From 109fd4325ea00c4c07d55e8f9bafecb091c43023 Mon Sep 17 00:00:00 2001 From: Karl Cardenas Date: Thu, 5 Oct 2023 08:23:02 -0700 Subject: [PATCH 1/2] docs: backport PR 1597 --- .gitleaksignore | 2 + .../enterprise-version/_category_.json | 3 + .../enterprise-version/air-gap-repo.md | 0 .../deploying-an-enterprise-cluster.md | 0 .../deploying-palette-with-helm.md | 0 .../deploying-the-platform-installer.md | 0 .../enterprise-cluster-management.md | 0 .../enterprise-version/enterprise-version.md | 92 +++ .../helm-chart-install-reference.md | 0 .../enterprise-version/monitoring.md | 0 .../on-prem-system-requirements.md | 0 .../enterprise-version/reverse-proxy.md | 252 ++++++ .../ssl-certificate-management.md | 81 ++ .../system-console-dashboard.md | 0 docs/deprecated/enterprise-version/upgrade.md | 81 ++ .../clusters/public-cloud/azure/gateways.md | 2 +- .../enterprise-version/enterprise-version.md | 91 +-- .../install-palette/_category_.json | 3 + .../install-on-kubernetes/_category_.json | 3 + .../airgap-instructions.md | 713 +++++++++++++++++ .../install-on-kubernetes.md | 24 + .../install-on-kubernetes/install.md | 308 ++++++++ .../install-on-kubernetes/palette-helm-ref.md | 451 +++++++++++ .../install-on-vmware/_category_.json | 3 + .../install-on-vmware/airgap-instructions.md | 716 ++++++++++++++++++ .../install-on-vmware/install-on-vmware.md | 24 + .../install-on-vmware/install.md | 84 ++ .../vmware-system-requirements.md | 300 ++++++++ .../install-palette/install-palette.md | 89 +++ .../system-management/_category_.json | 3 + .../system-management/backup-restore.md | 147 ++++ .../system-management/reverse-proxy.md | 255 +++++++ .../ssl-certificate-management.md | 84 ++ .../system-management/system-management.md | 69 ++ .../system-management/tenant-management.md | 118 +++ .../enterprise-version/upgrade.md | 1 + docs/docs-content/release-notes.md | 8 +- .../self-hosted-operation.md | 2 +- redirects.js | 44 ++ ...ment_tenant-management_activate-tenant.png | Bin 0 -> 55901 bytes ...gement_tenant-management_remove-tenant.png | Bin 0 -> 47066 bytes ...stall-on-vmware_palette-system-console.png | Bin 0 -> 110192 bytes ...tifiacte-management_certificate-upload.png | Bin 0 -> 141429 bytes 43 files changed, 3969 insertions(+), 84 deletions(-) create mode 100644 docs/deprecated/enterprise-version/_category_.json rename docs/{docs-content => deprecated}/enterprise-version/air-gap-repo.md (100%) rename docs/{docs-content => deprecated}/enterprise-version/deploying-an-enterprise-cluster.md (100%) rename docs/{docs-content => deprecated}/enterprise-version/deploying-palette-with-helm.md (100%) rename docs/{docs-content => deprecated}/enterprise-version/deploying-the-platform-installer.md (100%) rename docs/{docs-content => deprecated}/enterprise-version/enterprise-cluster-management.md (100%) create mode 100644 docs/deprecated/enterprise-version/enterprise-version.md rename docs/{docs-content => deprecated}/enterprise-version/helm-chart-install-reference.md (100%) rename docs/{docs-content => deprecated}/enterprise-version/monitoring.md (100%) rename docs/{docs-content => deprecated}/enterprise-version/on-prem-system-requirements.md (100%) create mode 100644 docs/deprecated/enterprise-version/reverse-proxy.md create mode 100644 docs/deprecated/enterprise-version/ssl-certificate-management.md rename docs/{docs-content => deprecated}/enterprise-version/system-console-dashboard.md (100%) create mode 100644 docs/deprecated/enterprise-version/upgrade.md create mode 100644 docs/docs-content/enterprise-version/install-palette/_category_.json create mode 100644 docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/_category_.json create mode 100644 docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/airgap-instructions.md create mode 100644 docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/install-on-kubernetes.md create mode 100644 docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/install.md create mode 100644 docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/palette-helm-ref.md create mode 100644 docs/docs-content/enterprise-version/install-palette/install-on-vmware/_category_.json create mode 100644 docs/docs-content/enterprise-version/install-palette/install-on-vmware/airgap-instructions.md create mode 100644 docs/docs-content/enterprise-version/install-palette/install-on-vmware/install-on-vmware.md create mode 100644 docs/docs-content/enterprise-version/install-palette/install-on-vmware/install.md create mode 100644 docs/docs-content/enterprise-version/install-palette/install-on-vmware/vmware-system-requirements.md create mode 100644 docs/docs-content/enterprise-version/install-palette/install-palette.md create mode 100644 docs/docs-content/enterprise-version/system-management/_category_.json create mode 100644 docs/docs-content/enterprise-version/system-management/backup-restore.md create mode 100644 docs/docs-content/enterprise-version/system-management/reverse-proxy.md create mode 100644 docs/docs-content/enterprise-version/system-management/ssl-certificate-management.md create mode 100644 docs/docs-content/enterprise-version/system-management/system-management.md create mode 100644 docs/docs-content/enterprise-version/system-management/tenant-management.md create mode 100644 static/assets/docs/images/enterprise-version_system-management_tenant-management_activate-tenant.png create mode 100644 static/assets/docs/images/enterprise_version_system-management_tenant-management_remove-tenant.png create mode 100644 static/assets/docs/images/palette_installation_install-on-vmware_palette-system-console.png create mode 100644 static/assets/docs/images/palette_system-management_ssl-certifiacte-management_certificate-upload.png diff --git a/.gitleaksignore b/.gitleaksignore index 5b93e30174..655b75ffc8 100644 --- a/.gitleaksignore +++ b/.gitleaksignore @@ -97,3 +97,5 @@ d916ea8726a0c226beb82fef8567877f5f5ef3f0:docs/docs-content/enterprise-version/re 4e46c6c2a90d3bb1ea17b70c15c8262aabf11c05:docs/docs-content/integrations/kubernetes.md:generic-api-key:805 4e46c6c2a90d3bb1ea17b70c15c8262aabf11c05:docs/docs-content/integrations/kubernetes.md:generic-api-key:1068 4e46c6c2a90d3bb1ea17b70c15c8262aabf11c05:docs/docs-content/integrations/ubuntu.md:generic-api-key:96 +eecf731008b962d7f5aefbeb6cfee251147b92b9:docs/docs-content/enterprise-version-bkup/reverse-proxy.md:private-key:145 +eecf731008b962d7f5aefbeb6cfee251147b92b9:docs/docs-content/enterprise-version/system-management/reverse-proxy.md:private-key:150 diff --git a/docs/deprecated/enterprise-version/_category_.json b/docs/deprecated/enterprise-version/_category_.json new file mode 100644 index 0000000000..75bb21d32a --- /dev/null +++ b/docs/deprecated/enterprise-version/_category_.json @@ -0,0 +1,3 @@ +{ + "position": 161 +} diff --git a/docs/docs-content/enterprise-version/air-gap-repo.md b/docs/deprecated/enterprise-version/air-gap-repo.md similarity index 100% rename from docs/docs-content/enterprise-version/air-gap-repo.md rename to docs/deprecated/enterprise-version/air-gap-repo.md diff --git a/docs/docs-content/enterprise-version/deploying-an-enterprise-cluster.md b/docs/deprecated/enterprise-version/deploying-an-enterprise-cluster.md similarity index 100% rename from docs/docs-content/enterprise-version/deploying-an-enterprise-cluster.md rename to docs/deprecated/enterprise-version/deploying-an-enterprise-cluster.md diff --git a/docs/docs-content/enterprise-version/deploying-palette-with-helm.md b/docs/deprecated/enterprise-version/deploying-palette-with-helm.md similarity index 100% rename from docs/docs-content/enterprise-version/deploying-palette-with-helm.md rename to docs/deprecated/enterprise-version/deploying-palette-with-helm.md diff --git a/docs/docs-content/enterprise-version/deploying-the-platform-installer.md b/docs/deprecated/enterprise-version/deploying-the-platform-installer.md similarity index 100% rename from docs/docs-content/enterprise-version/deploying-the-platform-installer.md rename to docs/deprecated/enterprise-version/deploying-the-platform-installer.md diff --git a/docs/docs-content/enterprise-version/enterprise-cluster-management.md b/docs/deprecated/enterprise-version/enterprise-cluster-management.md similarity index 100% rename from docs/docs-content/enterprise-version/enterprise-cluster-management.md rename to docs/deprecated/enterprise-version/enterprise-cluster-management.md diff --git a/docs/deprecated/enterprise-version/enterprise-version.md b/docs/deprecated/enterprise-version/enterprise-version.md new file mode 100644 index 0000000000..8bd9d11245 --- /dev/null +++ b/docs/deprecated/enterprise-version/enterprise-version.md @@ -0,0 +1,92 @@ +--- +sidebar_label: "Self-Hosted Installation" +title: "Self-Hosted Installation" +description: "Understanding, installing and operating Spectro Cloud's Enterprise Self-Hosted variant." +hide_table_of_contents: false +sidebar_custom_props: + icon: "cat" +tags: ["self-hosted", "enterprise"] +--- + + +Palette is available as a self-hosted platform offering. You can install the self-hosted version of Palette in your data centers or public cloud providers to manage Kubernetes clusters. + + +## VMware Quick Start + +A single-node Palette installation that is ideal for Proof of Concept (PoC) environments. Refer to the [Quick Start Installation](deploying-the-platform-installer.md) guide for more details. + +## VMware Enterprise + +A highly available multi-node Palette installation that is typically used for production purposes. Check out the [Enterprise Mode](deploying-an-enterprise-cluster.md) guide to get started. + +## Kubernetes Install Helm Chart + +Install Palette onto a Kubernetes cluster using a Helm Chart. Review the [Helm Chart Mode](deploying-palette-with-helm.md) guide to learn more. + + +## Airgap Install + +Palette can be installed in a VMware environment without internet access, known as an air gap installation, which requires advance download of the following: + - Platform manifests + - Required platform packages + - Container images for core components + - Third-party dependencies + - Palette packs + +## Download Palette Installer + +To request the Palette self-hosted installer image, contact our Support team by sending an email to support@spectrocloud.com. Kindly provide the following information in your email: + +- Your full name +- Organization name (if applicable) +- Email address +- Phone number (optional) +- A brief description of your intended use for the Palette Self-host installer image. + +Our dedicated support team will promptly get in touch with you to provide the necessary assistance and share the installer image. + +If you have any questions or concerns, please feel free to contact support@spectrocloud.com. + + +## Upgrade Notes + +Review the [Upgrade Notes](upgrade.md) before attempting to upgrade Palette. + + + +## Resources + + +* [System Requirements](on-prem-system-requirements.md) + + +* [Quick Start Mode](deploying-the-platform-installer.md) + + +* [Enterprise Mode](deploying-an-enterprise-cluster.md) + + +* [Helm Chart Mode](deploying-palette-with-helm.md) + + +* [System Console Dashboard](system-console-dashboard.md) + + +* [Creating a VMware Cloud Gateway](../clusters/data-center/vmware.md#install-pcg) + + +* [Create VMware Cloud Account](../clusters/data-center/vmware.md#create-vmware-cloud-gateway) + + +* [Deploy a VMware Cluster](../clusters/data-center/vmware#deploy-a-vmware-cluster) + + +* [PCG Troubleshooting](../troubleshooting/pcg.md) + + +* [Upgrade Notes](upgrade.md) + + + + diff --git a/docs/docs-content/enterprise-version/helm-chart-install-reference.md b/docs/deprecated/enterprise-version/helm-chart-install-reference.md similarity index 100% rename from docs/docs-content/enterprise-version/helm-chart-install-reference.md rename to docs/deprecated/enterprise-version/helm-chart-install-reference.md diff --git a/docs/docs-content/enterprise-version/monitoring.md b/docs/deprecated/enterprise-version/monitoring.md similarity index 100% rename from docs/docs-content/enterprise-version/monitoring.md rename to docs/deprecated/enterprise-version/monitoring.md diff --git a/docs/docs-content/enterprise-version/on-prem-system-requirements.md b/docs/deprecated/enterprise-version/on-prem-system-requirements.md similarity index 100% rename from docs/docs-content/enterprise-version/on-prem-system-requirements.md rename to docs/deprecated/enterprise-version/on-prem-system-requirements.md diff --git a/docs/deprecated/enterprise-version/reverse-proxy.md b/docs/deprecated/enterprise-version/reverse-proxy.md new file mode 100644 index 0000000000..438fc5311e --- /dev/null +++ b/docs/deprecated/enterprise-version/reverse-proxy.md @@ -0,0 +1,252 @@ +--- +sidebar_label: "Configure Reverse Proxy" +title: "Configure Reverse Proxy" +description: "Learn how to configure a reverse proxy for Palette." +icon: "" +hide_table_of_contents: false +sidebar_position: 80 +--- + +You can configure a reverse proxy for Palette. The reverse proxy can be used by host clusters deployed in a private network. Host clusters deployed in a private network are not accessible from the public internet or by users in different networks. You can use a reverse proxy to access the cluster's Kubernetes API server from a different network. + +When you configure reverse proxy server for Palette, clusters that use the [Spectro Proxy pack](../integrations/frp.md) will use the reverse proxy server address in the kubeconfig file. Clusters not using the Spectro Proxy pack will use the default cluster address in the kubeconfig file. + + +Use the following steps to configure a reverse proxy server for Palette. + +## Prerequisites + + +- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) is installed and available. + + +- [Helm](https://helm.sh/docs/intro/install/) is installed and available. + + +- Access to the kubeconfig file of the Palette Kubernetes cluster. You can download the kubeconfig file from the Palette system console. Navigate to **Enterprise System Migration**, select the Palette cluster, and click the **Download Kubeconfig** button for the cluster. + + +- A domain name that you can use for the reverse proxy server. You will also need access to the DNS records for the domain so that you can create a CNAME DNS record for the reverse proxy server load balancer. + + +- Ensure you have an SSL certificate that matches the domain name you will assign to Spectro Proxy. You will need this to enable HTTPS encryption for the Spectro Proxy. Contact your network administrator or security team to obtain the SSL certificate. You need the following files: + - x509 SSL certificate file in base64 format + + - x509 SSL certificate key file in base64 format + + - x509 SSL certificate authority file in base64 format + + +- The Spectro Proxy server must have internet access and network connectivity to the private network where the Kubernetes clusters are deployed. + + +## Enablement + +1. Open a terminal session and navigate to the directory where you stored the **values.yaml** for the Palette installation. + + +2. Use a text editor and open the **values.yaml** file. Locate the `frps` section and update the following values in the **values.yaml** file. Refer to the [Spectro Proxy Helm Configuration](helm-chart-install-reference.md#spectro-proxy) to learn more about the configuration options. + + | **Parameter** | **Description** | **Type** | + | --- | --- | ---| + | `enabled`| Set to `true` to enable the Spectro Proxy server. | boolean | + | `frps.frpHostURL`| The domain name you will use for the Spectro Proxy server. For example, `frps.example.com`. | + | `server.crt`| The x509 SSL certificate file in base64 format. | + | `server.key`| The x509 SSL certificate key file in base64 format. | + | `ca.crt`| The x509 SSL certificate authority file in base64 format. | + +
+ + The following is an example of the `frps` section in the **values.yaml** file. The SSL certificate files are truncated for brevity. + +
+ + ```yaml + frps: + frps: + enabled: true + frpHostURL: "frps.palette.example.com" + server: + crt: "LS0tLS1CRU...........tCg==" + key: "LS0tLS1CRU...........tCg==" + ca: + crt : "LS0tLS1CRU...........tCg==" + ``` + + +3. Issue the `helm upgrade` command to update the Palette Kubernetes configuration. The command below assumes you are in the folder that contains the **values.yaml** file and the Palette Helm chart. Change the directory path if needed. + +
+ + ```bash + helm upgrade --values values.yaml hubble spectro-mgmt-plane-0.0.0.tgz --install + ``` + + +4. After the new configurations are accepted, use the following command to get the IP address of the Spectro Proxy server's load balancer. + +
+ + ```bash + kubectl get svc --namespace proxy-system spectro-proxy-svc + ``` +5. Update the DNS records for the domain name you used for the Spectro Proxy server. Create a CNAME record that points to the IP address of the Spectro Proxy server's load balancer. + + +6. Log in to the Palette System API by using the `/v1/auth/syslogin` endpoint. Use the `curl` command below and replace the URL with the custom domain URL you assigned to Palette, or use the IP address. Ensure you replace the credentials below with your system console credentials. + +
+ + ```bash + curl --insecure --location 'https://palette.example.com/v1/auth/syslogin' \ + --header 'Content-Type: application/json' \ + --data '{ + "password": "**********", + "username": "**********" + }' + ``` + Output + ```json hideClipboard + { + "Authorization": "**********.", + "IsPasswordReset": true + } + ``` + +7. Using the output you received, copy the authorization value to your clipboard and assign it to a shell variable. Replace the authorization value below with the value from the output. + +
+ + ```shell hideClipboard + TOKEN=********** + ``` + +8. Next, prepare a payload for the`/v1/system/config/` endpoint. This endpoint is used to configure Palette to use a reverse proxy. The payload requires the following parameters: + +
+ + | **Parameter** | **Description** | **Type** | + | --- | --- | --- | + | `caCert`| The x509 SSL certificate authority file in base64 format. | string | + | `clientCert`| The x509 SSL certificate file in base64 format. | string | + | `clientKey`| The x509 SSL certificate key file in base64 format. | string | + | `port` | The port number for the reverse proxy server. We recommend using port `443`. | integer | + | `protocol` | The protocol to use for the reverse proxy server. We recommend using `https`. | string | + | `server`| The domain name you will use for the Spectro Proxy server. For example, `frps.example.com`. Do not include the HTTP schema in the value. | string | + + The following is an example payload. The SSL certificate files are truncated for brevity. + +
+ + ```json hideClipboard + { + "caCert": "-----BEGIN CERTIFICATE-----\n.............\n-----END CERTIFICATE-----", + "clientCert": "-----BEGIN CERTIFICATE-----\n..........\n-----END CERTIFICATE-----", + "clientKey": "-----BEGIN RSA PRIVATE KEY-----\n........\n-----END RSA PRIVATE KEY-----", + "port": 443, + "protocol": "https", + "server": "frps.palette.example.com.com" + } + ``` + +
+ + :::info + + You can save the payload to a file and use the `cat` command to read the file contents into the `curl` command. For example, if you save the payload to a file named `payload.json`, you can use the following command to read the file contents into the `curl` command. You can also save the payload as a shell variable and use the variable in the `curl` command. + + ::: + + +
+ +9. Issue a PUT request using the following `curl` command. Replace the URL with the custom domain URL you assigned to Palette or use the IP address. You can use the `TOKEN` variable you created earlier for the authorization header. Ensure you replace the payload below with the payload you created in the previous step. + +
+ + ```bash + curl --insecure --silent --include --output /dev/null -w "%{http_code}" --location --request PUT 'https://palette.example.com/v1/system/config/reverseproxy' \ + --header "Authorization: $TOKEN" \ + --header 'Content-Type: application/json' \ + --data ' { + "caCert": "-----BEGIN CERTIFICATE-----\n................\n-----END CERTIFICATE-----\n", + "clientCert": "-----BEGIN CERTIFICATE-----\n.............\n-----END CERTIFICATE-----", + "clientKey": "-----BEGIN RSA PRIVATE KEY-----\n............\n-----END RSA PRIVATE KEY-----\n", + "port": 443, + "protocol": "https", + "server": "frps.palette.example.com.com" + }' + ``` + + A successful response returns a `204` status code. + + Output + ```shell hideClipboard + 204 + ``` + +You now have a Spectro Proxy server that you can use to access Palette clusters deployed in a different network. Make sure you add the [Spectro Proxy pack](../integrations/frp.md) to the clusters you want to access using the Spectro Proxy server. + + +## Validate + +Use the following command to validate that the Spectro Proxy server is active. + +
+ + + +1. Open a terminal session. + + +2. Log in to the Palette System API by using the `/v1/auth/syslogin` endpoint. Use the `curl` command below and replace the URL with the custom domain URL you assigned to Palette or use the IP address. Ensure you replace the credentials below with your system console credentials. + +
+ + ```bash + curl --insecure --location 'https://palette.example.com/v1/auth/syslogin' \ + --header 'Content-Type: application/json' \ + --data '{ + "password": "**********", + "username": "**********" + }' + ``` + Output + ```json hideClipboard + { + "Authorization": "**********.", + "IsPasswordReset": true + } + ``` + +3. Using the output you received, copy the authorization value to your clipboard and assign it to a shell variable. Replace the authorization value below with the value from the output. + +
+ + ```shell hideClipboard + TOKEN=********** + ``` + +4. Query the system API endpoint `/v1/system/config/reverseproxy` to verify the current reverse proxy settings applied to Palette. Use the `curl` command below and replace the URL with the custom domain URL you assigned to Palette, or use the IP address. You can use the `TOKEN` variable you created earlier for the authorization header. + +
+ + ```bash + curl --location --request GET 'https://palette.example.com/v1/system/config/reverseproxy' \ + --header "Authorization: $TOKEN" + ``` + + If the proxy server is configured correctly, you will receive an output similar to the following that contains your settings. The SSL certificate outputs are truncated for brevity. + +
+ + ```json hideClipboard + { + "caCert": "-----BEGIN CERTIFICATE-----\n...............\n-----END CERTIFICATE-----\n", + "clientCert": "-----BEGIN CERTIFICATE-----\n...........\n-----END CERTIFICATE-----", + "clientKey": "-----BEGIN RSA PRIVATE KEY-----\n........\n-----END RSA PRIVATE KEY-----\n", + "port": 443, + "protocol": "https", + "server": "frps.palette.example.com" + } + ``` \ No newline at end of file diff --git a/docs/deprecated/enterprise-version/ssl-certificate-management.md b/docs/deprecated/enterprise-version/ssl-certificate-management.md new file mode 100644 index 0000000000..d4d48c6a74 --- /dev/null +++ b/docs/deprecated/enterprise-version/ssl-certificate-management.md @@ -0,0 +1,81 @@ +--- +sidebar_label: "SSL Certificate Management" +title: "SSL Certificate Management" +description: "Upload and manage SSL certificates in Palette." +icon: "" +hide_table_of_contents: false +sidebar_position: 90 +--- + + +When you install Palette, a self-signed certificate is generated and used by default. You can upload your own SSL certificate to replace the default certificate. + +Palette uses SSL certificates to secure external communication. Palette's internal communication is default secured by default and uses HTTPS. External communication with Palette, such as the system console, gRPC endpoint, and API endpoint, requires you to upload an SSL certificate to enable HTTPS. + + +:::info + +Enabling HTTPS is a non-disruptive operation. You can enable HTTPS at any time without affecting the system's functionality. + +::: + + +## Upload an SSL Certificate + +You can upload an SSL certificate in Palette by using the following steps. + + +### Prerequisites + +- Access to the Palette system console. + + +- You need to have an x509 certificate and a key file in PEM format. The certificate file must contain the full certificate chain. Reach out to your network administrator or security team if you do not have these files. + + +- Ensure the certificate is created for the custom domain name you specified for your Palette installation. If you did not specify a custom domain name, the certificate must be created for the Palette system console's IP address. You can also specify a load balancer's IP address if you are using a load balancer to access Palette. + + +### Enablement + +1. Log in to the Palette system console. + + +2. Navigate to the left **Main Menu** and select **Administration**. + + +3. Select the tab titled **Certificates**. + + +4. Copy and paste the certificate into the **Certificate** field. + + +5. Copy and paste the certificate key into the **Key** field. + + +6. Copy and paste the certificate authority into the **Certificate authority** field. + + +
+ + ![A view of the certificate upload screen](/enterprise-version_ssl-certificate-upload.png) + +
+ +7. Save your changes. + +If the certificate is invalid, you will receive an error message. Once the certificate is uploaded successfully, Palette will refresh its listening ports and start using the new certificate. + + +### Validate + +You can validate that your certificate is uploaded correctly by using the following steps. + + +1. Log out of the Palette system console. If you are already logged in, log out and close your browser session. Browsers cache connections and may not use the newly enabled HTTPS connection. Closing your existing browser session avoids issues related to your browser caching an HTTP connection. + + +2. Log back into the Palette system console. Ensure the connection is secure by checking the URL. The URL should start with `https://`. + + +Palette is now using your uploaded certificate to create a secure HTTPS connection with external clients. Users can now securely access the system console, gRPC endpoint, and API endpoint. \ No newline at end of file diff --git a/docs/docs-content/enterprise-version/system-console-dashboard.md b/docs/deprecated/enterprise-version/system-console-dashboard.md similarity index 100% rename from docs/docs-content/enterprise-version/system-console-dashboard.md rename to docs/deprecated/enterprise-version/system-console-dashboard.md diff --git a/docs/deprecated/enterprise-version/upgrade.md b/docs/deprecated/enterprise-version/upgrade.md new file mode 100644 index 0000000000..a13a1bc889 --- /dev/null +++ b/docs/deprecated/enterprise-version/upgrade.md @@ -0,0 +1,81 @@ +--- +sidebar_label: "Upgrade Notes" +title: "Upgrade Notes" +description: "Spectro Cloud upgrade notes for specific Palette versions." +icon: "" +hide_table_of_contents: false +sidebar_position: 100 +--- + +This page is a reference resource to help you better prepare for a Palette upgrade. Review each version's upgrade notes for more information about required actions and other important messages to be aware of. If you have questions or concerns, reach out to our support team by opening up a ticket through our [support page](http://support.spectrocloud.io/). + +## Palette 4.0 + +Palette 4.0 includes the following major enhancements that require user intervention to facilitate the upgrade process. + +- **Enhanced security for Palette microservices** - To enhance security, all microservices within Palette now use `insecure-skip-tls-verify` set to `false`. When upgrading to Palette 4.0, you must provide a valid SSL certificate in the system console. + + If you already have an SSL certificate, key, and Certificate Authority (CA) certificate, you can use them when upgrading to Palette 4.0.0. To learn how to upload SSL certificates to Palette, refer to [SSL Certificate Management](ssl-certificate-management.md). + + +- **Self-hosted Palette Kubernetes Upgrade** - If you installed Palette using the Helm Chart method, the Kubernetes version used for Palette is upgraded from version 1.24 to 1.25. You will need to copy the new Kubernetes YAML to the Kubernetes layer in the Enterprise cluster profile. If you have customized your Kubernetes configuration, you will need to manually adjust custom values and include any additional configuration in the upgraded YAML that we provide. Refer to [Upgrade Kubernetes](upgrade.md#upgrade-kubernetes). + +### Upgrade from Palette 3.x to 4.0 + +From the Palette system console, click the **Update version** button. Palette will be temporarily unavailable while system services update. + +![Screenshot of the "Update version" button in the system consoles.](/enterprise-version_sys-console-update-palette-version.png) + +#### Upgrade Kubernetes + +Follow the steps below to upgrade Kubernetes. + +
+ +1. To obtain the upgraded Kubernetes YAML file for Palette 4.0, contact our support team by sending an email to support@spectrocloud.com. + + +2. In the system console, click on **Enterprise Cluster Migration**. + + +3. Click on the **Profiles** tab, and select the Kubernetes layer. The Kubernetes YAML is displayed in the editor at right. + + +4. If the existing Kubernetes YAML has been customized or includes additional configuration, we suggest you create a backup of it by copying it to another location. + + +5. Copy the Kubernetes YAML you received from our support team and paste it into the editor. + +
+ + ![Screenshot of the Kubernetes YAML editor.](/enterprise-version_upgrade_ec-cluster-profile.png) + + +6. If you have made any additional configuration changes or additions, add your customizations to the new YAML. + + +7. Save your changes. + +The Enterprise cluster initiates the Kubernetes upgrade process and leads to the reconciliation of all three nodes. + + +## Palette 3.4 + +Prior versions of Palette installed internal Palette components' ingress resources in the default namespace. The new version of the Helm Chart ensures all Palette required ingress resources are installed in the correct namespace. Self-hosted Palette instances deployed to Kubernetes and upgrading from Palette versions 3.3.X or older must complete the following action. + + +1. Connect to the cluster using the cluster's kubeconfig file. + + + +2. Identify all Ingress resources that belong to *Hubble* - an internal Palette component. + + ```shell + kubectl get ingress --namespace default + ``` + +3. Remove each Ingress resource listed in the output that starts with the name Hubble. Use the following command to delete an Ingress resource. Replace `REPLACE_ME` with the name of the Ingress resource you are removing. + + ```shell + kubectl delete ingress --namespace default + ``` \ No newline at end of file diff --git a/docs/docs-content/clusters/public-cloud/azure/gateways.md b/docs/docs-content/clusters/public-cloud/azure/gateways.md index 0c52da8176..36ab52f920 100644 --- a/docs/docs-content/clusters/public-cloud/azure/gateways.md +++ b/docs/docs-content/clusters/public-cloud/azure/gateways.md @@ -171,7 +171,7 @@ After getting connected to the Bastion host, establish a connection to the Targe kubectl apply -n cluster-1234abcd -f https://endpoint/v1/pcg/12345678901234/services/ally/manifest ``` -6. The self-hosted PCG will be provisioned and will start running in the Palette console. The healthy self-hosted PCG can be managed from the Palette UI page. The healthy self-hosted PCG can be linked to Azure Cloud Account (optionally) to enjoy the enhanced security benefits. We support the [PCG migration](../../../enterprise-version/enterprise-cluster-management.md#palette-pcg-migration) for the public cloud self-hosted PCGs as well. +6. The self-hosted PCG will be provisioned and will start running in the Palette console. The healthy self-hosted PCG can be managed from the Palette UI page. The healthy self-hosted PCG can be linked to Azure Cloud Account (optionally) to enjoy the enhanced security benefits. We support the [PCG migration](../../../enterprise-version/system-management/system-management.md) for the public cloud self-hosted PCGs as well. :::info diff --git a/docs/docs-content/enterprise-version/enterprise-version.md b/docs/docs-content/enterprise-version/enterprise-version.md index 80e1ae97f2..6cdc8c7a35 100644 --- a/docs/docs-content/enterprise-version/enterprise-version.md +++ b/docs/docs-content/enterprise-version/enterprise-version.md @@ -1,7 +1,7 @@ --- -sidebar_label: "Self-Hosted Installation" -title: "Self-Hosted Installation" -description: "Understanding, installing and operating Spectro Cloud's Enterprise Self-Hosted variant." +sidebar_label: "Self-Hosted Palette" +title: "Self-Hosted Palette" +description: "Learn how to install and manage a self-hosted Palette environment." hide_table_of_contents: false sidebar_custom_props: icon: "warehouse" @@ -9,93 +9,28 @@ tags: ["self-hosted", "enterprise"] --- -Palette is available as a self-hosted platform offering. You can install the self-hosted version of Palette in your data centers or public cloud providers to manage Kubernetes clusters. You can install Palette by using the following four methods: +Palette is available as a self-hosted platform offering. You can install the self-hosted version of Palette in your data centers or public cloud providers to manage Kubernetes clusters. -- [VMware Quick Start](deploying-the-platform-installer.md) +## Access Palette - -- [VMware Enterprise](deploying-an-enterprise-cluster.md) - - -- [Kubernetes Install Helm Chart](deploying-palette-with-helm.md) - - -- [AirGap Install](air-gap-repo.md) - -## VMware Quick Start - -A single-node Palette installation that is ideal for Proof of Concept (PoC) environments. Refer to the [Quick Start Installation](deploying-the-platform-installer.md) guide for more details. - -## VMware Enterprise - -A highly available multi-node Palette installation that is typically used for production purposes. Check out the [Enterprise Mode](deploying-an-enterprise-cluster.md) guide to get started. - -## Kubernetes Install Helm Chart - -Install Palette onto a Kubernetes cluster using a Helm Chart. Review the [Helm Chart Mode](deploying-palette-with-helm.md) guide to learn more. - - -## Airgap Install - -Palette can be installed in a VMware environment without internet access, known as an air gap installation, requiring pre-download of platform manifests, required platform packages, container images for core components, third-party dependencies, and Palette Packs, all sourced from a private rather than the default public Palette repository. - -## Download Palette Installer - -To request the Palette Self-hosted installer image, please contact our support team by sending an email to support@spectrocloud.com. Kindly provide the following information in your email: +To set up a Palette account, contact our support team by sending an email to support@spectrocloud.com. Include the following information in your email: - Your full name - Organization name (if applicable) - Email address - Phone number (optional) -- A brief description of your intended use for the Palette Self-host installer image. - -Our dedicated support team will promptly get in touch with you to provide the necessary assistance and share the installer image. - -If you have any questions or concerns, please feel free to contact support@spectrocloud.com. - - -## Upgrade Notes - -Review the [Upgrade Notes](upgrade.md) before attempting to upgrade Palette. - - -
- -## Resources - - -* [System Requirements](on-prem-system-requirements.md) - - -* [Quick Start Mode](deploying-the-platform-installer.md) - - -* [Enterprise Mode](deploying-an-enterprise-cluster.md) - - -* [Helm Chart Mode](deploying-palette-with-helm.md) - - -* [System Console Dashboard](system-console-dashboard.md) - - -* [Creating a VMware Cloud Gateway](../clusters/data-center/vmware.md#install-pcg) - - -* [Create VMware Cloud Account](../clusters/data-center/vmware.md#create-vmware-cloud-gateway) - - -* [Deploy a VMware Cluster](../clusters/data-center/vmware#deploy-a-vmware-cluster) - +- Target Platform (VMware or Kubernetes) +- A brief description of your intended use of Palette -* [PCG Troubleshooting](../troubleshooting/pcg.md) +Our dedicated Support team will promptly get in touch with you to provide the necessary credentials and assistance required to get started with self-hosted Palette. -* [Upgrade Notes](upgrade.md) +## Resources -
+- [Installation](install-palette/install-palette.md) -
+- [System Management](system-management/system-management.md) +- [Upgrade Notes](upgrade.md) \ No newline at end of file diff --git a/docs/docs-content/enterprise-version/install-palette/_category_.json b/docs/docs-content/enterprise-version/install-palette/_category_.json new file mode 100644 index 0000000000..094470741d --- /dev/null +++ b/docs/docs-content/enterprise-version/install-palette/_category_.json @@ -0,0 +1,3 @@ +{ + "position": 10 +} diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/_category_.json b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/_category_.json new file mode 100644 index 0000000000..094470741d --- /dev/null +++ b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/_category_.json @@ -0,0 +1,3 @@ +{ + "position": 10 +} diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/airgap-instructions.md b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/airgap-instructions.md new file mode 100644 index 0000000000..ff462b1d79 --- /dev/null +++ b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/airgap-instructions.md @@ -0,0 +1,713 @@ +--- +sidebar_label: "Airgap Instructions" +title: "Install in an Air Gap Environment" +description: "Learn how to install Palette into a Kubernetes air gap environment." +icon: "" +hide_table_of_contents: false +sidebar_position: 20 +tags: ["self-hosted", "enterprise", "air-gap"] +--- + +You can install a self-hosted version of Palette into a Lubernetes environment without direct internet access. This type of installation is referred to as an *air gap* installation. + +In a standard Palette installation, the following artifacts are downloaded by default from the public Palette repository. + +* Palette platform manifests and required platform packages. + + +* Container images for core platform components and 3rd party dependencies. + + +* Palette Packs. + + +The installation process changes a bit in an air gap environment due to the lack of internet access. Before the primary Palette installation step, you must download the three required Palette artifacts mentioned above. The other significant change is that Palette's default public repository is not used. Instead, a private repository supports all Palette operations pertaining to storing images and packages. + +The following diagram is a high-level overview of the order of operations required to deploy a self-hosted instance of Palette in an airgap environment. + + +![An architecture diagram outlining the five different install phases](/enterprise-version_air-gap-repo_overview-order-diagram.png) + + +The airgap installation can be simplified into five major phases. + + +1. Download the Open Virtual Appliance (OVA) image and deploy the instance hosting the private repository that supports the airgap environment. + + +2. The private Spectro Cloud repository is initialized, and all the Palette-required artifacts are downloaded and available. + + +3. The Palette Install OVA is deployed, configured, and initialized. + + +4. The scale-up process to a highly available three-node installation begins. + + +5. Palette is ready for usage. + + +This guide focuses on the first two installation phases, as the remaining ones are covered in the [Instructions](install.md) guide. + + +## Prerequisites + +* The following minimum resources are required to deploy Palette. + * 2 vCPU + * 4 GB of Memory + * 100 GB of Storage. Storage sizing depends on your intended update frequency and data retention model. + +* Ensure the following ports allow inbound network traffic. + * 80 + * 443 + * 5000 + * 8000 + + +* Request the Palette self-hosted installer image and the Palette air gap installer image. To request the installer images, please contact our support team by sending an email to support@spectrocloud.com. Kindly provide the following information in your email: + + - Your full name + - Organization name (if applicable) + - Email address + - Phone number (optional) + - A brief description of your intended use for the Palette Self-host installer image. + +Our dedicated support team will promptly get in touch with you to provide the necessary assistance and share the installer image. + +If you have any questions or concerns, please feel free to contact support@spectrocloud.com. + + +## Deploy Air Gapped Appliance + + +1. Log in to vCenter Server by using the vSphere Client. + + +2. Navigate to the Datacenter and select the cluster you want to use for the installation. Right-click on the cluster and select **Deploy OVF Template**. + + +3. Select the airgap OVA installer image you downloaded after receiving guidance from our support team. + + +4. Select the folder where you want to install the Virtual Machine (VM) and assign a name to the VM. + + +5. Next, select the compute resource. + + +6. Review the details page. You may get a warning message stating the certificate is not trusted. You can ignore the message and click **Next**. + + +7. Select your storage device and storage policy. Click on **Next** to proceed. + + +8. Choose a network for your appliance and select **Next**. + + +9. Fill out the remaining template customization options. You can modify the following input fields.

+ + | Parameter | Description | Default Value | + | --- | --- | -- | + | **Encoded user-data** | In order to fit into an XML attribute, this value is base64 encoded. This value will be decoded, and then processed normally as user-data. | - | + | **ssh public keys** | This field is optional but indicates that the instance should populate the default user's `authorized_keys` with the provided public key. | -| + | **Default User's password** | Setting this value allows password-based login. The password will be good for only a single login. If set to the string `RANDOM` then a random password will be generated, and written to the console. | - | + | **A Unique Instance ID for this instance** | Specifies the instance id. This is required and used to determine if the machine should take "first boot" actions| `id-ovf`| + | **Hostname** | Specifies the hostname for the appliance. | `ubuntuguest` | + | **URL to seed instance data from** | This field is optional but indicates that the instance should 'seed' user-data and meta-data from the given URL.| -| + +10. Click on **Next** to complete the deployment wizard. Upon completion, the cloning process will begin. The cloning process takes a few minutes to complete. + + +11. Power on the VM and click on the **Launch Web Console** button to access the instance's terminal. + + +12. Configure a static IP address on the node by editing **/etc/netplan/50-cloud-init.yaml**. + + ```shell + sudo vi /etc/netplan/50-cloud-init.yaml + ``` + + Use the following sample configuration as a starting point but feel free to change the configuration file as required for your environment. To learn more about Netplan, check out the [Netplan configuration examples](https://netplan.io/examples) from Canonical. + +
+ + ```yaml + network: + version: 2 + renderer: networkd + ethernets: + ens192: + dhcp4: false + addresses: + - 10.10.244.9/18 # your static IP and subnet mask + gateway4: 10.10.192.1 # your gateway IP + nameservers: + addresses: [10.10.128.8] # your DNS nameserver IP address. + ``` + + To exit Vi, press the **ESC** key and type `:wq` followed by the **Enter** key.

+ +13. Issue the `netplan` command to update the network settings. + +
+ + ```shell + sudo netplan apply + ``` + +14. Give the instance one to two minutes before issuing the following command. The next step is to start the airgap setup script that stands up the Spectro Repository. Issue the command below and replace `X.X.X.X` with the static IP you provided to the Netplan configuration file. + +
+ + ```shell + sudo /opt/spectro/airgap-setup.sh X.X.X.X + ``` + + Record the output of the setup command as you will use it when deploying the Quick Start appliance later on in the installation process. + + Example Output: + ```shell hideClipboard + Setting up Manifests + Setting up Manifests + Setting up SSL Certs + Setup Completed + + Details: + ------- + Spectro Cloud Repository + UserName: XXXXXXXXX + Password: XXXXXXXXXX + Location: https://10.10.249.12 + Artifact Repo Certificate: + LS0tLS1CRUdJ............. + + Pack Registry + URL: https://10.10.249.12:5000 + Username: XXXXXXXXX + Password: XXXXXXXXX + ``` + +15. If you need to configure the instance with proxy settings, go ahead and do so now. You can configure proxy settings by using environment variables. Replace the values with your environment's respective values. + +
+ + ```shell + export http_proxy=http://10.1.1.1:8888 + export https_proxy=https://10.1.1.1:8888 + export no_proxy=.example.dev,10.0.0.0/8 + ``` + +16. The next set of steps will download the required binaries to support a Palette installation, such as the Palette Installer, required Kubernetes packages, and kubeadm packages. You can download these artifacts from the instance, or externally and transfer them to the instance. Click on each tab for further guidance. + +
+ + :::caution + + You must download the following three resources. Our support team will provide you with the credentials and download URL. + Click on each tab to learn more about each resource and steps for downloading. + + ::: + +
+ + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/airgap-v3.3.15.bin \ + --output airgap-k8s-v3.3.15.bin + ``` + +:::tip + + If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-k8s-v3.3.15.bin && sudo ./airgap-k8s-v3.3.15.bin + ``` + + Example Output: + ```shell + sudo ./airgap-k8s-v3.3.15.bin + Verifying archive integrity... 100% MD5 checksums are OK. All good. + Uncompressing Airgap K8S Images Setup - Version 3.3.15 100% + Setting up Packs + Setting up Images + - Pushing image k8s.gcr.io/kube-controller-manager:v1.22.10 + - Pushing image k8s.gcr.io/kube-proxy:v1.22.10 + - Pushing image k8s.gcr.io/kube-apiserver:v1.22.10 + - Pushing image k8s.gcr.io/kube-scheduler:v1.22.10 + … + Setup Completed + ``` + + + + + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/airgap-k8s-v3.3.15.bin \ + --output airgap-k8s-v3.3.15.bin + ``` + + +:::tip + + If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-k8s-v3.3.15.bin && sudo ./airgap-k8s-v3.3.15.bin + ``` + + Example Output: + ```shell + sudo ./airgap-k8s-v3.3.15.bin + Verifying archive integrity... 100% MD5 checksums are OK. All good. + Uncompressing Airgap K8S Images Setup - Version 3.3.15 100% + Setting up Packs + Setting up Images + - Pushing image k8s.gcr.io/kube-controller-manager:v1.22.10 + - Pushing image k8s.gcr.io/kube-proxy:v1.22.10 + - Pushing image k8s.gcr.io/kube-apiserver:v1.22.10 + - Pushing image k8s.gcr.io/kube-scheduler:v1.22.10 + … + Setup Completed + ``` + + + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-kubeadm.bin \ + --output airgap-edge-kubeadm.bin + ``` + +:::tip + + If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-edge-kubeadm.bin && sudo ./airgap-edge-kubeadm.bin + ``` + + Example Output: + ```shell + sudo ./airgap-edge-kubeadm.bin + Verifying archive integrity... 100% MD5 checksums are OK. All good. + Uncompressing Airgap Edge Packs - Kubeadm Images 100% + Setting up Images + - Skipping image k8s.gcr.io/coredns/coredns:v1.8.6 + - Pushing image k8s.gcr.io/etcd:3.5.1-0 + - Pushing image k8s.gcr.io/kube-apiserver:v1.23.12 + - Pushing image k8s.gcr.io/kube-controller-manager:v1.23.12 + - Pushing image k8s.gcr.io/kube-proxy:v1.23.12 + … + Setup Completed + ``` + + + + + + + + +17. If you will be using Edge deployments, go ahead and download the packages your Edge deployments will need. If you are not planning to use Edge, skip to end. You can come back to this step in the future and add the packages if needed. Click on the `...` tab for additional options. + + + + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu22-k3s.bin \ + --output airgap-edge-ubuntu22-k3s.bin + ``` + +:::tip + + If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-edge-ubuntu22-k3s.bin && sudo ./airgap-edge-ubuntu22-k3s.bin + ``` + + + + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu22-rke.bin \ + --output airgap-edge-ubuntu22-rke.bin + ``` + +:::tip + + If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-edge-ubuntu22-rke.bin && sudo ./airgap-edge-ubuntu22-rke.bin + ``` + + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu22-kubeadm.bin \ + --output airgap-edge-ubuntu22-kubeadm.bin + ``` + +:::tip + +If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-edge-ubuntu22-kubeadm.bin && sudo ./airgap-edge-ubuntu22-kubeadm.bin + ``` + + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu20-k3s.bin \ + --output airgap-edge-ubuntu20-k3s.bin + ``` + +:::tip + +If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-edge-ubuntu20-k3s.bin && sudo ./airgap-edge-ubuntu20-k3s.bin + ``` + + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu20-rke.bin \ + --output airgap-edge-ubuntu20-rke.bin + ``` + +:::tip + +If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-edge-ubuntu20-rke.bin && sudo ./airgap-edge-ubuntu20-rke.bin + ``` + + + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu20-kubeadm.bin \ + --output airgap-edge-ubuntu20-kubeadm.bin + ``` + +:::tip + +If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-edge-ubuntu20-kubeadm.bin && sudo ./airgap-edge-ubuntu20-kubeadm.bin + ``` + + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-opensuse-k3s.bin \ + --output airgap-edge-opensuse-k3s.bin + ``` + +:::tip + +If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-edge-opensuse-k3s.bin && sudo ./airgap-edge-opensuse-k3s.bin + ``` + + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-opensuse-rke.bin \ + --output airgap-edge-opensuse-rke.bin + ``` + +:::tip + +If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-edge-opensuse-rke.bin && sudo ./airgap-edge-opensuse-rke.bin + ``` + + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-opensuse-kubeadm.bin \ + --output airgap-edge-opensuse-kubeadm.bin + ``` + +:::tip + +If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-edge-opensuse-kubeadm.bin && sudo ./airgap-edge-opensuse-kubeadm.bin + ``` + + + + + + + +---- + + +The next step of the installation process is to begin the deployment of an appliance using the instructions in the [Instructions](install.md) guide. If you need to review the Spectro Cloud Repository details, issue the following command for detailed output. + +
+ +```shell +sudo /bin/airgap-setup.sh +``` + +
+ +:::info + +You can review all the logs related to the setup of the private Spectro repository in **/tmp/airgap-setup.log**. + +::: + + +## Validate + +You can validate that the Spectro Repository you deployed is available and ready for the next steps of the installation process. If you provided the appliance with an SSH key then you can skip to step five. + + +1. Log in to vCenter Server by using the vSphere Client. + + +2. Navigate to your Datacenter and locate your VM. Click on the VM to access its details page. + + +3. Power on the VM. + + +4. Click on **Launch Web Console** to access the terminal. + + +5. Log in with the user `ubuntu` and the user password you specified during the installation. If you are using SSH, use the following command, and ensure you specify the path to your SSH private key and replace the IP address with your appliance's static IP. + +
+ + ```shell + ssh --identity_file ~/path/to/your/file ubuntu@10.1.1.1 + ``` + + +6. Verify the registry server is up and available. Replace the `10.1.1.1` value with your appliance's IP address. + +
+ + ```shell + curl --insecure https://10.1.1.1:5000/health + ``` + + Example Output: + ```shell + {"status":"UP"} + ``` + +7. Ensure you can log into your registry server. Use the credentials provided to you by the `airgap-setup.sh` script. Replace the `10.1.1.1` value with your appliance's IP address. + +
+ + ```shell + curl --insecure --user admin:admin@airgap https://10.1.1.1:5000/v1/_catalog + ``` + + Example Output: + ``` + {"metadata":{"lastUpdatedTime":"2023-04-11T21:12:09.647295105Z"},"repositories":[{"name":"amazon-linux-eks","tags":[]},{"name":"aws-efs","tags":[]},{"name":"centos-aws","tags":[]},{"name":"centos-azure","tags":[]},{"name":"centos-gcp","tags":[]},{"name":"centos-libvirt","tags":[]},{"name":"centos-vsphere","tags":[]},{"name":"cni-aws-vpc-eks","tags":[]},{"name":"cni-aws-vpc-eks-helm","tags":[]},{"name":"cni-azure","tags":[]},{"name":"cni-calico","tags":[]},{"name":"cni-calico-azure","tags":[]},{"name":"cni-cilium-oss","tags":[]},{"name":"cni-custom","tags":[]},{"name":"cni-kubenet","tags":[]},{"name":"cni-tke-global-router","tags":[]},{"name":"csi-aws","tags":[]},{"name":"csi-aws-ebs","tags":[]},{"name":"csi-aws-efs","tags":[]},{"name":"csi-azure","tags":[]},{"name":"csi-gcp","tags":[]},{"name":"csi-gcp-driver","tags":[]},{"name":"csi-longhorn","tags":[]},{"name":"csi-longhorn-addon","tags":[]},{"name":"csi-maas-volume","tags":[]},{"name":"csi-nfs-subdir-external","tags":[]},{"name":"csi-openstack-cinder","tags":[]},{"name":"csi-portworx-aws","tags":[]},{"name":"csi-portworx-gcp","tags":[]},{"name":"csi-portworx-generic","tags":[]},{"name":"csi-portworx-vsphere","tags":[]},{"name":"csi-rook-ceph","tags":[]},{"name":"csi-rook-ceph-addon","tags":[]},{"name":"csi-tke","tags":[]},{"name":"csi-topolvm-addon","tags":[]},{"name":"csi-vsphere-csi","tags":[]},{"name":"csi-vsphere-volume","tags":[]},{"name":"edge-k3s","tags":[]},{"name":"edge-k8s","tags":[]},{"name":"edge-microk8s","tags":[]},{"name":"edge-native-byoi","tags":[]},{"name":"edge-native-opensuse","tags":[]},{"name":"edge-native-ubuntu","tags":[]},{"name":"edge-rke2","tags":[]},{"name":"external-snapshotter","tags":[]},{"name":"generic-byoi","tags":[]},{"name":"kubernetes","tags":[]},{"name":"kubernetes-aks","tags":[]},{"name":"kubernetes-coxedge","tags":[]},{"name":"kubernetes-eks","tags":[]},{"name":"kubernetes-eksd","tags":[]},{"name":"kubernetes-konvoy","tags":[]},{"name":"kubernetes-microk8s","tags":[]},{"name":"kubernetes-rke2","tags":[]},{"name":"kubernetes-tke","tags":[]},{"name":"portworx-add-on","tags":[]},{"name":"spectro-mgmt","tags":[]},{"name":"tke-managed-os","tags":[]},{"name":"ubuntu-aks","tags":[]},{"name":"ubuntu-aws","tags":[]},{"name":"ubuntu-azure","tags":[]},{"name":"ubuntu-coxedge","tags":[]},{"name":"ubuntu-edge","tags":[]},{"name":"ubuntu-gcp","tags":[]},{"name":"ubuntu-libvirt","tags":[]},{"name":"ubuntu-maas","tags":[]},{"name":"ubuntu-openstack","tags":[]},{"name":"ubuntu-vsphere","tags":[]},{"name":"volume-snapshot-controller","tags":[]}],"listMeta":{"continue":""}} + ``` + + +8. Next, validate the Spectro repository is available. Replace the IP with your appliance's IP address. + + ```shell + curl --insecure --user spectro:admin@airgap https://10.1.1.1 + ``` + + Output: + ```html hideClipboard + + + + Welcome to nginx! + + + +

Welcome to nginx!

+

If you see this page, the nginx web server is successfully installed and + working. Further configuration is required.

+ +

For online documentation and support please refer to + nginx.org.
+ Commercial support is available at + nginx.com.

+ +

Thank you for using nginx.

