From f343009238cd0c96083f3d300202692ad2c45ade Mon Sep 17 00:00:00 2001 From: npitaev Date: Fri, 26 Nov 2021 11:32:38 -0800 Subject: [PATCH] Added Shared Services with Firewall and SD-WAN --- 01-Branch1/cloud-init-branch1-r1.user_data | 12 +- 02-Branch2/cloud-init-branch2-r1.user_data | 12 +- .../01-Cloud_App1/cloud-app1.tf | 282 +++++++ .../cloud-init-cloud-site_host1.user_data | 22 + .../01-Cloud_App1/provider.tf | 5 + .../01-Cloud_App1/vars.tf | 57 ++ .../02-Cloud-App2/cloud-app2.tf | 270 +++++++ .../cloud-init-cloud-site_host2.user_data | 22 + .../02-Cloud-App2/provider.tf | 5 + .../02-Cloud-App2/vars.tf | 56 ++ .../cloud-init-shared-services_fw1.user_data | 10 + .../cloud-init-shared-services_fw2.user_data | 10 + .../03-Shared_services_VPC/provider.tf | 5 + .../03-Shared_services_VPC/shared_services.tf | 691 ++++++++++++++++++ .../03-Shared_services_VPC/vars.tf | 100 +++ .../cloud-init-sdwan-r1.user_data | 142 ++++ .../cloud-init-sdwan-r2.user_data | 142 ++++ .../04-SD-WAN-VPC/provider.tf | 5 + .../04-SD-WAN-VPC/sdwan.tf | 549 ++++++++++++++ .../04-SD-WAN-VPC/vars.tf | 91 +++ README.md | 22 + img3-fw-and-sdwan.png | Bin 0 -> 229549 bytes 22 files changed, 2498 insertions(+), 12 deletions(-) create mode 100644 05-Centralized-Firewall-Inspection-and-SD-WAN/01-Cloud_App1/cloud-app1.tf create mode 100644 05-Centralized-Firewall-Inspection-and-SD-WAN/01-Cloud_App1/cloud-init-cloud-site_host1.user_data create mode 100644 05-Centralized-Firewall-Inspection-and-SD-WAN/01-Cloud_App1/provider.tf create mode 100644 05-Centralized-Firewall-Inspection-and-SD-WAN/01-Cloud_App1/vars.tf create mode 100644 05-Centralized-Firewall-Inspection-and-SD-WAN/02-Cloud-App2/cloud-app2.tf create mode 100644 05-Centralized-Firewall-Inspection-and-SD-WAN/02-Cloud-App2/cloud-init-cloud-site_host2.user_data create mode 100644 05-Centralized-Firewall-Inspection-and-SD-WAN/02-Cloud-App2/provider.tf create mode 100644 05-Centralized-Firewall-Inspection-and-SD-WAN/02-Cloud-App2/vars.tf create mode 100644 05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/cloud-init-shared-services_fw1.user_data create mode 100644 05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/cloud-init-shared-services_fw2.user_data create mode 100644 05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/provider.tf create mode 100644 05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/shared_services.tf create mode 100644 05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/vars.tf create mode 100644 05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/cloud-init-sdwan-r1.user_data create mode 100644 05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/cloud-init-sdwan-r2.user_data create mode 100644 05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/provider.tf create mode 100644 05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/sdwan.tf create mode 100644 05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/vars.tf create mode 100644 img3-fw-and-sdwan.png diff --git a/01-Branch1/cloud-init-branch1-r1.user_data b/01-Branch1/cloud-init-branch1-r1.user_data index 2e995e9..3a3dc31 100644 --- a/01-Branch1/cloud-init-branch1-r1.user_data +++ b/01-Branch1/cloud-init-branch1-r1.user_data @@ -6,10 +6,10 @@ Content-Type: text/cloud-config; charset="us-ascii" #cloud-config vinitparam: - - uuid : CSR-BBD516D8-0AD4-4A53-BA09-4FA9CB62259D - - org : GCP-Demo-npitaev - - vbond : 44.238.253.68 - - otp : 77f150b93df741dbb3719489e98a90ad + - uuid : + - org : + - vbond : + - otp : --==BOUNDARY== Content-Type: text/cloud-boothook; charset="us-ascii" @@ -21,8 +21,8 @@ hostname Branch4-R1 system system-ip 10.111.1.11 site-id 111 - organization-name GCP-Demo-npitaev - vbond 44.238.253.68 + organization-name + vbond ! ! vrf definition 10 diff --git a/02-Branch2/cloud-init-branch2-r1.user_data b/02-Branch2/cloud-init-branch2-r1.user_data index 9874dc5..9bea45e 100644 --- a/02-Branch2/cloud-init-branch2-r1.user_data +++ b/02-Branch2/cloud-init-branch2-r1.user_data @@ -6,10 +6,10 @@ Content-Type: text/cloud-config; charset="us-ascii" #cloud-config vinitparam: - - uuid : CSR-E5446A91-5E4C-3E6A-92C3-F01BA4C4627E - - org : GCP-Demo-npitaev - - vbond : 44.238.253.68 - - otp : ce4436a3055340a58a82fee720be6f0e + - uuid : + - org : + - vbond : + - otp : --==BOUNDARY== Content-Type: text/cloud-boothook; charset="us-ascii" @@ -21,8 +21,8 @@ hostname Branch2-R1 system system-ip 10.112.1.11 site-id 112 - organization-name GCP-Demo-npitaev - vbond 44.238.253.68 + organization-name + vbond ! ! vrf definition 10 diff --git a/05-Centralized-Firewall-Inspection-and-SD-WAN/01-Cloud_App1/cloud-app1.tf b/05-Centralized-Firewall-Inspection-and-SD-WAN/01-Cloud_App1/cloud-app1.tf new file mode 100644 index 0000000..c8ff834 --- /dev/null +++ b/05-Centralized-Firewall-Inspection-and-SD-WAN/01-Cloud_App1/cloud-app1.tf @@ -0,0 +1,282 @@ +# This file will create AWS Infrastructure (VPC, Subnets, IGW, Route Tables, TGW, etc) for +# cloud app 1 security host VPC, which will be used for Security and SD-WAN centralized design demo. +# This host VPC will have only one linux VM, which will be used to generate traffic to SD-WAN / cloud app 2 +# for east-west and north-south inspection. A web server will be used as "cloud-app". + + +# Create Security Host 1 VPC: +resource "aws_vpc" "vpc_cloud-site" { + cidr_block = var.aws_cloud-site_vpc_cidr + provider = aws.cloud-site + tags = { + Name = "${var.bucket_prefix} Cloud App1 VPC" + } +} + +# Create Subnets: +resource "aws_subnet" "cloud-site_vpc_subnet-1" { + vpc_id = aws_vpc.vpc_cloud-site.id + cidr_block = var.aws_cloud-site_vpc_subnet-1_cidr + map_public_ip_on_launch = "true" //it makes this a public subnet + availability_zone = var.aws_cloud-site_az + tags = { + Name = "${var.bucket_prefix} Cloud App1 Subnet-1 Mgmt" + } +} +resource "aws_subnet" "cloud-site_vpc_subnet-2" { + vpc_id = aws_vpc.vpc_cloud-site.id + cidr_block = var.aws_cloud-site_vpc_subnet-2_cidr + availability_zone = var.aws_cloud-site_az + tags = { + Name = "${var.bucket_prefix} Cloud App1 Subnet-2" + } +} + + +# Create IGW for Internet Access: +resource "aws_internet_gateway" "cloud-site_vpc_igw" { + vpc_id = aws_vpc.vpc_cloud-site.id + tags = { + Name = "${var.bucket_prefix} Cloud App1 VPC IGW" + } +} + + +# Create route tables and default route pointing to IGW in VPN512 (Mgmt) and VPN10 (Infra): +resource "aws_route_table" "cloud-site_vpc_mgmt_rt" { + vpc_id = aws_vpc.vpc_cloud-site.id + route { + //associated subnet can reach everywhere + cidr_block = "0.0.0.0/0" //CRT uses this IGW to reach internet + gateway_id = aws_internet_gateway.cloud-site_vpc_igw.id + } + tags = { + Name = "${var.bucket_prefix} Cloud App1 VPC Mgmt RT" + } +} +resource "aws_route_table" "cloud-site_vpc_rt_vpn10" { + vpc_id = aws_vpc.vpc_cloud-site.id + tags = { + Name = "${var.bucket_prefix} Cloud App1 VPC RT Service VPN 10" + } +} + + +# Associate CRT and Subnet for Mgmt and Traffic: +resource "aws_route_table_association" "cloud-site_vpc_rta_subnet-1"{ + subnet_id = aws_subnet.cloud-site_vpc_subnet-1.id + route_table_id = aws_route_table.cloud-site_vpc_mgmt_rt.id +} +resource "aws_route_table_association" "cloud-site_vpc_rta_subnet-2"{ + subnet_id = aws_subnet.cloud-site_vpc_subnet-2.id + route_table_id = aws_route_table.cloud-site_vpc_rt_vpn10.id +} + + +# Create security group: +resource "aws_security_group" "cloud-site_vpc_mgmt_sg" { + vpc_id = aws_vpc.vpc_cloud-site.id + + egress { + from_port = 0 + to_port = 0 + protocol = -1 + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = [var.ssh_allow_cidr] + } + + ingress { + from_port = 8 # allow ping for your white list CIDR + to_port = 0 + protocol = "icmp" + cidr_blocks = [var.ssh_allow_cidr] + } + + ingress { + from_port = 8 # allow ping for all cloud infra + to_port = 0 + protocol = "icmp" + cidr_blocks = ["10.0.0.0/8"] + } + + ingress { + from_port = 0 + to_port = 0 + protocol = "-1" + self = "true" + } + + tags = { + Name = "${var.bucket_prefix} Cloud App1 Mgmt SG" + } +} + +resource "aws_security_group" "cloud-site_vpc_sg" { + vpc_id = aws_vpc.vpc_cloud-site.id + + egress { + from_port = 0 + to_port = 0 + protocol = -1 + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = [var.ssh_allow_cidr] + } + + ingress { + from_port = 80 # will be used to generate test http traffic + to_port = 80 + protocol = "tcp" + cidr_blocks = ["10.0.0.0/8"] + } + + ingress { + from_port = 8 # allow ping for your white list CIDR + to_port = 0 + protocol = "icmp" + cidr_blocks = [var.ssh_allow_cidr] + } + + ingress { + from_port = 8 # allow ping for all cloud infra + to_port = 0 + protocol = "icmp" + cidr_blocks = ["10.0.0.0/8"] + } + + tags = { + Name = "${var.bucket_prefix} Cloud App1 VPC SG" + } +} + + +# Create NICs for the host: +resource "aws_network_interface" "host1_nic1" { + subnet_id = aws_subnet.cloud-site_vpc_subnet-1.id + private_ips = [var.aws_host1-subnet-1_private_ip] + security_groups = [aws_security_group.cloud-site_vpc_mgmt_sg.id] + source_dest_check = false + description = "${var.bucket_prefix} Cloud App1 NIC1 MGMT" + tags = { + Name = "${var.bucket_prefix} Cloud App1 NIC1 MGMT" + } +} +resource "aws_network_interface" "host1_nic2" { + subnet_id = aws_subnet.cloud-site_vpc_subnet-2.id + private_ips = [var.aws_host1-subnet-2_private_ip] + security_groups = [aws_security_group.cloud-site_vpc_sg.id] + source_dest_check = false + description = "${var.bucket_prefix} Cloud App1 NIC2" + tags = { + Name = "${var.bucket_prefix} Cloud App1 NIC2" + } +} + + +# Create Host VM: +resource "aws_instance" "cloud-site_host1" { + ami = var.aws_ami_id_host1 + instance_type = var.aws_ami_type_host1 + key_name = var.aws_key_pair_name + availability_zone = var.aws_cloud-site_az + user_data = file("cloud-init-cloud-site_host1.user_data") + + network_interface { + device_index = 0 + network_interface_id = aws_network_interface.host1_nic1.id + delete_on_termination = false + } + + network_interface { + device_index = 1 + network_interface_id = aws_network_interface.host1_nic2.id + delete_on_termination = false + } + + tags = { + Name = "${var.bucket_prefix} Cloud App1" + } + +} + + +# Allocate and assign public IP address to the mgmt interface for the host +resource "aws_eip" "host1_nic1_eip_mgmt" { + vpc = true + network_interface = aws_network_interface.host1_nic1.id + associate_with_private_ip = var.aws_host1-subnet-1_private_ip + depends_on = [aws_instance.cloud-site_host1] + tags = { + Name = "${var.bucket_prefix} Cloud App1 Mgmt EIP" + } +} + + +# Create TGW and two TGW route tables, attaching host VPC with cloud-app1 to TGW as VPC attachment +# Creating TGW itself: +resource "aws_ec2_transit_gateway" "sec_tgw" { + description = "${var.bucket_prefix} TGW" + amazon_side_asn = var.tgw_amazon_side_asn + auto_accept_shared_attachments = "enable" + default_route_table_association = "disable" + default_route_table_propagation = "disable" + tags = { + Name = "${var.bucket_prefix} TGW" + } +} +# Creating incoming TGW Route Table (from host VPCs to shared services for inspection): +resource "aws_ec2_transit_gateway_route_table" "sec_tgw_incoming_from_host_vpcs_rt" { + transit_gateway_id = aws_ec2_transit_gateway.sec_tgw.id + depends_on = [aws_ec2_transit_gateway.sec_tgw] + tags = { + Name = "${var.bucket_prefix} TGW Route Table incoming from host VPCs to shared services" + } +} + +# Creating Outgoing TGW Route Table (from shared services, after inspection): +resource "aws_ec2_transit_gateway_route_table" "tgw_outgoing_from_shared_services_rt" { + transit_gateway_id = aws_ec2_transit_gateway.sec_tgw.id + depends_on = [aws_ec2_transit_gateway.sec_tgw] + tags = { + Name = "${var.bucket_prefix} TGW Route Table outgoing from shared services" + } +} +# Attaching Host VPC (cloud-app1) to TGW as VPC Attachment: +resource "aws_ec2_transit_gateway_vpc_attachment" "host_vpc_1_tgw_attachment" { + subnet_ids = [aws_subnet.cloud-site_vpc_subnet-2.id] + transit_gateway_id = aws_ec2_transit_gateway.sec_tgw.id + vpc_id = aws_vpc.vpc_cloud-site.id + transit_gateway_default_route_table_association = false + transit_gateway_default_route_table_propagation = false + depends_on = [aws_ec2_transit_gateway.sec_tgw] + tags = { + Name = "${var.bucket_prefix} VPC Attachment for Host VPC 1 aka cloud-app1" + } +} +# Associate Cloud App VPC with the incoming TGW Route Table: +resource "aws_ec2_transit_gateway_route_table_association" "sec_tgw_rt_host_vpc_attachment_association" { + transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.host_vpc_1_tgw_attachment.id + transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.sec_tgw_incoming_from_host_vpcs_rt.id + depends_on = [aws_ec2_transit_gateway.sec_tgw] +} + +# Additional Route Table programming will be done later in a different section. +# We need to create other ressources like shared services VPC and GWLB Endpoints first. + + +# Write Management IP of the Host 1 to CLI +output "app1_mgmt_ip" { + value = "${aws_instance.cloud-site_host1.public_ip} Re-run 'terraform apply' if you don't see the IP. To connect: ssh -i ec2-user@ " + depends_on = [aws_instance.cloud-site_host1] +} \ No newline at end of file diff --git a/05-Centralized-Firewall-Inspection-and-SD-WAN/01-Cloud_App1/cloud-init-cloud-site_host1.user_data b/05-Centralized-Firewall-Inspection-and-SD-WAN/01-Cloud_App1/cloud-init-cloud-site_host1.user_data new file mode 100644 index 0000000..f8cf4e9 --- /dev/null +++ b/05-Centralized-Firewall-Inspection-and-SD-WAN/01-Cloud_App1/cloud-init-cloud-site_host1.user_data @@ -0,0 +1,22 @@ +#cloud-config +repo_update: true +repo_upgrade: all + +packages: + - httpd + - mariadb-server + +package_update: true +package_upgrade: true + +runcmd: + - [ sh, -c, "amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2" ] + - systemctl start httpd + - sudo systemctl enable httpd + - [ sh, -c, "usermod -a -G apache ec2-user" ] + - [ sh, -c, "chown -R ec2-user:apache /var/www" ] + - chmod 2775 /var/www + - [ find, /var/www, -type, d, -exec, chmod, 2775, {}, \; ] + - [ find, /var/www, -type, f, -exec, chmod, 0664, {}, \; ] + - [ sh, -c, 'echo "" > /var/www/html/phpinfo.php' ] + - sudo hostnamectl set-hostname host1.local \ No newline at end of file diff --git a/05-Centralized-Firewall-Inspection-and-SD-WAN/01-Cloud_App1/provider.tf b/05-Centralized-Firewall-Inspection-and-SD-WAN/01-Cloud_App1/provider.tf new file mode 100644 index 0000000..f24b592 --- /dev/null +++ b/05-Centralized-Firewall-Inspection-and-SD-WAN/01-Cloud_App1/provider.tf @@ -0,0 +1,5 @@ +provider "aws" { + alias = "cloud-site" + region = var.aws_cloud-site_region +} + diff --git a/05-Centralized-Firewall-Inspection-and-SD-WAN/01-Cloud_App1/vars.tf b/05-Centralized-Firewall-Inspection-and-SD-WAN/01-Cloud_App1/vars.tf new file mode 100644 index 0000000..7018748 --- /dev/null +++ b/05-Centralized-Firewall-Inspection-and-SD-WAN/01-Cloud_App1/vars.tf @@ -0,0 +1,57 @@ +# Cloud App1 for SD-WAN Security demo - consists of one Linux host running a web client + +variable "bucket_prefix" { # use this a prefix in descriptions of ressources, which will be prepended to the name of all ressources. Example "FW-VPC1" + default = "SEC" +} + +variable "ssh_allow_cidr" { # allow ssh only from Cisco San Jose VPN Cluster, adjust as needed! + default = "128.107.0.0/16" +} + +variable "aws_cloud-site_region" { + default = "us-west-2" # if you change the default region, please also change AMI IDs below +} # set the region like this because terraform does not pickup the region from .aws/configure: export AWS_DEFAULT_REGION=$(aws configure get region --profile default) + + +variable "aws_cloud-site_az" { + default = "us-west-2c" +} + + +variable "aws_cloud-site_vpc_cidr" { + default = "10.72.0.0/16" +} + +variable "aws_cloud-site_vpc_subnet-1_cidr" { + default = "10.72.1.0/24" +} + +variable "aws_cloud-site_vpc_subnet-2_cidr" { + default = "10.72.2.0/24" +} + + +variable "aws_ami_id_host1" { + default = "ami-0e5b6b6a9f3db6db8" # Amazon Linux 2 AMI (HVM), SSD Volume Type (64-bit x86). Please change the AMI if you want to use a different region! +} + +variable "aws_ami_type_host1" { + default = "t2.micro" +} + +variable "aws_host1-subnet-1_private_ip" { + default = "10.72.1.101" +} + +variable "aws_host1-subnet-2_private_ip" { + default = "10.72.2.101" +} + +variable "tgw_amazon_side_asn" { + default = "64522" # please make sure, that this is unique, we will use it as filter +} + +# SSH Key File: +variable "aws_key_pair_name" { + default = "aws-key-20-3-setup" # Please change to your AWS pem ssh key file! It will NOT work with the default value "aws-key-20-3-setup" +} \ No newline at end of file diff --git a/05-Centralized-Firewall-Inspection-and-SD-WAN/02-Cloud-App2/cloud-app2.tf b/05-Centralized-Firewall-Inspection-and-SD-WAN/02-Cloud-App2/cloud-app2.tf new file mode 100644 index 0000000..73ea69a --- /dev/null +++ b/05-Centralized-Firewall-Inspection-and-SD-WAN/02-Cloud-App2/cloud-app2.tf @@ -0,0 +1,270 @@ +# This file will create AWS Infrastructure (VPC, Subnets, IGW, Route Tables, etc) for +# cloud app 2 security host VPC, which will be used for Security and SD-WAN centralized design demo. +# This host VPC will have only one linux VM, which will be used to generate traffic to SD-WAN / cloud app 2 +# for east-west and north-south inspection. A web server will be used as "cloud-app". + + +# Create Host VPC 2 for the cloud app 2 (aka host 2): +resource "aws_vpc" "vpc_cloud-site" { + cidr_block = var.aws_cloud-site_vpc_cidr + provider = aws.cloud-site + tags = { + Name = "${var.bucket_prefix} Cloud App2 VPC" + } +} + +# Create Subnets: +resource "aws_subnet" "cloud-site_vpc_subnet-1" { + vpc_id = aws_vpc.vpc_cloud-site.id + cidr_block = var.aws_cloud-site_vpc_subnet-1_cidr + map_public_ip_on_launch = "true" //it makes this a public subnet + availability_zone = var.aws_cloud-site_az + tags = { + Name = "${var.bucket_prefix} Cloud App2 Subnet-1 Mgmt" + } +} +resource "aws_subnet" "cloud-site_vpc_subnet-2" { + vpc_id = aws_vpc.vpc_cloud-site.id + cidr_block = var.aws_cloud-site_vpc_subnet-2_cidr + availability_zone = var.aws_cloud-site_az + tags = { + Name = "${var.bucket_prefix} Cloud App2 Subnet-2" + } +} + + +# Create IGW for Internet Access: +resource "aws_internet_gateway" "cloud-site_vpc_igw" { + vpc_id = aws_vpc.vpc_cloud-site.id + tags = { + Name = "${var.bucket_prefix} Cloud App2 VPC IGW" + } +} + + +# Create route tables and default route pointing to IGW in VPN512 (Mgmt) and VPN10 (Infra): +resource "aws_route_table" "cloud-site_vpc_mgmt_rt" { + vpc_id = aws_vpc.vpc_cloud-site.id + route { + //associated subnet can reach everywhere + cidr_block = "0.0.0.0/0" //CRT uses this IGW to reach internet + gateway_id = aws_internet_gateway.cloud-site_vpc_igw.id + } + tags = { + Name = "${var.bucket_prefix} Cloud App2 VPC Mgmt RT" + } +} +resource "aws_route_table" "cloud-site_vpc_rt_vpn10" { + vpc_id = aws_vpc.vpc_cloud-site.id + tags = { + Name = "${var.bucket_prefix} Cloud App2 VPC RT Service VPN 10" + } +} + + +# Associate CRT and Subnet for Mgmt and Traffic: +resource "aws_route_table_association" "cloud-site_vpc_rta_subnet-1"{ + subnet_id = aws_subnet.cloud-site_vpc_subnet-1.id + route_table_id = aws_route_table.cloud-site_vpc_mgmt_rt.id +} +resource "aws_route_table_association" "cloud-site_vpc_rta_subnet-2"{ + subnet_id = aws_subnet.cloud-site_vpc_subnet-2.id + route_table_id = aws_route_table.cloud-site_vpc_rt_vpn10.id +} + + +# Create security group: +resource "aws_security_group" "cloud-site_vpc_mgmt_sg" { + vpc_id = aws_vpc.vpc_cloud-site.id + + egress { + from_port = 0 + to_port = 0 + protocol = -1 + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = [var.ssh_allow_cidr] + } + + ingress { + from_port = 8 # allow ping for your white list CIDR + to_port = 0 + protocol = "icmp" + cidr_blocks = [var.ssh_allow_cidr] + } + + ingress { + from_port = 8 # allow ping for all cloud infra + to_port = 0 + protocol = "icmp" + cidr_blocks = ["10.0.0.0/8"] + } + + ingress { + from_port = 0 + to_port = 0 + protocol = "-1" + self = "true" + } + + tags = { + Name = "${var.bucket_prefix} Cloud App2 Mgmt SG" + } +} + + +resource "aws_security_group" "cloud-site_vpc_sg" { + vpc_id = aws_vpc.vpc_cloud-site.id + + egress { + from_port = 0 + to_port = 0 + protocol = -1 + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = [var.ssh_allow_cidr] + } + + ingress { + from_port = 80 # will be used to generate test http traffic + to_port = 80 + protocol = "tcp" + cidr_blocks = ["10.0.0.0/8"] + } + + ingress { + from_port = 8 # allow ping for your white list CIDR + to_port = 0 + protocol = "icmp" + cidr_blocks = [var.ssh_allow_cidr] + } + + ingress { + from_port = 8 # allow ping for all cloud infra + to_port = 0 + protocol = "icmp" + cidr_blocks = ["10.0.0.0/8"] + } + + tags = { + Name = "${var.bucket_prefix} Cloud App2 VPC SG" + } +} + + +# Create NICs for the host: +resource "aws_network_interface" "host2_nic1" { + subnet_id = aws_subnet.cloud-site_vpc_subnet-1.id + private_ips = [var.aws_host2-subnet-1_private_ip] + security_groups = [aws_security_group.cloud-site_vpc_mgmt_sg.id] + source_dest_check = false + description = "${var.bucket_prefix} Cloud App2 NIC1 MGMT" + tags = { + Name = "${var.bucket_prefix} Cloud App2 NIC1 MGMT" + } +} +resource "aws_network_interface" "host2_nic2" { + subnet_id = aws_subnet.cloud-site_vpc_subnet-2.id + private_ips = [var.aws_host2-subnet-2_private_ip] + security_groups = [aws_security_group.cloud-site_vpc_sg.id] + source_dest_check = false + description = "${var.bucket_prefix} Cloud App2 NIC2" + tags = { + Name = "${var.bucket_prefix} Cloud App2 NIC2" + } +} + + +# Create Host VM: +resource "aws_instance" "cloud-site_host2" { + ami = var.aws_ami_id_host2 + instance_type = var.aws_ami_type_host2 + key_name = var.aws_key_pair_name + availability_zone = var.aws_cloud-site_az + user_data = file("cloud-init-cloud-site_host2.user_data") + + network_interface { + device_index = 0 + network_interface_id = aws_network_interface.host2_nic1.id + delete_on_termination = false + } + + network_interface { + device_index = 1 + network_interface_id = aws_network_interface.host2_nic2.id + delete_on_termination = false + } + + tags = { + Name = "${var.bucket_prefix} Cloud App2" + } + +} + + +# Allocate and assign public IP address to the mgmt interface for the host +resource "aws_eip" "host2_nic1_eip_mgmt" { + vpc = true + network_interface = aws_network_interface.host2_nic1.id + associate_with_private_ip = var.aws_host2-subnet-1_private_ip + depends_on = [aws_instance.cloud-site_host2] + tags = { + Name = "${var.bucket_prefix} Cloud App2 Mgmt EIP" + } +} + + +# Find out TGW, which was created earlier by cloud-app1 script and attach cloud-app2 VPC to TGW +data "aws_ec2_transit_gateway" "sec_tgw" { + filter { + name = "options.amazon-side-asn" + values = [var.tgw_amazon_side_asn] # the assumption here: there is only ONE TGW with this ASN + } + filter { + name = "state" + values = ["available"] # additional filter matching running state because some deleted ressources can stay for a while + } +} +# Attaching Host VPC 2 (cloud-app2) to TGW as VPC Attachment: +resource "aws_ec2_transit_gateway_vpc_attachment" "host_vpc_2_tgw_attachment" { + subnet_ids = [aws_subnet.cloud-site_vpc_subnet-2.id] + transit_gateway_id = data.aws_ec2_transit_gateway.sec_tgw.id + vpc_id = aws_vpc.vpc_cloud-site.id + transit_gateway_default_route_table_association = false + transit_gateway_default_route_table_propagation = false + tags = { + Name = "${var.bucket_prefix} VPC Attachment for Host VPC 2 aka cloud-app2" + } +} +# Associate Cloud App VPC with the incoming TGW Route Table: +data "aws_ec2_transit_gateway_route_table" "sec_tgw_incoming_rt" { + filter { + name = "tag:Name" + values = ["${var.bucket_prefix} TGW Route Table incoming from host VPCs to shared services"] # the assumption here: there is only ONE TGW with this ASN + } +} +resource "aws_ec2_transit_gateway_route_table_association" "sec_tgw_rt_host_vpc_2_attachment_association" { + transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.host_vpc_2_tgw_attachment.id + transit_gateway_route_table_id = data.aws_ec2_transit_gateway_route_table.sec_tgw_incoming_rt.id +} + +# Additional Route Table programming will be done later in a different section. +# We need to create other ressources like shared services VPC first. + + + +# Write Management IP of the Host 2 to CLI +output "app2_mgmt_ip" { + value = "${aws_instance.cloud-site_host2.public_ip} Re-run 'terraform apply' if you don't see the IP. To connect: ssh -i ec2-user@ " + depends_on = [aws_instance.cloud-site_host2] +} diff --git a/05-Centralized-Firewall-Inspection-and-SD-WAN/02-Cloud-App2/cloud-init-cloud-site_host2.user_data b/05-Centralized-Firewall-Inspection-and-SD-WAN/02-Cloud-App2/cloud-init-cloud-site_host2.user_data new file mode 100644 index 0000000..c74743c --- /dev/null +++ b/05-Centralized-Firewall-Inspection-and-SD-WAN/02-Cloud-App2/cloud-init-cloud-site_host2.user_data @@ -0,0 +1,22 @@ +#cloud-config +repo_update: true +repo_upgrade: all + +packages: + - httpd + - mariadb-server + +package_update: true +package_upgrade: true + +runcmd: + - [ sh, -c, "amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2" ] + - systemctl start httpd + - sudo systemctl enable httpd + - [ sh, -c, "usermod -a -G apache ec2-user" ] + - [ sh, -c, "chown -R ec2-user:apache /var/www" ] + - chmod 2775 /var/www + - [ find, /var/www, -type, d, -exec, chmod, 2775, {}, \; ] + - [ find, /var/www, -type, f, -exec, chmod, 0664, {}, \; ] + - [ sh, -c, 'echo "" > /var/www/html/phpinfo.php' ] + - sudo hostnamectl set-hostname host2.local \ No newline at end of file diff --git a/05-Centralized-Firewall-Inspection-and-SD-WAN/02-Cloud-App2/provider.tf b/05-Centralized-Firewall-Inspection-and-SD-WAN/02-Cloud-App2/provider.tf new file mode 100644 index 0000000..f24b592 --- /dev/null +++ b/05-Centralized-Firewall-Inspection-and-SD-WAN/02-Cloud-App2/provider.tf @@ -0,0 +1,5 @@ +provider "aws" { + alias = "cloud-site" + region = var.aws_cloud-site_region +} + diff --git a/05-Centralized-Firewall-Inspection-and-SD-WAN/02-Cloud-App2/vars.tf b/05-Centralized-Firewall-Inspection-and-SD-WAN/02-Cloud-App2/vars.tf new file mode 100644 index 0000000..35017b2 --- /dev/null +++ b/05-Centralized-Firewall-Inspection-and-SD-WAN/02-Cloud-App2/vars.tf @@ -0,0 +1,56 @@ +# Cloud App2 for SD-WAN Security demo - consists of one Linux host running a web server + +variable "bucket_prefix" { # use this a prefix in descriptions of ressources, which will be prepended to the name of all ressources. Example "FW-VPC1" + default = "SEC" +} + +variable "ssh_allow_cidr" { # allow ssh only from Cisco San Jose VPN Cluster, adjust as needed! + default = "128.107.0.0/16" +} + +variable "aws_cloud-site_region" { + default = "us-west-2" # if you change the default region, please also change AMI IDs below +} # set the region like this because terraform does not pickup the region from .aws/configure: export AWS_DEFAULT_REGION=$(aws configure get region --profile default) + +variable "aws_cloud-site_az" { + default = "us-west-2b" +} + + +variable "aws_cloud-site_vpc_cidr" { + default = "10.73.0.0/16" +} + +variable "aws_cloud-site_vpc_subnet-1_cidr" { + default = "10.73.1.0/24" +} + +variable "aws_cloud-site_vpc_subnet-2_cidr" { + default = "10.73.2.0/24" +} + + +variable "aws_ami_id_host2" { + default = "ami-0e5b6b6a9f3db6db8" # Amazon Linux 2 AMI (HVM), SSD Volume Type (64-bit x86). Please change the AMI if you want to use a different region! +} + +variable "aws_ami_type_host2" { + default = "t2.micro" # Please note that t2.medium is NOT supported in your requested Availability Zone (us-west-2d). Use us-west-2a, us-west-2b, us-west-2c. +} + +variable "aws_host2-subnet-1_private_ip" { + default = "10.73.1.101" +} + +variable "aws_host2-subnet-2_private_ip" { + default = "10.73.2.101" +} + +variable "tgw_amazon_side_asn" { + default = "64522" # please make sure, that this is unique, we will use it as filter +} + +# SSH Key File: +variable "aws_key_pair_name" { + default = "aws-key-20-3-setup" # Please change to your AWS pem ssh key file! It will NOT work with the default value "aws-key-20-3-setup" +} \ No newline at end of file diff --git a/05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/cloud-init-shared-services_fw1.user_data b/05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/cloud-init-shared-services_fw1.user_data new file mode 100644 index 0000000..c695aea --- /dev/null +++ b/05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/cloud-init-shared-services_fw1.user_data @@ -0,0 +1,10 @@ +{ +"Hostname": "fw1", +"AdminPassword": "ChangeThisPassword@123", +"FirewallMode": "routed", +"IPv4Mode": "dhcp", +"ManageLocally":"No", +"FmcIp": "1.2.3.4", +"FmcRegKey": "cisco123reg", +"FmcNatId": "cisco123nat" +} \ No newline at end of file diff --git a/05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/cloud-init-shared-services_fw2.user_data b/05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/cloud-init-shared-services_fw2.user_data new file mode 100644 index 0000000..826dddf --- /dev/null +++ b/05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/cloud-init-shared-services_fw2.user_data @@ -0,0 +1,10 @@ +{ +"Hostname": "fw2", +"AdminPassword": "ChangeThisPassword@123", +"FirewallMode": "routed", +"IPv4Mode": "dhcp", +"ManageLocally":"No", +"FmcIp": "1.2.3.4", +"FmcRegKey": "cisco123reg", +"FmcNatId": "cisco123nat" +} \ No newline at end of file diff --git a/05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/provider.tf b/05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/provider.tf new file mode 100644 index 0000000..62903d6 --- /dev/null +++ b/05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/provider.tf @@ -0,0 +1,5 @@ +provider "aws" { + alias = "shared-services" + region = var.aws_shared-services_region +} + diff --git a/05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/shared_services.tf b/05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/shared_services.tf new file mode 100644 index 0000000..3318a02 --- /dev/null +++ b/05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/shared_services.tf @@ -0,0 +1,691 @@ +# This file will create AWS Infrastructure (VPC, Subnets, IGW, Route Tables, etc) for +# shared services VPC, which will be used for Security and SD-WAN centralized design demo. +# This VPC will have two Firewalls (Cisco FTDv) in two different AZs, which will be used to inspect traffic to SD-WAN / cloud app 2 +# AWS Gateway Load Balancer (GWLB) with appropriate GWLB Endpoints will use GENEVE protocol between GWLB and Firewalls. +# Please note, that you will need to configure FTDv afterwards via FMCv (i.e. GENEVE protocol) + + +# Create Shared Services VPC: + +resource "aws_vpc" "vpc_shared-services" { + cidr_block = var.aws_shared-services_vpc_cidr + provider = aws.shared-services + tags = { + Name = "${var.bucket_prefix} Shared Services VPC" + } +} + + +# Create Subnets +# for the first Availability Zone (AZ): +resource "aws_subnet" "shared-services_vpc_az1_subnet-1" { + vpc_id = aws_vpc.vpc_shared-services.id + cidr_block = var.aws_shared-services_vpc_az1_subnet-1_cidr + map_public_ip_on_launch = "true" # it makes this a public subnet + availability_zone = var.aws_shared-services_az1 + tags = { + Name = "${var.bucket_prefix} Shared Services 1st AZ Subnet-1 Mgmt" + } +} + +resource "aws_subnet" "shared-services_vpc_az1_subnet-2" { + vpc_id = aws_vpc.vpc_shared-services.id + cidr_block = var.aws_shared-services_vpc_az1_subnet-2_cidr + availability_zone = var.aws_shared-services_az1 + tags = { + Name = "${var.bucket_prefix} Shared Services 1st AZ Subnet-2" + } +} + +resource "aws_subnet" "shared-services_vpc_az1_subnet-3" { + vpc_id = aws_vpc.vpc_shared-services.id + cidr_block = var.aws_shared-services_vpc_az1_subnet-3_cidr + availability_zone = var.aws_shared-services_az1 + tags = { + Name = "${var.bucket_prefix} Shared Services 1st AZ Subnet-3" + } +} + +# Creating Subnets for the 2nd Availability Zone: +resource "aws_subnet" "shared-services_vpc_az2_subnet-1" { + vpc_id = aws_vpc.vpc_shared-services.id + cidr_block = var.aws_shared-services_vpc_az2_subnet-1_cidr + map_public_ip_on_launch = "true" # it makes this a public subnet + availability_zone = var.aws_shared-services_az2 + tags = { + Name = "${var.bucket_prefix} Shared Services 2nd AZ Subnet-1 Mgmt" + } +} + +resource "aws_subnet" "shared-services_vpc_az2_subnet-2" { + vpc_id = aws_vpc.vpc_shared-services.id + cidr_block = var.aws_shared-services_vpc_az2_subnet-2_cidr + availability_zone = var.aws_shared-services_az2 + tags = { + Name = "${var.bucket_prefix} Shared Services 2nd AZ Subnet-2" + } +} + +resource "aws_subnet" "shared-services_vpc_az2_subnet-3" { + vpc_id = aws_vpc.vpc_shared-services.id + cidr_block = var.aws_shared-services_vpc_az2_subnet-3_cidr + availability_zone = var.aws_shared-services_az2 + tags = { + Name = "${var.bucket_prefix} Shared Services 2nd AZ Subnet-3" + } +} + + +# Create IGW for Internet Access: + +resource "aws_internet_gateway" "shared-services_vpc_igw" { + vpc_id = aws_vpc.vpc_shared-services.id + tags = { + Name = "${var.bucket_prefix} Shared Services VPC IGW" + } +} + + +# Create route tables and default route pointing to IGW in Mgmt, Incoming from TGW and Outgoing to TGW route tables +# Creating 3 Route Tables for the 1st Availability Zone: +resource "aws_route_table" "shared-services_vpc_az1_mgmt_rt" { + vpc_id = aws_vpc.vpc_shared-services.id + route { + //associated subnet can reach everywhere + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.shared-services_vpc_igw.id + } + tags = { + Name = "${var.bucket_prefix} Shared Services VPC 1st AZ Mgmt RT" + } +} + +resource "aws_route_table" "shared-services_vpc_az1_rt_incoming" { + vpc_id = aws_vpc.vpc_shared-services.id + tags = { + Name = "${var.bucket_prefix} Shared Services VPC 1st AZ RT Incoming from TGW" + } +} + +resource "aws_route_table" "shared-services_vpc_az1_rt_outgoing" { + vpc_id = aws_vpc.vpc_shared-services.id + tags = { + Name = "${var.bucket_prefix} Shared Services VPC 1st AZ RT Outgoing to TGW" + } +} + +# Creating 3 Route Tables for the 2nd Availability Zone: +resource "aws_route_table" "shared-services_vpc_az2_mgmt_rt" { + vpc_id = aws_vpc.vpc_shared-services.id + route { + //associated subnet can reach everywhere + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.shared-services_vpc_igw.id + } + tags = { + Name = "${var.bucket_prefix} Shared Services VPC 2nd AZ Mgmt RT" + } +} + +resource "aws_route_table" "shared-services_vpc_az2_rt_incoming" { + vpc_id = aws_vpc.vpc_shared-services.id + tags = { + Name = "${var.bucket_prefix} Shared Services VPC 2nd AZ RT Incoming from TGW" + } +} + +resource "aws_route_table" "shared-services_vpc_az2_rt_outgoing" { + vpc_id = aws_vpc.vpc_shared-services.id + tags = { + Name = "${var.bucket_prefix} Shared Services VPC 2nd AZ RT Outgoing to TGW" + } +} + + +# Associate CRT and Subnet for Mgmt and Traffic +# for the 1st AZ: +resource "aws_route_table_association" "shared-services_vpc_az1_rta_subnet-1"{ + subnet_id = aws_subnet.shared-services_vpc_az1_subnet-1.id + route_table_id = aws_route_table.shared-services_vpc_az1_mgmt_rt.id +} + +resource "aws_route_table_association" "shared-services_vpc_az1_rta_subnet-2"{ + subnet_id = aws_subnet.shared-services_vpc_az1_subnet-2.id + route_table_id = aws_route_table.shared-services_vpc_az1_rt_incoming.id +} + +resource "aws_route_table_association" "shared-services_vpc_az1_rta_subnet-3"{ + subnet_id = aws_subnet.shared-services_vpc_az1_subnet-3.id + route_table_id = aws_route_table.shared-services_vpc_az1_rt_outgoing.id +} + +# for the 2nd AZ: +resource "aws_route_table_association" "shared-services_vpc_az2_rta_subnet-1"{ + subnet_id = aws_subnet.shared-services_vpc_az2_subnet-1.id + route_table_id = aws_route_table.shared-services_vpc_az2_mgmt_rt.id +} + +resource "aws_route_table_association" "shared-services_vpc_az2_rta_subnet-2"{ + subnet_id = aws_subnet.shared-services_vpc_az2_subnet-2.id + route_table_id = aws_route_table.shared-services_vpc_az2_rt_incoming.id +} + +resource "aws_route_table_association" "shared-services_vpc_az2_rta_subnet-3"{ + subnet_id = aws_subnet.shared-services_vpc_az2_subnet-3.id + route_table_id = aws_route_table.shared-services_vpc_az2_rt_outgoing.id +} + + +# Create security group: + +resource "aws_security_group" "shared-services_vpc_mgmt_sg" { + vpc_id = aws_vpc.vpc_shared-services.id + + egress { + from_port = 0 + to_port = 0 + protocol = -1 + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = [var.ssh_allow_cidr] + } + + ingress { + from_port = 8 # allow ping for your white list CIDR + to_port = 0 + protocol = "icmp" + cidr_blocks = [var.ssh_allow_cidr] + } + + ingress { + from_port = 8 # allow ping for all cloud infra + to_port = 0 + protocol = "icmp" + cidr_blocks = ["10.0.0.0/8"] + } + + ingress { + from_port = 0 + to_port = 0 + protocol = "-1" + self = "true" + } + + tags = { + Name = "${var.bucket_prefix} Shared Services Mgmt SG" + } +} + + +resource "aws_security_group" "shared-services_vpc_sg" { + vpc_id = aws_vpc.vpc_shared-services.id + + egress { + from_port = 0 + to_port = 0 + protocol = -1 + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = [var.ssh_allow_cidr] + } + + ingress { + from_port = 80 # will be used to generate test http traffic + to_port = 80 + protocol = "tcp" + cidr_blocks = ["10.0.0.0/8"] + } + + ingress { + from_port = 8 # allow ping for your white list CIDR + to_port = 0 + protocol = "icmp" + cidr_blocks = [var.ssh_allow_cidr] + } + + ingress { + from_port = 8 # allow ping for all cloud infra + to_port = 0 + protocol = "icmp" + cidr_blocks = ["10.0.0.0/8"] + } + + tags = { + Name = "${var.bucket_prefix} Shared Services VPC SG" + } +} + + +# Create NICs for the firewalls +# First Firewall: +resource "aws_network_interface" "fw1_nic1" { + subnet_id = aws_subnet.shared-services_vpc_az1_subnet-1.id + private_ips = [var.aws_fw1_subnet-1_private_ip] + security_groups = [aws_security_group.shared-services_vpc_mgmt_sg.id] + source_dest_check = false + description = "${var.bucket_prefix} FW1 NIC1 MGMT" + tags = { + Name = "${var.bucket_prefix} FW1 NIC1 MGMT" + } +} + +resource "aws_network_interface" "fw1_nic2" { + subnet_id = aws_subnet.shared-services_vpc_az1_subnet-2.id + private_ips = [var.aws_fw1_subnet-2_private_ip] + security_groups = [aws_security_group.shared-services_vpc_sg.id] + source_dest_check = false + description = "${var.bucket_prefix} FW1 NIC2" + tags = { + Name = "${var.bucket_prefix} FW1 NIC2" + } +} + +resource "aws_network_interface" "fw1_nic3" { + subnet_id = aws_subnet.shared-services_vpc_az1_subnet-3.id + private_ips = [var.aws_fw1_subnet-3_private_ip] + security_groups = [aws_security_group.shared-services_vpc_sg.id] + source_dest_check = false + description = "${var.bucket_prefix} FW1 NIC3" + tags = { + Name = "${var.bucket_prefix} FW1 NIC3" + } +} + +# Second Firewall +resource "aws_network_interface" "fw2_nic1" { + subnet_id = aws_subnet.shared-services_vpc_az2_subnet-1.id + private_ips = [var.aws_fw2_subnet-1_private_ip] + security_groups = [aws_security_group.shared-services_vpc_mgmt_sg.id] + source_dest_check = false + description = "${var.bucket_prefix} FW2 NIC1 MGMT" + tags = { + Name = "${var.bucket_prefix} FW2 NIC1 MGMT" + } +} + +resource "aws_network_interface" "fw2_nic2" { + subnet_id = aws_subnet.shared-services_vpc_az2_subnet-2.id + private_ips = [var.aws_fw2_subnet-2_private_ip] + security_groups = [aws_security_group.shared-services_vpc_sg.id] + source_dest_check = false + description = "${var.bucket_prefix} FW2 NIC2" + tags = { + Name = "${var.bucket_prefix} FW2 NIC2" + } +} + +resource "aws_network_interface" "fw2_nic3" { + subnet_id = aws_subnet.shared-services_vpc_az2_subnet-3.id + private_ips = [var.aws_fw2_subnet-3_private_ip] + security_groups = [aws_security_group.shared-services_vpc_sg.id] + source_dest_check = false + description = "${var.bucket_prefix} FW2 NIC3" + tags = { + Name = "${var.bucket_prefix} FW2 NIC3" + } +} + + +# Create FW VMs +# Create 1st FW: +resource "aws_instance" "shared-services_fw1" { + ami = var.aws_ami_id_fw + instance_type = var.aws_ami_type_fw + key_name = var.aws_key_pair_name + availability_zone = var.aws_shared-services_az1 + user_data = file("cloud-init-shared-services_fw1.user_data") + + network_interface { + device_index = 0 + network_interface_id = aws_network_interface.fw1_nic1.id + delete_on_termination = false + } + + network_interface { + device_index = 1 + network_interface_id = aws_network_interface.fw1_nic2.id + delete_on_termination = false + } + + network_interface { + device_index = 2 + network_interface_id = aws_network_interface.fw1_nic3.id + delete_on_termination = false + } + + tags = { + Name = "${var.bucket_prefix} FW1" + } + +} + +# Create 2nd FW: +resource "aws_instance" "shared-services_fw2" { + ami = var.aws_ami_id_fw + instance_type = var.aws_ami_type_fw + key_name = var.aws_key_pair_name + availability_zone = var.aws_shared-services_az2 + user_data = file("cloud-init-shared-services_fw2.user_data") + + network_interface { + device_index = 0 + network_interface_id = aws_network_interface.fw2_nic1.id + delete_on_termination = false + } + + network_interface { + device_index = 1 + network_interface_id = aws_network_interface.fw2_nic2.id + delete_on_termination = false + } + + network_interface { + device_index = 2 + network_interface_id = aws_network_interface.fw2_nic3.id + delete_on_termination = false + } + + tags = { + Name = "${var.bucket_prefix} FW2" + } + +} + + +# Allocate and assign public IP address to the mgmt interface for the FW1: +resource "aws_eip" "fw1_nic1_eip_mgmt" { + vpc = true + network_interface = aws_network_interface.fw1_nic1.id + associate_with_private_ip = var.aws_fw1_subnet-1_private_ip + depends_on = [aws_instance.shared-services_fw1] + tags = { + Name = "${var.bucket_prefix} FW1 Mgmt EIP" + } +} + +# Allocate and assign public IP address to the mgmt interface for the FW2: +resource "aws_eip" "fw2_nic1_eip_mgmt" { + vpc = true + network_interface = aws_network_interface.fw2_nic1.id + associate_with_private_ip = var.aws_fw2_subnet-1_private_ip + depends_on = [aws_instance.shared-services_fw2] + tags = { + Name = "${var.bucket_prefix} FW2 Mgmt EIP" + } +} + + +# Write Management IP of the Firewalls to CLI +output "fw1_mgmt_ip" { + value = "${aws_instance.shared-services_fw1.public_ip} Re-run 'terraform apply' if you don't see the IP. To connect: ssh -i ec2-user@ " + depends_on = [aws_instance.shared-services_fw1] +} + +output "fw2_mgmt_ip" { + value = "${aws_instance.shared-services_fw2.public_ip} Re-run 'terraform apply' if you don't see the IP. To connect: ssh -i ec2-user@ " + depends_on = [aws_instance.shared-services_fw2] +} + + + + + +# Create Load Balancing Target Group using GENEVE with Health Check + +resource "aws_lb_target_group" "target_group_geneve" { + name = "SEC-target-group-geneve" + port = 6081 + protocol = "GENEVE" + target_type = "ip" + vpc_id = aws_vpc.vpc_shared-services.id + + health_check { # using TCP health check on port 443: + port = 443 + protocol = "TCP" + } + +} + + +# Add IP addresses of the Firewalls to the target group using GENEVE port 6081 +resource "aws_lb_target_group_attachment" "target_group_attachment_fw1" { + target_group_arn = aws_lb_target_group.target_group_geneve.arn + target_id = var.aws_fw1_subnet-2_private_ip + port = 6081 + depends_on = [ + aws_lb_target_group.target_group_geneve, + aws_instance.shared-services_fw1 + ] +} +resource "aws_lb_target_group_attachment" "target_group_attachment_fw2" { + target_group_arn = aws_lb_target_group.target_group_geneve.arn + target_id = var.aws_fw2_subnet-2_private_ip + port = 6081 + depends_on = [ + aws_lb_target_group.target_group_geneve, + aws_instance.shared-services_fw2 + ] +} + + +# Create Gateway Load Balancer (GWLB) with cross AZ Load Balancing +resource "aws_lb" "gwlb_geneve" { + name = "SEC-geneve-GWLB" + load_balancer_type = "gateway" + subnets = [ + aws_subnet.shared-services_vpc_az1_subnet-2.id, + aws_subnet.shared-services_vpc_az2_subnet-2.id + ] + enable_cross_zone_load_balancing = true # critical to enable because we use multiple availability zones! + tags = { + Name = "${var.bucket_prefix} GWLB for Firewalls" + } +} + +# Create GWLB Listener pointing to the appropriate target grou: +resource "aws_lb_listener" "gwlb_geneve_listener" { + load_balancer_arn = aws_lb.gwlb_geneve.id + + default_action { + target_group_arn = aws_lb_target_group.target_group_geneve.id + type = "forward" + } +} + +# Create GWLB Endpoints in two steps: create endpoint service first and then endpoints in two Availability Zones +data "aws_caller_identity" "current" {} +# Create Endpoint Service: +resource "aws_vpc_endpoint_service" "gwlb_endpoint_service" { + acceptance_required = false + allowed_principals = [data.aws_caller_identity.current.arn] + gateway_load_balancer_arns = [aws_lb.gwlb_geneve.arn] + depends_on = [aws_lb.gwlb_geneve] + tags = { + Name = "${var.bucket_prefix} GWLB Endpoint Service for FW Load Balancing using GENEVE" + } +} +# Create Endpoint in AZ1: +resource "aws_vpc_endpoint" "gwlb_endpoint_az1" { + service_name = aws_vpc_endpoint_service.gwlb_endpoint_service.service_name + subnet_ids = [aws_subnet.shared-services_vpc_az1_subnet-3.id] + vpc_endpoint_type = aws_vpc_endpoint_service.gwlb_endpoint_service.service_type + vpc_id = aws_vpc.vpc_shared-services.id + depends_on = [aws_vpc_endpoint_service.gwlb_endpoint_service] + tags = { + Name = "${var.bucket_prefix} GWLB Endpoint in AZ1" + } +} +# Create Endpoint in AZ2: +resource "aws_vpc_endpoint" "gwlb_endpoint_az2" { + service_name = aws_vpc_endpoint_service.gwlb_endpoint_service.service_name + subnet_ids = [aws_subnet.shared-services_vpc_az2_subnet-3.id] + vpc_endpoint_type = aws_vpc_endpoint_service.gwlb_endpoint_service.service_type + vpc_id = aws_vpc.vpc_shared-services.id + depends_on = [aws_vpc_endpoint_service.gwlb_endpoint_service] + tags = { + Name = "${var.bucket_prefix} GWLB Endpoint in AZ2" + } +} +# Please note, that the health check between GWLB and FTDv firewalls will not work until you configure GENEVE protocol on firewalls via FMC! + + +# Find out TGW, which was created earlier by cloud-app1 script and attach shared services VPC to TGW +data "aws_ec2_transit_gateway" "sec_tgw" { + filter { + name = "options.amazon-side-asn" + values = [var.tgw_amazon_side_asn] # the assumption here: there is only ONE TGW with this ASN + } + filter { + name = "state" + values = ["available"] + } +} +# Attaching Shared Services VPC to TGW as VPC Attachment with Appliance Mode support: +resource "aws_ec2_transit_gateway_vpc_attachment" "shared_services_tgw_attachment" { + subnet_ids = [ + aws_subnet.shared-services_vpc_az1_subnet-2.id, + aws_subnet.shared-services_vpc_az2_subnet-2.id + ] + transit_gateway_id = data.aws_ec2_transit_gateway.sec_tgw.id + vpc_id = aws_vpc.vpc_shared-services.id + appliance_mode_support = "enable" # this is critical to ensure symmetric routing! + transit_gateway_default_route_table_association = false + transit_gateway_default_route_table_propagation = false + tags = { + Name = "${var.bucket_prefix} VPC Attachment for Shared Services VPC" + } +} +# Associate Shared Services VPC with the outgoing TGW Route Table: +data "aws_ec2_transit_gateway_route_table" "sec_tgw_outgoing_rt" { + filter { + name = "tag:Name" + values = ["${var.bucket_prefix} TGW Route Table outgoing from shared services"] # the assumption here: there is only ONE TGW with this ASN + } +} +resource "aws_ec2_transit_gateway_route_table_association" "sec_tgw_rt_shared_services_attachment_association" { + transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.shared_services_tgw_attachment.id + transit_gateway_route_table_id = data.aws_ec2_transit_gateway_route_table.sec_tgw_outgoing_rt.id +} + + +# Now we have needed infrastructure created and can tweak routes in existing route tables +# Find out route table from Cloud App1 Host VPC: +data "aws_route_table" "cloud_app1_rt_vpn10" { + filter { + name = "tag:Name" + values = ["${var.bucket_prefix} Cloud App1 VPC RT Service VPN 10"] # the assumption here: description from cloud-app1 script was not changed + } +} +# Create default route in the Cloud App1 Host VPC pointing to TGW: +resource "aws_route" "cloud_app1_default_route_to_tgw" { + route_table_id = data.aws_route_table.cloud_app1_rt_vpn10.id + destination_cidr_block = "0.0.0.0/0" + transit_gateway_id = data.aws_ec2_transit_gateway.sec_tgw.id + depends_on = [data.aws_ec2_transit_gateway.sec_tgw] +} +# Find out route table from Cloud App2 Host VPC: +data "aws_route_table" "cloud_app2_rt_vpn10" { + filter { + name = "tag:Name" + values = ["${var.bucket_prefix} Cloud App2 VPC RT Service VPN 10"] # the assumption here: description from cloud-app1 script was not changed + } +} +# Create default route in the Cloud App2 Host VPC pointing to TGW: +resource "aws_route" "cloud_app2_default_route_to_tgw" { + route_table_id = data.aws_route_table.cloud_app2_rt_vpn10.id + destination_cidr_block = "0.0.0.0/0" + transit_gateway_id = data.aws_ec2_transit_gateway.sec_tgw.id + depends_on = [data.aws_ec2_transit_gateway.sec_tgw] +} + +# Add route to the incoming TGW route table pointing to shared services +# Find out TGW incoming route table, which was defined in cloud-app1 script: +data "aws_ec2_transit_gateway_route_table" "sec_tgw_incoming_route_table" { + filter { + name = "tag:Name" + values = ["${var.bucket_prefix} TGW Route Table incoming from host VPCs to shared services"] # the assumption here: description from cloud-app1 script was not changed + } +} +# Install default route in the incoming TGW route table pointing to shared services VPC attachment: +resource "aws_ec2_transit_gateway_route" "sec_tgw_rt_incoming_to_shared_services" { + destination_cidr_block = "0.0.0.0/0" + transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.shared_services_tgw_attachment.id + transit_gateway_route_table_id = data.aws_ec2_transit_gateway_route_table.sec_tgw_incoming_route_table.id +} + +# Install default route in Shared Services AZ1 Incoming Route Table pointing to GWLB Endpoint +resource "aws_route" "shared-services_vpc_az1_rt_incoming_route_to_gwlb_endpoint" { + route_table_id = aws_route_table.shared-services_vpc_az1_rt_incoming.id + destination_cidr_block = "0.0.0.0/0" + vpc_endpoint_id = aws_vpc_endpoint.gwlb_endpoint_az1.id + depends_on = [aws_vpc_endpoint.gwlb_endpoint_az1] +} +# Install default route in Shared Services AZ2 Incoming Route Table pointing to GWLB Endpoint +resource "aws_route" "shared-services_vpc_az2_rt_incoming_route_to_gwlb_endpoint" { + route_table_id = aws_route_table.shared-services_vpc_az2_rt_incoming.id + destination_cidr_block = "0.0.0.0/0" + vpc_endpoint_id = aws_vpc_endpoint.gwlb_endpoint_az2.id + depends_on = [aws_vpc_endpoint.gwlb_endpoint_az2] +} + +# Install static route in the Shared Services AZ1 outgoing pointing to TGW +resource "aws_route" "shared-services_vpc_az1_rt_outgoing_route_to_tgw" { + route_table_id = aws_route_table.shared-services_vpc_az1_rt_outgoing.id + destination_cidr_block = var.aws_shared-services_vpc_az1_cidr_route_back_to_tgw + transit_gateway_id = data.aws_ec2_transit_gateway.sec_tgw.id + depends_on = [data.aws_ec2_transit_gateway.sec_tgw] +} +# Install static route in the Shared Services AZ2 outgoing pointing to TGW +resource "aws_route" "shared-services_vpc_az2_rt_outgoing_route_to_tgw" { + route_table_id = aws_route_table.shared-services_vpc_az2_rt_outgoing.id + destination_cidr_block = var.aws_shared-services_vpc_az2_cidr_route_back_to_tgw + transit_gateway_id = data.aws_ec2_transit_gateway.sec_tgw.id + depends_on = [data.aws_ec2_transit_gateway.sec_tgw] +} + +# Install static routes in the outgoing TGW route table pointing to cloud apps (host VPCs) +# find out CIDR for the cloud app1 VPC: +data "aws_vpc" "host_vpc1_cidr" { + filter { + name = "tag:Name" + values = ["${var.bucket_prefix} Cloud App1 VPC"] # the assumption here: description from cloud-app1 script was not changed + } +} +# find out outgoing TGW route table: +data "aws_ec2_transit_gateway_route_table" "sec_tgw_outgoing_route_table" { + filter { + name = "tag:Name" + values = ["${var.bucket_prefix} TGW Route Table outgoing from shared services"] # the assumption here: description from cloud-app1 script was not changed + } +} +# install static route for cloud app1 into TGW outgoing route table: +resource "aws_ec2_transit_gateway_route" "sec_tgw_rt_outgoing_route_to_host_vpc1" { + destination_cidr_block = data.aws_vpc.host_vpc1_cidr.cidr_block + transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.shared_services_tgw_attachment.id + transit_gateway_route_table_id = data.aws_ec2_transit_gateway_route_table.sec_tgw_outgoing_route_table.id + depends_on = [data.aws_ec2_transit_gateway.sec_tgw] +} +# find out CIDR for the cloud app2 VPC: +data "aws_vpc" "host_vpc2_cidr" { + filter { + name = "tag:Name" + values = ["${var.bucket_prefix} Cloud App2 VPC"] # the assumption here: description from cloud-app1 script was not changed + } +} +# install static route for cloud app2 into TGW outgoing route table: +resource "aws_ec2_transit_gateway_route" "sec_tgw_rt_outgoing_route_to_host_vpc2" { + destination_cidr_block = data.aws_vpc.host_vpc2_cidr.cidr_block + transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.shared_services_tgw_attachment.id + transit_gateway_route_table_id = data.aws_ec2_transit_gateway_route_table.sec_tgw_outgoing_route_table.id + depends_on = [data.aws_ec2_transit_gateway.sec_tgw] +} \ No newline at end of file diff --git a/05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/vars.tf b/05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/vars.tf new file mode 100644 index 0000000..6f0b091 --- /dev/null +++ b/05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/vars.tf @@ -0,0 +1,100 @@ +# Shared Services for SD-WAN Security demo - consists of two FTDv Firewall VMs running in a different AZ with GWLB +# Please note, that FMCv controller should be deployed in a different VPC, ideally next to SD-WAN Controllers. +# FMCv deployment is NOT part of this script. + +variable "bucket_prefix" { # use this a prefix in descriptions of ressources, which will be prepended to the name of all ressources. Example "FW-VPC1" + default = "SEC" +} + +variable "ssh_allow_cidr" { # allow ssh only from Cisco San Jose VPN Cluster, adjust as needed! + default = "128.107.0.0/16" +} + +variable "aws_shared-services_region" { + default = "us-west-2" # if you change the default region, please also change AMI IDs below +} + +variable "aws_shared-services_az1" { + default = "us-west-2c" +} + +variable "aws_shared-services_az2" { + default = "us-west-2b" +} + +variable "aws_shared-services_vpc_cidr" { + default = "10.70.0.0/16" +} + +variable "aws_shared-services_vpc_az1_subnet-1_cidr" { + default = "10.70.1.0/24" +} + +variable "aws_shared-services_vpc_az1_subnet-2_cidr" { + default = "10.70.2.0/24" +} + +variable "aws_shared-services_vpc_az1_subnet-3_cidr" { + default = "10.70.3.0/24" +} + +variable "aws_shared-services_vpc_az2_subnet-1_cidr" { + default = "10.70.11.0/24" +} + +variable "aws_shared-services_vpc_az2_subnet-2_cidr" { + default = "10.70.12.0/24" +} + +variable "aws_shared-services_vpc_az2_subnet-3_cidr" { + default = "10.70.13.0/24" +} + +variable "aws_shared-services_vpc_az1_cidr_route_back_to_tgw" { + default = "0.0.0.0/0" # tweak this if you want to route back to TGW only SD-WAN networks +} + +variable "aws_shared-services_vpc_az2_cidr_route_back_to_tgw" { + default = "0.0.0.0/0" # tweak this if you want to route back to TGW only SD-WAN networks +} + +variable "aws_ami_id_fw" { + default = "ami-0bb9a899312d2bade" # FTDv Cisco-internal IFT version 7.1.0-61. Please change the AMI if you want to use a different region! +} + +variable "aws_ami_type_fw" { + default = "c5.xlarge" +} + +variable "aws_fw1_subnet-1_private_ip" { + default = "10.70.1.101" +} + +variable "aws_fw1_subnet-2_private_ip" { + default = "10.70.2.101" +} + +variable "aws_fw1_subnet-3_private_ip" { + default = "10.70.3.101" +} + +variable "aws_fw2_subnet-1_private_ip" { + default = "10.70.11.101" +} + +variable "aws_fw2_subnet-2_private_ip" { + default = "10.70.12.101" +} + +variable "aws_fw2_subnet-3_private_ip" { + default = "10.70.13.101" +} + +variable "tgw_amazon_side_asn" { + default = "64522" # please make sure, that this is unique, we will use it as filter +} + +# SSH Key File: +variable "aws_key_pair_name" { + default = "aws-key-20-3-setup" # Please change to your AWS pem ssh key file! It will NOT work with the default value "aws-key-20-3-setup" +} \ No newline at end of file diff --git a/05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/cloud-init-sdwan-r1.user_data b/05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/cloud-init-sdwan-r1.user_data new file mode 100644 index 0000000..fd68a5f --- /dev/null +++ b/05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/cloud-init-sdwan-r1.user_data @@ -0,0 +1,142 @@ +Content-Type: multipart/mixed; boundary="==BOUNDARY==" +MIME-Version: 1.0 + +--==BOUNDARY== +Content-Type: text/cloud-config; charset="us-ascii" + +#cloud-config +vinitparam: + - uuid : + - org : + - vbond : + - otp : + +--==BOUNDARY== +Content-Type: text/cloud-boothook; charset="us-ascii" + +#cloud-boothook + +hostname SDWAN-VPC-R1 +! +system + system-ip 10.172.1.11 + site-id 172 + organization-name + vbond +! +! +vrf definition 10 + rd 1:10 + address-family ipv4 + route-target export 64550:1 + route-target import 64550:1 + exit-address-family + ! + address-family ipv6 + exit-address-family + ! +! +vrf definition Mgmt-intf + description Management + rd 1:512 + address-family ipv4 + route-target export 1:512 + route-target import 1:512 + exit-address-family + ! + address-family ipv6 + exit-address-family + ! +! +interface GigabitEthernet1 + no shutdown + vrf forwarding Mgmt-intf + ip address dhcp client-id GigabitEthernet1 + ip dhcp client default-router distance 1 + ip mtu 1500 + mtu 1500 + negotiation auto +exit +! +interface GigabitEthernet2 + no shut + ip address dhcp client-id GigabitEthernet2 + ip dhcp client default-router distance 1 + ip mtu 1500 + mtu 1500 + negotiation auto +! +! +interface GigabitEthernet3 + no shut +! +! +interface Tunnel2 + no shutdown + ip unnumbered GigabitEthernet2 + no ip redirects + ipv6 unnumbered GigabitEthernet2 + no ipv6 redirects + tunnel source GigabitEthernet2 + tunnel mode sdwan +exit +! +! +sdwan + interface GigabitEthernet2 + tunnel-interface + encapsulation ipsec weight 1 + no border + color default + no last-resort-circuit + no low-bandwidth-link + no vbond-as-stun-server + vmanage-connection-preference 5 + port-hop + carrier default + nat-refresh-interval 5 + hello-interval 1000 + hello-tolerance 12 + allow-service all + no allow-service bgp + allow-service dhcp + allow-service dns + allow-service icmp + allow-service sshd + allow-service netconf + allow-service ntp + no allow-service ospf + no allow-service stun + allow-service https + no allow-service snmp + exit + exit + appqoe + no tcpopt enable + ! + omp + no shutdown + send-path-limit 4 + ecmp-limit 4 + graceful-restart + no as-dot-notation + timers + holdtime 60 + advertisement-interval 1 + graceful-restart-timer 43200 + eor-timer 300 + exit + address-family ipv4 + advertise bgp + advertise connected + advertise static + ! + address-family ipv6 + advertise bgp + advertise connected + advertise static + ! + ! +! +! +--==BOUNDARY== \ No newline at end of file diff --git a/05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/cloud-init-sdwan-r2.user_data b/05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/cloud-init-sdwan-r2.user_data new file mode 100644 index 0000000..562e7a5 --- /dev/null +++ b/05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/cloud-init-sdwan-r2.user_data @@ -0,0 +1,142 @@ +Content-Type: multipart/mixed; boundary="==BOUNDARY==" +MIME-Version: 1.0 + +--==BOUNDARY== +Content-Type: text/cloud-config; charset="us-ascii" + +#cloud-config +vinitparam: + - uuid : + - org : + - vbond : + - otp : + +--==BOUNDARY== +Content-Type: text/cloud-boothook; charset="us-ascii" + +#cloud-boothook + +hostname SDWAN-VPC-R2 +! +system + system-ip 10.172.1.12 + site-id 172 + organization-name + vbond +! +! +vrf definition 10 + rd 1:10 + address-family ipv4 + route-target export 64550:1 + route-target import 64550:1 + exit-address-family + ! + address-family ipv6 + exit-address-family + ! +! +vrf definition Mgmt-intf + description Management + rd 1:512 + address-family ipv4 + route-target export 1:512 + route-target import 1:512 + exit-address-family + ! + address-family ipv6 + exit-address-family + ! +! +interface GigabitEthernet1 + no shutdown + vrf forwarding Mgmt-intf + ip address dhcp client-id GigabitEthernet1 + ip dhcp client default-router distance 1 + ip mtu 1500 + mtu 1500 + negotiation auto +exit +! +interface GigabitEthernet2 + no shut + ip address dhcp client-id GigabitEthernet2 + ip dhcp client default-router distance 1 + ip mtu 1500 + mtu 1500 + negotiation auto +! +! +interface GigabitEthernet3 + no shut +! +! +interface Tunnel2 + no shutdown + ip unnumbered GigabitEthernet2 + no ip redirects + ipv6 unnumbered GigabitEthernet2 + no ipv6 redirects + tunnel source GigabitEthernet2 + tunnel mode sdwan +exit +! +! +sdwan + interface GigabitEthernet2 + tunnel-interface + encapsulation ipsec weight 1 + no border + color default + no last-resort-circuit + no low-bandwidth-link + no vbond-as-stun-server + vmanage-connection-preference 5 + port-hop + carrier default + nat-refresh-interval 5 + hello-interval 1000 + hello-tolerance 12 + allow-service all + no allow-service bgp + allow-service dhcp + allow-service dns + allow-service icmp + allow-service sshd + allow-service netconf + allow-service ntp + no allow-service ospf + no allow-service stun + allow-service https + no allow-service snmp + exit + exit + appqoe + no tcpopt enable + ! + omp + no shutdown + send-path-limit 4 + ecmp-limit 4 + graceful-restart + no as-dot-notation + timers + holdtime 60 + advertisement-interval 1 + graceful-restart-timer 43200 + eor-timer 300 + exit + address-family ipv4 + advertise bgp + advertise connected + advertise static + ! + address-family ipv6 + advertise bgp + advertise connected + advertise static + ! + ! +! +! +--==BOUNDARY== \ No newline at end of file diff --git a/05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/provider.tf b/05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/provider.tf new file mode 100644 index 0000000..5c138ad --- /dev/null +++ b/05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/provider.tf @@ -0,0 +1,5 @@ +provider "aws" { + alias = "sdwan" + region = var.aws_sdwan_region +} + diff --git a/05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/sdwan.tf b/05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/sdwan.tf new file mode 100644 index 0000000..3d27b1a --- /dev/null +++ b/05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/sdwan.tf @@ -0,0 +1,549 @@ +# This file will create AWS Infrastructure (VPC, Subnets, IGW, Route Tables, etc) for SD-WAN VPC with two SD-WAN routers + +# Create SDWAN VPC: + +resource "aws_vpc" "vpc_sdwan" { + cidr_block = var.aws_sdwan_vpc_cidr + provider = aws.sdwan + tags = { + Name = "${var.bucket_prefix} SDWAN VPC" + } +} + +# Create 3 Subnets for SDWAN VPC in 2 AZs: + +resource "aws_subnet" "sdwan_vpc_az1_subnet-1" { + vpc_id = aws_vpc.vpc_sdwan.id + cidr_block = var.aws_sdwan_vpc_az1_subnet-1_cidr + map_public_ip_on_launch = "true" //it makes this a public subnet + availability_zone = var.aws_sdwan_az1 + tags = { + Name = "${var.bucket_prefix} SDWAN AZ1 Subnet-1 Mgmt" + } +} + +resource "aws_subnet" "sdwan_vpc_az1_subnet-2" { + vpc_id = aws_vpc.vpc_sdwan.id + cidr_block = var.aws_sdwan_vpc_az1_subnet-2_cidr + availability_zone = var.aws_sdwan_az1 + tags = { + Name = "${var.bucket_prefix} SDWAN AZ1 Subnet-2" + } +} + +resource "aws_subnet" "sdwan_vpc_az1_subnet-3" { + vpc_id = aws_vpc.vpc_sdwan.id + cidr_block = var.aws_sdwan_vpc_az1_subnet-3_cidr + availability_zone = var.aws_sdwan_az1 + tags = { + Name = "${var.bucket_prefix} SDWAN AZ1 Subnet-3" + } +} + + +resource "aws_subnet" "sdwan_vpc_az2_subnet-1" { + vpc_id = aws_vpc.vpc_sdwan.id + cidr_block = var.aws_sdwan_vpc_az2_subnet-1_cidr + map_public_ip_on_launch = "true" //it makes this a public subnet + availability_zone = var.aws_sdwan_az2 + tags = { + Name = "${var.bucket_prefix} SDWAN AZ2 Subnet-1 Mgmt" + } +} + +resource "aws_subnet" "sdwan_vpc_az2_subnet-2" { + vpc_id = aws_vpc.vpc_sdwan.id + cidr_block = var.aws_sdwan_vpc_az2_subnet-2_cidr + availability_zone = var.aws_sdwan_az2 + tags = { + Name = "${var.bucket_prefix} SDWAN AZ2 Subnet-2" + } +} + +resource "aws_subnet" "sdwan_vpc_az2_subnet-3" { + vpc_id = aws_vpc.vpc_sdwan.id + cidr_block = var.aws_sdwan_vpc_az2_subnet-3_cidr + availability_zone = var.aws_sdwan_az2 + tags = { + Name = "${var.bucket_prefix} SDWAN AZ2 Subnet-3" + } +} + + +# Create IGW for Internet Access: + +resource "aws_internet_gateway" "sdwan_vpc_igw" { + vpc_id = aws_vpc.vpc_sdwan.id + tags = { + Name = "${var.bucket_prefix} SDWAN VPC IGW" + } +} + + +# Create route tables and default route pointing to IGW in VPN512 and VPN0: + +resource "aws_route_table" "sdwan_vpc_az1_mgmt_rt" { + vpc_id = aws_vpc.vpc_sdwan.id + route { + //associated subnet can reach everywhere + cidr_block = "0.0.0.0/0" //CRT uses this IGW to reach internet + gateway_id = aws_internet_gateway.sdwan_vpc_igw.id + } + tags = { + Name = "${var.bucket_prefix} SDWAN VPC AZ1 Mgmt RT" + } +} + +resource "aws_route_table" "sdwan_vpc_az1_rt_vpn0" { + vpc_id = aws_vpc.vpc_sdwan.id + route { + //associated subnet can reach everywhere + cidr_block = "0.0.0.0/0" //CRT uses this IGW to reach internet + gateway_id = aws_internet_gateway.sdwan_vpc_igw.id + } + tags = { + Name = "${var.bucket_prefix} SDWAN VPC AZ1 RT VPN0" + } +} + +resource "aws_route_table" "sdwan_vpc_az1_rt_vpn10" { + vpc_id = aws_vpc.vpc_sdwan.id + tags = { + Name = "${var.bucket_prefix} SDWAN VPC AZ1 RT Service VPN 10" + } +} + +resource "aws_route_table" "sdwan_vpc_az2_mgmt_rt" { + vpc_id = aws_vpc.vpc_sdwan.id + route { + //associated subnet can reach everywhere + cidr_block = "0.0.0.0/0" //CRT uses this IGW to reach internet + gateway_id = aws_internet_gateway.sdwan_vpc_igw.id + } + tags = { + Name = "${var.bucket_prefix} SDWAN VPC AZ2 Mgmt RT" + } +} + +resource "aws_route_table" "sdwan_vpc_az2_rt_vpn0" { + vpc_id = aws_vpc.vpc_sdwan.id + route { + //associated subnet can reach everywhere + cidr_block = "0.0.0.0/0" //CRT uses this IGW to reach internet + gateway_id = aws_internet_gateway.sdwan_vpc_igw.id + } + tags = { + Name = "${var.bucket_prefix} SDWAN VPC AZ2 RT VPN0" + } +} + +resource "aws_route_table" "sdwan_vpc_az2_rt_vpn10" { + vpc_id = aws_vpc.vpc_sdwan.id + tags = { + Name = "${var.bucket_prefix} SDWAN VPC AZ2 RT Service VPN 10" + } +} + + +# Associate CRT and Subnet for Mgmt and Traffic: + +resource "aws_route_table_association" "sdwan_vpc_rta_az1_subnet-1"{ + subnet_id = aws_subnet.sdwan_vpc_az1_subnet-1.id + route_table_id = aws_route_table.sdwan_vpc_az1_mgmt_rt.id +} + +resource "aws_route_table_association" "sdwan_vpc_rta_az1_subnet-2"{ + subnet_id = aws_subnet.sdwan_vpc_az1_subnet-2.id + route_table_id = aws_route_table.sdwan_vpc_az1_rt_vpn0.id +} + +resource "aws_route_table_association" "sdwan_vpc_rta_az1_subnet-3"{ + subnet_id = aws_subnet.sdwan_vpc_az1_subnet-3.id + route_table_id = aws_route_table.sdwan_vpc_az1_rt_vpn10.id +} + +resource "aws_route_table_association" "sdwan_vpc_rta_az2_subnet-1"{ + subnet_id = aws_subnet.sdwan_vpc_az2_subnet-1.id + route_table_id = aws_route_table.sdwan_vpc_az2_mgmt_rt.id +} + +resource "aws_route_table_association" "sdwan_vpc_rta_az2_subnet-2"{ + subnet_id = aws_subnet.sdwan_vpc_az2_subnet-2.id + route_table_id = aws_route_table.sdwan_vpc_az2_rt_vpn0.id +} + +resource "aws_route_table_association" "sdwan_vpc_rta_az2_subnet-3"{ + subnet_id = aws_subnet.sdwan_vpc_az2_subnet-3.id + route_table_id = aws_route_table.sdwan_vpc_az2_rt_vpn10.id +} + +# Create security group: + +resource "aws_security_group" "sdwan_vpc_mgmt_sg" { + vpc_id = aws_vpc.vpc_sdwan.id + + egress { + from_port = 0 + to_port = 0 + protocol = -1 + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 22 # allow ssh from the CIDR block defined in vars.tf + to_port = 22 + protocol = "tcp" + cidr_blocks = [var.ssh_allow_cidr] + } + + ingress { + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = [var.ssh_allow_cidr] + } + + ingress { + from_port = 8 #allow ping + to_port = 0 + protocol = "icmp" + cidr_blocks = ["10.0.0.0/8"] + } + + ingress { + from_port = 830 + to_port = 830 + protocol = "tcp" + // SD-WAN TCP Ports + cidr_blocks = ["0.0.0.0/0"] + } + + + //SD-WAN tcp ports + ingress { + from_port = 23456 + to_port = 24156 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 12346 # allow SD-WAN UDP ports + to_port = 13046 + protocol = "udp" + cidr_blocks = ["0.0.0.0/0"] + } + + //IPSec udp ports + ingress { + from_port = 4500 + to_port = 4500 + protocol = "udp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 500 + to_port = 500 + protocol = "udp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 0 + to_port = 0 + protocol = "-1" + self = "true" + } + + tags = { + Name = "${var.bucket_prefix} SDWAN SD-WAN Mgmt SG" + } +} + + +resource "aws_security_group" "sdwan_vpc_sg" { + vpc_id = aws_vpc.vpc_sdwan.id + + egress { + from_port = 0 + to_port = 0 + protocol = -1 + cidr_blocks = ["0.0.0.0/0"] + } + + //If you do not add this rule, you can not reach the web interface + ingress { + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = [var.ssh_allow_cidr] + } + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = [var.ssh_allow_cidr] + } + + ingress { + from_port = 8 #allow ping + to_port = 0 + protocol = "icmp" + cidr_blocks = ["10.0.0.0/8"] + } + + ingress { + from_port = 830 + to_port = 830 + protocol = "tcp" + // SD-WAN TCP Ports + cidr_blocks = ["0.0.0.0/0"] + } + + //SD-WAN tcp ports + ingress { + from_port = 23456 + to_port = 24156 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + //SD-WAN udp ports + ingress { + from_port = 12346 + to_port = 13046 + protocol = "udp" + cidr_blocks = ["0.0.0.0/0"] + } + + //IPSec udp ports + ingress { + from_port = 4500 + to_port = 4500 + protocol = "udp" + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 500 + to_port = 500 + protocol = "udp" + cidr_blocks = ["0.0.0.0/0"] + } + + //Allow GRE tunnels + ingress { + protocol = "47" + from_port = 0 + to_port = 65535 + cidr_blocks = ["0.0.0.0/0"] + } + + ingress { + from_port = 0 + to_port = 0 + protocol = "-1" + self = "true" + } + + tags = { + Name = "${var.bucket_prefix} SDWAN SD-WAN VPC SG" + } +} + + +# Create NICs for routers: + +resource "aws_network_interface" "sdwan_r1_nic1" { + subnet_id = aws_subnet.sdwan_vpc_az1_subnet-1.id + private_ips = [var.aws_sdwan_r1_nic1_private_ip] + security_groups = [aws_security_group.sdwan_vpc_mgmt_sg.id] + source_dest_check = false + description = "${var.bucket_prefix} SDWAN R1 NIC1 MGMT" + tags = { + Name = "${var.bucket_prefix} SDWAN R1 NIC1 MGMT" + } +} + +resource "aws_network_interface" "sdwan_r1_nic2" { + subnet_id = aws_subnet.sdwan_vpc_az1_subnet-2.id + private_ips = [var.aws_sdwan_r1_nic2_private_ip] + security_groups = [aws_security_group.sdwan_vpc_sg.id] + source_dest_check = false + description = "${var.bucket_prefix} SDWAN R1 NIC2 VPN0" + tags = { + Name = "${var.bucket_prefix} SDWAN R1 NIC2 VPN0" + } +} + +resource "aws_network_interface" "sdwan_r1_nic3" { + subnet_id = aws_subnet.sdwan_vpc_az1_subnet-3.id + private_ips = [var.aws_sdwan_r1_nic3_private_ip] + security_groups = [aws_security_group.sdwan_vpc_sg.id] + source_dest_check = false + description = "${var.bucket_prefix} SDWAN R1 NIC3 Service VPN" + tags = { + Name = "${var.bucket_prefix} SDWAN R1 NIC3 Service VPN" + } +} + +resource "aws_network_interface" "sdwan_r2_nic1" { + subnet_id = aws_subnet.sdwan_vpc_az2_subnet-1.id + private_ips = [var.aws_sdwan_r2_nic1_private_ip] + security_groups = [aws_security_group.sdwan_vpc_mgmt_sg.id] + source_dest_check = false + description = "${var.bucket_prefix} SDWAN R2 NIC1 MGMT" + tags = { + Name = "${var.bucket_prefix} SDWAN R2 NIC1 MGMT" + } +} + +resource "aws_network_interface" "sdwan_r2_nic2" { + subnet_id = aws_subnet.sdwan_vpc_az2_subnet-2.id + private_ips = [var.aws_sdwan_r2_nic2_private_ip] + security_groups = [aws_security_group.sdwan_vpc_sg.id] + source_dest_check = false + description = "${var.bucket_prefix} SDWAN R2 NIC2 VPN0" + tags = { + Name = "${var.bucket_prefix} SDWAN R2 NIC2 VPN0" + } +} + +resource "aws_network_interface" "sdwan_r2_nic3" { + subnet_id = aws_subnet.sdwan_vpc_az2_subnet-3.id + private_ips = [var.aws_sdwan_r2_nic3_private_ip] + security_groups = [aws_security_group.sdwan_vpc_sg.id] + source_dest_check = false + description = "${var.bucket_prefix} SDWAN R2 NIC3 Service VPN" + tags = { + Name = "${var.bucket_prefix} SDWAN R2 NIC3 Service VPN" + } +} + + +# Create two SD-WAN Routers in the SDWAN VPC: + +resource "aws_instance" "sdwan_r1" { + ami = var.aws_ami_id_sdwan_router + instance_type = var.aws_ami_type_sdwan_router + key_name = var.aws_key_pair_name + availability_zone = var.aws_sdwan_az1 + user_data = file("cloud-init-sdwan-r1.user_data") + + network_interface { + device_index = 0 + network_interface_id = aws_network_interface.sdwan_r1_nic1.id + delete_on_termination = false + } + + network_interface { + device_index = 1 + network_interface_id = aws_network_interface.sdwan_r1_nic2.id + delete_on_termination = false + } + + network_interface { + device_index = 2 + network_interface_id = aws_network_interface.sdwan_r1_nic3.id + delete_on_termination = false + } + + tags = { + Name = "${var.bucket_prefix} SDWAN R1" + } + +} + + +resource "aws_instance" "sdwan_r2" { + ami = var.aws_ami_id_sdwan_router + instance_type = var.aws_ami_type_sdwan_router + key_name = var.aws_key_pair_name + availability_zone = var.aws_sdwan_az2 + user_data = file("cloud-init-sdwan-r2.user_data") + + network_interface { + device_index = 0 + network_interface_id = aws_network_interface.sdwan_r2_nic1.id + delete_on_termination = false + } + + network_interface { + device_index = 1 + network_interface_id = aws_network_interface.sdwan_r2_nic2.id + delete_on_termination = false + } + + network_interface { + device_index = 2 + network_interface_id = aws_network_interface.sdwan_r2_nic3.id + delete_on_termination = false + } + + tags = { + Name = "${var.bucket_prefix} SDWAN R2" + } + +} + + +# Allocate and assign public IP address to the mgmt interface for the SD-WAN Routers: + +resource "aws_eip" "sdwan_r1_nic1_eip_mgmt" { + vpc = true + network_interface = aws_network_interface.sdwan_r1_nic1.id + associate_with_private_ip = var.aws_sdwan_r1_nic1_private_ip + depends_on = [aws_instance.sdwan_r1] + tags = { + Name = "${var.bucket_prefix} SDWAN R1 Mgmt EIP" + } +} + +resource "aws_eip" "sdwan_r1_nic1_eip_vpn0" { + vpc = true + network_interface = aws_network_interface.sdwan_r1_nic2.id + associate_with_private_ip = var.aws_sdwan_r1_nic2_private_ip + depends_on = [aws_instance.sdwan_r1] + tags = { + Name = "${var.bucket_prefix} SDWAN R1 VPN0 EIP" + } +} + +resource "aws_eip" "sdwan_r2_nic1_eip_mgmt" { + vpc = true + network_interface = aws_network_interface.sdwan_r2_nic1.id + associate_with_private_ip = var.aws_sdwan_r2_nic1_private_ip + depends_on = [aws_instance.sdwan_r2] + tags = { + Name = "${var.bucket_prefix} SDWAN R2 Mgmt EIP" + } +} + +resource "aws_eip" "sdwan_r2_nic1_eip_vpn0" { + vpc = true + network_interface = aws_network_interface.sdwan_r2_nic2.id + associate_with_private_ip = var.aws_sdwan_r2_nic2_private_ip + depends_on = [aws_instance.sdwan_r2] + tags = { + Name = "${var.bucket_prefix} SDWAN R2 VPN0 EIP" + } +} + + +# Please note, that Terraform currently (Nov. 2021) does NOT support TGW Connect (GRE) attachments +# Details: https://github.com/hashicorp/terraform-provider-aws/pull/20780 +# Please connect SD-WAN VPC manually as Connect Attachment to TGW, use VPN Attachment instead or use other tools. +# Example for Terraform Repo for VPN attachment: https://github.com/terraform-aws-modules/terraform-aws-vpn-gateway/tree/v2.11.0/examples/complete-vpn-connection-transit-gateway + + +# Write Management IP of the Host 1 to CLI +output "r1_mgmt_ip" { + value = "${aws_instance.sdwan_r1.public_ip} Re-run 'terraform plan or apply' if you don't see the IP. To connect: ssh -i ec2-user@ " + depends_on = [aws_instance.sdwan_r1] +} +output "r2_mgmt_ip" { + value = "${aws_instance.sdwan_r2.public_ip} " + depends_on = [aws_instance.sdwan_r2] +} \ No newline at end of file diff --git a/05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/vars.tf b/05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/vars.tf new file mode 100644 index 0000000..b114d20 --- /dev/null +++ b/05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/vars.tf @@ -0,0 +1,91 @@ +# SD-WAN VPC - consists of two SD-WAN routers connected to SD-WAN Fabric and to AWS TGW + +variable "bucket_prefix" { # use this a prefix in descriptions of ressources, which will be prepended to the name of all ressources. Example "Demo Branch1 Subnet-1 Mgmt" + default = "SEC" +} + +variable "ssh_allow_cidr" { # allow ssh only from Cisco San Jose VPN Cluster + default = "128.107.0.0/16" +} + +variable "aws_sdwan_region" { + default = "us-west-2" +} + +variable "aws_sdwan_az1" { + default = "us-west-2c" +} + +variable "aws_sdwan_az2" { + default = "us-west-2b" +} + +variable "aws_ami_id_sdwan_router" { + default = "ami-087c4c3dcd724a5fd" # Cisco Cat8000v 17.6.1. Marketplace AMI for this region. Please change the AMI if you want to use a different region! +} + +variable "aws_ami_type_sdwan_router" { + default = "c5n.xlarge" # please keep in mind, that your AWS instance type needs to support at least 3 NICs. Going with 4 NICs here. +} + +variable "aws_sdwan_vpc_cidr" { + default = "10.71.0.0/16" +} + +variable "aws_sdwan_vpc_az1_subnet-1_cidr" { + default = "10.71.1.0/24" +} + +variable "aws_sdwan_vpc_az1_subnet-2_cidr" { + default = "10.71.2.0/24" +} + +variable "aws_sdwan_vpc_az1_subnet-3_cidr" { + default = "10.71.3.0/24" +} + +variable "aws_sdwan_vpc_az2_subnet-1_cidr" { + default = "10.71.11.0/24" +} + +variable "aws_sdwan_vpc_az2_subnet-2_cidr" { + default = "10.71.12.0/24" +} + +variable "aws_sdwan_vpc_az2_subnet-3_cidr" { + default = "10.71.13.0/24" +} + +variable "aws_sdwan_r1_nic1_private_ip" { + default = "10.71.1.11" +} + +variable "aws_sdwan_r1_nic2_private_ip" { + default = "10.71.2.11" +} + +variable "aws_sdwan_r1_nic3_private_ip" { + default = "10.71.3.11" +} + +variable "aws_sdwan_r2_nic1_private_ip" { + default = "10.71.11.11" +} + +variable "aws_sdwan_r2_nic2_private_ip" { + default = "10.71.12.11" +} + +variable "aws_sdwan_r2_nic3_private_ip" { + default = "10.71.13.11" +} + +variable "tgw_amazon_side_asn" { + default = "64522" # please make sure, that this is unique, we will use it as filter +} + + +# SSH Key File: +variable "aws_key_pair_name" { # Please change to your AWS pem ssh key file! It will NOT work with the default value "aws-key-20-3-setup" + default = "aws-key-20-3-setup" +} \ No newline at end of file diff --git a/README.md b/README.md index cd587da..ad237d0 100644 --- a/README.md +++ b/README.md @@ -21,10 +21,15 @@ This is implemented using Linux Traffic Control (tc) capabilities. Amazon Web Services (AWS) is used as Cloud Service Provider (CSP) to host both virtual branches. This can easily be changed to Azure or GCP by changing Terraform Providers and adjusting the code. CSP choice for branch hosting is not relevant for Cloud onRamp functionality and tests. +Centralized Firewall Inspection with SD-WAN is a very common design topic. It is implemented in the chapter 05. This section can be used standalone if you are interested only in this topic. +The implemented solution allows scalable north-south, east-west traffic inspection using Cisco FTDv virtual firewalls and AWS Gateway Load Balancer (GWLB) and shown below. +![Topology](img3-fw-and-sdwan.png) + Summary: - Terraform scripts from this project will create: * two branches with CSR1000v virtual routers and Linux hosts in different AWS regions * two cloud-based apps with webserver running on different ports + * shared services VPC with Cisco FTDv firewalls interacting with AWS GLWB. - Cisco Cloud onRamp automation used after initial Terraform deployment will create: * two Catalyst 8000v routers acting as cloud gateways * one AWS TGW per region @@ -44,6 +49,7 @@ Because we run BFD (Bidirectional Forwarding Detection) packets by default every * [Post-deployment fine tuning](#post-deployment-fine-tuning) * [Creating Branch2](#creating-branch2) * [Creating cloud-based Apps](#creating-cloud-based-apps) + * [Shared Services VPC with FTDv Firewall](#shared-services-vpc-with-ftdv-firewall) - [SD-WAN Cloud onRamp Configuration](#sd-wan-cloud-onramp-configuration) - [Authors](#authors) @@ -523,6 +529,22 @@ chmod +x install_thousandeyes.sh sudo ./install_thousandeyes.sh -b XXX-Token-XXX ``` +### Shared Services VPC with FTDv Firewall +The first two scripts will create two cloud Apps with Web Server running in two different Availability Zones (AZ). +The third script will create Shared Services VPC with two Cisco FTDv virtual firewall in two different AZs and AWS GWLB load-balancing traffic across two AZs. +The last script creates SD-WAN VPC with two Catalyst 8000v virtual SD-WAN routers running in two different AZs. + +Please note, that Terraform currently (Nov. 2021) does NOT support TGW Connect (GRE) attachments - see details [here](https://github.com/hashicorp/terraform-provider-aws/pull/20780) +You can connect SD-WAN VPC manually as Connect Attachment to TGW, use [VPN Attachment](https://github.com/terraform-aws-modules/terraform-aws-vpn-gateway/tree/v2.11.0/examples/complete-vpn-connection-transit-gateway) instead or use other tools. + +Simplified Packet From Host VPC to SD-WAN: Host VPC -> AWS TGW -> GWLB -> FTDv -> TGW -> SD-WAN +Returning traffic: SD-WAN -> AWS TGW -> GWLB -> FTDv -> TGW -> Host VPC +Please see detailed steps for the packet flow in [this AWS blog](https://aws.amazon.com/blogs/networking-and-content-delivery/centralized-inspection-architecture-with-aws-gateway-load-balancer-and-aws-transit-gateway/). + +GENEVE protocol is used for load balancing between GWLB and FTDv. FTDv software version 7.1 or later supports GENEVE protocol. + +Appliance mode is required for symmetric routing, it will be enabled for the Shared Services VPC attachment to AWS TGW. + ## SD-WAN Cloud onRamp Configuration diff --git a/img3-fw-and-sdwan.png b/img3-fw-and-sdwan.png new file mode 100644 index 0000000000000000000000000000000000000000..0eb4c5f20bd09d3b8f0f138f0c58b04bd5d6fa2a GIT binary patch literal 229549 zcmagF1ymi|vM!9fyR&fj;O;H z%NT3Wt9wep|z7(_iB3~+~}-`WTa3}MSs zTwGaJTpXnAWN&6^V+sZ)6Oo(>`%Y~hCv>8HKL#h2Ud>49Iakv5g&oAMD`QpTgMqONRH$tGG$Oj_EIT24>kKlCA!}i7%y~8cZx3^NG{JP{kKmr|c5 zSrgXSQicLaI@?=PVF}yU!1o{4Z_h8OKnE*IH z0`o4Y{GrWE_MxkYv^^P|?s2fSA)?rKU|{pO=Tpv25R|CA_=a9=Zz-ib5W81&$-=@M zxVvlFIcobou?*!Y^&r6duneV!bDR)f5``txb9&HeJ!>lAdmf`q5|PGhUN5Jg>_m;YnreT{!HU5c3`{jFSbO`6(hg3@WJOq|L?h<5|KUj-|lU8J)__2pNs6cTJc z;vUt9!blm@XK%;&)vJzx;S~;3zXQ!)jf!N%{GjA^=dXvmQR!2>rsu;89^SA1`)PQl zZ4xI%OY({6U!r%-q3E7#GHJK9d7XHQW~FFX4GCx{jUq+gpg};RL6WRN(#e3o2SE;k z6W>9i$AiOP#6iYyQtq-O$8iq~Co+DDgc9S;idYg6%3|7C7|Y{d;O7Hl_06G)8{}W; z6%4URE%KQ^25Z74Q|hXVGlmd3R0As}{pv$)PjfmvWLF{fnPXo(?$rPcy%<6<7ZS-I zz6z?L6TJ!I?HVG42ppU=pDb7u816m|=DrF1Af&Yj87+)XCyFx4O#oyr3=#N%2nP@N zxIf|=!X8XxC*%)Am`-_CC?S7zxIhOq=sYpLcrp{1d68H&$cs>jTvl2PIsZg5aLQ0D zWs*7^`cS!CCkx?sh|f^%BU`=2SG4j8h_y8L4Pt-)FR~yGw(r4gAeQec_yX> zX5Q260Nw`A9K^8R=(V1D#)^~=apFSE#MqSphykmHt*S7$z8#?@V3A#2MdLD1e}PYe)(=l zizgV3+z;8)-)jt&MwKR}K=&14Dx5d2IRwAcyVI!pO&RnIGGVl0=U2m2V{U_61H!7~ zIT9OTH@vW({WTj0y(R}DSegOs4YzfaO{L9>O&EuqGs-ry6?D?@x4lv4_jjsKWKVQY zu1_3KaH25=QfHuGOpjpG;IZJKV6JY?ZZN~(Vx>CJNA&y%%U;f2b|b-afpfBR;s^gG>7pCk&V3)m-BCM8u#_c`7N*(jPNd>TZ!pmySH&hn0XiWU2krsho-fyHZzS(xIK za*=i+8}iMls9R&bq)fF$*;2K+;zBz)*Xrx=yAK7QOSQj!)V=d!czZN}b=8I4hV{_t5`n?QS9yINbmp1w}W>UvW7jWa<;is+&Ozf`N@BfGdC zj5Ca1{{#LtN5#Zlv7p+bW=7?Qg5_Kv`Nt@f4>Te)AIwXYYR4%))K%1OB7!pD(ol)VqrgfrYfP$yIOPA7#+Ux)q8)~w^rs+QN1 zx^l^;e=I7SG%cUits}PJWXVqCrv9Ax85VsN9TZ|I}hO)Xg%aD2_twNpS>Vt;R@(*PpGuSh;HU@;6gb8CL8QJgC-k;R=*3z3VS5qyr z+dA7E+B_avxEZ?LyN$V3nrDnFWwyJz?H<|RFyG+cz#fzGSnve%Z1LCewz<~1ZSiUF zthnUyK=YM5Svh{(wAmbWUpe%i4LM++HO-O_8`0F{)-17ZKg`W2(WzOqYve~#l!7vb z+|1+eU!L$ueuTfBAgLg6iZdqh^H})!)r;i9TWG)t#c#Ze_gSxBkErrluYJYk)Z~=3 z&C4g+n@1>F=&iS+w`YfX$3&XO=$jqG9cy7P;S&A)Rp}I1Yv|Ht(rwZ${jF8(Ty!){ zWs)S8o`-}RAEvfDPcnJwJ4uL z>&HTNLr0gnZr25BJvThZ)wW&M6R?4 z;&u90JA1HfDQuBxv0Bq}1#=5?agHyJRF3WEwVRr~`m#S1(WvSuH!zGbOEJQ5p%~|? z4M0OwC9L~5Vo@RTxO& zOxzt=94FlJI+wqjP;FP0SIt3egIa_N5+gM%IZF zzleNyDshf#AoUvyHcNZU=*Rg7(+MX?XFuIoz3~q#3Fb+S)Rp$o&V4V*KZcW%iAxnU zu*(Rvi0fL+kR25tKI>l|U&>#sR>tToYUJuywdB6G=AIrPs3R1HxX*Z2EZzz}c>TQn zaF{i7s{L9XuIbV|*U?nx;R5O2vmJv%IKmZcE4Tcse%|$Rg=vmygQ>Cc!KR!}g=L6o zf0fH!XUgs2Chz#vopHsn4)<+p6}IqGEA%wo2R{nPgnWzIPjd8>aBggyY^UxxJ!|FY zYOiQA)~wyQups_1jBB>bHL|6vM>ecA?vB*5q_KQ;Rm7TB2qBg}w&RZOzG!hkEY6k4 zoT&13{%ChO=2w3nb+P69DdpO#=0>V7g+-hN_4#A9<>$Dq`rqE-Wfk+3xH?_ZZIlG6 z85cRfMQxN{(9c58+&|S?I$yJSn$OtX$vNaB{rIvG(uru!pPp63^6`U! zsQ<$J=;M;RMz?Lb&(ULEKS7+6gNHW$A>mAsN2E|8S@SiB*Db&nqzZNlJ6n!Za(C*#}lnl{~V*6X^ zgBfW+qJ>%{wGXn2r$vu$vePZ#b}A_ipR;@_nH=jUJX+%Su;gNFnZt`4h%fZ5)2Bs0tY?>zy}NrGBFek7Wj_=d?a!q{(1`InhW{Y zHAMaIhN5cXva-N`HDf1JQ#)r1dzXmbJ^^5;S<81?E?SBTe8%>+%!VfRMyAXjwhq6$ zfC+f;0hhL>E`}fvTN^uPJ`X|iKP~ux>)*Fo$U%RaxL6C4Ybh#&#O<9-L0rtN%&g=> z2p|whz{$jnPgO$d-`#<4g5(x1E)IMwEbi{^%3?KUMnpp^QA1Qp{7n1*678=J0aVZd|FitZQfrmp zUl91$D#Q5e$^RZNNf6@tV0y&D*d-%~+?5?P8TvmBVTB42+d0%wCMc*PAM)3n;L;mS zh2p)dI3=6PKUM!H@$2Eh!-=GKp6+*Z%!ZQ&MsfAM-$#AS{fh9nE*#;?s=5(&1}RWE zuMb%wb2r0@6Zjm%EpvXqO{ciQN}H$I-PyX?MsLK*O1DOi#|HdVm0?e`LWWI^Y`@!N zjBVrcOf-ogAH{tzJf^}#wjjq1)iNHZRg&fOH+88CF588)3E@`(WBtS!7-WJpnjCL- ziv1Cm?>2lcd-2sQ`~95(kYi+FM2QJ)K94tM4_Ev6kBN3|m*f2Svb>F6C(Y*l9R-9% zIle9XGvzu`7l76U{zr0v8mfj?J%ukf)t(s}idvmxk|BFX#8k=0+;V2f4$F?3Vfi43Kmg;%PnR}k)Zu1W{LsvPY(b=g0BpC zvcxIb4a?M}*@^7rUfn<6u8Kp&^6m^ed|>#ywaBrU!P8x3Wh96aWbny$S<`H>)n#@b<}^`)US_FAXku6 z)vxvWQ;8Hl6nLip*vo%=X+VuQX#CiAp0g&DU~8!&;#bKR%v`I#+9sg|==(i$Qo4fN zQ?!iWbr$nz`KiiuB@zENn!m;Pw>1`o`Pa?_%%PWjBB`L4{r4-2G=u!HnVB^_XIgiK zY)f%%7;6^kQfIyq|Lz^YE(T)O^3hdZV7IFI{2#CQm*0yJOM$7!zTJ6xx}4YnRL`zf zBxLR7bM;gD*ZNAS^$X=qzg)h;=Wq!*^@E%eWJVP`P99^Bk( zp8o%Pd;njlzp(Huy1?jG@_#lPS6J}uM(XVo5k8QlX`Wo9$Hn zh7r%popivk+xAGXtR?vjyP>9P%_s5>W6X&DZTl|nE4B~cceA~A6jR@H{bl8EJf&Iy zpD+=`MJ9Mt)wS@U(=FwyF-^$)-8W=FMf7By&vf*Cdb2;B4!XGzNM6IXVj+{9@a@T`#UX8baaJ1+UP-cJ2AVUbAl&ntXIB6F*EFTKC8@+n9Kh=XoAr;LU zFNnrZn<;q~{KG;L?j3vpPxt!*C4mB^pO}8{y#7)?T);vk7!Ztx|B4{bv;A!}B2WQ# z%Po>O7HWSfb{f62n?h05yekk|lJj6z-;ar2zd_;q(?t~BSEk+|8MQr4w&PsnzEQVb zU8PK(pD#pRJ^aD7d$P6m^zy$4S))KJIy#TD{_r2kvf!G`+jLs=!hbo+SkV1#(SKAU z7Y+6jPezEttZVTh=6;4my}U&WB41Y~>-G86Pdx-g;ioQ>wI{76)dkN*)D>hcSmp+7 zHA$e<#Q$jaFPpib0IAXlOUaS_bBb@lU^5KyINzUdbhO5`t;?}1tPAbP!J0RXsHewB zc21Lxq)m+q=2X%>EdEFUtjizU&vgKfE3DXbr+>~AAOXjtX`;0!0j*kOJP`X;G79Gg zZIM&->Zo=?C{$k&(Z_Em-Q21Lzu~3zw1eN8zvFHLvB&=9>7HwhB2K_a&+qxVY#-O1 zfw(VrnD5Q-16VMn@akvf>ipq{q!P!!gbD663ig-D>f19ZEd}mjg>{DD>S@t!ZdBx! zK!v;g>zzbkAmVw1pU%WXO_ihq4InY{)rypUE-x@ULlNE2w0Sx&s=~3!WY6k(jWHJ~ zq#JcSUC4VyzfsKK;*1WXO3}(2_0ssfL+AF6x+0P|IU=m#9}a~eEmEMgo<T^!BqlFliCqE+peLM${qXXE0(qZ^N z+b-~yRUQ;z=~G|CVW)CMA+3|AzA6%49#(#5Udb)K3HO7OXM3O^)klxfboexASgbDh|6Pxj zd9u33P)fnfk>*jcw(~axyJ910Y^3+|rf|^`stNvK4Kv)bG)$v8!m9#TKg3~hXO0)@ zIRw3K^lWtBN`c=_1UP@+KaKi2+wj+F6u^c5l8sE7{3p5#_>OL|+R>gaOVkWi*i~pNj zW|3sMLc}y%)bKj~Y>nxNr212PXht=u-_y`&)?>u|)~B~fCv(29&+Z(q2k$t{$60B z6GXmu>l!L)?m%BYblwx|Ng8Hg~LQ&c<$bI){VGxvuMv<7uBYf?$0~o z_i~xDQ=A{m4om7?l|!}rkRK;x#lzC8CT6HvycQYbZFl4L<-U}o-AG!UW}!a6qL0_@ z-7$}Nq2>1147=ahDx>xcm|!NFz_qpc@uZb00sN=)w7MoV!sQC@<#b<=Jacow{=)UI zDr-X9I+do1Qg9k*WtsbVoqRr-bn$DXsS>r{ZB_Uku>NHN3S0Ecyol` zD!e#;yXv>f*tq1x1;*J6F`Q#_vHJSLO^MR+a8OD><_aQ%OKBhHJ2bI2>-S9}kH-;y zzWS8@#!{8M8!8V9kw6A_u;TZggu%B~+lwJ@f~H>=R#V;Lxe-A#YL;PZ7K%)07Eu`; z3Pq@?=UJG=_5ygA4tY3!GnyE!BkgSzOGgzOMO8zf|FC4;XeRFzJuNRylJxU(t9zVA zx&@&%F>4<3Hhm8wCYl@8(u$VP&G$PQjMW^LlRZ0t zwV^PAW*95`Q<^xJ7Wn~_+t7aJO#pYM2m0fSzo?;V{CH=+>J^v&(}Hpd&^qO4ltPj4 zRg)Gu86}_h5^fdg;LTq%|M|hu@ddCNdXhk;vjk6pu7ltL* zuk00@Eg1aY#xs+wP6pv=G7b7;2yvHkzBg`N1C~eXy!Rzc!`Ozjp-iKeuDZ(aZ~LZ&$p`Ux_C#LjE&3@+Qz^8r%(j+X~(`IY$D<|fah z>VeUzx5BnehM>rC!CPJ7)(-&*X zvQ*7b{2jb214wpxYxjY3sodDOtRYdO>}9P9WlJw&q*(G2Tb1nk*O|wSVwNpy`I=C5Q zpE*Z93xD)~6q*sW@3{X;g=>j;`|!bid5p-h7u}6mGZR3vmbEAKvwB}u@~^v%vOP8& z`6B{|y^enN+f;SItXDT-FOBia$6+d2(Zo|a`y zilYjSj%GjW87#X*rL%2fL&E4zlxy3XGq)bqu*T^as`db3hkdr!$@|CX?T?$h{nr2z zwPi9}OI7TA=s^{(3wtYYPHBD5=eQxk;d!yOHh3n9ogyAs5zJm)@ z=uY{p&AV3!)-$%e?PAz$(YCRk`5pJXiCXHL-Nc9VD>mB&zatJJq-OW>Mm=NxX5&?# z+xqI$8tjWsNK9mn+7YJ4HXpN3uj^r?H8Wk&+^pa|$lNwoH_Ps%wXZL*?`k5yqB`%6 zBai=#GvqYzn^NQsU2F^TPhinf6h7;O+?hAesXpb_qGca{Ige8x)6lWCJhWPFah-|a z2VliggYDw{Ezx(B@;||e6Bz*RaQXQDaWsRVUH~k>C;?7~J4+u=UfFgLseZCHjLdCG ztK|@cL!%Wjnk~3U->w{a=lOD7=@;@|IWpHnbU!rr$YVFly{y~z`Fa+0s;|7xYI>NS zmv*xYmb7k5R+sNa@ae2)MiEtm0az-}29xSX_->z0aM-ygmX13knFEo@TpKYm_i^6c z-W^wdezzlw&0~SvC1(v494c33xIp}hr3N5i0V#>izLOz7C>rNKY3k{>3QQt+V-aty z5yKP}K`hBgnUq3{p`x+lL>FF@!=vK&a$ltQ80W{R>N2BMbouTHaE}ZWVm>Ijd3Bo% z6~0|e#UL_0Sx31FkWVW^B`WJ~QK@mJ>>> z(1QixB^`yDNsu)m6|)_*BTcwi@<)}gToyk-i7jV}SXp&Usq#I#g-)mmzZfB8%VjsU zBM23-mZN2jj(dmdETF5@M^jb9sgCM7fY^H{E<6@IZ@! zuvOT>eE>#M><#dzXzeezz7^>|)-FMELu-ui!Ye?8l8Yl*F3-^V{=wj`pRh8can*MO zkYHSU^Wl^yUahi&ucsl%sWa$?S1f&3=+RphmVG~xp`vQDr!vad`}tZEhhyXNjdeq{ zPxe4Faj?tAi(*!E##cpdj1o+*lzJc{3$OtI*idNn&Hojhqk@}NNkNl?nffUr$U$L= zYI%xe=lY8%W92GHRxdU???zK6!X|DWH?B5#E{R^`h6~@!8TasjJwM(ynm}&nd5HW3 z2M@^GYB{VJNozkGc9c)@d_1a+bF~kJM#5op4D5#LV|N-P3+tsCYDP7^J1DKR!}g~I zM}G)?q`@-15{@v!2zdsg9qVK<6+}oZSK8evEXFjD!|%|hN^9JhS0+=P;CL9DA7Puo z1iC4IZ&>mGEhplrGvnZsGq~ummiYWAl5M|)kSM;K{!myTVF-h9 zqIJZ}<7T2$bA@tro{VHd^aW0Io)dtc2^fEZjA&7*D1*^&!G=SMi3L2W#wKihCnZex zetfxU$=AC$+tl7#SSOI){|r;oUEkYITS5Ah%d+(e&0!+RNPA}x=|W6b0y=OlQJ%SB zb9|WvgjdC7X!9L7&fILKV6w@UR>P3+3FME~c4EBV6o5_e3~$aBt5ERYfL!qob-hyc zebe829oHXU?;cz)_8TWz8v>`%wY&KT_lW@;_+pL>Wz^~|=H@L79hzH&3iEKX6BXT5 zrQ#y<3B)k~#@J6eDLUHPww?FS#L(PwP+P~xwq0QgRJBA$9#TAdT_2dDs;vNKf`|70 zaGq<;DcK9_);Syga>s|Hi9QQ0yVAyzY=nSIcObFn=SN=dCTE}1c6VETx}1*5FldV-G+=m!zP4t%v)S| zsT>e_geYeYXDiL43K@NsmRfXLp5rwDNt=nK4c-!K!Crdjwi`&b2|vKIO@9&hlBYh8 z-9UWSa~diP^txfG-kg71>iP#75CJ%QL;0uB?=OF6Gs)J-{Jr9NN-PF$W|25ao7Tf^ z$#FnJ(ynPev`gWH-!{AWkzUg-FAzZ{7?D`tK{OSaM)(8WY$*mm0yO3DH%hUV0?SWH zniiiqCIqGu8AqE|>{^d6%%lT`?zTVrZz+l$pjAdV4k|dy;06nE=sE5Wq`7wsg$oU; zhJzR#K=x18sdbtkT$8hyPODmhAfVheh5=SA>?4_TvDemM!cN_k(g?`SLf8^5ys37a zZ$xjFHYELdoTvALAwe(7ElN_>HWB}@VUg)aI1z<2BC#gFyt-THiz>fY1oEI=*~^_V z$nHGN&=9=Y-XywDzQo6Agdbq zTfPOSVY;F;<5*rUO1V8kO5W#Or4z@^fjCr})=XE8+qIV~zpnOMdFP*!&o<{vrJl@; ziITk&YhAOU!Q((`(6EYRQyLR@d4E zf;HwK^-|Xx+l60dUG?dQko#mVY4}m>Aud{%@j3JNv`Wf(xo48qqt!)0cTi}&*pZpF zOtL|oqM7mu7KG_kW6>67!$!+!G{8PnsjkPih;1Dz25kgogh-^j1Z~DJg<8g%dBHE+ zTsQ4LmPq-w+Oq1RJCTllUZ&TgMb&oT{r<1MITc!Al{+zCYHY@#s*eG*RMcY30l9`V zT>G0F5^P-fl_z0~oJqmD12Kf$4fjps4(@wfB}LgaY;sLFWFn5|nCdg^zUlCOld?4P zk1#kW?#r&J4BZ%w@shM15vc*CbmJ^1Q78guB3`6x9l-{4Nuj`bvLETd;)LUBnN-d` zj0r9yfAR9I*!=K|zfw-}>oFm_#eQpik?_!8XXEr;Q(qGqMmRn+=ym1BN zsyYxUK!ImFi5Wi_Wf|0fJOB#q#EB-utBLSx+?zek>r`JPPYk`P+f0;yfSqGfB@Wz& z#?>_lPv3}QgE|3 z`3j+D24?gcFiqxxKSbY$Mr9Nm6m}_SVy(~yO~wP>HLA?aCIU+Krh=<5)bqJkw`TI6 zR{0V*!m?_FV2ZG@!JWHCZyw>iip#z7trT?|iyxs+*cfIKMUs5eHN&=HNUr5eri7)8 zHy#|ea9kV*#|xPW(UAWJ{sxq!UdJ4MJct%1-3M8AK3_VntjKJ#K=$Tgi@-f{zASwLimS4{P04kfw-h z9UA=X_JWuQZo0)`cZj3H(c-1QU^*gUhDG7QcrnQ8ZqxpS=7H`7c)l$eWtD6~3Wbt#Ch2jdn zLedJv8;3k41+gwNjr+OA9^r@G(Tb<9K{dW<>%^gGgYqMS!jno%KVY~z8XqJ@z%>iy z=)vwo5;jZ8?=8@8`+*6SNyV)8ZE`|pdg0HUCLsSnVoeE^E_DThKqKB%_9#A(rgF+% z;33{kKI?elph3gQ^{hTAJx-H8pFE`5qS2S2nx4KlqLwa~W89DG>Yl`XM?mGUObnl! zRtu7cj2RArgfb)JjoA!_SASuC46O+di@@#N#3ei;ru4=ck?3$&eXOla%6A?r9mN&{ zhOjx6SewoeR2OhKxK670$tAn_fOpeTn**S6?6gNo9bc3zaxdJq~)?35P$sDzmc-HT1 zhPt1VLO79e+Sj@TC;V2LcIhStxomHcF8j)P4%OX-HYb~WI-pPEgkQGY7B4Tm5n1LM zl)3E;F5y?B;)S&cFQda4yFc>Kw~-#Vp8Eb=#$Qx0`yxPH23o>Iq;kFEf`#non!u+X zIkOp}1~y>p2Jr=!KNiLgF`t8{&a4gn?~=k7xHTGl;R7XQ0+WYJSLqrS$D#m2wHT|E~lj8J?>CAxleU56teuOEehT_u&F>tL$a|9D+`_MV6-FkP()Zar*+Tq!N& z5RqjoX$a|;(bCPGspX%V5Sk=t+zNu~opvBQ?5#|567SNjGRfnxy4gw|o@jN|%fq3$ zElLV3t$?yv?x_EjNY_H4JZ=VT6qpRrAeq@_-rlxePO0E~h7l+K$2U*{a#S1McXDf^aPo`*fXv8*(Ae%#R! zEBs(yC(zF$$BuhxSwF3TXcj_hG9ZM*KnjZ~QKivkN?>Q5>2k6(Ph#BaxYmNy=%!_j zju==6RDF<*<=MOl*wF)&T^;kZ-d>P&Y4u4G1f$tTX4sD3o9J>#IVV&!puc}n?j@(C zNN8O7I709G-W|uXY!{;nB!#j;jo>J}w@`0gVUq#{gDZWqrI5J>x@FL}N^H7XR7sr; zlBaWBZ*iGbs_6EtSm!#tnraP^^Y|{v(tedkJQCe^+-Og%yV@*Q%G0nOs>mce!Estz z`9i2QqORp*gbXnsAfgP!ma;1sDf+(9*2%Cck;;AzTw8o*9MUg&`_E3b#G66^l2JJ` zEN)$aIbz%i0GQJ;K(4i&sq^h9Z?HmNDzdAV7zXMbDG3A9ea(U4j*Gs&jVILEKgKy{ z2D2J`pQ*ax@s@gYn@N4H9QR`5+ylQVW`qpr3ObIIH`-aQCh(kU8E#ZC(fZ?*;|Mahic`bPT}P)~lSM%@N*;1IZsfrM}#eqQXD*0eA?tbTWC) z=zgA1yqGhF-0T8mowQPIv~rFb7VT1$Mdzh`qTv}mV);*aG;CD|Gi9)dks8XOOf)F8OE4sleipyn-#nPY zm45QkbBRy>HYz3FdT~4MYXnQwsR-PW&2g-f3;&w`k_KIc#yG4g1-6EL@*=cnbuY$J zDFbOOK82q=b2^J{U1sDlkcJ)3rn&9-*iLJ|QJoC1^^zA~3c@&{t(@Lyx1-S0K<0_?)_9yB?O_Ry*zwIFx z3P`-rffv*NA>Sw?L5zy@?^d&TXXY}BfG523p5?qdlVsa411urPC9P4q@7^HpWTG*~ z=?9JL6IV;yXf833wqLB1hogKLA7QJl^4UhKl}@i7MzSAdNlI7?VGoaM1v2!*7^3*l zR^q=)Ey`hN{$=YOgK=KuI1G+rN2pjNv{K%h$)lYEEg_@``R=PevjW6T?vAxpDzTd> z!|&UAlRpd!JuT;Z*`!$}F_LsvLK{CMXS<3u)P{M_}%Y{s)^lPmv$Tkyd>GS<8ya~!DV-SO-^%sc! zh$vn-mIZkS_ujsUjRmG;WzyYPFN8EV#=u`u)`Y!E?>72%-o!LmlYr-V*e-tzE5q!s z%6wc4;&mI{fcdFN8-6J2;-sPbS@+T7q?x@+#B~*pp}fwh!Uli9gXF_Vr{*EFHKlO?NfEL!->9-E2*ni2eC$KWbs+_cZ@170{4 zi`67O5T7HWcXRwim8=gwAA}uX1KPd;cmqW@IpWv9qeQ+yu#^7G+$ATWUdMD5xDxT` z^!|WSWV5mhr=jRWqb1+o=4MCVWkOD?t#7 zBB+e~6M#4;o_Hm$dDHaO#2v}Y$hc#@q6+n@=E zmBzt|deP4NNc^Y%7HvvfEbf~^vUtlY$h_p12o)?JbB2cOrbo=(3`d~sVx&_3;td#B z=FkmsXX_(SPc^QTJ<$h{in9Y#f9t)mH*Y|=t45lgeh1ZT3`3B0$RqNGOq};UZ->LW zyZ6vkgXRIY6-LUC`wb+R)nunlzyDu2GWsG&vZzeB&9e|t=Yz1^& zb+1rLgMHh1i;sC=o7f)1$;LvXa2FCW-zaOfnv}4l*G)9ed<%XP*bVpe2wV_y~?oY0Z3~QOYT6qNbP9tBHvL2gE!Sq z>+H@>(T2+NMR!#O$Gk8o51I-kurw!uLK>$)LPRBEaudj~q6mTPtG8Jn31?C5+)9^A zgvpe@!sYh%ylsCpV3{)e_TDrU>{h-EPZ-G5cKVDJChK}k>h@#d#L(h`x)Ok#_xnUh zDuR?)6+<(+VfKsMB}FymUmOwO49E)sx$)xQISpq5$9P)!XVIef!Y+Ht&i(l2Cgm{l zZ?Rb6Dg;W^Hp=j<0)Iu^G|$bc7{ry<>ZYi-6|E7B;hqF-h3F0z)&>7CiDr+jk_l}y zB!`{Rg=2m%9YbJ>-KS-PP7`?xUIcY>$mo_eM4<&Qy5B8B0Y(4t66nH&q_&GSCD%O9rI^-|Q1is{{@pnJ(XB?8pm3XZkp zZ2&*W*=kwz*c@I}RiHKK#@!^oZ~&s!7$%M(r6tprTN>^NM%j+nm)jA_pUE9k({N7?iGLP$q41sHl+$84h+?kEnRsx+H1mdl_Z~Mn(18sUeD{8v(f4U9~K7#Rw3v_?CGLQogB&v5`tEkay!bOqWKx8pKkqm zbGm*7z_X>4oj&GCRU&L&zl%y~WN2^3v+yJY5iH>d8Hss!5QlY7N)#B+jHg9%#XF59 zmCO7IflRd2xe{T+f)xW{&(}G2=WPlzgxcYKRLV)JR9z$EhdWOP@Syr#Meb#jM`@%a z)p!Npte@9S=UCh)dH0h`u@niB)srQ18JYZ4SboiLWHPAzObDE1I%tdm)pgwj(VLmh zjK8Y1La&0W{NKo_{pMdTDlOr%lfjU6KwSR_4MO3gHFvE`j$nVP65>1W#Y8?Q0D&Ck z4;c{X!tp>?_~f&6)y^7dM3l?O+)D=7N3^(`!OyyoquH=tOBTdHGQd%`w2mc~GMdm` z{hLI(H5RxowNspVrc=yCv?FHYQ>dthQ;gWgcqZ?N@Vm2*`BI0WY?@8>7f15sO(ja= zO=gKR?`?c~`5js;2dq8gjTK}+9F_*&H?XTL@lJ-mU$^_(Bp+APrHQ7Y9I$ zB9@!^n_8@7p6^xkmze+;2M4P;fhiX$EK0IM&i)uy5S;2stopSUm!|?~wR8Y|l z$_&iim{*Alu)jpiL(xG*G)@RT21CgVbUHB*I0#fc6+Gf;MjK+a^omFnXV^Y;*QY3Y z&~!tu(-mbJ`L%stvrDzc3#3<44pt+LJS#xhx19Q#e!e-NgMruGN>un*Mu%l1x_j~f=pA12Mef+fWw=P$Db`gs z{CYnOR;?~5P3~$nLMzvp)%2}v*#D4_%8j`T8&l5i(pK40rUUroPYg zD8Ngg_Z{Rm=me`BAo03;Z?lx3l*Jb^?2M(0c1BC09E<)gJBKA+h<0Cw!|TSTHMURW zi?!eHcST;r{C0W@Jl0A%-lYh0b2Q3djfFG0vf+3}z)P9P6L%kns(J;ZU$VaS98%gNOM9|^g9o8UIzVvz#_hOjQm z+_+@>tS7GOmSDjJ2nRpE6@GqWo@@{&$#^Td!l_+nk!sO~r-yHCAP|!^u%o3r~98q)jdaqXA2sn|11jRf{>-EZD+D_m4fNtP4Z5$_PH9$A}AxEe^$Ufbx?C`C255K`cY*wIF8u#Mu5KxLB zZz8RF}7;!LztsyFP~Az^UfrhWiP*YVvTg(Vi+XyFuha++-(Fqr9Qk zkx%v&pp!vsWJ#O#HadBpwmEy>*|)17$_B{O>tEGPEm~OD;54xsU9R^4aUTa)FxQ93#qkH9N$Ah&<>)tl? z>eMCu+!xcD`q-KBx)C#|a5sp^m>{Y@Ww(E@Nag&&NQv9<$lKmLh`P;(A)*M)d7}4* z5RmT3Vq4HIEHf%CZ7Rbc#CUJC>RlS|SH<4*LzD!OgCg$OJZk7(RX{CqAK_x0oFBpQ zMcPP$@#jMl`QjC56;$YV$Xy+v7&JvS_|Gs22 z0}nPlsuv78j!xf`eyiK;o%F@qsdh%DXFxs?Pwpzmxf2!yrOC{`_nTcJw6v)^mD}4* zMJDX9)stO4TAv~@$tT?eU%9N~oV7!4mq$mczrL|bJb)Fd!CD66U4qso!qW)mw zE+}O>o&qq(+Hy#ST~)=lwfnG|_y>S_2G4&E=^oyJjWmIgv^61c8QllI;q>}^JF$mj z2a|pW7TZL=<$2WF;~G&N9B3mizR|C?)FhwJoUBp{=V0H9ya+_B<^y{)B!4ChW2Q z={`q?1!26;rNL=(>1{>?s#`bwfDUdP@T(P92UG#BwA{K>*W?(ggYJ;;3$h*x1Y0Bs zI7^6RNZ%g4$SO{?uuzG3XwSYmM7HNRPw)aHt|Kp=lOE664^?Zsofl4K2J5b=?Kv$% zYf>rpC93cR=q3~s@Y$U4y8u_e)z$bB;Ict!h%p`C6st5Yn#0&}k>Qek1I}=6YxvQo z*Q=>!n82J;05DY2Bi4mxla43u@Xl1U6iF{hlXBXi$fvIXje2KIh-l}17)HJlTcX*vhB!Lle zXWkqcWaXKG{;0@UQ;yxE99XDuwVh;Kd3Jsq7t<*|Z9jG~2ch*H`$hzf1JiHfNoXxP zF*8A2cL^k_4!??3@R?~Zrq!o6N1uv5)PCRKCP;$Wdh=sYawtj9Rz7KA@!e7si zi>u(l=dwvdhC4R9PJl7Rk+V*T=WSBR9rLbo^vMK%f}`WhE_sAIwho)Zjh1~U{D%CYDke1 zkPZ<^1wjePpyj08vZ?=@4W9h-~a!YT<5wt=OFX!XYaMwy4QW*s}C3J zURTUbtH7I)m$R~a5r=QI6FPE#e5sFp(GW(k&L*f-@3HRST)(dDdqJ*1*=M!5&cxXq zPRdB8IVmw^G9X}k^BpYwbC)j1(wj(oX9n*K8Z!^Lqj22)-^lsKUv!(O*fZ==)R>u= zP}Q$2Y05p`8UJffQH~fVvRjn1E%tPCPUp|Uv&|Aa&Ti&#%)vrC1^NwL5Eq{V=iK^A zt_OJ*HjcL7MCTVg(2UQ0rJmnSr=5Ko-Q%SQp~aPxoU{ONvNlo*72qEW-+R~|ASV}qecRwm*tUFf5biU*w<$y zDz0VE{MnUyEX^8BjAB};7gQXaqUi#{Z%7YWTQxrJ-0nBVTIuamp$sS?vphW(jyis} z*LT3@T9LHg@Tku=SK$%tZkC5@a0Lbr4zD~lZc9mq_RskW?2cj3Aar?tgmSXu&i>r8 zPq0Ef%AZb(<<{!`K*#La$)3a_Y^J>$voAFt5(2`xRZlI`!9g&y@Lh%v3R(7ex@Fd* zqI*KFg9^=0V5hPq5_K!drp0scS_ZQ`|2QVQx=Y~jFsxfTwU!JmC8Ia`tFP{jr6bNB z8}#yaVil+6#S!soL^a8%2=bi8_GY{Epj4tSgl4)A5T@sd#Gkn^F%GKqDz-$OJ*0fu zF4SC6?R%uzF?rK2-6E-jb36TZ8a`nt0V_oKo6n_=5yJZxufr2Yf`unB?{W_Jzq%sE z$^tCtc*~#LdP)0tn(-zRLL^ZcElH%;U&fPk@Z7LFI~n9idED1Qc)b&kz$*vzM+i3V zje5j}sEKGHy=Zukdz>aWZO6+NMw8ge`)|0MBiT>t_PVe*rp+GttQbh#Cv|;5N_)3k zE5gl2aDa=DO^U!9rl%0ITnSq+>8Sq5@_{p4sP299OCk8Wg!A;Xvl&V+?uv?Gy@@rw zHA!kN_UZOXh~DqAHWJbuW@%gg1<)P6`FU#Au!rKMR9xSk_6*Zn8E50B0PK@^R=$%9 zK?vtLfiqs7j+Oj}7ZI2TZa{Br)h>Q9X54wr45 zw|z6SdiSw20}Te)e7rb#^Wpco`D-*i0-2{?-T$3x(D^1jMVfL6e&_9U-if(ui@+Tq zk7(b6-}2jS`SyUe^5d>triLq>+u?}O6e}l2dINb1E}MJlqsA@vJ=Lhk`b!LRp%y|NQsTQ%-FD|dJCawJNLFhkwNu^*7rXFIXpv2hJpx6^kOUK$`~B!^J= zL6*t88M^5c<+}lHLRlkd^rb3}tQ6my4{r?5iX~HEik6Ko>Q1MK(;6n8k#*hTk`6xt zKSN4H^=;?-;1^3(pR6E^?Tw=XbaZ02T5zSe;ub_9V!^jb66}HE2$5JdycPiutq3Aj znlnM@DO6=ELn3@hT#40R%D%;GHxAF)`|`Rf);`u9WuwKMT{{U8@c&5Yq@n=5=$T4zwi*?Gg z*xyqR{!oskHIANy`PhfF$rwq_cDOBM@VHEu%Xj&t_f6$c$S-b`YMhCOpWir$cl)eh zMRsw1aA(r_7QEe}z#|2|*r`7BbgFcGaPTreVOl#n`YsAB<%%^JR?q@m5B5>2x0(Ds zr{Kn<=uBJkr|A2T%vW2!^I^Gbas^b`)ltXSF>y?4ohN!T7?GyFha+Pc8d(J1y%1@n z<L zdcObUOls$|QqG#)1V zPpl~kzdP<-7JrJT;uz1UbT0}broe5&&UiCN?k6Tn-wmH%hY6=l^+O5XomnW?ZuWaX zbD9ir{VrN8uo1PpFu#1f^h!JDo*Y;3ln|_x8S?D%1iq5w&{Ox~d>%9Gl?$aha=ec{ zK4E|l`?BCB#TyRonjpJUU=;C}7l2j7jR#l)gY29K^dCY#7Q$bCV`fBrKNgqQ=@!%w zj+A|5=^3WMXsbn0gctojf4I|~ayz63JR7GAR=UzHMtil0Ah+!Y%uxj}f;*>Om5hB0 z@-L4Hz=60cn(qUX7=GP;-w8JR^GnWJ2_)vDr(!LLPW(;sto@>tdM+RAmF6jW0^BjYT^xWogn0FKg<y#e>-Q3|@#3B)!=~El9_{+7AH$fasl)+F4BN9A!W$S5-$owM& z*13nF>Gl1N6pnO7E0>g3tMd30BJ`i(uQzrxA0~|{ZRmF@`u+hk*;HOIz0)eoGX^Za z8QU##p$?-gtCBbRXv(WVK`A|{_hn-pzRYB`d`t_Jc0QSGTnM8xsdYj+H~jnGJFvY`k}@2GRy+mr@WeDc8ouR}pP(lJ-OW#Sf- zY(3LK-73bvRipnVUov4ih+()j88!@NngBYAET7`FXbPFjZlK6X%coJHhrf(%P*_yC z<#EJ!jePgygmXDfDJCnX%giMGIOV&Q97KB4m%gI)q`}PSzIn_Oi$mGMNB*eQaB%duUM_(3<3p$_Fb* zwIaUBmw&z8ZI>=U&18Gy2atPwJY0)=HJ0xhAnx4_G%7ZHEzqtJjATQk>(b}Wx<}2q zZ&~U&8w`pJt@|NstFJQZI-QmCx^Yq)HunJp5k)VOH@udw7drVbS+b5BR{Gg&f>92^ zpVtZYLrw&c`%<>(>;6g5Sn=i^da=*hm`Yu?<9TEVJc9EB!Sy#fGmc4mFP^hT3+M

