q!c5?`V-R%1?(YZBE4qn=_|4j)CwG*EDZ$5s}Qj5N$x8K;}_glvn~NfG$a zd$LXWh+#v}TM{%9L7r6|F7q7~oskS5!ECPY&ZI_$DqOMTO`Gab)$YQXDtBmzD7nQf z$DRNvzvwd+ta$q-V>PSDRaCMpUvosTOEInMu=iu%^I1`n5A?fT>QfPe9m4o45j|AH zW&8)x1<7(_yiJ({+K3+|%#t`FgRPI5e%CBhcYL?N92_7@o`e#yL4MGUvZsNUqt@oI zs)-L1JBcC7i2dLl7M~@%B?v9D26`tXt29Rm3}4geO6U&DsCc|0NyystEa#gQU@($R zv+Bw*O6JLrV4zF#Mdi-DgxDmExFP15hK@8v6%X9=Ub;sH-CM26?9Er&$n`W5%Z(NT7CLdwB4Nd4y zGhF{?jO{PUXB|DCYHH?)%{7ELm>RCen#nLDS2aVYxR)njGa7_OKu}@MO;@6sO7nej z(23dHzz1J0+!9HB7g#Rp5pBKCTY@xaX`Wq@P8j;ZG5{*vNn=P&=Lu23kc702mW;~R z@(tX!H>N4kJRXKz7Yh{d_PQZG)We96b22t-e$;J=w-Y|$-TIXZFqc!Fo7P|=1`uciC zI*Jy)Ra*RCr=}E()=#_UKHJ;VTVM8 z$^CW)gLEn^XdCz9;YZ%WBq!xi`wvkapbW^_zCSs3&g`b7ROc9Fk~MIqvcmWx3>|67 zUl*xRx2e9k=%yG`^u%5(WKuf>=f2|>3cP2kJk;ytBx1;hOy27MGN>X!DBEw{b9NzA z^y|5un2>lhN-907160T?M!BsuDmnnoDM-l~YUDruqDRPqeq$CeGh)#Yks#VN0zpaJ zUQ{N!`|uf$6fe{+VlIO+y!w9PO!P{PW0sx5++`zgRHth}_$=eSx)`{`Yl?11 zIrW|I0OS&OLu574+k}cV?*JRtO22uhJ@4|ug$TL+ICRBAwI;rWR@WgTGvb>+L~nb; z<~2?J^RX${gsH4%t)MrLt(i{dYV-tIbDJpH3zj8eWa;(Sfei<^)d6uBLXK!AYPQ9s znH-93;JZWc^QTqUw1)6Z%?y`T0&hH`eTA1Nu5 z!56r4PYTYHuXcynv_4Wa<%c+#9RUimB!q{y8Tt$4`4d;l%piNmK=q#AnW}kX4yatp zFR0Uc=7WtKni^nw@pF;*qY)E~kQ3DLCx3g6QhMUP+m0&$-^-f@aQf<6dzYsJxF4~b zYD&TVn$jg@@+b_KBPMCnvC`3=#bQ%^_0qWlVk`}V7TP*h0SfB{d{A4)hBU!Wsh4o( zb;)=o-gs@BBsmj3k{nV6fiy*-%)UGygfc#m#SuV!MJ4f^pt`K@C3?&T2#?Le^w%xH z*!ZD=;h}bMCk9&EagRz^o~{EciSk6+ZTRpyOw!ge-(O!PcX+=1z@Zs2f29m?!tkqzkBMpcN-b zC_#*xrM6W_-MZ)Hlmf2S%<0)=^AtTQj>fLo8ryIkPs=kUP9Hc+mgj9SfBst{CCJx0rx!G zLl)x4h;+!68qdCwkEW-0h%qlzv_jtgmOmWmZB@>)#IIkf^~fa~Lic27ckN)c^|wY2 zAUs-;O4y@NDSC~^lBj6izHjTOH@kzUue3ZEg_Z&X!!aO0?2`sf zCQo>M_$-;D2Ein0Nm8b?$K(74%=1xX3RMg)r0c62EhvPu$#h9l__pXNxXZ#i)*vGR zgkMMXjqei3x$E(()-$n5x+F-|_jmruBj$=U5N&)6b%)`Ot4u3?FCIlUvidLBspjga zUx_#ilQ}I7)Toj;2aW2@^-RvJ*pS>sKGQ?R?f3GJC-m!XkoC0i{WY3UYmgaC_1b2K zH`YC&DUQeQHTie#A5GtDC@|HwrBxou2*F@5qslHQ6b7{R4Ibkbm@R@2NtZD>)xX!$ zjAR6afrv8B$%QFxA)`f7Oj)%HL&o5}2XmamekyH))}ohaW|WRbIpN8zQuEhf$U{+L8={ zG~ZZ2l}Bgi5HPID;7?XXZp}Xoh6B?51Jis?4stWR~2DTSvuhdVUCrVyqYcLlIbA zu4A4P{&Ima=1A;NgB#j*41O>h?i`0fA9F16AGXsbIb^`$pT8~V&!9%QR zEBXxP&XGk6~Mq=S&p2aN7%OFv2#Z-^2_L*U} zr7m*!eYE(~ZS%lVRW6{MlM}ND5Ht@wdmzsf14&^_1r;Snh=b`tMb{oArTdDRaqJZ& zGF5W_<|(}yf))I}2T!zOxglD1H_iv?#;RKT{hNUySG`~Oap25ZfnS1IQ8L{E0g)v# zjbVb>!U!-VBKc^VXwNeZk$Z}R27DoB>>~*Hz{(N9 ziDE`M-uxIsK44gXe+m0KZEdv1bASrvy<@bycQ&Y|rr1+&{HuKus!eSbQcTrflg;ZM z-Gn3~h2xa0hoqIxeGYis>fa9E&NZ}Oaq*bUo7bjb!9j!$&F%*i=besD{5B#}dwaDF zwR$0V@@40nVgX0&{@W}^@wSk-zOq9H6FR}OkmD+5m(V*iQ`tc*#RSh~m{)x?=r~T| zjxcOi7$wj*K}y}|hy-0g`9NOXds1O)i_9rDWl(m^k|PYEi*_*Q50A|#IE{g*f)@ye z2oKL!Xn?^w@)eI3OGDf%WkAT~NVcHg|Aaa+T3bv^*t2&iELPRUV{N4T#;(4$x+-?1 z4o-M~h(VZXY8-0vCk_Adk>0smr5^1XsTtXuocA7mKyr;4PkBU+WpR(QBzF{u&~HE=0PyK(@ z8*V4{n@*j%@<+|PC`fbkHFRu&L8>RI_Tf+7(ooS7%|%&;WbWiB8YL9F7taU&`JtXk zE9(+D^d-`aS<6#U<%7^M;*j9-RK`;XmMdtaK zEMxHuMO)bHDqa(`@GuGrjoHfkt)NgxV0p=00hFepj@F4Cmr_9}>Cagf?BW_8sBv}! zw+sYJdMFY4;DUi)ifvT}2MThje?8KVjmcxbpARAu#DIHZLdBh>6*JMf#uWUCVvh#_ zE$}mhew;~v%U?DlV1+y9Bf235W@P0!=1V^?Bt`g{W@yobVxVNY`e{(-b?O<{>#bsr z)nRO}F>3i}OGx!&avWp1#oY=yLux0oylgE-vS}YOQ4v*BVbf z5y+u z>AD~w^j{wtu!o?bm&y2-A#TIocbwzckW#TRCy2p`IxeM@X%=j#80p+GN|*T!Cu(69 z@?uiWya!yN#JsR)SWJZCul3o=h^UkZ0AY%g(o}mPPtJglr@ZN`%mpj7bJYdKxhe!m z@EJy6{_OdwLz8{a z3`iDnza;&n6(%o80K-~o-%=wPF@Znmy+xH`7fVYDsQ@J@OGp~c6*ADEjjD~?z;Qf@ zjrOMwbd;i1McBfHr%|~)b;W?B8L0Fb(c~XAre0C^SV)^)vV&BnZ3u$@v|#7H-NsKe zB5*sy038(-KrV{c?G=9|^Om~jWZqWau}ohe(oZzy*^WK}E^Pql56n*44buxLtp^Tx z!7Q^`{1nPWkVP7jf-)vCNoi1`g_lL#Q{O#Ls4bp=d*F9PDL+UXUyDvvUSm;K<03k9 zHX-qjnM+OF)r@=VEq4c5n#&>8)F;qz6wH7hNfTx5if$IVW?s=q^J4 zkU~vxw3y>>s=XMLul$5-7B~!r5LxymM$DFAQc>GB!mG?#yaU!qCe3CaJb(k za>_)e;L`oV+mHtv$2J_jzt2(>vGG_SrQ@JF#S#)SVdc&!mZG@GZ7ap7y%wI*X%fwq z<*!r?6HkSMfJyQzv&FjBp(rIJzYo5%Ii5z&7PteNZ-#c%zXJ#9w|1Upu z^yY(1Js3*YCHM^Wv?&}g8jes^0v1K`GuW>*Hh1)%|Am_b{8BsNfD-&gr!>N;-k%NO znvY?jpuAH{oW0kkHl<7EN281?x^DkDjM%U{#R8pf$%5~yw(QbgA-VkdH0mgI&5&K` z`^DWWmGj-wmM91GO1ekJSjZz^4uxN5gjRi07dW~6AjfR&q=lce-d|#(k z?UmCs0#%&8G`tcO?WEAU;%Pqg0?h+oDzA1`#jCYgWmQyX-%=k9>zO_2Y$7Iz+>S#- z60r+4Rdn!6f~89vuvM(=qhHvCP=j_5&xfjVALPj{OhoON4&J1*5@I0GcB9%P)^pNWGA#yy78I8I5<&s=HuynC zcqV>08u7lrdfD9-%2rEg2LY52KNhsyUbfzHy==8ah%-FIT;diE7qr_}vfgU7B=F_2 z^u@>dbVyQLcxQq=JjEY07V9G?e5Y|IR}O7$6F6WHss&XkY*&VKG@?NsWj;EL5iY#2 z=t47%wZ&q)Yoz8;U8n?mOK!3mNS0b*yju#^ho_}rBSpbec7f+RwLa(=hSC*mIEwU! zh?$SDIv1J$Zprz{GnSHCm<(j{Q`$?RuyLex$mRsDkWE(g%3$F;PCc0+q}7!wsLtSV zPDmovNoYDq8Ryo%wB?KxVk*}66bfSgeDrJw9lkx4!5C8-Q=tI*j#ky)6&Kn4YkR9; z*bd?{--QyS(%oh9O3K`fA>}Y=b}~d`bmB-@DM~E@#AyuSF=hjCglPoaJ&yxry2s&A z=dS^EF^VAkgl2q4D{3&6((>*V3yI9}9v9v=V-OY_U>o5L?RhmzgY@b!E_=Cy61j^H zadny84HKRFBa)`a6igEteN>JTLn9hfK2dgjIY}ezI+BJwbo0thu0|fAcUYH%g(b?z zR0Z$|Bbxx{RL$seVn|_17c{dh2g+d2uA5c_=w`BCN zH)pvwBx4$POpH)#a>9(MD;<=JuzZ!{WAtb7&lAgw0>1q$PhqdJ+@FeV zx+~7eNZ0(pa?6u=#8NmsWhnmvN6`mJ`KCF~fEtt{c(fZ*!MDnpeKj{GnLi{M_RF*` zQ}N*QdsijndG8Ly56)y1&U<(8-nDx5-o3nZr3`*6)}t~t6p43?r(H{9II$;r`*%T6 znR;e_Z&wWg*g;830?IWhcACZzY)PFg=Ri8Km8g=N9FU<(6q58a>Ja#5WekZtK&7%H zwWxHy(~$irq&$i6ys*4ko+UZlxr>oHcs$A@JzM0Id#ZNS1Bi6bE(nQHeTmUqV{wSy zJ%!5=(Mv%9mUOBxlqxA(v1QG(tJCbYP<-3tm3U`k`nal<>}eaC(lklygq$)vQzwg`lI#Z z)#2&s+m|O#tyjk{j?bR{_~G#6=hOPzw};Q49-jcsU;X^_@a)h>hiZc^B|=n#@39ee z2=|e(dVyXt+6L8EqtZI);7p3Wlrh+5QZrX^wee(wlojKW=E{y?Dop1iFMERJCYX#9 z<2uDm;r%XUYnR)SG5SbjnjPuo>Z6YiVPj=TVltwctVDTbJDYMV&WMFtNkkeSG$dlG zr#Q$U&I;BlE~dG#!9wjPW~Iw?L&~$14s)ph0e%ylh6PX|{IV2NvD8HLoS>HpiBBhV zlnF`;VPamOJQ0oT`~BVyir~aUX7}Er%TB2QLB<{HayWtci2n>}d&&`d!@1R*D5ez{ z8D>PJ+u6jd8u}M;AOkBJsqwBpDdu*paEOIh`>EpX+dT3+pG>88Sbkq4;lAIOhU$G=6d4jXl;b1_*fe>SG6=uP<_S4C$>WSpiCP_(50IfzxwY2vu#UY->5N8XOrG%o z%QbmbhOlo3gnhi_RW{Mh04FB)(+^XY9K3sY`26|9e_fd;)h@nNvtF_AAxBspmsX~r zj;OLDO9YeJktMo{9s2RV|NFl_HYcx*tpZsLf1<*?sYa{eA?JJpg!R(h(ye(o4m})a)YES|zT+Hn*hnj^{c^m8PBtbinyhMO z3Z)Zfqk^}i=BCwz)T$wQujzGRVyi{qU19i4r!8*wO2B;GE|PV1Z>i93R3!UZ;Z##{ z9L6tUp*}nh*Xm{;cZv^jMr$8gD!+@~R6bh%6{)_Rr7Raq{)92XeU7t;D^$c{NN^-q zF4-4E(v+oQEswBLf|WAxki!WRWIRCV9jvoixm7gIX-F0XH%jd`(oybqbx*7`(#7P- zt!Ej*h+Ze-6o=3!F}=hJnJzo%x@6#vdr6HRL8vD2nSO_70(oc_N5N%XM)*#G3C zpFky$%)yLa7t7#F!FxrgE-o%?-w#X2a(eV1cXN%ZKgp&M?8(bl#I$5O0Y`0gWRr=n zy<%u;X;^iW&`r~Xit$-=3}L0vQ~Uf5i&dA23O7a1X+UBj36EGZPw9A)p+5&Kng0## z_ICF)J2{Rj7a}<50KGj-a4;bn!VY?)hIH5Op>0vXRiE6>-yAS`@f?f;>4cy%5Jo2t zg`)t|B%*Md+L%`ggb%Tq0stFA+yzDgOD%m=DTFh}`MV&O8g>jQ!jMO@2=6{WK6>`z z^qIHo_x|BHuVc8Q!=%p`&UKJ9TtJI2#H7aKRQXS6j4o0trp^xHY?NK#lsHDSERjd! zL@m`*9(}?wat}|@@u`b`JUl%<-ErO?pZ)Uk^%;75cye<1;_Ud@DSCN=j$XcadVF^L z^2I57`4c*P@lW*Y@r$QBh)~EmK|Uprw3VgcB%vfMTxGg(eZ-C=O@58^nUa$IZzu$lIr~dxqC%e17-jja+Prcp8{kOoq>Z;fHN{?>3o2WOY4Y(kd~VRCGUmYbZ|nIv>%|^u7i`r{M_|-{e34a zQpOC>A$m@SDNg57Cy_gfLNY6>P*DOG%(IAwbCKItAfy3>C~=RO60}@$m-!7 z(TtO52p*)RN=#?X@skYUHU;^Co znnfA0c-q}|guymIksL>7RvzuI&CU1Ey3h6GzZELApp7N+zt?|KlmGj@-o5<4jc02M zRYcy_7LuovZB_W_xO?BzytDMcW|_ zGUT3>V^5O$H0 z@F^V8It?Zy%p)3)kL50+eEkd#_z6`8qS0j~5(i|U;wYy$3ntH`rLDDP`FQA@%m?W6 zX9TBeE-$UJRO5uhEUmYzkK@#nVCeRo3N6s=*{VJ-HIMlB% z2pvzd0qQ&YgI6C%*!H^4I0^taJC3piQAICDs}G}qaH?+OJ0t1T90~Y_#&W^vU1Q+P zn2E{mB3I6q8yP`4c(PA)gvcKV_Iz}ks^{=^HL2lS07=A28LH%$b)d=`C8&zt3uvFQ zghgyT|COvkdaF_~0QNhe^2+2bRh9T6`z88P#ORbag(i%{VHkH=H$l)_yC2=khR5oC zPgqzH`vIFKEGBVgSPnAc{U+w7ybaMs{u^mvRKGOQO+bY0K^Hw(nT8fxniLNVVrXzs zP|!tw@xhd>A!b#9es)kD`Kzx=#YhNwrezMq5NSbI2%>4xOFs2BDtbs z2Yo>?l_A9aURgq^xg4_$ZIfw|%`KvJszp(f(l{F-7bi(2M9fqgpzpYAQ@+-mwX{`5 z?1OVM-$4&RUH1)vrq@bY!OraXv44zE-2+$#XzcAzqNYcAK7^RTGaM66x~28 zWLvbURyNbZO17!G-7jTHO5uWYvqP(c@IuPd9Cl=fc{nDSzuK53>U@NOR~k7^rZbWr zv1x)+g51CN{oTITbL)CfJ0JKR0}yl<R^cK_-a(D z941+nSU+5wR>hrFtI?}CW#ym$1=PY#k}gPD{5u=2NHksgHhF6(l-1QprHgKkJjF4{ z6)9v@SeZ!u{aa@$p-60$P&~sK8RZdQSxnhAZj)51>tBONN?TizK)Q4barEM&iY@qL zK`^COD5C9&ufwp-4gdAp4L6C?jY#2ps@?Y5b@JokQISD$#aWdOaj=HGx&C@D8_cr_ zOVur!YmsnK_05s;=;Z0D1Psz}4f9K9wqJ{MEj2eswZm7(D&yITw8IJ26;>x< zZxbX`*J7{Ff30;lN5)?SYqL0m^T{DP%rnLV9FcTIs!kHThDN%#E;)^_*Ir=-<#ubd zQkc_t+@0-0ktM{fRcIsY(#oq32S-_&6P-{3ZUKQPUwy!ba@c6BQYaOo2Ur&+p0OA!UnNfKgQ5Q8^jRJ+kGCAl=WGmo7pk$l2E? z{RCQ++ik=3%qba@PvGQ+14aagh>gHAJ!;1RU0$Lg32@GdgiPbHIgN2nWGJ*QOJnr+ zJ%3NEK5z;Z&bPRbymEvC0u&jsJPuuX;>&j)JvxJw2Pv7d8RTgpI$1)7BQ}1>;r^6q z9yg7~qem+$)#?s;3)j+ouqfkx-k!bdd4K&^=h3_W@A6-dE-xRrXuCun^aW+?6z;l4 zYS%)*0rpwMZC~40_MiA{%>OG-Al734{+;bxY*pSF_zT>>+cuWRz({_d<8iF$LOf=Bzp}|3I zXQ?Q}Rb-V9cajkwK$;yl_$GIu6P!)_jG61edOa7p>IP~3#|sFCaYvLyAykn?y5sQzy7Z+HMW;#dPBxM(RkreIf3m-gm zWd17Jd!?>yR2K}iu8PY@TI_IENd-X&zcU&`&_bOG_Wmu7!-o1=WAs%5Pyd*|RtJXd z{f7sDqoV2H0J-mDeQ(VvdUkU1@88+ z|CFb2?$$oXt&?8Cp=5zqhBkASzPnX)-jnR-K^h3pjEgF-&xv25i{Di$so0THu{uM3 zk(c4!@9KZU&&KpWnKtVx`rqST|8Z6S+q*yidppk>`k&=>k;!A!r5tdreuMgEGyy&wf>V$h%Aj%h5sCl6X` zv_>gde~ab{OhY;*JhRcUI(&fK|Ea7scApO#05$Zw(s;Qi^(D#uj(5M~;y<@iwmNne zrX{>;zOQ-<68!oQS8-UXsiSTpJO*|*BP284$jt0$J0wX;AT8+tu1YEMc}n7tq_6TQ zlC`*YN_7@Y#-u1-nUY5BZ=IF>o%V0Lowhl<%9Jf(WvS5CdohIoJwemz%&_@H9lNn7 zfK4OM#GBSyI6ydoYurn3{l;li{^gXKRtY4%I#S6kAwoxJ+l~>oz;s|ds$>~dFfBC< zt>{Y#;Mh_Hj}jW2<9{MdWSQtp`4NP&uQiSZOkSHA8)x;3$-9KT8}M1q#MlpB-M(Mw<`6y@`S6e>X-WViltfcP5r9+r(ap#XbYxs zMEfmyNoC@71>3GI+A+1e$8qK(cqN1|+GeRr%hE9kLR72*jz}>kWPp zEY_e)EVg@J$&ivP6^fFI3=wibDAi~4gdo_@68vng>R&-H=xBsj3W_VWoMkLquVyjY zc0+{JU)GM0s)b0w?b3^bbtG}F7GKft( zB+a}jj`0|Fq|}C{by*@vPe^`E$1w>VJ4dlh-at%NA4M3ux^qHC#T9;bYv$7KT#Q>+ zYhqhwKs_7G^1&6bf0LlaGC+7%Si=^i7H_PU(^kh9Tf7Te)w|SER827dmCR8Iv|A;F z%FH9T!crmTSE{z8c=LLV{YmLR~(3cOXzPY+D!oL4OW)+(S zc z*#b>sP`CrWRZQ73#w&`bqwr7{q={BPMah>llBP5y=!?+9;s8C_gFor?G#`!VC**o< zSC<{B1n_V-IG`zT)=}@6%cBM=9h@u$f^=C2)Php7E?}?N`%dW2c1Psj+7a;uvfJT+ zAoqJ0xgXrCcM2QAjq)g(qd#&S(GeAfNs>TkedjHa(4l-L+7Os?a|D62X(@MRVKqv# z#Y&?HnK`y~=DZiDqAYmA5)yQL=Xj)J0VNP~$ikvMEgW1xcQ{5NkXP6)rnx9sGbA;i z=#Pe1yvh;OT7i}5Zkvz~Vig0jGQV1Q8gfV|<)zc$T6()Sf>kaoL6hyS!)%K!#x$dbs>XedMe`F4hMh83lgomd^Gj5 zGTb#UWOV`ZJ8fkw;C^Qfe`v2qod;ia^JZtFxX8TtT zwOTe8tecu8N=v2QP(4-Wo0{Ct4^IxuW!IAk$_oY3q-?kLbq z3x2sfsLw`iLr!zKd2EQ^fht2BoL}HHEH>b2L^G9-_InzS*mW`>ZRy_2c7dj~;jqte z6?BwYM4D6rX0?6iVrNa(k8KT0^+UW>ujo zbaap;eVuf~<4m)d;xjYAvt4^zi zZ_2kOSIB$N-X}E_DmWa=%Lnim;RsdaiFB;UG%6Ld84hUvA zJIyf-i$s-Dwb8yOo)4ApeA)SQB=?InmpyXx)6Ve`-BNJ(KDbRl}#Iy-G(7dWzo z!2xnzWR7*JxmkH#h=OVo3iCl1)qs^0v-$XDGrg%uBI&iYlVDAjc|&uGN`G0A=< z^Pf^S6;jS*Zs)6!VoeZL9a`G;^X>F*W)0RXRXM zSEJ!t7&S1jeQvLc3S5eDr5l0jz4Gc~^QPfC8F@`lGa{DtvZ-r<+Hq-|=jAhQzS7Vt zgMXT(rYGAGyC5mr7Hh|0luR({cRKRti+oB_8lZj$ZRbf+FZD&;t@FWco4-(=2b9)i zb6W*6CZA5^=KWz5J*OG?tlanS-&(YQL-1dOGRLzNJzf>Kec0SJlqgD+CLEvSqftZ} zr(UzrsdZcs>P0@Sp|=2JbAW%zluT@fZ3?Q+IpLP(F-qCAa;ip5#vR0jdVWDU#7%QV zGj(^ERB`mmsmz8IEKRwXtZQGYcHXFiol0y?=TZiKqqd;ksTL?-+Xh_M_F1Oz>CyMB zo7<#f<619Egc%$ZVgBy>_+cZ&hXZt&j`OL&=Am8vA(~Ro)p0B(M*TA3Z%6B~JiTy< znAO^Li@wvbR~t#FR%NH=^sQ7Y)3ixxXz~k}M9Qp0uI3{!7s{N+C`rkTvYgkg5^S5d zd=;4?OD>ZcUrh+CIZ2ky5#8GgV{Voy>st8zb+32p+1&nr#!@^cS2+LO??2hE?f>83 z|8+ah`uBg?x44|jK}T@ruTi!tt_Vbd;^3LNo-rWJyKz>5;$or25pk8K3Kx(1064ee~)#aaDJ8)U_$KYIY9Ga*GFxD=pk41-V(Tr9N$wKVT!cRHRecTGETFT}B>y ze(%0_?VD(98)8{qX|yzB*4mqU!G8CijmiJwnw;7Sutfg%p7egG=6~$>ckku@Z9Hqq z|2QP6*-?-iHfDQ9v%;c4>V~V7Q28#UhNYm{_-P=K6cx?}VRyaco$(JRO{$gLd z)s#KbuCndVjOFuBJdHZdweQf)OBM>ab_pQ4M7gKNBvbQ#vB|A3y;pCcj;CL)C>L59wmd|sj{0lH8QMEz z&*Iq|oa$uO>ti<3}S8Jyn!KEX&a4*+H zPsv|vO|cr_!oehZqjt8f5%k@%Z?V}~3#&}_a`?OW@Sw7@Xo{)PG%eLa_$)YH!yauS zPvN9wMu|L_L*k64$~(?R=;3$#p>ioA8Y7*)|H0zT*ov2QTf0{aWXc?3eK=_Ih?X3u zGckTeID)JK5YYlRs&vq68d`xMB^NznsVb?QmoSAO0x&``i#=6(6_#s{Td0Kcos)UL z%!d%bw=O4^+N%bDs_sKfj`^078A&<$RlI~f0r;s(mAT9=S{>x8#ZdT-d(NFw)Plth zmFQ8wzHPqH)2=2Rx*Lk<{qt3xjp_dvIE`sMZZZLu`hR;h|L+g|d;R}bo;CFUw{nCL z9{|xgl79paU7y;v!2=grDI7ZL z*5zt8hA%Si<0l%2$o10q@5ApOeBl$k`}oPgl@~IUIw^XOLXwdnBO%%r zI=Gc8;_`AJ-iR`nmz^D?bd1>KK9U!D%J7(Ij#47JNn#a3i)W06b!w~JkO?HHgy2vT z&uGeGd2kAjXS8P^QnVo{*GY&Vh!^f@@>DCHXvMQiI+pL^e$Ds~c{U~gtsuAVhX8Yq z<1oc?F<2u1ANTrCD*oTyz5VgmdgOR<0Pr& zOVw~2!lmu_H(P`E9fD*EQ21>))} zh>fLampp2IfuhAR)v*5prkq>VbGF*SU5P|k1af6Sn;LjEbBnI5H}+b(H4pmggQ4N9 zFbcMBuzf^y#}?4ORRwSKl|)XEE)6a zENdFh@|XLN%lqeM?7t~aDGrC)6}ZIy`{Bv%rTBy9qJu5iL0a3Y8ICYwwuO^M?5ja8@7&17?gVhNZO2YmBaWohHJ8r%Yl)0 z4$2Y^oqB-#rkxO)(sd$l)D2OMx3{}56NuT;$F=5yyMPESld7Hj8p^N0ghj0zAX5`g ziz)Ws;>cNL1>Be~XM@VXDtKSPnWMorz`KegXGJg@cH`(ytTFCabm6o?xuye0gT3SK z8(W;NGsj9w-3>Z#Zg9Glx^SI&X0J%=OstlA8+Ocz`Mbu*7Hal4IjRNvOGea|l1(FK zzyG>!xSR3+uz1W?_5bvH`_=ou_jY@Gd-wjI+jy?z{}IFc^v6G^Wc;_yJAoAM+#M&7 z-P?9gkVN~Mz974)8*&KM$-ACINY&qnL#Pa^#UZrVjZ+5E;>KC(RH}5U-Klif970cV zhKHC}>xb&~Z8?-qi9Xm-cO}VhOCcTR+2mQlD;6BX7cFimc>S!M&DQak*jOyFMQ_0S zC4CS!3U|^irbOL;fm=*guqWAdS~YN%JLBN;rgE1nxZJ!?uCk)tDW4oC*$OVXLM$zF z#;KAkFug4AagurFTKNrn;1nYFzPDACjm`PqK=~SO#B5vv@2mI(6xeUu_oh0r#<*YA z_tpaCy1q9B_Ky4BR`$@eY0x+6q1mvV)7pn+ZW?PsUBOLrqb|`!Cds!uG}rfw>LI&% zzv$O?&D_d!GyXrg6xJLBT^9fKc&{4&)qnit{`}{yJXiAn%}@WI=bLx@m2MLL`ffky zj`y;m+(&!eM|;&Re3;Sy1x~H69qUz+ zoOjBr^pzvMBm>^Zd3_yU)6z9>bDpM6E&R)IzKVqfK)-Dt6Lewa(Y~sGsS(C?y-NV} zj{BBYc4D-vZa3+|xS8p7ZO?_ASKoL%SF;-Z&5h>jE?{*y5Ri7L2{}koH3A7~s ztN*0t|Ji+VfBx@wo~!tOUdiFT2`7-nId{erRN&O^4l2rA&nINHbu*5kW&*F}9kM`N z^BR~2NR2KcV_ll^w)wRjs*v{jEiW7$OWLq(r3KMN&8;;$R{Zi}^A)`*^bRJw%woXkBo^7OYw>sm{KNFTvf z;sWy_G1$s1+%#5L>m{rr#9J4Y#XTsi(-kA8C8ttjDXSfeJte1vvDD&Z1-xNb zmDR;HIp%6ks|A3r>AA88>u$TRw6mk860SJ}Eo$WrIzu*V9<1D>8<8GG(br}}bh!ip zUAaCr7w|2z=U7rx8Ou4Hnkv;x#;vSfTZNiiya7pKE2~!%C1rK@8|LE1{%lUV*@RwG z(p8}@0kvUyXSbGIUF0>|w%;(jwDxHU%e1gWQkmv9KP)Qub^OOS;{Q!aNcqa~e^2&$ zy;}U=eg4PWd7P^_fKSBu-puh|$vSt&_Y3H>yM5vF^*p|^g`08q)`+>9TUJ(E%_G|y za909yPUhTCplk&Yq@2Jh{Wl5Ukd(K$=t{t>D*jB?ab@zOb{}>oG|Y64wu|65$bnSp zhuaiH(OFunUV;44*fs4MY;(7_>eZ{nfmNNw%~4?WAi$ zqHWksNL>CHGLQO>!y|7S9aN1@n;oo zTM#>Emu&ZKmql=E!)wRM*{y&3j_YM^C@EkUt<}wo!g|i9W*FDB%p}k|>2i`Qo=hI8 z4KdmKl_?D#8MScUppCULEu?+fZy#n^#~!oAq(7RF;GCOX7@#-c4-g-6O;IlOIW55D zoJ8A7XF&frK>hvB$|KRJc3gx18{t{bE_>zCLcP3vZLgtob>v#;w&-4>0hI^zifcy| z+r{b!9kn%Y&sf3UOD5yjwx7QB=SJ**dkM^vXo>y5|75Rf|L^{=`}p4ezm4ZA=D#wB zMHw*khoo-nOWhsH!