From 51c48e4ad0573a6360d30d6e833a0d721575543c Mon Sep 17 00:00:00 2001 From: jagilber Date: Wed, 20 Aug 2025 09:00:56 -0400 Subject: [PATCH 1/3] kusto function export update --- .../base/ExtendTableRetentionByDays.csl | 12 + .../base/ExtendTableRetentionToDate.csl | 11 + .../sflogs/base/GetTableRetentionCommand.csl | 8 + .../errors/TraceFalsePositiveTabular.csl | 2 + .../sflogs/errors/TraceKnownIssue.csl | 3 +- .../sflogs/hosting/TraceHostProcessesNew.csl | 395 ++++++++++++++++++ .../TraceReconfigurationPLB.csl | 8 +- 7 files changed, 434 insertions(+), 5 deletions(-) create mode 100644 kusto/functions/sflogs/base/ExtendTableRetentionByDays.csl create mode 100644 kusto/functions/sflogs/base/ExtendTableRetentionToDate.csl create mode 100644 kusto/functions/sflogs/base/GetTableRetentionCommand.csl create mode 100644 kusto/functions/sflogs/hosting/TraceHostProcessesNew.csl diff --git a/kusto/functions/sflogs/base/ExtendTableRetentionByDays.csl b/kusto/functions/sflogs/base/ExtendTableRetentionByDays.csl new file mode 100644 index 00000000..47500c32 --- /dev/null +++ b/kusto/functions/sflogs/base/ExtendTableRetentionByDays.csl @@ -0,0 +1,12 @@ +.create-or-alter function with (docstring = "[tableName:string] - Name of the table to modify retention for, [daysToExtend:int] - Number of days to extend retention from current date. Usage: sflogs.base.ExtendTableRetentionByDays('MyTable', 30)", folder = "sflogs/base") + ExtendTableRetentionByDays(tableName:string, daysToExtend:int) { + let currentTime = now(); + let retentionDate = currentTime + (daysToExtend * 1d); + // Generate the management command + print strcat( + ".alter table ['", tableName, "'] policy retention ", + "```{\"SoftDeletePeriod\": \"", + format_timespan(retentionDate - currentTime, "d.hh:mm:ss"), + "\", \"Recoverability\": \"Enabled\"}```" + ) +} diff --git a/kusto/functions/sflogs/base/ExtendTableRetentionToDate.csl b/kusto/functions/sflogs/base/ExtendTableRetentionToDate.csl new file mode 100644 index 00000000..188b4a32 --- /dev/null +++ b/kusto/functions/sflogs/base/ExtendTableRetentionToDate.csl @@ -0,0 +1,11 @@ +.create-or-alter function with (docstring = "[tableName:string] - Name of the table to modify retention for, [extensionDate:datetime] - Specific date until which to retain data. Usage: sflogs.base.ExtendTableRetentionToDate('MyTable', datetime('2025-12-31'))", folder = "sflogs/base") + ExtendTableRetentionToDate(tableName:string, extensionDate:datetime) { + let currentTime = now(); + // Generate the management command + print strcat( + ".alter table ['", tableName, "'] policy retention ", + "```{\"SoftDeletePeriod\": \"", + format_timespan(extensionDate - currentTime, "d.hh:mm:ss"), + "\", \"Recoverability\": \"Enabled\"}```" + ) +} diff --git a/kusto/functions/sflogs/base/GetTableRetentionCommand.csl b/kusto/functions/sflogs/base/GetTableRetentionCommand.csl new file mode 100644 index 00000000..3811bf64 --- /dev/null +++ b/kusto/functions/sflogs/base/GetTableRetentionCommand.csl @@ -0,0 +1,8 @@ +.create-or-alter function with (docstring = "[tableName:string] - Name of the table to query retention policy for. Returns JSON with key retention fields. Usage: sflogs.base.GetTableRetentionCommand('MyTable')", folder = "sflogs/base") + GetTableRetentionCommand(tableName:string) { + // Generate KQL query that returns JSON with essential retention info + print KQLQuery = strcat( + ".show table ['", tableName, "'] details | project MinExtentsCreationTime, RetentionPolicy;\n" + ), + Note = "Copy and run the KQLQuery to get response with Creation and Expiration Days. Use ExtendTableRetentionToDate or ExtendTableRetentionByDays to modify" +} diff --git a/kusto/functions/sflogs/errors/TraceFalsePositiveTabular.csl b/kusto/functions/sflogs/errors/TraceFalsePositiveTabular.csl index ebc4999d..6ec8edb2 100644 --- a/kusto/functions/sflogs/errors/TraceFalsePositiveTabular.csl +++ b/kusto/functions/sflogs/errors/TraceFalsePositiveTabular.csl @@ -107,6 +107,7 @@ // add false positive signatures here using one of the provided functions in format issue description, string pattern, string pattern // use *Matches (regex) only when needed as it is remarkably slower | invoke TextContains("normal ctrl-c process exit", "terminated with exit code 3221225786") + | invoke TextContains("error should be ignored", "ignoring error") | invoke TypeAndTextIMatches("normal application / process exit by service fabric abort", "Hosting", "exitcode\\s?=?\\s?7148") | invoke TypeAndTextIMatches("normal application / process exit by service fabric deactivate", "Hosting", "ExitCode\\s?=?\\s?7147") | invoke TextContains("normal connection close", "FABRIC_E_CONNECTION_CLOSED_BY_REMOTE_END") @@ -139,4 +140,5 @@ | invoke TypeAndTextContains("only issue if using docker.","Hosting.DockerProcessManager","StopDockerNtService: ShutdownDockerService() returned with ErrorCode=FABRIC_E_SERVICE_DOES_NOT_EXIST.") | invoke TypeAndTextContains("only issue if using docker.","Hosting.ContainerHelper","Container Log Root not found at:") | invoke TypeAndTextContains("only issue if using docker.","Hosting.ContainerActivator","OnContainerServiceStarted: ErrorCode=FABRIC_E_SERVICE_DOES_NOT_EXIST") + | invoke TypeAndTextContains("common warning that usually is noise","ASYNC_REQUEST","An Async request was failed") } diff --git a/kusto/functions/sflogs/errors/TraceKnownIssue.csl b/kusto/functions/sflogs/errors/TraceKnownIssue.csl index 76664d77..9f0236cc 100644 --- a/kusto/functions/sflogs/errors/TraceKnownIssue.csl +++ b/kusto/functions/sflogs/errors/TraceKnownIssue.csl @@ -243,5 +243,6 @@ TypeContains(T, "possible FM deadlock issue. queue full.","FM.QueueFull_Failure"), TypeAndTextContains(T, "customer application code issue.", "Api.Finish", "Error = 2148734227"), TypeAndTextContains(T, "certificate revoked", "Transport.SecurityContext", "FABRIC_E_CONNECTION_DENIED: 0x80092010"), - TypeAndTextContains(T, "possible issue if file:StartStopNode.txt is present on node. file will cause node to be in a Status == Down and HealthState == Error", "TestabilityComponent.NodeTestabilitySubsystem", "Killing node on command RestartNode") + TypeAndTextContains(T, "possible issue if file:StartStopNode.txt is present on node. file will cause node to be in a Status == Down and HealthState == Error", "TestabilityComponent.NodeTestabilitySubsystem", "Killing node on command RestartNode"), + TypeAndTextContains(T, "client application initiated an abort", "Transport.Connection", "0x80072745") } diff --git a/kusto/functions/sflogs/hosting/TraceHostProcessesNew.csl b/kusto/functions/sflogs/hosting/TraceHostProcessesNew.csl new file mode 100644 index 00000000..9abd926c --- /dev/null +++ b/kusto/functions/sflogs/hosting/TraceHostProcessesNew.csl @@ -0,0 +1,395 @@ +.create-or-alter function with (docstring = "[T:string] where T=table name. function to search service fabric sflogs for host and guest process id's and names", folder = "sflogs/hosting") + TraceHostProcessesNew(T:string) { + let minTimestamp = toscalar(table(T) | top 1 by Timestamp asc | project Timestamp); + let maxTimestamp = toscalar(table(T) | top 1 by Timestamp desc | project Timestamp); + let allPids = materialize( + table(T) + | where isnotempty(PID) and PID != "0" + | extend userProcess = toint(PID) + | where isnotempty(userProcess) and userProcess > 0 + | summarize + minTime=min(Timestamp), + maxTime=max(Timestamp), + logCount=count(), + sampleTypes=take_any(Type, 3), + sampleText=take_any(Text, 1) + by userProcess, NodeName + | order by userProcess + ); + let processPatterns = materialize( + table(T) + | where isnotempty(PID) and PID != "0" + | extend userProcess = toint(PID) + | where userProcess > 0 + | summarize + logCount=count(), + sampleText=take_any(Text, 2) + by Type + | where logCount > 10 + | order by logCount desc + ); + let fabricHostStart = materialize( + table(T) + | where Type startswith 'Hosting.Hosted' + or Type startswith 'Hosting.CertificateAclingManager' + or Type startswith 'Hosting.FabricActivator' + or Type startswith 'Hosting.ActivationManager' + or Type contains 'FabricHost' + | extend userProcess = toint(PID) + | where userProcess > 0 + | extend processName = case( + Type contains 'FabricActivator', + 'FabricActivator', + Type contains 'ActivationManager', + 'FabricActivationManager', + 'FabricHost' + ) + | summarize Timestamp=min(Timestamp) by userProcess, processName, NodeName + | project startTimestamp=Timestamp, userProcess, processName, NodeName, Timestamp); + let fabricHostEnd = materialize( + table(T) + | where Type startswith 'Hosting.Hosted' + or Type startswith 'Hosting.CertificateAclingManager' + or Type startswith 'Hosting.FabricActivator' + or Type startswith 'Hosting.ActivationManager' + or Type contains 'FabricHost' + or Type contains 'ProcessExit' + or Type contains 'ProcessTerminated' + | extend userProcess = toint(PID) + | where userProcess > 0 + | extend processName = case( + Type contains 'FabricActivator', + 'FabricActivator', + Type contains 'ActivationManager', + 'FabricActivationManager', + 'FabricHost' + ) + | summarize Timestamp=max(Timestamp) by userProcess, processName, NodeName + | project endTimestamp=Timestamp, userProcess, NodeName, Timestamp); + let fabricServiceStart = materialize( + table(T) + | where Type startswith 'Hosting.HostedServiceActivated' + or (Type startswith 'Hosting' and Text has 'activated successfully with ProcessId') + or (Type startswith 'Hosting' and Text has 'ProcessId') + or Type startswith 'Hosting.ApplicationServiceActivated' + | extend userProcess = toint( + coalesce( + extract(@".+ProcessId[:\s=]+(\d+)", 1, Text), + extract(@".+process[:\s]+id[:\s=]+(\d+)", 1, Text), + extract(@".+pid[:\s=]+(\d+)", 1, Text) +) + ) + | where userProcess > 0 + | extend processName = coalesce( + extract(@".+_(.+?) activated successfully", 1, Text), + extract(@".+ExeName[:\s=]+([^,\s]+)", 1, Text), + extract(@".+ProcessName[:\s=]+([^,\s]+)", 1, Text), + extract(@".+ServiceName[:\s=]+([^,\s]+)", 1, Text) + ) + | where isnotempty(processName) + | project startTimestamp=Timestamp, userProcess, processName, NodeName, Timestamp); + let fabricServiceEnd = materialize( + table(T) + | where Type startswith 'Hosting.ApplicationService' + or Type startswith 'Hosting.HostedServiceDeactivated' + or (Type startswith 'Hosting' and Text has 'process id') + or Type contains 'ProcessExit' + or Type contains 'ProcessTerminated' + or Type contains 'ServiceDeactivated' + | extend userProcess = toint( + coalesce( + extract(@".+process[:\s]+id[:\s=]+(\d+)", 1, Text), + extract(@".+ProcessId[:\s=]+(\d+)", 1, Text), + extract(@".+pid[:\s=]+(\d+)", 1, Text) +) + ) + | where userProcess > 0 + | summarize endTimestamp=max(Timestamp) by userProcess, NodeName, Timestamp + | project endTimestamp, userProcess, NodeName, Timestamp); + let userStart = materialize( + table(T) + | where Type startswith 'Hosting.ApplicationService' + or Type startswith 'Hosting.ProcessActivated' + or (Type startswith 'Hosting' and Text has 'was activated with process id') + or (Type startswith 'Hosting' and Text has 'ProcessId' and Text has 'ExeName') + or Type contains 'ServiceActivated' + or Type contains 'ProcessStart' + | extend userProcess = toint( + coalesce( + extract(@".+process[:\s]+id[:\s=]+(\d+)", 1, Text), + extract(@".+ProcessId[:\s=]+(\d+)", 1, Text), + extract(@".+pid[:\s=]+(\d+)", 1, Text) +) + ) + | where userProcess > 0 + | extend processName = coalesce( + extract(@"ExeName[:\s=]+([^,\s]+)", 1, Text), + extract(@"ProcessName[:\s=]+([^,\s]+)", 1, Text), + extract(@"ServiceName[:\s=]+([^,\s]+)", 1, Text), + extract(@"ApplicationName[:\s=]+([^,\s]+)", 1, Text), + extract(@".+\\([^\\]+?)\.exe", 1, Text) + ) + | where isnotempty(processName) + | project startTimestamp=Timestamp, userProcess, processName, NodeName, Timestamp); + let userEnd = materialize( + table(T) + | where Type contains "Hosting._ApplicationsOps_ProcessExitedOperational" + or Type == 'Lease.ProcessCleanup' + or Type == 'Lease.CleanupApplication' + or Type contains 'ProcessExit' + or Type contains 'ProcessTerminated' + or Type contains 'ServiceDeactivated' + or Type contains 'ApplicationTerminated' + or (Type startswith 'Hosting' and Text has 'process') + or Text has 'exit code' + or Text has 'terminated' + | extend userProcess = toint( + coalesce( + extract(@"ProcessId[:\s=]+(\d+)", 1, Text), + extract(@"PID[:\s=]+(\d+)", 1, Text), + extract(@"process[:\s]+id[:\s=]+(\d+)", 1, Text), + extract(@"pid[:\s=]+(\d+)", 1, Text), + extract(@".+CtrlCSender.+?(\d+?)