+ + + ``` diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/install-on-kubernetes.md b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/install-on-kubernetes.md new file mode 100644 index 0000000000..5382ec10da --- /dev/null +++ b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/install-on-kubernetes.md @@ -0,0 +1,24 @@ +--- +sidebar_label: "Kubernetes" +title: "Kubernetes" +description: "Learn how to install Palette on Kubernetes." +icon: "" +hide_table_of_contents: false +tags: ["palette", "self-hosted", "kubernetes"] +--- + + +Palette can be installed on Kubernetes with internet connectivity or an airgap environment. When you install Palette, a three-node cluster is created. You use a Helm chart our support team provides to install Palette on Kubernetes. Refer to [Access Palette](../../enterprise-version.md#access-palette) for instructions on requesting access to the Helm Chart. + + +To get started with Palette on Kubernetes, refer to the [Install Instructions](install.md) guide. + +## Resources + +- [Install Instructions](install.md) + + +- [Airgap Install Instructions](airgap-instructions.md) + + +- [Helm Configuration Reference](palette-helm-ref.md) diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/install.md b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/install.md new file mode 100644 index 0000000000..6fa86484c6 --- /dev/null +++ b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/install.md @@ -0,0 +1,308 @@ +--- +sidebar_label: "Instructions" +title: "Instructions" +description: "Learn how to deploy self-hosted Palette to a Kubernetes cluster using a Helm Chart." +icon: "" +hide_table_of_contents: false +sidebar_position: 10 +tags: ["self-hosted", "enterprise"] +--- + + +You can use the Palette Helm Chart to install Palette in a multi-node Kubernetes cluster in your production environment. + +This installation method is common in secure environments with restricted network access that prohibits using Palette SaaS. Review our [architecture diagrams](../../../architecture/networking-ports.md) to ensure your Kubernetes cluster has the necessary network connectivity for Palette to operate successfully. + + + +## Prerequisites + +- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) is installed and available. + + +- [Helm](https://helm.sh/docs/intro/install/) is installed and available. + + +- Access to the target Kubernetes cluster's kubeconfig file. You must be able to interact with the cluster using `kubectl` commands and have sufficient permissions to install Palette. We recommend using a role with cluster-admin permissions to install Palette. + + +- The Kubernetes cluster must be set up on a supported version of Kubernetes, which includes versions v1.25 to v1.27. + + + +- Ensure the Kubernetes cluster does not have Cert Manager installed. Palette requires a unique Cert Manager configuration to be installed as part of the installation process. If Cert Manager is already installed, you must uninstall it before installing Palette. + + +- The Kubernetes cluster must have a Container Storage Interface (CSI) installed and configured. Palette requires a CSI to store persistent data. You may install any CSI that is compatible with your Kubernetes cluster. + + + +- We recommended the following resources for Palette. Refer to the [Palette size guidelines](../install-palette.md#size-guidelines) for additional sizing information. + + - 8 CPUs per node. + + - 16 GB Memory per node. + + - 100 GB Disk Space per node. + + - A Container Storage Interface (CSI) for persistent data. + + - A minimum of three worker nodes or three untainted control plane nodes. + + +- The following network ports must be accessible for Palette to operate successfully. + + - TCP/443: Inbound and outbound to and from the Palette management cluster. + + - TCP/6443: Outbound traffic from the Palette management cluster to the deployed clusters' Kubernetes API server. + + +- Ensure you have an SSL certificate that matches the domain name you will assign to Palette. You will need this to enable HTTPS encryption for Palette. Reach out to your network administrator or security team to obtain the SSL certificate. You need the following files: + + - x509 SSL certificate file in base64 format. + + - x509 SSL certificate key file in base64 format. + + - x509 SSL certificate authority file in base64 format. + + +- Ensure the OS and Kubernetes cluster you are installing Palette onto is FIPS-compliant. Otherwise, Palette and its operations will not be FIPS-compliant. + + +- A custom domain and the ability to update Domain Name System (DNS) records. You will need this to enable HTTPS encryption for Palette. + + +- Access to the Palette Helm Charts. Refer to the [Access Palette](../../enterprise-version.md#access-palette) for instructions on how to request access to the Helm Chart + + + +
+ +:::caution + +Do not use a Palette-managed Kubernetes cluster when installing Palette. Palette-managed clusters contain the Palette agent and Palette-created Kubernetes resources that will interfere with the installation of Palette. + +::: + + +## Install Palette + +Use the following steps to install Palette on Kubernetes. + + +:::info + +The following instructions are written agnostic to the Kubernetes distribution you are using. Depending on the underlying infrastructure provider and your Kubernetes distribution, you may need to modify the instructions to match your environment. Reach out to our support team if you need assistance. + +::: + + +1. Open a terminal session and navigate to the directory where you downloaded the Palette Helm Charts provided by our support. We recommend you place all the downloaded files into the same directory. You should have the following Helm Charts: + + - Spectro Management Plane Helm Chart. + + - Cert Manager Helm Chart. + + +2. Extract each Helm Chart into its directory. Use the commands below as a reference. Do this for all the provided Helm Charts. + +
+ + ```shell + tar xzvf spectro-mgmt-plane-*.tgz + ``` + +
+ + ```yaml + tar xzvf cert-manager-*.tgz + ``` + + +3. Install Cert Manager using the following command. Replace the actual file name of the Cert Manager Helm Chart with the one you downloaded, as the version number may be different. + +
+ + ```shell + helm upgrade --values cert-manager/values.yaml cert-manager cert-manager-1.11.0.tgz --install + ``` + +
+ + :::info + + The Cert Manager Helm Chart provided by our support team is configured for Palette. Do not modify the **values.yaml** file unless instructed to do so by our support team. + + ::: + + +4. Open the **values.yaml** in the **spectro-mgmt-plane** folder with a text editor of your choice. The **values.yaml** contains the default values for the Palette installation parameters, however, you must populate the following parameters before installing Palette. + +
+ + | **Parameter** | **Description** | **Type** | + | --- | --- | --- | + | `env.rootDomain` | The URL name or IP address you will use for the Palette installation. | string | + | `ociPackRegistry` or `ociPackEcrRegistry` | The OCI registry credentials for Palette FIPS packs.| object | + | `scar` | The Spectro Cloud Artifact Repository (SCAR) credentials for Palette FIPS images. These credentials are provided by our support team. | object | + + + Save the **values.yaml** file after you have populated the required parameters mentioned in the table. + +
+ + :::info + + You can learn more about the parameters in the **values.yaml** file in the [Helm Configuration Reference](palette-helm-ref.md) page. + + ::: + + + +5. Install the Palette Helm Chart using the following command. + +
+ + ```shell + helm upgrade --values spectro-mgmt-plane/values.yaml hubble spectro-mgmt-plane-0.0.0.tgz --install + ``` + + +6. Track the installation process using the command below. Palette is ready when the deployments in the namespaces `cp-system`, `hubble-system`, `ingress-nginx`, `jet-system` , and `ui-system` reach the *Ready* state. The installation takes between two to three minutes to complete. + +
+ + ```shell + kubectl get pods --all-namespaces --watch + ``` + + +7. Create a DNS CNAME record that is mapped to the Palette `ingress-nginx-controller` load balancer. You can use the following command to retrieve the load balancer IP address. You may require the assistance of your network administrator to create the DNS record. + +
+ + ```shell + kubectl get service ingress-nginx-controller --namespace ingress-nginx --output jsonpath='{.status.loadBalancer.ingress[0].hostname}' + ``` + +
+ + :::info + + As you create tenants in Palette, the tenant name is prefixed to the domain name you assigned to Palette. For example, if you create a tenant named `tenant1` and the domain name you assigned to Palette is `palette.example.com`, the tenant URL will be `tenant1.palette.example.com`. You can create an additional wildcard DNS record to map all tenant URLs to the Palette load balancer. + + ::: + + +8. Use the custom domain name or the IP address of the load balancer to visit the Palette system console. To access the system console, open a web browser and paste the custom domain URL in the address bar and append the value `/system`. Replace the domain name in the URL with your custom domain name or the IP address of the load balancer. Alternatively, you can use the load balancer IP address with the appended value `/system` to access the system console. + +
+ + :::info + + The first time you visit the Palette system console, a warning message about an untrusted SSL certificate may appear. This is expected, as you have not yet uploaded your SSL certificate to Palette. You can ignore this warning message and proceed. + + ::: + +
+ + ![Screenshot of the Palette system console showing Username and Password fields.](/palette_installation_install-on-vmware_palette-system-console.png) + + +9. Log in to the system console using the following default credentials. + +
+ + | **Parameter** | **Value** | + | --- | --- | + | Username | `admin` | + | Password | `admin` | + +
+ + After login, you will be prompted to create a new password. Enter a new password and save your changes. You will be redirected to the Palette system console. + +
+ +10. After login, a summary page is displayed. Palette is installed with a self-signed SSL certificate. To assign a different SSL certificate you must upload the SSL certificate, SSL certificate key, and SSL certificate authority files to Palette. You can upload the files using the Palette system console. Refer to the [Configure HTTPS Encryption](../../system-management/ssl-certificate-management.md) page for instructions on how to upload the SSL certificate files to Palette. + + +
+ +:::caution + +If you plan to deploy host clusters into different networks, you may require a reverse proxy. Check out the [Configure Reverse Proxy](../../system-management/reverse-proxy.md) guide for instructions on how to configure a reverse proxy for Palette. + +::: + + +You now have a self-hosted instance of Palette installed in a Kubernetes cluster. Make sure you retain the **values.yaml** file as you may need it for future upgrades. + + +## Validate + +Use the following steps to validate the Palette installation. + +
+ + +1. Open up a web browser and navigate to the Palette system console. To access the system console, open a web browser and paste the following URL in the address bar and append the value `/system`. Replace the domain name in the URL with your custom domain name or the IP address of the load balancer. + + + +2. Log in using the credentials you received from our support team. After login, you will be prompted to create a new password. Enter a new password and save your changes. You will be redirected to the Palette system console. + + +3. Open a terminal session and issue the following command to verify the Palette installation. The command should return a list of deployments in the `cp-system`, `hubble-system`, `ingress-nginx`, `jet-system` , and `ui-system` namespaces. + +
+ + ```shell + kubectl get pods --all-namespaces --output custom-columns="NAMESPACE:metadata.namespace,NAME:metadata.name,STATUS:status.phase" \ + | grep -E '^(cp-system|hubble-system|ingress-nginx|jet-system|ui-system)\s' + ``` + + Your output should look similar to the following. + + ```shell hideClipboard + cp-system spectro-cp-ui-689984f88d-54wsw Running + hubble-system auth-85b748cbf4-6drkn Running + hubble-system auth-85b748cbf4-dwhw2 Running + hubble-system cloud-fb74b8558-lqjq5 Running + hubble-system cloud-fb74b8558-zkfp5 Running + hubble-system configserver-685fcc5b6d-t8f8h Running + hubble-system event-68568f54c7-jzx5t Running + hubble-system event-68568f54c7-w9rnh Running + hubble-system foreq-6b689f54fb-vxjts Running + hubble-system hashboard-897bc9884-pxpvn Running + hubble-system hashboard-897bc9884-rmn69 Running + hubble-system hutil-6d7c478c96-td8q4 Running + hubble-system hutil-6d7c478c96-zjhk4 Running + hubble-system mgmt-85dbf6bf9c-jbggc Running + hubble-system mongo-0 Running + hubble-system mongo-1 Running + hubble-system mongo-2 Running + hubble-system msgbroker-6c9b9fbf8b-mcsn5 Running + hubble-system oci-proxy-7789cf9bd8-qcjkl Running + hubble-system packsync-28205220-bmzcg Succeeded + hubble-system spectrocluster-6c57f5775d-dcm2q Running + hubble-system spectrocluster-6c57f5775d-gmdt2 Running + hubble-system spectrocluster-6c57f5775d-sxks5 Running + hubble-system system-686d77b947-8949z Running + hubble-system system-686d77b947-cgzx6 Running + hubble-system timeseries-7865bc9c56-5q87l Running + hubble-system timeseries-7865bc9c56-scncb Running + hubble-system timeseries-7865bc9c56-sxmgb Running + hubble-system user-5c9f6c6f4b-9dgqz Running + hubble-system user-5c9f6c6f4b-hxkj6 Running + ingress-nginx ingress-nginx-controller-2txsv Running + ingress-nginx ingress-nginx-controller-55pk2 Running + ingress-nginx ingress-nginx-controller-gmps9 Running + jet-system jet-6599b9856d-t9mr4 Running + ui-system spectro-ui-76ffdf67fb-rkgx8 Running + ``` + + +## Next Steps + +You have successfully installed Palette in a Kubernetes cluster. Your next steps are to configure Palette for your organization. Start by creating the first tenant to host your users. Use the [Create a Tenant](../../system-management/tenant-management.md) page for instructions on how to create a tenant. diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/palette-helm-ref.md b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/palette-helm-ref.md new file mode 100644 index 0000000000..79ee713604 --- /dev/null +++ b/docs/docs-content/enterprise-version/install-palette/install-on-kubernetes/palette-helm-ref.md @@ -0,0 +1,451 @@ +--- +sidebar_label: "Helm Chart Install Reference" +title: "Helm Chart Install References" +description: "Reference for Palette Helm Chart installation parameters." +icon: "" +hide_table_of_contents: false +sidebar_position: 30 +tags: ["self-hosted", "enterprise"] +--- + + +You can use the Palette Helm Chart to install Palette in a multi-node Kubernetes cluster in your production environment. The Helm chart allows you to customize values in the **values.yaml** file. This reference lists and describes parameters available in the **values.yaml** file from the Helm Chart for your installation. To learn how to install Palette using the Helm Chart, refer to the[Palette Helm install](install.md) guide. + + +
+ + + + +### Required Parameters + +The following parameters are required for a successful installation of Palette. + + +| **Parameters** | **Description** | **Type** | +| --- | --- | --- | +| `config.env.rootDomain` | Used to configure the domain for the Palette installation. We recommend you create a CNAME DNS record that supports multiple subdomains. You can achieve this using a wild card prefix, `*.palette.abc.com`. Review the [Environment parameters](#environment) to learn more. | String | +| `config.env.ociRegistry` or `config.env.ociEcrRegistry`| Specifies the FIPS image registry for Palette. You can use an a self-hosted OCI registry or a public OCI registry we maintain and support. For more information, refer to the [Registry](#registries) section. | Object | +| `scar`| The Spectro Cloud Artifact Repository (SCAR) credentials for Palette FIPS images. Our support team provides these credentials. For more information, refer to the [Registry](#registries) section. | Object | + + +:::caution + +If you are installing an air-gapped version of Palette, you must provide the image swap configuration. For more information, refer to the [Image Swap Configuration](#image-swap-configuration) section. + + +::: + + +### MongoDB + +Palette uses MongoDB Enterprise as its internal database and supports two modes of deployment:

+ +- MongoDB Enterprise deployed and active inside the cluster. + + +- MongoDB Enterprise is hosted on a software-as-a-service (SaaS) platform, such as MongoDB Atlas. + +The table below lists the parameters used to configure a MongoDB deployment. + +| **Parameters** | **Description** | **Type** | **Default value** | +| --- | --- | --- | --- | +| `internal` | Specifies the MongoDB deployment either in-cluster or using Mongo Atlas. | Boolean | `true` | +| `databaseUrl`| The URL for MongoDB Enterprise. If using a remote MongoDB Enterprise instance, provide the remote URL. This parameter must be updated if `mongo.internal` is set to `false`. | String | `mongo-0.mongo,mongo-1.mongo,mongo-2.mongo` | +| `databasePassword`| The base64-encoded MongoDB Enterprise password. If you don't provide a value, a random password will be auto-generated. | String | `""` | +| `replicas`| The number of MongoDB replicas to start. | Integer | `3` | +| `memoryLimit`| Specifies the memory limit for each MongoDB Enterprise replica.| String | `4Gi` | +| `cpuLimit` | Specifies the CPU limit for each MongoDB Enterprise member.| String | `2000m` | +| `pvcSize`| The storage settings for the MongoDB Enterprise database. Use increments of `5Gi` when specifying the storage size. The storage size applies to each replica instance. The total storage size for the cluster is `replicas` * `pvcSize`. | string | `20Gi`| +| `storageClass`| The storage class for the MongoDB Enterprise database. | String | `""` | + + +```yaml +mongo: + internal: true + databaseUrl: "mongo-0.mongo,mongo-1.mongo,mongo-2.mongo" + databasePassword: "" + replicas: 3 + cpuLimit: "2000m" + memoryLimit: "4Gi" + pvcSize: "20Gi" + storageClass: "" +``` + +### Config + +Review the following parameters to configure Palette for your environment. The `config` section contains the following subsections: + + +#### Install Mode + +You can install Palette in connected or air-gapped mode. The table lists the parameters to configure the installation mode. + +| **Parameters** | **Description** | **Type** | **Default value** | +| --- | --- | --- | --- | +| `installMode` | Specifies the installation mode. Allowed values are `connected` or `airgap`. Set the value to `airgap` when installing in an air-gapped environment. | String | `connected` | + +```yaml +config: + installationMode: "connected" +``` + +#### SSO + +You can configure Palette to use Single Sign-On (SSO) for user authentication. Configure the SSO parameters to enable SSO for Palette. You can also configure different SSO providers for each tenant post-install, check out the [SAML & SSO Setup](../../../user-management/saml-sso/saml-sso.md) documentation for additional guidance. + +To configure SSO, you must provide the following parameters. + +| **Parameters** | **Description** | **Type** | **Default value** | +| --- | --- | --- | --- | --- | +| `saml.enabled` | Specifies whether to enable SSO SAML configuration by setting it to true. | Boolean | `false` | +| `saml.acsUrlRoot` | The root URL of the Assertion Consumer Service (ACS).| String | `myfirstpalette.spectrocloud.com`| +| `saml.acsUrlScheme` | The URL scheme of the ACS: `http` or `https`. | String | `https` | +| `saml.audienceUrl` | The URL of the intended audience for the SAML response.| String| `https://www.spectrocloud.com` | +| `saml.entityID` | The Entity ID of the Service Provider.| String | `https://www.spectrocloud.com`| +| `saml.apiVersion` | Specify the SSO SAML API version to use.| String | `v1` | + +```yaml +config: + sso: + saml: + enabled: false + acsUrlRoot: "myfirstpalette.spectrocloud.com" + acsUrlScheme: "https" + audienceUrl: "https://www.spectrocloud.com" + entityId: "https://www.spectrocloud.com" + apiVersion: "v1" +``` + +#### Email + +Palette uses email to send notifications to users. The email notification is used when inviting new users to the platform, password resets, and when [webhook alerts](../../../clusters/cluster-management/health-alerts.md) are triggered. Use the following parameters to configure email settings for Palette. + +| **Parameters** | **Description** | **Type** | **Default value** | +| --- | --- | --- | --- | +| `enabled` | Specifies whether to enable email configuration. | Boolean| `false`| +| `emailID ` | The email address for sending mail.| String| `noreply@spectrocloud.com` | +| `smtpServer` | Simple Mail Transfer Protocol (SMTP) server used for sending mail. | String | `smtp.gmail.com` | +| `smtpPort` | SMTP port used for sending mail.| Integer | `587` | +| `insecureSkipVerifyTLS` | Specifies whether to skip Transport Layer Security (TLS) verification for the SMTP connection.| Boolean | `true` | +| `fromEmailID` | Email address of the ***From*** address.| String | `noreply@spectrocloud.com` | +| `password` | The base64-encoded SMTP password when sending emails.| String | `""` | + +```yaml +config: + email: + enabled: false + emailId: "noreply@spectrocloud.com" + smtpServer: "smtp.gmail.com" + smtpPort: 587 + insecureSkipVerifyTls: true + fromEmailId: "noreply@spectrocloud.com" + password: "" +``` + +#### Environment + +The following parameters are used to configure the environment. + +| **Parameters** | **Description** | **Type** | **Default value** | +| --- | --- | --- | --- | +| `env.rootDomain` | Specifies the URL name assigned to Palette. The value assigned should have a Domain Name System (DNS) CNAME record mapped to exposed IP address or the load balancer URL of the service *ingress-nginx-controller*. Optionally, if `ingress.ingressStaticIP` is provided with a value you can use same assigned static IP address as the value to this parameter.| String| `""` | +| `env.installerMode` | Specifies the installer mode. Do not modify the value.| String| `self-hosted` | +| `env.installerCloud` | Specifies the cloud provider. Leave this parameter empty if you are installing a self-hosted Palette. | String | `""` | + +```yaml +config: + env: + rootDomain: "" +``` +
+ +:::caution + +As you create tenants in Palette, the tenant name is prefixed to the domain name you assigned to Palette. For example, if you create a tenant named tenant1 and the domain name you assigned to Palette is `palette.example.com`, the tenant URL will be `tenant1.palette.example.com`. We recommend you create an additional wildcard DNS record to map all tenant URLs to the Palette load balancer. For example, `*.palette.example.com`. + +::: + +#### Cluster + +Use the following parameters to configure the Kubernetes cluster. + + +| **Parameters** | **Description** | **Type** | **Default value** | +| --- | --- | --- | --- | +| `stableEndpointAccess` | Set to `true` if the Kubernetes cluster is deployed in a public endpoint. If the cluster is deployed in a private network through a stable private endpoint, set to `false`. | Boolean | `false` | + +```yaml +config: + cluster: + stableEndpointAccess: false +``` + +### Registries + +Palette requires credentials to access the required Palette images. You can configure different types of registries for Palette to download the required images. You must configure at least one Open Container Initiative (OCI) registry for Palette. You must also provide the credentials for the Spectro Cloud Artifact Repository (SCAR) to download the required FIPS images. + +
+ +#### OCI Registry + + +Palette requires access to an OCI registry that contains all the required FIPS packs. You can host your own OCI registry and configure Palette to reference the registry. Alternatively, you can use the public OCI registry that we provide. Refer to the [`ociPackEcrRegistry`](#oci-ecr-registry) section to learn more about the publicly available OCI registry. + + + +| **Parameters** | **Description** | **Type** | **Default value** | +| --- | --- | --- | --- | +| `ociPackRegistry.endpoint` | The endpoint URL for the registry. | String| `""` | +| `ociPackRegistry.name` | The name of the registry. | String| `""` | +| `ociPackRegistry.password` | The base64-encoded password for the registry. | String| `""` | +| `ociPackRegistry.username` | The username for the registry. | String| `""` | +| `ociPackRegistry.baseContentPath`| The base path for the registry. | String | `""` | +| `ociPackRegistry.insecureSkipVerify` | Specifies whether to skip Transport Layer Security (TLS) verification for the registry connection. | Boolean | `false` | +| `ociPackRegistry.caCert` | The registry's base64-encoded certificate authority (CA) certificate. | String | `""` | + + +```yaml +config: + ociPackRegistry: + endpoint: "" + name: "" + password: "" + username: "" + baseContentPath: "" + insecureSkipVerify: false + caCert: "" +``` + +#### OCI ECR Registry + +We expose a public OCI ECR registry that you can configure Palette to reference. If you want to host your own OCI registry, refer to the [OCI Registry](#oci-registry) section. +The OCI Elastic Container Registry (ECR) is hosted in an AWS ECR registry. Our support team provides the credentials for the OCI ECR registry. + +| **Parameters** | **Description** | **Type** | **Default value** | +| --- | --- | --- | --- | +| `ociPackEcrRegistry.endpoint` | The endpoint URL for the registry. | String| `""` | +| `ociPackEcrRegistry.name` | The name of the registry. | String| `""` | +| `ociPackEcrRegistry.accessKey` | The base64-encoded access key for the registry. | String| `""` | +| `ociPackEcrRegistry.secretKey` | The base64-encoded secret key for the registry. | String| `""` | +| `ociPackEcrRegistry.baseContentPath`| The base path for the registry. | String | `""` | +| `ociPackEcrRegistry.isPrivate` | Specifies whether the registry is private. | Boolean | `true` | +| `ociPackEcrRegistry.insecureSkipVerify` | Specifies whether to skip Transport Layer Security (TLS) verification for the registry connection. | Boolean | `false` | +| `ociPackEcrRegistry.caCert` | The registry's base64-encoded certificate authority (CA) certificate. | String | `""` | + +```yaml +config: + ociPackEcrRegistry: + endpoint: "" + name: "" + accessKey: "" + secretKey: "" + baseContentPath: "" + isPrivate: true + insecureSkipVerify: false + caCert: "" +``` + +#### Spectro Cloud Artifact Repository (SCAR) + +SCAR credentials are required to download the necessary FIPS manifests. Our support team provides the SCAR credentials. + +| **Parameters** | **Description** | **Type** | **Default value** | +| --- | --- | --- | --- | +| `scar.endpoint` | The endpoint URL of SCAR. | String| `""` | +| `scar.username` |The username for SCAR. | String| `""` | +| `scar.password` | The base64-encoded password for the SCAR. | String| `""` | +| `scar.insecureSkipVerify` | Specifies whether to skip Transport Layer Security (TLS) verification for the SCAR connection. | Boolean | `false` | +| `scar.caCert` | The base64-encoded certificate authority (CA) certificate for SCAR. | String | `""` | + +
+ + ```yaml + config: + scar: + endpoint: "" + username: "" + password: "" + insecureSkipVerify: false + caCert: "" + ``` + +#### Image Swap Configuration + +You can configure Palette to use image swap to download the required images. This is an advanced configuration option, and it is only required for air-gapped deployments. You must also install the Palette Image Swap Helm chart to use this option, otherwise, Palette will ignore the configuration. + +| **Parameters** | **Description** | **Type** | **Default value** | +| --- | --- | --- | --- | +| `imageSwapInitImage` | The image swap init image. | String | `gcr.io/spectro-images-public/thewebroot/imageswap-init:v1.5.2` | +| `imageSwapImage` | The image swap image. | String | `gcr.io/spectro-images-public/thewebroot/imageswap:v1.5.2` | +| `imageSwapConfig`| The image swap configuration for specific environments. | String | `""` | +| `imageSwapConfig.isEKSCluster` | Specifies whether the cluster is an Amazon EKS cluster. Set to `false` if the Kubernetes cluster is not an EKS cluster. | Boolean | `true` | + +
+ + ```yaml + config: + imageSwapImages: + imageSwapInitImage: "gcr.io/spectro-images-public/thewebroot/imageswap-init:v1.5.2" + imageSwapImage: "gcr.io/spectro-images-public/thewebroot/imageswap:v1.5.2" + + imageSwapConfig: + isEKSCluster: true + ``` + +### NATS + +Palette uses [NATS](https://nats.io) and gRPC for communication between Palette components. Dual support for NATS and gRPC is available. You can enable the deployment of an additional load balancer for NATS. Host clusters deployed by Palette use the load balancer to communicate with the Palette control plane. This is an advanced configuration option and is not required for most deployments. Speak with your support representative before enabling this option. + +| **Parameters** | **Description** | **Type** | **Default value** | +| --- | --- | --- | --- | +| `nats.enabled`| Specifies whether to enable the deployment of a NATS load balancer. | Boolean | `true` | +| `nats.internal`| Specifies whether to deploy a load balancer or use the host network. If this value is set to `true`, then the remaining NATS parameters are ignored. | Boolean | `true` | +| `nats.natsUrl`| The NATS URL. This can be a comma separated list of mappings for the NATS load balancer service. For example, "message1.dev.spectrocloud.com:4222,message2.dev.spectrocloud.com:4222". This parameter is mandatory if `nats.internal` is set to `false`. If `nats.internal` is set to `true`, you can leave this parameter empty. | String | `""` | +| `nats.annotations`| A map of key-value pairs that specifies load balancer annotations for NATS. You can use annotations to change the behavior of the load balancer and the Nginx configuration. This is an advanced setting. We recommend you consult with your assigned support team representative prior to modification. | Object | `{}` | +| `nats.natsStaticIP`| Specify a static IP address for the NATS load balancer service. If empty, a dynamic IP address will be assigned to the load balancer. | String | `""` | + + +
+ + ```yaml + nats: + enabled: true + internal: true + natsUrl: "" + annotations: {} + natsStaticIP: +``` + + + + +### gRPC + +gRPC is used for communication between Palette components. You can enable the deployment of an additional load balancer for gRPC. Host clusters deployed by Palette use the load balancer to communicate with the Palette control plane. This is an advanced configuration option, and it is not required for most deployments. Speak with your support representative before enabling this option. Dual support for NATS and gRPC is available. + +If you want to use an external gRPC endpoint, you must provide a domain name for the gRPC endpoint and a valid x509 certificate. Additionally, you must provide a custom domain name for the endpoint. A CNAME DNS record must point to the IP address of the gRPC load balancer. For example, if your Palette domain name is `palette.example.com`, you could create a CNAME DNS record for `grpc.palette.example.com` that points to the IP address of the load balancer dedicated to gRPC. + +| **Parameters** | **Description** | **Type** | **Default value** | +| --- | --- | --- | --- | +| `external`| Specifies whether to use an external gRPC endpoint. | Boolean | `false` | +| `endpoint`| The gRPC endpoint. | String | `""` | +| `caCertificateBase64`| The base64-encoded certificate authority (CA) certificate for the gRPC endpoint. | String | `""` | +| `serverCrtBase64`| The base64-encoded server certificate for the gRPC endpoint. | String | `""` | +| `serverKeyBase64`| The base64-encoded server key for the gRPC endpoint. | String | `""` | +| `insecureSkipVerify`| Specifies whether to skip Transport Layer Security (TLS) verification for the gRPC endpoint. | Boolean | `false` | + + + + +```yaml +grpc: + external: false + endpoint: "" + caCertificateBase64: "" + serverCrtBase64: "" + serverKeyBase64: "" + insecureSkipVerify: false +``` + +### Ingress + +Palette deploys an Nginx Ingress Controller. This controller is used to route traffic to the Palette control plane. You can change the default behavior and omit the deployment of an Nginx Ingress Controller. + +| **Parameters** | **Description** | **Type** | **Default value** | +| --- | --- | --- | --- | +| `enabled`| Specifies whether to deploy an Nginx controller. Set to `false` if you do not want an Nginx controller deployed. | Boolean | `true` | +| `ingress.internal`| Specifies whether to deploy a load balancer or use the host network. | Boolean | `false` | +| `ingress.certificate`| Specify the base64-encoded x509 SSL certificate for the Nginx Ingress Controller. If left blank, the Nginx Ingress Controller will generate a self-signed certificate. | String | `""` | +| `ingress.key`| Specify the base64-encoded x509 SSL certificate key for the Nginx Ingress Controller. | String | `""` | +| `ingress.annotations`| A map of key-value pairs that specifies load balancer annotations for ingress. You can use annotations to change the behavior of the load balancer and the Nginx configuration. This is an advanced setting. We recommend you consult with your assigned support team representative prior to modification. | Object | `{}` | +| `ingress.ingressStaticIP`| Specify a static IP address for the ingress load balancer service. If empty, a dynamic IP address will be assigned to the load balancer. | String | `""` | +| `ingress.terminateHTTPSAtLoadBalancer`| Specifies whether to terminate HTTPS at the load balancer. | Boolean | `false` | + + +```yaml +ingress: + enabled: true + ingress: + internal: false + certificate: "" + key: "" + annotations: {} + ingressStaticIP: "" + terminateHTTPSAtLoadBalancer: false +``` + +### Spectro Proxy + +You can specify a reverse proxy server that clusters deployed through Palette can use to facilitate network connectivity to the cluster's Kubernetes API server. Host clusters deployed in private networks can use the [Spectro Proxy pack](../../../integrations/frp.md) to expose the cluster's Kubernetes API to downstream clients that are not in the same network. Check out the [Reverse Proxy](../../system-management/reverse-proxy.md) documentation to learn more about setting up a reverse proxy server for Palette. + + +| **Parameters** | **Description** | **Type** | **Default value** | +| --- | --- | --- | --- | +| `frps.enabled`| Specifies whether to enable the Spectro server-side proxy. | Boolean | `false` | +| `frps.frpHostURL`| The Spectro server-side proxy URL. | String | `""` | +| `frps.server.crt`| The base64-encoded server certificate for the Spectro server-side proxy. | String | `""` | +| `frps.server.key`| The base64-encoded server key for the Spectro server-side proxy. | String | `""` | +| `frps.ca.crt`| The base64-encoded certificate authority (CA) certificate for the Spectro server-side proxy. | String | `""` | + +```yaml +frps: + frps: + enabled: false + frpHostURL: "" + server: + crt: "" + key: "" + ca: + crt : "" +``` + +### UI System + +The table lists parameters to configure the Palette User Interface (UI) behavior. You can disable the UI or the Network Operations Center (NOC) UI. You can also specify the MapBox access token and style layer ID for the NOC UI. MapBox is a third-party service that provides mapping and location services. To learn more about MapBox and how to obtain an access token, refer to the [MapBox Access tokens](https://docs.mapbox.com/help/getting-started/access-tokens) guide. + + +| **Parameters** | **Description** | **Type** | **Default value** | +| --- | --- | --- | --- | +| `enabled`| Specifies whether to enable the Palette UI. | Boolean | `true` | +| `ui.nocUI.enable`| Specifies whether to enable the Palette Network Operations Center (NOC) UI. Enabling this parameter requires the `ui.nocUI.mapBoxAccessToken`. Once enabled, all cluster locations will be reported to MapBox. This feature is not FIPS compliant. | Boolean | `false` | +| `ui.nocUI.mapBoxAccessToken`| The MapBox access token for the Palette NOC UI. | String | `""` | +| `ui.nocUI.mapBoxStyledLayerID`| The MapBox style layer ID for the Palette NOC UI. | String | `""` | + + + +```yaml +ui-system: + enabled: true + ui: + nocUI: + enable: false + mapBoxAccessToken: "" + mapBoxStyledLayerID: "" +``` + + + + +### Reach System + +You can configure Palette to use a proxy server to access the internet. Set the parameter `reach-system.reachSystem.enabled` to `true` to enable the proxy server. Proxy settings are configured in the `reach-system.reachSystem.proxySettings` section. + + +| **Parameters** | **Description** | **Type** | **Default value** | +| --- | --- | --- | --- | +| `reachSystem.enabled`| Specifies whether to enable the usage of a proxy server for Palette. | Boolean | `false` | +| `reachSystem.proxySettings.http_proxy`| The HTTP proxy server URL. | String | `""` | +| `reachSystem.proxySettings.https_proxy`| The HTTPS proxy server URL. | String | `""` | +| `reachSystem.proxySettings.no_proxy`| A list of hostnames or IP addresses that should not be proxied. | String | `""` | + + + ```yaml + reach-system: + reachSystem: + enabled: false + proxySettings: + http_proxy: "" + https_proxy: "" + no_proxy: + ``` \ No newline at end of file diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-vmware/_category_.json b/docs/docs-content/enterprise-version/install-palette/install-on-vmware/_category_.json new file mode 100644 index 0000000000..3fca6fb9f9 --- /dev/null +++ b/docs/docs-content/enterprise-version/install-palette/install-on-vmware/_category_.json @@ -0,0 +1,3 @@ +{ + "position": 0 +} diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-vmware/airgap-instructions.md b/docs/docs-content/enterprise-version/install-palette/install-on-vmware/airgap-instructions.md new file mode 100644 index 0000000000..ef4be316eb --- /dev/null +++ b/docs/docs-content/enterprise-version/install-palette/install-on-vmware/airgap-instructions.md @@ -0,0 +1,716 @@ +--- +sidebar_label: "Airgap Instructions" +title: "Install in an Air Gap Environment" +description: "Learn how to install Palette into an air gap environment." +icon: "" +hide_table_of_contents: false +sidebar_position: 20 +tags: ["self-hosted", "enterprise", "air-gap"] +--- + +You can install a self-hosted version of Palette into a VMware environment without direct internet access. This type of installation is referred to as an *air gap* installation. + +In a standard Palette installation, the following artifacts are downloaded by default from the public Palette repository. + +* Palette platform manifests and required platform packages. + + +* Container images for core platform components and 3rd party dependencies. + + +* Palette Packs. + + +The installation process changes a bit in an air gap environment due to the lack of internet access. Before the primary Palette installation step, you must download the three required Palette artifacts mentioned above. The other significant change is that Palette's default public repository is not used. Instead, a private repository supports all Palette operations pertaining to storing images and packages. + +The following diagram is a high-level overview of the order of operations required to deploy a self-hosted instance of Palette in an airgap environment. + + +![An architecture diagram outlining the five different install phases](/enterprise-version_air-gap-repo_overview-order-diagram.png) + + +The airgap installation can be simplified into five major phases. + + +1. Download the Open Virtual Appliance (OVA) image and deploy the instance hosting the private repository that supports the airgap environment. + + +2. The private Spectro Cloud repository is initialized, and all the Palette-required artifacts are downloaded and available. + + +3. The Palette Install OVA is deployed, configured, and initialized. + + +4. The scale-up process to a highly available three-node installation begins. + + +5. Palette is ready for usage. + + +This guide focuses on the first two installation phases, as the remaining ones are covered in the [Instructions](install.md) guide. + + +## Prerequisites + +* The following minimum resources are required to deploy Palette. + * 2 vCPU + * 4 GB of Memory + * 100 GB of Storage. Storage sizing depends on your intended update frequency and data retention model. + +* Ensure the following ports allow inbound network traffic. + * 80 + * 443 + * 5000 + * 8000 + + +* Request the Palette self-hosted installer image and the Palette air gap installer image. To request the installer images, please contact our support team by sending an email to support@spectrocloud.com. Kindly provide the following information in your email: + + - Your full name + - Organization name (if applicable) + - Email address + - Phone number (optional) + - A brief description of your intended use for the Palette Self-host installer image. + +Our dedicated support team will promptly get in touch with you to provide the necessary assistance and share the installer image. + +If you have any questions or concerns, please feel free to contact support@spectrocloud.com. + + +## Deploy Air Gapped Appliance + + +1. Log in to vCenter Server by using the vSphere Client. + + +2. Navigate to the Datacenter and select the cluster you want to use for the installation. Right-click on the cluster and select **Deploy OVF Template**. + + +3. Select the airgap OVA installer image you downloaded after receiving guidance from our support team. + + +4. Select the folder where you want to install the Virtual Machine (VM) and assign a name to the VM. + + +5. Next, select the compute resource. + + +6. Review the details page. You may get a warning message stating the certificate is not trusted. You can ignore the message and click **Next**. + + +7. Select your storage device and storage policy. Click on **Next** to proceed. + + +8. Choose a network for your appliance and select **Next**. + + +9. Fill out the remaining template customization options. You can modify the following input fields.

+ + | Parameter | Description | Default Value | + | --- | --- | -- | + | **Encoded user-data** | In order to fit into an XML attribute, this value is base64 encoded. This value will be decoded, and then processed normally as user-data. | - | + | **ssh public keys** | This field is optional but indicates that the instance should populate the default user's `authorized_keys` with the provided public key. | -| + | **Default User's password** | Setting this value allows password-based login. The password will be good for only a single login. If set to the string `RANDOM` then a random password will be generated, and written to the console. | - | + | **A Unique Instance ID for this instance** | Specifies the instance id. This is required and used to determine if the machine should take "first boot" actions| `id-ovf`| + | **Hostname** | Specifies the hostname for the appliance. | `ubuntuguest` | + | **URL to seed instance data from** | This field is optional but indicates that the instance should 'seed' user-data and meta-data from the given URL.| -| + +10. Click on **Next** to complete the deployment wizard. Upon completion, the cloning process will begin. The cloning process takes a few minutes to complete. + + +11. Power on the VM and click on the **Launch Web Console** button to access the instance's terminal. + + +12. Configure a static IP address on the node by editing **/etc/netplan/50-cloud-init.yaml**. + + ```shell + sudo vi /etc/netplan/50-cloud-init.yaml + ``` + + Use the following sample configuration as a starting point but feel free to change the configuration file as required for your environment. To learn more about Netplan, check out the [Netplan configuration examples](https://netplan.io/examples) from Canonical. + +
+ + ```yaml + network: + version: 2 + renderer: networkd + ethernets: + ens192: + dhcp4: false + addresses: + - 10.10.244.9/18 # your static IP and subnet mask + gateway4: 10.10.192.1 # your gateway IP + nameservers: + addresses: [10.10.128.8] # your DNS nameserver IP address. + ``` + + To exit Vi, press the **ESC** key and type `:wq` followed by the **Enter** key.

+ +13. Issue the `netplan` command to update the network settings. + +
+ + ```shell + sudo netplan apply + ``` + +14. Give the instance one to two minutes before issuing the following command. The next step is to start the airgap setup script that stands up the Spectro Repository. Issue the command below and replace `X.X.X.X` with the static IP you provided to the Netplan configuration file. + +
+ + ```shell + sudo /opt/spectro/airgap-setup.sh X.X.X.X + ``` + + Record the output of the setup command as you will use it when deploying the Quick Start appliance later on in the installation process. + + Example Output: + ```shell hideClipboard + Setting up Manifests + Setting up Manifests + Setting up SSL Certs + Setup Completed + + Details: + ------- + Spectro Cloud Repository + UserName: XXXXXXXXX + Password: XXXXXXXXXX + Location: https://10.10.249.12 + Artifact Repo Certificate: + LS0tLS1CRUdJ............. + + Pack Registry + URL: https://10.10.249.12:5000 + Username: XXXXXXXXX + Password: XXXXXXXXX + ``` + +15. If you need to configure the instance with proxy settings, go ahead and do so now. You can configure proxy settings by using environment variables. Replace the values with your environment's respective values. + +
+ + ```shell + export http_proxy=http://10.1.1.1:8888 + export https_proxy=https://10.1.1.1:8888 + export no_proxy=.example.dev,10.0.0.0/8 + ``` + +16. The next set of steps will download the required binaries to support a Palette installation, such as the Palette Installer, required Kubernetes packages, and kubeadm packages. You can download these artifacts from the instance, or externally and transfer them to the instance. Click on each tab for further guidance. + +
+ + :::caution + + You must download the following three resources. Our support team will provide you with the credentials and download URL. + Click on each tab to learn more about each resource and steps for downloading. + + ::: + +
+ + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/airgap-v3.3.15.bin \ + --output airgap-k8s-v3.3.15.bin + ``` + +:::tip + + If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-k8s-v3.3.15.bin && sudo ./airgap-k8s-v3.3.15.bin + ``` + + Example Output: + ```shell + sudo ./airgap-k8s-v3.3.15.bin + Verifying archive integrity... 100% MD5 checksums are OK. All good. + Uncompressing Airgap K8S Images Setup - Version 3.3.15 100% + Setting up Packs + Setting up Images + - Pushing image k8s.gcr.io/kube-controller-manager:v1.22.10 + - Pushing image k8s.gcr.io/kube-proxy:v1.22.10 + - Pushing image k8s.gcr.io/kube-apiserver:v1.22.10 + - Pushing image k8s.gcr.io/kube-scheduler:v1.22.10 + … + Setup Completed + ``` + + + + + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/airgap-k8s-v3.3.15.bin \ + --output airgap-k8s-v3.3.15.bin + ``` + + +:::tip + + If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-k8s-v3.3.15.bin && sudo ./airgap-k8s-v3.3.15.bin + ``` + + Example Output: + ```shell + sudo ./airgap-k8s-v3.3.15.bin + Verifying archive integrity... 100% MD5 checksums are OK. All good. + Uncompressing Airgap K8S Images Setup - Version 3.3.15 100% + Setting up Packs + Setting up Images + - Pushing image k8s.gcr.io/kube-controller-manager:v1.22.10 + - Pushing image k8s.gcr.io/kube-proxy:v1.22.10 + - Pushing image k8s.gcr.io/kube-apiserver:v1.22.10 + - Pushing image k8s.gcr.io/kube-scheduler:v1.22.10 + … + Setup Completed + ``` + + + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-kubeadm.bin \ + --output airgap-edge-kubeadm.bin + ``` + +:::tip + + If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-edge-kubeadm.bin && sudo ./airgap-edge-kubeadm.bin + ``` + + Example Output: + ```shell + sudo ./airgap-edge-kubeadm.bin + Verifying archive integrity... 100% MD5 checksums are OK. All good. + Uncompressing Airgap Edge Packs - Kubeadm Images 100% + Setting up Images + - Skipping image k8s.gcr.io/coredns/coredns:v1.8.6 + - Pushing image k8s.gcr.io/etcd:3.5.1-0 + - Pushing image k8s.gcr.io/kube-apiserver:v1.23.12 + - Pushing image k8s.gcr.io/kube-controller-manager:v1.23.12 + - Pushing image k8s.gcr.io/kube-proxy:v1.23.12 + … + Setup Completed + ``` + + + + + + +
+ +17. If you will be using Edge deployments, go ahead and download the packages your Edge deployments will need. If you are not planning to use Edge, skip to end. You can come back to this step in the future and add the packages if needed. Click on the `...` tab for additional options. + + +
+ + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu22-k3s.bin \ + --output airgap-edge-ubuntu22-k3s.bin + ``` + +:::tip + + If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-edge-ubuntu22-k3s.bin && sudo ./airgap-edge-ubuntu22-k3s.bin + ``` + + + + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu22-rke.bin \ + --output airgap-edge-ubuntu22-rke.bin + ``` + +:::tip + + If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-edge-ubuntu22-rke.bin && sudo ./airgap-edge-ubuntu22-rke.bin + ``` + + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu22-kubeadm.bin \ + --output airgap-edge-ubuntu22-kubeadm.bin + ``` + +:::tip + +If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-edge-ubuntu22-kubeadm.bin && sudo ./airgap-edge-ubuntu22-kubeadm.bin + ``` + + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu20-k3s.bin \ + --output airgap-edge-ubuntu20-k3s.bin + ``` + +:::tip + +If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-edge-ubuntu20-k3s.bin && sudo ./airgap-edge-ubuntu20-k3s.bin + ``` + + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu20-rke.bin \ + --output airgap-edge-ubuntu20-rke.bin + ``` + +:::tip + +If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-edge-ubuntu20-rke.bin && sudo ./airgap-edge-ubuntu20-rke.bin + ``` + + + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-ubuntu20-kubeadm.bin \ + --output airgap-edge-ubuntu20-kubeadm.bin + ``` + +:::tip + +If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-edge-ubuntu20-kubeadm.bin && sudo ./airgap-edge-ubuntu20-kubeadm.bin + ``` + + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-opensuse-k3s.bin \ + --output airgap-edge-opensuse-k3s.bin + ``` + +:::tip + +If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-edge-opensuse-k3s.bin && sudo ./airgap-edge-opensuse-k3s.bin + ``` + + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-opensuse-rke.bin \ + --output airgap-edge-opensuse-rke.bin + ``` + +:::tip + +If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-edge-opensuse-rke.bin && sudo ./airgap-edge-opensuse-rke.bin + ``` + + + + + + Download the binary by using the URL provided by the Palette support team. Change the version number as needed. + +
+ + ```shell + curl --user XXXX:YYYYY https:///airgap/packs/3.3/airgap-edge-opensuse-kubeadm.bin \ + --output airgap-edge-opensuse-kubeadm.bin + ``` + +:::tip + +If you receive a certificate error, use the `-k` or `--insecure` flag. + +::: + + Assign the proper permissions and start the download script. + +
+ + ```shell + sudo chmod 755 ./airgap-edge-opensuse-kubeadm.bin && sudo ./airgap-edge-opensuse-kubeadm.bin + ``` + + + + + + + +---- + + +The next step of the installation process is to begin the deployment of an appliance using the instructions in the [Instructions](install.md) guide. If you need to review the Spectro Cloud Repository details, issue the following command for detailed output. + +
+ +```shell +sudo /bin/airgap-setup.sh +``` + +
+ +:::info + +You can review all the logs related to the setup of the private Spectro repository in **/tmp/airgap-setup.log**. + +::: + + +## Validate + +You can validate that the Spectro Repository you deployed is available and ready for the next steps of the installation process. If you provided the appliance with an SSH key then you can skip to step five. + +
+1. Log in to vCenter Server by using the vSphere Client. + + +2. Navigate to your Datacenter and locate your VM. Click on the VM to access its details page. + + +3. Power on the VM. + + +4. Click on **Launch Web Console** to access the terminal. + + +5. Log in with the user `ubuntu` and the user password you specified during the installation. If you are using SSH, use the following command, and ensure you specify the path to your SSH private key and replace the IP address with your appliance's static IP. + +
+ + ```shell + ssh --identity_file ~/path/to/your/file ubuntu@10.1.1.1 + ``` + + +6. Verify the registry server is up and available. Replace the `10.1.1.1` value with your appliance's IP address. + +
+ + ```shell + curl --insecure https://10.1.1.1:5000/health + ``` + + Example Output: + ```shell + {"status":"UP"} + ``` + +7. Ensure you can log into your registry server. Use the credentials provided to you by the `airgap-setup.sh` script. Replace the `10.1.1.1` value with your appliance's IP address. + +
+ + ```shell + curl --insecure --user admin:admin@airgap https://10.1.1.1:5000/v1/_catalog + ``` + + Example Output: + ``` + {"metadata":{"lastUpdatedTime":"2023-04-11T21:12:09.647295105Z"},"repositories":[{"name":"amazon-linux-eks","tags":[]},{"name":"aws-efs","tags":[]},{"name":"centos-aws","tags":[]},{"name":"centos-azure","tags":[]},{"name":"centos-gcp","tags":[]},{"name":"centos-libvirt","tags":[]},{"name":"centos-vsphere","tags":[]},{"name":"cni-aws-vpc-eks","tags":[]},{"name":"cni-aws-vpc-eks-helm","tags":[]},{"name":"cni-azure","tags":[]},{"name":"cni-calico","tags":[]},{"name":"cni-calico-azure","tags":[]},{"name":"cni-cilium-oss","tags":[]},{"name":"cni-custom","tags":[]},{"name":"cni-kubenet","tags":[]},{"name":"cni-tke-global-router","tags":[]},{"name":"csi-aws","tags":[]},{"name":"csi-aws-ebs","tags":[]},{"name":"csi-aws-efs","tags":[]},{"name":"csi-azure","tags":[]},{"name":"csi-gcp","tags":[]},{"name":"csi-gcp-driver","tags":[]},{"name":"csi-longhorn","tags":[]},{"name":"csi-longhorn-addon","tags":[]},{"name":"csi-maas-volume","tags":[]},{"name":"csi-nfs-subdir-external","tags":[]},{"name":"csi-openstack-cinder","tags":[]},{"name":"csi-portworx-aws","tags":[]},{"name":"csi-portworx-gcp","tags":[]},{"name":"csi-portworx-generic","tags":[]},{"name":"csi-portworx-vsphere","tags":[]},{"name":"csi-rook-ceph","tags":[]},{"name":"csi-rook-ceph-addon","tags":[]},{"name":"csi-tke","tags":[]},{"name":"csi-topolvm-addon","tags":[]},{"name":"csi-vsphere-csi","tags":[]},{"name":"csi-vsphere-volume","tags":[]},{"name":"edge-k3s","tags":[]},{"name":"edge-k8s","tags":[]},{"name":"edge-microk8s","tags":[]},{"name":"edge-native-byoi","tags":[]},{"name":"edge-native-opensuse","tags":[]},{"name":"edge-native-ubuntu","tags":[]},{"name":"edge-rke2","tags":[]},{"name":"external-snapshotter","tags":[]},{"name":"generic-byoi","tags":[]},{"name":"kubernetes","tags":[]},{"name":"kubernetes-aks","tags":[]},{"name":"kubernetes-coxedge","tags":[]},{"name":"kubernetes-eks","tags":[]},{"name":"kubernetes-eksd","tags":[]},{"name":"kubernetes-konvoy","tags":[]},{"name":"kubernetes-microk8s","tags":[]},{"name":"kubernetes-rke2","tags":[]},{"name":"kubernetes-tke","tags":[]},{"name":"portworx-add-on","tags":[]},{"name":"spectro-mgmt","tags":[]},{"name":"tke-managed-os","tags":[]},{"name":"ubuntu-aks","tags":[]},{"name":"ubuntu-aws","tags":[]},{"name":"ubuntu-azure","tags":[]},{"name":"ubuntu-coxedge","tags":[]},{"name":"ubuntu-edge","tags":[]},{"name":"ubuntu-gcp","tags":[]},{"name":"ubuntu-libvirt","tags":[]},{"name":"ubuntu-maas","tags":[]},{"name":"ubuntu-openstack","tags":[]},{"name":"ubuntu-vsphere","tags":[]},{"name":"volume-snapshot-controller","tags":[]}],"listMeta":{"continue":""}} + ``` + + +8. Next, validate the Spectro repository is available. Replace the IP with your appliance's IP address. + +
+ + ```shell + curl --insecure --user spectro:admin@airgap https://10.1.1.1 + ``` + + Output: + ```html hideClipboard + + + + Welcome to nginx! + + + +

Welcome to nginx!