^A#f@u=4m!ezUv@|i5Z@XBqo^-VB?Qjxq~PpQc*t@StCTHmy` ziptlf>B&6DjkIa%LOthkWf)LmE%v&X%}$Q9iOOT0F|COJ*6~<@qOql+_;WmsN~awQ zW3R=ZQm7TJ{*>l+IU19gq&OpCclBeID((BS_GK~EH-$`yGu+%nd)&hcdVR4}$rRDP z@s5=YrsdqjX*{l(3k47RW}sW`B9#=sA)oYW>aF22onwCCY+v4|*1ova6a`DCM?F&87JDByQm0=>!}015u#cl=>pteFJOI1JH4&l75qFt-jKh~i2L2rO_M`oan; zSfdzy>zyWGjS_dmuDPE6?@vfHrQ?{TWI-EC^#9)D-Aex7-N$?TKiup8xAAPDS2z=r ziVNPBLn)S>7!7k8g+huaI5@{+!hL58olPi5JWmpqW*qSei6V%3K~tOs6B>_qP)Z`4 z(V1E{i}yGVoh=lTv5b=5maYjEjf(!Sj*ni((HyZDY6_H4LQ)jbnD~zW^z_52Smc~7 zbOgMI-W;8xkfz-6$29B0|0Vj4Km2#vh5zdplW|x4PyghzxLW`k;@~__!1m$JBcER+ z&Le+_&z(npHcgyI|G%?^-r$t7oTKBX&$#0!Df^uSnd8%t;I1r}vfmwl#se0T?l zxZeCfd3N~pw`cw|T-e5v^Iwl^_kZv1@BeT=|8M2lLO;?h##5?i!*e=Jh1PN;2HJ5B z(Ys$rG%dgW*Y+gK5ieJkPde&`ahkDoK0q3A)re}-57@M;{uYfvivf!{i-;reN2cXD$`hfenqq($PUsum z@T~8g(>NR;VZzh#Z#Z$LB*Q{|7C1|c8*C==f%~I8iexY(Y-#IS)49}*koyaXB8J|w zGzwjb#MTx%juBShmQ&kzqLWQyU-7CN5dF*#u@E0`c9W6HC1 zF2*aHCuD#)*g+0LA>lzv!5A8#rz|*!Jr`Nrvht_^Dh!{91;Q9|5F(%OG>OOng;2|< z%yBG+UeeTwDGAh*@CAF>kQL*1LH0XNhR4gmN;nxF+hF>B|B2uCLNcT{_WC_9eX{2` zNghS7SVV)RxB{_9bA%=MSEi!bd;%Ti;bC-v=lr3tUko0CW)Hy=oju%<+ekuj7sZc9 zFIe^}C7i_BLy3>vfae85I8E`~L5OBVx&;?eBp#3@+nI(qVb5OQ>kM~5zFmC zlDl_;w+~}PW1itSAPU%!44f^)mNv(2m1Jm{U$zAOTSk8iS;LR)k#M$Ep zN{CUOkvJg5%u+kEOX;MyGi7<9KWbRMO$0$l$Ke@E@t7P%nDb@4`SXNv=>aJa%+MPa zyAioJ-PHS5Sh-zp7Jix-y7Rgoh+jD-=$W)vL-Oe3{@sa$=OqVl+N~M&_i0 z_P>5X!zcSB4$K+K%S)%!=`e|k9{awp{C*^!4a{j`t)agtA8lcGXL0mqqGb zd;b>3=6EC|(uk#jSUDLtd+O?>Hf#zAnMI=rbUP4bI3j7r>$WL~;wVBw`$f~a+Jphm zb!DIqTz98J%LCU1j(=Dwx}s~m+Q0)n(LV?f6?b{N%il4xj(kd3njs6!!GmpK7Y11b zmGu^y2XZdK0WpVr3tm7TL%(wt3-k`$&yWzwx47`q72*wZ@?;-*VaI7ALH|l5=-VXd zZ-xZ@8z4cyN&@Xlc%6(>912YZM93LKeZS}T9OvE37`_4jtrZg01@BTeYp zuJ#I}3(OIiAi_Kv(U|fH2@4Z{OtVQo1c!@YUge0{;u+3z?y-@VO^Bx)teqW{O(;iG z{5wmvXGfTNGUSho4l4!5?6e0H9FGYXt7Al^FGGAUJOyfwfq{@QArx4euoP!fi4Ey! zL||A(1ZR0FK!qWJ%~09ZJ*hzf6fqB#$_qXX)0FA~q8TUANElT(4V7MDNcQaIb6-j2 zw-cNh+%HH<5LGT6qV{2{bojp=$3w4DG6To7ddVd{D7QPDbAmpWHIk2LTS*O|!*Gs< zEStzmyU@QqO?(TG7+UH5g8r9b?$%*S?+RjZH1GK6-7h31i(QA>Whi(6CscLH1F_x# zvp2x8V5$&J8PKROcJYwqa$Z?@eUv-dzT=_Sf(lX%QXa~WHJoO9ehIA+{-e94N_&8u zr`UW6Hlo3^GB*i4I7+1XtCj6XKv-DrAHfa;nqZEGLV0ItNCZRUD4F0P$!GvG3N+ja zo3b&9i5U3{JePW~SOF%)_;W4anBuV`!K@)kRUjBz)~-BsuaSR;{Y`V-R{N3g^vM6pQYn&B#ZFw z^W&puFHWC%yMFH29uqWXGm^%zkxkMm<#L(Cap**JN;4%4Yu)j`p-tTT=l;2W?w>0>|0e(d|Nmnx JfMNi^4FLR{$T9!` literal 0 HcmV?d00001 diff --git a/output/helm-charts/nginx-ingress/open-appsec-k8s-nginx-ingress-latest.tgz b/output/helm-charts/nginx-ingress/open-appsec-k8s-nginx-ingress-latest.tgz new file mode 100644 index 0000000000000000000000000000000000000000..23daf5bed0f888c07af30f8366014767ded69d54 GIT binary patch literal 115713 zcmV)jK%u`MiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcciT3$INHDUDRAUDzr=G)y=>Wzev_`_+G*=EiQ{WK?VLMn zRsxZbgfU651Snfgdq4YKcoKYyde}`{ajm8n32bZt8yg!N`#~ZUIxvbTa-I8A>V#7q zJ~}v@#)#7H`3%Oavw(sB)do+m*Xtc09f|+!h zCx>5w-X@JUeGWC%Q6nZFhF`}cE!&~w&6D8y#=&&Tj;k1K7IQEg(0w9C|8i9yV#!>yr zZvhaah)~Q(ycmHQV-X#7`B24-cE*^6Fu)y`1YPxa3+RrGK!4B~bWU6MXz@T|PoSXI zTFU`q?X~WcF*0bs`1*CfGw5}CPVYraVp6+eTa+ZREBmG~n_@9$93u`p4iQ7Nt18Iq zErZ}u=T)cQ`mL#Q_dM6rg#Y`*z2BsbCH%j4c+@NK|KZ7w|3Al*XNXV1?L0h1l#KwL z!NKr&)bsj>r*#M^10x^!s=HlTrV4G(7I~Umc$u9S@F9|KIkGlP!7b z*Z&;)38I?{fVJzte|U6wc#>QHC;g-0Zv8*Uv$rS34lW5z@HB~qEZExH12;ztGZ?DChdp}2Uj6Fobgv7usaS$UZ z(g@B(TYKOZA;3@&35l-zafbW|#k9jBzqKa{X-K2i9+)J)pMBTb1CC=_18jzXha#UW z0u(aYNCaK&M8qlEK<{fzp$H*78U=;Za@rUo5eo)?F zmjnR`Wyulv{A+6uP&b%CIvW8vcKd_F)*c8JqQD41cz+*wtyU@)kBnTJzH0#>h1N48 z(*FQ`>?z?M2pPEr01n_3jf5P&w+H@?P$WMANOhmZ6olmAKSU{a78Al!0DMQ7V#@e_ zp#SRJpVAH{;;U=`WQik#r)ZhCF^2B_1B^WiToOc(;W73xTku{{?4cM?#25~zVw(6| zO5h-geK5yRyiT_#AlMZcBcD9zRuYQ9UlC?A6#o^tNgVT8*4@4`6>d81{P*z3RIs=y(7TJUV`LI_&kl!Qpt&KN`L|?!oaZ*MfPj z=1xIALF1$2$>ikl@M!P~_0ZAr>8ru3-l2PP`05DqP4^XakG;X^k@spaK74g_JUJZ0 z$;o6gIEKAf#{zPc`2IEVvAY<7%gGgC*D<0fWRf(J@QhxO@J2Mt;zUx+9(Z_oa6HH$ zaJ~i!_CUYaPb++&C?1(t(D%v1b&TiOM^p5My3mL6jFyrhMJ^|q>zGWiugDnywusOO z+$15x0lJX0tSAlXGb&0#81Ojbpt-8 z422Ys&<1`@VkXCjGxHHR?U^5R1dfglb!$Iz!iAm(+=Ma`WOoEWBEd&EJClcXy)~r! zK}YQpnB;bbC0l{~6~L$~@t)wRV2TQ_l%I*#$A}||JpOlageQ2KL)<{`80Z#6yP^C5 z%nylW0B`a;3EJn!MG|?jrA|KJNL;?S- zMo9c}6hbY)+0WzR7P0T;n>Bh7BN~yABD*_cIDO1nq}`#>lg#xV^gOFa(DO<<^IlLL z^!)|UBZAag@PHRmxkC8Nnjej;&j@8_K86%g4#4_30{{G%1Oafwk1;2mUZ>aTi+8f5 z*#1ZAg##vp@MALc&6_cdtv3o#uhZ`gI*0XeViXXDGJvdCO?t(F>Mlt!p?pY$b`P)_ z77Od#Pbfq2w>YNkN6cp56Uwd-12_aOqzEiX0%mZIz>Asu@<8Hy$>U#i1o&?jdTTuZ z4>Rl|kWfxSygUeHg#*F;ggE3UVu2=9@i$)V1qByZw;gaf5$!!-Ix8?b(H0}%p35!* z(44m-hLSUEE!W+j(zI1B2vqb?k&oWf>{5EvzJW1v0>q$iWD~`av>0Odah3HVh0pF7 z#z?^L?#(fD*bF%wqN5-RJe0B&PzG5-!2_gV?8ERLjFAg@|G1Qc0Hz=$;1>_|3 zx%8prl&re-Jms7?1Te=p6H_ZYeNtkU0+i!K$=Jtq=1|q##D`Np)*c5*84Nubd%*Qc z;&EXvi74<0;utb1A1ehz%&v%sE<=Xm5c-!a@G|d%nwp2}Zsrpr!{7DK>I>)Nvjlb7%Ve>nQM!E8vR0kx72n8RHPf3jy=O zIx}ee1w@7Sj}o3hr@n`>Cy^2sz)R>!J+)Z4P=28iayuy^`<#yL4u7+df<>mCJHFbp zGcAt|6x@-B_++{OXAdw&;D#hZ+?gQAk{BJxX=P-JIGu^12YTAmA=j@u7VTrwWeT!-SD`<&a5)G&%wsh0OBKcxZw{&IcxjSS&iHGm`k8lrVXJV$m)|a-p*s!Z9EZ zA^599LmWkjSv{i%fbgC_V5*oV7Kha__B<4VF7RR!MMzTD!wiM00lpWr8KL$lQOPjB z^T`&SA)Zeu@M`tqku51vnjqR89KIU#M6;NJ0L4==4w*g3^nFhV@q%GV zY5BA#P*h^>9=O0%TUPLJkcj5=IYdCP zs`4(266$+K5-%@K^W`mJUG-aTSYnDZLU0g~5QSn}3+<96y~}*B@1m^dBUdc5%L~46 zIA!tX)s7_Z1`n*U1(>D#yM?4+YAy-JI7FT#P6%i+nczpxVPE({6nw#Xfok#cLZ7ns ztkx)uMQMv4rh>t$<6s2=X;_KI--|3$Ua*Flx z%71>9W5G8HtTpsv8&cTWMMViIt;st%Q{$2Z?Y@5aXP#jP(~s?#rTJKZ@IpzMBOI&YBaNczH5oq3_pHc~>H-%{j2A)F&YdL_8{i>5}KNpgjk4L0#t4in@6%cvhql z2X+SOJ?%m-z#-;~$5D%@D$oIF9ZCZD=#nsOk3jph|7y@~ z+GjJI)Ybsi^#4py2*_v~^paLfNi))GK6g_1j={J8&&3s=M=83?%{jDLn%)wGyxqy1 z3^5bxII4Qt2gHC{+0lr+f?gr3~H&#*cW_1g+&j*14_T8@4Z-uZz;tuES z0c60(_gp|Cug5U%WR5y0h}hx)1PF$-3a3uCzZ$x&ZLV9tM%4zoz*fcaHx>6>B?Ip2 z^T<_h+?gAV3Itt>2y-K?AD}4?4W_!X?Pi)`=0;hSZ~!BD!BEiuCSKFdB;Ie+nZ#?{ z83FDcd<;0_@Ue?Riuex7L3!jM^a=F9cZj^j3=O~qWN@sNpnH2}vm5(l+6g2SaY!5V z`mehELAQU}rFa^04go{vC>ueC5eK?T;B#Q;IYNQtOcC*UJL2+3w9^7Wfqg4+`#ay< zEt)n08yAWKC^``$0OM&ApimBR#KjLrDm7XH*qhF@BhL4Np)E2J@a^qeVY?{0!K8N6 zh2qREE_YZA&*G^W(mm^y{B2}phf?3MK#f2<$DG|5G0B_Tx-P>3a>j{!j~E?+cCXXx z4G(&qUZ4Ln5P$N2_)qa`c+fu>bcP4RgMQBd@liNsGYd?=cQEK39QF>5dI!Va!Ex{4 zq<3)IJ9yPQ==aik6#tB}wfa5rpZrJt+dJr^|LPr!e^1)2lIcO=9LFRSH|KL0W2r_m z3KcP8Z^C)1Pfy<%^|n0meEa^rdIO}G_iapqk$ENV`(niYjuu=Xv)(Jw(5|1Jqhuw= z9Q!gCec;mtL;(qJ5&OiquTK}o4B%4>fO{NzBapsZ{WdDC%fXw*#3Z!J*Dbh5$nVfu zHzK}&>&}pu_?({p8_iL?0LQ%`orhGWUL6N)@KkNCEh{lsECouYUIcn4dl8V@Pm0iY~~3{4jq`w8BuC8H^;->TXvPJA42 zIF;tchHwJ-_#uRIh<#47BcN_})b+7l#o+iUz~K#o-r^RyB=qPff#IBB58PvE9KcTv z`kL(l2}J@IbQc=O9E1_*Y2a5}I%UK+w+ce3g5o)f0hMH+?iQ8&%Eb;Y+_Q$q6qkf9 ziWu!?Z{r~4oZN|s=WxJXjj4r-S-ZfIORas67HvI{B;w_SO!DTZ1p2?cdBl`a^L?%k z_TvBMEt*V_%SNDmMKqEBaxL^Y){86h<`KCGLofTCV1VG25_r`wx^pGyIuwvv)0vbLzjEtEClMZmrE9r=zWYlas0@@;F2kx&V))uov~tZ zZ`XJFJxM_k@yCnaGY*&2keJtUlrafYo-7+20S#a3H$4si4#gSX zEck$tPBVO1NXc&=Bfdv#AA|I(q9_zm?MDRmlkXMs5D$WPZ=mHH~lsg9VMlTzhqmW^fg zJg!DUPu*xa>8#jl3DIOord>`mDOWZZh&19GpU^I{SZq@uM*aejP%2`4BfDS^g-pxl zx;5aD0OIf^-IqcMg6>T2k%9+yR%G7~B);co9@^zQH2=pj*O3xa$HLUw1ZA09QRF-= zVVQ?i(5j$RrNguaxtuyj;Kk?90Ee!hcnGvJbKemI3_9S~UtiP$(o`pbW$aa#)-}Xa zutCcafc}xI|FblR+mnLT?LB%h5|y|I{SZ>fFr8p2Z0Q~TEL=Rm#h-E@E12)vV`zj_ zhT;H+LQeTEhAz5BF%}B&bwpP10I|6LWduy{9B~0QVJN*Y^7wiXrjaBJ<#n7n9Mobm z0*Ae<@T)jNQ4bHKxTTL^D=hm|?sL!_yR`x@|6x-f$W0NUBjDpOd6YQ3#d8!QaRK6q z0mI@~6qB(w2Hu=U`FMidh3lj4o>ApHq6ss|dwYN~7_%h0=I@PWg17h`V&=EFZjh!A zQg3Mhc4i3rY<50F?)^1nv$RG8*=z*bU0LAgw)KU?LO2`@kJ6WXwD}VJ{_gHtzvbcp zhW-WeVS4Bp>aS6jB8IkVge1&-7#OuhBJ@jlvl!7C@jbOd_@@cPei9?=69?z3X)=S8 z8JQJ_rD9Bq15z>?6+_XN1^~H%P;c|YAZ??|$DnEe3~Bx;N5EJ%bNsdbRw52u-YPx#SgGbVA|>7<ZZmFBG1#Jj*WPQ;jelXz34hVMemF_8Wu;6;GLGYvpoalObYj$Ryq5Y15x z#zao2UBSi%J_>A-usJ^9a>73!Wt(;BA-+rw zlpU+$OJf8=bzhjjqCgxzLi`-r!J&tcCoV07H>yvj=ElN}5{J!V!kCZ-Vl-7pNN0i{ zyMl_0-#m~`JF3C-Hvn#w2$e`+y$etv{9<4A-eKivBF9^^*KDOig+1^tVToW4=+X5P z%Ec_9-MdE~1TbNQx{zbt0`{*_)lF+rtE}{nVwo5w8o)>ERbTlf#Z$!2uRnZ9=l>eT zE()1&=oPwE%49+n>ekw%v07oBPkcUv;wgE1{j180@ap;kUoRp}vS;WWE zOIg2hl*0B}GKtLnf$pf1SaSQzY0t*zL-h36463m??q%opPB}N4W9GRuZX&T|%Vbvo z0b((BB?FHe8LY&K@cQKhAmrj1iSf^T>-U9htbwEMo-&1VCM0&08;adruGeyCJnOI~ z3)_b`%f{`aViX@!mj6+HP{v~)^?Lfq2s7Rlnh0&E5{4)qB;ms>yXD z4fuJT;z}@UAszP@{a){d_35Vs@y&)N!OIvj^s)rd=hXZ8bvsx%>Cg7B{~QGW+TU;O znE8s#+%}L3Z~%RuxByZBg^PfLL$NHNi^O#%r&L*{Q!iiz*o_G#6V}y0wP-BY|2y^8 z7@Jvc_2BBe%d3AF$N3ge)-7hUDcYzQ^Az(oHPoP0ws4m0uB~L0ZJ08vH72t-ocIX} zT~x5!R^m5*4ZQ#hNew)pv4}UNR8MLTGWLNL#&+mY9&|E>`3hAIMt?8C+o1h{qDkT_ z>sMLa5hh^iQcJNu6cDc^wvVTjU z_YL%6=o(XR;i82ctp!kaz3E^U%uefP^$y-6;KCS5^{MY;ait|i1ml689ZKc+Anoq? zIWPzk#_5d{2@}pW!n)Rlp;%#Kq$Cf|_{n+5M*^}`Tsp?5-L|#e>ae>rBK!}X1xaFu zJcJI8oK)ig^hjP_XU*Z>V#@f~2n|I#xQGJCz{3o?v!x3d)Aanm-A?IN9URdNpSirw zND2J3zeovAuwNYenU!`UX+X%!Sjr(seBz5FyG_5GZTt^UI4H+R=uaFkEQsbv?+b zOH!wR&#fqWqe30pv-dVLiqhv{!|9^pmI1)r4B;U1g*c#gLA3+IP!Ulp+_a2}zUTxO)YdkQJe)7cC;GGK%wF?4X0;fHr}6tru- zO*pqw1!rud8V!;5eo!J}`-+69&1tB8F3`BVZUZb7r&)7*S+MB{3A-sSnszP1nd6ux zlI3^zsL~%=b}(Eh7B7t*Ot!nysX~W3uvPf!+Ibl!0g46H#0-Qgy-V(GqKqs%@~sbVN8o%kT24PNKHZ%hu{@ zQ9!%A1{2j0@Dg>V9dLO)KRV$59`CE$`-VrIJJUZdyCpPH(GC;{m@pD>aYekAj_f2f zqIlM?6ROLyPub3VddBfH8U+9xF(`#ylOy>3-QBec-GpM^pQ`he-YTu5?)SovJbTv6 zfxg`YHno5k9o+en%T8*xFPLg~Hgy8gr{psC_i|vj4WSw5c&!?~F2^?Ocb)ZGuIont zqeu{OwhR2v*rt$5{X7;9`TTrU^=vw`@NHa9zm^~R+d686w!>FEVap~%# z3DfR*OE*svBDr&>4tGh6yz-q>Q%$?Q7Mi!uizlr{loP6m3`61+#k=!#AnEEDvKb0i zL2(bfkp{}?oEwisshd6Ro%V#D*DxAhz`izE-l-24zjddKXQJ%X@KAJVc&Og-&$>%m z7geR~tWo?KmT-dt#HCK9S&;aypnnu`Z^QSh*9J4bb_4at0(H&=`-6a=WIc4cm)h)vHAmx)Zl`ezbeYYXbwCsfE*t7NyQlx-xEJ%d{I%OSUV)$Cfz*;*ppo^p1}>e;7L zFfLcoZlt8G7pk9GN&5_=Xenwls#>k|%$>-Ls?v;8L%rvUXEV`whj-gLq1Eb6GYB=& zovw`$&7q_eu=-$U>0rwSuU8hvQ6tD7eT|=Q;Gv?byw`9bH1Zs?JBAK(qw3M z839}bj+c6M8B>HG#qpGnlTW4~)}iBN%7IV!*!O|+;r6EgNsa*o6nn^pF$Z0WWG+l~ zCWM?0iMk|ImcjfMmBuLdQ9wf9gOL+Xtz;Bc?*XK`yB!@1?cCsEM^%#kFu}r6oz#9S zDvy@%hZ(8-wV5gvE$8Z+QsJ};*HN!C=$KGHP{+8F1mb|IYIYgNfj%WZnKD9|hvM8v z6SDAiJ~m?DGeP5fD|VSk>m6S>3gevH#*sfG5O{M)=$!= zjaY7ekqN4(-2$>`B&lhy| z;sCsGT>ftoGVFtp`h?sk5ip?sFYpLJ?u>}o9(vcZK2sl|2n=|+5dGg5|1v#)N4&&G znQn`zlOFDR>|>RdOd>0t7wqJC!aV^{vkO4a6A7&u@=<_Tya0h{M~{!i1p!G>+3jCYMGKRgc&Bx_A1GP6^K5t;wfwYi2P=2!6IivU}skK9Ap8yi!)MS)& zu}}p#F~MV`z9NsyCOE@^4)|gW$Q%L8bVeP(M~GU&os2i27QJM<9nK#z3%JrVJxd@#|Rxx zhJ(T3>FJ?&=)&W{1fi3|-Ye+!2Hs$R++J@o>3Ju;!$Wk4UO^Y0z*m#w-o!gP85pSP z(l@8?x^-W<>VdI<(5vA^nxU36fCGTT8H%wu2J>?Qr`<86dhL92r*X$a^R7FCIGiRh z_PX-&)#yNmgaK4i={rG+8s{t$!uCJ!|F1pJe>zQoT@Q7&ugJIKwkQP$e4*St4+nqjC-oAWGc-<8rWtibmXO;o;A(%&NUKp zF2!}?tstxaA!FSGb?_1&vsch1*=;0IrvBlX6gP_8%eIu7O{J3UH)Z_QtiP7|SF!)% z29VtX8f*f^Z9q-56~#!2;4&alV7<~Yi3U1|5fE`?vVn}6))hhD6`Lr`xsC{5Kjqrh zKgvd=+fDeA2^Zs~p%yo%oT$BA*sc(_g-D?0NaVekqA*o5Ka<@3g-G5NvbU1Hh49@U z433>XJn8obsCS&od|ByxF!YY$aMJG&`hC|Ox`&fjlfig091h0A)8XOC5u6N8PsT?c z8c&X29lFpRqk#vHPCN*Qz0)HDw>CRJFu7*u*h9iF5fi!ogn6Av%cz8=%qrw#@ozFV z=MD9Tu5NP5SzAeIxIT$OF@I&IG0ifHxhp}=n%fO-)@ zvaWxVak@1 z=mhL`7*Wn_?d(G)55K=?Rm?_1`7jMQ#VMS+F%-u4e0ykD6p{$FMGxD{iM}K*Pd@5a z3H4{?)=Vp@@lu6BIzP=*2R({pt>w1phGjjSExKWcPcClT0d~s-ZgqTIV(l3ko4o7^ z;~fdH#S}{yej0)BZGI{%2v2G=#l-8B!6I=ai!qwZ3lq*K#nv;4Nzh3v{+o$m==vz9*JEH4D-)*RMfuAAAjZ7T5`= zu0FNi_$Fro0O{Ss9L2&4*^RNVkhDIR1|tL_%N%uM9La5M3_aTpZGxx3Q8#YtCqtA8 z2{qGi0B8~fkjwf>s6<{tsnV_>g{dM{GNN+iE2wf9q#6&=BtX{urMX=J1QU3VGO~f4 zV-Hg!dx$#-Q!Vr?cvx(bB6=~N@L%XL!ZDIoG@l%&BJJKMF!AA3+N2^Io=6eJrFfjh zCW4eAPt%u5d^W*8-$}UmB?4Q2k~8@q7QC0ZgF4d13xQ9cd8z++-Tv7A^%J0c*r?nI zs}c=jYQYjpR%09!VJW`sR}pmz<_#~rC{XrGIG+}{U(1IN9i)821F@s#@Z@V%t_@(?Eb!KEc%=$B_G1Q0wRbYD*PF$&Rx ztR>ERmXwmJGozq`>t+Hmxb8jQY>zAu9) zCUa!vc9HpBgux$QZPmH6C2#bUJs$)nlL_F*O?hAbqjb8)6!3M)--{H?IONA&&X;W- zTANHp-u)f+fMRDdJp%!Uz21S`#k3~J;Ga!dQ-#zquDxAJZl%gg`9c*KC%Tfg;dPHt|a@H0{ zmiE#C-3N%7L7-Ko8IrC)LCi@bbFX?5s6 zbH!;y#a|Y8Vs>O3Tc;{qt9aqtOw~JbkHRdj4X>b;FL+=o;u?q=%xhcNfVB%mtA3UN`8N3`Z(6RySp7h1^e7aq3Gm6CKuN zCaTIol)vJx%E45`QbdL;PZ98%`; zx6+Etf|_ckp=XrRTre}0jnTct@NFT9xyk>Kp&2VdVM%wtz$}GJA}dwQ*(#Z~irKCT z)~uERLe7Ao#CRZUbg-;^o!i0QGH-@TI_o@<*Fu>SLJ5|Y2paFC)g2eK>ygaiP~N)n z&shP1VBrYRsdJB`GnQJ1;5}RPk|on(I#}X>R>slgY{7z2vo~bdzD?LtdZqspak`;X7(z( zz%MQ+l?s;=P03Au!(049mot~0<@T#37m5w96Z4&@yia_(+eCGjSe{Ry;vRA7En?;l zQ8~62uMew?IhNe`<_FC-c(AT}_xAL3-+Xg+4j|FD5DlcIs{g-!a5p} zX0#&fueRiH)Vr1?MWqWUw=Rlj$y{HobL0xA$efFR&b>~r4k!V%itAB8c^_%h?l^`b ztdLMrTqnLSEkmi^eT8Hn<2fH(t!KFGh2-17wu=z9X7$MgBA1=NW{Iw7Io^()e3kyT3gOS#TUPwp7Lyb5; zz~Dzgl6(&M%IAF%!Aaz;Gr*KF{Z23-%$ zyJ6z{;1|`_r?n=Y#RypwuP^YsGQ*gXBD$3NjyH1z3N3GT&HpcVXc$FQYM2A!acNB$ zpn0HWJB>NA6aYqh3*@e7^tVcrXLOWcI&+273a>6}+bZ2QoT5-U5lBs@ybCWXGtc}7 zxKKe>stoOf;89}iyO%Te-OHK!?lm#>-K%quvUH^Vp17lx5d*Bg8bgqDY}&=a>56)e zo?FNmbZ3DXqv9y#vc*X#j?#3~RMxhOo=Z7ct2@bqN7KuNQX3OV6H$!jsTHeFrc*8| z>l)e|CBo^oL=yWZ+oEnrGoBG=lihj0>mgUhgzZumBdG83V8Ui8qyVuQ@puREJzBJY zwG|Y5Ex+mOqXkL8gGgg6Sc|fM5*KddA=DP0LdkT_alA#YXq@kODuN?Fco-{~7zroM zjExZ(`$RltM|XW%;>x z-N*@HNE}hXYV3^^TS>g zlgGsf@V_G;E~YU_LPMo3p_`>5){DuAxR>Ese4N3xF2sP;1AtpbVmL+M+ywiSQl<)6 zdjO~`U;=+yUU_G#UUBg0mlQc`sn-!Po;j z6BCE@-QV9F@Xz4?fcFs!MZCLx`{1;fL1)AVq=GEcJgqv~MrJ`P4WZ!q_-8Z%{qH0p zb5>SUkAE($=OcObZ<+lmiNXU=W3BA)1w-H)gL0x2H~-3$lJi5|fZbKIs`vK5+0Thk ziOWRm9`bC%XXOdXi%hVOGWCAE9Vx~lFQ0|{W`qI0y?5XP?Z5#3OhU0j&^_(SEkQ_p zO5mGN$E8>(MhY#fkLJC2YktXIz9Sw#zuq9|{m4h)9Sj%MW3GqRQ3FyK|5kqZ3vz{l zp{0n7PNl*}y+Xh+A_fg$%;+L??G02#@@bjrtHMYGI`T4o+BROg4dInrjwDO!MooU* z4lWifg+;&9?;KXCzKZ(j8rQH1{Vpa+Gy;QOFAeM^M5oFR8JQ|~1G?g6;;{M(ufi*~ z>SnL();M?Cm*B~Ir4KN$3f!>{^B!{foA*E{a_zv>P8 zgOj7LK<{a~oP83?VEk2Yzs?qLTc>D%mSjM@wWJd zv$W6!$A{ui9NZ?834Y{aodJeIPy8*hJeSH@Y2PI9ybhdZU{;xJ@e{8ScD`-Ye+7$kjKwktD7cs|p zZ#%6Yk%TVFGu{TroPsfOA?KQu1PJ`y=yH_fjf{E?VIT&}h(nnnL=E=-KFXb855jR61j-pk%y*Qd~1{S4J>T zLK$eX-Bl>1>hIFkt2~@0%JNV)+)`;gh#U}^%|J$oOMHf%w4#;z9*AIo!B}SO;Ui2N zaRULUge4UHuKoKE)fo9-82D>dHB^>W z8-D&=22Dolvr7V9Q%b-~tMOvIPPJj?