\.", 1, Text) +) + ) + | where userProcess > 0 + | extend processName = coalesce( + extract(@"ExeName[:\s=]+([^,\s]+)", 1, Text), + extract(@"ProcessName[:\s=]+([^,\s]+)", 1, Text), + extract(@"ServiceName[:\s=]+([^,\s]+)", 1, Text), + extract(@"ApplicationName[:\s=]+([^,\s]+)", 1, Text) + ) + | summarize endTimestamp=max(Timestamp), processNames=make_set(processName) by userProcess, NodeName, Timestamp + | extend processName = tostring(processNames[0]) + | project endTimestamp, userProcess, processName, NodeName, Timestamp); + let userStartJoin = materialize ( + userStart + | join kind=leftouter ( + userEnd + | extend joinKey = strcat(userProcess, "|", NodeName) + ) + on $left.userProcess == $right.userProcess, $left.NodeName == $right.NodeName + | where isempty(endTimestamp) or (endTimestamp >= startTimestamp and endTimestamp <= startTimestamp + 1d) + | project + Timestamp=startTimestamp, + startTimestamp, + endTimestamp, + userProcess, + processName, + NodeName); + let userEndJoin = materialize ( + userEnd + | join kind=leftouter ( + userStart + | extend joinKey = strcat(userProcess, "|", NodeName) + ) + on $left.userProcess == $right.userProcess, $left.NodeName == $right.NodeName + | where isempty(startTimestamp) or (startTimestamp <= endTimestamp and startTimestamp >= endTimestamp - 1d) + | project + Timestamp=endTimestamp, + startTimestamp, + endTimestamp, + userProcess, + processName=coalesce(processName, processName1), + NodeName); + let fabricHostStartJoin = materialize ( + fabricHostStart + | join kind=leftouter ( + fabricHostEnd + | extend joinKey = strcat(userProcess, "|", NodeName) + ) + on $left.userProcess == $right.userProcess, $left.NodeName == $right.NodeName + | where isempty(endTimestamp) or (endTimestamp >= startTimestamp and endTimestamp <= startTimestamp + 1d) + | project + Timestamp=startTimestamp, + startTimestamp, + endTimestamp, + userProcess, + processName, + NodeName); + let fabricHostEndJoin = materialize ( + fabricHostEnd + | join kind=leftouter ( + fabricHostStart + | extend joinKey = strcat(userProcess, "|", NodeName) + ) + on $left.userProcess == $right.userProcess, $left.NodeName == $right.NodeName + | where isempty(startTimestamp) or (startTimestamp <= endTimestamp and startTimestamp >= endTimestamp - 1d) + | project + Timestamp=endTimestamp, + startTimestamp, + endTimestamp, + userProcess, + processName, + NodeName); + let fabricServiceStartJoin = materialize ( + fabricServiceStart + | join kind=leftouter ( + fabricServiceEnd + | extend joinKey = strcat(userProcess, "|", NodeName) + ) + on $left.userProcess == $right.userProcess, $left.NodeName == $right.NodeName + | where isempty(endTimestamp) or (endTimestamp >= startTimestamp and endTimestamp <= startTimestamp + 1d) + | project + Timestamp=startTimestamp, + startTimestamp, + endTimestamp, + userProcess, + processName, + NodeName); + let fabricServiceEndJoin = materialize ( + fabricServiceEnd + | join kind=leftouter ( + fabricServiceStart + | extend joinKey = strcat(userProcess, "|", NodeName) + ) + on $left.userProcess == $right.userProcess, $left.NodeName == $right.NodeName + | where isempty(startTimestamp) or (startTimestamp <= endTimestamp and startTimestamp >= endTimestamp - 1d) + | project + Timestamp=endTimestamp, + startTimestamp, + endTimestamp, + userProcess, + processName, + NodeName); + union + fabricHostStartJoin, + fabricHostEndJoin, + fabricServiceStartJoin, + fabricServiceEndJoin, + userStartJoin, + userEndJoin + | where isnotempty(processName) + | extend processName = trim(@"[^\w\.]", processName) + | extend processName = case( + processName endswith ".exe", + substring(processName, 0, strlen(processName) - 4), + processName + ) + | union ( + table(T) + | where isnotempty(PID) and PID != "0" + | extend userProcess = toint(PID) + | where userProcess > 0 + | extend processHint = case( + userProcess == 4, + "System", + Type contains "FabricHost", + "FabricHost", + Type contains "BackupRestore", + "BackupRestoreService", + Type contains "Fabric", + "FabricService", + Type contains "DCA", + "DiagnosticsCollectorAgent", + Type contains "FileStoreService", + "FileStoreService", + Type contains "EventStore", + "EventStoreService", + Type contains "RepairManager", + "RepairManagerService", + Type contains "CentralSecretService", + "CentralSecretService", + Type contains "System", + "SystemService", + Text has ".exe", + extract(@"([^\\]+?)\.exe", 1, Text), + "UnknownProcess" + ) + | where processHint != "UnknownProcess" + | summarize startTimestamp=min(Timestamp), endTimestamp=max(Timestamp) by userProcess, NodeName, processHint + | project + Timestamp=startTimestamp, + startTimestamp, + endTimestamp, + userProcess, + processName=processHint, + NodeName + | join kind=leftanti ( + union + fabricHostStartJoin, + fabricHostEndJoin, + fabricServiceStartJoin, + fabricServiceEndJoin, + userStartJoin, + userEndJoin + | where isnotempty(processName) + ) + on userProcess, NodeName + ) + | project-away Timestamp + | sort by userProcess, NodeName, startTimestamp + | extend + prevEndTime = prev(endTimestamp, 1), + prevPid = prev(userProcess, 1), + prevNode = prev(NodeName, 1) + | extend isNewInstance = case( + userProcess != prevPid or NodeName != prevNode, + true, + isempty(prevEndTime) or isempty(startTimestamp), + true, + startTimestamp > prevEndTime + 5m, + true, + false + ) + | extend processInstanceId = row_cumsum(case(isNewInstance, 1, 0)) + | summarize + startTime=min(startTimestamp), + endTime=max(endTimestamp), + processNames=make_set(processName), + logSources=make_set(case(isnotempty(startTimestamp), "start", "end")), + recordCount=count() + by userProcess, NodeName, processInstanceId + | extend + duration = case(isnotempty(endTime) and isnotempty(startTime), endTime - startTime, timespan(null)), + hasStart = logSources has "start", + hasEnd = logSources has "end" + | extend processName = case( + array_length(processNames) == 1, + tostring(processNames[0]), + // Prioritize specific service names over generic ones + processNames has "BackupRestoreService", + "BackupRestoreService", + processNames has "DiagnosticsCollectorAgent", + "DiagnosticsCollectorAgent", + processNames has "FileStoreService", + "FileStoreService", + processNames has "EventStoreService", + "EventStoreService", + processNames has "RepairManagerService", + "RepairManagerService", + processNames has "CentralSecretService", + "CentralSecretService", + processNames has "FabricHost", + "FabricHost", + processNames has "FabricService", + "FabricService", + // Default to first non-generic name + tostring(processNames[0]) + ) + | extend processStatus = case( + hasStart and hasEnd, + "Complete", + hasStart and not(hasEnd), + "Running/NoExit", + not(hasStart) and hasEnd, + "Orphaned/NoStart", + "Unknown" + ) + | order by userProcess, NodeName, processInstanceId + | extend + nextStartTime = next(startTime, 1), + nextPid = next(userProcess, 1), + nextNode = next(NodeName, 1) + | project + userProcess, + NodeName, + processInstanceId, + processName, + startTime, + endTime, + duration, + processStatus, + recordCount + | order by userProcess, NodeName, processInstanceId + } diff --git a/kusto/functions/sflogs/reconfiguration/TraceReconfigurationPLB.csl b/kusto/functions/sflogs/reconfiguration/TraceReconfigurationPLB.csl index 1f9f5479..5b1618e2 100644 --- a/kusto/functions/sflogs/reconfiguration/TraceReconfigurationPLB.csl +++ b/kusto/functions/sflogs/reconfiguration/TraceReconfigurationPLB.csl @@ -7,14 +7,14 @@ | extend decisionId = extract(@"DecisionId: (?P\S+)", 1, Text) | extend affects = split(extract(@"Affects Services with Metrics: \{ (?P.+?) \}", 1, Text), " ") | extend placement = extract(@"\t\tPlacement was scheduled because:.*?(?P.*?)(Balanc.*? was|Constraint .*? was)", 1, Text) - | extend placementList = split(replace(replacePattern,"",placement),'.') + | extend placementList = split(replace_string(replacePattern,"",placement),'.') | extend balancing = extract(@"\t\tBalance Checking was scheduled because:.*?(?P.*?)(Placement was|Constraint .*? was)", 1, Text) - | extend balanceList = split(replace(replacePattern,"",balancing),'.') + | extend balanceList = split(replace_string(replacePattern,"",balancing),'.') | extend constraint = extract(@"\t\tConstraint Violation Checking was scheduled because:.*?(?P.*?)(Balanc.*? was|Placement was)", 1, Text) - | extend constraintList = split(replace(replacePattern,"",constraint),'.') + | extend constraintList = split(replace_string(replacePattern,"",constraint),'.') | extend imbalance = extract(@"Imbalanced Metric Information:.*?Number of Metric Imbalances (?P.*)", 1, Text) | extend imbalanceCount = extract(@"^(\d+?)",1, imbalance) - | extend imbalanceList = split(replace(replacePattern,"",imbalance),'.') + | extend imbalanceList = split(replace_string(replacePattern,"",imbalance),'.') | extend metric = extract(@"(?P--Metric:.*)",1,imbalance) | extend metricList = split(metric,"--Metric: ") | where isnotempty(placement) or isnotempty(balancing) or isnotempty(constraint) From 90b55afbd3a17ba22c19e127c7d91237581517f7 Mon Sep 17 00:00:00 2001 From: jagilber Date: Fri, 5 Sep 2025 22:00:42 -0400 Subject: [PATCH 2/3] add 'user delegation key' sas key compatibility --- CHANGELOG.md | 6 ++++ src/CollectSFDataDll/Azure/BlobManager.cs | 16 ++++++++++ src/CollectSFDataDll/Azure/SasEndpoints.cs | 15 ++++++++++ src/CollectSFDataDll/Azure/SasParameters.cs | 33 +++++++++++---------- 4 files changed, 54 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ab3f4939..7d744bfe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Change log +## 09/05/2025 + +- add support for container-scoped user delegation SAS (skip account-level container enumeration to prevent 403 AuthorizationFailure) +- parse and expose user delegation key parameters (skt, ske, sktid, skoid) in `SasParameters` +- adjust `BlobManager.Connect` / `EnumerateContainers` logic to validate single container when using user delegation SAS + ## 08/20/2025 - fix deprecated GitHub Actions: upgrade upload-artifact from v1 to v4 and checkout from v1 to v4 diff --git a/src/CollectSFDataDll/Azure/BlobManager.cs b/src/CollectSFDataDll/Azure/BlobManager.cs index ad86df27..4b4a0519 100644 --- a/src/CollectSFDataDll/Azure/BlobManager.cs +++ b/src/CollectSFDataDll/Azure/BlobManager.cs @@ -270,6 +270,22 @@ private List EnumerateContainers(string containerPrefix = " try { + // If we are using a user delegation SAS (container-level), skip attempting to enumerate at the account level. + if (_config.SasEndpointInfo?.Parameters?.IsUserDelegationKey == true) + { + Log.Info("skipping account-level container enumeration for user delegation sas"); + if (!string.IsNullOrEmpty(_config.SasEndpointInfo.AbsolutePath)) + { + BlobContainerClient single = _blobServiceClient.GetBlobContainerClient(_config.SasEndpointInfo.AbsolutePath); + AddContainerToList(single.Name); + } + else + { + Log.Warning("no absolute path specified for user delegation sas. unable to enumerate containers."); + } + return ContainerList; + } + Log.Info("account sas"); Log.Info($"containerPrefix:{containerPrefix} containerFilter:{containerFilter}"); blobContainers = _blobServiceClient.GetBlobContainers(BlobContainerTraits.Metadata, diff --git a/src/CollectSFDataDll/Azure/SasEndpoints.cs b/src/CollectSFDataDll/Azure/SasEndpoints.cs index 90498ef2..42009d73 100644 --- a/src/CollectSFDataDll/Azure/SasEndpoints.cs +++ b/src/CollectSFDataDll/Azure/SasEndpoints.cs @@ -112,6 +112,12 @@ public bool IsValid() Log.Error("Sas is not time valid", Parameters); retval = false; } + if (Parameters.SignedKeyStartUtc > DateTime.Now.ToUniversalTime() + | Parameters.SignedKeyExpiryUtc < DateTime.Now.ToUniversalTime()) + { + Log.Error("Sas signed key is not time valid", Parameters); + retval = false; + } else if (Parameters.SignedExpiryUtc.AddHours(-1) < DateTime.Now.ToUniversalTime()) { Log.Warning("Sas expiring in less than 1 hour", Parameters); @@ -133,6 +139,15 @@ public bool IsValid() } } + if(Parameters.IsUserDelegationKey) + { + if (string.IsNullOrEmpty(Parameters.SignedKeyId) | string.IsNullOrEmpty(Parameters.SignedKeyObjectId)) + { + Log.Error("Sas user delegation key missing signed key id or object id", Parameters); + retval = false; + } + } + Log.Info($"exit: {retval}"); return retval; } diff --git a/src/CollectSFDataDll/Azure/SasParameters.cs b/src/CollectSFDataDll/Azure/SasParameters.cs index 0331c9ad..17e1f69b 100644 --- a/src/CollectSFDataDll/Azure/SasParameters.cs +++ b/src/CollectSFDataDll/Azure/SasParameters.cs @@ -11,34 +11,25 @@ namespace CollectSFData.Azure public class SasParameters { public string ApiVersion { get; set; } - public bool IsServiceSas { get; set; } - + public bool IsUserDelegationKey { get; set; } public string SasToken { get; private set; } public string Signature { get; set; } - public string SignedExpiry { get; set; } - - public DateTime SignedExpiryLocal { get; set; } = DateTime.MinValue; - - public DateTime SignedExpiryUtc { get; set; } = DateTime.MinValue; - + public DateTime SignedExpiryLocal { get; set; } = DateTime.MaxValue; + public DateTime SignedExpiryUtc { get; set; } = DateTime.MaxValue; public string SignedIp { get; set; } - + public DateTime SignedKeyStartUtc { get; set; } = DateTime.MinValue; + public DateTime SignedKeyExpiryUtc { get; set; } = DateTime.MaxValue; + public string SignedKeyId { get; set; } + public string SignedKeyObjectId { get; set; } public string SignedPermission { get; set; } - public string SignedProtocol { get; set; } - public string SignedResourceTypes { get; set; } - public string SignedServices { get; set; } - public string SignedStart { get; set; } - public DateTime SignedStartLocal { get; set; } = DateTime.MinValue; - public DateTime SignedStartUtc { get; set; } = DateTime.MinValue; - public string SignedVersion { get; set; } public SasParameters() @@ -83,6 +74,16 @@ public SasParameters(string sasToken) { IsServiceSas = true; } + + if (paramName.Equals("skt") | paramName.Equals("ske") | paramName.Equals("sktid") | paramName.Equals("skoid")) + { + IsUserDelegationKey = true; + } + if (paramName.Equals("skt")) { SignedKeyStartUtc = ParseDate(paramValue); } + if (paramName.Equals("ske")) { SignedKeyExpiryUtc = ParseDate(paramValue); } + if (paramName.Equals("sktid")) { SignedKeyId = paramValue; } + if (paramName.Equals("skoid")) { SignedKeyObjectId = paramValue; } + } } From 22f61ac2bd0246d1757a30b46492ce8df1536074 Mon Sep 17 00:00:00 2001 From: jagilber Date: Sat, 6 Sep 2025 08:48:25 -0400 Subject: [PATCH 3/3] add image for user delegation key --- docs/kustoQuickStart.md | 220 +++++++++++++++++----------------- docs/media/azure.portal.5.png | Bin 0 -> 83914 bytes 2 files changed, 110 insertions(+), 110 deletions(-) create mode 100644 docs/media/azure.portal.5.png diff --git a/docs/kustoQuickStart.md b/docs/kustoQuickStart.md index edddf4b8..3d3f4005 100644 --- a/docs/kustoQuickStart.md +++ b/docs/kustoQuickStart.md @@ -1,39 +1,38 @@ # CollectSFData Quickstart for Kusto Cluster -## Outline +## Outline -[Overview](#use-these-steps-to-setup-and-ingest-service-fabric-diagnostic-data-into-kusto-database) -[Generating Shared Access Signature (Sas Uri / Saskey)](#generating-shared-access-signature-(sas-uri-/-saskey)) +[Overview](#use-these-steps-to-setup-and-ingest-service-fabric-diagnostic-data-into-kusto-database)[Generating Shared Access Signature (Sas Uri / Saskey)](#generating-shared-access-signature-(sas-uri-/-saskey)) -- [Azure Portal](#azure-portal) +- [Azure Portal](#azure-portal) -[CollectSFData GatherTypes](#collectsfdata-gathertypes) +[CollectSFData GatherTypes](#collectsfdata-gathertypes) -- [counter](#gathertype-counter) -- [exception](#gathertype-exception) -- [setup](#gathertype-setup) -- [table](#gathertype-table) -- [trace](#gathertype-trace) -- [any](#gathertype-any) +- [counter](#gathertype-counter) +- [exception](#gathertype-exception) +- [setup](#gathertype-setup) +- [table](#gathertype-table) +- [trace](#gathertype-trace) +- [any](#gathertype-any) -[Download](#download) -[Execute](#execute) -[collectsfdata.options.json](#collectsfdata.options.json) -[Cleanup](#cleanup) -[Kusto Commands](#kusto-commands) -[Troubleshooting](#Troubleshooting) -[Reference](#Reference) +[Download](#download) +[Execute](#execute) +[collectsfdata.options.json](#collectsfdata.options.json) +[Cleanup](#cleanup) +[Kusto Commands](#kusto-commands) +[Troubleshooting](#Troubleshooting) +[Reference](#Reference) -## Use these steps to setup and ingest service fabric diagnostic data into kusto database +## Use these steps to setup and ingest service fabric diagnostic data into kusto database 1. download and extract latest release of [collectsfdata](https://github.com/microsoft/CollectServiceFabricData/releases/latest) -1. open cmd/powershell prompt and navigate to extracted directory -1. save [configuration](#collectsfdata.options.json) to extracted directory or generate new config with .\collectsfdata.exe -save collectsfdata.options.json or pass arguments on command line -1. modify saskey, starttimestamp, endtimestamp, kustocluster, kustotable, and gathertype - * service fabric kusto cluster ingest url: `https://ingest-{{cluster}}.{{location}}.kusto.windows.net/{{database}}` - * 30 minutes is always added to EndTimeUtc due to the way sf uploads traces to storage account. -1. execute utility. -1. analyze data `https://dataexplorer.azure.com/clusters/{{cluster}}/databases/{{database}}` +2. open cmd/powershell prompt and navigate to extracted directory +3. save [configuration](#collectsfdata.options.json) to extracted directory or generate new config with .\collectsfdata.exe -save collectsfdata.options.json or pass arguments on command line +4. modify saskey, starttimestamp, endtimestamp, kustocluster, kustotable, and gathertype + * service fabric kusto cluster ingest url: `https://ingest-{{cluster}}.{{location}}.kusto.windows.net/{{database}}` + * 30 minutes is always added to EndTimeUtc due to the way sf uploads traces to storage account. +5. execute utility. +6. analyze data `https://dataexplorer.azure.com/clusters/{{cluster}}/databases/{{database}}` ## Generating Shared Access Signature (Sas Uri / Saskey) @@ -41,57 +40,64 @@ CollectSFData uses a sas uri similar to Traceviewer to connect to the 'sflogs' s ### Azure portal -From Azure portal https://portal.azure.com navigate to service fabric cluster resource. There will typically be two storage accounts created for service fabric. One is for windows azure diagnostics (wad) and the other for service fabric diagnostic logs and events. The service fabric storage account is usually prefixed with 'sflogs'. If not, the correct account can be verified by determining which storage account has the three containers: +From Azure portal https://portal.azure.com navigate to service fabric cluster resource. There will typically be two storage accounts created for service fabric. One is for windows azure diagnostics (wad) and the other for service fabric diagnostic logs and events. The service fabric storage account is usually prefixed with 'sflogs'. If not, the correct account can be verified by determining which storage account has the three containers: - fabriccounters-* - fabriccrashdumps-* - fabriclogs-* - - ![](media/azure.portal.1.png) - - ![](media/azure.portal.2.png) +#### Account Shared Access signature + Once correct storage account is identified, select 'Shared access signature' and then 'Generate SAS and connection string'. Copy 'Blob service SAS URL' or 'Connection Sting'. This is the value that will be used for CollectSFData argument 'SasKey'. Ensure at least the following permissions are selected: - Allowed Services + - Blob - Table - - Allowed Resource Types + - Service - Container - Object - - Allowed Permissions + - Read - List +- ![img](media/azure.portal.3.png) +- ![img](media/azure.portal.4.png) + +#### User Delegation Key -- ![](media/azure.portal.3.png) +Alternatively, a user delegation key can be generated for the storage account. This requires that the user has been granted the 'Storage Blob Data Contributor' role for the storage account. The user delegation key can be generated from the Azure portal or programmatically using Azure SDKs. The user delegation key will have a start time and expiry time that must be specified when generating the key. User delegation keys are useful for scenarios where a more granular level of access control is needed or when Shared Key has been disabled. -- ![](media/azure.portal.4.png) +This is only available on blob containers and has to be generated from the container view. -## CollectSFData GatherTypes +![user delegation key](media/azure.portal.5.png) -All gather types ingest into Kusto or Log Analytics as a single table per gather type except for gather type 'any'. Any will download files locally. The gather type is also prepended to the table name during ingestion. This is to allow different gather types to be collected without having to change configuration for table name and for table naming constraints. +## CollectSFData GatherTypes -Example: configured table name 'jagilber_0000000000000001' would be prepended with 'counter_' for gather type counter 'counter_jagilber_0000000000000001'. +All gather types ingest into Kusto or Log Analytics as a single table per gather type except for gather type 'any'. Any will download files locally. The gather type is also prepended to the table name during ingestion. This is to allow different gather types to be collected without having to change configuration for table name and for table naming constraints. -### GatherType counter +Example: configured table name 'jagilber_0000000000000001' would be prepended with 'counter_' for gather type counter 'counter_jagilber_0000000000000001'. -#### data type: sf node performance monitor .blg files. +### GatherType counter -#### time range: can typically gather 6 - 24+ hours without issue. +#### data type: sf node performance monitor .blg files. -#### start here: +#### time range: can typically gather 6 - 24+ hours without issue. + +#### start here: -- use [perfmon kusto query](https://github.com/microsoft/CollectServiceFabricData/blob/master/KustoQueries/sfcounters-general.csl) from [azure data explorer](https://dataexplorer.azure.com) to graph results - * change value in query from '['counter_serviceFabricLogs']' to '['counter_<%user%>_<%case%>']' for table name to be graphed. +- use [perfmon kusto query](https://github.com/microsoft/CollectServiceFabricData/blob/master/KustoQueries/sfcounters-general.csl) from [azure data explorer](https://dataexplorer.azure.com) to graph results + * change value in query from '['counter_serviceFabricLogs']' to '['counter_<%user%>_<%case%>']' for table name to be graphed. - to view results, uncomment one counter line in query and execute. - * // | where CounterName contains "Avg. Disk Queue Length" and CounterName contains "c:" - * | where CounterName contains "Avg. Disk Queue Length" and CounterName contains "c:" - + * // | where CounterName contains "Avg. Disk Queue Length" and CounterName contains "c:" + * | where CounterName contains "Avg. Disk Queue Length" and CounterName contains "c:" + #### counter record ```text @@ -105,13 +111,13 @@ Example: configured table name 'jagilber_0000000000000001' would be prepended wi } ``` -### GatherType exception +### GatherType exception -- sf fabric*.exe dumps. +- sf fabric*.exe dumps. - adds 'exception_' prefix to table name. -- creates table with records containing url, pid, and process name for dumps from storage account. -- console output lists download url with sas. -- can run for any time range. +- creates table with records containing url, pid, and process name for dumps from storage account. +- console output lists download url with sas. +- can run for any time range. #### example exception record @@ -143,11 +149,11 @@ https://dataexplorer.azure.com 1:Execute:total execution time in minutes: 0.41 ``` -### GatherType setup +### GatherType setup -- sf install .trace files. -- adds 'setup_' prefix to table name. -- can run for any time range as data is small but typically only needed for time of issue. +- sf install .trace files. +- adds 'setup_' prefix to table name. +- can run for any time range as data is small but typically only needed for time of issue. #### setup record @@ -164,20 +170,20 @@ https://dataexplorer.azure.com } ``` -### GatherType table +### GatherType table -#### data type: sf cluster and node storage account table events. same as available in sfx explorer events. +#### data type: sf cluster and node storage account table events. same as available in sfx explorer events. -#### time range: can typically gather 2 - 7+ days without issue. +#### time range: can typically gather 2 - 7+ days without issue. -#### start here: +#### start here: - best viewed with kusto function 'TableView('table_%user%_%case%')'. -- Example: - * TableView('table_jagilber_000000000000001') | facet by TaskName - * TableView('table_jagilber_000000000000001') | where TaskName contains "hosting" +- Example: + * TableView('table_jagilber_000000000000001') | facet by TaskName + * TableView('table_jagilber_000000000000001') | where TaskName contains "hosting" -#### table record with TableView where TaskName is 'Hosting': +#### table record with TableView where TaskName is 'Hosting': ```text { @@ -208,7 +214,7 @@ https://dataexplorer.azure.com } ``` -#### table record without TableView: +#### table record without TableView: ```text { @@ -223,40 +229,38 @@ https://dataexplorer.azure.com } ``` -### GatherType trace +### GatherType trace -#### data type: sf node sflog .etl/.dtr/.zip files. same data as traceviewer +#### data type: sf node sflog .etl/.dtr/.zip files. same data as traceviewer -#### time range: can typically gather 2 - 4+ hours without issue. +#### time range: can typically gather 2 - 4+ hours without issue. -#### best practice: +#### best practice: - use 'KustoUseBlobAsSource' for fastest ingest. - use 'KustoCompressed' to reduce network traffic - use 'UriFilter' and set to 'fabric_' for fabric only traces - use 'UriFilter' and set to 'lease_' for lease only traces - use 'NodeFilter' to ingest only certain nodes -- use regex / string based 'NodeFilter' and add name of node(s) to gather from if all nodes are not needed. -examples: - * NodeFilter: "\_nt_0" to collect data for only node 0 - * NodeFilter: "\_nt_0|_nt_1" to collect data for only nodes 0 and 1 - * NodeFilter: "\_nt_0|_nt_1|_nt_2" to collect data for only nodes 0 - 2 - * NodeFilter: "\_nt_[0-1]" to collect data for only nodes 0 - 1 - * NodeFilter: "\_nt_[135]" to collect data for only nodes 1, 3, and 5 - * NodeFilter: "\_nt_" to collect data for only nodes for nodetype 'nt' +- use regex / string based 'NodeFilter' and add name of node(s) to gather from if all nodes are not needed.examples: + * NodeFilter: "\_nt_0" to collect data for only node 0 + * NodeFilter: "\_nt_0|_nt_1" to collect data for only nodes 0 and 1 + * NodeFilter: "\_nt_0|_nt_1|_nt_2" to collect data for only nodes 0 - 2 + * NodeFilter: "\_nt_[0-1]" to collect data for only nodes 0 - 1 + * NodeFilter: "\_nt_[135]" to collect data for only nodes 1, 3, and 5 + * NodeFilter: "\_nt_" to collect data for only nodes for nodetype 'nt' #### start here: -- use kusto functions. functions are viewable in tree view from azure data explorer or by typing '.show functions' -from [azure data explorer](https://dataexplorer.azure.com) console, type the name of the function and pass