From 2c0289260245b880b4a2e97ae8842d5ec9c7f3a1 Mon Sep 17 00:00:00 2001 From: Chunyong Lin Date: Wed, 1 Jul 2020 15:49:30 -0700 Subject: [PATCH 1/6] [core] Move artifact extractor logic to classifier --- conf/global.json | 5 + conf/lambda.json | 23 -- conf/schemas/cloudwatch.json | 2 +- streamalert/artifact_extractor/__init__.py | 0 .../artifact_extractor/artifact_extractor.py | 284 ------------------ streamalert/artifact_extractor/main.py | 66 ---- streamalert/classifier/classifier.py | 9 +- streamalert/shared/__init__.py | 3 +- streamalert/shared/artifact_extractor.py | 179 +++++++++++ streamalert/shared/config.py | 61 +--- streamalert/shared/firehose.py | 11 +- streamalert/shared/metrics.py | 5 +- .../main.tf | 20 -- .../variables.tf | 6 - .../modules/tf_kinesis_firehose_setup/iam.tf | 27 -- .../tf_kinesis_firehose_setup/variables.tf | 12 - streamalert_cli/athena/helpers.py | 4 +- streamalert_cli/manage_lambda/deploy.py | 7 - .../terraform/artifact_extractor.py | 19 +- streamalert_cli/terraform/firehose.py | 27 +- streamalert_cli/terraform/generate.py | 22 +- streamalert_cli/utils.py | 1 - .../artifact_extractor/__init__.py | 0 .../streamalert/artifact_extractor/helpers.py | 116 ------- .../artifact_extractor/test_main.py | 123 -------- .../streamalert/classifier/test_classifier.py | 28 ++ .../test_artifact_extractor.py | 38 +-- tests/unit/streamalert/shared/test_config.py | 13 +- tests/unit/streamalert/shared/test_utils.py | 59 ++++ .../terraform/test_artifact_extractor.py | 23 +- 30 files changed, 337 insertions(+), 856 deletions(-) delete mode 100644 streamalert/artifact_extractor/__init__.py delete mode 100644 streamalert/artifact_extractor/artifact_extractor.py delete mode 100644 streamalert/artifact_extractor/main.py create mode 100644 streamalert/shared/artifact_extractor.py delete mode 100644 tests/unit/streamalert/artifact_extractor/__init__.py delete mode 100644 tests/unit/streamalert/artifact_extractor/helpers.py delete mode 100644 tests/unit/streamalert/artifact_extractor/test_main.py rename tests/unit/streamalert/{artifact_extractor => shared}/test_artifact_extractor.py (71%) diff --git a/conf/global.json b/conf/global.json index a4b2edb33..cdca9309e 100644 --- a/conf/global.json +++ b/conf/global.json @@ -27,6 +27,11 @@ "read_capacity": 5, "write_capacity": 5 }, + "artifact_extractor": { + "enabled": false, + "firehose_buffer_size": 128, + "firehose_buffer_interval": 900 + }, "firehose": { "use_prefix": true, "buffer_interval": 900, diff --git a/conf/lambda.json b/conf/lambda.json index b6bf7dc9a..844802aea 100644 --- a/conf/lambda.json +++ b/conf/lambda.json @@ -50,29 +50,6 @@ "subnet_ids": [] } }, - "artifact_extractor_config": { - "concurrency_limit": 10, - "enabled": false, - "firehose_buffer_size": 128, - "firehose_buffer_interval": 900, - "log_level": "info", - "memory": 128, - "metric_alarms": { - "errors": { - "enabled": true, - "evaluation_periods": 1, - "period_secs": 300, - "threshold": 0 - }, - "throttles": { - "enabled": true, - "evaluation_periods": 1, - "period_secs": 300, - "threshold": 0 - } - }, - "timeout": 300 - }, "athena_partitioner_config": { "concurrency_limit": 10, "memory": 128, diff --git a/conf/schemas/cloudwatch.json b/conf/schemas/cloudwatch.json index c08ae8c7f..24eba791b 100644 --- a/conf/schemas/cloudwatch.json +++ b/conf/schemas/cloudwatch.json @@ -192,4 +192,4 @@ "quotechar": "'" } } -} \ No newline at end of file +} diff --git a/streamalert/artifact_extractor/__init__.py b/streamalert/artifact_extractor/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/streamalert/artifact_extractor/artifact_extractor.py b/streamalert/artifact_extractor/artifact_extractor.py deleted file mode 100644 index 01415ed0d..000000000 --- a/streamalert/artifact_extractor/artifact_extractor.py +++ /dev/null @@ -1,284 +0,0 @@ -""" -Copyright 2017-present Airbnb, Inc. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -""" -import base64 -import json -import re -from os import environ as env -import uuid - -from streamalert.shared.firehose import FirehoseClient -from streamalert.shared import ARTIFACT_EXTRACTOR_NAME, config -from streamalert.shared.metrics import MetricLogger -from streamalert.shared.normalize import Normalizer -from streamalert.shared.logger import get_logger - - -LOGGER = get_logger(__name__) - -RECORD_ID_KEY = 'streamalert_record_id' - -class Artifact: - """Encapsulation of a single Artifact that is extracted from an input record.""" - - def __init__(self, function, record_id, source_type, normalized_type, value): - """Create a new Artifact based on normalized information - - Args: - function (str): Describes how this field is used in the record, or what it means. - record_id (str): Currently it is reserved for future support. It will come from the - record processed by classifier. This field is very useful for cross reference back - to the original record in the future. It will be "None" if no "record_id" - information when searching artifacts in Athena. - source_type (str): The original source of the artifact(s) extracted from a record. - e.g. osquery_differential, cloudwatch_cloudtrail - normalized_type (str): Normalized types in a record processed by classifier. - value (str): This is the true value of the type. E.g, a record of type “ip_address” - could have a value of “50.50.50.50” - """ - # Enforce all fields are strings in a Artifact to prevent type corruption in Parquet format - self._function = str(function) - self._record_id = str(record_id) - self._source_type = str(source_type) - self._type = str(normalized_type) - self._value = str(value) - - @property - def record(self): - """Generate an artifact - - Returns: - dict: A dictionary contains artifact information. - """ - return { - 'function': self._function, - RECORD_ID_KEY: self._record_id, - 'source_type': self._source_type, - 'type': self._type, - 'value': self._value, - } - - -class FirehoseRecord: - """Encapsulation of single Firehose record and/or normalized artifacts""" - - def __init__(self, firehose_record, source_type): - """Create a new Firehose record contains original data and may extract multiple artifacts if - original data was normalized in the classifier. - The transformed data (insert a record_id only) which will be returned back to source - firehose for historical search. And the artifacts, if any, will be sent to a dedicated - firehose with simplified schema and land in streamalert data bucket for historical search - as well. - - Args: - firehose_record (dict): the record passed to lambda from source firehose. It has - following format, - - { - 'recordId': '12345678901230000000', - 'data': 'eyJyeXhpYXMiOiJZZXMiLCJtZXNzYWdlIjoiaGVsbG8gd29ybGQhIiwiZXZlbnRfZG==', - 'approximateArrivalTimestamp': 1583275634682 - } - - source_type (str): The original source of the artifact(s) extracted from a record. - e.g. osquery_differential, cloudwatch_cloudtrail - """ - self._firehose_record_id = firehose_record['recordId'] - self._firehose_data = firehose_record['data'] - self._decoded_record = json.loads(base64.b64decode(self._firehose_data)) - self._source_type = source_type - - @property - def artifacts(self): - """Extract all artifacts from a record - - Returns: - list: A list of Artifacts from a normalized record. - """ - artifacts = [] - - if not self._decoded_record.get(Normalizer.NORMALIZATION_KEY): - # Return an empty list if the record doesn't have normalization information. - return artifacts - - if not self._source_type: - # Return immediately if can not identify source_type. a.k.a do not extract artifacts. - return artifacts - - # - # normalized information in the record will be similar to - # { - # 'record': { - # 'region': 'us-east-1', - # 'detail': { - # 'awsRegion': 'us-west-2' - # } - # }, - # 'streamalert_normalization': { - # 'region': [ - # { - # 'values': ['region_name'], - # 'function': 'AWS region' - # }, - # { - # 'values': ['region_name'], - # 'function': 'AWS region' - # } - # ] - # } - # } - # - record_id = self._decoded_record.get(RECORD_ID_KEY) or str(uuid.uuid4()) - for key, values in self._decoded_record[Normalizer.NORMALIZATION_KEY].items(): - for value in values: - for val in value.get('values', []): - artifacts.append(Artifact( - function=value.get('function'), - record_id=record_id, - source_type=self._source_type, - normalized_type=key, - value=val - )) - - # Add a new key "streamalert_record_id" to "streamalert_normalization" field. This new key - # will be helpful tracing back to the original record when searching in "artifacts" table. - self._decoded_record[Normalizer.NORMALIZATION_KEY][RECORD_ID_KEY] = record_id - - return artifacts - - @property - def transformed_record(self): - """Create a transformed record with required fields. The transformed record will be sent - back to source Firehose and land in the S3 bucket for historical search. All transformed - records from Lambda must contain the following parameters, or Kinesis Data Firehose rejects - them and treats that as a data transformation failure. - https://docs.aws.amazon.com/firehose/latest/dev/data-transformation.html - - recordId: The record ID is passed from source Firehose to Lambda during the invocation. The - transformed record must contain the same record ID. Any mismatch between the ID of the - original record and the ID of the transformed record is treated as a data transformation - failure. - - result: The status of the data transformation of the record. The possible values are: Ok, - Dropped, and ProcessingFailed. The purpose of ArtifactExtractor lambda is to extract - artifacts and it should not change the data. So the result will alway be 'Ok'. - - data: The transformed data payload, base64-encoded. The transformed data payload includes a - new key "streamalert_record_id" and it's the only difference from original data payload. - - Returns: - dict: A dictionary with required fields 'result', 'data' and 'recordId'. - """ - return { - 'recordId': self._firehose_record_id, - 'result': 'Ok', - 'data': base64.b64encode(self._json_serializer()).decode('utf-8') - } - - def _json_serializer(self): - """Serialize a transformed record to a JSON formatted string - - Returns: - str: a JSON formatted string with a newline appened. - """ - return (json.dumps(self._decoded_record, separators=(',', ':')) + '\n').encode('utf-8') - -class ArtifactExtractor: - """ArtifactExtractor class will extract normalized artifacts from batch of records from source - Firehose and return the original records back to Firehose where thoese records will be delivered - to S3 bucket for historical search. The artifacts will be sent a Firehose dedicated to artifacts - delivery to the same S3 bucket. - - The main purpose of this class is to build the artifacts inventory without interrupting current - historical search pipeline. So it will return the original records. - - To be noted here, most likely the ArtifactExtractor lambda function needs at least - 3 times of max(buffer size of firehoses where the artifacts extracted from). Because it has many - data copy actions. - """ - - STREAM_ARN_REGEX = re.compile(r".*streamalert_(?P.*)") - - _config = None - _firehose_client = None - - def __init__(self, region, src_firehose_arn): - self._region = region - self._src_firehose_arn = src_firehose_arn - self._dst_firehose_arn = env.get('DESTINATION_FIREHOSE_STREAM_NAME') - self._artifacts = list() - self._source_type = self._get_source_type() - - ArtifactExtractor._config = ArtifactExtractor._config or config.load_config(validate=True) - - ArtifactExtractor._firehose_client = ( - ArtifactExtractor._firehose_client or FirehoseClient.get_client( - prefix=self.config['global']['account']['prefix'], - artifact_extractor_config=self.config['lambda'].get('artifact_extractor_config', {}) - ) - ) - - @property - def config(self): - return ArtifactExtractor._config - - @property - def firehose(self): - return ArtifactExtractor._firehose_client - - def run(self, records): - LOGGER.debug('Extracting artifacts from %d %s logs', len(records), self._source_type) - - transformed_records = [] - for record in records: - # Extract artifacts, if any, and generate a transformed record with required parameters. - firehose_record = FirehoseRecord(record, self._source_type) - - for artifact in firehose_record.artifacts: - self._artifacts.append(artifact.record) - - transformed_records.append(firehose_record.transformed_record) - - LOGGER.debug('Extracted %d artifact(s)', len(self._artifacts)) - - MetricLogger.log_metric( - ARTIFACT_EXTRACTOR_NAME, - MetricLogger.EXTRACTED_ARTIFACTS, - len(self._artifacts) - ) - - self.firehose.send_artifacts(self._artifacts, self._dst_firehose_arn) - - return { - 'records': transformed_records - } - - def _get_source_type(self): - """Extract source type from source firehose arn which follows naming convention - *_streamalert_. The is the source type. - - Please note the log_name may be hashed out if the firehose stream name is too long, but it - is rare. - - Returns: - str: The original source of the artifact(s) extracted from a record, - e.g. osquery_differential, cloudwatch_cloudtrail - """ - match = self.STREAM_ARN_REGEX.search(self._src_firehose_arn) - if not match: - LOGGER.warning( - 'No valid source type found from firehose arn %s', self._src_firehose_arn - ) - # return early without result if source type is invalid - return - - return match.groups('source_type')[0] diff --git a/streamalert/artifact_extractor/main.py b/streamalert/artifact_extractor/main.py deleted file mode 100644 index 4f5fce05e..000000000 --- a/streamalert/artifact_extractor/main.py +++ /dev/null @@ -1,66 +0,0 @@ -""" -Copyright 2017-present Airbnb, Inc. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -""" -from streamalert.artifact_extractor.artifact_extractor import ArtifactExtractor -from streamalert.shared.logger import get_logger - - -LOGGER = get_logger(__name__) - - -def handler(event, _): - """Main Lambda handler function for Artifact Extractor - - Args: - event (dict): This lambda function receives event like the following: - { - 'records': [ - { - 'recordId': '12345678901230000000', - 'data': 'eyJyeXhpYXMiOiJZZXMiLCJtZXNzYWdlIjoiaGVsbG8gd29ybGQhIiwiZXZlbnRfZG==', - 'approximateArrivalTimestamp': 1583275634682 - } - ], - 'region': 'us-east-1', - 'deliveryStreamArn': 'arn:aws:firehose:us-east-1:123456788901:deliverystream/aaaaa', - 'invocationId': '12345678-1234-5678-9000-124560291657' - } - - Returns: - dict: Return transformed records (although we don't transform the data) back is necessary - and firehose will deliver those records to S3 for historical search. - - The lambda handler is intended to return an event like this: - { - 'records': [ - { - 'result': 'Ok', - 'recordId': '12345678901230000000', - 'data': '{"blah":"blah"}' - } - ] - } - """ - try: - return ArtifactExtractor( - event['region'], - event['deliveryStreamArn'] - ).run(event.get('records', [])) - except Exception: - # FIXME: (Optional) Add retry for Timeout exceptions. If the Lambda function invocation - # fails because of a network timeout or the lambda invocation limit, Kinesis Data Firehose - # retries the invocation three times by default. If the invocation does not succeed, Kinesis - # Data Firehose then skips that batch of records. The skipped records are treated as - # unsuccessfully processed records. - # https://docs.aws.amazon.com/firehose/latest/dev/data-transformation.html - LOGGER.exception('Invocation event: %s', event) - raise diff --git a/streamalert/classifier/classifier.py b/streamalert/classifier/classifier.py index f5ac9860d..67c2c7a59 100644 --- a/streamalert/classifier/classifier.py +++ b/streamalert/classifier/classifier.py @@ -22,6 +22,7 @@ from streamalert.classifier.parsers import get_parser from streamalert.classifier.payload.payload_base import StreamPayload from streamalert.shared import config, CLASSIFIER_FUNCTION_NAME as FUNCTION_NAME +from streamalert.shared.artifact_extractor import ArtifactExtractor from streamalert.shared.exceptions import ConfigError from streamalert.shared.logger import get_logger from streamalert.shared.metrics import MetricLogger @@ -263,6 +264,12 @@ def run(self, records): # Send the data to firehose for historical retention if self.data_retention_enabled: - self.firehose.send(self._payloads) + categorized_records = self.firehose.send(self._payloads) + + # Extract artifacts if it is enabled + if config.artifact_extractor_enabled(self._config): + ArtifactExtractor( + self.firehose.artifacts_firehose_stream_name(self._config) + ).run(categorized_records) return self._payloads diff --git a/streamalert/shared/__init__.py b/streamalert/shared/__init__.py index 14114911b..28ad34434 100644 --- a/streamalert/shared/__init__.py +++ b/streamalert/shared/__init__.py @@ -1,7 +1,6 @@ """Define some shared resources.""" ALERT_MERGER_NAME = 'alert_merger' ALERT_PROCESSOR_NAME = 'alert_processor' -ARTIFACT_EXTRACTOR_NAME = 'artifact_extractor' ATHENA_PARTITIONER_NAME = 'athena_partitioner' CLASSIFIER_FUNCTION_NAME = 'classifier' RULES_ENGINE_FUNCTION_NAME = 'rules_engine' @@ -9,3 +8,5 @@ THREAT_INTEL_DOWNLOADER_NAME = 'threat_intel_downloader' CLUSTERED_FUNCTIONS = {CLASSIFIER_FUNCTION_NAME} + +ARTIFACTS_METRIC_NAME = 'artifacts' diff --git a/streamalert/shared/artifact_extractor.py b/streamalert/shared/artifact_extractor.py new file mode 100644 index 000000000..e55b955b3 --- /dev/null +++ b/streamalert/shared/artifact_extractor.py @@ -0,0 +1,179 @@ +""" +Copyright 2017-present Airbnb, Inc. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +""" +import re +import uuid + +from streamalert.shared.firehose import FirehoseClient +from streamalert.shared import ARTIFACTS_METRIC_NAME, config +from streamalert.shared.metrics import MetricLogger +from streamalert.shared.normalize import Normalizer +from streamalert.shared.logger import get_logger + + +LOGGER = get_logger(__name__) + +RECORD_ID_KEY = 'streamalert_record_id' + +class Artifact: + """Encapsulation of a single Artifact that is extracted from an input record.""" + + def __init__(self, function, record_id, source_type, normalized_type, value): + """Create a new Artifact based on normalized information + + Args: + function (str): Describes how this field is used in the record, or what it means. + record_id (str): Currently it is reserved for future support. It will come from the + record processed by classifier. This field is very useful for cross reference back + to the original record in the future. It will be "None" if no "record_id" + information when searching artifacts in Athena. + source_type (str): The original source of the artifact(s) extracted from a record. + e.g. osquery_differential, cloudwatch_cloudtrail + normalized_type (str): Normalized types in a record processed by classifier. + value (str): This is the true value of the type. E.g, a record of type “ip_address” + could have a value of “50.50.50.50” + """ + # Enforce all fields are strings in a Artifact to prevent type corruption in Parquet format + self._function = str(function) + self._record_id = str(record_id) + self._source_type = str(source_type) + self._type = str(normalized_type) + self._value = str(value) + + @property + def artifact(self): + """Generate an artifact + + Returns: + dict: A dictionary contains artifact information. + """ + return { + 'function': self._function, + RECORD_ID_KEY: self._record_id, + 'source_type': self._source_type, + 'type': self._type, + 'value': self._value, + } + + +class ArtifactExtractor: + """ArtifactExtractor class will extract artifacts from "streamalert_normalization" field in the + records. The extracted artfiacts will be saved in the S3 bucket via a dedicated Firehose + delivery stream and searchable from "artifacts" table in Athena. + """ + + STREAM_ARN_REGEX = re.compile(r".*streamalert_(?P.*)") + + _config = None + _firehose_client = None + + def __init__(self, artifacts_fh_stream_name): + self._dst_firehose_stream_name = artifacts_fh_stream_name + self._artifacts = list() + + ArtifactExtractor._config = ArtifactExtractor._config or config.load_config(validate=True) + + ArtifactExtractor._firehose_client = ( + ArtifactExtractor._firehose_client or FirehoseClient.get_client( + prefix=self.config['global']['account']['prefix'], + artifact_extractor_config=self.config['lambda'].get('artifact_extractor_config', {}) + ) + ) + + @property + def config(self): + return ArtifactExtractor._config + + @property + def firehose(self): + return ArtifactExtractor._firehose_client + + @staticmethod + def _extract_artifacts(source_type, records): + """Extract all artifacts from a record + + Returns: + list: A list of Artifacts from a normalized record. + + normalized information in the record will be similar to + { + 'record': { + 'region': 'us-east-1', + 'detail': { + 'awsRegion': 'us-west-2' + } + }, + 'streamalert_normalization': { + 'region': [ + { + 'values': ['region_name'], + 'function': 'AWS region' + }, + { + 'values': ['region_name'], + 'function': 'AWS region', + 'send_to_artifacts': False + } + ] + } + } + """ + artifacts = [] + + for record in records: + if not record.get(Normalizer.NORMALIZATION_KEY): + continue + + record_id = record.get(RECORD_ID_KEY) or str(uuid.uuid4()) + for key, values in record[Normalizer.NORMALIZATION_KEY].items(): + for value in values: + for val in value.get('values', []): + artifacts.append(Artifact( + function=value.get('function'), + record_id=record_id, + # source_type=self._source_type, + source_type=source_type, + normalized_type=key, + value=val + )) + record[Normalizer.NORMALIZATION_KEY][RECORD_ID_KEY] = record_id + + return artifacts + + def run(self, categorized_records): + """Run extract artifacts logic and send artifacts to the Firehose for retention + + Args: + categorized_records (dict): A dictionary contains log source type and records with + following format + { + 'log_type_01_sub_type_01': [{'key': 'value'}], + 'log_type_01_sub_type_02': [{'key': 'value'}], + 'log_type_02_sub_type_01': [{'key': 'value'}], + 'log_type_02_sub_type_02': [{'key': 'value'}] + } + """ + + for source_type, records in categorized_records.items(): + LOGGER.debug('Extracting artifacts from %d %s logs', len(records), source_type) + for artifact in self._extract_artifacts(source_type, records): + self._artifacts.append(artifact.artifact) + + LOGGER.debug('Extracted %d artifact(s)', len(self._artifacts)) + + MetricLogger.log_metric( + ARTIFACTS_METRIC_NAME, + MetricLogger.EXTRACTED_ARTIFACTS, + len(self._artifacts) + ) + + self.firehose.send_artifacts(self._artifacts, self._dst_firehose_stream_name) diff --git a/streamalert/shared/config.py b/streamalert/shared/config.py index f190702c3..25838eef9 100644 --- a/streamalert/shared/config.py +++ b/streamalert/shared/config.py @@ -444,67 +444,20 @@ def _validate_sources(cluster_name, data_sources, existing_sources): # FIXME (derek.wang) write a configuration validator for lookuptables (new one) -def _artifact_extractor_enabled_helper(config, log_name): - """Validate if Artifactor Extractor enabled. - There are two cases need validate if Artifact Extractor enabled. - 1. For deploy Artifact Extractor Lambda function. - 2. To enable firehoses to invoke Artifact Extractor Lambda function. - - For case 1, Artifact Extractor Lambda function will be created and deployed if both - "artifact_extractor_config" in conf/lambda.json and "firehose" in conf/global.json both enabled. - - For case 2, in addition to above two conditions, a firehose will be setup to - "processing_configure" invoke Artifact Extractor lambda function if "normalization" is - configured in its schema configuration. - For example, the mapped firehose for following log type will setup: - { - "some_log_type": { - "schema": { - "key1": "string", - "key2": "string" - }, - "parser": "json", - "configuration": { - "normalization": { - "command": [ - "cmdline", - "command" - ] - } - } - } - } - +def artifact_extractor_enabled(config): + """Check if Artifactor Extractor enabled. Args: config (dict): The loaded config from the 'conf/' directory - log_name (string): expect to be original log names, e.g. 'aliyun', 'osquery:differential' Returns: - bool: For case 1, return True if both "artifact_extractor_config" in conf/lambda.json and - "firehose" in conf/global.json both enabled. - For case 2, return True in addition to have "normalization" configured in the log schema - configuration. + bool: return True is "artifact_extract" is enabled in conf/global.json """ - if not config['lambda'].get('artifact_extractor_config', {}).get('enabled', False): + if not config['global']['infrastructure'].get('artifact_extractor', {}).get('enabled', False): return False - # Artifact extractor lambda is based on StreamAlert data Firehoses. Consider Artifact Extractor - # is enabled once when firehose is enabled + # Artifact Extractor is enabled once when firehose is enabled. if not config['global']['infrastructure'].get('firehose', {}).get('enabled', False): return False - # if log_name is empty, it means caller only want to know if artifact extractor lambda - # function enabled or not, so return early. - if not log_name: - return True - - log_config = config.get('logs', {}).get(log_name, {}) - return 'normalization' in log_config.get('configuration', {}) - -def artifact_extractor_enabled_for_log(config, log_name): - """Validate if Artifact Extractor enabled for a log""" - return _artifact_extractor_enabled_helper(config, log_name=log_name) - -def artifact_extractor_enabled(config): - """Validate if Artifact Extractor enabled""" - return _artifact_extractor_enabled_helper(config, log_name=None) + return True + \ No newline at end of file diff --git a/streamalert/shared/firehose.py b/streamalert/shared/firehose.py index 20b66d0bd..fdec0ea19 100644 --- a/streamalert/shared/firehose.py +++ b/streamalert/shared/firehose.py @@ -23,7 +23,7 @@ from botocore.exceptions import ClientError, HTTPClientError from botocore.exceptions import ConnectionError as BotocoreConnectionError -from streamalert.shared import ARTIFACT_EXTRACTOR_NAME, CLASSIFIER_FUNCTION_NAME +from streamalert.shared import ARTIFACTS_METRIC_NAME, CLASSIFIER_FUNCTION_NAME import streamalert.shared.helpers.boto as boto_helpers from streamalert.shared.logger import get_logger from streamalert.shared.metrics import MetricLogger @@ -485,18 +485,21 @@ def send(self, payloads): CLASSIFIER_FUNCTION_NAME ) + # return categorized records for extracting artifacts if the feature is enabled + return records + def send_artifacts(self, artifacts, stream_name): """Send artifacts to artifacts Firehose delievery stream Args: artifacts (list(dict)): A list of artifacts extracted from normalized records. stream_name (str): Stream name of destination Firehose. """ - for artifact_batch in self._record_batches(artifacts, ARTIFACT_EXTRACTOR_NAME): + for artifact_batch in self._record_batches(artifacts, ARTIFACTS_METRIC_NAME): batch_size = len(artifact_batch) - response = self._send_batch(stream_name, artifact_batch, ARTIFACT_EXTRACTOR_NAME) + response = self._send_batch(stream_name, artifact_batch, ARTIFACTS_METRIC_NAME) self._finalize( response, stream_name, batch_size, - ARTIFACT_EXTRACTOR_NAME + ARTIFACTS_METRIC_NAME ) diff --git a/streamalert/shared/metrics.py b/streamalert/shared/metrics.py index d6f9c6b56..917615427 100644 --- a/streamalert/shared/metrics.py +++ b/streamalert/shared/metrics.py @@ -18,7 +18,7 @@ from streamalert.shared import ( ALERT_MERGER_NAME, ALERT_PROCESSOR_NAME, - ARTIFACT_EXTRACTOR_NAME, + ARTIFACTS_METRIC_NAME, ATHENA_PARTITIONER_NAME, CLASSIFIER_FUNCTION_NAME, RULES_ENGINE_FUNCTION_NAME @@ -34,7 +34,6 @@ # below when metrics are supported there FUNC_PREFIXES = { ALERT_MERGER_NAME: 'AlertMerger', - ARTIFACT_EXTRACTOR_NAME: 'ArtifactExtractor', CLASSIFIER_FUNCTION_NAME: 'Classifier', RULES_ENGINE_FUNCTION_NAME: 'RulesEngine' } @@ -94,7 +93,7 @@ class MetricLogger: ALERT_ATTEMPTS: (_default_filter.format(ALERT_ATTEMPTS), _default_value_lookup) }, ALERT_PROCESSOR_NAME: {}, # Placeholder for future alert processor metrics - ARTIFACT_EXTRACTOR_NAME: { + ARTIFACTS_METRIC_NAME: { EXTRACTED_ARTIFACTS: (_default_filter.format(EXTRACTED_ARTIFACTS), _default_value_lookup), FIREHOSE_FAILED_RECORDS: (_default_filter.format(FIREHOSE_FAILED_RECORDS), diff --git a/streamalert_cli/_infrastructure/modules/tf_kinesis_firehose_delivery_stream/main.tf b/streamalert_cli/_infrastructure/modules/tf_kinesis_firehose_delivery_stream/main.tf index 4e4c3ce4b..b1f2b53ca 100644 --- a/streamalert_cli/_infrastructure/modules/tf_kinesis_firehose_delivery_stream/main.tf +++ b/streamalert_cli/_infrastructure/modules/tf_kinesis_firehose_delivery_stream/main.tf @@ -78,26 +78,6 @@ resource "aws_kinesis_firehose_delivery_stream" "streamalert_data" { table_name = var.glue_catalog_table_name } } - - - processing_configuration { - # only enabled when function_alias_arn (Artifact Extractor Lambda function) is not empty - enabled = var.function_alias_arn == "" ? false : true - - # processor block will only present if function_alias_arn is not empty - dynamic "processors" { - for_each = var.function_alias_arn == "" ? [] : [var.function_alias_arn] - - content { - type = "Lambda" - - parameters { - parameter_name = "LambdaArn" - parameter_value = var.function_alias_arn - } - } - } - } } } diff --git a/streamalert_cli/_infrastructure/modules/tf_kinesis_firehose_delivery_stream/variables.tf b/streamalert_cli/_infrastructure/modules/tf_kinesis_firehose_delivery_stream/variables.tf index 0a9df7db8..12e7729b3 100644 --- a/streamalert_cli/_infrastructure/modules/tf_kinesis_firehose_delivery_stream/variables.tf +++ b/streamalert_cli/_infrastructure/modules/tf_kinesis_firehose_delivery_stream/variables.tf @@ -66,9 +66,3 @@ variable "glue_catalog_table_name" { variable "schema" { type = list(tuple([string, string])) } - -variable "function_alias_arn" { - type = string - default = "" - description = "Fully qualified function arn of alias of Artifact extractor lambda" -} diff --git a/streamalert_cli/_infrastructure/modules/tf_kinesis_firehose_setup/iam.tf b/streamalert_cli/_infrastructure/modules/tf_kinesis_firehose_setup/iam.tf index 64b2b7b90..01c220b46 100644 --- a/streamalert_cli/_infrastructure/modules/tf_kinesis_firehose_setup/iam.tf +++ b/streamalert_cli/_infrastructure/modules/tf_kinesis_firehose_setup/iam.tf @@ -105,30 +105,3 @@ data "aws_iam_policy_document" "firehose_glue_catalog" { resources = ["*"] } } - -// IAM Policy: Invoke lambda function -resource "aws_iam_role_policy" "streamalert_firehose_lambda" { - count = var.artifact_extractor_enabled ? 1 : 0 - name = "streamalert_firehose_invoke_lambda" - role = "${aws_iam_role.streamalert_kinesis_firehose.id}" - - policy = "${data.aws_iam_policy_document.firehose_lambda[0].json}" -} - -// IAM Policy Document: Allow firehose to invoke artifact extractor lambda function -data "aws_iam_policy_document" "firehose_lambda" { - count = var.artifact_extractor_enabled ? 