=g)w|)ljM`R@ZQ6u|l+Zgk{OBB`B|vvkm3Q zRgZNkkY7NELl1=v41h&tzy8|FtAMrYSF3!X=gFT}Z|**Rb9r^~@%GKl50@gM=(3)q zeO_L+*lXVC?f>3>JiB;zd8HsIr1hus?{D6}zsr8B(oWYBMQI(dltq1qOo|Lw9uJqT zLs2NZ($pxG@L2h!4P>olEV)=t4oDNURd9z!*k6dEwSC~PB*gRb&i%JQx3q|jb=px2 zWG%22_n4(pigg$Fg$XMb5f|l_+(!KphpwM^H3Cm(zif4^yrY{fi?TQod8?8T|CAsg zYydF{FE2VR&VA+GU!=o&gn9=@@}4pT=rQuKih;GCBKw89Xk zwbD-g#Y2-fY3rlc_OSX0dMIu{Yeix( zIqD1zOBKYRdU&g|fj~CXqSz|bkp*)N*(^&X>cf>1-%~Q_^3~VQM-Z>3n$ksW z6A(>N$WxGw#A-tUvLt1<(RjrN0ST4$)UttN1$w!kG1Q)f}6&$(OzEJSHg2X84b6sr6Jeo6>KIU%YDC4wAX}`XOz@mvrS-+<&t~nev^nRXhIa3@ zw3LIdO{?0CfUGYn6@pBDX%bT*&g|0(PQ|9y6{S`m^?VR69joSxo{3!G&Gl!dZjzhM zRUVn=o4Yg$+ZR7$xv-hP?TqD-d8!%9n~r~Bvy}CW-7`5_+Vl3EygoSyI&|F;S9brl+zu+v>(I7J9O;IpM@i_@1zG1Y#e%F`ZP9aTHuVWv;5S)EZ^a?H9rKF~&w428nbxc=TwadnY_x+3SOzRG4Y z*coIXAd~?%ixJWv`DQu8>blQ|l<6zJ5?(>mE3rE`6{!+3V-*qxUKR$d*BP92dSb|` zt^pXFrmB_+#6D=3-o8ndIqwdg2~+7Y0unqRF__`$48=`G?NW}Fu!c;%BWf-qMafQD zvaQ&B&E<+!@kUuhTL8>9A)oZas8oN@80;@VE#f1EU$vq^x}3_4KxJLGvueryYX2s_ zwDsO3$3U23sap{7Qkm?j`vWV)%&))l+W8k^A?Q!ao$J?MyZpBXYPvGwZ#fN!ch>d9 zufP5`|73opozH|KO7BT@`Wc|+!U1-cBz?OjQBwuzO#R`wx=LM|rTpz#;fJ`xsoLv) zmBC-~ZX_vvRMt$H`B6>7#!_Ftwq5emHqt`%K=Ww`EthIZL&ixX^@mqqK8kl468)`> zopw**X>9)|*wI?%e@pEDddGvqLEiqa-#^^h|2@Z3eQb~uuJ?$XbC{I`wtBaeXUEiw zSf^p)@`(WIII@V7Iu1K?Q|Ps@X3nYAs|9IwQq_=ir!##kSIj?Ktv|0k|949C{dgh_ z4VPaPX*^3x(p-^R^A=NBg$l?IK<+y7b4#9SYoYYORuVNv)UTATrvu2;$>TPQM^Je zH#1A!JEbL_l-^dlZ7u0Fb0dwO@JrVLGB&`KxzWn_W|8Em)G(XGGdSB0?3>`6cpKxK zcy&12%hM$h%CE@>$lO_K)VX>OB-GGCy@D&gBZGOKKKd6e=C`(~|naVx`?xjkfo* zSjhaKP6XL(IVu8F)6UyF+BXYrkxkx|dDy6p@C2Zrz)RJnHrM$D_$b_$ zDrMfE&z}Wq88NZ&iBpM!Q*JGj(`WtGC!;^d)Aamrn5kyGG6$=p(u#?Q(N%3MIsXrP zy?*ZeKRh`(*`5ENedT^E5oqa1 zvm+D9sIg>krOvL zPBv+*A~(HQL$yL=MvR0aDzARWWNybV%dJvI@)Tf_{c2+yINsmU1RbY3X`CJvnZ&oL4!ym+y$i zNU6?yv?;K{#bEK~bfcA&yJ_@75j@J=GOnR#bWGQ_0i)BLBA>Oj4xPK}uwZL+cE_yU zqn-`UfBz<9M_3AXRmAO>_^9k4xa9mdI2<13&VMJz!(IHBXL+9V{3ocxRH?cIXmoDe zS3XdwydnaB!-UO9tT>;_+hs{Ek}hwEzjeu_khQO^eeZaMwg_12sEAbu{O=^1#?V6t z5uq&oz<;POMJSHUqo*Q)w?``DjUzSc$|2=I{1V~9kS8Lc+6f57^py6#i`QARaytB1t}_b8i@Z5M zM)bwMtRAE$ivN6(P^7-CHi1@xGd({V5h=&X&ZKDOg~zheYp%zC<;kP`&)=HYeu>Yv z_x~{tJseImV!)F9zkhPv%kKY&{XuW1|9zI{&$9o2Bk6J{2K=$a0OBL1KhZm54PmqZ zD9VLfAOm$2SMrE#BAZ;Lk+!4(xvi-&tJwp$!vFbSwwG`25V(Z@pBx_@=lFkb*xT9v zKFjm_<^N+rdWP5k4;gRB+^e1DH_=wFzej9sCs>s!TL`bglm8q$kGzD?$Gwc#;Mw)1 zB2wD<9#YWOlnVW52K#LZZ4aFBpE{2_pg439xId+!-{}up05ImOpx|c{hT?B=i0KS@ zBhYJQMqBe}Io|dXSZ~u=x(rsksgUEG%_s_tn_Mj{qoo4orlx>TUp>Ro?7EB$G$M? z!j;ol$*zAXcd*%&UfzaY-P~odOwI4}#S2B{g|{?%-S8M89~92>V=3u4gGi=?N;Lj$ zOoCDF1CT*j%zbvrH|Zg&_o!4>%8^uK`}Ic_!#ClaX1lfe4R{JD}Sp)SwH2D$(uE>La$=P4}MJZsQ2NwGNDULkAFUb&BjOf)i+!_ z-+PLACJX#}LQ@9t@=b4b%o*`foEP@2muuo}gMA9LE0^S^%ds4MeHWhP=3;C5A3J8) ziu#|E!^5KfXSmbDFFOU$ z^D2PygD%x2+CzMM`jVA3HUcpxNSH7zdu^vRPYZ2btz);X(v&KJp|PjDs#Z1uJEhTc zDvk1c@slczmNoW_{oK0JsJelj(rBkN`qL_nwxa(DWo#R{#}qw4mid45`UU%+L4T+J zd6wrH^*^hy8c9$&oB1s(kW?c$oE8j6uk7}}2&dPbsp%J??g2pfWT<^q>RUM6w;6>( z%@`C@YNgE{TUwD-M?=oo-6BdoXjPyi_3MrPfy5ui&35M@@uz;avj0akstW+LZ2vz# zKFRri9`^@>-Twa^kJ|t90sjBi?+k`2zJFy(1oi)YP#!3;+WGCtZ<O*;!osMA`UftD>BEDj=0mvZB`;33i4DI66N97{%iZsCM)QKFy07g z-CVt6kR?IaE!?(k+qP}n)3$Bf?rBYP+O}=mJ#E`Ox1Z;|@BJdah>WVptU7sq<;L23 zt=f%Ma`*E}@^kX?%kwJ$n|myQ8**r|L*>-?dL9#f1v0t0d{^m4mi-4Zdj409rGijd z?mJG8!rWD)WHa^^jZy$7$OGDpQ`(b491_`k?%o^TkqgAHh#dOg0Tdo$M1*LP?H@k7 zSQy;Y<0EPtdGg!&qn1bv`NANL2JHtKsJ&hCCg++{_d=xy=8xo3nFNOn!-{^UT ztz2>hcEw;K7JK{U`r54x08MazrCAoh?A|ZNUI1de`w76p%fI)T5dKpzpX7G%`tjRm zE9v4uylInOi2z;1K3ld(kP7y3cTd{e=CgO|&X8aBsW;;7wU%-)1s@QQeu6j)$RE24 zXode|XbpPW2fqXXzswUnZA|+zT<0&NTLecoT7SE_wM^^<@Nb<3rl4Pp zz#f{luh8kE94oenc9P=01P&>m5HEKXpc;HKCwU%fx74rVr>g`# zxe5*{{J?%h*-rEDSehs{V$ZF5_<20NzMVZ)iMWdSTp3J&vo`;!KJyeCA>o3VU1buH zR=lqp`PFiVJV@Zpngyi~-bPY@CIH`r%QkvSEC^EiQj?%OMmC6NCV#LY+Re6SWe&Icj6xO6z-+e# z5mPu~H&L~y?WZcj}q0fLhc z?R=zkn8CsykXXjM5m$b^Hu+;GvHl=-6Go@P`Jq(ub#&v!Kit+U3!n-_g~2r6S#wdq`C$( z%zGoA;Um(U{?*Ro)r(Hxb-Cjtx)5IvCyz$!0*l~*V@tI6xmK@%i%@+_XpD*05B5Jc zh2rZMM;Q7WfW~&0@5c!%LbSgMhJ4?R-~C52qUfrZU31nR$U@mQX6xA>l!KwFFF!J< zlPrhrct_E{q9uK5;o)(FVu)OK;)lzWz-)f%cUo9|h2R^zx`u75V6}_{60ACDd-eMx zZFB6t+h|-NMYK+Tcm#jci{}35$o=r6>5x`L^fPMQL!a7o_$!}e#F48c-c<<7sQMto zJN*hU{E=UjvSa^q94($64CA%pD5E14k)m%QOI9CGM$Af}Z`h2)$*5!%wWTAo4m)ss zS#x;p`}5A_jv`@gewE7F9?4Q> z)vhYlfM~toi)%m=-Ms2>qbcA9pYZ6bHvuA|^RsvMzN!h3QRN~HIr;35tzSPsl5hT0 zyZK~R-a)_HVo5j1zWsokR zus(bL$u!Q6ZUWwaBC*!*`~&4mah#JC$3V8RkOj#=j?xneRY%Cb1I88bJm8}G3Ow6h zy8^nJme`GuwB9a7&A5{2I3O zAF^annAtU%km~Y`0i9xToP?p%HD(F>qK_dKT@){E!b`rVClO?zMU-pVCXeBcFm>lo zfRPmF055B1owrm4CHgO?&o~NLt42%O$F2Um@^6dutzXP=Bo@^_#urN`pl=enj{egp z8b@v{<$T5HS6z|uEToLzAzvIp?=HIM)|=MTD>|4_0pqdV)pkWSGFA`ynu?(R!qlwo zRH=@alhM;Ow#g2!f4uUsiPRO>+=^_J*kMSK~8;3&kiU(GguKEalK76Vju#)JZxGB_4dG_F^=BrHpkOM#72q@%QQ0#tD&` zRlA15i#cjnD4-{rNnP}ljNNo507_tHXe<)R=45OV*rGSD?Tcw zG)e=**05HpUrphtjuv?AMRJ(hZ#XSbbzv`Wu6xr|>wJyKEdVCO-)AyfA{OKbIr!wt z`se|{leJWvXLieM*g}5`$2CD`=SLQ94d+|K3OHJkahUIq2aBhVRl{og)(rS?*gB6qFO9pW?TI}3t zUwUj6%k-4tmI5tn(i{_lcvjt5lS}STn`>Co7pkc)7t#|)7J?4SFI9_31Ve5~%F{LO zr|>baCu?6e_lVKa?z{2%S4&?OC&k>oUjhH{;6L&}72^@{p(rW;Qii1L6l_j5;JNsh zIrMTVI7W-OkHV(cGgH3Qn4*)XCjHZ8p*Lj5i-XQ$$TkHv6)CmI8x1?usnH3O|0&Xm zBZJ;~LnDM$l&EzwAE{FmNmE4&76KUyKCJJ!JHy}MICzGAN|Xr8Fa#MN`V~{<=~9Nl z9X>C6WM~4Al%bWjW)d8uq`MF?7c@ z$OLge9y7TnnZB(r2EpCdHHYV04UphNykvr3) z=iyLPRc=OCBoGMX5qa#ra}P~lkXM8>c`u{TUL_-qTVETHU=0%erJtoXnCSjHH$4v-Uu6=bt$8`!g73@CU zWdbm%BJpK@(=EUpu1r?HfMq?3<+YG?#E)|Y{AuZ-)Aqq8(iNQ^{UJum$U08?>P%qS zGU*O7NX!kQpPKd3_cKCTii44&SPX}yU6aEhc2F=^>X4qHi`&PUT5sZ1h>TNF#I_9) z26aAMY;m#=1(Yj6x~v^-QYm?xE%Feyj(Q6jx0!mV{Hleykcrj`k^>nszFepvSb}Bh zU>WV88cbE}M`4;iF&~cCh!CzgbrzU^fWfDM4r$4)S!TpLmSBIdSggydyTFpaEmHGR z4{(kB(&|PqY%N>r--ddF9l?9YL3oXbX?X5eTl$8hrp3Hw9ejCGDNI$nPo~~xt zAA_DvTgq~iW5{LaZM=3rZlf}1S53^L^c3dnuVKRVFEl{YJU>5)lY2@lUOak#h{fts zCb>AmX+gIS67QXz4l{kgJ@Xx=Se=J|T{Mf#0)K*D!eqG^egVv{nXmnPFU9nz1+ zj>TiNqnd)gPW|IsBVm)=M2FAnLac`L)(gI%_-t?4$`hlyWFh+E9DQasvmo%85#&bs zD9slAvNyxJX-HX}MFKA|iEr?T6?93CckZ)T*AdG4RBR>lX-0LXbXOPHd^wC*W$^u_?*`4sK%qV+PZmjUlKlkso4)FS#Q1rxFM`!*adxML%>J#gX#h~x?t zRXn7(B;em5bJ)_ph_T2*g5+~2pQqyLq>O#C{+DMku;*X#W9$b7lH~;(kXH&g`XbfX z+w7gN8mlW~96k&gQp9Jk90S5j$^cm@t1(sy9}m2>VtXF%M%$a z=#4v9UK*JNF0@ zOph1wIVnjmuCuY~T6K2hllU51$1MEuB`<`VZH3vflZP(a#g{~s%N|o1 z&{^#=vGzvC%WUe&H0p6J+AF2S^}b%juzTn1LIaF`!FwnUTEM>r(6OF#3PR9L0$jAl z0FGREmxn(&c?FoS8-%Ae0|90ub1em70IBq80u2Q!AvFMTddUW&3|#2$v(7o24LNEm z)z#oP7Vet&dou&vYV3In8sXXT* zD0B5TT>3D8pPO&u4sftDzxSV1M%6?8(2tR_mFLOdOAa6?{W+3Q4oz> zW3LJM$7`H`<5mY8b4UXkA3s-lXKnzJgGJl#0qK;j-&wd{)R^9J;$^sYD84*~{1GD* zT@v0Z_G3CSQ|ei`R~8Vq`0d6op8|PtuL1k~_<-G`0Izh)(N`3QQGiQ9fA`OF&pXCj zuj|#006?(|9{^b7%f1Daatg`50*oBl#&!WYa1p#eAkb|5yzWjSDj$6@tL4mj3=qe! zXN-SWrmORdP=5J*Tx>(ip_wUX24U(6WlprTrlWuLS@Y7PRS--ou=Ihit|{JEB_8rt z3!qF(Kq5$<@u)1C#h0ag8f~x!g^Z=jZ#-Eghwe5JoR`ruM6J@8^eDVSZ;jLM%5B>V zNq{~THatr$;=XoKv3)HUFY_m#0sXgansorKpTfn}57wdeOz8F|h zRvBbN@1NQ}hM1~0>UQlsmYEd{9l7IK>biF#hm#Y-eN@=Ob+S+Y-+&uqSRQ0p7VSCw zzxT;bHN^inHleU!+{+1m#!#c|lTxpWrl7;63P0N__Vv$|phUkSLeP05u%mpV#QT-y z#I^*s?Pux#4f?;{p3#H9he14|Kz=qrtCK~$^-(~(eS>9oG#vfL6&KJ3qq4OI>KXd} zX!FQ?0q~sXUw-!H9ldqIe>jLDZL$Gz3VC4sHOan{)eA8Jj~C2=5F-8el{!Gac%9cZpf>#^fcuj0 z=pg_;e6;h^aQ5Dpp%vg^WA}-xBhw2fUH+uKqQ`RsL1a446?zBKL|?Z3_9r)hSpp7W z$2^$Ef3@%ByOr=DVW62Bp3 z=-cu~@&YaREJnxpAN*#8k{gWN#`O79vCU-1KNzLhgbkb#o~CHlk3ru3p_Iz z>nrsimKXLqQ!0=BO!2j1n4Za}IAitm_Z&fy{9hT~`zo%%_l{Dc0hm-48$n)@OrDAw zQh@}a?4NLdlQ$@RUWH8KT;=^MVyUK1?uD*G8rEe?8m;2hRIH1}MSp+t69XkQqYgTFMZdk3Kzb!r={i#z*j*)7fJNpm_DkXda|P z+9S;s=xr1S0(Piy19JznFsZDh+r^X&{8)s2+4_W6>?E76ucoFLSP!9xOvyvL-zf0Y zu|`cIAlR%Q4ma#_x?0nsrw!dlKJ+psO68zzb72v4tWH3ZDQx$J<0lz1p=~C)y^nT8 zIrlO;r;dUAo^eQk8u|4jXYgOO5cS#z2l|UNQGT2CK7{vG6y6M)&uOv-EXBVA0=8DI zuFBAZ$2{wZ?PG-~|Rzh7iR zk}C)W0%{1cKzGVo6_?vfv(UbP*YM|2E0OibVX%NSUF-BVt%2Lz+|lR=iJ% z>RB)EQG)V;%i5p45rojq)>CcBRyK10Lh^Trnr>I{PU40PH|ZfVTMfrBJ3Su!pB$c_lb7iEJfzrBn-Y%x!GuH zPzLRmoeOl%Rmk^uk8SA$%MU~LYhr|j_^}GZ`cnE(VLA6@b7j|L=(YTlT)aOgUmzH2 z1nR%tD{$|*d5bn7RYBvsDah+1v>Nt-gN@un z0)~>#bJRIn-5L zJYo$2+7^HW>A*EOayA9ur9LpD^)JA<^v<^n7uVU%^N*Ld{V88i=6$^zQ`>Ek2~4b1 za4x_}MPf(2&DLo_0BEuXR%x30MRp zS2f3dhqsi{A`(CHO?jA~_Ew{*tw6T;wi;sZaXoqDjgUnR&FK`VSL7Tz3owC9S$5mY zpgH?h?hvo;0oXPwzJ4&{GDkoFAJ*k7z=dyvp2_3&O}Cd7tH$}6I!UaWsg|4kUUm;v z>$)?PdT{UYw}g00K7W15XtgaZ?cK+~e6i7;SkmO1wq!)%Wu)#F-e^dVB0-`DehTz+ z64Y-VkgMJn0M#gekyrd3-iKv$7jmXheqlOHsq6n1YwCZ4ew=h5jk>Ro?Bze|n&9lt z0SCBLKN6JD%#Ty!;`^`Bs4GL>*5CFRZRoq~&=97iy{E%IYOb`~CfU8reAg$t3xpI^ zJI)p?Yw_3K*{Kx}U&}tdW*MYb9%sB*WXbfFTDYmh`q}!z)tZcDUvg!;Fs@9Q;KKAM7Ry_3?j|StsgD5S~EAovd6m$qv!o z+UfVjQ>cFUvmy{*H?f~x+ci&DCr!{F;&LRqkqb*s z&(GBo2wrC3H9K2=pU3y-`v+Iq*@O(@V5c}X*CHR26EyP@()4E}ZC|^a2^N?)47K;P zashmR@8hqJ&QHzgoqZ;+roVD>tJ-a4+|p)+mzDLeNGe>ytyVyQ+3c`uk4wid_KO$A zGAX@-PfS!oyT$L1)4EfDpL16yz~?7AWIAAW<+YC`5)C`Zc!fZvn0f}orCa;lO3dlG zLUel9KEP^Ew^pd|3mt)ySla=5t90i*$g=ihc08QnlDu1c=Rv<8iY6-ghte1MTk}8p zf{KE4K+#+b6oNK9#JvOI;^Qc&>9wufp_)`VeTzDiNu{-p{J-CJH$gAJ<{Mlv|B)#b z4mBp%QSCt!W@`=hQ0sF2v1~GMpQhfVACmKq$y(`0Vd{fEJH6CocqDCx8$S{^1!A z!TZsB;?=?kpe6j?W;VJq0lG_y)+^Tbp8nVBibm@6tb;B28%j{#?NaHxH7l{&7%P3p zXf@nxdr4`p)qpJEp9TCkhI9Rqd>cJ#{%v0p8A3MVRf8QneDO@ zRFITSD|etrm*M`>RT7)|?l_myXlZ!*l}7vmGnPO3$JPd}23TvTdLh3I2)Rkz*cHcI9R7U%=3a`++8(T7eO9c)Mjy`96|Qh0;n)Enf-IY{f7&c1rHZW0(1_UTR{iYXc>lc5xf472(~MlZ z%ZgF5BC0Zw#azm|z7i%+6`R=Dg|Fdd5~PJeDLnGWz^c7iT|>A`X)>9(`9^E~ z-TIhM>3Bo`@Ko8gI=oND$+Ww<^u)yrLn_`p{k>S$wuDgxI7(?1t*EZo;TKBHL|a3h z3_1!teMC&C>?Bo&y+ntr`bLSOLKnO;jmC%Zc!mJw*Mc1ilbu9=+|@un>4%SaUk1d| zyBL*U&5V@+>*q=tHP8Z$B|Ou5&{*P-hEclGb4QbL*1e$Q`FlxI@(7Bzj?O$)wIuCI znVkqN-c*YfIbtJowJE6clI6yEp+i-b(?`*kg8d)BYL7zpNC4OQ3+y|<|EG5$ApLJU z=Qhmy+mR4E=^BxvB7WI<%2`HH#_U0Fw0}?Gwd&cKx{G3Y>FkST`!&CziTbjS-Is(; zI$tO}+KtURl26M(mjEA@XIZ za)3oqb&W?&t;i|B;zoaUv#nmd|9kpxU($0dy+gexCHeGqcLE)Cy}PZXWCQP+B4s|f zMi80Kut-T@;gG9$kJoRnIqw!eEOm$`z4s>oS00ZY%wGYJ?q{0vC=={Z}f3u)oKI^?lAfmnO z)x9#{_zw8Hxp@Rwms!vJYV}I0P>RZ~KiSE03czQ*w$pOR;2f^84$|Mg^#*-j$!2Nv z?{IrUjjPCCPJh>yE8{fd?xqeoqhFJDSmE&$5x-Pzdp#X;woZ|>PC?6aAhbyb6waei-DCBmPE1X>#nSiyO0dbdl*rZs}=abCpePg)d}o@g^$Sa4~~Gqc%`A%;hA zoi+w)_K<6o868gH%JjR_pwS0a6E>SMo<&3wcW49O{X)S#|GZo~#uKB_UxOjF$ z&CNyM8*!Q${q%#70%p*6K+1diTo9h>7vM!hsT# zy@_;qG3zGSkVkpkqPa}gNXHB|Y|%%zdU5x=iwyHWoqf9?WXwVql*BKwaDP6O?B zBoHhM2Z!i;O8clbh_M&uBz7A0Qw_BHG3StZUZblhi~5sj&3t1I8uXfOvr0bqUoV&S zwAk5u1C5j^t70W!X1rm3bs>Zc(nxZteJWkb=9#q3{G${Y?Srssn7>I`p~Cp><3i7? zm2+hF-MoAiaxb?vl$2kO>f)V|%EiTnIPDKjXep;&Xg)1@hA7x&zk+P1a7T!m76{EzO42Ef!kpnFAD{a?mMYJo z;uGK744{kD@AZ;qctV!t;&;ZMKjrL+?}MR~Z$)Q+HWQrzl2Pei8|n;@xzdZKNnR&_ zEZ*y_npeA!Fn8!&9EY;g`cRw>%tB69ZWgfbpiVS_ag$S)dK5x$dnrl2$VCJ&Qc#za zMuvLL0;ZzzT-xZcKS_DOd_>4}ykE{1)z2x7Z4}ugR1FrY*p8XBIU~(dkLU8Kz30*zm8obMZb(EN=3$ji_IZ zGW%PgkE30NblSgh$QCs)X^kJ;z|5Ut*}u8wLXq)$Hm%}5VC}VIx(gX!vA&lL=2GTk zR)dukaMSwxr-ee7`sfgVoVW z)BjtY3i2@v?$GCL-9xqk$-;N*$Rz0#bsnef!}u|r2(`5%TDypl^H(#YgVnx!kZ%>% zQ>r542p{&;A=%KiHq)h|GO3CDj0W1%S-M0XRI}{eed1Q0X7DJ>9|V>xmx@s3=;Y@> zyl|s}hvo_R%#GBn7*jH;6h>Wx3f62(Zi&4V#5S&UFHLw}T%JEz2JKz(uI*#inyBdmN&FuxssI0%7*Nxp>tAo_x`DnnMnb;=LGF>j-s;pLQVL1(J$c1fN?1$A38n`sWV+NOBj20uGJp4Pvyy1CVr)+TlsR z{rW@<-S9$DW&@zw+Yq`{hoix06r84SaaGTA|7Z+Z%H176pTGR5dCOzZex0^I*o+K$ zERp-pfM-d}%m!UPvQi4~SrTSZZf1Go=3pTD?UJkRLtl!t`m%lvg!QmQ_!3id)8DX+ zVk8=h;vk*y8Tq4RWxDYB0SE}bUzT7AQ&NJVbG;t~M^xV<=+t)sf$b%%LRG1Nr^dHl zp8NdmkKQnqTYE@R+w3|+MgPf0L^juWQRZJk=`kl{!K+i`0oLEv#KX!_^~q&u9JTRv zitNXlo}V0ML|K9+s)kRGvNEzLPj?d*@dciNpM{~lDsC2JSiik1?8lQo0bK(D%{%?q6E zHMSAM{0Is}H6wT2Z|0o9(YAX%FRoO+bbo&s&~Oqpl7VBMm3Kw>>gQ%+=gtzEZ$nDx zt)Fvl^~{6)6SS~-JOVUinqL`@SidnuuQ!liWLzKA8{hp+6h|AaEuG&sFz{xAbL?QP zGbT1QO0NVlM`U#8ythB?$UCTW6K#bJZH}F2wQ%_hHw9c9x zbj+nq9S;k}m2+w|Iz|$;lnvI9lb&bCO??IGw=yUa6ZM9NPUfqHa)l=1k;qgloe;m2 z%WIFhQJw{{+qZ1xF0PB^$~HVtK*$0vT8(Wd)7cyiv(-E>v-oNFlNIt(Ot zsdPE(WM=-mr>Eo>kVaWU;o(RGL*vbb071$w=>A;b+Ww30LjbWO^&wt@w7$|_GHO$6 z#;d{=wlDZ*Hg}7CV`CA}w^7OE2jXj%_dzpA??uDsmjiqDHXUH~jML-!$E^Wk4?HPR zlVu-6pTEQT&pSMCh|YjOyfVgXEfZibx!26{4mn+U<4(zTq%F8s1z#ER5!{WhUe+W_fk7DoWtvR!&Pd7u~ zZ2A$61Y>mWUc`eeQQ1|OCnR(j>b;;f2lcl0R9}E+y+*K^F`t-Fw{FY4mgJVSQ1;mg zbLvyxyXA6b!Y>7N3oHpNuN-r(Tp#4brVY+VZB3^%8tfE=Quw1wfGaU2ez;(HGjQoK zjh%Ej=MoCS2uuNaCZ}|~VH)pP_eo;9M+s4$jr)Ole>F8ZF)a)QK0W=Dw4ud91%z+o zm-dLMFaN!tPi`(|$IPzY#B5H|3s|w;_f3Gq-e!tL#?M|tJX`G%3F2-0zIndy?H`{% zRypSFg4_P)7Y~(4ZBsxCDgM_=%Vil-VS>C(fn-5}U}dgP)Sx=ZIke;;g%QZf@}L$& zIKFE=&H!8Ys{uvDLwZ`N>@~)Mp)?D>;YhQ+?#nxDzPwCzg7lP*^oeYN$Om(!1g_y~ z5(T1k+x#@RP}??=j_O(`4PU)3hi2?@TSu(F@MQY&?Xq@LWaukRiDW}r2A#SDKexd+ zrR8yhXApdr&JDV@(m=#^VbZJ?sRQ>W(8&gD+W{i|W9db1$yU4X;f_%Yzhb>qJV_(b?T3+DWu z4hG?ktUdm^qe6>vv8zf=l5^6$yqaN+I&(DqkSC14@*b>SA!$e?VF=S~R&LDoknJfV z$C5&s{JTpi5LG>y@PMZz8PqCv#KIk)(ieFZP)E$vp1p&)?!dlR1Z~Dl=xs+RVdx9T{fSM=PkL{5RYT>0I5HA$q@;7(*O1 z$?i7Ca$hmRhVIBPE-+qDCWgBQT235#^>TN%J|7RByxz_#g^UFg--5{xzgX=!a#<9s zNzW3zP!X=65x`n~N5YCb0^A;2HPd}q6g{vx>*`obcF>PMgTQAHO${1M8X*A}55rHp zy*a&MDWCV-5sI)Ji;u1gmSTV}!B>DD6Sd$URlF(Ls^{X>t0vqg`UIU&(Ly*!cw*p@ zG6viS?ZyYgoX%u~uS(H&GK!d4Hl5k01VR6I>kDem)i|5hRTHz-L%@pDNAv{DckQ~> z$tOT}`#T=6DM5V;m`HvQzt*3`?xLA7+%YcfiX}T&r0w%E*2es{c=qlQ44?)Ebo+CB zJJ{640Ge{|;l~1K#;aJ3;RPBwiDMc1)l!o=FroB&l);+uzN?{~{<>b)2lD-jO}pKl z?gCT`SGI=$s#E=3!@`JyMw5)B@Y%gHkr3fU&v}+`NeMS!JmuQdHzo5aQboyrL7PM> zMqU)wPln4ZNq657!$ih_=OX_*MBO!+Ex#g7i0vPQ>3#-fDNGnrMyUfh85I!nd&Fl# z(jTRg(Z=bWBUhT|?)tVP(-AfMxk6N-y>G6=J6rbItYk(*e5xkmIc2{?_jL%nhK6jh_9y#%pFq~bz{QGUv5%BdJ z%S0VTmtofgtyf|IO^kIF!*dQ zl0Sn=b%C5C#BNd{{GMe0R+h?