+

If you see this page, the nginx web server is successfully installed and + working. Further configuration is required.

+ +

For online documentation and support please refer to + nginx.org.
+ Commercial support is available at + nginx.com.

+ +

Thank you for using nginx.

+ + + ``` diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-vmware/install-on-vmware.md b/docs/docs-content/enterprise-version/install-palette/install-on-vmware/install-on-vmware.md new file mode 100644 index 0000000000..e16e808359 --- /dev/null +++ b/docs/docs-content/enterprise-version/install-palette/install-on-vmware/install-on-vmware.md @@ -0,0 +1,24 @@ +--- +sidebar_label: "VMware" +title: "Install Palette on VMware" +description: "Learn how to install Palette on VMware." +icon: "" +hide_table_of_contents: false +tags: ["palette", "self-hosted", "vmware"] +--- + + + + +Palette can be installed on VMware vSphere with internet connectivity or an airgap environment. When you install Palette, a three-node cluster is created. You use the interactive Palette CLI to install Palette on VMware vSphere. Refer to [Access Palette](../../enterprise-version.md#access-palette) for instructions on requesting repository access. + +## Resources + +- [Install on VMware](install.md) + + +- [Airgap Install Instructions](airgap-instructions.md) + + +- [VMware System Requirements](vmware-system-requirements.md) + \ No newline at end of file diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-vmware/install.md b/docs/docs-content/enterprise-version/install-palette/install-on-vmware/install.md new file mode 100644 index 0000000000..3db88a10c2 --- /dev/null +++ b/docs/docs-content/enterprise-version/install-palette/install-on-vmware/install.md @@ -0,0 +1,84 @@ +--- +sidebar_label: "Instructions" +title: "Install Palette on VMware" +description: "Learn how to install Palette on VMware." +icon: "" +sidebar_position: 10 +hide_table_of_contents: false +tags: ["palette", "self-hosted", "vmware"] +--- + + + + + +Deployment of an enterprise cluster is a migration process from the quick start mode. You may choose to deploy the enterprise cluster on day-1 right after instantiating the platform installer VM, or use the system in the quick start mode initially and at a later point invoke the enterprise cluster migration wizard to deploy the enterprise cluster. All the data from the quick start mode is migrated to the enterprise cluster as part of this migration process. + +1. Log in to the vSphere console and navigate to VMs and Templates. + +2. Navigate to the Datacenter and folder you would like to use for the installation. + +3. Right-click on the folder and invoke the VM creation wizard by selecting the option to Deploy OVF Template. + +4. Complete all the steps of the OVF deployment wizard. Provide values for various fields as follows: + * URL: <Location of the platform installer> + * Virtual Machine Name: <vm name> + * Folder: <Select desired folder> + * Select the desired Datacenter, Storage, and Network for the platform installer VM as you proceed through the next steps. The Platform installer VM requires an outgoing internet connection. Select a network that provides this access directly, or via a proxy. + * Customize the template as follows: + * Name: <The name to identify the platform installer> + * SSH Public Keys: Create a new SSH key pair (or pick an existing one). Enter the public key in this field. The public key will be installed in the installer VM to provide SSH access, as the user `ubuntu`. This is useful for troubleshooting purposes. + * Monitoring Console Password: A monitoring console is deployed in the platform installer VM to provide detailed information about the installation progress as well as to provide access to various logs. This console can be accessed after the VM is powered on at https://<VM IP Address>:5080. The default monitoring console credentials are: + + * User Name: admin + * Password: admin + + Provide a different password for the monitoring console if desired. Leave the field blank to accept the default password. + * Pod CIDR: Optional - provide an IP range exclusive to pods. This range should be different to prevent an overlap with your network CIDR. (e.g: 192.168.0.0/16) + * Service cluster IP range: Optional - assign an IP range in the CIDR format exclusive to the service clusters. This range also must not overlap with either the pod CIDR range or your network CIDR. (e.g: 10.96.0.0/12) + * Static IP Address: <VM IP Address> Optional IP address (e.g: 192.168.10.15) to be specified only if static IP allocation is desired. DHCP is used by default. + * Static IP subnet prefix: <Network Prefix> Static IP subnet prefix (e.g: 18), required only for static IP allocation. + * Static IP gateway: <Gateway IP Address> (e.g: 192.168.0.1) required only for static IP allocation. + * Static IP DNS: <Name servers> Comma separated DNS addresses (e.g: 8.8.8.8, 192.168.0.8), required only for static IP allocation. + * HTTP Proxy: <endpoint for the http proxy server>, e.g: _http://USERNAME:PASSWORD@PROXYIP:PROXYPORT_. An optional setting, required only if a proxy is used for outbound connections. + * HTTPS Proxy: <endpoint for the https proxy server>, e.g: _http://USERNAME:PASSWORD@PROXYIP:PROXYPORT_. An optional setting, required only if a proxy is used for outbound connections. + * NO Proxy: <comma-separated list of vCenter server, local network CIDR, hostnames, domain names that should be excluded from proxying>, e.g: _vcenter.company.com_,10.10.0.0/16. + * Spectro Cloud Repository settings: The platform installer downloads various platform artifacts from a repository. Currently, this repository is hosted by Palette and the installer VM needs to have an outgoing internet connection to the repository. Upcoming releases will enable the option to privately host a dedicated repository to avoid having to connect outside. This option is currently unavailable. Leave all the fields under Palette Repository settings blank + * Finish the OVF deployment wizard and wait for the template to be created. This may take a few minutes as the template is initially downloaded. +5. Power on the VM. + + +7. Open the On-Prem system console from a browser window by navigating to https://<VM IP Address>/system and log in. + + +8. Navigate to the Enterprise Cluster Migration wizard from the menu on the left-hand side. + + +9. Enter the vCenter credentials to be used to launch the enterprise cluster. Provide the vCenter server, username, and password. Check the `Use self-signed certificates` if applicable. Validate your credentials and click on `Next` button to proceed to IP Pool Configuration. + + +10. Enter the IPs to be used for Enterprise Cluster VMs as a `Range` or a `Subnet`. At least five IP addresses should be required in the range for the installation and the ongoing management. Provide the details of the `Gateway` and the `Nameserver addresses`. Any search suffixes being used can be entered in the `Nameserver search suffix` box. Click on `Next` to proceed to Cloud Settings. + + +11. Select the datacenter and the folder to be used for the enterprise cluster VMs. Select the desired compute cluster, resource pools, datastore, and network. For high availability purposes, you may choose to distribute the three VMs across multiple compute clusters. If this is desired, invoke the "Add Domain" option to enter multiple sets of properties. + + +12. Add SSH Public key and optionally NTP servers and click "Confirm". + + +13. The Enterprise cluster deployment will proceed through the following three steps: + * Deployment - A 3 node Kubernetes cluster is launched and Palette Platform is deployed on it. This typically takes 10 mins. + * Data Migration - Data from the installer VM is migrated to the newly created enterprise cluster. + * Tenant Migration - If any tenants were created prior to the enterprise cluster migration, which would typically be the case if the system was used in the quick start mode initially, all those tenants, as well as the management of any such tenant clusters previously deployed, will be migrated to the enterprise cluster. + + +14. Once Enterprise Cluster is fully deployed, the On-Prem System and Management Console should be accessed on this new cluster. The platform installer VM can be safely powered off at this point. + + +## Resources + +- [Palette CLI](../../../palette-cli/install-palette-cli.md) + +- [Airgap Install Instructions](airgap-instructions.md) + +- [VMware vSphere permissions](vmware-system-requirements.md) \ No newline at end of file diff --git a/docs/docs-content/enterprise-version/install-palette/install-on-vmware/vmware-system-requirements.md b/docs/docs-content/enterprise-version/install-palette/install-on-vmware/vmware-system-requirements.md new file mode 100644 index 0000000000..c5f394f4ca --- /dev/null +++ b/docs/docs-content/enterprise-version/install-palette/install-on-vmware/vmware-system-requirements.md @@ -0,0 +1,300 @@ +--- +sidebar_label: "VMware System and Permission Requirements" +title: "VMware System and Permission Requirements" +description: "Review VMware system requirements and cloud account permissions." +icon: "" +hide_table_of_contents: false +sidebar_position: 30 +tags: ["palette", "self-hosted", "vmware"] +--- + + +Before installing Palette on VMware, review the following system requirements and permissions. The vSphere user account used to deploy Palette must have the required permissions to access the proper roles and objects in vSphere. + +Start by reviewing the required action items below: + +1. Create the two custom vSphere roles. Check out the [Create Required Roles](#create-required-roles) section to create the required roles in vSphere. + +2. Review the [vSphere Permissions](#vsphere-permissions) section to ensure the created roles have the required vSphere privileges and permissions. + +3. Create node zones and regions for your Kubernetes clusters. Refer to the [Zone Tagging](#zone-tagging) section to ensure that the required tags are created in vSphere to ensure proper resource allocation across fault domains. + + +:::info + +The permissions listed in this page are also needed for deploying a Private Cloud Gateway (PCG) and workload cluster in vSphere through Palette. +::: + + +## Create Required Roles + +Palette requires two custom roles to be created in vSphere before the installation. Refer to the [Create a Custom Role](https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-18071E9A-EED1-4968-8D51-E0B4F526FDA3.html?hWord=N4IghgNiBcIE4HsIFMDOIC+Q) guide if you need help creating a custom role in vSphere. The required custom roles are: + +* A root-level role with access to higher-level vSphere objects. This role is referred to as the *spectro root role*. Check out the [Root-Level Role Privileges](#root-level-role-privileges) table for the list of privileges required for the root-level role. + +* A role with the required privileges for deploying VMs. This role is referred to as the *Spectro role*. Review the [Spectro Role Privileges](#spectro-role-privileges) table for the list of privileges required for the Spectro role. + + +The user account you use to deploy Palette must have access to both roles. Each vSphere object required by Palette must have a [Permission](https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-4B47F690-72E7-4861-A299-9195B9C52E71.html) entry for the respective Spectro role. The following tables list the privileges required for the each custom role. + + + + +:::info + +For an in-depth explanation of vSphere authorization and permissions, check out the [Understanding Authorization in vSphere](https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-74F53189-EF41-4AC1-A78E-D25621855800.html) resource. + +::: + + +## vSphere Permissions + +The vSphere user account that deploys Palette require access to the following vSphere objects and permissions listed in the following table. Review the vSphere objects and privileges required to ensure each role is assigned the required privileges. + +### Spectro Root Role Privileges + + +The spectro root role privileges are only applied to root objects and data center objects. Select the tab for the vSphere version you are using to view the required privileges for the spectro root role. + + + + + + +| **vSphere Object** | **Privilege** | +|--------------------|-----------------------------------------| +| **CNS** | Searchable | +| **Datastore** | Browse datastore | +| **Host** | Configuration
Storage partition configuration | +| **vSphere Tagging** | Create and edit vSphere tags | +| **Network** | Assign network | +| **Sessions** | Validate session | +| **VM Storage Policies**| View VM storage policies | +| **Storage views** | View | + + + + + + + +| **vSphere Object**| **Privileges** | +|-------------------|---------------------------------------------| +| **CNS** | Searchable | +| **Datastore** | Browse datastore | +| **Host** | Configuration
Storage partition configuration| +| **vSphere tagging** | Create vSphere Tag
Edit vSphere Tag | +| **Network** | Assign network | +| **Profile-driven storage** | View | +| **Sessions** | Validate session | +| **Storage views** | View | + + + + + + +| **vSphere Object**| **Privileges** | +|-------------------|---------------------------------------------| +| **CNS** | Searchable | +| **Datastore** | Browse datastore | +| **Host** | Configuration
Storage partition configuration| +| **vSphere tagging** | Create vSphere Tag
Edit vSphere Tag | +| **Network** | Assign network | +| **Profile-driven storage** | Profile-driven storage view | +| **Sessions** | Validate session | +| **Storage views** | View | + + + + + +:::caution + +If the network is a Distributed Port Group under a vSphere Distributed Switch (VDS), *ReadOnly* access to the VDS without “Propagate to children” is required. + +::: + + +### Spectro Role Privileges + +As listed in the table, apply spectro role privileges to vSphere objects you intend to use for Palette installation. A separate table lists Spectro role privileges for VMs by category. + +During the installation, images and Open Virtual Appliance (OVA) files are downloaded to the folder you selected. These images are cloned from the folder and applied VMs that deployed during the installation. + +Select the tab for the vSphere version you are using to view the required privileges for the spectro role. + + + + + + + +| **vSphere Object**| **Privileges** | +|-------------------|---------------------------------------------| +| **CNS** | Searchable | +| **Datastore** | Allocate space
Browse datastore
Low-level file operations
Remove file
Update VM files
Update VM metadata | +| **Folder** | Create Folder
Delete folder
Move folder
Rename folder| +| **Host** | Local operations: Reconfigure VM | +| **Network** | Assign network | +| **Resource** | Apply recommendation
Assign VM to resource pool
Migrate powered off VM
Migrate powered on VM
Query vMotion | +| **Sessions** | Validate sessions | +| **Storage policies** | View access for VM storage policies is required.
Ensure ``StorageProfile.View`` is available. | +| **spectro-templates** | Read only. This is the vSphere folder created during the install. For airgap installs, you must manually create this folder. | +| **Storage views** | View | +| **Tasks** | Create task
Update task | +| **vApp** | Import
View OVF environment
Configure vAPP application
Configure vApp instance | +| **vSphere tagging** | Assign or Unassign vSphere Tag
Create vSphere Tag
Delete vSphere Tag
Edit vSphere Tag | + + +The following table lists spectro role privileges for VMs by category. All privileges are for the vSphere object, Virtual Machines. + + **Category** | **Privileges** | +|----------------------|--------------------| +| Change Configuration | Acquire disk lease
Add existing disk
Add new disk
Add or remove device
Advanced configuration
Change CPU count
Change memory
Change settings
Change swapfile placement
Change resource
Change host USB device
Configure raw device
Configure managedBy
Display connection settings
Extend virtual disk
Modify device settings
Query fault tolerance compatibity
Query unowned files
Reload from path
Remove disk
Rename
Reset guest information
Set annotation
Toggle disk change tracking
Toggle fork parent
Upgrade VM compatibility| +| Edit Inventory | Create from existing
Create new
Move
Register
Remove
Unregister | +| Guest Operations | Alias modification
Alias query
Modify guest operations
Invoke programs
Queries | +| Interaction | Console Interaction
Power on/off | +| Provisioning | Allow disk access
Allow file access
Allow read-only disk access
Allow VM download
Allow VM files upload
Clone template
Clone VM
Create template from VM
Customize guest
Deploy template
Mark as template
Mark as VM
Modify customization specification
Promote disks
Read customization specifications | +| Service Configuration| Allow notifications
Allow polling of global event notifications
Manage service configurations
Modify service configurations
Query service configurations
Read service configurations | +| Snapshot Management | Create snapshot
Remove snapshot
Rename snapshot
Revert to snapshot | +| Sphere Replication | Configure replication
Manage replication
Monitor replication | +| vSAN | Cluster: ShallowRekey | + + + + + + + + + +| **vSphere Object**| **Privileges** | +|-------------------|---------------------------------------------| +| **CNS** | Searchable | +| **Datastore** | Allocate space
Browse datastore
Low-level file operations
Remove file
Update VM files
Update VM metadata | +| **Folder** | Create Folder
Delete folder
Move folder
Rename folder| +| **Host** | Local operations: Reconfigure VM | +| **Network** | Assign network | +| **Resource** | Apply recommendation
Assign VM to resource pool
Migrate powered off VM
Migrate powered on VM
Query vMotion | +| **Profile-driven storage** | Profile-driven storage view | +| **Sessions** | Validate session | +| **spectro-templates** | Read only. This is the vSphere folder created during the install. For airgap installs, you must manually create this folder. | +| **Storage views** | Configure service
View | +| **Tasks** | Create task
Update task | +| **vApp** | Import
View OVF environment
Configure vAPP applications
Configure vApp instances | +| **vSphere tagging** | Assign or unassign vSphere Tag
Create vSphere Tag
Delete vSphere Tag
Edit vSphere Tag | + + + +The following table lists spectro role privileges for VMs by category. All privileges are for the vSphere object, Virtual Machines. + + **Category** | **Privileges** | +|-------------------|-------------| +| Change Configuration | Acquire disk lease
Add existing disk
Add new disk
Add or remove device
Advanced configuration
Change CPU count
Change memory
Change Settings
Change Swapfile placement
Change resource
Change host USB device
Configure Raw device
Configure managedBy
Display connection settings
Extend virtual disk
Modify device settings
Query fault tolerance compatibity
Query unowned files
Reload from path
Remove disk
Rename
Reset guest information
Set annotation
Toggle disk change tracking
Toggle fork parent
Upgrade VM compatibility| +| Edit Inventory | Create from existing
Create new
Move
Register
Remove
Unregister | +| Guest Operations | Alias modification
Alias query
Modify guest operations
Invoke programs
Query guest operations | +| Interaction | Console Interaction
Power on/off | +| Provisioning | Allow disk access
Allow file access
Allow read-only disk access
Allow VM download
Allow VM upload
Clone template
Clone VM
Create template from VM
Customize guest
Deploy template
Mark as template
Modify customization specifications
Promote disks
Read customization specifications | +| Service Configuration| Allow notifications
Allow polling of global event notifications
Manage service configurations
Modify service configurations
Query service configurations
Read service configurations | +| Snapshot Management | Create snapshot
Remove snapshot
Rename snapshot
Revert to snapshot | +| vSphere Replication | Configure replication
Manage replication
Monitor replication | +| vSAN | Cluster
ShallowRekey | + + + + + + + + + +| **vSphere Object**| **Privileges** | +|-------------------|---------------------------------------------| +| **CNS** | Searchable | +| **Datastore** | Allocate space
Browse datastore
Low-level file operations
Remove file
Update VM files
Update VM metadata | +| **Folder** | Create Folder
Delete folder
Move folder
Rename folder| +| **Host** | Local operations: Reconfigure VM | +| **Network** | Assign network | +| **Profile-driven storage** | Profile-driven storage view | +| **Resource** | Apply recommendation
Assign VM to resource pool
Migrate powered off VM
Migrate powered on VM
Query vMotion | +| **Sessions** | Validate session | +| **spectro-templates** | Read only. This is the vSphere folder created during the install. For airgap installs, you must manually create this folder. | +| **Storage views** | View | +| **Tasks** | Create task
Update task | +| **vApp** | Import
View OVF environment
Configure vAPP applications
Configure vApp instances | +| **vSphere tagging** | Assign or unassign vSphere Tag
Create vSphere Tag
Delete vSphere Tag
Edit vSphere Tag | + + + +The following table lists spectro role privileges for VMs by category. All privileges are for the vSphere object, Virtual Machines. + + **Category** | **Privileges** | +---------------------|--------------------| +|Change Configuration | Acquire disk lease
Add existing disk
Add new disk
Add or remove device
Advanced configuration
Change CPU count
Change memory
Change Settings
Change Swapfile placement
Change resource
Change host USB device
Configure Raw device
Configure managedBy
Display connection settings
Extend virtual disk
Modify device settings
Query fault tolerance compatibity
Query unowned files
Reload from path
Remove disk
Rename
Reset guest information
Set annotation
Toggle disk change tracking
Toggle fork parent
Upgrade VM compatibility| +|Edit Inventory | Create from existing
Create new
Move
Register
Remove
Unregister | +|Guest Operations | Alias modification
Alias query
Modify guest operations
Invoke programs
Query guest operations | +|Interaction | Console Interaction
Power on/off | +|Provisioning | Allow disk access
Allow file access
Allow read-only disk access
Allow VM download
Allow VM upload
Clone template
Clone VM
Create template from VM
Customize guest
Deploy template
Mark as template
Modify customization specifications
Promote disks
Read customization specifications | +|Service Configuration| Allow notifications
Allow polling of global event notifications
Manage service configurations
Modify service configurations
Query service configurations
Read service configurations | +| Snapshot Management | Create snapshot
Remove snapshot
Rename snapshot
Revert to snapshot | +|vSphere Replication | Configure replication
Manage replication
Monitor replication | +| vSAN | Cluster
ShallowRekey | + + + + + + + + +## Zone Tagging +You can use tags to create node zones and regions for your Kubernetes clusters. The node zones and regions can be used to dynamically place Kubernetes workloads and achieve higher availability. Kubernetes nodes inherit the zone and region tags as [Labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). Kubernetes workloads can use the node labels to ensure that the workloads are deployed to the correct zone and region. + +The following is an example of node labels that are discovered and inherited from vSphere tags. The tag values are applied to Kubernetes nodes in vSphere. + +```yaml hideClipboard + topology.kubernetes.io/region=usdc + topology.kubernetes.io/zone=zone3 + failure-domain.beta.kubernetes.io/region=usdc + failure-domain.beta.kubernetes.io/zone=zone3 +``` + + +:::info + +To learn more about node zones and regions, refer to the [Node Zones/Regions Topology](https://cloud-provider-vsphere.sigs.k8s.io/cloud_provider_interface.html) section of the Cloud Provider Interface documentation. + +::: + + +Zone tagging is required to install Palette and is helpful for Kubernetes workloads deployed in vSphere clusters through Palette if they have persistent storage needs. Use vSphere tags on data centers and compute clusters to create distinct zones in your environment. You can use vSphere [Tag Categories and Tags](https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-vcenter-esxi-management/GUID-16422FF7-235B-4A44-92E2-532F6AED0923.html) to create zones in your vSphere environment and assign them to vSphere objects. + + +The zone tags you assign to your vSphere objects, such as a datacenter and clusters are applied to the Kubernetes nodes you deploy through Palette into your vSphere environment. Kubernetes clusters deployed to other infrastructure providers, such as public cloud may have other native mechanisms for auto discovery of zones. + +For example, assume a vCenter environment contains three compute clusters, cluster-1, cluster-2, and cluster-3. To support this environment you create the tag categories `k8s-region` and `k8s-zone`. The `k8s-region` is assigned to the datacenter, and the `k8s-zone` tag is assigned to the compute clusters. + +The following table lists the tag values for the data center and compute clusters. + +| **vSphere Object** | **Assigned Name** | **Tag Category** | **Tag Value** | +|------------------- |--------------------|------------------|---------------| +| **Datacenter** | dc-1 | k8s-region | region1 | +| **Cluster** | cluster-1 | k8s-zone | az1 | +| **Cluster** | cluster-2 | k8s-zone | az2 | +| **Cluster** | cluster-3 | k8s-zone | az3 | + + +Create a tag category and tag values for each datacenter and cluster in your environment. Use the tag categories to create zones. Use a name that is meaningful and that complies with the tag requirements listed in the following section. + +### Tag Requirements + +The following requirements apply to tags: + +- A valid tag must consist of alphanumeric characters. + + +- The tag must start and end with an alphanumeric characters. + + +- The regex used for tag validation is `(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?` \ No newline at end of file diff --git a/docs/docs-content/enterprise-version/install-palette/install-palette.md b/docs/docs-content/enterprise-version/install-palette/install-palette.md new file mode 100644 index 0000000000..e82205846d --- /dev/null +++ b/docs/docs-content/enterprise-version/install-palette/install-palette.md @@ -0,0 +1,89 @@ +--- +sidebar_label: "Installation" +title: "Installation" +description: "Review Palette system requirements and learn more about the various install methods." +icon: "" +hide_table_of_contents: false +tags: ["palette", "self-hosted"] +--- + + +Palette is available as a self-hosted application that you install in your environment. The self-hosted version is a dedicated Palette environment hosted on VMware instances or in an existing Kubernetes cluster. Palette is available in the following modes: + +| **Supported Platform** | **Description** | **Install Guide** | +|------------------------|------------------------------------| ------------------| +| VMware | Install Palette in VMware environment. | [Install on VMware](install-on-vmware/install-on-vmware.md) | +| Kubernetes | Install Palette using a Helm Chart in an existing Kubernetes cluster. | [Install on Kubernetes](install-on-kubernetes/install.md) | + + + + +The next sections provide sizing guidelines we recommend you review before installing Palette in your environment. + + + +## Size Guidelines + +This section lists resource requirements for Palette for various capacity levels. In Palette VerteX, the terms *small*, *medium*, and *large* are used to describe the instance size of worker pools that Palette is installed on. The following table lists the resource requirements for each size. + + +
+ +:::caution + +The recommended maximum number of deployed nodes and clusters in the environment should not be exceeded. We have tested the performance of Palette with the recommended maximum number of deployed nodes and clusters. Exceeding these limits can negatively impact performance and result in instability. The active workload limit refers to the maximum number of active nodes and pods at any given time. + +::: + +
+ + + +| **Size** | **Nodes**| **CPU**| **Memory**| **Storage**| **MongoDB Storage Limit**| **MongoDB Memory Limit**| **MongoDB CPU Limit** |**Total Deployed Nodes**| **Deployed Clusters with 10 Nodes**| +|----------|----------|--------|-----------|------------|--------------------|-------------------|------------------|----------------------------|----------------------| +| Small | 3 | 8 | 16 GB | 60 GB | 20 GB | 4 GB | 2 | 1000 | 100 | +| Medium (Recommended) | 3 | 16 | 32 GB | 100 GB | 60 GB | 8 GB | 4 | 3000 | 300 | +| Large | 3 | 32 | 64 GB | 120 GB | 80 GB | 12 GB | 6 | 5000 | 500 | + + +#### Instance Sizing + +| **Configuration** | **Active Workload Limit** | +|---------------------|---------------------------------------------------| +| Small | Up to 1000 Nodes each with 30 Pods (30,000 Pods) | +| Medium (Recommended) | Up to 3000 Nodes each with 30 Pods (90,000 Pods)| +| Large | Up to 5000 Nodes each with 30 Pods (150,000 Pods) | + + + +## Proxy Requirements + +- A proxy used for outgoing connections should support both HTTP and HTTPS traffic. + + +- Allow connectivity to domains and ports in the table. + +