1 : 0 - - statement { - effect = "Allow" - - actions = [ - "lambda:InvokeFunction", - "lambda:GetFunctionConfiguration" - ] - - resources = [ - "${var.function_alias_arn}*" - ] - } -} diff --git a/streamalert_cli/_infrastructure/modules/tf_kinesis_firehose_setup/variables.tf b/streamalert_cli/_infrastructure/modules/tf_kinesis_firehose_setup/variables.tf index e77cd07e8..4bf6ff0fb 100644 --- a/streamalert_cli/_infrastructure/modules/tf_kinesis_firehose_setup/variables.tf +++ b/streamalert_cli/_infrastructure/modules/tf_kinesis_firehose_setup/variables.tf @@ -26,15 +26,3 @@ variable "s3_logging_bucket" { variable "kms_key_id" { type = string } - -variable "artifact_extractor_enabled" { - type = bool - default = false - description = "Is Artifact Extractor Lambda function enabled" -} - -variable "function_alias_arn" { - type = string - default = "" - description = "Fully qualified function arn of alias of Artifact extractor lambda" -} diff --git a/streamalert_cli/athena/helpers.py b/streamalert_cli/athena/helpers.py index 9865a2863..cf43c6452 100644 --- a/streamalert_cli/athena/helpers.py +++ b/streamalert_cli/athena/helpers.py @@ -15,7 +15,7 @@ """ import re -from streamalert.artifact_extractor.artifact_extractor import Artifact +from streamalert.shared.artifact_extractor import Artifact from streamalert.shared.firehose import FirehoseClient from streamalert.shared.logger import get_logger from streamalert.shared.alert import Alert @@ -262,7 +262,7 @@ def generate_artifacts_table_schema(): record_id='test_record_id', function=None ) - schema = record_to_schema(artifact.record) + schema = record_to_schema(artifact.artifact) athena_schema = logs_schema_to_athena_schema(schema, False) return format_schema_tf(athena_schema) diff --git a/streamalert_cli/manage_lambda/deploy.py b/streamalert_cli/manage_lambda/deploy.py index c74808145..5472efa8b 100644 --- a/streamalert_cli/manage_lambda/deploy.py +++ b/streamalert_cli/manage_lambda/deploy.py @@ -183,13 +183,6 @@ def _lambda_terraform_targets(config, functions, clusters): }, 'enabled': True # required function }, - 'artifact_extractor': { - 'targets': { - 'module.artifact_extractor', - 'module.artifact_extractor_lambda' - }, - 'enabled': config['lambda'].get('artifact_extractor_config', {}).get('enabled', False) - }, 'athena': { 'targets': { 'module.athena_partitioner_iam', diff --git a/streamalert_cli/terraform/artifact_extractor.py b/streamalert_cli/terraform/artifact_extractor.py index aa48ab350..6091991d1 100644 --- a/streamalert_cli/terraform/artifact_extractor.py +++ b/streamalert_cli/terraform/artifact_extractor.py @@ -11,13 +11,12 @@ See the License for the specific language governing permissions and limitations under the License. """ -from streamalert.shared import ARTIFACT_EXTRACTOR_NAME +# from streamalert.shared import ARTIFACT_EXTRACTOR_NAME from streamalert.shared.config import artifact_extractor_enabled, firehose_data_bucket from streamalert.shared.firehose import FirehoseClient from streamalert.shared.utils import get_database_name from streamalert_cli.athena.helpers import generate_artifacts_table_schema from streamalert_cli.terraform.common import infinitedict -from streamalert_cli.terraform.lambda_module import generate_lambda # FIXME: Should we provide custom artifacs table name? DEFAULT_ARTIFACTS_TABLE_NAME = 'artifacts' @@ -34,7 +33,7 @@ def generate_artifact_extractor(config): if not artifact_extractor_enabled(config): return - ae_config = config['lambda']['artifact_extractor_config'] + ae_config = config['global']['infrastructure']['artifact_extractor'] stream_name = FirehoseClient.artifacts_firehose_stream_name(config) # Set variables for the artifact extractor module @@ -43,8 +42,6 @@ def generate_artifact_extractor(config): 'account_id': config['global']['account']['aws_account_id'], 'prefix': config['global']['account']['prefix'], 'region': config['global']['account']['region'], - 'function_role_id': '${module.artifact_extractor_lambda.role_id}', - 'function_alias_arn': '${module.artifact_extractor_lambda.function_alias_arn}', 'glue_catalog_db_name': get_database_name(config), 'glue_catalog_table_name': ae_config.get('table_name', DEFAULT_ARTIFACTS_TABLE_NAME), 's3_bucket_name': firehose_data_bucket(config), @@ -55,16 +52,4 @@ def generate_artifact_extractor(config): 'schema': generate_artifacts_table_schema() } - # Set variables for the Lambda module - result['module']['artifact_extractor_lambda'] = generate_lambda( - '{}_streamalert_{}'.format(config['global']['account']['prefix'], ARTIFACT_EXTRACTOR_NAME), - 'streamalert.artifact_extractor.main.handler', - ae_config, - config, - # Only pass Firehose stream name. Firehose client will translate it to full ARN - environment={ - 'DESTINATION_FIREHOSE_STREAM_NAME': stream_name - } - ) - return result diff --git a/streamalert_cli/terraform/firehose.py b/streamalert_cli/terraform/firehose.py index d210e52a2..f81310322 100644 --- a/streamalert_cli/terraform/firehose.py +++ b/streamalert_cli/terraform/firehose.py @@ -14,11 +14,7 @@ limitations under the License. """ from streamalert.shared.firehose import FirehoseClient -from streamalert.shared.config import ( - artifact_extractor_enabled, - artifact_extractor_enabled_for_log, - firehose_data_bucket -) +from streamalert.shared.config import firehose_data_bucket from streamalert.shared.utils import get_database_name, get_data_file_format from streamalert_cli.athena.helpers import generate_data_table_schema from streamalert_cli.terraform.common import monitoring_topic_arn @@ -53,16 +49,6 @@ def generate_firehose(logging_bucket, main_dict, config): 'kms_key_id': '${aws_kms_key.server_side_encryption.key_id}' } - # Only add allow firehose to invoke Artifact Extractor Lambda if Lambda if enabled in - # conf/lambda.json - if artifact_extractor_enabled(config): - main_dict['module']['kinesis_firehose_setup']['artifact_extractor_enabled'] = True - - # FIXME: change variable name to function arn - main_dict['module']['kinesis_firehose_setup']['function_alias_arn'] = ( - '${module.artifact_extractor_lambda.function_arn}' - ) - enabled_logs = FirehoseClient.load_enabled_log_sources( firehose_conf, config['logs'], @@ -123,15 +109,4 @@ def generate_firehose(logging_bucket, main_dict, config): else: module_dict['alarm_actions'] = [monitoring_topic_arn(config)] - # Only enable "processing_configuration" and pass Artifact Extractor Lambda function arn to - # a firehose if - # 1) lambda function is enabled in conf/lambda.json - # 2) "normalization" field is configured in the log schema settings in conf/schemas/*.json - # or conf/logs.json - if artifact_extractor_enabled_for_log(config, log_type_name): - # FIXME: change variable name to function_arn - module_dict['function_alias_arn'] = ( - '${module.artifact_extractor_lambda.function_alias_arn}' - ) - main_dict['module']['kinesis_firehose_{}'.format(log_stream_name)] = module_dict diff --git a/streamalert_cli/terraform/generate.py b/streamalert_cli/terraform/generate.py index ab2c21449..19f5ae29e 100644 --- a/streamalert_cli/terraform/generate.py +++ b/streamalert_cli/terraform/generate.py @@ -421,16 +421,6 @@ def terraform_generate_handler(config, init=False, check_tf=True, check_creds=Tr os.path.join(TERRAFORM_FILES_PATH, 'main.tf.json') ) - # Setup Artifact Extractor if it is enabled. - # artifact_extractor module is referenced in main.tf.json, so we need to generate it is tf file - # right after generating main.tf.json file for "manage.py destroy" command. - generate_global_lambda_settings( - config, - conf_name='artifact_extractor_config', - generate_func=generate_artifact_extractor, - tf_tmp_file_name='artifact_extractor' - ) - # Return early during the init process, clusters are not needed yet if init: return True @@ -524,6 +514,10 @@ def terraform_generate_handler(config, init=False, check_tf=True, check_creds=Tr # Setup StreamQuery _generate_streamquery_module(config) + # FIXME: make sure test 'python manage.py destroy' artifact_extractor case + # Setup artifact_extractor + _generate_artifact_extractor_module(config) + return True @@ -604,6 +598,14 @@ def _generate_streamquery_module(config): tf_file_name ) +def _generate_artifact_extractor_module(config): + tf_file_name = os.path.join(TERRAFORM_FILES_PATH, 'artifact_extractor.tf.json') + if 'artifact_extractor' in config['global']['infrastructure']: + if config['global']['infrastructure']['artifact_extractor'].get('enabled'): + _create_terraform_module_file(generate_artifact_extractor(config), tf_file_name) + return + + remove_temp_terraform_file(tf_file_name) def generate_global_lambda_settings( config, diff --git a/streamalert_cli/utils.py b/streamalert_cli/utils.py index a9540af74..c2dd0e45d 100644 --- a/streamalert_cli/utils.py +++ b/streamalert_cli/utils.py @@ -46,7 +46,6 @@ def function_map(): 'alert': 'alert_processor', 'alert_merger': 'alert_merger', 'apps': None, # needs special handling - 'artifact_extractor': 'artifact_extractor', 'athena': 'athena_partitioner', 'classifier': None, # needs special handling 'rule': 'rules_engine', diff --git a/tests/unit/streamalert/artifact_extractor/__init__.py b/tests/unit/streamalert/artifact_extractor/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/tests/unit/streamalert/artifact_extractor/helpers.py b/tests/unit/streamalert/artifact_extractor/helpers.py deleted file mode 100644 index 84d6d66be..000000000 --- a/tests/unit/streamalert/artifact_extractor/helpers.py +++ /dev/null @@ -1,116 +0,0 @@ -""" -Copyright 2017-present Airbnb, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -""" -import json -import base64 - -from streamalert.shared.normalize import Normalizer - -MOCK_RECORD_ID = 'aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa' - -def native_firehose_records(normalized=False, count=2): - """Generate sample firehose records for unit tests""" - json_data = [ - {'key_{}'.format(cnt): 'value_{}'.format(cnt)} for cnt in range(count) - ] - - if normalized: - for data in json_data: - data[Normalizer.NORMALIZATION_KEY] = { - 'normalized_type1': [ - { - 'values': ['value1'], - 'function': None - } - ], - 'normalized_type2': [ - { - 'values': ['value2', 'value3'], - 'function': None - } - ] - } - - return [ - { - 'recordId': 'record_id_{}'.format(cnt), - 'data': base64.b64encode( - (json.dumps(json_data[cnt], separators=(',', ':')) + '\n').encode('utf-8') - ).decode('utf-8'), - 'approximateArrivalTimestamp': 1583275630000+int(cnt) - } for cnt in range(count) - ] - -def transformed_firehose_records(normalized=False, count=2): - """Generate sample transformed firehose records for unit tests""" - json_data = [ - {'key_{}'.format(cnt): 'value_{}'.format(cnt)} for cnt in range(count) - ] - - if normalized: - for data in json_data: - data[Normalizer.NORMALIZATION_KEY] = { - 'normalized_type1': [ - { - 'values': ['value1'], - 'function': None - } - ], - 'normalized_type2': [ - { - 'values': ['value2', 'value3'], - 'function': None - } - ], - 'streamalert_record_id': MOCK_RECORD_ID - } - - return { - 'records': [ - { - 'result': 'Ok', - 'data': base64.b64encode( - (json.dumps(json_data[cnt], separators=(',', ':')) + '\n').encode('utf-8') - ).decode('utf-8'), - 'recordId': 'record_id_{}'.format(cnt) - } for cnt in range(count) - ] - } - -def generate_artifacts(): - """Generate sample artifacts for unit tests""" - - # These values are tight to the result of native_firehose_records() method - normalized_values = [ - ('normalized_type1', 'value1'), - ('normalized_type2', 'value2'), - ('normalized_type2', 'value3'), - ('normalized_type1', 'value1'), - ('normalized_type2', 'value2'), - ('normalized_type2', 'value3') - ] - artifacts = [ - { - 'function': 'None', - 'streamalert_record_id': MOCK_RECORD_ID, - 'source_type': 'unit_test', - 'type': type, - 'value': value - } for type, value in normalized_values - ] - - return [ - json.dumps(artifact, separators=(',', ':')) + '\n' for artifact in artifacts - ] diff --git a/tests/unit/streamalert/artifact_extractor/test_main.py b/tests/unit/streamalert/artifact_extractor/test_main.py deleted file mode 100644 index 29ddaed4a..000000000 --- a/tests/unit/streamalert/artifact_extractor/test_main.py +++ /dev/null @@ -1,123 +0,0 @@ -""" -Copyright 2017-present Airbnb, Inc. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -""" -import os - -from mock import call, patch -from nose.tools import assert_equal - -# from streamalert.artifact_extractor.artifact_extractor import ArtifactExtractor -from streamalert.artifact_extractor.main import ArtifactExtractor, handler -from streamalert.shared.firehose import FirehoseClient - -from tests.unit.streamalert.artifact_extractor.helpers import ( - native_firehose_records, - transformed_firehose_records, - generate_artifacts, - MOCK_RECORD_ID, -) - - -class TestArtifactExtractorHandler: - """Test Artifact Extractor lambda function handler""" - # pylint: disable=attribute-defined-outside-init,protected-access,no-self-use - - @patch.dict(os.environ, {'DESTINATION_FIREHOSE_STREAM_NAME': 'unit_test_dst_fh_arn'}) - def setup(self): - """Setup before each method""" - with patch('boto3.client'): - ArtifactExtractor._firehose_client = FirehoseClient(prefix='unit-test') - - self._artifact_extractor = ArtifactExtractor( - 'us-east-1', 'prefix_streamalert_unit_test' - ) - - def teardown(self): - """Teardown after each method""" - ArtifactExtractor._firehose_client = None - - @patch.dict(os.environ, {'DESTINATION_FIREHOSE_STREAM_NAME': 'unit_test_dst_fh_arn'}) - @patch('streamalert.artifact_extractor.artifact_extractor.LOGGER') - def test_handler_zero_artifact(self, logger_mock): - """ArtifactExtractor - Test handler extracts zero artifact""" - event = { - 'records': native_firehose_records(), - 'region': 'us-east-1', - 'deliveryStreamArn': ( - 'arn:aws:firehose:us-east-1:123456788901:prefix_streamalert_unit_test' - ), - 'invocationId': '12345678-1234-5678-9000-124560291657' - } - result = handler(event, 'bala') - - logger_mock.assert_has_calls([ - call.debug('Extracting artifacts from %d %s logs', 2, 'unit_test'), - call.debug('Extracted %d artifact(s)', 0) - ]) - - expected_result = transformed_firehose_records() - assert_equal(result, expected_result) - - @patch('uuid.uuid4') - @patch.dict(os.environ, {'DESTINATION_FIREHOSE_STREAM_NAME': 'unit_test_dst_fh_arn'}) - @patch.object(FirehoseClient, '_send_batch') - @patch('streamalert.artifact_extractor.artifact_extractor.LOGGER') - def test_handler(self, logger_mock, send_batch_mock, uuid_mock): - """ArtifactExtractor - Test handler""" - uuid_mock.return_value = MOCK_RECORD_ID - event = { - 'records': native_firehose_records(normalized=True), - 'region': 'us-east-1', - 'deliveryStreamArn': ( - 'arn:aws:firehose:us-east-1:123456788901:prefix_streamalert_unit_test' - ), - 'invocationId': '12345678-1234-5678-9000-124560291657' - } - result = handler(event, 'bala') - - logger_mock.assert_has_calls([ - call.debug('Extracting artifacts from %d %s logs', 2, 'unit_test'), - call.debug('Extracted %d artifact(s)', 6) - ]) - - send_batch_mock.assert_called_with( - 'unit_test_dst_fh_arn', - generate_artifacts(), - 'artifact_extractor' - ) - - expected_result = transformed_firehose_records(normalized=True) - assert_equal(result, expected_result) - - @patch.dict(os.environ, {'DESTINATION_FIREHOSE_STREAM_NAME': 'unit_test_dst_fh_arn'}) - @patch('streamalert.artifact_extractor.artifact_extractor.LOGGER') - def test_handler_invalid_source_type(self, logger_mock): - """ArtifactExtractor - Test handler with invalid source type from firehose arn""" - event = { - 'records': native_firehose_records(), - 'region': 'us-east-1', - 'deliveryStreamArn': ( - 'arn:aws:firehose:us-east-1:123456788901:firehose-deliverystream' - ), - 'invocationId': '12345678-1234-5678-9000-124560291657' - } - handler(event, 'bala') - - logger_mock.assert_has_calls([ - call.warning( - 'No valid source type found from firehose arn %s', - 'arn:aws:firehose:us-east-1:123456788901:firehose-deliverystream' - ) - ]) diff --git a/tests/unit/streamalert/classifier/test_classifier.py b/tests/unit/streamalert/classifier/test_classifier.py index 5c2df491a..f583c91b3 100644 --- a/tests/unit/streamalert/classifier/test_classifier.py +++ b/tests/unit/streamalert/classifier/test_classifier.py @@ -325,3 +325,31 @@ def test_run_no_payloads(self, classifiy_mock): load_mock.return_value = False self._classifier.run([Mock()]) classifiy_mock.assert_not_called() + + @patch('streamalert.shared.artifact_extractor.ArtifactExtractor.run') + @patch.object(Classifier, '_classify_payload') + def test_run_artifact_extractor_disabled(self, classifiy_mock, artifact_extractor_mock): + """Classifier - Test run method when artifact_extractor disabled""" + with patch.object(classifier_module.StreamPayload, 'load_from_raw_record') as load_mock: + payload = self._mock_payload([self._mock_payload_record()]) + load_mock.return_value = payload + self._classifier.run([Mock()]) + classifiy_mock.assert_called_with(payload) + artifact_extractor_mock.assert_not_called() + + @patch('streamalert.shared.artifact_extractor.ArtifactExtractor.run') + @patch.object(Classifier, '_classify_payload') + def test_run_artifact_extractor_enabled(self, classifiy_mock, artifact_extractor_mock): + """Classifier - Test run method when artifact_extractor enabled""" + Classifier._config['global']['infrastructure']['artifact_extractor'] = { + 'enabled': True, + 'firehose_buffer_size': 128, + 'firehose_buffer_interval': 900 + } + + with patch.object(classifier_module.StreamPayload, 'load_from_raw_record') as load_mock: + payload = self._mock_payload([self._mock_payload_record()]) + load_mock.return_value = payload + self._classifier.run([Mock()]) + classifiy_mock.assert_called_with(payload) + artifact_extractor_mock.assert_called_once() diff --git a/tests/unit/streamalert/artifact_extractor/test_artifact_extractor.py b/tests/unit/streamalert/shared/test_artifact_extractor.py similarity index 71% rename from tests/unit/streamalert/artifact_extractor/test_artifact_extractor.py rename to tests/unit/streamalert/shared/test_artifact_extractor.py index 2c7080a86..cc07627b6 100644 --- a/tests/unit/streamalert/artifact_extractor/test_artifact_extractor.py +++ b/tests/unit/streamalert/shared/test_artifact_extractor.py @@ -13,20 +13,17 @@ See the License for the specific language governing permissions and limitations under the License. """ -import os - from mock import call, patch from nose.tools import assert_equal -from streamalert.artifact_extractor.artifact_extractor import ( +from streamalert.shared.artifact_extractor import ( Artifact, ArtifactExtractor ) from streamalert.shared.firehose import FirehoseClient -from tests.unit.streamalert.artifact_extractor.helpers import ( - native_firehose_records, - transformed_firehose_records, +from tests.unit.streamalert.shared.test_utils import ( generate_artifacts, + generate_categorized_records, MOCK_RECORD_ID, ) @@ -51,57 +48,52 @@ def test_record(self): # pylint: disable=no-self-use 'value': 'test_value' } - assert_equal(artifact.record, expected_result) + assert_equal(artifact.artifact, expected_result) class TestArtifactExtractor: """Test ArtifactExtractor class """ # pylint: disable=attribute-defined-outside-init,protected-access,no-self-use - @patch.dict(os.environ, {'DESTINATION_FIREHOSE_STREAM_NAME': 'unit_test_dst_fh_arn'}) def setup(self): """Setup before each method""" with patch('boto3.client'): ArtifactExtractor._firehose_client = FirehoseClient(prefix='unit-test') - self._artifact_extractor = ArtifactExtractor( - 'us-east-1', 'prefix_streamalert_unit_test' - ) + self._artifact_extractor = ArtifactExtractor('unit_test_dst_fh_arn') def teardown(self): """Teardown after each method""" ArtifactExtractor._firehose_client = None - @patch('streamalert.artifact_extractor.artifact_extractor.LOGGER') + @patch('streamalert.shared.artifact_extractor.LOGGER') def test_run_zero_artifact(self, logger_mock): """ArtifactExtractor - Test run method extract zero artifact""" - result = self._artifact_extractor.run(native_firehose_records()) + self._artifact_extractor.run(generate_categorized_records()) logger_mock.assert_has_calls([ - call.debug('Extracting artifacts from %d %s logs', 2, 'unit_test'), + call.debug('Extracting artifacts from %d %s logs', 2, 'log_type_01_sub_type_01'), call.debug('Extracted %d artifact(s)', 0) ]) - expected_result = transformed_firehose_records() - assert_equal(result, expected_result) + assert_equal(self._artifact_extractor._artifacts, list()) @patch('uuid.uuid4') @patch.object(FirehoseClient, '_send_batch') - @patch('streamalert.artifact_extractor.artifact_extractor.LOGGER') + @patch('streamalert.shared.artifact_extractor.LOGGER') def test_run(self, logger_mock, send_batch_mock, uuid_mock): """ArtifactExtractor - Test run method extract artifacts""" uuid_mock.return_value = MOCK_RECORD_ID - result = self._artifact_extractor.run(native_firehose_records(normalized=True)) + self._artifact_extractor.run(generate_categorized_records(normalized=True)) logger_mock.assert_has_calls([ - call.debug('Extracting artifacts from %d %s logs', 2, 'unit_test'), + call.debug('Extracting artifacts from %d %s logs', 2, 'log_type_01_sub_type_01'), call.debug('Extracted %d artifact(s)', 6) ]) send_batch_mock.assert_called_with( 'unit_test_dst_fh_arn', - generate_artifacts(), - 'artifact_extractor' + generate_artifacts(firehose_records=True), + 'artifacts' ) - expected_result = transformed_firehose_records(normalized=True) - assert_equal(result, expected_result) + assert_equal(self._artifact_extractor._artifacts, generate_artifacts()) diff --git a/tests/unit/streamalert/shared/test_config.py b/tests/unit/streamalert/shared/test_config.py index e0d3cf36e..5b3e4cbc8 100644 --- a/tests/unit/streamalert/shared/test_config.py +++ b/tests/unit/streamalert/shared/test_config.py @@ -27,7 +27,6 @@ from streamalert.shared.config import ( artifact_extractor_enabled, - artifact_extractor_enabled_for_log, _validate_config, load_config, parse_lambda_arn, @@ -311,14 +310,12 @@ def setup(self): 'firehose': { 'enabled': False, 'enabled_logs': {} + }, + 'artifact_extractor': { + 'enabled': False } } }, - 'lambda': { - 'artifact_extractor_config': { - 'enabled': False - } - }, 'logs': { 'test_log:type_1': { 'schema': {}, @@ -339,10 +336,8 @@ def test_artifact_extractor_disabled_by_default(self): def test_artifact_extractor(self): """Shared - test artifact_extractor_enabled helper""" - self.default_conf_data['lambda']['artifact_extractor_config']['enabled'] = True + self.default_conf_data['global']['infrastructure']['artifact_extractor']['enabled'] = True assert_false(artifact_extractor_enabled(self.default_conf_data)) self.default_conf_data['global']['infrastructure']['firehose']['enabled'] = True assert_true(artifact_extractor_enabled(self.default_conf_data)) - assert_true(artifact_extractor_enabled_for_log(self.default_conf_data, 'test_log:type_1')) - assert_false(artifact_extractor_enabled_for_log(self.default_conf_data, 'test_log:type_2')) diff --git a/tests/unit/streamalert/shared/test_utils.py b/tests/unit/streamalert/shared/test_utils.py index 62138144b..d22d099a9 100644 --- a/tests/unit/streamalert/shared/test_utils.py +++ b/tests/unit/streamalert/shared/test_utils.py @@ -1,8 +1,12 @@ """Tests for streamalert/shared/utils.py""" +import json + from nose.tools import assert_equal, assert_false from streamalert.shared import utils +from streamalert.shared.normalize import Normalizer +MOCK_RECORD_ID = 'aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa' def test_valid_ip(): """Utils - Valid IP""" @@ -87,3 +91,58 @@ def test_get_keys(): assert_equal({'ABC', 'DEF', 'GHI'}, set(utils.get_keys(data, 'path'))) assert_equal(2, len(utils.get_keys(data, 'path', max_matches=2))) assert_equal([], utils.get_keys({}, 'path')) + +def generate_categorized_records(normalized=False, count=2): + """Generate categorized records by source types""" + json_data = [ + {'key_{}'.format(cnt): 'value_{}'.format(cnt)} for cnt in range(count) + ] + + if normalized: + for data in json_data: + data[Normalizer.NORMALIZATION_KEY] = { + 'normalized_type1': [ + { + 'values': ['value1'], + 'function': None + } + ], + 'normalized_type2': [ + { + 'values': ['value2', 'value3'], + 'function': None + } + ] + } + + return { + 'log_type_01_sub_type_01': json_data + } + +def generate_artifacts(firehose_records=False): + """Generate sample artifacts for unit tests""" + + normalized_values = [ + ('normalized_type1', 'value1'), + ('normalized_type2', 'value2'), + ('normalized_type2', 'value3'), + ('normalized_type1', 'value1'), + ('normalized_type2', 'value2'), + ('normalized_type2', 'value3') + ] + artifacts = [ + { + 'function': 'None', + 'streamalert_record_id': MOCK_RECORD_ID, + 'source_type': 'log_type_01_sub_type_01', + 'type': type, + 'value': value + } for type, value in normalized_values + ] + + if firehose_records: + return [ + json.dumps(artifact, separators=(',', ':')) + '\n' for artifact in artifacts + ] + + return artifacts diff --git a/tests/unit/streamalert_cli/terraform/test_artifact_extractor.py b/tests/unit/streamalert_cli/terraform/test_artifact_extractor.py index 253a09b26..2c19f7f1e 100644 --- a/tests/unit/streamalert_cli/terraform/test_artifact_extractor.py +++ b/tests/unit/streamalert_cli/terraform/test_artifact_extractor.py @@ -32,10 +32,10 @@ def test_generate_artifact_extractor(self): result = artifact_extractor.generate_artifact_extractor(self.config) assert_is_none(result) - self.config['lambda']['artifact_extractor_config'] = { + self.config['global']['infrastructure']['artifact_extractor'] = { 'enabled': True, - 'memory': 128, - 'timeout': 300 + 'firehose_buffer_size': 128, + 'firehose_buffer_interval': 900 } self.config['global']['infrastructure']['firehose']['enabled_logs'] = { @@ -63,8 +63,6 @@ def test_generate_artifact_extractor(self): 'account_id': '12345678910', 'prefix': 'unit-test', 'region': 'us-west-1', - 'function_role_id': '${module.artifact_extractor_lambda.role_id}', - 'function_alias_arn': '${module.artifact_extractor_lambda.function_alias_arn}', 'glue_catalog_db_name': 'unit-test_streamalert', 'glue_catalog_table_name': 'artifacts', 's3_bucket_name': 'unit-test-streamalert-data', @@ -79,25 +77,10 @@ def test_generate_artifact_extractor(self): ['type', 'string'], ['value', 'string'] ] - }, - 'artifact_extractor_lambda': { - 'source': './modules/tf_lambda', - 'function_name': 'unit-test_streamalert_artifact_extractor', - 'description': 'Unit-Test Streamalert Artifact Extractor', - 'handler': 'streamalert.artifact_extractor.main.handler', - 'memory_size_mb': 128, - 'timeout_sec': 300, - 'environment_variables': { - 'ENABLE_METRICS': '0', - 'LOGGER_LEVEL': 'info', - 'DESTINATION_FIREHOSE_STREAM_NAME': 'unit_test_streamalert_artifacts' - }, - 'tags': {} } } } # FIMME: not sure why assert_equal between result (defaultdict) and expected_result (dict) # fails. - # assert_equal(result, expected_result) assert_equal(json.dumps(result), json.dumps(expected_result)) From 7fcbf8a25e72206dccdb34dd0cd8fc9329356c19 Mon Sep 17 00:00:00 2001 From: Chunyong Lin Date: Wed, 1 Jul 2020 18:28:28 -0700 Subject: [PATCH 2/6] [core] Add send_to_artifacts flag to normalizer --- conf/schemas/carbonblack.json | 8 ++- streamalert/shared/artifact_extractor.py | 7 ++- streamalert/shared/normalize.py | 23 +++++-- .../streamalert/shared/test_normalizer.py | 63 +++++++++++++++++++ tests/unit/streamalert/shared/test_utils.py | 10 ++- 5 files changed, 100 insertions(+), 11 deletions(-) diff --git a/conf/schemas/carbonblack.json b/conf/schemas/carbonblack.json index 4225f2457..683465bc4 100644 --- a/conf/schemas/carbonblack.json +++ b/conf/schemas/carbonblack.json @@ -1058,11 +1058,13 @@ }, { "path": ["parent_path"], - "function": "Process parent path" + "function": "Process parent path", + "send_to_artifacts": false }, { "path": ["process_path"], - "function": "Process parent path" + "function": "Process parent path", + "send_to_artifacts": false } ] } @@ -1467,4 +1469,4 @@ } } } -} \ No newline at end of file +} diff --git a/streamalert/shared/artifact_extractor.py b/streamalert/shared/artifact_extractor.py index e55b955b3..3399f2d67 100644 --- a/streamalert/shared/artifact_extractor.py +++ b/streamalert/shared/artifact_extractor.py @@ -16,7 +16,7 @@ from streamalert.shared.firehose import FirehoseClient from streamalert.shared import ARTIFACTS_METRIC_NAME, config from streamalert.shared.metrics import MetricLogger -from streamalert.shared.normalize import Normalizer +from streamalert.shared.normalize import Normalizer, CONST_ARTIFACTS_FLAG from streamalert.shared.logger import get_logger @@ -136,6 +136,11 @@ def _extract_artifacts(source_type, records): record_id = record.get(RECORD_ID_KEY) or str(uuid.uuid4()) for key, values in record[Normalizer.NORMALIZATION_KEY].items(): for value in values: + # Skip the normalized value is SNED_TO_ARTIFACTS_FLAG set to "false", which is + # default to "true". + if not value.get(CONST_ARTIFACTS_FLAG, True): + continue + for val in value.get('values', []): artifacts.append(Artifact( function=value.get('function'), diff --git a/streamalert/shared/normalize.py b/streamalert/shared/normalize.py index edd4785ad..c5724e1d0 100644 --- a/streamalert/shared/normalize.py +++ b/streamalert/shared/normalize.py @@ -29,11 +29,12 @@ CONST_PATH = 'path' CONST_CONDITION = 'condition' CONST_VALUES = 'values' +CONST_ARTIFACTS_FLAG = 'send_to_artifacts' class NormalizedType: """The class encapsulates normalization information for each normalized type""" - VALID_KEYS = {CONST_PATH, CONST_FUNCTION, CONST_CONDITION} + VALID_KEYS = {CONST_PATH, CONST_FUNCTION, CONST_CONDITION, CONST_ARTIFACTS_FLAG} CONST_STR = 'str' CONST_DICT = 'dict' @@ -114,7 +115,8 @@ def parsed_params(self): [ { 'path': ['detail', 'sourceIPAddress'], - 'function': 'source ip address' + 'function': 'source ip address', + 'send_to_artifacts': False }, { 'path': ['path', 'to', 'the', 'destination', 'ip'], @@ -246,7 +248,9 @@ def _extract_values(cls, record, paths_to_normalize): } """ for param in paths_to_normalize.parsed_params: - if param.get(CONST_CONDITION) and not cls._match_condition(record, param['condition']): + if param.get(CONST_CONDITION) and not cls._match_condition( + record, param[CONST_CONDITION] + ): # If optional 'condition' block is configured, it will only extract values if # condition is matched. continue @@ -254,13 +258,20 @@ def _extract_values(cls, record, paths_to_normalize): found_value, value = cls._find_value(record, param.get(CONST_PATH)) if found_value: - yield { + result = { CONST_FUNCTION: param.get(CONST_FUNCTION) or None, # if value not a list, it will be cast to a str even it is a dict or other # types CONST_VALUES: value if isinstance(value, list) else [str(value)] } + # Add "send_to_artifacts" flag to the normalized field when it explicitly sets the + # flag to "false" in the normalizer in conf/schemas/*.json + if not param.get(CONST_ARTIFACTS_FLAG, True): + result[CONST_ARTIFACTS_FLAG] = False + + yield result + @classmethod def _match_condition(cls, record, condition): """Apply condition to a record before normalization kicked in. @@ -269,10 +280,10 @@ def _match_condition(cls, record, condition): bool: Return True if the value of the condition path matches to the condition, otherwise return False. It is False if the path doesn't exist. """ - if not condition.get('path'): + if not condition.get(CONST_PATH): return False - found_value, value = cls._find_value(record, condition['path']) + found_value, value = cls._find_value(record, condition[CONST_PATH]) if not found_value: return False diff --git a/tests/unit/streamalert/shared/test_normalizer.py b/tests/unit/streamalert/shared/test_normalizer.py index 66295305f..f0efa0273 100644 --- a/tests/unit/streamalert/shared/test_normalizer.py +++ b/tests/unit/streamalert/shared/test_normalizer.py @@ -570,6 +570,69 @@ def test_load_from_config_error(self): } assert_raises(ConfigError, Normalizer.load_from_config, config) + def test_load_from_config_with_flag(self): + """Normalizer - Load From Config with send_to_artifacts flag""" + config = { + 'logs': { + 'cloudwatch:flow_logs': { + 'schema': { + 'source': 'string', + 'destination': 'string', + 'destport': 'string' + }, + 'configuration': { + 'normalization': { + 'ip_address': [ + { + 'path': ['destination'], + 'function': 'Destination IP addresses' + } + ], + 'port': [ + { + 'path': ['destport'], + 'function': 'Destination port number', + 'send_to_artifacts': False + } + ] + } + } + } + } + } + normalizer = Normalizer.load_from_config(config) + + record = { + 'source': '1.1.1.2', + 'destination': '2.2.2.2', + 'destport': '54321' + } + + normalizer.normalize(record, 'cloudwatch:flow_logs') + + expect_result = { + 'source': '1.1.1.2', + 'destination': '2.2.2.2', + 'destport': '54321', + 'streamalert_normalization': { + 'ip_address': [ + { + 'values': ['2.2.2.2'], + 'function': 'Destination IP addresses' + } + ], + 'port': [ + { + 'values': ['54321'], + 'function': 'Destination port number', + 'send_to_artifacts': False + } + ] + } + } + + assert_equal(record, expect_result) + def test_normalize_condition(self): """Normalizer - Test normalization when condition applied""" log_type = 'cloudtrail' diff --git a/tests/unit/streamalert/shared/test_utils.py b/tests/unit/streamalert/shared/test_utils.py index d22d099a9..09cd689c7 100644 --- a/tests/unit/streamalert/shared/test_utils.py +++ b/tests/unit/streamalert/shared/test_utils.py @@ -110,7 +110,15 @@ def generate_categorized_records(normalized=False, count=2): 'normalized_type2': [ { 'values': ['value2', 'value3'], - 'function': None + 'function': None, + 'send_to_artifacts': True + } + ], + 'normalized_type3': [ + { + 'values': ['value2', 'value3'], + 'function': None, + 'send_to_artifacts': False } ] } From 6350e8aea02b0eb35d6acd982c639df50d341e79 Mon Sep 17 00:00:00 2001 From: Chunyong Lin Date: Thu, 2 Jul 2020 18:32:40 -0700 Subject: [PATCH 3/6] [cli] Remove leftover variables, permissions --- .../modules/tf_artifact_extractor/iam.tf | 22 ------------------- .../tf_artifact_extractor/variables.tf | 9 -------- 2 files changed, 31 deletions(-) diff --git a/streamalert_cli/_infrastructure/modules/tf_artifact_extractor/iam.tf b/streamalert_cli/_infrastructure/modules/tf_artifact_extractor/iam.tf index b27b53a89..fa27f8e78 100644 --- a/streamalert_cli/_infrastructure/modules/tf_artifact_extractor/iam.tf +++ b/streamalert_cli/_infrastructure/modules/tf_artifact_extractor/iam.tf @@ -1,25 +1,3 @@ -// Allow the Artifact Extractor to write to the Firehose delivering Artifacts to S3 -resource "aws_iam_role_policy" "put_artifacts_firehose" { - name = "PutRecordsToArtifactsFirehose" - role = var.function_role_id - policy = data.aws_iam_policy_document.put_artifacts_firehose_policy.json -} - -data "aws_iam_policy_document" "put_artifacts_firehose_policy" { - statement { - effect = "Allow" - - actions = [ - "firehose:PutRecordBatch", - "firehose:DescribeDeliveryStream", - ] - - resources = [ - aws_kinesis_firehose_delivery_stream.streamalert_artifacts.arn - ] - } -} - // IAM Role: Artifacts Firehose Delivery Stream permissions resource "aws_iam_role" "streamalert_kinesis_firehose" { name = "${var.prefix}_firehose_artifacts_delivery" diff --git a/streamalert_cli/_infrastructure/modules/tf_artifact_extractor/variables.tf b/streamalert_cli/_infrastructure/modules/tf_artifact_extractor/variables.tf index 6457afe54..58c0f66a4 100644 --- a/streamalert_cli/_infrastructure/modules/tf_artifact_extractor/variables.tf +++ b/streamalert_cli/_infrastructure/modules/tf_artifact_extractor/variables.tf @@ -10,15 +10,6 @@ variable "prefix" { type = string } -variable "function_role_id" { - description = "Artifact Extractor function IAM Role ID, exported from the tf_lambda module" -} - -variable "function_alias_arn" { - type = string - description = "Fully qualified function arn of alias of Artifact extractor lambda" -} - variable "glue_catalog_db_name" { type = string description = "Athena Database name" From 94227461b837cfbfddbc0ea293befbf3a42405e5 Mon Sep 17 00:00:00 2001 From: Chunyong Lin Date: Thu, 2 Jul 2020 18:33:19 -0700 Subject: [PATCH 4/6] [core] Fix bugs, update custom metrics for artifacts --- streamalert/shared/__init__.py | 2 -- streamalert/shared/artifact_extractor.py | 18 +++++++++++------- streamalert/shared/firehose.py | 14 +++++++------- streamalert/shared/metrics.py | 15 +++++++-------- streamalert/shared/normalize.py | 4 ++++ 5 files changed, 29 insertions(+), 24 deletions(-) diff --git a/streamalert/shared/__init__.py b/streamalert/shared/__init__.py index 28ad34434..00fdda2f2 100644 --- a/streamalert/shared/__init__.py +++ b/streamalert/shared/__init__.py @@ -8,5 +8,3 @@ THREAT_INTEL_DOWNLOADER_NAME = 'threat_intel_downloader' CLUSTERED_FUNCTIONS = {CLASSIFIER_FUNCTION_NAME} - -ARTIFACTS_METRIC_NAME = 'artifacts' diff --git a/streamalert/shared/artifact_extractor.py b/streamalert/shared/artifact_extractor.py index 3399f2d67..cccdbaac5 100644 --- a/streamalert/shared/artifact_extractor.py +++ b/streamalert/shared/artifact_extractor.py @@ -14,7 +14,7 @@ import uuid from streamalert.shared.firehose import FirehoseClient -from streamalert.shared import ARTIFACTS_METRIC_NAME, config +from streamalert.shared import CLASSIFIER_FUNCTION_NAME, config from streamalert.shared.metrics import MetricLogger from streamalert.shared.normalize import Normalizer, CONST_ARTIFACTS_FLAG from streamalert.shared.logger import get_logger @@ -22,7 +22,6 @@ LOGGER = get_logger(__name__) -RECORD_ID_KEY = 'streamalert_record_id' class Artifact: """Encapsulation of a single Artifact that is extracted from an input record.""" @@ -58,7 +57,7 @@ def artifact(self): """ return { 'function': self._function, - RECORD_ID_KEY: self._record_id, + Normalizer.RECORD_ID_KEY: self._record_id, 'source_type': self._source_type, 'type': self._type, 'value': self._value, @@ -85,7 +84,9 @@ def __init__(self, artifacts_fh_stream_name): ArtifactExtractor._firehose_client = ( ArtifactExtractor._firehose_client or FirehoseClient.get_client( prefix=self.config['global']['account']['prefix'], - artifact_extractor_config=self.config['lambda'].get('artifact_extractor_config', {}) + artifact_extractor_config=self.config['global'].get( + 'infrastructure', {} + ).get('artifact_extractor', {}) ) ) @@ -133,8 +134,12 @@ def _extract_artifacts(source_type, records): if not record.get(Normalizer.NORMALIZATION_KEY): continue - record_id = record.get(RECORD_ID_KEY) or str(uuid.uuid4()) + record_id = (record[Normalizer.NORMALIZATION_KEY].get(Normalizer.RECORD_ID_KEY) + or str(uuid.uuid4())) for key, values in record[Normalizer.NORMALIZATION_KEY].items(): + if key == Normalizer.RECORD_ID_KEY: + continue + for value in values: # Skip the normalized value is SNED_TO_ARTIFACTS_FLAG set to "false", which is # default to "true". @@ -150,7 +155,6 @@ def _extract_artifacts(source_type, records): normalized_type=key, value=val )) - record[Normalizer.NORMALIZATION_KEY][RECORD_ID_KEY] = record_id return artifacts @@ -176,7 +180,7 @@ def run(self, categorized_records): LOGGER.debug('Extracted %d artifact(s)', len(self._artifacts)) MetricLogger.log_metric( - ARTIFACTS_METRIC_NAME, + CLASSIFIER_FUNCTION_NAME, MetricLogger.EXTRACTED_ARTIFACTS, len(self._artifacts) ) diff --git a/streamalert/shared/firehose.py b/streamalert/shared/firehose.py index fdec0ea19..7e07de399 100644 --- a/streamalert/shared/firehose.py +++ b/streamalert/shared/firehose.py @@ -23,7 +23,7 @@ from botocore.exceptions import ClientError, HTTPClientError from botocore.exceptions import ConnectionError as BotocoreConnectionError -from streamalert.shared import ARTIFACTS_METRIC_NAME, CLASSIFIER_FUNCTION_NAME +from streamalert.shared import CLASSIFIER_FUNCTION_NAME import streamalert.shared.helpers.boto as boto_helpers from streamalert.shared.logger import get_logger from streamalert.shared.metrics import MetricLogger @@ -460,12 +460,12 @@ def send(self, payloads): Args: payloads (list): List of PayloadRecord items that include parsed records """ - records = self._categorize_records(payloads) + categorized_records = self._categorize_records(payloads) # Iterate through each set of categorized payloads. # Each batch will be processed to their specific Firehose, which lands the data # in a specific prefix in S3. - for log_type, records in records.items(): + for log_type, records in categorized_records.items(): # firehose stream name has the length limit, no longer than 64 characters formatted_stream_name = self.generate_firehose_name(self._prefix, log_type) @@ -486,7 +486,7 @@ def send(self, payloads): ) # return categorized records for extracting artifacts if the feature is enabled - return records + return categorized_records def send_artifacts(self, artifacts, stream_name): """Send artifacts to artifacts Firehose delievery stream @@ -494,12 +494,12 @@ def send_artifacts(self, artifacts, stream_name): artifacts (list(dict)): A list of artifacts extracted from normalized records. stream_name (str): Stream name of destination Firehose. """ - for artifact_batch in self._record_batches(artifacts, ARTIFACTS_METRIC_NAME): + for artifact_batch in self._record_batches(artifacts, CLASSIFIER_FUNCTION_NAME): batch_size = len(artifact_batch) - response = self._send_batch(stream_name, artifact_batch, ARTIFACTS_METRIC_NAME) + response = self._send_batch(stream_name, artifact_batch, CLASSIFIER_FUNCTION_NAME) self._finalize( response, stream_name, batch_size, - ARTIFACTS_METRIC_NAME + CLASSIFIER_FUNCTION_NAME ) diff --git a/streamalert/shared/metrics.py b/streamalert/shared/metrics.py index 917615427..07da43260 100644 --- a/streamalert/shared/metrics.py +++ b/streamalert/shared/metrics.py @@ -18,7 +18,6 @@ from streamalert.shared import ( ALERT_MERGER_NAME, ALERT_PROCESSOR_NAME, - ARTIFACTS_METRIC_NAME, ATHENA_PARTITIONER_NAME, CLASSIFIER_FUNCTION_NAME, RULES_ENGINE_FUNCTION_NAME @@ -78,6 +77,8 @@ class MetricLogger: # Artifact Extractor metric names EXTRACTED_ARTIFACTS = 'ExtractedArtifacts' + FIREHOSE_FAILED_ARTIFACTS = 'FirehoseFailedArtifacts' + FIREHOSE_ARTIFACTS_SENT = 'FirehoseArtifactsSent' _default_filter = '{{ $.metric_name = "{}" }}' _default_value_lookup = '$.metric_value' @@ -93,16 +94,14 @@ class MetricLogger: ALERT_ATTEMPTS: (_default_filter.format(ALERT_ATTEMPTS), _default_value_lookup) }, ALERT_PROCESSOR_NAME: {}, # Placeholder for future alert processor metrics - ARTIFACTS_METRIC_NAME: { + ATHENA_PARTITIONER_NAME: {}, # Placeholder for future athena processor metrics + CLASSIFIER_FUNCTION_NAME: { EXTRACTED_ARTIFACTS: (_default_filter.format(EXTRACTED_ARTIFACTS), _default_value_lookup), - FIREHOSE_FAILED_RECORDS: (_default_filter.format(FIREHOSE_FAILED_RECORDS), + FIREHOSE_FAILED_ARTIFACTS: (_default_filter.format(FIREHOSE_FAILED_ARTIFACTS), + _default_value_lookup), + FIREHOSE_ARTIFACTS_SENT: (_default_filter.format(FIREHOSE_ARTIFACTS_SENT), _default_value_lookup), - FIREHOSE_RECORDS_SENT: (_default_filter.format(FIREHOSE_RECORDS_SENT), - _default_value_lookup) - }, - ATHENA_PARTITIONER_NAME: {}, # Placeholder for future athena processor metrics - CLASSIFIER_FUNCTION_NAME: { FAILED_PARSES: (_default_filter.format(FAILED_PARSES), _default_value_lookup), FIREHOSE_FAILED_RECORDS: (_default_filter.format(FIREHOSE_FAILED_RECORDS), diff --git a/streamalert/shared/normalize.py b/streamalert/shared/normalize.py index c5724e1d0..c06cefc74 100644 --- a/streamalert/shared/normalize.py +++ b/streamalert/shared/normalize.py @@ -16,6 +16,7 @@ from collections import defaultdict import logging import itertools +import uuid from streamalert.shared.config import TopLevelConfigKeys from streamalert.shared.exceptions import ConfigError @@ -175,6 +176,7 @@ class Normalizer: """Normalizer class to handle log key normalization in payloads""" NORMALIZATION_KEY = 'streamalert_normalization' + RECORD_ID_KEY = 'streamalert_record_id' # Store the normalized types mapping to original keys from the records _types_config = dict() @@ -212,6 +214,8 @@ def match_types(cls, record, normalized_types): if result: results[type_name] = result + if results: + results[cls.RECORD_ID_KEY] = str(uuid.uuid4()) return results @classmethod From 9193c9a7cc9e299c2bf843e6fa1f113633fce696 Mon Sep 17 00:00:00 2001 From: Chunyong Lin Date: Thu, 2 Jul 2020 18:34:17 -0700 Subject: [PATCH 5/6] [tests] Update test cases --- .../streamalert/classifier/test_classifier.py | 3 +-- .../shared/test_artifact_extractor.py | 2 +- .../streamalert/shared/test_normalizer.py | 19 ++++++++++++++++++- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/tests/unit/streamalert/classifier/test_classifier.py b/tests/unit/streamalert/classifier/test_classifier.py index f583c91b3..8de12af96 100644 --- a/tests/unit/streamalert/classifier/test_classifier.py +++ b/tests/unit/streamalert/classifier/test_classifier.py @@ -344,9 +344,8 @@ def test_run_artifact_extractor_enabled(self, classifiy_mock, artifact_extractor Classifier._config['global']['infrastructure']['artifact_extractor'] = { 'enabled': True, 'firehose_buffer_size': 128, - 'firehose_buffer_interval': 900 + 'firehose_buffer_interval': 60 } - with patch.object(classifier_module.StreamPayload, 'load_from_raw_record') as load_mock: payload = self._mock_payload([self._mock_payload_record()]) load_mock.return_value = payload diff --git a/tests/unit/streamalert/shared/test_artifact_extractor.py b/tests/unit/streamalert/shared/test_artifact_extractor.py index cc07627b6..8f514a469 100644 --- a/tests/unit/streamalert/shared/test_artifact_extractor.py +++ b/tests/unit/streamalert/shared/test_artifact_extractor.py @@ -93,7 +93,7 @@ def test_run(self, logger_mock, send_batch_mock, uuid_mock): send_batch_mock.assert_called_with( 'unit_test_dst_fh_arn', generate_artifacts(firehose_records=True), - 'artifacts' + 'classifier' ) assert_equal(self._artifact_extractor._artifacts, generate_artifacts()) diff --git a/tests/unit/streamalert/shared/test_normalizer.py b/tests/unit/streamalert/shared/test_normalizer.py index f0efa0273..5344d5115 100644 --- a/tests/unit/streamalert/shared/test_normalizer.py +++ b/tests/unit/streamalert/shared/test_normalizer.py @@ -13,11 +13,12 @@ See the License for the specific language governing permissions and limitations under the License. """ -from mock import patch +from mock import Mock, patch from nose.tools import assert_equal, assert_false, assert_raises, assert_true from streamalert.shared.exceptions import ConfigError from streamalert.shared.normalize import Normalizer, NormalizedType +from tests.unit.streamalert.shared.test_utils import MOCK_RECORD_ID class TestNormalizer: @@ -98,6 +99,7 @@ def _normalized_type_user_identity(cls): ] ) + @patch('uuid.uuid4', Mock(return_value=MOCK_RECORD_ID)) def test_match_types(self): """Normalizer - Match Types""" normalized_types = { @@ -106,6 +108,7 @@ def test_match_types(self): 'ipv4': self._normalized_type_ip() } expected_results = { + 'streamalert_record_id': MOCK_RECORD_ID, 'account': [ { 'values': ['123456'], @@ -137,6 +140,7 @@ def test_match_types(self): results = Normalizer.match_types(self._test_record(), normalized_types) assert_equal(results, expected_results) + @patch('uuid.uuid4', Mock(return_value=MOCK_RECORD_ID)) def test_match_types_multiple(self): """Normalizer - Match Types, Mutiple Sub-keys""" normalized_types = { @@ -146,6 +150,7 @@ def test_match_types_multiple(self): 'user_identity': self._normalized_type_user_identity() } expected_results = { + 'streamalert_record_id': MOCK_RECORD_ID, 'account': [ { 'values': ['123456'], @@ -187,6 +192,7 @@ def test_match_types_multiple(self): results = Normalizer.match_types(self._test_record(), normalized_types) assert_equal(results, expected_results) + @patch('uuid.uuid4', Mock(return_value=MOCK_RECORD_ID)) def test_normalize(self): """Normalizer - Normalize""" log_type = 'cloudtrail' @@ -212,6 +218,7 @@ def test_normalize(self): }, 'sourceIPAddress': '1.1.1.3', 'streamalert_normalization': { + 'streamalert_record_id': MOCK_RECORD_ID, 'region': [ { 'values': ['region_name'], @@ -237,6 +244,7 @@ def test_normalize(self): assert_equal(record, expected_record) + @patch('uuid.uuid4', Mock(return_value=MOCK_RECORD_ID)) def test_normalize_corner_case(self): """Normalizer - Normalize - Corner Case""" log_type = 'cloudtrail' @@ -264,6 +272,7 @@ def test_normalize_corner_case(self): 'original_key': 'fizzbuzz', }, 'streamalert_normalization': { + 'streamalert_record_id': MOCK_RECORD_ID, 'normalized_key': [ { 'values': ['fizzbuzz'], @@ -283,6 +292,7 @@ def test_normalize_none_defined(self, log_mock): Normalizer.normalize(self._test_record(), log_type) log_mock.assert_called_with('No normalized types defined for log type: %s', log_type) + @patch('uuid.uuid4', Mock(return_value=MOCK_RECORD_ID)) def test_key_does_not_exist(self): """Normalizer - Normalize, Key Does Not Exist""" test_record = { @@ -297,6 +307,7 @@ def test_key_does_not_exist(self): 'ipv4': self._normalized_type_ip() } expected_results = { + 'streamalert_record_id': MOCK_RECORD_ID, 'account': [ { 'values': ['123456'], @@ -314,6 +325,7 @@ def test_key_does_not_exist(self): results = Normalizer.match_types(test_record, normalized_types) assert_equal(results, expected_results) + @patch('uuid.uuid4', Mock(return_value=MOCK_RECORD_ID)) def test_empty_value(self): """Normalizer - Normalize, Empty Value""" test_record = { @@ -327,6 +339,7 @@ def test_empty_value(self): 'ipv4': self._normalized_type_ip() } expected_results = { + 'streamalert_record_id': MOCK_RECORD_ID, 'account': [ { 'values': ['123456'], @@ -570,6 +583,7 @@ def test_load_from_config_error(self): } assert_raises(ConfigError, Normalizer.load_from_config, config) + @patch('uuid.uuid4', Mock(return_value=MOCK_RECORD_ID)) def test_load_from_config_with_flag(self): """Normalizer - Load From Config with send_to_artifacts flag""" config = { @@ -615,6 +629,7 @@ def test_load_from_config_with_flag(self): 'destination': '2.2.2.2', 'destport': '54321', 'streamalert_normalization': { + 'streamalert_record_id': MOCK_RECORD_ID, 'ip_address': [ { 'values': ['2.2.2.2'], @@ -633,6 +648,7 @@ def test_load_from_config_with_flag(self): assert_equal(record, expect_result) + @patch('uuid.uuid4', Mock(return_value=MOCK_RECORD_ID)) def test_normalize_condition(self): """Normalizer - Test normalization when condition applied""" log_type = 'cloudtrail' @@ -701,6 +717,7 @@ def test_normalize_condition(self): }, 'sourceIPAddress': '1.1.1.3', 'streamalert_normalization': { + 'streamalert_record_id': MOCK_RECORD_ID, 'region': [ { 'values': ['region_name'], From 457917fcbfbb47abfca6dee2d502484d046d9d4e Mon Sep 17 00:00:00 2001 From: Chunyong Lin Date: Thu, 2 Jul 2020 18:34:33 -0700 Subject: [PATCH 6/6] [docs] Update docs --- docs/images/normalization-arch.png | Bin 134392 -> 109768 bytes docs/source/normalization.rst | 85 +++++++++++++++-------------- 2 files changed, 45 insertions(+), 40 deletions(-) diff --git a/docs/images/normalization-arch.png b/docs/images/normalization-arch.png index fbc7329e0527b7b8ac81bfb10cf87a57768ff324..e41dbb752618689ac5cba862963341c066dfbba4 100644 GIT binary patch literal 109768 zcmeFZc{r7A6gRr1NQJjSiqK#Pp}~+@DcZ@9c_uPXnKO%|6f%oUnaMocrYPP_o6K`1 z^OSL8+uKs;r*^T&72_3d}C?fpFWu$iUQ{dl7wCrx>b?idP%qC`Kq zr-(w4okO8WqmPooCu}iWMEG&o2a2*Nlq)L=<^2+c+J=w3 zr%@=!>nPN$J_;oijY82r`&ju{1im0MkdeNJ+C~0JtWFPuPbi)}(6C3L&c!1Ck)R!Y z!{I}62ej;c@;~IHsLRJY*O&~TMHKqp9p&eP^CK?q;S<%nyUu4L^C{5k99OTtzjrv* z+cM;^f;?aJnzEq&Tc1O{y{XKe%NL>oylF(GJz4b&zEvK{KX%_uh&@wO@r8ar^BIzm zCyzVyL#|ndzPKK?Lp+LGcytpzNfkD%p^I&5@c;g&CJ%3~gL`IV=dn0fdAGTxr3IPm z-b?>Z#t6xOzj&wlA13|pm;87C=RIPJ|4-WC+VCQZZaDL_lk|VfDY3vkXW)F8&w%Xz z|0|5l9))_rDNM*|uH{tS`fw=+2)yfuj4c^22_`y+U>|&a2e% zS+3Bf#~x?IHrbA0%x}vdC4GO;1Ldp3l2;^sNF=WO+M2YlD67pb+|hCJKb7C1+sE$S zuX7BuLx+(h(I?$+-c~+i)5`7ZF*}e7gmU?|KaZwH)`)r2=g9wIUQ|GIt#}@>o za%_k+@<&JmFA#ch(`88Gyg~=_o<$GL*fN8)@#yLU!ql0NMU8}b# zm&vh?wsby+x>rkcb>A4JSH5)o`(7XQ5A%ePbp&x;BVuByP&l0RN^zf~xd*=Mvkg`M zOV1XegR9N|P`pyWkfOZPUf-##WN#Tu{ZT8H4Q3okLUB}m~hJA8WXWRYI?G!@+zqQwt za!*W-DLYx}k(LGVT@yaU`|hlO{Uzo{ml!_zC@NRXh5r$=@s!{5<-{)``le4GTt{Uj zZ!@MGUl5nFvUcIUT@WvtWdEUyzR+b>)r4%$+qLI+=<%!vy`|MAW(v(hyT4>Og!4P6 z`1a>TnH9ozuHTmgbx66=$u{hK%5k%?`$?j|=c$rajkYlGVZq1~RGX^OY+1~){aZE} z!6lB?`N^wh&Hrqa;mIKJ+jv_h{L(v|VL0P>!slY)6Nv+60R&a0JNq$517non8g9Q( zA@0(*c>S7%fOgqBFsgK2Jqzx)S4B+Y`QTbJH251HR^#VW9**=ztrY9pXI1;KMRi zG?`V^YUO-RBCO}ac23%>J-?Qak@6uyW!YZBaYfKFlnTF-IYl=j9WedW`5Xx+kI?7i z6*dDfpr?HPp4plE1L_D3(MO@gMf}TJirfN6o*cg4Us5&*J;aY#{1L1gS-kGenl8Am zB}=*Qu#o`}r^<@Dld3b7EKdF>d2?daeeQ%p2tE0Jvd(9+*M{%@nieus&CAGK-v}>> zes}z_c-@CJ#e>#w<8_hn2@7pD&P7shZ{9M`?A*ITPD&5(SKYYf_Lu(1u`*#4%JdO} zU^up=K?bP~SOm3!0uLwuCvU*2G-riX5&UF0){(*2=h>3*K4^r4ICe!f^h~c?G&8#h z>lcwm!j^RDH|hNrQ!jzv>OS1v@EN(({Z_Sagc}!06N;}INm5tbE~D*sva19~2-LJ+ zD7)+SmEH2ERjB*vqb0VxtJq_;##L6fU3>m-iiWkQyB}{OrsmT5WGGi}V}d_Uizt!P z8SZsTctKGETm4~$LQ;mLUR2H8)syp>x`7KFU{ez6D|#!_wfY^KpCHiX%KH}Hpe z4cfNGq+OOzMojKp`Z?Zmj5>S%Co85Qvb$<&57(YwfvK9i%9H4APT?c56oHF|xq74F z=j2IA|Mqlm=Lq#I7u9C(%)jvt;?jw|6yY{crE%(DVSQm?GiF4sG&d$nh2m)GgnJh| z=29|8m=Z7X;=O2pS#{5*>9MDHL}^kxE@2cTZE}oz#$g{7+86*8xMI?S+|Ki!r4_>` z8Vp=HUY}d88!*jWAveTOV-(L*#xBC2&!Xf#nU#stituxoPwOocP3o8y<6|_rcD!%4 za;Vme%fzfFFit1k@rhOCNYBmAeXnX)zf2+Vc5-yf1S46_9FG;t=yG}DVN)!;CS*2? zJAU+)@#@k==0{IR!@4)(Q~6kFn~zb?4X=>@A#OTWlzmp%8aPd}kS{K6)U+|6^H!5D z7Qe>^JOTeZ3;?Xnw_{T(<+49_xH4!`#+f?*aa7cGP~XRzeA%MuGG@Pf8>&N@UJ7$B z@fISvyi?RdyXgZQ;`UX)kKkM)a+3VZVdP_}n*H$et4b8PGwI8q*m%pGAzj0WQ%|(~hEW8m)pdaL^L9?D~t{G;% zq2PZuE6p=|K~%=qQ?!p$oI+D0NsUSc(sobf4Z;?+p5nlZ7=Z$AJO|ITV~+ej7R7J^ z7HOtHPHSFq9$;u>p{TYqjWgysr>WzN8P-yLu(;}^_AM0X3?z6?=5W0yrW!GpwKStr zIgMf&f1_grgq)VJnd%!E6m5@=o;k2XK&>6B_<>OqRX;<0Dg}iSj6uilMp6{DrJejC z85$hV{E7vF=nAq0W5*zglekeV z2vqhONge7m|1%;qc9?v!QmkkhodwM?UHup zDdOA&R2GBvY)*bZlKEy>90{oW*XQ@_^{D}xGI`?bb)kFZu3=Mikw?TxPhkrCn0R6? z9Udj_s~w zdt}zm^k-{+i84(6^>m8r@+}|5a1-p9&!E7M{V=o!a5uGW#-8bCxEuF!tD7!mPRUh#FdI_V4UbP;pdmWc7$Csail|zgFc#|1A*V4F7D3mbb z6c&ok_HsQQP;Y3L1 zp$x}*0;N+0R52}ty0(ej+bQW%lw#cVN-&kL0!CPFapg*O9Rr$Fx3Ji+*e z)LV)b(qBsp-Fa}04UaF5n(=w!B_i~ndP>Un;$4;`F@%#-MEi!ttWUOXGxdy}-{3HD z&OFcKl1XNB&_WUB{Qgh?wNZiS=k$pC#L001AT(nyFp3d&kvD0zBT%35?DkQAw^2mU!>?%5Mno$%FeBTu-QMhXj~e?neIK=))y(E5d%dg1i|~Hga!{{Le1S ztoaQKseHmjK4bo88eK3u-oPTRnX1~ne5CCVubI5)dN^^ruXgtDuZET9B2NDHXs}k_ zmUx>gKvk9~!j?-a2z};pB5DEC4l{i_xfvSFdul=Aetz8Ac<0d)sLaM(==|;73!$q7 z{O*GZK5FeqTBgk9@8h$@+rJo`1Y}F-#yt-23{<%k5&!y&o3?)xbd=-gjlsE9NXLr~ zAd_*aAr=odAcW>5&WHn213UA4Xl~y}-WdE*#A^s?FCUvdZ@jtAZu0_-#f%x5Wy`gh~a{r4kAFY^;h} zrtDlVUwmKx=+cBqP&Thc?p=KF<5(@moQ-n+GLfu8rqQGywW3STr?(^13P$$yq;lnb z0JRcAb3o~!G#w#HLpPExH>In-`>?Lbb%P*T7_I+4r6XJV->##lPtf2_npReYQF`Dv zRNUR&OTNEq?6vt|%g}#SjhJpuBc42{p`O&~fp95~wk=o2c%a zj^vo>#`!z>qYk$vN%}iXcU(df!zcr@#sKl@xJRF6lFRyKcsWszGU^~7puP8&TwU6!S^p%UL-O^_*}!|Rt2 z9vuK5_xyJDaD@$D)*o=128}^p_8?xLV|INMnP3k$qTJ zeWe1cC6)*A2h_UWHA7&y=VzNz*cHE2A*Rt$s1(V%wwj|GJ8gOzJ#=Bdb31tX?*6{w z%0;J=xNUNXlkUaW^sUh9eO*VWHId#V6m9@T2wRy+Psp+wDkZTB(2Uy%8FBcDIUb-w zuQhi{Y-Ld>PR(=UC9sR0g-;WVI-B#PC5%KRnRGuL+v+o&XuCM;Y2%gbznJ5dF0H1r zZ>n?Kmq-&YiKzH%@Dn2+aEO#^>GAn^aw-5to*6F0(=dAFA-r$Q5W%F_Aulc*@ngVw z4aWyD{49QBItqFJTK{K@`;c+N3T?*376waX6c=JYsis>+nZ^m3EE#7)s!$Q0R*n53 zYoq(4@Ul_+dg!;qzRZ5>)sG>vD0}Yl2|4CI3W>roS9lvIml8kUSksD(a6^c@%SNus zT&z;|NUN9#>z!XWDE<>K7BlABGVP7bhgb#|VIu%`2{I63QfNMOrbLM0lV@V#&6(ns zWVw@1O20CS89a<@2WWQxPWlW9sLy|&mH2w}nDIFnBtN+R(aA+wRn?a1MVe)I#^c$s zTCcE~ve_(%(e_=l()wINh$h>x-hwSiE6VZZvC5SjsZzJJIMfe_iy9)P9ajybjC0jZ z^@`hWjC@fE1jTXCR3nu8&o#=2CumDQD}eQ^W!N>t0m;4&Xd<);MQ3GiMB$wv$?(>jb0A#?!gskOgy( zq0>FAw;T4sC<}^_755F?tcitRnVF&t$3e}Mi`c~J5So8&`-xADE=IdRl+IIhRh5Fe zdqxBnQc`wqbaHw`|KgE)K%bDpW+nQzo$JnQaU_)8I$GqqW_% z2T(x+P|>F8`2E$Qt$6ont?}$fjJ8#SB;B?64x-^T9@(eQY&?XYzbMDf0c+PBCI8gp zSk_W)Vo!GLKaj3s+O0Rq)i=|N~%pV52E?Q_m@c7i7W^ITD$8978=U~N_OkiiMCcH zc~K+hqY~AXidSzgNq1$GPN9)ypftQJQslW?u^Th)B1$*;RxxPJMyM3**mN&^fQ7YeOS02?(Vo zbbC*KJf&4J*UhrDF0o&L3Xb!{8FNI-+(ZR_Z;s&PV$kb)g^kh^*KEQqbeKh@69wF; zY?6B$yfo95uwI*r)mFx?muyN>U*6GqspDp$5P3szVI`wmDYqq$NhfdlP@o1_hVuI! zC_)lQZyY!g;n&3cZ_$*Em|Me3hu4ZjZjodxpI4b`9MEoB2io7_-32OO=T;ECF+z@6 zlOn6{(&Q6z`}_Mjz8^tX8uZ^r|5!}Ubq&t!=_j9a&_!wn;quJU-zyik%ZYQI3psb# zo66-IJxDb_y_zqZS3nX07eMUXw-Sq91Sj)8hxlY!Fm@F@FC`jGpb6P#Ow~ z>&cu_5wcxtaUJ31OED}nk0NBqg7`Ptn6_TO#};#(!g>&<8Ouc-D(BZYzj&dbs$bn^|`vyo#BfW zLW}Z6vjn;)q&Aq8)j+)AFi#?j#cR*(8&~)Fp_<08Uz)*IAR-|et>nf*;mo2>M(WLK z^!4@0hmRg92Q!NLD8?6XZ-7sk)=gOX5_z8iH4g|3noC@>!IJYu&W3wb7menfgo5Ds zoL**^?y0HaiS5ZhN6-cg_7dx3Hhio}YA2}5sjc`nzGTsh4ZS?jxe&T9`!GSw!zWVv zeTu5pWruH+<19T5U3Cz5Na5F&35)`8Mx=aMIem|acH@oi=F#bCsKJ1J4Kb83@1qeHIYL}?YrmdB)5w!1*hi7)41<|1bcCyf zXzlcDI{2>w8Lie!?x9}FcMrlT)irt?Qt%?E8lK|cY>LEp^a`XuytLt2mAWragy!En z<$ac?a_pkxtV@I(6G73%AInjr=P$#l@R5;`I$LW37dUp#74oll%gZLN2a#t-{+-yp%!=!_Nu_Um$^X&evoOX=2twE z(ZN`7>`nRSX0mmlYG>%e^eu+>aZK|RAjL(qX?YW~k$PqDv98Y3wB1EA*)kk?-14Ij z6(I&z=6Bw5S^XTvCqaH=DqcbKvie9G4!p5^+=lLL*WW&J;o<14a&eUV5zLr*@$i(2 z=j8Kmg|2LJukmkhFg9E?lAcQIcSlbRZCzflh~7BXre;t_`r{nlVBRs7bwR z7T3--vSu7dHtzeSXo)FGTWYUz-w4vSk?Y!0G2_5<elwMIVIIlw)Wm3lQkfEN zY8ogNl6xiwYGy;Do)6lueS9cNGuOO&=DI?){<>DV!-1hLM?N^@{kE!)S6o{;Yca0A zrzE+=`X+N>S^Zo&5$E?YRk5O}m;dklmR8+z6v!=pUNw1zJY`25d+&caUq(e6@$fgh zej@*u>9S`t2g6iu)kmRtmZ`-oJPFu5ZD5UM4xYeb<{WgeeF<6fzXyLiao{(+p;F7( zm{N(95X!%i@!b!=fUwFLwN;HHpni^}ZfKSB9*prOqb(_l2VpfNW%6B+HM0ORs~Svb z#_}X3re1-FTKGFpS#>93Vy?2R#>%;eGu+MLR}ppA{3Tn^3RIk~myL#91YeAid3U1R zBSz>Rp>FXk30<|!%>NkmQ!s8~sD(BD1J%TB2jUt9cum-9zst7`Q>8g5&w}Ra2Vp0s z_9^hUAAb{6ue~TX@@uXc=(bY&6=D`ILrOtZb%SR zs)?Z;`OhdZCZ$`17vobZ&l;_q)hW|9~~`GAppiHi^@!z1C?KRZV|g;A-Ct8K&DTN*X@8QM&}+R=RgQ zz-XaN?KItMd%X8=Pdo&{p3%5|+AB#;H1B5Z*vfs1*mSZ1;1H$m%Y=(MfWkA|Z))>} zuO)u}G?wMHZ~VWaleVN1e0Lk_Bcdx6G=fLi(H!gHoK0JCrwoKMte(Ff`NiilHB7T$ zW*NkRev^4z!{BiF;WaHq*r;oVl=rMzXmV{Ueh=AD?#q4upt=(Q>*>S@Xe&3v7byW> zDs%Kc_Pov>DvSP7x&5qNr!#2O*P$U@JhPNRc!+_n<4?(^XN!lf5jj6uwfa7AWdtDR zJX`HQmI5Aet5)1T_mN=xlDbn$&^tD7>_^U9di2lmyz7jfVIxT-ZDa)1XZwuM+Y46t zBC2mxOhs+@`smK6y3@-qLKZt*JP2w!E-WZ5P*IvXO_%xj?vFT28aB!f@$QW7DwdUB zn#85X+j$f(y*t)kzCe|OzIuDSR~p~GdE$rTTl!DGaKtF2yR(Ge)cs8}?-&qly-}bF zShQZj;!pHOM4*v%12CGW%6lvf7*p!0@u_f0jrK7#Pq+H-s%6lz?kn3lmC1XM>OF|; zx*Z4W^BFWMiTOH)u3__Z2A3mR7XQ+vGU!#nuO35bKxqP_m(Tb*NRTFu6$b4O{Sc^t zsB7j!1@;kaJ}fh_VYF+(SZsdH)_o)mHBFhUwV}t-Qv%t%hn(guonK45y;DnbZr{N9 z$S!;Li&`UT=I@S4+7`HYvt^m!3!=7n;BCm9&r%{w%Uje&(pc8{Jz9WLN9;6vmG_$V zn@k?_x`nQ+o%sYkO!1RlXQ73aegWT*|t}bs0@+osjmmoA!JPspY*|6`K7f zx*5E)fgNbs;<@i~SqcU+jT>M4@p#7I(B zCbMx*7umFDb}Knj;`rk#O?SMiKT|yx&li4#is-P}cbK}=W9&RUHX4}iI3e2^BVGeU zk71svn2IkFK9hK#W3{|wA!oO@FTwo}ZYn8Bacr7DV4)Ls@_0S~b}(>=uHXgzIi9Xr>;3UQ?W3YF}ZTBL#x1~IK>Jypzl1hyE*;d}UvgzD( zPFPDFG1HWhq(k}Mo^SVWy>ibdDFpT_6JLb83~xKEFF8INNq}7$i>B*33?ouH!u+Fb z#>d;s*YE#wq4}8UvfAf4?)hnsjp&o^^@25E-$VY#>4tgCCogtfM7rblbQB*WEggr> zKx#?uJIhokAf5bky10XDIBF8}qzG5(GS#8K?_GnJpx%)_CZn=BawJYjO?B?)N97w50&D3- zNWz!oz2r@{zqfvz`fTB!+lLfP4@(ied&g2Z<%K)$JcH5NQ&YjlV?#t!c z{yolDN;QaZrQ8}@AJ1na5BMdHC>+@j2MGf*$)bi6WQkkl&qh;~^q9KK@Wjj=ugUJY zIs~gT`>0QMi!Sg<%;(DRo*=js8Q(Ri5kA$7(6S0Vb;mwL{4nNSuIOY8K z@neU0O-M*nDeX~bIJ?qpxWm8A&7s}TNEb6RGbi~h?4~=CTq`^!`)IvAdULeWo0z<` z{rvpI@}#Au=lp1OJIZax-F2NYBSKE|(ekGZnt~Xbo0~uVPyIaqz-JM;y*4wxI=JMu z>&B&7{NU|bt{;mdn4Vl6VNAnkdmXyF9xU7_UhdT?teUZLTFTPtf;eI4-cS}9Wp(w8 z54TJ>1O*4!Z1e4>l<<$2Z*!32f_A3q$K2lGN;+ zoHEX19%Zj6>C--ax@w6UEOLaj>&LHaE{YFR!SG_=o#%r`s3c zhCUFqBVuB*LPJj>SBb6XXnQ5^z-SXzmOcper0>8Nf)|1~77Cv)8zjJ_YX$8mAA~Zx zPG6#==l}fhkVAj|6W7_y^j1UWnE{i8o=^ARGJA~iJm+L*@7&p1jfjpm-8gyw{{2a8 zHNG9j0&6rd|F#PM8s4+8u$V3X{zk`Zst_@UI3LOfIc9oTzb{uOH06@yD{VUsubpuw zKKsc>_wP$vG`yl5%zxq=8WtAu;X|gHuFE%(#pNcZC}txQ6ARqpNOOC8r1G-EvwZU5 zqQXL6>*3phOyauq{FWWXW?g?Agi2i3%~zubicC1UxMY*10)N2D@IL+bA4)pjtBC|g zL<3JrVMgv57#N7*w~FDPm^25EnY@u#y%7W9(CYNPy}U&G`%IBxz}!oFjXsp8To{OWGCF+b4U+S-j-s>#k&N`IL3;O^JP z#+bQG`8XjJHEmlz`NmY-7s*kW$oy0xC(likLWF1Gp8*L=w6dnk+X z1=PGzD@TSEMNvk^)o+cB%`*-$^uqKWp|ul3RRVs*o;=Ug`)|)~t=;j`tRA#sD)8F% zL_+?SN&DKsm8m3u#!q927kIlO2cxQ#1=JZ~=qxgk+ABh%;4FjTvDttAJY^7eYMnBH z^;1+;jTHRHMC60p*xF3YdbXZfoj1vPWzgo&FTQPgfp>()*^LY(Zm_a8PJM(u4RUSI zu^JEf!qu|5jjzR7C=S+GGs5Z3o4}s5VQm^3nt~vqj-%($?a^;38e;CoHr=__3OVg4q4^p{cK;Z+y1_XiA9c+qhdr6;4y;5o$X2w z-XhpzMbp72s<&seNvxu^W2@b853`~v6^4G?l@})zU%qk$T-l7OkcEwHE~<7XRq%8o zE0#xHpM5fhKZLl_!oz|dZwkh_h<2=mg@svM8&mh;0Lc09;e%%|g~KG7_jXURG&P!r zq81brt?gj#gPr3!O?SK=bOHKII1a z4`(T9>FoUcjzwbxroGR;kc}rvBr7N=cqk_q*)_u}puvAnT3RL)`>LfK6?JG}$stQE zPgiXBzLXU5X7Xp;jpt*K86dD8*-y51PH#R3H#f&`EKm+oHP-3a+7@8v8e3ltT8>r; zCa&O?#`G*OsQj^8SdlB}?G`SyExpW`zRA8Fe={LDp$ zlxN?3jvPP3z>rg1%$vZrk^bnzW%OXVZ89@E zEl+Ra9bbTDX0+Yy3v^=c*j&AHc#8tgMMO0K7$BtyruY!1v8tw`gEs350o* zNtZ@Nv}#z&%sG7Su; zPhOFlZWmta4))qHM7+76Dm}qd^ZWPj4`pPOz$t!@kC&KsUPk{|nP_1_v$L~9550iw zybueiX=&ylz9F#)NOq)n_yOdc?TrPk1+T5Gt;oSkqM|ympvJ>*&+_zU=hbkq-%Pn-|0LsE(l zRW7)}-OgAWJ9lWU&xu1pFb}zwHeE`so82A z&aS(Sbz3?#KHQV7HuvXy7-XpTxtK*E$YUSG5kBKE{l3(CBnyzp^xyZF=x!L?%b^#c z@5>8(96b9wd(mR_^-4V6(3Wk}8uVnr*qJ?kg^shN7CZy08+#r4FIBdaR=!$@a7C{c>}Tnus$ ze6|IsfWu_#d06)k^2}3HQ=C8*IMs4_PlFVVypD!S#p~<8VMa+v00+wehaM5|s9afH zEwLUE8gZG5gABq_v43sHAwNCWlPK>Meo+!T1d*pnSKa%pcj5>>|vr9CP#WbbGIT<^BGEw*=K3v2`Z_u7A-IM9N{ z3gCkGZaqxCcP+0Z0`!%R*~FEoTEw`s!xcr`wL5muU+ZFrPy2!sr?9YAsKaWTK(-FX zNhJvV=utQ`gOJ0&i_egT5(hva2B5oDWI1pXGCPu8x+mLW*B3EM9FX_J*yL3qlEBQZ zhHnD`!h!q%-N7{E76sA^AQzaKnQ2zLI{IpN%{XxI@%1cbA<*ERvp0O+D=@qm0h{GDjeDJiCaecO|z&d}>^E;J8aBS`e0}nYdnAu$nROf-H%N}PsnN(*%j*qd z5O!GaQJVt}t&pc%-I^Ngv^bnO)0K|zZW2D5-jxZ_pJ_kUju-<1hw-l>&}AiXK4k#m zvC7*QsB}EHCJ>Gr9vhntR?mWqU2!AM9-gBYqT=`PfAD2^R8-Uu!#!Ui$NI&ivpulq z#e#NSteAq$aTKcmA^h!s1Taqy&%< z{{9Ux(SA4gE-1LqGhGQV)lMi5y6r7AY6*{wOv{)yU8S3unSt72IkVySx3>s90_)_2 z>Ii`?poBMX-gFO|8!F4wpuQ3WfhHIy2N0H>QLY|qXODn3ZqyC?$armGNDVTqin6*X zBjS*5`J4BkY$(C^B93MnbnrM1L@mnOI0e!kps(taCrOa1i@~R%;fj$(jwYx| zRDcA9GK<#g--)=hMZn__hHPx7-xk9+Y58KJCDLrG&}ee989aK@MP6(xh1qPPIRffH z1;E^Rm&x;J8a#{gS(@{i;5i6~2HIjg57X4FvHVbKHN=YEo=y&SZ@0&cXcn7>Kw*JU zN#J&nGt|Jlv0|r*pS3G~e5`&C^b_e1n&-H7t-IduxJS?kWQgeKb5{NNcg~+bFSZaK z5^~25iBO5Ruul*E{=ww{%h5loTvj1>ru6r#BWZA`%mx>0`FE#?Fg4g2yF=qn{W_{NJ!wxH0bacDzy@8Aw!6J=o-SJnjMX?@m9JGZj-(@u3YBe zcnBq$%7)1GQ2N@;q7sX`!W|VF$dJDu+k6JvL5>U!qx6pGtWT$^6Sw^noM{{E3qfnh0u zmX=n{P5aTKcLoLqXHK5HG=s0E0nBP6B<0p@n?t(2YPx>&6x$D65n~llC{@hB>I+ix zEUrHFo6Q+}r_&Q%5hzE+gzW6NBb0louCn0cV_0^;ff-!%;Jy3zRR*%ZXh9wo?9zvE zPx65XK-=w_t6iZO%4^YkZGEN-1WqK20e2`i_;#$;k=Gdg_3PJe^}XUoqHP~jPXmK; z9(74ScKmpW-9$5o@7$>GE-BfGd}SwCexN~I05?F9?6)qK4dnn#XBjpH(eYbG3wB-N z=kL|deX#Ah-59Et8|f!m+j?$93eyQ#f4o5DkBA|go6p-m3Mz4`et!Qa z_I0_>vJNQg@0)vOsIa3J7!*>>@`g2qR0V{)yu$8P7Q z*_&s{B=+rP8dux@S>#1}h8OSY17&UhS5)0iU^f46yf1tP4`>0<0ns^)EOZrk&wB& z2ig<|$$;5xYh?n7!TN?;y(70oM6?ey6NIa+uJ6f4R1k;kz(~Onp(qkVqabu@Jn%@l zR%tS;3<`mHN8%k|VxdC|kx*NMUc?8Q7Tje9m#DP2VX;wNGs>V?kx|m6e0xi)hUR_V zWDt&!S5R4MCxF+_#b+uZH;vqK%)&YndUBw~LK;sveD~r6#1Fy%Lm`D5GcGw{CZ63! zN|>Vg?rvqMms%IgkYz&gUfo-F*?u?&$czRi9uN?);`T^cIefD9LozHHnuhc*6dQ_~ znla2XC4IU|fUAfcMB-?J(8FOq7+CQ@)3>;hB#x z&rFH$R;0D1}d$;e8vvPuD6-3yr(oM6FIW^Yk_pM;r!&#|_i>!_K_#T*hdf$$1VfevSoRLg9J z=vL6S;Dbfca;AM92}r}qr$$EKfgOW-HB}C>>P$zHq*xwEbS=N0T?JP_M9>~Jy&MpG zW)LO}meh4y;6wj_Iy@QCm_k8$Gj0q`NC13y{V-uQTBV^?X3bYC?y`~sHEvsU;KtwF zq5LNe-N14Y$eUAX3LBg-|h@{*JTp-tYY3eQ7-c%r)<>RbD?@i zaZe%wVdENFCI08qSY85F5K&8*&6Y;1LsNiG*G~<;f&zN;t9kTIqW~<@HbAR{odRGB&7zvcK?1cA9DU7=XFN3 zMKI3!mXpXGGV$k8gAnzLc~ z85Y+bcXoz$WrE+TqBS3kvEAlY0WyB}ntCFXH|FDwfk+NkRaK2JO5U5Spy6I&cDfhT zX()w22T}mVz%v+BctkK+tSE2#0_83AHE-gM5pXV-+mmr zw%(_Qzu^3{js!i1%{r@$90g-*%KHO>=mig^mi`VHG`UmNp z4tb;q3TSmG^W$A-+0lxiT7X1j$w~(c1DW00I(`RKuh0|-1G!LytVD!|KR~4N)-Se( z!SLr4pjeO>Y2;wpjzynnP^?F#J zm>V)bgdPB59kAV*c9@Y#EFQPSRLqYck9V36Y@q|kDhJev6LC?5^{i6 ztI=RzMEeR&0pbl61t;t(XlQ6m_JxLj{CJ@|FhDx!LZ5q?ePNc=c*vYT^!rZU#La_<=j3DQd9_MGEX zoO71*(&%h=W|-JWh0^Xa({2)5g1aIX4#m0R78mSyAl$N`Jk@j5{)Y=o$K)#59GM~D#`gNaY*& zE6`b=j&q!l<7^7G*ro({X61UX)_UtL?DTAQUMW5Y)(Mp;Xh#3hQ4twz0 ze=pI26oOEF1-yG#EPMv}PC}HTY>)Euii49IEbTojXgaxvY5VtH+XImQ^Zx(X;eS&f zI9?{~J^0byi+1?XP+1}7;rgt$e=p6h&E)!C4gw5pOtX4Uj*&D~Kn|=Oy#DXevH!*Y z7N7eKG5j~q;=@gEAFls3#QQ4tW(klz4CS{LOpVeb3@&Ezol71yz3~4Os)mTVv-irs zv-7uw_vy2A?;yvgw9^lW6`H}ZYfB^D)mrqJ?6bVWPVuUXrAkizFU;XVlYB(RHlI zeL}REd>9q2clGL3h0zU$?Z3Od4@0fD%3}E(`rot0mR}XrGAQk_I&FPi)8`9bR4?vN zIE6W|u32?@2o~RXSwq-(u5juR^y(eAS5wtFY|LxWoIRr{Hq{k}>CRMQ z({Xf6;20_B{QmUu{t zd5gg4tv>1+?nDxTkIx~7elLXv>0yO&kE7jnclylhye+b-7I|i#cBh+QTe3a!=z=bY zeZq>5rQe_s*v{z-X^?hUn-l#bWY$z?^u;j_245Q8CiQSUZ8a>Yk-o`QP-q&FUF=rs!W~!}3m+onGyp+H+!> zHjKNIg?)~F@@zesx*9=z+q=5%Xg4P>;~L`6hT0CV+RZ8~YBhc&VW!6HmU|FA*pSOr zuzD0nrH=n4-deir6)c*iWrGi~u3nI)6EsgD;4z$ZGSCkQF9eH;%TzC+FlRJ~pk(^nSZDr_%a~j?(*iP`{G5win zk=?y~Z<&IHaCM+6Zv^AqMWAl2`t#xZ?oxqtn^R^xn02R}f7w&-{7xJ5c>&MQ#5E#D zj1)Jz>I|fTwSK|RIC-Nsb zAsa&8jpNOnc^xoNKC_jtn!$0aa}|@Q3HZH@kDP6o6NM_CAv7-oCkC#E;!^=Ixn$i8q6e# zU-K9dfxQ}q{$5WSG3FEIZRI#3$NEZ5Sx*mVrA4v)iP7(V%^YJ|YmcG4nPd~)~uI`ozcCYuRk z&?;W4W31r*xa>kF+~Eo$Mv*SH*v@f}Lc_OWTT^FmegA7ZYia+?ZEQ-8^4zmP#MV(a z&vL*>wh2tSA<8$R7e!?f#fojlbZg^RQ#5wViKIR0YI>r$`BnHUaeoD!7W{XwkMFrw z?HX+a3}j@t?h%@1DNtf=qPi*q*R>^e_cu1EXV6(cxV>C%vlypG?E7VJBR){@jm>lE zPoVP$Jk@+Bn{erLo6*?r4!|9E<^mOiNXixeVC5}r{_{?owmc*T;$62XjCMs^9#K7K z(}cq_=ByON0^%+*dHcFuY8k!N3hT)Lf%RQRx9%OHvy7KT4UcaL&zq3j{m}O@dB)Wb z)%vNrum}xF`xs zZvVFuq^}rWmruyjfr+^R`~LoYwm#p}H8m_xtVnGn96nUAWS_pZ&b8}QqY>e4X zdcNo|wwS(^_<|J>MD%`~QkJ4uF+R~)JH@9o2}n^?U4;|4KD^$AuAEB`Yb9`udYD8U z<6aE=yHM8T_~-A*TDOabyZ(KArL9_k(S4J)hx?L>PBqzy^2SF2=XY!N9Qf~d_`?8+ zen`Stotcp&r`}@FFEN0uJ6kPYZ9`>A-!ks7G%A}Q=&UiyTbh_yccFY?wq#AtNP0Cm z%Q<0G%r_AL0`upO&mVj^fv@lD2R%IfGe^t_9p6r)YeJ?%7+BT*z2{J`{MzU&uFVaJ z(ZO(x2E>S2%OuyNAk8gaPrcM@h8?5k)u)1+*$SDqbjx@ z+J1v29$)pkr8Zz8mSM}}qkk*%?(ASmwp3H_kLk_F+dZHC+gS3AMMKk&lmv|BRu~G< zU;`b0?j7L_cdBj=OGKr^mM5wzKgMkiCzAJKRX@v0a@=;jDaOqe=ta}gjm8snOVtlX zA$;IT>m)s~zs~~Qe7bwshQu=0&w1fWxz~~Tk3S#^GJF@O?Y`;kMT{HixqG~x5z#O5 z=Yd@b*=@e=_1vTe2ErtYcv@>ki?*9*PjipT2Fdk}8~yoW>CM;^&cr5$&_B0s&pBb* zzSxdWt$)K)xEpF*f+$I0Vu{78owHbXV>3OQwksd;^y{17r`PG`C?%z4n_KdFBck*c zy5dFM)_I2ppLMm3x8}*mi=>WvxMm~%63a`!)016Zz8N}8!^oIR&P4QM{(w`2eO7D! zq4nKVQPsQ!qi=bNO#HRheKm0dx})@={;-<@V>k97qpDPOCOCuwYs{%mSl|m5wr|8y z@3hD9-1@(Wd(Wt-mMvVgRe}lvisU3pP$Wyvh@yZ5l^g{`lH{C06c7mtlA{8WK|pd6 zQ9yD=a*j>TnL8Kmv(J0u-TQvrG46Xk&e^*+-D`ENs##TYe)F4ORcq%R2D|63xKZgl zF+nq9FHuk=pRNyyyPF8fLyD+?944Il^j4*d=#E;!Nlt=XXR4sX{Fl5FhV<)Jt3Teg z9b|nFh0Tyjh8S7+j$Ry}bvszH8eXmaus_*I1U!^nZjG|5s#Qz7 zsmhCP1*p}<5oR-zW_4#mJ^IYk5!kkrA(?G0I`W)BsA31huiEO{-u}1p)Z52(9U|Tv zCr5`TMia?`hy$H~J~V3?ZO&C;K1tf&M&AY`HtLzNT6)h)E|($G5d3`EhUl_FwfoV> z>D|n|dqBWFFMxdPD;Ihs{4_tRHse#ULYcj;VF6jv(f`8BJat% z{QHOpjGY=dt%s~)ZJri(0fCmO!)^&}U2{GQ+s{_3zVNP0n*baJZWl?*ba+Km#fevx z5)a0TG{77XCkL%%wsAq_iIm|wFAbb|Fn#@t1bo-^jc^{gf?&48u z-bv1htl!}EGv~UU3>CDgly@sl*Zg&RTHS|MI)z92a&ojonk%s?1_uw^o_+fyYSdbCQ#d~|S&oWy?bgUCo{aLZ;a#G!@^0HYs^m3w7FMtm z_J9p~GvdT94FZ>*ctgskdzEE|JB9-Vvv;az$;_NS@4ha(Xa9J%HDbPZ&|PslQpMvW z+6N5qQ>{-LPXFlzQEY2iICxEltd-Xw+*Mv& zvaLu{Y(2+Xp4s~>z?oN>g{9{Ep~~Mcql{3gZ6#alnL6086(tTkeJA?H8S|IO5U*i%!1saULob6X7MIELa*P6p8-$B+4cF`z3PXsSE8e%wd;idoSfH(Ii#lkgd zIH9jfXNfSqvZuiCG%DvWWh`9q2p*)u$`JogYf&%TA!fIGXF}DU7boC@X{*^5?-kL1 z)pn)VHH5z9^8YIr>Tl!zpB$P}Yx|?@ouY$vJ{tlAb zKYe)`oTmBzd4HM_IDLO9Q5LQ63%{B<&A>j;glLn~OYC3Bvi);dc=!TjcDh^TMZ@Ua z_I{BFYz#YuB+t5U#3X9X<_C>OZ@s(yirhu>#NHo0nlnz0vwE68L~aeDNb2gR+_{z6 z1T>_MdZ-;HeqOMf@BFoF=_UCVDB!0rPvWF+-xO(PXBKEqc75B>KuBs|y?g^w6e&e! z18I;j3Q3lWz_i%=WRqgB|GYjb@gw((=l3-Ml9?77GfC_%NO)|)h4=5{ak<3ja{_Yl zz@w>^Cqk4n_Xst=f%4@*hm6zhqkRo%-2~bVMBS^p)7Z zCdaxtH=@;*Dz5@7{}LXKk@6{2fqZPFjD)g~d3q4i4cQji7@k1-51!87tC{{@jcV~p z&3eREeVE_sx)Ud0KbKgZ`iQm^)lGP8@SnNIqnxX4WzRRTssZ@mZNjE=m<{VTP z89n}Q%kq(yxetE~e{eSX92D~Yy?OiduyCv*Uvd5Rbo~X?dm(F;Zmt_r>J|1t-OV7>U1h z|0C7x$#DAwoeR$%E%s{M@o_q}`%4dnM)j>aF{#cvmefsH3;`0v((k4SJooRE=TaNh z8k#EYBU+R|adDmEHK#xDo%7$uqbN3)dz33#EePB568PH|rfxZ8*Iz380z5t3f^rk_ z(32J?@J|gLNYfC;^xxN4ap@;2fn-i8j5c0Rq+E| z{F`MuP+yB&osw8`Kb2^*!d1V=Eir6e!8c&BD@2zC-jYl@tf&yuSWrsn%XSTfw;L|0 zUB)t%$S@|R59aCn=AS)usZQ7Kn_RnjGWXa?C|;5xDX#BhGP7^(Y?)*X<^ehIVK}Qj zAVug}Wf26ks6_!9gAm9kJtVQCr!9?u$s=BF|Fy~Vro7Nzay}*Au;XOl87iF#>;5Nw zK26CS8 z#!vz5I~nlsJ#~(16(smEBxGVobdp5nxFbnK{+Wx1&TtpH z&YHzb=zd&8gbLaUGN9ZdnC1r231NQ%1VoN^C!r->9}|wU223@gIA_-!GqOV;YftY6 z^c}@L9p2JnjTp^`uN)OcR9nNp3*C?QnfkaV`tzL%{NMST1n|EvN?&$U(8`J!*gnot z(il7tOfBmRv;hl9*iP3(Lb1_<$=nvxclR@Pziu`Ul{Q-QeS^Dr4xT1Pqwh?vWFmzO zZ!cVc1U)Zy#?hLikb1RyCBvi0#GkJ*5MmKf-N3|4+eY=_TkZ*#2`5nXmRqjLT6wtM zM9ycK$RHb?e1VWbvGn+-;0nS$YBNQum0bOr2jAh4Fmcd|!&VTI3@jFet%Gpvq@|w# zA87A;%w>7tKhPQ11(1p4fk1pZP?26}J$dpZgG!%$AuRHJB3#t#ROg=9w^>C4+Z^QP z+0lHuKQN%e&U5*}bl>gKVEBr1>G7dqg3^qJMbs?CQWRVVbfpc~NxR_sBxqTr0q`4< zdpqw(XzqLKIX`n3sqnyd6lJyJ5vp;rT)l2-0St@NNNT8QQwK zM{mf@V*!4b62ukME{l0g{hN@QSL5K|m|@Fkv`cH=#U!SoS$UcYD?@?YiGckh=;VFK z?Yp&dYwuK%NK%mZc|fbTvilV4bF22H;bUhYy}LFdov3&B6;Ml!t7g_5Kf(_)COH0J zcA0AUP&V#E!KGh^J8W5diJad$ncv9l=TilRL?A6EL<&;}&xjsm$qzPrY^zmEy@F@t zh92E;Q`n0qrO~cPwN$?~dLU4DwC>*Kw4$P*G3ZjgY%9QRx1b2KG}6kYxY8E)fO~%^EGizO4=9k?99<62Ha!D`a%!ik%TNrH z0U;Mc^;p*3fzZwf20tWODO1^4LM~{({-@E%P^q)k_}wOsiW19Dz!3)~Zz>ey39o)X zhY+~hoKK*-_A&Hln`7O;JC6gUk>G1CE#$DGL50#?Fp|>J(rEjY%6;H(A_PpJl^RrS zh4UMU%+9A0(a^9-IUjBH71A<3c=GE-V<>~{6HU!nB$rpERwe zPbc>hKR*zFl+4X@M%)j~n#^>kqepgbEKSTbWh!TPW+-LSNg-rY=!tNB$1yK#;B0?_ z8zCIgiJxzy9cSZ2>K%*wePStFoc4`33?+wChh1`)OApMYItO75h051d!V+m@6B833 zVaoxUTMwSCd@SE%Xa(ejJ|e|#@$oqbrye*ZGhB6IWEZ?(2S5s+eF4*Dh^i-jx+bzW zMYvH2Yb(*!s}Dok81B|>K~LY5a$bMSs0bE{*a2j|kP*5)u>OmLUg?nzR}LAJYQR90 zO^0jHNkKtG0_Ui6)8YMLK#`E4-Fw&ne%f;GH)DJ|Qa}q2fs6oD5DER_fMQkp)a10d zKE-yirXBOlw+|O7fI)r7d2ze?cU38`UvK5OY|TL*t*E`$|i_tg)Dr;FqVTu z3&e=(z8CC}+x46F-V_lTIi$ZK1$AU!fO`MUcK!))^mk*c_bYe6$dPCb7WP|)lahf{ zg35ajf{|1=k(B2#)x$HT8pURzbcovp9#k}+)n_Qd zGas4E)30YT{(*rQDG(YF4m(e9fInw-tEjUgEK?#@z~+*Jc|GS)JDDOA5pCuIlURi= zx?(_YL3qaq{vTPd!7^%;2?^;08@QhP`J4i*!bT6Y<5LQ61ooc;_S1~Z?1u-`9dAP! zTkr#+SuoxnVcQ&6!APJS@Wn8=5!8-jXSNpmyRr^|h0bl=o#t;4?*EQu>4XCo2w0ml z(n|PlqV0;)~&Z6lX|Gs{raV(_B&DM!ag7jriK+_(f{EThSrS&h!VRI(4JXARAyf^o4<*gytujhH!FY zKTJj2IGuF_|FSgE%B_edgPiYQZ?MTDM7~|;`XCc@-xUb7qd7d#on$;yQ{8;*#)lK3 zRc-O|QJg7_U1P`Y^EZB3HrS#}MGqAK%;TPfO^{