9}8-#))*!Z{7&9SMI^fI%b`2S}^=+KaH-t|g+N4aQ4Cf3p>16rf; zSl7j_e{IZW@5#Q4UXJTv*Ysk8cHD{^`!EUm8|omS#S|Z@IYInz6<&qutQ5T@B^{FD zx!G$E6f0jGMGf(KUDqxNu>BH;eL#}KXRK%e5ojOoVXwmUwnJwf59EES`e=$p=_9|@ zdu}E``|sKhwWs^-_u%kQ76-dFi2|&2iYR#YXme~(c54_Xh(0K$wf85`7S}#_FYRBy zpz@WbSXIY-x6RESB&$66rdToWrM#Wxd|-=IhR~LhPJU*1IvcSSZ`?54>J~1;vz!G>iRU?YSl`F-G{xJ1=9yy*bwpm^)!E#KXi3#z(11+4 z_&rq`zv#g0RB7A)b-CwFKLCWBQlN&+5Nb4ldLef%TPXMW`<=xuR^5nW!So>%Q?e~4 z4pCW0z2NHDb&I7=8o0gaHD|__8>)2y;T(k~T9j+k~xX!Tho&pT!m8g;)G9RnXso)dp=FAS8Ly0j+BHq`MxG zh(;JQ6ybh=92-8>QG9Q|nfNJy|Q0K1l@K-M(*&2X|nXhMI5(9tH&-Rm{ZX}_} z^Yz@4!`Cc>tAm*?gE!ZR3Awr{mI2>FH09Cr0_HrOo!Lf>>B6lJtCA(y2U*3FoH&<8 z3Y86@H0!J%$o42M(gIrHvfIB*mkNn`3s{k!!r+scv2aR+>)id4^)SdQF}94C&_n_R_=Q) zsv%O9tc#|<(9%5%>ZYxYiXnU+QbVR(`bbRXYYVzR7I*n-7@%!iAlDULC0cqiUS@$- zwGv0uNqH4lyWxB5A4D;#baB9+giVFHx+{L1yB8rtv$PJhSE3N8)_%tiW`=TSaBGO9 zbnsSw6&n4BTlC&CFu=#6#mBJsf_}yR3(5cIJyv6ZcvrowSda#ubC@2ZEu2*B`(wcp zwC=ps5vb5fmU58KxI%f+4Z||txm;7Eux$qi)Niq)LyB2L^l3!uVli9f)Xp2pFSlno z5@05QkxJT40T-H?(*C@im*tjYx*JzZj8}M-fxjp07M?#SHouA1)#VzByrkmq0};XM zt*8@ivZ;YlfQ6h=v3Xi0KpZC1k&oSz6?vH*;(=$69rCgux1qzgYMi9!rfmfo{s zTLu)i{L$672*n(ppoM|Gx7=-5S0!}s+3MFcE8DNBuOF^I(B&M7lu{rfr`(1R$1`fd z2g*Tbm06`EE!?#>EU6tdb*z{2%|qLNqiu;O_^XHY^1w}CD0(Pf@H3l!E@X z#>4x-$f;sa2e#^mSclcaG-TqrQ5yuW^^6G?Fm`~>Sk$b+tGd61>d^xN{&663ba^Km zlgAP#e!FVO!Y+MNWNa4X5VVVo%t&*fUR@$a_P-MwMD;1*y}tI8ktPLK%=M&O(e#PP zdD4_bVHp3|1oxi?yIAp6x<<3)l(8phKBBL=4J?cnp7MYA!ej$3T0u64;S4Y&%K8l1 zjUdvn@jdx!V8kU6Row z33x-9vh0Kw5k&-LuR>(34FSe_NT?G31fc8}SNDKh&E*Yfnj(73Eh5%2zb|9eLJg7( zjLb%Uhu#o{5dR|cwp45H;OR}KKJwvz(BQTG6;J{*`RsEqE+wu2eZ?^*!!Ol{n>Cj~ zxocnbs7WhfE_Wu)QiK|+-e3r>VMl_`N_--&+_~rUaclf|20&ejJ_|-ZGn8AH! zq{T4bJ5e6Q&BMD0jXz#PXPRxiz*gZk8(}Mh0W|2E`#z8oBS+Hv0B}751G-3wAF_oO z3#~hVv)Pv>`g|8uy#QqZB}Zgrp1{K>9;l6k{5r6B5dd~BAr_Icld{Jv6<0|v zLvrLfy1l1CyVi?2u`)zc@s-Mb3;1YM8$O$!Di`{Xuh1W>mH#=Ig1|`auauNc`I-hb zB@7QW5D}gbHedLa>pOE?8GAQJ04xLD{I^_MM?UwO^|7mUz-L(Njm=O~%K#LS?&9)J z+8X-AV5qTqiEc~`y@XKPN(!TIe(L`Dy$5ga;)^j~OF)Ay*1#{LFI^3OfAyuiUPOcF z8Y<=-0tM7wcO`=}a=o66gU10U9SN)h4m>H~cuBEa;d}J6RktBdd#*b5*R2wNHa&9r>zP`qw7fO$~XYqvJJ4aE6^+f%iJ#4C~JRMD$E4sTR z&^A?jYB@-C@wpuLA>dq7YhtBQ>;&|3f~GRu>l?-Hv|fgP|$5=I6- z2RVsjb^N`xboV$0g^6zdZXHY86KXwh)gW@L5pnK{4DDU54o^VNGTQjDOHjZW+~oZpb-Aq*k*?f;<231RzLA;l<7Y;L3{miJ7=GD%);X)9LT$$W;=m zncB{1mPp+8)C@<7FRW#X63cFGHj{EdNv#R`1TFFm$ze`5#A=hV+T7IS}*QN}1I* zG8)Ssv^_P>$cZa@3XfvwuqL*9Ks<}2T~2%bApKp7V^`(&QD$_C8DP)07if^edk4uf zKVz0OU7n)KlK;-{$XS}PLb)EYPr3X=&G@noe0rIyBD=;e)%h8d_{KMYOr92KiGOI6 zTU*rlQUxe6p7Uy}Codo-Qpc-|>vkm%H-Vwr@VdSo*e0A}So90>4P}bmcK*6g&U6t@ z_3L@7Xr;U{Glko0NmfgCPknfzKK$00G+qjb(Gp8KUnVARMqbS_u@hDrf;N(~t8w`J zm+1LJ{udW>YL)x|W|z>2fI#0JR$*^4PiITWW6MV}l7I4RH^C?T$SM8Zi_8VU{uX&E zuWlt<%i6z8B9-Y~5r>LvaLULi0->9NrCsUqdZ87=Q81rr4G})yhP9)F9`|FqvR`{M zc=CyId2Cdwki^!{zvS|7r}K1T$`{j5l8a$7u+0MRN0%QR7fGk|p4*cnn(yyTa91*` zkpc~8CD7*3E($Hg5zBw)f-Oyc@|S1g!@3c!#pL;H0O>0*W+#|Ka#RIOtBjv&_I6_6 zk;`yH*Cpg}E#G-ed$Y-BQR2A<9`Y#^VCvzz$q`7*bBm^_Y8Ky*5Ulp#2E_Cw7VkScHhFsW2qeK*^o6)! zGb9RPe8E&@Eksj_4SHU-$#K)YIkWSqX zcPv5te9sm(9TQmWl`d{mK4lx}E0)+7k2uLmT#L9l0nIzy9J}L}#wPljB5-E=haO%| z?6q?DY5$ZnK|@KrF)Bs_;8an4RQ)Gi8;MTsN#zsNv$GwG9r=wPZSR_^G!K4H`4PtFo4dETxfn27>o>*;+6t|ph2*^_(~0g=;*5TQ z;_`M|<8TQM1)2m=elNR%fxrieJbItlb&N8=3*i;T6IiMo4vyvzP{XFNjc2#VCslt$ zK12!Ajir|u0#1#@@mC7#5mJ@Fvk&TSk{B0@Nnjh@%*uBDV*iV-Gi@{?!Ov6UZQSYu@4_75LkV0rU}+}8#WT~z5SIUi@(Gja^* z)Ib$ZHZX+ku#@gMA(mp)Ca)y}udpgsie-|@JPDjI&g61&&f({X#I<}N4jmm@PqTYp zZnXjYqXeE7mxnpAyi8EUOQgLnoj@Oi1eZ+sNIA&_Q4i4xO!afcR0!0FfA;3fBVan| zKs9NxFiU`7BV>;GTx>#xfz2|%xGZ=R%Z-u8HiBllc$LMu!XUY?pJ|5>I&&MQApN0D zTJ^!~9VSmmvFPUQf~8`uw5kPmXQY44(rX#mceR(YTx2(dtjqj&Xa(kn)ScxtjCU5H zHD!oXW1297t}=bL#DhAnwHmnetnZGQugR`Q!p_+}waJ!{a4i0XD?HxPP0?-LT3@3= z9)p#?EMH}-nO@isqE?QR-a&ZSdtzoRCu3JAoPX`t4e{h{b#RdqRPfbK4_ywSybA`% zM$LgnQFXH4z(*dKTxs%`s z)(XmJKa{W0*tIh&x?c4*rm$hL3XVn8b}qk`XU%*kXPadi)QN?eNDY^lNW8+4_Q3Elj$nlgcY7+O(=ToyH@Qr3 zM{~6zs#$>FSJp4QWBx>q$5V@DA>e(S{Of(3tYrsWEZkN=Z^ zpewkSvSfH56ia+X-_b8Oov~>g(J1na-+U0RTjvKiYC>e6VuYE}u1_R{6BnyY+&yQY zun0j*&I|fgl`Znez{9R;&y(pkkL~kS7ZGZEwHYE?o>(urQ}GGEgZ`O9z%(v~Fj0>H z)VH{=LR%(-4jFZkQZ3CwZHhR4{aq`|x?RY5_Vb{l>{A%M7+~mB|7@qKbRVSYUvp8& zU#w4w!~&^xs3$z4Xg!R0Oc163TY}43Epwacew?&a%`ltHR9@WSX>FHE4PIN-f05*5loO|hbrrDN2 zceHjd8X4#FKCu#Lz1AwTYyOwbA;>zyhd|vxJ33VQxJf;V`BMb*ceGbp5mrku2e)4_ z=?#JAPRykn0p;j+wIXWrqm8{OULwYI-u}z8xvR;Kkv6M|S)BW2lR;JIpqTw*Z6^L+ zo4`{zwdAu!Ti8v@LuTlqBgoh$5*(T!sxM_-rL+u~Ztc{qp_n=+4{>ZP(m~Q0m*+AU za8rHoi6mtzpxTIl^fu)LRDapw+g?Dl_73zLkMXcO8u11V=%=9|iaja%(?_lBGd?N5%Ev{QpHaiPJ$L|VnY6Juo- zTsAJIkBbba(w>$wq*tO)GlN2C!!rqB$dCub&PhXgp0iOM4fW-57y^Lj>kepT*gLoH z_k&195x*vuicf(eoxX3Nd2jEB6|>KGrIh8^^_Cl}Cg$fK?!{3o7C-WXU!^t%vTVuD65X%b01Drf8y@5?9!SwiD>Htvaq))1$^iR-BzL%8aiCY?#Z(|mvZd=G!_ zgS)h54HjB#4CY=EyO4gD&&Ny#m~y(DX}YbPXhh_H&sIs(&33L8q`I&wR%m5(Z4MGe zEfyB>yS<`&VDx4R5VFbrM}SJ??@|MO(j9JG=XH%ZTEM~p2;g);?J_0`yk}9sE%#_> zWuqnpR-u(s?cL0Voxp2_=GIsgB;Ov(%{Uh*w7+~1vH-r@K57|N(?qkNwhJ2C3m_z} zJRX!-OMe?y;J5+QR{ps)z<#@aNP3%-4+C13;qP_y?ZMjVri=MoF&AgiadS+mqPNW> zAj~+rUR}MC*lX8nX}qeK9}i2S4YdTGF0;Ui_I-I*>h?@t|9jCeszGYJw*XADEb|lJ zu0rH_???yT_MB5+xwqTg{^CX5G|G-z%$`=n!8%hcz9vz|_qVU@*0|v4{sO3T2g~A( zZPRQpi=qO@&%YAb$zvqbYust{fEr0hzZI|uP6AoYo0*IU4`;inJsRa)+iMr?C z^@9bZGt!SmQ4~DP-Ys%NZyrnx;M1q*^dxWcZzuXJPAs%|ZFO@fSHm!cne$8PNto=$ zyk4xaqn3^$x;O9%2|BUGn~(;DK=~{pNHYd*hj1_kiMQ03`R8_^cCAFD+xEY;kp{#^ zb$i(JL~qcjA+VFCS+a%Lw1HAX{x-f1j^dMas`Mgnxas114ZQT`c1YaC03DKk@9m8NBv-NlpKPM(>c#w{xp5gs zKI?jKnI9$&kKFqWf~W>c$_+bX)LJ)eR=_~b5AL6T$gu1qFpxu!~U4MeAxqR@hjPWO} zjP1r+qf)}{`wP?VgCxAO&XtJya}SZmM@@NjS*L$k4l8l8ZDGWiO<&WR+*~Rr|2Ts{ zFxHu0oCyTPQ*y#iMyTXo9}a2UnLzCpOM#vfkkxEcok@X4&o+@Lxp2r}2gIU5K1lF| z0T1vjF_~A-$(uRZ)h{>kVs(`EBp+Y z&jCXlErQ#Bz$hSL$v*aj-a=*$X|C!+k~MbIri7TDyQsB^jXNs=#cUZ<_PpzMuf7r)s9^l^Ukv&b2p_5FP@1XZY96Vp5|)ACtRX_Mo#2PKV|8R{ zG?}+(2R$8pTq4pchs!{Z^6t7|yS|pO(u2!5pWvV?L;pd6ji>apUZ~=`^(% zSGMOS12=>A=I7k#+U-ZVHJyiijs6HN3gm4mv52Qtnxm&jc#DM+W7?9o%7wfe*lyV9XYk(+l+=(o5ht{ns2{~^7fL=?6}-f z50x4${3Q{45I=f@o8eO0t8SELf%a9j)cfL?jr(G1lgbS=Y6!u!(TjT&Dn{P?=hNkW z_A~Hge(jF^jUt}+_7C1UQ?`GV$Qpvn+(!tPdnn{-*#yhk8t2Z{7}#By3T=`x{1XHJ zqYu<#neU>p2lBhwFY@OA#U3(|ny0o0BQr#)yQk~i+dd=XZY!&jPuQfGwZ6(_T~AWR zql~_mEYU75TgHhtEU%!(4mty2%|srTMho{=#6Cj4aKjc7%D;C5?Fesb4!Y#Uhm5E+ zR{5-HNV7xx%$&C5dX8d0OW7|#y5BwwX=no-^}*FPjJ1Vun!2;EMo^IMnR-W}OyKJo z!Li!_62pCi7v~Yq%?A*)iRSG|s-)jEl}o^xk&s>P{Jr?*+ouRB&L1hnKbBCh(@ru$ zq7^$QzZI5`O!WW_7b{ssCzleJRPjB4)ZQ$H`vrL%@ApNWMMO_5#eMRbbs%sVOQ}k3 zUws0`eatS>iaFCm*S`|Yx=8n_66U2#VbwlW%K={UqKG#vp7gpj{n0#Az<>5$eM9dQ zw0y}_Kso0#8{TwRdvBlQ8diu#_rV{tuN5m^6$#TIhC0p0=(WXE5PF|Z))!j7^Yzx7@c7YBloQADa&aGi32TIR zMbFU0(xsHp8+lg^^7|Wf1<+dMCmuHh7_JGGxIZiu{UpMEFf*tza_P8IzjG^Yr=kxr zkzliBcfQY~LRRoF&Q8e*-D)g`n2Xx!<6&|C$BzCT*|YtgsB87VuG5GByvH$axaB@o z?iHuz>wmZorh>Bu?mdRbogv%u-ur-F3rYuAz5?!Wg37rq8r~7w=Wl5o(yVM z-0>OsnrI($Q5g3@Z!vRXYGXoub2_oGIyA1Qa2hOlIMR)wAY|nc^B5dvyi%r}qa~4! zT`l+T)}+2LM*FXMqkI9=W01S|bbGa6(^xxxDi5;cG0~=7DU5lB1&d+5dSb@x3A#*m z-#!v)R068}z>aOMCq|rtN4@M0bQ5CN!iCwb12(wj!SSd(r>63&TV@5$wISmKYKySC zUnT@WdQ1Yqqpt=^=><|mUSt&5+tVQ@Hv>;rXf#^qSHIPfx_8z6PHl-Zz;+%3IpsQu z4R2il;D5M)z)@9wBlJZFZSY)%cU*0$ez?sb03I!tc4hs54ZX0hBbs}|Mn^}r=dp#_z4K?u!!x+v zQ1KST%bVGVI*vE5TE$%M1YSk^Us9Un@s-hD4c$01U{J_yZ=(HBEMmaM@Wy_6u!tg2 zTc*U7<^gY8Jrh9uTaEP@{~bI2+|W$aL7;yYdgfkdMo59p1I>}p!|l7v`_zwXxPKnp ziHml%>f134uVbnCOu(QN^N;--D$U04=AR3j-iwEoL~-Mk8y+7uHH7lxl}Ahgw|b1t zx5+rLxi_36+Td(ChxOR63gwrnr9Ksp{CED^Tk=A*9O) zo~ltNE$U2kj=}sR#%IOl3^AAYwH#LtX1e0bI|X`)!WhsP=9sR7!P2)%?9L3J>UPG@ z0O`Z5$Hs6EFi3yhS?9n*9sc}qV*)AEo-DDNYUL={-VVy51~e{Wvt)I+J=F#Co;hT; z(04SmU!Jo6l)+bU0O)XZD865e^0=FHyUsw^q%6|z@0v3JnxxjRB*vbWm{do3E~Kvd z^gYom)1BIlt7#hFt{yFnD0tnMYYv-$rZYoQ2TC5n>O1To3tHvp?RA;xR^SEc%?#3v z=)A4QA?8Lb$K-l0zFq6DW*MtU-y0Y~$;U}(-b@LF5rSBpo5d=Hanh;tVCf1F?`&Mo zEuZB`?yT9jZd$?w7jVT=k!{8O72PCdqDS&hf20`y!c>PXu_74TNonLk8XtEtvWUuG z2N3_T0EQ-S>BbrnNv zM9CrDpr&&HxLN5}6-NIjwY6Zbi28a@=Bkedh0D~>`8$(cdd>}!#_R=Mxv%n^#>-kA zVwa$S%CEYd(3X6wpc7W9|^7hiez) zoHmYQpuM>H`8aT2O^G)dmdf7pJ-5do?p2e<&JK_5eR~OhvoF7MJ!QQ8)lBZJ`@>JN z`yB0Q??OEo2HzeU&K_vhwaYXtM)j3we0y>~clP%gSuMXF2MN_S1;*bU%YPguP#H8^ z##}RGZvQL?=uOTg8v8AKz%@M$_%Wv;%(Tl=zpKtNlxSk*+Oa5TiBF ztf<=Tf9ph#{AJRQP`Mhq=i+&Nhf})4Q4Dy#SN&>ri%L~K!Q#|!cxbxa{krWzjkr-jLuX7~8^DV& z!N`%6iy518e!Wk;S|POmVmJS@9NL$kAAYD^OME-IyZbeZn`oRkVF>PHx~~D3eVvdA z_rV&A)6Up;VPC*yt>o?b@EiEv>5Ze#G)rO`7qsSkuud(b@$FFQvjf#Sn8a_IfhRjjN$Z(u#KrX@y-7@)UtK*&m%N9Pu)?x||Ot_5lRaui(cm#!NwoO_{hH zl60|OG{YMO*L<@dKrMfFrE=nektlbkV$c8)n4ID}z%JP70>@JiK$a-K53rYxzpfeAplwpF^H$p?h1^ ze&92&emO(+8!v%%rG^%KasEN?HNF6b1hvb(mJ|u9-}qw?@UKJo*Eh0hEZ>Tah0!xM zrVO=GU7OaYYPET}LOdS~zNdK$$W$$P+rtHwa8&Gg5S2Qx73l}5z5Rf6gUXW@bBe2r z@DX6DoSrzM9&U|$>scA!5olzK+NJNg(Ajm~X)BRAny$2MesSql3FcG;kBdw-DBRSb z5r6kH8?jAqZ zW*mcf2BFxL;p{)bm~JNM?Z^Xo+e^uW|A zex}AKCM8K|nWdZ#ghxp!7w86!lS6B`Ql5cO454LXOAEywWfj zTbVYK;nc%EF>`M%rC+P=P{!Na4j`B5z55_m5hg58?QhP<~bp#vfLsg1K3o5wWpJK;)sgA6zMwk~GJ$ zGquW~kj=l-*T3`Owb+%aMeVsn*m;kPw6qo=|Kv7l{6@|2055`fm;43L@?bsbwO+t; z)ITrGs6PYa@Zte~zF=@mwA!U#B)&A(+eyJFcGG1>g;?RD=<%G)+?uk_$qs6>Upt)7 z+kWO~3EWqP>Q`$v-#;p0U~hx!ei>lK-!l!`p~1Ir5>hd_j){Uv1sgW75fCu*&{FzJgSkgoO0MNEq@;oY=Me9%y@&JZhXQ_>f9TC+-@r7XvlT0GkzB zXi$V$T43eic#2JwC=k}(*{KGIxz>OXg3&>W1&7nGfDr{FZ+`B4Ig8_c`~{|6Y~?n? zTSi_FNN3A{bdtnvP?)Mc;gtOa@HV?a{JITpfRTxKun<$Z2f$5U65Vs-r=BJ!C!aR_ z-gt&Bno9z!ZrSL0bG%u95?yGjJl_Twb^g5#q*6L)bJ=Bt?deg2tt5BC%9o zV5z6S7$LrIM4WtVV}S|2SIrv7gIpwkSgHw+Ss@@9Q(PD zB3YnJZ=%w!l$DJkd4GlHXU`7ExaagDmk>Ht7GNl<2{SN({H3Jh2}LE|c|2=o*x+7< zlFQ6;lms}|@Wz(%sZ9!Jw>N?B%s2nQ-QUST#`Bnsi;GJ=O~i}~vk05jpVL#o85~ta zNdxWO{LFtmYy;a=BWnj~u+B(Cf>K4^~sBz$!8d_d+%+hrK~! z;KFqe`f?0Q-67p~rkP0~9kF}cL z=yi#mDa>u!k&rW8|9^b#rd^x1kWhc*N6?i$&2gO^j|xLgO>MuO;?*Wlhd@HnA4Ih| z?OKxLfaWvcSM>sG3lH7ca?X_cUx!agdmbR*o`o-|542RDy}*)>YNm7fj4)%aw*R5r zRf=CQP%e!Ak$Dab@X+|I(ahktnPC9R4e`uCx!qrX+b#TNF&Qj`^NqM67Jl~se&Qeu z3NZ98r0OX!M{S)#ADZ~u1|0|@>m7;vh<4#4Zv_+Cct4&%FoZw+NPn?!Z5@#=S#`RDA5iL57$ssd}$zbi{(1G z4p!p(O!>d#6XYXS{xJS`!anEM*U+!#udkP)L4YvRJzS89cKT&jiK8#~tnoY9cUy|R zuwL#yt8(k|3Z`R);vI>L__Q9)EmzNKo@j+p+2T8cE{tQdvdZ@e`Ou2TUoYfiE`}J!g6^~)}a*s@ucFmEiqmvcak z`ctpZU;j_mFok%)Inoa(#uC!gx7sn@%%`Q62cVLEbGUi+Jrj57-rPSok}8uv{x>}i{ZigDrGNZF zNCj3xLW2IB8#aHXz#egQ1_=N5!}+h-D@j10aq7&?Qfa`fRZ@s#(vTW0lzqWkbZq5FS!8x}U$ zC7@u?UIVVQ`@l(0!(jt|0tiVAQQxpl z%^$BN#4%8fdyGr|caQGIf!#0*x8(lszXF>T?*@iVZ{lmvOzHlp6upxC?yRTR#@%|j zn|c2tW+EY%z0vou-Z0>ForA%h_5S@v#Yy650;q0t>+RdOKPpZ(tA}LD0#E|@KRj12 zpx`)IyUHtZKmApwWtz(%;ijmkrFlXTi<&{q)>zLqBTSIwRpo=2-RlBcHnALW75|}H23>Yp$Z>ut2Al5_xy|m z83|>>axs}~8p%IJo0UdEPE}Qel=rN^A=I{S)tksAF6 z2pJjIYmTeey>%R{_jt7`+*w#*mN_tw)Ztf`Dzu#pZ@RlVZ3EB@^TP`B0#MgdXe_w$Kt2XB7a z`k|(G#|zAA6VxPkSXR{!h4u{eBpAk8S}%20?`xcDb+Bj}@1}EmKp%j zZ!j<96q>Y1Y()7VP$YR>ZF_%_F2d(Z2K#(EMW zDvMSXtlWHRGxgxtIxu__()%Elew&t2158ST}z2)2Sy%C#``pJ-7aN zUQSVMEKUTOPZJi17}W;zz-sftR6wJWj1#{z!VdT8V6dvPa-Ny!bo2*a=(-+(R`U(q za1x2fG~R0jk67H3DX$0UsYl)0WczOz0e2n-xvGW~mzrH+Ur>ZrLZfd%`;MAnRE8V* zqYt4k#prmQcrubV`rapukKYja?l0Rh2+gvxr7V-otNjtt6%i3}yU(=7(fFp2bp)COPR_uv{qVjf%mXXy#@9H_c)qTu z-J|VzYN}GqHdexkdjE&7w}6Ur>-#_fL0XVjLYkokkwyUpB%~R-MI@ygX`~!#hLn;L z>F$(}R=RtnQ;^oX=bZPP*LU6T-nCpTbRj(KXYc*5U$E)J*2fYCtczJbT=9-%D&?%b zSpRZ_?9X-G{&DQV-T*}=+SVBbA@S#u+K;dj#L5EMHS(0+NE7Lch=>GEiHBL5*Q6iD zJkR(kSh}oEj0e%i=u!qH=?ie;OXA2b4*{p0%sVYhoq_8i`!A-lmxFgjJdc7wPkK6k zxc0XmaUIKf$IaC^^U7DH7LNRaB`jP}W8ag98KTfas9k@#iB8I;CKajJZ3m%Sb7{^T zVb~Z6AZVa_TTR{n_j(5FDoKCeYJ_>7pmWC`pXm#TKqubvS73(+UxB{8dZ|6F)kJwM z&7z?qjCPv2etZZ~nPSM{y7iu$Q1j~tVI%vvJnMXFa0a z$ciBHHB<%xn5MJva6l(Y7*>!p_6{fS0@ejY>r+yWd z!*rg@A(StGne-7rfLY^bfSs|$Z~gI12c@3~D%~%emFh`N4$U{yL7_TvQg`uIM@%(G z9hJ)Cf*LdL*K@C*)9Y&=B6(^a>-L>~$%7N2jr;0M3RtiGI_)B5frON)wol54r}rT} zNpQ44_8z>2uxR}^s{@~0NuxnoVe0A%w4DW@wGNA5sgSRi_tF_si-0j#H$3Ltc9Q=H zryu_W{YErV_BB8q2^^d$>blRsC5BK(vOQE2S2aPXYdQh6+pcvnxV)SIcVN@H?5Ndd zvg8P`Bl|&U;WFQrG_7%7SDtQkFRj_oZSp9;HL=j>{<`>CkbWWXfw#gBvrPAtEr##C z*p@aun!#I^ZM*G{VFtY4D_$=?@&ri(%UzX{Lqhn8ZqZoD>@(}JqU_qs(|uliN}f0n zjjdU}fNM6FHQ_EreKjnrX=l7J@f~f^Nak2O&~o&ifu#xoKTu}B-`BMl1h2;;lptha zr*o=4%_=Q>bqPddwESwmfMMt^7Y1HDWglbH94=XoM>~QB)KP8e{^cJ(|AL%K`r8WM zx{^Yhs3!w^cpsIgOK|4>k#B$vO~O*+&DfW035SvEYxA^MqDC+V9)v@E}L2`FL zqhj_ANUdFGQEJ(#>NvQ-o9|}YZ-A#s09{QrlofE}FUIGlM~shI9B@nmi5-((4qZus zMpQ|+mzccvgr()AUFQ6%RJnQ48W;k!xNJ{o={JM&L5W>rorBW07>q*gp^mwIYcMIrP4_;&GbP$#1X0V;y&CA(Cx|KvG^hMLz${VS2U9uYQE{s= z-(J*V`uq1qTtmOqDJ-esfe+RFTHQBCv_3(Lx5n-RkG@~8uj?fTDp1)W_|@n2V7a-u zn^+jC171J$u@VEGtt-by?ni)ejbi=dIqovAC#?s~YLzd!fhsEnXeS10%pUp%E^0n| z`7-p4oZ(B#kcApGOSd2UZ2{M!>Ev^;l}ju;o3EK!zi5S8PQSjq8uBLf#<$2U66c(f z_~b`kec1&@4|P|BZlmJ)8ox~9K@|ha9St7HBr2efX+#`eoKQalFkUlXXoA+}+&g^LN7Un|h_;*dk`6?K}@#$8#D4 zKK5^GaC%NPL2Y-u-ahXh%GX^U))|iw6E?S%TH>D?U186De0X?x(K0=!ZM*86PMPi0 zT9YY5jq0KqxsIP&KIj*RSvWjC2B($uVlqhr99IZ)0GOHN#IW2K`%i{R21BEx09<1s z-HI0lPMlgA*blTvXBt$+r&h4|YAP!#PHq^d3Kke0#FswasnU>%8B5Dyj>=V|94v zKI@lv=G|hf_NqewqEW=kUi%4m-T9ryMe}{nUA&9eJ!QYzU$Bs={rY8J_Gxt1ybS6@ z#^Fj6PPY3Cj0TuS^ZiPT`hT$jBCFa&+$yN%AHV1Dy*>%o`{udd{P}pFa1IwneHwUi zt-BAWAcecnIp)uKZQCVe4D*@GZioK@P7Ul`CCwO%<@f7Ynt#p|o-7w=Jl1M`eL@=# zQ5?q7v#R$#<;iyz_LrZcw%;h6aV}IRK-A_+wJyGyUBKEdELB!TUuK&c@felWH;W|n z`2~6fuII?a4DO+bin8MT$BFA1i$<(U9=f@gGJp=sZ4vv*PVMb}KWP3!PfmTW4PR+N zTBuQecM|fpt_!K=A*MlsU@C^)kOmN>PM=ClKg;&*ejiPkBnf}VcMfPTR=JZ&e7{F| zI0vyzE9Q#E4k;=9qMuhyFPfuSP$cm6LG1ZTwn5`N%kT5x3H7>9{r5WUGr%es3(Pw` z4kU8+>=tYpb!auoos+ui1KFn))?krtWg3MJmBo@T$mXpF9_13XGx~M}PY&d#)!ch? z#!$RN$G>J@fBh4^=0}}9ieh3fWN=qs9t@~Z`mhPm;-fhl{oLj95h+j_jX0)FD}vin zn%H5THIKN9pYuPv*yA}Gkz3MSm%=ibA4wPU*ygYX|FB2$@!1x==nfV#@(`AA-KtXG zcwfpk{d3>XP{r-u zrI3hEDyUZo5>1nP-;=hV?+*vA}RN^#AgK;qyTe4sAVm3EXUxrwPrQ|A$M)TOp` z_g2L7C}*AHx`^T%LUwzY@q)xru5!7`rbnU^;ka6L{AwNQ0Ka8_aRb@!?;kKorK zuiqGnlsU9Ny#m|q*s|2H@drXn#@E8v^C`Em&WD~YV8~m5K!7+|PCzZF#7TZ2@-QDv z8k3n>>AsQ{%fXm?fi%>sZ=Fq|DrpKD>*6O&zkSjJ>HY3ueXels2-bF?P1lS4QY_2Kildi}7x3O( zirTSB*tW%e2NymufTfspjTv

1gMtR#OVGyDC@h8jWwwl$%?sJ6jD^J&|SQ=4r{ z_}hJmPjrVUwu1gx?TcPByW0XUzN8(s{(d)s_af&+%f~Xl2Lif3p=TM z!?7uaqekRHwC#g?4{R4T(c?glr#cOZKo=377A!2Z&_!dS%{N)s4xkP38<1CA1|FL4 zoFyt6&6kt}Nc3Denm!baooF?0%ZS?bUh(2>jRr&|D~YsTPW%YM^@^h*PwzpM_rh7- z-JeC@&{}s*`ICDD-6TYiaLaI_-)?n0KLUgRkQqdcW;}Mr7jqkMrX;Xwe*D|OoO1Zv z`&+a93CMchF2NO@yxcU+Q{KZVR}vozQzTCBrNr9Dm(6 z30&L+Gb!us#@kGx{Ximo&x`@yXtT0MW1WjhimGxqt;>u5ta5YX+J@2^k3Z8GbhgFi z0@zH-jUtjFvIoMUy$*GSTXXgCDF*hrtco@4Li~67P6p_zMID-JOb*tRJM^cL);>Qa zVAZ%kZO5W>9UVeaRuP~TJ^lf=F7=QZ(xXtIk<^sFwRXP3;2&NK#sdY1hFYR-;>LR| zmppcepc%rhTyw?y-P>a#`p><_R7-BIZ&J>s(};UK1E`Ohbe-;;it+W%a<11u`J@QS zD@OQ^nDWTrqN*+p>RTRnOGB%bq`Dg#n`EgE?IA9LuNR8g-0t~&wRW0+A2gc_`u*tA zqHa4Mp*fGuHGGz+psAlZECB`#H5M%#UQp4?0;!IeCm5CPK-(9chnuZWE8) zTb8nG#wZ*-T}WLS!)Cfc=9tvf<1RijQCT)3J+rcARyCM<`hn`k$H|PS=1n=ryu+U< zpF8YVyTv(O>mC5pu*^|k%r}?a(SB+N^>5?WK$TMCY!~J@-gGW20i4Q zN5zy`?*qgnxem(W9@(>d%FWYziKJaaK3e-ac>O3O`%?JL3d_`U~+pb7h-}_s> zPCj3{&O6o~CJyh$F`-2Y6rH_w0(RD^wuJ4StlgpuhVse$d^1=YAdz(u)hSx84C>{s zGyn0{q?*UzgA`z~JV{)oA)O%BIX0>IqEOUbCX$xbS#ftVq}OH)oi*uwD2pVp^B8CT zX0A+XB&*jF?=OYMIe)vd&ru4k$Oy>CGT6}uEHZa02c4`1Er ze5lSLx`qA3Hnb-Q4Ha8TJ7~C1t~4mOGuc;j2kFr#0;CJ=NRGV1KG+bT>zF zwy&__6m1T+u8-#V7DT)6&S-JI7+gQbJt0y6Wnsp+>vH3u>e8L{bE5_v)dG!%5+QHJ zKj#52Fv~ts5cxZZxDJU7o2dY39@wKYxUO}Y`F$EC!61uKe*!=xFK`UV_ zK@=Aku?8;KGTlwd`QqHywmfF2lS+&Y$5%fA4q(R2-%GvJ%+*@2d>_Llnnn7 zQJSdhNc-5}`c?Bg#8sH*jm?ST#u`Q^ZEUls_wMP{@Td=kOO}TN1ILZj|LHD1W8io@#Xb% zl2boj293RUwdR%T=v*lCZ-*bGO8A`Nq|qq|Lf#FSL0ld7>z~wPRguh%qHfHbJ;Nio zr~@+0#+F4^sRDSs%qp)o;wk9s%pY&LrtQ{^%XUSO+fh6M3Ur@2aHA0<7(d+%a&ty^ zSW%hPnRHv9Ed}cZs^~}kfmmad3FuT?S0A0X>ZmYg_`2EU&f(VTa+y?!y_WGy>d!N& zpeX#v#OSb{VR`5;|N4xqhq>PL_EH5J5!;f&E!`|mFNXRM8yUMJ}kh12ik7> zx>m8pW|F7Tw}`DZ(3pbb_cO|JZX*y-*pFW__KqUz7*Mm3rQ zE8}Masl@G`O_^{P7U7H-Rki12W<_#Sady)c)2|h1KcCE04tw3Ye=C=LWwfng9dJ#@ z%b9H7sZ&$+!|dMo>yA z&2)%6u2Y4afKLd-=0j|PeDuA?C97o1%yT84OkjATx>#=vQ8am6Tv-zwAK zNB6uw=;Ku(h5~L}8baUhgHB*;JM#SR;~u)C(*50O-p-s)Dw=Mgo~6@wv&qvFTDsR) zCAvQN@a?$p8j!@Q;^^3y?!)iojDNDL<@lX zx+FWNhOm%G$;FIu(VD+CX9hZU(xHIer+AiGs+tujU>z(^>Rm{);Vk~{r0IvL0v`nv zgjAt_ZEe-dsmrnGd?p_VD%o%{)@1}DU~E#4%giYE)J&FFAvlnI1u&Kb*qs@U;iNOc zeC}69knpUp0XBDa#u+AXxm^Zc)bGODrY*hcPDAwtIq@I#RJ^P5#w}zmcEzgbm;{9_ZsU=crd-hLYRA1Vxd2pUFZ{8Un_5~w08u>%z1>MyDRh) zJX6K;Wx8W>k@ff|F9!cY%z%NeMf0`+kaP|ry=Fo!B7}IaD9AO%4S#?ea_d96Nr4Rh zsluyl!e_G|)y$i1EM#Vj^|gJ6%D(U&Ez{zq0NU_I7jqanE|OryT?)WbiWUcd6L8Yb zt&=fR+~Nv_mKd&-XZ4VL-WW#=Vl7H=tXPqZYjpz9Oq}r@`-|L z@z@NQy-5ms)7={*MJpVS$Y!k@ekCM)c<9(it}jw8Eo|8M=ukl3zNFv!65ul{e9oQh zL`EB`y(jO>zEKKe;)dSu=))#ze;L4{0>boe;P{F-hQsGA^m9Y@7|;ZoyJ=6!iw>ch z{M{^TtreLdT3v|Cg)v}0n>t~_^%)P#e(JtjM7WubxM`rgFMktzhuz&Lo>mZ+dDdV1 z%-!rojmv?>K#bB&cPZ$eg(%FTXir9ouIe}7Hk4~NkTLVJenZViu9H7=cyhSx@W?&e zJCm|3t*1h^A*0K8@sb=D600EnU)FVaV2z@dIj-XSbTu;Hvgfo1s9 znJTN|H<2^1YF{RWoiNMRdkED?ARS#7k~~8B?=7k45Ur$&z^_Kx}@)7lY9%PL!~|bFRYS=ntAp7V? zi|1^)(%%0)Rm+WO(?w*j?b&cBPGKP|dcTt&t@p9a1TrbtZ*<(q@LZXd&&u|&$g@q1 z*MF3-p`pn9fXOg!_(g$MF(TJ+mcj}8&N{@c`6i`xk`K!9SVB)NiFXmGvK1mklXe6- zU6+o?0%oy^=!!6AZ>f{Meuv1FsVD+NC4i6>Gwk`Omd(Z1fDg8lpgrZ|0Dd*ok$RaT zf$#_fd}lt+#UVev?*80Y}#Ijl4Zs->oH5ZIz>q%%zl_izvynrv`;4TAByn5sr2n#x6xCXq}dy!uY2vWRlw%M zZB(x-wgJa3_aq46Fhd^iB=4sWmMv_~)kkvQGjndf*utb;CBnP&`7RN@N?9hZ87$wt z|D&LZJW{{-(-5Gg1JZL=6RA@y6$W=6^|;PRJfXZ&l9t zZ`XZL-=g9nQ#9X!a88Ir#WC+M>^0bgT^P*g8nP7YR_gWGv@>GVnO}mz5)!DJQYb9| z(T;eIP+23}%n#PIEtB+N&B#cT*dWAH8Kf^Sa&5_|%^UZDFPm9_Y#Htw>N$CO=fhJf zhaLv_kY~g9Z{O4!8pAkU09EW_&Q*s-1aHsz_V1U!u8hZgx7AbCvGI~X^CCN*DILau z;M7(->>2t76;w>*DQ9;*khn2frb?_^AF8P7=)KqK2Zv5&76k`m(xw(YPp#2AG-&)e zeUVPR4xW&S!xilV93LT?>w{Ky`DeQ#;3>U!h4K!(==mxOkD#K{aE^kDQp(y|sN!cm ziyVz?^P~2+s}`kr9Da+wpFumr`uD?yH;mY%OKh54(LvZGELTc-0!4S(?e0G9|3<3o z)SpX^oVoRlB(>St$(f(Ih*%*Fs9Y3D9%M#IE75Wml=uud7h{1T3TL%f%d(QsdvX06pcfyk7yJLwCe}-XRz8 zt*|>9D<|;VF?XT}Jfm9B`y$D=t$_Q&r{q5SP9%*e+!Ep6YtGai%X@x9!cN}VQAqGw z;wHwm9+~zf$V!R}JDOLSqQ$prtwE}rhY)q3CUDQIiw*((0U=Zc1g-zc*8_+WC8NaJ zmIq5>E@IGkyPCH za|bXyLE{Wv(Y&WH2|2#_E9MB!C!HGLu$ zKk!e=q7z*0_?+XqT5&YspYkD!GDr8bM}eM*o-RglY*ADsvrvUYNkK$}ghA=D7BRch zLf}}BIDnNs@_pLJ?8|1sDJx$x@+}yly=vGj$F6O={xCcd-;FM|b}@r1?Bu@BnJW3| z2ZUrmcGUwngjKGx!l#_VIyLe!%N&(N%mM^4OF7@NlUA*Qdb4^|PJS`seGxtjSHlOx z1<9#)Ycr(-vZr|Qwe%-^M7WrY0Zejnc;iK&LClVy2IaTt^X6dvlFwn^Eo;{mfWea9N#nefekxPO^ht`EGH7ogfB)JyoNn=L1U;+vIwz!p z?@Zsx-MQ?&*;?%kKcMhZZ4slEFy1(QF|j2cjktxeXGgAxedA}`e}Ru+M2->UuO~x8 zaVH;&{>fd*r7%&Kqf_pSowinNpM}PY?&D3TEe(Gzo7v`GkmUje3Qu z_kKoLn{zdRV;||Vp*W%PE_+hpGh({Tu0bhmJugH;Fe73mJ>V~1BDeVH=u96^^cOn5 z@$A7HDe1KWGDZ8y{EU}{p?A#ZJceyJp{sc`DhZ?o1v8B^o`e0p{)L78+!BR~gLlhG z=nA^MzI%l~yHau*{js7T5*P(97qp;kbS>gQ^*23KYimY{h{am#^p2DUoezh#ZU3 z@7;61=m3*OL78!*$_fIg#{yo_=i9$|xVZ=U@wpTUWq1v+pAZ{kkJLL`Ufch|?oR{Q z)U77~U{9q00GVT#s>C9FKxQhJ2sEKjzRMFAzLf^J1P6kDv5u%uBr}P>%HqUYSLi?d zvOq6YOZ;|502Y7w+J<#C-S_GFb*a^~QxWrf5#Lasldk*^$3i4`$axNt@Dpht_|uQ_ z_Rn;5U{BM}wP8g*QbRd+`WX6GJYq1fl05cH;}XJ#sXQ$ha-~WoEj)UIaTKoP1hnE`L~9q`8fJ z4BclYUco#_KJ4jlTYIkiOFojyItHj+fBL<*EhBm8Q?4Rr)_EVaQxhvX&L2l3J3Hau z4jWY|C}e~uBOioLO|HJ5xIX{*@!1_P{V|+^(TZuB9P^IVY>PjzR8AaBMNrF&^{PZu zNfztZPFR9~N}JoMpgnuOUR<+mZx60a(c${_^liRotvlyEE_}bQowZ71yT?6yR`*64 z#S)E`)f^5dr;bmlzBE!SI6Ai2pAQ@jpF0gqdKn^iOK9BJkNOMMvKwGeg2n(+w5Fm+ zYOee02XwY920W1R9l;%=_Vo@9LYOPS3Z#+JYFp0M6zi#xQc~t~g%4K_+_0g=F(@lG zIDflfKT}l@fw)mbU%Sxx!DuDRLy;$LyGn?)V+9fl^6iEWGvT1O zEBHKhl08F*)eRkMC)GT8r}qLLu#sxbK_-zhoHA>kCm(YCqCKp}i_#USN>~k;j&p20 zJaXtx5A1+?F*m1*3bEH^iP1 z$^rrM<&);L_69x()K4mrlqZ_hgq2EKQO~NmU;<8Wq)Gsl5Ws^w>V5-94G9jNyC)rb zHv`ZTPJJ)z*kK|1UZ=&U9)<|m1=EYwLFN0nMANN)t@DS0djRIgGE$`LoaPH4ngHs( zip+@!u>_;V=SlaaP|y(aN+y+W7LQ&pv;h5=6P`WvN7pW&&f%j!!DwtPi0FvR50rCE zz_%|}7#D#5myuBOYUJFpP7Yx<()fB9+rMArJ{D{9G zK2!U_^-SyIiVe!FSfYO1PZUN5unRe+`5b-!OrpCgZ8iQWq_eYgOIR$Dl2u+oBI_aF!!ezn3;BmLCO_piLcDYI?cbYNd11qRoFcjqI^35~W;?(uJ)6!_Kx0$&ud$;L{yx_|LDhWp#TH4~E-gVwveEG+3W*2RnN~fI_{G7oR^Rypi zPvWBxTJ{tHD-LY~$B=XJQEny;?nYVBz-;sx!Ks%U z?(f+GP#D5aaJ21!n{HmT+vZ3YN5LZ?mHnVVulf@Ji#2;yKbk0ruPhXN@1JW}*AU+B zJ`HlS5BuSRC2KJ^Pg;Qa)Rr%&8#^;S2qeV+6G;52F@CHMPg*Xg-m@Q!Q15_aNk8rS zUSTt9Oj1~c#{oe;w>1cchpUxtIHZad&~!5Pin2sfUNJs+$s511fzvxQ6swUx;!0h< zQYQVrLQi!+X$lspwO;A8Hua5Qx`kKKY}<(Cx#%LZBe@Oxq-`J9v*$c&C^{7+SMlj| zrNtzyf+V}gGpF+--(5pigLf9W1DX@Byq`;=EKI zdNb_3&3HW~F!M50XW!JNTct(WzzxbvNf2^{100I@CPvf_{yE)it34 zeTu=XN{(Uqva z@IBu6)2dA^y7Oujh7eg&GV|Fk4$b> zfoiVOgr9Oz#<6eBp)>4~Cf>W+xW&iw&f{M!cDg7_g<>CRZvucV2OxLrF8m@K@m^4q zGLUmIVqPqZx8LtC#o@be!#$E^Yn+3dz^8SC{*@>Q5&0a{!2E zq{2e+gqAelKy7biQQ~YzT5Y;?@f}dfe*l#^)L~}?OeOY)sU430G$3BNhT9tgo=udg2Gx-8NcJ&nm z|AXBZ2{f9HBg5Mc$p*lD#acS2$)3Gv1O~eBY~Dilb6h|?-6J`lY0a+=u7vBE}<73-^jxq}4l6b({1A!Pgu8tz42@|HZ(fFh4ENF-19k*3P1)t1|zd>*PkzG zl4mgsS>z6@x&FGW1TK)Jd`p~^*>5U(IOQ z2R~&N5z%E&BeL0+SoN{BEsD53p}*JkgD3awT>GA29hKFAz3YJR{@(l8(Eau&lH4!U z6_ZgYN$`gUcd2JaZD}_3@7So?fJ63Hy+=tvNJy>=vvGZ#bm~!;?b{@ zxRg8G#k`HiL)#Pjx`&MUC5v$(X{o(QX z%q>uDt3~JFG2zB=y7gBveBFHQ;Y%G>1-(bJ1Ha=9{RR;ma~kUPFQ3$Bp59O|mC+85 zf>k3qkA})HN^#+1!lw-ZQZdAfKRlM5V@kMY4yX|+DWB$oioX`Og6>XWCS`hR*zg&U zbr|0^&K-DuyY8Z6>jZ>q&!L?d4AMsL)4gvz3XUA2q6&$VU;q%%6)c3&bql&>K2k0F zt`Zaan2=iVnAIk0L~_{~&{4PfjlAtXa8orkO2=A)u}+0~&#mT}R-p5upf=XF`n0N% ze?E}n zVt^Ocib!K_&IDbUyB7~sa-&KGg2b)|k}F-XL6MW=m+i10%!iiC0&myc!aO~(*aq{3 zhyZ`BGVwxkm9DR3(7$QVs)3jh`UU3W<21QzA_c5v*&q5}S=_SUkdT+XV3&U`4S-l0o3yrc-YN2w^fkt$!$q6DLPFKq z{6mY4Q~9k%^k?1~Y){x7_j#*?@ESGgr28B>A_MuQi?4o5fhe%fjz5eoj1CJxYn8O6 z!-d}uxcA1PbS&$#nxsXtC>`?|{Q<6O0O{Fe7&i(H9WWw|7C(mM)N2fN?8;P9datR) zt6)O9vDn(GaU;_Cs6p6VPQ>-N^@ga9yH0RLNq9`fw;>+)Ib>v1L;}Y+{ypjrEn0D9 z)S39jjFvlaak7mtvy436omJ_XbZZ^Lz5@OdLz-8)5P@eQzwW4@|9fJTWm@rB8g*vW)_y| zp=2S4tMZ=iFXWvL`QI5{)=BR~gL!Q!wCvItBj))@Qm9 z`yXBPvSlRXr+Y~QhBA-P;+!$if#U*cc}c|R=u_qQ&k!Ik^#)?KZhFXP0>++0so5s{ z79d_L!UC3BLwC?|;mn|4q!9OLoApmF%HN*{s7q(&n9CtZ26kS?5N`macGJ(9?W10{ zd%a*YV)6(T&)Ext=?%L}sC=rRT~LmtZC)*=@XaQcE*J2N!%)mP<_=%fLOIX_$hyK? zCPn}>cM$FVpXLha%0`2YDB;Lj36UB+$x z`QLAZCr97pFrA$G|M7nQ;kBZ^K2sP4=%9h?V*e4`|Ka)mPc{i~>v4d@5`y_<=kLAq z|MyXq29ru7Ul>yPCx1I2lNF$N-iY{KRB;(LXr5++0iM+SJ;6t1H~=N~wLl7NP?!Jr zD`1w)z18!-k5tESANZ{5R$C(sBPxeP6;WDP?ondQs;U@Jg*1@SkXH$R2V`b?^xi=h z%zqXwKo#JAY_hy8rg{JQr~h+7!9NDXFiI+>#WcL%A^2lm{9AF`%sRfQv+?o8CW!vJ zX&BLu;;w4!i@9tpxkO=uw|9F3ux_ok`7i&#$Izj;61Q)Y{<)m+ml#O~8GPoUw1J?( zfV;Xi#jvc*fTL4y%=y$2Yp8EZ4NJBs%80n^?s~eJT=UsVq!E08`M*mJ;^Y4T#93lO zFPvh9CXhd(=wAbjH40gQ#VmwkZ^tpIqxb9k0~+?*ic5!H6m#TCbteurB0kP{&!>1-$(86q{)!tKM4&u#2Bhu zD9(MsLxA>jM7`G~PV_=YO%lhaMexKhS{Vj(zuP#Nkpg}vA;|x(jifwD=4EwU&Tzw@ z6Y9V~NtDb5P?U7Dt4_(RQf#9oIS7;l0S?Q)U?9Pm#WeTxl$wzN7b`m%I_IfPI^KH$ zt2m7~z~uUaI}XkbgvJ=ae41spdBaR5l&$RYP0{7r8UzJ*>W?^ZV;O}x)%-W{wg zHyv-r_O;SdrF|P1QyzigUN1mlvZ^vt)avMNsXFS;X){!9SKd{DE*8JU0}Lj?{Vh8V z*Y`1X!ZF(`!bAWk@%Jx=iQ?%8UgK3edf%{7NYAHeo}v;gyTzRVkSaY#z3K{NHaxMvmTK%*j!~mH5X#qF=)?8S%aV z4dtaabp1sFn>4^u`%0Ml4o|2FIDt~IBKs3hS*^-*%2Qrg?tC6JtLf4-e`BpSD?^tM-p5Nfd{P1^j?SI#&Bt#z3HdIm{iV*hFwr;sh+vy2_O z24+&*ngOXc?UMKO>B^Zn-9lz^A`!R6`VNIp<-rS(-GM-QgzRS46rp*4tTxI0+nMS; zm_eziH8YVh0XuW$tU{s3{O>i)4MJmOE@o{Zj0_FJCQ7(Pykn7tVqV{jntkXjXTZ*V zN32gNd=`s=7^gfNZ^ZtOyFEaX2^3tJhPP|p{<%I&xF##J93QVhfO}O;dZ1mpMy->l zbSD6zOpj+Shqa=G`%4f@edps+elOj>rwQ%`HigEF9NMJ{DxokUP6DR_W%v^bUtmdo z?AKy4@-YJ)WM)>QbEzcr${i8lbR4h0tQy2b@FPn%tJEm$_0LO_e2CaJp2yuR#cTQQ|ZaVCy zR&H;@*TJd`fuKWNFxX)*@|WGPiVq#;SS-Y^!0$gp^!IK3*R2#F$pG$N$$Apoe`Aur zF<^Dgdq^!mH18%Th6hU@0HFs2@CeB-^I4lWM%CD1 zI=Mz1IJ=UnBvYXI2&^v+O>+GyLolV2(YhPi0y?lG=$hz3xEjkKEK*vx>?D;)cW3tJ zyJ2ywlj^a<1DBOf+}^=KSEZqAb!oIiOE3gApVx=DqAa_1?YUW5SzqBSiQSHPz1leP zst%lKXe?mZ-@o-E4alcpTJJ#myN~GqdtfkeQMbpMba^srbAek_sk4nGVL1gqe!e?6 zyVQbD0ymf+y)rJ}eScww<=$h?ET69HMWLR;--|y1>^C59z|6oPH8MKN!p;4> zqOx+AH0h^FZvZ9h7ZG`T4ARWhP_c&)2YOWp0HT|;vpJkcY3fiy(%;VpMxNy?n-L$* zW}*oNmuG_?;Vwf@WhPf|?Y%*hU;S#sK=J2a(k|fT?cfHp*Aidl)>?K*pf*t%(^s&2 z8+~`k1i~6Mq~3@xDI}YhVDJPA%iFPb?5Z*?ZM+#&eYrAkU0t95i|F2?IsTI1d>?TY zkQ-*sp)!*HUfdh`f2&);J5W=EvBd`QRuoy z6sB|l8WfR=#m7M3E%u1F8$SbEE>Ze>(^L%}nGwc`_di+ydr6^}%u9smbN;JXk!ev; z1ib?TV|a8$rALXsY_oVQK3ri1w zAVLM=9>M4~c6I*aM)53)<^NACgbSk*`zw+%bkrVFb-+;lj=GV|(H&Sq$XnZ5Vhyua~s+DAew| z!Bw6xeBsBIW;+9MOLPc_8Tv%BaD=VpFBDx3<9ja?Dz_TnqJH za%?&_bZ~Vtx&cDqjP+a2AYX=_st^YM@|!G-n0VgK_b)o&`XipJDj6|VI_pVy`{Red zM64-o!k1Dza&j)sOYXIn6F)hOw0Q+_9@tbEtywnuYPjaU+TGb6D=0K)ox0@^^q=)t0*M-5`_f-1WK2XeUeOtBXMyuX?#6F0I|2fcrabibbV*~=xeB^?o4sSsK_cByfA=Xho-$w zuf-7eNxjC5ncTT7yMV@9>79>XoA^Wa$AJbK7r@)sOk!yj>pcgEX~?AEr2bujS4*xf zsw#D+pKl_qmi_dSgX+A9b>gLye=G$Naa!oy0bCPHJ1XE!%a#gUZ=~%1v%%Z^z;iFF zqDr&?dImIin+Gok9H#XiDK$R*Op4m^k{De|XbHl;Hl1H;u}9OaL(SGt{6^P)-NcH# zUe%;0!lVh1gwY~-g@XKBPO84ZpZq+#oQR5@;Y&BfxmlPhb-55h=DPC{2)2nq*+F&d z1X61mMYIx$2mJhVdN6Q}Y{<6Fyx5x)IRdI$Rc4kOUrkBw=r-i11MGJ$nP@h+i3f+e zUX>ihzD;DfX=$FZ|Mz1tFGWah{<3hD3F$%YuC}N2#B?;+1XN4>Z*CPi6NgPZ+%UHm z75dN4%k0FNTg)tKo4*Seh8+zCjP_yaYpOPyI`5F48j|AVOsVOR@AFP4q;pc=T37j^ zY?Dg=yxE0&Lj_54q4{+RB#mm1mfL*um+fN`iXUa+hj)T_8VCAd`afBim<$1ToSRz6 z{_6yrDpa!E83a^Mpu5EV1D+6sPr;>1A?i6Hf|9dZ&$!11H0{*)CgR|nHP6*+?G2IX zN0~J%?UqL%>M6gPC^hCa_LF$d8PMR~Dp^vuqL42j{?}_@R`o&^QC=kvy%jK+i90b5 z4x*NJVS&N~0V{dk<#s4xF;vAck7?Z_`{hR8-Sy??1j(@+gGw_V6ir{>B^Q-)I-D9%mqBwZef3cL6OV}4c7Wt!N_pU! zDAaxmN;8~8El6}FjTC61ykT)WqO?5QpzAHaacUq)%tElu<&sO8Yp?*#+8 z7tPJ@BRqk>}P5X3%y3n4~zl+Oa~XOR`#=+#Q3zeSVzpb!NdUo z;uheFy9N|Z>AY*qx|~o+^wr6vsQmNi<9JzsaxWiA0U)r628@7{IN4K#hteDaSB!Lq zHDHvZ6fl8dFb9xtiUI1qiJ&&v(h;!ePlyMi8|;*?CQoO&ZPP zHwLwoJ*I=BfO^z0sFDBXL%jW5-M23vRw;asdV6Yobi56VxrntjdKdr6~rAKo&-y zglhm?*Odo(3&vk+eit^xqXTjfY$nhRs&~ncd>f!G{9#p6!TY&sXme%0sYyHz_1_`F zKZ`4-r0(M3V&Vm)PB81kw6lFRH>jA;=;|<_#K*pNGw+rm|HnzYG%k?m|GbimcK zDXny6GN&J~xm-L$&2W>|)nWZ{ERk3d2vDc!0Ph9AncQTJfZw!9kFLEvK~h}J|Jjy3 zJ|Q8GoDTH9;{l9Nv#a9{GZ+9C8uF>4`Ce>l8n%4P2iXxhn``bH2ELWm<9)w)^{px` zg|rv*Z^OcH3N#Di)VGe+6w+vXx%l}Xe;9h4CW*+LWEz^v+3FmglMf}M+2aWa3CB4jY<%Mb~%#Anwz z(rgE%xAm!}Ff%*PzNeN}k6=X5>Qw3A?j-`HQ03yU0Y?m6TuPh*nMqPyJUXA3s8+s6 zZrFuXatl=FtL3ll*+QUsS?bsR1pNsfNit60#Iwc+Xa0ulh# z(mkqpQitEFtTZ-9aw9qRX$&d&v*%I8+F!+?MZk?AYDWjvn?K(rI?lbny-vUq<4AMq zA!UWd_w$|0ON)L~F-c|`X=efF)`y}r-vBov76=J$xCOBv4W&F(O!xeL$1rdFan$oRM$PjgNi-1~=UF2s`@;@mZJthv7{RBa+jcnq5H9pWoJbVbLjRgUa*cwy3-qibg zF`hq5CPZ~x@RIZe=EtwN75LrXZ_)(7;bg^2Q%#D zi{@@;-YuTTWj8a;A|n#U=C$!vDj;NlR7IQz5Zq&*7nmjL>{691fMng`c!N(5*E~lm ztt=gd1g^sRHvD*av;=@>`TBuj?2GQGO}%prnE_ySPyjMNOgxe&s>49tg$1Z~B}09# zjz_tW93>%CMs%v*bL2gFJV9sYiEib~cQrGcll!v3+dEz@3W#`i)$G=xvkY~Hlb$T2 zMAhn@Q}bu%t8KLPi?rTz89&;uC5_+&@2IK8jIEy2BjQIfs*n*|ooh8hW*7!uWlq81kKDO%pKPIc&8$XwOu7p)-6 zNXR?J`jiQO+3|$PM;<6Q77~=}0TrbbuPzgInGSnS3=dTxfK%GWf&*wGi()>NfXj>W z-;Bzf0!^?elW}I$m7Jp?UFGtL%5HOFYc^=}LVUi=F$Yct62Y{~?Zk2Os+^e~FI0zS z%dLwy(1{>222g$2WxDheka_u*A1|{dFoedRMN{r&7<-t$hl&cOuYqE)9o8KP7D}58l;9GARUs9Zi5gBr9m<19!R%JDhPmW{ zLjU)Ce((GK&v}mLpgwc^?vCsFT%X86=M@}GGR#-L5T`4}H~=;o$DMLFO<-+!bY(c- zcx6w_dYAz0BflRytQ73n*B|r(vP5r6y}|8MV(T--OkQB#WRZ{GF$A!|N@X4~u{(~a zef8R`7rPniPHc0-epEQQVcYc!e&zGOA$9>4BOZLO)Q zl#4q|-O7pjX0!=NwhFThpM8z-Q~E?>0EU1q5i*}(Ya6kdNB{g0&cbjUXRJ13agvSI z!ia5aXq#1NtEe8jgMjG=fUi`44#FQPnZEcc0Bg;G-iTv;&o$+zL}Wq_8gur`pm$$i zllX+6T(`M}^#XLRE%Vqi9H60mf#j8#E3I9<#ss`Y1OBv_B|dNk6Y1&C8kBN`!(P1E z!3LHa-(HULrHDO!LlQSVQ0R!2Zd_dLPFCc47VdX*#&(0Y+C$gG4OchN`k0sPY{94j zU>N5uGoLz9(KuDWia6fEg9j{<8w8z%b3f#H|Dc)Y1e}Km!zgX6Q}UhbE2)RaWP8a? zs-J2IP&Jb?C(3?!jx38LMm|_qWbzIOIlJyi@Rld2nLDt9FNV}OihgNsS^&un_!>{2 zHn^7jE}QFg>&1E*2&%<_oCu=I?ADtL0YsTcSUclU<&?i0h)5zE!%gW`X2cnVU%(o2 zW+LJnK0ROLdweek+Z5oOH6WG)KI3B-8~ME&zn$+5M}Dh7PU9ipz70ZQsJotYe4`9Y zaA93sIxK!u#0R)b{3BP#uY8o?yZZ4`+}xcXXbm-x|10b8-s9M8LRLMj{vlG$oIzN( zQb27gFia^PmRi!4W)#9LlO@Gd=t-WKE3*nQ^Tu$H{|2r9A zfX>9Q+2Weu(|ploy8*dNhVWf%q1+`Z`$$f67W4jeZcJ}v!_q7?LhQ&7c-N?znZ&4#o7r3i9*g#an;fj18*jH z>u!ERct426_gyWc9yvo@0f(3mHh47f$Wj$BPw3{v>7Wo`D|!;3UWGt$bZpYb#w*5C zVbrt4i_MhdM~8y7;KRh09HfxbM%pQ2&M`lSV5!qCqgPz*hjax9wsr^3R2!)b3N+baf| zKxgt=SfO}5*RXUABeTS{M!YU?dkfWG?ACvume{s2#ae);2mJBgp@-bz)RfAI^GW#2-w_OHjUx7gkAagRTt4RQI=a1d5tiP7z`^`RG z`w|<~Z!}^VAM;4kvEPI&q6%DNzgP8zs)66%)B4kpi`sYZ4u_nCb;p|3MCfbCS$$%G zxuKTOgE>-5QG#)&|6Mr4aB$%~H`O=^1}9qrm2r)8)_^k3n56N7Ej^+i>vuOrkhCuX za@$IKf!X9U?M??GJm(((UdGFKEEi|hF?U~T_9!EEGyU9ZBZN|ZSX7_o4c`wl$j7kh z@45i|FZ)RSK}`3Xw`0ndt-N-8`2iKO23gzV(#k= z=7KPB({zq`pei|T<+Gswz;sM^!aAlrq@bY9=Ch7l{3O_VEmpyhcaO~ONWKUJ$mWJM zX6ypZx*-l-mG+tnF89DADJ!}ZGV5C`aW6OXt=!A~$$ahIHUc7km0#Aw`R0MjrGaH64OVPR3m`jUu@}KgnyAoWJ6k>0h@;QQdaJP)(o@3LG4JG zmC){i^*0_+?kv~-WK!pz-*{4n*;i|3*w4+Z#1?Dm0?l7=ijZYfR7)G6(sOyRp1jo@ zaW=*j|}>(=+BJ3fDCKS%^pxdp>MAo05?5uy~|}Lg1;h z@b=qG#LVfriT0;5ua5Aws9>mR-@>0JF39N=xN~2}Bmtumr^m#$#++FSg@(lsPgl2= zffb1E&^@ERI1Vp{_1b){^G@0Spr8XV{(V0bZ1S%s+=jrO;VYr{n`J@9b14sSIKz2L z!JSGa-jUp0y@^9hYiP)$`F7OAYtB2@P@d6SG@kr!7%=1M1zs!BZRf0%rYaE>iGWY> zawVjkkGyajQx@o31`~t4A*rdrVkGI25v`rD_L88V_;?*da;Gz#x&?|99(6p%FAmpOMVPc7=yOFGr@SORh-B0}^2kT+a68AXnUJTXkMa zp?x%Azd&ij$;alfInZhF>LB(*<)0#a@27~V@egJ4D$4Q)y~_dCujjO;5iQw}k_C9# zrWpT_;W+^&5HT9bDJfZd z7vwn<3G%R+t);o){kdPMY|MrVb6<`n?>|hq+9OZ5@})as9x}dh)7V$S=ZLX(uQC2* z`OlZE7IZ>;uxGSGjGcA>bbQ$|#z%Lt?~p-nn)qbiSn6MEs>lZ5DrxF}g=r|XnU03r zp92{|O`s$xTE3@csfABK!d;qmt0nXlBoP(hyZiLo$y3@U&8;HsApG1ROjT6k zP#ZL8_Q(4dl*#Btk&K~=kHX~{cktE#97H^I0IH46Mr_ybDVmDOoXFSb`Rwgu-^zNe z=p$^4m?Q%vYiPQ;M7^@5g{ zzWEr4Wj|NNxjt-9`M6d|tj1DQnCb2d5R;ujn;EgH7*^`t1Xm!_KY97~02I~VZoH0= z{L=f=(Li8mA5KggibE?~(#hQWSveQ}Foh?97|m9eiM7v2lrVax;BypNoD5uew=NuJ z+{}DkD4FDaLw8KI9MQEM0yI30S$p{dUBNGyNh*LEMYn0#apv>VANSS%jVglYNQxA( z6*=#-1&!c*JNthvOM(yf>N)37#Ih1@sNvjU)xZitmN@$ScnPo`KgA=>A@sBa$%ybA z+~By@8-~COQsD40Yx{tlVWN_*AqZi;0o-f5=&+?*Gd0m}UFLAmJ4i3lA(zw%*7EjH z2aKJ*jlYCp7KZo0FlrYlE!PwAb~yC!w;pKpCn8}`F{ zp1iv!+2i=_B7LpL7A!y$fAOFc@3l{#+sU`tnVGll*~T&}A{krC=0P_^&|2~$gmEP2 zE<-LXtIyAm(})D+3$D1FPSOQjLM1%Y_*Wg%%&)M*0ycTreR#W~?=QkVR*_)K&|0j3 z_2#E_*)#P>vCzLim8lWo*x{sfD=871xOxaC(AmKfirf8ufm>U=jhsz6h$%&hOy#*q zCB85Za=y9FYp*0m;UppwpGtEYB=_Z@9+Xjb0{_$NH^R}rt!E3z!OphO&$;At7Eq6H zHxhF#nAowY2Wz2IWDN9*a0pllt9=Q4b_*G{a2j%myFf@|{dhQ3Iy{0LW{Ih977aO# zHfs|NU4KnEcwcaC^D4ze<2_o6SQ^?)ldG40gqJR3Yr`lhPE|sr92l$(KdN!Mb0f2K zg+?p@X}2Ux6~3kH0Ni~H-acm*77cs5a1MeSe1HC$av`tryO8wWJJ78m6GppO`XgH? z*k=@ck4G6cpMC|{hk^Uf`PX8*gFvDd!vE0oVCCky!Y-waH_`tMZ5WA@*^jK5mCGh2 zpfIEer4tM>5s`I2bY0on3o33L?iJ3{hVP6df3Bo4u2LgDgIrLOM~GRT4@fKziIT{6 z`VF(O6)`*gaX!Q;C5jYKS0cLLh^0h%$CX0nxWP};RJ|lJL1liRJlf>A-Rp8l6hyoT zX{Y%t9kkP}5<+ybZZxl%Jrkoek<6=-)xu107|0lAst9EW_Z}~Lq)+@(oszNgtq%}5 zq@9No#p@0KxU!~T6yH>ai!z^ageL1PD>5m+R>Db@^(gRWSZRU8lV04ipBQ$i7gAim z9g3&&7kcr`mXN9p^baowVb3g)Zj|P?VK?C?Oa!dSr?NGl3vI(55h7)#ioXS zBdW5j75V7u>wbO5UW_^(mvgG3{X^S$1+#)_g76%JXQiZwsN8r(ID~f{q8xkiPO%k= z&6P5vw04RZkNKQ-u_wGFpnw$7Zm6`$jnGcBUM5vKZa*9vPa03_+u2_9N&|GfGTDJ;i#z7+CU&eqz)~Nhh2+^K;2rmXi)-k;u5mRN2 z68GAj>Fw(-4i->MmfVh&*&tfz_Qt2eWur}}UI)#E;cVQa?;C|=Y%(xi^iy0>e2%Uo z6~9PRU_oLe^8}`Sj~Stc!LTb+pI3=RQbWB7<)v+HLx!#Bm2`>l=t2cUJwV%@+UMAP zA3{ZdM|^Vnq$XdTQCj5CJzXiPwLCPEAOsmM6VyO2+rOiNYN-vXI`+qCwz8D7tBNeQ zh;mnS$irf=A|+LBw^YL|#)!cj8w8OagVYy{b?Xeudqc4(q$W=RuyhlNeW!VKu1A`~ zhT)E&guhR&)MWN1)#pzT70IW*jJJnr{qhS+c~177@@n127A#cBvG%D&#!{nOv%wx@m4c;Mm4F}&ml`naU) z9jAt;huoW2D|1tLfjoEh|%o)Gg_;AC%jk7Q1~h*J7GhedelWsX;hQ zoQ&H^k8|&@DYrr8Z%vliH=@XL{( ztZ6kolmJ`lqVHsazOaNq$+*HNlaw+(^cso=QiwrmN0xxKnyNNE2jXg%zcuvrf9G4kkl#C(dAQ>T&qS=82?EHkmS);=|TPjHz;@G~-+z@cm1qR!1Gb zu4Akhw#{RpqYD#$3iTk=xz@5f$O(2e!%HlenHunbCu0`9bi(Tjw33M0UxKBBQmNhf=8p(P&yYv~W7A}O}7*n?DxGuNI5JUvBDm}Z?!GhO%UGNeL z=PH@RtF@J^?l?x%1WH{2QjfvJ6F=54yXKD)8SWccuZhibsPLNo97+otfd@A&AH5=O zfAi<+qHs%0l~GYhk5#QX=LftK~h%PjGc%5qXulK@aQ zZL+BieRrJo>Eu%~>HN+|c6E82v^3W}A>A&T#!NF_0)`uOSUBJ3MUOFMAEQ+0t+Gxz z^45ig^ugyAzM_u>Kr9Mf(C_xw??)uc%PErnYmVN<;Hag2u^CDSKVACG{xVBB407-TZkoJQEX@(O)wzD(W_Ny2_MiyPBo|6LBaP;eb`oWK`mbx_x#F#FoHa3ko?(Lgx8H|$P-s+9tghM;e^eoy`faF*Ar_jCwi5oV-m z?Nq94K67~=#w_II){@+UCxx=Du>P_IaxLzK-B+1oKvFJnll9fS02bMi`?gRwqQf;p z#%wAGtMjQOPZWU%eEWq86oGul0fC3|MA2ArILDyzRbp5yx^$}}_O6S?QVfbmYGA(n z%pSyA{15hkcsVHa(_E3?