+ + | **Top-Level Domain** | **Port** | **Description** | + |----------------------------|----------|-------------------------------------------------| + | spectrocloud.com | 443 | Spectro Cloud content repository and pack registry | + | s3.amazonaws.com | 443 | Spectro Cloud VMware OVA files | + | gcr.io | 443 | Spectro Cloud and common third party container images | + | ghcr.io | 443 | Kubernetes VIP images | + | docker.io | 443 | Common third party content | + | googleapis.com | 443 | For pulling Spectro Cloud images | + | docker.com | 443 | Common third party container images | + | raw.githubusercontent.com | 443 | Common third party content | + | projectcalico.org | 443 | Calico container images | + | quay.io | 443 | Common third-party container images | + | grafana.com | 443 | Grafana container images and manifests | + | github.com | 443 | Common third party content | + +## Resources + +- [Install on VMware](install-on-vmware/install-on-vmware.md) + +- [Install on Kubernetes](install-on-kubernetes/install.md) + +- [Architecture Diagram and Network Ports](../../architecture/networking-ports.md#self-hosted-network-communications-and-ports) \ No newline at end of file diff --git a/docs/docs-content/enterprise-version/system-management/_category_.json b/docs/docs-content/enterprise-version/system-management/_category_.json new file mode 100644 index 0000000000..455b8e4969 --- /dev/null +++ b/docs/docs-content/enterprise-version/system-management/_category_.json @@ -0,0 +1,3 @@ +{ + "position": 20 +} diff --git a/docs/docs-content/enterprise-version/system-management/backup-restore.md b/docs/docs-content/enterprise-version/system-management/backup-restore.md new file mode 100644 index 0000000000..5811fe9c90 --- /dev/null +++ b/docs/docs-content/enterprise-version/system-management/backup-restore.md @@ -0,0 +1,147 @@ +--- +sidebar_label: "Backup and Restore" +title: "Backup and Restore" +description: "Learn how to enable backup and restore for self-hosted Palette." +icon: "" +hide_table_of_contents: false +sidebar_position: 50 +tags: ["palette", "management", "self-hosted", "backup", "restore"] +--- + +You can enable backup and restore for your self-hosted Palette cluster to ensure that your Palette configuration data is backed up and can be restored in case of a disaster or a cluster failure. Palette supports two backup modes: + +* File Transfer Protocol (FTP) - Send the backup data of your enterprise cluster to a dedicated FTP server. Refer to the [FTP](#ftp) section for more information. + + +* Amazon Simple Storage Service (S3) - Send the backup data of your enterprise cluster to object storage using AWS S3. Refer to the [S3](#s3) section for more information. + + +## FTP + +Use the following instructions to configure FTP backup for your enterprise cluster. + +### Prerequisites + +* A dedicated FTP server with sufficient storage space to store the backup data. + + +* Credentials to access the FTP server. + + +### Instructions + +1. Log in to [Palette](https://console.spectrocloud.com) as an administrator. Refer to the [Access the System Console](../system-management/system-management.md#access-the-system-console) section for more information. + + +2. From the left **Main Menu**, select **Administration**. + + +3. Click on the **Backup/Restore** tab. + + +4. Select the **FTP** tab and fill out the following fields: + + | **Field** | **Description** | + | --- | --- | + | **Server** | The FTP server URL. | + | **Directory** | The directory name for the backup storage. | + | **Username** | The username to log in to the FTP server. | + | **Password** | The password to log in to the FTP server. | + | **Interval** | The number of days between backups. | + | **Retention Period** | The number of days to retain the backup. | + | **Hours of the day** | The time of the day to take the backup. The time of day is in UTC format. | + + +5. Click on **Validate** to validate the FTP server configuration. If the validation is successful, the **Save** button is enabled. Otherwise, an error message is displayed. In case of an error, correct verify the FTP server configuration and click on **Validate** again. + + +### Validate + +Validation is part of the backup configuration wizard. You can verify that a backup initiates at the scheduled time and is successfully uploaded to the FTP server. + + +## S3 + +Use the following instructions to configure S3 backup for your enterprise cluster. + + + +### Prerequisites + +- An Amazon Web Services (AWS) account. + +- An AWS S3 bucket. + +- An AWS IAM user with the following IAM permissions attached. Ensure you replace the bucket name in the `Resource` field with the name of your S3 bucket. + + ```json + { + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "s3Permissions", + "Effect": "Allow", + "Action": [ + "s3:GetObject", + "s3:DeleteObject", + "s3:PutObject", + "s3:AbortMultipartUpload", + "s3:ListMultipartUploadParts" + ], + "Resource": [ + "arn:aws:s3:::REPLACE_ME_WITH_YOUR_BUCKET_NAME", + "arn:aws:s3:::REPLACE_ME_WITH_YOUR_BUCKET_NAME/*" + ] + }, + { + "Sid": "ec2Permissions", + "Effect": "Allow", + "Action": [ + "ec2:DescribeVolumes", + "ec2:DescribeSnapshots", + "ec2:CreateTags", + "ec2:CreateVolume", + "ec2:CreateSnapshot", + "ec2:DeleteSnapshot" + ], + "Resource": [ + "*" + ] + } + ] + } + ``` + + +- Credentials to the IAM user. You need the AWS access key ID and the AWS secret access key. + + +### Instructions + +1. Log into the Palette system console as an administrator. Refer to the [Access the System Console](../system-management/system-management.md#access-the-system-console) section for more information. + + +2. From the left **Main Menu**, select **Administration**. + + +3. Click on the **Backup/Restore** tab. + + +4. Select the **FTP**tab and fill out the following fields: + + | **Field** | **Description** | + | --- | --- | + | **Server** | The FTP server URL. | + | **Directory** | The directory name for the backup storage. | + | **Username** | The username to log in to the FTP server. | + | **Password** | The password to log in to the FTP server. | + | **Interval** | The number of days between backups. | + | **Retention Period** | The number of days to retain the backup. | + | **Hours of the day** | The time of the day to take the backup. The time of day is in UTC format. | + + +5. Click on **Validate** to validate the S3 configuration. If the validation is successful, the **Save** button is enabled. Otherwise, an error message is displayed. In case of an error, correct verify the S3 configuration and click on **Validate** again. + +### Validate + +Validation is part of the backup configuration wizard. You can validate a backup initiates at the scheduled time and successfully uploads to the S3 bucket. \ No newline at end of file diff --git a/docs/docs-content/enterprise-version/system-management/reverse-proxy.md b/docs/docs-content/enterprise-version/system-management/reverse-proxy.md new file mode 100644 index 0000000000..f74d3e3833 --- /dev/null +++ b/docs/docs-content/enterprise-version/system-management/reverse-proxy.md @@ -0,0 +1,255 @@ +--- +sidebar_label: "Configure Reverse Proxy" +title: "Configure Reverse Proxy" +description: "Learn how to configure a reverse proxy for Palette." +icon: "" +hide_table_of_contents: false +sidebar_position: 40 +tags: ["palette", "management"] +--- + + + +You can configure a reverse proxy for Palette. The reverse proxy can be used by host clusters deployed in a private network. Host clusters deployed in a private network are not accessible from the public internet or by users in different networks. You can use a reverse proxy to access the cluster's Kubernetes API server from a different network. + +When you configure reverse proxy server for Palette, clusters that use the [Spectro Proxy pack](../../integrations/frp.md) will use the reverse proxy server address in the kubeconfig file. Clusters not using the Spectro Proxy pack will use the default cluster address in the kubeconfig file. + + +Use the following steps to configure a reverse proxy server for Palette. + +## Prerequisites + + +- [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) is installed and available. + + +- [Helm](https://helm.sh/docs/intro/install/) is installed and available. + + +- Access to the kubeconfig file of the Palette Kubernetes cluster. You can download the kubeconfig file from the Palette system console. Navigate to **Enterprise System Migration**, select the Palette cluster, and click the **Download Kubeconfig** button for the cluster. + + +- A domain name that you can use for the reverse proxy server. You will also need access to the DNS records for the domain so that you can create a CNAME DNS record for the reverse proxy server load balancer. + + +- Ensure you have an SSL certificate that matches the domain name you will assign to Spectro Proxy. You will need this to enable HTTPS encryption for the Spectro Proxy. Contact your network administrator or security team to obtain the SSL certificate. You need the following files: + - x509 SSL certificate file in base64 format. + + - x509 SSL certificate key file in base64 format. + + - x509 SSL certificate authority file in base64 format. + + +- The Spectro Proxy server must have internet access and network connectivity to the private network where the Kubernetes clusters are deployed. + + +## Enablement + +1. Open a terminal session and navigate to the directory where you stored the **values.yaml** for the Palette installation. + + +2. Use a text editor and open the **values.yaml** file. Locate the `frps` section and update the following values in the **values.yaml** file. Refer to the [Spectro Proxy Helm Configuration](../install-palette/install-on-kubernetes/palette-helm-ref.md#spectro-proxy) to learn more about the configuration options. + +
+ + | **Parameter** | **Description** | **Type** | + | --- | --- | ---| + | `enabled`| Set to `true` to enable the Spectro Proxy server. | boolean | + | `frps.frpHostURL`| The domain name you will use for the Spectro Proxy server. For example, `frps.palette.example.com`. | + | `server.crt`| The x509 SSL certificate file in base64 format. | + | `server.key`| The x509 SSL certificate key file in base64 format. | + | `ca.crt`| The x509 SSL certificate authority file in base64 format. | + +
+ + The following is an example of the `frps` section in the **values.yaml** file. The SSL certificate files are truncated for brevity. + +
+ + ```yaml + frps: + frps: + enabled: true + frpHostURL: "frps.palette.example.com" + server: + crt: "LS0tLS1CRU...........tCg==" + key: "LS0tLS1CRU...........tCg==" + ca: + crt : "LS0tLS1CRU...........tCg==" + ``` + + +3. Issue the `helm upgrade` command to update the Palette Kubernetes configuration. The command below assumes you in the folder that contains the **values.yaml** file and the Palette Helm chart. Change the directory path if needed. + +
+ + ```bash + helm upgrade --values values.yaml hubble spectro-mgmt-plane-0.0.0.tgz --install + ``` + + +4. After the new configurations are accepted, use the following command to get the Spectro Proxy server's load balancer IP address. + +
+ + ```bash + kubectl get svc --namespace proxy-system spectro-proxy-svc + ``` +5. Update the DNS records for the domain name you used for the Spectro Proxy server. Create a CNAME record that points to the Spectro Proxy server's load balancer IP address. + + +6. Log in to the Palette System API by using the `/v1/auth/syslogin` endpoint. Use the `curl` command below and replace the URL with the custom domain URL you assigned to Palette or use the IP address. Ensure you replace the credentials below with your system console credentials. + +
+ + ```bash + curl --insecure --location 'https://palette.example.com/v1/auth/syslogin' \ + --header 'Content-Type: application/json' \ + --data '{ + "password": "**********", + "username": "**********" + }' + ``` + Output + ```json hideClipboard + { + "Authorization": "**********.", + "IsPasswordReset": true + } + ``` + +7. Using the output you received, copy the authorization value to your clipboard and assign it to a shell variable. Replace the authorization value below with the value from the output. + +
+ + ```shell hideClipboard + TOKEN=********** + ``` + +8. Next, prepare a payload for the`/v1/system/config/` endpoint. This endpoint is used to configure Palette to use a reverse proxy. The payload requires the following parameters: + +
+ + | **Parameter** | **Description** | **Type** | + | --- | --- | --- | + | `caCert`| The x509 SSL certificate authority file in base64 format. | string | + | `clientCert`| The x509 SSL certificate file in base64 format. | string | + | `clientKey`| The x509 SSL certificate key file in base64 format. | string | + | `port` | The port number for the reverse proxy server. We recommend using port `443`. | integer | + | `protocol` | The protocol to use for the reverse proxy server. We recommend using `https`. | string | + | `server`| The domain name you will use for the Spectro Proxy server. For example, `frps.palette.example.com`. Don't include the HTTP schema in the value. | string | + + The following is an example payload. The SSL certificate files are truncated for brevity. + +
+ + ```json hideClipboard + { + "caCert": "-----BEGIN CERTIFICATE-----\n.............\n-----END CERTIFICATE-----", + "clientCert": "-----BEGIN CERTIFICATE-----\n..........\n-----END CERTIFICATE-----", + "clientKey": "-----BEGIN RSA PRIVATE KEY-----\n........\n-----END RSA PRIVATE KEY-----", + "port": 443, + "protocol": "https", + "server": "frps.palette.example.com.com" + } + ``` + + :::info + + You can save the payload to a file and use the `cat` command to read the file contents into the `curl` command. For example, if you save the payload to a file named `payload.json`, you can use the following command to read the file contents into the `curl` command. You can also save the payload as a shell variable and use the variable in the `curl` command. + + ::: + + +
+ +9. Issue a PUT request using the following `curl` command. Replace the URL with the custom domain URL you assigned to Palette or use the IP address. You can use the `TOKEN` variable you created earlier for the authorization header. Ensure you replace the payload below with the payload you created in the previous step. + +
+ + ```bash + curl --insecure --silent --include --output /dev/null -w "%{http_code}" --location --request PUT 'https://.example.com/v1/system/config/reverseproxy' \ + --header "Authorization: $TOKEN" \ + --header 'Content-Type: application/json' \ + --data ' { + "caCert": "-----BEGIN CERTIFICATE-----\n................\n-----END CERTIFICATE-----\n", + "clientCert": "-----BEGIN CERTIFICATE-----\n.............\n-----END CERTIFICATE-----", + "clientKey": "-----BEGIN RSA PRIVATE KEY-----\n............\n-----END RSA PRIVATE KEY-----\n", + "port": 443, + "protocol": "https", + "server": "frps.palette.example.com.com" + }' + ``` + + A successful response returns a `204` status code. + + Output + ```shell hideClipboard + 204 + ``` + +You now have a Spectro Proxy server that you can use to access Palette clusters deployed in a different network. Make sure you add the [Spectro Proxy pack](../../integrations/frp.md) to the clusters you want to access using the Spectro Proxy server. + + +## Validate + +Use the following command to validate that the Spectro Proxy server is active. + +
+ + + +1. Open a terminal session. + + +2. Log in to the Palette System API by using the `/v1/auth/syslogin` endpoint. Use the `curl` command below and replace the URL with the custom domain URL you assigned to Palette or use the IP address. Ensure you replace the credentials below with your system console credentials. + +
+ + ```bash + curl --insecure --location 'https://palette.example.com/v1/auth/syslogin' \ + --header 'Content-Type: application/json' \ + --data '{ + "password": "**********", + "username": "**********" + }' + ``` + Output + ```json hideClipboard + { + "Authorization": "**********.", + "IsPasswordReset": true + } + ``` + +3. Using the output you received, copy the authorization value to your clipboard and assign it to a shell variable. Replace the authorization value below with the value from the output. + +
+ + ```shell hideClipboard + TOKEN=********** + ``` + +4. Query the system API endpoint `/v1/system/config/reverseproxy` to verify the current reverse proxy settings applied to Palette. Use the `curl` command below and replace the URL with the custom domain URL you assigned to Palette or use the IP address. You can use the `TOKEN` variable you created earlier for the authorization header. + +
+ + ```bash + curl --location --request GET 'https://palette.example.com/v1/system/config/reverseproxy' \ + --header "Authorization: $TOKEN" + ``` + + If the proxy server is configured correctly, you will receive an output similar to the following containing your settings. The SSL certificate outputs are truncated for brevity. + +
+ + ```json hideClipboard + { + "caCert": "-----BEGIN CERTIFICATE-----\n...............\n-----END CERTIFICATE-----\n", + "clientCert": "-----BEGIN CERTIFICATE-----\n...........\n-----END CERTIFICATE-----", + "clientKey": "-----BEGIN RSA PRIVATE KEY-----\n........\n-----END RSA PRIVATE KEY-----\n", + "port": 443, + "protocol": "https", + "server": "frps.palette.example.com" + } + ``` \ No newline at end of file diff --git a/docs/docs-content/enterprise-version/system-management/ssl-certificate-management.md b/docs/docs-content/enterprise-version/system-management/ssl-certificate-management.md new file mode 100644 index 0000000000..55089d8daf --- /dev/null +++ b/docs/docs-content/enterprise-version/system-management/ssl-certificate-management.md @@ -0,0 +1,84 @@ +--- +sidebar_label: "SSL Certificate Management" +title: "SSL Certificate" +description: "Upload and manage SSL certificates in Palette." +icon: "" +hide_table_of_contents: false +sidebar_position: 30 +tags: ["palette", "management"] +--- + + +When you install Palette, a self-signed certificate is generated and used by default. You can upload your own SSL certificate to replace the default certificate. + +Palette uses SSL certificates to secure external communication. Internal components communication is by default secured and use HTTPS. External communication with Palette, such as the system console, gRPC endpoint, and API endpoint, requires you to upload an SSL certificate to enable HTTPS. + + +:::info + +Enabling HTTPS is a non-disruptive operation. You can enable HTTPS at any time without affecting the system's functionality. + +::: + + +## Upload an SSL Certificate + +You can upload an SSL certificate in Palette by using the following steps. + + +### Prerequisites + +- Access to the Palette system console. + + +- You need to have an x509 certificate and a key file in PEM format. The certificate file must contain the full certificate chain. Reach out to your network administrator or security team if you do not have these files. + + +- Ensure the certificate is created for the custom domain name you specified for your Palette installation. If you did not specify a custom domain name, the certificate must be created for the Palette system console's IP address. You can also specify a load balancer's IP address if you are using a load balancer to access Palette . + + +### Enablement + +1. Log in to the Palette system console. + + +2. Navigate to the left **Main Menu** and select **Administration**. + + +3. Select the tab titled **Certificates**. + + +4. Copy and paste the certificate into the **Certificate** field. + + +5. Copy and paste the certificate key into the **Key** field. + + +6. Copy and paste the certificate authority into the **Certificate authority** field. + + +
+ + ![A view of the certificate upload screen](/palette_system-management_ssl-certifiacte-management_certificate-upload.png) + +
+ +7. Save your changes. + +If the certificate is invalid, you will receive an error message. Once the certificate is uploaded successfully, Palette will refresh its listening ports and start using the new certificate. + + +### Validate + +You can validate that your certificate is uploaded correctly by using the following steps. + +
+ + +1. Log out of the Palette system console. If you are already logged in, log out and close your browser session. Browsers cache connections and may not use the newly enabled HTTPS connection. Closing your existing browser session avoids issues related to your browser caching an HTTP connection. + + +2. Log back into the Palette system console. Ensure the connection is secure by checking the URL. The URL should start with `https://`. + + +Palette is now using your uploaded certificate to create a secure HTTPS connection with external clients. Users can now securely access the system console, gRPC endpoint, and API endpoint. \ No newline at end of file diff --git a/docs/docs-content/enterprise-version/system-management/system-management.md b/docs/docs-content/enterprise-version/system-management/system-management.md new file mode 100644 index 0000000000..0aa581280e --- /dev/null +++ b/docs/docs-content/enterprise-version/system-management/system-management.md @@ -0,0 +1,69 @@ +--- +sidebar_label: "System Management" +title: "System Management" +description: "Manage your Palette system settings." +icon: "" +hide_table_of_contents: false +sidebar_position: 20 +tags: ["palette", "self-hosted", "management"] +--- + +Palette contains many system settings you can configure to meet your organization's needs. These settings are available at the system level and are applied to all [tenants](../../glossary-all.md#tenant) in the system. + + + +:::caution + +Exercise caution when changing system settings, as the changes will be applied to all tenants in the system. + +::: + + + +## System Console + +The system console enables you to complete the initial setup and onboarding and manage the overall Palette environment. + +### Access the System Console + +You can access the system console by visiting the IP address or the custom domain name assigned to your Palette cluster and appending the `/system` path to the URL. For example, if your Palette cluster is hosted at `https://palette.abc.com`, you can access the system console at `https://palette.abc.com/system`. + + +## Administration and Management + +Platform administrators can use this console to perform the following operations: + +- Configure and manage SMTP settings. + +- Configure and manage Pack registries. + +- [Configure and manage SSL certificates](ssl-certificate-management.md). + +- [Enable backup and restore](backup-restore.md). + +- Configure DNS settings. + +- Setup alerts and notifications. + +- Enable metrics collection. + +- Manage Palette platform upgrades. + +- Configuere login banner. + +- [Manage tenants](tenant-management.md). + +- Manage the Enterprise cluster and the profile layers and pack integrations that makeup the Enterprise cluster. + +Check out the following resources to learn more about these operations. + +## Resources + + +* [Tenant Management](tenant-management.md) + + +* [Configure Reverse Proxy](reverse-proxy.md) + + +* [SSL Certificate Management](ssl-certificate-management.md) diff --git a/docs/docs-content/enterprise-version/system-management/tenant-management.md b/docs/docs-content/enterprise-version/system-management/tenant-management.md new file mode 100644 index 0000000000..c61f856b09 --- /dev/null +++ b/docs/docs-content/enterprise-version/system-management/tenant-management.md @@ -0,0 +1,118 @@ +--- +sidebar_label: "Tenant Management" +title: "Tenant Management" +description: "Learn how to create and remove tenants in Palette." +icon: "" +hide_table_of_contents: false +sidebar_position: 10 +tags: ["palette", "self-hosted", "management"] +--- + + +Tenants are isolated environments in Palette that contain their own clusters, users, and resources. You can create multiple tenants in Palette to support multiple teams or projects. Instructions for creating and removing tenants are provided below. + + +
+ +## Create a Tenant + +You can create a tenant in Palette by following these steps. + + +### Prerequisites + +* Access to the Palette system console. + + +### Enablement + +1. Log in to the Palette system console. + + +2. Navigate to the left **Main Menu** and select **Tenant Management**. + + +3. Click **Create New Tenant**. + + +4. Fill out the **Org Name** and the properties of the admin user by providing the **First Name**, **Last Name**, and **Email**. + + +5. Confirm your changes. + + +6. From the tenant list view, find your newly created tenant and click on the **three dots Menu**. Select **Activate** to activate the tenant. + +
+ + ![View of a tenant activation option](/enterprise-version_system-management_tenant-management_activate-tenant.png) + +
+ +7. A pop-up box will present you with an activation URL. Copy the URL and paste it into your browser to activate the tenant. + + +8. Provide the admin user with a new password. + + +9. Log in to the tenant console using the admin user credentials. + + +### Validate + +1. Log in to Palette. + + +2. Verify that you can access the tenant as the admin user. + + + +## Remove a Tenant + +You can remove a tenant in Palette using the following steps. + +### Prerequisites + +* Access to the Palette system console. + +### Removal + +1. Log in to the Palette system console. + + +2. Navigate to the left **Main Menu** and select **Tenant Management**. + + +3. From the tenant list view, select the tenant you want to remove and click on the **three dots Menu**. + + +4. Select **Delete** to prepare the tenant for removal. + + +5. Click on your tenant's **three dot Menu** and select **Clean up** to remove all the tenant's resources. + +
+ + ![View of a tenant deletion option](/enterprise_version_system-management_tenant-management_remove-tenant.png) + +