_>uw-zAw-^dWQOU>CM8P+hL<9@ZJGn8sJyiFxZk@q zSgjLz27vqF-yT}wopv>}5df>0e@_S*s>&aVnbQXXDi<~LEVEsb3qCW znXL(n;-gk+d=R!G|D9`&uh!rr=fT(Y6^XhK`jbKIK2lsjyINqM>pj7Y%eMuHiD{Sp z=5eksdoUEmO9Xusv{&>K#Q9@}ult1#I`nj*S)BhgP1< zb_c)AAng{n9!Tk4pC>ua-fF$UYKbmBh>E(68#d$=t59oOqZ%R=7m9X1k-1+y&@a9& zLm&W+b`JRgNuu>`z1)x6icO`FhpFKGael&Uw}|6<_ar4IZcJ4IajGju0=pUhPvKOvy zGS;}ErYE!b7q#8*w(L2NIwEH%tha>&kWL1k6kM&!ZZ8+^G%}{=q48`^DBl~iO@!!i zll?;rDL2m6Rm>Yk1qTM9f8Vm+Jz3QKa02pB$q6-Jh;AZ$jZ$9ksL7#hE_7;Ng`jOi zcfdp&4%N@%J%HA7hXAkc{CD5L@F6qA6--s$_Vg`gPBL&{!hf@v`n66#WkfpQjiO`X zAd9ac*`Mo0XLd98hNtKbf7Z!pYClt_p(Gnr+(qSxsN$JUrb@N2u0>bW>I&S~!XWN9 zg-{T`#i2e2uCWs$(+?j46-^!xMf60-IY!$+^#n4CP#5$N$KM`@ z@Q@8WRKVYnu3l-F^Pm$V1g5yJP4W$h1g(6?)a0C(j`f2Q3}vOvR2=~Sjl%pZ9?YtL z&TfD1r3kS4>mR7)h#sX*>{jb$o4>GK0-uz@>J%3zI&`alU(TFHnO|_2ba9A3DR3q4 zWk0H`3=^B7ytN|4A>iu3m!L=;eh#F7T3 znMRK1Ie3gl`pq>z?q6Ok7G`PuI8=ypU}eNKPKsp1$d&u{sc%a2LB4D;QUxZ-qB*yd zF=(=sy)tek9mVrV{fBYTkot5e*#sr1+Gmb~RWhT79{O5W+QY*o0Qh0U*n zEO9%oq(*szKsyqb4^dT4i=WC`ajDUD&GxIaCJ^XjG& zM4)xbV;Oz3hno8y>q6t9&Ln2OhOo?fz#O4PblHZlh;+n9W*IPNjR>QS$EEF-grk(f zX{!Ikq;Mpjq}E&VLTq$jPDCt87ztHYohJ~YdvVUr6Qi6G$1g@8{5R2(SKSVg9L$jf zsOH8v)ckBW4oAE@ngnV*SH1EpH*Bt&ECAJy0<_rXv8t09F^*z027)HC!QWz8K|j)k z{xr7jLDb6trA@S^SSqSM;88jd92V_y@IN01n|%oKQtMlkT-w&-M%^aa0EW%=j^C^kQaCkC&`Lvwz@xa(%-KFeFuPd<6szYyvGX4wIa@ehI$!BlM;aQRKhGRsi z#iQFMB_dKPvDLz0vwU>oT{y^-avOJUPDJ3?0k5@Y&8a`2x!CK7c^g$dZFx?#c?GvjbSYN)~yfnbz+?P?tC6MyQsEUV!SoQmL*&!1Q z*lqLx61zSwXYxag$~OdOiIu*;$DFbcbhtMJgC{$RW9AnTB<++aZGtNGDCz@Qg6Das zn8I%K?%QI%{oDs|hbKTonTnJ1W}Xs7&aG}p=SnRuzY{tWRCy2kFq8Y2N1$(%5-lDR zf&1;h)3uSzN1xC&{mVybi?u66-O&&OmoYMMeMb z_V0(;``Pi?(ws3JS1~&}sX-Xb<|YM6C&@2rYln*ZJ^r zHt;<;7wb|LZdj%MIw;>3b-gfuFG36nceDtD*19mazC zO`G`i!wix|zRQUe4O1Ym4(ASnks$+0!9pRsdaL2iSAAGdV*Iw)qT!A)NbZqFd zObmat*3L!|B1LKChKNl!kHoITJs--Xkmh;23=N3|8_U5;X@&5bc4{@CqoN>vp;5kk zeKf{Y-+X+uV!Rt^8CKs$(}Vw;&@veriT0OD78L8*5|hnd7uBx|KVxs#U&5sf2PiN+ zM8sr@T4`4YsUR5_90fOc(#UpoWgqyEC=&aD(C9DknDu8(52%f_*v^kq9oo&5UL{0YdMWxD( zOBJJzbNvdOE+ahy-M)(q%X0~~XM{EUlNqj1`{P;6^W=T|;lCy?nCCKYa6ZI|q=P|a z7hY~32VGb}wwuVZZ1?v9S>8kxZsi0Lv7B~G3I&P|f!QFUtGt2Qd88x<3S{jbvwe+b z1@ipcgn;X{|J{P4$u=1#H+g0%O*g**=Z>=)EGxP~CVy#7MBV|F~nJEsJuU^Nd!iD$uU8>^h8=P&EB}*iu{o$1Gkmk5mkj08i zKVAaX3H3UqWXWN2pS5YuKP<{Mt~!UtkSk(eYTD=y&;&aWsV|d9+uk zE2TXOr|H%gquI)0gWh=+o~9-z>X5ZIk_1~|96OjlgPB8;Jom1~AaP8=lS~ST#sQXZ zQTKU(h@Wv4ZTFg)V)Qc?NG%j1rpi;U)MGSZ>e2<-Ag#( z?Z;M_aEbv0bU1KvSL1)$5oce!t)kND_ZZJl=87aS_s4Da=3k(qa@XMPX9>8Y4rQ6n zkmN{{l!88klowD7wAdF_|J&jRF0B5*s&rO+*Fr%;ss<=|n=H{ke2BT)b_hgyY|KEc zS7IvkZRFy0B87$$9%_tuN|e_~3D~5e`O~9==D=@xVsVQ6Sjiy}ACb1X7>H-Ns2E}H zB5(AelRjT6O7b>A(cm)CQUO$nBucD-*LFQte$2}fuxDiSlaCo)dS zE$ZZyt`iK)Y{esa4jlrr+TMY!Xw&{P{oBW|V^105T8eI@DpZ-i2xjicmgLLDh=vx)d%RBVL(2f#Ge{^>V=x!2PHloS= zC6M68Kz1nm@S~u$o8!a2(|hI!MG6Eg!IIVMDH7CVlSxwN!bpwuif4rwbb^M~t*UA@ z>^qeW2f4Sfmx8qesbmJ{y-}AKqY0T3-3IoT(FY-7XA}-hmPjXQYa*fk4`pW=R7V%B zX*9S)2<~pdJ!o)ux8M-m-GaNj6WrZhg9dkZ2?V#(bH4B1J9nn)R!zZ>ltB+Xp6t60?1MdlG zcUZpEOs7flT!2o)T;&S^l9aZ@g>gIzg*Y|(4XxELZQ0%ggUgoGubL??@YjG^gcMeY zy~5~sbgo)UzjLa`WWDG2sc$ypsU%G|I>n*T$}nB(B2ra4mogav=y8L(77(QP7=7bo zI(OA6rXoJgdIMCldpKK3S)z+jGF2DiS<({{^H%WGVv)bUz#X>x=ul(63BU=;9o0cD=sw%h zr1V^?wDP^%0T8)-vxEVJvfqs&A$-8UXelAClD$c}F9pSmrk~Y%po_@+q^u>O3NJ~> zk>Oq$tn7`@CowjgtK7D&w@MaWWz6JCdx}jnX1jt13~qT+8rJ&6TppWpdf0z6AFwGJ zSemaJ=bzSeirag8yVLb+2@8a!cg7@->Qz7RzXVRs{W+Q6pgD1OsTt>a7P5oGwzRwR zzI^OpJga@Cxfgm;dnGEDLXsJc^5Zs{+n(DL0$juVB&8OmA=+;h%p&N^-mvnWMp-TO zj*~wZzAsT4~_!)qd{g)w!_kJ(rq7QMrg(OyuTQuARkLzIk1)HqD9| zK~k?8D83?Qyd)&MZ@3RWe_#~;ILs)R4sY>4ALn9y_WyI>_UG>Xwc8Nn+D0?p0{+tC zH6(NlFNcwwO@@U*pb=&uda)tjCe5mxWOH9*3Nl^pERmhxB6yC1* zpzu&5R+qK_Z~n)y4wl?}!P@i8ku$t@^hq^_AX9JLm+3?i-v(q?%KU zI)<-5F*`ciq5cLMjn|#5dVNFxmi$Qu=4l{n+-6q=70%-|ijca1jbbbM!z8qQ03K?Y z9v-*A-UJzkU`1hG$?`4H&#PQ~MvB=nmHNyTJ>C_;jI`iMZ#EVL>8nB-@m{9L&S**; zWw_8jW=HM6b;OHwyyM|fU2}e?DSdj)9xAwf<^rb=mBggcIft{XfwCDZ_+R=j4S?cJ z=a)8a>*lrU)bEcM(}UwQq9S< zuYRSlQ`RUj3>-aWwzxF!oVRX$z5htur1SmvMeX8cCOTZqtk4QN6>+;0h1GNG+J)J| z$d5e^!xH>1(H&tWD7dq^bgcf;<}_u2>+U=14)D3$@){Qy&QPR0b&-TLyY3*^ZVJ*o zkvXM8m-xvA<X_uEXB6B771AKRcS|;GLS2%vBg-f@IOXt8Fmy%ny_fI)1hw3Q= z+Qn%dfx0f$RgRVJ#`8#GX~`!yG3b&fimBU+YYg(d_wp&BqMYG(paXsW#Vek&H}fVmukC zPUVL>E8AS}q+|wr8KmMa8lJ);Da~~BJsYx`MCmZSEpPduD1-t?6EtEkRqm0t2mG;VfC z>PSX)CsluxVm3RN>h0D!Dldpt)+j?$Ei?5-tSke+PW~7_01q!`qqjUY*CPGd3(&bV zDp)eGy!FvC-Lvu{2^L5avww6FX`%LylZuWCT8zG&y72?_pX6Z2BYk!Yo3rrR;>VE) zadBh(RAaE2b72+`7K zK2OHu6BGk2AwU>&QZ$5DtEXhzH8F)kJp5?}kLn$YzP#-jjxWVDUZ1q!cNJ)1A>f)L zaiClk?M=BJMOh{pjdr1a_6uU-kcns(Pl;O}4?%>)!nfElCFhqRpQDDGw>wC$ic6*CBhq&R=Bj#FmEx5&tZy`l-~x+F!O9OTT4iyr~FQ z6KbGBTvw$F$+`@)2pa{$oq4`eX2y|=?4jF7CX!b4&;aH!!zpz&BVX~AvIAqBJ@YjnJ=SPjf)Wrj-BM5q=(z|7lT5w)EVW0J`G)w z)6q9hG%6{Xfpmv&aeUcg&=+!OsLj<87czw&ylBnAJD%JnahA+hS?u2u?7KYFA9OSaQU+dPuO4?5qBz@-s3wR2BIpfSy=w!ET?dab3!$OO@6a`W9o@Hd%_+3Ea zxxE(6<uIILac>NnljB=wKm1TP5PUyG*E<31EAcgAIn z4xcqA%KSnu)!UFYODR?s{1^fJBGGkSEV0W|`kbsJLxV3O(XNHR#F!jb{$lkm9!Sey zRI0V1YEXnoMjfR~xhM6Lp#MfR>yH-1ZuOx}KgFQanMy$pp$ZulR#m_rev;T2uI(fg zJ@pP&RJ+^AVVEUlyG(M7P5IOal_Fy95Z|x5+N(+9!~utX9nmjXQAdroH}=OmNAaDi znrn40Z0+hjyTXQ}7{(jzdhu^xwZ$c%i4HKd3TthuBV;)sDo5@d%VaZCVewa!?bJ27 zhU)tm_wH%5crD9P#2-3O2U%FfXxJ(zFMm@lL&d{nC7o^a&}D=tnvLk%!kdK3q8L}; z3Pt^(I7q3unI8BNF0i<~Q4zjGzxTOzkAwftXjtv>~GY@x1IqMkQ96;C(JEAgeR z0M+oJqSp%$pXbkjLW*#zLqE?yBV$}`%%_rR==33 zGs(dVSF_{SL)%X>MQI`;5A#3>2ChH|nA6VzAJC^p1d1@WPsR^I?3sx$yzM&i_S|OB z#$t>>TjN5HV-)p=y*lYl?oOS{9(`&H&y?7IP5!+9WifMg;Qev^KpQJpNG>0=JR9Nx zn;;ZzpMuDJE^cRZ(?uP@U-TgrEC|(QMzGMT}O}3U@uxk}& zyU8{D=Xpv?MvHP$XOl~7dMhgUR4EAxlS*M{^aUtmi_jE_*(V`!Ooi+F$UB*lJjK61 zDZ^ub!9)h;sM#|gmTi9jTYOi)c%U)oDs9?2Wx*Yzp8SWUpy& zYpl2=lf@M{b-4Bl%nlmoL;Ba9K(vF$knYl;ra9h^9%bTmuL++_;4voDa7m*rxphZl zG&<+_tR46sgnwT|bi`(9;#SoJRVdpdhf)P_pM4w9T|2b~F-$}> z`{!|oE+Jki``sxu7Oj{ii!y4G1Jzx=X~>0nm11~F3B{6>NtW(%1b*rJnaO|^5u`Qq zkq@rq13C7|gXZ|O2t3F-l0?W`Ijj~nLDHNuAl{yr`J)#1#lbiVDc%*EQ1Bn7T-LLE zZ$!E5%$lDvBx+^uIK*UO^@v^9sZp|dqeY~ryz$1WPIfRfYpxJir;)f#Rc7a=5|^Sy%WoP#u?vypvvP~EXnDndYi&9~9c^>@OOyOPeSQ2 za}@8Oa&A<|9S*gXqE14swCp45p^MXkC6AupD4OTVd}5+}MFyRlynJUoLznSPb!v96$O- zo6;*n7%2n$7wqPj&4Z?~xr%5T?H&~G>}~X$gD2#OI%K|7Rz+AdEo031P&f?qLa6A$ z{WAG74+^u_Dj}xGaR|rjr=cM+X`u^z20VXSlBn@Gc1)NBGH)91GfzWv`|4-%cRF)4 zs)(CSfDb4$$$*fpWipAjRnc`49gAxcWWb4tmx*}Fqn0x^Z8mu#a^V$4J#?Zfhj^sV z4#&?urY`%5{2(Zd#v5{8N9U0NqfYR2K%9EV#WE+2m&v$kgrS^z%H=5>CBL6hQE*tH z{8^lsz(gWd1=$y#S6uEnE}ZIlX2k!*%kaP*$jC_&AkvW#&^}2^vC>!m(q5M4M0gvt zWFt+>?yH8bZ0@BcE0JN<`7@qv-iwLOEPjclx@-c9Y!wh3oSdBE0Qz``N>u7r-y zyV?|OEb>xJ$}^wcXFf^*9S-Kj{$hqUbW*xOl0rZ7ZG~gcqmK|p|6;Rv>-^> zi!qWBc9$WB{9C1%qcsHHRF1Pv zUwenQi{Km_7m&GNP}JK4`zolpS;ua;hed~F30NPN$xy43F$6PSO#H%s!g%}4**c-= z@zUKQF4xhn+3g7zTD*l;g=^(SQlLG|{*sKU@`#eqZ4xka@{RW{+`0LpiIGNe>yY$w zpsR82<)9H##`HOl;L?w(oZYpa$p!0$az|W+i2BV*-zuRzM<-3M6!FfsF7ziuQGYec z_##$2N#PqoR0|#Iod$MG;6hBGV>X_Ky<9Ggt{2UhUGE^<_QQNKH+`Z@>?^;6-^QsW zOgiM>ZLlR3445IQ+l39+R@ejgk}G~ih}H##Zoup#O9?umNh@b(tvYxQ?7)`KXn$H* z4c096+q{?#iqT9z%xPHC7uFROHuQv?YL2?aIcnkQNnn6uGOJn>CWTXaah~qW+8hDq)gLw|tVpfai($STyW@113DJdk*3D}7^XwvTZ;3?C7b?shNF@-j1dKX=)| z%%chAPgWcWhdCy5+eM1VZ0fYQ%lXlh)HzbLSsb$6|8bOc;1A^~%ODyg(4^dDTWz1^sG!`RykPZr$Cu0za|IHE$jVU*2Z zSXG+jcW33+rpQS$OFA{B?1!xG6;zr=GmA$Oa~48RG8SY`zssX{e@bi{T8NOIX&TpO zlwVEd((0mi`u5$}i7~A|mHy;QruF;p)x&2_kB7iWL~rL?^bF_l;PxtNjDuVMlsnz& z@jxnHh&599Feu_x-WEzK3P{dES&4yg$s}GZ%yahlz+WEOf2b0gN1{eh5A13>Gs%&a zym+~{m%KtQaUC*ltbeXNl6lC9P6vL;87>`IHvCYm!UWbkr@V$iSQiq3C*q9Dq$!)X zCFWe#`gWqGwSRp3y_VI*D5e{=s%}}kU9^PD@Vj@S%@_jwyuyB6#_G9Gk##<;xEUUy zE%u_0L+fLLr>UX}w6}$@fPuj!8K0qAZOMSRZe2psd4}9D;p$$}GjhvjPPyF#{ zqHS5Xr)*b&teW#jE3yg1<0BcgN!u5SF2lF>*JUU(IdJ1QMcOh!S^AIB_#D_7FmIJP zI@N(SUavUrbIhw@eM<@}Cmxn6Ga_zyDmHYy@$m;``E$uwf=RP~uEr~m>e+ZB zJh^M!8P`jCPF&r4X$J8aE)|ZvU!=1PIqw+wod{_?4vhxiS}<$wFhRMYAmS=j!*Hhg z4pLPaU685}hjd4VYfWZ)-$Gl4+~YJ6N28cWnVKkF=E~{YsY2w>Dssu~CntvK^wF>R zAEuZ|BMqkt=+m>aIv^d76HD$enX7}y&d?RpuP4nZ59;WCZrS+di;kn)DlS|J53$n7A`)DDK6jm(RjTB5zW-jQL&Mzp3VcVxVw7%iBQGkubP_kHSi%{CpRcN`^l&r(HF z@{jp^_bm%$E!bw3|!%*JY9RQG z3?=cGtIN}z#6A!0Z+xAG(aE>FZ3F9=N8qDoaCXhYrhWc&%G{Zk6?Hw>uIoJNJMhVM%-j;YBwp9qr=J5~zF{<>H~x9Fo2#j{>~R#gWeD)#HN`JYegrA%+IEfr6;yKXmtq;uQzc9QPz~+|KtO(@6X^o>QUOC?ILzO@s!1<$&9xnu8E# z)KrRESMabnFN0(fHMI?(UqRbWf{WI9r1SS=W0F@5^!->VBoC;GQ0C}_{VFdWsH0KX>QcVxG+mE9IO6;vk^P43nycdC z?Rx{-yE}qf*zGMo&dR`?+`&Q@qbF{km*JXn9WAjc6X0(B6LG=}+SOVCj|BxQ^>J zOkl|sF`+AD#y&uHt?eeZvS2~1w4Cm2J|9k{Hbfl|wq~4Wi6oD0nM=`pXGzR}OR~t= z=;Kdl1b^Lb`K%OZYCm(i+Btu&*qiUAA6L>s!E3naaBr*Lz399tNkaP>e@iQ)&MCZO zPO2N^@Ey8@0v%0`D$}pe+34u!tUV<9dBPXJJAe<_2V&|I%un^GgjY9$ zWtKAVNarB|6Z7n>$Pis2BZacWz(CGK>E%ZP1g%YDwESoO5W>IlIOmYwPzY`+V(yVw&SSrpu z6mzrcyE>*IjP+1Tc4(H3qv4_WP@e5mCB?s4^Hm~gC}Np>**df#i(l%;~ zKIdoXr?VJbBUySDE$FcvmH^(z%QhjL2k{3@O+J<2#B%O00m&}e=pI>xUy=2boRxk# z5|Mv)-7S<4MCB7_pOBwaU43MTwM${hZ;FP)h@uh4hDAGjtlhDeCEL!w^sC!DZ5a&I8P{2gR zB4}FlL?f{`;tPAfS`?-+-9)!#K2*$Vjyk`qNOSRTdQly7gbluYC#MS%UreKZDA@Np z^OCCNzq~p6w5U66PShDq%I+WeV83S4&eLYSO#F*!?umc@zc9_&HG$7CQeKyq9K_sg z1Okh{d{FAp^m3T=D9OlFDeQF9n$P|^3(gtmNIyxqvMAqP32*k_1w;A+kGMoHYop(w z##P%i$QP|OAv2UeIu&~w61T6?Q-0}39k5DsTHW$;PV1);OIv*m)0sl3ZzB0`LNiC^ zfoVqbm@Ju~1zuRex|y%zZua}U^?mh{j!JOIs($+vB3&y4N*;+N;DfH5JQ(GqD99mdjXvq}Szqc9R zPB?llB3768t-Yc|vRvRs01qyGL!abHR1swQpSetp42CmG)HFC^^$)a^gc(n^iCdf^ zyX@ja<@=-;1?%FAII307d`B@-G=DtaNGaMAoTd5L@D}oOtq>kK`5}pELHdcK2r$(> z!nC~UuvYEWO#;%yrEr*KLjuheD*q#uS-R3)qA}l*wISa}7>+nYIy#Ba34I_NqO%)t zQx^;;Im$IsyiGB5Wm2lhH)!X-!bg0UIe4XPvqG{qM2Xag*0qZo?JK@XM5|K1@j#uu zJ^27-)VDo^D{%8)K<2~eYiPyM-_uMfwwUj@ zNN4osujMayfm`ktlq5!soOzmhEt<&}49n^SwM-Yrz`R<>o+{;AYIufMYnMi1PxT_R zWF2+$G@VC@3bAzSKj5XlWV$+S7*E1Jm#s|k2@CsfFMW5T0A5^4xQD_}foQ4G_5gyK z5;{@YbD2@|kQ(iD1G+rtNgop_Jkt3laW3KQR5FgC*xer6 zn3xaSG@cj5CsK9@s?gT!0)7RA@@XMBk+1tfL5`3OFA-WZy&J7)t0c zsQdxHQCzH-%x$lxCA5ihc*H9UlOme!#U&zNIp2`El*L`i6<*O@zePHR57!F$ zF|7@fsdDlCQB1owPT~$@6AB_g&qHu)5lz2!?y^}|#=13bt3E6QbpRf}>FSw?@R}~t z{Znpl6NJJ!jC$15nAX6pu!TGHI!vKo^3L1od(02!-Sgr}J%iI(ZaihI4J!0&ROpjs zz2LB)(MZC`Z|KR9S7kL~jMO?6NhZ4c?*_Tg9t3RGg=g3NHp;jC8M9)(& zEnFy=`@e}v7-KJCa%2Iqr7VV$BEg0^+P_!a6SQa2cCl@$lr)|*OtV~hq8{AeQXxD; zA)FZ!VN2b?M=F{7bP?6r_oAOw)NmN_ka$qr!j=8|6h-v+c;mnFy9%HOA?{GIQoE&i z6So=JymL(^3aIo~>*!u?s$@f0U?X(gU-th6S+ZA3?ODL|2QcpVLTx0Z$E%+UkF_2A z0HGt^_nTTzlxZbN%5-zcoD5)mX8vt~PLn0bA9KG*Sand;6YAW?UIyC;p`09AbWdGo zh;0}a5infI5Q_3CCud}|Ofpqd4+G;T*@hgdyN3KoMD65W0zv~#G!~lGD0`A}kkg{> zcnycBjHSEBrOKz_uxu45$uT4c2F2!@>UR8bv>!Z<#+T5~JbRQ)NI^W#VgW9nPa&&z zD4X_1US)m>L3NGc6COv#5BHW01MD`E06c#OEz z^)2Du=ZwJ*O7@41IchHhvYTgjo$t^dXTr`9PK?cgbWqnfH#e;0?<>iXjXcHQi~oz0 zEEEsvqczYA*){T~xTK#zD33l}NK0nK%5+y+v5DPVkgp32JGrvr z_q8b2A2ZACnw@MJ6rR_2kJx&6xKatK5AZ-$cJCZR#HIAIDw?VNzS+f4IpOpQNQJ@G zl`wr<)2OuKtS(n|i#~h+rp$Y{71n`P-C#d=3!pcqAPQlliAGR@9bB89AGG(_g6 zTpb81pm~PvtAuAvA`ggOEWuR>qf|0w+dWB5qI;n9%%8I`U3C3z>A;qg&}Y*BB;4D4 zX0T*!KYQu-r)<5vZ*ANh?xfMl{~Zn^Xa&nsWmz2ewSx>Z8PJq2|uLs^^0fCU|@-Qw|DX4;qUeKT0g)w@hb?>Kn8;MWv+#I zVt4#8v-V@P0?fh5q&c(V6=Wn|NxkUnKg%afaxExAZ5v;FAF88Kcwk6x7l66$NsBm9 zK>vkgB#^rs;;@M;*2(RVfL{H^-zMqKur^~9$RPr4OL$s6^_JWKj?VH}ia+w>vZkPm z_tmh4AgV3I`>Vgww%yy(w$Z<}aw7nnP@vk@V6X;O+6Uk}G#HtKS#zv)4cH1*H5?R# z-=4ajL45x4ma8{&o9nOs^hbdE?a}?ZH|Fo}o!+9I-t7xQ^#K1>Mp!_?&foRr^kTDd zz`yeoh<}?Be02t3e8fNDdVA|X7u}Ko+-2p^|0P+yfXLxfSnK7!j3^WQT#N98-Z3&J z?3qEkEiM>l*ZP~VV-xz0$XDE7=>3|weF1BMK#1Y$6ni)KLE-wAhF1LsFh3N^5dduu z18Xw>tkvuq$k#-8MD>C@F~3@s-c?NY9u*Jrl`!34{s`HeCkvy70^-jq0d#_i-XBx` zF@S;`K%_Yb{4%e9b6;xW6Rf^D=Z>p@Pd00WcDWV)A*jp+UFZEMxq-hP_!Vz}LImoL z8yWtHuwl92kKUOOLo6LOm#Z7hc3!R8Ag~#;=8w_=`_h~9=Ff0wwhP#W0J>8$UG9~u zg2E)Ut#jdD&akW7>!@`|cql~+ue?Rod;#Y<;vuSdcchOCLy%6DxUb)Y24E?~* z_g-Dkr$3h$LMIk>;u_Y0QD*V_&QF%KVDnhx1cZ+(F3KKii&e= zZ|(C4|CHO>4*)?7Fni&OwBwHpn1RjT-x~`!6ggJ`!i3QZV*PC~n-&~}%Pc04dj7X_ zSQP_+#5MpP|Lk0s1eP!A;&|eI*zPu`di`V2=pImmfJBIy@2*+u*ubCWgp-;E`xxo* zlp9In+m3gU;V7%D6)+t-0HqcT#Jm8Uuia4Z0JzOs##8&6bKpOc-y*3 zF~Y|R&^mpCs!-*rqy{&)WC7$Pb<^z67T{Y>tpT{d0sd#;U(Z?r^{&?*0Na-&B>Af0 z@3j;FfvSPjBSdQ7I7~+Fx6ecDd%@(lAO+rAP)Z5@oBa}~S7_`UaJvKC{&7t3-`y8# z??5E?i?0BfswiD>-crr-$bJ((swIVPkg?t^5FY?pguIbM1Jhm~KnyZqqZGf@E>Eok zmplIahb8^~#Q=EP!Xx1ccI6Cw#n+`5FA2lf=(H5;>t0wO@4pv!>dw#&#Iu}WC*t-f zmIN$l7fP&^;zobqu(__1Dlya6Kz-<`c^8^AF8bpy@&*oK`+u$uv}^%y-sxfU_OFMU z;02&@*#fG4z@Ik&>{%b*&=y{6nVwXO3bp6Y=-+qP3j*F$1)r9x{lNyF3%wP(-1Gl8 zhymK4Kpg!ra799d_Y6e0?Xpwc`VLWQP3qPMCger=Pvf&}MA zeFbn&6Z~ICh>XHjsjr36K?%0Ae@TI#78omYt#N&BhtehZAVU@iajF-48ekJ_{wKf# z_I=s&%gdiK2wyucwZX<@8F1dM1CEVwflHedTv*_81=44>9J|JS)`~da`2*g}Wq=gp z->Wn1p`JDJi)t?TB8oC`fp+%Tdp*lTo;Z!QEEn8rM1bHPu>3d#mYen0rDH(>iGZ>` z?2s@|D+W4(C+uPTCxzTrVm7SwZ7G#hLGUFyXwR(?J-fFszYT14F2KFDJqoyP{&&-R z1Cgjl0zy2$A@iH=X&w&Ns3Zc^w^vrErsD>|x>6^OFDa&i!F~*p?5{RsFuRyy5z@&v zXA3RbCkSTF3WCjM6DO0%dUOL*`9k4@dea;6NSJ!;Y58FYH|VVyis-i~2?X3jF{^Vj z#IC_b2G}Z+8r4GayCL4PIGtwOKUU4e5_rkJG*&6%@dp2QU<} z2U_=m7FC0fpg3?;WnR*+oRzI=JPC0>azxid_pz-UC09_o*Q0Gz7p}T$faTlYQVk~ zDgKazv`B;VX}b=vsBLWo-ekb}!~X*C+^8}I95)1h-;rqf_o+1R^xEn56YX`{GP@tQ zJ4ly8q}dLwvl~|Q1EKFiuiDT4x}dILfGIf*7N`e~9cvRkF4{`}3XusEGvheJL;S(Y ziamk{D`IM&L}Vq0Utx99%=~0I`Dhe`;^nXL13-E8zju2OGOX-ke2RPTjfG3u6Cy;5 zMZ1gTk-+vJhDwNslaGKup@tSd%v)j{vR^u6PzT@p^UDxNQ(j&`*5=^eZ14`;N9( z8J(Wao=NzZyv}-49!PRTL_nk95N0_1+V4*YYTm3e1ufgTq0VyR8SB=Oo(6j=9?_k5 zYV;<0N>|oS$(rn=#8?@rju*}FuwsVN-ccT%P&f;t7Dx(Jh;KB-X41Fmo48!a(V337 zQ?ttugMM;l()>P7ht*6hZF(8C9#eGABReDe8(!KY8&6V4hk=FZgdK8qOEsrHPJbKN z4uYsytxk@7@=pTW=+f>BNYU8>=uY`NaNR2n%w4IAYF=*D4*}L(2+;hS7E~!to$fB^ zl9ZyVgd1Ri0Ws$LEBVny;z|RW+>0tJ*DMWH_m%P`V@ZNu$v9EA6-X;AN_hW~i|}E` zSbqO-9vT0I|L`{V*|pVw^Ut;a0l;rbtVuR&#=cKH*iSTSk*)e2sZW9yCbSRS0ZkK) zBt2(vLYPQGCM<9i?h!k4B60imxWpc>T)4DC(E;q5wxChJQc_@00rc-~vHb*~=;ZXX z*ob680U8z%F!9naFd&kN{Xw)9ha_8TkjPZfokrLEKfZa}i*o|F{rQiK?*;=@TVHRh zT<5vGrts`+E}lAz_ys1ZTSO^nEbjOZK5s|9XAAYG0hcbVm~W4rBOX$CD0HnZ zM4AWMJH37OWsP5VUBFLO1GKSWce-vi{=0B`{LyoD_({IkM=YkyO~S#Jt-{KR8H zR!;NiGuFoAe3FV8rV#|(Z}e&o`nN)W{uL1XcQJny8dWa36&gz!cU&fM4^&uu#EG5B z&n|gygfWgEqkFdf%MpR|cK_N`-~kaF#xL98!VMM({shuZ`3<<~yhGoyW+y^)qMOcJ zOk0WK$_Zjsdj7DE)-!M4<-D+SjG(S7l8!