(xEi_O5Ha1%kEzk;GDCGqcJ;>!;;46bMiW>YR$HqNI7@j4C)Tub(*aCHX&)J=4|vdLqLSk z=+)=4N$`tG143z`W37c_Zd}0?yAvKAt#05sK%gXJxDxk^7t8GqCug&5G<5;@PM_n?5mV98!+BkN`Iwcpo~sQ{BW`&OBBUP}33W9!|b~OwaOL6T3sTVB}9j z11WR$$3Gbd1kZ#@&FSu*wVEbUfld1OESAS_Ob@%A-aWnMus+7k5hK-%hP3)$zl@iB zX`&1GC2?uYtE!B<7;H{3^(*T^Y$W>k8`#Mak~;zcNd{1=nFDiceE^+(04RExS%L!WHwaN@rdEN}T^)c+^5ZQ9!S zxS&n>78~q^i0{(BJ`IjkBW!{=B&=E1n&5l%fG@|QRi@av14GnzCq9H%nVy|GV5rz4 z0YaQxFzvv)(P8v5bV`S^#&nMZtgf#3&Y4$D6T=PXrXzI1>nA_dPj*1y@rl_tNv`1R z*~by4BS6U(Suz|7hOyrp3cmI9%fk%P8}FHpmrsUQJakejz)^$_Y#g_Y+?fRbG0i%* zYNw3O%GfB*k9m2&sEc}LtB?_PW-~ZDj65hT#<+SQE~0v%jxnJWn&vDXM^8YHX;A-2$cq{d#|6rWIt@E1X0_o<4D1_RZt04IsP2 zWj*y!wqiqW*k)%~=>^Z>I!UzxJd=}rps@69wx>d%?8;;|BM()SPHce(@1Z&x6j~y8 zT2vb|==Gpz_KX@lBoYB3(HJHUain(#vLSoCRpS8iR`oQ}DM$%h2-mcsXx9L~XgB;Q zl0vufz><=dm*>T9W}`1cS_q+IV_h9iyvK+|)JR|UVoHQ|CoCBm@VLl?j1Bw%kz}t_ zMnm%oM7q2~mfmIdOBn!I2tyR0)Vm}jFW(1J9$dzqbT;~F#ycY#1}hjVB^EHvHca&s zU7<&v7xU_y`|34a%aZ=a@j#+dfXZDYpeBT(3QSDQXh4V>AIhshSrycLU4>Cb;<03? zgYR;wg^*cUE&BI$sV0>yh49+(f_X=+MjcRtf+C#BE@jC<`I23)c1I6n)5pT2G^$EP zJ;OT0s8V6dDg$qXM{BZjI=k zf>fxpNP?-tqLX)bvOchjrFiHwfQQiq^tceu^o^l&b2)FgK?xSQsJUjC@Xn0T(KiM< zdShApBG4^JTAQrTRB4NcP-12z9JVvKbvyK%>x&(iz743R>oSNFL~mapbX`y@H8XLk zbfC|)PR}h7jW-Fg$hh-CXhc+(XtDZ*Mj1` zo`QoNmmr}14)!bu4`}{Jmq50)w7PuruKN4`E9v38BtV}6&YNj4#ly*W)Za7p?x6b% zQlolu58Vs^xtR$aLKZO3Gv{1$9uM#JRK|O3rX3$1A1n-)7mqqZ1hc(7oY}U$+ykX( zhyc|_1c*W(a_~s5k0hsByINGN`CR!c%+S1!xL1d(wI=B2v3FiHlU93ANM=Fj^YBuw z_enzJ2Jl}8bO#qAEJ7vFy<$}-%^d(7VS}moc{~R0`x+*LCMLV+9&|fZNN;C!bv-H zZ%?$?X`xiOCx!%q=I%%IRpD{J^$(a@Q7o*$I447Q#%L{G=c^ckf1HB?%RMfEcG7IM z0!he;cA;~tTYY(ug<7ogpf68RhLVEf^B#bo3MbPoxt@SMgCm+mvpJ^= zCsxACllVF_bHH@+V~7q=mY1v9J0kDjySGYx3Q?m1rT>3BRrl}Nr$`e)-GEP9F~gT; zkmh5)awUgC$TzE|Ta||kefBEZHKbdTlixx6`k&V`vVSvKsAo{;^iRgl^U{Q`&KFv5 zK}_4M8|7jT*4uiVhmt*3zAO(9{DCTj{=AKE*2Qu8g1CyvQFVV`f1Wjr$&ue#&-V-( z&fBmRyWsPBw{?NI2g)Tdi7xomy@R8TUL+0KsT98cCgJtPy>eF9L#QG#wv6|tiTV9enRg`jtC#4LhYur% zb^kUw5%U=oyUMDobzF{XitWE1iW8=_yNfRn!T;3Y{)1D&5u}wYD0p7kCr+ggNJQLa zXH`<9b3*NXyBtg877jBM;R^1s2$#j6fBL6|6!~_D;ErsmLv9`%;Ygw_8p8_jKfs^L zP5-vk^97uk?8#7XLznABM?wdu(71roy7R5UN|!*P2kVPD*Z+1;^er%%=#R*8v^fXa zaJr-H!*W&=L8r%+^kmX~N6OPVUG^#k>i@GW-5*G4f#p;_2L-*z^8vFL zIwBeBVv%eK_;l)_aV$~@3Xar+gWm(_$=7mn_h}korr_BFH$@0g!ONAPXN^d)u4pR< zIR&`kO+C;a+!;BtZ)z~iDbz5VFHaxKZl`06RTjE40O%Kw{zWz zb_l!;mAXgA%uJk5Lf}-FPgsHJ97wnTX(R*?z0OvIv+xDk8AhI-!d!qBBXA*rpn%@7 zvdWqEai`6#%_@=+yWB%(v#o4bZSa@@=T3PFxT8k6gAnXaOjf0b zMNZSsyX7iN*RR|58$`@QP811#_hVhQ%U2NK8r%pNos6`GhY5dRyF&Z|_oD-qQlE}q zq%9$bRcs~#)z+2JOUPCRu&Oe@P6&VbXXw|SqPLG{ErO{sw<=i??Jy8iDg?*Lwuz+} zV^aiK1{FLg`!NUd?tD!N6t#)JG*^O9tmLR_&k7XXYB-sx7^Y3c0zwEE*)%40=8>9F zu<9H9Sb}bJ=}y*~U^`8($D_*L0+A40_&5bijveDVm>Giag!b3%Jo#n)pswxjrYXUq z`c(`(xS2hG?VYDSJjnPM15i&Q=L$=4g5cqL`cW zUEHwO+MxQzEfq^&fcG2Drelr=#LJdJh%A(#he)&?KQ&(4GR>|0QatKD$XJCG>93B} z%;YtNv-N@3=GM4Ll8}cH>Y(9Rd{m8yQ?Sw9VrI^2L>~|2Si4oW34ZmcM)D;j#|PD0 zyB1mLIFv!|uLn1R_X8_+9w?mYT zH31P3; zBW(-Dc`9;qM9Ef@&f(qLD%no}UY{RDgzW%d58(nt7?!Oz zO26anKO9gO{s5e)cJK>w0IX=7wnmmCm`UnKBQE>m!PEkdtBI$j+QK^xuzE5xH$Qn9 zRtXDINHS9LU!kq#3Mn=uQHJCIK#c?m){yHV5v^&pDWd!e$5qGXgiTg`JHc>lp7kaRCO$ z1l}h5tDS-8Wp8?0#;1QBw1FO-|F+UDF1Wsq#Acv%3g6qO^PFjk%Y>LFkcPKa$OB@^ zp7?5mCgOxYh@u(9VaQF%+CTv5+lv)W#&2 zKaH}geTF!=6DEq=vV_68V~_1+Vb%OH2w0)lYsPxT(79JuCjSpJHwTC9*ycIrVj%UsgVPZ=9G_m8}sg2q@ z;%K$P!XkY();xXWDzu%~9AzUi>()x}W7bV%#o;A0YAp5W;8u;;dD_)7CLsj?QTG|~K)g1c#>t`26;&=U0wsFFkm=9%Txm7QJg@*@mBVAB1zzW^f z%OfqX+VhF~?heI*U%7cne1j>)ot*_TOidKj)&0RXx6=>D60c3o&fZ{R@*iFSHy7mz z3*VwDs7@{3v-8kHXMO!j03kh=d<=S`ONX0)^6F~{i2+5%gAhvsI0hZNV0E|?p-s~- zt#!B1x#v)z^XB#SEBp4Xy{duen0MHmoB`S^E-RIN26`@#2k{F64}@9sE2?~BV{N#2 zG{621u6K56so&eTy1DutKi*&wjzT`+%(D_{Js{$(u5K>ozmo86o4vtz^Zba2$f9sJ z}cN9gMsndiHEdanx#QUHIzK;>aYnF&$R%nbPv<>rMqcY#dv z`RmuOI-}=K2Lk@#heuC(o>p1BYv8-x`B-+-5M96dh}8K<)y?lXK-R;sIwvRHOO?5f zP+q8}ceIa#M`{6$Hf1kbHhp{V?3kR^0SH=nPwu)_ZC}`YbvDcW$PP3^Z!j=mY1r7D zLD|eUi$gS6^T#c)C9>o3W31e^t3+o?Hm+6&v0lh?SkcZ>&HItOYb)gkIS{gdl$d)f znLrEmk8kkvW9_3LB=m;OiZ$WQaVZSR7#jT!0N{MWMF?*&Q5Bn=GQ;u3Dfcykzu9!H z<`pOWq)A&j*`PsrX2!(S*uC+24F@`#nBZQ)h|`CBF3CaR@mf4JwPdh-%!`r%CJv6v zFkT%D5w+bsqp;AEinVI`Kq;owyz6eDrJH45d@YF4!orGJuTVA!EHB(9fh?lW)J%N z3z{M*gnD$o8sdBA7<}I3=H@+zx)O?e;I}(!UL>SYR&`;R{#Wbqae0mO$5w-Pwr`W; zLrnGsXmVxlZQi$&y%a9I5g^V<%fRrZZ8Ea+S}ZbQk%yoE$54`9l;C+i4O-i&t+|cS zNHg*^nyyv?Uvwz}QOCO`LA0S)r))Rqgj7nu|0^Nze2ljdvwcI9}62(7gXflH%()$Nzq-IdTvIDW!}dX+=%)f*29fd6QrB=fiwlLvs#}e>U#91R=#XdItORQWep)rwKP%H};q4wi zH%XK5Jljm-1&WV1Z%5d;8B6#mo2n8^vlHCSy6aMaA(Z1iMk?w^iLsMgltCxqVe7u2 zwbSi9``aMVV_FMJi7-)opt%)+Ra}-@V|N?Rw#DzwU0MJ(I6x~^2t*`dFMECOI+?=D z;mTCg?*|)f)uck)ZS1%|^*B5QZwm$dim-ACt6k{RF--WFn~}lE=W9;?D#-k-X6G|i z|HZk-wRH<+QxB%6o4~VveV3NHq2YV)kYSCTN7Db}(pzGk`m@G}=#woI`{DH>#F zNw-a&k=Bj5J3OcsQuGK~xm~K+niJjd`?qd=H6+0j>Oc43{A1wR#KzdY9`k*S?qq~{77C#qGO3ucK8=I3Q(lyxk+hh=S?kwQ#|B`?dFtO zK8A&z?hFSYHy9td2MM@mq*zzpzOEcW5>}gJ$fAt;YQLloI(N477al7rz6JrkhH2|< z7ZggQ|EpJ}wtioSPMIUZz$vorsqw}J7}Fng`ps3W=a@B$a8auuWl~TN@>~V==$u-` zvM|O`U`u!G*d>r89=){N(Fc*HMUhH3V#Xkv75hShzlH?M0ns)8iS)(w_4PkX!&`gp+>E?^M__}e3zA+n zB^P<15Bi#O=ZLO)oYCj41=HL!s1bKGOO6EX&#dQtt==lD>cuM?59GbamPwkO<)-D) z-#^mK=WFdotdvxNY=m8{(#>_1b4y=(%qcTUKz~-@=~Hj0EZ7mqi%v)gPE5Q;H_YnQ zwP$AtCgrB*()jTf5a_x29yruH6jzpg!2(NQ`SIgNK;7+#Caduun6cHCXAE0o#r5>A zgK&@Wx2#7Nd1OzOm3=_D``Yc>IG{f`x9+Yp83XD|S3*O|e%7<&Uc7h_WyDy!=PClE znl&*=ENgT5A+(N!sw$~Qe0sS{-)P%iLtp~In(-5~e#$ge97ZL|&}kVNKj0XM_i*-r zC3UH05RjuNVpVv$Jx=;QyU`!UHcVA)c3^*~-$D*48@q$Oe>z;Ys+~k2@mbc!9HuBS-K|WFqViP(I*V=z)u+G@{~S4W6w#N!cGe^=QP%l@sAn$ zP-snWKRY|wK3*%Kjt^Svx@n4i-OrrW$qi?VVMH)MSqbqGjTGh1=g|ZxUc5f*GmPz_m|NIS2-}(jli68vV%#PPD#{`Ty;rk|~@;YjdSdR6}_dh%}bQy^Y zSa;9o-OcFINlY>#NqlTWb&>4aCj~z^&4L6X!29m*A{veL#77%l^8M~0qV#gEu=or| zF06Bqg8)Y`W?7h4SuR^q>_*sKr@bpN_eisPu);qVW4yJzdojk9;NHC&ak{he&jeFw zPj`A|BE%#7*_bBh;T5E_QG(|k`50VmJSvd@UALE5Lpr#%xbu6qBWmU0($}qwfbJxr z?f;H|)3QwILSs`zVu>@^`e#A~8I2OWrU_D+udDZ#2^dno^9!AQ<#$tk=`;x7JdZ>G zw92nTaEeTCGP;5FGln)-a#u2VHw_L_d^7hVK!4{NdbPez-w;HTm)0rSE6HN!wKyiy zuvx_aAovY>$`~5%wQ?sGO>hBOa|%?FIIlCre&P-guix;iH!4;;Q_&ySfCo z8e0pbDB>Haa*Q2n`2~nyeMmC0JBM8QP*mX+T$JVcc}zAfH*Q=27wP!O%UzZ@`JoSP zrGLL%_zko3l?5%!Zn!K@iCnbwZHm*L+V}kH_gx*W#I-Xc>(fPM%Fjnv!y?)b4OkU< zGfMH^41Gy>X?YRX2TsQL&d=$O{`$9%|F-tk8-cU)u^U(;72OCePCtzBE(qyR3b-^ec02Q-0Sn8r!JUDnBBnOeQ; zGQD(A=qJQL{bbu8{(6=?LCa6_)cvQcx1BV*(ExeJanFWWx$VQ8H^^^!zcVhm{~MFy z8uTN%7$MSDQgOt%#~T7A>0@^e3C&noj7-Bmf7)mIm@R7*R=DGwbq@6@bla4dL?qS` zZ`EN|V(N$Q!-m=YPNW;HV>V|iHGRdJ@9l4BJGSb4woK8%~w?d5QDi)|KRp#Ab01B?gvbG|xe2Kh&aD;Fii&WR1= zczx4)lX;2h{H|DJFlw^2iVPX6IAe>j31t^SpYjq*s*4=n8cR#(Cj`zzOO@Lsru=44 zDD`?d^d<2nn&)&ib;$FcetdTA^?UI|h4eL>DBOUu12>^pl0R;+Q(iw&DA~iTk(#@> zb6J-mL1M%f$1KDd^}QuzQsH6DV-@EwP43cIH*-~qy!TBmC#=saZj{SsKAn@h8QIvwh{_Q;b6z(7LSeMmRO5Zk zU0sU4;#bi4JdM;}#RM}8{;C#iu%jPYig)@kMFpVQ;rIXe{q<6Znf2!x2AUeDUr={|T;y2My;x$me7}6UNPhozcOi+3aI5&-nRuO#+ix21 z@ytiY-X7v^kFV{LQj__9n>~p@Yao{Sr;sTMmxYOFd40{N;KmWzi%TGV%*RrNY5V}Y z?-OEWFeCR{!U;HyGBPqOC#Iyl&A{s#US63WKjYxwkhD@LWw1K4|7!o5k)}!UZ_Gd+ zud*V_g~p_3=CR&iKAE5lndb6;)iB})T@D>5;KDn+%yC2-irjc+Y+(}TQ!2@n?11$f z=v};?Uftw|OG(0WzXfGd=H|qVpWZQVoNk{pBXRD$cok{N`&OiT$+%cqSphZY`O~{s zn7%9}`vc?Bcbl>Oj7O7m%!~Q5Nly|dr|fM%UftBc*JVtek!X^3R?g%1mKnR?aa#J= zgB0&sUUIy^I3A!hazb3Rv*sj2h$gySOF$CG26cJp{ixo!V+zKdTb zZlb;$FC=^qK49bH!N^r2gkngq_yM^l5s9gz>^rNJrwYGkh+m0#H+S+}sELi=c^uwzcxo&?n zQe>hvj1-}w;bXmgN89<*T?hFbw$r8g=k*SYR2YsVMW!`Sg4~&p#9pqZ`Ax|9s_jnO zR5|$1-)V$fvif?eCdrJFC)}w9znpDEhrvpt7fCoa^TXHoJwAC{!l|>oS8uE)1uQ8wW%2&5WBo`e0;3wD{?dTe!NyuVY(*| zk+<_LZ|lmXvm#?@5jq#vuUr%O9)*@+$BAGRxqqP2hA++L9~5$S_3rXnQRcVkCNS!| zs$rwEx{CWROXQ?`c-*Q^Xz#UD;nR;!kN=225gY0Lle$J4_(i7k3<^VtdKV9G^~(9N zpOZCRYN#^_!Q-q&O1%$M1Tv&Py_U|FOnP!bGHJfh<5l|Wcx}J9jcbSr-+W6a>W0hf zaX^&x4_2yo>R=S;b(>HM*q+D6qeLajQU*{9lN-7pWDn|pc@!VuvQpmmGLxA3L(+Fl zn~?!8o0I<6rl}tDRyy=aM>L7DJg*PZA$Q+A1hXa8s>y937v=-Sfw=&lx%=zMELqXSc1&B5!osMwo% z|BEwnw#!Xk?S~tEashE6x$Gd%533Tk*c(YGqXW*Nt@`_$;8Bl?$@$xn276{so5n53tFvUfeFsN;+qjfrs)`Ou6eT zso#rn*WqkE{q^}Z`qe=4+8otq`dJkiQp>4nm+-py0#r=eta7 z_;C0H%Cn*2A+zJeg)~K`qzhOYI)&{~ner$G;Vq`R77x6wl=~%W))jrvCG^tTXPmj` zLU8?uO%p$8-dP!gskY;Rnho&4?caKyt@(C%Z%=sHW^Pp%0~<5%Ajp5~@7)>~FQ#^FJ$+4Z7kd|QG@NQCBCe}a9sWvAnlQGH9u=;O5}cSY*G z{za=fXZ!{-ti|XHPAm2E%94?_3Un9uuUij13W(;QxG_;rW;T}fIFnY;71g3+fo(Zk zfLQE#S_foD)FbAM!Ufi+@3%rC&!ULC5SXLHt`Ue$&D2$4|EbTwbX)LY;&a5Vt?|Mq z`G9>l)bKi&69dv+11T*=5z_5XY%o!l1@{K8#^gTMEy=eKX3oNldA_@BkY?J{EKpST zg_PW>>3yyqoJe?ARW-6>$JJc^>q3ad_97rMf8r8?Pt*$Po^=i@yB+V%rd7C-@%Q&@ z`gYQXk0mCGAH}<_9PQA4c<8g}nwz8k2B3e{3P%pmHm;d{+U1~kixTlNYPB@m54Y^U z5gnfm7G>2{xiiNnP=4+C54zWnB45w5RlNFw?o)7CX3mLcrd(a{@%ozl`nworkj%Z^ zWJQdhfxd?*G>}KZBwYse+_~5#kk{&!b0tE?iYDEh^C1J!@=w`<}VEBkM z>+0Q4U+dQZg&?4y7@Ty6Vk%O8>*vLx2e`FkFU(jZF)%g-#0Mk(pq2=iAPvX~1ud&T zCxa;}MNt7G541G*cXCsgzG&v&yDlE1X}+mGZOzZBS%Nz8^kiL&B$okbS1v)MMLQ0LgLF+3tTTr%uNU3TCAYUZpv4;>a^^&gv@)L-92D(W{y z=IXktJ?e5kw9V?niDQv>4DpbHE5Ps1zE<_$=iwj35w}YsN8*Rn@6Y^}OKDmsL%tJ| zZmUnM?XBX`Tv%EC;8%Gj)c}ct>gR(CgEQ`7PxQ8B^v zAtxw^t)ETs2!iAXx#r47n`khw_zGs-0cgz=6ir~!O%b$*Qb(-58OV?T2Qu&I`lCPt zXZ7eB!-Tjvvv!-$fK_E`J7EG^i}D1Ne5?mh#N7Zl^SG75V}2diwfo*{2#AcmQr))P z#UK7NIhnPuh8-6f;VHo34$#5pj0kby+=BUS>iOm1TeF!t=`{|c?xw41!tlIraEPx# zLUYU=U8lO;d(^-ZkQyJ9Jkg1uv_Gh8-mJ-{STZU}zjtKE|C8G~jVvekH9^x8m0U45@6Kd5jpQ#! z*ose+*o{R^AFEhs^y!--4)#3n(@-1~0Woo}*&eA&a?UNEvM+z0QLx?glI2>h4f!N6 zdPGx-cU`nV{_u`c>X{p%hp)fchVf*I<8$kH)>C!6E%pb7ceSS=yE401o|vtnqvJ5O#G?F24>I2kBF+ z8)wfdJbvs2pyadhAE)?zLfgvImvNx{PljTLl({`cEqmln!wrIWzf_T26lk=&?kp7p zZjIg%URrjB11CR3MAXY^GBPlnMfuDNW1ci-D8aWIT3hQtkJW0rk%(ERiV|oKzlKU} z4!CsPU<*YsVE~qUt2Xd7m@+qJx1oq}A|b)uA5x`}f`)h$I`TULA|mleuH_UK4(=j? zk1d$PvEC-jG{bR8bg&=vOC2NdHGCvTDcTxN&e1UXHK9m#?fE#fBJo~)s ze!>wXA9kA(P6G1tIkU9Ni6PaOXV^yVt$h(1^(HtNf5dU}5-hyqz+|t3ZWM}+GX6RW zN6ftI>_qsE3T#+m0YDa36f{y)}rIr@uD9?6!0!<;IF%l{q)GEat;viO5f-;wF(?^9*&P=B~ z`KH4>&yk*(dq3swSjoK{3v5~mlgRQL6RD20bd805_wG6bP^qY0zdxTVTjKnQ$gb~^ z5tf8sVADYrwbN){j9s&Xbw)`Qv)+SKyNsx!BRSvhm`zz}htV$2$4>M>*8;MU=TIAT zWYHPeB6S2EvfT>|VP~Gni=TlLx-KbWyzI}%gq*@3I31yet_m`|aN3@3!gr7VRbt&+ zeHUcd{rvs)cFOH#2Q6Iynio{IwdDd}@FjtT&VLi@24=8hG%=9a%74y)W-bx6;$Gi9gsuc)GNPL02nYZJNBNmDqeH; zzyIL+heSBua;yM>&LO3A7yi4nl0)I_E9H>!8<9RWWw2e~_BJTIOn zie}ba%EMAZH$(}bKXkpYKZrkx%(EmO-dk$8&3sm__S=aYj<8T5kJd7q zB-5LW1y1k`As{$NbnYgs#2B9AVU zvE6-Mu|2D17Djnrbo57*4te5}KXPp(;P)^he$QsqBZj1@yEN(lgS5Af%5weseIG(f z8k9~cK`BY;kS+nmph2WT8tDe58)*RnkrE^Yq(zVt1PMt6q`P^}d|d1O?RTHO_ZWMe z^M_*%b*XSa*FCQppYM0x<1CY_z_U>2$LBkb=gnM6ndP&9;p*BLOcCJq_Lz@gAJ4+P z4Kpm;V;VY`_XbtE8mZb#-88&wNQh9<&=3-d9$0E08>8^T!>c&iAN%n)ru{D?L}nxvQxR4sp&YW%x!4DOGH0?F>h)YuY;_b-95%) z4M$KmDZ*H0Wmm%5%4)?)a<>0)OB3cLEdHohAztUAw!CuZ{oJ?lGJAVOHMGTV1msm+ zhRUocp;ujncUfn;XoH`MJ0ljo_4AM;9&Qjc>5nAaPw7&)(O~2>ca7lZm=Vd)kH{25 znm?14{BP#2-hRcRWl$ctqawQ4l0~_d>gps4f1ic=b7E7g(0VcE^EpKR)Y8-8i_Q?z z>JKin&pjX4o*qRK8++tjR*1eLv$$gJlI_pS^jnfDuwFAXr%o#{ySXlatG{b%f}>sU!3P66YA|Sm_UPvx$ zZU)$lm18W6*0=NGyIq{l7;M~CQ&YBDX6U{Eo=n)jMv%Mxb{>jU00;ZD6*GTd#a&W`mw5FOaH?9 zX5`ibVV1A7_AajSvTub+wVUojVvsfU$2T*K*k+d7spG{{SuDxetmPrusu<<)VpOc< zqsqH)*4>{OTT_FMV5Pu{Q^*Sl3W8RVV;A3ruZTy8^l>}Q{RDH5<+(5~{er>F4YqRE zbDYTStu096&oz)^_Cni<{KAf2zdC=28jhQoaNVdwq942J?+(9R1t!K~M7=p)0) zzEKjyUsYI1$=IEIym0uq=oyr}IC3UC0=bJFt!HjlsqK}JTaOqdhJQRq^Y##wLZ1j-{!yKBl;uD&M)oZJncIoY|#swMp^8snEE_VPX?= zStf?%oM?!FvlY!meMh7+`AD>KEltS*jl##*-H5pf4-N@P)D;5OBRnzz6t8;ea3P%Z7D6lU=1NnBv&D(UVjmR z{54s?v^T{r7ki+EsA)2g`I>{v)DegpahS$KqC_j=h(K(8IzM!Oj2BAm{62*xs2ONF z$l>84C5G!iRm`0`QH9m;;Riej83fexuL1{_76KyiVGufH{PFOoAA|n^uIFsO&dG`9 z28Ohp9EP`#&)nP`nuEh8S|_SLfsTsp?vv?#^iTbnVk8UOc1Gqf6htO9D6-FX+~ALS)^v{UDV=J!H7gjW#Dblm9$y zbh`;Fy{sJ>;POYlnt9k*qp2K#DwVn~AW25SHv+=KAU2xmfaVQs&2pVoeO(I?=|+QB zEf`V-hlErfZh+ns3xT5M-l(Mo!cw0guf5}??5ZBlbFY!fW0%A21OggfA)%{4jKwOk z9C@^3AwI!k(i0b-+YQavGJEYw+E{ZN*%7mE^rIcQI3ABoceIF}P(4UbcUsSXvvG^1 zW1_S0x!HwLd!y|b>(#QPo>1{OHc$BVxf13IdF)-3y~D*bE6$quIL4jm*bj&C6isOW zMDo}uP{m-tk^cEx1o0`3?CS&MkA1Xg3kjDo^&1#5s|aX=X|g4lOdhNwsx>nJCv~JF zt-RL2fP4imOlYf&~!VV6}8tH4WTK1Ap#d-7bf zAx>{^?+T}1Dt(z^W6N*|4(P;CKNXnrHI=-69T%=|$TLvg1rS7R0RUM6Njsdsipf*b zURa8B839Fz-1jd@YfY`5w<3Ebau+zxLP%X z(Ga?La>xPM8tfOc*aRVOGcMx62kU#~OI~mspvw^iTbNMaqo^p=zag9#J|vSfrT*102KouFT*c9cq1pYWuP{W2l~Le=;3ffmUDygm@lt;#!XL0; zMp(T$tGu-lz4_5V*brh}^Xb83)PdGquR2T}=!Ol4{|!)SMMA!tcIzp1;xeD0kQuD_ zrH3-#7$lfjf*0SueM4orU<;yq?;ew+Bt7&j+K-+s;Fp199RsLRL65edmT+Ym=oFb;6uME=e7=2N5wdF$LK9mvZHfq&xujEzZZQGt|DZIQy}S zi%ad{qn5se;sw{}&hE*^Zm(L;U5kA6^ic5fsXT-XasjGF5!km_d#EIwPTFik}iv zM=7+s5=&TZ@|N~o8+yL~VGMzAXxYCCqd%IvT3Y^QwKRFnN3|`jy}d6JME-@1vSY}m z&e4zZ3eyCW59kJ@udRD}+V_6;n)TZ>8XpsuGQiV}S|Kq0r6L#{xRE`+6qAM3I?a>1 z-;gL(ilO71-|IGK)O>3dCZzu-5a!(ag}RdFPmf)7+pk|c!Pu$6PFEdAFMt2T(Vvy> zXGTiAW4W=CN88T@>Cew*pp63a=1OgKQ`YYi?$K4d?kV~e$?V2QNa-0I@m}(3X(UzNHk+E| zexJ!IH7ZPA^wxgUX*&5!=TOutaVR-zs^wDh_U#LGZgB8%O4et@M5O+i$>p4CbEP!* z2WkWb%5}egnk6G6gElrtOrw4Oephna>qYcR`3BrSH2hTPr{f%Hjtik`kGVtRFLyj5 zaCYz5IqY&t%RpLBKk4sfO8fID4WGuaA)K{5%EIf`@(KR~?f8J$fX}H5FRiZAv#p=b z6^`BYcw0Yqo-A<%=P$=&A$0KFtZiakQ^rPCDVx_?5H%=5Ox*siFNHSvW?4FYSn}0b ze3@=xOGSyoK#dv)`8@RE?pRr&{7mZ!!^R;4sPNb}ML~O`lT8dbmGS`#q)f@RMBa@2 zEFC*;n9+Ic2@$SNPQR(txotfnP7N>njD8;u&@`$K{}L}&pzW$0YO=96b%QC`G0K;e zOg3`jbRh<^NLd(Bgcxs!|F>cEj1G%05AI0X+uoGz&sTm( zD;cew{H8hb@S@psVC)zU)>OIEb8K4H&d3)3RyRC5@e5E8d%X)hcL*On%r)7FCKlNx zCjAv^!YnEKx}od~CzmxEV#Fv#PXAiiE2?qPQT&SYOs60xO=eB@8=iIol0LuY{kz$N ziHH4ArJ>7RJ-zN^g$9RyS{%&e%6DakUl_eTW}@$2R1+Rq(T(LM_`Y5YTz`FWxg+Dq zThd39q=cAQn7&)=Mq@_U>R#g>NCR(iS&${}>AJuiMrSlTpf6Zx|cP zSqc=5zuZ1WMD5NosNPMg zz*rg^_4p`7eEyKbbQ|HXc!bBa~FLUo?_-U*ixV?(ct-;;@M7p~px!)%BZ_;memas}pW+;cOMHQCBjcru1VhWhP;7${Q?S)K8IlVNAayrGgI8+k!n# zqLzKxsa=#qTYN|dx`dJCa~O~4WZ>&YqN*H|9&`S+i#cq>Cyc`xB510kMOzxa{^Y3p zUC%60YTu;d$%{?H(1x0Sc#K$kI!O=mFe1>^%HN4mIO$uV6ujM*Z{Gg-x>eoB)fs&w z^p!g=RYJnATmAjq`yP_o#u7t<(=?E9nAMCfUU#D}rz5^Uf?@U9hR3zHT;@#&;+CW~ zdSsBfR=9f!dItql-WtN_sq*>7S#fyCpa%BNc*x!`MJa8)G872Gf3CYJ#btK!DGP6C`%@ z>snXKr5c6{*^j?1T{8ZCCLLtQ?)$F$g2#SOtkO90)liwWh@Wg=b=XFR&f-dN;Y@hf zfYHpSR)Y_0F?!k@GV}NhZk?THEundPV{BDjYH&oJqK-BK0g(|60Y%N$;o;J4+B|P& zQ#9-xIRbKn1T)!j-ZHuQ$c7s7FWKMIeALYPJn7-CbNTVc$|l(KklK=Etj{X}g<%j* z*F7Vf@jj<(K0Xm^HxFuLhek;(2YI4#g%)WDx~wJ-&a}ke@1>*gIgNk`_qfyaqLZAs zb155_b=)iv1d=s zl4OeWp(SvVm=7m~pBMFA%pT60j(i_QLu{l;q^~+QbS`Yi?Gz$gVf#qHgauZC@Re{X zlk9U!0c}1?tC?i+!~X-{rX${R<^U`jP9@_0ep{n*9eZXiNCO z*$-Ft@Sgp7M`q2&D&foGu#&iB#a7Y~*7?CP zkwv5KGFf~AueA&2AJzW(6ggzKt5QDA-^Rerat11ml>{w=ZbUhV9>LzYu&8D41FbtNBitpvSz1oX1KxMp$0KsN@bQdZ?~@KxdQo-j-m;=s6|b3pbadfV?E9qlhCVLW)Of zMp(70iaA5#7}(hBi|$c6IO0hM-)z-5pK7t*&3)J}{YFc!`1IPZ6XA1eO^h7%g7XIT z0=jo^9-itZVIYJlu#f6)GxtqKkP@0p!`&u1wS|Tv-EL^f1z|e8^KI1Z&M(mHG>BLr zxk`^GiR^FD%*r+SuR=cVf~AV(MKmGDsI^CE=rcMzCN>*VuFBQC68Kc3+|sPLh!kdi z+4C|D+;fu2=4Q%Kgj&kar+xOpqfQ`Y<$`?ESv#U#4VxG% z;%|TQW=FHQI44{4+P%Kscgr7GmcaP?;rg`1qWTDP`L!=ELU>}@8kYKVmEW!H zk3%HIihA2_Hm#J5IUr9~7T}mim8h^j)xlFg2JO}-SBT=;X8D2+< z@6%eh`~>2;s)O_v}YG*_>kFBXoy67EyHs8J5BLE^FO^Pi2@A2 z$BnN<$QE=BJmKe+IGdg&5g?@xm?J(8Yx~NBqamwT7sGqLBJKI@X0>v4ued`pZJ6vt zWW(?+gM)9=OWXQ0DB8|VW|6yX#7ZZYmzzF7=9-!$H((gyeiG5rdU|C%0m~%4lO&>c zY;aWgEg@?-_AOKeHiQ1v&{DYQo@*q@Mtvc@o}Q7)KbB33@0S1mJt=~Cc5}d$qiJWGbavtJ zb>D3Zr`Mm?%t%c+p)qV)2t68*O&}15U(?J4ODOiXGclEnj?p@>{iIx6M#jqq0T?-tANb@V_~{G3CTKL1r?3ggp(J6B|x_aN)l z4FhuX3O~OH@yuAKYzFO(T{#$DNZB@o+C1sX78%=5@|ar?K}@_EfE;alqkQv$Or}iL zGNik5-z#1{z_Ll5oZUr8G3<7&FweGj_WkF{L|?s%j)2nyZG?r}8ED&dS7NZod}4-u zjOPDTHm&Jw$f?&lS&uHObM-ncDQ^n>{250?K_lePBivBe&$C5*XRKot-Tu^g zNv_}V2-LFzmc1Clyrh@?$?)C)JnIk70uUP6QVYgIoy0Tr{N1<4gtG5g>d<43-(r?!IebK+GunS2|OetWDi9)>Tn@ z`vrm6f6^kuWJmp8gxm1rrI5JWGD%4(AB^f|9!9Sf)PW~%h(f#cw+RHtuR#G_nLNvoh6B^`Zc!YGPrHpxi#m(g*uoB5^1fK7TOQu{ zF_Cf;yU5=Cn~(#TnoY^uL(Xemv#syrjfN05=jTi?XR@Cvn<+iD#i{QM0Ua>i#) z<#pY=#Z-0~4OriYlp(XgUgFV5AmkMk9(Cej$=VV?9#$z=Q~kV^vN-|KoHvi=e~!%6 z&PoXb`>uooI~V$Bg{8SQo2OYA@^3BbYDQ%i7{eZ6Y|(}aocUg+PMNTClF2j4DZ3fg zu)~o`vy@|1MExlZufg`&7H*JPhq(x56o#KX{$H?JNeY!Iun8*GumbJ{HRO=)T?JgM z%R~8E%#QlZ9&TIbiffunqnA5F;_bbd&gKR}eTJWNS&fiE7}%M4`Yiy0R)b8x8aalW4 z2REvxEoQb_LJ>-ucR%ms#1)$KktKTNuOWEmDMtM{^nk>*?&*Q8ho`5E+q(Ezig1Nj zUaZXVW(#6{IDp8aJM~4LF=usxorVq)(|5|RwKX8?Elcot^R1SPQ22p`2!BBzwU_qI zj{nC$6>rgTQGw<9vb6M+2UO$vnvn9GdPi0(k1nwI_gHcR|JI-q9M@F&Wn-gOtdIc-!1q)4}OLko7|lzD6?p- zhYx@JI)DCbQ`Jo@UC`$0n>TMJbW1-U+`n$^AjCM>>sA(F^EM9|_;%SwM5+QyJiFpA z%zb}e`=Kb*Iv5pA=0T_7B!h^$(Vx+C+}!$5Oao&phq3-tHoR2K?_*{6p~EzCXM8A{utjKd;2=*DnOI= zhwba7KG#bsHdk-}#GUHK?boRB%#>64iFwEHD(%8j8{fY2qpy%!i$Q9=jr&YVjhaX} zj%F-(|0T?60SFr8Akhg7FpI*wgrb9%)v_UV>|_(*b#ry+=eX-qmVznQuHIgFF8tAj zq+gaEOhZFsImRSQjbnw19e;f!e{$z$Q46=C$2%IBx3)Exuf1ulYA&JJU}2Ka(qKyx zA2te+iORAYbD!}el5Tv?bR&|!jX9VL>W2;uXeIehRbeA|pAEC5XO0LJLN%8m;`v_n zn+1UFY#OhE!KjyVW7Woyhla-M;)w)QrQmBGbkG~~Us$zS&87zywbhKC1wuL<51{JT z9}Oc+H2l*qGtkRQdg~uka=#Dq3#7dy9d?{zwtDhNMBV4rDwn{I-CksuD-LK(^Hhbr zclX_K@M!~jim%^Kv!xVeB}j2Ur^%D3i|%L^tmY!-V=Xo6=1fx2uXnoi)DKCA*s`=> z8%vSHDypm`p%Jz>_ggwd)p7auX~Un!rF6r8ZAO_G>FMoFy{o@yFu`RG$&i^A6oq+( zqf>dRL}B4(=IEDxSxNF8vGe6bJi&=a4axqym-%iqncHUf>*9TAeGweXAuJH#r9qi^ z}^`vwO4d~8^p4R9C$lxwueS^tqsTM;BIP7)p7EH@_l-&5S1cz-GGlU_rFe=k|~>+_N&>;j5Aipppn zOzr^;$sPMopkqYk|DQ6y!VB~rfcU)n*uq_`<*}A3^P?{~7!#2A)CeGD0r`Yg4cLrM z&T`(~;xLXNrX@9XC9+x3{G*z#t946avpgG2#@rp)^SH2FCg*jU_||3o^qUwvf3A;8 zL^EVA_WK$<9(Crq~e*Q3(Y6?}N>l7U)Pj@>u{xe&%z%X`;qQ3~YgeM$20W z9UQ)qC7w(4C!=~FVsY8oM2J*=&-d!1C&Co)Jo7?AY-8{;;akgBdu6`!BB)=zz_zj_ z@H*`!?$q7ygc+v;Z2Ds7s-PjDT1O)6-ZM>gN33pr?J`NF(5F9l9E`{RVk8*~^mv=h zvgB4P){ih6$=TbOvf-Cj2RPXubHrgHHe_0j1*oezk{oNRW+-mld5Hqt1H7~xV@_RD zbQxZ!aLK{d6Acyf;Z*)_C}pYsm|lS?!!)4h4gB+V(vnC@J`$7lrT# z_`y3U^Q(f zT45;o@o4_#vg)gxmhK;~3mlxT>h%I%8|=BJ59XNDtiq0dqu&Z&uV4XuIv7dR4%@)onBygJu`HKbz57-C%zr}K`@)!bBhn2%@DVpLZfbA@+&R`R0R`K{YTVSLb?2wZtuyovQagAQT>_VuZk`O zoKoSZ>6H@biRDY#@)Zw0>=i$j8Q;YFHl?UB9`nc?lXEk zvA5DaKQ|YU{^7%s71B4z>`7@UOgVw2lZ8p0_s1rJGDYr`g~gr(O2OwYDbC9qNH~`u z>zjBKbPubEjweoOkS(RE8+;4&>m1Qw@@x=|?GNr52am)UCXZjOTHBD&fNRW6`Io3q zNF+_IOEOc+=C@i|`y8qlv{$S%e%?;BR?}+#(KhCG{~Ef^Gjfd{KTMwISRTw$2ND4N z>&w$`;nU(GaMZv18u9-x2z$nJK4Mv0mHFUCUMA6=HwkzrXRpofHZMu(hoK=XCHBY` zS)XF>(}MoDu2~HO+CR*S(QOfA?0xaN9xyzEK6@L9Sr3-*(-yR7Yo*yf8m(Q^^CX1C zMxpS^j1Cb7Q#gzUgrv{G@pO zwYtt#_Vv3w7enCn`;F@Sb=WnBgRCV`qIe1;@74ol@86n!f4G(ogU%}VZS7M8e4;Lgf6Uwi8*0s)XV{9-70E0~*` z=e&D|j|4Y%H*dt&{yu8rH-6gahxA3Uk;p0wg42h~_o-0$#A!601ijzh@?F&Lcpa?C zz&{K&4LuvRChb@(tgMww2!B`ufsO#0X1goh0ocjr*0-TR2VG-l@1CUxXCTvsuBb%I zL6n@=Hp9O7k$+3ev}O*{P~Ud&W10#Tf#m;Jjvj$(bKmE_>BG69LK{=Dr4>}zwH7dw zS_!=})cMgeUIFGedlqrF2Kumju7nDr?DxzA8SyT$WPH^y{E4>*sSy zK#I&X?FA9*)?pEc_}zWS0R{)Rk|}X<$V}(B@+$XBv-~zZ@LLjWH&mT1Rojb3i<*7u zU`#Hjtc-hFdz~-(ZppLdL8h7=|Ic3udXsOiIzI{Z-2Dw)Lt-X*c}Z#KpV1N&!vNN7 zHP^S{c*uY;1qzLW_Y^fkhp8qrSUG?{4F;kwl@9}qFp=KTsV+9QjLRh%~>{0(lqnH!}%An)Rmo|9iQI-!VF00{9*R1jd3}6um zB8jt#mBUvi#d%ljEM;oglv52Mo#0E;es_0$yz;w zzO-9m>Ns@`^>b=>Nl*?Qz<2-UUk_VQcq;&Vf9cwzzP>*D7^!FT!7{clDR@xEP62XZ zL{-};WE?_&s)Uyi5b3cA2|=)_(qv?LNTIwO^aG-zqHBj=d2@*w9LD{D*oN_Ze(O`S zO_&yi6XLZgL zt<0IR_3i(AP@XL~w$*eqYW9xr1V5@dfO(KNg|X5?!*5qliQJ0YB4UVuEjwsQN}x6I zI4!LOFq&UFDk{nY8Ptr_=fBU~lW5WHldD_Q_zn}5h`p8+zP&Nk{^^^Z@$d%}emPtA zhp*EP?0g!Fa9RxS%!p=40Y3S3(YddX@LG95lGD64TKUARg2i zqro9rXmn_K67!T2Wv)d+M)s|+>&rjBVov|@6@w*m|HD_zXY_ya74!Rl`HJx?pnT9u zqz-1d+pAa89me_gV|X|@`9*yDr|Q>SQIfYFO1RA&92^eN^v#|myZo`X0mqgo*o*d_ zi^b6310H-KQNBV4k*Is80upyb^}~w*^O4e|N+%^9Hq9=8wNFPsrlpo`KN5Yuij$M= zXv`VyM7I;`{IBJk<=fvUPA~_;*IKMjBSt>YAjOwcyWya?DA3OTx~!~BNm-f7@qNH} zSg!rf6pYgi7!20G@g;2RcLGy`K=`)4N!p{d{Cj~Ucy)@@>)|7{nBpx?7=JZy^xpX( zQ1qOZ=XNpjyzAsuEFZQC=U$9&4~O$TdhkTSL@24L35=IPYRtz35Bg2hP>6cMh+}=S(baZ)ndFy{SC`(xR zk3pHwi-LkX>9ec)$ELQnwk>6)Rh!7Xo0nGp{I+l`&1IU%Ru>c$#KH~i-v+C?m*A3jbI7L?jQWY^>rIT8W3;KM@_xQ8Xh<00B$rU!j`Ye2+w!69p!>n$3^3%a%^UhPMPPc@ zy&$&g{gInwhyq}CluQY$Cm4M7s-}n@|Gn~bA(s%Vm$aIfFKegLZlR#K#ZlmydnOVa-t+3rbk-?FeeFO>+dQe4{b>yBqKPRAvhl;g9-5!z%{pymOr%K zig6fk$$eLJsI79c)ZnWuw3R+iKrjL+4!^2)0Ck7W9R&quw?0Y$;$N{=61#X^3f#c; z@nN_3v!JhK&kllEWH%`UDPxAXCuzE{14`tg^xw?X)Yb}^;wUwTSDs(l>pt_`MZtDj z;2PHz!w>`E2x=zfY#QQKwpp$(y#)8|z*LZM4P#mUA2YSC5~KGj*)g@ntE6hR;79kb z`65bF0#u$;{S-G>@E(fI7%wvNJHO(8z_8T(oum4`N&%^u+lD#vbKbqn-{nBF0A00J zUXcY#KPlRevN>mS1S>iaqur1`%oi1dp-n0 zL=(NXtH*^G;l?L%L2XiL{(T~LeA{>#`1mcf9=`|htejmBdyI?;R!G8F~)Y zSE5t-<}yC}nV3N(UNf)c-G49I9=ShsP)7G5*=7zJYZ6R9AmGnPY;x7%%Nh5YN6>>^ z7U<_fLALH7%^JT}Ami=88V@h&rlrn|lS!4~=|Yr1xr6~=fKq{gdhIV+?6!|U zyfbQ{hg9TqZ||+5Uo(S)2oRxocz9Gq`MPgRMZiMF{KCS&CUIkB>rVafeuD|p`(G*0 zc&dOUvq9%@younCto09cg93;cWjyBWd<#X?!7mA0)=iNaR4qZb1+;Q+jF9vzZ0k}# zD$vZ#%;LalYj5I2m0|%_nnZor{1^meG+5aYqqMkS+=mj^{xmX!`#Th*cJm+x?MB(U zq0C5O^C*ajU}(K>H5zI!_`)~H)-2lu(6Y&e*WhOdU1^KMhhU1WoE;;PgNo)wuRms- zH#kp=J_ar%6f_o9<=MyIvKs{0m^-Mo;sJ08QGN2OPWR3EbU-}86kc}Xi}>A6{V)?@ zXeG?E7yKntNlAZA6qL(20PMq-qzn$J*_KNe45?Z=v#eqIVBP-T~k%xN_q1HLKH< zFUz3$<4m@?o14)0GK1cq81RTe+FEhWfd%HexFCN4PJsPQVF8uC&HelLV|p$jQ1m*O zwM5c`Dt3A)UJLc%LvlZfY(Dm(B4O8LP$94%nh`TKgwGU^YZdgC@ZuxP~y%9HMUgX z3}?rC{p-?hC8V*aRs)R5J^?2j3ppRO9)se=A?$&gP9D%r#Ck_<<&HSCvQuxnazcR} z0S>t};yUnoJf>Erfcj{XF;1xhxO&7VFsl2TOW7|i+y;SrAgB%D#yRmp!g@Ad_YHm6 zCzt~|ZfLW~Xls*p#n5zTO#&CJdgC(1jZdJG7$0l!xh))NSZR7G%je)>hJ@GEN%u9> z?=(!!z!wH&wEIdixYuF3crUHP4TQ=op1yc7p6WW5JNXpafvEz|n8Dv08&S8E<;80~ z!m)Mijrvnw84^x|mIBmeLCeZsVJp4AKWDy?K6qap?ZTSSQ*n?9`>Op6D%<|7hPV|v zw}e0swJ%+Gz=D+Xz0Fc9*Rodv4^U11QqNyKG_#u7#upgQLLOOCc@mv%o?kva`CX_w zSG;nb;zw7nO^};&IuI@OoEp=;#rXTGHt>^b$8p?~A%4gG@0M10{$oaXes^z2^c%G< zsjQOUzp$5z5dM3@J7P{t12S)07^bkt$A@JY{l~~unKF3m$9&R~Ed(}>D9Eo?Ja2P7 znU1A9u^Jrs_FDIKMH#(n^G^)Lr<}@nur&Yi@}jBUKGkNnT6_@KYJQ&nvi~5JcWdv; zY)H(ez^(J+RT_~GoAcm+84=y05WuC4I_U6y7JzmS=@RUVkur zMe0gwCeI(UsDN(FR@)SyITV{S!72K}w>bn7;z8!SRJ02;Yv?H^6UA?U=csECbG=^f za^aDuydAB+Eu_Sqaa7qnc7^<;gaVPXH}@X#h1~&!Gb)&`O^FAoH}oYmUi~TtR?~xgMEwX$IgI^ zgn?WmI*HCOmLxIL{Y7A~LA>b3+6pZg5ig}-yKm-#7`9%G=)E&EW)%{^If8I;Pb}K( z(tguM`vS%x_n*_?r^9`7Yhy6l_Dyl2=4^LfCv({58RNOJ#bUBFNizu4(7aw0soAqV4(GVa? z8M}0lPba<*n$qbT7;LZY{2B-2Z&YiplfvjhUk0L`SH$IrH*~*pXiK`O%FQl@H4fD@ zFa)cHG6$kc4Af;5njuzLx}Fvri)clx9z3ExUko%5aCV!`ZN3w-H78JS_V@elF82h& z2B-2`qHe{F_Pp1vmI7KRq1n)$)K~_3(45dhOW)P7u>?Pv_7fysyp0<%&g}N*h0rCV z9g2~1A6KpZ!sTT|-jJ~eIV)xOxfLnbU6AfIqBHRu276IpK`-tQw+Xlet&7K(QOZ`| z7ZkFu^&9t`m*3T>M4wpOStY-JeN{KPI(4eiWVoqWseWK!+3VI4HoE^1OMA7{)OC^@ zcG|fOvR&KLY`?pfwku{M*emR(Z^M062^PQ~_hyh^J$V!)vj>zTm`r$Z37{PT8<9-- z6H%?FC@sz;5w|lD1mlxoma=v}uJc7%b90ufJcfP8Jj8Oj|2teAoyolDUrK?a*f=0~ zBMarvh0<%qeXb6IQ(rZ|X%W@V%0}3Ro4|zJKguzxntXTKu=mmt4=;exbT22-x&aKu zmRBz2HZJ8D(J&=1FBySX{S24e8#<8T3FnK-wQPHFM`glKwD;gcZ$g&}Y&Q zyAy6ubxw6#cC7>QON6B=_NB1B7Wy{@$Hyr~Yy9=If1!8ZYc+qNcl?^_y<(4xkfn-^ zJY?rQJB6|B6r~FHgQD=_mAcU~UQfTFCMq^zmyOGt>`3%58N(~9jKrVLFBBuQk(z#& zXleU=`ya34$*ZX|jI1(u4Evl9T?ra<&c>IqbeYi$ul?YXqx{YsDNGFXb`aYLVr#Ua zm*aZk?C$6jtjVYSMDiye5r_$2f^SA8NKAeVAthEoXr!K&hg95gmbZCu`6j8zsl#FvsD*`^f7`gr(q%kl#OF7@mpXZ1#}K~s{*XsQt#*MZcTbuYLRa1ylPJF+Ms z^&P4VdTtQ>prIx?nmgeDD5|d-6GR_|-0K%YVixdguGrQ`+dP@zR~-9dKFvne^~Qr{ z&+rKD#j7(@Y54kJ3;?4qGz6^N`DcXf(>Fq5x&STDyN~rCyRbO}_Ji-Tmj?H8IC}ft zhf)=V{^7rLybt+D#`+yWFb1J`UfAMBqV+enZd%MhnTJg|*Kp`WEzNeDe4ek<%)zT? zVbqzUTQVnXv6f>%!Ib=|r~a@dvmw3O=xoArE0mWaQ<4X9*@*s0Md^F_i2`#S_w7F^ zn$U%@+z+JlTqg2EAOL92g#Za)PUYhR!N-c>Q77wb4-pf;yP=BH54&Xy-Hk~fCp3gN z^Mcl+!eH4unls~^o$fqxu)2IJ04~>Y^0@2++QQh!wVOiy%R zcq@H#18uDOp@mrCM%JGVKBgKAn8jUf5u%Q1A-B?w|1_TO1H(5z-=}IVDs1~9h2@Bs zMl@d!bO(>&L5^QUZ(neA&5s_Q7v2NpDjEnJCMG5{L~M5UfU8LG_|4Pw%4;2609I&Z zisK@b(j@^g!g>cm-qUkJo9`e)AK@R1dkcYRN$e@ojVA!<5NPVMmYk@IC*>M=&_D%~a@n3fY94n%< zWTjg|Rt&^!9p4<}&9-gw=2mQe8s0!nq&LgwP`qKyP_;&D@+vAj=*Idw%}SN8&IzYQ~)b~q)Ac<*70O9%>!?nk^4PAd@&*5 z&O1dUuA2=efY|h%*9I-U-}T{~Y#I2Vc)V%D=4Ej;&a){;ue_&cM>fKB-7F&;nYKLi zq%%Yity|0jqDdg z--m}*w*jdKofGrlw_6b5AFS)ZlK&iI@IX=Iz83Z~SFuFA4?~ri8J>==?!k?iDj@87>|GOWIkV6#BmmZ7ej|?$kL*+l>2JM zy07c%C=tXI!Xmw6VX}aJuu?RTIE@MD(}|IMSklaueb+IH#j34`T>w24RP$F#$6_-IXM>EwrDSC=ZY*)k>U~fgRLy(#{BTQFP(51ku~jl z!BU@CP7sDTvM%2!?74UVKr1Xu>}G~5Dht5G5&Qqw5Q&=ZoKw#c^QXt{$?jtX;Vh^aD$0EJzATH5M_89@!EEnSs5LYvP@ zzwqC(a0>KNeI~c&a3#txM7}XvutHQ9R~yw9R|ky>*dQ5Q5VODM5e#~Y!JcAw+rSOi zmON%a5v+Db^b+?ojO*@66+PqN>YLj)ugO0J_;@Oho-J#0y=7J5(6!buwb^hC1o-s!qUFqqKZBI@$9Tr`I$=`noOKXhl-={55SiC#jCNzQ@YAp_ljEl#;psSt zq)bOdyk5%QrY;~=Q{Bz!%=zfn=^Z30@(Gq5V+#Z?k*S{gypzxU6kdsYE}2DaA=1le5D+maGFI|Dj|@o+~3 z>bSrd1ZG4ZpGO~FMLb9VM_CR1L>80#) z?)GmEQ&z*O%2=kHHW?I59rsZH9al%uC@PX87+t@Rm$k1{&Afd1N=C>GLusG+?MAwv9SOpB`$?-={w&i-z**2@5rW zc8g6(!A2-4DWRHcb%Z^fpd6tTb0_KQH^5XV2+miT^sj7Q6XwWQm%FOizJFCfsP?cf zW~7Hqn_YAE0E5-=#p5mQaK3kPSc*|r>c4M9{r|V(Hjj-ArwOAu#p7*A>BN0YGirJM z3ptA_Tb+J(-9!pZ3T{owTky;+Lh2k#k%fX!Hbd^4& zjY#87C|UuVquH{?a-QD~z`6GI_18Falyi#r$(K7X>ojEd3N-el=RMpL4!+J@Q@H2q zRet*9qLt{vw_o4r)sGC($-p)pD1=_%>CV43%1$9&84`?nGU@M8j`1W{d( z`TJ`+DB*+xHd*{Pi#!mfkR~PVHMVvpOWLDrrghC%;OfVE z_>YZGjPj|F->$>foek(&Ol|J+-TWGRwtB7Tae+l6*1+-QK3}7w4SLwakoxh3%=e*y zS^3qq#|q)~ps&?>I2;H>1QJm~n*(Lp~=7 z=9IsGe@+g=1KtMo&?T#%;m45ZBpZ3K;zVu=N*ERc`AaD7-*g8VQjQBve8`N|Gqo!8t06$w_6r#&3DdcKJkmcw;m$Ar`|^5 z)-yPW17KC?|9t&5tmL>tjhbkm{RRh%difG5jYztE`Gz*v>FNXN!zy2mZH9q3E1rAv zg(r->*D-|@tnS^Dkr2Dfn*u8D?*gt*Y{z+bktx{j`KIv_5fVzNW&+#xYZo;gIYG7- z0SMn|bi-xFwv3W; zhq@>;>l|oMH)iFsvob(szrP(D0)j{N6TdwnA4XUwK>7VLX32N;q#XBp^F$oCqum_R zmG7a$<4V-bWsmwG|IVkD^&ssY*ab#Ros8t!~Jrr zIrk{7u3;%Sn?-*0CdUtxk&PQyJ1CPxJv&)n6Asr*R=d?(_IpI04sPK^B>mAb10h2~ zE%q0hWPDjE>0)m8eX-;GFFu%9A|*g6fr3`v8Ch19q*1>*fyixQk#=(1=o);Mvz@+& zZ5wNQ*Snb>GV%_WkBeRe*3tz^*~rL60*E*}Erk(>rr z4L(#=3H_m?55MjBlSn?*0E*k+sylFTX~6bi^I0@0FgkEi-tknH7wG^+QBiHaBuPMI#Q|&N(Y1ZuG4LCaAf`i`&(-AWF}lju4*3!$t$=y`eQGRL8*FUem64{MmBs=m zO!Vj+q|&Fz0Tmb^w~~PJ(otLhb&NcES@cF#@Bwi7WW6lE^qnsN`axH}f$I%ER%5!) zCn+SL+823M!|8z`)RoJl4-Jdk_0z-Biu7LXxF`UF?i|wieSaTt3Xd~cxVfX2Y##Jf zu6+T6)Jnp(IX-^=so|X^1nvggNvECqH(6!n6KF7hk(6Sf;m6NlV6bs?^cUB!4c-KQ zR2YuGS1+je9dUDj{Az*v<*#zyHuS85!UR^hT>i3Qo36}Oym{$Qy@B+Ig5T}O@>f+Q z*9+U6SD%R>QZ77cq^RD)DlN&p;5zvf3!y>+i=;(EInTx02WugtEYv7VsfDi!KjPTr z-b9w?g2&OuuQ&LRN^^-QRksiIjplvh9?b)AZlL^tO~HeH%g_^f9uQ;e@Z_*mvGu41 zVXC=5*YPG8gravT^d{M(yKpIw`!{GfSC=Wn^z>y&^$kn#iwa&}x7pv{zs$>ou}Vkh zxBDD;T?YN%6L1J|FZOn7+w7g6h)6Z+=ln)ve?(%BtZe0y{tH?I?K zPENPC+H}{Sw$*g!zVPi9XMff;+>su3$`4g{HFRRwXYjFgG%Q~vKbe4k0rrx?hC?vO zd4waNf;S0`VJw#%wxh969x+_DRGHlN9U% zGMF~cqfpwhvPWtx!6s`LZRUaC={f-Ds{bHVih5|0nIpt0Gghy8q#&W!u48J1?aIPT zE+h;HtBgzI=@L88_J^w=$Zx!#I>u^~h`uZjTVI=5rSk`@t3v?i=OO%0M;oDJh8+>Kihp)yBcD5sYo+7{E8t87} zX>-jN&W=1j_gi$py2kVipb&y+n zeZ?-(Q6yO^h}n#kt()m}`Wq!*s6~)I6cAR9C12oN6vb~GsZM)X<(NfFAP{R(n=Kw9 z?axxu!_NKtA=?7$MWl-h4SS2Cpt3-8NY!}+3qg(qYTk<4Y{;GLk=!Zvk9XF})0*tK ziy-B+Sgnr*EHpu{Np$F24P{68Le&f262LUQ)bm2p82Tjquix5qleoYK=T&3rc!d+Bonv8vpYQfJ;4?)4xV7mI{_# zfNbD&l1x72+?H3A@dtbu2xnap5*jYlIIqd*C`C^5*>7^9J`gm`0lQBE32JnzEBQ)~ zQJEaGNnZD@ELrGN)`2z8XOEg%iYTOtQA9djw~_u4 zUb2WIp0|_lP!H>CuN$03mk4fXRYV?g#*4E=XS{iXflWlW{7Nk-G*lYMjZ*#he6|%^ z6LbJz_~qI`#KfIWl;TWl?L6bAH+-E`AL!aozy3Ty7Ty%R|F(FyJ%g5iG zwZ{=x4Zp89nPN_=WLcy<+=MelMo8}0(Nk40L{F;Nhe)VeoVeY?Dd7N}kNt@uQl`$` zJNIMQez8gpzxe`l_hV0K$!AeP&ELkav?P?i^+-#-5uH#r4t{8eQc~Y4C?$b9gsV6b z!Rzy)Sz_v-oc=OEz~jXZ|LrAT%Ppets6rtt@D+^}Lt2N{2mHXha~eQKT~ zbi!20gw%9IF>kC+l31OUNg5{Oh-zku*}Us3TMkf{pPiqRGm4RXz25`5h7 zB^{JLC&pemz|H&eVXpZN$t%{sc_^UFKH^=CYF+<^ZGFkYke3>9TIpu=_ik;pF*e4i ztQ>Yv3xJc5YZ^QGS`sZ=Yjj%luQ#AyAQD$A$UbS@U}9p@-2SxiBNU{AKRw5Vh~Wg9?*lM9r)6iGoixsose{7T62r?5&3=^< zsgS@M48kIJJSamAd(D!Coe2YpXbqAa&JB~(0b=?JCucY*H@{?oiY+blv5AGD0`z5d zau2aidyMy7)iC17ES)2ZsV>E)i)8b_W^#*RW@~bi-P^mhG-$?;GZ;n%-S3qoJGe}Y zsX*P@gJFC7OC!CtZ&s;g(G0>n_c(UP`1*^+xSu;G+eKgNCH6qv-DQ~N;gskD>j^EL zBaIBqhaCm)!rfZv5bRICx6ExaoE#bH9U~LXzWc{WB50PZ%5AEIO4L&$!A$H~2Jq_eC z{axDY2JJYY4C5fz`+2AJ2?>-q(EJ86sG4*8062|}TC7HyXe85curK%MJ?Ve{2tjWY zEW?+P40^P_@BYBk2=f)?8E)L}S0Q>dSq~};99+n5HRjO4oh9NS z2huq<`DaYUKKjo85R19JonxE+w}f~;A3LHlTA~DDdl|fCHb9liuy>5!>#5us;AZQs zzMW9Xu?LNeAl%Le^77>iV~C#@w4%d1I1w|0rja-w#CO7R3a5}p7{9IWn|2^S6L3(u z>}09GsJsQW`60qFN=%)_JjW|Upj{0Glb$x0YzYzwDsjlK&(lJuq9CnQUl#BHSfUKGrY{(u+N}|6E3E6P7Eg6+R9Del&E*{>9k?*Uj&u8X!JJQWD3Vz!beKmEaOSauu_ttY@2O3o;eWQCoV|TOvLuTYz2q$>0 zLxGwjb7VE*evTRR-AC7A-*aJL-U6#%Bm0VCTu@lI2SYq8W~%o=T3ST%`52KeGYac4 z!aid@kjK4jZLn9FG-+5RM)c*1wYY9>t$lG9*>SoHIO;TPg`i8<+SqJi!QBIbHCG7f zg+KsL(DYTayw=j54xp?OnwteQ0fx2?qyFMxO!3FmFG>Hn@0J)rX;x1Q-?ZNA0SyXq zK=AW0`n;_bVW?eWhe;@cfF~B0M~{mpd1#zoYF0f8BLxFAP7mG#$O|LZ4QMf*H?WpYCL ztlKWHurNHOJ`K*>z$8_1YwdYpQS7fCtpPl<%?cr$^I5YXn=n24K9foGH#Ag(gap*{ z1xRzTKAo8gDC)%?t%QhdB>>j7^*E8IkJAl>%lXXL{Zbw~8V=ec)^?H&G`s}rN_=W) zIdvE|!joJ^{4SGZCjRHJ9lX*XY1tdQEmfzhT`vKq6Msf#^(vx|C(DlS%YO&kMV2oB z*Mtw*R!1#=C8hTlzui!Ft+sgEfgs2i->FY5?J$BkD@Zn4TXz_6Ub}{d0=>~sdaXCK z%5Z>R1t5Q*)=I?fnVXpv0~-gBI9!i?Gl1oCdu)st&p&xo0NMD&kKwuwH&w&SElT!X zT>exW7GjD*d81^cCDf!6)fTwlf+#|`Cn3!V4dLx4Hq>WaE>~E4+5;Hs|NlCO+(Anq zS&8~M?kq82%&@i#Qnuc8VifF}`jl+^g46X<9wB&>jlbvdk+0-5^OXdFAp#!@F>w!; zk;%<3xYLj-iWppjHO@Zh(+&o20K3TLX#X;+a8k6(5^z*WUqK859j>*X8{pCO$L9m_ zF&OB@Z!-(~ZE6a}40rF|ZRr~4{qw~xNx~Q75|Hb*J(Po6xRNmY9tb>KB{DhFoWx|V z=Z5qtB4|>GJxN_zx5HD^Y}=%;@d>SvLl6ha({CP>fBS^3uX9PkKp`WLP7=oA0~tg9 zphL7i=^=dg;HS_;j-z&<0xV+u54W`%Y!qTPt-*{?N)%VELA$aoniUb`9eH1H2gpny zGdsk(iHVK|2J9ac=P$Xbq&=ZR#6+|1MzjDI(vO_v5IpV+wJUug9ddfaz!3MX`*PI8 zai#t8M_?~aM+MUJQxySOE+ZpjwD1A~{rp4oMMP;4DOAK~e&&ezuTAehHiknbg-&SI z3NQiIZJh6cvM|arqF^yGk!}qNB-pXP6D&JOwYcVtt_^QJlsq`O9-_$U@D>=Vn@8#< zosV(njDFW+GwCe<`b6aYv868i!IXx&dP)9ux{5Q;B=?tT%J~SiGNQl8IQl%%h?kh| z;o8~TnJ>h)TSPw6E%@%2kwg5F8{aP=01M@<$-cUI3b(*L7t-X&276EqfVPmxQL7|>~+{EAru^6l7Z*~W(@F_mukkqVg_*ufvyX3MgVY5 z^>%L@7ojc!XONMTlMtwA2s;rZcm1gL*2W`XZ(Y55RU9BU0O^}dvaW3aqiHmgXhHY_ zHl-h5FGZxnaxyfTJ!-*!OWUQ$t|@!%&1ny>nsVk7VqSj!57EDz!{}k|k1F$^{Hw{C zN(`3Q;GgRRTiRvK>nv`i9I5ivi$42;sBehO=HR)EuVmEg>D?xXw=Vcx;sah7jImKD zAhhwvv#(i5i=+N%5+i)ijK)B2(2U+a0WoLz=96AP>6=>VBif>SjsZyW!7@`a;L?Qx z-wzPRfLo4UnXTu-2LKU1YOvIp2xfI*z{Ny(o#0hsM(mf9lha^MnL(VInu>U&AX>#p zb~!UU%fQD+4(}K_ZlzgZzq|Y>sM$c|uvH8lrR(~e88ytKEc%2B3)ZEWPav*_VzdT+ zR3UB)+(}+@+}f!>M}$~Jdw=}gi+p0n%ijN6y6)wn%c^oqmMkS*37(k}90h=P$=~}m zREjFwIpuf~>s`3!`?r~jn4T3%@vuQt0homA-G@6CqZ6R!DzY;ZP0^?QEA~-S!in;8CM2RoqNUT}`$=a#=~9jl0pmV^MIM`5=K316rcM4a zPL!LN5U)$$i}kdhcU!FtT(Ut??drH}wy`o0LKudqG82q6fHUKTvESf=Fz7=84b!=m!m-4k1^0-q*LQpPp3sS!sm0kEw1zeu*w1sx zu8HcjwY`2#;q(}QvS53IFhno0!WKt<37^2HR-?|=aN2XIAZf;|fz1=IQ$LW0-Q5B6 zN}?5P#JQ6gafRW+fzj|)uOZaeqzb}k_Z?#{q-SLk`(FIkKqNN>`$xs&MChoTnHOji z&JE+^X-kpcC4v4`y;gV6w&dd(E}!j3b_Oz|^i8GPp4Xx$>sqRy`{c6}iM)S@i<_Gv zpsJBAK@}kJS7*TwAu)n`OjU~ez(p~u2CZ3o-^zSzd0T4L}u(n`(BkYE?y0hCr z{XXLBhus)@yNhSp=|eiGUdwYPgR;%o*ci(DP6)+C-c)EXFYMA}e3Bz}417WbV%jJa zcrht!4VM=^hA4`l*0W|qGBYzTQ-rwHP=Le8*T>#4i2`S3kkR4#W4%FG(4|Ck{0TOQNkuAn_FQdRRj1y)Uo(~6czwfik_eH@%U zN!NYIvCYK8i0=LIf%1GGkzHjnhwAp$jXG2p3!