name of table in single quotes. -- Example: TraceSummary('trace_jagilber_000000000000001') +- use kusto functions. functions are viewable in tree view from azure data explorer or by typing '.show functions'from [azure data explorer](https://dataexplorer.azure.com) console, type the name of the function and pass name of table in single quotes. +- Example: TraceSummary('trace_jagilber_000000000000001') - ![kusto-function-tree-view.png](./media/kusto-function-tree-view.png) + ![kusto-function-tree-view.png](./media/kusto-function-tree-view.png) +- use [kusto queries](https://github.com/microsoft/CollectServiceFabricData/blob/master/KustoQueries/kusto-example-queries.csl) from [azure data explorer](https://dataexplorer.azure.com) to view results -- use [kusto queries](https://github.com/microsoft/CollectServiceFabricData/blob/master/KustoQueries/kusto-example-queries.csl) from [azure data explorer](https://dataexplorer.azure.com) to view results - * change value in queries from '%kusto table name%' to 'trace_<%user%>_<%case%>' for trace table name to be viewed. + * change value in queries from '%kusto table name%' to 'trace_<%user%>_<%case%>' for trace table name to be viewed. -#### trace record: +#### trace record: ```text { @@ -273,18 +277,18 @@ from [azure data explorer](https://dataexplorer.azure.com) console, type the nam ``` -### GatherType any +### GatherType any -#### data type: any blob file. +#### data type: any blob file. -#### time range: can typically gather 6 - 24+ hours without issue. +#### time range: can typically gather 6 - 24+ hours without issue. -#### best practice: +#### best practice: - use 'StartTimeUtc' and 'EndTimeUtc' - use 'UriFilter' to filter files - use 'NodeFilter' to ingest only certain nodes -- use regex / string based 'NodeFilter' and add name of node(s) to gather from if all nodes are not needed. +- use regex / string based 'NodeFilter' and add name of node(s) to gather from if all nodes are not needed. ## download @@ -397,32 +401,28 @@ pause ### collectsfdata.exe commands to delete / drop table when no longer needed 1. to view all tables: collectsfdata.exe -kp list -1. to drop table: collectsfdata.exe -kp <%table name%> - ex: collectsfdata.exe -kp trace_jagilber_0000000000000001 -1. to verify table has been deleted / dropped (not necessary): collectsfdata.exe -kp list +2. to drop table: collectsfdata.exe -kp <%table name%>ex: collectsfdata.exe -kp trace_jagilber_0000000000000001 +3. to verify table has been deleted / dropped (not necessary): collectsfdata.exe -kp list ### kusto commands to delete / drop table when no longer needed 1. open url: https://dataexplorer.azure.com -1. to view all tables: .show tables -1. to view all tables with name match: .show tables | where TableName contains "<%filter%>" - ex: .show tables | where TableName contains "jagilber" -1. to drop table: .drop table <%table name%> - ex: .drop table trace_jagilber_0000000000000001 - note: on success, output will display all tables remaining -1. to verify table has been deleted / dropped (not necessary): .show table <%table name%> +2. to view all tables: .show tables +3. to view all tables with name match: .show tables | where TableName contains "<%filter%>"ex: .show tables | where TableName contains "jagilber" +4. to drop table: .drop table <%table name%>ex: .drop table trace_jagilber_0000000000000001note: on success, output will display all tables remaining +5. to verify table has been deleted / dropped (not necessary): .show table <%table name%> ## kusto commands -- to show all tables: .show tables -- query to display previous queries: .show queries +- to show all tables: .show tables +- query to display previous queries: .show queries - drop table: .drop table <%table name%> - ingestion failures: .show ingestion failures - table ingestion time: <%table name%> | top 1 by Timestamp asc | project ingestion_time() -## troubleshooting +## troubleshooting -1. E_WRONG_NUBER_OF_FIELDS. this can be caused by setting 'UseKustoBlobAsSource' to true. some events are still not csv compliant. to resolve, set 'UseKustoBlobAsSource' to false. +1. E_WRONG_NUBER_OF_FIELDS. this can be caused by setting 'UseKustoBlobAsSource' to true. some events are still not csv compliant. to resolve, set 'UseKustoBlobAsSource' to false. ```text 5:QueueMonitor:error: Ingestion error total:(46): { @@ -474,16 +474,16 @@ pause ``` -4. Microsoft.Identity.Client.MsalServiceException. - Verify configuration settings are correct: - - azureClientId - - azureTenantId - - azureClientSecret - - azureClientCertificate +4. Microsoft.Identity.Client.MsalServiceException.Verify configuration settings are correct: + + - azureClientId + - azureTenantId + - azureClientSecret + - azureClientCertificate - .net framework will use ADAL and .net core will use MSAL. - If using .net framework (net462), use cmd.exe or powershell.exe to execute collectsfdata.exe. - If using .net core (net6.0+), use pwsh.exe (powershell core) to execute collectsfdata.exe. + .net framework will use ADAL and .net core will use MSAL. + If using .net framework (net462), use cmd.exe or powershell.exe to execute collectsfdata.exe. + If using .net core (net6.0+), use pwsh.exe (powershell core) to execute collectsfdata.exe. ```text Authenticate:exception: AggregateException:System.AggregateException: One or more errors occurred. ---> Microsoft.Identity.Client.MsalServiceException: diff --git a/docs/media/azure.portal.5.png b/docs/media/azure.portal.5.png new file mode 100644 index 0000000000000000000000000000000000000000..5a10d353096b42f245b09757579c7173d535fe76 GIT binary patch literal 83914 zcmeFZcT|(h7C4F(6#*+CRY61$2uSY&QWOE{5SoJYPUw)JSm?dCM0!(@8hTWa4v``q zfvL2K^=0OEfez^iMP& z>(kJjL(tHi-o9|2S^^imFh+fx0_kh0&{PhwuTfvlIw)%^)6i7M(~)1EqrPAC)HDOp z&@goT`JL+aD1Ajkb5iu=v9e)+)g~p-$JnU(Bzmi@0`7-(Zn$!!Q}?L`9#v}RWM*6o z7jLk8scKtgbXtX`Nbk{_(d~pQ37mRYuc@S8x$I zwA^M)K>hcfnww_(zZY=)f2Tl50O65g_!w+8bkP#yVqtHM7+E{o;9FaXKej%7JSRNi zvl)11PMRdL&mt{r$iz5b`hM2P+!Yjvg8nsyHtBDmVd}up`S^*OFqx zNQ-{6O7XUYjcK{|;_gv2Ib_}CUgU}`5(PQfCtHA?Jsz9RUpQI;ImWr!958!8cDBsr z-81SsrV+3Y>pft(!UH9tqK2~DCyFQTpI$yIjk_2Rz~w3NB`X2|41-hbs#_;8Rjljm zu6Mi>_kr7Z-dD}5IWCr=->RiWH?ML%CHb5;A>FCOVVMYT>F|<2>iJ2qEb3oL4N^Q3wc+i~OAsG2T zo86nK$+$SrWtQeT^D5Cr+F>q!*9+}aj?X69M{-o@vWZr`mk01K{%B>&)qVOfSVeXy zV9~>??8b(|`Ex}O%K{Y1o!MMT@~9lNDye|n z&~u5VPTcCm54N*{0U|6>?*Z{|cOUXJqAC2MTk$ul8v^|5wa+!pFQpua@%x}ry?KqH zdcZwIjDYg`^Q2`*&uT?pgjvWgCkPDE z2@>q__X>6C>hNH1~O3c~3v%Wwrob6^&FwgDFrf5vyOJ=>+0@b#WE zr(f_yed$Az%rGbhuGr>qFu#NAjd(gCYcUD3t9!8(g2Cm0GeWsy&9do)J~vs)6S1sv z&XCIbrphT#4kDb7w_KOwAmZrqwi}!z&;++qA>w)rQ0qs zHGI0SLs^44gW~LuE?ai<>R|)b!Q)`3Vb}I$k*dt#ZZ|X615VkA;J_ES`Yx-`8Zy ziphbev=^H?n2JR2-w*uUJ-*b3NCutS8Q|C1%W299l|t-3&WtMetH&UCJ*=Lp&#b9$ z1_lnVa1`C2;MZoUwQ`(`bM%(OoAYc%t3p6QOdyED`Sz=(*Z&65BlChEXt+=-i}~WT z4KmHk9;_a9*LpH5AL(AvPXs>1|GZ~*ic?o|8eJ*#a0N2u(om&_{X7S+;7oV&S`(1! zt|rKuZ3a3PitoJ_)5x5;W(1d*zy;~ldHSTzEM>cR_s*31db0)73lAv#nn+4T9nAWM zQmN#7j%q6=v0EJ1)MmoEJEghOK6MyeIpWL`*ow}8WL+__B-OfaRE;vX9cRrBqZ)2A zKQy`M6D-UsHa#0BpKg2Pq}wRe@15IXzE{TG90=9p*XwMJX`QpN5}<9|>PQ)1Y!T%C zb+O;I8jwcgzhAHsEy2r=z}E5UQBME8__~`wOGry$-rV>nY^J(hD_H^BPNxrF>X z5_*Ykkr^^>+>~|b;Ygxauet$C7APVqw*4zz)l@6fFQ{mL{yJ|`&B3Jp<~hPot89gd z(rUNOY9EB3oB}NyWpgqtgCtIp==K^M^wo|~@7B7$)!klFi7{0wY32&no@KPw@^!0h z!?+wE&VGSuwCO;T1Lx}fK#&!Q*d`dcMaIK@seffbI*0XL6_LOv*y5(=2CwfHBfKeS z8uYpE%^1qMYE9_f9dp~237)YH06%;czNY@IxWUU1CUXS!y7s1{rkFK=XgXT>c z_1>;m%W%ty&aD|ET^uZ}#!m)b-93(d_KlS>m{WLD_5hkWNto?&?QgVtEh5`I6Vh%0 zdRfO_-|hW7E4Y#O3OzjTx9FRt5tHSqWex-5rMdAHyeL zX77 zHJ{@VV5Oy!1WaFRs(!t4!3%u5G;q$!AJps7-sLiGoAr?EKTD+fC^V9fCp~?~*!avS z1TGb_#w>j1?>}j1UOzb1<8kG6K`8dV&p(Q38b@A}+xx0VvmS-~v-9 zCzl;P_=dH>PpoaKNzC_hs&%hm;pDmF7J;H7%jW06QuaEDF4s@_CyhRd41!zgxpLwC zr~X2Nh;Ac6#ORralO&~j;;p#mNGHAOoJ8G{R++B*-NL#_Ou4q^i*GKb1Rs7%P%{@} zM{{hIB=(yMgE;D|_KggWr(9W~?i0VjaUXNYEF2Y5(DVYf zsn$f_{@TUfRFcyxW5v`778gvqfJ3?C#tft_htj_KDs$Vo9n#2ky}2i{Qz}H?;DX+wASHxP{RAop}8{ZK#1)LLCP*SAD5SpE3ii`Dh}ph zwrW;5!z0g?q#mL%u7bWkgB6)w&cY+%L;10!2Ww$ofWxMtY=xXH??I(gLP7`}Tc(=% zC*pD2u^`8cyl9PfjX1$d+RXIX$yI^}pSqT;Z&U(&P2BZZST-9eXiH%03N)JH50k^ZlJ$@>250V4c! zk!{z>&Wx=8S^Cgpe%7CwZ^mnEWZsTn%nVLsJ-CCHOWJ!W?lkDGN+Y}MA9Vh6#pNgz zP5t}5`4<&~GsIJ6EX8RJaUSFfH zPOJp?jGJjG>Sj`i?r<33JK(&$sSfI9^+5`YI+w}nKCH-=SnD*l+p)T)tliRmoo*3Ro6h3rKuX{SQ+@qUk5-BQAil#`Z={i<_$d*S$VYqgnqE;VG^_6>TG zV@VZC3S5s!!SEZJ7QuLlVFkYj%$&EaSbvQ)cv;>T8e~0#XDj^vTFOz+T{QR8Va~jB zSKE8?zYY!U-|ML;GtrZicipk&+Hnt*1+6cFTyMO6=!o7be{nbaNNHD@n5zTwBjMqB zH3{DLE*Jd1Zg1c|fXe0KJRacvkModj+%X9EcjheJRF9+K^Xf!67#^4la^@Q1YgzRLn*Mp&D;YuFwp^bNl(ei?BcIL zTaLoiQ&Z%mI|RT;*(5OQ_(Mo>v;etHzTQjFS2Ga1CQhQWJ}VhgpLUNiFpM+U?=-ko z={_rM7glaEK0{X%GGhy#?WxX++%wxl%bZxTo5>|Y1Myx#LEl*gcDIJr1dyB=tzX@h zi3$h1wtKLnOnFd(pHOJJdYeeh2PLJjdGqaCH^C$CdT@mVo99d2&tnGV%DHQi`hi=Q zfOaQX!EE&^)+7p=5nnp6|GkqJ@xIX*3FEEwRay}fa7@OxDA{$d|DY%uHHXayh#a!- zvq@*Ag_@}}*~+Ox-WKn4smnsD-yB=D+`_Z{MQe4pZX>dvoVC7aLwuTHTOcy}eavK7 zR2L7#&%~5h4wiVGaw6S8r>yxIrI3>J(#$l`F6uwQ2aOz72j11YrcG5d=-Aua7WdNb z>H>B)x?Ko;d_X9)2+zAS5_R_;c-~$2ke#%Q9^;Wh32$@%V)H{X^sMidL8egsHL*1p z4Sj&9r8)8Lm~9={N_w@SyK84n_#H%l4cnd9ZqWQ6d742Q>q(kc#j(F+k9?#CCB~%| zcuwBGPFXy*7)(DW7}r)KV;wM3o98O3U|R_QUv?X|`SMcAuDCUwOFuI%MZrLGbnxJm z9#_GDv>sw@>3ib#OX8fotppogRNEd4y&S5jg}ygavFP>sevr+s!L@cFZiKaksziAV z?2WxHqwUrY;b1_6K^xS>6_RZC1%R-vdpGJQy`J$ZeVi1^oN6@o5mtQ`PkPkA|3U6) z=H_~dP#^9M*YJekUF7D+TTh~0dpv$#xQ+Ph#CgPXOCjh6rN&xmJ%j1wWNFrCcd*Xy z*QIrkCF;4^jRe%--LR^&)ginC)q1Z!mDuJ~1Pq={Buu4GQW53_TG@l5Va#xWAXfkL zI!iC7$kb+VRuq{tM;pyOO%ddfaUJS#PFIXSSSvlO*?eIb+}HZ7=~sD`x*FKOkPtOg z+5|1i^_UqEdfUK0K>(=J)oqFw2B`ji_nbA_D?5&~fpm4wie5=Y>0(kepZKlZ=Gf71 zy9+>!D(%_%-d=C%paFVm(#^lE!@sOR_*jJtn1uU!6I;||1&#!6fQiHI zbzYA*zzAEaqV+6%@iV>|ALH+6sU5GX$m)Y6eMAh24x=i8aMf#jZ?4vP!xE$3GHT4i zbJP`IAo;WVd{Nx2M7zGJ5>mPTaHlaxck>oosyMegY`lVAsGWrwXbgT@9B7 z(ke^l+@!_)PBzh0X!`Zo1@Wz71h7(Jn(KqiqIrD zqsM7K%QVM_p)jPkFiw0bvTb>bR2e}Qg>#h+IRWSCJ`E;408uotU{Llwt1R~YxtA=T zE1qvSPilkMZ32gwfvfoDqB{2W%7gvMDlaQ1T)ihIvhSTawhRJJg@{n^{T4Q z2Ey(3>e`@ZFAwF{(9IqTraI^pe6A02>+Qp>mf~FG2J+iNzH+7;RTg1Xf}K``6ql3cUd!?$#Gn%eA64Y+?L`y+ixd6MwK9O?I9bJ>1OTJMO^C zeKReIsbus7_Vsef_ z*YI**S>WV@f?i8c_syYiq!$Otnh=yij6Is;qik*oj1Y(02lXZbLrH0fxc&cG2{c_}n@k<)ni%|2+A_%$!< zLk0kur$e}0!sx$#M!n*`M@r^fvSJYUi6=wIBaa=t-rl1UojinxX#7B}#qF*rkMnrB*MM8hotrhc>FvI~v3&6|ecDe2Co(dOP?@p%j^$AvD+MIYNd$^nTo|j?E5ld?D zM)l)8)+Jcv%)9XnRy}<1vbrrri#?o~0jQ(VD)Xr%(XUDSNPK#24#R?;)cYC9Fd+_o z{|crRo8DDub#S#6{_O;`LU+W1mKTXxS?0RjURp|(tTpDitgJ8athc21GK2<`w#l-N|{=AP;XTRW**}yF;b3)ao!S^k_S}k#JZ3Wy0Sg?~Z&rCs&yA7HwdZoiNIQC5=yW9Umk zEs-O(@kNY3LA8>@FAcbBUBc3d^nLf6L8X~!H zKSt9oXmhE$#GeJV(MsFG*L3?4k_=vBrRfb7(gHKp4DtO!2)J-@tFs2wQxqf6r)Bhv z?*T$?ufXYj$#T}=!jKFylKI*WA~b~9=CkWHd@%M~Um%{N&;a`7Q&H>JJDJV7&3wK_ zKDU_)@HGOu-jXT8AH%ivTzhZ?f0*dOob>Bjlp_#iN^z_HDhxjow0guyTj-z>Bme^B zP7vN<^jHh8i{xuVo&i z>|=xo0BJt~Us{CqvVsS_gmtunV*V~t%5b=Nr`QLpaf{7m8S&yun8kdDE#_DMl`3~7 z)?~xB3m;l_vky|APnmS1q2gouYGuIK&PAY9+LjnUJKSXrFaWeh!ft z@eu6_7?x>rMwG35ZG@KqbqlR!^W9pWeDIfCcZE5f#v|&`UbupMJW)9@8t*{{-&I=M z?SG!Vau58|0H1)6P`?x-5z@oFdxQS@>Ev_Hs)O!8Dezf^d)z*wPLI001qdTdk2P+d ztJd-bJwWl<1?v){*-}zTBo^p-RPiE+Mf?b zC(f_Tvg9vIX*>$vEwj+7GR2ZxCx3$(k~t@J6&*!cZYjNH>a2S%tJRHn7=1uyFJk=Y z<-))kXm7`wM5Wt%;MO58NLpVl^xDK?FD~byP(}G_hOcxn(rh|i=63t#z!s5=piW`k zDAxx?5tj3bBfeQzR3RjpTAo6$=DDibw_a>@XVGst(nlM^iACL%y}q2&)@d86Le$xf z+8`!IUd~OJxU9)|U04ta3QAad|K#qPxL-1Bw)OLfGkh{dT4BCtSsp!LSUrlXyZ7X= zW3b-X2eM?rDplsKzFXz{^VO7%10phDz3sHD^W(ih@v)Ki_g52tvGZ1Oa|SBp59J@? zTl8#Wi7`6sBy;8hBU{?2Sv;XlIy$PA)Iqu#_fTixMG*We3Pt1F!VfyMG=>3&yEQ^? z^`Y{#?lF{LI{h6_aY*nu2oZA?9nxVMWRH5oc4H1x8E00o#iA17v;l;T|4E#YIzrlQ zQVMoHGi(ppznYL18KTray*Zf5NI&10&iG9H$KHz||KK9?pU?(X;r@E)O9qW@13APxybRnfKu^9K6k{KLIFhPH*sWi`AYDY zaK+4Px?vTfjqYH6A@COG39btD99YcolT3m(jk7C${9Yybo@Xjl?ER$;(bme@5r zX^zN%zz)XNneXxU-~!Fp7K&x^B7R%z&OF5g92;$1{?;Ejjw+cnlY!g9bn{VJgnHDK ztR}1h@Mlvkd-g`us+|$MwxTi%LswCX=hnglrzMHXwr&(h$A)Xv_NxHP=ANd@7Ei5r z`XfH*0}n|bpC9i>+!A-oc#0A8jMS@g@lgQjTHMtP#*bvF`b1((;o(e*Clw2*6_2jb zBh_^)Tp(;q;+3B!gb@4|U%s*CLAI=Ok)_98i-{q0mCdQ(GB&oP-Z7<)MT*9S9x$(u zm?^b9g=}Cb=avH3rQR8HNdqwTF0#IBBW6}yU*0iz9_3IcvKL-C);n7}Q8HTh`yl$x zUmPPru$Tsc9yiav+n(9ajR?&-mZ$Wq(j_g1BeK<%+9^BFxdwH@a!^&R2Q^}Y8qHo` zKW0kF-bPq9CA5(TVs7!Wr=T>9pJv{=s{+Yx$}t;{i3ecvmkEU`O6&0k>hH!CCKG<; zl&e^W&L9&hguZ?8hjsP^x%~NqX9SX;0g^5y;#*YDyX`Y{q~tsCB0jQ6#2PaJ6IZ>^ z1cSYKoh3*(1M>2gwrNbsXc#!?)7v`l1iiHT82CT%*9>@Yc6b^5R;|8 zVRI2W^EC$?2_+@jx<7fT<=m1(_;?jBH|D`=Dd(68sAdE(a&Gp7F2S6i1g81vNRV8E zhHxd!sin;4a<*Q51Uf|FNkvF<&lY%>qJu3dHV2)(N}3%ZzQ{vvval{_g6i}%b}~6>CTy*-2S|ner-j}u}Ju0 zZ2Idxli2&XD-LTtN0HwmoOw7dMI%kzuJ(R6iynPV-qL;0w=X+1(oS$o%+bMZ{p6Op zkLX_Epu4ozJXiNrbMxxn{Q5N>?)lA$p6f#do88G50@rC8bH0!K+RVKp^ zoz#&#xhp$|Htw`ezj%%nV{(Q_8q+leS%B2F{@NiRd-Sm%&6Rw8< z^HSnynf&u~WVwy|J??zLU5s%4_MEqd_+{vMc~smOj*_eIy_Knzo7$6ObXN^syxPoz1&;OtZOJt&x5@_@YGj0jk;V-Tt1WX?qp`7Zd#M= zS^|pDs>y{-Pa=;&&)wO<#&;x6$9Y+qYTT4RUsYdWRgs2raGD4v=sU=@_0E{D#+Xi= zXD#6ALQOvEW)<#H*gbNxe258s1V?#=6HwT^jt|3~7d`ZWe7u_+zJHO;v;gpR`i}#N zCm~`~2M?K%Y`X@b#^m4Oj5^n`SjFtvv-s>MTze1O(wov6w$e^48h$?$d4De2#&RMh zzFSeOpa8tGIqs&-@6zX?v3|KFj^9p4bbZoi>;vw(Q{X((mZvIA>nGRFu5GBl~MciLM0tRgVsVN zr-Tz#TVuTBoVHLCVAOMjgGaHRrze1O8QklMv8@p4AMz4o~l{w4)NcXuSagCed zGa8>e9BkfriJ;};_U^`}qJTphvlSou1aRoFGNEQ`Rh^l$XNg+ezoMc3#OZ4BZQ)x+ zN(VfupS5!R1>6Y8-J`_P=h^ym>2rmeh~B0X^3S_ zn;R{Kd5Vy`zXI*s;pw2{EOZ4p`2BnZz{`d)o5&q-54JHoTk$AP==IjuVYTJpff`S( zUD@-SzKHqOy*GaSEyZ%Z|D@;bJpi0648;x5D{L@NR(5b59?m{J!KfF9$m>4v9~U8GLYz> z5aWEu)=4z>2DEahbe9Jc7S!E@r zt|wz!kL8J!17rS#_)moz+~l)GPc=l$v zR{BpA8*b?UIKQh8oUVW1du<|x>^`Z=6)Ba zAB{hUf9P=IMhmIIt3H-5Q$o)dIu!Mu0QZyn96TdyTAPWMN>+50L}$^uNqRPCOo@|E z*#i8Kes$Rzq=7w&)D0*7RT_g}hRBPvEtbdfI=j+@;4OEk&4!