{UWdaG25#kaB3{shqEt_YEN_D{ z&-S(Y`M~P1|Ei3q@-<1A{|TXH5fHa;3JZ{mqI>_=%5D-y<1E9rs$o}3I0_He3(aX= z8P1gtBABHytn?+Whfr3`NTYBs^Ht>Uwr;Cl*6fOr*0yF>jF$}L!3gsD7MpJIL`-z1 z60`hWL&kCLdrQ-{>V+7#XVVBr3SLp-s7mW9uW%YM4tA$>MhwyR>G9zB*Nrt2W@Brr zw_by%ILsHo2XwqN4YB~ImtBD8O|n%VC9kO&?w~ytNKfzmQ=>ozqG_#{?Y0nSko-}+ zbxVa=4FTxebl>??-3fU~DFC73-$uF)Pww=%%Dlou|il`&{fY zL?9<-1eiMace@b+Z?yPt?hv53%qjY7maM=h7E<(6+$M4kJlN_Q!>97dSDUGu1>Y}( zv&?;vIa7N971!IoOK*luSGeGWsiITIj3J;B}yxYC>gU{z1PBZG9OGy>lr!J{}%V9JH3l`8i9aD zX9PMMc^|8I6{_eAMIaYUlnXRdWyuF?B2D}<*X&PHpLtU+T#fEsTT@QbG|r{mDxp4+ zhdn{o*OQ_;oqq0vqu6fTq9j4Lz-|bNE5s)Sjc+VztTo}tgvEO0u=D;T)T*7VLm|)2VKzi1CE@T*Pk9- zSZtNjY|rqR*+t+HcOrs7d4$^iyk^vM*OqIT&Rv(u`49vGL)(;hzMrdx=-+Atp3vnJL zs}%;#2O)}-`+k<0HCLx@%zlK4)TGduqa8E936GA^H;KuJ>aHKsi*ejpHy^V5WnDqm zd6T~Q& zf>D`c#vK%c1@3s4n)H2`5IIO#Dey`W6j5A}&%36|u*v~OYP zc9`PoaxikBg$gQl{Z|ph1ci}xJUmv&h=h1)WmGh3;C@U!AP!F=5R($qpxy)kg!Hu~HOg#`pUnR#43z_ouN^uH@l#|LOBsg&J9Ocay zj6m2BgXj5hWuc#OL>zI@6@u_Y7#+rdnXOJc?pO+h;P-XKz-Din%NIFq_f@`m-!EyG z6@S$Xx>_o&&AnetMJXu@dG2ytPjxu?QguH_mNg@nySl%D8+oJP`z+c+e+O!l2sMof2o-<6TJw?OM+2<205@ zxpd3g^Ti`st=)6_A>tAy9vI=3b<@wLv~Gtkb{WNcSiI7+I7KkCLt^8u5^5Vn1r{qx zyxTL4Wp}G2L*%7H{x}HJ_BF;QdKY6yzOxpv)9S~feTDvHP6&JT1~GO&)HcgQjqz|d z@O_D5-dvVFkSrZt(yr-vs9Q`8xs;EBr<^^wFf)Kruy0iw~#W|gFz?7Mr3&rPGMfdVzIYo1OUtTq@>Y2qfUNv!BiKhvn$ zGiEMS;}>+kpX{f4iShC%2Sq9p7klJQb!MXX2-qr@S(~{D;vw%{hCh?gy%4p(?PGr+ z&Klq^55m)6<|SGjvwlvUAbqBrWt=|Gu$;;*dzs5uF zgLF^>9W*r3&J{vS)Kr=kiiB8(U_&+7PHC;@h<4`R-?~ zA`&QIohL2^=z-8RB z_Tp2#S(OwntHxhu%5ga)F<--#*^;&C^{F$`M*;RyI4wA@5aW8^xC$rVi;*Q6XA-2c z#@-ZRL#T@v^3$FXEyy|t4|xYhxsO7DHnc~=z+RhE7w-2~XKmU|ztR~cn}1**BXyF; znTAb!W!5lbQ-1&j;v%a;wW)RCTA*6osPYaypz+$E8`(9+>D{xyZ)Wq!fllR^@iPSO zRdROGERA!~1#zo_HEZ3HG|kDH(FyjlvHV{weN|LkP17#!F2UU`XmBUEJA@G2-GdVxg1fuB1ebx}?hb(f z!QFNCKks+W#jG_qd+)C9s_OE`Imt>&(h6G>!6k@Ms7M{_HpH^Hm?+@@q1I?luiHluZ{@?c?S3grY3xvhSa`8RA=%Rcuk zL-WV-XGUR%^@{N^jJ!y$tp;tLEE~{n#mTF)KA?HW;Hbk1?+*wN7IGF=-bax)X3qE| z87ayIm~PCn&y?&G5_SlGSDpXJe*^b5*T>Dxt|-mhVkvqTrKB3 z;OYF~S;?RWW?}i7&uP8N2GFN_E0%oog3Ql4f5*&bs-FZG4~V^tcwoeSZgGF}QbgjL zp@6C5V%}e!;12cOS5SU2f;>U~?sOaIP}0ryqWhO3M51|_>TiL7+(MwQ+no{CY2$%f z{BMn9u&xVGCkt%6ZIdw7$AEpaz+E1jAn6vKcQ0O90N#Z>o1ed49(eaS0M6WR4?!Dm zs*nZ5fL{gQrJ8kK()TR+lz}bbcg6dnG^5sv53=cdSBU%r;J4_f)m+8wjDS#VO?|5U zV-+r~=*FdJ6Rf4aq2kGJ5h)Yvs%>q$I}C9CqS_b>+(o1p2qDQ|rp-f=;~EV=SSo!Q zbIUuVHl$15=eGv3+h&BlD#rjsyB?rEIUd-)fv7XxVE|F^UAA@b?E46fBIC)7al?Gx?Q5 z`~tHBN5@BtiAMr?$|cPL3^z0Cq5fp`=`W$ zJ*C(hjow@)Wy8B|8UCec9r_9SrPm$qFC1L*$goHW`hm)vlDCc8zDe}gfMRl{OP%l> z&O*!tpJ_Y^OmzhEGDaxi_^p7PW+t(NAKDUXN>WsJs^+j@>--+G?;op{io=Vj;|>)b z3@K8Ylkj2ZeNIwm&ptU3W*Fm@+K%b@(c<}%tJ?WPC#MqW_oGJ61)w{39pg`U{t!bV?k`am%f;+_nvXO3*C z^!)MYoZm(nGq%R3>+?U5t5+OBZ~9oZEt=vS8!5TJ zXfF6s0h@L!H@6op8$MkMbQx-nFT=9!g;PJ#U#UAMs-K>0rrHb+w8ls$wnO(eT1Pd0 z0&OdmKwH*%(QAGySPUY3(Lh@&*lBtdKK)g|F;qAJGRnCh)?6@1`}%6n2Rmt`_5ixQ zNbZU!>O@rjgV$zF3mYk4e3+?QJR@R4r=~NeP12v!c6~(x5yyvL1%Y0y^)>CdcYfPC zMgCoLPRw(?TZB9wvj;9c#v^-W_@K}Bx8W9JP>;DX)%A0W>kDz&=de2}$kI}jk?E(2 z@#*SvQ9m;@S`isqEKQw@_>Nw6inp{m%SbsfEE6=}DkN4kx)B)Y`AL1qzkB&STn{Ld zlF<<)MGw1{7=;gO*@+@Bl8GB2KqW^; zy~SMF#FF-(z8FeJ*2+|uUoRCU^cU1#V-F9@PSW9ZB=|6e&J&HmDYky<^f@(|)o8pg z9(}|{e!4Icd-#RU$6Z4VBk>WOMfMsGPmGBeFz%$F=C+ zy-i@OW?a<&o1uW=5$}gXZCgrDvZ(0Ad4!3kukcXRKG8ES5DmLC_T8!xKE$YQ`@~|i zzAfgprxaE7rQ>lgY(@LY=l;XDdc!`Vn>Fn&dRvfHhGdWRgoG2F%A$@OBD%6+j}J@p z3J-!HAsj6VYxZ`50j7By5j!$(7*xwp`KE$M>?V^uPBIy$;C+VmA%COd>HY)v_Xwy1 zD2Z_F)XyKVxRNf1KbKnWF~Svhyy+I#x7`SZgz$@HVxeg@k?@8Q+xDQhEQlqn?fK1Q zN>6%8j+PS}i+FAwlO7rG66KA~8XD!vQ&KSfzK#;yN_dSeoAt3=l@P+8sK<>%+pBS) z@MmnM2{4!AkPNB*!)(Wg*++y>Xv#&bQ%w%C&m|4oUc|Se%Zzy_Jt{8|7nnmNHeqXi zDp(SM)MiAjVLcI&gnT#C3_3;Lf~9iTTiNd!u$}&O1tfp zCa}-X{Z0J{_efxt)_%@aOE&6LEuky2!TN!vx7mN0(VmkoEI zB;62YpNjD$=X1IG5_K_HUbonl>CNn7a>p#kbeonXb!>!us&!3w!%{Zpw3!InZO-ZZ zykka2LHTuC@G{WpQ>IV$O77Z=9pBtbyg@r&vEt)6?L6Gj+L znUfDrhzlcIcp4ds&Aq&t+|aj;EcmZC%_W}A zb16`RkYKl4X|m6u0>f0u>P4UYW?8#Dz;ClWK1p9iHcF=M6lp1j=Ud7v+RrJArzBVH zF|Sc!D*zV_vDL@FbL@yEjFm8pkneKWChOFi=N4tnn;$wKgzQTq``bkbJ90hVmNdnR ztkh*r{8@OGxl4yEvda>@Z3nR}depqN-$2z*AbC-nM#t1Mb>aJK5fm)57fIP8lV_F^ z^U&S5yfl(!YYed0l~5Lz4Any;OG?NRkxrLe_igT~d-&^f&H-X&5Y6C^4)&86I8u=+ z-bvZfz=(^BlfO=6k6yj7z99ki=sEoVI+m3Ey$g=s_;39C3;y**Ar7DUdt+Sb(O1T? z*V~S^zGGcS7I`JyX4Rg$d-lSv$eFfW(E5lkBob0Gh`;@q?NXyxOz^^G8WfX!j9VOB zyAWP*oE|B-i^ z6<&SDXy?DCPaO8ooYKkjy12}B&o;bHR4V-VjTEgvLd}Bf@i57#%(XQ;bX8s^z(aiq z@|>?THRT+m+Ow;&qB*YvX@#%(P#i5;j77AK_iJq@@<2@2n}WDdV(bcHN4k&m_CzwT z+d|5a%%wqWK=G^6W?lBo*QE`?s{roO55Q%;HrT1nx3>2EFl?M<58wjIyXC&zo^l2( zt{@*5h(j=));_?0VZi$OmTS5D>dWw6XIYPnB4YlgBNV$V{xX(%_;Qg9(dC=Z7&)3a z;{#5lN^yFPOBGAjUdwB}<7a`CGv%p@itGAjGTo!HT*y$FltKl2dCw?OT(cgS%o48^c!C*qw{gEoE zR=eP@)PTp!MQv}3{+jzNP5D)>eUrw{e#ivWZS#{T5^@7m;{+YAmgenPwAUQ=a6SgK zv}8Thp;)CeNujs;Ac<>=FOH1s>*$=oXKtKLN>MnczevxNwB!qIj(!Sk*Wn5T*YYsL z?)%1IcMm~0j$JO)Y(3h?bL`y)3+V>(;6!&Aq{iMX2|lAa^eja{p}A?0kBl1y6sol0f@am1H8ba z<#_cv@OttFP?$D?xkWo&Xokm>$b?Ju^K%2(dPl7w!^t31OytfY=~vIW03RY`fen9d^F6!7 zfsH>vSK>|869`9vE}2ZBga3RB|5Wfsu-6>*s^seoR=UQ${KoF^N!(iT<>&NEEEEa3 zs7ZX8HurnWWGhzOCib~Q8bs1^v|6#(Un@le?Rds9x& zdJF8i3ACC3jHK0B{;YPwmo0eKo7RFfgC^44eXj3fiom&qlOph+ zMFmdw=%DfUJ(F67vx-rX)%DtNIOqHLx!Kdo8EXS86k&UoFPP`g0Ffz`J9ZFjD>UlX zs|<4DrIsy@4YAs`{C7j96Ps*zS0lbjqrW0_G5Ifq(Y-&bYWK>tKjCp%`fYUkGrXrH zS#xQdvSIoM4RY8?+_rZW6?mJ*|GniH-h9sc#unlH)V6vC9TNVuWuL25Z(Rtn@msg7SFF_!P`%C!QK{a9mn7d4CFzs{!;^MO zNcmv_+N2XlfwPn2f#=_xNPxD)o9H9p)@t^9JUN^*^2VTA;B(XMb2G}IU1WN6O{UKU z6f-Ub@8HZOE!wRll1o(`_>^eWV5h6-h&(wGpGR2v2~|+f7o0vTCffA$HK`-!b+S=& zyMiSzb8<3uq%j6;u=On*j5syD3~o+LQo3|Tq|N*puuyqCC}n(@uZ9^kuKc5$YKKQs zs4qvgdc}{th>HJ~W*EDtdtKqy$Vop8tWDYCef*NZX>~RrPqdZY6a(JqsR2~$+hT!j zCHVyacKrem( z=f`DoL^f0e)oyuIhda{ntX0KV^T^{rer;;vtI+EtDm`(8u96Dmhr6Jh_CbnZ!~T!0 zO2%6j7B85Q5t5S6D5S`23VKQb<&@Gpqp0qm#~V3jjL&_fwuI=xU4_rM zLCKcQ0&uyOw|5jy>>aqcd0EM>XtzZ7em_qIV32IR`k03qEArhDMHr&W|peG?R_Ku-&<0rD^2B)Ru>*y2&=6-Ucn=?u)y#XlgfYV>ChY-#? zT?2-^{;1meS73q{o`3u%a@Fc}=Y=Cjfg?#UeMjG2i%0ekT9nFjqoWOQ(A{3g&+n-b z2k2#^_u_T-pcNkhM;+kO{uZ#WsQC#_A4R5|Zr1k^B)jg${H@r)S7N9M=6z-MO&dZ_t>XiDM5VmB1#l`6rgmyC7KV5AA~g|V5dn&!Aqn5h*K);5%)_7Xq+N?Ksq!)U6J<2+ zpbPzwJPoEi>$?oD@;Wqmq!ely{gex>m-1Du^?ramNCXoJ1W!s1$k6t>krco8YdnMU z?;)xvd*fA%PlJ~h7#Rk??Gh2k2a!!2fsUHbq5Fsx(O(F-Brx<80D;#) zP)847$8AA#2f~Qnl4tLtTE)j~O?eyC2m!A+0W({`ip@joAw+3!qrHRf#CztOsNd_A zUIQy7fvpcX_ypjO>)|dkm z8_O)HwO2IcZF}+{@bp)w!7Id+p4b44eBi*F7Vs~aYi?seZ4Th%+pq;dsGtEN2D>C2 zKXc|AVN-OuT^nX8cHfD=$wRia9@kQk<4R`_e&Se+09ZM9I)^M#wG?0$dP{o){ei4L zUjmqU23lI5#dtM&B_InJabRM{KiV#7bT=MEb}NhziQ<;j{2o7+G$~faS`0V}RRfRN zQ*7@}CFVB(E%#TYL#T`>K8%-LH+L0smck0qh6*+ed@RH%j+o#2n4(&5+R? zI)>FKQ1&*CWw-H(O3mvYLt?@Qk2<SzO9N2pbAb$pz{1u6 zu&P#>0=Si0i!~@e+@hyyAA#y%XCbGb8Vek|L*fwKf4-cU&$XcBE3 z@**Zu&h~K>{3W=9^;NpQ$NC0F5Vd@Y0QIpL(76ETtCV;B$44h~0Pp%`OA2JK9AS1! z@A7Yf^SkwpcZejuA3_+T*g?M(au7^3@ec@GtvS-dCQR>bO*cRR=zsK#fz!W0NoPYO z+R{LW?SD(#QM?B%|3LT@49aY>c@E4ze?4VpnG2kPqnvmI&Yq3BRyGfSO*wrNU_1O8 z^!q%>r*GGPDg^f3srfxn zsubhBehVnieFRSbw+ZzrU?U$rFpq`yOW=ohF)u*2Yh!yILZZ$b(5C-p^gr_Hp$ruO zh(FxF48fdlS_gxs9-h|~$X?P-C<*%gmuUJ*A3!?1fNuT5`aB>ru5bw8uZ3XX;jj$0 zFJ$o-Qi%FRZrOO~fHn_1&T2M zkAgi8ZxA`Yodqdk?;jy_;9UchG*Wffzva8n{DlWvS45y33DG601)9mHW@Bcbv3_M= zHsGs1)gv`7ohl#{30-NoIuuXV{*P9%OJL*J{te6Lh;S+xR|V zyHhMy1U+*5jzngVTf#6DFz_1aTGQ>Bz;7MnhA)oj7r>w3iYZd83u* zimdxDkQgeiLPQWDLE$W?a%kg& zX_u%7QkR@t}@WLT2>^1 z>f6A(BWj`pP~B7gbV24%;LPzd@Q;!{4ZwF6h_p+0!(jH7ppjvboKdU~Jz>g zxsQL%gD9?x;rlRDgpP2eFw`}awWbkU;l=jNx%>5@o*HAM2K)cRN&CZbJEnrJL(e?NuMp?xdKv-l_8Pn7&c zbqml<2mH8P_=l2_iy*OQx*H?0e4w1$+UXx8WneWA_;bzK?F)SF6LE&#s(i+4=YXOy zuSt<5x4gmR$O<80VhwJ@WQcWrcER*R!V3C<7@CJF7i7BH9O(k>hj2`G17#khnuyIm zr5jtXgkiV_MODHxOzMF4fmSrCKBy|jmECWF9D8e3y8If%CA zEc4}SMrE!;%R_GVmUc*L+XNf6@u&Qt`$nD%>(sH-`5!y( z_<>oGq6~sB+2Z&j){XSE?Mry7WvJh}@Z8QML08GEIog)ku&F*>i_ER0F`Mwh`yzWK zGK*g3IbP=hC`dpwmj7=xd6wP9X=Q!HX!btamxK*Jf+P|#nYf1$M)nj)@S-zcHpOs8kOssbs zCZkf0Eq0$;Yo=DFdjXvmt$q91qo~yYd4aY0K|vN{+P=&wB*b%Zhdmr!3W{ zz|Hc(Gc&fh;vMjYttaI22YEU*ECIagd5Qq{ z#$5gcw6n$5DReC9sDS(B2PFHJdv@1&#vyXo*60kwN$&zBp`$|M%+x1&Gj1vJI7?K~ z@8gMo(L@EY@5#ae@oDSnbQ|`cHN7xtUu@zcep@iOO;E;0^65@>l8B%u3FaFp65wJE z(~0N#S?_WQdZv+n4Y?=J)zUW9QTtX^$)1Xrfx?Ui6{#UfhRMCcz*=N26r35K7FU3G zsAN9l`NT!RM%EhyHw~!(IFwrnBHGp5)mDpA5V3@b%f_!B$f{)z&J^KqC{V&h&^-ZA7Lau;|p#O5Yhw$}= zk{8aI)BlcCSdpj#+=oL&#ZRbI-?Xo`-syuSSuUiXQ}fqSTq*Rr7Giz8G6T}L%WgPM z=7EzpF*nza@Heq@30@$u4KxKn@{CGvM(jAvGGMLl!23Hf{_hl1qA^b6{?H#bTJ_T$ zgd-kjZ0$LEptx8$?&nPd+fJU9Z-i%F<~@wE{Cc08G61(hejx={IKf8nq4>-~q9(6oWO~vV>e*zAOtfTZ{21D(ee#gDzJ^mNu?oaQ?K7_!FMG?0IwCiz$-% z@8mD<)u+Ku`!3%c5cS3Zw@2Wy?GbRQVBG_B zO|x{@q0hn^!$rh{yCnQtVktH42D&8Fvvuw2TiCmQzl%S34w0F3;R-8OP5|jB?>hRw zf$Xh-kAPeC_Sy}^r44%np@57=cW-NMvj2T`Sur9=)=vbBL|W1sN7g5UU#HIA*|(M- z-ki8gBf&HOXtybQgTQ-XYO!Fm1by{m48**Yc+WjmPl8eTag_|7D}i=-;un@f`s(>W zKaxolG~-P0%H`n^Xk!y%P$^Kok0f_TLJv}C??WNaT2Za@JRO#;qin%pW~fRas^Pt? zhOtgO-`#T0iH$)Ep+4okU#kUXlKf7>XvXS5fST}X*X-dwh-3BV*6Ec!=vM8iFL<=9 z=GkY{@3Hh#UM_N)y4UZ~G1$&;nNP@Q*-8MxQAfglUK7g#SnYKKj%qyXuv1TTpn2D( zJ}m&zZ-Kd{X?Y?k?zmvd#gcRziCA$IEH52y@g&fjP>O9dpHN7}6+ zP2)4oG{TMC!9$1U+h5TM;X)^ZbRUq#qtjNG$7TCm6Y3+`iO}S)#pSY@`m` z`rtBN{kGT|xpp!zgH^t2c=5tE0ddZ<_ki4GUI=XJxG5M=QFeoWs3-XB!6vTDXqJxf zhnZDO^DxsKAVxQ$emq=%_tS|&=hE7$79$dSUsezSgR+pnA3p~&cmZaCrw~Qc6a=sz zzASaT;}jB#h)VpP(FvgMH7Z9{Bn?cCoC(6lz;J>kdMa159{{k<;SXOXbLU`XXeD?9^$@>&rf*=LbTT{6Z zLA(LNqYr>X+vxsB$ZxwpEMtGLS+E?I)d0^!Dv;;vRzf&j_Af~do~$sxJh}t>9+($H zG#@1J_00VR5v@3jrz1*cO_(2E{?5^Ji(T0k*fO~F-#BPAxxREC;(V*FpE*NmCcb9u|&vV@?0R0ka3?Y0SnH6wMU)f~ z82eDQKN5!<|1S=9QHU&omK#a1Z>eMdbF+uNQj>Xae7gAOcNCh2;wpXRD5o{I56f|T zt{>t}VD|t1ElljT#u5}*k6JOU-m>P41Kp4nlLL=YzPe;1IN3&%66F z!f>7p_&%~Qbk~>EC;%EbbxC(C%&5npPe-0z9Z#Tuw*Q4)dql24nVq=kZ%4`4cM?cU zIaG0s8*3Y|x}w2oWGHmx(4t|Gu@aU$(60f0^5NYd#40_JoOfOlBSMfHo+k=>MX7O; z&>1LAs}4T@O;xnBa&nS=|4@`?of}#Wve_ZZDX`<|k6Gxjxe{=>#Dc#eD|jib>46om z8pb-iNDJtxA-{|i0pVgVr8Xvk0&OOGR9o=17?q4$)Xw)P@}b$G=Ts5!H(j&cc}hD0r$3+bObr)9)CuKM|naLCrA9$ z{E9h?u5OWD2j1A`!mQPES_xI4ptY7=g5(o-Rx@O3vE^o<%x$}emoH0X+B}%~A=TXH1>T20cZRQzwKqRQHv6c)sOR(;U0g?j{kLu}@X{AIiP! z7{l@PQnUvC}dIt>#sc_Fc2YqhGW zah;s|HKZ4iipJf-cC?&Ezusl`Q^-nVO#Y|P3F=aAmv!hbWmG?or0JPCq&X;;!I&x< zTm5_mVPq`MdY6ABnUY4Vn^+o+pWnTyrI>ORvkvslNS}K*S0}GgSJQFQ8{hUKO)S)G45kIJV_OiFj0m9?NuZhTk7pO{p9aHv;nm4q zs|y^RnfKXRxLr_Mmg1rUDq=pL9QBju`P0%W7V;=0vRy=za-sghYpHP@b@`4eJ8H#+ z-dPXchZEmUC&ZK4ABu9>$7y20=s#o^$S9AR(uQfZZ_q9@phSyC^%jQ_Mq_|BA?-4j z5r(__VnXW56XzG+9+c#Fud?lw&cpRSP1>E(zfCZO&O}62ix)G z)%!R0HyXdj58sT1xyt;{zbY60u|Rh6i@i10UDvrN-tkDj=)oPN*mLOKfWkaIbUXl3Qp%dvPJ~U3S%w2V; z9Qjo^Z=+?=bNYr%rr0`3ixBo+e9d}t?M!Y6`QrS1Q~@$>nfs*S8|lqD*~YT2@qHR1 z$AR<6^(@jrpG^zty5l*NF`B;&h&MJkN`_=4^YWZ15LRB-3vw3+`3SUB#mpb3HYOr&A_ZCYLCRUQ8%)Bg8>r*YXV;Edb zmcT$V6XLAZpxl@e#tB(gh-xq5Kt@{t&cO4-+nvJ8Ba3!HVXsY$^Nv4S^)H4E!j@`N zgs-D_ah;l`pT;H!+=wY|Ka|lul-#t|Zm6^mmx&}R*UO-K-8?jOvrS?tbW?kwOqo`; zS%h<*cA$R*5oCOUbh>a}#eIfWU1KlpFl9B`4RV2$j=N*y!Xm&zniG`dDQ|E8NJYah z>5<5ybka#@%BXoo3%GiJP83+N9vV-x07&y2AjGOY)G)IRG9o0F?M)Kv_9bkew@>pc4SUgR9u+4KUVAIP zXSHZr2)ox^3e;uJr5Qc-FbE#PxMZn)YG<4(Jw_ThnTPXhbnO-cWL$K#ajw}xS_loc zRW%eEgX`UAS-28+Wp%}C`QxktQTXfgVbq{p2@Gim0r3|nc=^EO>gty(48%(;GiPf4 zju)xc-?ERR>BN_K8Yz0^rAl8oKKXlWS#Bo0aJZNJ$`XYE%wKj+b-k$7tvoK z)Zg2_hl44hVXi4;e&J)mhjC+AQE3Y1N0b6REgCo>_CB9V^2)7vy;ISuT{uVM+xL5}4JWQvU`SN3Mo5}_7u)UdS=LWer|aryI(x$x9I6*y;Z$8rEJw%M#=TV~ z*0QROz_DZ7YdKO#w8kwqFS0_ZxI!&9HO3WGxKDAq(`!qw5i{w;BIgp_2n4c=;+TG~ zQ=H>R#|v*UwnY5K7;$*1OX{mWhN>};AMz8{$)lbBin$L0;qqi{MT}J zc94{Zl8SE#jxB=Z@I#L+sDd?2wnc4F>bhP}Od9`pMEA$9I($OJRr(ZEhwej-YM)dE z%D>~e{BoZBl*aiGCZ~otgV}Tfiufi}>k2u1}u2Prqr>VvPXXLKR+;ul?=Jn8Y_QTM>Tt-gU{6uI}hjR;y)A*3ol0ED)?9h5wyD59@L6uOfb)< z#ILE|rPO1dsR%&#G=3Z&^9$KNRb?Z>Ndr}Z&PLS?=Il6!azm&y`UMvH2j!6-qJ zrLOzfKSy1z##zQ)Q0JJK{rKpHn^%FkR`Q#0;);AVJ)Gq?A^EeLNNp5(VGFxw!EBJK zEP1Dx=|U#$k?Q+Jm+H?rcsvE!*l}U1jsg*})wK1xKS2z>|pA_eSSQz!hTZl~|rVN+ATf`}Qk& zsmHJN>_x`ZZBW#Rc>61{dlLQL&>}SZ>jSc>J9gOEorjLLIl`0z5Vf@N+9RP+v}2jH za4YV@_{JI?$d&t}vC*4+lQ@43z$EYE-TZp)w5Gk`a0|Bxc|km*VPeRk^C*cX(JQZd zh$u}6khzsK_OkwlH2czvcd%vybMvb^>Ue65+OPvx-!=Mcxhx-_(|sr>M;2@}7@z9X zxL>p-)cRgqaP3LSobKx~+BMU)p6#i^V_EyaV!SU4nB$fey{2;7sMxp2LEec|aWfJJ z${SJ2POFYFPeO3!=?>DLkTrilAak*)2$F;JYRnA^3&U}bmJCF*vyY0x#mdlF76_7S z_zTJ~zKN^i;+PwtFl&&YCYaq|Fb@Y=v5_p8ukzjt5HB6N0X-=+Q0IH~O7-IhDDn`i0?KrW#Tb$D1X4{xQS5C&T{(Pq}#{dW0~yyc^1zRnoJ< zdUrHEmDuK`*ycC1{_@`zmC6_YaC3!7Ci9+#(7(-o`j|U0k9s62X1I>rP>)8*+$%qi zR@g|I@p4yS>@PBObo#pA&zWW(fol~?O0`8jL!`;&w$GVFGo&PYRyYqDGIx`QisGdo z(BU9d)E$zp(s^GpY0%Z94?{QXBz8qt?(`%wzKBh`2`T?h#I((M>`$L4kf1`HjHeV9 zJa)LI#=2m2uk&2G-Wy)^Z@gt3Arp>n7MaEQ&rF|k)(gp9*kT_4oy{Z0_F2TRuz5?c zCLu?Kr$oMz{hfZ_M0Sy@0EcrNop>Yf=&HLGhzCoFrDw4XA$Yyf8V_pp$DJn(jbwXe zjkFhCcQy016O`p`Jj|i&eOZ5*)Rown!SyBJ!t=WyJG(58+DoDDLI64ji3%PudDxLT zK!OG)AEZSb9_q|RtJRns?e2KXnUf!V?ayp&AJcKOZ^LN-XqNUE8zGUJUj9ydf@Bss zMjl5!NrV}XvQc5L#E-~=M3L!BbCYG)6%jhE;kdB*O1ILp>-1BIsH1ZGLyKM_zuM^M z6z!&xb18k)7S_1kqFYY$|5L38JPfM$EmSdHalP18))jKby$xcOl{jIP$<~)va ztHr#b#FO_!cLj~r<;}N{F%^^JHWzm3OTA^7^h=F0POD4iSi4L}uBNy5A%)NoM_Cdc zb?DkDO|4G3?jZSHP9S-do6zH~UYZ=A!8sw8iaGlOQ#PA8!Fj&Ekw-@H7&4gXf{3Af!GCxq!YCdbD}uY2NrwpKxW(=~g0h7|>&-!W=%Z+r zKiud<$A~{`vP(qmQeb|De=?OFoE4K5&Do|*ha*p}f({qG8kFk0(>yLTS*e8*`HY7< z)7O&(%7aVTBcjIU!*W`hVfaBRbta3qrNU&Yx$C=wcn@{;Bv01BnnVsDuaevwGwEf< zPWxo6;qGoGz;pA#k)>jDeY%jE)lgjs;e!)-=Gg$Kj#xN37NAp$xVO*0cMyDBz1#3% z;SDiqq06rO3J;!_?h+hDneg-|z$dsk31a!U1=Gic(HGD;zkBZBcW#Sd*zS7nb-(O@ z@?u-PT-QnZFpu9w+>TQ1@hJ#j_rzA5rEZ>7jm}|YMnU?b{B}iWjM(8`=Szu#j!*Xb z^USXw%=c>Kdvt4bT0uQYqjCv3N&ot7CX|RyPI)j_+PQQ5@%L?l6dSfz-78$mt=;e^ zc^fpkMagNrE?$lpBro(5uh~bSO6E(Z)6|E*iAtJDCeCX8)vKuKJRke!M5DN_6*NUF z&tdgbp)3{g7T-djMQ)X@nImbgN$~c!