_6DX226AO-&P<@6G2aT}3sV9psY{ z)3ZXALC_#MEiobpr@3XIw0OVuS8E_J7`3PZ&`^tc;_P^7L@tLtQu1)0T2PW#@}HaQ zA-U>wobc*=N?TI;;D#|*+_KA^KwO1XAx!aKBMD0?(yR)}#d&{|&Zmu7{FO*d0{M8K zS0EV!3YIuj!XzjqhKB}gx2`2Vr3FkR><9edp;F^>DCC0>(utUKDOJKT`)0jIijZbe z_47{X6HOb_%QLRdbguhPfO*mh(hhLjuse&<7VKAChx3|g<$!}i)oCXW^abcfJpqe4FsfVYB}iX zJDshcL+L}co6IVVwFt7LaHEtIfz=i_Cxg#YaS-lX_Q!t5addYBGihnfCQPzvJQ;7l zYV@c08P~9KNMgd5SDzRs+CjDnRjL4*BMBO&2eNJ#R=8m_peIw>;Gg?$5 z<~sSUFGIo8Yswj{7&lX)QH9GYP!~3Qv+nZudoVG{VF;E7Gzma!)Cpv-UerGo^P1ZA zgrtP~Qos`%NCGY_51k8^_D#5H1cG}u#7>JhAiKcB!$YAUw_o4bZ8<$Tii(fvU3v2y zBpUz?B<12F$ReK{q?~p4Vhs7KZ?pTZK*p(YCAXjdE&+_j7m^H6Whtqu`auD00)|E# z)F2o(w0RGXZ5S@9;{y2(6&SxtFYGS;jt906d;q_V=@tg=Yq((iHfY{WpS5KRx!=7A zx|Q8pkVGos)SI2nsHlji<7A>}_)o{3nd%Tu-N`)}EUBbV77~z{B5t#gQQFZ3LSLKh z;d}4=e71p4Z}o%(>{5B2^Q_ja-OiVPJt%xPyD2I{&u7194JXUe-7cDd8p^T0y{_Ls%L;MLk&5Kp-z{YDQa~&YV zkldUx?mP){E~V{a=wWS2qc$y3z-8}SmO9oWlZETFh+PJsIV1-MM0#1|ag z^jPTv5{kcM+-dNB!V5Qs?Aw7+FdmL%P}b2I&GE?FBS-dYu1;Rd@0%*6p?n;79#iDi zN(6tfJ3!qlrTY(pPHI9jh8V3j)q_ zW{jWh$1%;5Bdskgn!;&?l>k^Q{_E@W1~NrW4?i=zK)@4-RIIwitR9hSM6BFNdXu^o zS#>{t&-kiV(x5ti%0DDrugQyHi}~FMnWm;3-PuD5*pww?&{y6u)q_S5T%`e8Z)m|s z#IZCqJIUk*TU?Um19PZ&zd>u@Hmh4Na-WF`VZ_&r*?8QO82%-Z&z_GbJ0C z^l6`^T;7&)G|Ik35XooGI*Cfl~FW1c=bsQ$$@9K{;SaCFMT8)@*sX>A=H@1UR5 zB2k`L(kctXFIY{?<0;>>D4KxhzLdm<-T71~%U2SR2M~YfS2So&)MoGVJBE6z8KKbI z_MvI#1%>Qs17zS2Fznl^NCnR+LnbJE>oy;s6#S%CGXjQ%;rWzJlZv7(+-gp6%X{fP9T^^KKKg>mi_> ziMct`QL5LRq8(rHtKhO)#+&lRjmngn@b%SqIv;C?%O)ppFH_{t@o=~{U4!Flq3$Q` z(pTaHv4`2Y>A5EH86>%pm#Ks~@sn;gt`UjkTJzDEjS)Wp#4qsYmx=QWzBz%~1|y#osc!`*j}S|8^1?Hlb`ZTvn1>6WsWtY=<| z_v?o{#VFU3>gvSiKJOcpvKj}$>y5+y`V*Juu2buijh39@uX&s^1C;XAa0m$l0t2y) zex!yC4r;=qQxoRAa#Pj424-c@-0ll!gG$}b&aS{PHYNtVZYo<0U+AF9Px54tKU_0y zVWWBc^YfyLii$7ouTO^k%R})q^MU6`Ncu>FFD4`e-LlPW;m&W-8sGm?lec!dWLHzQ z%15I7xRDOOT&czC-W|`x-Y2{-qn_)f8)~GNIWFVpepU42aS|SmNM&=pDnIAq!0X-4 zx}H?cVC&#eHh7_u4>s8qV@7y24py2|(%Cr$!#KVlA+SeR+)s2pjm1Z)_+2>n*V_1r}^!w5p%}Ok8fwiYT41$wM1eliDYO4 zB&dj7wHJxEGe5iFyem5@WyuEm`z5xBtqs$ezU^q};^gLDMb*CvCVT8|3L-_k?m!Wn zx>1>RH@qpcIV3^*GAy2%cf{>u;)HS${}GA}PbK?dNZnBSpiX4t;P4_lo7rh?j3D;i z;p)lAi1zYW%_Y!e;FFY+nw*(=0n6Ih*-3OSf>z4m0X{l9dSpz@8+9ksy-(u^jhfzl zpMg`S>IE381IzxhprEEZUR_QYL8hTW*(nAF1_~v@>w2!X)V(tPD+r*GAMJ7IRH;3{ z!6B5Et_O2X=%)sS2RFPQDus$)ZKY!Pz1}B66qmz-QbkqO7f2A@<%wy@uC!3nlKJh8 zyD2Vt{Ma~$j^4!NKUb3gbnWlZDtxZExz!lH@(W>u)y!vot6^a@GmqEL&CHba-!xpJ z_R666vY*i(tB>-Ae_j2iB4caZiJt3DT6c?bpBxX}Mg-EO`qh~&zfTJmy(KN~Jn z7IyUhezYQ-Z{=x8CZz)=OPEYbN=gzJJ6wYw$yNuyqnoP7qU#GKhCy9d#Z<;Cs{}od z1#h3uL~Bh)ylwVYfhZ?ML6F|X0yrHB2;qlK(RaWEy zzkdDNfb>mzItrVSQQy=wSSpaPp|6h|(B)H{p;!1~t^ux^_W1Z%-`G4vVBF;#s(Air zZK*~8qQuu9KkmRmaj`b~9`6JDrNF4u>ElPPn*wL^<~K{VTJ_3Il*>0FXl~asO-`Hmv)uttIGr#HXYPQrl?VE{ zbKJl#Z%Vm!rIw=DA+JKy8SJc}X?n*qmetjNpwpcFGM$(w4MY>9Pt0#M5;QTP58xdTBU!)fSifN1-9P-*W__(+Yknxll{h&sP&tym;QUd6!qG37%Czs9eB+pI%K0Tc> zS5!>GO5Zi=Jcor(T<7HAfPoSb^8DP-O-Dzk#q0{}4XhoP=Wl%WhP8g-9~d(0^>XcGkIP`@tJ(a6%`GXA4JyYx$dC$rsds)LPwRFri=@-QyxXI?k$vmS~v0dRrP#rVAQlGm1D^(p$mS37cZSpw~O-XN|*S-zY4jh zO-?Qjs`zQ!D~js#6MHW(Y?nBchQ2-rNK5Y%*z_cP)nu#+;63&*KimaQ4>V2RJ8IuG zVu7bc2-{=h_Y?$CDqfSw_!!vQcP83n;cje#9X>HXpR-lD(*~PONr@O%rWov&(9~X2 zK7T$bX{)S8+1AzuYh0*l@CLT33&cE7I1Itunh)79#lyvwu(2tA_+#tUE7FpvRYYkZ zx-DHLZ~gF+b&zeJ6C5?)u6ioe>8B@B<$L}{o$6^{DJj~}>eV>0l@5A8vrGniN=Qq; z(CoiIF{5_m7jUC?pAilwF*Wt|U0alQzD6Mm1#)lsDK{+!xoCod>R~Ol=1p4iJ8MW> zX`podID7;rtL*SDt!s`r@?TumF-AnU z2-4Z3g)Y>@oRyK%p7>FFG33o>l(Wv#co)NR33mt6KKmGii<3nDlWJY~zmlD4n z3k3Em6iur|O)48DP-0*m-E(CN|_RW`*iC?^U z0Z*R-4Gpc2I;DEV?d#H)wK|QXwWH&MEv#yRL{S2>Y60~mQGplhXAE!(aI_z7xhg7N zx|C9svxdZRws`%Ddppjg*EfH@xpY=kdiBKUNlk0{O+Kl>HXm0#z5Y(xcWkUoNqSOh zGdU9Q7oUng-usDCS=PNTC)enMAVlH*HjjE1@G3gG1bFkdfz7#5S2p&^6w3y6D3BQP zBhNmT)!9EMkZ-ig@jRVrop zkV<*HG6)^!rj{1umU>^#8FWkez&d4i?X&92Z!45Vt?Unl1#=rvCoxl;%2&INPa{ZN z?Y!2Kc_#!m<2z;&N9Jui8#}um*(%&;ZoJK{ts%l5yb?Rx-;{Kw?0}B{_6PvT&`d+<-KNMPtG+C%&>AB~maM5n_ zo1@U~F72r6Ya^qNg@K_<(JA&`Kju9fF&agk6)j@;QO_=3U!Cc7(`-(m$=xby`1-j> zH%`FQ#V%it3l*Cd@}7LnAktt@64W~QEywWFKScOw+}w5V@`q5YsYyjjN{Uir(M9Oy znvWmL(Ne=%kD9^T1izorcQMj=T8zwKl?b61<^8DC*l-~dT#VolyDp^(%#93BndY*^ z-53xYPsG6`&X6da`#B(K8kY#WG@p+_viAZaga}PJ?eC=ZAp-nMK8L=ZD(E zoh9t_4~pUtOacgLU&6f=Ob|#UEj{5spB7jiMu5cqfY$N^ZbMMp^Mg<2gGEfoYz}(iGkJlW$2qpIh>R56kVjFryrR6P&$nYaQ_k3$(>Q?;PvgCGz zTEBk2G3;2dciDgyG#@4oBCMVT5 zI5@aB0|}euIG`6B6c$$SaQ+w$j5#eUZ^X{}de`+6GAhk8tNE7X{EHEs!sH+FzhB{y zKN{Ehnf4ru-edns`9c3vBrS)W_^o`(%VtO+cz9H_T`o9rz=Tt>h*Vx$UcyA>_{&!3 zfa~`ekX@mn2?c>7Qeo#+i*-#SBct{8b@9KlSj{SOFf1M1`5_=kOo9d^wFgyu2xkmJexyRHM#wvQQ25*XDHwndebshW* zA_>!)SG@=781Zwt?u>exHX3_Zr*d}fYePJzgL7FWi?jSH(_tCqKZq7 zvRN3XM>UOa!R4F1!&|ierU;oP!NM|x(}})QCwvAuA}U?|qbY3YVu-OYQ$*xxV1EV? zr1;xTcck_m(%yuf?{#(}5I{sIDCCi51d!ecZ%s1 zRDP&TxajNa%k{q9@f}??Ot27Doj}Gb+zwxfL+M1R;fX8^6s5T&7Zg~A{Yb+6LIpb$ zGQThF_2P({+Gv$?>(8HW)qe$NT&(6SIuBzA#Q3uBz*^$oy?X^qP~uDhKDuS)*QXu2 zaTt{(cM?5$QsKD8f<;7!Pf1BxFiKUWs~Cr50sUq9xw*NKLP1qA*FzGw58u^AE7f{c z_WtaBeAI3KM8w5+Y(Cb)g*vyZK=-kn!KRvi{;y^m;BV3hx)AHk*nO_FcofaKo8M~& znW~h#%2e2Zo;7#atMf3T`XMlWnN9eT__Lw6kO^^o_|1z%j9%z-PRz|=rGE%s$W_il z{1a_A^jz8n85t!l_+ehAHx2DrgEpd!@5(SiUS3(5^sw$`V;7;BGcpo%-!E2}?=M5; z-YSFw?Dpxt;qvGwBGmec^EiVL3l=PtLD+LSIXQN{TAGg^Kf0Wq?7{Fd0^)!zo%k~z ziK}&>H{d@=M*R|s9F3&>xm)yJo4BxLIr+6Xu3hu_^yyQ-BjgBvnmIh$u1aQNRAAmOTsLJ+Icw1JpM&KQ!qpc;0$d6mws++~~^p z>g+`m_Bf#zMtyV6T)CVlOpZ7NAxCBwex&$!`-#L;vLEa8y_RM4@d5wLB-Muf$fR>SQww##2Yn!>xi^N+Jbz>u=fQ5J}q*V^HH>A3US`O;A z=FQ6}B$F&rYlY8^hC+%oBauBC5fPEdq@)l~g%K1IGC0_rMY7t@BBCT0F1#72EXT#e zlhpr{I&XY0g#zh;ERHZeTz0jmhvx4em14m;_lJe%w;IN{qZ~DOCSkKY$W3$Goyy0@ z2MH0d)W}KL88`o6a9{^nwI5{52rM1S3PGo3Do>pAjfaj)O-;U$7$m7`tG#)u zzpu2|b%}pGu2!mgm-Y>z6f08M=l#q{dbana+px8%M~Z`4wMgk|F)Ody1J^;#$J5}^ zY|R}^1UXY?KTPOQ;?H^{pa@@k|K3b-1k7VE*QKYAy}HY1`nB@QEm2DgxTKW;q0w2l zkB(X&%1P^YQMhaL*2Ud&3w60xgOBdX_u;v*O4S^*Fyos%H!FpGf^rE=<%OvhPFrd5 zErY6jYVfu2X6ePUYJS~xO}SEPk0#`VDQmsts4JI#y2SqUTyEV{LvR&LZMb(4Q zZxTl(m(@rG#YUV7)PW#I#ma9-$7ja`{ik4xpG3Y$JS*?g=8bE6%Ey8(USB=YNuDLZ|mjgqo+dYRY;+lmSY9vs(wV`+G@o1a<{o1%4*SAY5iUmVB zTW?=y$g@(d>JG9w;)G>>e&gkfh6=?F4cJt9(>uAevg%(`z}T?iwz5Ku(*azrX)g%N-<_`ty>{`oThVUDhg#QA~c3i#lhU zzxQB3|LK@U(a%twobq-IsXLz3$bZ+#DO3qm$%m$etxwH0^UAl`*}GTIR{3CsV-UUy6-TBVjuCJ zO3ITYX@v#3{g~0#*6spZXO@es92^8m{MJ}X3EJ^|=C7ZgKj2%@iWhlq7ri=yG)a(G zmELyA5>B;l)egCel|^4Oh&+elgOt?VtUw56bv0c^Z_IGkk?^ zO2CRXe;q5AsHVhd@nfA>O|V8iOXyYY4iUPE23^B4^MMZ^iXm;8GB~QRo$kuIN8}gL zt@7$TV7>-Fd5J;u4yCrL<+3|uoMh38g~X9Rukr`*E7Civ7-2*F1jn7V=CImOLI^UrI`VN0juWi zhE#;qMS4QD+&8JIy1mYJ`n}DvJybnCJxx9Lff2$5^1ojl^Ep=qob4u|z&^fk@fwSQ z#ruNE`T16sKRu8?@Bb$I2Q$_6mw0aoGa818(w?lFe_R@&{d2j*GVN?{t0=3X?#CmS zORMv^2X^{q+bIJlCsrl2R-l#k|U50W$LG#~UG`k4a0tH(o7X=*L1O-`k zS>6{2-G?aAJx`~+W$uO>@I6E&Fg?wQr;L8bAe!iky=R#tGZoW5&9`sg{_r4T!y@P* zxZl-VOB$_i_B>BWNa*6(63W6R2WYZ@o3^%E!I+oK&G(Ov8i$9g5>^@iJqlcd&N0d5 zp~qM?MhmAjc{z71?Ks3m^JC;RuyNJi_1b$v7VxL3V* z4Ry_GCzI)$N2B%RM3*S8v9muIF;t!cQQqPy*=e4!>|?WM+aBL z{bd*PK3#!HY_c1CpvS($`@#w+(70hlP-}q754Ud(yegTx(B!&k8S^ zbeUHXEE%kulm32*8$j_+hmx&^48s?Cz)H$71L<2~u0;MqqPmN}KT#p=Z8fzE-t9bh zrL?uTYwz~yoELwVnaMEl4iOLyzjx1kM}ydaZgq8Rf|l~%iGC``bEUq0r1(TYIFTwN z%cn@@O+J6De#PT=FvdwKx1LzVbUfwbmQYf5S6w?LKqB8oGJMoKR!TT#JGFQJUh_HS z=1;2X>Le(RVP9+*tEiOo+=uNZGPx9josyjR{t1#Q|9vSZ$#TW8t=6w|I1qGxZNcTK z4iFvH^_-F0Fn{JAKPE~O`uzxCi8fXH~-=>MJvh2`~zE^sz$n9=)2?eK1~9artbo8WP_qEri| zXp?D)2&n_}++Jr%p0J@mZ>~p3->-G-{I`fT>$UQQeRUiauUYU3i2|#Qfu;EW7ex4k z;b~J1c`Lid@sW;%{VF(-{B4=bL%Kai@Z?zO*8{HHUb7ee{=sc%9xF;hS`z;%$9 zL*1+SXfO}CS+zgAD6{3EP{@EIUBa*8@xSLD6vWhsAth%pg0^z6W-wiKE%k_w+}ZA3 zO`*tM%@}R~TtAJlW{dBc^49K`D*p{jl$(z7oV_uc#U&pD($dn#LeAjo+=q(EW@k~o zAfO8!8w3zTsr@}q4og1$?|vYWDU@fX8g_my#q3Dz$VGSf)X(XL+J*5Kn_nXMYI8bj zdx|x&M13~-U+LdhPylU&>ZUd0+I4gqT3T~a-9a6gDP;6%S26_qBTEHkj-c~ua(_9- zgX_pN@y|4?n%HSkbBLZR~{$v{Q0epG_eSnHkik<_pp{A z8)JKE02#a#$dnQ{PBi#&n{-_s+*u_^P&PM_Q~0;fr7e+-SN4=8Yo34M^UJ9uB^^=q zdG2?;6(18%#r7}58eQrw`oD*IAJ3ArA=2aV z(3BHb+07-@O2c%t_A_ffC1vNyoR_}5|GHNL{LsA$k>`3k{*d1UTS`ldy7p*Qn7gFw z4reQ5*X6Q|*Dl}zKD0MpZGkb)5K2@kev9~rZH)esK7j2V`RsTe7zz7qeC1k(Mm`V* z>8N>e2v3f(K&zkKhMWw_Mc(gXB#|ISL1K^&5mOf-)y1Fs^ zia$>OYVEJhDz12uLo>e))n`l#BSDX1T`=w%>h>%h-ktO4?s!jh9k1t2?VY}bty}#M zhfPK*Y}cV4U3vT|64I3KmjrD1ISX5w>XB~c*DDeAO-&e|tjAl@WMsZpc+w8ty4ClJ zSRGgR0(8Uz=|o+*GQ|J;jJ=ZZ`KH9Bn>;?PzlWx`^FxYd3(MvKc=k8iw9Q}6ic4d7 zzkRfB4WG0MK56bk7rD3ABA4{t-9pzjcH$AyTHSfWSQ%xLB4a2Eo}L6s4WX0a$EF#s zEDrl~Eo20CbcYjodIErZn11^Lz29_O<25zaM8|ah*$v?uH{(>~Nd@R856M z&bz{7acEPHDk{B}aGZTHmK{G_Eqd;myGzZp_{7H=fq_wgRfDP?CGMm^*e)v_jr|6^RVs#p->u1Z`;bZ?!E>Y2%7PpwFgy48G)@|w= z&?|at_q?FQWULO#a!oC*eiyM{@8GE{bY%;-f4JV2;USzSW;Qi+>H z`sZy`KUYzzM`G#r*WS)4IekJGJJWf&d3O4#t;NR1#yc}?XoVfTV`Isy zoR%IIko@l=DYt-z@qc|yG?apZ!eE7|YWXy@0?^dFraV@L%b}iUs4Y~FkWb8X(+U`-2R_JOzIZtGOc=T(CB z?0>Hl0_~M^C}=()vv|%#Xoe@lBRB7VPcqL!^9j;(TM0d?EuaNx4cOb+eJRwb);BVG zXwJ^}V|ssM8kzF!*UUM-sDN&Bv(Q?U&FEnZ+qG*A(8n6wI@!}o8wXZFFt=e#ko|?i z5*{w%HFiDDj^@V3b08#U(KYX0XKK%uZFEA{RDR5p*NFOCG$2v5at$r})LzM0PXh9e z6Ddcxx0P!ODTT9flU8@OLi_UUjSJS)WwU#Kvi`dqMQcjkZ$UG765P6AgQVp za!6^)Vff5mGax9)%X^`lo7+WyLL9oA7ao7K=st3Vhz{M{X6Q59u8!OSK+G5TbVxHa zt#+XA2WsBRDiVVEmOnwVTg`aLl*7y<$Uwx`e_k%YeP?fvyev%TE( zba5J~xQ($#wKUM(%-BEh4+uaanF3m<%FL(;9o`nZOa0;4Jl1cKToGs0ZS`v zDdU@L+MFtx8<$>F=bQx1UqVv0AMLO15C}cO{L}47#XXmha=xpCP06*o(poia^JUC> zk|4E?>n_Ap$C}n0y}H7k8lyS&45eO8Kl!+pAN>y>B0F`o+EHqtP-n>cU+B-pybe#< zCkO{lg#jq8qfpS%#J6|sbDh$m|Dq5Cz5kOfEhXYY?b=WTP7k+S_mZnlwG&JXBP)&? zzJJH}Vbl2X?I+pM?rPtXE3{H!N{y{#FOx1X?oMXd8jgu#fAj$ZT4yjL|0LLQO78_= zi0pnVe?S@#X%uNU0H|PN?vk~MXr8#LnqRpjOL(9m$du&#uJ&;C~W!2!^tphZV0Xt&R0RJ-oG?`mbmi8Sjz zXj#{8U?H7y(Q&ULNA1UbP-dl6J)UsNE0a(CntAFK;t0OYQBXNs@v`r{d+LWGZl)achay? z{~?V4#iUh33!|Uwo*eFliA3C=o08itO0TlZ zR5sKYY4Z^}qlWBw(J{4Tsf;2@AO5nhEI~^2`9r8dNutsE_nhvk$=?MG@=M&H<74-k zxj9A#1_^gDx%<*;G9ncf74>axxcvS7#l>Y$>0!A0=ap&nu$2zbc`tw?h|e0U|I$9~ALK*hJvE;7?1$Zf>iY4K-fE=%MHU7w z)|E>+SbSPo-qqYmP(hV1B@cxWl095-RQL<2P_r(bchY%(*`DS+O6io^EYgKQjhxvP!(AGyo&3C31mCrN5D?k%ioLas$V9H_dwhA(D>5?QO=%1L}W`tZwXcR*i@xh&6>E8CEsXx(D@n*l;b zW5!I|L@Kw3gNqHJX4mfDiQu_BnYRrSOY<7tatvan18H{^l~)ggAxnEukTWOjxQGEy z3ufcuHcFBG2M{>WQ1R`vLam^*48XZBFK53s55R25Qpr7xfl1N8&@g|8tLxKpbm5Dm zM>|_>U%xlOYHz?S;_CJ5r1Nzq-HaRYaL4`@O-)F+2*{b{PTAm9_NkfK%iA7@^{u}y+3UKK(0d(o>q2OZ zW>M&Urx^F@704|U8LZ5w8TP$X7j#%4hW?ZifD3jm{7dV!YG7K6IGRC13`mQn=B0OZ zUdOhm`e3ryXYJ?l@XSQ44sXVaDo9C6!heVVL8apZXFw1V*`cnA>rc3a0Zs;kS#L

}ezFa+o^cs}zQ z>9xIlCvtM~AJy%JIV#Vh8jA8B<`dWM>n)gD`AU4GO)_R&dAcBIe-jx)?BzLkdRVX9 zN!{gFSm3&)bf&3bfu=MRol#o}^+*Q$HlJU!`?b;w1DoHt9Y@a^zAl{RxxI!~XWi-H zdAK`%nlW)8iCSx}GK}}=<*p$$pK?ek0&+p6c^u~TW)PDoUn*ziy#Sh3z}qeAS5%FJ ztPv0{=6rLGc6Pp%mA7CgHOrDgqH3^)mVx~Rrjf;Gt@O5+86`yuVZ?z6^P#e31w7#d=Lym3$%_Q z35Fpe7i{KYICEd0@&E!rLs&s@H?Wv%r0O{tY?R#obxnFn3y-5+|A+`8q>j===|kgk zp*JtOV*|Gc%{whkufRUn+$xZWzQupsD{vlAmC$!dOuIdhPb~+VYu~Yt`;*0xuhnR^ z;nWLUt?4|q>oDcb=x}4wRvg%X5ood7o|VJW7%jlV9$L;zTF&?F3e{ssh5S^*4ajfZ zo&MBy_GJl8)xmVpsI!H(%XG|{K&brqKCzmH0N2!(C|A(&s0LQw2 z-@x(PCVQ_?DP(W5MImHlCo{?3BfIRZN+Pn7tgIwt?V5brVbky=hoI%X*z)?%^HBX>6Y zlF1_owBEc`d-O0nr?eD)o5P0f9PvfgLK0NBTiyK;?jv;8Q}z1BbSvqtovG8PN|DtC zU!*|yJS9TdGvjVgVQaV5+B=qH@8D(8=Zy9~r(uK7FO2A9vrCs@k9_IRy@ewnv9Wd^ z`42)6=JgnP7<`xx^Nebb6NAS5@<;kboO=}sAj_^^_L5_ONUDGO^Rl+fzPA# z9M`39gm>%?Gk66kGj9lq(TQ}twyosW;q^073GC#8NrrEgxluB0cG(52GX0hF{FQ&8 zBl2E-CBmBPIhs*dgU=v8Zys;2>LG0)3guTo4;x!sZ>tDHb1)=JsbW#zvu?_9$D8l1 zP0$>ysV8jTA3B`{#NzkMwH6reP*2Ue*?L`}wXXAKZ3>}0*R>>7UR1#M+LY#@{M7U7 z*J(qBL{u#uV_8S-yB{o6*{EkFJ8XETsf6AC23O)UwscQ6rrcyy`w98YQ?HM0s|q&f zFVa_4RXIvdiA{Dkf!RX?K0PuZ7^;?M&mJ^dj)-n8e^*#={8vl=K>=g_Oqeja0iDr!$2x=ngp%iwV%9q~NeqSvw@fTzEcYlWszDOpTz{=JE43BLG ztvk6|Q!O3Ns8b)KE#jA7aeWWBWXGg@*LtV39G44g*Ze_+f9ahq^qgO~bcqrM=>pxy z(W@JeVKDE%5WbC;{!2N>!yiGy$tL&5(wV&~_s0(^GD60hyKiF0w#Ez1Y5j^L&n}Ps zE+LW*Y~7Nv#-`(!EDSB#h2p)0_jS0IjOLbS0(Th1gu5iIGQ|=S>Uw%eqobpN6@Pte z{l1f~-2M9&8Ou&nE%m=9QXJ;VrxON>K!2yacJAOsoEDQY}&RI2BdzpFV(9*1;}lN|8)w zV-vJ(r2Ur4{T}<|_s0_x=Nyi%4SNKHw?-g0b!k_oZTVg` z4kebA`s^JW$17O}BdVg9+LNT!T@h*=*eKW1W#S05z{Ks85gz0jTU+Tt+NIoU`>~$X zW!P)*0Yx8+p+L!WDEME6@agCeA4miYQ++90`)eM0Zl>H&4|8Onh6u24D!76Gy^takuQ z>B(k8HdUO1K1swbq%=yXN}`(guHtv$BZPAJ`}O(|hn%2$w0W&H>e+Rugt`@5J4y#` z4B8PIM2cW)J5zLj29$SQb)*zeg;%p zs0*jz38)V}|75%B{Cp(=r>`(Q>L#~gJLk2E_vk1O9>Gf`jFKM?1W_a&f} z(Np~IS8&mI@Q!3uL`)d?(Y~vsYkVK!SC*Bm&qO25`&M>pENTc-EBj(KPHu$s{MlNu zRl1dvkHiZ$mV}=cFYHE>4Qy}}w*JKLkemC?yETz+AWkRj@B^XLMEcuGeD&ITBBt_h zxh`0nmIulPw!T(tD)g^3iqyW`sle>tgZh1*b(l@)LFzxl;z5G>OiZS{9 zp;e9dcEasfjROzb@d8<>;q)H4SL+=aZEmK$WnH@Oc^ow`F{wEeftZ5S!sD~vJ3+7C zRY9k~KLZe!jWt1pP3Y`GFRGRp)r2vuQSeU2$AC}b?6g?&a6trRZ}31mcU8e|dAmSm zW{Owl8Ojx-g9-!U@JhVUv>LkMX{9H7AIypcpKZPwdXhA(=&SJK;`yF&p?-XT@IH68 zUk3`nUjhsOg|aN>_RkRejl8n+%^#&d#$oa&y4*v`R(U4?4rkj?rsIbdz10U$lXu*8 ze9}81k|?$>I)0*Jf%m4|A+2Uzp+qp{W+(Tx^w;m@wL%N-d9JO`0wLcn1&XmqGzyg8 z!AcJ%Xl?{7{V|kZBo0SPY%x{;?PqVxI^Q&VCKqFYOFqX4!9M5hk1Dp9ceJ#EI+BFVyHeCCD5!2Q zFd~t}@0U`LIE{6;O}8V#TFN8v$>^xb6U{o8w6k}_KR&&-`fRvExOZ8T622KWMhySN zC@@6X7bp7+*i9*^QAehgXgM6>@Jq3JV*3vi(U5fBXkT9y;h~>4NFT-q zAM>gr_({}3yq!aS(1TlF>L}|C2wr|90Rs~;ma3#Z_jBvzf(}?`l?Cax;DV3Ge0P6b z&1rls_8H`Sd_PIQsCtjtFWip`2*e>W`+497w(^CT#Q&Ye>ngmx4T>y*x^)KYht3vQ zX57?#Z6@cyU&5clRg=-`I83;dnM=vQ66#gm=VQ5Jot{Il+PQO`LNE%p);rDQB5 zE;et^7fhEz?8>>_Xw8LggWwVI8)sENWyBd4IXed*E|q1%du9iQ0zL6xxxzSg^)SpVZ2K_H`Z!@zA}WywF#>+8ca z$`|K9E3z~uT;g!LFwHQ15&9l`tsZU+}pn@Md`eec)wV?Je_ z_c@!s?cjq8t54{5R)=Fi4Wn43F~Y?tD5|uycLK5)jI&pc@a=!r5TZQSWGx~65;;f& zy%^l1C2~j-s8<>ldc8rH$FkVLK@?@u*zzM5OZudoDT1nVz>7T45 z)okWQ08axrAX>A0_Vz19Wn~U)+s6J}DEOko*@4ccd7}(Cea5r1Jf$U0mX4Cl8U4H7 z!$U#`vsa;2;DM({vv~eY$t5`aulvLCuqA2Q?$StkU`^JXsHpIx>Kx{qKiAkjGTljj z1J8OT)#wqu$d^*15@+Y;wF-^|!}2b?N?NEkJp$buBy>G*9BlFjsClH)LZ~G#pC1gL zFLE}8wARDjy`^|AHmb&cE@c&Ywif9fo^s;C(>*om+u^@BM)P(-`-hU#?|9~Y*?LRT zm&9$qdGW$eP;AjvexX(B*Z3BjmF8yZW6D@zE?-hH9vwA{&HYGV^(;uc5~0=dn)byR;(m79RK;e!_haUm&*JE=uo#EiCEXSDseb zRYlh@G(;PHlUT>Qx-2=l|G03G5vE4cQc+Qvy)!kHMxiz~H$HT(_T^E-Fp<3E!u_F? zm{Uqr_n4_nX)4zFly|ibCJBqolcmMQZRlTeLP} zhTWj{6OVcH$j5d5TdBq-Voi|~6@s0eV@QU2KB7IPIGHSL%%Ai2nIb9{-|po|F9pyn z>Q`%7&jBPbq(8Lhvpfr#eCw0*+?t^Z^77ljiDdgdxS}CvFcucPDduoj+nfDIhZ}r5 z^TFo&bgY``H+kdy-4YjQ`2vBb*#2AlHadk3iG6vw3^*te`w^1D+uutuwF~i3e0)6y zvjt;Ccu+aQP_NJv>)ACn;|CUJn$OmH)+FB}06CA!{h1y;l2Wk08SS~WH01KZU13h3 zFl29+1Fg^O`v<2+uXVgrKmcMCTBWg3d*jC*dDTWj{kgjfhDTUVr23lzdbOtH_OK)S z;tt`hH&ghvZ4~N%2<4T|aGl-Ur>-}^V>IRS?^rlJ$HHRZ^Yi<6{L|rbeZ$CtdCRnq zdJo&LZFWnJnIG=tPtIa#of!JTCo|)}I`%+F-gg%NQqjqwc2R%V>#Qv5n&Hhroym)m zk_;tAo;MdoEiGrQrKz`lKPF0tHY_H(TN0ctc{+@@3MQ>l_Az)bJ*#S zd+FeJ46<$ZDE%Qs1D;s#T9`uJ&#%|H=kNL{^R)Dxr3C{QRKPIYX?6fk8@^Yctf^hP z3;v-+j@;;pnEbOr*rhqUG5Rr|O~Usj?@1xx05uGiB;lw_v0-5bY?+#uxo>)VAEqe~ z3&4c!$)r2t)?AevQ!$6@@E=%92XS#vFR$>3*iy-t#9C7NToPD*8`F6CSW~$JuOuwk z;V@fQ7p%RJMpc~{1oYnwm5x1;x4%h5#q}ztmC66A4cgXxj+zw%Jvn*Q$g8vO^sCQ+ zpp;n!z3)sPh19{`Ej}~~lC?9Foh{7JfOd3blqh1XB8I!G%$9C$Wf9zy(R%-<$HR(> zioI=|)!N(Omr>AOVCF1aK2uXYVb;dh5$xDuMEgQV$FqB0wy8;;nT3UJwZK!saE;0j zTTt4+BN;8Rm_6=BezR*wmrglxDptWaZzENUov*XasqyhM9SVMaQa4j19wsE*mk>X; zf=)X%iJk4t!pE>f$H;Mp-y6Z2>T^TodhhNKUBhJjtj#5&t(ODxWB#;nntoH5O9@nX z1;4?X2aJ59vMlp^yM2(XNeN*{y6*1Bo}~1*M)>FuS9G`jR9GO%3Fckw!HA&dYEhFu z4T2<`8Dig|E5ExPrhO8l!m^u5+nZ5!pEVfgew1?bzcbP{e|gbVHMsZ zYG9VBCpR}Xnu4_^tX9C)H2tK7>)nzm{cI~mSMF#x&*bdMuhZOW?hz()b8}b>CSplZ z60oG6$E7G3v5qcd@qQ{JMmpcUHt6t**H(f->c@ejrJyc%=%h7I%eYm#A)lqz{5aw? z)$gO`(f(kW$l23lcD+SEpVMV~)Tu;1F{ePMO;-K6YUYpXQ4o67jnvaBoR(l(l$Dm%jDb6fk4j1e zKwg#a>-JOs(Y$n(XNYwq{8VnQ`1bAF!6K)ULFUO;rroJ~rs;crdV|Dfk0x4=PbFlz zIg36KGd=9J8Az)Bs%&Ov7Nr(t!_9bGPtOEdbm)}5f63ercWf*h%O(93JME5NPHqKH z2RU_ZMn((<>RIdw#S}Fg#Th43uf4FRX13a2(C3w1W+RKn?QLx%XN?msy^v<-KFNBX zRj_HDo!IV;7oNLFOFL-;UhHwP%?W3UxChnF&W_o$Yjd?EjEo_*nzx##3M}smeo8N| ziB?E`SDe)V(BRU|`!0yN*N_wo$ zZ#5MX1<*o6XL2Pkl-wks`%P7cfBy4?F$vXvJ)5c8~YHFoA&dL`^NHY~)F|=vmak_9~Cx&%rww4VKnc7Ma^#yNr@e@NQ*p z$-1|?RY-6x-sFBWd|qgSqvkT#mlwZRnw6!SFMTVKZ;>As=k>>x*3X6z?cdHa=ecy* zRm^_sql)XY^C{<{QLP4x8?IL9;Vf%D7Von*UbB@mgT($6wJV0V?L-0%2o2k~2)lz;Lqp~ro6?BlgCm~JV z+1c6Qd>R&(`0QTA%ciC#Yt`p@FOzNJzl3yF9|&pPiK>>Alx+5+yn3ZLH|T^6xusXD!KF$OAH45R9SR|F zf7yFYU|+ze>9au$y@Y4co}2IQc;?)(*X3`8@pM~>)Z}i;@+7qAmAS$XA(J(qY+vQ8 z^S%+aiXR>lh*w6k8;@S$@mw?1FbmR?rsK@I`k>q8&+d3Tn+EJss2J}1mRzJ3*Dz8w6H)@^@wWMq@f zjGQW&RqZ7^OOv8;_;!9hRQBXh_(25xZU?zV$1J$u_F{xgI- z&4*sFL8Z}d!Ye9Kg*cBBG3Chlp0%y5Z8dvNmi(NvzJ16u-Z1Gqoq40IS&LgSewms%rH<#+*(iig%(-}Y3Og6s zDb6If+H-;~}-Bcl+i#Z#`W9!WxH(OP?kn-_u5u;E;ZbS$bid>Q3Ejz;otnYJv zN*N{*!N;FiT8b<$S@)dkut4HNXBX#0SCtE|XVUZ;+aLslfRy~SYJG-(eRbTyeffU( zHWw#nQ*+1Pz~NPtc;MO^@A@jjS3v#{Gjppyv2f95t~-5l0CBR&iofl+D$#(x13mVo z(Z^n2?nQ3X<@bFy5O`^3ZEdhxMYm9EjAcIY=z-7)sZ>c;mK0XnhR2((T3qCgp=aBg z9n~MM>Qv4^(A%`z>J>$0Zufc2{AZ;Hb?r?ERUj{J9Jcw;&-XCZ_rfTS>5{K^Ba%wL zyHjG|^Lh+&BJ*nB51q*ZmIZs;Z^CPU#6cYt8ftZkUhvD=4zGzTNX|>eoxsX+CB@%V zCqoKDjvxA-{dHc{Zc_CZ=tseG5qNk6CoQU%R}ftTUKA?L-ydhaN+|C%u+&D!W|@tQ zuF%HI%IMc&gJn`eg5Gk8?@_qF-%4u?eFS1&ytPq3Dii4V3x)D@`>r6~LXIy^_e9EF za_SR+g{4tAFqf=E8I#)IPlxT zGq>0%_D(7t);kIqAjAvGjHA5Ql@d6_(@C0o5AwuNctFg8qZrRuMb(uHi;tvFsv@D8 z^88wfT9L&ji=Ki01jImnKOQ`RAf=h7Ye38al3KSNbdq)nybe_GdvzhwXwsSe+U><6 z$SIxBnjj~X4q6?cQ=Tg;f~5LYa`Jj=pN-q6)kG)XwUf%v9c`q_8o=2#J^Yw&VD1fb zn*HfTY@+hj*?7HYHYcU`xbokT95fn19b&3Pdn4SuPYv8uv!?U$)9+y>` zf+N$;0t+Sd%}~#0rh>L_)PJKb3m)~YwZ*foVv~t4lVcbVvP}-mPV&@2{=5(35$*hV zg2n?LS*bG@Tp`f<=rHye$+^;riOFMeVp$F@h?k*Y@_?u#ujbLAyvuqYtbv-;{_{}? zGJYgVV8lhG1P0cSj1eE3@<3Q*3fMh(u=)*;(FWM4@#W==?ZaoMTb51Nd`(AXeyvg- zywHNv*rL2S6A_*R9qPdly|+$ePvH_Bpd;xd{1orkZBmtFF~Sn#SAh);=(a;uIR?om z-Ap?=i>+z*-dL2R;?2+1wppK)Fp9f7`W#9i!=^qV6goguR)qfJQG(CO&aOsj!qm0rU{CKBP=pLBy{o{8~eKh2hfU zb}cqeos8*%GmrU&AQTl#9U~*dPkd46NsQE>(9jCct=RhHpE~NY$I+~;Jci6mC54}I z@uUpzX(*9d$AY$Ai5KO`-sby$X?Mt^LoHyiBpNrM#{sq3-H{*V1

!ke2pPt?^b4sI<4BMC9QFLKQ+ALcD2v#M9{YQ(LQ z$DD^+7_rnGXJ?83*eL2G$Jb{s{d-DACgg zNf*8{KK|DfNgROq!Nhyc)ju>a$KO1=C`1>3qKK|uksdF+j`IQ za6Gwe6omqIU1I`YilS=u<7@b{jd1P&ve1e6C7XrQtQURu1WO>r8yoTfu=25^NZ8Tj5}t*Ed{4LQI_1{JPh{ajD+E5gZM^Kx=IDuRTL0J=G$dbMeBn#42Uo^;2n} zmxNod^5~T-8m@6c7ZPggV+nazPjki;liWh-qNp!Bm6es18MD!OB^zkdAK1=KxpiyV zBh8uAfM&NL7~k_jkJ2)nnk^?u_YbT-4c+yGxkOE4Sx>?xY zA=_<;oVC2L(JhO_5G_c-4pAi<`Q&^1$Pmh6Yx?8toW|=Zd;0MAVKCaZe{UD2weazu zcGiRR2I+&jG`+V9dzE^;yO|FX4!=o2l>m7+0tPV(@Fmt&ZwofRg-Q*4C@X6XiAq|B z;>jNLsIKW+vr9-yu6L)^8`OR`09n=Juh^Wvs;|1%=VHU6rHqz;z~i3V{^54yG;fxl znqOUAy(e(0Yn|I~iLG@alAlv^`f)3n8WN}U%M{l%LuGnrkhbn_UyFUIC$X00EY4Ag zdpHp-C%>Y!PFNH2l(buRr)wo7nq|2==UDpE;~Oiv>INrWt+(H5E`AV57uLC1;CX-Y zD^;u>L{E*7A{LuY-E-pGha9ZA`5;#{CD?q_a7TF5)8(aSG87WvOtq{y)V9KIl6&x? zWMD@pr5^c0y<(=fv;$&_>c?-q)e>6YtGF27K+>!W(Rt z(ynAdj?HWJx=@s<9-Ol|Qg13O)H535LAE;IUy;b`vyu(9jA~GM?kN5QHCnR(o~r z&anDmC*mP2Fv!J}Y_jC-f}nkml`X!|v#?K)5+VQc2T^jce{t~L8OqWO1?g1(#Y(1Z8o{wOiF&$(i0(_@&-ni@az!MF?$}@V)@^xaO{RyBR zG5G!gIb;^MZ0ZdiCmOI&KiuNc>K2R$=Yhm(&Gi_(USD~+VJXEU2=mR%UL&Vx(xxHS zbwGfBT&ij#N8mgf%ATdUvfH&KhTRfbl#b!@`=~RlhHP8xdn)c zj}_Ep)Z$5h!F7OK0ldNhRw zqxBsf42L@*Q_jws)oPRY;TR8jrA=`ZwP&aNn;|1=Dqb}3q<)6FdOUZjkW&`WwK*q; zuXn^ftS`}6vtLuc^}4NRUN#@IF;-0~7;Kc;ml@Sb$xWEw18ESM$D7`1D0-NWjXEM> zmFJccgv3$$JQA!YOZiYOjLlN9aQ;ig$PTwU85Rfq1wiyPL*;w#@z!_4^f9}&fZbc3 zb%&QnxHy{g7j>T|AJOx7whCG`r03cB4-#$$l}Lv#N&_y`*wANybBOu*dQa%p^Z@W;^$AbfXv)S4MFX-P>=ekY$N^euoapjWd} z92|`GD6kf+cuGCu6dfFxP;ugPP`u?x$2>>+wBVzyLE*r9Vx=x1=5!eVsR56M8IZ_u z|BL+fGQE)rCil~Sc+BC#-8JDeAz@5hgN}DLY5dIK2kI2lY2$^`8al4zSK6r6-78Ow zzlysG1;$OOyFT#<)vv`dwZ0b|Ey-!nM}&3fYvS>RnxRs;C80E{X*Ob1U8+Bewd9cB zR0|<0ZhJGSeZu&JSjJ+?yu%N5z(Nhc-Mua!Bb9T#ANKP1gZ%D@lZ3?3ghRFj$dlZn zXu9B2?%WmZml77a<>KiD#i{nBGmDB{K}T`szk{Zw z0P!-1e$f#1g&b@2%#RytP&spiQYbhRBoX0+T-|o;qjuiWbD4B?2!Ba=I+A$&uo3$M ze~N*6;shMF#_!)Fs%gTqwWk`GNar6*(jY`KL^0;Z4fe^&$?>TvE;msz?}N)6o)26H z<_DvO`JMPQG*+D)aJC*M+u`J7-Q(>k7FlmRdDUVZmWWACkPp+7uz{nXhk{FcYthL% z?#y-mmn+mYF<>mrf1V2058DW$qZ{>jIgHmmL>E?wPZDx{q?-Eyp8v?P$WUazNLd{TM1<89U#2p6sLy@8tVv-1P93#I6q(n?okCwc})tmvu zqS^}9dlXnBQ}=BEdhsvzJO{igl<_RCni>yMMfbTgc>Jx<|CDal%G#QJ=ZM7Y7JD3w zB0%yAmg$*k6UfRS`FdBZ@~=mi_CK&R-d@ zCA59FntHeG_;dDpd|Dz~96L0^UCnt{G4Jdri-wN=Vsc>5GcYD!*?D4MZ_j#)nmQij zKWU-(uqPx{(_(Ib0XqCuf)0MA&lDgtL6ZCvl>>770=ac?r*mUvA|Gu>gAhE;X4F=( zhMWa5ZV3s$5xuR|Vfx`R2TBipSpF$caLnJN11#9=WoBdT5fdcLy353r9E0deAZ_wex zJ0suZM9 zgAcs6L)SsZ{Fe;TA!BcS#wMx#&DAZZWA^JL8jVgkfe%3#V;l&juO3HH8oRhUH%!Gy zM_=RNc~tE5YtmoI36JP(SoX;KUkg8$oJK!?eJAV(`dU&4b8@J?kuwT;)!dt(P~Kx8|EWI)%WH@XivgKT_Hf0hB?m=kiPCf)&sre_M^mpq+T&cb!6 zA1s$dN=)IgEN0VTq(wzV-HBrXXvB3M4e}H}D+pci@%eUgZe^vHB{M+aLgFzah%$kD zy|zJjJHIxV1wnAUmOs&)LZHfbQtThD6h74&z0li==%*kr0z}Rfh;0acsYP0t@gDY4 zp_06ijjo1<#(6iAj?1itMQsJg+KRX}1VkVfqUE{SA>yQA@`-h=;zPd@691HblTfg z2tCU{V8`SfNC-{mJt4VkY0+4pE)CNA%xEn7~Iyj-l-xqh9+FDgdCPjhaO?YiZAKzdtaf>OC4T^G^jhxw&O!>NJsW{Olk^dQlu5W#Ajt(N~&dSn*MCMZi9lo0p2aE)cziMzBxh`+uNH` z&9?UTX9wo54_`q!I-HyZVRfL`{hz{kLGf6EzxUZLOh1P4H*sfaqyir+SXH+pC=3u9 zT+{WDo;H~ABqZW0B>bYjtE;eoH|_={G7|`2Ss7Tj<4YATxFDzGtVwpVTT3|U zg@ruG8R9bbM|KqyUeQqS%z4Y2dz`!^8PG^WL4heCAp9wFW@2iJ5MW`SPpKtpaEl3#CH)80I5^c=b<=Yp-8?^B!^u=L(xch@_z03YGQv+M?d5;KN&g8&F*~~RiMX^ zdE7}zdKodL8@Fe90cG+9YHi+2dV@nl4RGJ`bnKQo7tQ2&gm|*H#PlL zdP4|kCm%i7oJB(+%)Sk6-2YquAlMuTjUWE0JiGgE5^|g+5h7)wA;|Xj_(}J^S6=U( zh)^61IwyzyhMOe=m^3PF+=vG&{YnQwb$87&15d8Qqr+wigBz?d}hU(6*9Xn5qf_QK`#M>pq@JwmS|c!qIzY13`|lN zt>kgD?!ro>D=u zl@Q52EWCQPiR{{^v)@TVFA$@lpeL$Xw7N=S{o6O|=gE?unSd45cwiS=if0SAiNd9wFuIyBzW_=QQvyiU>8^6xN3P9Pd+1fKdyKi7ES!%%(w3 z&VCj-V!%!xtg;e72-G}0JfH7=llEqKzbVoL5B)Cb%%lk z^fPC8c+{X578jl=Ioc}hAu)lxv*t5V%Z`MA_Urw-u`vG#=Bj=ioqBsSnZ+%eE3q__ zmPPI5V?uh7h{E8|(1|sk)6gT}$B@(%wwceFm^}iSVaTnQ6_u2(0rwmAA;FjhaUSr> zp2wvG^~WXB0W2isU0jR+_N$X!KsM=~am>Sa1crDhL{`m*Ri&2V zgzHE6T^OjEqYdTa-G;*T^);GhG=z z78K(Pg*(9sPRz^{xP66W`{}DKR%|gbI*Aa#B4Gc}kfF^2CXG3B42JxQwR)Ak~Wf#E5zvN|a=LOkSX`>1*H#c%jNEhAR8AP%rS zNU_cLAMYl*5g`;UKyFIiNd<#pZFK0f782rPIsEUPlz4FgLxR_n05}%?S9H?_HDOzU z2v=<0>b|FzN>q_!6+24**IGV%0e0uSoZ`3I|;^MkA zhz5}$D!~3uC9Q3|91c0NCxM9Vn5OdP4t6ce(}Ew`T3T9)4Dv4RZ5+1W7CGYB4fl@G z$xaoU_BUq{YaP>*k#~s-Jg+0TFgVBTFX-99+d%*bP4L)bcr|9VA;!?W#4JEwZELq4 zmdCMyf944!bL4!iD3rNGt4aBxWBw@7HbX49?#=|M0-*7Da5YI*3<_QSZ3X3P?y0R4*^BL4^t_^Fr0B8Q^w=J_Gep>nP^496r8K z=FW2`4)S)JDBCP|oIv;5ntS*(L&Ex19uQpi_l#{`*?4;DMe*JDyAE$<^1Xz51Al{b zM@|$4Y*=04z^+-%@zyiB!0VNByaR z*ZJ+!&H-T(uiJv)`oW{zV-mr6vA1B9;5WkTIwaT6AIyu+7z(Wa@&14)WoZO`{RAxl z;02JUXfBMomfD-RSn@sfx{At&y+i=vkU|I4Tl3s~O-B&4a5W|?E8g>jy59IaU$L_h zH0SUDm<&<2>PZPA)aNQ~inM>N;J})c?+h5jGJBw8Aln2Nj9Ob2eWs(V##+8dQ0qb+PT#+OZ=PxaJQP5ccR+LmOpF53=sI9S@??V$P10vZIPz%!4*$^NV z67R>mM^Pg25HZUi?OR@$c76~wz(Sgf6~K=XT2roUj1&5gOe*n6ZY5uP+?w0I))~IK^k-3>^irSWcgRT6sB*%=We2kZ(%^>ca_%uBs`$3Uk^3?II+~I!JP% zwv;Bc67{wHZRbz=Zms#+#gkC0?*pqd_LEC@7!Oe!fARS1ycp;_=e zOm9HKZk2m?pFH^2>_PfdEy3g*e;RYBe?3CPWHwD_3akmLK|>Wm9^QOy4gR7>tU$N0 zolFtd&aPWjyOrV@{#D|T#1_F15XkU7Mc`~F5#aKFpw}Sw^`t=okX>jNe(?@1J^fVA zddvj;2V&E|6L|3Zq(BqpKJrsid5-YxptBA1mXXdu$bTswU-+6RlmuzxpBI1mC48?% z!;RT5gaf4X9(kivCzbckz2j8*-Dx4}lBXIMU~N}!cKz--U<~5odSZdm-?Q%`UW1}E zRKc!#d3_okAZsVRA}$`$hJ^x#^Zj3kyX`pe$zX7SU~-f=hK+KGb;Q<<%=i6#!DRCA z^9H_@xzRZhpIUMjfD0AS&On}+8SQs+nM}swDq1$D+cebIzqGX(%!Y=BB7F>i(f1xy z0Q(}G?`2}5*+Q=sQtANGi6ca#*0Ufz4^ayf3M365gC|Q@Oz(d1KT1|0y)VCA{_0f_ z@LUW|*;cqDYO72b;irqt2g-N>B|jC`;a=$iN{5rvZ8i&6#2E>!pIcHv7_C4=c?v~; zu=&5Mp-|ceY+tYPo)F69$A>I56u{d^*$Qf1Ri#UWs5+>|fG#HQIE)#Dy16xj2h=dd zV)W@vUm^H{i`lg~Nu*N%0Xq;x1_&odFSl3&+FAM=%DZZL@!{P)y%z2w1Y=X#coVt+&Vyfu--aN`PW3;40f0DdGqVdw}z7QAS@fCf}o+JufdWu@p-j# zgsNu|;IGAna!~VJV9*`lTik%+5KPC!pB=a&tqRp>PpeU%^#hw9voh^7%d!$WW{o-RYfNWcOg&D73H=Ru6KbJ2=_ z(n4fDv>GDz?(;8a3Q9^-i}4$Vm1W-pe~0l%B%lAkMIZGAlI%FZ%gu6Le}ZO*3=kM- zZf*u9qHbwRYs0P0tCQy;%dqXVb#UPEGyWb6N0_WNhM^h3!*+vRa-%&UNSeO$$vTcM z*DLxSr%;ZA3J}DtU2<(+!L@b$)5_r1QlQR;G+H3+J&BKR53{ZeoDgArh|Z@AoGFL5 z1Wtb)m`)^WcbT$Bv1zigd+<_FqM>FwQbQp6h75u+)=8s5{a5s(ryrx%iVp zTu<(K(N)BXQ2^7I? zy}IJ!2%rM^tck6h@1NT`TfmXMy!%)G#Cl51owp%@^e2IrDhEEfo_+$ToLXm;|F|aK zi|ON2#Rm2XT`+85fw?a3q%IE9?2kRT6 zEPWbDUhEc()`rg;XduF-z2Nxg1Sh`oU5%dmnHPAo)#!%ict4j#bt|E}@U;Q%-LChm z!{4pQP$-UAC3#t`ZF&pES|fHh8m$Q6C_|q@a4fVRLirS_HbN5Wv{onkoFX3DzHcvd zXJh54=cOG@ou)|?D}lsdGBf}`A5(ry6Z4XID)c1S{W^%4{W)FM{AvdVW?#eX#TX8M zg)D|eRU*RCMjwLXg2Q`n2_$^%H-BAf8h#OO$Ho7zdaX5D@4gk=&wb4#6>hCeiDJA= zapOl~slS^3UQ+{hd7Tx7E{ilo$yA?yq(|a-8MiupqqOH2$_CuWjo;my@iVzLGFE0w?#B||VH?-s=i1;%iI2Y20$J^H3lKpLRHD($;AX-2em7MtYO3A{c zEPO9BS1d!7_$6_ z?ka_Bn4ey|wr-b`g$(dQUc0|9JbD7K!2gsZp^geiIjif{Q!!3!vtJ5QwX0s-xJn_Q zwnN~*KH1Rj{m+nafpnt0JXa93gCQ-GfH7mBh!{n~@^6>@?$_?l26ff35V0u_nD!S7;h zVq5+N-P`7{z}dkI!&$`tbEj~K&o-rohbOEbZ9+Bef}3ZrVtXE|jeki5B}hz|cdu&= zbfO7yZg|j~8pL*$Ha^#8lRjk7s$Jpxy!~8P4P;KYSYncXKX`Uda&4M7-r%B0yQ>(t z*ba;BJMsTimVf_ptiQJj#(!Mb(t57PKi_)LE^-JcV>keQJN_wyV`c~x1&S4t`YyF$p-zuik2)ZT@9XF$}-|F z5lx@pFAe5mc`{NBjtkFK#Jm9pgW~{K3Mm~z`5vm_uwHMNOARi$;Xboo6LLb z-YRo#xaN=aaPP;2ZQgqS0Rq7}p`VN^e-)0gFTB>d4#pg@wS~sg2u6i?H$uW|Fta5E z+M4NQ%Fr{*@Vom{$Ktmc(PP6`|Jg>n$HfFi?|GMMhsE7_ueK5y;-9mE>>oa&1t`Qp z_M!*^W=Zwksib3in-}|`jPb<&8P9IrYRP}@J_s&YV zh7qRaXq)^l%D|FkLtoxQknta%n+qE-@>jJ*`5yFIy)&w&(;pfF2du@Tzj}UdZEIEr znGW!;&)f^S$8%CW^-Y+-2!9CUF8`SU6KK|d9v837z^IWN$$8K)*ayPzf44@F*mgrj z-ZhmLVqqeTvyOA)=b;7r9JGz)y=pHZ7*~}^6!QZn zfc$e``DBPCv4cKqp%+}Y-}Yg80l2Zpei0KZI2amA?FeH3O3imH0-BGB$=M7gz)2fG z1VDor%n>G3o1w4%&+q*~0?GskvHzHOl==&cg{8&RW@#!SeDHfMFO;HLgi4wIFApCI_gbw-)&9K-eQg5+)C$pOscLsOH|0Qe3dF~o28hPIr7vB= z8Z~dFlfZ@=aXyUIK!QaL`g{EuIEWU6fMw0O9ZN`K8y5QV)(=n0EPfG z!eD>|0HVpk^{MR@8IpobT4N`taJ|P$&{1`zPmsyl7jZ}zKqCI}F)eHwf?Ltiwaa7B z{uKHtV;UtrI^HTu^ZuT06=gs}@vGo>u2Ly}M zjX2N0L4q7z01*;kIvC0XhQ;pji_!qUr-yw^J|6?QU2igh2Zlr`d_Uw=1Ob~j2lx%b zP2`+|*!a0vCvwAEIpwi|FlnNL|HZ+L$O&$pOE8+lFzlOTA^N4VBn$38CS*6_cA0}| z^TsdWN8khgh>DY>fFV*L0LGEf(1dj+i(4g^*ewdv(0@UphzUGVC?s(JxKyXo59&VM z6)wLPXYS2R^3l@1)GPM60y#_b0GL&@#s0!ZKvwj&HZH)=BESKhVlx;<#OUOPg#zr^ z1mt_!V304oi*@7#tN|Jd4onCPnnI1oT~b~vY-J1#&dlsBOQs9JgUV0t(4ffCRK zpMvOrGCBm1!pLpL2#};q4@5?iY2rV5u*ogPc)&#AVV|+r$v|<}NbW(8Dg|ZSoU32f z&NB4oNArJ(FAa3lrTygkJl#ft<^At-k-f|(A`l3=MR3IcD#8nXjSF|6+~*fRYUFm) zDXSB&O}{N)MK_JR`^Tb^63W(&_RfZ=uPTs$GxLa0>+9>ocblOOhe916Y=0LkTj+e8 z3tWjn2Jw$mnH4VU^*BroFrv%d{q&+n_V(|h_5zYxHQ|vX6Oi)1DIuXqJq8Y+{fKBe zu}A1guhxQk&P!;PVwODRwvWqAW4o1MsIReq-Aga9P~W+1a`coP4O;6*DaRJS_2ACD zZ7C9Q=nDERDo0w12glr@Y8^(Pg>`#Xf6O`pc9_`{Cm>OfkdOr2DlT@5esJ*B3IvDF z&$RT?uCa*>Cxy<0Jda31DA#tU=SPy6N^DRrV3(U+KAV33& zG9+S%Fn^;0fn{pQp`Nq*m2VqgPL5+2+O_>~%3+Qqm-1}ooh0dpg zH1#V{{Y__7;8+L`l_N6;a|WS`ZvaEMHP3qNg^?Pxs;(smzzQ;h5bNqi*q+pK zaRB!+5Of>)q@vQ(oG)&_?hizc$2Vmha&iQs2bgmLY&|FtUkAY^5V8Rv3S~oY19PT} z)f#=@Xz4%9P`aj`XCwU<*rTqCebjesm(G`cxOUk2cJ9Zm-MhD}Oc^P#;(S?8YCP#I zJnYZ2UatA!^sD_0^k*W09P(PRxr+B1xDH(0;{ccCCu6Bj01pWp1+e1Hvm!8~$w1RQ za+U_t4~7R76$W@A0H$|W-`+LwUb|y}%i@-IWT)eig|5;6`X^dKpnROq%-JV*}SN!)Q zg(VvLBLxtM_|3k~@qKP@Z|Kjz-Ml-de?s)p?x)V;e)5V?z$ly&@O`d~9!+bc2+b(o z*e~4fcG-FG20)X^7hZAPoj?U-7FLI-(u>r?(Lxw5V84LaV|9rJOba%k->?Rrkvk|< z{!h|Jpdw(nFnp5`2}?+Y3_!XKu`ntLqG(V-MKDcN(}oiGXaE4sZ_VixlqC_rV)O?V z`VxJzdUxC(Ugnn5?n8sjtM$hIlQDtfnKhJutedJepwq~22iF9)5(D-EG0?8A1PC7o zcnB~O3`D+eM$INAy)^xHQ5vRSqJj4T`pUfE%GUe|WWJUC*{1samQ3aG;rr+fGyO}*f0T*FoXq>|4(~Y9uH;r_D3pD zr9ACLQW;CxMfRl#V~dEg7xLI;U(zT^CDLRUvhQSTLbg1}E?Kh7AhH|F*q8CUZuI=# z_w#w*&-?lP|K5M(Zf4H8&wZV9uIoD2^1bF}kbnDc-;5H3#l{04Cp5;dM=QT?P ziyng%cr zop_jd(+ARDpwh4cJm~oA_Rm_AwQujy0vr9x!!8Y`ebv9;q15i!n1h4Zu@pb?B>&Ex z{K>RG5d}^C?WLRS;L_!U_ysjh&4dL5U6m{OA9u@K<+<@gazV#``c}#LyPbM-tVb?^)lR z34#2}7ST|ya{JQUvH_-a0T!b%U}(DjoMl6x5N~SStcp4qQM)(ROa>tLjf}0ioPKEf zq-j3RwKbG0ZtZClvwLtpXr#1~Fy9A2iF|``);f)`9jS;_nsv=d=>$0 zsDcY$9zy!Xe?_5!DM{zphVK@S9Cs|WfB^z zvF04;5)|uUcDg~d-l!|_fy5DhTP@Zj_M{Xw&9rN^g#F%4+b4Dir+xpR=ovAMC zS@&=D?b^1IUD&d~w7mrD4HX1c@tQn8fO@YGD}7&XFaKrR{#K^YzoQNcvM_qp$wJ|T zGf)j-^hXXgM9tIY4qnZ>x`3Fs*8|C(gm*=dTY@BDf6Cvq)RS__Z!)eA?%wB(D^?V! zMonLIZCP?lwWZoV<3r(DgalRKv;298hKb1*C4KeodGIr-sX^71e8)_*ci`@n2+;dZ zhSnwccrtl7lG;u~IZp%xpGrFW(Sd9GSioGBLo^2MzW@Hz(QkT?-g}DAWzVzKO@=OP z_29H$@`TD20a<{``(S@&|JuOoFT)k`MrcdDF$C}mx%kf@D`m9w!lXUQ3rsymtBzPO zyCG%37Um})8Au-T>u%q}oI^8OC`$hEj>*151hJ5v5x4sj6sM=&GFVqvS0ey}Ao(3p z9A6j6pSbG_7DxnU)w98%jDlPl+jbGHlDn=iTDlBV-d2+@q{w+4};a4}^>lb~Ng;b6=Em z*AYc&DoLZtqk8ZR0;Tu&CBBK5yXWO|aaF-ngMNUt!kd!)&MT)UFHpq25*YKcK@B&d zB}Ylf5kEzPBo)Lvk)9WF&#^wEcexO4;}WPw}4Xb>Yor*cJb%@~+7@ zCOLw8to}%rf2p&Nj?c@uhbeiu_ljaPZ(k|7CTpKJVJTNRdNeipw*+y;;h#UcyIz!>dfB@9*Fxy~t; zuyZ^Sow)IS$hp9h%8M37BII$){X#Gy7smYo(0c27w#DJzP>Bf7*LXKIAvn`eH!kr| zGUiy4{#Cqtz&GV1Ks(;iwNkZXnnDO;{MadcP(7U zO&gJ@TUW}StyfUE!OhJLi`WYC z8EZFoKANYKeDd4YihSh$TOHhf);wa?|MxZKk8G`fu2u%*L4Mh|Q<}>O7=) z+)lDY_O~wr{9{`*db1k_1QlZXGgdD+A8Xx`BbJ5mW1O0|b_xf?;dr&2VdimEK z#}4iHyY+9EQo_;ghX~kL&;&Y-?nbGlKK_wj^?WTo;rfDUpxHZVpVgSZYYq+)an%kN z^OVPRe;eqwSHsQfDKVqoo{7iKQ-5~?i$3f&dnk^F!>(k8yDq5pK7)yipL!9Q1x)l* zs5Wi=mN1W zs;TrYiuDh;n3lOp_|Lbddj1M{6~HPt+Ez+A_|`@7mRj1S_h~8020Jz__4=)yr+(m` zh!Jn}`aLGxqb_gD9I5z(bGqY!X{Y(E&)2=Q`3X441!tKjh1m57WPRS&K#l9I)fN+D9g#vLjdWCO{6YS7i+bzIPNt9`+fGvI)-n* z>)p@+cb2n7-HY;g0{{=$JRcV3>;wE8B+tzo{@atHz^}}k&%3>Zm~&0gBj8~r!#%uZ`-8o5*=b$yHY%Wqx)a!n-h)S9uvEw@j045GYiErp=xmLpKpJ9BAA?p6 z2=FE*yS!ZWz|JS?MA{8;>|h0ZpOC*Bibm^=% z3nwaG!Qf7Mh%>yVrFFu}%F4(}&&4fa_1?N>*n3 z%rLXDiFet|@$7UuTOL#X*@5xG$8=S#g`YvHLA*jn#y-cNj|_x#h_UoD*~rMvQ?7QH zu-@PM@$N2GZu7_GF9x*5soxr*ahH%g^qn%6eE@td46X2j{vjiun>^k@mOzLh2ydt%{8@UVwfeaOS5;=V>= zX=!V3d!E@y4W9Dpn8LBlgD4a#OkBWiub0akL+iC$R|;(FZgFT2Pbif|qYI}NdsL8c=qMfyKsRme?a75JS-lR;62{SnMULj&pJ$#R-~FoRQPS15ykh$(!Lb>PxOp~& zZglMiop|6Hlj}K*ebvk3=C*x7L*-3A99kI)IHXN<^hhg_7!7q%ACh(Z8fIonzZ6ix zc;5Q4Hlui7yb^FDjk>Nsmq#;p2e}QAt?_-)2b!eH9Q%H?6p$m>uS+cnH{I}q(= z-}6zu847$S7Zr)tK4#pT978GO%t)<$77{W~M>{l`*QB^G*=63BZ>}uCT+Av*(!H(m zR&4rHUOwq-jw-V}E2FhFJb1=Hpes_mrviqcW<3=LaSWEdF>gZWeJ^iLt|a!Y(d=!_ zb1*y6U>FF6QxfnlE@LBY8aEK4!c$(kKkCT15&VcrVj?1^6&=X>gG4C-;h@iaruzCDx{DH{B$6VoA>5%l z%<}lJ;}{$=$TW-lS*63{H>IAx@rujJl7!R^MR?S2LVHo6SYxx-d$a>wWm~@q|B7c) znH%=om~9B-i=X#^F-Jtu(~0%<7Lsvjtm}XebC$lkL9}I7p(u1zm$yl_A`$Iey1RAA zz2xRZ&+ke9rDI}Ml8P7~W)8mb-^aO^##e62S(yITt;?57a`{0gWOB&N%oMDRjFsLj zm%db2uc38C(5xvkRK%S?Nwx25KYaUC+aw~;$afpxLs+4jI@*LV8a&a->KD+&WQ>p&hJI{_giL>bV z00Ysf%gH5NTPtn)-QePMUl}&e&y}qtf2sK>1b?2AfIHoJWIwF0aGEu0Bx z@q>@fe(Na~o9N8G0dz^y)?&phE-sk5o0@j_^k~e=-SDlHz>Y4*lBcF7lprV&)6r@IUGWME5gi>L7$ZEY#3Vo$5{4~pI31~qlprw7KW zl>XYn<)3~vZDQh|d5WDkxFOzB6S}+XLh99n$s63uCZC3Ec%t8K+PAM@?&0z(qj@V~ z)B==6E_UVet-q*atVY{6`;YQ&-}vl1wRPk5WjF2Cjr84Jdr@Js$f|~6!z>U(R%qbg zj+NJ@{*{$$tVPG*cl}&{oI)8LDIAIRxT#yr&QrQvgEyr#MlxYwhglKV70ffBwN{qZ zSJ>69-QA+!46j0IxYwzf`au&}#WrzD$jFFKkd^v^NF?0B+gOM2lySDVx7V07g@hb* zD@sqFcO&(>nOj*kz(Q3tcIkZ}4@=VF+x3(F^io53MY~a_j9py~$IJ9$fH65reha^-p(@NuZi*1(@b~vm z&CZsZl<*7X#DH@*y7%Lh^$MO*<=~(vli)}Px|VN45_#w8THj>sUvWyVN^BVr6hF1q zz4Z)stNXzbsZF;lHoajCwnZ27Bv)!%mx1*;ZmxE^&9F(;mMjrNLk-63*ZMXo$}y59 zjyGU?T#=enKz5TpfnaWFsnnHkzEV|LrXXJvvR)~*Zft*T%+wr1nZNnbstafS zU9}-So5BJG>uMpmfSmIhE6%iBPQ!2A{X%3c;cc}(KJK2os_0k(U%}G+yvamICM5FK zLjG-V^P@!v5z6x5cUbH$f7=K1wa^=;#m-5I|#K3*WajG$a*omRkMzaNdKG&xUX%jY=?4T3DWB!HkcO zf0t^B$&88$H@FjCbJmm7)OLNuyy>(94oxSuZdd9F)h;&JcEOAvilu=>{SUy)5w=uR zw5l#owXjIy_Bk*Wc_lG5l~2rB{Owq9aN$ZwWKF|&kRtR94CJ=Osg>4H?z)9e{TTGh zlC39)ii&?KI}el7W;l5mX@;?Hdg9R9))sboq!Ds}ZosnE(AJi+AfQ(U=&-llDPvjG zcdNccL`?peRThmIZGc;31mG_lZg3-4XAZ>1NCu(DMqS0B>#mkoTtGlg9zNSvlRO6N z`s>`U&_uJ5CJi%<@LYI zFDOWYO$&@TB| z8-|Dodl?N4WVf;Sg__Lbsze-!12Qj0uuJPHynEnTVXg=lGh$W=plk0bE^bRVTA8co zH)}eLIW(_yYOKKS!|bk?WmVtx^$X{5N&%lp3Wh$pPYx#6)g|4p2{6lbBQvjj%fu&v zRwN+QCzwQ2SwWc_Pp_F5qk-NjoAbce_c?zWd@ARD98pO?H_|XPj9Fb>onKli%UsB} zwYXvbo{B8ksi&{A)S@;R=f|yRf9{WqX&F`);}dlAu0L`H!;zMtX7oC*Sq~Dib;`vj zp>w0$!%zbXJ?neY;MBs(Qt_i0bm973y;5V0hlh(9ENvWh&0a=-a6KfdG4@3FhM?~h zSllw7?AJfREHAoIf3hqL4b;1&&v2F)x^m!z3FXP2!46(w;UL%|;)I3a%ciCp4im3! zRB+5C=w28p9s+|5}OV=`35%HdMvw<=ne|wkMZGi0G&R zTgddTii-Jq|H%bkDDK@nUsu=ru)c9@iVy|+BtFe7A+%DPhhh;;8n5#gA_P_WolMRm zN!$9E)`uozjm`mw$KYU#>v>EqL9)nOkOtfyYpZi5?deK_=!@-v=(3eY?5|cOZVbrx z`9+ed?KCOFuuKvI>Of~e+Ak@lhjwiMB!Ma)I*-i471O$Xsp(>NyT4VOFLxV>)^<G%Xk?=cT6WymSWDtG_$(aRE%XZ{exBp{AxzO`|WPs{lDN*_Foz0DAHd4@>cPRxB+plA79bQ&WXa zLd)NDFlIlCFI;LdGw_(oP9*$EV`<(M=rqwWOrbe@>i8C=JgR<6E@WGvK`twRwj(Nf zmS;YWLP&vWF^h51LO5evoA9?^2yvhO$*ar{zh+H`X$3^1J*g=v3KPvbO8!xOej(ht zfMyZpX0f)&C&q!iQOUhr8d`T`;i`keC$(HbhbYyLR{rK;D|)w&{3C=5(T=OD?}hLe9Yo_{kEgYT}M+J;-Yg-fZ`)>bxgP}prB;?7M>#DL@ I*NmS03k;o~R{#J2 literal 134392 zcmeFZc~p~E`!*VDtE~#ORZ9VZS`b7OR0L$UwMr2I6#)Su4$KfxMhS#y9cWcRK|p2{ z0hwoF2qaE`%<~vRRK^fUn1?{fxp(aQ{m!@6x4yI1Ie(n9*7@ZfmI+UuXFvPC?(4qp zYwsujoG~>N*&?|GgTaUx{rSf^3}#a^2J?0Gx0~P-%&&4*@c&;s|7P+V22&KVb?x#u z@cx&pf1WeJVDJhU%*{I(3=clKIgY{j9mHTJE@3d*PcazrYl#(Sb>R=2t{5Bsff1np zq*i4{!6)Bc`_tM7gZViD{cnSj-|Z*x;bvbWlM|bVzn1#p*S(ea=Sy%#jL{#zoxjmP z$p}j9c1$u@7e9FO??+!fPk1U>|LBy&ulJ*Vak70@$h5H1`N#36=;+oSD*duvxjQ9+ ziD}T#x!(PzE zf83P+OYO@ifBt{YG8B})OX!S%*f3(4;NW_)F{jAx4rowVsc&#g`@25?9L zc$tIy^mrntTb{|aUwutw74@Xf?|OwLCw$|3m3IJY0w>4tIK0RYFqg#fI6t!TCC%=_ z>x2m_-2|Svj4309WBRT>U1#c|-X_^ZdoKeOJ+T|kcu_5RJ>KM5&ge$FMHD<|CcHf^uEJ2wApTRc%irBXYKP&SZ0iRUkxru;LO+4JUV zz1?@Mn|KHKKVdMf-+kAN89)EEbLrXRgxykJRr?mqR8<0$9DC+kx3`ZCt4daHNJl8zIXqvMW zn(H0A;SXAu4T@3f90KvX z&=#Fk6!exl?5PMn<~h!}OQck0|8?OQ_G_>Ft@cLZHRt5DnxFhf{|=MccrT-NJzCnQ zP`$xi(7v6rJW(3PYPr7UFcLe^C`JBl`YERmwDYPQ-xx%v&}HInj}?hLC|>Z1XR^40`W_~#tehQ zoA9)`&KJ+U$PF&hZwZcV1_SIJr(UdzHeFp{Y zM>@sp?Kb&ZGoCRg+)y68=A4F7MR{yuoNofeF`{xcbbgojwRW#dFrcz~(Z(gNb!8(e z8!K`-tzLfWC|;KW6wr|VV6?A($(gj{^V**`j;K5{nUEpx@iXSC21vAy_-2OWR{hiLOn;3b_iThs$0|bMi+6K!AjF zhM|Da?jv{%6NPibGJ<7qTCzO(mO%?YA3UPR6H{raTR=DA`SSSyOqGrmpRJntWnSMc zXwTlxBC`I0>nYq_^*mirzrDlfW5|fgH`-;KelPXR+MCZ31ObA2d82~cHS$LLPCit{ znJ*9F9COUjyia;UYP2@tfJRgTzSB8T{r60t@9I+I+k4)z?Fv!?c1lUDwORwrrW>P- zIYAbDn1?GG#c#SwH(%xoPFL%g?z3flnJ}nIH$8KK)iN%Rv==AQ*874=)_JaUM!uoo zH&#%;COvp9IrO0k-~2&CH+9kF0{Mua>iVIoL0-6b>{m(W$g6otS(mTk622;t@0+H3 zDf&q@*ph_d4!Zz&ttc{iKs+<})fTDt!qModbt_1kENoF}Qz)0u>8Phu{r9aBZkgul z2v%J#EL_x3;a$!l6<~{wESNE^ImJ=F+*N>o>(h^Ls;qnsx2qjQ=D;Wc>c*>5{WDhQ zc2#XS($&Sw^DmnzV!pUMHDQUP%ye5D9k(MJn?4t&jx6AMJfot2{3g$ti|Yx|Q#RWl zz?y3B;)qRdVXQMxoM6s}aK$^)1p0JF>GbgPBf0qeft{LdQ(Q3&<`|mm1AcX9rS6LK z%}*EfSK6i&$(rKl_XRBAoaQ$j>DsfJr!gMb`yFeEC1qPx)0aV~S#cssUoO5GUHsmb zh;=Knu}ds3Gq%*7mb@x$$!Vvj=L{ohILPIuoIM1fDR;j9G_*fAd-~U|i8BTpd z7mm9fAcPeb=+vv~9v4%1nc}gOhyDmXM{?