#gG|rGhm+d;rS@w3GOxHQwzzYEiM>t zKX^0wx3hIpGRi*AJ3S%P`G<)WF%ivv)uS-n3yq26L13#l@4E#H-tq3*zLO9q(YOHC z1wu+j$!*F{I6}-sGmJyr9_J_t_RrbOG>2Ep+HkzA=6Dff4yk>0aNxEv={d6}Xzdft zOp{xx`qT%y(D!ZQ!iJVp`6~xy=4b8w^~jK4I~zZEp=7IVUI`253&jjxBKEfR zSLSY3aP8z1>&fn=1}Ekv@+u*0OOwIZy6zx;yh*p@ASi2mNFUMoz|JM_MrU;Hz?Dvj zWB0}V6S=?mxF)?&yUZe~Va9_IO{1I2l#Eh3B66+5Xoatlmz&3qFh{X&+2UTygxAlk z2ZG8(j|&;jicd>eK|opOzzVmBo0Z7}8CyH%))29^j(b0w=RUj}Cp8CK9ljX65g}!7 zQG8VPbW`(S@8!4F)$U6rKXPq%`*E%Uy6Q9;rKB|sIc_rkQ^rZ?tm)|)^onx2pqosy zq#>W#L&yFnza}zOf{=GyDIG%KmvZj4OpAU|*M7_bS|uD`&XDnP7nz8|E4_=dnxjlD zLo$VIyYj6$=Rd4p-es6w4*exM!TXcr@(U-y6{Z*_-4BoAye3{|ao>!+qbJuDn0Mt# zOj==4q{DZv{tM765BhJ0Nie(OjRS6QouYPrG$)3v6 zf@oP;Rd6Hwnb{K8ViQpmr+LNHxcoiatew6yZyeO3H}4bY%0Q+O>yq@TA%`!XaeiF2 z=?@8NPrifT;U3}T@ACkJ`U`O!9x4Q3m3KXS#oexj3sY@>xi`LU$vCp=nXunmn>_PY zx0oe(V2@43bS>ElzydVkP5f5TP%e760PU|9 z$ZxrTNIh~s^7&phn`G9Ho327Dm&8#LL!NmAgIsgSOc4q*Pky~o=#NR;{R>@g3l|@b zpV$ogUa%La%OD?rJL54z;4*ur)VkaI-0b1%0eMu|g^3#t&n)lg>vq-XRqyc-V{Sy! z00T`4=4u-s);4;39Q<=nb-hg2D>Hs(aoW7_$Isz`L?_)aesgbYcva>@)T<1y+xG7Q z><&NnHxb{Qc}N)a9n(tc>cvS1HV*pmu;(^+M(OyAxJM@*++CBIMB454;C^>0LmS2% zHsuc*N}CUg_I(TqW@&DPJC2vvQfwc4fws060t8imnSNl`mD11Ku62*rQ3B4UFXg=z zONRQp^n1i{kDu_#LSIYfSF`yU6oW6o5|+wm`MWJ!AG1{$WsAKRmwEECGL!Ni;A{?r zATP$G7Lp|ikF7zUczo@tTG?{cjb*~7We`2pJ|~_|=5%I{aO%P3xwKM|QK^+XK%~fi zNLa~c{KmNbOwEtqvvc;#@U7sFUXw+dwbz)Y6<4gNHizz&jflNf=2QGHFRe|ICGQ|) zN|k*bta=~{hq5{a?*`b@+neiN}ne$f03W8J$3<7n!QAd z6m*>IXD{sDrjiCHWi?OAcv#sMNj@X-FRRbP#!k4|y>o|E`b-N#_YjDapRPyq1zM}! z;EtL>HNwW|DwMBf^z}~LTCW+{@oS2lIX>gG2`?FDmwAY zV%cZEk$d#0c8f#XqkyG^?$^tH(b(HpeXW2vOlf7jUK|ghF47#5eJ%UPV#Jq83C2o! z1I^?yUxW7AyLCKyqp_OnukLz|MZY(6iXlsmei7e#inbIsEo>sjCd{BiBsXkD9_m}rC94! z5*KtbqYNxzSPPa-!9mhs_;;X(-B*7?`mVG~J1W!jVv}o-&)hyJOf~h{0F#N$)_K|+z(GXNeI>68x&3(eu*a!?v+jNTds*7igS;YcCH38R0! z%Pp|4ub(n*NE7Z)hLKT=@*@Og5e)?$=Iy3VhLgrEK60d zwlAu3q4N?ddltUsXjsfvEmL)8FuGHSzz|IuLa;-{()Iu(#VDU)j!c&5{+4pjc&@Rg zPDyA6u)zd~hzQb2f=oSKO~*XPNQX6AAEaBg6+ZTsC(hx(M=BA&18A+NntmDLX}jSz z%eM4WZ_WVZ2)p?mCsx)^wXDCKZB!ID*dONqjk-Qcwe5@mwA7%~t|lriRnUJi$gkS+ zJ8t7OfQ8z+2zKc2>ajoZ^Abu-VaW&V{#zu>3zR5nEdVviMA1 zA`jX>Bp(D3`-bTZmgIXiI@Hm%KUcd}`5a|mD5*i20ZX0dY0ieh$y1A&98T&dQl0n1 ze-sW64V;^Qo~a8uG-H#H=%kCT zPrzCvw*|Mgt~o$=9$!96=o{LQz_;b97QFkysf+^y7uzNm5JkFHeowTbrDYJ;@Uw0{;hLL z4s82xpwH0V$EQ-)YFGO~$6`SO2cp`cZ>^(ZJ`#*Wm3`;iQVA0=5t3-dc)sy(8?Xd5 zweTSptSfOYaRjre9|#?6xbEon&7_OfZ`5K*WZ)6o4(g(UiOfnGg*T;QWg=AB>*Gm4 z@J<%{gDt=CjGJ~JpI1J z(RKbeC&pSoqM?kOKGPl-1_j9}OaTD;q_PL3EvX94zJsHxwNX(-eLj>l{Bx~o&v!UP zNd>&90!$N)*s5+vp0AqJO_x47i0iG{>U_Va7Z$XmpL!^0n3TaY)e#mv;P4bUfz5l5 zJP|n5Uzb{PqTET9=fr(sU(enfqh3)>EZ)knhv9QXy~hqoJ!d$`XLLGz=r zXv4ZM73A+`yBj?d-I{SGjwa zfet;0D^FG~ga!rO;i&cYpq0_;R_wi?CL+gJX(*mzH!7PRF(i_|z~Lz;7bSmlvDbsd ztM*z<6iCeCc<-_aKE3I}AX^keSA@5#4o3Vs^&2f3xSWB)%>1LYI+O4|beg)2zu_33u7zM;Pt`RH1v}{@ubxU#S8(3%54$PB z-v?5LgxPJ+HV)uPhC7_H#V1DL+Jl(AVj(}CCq|G5-#&FYOM{GU$b_;yA5r>?nypc~166Xu*C_otw$$fP4DMD0U9SbM$N)tv08eg@CstSJ^N?-8R#h07B}1RWtOs7>YA65^xAXd)1dPuRTheGT~V!gaOu0BkCe1 zYvWI=aQ=n&b@%?rdW3HO)tR>@(J;Tv4+iO)k#kaatE+B_C%5nRupbTKzOMnK)hXWY%1r_ZZ~~SHLZ2YZEn6TI@&CW?<*_nI{uXFm>+~ zxF|GdS9!W=*-qDV22|HQO#2-A@Vy(wOtwpJy7k~^V-iVSs05s9zvpu^HB>VDLrFIG zwB{W#N7m0X4zZ)2X{^pRbrSvc8f8~?A&eO<(73T2diEOrt--8|Htl}a+KH$zTJ@iO z-`^@<9CAU6?$$ajpE0JSC83@jiDcE;OL2_K%xCss^hI4i!*HZ+Z`OpAj3;q>FKhYX z1Jc_mMe0*QSz-f_Q!f(~V^%_#=r;M3q?&3MmtX2~sn;qk`I?7vIh3zz{sv~zu_IJo-liYH|xGRfyLG&L|Fq%xe^-6vv#~a&5>^$4 zRG`b9b8*6Ne~F2|`-bdJHvP+C#0Ghqb_-9K`>g^b3~fJWO?~w{SkLEvKtk1Fur<{u zuXeYF&F#SW@T5jLB)k&FvksW|D7;b)dRf9)GzClhsVCI-&U03~VxHJyw!D5ro`*Tuw9syay%n>UKQuc&X;5U;u5`n19 zZ06BY6f1!7yiQTQwXuHgev;^KmMp3rTq?dG_&7<;np4!Oo$7G+$4MkGPRC!dLYV4h zaz$ z*1d%bxZIoV3r4$2#_gGDF_5o`<9}2&y*lMGPMRlK`hD5E>~qO!YDH!20lo4v?-k>X z0u~MD;RHv`lFQTVvfCq=2_7bWh*J?tXV7+LQE%_{P0^eX%ed|1cTX!~Le=u1q{aH= z)xcfeK04fJ@yMm-E0b`6^2zG3c@cwcPX#L&5nt909Al%j2tR30(UT`KxCw|^DY9E= z0M5TU0Ph`zSxh5$Cr&=QNo$pqA3UFDe}K3AorZcC6|5I|ZNb6yl;S)4${7s_OicPa z=N#RV$tCK!iV#W1+uStdnyyX#?MMw>rKX?df3DnK1lWia%t{Lt;w(hjwM2gC%WOFr zi-lT_g&)OZZ#EtmoHAIoKJPF}fSEp0YTcR0^J8_#I5SRPqN=S#`!1&b@jkgNK?V3< zozl>F-W;{TXA?0k;UiK|%HwS;AJeb|f`hlxNmdEZzRyBt_a(zIYqW%RO{G?x(b2Gh zj1P9Zey>W^cqAU8bZ@MrmmabC4Ef4RBOZ|+0%i8Rb?X&-iWw%#l$JWgBj-nuf5#a- zs;Mg_+qZ`zMUG1HV8cob6v5v}4~3SvcDYv^loyk-N5gLmRKQa{8` zu)G@G!7V52OMKGne`b7J;@@tC)T|lM0wSig<;7#UTk(4jt1Pyb9crb5VsCv+CXbJ5 ztGd{S_P-IzGMs!Y4~HK*rSo=BI+`WQ6dYxbeX(|tev=kEJa^q)&ECvOEi@EwhQvJ!W+0W=e(sCR{(RX^WD;JiSACsk~CQy5bf0KahLf^^aMMP=h)Hw|{Nz9qvKLLPHpjetfO; znd8VUb%E72dbV}XZ}2Z1_`&{6{_j-jPK{xz9e_BxG6ubJ)(!G;My5a%Q-6PL_PG4N;cmuCxd2N!{*?cnUW^p~BbM|}@lSS(Hauyb*%8ghrB`XQH5w-?^tG)3^L%SSId9|d zhJP|y@fG?Ix>J;1bMekb$ya-HK2-(oBk~lcLdk#DtGimMLR5%Y0WP+f{m1q3U;n?B z?D)lpNKP12wLe;W?wx*k^*6g{yZ7GhAW)=H7dVLDaOGz!JxECV;eHb4n*8E_*5g_4{flb)QEa)gIFrz4ALq_rS2Ww+&;fXNmf-!qJ8^v_ zqk(+zLsHB0msGTeYI8QYMZe*nbEUaJ?En{$1ia*CE=Y3HclF{tWM7|%Se4ALb0fNO z)~$gV9w*Tj3}9vcw;5=^*CSDIEb zTvITB=%gInWP#b^I`QKbl0nK02C5eNH)dv#P4+R7a{iS^SR|ky`sT6Vh+;+~t`R|`nPdjS7$)igPGJkmU zztch=4W8}wjjy18pvTu#<%%BM7D4_QTzf{#KNKGt1(S*eYUM(L9H`+;Zn1{Yf1OJI z>f_Od*AyDggeu1&OMO!j{tEWLmA$9XQd;gL){fITJYTUJ zl7e~Rio16eq?Y-=b-X=RFf8Gv&iq*ovT3k578YKqoporu3e?*1I63HUgqgo3;o73_ zIkY|&yBGVPHBg@)%>sfq`}at+TSYp#a@JN)@B>Q%((eW8I@)!%S43laNg4BbawM+qXh<7eh+^Vc9@ z&$!F*jh3H!v&Cl}%-qy{c6H;f`S&_eH zR`E%wViu`tG~Atz2=+~+LgQStL)vhcm~+bxGK* zIgXpvgI@+D`xn(9GrkfDsMk;Say0UOz>g{3PgffRzTWu+{H+nMvJc!?Se;4=v@PYt^+JTdcIcowlI!IPN8W#mc6${Ua)v z=I1pFN#dNvV)pPNutfOf6StMU@kLPoP!W`5xvi|ei5HyY#vn;8i-6MhjW8^=gY90C5xsN_YDW91#tM}i)T$*VB zby=^Ci+It5;;U^D<75?@Q~%{Vp1!B3`|W51dA27s)L8s}|@P9;FDkM!V{(BgzE7tMJx*GVzblfC=@}<1DxuXT+5dFtIq`dFv;0Qy>{I&cULONK zlH%ojtWj%K5GR=^Xz4w!{XVh|F~2D#F+cTOnGeKu6|{gN-g@e*XwS7(qmgSjyq(oB z9Hnz|qaEWRSbY8eV(hEKntcC%&5t6Af`mv3h%_h&NGsCa9V#Hrq!}?Rq&udhbTi4p zh$%{U3j;=tQ3Dw<#x^*QpWnH@=l8qL`Qwc10Zm?Dg@uh32t>(B)Si#Iu6J?LFbI7xR!3L=z711|)Qwu4l z;TY4d1NWtY7F{6taP4{_8u}H(`wUlvqqAo;1recwhoKx_RJw;i1!>id)~3xL7jWsv z5Z%*lH-tXy%xa&ut>VNAkD(IiKcShQ<(Vs<`2vp`VnFJ^{Yb?ol5ZtB6tpkfBcH>g zgS&FKO7jlb)aF&iylL6w;c=$^XOi=;pggNO0t#&shmHG^qch9!4S(AYQl|liTigt) zB83^zJO`eDiZX;f<3n#QM5Ws&_baL;l-t;!=i$cqMPoa$@SXM3D*c%>t*}|&KbO)R z!*X}lk8VERNb!~l%Q+)-OCx-JrFC`>ZB~d|dYSDq&v+%}H3E*Vo@VPrsOLbk%F?J<3=#k6+VJ3QG3822>S8Vn;t;%ZgZJ zqZx~slm#)nIZhfT+IU@JJ{M{!rV}yc)1SdWp#P;+_X>vU!!T1yNo!cgRHe z@FQV(O*miJewE@LgAeY_x$VofONFR%vq~x-yobcqrk}&N;2v_NlqU$~5rP^Q`)Qas z+zZD$cSo}2k-}k47V}2En>QIpieq=jaF$2y?QhGEJPR%!qFfwdyQ3be9OrvI>c{gl zI)j|IRlSS)cDw%SVVwp3tMxWx;NYI3L^Lm9?2JS<(1VE24ExhGX#K-DEffc>yRT`= z{v5*l)eE0l&~EV^!G%U;kaPNIH-}`Pxq-_v7R!g{iSw%JDv*S}V$13lXDhr%weme= z_EShVGMDwxCX@7JepZ4UFgmqLsK0S#LrFtiHAIR!5iN2LxiX@O58kWxo>kbni)f39 zJ$d~y#3_KV-#t2Cqk=9;BgKzF82GDUG5#W>1Fu5RvIo@ZTmBZ@f4lRytABsj3k>oj z!_LM*S7@3YP7?|)ADl`1JiLdLJ|W#y)Hw_b@$S3Lus3MXU8B(+7%STmPnT|q(dTSzi-tFv}+D1M^@qV<1@q;m?;}!L0 z5u^IRX_M&GH)koObK1|i43qEp*cS4Lm8i|=_A_~uXqC^2?o&lN3ARyDZ;6Q*iC!u$ zmRGub#M&)H>)7v8VXT=V5DmWVXXT>3=FHD3F?jjZyma?5K!x&pyksxoK;&i&Yf?^j(yO;o;1ZX0jKZm59gy9 zHh|xln)YindS;szsL(X5e~n(AL%vwL`;&kGD>n&>dl2JfzEFV6X==ns^}A(f6pIWa zhwv5&W>C1X+=oW8B&tuElA`@#xhi71vh(=TY#1cd9NkH6V*GjUMwqC1NN^Z;t^1~G zIy$B7n`PCz-DghH3MKNR9rIbd!<_d&S%_JMZh19x_~69i`tHq|g1cIFR4mmF?X}!j z_GNQ9if_NVQI5R(rEwLT*WS)dz??6UqQOhBU93#??$Zig1G z?hR^o{iArZu!`YSfuqN88Vf28lGhzndn{~Em0ha1A}>|DVAb{6#Q4dP)w|Mw^r=(y zy4vHaeuvp%ysVq7L?G#9wAWet6sEU1f;6&a5{x_rw9uwc1=Gy2TfE-H-R0{xLZO+S zIDFhwJ3ny3xNy8L*W8ZMSAYR`(WO6$+cw2EPiP#6>nISSIhEzzu&CYa+~tgNYuaQd$QtEODuvLAII>bpd@Ftq0>Zxh_Dn~CKS};{_vlXJ{rAuSdFYr12atA>q_3I z(Kt(r`IT|=$$fY#`bQh0N|5>iBW@~i`6ScW`?Vm0XL;eL6M@-BJF>o7PSsmz)Ww;g ztn*!m0<$$`Z|`a@_w2S_NJ8|)=udxpOfY=-rjKzU2JyB&muzvtWynP>kfS9mrZ~hu z(bWf?*ReV7?Wv}iPe5!vx-zo%e9f|53-0%56)s$VF?Xx;_kGL%;amp`o zDi$<+dupZZICX)bG+PseRI`3RQ)#9n+Z77+WD~|nDc)rIg@z-BhJQwYeW!wV;Bq|1(Ro$_h`2AA@>78e&n?pHNKFKS4WI=o$DQjtn>~}2NumXrG}zJf8kbzK1`%Wlq&dyi&w{cg-xU-B7ZA`?l=z#lc2umv$0@af}8 zjG{(>?^$t^DXd*l7vuI$KK>}Da(|bYY3NPbTEz=P=%v*BbEQ?TFp^%OB8+lY$FEhp zQG39$1v`RSaq>0crbm)oozE%kh41&!P(vc+hHv>YcgE;ei*LoPdB^(DIl{*LaM25= zFWIf+98KAB-EwS6qA8*IlcyPGMz$i3aw1O2FIfp*q}(tLII3?oBSDP}4r%QmNQGPh zy)CEUD^)xDp`%g+s|@+LzTuq0e?~p;Qfj9ICV+;JK@mNOVXqAhpE;G8IduZmW5ZsP zjW4e-V9Z9S{*Jx3|4v%}?PP5tti6Xo;<%^>VahQ5R2SRxqU?cBs0{P;4&p&(W$B+)o)|Hv*n?CiwBqnoKq8 z%xg=!nFRK6T??-6qz*86kNLTJcmE15W+U+{JipVAo}@z!XP(AMAG;l`1~^QB-_Th4 zyV2T0o%(k*KIy|r57(@@x|8$e_|+iQ zf7b)zY!@v1etSTu_0Z`wdzz7U5En^4;%TNIvn(Xxt*#w1^sfDo>^%6yy}a`wG zU~W_5B#Pp-&{I4cbSMqr2Kt7?V%?w{pS1M^qGkD7!4OB=&D%VMTIh6&&~K%~ET-0e zDd*^0y9r~1*1e`hE& z`?mc(4-+w2+vvMUWCS-xD$HL6(qCiYjJFhUm>(7TELeEYlqB4LEPe*b(7k&B#qiA2 zmO6bu%h=fewL&)5_`;{2cKuyypRiB?F01Y7X=5uJ9tU!jP3%=rPF?g)doKeq^fZ=t zo_GI=(A)6BMnX!F1a&ho1Yu!O82IlBPa($UAzA@?C6s$bH)g9gHzo6lFx75~MRAvO zTbilwnWQk<=l$JRmg<7EI|D0K-XV4mJDWSA8J&6ugZ)wY!d-r{PE8lJAk%_gVQxJkrEL57A%6msA4FPTYGz(hAhhVPq7d53RT6k|*RSzS|)DS$Y#O z#W*ZfJDgoCW0Jcy0d0K_M@d&%=1EPPMH68vqXAM zLbiQoc%VnlEq9Fn-K2^ z=k3tKIPo`CIClqnqU}=C97$ZLt=$yw8IBlNLA+Jpjx#YdFNj%(u*uHgXej4HvkTmY zEOD@dtvxGM-^q z|D~-$I|PQiB^DwS%KwWf@mNO%3h>p2vtjvMJQbbT zy-8Pbfm$|9T&?e;kN4M!#^69Ion4AN=X%)DDb^Ui%Ldy$2@?LpeY~p zC#3cjZ;CMep8jG?gRD0SzobyYha9ZuJ#}K7Kvh~Vw|{PQgi|c8c~-~||BSidK$ZCv z;^awPM7QTCsrEUud8mr%++DrzKE?z|%l0=dmgxHe;~ld1HrVhe`r{)frkr|c=x-Oj z3%TNO=A?8>?f#x!jID2D`X)r4|Mz5uwgwCT*R)pK`qa%|)R)2(l-5~%Zbd3Q04HY? z)-Sra?iRG~b;cA-jW1}zkzZ^OIFqL^(WVJUA)i%zTS=QH%AWL#j96F_swUbQ^ zW>t*?OYH=ctyJw4l~97xVzZG7Oxj-!BebzKU`6eu4UP5iJq%p*>lx>x#3iC!W#q%$c#jaFH*a~goN};LHV>i!eyI#<2kW#ycqDg)knzMYtDuq6 zpi(G5>Y{~E&_u<%)6x=omCtUMt-hhrv0w5il=SNRJ5ms&b%Pk#0Snkq|IK1-d57=7o#0zi$s_itj`0* zL}3(eyj>}Khlr#0nMYW6&G%h}sOX!RONQmjKnAJ4>Q~?D zc1BG{l)lK~xGeHAN@QB-SKc(?JXUV!PUdq7CyPHUwIRPc{zyOA#kN=g z`N2i6YYf_8=3z3P8BMnn-T_~4hyBn6OBWyqtplAR6HHvgI52d7?)@SXK-r1TrAvdbfLxZ99U$77{ve5cHrhGH%^v zN6`@C2)13q-#7m5jH79hHNuNUst&_>pZ23&pj|8oqAR8iqkm9tD>2!)xhirN$HK@7x$d zhYp}D`kMtFkf~$ZMGb)TJU8U9)INWE#I_K=@<&Sqg`_2=DeqBPmKFePp2)nXsab} z`O7~rDtqot!u*iK0JoRFc{#>yZ+TeVYZ<}lAcw1vRbhJWqW55=9Z^+3c59`#7vvf6 z`I?II6E!1j-_Hk`LP*ELfQLm^L)IsvA44w+^ZpYt{UN7b3!tpv+PC*5UnUkXO{2XaQ6{2ApVlX{g{#np!MxAf;tMUxit zAZa+GkyNwaIVC|_G-ZnBi z$kS^q=QGmHqUuCP1#)Hl%kh3dk>K8bfL^R15*%weq%}ww+x$7B*pEHY{6dm_c=HR~ zs?gmac}6?9gR7OZxU*JBkZE+bHal0OliiL`W%%_?yH^DHb-v-(`+`X5F2iY5-K08|l~%(w*cS|9ZS4GV^oAxi=FSEOQ%`m4nTEJa<8( zgIp(b(4}|&La7Adybjl)k{v$y)`MiUjdVkVZ46lN2GCryP-}zT+J1D}U+5HZQAUu8 zJ$Vf_UR+cZZ;uCf2Pn|ttRdAkBID@1NfuTPsJzNV|GybV1M5zl1>_CKC$s{_;P$qf zppeXTuLFq^Myf*Iq*}R&gdT!0mNpUdpxT#L$&wd(!EqM*qnb_R?W=_Ia zZTd8oF!@Zzz(~C!$cB4XLKTu*Vfi4x1`Go%Vhr9XV9w^3DMmP_go(Ssosw zG%m{d>>@(^mh@Sodaz-mIp#8aEXRR~S^6iAc;VdBOaB$ilU^lsUWR`xY+O4Nxy$(t z_BUkDd4JAb$zZbU@NJVR?LEvRg-Ztg-e-#%JI~nzH`39sZJw=v*NPxF(oCk(ZV0sv zes~Bs0&B;M&TjegRbLc+US?RY{C9db^HklpLQh<=iKjmN&eXo?6N^ixJy( z9(ME&3iOYuKC=7Y`<3xlfE6sBwgZJKxX`S|RV(|Mrc?1xvQh5wm47x_=U*!>eGsRt zZ(l6Byd18iM8vV(;~#%3Bxj$o^ zNYEN_i)3l^^or|oQ6$GGjzAl0D0Q=Df&jSk{VdZXhb*pzg#YnB;O%UZP!w0P9voKu zdl|8=x?=4mN8m;>T2M2Vp5}zecwtsIl+N$pSAXX>f*D@p_Y!e{3nR~-tsSmCzSs2* z8nqh0ClM78=-67%`Yhz-=K6Y9cSq8)Mla}eARmP+$-5}p=Ilm^WsHV`#pveTGlBX5C7*tRez2;RIMMHY z8bl`;u3--GNv*R(R@WzPmO~L3_&gkZu1Hffxo@tuM%f|YAzO5A@h>^`agJf#P%bV6 z)7^*{`12`3-Gd(<9p?K>v)cc2D{IF;}#J2v?}AcfEP&xb;#J-hJ~e!C*krHi7V z-3Q_DZDbH)y@I3;J3fr^m<7zO7ZL@Q4QCFf&-2VU+U*Y`;pVNmeSaFgvR< zcF|Z3U6Vt<-b`71`Pr6(!)M`5Ll{u8fJ&!s97h!Nr(1v&Z7CqxDO8pFN*#J zIpfa%3y3|AATK=5H&b`z)e-|B!2Sr~!Sl`)PgecKUlz;P^q)I7_)d7x;yx(fgBcyK zaE!n9L4^bnrDL@g3Hias=7oMhd{Lm?wybV9#_DV^xE!*KxKZ!7E#Woxmr~^X7coCq zrRmcH`gF6^{kp#*5Po4D#L2DGy=@GK#ur|`Bmppfgs+z}zr!!n ze7^*}7=J;^8ywMx5)*T69qc$|zr zXFXF|&u6fqbISHwKPVI(mPqEV}{r-hAM?tCB^^g8d@U{O=Lvp49SYv0~H3pAM-`>3pZy;SfS1HZB9>bp<237J_}>@*Il7M{hxP*dJZ9HP~M!IhuHgdd_pa0 z*ApCNHZPu=y$u*J(x)OwVyL^O34QwgjKVtpZV;&9h^~CX=Un8^ypD_>5aR@ zxs_9f+(JI2ll}lB`fmC%7enu@K3I+NlYTEz9V)_7YK=?OTe2*d};O_d~Y2TbN}@FZMhZ<(;9J+ry?bJ^RX<3Z!Q$m1T7JoxX=xeg1*7wHS=@UH~uG9{k0QA zNZ{bmRkZ$Q@bEQdHgUUgNd|GM$F64x>5d~$Db3I=Sn9@1aIZc4LdV$ztm#2+YF<`= zpGJv*80jh+<&(V2Z#ZGb7i_aVqDMMLG-t}eM%yld22f8@Jxc4=uvX#QO&O= zT|YX8Hnt8PWP?83p+Oi)G3J*n4}G1K@!?DwapV7W!}g=SrHPk6{@HwZ=5rVNk<3n* zxeHT(-#ElRRkgIbV6E(HHU06MNWS^Kwn(|{u`g~Yex%7}in+e&6~pXEe_AD5mDnpj zp;r_yzLEF~u>a>{`JNGqW&?5{n=wRW9T~!A!v6a%^t4~`Xw%241*xvIq17>F$>GTy zePDXUD#*i6Ip8DNKk86F2NbNJ`lZyZ_zA5a+X_G;{R`Xu=VSRk9cVr@`6Bz%QqlF@ z5#cBQ&qfBAaW4PQAxfMt7br~9ABoICe8J=n7~y$h+3 z8g%e)G?=ZV+zHX=TduL;lTxQeSOUBEZ z+N1H^zWMRERWL{^c0vEyjmZiZ>k{3GQG*56*wfbc@mQJy-Rv~62D#> zK}E8kJDLelA7y=|u9=x=aD(bw6x<=wnq;G%#kBYp==w7QOdEP|ra!B!#*G_T=P+Hn z&B=KYWHLDOT0+iO^P$6umWWnK__ySt$=m`hlH%8dSG?=i+ZQ)cB@qQ4-UGs=iJ{ih z;>P}d;!%xelZNiSdK(B^e+#vft#UdU6Y}}_5x80Dw(Gy7i_NR==Jk~=*o>F}5|P<0 zYJdHoj`Z6xnnNRtAI{?IGP2WE zEv$1%dRmlbkGr&DCvj=Mt(N`%)%HU~R-0=BY5f8Erk1?jZGq|d@*zX_ydA|?t@jt@ zs|MMot_3?hLMDnB!|2{iw=OWQ#xeL-wnx^=`gvyjW-mI~m}`PmI{;8Rfqrt026Wqp zgF>W5ym`qhyfYR)#)^Ta47B-m1z1XWu%pssih8%Y_dgk7hq9GCW+ga03w%r}TtcR& zkW!MM5dX+ct=9%-T8(udMJ*=c5WX~U7dmdmd{@ru7D-!c0Cnyp&o}rA?SeO_CMjGz z24K{p%L#c)Mxb}|nN7=YN3#oh<0l_@%kEb&`E9vECDKdQ>tMQ(3N2Drxn{f^+m(3* zU{M1Y`{2Q=ookN2W+}eKfg*<+^MU6>I{!f3Ps*zk({0faLBAa}#NglFyGphxO&{*u z6}UJ$Fa!BmF4d+vP1ty#0M8K5a7RpMLNwo8ry;TRG&F5l_Fg|zWuZ>Nc8(y2)V6$tumIza6dJ|4#p<_~43>9aIs zNs6ostz9DC0DeM=>i6Nd)8IGmA%8xFNHHa%>C(|A&7uaoIcDz$9EqXM3_6HvCclRM zyZbv^!P2~r96uOYDM%6*RczvK zCfqCFzZ;6fvTa1sxq#WG1n=vxcJ>nA2Svhj&zM?~1||Umnve9_ipRpUUEDX8Y`=pIU&1)76rDMYK$}f1$Ot@AY2NvOinr92zy^%0 zwF(f0gpv;jB0Y0pTCaSvpCaEoIj_*VAt!=VVT#&JtOm<+1kqvBv9;FhW#*I>of6Tw z!{0tV^nvBOxfC*?F{^+FsJGi;{@I?_%&BPJ(6kD5>3GlcYEg+R5J?}l7|HHsS!v+ z@v3Nf*p91hNZWf!r>eZ!eOLK+{uxfrKl5Y+EGFimXP@5evaZ`5jp`779156@X3no> zg}2K4e#CeCm597+tAXhi%$MjI4WzV^n-duWc2(^aDH)q>PR_g-U#xUbjleMOD{IY7 zZ+Tv+ngMpDTn@3b!%h)ooK#~=$V7?VICz)z?Nei{)Y12j%3$wt)>%W7XT+7D$P>d# zSkc(YxbNP&Wl%-1lx2O()R~pp^s#iZUvt~(&YX(0Ji-V|W8@Mr&mWc>C%GoKwyUtS zZ8or%^5HZnwzhO@zx|2sVL2>?D5_8J#P7bE;I$hC?