`q*-T5g#6T<-cLfPd5ruTCHs)Pi30u=gtLK zV^*Ww-;nI2_rui@ety>=3)?*3?XC_kS#ll>R|y%TwNuX}4EC%CFix!;38N6FGBZ6@ z8RM{r{65yRO2zw;`JgOt{G+)W{b?nXqNE&9;d1CHy}-NTxZ%oS_CQ0YjF_Je5@CEs@zJO4P`teBGNIv_1#oN93<~uAU{_-g4iMYp`(ty!)a6Be-V${-xPCoo26RG zmR;^Z5W5P%D4{pa?tWgvBrnDM4LlS=qoWzsdnHUIf68tBJ{8({MR&{5(?~p?oZTRe zccUbw!R{6oi+D?Syg97z^+AU8_qn_cl9y=#6J(ZyL9Sn2e%XJmcOG?x<%BCrE!8OR zOEQ$4nZvx^{u(kgpk$}0f^cgzp3U&nvZF%wCT;qYikn|UMcoXm$SkY%16fvj>z5mj z<2OP?Yc1QR{(!=p$8pf5dHBFxcOkFq4uuMo6{AOJpl$}biv)vvaM{rNEJbFW7Ad%> z_b5|t6Nj{*bADXRc7u#tQ_r*4L?`O_Ptg`~#V3)UxJ=sg2`R%F46$^fwIW@Lk6{Bt zF;{B&Tzo0QsL0GC|PDOwryRz(_8>KN|pXLJAwKrH!;YC**H3{f=|2$ z=0RwVyW@4J2TI8wK6M)s(HLtK%1JafWi^Ona5HE^XlI<3tjzK@^bigWJ;Oa}q~WaF z6^lDgE?%eo#j$Wx-1Ek5rL-S6n&iSllsvDF#ze27d_!e+WBsTg2F?83o;nOG;nk^i zHx132s&nTURq^>1Rf_91i`~iL0BNuu6Eg9sVS>NVtBb`#GkHv+Awxk{wX*binmT`P zR#qj3X|7Def#n=p);%1yLnW|eR$7 zf!u@$=t7S^J#?Zg1?^9u9Rq9aps+F|Aez`ZQK^iheGe;_Kgb8NHJm%=Fz5Po^ z?mun2s-M@v6mXY{7P>r)t}5cDkFz$!$xp=IuQuznWHRkBp?xe{-WWd z!E7FKC~?7=F|1$fxsH=7N&^!Js-wJCV^9|1YTbtZZ|;@~3*kK?3BySw(((L_KOG#A zWU;g3N6l`8ueZGS68R!_l)pYsiJ?!U{SIS!j{eR^QEkU2{LF#8c>Cu> zDD&itjANo4@=*7;VnP6K?U;XeWY>M=q!@v^t;c zJc=`|Q`yscmlq#hwGwROv!5jo%g3dJOp94EUC2G4gnj2Xn2|}Tvrk5$OEwgS${AIpsx%IwO=wypPLG6UqwynMfcG_?H>~9#I8y)7t&Ke-__IYIS^cl;OX&TL z!dlo-kIAPpJN!^P@0v@!j#eBh1A1;ZC8>G;WaMlM0}tD8OSH0|#`+7lo`3fa+S`Rm zyV4XI4HyUSx5{9f$(7rM;4xu(6yIe(kFd6UMC)WgSFQqK+Hs9oaY&KC0 zDeo;JDM#8pZ64&IKgeT-$XY`)S+_KmD!5KPXnW+E8k|er`m+~9q}EuBvoJ|cg+{Yz6gQbgBgI{a z3WKy-&xt|>I59wV3QZgU58d0*FUpfj$cIKa2ab@~oN zU|nKZvbI!DEY9npF%FP-n7Z0fnd1K4e)M;%j=oc3*V!$qw!3=>9;Voxnj38x@aAGp zTordF*ox9N4ZJAOtpNL$tKEUvEi|ei^8G^)kQ_RxF9OUG&L)o^q#|Ro<{8($7(1d3 z0QM(g8;Bk3x0^$qfR~C1OCbID^TnZf4gL*$2vKmup?jCUMJshI2AvJTS z%E44T$j)18s+8QGR5t9?0oMq6zfsK5hrq4E3}mJrd(m90&2>3?QF926f5cV#xj;#g zB1)R0Rntgp1p1`sZF1mK05;_=vUFg~Nm6{Ilw_>4S!MQmP_bw+Q^$TX5qsIiS@CYI zkBX9&Cb4Lr5POe?VK@Y{xsYztdvofrX<5ev;VVhgIJ=7Jm+U|(0ygaAV+p-1HH$pQ z5h|LAOSJQSo=sQ%I^O(a0m)=F`Xy<$6L?labzZkZNgv))c8))U)NW zs->-3SHNn8W|f4jrkb|NxYZQmuON6e8NzQpd^I()wPRR|#-l2lb%nAnK=Fil)&)?X z6x6x^?vo>17r=h?;jI~&qIQhyYAgD=LR}Xjc}l$NBDhZrdR+wh>5;FCpuhg`*HrIo z#=x$&uAd_mwj4qIc-V57PYH@Ghx*jW*mB6PK0G!pLvB7swgCU817!=Eu(@d2jBv0l zWVV1`JZsRbt#@xOY&Ns6)Qp{7Rc3f<2Njt;$ij3%gVvhnvM$BN%rX=0)MSIrODbrm3O)^G4<7=W9`DZf4N7 z!MO#d_pdlSH+>MeJVtkM$2J|MyR7w@P~A-9zph~2Wqrv<>=t(C>y6n>?{3QicQXRi zHgvZjbT_wTs>JU;abTYq!JBGw#W3FISqilSc{5$uM)TH>=1q$lwL*Fqi-t>sdea8l zZ#J?wy(U);?@h~a-%NmSs?$rNe3LF#i}PIsyENFh7|Cl6_s#pTJX_3ffoXE3sNb@t zt}XO8MMYJEf7ATuDG|Vh=>HTkz^O5OY9Mg&Fn;}^!1?9MQ#-#|q`at8-mVd?3#^r5ZDdae_;~42fA|pi^B*XgWf!cj0chmw0Du|1TacYy3Il2v!J__{ z3b9)dEXQu-LkbAR6C5<2+Rg>5|9#1lSMA3vHZ5?Xn_8AlOLVEB?%Y-oN>(Elzov=J zB5vG1J9u(W3u)+zc>ZS})Wwj(EVZhg5KqIutns=+Q-?Qr6Gk-++C2Xxr-?EE4+d=B=>cMGIs7DksT; za}-Fw8q-sChN1eZ$r>{d5Dr{23n7;bTBZS#`m-JslPOBkPU+xfl!Uwm8D-a5_Dnas z#`Fr~B&A|6SY39d;>_JJSznU6fMl7 zPp!<{>%0_T_fAoWJ5{HVt8}1(Wgy=cX>o2)G{KD1d1j>b_fBZdj;sJog^JKa!mzYA zSBGz^RKmdFq%vsn?LMB(A}&Xt!wHk8ycD@)Hj|0J4k{t_@B}el8L$3apLRaLIbc)R z?)8TdHX4lvxbhKXNU#sFZn3q>50&!*KUDI9iF=oDIGj{!Y#6(rRc^4TqB&z_6e?8~ zTMY+Om0}};^#9T#g<57q;1Tx@(FP{^xmg}VU`|E!zYd!sUmc8aI2nRg%kj_%!@y~^ z9NKECWvss%$|Hl}B5`0EO-m8(WO8;sPaVE^JVL=?|Zz@dMz zlZ{HzpX;v$Em)2m(mUu#G$n(7m=^^_PQYlW;q0%c%nj3eKdAE&~T;#9Gjh>lFVW%3#ESGujY zDAUZ62&j2O9I+es`lny9B#bMJ)##m|; zK)s#A5KBEK8*gA1nc85i?Z^5ijzW^Z?-3nkznGW?m1|1QvJ);)6AiSCa+u2SAH%)Sa2IKYS%9%VSP^8QGMEM`)VfO0R@VR0c(fXq zb=umHdY5jCrPNjGdYML-hiVj;IGfD6wKe0z=2**8Yi!L%tKDeYTH9c-RoXVAv}G2A z+C>c`I+xyScBGizW%cI;YMhnX{ehAQu>kq;+5ZJcLvVI_a{+$)>EgYB z;6e_4GHFa9i=llKGl6|HLHlv_L-6M8!~6FaXSZ(-z-^|o)sl}4|6x@-02gm>E>)1cz*H2=`U|@Kfb%Ty}mrViAUJn4j`oKCD#Ki?szKY`$p31 z?J>k(5Wb!^XkgV$ zE>*G$f)rd^C#-lw!LojQi+2^6iLHH2!Qw%wfNNcM6%<2%!ZiiO0H1V2K{3cDUrtaA z_GRuR*j(y%(`#D)MuHlPmp;?A1SRmFaw934+Plf{%{OZV@TjU{daOgmlz9Z#- zxFCZ~wrAN?5oaoGoVLMbGdfJjVJeA3NIWqBlth8&P%^@Cl<J(R_fgNqxL#9Jn@8ksZjTnqR0HWw#-yGH8VDh82?43AMP zCoR(|ncnCg`ry+10lAK&HzSf0R&F6OgoTmp%1V;nD5iltFq&Jd-ELlK$a>kBn}{5XcyPct4DvC?%Z56> zcX$dZFT8U&KM8x*vn($G6=Ky(xhK71FP;z z4E1+1lC^SPVk($RyHIgRCx|B*f)Hu+qM4|*J=(?aUK)u<66K7t9F zbj$Q%(SPq668`U9AaB7CJ2p*M$_}8s9!2JWVC;d=IIn04u!f3ddB6-E0*YpYBa^wn zhyf#?xOdt~UHYo#8(|Gn{P;`qMU47NH>zw{GHWZdzD$pdbX8}3&Mmi<_n6&4TwWlbx^78@%s7db#C*~$zCI=a9BYLxaW^?Zsw4+WVH0I(~! zFx3aMg{1(>X_s48ddsyw`Lb;I*2holj^(qhoEI459s6G+R#;ght4J4Rq5;Ey)Li7b z1e-SkRHb2~DDb2VvdetzWoJ@7dxyoiwu;`s$6e`kS@7uzGMi}4Wkzvi?gd=)-({!vJcEa%rfJ!0@JZra22vC zTHO{YCG7khafp4koLy-{=#$hJ3-PM*L6SPGtOYpWXp-eJP7uPqJAKu#^{3>XV1mc_1tE-|fPQ%dpXy?1{Or-Ki zUU4BEo*t&y*ID^Q9e^1aAtBX!DD=r3dEmS6c6L60c7&L3{B%4FCjns`yYGmXoYj5# zvU3{)5=!<6p&$W-1CUe%Gnp3n)c17+4w%Awq-&^47d+{%XfkSuzhju>9?=JiIY)ua z!Z+O6u`Usmt<9W!@X*(Gb1h$heGj|bYzbvuGnjXEAlfeY>jC&55a7TQqt_LE1_06t zTPs=ta3Ri}AN5sc=88_4s$(<<=uzHL6inoh+(jegavw|(S6?_za>6MViax4rB&VHU zz5vGuFbo@MUp3=>@waR>*__iPKWa!kFeedsfNC4?&?uUunr635JgnF%j={eRDghsU z0JlF~fU6JZe+P~Oj!4L3UkM6U55z;g* z#9p~3OiaVoozQXqX2tDDroUo4mV8a4pdlJ5Ru%G@8fM!>rA~d7c^7%$9;@rOQipyC zyp&I!KK9dguQBm`@*rsb{Jn~vW-9lvpe!7u?&8*6Ex}vLW5}l663G=L#oD%` z1P-84pyyl3LE!4c&FzoZ7dIbI&);3X|9EwJbMxDW>+`?;b>C(*IwMvkqAp#mCar;9 zsty6aGZF~l{BOIT<&7VW&!3B`%A*5g4f`3*cR}OJmoK~Ef4~Sb)b9evJ6O>B&!1DH zDr%Mw!&f-~Vlgf4e~POt8VnN~VJ(YqXncT7xJ&1jQQmUsSiEWu0NAfhf(M{%&^2ec zC5CB;-AA(6_+W=dS;m~+Xv|oO?<%@@=qopYm|+|F_+%ACsk!TOGULzqRt@I7Z%b91ya9`M`0egq7}T#rq9#egRch zE^s`cS#1&U`0z&oEonmfD~qgRAEsp1ffH8Woz+zTUEh{`IhHb&m4-eMQIwat5NQtO zB?H>iY6`imVFQs_o8u=`%$+`OA>cKO2lg9ab)NI8u#w2C2VUyO)V(<7U4>ZN)tN= zGdKra&@u#L^Z;f!h`1HUmb$?D@=BkL$7$&rv03UjdB>Y{nwG0cY0KbEYCFEKs)0SM zHurB*baHcX{p;mf0jX5Rzv3?77(ci^u^KUCJ zhgN&gXf~RS)>k{XE6OR>qOjLToNe=VngqlmFHtd!OB$X8M7$sY2+)HH^YMM{H5>p} z?DFzz-H@VtOd=T+tG&aicC~-_|Ji%{@5XIpL3DohUx8I7Cw6X2w)=C|Z*%u4veWSy z+pTN4GkZ5P$A(Bq;+P^B0(7?~p7*!EgAbA*36LN~$?cAC=1klaKB`cKLZMKof&{q8 zM?ClTBEs=pNWBH}m&u+#0OvvCF;CD7fPI%IisW!`>mv;K#{|L`B2bV>bPYV3_RM?z zgoE#>5YlKiLk=B)Qw9OgI9N>JK*0X^7jhuRBG`WrdWlC!j0RE_(MnZSnr+-P^aj`=4!;-+w>+9z1x<6CQti=J|;2kUuQhv^WcN0=_>KV)pR+ zz4SR$vTLv{ZUugep)Yca!7voB&`M#_L?T0RkxKUdh5(J?fLpvF1#e&RYa0Tl$bm6I zfZ!!kgCL7OJ>??!UTVeXj23h=jP3mU3 z+vMDkFO1N7lY24?YY;A%6xyD8x@lKK!Tj`Jr&p!S19Ax!V_(!xv2>Ow%$VKEAP>$U z8BjZ63*TVU)F{CRm6Nm1+-MkZE7PR%Rr{$jTnM$8u4_c&C`i&-hbSsX6K9=Q;w0^- z0)diT;lGlklDtjk|GLJQ7InVf+{aVsXP?Et4_ZK<_{3OZkqbP&Ha5B5*2XGB0qpB@ z${5pH9aJK1(3aOm-=u}FI}xWmm^(PCuM$JmjDVrWkp*~;hVxuC zH|i0imJkrIQQ|+N zJ$)(OZwCipAN^KeE$8i4MK^0-pIYhAi0=y%t%BGA>lb@h_|2C4i(T}aK-dNz$-Y)= zLgTchTP7v%ta|PeK3k30%SNL}H0LPhlMWLPH(`TQf*vMG7poSjs3R6qZiRA8yIiJu zuIJEOyCLRlS{jIC?WPQ^QGa}S%CsGL>n`Ak~Q7Q4pG zCA*u(_L__9B2&a%LSYoQGpLFlmM}D)vXYv~Vi_eZ><&2Q=61)Ne7wmf#@!ZzDxD3Z ztTI`_xtkwd6k}amk%0G{&P$F6T&62RE>E_E@Wo%l`Oi~0QmY(@ouQT}2f!!-6B4y% zR`i+jSg;*%ZPL}KG54MoTejokayORToIt)ww${*qKN^+?vMvablWi5$Sa$}DR}tG= z(E8bGu(C_MQd;3l}1^r>9Ir9swS$sNpPj_cN$&>Xwj%&K+|)=%r2(*%?&K{Zk? zDP*7*(Q)^Hg+?f|ZX0EqK6QMy+|sMbCO5~r9PxU2mbvK3KYCW3v|+T2!}wczai;d0B_M_X78vq#~us87{fGG&%UlD}I|oJ(t^d6vOwBwA!s*8GKNA3P?L ztz{9#+gDB`e`g)eZ#}|*S=sp>KZ4(4Op)|K?zvM2!Vgv+#zmW1e)0h!zJnra>Wlhh zgi;@CLi~HQs;Mgsd5Lec^w;k%RCnu8eUns3+mt^g|E@fbTz~GWr-IGw2B)Lou%lSoi1kC8DUGA`!r~OfgumY zpMBG=kty)y2s;yH}+JQwh0 zS>1lYQS0x)FT;zEXA|(t@Z$V*cys>Y>g4YM+i%k*kDNXhLi-nqnG8X!#0BM+C~!Ul zd~1j!ABYg4{B0wTc>rAQ;2$9I4Pd(93Agxb0GU(Pg<%6GG1Jd*JmRn=qM~H(&ee(| z|Da+^WqK-#4#c*a0eF(4{{krW_}=*6I0g<6JkR}-r9VM| zl&{ca$eA$051xwv1aaW~79;Qpu4Fa<8FPuLAEL>n$TTv;tji=B#ivi7R4XNp<}#s} zNEvVlW4h>bcouZ&ug@3b$yim8u74bk6zx3uOfhc40DNhg&cY;2PByuNZ#0FD{Gmj> ztj!Cc)Z?>gfY>XcmOk(0huH~#P522%_Z7sbO6(S5-*Z-nA$GGg?(*9=j7T{0{^bR8 z@y$cT-YY4D>_9CuMW9Id%2!M2bm!El{cInGF~#pufFgdH*Qn&C9gB@m4p|qD+I>m2 zkCNDzJqCw26ES8O;38KH$!hR7PFyb!K&n=&z_KxaN?JZzg7_`5xlpc}<$JWUpXuVY za>tW>uXdj^Sm-DEuM+llll@n;+U|UhhD{iIxJlM_U=3&6Pe*ZDN5gbh+t1YXh2<<= zUl^yziTn~IEz#2S)W8757}1H4ivp(Bk`C^VZ+xP;LRR;iGLPi8orG9&C6VOHxb=}0WzGx|hnOW!ezvPjiBJ7%ZCAP~ z?caZ*&oqL4cE}v8;IiroX!ZNgqod=uZwl`}-@HEFz5m=w;o1w2Op!;K)Gm+yA#e;Y-k zn@PfsIbkykkaA&HsKH5p9s7t3TokNE=`9Yq!DpYjL#1!gR@krk-&|n8(325_Pjr#y z92ml>=X=yE^_sPmR~GkP;GTdhwbI@aQRqSnPxeGwOg@O}Il)1*&B3^r%dKgO8?&dR zxzs${7QYQdeE5iIXytIfC5K?qR;H}2coVLX*gzW&IM<;f#epXHaOP0U|EUE{P5mw+ z7ApxQy8u-kpaxzAS`s3M(LTiPB*~@BFa7?{NXDC0n4}EtgEP)k zdjJULI?>Uy&Ek@@=yUJRG%0@a;RL*Sr8roJ5vJI|{t5VaI<~EPGaAbwC|3JVnSN5t zN1bDg23RU$pdmYJS;TIj>JZyGWWFvvrv3geJpm3={}JOcpl<&^dRvVD|MuPM*Sr0H z8>Q+Z-{>+sDDBS=$8wKNeNJlk*VZnXcAIT>1>VV~TaHQZ;AMyd6ws5zi*dI*cegty zoMZ5oa>`DHsudCkvlH;xUw^js_E~YTSpgROKje;|bbKcFb`cy^?& zH+lVwg-Q^g{m!_){Leee>vn-U`TzR35dZVl@w<0#cJhB4Mdu5qeN3Q#5M_99(8a#c z_A$bf>;^j_-<^KAu_qua*C=j^7mZ|JTPack+K5 zMI--{fQQM=U-7%Jn_tR^oa+nvB=hc0#{Y3-{2q|89TVzvp}`4B@qfdmU&D0@Y5&mT zd+pMl{3j2N;RdMg{^!l{yQ2Tc%hx;qkFAt~3SEWh1f)r=_5dJ=2b&(w zX6$^kI#D0d7C|Z0)hY_bHcm2@sGa_^a-c$^99D`yN?!_y1*KtMT~a`Lo>UAW;&?4H zl~c5%Fq$Je=B*3elFS{Yg$GYFEAMmGK-S;?bAF&&4WMTKfBX97tK$Cu?&a}r|KCRG z!2i>9Ud-2$EG1m8B=3mC{T~8<^;3kGNe5qo^QVONdFw5^Td3#fG}?ful1FpunT;K% zdiB;;`t%cHLNXwf2%~1@0HH z+FHTAk%icdN>95+8^XG&P!v66&wc?&zSt1F+`5F9C3&0(hUmsyA{^7KaqhDXK!$!=LKPv-hdfMX z+En?t=90D;wFM*Dp(Z|G>kuscv>7zZ5Nr(D1rBhO-!=eHKH6}WwvQY<1}g@aVO(WM z&Q|?;d;YULLUf@2Q%KP)_6aftf~wU2kB?p-zk6A{|9kaj_x@`u<@Z)0;G5jesr+HM zo14fg6GS^d3GD9RTB+^H>~?s}D0I0w=cZ(!uhpr^h+jtp>ePuznpepQIOazRzCmBv zENt@N3>FBwKEH?`XpeA7-8gh1MH3o9issVSDgRBZ@Pc!(p?UR-{>>eWEG0>@2TK4H zfyqicp~*^XQTP|tfNd=fEk)vX#NuC?-36s#6|mbewB?@Lft(4<#<5*mKL*#}pb@4T zIjjKOCK653g|k4;J&Bixxu@j0#jwwve88UvH*ygTeuM;#Azgr;A*507fHON;z?W~{ zl6YyyDeJtbFX5wqBi|e`L#&2&7}`?1y9Hshht{tOr&kf4A`g%%$9JD#x^F0~Y|>-C{d`?mx+O$e0(CFOLsIx69lP1uPn#4bs}qpQ%c*kpI(2oXei zKVlc}fu5|^Gr9^KsjHB$T2B3h?4zi-0VyB50bU)YOV~r~2=YObf|X z5R8bIUO84sxi`>Db5T4dM{_&oVtc;y=+{n!@_W9~`FLb(a6TSs&rij~C8i5zq zY)zCw$yM|OI5=GOc>){7*NtnKMzys(0I#3ZUDIBeo+{kLas)Q?F$mM@<#k-KBqBs` z965;OYp0(p%}iNiWs`nc9=CAb0^l3)HzZR6%9JhuGI9Cf`DiY3dkabeF93Am5#T_A z>aj`N)h_d9OWo9O^@6vW3YqdY?}OO~hf^;&B#Xk=K5`0Q9&`T&zzG3Q04g#oeQ!(> zDt<3EUM#T--X0y97`T`ZRcSBy@{*m$ND&#aU?TXbucqZG49+ubv-AClf`PW93?SS7 zswN?SxK{EZZ$rT81Pc!o#Yxe3A%)LTx|F+VC1-WQZO{c&w-(|MZbZ4K=Fj9 z^alGCNE@YE6bD1XuQ?A6Ko7T z%~ZiAT}^s?^2ho7(3+ktF#7kuPjn!aHMkjhAK^F@xuMs>p~y3=Ebm<}Dx`O=>-&%` z+e*7Bubm6aIJ%U^(nbS0IGCAX7vlV#5a-Vg_?Z{DO}Yd9C6fmsU4UcIU&7DH-x3v` z%(p2zeb%ba6A`i#+r?b@gCfpL`?P6o^{>IZckjTViyjWiV%c)Id=C3A6}l(cYAo2Q zITlqL%r;rA1>|PY+)mRrcDzMu*B_niM+3cdIQwH%i5;{MwE(8=InI3kX|F3LCxXH; z0OU_M>uEhTkdb(*Z!3SO9p2c1VQo}=ZX%)6sVj?R^o+;AuXPJl z7)bVMygoJUGFl>tuDXZ0I6@O(JD7K-!go69{7lfnjPrgv1~u3BIunh82ffAf$Mc)3 z;pO@5>DiAT-xs7c2Sx;lMNt5w73k53f!CWspP*jOxF|%1i>C3shMos{X_CP-{xG?D ze|y>;(rP$JoTa~m^8}7H((gk1q!H))KFfwZ1wZoseQBz=}LXnaBu+j1C)E_ zknTvmgE~UoewAlKaLI2zj`wZ50zVhJ<{=k^7V97j45D(6c{=lgZyc zT%X?lbbfKBN2X^|f{1YbN2WWUr^T67H^!?%$Fg*iVISO8jhcGKLU0-L014 zL1`h{Gt{%N{^Lx39DCIy!7{WF4BP$CC2`Dl1^{^9EO^24clVWhlHeE7gLj3p$L=|y!ASZ?h(NGf-ioET7M z-44hqa262`a7;#c$quhQ zJeyf4I+Opt8vT6z;p)T3$?fRF<>mQJ^*XT|+;&l1eZ0&;AZa{lG<*;*Cm94%_K=1` zs|4EU;^XAz?D}>%9^YOKFPqH>4AZ~!?uL~xd;`vT1|u7VUFJF}pZPSXoL`;aoc?$_ zynbIlvAX`7&15ye*|PW>^x2uf68OIjFPfZ*Orv#)O03b~H77cTz+`lNKE4sh3M*!^ z7^>a$OZn3f?kag(IseIUO*M##*kx@nYpN1l4*9zN`NQPK8l7Ye`R|`Gp|;~RF(4R* z8{^0*QjIfsaXK8=k@)Ot_~XUdZK$9KE|BvO2Mrh`J zZak+Sf3hBd#IqJ7{5YJP-JV`G73JH0A@a|7#f&#z8fjOzt%XoEW1YgKnMp#bTs_Q^HHEV0GcLX*bcCvVFK*EG@Qt93hVVnJ7BLb*0iFFn<3Yu zwX)>Hd#>hNowy+Dap2=QQ|_zmY=(hGAFi&>MmOgluIdlj=~yEi1jrGON}COLdOm42 z;;BcR`aw&!MA`bn3(#2TJ$7JToL`;UYE`;X);h1J9o~3L^e-IP&h5?l<=OxJaMgfk z(g8YvH=J|kzQA*v>*@EykEiE13~WnimG0NGkmX0e9Sv`WZJ-!I3Vky$-+&L4Z6$S} zj4sa4u5NBG&#!JT&nA=M`!m}`;rJd3=%p82B0}ICHCc(1pNH3Hr;NcbJ`7K9FV26w z9$ueY44uiu$pS{m9Y@H=(7o`c5sW-D3$Xcto2d1au)!jBT*wvxSz!XP>_Au)EwZFP9 zWTF7dBB4&$*Ln&9)xB`sICDjA&eVs=Hm+MHe?fjZJ)tn7aX60fwCFai{L+!@T6x3{ z9KcjK4ZeK~8#PhJq*Z7r(3_ys_KAMKgot0SSd$g*l zo1S8XOlM{#mZz0yl4D>ere{Mz;;lW>0-2*X3+l3GPZkc;P*u z01={*guePym!dE~W(Tq`2dQ2dc7Tjt8v1!;cH(d+4tL`4*^0w!1YOS{52M^~T?)j) zs2xbeJgj<=*abd%nHUxD`ND)^AM}x4QfmFVR9r>^ghGD5x0Y;Y%ZpDFgUA4k@6C|2 za(whN#`mPStIFTHSq+7u)_HDt%YqT!zOXs816$L!8hE{xNC}`UqfuyTd4zhw zycBNPgsSpCQO$+p24Cfh-ReW& zuTB7sV$=eGr+*>6d+1&}TaBcHQz;d~`Oi~mCpel2jJ9%OUF+~K%7(TvtAB2gbxi*S zOo|ytm72*E=kw%&+GplTm(8D>=UO&>c3#R*-_f)4x_J7Q(35(D(6^HAc$$WP)X}i?vYOTUb7DmSCqE?NLtW524*-r_ z6ak8Xpl-6rzzWA8K*(i3kq|lFYy}`lyV=iaDCuWK1kZguh5kT&J*ieb=(T^vb~?Nn z-cCMzydIt1e!M<6-mWIE8&mVa$+zy|x8#2l;xDm_esDd)aORL0BAv;s3EW?nfpnlu zWrwPpiqUvDnS9-^HjCKm5dHF=ZMA;1sb$-$Cx6y9yej@nH`ERJ0%-eR&ljNL{#cVJ zH!0@Z6^P z`d4>$*LH2FRe*q_tt7etqM`MloC7GwYU@%A3)0#ESuiidi>pC-VyNP8yHsOaLwPE(P`w3P?Y|Aj&=`MHV`z=PK zcoruVN69^Lr8k22FYSv>8&8N*x?HAobeSwyJK9>StpJdmrGeu^k|j1)hOLAN^u&E% zuWk&lFxauTeYu?-$Y0>7!};CUnfGYAhJc52~7=ZmO)t=wb@3 z25LIBTDq6!pcCQ`TZ37E`5W+&Ad#^*LmhYlfUfKDzbOWEfdF)941EyBQ{N+tD@?Bu zbXP;yWpY}YA-(}K5BV;bA|HPOQ{=#ycaGG)KY6~-w4xA9kr&LFE)^n&A{P*h12By# zYmw{EBVZcgd&B`Fc!|J+5E%sE8Tf0;%_p+eg3^$j93IX+x`?N2$__J@SO4?~i4i$` z^Ov`8U+xLDN$>;o!v!p?6Pa`$_2YoQdFrFUIEPkQ>EBP-k%s2gDC>s zH;eHB^zXU17IYS}e@}7Znj(kMhIcpE14dp+Z(J0Yi^`|^Vd7hnZ2nbVQkkkrVKhfn zIA)aktyYkwpkG4jEQFvn$a*Vr`qX>ums~p0|MY5KT59yaH?Q8kD(HW2-X6W(>3`cO z-RggejdiE{b*KB4l@604RZ`UIRK71$ORCjO+bg72`ly9fvsS&!D!5opqDcSUUC6cB_PmJIBScetUXDx9#A6H{w>Lb;hEpSXV?u5q_ zwYvh$YzQNSrlth({ItW_%nLla5^V|}E63J$um%Lew?GSr_^BIIsf4$q6-w0DE3j+5wPa`_wxAl+rs(p?d#q7Z#$)hPftepYesm* zK|(!DE^**d9C^Wf;NS>hekeFhkC@|JCp9Ncx%~NIvhIwTyr0sXHER$FHgzbilt!xO z(-(buH8@}wCeiN>+UgOSo89YAy=^>YIywMr4vzB($6-M?vtJe5B_j6Gx|kTKz`L&Y zB;4KgKZCNy{!hXhyKhqJ_Wzg1FAMws>*M2hyZwI~g)P!Qha?<6K+oqFO(#EqeS($` zC>r5q2qOe~|Lb`0@=gCpb+DCU#DO84dcH?JMED*j_kZzRzAvSKR50@6q(=u54x9)< zvEQmHM92+HhY!b7L}98pU^j_JEQs`}A|%BE!gg@O(5!?g^MdpP;?M+onGF zE_EdTF8Lx}1f>7e`W&afCSJW+^$7oyUzoEm3ry%0qMvYdpFzMro{vZQ599OG>_Zd> zL!R|rK*=`K6Y$+N`#KC(-|>U+g%`x1&A-QC=%XbHDD>Yeih`_q857E@3$P<$_mpZu zA1uA#1RSR>flK)L1iXFo=GB`$0A_^u*Hw4PJHKm;DStY&A`~r?so3cVPh8sX|BSGQ zg@P9NIo_h{t_ zPl1o*`%1%$9tAGVtDbFd>6NE@2I_9(?