+ +:::caution + +If you do not clean up the tenant's resources, such as clusters and Private Cloud Gateways (PCGs), the tenant will remain in a **Deleting** state. You can use **Force Cleanup & Delete** to proceed with deletion without manually cleaning up tenant resources. + +::: + + +After the cleanup process completes, the tenant will be removed from the tenant list view. + +### Validate + + +1. Log in to the Palette system console. Refert to the [Access Palette](../enterprise-version.md#access-palette) section for instructions on how to access the Palette system console. + + +2. Navigate to the left **Main Menu** and select **Tenant Management**. + + +3. Validate that the tenant was removed by checking the tenant list view. \ No newline at end of file diff --git a/docs/docs-content/enterprise-version/upgrade.md b/docs/docs-content/enterprise-version/upgrade.md index c9188e928a..83ca049d57 100644 --- a/docs/docs-content/enterprise-version/upgrade.md +++ b/docs/docs-content/enterprise-version/upgrade.md @@ -5,6 +5,7 @@ description: "Spectro Cloud upgrade notes for specific Palette versions." icon: "" hide_table_of_contents: false sidebar_position: 100 +tags: ["palette", "self-hosted", "upgrade"] --- This page is a reference resource to help you better prepare for a Palette upgrade. Review each version's upgrade notes for more information about required actions and other important messages to be aware of. If you have questions or concerns, reach out to our support team by opening up a ticket through our [support page](http://support.spectrocloud.io/). diff --git a/docs/docs-content/release-notes.md b/docs/docs-content/release-notes.md index 5bd85f2c1e..3d1dc464ba 100644 --- a/docs/docs-content/release-notes.md +++ b/docs/docs-content/release-notes.md @@ -28,7 +28,7 @@ Palette 3.4.0 has various security upgrades, better support for multiple Kuberne #### Breaking Changes -- Installations of self-hosted Palette in a Kubernetes cluster now require [cert-manager](https://cert-manager.io/docs/installation/) to be available before installing Palette. Cert-manager is used to enable Mutual TLS (mTLS) between all of Palette's internal components. Refer to the prerequisites section of [Installing Palette using Helm Charts](enterprise-version/deploying-palette-with-helm.md) guide for more details. +- Installations of self-hosted Palette in a Kubernetes cluster now require [cert-manager](https://cert-manager.io/docs/installation/) to be available before installing Palette. Cert-manager is used to enable Mutual TLS (mTLS) between all of Palette's internal components. Refer to the prerequisites section of [Installing Palette using Helm Charts](enterprise-version/install-palette/install-on-kubernetes/install.md) guide for more details. - Self-hosted Palette for Kubernetes now installs Palette Ingress resources in a namespace that Palette manages. Prior versions of Palette installed internal components ingress resources in the default namespace. Review the [Upgrade Notes](enterprise-version/upgrade.md#palette-34) to learn more about this change and how to upgrade. @@ -606,7 +606,7 @@ Spectro Cloud Palette 2.7 is released with advanced features supporting Windows **Enhancements:** * Palette [Azure CNI Pack](/integrations/azure-cni#azurecni) ensures advanced traffic flow control using Calico Policies for AKS clusters. -* Palette supports the [migration of Private Cloud Gateway (PCG)](/enterprise-version/enterprise-cluster-management#palettepcgmigration) traffic from unhealthy to healthy PCG without compromising service availability. +* Palette supports the [migration of Private Cloud Gateway (PCG)](clusters/clusters.md) traffic from unhealthy to healthy PCG without compromising service availability. * Palette Workspace upgraded with * [Resource Quota](/workspace/workload-features#workspacequota) allocation for Workspaces, Namespaces, and Clusters. * [Restricted Container Images](/workspace/workload-features#restrictedcontainerimages) feature to restrict the accidental deployment of a delisted or unwanted container to a specific namespace. @@ -843,7 +843,7 @@ Our on-premises version gets attention to finer details with this release: - The Spectro Cloud database can now be backed up and restored. - Whereas previous on-premises versions allowed upgrading only to major versions, this release allows upgrading}> Upgrades to the Spectro Cloud platform are published to the Spectro Cloud repository and a notification is displayed on the console when new versions are available. to minor versions of the Spectro Cloud platform. -- Monitoring the installation using the dedicated UI}>The platform installer contains a web application called the Supervisor, to provide detailed progress of the installation. now provides more details when [migrating](/enterprise-version/deploying-an-enterprise-cluster/#migratequickstartmodeclustertoenterprise) from the quick start version to the enterprise version. +- Monitoring the installation using the dedicated UI}>The platform installer contains a web application called the Supervisor, to provide detailed progress of the installation. now provides more details when migrating from the quick start version to the enterprise version. - AWS and GCP clusters can now be provisioned from an on-premises Spectro Cloud system. On the VMware front, we have: @@ -863,7 +863,7 @@ Other new features: In this hotfix, we added: - Compatibility for [Calico 3.16](https://www.projectcalico.org/whats-new-in-calico-3-16/). -- The on-premises version now allows specifying [CIDR for pods](/enterprise-version/deploying-the-platform-installer/#deployplatforminstaller) to allocate them an exclusive IP range. +- The on-premises version now allows specifying CIDR for pods to allocate them an exclusive IP range. - It also allows allocating an IP range in the CIDR format exclusive to the service clusters. The IP ranges for the pods, service clusters, and your IP network must not overlap with one another. This hotfix provides options to prevent node creation errors due to IP conflicts. diff --git a/docs/docs-content/security/product-architecture/self-hosted-operation.md b/docs/docs-content/security/product-architecture/self-hosted-operation.md index d1f9102579..7a75abb317 100644 --- a/docs/docs-content/security/product-architecture/self-hosted-operation.md +++ b/docs/docs-content/security/product-architecture/self-hosted-operation.md @@ -15,7 +15,7 @@ tags: ["security"] In self-hosted operation, where Palette is typically deployed on-prem behind a firewall, you must ensure your environment has security controls. Palette automatically generates security keys at installation and stores them in the management cluster. You can import an optional certificate and private key to match the Fully Qualified Domain Name (FQDN) management cluster. Palette supports enabling disk encryption policies for management cluster virtual machines (VMs) if required. For information about deploying Palette in a self-hosted environment, review the [Self-Hosted Installation](../../enterprise-version/enterprise-version.md) guide. -In self-hosted deployments, the Open Virtualization Appliance (OVA) can operate in stand-alone mode for quick Proof of Concept (POC) or in enterprise mode, which launches a three-node High Availability (HA) cluster as the Palette management cluster. The management cluster provides a browser-based web interface that allows you to set up a tenant and provision and manage tenant clusters. You can also deploy Palette to a Kubernetes cluster by using the Palette Helm Chart. To learn more, review the [Install Using Helm Chart](../../enterprise-version/deploying-palette-with-helm.md) guide. +In self-hosted deployments, the Open Virtualization Appliance (OVA) can operate in stand-alone mode for quick Proof of Concept (POC) or in enterprise mode, which launches a three-node High Availability (HA) cluster as the Palette management cluster. The management cluster provides a browser-based web interface that allows you to set up a tenant and provision and manage tenant clusters. You can also deploy Palette to a Kubernetes cluster by using the Palette Helm Chart. To learn more, review the [Install Using Helm Chart](../../enterprise-version/install-palette/install-on-kubernetes/install.md) guide. The following points apply to self-hosted deployments: diff --git a/redirects.js b/redirects.js index 481eebf04c..236af44460 100644 --- a/redirects.js +++ b/redirects.js @@ -190,6 +190,50 @@ const redirects = [ { from: `/integrations/EKS-D`, to: `/integrations`, + }, + { + from: `/enterprise-version/on-prem-system-requirements`, + to: `/enterprise-version/install-palette`, + }, + { + from: `/enterprise-version/deploying-the-platform-installer`, + to: `/enterprise-version/install-palette`, + }, + { + from: `/enterprise-version/deploying-an-enterprise-cluster`, + to: `/enterprise-version/install-palette`, + }, + { + from: `/enterprise-version/deploying-palette-with-helm`, + to: `/enterprise-version/install-palette/install-on-kubernetes/install` + }, + { + from: `/enterprise-version/helm-chart-install-reference`, + to: `/enterprise-version/install-palette/install-on-kubernetes/palette-helm-ref` + }, + { + from: `/enterprise-version/system-console-dashboard`, + to: `/enterprise-version/system-management` + }, + { + from: `/enterprise-version/enterprise-cluster-management`, + to: `/enterprise-version/system-management` + }, + { + from: `/enterprise-version/monitoring`, + to: `/enterprise-version/system-management` + }, + { + from: `/enterprise-version/air-gap-repo`, + to: `/enterprise-version/install-palette` + }, + { + from: `/enterprise-version/reverse-proxy`, + to: `/enterprise-version/system-management/reverse-proxy` + }, + { + from: `/enterprise-version/ssl-certificate-management`, + to: `/enterprise-version/system-management/ssl-certificate-management` } ]; diff --git a/static/assets/docs/images/enterprise-version_system-management_tenant-management_activate-tenant.png b/static/assets/docs/images/enterprise-version_system-management_tenant-management_activate-tenant.png new file mode 100644 index 0000000000000000000000000000000000000000..32ded138403c47d806c9610695ac81e2d7fa1867 GIT binary patch literal 55901 zcmc%xcT`hN7dDKe+%`}^rHE2Q1VNh86cA8Edan|i0-+Zv0SN?bC{2(ey-4U?=>bA) z)Bur|NR8402>~e~Km@*n-ae1|yzBj~-}?UeSPL;HbLPz6Gkf;FuD$0(80e`VV>rz~ zM@M%|Q$y8=j_!~u9UXna;e)`HARR#g;LnkJ8Wz5Ebc`qVe)si{hkU1_J4>gjdc)-Y z$in!MV3Qf-uD83Fn^+C9d<{EMCr+uW#o27*UeYT4Lsv4W2~;HlgW_<$o% zxZg8Xg$Z1L&wiqcPV=nDuz7qce)oIUy{Da*GzIydJPB^8#L>c1XELM`5>l6g34wY@ z=o1!|!+igr{WD0kIs_=<=g(WGyn~5p%D+C+(cK#|EUTZG}7OXBBhYfAtX}+7FO2SKPCkfz;?g-bg zT5z!!-l7{+qIkKB+PC*`{2{Xpzh2?My{lYmhK9#onF$BdRJ0!o;NroW)#okj7#SIJ z%R*ysuiusheJ@7~W+{iZ=zDrD5&{DQD+}`S#$ew!mbdZ~^FLP8ZErq*zE~D&pIdoa z+Fi2!1T^Pk-qHQn`Lur5u*_NiBd#27o12^Q2?_ke!^82ZsV)u<4zFT5ySjWpwCiQy z=e5et7F$MsettJ&AJyow=gc12m=BfR3O#mOmS+?Y)HqRzPDu60Z}XNn+sbpKM8Mg` zCQJDG2YrDk{H$?5%&ehVaXRJN#LVllzV#R1m!od_h!CI3KAWz@E`2v71ys_mQ!VaR zIirQ$@EU#bH60`7{saPn+S}dTTv(BqThaGw7c#I-Azg9*z62aEqT~J`rPJIO1L_M|o&*Fyt~#v8<&WA;N7rJUBRt7Bn|yqHCQ_APTNIq@Wze;A zYmF$I-Rh^Yp%Z{e)vVY4N2E3$HjshA*$83Ig2OP_+sh2fCLM0{v7J>Om*XACHyb6` z*w|WU2!wifT*Y{7#Y?+E85z&Vwz8f;hf^An+;pt)-&eL#wS6o@PfyRw?VKYkLm%%U zrbN0FO=9%&zt23mBzNyx--2fsZCe3Q1A|W(SIf(;u?*XHx6hoZb^i2P z^E8-=j=}Kv#aF!f2K{Ma!QG-!(JX5T^5h(|DG_0#-h;R`u5IXsV(jVY*a)r7VMQ)Z zB2>H(IX6BC`U-o~8HAtstrrb)hXB}FzstbHR@hYlvxPt~HI@|<*dZ@-l(*(Tpgix{ zPkFFj{ae5OAGb4dNYuSRfcQrW zoBy8q+6$m?c2?Gohf@*#t_$7_3MNtdc!Gui8ecW3MCt|uV> zKds09mS6FW`ZK`-hmLQz41Lzj(F?o%&n!f-!{z1u&^y&D*t2TSCW-gmzFi*X@@vaz$J!?r?QqF^jx}T>bTfmj zA?$GF=C5t-*)E@6M?9`Nc->k^HCf#HqHdaWoWfFbwTYBtchO~D2fwtal$29)(6u69 zhxpbR^V{4`9Wt zxsWG|kG~ei_q_3t@XjkJQ2KfqvIsGUmW=TZq2Bb}(>hHDfpm=}CbDu~yZ_pcJYuSs zDR0WJ)NsF`S!Hk(_WOPbxd4qeC=?p^KdYC}j&*dI%oh*_ds2g8wT$l!#_iK^&F~zZQa9rS5k4aQ}e!5eUI>wJtqLoGSD1z+l z?FE#SCZZi-U&A=Mt48ZQL>@kTIH6~z`?kMfN6{ zP32nQYO~E?VRHjm|IqIqiNSW|p)*;&@mbdAcNC1eF=B11S_wQk=GzFK`inO4{TTG6 z*vSpo`;F~4*zimku}^8O3ipqMsZ&siV2suPvduG=a=lkL6hzG}hN_@+Y4c73~f_ zY|(uG&9&{d0Y^VVgZEUPZo2HsTYBb{-CkgCe)a0?=3H*<^t(g6iP&;Wbog=pX(V+* z3Y{tAmXw!Y&{^j(nrB*S)?edd%z5d~19yDOxI5|F*AFuYLY9>AwySU{c%f;jMdV@A z{>^_h{;Mht?ns`f!FQb1*vxpEf=y6ZQOtW2w0~xT+IY-MPvaJMNK6p~DP& zC!8$2Vzo52f+91a%Z^1<5$-1iU%J>o=D!emKSEpl#f_-RZVY$X47cJ-kty@c@_Wl0 zg_TU5XHi!p^cB78q~xZWqisUWcCb6I5g|ppoJZ>GD5~yRd5&zFaUX<_V==b+%HRsr zHu^(9%riPer<;R&$*1KLU;3kgnI68c6@9PO%i1B=WX<8d(;zB`n_QS=@I2>cH3Wae zZL$X%MLkgH&ZL=ae(0%nEuIF$DqRg4cd6EgD#RAG&HJ?-JtMn7kbh8J!q|5r_hxAD z6f)FfZ>M>5kS@%*Q^h1oOH7n91_x$DGTCLHeCSSaAdOrvaQ5t5({QED>4eFprKQs^ z5%<2T_@+Zh*i^^tml|eL`19c#kp`ymSRvN)`uB!jT%lIRru2W)@p-sL6F1{o2sU9~(m2lDd=&GxOEb~6it$9KMvuYaKo2<z{^n8Yl|C%G^fT4QPa{CTY@Lc<(c z0&<&7z83AAh0{BF=3c~Ug%KV}nw>>hk)VPCjU;keYtY_rZpvQR3GgH~pm0E?*yxSH zz6^PJscYB9J_-9mRA+%b>b$Zto)w-QyrLPg3MD4i%D*=*tb*)biqFat@9XQU3Rtq) zoK5$#%GDsNm@w)$nbc1F)18QD49PUYS@M+_&l1B2Ic$Rs3v^QLv`jMFl7I6eMpStF z+3Kn)hqZX2%_&o^Z=6O%Dir;R8sBuBXXttwPd#{wftx>q1)k%p?kjWMY z$4lk_Imd$9p>t-8pC?wMv|A%er+NmPK=MS5o}PCu{qA=fgw7V{gtoj@odt%wAMYUeJkCZ{(7xPi>Zccg-f~iJNYkBo!T@7^)-23e9^W0OC9N$e7z*mxi1OAiiUe3FuQt=+ z9QjK4MImc5nE?~?L!aN+_n6dy!ii+Rnu5&7hnUmiO&ASfIk^4Cg-sNzr%rrCn^z+T ziu8spL3|~0!5gnFdhxqE0o6K+%JcpC+5%Ei3HlFy^Ob`+b9bVm!kjx~EW$&s3L3Sf zLO^IxN;!m`X-zD`kN^}B6?Y^S#H^291?^Ql0m`%nIP>e$uXqv50>Hn*?v~)SL**tqhy9ys6(2lbh30iyhE&!}>{=k%Q5f8} ze5W4Cc5!9PRR%*hUaltTk%a^>8$2y9FOQ?tC$We&_lbA>-qaMYVfV)3lof$W~#~O8v037L*tV14AF-tWaIAg>gv?Vv%kR{h!8ZxKz&O0Hji*X zjokeq%o!p&5z(TPPO=E!dDC+@^|kzj&apFrg1E$7Q24~~&g<0E=IX)3nubH?s-ji(KONU`8+KYC1L!XR1p%;QDk(gh|63`D5kmc?tBBXjpJo>r@awe~)yne3-}F ze8ve9_BdQ(?TA!ZQI_o>53;17O!q~?a%-4#z1-y!2_|>6Ou3Jg`6kZwbzDd z4IJ>s?zG$CJ2U9Vl6Nf}5d5k#2M!z%Ar6%WAZMN>TZT8rG7W`U=(?cKI+tXJQh_VWqtryVP`TNQnU+7b>dc%j6en$-B;V`B? z&QkvAto1{#Zx6qVn)y%krj&W5rcA{|BB+GmZGpTpMEOiMERYW?%c3{I9CyW|yr~9( z#k<}J0*SxEH;`DQ#VscvWFHT)P8n8G#1|$dY;&}kHL%oT)JsM`+xaca?#!bJ@cs*urIgIbL3*81zi#$#qREV`XnCHRxAw^dB2?>ODgp%tIag|T{0G;b!A zq{!BP^g|?V0T4tpFGV;AI(EdEJ=x-kQS^SCCtt~dsTgjBX~5KF!TBf@s_gcg_pEul z-wDcK61JS}G~d>UTV-lC{r>&kfj30t!4-}(T`y;Yb28;2@!K?N`pPO=0wpa_9HVq> zj7ecvl0dYxdI{!?uIIVJC#blVkJoGuNNU_UE0ypnh_|N&2 zzN8ypQ&--F!TYm(%+*syZo!kHnF>2vzKL$$F>wfEG&HWMh)&M9_H4L!U&xy(2ZCH@ zx0ocqD(`Ean}K0-^&(N~$dFK>53G&yk4)8@%<@AdL8CN<%8U zkRLZn5S3h*=Y&Oyi;J_drRGcR$qHJ7Fu%Fjkd^8~Jb8)2v}-w815;aCONE3}`KJ!J z2Jn^i8K%mgHc`K?^zAKu!AJLrW`z52RV!!tPDx_;Tsg9!yN7s#4WQIT4=vp$ zmLZ?&8Wj_?G4MZ^;6qGY&UG{CUM-h%O(0K-knWTfv;?{ejP9=Y{BMADm=6fmMI|L9 z^kvD`?!C zqI;HKhIg0g`2t7wu4XY!pJZkMI6FLIUI5(_B+nB!f98b16}R0L3X~4sFQ|z^b zRViErjj+n2hm&;=4d`4h-3!bb688^>tSI7=hiATe1XM4XHU;4Q+h?>=yV!F4zjjJDzO6M5PvU^R z!Fs*fxLSi6Wafv4&Y+`0Ek=EIz6TnoG};!RDPVE`-)yU+mXr4R>zk8KdE^Eb1ZDM$ z8=R&5sF)h>Vz3F%qK}TJmoYNd9AmttfwT7sE#!aMxVw$#dZ}JcZka0WQeIaW_2OpqqGGg$!tnfAS2+`Ye|E2L`~+yO%dD(_u1>i9$s7acY|d?bTvbqyARf+qZ8~ z^E&k}Gi7ltADG2i;mRHW)V`T0*^+(1L>rS-z6G^@%APy(oSl+?YRKaa+UzenMB|n{ z#)RWFze*Z~0iN-}bXjZZ?2*qrcO7lYI?A4EYHIE_Uh-IE7LoU;Aow9hN@VvK5l?Gj z8$S~#3vga#m}4N}V7dEcSG<0d1%u(A(EM<*yPs?SqeuHAl(;3V3%L?4LFD{bH)|U= zt6`4#0oW(pybl?GE6f9_o+7?Hh8UH#EfNV&AvBsaJM$6ILOms?=jYKrYtV6Vs&Igt zJ)f)o6|0fCVG-SI5-}~NK^}MOPo6HXs!v#}y1E)XoOCJh4UGqwNtQ@?lLQu*5syky z{AtJacab{DrJZQBrP1(ec%y!DY1o{;=f)5{1~;TqQ^1zH=<3E-GFpyV9@-i=!!?%r zTK~yMsa!n69aqS|YBzZzA0JJ>LcsVN59WZrcaGq;ENNEVsUH~tC&9|j&QoMwX#%j(4ulE)<|m(+sQWo&Woi2b8RRu9-{CMO zOm^wNbR*mEo<8NgE;mlS=(A{`pjRkmp}+02xje%TzcRQxWUnZsDv{Z;uEmi%BbIwE ztjM~C2wNc6FO>@9>)oY!lUinNz3RPfV_?Yo)!Y%|$q`(Wvi>>@(q%i-ax@5P5u|_| zudMM{S--8_gmlt$QC{!&v>mCb&q{8pG@h3fRu%q}w5LMsaC$~E|)naL_^g_O|Eje1r%n}qZ@ zh8if)WopZ47{sZit#6%etuZ2yhhz#08VjwfCj;?`HMQC+S9z2`Uz?npJPa;E+5{=C z``Ss|tXHpG71bJ-sIUL9Et{YD*rdMCratJM8-4h^6n#Dd(-)2uF?uTNit1Ug7Zw(F%r14{bX@_!@OE1{ z%k~X0gCVyK2=(syb9STfHk(=(KW)pH%CMrOC+kJGsBv-YFfuqu93w7Gt}>_$Ks|TL zapovk6nI6bLh7cv+0I({CDmT@!X#VkK$G%$ZBLa4;=)MencLrX8jhm&qkS#kqJL9vnZHtS2##dW8Y`=f? zVd&#+WP_84c6_eM-eMB0kuv3{%I6Ln(w6V1AH-P(5^OX^@=FxchGuQT8##*D>!&MiFm2a%gG-s`|zR#);K#e7<3?`5MwOP2{Tre_;y2y>JcP8@%)=fDg5HsR? zCZ?rmVif*;XUck|xmH396!3Y$vN3iZ;U;k*-Jji)E4P<;rG&euargd?@<&(oEUB;qY;T~gdw^qRn- z^F))f;bcFpS#+i#PLclL(G5#eV1us&@+hj-8ItuSYS58fxzduuwaLbD!oG^?2~ZJ* zao$QNO^Xqa1xW)hW2~I=xWuaHIc*VDWaem1&1zWUM^`rNd^!|6m z9>9p-zgOw(>5<{5seI7yGTA*Fh@>6d^o<%S;M)G6J~}gN7Br2;9!fE*kI{P;6h&!5 z%?v0y+J1sf>ho44h5C=4HBMfrUr#l5!~<*eGR?>|DJSjS<3o5@4$C%ktjby=0~;Jb zb}{7uxH8pyXqgqsnzIhO=*wit?Ojaul`sJy2YIx?mzO+`$mrKHp)G%|rv&d@OU?zC z*Q*R7Z`W+D&@Q3Vnm?O9X^fSmaP_!wd{`$dqRnWR5y}DU_VvkAN|RWd7NjVH;a@XC zeiLQLJzSWdlw`TQyj*qRs#P0}oPfPqr!i1TKfM@h-qF*O+~I|{5kT~Q+JqbTM6`E}5q^KC3ssR{WY7y&`BAp2XL zEzn|ak=DQ#M-}$Bw7IHW;B>By1uMn z=SgH_d3$pE!sb|@c>Dj_pj!@3#O4Z--t#CjIa068y5)gtzs#wDxb=+iR9mW#rwXQbWZwfLak=L_psL1qP~%H5BH zQdMf2kLUUGX)Pc8Q)7JKR&n*(x&HUs>M^dH`F_%8iR_tr7A~3v6+owQ`6WRx)hIAMV@#yZA$i9_=c1o?u|M7D0#O|5!o@YSMpMJAH$!O zmaz1cYqx5fK3}ORjHyjFHN91YEGxNqi9BzUI>GjrBR*WL%PHeJ$Zu*KKJmHXl{ot) zQ;X;%$fC9_@I;88@I5gOIQ=u7geTJ`|H)3~hVJgf0+BkhBKkO-Kyp1|uYZB0Z848F zX=Kfz3lsX)u;?`G5L561u%GVU6H$#KLOG55=G`yo*jNEcu()$IZ~>9)e0yo)A3s8> zA~xajLJs1gr^h4Nb4&xX3?8Vk{`%I+ZHv0Jd*74|uE&sy7E!A`T;6fmxS;)jkm|mF z+gu0m#FvXAs=^K>uTJG3{{0&^cKBln6wCIJup+PgxhKL=uq=k;bF8me4*cq$6%Mhh zDIx@_0f~|Qzb-QLfo!9Vp6q9Z|GM%(Wi3raEtQAkk6Urma%#dV`xp#=HQN*Gzc;+e~4h%b?UdF z?DhIzjqUaNySRpQe~##nmO$Iz1%w`BgQJi$fq`2Hv;Mix*lF`Ciq;pNMpFDv4GWN+GzBmleNn99ns=-11^{$=PhGo|@CXBSwEvHz8JeUUyjYk2R2Ud<7^B z_*n};KyX-Uza8O@&$c~#x^O^PP7WdIyY7RawFHznaCu7W&3_}bBT*k#$U@}flxd(ZYEy*TR5c=-tLsO}Zz3-pKd6A}~sRvV;m z-MUrfvdR;{Ghfj=-uztqgo7fEX`we9SEd#AIbBmS1Q zY)V|*(spU7`&jcRYm#=7M?8%;1l7gRM>#{U`)*^Hunm4w+cKRfJ&dHiXkK@umC~+B z(~SHV(k+`_aRj~Gu!1%3LK@UArUa9^jx7-oHOL+#vj^@c2`Iz7llv zjQ;MWJ^GJBBOlM6XUau(D=c z83kyXi-_I0N%(qh5^Va;H*dF5_<6~TZPCF;M?y_nxT%>7Bi!yGy>b+J&tJw5)@cHsTu;pCN8bNZe&1dOJiG?(zEznc2w#0);-WTC^{w^T>@kr;gR zCGe{X8dxwmO<%>n>J`bH9@7L%HlV-iR?}8O3yd z{cxdswF3P-Rv*yZ_m5tEAY)LrvaNF$IMW6@YVWoVvLpo_juXTBC`MsI=nFLNZwSwi zL25QP%~3El=-TNEPQ8L@koCDH`W8>BrPI-ochWN6w$K*V zb$5T{{+ZReAQ>VdCISlISt+;x{{AE^J|ja=F(@|qLiXlI(4wbQKB;)X$sq?XAGlr4 zw6Y$QIrH|N0pPkW^P4jte3o|ZURRBP&nj7>i^JnkXJ>+Ue6so3pmi?Ene3#vMy~O; zmm>9ACMMCti%i_lg2r14b~jY&JQyYOr@KroXEr&MuZ$8x(#^7|2`7&imQ%!&(mg{a ztYo3x*CG@Wgz$cx0=yw(1BnPwcW(;9#Qz|V^yp=uL9W2}Q1=~eSuID$I$<}308S5v z@gQEPd6M|31GZ^&WRY8eIc>Dey8h;A<;^&fT%XVKr?2;@G)$e%46M8TTw+Tdh_bn4pF$=qX~mL}qmQTii(_0|TLi!Y%aD?#3e$0()Zp z?L+%23hk_MIB{+y*><~Ru-yf(uZ@|yYv{N(cM?~9Oh>9xxJ{tNZ zrJ3w+V<={o5O35YWVF4hAJF28Ek*~eX6jW`d0;cxd`Q{0vS^!W)I@af_qElKS*6EM zb*>D2Afoa;a@n)KUeH7I@}^~F34~yM{F>IbP~XWi7T>HNr24NPb3?`|F6YQmU9Z3O zU&W6H#UwoW=v&~hLs`mxIl8+N**yIHOkmx-Q@)-+>8%p>bbO4h(6L<_r?F8ir-FWO zmTsb_Vq0TYf?^OeS{YCLa`7%Ca%$h>g0yVqU7uINwb~-bXvb1Sg$ey=v5L^$_GE{) zGH}7Cq19p{n0oEgm`?h_rd88!uX=2%o7#y0)N9-OK^g1Yvpu#RS?abpbv~^>c5Ge7 zCOKd8&UY`SW}9=ea3tvxCyXE>QcNtrCZj)ID-_%J9G&Eq1UciM+7|+PGT))ceZYCu zwy{r#(~Se3)dwHQipPoX)^s-m`?`4aIT%P#XGN-hXx;>}c~MbuK&NR7Qh2<;ec<@3 zb^o2kIu3`e?))l|OSjXI6TMaiU}CCNgrvjgH6Kjm0ij)#6(@N!d)#R^!_XFq!Px z6ImxSCpP?anuU!iPUAM2M)fuQuN#VVFQY|BZ%Foo?Trq@Y6!x^0PAGZwqAP%L=o55 z_hvRDZ;?L&1HyEE$rfk?N&IgV10=iH#is4-qA-NHz|5pj`OI>~5+m*6 zo6qz+P?l?#ly|pxW(&Hj7!4IUX7hxj1n!Xilf}o|J3K-ITTR2CK2_^nkQ3>yQt}wb z$$&l~StypxdW($&G4mU8;53x*VG38aypa+2vF9&pN&acR9>;$4dC9GK0?0+Kj2{G0--=5F^p?)8%ig@B2Y6UOX8G3VB6St!976N~=`AvW<% z_!nV}xUS9BFrQ0TO%5K-a_o{*+;zP1F3?zYIG3T)jL$V2ZNk{Wce4;Z_hz+wQz(GU z6lZShWiAj_q*U-h{hW@R93%}DJXn>ili8wr;v@#q>lFA#HS1hzs@&|Rx3Yv2YM*g8 zLh*{%u!xuv5v+zT$OotN<;m|i#w0*5Z8Qi=j0SLdsXNc+ z!OYO{ctFe&@$ohd6_v=3ZGtIeSKQsAGN#Ys2*hTU|F)jXir?~**K5jmVi8s`h$+=K z(KW85zAxSgGfvdzBa*$LP1zEp+&#AKS3txHPu4}hW&<2bNXSDur-Fg`#DxVb;|zqp z3y_i`c4#Q77X{^*+3=O*iU8O-`_qb-{TG3-IZWvG6F;&NmKD0beoL*bgJ8=f$^+XN zIvepiWL;D>z?E+cG01TCSYhy}|EbxF_K$DA?yKp)x z)P}FGXE+1N;T3=4LJ;tGYJE}4Fusi2hBp}rgEC<_c9z3P{_>5c>d##@i~BsRk&aEJ z-`0aGq8JTnh)gr$)SADtE%vW%urxZW(wMQKJ=>WN)i^(Yx*i4s?acS$bTnyEyU@wV z@~M_*_yio@U4p8#mW87Pf7kSq0zrDmUi#3udzzJEp*wy3k+x#;UX7cZ+DYXE(2$GI znH{Q>`I=ntx4zKS)c|6nR?~Q82rYVSosc{eP%l%y)~FSfVeSh1BW!Ot3c5#RML>IX zgS0HOIQ|Imt@aXm1S8D+=GS&)8wV>oI#FB(}e8g=12QG(R)gHP~xJfbk-TiX9w{HLZRP&EPmKT*R zaLK{s&ER@ji8X7{Cvf=%`I=T^oDt8X54r+1*)MRN%!U@M7vPWP3aUjl$j zm|!$xtIpVj(B1QQjteU((JiXUB|HcU_ZR^ZsZ&^7ZxDJ@y&EtW*GD*3lY zUZI6NtQVK`oyu@E(j+80qU zATy6BP>YzoK%!TtlbelAOgl+b zisk{7^np8G4s3&9ZHgx%VxmTdNIba)C+oQ}g6} z30kVEd4Uom95wjnnCMfN`@i>)NS*J#+`$En1u$~htSEhL(Lu(JwAeq(P~x_q;J=`g zau#5=U)*?nu=8U?g2TXUPkcta5wUR$pWS9TdNp|C9tq|e&vot8Bqd6XuB3%!9JTx4 zD7ULGNXUsfr8)+Sy&?_K;iv&Ya(iE(@>f58JE1fQUX);j$_dJg3C5J=0)J@ zEV|FWy_@v$`vFD=T5qPK1*lGZg?c4hQ4oaY^b~VytQ~v(?WBNB6i_cWeNq0(?aB*V zn>THhySDyZ7+jw|t$1S>hO0t899$I(K#B@Eqjb_`drZ$Ectx?JWfmvThJ-|Q3vnsF zmiE{>I_xxV#=JI1X$n}n+-g|WUcW?s{0<+y`dqFdmw&mL4Gsz>z7raM`gXht2*_`o zS9~k&ixrg%%n?$AN}IGjKjXwC&a22y1U(CKi5v-{GY&13a_UXYY}((0(bNch1+qnCeA6etKdt_YfaYy#v|B(aNlwdbvJI=fcZT z*$vfBn=pErS1b?-0Y5)%ynwdVlIhk?4$kf2*Fby~gCP}cBPpc!te^B*){w?6vy#-5rwe+x@Etn)_`o)XWV^7-fWq3+=dje_gVf2U6eFWu6}%GTL_C zlTd|i{;qRpfqxD?>&QT?PQQKkm;((rE(A|B2UZ25*>Uge#2(q%+4Zd1Zat>}^`+@9 zs`c)}t}OzU2l8WHY3pO8@dY^27^4vN@jHMaKMoWC4_84-pFHJ}FbpT|bL3v;WMMg5 ziYtpVEj4c{P#S!!0SX}&omTvoH^A)Ka0zP4%!A;7gI-kJMs$tY^5znxn~Jy(U4jrD z#AF~2-xlP2yO;WT5LS+SY36s-+~!+ew~fTEoh7)q?IJT&q(wy9quJ;Ca-VTh-uU9g zH8pgm1C9;8RWb1xts9S?WQq;HhYX$Lc(4Y$yE-dYA%RUa4JUHk6Vy+&TdW>AK{Sg2 zEm>k3;4>KQFkT%XLEC>XjIl4_f_^%NzO;w%2wZ`olRvOCwz=9vcv`h+3xuts z2%n*gB;N&w)vY^tHCy^M-`W=9H~X5{)NB z-;;(GNxT90HVGYW*?>i>BS(&STeF`$>BKZPcf*c$#~Ub%?&;9W2fx^U9=I*o%&vC% z%^RQTj>}Tk6%%TOtjCm(f30O1qF07~3s_$mp1o5A1gZy$*(=VJ%~V*|_i{zoq25&< zier~pzrwE$c~U%q4edOUYFF;o8J`afYI_!`^mKETfUbD^_H^K-2>O(kzSRedpAp7w zF=sAVH~GIrV3%YBWh=UU29#bE%``5$$%AfEAESj;qnPO&(;g=@#;y~G&@!e{D6dzu zY(Tl}fvyZW-yYh_me4tAoP1Ativ+Ny$5``c*x+0B71RNm5S7{mtaxB?n*l)eX)5*0 z^?KX|I`i4pkLzTGZo)&@jT=}($BZK@BBnVyM#)9Va&AE|8Q^Z5bhm?vJ76WsHg&WN zwHkPWlMQUcyGBtfB;qiyMa(NCji*P#iX^gw{`Kp9M&r~^LH$*xyz|P=B@|^gMyoC6 zjB@}YaAPov3HuA3Po8R(Pl6#=tjyi-62XE85!#izerD(0QO6%0b!DyJNn`k$cUq2eKsv5 zkN=ibb+tA!*4p!PZg$T*4E>>=8#-b){Lc7+6lwBe-wSn8Cr6a`4Q8mAIEj9e7@ETe zj-^V;_;gtzMK9f}PyPDkTVL)1<6E}i=btc{Af?7o@lTxUYmE945uH`e%XU(XPhd*6 znI&e*)JBweq5`;rB6quR4mbKSQ;w8YaOLcsa#2vt=kAMlIp8_%vFN_s_U`1PO%M`L zR{Gmk0p&in)uxcCbG&56slAtfre~IWX1E}`GaWm#Rc#$joQXaSBvwd3YMl4g&|@+6 z7#=C(fcb}+^HPo)4t_wwHR>i4w`~28R})F@CWR{!s3WbhedE*%kg7*gWno(a17U%{ z+~DUD3cF#4n0f3N`ttG|jQw1{79V;cSzQID5GP%F*1o*34ks2VDjqJ+HKV-sxp(gy zfE=r4(0j)MxPtqAUlQeb<%(|8nC?7%!WCbP-N|ds&#E?75189w^O-X!21?u)txzG4 zMQheOtCyE6ilxYXoZ!p=6ZLB(A;RN#d|24YZn?HKMtaa6D;wQI1gkOVMtheUg}BSs4MhS_RpXh|N3*ybt3&CAhK z_{A|b~@R; z<%d0C9nu?yJJ-b0(}xkklC**IGgg1thj!N|plT`Yef7W?@qx?f4m_E=D*Q#yfW8mjVlNGLIW+3 zDQM1o)J?NwfSy=SrtDOUvuY$KRl3ZM>H71z#>S*xx(f$N%jYs=-25ZF-jSpWs~vmd z?Q?QY_yMH>$2naV3&ABkXXPErZJE!rall(i_jvccs*j3}oPA~I!POU+b(e{qxK^{( zG#Fa@56%b<)Za1t^rkDL?kl53vbNSYmM>L%4IfegXaq=!wb%^hOJ0T7bVuAQUC|-| zRI@nBasI>8W4>e(Bga-}>c;&L{998A)!d%4ee3wyFYg|M(Me*njF+LvmQd##t|*B) z{6?E@db1v*@(5IUfXYq3uj z=ZC8cQ*+MESe1|{cXNbQKZxrsFV%MhTd1I-zoH2||KggOCqQCHlK&=5SdP46q8_P4 zd+%i0$lbUIa5f!Jbsw&5*PXTBernxcysCkqU?hw+_OZfc;4F}AJss3@&)AUS!(vfJ z#sl4(2^W1s@6lC@rlt-%`k6YKnaOa^p=;J>{3-{;N$+|G2L~rnFN4=1uLO~1bYEm9 ztFT~Lh3wL9vRrj|h}kCzU6XZRZAj>1&JU)?)diT~tu-#rl4NC?ib&-F7Z)nRs(kb) zz%K@*RZ(`-Cz7A>Y$qQ*EjeygfHV9ttYVe}LURA&wx7PS_7zL5`ZHpniXtPXO6?&~ z$tPJ70p`~rQhq6mf}#~ zRyZUfBPWbgCLl|e1=lk#`=;vD0|lMtNur}d}= zu>=lV&nc)*cHQEI)$-BiZ5s|P*&nc(>+L^p-44*%@c;5eA{OB-%X)<;_!Y-7CqY<* z3X-ijxpatQ8~mZ|da6`FzH}(6bS#(_B~TH%5Wx%{`xw@bAUWd@w`^g#kGr!`YCyI_ zlnNSEvYU1vZiHkD%c;j?@uSV$la^4-@vYjj9WU+FKW^37A@(Q|<6})~jaPCbgTEYw3zfx1P3vJ*eZxWS9 zQ&s%Pjogl$%Da@4vjDYBE7r-XyWL1RC4$VO2+HCZ~6avhr>}LDC*u1<;X|^|M zoW$8stt8!jpldx|7pkA{pk=$B@lyR1*~NSyk@(c=TDTLW+~ zKUpP%aI^MA#7w5hptv$px7_lj@ho(80@al2;vPgvJzLql{!&=A$?uF93YqV+e7N_@ zDEiTXeF6-9O51{I#V#;0RTvVP^}(dDYrHuyR@9==P*9h`0gOkB9gdw5Q(82gyj-(U zlq`Hh!H-LP92z2$tA>fA@djo;I`%6e`Jd%$9i9{*Za_7J`*RYt<3Oo~IrInhUh;i# z>OwLj0e*F!0O|y?o&_u(Td^2mp#@g>`V%R;o_#lyDnA>Eh0UQregWm$g&$>dl~J6A zo_t%*x$Khu-vb<7tuyz3hG|*+9XCoGBat@~css)IuJlMJ98FZs@{gem^yOj9wabfCypAjGv1R=G!3adiW z{Z!|Gl*#mCcE!AU2ui!4n_?91x;b3&!C-g`_F_X~_^cNS7v}RnIv@(Ej;lv(`6wAs zS7XeE<_tz{ch=L^h>8=eukc=slCmBX9tEk$?HI>d*Nbmo{p1iC^W4JA?FSozIM!ROV6uBQC9KEddK_4eiVi zE20ge_7Z{wzI>}6R=7ve{qhBA42Dh9YuEIhU2-)k{w;|>Ip3&dR<_l?M|R;~J?s&-bu%kby&^-$N=WTn0>t9p)pYokwH0^(k?T3N?%O3wp<^CX)|Gc!vQvVOT3lPkr zsf0WsyFykE9=@0*r9^nAzGmOXp*-iY?FPFtLcq$vapMbnW^Nn}Z)48^bsHMlY(FvyD&{@6 zL*9SZH{=IS&8PN7ME_H6u@(Rn_F|M6{(RVdv77cxntfI4iLo-nRZO$gk2{g2nuX55 z`vzV;D9iEtSiz26DE;$cZw2^oHW^*T9>gw1#K9Xz_-_jHxXFr@aSH#{c|*38-{{qX z&hlFW1a{9e7`a>CroEhLFJHDwBWhLs{bdQP|JJ4bSnhz1P5L6plN*clk!_%l%hrsm zLH4`1AYDMc=fE2ySuB%_i;E-FejV6F_mUvLmcS)>ztQ@{=vsrX)TvVfk*>VlT79>h z=9Z!j;SFhik!1d7u^qtip!2e_NrWfA?);%@t1#bZZCvqiFj@GNTP~QpdntDN)X)v} z)5JhwVIUvR-B(J0fqC18;u90k(;ly*0rpHlNJs;CV@IIPzg}Z6^8?9eImXP)5gHmQ zcmLbjL$G@g#=cL-CR0`&XBZHj`cd}pf+kZoyIPB_oLXGPMbf@IEQ1GZPqben5sEQ3 z&ChF<+Ji||5wSK_*pF(H-)MvVRns$d#h3_t2#0qWStQ1y(xy3hBx>^Zm=>3ae4;e9 ze9{+A+=5tRw|nHvcKy5E#BZJCX>72;pbM^vFzsT>+m~CGNPUF&OCREKJ)!j*ZyIdt zH>A9Eyg)Jov%P`n?>nDk4Xp=eh^%EV(;8)DdRToIskmL)NFeW$O*I(ZF+6l*G@y{vyeQ4xUZwW$bPaB(q}^{Cic{QS)D zBtsu?kUa&KK?wV=xPI}PD1Jvv>J^S#zl=`L;2c9ES?^0%Ohc%7lxQa$=-=D-t4q|FTx>+k}jaJZvRy7uv(g(rYL|A?q6Z1@_T z^zyakvKjjxxf?sm*TqTzX8;znEUeBu3PwuZE3q^jDQyr^oV#!7TubbREtnL8x};U;>`s)Uk*To6}5?TDl!@( z$B=Y2+M3i8L&#G@qsg^;$O&<~h5cqxYP67b*+9z}AXcy-NqC%roEg*pRF&lB^;lR< z+_%Jz!SFY8?*oDx{Y-g*srJ}pLROGonv5Gz61JYmqX=za=mUCcPUd%?wi;4I*~0pQIOsmh@(%^Qv52_J`~&=df$%-s9Oqi z_DR&(vhZ%>VRh=>=k0#l%GII-laQwxVQ-B`r^%W#daT=#ReHr~W9qjW0n%8W z7?kOgebEek1NnSn*N4$ijBR|$$t$5BJ&v}p1?WcVYCcPCHa*e?cUM`~>sG1tE1N|j zL!>h8QpI`=;`s678OlGM9k6!-FK__LnE~!K;qHg0oxq{LJCWTz=~uLY6O+1^OTwHT z9P<3;`)|qn&E1K_%%GFCqu9k9-ak1qOXmqtI4(maFF6fM__YD5&Mw5J$-i9GvaXvo zfA5t4ix({O6UZju7*Rpk^&5UW{WP`+1128O3k&yJ~^unr!P7H>bATt+EXPZ!gN#jthInnWY7kD_}TNa6rQ-g-vANaOzj~!Qx`#bj@t&a;_i_wwLHZ zRLwQyYLYm-e0zCVQ6*7`4%BOTD3j?^VpuqOu}lQ@R4(aYf4{wz#+M!7Qv6rMgnV|IF8Z+oT&mC*SG&6opPK&2OoM_9bXoDa>+xE(p*t6qs}>EJ zmRVF=V{ZP4ovr=xHtQ}-M3#YHmO(VTvT}+qeec)ZLd2H#qxKu^ovzA-de1hUT2%uIKGoU8s%Jvaq?GIgz?S82r2TU}hK0_i)z~tcl;& z`A}Mdtrz>cbxI9 zRX?dNK`a-?qn+}D5=&N{ zh{sPIEmeDM!_eE55!ptM2XNj zjrsifp{B?3Q5p)>1@n6J?46ppZx-%PnlHf`^8^^74~&8f zR%|;IM%#MkSu{hd3ud`>66GWA^k!OjwAD4gT|9JeE`mir(ajTbSLWbO$_xGGYDca6 zD&?6$*OR9l8p;}`%|*tq9WlF8PS#-mt)J(;@GSUR7g-f!?~11eaCX{R0#6;UuLF_d0Z0>`tBU1`^&QzQT~1zBeHu zKXt3s$^TnqWpfetWz)gj>`(7zL=iL44Fj@2A+&!k%6z==iTq(`h`mUbVEm(}^g)=( zUeS1C3%;}q%ZHZvvtLKLK-Ce;JQ(qb*oN)&=whl#R(;reX|_G;v@yR${{Ug^Bdb~7 zA#Y)AI064jhFPn6NYs8@{Wckt>V%`ZSqpP+>D8diz-Y-8bxcD2rbd52Hn=emDpf{JJi(DGaR0J76RjQeCuBcL=74X@L@*f^NV*mwV4rMaex$%XNvY%#0RuzI`J`K?*QMGIGOy-|MgBk(5;;nm%!elIn z7H{Ub)H=fV=IT~7Tl<^hvQD2j;PPhddamsTM-4Q4#A)d<^}|QfBs3CA5Jto;IpEDc z0!j|z{nU>|?Lmf7OqX~G;+?sg?2ug*{D^1Pm`rc4@8tW9h$6f1zU*%YK9gh>c;RcP z2=7jF$8>{N$o%~ZM#Ke1`mJrl_G>mWX6%Zc3zy3TQtr(fkztFgM4X;jv5R&tcEYk5W~FdSbeSeHjH}2z@`i z7k7yzmI+c0`eb0t)nEJwIcO#O_iW-4hKhU2A;KPnY!yp$s~Ib%%U z{_!LTpSW|jmca{ItjI!eDm>C~QcA^=J_)qT4_t6$dgo`Gm-J#WD%E*Km;b2GW$7VT z_{n}q8z1ew8S!D`W&Fm&4kJF01_FT+EmqyJksn@8N>`6M-haL`82W3KsB9smA|8Gy z{MS`{fBzg1U=@j8a8dluQx&Hd$a6PXLy)!OS5?M4A10*$l#r>Fv5eXgjqbO4Hft?L z)`iEy8srgtl1|Yqz|VgK;b6Ftu#Jo>(Q1!%A~NsVlL?jFv7A{n&GDINC+Od$l2d5- zQ}c#*a)7$u%|~F)FJ!z_?cb<)@?4GWu^DUlA49r4q4vhTYSA6q&Rb|@-iRmf*>!*m zi7t83t45}E9Tu8$un`v*_ccV%X=Z)8hPlFFHbN0uc>9G(bi+#m{G8pUMc8~>?Q@Fe zumS(9R*f&O2$h0dx{4xD{}>(E&x>Q=eHCnWsVt)F5)HSoE@jk5qMRoq%L3?X%fuPE zt1@wfX`_Wkf=*8}W#cG04$kF_>M}ou#lMFHM+T=ppr`j2Y0Ym!Ssm;oT+)|CHn^UC zDcTD)OFGm|V% z_fA)qipbiG*~%qPVFMH%^pPs%W9g!u$iN8^h6ypK!$T{t>X$uR9@+SS*-G)O|HS7g z45fHAqe^|^U1m~84Dufg(OlPK0OP$A_hIt(!R8A8Dm|N)eFUPdv3%tgO#1?W?&D$b zSlr2>jW_RiQKw(GviD@80=@E4m7xvZ)z#N2L^Rz3*6yTmrnyX=jBVs7oJb9J!B_ex zdkN5VjTY_IeFg)i&EM|hrfi1REgtW_`-4KL-rpFw$@PVJz-5aO`0hx|3biDIvHWI|X@XWV|yW_Q)oU_NcJ3OY(Kfb5nHA?oa zawsw)5^qJt659{F3V-uvoyWM+An+#It8~ua8BbN%Ucvza~EA2<J6{F)0afPjtkumuJ3O^4X5|T(V+!K&}0#Avs zxUY^hq1wQ3bzT(c;CV+~QUW8+pFD^c$}A+c5jV_y?mx2nvQ{qXfqto362WDM2>!oB z8H5OG58bdp>!7$v*0G2u|q7jAdDMyU7Z9O&<2M zeXHT!AEJteIb*b~@DW1gq{N|7r-qgtiX8#WO!lNU?{_N_6i7{b?1fEW;I$~=>s(nj zHOd}((xR-*-YDA@A$eF8I=Yp+tAn{+Sj8>u6Uf1Q_xn(MQ+>FnRs^4=*!NLY7&GbFJlrSF^`~0n~T^*mF>Y{P{ z%x$lIB9>Ih~DJr77JFelgJ|pZ*E07>-$%?ve(7-#r)mr9t0dyXorI zS_cGd{orVCIEqHpP*bw??K|l%+tsU+TzGtXG?w;k`Z^S@4~yH4OGoPkUG85IWaM7( z(2Y>y+3`uKHX>!89J%Df zW`jQ@WN4)XfrydO6HwbqS&ZoV!~-AFqkLR>+sGQcJAGkggg=%CRz+xHJK})+PLJuh z@@(RrDyF~Kbkt|O4EK>;pUkB0`Rg|h*O4Fo)Js=6O4ev_qT!9Zd()|nKzJHc?BH+s zL(ntm{oRVbruOx^L%>z@M(@=(T6R*b)S@}G*=T@yp^=})zD>g2nrJiK0Kz?Q-qM60 zU(9SLRrUUHAgnX0m*!{~mC{3sa;zWx`pR$%UC6y5x8b|i{fWoAgJ;qe&9+mUoFd!m zXDEm1wU}$U3TTOMhq4BxefFUXlv1t4*-<6*tzCkx!$Df&g&ZTcD|0irk0HYAe$8|v zxZv=hsF)`UIaFQlIt~8zlanTnDS(uqwI@X?&#b+n=f4`04_9KSKZy_Q#=aP+ zi2epMwvg01)u#aAX5)^g?Z_`BQ2#Ca)EZ?QnU0ie2VZ`oQ$Eo-Nfd^E&^jPbYH|(B zKBz@aNxS}F@Fl&-U%eDrEz+DBR`^LXRdKZQ^Y@a4ILYCTqM=+B7GiQSak%^tCtCPJ z?m?TM3>}Zzq7o?)zZHi*B|FWtl|>;EQfT9D`=gaARSARX!#w30<6>)<=(zi(SJZC= zsY)6RP8DJ-Nl+q1B16@Vo^D-(IJUa+A@-BpD1Qn{*wDHC62);=O(z_9w z?3bnT(P4^gq0)jv6StdU!o-v0pS5MVUt=lBKdLE75>nFe3KhJ)E;?S$Z0~PKjqHLE zqfYj+lDf(YzE={yoBt4eqx&dDH%!kaY4AnnM(_O-NGq9bu0Ug#5tR;*5y&3Z}x3Dg~gv~&vFF+`g)7=Dm>WVySS zqxhGAHTM%gzw)?tHQW){fXq-)H!9OlciaQkkc^#=GoIZuBDIGt=@|4pmoDUN%)z9) zI`=Ex7Pzr*%!K^j_uVzUS98qqdeE+za@dJ zRwVlHp3jVAFKy0ANS6Rit_$A9E^-WJ=RdsiSev>IV;K!bgljgv07;vc#V zg?o{ps$0|7`E%%Wkaol8aumz!vBvjYIOy+_#4S9d!jzh%Da8Z2faemcYfo|L*7_BD z{q@0*nNg7ky43zwySM6?5XWV4O37Z52rp5|kd#Yxp@q+FqUTE5IS|XP=r{7mXqQ2u zTCW{}rE$whK5L0SQ^>HmBzz~yY?nD-ry_7J_MmPs+WNILXV5^xnDdAJK=3#_^ z6vk^(PvZ*_~jo zSsao;{BV}eQ4zg7=N{W@h6?)P6~doWy+H>CZMi;^qI`$9q}6n~W=I@yId9Ail?w-W z2GMFQU$M$mk6z`7(&{ol@Ne)d>Gc35bc;rs5XGW{ESw78n;*id58Z@vk-boeZa|!x zqcIV*)v!s!I3E5l1P^PxLJs2Pn``~Dk~=>~xF}n#Ogk3G#q;6*T%WRJI&dx4%*1W; z2kb3Vhf~#F?x(8RO=u0FD0x)98~b8+Q~yr2VthGyq9r6BD4h3OTgbi}6lzE5Ds{;` zE^grjy1m(>pTqd}YEy!o+44*eT<_ZZCABDuxB5PHNSLc0qfboktt34DE(V1c5&ytkbK^?M6Hj&8d54zs+33}+zk zaOhYvX|8pi$J~alDIUwpPzg9`OItykQYqmG5#N{_J0e#$!uLnYY=QcG1}ZVQScLhk_bbycvD`pKA>*^39O>Z2Cr^%Xja`(# z$Waz)3`Nnlc0@#=c}w0iizVHVtf)Ey^^gz|gDke8D-M5i0gQ)Mu~qhkrP#ZyKxP*Y zISy$(ue#Dddas5(POnvD_RE+2TX9F!<#ywyKQN{Zxi-{=>fElU=ipVXI20wi{)xjFi zOZ`R?>M{r0NoFxC!z(tkqtB&FGJ#+#7|c1K>X(0(q)o+blN^LB7mC{|Ih-y@i4Rf> z$@J<026=q%v$Wh6jn?Fp5!*#rANC{WR;@%AfjWGVTGY4*7`z>nrgCEvOT(6tha)28 znWLqb`fr>%uIJ9FS$vY_2O?4Zm(+H36Z0oDg^c1WP(bxHtkEa{$V@-0rE93_DNCtc zl4n#Rp^;#^49%oUKU>+sSABEhJ*-d03zPHi_a0`K#~pO8>{CGbOUoPtr`~+YOer*v z(en-mwG68$Mpj0gh3{BaljY8A)RH+k9RI{j{OZBwcT0TS_f#<~Oqo0)fm0DhaasfQ zx{U3rKePuaiAtpo;}e3T7>UgxX0*7(G0uj1V|32?>PUuf9hG!S?uKwhtJpOFdjR)# zoESCpN!orLf>uLG@o{oD-Panw*0Ldq6rwni&oaHh z8TQNw8_iHrghRZwd!)A2Lya8pQZNUq7H_~g*qX)S7!Dk~$h}vz- zR?MF`=~9Jw&*h^B>gS%c&Syy!ie2jOpm7iHnQjq@@t0ZpsgNOSAv}$D1520K(serj zVrp}-$9u`3rx2((P=yQ5b;^OCGBZh`>JR*^3^h^Bx1i#0)Le*1_8ENP3I)W558T;c z$eKT@$w&26OOg^?$QHQHM!^*<`gjU%BGhswpx@rHNx1r~%!?U`n?eo%eCM~O^cC4Y z*jWJ^E|fMtJkeBvub(v-tu0XT8GEyv@ePx=i$($QPh?8s<1BhmMK-j8}@l;!1Q=J?@^$1fp6w z=(aVao8t}jzIwrq4vYKAz_9JrvKl`7I^j`DP1IpCXvuG|2&{o~VtJjyCTh+(;y?9W z*|}|q#LFwA!_A14o#a_>A;a$%5z5~pO<_QCW{~37(bI;&UDkfePINT^$hL4HB8R#V zr3U(j+lt?rXL~b|L9ouFnZL`b9@7ol`x^=ZU-J6?4HWX%bre$olgOq1N`@+rCEaXd zi*|V}vyEhb=hew5f~H^OP%dkT@^+v4+&e#&aGY zcV?KjsuZ)a=RE2aKc3SOc3#wTxqgI|zS0nJ{^Di%Zym#tK0BF#B3xM0wCGFy1UFFa z)YzNK&PD=)g|zW3yYW_z=adp;oA?ep!b4R+9|x}(aa=oVGNx7b_CFZIx)_b`O( zeja^&x(wex%r@dZ{A=JBjKD`B|HY#t={kb`^h98sPJ)_$?-&pTdKKy|AqljmvSCry zgBBfCyqlr80{wbMQTI2B8;0H)GVgBlc>GiwuhY{VKq}%Z((m8a2U`{*X)E}+Pafar$`vnd=pw2_mF0e4$*?)MN|{ikX1k^c2wmZ1=D^$ zw&LE))^M-daxo~Wz?UmWeIo^r%?DDQ$U*3-GHp&|VSQFtkL?tDk| ziz>0s+lE}6v#fVUp>1#bxENtLDfy7S38iKxntk=i{1cx@)s`nFu6_)<4OgyF7*6}M z;_)O19%;r4kLY6B_(*z$tSzKYyHaYqv(BhJE5Z~M-`6lfMVYs}A7=_RRIZ`#$B>#I zZ0i)i{C-Pbxypvxch@zM;BrAk9lZWmWnR7uq%Ph~??OyrbS-m&fCCa#yC0AWJXMZo?PMf} zYKjx|&)+9PWva+_LL1tFL~5kulU*JtqnCRh1CHI1dZKaAL)u3+wZ zYW1z7%p#@F=jfpGaQ~h8VxRFqHOzLr*weB=%C+rVYO$;JYi{_i7?`Lyon+(-9SteI zaaP19G#g?WtDi|8^r3mq?ZaPaUMC$1<4O>) zi&DH(c#k-eO&`jz>y3TCQ)=czG5=fhTB zYX8NZ?V92TFY|XwHqlPIrl5FIHP=!k<9Re}r%2Qd8f!hAG?J1W>izA@sD-CK{NXc- z=P=>fQnm`h7{;4WQZa&lvkj>sPm%5CWyVb%D7B*8DbLKXsROgvDJvnv0nwhwA*#T2 zUncxO{$oVL9z*J!