^?uCF(5z8?jNrv1?>Z6$y(zZIsj?8O0-WF#K z7`x$4l!E_AI$2x;Z+&F9XAmoCOgL~{nG2Btn}(I#aipDAgIIfp1Wb%f!Gnwf4#ie~W=qtI zR@^)s+0Si>(%s3_X$$f%p`ELC5D|`>90k`%A#g?q8|PQRt2HMF`JV42TA!)ri3CiK3lqK$~V5xySjuYSg@$aH1yALNgKsRErpcf!=cRqJ)y*eHlND$ z35s=qK4ZjPB>8u->=oW@*H*}wJg;>%7uEx?>B*G z?2D8u24v`ZLefr-Ab>-#-pFN&wa1bh9^~bDUTf_pz?7qsFq;ACP39&JIZXx-(r>!B zVL1D8-&{O29p=>9tiw_u4V6cM9<*s;ZP5?x&}!B8YyXr>+bH)#X3gS%2|$ZTO4^K$EF0dKn^mV-H4 zD`m$kW}~YtuSa+KEJ1c6Y?O}+?Rg0y{-`JaM$C9BRx6{A*RK9??ZZY|s>yTqx|te$ z;PG2@jg*hIVGAPOIe}4J*_>Pr^{bV3DA)Ai2Q|T7<4;zO_9Hu^UtFvV&_-nO~ zo!F~j8Jw({29en&M0z;#q@wNQ=+tc+pkE9O`tL6vh{N6$8(pjMW;gs= z_feWAG)klehOqPo&L#=8B+ap)JD!XA1*iq}U6kuMlbUpiM- z_(MYHzPt)g4C1awK%|&eVHBj?jMNcK5xa|Orgk)+hGm!JHxug;(M}&PF|5Q4dwaf; z1Ez34Jq{dSn{8Hh;)$BGm4$%O=Cs>O5zKD*rbIah<9b@X1+|kz7ckD~|D&~X;>^ru z4pJfx=1<@0uGqis@nj&le6{q}>Q1C5AYxdLXCV&SGXyzOAF<}IOorUF(8dR<@#PX+ z9>+L0qm`_wA5~$Uqqd%=HYHD~P4h_$D|Xj*yeGsBw-=w#*}3jx3xpP0)N8CW39WFa z{mzpKY#}B>WM0=zif%A z<5#4VqQ{L^QhkvDZ4Q!tOk9>~?u0_mFIMaHu!ac!g*bfE=(PVToD4Vy=lwcq6^$RQ zkvpqvZnWV|7+I4FHiUnl{h5U3o(@&PmWR+naHPz#YVQVe<)xD-GEPqlY;-No# z(SA+yL`BK=%IXZ4oja^QFMK{&-;8w9EnWXj?f9eth8A&u+3fkOJcX57t>&z zEUd_zjxJeOe(C@n{Q~&HmBHy2+?d9ja^(3xz+&oo@ijWsH1owpw>W4+L?ID2&BuIi$7@2==4YB~^#m_i zQG4kHp7CVTj@0Ga^ykz@rk9n=F`y*32Jq8Fd>-6^Mleln%(>nCiN zBiqKT1ONy3-1&_YPcR$k9;os<01pc2U#Bg0wI0w#7eT)(O6qt*}djQJaEQ;!?1D4ps# z90dCF)U-GLtCw#U$y2Fsz2JCVP6q^(>ctDcRSv&z*6cZswYHh&klm=~orAgdCqKDg znKnUV7jV_H0yc82WY{vDQyR~Yd~UE)-m* z($9zBI}s6k`TeW?HtUwzqqj89Wec8}=)4y0-^})MI`&WH`?>EA%q~izq-g z$icZQKL89mUp@7T#vt2l*|Hu`gfjFE>6!#D&-;shL|_Aw9QZubq`#HcIs(Q*37(Ea z6aYderk7QYEvZwSM2{-_pD%ZKl^`ri=$MDQvuRzmSEc%Yu~PF}rPYk+u8j=*!dq#1 z3SPdZ<{~&#O_)d-PhZusg=8v)-o;6`CQCwds6yC>4Hf}9!lyq&a{^dQuan3M*y{iu zO+MoKq2uKt-z}$Fl>YnEciV4iLzhnA`E5ptXr+4wb`tZhxewaP)I;6qh->yW14MtwW3xG;z%>qN-vA{Ly-wGk@_yQo%0^%dPb{ zQt4z!Slz7+u?yCd%rzh5SuIpRU#5*w!^Wr=LAR|SdIrg@P|n`wAjrj#NLexh1>MxA4TB2g=9ol?&~arcE%PkCF*4Jsw(t z0Eo{cG@sTAk&mFs7AfRub2RpUMHCKioO2ScCS7tki~{Dq0kEa>WmTjX7K1Cnc)5|{ zU^;wDV*0@-m+!++Lr5YXeVzJ>c6c3~|>SUs|UG<198Li~XG&a`$qjc`;T>A8ru}q9N2T!e(AZ_)Q8Kzx( zI*!E0l}*JF_$8LiuEeo>7LDgE4T^7Yrt8~XCbaz&J#-ST8XOL5=qp@Z(A82JMGN3F zF^xW+mZ~ItCQn`bB|iC{2m-m*#ingrTC`Bi!Y`vDrZlb!#={fZ#XH zbYRQ(5hwc6zZ&Km#ytR!QC0aH{Z8rVM(21zB(D9}6V2kxGUH2KegN`{Ef|mVec1P$ z%TmiSA~wFHR( z@6j@?4!o?;Kr;g2>wiKoJbhyn7YFLy{Z1`)sBO7C z?|z%U?j%V6_qAuO-&p+EfgCIt;71m%9vU*;+0b6@18Kd<+%Rs1bomu{v1AxQ_MH?5 z)m+jMU3l3)p(RHXv?>6*TGB96NC-d=e_m8SHID z!K5`y=djXMpL-^Kk7o-EQ+;(+Ai-ripT>)yUrwDLB)inp($1_Az5+X$#12S0`l$<8 zeFTKKON*41i3gU3B#(x5$*l)~HHFNaU4-`Naw3{L-H>PZWinoNPE-woRI{647+Yq4 z_EMN9V8U-7WVqX)sewObl;JTvd$UP9ZyN2PoBgs_oeH?Jv##gF6%nNxyDS??~*?#R&Wg+7<}WdEwL{K#LX zNy{OySb82gz3esR?=Jc@Fgg#$;`>N+UcUY1RG(}%h5@`)Jj-XOu9p~Zf~!h-f+$zG zpE(4?wDQ?cI<2?8vVB63yN3LF30EX;;9{`4xa%(gR z-I!%6#8>!kcZY4YUf8H!qqp)$nWGlcP|l*u}N(}6Ns#Bpwg=~&l-xr;rvxPdlf4f~bIET$!o%iyI)%;Om!w|k#lO-P+ zeQjF(`#wVLgC~33NR^$PWNA%Eg#sIa>s$n zT8M9L+(WfBw*w_=0r638lvn5n0R{hpiaqH9j}VfDgDCtfV9y$%TPPoOo9OYX@M-Ux z9#A}a0XkTwW9|SdVHLErCV0gfeR?bd3_oy#;T`l>X-t6QPJer0{I7Jh09)@ei^FV+ zauOQgSORJIqfmHB;%q1hD-aN1{b2m499Qq4L5myQt}x8%8J=XZH5@~@;8~IYl=_YI zpG*FKg3MpbJ~aILaf^hP{jA!Vv@bg$5@`PVMeBVZh?duOjJG%z9vex6JxU+lpq;)= zwarJ%k+g9CtwDDx8jr{ww}Q~Dk>iumr#bs4w^zwW-ah?atEcN;9>l7?l;1azcKonz z_c>0V-YsJEx(73JPF{E&&*!#!b~dLw;HGA6)%X}b*9NoRRWi+hDA(m^#p1b^^(=Hb zXn`7bQ}8DIxu;vrcIwJ`!z8r$dq;i@Io)6m*mami3B@>I;7kVWdRbQab3i8W11wa0WBw26`6xkojfXd)qqnD$=73JUsD40phtVY& zh+Z!+Jf4bvIE@1?#(&dVc{r>;1Tu2A%B=!!)*T=ufQ8F#C;OzL_@&){<)yE2LItn{ zuC1Ua*nnC*ifQAONR&53t!GykVZ+A+e-7CSnH%~biZ%hmDD@9cpQRl2(}-Wz^lf*~ zOkIW3O*E(-p3gD-H9fUHho)K$m;)E_A)8P0l%gl;%RY$sag>z#8v$_@+RGx{FJ=b8 zZH}jYa57`k+i3uij%{wVL%MmV){kvIl=-VQ%udlPR(D~I#Qh=}?wJm#p z7Dzhajvw-yr-Xf!k|B-kTuPhldYLW&C*%iCOHT(*ETy=5mK8m%@qzUJ6mi>6=_Rsl zcQY+Cl6TbikH7VA21+Au5Iw?ZR>|qKOEr;MXr+&t&7IsM9oDPIjoy$1YcpN!(C&2% znVlE!!!m6$1R^1__fbr9a#QrP7J^v7HafFgAVvD8$Y z?45vq&=+oU$YD27^sLVy3XBQ^V&@1X-UE zG2K;ib+Ly`LsTS0IYJ~w;`R5X*{x*tl9CfftG4%mCz(l``?#Qbu1UD)TF?k+8+t_Zyn8YPin6YYD%pIxYI+Z^wk6i+r5wy`UMDU(^5{QpP0- zYRcs6^39?u&FZ3S;|{x0&_C2&eTGAsMW$*-=oh@RZa0hbBOeIhtvdKM2d)l0rFnC) znyLRfK-t?Z(2ZKg5@-%zQhVEL8>y=SvI(KjL-z%EV!o81(6Uf6qni-TPPlr~^59P% zxZ_zZyOvwa+}nblHhN+4Rw&g=U=5#LE|`+j$~+~LJh zC2Ykppfn!MgMhK8P&!JORh2l|wV=}D4kb&HMhP0MkpL$>XzMDl>EB0bq}=j>K>XYy zVB>n|1X45$2De?Le7nk+j0&udL%gf!lc?aAO*p&U^(~RiC^l=Z=dz)@H{i-Cbh&91 z$=ho2HUdTs_6&*WqvwV6-6m!UB(bT(JAz-Uc?y2KgAIbX(u2(%1IhYUj4MI08QI2t zXiyG(1f*9Cv(jnEqkn8EnOUaoKL)@?%XUu6y}RqF+((GxTUz$o;u6tN>N%zb z!?!4(m3DWc$6?jcK>T$=4pgO%uS-<8{yRhM+%fNQaZlr|3)aIL9IssLq)@!TTsPyk zSD@pXq~eVjcsxBIm3m#~S@d%eQPvBx@!Zz=soS@=S`SzX_v^Zgr_!`jXIoS#UE?C@ zQC1xpOHTJOi7<}#j{o`^40D9V_Dl_Dli9UJ@K)?^d&5>j{y3Pw&}tss`qN)@ZhF{Q zS=L^N0{<@vsB_D=ALR8AQ)c8k>{?o1Z^?Q$!yHnTWaj+dhV8wzLZUk>XYid(6wF2#J#3%MITKd&D(l5$*sC{|zSbU}j#8YeWHkd?u z#~l})I%qdJIjW*N?M?AZoiry7hI%RNj0bT%>5TL$Es79ER{5(Tzt(1G&L%&^TPbKQ zpBvcUw3x?pdQ{0d6e=YdV6btN$yaj=S2$te>P}0QhIv^c`Hn&`mF%zNbm=y|=+G6J zm6cx5Ban^V{4h`PfN6)7JU0qjSx^w+w<8QFf@ zDIGd({n9&ip9W}oBPUHaG44NqMfG?pnCFma*Ot5!1%6mBFL|GP%JSYZ08_61tYU%}e$7s~#YwJjm960DB-c z1hAJ=+pxbpz!9p7jl7WH^Y%51igJ{!Va8)7F1!raCd=asX<{lI>C6IG&ed}|&_7Wd zMs3)hQ_s*p^}H3X-7VIwHGE-~>VHx9p5bt9Z`^RYB!nP{o)AH_=tLQ!6I~*DqKn?k zFd~WQy+u!yAW@PigTWA@_cr?IZ7}*6GsC-`b8=4p&&T(AKRoaHz;*4}ZLPi5z3%q= z-7MGZ-c()M4ZGOyCIc}ujn{O)V3_tS4#_a*81AI&zt?xh7UT###rVEnv@<$8L?K`6 z{702S2IP!;E2oM_8U;}DLvHy<DjcD|8!BbKy1#|`DB_JNs=<@NY_RZ z9>!2}c<_~cCW58&x{33>T>XKt<&Cn`j&N7gnY*7*Z$zZM|HzS&8L|VsqT&r$c4C+4 z3oFXbJPp`1-k3fh4UnIe^6Btxd2b*^o5|6C>yL|Ge|85rnpTdiYf4z*mFExxNPrc| zIQ~qN{mL0w;j6CbXBOV$G7O&x!XMf$xc@;XbxtU=>jA*hvz)!`$@7yod6v6*v+AYs zZu-lPuVv|Q`!!lBw$hfGkD)&VA|%7I;*5A8HlH4JZMybURr!l{b$e+e9Nz@s9_yFz z3_VX^BM`8=h6^3&!kQL?6!uuFOOO|QHO1CcR_~5OO>KN)dZb4T-6Jl5?@Y+=^DJRV z7R-po`hsd`$ldi0cI#a&Q$bEH-Hra+7ycljdHrk&;NX#;PY+DP!YL`);5~)Nj{x3< zXBSmIb$F?e$0dnGcnNyf;+Ku)R%exU;&)KPbeXvKf}e6Loh7xw!ISTSy&ppG3?Fju zzR1_}iXsn;-txS>;t=yII};UCt^tn8v=`7}C8LD1$jTufoifC~q_9;vkok|| z`Uqgm1)<=`sHgL$q6C*;w0dqqXdcp6m(&-5Y$*I=a;t)TZ6X*+1w~g8Iy_<+m7?GD z5)2=c72P$&d496rG5OsYPFH}IF!5*pgW2A7tV z1tTmg!oa7I;uAllXKY|3LTSqhNd5E9#d#CN3W+1+I#qU(YUyVQS})nxSN*nl)A6RV z0s7B$5Yd?oR(F(%JJDvh2BNqg6xkaR?`M)c_JYnIZN`>56VM(DT+Tz4cI1IZ-qeFp zTqo&H1_vOvglD=$_NNl{9$8Lv@IDQb;zMWcGR$cR((7qb?mrAcA1iHLv6;&LlZXU% z!@OgP;pETH=*V(o4yx2CZInLCHp+_4PmVoXw*_$ z8r*iZn}4SE@xajg?a@u0=fL#YJQ&-R@JADl0bGmBL`GTs7me>5 zKciiunX!yK5t{*FKhtvS-xsz!TQ~?FKf-#}9*WJVk$}xMfEQ&10Eo^2mY?mo*maZ9 zg+(3;S^M}73OH^&qad_%YHh{w3H>8`P0zRwW7OL=!>YmnkcWHa zM?VopxzK~m4_fuv2P$86mr|ZYIQcIT8%U#x*Y~?jJXkTOE^O031dNe+LtQsKx>`(z z?X%X?C%rS|>!pQ2^m`=Td}C!BDB=+sH4~?{T|)%?7SHz*2u^y+Kt+KK&V2HdZ$+He zt$e79rp_~*{}^lGk+}_uY9f)O;v9SC(vLFmYv#8#va*ifOPbp8JjzPP! zZaCfGFm)1(Dk5>wOM+{~I}!iPQ+4suH`&>%?~o_yuu1!=#ve%(7nA^$*8l73V6|h3iB5R@#?Znp(fK3 zK+#gCYwKA%2R2dIe9k7v@XaJQ9u-qE)iogSQaXLKaSgY~3NL@|;SLibJpMFzsHn7rh&9aF5GCENCfbAe*{_ zQeWkh{fH>}&k3&dk9pqPdr@V!O+1&&_!6vYPBt+4!7slV_sXfcf|-=wpbpnLiyW>x zQ%|@#*70%20nk*gGzkEkIth4Ko*^?$d2>n`lkm%)es6F*>jzDNv?w9g+7w+R^x1>& zTqu=+-UTDT?jNv9)hZ1qiinH z5IPx?Z2Pzotr2qJZ-u~?7$6>Ae#_<9H0?j1{(UH@deKQMP4(rM_15q=b~1@#m}7pH zHw#_Pgz@YUzQ_{sw17*kf@Gx?4~N{Y)?{ShtJ61HTM_sX!>~fE`9?b!LvoYLKJaojw-QNNd6m)bAafo~|o9_;$m@_wc zkg`Ko8GAuO0usBWMoj3Q%YegoOe1GieNpcr*sS1H<1a|0r> z@?Q2G8HvM8014cDO=zgQlI1@nvmc+@@dFj$Ch=2s^RT6B;gxm-$%oTI9uhL~D-H=@L$Hn!TVlJD+=2>X5i7CJ53Sr17Dby0^kBAQ7obj)y9?my zRS#DU`RSRTcewJR%Xv?Fl}72)>b}+&ih#bz1ESIHcnK`ZPlG!hs2Ras0sJ{OBmJ)Ktx-M1FKUoc1|Q%rdo(Kb1j zwLP&jH~)O&Wp}%?(Fgm1uH8vq!OQN3lmJWSv273#tW&&B8JPJeCGr7ud)&OnOU9ts zSq6i$V~V(GYdx_T+$S?88Rc!YVJ=2Ht$$Vt*V!s*N2^dGDd1*y^G1sMEPfcb3)q09 zg?yQ~L19(Mq?LL&o)oBMC7wYsItwxVT1-}4(fjBndj9@zM6cqgtca~-Pz`y_wa$D5=7J#LbT`e zHIZYKm}G~dS*?%aot5vd#XrQehG{?%Ip~z%*H|QXJ=q4I-NL-Yhncso%dfBSTv^0C zjgGtUi+TzO^EdMb1Z@JYw^u2^#*!ln*xvDLdO9U;Q{Wtf<<00$s3Y-#%*kf#yXd!^ zb%4V+r#g4}jzYy<_~s!{h)vtNyQ34!bNoXA_Vxwu_KRNU8lt(W8MjkPGqPp;;pM6i zWse@}20Bq=Gh5vYNxEejyzCawk^LlWeSF>>c{@fl*$ASvvRvgBB;f`zBgOLI)MNJ~ z?zDMkt$&jteX(-EdkKGdoTOvOti_r8MLme&)&No`%Q_fDtvi zTm$s<8bTe&Lr%nR<+(Yr1CGJ{3&doaC*W!>mTOAkqJq@F2*JY+{zoVEx*r{rIx>((*4?(s*Ih~6-bA0Gz z71j%^ulW+O!D^@jNrCKyf_notcQ091Klo~(FwVlLr&XN3_QagnWN#(ZL5ew`uYv^H zT4u1>v7c9(&SKn?5)3u&deRx~YUwMmJ89cxF&;N{zN7RVH06Rqr$aqaU2D%XQkR|h zMwDP2zG~3Y<@hpnj@Or)JfC||dk>1xb?6I66ynwu8!{ ztUANB6no#zS6maR^P^7+bW}{3OG)H&Bbo*E*Y)nr(a;AqjLapx#FqT3tk>ZAesG`$ zDBEmu@9phMT2GgH^MIgiXCAuwD}W^o1<?tiU-a zFON!!nVjPAT4@%v0niPJn?tDylK?d>_FnAr`#b1;0cM|~$z3V;;eTw|3c52d>&>6- zBa9CcU~Q<6Ucg#hx$>wjoj|NnJB2|)Gj^JfpB z-FW-uvQI%CsO_5Jr2_cXk$>dL-y?S}ErB`-$qfsX3IH9PjO1Q8$t)ZHgAW!s>-BP; z!jh;GI6ZELyAhjaLiW#DoPlcqLo^P*ybHj< zUKPLUWOhWP%6`A1&%9gfU=Q8F$aS0Gx7Goe+kcHtDWcOkd4|k7`%~cQ#wq(?CjR9( zvR>IGdG7emlT4Z^r)&mpg9r|4`?O0=DtQ^uMJH=*!ER_U5U97)9E2^2mTk%xw-*-7 z;dIp5865Yk@f3~eU~BCPjz4`cuW$XetEc}u)Fg`DWq}X1`QLwsxp8_De$-)QoD#UZ zqIk`PM?H6u(+tB>8nwC|iqg^hin0z2YIlS;Bv(i3vP5`Y%NZ;wbSY=%&mJSOVBkr3 zYFSC8!fSQ-z~FPRN5%=@lzEY=20_`E3Sf0uvX`o-;qmL(AR20&WSIQ_P}t|GMgSBE z)1|lA{RvGO$6BcxapnlkOT>npT8z7TSDkbn%HrW|FemwkxLw2m^zP?P@%(2>st#s= z`d3pKN#;)~Z$SjGh20ai0^?6|m!S35A+sVZ&CRI9U5PH-8gvM#{M-wlN#yYA&-x(C zMswt=oJ;!Yhu*{EHQSU*b?T&ye99WRbi0P3qD8>F;_0w1{f}}Bd>Lckvz@!p8Q>!y zn9jHooZHlcdZaT|%1p!cWrDg!TVNzWiaVZQ>!y^-OO}tj$};#yZ0Uy?Q~ZMBEpVaa zx8?1+4XLY@&|@eHH#YbP&`TZV$hRQ4+1pL10gU+xu(a{DbOd6BC9q<3tUEcfCPY-#v* zVdT3Krl(#37%@L?i|L?@HEllPH`>_mPY}X^PukI6Ns^KHIx#lB0xtev)lbY=vddXI zb^5;DY{}KvDQWneC1=L;71G)c$$Osl(%<{iFPGNV2eqpQO$Tq>X0marU+V9;Pjo>R zZ`0P))`LDfG*cMH6m@k2S^72(Z9<(C?ingrVVk!HBhpd)%eE=}b&4iTMq&x(f1shO zRnL5!KXLlHn0|N}4*qWcr1=MYXp@ikdj8`uHTh0*-NVj82eYd6sTtQYiDME9>fW8@ z=5LEPmgkZW6qwf^s>0zfPG9U*s9 zwc)}ZX1O4^LIUvlOt?i07G3O%Sh2m16YXvot~Qr)yP@-rMqA{M4^;Y?7lvP6b)uf} z-_B2-_KyPX1*LRc-&VHcvMl3s%wIiZ<*LkxuH{vzj7j_s#HJKu=vSMQC#joiWv>-q z_H=oYYXTG~&2y_0y6<}IJu2GyX3%)kKEu}Qd!Tv4HI_Cx!sHJ|V;+~h@{{y!w(7fZ z!TdzhJh?f0AWfIuNBt86VE!bsWNkA&#wNc@Cg}Z&!XLIqV#Z_FPw-!cGp2SWu;QJ^ zyL3wNlX0`k;C~m>>#r$*^Vh(kP0jh|nwAdv?8jh!H_wpHGZI(>(y|8jabE8b_8H1wiKu`&x;AHaIm#9DP_yb>Lf4wfYBc zw{fJ)3fK*xw7A-9O0OqFUcMP^j#(s45vG4uAzf|wlDt?qvn2+#a@CWOUV4?} zDvo`^SsPWLav+r|?j0f{9LR0^aA$W?HG+bP`Csw;k>F;qB+BeYOLb5(=N5fZRR+NB zX;UQ%Te=o_%-#%#r`$;f+#n4LD|n|bc#Q;Km~JPQ@h(g*d#Ne8svIZhYDcyz;qov$>>o`#M3k<2_aYo&KB2_Oi0UMWF)x=;pq^#$vCQ?>ghW zSm{Reu|x4l_xaMHoI?AI6E;si8UloyV#+#n5W*N%&m=Ecv_XbDkkaxJaX4 zFTXWxjvMZ|wrllY(Ffy>Gt_%2w|t(ryu6nnOHL!JyXSvDzpf$$X5PoBTsMDkk#sj6 z*%Q)Tz^I{aj`;7KbNW~QSZ!yIonZWbci^?iFGuK%{97i!SW}-vem}ymg3EXbvjqW| zw5_rv#b4m{pW0L0<<1RjHlKcQRP#b*FC8s~ur>sDpNtcLBar=aoIJh! z>wkxK7O)V{81KcRt|_@sA}E`*=ch&+X0~bwoX2-io_^K2xf=qFMH*shfC+rnshLx& zbTgLvfj#WZ`~HO^@Cp0+O>cOCu4{n6L0X*Xv%wwW5%cco9n}K(3$B zHc34Os%c;jIGyue1M@ji_@B;UR@o5+AroeTtMz$gO~!gT_Z*bmi*4+5h1HfTy6&Y; z#^O!2lmT$Nt%G5U`vBlT|J`9*&A&!CN|sFOgI*SzqnZcv(kx~byl6@ZgM=|>v)Rw&XwDpy1WSegIFV0;A{arTL`vc z&Yh_T2bTgpTaw;D#YyfzDrrAr_3Q_kERDO{<~QE#CP#>ePr;?*OzY%`n?Zw@)U-eu zbHt7(gyxkKWxn2TxJ9qy2?j&)1dErrE+8?0&pmGr8nr;UkHKfk5KO zex{bWG!W0n?EPACmnhZ-$DNY7t1h}8r+EnVoEYl_B+CK7Pe0svOS_7?dH#63|A3#K zYwa)CvP-HqQf8QZvv=Sx%rRx+1a}C*O$z=EPdeNsh-mVRsyRdXey7cH5ScXjV!&hR zeWkC%Xhl4nXG5M*X^+nLMka&(Gm9_MZ4R@ZeR&&W1|#0Wj?u~~6oB15#aFn~0xA1; zSV`%56A|fqdqMW&zvJ)t7eM?9v*9>@iSDZ34;Q1Y<_4htNWZ`Zf0lY5m^SYvC?}94 z8=_mylsI_iM(X-ylf3i3U*rC6dVUo$dPPK5HDIKVxHdcFM3w7FTyJ)iSI5tgXQt_+ zY%ZH%zIV9|J*#MYb>Ga<)CSzfm)Xjz6kX^wJ(hRnjF(HxxX9~YgwXKw+;e-|ov>*P z(?%pLDF$%%RSqu|ZkMZ)5G{Fo0M0CN{kuQwYXQcD=MmdBoMr39d}DwQ;x4SxBbjhS z=&U*}j~#g5LYG|axHNm#0YJl907hJ6IFd(OYr=7Xa#Q(Uk*19{G!$Ust==xieXYE@4e^1 zE+6?r>_FhHn@MET&*@OS$PO-s4_@z?8sI{p@a4G`#&~n3i9a82s{Wn0ss8H0UCSd< z@slgUn!F3jF8qBiz-IAxYg}6HOhy7h-fM)u=G3uBm&}`T9Pnj^UjhVs1OAg0lpKTS z`ExuSOHaToq_sl2nH+O?;vFoolHXHZD=pL1JbBb*%~`3N__w3YD~+mEH8n?@e5PTW zG<;jn*4<9?-B_}nSj8pLq2#0X)y>E$`CSQ)5+EaAlWYFeJ0$oU51e(~iaJ;U$_D?1 zkGjQf+L?H1S0b?>z00!&{I0s!?dmJO&2Y9M&;9E9GM0c&TQeUbc^})D-!|OqE;Yc; z148DjXQg&bpmUGTqRFd%_a6J}>z>%28a{Ip7yvj1&Q(zHB7;)6p^WBYMoP|IZW8el z4}MCl`{lC2b(4{0L(OFMOxObDRQQ#Y2(so_ zib$bU_WiBMd~^gzfYO5xg9vP{m&H;XCyvAklW+pR9`&^@baj!6wN`iJF=hNzU28}f zReunjV0cOB5042-Mg`t`U~(%fYHXa(d2Oe|qIFvGRqoMgU^+sl{V1gfEwB3z09K)? zkN_$9JDrnlkylbe^ntWNcCeKH&HTiL$Gl%I3Z_4WcP*pw1Ai@W&wT@E}UXwpBh zaX3~ihFD28y-4IJwl&&M>MT9WZ6NfpYLasx|;4N}_FvXV1Z{P@vLs^0iVs?XVhj0rL5 zL`bVP!ox^k{M?&$p}xmf+Abze&5oM_H=_d2Syyu#oGB^uvt7)DjT0?{ zTcG3dfSex9Qk()nx56Gf(V`7mx)WTBx~cyA$sa4Lfr?=Kmwntrohk1&RoaT^Bz{ny z1Co$=P~hFk=#8qG0RyybHouBGXEwUjSn@38w^cUh-M9tYL! z4QQp_Q1T}RvWEp~#>)iihI!|1@#xcqxxM+lTbwIt0@T(>>e(L71~x?xsG2I#x^OPO zD$h&rOF|(~vG1Cat2-TK?*f3C_+Jg|=1wLZ3r%&L`xLJ;3B&nbPAxGaG2$&?uM8_y zM{xsnZ|G87zfj8i+jm#opWDBue~*Rc$RIWTiuS*PZ{l`}2}F>)F`c_XFyg`mi4PG* z%QK{jV4++*X%uBQma*|}=lOFl#d5&?a%6+VebVSzJS(A^2xW|Q{pDIPZ9(UUE( z29tY6eB|Abyg!%xdl1i^_ z(oQD#+{%~aKPCmtfIpgyyE{<#s_GiCvtaoD)ZlAeBHD$CU&}N7E%^SrsNWEvKe?8) zFezErooe%cTyRFI^GB0`UHre~Kyv~T8DNz@yF3Zx1--s`nDVE4$&vO<*VP#_`@8Dz z-yNv1I#VrFUIzO9(V_n2Ga9dZ!Gxth#ze;G3ed~gTmP5c)Q)BshLFDr@Q@cl%I!AI;Mp@dEhLjFcDi{81Z^;ywbVlwFkVx0^!5GdmY-+$H%V3i5z7voP}o{A42 zi1NKJwck3y7!~z3uB;VY%*q2Z)jsua*h4^r*A)c3co-eUlvW<>+Ww0CBxK%7GGUxS z1V9;*(Vx_AC>5RC#f3MY>{ja-=(#2H{<78ziJtr6bH;cTAq*(>Z53JuYWyXbzSSfq zL`Z4D&+Sid?UpOT_6Krmn9lsG|IUE^nQHST3>ni&Y$*)Q*2@UoVE?axOwj4} zPxVhC8Wni~2<^{H7@96S@8EEfGOiq|vbA09iqg6_y_x#t3!eNF+goJ{sfjiG4^G|$ zX65cKdH45Re6Q0xbDip?sgmcfR3Wd|8(&Xh_G>Pg>nmf=9!N7NK{PwA$$!a~s80U; z1>)4OdF}XxQRI4^xMO~>YuRbC_42Pe;S7oDENLwi*wdAXam4*mV4{~zC&bN*X&d4H z7-MngP%kOspxsmQk%f2?v+ka>nUYe}0nsAHK2;C0%#g{|m#6RRtQa8k%M^C~f$0I= z0ohb`B?KE*l9;=UJe{8P2|)1uS=zV^(6&3=X(PQ zR*!BY;+NiM&&UXV*0>tx)X?Y!K+zuBl-L-yH#2Fg zeCWBqx=7!GKE<~`IZg@ey9pPB2hObs`5Ye17fhRl&M{vd@GIInM`c;B9CM{J-?)BQ zOZM{K`@y{861_Hnxk776*RHwuNg5WxzKY!u*Xw;;ZO#+5ZMh}>h3j^~FLt)=%B=Q_b@AB*C5Mc;t4 zVIfRMD5+uGOk3g5g5au>Cf}zm42aSegIfvIh|#FKJDeSHl54Hi^pbI$F}Ft$^0hPZ z9JN3ai0hMKRuN0g+Yd#m9*dYq)YUoow_4Y!OacdWs5?C?Z~-P51ZN(gz?64?G^buS zds4Yf<4F+aOp7|Oy_P8`8A8fsAmv#dX>Ieq*b3XNJ)CPBO5?cIs0tR~%wB@kFnhPB zoL`BMU#y-fyKr}nt58OvAIW{#`XoDNG`){cei(guK`+%e@cy7vwBZWPb&CVSrH&V8 zgJlE|SJ?