~L*{+R}IY&p2_Z=0qd&e>t7xk--iYSJt z2utd@)Z7YhTGw-#s`k0oA^MJ|dyL-ocV!WI%^3wdyEEZNMU`^a)8nP-ScEEHA2d{_ ziGH%>1?M7G5!Nd?q(}rWy`2Ao`TE7;0-WCo71sOp-6o7p3=1nRsl4;*>(=>|k5(N% zAKuUh@{j7_xB^@(1qqk;`kT86mGu*zu>6tOzN(7paKDX3c zKrh1NhZTv8g__y)ed2~=n(c+0vLm?{Z8(ShPfxM4ux*PP^ZLAp-d2MuBFeED zml^KB7xfvo^R`C#ZQ6T-PV+DG9tt`&Nc30Zp?%Y`;u)8lloPOfJwDXjwNfAg^yaTMtj2 z8lR855rUs*Iw#O^%TpwCLFZ>2HgrsOe7c--T6hDLAJG)Gox%PI#j(MzMwGQuo<>*i z&waV1V`lP+BZc@wGu;HrY~nrM@A&!o?uQKH*eTLJUdGZtDaODu^nqMJO;d-e|Fg#q zdFd#-DwK&Mm}8n}1?}b|Dwk{L$D{SPw=h4wo7Z)i^f&bPJqdA&w)Y|!LM^b%R$jE# z6VusE2p7E9FpN{rwMz=yTEOv6`_O+%2th*xL4^tI_+M!nlB~e-8F~^YR~=7VE%g|` z|E6!NSP-VkGt+p%mcL0@unRUa%bJ=r^wx4zv}Vin5K|uu=qy2uE1kwM3y7uMSERKLUN+sZdRqMk1Gp93;Ox`CJf^klmZx-KN}tXkbf;yrex^{**_7Z zboA#cGYwsGO!=#WX;ye?Ev2ADLX*bv65dW@M9T@cd5rx>lJmes#S~ z%zUZW%irWux7Q`S6`}aJsDWX*sCDw>)m*4IKkDi`QRQ*26p>3u!z+=Bh` z(o%`SGkbnHGc+1#QdxQ-{iZtp5YFiH^CnxQ>KToeImD5=7v5uE|I^y%n-P*Twl3E( z#uqpzq%}%*=Qr2r5aW57KgCi8Oiu`*qluuiNwT}j2BsnxV(Q^Dl^WjaJ{+Xu>rma? zy^||fYL&T6C>T!|R1EQ?q>;Cnsni2k_w4>H7&6uT`lO-xt1)NS3v;K)1+PWfJC=R` z6}k~LORCh%pihtI_XhlcgCyqd68w`C5LNrkwKQowhG4NoY{3CO1o=g%v2 zS;z9}iB1E-vCw47mG{f%AO4*3HtIn|@J*qVtB?ZC;k!|QCf z>d78Y&>u1=YcTC$Pe+*pT{bY>Qlol@8U>W56irAqkvUa*`mLaVZ(9M>6-5WlX#i_uLXGc7>kL6gvt?D&X6{^gVAA?kmq3i-}&ba@BGv>8Q$6y;G z^NjVC&5<55f!*B;ZFt$GB9G;U^(013zh-+T(;k>}{OeP4t?M^z$;N#dUuYHwht$J4aS+dwBVgsFvK4Mx&S(=3dv8jGIJ5t8L9!%07{QK!hj$}^1 zCO)A&!TlHy>B4{}1=G8NpFfqdBuMd}vbo`XR?ibv(dF-h#BRpHCW$OT^=%jqn* z5HF%hRF@iU`V)jt)IFYe?AI7fA$_{-80JzY8;A*)Y+v;9T1!hj^~@?BAzdTFo=tea z`CNdY(i^)aH7W;Nmb35ANo^Em1~>2Q2JrPqrAz8K?5QK!M4n# zxb);paruFg-Ic{%Y>KG(WIlCa2vKgC{L)+9aS&CUmM#cj6D1&L}MB`9Je!)Pl# zcHP)-8zDH_V&>{!VRS4C($+KV(wZPeOc}>%9*fQkss>$DoA9+uWYt>#1r7;x$W70@ zPi5l8>lJ2>9q(vv*ApPnM$8Us+@NC1pZj>6Qk(eGb-j0ibt--*8^g)R4+@jZ{z6sO zz@8%o%-8c0tDpR*DrTBf6z+;N2@0R7prI#3SRcBwW=i;$ng)j|5teqH;T*mcyBApJ zOe}C};zEy^F$Cs-r{$q5!Hdh|wDd80IH$EEAolhCzF^s)#lw%kgIE*3ZN}V8$_VIE z1a5tsEj)eJ(n$i zWfHNz`huG!c%&btYQhs4nDL<&72AI81UJNpMtbsAY>zM1wHTy;%iOmG{=LfyL=(w! z{xRz1E+6_XrS`}{u72J?Y{rSC8U5dVI2G*twdqiU#%giw0O$L>jy0-gXF8|t8*3uJ z6jk&Cp55%%0qIamUI6{b>*1$bS1O`ReGpS?|E;Btc!bfrBJ+MxD-cgv%vqh2wbA=A zZF=INY9L@P$sqM1i)|aSz#C_ zRz**r!*ULv63PZ>sVIvK5F<8KIL3CGasSVWdyHC0vI!NYKPTd-5v_jeqHXuYWRtVA zvwu2X+T86GJ%M+-?iS16U6rHX_xWWX47*vz85@P|I85O=8H-^%5`XJ95dUHYNfoP%lAJ8Sg#K|4qB6SWDG9mNMq}t-UEW$_e zB+vTNTkn{5oF7x)>CQE(1&+o!M;?)V?w1|nZd_L24DGS`((v%AHyPzPQU&(+!yf!PR23K)_~W8)&lS2i!aB|a?T-DY#aQcQV%DAvpl~vPAqdj zPzKt(dqQb0pfA03s1$SW*bTlwB+?Z71_y$GfW;1qT&7+ z8z+@#7Vb{)Oo{`B@=G9?K(US2%UD0C$Mp9lD-Sv*+ZG+VEgA@d3uW$^lW^m4RrBq} zfm3BYHWxR)ROg9F#%B)pKB=ES;BLDweDwll5eXkZv9;#}Mcm7VjM|VS{i_B88I1oD z|8|79__EJoCR!_ZhI~eM%a!!l2SrnMxwQ4r5A7=^XGvP=^8ZZce$BUZ@1o8B(T!co zI)9#^Tg41?E1}Pi)696uJTWC*G9+5RfAG(#%GNVA8QY|elnyw;D1G+=G@kS|sL~Px z=SKIqu7C1&pDb#5R9Q}?=1z@+PI@2~MRFcWGGIJoHBGpCnh8+~je`**ZL5FRp8kxU z?jGk>Te0us+i)HQ2JCHo%LMh#^yyXEOwNpL$Jj87r8WG~Ni*l?L;4_LoZorTl7#YM zB5Aa2VWID8%5JDVQ16eUdcVETTROG-o=cF(dQNALVnI*0<0YECV^$R?ta5i6h_Qg> zH{S2!tW4lY*{uddu0a}kdmJqGa-x=Lg{$uIkoq{B)Vc(_xHGu8$ySP_CZDa#ZrU5s4kK_ z)8s)u>ye}egK!+pCayp8Ukd^i6r7jlB^M-0<+CV6`_N8$ub|TM!|RQrtm&b*`3F4* zUhN7Teylb9dSge96`hwdwO}h1vN|PNKzg=VCaQhL4piTxg%(DNzU-RYgEs^u#X?e^ z{wJwBX2<*QQ|;W`423SD9h#-BE+&6#OfrV%#%v4BM%F1IRjGqRnPu)Y5If~kHf5Il z2WYmELoL;@$Dzj#WT25RGVzb}B~);W^r;A4*`n2YL?32)?{ybHhM7=|lgPHgGe zrI8!B2i4yHm}S*dD6=QTh**vF9?cFg5)=%C>N$C_#hS>-)UG7~U-!h7v!9Yv{4VbPPdDFegA(X1L-WZ={QS?pXYkS? z-VbV7plDEMCaN4nc(&Uezy;^yymH^5(`LZ$F!1Xws_*ie+O}YJz;vqE-~}=dVaB>9 zHS|JvB_aisAhT|<#W?@KT?c~xau><~yflGlD$&*7_GO^pR8`z@?daExzndq*Vw811 zzD$=4b*YsO@|b9sGow}RHk2u>%~wL*u-5waseV6bDVT1Z)#2Ghyit1%xK#MCV6Vs~ z_vD3fT8jp03g))>*~Z%?nb^Tyy&~Gf($e??smgoT2f6Jb?#|f+J*hEle6p90HbEho zd4<@%nv|Jw<%WeuBW=IlCR*P7r`wSAiT$-93|7x^p>53o+Zt0*`1$XWjiN_?37RUi z;w*Q3u3YXUa*H>&R)y;mD8HE-Pss2bLwk@L>Ux1v(WJg0A;_}yqJt%1M7t%ucxkoT zO4D)tLmR8FfqvNEKrhI`0p3wcnf*H_Qi#8>iHm*nAVUx23wlBC^bH*^DaThq@h@R@ z$Ju%eDC;ds4(u)iPnCO3@THQd5m^|!di9=*=A0iZs6Cdkl&{L6GOz8P8!ZcQ%a7?k zY8*+TvX?7o-`@_bDp%RKIyKyOcPF94c`}q<#=gf4p&U`aVo0BVZGzkKwm+@s2ifsQ ztWNuayoQ>JdzA}zwcJkpGc|fTzdQeY?;{gZ^JxZPT8rml4CIl?X%n~=FJ6hL+TRAEC*5w1!1Qm+ryI8JnCk(VQly*cEujN)SNoYwtDqPx@%8O?s! zTBcK#0gXt$-70E>d70b+SHCX3xz!}*qMUx~?pme6%+G||jJEtqQvEZ~%>P5KE$CO( zni=DLo4-FRRQ~~p;T6^Y=L~1dq;d{j;%?LZ_$W8zQ(vy?5r>HTGCJwypvudS@_QFO zF5d8KKSS!sw{^psF;WDNKvlbECO!X`QcO^vsMw>H2eR8M_*i+Dv%_@9xOkbnsRDQAFz2Kpgrb-I0Gt+xz zBzCOR+^p%%X4!#>)?An2RZX*$<>d$L0Gm9NC;n4bz^H(VOPO63=a=8DC543B8-`p9 zT~r-R`ON=|(U(6?(!PDqqQ#N#mvRcUB%M(XvggV9`2zuUCdl@_$+!jW#u=y0GB++! zr|+sd2>46fM?*V%k^*PCOtjYWf_#_9!;)7cPPgpd45S(+SZET>OW(6V3~|X!NrQgP zqkiB$|GIC5Z|U4V_d3mn5xNLi)hU&+Hf$F<$Xn%r3L7_xNOoR+ zW*s@tp{s6|@i`ZnbP%5gnHwk&xc20Om!A$wOxo7WSaPCxW-x_2-vI`R2W3%tFm_{v zmQvN~B3-@bYwe<>elI@-1k}$fdCcJV%ZQQ4Isa!P^PXtZ!98`OZBp#5BGUc?FzYl% zS)fg^Yh6SDOZ}ywLr;gltBOgmNmz2#bxXUEaxjiDZXUJ{H^6=>ng zgKX-ikQaJxX*mx!$i0>B9wm=Xa9mWn%(&n?UniY(=7hrpCndIjb!-pZP8!p;Jx!46 z0PBWr0mtwhY@7^#FcLL#b^1c=$koJ_d7{!%s3TNre)FNKAKofwIxkf4Dhu)EqP>|* zqS6I=a(g0?$=j(n-%xz<_S+$vNy<#hMBz{ubZjO8%tt(NSzJ%QlWOkZlP>l|ln2$| zn7K5=%g^Sn2sHNfqbzqU{#T=OOXGhjB+UPO(05L-DEmZaRmP_LoY1c4)SM5)w3_TR z^pdZ;s`JX}3^)T{Sc40WLx29GEV)j-8H%+2NlHC)=y~*L@q+a2|*QEeQ~Pi4L}>NpVm^>LH8T1Fc9os zAX-y06DP1C`$XKWNXv718CQbcu7}=pf&*8$WA4UGO{(m%IsZ}^=a;mMi}3vFm?o*` zBdz{ZW^z<5QC(4rEjjzTy(~-Hx4?3W4%S>}0bYM0C)sN*aO=`q?tlq1_nAt9%<6)r zdnpdAk1Qg-&Qxp(Fj{`3s}G%}YLmc%T=1rwXy^;?2$zj+1q4sa1v;Je)2O6s z=k#=Cj;4!b4bZs$OYUIsXfU)(21dArym)$4k?f$W`JwU`aDa7HzP?d=z(@VS+RX;% zIK~_7P6n+W@PGJa^(rp=2aNwlRK6Pf#AB$$iD(gPYQ`B(v47k>^@7RLteV+_PFFRs+jvWBWT}*V(KsDCGB@nG-;WX&gBOB+d;`u4zQ+}LV8V} z2c0>R?A#MgHSqn+9L-A$S632Aq!$c|zGgUOaEBlY&P7(FE4G7vGU#VjOwVr%8Q8C7m6F7V1+Q zy9)x<=V-xr)~bFL-XVCzzAx>$A=#Kc+bu3x{BktRBR6Pns%zMb|7*~;UdllFZ?Wa{ zC0j`Bxkp9PKDl4kLess3DWtL#L#VfVqY+mqgYj2`<8`jK@NGE!x}8RmVSXayF*A3c zN%|^RU+h`HUki7edWvS=jTMcBG`({k$503~i{8ROLXD`h= z0z`D4Gpk)DZs}F8*OG6{Pbf)5T1e~DR_5sz`8BH~hN*jLcT)Ud zuFE7D+wj{}rY+~kTeMa$+!yQ|0=Fa8dUF`TYm=CPE{WeDUi@hxLvAM)CdV>YY4~pv z=kdlxmL2Du&cN0j&5U#%pXzTTPC$I1D8`<1O51JkTCX(=3 zyc@`VIaF`A?|<6E;h*?17rg1-4GVsE*FI%%$5?j-=rU(eX;TT`>hp z!)D4F4lD5$IM0Cb_p~NT^YX(s$<`BS3>dU^H37(^53e|3b6&=u}MAd?Af(!lfaOLnx70^cZdMZoF{Oky1)L*^LJFK}us$p&yV(EuagFY>bzJ!7mck(6V*eAce=pU3*R1^rHuAVscSH;q zVeMkAl5Z3;YRCK3Saf#NS?Qqp!L>&fFa59Db$j9GrW)>5+_Mb(;8F*q-~(XQyK#^4 z1QF^bamd!mqr%`7ZT09slOQg*=A69T)IvWJf7MFj#_Qb@E9+uod0cIMP1Fv2(S>enx*aswhKj^d*TU)`H`Cd-#W|DBlu5csVjT5NI)Z9hMHLE`NX{_U) zk%*0}r!;WjHGMU{165@VBNnxiS$^zp$F6LPbnfZ`JNC`(%>f^ZGR;zw<>S=dyH(uH zv}E;T)2fcG9I!3lZ*pWiDKh;O-D31*qe+p;Su=`CvsH>|V=r+$~mG#&w^Mgm~qqFkz4kWoZERq(M^T;a40vSXB9}Vu_Hi^ib0;;y5 zwBPxxhVUvPsyKvQYVR9|1eO;%sGRwl?p>HNfA z^nFe0OjxchNd=;)+NI{&{sP|Q8!@`Ny0Wsf>wAl?su6he=m6$&jb?mlK*OSV1kHP- zUZK_?Xrfc07EAK91DKF1RIKd$ETY(7Jz;`>pD3>-SesLGYJ8ga7yr=Jnqjn<;F=)6 zQlm+I3~^NqEWx^XFe?1WYqJe%m*3twCtCz3ZEulUNj!b`u&fKj*qLg6paynIP zhP!RO4&dg}WchpH{`cC&!rz1=(F^il=Q9OW$LU)qpI*6%T|4ue4|x8O^2(OEe?B|& z;e@!|lOe%uzjVOB;|D4gFY6Z3sLmQnN25`RU%d7k=VGxuX~5f7Gx{7)bXe2shPE{t5w( zJ9PDA2qg7L;X6_H*^&e=s+PfOUrX_o>iYvh+^TdX8d{ccV5?V^2NN2&Ey>#I%2v65 z`uX`qos~owg8Y6AIa3K1gajaNpR#g-hgITF*KN%;O;hys=EhoDW-KfubY0Gr(062- zx?f}tkbR5`@&HX~C&NxTIyx#9O6dpRh~h>yrG0MJ;a1|xNz44dzS(-t+S=N!7SQJt zY+;d4<5bAk0SZnnU1?xP$}bK0m|2Ht-psf!2npRLQOqF5LL5$+n3!;04TW!$(#Y*J zQ0HhqDBzD98q~l4XS;EMSKnA^XTVP_XD{9^?j5`6UAHF=Qj)9+`x#${2Y%5+xoGde z#Y12BpM!zrQ+X58_KMC3qCRzzr;~NHRIBFCMWuuR5YUYot5!X^{O(@#$#cP<2Yh_q zh|`_|9)mOUJA69N8b(tGeOmOQDz&m-9JTBJ`v|yZ;EGZZ4(^kXiZZRx(<(;$iA>jjerE45 z9OxZv(bY|O|Mw4BSy^@27CEN~R*{LC%LZR#trB^e#Cjme z+1s*fzr4FALjN>mu)aKGq+u5Js!B;zwPO7FHpwGn#PSk4hG!MQY_M~Thm7C(= zGhOA$s8G0UakaWo*=SSQL0(zWfryS9?>!Ffr@+1A@^_Q-hG5mMbw;?+F3G>&)#Pm| zu+!=IBT6aj^O>Z0nOwd5Vu=w2+4V4pD+%;%GP*~_vBB3>DyQG-!st;Vk2c0dK^D5l zn%Q2+Wjza(sehtmeyTv+@cGos4I4Mf_w6dQyYcBRJ$J+2f*Sruy`_N;2Yhvn41WAs zdyn+aD`gqnU56e11Q?&?G@$io+i~Fvl3h-5@!=>%GgE+6R9RJIlbACAbl-h98?8Nk zQR?av8Xgy-1Yk)a1gKlL?C)E99SC$zUjF<50T$)ODwjr#wGaKgk!6u%sUBE$^haC} zTH&;m7St)G3~>B5)N><^Rg5CnW@Bj{?VB|$C)FO%Ie&-nd3*YFKYIib-oLs&R8I(m zi26%`((V%rh+U9Vl3zcH|y3f@QqU0N54m8mCbQ*5%LUmaKy8Oh%1du=c z_o82yg@n4>c?FaBC-PbO`OPS)fKAnd5)ocw?Qh?|fB(FtrPKP_N_qtsiqys6nQEiK zZ9mu+SGCCkT#O+dfDcazsUB68hmz|1oXwIdjOklF=!W{UkGDx2mWP}$LwQp%k$q0^ z%A>FNG%x@_s_xP5_+7ZoMnV;5l8ooCzQ!GtyG*ZF8+ zfzb-JK90CPMl_8)opLB`p68mG6eF+2t(^0oEUF!y?=Wj&t~D`-m$S2RGTi46RO;bW zh@asOGP1Mxl{mMUMqVWH7mOm6%rpK&yWx6^y=XXyvk-?OF3ri%OE`G>cVM`|&qSC% z_YS|OT0Ty|Va9$f)QRl1kDCqtY(FHY8!~-c_DQ}ms-UKc7x2^i?xT(26-mc7zkK=f z15ni|K4Y@4M9qJ)7nN32uRsi`1|7!3Mf0986%Wtyh)0ajZ(ynEn#^{Q2|4kb^A`RH+wiw&uRV4wb#RzdGpK zVG_8|Wu@lU`Lc2@iQD+`&23`?)g4>Vim!Kz-qJ7#z{c^mG#{8{WTYqHl#+=-_orO4 zs4@1c;X5SMoK8nNzzxI!JvcSRcTI-i^g@Q%-fJ_pW7F@%xP=RkZ-!f$n@2%CXpeV7 zvInNpb}~nD>8yFi>Avii0dGnS@9%Wu*wH)NO?$Js9_G9ZR8d8;zWKv_zM)-4~ortnkWa} z-refMV`XL*7oT%M&!`njW%te;hp(6bMCzdU_@Fqvz4M(>BvPfb4XWTWpmRRC1)SNN z7bc;m(4sqcI_7|Fj6BM6vN3uRE)_j?fcfDmFc#)g*#G)@lbb585TNu02{>r{=Wg_P zO2r*e<0F9RI#uFI!$TQ8ZK$dNgS>7MWbmO8mArR5x7I`8Ra7*}ZyMnw? zGQ`CjmGM>_+LnXy#iL{av_#J}>!^ZaxALr~cb{XdEQZtm_4c6bVbZOg2O>^=;=!9~JC7iBmRRp!x_ z6f7qLZvRO%2z$&;(Hnyek^1D+7T=H1*N`DVErfO+W2URFgu85KcuDug6 zibN^|eTZ~AaHxSQb@>XYq+*AUvZOT2YJ*g|BYb-NjJ%TNWVu$IEZ%igG zz!b#nw~nNHQV!hSBvSvKV&bE#5qjlyNA6e8B?iydky#lDvmbAZjZS$HgG_a%N|9bT z^3Bk3F}){{swATz$)0n7V^ls-xL|Wf@c@YWyyVE@j0^>UVG~r`c$_iFAQZ~cN5@6$ zBKH{2LKou1ty*dh(;Vy_9%EeJavJ7%iuJ!!VVG70gj$gBXbu4hmvWBf6rt|K3QO=q zG(MD*efUOeYGb^*^1p2sVwU!o+0My<3d&abjeX83Nsw~8uoltsNT|ryeNj(w4s$O_ zAXN7lDVQZEDy9SRvy8jOLQ&5snA`ZjYaxa$c3sA8Z=9f5a`GnF7 zr0~L_j@R#0K1ElkLwjv@DqA9M2JP;ffs8_1*az-w=+&1wu+t;z3u(-Uk|C}G*K4KITiG$To=RbyiuDS%H{Y+v z5pZl23HX1qNSUoyj*>^=%e5{kzVzlVBm#{z3JlBB-`w8h2q8p@Lgm%Rzs^mmIX5>h z^w`Bh{DHdZIFfo_!I`}di<5m>xw)sI%54&pNkpL`uCFPuU#UBD2FU4cP9;uF_2_G4 zpE0NE`#aNl4^Xj@JNfVflJqcPj@`M|>1+-6?)}f;QQAWKmjoRAPem{ireXUFBe+WA zNGvuP@K5XeK2Hm~J{zkB&3gN{MN(dshia`XMjl|-uDB*3#RSR}LTe2f5jp(%fod~k z72SdNHp*06$!N9#yY8JccM(KTy3Y}rEX!SQG;U0PgnI3eqh5Xg8N*qBF0S2Od@a2^ z!L!0O0Y@2$u|-i-P!E?-%c%Z1Rg%K@C^0_)EI8SW1Ts(&D&VNagA#KTu8cG&j>L%h zj}SBs>`mNmdi2@+0uYOaS=uWhCk;AK0EFH-1lf?~Pr9=o2JRy6aDA z|K7_WIr{Izt`3sLwM9OcXdooTSbLp`muZpmC?6iky+OPT*cnC&s^S1q!j9zDm94-o z+Ibv3ZjGMD0oHx;`N%yeId#s^%pg4}m^TwVL2dELz_J%JEmnCpU7!6?R6v%WVv6^u zNP(uJt}hfQ8V#;5lAIyT(%t!2etBA{btZZof{m3{_urRQ=P zOp31+C^Jl|xh+h;J)V{Bv@z{->3!560H1VDYS7hSy7Rh!cSpT$`s2&!K3Kb;BcE*b zZ%)zybiMgTd>H7+bG8IZqZ3@4{OO)lJnriC^K=+rc^|T)%1yvP#`xOY{e5?4N(dgM z1Ypc_r=+@QnW(|qw1#vLWDAmpkc7n`z1xr6gJU0vt2W=1oql$vm*YahSws7dWHgk+Bi3GdMOXo^2XTD8??A+53>$s1zh;PzTXp{m*vA3^?Xrn*w!#s1jtoeChIIAp!MPV8l2>R*-?9 zP+y3zIspbr5yAN3UN&Rgk$hs!7lL zglIo<7}*7+AO;M)0zILGY0VOm(%6sK;qUtT#$-JmR9BH?2JUbGnf z*zpu78=#0pkR_KBYLnrEpY~sPWNxap2hnHXSW@i2{6+@OF{ax=ZA7s_WPnZ^iK;8| zJ)-0hQO4TivlzIw^(9)0eEKhiS}0AjVn%~!9$*K8lK`gZglHH*DZ(C~+(PiAs3!&t z1{y^+s8Bp8Jt7bY%Kx_C$FzE~yYrMylAg+=#v~_W=S3)#P{!_CWQVIEmh^Pj@qRZ-KZMnpghkDbiHq?}Y|8%q8ZG zN|NqT^c;uq^?&H6Z()+cK?q{TeNi8Sa1b3G9j6oEi6jN$yB=%+?9p;NJgmB*AH-$?g9tFr z(>4S92H36~PXMgs_0z}%dQfh+C%wPC%(oI*vJksGeaPY09O0z+?t}FFAH50$_w>Gf zgNcsR=g)ryXXgWiISTsMC-(oEYsi*E8W_18$bGq%1Nj0LYzu#hnNpHzY62w*i9@)P z^fP;3K=44>wjl2gzKFz&?Gy!MG$f+~pG95DRjldu=){=M2ZoL85q%;lqP68d}gY}ok6#P5-|n~sQ#gZTBJPmu@Q%_y#E_M zPusCW-5+W6k^4JQ&LO1%@&=i-(17(pLH4QJ6N@quMK=D9ozW~vKy7na$O_e;e};-7 zOe-4Ysoj=CHYXqcjF{31tP<2i!cfQ-2dwM^9rgJvvoUV-QK7AtoSRj*GM2)0NccPx z4qjU$5HkV`B8w1q|Mrl!FFsm~B*RITDBie-pZR(-S97fO3i_(fCtwU@Rhc200{X zDkJ4%FM1oHzse(IWyLr)#5h8INFM^H-wwog&?zR3H<5#^(X7$W3oZlY$f1QI)QkpS z{XpCq#+0W&hg5yOH7^qo`k$jP$2(i9Mm_L;nozL!>+)S+&Yu zR}dqYFRC-&s$g!I42F#-g|eRr;8)^i`QVCn4Odq8M}U#l ze&ivjXyq=_jhW9H(gj+wtG%_6@~BWE#sHK;Wdbwc$;kz1cP2$qD|amO+%`P2fi<`k z$6gJW)>QdAFR!YyIyP!OqPVpXRC$xHieQ7ON5aBRsP?LL3AcKM+r;}IpTOqaHikTS zTz7Fgl4NzGtUZdSpPu0X%9@QMb8X79O={hnK^F@(@r9yaQSL&TLVHH-vT+A&Fp|Cq z-SndeKDUG{mb7=?X+rA(t|FyZj#+{Q2<>1=sR<5;i*%UAhEUaZw46Qiy!bG<#UB84 z3145g_3W{^9lFg3_$YugkoWf0aMMRm!zSnztS(+Z0bAmd_uE$i&1qwYShAJEsuJ>-^zzZ1I6B2wjD#Omonxk z!1W1usOOzmUcJ(*#uS2@2PV{l6%4dQ(qbE*{bh1c>1t&mx+$RY+)(d_iU6V%=$BA` z)vkd=0`#$w^8XrHYLKXnDF(E8KcPzuMgyy`AJIr+2#+Ok);dnn-3?jlz)j>MVONH1 zkPDdTU9W`lkK&Hz39;P2^4SD-Z(CTDbZB}uz(tVU(XOe5<)Yw~25d7@0)XV_Jrw5SAE5ky}+O3*Y5S1FD^S*zMp;mkyl3c(fG2vm3CQrBQTSBUcrEMx%8f7vDqi z276>I^|omJ>suS=LcuX*@)^t#ckHT-3VAqkmv8HDCgpxvmD&sZY`V9SjZg7dJi54~HMz*T% z&r9o$8A8@f0c{;0*_5^b5ua@ipsH=$EZSH=kzIbh89KVyVI=U##GOD$9EXT- z>&!ss|BD`c4_Il=H4i1wve79yqzPTpNR#HAE#-BRXiXGe-y@BPUh=Sc4udI0o`V`B z7TD%52h!p5!YJW0#F(4;mw;)zHK6>Bk3Rg*Z%TPr=`IjH@bW!pag`a_W+>v(Ro=BVW{m8} zhOGi|0(X~1seaOc3HzX!{yaWrU=@DNVq61NXLudUJi>cI+>&C+@vaD_+#kbD*2f9rfg(u* zu`kT6slkCNi8I7V`40V6)-J4i{=l9MnAUG#^9v+=cbGv+tb8DyF1r8j_wGIUO=}aj zk@7<|(h0Xk^<8rKqfJ#=^L~b3pGJQh%OFrEf4gW%%F!D;P_ZVfYT|!T(-zJz^Gfh$ zZBal`H=3o=^tB8lBp8kx$$suV(fM7Q%~mdje&ZZQ90P-;UWvt|2~53)&}9V`BebtG z;U_E}qk!LZB3zkJjFNXw_B*L`=R#5N3D!c2{nC)r?GnXg{1KyKXMvv1i}30PA=oW{ z)Jr7#`BM7vgHri|rM00EE8h=?yw+AK+X?%5g8|S`u7p0I#S~!YyX^XFnsaBk!N$oq zCfe+NOeBmnV4L81p!VHwl;G)p*lPnM_O3hME@5YbRcT;~f$sdZO`^M=9v=*uwtRDZ z=Ba_8FU%-%q`_*KoZb>067srmBM7Uu$?M{(Ji_2i_+yD;?xUX~=*vG>6F>=czld2Z zRW?et;eNn0F;~Iv#I}J<9I`e;j_DDRY>XCeU(0QmHT)m|| zMh|LL*PAQZF9XW=y|jTyB;#jU5A_zG;s!&zwY@uk&{~@g@L0h6Ty`tc+q`SK`zNB+ z12nevg>rTvu!FpZP%N{BPb(>WC+7W zsMv6C)P8WfJySE~#$k$Mj#()proR;0R6upiIje<2H##ugkyma<@yCU~40cxfdM_FU znLWsim6`AgY`jZiBtH(7w&tz>lPQCny(DPf6EGsK$+#$~WidZxZ8d7%q2D)oof|aG zSxebUi-hCt``0sj_(x@V({WR7J%G=xokH)uS^$WPFL?zkfkE?UH#Ha?fVLB>;*(PGso$a+_0VI|E zcDKvidqykVy*`+QtaT_XBnNg&tjv@d3}oA7hFm)p6-2*CvA?kRJIj83zCzY{A-ij( zeSWKLWla-<{*PkPQ)1O@iqG&%xpKFm35y&x7C*{($&bdr2Y1s<|Mb{bu-bs#XBQiz zOPVJ;8E)2CuiEG4Im~ssm z)X%RAbkof1%eFJ995poIc==3yg&D8M$50RzR8UD(Q?C0U0ZT_{FTXZ0iWXDhzbF-tuqqyW zxyF=crTCC&#$p!)ujHhkHB8YX+Qg^?DfoCUyDELFv}23b%$=oC;||qE6si`&x>`DZ ztf@*VWo#ji%--2L%qi8fv!>YYCj#oLQP}2MJKGK?lLuCFI85j6ff+Q?$X2?FCCW^G;HC zNMqGi(7lw%6-n9xz@sq3wLR+xm-KD~te5aI)&Lq~Pm5|j{2HHsrx>o9bhTN;0CzZ= z`S}D*l~DD$EB5f%y_C@valv`~lrq*c-xCzqFGRf)BN{gAvL6Nqbw|hfyfd5Q%Z8}djXrug z^D;l_8Bwr~=+Dwk@Znu}oCVX=}zyu5#LmkmUaI(I?)o7}KjW}B{M9six zb}}UH)X29ltMILoEReMXS0yD*jIi9; zj=!e49&8^YaFi~N#fI!@IY7woQ?Jo(2VJ0?hg%}I5HqT?_S?Gkd7s$F@AGh}iCU)8z1=)M5uMd?v5 zscpwiTm0p|ty<$BZ^!EnFyTIQcE#^8F+5QZn>8h{X>0`mmDsS57Sskcaa@iKqlH{Q_K5n&c*^w63E2m(SbM)jz$TNpH=VnSUI1 z006rqziMduu}MgI-XkZ&jQ@kR_kfCOYt}^@P(Vd6AW4DdqkeqV{ zK|o2ZAfRMKKqX0*43Z^-(BvE?=h*OS;oj#z=id9?cw@ZRL-)pJ^;&b*oU`hys;{cK z2G0j$4o!^r8g;L14R+4(j)^my=l6_c=Cvib-_s$-8`&yI+gUz?5>emuo^oDE#AxI% z>Iq~-N9;z$mwtGO2V`+$8iT&T%fGa46&|-ud=?FP1e)ZzGw~XGgTw@e*!}IcE_u_n z8amUprX#f>{oh@HdZ3i{s)g~0`!+|gHdF`nb$aZdHQ!1+1pDFGARyw>Jll!!JeasR zKy+@YY^I!PK3eM#9cfU-Q87F%qC=B$Y_|BkY#rG zqIK!grQ-t*VCN&G3yRY0w2roexR!s^ZM+;FcCAR>*gT6la?PEwbc-A3|A-`smY$T#BRYk~New_u zC9$)`oGqkUTnk*VtMx~{`ikkuy$;3_{nv*t9*HzgOD)7#0ManMkDN~p#n_#%#xqmM zsYj4gi1W7f?sk#T-WTU!~M|>wcY-3kpnSo;Kw-u>y@{|Zmo8T}&|)zghm9Yxu^)@3M?CJIZVZ^O-&`K4;J>$q-0&!Fb&9=M&pM3d ze8nc0+O#Xit`ImR8+XFYa|=fU8Y+HT-Jo> zZbg|IeoO&Je!kYR()_xGD7>W|taq2(K7~Zhpy8f9O)uK$tFKi z%WgGy9{(ykP+IU?(tRSDL#e3f1>xE(1A6L6b0^#&^_-d8Qbd3F=e!8DiTR< z!jX2dvOFX*ozT7Yr8jNxnpxN=(d>m2hBQb)PoAoEUe~~|!!xi+k@~i;c`EiI7+HdM zOpNt=BB%&Z8cVs`!@p#*17k1S=@PCH7PP+fCE&y0w|-0 zLm9>c5&d16;{wG?{gEe($I*5-h z^W*4t1^)-}9AdiKZg4;{CZ%yVdVgrJXFj8Q7)yuX-nFC0hTw2%3}*dkiKs|JATO=^ zMz+B=n|4!onyO*^&3*mlvXM{{w-v00`MS^Y(RJ`#W0UHGS`p^GiS)!sWL?EX23Fie z5wLc_9V`5HoPXqp1RV=@mM|idH<+mlorBxeR4o)*RPvGdfNk?EPG6F88+2j()Jhve zDGMYIc-c{n>{i8#PTr^;O`rbSPb_Mnwt_?wXnml=ZxCnNx=hINb*S%WpqD5-;3C$A z5ht88NH11Y8`Jr65yXm+p_2`z#L50ih*7)C>c^qrF)M@ zJgc#kV*lZeymm|J(e}On5nsp~X)mYj|Fv0+PdwZGZISp!!e;%#X$VQU->Ph_{J#nO z!BeF!{Lfh6|NFN>KOc9hL?*{SBPzLLTfXii={Uz^F%OX zBSIq478kYrVN+#DywE-oEN0dg1b=OW0y%FXoC0_aRYEpl9brVRN*?kc?6<&yvcrB; zU=~4WhtuxfzfbvzJY|IIY3K-c$x%_8?mI@C(sd!5Qq0L}Yj!|L+Mif4l*mnfCa%D0 zbtuce!CL8tg{`R0(;^-LNT>=Hs|3tQm6N>lt#P(*BcC&y-*~Lv( zox?yZDF*Riog#U&NF>liV-urmrMmve+@B_wZD*-aMj!n*;&hy11Psh+u-KpfQPfh~ z_+A~3>tZ;GQq+3}v{;TxmJWVw?7t6s+nuI16J?so63pwm>^g$5>cNPhun?R4-DuISNv_;ZxV!;q{mL5iI@1!KQ+G9e0Uh2J2||Vh2A=jds*;@kByh; z3}mEy8tnTgYSn&{pSWcUkYJ4KQV~RWJd2vVE#SBu%Q<$iKi_m6(k5bZyhv6RIG`y8 zuVO1JSdV`_Tl447JWw;;m`#VB81T0G+35CXWql34hwVf{!W~|*y^2CZ?*%MN-!Xm^ zG*{o-n3I^dy=e%w5Xf)6luS1NbUW{i`G+y8v`L5pS5LV}-rM4sI)Z%q_gSIAxBBbF z29VO8;v^^*|7RcD-2%d&rnbxO6l3GaVb;;(C7Wl3(0TUnO}{{Fpa%>Xb$L>EU988?(XQVu7;a zG%mNjN@8*CspnXcgAcKNl{lZ`X~zB>2VbR_*E*ZHnB^cZroHs=*Z8Z6;m*YR%OXFN z{fL)T;PH1pATAfYL=q9iQgWhq@tB$k@7Pfp#_b#VQyUH|hbV-ym+$Ah%@9E6*j$H? z%O0k$&O3-Aof?i`|B31Td%M}s#8d^cer5TVX$9`-2IkuC8Q+H%WywU>nJ6)(TJN~8Df3hG*E)-r~N|PlcR2_-+q6QmY#F7Svf==-g&>B(xzwTGp zUPW{HV4)+`aBFr{uhaeCU4i=lul;*(hL$6C^P_}borUditF~TIX43{GpTnMWYTE~3 zvQIK3FG~WY9Y%^>;j)hO2CbHZhUVvl0@x1JnIY9X(*q?e|Peb4}SX z0@vfVUlP#vzL+sOa931pQIZ4(w3Oop=w1U4d;3BOOD!#}h_aPiK;9QI51tY;3~kQJ zw6GZ-7nq;5Jvf+=0y$SH0KNo7@_!F@Fu?8ZE6S}$*(RonzT+VAGxZxd2C zq6RdCZlG8|373k7Mv43YF^qF&t6iGp#m}A9-S|jtR!0`CIw(Ehdw#G3N0hHkEDS-a zLgvw|zqEk*+XXCRM1>0M=XS`_#p}C7>8olEJ9M?ep_@)1WplOS?=x zzb%JcyP;ob_%7tub0y^kk1~1&oeSK`3JL^)8{iaj*u)pffzCIq@KB5s{oT`JF!k-Y zAZc%NzOZ{fc;JDWS|m^fMC5FMwIFCb0#dk_6cy+3=c|D!XTb|sOiHp~p{!|J-xDC8 zhUU$A?J`pBE9i~u<6;N;bm8NB}t8>2A z9kz^6k%R`VDf0Q@`032uEfYDxqw`jc$&twBMAlAK2g;?qmKI0%vP z8JIaNUdBqWd6BD*Q`_7gZU}o0;lyFIJl(@8>R}y67G8gDs#pzXf<6pA)1o80N+G}m zjRCH^@YH*i0+A!i)c82yFbOy>N?H_u-56`AE4QBt{|Gljpa&yTvV|~u;F1>zkBLY3 z_MA^ltqas6gfs3=GE4S-E&$re6@*Wcj|iJXLhpKkDQsEflO={vj2DG3kD%dnA!AGy zjD!CIm&T$S+q<^Ov0M+w7X~pkvLiFC>1u9#G`<-Fj|Rquc7Mf=3rtT5#@Wfk3=LcM3hYQ2;B>^-Mnzjf+%>dBAhRl z)R@l677Yzk(*>loU~Q^teTvJ|IZav89fs71kXkWDO@d}$ck0sNqjJ%-PNOd$Mjy^3 zM@E&>vzaVyjtj8I9U05$4X~}le}2#vZ;Iq<1M)jEzJsm83J#k2HA}ao#{42U$wq<) z>aZt~wY^tCpfMaa9=%qlB9}L{6Wpd!ssouYsw@IkGnH%_aQc8+kC3=ttxm|>3zcux zx`*-?Nz`JFCQ_pBVG5lFfl>wKHKmOLl5jiq$9j6TUfax)yNwQ>6<|1uOOSO(M2ax8 zp~c+`Ku1W%521XFQ+15&4{xtEDtiDs#B#WFFx%(>@nxQ?kyuaH2-DHB5d5gF&&dlu*M zH_V6tGrT|Z0V7SeY+kEKuj3O^up}SB-iUC61a$%nVsclp2+w}bqd8iLOO6+aCI|J3 zLit60#$720v;3pjUm|K4lTtIBq+$K&I?O`Ioj{w_JLKUWs%HDbbVp9DhX^@Ja(~;i z?V_^SJ9*ABeze4%(R536B#ad54APo7QjzZ+aQLyGSz?2z4iIIs5aCGi+ApNw1d#_a zm1H3k;JdSCMD{ox8OI;mAvZ>7^)c(KXhTpK2ydiQ5F!3@mTYuVLvPKcCwbS`r(2qS zg|n^0TI7)KAo>`H7l;Re{8CwBS07>0GRHYx1?R(o<*u>3xdy8r2~xKehDn7=0hcfV zSim4^VcvBpO^1SVGQ1c>XbANl=?4blM`(jcK>(sxlIKX((xL|W7&6u*v_ur$(N2AI)>L76 zxc)l-=~`RW$B(B#tZPtK%q6$>M%nGEZDv`)2EHAve+#nkWn=77U~#kDH`5TBZ!Snh zA&&PNjL~H6YYA|c3}My#ay#CWW^(fD6(^gPLm4%2mP!;i z!5v@&)r@SnJ_1+Bg{MmXm^Z_P(K)>zdn*vE5+_?TU_;m ztMu(uQ{)W93$M%BRN@fm1F?K}&6nJuJ>e!&(tw!r&`C)s@R8#M${i7v*bOkd&;7#< zD5G2_f|H9wU^>lF!hDgMF2+pCA0I|_X3ruO490$+xZK9h$aQ9prgO|F2p*l)E~Tq= zM=l?2Xd&u2wWOv5_{J}A=b#C`yVRoEhxPVRF8>hIm1G&=kJnB&us z;yk#|VcFRHk#D^N?Z$}R+iXH$%5kY)|D~nyFahW}MicPz-h^-hITT!jH11i(g-!w& z(HOBnP)p4O(lE|BLgXQS{S1peJ7B7rskq@GlELsd}Rv{?lp-hRzq_?P!x#4 zGA;@C+$HVFuBTBGQ3cGx^4&-o_IUZnejCnJSZgz4m&1oTp!E;u0@!kp&<|7^n+sTO z;gN_T2jf$t1o&^xZLY&%i22`(AQSkkqSOd`89y6nhOM1BYgsk3k*FM^rG>8%V2c>^cfn$-^c>X z`PD#-2?W0sw~+NmwjC(=^-(;MJY$Qkaic7tz(sgC9(R%3Ov{Qmq<}H1!P_2(8Df%X@XX z4WyA@jg(fGe{pQf3HmF+t}yNzF{-UJT_c+rShLJe3K3zIyVoX$)SWRl&OpV&@fj|h z_wl5><_J7UxllOzBK~w9PIHuvUCQF&vb4^Oa%;`;hre~TU{J|3q`~I9j!qpBbk{jO zp5=1%yRr7DZUELna$aww9lf z3?5TGr$^bhj_6WG#27~{VA9mGkf``mt0s=3olk+h3to7LfqMAF`WLVq4_2z9sY^2Q z1q_>nRM1CL7mb+}V|qUq)Kza4Zv50~9dd%o1EGFf%hGH`%TL-+J_pzRbs>^<4Ts5LI;6HnOxDu3<_p% zU=yB{yIj5>ameWjxZCD%cP27KMQmw{6z^*fzLy5RN^Qpz^Nt={K|z;|Sp%JDQ0z1D zp5=;kGD-y=5?%eH8Oe)jX=(CZa%92O!Z|IA3q;^8FZ3Wp-^VKt`JF^9b*Vi6e4{Wx zj4QvJhkUSPu>If<>j5zb`NaFyBXtZ`nY&daHdEnh2Cey+2;4kdiNjU5Luj7?N>UKh z^F&@{=aTgImv{sPyHP^hGMN;k=BB}!5kVIGf4H3a+*nyXuBP7zFs^0gT)`f)+a_&BdKM5XU>HzfBNi*wC9d=XiNOhfw-;GMvJD^Kw5B947OPgiQBR= zIfHS{g2$P+3QBv-ox{ps49x%evsS@XYL(_ZKd{eKlHm#8atVccwImlLHYdX}hEsRw zo5l$!FSB{PwQ;42x727;qw?2+%B}t3$R>ama8PzPvpi$vQe#5(Z5xn6ZA8C=?UwHn zVzT7CYy}ERd+)w6s2MPJc`a0d_5wn-O|6}Awq%hOMoZEKwH4d@%lT^2rp~h@oZ@Px6{rb0U}Igd8*oKx=@qrVCw1GZ=5`Ls^Gv!%{Uy84K+PSbYr; z(13WuNa;g8t>d7>Jf-K)Q!PE+5BhBn##1{BN(D3Wr#xyWGTbM?5fXB=)W~^pzXYi3 z4~-lUSY2V_E|hn z)dtj42;1nFA3|YMh>B*&a}98d5gceRA0?qD6Ma}`p0O2U3+9_r*k)37pHV}S!DPv~ zJEET5@2iG{+LIzY99?UJPwyCH1)nl~UhQAgLKv?7&zsKc)e2cDOKv_w@C39`%p3zRQkJQY-WZvA%DZ<93d69ha>iMC=~z=rmhV36q3ex$@=u z6vtxWB5)sln>( zdkUP3Cr`@Av3JUyZ8S9@Wkf{uWgnmY=!I#G{fS0?{$U%~Lg{Q@J0*y|*+DIPp{ zurOkdJ{%)KSuFata1-?ag$}*iIn(B^z*L<%RFc?XbYDdy5aOs?H#iw@P+WaS2o;Pt zR`Zt6u$voNiXB2noZS^;g{7s`z|!`WNveV=tW-_6po$Mue*43>)jc2@p?1NPI=^ky zN1n`2br${t;XJ(wzQ29R;nKvO1ubGu_nGluR4!?Ld@WnGDJfJ9IQAOSeg3 zc~b_T@xrMZU7mfn^rvOT_11f?2CUBn_@DngvE_W7lha_nt0F{qM~sMoH0C_aUNB+A zw0R|x7+X@PtE;PU*x5@i5syAeNqNJ0{8fk3p7q9%eu=|!UF_Gd3tYEdf`fz4y}7-z zx=Lwfe)Zj#dakZL$M{Q^$a0pqbSdyJ3z|tic%IluEa>j9_TV|a23IwAuhlyF3vA5B z^5;%2*;95{?=7%NeG_qbl?2g3xfO1g$jKR)nN#cYH!tHG8X7VP3x7O&+OQ?ccWuoE zS^qPzJBxO=Iz@j9HwU&SXqC~wtVsf&(EJZlKrN(HZ2JCZA?t_p<>yKdDX2S`<9%^ zA7W#JKYwNfpiEE!_L0`IU9;GZ<x zi3eS}Qpe)@a9?_974Y!!U2JS@d{SUW39a+J-DBzD4G@p#(`;|7n3xzfYNg?)?}AuZ zSQvaa+7$-9_N}IZ>8L<5j-TE^M5P55G;sI68NHh_ejV$HI&y|ka(DOMy`Mk*>FUPo z>6Sa*Y|ThwPa&J$*2U0-)hlk`8oO3;UcETqo$I7IZOMnu4Xv$pFwwpl#fs0V<4h2MY^M8ylOqA3ru)TtAo$y(YfJ#FxIG z>Ac>H-o&}@>@2M9wt8o4^?memU09?3U1eoB#Xff#e~vN8eqR~$rw?oVez=Kw7a1Km zIH;))`||2lT-b_lBco0Em8*k8&YV8Yt{q~tof@wj|0JkdHspJSlm_1+2qYW6qb12T zxng_W@-Q*!=&OW6|Gk)8~_BX0G#?_MG@ z(sxI*Yre+xWcb{^`n>-9o7>k}S#PGQVf^EjJTWXxL@KbU%_>41+C%2UILv;td|Cb zV?^vvCnqO6K@AK2Il|GYsTcg(cdfWjpE>hDQ!{8N-XoyMcKX?Hsq=Le2Ze227L3cby483j#c6!++@X;45Swm|4SYNLjGL%>iH7SO;gxfQ z_wV0-mPZvhCMLN%d2wfFZ~Sm~J$SkgJG`;&mb+K3}>J5tm|{d*onl3%wHv> z|11enHv%XMkA9M+G9z?ua`E!}=@_i?&V0>R+ z-!GY&bq3+#r{agbr$@<%hTn6mKfhV1gqo`ta*}8XZq} zlz1jf_`OxW#})!anHv|_yzPAcg6dBM#=4UzIO;q|UA9``-Fux;%laq`QT1M~9u z9ZGjzok&_{^LxGmW&Tm)LQp>M4Gg>h&88uZYf&#`F=N zG_0X|+Seyu97mWf3lpTIq%<-!tAXS~uO+v_UkyvY_1ZgkOggD!G^(oH*nO4!^xX2J zUQa6-d4UVC??3BUPEC$ZzPb41a3R-h`yBn&m+#-tfmQ4+Fu#oD`R8QN>$hvArRi-G z&MSjLDEUU5t@GFHebxarIy7^Sove$?xrVcG%ErNVaya7QwZD+y+$}R>vu9U`>4bHA zvJZ#0UNdaH@#aHr`r#S}N6UiFiBn_VQdcTLTW||h&zN5YopY0jFUYsz{`;63 zvyH$j*@p0}a@kY=Na!5z6|u}SSN?s_KcB3jy>BJ+?_G{z3H%3<*uOvj{qzacNyGo; ztyido(V+i%)vI%;zt8{gm*RT;oxy*<6!m|2DC%_U|2hsFsVd5UNB^&6Q7FUzZ5AC( znl7zO6QpKn92B*9Uy!0kmX&x0{raIFVbH4MRB_PrK#~9b=KrS|B~$&ExQ-vFn;L4k zbH$^$@M(QOp#GQ4xrOZ?%_HcWl@vmmsRqzEpg?L(g%9)M2GRdIdfmwJR9A*;jrHkz zZ87FNZlCXfTq7p|u{yt3oVoEh zlGC&|gjb6=1OFrQUV2*0N#vjUR>qgpI*Qik&QnI&r;2Rxh&W1|HP;isB>(5)bE3D8 z1wWo(Cvq0<{_@k6GtZ)aaMpWpE8Zv7ziGd4an_D1Gwr{vjl-+sRj#@D^_pk`C&y%Q z&`Vp|m=>4rWZ(Pp4p!o#|26z`y0U-w7xmke;$EIxe5j>B3EaUl{1;~S#`OH%wVKNB z{xg)`Q-1|Zkff)caIos0+4P+<^?`?#=f<)RSsaU}8=Xjs@4WFAE1T$LINE|VmYAg> zP30zCqH3an{vyW6rr;%w?KT{#q>hA?0y5B+@J9-RjkuS5F0l5?*NiC_DgzcyP8n4P z!AYB|`1O`2S9?{^nn4JbO~oRZik){l%2c%KmQ1reuuZQ>oc}mzrJ@?am%zh!*~*MaxOTg zq+Ashy^NrB6u|%Ub8~Y5Ze(8EIf?1w{tBZds{S4i={3aC6Z_ORTTeGrZk0k6w;sHa zp3a_`D*NxAU})7OmqPwA(80se-Vb@!eeb(@@kZ$Y_ zu^*3fTS;5>Z(D(TSG>?@61eGDi4Q?v7G%+HC3Q$Kh0y~Z12elqemdC1kOCj_7(YKZ z0$!H(%&N!7$MtGlK4aT9v%dR`0v~|l-Me>ZttC*8)YOt-IrZ@H5+AV!w=PP|>=hTo zIA3O>ES87M5JX$*yxzPgam_vKUUF}~tI+uP_&GAFfNZ_`tNMdCR-E%tr;kNB7ysj~ zAD>~%fbLjn-cb5Pfmy|AORn;#^~3}MYL_%4NALf0wq7f#_RV9QUcR#m$zJ4j{A26O zgvWk3`Tl0?%(GX9B2TYz*HnEJUQ$pzX_dCV(E9rk`;Wepxv)_IrcX{ydq1b31{(|> z3^;`gyHL7}G~+^Bo0^zrTTjS1P&R<8=ETPAfA$oGUlqCQ_P7r~@>Kx$*>-aeKY#xG zz3SBy_9g3XzY5%H{dL^uJ1=vK}ggO#{$PlOLOF6{gXrVgU5IqDl z*VZU(HBwO7oQw44FD2h|jRh!dYHu$S@8}sqL?>jwtk9z7sa@-P<~kRbEC5vKc&Omu zBA5K|b82d?9^&jTTnr2@t|^vGg;9SHFpcQA;kOP=lgN9QxvG~1#NXW3{oQ>HAPP9H zlpHjy7v9`|^r&XI2};0`)99&D7*e*pM->I zUASZekfhv%%NkFgE=9_0xw${MA;0U?~)4H#9X#KY8+@Bh;2zIi_;WFuoQd zMyrVX6;Dq3%+N!^MT51EgY)1bI*rxlXwUDLS0V?25CBpeM?HMbM! zo7;EpJa6jBfFtz)0Bduzg8qva&oP-=C@-j^ha)%EcuoF0>?${Gw;K4o*?YTlrsdh$ z*$d+M#Xs9%gKZT}ii#pS5j01VMS9zr;_@~+w^@3Wl$)Cv>e=s>71^YY?^Th9#X6pw zmw5U3Tr+I{qAYKLG&Sj~??zYNG0f^yK-+|8h(D^NB-5&4S#@OKuK_c;Z0GFcl5_L% zu`~4M!S`M8mY;yv1n$ZA8AAhuEtkW_Fy>$rSLpkfZPamz@I;F zL5`OM_9DnzZ|2*w72hKW*OZouZMo{dm-5;cvaD-8a07Sf*R1m_r-%p@3UN>Yu1cw^ zQ-K?Awb(E4NT)m~H1xvnZj9c9=<>5F>^6gS9nl|&e_&eg*}q0ow)0W7{YmLx*H+P} zXVEL^U-3m^@s*UeDjxYLFzHp(mwozqi;LC+zF%*KXy;Lasb|JhH1UcV;X`XN(9jpF8Gc|*g-%X`5e zP0jNS6WU)Kc9-#WKmhL_;!fcFOu_X*Wv<&-nV9hF(R8x6ZsBt3ln*AAzj}3|K%%83 z`TS;LU%#5pNfdPRxd1+gnOayfL^6=TK;y1O@ApL6XX}vHy~@iQigkmf&8pZ75Z6iS zK=vhsEP9>AvYoOYB-n1uK0wuJnM3=$SLiHDbcm=pgpt4pB*bF-TnSN2Ld*H>Bk}GE z75wASqpMF{+S{k&_h1k>y47GvgUjiXK79%jStlOWB<@_z1E@ zhM!?^fy@o(V9K2S60Tsw2CE`r6-Yp|dT6R>ocXBWcPEf6dtYPjqsyue;|0p#jH4$W ze1vJ~v;AybJUkt^A#l%oy!Bc8u~aq4Sc8Xlk9cn$4(a6rH<&~50M zpDXI8PMv~qTyL%+$z|$TaaS_b3UsU6av6$<$lN^Kd>K0YJ33YcZ!^oX90%p(`A?QPSHQpTz7DAure5M=?1n-xp#Z9@Hz`i6}a5#hszPsf=F?+MYYZo&73NU}HaYlWZ#vJ4K$r_KMvM9XLhlAb*}vWtwYTj8)@toC!BpXV263C6ddu6MgHdUcr<>lTcNuwie|Vrd zRovJKX*aa!hN_8BUw&9s&91{%0$ebj5krkcZUzc1>p^QhQhoH@_4QK?4a>3TD=n@m zBs)ZN+n!x$N;o=D#rpC&Mbh4+jqsX{ZC_>j{*y)XX>-zy<<5DfitPvi+NVFxLH}@n z2&e!*hDLOKeH8*`2KM5QRUc8fD|chMpFWnh+}IDZ7y8v4lD^dBr0!CF4W!$`DO{{q zPrS10#!bYRfSrH6IOICwew~Bkj;Y3F39jpvovCr-#f-<()+GpuGo#(Pf*N?y)BfdE zp7)rGx-=8d@R_B|JoNYcznkK9^{Bss&pg%?#32$rwX#Clw8_8MT_!I#^5VBRKTf)a zfd!D%P+s8hQ7k5%98@1y8lhJOHI8VS6S$v~lj$KIq%6Kk3h}Z@n_VxH`9;&c7p$H; ztFlR)%)v5v9~JONRb}J8?(teUBxks9J}$`pT3ihAo4r;Zarf8EmS+4e2hin9CVpPJ z>{}pth6m>fTpTieeMI4vywdmFmz-N(pJG!BqRm=NHEq+}Q<6Z*talpm%WRhj`87RK zw=Eag(6WFNy08PtlMF3AWZ)CnHZg|wJYXpBIN$-GpU`1aHPb=2bL>Yl45ehK;Y$!& zoHXn_U1y+2Ot5VE+N-334fBFXV}tzI52g-~5cBD3*cFhizq3Wxho3|t5EigyEo2&kS}o1YUfpH%Mx)!jOaVce zJ=1%l12#p2uKm)zvX5bUk4Au^g}4#{mYn2$8t$m?hHbPCw6(Rh4MoBcaZ*>F%_J`K zBET4|Rfjc#6ip@UX3qiW2am0`trh~u1gOc$$t$d^-|B~z;e+7XJ)`i$(xSXb1T76_ zOigHeIx*|h(Uv*#MzrARKnNQG-n04ZN|wM*KzTv(BxfeDRyVh8S!sl&SA2#4vrdFH z60E~Mfv?=%-&Bki+;k2GIJMC~BxlA}^Q^Bs!eF2@_rpJ)YPx`p_JgY+*M`?T7pikP zGzzbRC4gWw0wzFGTW@MXVeT{qTp~kn|2)HWB-^z+r`jc$jXd%m`2Z0g?ataE!;od;H^@Y(<(Nxc@XWPywZIuHc zVBq0-7rWeK+VjEw=;DP75amT+`YhdH`^0>SB$gEBVZ=`u12zxGE7sD$fC;isbUQ+r z78md(q2=63h{Xj!Y603Q5b=H_0<6Qd{e_PoMhH-D41#3~yKoEeBpO;;7Pk+UAcuiC zW`KdfbB-P)QT7~x&~)!U4d83CUJB1|B{*_)Rlz0i#KhYWe zFT!(nA~cvg=WgBAf!0jSW&;Ih3r9Req1iGeIImkG-P4N$(tga-)da3sDo>l!n#<}h zy5?CbT*;#XlEi7r4|Yv6El;AP2AocvUR6)X?Jk{|slY+EfA!H;`%eTG%Q=*~{H2pi z?mAiE*y3U^#45w;o2G0Esttgo_c|m*u-NYjyNs0;_XP{iMa;$`*`B=v|#HbnH9Xa@1x zH)1{%JN8JBy8wUY1SlH-H5ff@*z#X8G8TCZv0@Ok=7FZPjEsyFTK>mgT>EVCUiQX1 zkA2YC4uq_0my{(1oVoV*hYPmcATUdZ=LO`&L@*=PL62B#ftr9qLDEAAa`-1C;@b`# zFU7z00)Lfu+Xg}_2w*2ACEeINI5)t`&R(;6k(qlwM3g%oSN>Sv9z1;L?d^?QQ(L=P zVpqcOOVeekr@n&D=eNF2ZtFk}mi3-z*=E05)mEl>2s+M8Q2m>=y()#b&(M#!loslD z{E4GFXBTEb6ID`(YJck(>a!j7A-amd+n7#4E#J(?_*%9!d1`GpF&!rqH`}E4GaTF5 z^2G8?W5@n{e#xw3JFibdzw^AX+W0+}(@h?$wNtOcA_>Jtu4JaZz+As!YepKg`I!?- z_Dye~S;XOsH=pju^aV4(9@aYz@92jte?77id}Lx`Y7P3x5JT4p*6YH>i|=A$5PN2= z)%u#JQ-|W})}5~Y)7POd)l}`7g$dTDc)vH*fQ+NTq6%+&kB-+?r}39$$y=EF#y!p!VjP1`zv6U^BBfOvMyHui%IMfo@ttaY zXIptWo={urM2zN1tj_Cm<5v6v6;jvws_ZHCy&%C+1^W5>L7!n?Cbw+z^4osEZjb=$ zDc@toTnoOjCk_X2?FXmtIbK3Lb&fot$@@Z$iQzhi)!gQ$Y^0s*nvwN6OmA%iV@}6K zl3&hQeU&t}z;>cdnUHz7;c0mkq6YO75Nk@rYTotOh!uU)ed}_r53feMz@uB;_fJt{ zDJom8nD60@Dn}{O7(>ANTUY!|ty1!K<04L9qPGy#1_nqlR2D{-a{?rE!rl+O6S0m6{!x#5CkZd%`~TIDCsl!e5^?&OE^F z?m#D&*+tDi-1}_$<<-MdG8D3Uk?##F>4bvkb6~)?5mySB*L+T<=|=9$|ETqliQ5!sSPAtMZtOYOe3t8tCAlQ)lU zH$>zY{<~W)ac3EvwTD;kmYuP9*I^aQ{ie7Bi8S(FMS}R*{Z_=y#a*z-+51mVw-Zv< zy&ow%qgeYOvk6Hxz-+0qlCZydPB-27WNv=bbWF{N;~?N{hnPWYiqbJMy}^$x5Lp+T zZr$ZT;`1Nu4Ji_eI0jL1mgg|n&fjWI*x9>gH2+yM@+R`w%MTuDNv%t+Cl;$$+p|nE zRiA6QcKw8e=M&t*6~fG>ziTdx+|r=Sxck2Q_V)Q~qNvQo3$b)!gfjztV>Xy|tMLxB z{H=vcz6Qt;C))E0#_K{zj7E4xQ;XGo=9kNH3LCzzxc(7dDJ%WK`3BkCH3ml3CbwQc zW?TuUmTTI6r=_1FSqgxJg)%GzojhbkMqknO=E=e{I)KLBH+<%cznOj`FL7>mlLZROdv z(mG2|y!_|vwZQ<1+p_X!MEcb`p4guHRlt;&@3`ffc@gze9#bE;7wTUFZcciZ)_o6>><;+<9Xw8H*GRe2kIi3B`iuD(FOM2ZDT&Jh+9g&fo zK+;MPN@;%M@lWBPwb-*%d;giOZ`Tw)Qz$vvQEsR& zZasc{33Y}03hK?9H?M<(?Pt#^CU%Y!7>n}v52II4#i8O8R##3F`p$fK_JdGtR9vum z!IWDO(?M^ELTR#zXj`_trVA(r_Yb?NLq1&8(Vy#i#5Gbp{VJ#*5K_)|{N$%{pt z-pG6UUbBz2ZxPxp3MK4JKR(@(UgKv-QcBEBA_-fSI3cr~cE21;27h}JrSo#q0%#Na zCWT3E-FSZbfLTU*lo=N-^!*yC_yOL_l}xns#hDy*p-@lasxD<_c$}2a2D^xcg_XM~ z2D5B)jsZgG#^n%shBvA-n4>3 zaEOeQ6bh5vr(iTreS3JHq7+Y>fcpK%rfSJ^w1+PV6=Tk1sN(HfR(x6*(9#?^jR>Je zgrg*cn}p={nYm!2>IWYW@V^ZV6mj~1{=w_Z+YC^w>mc|aewd`W>~jtm`^dNF&Avw( zPWsmTTzrW!S25LK_^{pSzqa)xD8ii4CnG=O?1<-)c=^$xt3P2!jI8q&Y;B8{)^jY9 z8_XBLy@y|1XEIA_-rj@lUv^f)rCX`HZRb8NfUgvHYo)Y~f~I<6l}AJj|7+V39i|X5 zn3NqbvW`y=#{@m;2V>^8=flDd_VM8X)u4xEbmiN@wKcXZD=lxWIoeOPb#+K2Fv%X(_GbQ1^F=X^B22qN zYL}FT8jg84k5OivPiD3YN{w}4^>vshMGW&WPU@)fC^~q2PxW|TMO9)*6jU%djY9A5 zQD>&rpWsqf*jgPc=I=b?s~)_TVxXx%lCbd1Q9X-S6uR_!glWbcv9=YT(Rp zX5R0&;zkcxtrLq*VnjuQarw$-HwY>xNLo4v;G;4j;cX#$k(vu_Ba+3qjmp?%^cIq- zwoXVU0!U2zK>h)-AQ&*pm%nEY@c=0laaQYczCquzpT(2vZnS5?KBU1?D0xhbQrnVX zl5fNajX3$tUocyW47~u*{E3~CrMv)d_2+?R(%?@tzdR2pXU(RH-#=GWaVCoTrH4XA z_O*G@*^