#mV46jgs157}0{B4I8PdT;yYEAxvCwjcpfNOH$8=fP+Ur z2#;U}@p;%$Bw)|8vt5=8b`t^%AGkBpa+cd=L2uytC7ykpNGD!QDn@*tc!JIyseR*5 zxm9cy4_ufs#I|NE6rcx6VW;0-8b@GS--^@-wI3^#B)T}vl+IrqOi2`@Y#SPY#aG7{ zuUEI39$BKOb^Nb9;;A2Oj=s`1SNU)`boWY_u7rtALB#a^f?95ph2!4O59MYf;-#Pa zpRew$dYHB~T)N&q#-lTj+Zx#*zmfc~@Fdw+PcXJlK72Sdu8v2W#b~L^<0+7jd|C4~ zFTMIK>=wY7THB9`*)m`iasZaFVhU@@Oh1J(NS;O~?E-4Lpxp3uzH@h81Vi0NsQ@i= zH+f;X^UtGw2B2Q0tM}TA|Lty@S2mVM^cAE^_tGrM_+N(lWRdj&>U_hEE!hK3nLB6y z5oh5yiFHS`?woG}qCZ@Xx{RcOaF4*|(+dkr7(Hn)fwH5wIMN?ZJ8`zZWKe_W< z-ntXA1UN%=hlwdPs+95InFNHP+f&s;681@S94OjQJGs#7uMP*Q1=>h$n!rRRZ?-F% zxv)fP|L3p2e@=_*#shgnw{(3!%b`>gfa%5l4-NL)DrzRjtWn>9-*wN{?vHG{abuU& zex~D}Q=n=YCDp1C>YQ;dF12_bEOM~;HahKa{}!QOjQ7-TF^hL3=$nK)l0UyhWcZ3b zELWOm)bIOHJR-67YVViy5eAVX%FWnmOud*n1=`zD94b^sCu0)T|0Aw*;J%Ty zLh4F$0oKv-eH^R0{?(gZuWQ-H_5+#BnMJswyxJWM3qJ(Fx6#(@35T7=ty}+yR+qDm64a1 zy$Bdmg9pYu{)D+;M~5m<-SDs@FM@unp2uHN_36+Rg>9eFR&!`UzK}?t#akNf;qwPMUw+krH#XiNT zVux2xXZ8p9swo`FT$Z9z#Vo>gpGN+UcEin%ON51*%E3tVh_We+ZAxITusrG;j>#9e z!tD}WUch64?sj`q24LWj#1h5|RkUnDYlECQNpzS&Zvy2Y;8;id2Ew6xBF@L|`nx(8 zt99Lf@%QS$0Ol>=4)DgZ>IAc_9!%Ml=Fj7{3+Ob_xv`r9+}oKa5O|CmrF+i9@4~{1 z_2!QHgRHe8!f4%*6mg2q#E8GXDs-)VMukCFv+86{PBpxHQ~ysCy&DIWNsh-cvfL6++)}LRqS$)!Ucm?l2GqIE~$6T&m;CU z*WUc`ISHk`o8M_oZ*_zts$*f(n<|yzEBZ2fqVmOOpIY+q=I*DjU*U2FAU^^sj&8$c zrQe08cK~&1iO#Q_yQStMt$pT5tG?9ZjbBD2ihiFAqIPbR*8azJi+ciLDOKQlbh@34 zoe#HW;2h*6D+EPN@nys)WK#&`?GLj!JzBsYBI3`2T0?~}-=7iA!AaYX$Vnl%71dO1 zzQ77Z=gx8<76L3!3lEMNPt}rTDx*_D_dmr?d>GsXQ%-9D^C!ncjc>0) z6+_@z^XlSNcHhY;0iZv{tAsCQkM-m_bWpPK<3b7Re~tR30!e4V#yEZrC0Moyf`$G0 zt`w-$eQSUs_)`<14y~UGffD}p@L5mvB)%|BnR@mkBqtL&$3P_xlwzGoba?u^U9KuC zi$yzw)HUTNmiK(pVP2M+Ki^16EQArb3_P#-4Z6&7>L7SGyeX=Q(1k#1&&9_n12V#zVwYMMc+-p5f zlv2|0dcu++ba=9(<2NE`Ci{5KYt-cpLPzd6!NJLmQ$;76qVwgmdwC(wFQBJ{Lph*O z;9ux_SpqeR*g60~CpXiPR3+iQ`GZNBAyrW}>KV8Gqq||QE9#_SWZ78A0o{#}S`qJF z#fI*aRac8G!$s1AjWau#D_RDJ!51+x_FL9@A%9{N;G+t%k*A{r0-e)AmRzJ}Ju1=rU7qcIO=U1f2z8OrO)V zlEs9GDo|`La1%^}^ecmu$|JUwmM?BI>yA5bWb-IvKrX1>BB5$I@V+Yey+|&NELCg| zln#-1aU*u(V09(CSgI)k)1Q?LB?_icg}^fi2fkHp8RdyadSWPxS0n_)SQ{-e#PF|% z+gOdGUGVmpquAFV$sCoCP=!z8=(iq`)>D9akO@jtb}ZqDnw+J~=ku5LQ)AWG8wi#PTVEqO-2WSe;Qe z^11Yoh|>Viv%ycBrvw~CZumyfdq9L=<@cUFYQLPETC)TahibfYQpwg#|0TP}DRR+d&am}p#M*$9B~lvCFgr%UT(*;#)9Mlc3=end z5xSlDe}HtXfCWVSVTRc$>*6^H(izm-n4Ls)tiGV>@P!$%m6YjMme2NKFHWoVy@%95@_Ss;iEw+Y{YL_eRZS61zvxag*2}GiZ-A36MlbO$2 zUg7VglCx=Gwu5GpYhzj$b9+iBVM+VqsxNZA8HAps&A@ zFVZ1$;9S{%0I96wql8@oI?Mse4(;spJ8JZ7!g_#)(z38erp}Rh=UASjP7TL@Nq+hZ zJtp#mIW^-cGY*oMwM%0f^qVHx(Y1cSt{uEvPz^$V`2Hfn5HkLc!t04U^3-7!XvJ1huD!3kdLaY z`?;drP(~OMqsu-=fDze$l9$`TP$+xeM1*LTyml~>DGbF!=2_(Fa_Fh9ZYh}aJY%&q5r&B_*%@j~TQvXOF3hNDK8K*T!XLJ5f8m8Th6oZ!r* zgb1&#=Se!3~w!x%q*{_J;f zIKtKkno|^wqIB^Bk&vOC@Ls>+vUaJR89vMWK-d7XT z=`nk-QaJk1Zrq={_I}FY|Fok)v?`XnGrwP!0BW}01{AX>V&2)|Mu)(+I{QxR#^;<3 zkduWwifaYHjS!g^rTgSha%se7x+-I&APfg1nmQ`)$yT%FiOG1VjADUbBB=u|H!NaR z0@_GBwEJI}&7YC$<^H#L;0I7RnTh>F z?pS;cM#;y$T~^aF*?PgWvO5kFTE-f!gp`!}H)c(fj^`+3gy!2jIyLDAP2 zH9Zp?uisUyNB_TrOHqt7v#m^G5;@>%>*RP_*zn=N)7t2;o(LR*v}HE|nfJrgHEQ>H zDg!5F|J9w~xnesIEog=r__$vXc%V7E=ly;)>OT-f6Rrty2S5*zP|f$ewleb9gR521 z1U(_xS94*xO6dS8GMD*-b^q_f#9fDi-j*sN@w5)_(6>mMp5~Kgi`)2Ge5NO|Glsx`0SvJ!;1T^ zQ?G-dJQFA27UaxtgA0D=fJ+3>o~mDWw71tJmSfKZae!$uUrRH%HHjQ6rVeEbw{mNv z-Y0;$7sXVkGZL`g51#-3zxK@_fc7LfC&+00pEn&;2FCz1s`}`V>=Y z>iCE*ozYd-!92tFns}{0i`6>VC@oWEX3}_fMRETBEf1iALAO<=5hni;GX8&$0!S*DsK*sSq>m(o7}=N|{pEoc~)nXCQ0=9>ZbH#MmsusbgS(|Zw& z+po*Zn-6${B;Hn*2PL4(u?CEFp?h&>V=O!kfUG&_>Ar$B7gsxuZUmMXT1nrC*pP}? zsaB5tYJW;A%Weq(KwG!zegJ{ACAGEDJg%G?Jc)!F65QDwMuo3;sq077a z_X{Vm{(shihw}smz+_8$l{?R(qk5bZh`9spR4P(R3;U;Q*=ixcZiySj#|bLrwgVQc zDsbXbO-Fc-@Ys#n$KMu>`SibYKKNc>wsu_5HyLc3tkEpM$JNB-lTHPpg~HAh^F-f@ zOgPfpA*wqCxnQPvFzWqsYIk^R*32e~e3y3u>_Ei_)Xx)yLk_yjN!qH;XTZ|C+Z#fo zIFH??bZ$`StIFm3icPl?P|tcM7yN;NPKx!$&l`(?8~s61?Af5e=7_f;7|duccgMGV z)2^Y{{&-7I;BlqyNZx+U^YPu4I5PdyeN0Tk1XKd-yDaYh6YNfd;}JLa5wKTSepX8Z{qJiapox4#$6x1N zYueyrV2VQicsgb%^~|Wm)TQtgptg0}5p-@QNkV3>g&`*c$08IJ3p)yKa{X=ghBg%+ z@jI;@hi2$kpOk<<40lQ1vO?K%S{PjihQ)N2u3*0X1~i6mZ|~Nq7&OXoYuTgMvdNUKWfHxq>6Cvt*U?jS?r}!1!E6XN32`pI0I&(4sKyW% zfTOO1fys5Fl9_^a&_^wTsS36#u?E(P2W%@u`=vG_ z5>a*=mS|LB(IixPW__c~_%%gcql>d)D{=evij=UJz9iw)!o2ub}^^txVB zFutvoJ4B1{xUtrQV%<*iz~hE1;Gg6jK1foY!M3r-1?Qb6jTp(#*lR`y4>QL2fUmGi z#D2CagF&B9ZOml0=TP%^IvoM)e3Wqrn3n{BNXbY*{L8zkrlIln>;2Ro1{XHh)axa+ zNrEPPjeq^arJd1%$+8}A6d&E|XLj^>1kUUDX7Cr6poM4eg>Ls5@483s8!iyOJi;Lek2EveJBjQw!DEnOMEeU2R_w zyRl0}I`>4}1W+*BCo7(*eZ7|w>R(UJK?quuoAU=zdbM8t7tVk<4gUruyP0P2(9CoLhpUZn8zE4W+ee|=27yBKwG`L=rNc}J_GXPXYZz|mV zAg~xMg?3qbh1&R)O9LSA#ABOw!1^#q21n}__Xgr}Z{`$n<@5`sQFa0Ke6_mI9dSG? zR>x|FcV&FKvYBOL#v>EA$^sq`3xszQbMN1A&kg~0P%DP`JqXU(I8E~iW0giKD0!qo zu`r|EXhDuDOK5cgu)3qxj0&b$r3~uWzDc!VD*dM$j^06CfTn$v3%(0135UGXuYY1) zj9S`};F{h6H(x=76BGeDkC><)w*;_cK46On=ElFl|B62gdTv47(C$N9T6ffs1xe~M zZcD1si8^cQL^e5}hsUNx#-iR1AJiw<_gEJ@7?|Hu$|EgU(wx>fY`1saqTdPu& zrJ1O{lanf=zKIf-$+@}R?@PmH^G8};19+CkrPqg^c zxBvF(7zCY$zXuUqw=4salce(e+`1@cWr|*u9Kvfdh@T6_4LOq8>MPfPH6lD;q5$_6r`0srJ%#-l!wqo9oZ1FS&!3 z)!=^TWG|JwCpSvv&Yv5IzMwYmtZiFsAeox4cFKr+dmE14NaHsW(#up-!WG>B6PBu3 z3AO?!-~`m(#ZChxWU%}PIq!C8VIaGk8h~C#!sL^V{VE-nr!I%9_sdwPubCUPmH{%82=;*`G=+b2i;pk!Q9E3mwFkmxvjo=bZ~(YNIMV8yWY zZX}e{yx`%Bcz`lD)%~);j>j#xC%-+_UlMv;ncSTso@?R2#Q)h0({&kt_$w(*A;5f8 z{6HB(p7!>5NqpN8(Mb}l^OKCWRaE|BT4=u>6cJv z^_yupgI-8XGPyMc0joG&$$P~oRJwDrWNq}KMA5<8?JRs036NlIoZrrt0CzbsUrwfd zw!OC5uHtHO%n^4l}EMR4LSzXKZHV?c`rTu+a{(YTOTn=7AuIW=PJ+!rPUjC_@VWkUikjjgFSr z+6(Qb3Va25N85XXVfDeQ_vOduL0Z#I$4d_LfQFDfi>9FQbH+YW;ad+q8iCh)FI^bj za`ZLvRsJMDg)8^aX6!QuEbliN{vQP`9=>`Y=H(Z3f1Gj*n13hfEMy&au_lB!KsG%Y1pi;5Ctog^EQ)LMPV$i(mIG{GxNGgBTr?>bZ zo}Vj@3<^)k6n#cJx0`zF#RIWqrd)8t;aKsU%=KHJ1(7<6#F#hS1o$@j-FLLQ!&=na z+X)crdzK(`&Uz?)R_xxC;PI+ot?Nn$tJh3C`h*RM#=SwP_}(V031Xa?*hoM$7YsE1bZ)Dc0w09TuDgZ$^I2@)%-p>8 zx4HfmaC5Qlc(YQ#DBNIBYOdlPhF*|v4+AwK3DO(&+m_)+@$~d2Zgn}iMPJrBzBN7D zw>Gq>ezq#{MvhyxG~kpSWHzaaeQ5)`_-&!j!1f>aJ z#pK&SgyUcQ`bvUok31xE+prJDn`_lv1Z@j`1zw(W$kCq-QKO|qXmfvuQK}Q zNA%o56fvt;VU=%UmR!I#7~BkQf<@%T#vH}eB)8ls;nVP>cX^jM%lfq=ax z>2MJ!M=%USH9r>A2HBIVl7Lp5sL%80e!_bWTuO+uN{ky@w)Wa!nn5u*m-DKHslK&n zM?xs?R{)$Beh+%9H`TmI{?&k35kp(qjVq;t8|#V*D!g*oV)iGE;@P*B5Tbn0rT<9a zH`12x-w||O#%!-x7de@$BMW_w)Ai@5VQOIVb`xYJeCb8VMM+gJykKSHdpr!hfxkZ= z+rE)hAlxuwsxD;AKNrx{bOyYURe?MA6Xd4eW>9VUbyar3^;-^8_W)a~b)bS^=XC3| z#5b=&EsE``HqW>`xMr)ww9^(PL{v|SFttFPdBsaQJid9W;RawXuQr-VwzF9Mi+2G7Dj?B&EWqY``x!GJjFp`ZS9i zaiqpr%3xv7rJ~`X&&EJRA&qdj+`t#!!D>ujG9ZnU30P;x@F@|z9YJ2Be7i~LavMn~ zdl{brn<3>N{anug;cJu^VCV6}4Vy`ygJr*Jiz)%%oN1r3DKK@;atx**#4FD=t4~r3 zAsi}nQJQHD@d~g97oqhZUkzRxs0PfVKbT^Q-y9XXKL6J*acKnzLKh?08&7kYpUr}b ziLZ)xed>E*YUXEt<>t-dtj~|lDr~Y;7?`9&7KT+p=AiexT&sc#0|M7IoUIeyN@rIx`aAPU?RT!%r zr~gz)LRpktj z!Sl=RW6qoJf;eA5{N^`*Rop;J_OYk>Lczcag?_r&ryg^8&*0|c%Dg-fj61#w#U-M| zPks~?q!{uCE9cqY1|fD1JfI2}%g|;r=wj#Kd+3MQSG~`)TJU9Dw9SNgDIA+adiZ!8 zMb(8*&+6AS!Zrk}fXfl5P%K64Z z-CD+>$}H#thVNP|gWF+{U@dev)oH}y>Pfs8m#&Hs{j%xr^DU>R&u5JFzQ2@MQ?XpW ztAuyrHMhZOVQ41=iudb?m77Zbv4A>|zkmYFkE-zFxmQ;?<0rWV7E2VE<`h|vI$Ffn zNFsLM?wTH8qrT8uaJj6dfwb$p^R-p?2sf4qD%nWpXXnIfldffP!NHOtFN`_JWDTha zzZ8*n?55>-g1 zlY}jH^B)^0MYztv2>A^Pmfik@k;wS7*HmYNX99`97Pih$_`%-ff_Xw<6^6`0>0l}F z(AcV1P1mGTHfg~hLYzP69&WG8V=l^H{VF(J05`uP5~j#lmGvWie$&rw`ZtF0xfnYE zLE01lKo#i*&?FHb@`TQozn}>Mc|vUu7aQM19JhR%sdeMuBVN9jBIyuLZSuIv{>B}E zAR1{r7hT36K@jNElJ{ngvoFhWnc2LT^{RIa2{2RY2cE39eFZVqVv*Vy<0-(iF5q^X zB$@?>Lsl6kwcKXvE^*e6ZJ%MFe$M~O!8Uo{C$X7@cAx$r|pUS;+~B_P#xi&jTQS=kS}gVHN=%%j#M^Wba&eJKoIZy5=Ac zPlWZdRW-wt`3(4OTvL<|Tq9Qfgw0G33keYcc7I-?w*As{Z1*X_y3}~igQWa&H%Xg; zXyxL=L%WmRS$@ymnVTRjEre)kc`fcpzLxcxz;I0Pk1n~><#M?wg!h5$)}pzno9$Ly z&fpza4x!z^#~sGwrCts5x5mVUbG4R`m&nC-mqTuoEwINDf4f^7q<;b(Bk}TeW$1T+ zZ|75@8qj{r1C>zCSu(j1H{G#9%kxdWweseBwj%nY7XwMZx}5d1qK_Syx(^Rv={ zOY&71dz{n-M%qXwaFQ{%vp;qw4&2&wOIMjO=t(yeiO_aVsgR(Cat8qp!E5zs^Eh*H zeZf?aqI`~*&hgp`77ODe&zgw)Mc{21r?3V{^KPD{avmTT+VR<=Oj3Y0>EX2kM6ey$ zRGWRgnjO*NA0DA#(z1jo(PP4SW z^Rt!i_+O7~pDDey2>9!#4c_>p)z}`(XVqo-?;otON)iR)a|FS#Pw;w~{Rb>MSOn!7 zGx_uTaE$?A*R;rbFrIID$t$Z7Ia*`<0^$?^28UyQim2lkr&j)%O?y8wp z&wpeqrlS9Vr%4P4r<_@~*lWkzGi}96>q?AObOvrWGN0})zQ%#1aWl(BbY*2Oy=Ljt zf=fe!=?IGq3MH?5Y~DJsI^VhcRKxvpWL*tpQr@L1^4}gjpM18}tNVR%u$| zA~5~XE+u81+8Dg8Pw>>VE0&#Rw!Ue__XiJfju6witEN|CDx+8DUdgMQ85pQRwGA>> zJ>SUAB_~%C)W-tN!&Lf3&fRJ`W8g`&?4q!g>>||s?McsdHowY`k5ATg20zKjoh%im zxo?Pde=2u)V!S-I*c^1Vd7}vE;Iww9A+6;gt=8aZclNHT#=P*HPhowtM8l7tUtFTD z#)<>3uC;+ifgjY`J}~V$TV1ZryXGL_FGr{|-&yWm(B=vd z>3INioY}Tt`*$+NL!7ff-Q}PM7_)TsjOnu2A@?hYGfmBt9%=(7r|W+J%7&MPz>|QM zfIkZQ!ZFNiLAVmXbdzivbH$)mMC<=Nhz4Nj(kfMoctJE!ZP%oS`MVEm377$2hwaN! zkbrCX421{XC;!WoJ*<0!Dy!*dVEn5aw$S=V_6UHEnw@MDHNYl?gCIEl&Tvm0M+gZn z(Gb^F;N=N&;L38=^s8OHBdHoY>^0)Fv}@r^-ea?BO|Q`xQ}gXw^;WV6uUO=x^78T$ z@+tF*&90L{ylZzKK1?_Vn6K_m4PbqXf{1`}fR_cWV6i_?uWBhBoY?5>bS!so*#wYb zT7#8F`Vww_HWl03>eV#x{B2XR_f4-6VS9AF>eq+U6PBfVGamQDPK0l?(a`Y;a_0Aj z>?If%U?Q4#0%k8K-+Ewsb-?fV*bFpu%O-Y4qm28`Q8~tgY zr)YcOtjQI(2;lbA#5{bFUrWM$F#8vb;eyQ-p~2dLIJNbpxXTsdCf44KsTcP*wtzFk zLpE3o8naV99|^8rEuEy`Z0|#Qe<@&K!m%a~UE`Wl$l~1sGj@F4o-rb@Jl9?P3w(Z z5|kSzMcM^L@&g-6xgujwW&dc+{b)kiqH%kC!b8(GbdoeIO~y@@c0hKTY~1@cQ8xit z6A-Yc-^1-^z^MqoK?VABf7N?N^GA#73{s-lHG`&Z-XkG)jV~o>5??OC-p;D@*cs1% zP%UOG<-zM(4{D!>e#ElRy)-w9h#kO|QN#oHk8A2N2q~KBH3kJCy|8)FK_=qrNW68P zMY=QeSY3|;s8O_GAm#~^Y|`;aOQ^`C+Ati%AgV?unZMkfsr1;&c*#WB4qi7e(oQu% zkk(HTj>CStHU{*}Md3y4=hIA0KekxdL=6h3NLzqww)yYi5f42uNDfI#N@EKPv;>w| z20<{FM)R_lKfk0T16LhI#yWr?5%cR2H8@UwdxV`L4B>)ghbHUeO@jiq1D?t6l`nqf z7XUKDe(l>q{pAX4JbuPlr@XbaW)4>=?Bjw#5z@YRvMWOWcAypngC4si?%H4a%0QV4 z*r-ClK8rm@WjR?BZcPkG){hW>FAv3Hy!ffu*@fZRo7GaBo)1{0iNENAu~xXRkRf&| zf@>AAs(^btcrf9O3?x(n+iLc5WAQlx9LoNHvxQepR+oP+oL;hrDu-0ZRs|D~_Qsj2 zjc$VdHxlC4F!1XX3>G>-&rbyg7|!{4ln%xpZ;k!6VC3gqW>V$CK07$qETFaeQV?)- ze-O4P+2k;-HdEmhHVXi1$i?2oK6$U`SOq?7YuPtKX0mVT_*wkUXL@uO2BhlWaNoc7 zmYAlK`A#tdV1kvlE8CCCd~hGYUfXKvzz$fJ(`0?eaNaW1E`afXck(+P0SiYG729yq zK!(D+QDR^f&ngQ48m||2*S!V3dXsbcKk{8DPZ03TDhOH#b^|Cxw%gj^(RJvMN{5~r z9CzkuQ7T78*plR|n8Q&j8mvt*V&ow`xE?r@oYYs_-#s7kBuL|v@l{~CpMA5;1bj29 zT!9h&Q*Ab2hQ#;e!|X1DK(a9Q+A}BxJ;L2c39d?~*}CW{tQF$!Thw=KC?x5QpnmC` zn~(uupcRc#aSx_e6Cjl3FP+N-gPL>jYpDz50T+jF?fd9V8c-Je1T(-VLP-GzgPNZs z-c`Iy3afIkFf`HmBrVh#!@8C8Rk!updGJK&r(2#Vn||^S03e_feDuwDrS_JSRLN2Y zzu+pZkZF63mSDBRw6Rm`N$GXNOPd(-i>iMn_^*`}Bh1A; zI}x(#*G##CLTQ?v@_`D)k$hOci=3DgtV`&+h`k}cywCC1^{Oirn43R>WoFvohN*!i zEl=#eb@GAt(YG%JQcrtn_XltLb%1HyNLxT*+UfSBAmFeG0(w<}Bqy0M;O5mDs720z zkiNVFQJcnu;2)4R6@N1(Wis3i8mq-4>J~XGADl{2Ls36Lpt@_K$ z%^<2O^(P>9snAzNdYq7wEzeam<+NkJ#ij00dp_3oxZw)0l=}xJ9)qu8`WhKOwrvSh z+{~=p0I-G)f5~8)*<^EY!!bSH?(JS{x3e3EZsZ&W9!NDX^GAE{6>y?WtO-pOWa8Z zTtQOZ;1xSSE&Pd`9yF&rcKx|aGrSDou~^8@{53}7O0&%fKd#gy*6bEP9JhD|LGhqp zldIHJ0SWnAV0)DBaYbZ)3l`n@d)3YbJk%dm4$Sely&S1nSp~(Obo0UtNv$bV*(3GA z&_5xbns9yA!7n14GV(F_InMVSiy%dUiw=rul?Lk2ER?$YgcNcBad=PA#74qsbL#kh zJcy@DX|nwYO3v4`ugAJEPjVnJ>@k9f8LFSVpr?CjgnR>3GD9;_#U9HGN&&#)?SZ!| z7+K{Um@G~x#R2&G|0C-yprUNM{b50nh5|i1*B04rAv?ykZuX- z4(aZa?)t9L_dVx-*0&bR<>TUEhPkiUd;cmI-M>cFcbL5M48RFqPvu~B)TvT0i{G_n zbux!}O#kN!ZInP@Px1^nV<09pjlPfTmjy0 z8=wRX?MSXE7lu90kVMd>4j;dTp@%&I0hqRCsj{zMM>)QfNpg(W0;qk$qIe{KxNGs^ zhRkSdxigM54Z@)}gF$nntUx5s3e3)v+pNdbEASx_|WS%@UXc*h(yrDy|mUiYDIediRXpq@$+)au~*a!1c)S5 zz?+JdO5bA{(G%l5PP6oV6d{LfX}WuECWmAMrmA{MU(({Ucf)3YjqtX)BlK9PFi^yo zF}UC{1yY?ZK!s_41*;k#t^67+Bz$2CdARU*l?1GMnAA%hla;WdwXfqNVgnX35ti_6 zIG7*C5^;w-_K8a5b$$jctL?)lPW>F+H#C0iK|Q{ zTSA6D<|QtcpxQ6n6k$XHMu{YFv3#3Lgcu*P6Lsn~xIsN*8tEik8=_Kl6XPSlnRF2( zP$4boB3GCRe6N3j@FO`{VFj##-;ykg%>+jMJfsi;3a8IqX!exI!iRJ(HeH;yrN1u; z1UpoD9333{AsA))E2&4|vo04Gc70?>ILlcu93X~X@AUD~jRh?Xsr3Vv2e{K~#XGAS z69VpP(O_M5E&+TV7y+bMi|Osn6QLTzEd{>J zN$})j9bn`yjSAnM=fQFN6S40*G3c*DCCn@45=YTs0NVC?Zk^Kb$n#4ma-eh_CYEUo z$~=BL{^b(s5;#Rx0DFH0^n1ovPF=x&^3$C{x@0YGWXj3Jf+#{4^X`o3UNfKK)UhOMzh7@#vpe~y9E#YeOwgx!ZD3x`~u}>fp-tiGRk`fzwx-#VV z%F4>P{ZkVdU-zB)NzEN-P70l|DXIK$FBXUs3_G*ZYg(L5U^yb1@Zio>L4?uX9u9s! zhAaeMUJx4*)9=(CuYmgJ5lSs~_@|T}@Q&W2;TMz1*2za8f_(;u{c|?WjSK-{92-_o zAoB)NB|&*zirdPvPAKwzyg*Ocrc)Ybhg-JlMwaMx_2_=&VadZA!KeSVPaamVfv>o1 z%vc#8pO`EIcP%506~>jCh?_hO@0~ z#18aH&MAmV{|@*6{7Fs^V_l){?ESUU7ZVA<`Yiq^LHl5 zZ6EKLRY4G$+82&RN=(dHZ8J>?MoF}|X&UZ!t72Qou=;epq>Wps3>50U&kNbJc0VzL zlkGX`|8V{`-hT$1Kh)MIN3?lgSOF14OLpU<$`INhe<})K$?=duV?cHG_rimx07GMl z*W6#R)$Q}cwU2*Ls=`%L}~I7vYYhM^O2unppZL9X^w~Uv2c1Z z|8FJ%d0-h0c+(YbBJfO??ANn3x;fyfu z;f{j?8*J?^k--(!+ykb^t^rl?K0X{WD?SSk>A4`VYk}A2&sRvp0p>F}U{h7upslA@ zZ$p8CAa`bTSJ3Me0&eN?q8)%m%&)X#2|opYai!msUBNE9_PtvD_R)jtts-~{6lyS# z0j(`sIFFeQ7;>SGB&xJUDG#$}z`>**|NGVgb72_4b}XFK-)$vI{j-rz^w;)p0tpf= zu+TcdY?BETj>bq_yn9GPV!;e z!T7P?4**U}L2Y<;lU;zTvSyQtfRhGTQ5eyK3}0*nc7Jn+q<_K*jSh;LT{aiRfe`RG z7~-7vvi$ERB5#D%!UwDEBcLFQ3($l=Iy$nOEg|J=P&XD0LME@A2PMZub9e9uP?iMR zdu)TYQ(?(ttuJY)v^w4%mI$D5kO4%QbmiT1$YRZwqWK`&68>z#YnR#i<#$^6KtPu( z)Q@<^%mB*XPsoBl(7+ASLGws4^_AynBw<%+tt*C+`Q?3N4__EMBDAJ`Fz7kuFi?*@ z-{C!OXabpAn?DJ``S$Ni3%7QxJ~ZnOC#?VZlC z-3_qN!VkkD)0hBmZ*-sxXZ+JRcGt2Aqmv07cT>UY6C5Dt`_W%xlCSt1CF+rc>K#fk z^&fd~UHw4-jLFE`?PBLV3W3?3ie~4$cQ+&@onf9OLYtm;{|KNak}+@p=Z(Pr632ru zmqA3W&;l@re_Na~;%CdlJ!56TM=B}I^{ikNwIU69)1D8K1BhAEwV8hI64Frt)P5=VmuVi0qM!}I`{FpfYx zU)5@h(pq)k{`|S;6dqscb%p892L%jE_9QN&`H(UG~Gs?-topF9&@_*k*8944yp2<}I_4Abxd32>~*xeU|#q5Frk}~nl zSHTF$jm0DjIC=uL%rSTYp9nrc#8=bjEx-aNcp7TShSsXV-(B<%;L!lgxNtU`=;N>W zhdb|0!Hf1tv3kZf0d}b!E-(uGp+kuF@1uwP2?jJ^So0x zf&?H90@!^b1e7`~+1c5;G@3t5W!B$5E;j=f8paRzcXqC)n2<%Ui$BaPdiA*xFvDW) zN{cM+6MlH)rR2}Hzzkx8@;mJ8$AyR3gnsH}sNd%~;GzN!1=V*x5}V0KfJ{0nE<2_( zzQ0sKu8a)!4U6*iUySuXiv}VCW|I=5BP&{9JAMcexxc;om}}rhB!mDwFX+IGFzZRB z_l2F&`FQIS=21h!tf_jJ?I20~2G`w008e0bfOVpN1!xJ3UgvxCe`;4Tle~2Q@#K+N z|06*RjI%ZqpGNoC>*k9$`$r;`Xrxuih2qB~Aq0spX*hh5>CgZ?MHsnt|CW622w)7@ zp2ut0=#r`7NI`me1n{>5dCB7YlM;^lfZ3-BY@c7R-!dy@X5Q9ZlEyQrn|gn}L8O3Z zP#u3C5ZpoW4`_ML99ZYPS&#mcZmHJh(*A905aP;&rU4!}R9&W{Ncb2vzpK5iWruQF z#C69}9FxM=zmE8eUd4$a|J2Fb=^aa~xHEl_RHl}i3C9uML*+}x|9fwW$ru7Ig7Nv@ z8)Lvx`b&J(dpnr=X1q{chtuM)u{)kB>@D=^cilQMV9=sTT4UayENa@9C|@0~3cOY| zUp{X6d>&2U`c(ynx%n;$3S;|@gQPSNu8~AL@ zy+Qtir$7jt-kri-s=Z0}Z_gdl#-+BEDG#GOoJ3PS4-`SUb+?9Ca8S&X*#~1m`6MEE zW7xX3n8ZV)WKDY#7?XBj8pUJVqt(CMT3|IiO68Xb<1ztyOLSh%4d6!p>iPH`i%L)) z^i7KsUjcwBEm#b4GQ;x=MHz=a(SIab1jW0=>({iiZT&zyuDkIr>^M(OYL;jcj8P_< zJ(hvvB>Zvn$b}vFT|QO_AI<@zUpl~4JAl5$Xnd3(+lnRZ!wQ&2qRQ1aygD~KvgU)g zc{3seHvFp-H`J2{fCEst_;aFY5`G0cVo}%WEopb-$_i%T3AgKx8XUA#q%$tgcL+3h zPcUyqZow^Lb+NT|BMJ6i2UuIbs;mRkyio|TE{+revSZwZ=KeYt8p)Fj2?-T+T`g0lU2DMknOMBjB)7 z0Z*$$ttXu;yB&PsGQ69N=Cbh13QO%+NRjGAB>H=x#d-!7oicoY=Ny2%upy#mgSVm` zzo2oXBx4=GFaOtWsXM2p>-TnC^Qp4sL02XiD3!|V{7NWOfU=!}3*%Bq>m^-PG18ryl{1g*jw%ggqSwunRGnLD$*wOyx zRhb-Kr%Ba~*G#nCZ4$7mSDCE>7nA|gG>;C@E7nP4%_tOAO`(!%qUh++DABpxXmO&`Beu;r|dfgQOp&)06>YT%ais@SY=R z2+15S(j)_E*}v3}0HA3xw|DWPQ3KMuUsT%3`wP$GvF-GaUkBBDe*$h0kvYobQ%FcT zo6jeTkJoyNIwP+=0@1TR_z<>9w^KdRD9;w}Kd#2=NWD6NUP%D`J;ly%Uj@&6@eu7F z9oXLoXYV_00Vfu}%38Q6g1n7F6Nz~ndFzCZ-rre<`=(=`SN;npgUx5!p;}_@@3emc zY|fvQN^612%JxsI709^BR!|u=|Bu4PNFLT%4IX)-HEa|=#|M!%tGagpi%QLoW4Q%@ zwwfJuZSv?$wAkiv!yPAbiEZ(Ty9u@3?Bx$o$A%LgC6#bdTfX^-Vb0v%xh)D@w4Psr zYBG)hVaXR>JpGx#qbh4;|Jj20_T4*>atA9j+}zK!SOGsbTc@TbZMn7idI#++v8f9R zKbI+J1}34@Ec%UG6)*4Dnn4f6z#WabjbINo_$pos_PYU%?a*pby+{h^V^q$-{gQJ` zY{}kDkT_#5{-ACFA{xd_tS%3YULd5eW|hz1yldG8Lza8U9b} z|C1Ol9zmbIyCm?+<3%{R|NVCN^!r=lLyh`}`y1Hc{nI1Wij9xyZtClNr(foM z(w#T&v(JO4+!lQ=zO9?5e=GSD3BVI(h)gB`)%9;U?Es#Wvo%hy5t{Rd8YFkq0OAd~ zzVDfaT|A>USmvnK8Kh6uq!=sLMCgg9J{r*v_g;yZyr!JWO zAcQ=ZD13yQ%Ke!`$D7YP1>sNM#ld3!48P}b$j>Iv`&&eHZw-oPt}qSFQ}E2xe2EUy z&fHEe0FPjzsbPX(po`21j-tBFO6A zy|et0&y@j$>CrUxY+mHaC9V0`*QVwOxqrX|lIVBK+`z=G({Z^baPdXI0Jj0txI(D# z^(_yOKl2IyFdHcBxC6ctlmO@p{qiSrqgnYeX(Wu43x>y^x>yr%;z2Aph3mp+9g%qe z<)btT05LuhA;W|I+3X~*^T1iVZ(6oOEg3~j?7wzK1{qeAb;jtYW;RPj6RrOMN#}yP zzk|zF0K5V7e0L{shbd$Q-b0LSg!s zJ7zE!kUO>nE9_YOCmd*nv>2F zgit7A6(1=9JGgx-vVEv2Z{`CkFw$lIU7}O;o6X%8Olu`U78}+i#Wk=|$>N^AeuYW3 zCa+y)n4Tdzj z8K!^oS>VNHa%FG!O=MPJlQC9tG~xp9Di!x459{tAR!=tXJlgH0>Du;ha;ioDAVBLu)oAY2O>xl> zP|+^SrMX|%+I#_anLnk7C6@2+kP6fVxf_^Vhz+AoR#WV0_+Id}(!>-Q_PAeb#RIIa`4TiV*`^bMk52t*H@ku$p28;XV&UrWpo)%QYj`rMxv5 zOyJ^^{tbF<+j{h>C)iy!$n8(;q2a*#;dl^gVhO)t^rVpvSy`wum=gzKO z3O_Mr`Q71iSa1g@O2*v;TuL=c>Oq|!i-QVjJD4=UM+uL#Z<&{O*`JXgnE1i|CY<|j z*)?SGF^~GUCn_JVPiZ zl%>i2Scl7;y77(1ZRz3h+c55Eb?9wMfaeN9JDcJunvr(Pp7|V>SSVL2>zfKb{c||n zTb(Zy;;-;aS;F-$Yv8gm1+>Xuh!Y&Y^_R65V%8Em9TsmcY_JJ4M7L)k*g$I6jcNlG z^PlX`!c1}b1YNkKnrt3j2`tc(#*!s!gmh4hsE}Hhm#2MlUo?qT*K{qpC*gI{g4KvC zfco3pkneMaDjR+S;tbUI54VEi&|>Qf)r({(%8PJ5ETNbdgQL^Rb&q@$w3nT3e%wXu z)RKgtr^_4^0?SKKXEA0gs&Ux8BW8+Xl-NRwW} z@0F`f;=&jHVwlvq_Vzax_D{y&#|jg@P)17UfVe_FpfCSC-WagvWn$i0Dsi#(_!;e> z=;2Uj)b16VJ=ht&JHY}jl4_r&;@Ng?QlX)Y0}qZCuQQ@SCAoS`0bBAN-DV$|S7?`d zp3+;kZq1Ib`CWI4B~bg_f1GXvXo?kJq)P&t|6J{Ri{Hg{=+^7kbd|u+WaaMSMkZ?m z3#e{#Cd3UwE`PiTi47Lj1#E&O^g4~aip;-;Seq~B=(j3u zrey(rZafc45(}eSdVUj;2(Z8@cz4W=g!L4e5Av$DR_5bZJAEubXL|;muwJ9Qv~L2H zt+3w*0M5A{AT10&5#mNjV2nxIa?%8&GmpN8&*HZzxU|0Bx;zaZNxcdl0;UIxg}+ zGGmgz7$?H2%*STs8!S=*CE)9)=Ji`}mE(1`FwlFcT}9Bao4X!EL`UI}Tm+<^IlOz25Mrs{WHPkN>^N9-aXsGu53 zQCw@Wj7$&#*y`hWRs*4VwJCp&6Xhu~O3XOeEi8a55~b~P_!Vmbv-K|#y%_5Ru#@sHia3td@8TAa1e$XCDiovSYP3=*xA0G48&9c?m`gYTn2d z6S*=ReO^2nz>B$PM>OCi8F$rki}1#(Y1Q{#@7YlQ{H0cq>k6UY!mB31Kc6(4NKD(W zvf@4V6rJMr;#@Ehwg9|m;GK=+t5JGiJ6WIJX~HDM-|2etqPl(WhgOqU)rm)Ehf89R zf_2>m)XtY&5#)Z8F}4!zi(j6Nb5~0N!sSr@J;OmNUuY5maRXqZ?zqWvr7E@G%1EEg+~jTT^8ioIy7w36T) zUz-(-o}ldy>tBW;4B$)T2Ni@k;mw-jrU#FC`dnefXa1EiURE>H0&hqVN0En&;i+(i4}malDU6j68!bFXTdLU6tS4qyNLaXlD} z)q#l~2Vu2kw2#Mo0ci8}3(QGPy^DS1$($48rFGuLySf@9^9%s;cMt34jT=HKrsihf zv@FCgK3Ps9F{#&+YH7thKnihsapAc)rM!+9g2|v!yj4A~>%Y)wprlSt_WC`}FXr9V zeP4p>xfcJ@w@|5u!Wn;myI8_meZRUU)TEGMRjOC$AL}$BJH1td`>yjb`TGlfta|n2 zL!YhT^|@n6MALW8`w}NUE7G#C47MketZq-SzY=0o*vuMaUiZur*M#yqb>}UV=sZLK zijWe9B(N1F#a3*vX%Teq(%J>alIsR4`~|}4n}!RMR)S!u-3l2&?yP=G6tE4MGy-F+ zJk5o^LZOf*5JclxBy2SL5uSy2bZf4cd~dQ%?{f9_AII)J>BdL% zZEjaB23~khtOH$l{2(n##lxm(=GA2@m;~yKYo@>i^|_C*?8z?NK!r&&)HNCtam*^< zq>>keu%eIOq7F?zo+|g~V__XiI<)5U3rR$!AQ7)_=>6~5oe@Z3Zk{Cse`X?i{-Y z3M3^kV43fYM!a+<3H5hAJjml76Kft}9MrjUn0}>9s~dyRCHmiI48cYK@Wr>z&-AJ^ zNtaF7>>ijOz*9E;558nZ(z5a!DI^Ve_=a+ZVIV@e_h2PDa$ErKW}v#W^gWbGoCVoK zZRv6RV|@__ExFy^T%D?5t)!Us+Gkj&l)(}#(fuKOXjx$nOl1DIDDBTCB~RZpdAYLNFX)zg92svr9!2D7t=A{r%z&OX_gXZ( z1kAl#vn!oyKU@zV+ZtHe62jZgOGdkG9QBVe` zHV!TiDJdkku91{~TI4S8Z7X;6D>x03LQb`3s}0lgM%IPawuiFBV{>~XY`&V{IkDT;{o{z&wL zOE@VQ7{_C=X%->1f-%Z7P|)Rxc_NO-{~C;e2#Eb`@9YKLf{prKIr_pgjVH|>6#yhV zk!@s9-*KxY_c$Pb3JrPYp{_;f6d^J`T?WVNX~+AESRh$qkV-30cA-gDNpn*?kQP&4 z``BzqKvnKNAB>yU^Q$}^V!e3(ay!0C2E`Rt2l|{(Z(4mvvF!UJWLOE(xITyb=HD(b zzDo_3?GG$4o2=9_scEhwZEQ3=yewx7Us>k$!^-koN{w5bYYld^5;8<{9QnR&fkdlV z?Hwa-Ct_NSTOv4aX+Rr(_%BcmzyDIi!XJ+Gj`ZeDx)$mLC%oSS5sp@Rsq zn-&R=gNQ2x}QL=`uoQ;mJosIn?Lpx0$IIDrI{a`saQkVeG)LkGytF$sPtMxqt59qyWJcC zb=2Nsi=xQ$p#8Zz@psj2F9cj039o@edSzku#|rPF*pSukhTyQO!zr19f{)a4&j_2D zU!fBmHlw$@sfEg<6btw_o}~@j!e9>$b3fK!MTjpdzgSBPhNA%mU3^B{3J}~!=!xBw zS7e-z*WK7zw+k zg=%0~oS~9Lzmq#oHRK5cg3;gss;+VJQyxPIrYre3LeGWqLxA^5`Dtn(w>;ZlY-h$~ zU_o3_M0kngJS6w1vV#f);4&sOyq&3}A57|o2yKIhQWp++|1ukpbMYJbJ!2B3FZn4;(waZ0M+LxZv#}72x(37F`W}d8xWF2(DKZ z6wBUKA>_sJB29PdsZ1OJTL>!F`;ie%Fpx|&I&Z%DGaDDl$75hLS-PmS7=PF`Yp>v) zC7N5&>$_s@$LmxZ@sv+@KF$5>ah3H4n;P5?FOna7pDIg{GTv?gUJxCqoy#jcJ(62h z(b*-W|LX;Sq>_GF+!4jX zKDlE*p$U|fA&h}2xHJV>%arO3@m(DqA-fK|ET9T~PR^DKV~FOh4wyS%z&x?+z2HjI zMWX&if8;`7Nxt);^(I}IH7}lp#5`(508^+e0XOomOUonzFJJUNKb3h4dAw8}Tn>Ck zy6MdjOauU-Uv)r2Qt}F2@>$e9`OZ&>D;&k-p`ieX(@quIzZC8OcBkbA9=jsR(`80Y zCxHiF<%!kt*7lCf4qvzW%~WdTOz!*S9K=8u%Ty@-9fPip6nR`W3+D=ejFIE0|H-zI-*}5>&Jkr{4Y1c+w#~gYT`cyirZG$gb!0 z!1_Rn;>&1%+69js=gj%;Ii8rcbD-Wrt7Y~lLY^$3t(}xeFM?S`h?foEvo;=PbM&tO zvbfqH4RR|;H$OM8f3KmLaRBVbFN%gh`D1iN-e#3GTlz#r`fUUs{hEj~O!tjKo7rT9 zvjBeqJkz8V5NH%qx457Ye0I`W0Dk)tQ2N)32#c;O8W7(ODVSierZl-0!V9y00?wfX z(2-~0n8fYXgLG0qta6YwFz5@IA9$R~NTe)a45?y!gQ~MZA`*axoUfMK-PC)7Y>X}e z-Op168WlXZJ{|nSwZO8V+!HVh|K#amCyVt(&^y^?qM^=$_^kxO3GlxcA1JycL(_ z$QxX?e;Dl3=KjEBbiKb_-0_&kmcn-11)~m>?ZG<50zc=gV_pd;h{sS`@8js_CC5VJ zOF}(Re*5hPGFqMKd#Y0+fw>PV1*cr< zzJBBfvBH~32<8N0RHFj8wfjSBb(l5(OXB%2q32RGQ#Pg&{>r8p-Dt{8IyNmN`Cotm zoHsnRsSU`*kS6y*CZCb7^%Fs%==%El3MgA0M-Lo3yB7T-$xv#ePdG{8OzKMChEw3u zL}@m(-z>euCu*qNwSEw()+|`+_68vDtBL$)uH<5uR`^C8arjTtpMddwV)nRM-4JsE zPm^iSDCtF)4^W7dZbU*9-RBc@nz1vc&jIlCpn9VZhCBfNo5~~eMfZu;v+ok$23_*E zc^Ev6s>ZM8eP5k3JGKbp(#kJ+h~18^r#D~h&lWYf6z$HD;|uKDGhL_|cxM~l0FyP_ zs&{O`Gf}>m6;XHMM=4|Jd=?;>V=u-M%#C+=s6rYYGk}mLoBk~jLb*(v6`Sk6Y99NcMb)DGRwA zFrHoX&q!)<50fGlBOuyE`e9?P>$bDSzSgq}xhoqY^S3E~IhexzfCol>8uNe)WxG6U z(dksQt~61#!>IPQlUIvbb-X;g?FH5AwKxUJt0*ryk+DJ5J$7IuCK0f_e|md` zRw3HnhAq8h<2h2Sg!(Kd}LBUT#Aqt$Ek}m&Q!qd_naA?h#-+j^rmx8R&bt*sj3_EaPc8iU0+tgrB(*g-fu@JT} zy#hFc{(gNxfkWmmzt9F~_g^r3G2Uio(1m_$DhmWdh``5-Ji@wON`p%Qh)lA8XSR0r z2~tnn=8$_hvZAma@47;^#;2A_g(SJn9%`-j5t2nH*2I?*Cr0EY@#50jIgu8O*a zqMx_VZ~G8ITuy^+nV)(Rtu=bK6v!hVCB`A;OMkfU=fGsQ7)pOIKM;7dS`Z^7RIhsQ z>xZdaqW7;(u0M#ghF>TuhxswHJ`Sfo3JeLsktQc=dIC=)vK6O1?NcFZ-+D+S5D;ieb7&PT=iyT$(5SD!!g`^w`f`ReKl=y~sBjN&Wf0({O- zWcAjyZAR&Qe^%~()H?7&`2MISz>eo8g*A?APtbY!9lo5VM3G^}Q-8#un7Wn^Eq)kP zRU0jJjHQjTUx#{njEpwlwtNpbi)0mIU4fppQGe+E+PyIA)B z;6pqH!i&cg_~-McUyp^4hd|_f695&WqV}|;bVK7C7ADuZtC(z+Nbl)3hp9awasn77 zC2sLV@t;o-nwGol>D*}QUopO+RC(KcGN|L16zQK|+9G6dEs~thHE=1o?5@OZH!kQ} ze-v3NrwK1h&ITVI;>c>A;alyUpw9?LJuHtr2LkebsH~B7iAUln!OQ+63v~8=hl@a% ztLw~q@KzI&Z8f+LU0zsoDhY}~!)yZI0$5abbyo01V{U17O=n!qBk6r3*gDiW6pYsR zX`UNzj!T^9rd(M;n$Tv7@59#&ziZ_$hs?JiY%XqSe$rBxYNcHeV3nVaFdQV-OwG)2 z>dvpPE|yia5+9ak_q1l~U9H~&yP!^o@wk`d2IM=py9TUv zbGO191i3EG<|a(b!&xL!5<@+-87mbTBeNGLfXlW1#715oLrT_%#(R~ZDQ(kL=)x9_ z8K|w7e7%~p5*RgWUD4-4Pej;$Vc1KA++7V_4C}eii*JyUnF)t0D+*oJ-ZCY-KH>Iv zzP2u^QSslHArpJjK@_eDj0VvUUVfn6z9+v-M#Sa=7V4a$9j|3%mUqY%)WZihjQS?h zdB0|vSl^`(gCQ}{VcTdodSLsWPt&UD>OQ|=qNb*E8DeUx%rJFD-#L(P=-2BCnr9)O9F9!?pFyvG3_#>?9}m1tgzPM-&7grypdUCzh2d ziB;nLj;c&B40-|XV88Q9*60C0)DF9LUjP>|Y~z(9;Y&boeGC_wE_`dr8|VEW40wVL zksowJM(zEaIS5-&eFm0`7IbT!8&2w`|M+muI&u!B&GK*5MespST$M{d1>kInAV5%7 z^}jIeEMXa3`~cB)7Yt1r@UoeYag#Z^E;WpS7~99B@Nq-ocY3f4;gFLpr@of*>`f5o z8lBMYkW0?KD>`Y4dC6EF7V}k?!*WX*g)VSVA2-ol$U9PQ4jvc<4}bbH(d=h(FL7od8FlKP$=xGeqjtKa^*yS|w4dBYx1olL))1$UR3_DoWqU%P-D z5McenAiN2w0-^H^V6Kdlkd)Lnv|j4(8$J1%{HNG>p!B<-yU&LlV}!l7H3K=dwLIq! zxC<|qIKY*afb8yjZF=YxmEn$D4B0(&_F9c@am=OPL*KP#B~u@_WIg691xL~RheyX< zR?1+_+~B}sD!Nw635%amXCl;d!Es>Bt~Lmal~7>JHp;&Ps&+?xivF9rZtJEu--2Rf z#A0PdP+Yj+YwNBzg%@eLe=mBhE>^nj6Jgt@B9d&rG&)E&xIZQV95PD(;8~6@NWLW+ z4>fh<&x{r^SK|k70;4wU4~Q-6Q#Y-4ovD6&_0!>jHLODlUDuzMChg`bCnAT;;*Li5GFB{u9LFwFBoFF}dzr0>12 zUgwFv%*gHjEeEXwsOA+`=}P)6xbttsj=1vQOb!nv5jc3g=;BrHq3?)kx!cEn-}wdz z9FdbCtZ8Was^PlfI{^WqI3#-yo3oycH7CC>xx+lk3&;naW#@o=ab9fQ{sInj;m|U+ zU}XMqf_qei&%(FMr0*@f05I3o%qrpNGXKUrP2N1!@#~Oa83>;1F;>k+mRLe7@2Shp z&#yRiW~R`~`dmL;HxKA7T_Oe#q1PE+JC>Al%T-dS)gW|->a*4162-A0651$KOlB4{7e*vQSmpThE_r>JTe#442m zs?8|ns{&SpD+(vIN`BtrV{P|$R(jxQNPHd;PK?aCFj{6rYQNI|PI&!h@4))C+;wsF zClPPl;l-3@12_r%r9k^;O*J(oOG|n@JUqwi!UNM`$F6~6!P?;JPoJLRs&FpT&<^(X zF|LI&*&Qx-x~ZtdV(!${PmG|5xQIRf34UQo^6=qV-heeC8ac&S24WkFRpZ zoSI>$63abJ9mT~A{{FmE2CZWBc>9c-Nqu;`zqImtK?Om3*M2kcxKwc8MN&Cm&~s-F z>{PnI7==gP=DwH9NU1Y+1P8dM{?K{7v(nE9L^!Tr@M|VtZ@SdNiWBgyaMVjOONM^z zCG)Ove!X*wMeh6g^4?Ab*)!e3d(*Q8)3vm-BTtR1hRaUVIqgL3{c^`fd{w{MI|cdX zh)Qt_T2clA+~Cctm05PPKN~>3Tk`(5OET=ZdH?9VsV>i-^W~>ddBn6or>a@j>i>Dk zOoUGX{_x>kZ42sjw5bjs9tLM-n2`$##+dcZ^m6~bGnXgu(@YzUH}kKwYwh^ou0K(b!jt|#vF^)JS*YrO*0&|e7DtRnL|%C-Q6`u=;5M91}0Xs%6h7Q7d`^Q z;69$h0Vy5rUf!y{#)jrts=8-oU5E6yorRcPXVrF;l{nZT_$fdb{)@#T8Prx4_9k6e zV7kZL+gl$QO)g-h+N?NScdKcylO7Pk$2_FQ%mDZI|G}}~3}l_O%lBT?@BTJ%Yac$Z z)h@X%J#U6AV9%l><(~dBk|ov8#bm(3|3BYP0l$r{aowd{?y|h&gB1z!YJ4wf*41;A z1v_*%@<$Bz#{+9dyG9b}8)9_owfJ&k1PQxK7a-YNfm zkS@mX?(?om9dhcP+Kkg@pt5_?y!gCdfbLoy?c;+Hx&=j4n zSN5TrlxNOO$SL)_CZ)pSU|Fo*>fD3Ry;nK{8N;&S%9ZBdM+JeeK@X?N)j7fcY?7@a z+VwoE>(8qtpkLmzlly)4-vDxCcQqzOJ}c`>kfy%?Iy}S9 zmSWIL|2cFHZmm1s0}-|X5r6A{gmgPA0N;t z?)&cwH-sd=c+0SyC5hrem6;vG&7hqRme}9VI02blZ1Y`dbH3EWjXdK3q;~p4gzWiS zyaaXiv3aIFiwr!XQHO|6!rr^ohG?7I5w%Qqy#zo$P=?kevdWj)KSHGlrTO$ zX>}+ywR^6CCm4O`- zur2cMgRG>2!*iX%ZdNGy_fPYYB9?FQn(hazyml(qp;pWGtOiob%M>nmG9T%M7#hW| zz7GEV0oq?gpy*B=+1*c>w7XvlBOS>=HN{ew&3<$4tkJE6Mv3xYJMzbj#>SRWJobn( z3MgqMupzK@a_MjVXy}LidS~m>-ukLB(LAolaz#5;$3l3wt3@}!iffH42|a-?2dcMI zi(?(ccorGhQfnrBY1khr-c+Wl*>xg16(6`2a<)u(x3?R7pc3rH4BO(E@W-Xi&b5X5 z|6NN;@X?f+*$O!hmgcZuSEP%Q&HvuVu^>A;=%n~b^R!c!w&ca(*G>&NgOXWMR=+DM zb&XlR@oa3t(~P&fbT5TMS<=`O#flR#*E9HXU>}Z!GCY%-$Rq5)$D#7A?G*JQ!vO@r zH0DN9f6PblDXle zW!ibU{yXR&n%$3QCcd>#kix}y#FN@RSBK~oX@d-7Exz&+!ddk0N^i9j4q zhH?iQb14}-&QEC{;m#o1PwM@j?ouREhKt4 z8l|3iwu_dU@N*KDtzm&2C)=w$Al*GZM+IZ3U~TeY!HK5_=(ZuQATI1)(oKF{YQ+f!%L^?K z`7txXN_eURG(+0plmmglh^E=DluRR-fM$=F!nM2tliS!MVEWl`};18?V z$@_b@l_Ol%}O;T7B$zJ;+)+y)+llT>}O*T1RiqU`_n(Jt` z;{Wema>GTBTOMeNY=X}cJk;QyKmx~-W6MQ6@!N^Thec7~D1;;}!^+C)@`=1*jY&{& z@UKM6p=ky2O=-!uRoZzeHN0uF#6KqRW?FA^$o#(U1$}tMjI>xa7|!z5vZwC!sM&?# zJEraU<%XM(itej}@-mJWRPTzw2% z(LA>o{+-qb5i|yGm2l>{0|y-$l<5f69wI#X#AGehA4{Q`Z&HWeTNM>`C%SjooO)H3 zi(Hy)_|14Nu|-QCY*)o<{5^a5I0C&W5R1zC*os3qlOr&K-bV#&1>rUrQl3GSUoRub zcixodm$k1-q%Jpaj1-ko&F{fS8EKk*WdHie#G_p^RP&sx7$wgy?aWWs*5nm9P9YxKtOOkOLb?G)<4z`HwjR-(&*rF-8 zCSqR}?qTz6P zjt(PV?xsS*N&RmfuL1YZV&Kb5mxsHHF)*`gI=3zA-Py77+AXQsisoL(JU(_J;&pm% z3o;XB#x$K=1{F#6Rn+tehcCC5tgi36nNN#Eub$c^=va?WYD*lANKjLt_}OZ;wS9}B zawr}tH+YfS}m|EEa*-$UBM0JiU0{nJ3l4jvvT-VtX% zDhkO+U!3n0m5u@ukTh%4DUQ)%+BpN{%aXXPEb86;MGO8i>d61c*jt8G8EtFBN=U~d zl@93=q`N_o4w3He?(RlXx=T_@q@)q)2I=mQ?suYlpL4!{-%q?y*Y!MejXB0W?vUw; zs_$`A(f-Jg8=b#krfbSsqr3pq9zd6&eR`I?@ZnoJ$Me zdKp$s{91EqR|~GVHdjh4qi5y(H@d?{(*$$d%k7TY!Rr$0m#D3fw2mTVnDprv!XoF0-C#wSlLV zkt(RJo_eLDuHN4mEX}i_j{eyJ#3hWWe9)q}ozX=j5Drfu#;kzW0I5l0S@cys6R zf{n`YyW%g6gS{a<^G+7Z%r_BLO0i70dusaneDpKsd!{l|&+*2W9DFEZh8Bv+cz85a zBfPT7$jLY6?;2*J-fSx-3Kmh492FLtl8zxS>VZBR-NMjso+>+(@DTYYoPVUq46}Kc zyR9jDcb5iDg#>&zr8*5aX<+U(UWcq}LZYzRdbRpT(-oZ;R~ZK3+=)i$j^-t`*-27} zmddF*(qa;p%BsrJY|SmcZJ~r~F2Q=kS8RGdM=oXKjDoZG%6dggkCIa74cg=MLQmYfxO$L=6c#jf*Yz?Xj+P5y$&j%kZk3L-UO^n@iPZ>5oa; zwXCbGm4tMc#*oR0*z$Zy7`!39tvX^_tL9NtE1}H1mWui$OM>cvRhbzCLqb%8h4poR zB*tU49q{J(c58*f{fH{{%q2)|Nf$xl5S>dRj}wUp)hy(;35iGTvx5#fS+C5@id|?& zSU6H)U;?_-0j{`N02y`32lycImq+6`-j6Y|@S6<>B&BuLVnen#T{1X0u2%=2#nM5l zm!YzXw)8a@d;d^bu1M3Dk~hiS8LR50>!w6;Ca$eFbyW<}yLK`^gEw-AW?fowh|oPF znT=V|xP|jNv{=U(8SDODA?g9oTCmr`u|63pxo0(C2!1u}K#lW~bVnXntrKRP} ztqwmfNQ;d{w;Sz=+W|{RqnLr_X7ULj-0tt&{&nk$YJY}c$WUnW1Pcz+-qO&Nz<~u& z=*=auVCb36pg-IGT;flQ89|9?Rx6Yl4#$P>b%9Kj8=FL{Ob|5$9Z4x^=`APZ!e!m1 zh8G&~d%#T3(8_f|T1tu&)|vM0ft&;(+gG-@QmemLUNXt@ZAOzcy&P`NzlJ{}ND#0H z#3p8&T$li)t-{|2+$IC98#iz&OGaqv=*$3FBq23b3WSC2*#4UL2qf3NOZXNm_1*ZG zs6X`U^^Oti{uBh=7W?IgR65AS{XCEE)DngA|}MEIBbky>4ECJ;kRNt5Y~Uefee znS1MW`7Kdp1QBvcv?%E)%~T)jhO)M|3r!pq+j5(m)1MPUe#UXN8?FIiG9PyB?Up@` zskz#5^$0UnkAh@zP@bLn>kYhI=iF~LY(*Nszm+NH+GDuCP}=<=zw6`3iNZ~pE)`)} z>tjJ-rKKX&#I9^-7(?3k@^ogl`|pL?Pn+)fYCAsre#yPLy4LHv(*N?^CLGzM_zLa;`PsuVCt+aMAF zyLh>Vr3W4yHx}NxbUO2oT951TkJaTqHM+_>^Xr_%0^U$Q+KnyU-GsK+!#<1X>>C?0 z8qk)WXQOauC%uma{!m9g<09+d55MD^c7^5EQJX;g(`%4HP#`?#^;&-SL}lAbG=+??$=b|6rV0QU*OUr7vk zKqj?l5VqufTfR>oSd3r->BuwSQ6XTYJ>@wa&<@#7SoA9zh(IDw<*4vo_2?d5OFF$) zO+PXvsKh));Y;9t(ABuwfm7~{;~Ofd!136}`UJbw7ag`jnfDl{|F~ycpR@J136>Rl zMx&{AjNaJuv23M*4G9^|)E8R}BBU0=__>NM@r?=%err2DG6%wXk|4VK8A9u^ zLBJ(1Cg7RN6FAMF@8in_t5`!aS@=qLA5%h-^ zv!qQsISK;3T=hAfGl88vXkuO@*MqO7N^mV1Z#2?@dHs9B`hIc0{$lGcht6 z1v@*cxa)=`?=SG|<3+@K(*eQ{9v8zt59C%eRhexsam0cB5RQi{F;G5I9c?s9k@;IU z9T>YGw}+VZ#pY-qklL?unFR_nq`wosQ zl@}U_Y##nn-lHn~-hJ7xZ3Ix*j8Fi$@@YG_rz|Jm_I^@F291N{gSqEu}UvspKq;hR6Fe6 zEcT|1PfAKE{C&h5PptiNXoW3c>~%)F>v__RJ7xp?1?*X~ocCvh3Q=l??nAdTr(|bU zyNUDf5|^T8Wa8SRnuKtOWzW){-%`_CV)J2p;iuWmyN+kAcI$j9?>qhNj_&*#8{a3k zwyWFjl7zP6_@P{MJn0`=oe|{=$?1R!VbTj(x+O9G2JQ|jGWGY*12bS#A7JbqW3fI+bN~ z$05E;&+qG>eq9}iFKQ8D0@`p4m?<7jLDCADBH&%x&u!X8J7328JbJV$3wd5I936rY zkDpQN_~Qzb&ow#H+wQXtq~YqpUf#_vU%)W<2t#=FL~I#%+tT`>kW!&jI#+GL!*@Qh z7FcWPbJck?yZ8%>TqoN8^Vd;a5X%_PJovHGA2y2zhOnv|Z+^VY?^5T{y)EC_W2XSu z>};DkAthyfaw%!`W;J5i0g+Q=r2TGrR})?9?Be%h4v=Su=oERlEzMwT8T0+cL8zbe zfRl43@vjESz>_eYgJ8+~ih2tEz^jZOa^&`+d4a*f{g72f;0JO2+igk7+nb+jYmDFX z>WvTGp~SnU7k)jB&8I^=wYu$4TeLB!pWmAN;W#=xEw=d*{*w=Fbi2!Z%{aB;ot<2H zZj%4L2P3Bo0y+MI;x%kJDu1|YU{>gn0S^a&)x^_ z$JDqpOKe)w=A|#F&~MJH^DQ-h3^PzmNF>XpPw32*6|zPtx>&jNs@S6cY@gv$6@Ej6 z-F{EM3U`*2y34&NT@)Q2J!9yTakp>YKU|R$nb%SLxcw$PvhEmqXMvL<&2VlVyNYw| zdjo10fyh~VY4)scL2zu4N_cqZ@RiXz?Y`s(uralg6ud065Sg*!oxEJC%mrf9zA}z^ zTg(i{F&b??Nonci(9|^R@3O7mf|N}kLV^JL1OrsL$@nD#FU+JYVt633hDSQS&99z$@ z?RaN@co*1K4m7KZv-k)lOaGbCeV=-N*R9;TzjpclrUj+cs?{878W*?Ty9T9wEO)i>hyK;#Zt(v z3D^XQ5hgw=%d&-7VR=xFWxL_vFWEQc{LxY;wr9oG&=O-9UX&@;tFNQqUv3IzHv1{_ zW~45J_oNH+>yP4M>W;q@s*DI<8q-imy%;HG82mWftNU4WUSwt%8vuIxIRSmmA$c4_ znOmTQdhyY*q-;ZyXc!GCeZBH{(ouw2XE<4@pOQ1}vu$BW!Nr6tF)Q7@t-xEtid zrK)my2xqiqCYw>9r}pUgLz&f9+`s9=a|C;ZR2kfaHKqfMzT#h(g#lAlgxK%<9NG(! zdz1HSYmd)AK*URbHiXoJ92sVxr0)eoCFyt+BE(vuu(bv}=%lPi)TAvK^ zT4eP$c#L~5=;QFM4++hGnU}Zw-bL z|61Mab_8m?7~yZn+=T9HOsWsJ7`5TEW-5sOe6z90dF?oBk!$Apqi36uh~=xic0Qmj`7IU}}6 zV#n1IN4m0KaAXVSwbeuWWIG|_!D`Fgq5O$=O$G<6iZ>5y`rP00J}KUYj8t!R|6xuM zCeTsry|c}Kp#Gp}HpNwmsdW(15EIA6Ecutwm;D(gJRA|>wkVr~O^pQhwjG(k^bV!X ze#1UXBsN2LAf=lB_h2x;S0qq{&%zDTa&wo>_O66l9KQe`T;SaE z3obrC|Au#nGmF&>qg<_8*j|Nv&J+N>35kgm3f$<<+~z+e!!LK$JxwXPgO9a18x(sz z=o1)MWWKg-@L7JF?YU)CJ}Awt($ll%i~4o-9T88tDMYn@x~#?dMEfUAXO)XA32cXK z7R=G8uwUdf|KExdE%~gCX^_?QPgDHlXOg%2a0)c&%=@FPJ?%ujow?1BpZ+R#uVqZp z&k1pa94fX4A>28&cRnFz_g{tk7kaP9^T{<>tPEhL!(=2Qx5o1-^)i%HIyuRliqZK8jOB;N3P5r*a?Yk?#i{b4pK2*-L7Sm3?70g zYv`}oU8G5&{6e%Gp(=g@NBa@CZsOugzLr<&0Zn{5(~@Q_E=NR*(|xXd$G1O{j|Mls z`#e4m!3O~H1y@WSW)?Cb_kbNjo9FfBc0SeLhiNSekW%Y2{XNAesMH-MHVL_)wpN)a z!zl>V^;~$RCo*a;Myx(cE^4krMdK!3uQ%7CVx=3hb#J(y8DH}dk#Tt(zQth__8wiy zdKx0caYR+4gKYRKBI4nz_fw+7UK;4;_$^*+*azML=H}37&E+(-vG4?!*IrsNFJm{q zyxaQ=*=Bt5tr7Hxb%p1lpIIJ?i>T^!3LepeClb1==RMx0PW3crInu*?|4VITwyN1T znxL3$aqV*uq}q}=KsuBPU3H&hK#iKFzcPnGAjy_h1|22sr3g8t#P8de9$RHsHvCow zqeYxc=&Kp`7nJ)moQWDlN0l|_9z%^ir^I}8;o`%aSaF`M7JNt|>4$?KXM_SeQF*B5 zqMqO{L>~0)d?wm|*PFVpFAbSs!kf!+JzWTGq7shf>haU_Pz&WC$uc@6dm6tN}8a8^j7kT#Ij| zue}Nv0H%M!h*0^uX*@2BHtOHy*>_kuzFZo#YNfp>q*Tx}!cPw7?&MBa`VTg5=*rpd|F71sn9@hbc6~P_p7}7s;o!- zip*N@&Q^4P*`LQ9+u2q3=7%I6GqWt2WBt9d=w9n!5jh+L0&N%AD@*`EFXZ&c`=D1; zn5q_7l6x*4L47317RALM{mDHfJi{p>!mTnLk#@b0@T^nqZYj1(NlE3`+DH1EigbMp z`Uwl&mna1ILmo#Hiq4cp=j&{2?`GP~BVnD+l0V$<>B9u05g%6P0%Hr02{W-RGTW=F zxJ^2K{v3tqqCz~6cQ`mWieh50K_NW$@7epK+lGvH*_w48KwRMY^rS`FXZ-;S1N;xF zs;VP^hSGN%@BOZ^v7%)1*oB|WKNjJ+@C4Y@s82RQ!yzkBaW$I!I3+>hxM?ctLz?k* zR{l!?(tCQDE4Uw$3&G3$g$_2(>K$`W`)R$+oDiZv#e1mOGa_4HSW9v=zw&hk0I9nc z`yZMt*VVAIb~xhW7x}{w{;ri5-`&WE_OemsUtvO|$j3a!`mH=Pn`z1r^H$A~D1s*= z=p>tre|0X1C0BgK73nTC4=a23oix*5c$Y^xE+`uL^Lsmq47t(n^yIs+5E}O}$8bCW z73-Ns_0qP|wS_u|%p0Czmv60Oy|cb&SW+^P=c998UrrqMw3R39sB)*JvI8)E#YuCh z@1`sed7LLZ#AYC`V9moxgO^d*S>|Y;?p8@0BifyiO4lr3uSDfvW~>`1FTJWgshY$m zkQO&ls^Ny`qe?#x3@_-2HPY|qpBdzE_IIpG!I z$Do9|a#>)Gcs1#NNw9WL^+sUu(&DUs*8DEgYJYC;Hm!9<+6V|85eArxv=I=(yzlIH zXO_)cn5H2iSTsaA1zEt4iCe|5@Qnc7I{u=Rx2!L4xWOJjx z5KcGV*EL?SR_xw>Si>d4^(?7mu53j9L^V^|@Ij~2W&>wSYG^Zq$3^NpCp~0!;Ppo|PfTxVN zBk35RHoe-OwJRm>6gHdpT|8U3Xt9qUI2-8U7;Wv3&iMj|-Pil+ySZ%51-Vb(iBm(Q zK$Ei3Z1GtdOSm{5p~ugL!13r~AuKGscdGLlH861$y#Dmf%%yGmLOPp7lCK2H1jNK( zl88vrJ?28Tfz-#z09x@w6s@FS%6=E^k7EQ0Z zpNHA)vDjrlH^O~$-6Y&UuS^DobQ#MZy-lRK%J(6hCOV~_IST9nJ38uhE0dIpPn?bI zhivxraXUA9s48ZOPi7BenDpREW-csCa=R9>S5nc0R zZLY_`;Jl+>GoqU8-;#zkQE)huhJ}@isz`w{9Tw3iixAIfqTHcUo8Ww?Tfce?h2yTL zyv{*$YGPu<>vDn4UzXE{|J$-Z(oXHT>{iS(Kd%?2Q7V*FR1vfO{&&8EYnO4aCb5r6 z4vL=u*KNut{Ed>SmQe`++!gPZfjez-5b6ChBI?DlPb-CT(sz)hm-s1|Id@0Rr_onI zRGz0OJNqCSh%V;={RyO7Gre?Taom>QU21EC7go#q?B4$2F{wgg+s8oKv?{R&WmhEZ z*YtRt{9t;@)=V$JiA4wHo{eIPFu(2C~bpEO|jCFSsF!Ry*i)Lr-@6`#gAA; z(P@qoB!J~+l}So?ApEqYw{4t40xj@drY}vbpsHRAlvEhOpp9?ZL7^`hge8{!>M}J^ zfKP^x;q$6T;8+Y2+W4H!>5Q+W&>NTtPqQ;Xn{gv36cP|2XipH&Fo+>EYY;f$>NVRQPWzQu;Vw>KRv?WYz`GW;tty!oHQ!{qSF|JhvrhzFbX%=fk8e_>HG zc#@9p7J9Ak69tIE{huhLHFs0pPa<^g{EtnGYuD2^H7i?hO5NrPdx6m=hg<6tNtU;q zisARC4SfRxZ?cxm&w?M&th+cSV@rN$(|e8|Y*f`0&!-xy)?L}zW+~&n&1dqFRC+3?kyM(8L~^95Bl>D@-SW7ZoY|ggnc&94f%;+lY-0Q??R~-BCK7gy=^iN+qYn96~{%3ac8`;Hc;0Bj~ zO=8cWO#Yes`b){7iv(0fF6<)OwG2+&TNHR6g=T@lZG(7D^a|3^@S`~cn@P&0n zel4jUtD_FYjr$J%g#w?9gFE z^(RN#^Y9l_90CGaU%!5Z-^mJ(h@e2^t3EhnhOTs>ecKEHdq3zL!c%vv{t%NwSp&XU1OAQX%5oT7;L)1ms? zKq8{1sNf;QqSax}gXc$i%jGa9TYaG=5aq6pVUKR;og>JWEx-RlbVXv*Tdp7t6qUnY z`X?ddAFmo|R5gY;NKa!pd)#^6y^G94l1ndD;9gv|T>zka0c_*E23=NDOi7(OD8x8q z%QX8{dZW(AF!y4HFGGAWaLfzxC*JG|u%y~wCXPQ0u+TETQS7KXBg>5%vevw|y zZ9#RIqCRk1PGz&$UX5TXBn&&p z_^%fL(6J<+0h4?80|QmyydP@)eTTBq^RRKtbgJy5as2ce3dg+Q61XtH`0S5?fsv0U z`UzLZGY*GdZJDhc?ZV5~HHPmI$}6UKDd@P3W&^l!7d(f4@eR2fHyoIQKYw7qbq03% zBzSnOdRAd!GqDTQR)eGIA7Z4kOJEq=?xeo2MZ0}9>GwEl5lPmx|178E<|eT{$f1*b z0YdmjCrbRphOby>1ff0CIF3|hDKbP(x7vgO@4jUif*zyez9Z&V85t3=Rh;*k|F&L5 z#N9pkeH}0sfokd!JsQ0~zOU|mXorX=mLK8;-kuJ(#R9i7<}hUSZ^v}pJNfZmLr6kf zeQ}-qzw7>$kAfP&7%7GMw3fTQsT5P7vE?H?$yPDSEwD*B9<>BFJ|D@) zy0_heb?E>ru|IRPKHKuO2UcN#Ca#v|b%M4Ao|w&}rVMPN&*`qiZ0SazL=ECnJD@U(avQm^10xpkZT_kJt}Vgl(840itjz)86G)9 z{y2OgP~aZ%0Z?EkNyl;Zb3HgU0xvF3ir1W>^s3&+jfuknBCf-1_};`-KKk)7`ZJSE zS61*m7p;Za21IW3t#9NVyTm`@(^7j$5}fbjcRu72cEb;ORgP6yB5W*D;kY30`@YU@Z2s8gJ#>u?pEI=0iq9dW<&!WfC&xX5}f=V$% zj9jPz#g8A~q5t@Sv{co*7?39(wHg|n_qu!>*rRv10b!d+G|)%V18?bf!3`7=<2roK zmQZ)Y^&-jb0U=*G-)4wS8^I_P6&I(#PU^Ucb^}YI03!EoZyc&W>n*Fn_}-m+9Ue)S z8##*~(oW%PVj3O*VSe>8d5tsZT>ojY@H*AzaQ+K#7eurXM4%I~Q=>BoU)ea1*PnVu zab0f4H=Jzp9^OM>gD!DJX%}6VvUV=p+9J}&``dBGx6XT03p6 z8izt|Y>2i2Q zii4$es z%f8gO{NeDO68s#-D*+BVnz?xi++Y7hHRLanViDRDRKe4Ub$_I({s2$NFE8U%Sk>t- zD*||NZ!Nz*4ncT|sTrz94`r}fHwHLoHMV|S(9-s8FyV2|mTx_Gsm9R`qtE4s>N{>+ z*#b!84LCE>@7}$`2!gVMg|LW#=I&)=tvI?GFeGI(>zU6}O@|YlXgB^XnS23U!?