}C_bV_Gr2N=M{Ius367%oz6foD^GE%?_A0Ly1n-qS=PqFa5kxWiiWUS`f zE2mh`IBcQW5G-7L!<2iLiBO4EYjUS9m(pg>&BOo3elrLddqKNE23aI+-MbUlRlno5 zPuaepQ@i$p{pq`?LX30s8u!-m0?+-3}TaddZ(a?~^T3BH>EaTW#f18Z6`{u_KTpD6)CjYN^oBfp*pomv!z$`)mr6k~>Id|HDN z+v6#H4fy1^<sU(h9-N&$Q( zV(f{7?}joT9tua_RN4n(l>f8|R{aY6=zar6yNR*+nAm9*BU2c?43!I1jM1#;^^m$- z#zRBi7t}s~wdRrgigvAs>E|h*lWY2mP~X?N8z@`TqwU_4ua*zUKxm)3c4w*qe;=M6 z2ErvNx(~UGMNAA5{w5^_M;D=u)cEAqFCHvzn!^X|rg_0E*}j(@vuvS&4b|R`t}WRQ z`ff%K>^SZ>JoOsz*K)J3PjH(mjX?_`?rmRM zbrL)kO;HKrVTErBz?cPd9vzKG;z<>Qxa8%bv_(ApOWqvUGhW)2mIfaSzw=8rS)Q%Z zFsV02;w1`XRRCIocOptYu$(#*z-<2ACN6G1hS)<6+ST`uBD40>Z6JzJq`T48@+l{J z^R;J>YQ1@uy1`M3by7(pi9g2?nE@f%_ewdnXQ#2Kl5VY!Q#JBHf5 z;&5^3k-d=lzE)a|KbNDaKhd=0tD5$ZfFc&nMSNC`wBm}Mp3ieg*FI-Tr@Ji$=F@to zIB8CXjt0^#u@e!UOP<>{5MG}#DY0IgRnQ=vc)!O;?J~+NH@%=Ze?C*tc4J$1A0K&O z4&jCuEK_yhXPdJ>ran*rsL5?QhHr(4)+v^`O(X&sDNn4MGlAgucq>68KtNJ=Q3s^| z-E<@B1CGZ2Y1WPpX6539NkfKpgJkIY$UXqq_VOGy6Hv^Qh5-CJCrgg!s{}1e_^l}? z{u!~eyoZ|8*kWpnV+w$`{%%muVBMp~F7#H6Ijs(gKtd4pg!b;_Q<~p{dhVlCf9ayA zJ93uZuCaP%e>;(BzdbSQQ?{`a)KvgnuWU3Q1{I{zt6LYQy2hwkdS&QUhD2TRbs+o2 zy<%T%!oOd6!SxM*#J38%#k$mG=We-(DYILD|3TGTM=3;f@$!n;tgxYW@nF1*ng6WC z6iQBkjxtj^7y*~Czd0@WAf&TCpeVO?cZp@QBeW7+=WF`NOm+#yI+#UrTPdAO58P|t zYo7tlB1K7yTXj|y?SJ{gJXUsoVNp7JT#m~W_LeF0`>1o9`<&!rj!7L(Fz)&n0?x0L zh0IPfzU5@s_7M;)iAn5|%P_A7K$vgcUGrG^S*jednL3N!G7$FL<+Lse?yyDCKqiUx z5iOH{hvoI53@icJ?dXkEgyT1RJoHbqiDpq=Cg)__&SpBh;TisI+6tK8tflmvS{Hr- z07P286>oFwW+CE9b)E=m-KF0*YaCI8B?7+B<+igIas|?`LW}`082%zRkobdJQ^KDN zMJBRGB6)9ZmRzcKa#nN+$*W?AhiEm}KLKy5%QIVcxJ~j7ecR6xcQlWP{7;$er#|zv z|E0K3h;TQGXNwZM2+pUM?N!E5_vC{EJ@x-6_bvlIqo4jup|{0-TOB2z;f5Xb`H;{3 ze$8{|HZT8wZZb5U!t23gT~oONBxrCZw+xsR!Q!a~W*w6uKAU)TQhil#7BhU!i*$JJHAK0LqsvSeSk zN1vd3ZQve$rgEkdc~DyEy*cp|jGllsNcXLLI;^d;-!x&%JQ+p7UN=P^-S~Lto_t zPb6<~CJ~zdTgJPP!_Vto+M&M~b@aFA#<<1#9F;7-RfhE+M?B5hE%c-zeJRnb(}Rz4 zW!EWiowEZ6y9U+`!y}aTMAvuzwo9vlXFSO1Kaz5{O7Vy6YZa=e5ph#vL?N1SBhy4| z<=Y?=s@lbn9p>Whs#|T5W^qq1Y{IxYST~a)7u^pnZ3h zV9Ru2rZepH(WaPi-?+E30P%|2{j?}Z`z5TwLDP;pBT??A6pwD^!>#Cn`#r>yi+gt& z;BepLwOtJxaM^j|W+;>Q33i3;5c_)opX%;_kMsCc_CO~RHM0_dJTZg?cmnS82~n!d zIif51IrEsu5=Ilq6np9_C{SxQ?oJls*SvSb!W-MoEhEPU4O92lPF@=kC=3Y_A(@jC zgM6L2;A8d^`d`;t&}L@GY`(8X`P~-S%mm8HjzZvxE7pOs%an~lvPFG6likN#$)js) zU5P^84ExrGA!-rt%746dr27Q>$)9mlqAi7R)po(;zB25O?z@e+-JprKdub#D@j%P@ zk5hJC*)}7r>woXdDVs9_KL6Rmd;RtPJoE~BnYOJxCp9Ql|Afdc%{5YzfA2PSuh_zp z>AWP7Nv*7f`F5>1Ww*RK6A?*WLks%n=rO6eheHkdjqa`8djmh%=!)x)G8d{-c}zMA zw~YDt0r;KLMQE!t$b%Bj3OUDj-=FLEr+*rNmv-H7mEF$@h!i3$-!?d&%t7Nl=cgX`IINM5uBwmgPtWhra}+#YfWAj(C3AA_h|{pEt{C4} z@ZFJ63LQlipw%LfUPZUihP@;n-p_oFtK|}I%);wY(K&yN@JJgPetKw@zFoh1Xt6kQ z`82^HV6`lghwLQD!FRT7v1qcvHd!w9cme(-!|3*n7RUIGRc@_7vr1M-uG{r+WbLp@ znP5Z0{-=Z{ht1i$$sLuANw8(_tcC7lWN-=Ak;yBSuA<(v*B=@Rb00kTpN>D< zgAmYpYo&J}aBQRgk1bp{cbaFUq)RhgEkpNPuw#?Xox{Eg!T<$P@5VO6m-Z}Gd6a64qo1ZJ`V_p zza(*KS}1aTCjIR>CigaeH*^%?D)Qyj4Qu~`?s$==@f(v}Z_4%@z2{v;7z!dC7u*e9 zyvJ>s7)2Efy(MHPU@08Q>4=&IXiXKkjOVyAFuSSvXu^o}%955A{>t&|-?B!S5fd+(ZhbXU->?4+)WTYE?}Nl5Kp489Ao`1tRtSf0nIxt~5xKG}*G z+)uZ#TuwZV75nTWZti)jV94g_3NnjiK;>kRB}hILIympmC)f$j#%4mu&NJ$k0T8r{ zfVBJHyG3}P21|Oj(O3<1TP$u2HKd7sej%RB;L7UpkV~Sb%6n#$)1oz>2xW}1K;V0M z+bFv4Kv!@Woz*ntv8P)PdgDXt6MC{*dAPAl(fiItuaD1Zj31@`GoCEMRB%lOa7LX6 z!mRxV(qEe?+cy%AXFd^deewx^P|tdw$>yzV1$P)!NTqc1{sVUFIGYqn?e8HPij(f$ zKS(XSzPc9&B5T?@7~zx{pf)l_`r^m3XnK(+t#oSLEl|c6(aQiKDd#xvG(d=Z& z>|Nkd0qAtKumAV}wG;xvf5MKl{1fX2M63}H`~cMc1?ewq7`S&Ct66}t7*BYm9dy+5 zmUn=;jR_}A*>H-@J{@=dfNus7j+I!CVj%mhdxFcSQ~$hK0r2etr3qhmr_@hp@N4L= zDoc^b+O2B%rR)7lj|72Ty7Ka^(hK|@->w}s4NTU!53pefqz}_ z!uBrYB1b|k2Lwf8La-U$v7jKQeh=m}&y2d(+VXrHR;NC+=*{BrV8^AMs<+u0+W_Y43ask6H>ZtmD!+g3T^+@W{ z&3`t72tZ9)bO^l%$xQ?%_07fvP{Lm?{PFPYGKL-cC7FMu#F_39&kC_AF|2(2tjshO zQ=cmabn2|lp1n(rTPwONT~rN~OtwTE5Q$8WJg>!EPva5jTZNQ@h|IG>gFeKaK zKYKwRdL-r7`c;v|A!H5=F5Nb<#8-8F9E&ZvJ7sd^S0>d7ey=ZWZ^IRbK_{U~VH%&+ z)9=GzUh+7HtL%`JE5D@>@LH-)cjhra5#F7}OXzzSd~P)mW=-VrUI_eX>Qv3+YNtJ$ zU?aM^gXd95x*CGT^TWLV?aM`S_|OF(**O^5&SWOGL=fg!eb`)mD)Z#VjFc2OXVYsL zs_1mKqy9H$PnqHD4ZEkE3ib*bM>D^c4^{;mY)rqtUua8rWQUx>(-1Vp#~{j;iyZYq z;Yg9!P$z7^{Pvrl-f=sVCO=w`E4wKoYmUp_oJ=`k=XPL{*2QCNIK$7X0djKY$d3o@ zkHiP-pID2EsAj@SEP{lDgzm?bQA4?t>O&?icedwr%FMhkqxlaj12xpE^+gyBooBq| z%+0Pz;%ogUzRSEPW6qk=zu|;U*f{a1=ceV)k<8XFn!>ZM%~U>dqVGn_p;wS(bpA;_z};tgag`yy55w8G*%RAHg#^_cW zGMNcp04@ldK4g&CGr|N6@7=YBq^J}vcUsU!WdH(+df zNjtEu2L?c$h>G6ZOaZ6VmFUR&Qc``Dh=!Qd=KN1hllpT<^|pKG*PaWp_?ofF;+Z5% z6O$yoR8hrogU{E|0RuZYRfC9X3pq{*6v@u26#cM_IpC|3v@w<9)|hmC z$Q=q;Hi6Z-o^LbNX&kzqBH$)}i2Q0~=5I#IJaaQ*KBn#{ubYni{Xq_if8?Rvb0_CV zriy9Gplt+~5Txx;YCqh63X&bkBrNlix1fmU(igjgY$et1noyRbbZpQaSXvR}UYi`j; zG8w~kMR=qQTBB69=zlml#CuoqBp|aSH59S9_Z(*uj(+uM+D4((88#J`Szl6KHEpH2 zK{s2Q7zVo)?q*R9bN($)?n73VdiNVVi#A63x-+ktQiUSV&tqm~@zJz7I}(QzlbCiR zsll1W-qO^V=AHDTOtKxA-%a?%7Brm!|CS02^byV+-(GdR@SjKQ{39Fcz;P9j?b~bs%vNNCTgzd&Z z&M`8yd52>%;Zurv2Ok?FJYl(Ke?;2rdT8$<9Z%4N2}ZaD@AwWv#+VTI?Vow7#k4LQ zUrGJ0BeyHiu_~5&SqJ`&2h6Mlv+9X->3-;v4i?2V2MmF0LbmHhyJfK(w&~nXw)bn+iaS<#`dI3kbj-eTK$*jdkYsB{U}eRlY{W_?Mr9$=YOP7a3=gp^ zVW`4TnZi_>J-Y-4-4{P%8-ztfK74Ql8Nqs{hCXdb|T4J|gPl$BPCLSouKzumFF!OV2xZ~G96cEn^aRgpLM zV9e(}$7J*gOP(YbSYisiQbRTZo&>JF-GGZ`Vp35Bj$Hwo$I?ow3;Upst%r0dscMV; z;^T4;CIh~RgS1-7&Qhx%mQVG4V&<^NQocu?;){^7Zm%22adgy7U#J3VNlWQw;O5E; zGvx6g(GTbn?V2P$%zxB3&?Qo$6q~X8Zu21|9Vg)s$fVfe67@wSGKQot#?*}GtF+i1 zrCcyc89gLh-`}NC-cIm+s&Ac1w8s<;!(JQ09F0vHe<_LB+??Zoq;WKn+2qi+&I2K8 zn_{=G1(8a-n@G1bglwN|^hFq)uu7WQ7%Cx~N1B8;d_tQ0KHD5*=kIMF4@pyYbN%pfJsphhdkuUIZdK&Dz_^buE7#G7f%G3;ED@ z@D!Uzkfu%YlFE*Txu@0*V#64ue#kNn_2c`$?yBsg%OUWeu7um0OfKTOX(YB6&CDQ`T)XCb8NdC1Q|B8(&#l$jY{oVrtG)i(LV zCo+<*D0_$UhkFRb8I;VbG!xtA3|2hcdVW8qWQHx|0B7C${7(8|h=r4{OtdJ5oEtni zBlJu$ilns)nZgs{X;eRj$AjJ4A?Sm;1*J4A&Hao4KS#=p@>8dPh9y~AcYNUs2dPr5 zYzMS>GTGL#GqY0YWY{2V_{=U4<+g_R$dnZ6jjn$-T0G9C zMC#e~6>7#+!Yp>`yfpoHD3FEl9eK~7%=q%iyd z(b$(JxLTm&4#3i}!o9wJ-OIn&JI5A=qM1`c5GA$rODhfm+@aHS4Vz-w&c4d6G467N zr62xXGqZ&EI8C5%CT4u+{WOvVyosCH%fOFLbuIm<6ND6BLtuQ{vV7h|7UN2ar>9w! zHdee=R0Kw`3i0pJa@iATBcEQ7NEeJ*9KE@d_z;3r9WP(#TRyr&direC%Q;1VOHxJS z_JN?UNI5%B8Y+E{JqnSp;(>z=`n9RJy}@1%3kdj;@$eYB>xV(@c5=ZMhu%)_9-Gwm z)X!WWC%7KgPX`Q&rPdV7c~u$nu}2LBlD)Nuyeh3RG7Vh1fvq5%FTWSg8}p-l>8`IM zqT$79)=Cd{xq(J(VcpkndQE+|_k_@k11T^e_k$b^{lg=f>8JWGmf4u4m+6D}n3<;d zq{^mjw^o7>(y?#nR%%a^=$96E=8#lRBabqNZrM#Uo_sS(#d5YieH}LKIJn_VbcJ(X zw6iG+NwyvdP{P92RK^2bN`%s%Gs-^|l??pcR09bw-dgW`znz%7@G4H(I2=W`M)L`kE`Md8{-WEMh)sL0uWhf-}sJaoQ3+x~y=sZF+oS57?^? zW^V84R4s{G{L&atu}jFBo-1~yY{&!)l1un+wmF@8%Cmaj92pA4lFOTdOIy*obY?v} zwG3VC_wl#^(a=Tx^!DuOtsZxwa%0e_${$DW5>vBB^Ap^JnlCYJzK3L><_(c zF}Xt;jG&u63OM?912ujdWM1vg_p-6FygJ?D|6%UkD*9@O@5K@2lSL_wVz$ zegF9VZomEEkJ(;(zMhB2G{7|ZKr)z$m-e9o{kCV1Oe~nU}gwL%YhxIkt0!A&_ zhM#c98*QNI+y?$c1xkPPMV<Ug*9UhD4N88o->Pypg?OZ6%vHA-ZEm{^~)&ma2+Sc=J z3RaFir7+EvmCO&gOcyE^4V7KU*oD+`+#%7$yq6VxA)&G`B2Qgs*q9^xk-6vCHQ}|{ zQh)wP@9>WEQl`OqF6oQ}sIz6ez`19n699d^vzE{zOS7)9h)oS`%l#Zkl3CBHd!!Ry zyZ9!!-@z4E(e?1nvM33+W3sOef|Xa(OXnBbB&Tmjc~(7(Vm5OQU*ru9_dJ+P@pOxe z8XBoaYAMX+JtBMv(2q)Ybr)Efaf6>%`tw%lcJWOae#)QZ!=Y7QxB}d`@$TO!O4)^7 zw>{%&%F6dK+EMB6sjMd%>+8opEqk3id?DTR;w7xOyJVm5?SjBcL6L8>z8s`}aYfhQ zG#^6AnKjyfLTWq5GUQT*r7hH!X@D!x(!-k@fA!uz$J(KlI*di`Qk2iC3UJk{Taz(g z^(nS1bdlsuRn5avdd)OeQUc+P3($f_S2fJmW+BUAhAZvXG_!?8xy@9Z9#d5NEXyv2 zW8YAUo!V~~tVy5GE95}~6ysZ@@+m5~b1qu+<|?-WcF$qPKx}e-14|eJUp|cTWFnoE z%t!6*zP+T-{di>3<;&+919gSByB8Bax+4K`Y~dWgy}X{i^(u~j)ysL(+18c&OkyC1 zg})Dja6a|4D-6_4JvKpdu7*Q%Q@K^PW?_Tk#w~T@+|nX~8&={ZB!(tcS#7b-T_~Hs zs0bRj_mPur%Gi%Q5=_Y z_ak6eYaV2`VcvYBVKOsm+!1!{u=k>f(#?Jx$(v(oWd{snXf57ft2x z^kPC}=Vvk&LzDHGzdo8Sa#Hxgxh+bBCmKeDK2w6g(iN9CXKjl zY4eJAT;c9z0Rl>t?W1oHazlTg%>`odc&zgto}PlEXFGU?`cvg6-a9eI+pA5FjD?S^ z9eM3mN_-XM9xvg_rI_{wqmS>XMNP4|P`wQV<^yc@73IurlbGkf85=f29_LcA+zDq$ zOdpYVwh+~cdFW<)?2NPi(J0a`T_l6Icp0re_xnPV4AvT#z*ugs@HSd&O9$6GF&2+e z^9>&l>**tr_Y_C$&ckIawrbjQz+!_Qeqt}SdaByXc~gY;GbbOnffz47X7*P8ZVVsQNPKtJ zWCtYeff?dX0s?1FTA(b6B&eMZV0Eg&W7w8ly0!(;Xc;x|AmVI`?RX zSv<96ExeJq63+Cj_37+>Q(O_Dsa46VE)fnbmlGU$9rm{WT;U1iY1w)LapCku7O&=; zYIUY|{XKHu`A(OF6?&D~FOUcJ+U%9)CrD?Y$N&xmD7RD@{|2243{Hq046=MfydafT zru>dd7FMS{1~^iC$|2o^E>YK$9BEhT??q*bkXu9Ewz zd+*}KVhs%>EjS|Cc<5ECGw2>j&tcQyRcjqOHa81>h*ws+sLBa0b^y|G3@M#kY`)cJ zS7v9cH}M;LT-bDg6UvS(TsvHGam42vdp0AXtV8N)x#jk#Vc9*E%o5(Rqc79Af;$T2 z1|9MntElnn3itT1zWUiZ=C&v1EJ#`9;m<{CuU>G`?<}jiinp0x?Ye|}=S8;6*gX`d zM~>vkC>gohg{cN%xZWSI=y;zVYi*41(o+jsvI3tk*K=0Cje^IIhq#A4xYn6GU}(ON z*DqDQC5D^lx|3dNli=>qm#z2uxkX^ZMA;5 zuU=K{6xwc+=DB`S-CV~LMTfbaDoBzpN0ta40g}4B#@GNEtye`SPbb_{R7gx$4Lht? z9vBsTE$<_UV+q^U%oL2>y@zEXmr@V$O~SClZA6L1F5O z$NNHJcR7dgiI6tRxg@UQa+oBw_?&wrmU_06i{6|skn1A~R1O5@b0?Zdf-aSsM=hFc zT+_|!>_+l!Zu^^?QB;mTlPE4-W6#DZvmiQckUQuN!t(@s52ak|^eZ#fE+#?Z8ysOD zIS{ZD`YsM6)TccyZZ?TpL3Dfgs)|E zy4j2usnu}zzY(ezj#~jn+PSf*dR_h?DTt_y56ELs@!W}OqE)I<2;yd3`NU{1>00?i zVLfw%+i{Go4d!I&yk^%_O>xm{+d}$5Y8V}n0;$!RUNITQyR`r6G!A8t&SJdF~q()3f_{TcmfIMQZKOvUWkS<@@ym41K@X=`T0lYhGgG| zu9FUbE(&j&s}V_g9B!WHgM}Jng_1~A|6FM-ZBp1_LS?zS>Oj_x6`q(NOm;B3T|31x z!wU9!{2`4`6!iS1YR`BxA^h@pX6RN5wBe8Y*_r2@p6&FWPZDY%lAP{A%Ezq?k%VO> zc3lTkhmWl3{#frDK(iSLO4MsCSgzCc#?R+K(A#mVF#)3REGafcN5>j{o7@tUaei)R zS}D3>yx~Fqxc#t@r_<^l&xrG(8vbREeup+SQo=`~hKy67e)zHt_RDa}*PH#EI!iy) z^88W{fNP8tZ8-#{?ATsc+*7}!_W?O+_wJ!#xK&|3w zYjOn1PA$;KaujNfY%JG1#inI&|1F+9x2$^jf+1EJe_R%xx_LC-ZfGa}jeb!@BPLC* zy9WArP=6e{c|E>)??mI}=E>Qbwb!Wb?L1=Pcq}ha_G9AZN#$NH^rQOCBHzD)GTl;C zTNv|tIg8xKTgF2zk$SpoKa{6HSEVj5JlU;CN~8)IJ{1str;^`(3Z+>6yaREqAD#*3IFoyjxdcj}ovsZgtXG;ChC`=k+$$oZ{d zlQx@otv+9JQVUV!V&>?*qb#6DtlpO{HJ`fAW3skLZN48{b+&8cu9hT~zMzOsX}HT- zS_(Awqfc=U+#yKrVaD}(j%RB{g|*3Jo0#@lV)=N(N)AKY9S+?CUjV^JD6LPHILtml z@#!r7Y&XoKqr)H1Pe@D*6sZAEGI!`H^!!GZ)A=Y`@#0RV@_9Ae5ffU_#N;s-ccerk zX2cjUEp2kN^sXGWWJQAW4!^K`t`qpK{3mmtMT>VtET(P8(rq#kzOS+4u_%?E&6y2~ z`I0^f&>8`!HP`c&O!e}ke&FN==oMX^RVc!K6lZ4++RYt=#V}*4m4dRX&OT*1xJAxS zXw|1eTl`#$%h7JOt#qsfskX>~LGIMC>}hF?Uikq{=h%vXbpR zTA%JNl=g)1zksP`FLD~~ zPMb~$1?L%NFZ|)@muD8|I_@(yqc=jQPVESq3rGa**fqklr2g`{as*=Noi2kFFz+bi zYf%)In`sg6*wi`#v&rj7BJIz)YmL1(Q;ReF5GF=xOg9&Bgbjn|^oqARSiI|W252yw zjrMC^rsb;lL6B>EOX6(3(xq}l!Yphd6ox{S;YOmO;)bZ(^HL!;p@dm+% z=^YZVATfSj2-aIK>zFa0RK5t$Ts^8`^U3d3V*!pOCaV=HiTM}Mmn3Cd0r2K zWey``-Ar{EULicY;QbU$mwvOUqExPTZQzt3+`|yaHphzsN=YIC#54oqZqA!bcp3o099_Wa^xb7go z-2k6GXjjCD#9vfS8Z}MR6~1qzH7f9mr7j;co6=Pgu@K7TWL?i&1ak>Jwu5jElfe!C~SGP=yu2%&XxlDZ(y$tRS&Wv@~5Dcvo4=Renl_qrYBE9vRZO*LpZ7(NEAex5E&cF2~4E?mXs)ZAl+pOe+Z zb)e@NAdtB(_i&dD!-OVe(Jx;IDuPMh2U5}iOY!_a`YKdLs#qI-J}Yp{ruR3ZI#|cF zu~Lh1OWXgFd&uI^vwNj#y78(pboolxVMuY!jtXb2*-XnMwqT+v2Rfx25WBc35x3PZ&XZHBTpP#!ENGTzR<8HNc*qKy2AH;iwh_HNQ^rV}E2ix*F?!iS6B` z2H4YWWDvWNTysCV-+w+XaifS8$+<8!{ZMDD;F3bM;hw=oCqJtpE3ZPGopIt*1yWp@cg@m^c7< zkX;j7QhTE(OT3YMqCv`z3FM7a+mP8?UTsGnZoHSHe)4xQx6KX}DsB-frVDctMWOEg zXAun}8`UZ{#W`thd4B_FL4zvd8WOI^B@YN|j>Ejt-OkjXx%iH-m8ECbQ+~KBbpR#j zyuoCRDK5jx-~8^$Ss;NiH&u&Z_ZI6`V7XPjFSolRWt8v}UET9!eo(!hUWxbnIr17f z_bJ5NVLT91=%{}4mhN^iC~;4IP^z?!^{$=mDUjFY76XFV;Q4yGTP+T~3yaZw zetM*WF1Ff|uTg*J-4-8@clA6P&~(Wv zGgC6F(;Ym&>G>F)^ETS~K3yr)#?mD$J_H)j6IrygnDlP8jM7}zp9&qd;GexH#z~bw zS#ylxMm+UrPe)Jr$+S5OY(O}a*c};hETJ$<#WrprZQo0f-dz`I@LlVAL{QV`=29cKN;j$kh6tH^|gSjel!l^a7s&TaV zMUSji)K^G8Inp(Tw(rmeaQPo9omUH7=-7i)w}D!%&uP}J{hXKX3M_>e>R=N+-N@qA znG20j-`aPpeUrjOe;o8DPDeb-Bq`mPt%psd+M%}>Q_4PBNk%S)r`FP-yv2q=Z2S>{ zmu=WcM5=;P_2IG5`8QcQ@=2iT%0`pPJyK2GTlq%nqyXoTnH=C=xoZ&s-wbZ{OWils z+x*swWJ71{zY%=JB9(#2Nc#&5$2reO%r`6~4h)m5vZy_|8NZPQ)i$WEag( z{CNOIpghf{L~-V;B!yf7#5iIiB01AB1)2C!UZ+oez6Yx4|M?E~)7w9}E7pS_xbYN7 zjh+m|&~`-^5tvqr{i( zL7JGdL0Z^;n^_Un=l^*HNEV2MlG?j|NTPb{nJz@$@tI+0kjG-4|_BO;=r-X8VT>-N=xxKVH1)uI8FcB%1%e zYU=v9(RvsMu(W*|{;tFLhWNxL1I}L-O6oc3gYUzT6i zHSYvT!dt>K?*KE>08du4R<*QI5;cwxh5$Q!n;{d)xk~cgq7=5Skej!mD}+YE@0#rk zA5f@;_ggGF%-D5vW03U{AGlSHV1dsKBXY=Sx)WRFrEf-hk%qv&qOxHXEj=TKW*ElM z`M&8Q{{WKm2GJ(;;bXqez05#ZMQ$+~$NCEyiv`_N1mnV$Vf0#gpW%Tx+Co?2H$PS{ zn$dBvmne;g8SghldgXVvhe~yx_n}{(>M3H*Mok6k4-Kp%X`PysZjRG}W+0<>}KuDY$u-&3q)>du5KqA2E*v^^-m+Wq9uFg-i5i=O$N9p zHpN}SO7?YFzZkcsJ>myU=tFWD-=v-O5L)Fa+E(g_tUgD)Onfam0F&BC7N=wdpy@;w5FgK#lUqB&=e^(|54lBZ zlW(Sa*E0cNdYJGigODFXC6qia_>-8;>JE0z(w8?VtVeWo$b)+XZ z$V^!QZ5z5*!++TR9>sajxh5NgvIoWA5q7_xIndP$qKgllfQpBAF?4ZXE%1eQlKB=M zQ#hVD>PWgr+q`5n_Ze&z$rUg4V~JgJ*grhC5Od zklq7nU-OdJY~OqG`nnYL!s2p)C+Z!>=mdp#jUJ#3BBJ({972iz3T`!sw)Y@$gwCzr zS;gg8Kmj*}QawQY;dU^I{7H$f1y3r|_)-9v;p^+nqO($=4LX+N(9t3_n|DDV{@qKYLdxJ2c(Q0&T`aY_`ZRLN(SLWsg{G~+6uW-&2pj(<{#jwGnuqlRE{o!`2LSt? zq#ZRCeHBCS>6N7t(AErV9_S^oJcWM@r4)K*7 z(?rih1us!mjLNy=EJRm{N0BSfuyek~(5@A<=~jxRMXvebc10u2f839iY?rTY`%p?; zy~rQg<_ff7ZWJ8)B)|PyPg^lzybVRys(fo2xc1>MqEYZg_%ngGbhW`{=497~^ly0= z9bva^F{YiB?dy@;FTVxE5r3x@3aYM@y_4*#V@?Bs@zU5t1v(9XS@YXts-7cYCGFU# zsc)~(J?72O%O>GqBTe|oo>NDha{l4*mvp&TV`(PIl=yFx$CxFvRRZorv`;@g1RO=t zC2zb2s%}3*raA!=;xphWeU%>m+qZoAek{7vo6HXK=&(tjpU{j?GGtQ{M|Wxb&=h|I zp~Z-REYq#J$bP7@DnihaD>dlIx}G^C)XhUE!~rG%Ef= zTX#n3C*^eht9T%|nOHGh$`Go%q|Y7eC*fR1?)wsvy9=EbO(!c|)asAQ92~}M*&pI= zjkW6nMH4fkV*u>b(z2iXR?obcJpB2sLT2(sBU2e3dxqjL0M`n7Y~D6UKJI-q;nAOQ zL=Erh5cg`VEi4>soT^&@vuRgufW|5flZ7Ed#G*eYpM@GvU#t1U?r$A2|QAQjR>=_n;@V z`{a}%PhdxxEbp8e*Lu*OKkq#^XwQadWDVb?g(R-{eDCM&G+WQC2=(CdJl*Qz&Rrs6 zaL$;n4iy>bLeM1_`lE;=aSzh*-AC5Hq)R=VaYsDYbW4Js!>%AmJnd3SZMd9z$}dqe z!Io%9N}z4dZ1yftu4h*ges??g^XOmEv9A_e3|jYw$Ln`jSjy*>kj*2sMF)K=2+)4A z2M*r^BR~*Wc4o}iDfuX9e;~F?Srm{Iuy|v;&68IIFdwR=E5-5s#|BTGqut-TdFe!) z$rRNry#w>}HbC>iMHymB#Tr=STV>(VD8c;^$+hAjM6v)njDb~ZjeKMHC#}jad6WW7 zXt`<2%#&k#-467dE?wt@(^arBWGh7>!cwIfGn_+-ok$_BB#RN(UR(OiD-a}o$FO(m zm}}H9nQ1Hmm6_rCj^H6ib`@m0eZLY|?