_dl`gRSzgRCQJM=w^y~^d6%+QJ%D)ggEx-2bNM4=sqZhj7!Ez_ z-Je52UF*|uq22wV>|O_hnz+Td*q7XLkZ0-;ub3HH0wzx$2rPAfsjTWh+=Vyj$+d}8FA?kfxu zKeC#r52Q?d#n}3}H%B&zj^0OhVbX9lOlGR%4Xa{(6R$X4Jmz4k^1-F?QuT%3`B`L!~{VNXi+rCb7U{bG$99TD9~2T$Q?Q zy1p%%*_z6tZ9#%){s-cmd{XW6NQ`52(;uRYKHkwyYljLZyS{9g22oZ_PfJ_X;uy~4 zhkjyMkUJt&`Q<~pA=ZF++eBAiR#Uv$b{gaa2H80lG_99p0B8XR%Z*U2!F7-8VHARn z`n`PDyrvQac^KC^I7+tjGjVlPdNhT-HJZck-I%0K)Y8Qmt&2hG5r z_D~(E_autZTlTb83c)2t{$lh%-xRM4=w02jwv-54h1i6pQfC5J``;VwJ`hsNbcpyd z^{-N7KgpqU2L4u$ef+a_D)&}5Dt#LG_pHgp;0K8eoZ}Wu4~RtVW_&8brt;8iqZFYZ za`Qj6EjYN$|9IgmPgSE3Y5C>}>g0BiQHi2S#cI?dqS5*IC$}*CuryKP&RV$Mw^w6r zarCa$%_^90OVkoc7qi6um>4jL*H4XTFqo%iF!-zXMr!DAiH|X-cQ8D2*6D^H#SMP; zWZ^p;PINb&^T(SW6QL}3z3G{I6Oo#hy_lzVB0953DmdiZ5+R&@l+1-b-%3;QX9520o97^WAvrugYIAI^q7`H4kBZH4YkR{B=H1N=6#ZM!LTFaLSTQ% zEH(0J18vojVZ((>{hj`Y8?AkN3}JAGn1if1qr>%o>Ln06H1k_LIw9taJGq@mpY1{p z(@_wFhpCq&I=Jo{rZB504jhI!m&7~P`z@B;jxsQ@@(rZE|lp6d6r&OxAm z7T<%~7kD7jg&VU}oX}U(xSg2ZCkwk6-n!7pQ1^XI-+wWm8Yd3yt|i zLuF~iIq%37MkjzRmeFo&5Yq`GQ1?*k#`iwVDO|alHr}~pLs`a) zv7N>^Rq6lFt&f%nQPx_8gn|x?u)z(ZAcFoY`YNL;C)3o@_87N_1!ufZ{f~vw5u(RR zgt~M!ZC5D%n@}N+JNiia|K7561LgTfU5*lFaw5!qx*GnYB(I{TDnEqKF4MgiX;oL% zr|#SU;^@>P#rqq0$>coueA(ZM(`ks_NAQ2T6@9OQ=PuOcUD}}vxc6VPBIvNdgnt2; zhqbBv}%jAIs7cN^&dwG@J4_qU1eS~byOQSm9NwK$;qXioJXI>{Y`rv zo7OMbd-&)8qsyj7du)UDdPc^=k;h7N(v%X1f9FQbh`K!IvFQ0w z)2*i{%e*3#P!ZQ^PE{V-Z~1yE-#}}9#FqW;9JBn$67PLMM+J*9hxWx8&2<4=^P^YA zW>k{$-VDDd0pAS#*z2}QJ@vPEj51S7GX5m9Ftm; zvfhHj3h{_-4_{a(`NOf=fS?R8k*7=Ox8n-92o?~2(geke45kCFRqhhHJX-lN?~9_k zBokgx+;f~3ROZpji-h0dtRhf1@DViaQ)?Ib`C(1F!a>pEi^614-j=%&57y8mlH(0$ zQL`3rxYwR-JGod_B8}jw)CXVpx0C)>l+J4**oE6Pz6Y$t#Cw76b0h8|%-g_Gh5xZb(x zAufwvezC&9n;m{Sl3-!}Ex(Ak!Er~-cTEo&T!tyC?%d(JJ7}pWi=Bz&c2A9)AIflr zh4ppiPj(Mw(jyFO8RDdD=Nf_Ls;%RNLq z_oyoZ>7UX9cEQnES@go}2Dcxqy^?*>EEo?7{9C&_M}-OD@#7nL|gM~mGRJ_`zbV>C_j(b8GA3W0L z#jv;{f5D9X#8WY1XW*Z$ty z0)8xDBb*6YT}nlCxgGz|%1r9IfW!Onn0#-dBg$m&)bjC0K0ECBpb3|zvAg9)fTZvM zAju=rR5b$$${F^7H#ODBN*q?!bs3SbdeGR6uKV*?uG{Qq#rH~6>CLv5+r!O4 z1Rm6Lg{~YZ@s4IIVx5>mIf=%!&59^~%S|BLTh5jg&mT~>+8ON$+H@syX=uuLqavho-JgK)M&e^jNy6(>50a`wLB&5?2KrX^@XrQU7{q>s z=Utm%xH;mhK{rDHTZtTymZH_@Ttu_KZ2No#~}Gtb@l$Zuf%TZ_M*7D zfPHA>$XbBnN_qXQ&n6|nEqYdNf1+X0eIpXfR`G$NtVXY}YDVN(tC-#{1;jg_&UiPJ z=@7e5?KR&rt_#e{YP@yRN&8?sfqgA+rPyv?*7~?PoKlLf0`MAEN|&ehZM(f|@<$W6 z+4>SMZj$_7V81o^xrGM^5mjIGuC~FzbL0p|u(=C9Ky702C0H5ooL+b?lcZEl8D$!( z>Qvd}Zr^*@d~>^cCz1BAm9JfMFs`RbOi6$ZvPYc4Vf)yvqxO=mvIix<+n+(9TX){Z zw$?u_`V)36-Q8sIqVM@;!Xg*jbBBohNo@R=JrGatcH;YJLzW~W{^+q_K*CCTVJ5f7 zX5>z>%c#%Nys_7?CWODgVgtGrPXY5535%f`*>cy$)V?rAlv?p?$Cr{b9FJf=J88aA zDlv5FIphb!)8JWGadLdh^ti3PAywEgJI|<*p)0q!#3TE7WFxYCO%8n(RaMt2*`RCG z^4`d71{q)=J|nPFpITqytPej^1JR8D-=l;MW;;(Q2qBoXXXQ`jgH&na23-#Bjm^v9 zcExEI-upko^Yp7^C_g4f~V`Pr$emU)gG9eshH#7FDRKk|GTxt50^-xNm zhkQ=}TPUG@d?&Rg28RNQfR>Li$(C4af#PQm643B-wwQ+NCLuQ5@p_Rw( z2|*xqbTPxTla2|oT%XblDuv!;8x2@}Nc!nuBgM?9aLO+$z`(LRR%~d~@NpNsh~xZW zCkS~nzC>QKduTl9!=CigfQDjyOpd<+-=965?gEQQ0iIt7yYceTgYgI128EfX2Y@4q zS0)Q|2*WOV1k+7GT!^HNkEMb}{kn>}b7s-?qh_UtB$Rby;RvrZoQX}>JqhQ6!|%Oi zRQ=DfzlIhwN#l3L7;V#uh9j1rE{-|9YjXUh0cucNgr=-e#}OS#QvyPW^RW2~t-LXY z^K62mOhT}#QH)Umb8nqmC%YtWesE;&vU0`R==jJeL4Vm_qFoYcUivqDs+-oQJZ-yf z743>k80D$WCW1QdWe=ihmumyFM6rOzJpnrkm}c^;KD3*2DA}-*0+F;0d}updvO#0^ zrlb+PBwH!ISm_X%7iFU&^?N$ZfusG&gBZmWjAxRx(8hnGfRg^6jIZG-3(nKXZjM!# zKJ6;eL$)}6_p-PHyP@=kuDFVp!>)Svf`KFcinYCggMF!`L~;Ioh2{XBo?fHJf~zqO zb#{ZXyp~twU-Su-jApKnR{`#ru={k>Q)YhtC!oSouUE*hg|EtV%2VuBsvo&rq|#M>7hkovoZF4pqAzlAwVw10KFpQW0>i~g;z)sJU5J zb)4w63Rsa!cEhX#)OE}qp`VY?o7MWO?{#wL>qsVJS%=%H{jww~7b3b^RuG-ZIO(@5omWpeT=!wI~x-95D$?X`{gpo zHdupE(_36BFyPL~LjhNX=Z1DsyOQv7ap5|4r9KuICozY=f;xoP2d`%R`4l-^cA|uw z^hT?e<(qoz=KP4NulOpGIW?2UnTE@Q)r|>~{jauiZr8`Ot0kSY$MAlI%Bk`t-(D!L z@_ai0LceiAEwI#@E(XSkYkzx{7cTch0TEY&8cGTfZL;5DoN|>eK81Fo$1++esajtG z5dO?NNY8LfV0RLs?f{$@+>3uqGtqDH((lK9qE7i%!uqOopyeE^-qOFr8e~S0kWt!r zD46*Je=9&UVK{r@zux8}DL#HVNJu}eR|sJEz45n7ghP~nlYjp9J!FV(LrJIntzJbE zsskH`@g8)r#MG*XHeT%;ZO6uCAjiO4&nCrLj4@sjqTF*Ax~2)xdxs2q#IpMUD}o7g z6RLa$p8dzC5gU-=YgdGX4E~I!f)=J5M1cb?)zOuI;5gV;lJ}2=V>-*~kxqtwR=3V( z_S)axrOg~A6s9o5fncg$r;j(A_MJm>pjawQ!cqnEHOhJO2I*Do9AC0`PNT_GTa5R*;%>m%tUz)viJqoD7be7nsg)l+VglI-xQ12hG^bqKe*hA| zl9-9<=GR08g|hZ9#(K0yXH~E)-;(W}_?k5>&y|?Qs?ZQs^(uyWEd{HCg;3Z(whASu zSR<3>=vNs`Ei#Ph{GSy7tpfucy|8Mae%H@j!`A>;rOt#V zA$wrZeveFWGM}u$534+S#5nU4mllm^m}MfDPd}>}O;nE}rdqb&inKKGlgu=etU;oCSUQVikBH03p=qMDRbppyDi|UpZvdMA ze_lX~K#$4s&1#}l6fq*I!6Lh4u=v~J8?2!gS2PME$QDL~GtVtkOBrN7PQqS)CNFGi z_2;KkZ2P~MP1s9F_er!>Z3U>4fEz?{@3JiOaC=FHdRSTA{?B*@1biAglv8gl&6;e=q7QGWxuhW$Y3?pJJh=IkZ`CMVfv+8VH(-rQZf|Jg}5YLg%PHDHuq5~F7QyDDvbZI zKkC%_So>c=`=`EIg|_$CGJI6(#9&tW2;=pxb~|40K5_l`u6xbee*xUwn8ktbQWc^* z)ZA@9ESp7TJw-Dwuq_UUNu1v`*u3?ah(bD!7&ue^T+957%k{1Wtt|0+7rVeIv@7oGIwb8AS8z4_JVFAy%!Vw zNTL#|rb;(t{ooV>{|6AsQkvl+&XJNZPxeV4W#vW=3roXh%u^|-7c{dK&V~(9&Soak z@gdEfbspRS9EGVX{l4u!zkEqee`APb-eh%)w{o17-lIh$f2c34;eOQf72uw--~mzm zhCld{VlKHf%h6DJDaiNSBW@QG)VsX}Vz9WQmoi+o?#Q?VsOwR7^M_v$j%nJVl$w^d z`s+-FeaySkf6~i}IL=+b#2AepDw0}XJJ-Cp6|6iz-M|;A#l{~E{6rSu%hB>$T$(th zQT6%jB6zR4Krnhr6F&-IhC?$hbN}oQN^0NjJ$hX4ap2%dlG>yO5Sd@pP+yB#$!(mZ zzR$PLM|lFVczODNK;Fn z^)KQo3NZRYQctRXWRoNxFAZ}dgLuv<=stQY@JpllGLJV}Ve91M8J+UiEt$H&{=?S( z!|K;OYu_6#8q!$Qv^GW$u(MG{c9VgSiy!%(l+R<544T!>ZufvTanH^0PAp2#Vnf#AZd|y^C zNuRp-9qwdx8ya*38efE88$S5v9)98m_EU!*1jdfE-G}|?%*Q~C&qc=*_G{g18(KQG z5We+aPb-LsRtr9S+p9>jDL&Wm?Dudx>??m&%tw0>k+v7QMbfbCoqLp8os>cwpJ;>6 zs>Am*%!~X|@P!k5{Fsc=9yBEREuNGee*LBGAmuv3X4LlXk7cu5qH`p4IQRBk*t~Od zk0(L@LV?t2Uf4OnjWanFyxZsf7JcWr5HlncT+gzYxwHsg9}dpm>kxi#NO$@@P3o_& z;&C~XtEdy}ecydTRKcHV66eVJj)Za=G|!|qBAwO;wBsY71D!ZsLxo}ffF?;VvgK%8 zJjX(w`7lTQjMMpA?b=sn&~ybENYar_E{=QXrXa+Fj^R6Ubb{V3`2>71NCmBECl z2bVuTpEVW#f2SdVvm}($Tfk(T&d2G+KX&}-^*^F0`0Ibf3GkPA-}|4>{)bD4{}8W_ zPSxA#1qcSz(M}Ytkn0q)KNZpOy%h>R#B2StpXdZYsM?-%R1Kavwmy=_1A6~`u^Oje zmdo|B+47A&4V$4QLo;=YZ{bUTV^r%=Lv@6%bX^q7X+o(7hNhXJS0C-8$_g>IBj%-q ztwlxcJa$cqlvqJqVeQ?u6WIb_OaT;&^!qgr?=#Qr^y>-w9}_WDD-~qwsmt~QznVi? z_j+W{bZdLG^?BzX^Pa-4i||bfpaLbQ*;C53*__P*UY>E_Ww?~>;C2J zJug!v4%4N_QQ1z$T~r1cI}6|b+A!-J z5&tD0!Wo)^U6YjY+1q@7xIJi4rT-$Igx~`5IL=SF%U5Dpn`Fzfj`FiUuPiB8-15;BmF(%%rX@ z9v+@<{yvN>lsd9S`HII4lw8;`%bIAY>l9Y%gIh7kkErUUhO*W7LuKE`GjkWok5pN7 zOxN56m{prn%CxD@0!P3r+?4X{gBk=GS`BN(-cGD-J`ozRt7_LM${iR8YCS85?Uu^kwdLe5L1n8y3A8m@j$dMl$Dymct4+!X|6jWoWBtHdAr2rI|5d ztAEZ0vNmpsqLg$}iHza`HCgHQcWa{1M+CrY2YzOpse&LY>u};E>q;%3l8spDl^2d1 zm}wH-gt4rMoxPxvVzxuJtphL7mp}Dfy!j0c>t8)Xncgz1fSruHI5{63D8~T=&|E=? zNkIK8JxHKnBrcws`YczgL_lH5|{&ONt;ts$48bJ>I8?|{F5txzx~EZ3cnG*ToY zOY{8=i4EpyuTXbN$HmV&fSG9ZHAQ@k3U^%U+MVo?C}tj~U!BPG?r`)Et9E_y4SyqV zX1$7ae70h&yqb5&n>S>nf6UFtK%+EknX4`4RRHPwF>k< z$OGm&u4X5mR`S?m#H;ta#Wetf4uUK_()US)Mkjx2E_96xkwU%mT<`~n5Eg^7lss7X zWr64QxbNPX1Un?Wc&)@5Y7pFLSG|_E&F1U%M^rX=o9Qd7* zCr`IK2og|8^Ye(z7Dl~lXGI2^D}XeIW#>E*;p__A(E`O+uYyw*E0*6ZEEW+dLzI>4 z*at21UQ)LDE_ng3C_1&#qSMyb{=v~@r4L+K8h*|9OG|>?n~DC57$;I5eu@eIEQw5f;+AJ8HScux;D_p=RV1z< z0?lzHVN@LUU?MS4;(4!PA$%yA-a>eMY9{QmZ5^i<_3jp~)Iw|Pm=9qyKjr={#p0`G zrp}J;a@io^WFawC)QG)zx05T47W^9}reaJ9W)nN&Texe@?6MBW`q&$sT&kjW^h-IB zHZnT(OV6aQROu6tx^*NY&bUksoqd)0mY`t5X7|!COD5bnM>ErefoJ)1P$&gdGjFR{ zHT(hKauD$&mNkki9Hs>n>zC8hRqSkDyAq=k1m)z*dPNd2yWj}7)fAmR+MKXaZ^hoE zcf6hLocfd|_ft8ka$7%N={Kgw#J|ky{MOQ(5xb-S3~FN3L5ZO^b2Wi79MZjZw0Nto zs7OB4MN34T;;!cyK|kwYOy~E;+0GB8wifaRF5(U1#uw~fK8YR5p5<*_0f`vQO22w{ zJitMOzKj3f3=&VtiZ<>pad=d3aOp;CqLO2}4CZM}5~{cLRz38GRYm2GWa}2Dv3eK^ zXr|JQ@V=1mOkZ}EB*&)&owr}fD=BcOLF!!hbGl-yctF|}Jib7urcudyS$Gn=2Ks#9 z!$+%<;E-TtKW>xdsqf=wm04iw;w_m!NsN>ZY!K{3FBjK(o#4~HP|uChf&W|ZJ&q&ZArrG*bj}yWde$`v z`DJ;dfJPAFrK%e9t!rv#>>M>Zpy&%pdqXsGVt3N?+by1iHW(x2uX*E1`~IC0;jn_9?hwUtJnoUY4vn{H%VsFSkpL z+P{HH5u}M-*%YzZpgVZ@Z$0S!jW%-jNa~&KxIV5l{c?q>&De!_S&0VuV+);Ub<;KO zTyWn$9rW?Ii+`6e$n)$cM011i49}mcjygIzBTk&1&F`$4+V~v=zPu5~ycn&SWk9~j z3=0YtF-gwFncGBnaUezDp(YHlgvin%{pb}s$bxPd@vY^wBCaRF!n^_=geEZCbn zvW<&@G!+%D;lYK1oZnpTDVlFh?V?j?=F4D`gMzaT>Q)<=qYnFpv>dAWvIYV8>#fa0 zAHL_ymN|oQ)w5a0c8Cq7pit##fS%3!KUkv*8(wf?(<>~*sFQDCj6=1^{yp0KfAThP zZyP83{|IggG5?N&l<2SL>$%SZ#<<1OOeeB1KEt|7_6&l}?B8kkwqQ z6QhOQ(Wj~IETZH*3-F(c4Pe&%4mO@%f~RQ_zdET;FTkJwKhyC)G?c$z_TR5RGadgq zfTwjY{(keR1q-b5v!8#EHu3-Qe=XSG9_Z=a;GKB>&e@Z|7B_`>j|=1LbdYIF|5t;u z*n<0hwX+5+H|=-+v2u#spFZ*kuzgfOcAM;ZS{h1jKDfv~-=+Nj+WXF^rnYr$_jW5b zih`h0Z6MM_dKYP15fA}Uq^L-5QbP+-M5@46G(do$i3CB4K zf&RFzK2Lz+*BTisY6e!|KEegby_c?(Srd)kBvzQ`!LKFVJBVn?h~H7&kLvSwed_b; z(0mOOrWUaFsz3sL>medIwyv`O@UF;c{ih^IVdavs{doz~EH`_$t_>dM&&JsUsjAn> zfEvi8Dgv4=3RzjsWr#QA4)1=1uw$fHSCB8*uKl{*`M&Q2GF!&!_-SD*qe$7ouYvP4 zon=@37tYI&=QKj^{)6PkKWUyny9vv*524l)^g$bIbt}kaIhzu~xr;+6`c3sxt6Kh( ziBmtBou8Lpdi>;_CkHJNXNg#;W8^F6NY;F4+`sFb<04+EFNi(`Nf2oET8D){58ng< z$J8TTX`YPMInNfi!P?(;apbaIW8)o;Ax4J?+9+Ej0? zpIH|>tXS0@+kv>QTLQ4x=KzAC{m);W^>1nCRKLkJu9x`leMsA{$Y0>V^}zqnXsO&(xLPU$?9A)$jmfv8jC!NQ$1WBl8Dmy`R^Nq-C&1&HA#moLrX_ zT&Ke?Ku+dUei@gaFaa7eM_!vZkns7586n1UZ;IZTwh z8>zflo~b}0_u8PR2f>&29)bxPC@<{KYi*Lk^t>Dw3;X>EX0-{3F*nHk$vymRZ!nP7 z?D~*yr{4)&^8hcV7N%Z@SKBj<7as^7wB-XU~`Afn;Vt3Jxuie$NG1cg-6-(&^79QmkfywciY6y^DZcp<&Ny^xA{FH~@cB6p|B0qG;$_&8$ zqv@-dnOKQPfOX^6TySssRkpdN{$##2A!z>q__{5|LX6*J!CjdE%sapUT=K*NVXb@s z{@z|-6oBv+W>7*+SoNo2T~l*xohi~4dF7gUQDt78CL4z)Q6QMZ;dJHcUpoSH{KMWb zOYQ#Bj{5lJlIUTz&gJ2rrey3m>C)IxM1Z+ud9v%8dq)YI0=)%VERIknNtLtP2QUvX=+ zn4p%BCXo>joT+>15-CJjq@R~tG0-wOr*u#}e0bWAR9fx1Hdd;h=dn-~NS;rUINEcq z+JRJ|H`^Omnada!M~>oL8Yy{R_}xqxP0VoI9kRmLq1*0jb@d~DRgtj%@m|nZW1jQ5 z(T3KXm6K0{L!n-lT-m#36 zYl?oDJw3-cWul^ML7TH$#6mkpqLQrA^FqkG{`ZZE zkxjEY{+B0qcrQgXQow9w4S!ryw*?DVgPb)u;yQ5q`R;FJ3rwS>`Whod!ruBx?^RFp z!Mv#l&chyO+Ti6cFjok4LT-88TZi|E*^cAl)Fy#=|7C&VF#3)Cikn+7;EaViq#6(^?T-V(~_LAbfnf=DX3 zYDt+_SAG6*SUG;)Z-o{19AjZMSdcbm7Lz~(!Lzb3UK% zq6CJy!u}D+#NTpKN+n>$*=|<9!=sYb|`r7J4)F@T;hyS&tQrWgn>G~h6s!i+(>H1cY#|yd(NqB`K-*FB-Tq$*s;cp3D zD9o`Q{iG9MuBIAvB{{>T4L@byG{`~hSkQ^7Qq5laG3wU1_VkW*52=~wn$iJ;@DV-* z4_W;#^B7ib$O|>{Y+IeY?>oVwnRlO0%I(48RXawZ7^4G#qiHg>f5#R0P_dxB2Lp`1&p)Hi9$BE5stxzo%CFErwSO8au(L((+kVsw*rdaX{CmKnQxX_ zokoX82Ip6C#?A{F4Ze`NwQhlx*^1WX+l(pJp54>Wkpu(?pOH;2p06k_w>*I85xQzR zW-Xj0VV4+LQX#bg~5HFh}I=Sp)EuC3%B0K+@Fj+tQpH+ z%?4)DccbYa2oVlOvE7z+zn!e=nK5+ZJ$XLy$e0eM5XgrRJpSP@#WO+K(lB1=SQ4zt zG1|-Ji9PIGimH>#l(A!dQ`Bu(%@-q>hH9Au0IUN|;i4&W5Z#y*B4rX6oo7#Mt9a(@ z&@^~Q#Q<2Mv@ZoEq1!^`6U}X^7NSv8Q+aQ#t-^qX*jhGVmKfskFqR~)0)i{BW5jaz zQa3^OvFy`+4oyl>x>!%u!oXFkfx2`hS-Kw9rq?pkCJYZ4SY)4dBpBjFpOjz7)R$=} z*{|ysP|2bBK1was(1ji-$kn6jGrf|UA#i@XPb@AL&!Fwh?t6FZaL?K8#wRUg+qe&C zW6O_gD8Xt(m+ug;elU;O4qiV+Nv)4XxQM0?&ndY~SYeU-Yj4N={CYWvR~vDv2@a)w zUZmRCN?r=5b5nqEcX!eETfX^as^sd#;IU|RX+2{UsH1bu#4=M>tTySbK&j8r?|(ZSOv7CX1uv80Ez#Y2-wo5^p&AGzpLu#`BlnWhgowb7AsbS1l?PcB@QH` zyr~5Ucc|`=ep>2jU}9|CJ;tW+@JDhWer~Q{)+bds8xw!occu^OqmIrjdo$!VP+EQw zNYS)Xt?o4mI*5>4e_@E_E{tTHf&;>Y?dZDt1vu2_bFMy?s;??iN8gFfze8e$wO!Fg z4!0gNi-ZY>>!+5=lEAN>rU+!#)cDFr2S_dg|{dbEdz+ut3+tA*dAR> zxR_Kyi11<{V4;$@_<8U-xjMkj#>)?xWx+;Uow9aaRxUn>Ao4k!@*!}u}yWR0;Ll`cOAJjbJIVBP4@ zf-9FMjuDqCI?QM1C{9qrcU=6m;dlUEM`gMu?qW%CBtrN`T2nK>A`B&80=Cn#^pM$8 z2ZiQRjK@AaKWLV&0=xz-qbQn^gq&5&8;SZx^dT3bB0vd51F|h`Pxl~)jDcpO=;cAQ z&;;NZAW%iXKG?v#=C|A{ZF5`p9+5%9`jrU6sw3X{-SDnkrOD zv_FtST;mAFDJcbw+@GT1-rD%1W|Yp~r`KfX**C@ToK;&B+yx>loLuC4CqCS@K!u|m z8l$aV2wlYmsC28d4VBS+%LUB*GEX+P4OqB2&tfts-I%bag~Nj=syO%uBCoV`5O(F+ zj^28;$RakwtoZQ9bcL7ef!BVi*jEAlGcqe0t3$wCqMIA@EFFHl{lsP68@~;vE>foz zPV)IrXIC7WipD!wWERTPzamwXl%dcuJ>A`EOZKrWvFT33)Vsw#EmT2PE{xCnfFP^l z0Qf*DcHNszK zqkSJGPK6JbD7!jbmev!aTSZ>1T-A$W6%vgCnsn~Q(3|-j!E3jlQ)z=G8Or3bM0#>1 zkRRozS^3JvrTNRoZ-AoM`URMsEpKU$;U;+j{JnK{$6cE+Nu7gDllC+8ysimY2RG}- zK1A@jO++62?%3|FG1-tVtur3m*KPt9;EoOGA`pJyugm)DyS9tp`UOlZe_7U!XKh`( zqf(od{wGcO`^RrR^sgVkqg(#Ite;)^Xnl^{Ds^YK{0Ey7{7&G{94PA;b_H@iTy>>R zX?872qd*5fadz)78)g5X>_=cgCr%Wo_Osn7;)}8o@zE*f<3DhDeJp;~J5fu#>KBe7zF)@$HtrukuY?SuVU_I~0Ua>vxHx7vfF$Hw zcW=em?-fhUKgfZ(`{PVC!L@|t)Z$fA`!~vnSL;}UlADq8kB8JdjX191C_`(mdTx~l zhAw%8Y@ywlkY7JLVx{w)5tKcZ&L2K&-E?=Q)f;=uGg#mcFP3n9Ak6X6WMax%RUoI6Gy77rB!931weLR0rU z&?bzI@^eWgqWUSN9Q@DdZx;#x*R|H`+}5De-?xmTDlg-z5H4zN<>?cwvpm9z`tTyf z=2&F~+pv{{klxDT^9>Lwy%mBTQ^SZ&IpWQ1RLS6)36E0HNdUtf2C_}Y z;$-x&fn!sF)f!`kv-+vRlJ3pT@*dNHFS#&1x0HLPM=DhpALJfWbMWizF48n|kB;(A zt-buivEZk}vYO%zCI_nKv^(fVxO|NAP_0@0mMX8+rqv4V) z*GPnQ3ske1&j#czfsME1eV(fZ`IIi{*Pr<=%k>NON@Ea>G5i?=Lkxe?u)E({Mspu| zV8IfbCIEx>W;?AZx4~T^qLZ4fF;$s7vN(lus&Rd&UYO_i!8Ib*mzaBc?tyb;1hPRi zCg_Q6T|{J5J*fJbNkD?<*ESS2y*Jg!dpJcsu-*g>Q^xLX`vcd+9NlHeoadHHdPECb!>Qfa1NLPbMChw_@^e5?_ z&M683;6X-vQZ_Y96z)Q6&~SfOA;>g13;LjWVdJy=XrLHA?3^(ev&dB02Wo_hRlQf2 z7Gu5xp1i>loLeP(zKA6Md~`x1wz8`XGTv+wFq&bvcbrT;e&Mu%Z4onqOWZPgzflfT zwRBf0qn&uG(AI68Nmwq(km|0(S`&~4)egLSu?C#3t?V$r8js253O9S$85ck*N_m^+ z&&rzo(R#lTX7=Q{YuCgTaHO5+f!OsBj zF+GYLA3Wii655a)D>oM2UqJmHxE7JV($Fz-%OPLZBE6`nbOG+hLG2ItYFv)rw`mQd z4j_27+PLF8X(xjxz^pz|eV%gT`QG` zE5JYTF3Xb4-8{+9%%}9NTl&jj4Odj|q#`nE-4W z-i(FXpmLe%5S*3`)-)2RObUpoN<=BJ!rRn;XbVrLeFWuao@A=-P;lt$9jh+@{Mz&r z*54~S=O(d`m(pM_~Ol+VXj)W zTWkQxFTO)sSb0%m7c?*6Pu`si7#TU8F-8fw(D&;%IqSATJ%FI$Ijt@BS$+P2jYYWw zj(hYwnGd4GDcTREYRt^Gy>%1RwX1K+T=7w#zouvOjIVs+jyf9GQfoadl-fWVp#dJh zC_m%}mTz`8*ua`hpX7PJXS33m*kwiQ9d@ei97enY0AsH4wSVD2nQ#9K%US z9|IfR)t{9Wd#(g9Grmi+#nnfJjEqwx1Hk54t2&|pyP!rH2B*)Fh4*05RJ+J5VhV^T zD{hbq4Yr5H=wVEHe%zkrHWG8%ySc`&Y6@aCB0asF7&MFE(8l#`{DDLP#fB>#(Xk+iJ zE+TVf08o=9FU&jvgaFHM>jtryW+UdFClenN6#G+u}n3J^l|X)TOrkr_>ckX*xq%}K>7kWEYri*|PHue~Vtbil^|TZDV<0F#~( z@t2El+4in!hP65a0xM+r-W})EQQAiP^sa?$I(R<{0AFis-rqd?U+4{QxPE}IzU6xT zXS$<1%i0Vo0MFX=!gqp%ZMd+*hu-Ph{^eaeJM&%j;0CV(V3v(v#yj!PgTFyK+mLAc z*E;_Bi?a4?o#oiRc1Q7BkZLE;+ELbD-?atRHeVs2#H|PIY|7t09=Q0Ysr_vS&ilVD z>rY`Ko94gQluPTh*I#zaj&9rTfURc#FaF%|;jH8CpX2)92ulA0{`{9dc;Monjrk`Z z{J&JzU-1$puwQ0durv+x`{XwPk$&+nC{h_JZv&xZ9Q9YBSLK z|4}oF_21a8?YUw5*MF@U{@)p8z5oB0(fnz6|G^d8`iOTLuK%}e@c&Pf-W=NJKo zW6LZ02M_A_wn_OLE41ZH?Q|h`mi3ps|90`)zy3Yj_0O8}SC2ZJM#m3cER>}7$c zs4zyZpPUd67|E!T^q)pdbb&IdkGEnGYPM{=7kqu3`~0)I@{g7y@5Hh~UIrKd44PR^ z;814ivRNnGC1!uz%{qXloh^vCnp!>{sFE4xX(Zu}%ZPlB5Rl@A81j-15B zk37Mq*5wA_7MLJaa6tXBPEzyJJFI@w-0-V|RMqE~^);-4Sa$y&>>0gC`Y~#%ytmCd zX#c`^;N<0JZT^g}Kz@-|nKwGV>e+syn`?+*`{m~aevxP=YW^`PR|g(tb9REb`MOSq z{u%>?+f6=`aewVg9>T-V{kjR?)qtg5&=y{!qVM>1UAN`obyk%2jnc0t!Ut$<>UBZm zX|}im9wqma>n!f*n1pp}+3wjIT{3}8U+#OH=i8TKZ@+d*Tn=)yF~%yK{>1kCXHbDP zZExGN-C=EYK*(hoB=ep!#8&Q4i^X9oo2Z{wR~Rv@9K10E&hIkY@q3W&#M_aw-BnAJKN$jE>PytRmCF%n$G;(qiBKSU}8;);3Hp)+@OWAo%1F!C2^?iNL3nY{E=BI zM&Wo;F;7GRA?JJA!)jeNUb!F#^OA>WtC1Vpo;V0*G398U&A=?c3_E6tkto+@D;!D( zJnK~e0ZjO9&+bP0NJ@&Lr$Q(vdEq9ZYN_Y&?9JROc}{L7ogC!5db2S&H_l%-~>3P7FATo?L4y~5h02#>BRZnS6D9rJez@T&OV1vo>Ha1Rd zdY=})HR9VEjY5>YS8k{hs+h{hFdg1T#+4>)*%=Ozz!n{iHT4751b8OT1zh1OE9|Jo za4Pq!^b_|dpA{|ghc7SRcEngj0G|}W3DtxFqEBPOeFG^@P3D{2qa826 zJtn&rllaHkU;A=WFC_>H4LATH*qfwiAiSDTO_{^1g#+JK-M6`Zo>LMsG^wy! zMv%j;mwM)$%<)y9aS0CRJ?fYaj;u#AQbFa`03RLBDkK*5RM+SGn2Q|5Uli49&OO>7 z5y5`cTQcx_aK-dAQ7V4!H(O#Nep*4*ARBe%3n(n;Wp13HhHfLS&`nuLEbmUx{Gb?+ z#$N|*?8{UjS@f} z1sEW%v35TUErl{mC$}~KA~CZYhB`~-S4=?y+Kb`UOFb2_c4m`uV!M+rkDyw|X4NF{ zE4RvAVZRO)mS6Ol$%vedGp&0`bh@wMKE%w;THiL}*AX%n#vV^_z#K+$qE$V6NH&0| z&g4sCxun4#;{yG*_}1AtXd@BUBI(gt<2DoJFQhw;BDSTqfV6B(z!gg0kv@h6nPn#- z5(>90jg;+d=1Fog5JH-%PF=^*a?0uzydI_t^mTp!F0w^+ssZ%8*#S^rv&syRQUDOh zrJM#R@w0eE*&^pzi^Vxf>ts?wF;EDOFxnCO0JpPqY9sfksBB90SU+z~{Tv z3Md?mSb~v_Vr9fU4!P7RX=yT(e;&z^N8U?tZ-tT)9tnhq;P5ry;qj#zK=?pMq_>$j z8|HCb#Jwo#O6R870lF)0K&&OIxB9F|#SY-s-AQY&l!i5=Es&_Cp|mvLu;^r~LCTFF zt2D|wC8`jH`$DF&z`-Y z7w6g^c*fBw$us%dY-s8mMH-yo1+*$?L7ApfcJy?#a0*^!sPc zc5tmnt$o)Fz;lJJ-mZ%DZl$=9uis#6IUQ059&e4WY&f79)O%cT8VFu~2Wu*sU8K4) zVU-pDxe8!$$VUOGiGNrl?#KsWd*~uxCC(bJWp-Ikr7>Eaa&ukbGLj4jQ7x1^PBY*! z!&+u1*{dhE@Cr7V6=68>Y=qEP z+Zd+e4=xxMIFa41;4_C*=Rk+mz|9*1#;l2d(dt2ex+u_~Wk`!VhQ?cFCr zr1i$&>>2YZYETKMMF4WVhw9wan z9D${<3tPLei02aos|L z=v`0jeVARr?5WIquq)kDt}_Bhohi>7#r#zb6QAt2$oi&G`>RuBW)-_KOow#Dl#Erd`E(Vd9>?{xS z`FS}k&3RdZi$SQF_O@6AG8KZUBa}j87=R}74d=}W(U7i+ZEoaUjI2c=-T+SDfyFdh)m3(Um zP>oKqQgN?!LYS0z5>yWBtI#~u|I8G&Yu8;JW<+a5l33nFYBE1VTG_bV9{KgS-iNki z+NEP);=;GJgSjz6nwT|g2y>5t{A|rbGB~zg9gY9UA3`i1vWl?J61&II&D>lDRkXHZk>fba{rr3BA~H3fW#X zT$??aRi)w_eBxQ#?r1nS)NklX;lWWtmE8Obd1q~rhty%R(!F>-ou`J#^r!W@rVZ*| z)XJEH@fPkz34Q|=50?yUN2wsZ=fh)Ci>QYKGpwP=Sl+|pC%jz(t0qADWxmL-Fm6q9 zYOz2}?#QtXGxibKXuaTZfv^#x)eqRK8QVCn#tXcHBJh2!ilmU|?pe_{hgDZ5IxZ|W zCyh3>m6MiDc+MfO_jyy18m(zPVP|zsLxs3hE*5StANfgc zLg?)R{_xXd`8E=DA|BO{l`(EXZP36J_qXr&;zPMzE0k1MDKB*0_7%7K*=w*xBZ!}) zaw3rS^QBRoYWyg3DJ7nEJNq^I?u*rKj^kk6c<@RkHZhIWrpmge?)aOYDtt`3z677Q z#adOVVR$PgM09H^DLaZe5^YKlG?b16KiSI~J38^&x-CNJJkrVV5U)q`y9zjOzj--H zQr;4j#Qf&D#@=MU1}mA<@L!{Iv@lwB$hK65m$Dvgl|Cn~6GBSFg#T&>POTn*H-^Hk z6jdo@wUd>WT{EBCOM%^EtN1r@6~%t!r7*2HO27FYR^pLu5^)`xNFoCBHQg zsUb2Q0eYcX4z2;4o%ONvIZB$rIR=t6sXd z2O9zG?#aJ@`=S^7;{+E5It2Q~_ahh_TM^@PS^KfVVZc@|LFYbi&cD}hse9cAb}?oA z!|m*Xyf4xP%xKlYhc@f<^ugLv6L?PM_=oL0ZV zIqAteI^>Ls|NOf_prd425JzdK9d|zSCNorCUG;9(WfK!ud#k-&z3UZ)K0{L(#+lZt z!S-cur@zMiw#8x|sONUe1d(tR=0tL1Vq?}f*V9XD)_tGJIM=*2RQuqNZ}>1lb+n5Ik3AN3-yW3X@zV8BNcm;&Z3qxFFM`Td(eyPn@7yVYjbDZaxOQ~L{(w&}&H?1s) z?6~~?JeQ`R-A}jbZq__N&I%CgcTI9GbxCrr92x=M;?pVEQncg8tM1zm{m~%;Nq&*c zZ`Sc~`Hdcs8;}t0dMjz5YE+#Nwe?76&neZVACV$COU+Q=QY*G0dl%O!*%Tj<>=R2l zmo`74k40$51#Ztc?^5D}mKobU*oN+L?Eqg9-DcJ*&DU=fVw7!tgeL?uATk`0@5?Rnak;5?|3Lh-tT5Y5JjTqk2t46_6-yB zy3f+0aAnx|e3t?;>$!Jn60fFbx~7t*^}Dk+Oev>3+LMo&N%_Op(@*|n&R;KgS2EP% zt%8OOx+@Ls@zLlq^ZiXR?gtqfsXkut?Tw6- zscT`bi)DjAgKX0^ks4P;2GCP|O2A8(d!ISFzP%tUmNj601+}`FOhtNNvIp;9gh1Ty zNiNXfhOq$s4-0_W8(S#ZP6Jy#s-LbuQFnc#ZUXr3EU+7`#C^01n#|jO^7ycGN-WSM z*pcW=Cx;vN%Aq$GA(uX=vuSM*&T|t;AujRbCzu@sYhm@v$t*6DFYS%*y}yyst%7?+ zOXYH5)7m8al$RbXN8&9xnC%2LU}<-(714RZ*qc|tVpkle+mw!a_Z6e_{a-!Q02`uh z=g~ihW-~)W?^`^bL^Vyjk>Ps$mBM?Ef$sr|UPeGJ#`m5|TFA`o{^>3`i`z7z*}aAw zo1>ZB)UH;sH22c@eBo4jlB1DLQ|6$o!jmMw6c(4}$w8kh9NC{I@{I;atLY+46=%L) zx8mUS@Q4oB?6|=0GFH_<+vP~gi(~x?5pT{a5JFvF5!?0lUrO=G}$=2(B{xqel-NYst&04S820?#?Il$Wsi zwq62T-l2`ZfJs`jTx&ZN-TmDsODNPePM|;eoEcw=FboT9TjPWW?53s2#HQ)^@TrW- zC|WBeNL)#~p>naz)_6Smc>gI$v@4s7Xr#7Xq|eoc+vP`(zJjE^tsp=1vRMeLVcD?! z9|`?BxfNxOBpXvpzlZs!K=BU_x`aVv-bCv~baQFxzHskuemmhK;W$(PakpVKW??sD zJxgoL z4J^o~%<-$$Q@)M)^bv255;=!41*w>`0u2UIvULPcqVKdB+uy!u-6Nqxi_*k) zFI1W*yr-%V?X%wX|XyU~dpg~w<+o+|^>-RTy6RYHX#N?(P}jxiaClR7~+l?~0XZtf0a zk6szdw<_mcH8rU=F}qE(9G}GyGao}*mUPPUS8BhEs!6F{Z4;wu-uiWuWBMBRELKX@ zteixHXtSpzHbN>Wq?PLI+pEK=Jy{mTq-@YIc(ql=$+VKbs3bunMi-mrn9){Vm|9wx ztO65I8@(7$`vyxhQ1SexLLGvPgdaZ5@~q6VW6A$aYp&Bp=6(f-U~dikf#jH5av_|? zhg=*vTA7h9ar}L%3Ot1x`aId0?7x=_A`AMi_n*!SK-k5o{4{2}9#u5Yxc6ztyZ8*n z#q@{?JtEx@3ikOOc6U|#vi+yVc0Da@XpMc6|A@V!&>ucmU5#z@&kZS*MpzuNNP5lv zXBqA9P+rC23Rq9VTfE6x6$$Q3Egq-rXJd|B=8i(>?ML=yV4Znd_jbJau00mok+0d9 zY!4GD!yf(f?vI?px#{)ZUn1arKN9u*Ew7xCdsLK-`|XYkSrVOLh|arUCilm!0hRB98a>4dqzdTLVv$FUz>JQ91_{VXNKFdn!a0xQA0m z%jnO_p8N8(Z*X6kMreC$1oF<2s~ZKmATwHXwdgc8tNUx_t%=Zt^{cOF>1*a(z8n01 E0C$G!iU0rr literal 0 HcmV?d00001 diff --git a/static/assets/docs/images/enterprise_version_system-management_tenant-management_remove-tenant.png b/static/assets/docs/images/enterprise_version_system-management_tenant-management_remove-tenant.png new file mode 100644 index 0000000000000000000000000000000000000000..9898153b18cd9d8f48b56b147f053da9396ee929 GIT binary patch literal 47066 zcmd43c~n!^`#!4mqqbV5Dhh&-T8bcJQ6?EetpW-H0x~2_${<1*L}o}xt94=&1fq;8 z0s?_ZAYo355W*ltKoaIC5dww~AwUQT$vwf=`uYC8cddK>y7#Q*VsSWUpS|CA?{`1% z^FG`A7i}%~?2_BHWy_X5=g*yW*s^6OWXqOqFTULY+LV1{zJAH0?TK z`j|(i2}lu6k&)4ny}t7lVFGS4?x+7RE>4~eR zStrts6hF2I{(Sq1TPUvIVn>>3^m@u?}f zdiafTC9$>R@x3qCa!^iA4z{DCBWSuiYb5cYI=0vvb=5jsqwA0+G*i>P{uj5Gm$xF$ z463E{a^lZ$1;l2)i7OQj)(8P>&*&9`YI1A>z%G+PV1LiR)fg^2K4(wpwQKb+VsjbU znr`?|E&`vgpSA4O}IfOE(Vf4+L2UayG&%*Tl>ulIa^j_rYu5(Ud3GK1_nbvs* zVWRffOV%T!>&vjXKvLpCmDdHP@kPJAZ?r{KI`s@CfJC&k6~QoXb?uzkrqJQYRx9Uy z|6J+o7r=3PCI3kXe}$gcMx{9ZIB+FwvUvzDX_NJWs>WnE0-hLIY3BC15mT^{`Nv)9 z3Js%TGqb#sZ41P?pxgVN_#XVHxqW5yv-=JeNimEnT+-miHs4kJ;%h_VA7I+MHyQL* z=xIV-@^ep0oI>Ba^T?;Ck;Ork`kJ41g6ms(Q7mBk+)w=J*Dkd$=69gq|3;&#_*Cem zNs-IkvVCQkCy9^KH)oY|Bj$yCE)qK#$7;b`#IH6U|FdT|HRdQs(6omj;wQ)ltv|T= z?L}-n=2cj z1#t^veT5#8e&c^MlDM6v=&$BFXB3tYd9{DEInAKdu8?3aUj$_(#J%GseBg*Tida1Q zhhxP*d~KOIh2x&LR=#!o&)}XZ6IL>;_7K*4af;MLzWgRm3#xt)%@K^HA=!?SSHHXc z->;em1O>g$)_`PqoSL%P{^P{4zB)tBl#umYSC7Ma>157|XH{OSbbUz>Gw4EZq9`}j zWygPcdGaAV=bZ~ZCmX^4kp!Ahk-TpN8+~WegVHuDn@pqvqq+-TT0ydD$cNu0{`j>I z2AZ%prn_~6S%unqHor`0_ca-cr%dKwYj`v+Q&t>mvt`gas6~NjX2WZpxUn9(p1A+N zOtxIrKHECogYu`O=0E>bL~iHHFt7NhUQHQ{7YX^s%MtzS1t-cbdxW-#OABEyzxjH0 zPCl+bG&4m?s`8b`#=V5m_Nkg&QSH)l&Dl+I?+( z1t$y#-o9O)DMooVp6=N)p!;Cibi%3DS;PWPZ^ z*XTj<#rywE>~oy+7kV3gyE5iKz&xR)R#ecD6{|*0`(X|mzknytltfM}8jY@h8#S_2 z(r8F!(seYA!)8A;#%P5pcJPO{JMOT|DFLRi-<8pKM0R%u&Y?A@QHX&NyWR%~!Xoi#B1e0HfWFs(O9wl4?=>Z+Umaz)_^k)^uQ_F+eURdBL9>m+Yy! z^pZfNTN2mBD=gyNu41Vtz8)>UEvuuj!KGV!jZ|$w%@a{$#beq;;SDJ9TK_YL#RgVY zQ%UeMjTFDOyHeU4-Uqe^1RdBu+rTWy?WPW2T^P^y+TslvPo4J93$ut?>QX_i%JV>G z3Gk>9KUA?_6NeBVwKC-5A4=Sa(!cWR&sq&dLAG1Sd0xtxO5XLGbXD`Se_!jaQ#I|e z+!;S{{D*LsZ&zcGxsRO9de1{oSdDMXbpNT53_r~=+uSjSKRcE%8*?P|6+g!)s^*~8 zSf9u6gBJbRfVtItyVus{(>a-sy-eQSo+s6zo|9ci=2wne*MusrF1(nkDqN z9_r(mjX%8jws~M3N$2qATTzEf1my5E+Ar^N?pIo{I~bE2ubU(2!!wluJp+u6b!Cq3 zp}yNC^Pkj@Ezb%RnOE}CJe;r=hcsMY(>!5$$m*_&O=zW-j6-eTO`~?95<*G&T=1PVU}=l0f^^2TfY%zDN5+!OfIBT3o>S13ry zk&(cgi1upCN1;h%kY3;==<2K8+O@)O?5{MwyV7>2*zbUft%hb2;(G<7x1pI|b`XSy z{Z-OmsoJ2o+~UA~l9GRBfe+lnotB=lGSyU4y6-tx2J;$R$Ju?*nkqXdci8w!KosLv z&7dy99vUJMtdu(f=V z{Ywj5Vr(E3ImsTx9#oef3~!2fn;gX5idmkG{bAFl5UjqQo{jNzrsFy$N8fOrLYxCu zsjkf@AY!LrR$0V=hp%>C#8!D?!7Fba14bfg9w;i)`|UN2G^FfO#>%rKtw0rWO%iUi(>2=85|7UIEBHt9UV7{EEV)4OZ>G*?a z@J7n~6YCDt0!Yc8%XHR&)XC{q)!ImRlG5u}bUm);-L3JbEDU7mVS%Nn)D)--b1QPy zzO)+g`jDBxM}Iy$9$S=ZYKCAx`m50mI~l`B34rJ=_E>phJMg5lb2%vVqSUzyO6~!m zX=RvBY?++nA(>DaYwEcR3P%QaF$E?c9-MJ_tp4xpQQxy?kESvUOsT3-hK;ADKTF@H z71!j{B{w)T^H?`L_WaM?L&G!ePc;kkJ9G&;`q8`V2W4hf17mcsRzj*3>-l=fx9$q|FtEvs!6VZyhaM&HN=e^nC`3P14A z+)pPw6y~7Ch*?IYJ@(*knhDPHF0L{|PdJlo0Bu=?$6g@kdWGxNwH?R!>& z`>O04MWVcHra|yR;{5b?*3=iiy%u$epVxg%FGvUQ}@*7Xn>fj~g z{TY!T^QI#g3FO$}A)0S*4V=H!M0E>ok&2wbL3%8!MeOo?3^75Ra`$-LXrWwv%jPIU zfTj1bnyi?cZTa2$U)!X7Q65o{Mu~e%gN;sPtN?4u^_vvR)*~4J7mteV~o_zzfszBk;fKbF8TR zB$pEVdP^@;os`;MjLaAidsB{E4`#m7!RnWsUFhPO_O%&;nu>gbZ5gxuMP@We5rppO zSN?98Zz%vUcetZ|1bzT0T#_&Tf~-K+@I!}DM#igCD%7qFoS~I2d^L@Ns)~oY>qosBK$jJt zv=O&38~BwAGSe{M4})B2*2DBrkjSA|85VnGoo<U1g+*QvhJf5j+am?P zQt2t6iI%<72+T0i#0^T)99+Y5p-NpcH{F0I^+=~!xO!}N(RE-MQVk-@9gX_+>M$KOB0 zHDB(vrd|sXRML@*iYya_riH-FvY}P`o)=VTH`V)(-CyMg`{u4Kv9O9aR?l>U<1XYO zCt^&g4ia36LFb%UL*zrSgixn&!FvF+$2MqZonjx%!(~5bd%z-XdZ@w#E9b8>eXRcd zG6)JtvP^|<>*pPbCv&nEWSA3eb}c!5Z3{VShLq*G!Du%P93ZXD9rkbP-r=-W6m0H2(LldB7PLS zo}{RWX2HEox4h^uQ6%$HYb=1Du3NnR*c2E==N;NnM0KxqZc+rYvrnxQWEm#wl!B&J zQ%#WO$4W^ADS(I4NMwhv(%jCRV-`|c9*w&3Gq(+}+Vf#)Q)wXwm}4ikn+y7g3yLJU zfP`^3Z)dubGD~0t#X9Gxt+iBGQCG}9^<%^rx<(OxFtE2%SGlkGSBdz5N5Hjfoin|; zsQgH_&q!%h{I6Tj(d-V4!wX3KLrjl6q-n&YSsjp#BYbTzJ2i9rlaVW;#-&1-a|S@7^`miUk+DRcd6RU-fePpkB^C7*e5zSqA#a#)%$7;=~K3jJpP;r!X3~fzwOG53nd8Vm;BSD2%%i{oJ=w{~Kq(pZ~Hnb2flg z)DBiM$Z2-wkIHV%%^$y6XBHP>L|nS52bk^k)!g9KuKGU%<&|0S)aSk%v+MHk&}&|r z5bhGXsYJ}aHZt0ujt;ij>R$GPMs^-)E+Q$B(vZ!hJ9j}v<7!!L!KSvFgWsWKUS#35 zwJ^oLm45PHueFw=q-S~-atny1mJyZc!&!){9RI98(G4?PmA)dw!bBz4_{PgA^Z2ol zLde4m+~}p&+ZmCJenjQ#08H}y92RG&5K@ULGqky09FU-%^_aAT6GF?)f%F6KRDw6~ z#!)kHEj(h&H@MMRh;l`S(?2QI+2?g7uC=zn4rt8yXjy|4uoWzD*p4C>aSLB~pR3we z8mH!}B;XLm#7Z@Y*&B#5?6s+ox1m4$p`YM9^VZ>dRe(LzGs=0;^U9;NpFJMZT)^Mp zD$~)if4KH6*9}#npeB126uO{uvd+eMwg(;W&;<<^2WO$DF;BCDzviQsOFo#h28yj~ z8p4@Z?ZCW1JncO1YN2q2JyMzw@3lJDQsDffgHs+TtN^}5t1ITtl>Kdg68Vva%j|x~p+Y2&;_B+T=KB(_ z#;Ln1SpsAXiY7rd(av4#e*h7POyv-}KeWX}+;;TR08cRlux98?uQD$Alc zn^OvfK=YjI2Nu=ocDM{2JZB0@PlFRln2Ho5P1{)avcGx@-4=(lPz|K?R`dS~5uJ?> znu9!m5P_HQ22?a;r2YPZnkz*GJ*g(*)}SUO%d7NB7JgnlF;_AVsw3(M$m}}#MtFQr++3E7|H3#B7>7!KQcvU$^J0 z%`AN~N3}Ci$<1e!wte>@Um&P;U48v1-6mIGGxvm_l^SiabGwZu$2%2iX$1O6v zf%Du=?bIP3;idqlq*s1CFUHqcVEZm%@rq%i5I{(xr-Y2JT5ypVA4G^Fo zBd(5&PU=~X<;vAlpBT9oy~5rAxsTLF{u4qy1BdGSQ#g!ktx_|xKDO1iPhLIlh{?R|B#TLE}xvsqQhzwcedszJ8?{W+kme;@hhOaFB<%lMz~ef{1OUneZU z%u}w9$TbL>q5vcppO}(dq_6MHvX6qWpLg zH-%}m++pAC_+{*s+IJPguIeL2&ot~D9UXzae|%oWjXf5S7B(|N^PPs&Uk{5~;L~Wm zVfA6dFP2A>$nQswMn{c`#4jmfBg&|Ww@MgxO`#Y9aC`?ORi^=#8{yee0oSYV<1+c< zYg+8ao2CK56BD5Oo1M3!HiilB%apzf9{4afLfDy?xk0lq_Osk$XyAtR4Zs8BcuhGITQU{TO{hS-{ud>8stc92bYUE8-{HBAWZ)`9N6v$NQDWNiy0t zMXo)i-=;p(NyMVa09AEJ2^8AGCIl@sZ!cSe;^*^oEPtC(W}%3LGXW5>oyaaOxo$Ei zGlYW|^h3_Hbq5W9Y8vz*g{x-=hZ!qIe|-CRWYt*F87ec_)d7<=o$0S7exmKZd-awb z@q}A{b74KDcCH3XK?bnODV#rc7TQuULc{M(L^tPAW8&io(<@W8x^lJkqNjHY&u_m9 z->62eapwCi3$;yW@*23-yp-Qgf|TVkVQZQ`R)Tvzh86q|$tz(&NyXs_7w)(l{NzS} zn~%=S`FE7iKuUiwqNJyYlhgOgG3@q-+UL{cm9l$iHU%b1@iQYXR(0aVL9_0H_z-s^ zkM7hP7>+2q)Z>K3f2y2QDqSk8AR5Pv{?N|^ z=;C?d;L}@!)yL^GtHuj16kWc=&p*GubF{qN0jmdJvt?u&aO3OM6V$UX2`M^ZW(# z$lq+zN+qlHpXt8eack+#`Sv9BDk6`dGPv&DwccG3nib*|$Ny9t^sqO9_C7<;LcQbL z?#}Hp6T{^fO*j~X+D1-BagSAzM_V*eJXSjaVY-i%|0Vcn5T(I3-d_~L6`Z|)%BLew zztAW11z+{`T4?5Ld$}1FBhq3D*UqMk-w#K`^Gs9E*ZHh7RL_X#yz0)?5v%+A%3cP; zYAe_zy4cj%oblqc*E*J{F($thUd3 z3O+&|Q*>Q)m7#NEM2n+iaryj>sTNiz<2VrLHb)B7HWvN*vJGnkR}Rw5 z1mpG2evqFnU^8_-(pP^5Wyv}+X9ibhmga77GjJxPxqIB-7J;ZEShz;B3-%n168?Ey zIo%QzPq_5%V4;8V&E$6720m6bz~@hxCQUo#rZ(s)1l${PVXJU;t!s`Ydsx0miyH~# z{pU$%{1u%Z^QW#yHV)taO`EvE4c>dr z3EP1)XF&7K!-8o5XG@zg;R#uTov)`}ba+3lCuIw2)l8M__jfGUH!L0~$*%H{+wLhH zo^Ovm6pZI92AGjpFFT|g?AOit^4np_tD2Mkck}n!kxyC_%?wJ>9I)9${3D0DQJuMK zU2^7rA5Mx_2ZyMn%wGP=CB}M9dT-ru&5*wRTF1RHE3(m99e3+4XaW(cXa}SwpSQ_O zbfgL~;c9HZ-n(J0PrC}!fo(PJfs zspR`iS*0wcc((EEM1M~&S=F=cu)k+k!B}(b?m>2n{v>WD12@1zNBmEd9=96cb7ius zPRkWLUpU|n&JT_4TCb_(c~w4#VSIZn3!Sl?ttw6$5VQ6By$|h8DdRe?Z^~mWqgw3ii~-<5S@w z0lBh%ZW{ePX_5E#{YCoU2clVpY~)rU&);@81rt?&^ZAoO7QH7n&Fgs6iNmY!f>^;) z=yk)k5V`zat&c|WqhUd?_7Le8S*sgf^6bnFMk(^`H2Ie*`CL0ocN>#5$!3O&LkD7N zDio!@?5@RqXT#)_ypsm`H~$7v5>OLReOOJL-tX(W62Ca~PH zIp$5%Y({g*69CxXG}M=701&$cfS#L8{ogn88MIbN`m~uYNW8EaktDzU19Ue%Euv`gO{n_P1P%w( zbp5pn%Qy59>&Zh@n}QR1xw^48P9R%fb%XG_bk1!VukNd_^PE<60MQ2^F*#nD-J5S5 ziW6vrOfIY#OkNn1K~eJbjB~+0Gl7Eq6OmB;(pWPNxZ{KKOt06wZPk%$X9jQYmhoeF zA~fXxtepCJ5mnG;KBZYkV1Z5BS|?>z4_Uhgu<**i__>B~39 z3}M$M>gzplbl7LVNwNm25fDV%a@8@-CyZwv`CzTJT6B&1nT{E%TEIqTCj1oi>D^#W zk`}>G-thY6sMhT=+2HRJr3!3KSKdYx)+6Vcj2i+ zGWnc9JtP{*T_0ZPw*2Ka@uSAvHspASF>VESnyrOt;=uT=HZH8gC_U`SAl%R$6?lgBV+_A+F<2SNr7e zyhv7t39EiE+g(C=)L$;GaO%dT^}|09?b<2%r*G{jHamfy_CLGmZ!7%%9=q=pGjI9i zPXtB1xQIF4l#pprZIZ$~fP6AE$1?QnARj9lMZl%}6+tI|$nHp^hHItsJs=VIusbG}kt;B$&L>qd79| z;-22eSxP^awE*Z{E? z4u2dR%S54dPUtIYmpCK^`>a!^c8=QrH3PazntiqQi+XkzP!ba0$3pGYY;;~XE$2=l;p#DbVU^SqMWkZw-|TaR;+ zfH8jRyQeLOSn4eu2&~;Pb;#Iy-Baiv`<42a1mg*01t)9jqXa|6BE{YNE@HLph?ox0 zrS@5Xu^GG7(7MH!YP8!4%@IrkJKtUtaKambnq|4(2&qtDoFgOm^i@}fr! zej3m(vZQ;goLNwas}o_m@-S$Z14gkO`p-SL1`Wes}J5iedoNx{24ngMxt#2#W&4*M50 zP?cf#0?roQyFYg)Y0&i+hlNvzgf_8P=g~ENfjlNWUK!>l*1x2Faf+TN1k*g@gNHKo z67<`B+HunPyDuV%+IbNJ=jY<}OSWo>PM^KN1{F=y@V@ybe%*n{A7!U_BZ7q{;&QlB zg5AA+<%@zyp`wEZ1jcW%kZfgE)DTTb-NgF`^LBUl^z|7rN1eSPXh+>YGH}``w7qx7 zU0af$y(=&Sn98gJc3?>3o#~Sl@YqMAve?$c({lsGJp;2;q4sJ;7J88;s-~}PDRadh z>KS)m+{V`NSva321BxJrC#U1Gtegk8^HQX27$)7Njj7?2qK3+iXyt=K+wVCuzj;feWUVQ^ zSVHo+W*Kqp6@vlxBinjIo6v-^WGK?2ol{p`2$a~L4oQ%n^{jQ;u3?vv0~6|7{xpUpwSOOU8CPdko&_D?fgV0fmq< z^t79%!Wio)V5!R5{DSC6{+VcTj5T?;L}!4p43zaj=Q?&i*7-><8wcb;*J=!-J>&S( z16bF>v=ad=qbi+e>~;B&bIfZO^o|I+#7}+{{cw~@1}U}gELwaYpsD2Z7cX)esXoPw zk(M%;jPYqyD7M_(5TD4NFVL1+47JtVoIlQEUR++ZDAYmNd>{F+Aa=FkQnob4fA3og zCCk3Zvb1O0hdPGT4hDUGEg_Ze#Sj==jedO6KV-e-WJubPQ{`>Qd;3Vi!s;vTNqV~m zlX8)^?S!R517LijS*3zA)n6?(gW1%ZdfN75a+OdGwG9=TY?am$;j^K*z(3>B4>sL|oZK_mhh^$equG*90h`8rVJDCSmaB7gY z5&uFDH3;KY#S)R4CY2M?P+a_Lid1>Wc(~nM0{^b9eH>t5r!@Nr@rKmegBuDPZ*+I1 z!2>6MAYF@X_40hwu@hj*wT@p9#7m;``X?N;%P3^LqFCx|o0E%&hnoAd<`k)GN%Y+S z{=xF(=rjdQNKZnllp;J%O{bz#Ta=e(maXcALLFmoj9o1IwXBwS|KTx|$fg@*et*B? zK0%S<3reB-Vrbm!U()HRoT0VJUhz9MtG>0i7sB}Uj2R>a#y^w1cGzA6!T>V?mMFkX z$LYE--I4$Xq88@}iLUP5RR8no%713(C?Ev_-^684>1z8j!1)^{B3MyA)_5W2$0m+Q z#X1C_)#fY2E9%>2R3WSqUrpQMY#9rMgWDb9-`1A!$ahO%N>-U~JSe6FmvS3pInc|Q zB4#sXjj&_Z)XZfnt~`H{yuUgP$8UMwg#3F8iNy7nO)I%Fq5xig6hWolOPBJC)*G8D z75IvUBcRfLw34M+-o&Y?)0-cy^4;$DJ%B7fg>RRH*=2yC0+FC)XMVPu(BQ)m()ZvD+pEd#y;J=p@0B`0?$TuV^w$&FJ2)xahQ^jP%(gYv~4nx2l%TwmRAV! z9F*>mSCG4lQm-H|5#N-@nt@`SM_2pyNum2!=_3)e+JxDc_9I8{78ZCQ+wMgeuRcVT zh5>>~PVbH*@d>NFocX+o2<}9{t`9GcXK`n}iLlnL^1L(p8`4^#} z?H^yhj|L=MqGxA49d5%h|Y%9s~VlI-2F@*Nuu@dlO`V5<7u9~yN9d>cST2*J+yl-0P^Qc zKsA&{DnwBW_16-Itf-+#j)8(21U4ZuAeyQn6s9?TF5`KgNI+flp>bbD%N^G!t|ssK z@drKv**z66&wNg)BoO~sZB58n6Fx9Z7iQT#qIbB(2$(_u`)~YWXz7;Jsme=OQ5;hV z>ak7FJ#r{`!WrusJ5)JW4PHVLyyS|Z)?JNb3*_f)@A7w#QVoe_lDfqfNuDOjA6s4m zgvRr1)Qf3zm?dY>-rmGw>tS=2C(;Bw=37Jei{}`>@Ee&(D+w0)v;|uY?hF-FoT+IO z!7UmmJd|0F{kYrRe?6IU{s6n=kXd6ZPq5qErHvpBMnz zsD3og-3u3^KFN_4_Q_m>Y=)8uwKJnt{!v~FFl#Z$n5Qn8rzU1Z<8#jf7|gR; z;Lm?2@tYa*=ZF6$OTO~qm;75YSpdIY#8O-MT;{edTOxLYvVj?zaqx1!D#Qit3S{?h zG~uqmNiV=1lF0b?Ecncad`6@|#Y*Cb4k7?zk@5x=htbcvpX@paFIFJ3Q zy?P|d?#P*gVelzK(qbax5SbEtwgsr+Mq>d9NFBAfL0|Io+WuFx)ooe-Dj{&ike8vwcW4R4{_4N z4}Ni?8ssS|^|I5SQKm{zotp=hpj-d72dh)h)n?x~!f|Jlh5AI~9_ML4&Xio`*FA3O ze2k$#-@>*CYtE03zyaijnpXVd7)oB#e?8?ZT`^T7INY0PkCyH2ZoEA6`tb-LDXdW` zgbytKOXwiTFV9P1$r($dAk5DToRKX@4*`Q zJSsoq)kalkRQ&qe0SR}?qca<72En88T05JsivrUQ;E~>!p~z23GPO{}v|M^L#h;>~ znYIz(+$Bez;9I&tUS4jML%{*byjyVjdteo~j5C{Kxe~1-8n2a226vMP>foza1TpA9 z$GJlX>tHZCdjd1ME;Ou-6LDuM@gc#fk;>I(z`$_6DfX4A_df?pASJ=wcz;{w>Q2R& zCsOGz;)%$spP({#PEI~XneWw>eja;%y|4S=$Us(4Zr$VD${^@tQv-4Dzye(mUPaIhMa3r|8NMdEtEdIRUuYRC9^~yyjrh{)qw&|NNyRsTh!z$t>USzXn2K|) zy=K3zsAhZWh#&~KoZ7408%_kvh=T(It(I=+C(?$&XO}QO^en}2{?c?YdkH}T^jhhz z1)Pd{@cuMN0DWjd=61m1shKeiH#~YMth4SrzE375Nzf72X+4bFN2Z>-5Sn*lIPA;Z zDEBS48+m`w zyn@~2iWPml&`8H=XG9GejJI;s?}w3V2+4u*eMbk!u^YG7&F9-Hc6_;iYulo2`7 zJzYFjO3>HMQkNl`dRL~peV&QIR)pqXlRp#(02%J~py#e?7G196$3R&Sf(I@`FR^=x zc~Qf5Ox=Oz>k*af%V9z?u0PN*{jMJE>N5PbszY zDy1NwDoM#l3gQ))SHu*6MXI3IU|R^oSVD=)pP>!f!!YWvfooyrj=_l zvIx30$Eaua@pocd4U5be1{&^tvvGEI*uC5LNRMcI7$mfAXd*i`UTi~sZg$k}G zHXernl^OddfW+4K6U!i*O6nYRD+Lb#+Ie@FUf~JD5>P>HgmW*YxFtg`+YV}U^7y7i zkhG@<>p#;{OKP+Yq(uoyigbT@)EzMCjKrD?kQ;5<(a0%2NHf%tHnE634lVO_ zAI#9hb8H5;GjB&6*(T8dkeS6T7n{ZSB{>wD(uY*i3=Il=9ThWGpHpZZugqFg9;|8e zBK&;nL-B4mKu`Ufezw>0YJQoa=Sb~|G49C8Of;IS3|m~UAbq1pKc=X@t6x<|shT~S z2^_zeS68eMCh(;@s%`FlQ$N}W<+xaP$rZWu@Z8*GyvVAwPT*)_7W$Ev>=&$olRM#i zZneitgdM_~ZOqvfXXsV+$5A2vI4J1$Tz>TAWAKC2bTn@=J~Y4seoZiw8;TzVTlBO? zdK3k$o$&*ub!