^+O zTdCcWT6KMSwliLUvLx9CwnJhg*T0t@#DPjJxHkpdRHJ~(BL+68ZSZuUb}+QuT6gaF zjE#+L$N1dkh43kRf+T@v1kdJS=Pe;QzVn2Ev`?ReIYYA7G^>)N85;xnua=>!FVmLp zf}a9+^yXCwGVVtmC`L4)fM6vpv=rFB(|BEPY@LB%MzB4PYi5!mrlqEiZTUdLzr4ic z-Ba0eA^vVy!EXgSX& z(syOzgzl&w1$cRZ)Cef|+k?lE!-bEIYf;mRF+@KDYn=c_UF&kB?Jc)RmOBgpIIhw^ z?{9hq9u{}KN!7Q&cdZEY+=5;C4U6spI1D%8J{-u{?L(e}(o*3R8$dAcGJl>km-3drh2>uCOZC3kUNpzvp$T(bV%t(QR5SfDnDg(xK9G6l?;fi) z1JOwrMK|RZC(N25H?Sp4!xH|vqvz;*IZDF`@?$3n9>}0#arHtpB5Tb!^;y?3l&3C( zjxn+bgaagcN47toB#gw1Wdx!lBB1EoQKh(}A)AaAq_TS|z5l!?U2-fLHDfM014-7M zH6Gf+g1~dU^nNGU2u88>Y8B~W$_sK2uF528 z%uoQ9Hv+kHGipc*lmZ-@PA;lw4%i@sh5j5IEC5Y9B=84Vju1<^{z7TR)&52ev{|PU9tee)x6dIT| zG%jsuI%-W*qT-{3LcghpmC)fgYr!x@d@h==1+3A@*qcEjAVyS;o|npGTz2H}-_r6hua#UOK9;PJW{9%;s;w*{GqR}>}zVC&yG z*lxa4OxrHH;fBYa-t1KZZmM5?qeeab^oo+JD@=xcKf(9yTxql6%mu}xC^6}qz;__( zxxIw_k#dxC$-61R-U01r=gP}0U1IY5W|4eU#km}{a`#(B!R`1ba@P-8!6oeTf2-Fg z5-dLYHUwYnRBh&ZTtjE9m0V2Qq&DzmlPmqSElCM7F{$ivFs`1+w`yRzNMRx`9)6kr zyPVC&q}C$5W7SJQd?bbg28&!Aw1%}MqpO;OfSs32XEO~KqE$M8rsikAA+ zK@M1hL+4`3ANAI3I1GxFU?L!;{eU(_?WSA4s<1>Tgc@C+v1y-$ z%f*L93E00e2V6FCz6RK|6NtvzTU4ot%Vc0-`P38nihNq~G+;IT@I9?3?}GR3!5L`M zesauuIhs|QgYb@H;nMuy)=h(z*#@%VrUyW6ojEST5Qil$$vlliFnE1l45R+(*_i!` zAC?7RfKhyhfl!2U{_NYP8|6hAbm_)+K!_3iMd)%znqARL@HP{CV2UvGdEhqE{0P<` zQeCp@>fC_lAwa_8=V<B%xH5$l*A$n*6NQ@9=-1J_Af!9OqcXCg?IHcL{kJB+^{go(HNiWyM>?tDh% z1&zBr@OXCLDIg*ubX!)9`ajsrg7ubxab6emEm_pn^udAr{j>l zhKUXvAV$D1JhGDKq8HNr@(=@)xPvT|G+OZWXGcXj*=`)!xKUMzQTQJV(^E9q+MOn0 zh*xZ?Odz4EJ+fbs_KaUHOQ=!>$|gJ^K1_z#^%4Clzjhs-!*lno%Sa&Z*tLKP*fb;EQTfhbTCdtc?i3xf#d zLS|YTnj8=kH3FRSD8}G!cR>}NDT1%H-;nzJJ5sY9_To}#0u`o6;C@H$D;0{hvvVMn z-V4}tJf&s?x$?nk<_EK-3rb&~iT^z7r*BM!q+nb0Z)_bEt*2_c5c~sNEHbX3pG5i; zLfAM{=V%Evqq7x>(7E$dCqszlWHb<-$c7@+AyUKDVTuIDS3Pg}g)UT4pvQ7B($1!X z92vHwdcfB?fcj_Wp zej31A|JE_q7+>*S)|jm5zcl<>IzR9=?lE|1bl7qS>ziJ3+x{8Q8AGIo8Ly(fXIf*- z4>-=!`RZ(2&Ghw(*xQVhs)a^gF_UCia~~O|zBQ^nO>nRH3+CFx5Dn88^tvR<;~hoS zc)FuCnd*s-a&{ql>zrX%W8&$>C79w!$L_n-Tm?Ya9{wgza48NK7N$=aqe>rY%@K%7 zO%)75Q&+Tq`fN{fgFOdw)UO9G-i-s|`AzE(?Dy46>lq zIXf1cT7KyZ|HOFa8x!8{drm%xuT2flBi_%t%7lPkWQkOyhsjmCC5Y{Hy{mUo6l_V4 z+FdjA)>9EnhL=H`%t^SzpE_{7IV{^?$mVi#iHHZ~-u9`h{(95}#8^9$9>&o^SctiX z=;ZS*OhQ-~nW9s6yanh1-P9_fY*9`hj|=KaI$J2 zEg~-;@ofqCFYD*udjmcI3cZOT+JDKm;ANU(Ld`T8_k=#MW}A@R-=?vh?XG4Om-bxY zG}b_)JNvu8#xI#EjZD8DI*1ZL%RQA#e?Oh&MTR1|SK_hFN<_j3$U7{w0NUCMUXpoJ zBJ%W4!a{`(HQGA0cK&&g!WUZh^Y!PmK8E2F$%jzWcNw&udG-}6d-N#Z8a?8+NlN|Zuu_@giS z99BWbh|Q`dX;fi6mxeM->F0?%eY+a5z_Ea!uJ`i}&u4wVh#6JGdr3)>eVQ7OncY7;Or@Cy>#+rhzA+r{hu?fLY)k9wlY}@OHlNB$ z+=Epkg2ygrk&grG9|U%IpW}8o1pXh4qOU^*L*H~jufi*KE!cLVd>xKCotfeeX`?4KMp7`9@PcsU(wwPAHzdv)7 zf|6`WiX)J7$#Njb;Io5SIJv>C^>(T6RrmJ~_(|)rzphAVL$WY2mL--RV%?l#97!~$ zjL991pey$xp_qD+K7;tF+-|GEkZcMzUswD%z5lZSy)hxcn9zarRWW9df&gibka9Pa zk_rVHJ5r1jJYDe`0<%DK@uv57gdLC-6n|}2^^7wvqMC`>VSwJ zq5L#wn+&+40u{W8(S(aJ?o?ghL`MZ@s$aiWKv(<cuI7|-L(#05F=~q!j|8^)O1VY z9j#w(rJxPXZi#2?V0j`WDVqtgpq9*hWlvO?>QTIf-n!@wW&vE$cFLsjay@DG^iFMC z_-P8Y?r9Qj3Bm|IbeDl^BZi?2-qmg-YDGrzK|*@O1(}DNk{8 zGq3zxnM0F8tzQEJXXXYV)YI`NMY1ceXL)rCr@NCj-Cs!YA9e}U1nJi)px8v`z7+;58O)hSDqAq8^INSaz|0~^TudNzXL3VW^%Z$1ZMo}@+6D?# zkQ`=--jgPUs9--3Q?O3-$MNb-n8?5GzC_OZmXF>)tE87KmrtdP6B9~!7O~~!8h%=8 zcGA?C5W?q_K3+Myg|I5))H4)WP+~$cwp^`{&{!XNIZ=|NY&D}~avUfb9=^o{Z!3zX z*rQiThy~As&PKAROH3ls6?=t3H2;&RnjE^BSLjM`mnESn(>+|<^F)lPC9-kEH9 zLa@x15l{q^;3Z8I;BI$BMMXydy*Q((zmaAaRBTvWO%kX9pxY3w!X#X%UGk7DcLOl2MgYl8 zHuH-I^@cwy;Z8BK0?eH_nPFF(4*JyUuM59yIBtgUUT0E zW6ia-2zM2BO~^~_5L@p1ZGt}R`LqGxTcHE0WX^s+q z!5Y2J7hzLRP>$wzSO?`@(2@h2JF!}aE!o}CJh*a=hG_JHfEMd{X#gM^%H~^qsi-If zN^yng@j@AgBdMUEAVpkU+^x~g^3`u^(U=M*AdPrpE;pLS+6!df0&(>R2W2%~1h%Kh zl0hePnP_b)%kKWCgzU~6;E?kF$I@ZOO8#iEWx@PR5#fpw-Lg*J((oIvA{XIr;5y{x zGL^(mt_zf;C{O0a)`EZec|i6$Ik(m%1(k}WKg0l?Ysw-qH-JqT5QN3$j_IsBwm2j# zZKi;dn5?Wc8b_;sZiITiO(?|2#cguD%~`q;n(VnKXL8-kRja4Mzp?T1_DT|wZOX`B z%@;H;NRJ^2Ci59n^h0?iMHJ)52zJWqY9a#k-1_i5DLBFysQc-O-N|+}n5HvVYME_G zQ$9*0r#Wz-(NkcQD%`Uo{Vm?PhbX2Q+i^~2y!^Q`97OQVQgE%*xTEu?z6C?|0VRF z!h=_HkQQ#}lP*ZVFeac5Ls(NuYFPEULti?e0~L*ywm5ecO4h*mOTniO^SRd6*jxjy zRVqp~(Im2qEkR>0>`fH~nL5ace`7NOPl_%6QDgiBU1V@{M8OG_t)Y?T8;O|&g%ybG z7u7I6ch{v%BGLqY>hNHhNNfe;TfD_I6D{V~FV)1^St~na*({_aP*q2RH^d0uDZd*% zA*JVsQ!x6-kcj=8x>4@s?R#ZaLrkHcRXAYnulQ-;@S)b|7mj+HH(wO7K&y}toB<{V z#&&+Z>|e1k`pVjaOVTSNXazVgg}X3r(}3atEX$VxlIdVe*Ux#1kUI(dGv9-drzBo< zlyQ0H%RkI{rg*zc^A`Zbiemh}P38_lQMUszWwR%gA9dDUfmWpNLq4jf8A|k^R$laf zG#pR#XwX5w0#vkGWQn@}lC+wZ7jqUU7o(`)c5|f~Nl>=1iFzyg+$ACk;!LtG z_)X~DF19Qkmpa@i4?1FGhl0muqt@-4-{48QH73^D8MPu4x+5d;)Wmakt7A!wD%-2q zsw1M*^b>KnaB8W$g+ywnp&px4{@>XKk1zZ7ko;JB~M6SMtvKhO~6c?j@KEnc!yn0NT z3r#K_XF_5Yc4yq5|M^XTNBZ|n*V2IFJcrdF3mAUjDSw1Y*70t9DT;`iPbDO@i}^oY z+jk7V!b0`a{vYte5IvX`MijAqWz`A!l@-7#u2ERhW5(){ocd_;&Jl7af%O!zSKtjA<4-pS0E|t%H=DPr zn>q)+0@Rwv4f9WG@b|q@_*9-%CJ-_Ql3=|oVo_>f$?$=w^$r~4*3B{Zf9LmK0r9H` zR#>vXtEWEyef|ux&l;!yX?(%Y+odq6Y376YxFRkqTO?steo`Gp;t3I=rN<=uX5<=u zeV7uh1Qh_o+F-TUC+nsNQiMnxDStRgrs+cd4OxMySWxx=9$Gxt%DT}_Qop(?jdhGlhJ(5X~Q=xx&H6v-c%~IKHON)GB6|-Cs$Ry zso~Bh?@9#&xw2>u;BqV&Mbe08kLm2PIiTO9&{#81eGpO}21o1NlN-bRmcV0<1d&@; z9vw`kMP-ZXR6;_+`sm^eVyLVi&fT4s!yp^0`2@8)nCs0ztMnwkN?w`CIyr1QDg>)H z(Jn&Po7B8I&hMQ0xP&Rs79;=9K(7_|>@kChnCJWIoTJQNbQy>AiSdKKM@^IPM5x_Q zN(Z4(6M3?9PY0e0YIb&3pPr0NSn*+*jDewigHm1^{55$c#d1DwvZOKcGL*3<&)uyu zhZKE;3G}<+$1r2RymZbk%vy?~;PJpUrR~TsFGhMR4|9oeh;qq8XpI;R%Df^C%3jv} zW}6$CO=)PA+2t%yx2+12eN^E_d5JC3#EvyiRY^pm5mhXrFLLwhMHkb_D0A|P0FLkD z{=(Id4;TChKS>?WBGpozgwWLQru1&yU~_$T$1AyRDb_N2QrUHHhaL?>?<R$%y*-Q28=-!-e6Kxt*ti+s)1D7H8Vtpr6&I9;i?=%Q(aQ!Fx621M3xHGH za8aAl!Jm6}Qe0A!1D321wK#v+^IPJzav9}FO?sNY?acaL`Tx_E|9-MFu;O&-`#ASj z@(YhwQ<+HX)o#N7`5o?;ep8Zln;v2G3RTh16<{!s6OcvvmMxe%WQ_`-reFETjRteubVN_2K@afDe;~OFMPcpuV21pD zMo33nMOpJr!39zgQHwD3-WE&$aD7qq+th9oE)>BTA%Xv?+jGSO%Sf=cCX z2BdRAInfhHJQq?v9kO;p*hfC`BG6ncrl61HuC0t@cOWFQLg#~y-(33E1F3Pade(u8 z|K`Tc?j=7g*}iVEgO2C|j2-*;iPoHn%VPMib}%D_*ka1+$_7_ITdy(Gkzs#2$!O1y z)BfM0`P6mIr2tl!6>>9MkwvNe_=KIz#|Vc&S%Xa{qUi)Tr^u(;2_iA5r8_CRU4i4= zzmq%i8NSxLluZuryaQ$KDqIXVY{pD*hK8Y{FiK#3v{tKt)%JA+x5qE)`0=j9tg0e6n?;63g;4X( zOL<9%DrV(C5?a1|axP=Y+m*_MgNWT_4KReqp|yw-#=N6_1n10V)>P)KiUR^UDS`uh{Z? zos-fXQ6!N1@hfX&tHspVrAYlgOK2)L#C-9qj|*^-4kX|a2?BDk8QvTs^n`wFkM}%n zAhUZEyD_w&0X6-p6>SLn1<`p361suZ@1R_GQzZ9;C>SfpT&W~&pzlF+76GI0E;dP7 z-f`DZ!Je&d7~z?HlTGEqEbEo9hga#7mZ$*w^WPl^EbByZ{rz4eqrkQWqjJW7`4cfs zkd&Q%SaFjUxveV8y5YTha*GbI8hDf zhYy%B+4I4*SIHmxRoEA8$y!fzkHSB78IE`P$8_m|4_jZ-S)E}1 zahW*eSO#S9a3z&`pE*jt5baZ0Gfm*~Gkd-CD*y1SqV?qbhw_Swt$^iMzxgX>`ORdR zoZIdXV=58pj+jY?U*8r2iTfZq*)i$8(;HsD6W9W4u+O<%GTr0Ih(f?x?Jzuv@14?$ z%iH{HAnpEZ3b1U1tiV+LinlM(&`JO>7#Y#CcJ}5*$@G#PxvbPY5k@r__6V{oUGYwj z+1(eaQzt( zRS1PRrb1g}W?$h-S7(4`U5C?ZNXlEnuSHEi3=P4Z@=mvzy6Cuxp|_#^P8@y?hjmH?d+>!me@zLZlg(3nS3=H))!S2xuDmG2qzuyR`ufti&c$` zNNyei0!Tq>Tm;-#w((?creEbT)DWb{KIPdV3| zR%do|8ppDZ-Lw$@?+-EnkPM@{{d4$uc_2v64w>uEir`5%-Wtji zx-v?+*Bt4)VT{@x`Z;CM7HtlwwAfysS_hL@qd6)K!zv8lWNO{o?|)Y*qF|fDfHXvH zT-#|NaFD4DzMuHRqOUmF^+4jVvLqIB5VH}$Ix!Vm7F!)YDM&h>zF%XpZ+({bQow&6 z!)=&;aJq1MYtfCJ$sU-uu$vE>q_xkt)*tlJWVxiR3eu@CM9v()h*`o%1 zx^p<8o$zOSrNXcEc6f6%0;m2u|Fqs$RmI4sSL^X?OdAh3XCJKR_|OHm+(t@dr=MS*d2giq*WZA79#cfk%pRc{%n6 z92dbN?c49K92S;tmHh2GD4h8)yzWm2lUj{y-^(Ye;6#cUlb$*+dEL4>XMX1v-2+Yc>I1~uF<6v=-x43)ZSt~VI~y!njmOj1 zlG9&I$B6R0FOVp^PulAvT*RPIlA1j^jlrt%lH8xWx~tvePIj=$jTegV5rWO`Y{U6c z#sGrer)q17+#zA6qYS&^H&X}FICEZPN^y_&uYNc>l*oPVE7{ta32P#N{a#Qi(R(#w zbJgep)hFb52ny|CZX)++M#Ex>p^fHO&DN8m%`%kd+)2fk*eUz73RJ|2Fj@LdQ(uFY z-!v|-q6>aYYRJ{xsKGL}Qivm-jeAr_xJ3&(-59)DGm&(oYOj)mao?aa<>~({GWR`4 zo2K5Y$N4XJgB@fV_e^AR3oZg4jo3h9PY%TM?71MdJL0gWgk$IO>~LYKPlC16&dQdX z`%%qdZ5!B-)>|l#gBk+yFJdU!SA=>k<{q!YILCGNae_Mk3Q;TVX~=`AawaBN-=quK&` zy%~j?p%iRd71c|i0_D!3)|d3dJH zyRJV@T#q4S^jdBFG|1YMzq9_X=u0;@VHyWf9LVwv9;Q0dZY!;)=uXXPtaK_~Iamp< z^I@xU<{Q`|g0|*`(oFnx^?*z)TV~$i%M2#pRHlAtq3B{u-Oe7d%3)?GDBmMH^y-RP z_3~kL*qO4+k8m3?yJ2+!}h=?hV5D7?wt`dzKW zXv%^a{>#PzQx}^D{j4L#6&d~h3Ks#5h1`Afx3N6D+dE(0w=KGT4DCYW4ZVO(W=#E3>r&g`NU>;x`cvdEDJ4g@l-Su#Ii8u! z_6PGELKgyOcg6>Fc z2{k(slY!w(rT$pSFkKSC*iU~vk|eM-;0bbG=eENVxFz60-zEJUq@IpIje;y^H@^8~@u;&9^_7~2 z)kl&6EnY3hj^q{0S&#kYEjJzy;xoCKReI__%G#`|t($LR2Mk#)5@u9JDDq@i4F`mB zvFJVG8z;WLCQe+MnBFs%Hi3}?4K_s1-TC>qy+!gEUO$Vp&#^A2_#v*Ys4v9Zn;aKi zKRWu}TSy))d-dRl&wv}Xfgel$Nz6&2!c^XKjG^e2-AhCd_b{S$df;3Qp2Z}bK-LA- zAH(}^`7q2SlGjC&|Hv<~c!VLl_gjw>-lexAYr6V}^c8DQ$?wDzuw%X2?PyAe+~kJt zU4@iJ41=u^9^BRSU6Y~j^0|Ecp63)`6*?m&2`X(Pz=@O-5wqPk&f_)Ip$tq8AO1pr z-7?@>@@aoil{w!=38s{-t%PzXQSTy+<=_Qx-caWmKSn&esqKs;anP?bH)|fAVyR8C zUmrnS|Ko4qM0@Th`o;J};$>Oz6#-R3u+z2x)AewCFC3 z!BB6{htk*Fj#VGJC?J?qz8WyIc$w(Apr}W6K!rx{J*|k3>3WjL@kKwf0#?MDT*O+Y zS@z`qyVYc#kqC(X8O?MXBsIc6v8ZWR^$YM<*v&w>VRBDSLhK>Ds-H+-C9p0QkBFwP9n(%<#?V#=j+BmDbudM)G0_D-8wA4|C3Kg! z>RVyX{f$$wZ8_S*p##In)vTzW8%7E)|K?zB#!qpT?eedc3btj(Sn~0uW@(hpv{=ZV zjyA)#DN)za>0cMWzQ@Qx;lxX9N&PNNOJfc~lUoiJa8u0}F|q=o@Q4e4jb|@Jqq4(v zP!IQ=o!q|=@BU- zxclwZ;OwXG1u;!3WNW7b$gXlcb2_RFxdp0BCGwn6Hp`n5XEjZzy)6z#OG-{%BOBlB zi*=K&dJ8czw?m3P7Ovy#0q3qdqi%jAx6+tCAK~*9(Am5&s=H{-zwCB0qOEGf#{L^^ z10UToWIuLV5(Rh^!s(ql@qEsieG=Fb+EYU&<`oweY5f=7cil=QF?~yt4c_<*>;}}z z>rp`|SS|FSK1&m$GH%svn%5Z#(&tgFt=k^pUu!$C0ouAOyu_V#P z(=`3qir&EUT?xjkwAK>$Vm+kDEs5KbY%bHimRb>F{-83s(kMoCC@`&(^aRvw5zYk< za|68GKKuo4PeCn*EVoc4r#r0`E0e9dLMlfE>OM3Y8bFn!(CTndD+nAIMO?_EZ{{*@ zg2tPO$M{sm5ejLiQ8#z9@D>VIOmD$OcQf+^${dB`#@Sj5HeGZ`i)%@`g1$asLsL_x zpS$~oNqY7~0V#TE1<=NOJk^FS2=Ps7+1elGwq@TEg8BU603^{!iat#aynvt1WNccJ z72c-n%g6YRedvVSu^3m-q4O`0=ghqh%l)ygYw}91QV>^Kg$rNFdS87)|LV#FhVrwr z=)TgF+8qt~mYkQ74+zIZ#zrh&Z#qf0)Et#whVn}hPR!akL~CH>%+9)fWJR5P+r_KI zjH3RDRyFI(uTyZCjF?^VkECzxx@qnM4tYNjCsqPf^~cD?HELpNKD<`u{fiI&ZGC@J zKGf&b?x>WP*S*#yS{AUPi7)xbuOhtVM2)RNQM) zIm{9k6(_vJU~LzTq4&{6_0r&$;}B$A31W6=l(U^X@i%f2Qrfu4(R;0tyxmBJ-*me1 zR_z`i#yc3)qtRfFF%b z=+Q=-d`C9VaBLxJx-cr?Y3^ftf52*xw3s}&FGRGH4oa_$@6%$!dZSdE)CF7Q zIjRMKXiZq(R0U{1$X+8QFIDlNFsov0s~LL{I^t&SYcY%>6P4a9R>eY`^v>sy02UPdQFy^U9rg! zk(c?lDS7~ex+I588%qTSuH01Fa!BWJSw?j0;xT-Y`qlrz_XGRvV<-(Y@ zX!l5!!gJa~3zGE0vFH2ALeS>X^xNs%^{9`jywN0)B7UUDd9}3;zJ#!BE8~(0rnLg3 zzE%=T%)J8FIAF;P9xq<8>y#@1^OA*4rx)|8yjh3$MagPqa79`8dwsWF%m>e=(2-1tDWz_P4`(GOpAWad zTtP)C7~M%@u)$J@WvL(ac9Tapn6ettsxX+wW6bYkaC!!i{QSqE$N*;Z8cnP*B&?0l zQ;>cM)4OHL=qz4h;`8}T(bu{=h166RhX^4|=;E;97lBMr5R10n`SvJ%XYMaT%jMO1 z`BfUb_OmoJdub@o?k#ulz@H%^DOw-{iZUt!{2?Dms$jbCDpCv5UGV%^zu71AA+p)5)6aJ zV_S(pQ6vkY@~I?*NDSAL0MB{kMS_YPbG;MscV$heKmO z{xZ+(b|cmy!bSZuQ5W}|f*lDGDMfrXGrz)$2Ig3N_?&RgXaQ8dOeBB>)-Nmt*aIro zxuKorZ!Qh9eXYH<)dJ9s5l8YTx2Es*YmDvJr!atk? z!!z~K-^fiokWk?|8}HE(!}X)H7575YeR#NtUg>94raj+v9Bp(-d{KMVkBWHQ*>u>6 z+i>@tt8FJ1nO4X{jqSH9)!4Nozsk%xl^vS~ntpQ2^S5^I_$Bij>O=|_ME?onPi2_D z)fl#TP&A*$pkL5Fe1F}c>;c(U?@1X5clz(u3Ez~CRJrv`rM$PO<&PWAG+}o~d^xm( zrqO*|LiT4*IIe4xcqWPL(PAcO?gq!7#!Ju(g*X8(l#+b!rKg%vbIe&^h1Lv?>DkcD zr%2W^i4ifVca^}L`ATVBQGF6m_iJy1qfJM^0w3pKcGmM+8ILiWv#=9?;g}(3%S??Z0og zKAca4H@MARPfI@96Z;xw=pckKzzIUl-41VQ-p!*=*dj|Z&%JAvUVp&8M*_W~+6kC+ zCTb>kueXOklNrL-6+CPfF+x&|C%cYf0XHHm=U3pPUX`=$PO~!dQD5zkeeaZYe?3io z)%#~FfV<`kU;5@)_D-<&iEi_S^eWQ}elA(^%3$T*w!u=ccg9;6{gQ_Cp#SMeBazx= z|Iq^YuM9Bgxzx}2%il=Ot9mF7oy&zaV_G@IWo0A99T2gR(1FD8enbm~h*o=+Hh)U_VEC9?u3)W2E0Y zX9YgqWP1Q30Kn;pJf6m3wSVBCMwd)A^hhtk2jvSMw>>KZfi{9svcRk6&N!kxL$Hc_AU9EV|0`i`+qPNp=uWKmX%ie!pV_Y+HN-e&; zUWb;w-njkM4)V8~khvW>_Zhi5&15ba772)Brm;OO5rwDZO;a^I2-;v|p*DWerBfom z?azr_%o0F4$;={evxpHfQ|s9@OS?Up|Lgt{<$)1 z78D(#W@i+KT#8C1IdI}nnubcwlyxV(EZIv|x%CNX5R88%m;dE{k|-`J!|I^C7Pe=~ zeT8$i&3>E;TP-k-b{gPzw+ypn`QWq{-2pN4eJMj0*U1p zJq$tEo7aDTTtA~FhWmPr17Zj)53aDRW=TXxJ3GxsC#gA`n@fhD6urE+=kT&wXvZ=BS2p` zCbChTjdwoyr%Mt)-NqP74}nJKv!(Z_Zq4?@KhgDB`5`}NZl3ZBTLkn^C`RlMudd_H zJJ@!nQ?c>Go{oIg&7APLACa_u$8<(sBts-FoRz}8x{mQmjk3&F8tMi(| z5EzW(vKUDw;W?7iTaDc+Hcfuifx?2ZO0T;hg2v%+|K z?&#N|DB?EfBtJYqwu-Gqs+qOGL#^NN;c<)1@{Dd<%INf!JkZ_92w)fKR5YQRa2ddd z_a2M;)4xw9-fhw={F&H#nr`)tE3fpt)ft5Su==sNVtDUgg|4TR;cs-tQ$q;DDNC{q z{@QeFPm-YIuh7Aq(8QXV9JI=^89am9+xFxjJ%bsGhLbwS59IprGl8tc!Rs# z+{(aMn$7zsLqDUe*+DcWkInalZ)dMLg7~L(lAz-+M9G(V@IutAn!As+OvV{)MUYZ0 zAVQw#rG#^A#1Qw^lkrwGXuHCx)VrrNeKb%qGUyj_<(Rh%Q3uO&mXmcOzJZ^m5z0BUHpYw zWnS;T%LoqxryqG8UR!C6Fv3O`MCrY()0P3-eRQ7d2@`>c1yhx8KmV*;m4B1?g=~Qn zIUe2fQ0;b2Y^7|S837T8R~l66eyS|}hv`RjSCa##&yGe__ruE03N4{5W=^t|75(KD zvbwn{LnLD{$Ztbv`oLwb}^q0WJ~Y%Q7z#?lEBFQLoJDs%0rG}Tus zrjB#*d^`!1s{)M^1IC|8{ODy!+&%UlYY+U&WQpzD&piak8R6iAp7nkq50xNyB@bNn z-Vu+!4q3RmSTI(7vin^iBo*-oBdrPotJ;eIzSNiPvGgQNN^~aAWf!C%P%EGcrUA7m zPvdtj#%}}2a1}PDrg>$ue2q%G53TTXS>)##ah|YFA@f)M;K`{TJqx4VepvYV_sg}Z z2kBH-_sOfCkdC^xG&;)(zF>T_lDyTdswDkHKNYoaby05}R-|1^sB)^3yRmeS$M`=GQbmLNEh%lZa?2SA+o5A*#&ENpJ5(nUC;D_yw z!fZIkq9t!X6QhlUpj=J5TPh2gpv4heduKbEAsvEmoRON5cwSm%583`_o)aW(B9|nv z9hHg{;Mma?P2&h|V_IpwII4w2B>U)7I2kWu3P@~!{uZ@0o&9N=tFk@17$HnFoiYu| z(VbbJG#Xi2S0C@u(5UJAAR<5kmH4i7^vs;xhAea$gFY_k94S#I5nadw|5DB@ycSdN zQ~XHJr*2?dQW_TywRJ zi7hjZ^U+;vpZEcvx!@*>TsohB-*IP{ylIN2)e-9=A65-KEBS2Hpm14>gRrhy_#n@| zXR*Zq8$fZ#qC&@>@2D#SFrb(ySv7#71MsB7|J9EMJdKGpIUC^d7M(r&4(Cf4mVAbz z4jghCJI+lNH@8N@rZ6yNH-mIp945ZzyA&{3zZIV%aqQoAy;0mMOq7VkQ7)`duE2JH zs?HWvXmy(|er$*rBy)>L2z>t9g538c?Q_SRj&DLiom0kMN05t2uTdcFI|J4;$RIb8Oke|V z>8cJ%DMM=;ZF<4dzCd2OhU=}0c5>6vQRyG#ho7u}B)g3Cm6a2+Me$%S!z28>=k9;i z&7F4YlFUj2l|C%1}b%tGOrR0uqJBCPd*qS=-H0HhTNf^3g?}Q#(^bq1>W-%Zd=>MnHMcD- z_k30AiX$+q#}^5xE<+Ly5FtE`G2f1Vk@zX5AcDQ0A7dDrtS=B5%fd>L^C&QZ!hge8 zImIQClovCJ?Xx3>6|=`Drr9c?1Uc_F1QE5tFB)J+2yBXY+t(eeaX45H!dD`*I8V0btq z=mMrLtN|*m8!!T@si&tmaG2+6_s$nKgEMm71h+8ZlzZl4;bwIt z-Hr=;AW5r@ySCEQkrm_?xxjO;v5Et?3b+iYP;UJat}6`rnx#DRFuuEBdc_Vo`-K85 zh=sP36aid*1!LKfL6v<Mz&kiV<6d>y;utzglws@_Yo;>zk8Rd+l-4(TW=2XxG zjT;qf;e;>vMZKV|%I|?>O?9ITc#QYXDaZ)L$#2x8+2U5A`z2*HG#O(?g566|QwcIW z^5)^Dl7ekON3f_vLE3~2qxn}PTBf98DLNukRw|w^q~m?gdU?w0xu7jWEtOnV>4Y4n}R&;E-40zv-5AMw?xkp;--MH zpX9XpJqfhRPA}zli@4*VQKD~F!BKr>8 zo8qkJIJSP55r{e~5G$)3nVmSd{lIb5kfeqDLgX%EBM+jW;Jesn6<7X**7)EEY?XmB z_P>()|IY1mLD57AVXw=AW84Jg`N8Mq!4vaszcmJQ6LIM`tTe-7?rI~5Hyt>Tw&cDg zt>$6cjtCHO$xfN4g9}FrVytSPaa)E$6`Bz#*2gjk9h*(b!X|9T0EJir!6i+Q5ufPY;v}el zBox;u4F&)jufx8~K`=|pCMH(vctz7_N=k|cy9J5W?J}^PJ~<}`SYH&-MxL%g(8h2E zFFe^%^Rxas;KRd(2>)u@I5RhK!od#`55-jl``J~xVCsIAfdM|K^bVkJEeVI3ko$ zX6{pLJx{DiYjaw9MPrJUkl4(*2#&J4j1hWlreZAq=(L>4 z$Z59|&?YB&V`(cu$szJ7SdsnRmQmWhhbk5ApEp8dWgkbZA2+Bul89^LUbSc%_R*{F zb)7{_+Lrxl`{K6?V6aT_8~)DTJy6S{1<+#|ylNIO?J2Mk&57BVD6ZSE8uB*D!|_RD z63>aGYfTlRXiPvDksu*`k#sx1swFZOgsuZ|JIO!b9GrA{mmNs|2gNP>V_Z1!Q@zod`6e_vP1*FoZ{dnSEE@`XYo8jaLvM~cwa3lBXIF05Y! z%q4RwIwRwz(Ri0CG*H93q-mw>NX>osYB#y&Ag>@Kw%c2dBQ7HI=HRs6k9RsV&)^-p zLvF8EoWvLe{xd3IYjdOKk?jz&Dw|C*vQ;)ptM7eQMf#2Qd0h{OPFya(q<|d|3QVtW zfL*T%Uswzk0PPL(o+WEwWUn3&j@&4MH`{Th8rxd?^RPzG${N@C=ixY$&8dUfN<+KF zD(Ot@v%&*d-raDT#n!(p=AF?Nr+u@)JVbt-+4Lm|j#6!Ce*4$pVo%3{1)$KQ6M>AH z1x`|itKqEaUDBt^yo7hC19qPVWq*nl?Zs&JFr*aLSV+Km88rg$Hh7?sp_WVTUk9fY z^B+}K!2ULY_8Q>cW~E<#`Fm)iGX9YKobptP*8sH%S>E6Kb@kH9N5!U z(ZCn5#~<0hRxXx={J-1p$aTZJb}qaAx~8Hba0DHMjpY znY3WtAEihhZalQCO?)pqOI6}y!@PHZ?Z`!lIZ0OdyV_zH>biQ#?IkD8z5I{R`Gjiv zBD-^`-R;f#WxD5=yjedC%omLmptVgLVR^S5aHCDP93F6-;Yki82+4t4v;3gzjCnQ| z(p(Ip7yQT^u_LRL=>LX{5MTlb%J;4tQ4m8J8F+-!nYANtLI(zvS)m|Gg>_rZn~ zKgG-~`jqLEfruOtHkmT5xfGh?r97JlNyZ*zDKKuU{@k)kLbE=M(7W}#z@<{Y0=BCb zCnjQIeL4h&u?n8#m&(6>Ma!_4C+OB_2iCKmv;H|_4Vw}lYIxdeR(@#c@y;D51!r5+ zTz}Gd*R%iZ+W)JSaZMN=x9|@I!}aXjsbUbf$h3q7E_PBCQ#vF<+6;SxGeg4nQr&IA z<17X!FYgij0*38}SfuNI&xm7rF^p%rgsi;#{nW`rd>-6Yk>ArU1qwIOV3~Kgqb2%L}2@i??X3e64sz2>$23$i}kuOOO^6g|kYzDG#vw;Z@nr0b1KeakAG!9gDk6@mk)Q$>0fIjI>mz~ zd>)?;H(|su_Hk5fQhSiJ6=Yr7kaq{!9s57*lrIbP`lW{KXLLR5@>=_EQT+pL;8c$H z<*zOq!O7CJ4-uOV0l)m&J3o|irb^D8e1G0{O-iaVwJ6;JRv+2O5xTp<9U-b`tmz56 zl$+@~r`_6KCOf>s)tpLIOj10%@tn@Mg%9G_mafl~d{c4ARCERlV5t90EQBOB-(2(n zF^!dgiLu^1rnSYgJA=Hu`{>Fxgh;$lK8o?r&1H(PZ9g@P0DPzNI?CCIo12@RKugk((VLaiXEN2LEs+PXKqN>Qvd#GcvYEE{- z9CG!}`u#3e*_o4_b)c($+~bjNAcw!H0{ptrxvp^A1|P2hV+ z7P^`FqXM>JfDs-mcnaIqLI<6@Og=0S3w6hf;T2P&+&Rez%s5MkNmihg$Z9U+|2shc z0}RF1DA|5K+3sO-xxLdjN>-|9<^)ww^06=V?oGj+HH>l4U}~u#zmZo6^f|m))!t!K zh5`3*{L+yhmejrh0wh8~Y&kX^bU%oHOV_Kx6p;;B{M+z!GgcNJTfGb&6)btgWs*Gx@P<(J;lGSHGM z;Kz>sL&lRXc744VTmp&fD?T0FI6~)U&vw$J8$o*4q$#V2B~5sx?kG#hU7L!kp{)K< z{#nuw(T9-kdJa_PIfz1=*$b`~PN@_Y4)p%m2Lmh$SvMXazcC!ZY!ZD-5J*wa)Ia0;$}K1a-iK z*MkD0%-yonD?M@3`!_qejI*BE?dWgpU(WS=j|>K)HM^vZOD+5uDcjH2K`y{?2a zF5`@`G`~JNmI+nB3b7gKxPW5(!cAIkSy7Xq7g3c8qUfxF}s5C(_+qW@!B4kP&ys5s!5(Q*vxm6gt&CYqdm^(v1 zXSg`fyYI%WRMM2Y0v)(JbbNCM^F5nzXHdSz7A|dfC~{5?m28VPxi(Lc&_uxfsSJ9l z!jelv6F_2EP0>_rh0BV)taIfCS4yO5~u``u_kesK`Mg)b7;@E18>(O`}7KdS_21$)6C8-uDxY z6VJFg(m4xiLyFm^Ina?2R4mvg4P#TmzvSsydO=OLI6P zI1_99LhG*b+g1|z@CzcjXUWFZ3CoWf<2qSIJ60*gHS+3ts*=Bt>IUXQb|;vb_0m}x z(58N9Mp>(WpAwE@_!?TC@J}Q8UpePf6GsN&HhFHCFT>&^iW7ih6(v$*r!dYCd4@)* zw+w55g|zzOb>*Yh9_mvhZ+}x_2YqTcAkfEq?^K4KZ4)qCw^1^&m4Tu#VSy-ahLy z=34s3gYyegCb0eTw6Iw53zPgznb|c(Zr*&@vH4d<&HtBj@?1Js6rGPs1Bnn~M4z(i zV7JurTO-U3OCTR>My4=cP-3tCd#kmw75f%W@|5gAvPQS37w@;_{n@jhGS7DKgXR`f zG{x!`^=WxYppyXsLAeR9eC}$831LO{J4n260&VLdABFye&1SeUr(>M_#^+w}yXAUU z=fGRBmaW89e;P-?Gaxg4`^)TB`udr>3mtb7^!m52|MuhEh*>X0p%s{**D!U4`Qp$0 z_(9#Hp{bcvs94kt;MJt^;cBPidaZgyI;R2(oA3~x!h8EDtwEB>K_x>g8$G!$+g0Fu=;2 zasgIzvR~U2Y-n=yT$NI?_02`!W*p1p^8GBxWlfdvTb&_!spgJLdPYo(Mh=VuSdiOn zdecv?9Fc&t(1l7!`t<-G!l6q{-6fywDHv53p8TVt!gY7$nJl?xj`4V<`gbjURkLUU;I_4iUd`0 zhMPzRfTd7V1f90GK&FHd)ctU^CQ31176sIR{ss4Qc|qrqbEkWJKL#3M(hB-*Ox~=> zV1rAUwoUP$WUNxLL+>PE$y0@ie$;LVZYlInH6CS9V_4QR(VTZa@d91}$TgIk(L%J+ zt%54jtKA~n;5Ia7;K;lr%Q-)a)*2cFuXgDA3REV0Eu{)Pi!*G`p@;vG>nW z<1z?A8Y(~NA`jOVSoWmYW=x2>V{XPA%FMxJ3_I4ST1r zMUuNVSq1CEx7PVq0_DJyj01vrX-b4>p%4tx}riL z%(ipX) zL0;iAxI+i~B9*wwQ=+b%4~z`_*h}lDke)kzZ+UXV-``cIbwpfl(WN=tY<9M`5*F;( z+U9M!4KSwE?D{Seez*h8&3^^df7myC=)gmHDNnDa$pG^UGhbD1U6-I1n}>>@iS(g` zv0gAK{*d{-368x@@$EBwfyZSce4uj@j~VnyDE!u3l)!d(q~IAA@1-kBW|G7<#M?VI z-`x8#e|4gSNQ)6WNJOf;BTonryt$a!mGlcY)7hC2OpLr4tIiQ_i~iEp)RzPqMnPO0 zFFcMQZbzHQ76_`mZ;PAurX}XZULWxX9K?p_%I z4Ii`IUpCW!JXL(iN7^zCIvxH!ZL4iO&PD z>Vw6fk<(W;|9bf;i{F(dR3a~US7zxoC4#fZ_-wqY5QUkVos~5%G$o8oq{u4j|?y^lXhkjIp3&h@1CGhx*vC3 zVNQIL@BxTprNzYq@#SP*Tro^fzH`W@-Ms;LWHx8e0kpyHCn8X*` z{t?SMnA(?D0#)tx2?7abtQzNzzH{bD273->gEVfrxDrSoR2`8s65}SP=~1qgjDXO$ zNQS&(;&W!O*tN~u^}g>pe`1ZV3u^yu)J zxJKdtQ1S`BATEnQn8-jj*RlPQvR&i+jK03djKIVK4;NMtI#XOuO%e^ZzJ(q#F{cB? zxab}zgV*&XF|RpCjM)dP!b0t@Z!dJq9l0((noD5=&-mFZ%{}2iuH;`X|LZc!&B!sW zrzt3-kwjH$2j3-{l+~3gbiqb!3Rx;S2*2RoVgE zp*MG!z~h@9w4?Larn6Z1Vpb3SURLZ?F@pE#^6&*>`XWWOs^`Fb2|vIUq1bWt$S zGv&&ge}#Q^DX^KCi{L72jf`xL%fBbPx#9Grq7E@y>hSfPNp#8np(dXfi^oj@%e|Zj z0qVr#^{-z3F3lZMwMe8{am$mlBa5tzRKdkbr`eA5yux|2A~Kt=~jPquKZ!5MCLqS1y!_Lec$WY z_Z-^NkbXJeSPb5Sxkz(8e#Xq;`I;DO$QNcgNmwC;Mp>LUKO^E$|CG}G8w>n5gD5u# z117#_B8fi?;P9hf8ooVgXrqxpo6#BGQe%oxp#c!q!Ep%j&)(Ijtg^|{0v?tL!@5?; z-ESK7y|q=?eJV7bpW@U&dZ@t-xl!Wiz2bpfpu{!AVi*`k;2<}_5~!9grL&jXQ1g5m z!Ev?*eVhuqS^^k&lE8`$QD)=LEW{-}fduF1RWBRbj_b|0?;7f3^D%ao3+;7KXOI^5 z7WQG&##JRkfh^;KEg2K{n;34t@Hd7d9$dW%jCEJb5V8RUwhZ!~= za*H~H#xl4WZBBp|C)F;Z#ySq%%e;K&>N{XP5?j3HYz!-$`cnF*Rt{i~Evd zt4mb$>yskSS|dpGq7;CZS@%)nQ4A}o=;Q~0*1H+JeY%WkCSBN8Vc3{6+DHOW!bPZ9 zEt)DI1)??LM(0MCz!xJt5Bb=-^+g{xK>f{f$7Xpu@ilJPYCBq>Q2CrSzTd?z}& z2i*gh!2j-jt+T(YisncWqF*=L96`xBU4lYf_b zy@S%njmBHfYyb0Ltk+55JNoP{YjedKoQ`B|1~?;7w|)r_oxITe077HQ?re!~dYKAv zeSLzSwXcK_F|)87Nsso~wVvM`o_}4^neJS1hzNoc&p}S{m@kRT)pM1lJ?|L)c(3QS zjo>=%E=BnExTx#V65}b(#^-M zClEewGM9Sv__(`#>6yZ@wl5!P5!AolbxcD0ado}?xld=1d{d}OZ0++eH))Et?ebMC z9F9oXyU+AL6K|_{(2{$IPA|LQ3i8ASU#cYqH216Jt6^gyE%P6@BVtmCi*xhvsL{QO zw@CzI!H7JPR=JTPKpc_^-Jg%U-E1U}{HH%veCd%HyP5%9D z*l&lfsGuLuJyRxDqFy+#i@jTZt8l5!@-uO)Y~91Sts5*q`dj&u*RR;i*-;f+|5J@o zrT@5aaI~P#6wtIxl6-ekrA%6VML3ZF=Gb>?6@`^%KZ%Kt7CY5Eg`>$-+ot>tuksA~ zO&n3|B2iKb=r;#?2$ziLI|m2Z=@uu$Y1GiISsvC>q+2Gss6i|A=Rc%Hc`K^UeoS)R zVI800zSjuIXeem@DAdJZC2jka2Ue%5WJ^grIw_WCsCt$f=jyTEU@z}|Ao{5nTO6gF zdfizTXSF-&&yw}Nc`87q0Vtw|bgUqa>S$|APfkwGc;tC}Y5y$s1Uv+&*_pGo-)Jn| zE?!w3%+|O8IF#n|_`@@+o+O&ajkI#?Tq>{ryZgH6{L#sfY!DNU*=TYb|5SSM8E`ts z_E`7X*6uEp^>-F(P`0~CGv#oLpx1bqxC<{hyUnbmMqd{HCw}o8s#(a# zlZiM*D{B+ScTFu0DsOOTWjWBt5{!SEj3R_9z8m`LFp7bOy+o<7>gFy-xrqaIbHP%Z@2rcI?kilxjzGl8fKG|KjJR8hNG zobT*eVL_*|_JSJ)GpIPQBQr>_aYZ_Rtg`L!TT|=Vvy~F!ScN6{*x5NWGeb$5SfC$$ z?i-VFQ&}7!1k!8c@Ly%*_KHC6|BycZ$s!RWMJetGc*4~U$;{T}C|vl?3EWgMvS0=} zvg|arxujJ*hj?yE;Ep26Ug@V8IaR!Z!#3hGk6@8`R z=)tWzuiVK9*BlN-`$d~^B!+NNu;pavL7Pgdf@Jd?vD!?Ix}};i#>g6DtRl{WpvOo6 z=hNVTtF#ertoZgvfW87vpjihaQyjq>1`wZvF#=Rj-%HesjQ=qk1ZvE*SRk2W!Fr%y z8}9lXltjU{jwQ1(Sqq5#{hHAXi$838d@$lQuBlFPu)u_}Wm*PvnJT?Dyb6X`D=4a# z-|iMaBZGV=(G**H+{!y&oV^dVgC`Fd=Q>vP3^hY~E+*Oh7nT33(!7@5HnjyA#rP-2 z|8IO06f8;>hW2)m_K?O+bn%;={GU!3?zf1y1ac;NcCpZ+SXI)2dzdl8wjPfywKdFHx}B z!b);6c$4q;2kq6U&DQ3x#QrfnRT0;&Oa5mx z8$fklm~ES>wtuDs0FN}@)GD{Jy6sy%FtUPI;Ca(LeD;=t~6tQLBWj zuqGi_Du81rNGJq)UekEb@D6#P*oLzK+P&9K_0Dt}7UV5G!O6 zT|+m&n`5Stgd9ez7c`;sCHK*o`!`dVw{XkRq$ylzY10hciT>I{L5d|0tbaB}{wd+w z*)*xBxvVwHXlX$~?EAdZ-mLsXeLe;c(t*67TXQZJD7KI#G6tldDo)TcQ7p)X6ne^v zw6F*QX5S`{ZNo0zMqnKPvz6rv;Ifp-75_$HfKzM;vol^`Hv3#TGjJ$fJNRTJ3-Q#9 z4I9M6vVW~u=XW*N#AKMUxyEvN|y(nZ-pM4C{~#}u7l`S%g| z_esG9i~dqav3-_hYE0%aPlf3wz6+jl&85^?op!p_qHzVx%QW5|r*OK?^MU3@9qc{% z)rFWiXNYX>-@m0C7vw1ARQC-i7~~giMuAZLln0}cl)WC4MkSSI*r9A!WJD)WqwVCH z0qQJ@htDs(i2H1xBgL#Q;1GTu5qtiV@;(Ag!c&_7ic@0+h6kSvJ=O!LG&29`FKLst z#;mNL%`uE1062&u4RbfMkU1{^Zrd70M#A5~7$nKQ4n}cgZcd>X;$`SuS%|9^H;e*> zdF=dPU1!~oWi1D0xC|JU`|ShUZ4SC(+JTO$Z6bqQ6MAhDWr+WwZvbG^DG|ammHTO` z6xT&*NdzeDhoRBG80s-pav8&BQ$|jRa6uZ-;)&NFjZJ^!hSfnbcLL&|E!T&|;_!UR^Mq&Ts zgmpjKv6MGcA7u}X>wfcnBg7KJZM6b1UP>kd5XGqm8iKsY$-o%9#|8)$5*p@h@Ye(6l^$He{y+9(#?40!^C!3^J#x>{%pB}aU%Y1QJPXNJGW%` zsi=jAgT0)9;4ZuN@0%pYRtvkpoBKqrqukvNl2G(T{^XJpWdV_<)4waPrDM(isg?$? zRa98VRPOsx7Q77*)RrV;DRPV(Skb*H zU6fX78@0j|7qr?!SsPm@=sIGwt0)DqTP#S&^G^#+ed#~W>(<_J1=4!MAA~F2|isYE_&(u(f<8;2-zYvh+sh|Yu&jMrW zqPpr!6iz^s`;~oIaBdyY1xs#C)8u&sW3!VjDELr7sRAJHOKhVIM7V2 zu=H?QH;ChW_)5_2nN3weA^AJy2M>9FwxOZIP8DsE2S zv^0dgxGQtce(H&oWI$;r|{L-i|E zr0uHAd!|1QOy3`XL1H$SZx43>--3?z=|sf2?yU-^8|F`>jzHiaK+6<$N@W-sR`ON@+V4R{W=n+0G_Gwo({8Xxsp9 z7t=kBJs#WHrkd5%ku?3<9~7okCn83GnaZ~Z3BTh{fGZ54DQ4j>v}VI7(9)%GOgF3K zWzaa0@?%)D)_RVgeJSSTEa!qiinx8}c0AKA$0JYu;Qi^U7EcOYMF4wI>zuG9A<-(v zvz@USyMa*8vU$atQfxT9BF9=T<;)hQaWHD!2r7K++ZC!Vj%%NadE^X+rI} zXl8$A%`_U@ik||74Fx%)7>=L8)E>D&_eMLAVPf<$cv1c7xJGl?iZH&T2}RpPp9SPBl}EkfMIf{i&(1Z<~<}WU4};Exe$qIRqs`=uYwced z_ep!W4J)?VF|JLsm@6S``_n&CIb7$5npm%Rjoa zM}cx=C6wte+a;OLy*YEfvL9wQglf-etgTu-S!7-1%t-G{2q%BnI!v`_yjYsw7H~*c zw9Lli)%vU+ch8#8(b?lk2dv*YE&|1()6-C$;~PAKKuHzb1I53L%n@IK;dNmk5e2(hS>XX?(3E3LsYVdnr)RtZpKX? zWkEKBNHKjq8nHFf2b4C;>+7z*P9@<$nrM>b7QEPVUA5i2dc+OHJBc@*F1S28h_KWB z9MZ2fCQx`@zN=W$9{&k@=~qzx@mU`tqoNV=ZF;t)5 zJI0P&oiML)a1}3zD$NV117y&%g1vdqQiKdm)`{Ygwl0uXGlXKve3y4Rb~}>Tx>Yxj zH;e2Uvv{v+$D}Yuc_?9WrcGElJ>K^~H7&vJgR~4$bzF0-ARzwYBPoj29?H{8>?!`a zXe*=GABpAPS^&O7r933qvU0%tfEf8PHp(mJ{PuqH&-5wKGw?NgDrf*v(4F%xB5*eK zYxnA~g6#UZIjn3Ng4(cYeq~(OEV-7SFy{QC$4B!@&+~9eG3N?K{0;Vf{q|F~nn>0n zbO>H8u`Bwx3eopf-2EdW0~DDDXZR1jt#toWNdu_Wv7k~3y8j@X(Ro9k0iqCDj#ZPP zeh?Jyd~k9IN;AQj%XE#Q%V7_BAW6H%8!pKX^!2B0scZ;JvUj8)c%rt|9kTX2HH@V) z?0|f4JQ~tb&u@m=>?L~0_YPAvHgk>aBODaP_;SRO1_fZ+$Xg8bMfHCXySbI5^wZPV zrh6;;M6r?xd)ZU4(!b6Mp5js~^06)-BMbt3*8~a?!U|)+;1Rn+F4Je37wkUOC+l&; zVg9$54TE%mm(72rdLm$N)OI{;6F?6BNhNSwLv{J* zum}4pRJ+oiAJujU&ZC{V&zTq==3ZaELmCznWIgEF0>nz>@R@afw0q^DcTYJK2+0*2 zc?vFfD>7x}M7xUD)6is6xSrpQo>#p1{#N;`brs`I@C8cbMkK%HANIs;=tg~K8rf8> z`mn`kwnVP+EGy=sXr-hfr_e{7ee%F6OH+RD_YFww@>PF=M|IEk?1f@=$-`rvMkle41%kFkeneE&VLO)9>K`m;616*g;;O-`roHyfjMcrdEL ztt-FUAx`}?E8Z}(v|h{o^gjPU2MhC zt;WiZ2M#&RL~^Co?aF68Z^ovg-zw%j$HB}RPr1;BC$i`I;l`-t zP!`}mOU>6n+QG@7bP{c}_a<(6_9@-^qc^zt*kdEO^-}A?vix;qmikL%?_Epv7Ke>Q#18_LIT4hVOsSVS;o@ z=BAWHjH_tb!}g38epoze$EQ5K;gPjozao6(&GEQU3d_>{rlBqhK zUdk`<%b|Iz=Z_|HVX!DBz{~(v;)p^CoN0Nbl*&x6dhBC~U#?+VOc1)oJ7;HjhUS7dlP~+@miNW!%w5)19 z1L{Mz4o0?45H_nVrR^pAEy>;YtquZRb+r83AxC9~P4SCI%OM^>Ybzl~&%M`64R635 zT~^{~W;2H_%v2Jz;1q<7zCDx|s=L z36kB|_G{djvP^-W_M453=G+Ranvj@4M&Mm!hjeI1DjimcGTciK!{e)@B^0*)`ifG-9xQ zyYCDU+i|;5?nHVKtW<$U81}1zWts}_?v}Zl@T^yQ6YZ+P`mzzLigi|&7jVKyc^}~9 z2ZAFekt4>25-37lQ_o=c!wu>_9`Taa$Po71)L-Z37~E6c;KW?dS<3UFvN!OlaoUj{ zn&eR%VdeawKGIy8B*(KFM=Ac~=i6HfC3hAz66x31vQI7J>fT}+6i3_eQhl}V4P0D3 z!TM!yX!t^MnWke$lO}vKvY!{f%+j9=rdVEmnr^cvV8sp5X}j&5=nU0hjtSg2)87^q zBr*`LV&r2*owA)v-BA*Lfo6$)aI{?Er65b#@c3Qjlog&Q4DGC*eWHp$LnB-N^>}lI zlrVVv=?bF1qdJMmj1q~u0=L41P#tG7!H1`y*5Z^epG~_PaCnZu--4=*i`f!E)->Q~ znNgr%>=XPEY$4&rV<)vn@Nz5W+ydQ3zz@5i&{;h1lhwOZp8&aq_hKu+K(SJ4|AlcN zU6z1{*pYbNN=x9+9q#ix(poCG=q7la$nIVEnZxGqBY|?_9bQ6jrm#T7!rCKYl9X3?92U(Bw6DBVTZa zzq`ym86_3A`X-Qkkj*P>m#zJsdwge2{-rbcr-HsV3f-4o_>>neFf_%kpyii&D-bW_ zrNuGhf{rVcmO|wN?~nq;bo9x_d#EYNG>z9+2Jl%KQa1-vUA zi}GDlCcHnRC6ZR~j^*qto)zX4Z8sthvD)&oubeK=VPv_o`vQUwXsogRI$MVOiD&EG z_imTDYM_jk@O>olEqOts!X;_sq&hrQsP%rzSz?a#XfwOyIiD}}ef%&tf_KfQsmAwq zaX;6FG~Gi-p2m61Nz=S_{4S(WztEn+*S?CvXagWw=^y#3^g^zEcA%@Py}{$ayQZ81 zy2BIGVHEH7_-_z{<%g56BMeIi+! z6)o@Tw>GJcV{mQct@&Y1iwB1^H%qBXk>KgS#sF;O8(ifef@*R*sa@?eB=y@h!S`YP4wqU7O96jEd77-gK-Y9pqw$!}9pabP8d(}%8DwyXV9%T# zd;cAwxpkOC;TbE;&qV9>eNZ^D7c;p6(U{WZkT*n@Jy(7!QVyKoF(bo!totrm91OIv2%@$+nW-oi_cw$j}N7m6s=_1Z+-zX zn-3K_pL)gKzT11WJQ94e&rtLjSWBI@=u3u1MlR+fo%`bRH?l9t$alfWlI@|dUSpwo zNIrf2Lh{GA58EPfEG<`HFwU5S&y3yD-4H2^fHJUF-Y=^;OL?w9eJ<)C-VYwcd^$=p?PIQRY0FM123%a6Yo_2 zrGN?AJkQKBlRqPjcQLIaM?9)28OYp;@ZuR}Ci+V02VkMHW{guD=!NAhU7w3ZPwhA>+tLq)s#1ir zjbXypxR?3jYtl$wa+@3+~xL;`}E!Yd;S71=(!_>+lLRd zchL+fIa#F5JDIV|S%L~-7fcSQ_z0mN$w#)6(~R>A$uTN?BRzL{eGuYLJz|DQ^b1tJL+LUM_|zZf)TO+$NbV3{>0 zt=p2(FyuHaOt4@t~-vybe{8KBKYlnpEs8odFbte& zE1)n<$$0}Jni#TF8Sk95p$)Gd9k#6nEj%Sm3nqULtZ2*IpwYEd$K}rzURzN$r^&^} zmouE@feT?XpNXm6ELwidPu)*mWh5=ldsHVpV^LXSuguHzHN6mZt@HnQB>7pRW8bA!K6*`A+C{cFemdkaE0u7l5&S1*}|W0`)Q`*GO|^5lh@GZyh6e!C%fmNCy^ z57Xj>k;aRTST%XENTd!0&FEC!*uCCWY5RE}1>^U4k7_|0R9sr!y4os>*OXDP?&BOMg?mYydXukC7!&VV< zf&wAl%q&zf$Nm?{M9`jTS0!nO)owyVN=waKAMO??=j;S8cJ5W=@K_ctbT`}G*R(Zv zFeFXUGuVen9OH&!fED>9dGU=NRw=oy% zXd%GDD{uSlh^1VtZVuwzlCrCkH19z>1Frbqr@tgrJshyQ-44X7E~u;TQzSyZB^FkN z^Y0zVS!Uf{x4iIQP(*tpI4c`ynOLm0!}DH&KtwbEWdFm@RV&9!=$RRkV)%*~!wr_~3o|u_ro}dS&XY?CVSOK0r3Q$oJra7uJHAe53EnZm zl@3V%UTBA~kMW?#o2|6dcH*edEA3PzLnma5^1T~*#$u&V!RSeR$|cqh3hqM*K`ui)2Ujmw zP^to7{^xZh`Sh`FLiLo!0J4c4nxB)vuZE(@X&@ahDL0McT=V|(nZ7=3_94D|s@cvT z<4~WW7&g_rWNb`*%ZrWg*idEkkkW-b4chu}a5cm{gXc-G5$5IZo;ZIvODPS?Je}!2 zOPm*(NLdGN;i1#YMzrY7jH|qPcK|Nf)vjospOcp-s;$^{GF~}w)=}+isZgNf`a=Jp z!y1P37Glc}rvMPZzm1)Lb(9Hmc=4Ik_Zwd|y4ja2=1$rmJ;FuPdC8$XX3qRhzI zRA*+PWVMghlfthXfaNE3*~6PIPOi#41u~c1V4x%BvJ)+kA1&lFaW}eTTL-b^Hj~>H zxfvwnD`}q0VeQPl0E-={iN5eQL~~}2rI-Ckax!geQ0YV()2fh3kznfduQlIRLgkw6 z_Q-!*lm3EblFU)~#(=WWv<#;A!HoZ}sB`XtWbym!=p6Zv3&MZIp%H{2i^D0s1Ris6 z|E5pA3X6LZDA-_tJMH4mTCwi>uA`QOD$t-}6oTI~m`;gE+*jr0o~K@IX*?ShZRKTm z^6c%Q0i?O!t7QUaAKyoL+b3Q7Hnqh><%{^^o^N#G*-<9zqiYgBsj()rK7agH7d2sX zmmF!2fnQ-b-}BTOTQ@$G7C!G&sJqLA$W|}^;m3^_2VRYb`)-1iEvK9Az^y)|H59pu zTZQIEx8Mo>?~ajGxi{hh!^JVC*ln9Xt`~z}tV>GM`LAB`n!yVmI6O7;>IgnW8!!5o zyzEiyL3{U%N;yw`B=aPb7kcy%aN0xp{koEQgH&)&kziVTQBRxtjIiHaPon0Pz?E&F zf$C}>@m7dp5@;YVn}Q|3)ip^@ZW)WEZ1IkK^3LgCrZ*~f8g))*{tpm(D)DU%tDX6+ z%X&|3BJ`33!Z(t0^?SJ9IOo?%{vp{dX=~!V@7~FoEPQ*mV2qWo2g?>36UCey6Ln-+ z2CH1Ql>FCbY9U37JX|j}y6M;b^F=8{U8i#YVD1F1BA{btj$iSQFpHvO0KJ=V%OVz# zep;p$c_Eu&>emk?JS(d@ueTkNbEN*1*Q;X5ep=en(-#tLhjzKzh&FA;PpXoz9clJqMRXNC@w{FKH`1ZZvH zX$Rh+z)%wfC6q?7nUDRP_6*!eMZyLSdKnO#pihK^nT%D54EtDB24}E32neB@BJTaIC<5K6Y zS9iC0uOyG8TxTzWtWN1GkN8*H>+ri@4yNlx`N>}52L~I3<~dbPzuFcr-Od$6lX|l|^+pLA=adBCq6LNQ1 z`(8_bucq_9nDOMyjn2ry)na(=IBOCV;pjH3%#g*%a~jZS$}yUI!OVr^146J)v;JYh z$^PeD{f)E!4Y#DeS>3}g(suXusGEUd5^!;CEiCL&n^$2sjq8Ngp4UK%2YONQ!v#`e z>lRVw1FwIa@MECasq{xFBP(TM7O@Rf46(K!KkX2EF%)+vtN&~ZriH<}K$wXr4 zTui$Io|qe?Y~_@se^k$3T3(op7QL?~|JFVYM!I2bUN%r7egfhp*&;x9bC~RIY72{( zaaJFi)7>j^hbJfYetacP>wt@qp_SA({O*_5j%|*X9AxvRY>dt`QpMiC^lq(mvh~dV z3xj!nYt3oUO`4}VFX^P(LDa`a<1`+7y@)c)!PH3#*38Juea6g_l4#%-xUnL|2Outv zZ&8T!T^;i4S=^nBl;A!9{w5HSM>w@(7A_7*XLp;QPiKaXzT<{F+3$wj+ZD#puw4`k zX4hkk;bY9o47hdPLa5$=Mxqle-2rTAJGMTpN8nHEs{zL0=DmT3ll7iFM+mjk2lD}7 z*WMyPj`Wl2SG~ii_4lc@Y8C$1*0p18bEA666PGxjKi4kP0+}l<06k^>=c}Z zRX=t2s{Lw|Y0ax2xhN=@Gd)V_ZOeILpN)qmTS6rSrBN};>|8(3#cGAmMLGF9lRKx> zTHE4Z5iHfJ>NwE3KkYRbd##RR@1y+ z_M4y0+rM$V#TUfv+-T&1*?^TIqx1eh`05VZsb>wmyOV@Yf5hspMjiF#))QLOTdNp~ zkbc8HtBcE2>@YLr@+Z_@pz@hA(R(hH!@mvSEMM{gwf&3HImixah*{S3*ASmOYdJ#(K zU=?Ti_MiCtoCb+Q??Z1|we5S=;1U}Sa-G$AFEH0gudt-rjsc{Qkf;5{fGOK}|JZ5O z#nd98yVB32q?cxQGt*xgl~@`n454zs)%!#>iFx*`*14&=vf2->$S6NB43pZDo%7pD zDplmun$Jw4-mraZVvxbbyG!1ml4GlwwW=HH{rVT4^%a6KrMESUT5~N^xQ+@{hW2jMo3RG{K3fIqha5* z7woauB;a=bMIb^tq~^b~ksFHR^Ks=Z{mI?8|3n0~SjV|aR;7@4`!68`DXbeL2_dg1 z)z;%c;e^2h$iJ4LogTop+8=b?KC@JK*|e z>|=B0Ocxn5-={JJ?8vPVL^Cn*M=9+V z%4IeQDFs)NKOOxB`i<-TxqRzn*ynJ^9_{d$^5mTkXb;L!^lL?vKv!DjG1i(vrQ# z2Vx-L{GYesUunu6mX$?ej@%O8zP1Ld1W|E^*gfhqlZd|m_P#>M7;a|H!ob0GWu85x7oo)aQ=DA{+ScUeip4boYtnGbz8~x2IGDqz^u