(fcP*G{B);mFOpB-M)U*lFzOT0i%QrE`3u z>Zgx9U*V1JLxTkJ#QC4TpP$Bs3I|sCFWA8vQLxN5t-nvh=_8<`fQI}+`~%;Xuwv;8 z-y%g`@op?lK93NmklE35PV`yd!xOuABA+)8+1#TogtluK?fmzTn|M-aXW!i1vL^D} zHWozVD)7=v*SjhzAYFp$cj|n3TN_=DRhbUI@rmzY5BHz~%$Gj%LKI7?90m)$X(RrT z_%$bz!?Je}x&zh)I_n>jHM)Pk2aZSY{a!D8M&^6PNcNW1@wB5BSmKnkHpeEUXtZX8 z6>zD*r=8|w480%E%#1$(^&+|=BTsgMJN3U4ek#FhygpaZ#1po_K~86B z7~hLi982q%ACKQVHs##fy@^WcE)N*EBa<>*MXuidZ$%m+e@5i?P)lp;d?GS&5x`9! z-->00etY#ti#m&#aJ&WaSZ|m!JzBG@#Y}SS@5&Wx^j{dyEt?X4saBC>Il#i1f0wfq z+I9|}=+>Udq!UMw!g<*7BjkeFy++r0dU$p`ohIS`!^QmY+e9OJSEif~%nxUsGazq4 z`sUi!4|l2GkNn}vemLx^W=lM@HTvOymw>cEov*nMk1vqV zqaoCiLn{$)stG;rNQ&QdxYCH?FGvMUKx?#(lG*jGn@eUHGS25QF|;{uiCovh+eRoA zlHEb2Jf@Y`@2CARKTCB%uT+qGB)@qyCgyzf&D} zI6UzSDgr*_CRq5NaMHj3iZL)N07)*5YYF6u_VF+G3#@>|&olgA%AfwRT}#DCKQl2u z4)+hQ{as6JKg#`Gq5ZJDAEL3t|RA#+!xSawg?DbEEziVdbKjnqlBlf^OTba z@bjYAQrR~MJAKim6TW-e_a)q^0TcLtans!=VrcZ@;#zx-$JAgnJYNyGy^bFg)E6PA%#1l;xmW+|PSJ zsRq3J1Tw;uT2Nd+ao&U1VqWKaMo&;6&F7-aB*mis6cm(;=JZLykE{99OQO6b+kB>i zEZ!+G3#2hxNXD^gsuSdrRIU2;Rex*(BCe|`n=9JNetUmn3CDa~iedq{mw$$>qIeuA z6}~JmxP<4})Q9Eu0k{tcTu}{~imkfQv+Rf%+6#9NK$I$ot^G^1lTNH%nz0nFw*_a7 zmbwv(lHZo6S3=GYH(1?2$E~jS4fjqxQu7{^K|jvD1883{?K7f~VV};@i0%8aMN&D} zv&+PpwbAS9lpH-0HS|GuJk+R@3Aoj+x;4Z`xz`1l>EaCD8T%0%iny2spn}B2HZ6Ir zSG$pnNKJ$5IK9e=Bo*O8H^?|DT3b}a4;jW#RBUHVINixk%eDvrOwTo~oj8L|p_uHerKyw^xh4>|DSQK1=O~K9qa45AV1%O(S7Qka zyf*OBvNKC{Y*JD9^NbV&y=ZF-i|KcV(xpDZ4u62H8%J7-%HG1As*Xj3Jl|4Ep~5!m z#~+EycCAa8sI-+=P;gslgsfKDfuPwoU}_~)+Vl^|E1)N&3Le!)OFa&7rC8LI8h%RZ ztIe%ZmfqJavPCy80sHcI6{ThFNE5RY+q0|Kr~K);J(-B@20b~VnYB7+)tGO)vv^lr zQ{tOPwbaI}w~C7J##5b@{;%})#p$T^m{lJFFCBx_PxY~MKCn&3OZn{8TWalJxVjmB zf}vKl?(Hs@il{cb@Dw(*7zkZ{L^fyAjSlrH{K>Eq#=_Ya4e6mdcLc2KTi3yb*M3HDDba*S^#cvI}w^o|uf z5uPhDWR!~f&&#DNABm5*0ty8N3hTLf*66Sf|5E)Zy_y}NNW!i0 zxG4~9+L4K^yLY>))gPg6DZbYBTPOMW*6wp+Vu$ms4(>lQeQ&%fja#)(UM5dU80UV6 z@y0iPjAJ#V%~FsB0Vz0W-*?9`zEZ^Wa_PLl_MnInS(6lVv#U}pg-4en%OtyL^NIUs z+EG10=}uB%y>#sA-`~Zy6772$=m+F6i8+T@TYV01qneXk+ZS!r(OIrx-Hoz6I_@ZG zwHyi;8itg`q3Kx@b-ou~i2Ty`l?Pmx!U*Vt@aIQy@Aw`=BqLKEKcO?n_$`s<9t1x( zw=GrZ$>dgghBKD!!c7;nDGqCupX!wz+MnuES*BMZ_@rohL@({B*+;vhhZ5D0%Pb`S zIYZx_mFUV494-T-&8Jlk&)$4s)71XHs$g(zq%UQ1E==lmQ~9Q&nyQxwu=_CAz)78% zG*O=Lv?H3c!a8Fw3$l{VaPvEzzGW7>0e^Gb9g(NFyF^@m_iT?&eFE8~LZPh4b~qfk zaYi?-yScHtwtTHXcy$ci@NWY7n$I(i!> z&6_%*o|=^LQ89j^jtPw}ChO>xQqwS=adp8SQlHnh|3<@($+W(^;>6#d8k>72hW7r% z5^KL?CBHjeU=%{wv$~8Fh1F*>HRvcu!u()8@YNUd zfQw^4Y_l;cB$z9SMalCxIg8c@fUD~HVSL^<{amLFz!o=I4K!RqYrrt!Hu!%I!V*gO z4&u_dc`c#;erA{cFKQ#RMB>7{d6c^b_gybe{olbZqfPys5|6gaaPm471a8yAxzqX! zlKabokJ0x?8t)KdM7?F2l7^mDayVqRgFt$JC;F@mO+Dy7&YJ0~Hm7Gpo8> zV`+~D>zM&smFJ0g?y30(mE^%&))7~aWn7mN6MJ!B*eN(RW1(3uC%<|d3$F*5FcHPJ ztNdy_?Q?wBT&cJp`VRn6ZgvD2A$bI904bxxu#_F?ts63ZIRN=gFmZ(k;13&Vc!VID z+N*6He)NIvHJVAkqJ+nEY^!$O{;tf@Ji_E?&u&pjqYf_EjAHXf_C{nT;IDqWdnG8O z3klr2q}aZR*2Tw5U~S>9D7JeAMS5nmbHN4Bc@r3VJ>UrD{V16_lg?VS;mDmLq*}W4 z@$V=0n-V^72wQ)3(0qNH*`~Hcnowu%9mwBm-nsNg5pi$7$PRu5Rs3RNy8s&rVy*y? zB{gihfZlVI2jUAq4^YR!;0g;zK&y>^yRtk;DTJTTHMfR%Lw$^p!w_O3t>QQ=W%%yk zE&!6nZgl+{B*~@b9tJ^NdfEf;$am2C{E3MIYMxX%f9AsUUPV`c6FUqSyG(>oPE#{) zerqh(>CJ0U-3UsPuRL4`jZhX7i(E=@{*4wuqIuzuO?cmMdo$Bk?*q)H6erM<=;l|l zQC)(^)y0FlYrI!hA3Y0KypG)6s(MdBK1XwKxEsSmLC+F=ViM8G1OrDBpj=2HJjcl70mH#*faIuPvxFH!avK-5ln^Jb$>bkY?qYS zi?eH#LylAjwqtXMJba-Cl24Dg|A&^D)(*?KW8(q8{{Dyol2&oX%rpsI?sT57seVC0 z9AxkbAT9k4Y7DnPoh@9x`APsQjJ{ih;uHukY255t$--t zso^!pI9}uJIvgFIg4maPZPoL~8@!O##03hzS>e4w7|al_A>$mpzu;o}KSm#9t3;Wq z`d|12KRTy^ryok7bK?GhxEA6#Tt%g}##3s-a-W!WSs{~LMXCic&D6GwQoJ8(ADUCW zEkg%+ME73C6~#l7TZTs&hsnlzU%ki6`uLziSa`jJRH@7n&U7b)an^|Kdx90~NuA33 zpPh7~0-lB#!aojX5PbDK%R#pUuQoZVyXtk}N~O9hQ1|M~>y(@F=ktnj=#KGBde3R! zZn|`z>ElBf$CQK1;M%T;yQ}&P(ce>nbHVHM}FC{Z58TPW5Fw$`DG`mnig4& z4?(KA?{RnY#k2%1myH-02ofr)xOp`cW39Pf8*r+gB=W_S?l5ETMEm}8U_{>ODb@fl zK+#wdXSy=Ud`8&tcUUSX zMQID!m4-JKCns^2tqIS}{^Qd3xr&*iP+OCA65BeWe54=3DO^T=dLAz_&70hvAjn9M znP^^}m}2cmUbI==zKWBwC*(T1M9b^p&@t`}tAMJ92KazF=1@oEZn`IuKo(Cdn1?nh zBpU!|x$Mv~ZX?*q(rUt-7cs|0lXwJrzBw+J|}T za-)6s+@)?)NLzDWuiK?-C+=&ExHlq#n$&O|D20!|vxSi2yITBrt;q?*I?e4|IT+-k z+P2wY?jWhra&~|R03C4gKVY56JI@%h9Sj1OGeU+R--!>q^$s()@3@%Q(WO>r{{l1? zfba?o*|=$I_4T9v=3-*G|F#HEL?_|Z#(&3HzZ%28L;jyl-jASupSL{3CnEz3WzN)gH|g&yhDQ`3kF^{mWZ0qa(FG@9`!s2 zvxizUI=`mu81WdKD-W@Jdi5_({LvnesYNcxf@E?JV`7SW)jQ*-?=ZTN<(G?BQd-6Hx)Tl&UPT#=HP&KTGCCzqakg-op}< z%hLl5v8QEw*)jlzWizOwP*V$86QVm zzS8fa!vf`_?|sI20DKM2=mW7-vRVb+vNWj zRGVlJM#xM=-$#Gp$JEcZnkaP{$A#0b{W*;{_K%8sG@izXSoSlCr)?lkM0Bv<5<(xR zB?rz*#^U$q>~%dq7DvshD_J5V6D0RBWw*TBiT2c}QXPQ=LMoA3W6_ zRnWaGfdLlCi=OLB$(Wc>acrvt9e zc;g-6P$=%Nz7}MH&lHOydlBg*+V9_?-*;;CfB4V;M&QKIavyj^IEeZ{Ef^C~Y(yuu z)FK}@Sy5MQ53*SQm!yp(3(=ZmHQfUN4^@NPTyini0DB!`-l3YTW@|Ifex!#S#)ndl@N(CCa677S zhjE`67ZmD*2znidgT*YC68PWoXbcSmAu@@8WoiKucHgR#?o@w^g0p6vgI6o9)=)ht z(T@)u?;txv$!Jr+Q|6y|S<>{PPf9<&pga)by8BGTT z>GKfiqbsX^Mtu$qSs$SM$c zvxmAL$S)CgWf?wpe^vf>aP&H3d&sn#Vr~jJ^A0r z6~2Ty&c*`o_usrLNY(8D)c3Coyw%CB0Uv##?V0m=1qQb$PpTqlJ-Zw|!-6czlsxHg z6JT^~l?yzh#I8^1H)$3z1RlXK9^OSZe1iK8Lgq~scv!rHlB2G3phJ)4Y{7QqTBCr( zRoVu1;TE>_hEtcDZGKXUlYDx#bpYX}DX4=w)N(DXv}AH&Cyd`NH*hk;2JrGB)W+#u zs&BQ9ppBK{Xbybmt?~ETB_h^gT}N~ll$gm)7Xfp(>7TG5-=2EXSPwZBVe z1iH}S`G^u0MY7fBNDv)c9YmNR_!aaeqRO1;WePb|oxmtWm#~EMl(4{gHlz18GjFln zb1j*ZX2?qi%Tu_YB0kCF6Sjsjj``xia~YiP0@m$8NACnu(cETPxn$2IxhGgYUkZzI zJGAj6WU!)P@TC6zhzzr!Pl>cOMtA5}M#@+SE?+w+nqF515-(3<{)r*#nEgQd)fH5} z9{vmtn(TlAWd|~+)b)I#h7EBls9;#Du)p3{;R!Whq7-Dm^1&!^nXjkmSkR3y#T$fr zr@X$jk9gCu!j~+Hk}FgNJHS-b%Bg_+t1H;5p!a-%}o#HP75E*dBY1txHd-vr|>BaLA zaUzSJX9T2+u?Bbz-ywLlK?T(S?;CQ|upmRe`A=KoCeq>)>(^6UMa@|Mf&14DS%$@##?)VROZ=vzuZ`2g)4~EGSM^rVB>RLG8nd&{ zCCu;EPs1E2r1wsb>%#GKVI28TK?#fBkw?)_hzJ_EFdqI+r@JRTVe!M7MptqWX_nb2 z@&s4Dl<8F&1oI*)hMLQF{7rdR?FLRNX;-1!kvPyzDd3&HseB?0u@1KA6i3pu&0K|f zrp1Dk$ANakzmWTY{fs>9l49Zq{MT+hUl5`L!&@_U`c}|?rWk;4KjV^O%mN?%?}VOa zP`od^{0?EW(XgQN6Ik&7mR|XPNKF2>O9EK^-^k@}>KfOddoR23bO{fA4@E$BPL%ms z0u0FkYR(xess8~P9*9oVcOK|hnDW@}k_qDMalmA0??S`-RQ$(`NJse8kk1~^(>v(O zQeqbI0z~Vg$~G~veg8e2*l&tlWScJ*$3BFGG2R?}zx=M>0*a=~;)$AdUSc^!%q5v8 zE@8I|yF^K*$Y8!RE+{XSrd4qMVpguQ?#=2inNL%lk)3>*6%2Ags%s)NIiPF^5aYmft+jAcT@}D@rlibmXF1RrSyT<1SQV{D%uwkpzVCGa&u21 z3EVGu$(o2puv1}Yq+D<90YXEe%d)%A%`N7JcPmx@tseN^i<2JJ5G+QDnu@VJ{(e{( z7i?}WB&9C0zcOStMrui*3~S0UL|AB0WEC z3HY!owzFbigi6E^STF;HzXQlqv@dBLU@-SVeq!IDk#R?J``-mM@&JZ^)fCVYmg38E z;O`$#8&58Gk!Wd^Lhai&PD)&419iyNC7I$9SlM1A@{D4iKr6w&nf(n5Q`;j%@7))1 zj^Ek-4NHN;rhm35c%!bn;>?`VWYRZ1`J8++H}j(-fW7$!9I|{ahNL8>edJ#r>d!1K z7OtHBBn*Sn3Y=x<0zRz7#`nGnCvDWWv6|X=*1=wswVPQq?UvzJm`cI`yQOofjM7o;d;i6$V(47wCdHub#X6%9Z?o9?+ ze&xA_F&`$fgLuVa>Mu~kS;aK8>%Pwm zXbmtAs8*hpTv4qR;6e-xGT%`=?FhT@$42~YTI3Mouc=?@z(2Ekxr%qZC4H(s`l@|4 z-fvW;K!&%esPVb`2V6pSO{cN>M8$6R0l6LJ%nM#LGp&cP(Zc!uVC9D@ zNQloj7x@yafX;rOv!@TQFN-8$v7ijyS2}D$C(%sf_3W_L1Y&w5)VQlkJ+3{}XZ^#| ziGgXny{#Ia-CX{NiAUn^VK2b|znOZNS2}Mt(oYfa#Km4{{vZ@rFAUBlM)0MI`acf4 z)y05rlmGC$hc?OM1KZ(2&#p)G!-IViP@SXCK8;Q0cg$YWaV*$y$8*tCp|DmbgW(h?k5e~$JD{&6z$B(b{bBdsLzvyg*siA{escG!W1ip56%fj zfm<=M+*(}|ZC8D6;IaF$sCh5gU!>%OTBp{o)}iim*y{=JCmCZ1~YOn4xw6Fl7@%!W5)q*6SuVa)JdG#rdjbMxR5y^s!?l~cEzYYqPe3AeAl zM-$bcM+53t$heiW+#Q~AO*LfGm29~|A3o72DvIvNyPhshkY*XUb$^L_#E2vvA+@md z^V^Mri#yN(8};ykUc(hcq+XO$&&Tf5@AyZrS4S}-3wtr3$#r|K&j;qKIT(o5f! zus8|)%9yOcP2~X@&kK~DhMP`c3n@`-z=`wPTFltUZeCjeWSXiaCU*0m4)RMW#xn=| zKoYOAlPrj#sqz=d*9r#jcojdx%A~dByJ4RIrgoL-o|0WW`=n3Xf`Vv(mpNp;z`iZM{!q$Xjz# zks5NmI?#jboJ0ov0c;t!#Djd)fN#I3jHr&Fy)Rgf_A=mFT}wZVLwko)fT zUnf_lj*oc$U~9R^oaH_cPy19AE5(8*D4O9b7|nt7Y6}bEn2a-C+r}ES{=h!Q2jy8Z zphy)b=?gZjSx$ed9*6c%gOUI?gO`g8#sEnC}(iR-A@ zsNR`-B#Ay-HiR|z=|RzK_?VY{6sQ(peW6-$v^8|=EN!-enD%-vu|+Bs-jI@TJbWGP zCyRZDz~mnDjVGCS8bcZ(=ks@Nh>>PN){=v&t|Gc;p66z}9lbgdM~uC6-So0i;2V%{N9e!HeJ#hVNZf_LPB{pr8%asc7*%YN zhm$3Y2qUl!J%@v+UR33}@vjnBAM-fwcMdn^zGFnFtzg_nG(Iw|u<4R9JQ`4s&chT9 z!4tUDEeLJ5ux2K=tCwYfhlRKn0fO_wlPh8o^T2fV*JW<{qfq3Zmk{$GC(rZqQ{5r# zPRfv`--8Tqv=TmhVscv6gHX488%2p}8H9d>u97l(1u9glb*3lT7C~|N605nYjjP%FqiUSu5)kSm9*fjS1?4?0ZoO4!{mylHKs^a=$ub-C@2(@OTZ zr-8^CcFPW(4hL@jPmvQ{%5LA?rH_1`KMXxM;DB8IvBj<*Jg_6vL+8J+(i=eQ5YVZ^ zr484Pk{c^`56`~h(U|;1jFo#jiT9h>cftJ&!a79F&en0x)SsuWR-&rDw zL_!nM!##d|qfW#x16Im<=^-JG3wSwFRqu8Y4>Y0&5YFAbKu~pDj4am+zP3*j{M%MA zBzNi@$s!fVMt*1k!T$_?(0d?xYP^IMz?)+Gnt$YN0p$20^8!;4@HblsDB;IHWZVF^ zZ26mS1&cf+Vl%$K{y)6*`zP0CA7(b(Du;hgJ}za6)S2~v`P%o$mNiQw5j|nx#(vMC z&zke5dM;yQbQd1sQO_njDpe(~O(93Kuwcsv2IE2mIOGCl=* zg}rY1PW+nt_onzassZSJ@pfLd+g&$$XR)@D?`s1j(-S36eIDBjc z3>KO?_mdWx{e4#b!MeP7bB8gg7vHspa?2dO^05)pHo|_+SnmzO>l#vji|NCLhdcJb761yR!S(EBLw5T1|Z#TFW z^ZX&}A!R>%-}~NoyRLh@(E1JUsvT0^>CegdVsCB#bG}ph!7%5D6R!BFF;X!{ueX1C zmlM82YK4Wn$Y$0{)@x2h?bFAn}AH_#@F=qH`w8YEO`Ay zUnceB>LLR3jWo}B2MvxLMGRZB{LcPpM{(SKfv+Jd_w2jau+Y(Y0I*WH7D^qRxlIOY&^S6WK*`o9tPE%z$0b5^gU8LIoJ`Q zmpmyk(=sMFAj$9*@nuJ+M9d>Y?pK3^EG{R0VA3os-uhjn^uhk|l2GCH!PmM_((Ex} z%%Mzkq4N(OnXLqE`t)>xSJ>YYpQ0+gzIoxnG!Op90{TTwR9>7r{sgceuI}q?*ZzS& z5{cZ^Y`1bisN05-5+4&DWkneSq6I*%riMdA_H}oKeGv0VK4ieYEcQn|9B2sxAjn^6 zS%)X&DK6jY3dVcepV(+EcBT4W1>)NI#ItW)P`MFl9u==eIqU~`71V+~Wx*JzA3NUX znOdmzwwO1aa(8@H7}EAm&sZ~Y2pNL;_Hj3zce&S?Nyo>|>BVIoC~j_lTKF#`f9II1 zM7rR*InHW&B8zuv3e=Y~vVhuDUF|A`xUYmpCSOU|dCno~+h9u?IPvWnncIbTQ+EzaezCe?Ckx2QuEYEj9{_XA^ezu)Ct@8tmS^D5$Q2)}#8^QU&;Bd&6 z`Ci}b{>3e$3$VfEd4>Gp;k)Owi3z~Sc}~=Ick*S-_9aF9=-?$t;8-I#;((6p6I2n_ z;qpR5++Ur5^#A(q;s^e02fGf9bID&@8B+5g1HPTaOY2)B}*c}3G;k8 z_^@)(c~=$7{DT{}e&X@nd@X)O4lAiSIgVl7aK_OKkRi`b}FQozlBaY}iL=rh+M!F0fjN_Z?& z$*VgShiTk$|LIBT*QW!LCT||JTU5ApKxe-gGh(Ym&f*0VFbR>YjO-FV%)b-XH` zN9D$!>HDreT!?k3R_)Qo*|l`Edf6w?2ZF4bF`OgYWSwS^Kba^}Mr`0-mexxewhhQq zMR@%xYDyH_52d9aZYgi9OqeNTd8kXo_IiJDk)9boX_MIl!?#bAM$NeKunVrG+ZO2IVGuV6&-h z2L$yn8TFvSHZh*Ec%yE=D7aXE? zMW+|6xOtWI)3FfX{5&@(ncV+}Lz?E*G~;ue3{F!{!kCfBbs(l#fk9*%UkWV{i#kAz zekSLtaagKi^EJiT7^Yh?%7xO#C&zJ~XS>7sMtJSARGDJ?m5@|14W96O#EiWFZ?1Eb z3z>t~;Rq)B^w=4K7#k`_K#XOW175>yCHnY*9|6=wSXonHxzqpU+4|_!ZxyVI3npaj zA(iU6b)H8y-n@IMI1og-OJ22kbO+BI>(nX&a41O+cQ|RV0S3W}Z_eq>ND9V=qr_b7 zw(;mZOue+8X?iMFj7#XpF^ard&5`asmOsj^FjzSP_iW6{22|oz$>f*U@pM+x;rm19 z9;a6(oxr|fG$eDewn!dXp+^$ca)y&Lb?LF_EsF@=g@D|T>*%{Lj2`arzG`>Mtl|o; z$g|33wr3_w`>0}4@rWR*zzT{y3fZ9n;^N$fs>`n}+nv6boUzg8lgeX5iU}mk&=`p= z2hmpvIYcc&XDgg~N~b+!-6NMFGfJF$Z!%g-I3w+pTi9Sh*_t5>%T-83G##AZdHD`~ zN`q9y@)6f5504%<6T07>+B&r=Y-qD?g=RRHGD{Zp5z9l?B4>8Q4S|&c62!d-s1_vsi5J-% zS>t~09Y-53^kK3wT_6=xXM!KgKs?rZg6n@?4!C=9bg}IofLUr!f|Dtd6U!l3wk&fk zx+KWvcfPZQAhNfjW+84HTLY3zk2V4ei&+spUrl2905mwVO(AohGa8=@o1ft~i>D@d=l>60lIn^6vu_uRrJzO!%gzc3 z6Trgx3jhVZM@R23+SDp$nm3PjtKy^C8L*`k-fv(x=^?s%j|t^2CV-RrzI) zh&j0k&-~?gau_RAzs59c=Z3#+r5C^~_#s*w&8oYaHg=K3fTNX2wQi|j{CiFW6zQ-zIKQDQLJCr@-MFLwA!_v zeL#pcycs@x8n4-X?At2gySTu_mhqCJ4Gz`FN#9Dam1D0uhp@xv}|ndTw)F{rG`e2~E|Gx40jdz)0LMv(AZ^A;4dhiCSXEyBT*l0h;L=DhmbMak%%Lr zeF3YInSH^qV5}Ok3=UZ5_I})1IfM*n-Yk#`XvTB!7N*nt37r#`9$1SFiGAureT@YR zX|$sV)fBEVSNpQv=gHx&RYoy(L{O!elr$N12Tjc4@Dz_i)8qHs6Bz`(?wadcum2D4 z2=J-5n-p&6Fvh<=w#T|#N{kFlDdq_f+RCL-w%OKhdr2J4{sh1PVno@a|0dEArukWT z7X|_&*&(Q-GzkZ0%2>c>n(YSKc*?b>%+&dAT$n?xmp@t2(Xw3Rd|<&L(mepiIHI)} zFnaR{KsjQSe;3bbsAOQ_`iBvy9nWK?%Z;1-6pAa-ra<*Uw-eb`Q^A~PGCA*Iy%|5qAhbMB2&4us;+>W(p^h7e?|Nl-bAr)*sAc-lJ#Py3!)r_DVB}7Jn5dD&jPP zb;CwjRYxRWtxyFxr$f-X=WP>-9n2J1*5zk+4UtcFCFyPfrDAc|LiUv$quhqs;f2Tl zV=0iNcVF*@5&8?Svbn<@{!^!euHxevBb|DE`mYrjCr6j$KyBOkht$v1nYl(RQyKq3bFuw0WSozWUD___8G_bkK ziu+1;<-`~CU^A=8229(KasIG2N#3{^8dKQr^|OC_VLl^qFsPWi<69UyGwm)JhREAw7^mAPysq3-)_RUpEWIFXID(rD{PRr@;&8j|h)X9t& z&yoNfuH@LLb`d_;^|;eqZfIH5vCNpXU_a;UA1{U^30O?}vC+|5ev}M-TU<~YtEbuLSEa1b z5aXRPnM)eR*zKz$_z z5u$V1<;JApn+=+AGd{@Ff|U@pMf!qEDmc=+5$A33yET$SWfK*z*0!+;3daJ*3Y2Co z*i>on$a#lWe02HBBTK6u<+<-VPVsLj4g^`9Q<4f#MBZJOgKZR>Ol| z8wl?Og;GEuHoiLhbA99;?_g4 zI#Y`R3pz(E+4{`JII8>3&&?^n1R>B3CX(SKuE|4W3%=@R&1}1}V&yTSR&`5rMjN3k z41Z`miN76-wx+j^34gvy9RLjIV=LxITA}JCc%Fvp(Hh*Q)9Mz&dS6Ja-W|0~(WAvZ z#QbC>7aXiy8VNeHfL&dBILMyIFBoHXT)T4qWR(02<~DbzcluuAl;Ssh=SZplpaC>1 zqs!M!wQb1xFaD5sMpm~H) zD63IP*?gD>e%nzH`G_ZyIn$XPZ^?lh5wjCpFo0fnTzK8`&NrY*%`S<_*}22BY&iH4 zo1Ak!$4wG=Z}r%1l9D4kt4_ugkF(?8=tLXOYP0mj9PP({S9r`vx`01MY`JbpNBvuC zPI=>um%a$TC26~LEVtEpo2#K;mqu7#!>Apqh`ta4do*ujx#KO`(tX}*gge&POY-*;V-w_mATH$Snl$ANjT`{NaDvW5Q>epK*hWltCEeMwyZqSmjyE9$*+ z_b)Qa8Mk%y*Sc8}6#hRP29CpReCfdQ@AK4pqeSaXTaWvgj*gt$O$)hs%$hOFcp}KN7rml;O-$e-!AfL=YYPibh|*@b79}AXt5%E z2+mps*aW$y>*KGDJPgmcsrq_B|`>tfsy?5louhE>S&~JpXy)2BmD*9#g{k;|b_z*wJ7WCLeXgd)ZzqewCUX1_SZv-lH#}C}DxJT5Ue&vcNtBRqQKVy%xrHcf19OxG*DS`EK*n1-QxmmGrfFPU}1uSJ2BlL*#hrels_ z{qR{xT5mKL^$D>Kj<@8PabJ^tvN<$2F%r?V=gAD!jYLzD?yfA3tWozGR5oz$SquBt zvkE^c90CVV6gNJn>}kRn{&t#X7druvc|@p?*hu6*{>*#uDRiFiNT84^yudJ^BaW0*t#lXRnvlXL;DJztvS(mvaJL%iNM}n-S?& zwKIiRr)KX~pU3yy>NcS#enEb#NX(i2+zN>lrU-o;^4OZ+wg7N)KIar|n#2#oxeZn8 zRU5C%iA2M9c(IN1Wv#1VdVf_+OuO0#-lRbYm4YJmFzL8M3{_bf^|{p|axEik53AQg zeYo3-BPd#Lq1M*3qSfTgaFj@2c?x!)OcFg17KLY>mb)86&(GZX%j~XB#Srp!!9mbH zCih`qD#MWyz<&jEbDpyMduiuQPq4Jg_Ui35wLkA6xe|$*L`J0UiQ3)8C;VZ64=&BT z+sI|0E_%zjjN$H?e+=VHIh;lD9YtkGLm8qT6SCc9(hh?Gn!69f|JC8@{@s-a@tdPz zue@KhL9Xn#-R4+%qbYbIk3vq*VAr%DVL8V1$ricq+yn|b6yuUMVlI`Cn^K1qKUhDz z|D99H^491t5=&ne^CHDOq{j@(IGiaZIJqm}Y$EYZ>uD(zi&JcN#O9mh+E*x$u)p@y zGMkbC78-KHjj~sw+nharH15z{)COdyl=hZyoXs4szEqjt1$<^2qA53%sP$MrLD2Ke zb&Ck;-nz%}>E)SFsUWU!rwpZ;4p>|?dmRQ+b^6joOtzWMUfQ48C_7t#o;7YCbeTGL zKXYDXXZBo^mHj4R8Pryk8TYK`eu#(1J&u+=W32avlzSRsFn7FDqLK|K#wenuTxLj` z`Ve(9tFTwQz>Ri}7$Y58MJ$RGE1ePbVmJO^GqZY|mrY12+X&a}%~Kvh`GGCCu5n37 zEoqrt#HDt|&|U;%gUk1vbCgLxS!(preP(}I-Z9P;dh|nC_!&pOz{dp3ooq;)P(0gS z<_^VyYyf?)<#HBBRK0Bvr2JUXX*~;r`~R^_E!ME0=nRc{ABPTeQ(8|oz*%; z7YnNp@7V^V_dg-k8t#Uuj*l*&A}LPt_N+_@sE{`x+Ki=yQEs?`155dU5e0gsuwcuR zKJmn3DT9TgCWPro=l0&Mu$#?@ABaV)CS2Q&Q2ay}uoS{B?9uADOQ#N}Ebq&Di1Lv9)H!je5EQyctVl?}7cb*{~9dRfCv%orkz`*yLt^kC6990Le|TQjXbl=g}`jMPH8@j9ZU& zg~T(CTV7;s(_aXz$Nr%*(~eaE+=9x{QeDUYsm1lbZKT!Vi@dk`J?wm_5xrz({@f~` z$_I-p2XYCqw`Ve~O_zP=4UPTYjFIX#2xC+qjr#-!qZ-t=#lPU?|HX19)i3|&K>fly e{u>ox%|VXll| literal 0 HcmV?d00001