%${TiF>SGJRVgHmDku|-vR1<%smd9KUOiIW6S${4{GJ3pd=pjR0OGx# z-!FjkF0@Ph!&$WUnQpS@md3PUt0ZFe$C3$fMmd-{Gne^mJc4l_yrXiTpk z!-8o~WNU%yZ!Oc?Z|TY?4A{Qu(Mdl(I5|j`j@Kp`G;f1glCYSe!PR!xftBTauJ7`K z4)sR-U(Af}ypU(pbQTM8u=Tk+8ghk%B(ur!uG+wWb-vHd+=qRZPw?$HI-ExKf~_2E zXNv7$Hm}~|B#j0^LOu0y(t2(MBtpG@q=@^sJ_kO&)Qq9$%l*z+#QtmO#)41D$i#G2 zP>_t4VbnK~PmT0?mdcghwo4OOtTx9$+Q5g zj$mmr9gkqO-#*v>Qq7AgQGF>X47S|CV~^b~gEy^p@jeb{;z#_~d48Q-v74!ut@N)T zpi3%~sm$VR&Gb??UVpy1Usu$ef<+=by^(^(lwu4?^ebDnW%GxU?~gQsCNzXTx_hLl z2dm~&sZrviDjjWpUYDTL=Hy(lw)Jgq365|qodeC<|A1ojUJ)5GjCM2MB19RnUb}x})<=79>zDB1^Dk)giDIJMub!MJPu&YUVWDvH zdb1%$!Ppk%3-qG%9ZwAcq9ZNQ^&*d?{O|ersh(veqII0YYsGIds`AKuO=LIWa$0b# ze3rq^%(VjJL*jP9y#naawsdK<; z!2}IBij0U~X3>4>qLW(i`6wgL$D4|t==b!j(?<{{fZ*l_Rx%BQ30>b3ue zw;!A%1~D?bRoIRS5_P8(U^@Je+;hBfs=B0MH_S?+>* zmGSk)mTG0l_}@E=GJ5RWSDL*=JE%d}~vG)JSq{ArGNGIw>v4)Azv=bAoj zHR!b8*A6mGX5Ks7F)n?QxR5+bLQG{rgCO=G$DF`0DnV?Ac#v27a?bAST3!7Sq8gX5 z=;*+pAR=(#ae6s#bfJX?y}i3ld!9kk2vQ(_-mdf2a1&8Y*}OVIU@MW8nCbhRf}030 z@jfAH_SuJfxEA3f46E`dKDcmU0!k4=Mj78Nx-a) zsaO<~pufbmJ(x!wS#2v3hIOBj>O!VqdAD~pbXxu zyf6B|Z%A8Lr^NS%v#ZNE-$-&zJgTDi>}Zdz-0}X2f&KH^2XTG?B!Y}=4_F+}W{nbg z!9PdqQ+#GF*VwbX>b*wOh5N&`vhfXxBNyE(rq(+~)tmZB_$}*VS!4wbSR*-pmcYGbc3{%ib{isgdiZ&-5}D^Agy#t_j?WJ zeBQnGI@Ym|{b7HbQvtch_{SB$^Sn?fuVlRRw{Yqmz1MFl`rqjf$w}vTKn{QT!XBd+ zuDGZv@--*NQpW15bO<30LaZR2Zvs{7Q5ahC97=OlZtL=coN>-JK&CvaNFsOvtuyRh z54Hl00B9o$9sY`WDRX1mb%mTEP*9Qx~|A3K>`Ye1ZSvT)vJ;kzv3F=Q^o`Ah!ot0 zlsJBQCJP_*N=hXQWeyAsp`$#tp$aH9vHE6dGC5sMTN__dQ86$$Sc0B-=bjG)@6bv+ z7RoO#Cx;<{i#)|phcADs76Se6Q!Ju)16WSZ^ffRU8A`K_AKGYF_Rr#SWPR%@Q_YsQ z&gSpNc0i}=*1~sod>HyfOiVtKPU~p(3Hmx<(%zNRm$Z-v^K87WRpxe|%GxEfR0_ylz+(gDTz!`-LohZ*5OR^{WiDK?M9S&)-bL~^KPHa6)Em?>eQG&9g& z=)LIknAYND??28f#R~m1=b`ye93};E7@?fw@2iWHcPgsRg0AcHp4U#zB~{ z&+l{p4)+3)J+G)0d_h{ppNj``nMj7^BI|sVTEFD`{3oU;fQ)=%>)L z@m|`*%(XEO_gNFo$fF(+zOz&8G^4RCn0%1K9S~TM)g#+)YMC zBj}FHJbY*%dA(5m=Uf6X>LWFtd{j>Anu%$kcNYgz0W8XR@p3$Jr+P~&1@?TL^_IUL z&%wVIqbSk<_;kel@yT|N5y&=IOJE9)0CWWqe1z%*{v}`?$h+ikkQl(shi~PF+VNW9 zXNSB`(tRdD2M~P!8X8InnvS}_6+OtveZr#~} zn-WxD*a&P8%}0&Bh}Zd}zyG*edZHi}4$6bTK-%G4SZTw0-X=TREYP=s?um3`mxBE1 z=}>eb6bO}db-O3Inr@0-zkVIzI^ZY}f-b{=v()PIjdCSzA?MF+bFe#KF8E@iHf5@) zo*z&kRUw_$KH}(}kl{Enw@BRk2g!99C|)_MO6|y@%G~VpT_IcT3hr5So|%KNO)5TG zG*~%z*>P&q3`~QJJp}T|zE9n0NIJw_3-LHV&MmB$3f#IXA7=0{G*~e5f>+{+4fU3(E}NUHCOBKm=DMGQ5a>>) zfNgoUo&D!S`$&jZspFso)@Fm2qp+Azu<`i=R(_1il&i}E z*FXA>jggpJMZ$EN3vGpHl%mX+azuQvpetYK{yyWA2tgc90dy327WbRh8p_fHPALXN zuZ|cCJ!#?KpE_H7KWuZ6QPGK|D;~~UAhppJHD_(1j|bh7O=z^H)#MS_)gIo0iYt`# zTZ2iDwqr$)nTHDWqD9Y_6c4K3qmX9kF*YrNfS~kYh9+En2glQ?{>k~o`1mlW-SfT-i;l)dMQ|=^YSx$%7;{qm3p<*@mjxXY&_lLdqn#2@oo4m0IZaPfiQi#CIG5!?(eq&z%;Y86vj8@MT$H@bJNT| z2aqnYeedW{*3fw9nS7~=n45*xOmuv7fdi^JU(zC_$0qDkNiGhDX458{2je$!qmamP z&q_{~bRap|{9soI^vxO;xyfa3E~0Ea6bT|`&}7Ahj1^Gf&nI0%r{V``ykkmFup zWj7ATnw0!ap`&}P>@xkTv`sQ|05yQ|t=o_)MzR71BjfP~Zyz@C(HBhA3%rZay|5m5 zQVcC~5US|I>XDjx1KP1kwmM_MOk@!N8^-@^hY4^lL`epHM+6dDZ5+AJa- z(_1$SjUGrz%>pSUwX6A9%atSy6HY*>juqfP-Vt=|BufH=b6;JZ9D0*1wW&vklrB6$ znAk?ZHv+WP07AM^&(r4F7B|B!0Bjbz;{y_ieu2fxRpdPzC|~l7gkKcUD}z6}b|YUJnD|%hs%tI#fZ>ElM5-s~{t3Lqh>HBAc*@^jE;U*Uh#C50M|e2oI0UXWZG}*!7T(rd`|mDJ>=SHQ6G| z=ct|O;B~w4!B!jH=te4nB*G^|M1TV8z#&P2qzcv?2nbjY6q7I`6+$4do6OHYrL`mf zP=Og#e_BdmPmqj?{Sr3q=^pPa582%`0k3Mm>nDoGcLf@_`Or|RH2AivQ+NZH^H{R$ zC@SM0JMUl@E#oN0kFN})XUYX74(COA)_n=Hrx@IwDywh1+HJdDT7HT`$y?o39lV-W zeL^L0eykF0LVn!;K~*BXzrlC*M&jW8(3)osa|T|;jPs`)thlQ8!1kJ5}l7Vy|$=j(fFHD${{m|w&9CSY!ar&E`d4($vQ!ofyyeaT_u)hrIb?e-+9jt!nth&UKVd(wbPi}gu1{6de&4I5sS7N4}F-U87CD=h!;y zIRHz2&Z9nWV`hVpmK%>3#pHqJUn`UI%JIYx5ti7x?pRgm6u4wUs-Bdr=} zqg6g8_-%JZAG(9n94i!9=z5}w!R~=0iOQ4RGM-Gt5BKBuj~&DAM@5nG^%UGwrBL)A2>h(EHnx;Q`%IDUtXYbQA|X@L^4M7R~# zfbhvuHyrY*qTUAvdA$yE9zvz`*PG01GgrrIsDSY?+liC8L8-)&=|n_a#fJ8Ys2i>Z z%E(~hg5!OE9#7AuI<+G_79L81y^}dQ;dNzI)i*7}{n)R!ZawFHB{Oh6^vcn(7Prs7 zSR^s4d{T07@Wz=dWZjolg9?LereQ7RgyO4eZ{5dk1nVV zTc#O}H6#gMED3wr_cY<{9l7ci*8D8_Z}06L<`~=?$UD7nWDgr@CaUs#D+PyVl)w{(%R!BfYm8ak-oy+3iO z8Jvl?4RxjQ-AoHPTD`L(Zl2$t4H^on}=`zKoe+ZsnihIK@htl@}q%I zDkHVtg1}3rfBk@7<+4VpWK$Cqa#SxzH?~+(Rua!sw@&k+eGaW`FJ>jL6=(`x z;vXBQSaF2?ou69Bc8(JXE}Yh^ScNrx|NdxCmz_Yx#b+YC1&;L;cr})tewm8{16Y z2|9jr|0C|DA~WS}bVp8~yw&`ZfTLW(KnYz3giRi+3mHTLI}>VN)YODjESy-ydW>fgnozN>0nDZ@1Y30w3E~D#g&QFa4=y_D=xka=#OD) zEb`TwuN}b9noN(4m6Z@>fB5}MdfP7AM;;yP;Q8)&qixUop(Rq%_a#0JN~Aq)>T);N z%Ymo=#Xq5mdX$rEy17=`k^RYeQC zXc`e~Dw>h`4_wv?v+Y13QRvY{3FRDw1{B^)TE3XtgD@}72#z1oeFX<|wPaV8 zi>QA%niddafOd4`OHTF|Vo)}tqx+*k-rB)R5f>8^ z0N60qL<%^gvOK2C|3u6%`aKdcG4m8yJq3mvArv|7wNA4+--p zt6(}TE@~4LrSa9$sa}6@sTwIKuX~@uj*hENITP{u;?9*RC4HTN0Sy$@8+McUDD_&e ziU)9AZmbM@A1X?e-`L!{fPz|l1RYif;~ts$sA1ignR&|oUBjBQdpC^B!{y0lU)4oz zY?X_!S25er{YhYz9e2%H55oEu&cs3?`s;VGZ&|M5_n*%prNlfPv0#x)0Iu1i=hCqeYbb!5#_q=Rww_^%t^vaJs&Y!7l5~1E8 zF#>mox-py4$}7OsA?hU{`v6*ph%Ff2h2GQ8U)-ueUyKHUq}1G6XHQ#WlR#C%|IYK|H_} z^V%b+fao#8<-BZ&!&@SFPOg{BWOX++Zz$tReEh&JqR z3k%agw(}Qax^ji#&Yc(DKVNH3`W)M!#DLNR@UF|J8$``6>p$B?7~vDi$jKRR>;f65 ze&VgKz!JRAdiypm`~*Z5v+q}%-m^&y!iX6#BokimOGxC|bFP5_lTA>ZiI0y*cw9rn zYluMq?%j(pce%_h3bk2aSNX1~-?jLXAzP!${0EJ+UzPZVX{JFWGq)X~A@~w)Zp%N& zm&T5h`*^lS_F&rA_xBBMu7MjWvjOL)SE{D+?_0%uU$jC30!F=f{FLA0Iv z1AXNl6#zHSbXx13xW%>f&~)pK!xbDK`rs|kvX$pg8de5BS{$>hZ*Pi5w4+VbqQ;az zY2C5^B5-e4o<%e>-k|5>D;pNB#{W&}q`4%@H+Y5gADCC1HP#4-NR;2d(&KDLMn1mS zHPo_5{>#+GJF-I$| z-~Yzcgw*`{#UW4OJO!2w(SGabM2?K8!%osaDz=c?231)-h=d{qKFD?Pf!Y8h$*W$m zYQN|fP@34_#F)MO-=6;3Hg94O$hcz7Ie-%~osXwh#GT*QsG5y~&X9kBfwa!F5U_ za~?pWGchv<0vopgvK9G<;*TD^=sS^19v+_q4Kbv!fY=wxz9cbZlQ8?~AJawzI6`4B zK?cbyu66PQu|WIKHf*wjl!#6Bxu{{1FzN?~JiMb#o$v0PjX!ryxw}?~t>yOl>e)ho zy0y=iT2*d5u|zN_W3oclTqTY~s7Pm+OZt;3L-`f>RW8k?fJQj4>5(dVuK+o zw1u>7d#JyzIOmL)r+j^)>+|~xsy@-Ky21IjOXT6EczBOPjn$Qd7!_+x>4mHwiQ%z* zP6igzb*cIqUsKV7sdI*E-=YcHNGPD$*I2!kU&uIF*D=2nwdbb2xlmx^k?gM&>vM6i z(8iP|H~Ab(NFwW*4(HM>5M07%2er$`wn?2p{DGrkJp>8AeB}y7P?7d=#z#y*IYYz4 zo6_SY_dPEavgHvtADk?;*-w=dLm!#!VE-+p&{4bSG|w#%G6SHp*T{iCpAWE8({OxI#3+i0v3aR5fTcF z#*3*YTO^Ue+9Y%rw0~Bl1h*8&DoAE!=oyFEI5CxI$BOZPfGX6RseEjw9bxvLxR~hG zr+ed2HVRQ^p0A{yr3YFXoD?7C?)zRh&c>7v4~bZ!J`gjO`4*=D|F=+yFY$SHwv~$_ z!N%v+aZM-lVBd#U>0I9jPnPm-j_=NlGTALB0?{Sgr>G!79ay?2G<*|3f|Sm7TaRLs z{omHFFjcsPRZoDZE#X79fGo^FwdcanKVK>?zeB0c(!MJC# z5v$jz$HYBG7fI~N zHj&l`JF6ewl9i!Ql=$pgg z6go3$(;9t7lO%MCEfi%n=D0{5)i9dT4+Kb}x%r^}iFrr2vd=#2=0ufttitE}z~6m1 z?FwaqDB&pOT9br+r&E&B_`W4{B_}VGg$)(FF(7Pd!7HXai(2`#mn)wq1z!QwTeBh8 z#ubV+3)Apk>o;XwhGvHh2J7Z7?aj5#H!ntt6x^|CiKnA-_$@(|VEic8lKo1`g<#yx z-WOXV$CDWhuRc-6;XXX#@&Hxt# zej$J#F1$CoPkB>aXoSNtPqph~MIM{#K?Q@A98 zV|rzXI(;pZ`izExO@&0*c^-zo!A9@I>o_8zU17*c3h zi)a3GoILvrX&I_O4-Go#ee}6yoS;>~elt!_t~G@0Xg2&JXEf zAP_`AbV__w;IMQ9UhXWaSYEAywZRe|9ukepw>gFRl3P9$c~7OA%r};qJAH`dpo2v* zU;Vr_Jtqw-2HiZBOFHwvLWlS-aEl&0IBbZPvj*&>Kgeio*7$@pn;!g#4J5yy6C{|g zPW|Zch4xncANKSN+FgaSDzpWKpJMVRo^_rtc-ku~>mJ<%S0Nn?xTb*<*iaS$e1LsaR1Vb)H=PzZpGQE@ar7`#PhchX+msR>Zj!2 zS8MnrBah#^_iJ5~QB08fu8&-F?`jBJ{_HMe_Xnmrtk{gx5Yq_@9 zTP>cky<<)*3;IxlfTK;^{A0+2Io|d+2aWo6MfL1xnYVCRD1l;T2Q$lfB9^K>?pn*R|*vcZ| zlh`e(RNt*hJF*Mf78fx%_AkvnF+|=1wrCaJ+eQ~V?E%Zm%HHnOH`jL?w1#&e4(?yM zzSVS9&B46jumI!jqhFz^b3MV{(I?JA-+gVrT6DoSG)J}}nt4IWTqS01`Q&z8057j^ zBYu4g4YVDF<%=u|QZNj$7-eo;4>@l(ug6ug@}KR%wY8=Ujp})tKlvcLVCjV<9%~Da+x7|pi)~UPqvJIP7lVdVlE3f2XkdEEc4`-ZQ<~&wB^=UQE2TS$N%Eb(`+l zq7Ag@*$Y1@B4}H9H9|)l9sSYlEI39>Pg17{>-X^GP)b40eZhWUK`B1mRO0!cQBX|s zBf?L5j~;>H4ibI|CB(Py?$`w9b_+|hJGf9%)*kb#v(CE7N zwYbyrl7}XHB#}ZQU)*+$(=#aYM(wQW1vCc^%y$crhaWm*g%vI|ewhLc71ri88am5Z-@Svf! zf>-$&t5q-CoY1Mi!IdNn*3(XB+-C8JDwYeencZR&hp9@pRc0TjlRPBF+}wTdySFwm zNcE`vig#$#J2I!@k`IORByViw&8;@-Jcn@orsqW#{%1awnS?|XQ}$AOl5p5OPAs!k}-GIWyP|gm0S7H1@1HtJy{vP`@G7F>E!SQ^P z@X4@#Nte#Xb7%DFrFBeSBC|kT9VQvza}D>sB%9t3Sf(lE&dkfP>5PyDX%b{Sy*Sm& z4sl89&fWUEN7pa}9PFTX2o=$OErN!MZc^DH>=qTM$u!Qq)mJ%JPU{-R6bO1qOp2?jo@KH#WA?EiId->-!8;#O zGI?sw3&Bi!TV;b;G1W<1rJ>Wys`j~$Ejk8jO;@n~cm$224ZSK@fsNea(#QheIeFS~ zkGuWNY0BNv;d(4H6uZb+|L5LF`}9*&K&&Y|cE%YQjAbe^3ksKobhNH>4~jOqFAI|; zgVL1=A;)?h4&Jd#@XvDbUM4!N!I7TQBLDzsq)kiEnO`d%r9W9YRqE0-cx6yG7+HL=RTvt*!uYOHc zqz`?U{q-(qCh5PauXxiO23#^69@g98b$gW7TL<+6HyEywR$q!`<~|mfh_Uy`(jGjqxJy;pl|U!f5Kohv zv#cq8o1NZoc><|? z4!4S*v{j^tFeFV^m0x2yrulY9)?sJkoQTr-d_#iTGP#?U-+qw^RX@Q16;5KF7 z*r(c2h6_m*AK1s5I=X^Flv#y-lHHoF^eTF*^JE97>sF6DaU-tEv?vE9y67dhYJZlr z#Th!BKv!?-1hmbOt!-f_1qo9|!4v- zIVY35G*)Iac+7$FLs~>q9y=b@X>&ol*7jtyD?!kZFm;{1WLsVt)rm5WsIysETmK$V z71?$p3MsRGds$dIE~ll}fTaf#_3(XZM|n@e3P@2(N8; z<4^jhVGw@r{0+~8=v)jir=X{~{wHO6%6n_9pw>ekLlz(>&-;46U)l@qGiNvbt_l&i zvC`&2eT^b!QR?s$t{NBP)1|!IIIDA!UU~9&PF!kBh6_C1s=lB-b%py>s78cDui6zi zgQTL}2m8E+*-A4^K3lwyEgZDBB#UCsZR;yY`IJ;fZHIi! zQPZ=nO$X+Roe6Zk*JV6^70fB0IjR(N+^1aEnE$=@pi~l?9HU|{BEI!{@0!aUEn!Y?0lv7DNVrq z^1VgMTx|P{M%rlp!;l8|SsHu16s)rmrhit0AsKCIG!SIwId2}@n=&R`egvs3cC;wB z&UPSv#`=WmO%nG4&&bm=#nxlu{jy?1J?JzbWfxf!o6yRMvbG=5?H608dnYS(LEtYS z>&^aU3OsM22}i$Fn;$**I_PgsRx|w3S2S7R0!k)@CmdokidTPyZUR0#8_c@8%8Jg5 zl5^Ms3GWZr7{jZEwUMaNpxpiNn&DGCD24hpGUs=2Bo=A)xPDw##miP)3$85geQ~KP z%j$D*P9Y`#sbaoeK-U&y7nbNXf@+SKnH!ssu}geI@sKmi-p4^jq{c`5*uDw7-S+j} z%c05fplk_LH=faJOLR^ODGOKDciz#fIZqsz{LCxxw66GC@0Ie?XR3r6@>v?gk#d{j z18cQ4tmEH`cPA=`YF3!(ReP|nFqARMDSO7|@H+>YccXZ6SL zWxIKkiHYgUA~l<$VrSevQkC@dOT@(WBHj2gwp=RQFIf>H~=mPG=aX z@=hPDlQ_@mU-vhjGa8rU((n*HBq5WqSZIjP#dek@ z{xGbiKF=gDuBq&rcS+o*ShprGJIWjX$<|eStuKT^=U@DZWN;`rCq+b7+gQ4~Hn+Fu zDsLDvR<}h35!UZ^D@3@sE>tF6S_698Y0*Og$H8eq@#o_9%5Xu#u)OKTiK-^Kd%Eg9 zSY~0{_iI?!va<%ASlB)hK{($h+q^dmGyRxuFL|upxqdwWV0ntd#jI<0gTU+^kwSvFCC=%@WCth?`$0zT{d>~GiWVFz9@9;Jl%oxW_Z@b~ZcjFnbK>Hx%)OqiaT=qR@+sP)f_l@_| z0te+1L;VY-D7sg8U56OjQfasJCRV4!7(!&7Joj#KT@- z-IS_8K_GvCbFjHTZB#srbMT~V^or8Bj|TZ^tpoV!&3gm~5_8?Wb<1$7Y-;v+qpr=S zKTBmeKH%VF{!eFrmV6VqkWDXJ9#Wm%>U`AFQgdE!Oc$kPP9qENJ5oxeN;nz5kmux3yw(LA}&y6Y(?mW|}s2BHO@tT(m~g73DLUv9LI!fs5U=E6v-$HrObt4&?w{&bCkLt9=$1qWMt85f5YqzMe zp;gunZw|HRyw58@vFU$(U{rNO*r2Robnw=dOnfhLiQu6Bces8i1&LW_J>ag&YI@P& zfpEDePhH$I`Ccfv9J!3%KHWgQ3p5w+pLN(PO4e31YPM4T1mM=>>fEkD{I3Ity&!!Q zl$Pf_?lenjj*o4g?oZ9ZdkKlnVuYoAiIgS?b5jxx{!~M3b&-lab&fqV7c-8$4WR2+EhSw+a44hDNp&1scvN^JS^; zc^v6DcSr4*X;YD!-v@hz4SBoOE%zJ7?4TrQ0(TP$W8+_;1YM~5(LtIeJFgeL&1bRK zRV;VXDBlmE|L?oaE+q8&yS3g8Z12$%HJA#$B06w~POZA~p#Lm$vyc9^-yeeX$0X zwAeyB`9r0=)S?dPTB2vS!Z3=9~+k07M0XG>YP?A`v^n%BAAqU9^9 zbD=*J6UT{T(CeRrYMnF`mmpYem>rCX6zDtpp=9J^@AA7bFEt~0Ch=ai7tO*(_>9aa zRYPFcP?dW}y5;r^APv6g#EuwifLK1F{l7XYCVJ=df#ccEj+3#O84wbUIaWl7V=Q}T zUaDkCNeMVQr3Y}Fn~|cDfCkFhF24^k3_mKbiVbyqX!7Q&NXM)KyReCJ)M#6d>|Voe z%2noCEKyDZ%lOmNt)X2Z5(z01h))szK2!M5Rqi)e=QNjawM9;iQWu&-@ThIsxV_yn zN6H8V4o$`hySc^PH)#L~7RRB`^zrdgw?98cJd5~!W-%Yh%5DKfFuF^k-|PXez&iWK z@Q*HZJ3Sn)Q+hR~X`7bE(ZS|{Djb|?O|QR0o?!EzA$rr^q)Rbc8v~ zcx0iIZd68}CN**z;<8EuKUTfN*Ov3p4Z3-aM%R@g z?ONp9<@fz+w)yTzpZ-zw6uVU_R}($6Q0aN<+ph@<;p>+QYxeeBtfy*|PwySIiJtYb z`m})=>0eh%oyXAzvKezPcQn@IMHvWgLFpGH@CawdM}yL3sOF|pra+0#*(F8bYpeX5z_({xV9CPD4L_g#ajt_K7jboJp$7%9W#dsZOc zu;2gVZ`X^75(D82$}h8${QI>w{O+Cq-$!(8CE}&Q4d@U9E#C@#T5Gk(`>yM)EiDYp z+)nC&7HoBf6I314{yfJT6v5`YDJgLrj<>3xOY~VY%JP)boDs?`jf&Rm&#fJ7lh$Rg&8^^J2rjvu>ZA4U@lhTmo23zi)Tb<=k)TSc=&b*hW)>_uS38F3Jf zN1!H>U;Y{1aznDHA9+??kb}$W#z#ayJs&%-wW4`fbI(mXFl%t%oM~`)c+N|M!UwFh z;KFc?tEofG#$ilz8mv;(<|dc#0!D~vDDc5X(=!2Uk@73 zBsGT_bl{|4rKCiC_;4*oN9P}p8sXMOMIb(5XydnT7Qh%_@)@TQZPqpW-hNLm1X zN9TC$CL_QQaE}~?cu@jk3&z*af${{7gm*b<9A;4fA|EmT7Ti|=Ccs}o{e}4bm<%cJ zoNM`w=tEvvQQic)XvjI;jqkqydNQFfHnt7AXHDv%ijP7VEoSrQP5dKws4g!KIOsqD z;bKnzIi|unY4tQeFiC;^i(%0HiC>NS(SFC1CgdtP?n2xlZ=Sq&ey_1#OKK8l_P#ND zBUkcglJ~H#C4yOIn(dj^j0ujCIl!vsXE z`<1I7((YcNk*ORF9i5^z*o~#Q{CgPAM}f(9hp?VLKc*{7CN zF3%K2E4fnUk@2YIBR=%tYGx8}Q#!5B(&1p!!0Y^UA1*-dq7X5#UHV5Akn*o80Du!n zzQn+35f%-|*??}r(<-$Ms#6Mud2hz1rq|%@0V{}(LMA|fO%pN{AwxEHcBPYL)qwl1 zyEqzZx*>#?^Sq+pd}LZyuLIO2L7knQx;+$B3*)lkeKtl zYDO;b$0;9GLL%X}xx`Ny;df3y6fjfgdK<+dY>rK$8`9s`(rbOx^Z5Kd{7lJd}>3$({z`g3%_HBCM-%SeQ*{Q;DM|1B`U1o zkdV2)PPuO10+6YhNOF0{s==^^z4eLkxHxiZQ6Fl6WXioNtVEaNA3n6kdHeFEAG~&_ zuC4hWp+~*eYqm1S9wq7`sjVzC}PI>~Y!8A!{5wvu5U2#?vn7mFeStg2DeyCj{^(_o_w|KaM}HBsIh++Me#9Px0msNKEwWD@%n{_kceZ9 z*~zJBVycrTq4{mUaaX$P%b{A9t;i?99Y@MXplc-Y*K6s%?SSfsI?-tS0B-r;9Qm@e z&sf7iRW%-HCeH%~4iEzoc`-wdE8za;#-8^vi(kI0f#~jl3Jwm=bR{$Aw;clwYisKQ zHu~VK&Y;x=(#uH%92EVC>{Ke+-OY{u_HB!L21*Kw;5*D*#rrj~WHh4Nx|ilf2TP29 z#Sw2$z7gsbZiJec!dmPMpttA}7i8jAqM^IC+ zcThx{kQ-}A+*$LuZg$WdwpwfG0k;=$DtsPtU}vgx7wAWrVC1>CY9RRm-WfUy8JH4o zX<@O1mtV#9=^l^3*sY$Xy4pi5)bz}f1@~}oV#nyv&=BPXy@{2nDp$7S!kNQb5s_Ox zit-#jb2eZB3^~H0K6zZ#hz%T$V5J%be$tECc@MzG)zVJ4>e!L%CwSF_Vr){9qDPXM zFDo^Y4j6?3}PDCI*zF-jHHdSP?(r>vF+h#kb2(qKasE0y=UTo{WS>N* zuWu#^9_rnY9rC8*t|_WJc@7foz3qoFk$Tu~Wo~$heFLPx*OPwMynnrla@s4bBVcIWI+d1xhFoI(_TtGQlWXH!4Z2P)pXf74RC`C^CtZCSyhP z>}l{$z$_Di@({J(xU$(NK>E{JtKc}x-Ke>JblP4?Wnx-$l);rJJcR_#QZSzgv2g!i z=BmPLs~7&lQ(LY-1Hz}Q=Z#ajhCR=QbG8Q-&in1mO<31{b3ILNOMMo*M5+C=;bLS6 zkX2I2)|L;?{NBCg&X^CzBc=Po>UJaW<*UYfdp`V!kpX|kcb|rsRi5cO&QQqgpRrqvJpMFw&!-3r@8wD6nauJ{0hhxnqx<9ESrm*(PPsZ~5uDC$tl zCl}Tox50gAwN!PCBJXrV!3IFr6ZDGimFj*z{ zuVMHuPmr;_%FYtlNn68H{ww?m-`8+_=yf?qk`9%VFN%|Vf5txLOsrsT^Hz6Y>2i73 zcT-hOZZ1mrQ5>5MU})B`C7Ic^T>aT`bz*(yZx;rh@NGY+6{ME*SX}p;wVQd-m_{S_PCvRFk^l;Nm^#EPhxH zV~4PcRp&0kxI~vjK?z@39vIJ@mXm{rm_xC~TK?KTM0k2IGNdO9M}|%W8+ajf;33tPY_nh`9NIxi|R4lIy5|Q#V{tBw>L% zSdZ_#Me0gYZ2&clv_RH6=pU=;m{yR_r(IOxfywh%nt+{B#Yd$H78n|DL z-Hlfw5l4_pA+Aso63^Q!G-UPW676cklFB9}AVwmj5eP)Ue+am<6jMz%3T{KfCk<&4 zWK^LD84vXp;;E#fdkd~v8?>vm&nbU|I3EfB0-+)@(Q9udk=Mp>{~eX>--Qr*t#Xn> z*`t#qlxuvb^+Z*!m1?pbJICC!nc7RRK-=7`jc|iZSL1ur_<@OLM&rqpGwDLuNVM#Y(~Tlt)1P_M zpGzJNZV1@~^~?bcjt?Oe24UYSZfctmhH#U<-Fni!?1F-}!>^pY_m9txH@5mesg$$* zzn4bJ~`uo=PZOJpVnC^kmAGmx98Us03*r%fT45O(o&CG&i+*FDS7 zAsw(qLq|uqUr2WSPwD{GL<9+gjR!~=E)h|Oz%^`1sIVcdKb)|L{2cZ}8>DX$?<8P@ zk3a+mrWp3MpYdUWjyTMc0aM(FcUW?=vM`xW916;Q`C@GYoc=JoD^A#x7h>`NNGe?7 zzrjjy36t`+fqU|~HfvjouucJEcLLAFzP>)GITz7_Dwth>yvwilX@mQ>uV2RiL5B1{ z1?qnda}mkGYRPF(BW(#Y%&+TA<_bCeIlzJX0wFD8fdB>@%r3r1x1k5tKX=ypS1J*! zv;JfAkmB3n1RYF$fi-p)hJh6ExQfn)wS;pxw&GLs+oMqS`xCB4;2=J|eFzrF7f^Bu zLh;FUbwM*Uv5RjtC8%W&Du#K+92y$cTZSSHxMkWDmT)9L}tk1Vm zeQU2Bq{53RsNZkWPIIa$@(Fp=5-rfnkXrwL|pFq8ke@WTT{Sde7G*pPbC@T>bGdLmQib;Xl7 z@V16m)`V2r5*%rJOZXB&1P)@cqP+(z;gI?HuoB~VcX#Dv8Os2 zdo_-x#5bPjnvvtQDFzl%tuaamm#G|^n69aTy^Ni3&Dqe!`v2ey(RQ!y_KkfsY$~mY z#xz*JE}s35@LT&h4};~|9I@QxS;GB9JC`WA&ESwS*=Q5mp44)Kr!^`ufvdDuDEmKC z1g9?56fTKqV&F~?;4q$NO8%h>R8;1lB&F-&1%b{cP%$aAN8}hk&&Fotpj*&wFWwB% zwK=;JO5b@qTkns7oNxE9DMz37k_U^YSD&-Wqr8KkG;jS)t}Y$m%v>c4Yqh*h{+0|q zw!ytDKc+_=C}9ZfuLRkl1R|d-BxI!HCQSLD`!+_1R|O)pGlN6#kovi;id4n}qeLtp zgIB}{_^G@mAbe&_NYI0j9&G)<`%BWg@w2M-&toFFQqw1jjEp$3C+)_u@%J#xrqG5% z&A*BI5Pc87A}Q#=$cQ|9RQ-a#+&5P*{_I$*RaO1j&jbEM_rI|}1ECyASkgq9H9SCm zPxYu<@k?K{bJ1LCG{UY>Ws(cilHaO7$!gWmY1?WH_KBX^^7l;rauReBSdl&o_usSJ z*mu--jxq=dVk;am;ogIpNjH&Tz4FMz`t-mEuLr9kgw8wA+mNHGM|0o17KS5+f?BPp z6}b1UhsOpxAHV&5 zG}{wqYNHTW(5ll0192xd-r?!D!o~&E*-daA7|A~Fp!`P~-Kn{}g;1@Yu#$j1>+Q>2 zFOg-XSJhXYQ#|J=AdSW+BqAabDl@zQ8oRKZoI757qh|1&GIUnmdC8IbuQG=At-i+~ zilpC|*VW2IhUY-rY367MrqUH~Uz*k5IX2OGcef$i`rPmuFeufi72c4itKJSW>;8MQ z(`6fiiZ$5wg|_V^QW-5KFl~MiK|QcC(^@L8c75B-{Ku?C$s8d2>jR6SGUiSKOao-= z43{sX_uL!GOEP#drQ%Eb^`2lwWh0oq!sHp_&HMtT+_b(Wb^+kDIsX8Q$@J492`hlJQqAy?S}E5H~Jf%v7LBbrjvIi z;L*tW*uXNA(IPkhV|BZ(uH*)sns_{K=Qqx!u&`6xn&!gE8X(t1b{jI3S+ng#kP&8$ zO1BN`uh@xl`HR)Bj}K0rfBPnZbT7%T?kmT|JriZ6JssN9F@wNRc&GG9R!+}3cICX4 zq$8;l0)+%wEl;~RZe4$zcF(tdc6(>SlvHIsB>Xr#t%5O-KO0Qseij}pik9w zI4?CnvPPbhaWjeAvBdOBh!uXomagu6@~>Z*=Wow@GM&q%Tg2>-X~5fnW6^Q%WCEJX zMvl0&*u!Bl*e31Ytne|wJOOjEHb8_=Vzm!2hWiui9qYpHoTkXRhi)HD-2MO9dJCwk z+9!PU5E4pvBcPxl-6)Nqh=fW=D}o480)jNsQX&mXN|%UqgOo@~cPS|cknTHMzu*6^ z8)x|~`S6^x_kQ1bC!U#krXc<1q={N7R36$oRu5M9j(-kcI3K#rr;GC$3f)htEjHVY z+DgK^+%G{Pltd3WAR!XVs?1S4V>gxjWAgI2Vt9?hLf312AoKitvYI;F% z_OFRzo4s4Lc}LZ6w9R!gv5(F9^SRmkp8k<}t0~=s9fOopd(zJj4||R&ZC`vo5H51! zgbMeul*S!|kdVmC=EgCQM%W+o+Bew+z%kMLsChebZvWDrMUVA`eSd{Y5{U-$j zOLooOf=tX6o)5G8hA$r-PAi2HFiJ~H!(=0VR0=dfh+0p~z!(!ngdp2a2ID^23^f%# zBkHzkq7{y#UBK%4=ls8UkKR6^k9#s4d9TYnHbhpnKAbW@h2k|SwR@vDjHvogx3E=i z)BJFi3uOD@jr&2h4G7`!uGG86${~YA^Z6tC%(W8EFuy3R82D%ful~%I{gCI>%2w+U zy1s@bEBCIeXf*%9W0fb{f1hx;FAYtqC|N7@8ENqv|2bY$ymCU5-iC;{>9gS%!Lb=@ zwf;}Ru7Citw9dtw?6?P1wvk$!u^4}9h( zTYje}=+1?$4HJ=d381p15j0&%>4N>6nHxImOsnZ$*m{7(?5^R+4WLrn` znPqqen`_>%Ep6KnJEdddXfdwmnJWq@i~{e!k|*FT>0d5_sJc}GRJT5wrdJ0#jtZuD zRSw*lQdWNcWXis?OXy4h71~isWoc~dOb*tr3}d_nSB1ZT&57w zkBJ$fZW-p4)#G4<4pI_1hBw1;g<;`&YilP=t2bP}rwq+WTzxU)v)#1leY#gM>w46{ zw&NsHoq3wHvd+&EW(J*SNp7YBOs@PB`5T=NXegn)SGrcXB{zef8|m?nEK)JsyVid+ z8=Ni-k`cp6jA^imk8=Ek0LNVV!pze(_?!N-=N^ zr~rvjGfK~{bB`{0T@gaU&{#mK-}0Z-=X8miPoxaZGEoX{$g0@lpZA{Gz5ZQdNOTK7 zajlfyM1nL)z)5{U0dE)}YUky7F=z^50qvVZoIp*Ics?Do8Qa;#{SxxTZa2#&S8d_( zsZJelXw@?NK%H}X5hc3fwY=+U%9=^_;#5-!Y#<~&1a3LSjwp|PZ~{gF2}{v=LLiSH z|2KJIrqAiaWOfV`zIz)RQDYxg=m`1$S1Yx|AoJX- z0+0K7Dyz&WIq9oJc(SYo<(_wXJ{Fq6&MuYNG{q?o2!*Lc-R7&`QlTR*G5pyZ?xJ}} z2r-2(OIXVk+b}x(=`5?gjqJ8^LsZWG`eyS96Gz|&sio2lzti4!dMk;{X|m3#hNXk* zqu#@HZ(eOr`JAuLx|tDTR~~Zv0NgdXZV5J}LTBt7ntUj>^T*4YqgZ?A-!0H8(9~p7 z`w5O})UBWU%hCb^56bpvEq46da1|OcRiH{Ty;-G5fpxw3hKbRR$7e0jR?{nQcK$fZ zjy1_JjOmF+m4DE=a`7SxQs?GYmhyM+60)-47L|aTONWR@MfH$dAa6_$6g&n6uT_Y) z(qmF@CElGBFf3WA0-x@6S*Gvmvb>%vQ&m~3;oj5!QeipBv}O0WiO&=Y+y|eKgQrY> z8rOa}fw;2nvacA$|4$#%YOCYJ_q_-yz3_VYlK1Cj50lB)f(C7bKnZ)JcU0n%J(P$G zxSeZNQOe3Z)6R&&fd(Cx*kC^vjx0 zOi;pcg;F=tq`G2rW_FFhCiTK&^oINo_Y+<&`q*nua zjIxYh*7b`{; z)|R^iF7)7IOu0E%Zp~h%Y5Fh*jKQ|8PWo3IP{29=_)E2GQCm)tA?<*KL}$@#juC@vM0sY_NNl7pyz)4Gvqn#=nY>tK3A8{Z#A1-QAg=3mjAGGSoU~MUY$!KbqKR9mnLL$ zj?JzHrK+l`AB&6HsChvlFvH+DC35R)fSH;+#1jg4J z(z84nncMupf5a>Pd(l+;y2fz+Tva|xx@DbzSdD9M<(i#&H#5z<-u%LcexLKo3kBhg zGn>n`=Y0vN>VmlzPV0%Q$RZQzbcL^6vud8bV3i%gm8$+sJZDWmKy+81xVc3{>L+wn zL7@&R#h%s=Yf+D-;J&Taxcb|ntF|+4TtwOqGxyTZi%Jm4mB^-H^^WB%!eD zTllo9L~8}j9iG$YhrmV^wSS(by{W^{2A6)zVw0u3<8|; zMkv0eU8{a+Zo}xYKbPCLY0r!=2O2MUVcb2Wh4-$U`Ny`Dsiy+A${FvVIE~hBNmE}= zG0+bGSzyu`_P6s+vbZxFej*csgBR-372CtTWk>4sMFE^)sOxP-TT)4$;fLJ0HGfD% zGPmK@>OYrSPd&SIl*dxNapA}rraU~gq(D&&5lf*&^$j%Eeg#caB+0PNoX%$5s$G@9 zoOD#T@PYzmPWq_l0a3OT#IhdE(lZ*_U-o6ki0(4Sr~Lo4Up+E2^7+?(70memX}?rDt$%KvFz!!DVbL{9a^e({bI89cZkn^d zE<^{773Bw#tX~b+kS^vxuQhChOeS~FWTQhjN5j^Xs36l)jsN7;q2%}0o6fr~s#}id z3XSf^4gNyb)*?>==ZjH%PIn2?sx53Ju;0|&tf8st2a$0)(U%BT`y8tnIi3;d2M}}l zOq*Cng#OdD`}2g5lxAM~*hp{Y8{Vsy_avAo!6X;_;qDJjp%zyiP##fbvr{xSc>37~ z16p7~q?K*_%m5>Z+Z?!~AA7Ssu+hoxrta?bx0*3?OVek}LKa7^PYtt5fYndpJYaG` ze)VY>9&Z$(r4QP+nlcn;zEk@3F&SF(+z5FwJ6rbYG%`otQ;Mc;X4@&m2)H-d;pB$*Ayfk6Jd=H_D# z)z3>e3is766*LVl2<-g&kd0U zg<4Vg6K2qvcCVb(MK7}Gr)qcN)5-$EJaIHu;AFx%An{vz7_-$o7LQ&zL^=3mQ8z_> zb)*gLZpFdfcMA_!A@cENL-m>5_KBKtl6X0{=VjkCZZ{>$IQCY9LX zKHv~ulgLVXgs=qwo<{XSsogef5CvVN?6GqCH7=i9?uZhVfy?9edC1x3rrx#j{q4hB z)rqUO7GDX9tMh_I!gzLo9C*SYG7$1BGie2%B&z1dN3wVh7vMlYW5QWV^k*J}Hfsrq1e zyMDIp&H5XOaJ%d+8eHm7veOSc8yeqOdIik%TTaEo|HvE$CstQA9j5j_OR==1_;A#Y zLV2NXE66^;jv{af9qhe2mQrw3I=%HCTWTgWXzB2)CGcJO&Ag(;&G>)!c@exT=I^)N zkzrxq>sQHyc|~Q+XIMSrdm}%qL|?j@mxyoNsC`}+^%0OB@2gVyKw{50J(44%{#__> zNT%KP1sq4ZqO1SHYQHv@N6-w2g_bJ0%)}f=Gj5OnLeC)yVIh#xJ;^ip9*JU^Z^htH zO@Yo=jL4_^7d@)VAGW;-egXrkL3@0k4wr495iQIzgNpVtnLqtAYs(Tp0PkzZqe!Yk zaS!KiPJ7njqRh>NMm!7sVywQr%TX;EKi$yw&EkQ{qybxhXM|v~$T#sR*bnB+PG0p% zzDHC*G$U?j@Zr_#tjl|J3Cj+2=Bu131rj)2gZ9uBM?9nKC&^^@huCN9>-8Cm8-&Nj z8vmxO_*}c>fy4Qxj(>Gzf%gofF1Ea7QpaD2yX&pzG1C{T0+B=?m=-jCT(<%6*R5Lu z)m()@Yk%vQAaPi>-S!@5M0)O*zZIJ@KBhkwp${3l-;k1uEskIBvG4q&$#6}^^M}@y z4wHQR9>rG@C7lm&{P7X~jC(`1H)>jLAVUqfkC3SaQ* zi|-4+hwPo^Qt9%i9e~iN3u|Fzo#ErT&63&k?&DvW{VC+!DGyvwv)uq| zT`ASQGGI|5zPBY1po)7CMm)P4iR}?CZL*p4^m`A7tx1na;+iE6$}RQG>vc`t{*7ZA zi92tO3ba$T5-;VgdqXC_Gyls2Gfog*|RBp>UaEt z>4`V(k0TC^Q#u;*bH7l|;xL-W_&;sCKp(Q}6s)q5i8N5o0lL|a7XuB8sU;7?@-DYw zIQTuCjuB!reaC_6u8$*DHJ@jxHEV84FN9Oif!orR_NxJ>@h_1PzOT;O|E8OSL6e8s z_xC|LeSJ^{Wz784|8{x&Rl1wkqt5mPd!JQ1EhhRsd%dzPotk^ftIw=MTvuXJoBkHG z@x^~^3&S)x^R+eKC6w&yuy;I2hsM7YVw z0a@9Sr4rsImn2y*Ui((|U^4q_NAMco1ouVA|Dg?! z@F54-r;JyuZ}TWVed)R7&B;;tdN)?|Y|weTYyQ zOg?*ewRkJ^JTwqPjwe;IQxwyHB~r>Z_y1-$h7cQM$IPg$B^39O7k#Ue>tlUi-0PWF z|CK3O4p6=XxE;JQn7Lc1Z@#{j0HNED-n?qx5ZfDdf@u969-{i{H-tS7C{_LEZP0{- z#@m~zQmD31%VivVF`uFOdd_UNTXX#$Ae6Q+A&a5tOXmm2o*(%YBTiEp&gnt5S(({5~e z)Vi(NcDtkPC--QF<1Epuio+s2gl;=yjttUzK1SU}@}c-Nb4&OaS<^%Wjko2+;;PF{ zsi!M2B2&o}n=z{Quq^Ld#YdG4|FRtBd+snE6?|!hKy^9y(}In(NSq9oR|Bq#PQD7( z%DZQp)I}KCcT_cv1R7VFM4k6maiCoMRr#PW;Z9xlD4w$M9=R0ewPgkm0LIBh*c4fED1uA(Y`C1Qvams7Z>}3Ehi7wwCnyo?t9JV7A+FboM_TJu#=C_P7X8*s%p1VUTr(H zV3{0UbVw`jx|Gmx~T$!%FtFM}3?y(_R?%G=xfZ8+lvPtUXK zk4@vb4P3X&B(&TKv+K;7M(?mQh+ao8U{)l!8>PczOiX52`;=P_+syo-jMS9AyF3JV zGfiM%w*AuVeeE}UKQr!haSq>dw8xo9kY}~f-D%NfI8+XoH(Kt~Tk$`Yog`%#E7APM zNM%ka=AM6^;{xw^^tHV8UTv2OCnr*JGZ}+F-_xtPcHMNXHRL|8qnwU;x~Jz3*Y{|D z*HM#dJZ({P3A#1V(n49US4Mg^xyy8Vv{^l8m+D|LTco|wTg$YxX1923)ON6<%OIu^ zdO>m3rs#Abr+!BC{@L#(lA!huLSp>JjkhF90kgJ+){`VV;oSSP!4&T$YO4Fngfpw8 zU$0n}m%lc?^>hC1$?3C-Do6WmArevz`t#sR{R-F>v>Q_SHK>Rkmb|pY7buaxbx8Mq znBMk*rA%uz2l9-CXr7Jb^{`X<8#8?+vpwpZ9+j`Z8Clw<&T;b470%YwWzsrX$9<~$ ze&ZF@t}C~iqCe(=Ne2Nk}fG7mvrwqtd8PJHL~#;Z(rJGJiJ)tU}v}88x)w$xLv#ML9ssW_l8S* zW-`<$=95xOG?$q6eV-$p%!uqkypAHltPrtW$B7kgy$->KUBlS)YJBD1Zfp8k zY#5W&Dfd!*;8M3^voq<^LQpmOg={%fEuZm#0s)OMsfihPQ}i8b+h6Z6s5@6YG|qOG zFoG?+A}!_aeV>pdzJZO}sB*fZKQYl)pv1d+WK{j88jW6AdWL9@pVyybqh>zUVPYgD z(Qq!$FTH)Qn>x#&oSTc9NVv|rqQCnjYQD{e_o8*5ao(Wm!kcizCXV&f=NhdMflI2b zUuj8&vjf7VGYflUyL0Pjzt-_`cN-McdSh|qZme~1w!2l&Vo2{%O|`sY;1*2FK0dE9 zY?WN^bexWtyeG0J$i`~ny_yxCvOrIXX4;{s!d6PVL(IIX4^P(%H@l4%g%VKXDAUSp z{t~LvXWTXwzTeF-> zh3a>l@vPUE)i{VIN|dqWe6%n%PCtM8-uE<>oPm*(R3pG?ZKJJWHoUKe7n{eYb%tl% zwJ*a-dg9mAR@qUVU9&HJESKHQA#t)aIBHPi3P4zBpG`t4}&nPVeSAIr;i}Y51QD!ztJ8&;6pdutGm#r=epE=XYQnHjaBsM@}6v7#fx*Mv3crtJDe7UMmC=&H#p9IE~y7W zP5=Az()jGG)sA*{H%Cf5+fLrZkHl}Yc1JJek4>O9R{eC3U1kOJt5AC`PB&8q2x}!7 z&OAjI^DH&;iyDL8TUe$Dh=CNYR+8lE{cG%_Y*01rmAIxNrG?g)Edj9)&#*(X% zxvLr%sYaGruAN)$PF`$x^I+$2-y=lzzE~S0>@RnFqjvTlHGg0qT2|{_^&+e_F-XX} zI`~3WWkthe%emUBs>Xsl)LFN3@jHqWR)_6oEeJ!{$qVCDs9d9k16k&rVT+duXpty_(Ei#(=C~?lV4R?A`roUhUq& z9iHu_p>s*rJR2+M*GZH5)_Gq{4*V=DoLhXqb+SJgjI&+-<_M~7?|O_%9MJcYk~&hM zC0*y$=zrKkD)!c?Luxl2e~F9Upm?VdTCN*3wz8{TD6t;T;*Lu`_f&U zLPL>MO!g=mYeuJKOb7egQo63mH6G`x$wSk^+*WLpt^(hY=&{w81(z&u)xRy?@49av z&&LK`jjSsQRTUL8sf&w`9~|3@mCaA@+Z@KQYp0BM-iR<2%rSkg_;jtk)`|I;efJsm z-BU^Jcv8}c{&A-bxx8(*e1YqF53wfgI8KzR2t(*bu_hgKecw!lr6Ce-cu%{g_7 z%#B4`yg%Hfr*Nw(?9((aiz~#^6fPHdq$w7TD#G<=7TCMLU@`}!4O z?uLSb)z?x>Q3CgEyLOMFhJ*er^%u6x9^GBuvp?~b0)}`lVXe2M6wl(}(T7i+;M)4p z!h+Lutg4nPOUuovI8BULxWB|+FTj%%Eefl2$`dr63klSnoSeKtLc@gENPP*tH~j%l z^5tx`qqn~d4RBnfX^b@K^L%j0Wq<#=%Nvk!@M##~JbFKwxp)hQsL3YjjnC%Xs|O7I zsX}LZ$A`^(AJ`+di{^gbQgt9a4pWfacjyXkf_@&vKT zlEl8LdTRI|Wt;m9#)z2=-7C|O;~p58kP#ew0hT5$AiQW$e7ybAu;*gz{<#4B#G9s5{9T`eXOU0mV$imXnDrtCiCr-qQ?u)Kf z-t>6V$9S#0(kf4w0UX98`KCaxTrO{L?795k8(@rVG?sbxkXE_#8v~c{1U?H%TL8PJ*sGvL;}bVt|6q@>^-p&OVzS zE+u#Sc98tswX0W)tInXyi-e5qH5A+<71G6{{(;%)*@czpB@%chhVCZi>u zvo+F5NSVR{H*B$Sa2_A57BxHAJH|E`^T8i6iQnU7)YJhD4KfN!O5-<-w6y$HLUBwB z;$*IIbNTd{J0RX)VBi=d`BQ~~>|dR+$iS_UN_!4DIXR?95XycrP%+mYzMeii-6JfN zv9y6&!{$(WQ9i3Np-mkqIYrGt=Z;Q|b8(l5f&yd9Xz(xtBPM8x=C$#1;?5Wzzt~vn z2b`3<3qLOcq4=iYQ&z`$#r9t>f_>G1TqUOdv?{&Xn%}4KqSp5-oSYWrgN~%Lvm?bO z0qFs1u*w7IiZ<}Y%n$zj()s)Z|MX96y$p~W%rtnTyr2b!AAhG$iTTm#@qtdMg=V_@ zha0cROifMk&Yyq%fU|T|v1k}e#%D3n0z8RxwT8S&{i{3sOX=ar%0|Lqxc+`}CMKrG z^f0h4Z#A4j91}`P_K%L52L}gpZD#j7A~_1iNJvXdOJY@MmL_W~Enc3Ij~u8e1*pQE zS!m_!V4&3VkZw&B%2QezX5L|oqTs~JfKnDe}>7(s6t5Htk0Nl21e?%rpWqy)%kvu?U|h0 z8O!gyVH|wwAi;=3Kx1s@X%9U8D6gm}3aGN4DN&Pdf#$=tB;NGCKp+~}-q|Uo3+^*l z$Y{LC#LLYkUz8--@-7@`La%UhSvnBGeg{g>7mBg5CW62hKj|PtHNf^d@jo-OhTXk& z=T7tV+0=&Oh;9Lu)1)Ic4k4Yd-F$0fTN`e30C8Jix>Ab>2rP0)V3xql{Jc*!y6OVF zGqxp{&vndgvxORw@VfoE3!B0yn6hi!n<5)0YLj%6z7ammZ!>knVSS1b2FNwTGxpYd zdcME$>PPN6a8TIYfKt~m4;2N60R9K@*7f9wE-n20nXI9JcQ9V>c+3)}6Zp%eHWdB( z6^KWStG?$N^y#&-Se?g-i?5&G!~A?scwV5@fBpJ33`+Gv4#l~157!to`*XaY6T z6`_!vDqS&D&cQ**LE^)RVnxrJXs(tc=ucp|as@BL)Rd2g0O(TWA3UIdBj^ufwemLO zRM?@V7lzh7YVyT@+wlbUT zd?bi8!~7AbmPZX-=3r}T-n4vGna+G2%(+JOBd|-)$==Dau&@voqU;?VTfRK&r@LXK zrx$$nerCh)FtzmAv0!(SWbl_SLa>rEU82(z<7-g6#q7RK3N`=!(DpY6r0+9DGULeQ*De_3~vHTm<|s zq8zwzjHr6@1}$KnA9ei5pm}9qIu^x|?5kU#2;A>Fn9wr9Dk7pa!O`_ZfJI7*355({ z138kqL%+4DWAew3mtY^VA8u^>WufH@N`|?aHgDEI*OgG#EOT(?K74dUP#iQg> zz4Unk42zUN_%N}sBC=s}RiDl!UwwUjKIe84l-JkJ3#T3)TE9q!3k`xRXa#517XyBL z7FgPGfyY&eb<>h5OAm>+L^_EMO36b;u?!u4C*1Mc} zk3~$3#!k=-{)am@A>j@5^IZgLjQg1?7$^n_hxR$$*-lT-npYmj`jao7z=_i!C8>@fD;1+EeFo)wR>L$!iaBdc*XtxoOSok$E++YFP#L9 zeKr!Zm#@cfUm_!&5-8Res!gH*SbZw{iJ4{xcIGkc~PHq zT7HezRu4KRyB}T!0-a)$TQvta1es)|bDzDrIorky+ zAjQ8&ijh{6ws)8B@PWnSw|lCVxbSClQx=*nch{$R!$ui8`C(SXCg47{)atH`?bl7e z`d~1H5rG%eezl^a;v$GOXY_gH3^Ew8=c}7xpyK%>gaE!@x83 z(0#Ko1FY|Wg)k}w6w%F_H?^$be+*rgFDIH(_`H6dGQ3L95Uf=DE?OaMcX-cVTmsud zUhS=8$CnA#{!B_*>c?ZCPqI5f#-LwL@QYgI%Ha;@lRXDV2OV&j))dqG z;0pL4g=}bQ=;I91Gz-PA*)s%vNd`9{NEiCJ@+)xsU}YakD&0zmS7A3V9n+#;taCp? zp@M>fM6{!=#%gH6b!&lN@jYt7&f99r6+uy%@W-p58YDa0m$zdCiscj(x_w;VlWO=N z6LV1wFxG|NZQmAQkt!>ra;as4L(P<_63<%5UUC!RV*w`++zmTW1HqC_Nv>#de}&d|FRSJbk1DEvP?+ zXY!bNX5BOk(wjjUSWtrWaFJ##}3%u?;5lwFBW^&@!6OguEgy_3&&C09LMn5`$AnVcpy_d<6Ql1>=udWcQ6 z`3CwTVPng?Kt<-{V0(a~|1si~+Swq0GF1U6K0>V|f5eKIrr zI0P066atWPYzDjXpZBZyYzd(RcuKt%rO4Ni9`l>d!8K`0XfAS zSoM~l9gziOW}u^xbISMfw@&fzM-b(SJRk9zZwqHbTo&THd4p+CTMmY8jyExYn7P&S zbc-3)VB>kD2Upek%|G-Y5#)|lRCIXm6bu{XdY?MIH%Kkak!}s4HF2yfUX@7TDvf1? zkf`+ah5DqX;i4YQm6KTgaBC-)-f_YoOodA>^5ocjdtmC~R1DAqWjZau)sBcys*H|Fl z795Z#rcaxV`HUYwx#U$v`3$|YyDku~0_;VYs1O1|zgUIWh!^t2+}x+*;s@0LtL0@H zG24r+Axxo-KDc^OqC#|``EJ2 zJ>~RJ?LD2ALQ*L_jqG16e&7e%E!`VeH}{s}xIK+C37<8iccS2wv33=pQ7Q*4^w-fO9nEN_l89eO)3-@#J*pF5j`fuRQZmbaB-M znLTSKX!D>X3+GuH&T`!SQt?D6H7%EFF|Tl5-;q0H_}bPRmG`9LydHe8Jql0Y_$z#f zFX8Cc$&G+BneFqUa-5JnYF*~6U*osl&Y5v;ft|xG5eQsAI@}SVk$vc3N>j#gaaO0CI@3B>xP)5Cuii*v|Kgcy8i5R6JNDsh9l{(S(4^avX)C~b#1YR!!ttDLsqtytoaY7PCjH_3N?=Jml zY3Z9K)1c>+G|(2ws?N$vmuG(|I6HXgVjGAvg7uY$8{k?*PN&=~)2Z!o=6l#BOeSJwCoCOR(ZIF-^|{3?(fw$bh4scnUn&`?Bi+BX zL@*LOQ#y>4r@TkX8ziHjk(tB30Vcrm7)`Ly3Obx4Qk1IKJQz0AWRYr*EYAb)DPvS3%xa2 zL5d(Rim5W0iYCz)5m2DJ&Rt~vq4ZEDn)mzN`&%|@o}pdBq!A_aOi%wk>rax*)!|K0 zl^8$)j5YhiZ+h)g+sKz!f@o$5iqzE9Frt>Lwo=)W0JmVE%(@c%T+x-dIrO54Gi$%t zU20BE%0vXTmw;f&gWKFT|FrvSn%@Or%sTh0%e@wO^@a-dZ~-(zN}sMi)AjLEO_gn`j)(?( zBnumx{PW>BH30z>s!u}$wepSE<6VR|L`l~cT8ivw3>VaPkrrS6@~Qi1{Tn~0alc%mDi$qAA;=1HmYGQ$zQ)JpdcuuK5}uK zmE)HM@~^P%#0-jP<&3x`GBARHAt7JCw%C|+J(y9xgD=a4udLD(`ulF4-;A+UY) z|49AXH-{4mr2ldP3m1h#f{XtC{=P>Vxc7Cn{C^eI6NM_8Y+=1jvHped(jio3*$*BA zI!R^P9HPi3VgooFYgbx*4N(GL+R?U(JR=l~V-4xm)wL(vcwp}E{7{niMB@7Ha zfCv}^Bopa%M>TYIUa*Kh58?7$Ze~&4p>jXuxuTj4cJW@$0~Ita0S+uMcr9Q!<-qZflb3JNw7+f@b;qFAMVR9Jx#N@L zjX$r?p}ee^JtuxnfEtl48fN3?*La_Z2tEAF%d7T$aeWatD0aADnC!OCo+mIb{2<=3*YEsm2Qt+X` zZ)_i_Gq@(N=<^V$qKCtM$f@Fft!m%lHK#GKq*xtll7d7SKM zN4=MT5kr`p`rp&T9}g_`g%L$a#DT7mg=_xqj|7H4ar*_GFI=EQS6V{>4V<%hD;oKZ z@A(KH|0sLJt+(3?iLh>MfXcy&{jMv!3c(Qgu>d)MmIe)`n5pPPZRDK#u;Vc}U%=^D zJn*o{uy*6SU=KXkPuO&!ir0#+z|9i2 z?!tADfESRVIjLu;jsDGflvhwhgw}8fgE$$OJr8c)@`~0QQw!fiKLv~ce_TQLQwt%g zqbT9b;v;4Whg-jS`@4D12?-}Hbc4kZd<-Dw-`Ci8h@rl|3&EVObKl(VS4&q*mI@;Z zmq_WU-^WCKGH%4&l%EHc0`3iF-LmfPyjVm)J=V4;@k68*f>()`aOoHGdFP>|nh5k!bUV*$o(x zW?HBX!OZ!9SF7d9Mp~M|Xl6=CuRI0_ZqT|(&V%!{hSR@~0Mg};Fge`=GfG@6vOBB- z>kW=O=w>+P+}(hTxfOc`Q*Q_5E(-7wJXj}Z;$j;S^+?(dil=1|m{Hkab10Hx|TnvJGAs6^lu(Gt>3b`c<}zs47XO9W7nFJjw3{ z6}A{hd+XGlVsxBbkS$nSIeS@1Iaf@%UN~8uSo-cxMLh&p;guB?#(+I*SqTaVq(Dvq zpvKw|Z1JOA3=~z}VeX&>1B&V>g|rm+(ex)~kNrlAUr`-T>;hMH8e7~J9jzKVC~zt zLJ1e0f|c*1-NH;tCjUo7RBUberuN&U85nUKOX#ft1giJqnMq z*!tw;ig#KxYS8Nkq&38F2O5QC!i$G5lQ<^hA)^_*-P2QMk!+KDhe7h%i^uHhqt+zjzY!*Wo%y>TltQxllTwa zm}p1Le!L*U#-j4-&uxUJbaZr7i+PS$_e=J}4A!8rrUh<26f}W&R5gl(OK)NWwxv~| z>vuO%q;%hqEC?I$18^yUp6zi*8>C*IPklZIhaaJYx8GW~1RD!El>9@|-D_@um>|F@ zFzo?D^w&QT{O51xMO`;2wV*^9Td-viX0^5=N(lJ|#QF+bQh`aL=wzXyrXF{fW-$Z$ z^Nf2}yTf5BERYS2KPgNkXC{qcLlEMBFUD3Z;v3+bFYnv&M?4XT&sWaE=gJ44@-h>s zS#s&0BK1tDZlj9cIZLY?=AQV(AVHQ*j!Q)=9N&DSX~op%o(kG{HnEI&E)Zuk2mQde+NpOZFT2<{Td{O{)@8zhPk5F3^0)w z(qxy)pdGkmW%|7>G5EFFnw&N9QNA$aI9+>vYJWcJsutJcca!qP3gd54SK|asmDBOj zGc(4)9^gnI6k5U5ydp=ZWI+lHJsh;O6}G20n4D)Y0NK&GG_|(YlT-<%sV|)-D}b&) z-3N-?cI`8EKc~xIL}DBZNTGT`dJ6+7?d1nJ10+I8#R5N14mhk~=TH|RXQLF(M0qD1 z{}&bbZ~P8R>IzfGe4-{tFP(2+LNcxf!()fN)5mq-Xd^sBXXh^zKVQCwY5>0xRx-#{ z>~_XIB&Prn03>|*Ik~t}hgVzdz<(D=C71~2t?>e#3$aF@MgGF@HO~`A^3!{vw z!SqE$L{Oa^ub%9+NTvgBPY|TQS|*qrzJRs|DJWk*dW{LVKij2CANwc+KMdCS6l|Rf zgQz+q>|a#9wDhPnQG?AjB{6XeeRZO%v^rhhoI?9Q6AlN7CF0g6NJ#y~eG9;N`aj?V zAf`$ulK{o8mUJzK;LfdEC=}vt!x##mzloMMI3p=qIiGB2<)BXzqA$owjk;TzZ!=MTTwvVemH$|w{_0uiLM+G)KNHdd#^r8JI@{GDslH!{Fg@(%cT#cu;B!sP3# zZMnJm!Y4d7F&)N!U?a~q`KaQb?v%KY`Y{dCIAH!k6=-pN1lO9A(4YMd*VvDDmVTD# zO=v9$4!#*e2x&?3aZw>6)LiA^Cf?q2^WRKpwALO3ee)IqtgIX_vx>yhySqlU-y

|QQ>eC*A}P0CZ(J0J`{YyKe_Rao(bMoJbIoIvmfZedFcES)f@ zg>#UvR|-&qHM<&}RLDh2NkTG%1oeRuA*eI!jrHNd!m_h|&DmqWG4^puTO+6K-?MW| zsig@&j0)2}Zof%yUK09yg)|XzxQVv2jQ}%){&yem_88WFGCn;vGuRqkOb))Ce*Nyr z$A>WF2e4apj|BnmSX??<_4)Nf3$c*@;R|~Y;YvaQJi2ww{38(lR3d%YDrNLM&P{9`Dupg5wD;!-( zo@j9hMgiMjID(phzI0b7{VF%wb#{*Qj~~DGLG>lz4?q^yn9&()xBSNx8S2nC3&}@P z4XppIc~n$X;O!Eo$?ADt`$gU8pg-H&6p>F+pU^(UDgDa~j1utXtd066xx^x*cBH-X zpCTXVfG2r0iOUQhuC!ki(edwt@(SLwH5)tv0&LXtv6^@;WZ`rh%L9l;-R>f)zuWKc zx}>Q>29=yx`k2q{XcwtvNSv7N%D6-QwXKZ}Qs|H!*W&7jk7mE}6$r(Qu|#UDUKkdJ z5qZHc1IMNy0ERDX$Ov|yP9%GW;1>=@&!f$bjUGMn;cEDMlXm}((Gt-kn;+k6-0h11 zPhzz!Qx^QJ&jwE)VL$f_n~JP+@1d<>6AWlDDr z*%bIO@^TdN#o6xv!sG&;ix(S~_ga9fO@}qa5ltp2{J31=r;y)>DRbqC>hC5t)xei3~ zDAbVq28Ob-GJ_-~yiql)SRl0P+28u7HKfQ5DbUCTjC@sUABC(;IC>I}$iz$TVPJrJ z4i!n5*>{rG#%jm=?gOgw^8p=K|Hyl&6oPAd{0GZo9oD6wAR2)Jt_B&E&`_&A0W~O< z0ixvpj{YW8J)lrvm?d0XVEq^hbN(jmsY0(aD%^5x5yhgLp5 zK8%b4AQSx?n--H_)kMpAmWIB$-&<@^6a2e>c(6KDw@V-&6Tseu&0|n?5mHEq^rBKA z*8_QzwW?`4_!DzPjhD;=(gC|dMS zW{bgr0pmNm3HLd=5JD{^;6To-y1sr0MCo9JV>@8Ks^&)yZBlMRvj=J>)bqHxZx%!o zPXE8nXb%F>o`qtEtT-Xp)5^v7BG1^NbF5*jM-sSa91a9P=IqcD;z|KGkv)Xhz@>ju z{T_(u5Q#*z3U~x1US24r0Ml6b>zdn+=JwJQBZx=qH>W9CD02IovqRQ})q>*RZmDL2 z5Zwl%Nr2nZmG;m&e4ZWww-fMhNJ=6q7y0~O4HS3dZ{aF@G7Blvhn0$ibZTQ2w1uOP zHv#f^Gg-==fl({i*~Mk9$n%5?&`XSg%RK;KEiHXQHV}C||F@v+L2gFs7umbuJ;-I? zBN7t%<8uoO{$QE-U&S2!id9KM76@Ju_y6}90wMwh5OmVN25g@wS%|#CVfi(DBE)@( z1tnu^`zc-i@6)leUI)EL8>F0(-dr)?IyO~&i8ESN@a2C2QF{Qp#LPF0W*T8q$&{mwq zc4NMaPp74dnOV@St-1ZnbfGP7zX82o(091>Kb`*X-UAsr&4nJH9PR)LjzR&DTDm&) zu#{YjbI|C+7pU@x$mt7g1Dp_2`=5aSm4cEo$Q_EM=piTPUtR55ViFP@>;v_iVpI@W zQq}M3mdueGV!_yl*P5;n&r)(}{{>Hwq8o4*6gC!PmE=>U`M;*;KY>ZRK9P5U`XA)O z2K7(~|-Iaw%$gyrc%tEKk=cEk#SDT9<74Mc*F zGyqS$xI^>N4mV)FkW@v~#)S2w}g15g`aj6}+L z;9Yur+l^8vyc1Jt!p`UI>Qzqry}psE0>JibJ=^Xy9A>q((>B0=d`@fEk@s-IfMRS2 zhi;SdE=$C>#uXpNw`f8Gbh{h3j53bB9~;cAv}Y{?4jD1=4{i4i5K00%3&0CYa5KcM zK(sW(lb${Sa5IIH%yjCu!Fcxm4i193a2jBApt3Nf;s`1Q+EjJOn$l+xApSeswLm(D zf}uU~|B>vq@My_^HC+PS229iE-4&T9)IpIHl)wKq-wSx_O7v0J#8ojU2-pmf0mI{@ z+5{1w==E}IpdhANqHsa&O9uz~ncpH>CvmDf&5B?iNvC)F@4W0*vfs*^TwkB+t`K&{ z^UDB4iD$q9z;1`hFeR2LNyfL_&bwQVj)?Xu)>?-J%%<9vQ^0=8({#2Kkks1*5;0YtC`tg%*Se>G&>IZInf+ zr;XAhG+X=5Ag93&b!JfL>gqx&eO}o1qjK66Ztg;{<-(JtaGt28;z7Fy4zB9DW}VB_ z^fYf@6No6`NCb#lK&dlM!>UzP(T}AD0K!A9{p-6-!-4+4!MHdiT9={!@~F$|S&y)K=RseFs7eFK+ z(*od0EUNk=o>VlDax}MXV9xMSt}41a9S4D(uwoHTUcf7KNyVW_+$M(um2Ye60%gTc z6$Gmr?Y52zfoW-nGs2uUnr^M9rN}>dqQ?;rfP^S81?Y%P(HL`40T8Xy8fqmxW~hdO zj+u&QT3h#8Ae{%9td__}D`x-$Wmd|LJ>k*o%ER641}0HM`|$iKHZImR_Tg zw(zDb`;!o_ZQf!|Z`4f{-bZt`ACuoeBi$r?uq6i}UvFA7s-lOLc%D@`2WbwWtivGC&gV{NQb+~CD6}Td8D8FVY@^8)M#!q`dG(h~ zv+u$D0*?VUWErU$u>TWXIT~>%w<}(5%nj5+kzN<#!nSCVKYaKJDHEA37x+5HMeHVt z9M~m%z+A3ey{a-~3Gc&g>O$M90qq_^oO}_i-JW_{rOQt2Iqoqq)qM8bTu#_o@5A6z z_c6E;Kn*=`_I6MzBD2Tx-w@Si!o8QQC4Tg$EBW5uB5PF-B}%hF0+rI*GzvL0n&GF4 z5bp;$PtYG&f!aXy*RTH)+pHVdBvqnK$(aSHK~UKYl(d4fGJ15>b&IULV+c5ZK!nh? zlx&r2#3(2o5n37-qb|52YS;aXg^hpdN~pU|Z=T z?}2Qi5z*Bh%+);wJj9*4<`4-;2O2k{JL4;JDT2f^w5sVUov=+w9UWv?hz$8`e)($H zJ~?oUj*)8I#&S{+fRJA#d!%x?`Nrc6#b|Cj4UuM?_c7^v`uwynAahF;Ab`-@Tt@OU z_oPr10c2b}?XFt#+N%!RtzpWvH>}A9YuFrEDXU8@G|CzH`1(3Tu0p&{hFa~NozGVu!$kfMwI@9U5*JgY5%9*=s!b}F;=}(<4X`fmSn4TTb;&VTH z^ZD(?(aAH@*?ze^T;bt?qb5R|2awWs)#4opt&Fn6Cwy(R?X}qZ{o%l(t0!9CVtO9~ zXf+*O>~pzH0a;#435oA~N1o$vkeI3w77+ni!BAEaQ`lF7FT#mMXr0{uU4_h`zMLD5 z(S`HA`^ke+OOKF_e*>;(le4qO+}(vGeD3Kb2PEMh;;Das$Y68wKT!SA8=^z^-xo48 zfx>44HQmuvkOI}Vww@gZ**a~oY()Aec}VfWN7&ih+S>6Q?nC&`uj5BpgsMhIh?s-n zq`>FxTi-eoxUT>C#!`{LLVICP8OlQcKAi7oDXT{GVH8erxYxQMceCRFkdRJtTA#bx zB>nd-yF&k3{dSgLIoN+*gZ$3` zF)$oMN>Cm1e_i+HI1fQW>Q^|(25p7Mufi1CI~mVbNBl2tI+Wk$4nhildFT71ik6G#Gk6XdMa~uAYiVt@8 z^k8;22+(h=g-L%`VyeyA(U(*?c#-6D_iz|#|AS128chdhTaS&4AvLbpvyI;qL@dkO zAE!LL^gF1R!&LE@cnH2}-riXK=y<+dF)lKqHE2aV7r-XeEW;*fY5l-`gN2ZOpA5g9 zC(h3FY%8sjE;PVi>Q*|iC}@S!FAnV*4>GLqLADl8wt*=w$a}%NNI=%ouvP;Gj{Y@ z_3uHUCc}7(=3f$S0Uf&076&1`BMo(8+1&jLmCw7Ob?m{$X|jsl;%BkhQ^DyRVPRp4 zQZ?H>71ddde)+hisvMNR=e~r&CuSUI(;|HK<8$>yj~i|mPJ+8Ji)iR4k9Y6UiDO0A zw#0u{2lVU6LOi;fPi^NLqBa$N-ND&etv~?I@;TIW0D_vDnb`=C`jU*wjh8R=F*Ye6 zrG`)MD_IsnYTBS!O0lY>Le;GkL{_vHx^ z2)*^cz2q@;W+qb_T!s}gtbdUTJntr`wet)lVfFUkMd zDnuK*pn-Ta)9v8e6z-q{$tHBrVnX^Y_4|3m!!X{NF67R}sRltRee3=Ns)Rf_m;ym&b#_s%1VRyuPw|M0B+x*_~0q(`@`nPfqapWV8J8;bwW8R!il_9vP zwojBB^d25o%VnSP$*1S zb=UN&YTX&Gd@dYbQS^DdwEJLZ9X4H)^WrDg@v}rBHBGW=W{iEPfqRD*Paa-g0|TlY zzlkYtpLgAsl!rlQjd@JXaMf5_yPQPeMz1rrdI<^d*p(}n{Sd6xts;+w9f(^Z4D0w9l zqm38VV{4UH>x({}skwQk*qhJ0{ij!##DA!@(kZD$QDO@=-Adj2aDgqUgTw7$lE~eo zwt(pv*U5smq%@$Whj}y{N>@7|F!M)NuSoPT~|8)5dN)IMcO(=z!T| zqeOKa%wXU0x_d_OnbnEeS%0}A_u!qyGcWh&R9X&98K7Y0)cc!$#b#T=8B;Qm?J)Gb zCH!A^`@xo*|7pfM9j+24CHOj>^sVZF!-VYe-g1A+;PObhNx;^ogDI7VT6#M2Q||GB z@4I)En{%D>k=)EUNzGnJCkiWj{4ybO$iQ8v9ocgC@bTog%IT(>~SOCRzkeJy~)1l z>V(C!XF=JiwK}>7Xz>p>L)UCsS!qH#$+cGGeR;~Ynh%ucLnW1O^8o1#7%N6^#x9=MM$rLzh9(yfeP4#_Zn+!)Lu> zSML5LF(>Ey6chdG2jAji-XBG7fxkQB@+5D$C>=CbxM+r*A!}dD_*VoRX-FYuauURjsK=x#!xoR&dwTyq$it&QIZnp zq{zrL>Q?To)%uYL>wu>Zz>b59#(@cVt3hOJQnz>OwjR+HdF~}FMwg zbMv^vqL6Dt@01j^b8|OY3yBuEsye^%_#DIDhXFiOUp_V|su%gV?QQ#I*VkXBa*>N_ zX8Gs0S;kq|lQOQMnGz6?JuBQxNd21i%#`<^1jCTFw{*AnjvC6?#XUa>WlEob&q3~5 zTj$neHj^_5qM|_gOo3mZaO*mddK?_5Q@fdbg7UeW1_o@O8nf3_#s~-s4$<bJpBlF);h@$6Y>otl)@bU1h>^9Hx+t22d!Ee7`dF)S?$Fwjjr@qSqqoolUz%%)Y4*6&Z$WZ%5hiI(MgE(I1N@`;M3Ey zRfcN!l}Y<3RzFNd=J-&VVQX-Se6zi6GS{OPWhCI{AEi9hs!i)uQY~yx^4_@GH`CVD z*ntBSVCX949g_=in8#sVZE9>}M5Ws5KL2w2H+SbrMe6)Vuco4%>S85y>CN=#r#NKfCEjK7ssvY))HdgNDPNF`tF z9+uQ}wSn=Q8sa z3B4(@#Y@kzWo*pJ=KWXboVP3wh`^rIcn1_$=~z}dWmYxCnL9Wf_b6+4x3r&A7^3Mq zCAHGjw7%*`Lcy+m*K-1m)Mq8pj3beZnU&S{lbcu7r}Q9mo~c=r%hEF6~<9DvUtx3Q( z79LEvp#4jKfUxY|<*GY&=fL>+ehC9|)NC~F(msb4sjgc^>7kS~j@y(`G0TCPBShS< z*~VtW-!BTvx&n%B{1LA4^0glK{|FIKz9g}elM~PFtZ=7A4Q}uv?^=bSRr$nQcSJto zobz>i1mEW*R!qDWG8+|QyuDkrX<+43^!ACvr9-n=!$;{u3 zIB2{(H8v9OT1Ly(;zr12q4mf>hqI0#!|5BFLn;R&4^7 zIX~(^TCrR=H{I}SxRZ0-@(*PJBOJcDTxoOhIsM8ip)OdcKuTJFg@nuOOm@cuo5~K{ zDzPJXm&-^k59r}B2QepRP;WVKu+Tp}+jgcMlvCel`}Y^H#Ut3a^l=_yXSB{^U*fVT z#TMzQGmp5Pfjb-iS%QW<{KSXZTe%Sz6<{+Na#FRgYeklJ=cW^wneOL2ctvi|j#lYI zLzE@6`^ToPGLEBC0`+R+P6HOTq6>c>KRS0?=NQx3lX|XE-rc5(N%ymTiVsT#(Ebxk zZ-8S-`k{UI$&+EWeIPU78}b_FaIWa9K61oCCb=&zmv(>OE%TNeRPRn|9h}xs2z6j# z6o1i6R?XPN+!89CT(@J|>u+8OM?{YlQX{CqN6*0ICu*4{hyC*vzOPxBnP<^>X}+qaz?dwo`e zK{!u>=1G&6PE0k=-_SB@6D&;xFH6nq=39_SuiIcL?k|-aDUoC)Zs`FBw%n?2X*$>$ zJO;^&>J?G|?EN947s+q#egxKC@yq$z9aCWs)pfaLm+fouXg3SUjsT@Q$XV(>@L8wN z5YhW3`XGAO*Fj^hE2Tj%jNRh>%}aelKZ3KevQXFC==BGJZF)3DoZB=Y>iXo4X&kiF zftzQ)wRTT%>(_-A7Xz}kSkA-e*{GF1`1Kghb!<_(g_EPK0>=G%Ar=2HM@dakEyo#TgSeqMsJUL1y zL;zyLIu$$v4}3wRFQ&gPd^}3!Q{s zLgBHltF(V4;yS*3?dP9AruL(wLMwRt>)F^`v;IdJn)y^dgabE|;Ktk9v2kw7t8T+S z3)MTriyOo6kJnbydl0hYp}}wkj@(2S&78`=cp{?Psh>FO zwmI5WqRJoF1ilUPy%LLQ-TCu9-B2!9^fJ=W?jjyoTTwxe5Kyoq`qgn_ZX?funM&=; z+85H!H@K<|>%sh1Fz=g@y0w&v*RktY6BFr4CzO`}HN-UFsh2n?xZE5W8F9G$o0Ua< zEqap$el8|2{~841sWL5Ldro9fS|#$VCjwJiv$H^L(s6UFfBN;(oGk>-qVR3trj9d; zJ}l@@shltgo?5%DU4v9qZ{V)YUA-surJZ8^rzajXOx>%e%aP1;0#KsDkR;5Vv^gIF zKR8aQ`O_krNR0n7-d*%bIx92?zSVbeD_-thj)TG7;Zb8-*}dUU!dcJv)0&jD_Nay9 z`E+a{X6~|i`V=h??Vz2`0w!n3%I+L|)2&UhulRtaG&= zSO7r^D*wrEppBaqhl=aVK!HLdHPf|J1>cZ(I80HCBwHm<@5cDJfv+n*_FNXXRxQ8= zXSeunGp#vs_#MCdU~k6vru4?beQw_QZi5LIKAiT8E_0 z7|rbJ*WU^b?pUkYEWxPfm-T7*PSx{!x@V>cWM`GCzwN>&KpI=ixn6}SW3p67tTX5D* z5byrjj1`(rzgn`qec*b9A@L)~mpp$xe~U8|bzm_k;E?ci`@CXQY-Z|j~RfNxd|5#kqIsuFn6z~;GexDmCJcE2s zf>s1O7L!22Mf2tRM2IqEegDKop`B6e6AeXpKFyhr{L!7n(st^b-gi>cOYBxT4jJ+B z@r@PuuL$Tcq2Gz8uJH1bL*!p)WqZIeT2)1c#iJ%M$eqndh^(xrkWc7Ms;HdI8*K;JlYhT`wQ1lPKMP!7Kh5HE|$yU1jU=BZpWr;zsrL+-EFNhb`btH{YY~LJAkBg*#==D8c9~wQd5*hO* zz5AF)_orJrG=Ld-i;ZW@G&3A&e~&*-X)2N?$Ycd99GV_ngl0Yejps6iI(``hIor>{ z;%t!El<6Mg-p|e}3iYFbgL1MWgbk_8XOy3KIRZcGc!~0fdvcF=fc>{6&sWD))+tGn z?t+OuL&lP$qG;_ZeHxt_`=LD^EHAFd+#CxBj=rXawYd7bNcm&4ij{>t6Qtj|&F>Ru zl?@o>J|Fz@hB)9ETIa1hQqC*!paB0WZH#G#da!yXSz+PFlQM$D=M|c}l)gSH7o9iX zE8`9(Owfq!phg>FDfo1Dx1N3R0-IQ}dHnQ&(&q+B1%X37k?Jr>i13T2Cfs>dEp=OG zra`OJdHnwE<_TfiV&&UU6M6^d+Fi0UTOOPRZ*jq$?2T2#O-(b!-?dX9c;^K@#k<#B z>6zRrS6Y$22SbIwG^ch_yV=e_d?N`VPsW?zI)AR(;8+0!8T`@N=$MwpQ*_<CqD`QfOp@ z1IjMWvAk9JXOr4VYq&}o3REsJSuXTH)i7_U-d`6&e*UJE8=QMS`88}QTsi^D1om3I zZh6G(>G`@or6Q1g07t4RQ`qqjn}#+w$P)Nz9?EZ_ zmq!D#p)~lq5bjtNI9(`wuZL4&j;=yNVRxvcg1%@9Zc~9t_0|-lRT^Ux^9H@~ad+m_ zn13yz&E&>HEJqK!$)WJ8LX3mS>|?M15F<8&@W;%$t-hXCCY(hqOEI7W`cH8v_?@Do zcm?x0K4GXj@6BjsZ(sW{hT8GY?MW$Myg-~{*3lbS!WT%#eHv~V%Imb2{;dEv_&0*2cbT;K2Grvc5r`;03#V9x2&f!8 zmrLpSdh>zouy2Ft)v9mbJgcke;kFq#AA6!7OlfTmL5c)C*;SeFqJ9(MJT4$oTC~{d zE1fo=N;_z_J3oQ~1@ho3eDGXOZf!l2xufKHyCzsIyJqb)Xcm-rgHc>(IltUT0E4+O zGd*qCy9`0~MYKl^yTKYo`u@bY0opPNj=8Rbc0LJ@(%6lE=mofzZ*Og>tkcra5QIs4 zYm`3&wbYr@-uLHBNB3Pf$5+|T(F>DI)HmzymMqIIG(UBJR|LvvR8oZ+dYJDQkfo66 zYQ(>JDMQYd7$2|YX{(bSsIym8r>v#6O9h(m95zFGL>uZI$)s)&5j{5>DZocp$WlEK z4#HNwdkYFnmbO=V8~5o5&KCOiySRBrQZuurZBGj?$7feJ)p#JA8|x zbGH;b=Tb3DbEieIv!iKxVtxo;`+qn)n@4iO8pY%;*2{j1{oi7Jsha(^z{H{ewES7S8k_~#3+{>wL^Nu=+)zJG2!{$2@XiZuh+-f=F|)T>-5jn#^3^vV`M3dH~ay_-5LuU+GTc-R@wi=0|b)U!U>Kuerh!hhj; zh=cEa$L6l zM4l&~o>}_*g`zFib8P5#O17@$Ee&$rBZ4-u=i2YiQ?>`U$iY1vL#no>s4Mn11~>P2 zj-?#LhW;(YeuyT-m_*{Rlb#|Ae|&cu8m^xsNy;%wdctJA^!*+IrQnBd-RrEZrV+W1 z22oZS{ZnGK{1SBRUETrY4a!G?(o}Oh?3$>{?t_M=rbK7#LW#@PEm%p*8-td*y;;N8 zg`pte60yA`OE+lhA5K6MIq@TpiCmd~J_?1g;8fl#rVp$M4eae?E<8SnLtE4#+R&iU zft{k#TwY<{AG`(r-z$5NR?``X*HJG{c~U@vS_ zI*rQHY;T-%TAO*H_4Vu0{y?E3w!?@ELA>wdKp`R6BwPe!v8+w1#_Xsx94a@&prC-m zpk>A&EqbK*iB795f87n%=8#)aQj{^?