U( zZRom5h4JWYi*CPk!nT*FH#05ON_;r9E55!>rLX?{FPPQ-CaRshM``Hy}1h{umi#h|dybyWo09GzYnyp7B{7gu|S_pLJmf#GH2yNgDg8I8}U) zH{;GRcWh~ua%hCVR@@|R<@a^}ei$ZF)$)>PLYt?gJZa7$eeKK{1+RZMQS)uGV@VYE ze+QZWwb`O`SjU#T;4dp|Wnc^wUFTp0`l5t}H25ucvL>wm1tV|210})u2^X9{BG~@f ztG@nJ#X}eAQ?9__m}31|tZjEx(HIO*E&H6?SF&!cH9a5P6OEsR}a!e*|FI0WE>S0w*9aX zL^2;dO=ZZhp?}VRqAC*c#-Dp|@M?0xB!WlrE%WJ`cZffCm+4Elp;4fS8*!-&{b?Tk z+j%L93V;t~8~oC#MXvXu`S=IT1O##1brNYyhC3$04!0an=56W zmq!?nG1ST5ZfK^-LQf>Q%M^3=xbFjKLbzy_{*LkQ2PEDfkF>f(R(-sg$}~Fb93l<4 zOHY41Lp(L=1q24cjI#anQCm}wf^wUKh6fo3@iyy2w}94tpKA>B$?HJBL({RI3te@{ zzGZTQgc5mA2A8HzTKGTnw|`!iYT}@h!zm4G05GmhkNM0r)~apFi-^EeQ$aU9bGGZa z>Y;LNOr02s&g|Ut^fh70uL1M}J?pC-B7UnjC$}L!2XL$S2*eRjjKhP5V(nv1-S{jS zNE^GH^IWDr)rfx{v6vepP=;-LscmxiG8z=pRoaUMp<{HXNes^-Kt@1pQ{Z471r0h9Q##PQd zT)T|<|9`coN4$!!I|#D*y2WXm<>cfz0HHapK6s;=E^~C2b7f_b)&sv|l%HQe8+{KG zE#}H^Xh7K^ew}kwzy0a_GAhZ?RoAB;z6`-9)eH+5Pla!EmibsY$CmtSZz7Yoe)P)f zbv`CJU=5Y1%@oz^h1PSHeuPZaNjr^U(-%_e9wrMDdc=Fz? z@RD3WT2_6P`*{Rj%DWZ9W{UZbB_Qk0($jW2TX#EB98ON8S$7LvuYaX$3O^n!gmC{s z%%UI!QbPU35+`z2X_|j-;@{6(E}4pkx_VW3l`EMOYDaNvtI@CGvN9G(S&?mQ&+fCn z(Ck6h-Qe4Ve(72gikw^fA^Eqw+=Svi-Wl<7S1jrq7|TD4rAwQLw$}PGxcYmyXkXEo znRhEO+9r`weX{zF8I_w@)9cu86<1E&z^1RO!i+n(Y0r4bh-aepSw1PNgvI zy*7V?>1sTLw)$f<@8xLk)~2gwPw?;SwX6rb)XUvAO8C!(S>*f$R+}!@?Fz_7I_dr# zw!}rRa3)~=qFZehr|^|c>=Ni%(<(gyWL6W3%NmO`?I8pUzDF$q!m{Qwr#b`l`RVbc za$@FF#)1CD?6QqvcwAm8H;l$NU(&rdQ^b@WMmsPB6yC5Jr3VHxabL~avNixtS(Otq ztf0rcGjl*GZs+xLChLQNyc}i;t~HvELSk$ldXI^b4jGcGFNZ0Rd)x zPy74GNKz5uaiKQyWa9vDnigv5_|}fn`+565zUldY<~XR>$NLcszV4Q7db?HyZv^O~ zHQ}IxM`3i^jU7b^GbmR)-(EUnZCi7VTr|Fj%y&#%x8d&>XXvUTraSE$+?zK%)jpx^ zZz7+V&6*xLV95|CQb>y&s5bx9Z=*NC4TD1`dBCapS(_p5|5Xrb!RA~0C1ieBTx_;7 zwrn_#)sWKzg;#{Z_Q6q-oK<(VeF$;6 z%)50H_<$n5_2o#A{5ST`*MzRTb+*hRmU8Rw^ZukXbtTI#WZwS@WmYc`bngD0)&6}Q z&kc|`axti)82mI%h;TqQr4pa5KBH{6>`e`nz+F;k5jo0A7xj#p&$eK_tvM*YB$RMp zJk8du`#->mbob-M{J#MKPuVofzS#|5%td1-8gRvtff3Wkx_`lyp zX3VE0hOM5HL8s7R5i;(fnwelAtbRe~b~%h$nzA>jSaCsr0aTgbeCoEFzvmTsD4(bX z&lNk--fyZ!{FRxFw4$CHF) zu`KSFRTXRX5`C4I*=Ez;v>W^U#B8XKHgkVCxi5JnE2BZFQaKiQ2da^SGT!Z0Bcs^b z{wvA&s}3frEcvZq@#Z&bsnh4R0A>tBp-kns&Wg4M9R%8!77`-fO;+!_ZKQwht=+Y^ zO+jm_296&%vdbIH)eV^TiBUE9Y}03Ki`E+w6Dwg*k=M`92i_GX?Br>V)#Xm>ZYNy7 zI0d>}7-r-MR;AEL&`n*!oD-Hu*@)&=8?b*M>baVlaRbjCQ0M%5Klc3QL7U{VY#QGh zU@!P@Z*O~B!<6=?gVcQjS06%Lx~?)3zFgF_K4Y2sF~TmMkIg2N0!VFF&gk;ft5{U> zucvnms&;1pK_|s8;;&;Ci-|z~cK(f;w4vy!ui1xxd~4u(31M4F?XpQydx?Jt^YZJ; zRZ_StDffh-roji|vt8(29=kYN14(BBWQ;u%2bL=%f2tS^jsXE7s(m-r$GfM2BE6|h zYExUI=}3EE<7Fafrot-tCG*N%x)g`B1hqRCRi>90eK>Ad`Vy3KQX>skF>mXj>EGEpWXb7v88hh_IL#y6z!V8kB589pv0yVObqK77IXKh(U;N6S z533`OC3n~114oCF7eXv*ayp}NK(Z_F&=20O>LR*&6XhWr(WJlcIg6SVXfSsvAeFrr}CD|cwlBEOP3@p#@Oj6^5ALfX<~Wx^u^H3 z8&1n1J1tgg2U*)cW_S8@e5=E#{jq?!NV)Fgdk>%^o@+n=2&U_&1FVio$+=iOe)-%T zbZEv5$NW1x{rL=@fj5KZ!@Y=}zX#rrO*L5Dj?gYq_CPCxUlI>lhaIrmYH9ZU-n0CJ zof*?}a$I`ZAsdk|t`bfk@=_;lJ93Y_aPaRu#Fj-j&(DW#$KcGv0E}s5ML0RbzS7T7 zZ;W@tV2*voe|w-o#q{5dLD1rtkAaBNPhUFckiRcb!|!sIx$G2GRc4hTS&bDSz;He> zBxJ}fG6`my)nIv%mubgj^RU|1T%=W>VKh{~YEYHfHyx12F>BZXO{>lFmoryMsd~>= zMjN^`Mht#(PD5lFe4C$CEOwWol6ZlxwlQB|?=}UW_3`BH1$mYhl|j&1pz?5;;K&6H zdfbR2sQJ)$pnyO2vJe-Cw{x7yHDP4M_l>-okwMQ`2>C~ZGF~*+VLI9dHx%#sfPT|T z8m78>@{v(gx)l5vM6|GiU(Jk(Dkt-^jOgB{H3OH4{un9COcoi*09f^j-$>fC7$6RW zGR886`I~*&{~>>yZp(Sw_1a~r)X^8G@Vn2Mzr*_1haqt*-kHba(pg(;eK(OimhN2p zX0k)-eV?Q7%mJ^`B%VLbE|^aPdREa{=N-v?t`AmIelSukPIM5h4vHAEvl5Q~gK`Qg zd-v@XvXjhqEpFioBb_qp&qu_r7tmy^gVNmkQsE{thr++ao}d9}kx z^s|Gy*q!PHdJr>SP*B>gS+2&w*KEDFn`Iw7EijgHR#!L6CgM@k*WEx*Vfpm$H0(EIzMzz zmITPNzqzPa?!>vOabD}L{~|KST-GD_p|G&fnw@6vGxeVX{hsBd-r2Z>zD(k=f-R<= zJLe%&4=~VOj6`w-SSL%NM zPqy#d9=4SQN3fa>T1IZ+hWtKV9B$}&@lKY~47ZtjqJsT29U<@Q0Xcez=9o0>)kPx1 zi~<4m;Lp>SL5Go|4ON|Q>kFlx*%!SY>VIowz-rzV^@cwxS0P1PkS87_cesv0I7ic@ zpTm^I#v0jk!L)FL+6k838Ya8_d~!!d4A^fm*3{HI@TSA)#!Y1@h_44@sKfbI95Z4<6-Rvs}HL;Rp0BCT5~b}Ug59ore^o>O|y;&*4F9fc=;@= zBL^_X;WN{4!;7vBYwHpZC1G1j{=@Y`mpMh(^`W+*xGxt`nWVj6=Nwm4*U~Tvby;v} zFq1~t;PP!x%^$MARc6DCk632tA~s7QlZ<-tF%yJr1q#CFg$ElQwDzpQVVBfEY5R#e z?VD&h7Pa*C2X-3^*}tk6jmQXhp%rno9;U^RwGy^~wZ;JpDrj=ZKhv6XDWudm(36h{ ze0UW(&-r$DA@1TTofsElu84l&thn53k!Sbb2FHZ&SR9 z!^`Rk;4x^B=o)S539fYWgg;!4hx@v?#0qlmzK&it0kthrrHI&NwM%EpOfhrN{SZFdCU+I3z{p!Tpc0d)p zns;UXe*P0PU_?LJq!0IbQ(TixopZr4=GH_KAJu?mYbC^Q^=y2j4+XCev2GZ$MQY68 zevM&|)0@imOKPvv#9FsvAK*aw*Qfg`hkxScmMF^_bd5bl!1_!l;QTtlZBtuiGW)M( zaT7qgMpv(EsyB$>g|nHQ{s3*ILl0}Mv*(`L;Bx#IUISi3L~J^jbvcWO>Ui$ReCJ=s z*$QZHPuJ?dSA{t1P6w(9reivTeX=@te*9hy6(vXQd?)k&xcbVlDA%Z6L6Gi}?vR%5 z?iQ5pl_&B&hY@~Qfobe;bWzlc|f2K9YRW++x@=(tiO5AIvHvI z1>~ui0~TN-8!QID-h+FiN%tz00;Ev`RK&zYy-(Dp4ZX|sJr~_as-GUO+U}qqb#ziu zU$X;b^*`&-S8CICJ_rJLQT~uyv>)ZA@zaLdlx)Hm<<0!Ii8Y-%Y(vRhp5JCrnUi00 zJNVaZ5z@@75VHy%3F{Uf38>%xIzv-Nmh@kqp^0m*G%T(EdyEajUX)MGy!f`E9;f3@ z=e($MHBv4)F9Y1Q|99@0;{^AGgfQ?riO7aGjV@|EKQZI?DLWhUxR>sa146BJlOH!G zawNG~5tO4?h+-MR*o9{5(nDOL=!vDjeUxqGT6@>k=DR6fsoCC~r;0Zgve=QrW^m#t z+TwK>JeUq1DlCFPfSAd<+7i%OE~N!b-X2nti8V^QTO^NauqO`0Amf$-tM%LOcec(JI*ry+J(-w`#g3GiOp|G*j6q z`KbRF+6l*62@#@kV+d>Su=wzC#MoRVDx<&~8P;dXY&x*izBh_6Q)cHJm)V~5-;1pU z0ft9-0l*d>n=8F0wNG|*gq%~K2bVcl6#lUH6`vnU7QEKKo&uJnG_3crlIY*qfGiIn zg`$azDNKq2OHMGoa-@i)$01dTc%S93@nUFS}a@s~k ztM471N?VNw)hS1KLK2U6w^D{iiggpLB-cMch}f0Hi?vrJQ#6sJ%pGrzm?NhTL!w4{ zfjVvUrQbz~(S?F_mi)WRqvkWn5)&LW8}Nlo0u+w2fa8sy5q(5L4u+p>G_YW(IY15) z2M{d)0xV15)Hi_`wWJszuh<2MhD6$s(1T|ZgUkne4bWn8F~$g;%4w=2tc8puoM+4I zh=D8Vf;orDe9zyhw(q=l4kwHE`1{MArE+?R zd5x}PuSeZphmvAWSI6d48VwMkp^S{*0(T?Q_Do9ra$A{wveA)di6B+`b`5vjl*-u| zQgI%EtK1h`G81ijrLdb;^>I;M`r#TdWo&ReQ0CnS%>wy7lqsFmK)7#6W^z1S(&mLW z9EHdAg5<7ou4MDipM%+NxZQR}qikUf)pflcG-ZRrCKoaMj$ft%zR{7n6zU=;5vqty zFC_^GGV5@hM{~seifGMefdH-vQ$K6MdM0)>!Xe)0+dk)x;)QikQ{8nGDQ-QGJ)%#LY3a82iB#X7~ z2twNw_G~`lRMwVr^_xD?M@k^$A^(0?t1Yfrqo{Wh`FZYJ(?Rimh9(4FAx&)en5@e0 z;nU6X(_^yc$hIg@D8N#NBr2sXxD2s8J_McF@{eBviMJ44(fzPi%3g{&K?U;KMUQz< z$xo*RcJ!*Ahn2NRw#(aKz&IeR2Ok>n0&WpF=JYqfQDr0MbvU;oJZrTyMa2CghN2#Z zejX-{ggMsDEjmx3tF?z?BT6(K>$g_T$EJiMTdQnlbJk{klWwa$jM*P8HfJRSnXU~z z|9QerLsnR4n3AkYYA+l9@vis%Q07eweoLMCt zf3Chi5x^?A=mXs`3t}cFQkLH5)A;ObD|^I$Vh4hv;bCH61C`d-K+1P{metTjtH z8aP`|kWM<@i`0oqU5=(z(*gv!sy8qy`YjOMnE7NKH} zQZG(%o+ftF0JC({+9vJ&``hWZOQ{K&-oOaUYYX2l9WPZCaMldI5t8-lxF1 zL_w@B{;eh%vP_v> zff&DY>L*las^o02H%F36^ZL`il_<_uaEOLh_~R5k2m^6Ds2rc*6L@Q#6ML^79J4NO zzWB@Ck41=JgGoql)ikS3y3Oz5)PCzJx5Kzfo)$Tg7H_QySeFR#c?~R zr?ViiFW$oH$df))zcKl4EkMbp)JJNYCSc;dmNw;A9WoaaYN9uSGXJ+U(+v`v+ZNFB z(^t_wTT|OkEQ_v3+OyH`0!RNnvMUz451BP)aR?X*;?LuuSkizRsEDBCj+%xi=~<_G zI0yS3Lm5+#=SAJL;T{sv!u-m%fHL1cUI)udku*yG*z%c(9R!EI&%aEyDBAKcy$v1+ zKgz!LR?-5hgtq1nFVgWTTqQcVQM#E0y=LW!m~8kqu4k>X(bBK^pdVrh7+zC&9xujR z7FV305DidN7FhF#O&pN(f_9&-`P5C_CEnhuex`#RGUjZ-S z@swW_6rzT11)&4OiJ!o|4b&s@qjnu&`+TFA%59rO;yV1cc#!#E9hm(BA<3I;A_I-E zH`uf!H21)JrCMpY!P$PeWn11zcQ#!1fOC3f{#Z(AfjwCL9A;fC*hJ~%L>nZ5zHe4Q z{Y5Cjx-^FLPY6R`C&>PfvmZuPKmYx47pG!J2v)Yvhf@n==4TvLm<%S|=a9heRezW< zACPjY`xWWRU7z91u2(pW)2q_Uy37~`?svN&*VR&fD}{T1A1v7s0b)LSdWY$%2#5Ej zU0X3tG23oQ!wcGc5g;A%+SR3UX;tXEz5p5fBe0-{N3zQ|5YKx-iE^G3p?T^NORV4# zoLn&;XMF4=hG$)Fi#PwGTo=)^N#pHq>{~DVl^dGo(n^4_G%?BUkj#=@ zU3&^9SKNN${e!0c$BO>oOygs#X<_ygAL`J>-FK5~-!V2u3%XD-5yTw-_u_9JfQRz8 z=#F*Pb7vnLB{t?DKVvT(v z;u>fbmkCM~zk*r+=nG=S&((6P;)OPPz}LHz%$)_sM8?Fcip=VX*2`v3$=*@4x1enb zn4`m?B5>rD%34FWvk5+(zPoqLIpziGRm+!WEfN9kSIC`GY#yNR69IA^XvpR;Nrdun zYBlI*aw|N}F~XO}>y~$hzwz>MFH-4k)lkxFP5AuNK&l>JB94X1Dn(L$6F?J6mCLZZ z1WZWma3$q7fyS1FStV*blpkjc+kj~sG`r2nOFaM2GLR00 zoU5TKJh|PoZgS97Ztcg5wN=0DcL$p0@u|N)_`U7CrD)(`ccmFHBVP3-2i2@A;8EmC zQ^{@-cmSlukPHupGM!lwlgjUxj46YA6!k)^%(Lj@4kPVi&6T6VHrWi>md>)S%;j>t z?0A?dZWlXqhGu&#pKMGioQ?Hp}P8$j9LM6S6g zyhoD6tg}|t-9rY&F!q?UE*e0h&sgErR>Rn{fxuY2M7Mof#rV8qa3((GtZKC`wGWB+ zGXhe^8Ufp|mb;d3)UvnRt|Fe8W|*w!1GCCi{(@7=LXyW<>zT+6R+#*l?#s7R4fiR| zf@2G3Z8sy1x1Q|Hxf`5@>Y_nmTMBtEq24&ruFsmAw$`5ZN5o*n9Iq$?6XU^*bAO_Gpwcu( z4EJQ~X610-dr8Oea|X1K*cr{`k-KWS162M)wu}ta&g(Bu0#0%Me8~(4Dc83v0OdW( zK3&DGLY(BGvmYD{Mt0cYS{z%2^m)4igEJpRYO)`$ASRo3R(I#}0Z`bVA-^aUbQ*{K zhKVdlJL^k`91OS2?=yKu6(jiEBrV1in_FqO#quT9FoXfH=)Hr+LJlnwKBdppg)jm< zW)hz~Y(%G3Jer&=iL;bC-V@1-Z$UlZuub-zERtPWS3wEOSj_H+zz2033^(4&FjUoddD+Ux=l`snc_!z@9=0!PVljykhM__!O4);gD zXzKSG-ClqTK0^DlP>x?G7m@h8ajOnk6p-k8sbUBL6fzg_!>ryjrJkv>rB7U*EPkUI zHO);J)}|*=`qfnnjYODET+CQVW`@rpW#B1R*4xPtgee3}%2@Vm5vx2YJveE!L6Ux= z5BD?|VS*fR@M!CjbYgNeNKKlloPyz!1sdAP?v<~Cm$4Bk!dcy^ai+emYoi8mBNHto z)fTP%3cV1YSheIx&T(5OBwSzOWT$~F3(&d! zh-%^vmq27)*gZ~f&-hg0mIRB%A>8_jX{+8rGN*~E9TY8kGoX5(YM+rBx|Xr6!c6a! zoETGQMQN)+g`i$k7D$!ttr(YxYAY^5@PjC(%%QPC682=CZ&nA=E5U!*2d*&H!5)0P zJ32agXSZgIBO}tu&jC)cz(Le}_=QE2UEjESd}Z48(aRay%NW@xq2kP=UcU{?<0w|$ z-RX*%&hF&h*QCWPhO_1cuv(?MulQp|+K_pouhezav( zBpS*V=cdZ$CX^Wy5-MgzG0LbOM&5ip7SRhb`8DeGqZT^Fv;1lHwz7KbGju6j_L_gp zi-)8Z-K750P0|S|@*bUU5d-gAxN6Gwmo(+&J5>x3-Zwg=jIuIow5BX;I^lyLLN<7FedvMJ0&tN(4c?tPUNgJ&0fp6Tm<=z z7E@*=8nQ{v7!uZ>G`>O4)?@~Fm&~rfwGBn1+c?kE02fgs>4lT;K3wjf+F$N^?5S9LE9C$mPlGj6)dex^DnF0v ztlfnetZl+eAVSmnoe}4GBMws=5XrCzeYsa~S^Fq_yOZ~@{Ox9s@TGvCdjIu=1-*N2 zQyZm;nxFVE=Jq}UTy@kk=TszZQkG&8SL;>)<+>!kM9P0$hVTYRM`z-)4Kq8KzU6d~ z>2a1Q60!e!Mxee9{3jG$-=+9?crY|XpWy17+O=>W6&Y2K@~d321tkwSw4@eByNoq5 z(s%*ziTO(@yOz8IuSY|Ga?|kh>ygPqeB+Z78`Q&bs+DVFSZwR1d>qvG{ro1fa7B2zH9b%|H4}f*-opi`IAtqIH#6qpEr*#xWDoiRg_>?6OX{jy3?CH zTaVVW^HbG_586pwhT0C!k~w);{X-ABwsai?q7iSR&*a0t|EVn73b|P0yErQ*X!xh< zxjfU5YpVTaeIvjN%*TANUUPkn^`!3UA}!C4gCGqwu$5RL0)q&NA^a>B3XipyVuCoy z{H|Nqt7CGc300M!BZB}ajPQxLOR-^d{tW5y1{ZLE&0g~*}u|3 zodiW&kfRDl+1j`3ITNcjG1(woVsKCsFdi1B z%)8*)5F$lnZC#G#uF4@9QBqy`sv|12o$ z-@!4-mfMU}&Q>w3;%vuHZF6q@_?`r*vK3~TW>DTLpz)oQMm-lI8(${HUDEZV-QKG%ctQ^D#$YT^VLZ9FRoc@|H5Cq@1u zUY|{jX5$l~((cgd968J*`u=G*Euod{!=Yyz4m!u7Tt|bTIc#tj(8A3Z=Aw&S8y`WU zpzhcpMCV|4baU+WRTVgR>_J*#4F&p~Fsb#QG=GFh0o^|@gCYeNgL6_O6jqUFbSQx?*#6_{rcdGE3X%|2o>HOcF2L9P~_ zF3=R2i&l$xO>5cTg^iEID|CZ;6|)pJ;gadIwvabtj)k&axvFblU2`k%oz_7yqtc1P}3JxnJ@hM8cWfW9!_9bo!%bEji#?EbN1b(yqPG- znxc0wMRdc54e>ifE?d^wt8}i{hdaiKJa(G-tx(27K%3r3Ir<51h7`)`o_GcoUCv(5 z{S%E2q6|#wP^Yyndd(&dri~17<(Y|ijlvd5+Jf_zjC0w|dmnk&v()b5+>^Vs%RvK} zmAx4BTF5b}3&Dnw#uC)4QnM)95xLu6$C$K-TCv_&<}v50GTV(o$_EfATWc6ND)9r< z)TFWPXMaZxNy`!SlfYqzb4!qjwFftuyt@^<7K1Gg9N@LN4Z9U07E5zNtVBkxf1co0 zL}Y^Hkr@EJ(b+05d;wlJ{U5HLg!%#c1puFEsl$fD`;tN9g3N)iN5O8)%Yj@lg@_-z z5Q-?6Cf zd(!?YsG4E9%iD(1cbySk%a}4X&;sjfJ>NTX$+gPTigcl9=3HFVh6Ou1rU3hj95K|+ zs`JmRZ!Bp@>1Kk4%87$P71wwBG;TG%qWWGC&l(7kprYBcoA1OYjxHl6d~ymHFSJbJ z64PGmsbmUFX0voJ^NM&flvU{8*ugR;AP!CzB@)9f!Us$VV{NDS&M78fb6Icl|Ee>U z%+aG7O@q4H&bbZsT*b*(4b`>K_#E5Ch=Baf8n6_oN)eGiDAe|mlwwHc6j3=H)J-EJ zL)Fx-!^-hHtE0n9=DGFnX}$^Uw{Cw4As7c>L-@CBWxIw{(<)L6iaGt0$wzjASnHr# zEnQFe>aLUbRu=8$V){mI-G_}ddlA>tbuCjC54Gqp;V+nZ`6kH7FTsrKO%aZsB1}S7 zq@ay&fp~J@$OiYk2(4W)I&rG1`Fa)!Q3hYWad>t5g%3lXkuGvXi-f~h#1?S)96($M<&aHCPfTs)G4c*`yVZ$JMVCO68|)M$wVE{|oXPH{Rk~iSa@Y_{BEP8{gE?(| z>l1s_lIpSY!(pbfFa&c@=I3akaIh6FdzTC2vXzA#K93^S8pq*`S&V&5asDMtp%A%C z+fn#c=tMvnK>LD&69}HLhJwy=D$LcqFKvAZVGjcQzi}P}m|h)GFC!%QXpUte?Cy#$ z?XSp!hC-mr`J`WOhDUaRd83#s+)M;nynxU0Ou>@w(AV{7!SWjle)V`d? zlpYV8jt&DBwoZxg^>1v;|J)55gHg)A^L}t+QU_niCsSL&?y0AjGs>M zl;iz-(*06*ZD>${H^)*8h1I(apOu&7AK$|F(<2hoN|Cn|Oevc$}Z2tYE+yHbVQZDHNrPSSFLUP3V z+ST(!rPl^hxp`Ln{&jKw`@KB>66F|BVM-+^aQKd5Ij2vt4)yLu8Z@C-XW35+I1&qe za~c#96bxXa z9Ot~44!DnX$ly7y2G>wRZn@#m~ zW;%kBIlNTuS4btXm$)7TeOmR8lgMGDx6S%nO#7xv*ozV2-UzrW&+xP$mb1>}RA#vR zy1P`C>G#KpdDp1?WVr?5R5v3ywexKEDV;1k3s0u1t|lxx;Hf#tlX5GJ}8ul8C=1737{8szm3cw%dJD4Zx4^Gg3ancgNCjuAKhqtTx+8ENqOBn8 zUGRDgKF~?p#pm&Aq`C*1X}y^Y##3D-lo@u%S1d z^E$|^7`&12fZq}fqu~{m+1-dVoSqI!3C`J&$c4@dGH6h+&E9-bjGIE-K!bh)v!L** z`s_%OE7Xx7^>s+wFzgd;3gL%SAnM`rv9;a1SVl>r^V5_b$|KgbO8$ncioizV2n3mY z#YJv|`3$5l37fn`l3t|gXrazWdKh&Sa!@Beb^07m%;VH!gWytBwmp=S(XM# z!{Y*#dwQ6<0+PKuVJa8fRL(^$NeE>(+6LZdrv8>=&zDr;E*@JD*KHD9s#qUzuH?+` zuj+rtR)BIY^u<+*s^4k+BjE+$+!^-_PX8ul02{yQphMl5faO&de`Ns7wH_baUA<(r zbDdN-9)~%(pg7vC=H6S|OGCnNwzNF2jv<)KD3xg;!JVffMn~ieHRrSBE;8~+82Ztl z!AAije^I)(8$XtIO&`e!4BWmgvv>WP&G=SPDH6Pm4jGFWXaTa>Y7CIx96n(RfTM)B zQq0mC^DM}OIRBij7KvQEsa66Ah_3=1WOw~D-t;%5Kx33AfWg}@L>Q0wybOx>E(is# zKkRnD7tdCPip5CyA5GwC>90bKR;0_ySTl5ALV#cr_f^_;g0}0BN=1?Bt9#G3yUgX; zEFMiT4wk1v_#uyyjU?eAt;>OwlFj@QsB9501u7I*N^YHe5F(Q8SEe#e;h$ax6eLh4 z|H_rd?JRE&wu2A|VgWMT3t}im)cXXnF*nN94#=-poq^tb$nd4|mE9eubW0~+#t@S! zuK`NYVbdl+$-k09mU^Y|eP$3HJ}yoymImA_kJD>u0RA+PJYfQqK$!XmE1jr4=xwU@ zSRUTv7`B1oL41Mv;yR(+Xj2N>bNNVZP;f2Ndy0Oiq3=-joBF;?R!vdku%V=D$5=;E z&1VuUYQUvTP7Sa8`mG-Cn-#-^NGoMT@RpuOE_GI_~p)L+GqYd#)A{KIj>`cX5Gp!2znb|kGv*o@{YG_(#N7k4y; zZypUiWV#+YB@bE!?>(zi8k$vXj6RY<5$uRyaP&tcBwQdAM{Zs${>Q7Fy{@Uc@^}KF zle}=hkOLg#cir$_^OXN3Pst+&hoRW=7xo&wVIX{qA@loW&b9&+BB2H8>*ay_!~xs< zk%Hm%4J3ErK*_|%(2suzVfuyWbq5B`fCUU2WIy))!142*CtNG=AB`B_56=vbcvMVG zVfdkzR2#<52Dul1b2_HT2C5FNavDj>zcwlQvp-wY5{NQH3Bm4kL5xh*rZ7omL#F5P zF~`BRSb>$X!yQQOe#SC|2BH$tY1H+yBPnVqJOI)(dc`O(cxhe76Nwdy)g`U-#=mb* zTvpW|*enqW+F3t>HkczB$^d8R#(v!_hj@P{kfgj^dokDlRu+#~*6-)OGn1HZpEL?XI7sefXe^FA)i zf?+#rfG~-`$fv69C^VgsPZeO@v7L7>lRsU{{<`GRL(Jy9L8YuL}5f=P%%93?>ZVY2lhKM-Fs7 zA5dnSKM}$DYzw4Mz({&@oKOuZa~$q-9%lZJE_}%Kl)? z53ypoJLtND?{=L&y6^-r_mt7V!8gUbf4yONRaF|W@WRZ)rexEo{-ioleBp-+sxN&P>7oA2e^U1N}ip1K}v0$xS;eOYT=#;=qWAUyf zdB%OWJ^7Iers@@Une@n#(6xQm=#ssEcZQ%maB^NbWED-!31?w^*`JEVnB5wiA(B3$3+~=2r zK!qraU=w&^1(65816w1UavBpQ{c)E2$(UCI@S>*G77Nw7K)~fVWw^L>JsUnqN9Q zEPgoAX`dWej}bjgJR-m8m(|Un$0;Y}r39Y_R;B;|y?8LQRiRkcPAaSRa9t5BdECdj zTI(eR1STPm)ziB;^N_x@jUaTo;hHo^zi#@)`3=nij@P+2<*Bb}u|;PTgRv;M_Jg z1DcHx|8D{ZA^8{2vaC=s0*V~uE!Nj_p@1<99&AQqd-Pig*5DvHLA`e&66q+k+e@yCP1)~R~4;mZV?E880~oB6D>%GPS?R*%m_q#Fg@DQ3!k4JvYguOk(R#!WnqJKpY~5-fI^h&!)!HU62*k+F}(&Q zU%d;~lYH>AAgX;E_yN7VtrBd)3>lN3WBJ*&;+bVo`18IqM2}&Z9Q(^7g@ZFea*Tgo zmPt?({=(0V62#!(?;;N4Gxj5n8hUWHnZUlA(<48f_fPy#?us_YL1tg|@zZ`)U-Jc; zV4e;Jt8Qf=5xcSfQ5F<;M(o^#6bUKJLbdgEgL|}|!W|8j(4Pi(MV*+Dam*cLIG2aV zEykE_{f`e|UrOu4_>d@qC9U|mkj;?cuHC;l;V3aC&~)EI~b%2Dop##43oYKzx3d1OF?=-#Y2KoddP9<8G9Va(ET z#O(L`#y5CW3>ImPX&b(Yks1H$|t}sOJD@8Z> zSedxc-a%4P@6m4bj5AZDaB=4x>u-HDuaz=^R)jFwq%;BwlT9u{;8T7rbj%+#3d82= zn~wH@2@v1~Oi{${wNPq-_$(>iyFBb8I4voql*(@#2j@Ao{*kz~Cq)C>Q}5PjbjuOg zpDpMx3$;$yGzu8OlCf;y71%f3-7V7rQ|Ks$Ri+`Hppa8E6DEK33pUAt`ix0`01h?^1lMT@vDrP{-S6bRH=lM}@DWDHdt3*2<^pp#BUF zbpz*2cqUUeR{0Xp$f~-jA-GW1(=`1lOcz@1auug6mu^Sr2)Vp=>qAz1`<*%2pAes! zKHI0d0-173x8oF^*Uo0~WESejW2MFLFrmO?wV8liN?^+jIbYqc20@^r!RX!C*=&Oy zB(`rLsAgs%|7Z&B#r>DdY2=5de>D!GloeexQEgmtTMJXZO($mwT3_v_q*1>Bum_Pn}gXKU;U#J6RKmnKo zGnSw!>Gq&=P?$j5|uMur|0!2_=B4Sz)sXKL;3m84g+E5F?LHURSLnbli09*aR- zQQi-o->k-35m&w-1+w5mkXA62;{may=Uv$m;SY~{MzvqAm&i#`v1_rIv6UIQdF3^0 zI>${J=kp7irW9oK*=~HvKE2al;m=8@r#TW#awV9vL29z|;}wvS*w$KKO8dC2LNg8g zinrxPa*JU5damuaCyl0(2(JDNUBYBiG4dX8b9W83Eq6mA-b~zZ0thgEO>s0VMti-R zjbpWudmoKRvFH}P*P8XMGqvbR|~gAnvjb z=16SEeckBSOv2zXxs%wIelof9=~XPz=${FhP$p)3^LgUOyH1P0l1MRc%2=6l+&J=S z7Ou?tBye{Ar~9QX?Aw7N!*ahJYHJmfWfM?Jc8Md?Kb+Ab3gD?#y-}PKcxI4lQO9l& z{nUCn28sL(q$ino1j4sY`(DoW-Cgy42{mX2|C|LZPxQFgp4mzuAb7-gK36hq5SY?! zd8Wp{^*q#nH!YTt4j6+aoSk;+V8#mc12o5OIZ_Piu=_4g)MTMxZN-Ad#l6^$GL65F z`+q8h02cg!Sbs!a73K*ZsVa^`yn3TUC^#9xHicM2tVxz7qt@$YTQQEIH^JSK)Xv>iNzWiF8 z^i-G_)-6B72ypevttD7{$JOp8xl9-U=O11CBG*k@P%GubG_PG;Vst;~69g8tQOCO( z!GC6P*-2Yn{~ft44}B(7$rIY#D3%4X#R{7kh=tj#?&@}~KDyK!f*Ef}Y^h&Xkl_m~ z$_L+p{YR7*sGdh}(m;U-!N0Mpkq5jt+mpVu12Mmorn@q`wf^~f7GgW^KQxAU&;y*j z_m&RbpRbyhlv@oaZP1?3PR447Kto5ysiMJ~;W<-3+S=J_t*5t4;mBt2=E>_^x^eR)d1Iu2 zDSrw}D4oKYXcuOfH1HP?nRu{xm&$bhyACh$G{0sAwEGqQH2uk2sh(6&UF6rY%IV3~ z0i#B5bZm9pTHq8B1iJQjkNQ7v4gP;MFzj&E6i&buemhoO&GDD?#~s7BhWN~=KH@Ru zMl7FD5jyG4z}UhR1F(|!k`$%@5jaCBJ4DJ4K#qohj?)*1`4jMXRY;`iEwV}&1Ihsw z8J=hK+#t>w5G;ERfO-BA68`=0b5uBqzyQ300&Y>%E^xi_kmAs^hdd=H_anIp*$KNS zjeO@P=hi~*{PNzeSg(}my?4FW@)w;ab(vF>)%w)EojFu0g;Eg9XSo4rbN|t7Z9K>dXSg zC+DX8H>1bXfV2m=z(y*|Wjz+?#)(Y^s@aIA%9pPaSNZr&THMjQK z{>~Hr-=P66AqpCCZMXW`B-)UT5WoaW?Jjz}@$`+>@5k}6v}{~PLY!o4KM@n9sbKrK z!P*RvZN^DNpDhw_W0KyCTrO;sSRI}!L0tPSZ+{p&*$sU zU+Tq73KV`qgd4ZT6<7G8+lHT;7A_}BP8U_lD7_s;+N>I?CrbqzNyDs+Vc$J~?YQBlL+@eah8EVpZs*1LL>M1heAAz4qvVLPd zVELPkw^smPUqQRjy~_n)l_!){lqRKZZS3RSRba&>E$A6E5coK(vVRY4 zf(I0RmWDy=8v~xQ^6(qcQ2Fb=cq!@A{{4nc*S6bq{o|^xjqaBo@!}7+bnok#|GqwB zSnTTbq{K}B{O#0Ez%%a7L{o__&dA7kKUqdM9Ym+0rA7Y)l;Ipq&qVtC+S(iYn!-Xl zjmMq58076u8Z73D=F>0F;)ubCo@&c5Qjh-pvxxVanuD~-`cyHZkKhWCkE0Z-JNvcc zDmPpW0)LOo|JyFWoh}1sYAV$fdB&~$y0^FjbU@hqV3UUVo1d$Yr)b@W1*3}wmbO@b z4{KLi`0F;#mWC*a-d+v*Erw*7Z0naK+cc-eUdEe?1B@Z4qqjDXrk0=t{h~lvL&qcS zMfF+uq|2_yQU7nfvg8h5qJix7dR=-?7H#I~mbdbTy8KE!Q_1n2RGtjC?zfz@@x#I{yp{X=bb6+*9DEs*?Xo24XBQ zfDLjEJ+2Y7F;L4y_2+l>&(+y(0_G2=I(u zGO^iFDMV?fZ#j|LCCyA7V}sREYFYVo(wb>AFJ5aPZ|GJ3QxaM-ffhz0UgDQ~C|X5U5G_3e0I^*VQ*aUu03&#D5H+jwFD(Zt3Exe)4b6VvM*E@PcL- zph5q!RRL^_L;%vbm3>HhJ%F-ECb1bEF6NOswZpWEY%ezh;yV!$hXue&crB7MSak|L z9hoxf`E^6ht$BL9LvdIc92(&gCBL6*f&eL{`%NT3v+wjD4eZ~OY1fFzaPn>kdCemY z@V{terM2eD2XwIP%!+$j^Oa<~<|w`<$1zhF)jnJ_68&Y_E_8)og1g5c2F4{Vy|NK=$bH$SoF|JwX+e!E)(#&?xBUiS4P>efBV=f{U7ncu|%A_vpTbRTaK? zpF#VnTsbmOrJrxVvg@8O?}4qP;wMG1~zX8m$W8 zg86+7TQxOz!(jv2Q|1nLeZx@E4TvMdMbT|7bKP>Z%-HnGMf0)gP69lxSf) zW$)3rg_uNLuglOjbA?8@S!%zqyRn(*n~|v8h|6EGfCjOjt+zJCB_;7i*?zkCEV?w>e|{*Xa!8W_VyDm6hPsF+uANBq{XmW+Gr)`SES#IE zGTQ{4c>D9$`+;#REjcWsgO&CF{;$we_^-7I(`bq6mQ$KxL*3u}!4B=d_}SP>k&odx(x2Hd{pbQiePlFk8K^nzFc;C zA2gUg`>hayF3UpFkunPt{mjSI2|pY@CPBW={rqXlzc=vb^meWz8r791p4wML$T~p3 z<)|5a*Uc5IQZP^Nb+iWK^5<+kL$6M^@nSUD+$&qzFAAfn%2Gg`{;b&j%u0oK;i=Z= zF1Rb-QOBbc2choSSsL(?o?(-!xY3xG_}6RfRD1>KkG|cUZQuQTR{5^@u_TLilX$HJ zxB#(kcRw2zJ<>&0W#?Of!niXrCW?rAFkYZx!9}rV_cJi@N-J3J2CPCX^Hos4{C^hB zIT~2t$J;$YcOl}^D=L3=(ew>Q=u}d*-9Z<}R~$M6Otg(K6B7E&1LS!v0c+Z%W%oog{;8pyG&Bx#jjss; zYw{7P`D#d+>~JV!jFh=JTekcrayz4s1r5pl7ts^eZjJRfuJ1RPtzRVw;P+aH_m`G1 z#WnDv#(tUW<#gyhFG(;6tGKWzPcN0YW7PUne&;|)W z4@&haM`WEznCS4;vz0cIsl0q6rJ&&CW<2%{@!4CU)f>V!=KA&57@nDI`Q+{YH823m z`9%V~ptQO-xG=b9voukU(#XEQ1f;2ee;0N8B<$UQoM-2c-_dB8zL?(9|>-#>R>%?l-)^GDp%`tgn* zN~YxzX?$6qR|tsT4gDVl_Yjttb2d%L7X1a*_U5j}5YS|Kg><9cn55MRc5$8XRaF0Y zubCK=Ao4P7fWqoRolMmQMdiww2D$^|Abt4L@inC)X@^FmNhWHsE_GgH<%+eCDm{&x z#3>z}rvxm0?ZR)cgmhYs+o7L>2N2RDT>24H#9g^|6T+H@uybzjHQ^=NR5AL}p7=Xp?gXwTnMIs=QTM(ZLi9rC}Q?7!Jbs63$BTuilh{vOc_$IZfwvX|_0z+z zFg&W}*#-`naFW2`XT)SIU*ZiW!R9}Z_Tu=fn37l%3-{A79Sw_Kl<~~SMy-vMG9E8e z1TEW&GS+w|!&EAIB^{bcG-;Q{5{(b@vaR5CW`5UO4#G7da7Zw^*>zQC2j_{hU-Yp1 zV9M%}uYO_wGwxxG$VF)kyc)Rwp=SU22(n780OIS0`_GrHFGb3C2k(AF$+YNdIy=tv z!Uv(eB1x0?r@>V4kF6BL?++D&yRnl~ z$5X8Tlq@sm`RKV7b=VBjFjuUn%{)6hv)`_NYW_XE@Fck1zDZU7913ek3;1`T{vW#D zDlE&c>jI@Dq(hMI?uLi%t_MUKBm|_p8|m)ul4qtwsx8gSBNHEQ;o<<@Dr;%UHnz#_mFu*`Rkr-aGY+tyl)(A^L5Xw_<0<`l*pUTv~&%9Fgztl`+Sct*x5^WCPc-5d%E0%m#fq8Rm4Izen zU|BucDR)WAJuDCZlysiy4rVT`U!uLZ`M{iO6c74IEG=EwxNL}*nJSWMfFPM;Z10(4 zez!1_8ZX0#f44F47nHVVQ6x|0;>!w;FY|plR!tAu54j*J1dTtl)7sskkBLfkUT2WZ zLmahKSwLFgi0-)6{JJQ$h5DXOd&!Y?|FW$@bx$!We(P{SJ{x!KC)2sRxq<@hlgY05 z;!2V%G9j(}I>pqrWv)X!ey)+^Q98Zyk({fQ#+H!KqD;1c6_Fb*&WATYzYO?2eOPKT zE%pEYb8klXKud22-|tW@6qDmi0m1tPlbQsi79Ih2F%5p*cU2+d+L>2<)p}@ttoAof>FNnNNcxx_FL#T=u0UrlUffC3sFZ>`_@bMj zMERRNnZo#Z-p!HYB6v=IbrzJixFlPKTu|cz*gWw?z*zaqn8e2cCJP<6H7=PBdo2$Q>CJRBy9_(f2z|%kh zM$~UVgbCm?TvpvA>3MlmZA)pOg2R0k_6!&_+PmFNZjKg2k{NkYY~umVt(b$Shuh!; zmA$<^l43n8E2|VeBO{}ftaOiYK)NGv|IU+uah`OHmvFQw#9L7y;uNdAuQd1?^zOm_ z;LD3*X?b~sYmDh3Xvn^=sje=bg$N}a4CYxC`9@cv-?fSqFo#ja%!I~Yor1^yH9}y3 zHTiSid5VV&tffewpBVuQi(`%v5#;W!UVZJ#-=t)aDIJM)M?!4tpM~qGsF`DXhZZUr zl*O2#KRpaRib_l$us=*TV?F7acfrOfDJbT(eCJhL%91SmhG$k@6-#yP%<=^@tOJc_ z3bj<@Ksu~7GZD^w9P*h6Mvf4thr1G9zb%5RnIwioKULF&!QH!VpXa^@j@^8$bY_cgKr4 zEoK8PaeTJwYHLLgmftHTo5G z4IUkq9}xsFfh@6vQgm`11rt)Mnn~_5$IhikY)Z#7x3cD#(sov*B}I)) z-XFhT#!@_LE0j?EBhfhWbW;CNNbNFx5k_`!MmdGhQsMagkL}yBB3mDI?E@$A&@3sH zt9(q>#20zm1D$rsawiA351CvRwQ@EUU>GdF*eJlUjQj~@;)x#kTrpzZxa^Sl8l9eZ zF-yTr8m~{wFV+`gncELdyqtjGWJ?)xTjJBF51Fo;pDH~f5o7<;ZJU`yiwhyWx064oDNW0yc@Z^~u(jTfBM!avIF>8rvS(=bLZ!&Vm zjvVj22}0?3D9&~EuOvrrVwP$U#^fHh>F*X|MpRUovpci!1WJkY?fgP(s}hIVrLAA> zdE_QC$L_ltG+U>^nPDbT+N~YjneFc=IRJ0bpg9f{7;wsCnre*1jvi{q=fm9n6$K8z z3TNLo{9JOe#q5r<#_xh5q#);SI(Z8p)QPUNwOydBeq1WUtyMZ)rqePv#8a8x&s*V7 z4q%R$i++W3TZjumb~m$6iaw3}S)g0rV!Zf4`)0x^n@1unjqWw*pot61WRhT|y=57L zGjv;6J)%ckCs-g#^CY27q|gpcm9hS_XaS%IbAVj=m8^gKZePjgn@-@b>3fVJQ(#^f z^b<0b-09}vRo13$FKy`K`JUI25iz+=%{I`okpMrkJWfIj4HvgG@o$Kui8g1}!zc}P zapah@c((>{97I0b3x+f4Qv zMmo%@Jol#x|B}oI9@Q^#R>2dP!`QOegeSb6aou62TU*3k!O`!w3Wq2t<6!tKmJ z#m_FNUgDZ+{H-ZrQypv>MNi@e@?Ysp+~dqg{lveWHB4B(Z`!O6PUv!wPWGt}(7&?X zT$??Wh)9R;T~#+{$CO>u<%?X@M75r6_f(Kxli?)%byaMIxwlFCus0=xoY2#{BEQFD zeH;^;KWc*IR#D|u%~=qQ{g$`UU@-pm(OgZdYH@t}FWIrcHxpJ9D%cNN34ANf=Po0& z-9}TswU9zNB>$O`((7eR_beiM1k8D&AkoD3+)~WHICLr zkK}%lOC0ePP`=zhm8eoxkJJY%YAbwJurf%_*w{vq&b*dCc+CDVG<}c;7{-5@D&mXn zY%?GvOrDl)YUj*m1Gnxa@uu%1svgh^#GXdNQ>fV6GYfPI1b05(KpiMVC~`CiT*sFj z&PoEe^7gU}JfLaC+xeQS`Rzv)b?6SB4)mUrr z?0eyQh6Z^`GMrfEp{GN|HhDcb8_B>X$Ds0``7V@c#1PWv+5Lnr$LFDd2_%Reiya0> zbF3m7iGB{jZp*HhkemF9cpomkN~C&`GTvz^mw6p}r^f#yCMZt{AH^Pqas zw?c#@ryyz-?(N`^SYghL8O6P6kZN`g?LYXDhIf-k^J6qRQ#$pMOumu zMCcK#AQWBy82heS8#5dM5(4sQBg%?Jw}y6-#w>c717mW2VnTTB-ypYtH-StZE01{s z(ki~<Ek$AVh(9f+g4K~h1CAnnAF?K1?v$mbu9YuX@x+>9UId{uV5U`b^;WD? zW_c^6=SNZQ$WsayV4|5R-nGh>wpvb;E2F8vAy}5Gx5Ay&ZW$XtD&knlcLG6K$JhA4 zEnl3?S~I=ckyx3oE{4lb!Qg|@9GQ%T_4_+-#Seq@UlbHm3)BQSTE&!aB`g$t^GgHR z_3e=>!}!C$&YgN5Yhrq)+hdZFupI~yEv7jCSJ(xT`Tmosc8v*eZ}5g6FfB*|bQ=tH zzAQZ8;8;4Z2=6AE5txYwkGo2Rn?>M=)R5F(C(hJNe$;X!l{Wq}#&)1WeI4f__q{n* z&GD!f@5}$&pj0*!}502X}=q1ql z^hxRT)_9uioAGABQVg#vvL$%8;8&qHn0gr0$o2K?>9bJ?cFhlT(cKLNiL0|9+=Tt( z9Gl-OqDIqvr3shCk=8j`CoscChP&bNn-tX6McLjw0p4Su!M#+iuA+njZDqb;(@Xn# z2&10yTY}WRK)~PL$22T8YXgd`2xXXr8Qfgvc57|mqHRi%WEuQEk1k64-y7{C^cxD zt7Bb)KB}|UCDq=zucJLsp!u3;Nmh~R(I!~<%qJ^^tL`EUch5ttVFjz=7oIPex*VOM z^L2QU7|Yi~9CpX+(T%%q3#+xvXGac@_R2MK0<@jXr!QB_$PyWg$}51(G> zj5(+l9U>NbqyoTG)6h5K zefQRj^|a-R^paFiq9H#|3N4GBSEY>LPDhrz*iwlbRF-;7o_I$&mtx@q7!Mny!b zRc4k-BxD}!d}Mg$iMVl1BX))Px^1HTNgM9?_;-%ViXh#NEBA#Kd?|Y)N%~;)aDK%D z>V?Akrhg;d((ozHspP@zi8ToHM~V-Bs$Qke=)O%ajL zINuitBF6Xz>%{9hb^pDzVf%1F^yRXL;eI+wW@b~aX!6)flG|^kfwAg0n}dotm^zj! ziYZ5C;2kt-Qd9}hQ1wAUQaS|@XrdZcmV*io}i3-jBkd*Q-qN!yu8L*3^o0?4z_ z_>MLmoGXv^i~3iIWdHX0pcW%6hk2v%Ax8}aqFkiZ(N4;7X31+Mq*q$c-Fs{i{1C(! z8^uo?IJZ97BOfl}*Jmt*Tdw{hjmFoqub0MM6WI7^4$R!u`K1>|&cX%b$^8%p)L=%g zy?!+{&XqKAnleEOuRPW&ed|l(K<=n-VT`38tvkLWCMpWWfz$_}m5{3dMWdgH zxbUheE-r4MoCG=qRCP0&W`{fH@oGmpQ|lhtRDgqs#I!4#@7jxQo3o0M5jiQ#BT#$$ zpQmi@pU$Y{O@@Xf8Ii72;Moan)-h2^R3I6CDL&qShu=qE-K>gr=9AE4A~jM@;s-Y& z`UnBtk~a-EWuZzicK}95X;A$Y1$8_(Z77@VFp)@Wi#|^FV$)q~X=asTb~K1@v9zrt z5o1Z4rm!p$>_sRKb&U>6DPt&08B*N-NOzB>3}XgY2wFSLWlb$rTU}O6_n6ubwD!(S zA%M&c@aXTWy8SghIH6j`#Tq-rfYzn{rI%vl$ARem@vLa8l{4qD^;ixqFS7ieWua1p zIcs2)Huo-%U{p zx01UX8S?3HJt%Az=sSJM3`lK(9bRopA7`NQ_~In>V-wKXf=`!4N$D=_CnEqkdnONAEl$?yo6vOxQffDZ_JmsK`bbYJO0=Q(z z$k3u3t)sb4LsU>Cl*<%g;2Ry}?aQUVc6h<3V>2>~IhOIf&U*Jvbtd9Q-i3hLjVaXMCITT-b!$W~ zuUX)dD;Buj5hnCDDF-%5{bb6Gk6o5~;q{O{Inj*jFdivwBW zsHY`M6#q^!o+V;y{;%AIf2(BPzonOcVFRFLVdbdT{4a(YP>>lAXDvN+0prx;&6sha zf9nDDc3YBl(SYV*WM%usaEOQhhkdK273^!4@ruh-(=3_SntCNoegzO;-IEf!M~@`r zOL`Uf32_%|5Mi(|e){m?!(WmofM%QYqj`Emk)s#y1dz|F>4AoGd=&x9Yej%20(cd& z%l|?*0Wr(~w6fnfH_q;WOe_5P7eHgEq_FUNSXda+xidg-o80~tUwBw8<98{H7TE_I zgIZ)^jR zV%o7xo~06=3bww)-OQ|j-%XP<*iH`agFOSGVB=@rUU=hk3vgPj><7l<`UdVu>}!r- z4g19HuTu+_keBo6#4KW4C-+FkBhNQ#_ot{u(=JNO^4Ua7-+mHwc5GslP_pMXxngPW zT{+h}p}cJIfS40ZCT{0ObLfcp*mCnZEvG1leb5{I_4RWSgblK$Raa|sTvFH1+=h@TfY*&_q+!F#C@VX8=( z0vXNHzqRKRkFgR4;KuA3UTM7_r{;y8ox$7QvR})}BaX1&~sQ=QDPNSx_cS`#kMQ_gBN71NuC+IiR%aSY9Tn~Ee1rzG55Bk zBq>5Bg61VRUf(9w^!}R5M1e=WQRduIUR-#IygYbi))yjK6RyIQIWZ59_JpNrYzik^ zrO}V7!pY2861N@Q+0;RWcGQ~gDV_`9Y&n1dEw`B2lOF}2_=e4n$Ltqfs{OM0kDP}J#$NLM8;>}TN$g}V>&#aBF|>G` z7&3XxkqCvHIVe$Umk@3TkjEE+9dzXJ$o)zbL`V(DZsh3*Ty~nc#QrY|wh4SMzydi3 zeF~oo)A2&xQ2(4OzzhW9=`RA;MMmt*4rGGCo&ymWxD6Z~TR$v?_u(19cITMR1n~*f zA(KXWw-($jhR(9C_ubCZ>WwWmo=AJhr#W2H43X+7$c^Bxaq3LRIC{O3=ou=)buh9~ z=&Opnh($f%#FhE&+c$a47(LRzv}gzgimS!2 zYFN`I`I!HnXM`=PPH%WjZBV#FNAzf39OZ(`FQ7d^yUoK~%ASaL0tZ9K8oh;iSR?>7H<{#M-G@XtR~g_2Q}`j-tX&Z=*hzqQU*qvoC1xW$Q6rviYA>J_0fKuyp zsE)}8W5Kr(h$;UV0~m{?-khw+RVxFFTnD6#4>dzX`PYYY>7AOInlSV{8j>LZri?!Y zr%s2aF|=V|(~O8RNeqB;bqX=;!F0eXP^EZ&OhmKIs~EC7FvlA0I0uGLgA~?e8wlYv z8UdjeT}nRp(}NgNSKKzMmbH3SbH8b?cTma~&u$@3;Ogq?3f+DdK}&F;XhKNN z_kMSbwUS#%&0DEZyk9s5@6I%h{2bY#a44|ED6hZgvy*4rPstSTM8PvFVJQKF%mf)BT`+icJH1pc0LU5EDBo{OwTFs-OQyN z-rY7$?IvdkH+lVa9F{-k;~*?)am;uowFSm^!A@v-T;(G4Q8ZA7?-tf%P$|9TeRg@Y z?(Kb}?sk8tim4XKlg5D1G!6;gmj-xOd-`@qZUC9;6CDi=i^&~oK`a`GN2Bw65I^!= zAVFpLs;%6yhJ14sO5!|vS=>g@I3O5hwlx^}RlAuOfJA?L-Sxl`Pe>7aiIYG}MH8)5 zS@lhw0DNC$t(Wc#SmRhm+dg$LSQKdVNVoGV;?vXd8Mrt&kPyLe_;@sVtng7^qv)VS zfthPwVj-hCoe`Zz+?Yk$0rO1UFCS~tH{XRBvnM+;Ag=PWxpL&9_{^@nx+ zc^>e3!-VBu6B(V!Gi05fGbfJQ6a5)MQe{%h_{~+XM{EIE-52-@kvS!hWyw6`9(v zVF(Z@{+(nHs;s64Fyxmj%gZ_ZHUKgGan-M1zb-GWHd^5eJpbDgd13}+@dI6{t^J`N zUiAP5NAVdbB-1#!xzqcoHE6Ft2hmT$ml2@1-;xw(I^+4x`1vxl1BM#%f>|%NF^>~s zsFOh39qDdoS3`=Hnc@R%i-z+qCoyVApe&;rW^9nXz91a_pi4o^xOWfrBhIS}R4F`8 zWPg_2e~y@70!4TTfy}K7^>o&ZC#a1_8-Wl~Q}r`U`w{u*2o*b_rJ`zfOmBAS^Z2KS z=ZlNABRTAvYvdt@C*GmC^XqCi1*~ww7F1yD$sV#yho7B!2m>%Y; zUTj`2D_HLN?SWeE|JeDlbNjL{e}(?KI>pIQ{G8d+-7o315~Kb$AXpa`mLY^A(Ng=r zNi8g<-+hv^`{ps~UUF5rq3R3yuAt3UCtd6Q+_?Sv=$+$n>ZQ4w^Syz!gGSU7uveSn zRajW4;@-N+&7i-{!~KpPquJ6O=wSQ>(9|A{h#xen`DfTk9MRg44Nnp8UPW}Nitv{e zNC&0){hO&@Kh9|U?1U750#I4BI)DE#_^P%aqK;mf8Kg;x0^$RK;C*aty9R0(aZkj_ zQ8sM5MAjFPusPBC>w4CV`WO66aLX-)%lpY)Uu4VcXJ*v4V9%7F8w1p!z96LX*pc$n&w%MkjJ*G@NIbPu8qdL1uP;2o>Kk9m!E zDfoC=2sCu}zrf2GX~R7o>?9I275kmsKel|UnO1t-**^rvo3Ahkk||98HJ(mECgAST zQ_;%?)w6E*5$^LhAmv;C7Sr=o_nYw3ru$iMKD`Gd3zVq+-x1;?1U>8PJpojTNZ|ef z%{FI7MxEvu;Br&ZRqg}zz=pHJ@^Gg6LFu3qu`h&QfGbxsjtJ{*nuhSyDnA|m4Jw`1s-Vk4kbK32W26ESs{#h&C^X(U|C#fehJpJ)&$P63#f2;iq_RA~BZnlj!ihv) zO4Y%Jt?=yW>ze7mwn%$yOg?T;PxKEvCX-4p&nTZ}IqkbMtf!}u)-Q;q(@|5}?=JYL zC)~CkSs`9}#Fco5R`;VM{+_x23y6@tbl8g;XDS>?&XCqLCm*LJr~-n!#HO)*l^dZ^CRds zMgjtENKxb{bc3u~bg|Q`ZDFk4?NU^yoYWbf!F;w#U+L4QPgH}y08(Y1HDO?X6d_*( z%4Qr%lw$iVmI@qEQRLXTTPQP!d=vg$W1w+htraho36O;fYJfGdwb!NA$sr%WI|AW# z0NP{UjtlJR-A_g%r3MOCYw;!UsGg6x)L)?hC}GL&EZ&p9 zR8@bt2E04Zqb8N$R7`)3lnaKFQ|Utj8$)}{AGej@F0i@hBJ4U zWz%hSM zeyHi-DxC^5qgFxu9Fy7Vmz5Nk-^F_}c zyUkFw3=9IXJNK{A^{ogr>*77WE(vGCWf}2>41s|#f z0%!L33w3E1IGETI`DH9Oa)8?z>g(0!c+P0EX7qEZ0Of)x%BIfX;-mYSTy}0(<)X27 z+c8L)IHYbmfLnh4H;LWj*jzI$MsA-GCTmasmJ;o7u@B!Z*8Pz=welB5Y)b8Z)%kU; z+_&}+>ouD~MRC1>O0R(;I9wQ~E&Si52l3?TOUsRIFy7fSGfNG7B}uY1|E+PuJg%*y zQ};#$1WI(KAsm)VBXS`d%G4@Ab6Ssk?YDBu=u5HYvT6DvKWy%FLk-dL82A9IQvrWo z#k4md^eEY&tZ!qNp0M2lH|8#Yeh_wL^kktf`1yG4nb9)d7Lf{yY;v@N7$yEoZk^AI zcm8|(JzzK-vM;DSn1~ffW%!ZwFFMT0TIW?E^Y;!VaeY;Zbu&_5k5z?&)kuR_5UCbf zV&N*|Kn9rEO{Q>F(S+%tTUVNJ=2Lt!=uX&EUh;j^z$YxfW^@BQDw<47iGYXq+mT)i zPRc<`3%vl}adQFDY(Jy)>gY#g(E7qB-4Q#t^|TnN@7Icfx1ViA(ReKr<6~le8mmBQ zLqz7uDW-}gXL3bT)o{iH{~{eqs{9tXxb&@!|hHRy&gFFE$?puBP69vlhBw zbu?r|t(+%v^WtR8U<(4KQM5_-AvRr)7bD29{~(ioDlLlWd0l^sKky+(^b2Qd{b~7; zRq1T|#TEm`%f`}J{{nLV;DAgg76#6`x*uI$yb3T$>YwcSf&f$F0!)m^M$=GOpsf3& z@kKbgr-@=WRy{9AW85sEs0&DyA!tLp=1NO*A&b9Q`G1s%`TbkI6_EMvbA%ETmj_Uk zl@h^=5Z>ybsaN?Rqg-}iVQ%?^yy=0F%xuwCo&*BponbLo4VhcIL8y8#*W?F*0=D28 zU;2kydf99G(=S1X{iH-qpp#8_&&Q5@Vw5668udhz%J|4b9-i>7lB|`)ISvUu zUa8639YJ>lW_&R-@#-XLrQY5H*Q%lWM=@({BwDMPsVCvkA2(>iU#z1Uh z?yMvNq3_s4+)?jq*?u?o-LZ?Y%%}l}4oeLAq(Us!40^*ojDdi01b^S!P}Pc7UX;< zCU^iP5-4&83^dfh;LSXAJ<0+t3k&)UJSHe^)9Nw5?%_j#G8o#-xg4zBWX-u2X|Un| zth>B(68Rf~$VyP;wL`C;3(W2fJor-q1&pLDz{om3jMV_y@n*qvX!?^A3N&Pst4TVS z6(|Bd*yl6pXX9e9bCFrJcx8?rO4rH-*z`8JUBJ4aea{eukJ&*stnVfWLL_~|?+>)3 znhMOOSWe5xivdDC=0a;xI`iXGBQvS9GPU9E`N~%;?GsPKRgU}q(CLz_m2aQ_a8J%& z1k`)Ih`5^{V{6rURqca(E;K+k&+?#3M-ByIZRx^0-h^>+lyS2YT@Rg9In}qMhVlVG zEl@u29v1@vg&fw;=s0*QPa+)Y##NLcdAKIL+h}BNN;~~2SY_yhE|lw}Y|}UArNBnN zGXbN5m}BT7&B+Rg>nvyR-L0@mAT+f1)uJI()gkk3E>(72jn*q5(0)OD#64i?A<5@_ z#NtMfu?7$>MS7_hT^IjK2{Vv~g@@CwlAMcjydvC{8)S`%V*u1@2fCh7CAVf|WE_nF zDf=RFkva*t3tml#^>}~Qb2FLYQ5KP)zXV))U=awb=HvjoGWO9-zPYK7tD2;E;bCF$ zw}rzK5)d%&#Y3=uA-0eizh9(0l`m8PYX}>tAw|~1G5wH7F(F8BICHHRL4DuDwiw?W zRY7fV+&%W^tm~y09${vHsm}8kkt`eB`SbZh)GBLI7#SL_-`5*i5-9LcXY%*oA|Cw4 zh!M6J3-76g$RppgO`G5R!kEj!p-2g7Q6K4HQ_XubnD4Avwh;6RQDj($LwOn6~oVbF`@=ODmG z!v`a&8yPMj;rQCVn zIX&9gdXdfI5uIGAWQM64Mwr}8iErxv%n8K=M*$xvC;hZVUB8;2(L)?kX{w9)k*pbuzI~@_+s#-^WD+zO+tUz= zlG<8u5XT8jw)g$M0k76qpz`1VR=^yTMs8^}vR=8FIp z#qN!(xgmSXds3lO4J@if>ied1tX<=?*T1~u8e<7mk;W?#^C1n$C>@E>atcH*F+Z)F z>Y1U{t(eJNr`8GVkHtD}UR#FGT<`eUO#S^Qx*?pAG~pn6O(z4cY(9#Z1FyeHwX2Ck}Ed2NiUq|Ir80 zft)}lnveWevHwH2y;LBsihk(nM%zXd_qHVU0bqSH1a!9_Sb{r7@1S8Pq2ef~aw$+m z)+L7+g;}%YF`5Y2cJFqxiTTm`lm7(3p{5BB@ti#X(;V5Zhn3SkVE!4hFH31G7NF+a z_5AXD`cec8py?PHIk&NH>MiD&wr<|}C3ZbuS7BzgM@m(%U3=V2pB&t~&P0wiM^Lps z^ebG2vNCS(=)0@#VyP%zd|$@i_)O7sqW>Z;U}cqXd5&lp2SR3kiS&dkYc76N z<5UfP{H#7LY~hkPU2d1Zpamzy`w75$yO9AaDp!(n(A3&E%Yae+X2CYpu?}FKQrE&fggg*&i>j*%5u))jAI#4PY(d!Nb z1r$0}8+^YumYJJ(4ZLRcc{6w)_>vFkq0Y&CPmAq+8Qcm)H|O2%BK_*i+Jf<>-unke z3BdkMs-a+BW0M%4f$JOxcwfuT#6n(uaH|A$1;JfqY|-1?u^aYew?hw;Lj@@B6swJi z*rfwsHYZ~%CAnpTX%yJRrN5QX=vCs=VsT-Ah6&9Q&T7IhhmNK^CXF{ErGqM!3FTm< z9$oelAW$l1G@;I=wUX~HJnjn!koWrY3J1L5iv_~4EMA3jff?!5S5dP}aZ2Y?M;0Hcp9@DH$2 zXtLb+bNk;^WHTB-nWrX&;0&n(j4b6G`s@4V6fB&RR2@7#E9a<8Ij8!5 z6_Ydg(`%>Ndn#XfvVI%U-Cd6(U1*ih!+^TP=-Sou&0*CuH{g)-?2M~&-xq1tA3$ZD z)OFro@^Y>J@*&T;MExfld}m#RBQI8-U4fA^$8Gd!bu5fkvn@QM8*R8rQ~`-o+Pvsc zayP3a)Kd;(jVd4WWzY;OEu_dJq1ZeHm5M)gDr!?aO)ToF-N&r{HB~!Y#3bQ^(+~GP z1|<`+Wk6^B<9x5b3}+m$C-sGas$YrK2h~|eyo(UNl3s1Rk99BiDHu6w=YRw3h_{nb zsNfIzJk?faCH^p4%}g#!zw0>W_|Yb(=1+TKLh9_F7!`rWM`CHqi$IkAv&R*j^hG)7 z=Y!<%RONpm-5Q>zbnE{}3pwye@1a5}9Ci{v|-Aj?hKLd zfyLUv$CB4&Los;5tG;A&4PH)e?&(*%K6ijhf?yFv$#|SOxJa2qv^ZqUF^#IUC>@?M zQDYKn!)M}jT3l41aT0wtGX6r|eR7&Mgt}iOSyu&vLXp|6B-r{3&Vvq_w6GuwAEd>d zfsRHm?GbIuSo$_8eZ|R;KEc>Z6YN8|Z8`h>?)j6EpqMH19PDX~w2sEe%!5n#9JYuI z6|4(GO+~3HYmY(64*g|l0Nv}-ifgQ@e#*3(~iBq}OdU*ZSOXlHgE|%C9FeoOmKYN&z zIg=)?7gDvFIL@y4q0EP^i9FS)~GG>3Ms9=wElV|*uq)zR=PFy zj&yi*+=h@@*;&sVs?8x-E?8Idj#v*05iaXs1 zILz9{lHEMLrafvL9!cVvgby^c`pWdooTOOp9N|FW6gB9Xf=TueSPZg*oO8kX=XBPk za0U-a5r_)LEv_0m8!KdipRQFMZD`{SSgrV0z^{)#dSpfU!u>2rk4N%l?Usv;#F9i& zj!=7u@sz@yMNoXu;V}PoqXPgqO7n03Lqx;6Ro;}7t^fz3DUEIt>rp_`N%GZw4uKUH z*l6YQm&=y+&lw=mVgi)bUL6+5OC>6TEs_DvGPWNmc<6HQ7^lgX$MSm|bq$If=M+~H zE7V@%IMFsYm<&wA$&MWg%uYAYs;-CTOLmKjb?wY6;rIck7ZDG&Uw3EL7x%k+HQ{3@yYg zBMf*qHYYadguRJ3wD7BtfK5@lr|Jm&fooWJuNj?Z%q|zY7p`B4LTQ|9A39E|(s+z| z5ZZG7BuH_fpj?ekK`A$R1b;8PLN9G;09Z8s6V+_c_aJ;RpZMfm>%;6H6N`8~;XrP# zOl=kSUTds&#^T3oIEO%+&_{45ejC>S#4uOj@&69fe%+*DTpl)}vDyX1PB{w30NM;v zDZAIb<2@jmXnK$r3-SRbzUFh4x>RGM2B)9>gO$>`7%NK~)rmq%Z(C&A_J>1}(Gdud zlozMvUlwlgTPe*M+P=^u;McVkhPp2ikmZltSA zxB*syfyIEN#Dl{a^&>`v>#BhP)i9B|8Wc{a9z{!$83h;k)u0g<^DW5f*}OMlO@+3@ zfUlV?JO)@)EA0$ho1<}IN zG;SL`jR#?M&wm@ijzIkdmXwrS#uo8Fy^5u_wn$A|5uQ^jGsxbwuE=$g^K9G8t>B(u ztV);&ZfGGzo%Tz~wI+6v&IxO?E{3_$B$9DoV0O1LmC|6>si8cZPC(GiWp%zGjOYxm z_WM6d+Ik5YiMWxQ8}I)PlN9fqP^~i8JET3>!%7Q)M!UsB+9nHuxw&+hQnhkNcZF8P%eh(6CqR)$}`?6t1Ea3et*m}H< zq_xkR=#B|xsk|QCpqed$P+{1yTFLay{qoa+pa$XW-@joMjl35`qHq&nA9OUiw&xpF zueX2g|6+3+iL1U%YdIZ34p>S$VsjhL7Cq2_Q6=kC=cBh?-$HF=Pa{K4;ObTK< zn$$CfRmAK52B{a0Ag9^>5`H59?)UvnRH;r9b!ybOT=6w0V|`ZbzELOic8?AHA;xFR zIN5YG&^(%VT^_+NLn*Ff3TKw2E2#s9bjc?r;Ls!)fGx&|`D8s{PY(cw-uVHJb^`w> zVwbXT7&L@m{W6!+qNE8KtWgMfgd-y(2W58w0v&t7m>hG*w(P;DR9Br( z+-ns6;(yZ3pPj70-JMVzN2rPQ8}N6HyRySpz|V#uiaPS-U~C3mRAItC=rI8%GL!lj&S7F-6TZ*y%Sz|1_HVCm)LaG7 zGsOsK(h^;0usUq=Mno5~&mYhC)v!pFJN0WBl|P%^szUs{4s}@800l2arLGJL>*8Pv zT$pKRN3FHOQJ}&TqrNEmn?%Ejhd7*jErASMN*DCR4jh%qj*n$>5jqIJoKliHQZxWl zf$;ArU^H%f8G&IkMMJ3r&bI}k?oi;yDvH;?Rn^@rVg|G2nkp6Y!1%&b&BgO zSxZbOQzo8j5|H6h(1A!-_B#PwpCgwzV?@Z{)ln|!lK3xvl7Bstb_e)%DJ|N~u)l3x1U8z`bKF&~DM5}oQK4$9BeY_0nnxqGuwC))uyKR!VnI&vJpSG`(G zqCmE1J>kted}FL@Aqf&#sB~@{ErneDKKn7y`#fBq=TqOX`6EnzneD{F zxKg>Jm8gk}5o$x{A6eRI@XwLt^o+SX(x+c_Y3fB;$FrXEP9Ze`#7de*lEgO}ARrTE zpldXI`(wMBb#hEYZhO1p5?o<0U8L~E$@x1*Bo|&9u^CLDS$`iVM%}(NdL)3};O`wr zl$>Y4jer{w2-{F#q8M$PlJ;bB+Y=_-wRfd==hQf-FKWLos;nt~8qHM8NED5C0Gr#H z!)6Y$DqEWG?G+JMRw9vO$K4^?V5bLS6}j#8(zd9@;H^#0FCM7hPtR(}8VMP$>FIn^ zGPyWamp}8W>ImyzyuW}g)#ccI<~yu2CigiYt(aR%WWsJKxhRb{5lPJwacmA)=7^Hh_rI74^>E>#17ct z0l+9g!i@uT`I}u#{p8x+ycz`um=TGF<1iQ9u6m63KZ`_Unz7OGtu*k`)&wi!ul!w{ z)tyst@-fS+ToD`|lchLSqjLHO7pMyUhcnuc>0<&mrRBcMp0__BP{ggAM>C>kHeVkS z%y2T-|1aJ6?ZMMbek3He65xkH`EJJFj@xi6OyV1$A3{LYmZ(BqIVYc%V0blI6@Wk} zd!yVKFkyEW_TGtna&dDqbe7nn!$+6%$tiwqSbxyMY(J0jL3{5V6$(>|rm#L=O$agg zB6_CxxpQ^tm|9bOE%kY$@7w*h-JK)iZJ&r+J*Vq}P)dXgG$vvpZZ4{W--H`C3$bHn z!B|qOv%5#Kk3iEXDz%Y!R}0lVvG%{7xQR8wTCNzmQ<%T0DVd_lm-nPM-2dFE>T}}z zVbn!^XKI#mnYXNdSfP%E-%GP4%Fs}kk{d}A?-F>VgOI*n4|IkULh=h=LHl-ml3TCWwIu3h zvrvF?pd2N60v{WoR_%BV)KGZFK>Nl!gLU=mkJ)G>xz$e#$-ccSGN(tt@GTk z$Vzgp(zd+N8g?dTcG0r`k4_9!qiDF0HF$NLGmC?gMh2Jmdltn%f<;RGugiPJDA4@eoF5l)#~?OcgF+_1HSz~`5r>_tGw++luYZfdbm>9$E;kce zdP@5RI_$`fwr5?9dAvNw2VqGD>1vgg7juc#e`HCu7v_z)ot&q`IwJFA>8rUKdqYhm zuF$l%x<$?9soD?_Z=8o_tb>1CCd;5#9sWq&fQd!oGgWi9MKRT%tl70a5Vvr+ak-Ir zkQqo-OZ_vD5*TMbm3)WY%lxA;2a$Vy!r~{P(PST@a9Xc8>gH`fd8Q@P4DJ=O)b^H) zr=Nz}g`PdR(*$3N#iCIn-a1hy zVf=+No8Oe5oThJ`TY1rGx72iBV)Y5XknyYG5M?7uxl`-&4GpK$_f`vd{N*2e<`#ux znSAAGdkb6C(czUWqT2evn4!)=BWS~4$MbxE>d(vnDoEgmuXM#=)UvLxm{ACO!)KD< zvBs$Xhpo4a$+K&sMhittvEuIT?(P&T?(W=B+}+*X-QC@_6nA%bcQ`kF-tRlf$@xV{ zNRwWB@0m4gX04eGP(2(bV2R`4?QH$Qqqtc;Su@0g`Q%kQ$^sP}bdkkLYFa?gG4%6h zX>7>>&{OlGOVwsPZbE2k?@Eqw`Gf&}>$SdU@%$F3h?5F|q^-2{r(ZAJ5=;L6? zcW7w0=XU$M5aFr*T2a$NT^j4d2I}G0Bf}=$4ZS3*uJ=b_1>W=zet?H@=m!W3oBW>j zAZ~EyhN|ihY|`~RfhZ1kJ8&+hslN8etj!o^{`=dbM>~A)$~1;lOip+EXq|n+mt#0Cwf*5}+wsnjIay=AYPE$sy6AA7Ocj1o zO?`O4;|~0=DCYu>%K7L8@|%@xcrkT8j-a*VG>Y^?JOb_Hghob2ZaR z2TcaSSAa`+L|lOdba8WY@;*?~gTDeUVE5@2(`>VI2psYaV<)|}=J%mn0uGmk6qCU! zgu;+>@g!hstQ7poujsstS{+~0ntkSlRBMVbW#71LQa(02D+r%?GHafl92&mt%P%X) zaDO$(wY#7_w){8q|FZ9c*r=V^^Y7C<1C0lXa$!2IbLtr;>c{WZX;oB*! zUw=dIdxp1r`A=$xN8-NgpEOE>MR~hrf(^H&@twu68L#3&fNr! zc`21?Orf6do+ui+#0dHe_*Rh$L%0Y#2L+^4bmJ-fDz6S)UQQReWKDBZUbNJa%NK^E zTKvcE!}(!6?-(FliizJ3TQg;p0F|RZ;?l z?Cap;b9zPZiH0QSWtik-;Vk>&3`-;BYG?}}RGnF6Z;Gxl`bmsS%ntY9qHh7)(cBhO zx=6CZPI@qoo+gsTWN|+8>_tU&s9P4r%SM!itEwSQlfkRbO`2wv$(DLk@htsJ|X{3KvcN%+MZnNZxogQ`&NvaLcr((i26sQ!n5esQ!|BA|^ z9nI5@sOr6yDsjq?OPr>jBDJ!xD$wRk2Q0GUFD!Bhbs*b}K`%z$|Bn~I4HAoUhb80C zxWU@BXFSiMKiqP)ae9o;f zY5n{OvxO-+JwGox!TUn}2DFOZ#*gD|ecDeudfbU}TJr_!KR%~3Z)X)`r|3MdV9ZTT z>6H<`-Vw{|>E+ZQxB`(RY>VH*5(lg2DzKOHPItCg!4^o(4c40G}I68ol1t67a4JKX1?(1ANxx&J!@yVFah|V+Z5y1cTV_6 z4+ZoBry$8efhgJ!10LR{-}Z?D31%vo|Grrf*~dqiKX~x=*1p$)c<-MUPevkxUc8rb zR}Q^|iO#{156Dy4;4Bw4*N?hI8~=MET{QA09Z zZlE;AvER2F$!148CnL-J9(>A1*wro{K!LsL4F2Oi7skiVl$bQ*%E)u<<@H4wEOQNt znu?e~ho)ZwRTJd{q;|wnE_)s!?NGruvpa9W+`^t&x$8jh0BVoV^4KRP=(F+y+RWhq zD=&UN#4lIb(|lm>k3)RZz%@cBr;1uymcfYF-rF#TK&{=8h0Y5mhrtmT7Z{^;1BCnm zuzL|!!U5zWGAM(T-uKzMBt9!-o~PZoK}?hP*QY@g4M)dDj$&{Sa5kH2gy-jlF5Csp zBW?JxG*!v6#-t#3wTm-}{Du3X8E}I)K4aGvw-S%Kj}W0IpRLpi2O};QlR~-c!_KG^ zHg4d^S*nc02t|B%Kbng?IRz1uA?<Sj>H-vHKc~zKwrQyF88lm+m z!T*P78w$q|YF3QY0=wkFLKBuB`I*LqB3RVOmcr?VWQL5Vj2C8$i$q7q-~!TQ=(VD0 zPzi7>awKeH)EJ&;!q>Q7;@p)pG|${PHlRbIt1$%C@Y$_yko$@Rf3mo?@`E(?IHi0^ zVa8lMAV6wy*5-+~H2)0Ssi>tat#z4JYq9q58!4CiO54%Oh4SP_?OqH5i0MVtsh;hT3E*tE%TLga)~GCrBk$El zT4!a!5DG_i+x;Tk#{L@;84aN28ni9i&H2u=)P&I-ylO_(2rr#CQnV%jnL6%V z{>XpP%TTivm*wU7%^q|U~B1waiDX~nLaJq({a z$J~O{fYdouir)k7b&c>a4uMTJ-II`qrNLOq*(Y^-i@;tl+n&=Tt5x%_k3$6KGkrBYYAz zwxmxRR9E15CG#sl{7zI5!C?GJS=?(#i4Cy(lOe&v~+`P+pr`hunLbTq=}3YoZATO|GSZaR0T zNY2%Km+Teb@yS#CuYvOU1KSM>Du)OxvRv-ZICB5^xW8s@K>zge}RLgoJ7k)P~+qWXwp^w<5`9gLzr^Yb9KfmXD0=~XP>b!VPOygc4=#`@ zuYs_YNjZrT!;Lx3&gbCZ09&vKUa9-N!E2D?M>pyG1I6k$Bhwq{%UjB;e+UV)jXf?< z0LqxZ^5nZ-3W1)MWyWwEzRD#OT~L^DVh z01EC?44A6qw<{&_Yuf^<)4$d5|B%hP{rLEh9gFmzZW|e_@{DsNu4c3v!u`4Sxea*c zSo7$zI;zd9joFLX%U;9hf7T6Dv@YsczLz^$H-8Ml!%sR!UR?J@-L>5GE+RBt6;uWq zH1l&y4SJ_94jcS7T+pAk!hGtIl^V_gkb0wn1MPtzUpavz+}0fs0$l-8%-j=|!@Qdf zKC@53J01Ko1~_i3Y=1B#G+65s=xuHYG_v?b3!Wvg5g@$wRrz!b%23+y?Bxa>Xsb^4 zLZoluG#KAvcgDT(YaB>^zm-Fo4XH-AOTlOGaV+Rmzl(Lb0Q88jm&~60%Q7nLbZP3s z*5-R0)&`e>E+V>119ZWE!#owliqhUj(8VV(lZ?bO7|&1QIi%1jNT&m8;ME3#^B^9uB$Wr%JX#LXM;HWJ8*^#1EZ?$T>g_VKm?^ysbp?5 z`~90tGuq{5KSl9_%N}f#2scrn8BRs=y7ustL!nnZgETAXe1$P&f7i0mX5e)UFROP8 z-V(e>_RlWellF&fI8O-2?da@i3DeYCkz=(&fB36nNHIT5RF>4t5NtV%;_gzQHcT)d z6ljvg<#o=(Gwg0?60Mebpb&sQx;xtKyk+RqNXfbxsvQXajGb8v}330F!|rgdG~9m=rkV#-Ll8T z_|&z`^w06nWz_6UCL`3i!vc5>6%#*lGLjZa(DhH*jf{EQ7WHdED%bJ37T++3!yZU7 zW$-;=migDYCzP22Z*_A^0%%kiXSnS(wTshsOqRCAb{kdh#aW5pxY|r!{;Uc{I{B}) zjy5gAt{8!^0XFp506HeuWnGNCYzbD}1e=8XoHw$lWGOx`2b~Ucx7Zg|aUmJbV5rP8 z6o%aRumGFAcm^r@f!GcZc@xF%XR^fi7^|VOgt*wh+L*D$HKRWvU2n+!TFDFA;%ZmS zHIs;lBcfTmF$wRcq3?2c07y8}{|G*!?ELXdPY(yD&$RIc>T}VaUfwEDAFbzbrP%z` za#8jB`g89rpcJTL51KO@m=gM;Q(nb=2IjhZH;27BE89L|uB;eUc;PWAx{=ltREt_5 zH~Q@z@#tOy>OG~1L_yy3M*_>;v{T!7F6WXFHv6VToju6h>?1KDCqck=X*)3%5 z-=O-YI=|LZ!HU3B$K9Ek_S*s3tPueYq7PO3dtf<0FOOJUT#R0#vEYFR0`|E}C1~tN z7|^qW;X7jmIzN#A{X05Jq#3RHu=_=(N@&2xJ1*bG(Wa4WR7vVMKEKHN^+z=4JYwfv z!{i^%AhtczGsKl<0(}i#)cOluG~ir;Ma#9l)FT9cLeE3<8b#qbuGaMz%M1~SCDSsd7=^wC3eGs??QSp#OE!aI_S9?2J zt6~sT$fZEjMhw1p)-=a=-VE|C_bLm>0?N)5U=OQba7^_1L|!=vfHMFR{Boh z!Pe?~Ko5jF`IR&J=ee6YYm)A-GBZGbQWi1SVzG&{4&$T{N4qZSOST_^J4ZyH%Z=*x z=0{4zl16G6!Yr$&d=dUo><|7HPQghIk%aX3QA1?zmn9}qBRHnuph#3Veu)IMI~{R~ z>QCw2obTESqD@|7k86jHBSJ#xgJb$)A=vmp6M%5QXINOO>N?j3hJ|hZO`ur?^bDt> z`~h$d9U9BxA6c)?aEnO(XAC%l?Fi@Lv2?R*u(3+`X!ViAgH&8j6H%Gg9)@~al|Re# zYOkIZ`b#>cyT=@@psq3qS36DYBEI6lRddVsQsp5)<-RD;%V*Vjsm1=afBOAaeocs< zpZe^y^2g?C<;-i0nC@0@0C3@n9&27yMdI-aXGwcyh$9{#H;NK&`cDQneM^I%?F@(U z!mfU*7H24Fdy@JL_zNO2f{oF_5rvpNE?3NUVQgbM~QZKjZLP3{J{g(8!8$;008Xn?ywJzlSY=@ zBvm*R9wC#u0(=tSv@^pMBhl>VorOR-po6L28{_^gqO8Vo2U3+7z&_eI-rP^;W4pSk zeC@zao-xO*KBWSTfVD*HKsNU=^}c)&P##d0h_)J%u1{F2-^#2TfeK+#{81gvi1Tu_ zfqo7NV4bhOIhk8PJZat!z)@V8m0+`N&-uBev^s?fAIIhbFj8Jvl9uKPiSKt;rfmaQ z6WQm>tmnn*!?Svh^9ax-M%G0oenyi+LWB>pwaK--O3nY;1;DuhN+@^ZEh*QtzO&oa z<1vDpos)YvKuuiWYh!B2%4cBpU+qBNA9{*CQoM_gdXaG0Y;H^hIU&E^TP$4A-@Q>MAAUwS381?We(_YWza6>zBxqB2imMHuN`MoZ3BV^MkN3o zH>^mUT`pdHEY$%+C^InPt5!;l_ER6_rTLEUmlDQh!2^j{%os>k)4ET-b{DSaQM^^v zWsL_-j}j>%dDBOVNuJ{k!_H)WvrCFd#QvLBV-(giKxZ3neoTqKIC(=bF1(wrXQv@8 zo`Pib-aH2;h5M6Vsa8y9JR@=X{YUb#e?t}Kp74#6J)_2K;mGqV)vY2_gYA9E*s42jdk z+B`A3MJF(4xmKS`79?