{4EycnCkBDDrr?uwZrq9{cOhV2<1M&wVT5 ze4bm`n(|*-2P(yXt^9xW?zkxbS@oU#-$GgYO{aPZ2P0?UQRL8=of?%S_`NRni0Wsa zU)H9u6Zf5pdrdGzaT%?T>yhVBg|yF8MsKooB>yX&KnYa;X8mnwI-A}B_8xQgj1 zxbNwG{%RW4`J`#0wS}gLpQjJg5nh^{i8L2_xtquQ zU|CCf&nNVdE45OsHXe7$9C9MQJ6={B?7W@ct) zW{jDcnH@7TGdnS3%nUKdj+q@ZGc)7#IrmEQ&1f`#R_{_vC3RKp-n*W6y=!T8vNo@Y zqzRaCVWbn}%r{S*wV%MRYpD--2$oinWS4QisZj}hAHEFLVbb&qPVNNPhs&RXDa}V< z?KxfUTP*LS-&PDZHH3&2VLh8F6>ENH$jF$+W(%b2yRfW99qln%RJT*p(#%&{C8Y|L z9+tbGx|ptomk5mn7$x+)x1@7E1bQ!~Ol?L$i2VHgdTb~7I`YE)vZ5~?`baE!DJ^-) zu^hYK8Xbsd(VQMLkrwJkh`O`S$Q(q_%b!@MFj5B<^yLH zZ|mrMb9zcY9}JIOL~12VP8~wpd6NMA!vU`VpiTb8xZml)9%O=7+PWKPT zsUcGC)uq!d<#_YV`_qLc(U_ulqCEU>i#R(x1*6enP8aDbM(X_qNXGh{{w~L2F;pBO z7?Y*F5}&zT5IP#f{{X&Ro_`yYWk(;GrI{&et(gNw6{RBODs#s5%&2u3OV2zgsx3AN z8Lz^YFL2DopDu!?&98iz;}rUA%xk0+=##2HW@t~Qbx4l#2FG{Nd0sRr+7KT*i~!Gf zB(fiD&p!{;_*i>roL2f4ItX(maQL@v>%%%TAKFg}HGg_#2h5HMN!=%;+17MfSkJjs47@ zPdwWg!HZ;5I5s-J0C=~MAN7n#hU~sC1K&?bGWw2OcgwF!&Vp)w%8^*0dq}`HSr(-phpMJn!pQ>6hsk~yQQ8!_W->%c{Dv#*G1 z&U4p`)Ay-Ow`3N$N!P6v>o>>qa88$ym!ur)6R_JRAd=a3X%WuVv#=H_;JFm z908GG;|s872);$o{WP@(FE;c0Gx8@{T8o?*ZQzk($f)c&^(9DaR-W8Cs!7E0yqIQ7 z`mzZ(#_vpZuHMowsHha%naGz|6eeC}{|1(u$63R$;+JK_LgSNV+64G@9As>o8%2sA zRDXTP{uQTzrOtN0nX5;u*?_(T)_fOD`YogPa>g&sqrK!u_hLTfiWj@5fA1+|9FtkV zaN#DIDnf#NUlz@Y4vWL1dNOt^+TfGm9f_gGJeA!aQVY3a556bLEmXG!`-a}&1O&BS zMFyPI3|cPnK5pJ%hP_GCT8{%57K$To;>4jWHMR0++TF&wr4`)wGc-!w3a)#*+x%nm z0Gs#FpLr*m3OxN#+0^8mBhorF^8b%s5z>R;^FM-xC8d@q zt%0gf$*olQ`*YbPqw^a`u!!qRZxP02L4JSR`dOfEPNkXgREr%PuS-kOUTC9&E$>v@#s_IgB_ASfcv;Y*vK`nr6vCpGn*YzcgAJL$ymT zID3bK47>2Ddly}Sm*f9!GyDHiD|jC4)rhPK1+Qg2Xb_<75+wg++;b=_fx|T2JC^^# z=iemTI72ahEDkp0`|-hBJ&2xh`mH{qzcO5C*?S97KSCXS zj|K@A=?Xe1J_5)A%vQ@7;6sx0UWVc;5Z%?I#(05Q>s`Gh{kCYtE$F^*Kolm_(*6K*2fkxp9fVyJqZN@@hz zEF?Phv6LZTD8G~yb)|VzDNrhw-Y$nw*GqI9VV_KuN*IQ)8puH7jvF1kRN9_;Rb>^h zQtYEA=;u`xCQP)g5dRt7cOtG;ath?@<(XG9n=YA-@*`MbFAktFIZiKEck8T%k%O65 z>S$+`1r~tPQ)_3d-|gZfo2>O+m(|7vb#ZgWJx`!U@6VKy{|Xiu&O69%`83j*G@Zh} zGoA#0sDqWMPg#-{ceSH9wV)y+H_uxR@lMB>n1&Q#y$_Vke1EL2@{y{Y{)>H7yfgU{ zS+zEfQeIZ7==U7t^Jw7zL;GCphebM!HSs|)+xTPw;c%6*2k8PxZ%DV}o5_PIr%RoQ zF_Bke?R@6x;Qif0m@wR?^+&$RdW<6!BLwgtso>KnqMs?!uR32?!7*;{xc*xTnVr#Z z^+b!}YK`ZF^5}LX`U8AtH`YqE?Wx)bVZ$FASa!DQE0|=0GYHN~b~+7uby%%9P@TE4 zqZiMw=jBajYojX<%vMWn#dkN;R!cR(NaP%5k^9F0NpfcWf+&s|4_uz&rnB7B_{ITy z`+fq~tlqp2&oh;Ys@ng-*XCsG_1a{kkcevlE)IpDZlvkx_p*9Jqh^T5*CO1K2(_TI zSw0qKp{^sbVYxoh#l61aJCN+4@w>#NU^cRdxF{14%xOD1L#^)3m*Vjg!7`@3?hC8LFKFsB);I zN|g9sGHc;acw=8@ZpT1>*XqX8$>1iEgQ(#P3rm+TsQ%B=>%(MsuuQ%BM54N`JJmB_@kLuh$_~?NL2Iy_s3N&%n1PSB^p2b}PiCTcK+GL<;P!_oEF zPya8(21eY#-wXe`VPj9twT&K!6n-LiEw}&qZah-u#plFh$=H;JNp)YPIfgO)pDoCIpY7A%sVYv0defn zTc4Hx<=DUk5XU~6V-p`=)j9*K`0`5Cqz5!NL&^MFXk zHukaD5yybIk)AXmUXz((V5~_>RSa%vl=b60RA>%CNnE59F*6yAlsM_|xrUOSYj>L3 z?_Lusl^N`RQY`2ruz|7?EW&iE7a{?#=T{~fE? z`X36Z!M$Nn-g?iN&5Q3g@pp9wUgaj;z;9C>+xw9en$ZY8M}WTMSTYe-)O*DYThBGyl2>Eh*x;GTo3%MXRH;5+lcp>I)4Tmn(%V?Ua_R6FbR^!~6W zB7^QFgYK=3*F4WNpJ+`1pMQ;RE1qhl?JaO+In47&ZM&LYf(N4fAuVGw@4u8&JE&<7 zV+ZDH`4+7>VSa949ePGO=woQcE%!6EeVmDIjMSX-F2GSQcStwWaK}{^#QEvS?q95X zsmHGXe&+AyiSv8VtFr6%ETQTWxN^&XI%K=iOJ4**{Wl3N9mFtV+}P-;Jp&-d6@iJd#v`On&uI0j>?b!#ng_0AC$1V#dhB?g3o8 zggimb`6Xu56SMnHLro{i(>$>&HDheV8G_1?R5z(;4t`+=%fI@n?>{u$hNg)M4Oxg^ zKnU5JB(O9Egph%oOw*{yZ)r?!czBL(lgjVBf4FC<|Ao4xj*~)QLBS=ru?w0xwM(UPvZW_2PqFxN7QAfUzOkr*{|csHzU%%G1{WN{OzC*X2brfv8>xlL8YN z77f!kZL8>#V96qn)tOp7DovLWtYUAgVV#bHpw?ef*RwL>=GYpmci^R+FL674aAGAJ zaziQPk-NM&byDsQv@ufD+1krcZKR?7XUz2Tjf!&fTUEs5RNR9ny5Twd!x8sG-*pl% zU`|b`E~NF?{yCpy6HxVOng$=u{4_^!dh43_o+)ew)t0mm~quOxBhJJ1>?LWU3NkzL2bN099DGf*EO7wdwYfM z91amdq*QYU2aO@J1w-l)JyICDaDH$9hvRk**x;VdA<{ayrw0UydEso48gQ{Kmv6S}LKV4xc4Zap5(@E7CQnl@Hn= zq5N8^u&J&4!u{9Nyzn0)OW4f_`baRmxbLk=D_{DOn{Dvu+*<84(iyK%&zIxV{WTG3qXnKd|-cV|mP`bgdvA>|d2)nt#gLacZBUYWi zdf>^`4PZUaOZ+awcF+cAd$ea8M#nFQ>8RJG<{)SyBWY0=%7;Gz>ulj0;uVu(!gS%c zVU~@V03k&~SK`b1HCI`oXGK_+S2) zVUOQSr}L-p$L+<<<$GJas=mG2F(Qaz7Wzf+ZE!xSTyB@k>5ncUBknBR37%4Rn!w43!f~VdD80M|}MD;dKLKwEuY?rP6;I1A`kGppnxJFVq z%txzJ7(~H58J6#8$DvnZ0dg;nN@v=Afu5;Pja|PYqblBmiYj$ksc5zktd6TgKENv% z&{tgd=d0h>Uq30&CI(@ctDZ%Ab{QJ_m#p>up)I;U0#Bi8u_x>nf^t5-o+oqniawq$ zZl*qer;MXiiUrA)tRNqO%+~=RSGh$$zpQe|ByF-X#Yasr@Tn^ zdR5woy%Qzgzod>x2;CD2+o+TCtWG5;Jg1s%?2-~J{CVbG?a?n7U`+jeOKp$x4r{&6@k;97q_23oNG$~TNk zsJ678T+-b~AiC|)_e793zUu&_tXy4n6L~?-x78W!W0auevnpbh&7JERLE`)R>9QTO zE8<40D6lT}GrTb&#?M!6`qsysxS?@=QGW$jF1C%vr3b zlf%uMB!HRH0F1rUM@0nG_UX#l&?}lC)}aqx_;z{vb{@h6wS~TNDEJ`hUUI(>G*&1Q zK)$vc%b#TTFNK4$Ps^TILU^#p(x5=c;a|gD*X6IPTGrWfe968tj?+0G0fFoTwMs+; zT$m>f6!##CHwPI-3OKM27xPjz+8ntB^;+yDB=`1mSBbFAeE%A&Yq zNP|*%<2cs?(y)O;7H@njJ2xN0rdPX7CT5fn@8;T{jG0w*L!*706f69N!Ma5^aIhwZ zF^;IL(X5_Wqh+19{MnZ9k$K06A$3c~?)>qwRki!JrB&zoDXd59H>#kfI}VhG%%c;0zr+x~tcn3I%!?id**fNn z1K|hRtxM#3rq4gWi;F?lgIrJP|3Gt9CyXB1fdf{!9GwI9Jzky{Q6z>V3H807T6~k{ zg1ku&EYkhf706qj#wcArZ&Wpz98=l9s}v@0V`8pIR-j#PLml;GgMr`9%Dv#agO(Kc zO)n$w9mUoYJ{k5EgW z+l^|hyC;m_W#s3CR;MC&()6pa)?JXEmCd77Q^mBvH2Wv6oR=fU4-$S5K%qMkk$4UY znLmI}Yw?8DaJQ1I>3>y_nUs$UdNxUrdPOLy>Om?+>-c$Tv?o2V_9Xt9;$shh8zB)4E%H5_iUeW*&G>SUb{l22%lH#qVkC0GS46^kWtY?e0I>_YiXl1D%(=XQGd}7|yvn z>Ky5iNO1p)xo-+8ZFA|N<9(hPh`X?kRnB<@-`S^Nn)FLt}I0(&PgAe*}Dbk6<5C?83Q zc^X>2tsf`-?Camn&Ft^Y@Q1+n%LB&`r_%Sjui2|70OFsXnZ5mu=lxzLk>0O-U*D|? zqY?_|es`z4fd*2+xi9;2;Z(J7UriU zK%#v^&!Y+D1(3WODXs$GBupv2Asa^Yz(Bl$dvT;nu@jIw5e4}+lQH*!Jcmix+x_DC zBM2hoPD0Yaou6n_GWw`e%c711tfQ?@XOS>v*2PL-(->)A4ZQ^%0=xq6_a~{RbK%7= z{hOPLkOs|Rvx2c zZB%XaPKzoy>jz^mXS_{1aKI2HizaOkrymza9@U2E&s9Ya1`>6j!U+BX)hL}MQ1QL% z+ny%5w-0x}c)K^(e*gaM<}6a5__$n)LWW@qW`ND0<^So4R-qUb9o&_)3s~FVDk{WA zh4(jV-ir(>L3pS=ySz+D3?Q0;{oU{^H9jS2Oyl?-``Xw^sWCT82%G>Xh}Lw1 zl-nSI4E@s^awRhulwpnXoTE+^ag)&}GBJ#ce#p%V%WBP^nMOMqV(ts{Gy810cY+_2_Glsd^7)w;FILp^awr58_ zLpcPZrOh)`?a|B#irVFT2o0@iI&r`gH*oW(0MZ+KM^Xtk=G`}SK-`c3&3u+~!H+_U zm%QRKF5vFr5^LNx8tdu1*;g*h$1s2-s*aPX8TN|m4RZ#n1n!8Un+&_%g<_;n1^v(Y z#Rv8C=Nmrr`{x_F^9~S*r&6S_Pu8)gHV}bU^NY5d>Z*q5NCe=Nm$SOTmzU zGw?;5_b|%f+~PoL{~hnVQ#+0)*mzCPj3%0w6Ab<*g`Nf`5sJ5E9-v;PwDZ#0Mljp! z-ttrULz?!42=D{L#Y6zDOrzD(1k4ztpV>l+sDGpGi>82?9U{(8#$FkQ?iIb1QA_Ht zjV%s|>!0(~P(^YJBlm?m-{aEk6zL=%Cbl2hU|RYNFY@e{rcjSJ5HV!al91~s{9C8{ z%LVz*`&!N+>s&ae%7>k3$Et`W(sFP&&1=;A(DbLdm3iOQih2$x!j!}w5HEf1Q^^Cx zPs=kx;P>Zi^P?c_XOvWxqvJ*R;n4gAAY>0D4%H^6AN1iZrNODinBXg5{8jT(2fScH z%O!hvJI)Q@K75-^%X5$|3vHJN&l!-15HPgor^tgy_^cxXc35`|vS0BDjGYhAcLT(L*ZYkP#+zed_ z)OyqjCb<00={%XWrQozYGGRVLOMcttB(1P_X5ovry|1sc3ew>|F=_dWb^MDomC|qB ze8-gGLAN$&5ZPscee8HJffIC0WYpP0R+ym>#3WTMH2Ho`s$=Eo`pM;K`#oHQ?Upua z%9Jq8em^*o@OTT(+AD5O%@LCRdNPR^z5`2?oQB!xnXs-tJ6*Bh?HKUN+9uoJX2EBG zSDEtTHpZ>^d3gWD^0;%ZH&Qf7dkvCeWYYAw4hqF--@9B%`$|Xlm@qHjc1GNQZ|@L^nWq-xPoMnLcYK>!Eh9Z(I;^ z;PKc|B>%bt&EGPA>2R!$jgbo|p&w@Ij`?=HnnC!UxwX^=RF=954Urv5&4{YoK~A0Y zO%I*EL19xFbs%|f@61&n(V&~|s@RvsXRyf@PmS#Z^oGK$?Q{B#A~{n^WE*dzn>3$Pmm48n%cztS6IBvYJ@x zN?3$8e{6x6eJl)Q`qCFeD#5jbl(4@-D!NY3kaqSI`aR%IKpGM)bFWP6{@Kcrkg`l+&ld#RXBloeJUa#4KNQj%j3o3;1B(1kbiNn{T!h& zi_+E5-0w?5bs_@G3J0WS2exnzLtFskC_4b;Zod6?>kYw?#J-&j@}SUd-PiWT(; z9>zFlla5hUuq=e1%KG78Y&E>2EQX^}BUlxYkN#7FI7{rc>hTsh$4!=aNXPvl0(^mz zvnxH7A@O=KX8ZWiMz`6Ip+Atm5{KKaFh$>llAI_7B#px`$N!^MBH7b6VRF|uDka7f z&oAi`^&8N>dmOr#6;B)rEO?};AQZ=`kT0rQx=p$9k5x$8f(^l5jxmb3&MAysryi02 z)VKrc@A4Gz3QJy^{V_wnmUf5jjC0+MCqM*)C+dQQdCxw8h!Y5iZK5yIUY<;wd0%{D z@9_G3^CVkMN`!ESaZWRfDEG6tmdun+%55D;^nIb^B&q7tk>KfL#oalWE9Q;tgewxM z?DuyO80#*EHa>oPMt3d!c!6Bs392+4Nb^ScGh;;i^@-t)(GVzq#9N!ZvodkZJGZ1v zRE5f$jQ69O;2ehX6XETw{0N~}0Oi-YJn@&APj&PM z{fsg06H!KM822Ej;=AhE-8ck2(YUw`61aa?Z?CF~aJN|>1T<`2u2uohGBXU1;Rk>H zgM$D3BxurwRB0W)a$HUWJr)^NdKOG>hBX7D>aS!8RR(Xwci+Mrldmtf(hosXq}%)B z)Z*YH?rb(V@krQAjNTEPs2?g1V)!YmtR?BYXH~)XhK~8PG~68$)I#d!TCf2XJ=MR% zcRj-p@RHd}Tm~eM5L(6Di7Rf*NHlJz!153t%CYUN6ha4GY`w9tJJPo+D6UQ$*s*=u z{)!|hniPMq`|P5ETq_A9mxc!GLt6F_j8{DHQGcm-x|8G?Q>~oL*SolaxFpp~L+5DN zV7GYxL*PjMv)s)r#O+EWDFRO6dG^93)?}+d2tS5oyPqAj+}lJrb^&W5gl&6%hwSEg zgBt>MA~p$$SY*ft#cH|&lq~ATip8&(8jic0_rH2Yfj0I$HcGPL_uo=gB7Ni~X!Ila zp*nRc%j0rln^ucxi7{@+dnkf7YnvG#I&sSpMQ20*s*r5Wzu<^0#iNpfNs}EG+%KUH z?)v);Wz;&x9^{z3JKY3O6_F%aP8P_ZU9M0}iJwm!RMNJlv0lCFD9Mck!-mtyeB^Y9 z{ar%s{qs_8O6>Pp0}DCORHVq`EJQ@~4AW`TR<(qOa}C8C(>GH{?U1_L zPZkJCZj$-O`K{D3M9uGDD1*&#dr|f9UT*z1Rxq3yGG<7#i9TK)Vk|7*mPYM%b{%LF zZ~A-MIh&(|SDV?51W>XF)B<)MmCQH(?Q zl7jxk^Izrx$=I#0&^ogJ7{9Dt54z|(OyzN{g6Xz6DSOy4VzKs_NDtqcxG*}X)AOZnx_VnwT@07XtR_r#H^q{KmYI-srvl6Xpppv+K-X}NFVA(0{skDSBTRZ+djZ7ldX-7k!IS&?Qf~9he?y?2FYxxP;p882}y~CzB`KKINmFm ztK_J?p~~uD0jdz^cUi9fAvkMl`?qn#zt^%)2g(Ab>WtmL?Z>g1H(;1t*>UCEV}UV> zck(@uUH9eQ%uoK0w@}9q4%PH2Hm2+gD*e?94At(E`4ysq0XUYerKxS!0POg}J(64*?_ENODC@#~YZnUqWJe!i@MyAWy- zv4#U8IA0QAQ?4^a+#|qYfT*IgrhxDgbSA#73mVI&>1)3g_}tt)ZmT*#;UOi7(rH-_ z&SuSz9MiVxdYk{4g*1+{rCG+Pa^HrbFPcg&$MJQ&sV7)1X(EeMXaJP`AxP zbg4>iD0inE{yVt6j@*ch3=YveQAHX)UR+y9>J_%w+Lpw_(P3<3I5-s8bMoWHFJ$P@ z?}*&EB{}UiaL64$2Dn;R!??ZC()8_ivcbEy^GA~5q@~`UAnL-3Ij+1S<$CKd5Kh4Y_Hyob|x?$))5NtDQG!z6WNL*zWEEvKX# z*i69REe0SXh!Y=z`K`Gi+I42Lb9=e@MSojl}xP#p_{F@ zu!ElbkdG^y!;el%4eh8HsEIx(_6VSV2^;$Cob3W6{fcdpCGp_9)b@^d*Ijm3)9kh$ zeoMRNvMSRdJQrnhV_{Nc0n{mX4ezI$gl>@diYZ>f=RerCXL z(2ab7I;Kq^6QVKb3T_FTDRv_4!2AtRB^z*_&F*8|pt*JSP{ErO{q(K&MIm$Et`q5z zA$Sh({g0oDQ|h^yJo!E`ma;+gtSBnl&y&fB5O0#a&#|h+a}@(Zia;u}Ot2OsnSG4~ z17AFbNIVvUxlwOtE(`e~;|T+%!^9p7phqxgADB*98ZC{CfFfQ%?zL;-T047p=! z1VgMD3m)f_5!X_U^aqbe-NQ}|d2Tlng8_S^s5f|<`Ir;8FVmS?HKCA6K}L1U8EV4# zmnR4C{2k|YRG3pnV1f+*?#2>-*!@jLAmlfJ9`$Xxp6kKiic^1Yg z#Y`mj>g5c^_EU7d=}%K0y!rl!)-h>}l@jP~VAK24Mur+1%#D{KLFDf!GiSQ;9RH&X z)nA22n_L2Y!8TUPXxyJ#!BzCX2Rq90FfQg@$}QaS{x%d&gsyT#Pk-cZ+u^0V_A6pS z6OtMmHxLMF-BNlO^eBdaYOnJ-T;nlFSuvZiBT+TQ40qP$OYM zMVQ1!jiWPO_K)F^-#z!iRZR4Fy8P}Q8}BO`kYT9fVvpJdkiX$LK?Orb7F#^CJ~kdCjR`GOsCt844%A>XAF*%Oo;3-EBYY*ISOql$mOeGG z-X)GQ82FP5L6hSIAL;X(J9HO*R*9#xtv&zI68v1GS(!~yesR9b6!I;bU4{)}vDL52 zjR4}rPvBRFIPET|e1QW|fE|G!k7U3k;~05+7-=6n2_3ywK)kNqJO zkwHAUL^ChBVk4%=3R+l~jZmT0SWTm9hFDG7->7X|%#$)Kma8Yzqph)Hk#0GG2_DFW zGbfDX;eB6BWPpbXQ82(Dd`N*Ck3jnm87Y|EDlM9(`^>g;V$9S(DS~IRqpQTZC@l}z z<&0LIsOXNSVNnj5*?P(_N@T16aGNC!LP~8-M`Y0Z2$Q}IAHAk)wBixu%Sd5F)@fI9 zmHS-PQ~T6x{Xnp(u&k^~gVL6HOKXC-AhQaADe<&cDvQ_*;m-e5o2ZM#*FlJ~6{#F{ z*$v?e&5zQZiDn@+4&R&TKxA@Zftjmc^SnXx0pJF)x0V(7aRLB}WczwMs8U3S(!|7Q zs$;|%+bkI^V0C4ONRl%;?nQ-oC&oL|M+`~$Z!~Ou%zUphs6l`rAxV|KLu!Xd@Pd9n zFrTp9i2;2h%CrAj6@2vNKSfvI-fGkNq53QFT#79{NMPd9%eY%wAXmfV zn_uD6IagdeIV6ZvK0n?hR6CR8#r}Z*(x083`L4lYLH@6iZd%L^u#N>&1|6@etZ>v0 zj$A#9g=#%0Z+8AoY`=M%a-|Xf@9ds(Zy8(+kpRp|xb5n!(H?CKxC9V@K3m|+YK!yw z%@R+LcIGx6H zfzU^09;#HQyN|H#zm+>H+(Mm#LInwDtZFsixXBb&ao+Npgd!bq}L@uXlyY>0NJq0n-?AS)J*Az=^<$crJ? z&d7ew4R0w)Cm~P)?XTUUWbvr{Q)7#P$dJI@9pei2fA#FBUz|?GDqKP<;|SY*U<$xv z*1~^gb5-2C@18=JEkiqUnP8L9FgKR81}Nf^Tk>=E)Tfe#7WB$h&h?q{(Md~iD+I{5 z@rVpEYwoGX8BOQ*Pc&pig*46+$tr3cC9}s~+9svwFL>7P;}uAtS` z7Y0p<6NiE)$?Mby$URY;($0uR7z0JMafD!}03+rCc@(vF3*Y&~OwI!Al~c>#AtW;* zLTjS#2e`t_$e&|PK!8UUI-^(!W3wKk9$vGIPfmP^7ZyMVGrD1oSl3s)QSjAaH7%KI!O#=|8BR1gr(!U)+A3Ti3 zjWk{746qA@2uz1WP)6#0dymYbunOnL;YCO!i~I|ebL907z@nV%+YsFwaX>q?BJQbS zOIpQ}18oJRPVGdg=g5-qk1%AdQc#YlHq)|HK%m|Bhk*JBC+P z#`_JA)Cg>_U~b8C^Gl+W$kRyrZ!Gz5Z2xbZNFpFJfI?o0`=#-rJsvm09!q2@wVxf1 z%1VAau^W{I^tSAmn1~W+iXwYqe`80cFB0AN{);tBaw`B4hcQLYSR7~V(T6mM+aO)C zrcD0x>dFE2gluz!3YB#jzf!!!VJ2CzLN8rZ+BHhxXoUQGltAt^ITZQhUA(Aiwom^YL>|&N5I#~w)+bU2F-mYxV zG*L#&M6Q!c5?`V-R%1?(YZBE4qn=_|4j)CwG*EDZ$5s}Qj5N$x8K;}_glvn~NfG$a zd$LXWh+#v}TM{%9L7r6|F7q7~oskS5!ECPY&ZI_$DqOMTO`Gab)$YQXDtBmzD7nQf z$DRNvzvwd+ta$q-V>PSDRaCMpUvosTOEInMu=iu%^I1`n5A?fT>QfPe9m4o45j|AH zW&8)x1<7(_yiJ({+K3+|%#t`FgRPI5e%CBhcYL?N92_7@o`e#yL4MGUvZsNUqt@oI zs)-L1JBcC7i2dLl7M~@%B?v9D26`tXt29Rm3}4geO6U&DsCc|0NyystEa#gQU@($R zv+Bw*O6JLrV4zF#Mdi-DgxDmExFP15hK@8v6%X9=Ub;sH-CM26?9Er&$n`W5%Z(NT7CLdwB4Nd4y zGhF{?jO{PUXB|DCYHH?)%{7ELm>RCen#nLDS2aVYxR)njGa7_OKu}@MO;@6sO7nej z(23dHzz1J0+!9HB7g#Rp5pBKCTY@xaX`Wq@P8j;ZG5{*vNn=P&=Lu23kc702mW;~R z@(tX!H>N4kJRXKz7Yh{d_PQZG)We96b22t-e$;J=w-Y|$-TIXZFqc!Fo7P|=1`uciC zI*Jy)Ra*RCr=}E()=#_UKHJ;VTVM8 z$^CW)gLEn^XdCz9;YZ%WBq!xi`wvkapbW^_zCSs3&g`b7ROc9Fk~MIqvcmWx3>|67 zUl*xRx2e9k=%yG`^u%5(WKuf>=f2|>3cP2kJk;ytBx1;hOy27MGN>X!DBEw{b9NzA z^y|5un2>lhN-907160T?M!BsuDmnnoDM-l~YUDruqDRPqeq$CeGh)#Yks#VN0zpaJ zUQ{N!`|uf$6fe{+VlIO+y!w9PO!P{PW0sx5++`zgRHth}_$=eSx)`{`Yl?11 zIrW|I0OS&OLu574+k}cV?*JRtO22uhJ@4|ug$TL+ICRBAwI;rWR@WgTGvb>+L~nb; z<~2?J^RX${gsH4%t)MrLt(i{dYV-tIbDJpH3zj8eWa;(Sfei<^)d6uBLXK!AYPQ9s znH-93;JZWc^QTqUw1)6Z%?y`T0&hH`eTA1Nu5 z!56r4PYTYHuXcynv_4Wa<%c+#9RUimB!q{y8Tt$4`4d;l%piNmK=q#AnW}kX4yatp zFR0Uc=7WtKni^nw@pF;*qY)E~kQ3DLCx3g6QhMUP+m0&$-^-f@aQf<6dzYsJxF4~b zYD&TVn$jg@@+b_KBPMCnvC`3=#bQ%^_0qWlVk`}V7TP*h0SfB{d{A4)hBU!Wsh4o( zb;)=o-gs@BBsmj3k{nV6fiy*-%)UGygfc#m#SuV!MJ4f^pt`K@C3?&T2#?Le^w%xH z*!ZD=;h}bMCk9&EagRz^o~{EciSk6+ZTRpyOw!ge-(O!PcX+=1z@Zs2f29m?!tkqzkBMpcN-b zC_#*xrM6W_-MZ)Hlmf2S%<0)=^AtTQj>fLo8ryIkPs=kUP9Hc+mgj9SfBst{CCJx0rx!G zLl)x4h;+!68qdCwkEW-0h%qlzv_jtgmOmWmZB@>)#IIkf^~fa~Lic27ckN)c^|wY2 zAUs-;O4y@NDSC~^lBj6izHjTOH@kzUue3ZEg_Z&X!!aO0?2`sf zCQo>M_$-;D2Ein0Nm8b?$K(74%=1xX3RMg)r0c62EhvPu$#h9l__pXNxXZ#i)*vGR zgkMMXjqei3x$E(()-$n5x+F-|_jmruBj$=U5N&)6b%)`Ot4u3?FCIlUvidLBspjga zUx_#ilQ}I7)Toj;2aW2@^-RvJ*pS>sKGQ?R?f3GJC-m!XkoC0i{WY3UYmgaC_1b2K zH`YC&DUQeQHTie#A5GtDC@|HwrBxou2*F@5qslHQ6b7{R4Ibkbm@R@2NtZD>)xX!$ zjAR6afrv8B$%QFxA)`f7Oj)%HL&o5}2XmamekyH))}ohaW|WRbIpN8zQuEhf$U{+L8={ zG~ZZ2l}Bgi5HPID;7?XXZp}Xoh6B?51Jis?4stWR~2DTSvuhdVUCrVyqYcLlIbA zu4A4P{&Ima=1A;NgB#j*41O>h?i`0fA9F16AGXsbIb^`$pT8~V&!9%QR zEBXxP&XGk6~Mq=S&p2aN7%OFv2#Z-^2_L*U} zr7m*!eYE(~ZS%lVRW6{MlM}ND5Ht@wdmzsf14&^_1r;Snh=b`tMb{oArTdDRaqJZ& zGF5W_<|(}yf))I}2T!zOxglD1H_iv?#;RKT{hNUySG`~Oap25ZfnS1IQ8L{E0g)v# zjbVb>!U!-VBKc^VXwNeZk$Z}R27DoB>>~*Hz{(N9 ziDE`M-uxIsK44gXe+m0KZEdv1bASrvy<@bycQ&Y|rr1+&{HuKus!eSbQcTrflg;ZM z-Gn3~h2xa0hoqIxeGYis>fa9E&NZ}Oaq*bUo7bjb!9j!