`S~5xS5-C zuCei2!xdFmG=lyhM=#+s{N9mm&9Zx6Pekw{_4wEfl;zi=`*1iM;4=_E`E_*#A&6z# z1yZLw70HhvTd0>|cmZGwbk95vp{h&5i}ds}$VCp0^QEe+8w;(q;5|d5R3b!GlNE7O zWf;u?vj!&u>#boGbe7%S;-U`&MZGmcw4(^nG&Wfg!p6n~&r^*k949F)O*}yY$wlq~ zL`BGZNPbC@jM%LW7Vm_8Eqmm9zhx@7w>spzVuHMH_Mi59$+aHf6mbynLujJW+pnTR zrt50Z!#VEYHND)UW_by6iGcl9UFE7>duz9*uao2JNAS_hq*2V@VbV*!79C$BHdPH6{i4G$D0(t48n!5VX zjPiVCN@irY2`Mp2SkOpHNeKlsK#)%Ufg#k?+UG}nn_CvuR8<*^NZuGg-Jya)hw^GR zHw^X!#NKF=t&);HrdKe<;Lb4+g0{x+;FN@UIP+Y>kqFtpm_=h2JXSBl?&2U>UQHjP zJKLrFAeIW+>i)Ye(Zm7VA+K_7Q`EdbAHTD62vNGsxi~brx|WpW(`_NX_wiJjy?$v^ z_+gl8@eN`~h~oUD;G}_f?Dy35QOq8e66`1N$|%4!l!$x8ef z7_&O)KiBXf6c!rVCNbY74wC8twhBM`Z6n>X2rwzeG6d=a*gLj2(DF4)6MR00tEZC=x?wEYBu#)YpaW5M=81g?L zjXVRb8FqJFkebw(9S{7#ZhM&}s9)}9nkbx(n^I+7{wFfEp{q|B?Y{*tgVOKxoqgy| ziFmxg!D(GMNG8{++y3VQ8gz2oUxqr9`$7+chn+VHq<8;rHgKUQ(8|OP^VO9VV(e+t z7JzwQN2S#&m(rA~W|oYq*y8Wl;MBmoh(3(GxMA7WTby-47m7v$7CPTJAG4Rbr=g&b z-U5)m2L!>0_WEo$=C=g&5b1cR9186-v6wV*XQ1U!6an7B0~R@S!b$kfh}C!?CU42oQQMk@4b!@we!d67uz0xwHmEG^Zdz;uSHFyK+kt! z>f+SO5*eN-safQd!KVKwJls!MiHZPK{lc==srR8~SG?Jrr!T`g&?lq(n+%pZJ`2(p zk-s=qIs28OtgOt}IWuYpCLNr+;+K>G)lTzKlAN1oRkU=mY1v@j5!4~~v6+J#CBv>S zS)mZIrw^g3dUgjKpGx7oxUyolp=Hc|7xaM~jt(UO&RtJu*7;WULJfrJQ5poj5`zz0 z2$Zox%5VaCur+Z3avGl>KW>SNNuYbbqHO6Y$ECNCk-n!Z>HhR&fehsg+QabYR)2ed zxz`*2@@MlVTnUUBS2{^a$A*9D!GoeXN5&ir`56a?Rr~IyIDkX=5lwNav~w1OQM$H~|Fa6-Fj&*bhif$>QV3@h`Jd z@i@oFp(=1mLz8YqQu<}_6Q+e?#?UTvzLX9lc~#X{aFby5+FP8&1JeLsKSfBFQ}VYm z1?`e|sQVcXhgOFuKnhU+G%|w-Y7FwHTJS0m7S?rlp8(4Uz6sh;Gi5zmeIxn)QQCXp z86G`)(-#4b44U4-xK-3T!xY_3{=|H?R5}wX%lQat1R-@VhBD%uTcA@{ZAxYc`55{IgG-X>}=4{-D(sqArY((UBI`Szw z=vWJ_h~Zb!ZH74f$t-TL2>>hsLD1r1Q7;sR`rW4=&gM?Xk>AubVxQW^rU~!E#vwTA z`E;&sL>ENkOJ$`dEj_zYA@bbf7Y=ch*5(kfUI_+535Kcq- z_#-q9IjZI1Cjx0@3_dwP+ON4>WOdD{%X_-J8!^?nAG0_{FK685;K9ZP!QHFxEjv4u z)YsQL5qeiPM@LtO2SXd~X2rCUP8zEamEX0B@Pn8!t#kXY`5`A>DIAs{}uQP$a-!*OK^kf!{ zPt2dBw}jf$0DioMBfVpn9|SGX3%7Ib4;PheK$dOzKCLXosO1$EgR@Cx1AR<;d<@SH zKL>2ok-9Ur9>QIqR(RS^eA9E#*)W54)0A{{3#_x%u-U7sssP)tUX!;Rg#J9>A|O^U z>anle<-zhB{vPdsSOGGAG;3&dr672v_&cQ%lbyv=2d(QzN3(|y^{a_(H#VZ^p}*eR z*?I)oA=JDJ?mU=IvD^{TQ>DJ)lSgxwT7NqH%Q>zqpU3-Nc%Ewb&{FI}1aYphV*C-0 z(hL+{ECbHcz<4k8p?PVbRs7sCI7uXhkP+g+Z{e(Bpi(&OF$d3Q^0#GQYP}OYQ4Di9 zkNH3#YGeSDY-nuF;nz|#z3=E)+S<^!93Nb)>H;BgO!^4$NXYj&QtQ^zhb6@kqQ@ku zEOlibOVz_J1l*QNBTVT~~rG2U*?RtI&F;W3@F(>u}T=B>q==jDI?bmAwWzo2oBLW0BkfEJ7^`6 z!ANomVktlqE`#$&v>~p97FjwFzhH>(mo$S%hfw*u(HzPeKm%+r(mG$>B%_VsAzah$ zxXI2gKPR$z8wk}fW+lv@o=j*F0T9ApK>Ym8U9H(^?R8<5aa!0wG<*xq1(8--!qwVG}=uN@2 z0gVCVx&Q_O1+S{H^OZTfucG*_WDVYGj{YhcN(cf=DjWQ#Z&~+s$XgUbA1{Pxlz;&5 zoYFp8s`Am|!dp355{uay0fr>RR%^~Z`TDQ6GY-6DJIc7yc@+6O_wn1+d41`tn);sU5v*BNIfXOW_Ero0gWmh4F2>1mx*#HT#hKNaV2xUZQ zm@8GfQw@laN1O5PP*y)IJk=Ll<;RoI-3Me1?Ccj2gk5jxHCeW=U$B4Ecw@E-tvdk7|^K=!4y2{LJxH&UJ_&)$a* zLSc0LcdOHE7a7GbWzC)@Boq&cyMtoCAVkv1FEG#rrYk*64>&(Oc=WOQvzSDQa;<=$ zKQBTh>@nD-?_tX@_If=7B?i=sLaG$7vSL%>TymN7v2Mpngi$s+5CwyWhSUQ@6}&Yq zIY5?ijj@%-a^Q-PQo@te_e;(9mt8NZQmb8togGC*Ghqr8CXb3%eC?Q@eP&sMSTHSL|DZR0xp+Q`UAX@8M zMHUxD!xndZ{53jvICo?W<-|GvD)=A%tMRV`nh|*qj?~Kf_xOwzmEJ9lW?+Rzm)^o4 ze#F8V1w14|b+ZZQ>m_`ftF~vE0U2Req*hSXV5FnxHn{*6;hm7{r*5GJUb()g7(VO7 zMwI@{b%|vK+XE~o@D{9!CXlpffBtz1jFf^gyYk%P`k(}zab9&Kg|}Fu!LQHqeWo+6 zB8|OuuC2}I$azH`3_xtIqOK;~p_|Q-)a;wheD)-~SEP_D|JQHdSO>tTVs40z4S~$R zA=gRj3g+0UROWcRuB%e5(-0@ojyy_h{qS+iSvsW?2ifP-_n)L07Ves*vP^rTuEXcL zZ3h*2XS1OHs36DH3UUaCFVc~WU)Z?EiIq{IJV(Wp)$mTxIIoejrR{5;qnwU?bY@u4 z#`lF$OMBtf+&<}Dv_t@k1dduxbj>=gFL*=G0|Gn>XtqLirJ*Oi*maWbU9AA~C=MDl zR=1KoDxRooJcG%wtXK}=sZ@FpcnsJhf8pxtXRLN&VtxNan}i-uhxzjImw%Wg6#KB( z#E%o0P@a%pt=5UF#ub8zwb}?Gcwyspcj@`duP$?w0ur91jNjEq;k7RgX{?cYknyLk zL}&u3?jp#vwyhZTZ5w;x4afabVKrDTpWCx#{PCIb%(s#=9=!XuO?TQE53s9%2E9G6 zr1$ahle^vS`&n5xl`G4#%o5KPL-uf+t+f_l=;(Kyxi+QUxsennZgFx0y99@>(*pld z%bZ>DW2WMaU)8qX9kmv$v@>Wc=A7lv&IrGEf4ht}UV$Mxa~OrBcAq7{Gg_-RFY zrl320#@3F)E(X-c!0_gO9PD_vawDBj0sZa;n>zk1OA*Un|A*OX*cFIiH& z(L6LnhE;JdjLk`0*pzEF7m|R)0t7m~S4p3P1+jJo7!?XRK`}^WhC9S0+~1dfL0Y{> z4s$wv*bE=6p861hp39p{;g)7h)@hJGnrD77aDiZToT&n4egD?;tWC{*l>MVhXqf_9 zkeBb;OYpW`CZrHnfQWb{U~z#M z3hE|hXq?S6r5>2@a#tS>VesD)AbTd55;V7l<8q{qXS2GU1w)I923M?YP<|4^0I-pp zN&P~P-&!z!f>Li!pe8{|C@M^K7J*$60Hh=YGZVYstB_fmn0JJTUsh%Wy_VNF#|dCM zIRIe*j|oZn@EoZCO5*`64sB<|p4f3g@JPkt*ryKY9t=E4GA=VQNe9|PT;%Jg;M;8J zlcN>6Me%E5HjWu-*;=K^od?Mn+CX=?GzkBU2zW+RcCZ@9Ye|QEGb{&86dZ{|rXR6C zk^>kr+&D^?KCvrky|bq2w0srj8NSgBWG~9n!HuIKH7FEig+wl$XQ96aFXf7pmGl5R z1?MB+APr%*b-Tg%XV6iA7#U!E6OP3?hor>BhT9#aq$({^u4r6wNTRd8abIUuEjfp< z?|AoPR;+=bK`sVYmad{5wg3}dK&E90SF8FrK$Y02$;;${8&ADaul4ek$Xp10Cs#1h&`?K z39U@^Rbi(wP%_YDXD3WdRa_y~Gwjan+X5CW3LMUYI*mIgu<=nGW4{m(j7GqVHq-yn*i**z{$sg~h zbo#AYm{zP$f7nNn;M^PBqzBu*J1D(OJ@l59iHS-g*u_%e^cu)?fI71VYY1)ktUdou z;4hZ{JK;cde%h=Nn)2KgWi2r30C)T!dZ_baeW@)<1tK22Bbz=+^$AX3A+2^(CMbk0 zDk2@yxG312x~>CZbNvEKJe>Tb=;i)xYZ01GC`@4Dx9+*zdH&2DZEe^`O>jBy>VnA)x`{WLL;&f4;HWU4{W+r#9}$mdi*W^T)6%>F-2u*aNI+} zr`cQoKuaFjae#OW@CzO#wr92^ZVn7@tg$K0n-nWK(^a{a^E(-3e!OifD*HF2o*`U` zfL0u+N&!tuLb4%t-*7WNvK{8K&ND9?neuv;0A8W}ul}0DI$+js#yRW)?*6n}e{E41 z0qYV>2yz$n`aE_B(IhH92RI2*ggOro9H5a}I>!3!e*V1oj_I~HhmJ19=rus87YZEK z2p^SqivF_u_gBYuPk>Sh@#ti1dl>fa{=IuR(AvDF;%@lz5f*{%H|01M6*Vf% z&i?(z)GesK0HVVOtD$CE2iX1l4kPrd^EYH!c57<|1Di*;_3pe3HyQ#e_$X;=0%p4; zJ_zgsaKG#zEkZoXeae&SpG8921@>lHzE8wzv4>|B4l^MHG!&|>abdXN9DS$1JzaH&wE&{O6_)ddDIGZ~hGeVsi>@1UvntTw2zZ98(Qf|0rGyXpDLtPX< zfGLcb_7YVACk_~lm0c>~<&1)u)gLq|F{duQ=%E4ByAH5>HE!#kH+-s{5Fkl{Xay)r z6e0)F3OW?Kx#w)BT59w0@gY&nuEKi^Y{E*&^(wUJwtt51lXdE^5<*;d@=s5E?L1Y?#HYD2`e;N5swsD74jz4 zudS_JTAL$;{+Lb49Y#ybMInv7V51==N_9Y4lMJ@}j3#5ZYM@jofP%iTuZ)KPiq>VI z1!2kZ9u5L*A^7&(nd~3hHSNL&fsmOI0Q2oK#23?^c_Uph^B9u4za_W4HwP>dq?!Mk z9-eFn&R>H;8>w{Co!JxNz-;=GHC_*N2gDcx@w;%0S3_xzA>DBp1wB1IZFmXm)SJWA z@;U0L51#1re}HYj2>KvMtACD-UE6noy#>1#vG#Y3d=&xS7*pbSdsC*+Hx7l02ub~j%) zUHBRDxuwf@Rl8!`LdmRd9To%Gj&W;46uU)&+^UWDlx;3xD3Hne&U>5c9zu>602f3f zA&m1q&_bZT+}h2{G?-TSBw9;Q>8Mrb((a~HB<5~;<*LqO6Q-A*o*>NI^s-5S*a3pU z<+uRy>YfZosJce8!`G#8`*J(>VW1E&d!F!Jd{ zRK|fx>=ra@@3RQa$>MsVS`mVC5h9eSGqRpiJV%Stu;Zv=2yzS0BXw6T02C1E%>XNp zZV2dzsQ``L)^FTM{r-nT_m#b0y?e#-$(~FNAAtJw40|(Y2l5;P9QM~^q}~H42ukWx z;6y+?^%{DNgVGLD4#)}=MBGmicm?Ef0uazZssawz_*AGhNEWvF`$yeZH6Zkbj~ZKC zG<s=9}jVQqoDFDX%eaQ%+(j^i(A z9}*Gin9M43N}-9RO*5PELBmv^!+JIIi@oK@z%369Cx_1U4Kt7zGao z2l{!>nj|^MA;7w$AWj4NCNP>P>__d4rYndxKr|qQ_JN$xJTt9!p(7{asiY$Z%SllsspgGpnu2v zaABtw{$&ATn?P>@348x;=aUson~W`Ltx9armf#S^jWe;Kv^WmH7-$Vla;>)Y9!h$f zLc}q~8s?v#hxlfbv$>rG{{wpyknpMx4*RG+y=pRFUnvr(~ zFTYC?5Og?DzUl9QkOw1d3qq=ZX*>az`W+4?X4%8^MG-o{3`pVH*$#iVMw(Ihe2KR$eUCj1s6byVYSKUBf>krf(Z zN0!8J=$>@LmXGS7hp=(Dh$dl~g&z~X&l=Kkz3&dDHQ>#Q^>3G=nXg|*kU$EKp>c;_ zUif6fJ3Bi%03-vChKqn!ocd5dpkC(Cv9Lva{laPZ0#^;N3R`&dg|AoW?rh_tGxSs) zqHN_#dQ^bDX`EDNwy5@ONS!^@7Ud32g5f&2B@_@%F%&dc zDBD~6{TS3viq4lFPd6MoFojc>es?x^T9Zo$gV z>r45f?&cOJb}KD`R32h+O~qy}QLpb>Po8jrnoazQ~xM*}4S-FS4y8zd{LpJhf~SO@nHLY@8xeMk)m?#XfoA8Be@V0ZEG zlj-0jj=ql&u^1ZM@dVih*iM+RREvj|6?0`0x{wQS_g)KS8>Y zk)K>PfXB;QY|uyntj^SO)0@CzOwruiooEzm2+fCd_~%Hg#xCu2MBXj1B<$9hD^{HM z!b3w}09A9$LoC^+$o~ZmdiFA0vs@=n9_JF!xxy}&Q98QoeN~xJp(@ca^+6oW{~53Xb#AB@Y@c-Q&-?c2tQ)=U3j3f2Q`A3Y)l zoC($QfZ~EUv{+qf(RTo+b*F9nc1P!+{5eG89ue(lr@S6`okKjcm)38o4 z2k;1}f@es?WV(%(Fd(xMMAqMpX1_9>wmlDd54ZtHRIlIM|1t$!9bRq>39;zZRXl1{ zm8<98h=Ok|;@bznzsbwHdp_-BCr;|lMw;XJ#zFpbthGY#*8V{}y93TRDY>+<@te9L z&CFk7n8YW}s>(BFDM{uZOMXAwD%7@ZFK%Vce%P~EKL65j&Wt?VXhABZ(9q|n9S<94 zg`{=mOhMqQ-zQm{yn8)s2v&D+r!QZ=NN_Cv9vybDHKxT-Xc0TT?nv}<=^b`wZ@HOX z=FP)+p`@vSh=>%x4gb7wcdIGEmVuPgvd~^kg85<%rtA6Sh&iFp3TY~dpa5}A-uQPC0aLqnL-T-EFCEyn+R;hh;zjI@k&U}YXHVanXb z=?Qggvw*EFHwTX*ykLEsjfLe?F_E>%kZZTOWwDZxmgfAM8GF-IXF1lbEyCX5p9Jv6 zMl~;|<0G!zS!ySO7sQ=D6ToHL!y+5cBg<*nX2#xC5-o78cj0k3+{qf8#`-a~v=mzI zDjG@pGTl@(T6lL`T2_|(rElJf&E9lV(3_i!tOnxd^Yd`1tRl2-1jyWAH%D1n`2!s5 zc!P<5055Qe6FM=ba~N#KxCM;q+k zt+E*A_kQ)t;$ z?mb+`0XDZwQrnYk?l;nS`U3oed*Gv3Rr0#{*q%MgfWC(xi41#@|T-qf$b~6C(><;i-6^9lqLHx0&e@M~A~i_vvrL|AKojH153S9}trv8zaOa6mBx=MNZDEA``(9cExBnonEed_$)0I4jH50nJxPqt!6epU3 zpX%v-V7Pp_@Yj#Rjt%8c=h4Z7hM|d08?(uyyHmVPM4WFfkkMron)W(XT6V_1UFaH2 zS9Dw>hwpixF^$mv$Hee{Wu-~jR9lqpuE$i7)fj`W;ycR1!s0<)%-RE!PvM4o6gw5A znO|DCgxqEi1e04@x|`fALA4((V3>81i0VT`I4frp2NS<4C>W$ACD+Qrw^pZ3mwwi& z{y)Or1FFewYZs1vTYzK10s`ADh;)_Sv4IgO0s$!j8^zFji4eAptq5oYkq*+k5PGC2 z3QBJw2Bb+R6p`M-op0jV_kQ>OWBeK8oDGt9y{pVM+nUd_R#vY-+X{7y$|XbhKNlv)v%Up#w@! z3V$tx@!mlsSf@FPijx*MExLB`uK=5#GIzG%Z7|}NSl9tp$w^m;E-o&}XumhB=!2j! zHu?y;&!4-6%!OOuwYhDVHC?*Ks}&rT1q_bJeAk%MKsob{_W3R;cU5fYBeVVK+YM0m zmOFOtsB_3|acx#kefQJJ_ucF^xMJmKeH~%BmLq8MVfPd#j8yj?`srbDv!p183bgBJ z1BA7a?8oKOVD#Loo0RMmf`Xk+ts(PE^!Z#j7PcERiMY zi!<;(-JfB3#fBHxY)k27`Pl~K`CFGZ|JiBlFy=Eo=uXcttq*SYkW%Qh93HOQn3Vji z9eG!2hIiMJI~SdN0+bk(QMD9bz6>{4WctRI%@`3K)_U#PDk`$C4^nCp@``%D%Q`8W zzU!wFlfuncjYyhXQ1R8IZV|X?SFp^v3KbG(p{L&-8fHlusJ4K}P8U>J4fljy(aD<4 z)Sg=Uw1icm2{=_F&Z6he>A}`j|Bn%<7Z~Wo#{F}CAGe3S4n0bBS}OFb-kDedQ&he> zkx5K?{(OF??T!4q>E|Sk=u?F(^3OrW?{r z3T)+8Y&`*ZzTDTHlpAuiZwomdN`F@Un0;t_(cNrix>=<5Lljl`&ni9BP0aL%s5Sd+ zu3Q=R-e4g_u=UQL|NE-8w&AT?FF^^r4Se*b*~#$8`&=R#n43?}Zhj99rJ3h8wf<+R z`Q|kJaGYo-O!FQ#HVjB6=p1RMe$<_~p)$NW$8ov%-fJZy%D=vx1ihAB>N;XG@bU7q zkPs@2BXV8-Kz0D4`U}c>eSK_)zPv2+ZfUd%Z#(U253C|GHUW}s1c_KQ^i0Gakz}y{0TO!D|H%699r0y2W)|-m6frTgh4hj^Y>Tax)8k^ zUL~fL*dsM1F^0>vYI`g99$S9Z;pLCr=xDDlUS1GuR@aDi0$+yRNHTr-b*#%_-Mf`TG~ zil*Jggp9{~kD!T%CCu-NHU<}6cG?LudpX2LK8*Cj$K1NzSoB5`K9ZP!u zIOdvIHcYt4Me|C2==xa8M-WAul)5B4_kc+QS@MeZ934^=NbjAc8fLY?C3M41a@>=B z15S13)*PddIK*jLrSOk`K4M{4JUi9!2VB62QuwE@V%2nGkGCCW zQb4)>pK^%SWPW(+o*$FsM}vpJsVHRV?EES$MxXpXVa==O {kCr*G_e=VkJ0ah>H zB)hR}8qS|5u*F&LugS~H*UUyo+ab#Viww6aBF1g@;HlFmPMjw`FN2$8gQ4jc^f0HrC7|EBmDMcVt{4xxUkgBt-9au)za)B!BiVK3gq zcUO2u0h9yTzP_dgN!+{k>0Y_=55PdAt*%`wR{@72WqCQBcvp!qTna`AQ5l2I1_q&s zywLb8>GKiok#GpE9>SIFj|%KHFT6V16f4~&2oiGQ#C6b4y4oJW(4*(BJ?37sJ3_dS z-Zw8zQ-E8oV6dHs%ZIMJ@hiNt1Mv8qZuedv?|L0qKkO2L-HwXixNlS!dr?iJ@aBhH z0d#W{!SICdS|nCGu}&xE-0OSy$CC-tWH<-7|6~m>-v_r-s#$kRGa!Z$!eVT$TYICdP?Dns$&rKgusI@Y@dxRhg_(7Abp=qK zl^MGJYFDDgZ4|X73!4R2nCLnGS(6 za;tr`+q^gv-#jW|*7A&Mc(i$Ay*17j(Mx??tp1sN>6-)<zm~va$~3)D#Ge z_lEC_F4XEopCOCJ4YM~k#i>d>Z9&WkC{Z6ZWO?`P-&n&xvUV(AIXqyzEf~=CkF4NX z9}foUkrk_L>X!eTh8?4EADsH40R`q#;TE5v8dDx}H$an4!&Z}^4Ixm+PXvC^~ugAXHBeB8FaHNs}m+7(bseB*ZCdwM17t`iQ z)!m*Il(L1xv6GGBzXjOdzZm_mlKTIV1=|9@jh&ovO7}d3vPae*@Aa|&ya!{5 ziNNk*y{YRMBF;8>n~dd3_pz1}*#3F|M8?ztcPx!15LUto z*Y6Jf2i*oMRcKjnNUHzU_2FRv(h`~oQ)|=PK6mJQVgSvOqVG2m3MzxxZhXf>$Y|KD z^XR{GitN$;$Qz=JtLO;(N7hlYj?=mWG|+m5x2kud3loeXIEvfX$Uk13%P_3;T_{#? zU3^YUHlsw4te=~(W>nz-vbmiazYox0iwUI5DB;1{-1o5xZ8uH~$tM+h&sm|{zPvmc zMm%SFc<-h%YeC1dmK*;A6UTWtuo4!MYry#YhqIPeIg4L^HjHOow;I7sb(O*o=4U%zVUwuMB#uje$soyt#eG3@sp33^ySNm!Y$?@yjC2$ zSlzpC;7@}|@o)NYd)5dEeyws0*Rh_3n*Ok#>8TtW2BtEONK|YrO0C5|VP7Bi2Y&u? zoGWPHLYovU41RUQvCoT=l9koaG0PGH8zJVH9YhZk5Jzyzr}4wXorP=C-Cb~1M7e{c zeOJNZ9oBv8Q{497-hG%fg^|L?<_ObB@O%R4F#TTS8P_Z3;3-CBE!o%=ra5_U;JT<- zDjr(zo^wfBFyxE-Y!>bryXIoMmMr_k$;~Y%hp6S@>uVgZESjBG7XEli$o12biBa)2 zA@|W?RiwOH;yo(GnXmId#%wX?BL}j&5mDGEU1*xTnI}c!axnGzU{IsJ<&Cp&+1-|2(mO)*4shZSSYRS&Bo6tgXL?7t|pVG%QRXExVzg6YV_fyJTMK7G1p&%QPg+@Pv!dJpSm zWoj^k2JX{1c@FC+UrqZa=ttM%hHx?l|(F8z-61xbJC9k3>I4T;GzFUVEy_`yB08%A15G1-l^_o zrE2Se1gY>*d6>)vj%~nThI0n4eWr_FYK~6R@!NkryPZ~gfO2TGcy3I}0ueI%Ri1ho zmT56#?gE9-BJmI&G1v|9)oH!t^U@lgZ?I2{)*XWu#)r9jaKY2M z?r~ct&Ur+FyX-%1wn)klk{7OhY0opgrmeZcQLewGI^~P%{j~K5J}eL5CKpp#o`Cs( zac5@DDtw?&{N%ymZ*#E*Sa376Tqb=j{K_45tKKO#iUag*Aj7$CwsP}iZLn;kcybTr zcuzux=80QXF(JbJYnxREDxi~Nq0AiJvQqd)R)%bH6jnWOrEl4nq-j$$p*8M8YmS6v zD;p%g6!`-oJJ@|VG^`Hm?3(a7%}H@hZ-fAwVUr^bC9I+`ugD4s}hJJy@`KoXtNRYn{xMVS>NOVqXM2o2-bAFO7q%@5ljj>Xt-$Szia zHc(4tx(fG+Cug>O_3N5EXA)$g%eSI&DGK|+-Wcw(O&X((K8^9Ff{aQzsx?ora z3oC>#rH;Ot^P|fXlJ3V8%Nyy4+G+Tx7lfE4I2LX&r4UvUsrKvDJL_|;RY{slk@(JI zD6=ElzIQx!Ol8nZ;_6)RB9F1D6)!Vu?k$QTI@;hjVSw5=!_hLg#^3YD0iNv_#x}FWS`u#^nECW zqMSj$41ct%;?UBc@JxI;%PjRT|EO#fPq>V$sI$MWxXHNKC|-V9VS>ILl}51~3ZX32 zN|@_=8CD~sL6rnEjZb@Nh6o1MhGtoCMa#LuY_Z+Ec<<4*cv^Dtq+iJNi_EgN$#W8v& z8AM~W#+_jTN;kHUL>%`U(RPxZAFQpyof_AD z7GHrV%yjQqcuBZaKpQUpvhcHP3ktUqz-Fk{AO%|jKKHjGfz%mHqx(AxLn@y#^+yq- zxF!-%d9jHJpY2}#y!Pp^TI~59kjkqP2U`iB+v3GHBBns zd&$1Jx5E$;h|%a={5{{&`)_S!dJtb-jd6Qa=Xn8Y19UpJ-Nr6=N5SSg=?xY$2ylln5Y-P6&>VA~M!3#`D zS=riv_}6aQ;GVyMez`@g+e9tcm)=W)bpVUDXfI>h`1NGlyQ19(wp8uQ`EeiP_ls;e zLpqV|9RtVXZyD}WsRsA3{6_M4Jw$^wG83s__T=n6cAL-f`J}=gFCLc`z3%yS<#I5s zxXX@b7W$m&9J8jK<2pqm+{v7l^| za{C>2585z}vN+XWL{>C#8WB~p^Vki1DV#AmhD(zK>SI@HOJLj{zFdoOXB0HW<=Pmo zRf!k&y?jVE?fCp7l~FD_LF;*I-b3p_v`GvHtNFgq!3*qO^-G)QL7R82D==<796oX` zty(mb(rT`O8XIde&uZCWXkXBZr* zvt4puTN}V;D0!;)4UbY3bL$4$T3>~g72ORQ%Wb{72V7@ zuxqVP>8iBgVwCS13iZl&#on^KWwJAUNo45tjF8kXnH>we!z(|#Xi@)Q57PaX9I`7Y zP&PPDLd4McL-;DZaka@qEzG*Uk(V7_65q(wnP!(Yt)sxy$Ucw=-zcE2CAuHmd?&1U z#mNxkd>*?Ek2tGlR0l5Z+%Y_#UhY3px$>uNbNXBU*b$&^(^BF^k&6-DT+LnW3+a5L zj2uO%MKRNxHjhA2fmXA--kqUU9~6?gWIyi{BDMMM11Qz>A6c~Omih9oX6S<&_xOQt z7gbk>uR@bj-Z_~yLe!OW>17wBAyUgw%8mR{DMM?@#XGJn@fof;H~amf@BeGld_$>e zw)n;&54zLmWQHm!00~2E^qCXKHcLvQmv6ScO$km^91>Q&rQ~t={weQc(P-lE+EQJq z<3rlXEvPfC{@3$@o>)O}09q_;F0|Ey5eajqqccTGrskr5!wC{feaNTyXo6R3h? zh>G(UxuM=eeM_?vU%MyI!ASow3PZFv7CY&8chN~IUGwHUngIA|*PREVE5yVlr&cxC zdGtO<=v#3h3b@6JrSG0;8%1F+RBy$n(@S=lb`%INVbjZAdJd2wT=~9cY`x{;OlX;# zB;J4v<5p(U^8lWTSKb(QJW{xlJ8G$DoE*q*6lF2L^FL1Z50Ir?q99p zg>V4n?iL}HdU*;Ab;b&A6w{n8U!;LMe|l8aD;lDLGk6nZ z_e{4YVsrb3W36rb8d{!-=lB+U81{`yeA|_rC@A7Se>Zt6d0D80eA)Mb=$_sAr{9kj zPMtS|-eK6oD-=gNRsyv#2F1Q|NW8fG+Zw#G=HY5d4WwCm{RCI^hs85P-}O!Y@VSi9 zk~*EVl=%`+o_LC9IN$oEFcq%o7$tg3w$+g>@$IJ}+Wbg_@ic_ONJIuj4aZ{eppg!?hoJ#3o$E)e75_=Z?fItls;zT7H2m3z2{l zbEey)Z(yL9TmH(hb79)rq@!u2@dQL@vUIcB@Td;=UuL zQ}?TlI^{1XAxQ*2OW%(43kBjmWpoXR?Div@g;)C~dt4~4nK?IV^4@kO*gDfY))vYi z1yGVrJxKw`ds(Wc>X3Ag4?5#4dEY~D0?eDYyJq$-`jDF4yJR%YcUlvNRPVlzRyi6? zsR%~h%qcrz0_l;O5Wd{*3PRLht4p%v0-62Cxe|7}9=4e;*i3vyXl(D}n8BU9Wc$>i z{6dEWuE2qpQ2bYgCwX0rTC|-XUfi;uHQ;%!b0!&GU^ENYMJE&%HVe|y2glfF7E{x6 zLg9zp@JEvh)8{cmzAZy8FQ&4oFCe-^p?Hz>A7ndh=SCW-mj8g+3M*TB5m$K`N(wvU zooBhE#LW+mh_-xowRW4eD{VUDD~3iiAg?|BiS4v*Rt~rN_Y>$nLGQJ;V7F1qt!GxL zxjCU05F-4K4N$f)nHeZ(+o4?5H>o#7V0tb0uA4eqMU~2PYdnol7SJ>=6a@qZ zb8*UT4K3`aBC#M_*||&HXI&mW;o!?T6Rxz#n79)Cc$Y!>xaXduYx>4-Q|c;>R0m6; zWFAg1dM70N52M?l+r0LI4aO~RZC}FyD3bEjDlIHt4J9OO3Rixeyals{>e|ONn3unZ z^|e2hAaPRqhJ5wP-1Lj_Z6+NB6LU++6IXM)DbY&ccNS1@VIe7n2`l{a=sfP*(|lpf zA_vi}7tR#o+npyjI1uFlnJeO^*dRDpml)-ap%yKL5(#t&m)$F_Nq=5(iT#$D^Vnj{ zNH&(3d_ke7Fq2k{7>@#Gw({mP-V+;c^Y1TSKb0HJd4@4?xX_iRQy;N(zFvI7C1W)( zgyR1Fp}92ayOiFZNdZi>{md<#?znfrG-LE>q(}V{GrvBJDrw?T^18w;WA`&d>yD?H)p0S=jwf?`S_xVmxKa2Ctoe^oabF z^d%$rl#l5zxOX0i-11Y1I#^-l9>W+BkzT+QJ1j#)p^<6c_d{@D-ySLaQFy`cxaJxn z^O0QRlb2I{+>77nU95U^OblnF@3S6B*gvkY6ob1OQm<_UBy@$IA+=lA*<)3DT^Y8McXQXVsxnk>#4haQy#_PqtC}gLAqa{|@7kLGKU@LL%xP*~6Q^4oB zFZJVeA+S-H{%}}2d!4`M23KAoW~TewNU_5TqddE|*8^xaIIfmw|KLO|eh(?dY9!4n3E zM+Easc~WSZGt3}{CuV1NSa7H{fVsbDPFU9y6m3a`wANQvW1^%`dQgs zMdqUru#_)Zm~?bFy9JnyR@la!cap~}tgInZFH`<}v)?&GzO0(=F-^0Q4GJ;}cj)Q1 zzJ`hqidGu!=sz>lWkC34ih=);G!d7frRI$@1Qz!{W;-vTaT~_gjAHFj3*9(mQ`%w3 z!RH(EldWGT>ky}R*rx31)< zvKmI#WvxsVf<=a0cg~%DVbz4lwn6(&0;EhZ_9oNric9oXc;a!7!h3A(c2w7c`sTM> zMeL9k+16Q5c|;GS979 zU}igYhL`Qa%!UQu<1D~GN)?wA!20>3;uGoK)i*gq4I)@sYCdMc!+rH0W9!W|`_Iw~ z!&H(*;L_gAI$xuV94X6v(M65a?*Z@@a9MMod0J<>R7)7R-X;Xj)NUx8>E2hhz(3zP zkk4t9(e|ML33pMkOz%?1xfz$?QZj$J_4DDSgJ*832X;XiV$^7)*vRcaaaBHe+UB}` zZ7Wa4`cH3c!+L4-nvB_;-YbhkSOZG3g|H;j^3X_k>Q!Pn*}$^c{KRT+IY$JUUmst zbDQXvkbn6-r7+dP`Pt{yiM3h5uc}SIm)A8 zncJGammOme#m$RM%@iwBTyUL3DQ715cngR)F{!5(S52DUaxL0X>;Zgb9ur+MQB z=dfU-cx`ovxk+lg%E0RV1(8*&nb#hbewAZKgW^d3Gf25~$*JFEo=BEJ@S@X`;E7M8 zrt>R`630UD9>q56FaG>UvUO^`o~T?qso>dq?>P6;m#u7EM;t+-`wznF6x@IO!#|!h zB>~Bnt`46kf~s#F&VL}{`V91brej!A-fKmjJi?R6t)bP?|8yw>tVl|)D!e_11F=tW z7vQy%1QKubKI!YBE2%kH+rB znFfB>rE9$Y-xP$3O%n*|^`P~~y|KAxUwjD)wS&SkHW@+TKa zQ8hKTAES3zh3`b!T$I*MT^BpdOzx@)j?zCItGoqbz*AR3YfiUtdp=tNiKEx+uEO%8 zXUGNY2}98rO@B3eKeF0*dq>J)(G_Wg=PC{t2?e_Miz=V|ClZPHwC>a#L%E%6kgHyZ zuNm(M=B#Y|bT- zB!wghl;};~64WT~MeqQ?AJLs`;hn^%bZs=agqZ7Ib`Pp`wu;=MHaNZcb%RUJsS499 zgw$LPzK4opC>R%(;=km9e+&?a(^CAO5`!A8UhzX^DiyB{w5&wsrt}6*k&}*u)x7 z?}rZ9{u3A_I{vGHR8sO4!CgQtBvdeqKz04GW8?X(vgy?gZpSaL;~Wcg;N%`yu`A5u zF^1+j$(pZ)Me2pqWv-bP*+uM+r%iEol{hE%T5MLdS^&|5-%7p3L=)PRYXeXTTFuH! z(FmBNBJpkF!U(q`*ZHX8LS%howm4RU9pQ7jzXhp?O!wT50y_{3Px8C!J zn3{l)rHD_y@1~81X`3CAKZ8WH%{H>fjGl*fQ7l@EQZ32%njZm8Bqt{eNl6(XrMl74 z#{~ogL?m4c89xJ5J8V^5N3Ov^J!Nq!P8cc(042~>Fn(|_8ir&J6~#pU?7nyB>9Te& z_#0y+HRR=KM4WXb@*}apcP%xa7JOPzPy?z{edhBtph~wqhc(0NX5!)XlYfD_8zr~t zL$qHIaWKxYb#&%^N58A=;`niVoOD5WM0bhCVI%=b(%g=Uvt-tor%ZLL+PkFJeED(( z9c~?6%2x^Ki4^UK+tJ}K-rVS3ip%1aEUD3X^C!BCgfG@ug8^N>d>Ne)vtI@P9a_(W zC|%OF2Cx(ed;~xf@-*7QgmbftYn&_~9A+x!a-6YCzlhVx+)<|7Fx4%QtB)7p_#^W+ zY$;TU!#=JfxqRgX+C4s$zNq2ucFZcE8z40XN1)x8TE}r4EA=F{CssW^kH;WE1BV^{ zR!C*;moHy-ZkAN1);#9}Vug~d_hv=w_qC3yp8x#$GgJBDM@c9Ff&vPaq?gUET=|0OE~|#RFt@Q6{6Zil zAo#LgegJ_e>#)?*`-NHJ><0QK)#lbj4GLadir;`}0AL9yMIU>7#NrIpMDKD0d_bfs zp#o}r``zuKmul9`v*;W}2*yq|7{^D|_GQB%4QAN5*|UM#aYaMNFe5%Gzj~*Q)(+;p zE*j6d5B{9(b>D|-*-$O5{F=-aHCV&#@WM_09S&&dAI&-&zQ({_3|a&|1MV_Z7;2d- zf_jjsSbi|l9G5GxxtiQ-x)uxKtl%>Lk4rx3zk-Qu{VI2Q&A{NoV0a((Lr^8v$W%3J z>Aj+wqEEiwfbupe{;a5v_|<7b$kir!x2ys^fzjhe$}^Cnx9!*#B3Zu=b*(c|;~oF_ zm)4UD59G+@AMbdWxbA~>xiv7*1^4-tkHTw-;sIEIYwTg$eO*^K-XY{^>)7=~&=3fg z3&B$T!`Po~g2rx??sBB?Tf@69L8)M1ts~_f5K?_&yLi%#OwKacuv>un;Lude?4N*W7 z(iBdO(bDyFm4gQl6iUic6Dy@{JFk|#?-+#YNoj}48-peMAp(Co0(Qh+kJ&ZlpRT25 z;-o-u=;CIs>O^3--ppvrtfiz6r}jw@@*6!$be;!e+6eiIPZh;rS5D$^+O!MLArgt z?@z)GPm)=CTQID$g2i};5I#sa1Ds*wL}87&OYU~Umx@o(lkWkQl^u;P z-ZCajIevR4UA)m*&v2>YhFFG#Q8FpTSn?}ZJ0vRlHfKe*GQ%=d%K(y+y}#$fv6goe zb%Cpk{o2Eu%>*y$z1ijS;LISgevcgPZJ8V0!9yP84?bc@rO;2I?bd4TP2rsMnE(&^ zH)~qT6Pxm#`&wV1pO)Pk+78D$Z~j|xNqr94A!fbOjDeAPM}%WV8@k)Vpk%XMhONzq z?daRT@0`kn)KSM;ifM!~qNqSeDgJiEcAAmrEI*fdA%|#{`YTidW_YFj_n}slU3a$8 zKdYC642%0!_LL6eC-%4L^sGHOn+Rvg@NwJo-$n}JU~mmwNaTz{rBzcON)nhDhZ6J2 z`g(nEmllVI(L@-eIJx`+zzPjBF@R~Z3jc%ofPW_Q1SrM?z6dT5Kp@84y8(Iv*1BfU zG4L6JgetxqzAYbknS}vw0jydItCUv5+|4>D-4h#SVMy|SrG)p|?}isZ(<&S8-PpwH z0VyVwr|J;W(fD>y+R#=QKke6?C5iSP7x&^tJOWVU1!zPjAep{?{aTZ!Bd%-#Is&R` z3s#k%b1QZx?nJ58Zwzn{bOH1Tn2rMUW|WLCFamt#wJ6@ZH!u_+p^rXY0u*P2^7hq{ zs7fJ#Kq9D5X1$od5YxR$Ep#4KN4EhQ5l!sO?bDq(zBIXQY0@8jsTf61ZI~0VMhZ}7 zIoq^eCb|1N-%LXz<Re+4> z=~*Gp2i5U3;^*Y-@&iA?(gQA`U!22^3qdmIe$DdkgZyZ`$4uw%y&b?oNPxK-jE1fw z5JJiHbd%VZfHYm$D=}sfF1|2kySAuPNFc<5QVETX6-QsyoQswRhUc82p}UBm1vr>l zFL7`N94ls1z%Jc94j51bP~|Z)(n+tz6?W1I(1dc=HdJKofRpe_#a+0{LTHI(wqyGZ zljJ_|MF!~}cL2cxH%_J~lRb;SmP@BTc~Wx{fUW$66JCf^5j!NZa%lo)7-nHH>dh@c z_JXQHFrNJ55!SJ-0Hm_-nnypZG&75Rnea3(uWWQ0FD37gzmtPE3jkwd5gi6So3GY5 zfwt0_(c{^d2(AzYL;!JW>g&xBKNJ*>^3r$LJ$pH*ySP;ml#YzU_cUO29j{jPOG_PX zd}W}RC<-DAi)&Ki^wObhc>e+LIe6r} z)PTjRBk#c-E=jBBa5gl0_GBX%j})yqn}#<>5!@p?pGp?!E(2YsYs3O5xJMWE9RYGm zWb)4r+HEqFK+-umdBid)8Gs^cnL2xx&0JPRrQ(CE#y2~eJ67Mu+pXtYE^-L{S@jl{ z(-+{Lbjp7Y9XbuW2mnb2aVq5kl%{ig0j6qmQGVPnmN?2-LU=dkTeZ}|f5w1k8a$O>9dPcOf&uKu@C z>?*U&JWGdbGh2yCA*zfwNLn8ivj>lq$!ga+AMWpy`6XoC*S?O+ou7B}t?N zXKQ)&)z!;pH)^I9-y9vJukak4)`fq73qphdF$yzMZxnwCz`0+4I!s5Gg6d5Glr_@+frAIYblw!*`~5|t1&<~A zCd{WBmna2{tU?&jH>VXOU4o222HbVj8#h1SWl5S4H=;zUFqZG2+u(|vAhj%rlR%hx zM|p_SLMn@HKSnTUi)Xf0xhEzJdnb1(3)Kek09}|AAjD4t-i5L9_pU>nJU#s@ zY&#sq@+2g509G0GJ_rB0pxE)(AA9z6ARuPIOeQ2GATStU^u4$KXg8Q*E<4xhNtz*# zEA+D}965;b*R}+xCoyS_;6ixVjNsIXNqv>GHJG*C@8<*SQkuwZk7f@(R{;DwqBGpS z>J6?~C~t~@whZEvH7ABH23n+ncc?cd;RzV{qojS`ze^r~`w?vIj4v*k--NBTus+u; zA}?G-3C$2ii`L;*0QS`dzXUcg6OuaRUj34hco{od>_961@s*NwGA^1 zjirIqP>YCY1Hh?r0wsdwuw~uXuV;fthwcJ%jV>5%=$1Zc4v>=byLayG_EDT}OL z-M?|N%V`Kv@_iqX>XP{Ow0B0xVqU*~9fGiz8oaHr7x*dDJg;J7d;6b1g3bzoP$bn$ z9?nscRaWj9j9G>6uHK(9w(;%!;R zlCW`4vsAS-fpH()Dnp=!AijE~yjp0IeN|KQ75^QMM%Z*At|!4k4h_wE{=92+3cQcS z9|_CNH2?z&(;*F3MS11ZtC}d$oGiF? zB(K*Otp}*8^5q|UYwm#2hs$TFzzLC!CDlway>sfz|0`sJq+|hXavyK2qLAjYN?-|OQOc^G7lw@N2){{km~v09|h*Y;O}45^jOYi zflMZ)Ye@c1%_keM5mw>9QJ8#8$VZMMczas0utBCVPDLF5+JMNU=*<&h)+4OMrq4AoBzte;Ew~ zS&*Zda3Vpg>9ng{G^mr;{NO3zl}62{ohLfdyMW>tRF~V(*nY@22f;17z!MIx@6(#+ zPg`4agC~9tR3mtC=*LU2U~of6f$OL?kBD3f*ixJIW#?zlo@E$agk-?tO!FPrR9 zGMfY&7)ib|!y0gt1kj#+z9FFf1ki}s0e=gmTrq%S4jG+T#4q(M*))&h-IjmeYJ79{ zVuJb3C(Q1nVweZ%V~9FX@Lhcl`;&j%#jD7@TL#IJf^TqJP^*n#zULi+rv?wVM=oCG zg{G#aK4fpfZ6GE=rVM@dtO=xdk)$vL71dAJC0BKHbe8@YLzWgi`76ZMW*{}llI`=- z|NH#kt9RQ4iAg6lLaq>@aXpCjfIv0_;9ihR?JNyXxdzb`@cEu67O-L%WG%o!5I`?& z4*5O(&We5Gum3-xQkNO9F22%~F0)Pq{VLEGE($wZ1u*%4_iO`7f(-uO5sU$BjNhqj z@TmBY)h2bRiF&m0Lz3}mEu@~qUSSoZ5Jw+wWL6FaiUR?Denh{WJ9n;wY~;8x`7-XF zwL^|`EIGIA@9v8CO2AaqSW*c|zc296oe)(-oDq!+4SvBDa{b)}QRh9lXO&m7jWy{F zEv(px6FHHqaz|R*Zzr7uo|4{F77566a6nrCq(&Hco(d zU_>*+hm~!_eQUV|L>G|;r`TN*FN>YsurvZ-6f!Dw3`0pqKPbVOv~ zM_3E{>lVY|TZ=V#y+6qrf&{e@4?sfx5z`VC+0lNq`hi!)rF!cDI7iNt^W&1?aeS&d zA3VU`qlr&0v7i0lZ($w=QLDff6Ygp_d5Y;OqSLd><>I%0`bHY*lPDmRHM% zu&E4w`}jDJ83aT20Hi&XXjFe> zdv@ap}D77y11d;Qv zu>({qz}3c=sTNUKaFme`7xQ?aMID4H1Ij`1$Lkv#rOBeKKT0v{0OP}eKxXx{V)q}7 z(`9t=M!Zife|miX8{y21265z+89r>Rs_x6$)&vtM&)*-+9TE3>WTi@&ALUJm;O|-7=;qHeV{J$OTxNlM ziTZEm3i#f`U2GYiy!Fy7ySmH-|M=VXv&bpZXImPAh5^KheC{7X@)v4*!{QVy|0Sg` zVr%4oZHpAZgTrHq7-f{06S&<7qYYOA4S_-@Irg3E{{GV;yc(M2@v?! z$;FfE!7o0!1TkAeRWPAmReNQk8vkenMuf2=&5VzkE!T)p)hhn<-yX3sdn5^@hyle+NFpn&u~BrbRd?+=X)vtHYZ03=sr2AN!I_ejmWJ$UmmpXjS}`jNi$b$1efl$jJOjbs1N8yA4IwB2%7W}R z&z@nfN}+XinAdY_Ow|X@t}+s>qom@+E=qoNEvK0~bs#^<82L(S0IT0EW{_)We#{0(C*YEzf+kGFw8-uGYx+JAu z{VOrlWjF^3r(K5H-Dc0^)CTb_Y^PP-ukK>Fr~z99&^KLydvrQ=_*U zjO2LiR0%zYEVa5T5#jRq%_Gy|u=;pqvH1hi8ULq1Nzn$0($rUfL-UtP~Q)onUe-&Vq<#Ht2f zm4N4_q%VxMUhFCJu&3I_Ryv)B#DrC!Lf7@Lo_*s4#=3O~VH3#StUZjGjTOiDT?+)eeX|uBtB{X9>YyTX30I7A%Smkt{5zDbF${ zby}~njDQV0Vi^_w&h9R{2U$JHF~WuFYJ* zvkR;=0Z>c@-GM_MBg5B}$%LN~3j9LA=OtMv^=YHjxlk41Rx6+EtE|M-rbz$yb-^r( zCj0sUrwPQQgR{x&Gj?LIgo4AEbPdzAfdzn)>d1$XPk{-UYG}kjo)0o>VuV2H8oH%QSf1OtHh2xsPV80hoUI>I5i?0rKAZqFmfQhdUJ3W z_*z#oV(z_u{Tis*oW#5s-aU{Cskv4l80V#@sM4K)P#xCQbnl(xQd_XQ zbsoBnvC-RT2vl+g5Q+hxRii?2f^Fw;?2cjfshrC&TU#G)HBFX*It=iij{33;_6$ZD zjz%YXGK*(TWDGTcoDeu!b9`dSl_}Fx!TkqK4b$`xx?wEF66x+N51d}iWMOP zPF{mmGB?d*MxNmCE--fw2!U0@-9Y9+{*{m-2Np9Za?k?&p|;?h)*N{09`2QeZ-g^b zF6uQcE%3TZYd0z&Uj-t7Bvv2`B@I+~iMR@8KKp;th(~OC!QiP-n$h)MB zqpAl&VNEBKZUA#*=Qmpi@C~&(_rsszLnX=;@q<>#=UyQ%*+9q9n>OGSJ}7?;AjPMb>j;JLV52Bq!ip&8}1Dc z4V`9{r638%*>wm$U<>Gi>?0l*@*W$TG=xG^vL(_M&a5Eeht17}ggJ#f5FFN!F31{( zg;`=2HE1>RNDc%zBq4{5FrBeIJ^mJ1T>A?UZhDG0ZWvqAUa4@Km|d%N)eDEF+!9kC?H)OX-W|( zgVeM33_0h#?{$6WyRK9I9sei-GtWHFecyZSwbtHypB8=sGKs@Yc80N>SG{adP>2<_ zR#0GIH27w)pZgq?+(7)03buQ94LmkO*0#CVKoFs=q*BTzuqhvy&6uE6=e9 z#o(U?7pps13lAq@SwRYWt4h;y7WGaG;NkWQL=c5~c{J~v`DE3)vX#!9kI&<-U%Qrq zPNUZYBa(6XWC?)21^d*SIX09inSAWId%T3n%8qJX1#?da<+ICt#vJqd7b#8VMn)>= zfJ`H%lKFha=0Iz{71^4odmD8xg=1+qS7nUnYZ}lL5MW&MxoeLio|M?4&q-C~a+qmf#73~>5WcQ?R<0^wK}zQ?%}>Sk4wkJ8X+tMaLDPFm(cmb=AYt+VFyc3e;Y8)TP^x~k%u5b{ihfDxG-7u1*)l) zOUzxfE$+*u7aM}F!MkU)_bZ3v6&=T3C^p@WyisQUD(U)vq?$X*6*c6iB$Y`_RFf(e zQ0!_J7<`Cb8Y+Wml#m|t=i&-b5Aa_#CQamKPe8u*J*{sHCXeZT&Y!3NICLaoEK#-$um-x7zB&=|tG4Ydd6xq$+_& zFLr#Kcc*fjGjdNrve=pwlSINFI2aEsOwX7)?IeDr+@$uw@@wkMc+=m}m-imtm=F+x zXfiO{%sGhY#BJi(XK}#{8l<-HYw|5_I;7QIj|fc0OR^V+b2RFLIMLOE5V#~+28q=( zdtng)FiXIkUxCTOsnT6yWBPkr4>a4}N|G);n?i1IF0>%W zXI4+&>Z+dI<_=ZZU&bxq6)0?0#t{m7*zA6NE}L&6dSCMM(}Tmru-1AtQI$;Ttx^q( z)scB)DmVr3B!k|ed9&aU!>^%vaeHM8x-mokW&|D^=$*Y>tq<85E%?CSqn(+X&D8 zzwd@XTd9s(3tpqLKEsBV8e#x(9~yp(Q(#!wxl{BNW{yHBOD0F<304uZDnhL0<>ANI zm<^*@{o;xW5I@|3*ZXzk#Oj$7oA*JlLYv=MgmGvhuLrDN(XT^*_mop#1+j<)#zR{h z@T!boX)Orl+v z3Nb@Pry%IlhTBx3#8xUe*=-D9D9#HzW%jVD%DQ;sq7=hn$hDrBQi$+xWit1pH6G_m z_S4l4W59B@ z#ZO6BI#m4g3Wp$OUcrPH6#7@ZY_NV5Wez^Fd!^trssZ>O@?o~6MhCpQ@?xgo(>}rd zRoRf(T%)S``80yGa=EMT+?ItVk?-)aL#L;jfg+nTIec3?N-=q$Wjv+XRNpYurfWDc zH9ui=qEBVKvtS|yYdHPb^Z8KsS6~?+v*j|sJ2}TTy&$J~cwD@`|7)bD7XZg<6>sZ6 zFB6Y3#Kl(c;6$`{rOX^eBB&Wq4g51ImD~`?TU2*@+=Yidj9vOVER$dPKfd$_liOYU8XJvMlKXC)qw{It6$mb4H3lBcBt%e(<e4XGQbh zu-xq5*|R5-vlfmSa|h6s6j`tXO4h71RzdcH@(34Qer&$5^|Zd4n%d(l`W6ex4(RvQ zH6;(_HT36jruUKjap(0~U{+2;IRIvQv5pz16=qbG@jH{Ho*XfB#r#DomY`4p5xIPOL^h=u>xM zhu)vq3{1I}l{4DI!N4&0z2j(Yznfd^Wt?n44_osJV;{^D()?_QUo8t4$ayeE(*-H- z=_>+GOtu6@oLt38>hBKR$nfggM;L0`>1SOBEfuKgE|4r!8j@(@Thgdg^G6bpF#5Bx z00zrhLPY~Di<@y=nx}QPOpfyzayt(A)= z5FaF2IQ|F(W_XTshE6pnZ7c1bN(=latV(Pi1;d{f?nGz;c>8-t08$eJFW za%*(9FXYNloO?ZR?0z4YWbckj|=Th^(m;Vy}Ml9L8AVH)6JfWsGQn_QBRGXJJC8- z&b>Q_O@j~^avshVJ*}H0DZ3+GQY>1%hm6vSg!7AE;&xB50FAr`oy&knctYf38C+yDJprl_q`IT zOM9nOYVq7CN{herD-V5k>b)jE1*oo2t_y|ic$!4z*w=m}c$8F89Aj}Eeb72v<4wC0U*dDO^5~xKti6`9GaDi-$+I$T_B8P zzHv^m9NbOpfKB{j*98!gu#u4H``4ZzK`hmkzYTKCNZkt6O_2p(`rBSieDaz3PSSb|^>pga*urVgRK zi*^qjGOnCGd!qTaz%ekIERI^;Q*j;$63k8MFrSx_dfP{#%yq4quvcNnE&;EYN3_Vc z87CpWQt1YWA4+0aRj@DkwL3dKJPv4%lMj~o3>^P=<7y|i`=Dv1U%&TckvP3Ac~82- z<*2#>>sTKKG0X`O%N+s$qKlJnmrM_M%m`o*9#?F&3 z7A#?3Z?Q=WlDE(Igb&q4Nf4M02dEB(%FMFH=@pLYZpSPKlTR-``G|H#x@zE7R#;_FOyU9qt1 zzGY#5g%Z4)?)9&U;t&zrK?4an4Pt= z7A_vow&(?YZ~tZRO<&z?RuxGG=#PLfGiYa$ z%$2(Y+yMZtDP852@7*XH$G4P~9U@`*hm$vjp?vnBOE)kbptSAh08SW-<@x2J6z$OV zNRBqp+I~EE5)q5Cq;-_~vgkoQ@a*?j_|()-Mj;RzUMoAlv{wc3bHVvQi%Yz7X4`%) zhBx@vv3pKp{zFlz8s90*m5fW#DuST%vhRK|QVxkwj+x9OlKZ(dA_V?y)Sc}(KlC$v z9G{?f)))8`INCS;Wb>RW8Lna%P7`jhJ3;Z-xkPPv^j(E&YI=IQc}6x069$8qC#|Lt zLsd}CgWx_=_eGmsoDYLl50BTUwL61bx2lM&kYr)rfW!T~gH6Zhz-_~h&x4UCpdVfY zCVD)7Z)NIZ*ngvCOhdOj($d~dJ3;g-ZCl3Z)9h@E4(Wip(+t5&Dx z6|lc6MnU7Legz7NY^8eB?0}oJx#d*&DSCWoS$JNjG;3GgD6I{U%KH*qC7TDk@rzotWwfN zyKV}sLKGCi@B-ZIy!ib^@>5X0s8Tm@5xV`S^UkgzcDcG=7o($$4dcM=qN~xa9Z*~Aap>h$i`CE3tl*HhKd5!W5w73}T+_b9J zUwZ3$nw4Bh$|-P7Yj#sgi^%=mF8AO{q+Hw5vQZnfeHDyvMZJ0qoQe|?N$Qs}Av^Ur&hs0(+= z$u}6>a(Z^Dd76ik3an}|^^)CcFDO&kT& z74OzmR38%;SNr&a%NENlF}HhZUs|l6=3^oS+yl*u>4m(q*4Ya9JTKmz@N67K(yes% z&){+~gcGu$B3|c>mOqBYmp`0#vP^7>oa*xLim(1Ps?2pDF&Zb!f|`iRq33tKsvAod zT|h}4oVc4?%8-A+9f`xkrgB^%1SpTtAQqcjiw6}FdG=(ths&)r%$M(}7{`VVxH^Qh zPb+84VLA3cegH*YsfK)|6K_vXZvdCXYtgqUTPRd+^M%WRY<;Q82W~^SzyK`0u&_i5 zhQO68n9^_}S1`VY0UnSGh-I0nMshV?t)j4F=EQP*t! zLrE{SN`kF0;aoH`8%cwoGY$v}Q%7yP^n0I~IADRWLikIZeShxZHTOItW&ouU+?Wre z+zjLpsQ3U-qq$5Y2!J_lwKPA8iwx3F7BZv)uF_*RF{`p+n#(I)X2#P zJ4X@;)vSf3nRlW`Ib`*xn9FjNsl0hyjd+;tNAKX%P@(`X8F{~bSMfq8EAv~`)^-M> zaEOvqM`IGQ1a4LtoR46VC_H0S2v#Rpyd8vnDh-`eyCYc!{Ky}nONbe7ZCDSo(XnD` zWEoYi@giYX^5!3{pQ1_xy(%RR0PR2_ z_ysjGWY_{-0LJ%;yEjg4z@1dl-RssyXCXEuA2Qm?q3uzKRKq!ZYWg$M}x?C5Xhz-dyMD{b6jNZu3R`hTkLBF&z+s-f8qpGM+zt_ zG^xV27^Qj2u#6OyK7oipgW^E;(!?B@Hi#NH-b&@;E)d(Y&fY27ho+&~)@`Jy3Y0FR zqKc?U2%8XdhH+lbNpJ;yU*G0iuwMN2*FCoiGS|T(x@4gxD;E4` z$2?q?d_93lq+M&rT?Bcch)O9s2xOP8L$3sHVGDt*V})lCDIy~#leUix4JO!u0bbR$ z0F~UQp=Wq~tzEyMQuR)u*E7&{vzIE}iYzQ-q-Ed>TrX-~j{G(QXFnC5+ULHTzEh+5 z<2=*qJaZH1rBr-1y)F!_G~%X zn4T?$n6rBO{rmURN1c2aHC|;mawc=?-$$mR)kT8Ikt6%g+2uO^JLm>Vd-;6s&97I= zKVNo&jS1TtSOXrcx-KV?sOlwCT*gmdy-yVB!kTew?;F&bsp$Sa(4k|du>Z}WC<+gF za_(K(LY-4&c%wj^mxs=m0xY|dKQ0WiBBumxJq2g6h{#X>IUPZo`0zc#ctIgIOp08o zoKaX0m+WL}W41`}3RAs+;%uQDPR-zhzG#j49myE;g*mse_{+F8w-nQGXR z^3->Z*3@9Q=9RU(Ahk1*Al&epGQfUbE^xD|w8Bsw%mmDlmSx85O@Ux0H!3e&N^j4R zB7Iutmo;m2L5m7pmS8a1=AlfYr-Vg%q@YS_1=lqEBN;^lpb$t|B_SROVqWI7x>oRe zvmUW_sOcR&?-)5MrfcU;R8nH~s>H!B#iG?8RC>H~VTMK39F+qw?8Fi(?Ncpl#uch- zOrizs&~3cF82eaSUHDR8Hujmk)iHPQbl2T_7QFkZ!Ul`*IHe-t#8xz#S-U z^HZ#=ol2q==`pMO~DAWJaOQ5%FD*l^Xt!!hD;U{XfTWB}kdZy+Y76a@Yz|9)^d z8A>bE=|n=t<~pghU6c-CK${SzsY z=uoR&1M*GkPJmILOG`=*twjwH!Y@)&EI&O`5Q~oBC&|7@V*_zqS4G<)E@j%+SvQsd zE@j~6c#RL%imnT?N~;q~a@+M`E*PDcFe?j0JA+twM0rYX<%i%1w63zCmU18hUkO`F z)!$b4MJA~9<@e&g$G!PzmO!;~x;S@?6pZxE>Tv;km{X9n>Q~l*HBLb;UdPl3iqp@oVifORWRyB=RZb?Ua?ShzKI(5;67Bs7LL&des?A_ET*x|Cl(XqE_KUcLFTnV7 z`_y~?Y6dp-Y~FR~E~>uL`x7DPO&2&CxKS74Ples}jX=)XxNz4!VR? zLG4VpZ^E$b>twejdN`*3^jcDQ;oCS+C_{4)ktM7>ltr@ztFR9TJDW7Y`|9CTBdSVH zZZGP450H)yYy-iJyb>6eO;!zPB2*@}w`Mbx1WMh2PLH=AR2g>A{mI=W0Ddh)j&q|IS7f`{1G3n)sc8X8b1 zaTCPBym$zTD%XgUDhw>4g%2$&@9adMR}o9qMO}+9{wf3x)SbHB^S#cTIb$Be+mt^s zl0}OWGtrh5(*QqZCFfYC6=t7e%wzS_IjTvMy_2Jp)Z~)cStRc8`mcS_dd3E^=Vr`V zg^HMle5~?dt&0_qGlb1#uMi>{Kf8OWl67EofzRL@AP_ClRM8php(xs`)dHB zKGW_71pWAy$jytaWh`u)mlX7O~w9f|P%oUncZ6Udm`LQ)5L|SIKnnn4| z>N16vBysyJHT9oY=zBasg==skh6~Ycr84FaQ%_cE?${+15Z1qS9UmV@t&ZRHPhKOP zasHm?ru}0utxk16hHH&iL`^1Ly7a?%RNO>Bqb*%CH7JkOO z|F!NzL(w+Oo1!Wsb{1@CnaB#1>mBK6T7rx%Rr@rFL9MBM=HBLLsWd7-sdKfx}f+$O+lu@~ zKCeF4BaPT4@Imo#c$!CuL_8VNdGzU6AB)#Vlf*8c=L=<@!}9+#L4Vz7Z~mX1NtK3X z64jHiwlE5I%y_wFAfO|alwsFT$?D$=Z*IhP-0S9+8$f|%25-^FC6Q4R2SMq&@3x80 znlq=iW0{}9F0+=2BZ6x@T|*X3vU^WGj?(vNTlJ}M>MQ&ua2`*6`F}k7@V|O+!uR=q z_%__JLn)I5URz^P4|-(r!igA##a_1Gjz>2qYYN}{NjTAg^oL3AWBl1B`Tzg%fA1#f z&zZKP?2&2HS!3KLewRfa!KYaGT0h0u9Gynhq diff --git a/docs/source/normalization.rst b/docs/source/normalization.rst index 645c396bd..7f1f5b2ac 100644 --- a/docs/source/normalization.rst +++ b/docs/source/normalization.rst @@ -58,7 +58,8 @@ Supported normalization configure syntax: "condition": { "path": ["path", "to", "other", "key"], "is|is_not|in|not_in|contains|not_contains": "string or a list" - } + }, + "send_to_artifacts": true|false } ] } @@ -89,6 +90,8 @@ Supported normalization configure syntax: Use all lowercases string a list of strings in the conditional field. The value from the record will be converted to all lowercases. +* ``send_to_artifacts``: A boolean flag indicates should normalized information sent to ``artifacts`` table. This field is optional and it is default to ``true``. It thinks all normalized information are artifacts unless set this flag to ``false`` explicitly. + Below are some example configurations for normalization v2. * Normalize all ip addresses (``ip_address``) and user identities (``user_identity``) for ``cloudwatch:events`` logs @@ -124,7 +127,8 @@ Below are some example configurations for normalization v2. "user_identity": [ { "path": ["detail", "userIdentity", "type"], - "function": "User identity type" + "function": "User identity type", + "send_to_artifacts": false }, { "path": ["detail", "userIdentity", "arn"], @@ -244,74 +248,75 @@ Deployment ... } -* Enable Artifact Extractor feature in ``conf/lambda.json`` +* Enable Artifact Extractor feature in ``conf/global.json`` .. code-block:: - "artifact_extractor_config": { - "concurrency_limit": 10, - "enabled": true, + "infrastructure": { + "artifact_extractor": { + "enabled": true, + "firehose_buffer_size": 128, + "firehose_buffer_interval": 900 + }, + "firehose": { + "use_prefix": true, + "buffer_interval": 60, + "buffer_size": 128, + "enabled": true, + "enabled_logs": { + "cloudwatch": {}, + "osquery": {} + } + } ... - }, + } -* Use StreamAlert cli to deploy Artifact Extractor Lambda function and new resources +* Artifact Extractor feature will add few more resources by running ``build`` CLI - The deployment will add following resources. + It will add following resources. - * A new Lambda function * A new Glue catalog table ``artifacts`` for Historical Search via Athena * A new Firehose to deliver artifacts to S3 bucket - * Update existing Firehose delivery streams to allow to invoke Artifact Extractor Lambda if it is enabled on the Firehose delivery streams - * New permissions, metrics and alarms. - - .. code-block:: bash - - python manage.py deploy --function artifact_extractor - -* Add other permissions to allow the Firehose delivery streams which have normalization configured to invoke Artifact Extractor lambda. - - We can just run a ``build`` to apply all the changes. + * New permissions .. code-block:: bash - python manage.py build + python manage.py build --target artifact_extractor - Or we can targeted apply the changes if we know which Firehose delivery streams having normalization configured. By default +* Then we can deploy ``classifier`` to enable Artifact Extractor feature. .. code-block:: bash - python manage.py build --target kinesis_firehose_cloudwatch_events kinesis_firehose_osquery_differential kinesis_firehose_setup - -* If the normalization configuration has changed in ``conf/schemas/*.json``, make sure to deploy the classifier Lambda function as well + python manage.py deploy --function classifier - .. code-block:: bash + .. note:: - python manage.py deploy --function classifier + If the normalization configuration has changed in ``conf/schemas/*.json``, make sure to deploy the classifier Lambda function to take effect. Custom Metrics ============== -Artifact Exactor comes with three custom metrics. +Add additional three custom metrics to Classifier for artifacts statistics. -#. ``ArtifactExtractor-ExtractedArtifacts``: Log the number of artifacts extracted from the records -#. ``ArtifactExtractor-FirehoseFailedRecords``: Log the number of records (artifacts) failed sent to Firehose -#. ``ArtifactExtractor-FirehoseRecordsSent``: Log the number of records (artifacts) sent to Firehose +#. ``ExtractedArtifacts``: Log the number of artifacts extracted from the records +#. ``FirehoseFailedArtifats``: Log the number of records (artifacts) failed sent to Firehose +#. ``FirehoseArtifactsSent``: Log the number of records (artifacts) sent to Firehose -By default, the custom metrics is disabled. Enable custom metrics and follow by a ``build`` to create new ``aws_cloudwatch_log_metric_filter`` resources. +By default, the custom metrics should be enabled in the Classifier, for example in ``conf/clusters/prod.json`` .. code-block:: - # conf/lambda.json - "artifact_extractor_config": { - "concurrency_limit": 10, - "enabled": true, - "enable_custom_metrics": true, - ... - } + { + "id": "prod", + "classifier_config": { + "enable_custom_metrics": true, + ... + } + } .. code-block:: - python manage.py build --target "metric_filters_ArtifactExtractor_*" + python manage.py build --target "metric_filters_*" Artifacts