|FmTeCN**_plRQH-YRHhydu1JS8;nC*b$!;Bl)v1ak@x0Sy%zaP7tm! zz0Xt)F&Mbqm9J1|Zc*~&0XMthrPNGFgyyX3ccE3IAU$4fGuxAPxl!!ZQ`G%sLsG1( zTXAxQg-OExOvsMt%<5Hu6k{P%j~_4aN=*W|?x2AchjO@ZL2=6@T_IR^p|I3py2HY)GDO7QxwoWIGxL~bf8HONbQJ6qR%i{;?s zp-942*D|8kc^{rfXVurB>;Dvmv6XTcTEVvhG&tYAXjdgOkOxI3lXsXkhd%+y zLn1(mwoZPQ)b(*@?X?^a!~1Qr6@)i=CKEYM*1 z9rHBx!zw8_nhj+cH2NC5srC`Y3pyY+mS+e~ygTrT2+dD90MvihH;*7Dqv4DDq_85cl}-EqAB^X#ewa|L;l zeC(Vn8S1-GMMrp6Y!s={FKTT42ZzTQ2dR3xKdVNk>eQ+64I+4LtLjcAY%$s#6l>qf zg8FPP!z4$DEF~`SV2l_`zQXt`?hENw%=G_8tP!XG+VYB4!XwWU$UfWXPAZJc?MApZ zL_FfQ7oj+sFW}a#4>r%Slg#{d+&+c9Q7|!pq0;tkI9bY(O(pp#r*6;)$Sm4Yz!>L) zgiMarOKLz2b*0EB%d8~-O&;zC8%7SUC*t#?5u=CK-=;Pm#cewiY5d`f%#g#}mQ9Bm zRZ{=n*BrJK3r;(yy{07VL|;P0KyL|Oc)tj|clzD1SoWu^7|ZYdsOjEe3a6AuH+N41 z0Gc`JlRv4ZOd5oi`!W=#R_Atr0H#!}jkTuSSmo*lgl9%CJwwEcoW?P+6^tq^O}`eI z9hUW);#mY#Pa4wwM>h~+j%Z1qXO)X0Ic#=aJO6dUq3?xF=7kngdx`JP{oZ zJ^N}d(S$ols;?>CKl+vnaLuhe3?h!^Aq}KQuB%6zg-h=WCRugRq-Add5V;nyXkXr_ zjPn0e4ijJE1&e!`AmjY6auxkIf5ATNqpd0w9_oW#2K3yrF2R0*s&}-Xs%2X*!sBh@ z{@YdG@tnC&%2$KroVsR(75V(UEmCPy4FO@e2;a&89fAsQ9X$0#Amxwi2gc=_&MzLJAb} zN2Y4D2wNsc5ULb8?vyeY&>I1$KUO7^{51+3Z}PXuhg$tmVy&NKy11ZEWTQECEm??W zacB1=@3I}^z`z5Lk)(O=Wo2^3@Y-!7Q;zf?JrO-1oB@?ytWELK%%6(T$|kk?iI%Lh z)0cHjx|SOAxzcJEN#hClvbb+)i_xty$v|h4qW88Zw*rr?oa)L-T04Rdbtl}0x}63r zlStC$AYX5)rMW*|Z3f+k(^0t~p}|$;W9H~oVdXr}mUO{3*%@UQ7$u!gz}Ksd+)7sRjkzb7F;kr%&ClM@s#_K_1j#F^2gKUX?eu9&c$Er86s`I4cNj;Wms6Y~PUBaUPDdTc0(GWjBA3A$rLj9E03%%m zin*!Lz{3hU^HD#jw)U4{B-eshD{E?!Kt46>cYKnjK3~?%&T-*~He{6TLGai-NnJKM zYN-DiHt z!Ifz6d5x!H?0RgvMfv~;LbjztauECUOtcpo($`N?&ov(mW9{4mx7R$TEY-~3Bg0@B zP;It+x#xz^Y&$EfR77yEx#vo5!W{yU!h{GE8E9y~TZ|6#kiT7Uh@*1N&{V7`bBxn2 zhFe@cB}-su6hh-1y#Hyz$A^041$}?2ntkX}!N>vr3I*y5oTl^kqw{ha!LDyyx>^i6 zS#8zd;oAe*wF=T9J8fvFzo`cG^xg@Bg6VOZ;6ripdLSgQhX~HmB!zm!0%euA=KGk# zZGXJOmFJzjh)vmU5Bm!ZQ@=w^XlIoY8x$~7fn2}ra}inAr(_UzwXl|Vbrr+RyfT8> zOVc7$3h##1QhL;#mt~cw%ERjZkUvtN+B8HH*|kNt;~E!|?W?~W!yd<#UMMb#6?%;QIOc{`?Y?EG z$>_wLD@X!?(?`U3jX3#7x5C;O1~PB73@o%_M(RPO!=%cZ2oDOw2cO;_iWoudPj8Jw zEs>ygu%;KTqrYBhUPBTLE2-t};ND#gsr~KSs0*R5H~wZ86jaGh)<#>nIsyV17>K|o zJAQZn`1Q;_VdiQE&;6FlFbz={He0U#DMC-4{^|Ezs>WS^)m8hWrDnhpC=gj}uB%J~ zjd>JfCMV@CNw>S8Odpgp5x8?4FBt@$hgd{5LsWHv$ za%9VhQL~;rt=i#iT(9p_)))C!C(1cAvK4wdGdi_XeQJ2XAm#qc% z5rI4S5N41@{)E>iMp*SL8T`3?%(QQJWB-amLvT3RAGv-~x@@@{`X|)OvjHmsS@!ri zu84rN{lWaQGPf29Oq3b)wDV8t*KGR;VjAi%;A3!vPLZ~zGEIlS=I33WYKr45cv0_g z!#E*9bDQ2KrF6WOFAL9oW>3bP7$;qM<~*1k%vaOtL-J7|egPPlNm7t!LL_ip8FN;x z1Sn~Ir*JkzXcBch@5LyGxd|JQ1FPUUHNMId7pZ?hGOLymfP=b3y zj}gonb)6JYX4Ng=py=`&rX=I21tE)~92!t7P>o&oU&Ie0v&ZjM=|gXvc#sv zQi!T!bleQvwr*F84xclUAh-NRc3o7o{-rdDhD5bx@Qh3(Xsg{UZ{&EW?!#kl6Y9em zIJP^Y$`Knd-|VGH+-E;xEjdYIV^d^Kv4#Rn}&aeI!; z#=dn$&VMmV=}Y9A*H`0|pBA;!9$V=FFyeOiT79_+lQ$~tW%sy_p zpT*Fx$%~GT+6v{5sd%8ipOx)2c|2(K@vIlh&`+l?$&~0H-|E44sKknTf>K|N z2U%luoUwlNaYCa*BC?&;r$Cosq^yPzoDB}BMKsgjAgD>~>d8t&InMhV{I(>XR~c0J zvZY%6296{FCzgFI<|xQqSVZ#Z-u*mRrqb5EfL5{tFKhtQLg(Qz(F2 za{dqpjR_B7*Tf4MY{X9;^)bz1J*{W(*|lC&e7V|XJh%prLzJw!eidMzLdV60TUUKf zjqAfmx|N&Q(13t!r;qvm4eCOIv5)(}#NV~JEy|*0?Yq!MLu}GRdx65*bFzW$q5EA{ ztk&yvp$Og$Z}8gtbjGg*bFo;g2VX#Yob;c=UQ|d#zE+3@581Pho4?a7v;5Z(wqyJ& z*Y<1t&kWHP&G2GWgN{!z=hVheoE>}%)@#NKNA|Qknngw2T17W3oNHPhU&n4{;WG{@ z@mhJDTwcqfQE>TT;F=Yq`Y}koXVy7H!-ai{k(T76@a$-sc>MB zzWp*ebt(tQ=mZzI!I7%)XL$B`$Cq1K4IScLi5ygJ49sR(&7UmVzzn~FGe&sVoH&%)tq_T!p1mQZvO-wM0>txn zPPIKVtDu~;+2b7Y;h^U?t!R34=QUV`?0${F_(D)9Md0|lOp=AUFL<<)DwbMMg08kc z%b+lefn+`GPVOmGu1j(GNN}@R9>rf*W-_f*P8DJzL|&hGm+4~V^muuxy`R?Avp3{f&6FM`IJJN?V*nb_;K#8jT*s6^|EUr7APh%5`YXlN@5>E{gtdy#PYz_K+GR)F0u{OC`xn3|Kcs;X|j;YUpu^ zvldGG42P|X6u^I#H~5Rjk$bv=HxEezvUjJ6njLGFXXwhkPC8S zSM_SF`I`AwtA1zDuOC!6Jok=oT!)!sUiPDLbu;iWj||UqY@}I3!Bdm(ZgQB9pOtuLa~Koy|Y)3<}bwvQN0JJWtTtY>qWePg9#><%fRmmP6 znXREMI%_-wL!=PmSAIGzX;}uUv53T9&$F>>}W@5$;R+S+6XLalt^-#&F7$tYXXYv9}%!TS*aj5vIJ?R%*I`Rcp5_dV2D>R z7+5A_SjGx^X#24BxKe6GBd6`3S4W#R?M_lUa;A z`l;1j;YC$Sh~q~1{|kaRpn}KELL&bi6Z#+&_ht9jQm1mMUFrS@1l``irsiRKL$ZPG zTZ|p|-_b~&%no9JH&H$7!er-1t$#HfXM(9+`Nx#DzerVRt`yuIf=JO zpK#VhGp-5thh=O>R;$Dy#ZuNVchtzr2SH~*)b2hFBvQB6oBWt2#JVg3=VC|$U8oZQ zUoZlQHI2P(d3sb+!7rq9kC{|BoOe8Ev+Vl&gAtREIKXer_|PFmy!RBb(>G) zH#(`tpXWi+>*L(BO;bYTgsaVk&VS^b(YIhAsw|m!Du%*Ija#Agy^On4sD2jb9LLOv zIxVjJP!(ph4yhG{i|0 zLp{qLj1k8Kd7?qj!uq!XqzJk5?uWP@&QERVvSsYz!j+k`i^drTTS}-$PSB}*Bk6Ap zP2&uaT_qhse~#Q^G3@qKKcgAQ#3!!Dz#BpNd=OvSoGx&c$*DCOrS6JqY7pB)fFaQP zU)|&vz;CHQ#XG{WiqX_BU7%i3VSiLEMMjlTUhJwWvGvy5c~#%L68U0+Mwq(2TOY@m z9>7Oa&YWLcj$W0+&ds-y9$?}qE9eM-eYf3qOwU{vbhta*aNsHh?SmX*+IrXGbOPNb zSM8wt1030!tDc^oj*f}hnnPfjQdL!jT6Y&&Tw7jQfy-^lF!oPtwp9-)-$(bFeAO2u z^S__!u@wJCB+a7rr$0hZfLU$Np0MAHo6SjC&1PayLRBF-kf|1K=i%l-&%Hha>Zk39 zsE7kshjqcbbyu?&lETigdIZ;IT5iZ-f4}f0Yy7rF|C5}4(Te_cphz71_)GN{F8$!S zE&ekNsmx2)L5fRiKuYZyUL6+)^ue4@Gi(lUI ze4R7ta70R7r_-7imDzt^vV_R)Ump2iIsvBt3q^B_ve{j9CoIP6wR`jpKMm%0h9-hw`L}}@AYNxHhgGN zvI>%t8ANUyLfQ3=&=zpWNF$4RkBpJECJ{^sqBpdWnzdt6#qvWJdqz1WW1$;kD?vv9 za8a-bQb)>>QtvyfD+0qD1qoD6EK&m&M9zb#k-o1t_Xhe>WI1{J_+w%QT!Z&5I;&k} z#aTx-omh0DND)UzN1M`yk3`*nbS*3TI_8Ao+M>?z1?96&JY4x<%yDAKEv@?WZ2J=D zWT(>;mdht2$p##mczBP4H%p3E8pp=Q`X=C=rZ?;>4ah4QEDWkwoPt6a#uWI{U$)<$ z%*rcn7FB_;%-F^FsMWE~J>z^e^1My0wQ_-DqntNmeBtf^^WeJm_xZ6t%sA9^v8cvZ z1PM2THqCV`ikuhepX>vT+b=O98%dn9_x}#9S%_a8$EjF6^*;*XzZc=_twZn+#)mI_ zh-Z8O@M!k*h=?N{Xopk^=#K`J)SNj#@B01GY0pq3>q>3<>QtWQ*L9XE6$;07o~#_W zsS9~s_Vwy=92(h+07^l8>z$;fDHO(H@b|$*x7v|(2Q^VlkrdqtbU)O&4;Bg-Ydy;159ie@3`HxhC)kxkm$+P7prH^Ld`53sGjHKXO zrz7ePRFgW^$0k2WowEN{^RZkM6PDsCDeR&)>vtLq_%1FnCbXZ-rPqH=9LHb;6T=yy z_?u|WQ|i8X%Q=!sa=IOVk`44#hsggO^9ohwhAVxa4G*tkckZDXC1SrV3UgaJjF+wO zhk4E6ck!YS{Vj8#QFeOIrE=Bl7%@K3RYxLj){&+9qtSDVrAk{dp5 z2l137+TIN~FQZ5`U91oWBYVqu2N(S=7}Anz=hN6nOyUn>C~XVL*1)d;n|~SwmnYs& z$Q#0sHGsJ&FBka5)?!}{sn;x-84pM6CI)3d4H2i=Ox@^V`c!9Z1*XuCm$a93QZRof z{cCditZ1S(YP(i+q|n_j=aOvPy?VYVYI{!y-yXptlhm^3S&D`O!uX!I9nVY_8Z3e3 zs7b_=`=4P~T{|Nr8FBXK56+xhCfq;g zOT~1nM2)L}93>E``}*m@MDG5lD3^&3cIOFY6F>lxFtqaX z@4j7WFU?Yym6c=VT5eX=V`6nzaU72-%#&%eb`yro6J`UKe*kGi40!D~J|d0$fv;fG z0E$|tQ!`>%#s+-R19TL~<;-gH0+Yt(B0+R)Y%XO~aPXJkgzsV9z%iEtMrR#-hd(E2 zHqE(-!^lpU_VTSU@)~NQ_Qy!Bdfoj}_$8u=Ml5paF=x#|)Q;~P_h!NHmIK@Iobs{u zl;{GXebw2l^84W3^D-cZYGK==&7I?9>1|SN$0ll8ak8FJ-}o_Iyaryvwk{VWDhmMlF4zElVMm&Za%Mt93m-PH+** zb`MT453!_w1tj-bXO{%!7Jh_MzRd(_kUH^WZ6>X%yPHo%_EGy_H*< z3+T^IQT41f5CEe&8JKEL8I5hYA)HPga6hmLmG9F-zy?ux|2X?km~W>!)iJJa4rX5& ziF{+QS)D0~I{oTVqKdA>Gx0a!p#Y_($GC+7renX5;c4-`-zBErPOWx&2Va_B^f^8g zbC-zjW#*(OOwM;r;Dd0-@u5&CZ2oTZaK1)swod$d8N_#6m^{RY#R|Agrc3!>miF!D zM;Ih&+++len2u>{;g-uvrS^~QT ziMk+}TeF1fv6NM zo~#{C`HgnJK$V6*G6vN&P}K4+L=M~%H0I3QssGiuUxqt_` zJ1GSb5VfO($&b{)Cpbi-fMe+<&kY@|W~Ny4b#bctTF7KtDGN`Fv4e69Brx;+H32!e zOlLw;j!$6GkW-ZwCd|;}$cd)5IYpNS8lo1?ZRhWD_6I~$X_Wdw4<6!w`*E>OUObVE z2fRBMB6fo*4r0^bJ_I7(DBaZDYz>U67iu8oGdTN}Xd&Xg62pypUf9nGzu zl7S280&lV62i;M8=p>JoRw;QprGUK#Lmu-Q)r2|hjUxA`;}@k12N#dZ2TrZe9;kz{jppU0q^b^Q8 zB$kE>5NACv&dd>lrUC-iP;VT6k`yuPt7IZ)Ruk@TX}woNB55`*tSz&IBCU`f?i(HW zXn>c{my5#ki_n68Yk|!&zX99|d+xiqcJZ7}Sm!HU&`dsh%q?W0Af;84qQqRv7Kq=w zh4|dXI8A@KeZ$H1ZI?kOWv=WYs12p_pSd=_?Fs@TG=6ue&hHQ$Wn!k5KE{nH?}oEq zrcl+nwFMF9d6b&zD1Pym*#TzkkoMm4P_5 zsD$!9>SXi25IFPMT)FkI#}J&1mswwKeB#zS53N^uDq$i{;~I1^jqE56;p`M}m3=z%$h zMZ4zjFQJlG?}clN)oeOyMKR)M}z_SkY?BT3PM2>Ar}Lujit2% z=tKxt8He>aQF$@E6Su|}Le5Du*9n*Z9^reCcQohwL&j(@@XPA@6IJW>fU@`kJqa&K z|Gm*q$oU-t6iNO^bys~V^9m_%aWP_@DqFd%uJ1m-CHlScP^_IEDdhkr+f=FLez_%G4eCZ&DI_xwKGJ7SdAihrdfv)BAGm zwz}!5We*c0eTU>+r@N@pRYrHoHC8({H5umytsu=^os_AjK)XlC--LZgAj+raW!N2T z_whGsYO4aBbSyc2Zce=mK?;Mt_v(P7U_o%-Ber#)D43J#s`)^snY`f)y&|Qkwi6O* zgi8{z zu-UKZPfSWkO|96I3!NeS?1hZJc;pyyAtF8NyzJJSQ1$Pkeh2_z&c{=wQU3q3sAu?> zu3)yN#+(pM)A-q00}W3G+sOFb>~_?IJLzIes~jgFQb52BbyokCn1b#%a+F7JB854< zor{2o8Gad!ul__$2jj^dVR*#uLdk%k;g33OcG=#8R)8EZ;6 zr@~$4fPf4!Oixhsi7ljOZd60jVVf$p<+UTg%C>b{b9;hBLNrk3e8{ zks7-Sm&AYqGclw%1MvFO474233VZ?jRQn~sIuofuGaC@`hGjQI zPItak%jZm^@Q9(#;FfTS&#K`QuU^!|#{OS46fBhOr_BqOprq&K3EjD_<1GytgHZI0ieYe+1-<6m>cZlh0XY*?hPZw^|n#k(MejW0H}wYzKRz|tj! zfkGhmt3ZN^!!?RFk#0t#t|Imv<&mj$6jp4`t+8*P*2qwP@W47Te$>y2kMQzA4K zzSO#}e3{yT9V`R+_D#A!H2CY)5%e53aS0vOPf=ez4ix2!W%Jz3AbB}r{eRTvKaQ>X zp<_ve{vh;e#<7}^QZ0$a!81stIpX#1o}G1W&r-mB^Qm$H9w5A zACdS4MyrJh*WPbE4WC)N8TU>El-vT4LDrpjVA0V1XKj28<&d1;Yv?Hq zkYyIkTE8FMF#I0;U~EkvXPfUEQke7=cEfUHC!7+raXg)!S22oM)LhCB&S-(&5`7a`4F`Zf<;LDU!l1ezbYuKhf zK9f2@?s@qvLy~G1Am%DD#Ajg)KRn&FLC zo)Y#vuPYpFQBJ9WJ2=>=@RkAm;KKry-Q5P%*Pr(G}T|4%`Tl`k+-yL;bw&3+35nRj62?)vIPFPxB4|1 zaU(Frrec>jdbM_H*MjVXKC;CQ*ks{m|IOyv7&9E)4wzl35Ed1k*|vb$Ck2Seqw}zt zty_^tK{g#|7tc!IymHa%VpyY{ZVdRX#xcr7o3Ua@~bh=s~sGJUV&VQ$eo285#d+xf$ zLgT)jF1UHXpS;LjXe~#B0YTU$7uc@ZiIYyt_fK3V$_e^2iB?Hy6OG{wv@l_e$OAC_ z(Ib#OG9P%*wd!layXIfp3L&50>e7PFuRvpYHq4HfuB_&U{r9(4h=#SHaOLS)SjtAw9>kD5viNDSg~*Ja^QN6Ys>* zHVF2}5$m3-_ZK#T3QP0U&_~X{L?Z$;rTQg z!4AeUW~EOrJBp!kI@s33O0O&74O*`jRYfEJ{}8E&hzKtyBgXs`VfXHs-u2t-O%h)Y ze`brAM#j+{phH1<#Tz&l5u{ZA=hSKA|KaJIYtRm)mh zwr$(CjVtqhx6k)?|JU_LS3S--uXA2_f(;6FDi-O>K@k#Nso)RbUeQ_jiiC#Zr-~K2 zATtC9<&JHOE}uJJ1F?D8nqzCUB#moYvo%(3oRvIfm0XK@H%4_SdSK&dA-74m`?T(y zzX8hrEj9FVteXNE)D zNr?<4nwaBD4Z9S~9glO@+t|eXKP>=;-|oDi2NSuMh^!=sw(mfl?THq?$xWkl!XC%A zVw_%v*521j=D;eIkJCSB>SVWE3`&L$1IBV}c#)XvlM((=bics^9M`oBM=duje~NuV z;V&78`rLOgppzR2MXb1Wj+qs|tsBsRdS2csqy78=ezcBetJib?OR~Ut)Fr)RgXz^r z4emO~%dB+RgEp?ekma~xz54Eb+q~4O)>Gd2cRL6_dC%ZrDUWUT+qnfvd)FJ?4m}*B z*-+UY+os)}Temoo--De8DB~~N&ozYK(G>4*fIl>2P0dy}_0z?Kx^^}P%@|UIy}A~C zna1T0t5zNQ1nQ)q1?cskX7C@=rUD3UG?1YQQ4F1oh+eB>G@>f}cpG64S4ro5&k2u1 zM4Y3$ocj~?o#aXXip*2;lm8aQVt~cdgw-CmD$n*?{)I9b;zH!Wsx&y5GZcfp76mj> ziSAS{SBLmKHSaQ>gut2a6dW*D3+{LLe$D!^specvo)L@F@BN@KX{(!hez*|DevMQ2 zMMX)KUBL|lH9@CS7-Z>_%lC~kp7lwLel5~>wgmsK&X0`0B90D)o>w9fZbClqCs*WU z)lXg6T@OPqydtBzFackT3x^7>GFeRR9N~VJp#)Y9rW(iVW_{A8L;})6C5y|4neuHfDnVSG!(~}x(v%Mq5D5LDdKK{*Rxv=vq5^G_4?WCOh$SwB zkWLW#!W-F(*~X&4=@I_z3CjGkdVf9djd({fVXr29f}x{xE|p|42L6672|(M3|H9@o zJY<`ewp~)$8eF>XqxjjtYEF#IL2+#{#P9W~mxu(0kkTk|A6oU4QT{nYyX7&tYOL|L zB+x1p?3_(WP~P$BIi7ynoc}+O73KshJ$2%Idq98Qo`x?dAZB3_pqi~| zI-xx;5w`uwWz}v%-{t3NfAc(7s*YBbm6f#-X$UCjo6!;gxg}8P`k9)B4#g|l!oMZh z^x%?z6>=kvp_4hq3C6O8cd2c%FLzZ4>q4dN3EAE>|sLv&Y`Ix=ccCuwKf*r zF|BBg3YE)Zug*W|vM`Hwr|<`V{8aF5VLBa$kK>36$eD061^+f_uQ_zeVGWs z=CWHewtjdydCLuh7Zl#*TW~Ku+#j!hS)f)EI~BEmPy<*O$C6^t58t?_M6d9ix_NN;-|r(03@!%GuRVXTJiX4$r_A_M)u)RRoIyXr(ic#pivD`{cB=qK1aV zGcn`v1>qX|+3d~8UTbKKI_RfA5HQ~#+OPvT#riKK5 zA%i~ZfP&a;NIlwi8$~RKYxE@ewxc?)mZ(mN*9msYvXMEph@_` z?u`lDB`vgIZEKuh9@>@gON%Uh;^R-WzWRE`8o7Ae*(n_5&}SX5-zmM?3|ork4Gn9v z)_i!2j|lD*b`}ULyk6WA!wmTXVM$t1R6dSuS-5r|rfeKK^38|V_e7D|MYxwKXZFX& zviD8;iQ#?O9@ga}^^*-V9adct0tTEZ~{Hf#+rz>B%@4XI%#Rw8QasIy&>G6n|+r}G``*MZJXTe1`uy!LFT;`4_psBJ;=%-qjo zNzYithdQ0L4B8}cD~4EP!`ya^D)*Yh`Vq6Goq+)DCO77Qj@)S>Z=e5CMj9j`my%vv#QuC73O4gW z2vrM<(I=Q3OX{te#4SxJ54|0~5O$Q+ZSR6$?){Dw7*UKHP^&DUtDSDg=QTy}WU?>a z*Pk+AA0OK*B!Wn;Lw#6)>=dLS<@kUSs^&^YC8VN}XM}GFr+R1pbBfQ=jL3b7aSW2YmXrcH}ud zhiD8c%$dF~NRG!|p~HU0VaI?a31USOx0(a~ez#22ZJCG?G!|k1G|14_j)4YS>ij(F zN0>xXaIvyfcgoZb4bbBLTzqsfjltaks@D!R37hV_!wX+4M(qw(ZORJ4{rnz;?|ocE z@5UdDz>|rI3l5+pJ39+Q%v75k3MDiFO1Xnr95~+}TJR-`zdga~cly1}=8xamcOKrf zTG5h2=^OMeCBfAXsfFJ=$HHI03M)4o^j-xyZy%)98iv9UQ1h56n(t;#TqI5^GKhZtCL+K?=$B!Z?)56__oUN>$D=@__ASx|@>h1bTTN(_?8=G?q?U(R zNzqVJJ!3en#WV>}W$(*GQ%HJzplQR+@rP%pvyYMz7RMNssF)`mWmh`S>wA~?CEsQl zvIJV8q2ZKXfYEM~N%lW*dMLn{SJ@oy2~&E$q7S!kvSkE-UT|^DO)X{qAeZTYs5Sex zm=$__`wZLaDOXlY3IsA&i`FH&TmN$UFi;~saE$>NxeoiJ-O=@RrJ<-53rYF+hkhzlM3(ST*Bs=wu7=tF_QtR8Gd&)R7eRH1P z2q6h)i=(WdZXP;wh~A8sdCD0u-@fMi#+5VOTYXjzY6IkF{+s9k?TPl6Bf||KgR$X6 zx~N54?f)cTT8-+vQf0>Zy2(ECYq@%p%yE?Y*?w1egmC_2HDK;ge}*^zDw+JFH_ubm z_5^IuR_xb#7L-$+ADg)uI`^tQrn`92;3--osV#Y~C?a$XCI8-Bx$#E*Y4gP>J-j$_ zwq{9VbHvNEddS3swH3*$H7Wq47AbUFiJvw7s6Y1E;!Q z_vV%8%j_c8Sie&hn2K0{9ZpXpy-}8x?2!Q$NeD7Dm1Iey= zLowO#;!!GxgOm^ENK@JTiU7ER$gjf&Xw7$?K_dgnX77skJ2aoTvD?w6jV9+VWx;mM z-W7ZPacpPM z=a;Ab$6iZZ%+bbD*kG{4(!(L|z4RyDX;TvZbrqoAy9!X+Rd90u>nhwKZLqSliHIMP zy0}D9m$zVhySbxfyiM+QSNnfDm<51t#bs5ocF8Qrd>x6%AuzCgQu*UOt>vXcpGueJ z%EVS8lSA>yjLw$mKEYeEsc^R?XsAN?z5=RyWt;$fQD?B?8ID3i1Sagc7uQb`RUC zD{jh)tw_g#Ior7C!9^pP{k2xTaY=tt-zj_Maod4|CyhIw4jt0HjtI@?q5*id#APP^ z^pi0KSc1yHC?c&Bbdp}iO?OoB&Nsuyu;T6j1oZ=r<`kH81F9iTzkcbJU{SX~oqCHF z+>V6=tGFkJKQ-7ux6hBj8+2_&B(mPFG3K)3nU4FOIIMpq#D-~q8ZztvVuEf8dBW;v zN=nMa%1WdBH&Rl=Tttb-bwu#FGwP0FbLZ>ruq@gk+D+}Vv2Kat`b}@?45n*5R!C~I zI|gKA;Ch13wQ=(ES<=_M^K-4%*iBA z==ki{gH#JDb~h3V(V&S|-J4rQ*!1%5*(`G@-;T=!pIx66)jr~^uw)6GUV;5Q>!11U zk{OkkQ>j^N7SA3L87bu9(Za3;5N5`1hq=m=v{;$ZhB2hO6pn9W!IJi}7mI>u_>Ev8 zvfA`lC07{SS<2F6p|m_!g+VdKBnr%YxECpV2jNdSm(8ULHa^sStbgOk`Gcv^z&=$z z_Y4Az9M#gD+hJNkNUklU36co=e#a);^5Fx?=XGb(f&*NGcvwezjj%iy_oCIvdT}V0K%HT-gd)XAK<+SD_ zjN6x{AF8{RILNwsq#f0fC=JEa#JmcEK-HCou$izX5=ACvh}}yoY50u5)3Abg5rN0DX!&AydWWA z`biiW=q|3nY`orw18)-z4MI!hH52&@L~0D9v{cK57Az`RpMz%^=q6*BPAmroM|yrI zs;$putiP#5nnf!odi6BY)MJHUvrh0C_T#q4tg5JYiuM*ft4t_IeK{h|FEX?Z?@V_w%O9bSYa~bd}xpini4dZ`{9q3>SY2-gDTj znh`k+@CR#_akZJy%6Ge=0%yW(*fJlFRaQO_{t4D*Y-Mnj^pRuk40iV&bK`*ma7sL` z%;WiB0G5;v(LZdHqBEx$Ug8*>Em%8MZGFA_?DzH&h^er-I_5YRIL{fBFJE%SlWGe= zPX&GXRqHDiIKkqSPh5W&Vd72x#v8et>pyy)PHM;sk<3V#*KLwx(8|$riYO#%Py(5# zKr}C%(ESU7Drv>pb8q>b?1jseMuV;L)G9-jgHG3;HCvqQ8cKxr$e;jvsS$MnOb=~c zM4x$ZA1@c*0#R4oukd1Cw;+v1n<}%+r>}ZZKJ7@6a#?&0k2|KHLs*=4V#K3rOg%?L z$Sk~M1odsFKdx{TBVEej6%^HPbXp$nK-zF(o3wR>KMbI=OCH!ftsr{G`XWWX28@eh z7n9jIWZpE|mV>Uf_OZmU$EFP;*X~%P5?Rh3k^+x$L*TBPd}~PO;Sj-Hyxb`9u8oZp ztmqrJb022=aksHB#iN7CrH2$|LF{q;GE4r&CYM8fTVKNB7|>*B#{jA6Ywy0Tj;FxM z`-gdQ9raN!A{YKj|E=nDL7I7dQdm3;{`_(Th4rNnLCtCo4CB!ZLGZ#m{gYy|!FK}5 z`uo6Y{ei}i1h_PTxgZSKI420s1tcuZb)$H3w0T_CJeImeW0>K7#%5q_TztDyi-nIL zRjJ?aWNpz4z+`vj$899uHJ~OI7D51@vgHFr`d%gWbL*_xtC!yl)1NE#);>PFOtYR8 zhMs}UUhH;8!z*cy3+0`AVyRZtTqT=os-cL41ztE-P{g9?ng5(BQvvY8Z{0G+Hy>0ZA zXq>@FX$dIP!$(2~u#(Q5B5K}7jb?)}mv&+Y#)zsrJn(C8mKUDr@duTBckDu%;$e{1 zd`|RD#I?1GLtBby`qEz`wFpA1O!$hycP63(VCWDf3Gok30PgGc^-rmTG|!6z zfGc)wNr1s1QytN802~xJpyA;IITGz!u<7XO}H{SJGs&A#*Fj%qPqwd@cE_@j>O(|bgtV?{1q=KNS(6@0X@uxn}Y^y@iZ;{7Lns@N9&+vLQo&89*<>$}gU;9)&yLS1)oO_cc>=PO< zVH7POtO1VyWWjM&jQy<#L0v3KWd+H$8+;6b$gWPA#HsK5p@6Hjgj}Hpp)k4NCRF}t zN6X2Vs=1iiLV*{}=z!Y=`91Y($>HqAD}clxt0*IG$`KQ31d7?yf~6Rnn>sowH`UKe zC&J_!70ZbB-ah7$llRFxCG`{AUo`Gmo1Eg{zP8m7q)vT~j#! z(82nyNowubJi;_%Dt&mck#GaX_o|8PgqDWIQ|SUn9;#WJ0okcGLCn@Rg9JAHd`i#v z1}ImI9HF#0^*LSw4y1T?~OhNZvQ&o<)} z-$A~=yz{(xAizJo7iXr>Bbhwfj*C|HlfiaLdBy7A&TWC`oOCZ$+*g*mLDs@xw|1GO31-cBS8Q zqyL_!PG~88mM}?@wp*NMTCRAI{W_L0N)Ii3rj6)4rw2guJyyM9E&yl40$X$pjGU5^ z5!${He*-_m%_PML(&Fa%dfXn4WsnI3g{r87gX-x;tdj9p(%{eB=V@i*@ylQ2|4dj* zOS;gh?nQjPGNFnc_}s0%yAvm)B!CDDD0cVndsvtq6WRsu z6H`p4lPZF|RhJrNM$_AhD{b`8OFou5Vr3lUyhU zhGlj4jDhmcWCO-hh!5|pb_jddO@*Mj$QI-m`Id{H$aHk|;H^^B#JuAmFP{H!&oM7n z)K`E_i{!hW#2LKT-`+%Yc1)D751xa7bSSXPADT(@b?-D=LVx9Ps7hB*GSuBSUiRT! z0!$J8r5aO}DuclazhG)E$f6HcB+eqsb`syp0;>~-978sJEgMXyKCUn}wxmvM%1bOe zZD2$hEqvnFq_va2ly}|Lv8ycl{DloGfzG}-LrU<7v92b{M7|%3i0w`rd}?}nc0=`{ z$2aFiD#@nNiT=xj{F|tUq8Y1_0ixhiJ5dmy)hfU3)jgwz zXu#NgE@pfESmW#CF`A^Qsp-JLz(LT+v@aR9gt)k@n%Yrefy^%bWGp^T=&^LNG>HDw zxz%{@l0RtyS)S&Hm|qBFxQA@B`LZo(ABfQLYAo0RKuLIC-iBYYKAkT#ap*p{Np{TY z+7;Q>6SRq+aI|73NGrUV(TfH<6w9;Z&ZCrj&RsKeEj7dqrKG~@&Ll-a?Tl<4WHEqZeMFGfbBlOAyStn40<(8Pa2g)@x%8p#gsA;Hu(OGR?T z(Dd2!vBn)2+ipD~LA6a@t#^vSEQXw#w617fgh-G+E1V0rC>v|+_tNk#EtK(Kx;ES)SZS? zf@&g(CXj$WV*&~2^ZjsQ)<01AMmThu%T_2WAk=%g=6=2z$+Fe~_`C(RzrCER02Yy6 zfT@r^Ag%hhd#%x){9R7L!PIY^L4P1j;3TKS{HvUQE!RbvRV{?d_>i*p=-frPtZzmkG#zj zguVhD7d3JYYR)fw3?cDo9r=)uEsq_qr|$B7$sU6qp`z20L)C)32NjKJQBWlU0Ebj@ zuE6}sNU&|noxw_jrl5do!Yxe9#LPb`mmDqfmVUO@`gA}UgB^qimXbD!H@$xrg0GML z2Ib^@mR5G`xCUFe9TAd701uXmh|iWXJiGL}HV?VMyBqgPY`NCQPw!ae6LU)xHVjq2EFDeTC4`ArK23^6=8KY5n$xKNMgP~x7i_Ev- z@)b#Nyj;)@ZD2VfLQsPQbm`)WHgyIq&>`AoGtX41CwZ6fn;xghUQ41{VBx@hH+?#e%iGJEbgLJEA-?N=dj9RzWGF8nDb3F6 zabK}ijZ=4UVB!HdVm6%CEhFLLo`9k0KLBt0S5i^{;WX|vNMOP*B?X`1vIR5y3eU1a zH(~ZmU08_@pM-26h(L-vAOd>a8X*gTqs;ULJgN)q*=@B!nuRgQ4X>2B1`XM&wDgiG2R4jaIp!&`Cva6pkKw{R#-v?I$Cg%(Z8q?=Y#$1KqP8b8)zo09NYNw1}#GWY9@O03#1EX-};0QotvEC*_3xwu^05 zHMwj&a{h=>ALtc|ND#5jlkdLwCm;_!6Ess+>hy&44;{hN#>`Bmci zEKr|2hWfYxYwY_7m^%U(VsJn24o$q{e^`(k0Bbf4NC5ajgXNXd!RNu&HU`WmzJT%Z z@v#EtIhX5iuNcM3<$YMjX`6l{ML&yy4pRh>M(Ir`+1nCF^SrVi9Ut4yYdSkp?rUJ* z5oJZ_fxE=^<_y_dxe46C`sY{CBj9+Y)qK+L+t+!(kkrA_ru}vT(cha@+FH`1z+{7T zIXyXbA`jrzKZb@vSKK0*^zOup{Uc)o{~!a{3HyxdBavf(iG#4@7!<1SwiqLgdYuJb zFp(qthmXcnLa0B+4mE0j(SG`%LW6|@?$V}Z)Ahw-C=WBw!fsobbw|y#+TGlvc-D8N ziC04`ceD;@a2h*s?~y2OJF6QJF*iu{P9#hAjKNCO={^)C-zSBn7Z1knW7RFd*#Bva z*K1J4{lZg`uWJ>)%t&%$aD@yQ^3YkEoinnbzQ2QiV1aly`2KIW4pfxTzV7F(7{2%# z_JCCd;@!IUo6iw`MEJti-SuJCR=OQ;&%Pmqz;i?)b2>qbhgR&7CTEVMPERnD7TQ%r!bFEQ z$;+!`$d+Wx{@M?O;YK+$T!6{7a>=vjN(t+HZZtU+cb$9Jz6C--8eLCS#0}_5U)H~n-4!rGn8UFoXuaf^+VkeJ#y5zKDh<;5Slu)ni_>t zG|&{5M7A-8pvaXTPn?~c{J2&!r~me-Lp~pM_QkVg22_*uC%@iq=NNjxk^P%7KI&MY1AQ(ONKWL9k65#sYFh+?lf8%*ieJQCJD}g$K-~6Bo9BViKKWzBI%4E@WX*71h7{X0pHp zURb?fH()}$Pyil%HlZ*Xp;2qQ%`WplN{3BwN2NEV{d`d_(5HIue?+)|mo*)I2P!CY zl_-Ch_^By*14F~Fj5WayI+SVs`0jAP?5n4~?WXjst@;L`J*0{$S}v*P5%455k+gG9 zOFL=uI|Art!d_n7G|eYJB5+v7P90ywu5$;Tm6X0_bE+KHV4x=R(~``|l|{dph~RkX zxWi@!rG*uBl)O3&7FS80ILtWoEx^EvT^yxssvXR!TmRIo{zVD?;>iibNq24YRJnc# zubNs)QEPh1tV$#2RBpTmIq;UEtJhmW#4Vk;{rLKoud!64#fAQ_w4>uqXJsdVZU}CF zIkkp{h2=03Fydr;#e9ouj!R0yys)+s7KWs0x!|9*cHT{!wzIdNb$Mu3Z?MU-uS+8k z0e9gpQ>}(vuCv5R09`(Kwtd(s>NjS0NP10&@qun_EK7t{HZV>4B*}Pr$`~P+p4hP)pzMG(^tpcS- z@{q}b-93$6URL(cm(sCZ)c#rBUXnOgVflT)FHKQ=Xj+=1R5@CJpC7=^`)Qf3rG3G` z@b~{)9ebT(UUs<`%RMX@n4&Vt3RXcCE{f{RZw+7CSX$s#gioI+*g)!dUo{fN?oqsJ z`OKAVZ`D|QWHP0Al794EP~K)LhN|QP1~QN;kOir-S}DuP#jxX35J*~8py^s#mR8jn zzzUO5+?_55x4PdIHRxM}x-MJR^Qp5V>@KJ@_K(+vgg~>tkyS$=Qublp$?&`=-rS_F zKa)jRF{D4KDJb{@f;~UucUump^AX+U_nVH(6uLtqBX3NQ&2f)KNwJeRHXa7nQF$0d zqVY>hI$db6_qTyQz}ehrA+o=|?Fc9aCVgN)H1T2J(Bi@U{zCUAwWIQ3WN+Iz(=*5$ z5OppplgknIE%j4ZQ~MpROs3NQd?m5sFfCP-u1_Boqp^RrJFMA6`_3}QLWfyXIcOlZ zX=$`lfso2zj*+di5bz6qMlif_ffO4%`#KH1EyMu9{=S|lrjq^0JNqDM*X5tz%mdgP0_milb( zL`Yx#U|t{@f4$D<$;!(5xc;v9##sh z6j@8oR0zeg07UezF8&KuD> znI>ejso}9Ue!gv|n5QR~mdB;gO?v=_|3M&!(J5}ZgA`-cv0Bd4Qr5vZVALFxjb*AI zf`l}j_7zMm#Wvih7saPn@Hgl4m{|>qX*Sq0Ya*P@pIi#u_9b?7ne-Nd?VO{SAFoKg zU2HxMPJ?@oOS>BWL=k?}ym~6In$x_3QR(QoYBpYO^z7g65*1nMbG?vXK>X9oxi{iknvl9mB`k+mV`NxZm-j1(U|+9wte>ngTKfye z(v)eRHI)>n#BrO_OeLGLWGI^^X;EiWQ&r)ZCjCIcqg^I zlhOz&jLeDdpSt^}&fj*0nZW?%EHsr+kHfsgEx^~_1`95Z*aErpGVtCxHZ(IUBx`#L znHEKbeyn}dVz*QLa@B`VkY8DM;mwTs!hRn5x!SEtrnzfoo zOYF$~3f#kI8POK;7eF$qyei^hO|NSD#p{(pS6)l2Oz%|_aBI^-b?tMD0(94~A9yZx zUTL}KUJ@RI$-%BTI62!fybou)#B%7lN%7f&B}@m-F!CXOL5wbcf!(hRFyn0ehIqR3 zbyR#Mj3oeJd*ISBdywh2U3xJ%s7_iwh%NUX3F@_l0p?tGbtR|~ynve~Dalex(C$5d zK1a4GU%Yfz`PZ9#FJWRrI?h&`Z2@~S%H6?ti>KYTeplRZbZU8$&&@i`k4MFw2`VR$ zy{caiJT$$>${V&m?~3=GU`OG}%FAc}F0vThjtrcb86nAwaBx!Bg}1rswkWU7d95~D zICj%QUn<5eaLxO8sVvfsA|}zFM)FI`Y)Q-g^G|BcT!eP-f?@X~nd!!awF{&&+1)sA8_vm(@m6ZGrZ0hc9(urDE#IqsH*y5 zQm=J(#Ia_|iQr_|OFzR(^Xszycl2V_7GUhmO=Gna#lqZQ?dc@Z2a3^Oa%CWhOrRWl z!4Cz+^pBOzx;#T6;L560>{c*j<@67oA-W=eR*$WGQn4h(l1ODShsbwMk4NL9x}XJ zhl`_z$PVH7_bzB|#Yyosa?3=6AhIK=Lu-EW7}DnPhoIto_GK}xZoUf+J%-k22^Ya~ zyFOGA35KKgd(7LEwo*ra0Y7^ElMU5YtS5TKe%kiuDzmWoUjJPs>w-s`Q#cy10L$md>3X%(Y1tFLlr&&Oi57L31*82MxvipO@zU|xF~_7B$CBD)gaN<0`3Ji7 zK3o5`>t-N^B2_iP^9GcFIC$mkhd7xM(fxZ~wFNa0Fx8mJUv-aEaQ4H6!v=G|J&^;& zgu+CEE|a1qqbhKe&boodkju*6_Q7OM=Q7~!B+=8;;G9*|X$%$;s7W05zmf)59lT7# z4lLuz;}gP{Y3~LERBtoErW*N^DQ%04P|;&_4X&(&*L?@IO_ybkzm_h5eEgwjq6`VK-9>clK^HLJoLA6v z$YNc=3>gV2!$5JfH&I#DTUxI};lSoL6TB9ZgNDva45Jx@k>npZ5rQ_g_CH1HO^1dN zxTcV3Mze291Fa=whVPYnJ~e03bHm1Lri)YVvkMQgsXJ8Kd~jY9e8%|bB(X<@i>UuC zP`|eYh~pu4!^5dOaaRpFxsOq&opU}w3D+g#{it9=g+#sG7pV|zkyQ}wn6YNBfmh}) z7PGLRl5WvtjG^`hxNZFoBx%OLH5I;gGw;# zz&6$6?lPO_x3P7A^pt266g#8K^3|WT#9pPJ}NK9 zylJ%#EqxL9(68%_$U|m}t3ek+r_kc(oo}aq;tFy%;R6$Yy8>!X`s;`GrObpwz`cS~f zX7cGF<1-e@@np`5<uvu6%dyC1H%8Szu-i)o%vaQj+X6dGGxJO|5o0D`9Y`J#kz1k|0> zzu@z2Lqd|zrw#b;Q~+f)1{hGU)psIUQcNpr`Y-;qItD7`$zXvtV{@XlM`9&6h9o93 zw47{W*_|D~(?x;B`?dS;J+i#gQTfxR`_@{`t#cnm>=Atxu#kf41;&`$H@?~H5p~mB z52=8wLq#KT4$%zm`gMc|^P-mWpmCp;Vo6rJvJpCIJI#E1&Tq<~CIQBKb=<2G@XQ+)a@T+YVT-=eC@%)2`@_F2l}rbh%| z&XS*{h5)r0G|)dG%$3%L7Hj+W2}siEB$1M0;v;M+U}$p3HiJYtz3K3I(llTsY}WrW z3_<4?W44F4AXS0KCq(Eo57}Z30+M*m%W4}*OeAQqfXMC#D4q3YXIkNCd`oPO2;GL; zC3Cr-KX>&?JJ4e-RtL@&Sx8G*L~ai05VRq4az4YImaaG0L8SETkjF~ zXWG4%E!xHJ6E_>{hZ8u1V#Guk4$nPi=qpB!^zV$Zu*${-svlI;)QZlCo#2OeX)0sV1&@XnHU!s1%ioksW|7)1H@s-G_%yY+(ky(M0FBnFm z+tW}lXy>pMRd(h}kO=yzkedtC%k7=lU6mT%H;bx`z1p~o%}qFPaQSr2`J&G&p5Q6~ ziMZsk%M;~4p;w%D<_jb#1u?Jz|7v95@3_p)k;3Nd&7QSrwN^TUZyowCCLzy}iUtx#uI4qy|d*d-LA_*NISG(F^{kkyfmAYXM$ zYD}FLTGO-876$+H43sSzH!)}%7MC4WcDv%WiHL9f8?h2Ja-Xa$EClWCLB9|(N=;QB z!xFp77G3NUFtl7g5_n!CZ*6Va0KRn;dO@KXX=%6~54(vj$EEcb0Q_rXFV*_2?t*^q zvRL~?9Kyc+AUoU!NU+^V%z5rNKB2AmyR?GnQ3X~Ks_ATVG`ZRKFWJ;FHElW}hHm~g zdx+s+gF~8g+dY$IM4u4-(yXjZRnG|KByiQTYaz3=HNs8Khz9R0T-CD8iyxT~1()K_gI>fT);fohQERQ!FXfQ9U+6x!HAHU5*^guvsvhgVaHQ-?6# zBkeOAg&3W?T_q!MIgjeR70|<6rF80X3l7O%QAh+`Uy>RHu|V)Un>hbZOj0 zb@EfCix|Vvnz>(hr2D~#D<5=bF3f}mUJsiIKWz-M%|DKxes<%u_AgkN&{BTAvyduq z0~xBApw%YR9ZoC#GEOL+Vu(exS;T_nO2DE>ZXr?^MA89gTb(9FKxhhAgfk(Sl?M)@tu4rJ0UmRm+OJm_?;?9)&y$8O>k|_noRA%F7meK&|JW}A zR}leude3Fk2q{^gC!tPV(z~=nLSbPc4Q7MHgdnl{ z?+a$dA1XjBrA|y_G?+`4UDN>?>e<7<9bO!d@FeIGuq`?So=xBd>o(%HTB!Ia!+9A% zRFSr=ht*I1-ot(0oPK;?oH6wh?1#f}fLAhA!K98SUHO zwRUedIIdECiN%08hfe1WW5f1a*KnnAAmFT}1SXWgcVQya&Cg&;{L_hf-}DMTpfdzf zMBBoj#)ACDPxze*v%URDL*w~re{yLJ)Ya+4wp_er+pSz}(_7%7!DY^)SI2zkMV`gK zS?wq5&X4I;&5rW6h87*Rr`HtAqHL;GKg3kYLs6smIM1Txt9XS-{Vvwv@9$Fwr)M7Y zI`nkjUaq&k;<6pt3XP}F1q^o}`wKQ9z;TZa9a)ktMrSCULw2w^Ke6n&>I{jeZvV|*pUVmk3#`K`TVuHfp^}7F{5LfzAlcAHe zSr9tq#I$4bQK`t@ue)z?E~YNGE;lbX?++PkmAhLFpPY=i@82$_k9)MQs}cJYRC)C? zji@RR(7inx6w<4lF7W1UQVZ2Q+*Qqv(97J=yE{Bg7`c(`TAhN9~Bz=)KT5)p#2K^t5a#%_zAqJKn2`iN{I54NZg!D!m+a21QXP&MpkG~=`O z*EJ+Hxp%#ezWwP>^J42_nUTkS*!y3};`_(#J=I5tXVG@})a}Qit=ZLhE$$6V*v_!$?%qw%vF2 zZFa6I)a{g*uK@yC5f%*tUElRKy8@LI2hkYFb9{(cHk>Rwd_FQOji)=WsT!EFx2S+g z`#b^_;MMoj1h)R7-Xu!nn$D~7aUT;zpxJv+*iUPwOK>{Vpnmc~ zmN5{JGxnk3Q2se8@`DcXf$kymd8$4%j{fnR*JxBZiPp=+^ly7> z=u5>&T}kK<1w(s;G15eHRa4V^=n!6XFcinCj!ByLr7JK1K74;T`rT$F^5UUBZ44UA z>OwHqUMfj{P-re4xiq&jhpb&6JDJW-WIIbA9VO6KU8Z`ds|jkl9zE0a){|y8iJtQR zwvAPx0}XjH_eTk9^H?zw+-6W{X!kbq!&Q09RhX^+sYK#mqx8S>xZ$4@`&A(pKY2fQ zpW{g2>m||AMfZ*YO`lAigjiYvw}UKZEhKtnz_WTbHdBT?giO}NJJ&l_Lpz+i`|V2b zrhl_LSXt29V=I)r>Q-cb=~t44%E3-pczk5&ZK%)tviuI}n8UHuIb*jENcMR4{ktq9 zk7}xxOV-IG0iPZu`L~+Mq;5)WPsQ21aCf4o@^{Sl@E;VZ_BJ%6@9XjHw~t^t|KK6( zzjLJrMkDK<1i^=@ER|3D$#=}Wo`w9Z(qA>-^E%>buegqBRKa&DwU#PfNLoc4m5{; zR9apShW4wD^NZ_%nJjo2N{rYN4dI zK9Og9J=`6fF7pktphS2_&^xi^+>j!vbbv%PQ8dNWst5B(K9gPfOxe;^6ybbP4R7VE*fjdNPI zWbt-hVz;!K%nk%7AMPa;-EY};y~_u)#fgii`ROC?xboxMBOsfXE>>qMkHBU7k@F~R zGQ4oP4JpWpf=<`4NF1Ld1NpQKU^KB836N2j>#eOdyh(zj&(~T{?cw+bD*N$q7746d zE`^sfSYMFqji&QutfyW>)H`&%dr~6AK9Yc^XKmIklDUR$XWvacS$RZl{rR89$6CitQ41=2JzPtAw4A00w?Lvvb@ z5HT6sVy?5Q4P(0r`D!%c^%725&=qYoAzRo6gCsNP>>ULAqXc~@27vMChqwci`tc-f zz;WKF{pFSc$EqQ#7HQ+HlQ^1FPp#I>5EzOY3t=ed>qoKm=}2APwZE;l0FpFD6My(_ zSs@n+-&$NjBPWa1qrkk{`W6VKzK<@>9t$k{do1+87`o5*+O9X1eJg~xB%EzU>*jQM z-lBF^N%v<-xaF(;$4Hvsf^OI6*M_&(Cmbq3e=wUzZxM5j0GPR0k{5CUPi4@(RP%XT z^WjQkwe3qxr^h^j?cF~3*D1725L-nR7m zHzYW)V2J$tPct4GL6ZoxoVsw}3gWFr=8ag?Z$7)N-WfJD+Ke3^Jtm;~0n7ckz{%>| zmR!BzxtzP+u`bEezmtTt{jX{cGv*Uv<m(f$fxLTxjgF8`pjW}I^vy#$n#>I21Xzbs-s}B zq|nbmlSs^^a;j?9x{8jhZaYgk9kms3X6QfTA(Xx?8tpE**4t8z#H1(6Ic>O*H**71 zY3-3(2~L%t$wJJq>4GuZj%2A*f*GsooAs_9WoGEX+T=)Ds(%WF~yBRL9>0}^rEoh{0x3FuGZ zcqu?*tGI7i(Uf>~#({9kb^?ULGm)U}^8S9o_J2VxrZ!gHK1wU)(E^;a_d1~n7`-2c zwc!%Dy~2*7%e(_Lt;rfEv^BkR$DI#;{ZOSQY6KZlW@|P(MZR1ns9ROOAp1H1sn{)@ z1{%@5fkcSz4VAQ!evT(_H^s~77@B1-0_l*Y4Wjf4m!Mlla*|7x(GaPF;+EE6WoOTu z`P~WfO2*EQJL56r{l$*eVPuzki$z0E_4puvr||+5D=Xz(vMIxGoPMvXUdw#_-=&i6 zM7RPEwoCg_j{CO9o#!57c${U}iQ5|8W)_J@8tULFc~)tM&SOhvnQFxEH>40M(AN|Z z#tLlm6U{E!&-7lqXCQ-FlP*EbdnCO$y&@QyE^jw3Yk0FZT7x1G@l&ZhDgIpnN>)vF z8<6?#sOn8^e=GNt%H_PURHBsgnuYae8v?C3;Nz#y7-g{yP$Z74iqf0lNGQ*Xw<>zf zLL2sw5J*WO<=q=FXX919UACorhVgtxk2i_hUZzm$6(k!uGY;TLj?aVmA?%Gk>*9xT zVmJM@b85r4y>_bYOsi<+&kXy^ECuc8J`~6lpB<%1f1lA4>x5GTu@Gi42 z$Hr6VUUwYR?cUzaxHrL0+&41{b3zs~Bp55UKL#Nuj{z*oC_4p28!&rKe>iJCFA2N_ z>KrV`qrTHjugAhg0E$)WJ`D_HT5a9y0t?JHqjc>i$Wkrz$O&+rS8NTd1045h_wN9V zkgm~KnrY@;vfyurt%ub0Ve|4ooVt^w-%Y`DZ%3vF7!8kf+b1VziFzoXR9tGOIk8DoL)k_=Cv#0b@|_X0+Q~ z)=?Jy)%Nmry4=Np01a@2+6}_*7*ERb@=JCpavNUSDRc{?c(KZh~%>2*y zmjL{zEO|sq6>%RrfWl!HGcOE=FOcyml!e2f{OV`#&$#4po7(E`y2rNg@?D;OB=g$2 zm5hF|{W!uOQsn$C{E_92g6bG+t2XVs42en6yD0?0P(=5``7<-19&{Mx*}y1JBnx1a zXK5fVWKB8*X}QD=azj4r{T^?=kuHf+tO;#l2;1sV&nI04;HFfSm|`a5A7n@&O>aK! zh+%NDyDeyKw=>^nIbL2sgeRgI&a+l&K5Z)GOI)TFd%tH`I8$hg-`KHUt#|V}2lsmR z%^v?FXO%8?lM9^M0(}RE5%VuW$8CrgDGIpz!Y&U=9y?0T(Q>6cl_acxjC1HvEel1B zr+uC6%a9UpvAOqBON(1g4g>L;I7k3U0L1XA_@cbiRLN+q^$b(83D z^OH2D0@(2#M$iBhhKhMamf$wr_)B4`oXl$-=r78H#=rKTByFi{c=Q|i6`;4^T9Z8h z!xR5(vwFFwV${s3=E>HkUAGg%n(fa$QeB_|VsJu`>0x{zinj=hKd5Rr=e?aiebMiK z@uNMVn`3Ya2)V>YXgB4b^*1gkSDrPIv-mJa&522vH*pwhRN74CSh-Lng4f)|qGki} z*MAKb-Wsh_-GRE-%_;lO({z$u6p*L;4PK;-et38wR-(GZRa zD;nZiE$z@_*d8)_jlaxlTK%n%zFcm;1=g2xXUl_e;4-V8+3hV;Ev0stKkMkZJY*?5 z>Mo+g%}g))$u}HmYumPb%fR{F3i)vP!L7^h)8ea-d^RgWB%fNCmwi83#JkR@m+9%! zArq8I4c8;X+-x8)+m0(@!%`v3GXLH%Z_I{T#+p#AZFOTjDI}EbX z-Q5CtLNO@oStbw1`MTYmvJXVfM6PYkWPxObrS8M8K3y*ybQi4pu1ptVQ?*#as+v7_ zDKbx?FAwZ<{d-?z3YSze{*=t&)DMB}SSg>WY3yMZ8Mm6+MzL1F8Ye_}#VDad9B@7P1w57Qf z4yQ(VPZZfIZ&lV+d;a>l6hW%cqw-?okK*bA`hPA=ftydM5VmR5%}s zCmLizRt)~|2e+fFtY5}G_@b0m4`mX1Jpv5iTf!O3P=+3KYM6WbR}Xz0Le7=PAC0DS zG&66;u{PWfgRv=Q5^$^f^)+Qs^=gTTK4W5bC5Kn|Cz^1F!}t^ zY#8PIb zKK;XsC5vgadZbv+hn}~3${5;qbR>GGpvAqo!d#T6%_;PWfs9m10$L3hZmtZlET80w{V_ zvKzTc+9@A!QFbtKSrL$JPMJm$yvsm+>yIg{&<{#+TV#Zoxk4AR8sGSe&eeWl(1M+o zvwj9tZgjDFn796GiIgef!anoZ9`pDI@Wtg!H%aL6_CSVl`vdU&g* z;`XRtd~~8_2DBHW|Puid9BUr<}Ar zf?0{ot-?A3J;RHFL-6@7-S5Dx|gBqyM>U?PcABfK68fdsn_IwtBJEHM%DDDHE02H1zMk8!HR{B&WK2Jwvq=t94w41NY#jf$% zp@{1Z=XyBQo#(xvxnmcjG831`U{M0_KZ=c<@To7gn>F1L1Sqyi5H+6jgcp+QzPpTt zavOeiuKAs#lo(q<)bFVt^XGEQDiuLz%M+Dy@0*m^X7LBbEW3Bl+DF=qFpen~-bH*7 zHLaWLiwo{9nD&|MMOW~RSaEf^m=q&fVPi|xtKewDs5Y{~Bjar8yB2N1pU4Z(il^o#*}Gl>hQ1f% zrR;tT3|JIAJZit~2>3=ZqTctR;4Q2m{vuElK$Q_6zIX3fjrb;P%8xAXlipK5-FVkB zC3&n2uK@^c4`#l7G%GaEG_Odn4$@tF;49C~l)oATXLbf+*W1%yi9(d)`$AQo~J zcmreE-rjEY0XzWW7ZgRKQ#zm$<4}>@nswayhV@5UliC8~#Wt=m2x7`Nj7brukf$SA zm#^R5Gs51rOmZBB#+YP`f?vub9nJV$)3643oPl1Nr zdMw65J0kdXP+pMIy^;?^EY~lCXr>O87!+})g0O?eS)pj{oBqA+HaZC2g9L$~M4Uwi zK$SQcx;MSb3!>BT^###5m8W9-!Y`Vo2Cj8cGsV7xG3NJFcb&ntkCQWRu z_lwhN2XMG!#+|5?fM4%tW>pE_L{O`$=dAs#d$BM_A2i?v9CT_6krdM76cd-;g2uft zoSf6xGS|b-5#a)bsi(*_dfb2~#10b)BB*u7LA6S+-{}UG^boq1MeIOZc3F*^sh^Uk zeI>HMB-b=67b3_`+Nlf|^e+AWT^3C}-6NfCYP!_DPJP)F|6DLVY+O(kn6?n|#`^(Y zlmTuF0#67+k_%a#5E%UZ1U0941|+WTKWB2iNyAu3-e!>|a*q0Nir{p6%3Bv&SC~V5 zu{7+niJ661tegg4YpSe)YmrC*cBU5yWL?E3orU)RAvuBYf)FEF-IGP#etuPylVrx# z&K+xo%LbiUdU)I8<9%;suZqf}P;ZTqgUlb3B%AqJ-P!EWH?pA&>aMT=h9yHiS0e*S z+0O~!>l9^ml->}UWSTBscon@HuWHKA;}FO=)oYok^pG?+EIL@KEKkuKO8%In;@!&w zqqPH~H*K1&_^^X9>kZp>(X-%TO)U$L)58fT{I+Xa34r%&xE1P{}QeRHuEC%k)*_Jch-M8mk^9p0rQSP#DA@MFnZ{Do!_) zBbe7r6ZwXQgi9a>J0vE4cxN^5BQk`T1y5f#%wB~}k1e zc<3|Uh6KaB)K2GCUM4KbdLD6+=oUAS!Y{Z;%&HYNuyRsxO2lnG32c&MGRC!EzDNFl zKw{GHJ@$L7FUe?yp7h1h0?wgHz5Q!qQoG*3##u7`5a6vpm_(n|13svrk)kJ{Teua& z3MuhDJcaMA-8NWs$dN%DCrU*^McOAtUP-drn?Fb%-qZd-{DG)H-f#~cQkEPs;XDNK ztJphMb;+tPn#P~@On-m>7&^zm#bfE9V44oH|AWRuv$oMGa6kF&uym5}u(Ca%9v|N_ zFniW^lh*d-FGyx_Dd=bK+EiH09}v|}w3%*sXp>v*$z)2o)z27`&#e-6GoQ%S`fTj- z${(-22DCKn>xyG3u#7)Qw+kHeRJJXPU#IN^4CZPwo?>(;OoK#rTHdiYv-hANi&g=I z#7hIbOQn2OSdAcA804rlCf{wTjv;Nte+bN!CNy|LNvsJ+i9lLIbjI(rfPvy@E|l?h zZeYHO9*ISgfLzG4&&xKl=G+XU_i(%d@98Ga-i6)?E|;y{_88mLu}-fzgg-#uTw zWs=}kb%Q7Q1=|Or8!CkiJXQAJo7-*hmTaDZD$S7!TKzlP^UXMP&K62Eir$b9TppeL zFVJk%7GD?)MOq79sf6~#)(#3hv=c&(LtNa7Or8}EKR7m|ff~kdqNYK9otj6Uw6>Vb zr@yaNu-C^~t8=fLz@$TIhSmvbY3e&vEInR%ywR0ZHSn@k2X?w%Mp(G)cX>Kv7Zwwe z^ku;@6Lk1QL%ZX9(BaYK78s#Tipfu(UYzaqPv@gS$u1Mg;{_7w9_&aW*B_-&IMY+& zB_*%;`(lD_^~biX^tLfw8+xonyl3|sx2XQmO_eY$QQTgUK*_y-BS&t_h-+6+<9l)g z;S70xu#&QRv ztf!t7nboalHI!9aN+l@~l!k^20B8=Op4izRHBYbhTBhyt7-11>iS;kml`n@|i~-;f zSUZ^H@liv5r8AeeRa$|%aWKsKBN8#Fq5tc;prg;Uw}I4eLaGp8zM`XY3+K zLs{k9x;ba;v-NYjCTaQP#3S@WS69V3pg&9b7CaZ7^3P*sPx5RKYVdi@@1Y5bOnitX z58>OHe?>MskmjEEEw)=!UK}^=r=!TQ>SjEXkSY`q%*cTy>%Jbq|I@@g?$)FSK+gUTegz^4# zHN42K1WLHx8;d--^9hli&6kuXgd<9*7O6F4Sx*4wHDnffZj|qCBTW+O>6dcFJF+0> z=RDK+fG7O0SJmm`s*W*M>Ci1+^Tey*=Ds|JQ--A1Qg-iw%*o2f^lU!ZXQ(b60u&DX z?9=cm$q!6&A0D|eEG~4ZevMQxQ^8xcX3R)#2;M&CSEGPp{ zw*blX^X>E1&n2|s7>Hq2!>4 zK=n+ER0>^Zd79p2!*~Nm_BbNIs3WxNL2e9xeH!RSEkCRtiXHM2>Nt)1EQKruqjk3X zMvK4`@l2S`H>Jsq00L;TNfQSiuWH%gEz`)UR8`v56y2)EUpHiU3+H=A@eh zIf18|@6D$Gz8krX91_^p?1vKv9Twhsz{pPOF8^^2fR(-*{qWYSSb~(vjEJT8&+i`_ z@Vd#H`_U%6NK1FgF5xG#cuq_gp+eO4ldiR?A7fy*Gh4ityn~Lz1jgroqXOT~E?CWy z%-&REyK_HXtk*SSjg0W{F&py5E@gd;Q46Isqa4ezvGIJ zKtP&t+~ePd&*z7jKfI$dwi9mu5E4bm)1@HVOvL{Q3iFMBYZ9C-5pq7#68tl}FV}OI zmBfd)IT&U7$upy+aQ}vh^ZPMa_3ZG`#Z8&#kIG+<*ZwIhmW_W?9Y#n-8yR5G5-Rp- zfSPIz2xy}(!(SkG!Aea?Y6K-RPDE1c0zqx!GPW|| zOqaY{epW!C&xMk2%MW_WA9mfaK3ImX2DWg!z-6*h>=hy3B+0EQso?H1`|m8=@-F4y zl}mU9-Cu^U*}cOjvD;OF+7vetPI`|%OzwaGY;o~9x*GkUhWMuRn8vF}lK?NgNcUH5 zNtu8vPR(Nyebh;^c6$p%Po*pg{<5n9-LS#!xt8exx>Q2S+hhh@P%@3XogScYSB0&Zg~7G@NAsp!h<|2IS5F7LkUezhvK+7+%vKqJbtJZ}H-K`Kse%bN z99^1~yW86NyjX^JX6r*@)lBWMZr2*sI@`_W3<)c+i_~yuxn*J;G9sZtx1P@6*Ye}+ zC0VC7@uP8A7kj{(u~ibub_S-OtYIB!=ff5mY<@C=5$k83;Ejc^YCg6p<i@eFnn;5Y1FAWd#v+J?Gj-hc|Q~Sa!e3rB}e-L?zAG zHiBV{;+DhLgr_DY)#6bdWNWy}tx#T(JaQ%F$tw~80(mNFJ1dci*({$w zXBLoAtPn+Va~%x?NgL1XP8%=cBRnRF0B0pcEvS%%YA>5EyoYrVIS(16EHG!Y}I*U@cVS#Z)>G`if ze7@q6u)zLl;K5>!hl~7dLK@OtYi<>+m@dYpmbQ?|lWnf_Nh}a}fzs>o*zV8@%92Qu z=D-drFIj`i%R1j<&r_mCpP#tyCCR)yt{^W>$GqW`^uWa6deC3EK?EW2KU&FxhLQVVcv{Ctt#D8JAHc9YESV~z1vKo$|4{M^jJ9^+5R=8;jl_IFTtw)53 zQ=aNUt8S=QLv=8Ffa*@5@l9Pei$Zw;vfVhDzRB|`9x+bQT_y>T{S7ig9s#c8b!Bf` zE7X|0b9z}+xjMjLHgfhIz~rq(T~l(?leub>W4<8J{#zf9SPv6Co~yTq3|-?nCpX?!D} z52fU^l9%&sksC-8TXx)MT2JtzL$nH!*7MM4bN};-CK+?dkoK+**%QDXv#A8w(IX|P z%asS}ar-H#v-{5B5ry;Nc0HxSXa}BxBc+~+1MRP%X%b<0F$3jrXN`8&Dm)e0Z1h3H@ zu^#G-v0>eb9r+T9!GbsX>`OtV>X*mwU*0NsjirxTmcSP>2o)VQ{qcBx?0bY%*fgK^ zlUCti2E6E)h|jS1Z=9$p?2XJ^Du&lD6$|UqRW?j9YW#K@Za7`Z7j{`2*>GgjL{b>5 zp7%sAQf7K`Afua27Zb~fV98K6CHM!82W)yV=;@=2hY)j_NJ%z({#h`ovxCv!8A=am zEq>!4&-}M*RntB>M!<0}Ti@a``VJWXn)Mr~Go5eFvg?00;&zxN7lg!T!-0vWBqEA8 z#ROI|67VaXw~JHccy@oF!I~(0eI=03Te>^UbDAnx$WW*sNgV#j|5BLtrU>Mp{lr?j z3(U<1&V!{eW{#>a?#xzA@pB_xEnTv1`hBSPdsg19NpSP{_{^e>o}5$DaJqQ{F0;b_ zHk7zyE&}p|r75@#$-j<$DBf0T&WLkh$@RYER-y8$fAP`Y-7h6!RoHxMQ!@ z$(7z|hy@U(6;JhsIe>9j#5>wFCgc4YetmBmUz-r=eTG>pfFH_{U#h_k2#^7{5=DjL z$9NvN4gC;(?`tCjok^3hj^VpAiE06uTUq{Yj;m8P?0QZRMI;+30KX*hB-aB!U^mBP zlCXPFk*Zr_k(TY8`x-i(gpZ&2)eFpQ^u3Jm_jP9w=k_zQ^u~9(w!cljzu*1wpS&yT`SPLA!9GmG2z_CoNY{oZjg zkM>iI;B+MKX%X#Uydq|F?Ynb%R=%1jZ_m@7CRpIf%w6Aouk_v!9_FX}z&HPOcq=jO zx#Sk66}3m8SA;88h1iQsDmNV5Gr9bQ7%9GMIM)`~AdF;5M5uxXWQZKL0Q;8Efc$I$ zIU%l<*SJn1I8|peWepl;pH4VPMmSOC9Fq3mWTURKwCGw@&gEoI#iQ*oGD z?5F#UH@m(K8eP8vZ#al2X9%1GMqfaiQ{7&1V5gssC*7u1<_?$+Tr>St9IIO9cg#)E zAO7jyUF(02o+Tvhqu9@V7L(-de_bf~^772B+?^WDFSwMFJ^4!m2{=O%gd;PPcCK+@ z!s;#bQ{s`%Dy7rJd<_;hiEmOh+YMjb2H60U(K|D~d(qzK3pnjGB%Fe;HzQ#QiwCv0 zaUMRbb_u2TyqC5JnasVPo+Q}qgWfwMbj;0m9<6S4m<+>y+;uBA+l5a0sk`#5%lx&e z=W7KH$AF)D8zrW7!v;qO-PUcuCE^g5MG?vT87OxNvlPJN;JM48@s@h(5!kNI#+nXW zJi-k&Q|z?mWt~O5bRlZPQG=5fSf|!)388*O=+*QJKMRy#hB7=D66@<=vNyDvIXm8K z@%iNP(Y)hZXnKv+I^ zWhRG7+=IlwuH)K;2}e>K>iU8#*t_pHsp8qJL&d`2snFo+2|4H1X#(N6<5^`~%swjb zl|xk)l2DAGH$BqC95_6rI3FP?7G^*;DoXC&54Ci$Fpsmk*-#-7bV)}0qe$7bBw>v* z)b082ozXx(wrTAt?$4QV|7;6-TK)#S`z;2O#4C*+r6$v4BiNC_OL$ci8G5iWX~O+3 zk=uY))^bx3?8jk!hQhTh!RPAlU(QTeIFnA;;#{3u-kXkbCva6i^R@KbY(X!=2Bd{F zfx+Fb!@ZE|xcBvbvOD)KXm<_L3f2*fGoLfflh=W zMTMMt0a`J77pqT|bIj+^UmSJ6`|tGxe)vZAIxn6_Gm!&CSV0gRBKnl?`4X-Vg^2PI zgb!;TmwdQae9J>ARA4R`^SOB|G^y7!g^A2y2oE1g&#@Ye%|Z0V#E|anBs82T0c``k z^NKPxeSaur2z>9^5=M4p+`s9AtPID1xbKMC4`hi@_rUE)bXY8DZxn#h8)C-X44EQ7 z&p!RAsfgyc|8cyQ2IldbuwFR$T~wKAJ*1*Nje3F}N936xCw0-O#9HXUwQ_ApmtufL z58EgssXO2>9I*ay&qtH8vZTDl7u&C8qU1$WnskV7@tk%dsV{O)XWo|R(4m96e;#D4 z13Zf`I~%J{pP8;?wQ^W8&;NAV>(Tq~(%?G$1J>w~!UqltyzMcXt?G=O^@p)_Z2&S= zmA7aOBL(q>B#li!(1;p$*{*Y01-)yD49HbLBiF0LF$unx=8{SaIv1okRRiQ&U%h&D zyPysP0pJf63K&jr!A_vIB4Ha-UlP&(lJyg+hzFbEwrMhStCQQHyi!Vo@w2}T6u)T^ zU;D14n#_=G%|4|2)cL(JJk0F-ELzx*BL?A>eZX@W$hqjXnLO@FPv!nmAi=6PIfrpuF2^Bc!8@1N5aj!p79PY07qP7iI8Fl~K_0c3}q#|twd zD85hecL6~QqR~e8A%1F^NSp$-(5H%rI|hU9_DWYh zm(>MjT0zS<%SXbdU!EQiPA9jvdrF6LYHKC}vE@JK$s!w&{CEzIRHM6&DG;tZg@Y5i z_=*=RO)L@~LfW{P#=oMaH1*^!P6@0`QL;{s6_UHT34t1-yALw{9w)^tdSF5lf=c_Y zt}X}_*j7X0+>sR5xbP_e(@2*Hk=OYBEQiuA%d;@vk>#ohB$*g|iXV9%|GDIqy}L;9 z&!HkgWaD+78xJb#y#sgbCFRPU#GNWu>OHU%%f<>KQT(%UG5p&?dfCTQ` ze8!j9T_G`)a3yg4tL3ViAfu+*Z)k@$Tb@{pQJ={bm3$dm(?KK#5f|qZcBfy=FA$8s z0Zu35%#yek&RQ^z6*O-S(pc*Ju z?+~2|F!o({EoK`LG@R)&FMQf7A2`plr(r(gdE89qDnQ~xQNdT{8>HuJGL-76Z?~1{E3pmCv?XDD+p`(ciOl(Nie`*@f;rL@@MM>Dc%6 ztzh^UY9J}Vh{T_=w;?xNOyawrnjj3uq6zXo9nhv9i+ zQC`Uo(VeTM11>r=w5V$hZsC}S!M{L2qVY~zvOJuCKq$+!fPejc^q?|n9tjpoF6v}M zTM0X+@HM`k#d216G^h5h<|l!;JMx9u9dp5XPrkW{I|haO$9v1mU1T+Pe%BkX zoYOEr0y5+G-aL;M02Q@Sm-X7(1C!o{+4$ZwnDUkRxLN^#_k@ZRMcd|4UUeWNB&DvG z3HzEaUrEpGd*H9(4$$pd{EMY2qw5R;k2}_C5Ac{Ot(8>FEe9T6MK5U)7#~vqi(_{| z8%erRZL~+_Vg?z<(@e5=e0JXr7X|LE;6T||ektY9QP%^7V_uQ^8dY7 zMSwntB3cU@4fEjMWEKIZA7f=p8JAD&c7J`t7JYR@(t3Q0?LJ7OQat}zyhnK(HHYPJ zcC=%ubfY}FaV4ZDN-2O^#9m8onLx^ZeXPV5RJ&W&db-j{xMyuJN(#4k3OruXS`!jb z9*N=!iv?86R=d=qY#}nzCB`E?ysT%1U*-s!#d{r2e}ha0W8_N}se_{fcqtMmM`6rn9yYc_=1DiUa9Gc;JZ~y zZtFuD*yFrv(4m8+dsecbEU4VY!@#yT&BkvxJ~P{fzufiZ$sa)wRNd!}bb|Sv9iczZ zQBSoxIoL=~dI|j75?C~fsvvh3q9Lj5NnDRFuSR9DT^X{t1f=}`@K66S z1ISnbBx}{mzX}}w@78lMfR+5o`b*sZ|GG?q0Ope^d=C6qyZ+Ghl9WlU{ijsz6p}a-l{{z4nIm-Y5 literal 0 HcmV?d00001