=D>|3ru9I*nV8kt{lwiDH3)Wqwp>AUg#VVSv zF4baOWNbfv3NQ1-_J!(wqhH`pSP((9GqcIu$4%b$`k%5YXn>ZIu^=om$VBs1dzb9X z`FgJ0OgqqcI>4ITNGiI@EsISuzlI~b4MyTJ(WDQ`H~5XJ_j))O-(u|~v%Dw4gZ_PU zP4J7~N)XnsT{%hiFYFUM!+Z5c(2yEz(?Vm#kRAlkB2puas~Y53KL3G@7nsD}fFkFs z$yeQis?Ap=M;QG8StSyXbT$?5(*ZPqkx^}X44$W(0<*%Rk*<_xGPTXbs26}Z&D7gh z;-eCl{+xe<(pp#|&)H1X8;fVvvP$aNY5{-x8-OPpwNi`2A5FTJbj)i2;-HEp09#7n z8mFf#a+pjE}T$Jt>dOv0dmLRiv6??a2|)FCNEWGCzB`dU|?(KTSNA{O<&!o8}7g zBOlM4ll0OK;B6mRTmjTVIQUs~27q$`pKbWTE`%BXjnsqwgzZssW^6+A68B=y9_pil zsMed?N17YB(ghPgr$!#(8m@Lb#W}XhNuviIn#1mv{;+!bXJC!tfK$9n{V#C$1ga2q z0Rt+7$;bUw@*>W!0#w3{e8YlGzGp{ag5N4Y?^L^i zcmUDRwQBnA?Co+1>RZ3mDmS>1xa?bQql~_`9hj_CkFL?jv?w+@Bl7L6C04M2yrHL( zec0_fF>`d89^9wp@S*cwuJaD>#!R)hv zb&iFYlW2u14qru_rX`0%<&2 ze*$NjYVMNa-SY04ytQ9=GhX#{nta3+XjI2zm&iEah%{M88`5?xccbdJk=WBv8S@)q z5et@P)euyRS2ZW*HStKKZNP|l0|ipv;M7sqZGqh4f zHpwn&Z`nu{08~xDNRuQW-&1PIFYnDGbvp8Q~ z5z-^#*O=L|ywyfs58d{gk8dyEm%K@#!RKDiW7R`!(+;o_F*+7zlK=rQGQ!+@J}p+X z{Y(uYTmcOb^hfK99|`-j153 zl}9Ao$-~W!4%r_9>MTg%a@v5;!g^DY^_U1C5K5UmfCn3&;krF!JR%w_!l(2|2p``- z08*|x21|20`=#ojQJEq*r{&+2DPd8N`)Bo|zdC7|MA|8WzVl75oGBFhE#&8Nz%UJYhl7mh* zDj+O>08qneRi;G}C;9hkh20e)Hq*4@rJmV)j25SsSKeGH8fcV|g=M};-)Qe@a8-01 z?N~ClG|q z{X%-q5%N@gILWEb7f^+2XJG+~yxwlS&Je1LOsTE{NcSjv3o>o7p08s()mh`%aHOtC zwQAL~r$c=t#`oLVv?DoB2MKi%R)gcB9-=sCDB`6*YN1Aay7al97a$pQ zIDg2`Z87$2mmCRl!6jF_37Ae+MGD-El^!qp(^{aE5VD42571&y%i`BbTZ{LlMyJFX z%HNo{H_$k27gQ*N$SUbinX0X^qOKNrS*H1jCeK1fCL>zIdPkRz#}(B!Gg7nDTLCIj z)*Nbbby3bo8c2GeaBW6Iu$a|mb(^Ci3gFgKB;4u8h*nZYB*sj!kV;mah9jgqtLM#j zG3~-?*?P3`^a9|3hXi-7xMH2vU4bK9&!!(1XhKSRU%1!i=*t3oSh;UyC2(S%8b5fi z`x*RC|5%+zGD$iawGO9%dL+_Q@28bNE`7K?=A7cN!RDl@W%*9i6jL(v3M|7Qp0g6s z8@A)zn<+pDDOXn{Od6}ksIDyiWVnmiY|>Zg2!6HHOq_fcSL|dbhLA%bi1XTD=0JV(F$vVSqoj}8GCh!3Xiy9zc?C^LS zSZIGQ8(>a(OA_W-Gl{EKg^_0lSXxnI@~1iBnf+mfX7i>mr+j9VJhC>)yV*TOuH4Pw zd=YRk)TL106>v9@?6qd#YTo*EHIB^0KOf`Q*2gb!Lt+p6dAdjIc6Z@{nbj&g*fZ0k z)i7T&@S+3AK!>A~O?ojZ@}!_~UJi_-YJ-UHS8j8bKMKh!sCRvCF(NxS*Fl?BI>m@> zU-ItCNy|=QJ`R<49Gy{y#ZxdvuyIhxF@3A>~x)IVhDH(OQi__h6>iCA;pF z9wdq5cfsojMje?SMz>OiUFdQz^X)A?t7W^pg(6bPv^exR8eXI*!z_1w_Mc7uVo1Lc zqN60%K&};LJwyNw=c0q5vUsbu!E=LaK}~K6*`BRh%yCQE(@Mta8nf`q z`q74q#KTGpLrWhKOCxE37H*gb^bpc7QRSaqyz3j+gCSY3Z z#m*(0-RrYzOfn0UNVlJT6-S>3tSTToRo(ar@`-WX1%v4z+&UO%w7+XwCjs!vJwvKQ zl}1h8h|(B=IN4R*^djGSl3Hln5emDu)JX3oe;^v$`zP>E!UXAuYcIv!`I<8x!;`zNO7WH+{2SKyuX+R8O%5J<)Y97hux~HulQK)vlt%HcZ%ip5BL?aqyPNJytT3HVA<^G-lDjrIoxA54mI^W*{M z!o3{%ILBOLWZ2QR#@__njEuP6OHMOV1jW43rD0;9OTuO~HM84ZF6}Ra&n`~pI)Eka z=@u#EIgQpCsw6cP^>86N$IFvljpeLbb!S6LuaoC}Nz||&y1UM-H^ehAxq1zzt}1o* zgzsm*(2pq&YX`}$_QiQ*S1aj1_#SpexijkBaV1kabG63v!DOgzV|hvRVfp!k*i*rC zfMRLOP+nF6`JP_g)8=da1Y1-&wwkxQUWZ1L_Xr6dE6j(1O)6xB2_>F1+PUffXH@rSs`Ho07eolY|qS%FG^vog%Iht zYf5g~9fQVLY!S(8)*!rlT#K;4TZx<7d%8P8YWP9x+6zDiAmZYahlJtf1Pf3^8zrRDN#cHC=sKjw46@UM9OC$a|3oN_VaiULECkWm>h7F@X^%GVEiUqEeVS1G`wQ2H3qY8)7BB;rN<*}+CjwOO0-nuak7-ID=;9m> z4e7p=Vv23M6qgq4b==T;SH)SI;O0q%;W1^R^$Dmr3wf+Rj*};$edI}&c?;MB&l#0p zZGYTHTskBpGt92K@_I6DA}zNPez|0(UA~=TJ)msN{n_ewY%w~ooG)~KHAL*3vj<2NaSLbVQSc_=OIllEbF$H#63i!G2< z*LVfHo=YKd)r|hV3(pN<(d5lLz(wKJYNP*k5lEQvMlXTMd+^uGD^ngSCWT8(Hd$3MS*{BxHM4dh87GxlB&+Et~##%ZvX zf7um;g5JILyY5e_oI z5;ts*;`6u-Jz>t;E0q#|IHi)G=-$uT&4wH@{6sd2SINVOb!=pX{uR z3rlj68+y{p%IDZf6YsPTr)8fUdatDQ4x>oZ29|=^0b42PJwOCwg!TZVdTUA$${21a zFSC$^7joT%+vc0#9pi6ikM9m+q!!P_`iY@?d4J8dNn>A0XTpS_9pmI+|B1*7mL<}o zADc5JW}|iyp$`i-W-WgTS!r0#{+RM4-Q7)_I&f69u}47$PA|u$ia~8+a&~i-tLB;V z)HAqvn=^xfC=4OQj-omk`0Kh~@zFRS9YAaQID2k0XUgMCR)jk?*31X=#@SVAn5jx2 zDV5=0&vk^$59BaP2K6ZTPd!uHx-Z%0hE`o?L(&FxM%#Bi$hmhG8KziMGlPKUIQhaU zXBxJb@}>SOzn*InjoSg&r);)6hA)4B8^$2cbu^S0$jZRUv?tL#!E1xba(nLOQ7^mpVFyF1FdYlEHFEsSDH;@xXGO1foCM?cq zaZ5~2>LG*rYBs&2BU*ALE0A6OYn9)p%(2|`E!pbm8pSH#dXigkjo{e45z9E=F5Ei= zF?x5dNwTB8nXUCO-Xu&$A$6KjJomt*;~_6ZSs~(@7fi+5x5Kr!-lsRyuyt736I@#6^$x75krdAeHbWF? zf5^CzT~{QMp&z3G=}{B$s`mO?SW|tfD!Bcx za_oBrx24Up9n6iuh~`Nq*h{L(?JrQ!SijfT4}dP^eh zLT2ZlyDcrf@0eMi-T_xP{oN=HD_gwbR>N`p2EO|J%2(t`6!7~t)l>u`pU*fs*R?P* z>ku??%>Q_&-J=E=yD~A&Dr_~Vv16xtnBiT%q&7>fNlMR39YaXPAZjc1$H=wp40c49 z;jLBCAZ8bQrqvF}5@YGSS&yGO;*8h_rK;d5sj?t@zOLJCOx39)deTfpwxS7^V}nf` z=pE@S9)h$Qv!-s^hq$0=S)~g#$Ev#N__>j`I~_ChJd=FvP2G^miECrzh|+9p#RE_5 ztB3N6=XzG!+n?`if7qLyQRgIeF@~s}CTtdQN+Dv#+wELG+u;9d#VPy+Q zqw1u*g49h1F#C$`w!j8wdGn?$BC|#Ju4rq|hdY zpV&jD%jd?&)H4%S1|Hf^L1YxfPiiQC3S&Ekk&wO zKXj6!@67Qj?Y~wvHrfDNJX-KP1HfhHmIo#O5CF8wL?T#~2TSY2So z;RN&rqdci(;eLN4EQpy=e6_Pvg_m}~ZD7%`BSp?EqkA{+ASq(#sS4AqHS1|>^fYaJD_ps;Cmr4&({&O+Ivs3p zy3STws;~n@Q9(lOpn`<*VUqOh)g<+)HkH73x?9T~vrH(ObCwjbobNW`kY=XDVaJ%f zbFtarY9v@(x2Nag9#6&S63xG?;M=mupoYdM46?nBopIx;5Oh7zX8w`}>?4LS+yLVQ zzSx!<^P0EoGLZuHYhTsO&MaLRqYYx_mqc7LMQ*g@ZA+Jw)Uk=dlJ2#tZT=)I<7#xU z*lLfb>8c0JB21)7;do4r>c$+fGRerVtxr+7D4b^$?mE)&IK|b|$Rkx-og}R(TNV8I zu%s}|VY%5avj8Tkrzsy6pttH_wCJH2p(d_t)A2PlCs#Njf~Go~`jxf$@AczXybQiX z8E?hWmOBqODkOxFC{ZtFk7&gYobmV!Go%D}qzJyi9kCsc!zo{N_34IcgK+r9s z0gC@0U6sTTo_6*0G*HI7Gy(`ba}S-AHwHd z@W`#m18rnB)?`?>N+jtlQhre|pp@>t&t#+oRz(?Yi^i%dTYxqrF)q z?svW|Xlf{b4_)H$do3fs<`Bp*w>S;|_1uk|8dy5n6(N#k+2InEF7D_&d83(~8^3vS(CdT zTDW>K$GUW>FUMfusnvi_QDRT33{$M0QpS}jyU#C-e}h2Qb1S9zss$SJ&6=x;K&_Ra z53SOu`R^hlCAfvLINt$sjBw1Weq}smQImSfBX@Dda$ZN+(oE)^gX=XXxyDHTRB}yJrjhKsskW&}mFVh($vmB;Qo8gDI4uT`{l3CbeXi~Xm->6nLJ~8rJ9?lJZtC44L~K^a><2+#R{tis(pDx zI!IB}`?fIaQ5Fm+cXsDsO@qiy#pAV+9foF{=Q=8i(DudE`@Q4ce(kU2IzU6GlC7wA zPJKE6P3$l{EtQMTMKBh9(BbV(ey#Zs;>@rc`R)a`dA#*Zp}bPni-q4i%c&#=7C6aC zXU-DIVe&FeZseB&F~IvuRiwoZG(N9N5@SK-NF+^s5=9Jh>p{xPf z0p9<{x?fc-ccMF|pDK?JC~W9C@1d}ndVdu5fqdjozTWfo9}tLppvkyKF+t_5Muii| zbY%^LKR`xy{pi{2FiuH&oSZ&oTSBIvRKR83FJZ;L8Dri`ExtF04=^&&X~;sIvZ*R0 zhpWBtYIjx94Rz^1#bsP6^r&UQ903f1{8e*2pD|Y?t~)+)_H4P@1Kf07lJxt1Whe;lpb@He76D~NT?H^m8Ge4 z*!Y3@=QCM07r|RH5>CjyLcVLtBC#b zdctMk@<<40V8hQ*q8`J?XSGj;pQo3YJB^p7`dlP6h;>Yjc(To0`>fcj=(J_0UB$sB zo$P`9ou$ONmKAry?k7(=1X%=!0V@zQPpym_=1R2{O(*K^QZkXYRengIPR~=-952%g zfr4f$bA4zV#blZI1bM2DCviR+*MAaB&9BqZI0%ii=+FG>>sB9|4cEwKSuTkd{_@SX z0e`F<&nOH&TzhySB@u_lWYO7A?&P(k8_(t*#E-yZRj)JiR3K(nY0McGNUa z8U;%^oyF+q{nbM)AnF7!)7lGxQORa1?5>jEYHRL`8tV^)$2pVYMxoMwHs^Vg3kFe) z@}bx5gxt!h`wI^FeCHMzHoMdKlA{INbH6ts^30d7?T^bnOW548_wUhOI-eINERn`G zEkdB4>&-=~Xire}6GKUhP_UK9%LC@Uh#&pQZRiJl4`rOx$Zi;omrRswnm*5iS-^EyZQW3>lb5#hWUO!-^ZSI%g-zSY2b3yH9nqlI} z={5;H>O!B>RN6zS*DGgZt5~&jDAK}3i!839Nz&?-fxw6w=8Vp{J$%E$51{zJF@#5} zVQjjQ1+V0K&*vE@`Wwk$g?&dM@lJz^HKVE3t7N-bS4yLWbgS=8&(`pHLVEk$R;(=p zgJ5x1GA1K#Ue=h1svaxZ){W>5k)$Fg4Wy{4^oQ%!6Qq#7^wiVe-m><#Z)S~Z?yP{$ zo-R8)tXv{1%Vcopv(HNHs-9Vho}~3IeDXJDamOrp_;4}p8#l$29m6cOB%d1A)N@h; znW^<=L5B?M-8!(pTkkAafOvQ1vPV39xnmtzV~$dJ;armXt}0Dw@!rVYH4tKdS1D5o z-Q2sJhV)F*m}D=34RfpHCkvcfCBo^xn+7EV$H}w~L#+n57pH{`PM(sH>3lSna8*9&&^s7%j_y2$iH?mkyRILk^4jFwF1{rd4>+B9(|SGlkcZaM+X1ciHA4FYftLszjcGOZ+{QbA4REhQ6EHcPLgK z^sFXVn=CkljeU|3buwvpw7L6U+^bxk*tso{O@qivb{9F6k0)W4x(1HgJ~n(bpk1Ql zoEFq{OX4E^jWS-PM4-&$O8M8JuMSzPdPyCjj?*QAmR+uYGqg;f&VA2n zX3O@~7uO0t18_$C0DS?Xt$~#v=rz|yJ}M>BVOVXxlT&a_pAsyH7v7ISJpV-GhrhFd z%GHl%`8tguC*dY%Cs~q@4Ic=@6YICNH*XoZl(b!)asxFfc#=Nt6`JywG}s?$+AYSL zmB2D|KH(6l`tEw}*ll(0veNAI@U=JF5|cd&1Lg1r84A101JS8gAre$dUuPv5Grtw0 zp@lw%^2|=tDcBFCYe$5nOI~b^Y0J>xB;c^v)DpbkJ+@u}tGM{FXlsI$x(L)J6s;Vs zIz{xaFJ#R+49HC)zaALNp>^5)q4&+x}5&S zkW1A_5+eO(#tG?P#EFKLu?)k|v3W*@Zh<3ZzOwII!J9|!Q*E9CX z!s&}a5wR%>*o&h428~W(=AQ`5!j-QVG+d-c;RGx;mx@9i_^JikT5$xfJWeQ*fxmG~ z8epw{{_9d7>X@hn%iyYl!+TYO@HAh_v-aZBgXf)c8$!UoNDNM4J=~aQ<88bPBN!ah zu*{K`DzU;4Xq&0okIW?hGW_86W`4a8QO{X{;v%3da1-&HKw;c?h8((76JN3*MNdo= zJCn6H;_B-A%rT6KNGu;tlac4E0ti`Bj-TOr$fX2~B;f=(S*A#tNdiqysMk!}^Qyix z>XirG7uO5ZX;;ZAM~&Tg@}vYwbj%rCmh>eqUIMA|$#uaoWB1Tw{WXrHPR~+^3^pfS z2ELSpBfpk~NBM-=bi0VNj@p-AAriDP1Oi(WYOG`h8tqtNWfunfE*FsQ{ zXq0O3dPUxC~2%GN5ZwK>2 zvqnVE_|7_Ake!tUwBu@!r`pKZDeH=AH9hf#REywh8{xu z`NQ{2+>oLnBQNgntgw<7!;cu?rLac?f_XlCh{#*YQE{7b5`rfh{LYzD({|tTkt@=F zrH}(`E931IE%gmI3hP~Cdrq{350e8Q8&uSXsyq@ zRKzP@IRT!EZV;nc0)zdV^Q7?K_@_2r5xy77Xc2+-Q&+;pnQT8F-)=DSe1nB)hzSwCmblv6?E*XYMOrSmsqSoU?7Ye{;P zx;4E2J5cxODF$&t4zCt_BR39b$;4ML_uPC=_N>}OS)8)WC&HwlB2Q%Cx_kuV2UK_~ zE(VvcDh*9gGoXwkpfR5`0HmZ6I(1uPwgaben(?vOKFQ97(l_Urc=l-39{Z%!H1Dqf zziFRUqMRyvB{FK|&e;iH#mxpjn+s1&t&yF!d%!Xd3mnqC9EKgLP}Q{gtHw|NYOXz+ zupgRGvLEWO@1Jkq6^$e1HkX$HgucEF=f_YuagPE$Tda1su$y$3B34LP`rLFsYi>3# z8UQ5B37G<64B=owygp@U<%(EcdD-y%6@C6n^Bp+6+OJ2sk+m}oAk~0rPSHvt94u~e zJ5t<|WO2a8MNO{+KMFGv92u2@aiPN32pV~6`>rq^Z>HeQaZ44{kC$uzL!4t6LYN(; zP65~4GvP{E+L3H5-gl_DC9U^RiPaYB>qS`51Fu)BE?4L-tB$0y9^0!5*dt|2=AcK! z@-o8zXqjEy4F!i}!UfmV-m(6<@H+`N66AMy7Bv}G;GYM*a?Egdx~%XRsUF>y zQ@6jC{3qD6^)oE}KV?&8Kq&#Lk)l?nTr3PPR*Q4b73zWJE>v70>oM1b`1b=zwp zUxZh%ZLaMdg34_|y-IB^%JDzc#WV&t%*2-{H>2-*J()J zEJQ;&esNzKC6{cbTo?G0eC(f!p&fU_?vj%V^TpxZNJ_MM?y#&)GAeJf@Rp(*DI#sy zoDlK_yx3E@fRc2i>p$+a)2ECW7L_Ozmx$UV$NG4Z&X*HPI4RABxRU+Wy<%5-wW7ay zws1X4>jTX-(}SCLr3Boi#5=;P>P#GAMl#iw@X%-1?Orbxxwp243=SQkCBS?MRo@#4 zb~B#m!OuYDG4sTAk}sb$j6<%1<-rDhLjkK+CQ}@r+tzc*gOs$1dRSG~qvYAEH~u>a z5doQ4xIBcnWO8a$chb#~|UDA7E>E~SWd>$={a zhY!C5_#NzYnU!l4+%vks-(}Y5AmTy{?ZG(9Oy5>Pyy|!XKQfXOgz~Bn;<*;7JPy+g z$;q+ysPqn*U`A#_!sy#>A*R~OX^@S~h~43Xeh@_y>KDij(B#m2lyNufoa|lpwo)+W z30!pU4iR;MJXCziUWe{ab%D>`u!!$omz5V>u=Na%zS^;ABj0TRJekF2K($si0bWmL%K$A~=T6B6eNXg_B=W#5%T>YFEzqUY37JNfIujj9UK5pDA{| z4a*Sbs*|x$rSl_)d7*$?d0)uS_g&;2v|UEq@xbPTzm4C>w718=?0WO9qZbFx4Bv0>H087Czp;1bngBfZ zV2PTvEqqhg{cZ9eB8)e<%e_#9cLZjeG}ef4378d>z6Z)jDfCV#{RYEXmQK6 zHeX&P7Ps-;=D~Y>?eJrkp6__Jd^3lZK2nX`ur_#Vn0X6?8mxM(%|c)DnGwoad#XnT z*>;J)(5OXyT80%p&zY1*H*h#z2UtSHaa->yd zm?93n6EC+W?~uHsu6ahXye?v$B)o{zPEMAT0p8SG;;G^i<&qNRdiRk=&^@1(b#|)5o)HHsGpc%E7{sz^>-AGq=!o9-dTPl68)*iW%dr=``80JcXji+s~cl+Hd2>`uCN=`wz@`=E{f^Gu?lPd zw>@_S{QnLbCs6yvW*z+5iQ;H5j<>!>Kij_Uw?GsQ>uKcNkJG}BT)`{76+0$Q;+w8@ zL-LNtf8bL<3;7r-!tXnG3I6_j;o>W(bFL6HW+T`B8!)~0$@c|d?Hs_>d=&u44{RKq zgSP$n^gAKB_UXUA0$j?ci1^O{ulwf%seK^iC2czPkAHjWURCfq4?KHdyZOhjfI}z{ zE_DiV`1A_n(o{^#jQ7&@s)Sb=ybR*3PY{3y@IGB*e_@8r6+*~;G~NsGS?*as;q4*t zuSN)l8g3MG# zPtvEbn1S#>eOOfp0#-gpmT-s(2hK&)`qSLi(R8vK`L(6nOeaxZ#%m&GvXDo%rv1Jm z;R73>GUomaUP-LT&H&|N5G>@yXl-O#D!Zm)sH)v%4>2`#fDAxD5L818y<5Z06ej`n zTgs(Bn_FaYQ>^lApExKDP&bPV{1MU;DV_H*J(LzipR5G<807baouWNi?0u$Ve$bF% z@^B`jzLl`rQ!{%{!bfj#RN(KB__(5jLPAQofrWo2GEhAF&fQZAYLG4aDh zu)*)-?#FT7V_}lh|CDGfPGK_zq3Y@5hf%$4-6Ka_6^f%Fb1R`TZWV_pcZ zcj6^`S3iMgpgD5utI5n0@!n4@rEq?1C8o{Om}qn(0PWf$-*525Oka`*xV$|2mmIBSuxaA z5Ud!#w+LX>7bqgBSM*DFvjhrx_$75Sm=6=BY(6~W88 zOA83)B!ZQ*UEvT%#d~0=onFP(%=AwM5$7MJ!<3a_qVo7DuR7P})2&jrzSU8Yg3C>^ zpC@I-3~#ig75$3Muj<(Bp!PL>m60E(k+0&YdYfTk#!-!=$>8g`9j)ar=2k_k4wRO) z$lR=V{p84d+4g9r#Ie}jh;?+paGoLJTNH&8Orr;|wJnTRWWDNhx22qQO)&A4z=o$l z2F#Y`>qA{9|Hqic;DC=7g8V>6s3s9K@b#CA>pW|3XCAKm{gVtHYz%-K(o()TGZ=|& zVLRP*jTH?ata}q&4EL2s;|$s3*2=2Bg*Dn3RT=LO?`yd8nU&!UsK6&fuEEX%ck;zB z=;WHK7o?twm+~XV=oIjsOlKCTM6Q~*d{(>X7)NV1LF8taLQQpg2sdj#RHrQa%qBPwXC#p|xAdYnD4AO-eUd$W|dI04giFbu2ahx*_E=|z(=%yJ15 zOcIKm!`3vRotpX}oTWDpqh2eMJp{owD3#yeh5~~yYHb`S-qBgFkx9m=zPmQv2P%4e zP%`j7^caFpDCwU18fI5l{AL)Vn)MZB;}P>otYgy3kP`Khj46)7DO6#JQalT{%kYB+ z)xsFW*C(Zn73HMjxnPhTFf{thQHM*j^ET1A+|+zo9S6Rt1_ubnHmIt-ny^S{ydfM1K*-ni;!DFkcH>?BY41_x1d16K$wAcGe)% zG+kr&ilx)z7@x&HWb5&|4~u?)RWMrN?|YYoA)Glv5m87J@1@)7f6-*AQ`H{aa$+Uh z3$CXp2HE#1mOH!VVCIWY=Qp5_nnvJc@CLZp6_-@M>tkWQq2sTXF)u}IgLFv^2hz{e z0|IC{uyDw=-pRP%OZx&G2DqPMvoGb-mjUCG8WG_UGD%Rsm@mzUQgv)LR4YAN|0BIlZk`o&~?LVtSG38^9;eY z`6Y)!1W#j;*G%0wls(T?y?n!#3YCv9Fe;>J*H|u|Ez|>8r5~$ZK#zYdbLcEiT+qR( z(=FB?<@T6{FAqHUHCPP#4NS{@vAB>@uW~zO$_0B0Wlg0VP+@>MCgi zbHwJsH~a9GcnI&+1HiZ94yz{^gvEDxEe7dPs>C-m>Y!?co(UyezLZ{z@%ZoR*Tj1T zblxG|i%Tv!qmo)s_a|c4>(b%cb@04JyG!iQ;ds(+K6n6*TLRvPDW5EH_FU)s@`qHjHwQ^JWrq}O|MpGnl<*OQ z_wuE~(q3-#Kiuq;;VyB4bI;EOXyIq+zyos8c!r)fOcFo_czpfx5CrGIkzmgn^ zRTNc}C7T|mG+{~5)HC~08H-+6Cnl{D;Uy{B2THh z9_QCrzf1Ls8D<`-q9rH8ga}z|p)SoF)mcfu%!*vcJjY=@i^Az&RkZ}nEjT_s0oSOc z{AxPaElOH$yyU$33Ph*-D;?TpEIF_NZZdffU%i5CmiVWArsJ<~zB>`v|awRb#7X!a52F zzczexBnxz8;d~$?Vg8Yf{HIKr9EXLqn|@P|!eNC1fBLgFXdKVzfA@yhZUR@YA%ozL z@(a$K(Er`<{WiJ&=`a7BTHn%nz%ww2aG=UHNS_kc`s`sy-Qm952rxjb3RkU|s6DQ-o;0G#aa11>o+%EB#K{ zS?`o%HGu_NcR}ymWyt^!on_Of%N1d9fQ9tNvqo&{LAC5>|HUB^LU zA2A{@SqdaWgs$Gp44*y=st0GN5@F=1O6`T+(hZoJffP)3MoD^OCAK zri1e9z}35k?Zei6@mY{XXW=#t`_nqupcZYmX^v=cPy3QVT*_bfcU2taEq&588=e)i zIE#%Kc~+^Qlia1V-11;3>xYfC1L?#n(S*#!a-iUX#|%+vkKa3es0^y4Mr42CR7^&M zMMxZ+;j=-?`9Y?76wy~=z9(NeYw=#g4MxKGjArD!M=Q4R(loU&TaCdlM#l}_8T^V8 z%$x2zW9TPqE{l(Q6M8YCWnhIZ=gFI~4kQg0c8RolkA)1K1^WWR!so(AU(Ep^zMV{s zYhsjnH6&I-48rQUXBciS_L%q1T5*gzE{N3R?Lxz(>Mqv_nmQqkVA+5I0MT!z>MES~0R2B$&Z`A{ zwpU?b9k-CJ-8JD~`zT8*%^=QQ!t%{9W$PEG=xsLgcs@C-l@!o9TF;;L}2u-?noFW$PJ&Rldka<&3)77)-u+xEpa*EWtj&&+Uu%5`oCri!~F3dP{^@ zb61Cgrx#CSc^9g=*GdO$1feyB-S$hHT${6Z#Qh#J zovG`Ws9*pSZo_Nf4JuCKsWO*p#4Mb6NHMeaqm0|OgLHdk;`EbYPQh#lI z=Y9|aS{mC)^hOgkSrkq5EtGi$U_Rs70_8XLmYb*n&FogKP@lT_x_SQFhjZr#qN#wk zAntEP31%18xa8B+OxJ6{KRrgG_x~vRGkZ7!oHB)1#0|d(;i9P7cLQ z2PgG*iR3%TV=ZoKTxp4R048Z`f#age65B@4#=$~yDYN> zTH;$GAZWQB#Y+$>n*@Rb3dIIR*VHHwey-wZ59rKl?RVEUH4OO{a$Tp-ymQ+`afA(s z3W%jU%Ek*5KU4#^o0(I;jIHBtiz~Ep3wB1$8yKZ~WJ54s60oyP3!%MIN!2A|QXsf5 zlTNpzhwHnZcy}WhFtQ=A7~GOy=-0;fWBp2Am40&gdipQ>q)Ava4>YlYJ5v^|3Z*aU ze^Ss}DBTqy7u>g2t zly9y_+LLZYL?aJPhJGGf^4-+2EcjeK!!Dw&qS(}JItd6HaQo?V%SYL7a2LM!g&!WW zq>=4)ZftEcW1vaUlZ{V#hw>L zMQ&88A%J*R)ziZpeD$?45aIrE00fU7RH0C-97Vq$GpU#`EqtPI5zA)oSEBtot|I26kPQHQX{-CVZ&esxb`EUE_qy77%{ynn!o&x#p zQUBKNpPu5sBcDIx0dV(^FzTnT_y4U3JjoOqq)g9t!w;c&)`24O_`J&HI9%(2gdN6f zEEbS_6pk!wEsGOI%i@65J#%DAynp+5kM=E51FRA-g%|Ei^gqIlt$)dNST40|*H74K zLgNmcgU_w<^GV_$V?%0^6)R~+v(|6)hUT*ZXLA=wSe|-mm(85+kI6PK1cmF9DUZ=1 zldhVpI2XQ0%y%sbArtX7(tn{ReY?)W=U{)QvL(k=0YkAw;M?rnt=(0o7qhWvU2`EZ zAeG~!WXOj%nMA?6bg__y<=oN8A2S5hd)2?}1WCaym1)fTv5g0n!??|w2zO`BP`##$ z=h+32ukb1Btyo@lz~vI_F-T*cf)cAusK3+&vLou*bGgO8Iqdr&}9O${Y=T2A_O z@HpL#(I3KKMvOks#xuP|Ei`Cf2iXidJ)&kuUaR?O`_SdNqqDPyv7%TVc0Po((mEE3 zNV=jnuG%6_B>Hw_K`?ou{x-{qz4gmsEbKF9O|q<4wB#N8d?AEa|5U1{=4Acy_Mk2q_H zernreU3tSed-d&Nq!G6JAY3%#+>hb9|LQhC)cSfJznea@!NV}06tak648IhGqvOQ1 zXe<0I86BM# z>1(H^3=g5g1=T@MEp-gFbnq@Um5@kUWLgtjHp@V?s%C25k!MMb{YYHU8GKR9=7zU} zaAAb1J^gsSTcl*@2xEWk9A%K5SpmgU>pl!%agbu`=vfu zt=o}R+$(kTi=PLe9E{A*N;!bU9gP|q0>}K?W|K z{YxHUz}=4+;O~qofa%p=2`t{0H_XJ;yHbW0fr`8Bg*wf-7eXA}CTPPVRYtxlQidlz z6#?#dL07M__dXhAl9VnkL@ae}OCDwx@Pif-*gk|P!Z@z&(z>rhtyeWp3x&xOv`bD_ zEYrgC12e`7M^W@r4-Z6@AA6$(-}*ufn8GWvD%LfIKkOnxK^C6t1B3T`j*G)7hkGfv zpLTSN-G(A=R1~M|Q8ZNhB|-VRHv%MIK2#P{SwJr3RK%Cm`Bw;D1`eCd3t>lEI9u$36}vkPV$;Qx%Wug<3M>KatZ)O>bw#fpLy_% z-)bB_iq-hlu$GTBj{7YSn}Cco%yXtJJ_1;TOt91TGcAsfRvaAlQUf@#`D_@; zFwgW=C^YbhqX?WkL%EA$<_T%ZcGj1KPNl{NaE3uDp$IGc%nd*beW7a2jLy!69z)~m zR#2QOv&v(Vm)HklrFp+cNWkl(K|K*@&>CugA<4#@a9C2?(q~gk6q3iLA={iCaMogj zCk;?iz;p&{^qo<=?R>Yj4EejRGwN5EJU(KK7Vs(xm*8M74VCo~#;BH98dA*Dj{+>I zE@4-$XlhbAGqzq1MMuOWR!mcoPmh>HobX1s=DY#hM;!94JkYbn{&A@4VkgpX0zV-bM_1He zFyoE3QkKnzxx&oi@44qdFkv`ZIANxtyxK5#txN`d1hUkZ8ep+r3fum%9R37S*DBN2 zM0)(|&rkmyUi~Kk`}4kU1;gMGGC6NI{urQt2aACP`f{j8n;>wQ0)zFq6*s{g+s!#}V1dEd{5{Z|k`&iqOC|A`=Y$k0Hs!W zI-=YbtGsu=y5kYQA>SiTbEY-aP`IKeA`oHGe|{+}XqRQ+t8%-r)l}XJKOyAbH14NL z|91*~PqFx~ApR=|z76{C)c9_U|0{_93Sx~9{}%`9zsB;v#`3?$@?T?%|4xm+b5%OUd>yU|B@t06U;e*~8Cy3SP-(Kc46XFkSgPE;gl&rG<-gMwXu zW-i;%VY%ne>q4(vL=onz?D;;QQnQpDNI0D~`24V${%P+-5zq1^d&!xweMjviCrgOa zFJyi^x8#sOml_NJVTWRa!rE%Fj_H;+^Gmp?-`s@1s6tHp^Cow<~lq z^rp(Sp*hzvyi0m7E9_Z6HrJZgPiIN1bGMrd{-9`MpvMDi^~R=1+!D7YaruYMf5!>5y+_L-7W$&-=!y|21W@w z`%G#^S{4@@vyC52IV?^GMzXfkx-U5ku$|GgGmNxF?i@$Z5Zw$RhVPJiV7l5EoWl_~ z4|abS`GcPe5MDnSs2GhsxUJ)DGIBapVL&`yc^5Ji+!eT2_$NI3q%c!G^ekKa8Jek8P2?4Uwi6=QW&eM`NiN-<5*o633)?f zw}rl6j&e^#RLxuOj;irqNU5N+2SeYlu%yF6RwF)p5$ih$gDdYCcU_*UhDL-b8u#6Y z>y`>H zzx(r7??f+>Y59F^Sg(8~$jeRql{4MQsOxwf^XNg-9u2nkRXy(V9_5bT$|lu!qZ}eL z5goHD(n0RU^gKhg&^#VxrJnI_6TIAc8hm%W6sclmaFNrhlqk5h`RnrXQ$ISjyUN_V z#_8H>Uw1=!|E>44jQ6yCQ?Gg*S*wM6&VYo=gA4b6)9`Iqoi4iTlwh2^&%v)h*5O0z zfuWm0(nrGHpT0XPJ`hQhH^ygSp}a}@3+9{kIM2FO$MY{L9tuQujdLfAClcTb!t88*`WD0mJLx zI50P#nLv}++U8@j80T{$%4)bUZFgXmreii~|dab-EKfpR1m5OGe?u*)(~L zS)AL_VV^tFQo&X+j4ZnVKM7skD?3B8?|%~A;L^oX)oPW?Hbdp_Xx>K)YraiRTZ(NH zsly7z_n>5%56QCdu2R(#g0`;MZpZi?yDVN#?``bx=II?1Sg$G+zipS%{%q>qKf*dl z?BRTYmAArv|7@}Teexa?aTZZ5;~L@9n@eUz!aa{v=?e~ z%~-WrA3*DN*bt7w7h@+*eK@EXc^Fm1273Y@TpH{9%G>+mX8FX7-K=yI#L0-Ag;70W zapL&j$#ydEecLy8X34-c>XNFb8X7`qw+)A`1dZ-CFf^154Un+wXb_9vzboJ6W4V0K z^{>ip|EIhw|A%_}|J_^Btvj^bt1?9;Dx$JXi*OUEYwITajAiWJW~gjgnifkce54E` zTgwPDmSM$Q)HZWzW7&~YCUTt2%vPxsuCf^Rn^gkfey z<0`%wb&8yJ*z6mAm%n3}`BaPl{n8H&Gh|fUS)NzbzH2yx&G^$3FhOfNV!UQ*y4K(K zcCPabV%Ex89^7>hzJqrI^UtRVL5=SYVx+X!R9d8=*bMhZyhkelGy}g7b0Z^AD1A~Z zF4^npua`7t;YpLQK}N=jE7Wik-ztpr#I!2kYYcff=+o)3Y5zV=lj>`gq>;2do!aCg zeElYMwnhN>ZF<@!WK1#R9_f_Loud&9Kl2wy!`y*Az+o4#a%!sOR$Plw&&2VYhj+qx zk*4_dEh01LU;0teI}+zeUq)a`CXdqR$Pp`shtBCCJ{3@8))zjDBh}3`1xgx0?hbKP z_aH8n{g(RS3VCb*BdxscT3UI|6L9I6q{|e!O$vkfrSN{rrV@*C+G92KE<1`VH4v+EFxYwJ2A#1-Rxf|{da zTU+EeZ?I3|bhK%L^k=Q_-56&!Y}JuTJ32t?Xvw%d(>^4MjIST$LMe{srS~1Jr;XF^ zgkWFThgJKs-+9)PDjwIt-Xy7oE7624hOP6d69dzQE0|)rL}et-RnEt`A4ySMh1~XL zf{vc3%PsySTppNZFNqv>W)DDHp6m-;LDpWIq)Jsf3>7#mN% zF@K?~iyL)*(#PLj6SqCoOLLGY=;NP~oxk@Q5(-)n74>8xre@s*5 z#WB(*+8U?1v!YkoZ{B>Rha>&pIV(IV{|?<*xe+}AWojGQOD3RuH-TF2#JcEeTI*v3 z)irsv#O^zLlpR(uThz(5+19_hgJL#98(|s3rWcylvU+d(jvtCNaM;qo6xH zILzm@*C0ekp}O@~anicYB|ied5itN%n+o(u`nA%IL_j=ObN9 z^Z|(CQA+#rw>Pi+`Mr6lEj7cI*4?`)Hpc?6CPju{5p?so`;xleP_qbQRKQ1#h z+?gIM4LWvFgQ?%QB9Cdv+r|r8%f~o{bZ;J^&~-FG<61&IXyzH)>)kspJeHc>qE+y%OI%|X`ID6ab0HNE+aQ6mPs zYzVClvXZYg4q=a^6K_zpEDFf6q}^x)qOaup=kG4{4g~28XYU{3=DKWz%?W6`Ff}!F zr0uZ=gHUSc3fmnhVoML|@oz}V$K%(SarLGO|GMOF%3vf1SkH1_vg4Y~-$Ye8))w)S z`+v~dKx*A+%gkz!*byLM~KJ>K*u z^N1r$^Rn_7(uz1hjYybOSdKE+FKamK3k*SNanxu!L^1O$YnVB-qS2L>*D<%Cg?Vk) zGWd5MTOU7XTVV*|#7No$N7tR*x(QTDsR*}bfdv(kuc`UPr9mn0>~r7@f92B;MS~+O zhqr6zP|IO6vkPLkzlP_HRoDsnVcjQkC__cs)Edl#Go2Ua}% z(r#gddqPdnvNmuXwy@OhH(Viy2Kx1FOs68n3X~E(Tt*@PC_gTm`b@v@wZU$?5lDCy zzit^De2}UTcMQ$hOR;)zj3PxdUoleX8cSUv6Cz-Q*w6wYfIPr$GV}O~fw;d_E&Ill zOP~h1W!%88P}0MoPeLwI&AKhq8=}^jNoimy7=Use+OeC&0`F7l4jH8K?vScz*3wg1 z;-Mb59jmuDPg17@HW`5FY-Kv)ym(BHX0J{IW&M}SbsG`6ig!tDeb?cxXSDp>zy_l| z%ZTYfAODc(%~j~T)RYE-3W5@N4q|PDd8+_l9XDNF3SIlRn(Kb=I#Q0zr^PhT9PAYU zLyE}H)UCOv!azK=bq}o_1d~WLrpm`NRG`RsEkrz|y)QxQVy7-UgzF#Iu!QvfaXk1l z*)s2Pc~_LPpk0D(yxq1!DS=7@;xW;;#p=E_pkk%Ft<==C)O9D8Kur_s}cm|3n7Mty5IWYyf2`VC&}KwqGhU%APH4_ zr@FDJ8kP9)8dUZMj|SBmJ$;^+h0`u#v@Z@VB{5E@(s6Q`qqNGjlFAIP;oBQKN&^9< z{=(7HROtJ9S#HqsQ1!&PV&gTEPU6GxiU;ZxqJR=5J<{P+E2k55?DRKre-pf1x{%wS zV?j^<7*Dmg=eb}GP>9A7(c!iN|F4y=WGtztMM_g*v8LPdaOL~(ZznM&7yVNA0LI1= z)~-pvj&zdwW?RIn;5z&$%#YuH*ZWFZD6b%QC*{IKme!f{ ztC##6dY{b7EV|2=*?j|gb8c8QJcpS{dwJoNVl3&S7ue)apgv|^Z!?g$+hTL5qAw}A zd-Y z=>e!3p_!#}peohBV7otkRm97sy)4O17fJcn+Up#wxqS~iv)uwJo^&Vw`KNEUS(J!FLWx#pdx`bn1db|tbW`VQ3NV>+%_`W&8&6<05fjXPAA4UII>5Z|zmv@!8>|TIMDv?; zSL1E;w=KP18tgWG$Bo&NTy71m`-~I^vZ=(Wqh~|hfYm^w0${HX1P?X2{#s`4KHXC& zad}RSU0rD8HmPM2QnlpdsNE);PFcGOSA8Jf#Ai5db_}ir?De<>%cK_fbFpPsRX=RHdYl|&RVDh; zsRFO0%usi+I6ytB$z7_Qymr^fmcFMsy_>7N9M^@Uy$rl);&XRKc6^aRpEs5Ttx#pN)c zuZ=?3q)yaml6WQ|=p&Z`$Wo-b2=EKht~ik#dkb(=qPf=s0gufeBZ{0A;0p)RR{^p0 zIt7R=7X+>+oVZV6JRi*>mV#G|m;E<_SDdPnZ9S}GH1}*2oU`~* zlE!*1I(F@h6VtuM+n#96%zeoM-?4ID#=m=(G6ba#tL$419xQNEtkT_Cr&*=1T6kW= zN12p=r7f>63PhuUtRB`ye^sTLg{ZI!$VSUL4ayL$?#AXp6krh3H^$Ttg9%&g1jIIL zy)rY5=%C!rgOox<0~W8SA4V67dRLKB37iN{nR?`8LfNg6>-kc%phOi>E?d{dqbf{ literal 0 HcmV?d00001 diff --git a/static/assets/docs/images/palette_installation_install-on-vmware_palette-system-console.png b/static/assets/docs/images/palette_installation_install-on-vmware_palette-system-console.png new file mode 100644 index 0000000000000000000000000000000000000000..9f169a211ebdcaae16805c6ad921852d09532d7c GIT binary patch literal 110192 zcmeFZd012T_C9KltrkU4sc1w|s|FQ8LYM_{s6#Y3A)v@01QP*e3ZTfOl|coh8j%D7 zI3Nf}Qi=#+icCQu2^uC55E)}YW|<+mYcuq;=iK{y?)}|<|GCelPb+N$dnfy|)_T{w z-gn(OdHnFQC2N-~Sg>Fj?#M5v7c5vLT(IC@?LRJp|FZ7rmv;C=%H_y8@`43RS0aCZ zCus7UTCiZ_0^BeA&RqNWHBai5{y9sb{nc=6n}`tJoz>#@2G!$ff92$NX5X)B%sywa zH_@bVfx@;k-~aS((TbP0D*`_La#8ti%#Lk8taUiBwrc8B|xd;9Gu z>6Q0AU!^{8FA42F?LO-29R;r;zh2!qxxW19W4UG*abmWla&*)yuGBW|>`wWRlK=mY z|8IT-->GgYW=9RME5{1k+S+!FHwyQRc3|^u)oDJ%hT=9uKchz%t)qqGb-24v$F7$c zPFESm5ME1=lZ$-aj&5-g51;G_-pw4;RhoSAap8gm8Wr!~Pjzq3F#PCiu%qw0kvjz! z`iE2Ky5vJv?B3p-K5_OIT)viQwC{cQaQ^j?F(!T5d#YpFPjc*!os-(>-K*cyZ@+q3 z5Fs4TG)k;0PmE|8H{WyEY8{4**Pd?q&Sy$sb>`~BV6<$vo8Tat8_O<*y+wkNc zgL^9eXsUaedzBN<@i?6p9#Hnt@2RimMg3TR1JlWY-tMg2@UZun#KT8=4)10z8K-yT zsoLvF^h_q*g(iE1c5%tR7Sh27db)qD$y2;laKX>A$;`TgaAIU(hM~)Y!9BQ@Jt>&! z8ejI*G1}6~q+iKa9r{@JgQtzTOMHsW=idGkfqo%sCn--V)KpZ@e9^A{QF7)> z=8p@bWvd?8<)7GD^y-~RNxsEeaQ0g5S*pBFMj?A}IF8i#p~q9w{q_2;m6=T@5fa;x zCv7XzB^cj@8$Qk6*#hp1RpJ^A(U~tM7dRP?f)33hwtQjQ7&lw5#roiyv#5Jvd4Ysr zXF=G}Lza2{&bja7k1Z=q`@qv7Q&cmwL~3nOiI4V0o}s!=-#mboF?KpXCj42t5sT$N z@{et*Y9JZ5Ej-eq^|C(r=3=7|5wAf^+~hs-wLYCx8EY{6&4$8H{Lm2Y!-^CKbxfOD z+hwkfwkG8Xfy6P=4Q6rD|;s0seR7uzZ}3d@9P!Q2Og|`I8Il ziIsT{BbAfUN7{+q@XM|BCN~aV7ZW$n9V7-S5ldjKTQU)YA+1hWe-9Pe5bf$wgvDnc z;^~-SJ45k$M6P`$)%Z#CbtB>sw)3SUTDCa!*m|n#oJZ0Qa^k>jl*bPm0PsV(;MU zp5n9%;)fgr5eN3gq1R(O1@Neurd1}q_IKV?`E|E!4yF>xXv<%5!i`f{HPK3c9k)l8Rvk#|>zHkFJnT=Ku8{KK_*rFCwIyL(?%Wcc+;Vq4fb3 z|9TlA{V71XjxeFo0vFb&)7!4Cz%eq;B}_Wxf>m~9*Eflq(Np6HQIL@>jt}KE)o3B3y5}zcG>YQJ+ z0{y*QG9I{AKCCc*5wY%kpgo4_Qj(9kxa;OnZyZ&Ml9xN~*b>W~yG%rXfWRprFdY&h-QVm7yGdYKh1N|H`qNuKl_-warmo5s1<+xb}TB4PU zH7SeL2~LM^)cFqY`+*G6HT?%<`QENzslP{C<(_~%954P?6j_UC(b5!JfrOk|8yxt< zT&i-Q-!pk47e#a3PK2||YPs+wjkppkgY8x0>5#CU*}F+x6-Lvbl|baK=y{~JF=Z_J z-t3!M(91<4X$fAht^WjxLtipo>!@zPr&hFTwW%*A(!J+? zv)$6)bO=ssCPP`tYVS%zb#JMqvagqfVl~_FB<}Eau>*RPYLnS8-TL_!3*Jp%l<� zIG+!*5A4Q)XpGqv<4S5v=lhb84)eRNQ zh1O#mij%n}f$yJc=Yx*%OYLN#$due+a~zRdBPHpqbM0iCs%!0V)F}OkwoHc4kNZ&J zIXp;ie9DXWuP`lm$E`F>=I$wlGkofhHFAO?sZ{qX0XD%UlHF}72V^>X(?vza<|M=a z3^ICO3oFvR?6Xmpn*lMepXp*-m~mR!Ya7vGDcV9I<3TW?P*i6dbXFO)E@_`ig0dWc z-x~Q8DeY>tmNQ>S<{|bggKP>@gZy#J(d&p7CnmEWJKGo5Xt!yMr~js`VqMmJ?fcos z_q$q4Z6Q19nR!{``BXcXH8Y{qQgc-C9xAgTpyD!A1&6J&qy+jsB#>UkZ5J|4)!pTv zSUIQ}t1e@hs{3G%7X>K14D!F#>9}>$sp!=jd{%Kio;6-)fX~i$&&j(ylJ39HrGTC* zs$YEDzx}}K*$W4(jj$ zo$hgr&Ui3Db3f2yZnSD*+2R9|j0X$xdcG7@S6jhWs(Vh-%lBWkNrGW%V!26_do(Y* zzRgef7suXBK92#fAYbn=qORbZCg_;@P}a|?Sbi|h%;cH9Iza||96ME|E!yFziD}cP zx_6v>$B8#SMCXUHPPG&1Cn&1x6QYYST%D_17NMIS6URuJgnKlyQJuqxx2hxB=8oe5 zX`$6Cy*E*Fb#1=DHJ9dD@*vqpX|>@C;pe$oAGld%*IJRt;zy$*vo+d&#&$?^v$Tj@ z8;-78+e&WM2$7p%!x3?*(S13Gu)-~pw)D8^uWYFu^l0C+;|u&JSIoYdH>oJ$X8if( zi8zurK~+{2AM!DD2t#mMIT@;Z6$!eY#!%Kn6nU7J<^BvMgt)ZiwYN}R7kXp)$Efm| zI3by1;Xx%rglwn?WmPfjir8^W&{VnoK6{2bXRonwN{wg7v9KdrTAitOsD1GsVwUj- zaV3R+3zxVd!A1b*i_%Ht>S9Fe0_|@S%%17~LB}LoV^KY!teb`u{tI}m)7EbdeJHXN zIwlZjCi8=lQFiPjT&6F_qNI^U`azD*6PGq*_S?wJy{+dsZFZ+IJX|Cv{c4V0kG5D! zjA7wOq(TgVv7O>%p*t6jmbyPxM`5&&WH@eJ{MzPh`&k~0Wki*sknl0+L`gbk; z-E?p-KI=}9R3fpAR%`p(T-j?Qnx0%*y;O3jpyp_hGiTW==F%XDmLP}1tzu&NR;r6U zx^c>piMBY=5MZ3%Udz)-Y(xoiSS&L1&av z=~9v3LmEhy$}|r-*EZ37OGJLf#p zbe5VC??JamQEX&>>xdQ`oa-&vq@@O3%5^-Yzx!2B@x@Tpd|#XL6ASSH~IKsSbr@ zH-T?tlu#e4o1@m_!p%y{Kna!bA>4SfJx4c%ra{AKLyXj9lq0`W^^P~kLa={~v@)T@ zNnp>Vo?j{*7>-D8$~w+oXt^6T2$#85yvo}NsYo&$1x(J z#CO{807lr`S+rsHI=>tMq>+zh0gfTq1!78d@1&#jLTYK1zh-N+>0A8Vhd> ztqy|p@xu2?x~aO}gJg4~TWfic`DvKM72=Fj%4MOfagVEOK8W1&cRX})Iy(`4M|s2X zT5;#k|5dr7>6xdLQO~7FW+C+ssdmz6i`TMHgy?xv+EP$279l6OJA?Y&>`Cs%OjBJ{ zYL6;%@qhx}xg}WqDn+s>6jj^4HdC(e0pOllZh5t7So28$S=XNo+zIj}QyEZ|RI>Bv zFm+SS(M5+%O+wBU1yl@uhPR{EqE5ngz`H~MDRTPak`er;?tU4c)uM(}tVME+Y`xJyUpwm_~pQ`>mB}1i`qr zXs5$g0#?LEFU&e#9 zXbcFVq}A7uC&1AMfDPi1M;&w)Y?93iUy-vHefsTsUGs0 zQG{DjWw=HnWVb|uAWS>TJ!zi~CsfyXz8Nb`K9p|gatWf0mHfU@7pfX#AH_+Wv5+#` zkDn}LNt~;iE$sdyd@R5AaI+xy*yBuDR zi3H6zdjW=^suK9?u!E*$4PGWM*uDU>#JrgH4h5AO#=L5jwiauOgCGfZLv5tppE)#n>ACYa`|2W_FAG{ zwa^x6P!%!JF6VAQj}z_EaUCBwiv+R8$4ilu4w0aEPb$$m1Z9_M_X67iU8F@JUU#V+ zgL$Pe>0RY3`Sk8IQ#V;6--bVXv=@Acb}^pm!~R-X^7?nlLX`B<+|Dh{ctA)|Q<({v zDw9;Zu2fTXouG*f>W**6uFN3AHjS3@nIKd*R()w+*3Z*fCdYupHvA*dpEF;%wMU^_ z>X?m`kcqu@hS>`LmtoO^GH9_89Y{8e9vv>ZQ8 zgqc$@Bsobey4o$Qea@!{K+QRZ>%yEcE44 zu|HN#q?mDajIn%ojs;W5B&s`M`KrP(R(OCSdla(AJ?P^=6NHto<)yvGMJA)ji?AJs zwqrZjVnsU~G_K%vs*sMVM@F(J0^5mT6bHdpG}=-DP#q-1WPJAV@oYy9J@=^N@t#{t zg?I1D?*4BW2S*d=0gLc+yQY-sR2KkBig!_Uze+*v1K{fdhjvpflnRHFA)@jC^75b( zhr(r=c%4-ffb60IY^W|NE!Haoq=Hd(Rr#u4GEXXdoxLz0Czon$YuTz)z2pdP9@LxQ zn^I<$At)>47rW*dWpTBp9G?KuK`a+hk-(g!xrqTql2&v*hj%LY?69>6Ixl=yfy0>g zrF_#r`n2#N1p&wCyob^LO-1o32%syt-eS#Ctnx{q$Knp_%pHuyEB_~YB-YD_uOn*0 z`3T);MPc}@IeSq+<587c)!Tfi?k1X1XrPhWG>Qy;DU3f%fp)uvp!X|yy^F=roG2W0 z;*4vE1UA{a>xx3jhixwimN^9Z1NB7Jt#eN$vW3tlybeTqJM}L+NL-I)M6O4*-@a=t z7HPhpwf@cnh7+94kf2N8=}=sxp$4gHVV%@tuf3!dhYk@r&sBL)pL7>u8DS_g)m4U@ z^*xr6haz90x{4jq7@^u+qS@$%RFBsik5l+g91BGYsyvh{0-VDU6d5Rr4K^R4d51&S z740fIgymNPpo=Pl+O%kdNRL!gaiZ{rp{%Z%jwcR9&L&zEVLKl!(<_{-F*_|b!~$n@(^S-n>AIsx5?SIva|dKZ_2@*$#7F@oPQYioc7*Ce6@Wgt@a|+#d|dj2BeQoBt>< z<4m)th|9$nzXM2iTT1)AT1)j#-70ggspD4J;sE1e>h+f9 zZCOaB&$>C{QJ@Ae>ZDOtaWkIvy&S(VAlkpDCcu$tx{@qIp6ls;)oA(Vh%x!1ov}=E z*Cf-PLG)}DvIaxGgrqF%P&HX_cAQMA(RCNg~z9o zjVbn81imVM_d2Z8v1Uo98Y0_@YG z-Jxx}{>aAs@MQ8APwIRPTM=kab%zw1CPc?PQ|md&%{C=+F9H{KVU`lqRDgJn2cB^= z6Ww&OA)YLsaL^uUH;pMyk1x(ZuR&43O=#f`F_TTnmH2E$^!oXST72vuY-2JK*NZ*$ z@=mAP8OSltHw5e+qmd7m1S|cGUhgJt%MUR zjh>-8F$-rq4WPa;E#@yH^r_sdoJceGW(Ki~;dT#)BsWLgBJtd!W5%xo)5wI2Sm> zmVq~~R3ANLU&tH1hZG-#%#6XT4xE1|)kkdwJhm1_G*}1}<~^LSIX)fQKVH0o8O>cU zBdVw7=)FVtX&xenHCc&h%ey#|!(5XeXkPXOpI!X()UjNs$4<31OC&ptvhzpHad^G? ze0BRb^A>9(pb)HnAX?<0Ev>Lq&?GEQ=RZ9}zI+m^d#523D=TrwXAc~rsA~RL3Yf@2 z@Vpkio@g-yXl!J$3{MBIYo-|mUXv*=s|YK++v8vL;O~@LpYXpX zMl;>LTzCsLI;yOn#D|F33{Xpl$UPVBDkgC;WImAtpQMIn+jXj|JQ2E=**vlFDE2rB z`9I&F!Ji2M)lBWSt{@WCJuJ$VfpFpOTxwM;20^J&+)fhrTpeEVHY!q2t<5LE{_a^L zy&M$zHC8w=QTNtJkJ(~fd68$g#T|Hu=r~Mf3el}9qw4X$OZnt(f)nKWs@blm=JM~r zjWG^VoM7ft6K|`u5YEP|769Pr9wV4aJ%4`kcdOKdl&G>NqiQNTi;C`=^EwgQn!j(1 zbV0CHjEt@#irD#&aCOiK9=0+6JdaoQZpBH?HjdpSxc1~!-i`j`zq5Cux&;Vx6?j+| zjFDCp3WkiF>NW}kn%^&LOagC0z1OdX!o$D7X`IqK@|Pk64O=PTGd?ZaJwy*Tt;T(Y z;JTb5wpB+c>)uF)(XR+3W80VgM{!|&8n=wolXt$>lQz~=>U&(jb9Lq2W}2n7YuP#1 zy2KtUHe4GT1_e3B2gyuc-wAnrhVf1~A&1;p5pA|q6#NDhbZI~pvqbt2Q}t?^+Z{tW zRhtBQpj2I*)-2y$54;6J);T3QE*EbWK;CZSuQaP}UGmr3x8;0U=k0XZ=18_&zy|)j7U0J*|x=%%?JH zpj(;!w$Zv>hVty`vC2Df6YtYozZ-4hK2!8Fof47xcT+w&DGJU(fd3D4O-1p$^SY4s zD3~^vjNS*h`42~yw&G6cDEoD7B9+McS{o>ir;|vPyOn#h9cBGrmzx_+ujT1q{ga=| zucTt?VsVk@qTPwa#x205uS{9XbN~7nKwq$bl4lsOo3##qvgzgV-AYtf@5_R%G7e~% zhukV(YZPP7Q=5zO4V({u84APv%GSTmvb5F1Sw~)IAR@Oa`3=4tE7(vi6mIY`)$j8n zl{7H*l=t{XTK@Mm>#HMNz--C%ArWTTZrq3jW$r*5U$;ehN#p7MhNDYMTPGD=OsC#RM|W3F7oHnX5^e~|l=Qf6k8e=I z@@qm_|Dy19rmBD&LvjNi`mjH;cv;+=2qhl^tueY<`-6H04}vtU&%+7hM~XngkNIDGb7ZuUU@ zQ`0J_`zz2ffN4E5qR^TY1TcseSsCd;#^@);gyAAD2sH7`A1Dkxd{KM@)W!^>><-kQ zUE|{N(mk#_t;ETMfw9DOA&U)LUyglR9JgxJ-vw(nKEWQe=HF#st9kX)yPg=Fc4`zx z2z2!x%5k>o5R4#jpRObG=B@z$p>7>y1f~!HT-FtestGcXE)P2m3@cG!Qhn(o)g=L8 z{ow|dLC1hJj5YDc@W90s{{A*;mDq&lu4QvJbDHM1n8aVTY6C~-@5Cd)K=O@ruOy<6 zemBuz^6b=?%Jm_WlC1WxABX)`HD~HdXourgReH6ECjGmx##iS!6fSgKEyV$j&rJtU zagPZPnYh>e`}L z_^gb6=dKr~>Z7JG&Rc}G@K7OMLq>d@9<3JjhJGge`ngotjp-qkkHdT*=HQFSwcLlt zZo&7>p;c-vi&9#eACH@tfDm zgn{#wI`W2tA*HSPvIg?aL+?hIvfkXZtZx~mt2(#1Zn{lBKw zbeE<0@S1l^&RTeOBC|X_WMhJ+#9?r(OOk`U6eK^lGu(;xJfpUm;)~(jY`fp`%WlwsbohEEr39ErMjlk zTwy?iuZ zg@d(8*9w#qS`*`RR*m{SY`^AL(`@*;E}<1u8GHAbmEo#B$?q>?E&MC1HoEMH^=SEO z5O-nJ?}22jm@qI^Kg|{fC5=^+qA>{WS=y>0`by+>6a?Czigw*Y&&Qz9$*#pdjGcXV~I2U zZrmQ{(e64g$>HgOfwFGjuJjdLT15z8rL~$-iX^T{E#6k(r6&4Tq=Cz{^W6Z6fjdT=LE1kpPIc< zzt>0=Xbp^Jo+#O1slLjvKPzdBZ>`s{+s}R=qgT9G(RV7>(auU?jT%da@2dF-) z9f(8P)eLCMPWPCX-Mq3!UKi*V^B;@gV^l;YG^q7WFtwRpYqSe#S$hjvPd`kxg#Cwf zrbvuNrv19AkH&sF z(el-=Jx_mV*OGxpj!Os1)}k$UZ7*K7VSDj7bNlhwQStfF=71DN$>rZo)g2*;osm<; z{wVol!3?WIsXsG)8RPJDGi9jnxd}(CR!l_u;We z911hcl)ZH3#-cAaWJQp8D)12gJko1hQ|pXMPUw5=P*iWD`RlH7W{EX^s?w~pdo$WC zthDOhZamP#)>_p(;^=ASWw<)eL}FDvojbAKcpyHKZ&g|_{nne+pIUO~ecgtg_$<*> z@_yFR=F_*Wa~>~m9t}tut67?m-e(k@5)tY*qkE9~fwsLaNGcK);C~KUumVhSa>+}Z z!Z5QU_JFwV=%GtUVR$W{9x)4Fx4n=PCtc?PXeDU1Jb(`ZW>U$Hn4;u=r{5a~mI)bg zcNa^xXx7=1}Mbz2jS z(|(~Y3R;A=gh4>r0*VZ!_c0zw6wtLzKz**9o$ki5a97W$cg^!~`WtUC7aJ0Gu3qILY00P8y2^MWF)_}yMkj}Fy%W4c{ z5FpA>K$+G!tfjgyL^8JllDR#()MILGBk$uOMTT335i6gdR_AYDov)jzPPzHF?sC*) z*Fxro>7xBp4W-N>LVBO1KzZrFqfwPWTTN^0AY13yypbwWrQ|)y$dI8$EV)!dNk^FgJ{t!Kn7@iQTW|hRdr)0 z3lqv6AZlPL4tVfWsKSJ7>4Oh5-K!Mf)ODakB!2Cys5#s zN~@vd{gYN(uEx^tn&o=$Q1nllVts37_m1yk+a1t}%#p5AYs=+PD*)Pm4b|1wq!H(* zcbr-xJx)zUox*>P622q~>^P0Tp~xn6JFp04x}_II#w~4$!%^jP5HSjagi7#u#e5Aj zxOoh@{Fu&YY2a8wbA6akBe~h)_SH{MR}0EY^SckE3-gnf%U<`)8%-wfI+62ox%2gA z`y-k9WT!}+lJI@gL|N;W&twn7l&QgrB?I~4Js?)Gtwg}<$0t;eRPN0EzWJ-z5<&k~ zM%hnZj#hr ztZ@++szFZAU|y*`dg$)DirB{!g?T`#@(DU-FS!;c z{clnJE3-FmD`E*dS{35l%JX(GQiQTp17T9+>eevzpSr)~v878sT|3~qGTGoWE85z> zZjx!$QQ7~1tx}vCx8oP*7bI$vSAq^JE-~NJ)iAq{eO(;4OSQP!*9SPSoEiETve+NK zYAtGQUyZVGvrH5+z%7w}JU4j}l?FJbnGRk6fD&-?5ey*lI!on_C(2_RAuoPeQ*CP= z<+2_$Eg_rCewb^A_ipZNT)br9!0PtaShiuC>^G*NyPs<8M9}_R*Acy|o*KN2`Znt+ zervlXzS)0#hyT6i>lZhPyY#$v9o)Y2%%&E%>5i`9Z+>nA5(~Epa(!dCPuQqmBamG# zb|x8AO?;NVY(6saS0!s1GXO^;^uoXM^MO)MfPzdF3~1(3G^G53(C(Zi3qj!;DhP<~ zThDtqbWZs%DCN^wLDJY0xL<|X`yt+Yil!!RrPp2Sie56nQ5fE@Xa7F0Wntj8a)qS> z2P!k!vR)B}mByc_ak&g>(W{-=&-PC>DJ>ajy;|Q?xhr?-n@3d4c5TVW;`oZCz%=Wk zWBe)nrywZ=`uL(iRP6v72;H?HYJ3h-@YpE#?dX`Kxv{A{FzHy)%8>qD1EBiNIcGMb zmYbMS%jtbITl`%^Z}+L^fAUZ7j_6z^Z1U@`bQ>7C?b{BXrY9iqDj2y8Y1T&{BU|$f$TBk-nOu%0!7FYu!3W zI`vFf>jjNoe1$^`h8Cge8VHNl1`we2))bv~q<{p$>!pLnthUW_Wy;!I~_IsS*g300fxrWKra7LT&GthOHgif<$Yg>=Ke$er+W-1O;MRrbM5 z<)3m61lekLww5{bOGeor#QFI>zv8Fbx3aFi_x`4$S2j59(;U*x?