$&F%*i=besD{5B#}dwaDF zwR$0V@@40nVgX0&{@W}^@wSk-zOq9H6FR}OkmD+5m(V*iQ`tc*#RSh~m{)x?=r~T| zjxcOi7$wj*K}y}|hy-0g`9NOXds1O)i_9rDWl(m^k|PYEi*_*Q50A|#IE{g*f)@ye z2oKL!Xn?^w@)eI3OGDf%WkAT~NVcHg|Aaa+T3bv^*t2&iELPRUV{N4T#;(4$x+-?1 z4o-M~h(VZXY8-0vCk_Adk>0smr5^1XsTtXuocA7mKyr;4PkBU+WpR(QBzF{u&~HE=0PyK(@ z8*V4{n@*j%@<+|PC`fbkHFRu&L8>RI_Tf+7(ooS7%|%&;WbWiB8YL9F7taU&`JtXk zE9(+D^d-`aS<6#U<%7^M;*j9-RK`;XmMdtaK zEMxHuMO)bHDqa(`@GuGrjoHfkt)NgxV0p=00hFepj@F4Cmr_9}>Cagf?BW_8sBv}! zw+sYJdMFY4;DUi)ifvT}2MThje?8KVjmcxbpARAu#DIHZLdBh>6*JMf#uWUCVvh#_ zE$}mhew;~v%U?DlV1+y9Bf235W@P0!=1V^?Bt`g{W@yobVxVNY`e{(-b?O<{>#bsr z)nRO}F>3i}OGx!&avWp1#oY=yLux0oylgE-vS}YOQ4v*BVbf z5y+u z>AD~w^j{wtu!o?bm&y2-A#TIocbwzckW#TRCy2p`IxeM@X%=j#80p+GN|*T!Cu(69 z@?uiWya!yN#JsR)SWJZCul3o=h^UkZ0AY%g(o}mPPtJglr@ZN`%mpj7bJYdKxhe!m z@EJy6{_OdwLz8{a z3`iDnza;&n6(%o80K-~o-%=wPF@Znmy+xH`7fVYDsQ@J@OGp~c6*ADEjjD~?z;Qf@ zjrOMwbd;i1McBfHr%|~)b;W?B8L0Fb(c~XAre0C^SV)^)vV&BnZ3u$@v|#7H-NsKe zB5*sy038(-KrV{c?G=9|^Om~jWZqWau}ohe(oZzy*^WK}E^Pql56n*44buxLtp^Tx z!7Q^`{1nPWkVP7jf-)vCNoi1`g_lL#Q{O#Ls4bp=d*F9PDL+UXUyDvvUSm;K<03k9 zHX-qjnM+OF)r@=VEq4c5n#&>8)F;qz6wH7hNfTx5if$IVW?s=q^J4 zkU~vxw3y>>s=XMLul$5-7B~!r5LxymM$DFAQc>GB!mG?#yaU!qCe3CaJb(k za>_)e;L`oV+mHtv$2J_jzt2(>vGG_SrQ@JF#S#)SVdc&!mZG@GZ7ap7y%wI*X%fwq z<*!r?6HkSMfJyQzv&FjBp(rIJzYo5%Ii5z&7PteNZ-#c%zXJ#9w|1Upu z^yY(1Js3*YCHM^Wv?&}g8jes^0v1K`GuW>*Hh1)%|Am_b{8BsNfD-&gr!>N;-k%NO znvY?jpuAH{oW0kkHl<7EN281?x^DkDjM%U{#R8pf$%5~yw(QbgA-VkdH0mgI&5&K` z`^DWWmGj-wmM91GO1ekJSjZz^4uxN5gjRi07dW~6AjfR&q=lce-d|#(k z?UmCs0#%&8G`tcO?WEAU;%Pqg0?h+oDzA1`#jCYgWmQyX-%=k9>zO_2Y$7Iz+>S#- z60r+4Rdn!6f~89vuvM(=qhHvCP=j_5&xfjVALPj{OhoON4&J1*5@I0GcB9%P)^pNWGA#yy78I8I5<&s=HuynC zcqV>08u7lrdfD9-%2rEg2LY52KNhsyUbfzHy==8ah%-FIT;diE7qr_}vfgU7B=F_2 z^u@>dbVyQLcxQq=JjEY07V9G?e5Y|IR}O7$6F6WHss&XkY*&VKG@?NsWj;EL5iY#2 z=t47%wZ&q)Yoz8;U8n?mOK!3mNS0b*yju#^ho_}rBSpbec7f+RwLa(=hSC*mIEwU! zh?$SDIv1J$Zprz{GnSHCm<(j{Q`$?RuyLex$mRsDkWE(g%3$F;PCc0+q}7!wsLtSV zPDmovNoYDq8Ryo%wB?KxVk*}66bfSgeDrJw9lkx4!5C8-Q=tI*j#ky)6&Kn4YkR9; z*bd?{--QyS(%oh9O3K`fA>}Y=b}~d`bmB-@DM~E@#AyuSF=hjCglPoaJ&yxry2s&A z=dS^EF^VAkgl2q4D{3&6((>*V3yI9}9v9v=V-OY_U>o5L?RhmzgY@b!E_=Cy61j^H zadny84HKRFBa)`a6igEteN>JTLn9hfK2dgjIY}ezI+BJwbo0thu0|fAcUYH%g(b?z zR0Z$|Bbxx{RL$seVn|_17c{dh2g+d2uA5c_=w`BCN zH)pvwBx4$POpH)#a>9(MD;<=JuzZ!{WAtb7&lAgw0>1q$PhqdJ+@FeV zx+~7eNZ0(pa?6u=#8NmsWhnmvN6`mJ`KCF~fEtt{c(fZ*!MDnpeKj{GnLi{M_RF*` zQ}N*QdsijndG8Ly56)y1&U<(8-nDx5-o3nZr3`*6)}t~t6p43?r(H{9II$;r`*%T6 znR;e_Z&wWg*g;830?IWhcACZzY)PFg=Ri8Km8g=N9FU<(6q58a>Ja#5WekZtK&7%H zwWxHy(~$irq&$i6ys*4ko+UZlxr>oHcs$A@JzM0Id#ZNS1Bi6bE(nQHeTmUqV{wSy zJ%!5=(Mv%9mUOBxlqxA(v1QG(tJCbYP<-3tm3U`k`nal<>}eaC(lklygq$)vQzwg`lI#Z z)#2&s+m|O#tyjk{j?bR{_~G#6=hOPzw};Q49-jcsU;X^_@a)h>hiZc^B|=n#@39ee z2=|e(dVyXt+6L8EqtZI);7p3Wlrh+5QZrX^wee(wlojKW=E{y?Dop1iFMERJCYX#9 z<2uDm;r%XUYnR)SG5SbjnjPuo>Z6YiVPj=TVltwctVDTbJDYMV&WMFtNkkeSG$dlG zr#Q$U&I;BlE~dG#!9wjPW~Iw?L&~$14s)ph0e%ylh6PX|{IV2NvD8HLoS>HpiBBhV zlnF`;VPamOJQ0oT`~BVyir~aUX7}Er%TB2QLB<{HayWtci2n>}d&&`d!@1R*D5ez{ z8D>PJ+u6jd8u}M;AOkBJsqwBpDdu*paEOIh`>EpX+dT3+pG>88Sbkq4;lAIOhU$G=6d4jXl;b1_*fe>SG6=uP<_S4C$>WSpiCP_(50IfzxwY2vu#UY->5N8XOrG%o z%QbmbhOlo3gnhi_RW{Mh04FB)(+^XY9K3sY`26|9e_fd;)h@nNvtF_AAxBspmsX~r zj;OLDO9YeJktMo{9s2RV|NFl_HYcx*tpZsLf1<*?sYa{eA?JJpg!R(h(ye(o4m})a)YES|zT+Hn*hnj^{c^m8PBtbinyhMO z3Z)Zfqk^}i=BCwz)T$wQujzGRVyi{qU19i4r!8*wO2B;GE|PV1Z>i93R3!UZ;Z##{ z9L6tUp*}nh*Xm{;cZv^jMr$8gD!+@~R6bh%6{)_Rr7Raq{)92XeU7t;D^$c{NN^-q zF4-4E(v+oQEswBLf|WAxki!WRWIRCV9jvoixm7gIX-F0XH%jd`(oybqbx*7`(#7P- zt!Ej*h+Ze-6o=3!F}=hJnJzo%x@6#vdr6HRL8vD2nSO_70(oc_N5N%XM)*#G3C zpFky$%)yLa7t7#F!FxrgE-o%?-w#X2a(eV1cXN%ZKgp&M?8(bl#I$5O0Y`0gWRr=n zy<%u;X;^iW&`r~Xit$-=3}L0vQ~Uf5i&dA23O7a1X+UBj36EGZPw9A)p+5&Kng0## z_ICF)J2{Rj7a}<50KGj-a4;bn!VY?)hIH5Op>0vXRiE6>-yAS`@f?f;>4cy%5Jo2t zg`)t|B%*Md+L%`ggb%Tq0stFA+yzDgOD%m=DTFh}`MV&O8g>jQ!jMO@2=6{WK6>`z z^qIHo_x|BHuVc8Q!=%p`&UKJ9TtJI2#H7aKRQXS6j4o0trp^xHY?NK#lsHDSERjd! zL@m`*9(}?wat}|@@u`b`JUl%<-ErO?pZ)Uk^%;75cye<1;_Ud@DSCN=j$XcadVF^L z^2I57`4c*P@lW*Y@r$QBh)~EmK|Uprw3VgcB%vfMTxGg(eZ-C=O@58^nUa$IZzu$lIr~dxqC%e17-jja+Prcp8{kOoq>Z;fHN{?>3o2WOY4Y(kd~VRCGUmYbZ|nIv>%|^u7i`r{M_|-{e34a zQpOC>A$m@SDNg57Cy_gfLNY6>P*DOG%(IAwbCKItAfy3>C~=RO60}@$m-!7 z(TtO52p*)RN=#?X@skYUHU;^Co znnfA0c-q}|guymIksL>7RvzuI&CU1Ey3h6GzZELApp7N+zt?|KlmGj@-o5<4jc02M zRYcy_7LuovZB_W_xO?BzytDMcW|_ zGUT3>V^5O$H0 z@F^V8It?Zy%p)3)kL50+eEkd#_z6`8qS0j~5(i|U;wYy$3ntH`rLDDP`FQA@%m?W6 zX9TBeE-$UJRO5uhEUmYzkK@#nVCeRo3N6s=*{VJ-HIMlB% z2pvzd0qQ&YgI6C%*!H^4I0^taJC3piQAICDs}G}qaH?+OJ0t1T90~Y_#&W^vU1Q+P zn2E{mB3I6q8yP`4c(PA)gvcKV_Iz}ks^{=^HL2lS07=A28LH%$b)d=`C8&zt3uvFQ zghgyT|COvkdaF_~0QNhe^2+2bRh9T6`z88P#ORbag(i%{VHkH=H$l)_yC2=khR5oC zPgqzH`vIFKEGBVgSPnAc{U+w7ybaMs{u^mvRKGOQO+bY0K^Hw(nT8fxniLNVVrXzs zP|!tw@xhd>A!b#9es)kD`Kzx=#YhNwrezMq5NSbI2%>4xOFs2BDtbs z2Yo>?l_A9aURgq^xg4_$ZIfw|%`KvJszp(f(l{F-7bi(2M9fqgpzpYAQ@+-mwX{`5 z?1OVM-$4&RUH1)vrq@bY!OraXv44zE-2+$#XzcAzqNYcAK7^RTGaM66x~28 zWLvbURyNbZO17!G-7jTHO5uWYvqP(c@IuPd9Cl=fc{nDSzuK53>U@NOR~k7^rZbWr zv1x)+g51CN{oTITbL)CfJ0JKR0}yl<R^cK_-a(D z941+nSU+5wR>hrFtI?}CW#ym$1=PY#k}gPD{5u=2NHksgHhF6(l-1QprHgKkJjF4{ z6)9v@SeZ!u{aa@$p-60$P&~sK8RZdQSxnhAZj)51>tBONN?TizK)Q4barEM&iY@qL zK`^COD5C9&ufwp-4gdAp4L6C?jY#2ps@?Y5b@JokQISD$#aWdOaj=HGx&C@D8_cr_ zOVur!YmsnK_05s;=;Z0D1Psz}4f9K9wqJ{MEj2eswZm7(D&yITw8IJ26;>x< zZxbX`*J7{Ff30;lN5)?SYqL0m^T{DP%rnLV9FcTIs!kHThDN%#E;)^_*Ir=-<#ubd zQkc_t+@0-0ktM{fRcIsY(#oq32S-_&6P-{3ZUKQPUwy!ba@c6BQYaOo2Ur&+p0OA!UnNfKgQ5Q8^jRJ+kGCAl=WGmo7pk$l2E? z{RCQ++ik=3%qba@PvGQ+14aagh>gHAJ!;1RU0$Lg32@GdgiPbHIgN2nWGJ*QOJnr+ zJ%3NEK5z;Z&bPRbymEvC0u&jsJPuuX;>&j)JvxJw2Pv7d8RTgpI$1)7BQ}1>;r^6q z9yg7~qem+$)#?s;3)j+ouqfkx-k!bdd4K&^=h3_W@A6-dE-xRrXuCun^aW+?6z;l4 zYS%)*0rpwMZC~40_MiA{%>OG-Al734{+;bxY*pSF_zT>>+cuWRz({_d<8iF$LOf=Bzp}|3I zXQ?Q}Rb-V9cajkwK$;yl_$GIu6P!)_jG61edOa7p>IP~3#|sFCaYvLyAykn?y5sQzy7Z+HMW;#dPBxM(RkreIf3m-gm zWd17Jd!?>yR2K}iu8PY@TI_IENd-X&zcU&`&_bOG_Wmu7!-o1=WAs%5Pyd*|RtJXd z{f7sDqoV2H0J-mDeQ(VvdUkU1@88+ z|CFb2?$$oXt&?8Cp=5zqhBkASzPnX)-jnR-K^h3pjEgF-&xv25i{Di$so0THu{uM3 zk(c4!@9KZU&&KpWnKtVx`rqST|8Z6S+q*yidppk>`k&=>k;!A!r5tdreuMgEGyy&wf>V$h%Aj%h5sCl6X` zv_>gde~ab{OhY;*JhRcUI(&fK|Ea7scApO#05$Zw(s;Qi^(D#uj(5M~;y<@iwmNne zrX{>;zOQ-<68!oQS8-UXsiSTpJO*|*BP284$jt0$J0wX;AT8+tu1YEMc}n7tq_6TQ zlC`*YN_7@Y#-u1-nUY5BZ=IF>o%V0Lowhl<%9Jf(WvS5CdohIoJwemz%&_@H9lNn7 zfK4OM#GBSyI6ydoYurn3{l;li{^gXKRtY4%I#S6kAwoxJ+l~>oz;s|ds$>~dFfBC< zt>{Y#;Mh_Hj}jW2<9{MdWSQtp`4NP&uQiSZOkSHA8)x;3$-9KT8}M1q#MlpB-M(Mw<`6y@`S6e>X-WViltfcP5r9+r(ap#XbYxs zMEfmyNoC@71>3GI+A+1e$8qK(cqN1|+GeRr%hE9kLR72*jz}>kWPp zEY_e)EVg@J$&ivP6^fFI3=wibDAi~4gdo_@68vng>R&-H=xBsj3W_VWoMkLquVyjY zc0+{JU)GM0s)b0w?b3^bbtG}F7GKft( zB+a}jj`0|Fq|}C{by*@vPe^`E$1w>VJ4dlh-at%NA4M3ux^qHC#T9;bYv$7KT#Q>+ zYhqhwKs_7G^1&6bf0LlaGC+7%Si=^i7H_PU(^kh9Tf7Te)w|SER827dmCR8Iv|A;F z%FH9T!crmTSE{z8c=LLV{YmLR~(3cOXzPY+D!oL4OW)+(S zc z*#b>sP`CrWRZQ73#w&`bqwr7{q={BPMah>llBP5y=!?+9;s8C_gFor?G#`!VC**o< zSC<{B1n_V-IG`zT)=}@6%cBM=9h@u$f^=C2)Php7E?}?N`%dW2c1Psj+7a;uvfJT+ zAoqJ0xgXrCcM2QAjq)g(qd#&S(GeAfNs>TkedjHa(4l-L+7Os?a|D62X(@MRVKqv# z#Y&?HnK`y~=DZiDqAYmA5)yQL=Xj)J0VNP~$ikvMEgW1xcQ{5NkXP6)rnx9sGbA;i z=#Pe1yvh;OT7i}5Zkvz~Vig0jGQV1Q8gfV|<)zc$T6()Sf>kaoL6hyS!)%K!#x$dbs>XedMe`F4hMh83lgomd^Gj5 zGTb#UWOV`ZJ8fkw;C^Qfe`v2qod;ia^JZtFxX8TtT zwOTe8tecu8N=v2QP(4-Wo0{Ct4^IxuW!IAk$_oY3q-?kLbq z3x2sfsLw`iLr!zKd2EQ^fht2BoL}HHEH>b2L^G9-_InzS*mW`>ZRy_2c7dj~;jqte z6?BwYM4D6rX0?6iVrNa(k8KT0^+UW>ujo zbaap;eVuf~<4m)d;xjYAvt4^zi zZ_2kOSIB$N-X}E_DmWa=%Lnim;RsdaiFB;UG%6Ld84hUvA zJIyf-i$s-Dwb8yOo)4ApeA)SQB=?InmpyXx)6Ve`-BNJ(KDbRl}#Iy-G(7dWzo z!2xnzWR7*JxmkH#h=OVo3iCl1)qs^0v-$XDGrg%uBI&iYlVDAjc|&uGN`G0A=< z^Pf^S6;jS*Zs)6!VoeZL9a`G;^X>F*W)0RXRXM zSEJ!t7&S1jeQvLc3S5eDr5l0jz4Gc~^QPfC8F@`lGa{DtvZ-r<+Hq-|=jAhQzS7Vt zgMXT(rYGAGyC5mr7Hh|0luR({cRKRti+oB_8lZj$ZRbf+FZD&;t@FWco4-(=2b9)i zb6W*6CZA5^=KWz5J*OG?tlanS-&(YQL-1dOGRLzNJzf>Kec0SJlqgD+CLEvSqftZ} zr(UzrsdZcs>P0@Sp|=2JbAW%zluT@fZ3?Q+IpLP(F-qCAa;ip5#vR0jdVWDU#7%QV zGj(^ERB`mmsmz8IEKRwXtZQGYcHXFiol0y?=TZiKqqd;ksTL?-+Xh_M_F1Oz>CyMB zo7<#f<619Egc%$ZVgBy>_+cZ&hXZt&j`OL&=Am8vA(~Ro)p0B(M*TA3Z%6B~JiTy< znAO^Li@wvbR~t#FR%NH=^sQ7Y)3ixxXz~k}M9Qp0uI3{!7s{N+C`rkTvYgkg5^S5d zd=;4?OD>ZcUrh+CIZ2ky5#8GgV{Voy>st8zb+32p+1&nr#!@^cS2+LO??2hE?f>83 z|8+ah`uBg?x44|jK}T@ruTi!tt_Vbd;^3LNo-rWJyKz>5;$or25pk8K3Kx(1064ee~)#aaDJ8)U_$KYIY9Ga*GFxD=pk41-V(Tr9N$wKVT!cRHRecTGETFT}B>y ze(%0_?VD(98)8{qX|yzB*4mqU!G8CijmiJwnw;7Sutfg%p7egG=6~$>ckku@Z9Hqq z|2QP6*-?-iHfDQ9v%;c4>V~V7Q28#UhNYm{_-P=K6cx?}VRyaco$(JRO{$gLd z)s#KbuCndVjOFuBJdHZdweQf)OBM>ab_pQ4M7gKNBvbQ#vB|A3y;pCcj;CL)C>L59wmd|sj{0lH8QMEz z&*Iq|oa$uO>ti<3}S8Jyn!KEX&a4*+H zPsv|vO|cr_!oehZqjt8f5%k@%Z?V}~3#&}_a`?OW@Sw7@Xo{)PG%eLa_$)YH!yauS zPvN9wMu|L_L*k64$~(?R=;3$#p>ioA8Y7*)|H0zT*ov2QTf0{aWXc?3eK=_Ih?X3u zGckTeID)JK5YYlRs&vq68d`xMB^NznsVb?QmoSAO0x&``i#=6(6_#s{Td0Kcos)UL z%!d%bw=O4^+N%bDs_sKfj`^078A&<$RlI~f0r;s(mAT9=S{>x8#ZdT-d(NFw)Plth zmFQ8wzHPqH)2=2Rx*Lk<{qt3xjp_dvIE`sMZZZLu`hR;h|L+g|d;R}bo;CFUw{nCL z9{|xgl79paU7y;v!2=grDI7ZL z*5zt8hA%Si<0l%2$o10q@5ApOeBl$k`}oPgl@~IUIw^XOLXwdnBO%%r zI=Gc8;_`AJ-iR`nmz^D?bd1>KK9U!D%J7(Ij#47JNn#a3i)W06b!w~JkO?HHgy2vT z&uGeGd2kAjXS8P^QnVo{*GY&Vh!^f@@>DCHXvMQiI+pL^e$Ds~c{U~gtsuAVhX8Yq z<1oc?F<2u1ANTrCD*oTyz5VgmdgOR<0Pr& zOVw~2!lmu_H(P`E9fD*EQ21>))} zh>fLampp2IfuhAR)v*5prkq>VbGF*SU5P|k1af6Sn;LjEbBnI5H}+b(H4pmggQ4N9 zFbcMBuzf^y#}?4ORRwSKl|)XEE)6a zENdFh@|XLN%lqeM?7t~aDGrC)6}ZIy`{Bv%rTBy9qJu5iL0a3Y8ICYwwuO^M?5ja8@7&17?gVhNZO2YmBaWohHJ8r%Yl)0 z4$2Y^oqB-#rkxO)(sd$l)D2OMx3{}56NuT;$F=5yyMPESld7Hj8p^N0ghj0zAX5`g ziz)Ws;>cNL1>Be~XM@VXDtKSPnWMorz`KegXGJg@cH`(ytTFCabm6o?xuye0gT3SK z8(W;NGsj9w-3>Z#Zg9Glx^SI&X0J%=OstlA8+Ocz`Mbu*7Hal4IjRNvOGea|l1(FK zzyG>!xSR3+uz1W?_5bvH`_=ou_jY@Gd-wjI+jy?z{}IFc^v6G^Wc;_yJAoAM+#M&7 z-P?9gkVN~Mz974)8*&KM$-ACINY&qnL#Pa^#UZrVjZ+5E;>KC(RH}5U-Klif970cV zhKHC}>xb&~Z8?-qi9Xm-cO}VhOCcTR+2mQlD;6BX7cFimc>S!M&DQak*jOyFMQ_0S zC4CS!3U|^irbOL;fm=*guqWAdS~YN%JLBN;rgE1nxZJ!?uCk)tDW4oC*$OVXLM$zF z#;KAkFug4AagurFTKNrn;1nYFzPDACjm`PqK=~SO#B5vv@2mI(6xeUu_oh0r#<*YA z_tpaCy1q9B_Ky4BR`$@eY0x+6q1mvV)7pn+ZW?PsUBOLrqb|`!Cds!uG}rfw>LI&% zzv$O?&D_d!GyXrg6xJLBT^9fKc&{4&)qnit{`}{yJXiAn%}@WI=bLx@m2MLL`ffky zj`y;m+(&!eM|;&Re3;Sy1x~H69qUz+ zoOjBr^pzvMBm>^Zd3_yU)6z9>bDpM6E&R)IzKVqfK)-Dt6Lewa(Y~sGsS(C?y-NV} zj{BBYc4D-vZa3+|xS8p7ZO?_ASKoL%SF;-Z&5h>jE?{*y5Ri7L2{}koH3A7~s ztN*0t|Ji+VfBx@wo~!tOUdiFT2`7-nId{erRN&O^4l2rA&nINHbu*5kW&*F}9kM`N z^BR~2NR2KcV_ll^w)wRjs*v{jEiW7$OWLq(r3KMN&8;;$R{Zi}^A)`*^bRJw%woXkBo^7OYw>sm{KNFTvf z;sWy_G1$s1+%#5L>m{rr#9J4Y#XTsi(-kA8C8ttjDXSfeJte1vvDD&Z1-xNb zmDR;HIp%6ks|A3r>AA88>u$TRw6mk860SJ}Eo$WrIzu*V9<1D>8<8GG(br}}bh!ip zUAaCr7w|2z=U7rx8Ou4Hnkv;x#;vSfTZNiiya7pKE2~!%C1rK@8|LE1{%lUV*@RwG z(p8}@0kvUyXSbGIUF0>|w%;(jwDxHU%e1gWQkmv9KP)Qub^OOS;{Q!aNcqa~e^2&$ zy;}U=eg4PWd7P^_fKSBu-puh|$vSt&_Y3H>yM5vF^*p|^g`08q)`+>9TUJ(E%_G|y za909yPUhTCplk&Yq@2Jh{Wl5Ukd(K$=t{t>D*jB?ab@zOb{}>oG|Y64wu|65$bnSp zhuaiH(OFunUV;44*fs4MY;(7_>eZ{nfmNNw%~4?WAi$ zqHWksNL>CHGLQO>!y|7S9aN1@n;oo zTM#>Emu&ZKmql=E!)wRM*{y&3j_YM^C@EkUt<}wo!g|i9W*FDB%p}k|>2i`Qo=hI8 z4KdmKl_?D#8MScUppCULEu?+fZy#n^#~!oAq(7RF;GCOX7@#-c4-g-6O;IlOIW55D zoJ8A7XF&frK>hvB$|KRJc3gx18{t{bE_>zCLcP3vZLgtob>v#;w&-4>0hI^zifcy| z+r{b!9kn%Y&sf3UOD5yjwx7QB=SJ**dkM^vXo>y5|75Rf|L^{=`}p4ezm4ZA=D#wB zMHw*khoo-nOWhsH!^A#f@u=4m!ezUv@|i5Z@XBqo^-VB?Qjxq~PpQc*t@StCTHmy` ziptlf>B&6DjkIa%LOthkWf)LmE%v&X%}$Q9iOOT0F|COJ*6~<@qOql+_;WmsN~awQ zW3R=ZQm7TJ{*>l+IU19gq&OpCclBeID((BS_GK~EH-$`yGu+%nd)&hcdVR4}$rRDP z@s5=YrsdqjX*{l(3k47RW}sW`B9#=sA)oYW>aF22onwCCY+v4|*1ova6a`DCM?F&87JDByQm0=>!}015u#cl=>pteFJOI1JH4&l75qFt-jKh~i2L2rO_M`oan; zSfdzy>zyWGjS_dmuDPE6?@vfHrQ?{TWI-EC^#9)D-Aex7-N$?TKiup8xAAPDS2z=r ziVNPBLn)S>7!7k8g+huaI5@{+!hL58olPi5JWmpqW*qSei6V%3K~tOs6B>_qP)Z`4 z(V1E{i}yGVoh=lTv5b=5maYjEjf(!Sj*ni((HyZDY6_H4LQ)jbnD~zW^z_52Smc~7 zbOgMI-W;8xkfz-6$29B0|0Vj4Km2#vh5zdplW|x4PyghzxLW`k;@~__!1m$JBcER+ z&Le+_&z(npHcgyI|G%?^-r$t7oTKBX&$#0!Df^uSnd8%t;I1r}vfmwl#se0T?l zxZeCfd3N~pw`cw|T-e5v^Iwl^_kZv1@BeT=|8M2lLO;?h##5?i!*e=Jh1PN;2HJ5B z(Ys$rG%dgW*Y+gK5ieJkPde&`ahkDoK0q3A)re}-57@M;{uYfvivf!{i-;reN2cXD$`hfenqq($PUsum z@T~8g(>NR;VZzh#Z#Z$LB*Q{|7C1|c8*C==f%~I8iexY(Y-#IS)49}*koyaXB8J|w zGzwjb#MTx%juBShmQ&kzqLWQyU-7CN5dF*#u@E0`c9W6HC1 zF2*aHCuD#)*g+0LA>lzv!5A8#rz|*!Jr`Nrvht_^Dh!{91;Q9|5F(%OG>OOng;2|< z%yBG+UeeTwDGAh*@CAF>kQL*1LH0XNhR4gmN;nxF+hF>B|B2uCLNcT{_WC_9eX{2` zNghS7SVV)RxB{_9bA%=MSEi!bd;%Ti;bC-v=lr3tUko0CW)Hy=oju%<+ekuj7sZc9 zFIe^}C7i_BLy3>vfae85I8E`~L5OBVx&;?eBp#3@+nI(qVb5OQ>kM~5zFmC zlDl_;w+~}PW1itSAPU%!44f^)mNv(2m1Jm{U$zAOTSk8iS;LR)k#M$Ep zN{CUOkvJg5%u+kEOX;MyGi7<9KWbRMO$0$l$Ke@E@t7P%nDb@4`SXNv=>aJa%+MPa zyAioJ-PHS5Sh-zp7Jix-y7Rgoh+jD-=$W)vL-Oe3{@sa$=OqVl+N~M&_i0 z_P>5X!zcSB4$K+K%S)%!=`e|k9{awp{C*^!4a{j`t)agtA8lcGXL0mqqGb zd;b>3=6EC|(uk#jSUDLtd+O?>Hf#zAnMI=rbUP4bI3j7r>$WL~;wVBw`$f~a+Jphm zb!DIqTz98J%LCU1j(=Dwx}s~m+Q0)n(LV?f6?b{N%il4xj(kd3njs6!!GmpK7Y11b zmGu^y2XZdK0WpVr3tm7TL%(wt3-k`$&yWzwx47`q72*wZ@?;-*VaI7ALH|l5=-VXd zZ-xZ@8z4cyN&@Xlc%6(>912YZM93LKeZS}T9OvE37`_4jtrZg01@BTeYp zuJ#I}3(OIiAi_Kv(U|fH2@4Z{OtVQo1c!@YUge0{;u+3z?y-@VO^Bx)teqW{O(;iG z{5wmvXGfTNGUSho4l4!5?6e0H9FGYXt7Al^FGGAUJOyfwfq{@QArx4euoP!fi4Ey! zL||A(1ZR0FK!qWJ%~09ZJ*hzf6fqB#$_qXX)0FA~q8TUANElT(4V7MDNcQaIb6-j2 zw-cNh+%HH<5LGT6qV{2{bojp=$3w4DG6To7ddVd{D7QPDbAmpWHIk2LTS*O|!*Gs< zEStzmyU@QqO?(TG7+UH5g8r9b?$%*S?+RjZH1GK6-7h31i(QA>Whi(6CscLH1F_x# zvp2x8V5$&J8PKROcJYwqa$Z?@eUv-dzT=_Sf(lX%QXa~WHJoO9ehIA+{-e94N_&8u zr`UW6Hlo3^GB*i4I7+1XtCj6XKv-DrAHfa;nqZEGLV0ItNCZRUD4F0P$!GvG3N+ja zo3b&9i5U3{JePW~SOF%)_;W4anBuV`!K@)kRUjBz)~-BsuaSR;{Y`V-R{N3g^vM6pQYn&B#ZFw z^W&puFHWC%yMFH29uqWXGm^%zkxkMm<#L(Cap**JN;4%4Yu)j`p-tTT=l;2W?w>0>|0e(d|Nmnx JfMNi^4FLR{$T9!` literal 0 HcmV?d00001