%QmA|IX+qqJ3$H z308=RT|r?EB{16c|2|)6ah1)@Do2s$^TMS-ZJ!s*nP&Vn+ zuADw@aK&G8IDdy+U30Au)l-LP;pEJzSyrhgTC3S+!2=dUM8zZ;5RfdTN#j*g(-}1V z<5f*c8IADhK=fssIUzBHt@~^(GB;y;y1eWOb3=qCd(1 z8>_ASkHJm5qVv0^?u;cbMJLvwng?6)Q&SgdV`17I=|g27S!H5zq+RR5y3W?x%AcNU zCp!z8>Z6;4Jl0rKW=E^v>S(rP&`QkRm8&YZA-4HgeZ29e5AKB2_MY{q-Ye`4<2gCK zT10SqIG96Y6|l5C-VwNey+bB8kIO=JWf5WmONCS{a~i^QPMR14R7V=<%E_JRrl-eG z8%kqSBcL?)_A{YZWLj0%z$_e__o+{SpPD%DHn4ib+me{Pr=F?pcUZM5#n!ootJwoY z?NPF|*Dh!NajT(wu?70sz4k{&8_ZIhD=V#HW2VI4xc@A{$^exHqXVzIUd}1M*}!;y z%J+Dg)o9E9#?cPBfmQxmD`fpl&{kugs!lr9U(QM2wIMR3S==!7Ep3;cZ!T{*e^+I3 zU+(7JUXtAt!z$TMdInO`)@nJGlj6W>-?u5bksvf~jm6J;-N?bW-o_QXw# z(XG*{`o2wZzP@NiPSd{mA<0t7AY|~i*zJ)Z_}6{Cq{?;%Z(G(JP59)n^%miUbx6{F zcJ<7VUi~Panawm_?`A_OQTffY8Mv#5cR7EyLMx5B zji=IHGA*aK@gzxH#JMaV8sEmp(AK1DRabfkf_6slDJL)jfEA_`<*mL4adQ zakA4ec52TvRS$!S&DsF}2(%?nP0jVJ@*P~Fe@Xn%VQ2E1EQ6`;^EH>uYmSbniH+q=AJ2F*j|_}tGy z7L9J1VtuHs?2*^_spiP+?8rM=Q=3_*cU$|Ijlw)7gMC5nm3dd5u6mdBTkl|aXKQYXQtPM46UD3Z8e=DOoqmqJ z7A7r%XXS5GZs~2N8Y?Nl>rY*gbFDP1&nwL%R{9rz^{{(;wJGt0vZfJUcU8G>eMTbt z@c3}edV@(mCtmrbQ8pb#Hln)M@1eQFV6qK&Ff}0UM~B2Y$?WQBxOpUR-g*V43jDUXtzmm;m>(GZx}B z3;NZbUm7RF4?u#iyvllewAM+@D=m=47a_nzM-)yZE}WBc>(jNMaKYF%ojEibtqRN1{y?D;dFy>++LQnLfPsVp~bhS^!u zK=Pn&bRlTmkE7h7>5R&FK!Y*{!q`uEmOLOJWY7V+RhZCH-IGQ#c;;ne`0OX1sW4Cj z86g~%@6a*%xJVt0XeB(B(V*C=AS@e)rrC@DSp+^~lh!aovdF^bTgv z$Y_?W&)~#r-^-r<3#VCb>JKS~4I&HO>E=p%9c}x@P^?rb0`hG^@Y!}}Msn#)wCEBb z7E>(fsi{cTeiI68(8p*@T@XshCaSxChvIDyce|7SpXt%Y_Hw_>YXSbRv}trmiM5)Pf@s&6kHkiYF{QWzbCSX3 zdv&g^e8-EG{1(ko+SGK#-p^KeMN3r6%Whc2y2e{iyEX+WFST!Nh@_+Z{@B!3_mSoa z#{IGB^XS%(Iq9iS8u=`@s8x?5u)=#oGTshG*3MLK;zYyVH_RNfZ*NUN`%}%0eAgUsFku*|}%5?&$y53b}8mArCF5)hCS%8rjO>A9EOi>mYbu`@P3;s{z$zUSKr&hKJh}JK;L|UCa_u{C!U{ zTStojsHosd9sg_EhAv?%OQNyzT8{`Jop({>-qK!Ws?-UK_TgU2AOC zCcHNoe3W*rK4y`8lbRuBQt@g^E;DT`_iCk8UtVGj&CI9PjX@`z@7?k+y0VFK^NA1h zI<|9A@KTov)tCQp=n?{|P5WrG){Sp4tDYITcoZ6vDg0d1KdSQoY^0aFAJL9GJer)-IrQbOJ-Dd&&nT7N zA4`>nesj)2WnMQ)pm(#}Dh#7v_1kT`sm40}~Hmy3J{rNbq;u z{G0v?l=^@p4_u+}&r#){Bh&@>6K_5OdkV|#ZKB*FkV7ftC7bgMu%hc!_k=&4s_5PO z_|*AH`Uh=FZ{cq2zzf-Mg{309AG3Jz4f5Ax0^ANOc9wg{I5X&}xJa`=f6x$dNCKc3 zR2{Zrp~9yTummTYH{(lTgr{Ad|N0z^@Ni&-+ZRRzt{AjuKT1BnKp2Iok5w`fy_i@K z-x2w=x=XRT>DLX6vljt4T!mf#A3BJ<7-!n{OwZJF%G($IE;~GQNci5MqfO4WgoFk4 zm+3LBRpl|Rtt+0zPX8R`tgJYjNYE4C*7aMFlc=oX58L*GpGiW8&pl$JNM z-rE5r_kBbEpcpb61aN@To;{Q4TsPM&-5A%;7V;gpMoWw03r1pP$Q`-S?q0n9a1>dQ zs}}+$h<&{FEnv>jN9I!;1*7chjq6}I1kN#YC}^%cg2}V`4LTZaY8@6emwM>{Tk0O; zfF-_(s}s3{*>Ps3k%H~KR|^8b(JuX57sdy%w#i>tYgFbZ<;9@1Qw@YyCz)Ex)6F%bFxdvxgW--+{3e(#Sv_k%Cz@yo}T9Ta06Wrz$573@DL zqy#tt^_fJR|8Vyn!FDDL6S<-&cP0$585(8`%AMX{;ITHdK?Qm7oeEb^_8+i+fhqG} zrQjprsrA1-NDcZ^rSR?sPP@rgP`3Q5xNk$qt{len1=YJOxATsgFrv08{NbWtW)%Mn z)*8Udfndbff&w$Q_2MK6@_oeqeGrAWLoK7hvZ3v>(g7DJm>R4S09Rt1J zJ_8D}<^tSdSa{0(vz9ZS7j{zl-vySvUAf7oZs}5Hv6?~!`}dZvS7C56FtRh7OzzmD zA}qfMN}_+jGuA*%1#_N@S==p1BGZ5c1X=y|B7V;?_48FWS` zPwtwk09jI~cY;Oj{?zslI}o!A2n5_slxf!yYx9#C`}65pVUy0xh69i|b002EncF7N z4T6h2WV6V-0OKcd9x9!v3i7-UBi+2L2ix%xD~gg4Y4IZ}Dn`@P+Pf;Ljv4>R+KyC* ztP6}x)D~f;LsrNXiS71 zIk^Tr*QVS|a(XNOC7+JnExU`Z{Mw&-@vpYc$!u>>7aly1?fm%1mud@^86cw98krhx zOZtcw_h7CJlVxkfQUm^B2OIEPq9ScM;Eq&~2~q^h3`D+6RVY~tJfi#xh?(Nl;G0HK zuJ3{Qp6_(cu#DbNR!n>MrY6E3^;#K`j4z`x;h)^^(WcdQU8Nd-h$vubwEZ}5M!EnJ zg;nP0CXH>B-iud>N{bp9zd5y8uvC~=2>(lYBP7@I$Jo>wjimp@s*f6*wTKIvnQ}#t z0cPj$B8|CIb>k8~+rB1LH(l)|wyY#<`f|5^HdR<2QDiu6&VyzL?bVG`EdN*z3+ie@(c`UsN1!Vf}WI$GduOno=`X+%-S#LGg3%XiYf*p`uJnf&xxjEW)}tZ z0XCMzau7XwXa)P5U|XYR3;71(-=mw~9qXMGA#JPJ6t58uY0iln*@XceU!a^E19T<_ zFm2{)Gplyi$sK3QW5MMA`N%Q{j3v!QrttT(Mp;i_Yr%fQDswzVO9A23y(Z+&G_(L8LNm*C=0!RN3DYnTpn!~i>Hm%{5ri^`SI*-V2(Xu|B`37Z2m5U$eNgf3 zueEfFR!-b+FvFTaMtt>;Yzp~Pgt!})z^uprY4qBKwwzY`y*wTZ9%M7DS3fLl`N!>W zvz!QQ6M26MoNR|lQ}kc}a}A4=|0aaa14~2J$tQ6qu>37xvnvV>;e|$rD$Rs&F3mOR z7$PO%zX^3DaKK)_5ZP?t=*+QDAkrmKW$)6kZP|~A7Jnf&eEwO3+`mbP^#m;cItNPh z90JlrRniMBLUZNOTwqv&BhYY+PK1-gf2VEOK07M_g zpbwhmS%FJ~;lC!q={JYEqcWF^et(-5g{j-W27tp*KQj!R5HL4IoW$3Y0C&^(g>_C{ zPcX(TbTVWV1cFCMTIz2eA$`u!$h>ku;bjDOEii^P0Tt4PY{ba05YvJNb~I`$Y~z7F z2uKZ0Ry5uEnHS{(rW{2+GGIgYmO;S{ zn9s^CcF4}39bx$aa#?UId|qP$W>vKo4(Nfe!Axtj24avn zA5wpGeq1*1DFQD!4!q=l8j2Q`-ruLviEIojqdlse)8*bU$1MhD$%p?D*%--6xxU~} z7qN?jz&^kqBqb?xSv&!0$iP4R&o#~GF*WkoPvw)tDEA&D z9Yea_d`I=!)d;R8MrcrF!6F1$Ti}g#`eL~5m~EUch_^s}JLAC9YRf*()lq6$Gw;B8 z<%H;4&DJM?*8pU(01xU>WG4r8IJfnI_Mq$zOXcYp+L+s+V~%0@=Xmi@tT(~l5rzqo zUI}`tMr`K;`9edAnu_O)owZUO-+jsY3P@E!o^=O3HP?IIxK=nLYh`|b!+whDxs7P4 zJiE0-ZALJV5w#4_zeen5-#4Q;y|^OKU0U^21JSi6;k4f&$^tW)areT#un6v%nMn$Z zgtnBW@T(EJzzDEs3*XdjgZq||H<8fxSnUF{^V22G%o;b>!VTR zr3?Ai5K^osGo8_wBe0)jnS%z510bXhA-j1%+|*eY>p4~@`j!hb6EZ*d5E)Z(#e;Kx zP2FeEt+p0n{x<8rI7L3Z#UCb^zlVALi#7aGB?oX`S5iOttlhzsTyBN(DB zLO^bcHRf-Wenp>)ExinC3t|9A#u0*mXMZVsBOm6MiCn2U`pIvyr}d8tRXL__kK>7a znGz?;hCycDh`H+!PrJ|0XKvNVaFOBortxxRrv5&^CeN8IC!LoQETC~mb~BtjsWb&v zS=h)BbT3RwdtE{S;@2xQfsI{AJBzBjx@ytunI$RO&AX$v3&FeOg3r3QZ%n8ot)DIw z&XF9;52Us~85qfATk7}Ul>JH8f2^p)qs}sO(^Rzo6^^&qp<@mLPJ!GvyVZ_q>ZWm*`|_As(HjF$=lomv295V2Sc3s8BwJz9 z?3vC0lwvO!&Z`6OAn5o&m!^mz%p-(1Kfnf)DBwZzmK?x3nJq_$u_j@is8S1E?l z1=oHeMd~U^JYV`O8>eRG^;{A5Zf#h;DA`c|1Cf&?n{Tp@F1=*ypjAing&Hj(tZxDo zV+Zcq+^Xc8))|<6Oxk3Jj?cx5r)a04fET?!7 zu5_B~pJ`yZAe3c4jUuamVSN)EEAbM>C@D^VIUE=8%iu&PNx!Z57kGDRf zciM*@#ci&%+xvQo-Z6TgRM9u2%pO!$Vs5p*s##6(9#^dN7Y|h$h`;G3j-rdShu5LN z6nG@Ic_?;NKk4;DrV3kWgLhL#T@1FneYC@5&*9jl&$#^9CH<;7U;m(_cZ^1apJIpW zX;KDV-Gb=XeaFoQ^E$fAM@=`yNT)IKIzNVW(xr>49bX7j;<`1NUc9I>&yEPQ*v1^6 zp5%U`{8%4JO<#r3phfD0&gjHSFT=sfF7L2Px?@Rv^aX*JCXy^qP~fE4Z~y6~S&Ar` z==KE+=JyJIe`=bpi_D(M%f%qHxMPUCsH30B1PTDyRoIxJ1IjFipqqzP3pF;*HCAfv z_jdQ{NU`l!wck?w_L%Y+A4nSXR&RfBGivInDD^hx|WGjhMGeRNsr+qyHAr^3yeDK@mJ8#`}ldQ@6Z zm00`qS~SH;KWld^_x?>dsQJkH@SfvACo4v`S1JzlAAUK#=aK*G9o5}0PM#3UT-=uM zFGG}P((=@Ddc(K1gSvwr)qUsv@-CN`mF^0@l(HzsC+_r*I=Y%7)$A`%$)Kwm8WC~mdncoP56O#Ti=oY)2by& z%Z~?ntUTwq{lIRNg~1T5Qhz*Fy|SHf@y*uCc5*wRV|=*I+JEruD%-MB2LD&%n^8Ww z(!aHnJIHp+(Fc@S*2{*D|C-}<@VWHY_PQOfjQW~78(r5PaSMt%1C?0x1t z``!CHGmbNkE#EStph=*%qwx7zKQ`(rZrDFF@fWB28oY?kQt1i7J z&H$zzVJkGFSHySkiD?44Vm5Gc>y;pG_QBNF)N)5F7GS9!j7)^e9N=`6w13T^{e~_w z9RoVi3cstoRsgnO-wuraR)t|a&heXD0+6|kbYQxo63`%lgtJ-=GF1%>eg94Pxej1} zfPb%pFP)*t_V#5J2*@v0K3&m}PTa`Cv%d}YO0JTN*mglHFc?>TpU!^GJi^~25xbkl z;AQ*iQoT16<|?kIL+2sE6;F{kgesd%R8avT3z8ky()6dYO21zgGS_P$&8_RpR?d1( z1-4zdlh%=L-5-nM9hq963Uq~92Bzlv>uw3gNO~@JOar;Fcf$@lHViQ*p2zo^p?}ip zcAv``qQz@&VjHDnIaS}n^+boQL3T}CI|c!u^vIU~e+fvKqsjt*WUI}_4{s#2h86X6 zy0TDe=u>#xL4K8MJGK2gk2>hE3>A|TQ#Cm4xR-}h{1l~RT;&dp{NQ2(X3KS!rY3AJ zWD%ys60uio=0FV0es@o#N^t zgK)L68nEsKB*g8PK`s(2_cl-+8RJt$ zim7rrA<_-fE zQbFY|$IkjSPX831%$sG+F2r`qKA* zG$W+LU^#KVbPx()asR(#H60kq-sKwheabQu?;v*C$d^G8OW>|1U^ab@dHA2!vhkw5 zisUv6I2NE(YPaf6uXS8gKAArmAOp&3v(gH8kN_&i)Kg=*(G^oI??4_M6{!s6lZd<* z8Q6epY{d7cUF3G4|-_6SI5w= ze?13YENbSKGF{q6X)At+d*dPZBc42xo!c@+HBMVJWD99)X+NYLq192I^f9ec6pLD} z^;^#CN>WQ@py@Q_r^qBD93Nn-BR#HHpydRX4ZV{CHA5FX+3dviiP)k!9cpp3=JYvIyi@@HSN=Y4JqIW}a8?*KAIsy?_Jc zFnBiLz;~AF@ZZw2z_VVF!4@vRtj}Q%eww@<2t20%T0uf&qF(Wk0!mX%Z_RDT>P`e!M$ezSq_^q-)~>@&jV? z+=%=l^6b|^Xc!D$+^k_2Gi^Mar3uKXp%{-$fI%CBL9$6DOY>tL4oW}ZeTM>udO)p# zNzI;R0X_k+h=*f%FaU_t<`}TcK5)s|BespCLPZCh+yE}#J+r2NN~136AJgLKfQH{a zwtY5AqokCjPQ)XLg?J;-b3sk5V~)Af_vy@qoKYFEyLA%9wlB(@3k4z0JAt;ZFORE- z>#xa`3h4#i#lVCfqq<&Z#525{#4$vDF;`$4DIi*-wgh-Dr3>(08@KFNN(2l`U)2rR z1TD>u8A@D6wUSH=2_wKq-f!8SZctYkpbUI&%s_mC%`L6l(sIsSzB<%*a z`oD}*oRM>;n?@I$B!$UUP$}XkWtt9}CSQQEHQ^-X0z*`P7^fo|pd&#Fnk7#*fysa& z=kf^_VAvuj(4zYhP?1YOfzcOkV07K_%HiJ-rq}LHV#F2adTr>=VG}wh34OgAXyA_5 z<$t+8J&DWp(VxcNQc^$Wnmczt{88yy1n%7Zx;Tab+p873N*zUS(=IW}8dwN2O6~aU zd|g{Ti%Z(#4;2KR7bB^*n>eopehCB~M(~|Z<6$-;a{UKR;hs?a%h6qU@%bu8!A zJt!!D)k?Z2mAvMDYDZy5X%3e{z=e~uA)y7iYWKbAhJ*U=+)VjBB--k5AcbX>(f8f_ zUoh7WpicPsg^m6-DZ8ttlbSjUU`(vAoIXKggH%K1ZO9R@@r zorSO{zF3C7tdsmluQ(L9xv8h+ooeqlac*};ojb@eKTZ0#)h5?gJol>!7+FKu9;y^K zPcidetD9W^Vh**dZu@pe(bC|7Yry#Mx#f?$^6#s=gly3UKYhC_cYFn+TH3(Nmz~Wp zqTXxgi*O5+Odc2D8FJrV2pWdq z*bocdTV7HqYL|y>j-#-_r%JBx{o2f@vktP@RFKhvX(8h|DyDeFIbQS=80~jsp)l``W2>o}{zGXVFh)7d)) z4qOykRd{>CZ2v=I(S+7;SQ%5(oAfsL19?pLL;+;*CSa2I!-cdz0EQKS5TW`X4Lz(l zBUEF75#VzN6O_OJ+CllLUYTpCSFhHmd2rJ(I7(7TkkscOC-ZspgC4rg9050jGM?F(7C3o^y6l$4cAWF7h5;F$dGdzI~V^g@ZH}O$OD7f zbOYGL&SP`@}zp zlE(Ha!dDxL;k`&am-WztNSK;bJgUm+a>_dlLm+-cER+f2I^Owv4)DKF!2uIaIf&$G zgO@rJd-xyU9NMstOE?l96JbZNb-E&w@!0Gl|20p#YfKy@Y zL$~3zDne7+;AZl2=a;o*%amnL^;vakLHCk%{r|V({`KFsVgK`lDK<#YIqC{Aqv5ND zR@G}qf%gd`B#g6=KFFy{1TdM*arp5ocO5j+V&ve&&GfDS{K$98%70G{|Bc&I1PpHk zETpK%oN&i1H3Q$@ELG)Jcy)l*on7+}aYy0DI+~#>|033Lw+86Pp|z_HT4|v`D~*mk zZuPaa0tLNe*EA2cW$w zK$PzRdfgu+$?p>W`aMklx;_3*d#wZ+JhVA%4#CVCTFjpyc9!?RA?<@)W%{Ubeu;GQ~8I_A>Tg7$#QDt-{3##5Y7nwkz>L)7eTv=2^7zwWTC&W)H@o{^VkjEbijd4zG!&RQ^PJ2aCQ4qz~6A%CLv59pp&Dyzc_yY z1_tnbVnE0LegL~2!QRE>VZer45N^NJBpI# zM6|2P#fMXf#a26o@uaw!mZN}sl8ZC0BZFf* zFV%dPPZ3i5X)(HpgRyP{a2YyY+1cv)A94KTQosyzzo@bTyYpC+RB`VJr>I}eIAfYh z>RQ^rMp)Mal^^xJLS=k$tjhN1$xEmZM$&W3v$*z#$em*^__FCM-J-S1skRXLY%(|7 zZCJS|UV}1Z?))elTklp2sFY3O2Q=7FU|*DHw)yw2Fio@|fcxM01>XZm%wEF)Li03B zp_8OuA#jOX{gF6y?LhZE?L-cn)t=TF59{FSw8}K>{Tv3&7Kk}rN;%PIBQyIof3a+* zY2WT>D>8dvuIr`azCxs9cR3pq&tG)p>e>2W>VMt_W&LY`hXdNJwtuCl5*XO}jhroP zR%r6g`_qAQyWKGIfX+jd(*<81|FQAIYS`B{#oUAsjC~*ym;g|EEPvHn86V8ofuWqXT?5|6erozqx$1B^vhkfbmY?>>Xe# zyYGN2C5{rO#x$-bO>IKPkAR0*9q(S9&hhHSBdz&|_micy!ykE-dwNZGe&1+UyK9z@ z@uLGQRc9;T6nn&)20RT^2m}Q{ar5u^Q4g{3-8e zZJgpUyVf$5$B>@T*ayCAK$xFB@{ zAV2|bHE$rh1`Oh8_Xlu-;3Zc@2Im7@3fJ#$`t@4|i3R;eOAg;EPBg#6d?|YA4C6O5 z{i))?Tkd`j?c9`YUy2FSZn~{q+1N0L*C%A9)=E zbR?`zgEyXo>>Us6aPu3x{aSbz{D$c}O!Tiy`taWtmaub#a<*0}J6y97WOgj8>}1Eg zROi>yvC6w+eP63Sck;$wt2a~$9$X&IS{Fw#uAf`4DEMjy0lfRW_3YNkp3(=)+(_VB zU?2-%?xGI7o&D0YzzC8$n(oh6>v-^JKQZ-vYK(VV{&rhRY}F*UB~p}+=&HY za5PLb%yZxHi+g7~sEW`{ROVDAYHb4QB6Y5`H(dI zzq+D+1HLjhsh~$5d_r>lI{qAa`L`)^#9Xgh45853WA!Jh3V7$NR@UHG{Vj z>%3lAYdvD?n5v@TRopzQFHtMa)D$&v!BnOlC=n5#ml6Ox0THc5mDut1%)FWYK1 zUe@@O&%#VKP)lX6j&26%>`W;i>T}`*9PZdF8vweup2UL~@g?SWN zZ`p8hDFCIjyYuFhy*2*r>iU%@GTxu((4p_Ko5r1vSK7o;7esa;;GSM#HS#_2mdk6to{C}~7)l9OXjS`F3#on-p6?_vF z?Ypp0d>Ve8lUdoC4tc93c5bE221fVcJw(6>(h#gX5#}|`pEmizoWljQx#4Kj`&Mf1 zEHcs8Wk8($5#chy2~EO@Pu%xgj~wgj5Q0u?byhJzr)}aegj$eMsq}=6H{oy?;*UCh znqYUP{R$i5$|!FV{ItCd|0H>(ho5j(KJ%1)@)eJ5bbZsurP(SC@qFQV&ymZT67UcW zV|&{#S60f|;S$ZKW<;PvZyK{_n0j8!`w*CVN+$7I=PF=@O`VU>$dkyY@Imp&^cHum z>Tg|BB6zJgFdYV(7T%E`0`Dz^Fga6P->8ts&k1L1Q9hiJ@uc0O!{U}GM+2kv7tOeP)5|$y&w_Wo=8tW zzH4ZX=F8!%Xlsk#cc`XK-VGeE<@EvMKbFy@})&z8BXRbvXCM|Gmb^gil*9M-yRt=(l3D+Ymi98{B&n_> zezZ@}-UfK~8$?>}G=?1oQ~ub*tX|pOfr(5+7iih&+YMN!z`zx`?$^V;lPjmdjMK*U zHD%_$=){@9w*mEiBiVXtm3?Yn+wc4ANN2wpm>$LDx_YPnI8>j_2CUJ8xHn29$Qc3* ze)_%d5h*SpVUtg>{dkh@NXZxQti&Gm`B6w6gjRQ7!9`PlnJdq)_ZoxLrXG!dsEv?Sl8 ziH|hdTxO^Qp}qvz`>Y)|^jb!eq?Q^9)wi6XLt72eqEOF4$u#s0(yrXOh2##8{7K^; zt!mS=+(j;2!p~xj&`68Tt+)Bm2di6GHd5T%fsSuQu;r-;$3vg~7$z1Or^A?VvQCRu zu73PAdc@1h<)6W5wn%Rg zlahAQqD6fAgEQ`#o1WNQvF<=7%+H5ye`(R@__f(uP29ssz64fio%5I+S5au@RqMo2 z>!+jS+k*)~*DT|F=8?}Jbb`;Qu=QB$(HC8H!(zL|vZYC4$S-!_*LvZnQ>|R>?C}{e zF~CBa7$`fd{2Vy+H#mzbZ3c}AEnsNc;H$1X86pvt5=Y+67jdtbQ1Ju*t(Kpp9nw%n~7Wn z#OfE~)fI;=%u!+@T6!4wYHJgt6!&K_m=CjPPL&qyT&~1K=>i(@d{mtB!7lzur}2_a z3Nm$dYj^?gF|k~E=x+lI=s2R9Y@XPF1v1*(7uelzznURys48xjaGqKePs~w_WUS!k zf|Akpw&f9aC%T@J$>g5~=6OXw{CE5Y%_92-KIydNb23JFOG~E~-Y_!2h$kOTeJFuB zc6;JI2)W6PfZ_QqY^+WBw5zSIK6L8s2R8g73CC2FP~g+t2+X|_4yQ3DR3QLx9>|K4 z9|(|asvke{_|NIjI!ovze4uk`DBr2O2bOuu+uEjrd*7|=8ZaXAs!xewovB=e$)!~K zs}_Fkv#-5qV=)6%IIQWf0x-k0F`+nr-zl>=pQ!7mC@IP6%Y8n#D6+;=7Uuydz1Vku{ul(s-B6`S;&rpU7d}6^MPA_$bcI$vGym(vGib^B-F|n zVOM$pRL6cfEdMfeI=>}1=?+`8c2|$_#&pro5ASykyJu zuhVD;*(v6>WU@)!z47$zt-J7<@Q9?FFG!9yx!UsXyKiYi%Ww4}k^L{0$M3gW);Yqby<(C+#K9LF$1&q26XA0@q?; zf?YXGkoz+&$l)+l=$@$87G3fIWcgmP^#1y5{N`!CUEU_BwfWa&R#B7P31e5knDd@t ze1uZ^%A18vxy85a{4i+Cws6Hy(G3j^M8;#6Zp!QB>Ex6ZewWvhVw^S2=N=;0-C(ys z-$+t39uR|w#hzsMCfLj4@0d#6I)IQ3 zYiy=%X*;VGkM~pm+`ZSolFc84$c^giR4VHTynt{EV?HZOyELG0_JK969uE3MXFx}e ze0p)i*H}jOYGJ<-n?r7%auw-;b2E`dw6h3m20 zpP|Rsmzv}Scz_q_+ZWHA9}!F<$p_ zk^-Xn@aIBo8}o}-a_e{)n9H8u>4k}VMpwI`3P)^u-yeal&b}9AJ3%J%1kx8qeBIgzHoH5#>%1H1(T5*mI8ohjz!W6@0qNTGZ)5V zpmpk5^5u{{*O4wuSpno5tH1L$V^}H?D&^!_?a56-vouxdnz?H65W;IA7A^658~AXH zd$w1~+_fz~vRRGzQ#cttg4AfdypHE%f{EA+<1Z#-3{T`8Vfc%5^ypE%kwq+*-2Hkc zjy*Z$?5!eS`Ox{SBl0Fyg{8BfnbZxgrH<#aXjkLO?={#{GaCBNi?tOwpb_AS>aJ*& z7IQ9$7&TT7No<})(?^6Fpw zCWWLRF%iKDms_;Xg_YttsIP!PaFCmci9?tU{qYLFUL<36!1m{fSGWmp&$esqi@W|L zcFh!PyS~PFCi1;-O81q1cxHgFhCWRGXeeDa29AcaBr@8vB~G#It+;;rn#&SHd`v|t^zV9BY7Rjuj}jAuJVSP?~hqLFlc+upiY4nWDypjpOtt!#VC zGht#GU{T8Fd2}DcQFYXbzC+h#|D4SW>f{lEmeaR$<{ew*p*TSZEHJp0f8efPeQ4Y3%Z&iVCfuR`3!+I}0uDS8L%^?E%#qth z_q+(rCz~FpX|OXK({8Nqy{&Oi^RaMY0cj*0QC3zEsn#I1`HyOLVoAV(pnbP8*@GWH zq8}zM!v~xw9y&T^I)mj~M&Ta&Dhxx)rI~m`x@smhHI=5y48HP{_MC;*S{d5t1i0*5 zW$EJ6T!!H$e59sau%-;Qw_f@T>3YP1JF|b?5x&$$^H<@X`!bB^zdTFblS*F@c?XWk z&jduiJr!Em{7w%ee`HNO3f3zgr7?s6laX4o>m_I$moSE;BPSpaEQroAXJ9FGbZ+#` zNMAH2c*wWh@p^XBsABGwFmSgV`ZL*o{iB+xXX(2uR_aD!`nLZFPZYA2w~8RXp^*ip4%^OpgnK1!4HG> z_V#{#Uy4i{$4P;K8t^ z$lL{j4~;MDLnLtv(TINy03{cogCW*>7o|tgJH}eqesIPCBWTw7w&L1V-+TxPF$uSF z%Z^W^iPJw*+< ze}CHEdchT3cT#}9^*J}3Te@y87W9RilY^lwgwKdPYZPv>hqpFl?d-mzJmPq{eIBuf+w5xr4#ytqgut#?_hKx8<>l(CJaiF}!TrWCNmxum{->;zkI87{MtQjg zJMisjL4oq~_ZztGirF}*g3Z4`CD18p4vdqHA-J}uR<0K>qVrV$Lh#pmOg%SDGT$C- zpH#b_8~s5aS}W3WqQdR!GcY|ez<8kOM8{8kvT?eqES*G#3{JQEGeIw=4meuUuxop; zP{k+{wlCqHJ@1*G6QvF{g zysFGXo<6H9N5tw!JQuvz_cr;UR|ddqK~$iEh}QL#@0_lb#Atw*j~ zTaUiHbks3L2l3_YxSO>2%#CHRDm)vYjrL$_koRL0+SOas-mrf+3HPG(B{m>V! znSUS)@N*;5&aiLdnb z3@^3fw}^*x9Xdfd{d;2}(nHpso1oo7KW$6KI)IHBPfqJk2pd>z?E+|W~G?2 zx6}plQG3BAvI6w;fNM|TT^aMt0%P^_#2XY24kQ$I9<`JPT&V%5!bAXPpo>oQFB1dS zP64=2%pFcGs3)2ZB?jFU=1f5@&Y)G$bf<}YzYD#YIV)GSUO|Cj5)&o6F%&m&FHx^u zSLYnzJ(Kv+NEs!eI&W&P^8Rd>j*egD+XM}wzA$o_HJSx!*7REC-pTTx*1&*$W*!r= z{zk6;eB`@^au&aW-twTQcSty?)+0f(rZUiw`4_@_V?WDRVC{|IK(P};q=ZXUQ%+dy zmZJ8y5{0%eo4u_B9a!7*3W*dzzUDahCFZK%j6OFKx`*h0x+G_CA`{k)@hUbMM!0K3 zn>jiGr@*4I29lr}87yVjV!jEx66M${2WY?Yjm06EZ2RxEs%5Q>L8%_^F~}>x;@-K_ zO>9Of2kE+rhQJ-Sn1AV@ae>2om(@(~&zv)lj4Q)Fmm_+J0NRTJYwjJqac_|TKmSk< ztYvVOMPQIb+ZB*s?Ft4~xX#>+4c?QY4XNH(d;yLy=0a$M)lQh$@jQ(jzaJ`gIcq)A z(;9Xv%DHj~?FOUc$HwB&NDg5CG6M~3j&=i22;oWm{n9|{%Wk|3j<#a?71WVessm!ne|BB(UQYsGWcR*N)w8#^fcy1%wRSB^Wo+3lW2|8=k_sZWZI3K z1+;KewB~S@un8KOnd!%k$hidmI`G~dX1%?q+&M4z5YOGj7Lttx z%qp#{@jw>$FA03%EcVx-bomFm|AdcJeTnYKhKY@#+m^&999KK5v>HDE zDuIa?;eC^2N-XaGpnd*boqvF!J93@GqO5*hgseXKQ-iY1lw=0{(rdl*$OK0Pf3b_$ z8#Jt1i@B&gis(oHZcV-)^9!+Zz&Fi+65}`p7l#9iq0P3vgdt$VLV0l`fJC)X?oS47 z!9fHh&B+j_ow^Ds88#k3(9{VxMc7KdYsATNBfcx26BzA^Q*k_W=qg;+d$RRREPHpj zXLtBU*E4RU5Q5m6#!~1oY_h*3*Y%pSau%Hz!wDR>X2zydI{APy6J|YwE@P&B6*nw( zdu0HV>TLNh3g#sSBlEuc0|_$$ne`XxSAXPBtAsRkw>>!}Z2&x-9hz;9mQuIIK9i!z zmVZLO&22arC<;CoWH=b6Z$;^Nv|i+XG|P*4UrNc9 z2o-qaPo#ooWD38dVLMV2jzAEA?QjZXj97?mg?hv%C)u0A@@P;!mcl^Tm5(`k#Lov$ zsYz@?*vaF6cLmT07aj+YH1R$g@roQVe&2e=g!xyMOvXO!@+B3ECkcfXy1NPfg;d+b z5^Q@*DR>(U;_xL`Em!=MO}_1tb`>DcoZauongXqvb3 zm7oEL3Yh=kgLyr8A?F{ zAslGY1Ml+BnFwc~gz3nodOnnuQS3Y49v+TBopo}(_&J%y`Oxa$h(4l|#s)5X)>CnHBQMiKo#K2l5xa;pI5 z+EF7G^B0+%{!D|tM;y@b=5L{ZCvfvKXQqip_d#uXA13LkT|MnH_pQ1-l!-ccH%K{{ zjP1sR{Aqsxp`d&e3b4aW>mL!@lR5h;r*|8$B#Sd}LT5Na<=`uM{fTTI92|V%HOjNQ zt;I}@6KOq)_<;~A_1Cc@hNBI~Zr`3L&QENK#g+VkPRBE}VBdHXo5d%%4l%dZ(xVF8xp6meuNPnRJQF|ve`znqDbOK&p_D; z(M9e+vHJ#A7`DQE0s9ATsQcQDD2t9dL5W{Trk}^G@An9t|J4_H{f&%;uoKU)w(l@P zPfckZfpYrm3@8dH?#6*<_|^C6o^}%xbs~O7XCBq3Wz1Dk z<=k%r7f^HP&G@=HrPw_mO<$Th^19JIo`^^Lcs=B8MP^ls8G!BWSg79B-DWfS$gTuWcPJh(#cDrs8ZmLv7M(wAiJL* zXq3-6iTAEj!VyBD#Jiec_A-B+55`%Mdl6*%a2a>}oi_-kRNz8Up>RPd-ExscxkFZe z=U2Cd(J5z+R6X^y1J~x;-i;YVj7j-e6@V%FS%dPVUb*8CG0Rj$|K%p}7hV)|SdB{}nFC76m#3V6 z^x-imDT*k!Y`@xi+f5M~61Y$q44m4Le7CBwe;nIYXrdHwZz1}`3vkcivg|F%C=dc^ za18N4Rz0!+wnS;z*AH&8~>oX~7aM z&tHbP0%)+UU)!M-JP$Hw=Nym`Sg$baJPMNyG7145M6N$#qbi33MxSIZ1w1YZW{A*G zZKq!s$_4EDN+iOz>lvK|FlACosqxl|ip&l27qjYqn2ZSW*I~P8*CWr~mBkr);2$_R zy0YL2iDfi|7h+Nsi@O6{Ee*Qh;aHrHwJGpY-VXjVBL|93J}dw&S~o-NTM^|iB*c_) zadAvW7W|2t`H6E*LB@pN3#ql)JVq!Prrq0~34506&wx zBTuvH-MQJoBs1GB$8H}DmjZxMA+d79v2xdbIC1A;z60e8@;@Z^pX8C~EIqL*CT2=@ z^UFj%as$^f_gptI=PbK##p;<(#76|dP+UVp#L1o>^2oDj=3FP3^WM)G=Lvk5u}eOL zH)*1!-YdQAWY7gkMa7OfrPZ!RI(kcP<)xsQXh_SRUxsBA^#_N`a9!weCdd*g$gna> zBtz7!&Nh;XJ8?`*xh0m{-XI5`YY@q;xM@I6YZ@AYEp3&Z=k%^;=b`<)CFTlIw6CoN zs5=8L`TB*(R5{A>>-9*){%YcnX(kJQv2OA2oGyZ8lwEyoe+t(QT8$G?_^T0^c|H$_ zCP{n7!28{_w&Fj~%GpmGi)pOCe`UQSUR6M+#k{OTb78xYjYRx)wE`9d-R2+1*8+|h=PH7)qyE9-0 zoXTscE}YA-mse*wsdWBP)sw}Ma^ZoNWHj0)bP1+Iwm*CL{IMe+y%yn7=S1P_6lFZm zZeRMKWm-UdEp4B=gpeoH?b}mtR%fc$f4{-OO(YO_v=xiFL82vhl`UEx1nn#@^r-XN z#VJUn*8;=V&V7`Wq0f{06I-rcr1j}eSn%HbxbaYJpot<6Z{QDc>gaM%*8~4OMxO5- zL0yxRl2qqD{t7p8)IvriuQjvckJDx=BZvjmU8N~L_ufjuSrTmIF(#yAszcefOPLnp zPveEhDQ?R8FP4)A3rGE-N?BRo_LqZ$!$;jFw4L`N7;#LL8GDVpcbNs8Yu+kjqe>~C z-C_Z~{jJ&J)8{5z*lbmMSgf5*Q$L}_rlKiK(>dRkPg_>t49lOi!Za+np8-g=SwO;= z-~&P4NT(~T$yfsjR1Loi!G|>C4joPh6E-zdy8Vo~{RusnPR4R$1ak1}`-8Y-?KSLD zS(Z-Qr8xH|OJM?tdsOC?Z}ZOt(yWgA``HBMd(ID(`7hTd6`0mWa8u`eoK+UqyJX7d z3+vMYw?2-;l=s{24w~4fHrK7EE*GcoFW4^(*{9n@#xZnQIrc*RraE%(>VE0D9p zG1M2V8g)DqD;p%5t-SY=&DJ>Wko@9@zU}qROy0exfy@5m6Ge-hu2oM8EbE_WcM-gt zU#mt|vc}SW zY2|3kMB&FJavZP%DXm3m4=GyN1eLuH}LMM2z3|u7%e`j7;gM z|JFrp#~@a-BMpT?l$Iop8FXP0A*9n%~O(I|H4k&rOp5x}LAz0=gr_wtkyj>Q87aXq1PjV2E+vr1P=!?|M$KoGV1=)G*m z8@wi1*;~U?={Ya6LX?|3lzBA1+=;X<74ym*=OHEYdCYI#r7khXEo=2jit>1)Yt^dS zX3V32P>aBg{)HHs#Nt~2t<_Jrw>E!foJo=7f9Z^4%QIXpc|1n(bDF)s`Ei_%w91W7o{B|OHE*?Eit|{1zffoBfFwuq7EVrF zaj?A#vbJ@-cQ*Xvd!Fi!$1EX!%5Qmo$Xl&JJ=t!gryuI99BCYI8T=Mh z%T&_8G|_As7t0b5<1*H0m~Y&c9*MzZF0I!^Mw&~yy0^tw4o-`jZErWfBV8ID58CoI zt)0HK`PHfDW6>o)g$ijkr})|F+U%MAzA>kw+J@k3iaB4{EB(73?90s}iXPMgO>CiK zIjmPvqTAK}^7xVECqMk#nBFqU_@xFfPohR^Wu|}r)FF6o-($Z#>gtzTxHALW5AY8R z`f8c8)Nywl}p{uf3SCk`Ddoz@nLQvw}Q`$rY2k(9L&xz!z8#Uw@ir=dc96FUt@r-T1h?| zlk1n#p5P|(>KkCn+zAl9(vE7X#-`BS)$qQv&@U1a_Ugkr}``av= z!{ZO|DkU@^g2C-^{s2>DLgBU<&Vx;!W>o*3%6cl*@2kTCQGR)nk2xIm0~fR!Wmyav zp=?utn=n0HX573z^xn|Ac6yYvu-{VM_V9 zsp^M8qb*wj4fMyJv;ORHB2U~^a!??B@$_yu#$K9U9Y?R2R8QNJTH4zam1)u^j{wi_ zw@cjD-o#BQ4g8Rst?NeIsYETc6jP;YVH7d1K5d!xm4qX<%U#P~%Uc3d$Jz^V)20>H z6ZSPZOUxwmru6!8bL1K7TdMhkX(ct*vx`HO*M4l=w!S#z&u;F+M-8VA_8NBz7u7uH zeD=dfw|KHPyRc?XXlrxiGjP!&_oc2EiA$_5xz#@aM!&d}9{kYS5`P<8e{YK#@0>Ly zTqN>6t~1qpw7KbakNMtYU%B)C?#|MN-k9AWX}l}V*XuB~oLa6PcP-GhI-OZz~nd z%rWw>H4xotC5f2L&X{9OxKA0n`XsCsvFC6wpdqR0$%Fy*&Is+((cKrj74l2yvhNRq zQ!U(^6Bg{1sUT*yRstU?im6@jbjC}+N40y>X2n*AmC>{~+BUNn5GBjf#vZupS_Cz- zDKPM5I&`pGu360n*X?NYgoy+#N^P!<(}>JlwE6n|C`IbR5$Rc_mM2Q$-rCk*3)ZLI z^=7}$7s7Z&%!tZCG;)(^rBO{fE5qJYo4}BF9o2&8jpC1$CWS1sk6zrBX$p|1`8D>V zR8>9#bMTK#UZhd)GMPjX>uWXJ7wd~8H&@F^6Tp z#MH&YBHZ+O*U^5*iIF4Jw!1;!_s8-^m8npF#O!@96xC;MB~sZoIB3`1_3qvt5FZ!c zv?SqKUH8A!yZY5`jVb%QQwg;BVZXoMez78`iLSzN!_lkRz-ZMiK8?Aw^nr2Ji(m%7 zI>9gU`#>)gyUkA9{nDXk9WSz*QS1;>H!wnZe3MfgOI_2!q0YjN~=Sl@__3l z7}^#bIjmWaC~gaQ^=gd&sx4YZXm<~@1A*Usc4xG7iazKqWn#4@-6}obqQf$WmH*!D zJBQQfHhfz59$Y8)%q~sbDC*c!-hRw!&$@CCtQyBVdUsh$wJ5=!U4fz`_GtBV^br%k z(fd`ZnX0o=cj82k;W%Yn92dVL(%Jo-X?x?e)Z-BnnbAj}KhIy#jPcvr-|X$!-B541 zph(jkEgCg@l-fcYPv`M_$_?W9vJZWGJ-%+Uux9N}kfnp`4%IhR;n)eFsJDFPxGzuVCChrms9i^ zF3LOH%3&u07QV4Ah6F{*Ud<{{FD~Ie$!8zk#BvaJ2)O6a=oc77nzaFomM{WA3?SH& zq0^3So`h#zM$+5}Cg}9nF>(8|*$vShxiB3?IN-90=SDo3Awl_B08_=Uy8O_g)5LH( zgu{={o$-6uk`V?CSo-;7l*vI==-qnfcwsEnckMj!rROcWF9t>y&5NMYxT~)-Lbm|8 zH!8(la%s7loz`AZc$_!jMa&nK)YVlD9)fP1nZB%gjik|t@C1nhfRqbB4-=jV0K3XuLHt+|Pz5b_= zjKZV3opYN_y!%fhb&oS|u91!?st#7_c zD0#lmU%O}TEmgZR%5SY|&%3AD8AZkR%@aN@vkunM8cGwXil)H~f?xbM%1IZ~>jSBq zAB*beaWRzvJCO+T=0?eesw@$v9)RgcpP z{*`kfCXHIZzxZg$$$1HvIj&yBS3N4pgi^!&1U?OWjl*O0ffJkycb8~6EiZU9Pi4%m z;#L~zch*PS$k+@-SU*+wAZS*Yqj=Xw5)5Ao2&gfP^t6%_#Ep+A6j~(D#^Tq zk>@<$?TikY`W@|xhpTx{?mcxH2>9FrRtrZ+-uF-sTo^T#L97|)~TJKpGe>CQzAbDn4Ib76M{iU3-r=uE~D`x1+PL1S6eF5zJ z?CjJffnXrJk;a?*Rid1mXvlPb16hhm5bL)WvuayWjXV;yR}X#XU7xt?bGqDqS;{AS!4NVWLLEhNY-5HTbW&%NDVa0UCv*PS(GB4T$9r$3sTUUO&GghvG&6O^*=1`K&ff@@ zI;V5EVqIiz%DnbD>}LADXz60#q_dxv&1Ow=uyKN0l7zc!M>P%`IBpVsnqBdrfyuDj zN$?ZwDI%YE;c3#UqrSFX$EiWfEV7#(F4nL%KR^JIUDfzwqDtakUapEZY*zi4EiQjT z^&L0>Vxt&+75mpfBpWQe$SB6jEDH5EGpnMpgd$I>Z{Fwyxq@=A@cixO32H34im2FfrCOhhnJm*e7NO*mC=WMW5c-PjMCQOe82dH<;{?7rs<#T`4=q+4(LhYZY~y@`_wgKqBGj~)-&poO7>f^@($TM-+!-C z#TppJz3NoANpsvGTF#}Yr^Nlc1{ zF821$ecbraeD*o8Q`jbcB2HwTSuLG-wtci2rKFvjc6!{`QM0{epgq8UGgpup8`Qfy z>MzH>*UTU4ApCGg;csF3XK7ubsPI_(*{%cHZ|^6m24CM}dT$H%Ads)Idvc^tk58*| zpJl22hT!zN;oTe7%S~e##?_ZtWaFT9bCaQ?Sn-t?7jC9KI|cKZ*3jnj_os|s)rAC~ zdo=W-(k6OjXmelk$|ym-Y0oOxk0FAwLv4nca$ys6(u!QM{@(ytE&lNM)O| zvTm9H_lA0uzfs~~xU~FnK)9NesJhj>{4~1~12lf2< z^=wQ?;LPhiA&)YUxqU`Tv|)Vik$8(3_s}BGq+Ze02EwQTNjpQ3g0@bES_T5&X_+x>t#2xDf0Hl@UQho+rMmB)>AW8h7{^)-if=U zASS)P*m=bK$WHxI55IQvVJ4zHf3S3JKGoxJ3o%o2!2<831jzjG(BC+m_rQWLDfCngayI!%0)3i+;nW$~XGpqwz zUVi*tP_lI5jQk+G>%sQHlCa?Fquu&7a*;bn3ni*XqZo6OcjoN37uBfgjL&*z92s1! zJ^49i()AuUNH4YGhRtvhdr;5zd{(Y~lfFt2>mH_!~8%5d=IZneQVGXp}N&<5@TT)i~IW%fSGc0$82lcHaF+B}iJ>N>9YX zk<&_R8m@y%r8In;r+$EOjAkT{#Y8^8bpk!i#Y$aGREg;g2Va*UUdbs=niC-ilm7r< zk`J;XgW;Hwa+qi>30yMRc)xRx%*sVO8}H@1wJPhHMCn)Rj86}1pJx~O>E++=rocS5 zy6@r=sn2vbr#pdBrUZ6C!+`TXI%t~Gv0-ei&7&xKW}cvlH#Ku2>(QO4i2S1_$Zeh3 zi7sv7w&yM?0fW+WA32NK!{Avf)C%g)Z+Z}oJIR}6e4g=&12{x$^7CL$oXxqb;+Ep- z)RU!9zZjEyIgL(^AL}=eY4s?QLTesgGMNOR!EyzWmL!v#)0+ zguMj>1cvm6+Xn+{ifsk6(%bTeKN_#WSBmQ;PO~5I_#>O zOAQnY{?Yv)`a99UPdG+Pb#?6x{uUx#C_Sv+cYM4i&5Dtr11kWghjBj;bs^B8f8TE0A6Z+6IJtT^T%cmD68-c!9YqKhas z+QZ9(x0U32Kc4c*iqSjRxWT~sqJ!QR+i0C)?bn;cZ!mX?4Ho$JYmPM@t?^vw!3fZc zfx|U-x8tYE(WqjxHQTr~(xJX2XA^yKx_U3VL7V=gH`->;h*}|QrZBZxdXYW+*n<<4 z`nKjwQG9f0Wxjf$t*h$y+cx|F;&$DMDGBPP9I+c8(;EEVyrccfCZmqe(p?O~=40lD zY-1N~w-l)+e~v_P(i(*_o*+1H)cZlEI&&-8}+FoTQk@@o|Y)WsF(7 zL2Pa9VSUA1J7`GlUDNHTTi6MSSXvkw z^U5=dS@7&eEZT%=(}rg+N~_gpuf$g@-%`l^p{a*ysfyq;ZR#bj09y;4)*hSadJ*T= zUO0N5^~X$UP7M;~2S!iAX=t8HXURhCj}u>?cJ)=ITTVWD+3WG*Mwo}7_QX2D8LlQl zjprxwK<7}J3FvsE;LPLUs^IRqtNI!SjuQPx*PZ?PI5i8{o4E1kJ#3pH%8kRLufBij z`xL(2QE%dvV9R!P&4FF>eX0*HHJCAVXg<8}<7mj?Z|LM|vol@Sf@%&rv+f1l5tPt) zYoHkw89BV}lCD6!aifdAy}%-~gL=cuwLX{FygjyFK8k7lLuVxGt?B)msW8_Jdl;2J z?P%}oQ<7RvKlAl*-_$_=1L}^ik3c&nxCADJ-hG^gHzKyoJzLIgm0S1Y4TJb@lXH(_ z|E2e&_j8t37oc=z+OO}|UX~I(XN7CcogaI5e{ZB-X(4sX&DDG74vr7syysVyKHOs1 zIlH5DhOqUV4_U}nlY^s7Wc$vC1G*jZT;1{!D`1;SPZ4+KP0|r=A*DM_x-m%ndXw;y#KlQ>H;1*w)9VU8j z=^v&}e&Uz9+(4v!9L=uE{3tyLDeDdZD=u8b94Q_S6gE`(GjX9X!U9Ik*=x+-&gB6Jx zma}(_pTtZ-&V^mc=Cex-_lBXXRq9X<5Agm}VYuXT*A%bYl;E zup6;(NfWez@BGb%zP(HKFj>xJ>RbFsM>IYA8~1csxMR_20rs5Tat>{^69vE=xHS*7 zvjsMUbWe)d*g+N7?L`Nls$aRG|L(?WgW`i)zI~rxwbg#xM``TBPN==!6C)VAt*gBD z(Uiu~XS>1%9d6zDgPZ^3?X4kdNZ(jP!Rz$4{G2!8BIpL{u!!w9yWPatyLBNhz#(g| zi`Sb|>X6mf$Lmu(hV5?5_L-He`*KzGjsq}BA9s}jBUj_DJUbN?+#e88F)^`QjAKAi zxf8@a5oEd9`EJ|SNc%n?Tb03?uD~G6JLi75jD2;@%%Tra_Klh6#JJNE5Aef%x&V-! zAMe+D8L9lWE-@*7g>EUOi@p2Yo51sL9o9dHP8zfySCbt5u=%#U_OWx5x6RIui=A+H zz|*bsbrl6-+#aiUo(m7m_I2N|v0?HB2nvYt!NGxw;O~{G6EtJKbEelr3mlfIuPeTL zbvJ9AJ!N$9!-8@DhtavfG|f6y>L-8OcWP_;Z1;xQ4|hw{`4sP1f0LN!;(Bjlov3rMB%(7Q`6xxb34(Wr0 z!of1{{3{!8=@54Q!~oY6EF?DfFDXhvywvKK@hm3z2n60~N`72mc_LBDSBq z{*-&0-2BI)&mDgqf`y;ALC47mz`^pp=P0s1r6xV2g|6dLx_q$%M9e{*>VS1UL6f$3 zR6mSt7#~VjdL(>oyT!&xVf~K-qmRtcExf*;hF%G?xdK=+=wB(>-aiP#l|M9&5!x=;71jLj~oD%fSv#V@yR zUHInow!QY3MSKBIP~4ohE+EWCMEK;y9xQWXY|J>az&`pj1+Q%epLM6fl(6U9z7of8 z-_<$=r!-#G1YTNVo~;yX5gj@;`sck$r82$DVgH`4hTcoNpVUsFCkMP99y&N4q<(4V zIOS-;ai7!EV}AuF?S4^x$Add29gnK6zooh0lyvw&6^rH8O<6g1E}7Wzb@G7N*FDKo zdYqul<@~9|&DniQ*^>#$Q-&OymcW#X;YU-G_o;DxHFdq^T($NnPwHStarzjx9vk+n z@qcC2kQ6?U6f=rLLwUAaa!tKU7G@e2z`G z-(AZ}5TmH7^wExnxy<_)7(JX2UpxKVA8)tY1~G1v9D%L{ z3ccp^)Cwt)>%!ja3Y}__^mh`1#M`8!J~dY#Z1Xus92>))_yK^1+-OHR_WThAziDzM z_+#+Ln>0*UB~$Bv8fCW{7yigSRvAQ^W*6MM+hJZ^w{zUoRaPXUV9g*2V3^k5TV?fk z3<-&0=ozBaa~5R@i2{pJWi$%BX)qpCSN`C>2Co`^b;Gu@G(-w#NSE#lt2_T0o3cuX ziuvuXWbNiUx$yvFDgBL?&I4WJneiqmCL&L`h?st`ZQ&UEP=StYNx%pA3&t?qyz0qA z#K|?v-!w5}86oOZLR#Wd0;^# z^@kU-Vq+=W4*cLIbJ>3uAhJ@c;6u%HS;Av321%I&J%`J)f7A*RuLqDiY`6_YIqa2> zK^W^HH-=y3Vsqati%|G7a?JQYSy>rsT@qccF+2h8E0F4JbzBm0n{{WI*<5buGPA4V zvu_|oV8R4}?Y@@JLIreuB4__LQ85|Mp`nDg&b>uP`CLs-<12aq^$9r!ko_JrQapR8 zFDv%sPC}a0Z8;R9_Yv8s+~-Qf(z${cZ!h4rn98!m1$0y`i=q%1qtIktDW>^_1(rvO z8n~Y>8=94xZey07=2AAv?^Wq}w?>A3Cc+T`N!Pr8d(Z5pq&7DuR~1V%^~Mi8)*`0g zrXfSuO|;oc{fR;b7C$O1-Z2r)vpk*fQeyKhp(28NjySifkM0Vu>H;48m)P>|Eg-hL zz5lXK7|!^u!nx^FqPG__Yl|jPFZJ~Cj;<$gTevgX{8pJ)AGyg{dp*(n)uGyr)8Hq) zvPpMUiPS6IG5&%(rBLUOz51v2ms=E@yv7onREUQg%Q21mdgi3Ylv z%4)`jh4Woa)aqA}t}bCMtgSe}Z{1y?01_h(9+Zg8A4!DOgiraue@@WSHNbOa)z;qG(NRtjNk>`ZNgKfp|(VBGQMRq+O4^+W-qaraa>Y$fG)mvZKFEz8fV1y5!WeFi1>qJOIpmMvQMWyWEeI_W!(g4Nm=PlX0ofV8|RvQ z#^GQ7(ZR)n|D98k4EU*JU((SN&?r7;A*E^}-PqH}Mb${>AGg=C{O4N6W|ifyptB{& zpyw@t{kJ(*HC7r1OESsFefKSwt&rz5o^(YA8qLd2xTMA*K>`jmL@-4sl@#@2CWOR{ z#i@?xG$Xkd^OK<3wHB}9S>Qc+V;={`zDje}m1Sn>Tn|#WS8%2)Qusd(pm|56UFFn> zhpJkHjEp60wF@=D7dA?n{HAXa6|toZiC2^5Ctj5N)Y+oc48IKB4`)1josHrV*$=3V zqCvAhfxS)wr0YdU%cHE=Pn?oQOr;NN5EGA=7gBJZj;DF%w$RUjOJ{5LGUBsmn!`BF zQ--26tYxa~7xAS0B;;PFTrMjm-JJhg0^STH=BN{&>A?Rbl-tLiOip28U18XsvKt$= z^?W?`Ufs`5j|?-~sgbXx_~D2uiG(ljhREyABz_fQX}@QNM2A*fE|NNMOT6lQnnSv? z3|(l$w5w8&1kL-g-@Ewey0mf_mnGy+XvbvC_8K23JUo?kle7uF{D+3|2UWhDNbZ-R8L%yo-ZE{Z3U+2(iIER+<&tbnYOZ6Yo zH|5xZ2z}i=!#{T&JEdW&_?)SiVkkRET8LaT4bAHL=Mp3>UX6Ay1*m@J(a!`WzW+#2 z`s%Y4#haC6ZG5Uha9klOXo1f9vBROXg#9rae7@=j*R2d$K%P?Tu;JeW;OQy2JwH{3 zX?dG}&{EgX5SGLZ&k@s$>2rrH!Ar@^Y*2m<{{LrWCP~%N3aefk%QwMmk;<3-Pn6>6 z@0H*}!hbtT#isgNERp}qLz&d|)yVNqY=gwHiO$vXutdnJTgTbVi=mR?JsfF#yh~r}>#YMNQV=6MgyRne+j0Q-R4Sn}U1Um7fB7SJyGy6TFhp1YEjj zmnVr1F`t9?Xn$6<#=L)xKkj_Q!_5i-vPFqr2FHqbp8Z1a0O~2;ohoBEEZZuc*A7~T7-58mAuA6ut6+;k&LyXaGz%k zNbPivO|&Ea~3 zdb7xJhKu<<5|wa44&`$#ps2xb?la>3U#P-X%yk5pbY4MdqZvvcj?^O}t7{i&?o-ty zUYGqy)+D?uOt^~;eCFIVx!Kb4%VKcd;s`6nwho z%KjB5;uo^yzZ^&hnOJyV!f-qqWC^`jWc0z`7HF0#k^B9|o=^LX2DfK#L8AnA`b=@P zU86Re@fr~pa?tatT8c?>)jA6$$ z%;p#mUGZFRyZFT__b3}&;a{zW%PP|0@fFaPoh%3IWcjfVil)lrGFER|F2ma^peVH| zn`Rps7u-CaYQ?nwNban_-oRgPaw$|YIvo+|KvI>71!2}q`~8?F*c5*CMf1o84DNoe zOLC>5C0Vhv9f-&C6cY_uDeMW0@d#&J&=FZ0bJ>-TYxM-OuAJ%-24sfPyp>3k60HZ4 zLBLCT+Yl^lIbhEc5^R_UuDoBiUx(juIZeX2h|6U%;%iHg2ApA04SmQ|m{RdDi=UVd z!%l*^;(ic{cM5(EMH?kAlXcDxf6Qd)1aMi5nJK6j!35Tcxn4mHcEhiC$|j%(0!+Xh zoi&JsD-!pa*(L)tl|tKX9NYi9z7Is#L9L?T&P)!7;J1snx7F&X7WZbe0U92YbaOa-;{N|+-JmjR=Q=GO`jIAO2RchLDZ>3DfMfuQ9cFVRbkbp z#WiNC(!5UiupUDZ>#ba-axHVYG0yw^B^WvAsBxJt-cY<;Yvt8 zKbf`(N<9kH!izcxMuf6@pKPsq1c|?%c}At_NZ~7@|AgK)W3wchk&7xULKPt9Ld>|Z zMG}pQIYBcGH56Go^8|9X*ino#$Ske$Q-b#<3fwmiZqs`dfqB2omUsW^_F=tmRyj;Z z8*Xs17ammQdYE&efJt=}ojV2l%5h6IqpXgLssHR?@4~WX4S7FH0OGG<<6FnG;u*tQp1 zI=co**Ph7vLS=~N#PS4mW(9d-ZcyPBGibR%!~H!gmP1FkpbDp-r}VWqo_%rYJ7d(G-l#qh;!Z8KpctX~dt z;?w%$5Io`J{SLWG^McX}1vcw|W)ZCGELOo*W6k$#5A3bLoJLf&o;`yB->LZjpVAb5 z6ap$P?~7MIY=fe!NXVoLzp|>uawJ{le95_moxs10(3ZddIY>(4$ijK^$}OHSk=@IQ z>G||d7*C)(Q{Svk=nGS#nSIEKeJhu1OZYpTxJHL)q1WGPvPk=6bEG47yaFPHF!u^8 zD-~QuA_Tl>zb5*5yQ>+oy~ckMZ0`ajwE>YGtA5juK~owfLG{J=hW?D1;8@WR1LsgQ zaE1>xDMc0DVL}H);&oCx5hpQS&=5hW_WzDB{R-o`d-NPPLB{$t7fbfQpM#5v%YGH| z-IJGW`4Vf(MdJcBL~_Wz+!K$kb}?W10g0m_aW83=_g6lp2*_9)BzV7fC@VcHi7ry< z-GAzh`GH8K1W}%Yo9wW8K*gb@sKT;OFvtZ!pq} zh9h(4M%y9l0JYhvzNIJWC^$UtYm!I2oOk6LDf!lIk|@%1OTJK4q~h{$3I1L6m!Dat zeE))f$MNo390{~ES^9N1iy;?^$Sy_?Q?~iAkP`%EqCvz9@Pb8JE~80^K`qU}9i{H9 z!NjEmzc3VTtJvr0U?bv~R6PR#eg?)J>%pRNRh z9du2}FYk6!gdODV4z~Q=q9A1u$dQIZQ<9i)O%h*J&A4_EF_U)nH{bp<4EJswk{=l6 zr6H?AydZ(Yt8^5q02n<_h#g6G$K@*aH`S8!$Q$veqOOom16bSXm9xiHK(_(Ws%CkL zJ&-C}6(0>}BJ}#aUTslD<1POF#GF1Xkw!cA8@V{tK49X9{qXn%uzd1DwtmN3y;?_$(oc*gtJ90e(Uf%}QU91w+ueH~E`xoP>QVVVScg)J zr~?k+R$=kg8~3MJ-)AB<$9Ow+9aSSgz)uHjgR>$ukvtc@(o&+JMTd^+W6&x|*JVe5 zOLZzo6uVB+yj~pwjkXAl7n&evs3PzXMyFp{jJ4gEtFo&btH%#N@TM1QP$GaPJ4>+d z6=v0TiYzBymoP3MW>?7Vv6T2k_85Rrk-sY4bTTvcN zbeSwpk%+qIMjHZ7n`S5wvMGw&GU0@8Ut4{8NvO-4Zran#^aGm1iYsL3YiDnx_Vs@l zFNBd0jz#$AsxN-vV9i<@`W+ye8?o=3Zp3!{5xSPO36NnDRDvOhgakdQK;6`F*|X5+ z>OMwN+kuo^<&Ga;rA)Z7vS@VR+34ebp%!gqGG4=fh9w**gowV&h9Z))w}oY_bISP4 zth}nH)cn9!d_QE-zp;mU<5Q;eGb^vKjh~8&_#96_kDj9gVKM4SUGGeKr>!joIxm;e zn{dQmgOK!=LhgIuY6cce@_WF&l%CY_fp%@|!5ty!3EZBiq@hvQL(zM5bW;(I9RKT5 z2jjA_hU}CHLi2o8TjQ|R5uy@Iht*B9ugh2ky1O$;X%f8bpV`S5v=h*V-2}EvLu9Qh zqPx-^N6w%oeHie-d(t^p&rm9E{%z~xEciXZ<#?zmcw=Y%@IwG_Sl zzfls+TsR7npJr|_E{u=Adl-^h4p?4Bui*?u6xX^->ZGmjin;bkUV)|01I*R|%ya<` zh;TmQ&wvayOgw4_@$So?OvaO7w@q$HnW7@T_5kE+e5Ie^LV&c=0Ww1cw1Q-CL=3et zD9vG+j3oIe1bTT3M7bXe_rMLch|{p~-xu;aSUdRpL8ry*f<7s0Yu{f^{D}hQXzz;q z>*c(@puoa}w1|YaTEv#s3sJmrV|X{*lM3n33U&<@YEWFAglCaumxCicHL5(*?3_b` z_s5uYkipT-HZd8=BC~2*PcHS=@z5gwPF?_E-oF8agu6TJKT)rAI-0ZcAv(B@S%&wOLQptqiogoc0|(|$?THdeWvM-@yoL|kweUmSowujEr!Fg@FnLZY2n zWypFpbimUyE#)c_=R#N=Yxx|HLLL?5q#y#U0+tq+1$y8NO2$n{sZ$hYGzKp)}goizx z29SR0R}5gzV+rUxfH|$Fdc1M_+Z;{jujh6v``?%ZABLXZ zrq|G~^}pd1hp$Q=Cvl2=TT}#p+;Jl6-wdTr##ByubMm2hFO+2wnVYOg9XJjB-5QW# zg`MeGyK!!Q$he?QuwrT(5|$MUtJ0W-9M=Fa=`)9YaV;GUfnf*cfs`XBPS;F^6v7ep z1e~*{6DXm|9LNjOSR%vA&m-#`K!GL>X%4gGWMGBp@WM?0eZR@>ZzuQc_HcKv7LCXq zVKE+8KK@+IxVZ}+``w?3ofjS>&6-VTqHiDuZ&^qoNmQ^9x~GX#T1qV9)b{G3efbyv zG>3ee7u=etbQ>a?VB9cMf@q}L?E~hlyolR#uGJuSda3K*DzxYF#{3NY ziE*K-CiiP^yn`kIO{P~J*=rqtgENjmOZ@@s9qi?qdDkgpZF%mA48%|I3Zkxh%UHuK zybQiT5)!moywt^+fuB3N@ZTNn_d(O9!sFNL`zMFt*d|@mBy_}9XX*C^D`=AVs&=uGlDqE`(f95F1v1!m_ZnB44$JD#_|JT+{ zZUvwedKjQ7l(dM~!Pmp$p&?^S{lw#-XY{?2h)&(?#>Ab239Cz7%%J*l?!EtQ^8Xbu za$!u-RpeoceSMEF3mPFqZ|KaB!SJP0}5molFUi`0JI^G zzb!#q{qWHxml#P>ndrbgJ@b@>K&L?)ye|(`fDTRKx*xt`#Uc`Lft@330m*HE4%z?T zhxUT~nPhXmdhpNxXv}NQb+Rr$%@i8A6+V#IV5iAUNTl{B9EF+}2#|(BnBObdeqMyt zeabd_^24x@g=o|vAAGV5&_gH9rkfBt@boxL`jY1QbaV&T+<-@&rVc|Dss)rzuQ!X< z580OiLJAsEN4HNyh7I#XsQoWC1LZm6)*TR17}0FgT%&RWM^>QJ(`Vkj!}uj0Ez^;K zBBg?bH~-9jy^w(zutL!Q%L)s98agu*mR81?08j+YNVtH+5&t)xC^X=|{PVR+_6Y_b zWa!q4>J)dp66iiff_G2nPTgw8%zo6Q74e(+3!3k-4RE9IBOJ*^oa~dn+&hYo%sQ~; zmcZNlG1*DGooCn#*GgP5bP^|H!${+jsY*!J&F)(Z|K%mFFMXGlz>%^30PM(4g{x$} zS9k)b0`cPq&{$Hu-u$Ew9#2DU2<#oaY+)_p3hd2br(;E$ghXnG647W^{^ik8-0(Hz z5n*&gv#aj)tv;;V;gH^AU;nt=8B)8nDGytfLU||ghWm%(ay+R!rl0Zs1NCY4o+b3qTf-DBoW zHykm_|Ex{nGbJayCkBNA9P6V8gZ|%7#nLUV@UB<^-^_WDIdW2 z@I}WqS2L25Iwm;SLj*Eat z6rz&7C0*)|$E=w9>x3J{pCV%2QK$QFF~KYCrB*~jY{w-`?P10K+OV?4 zoh~w1I?~*C^Qa#SMzP!vXSj4UH^B~{6u5nfj-I1z>$w{vpwsj1D8R2ms*nmoZJd!H zv*%#`n~ze>jM0JXY;41{Ue%>B*g24Z6ZI8q$RaF4*0q02Tk)T>^X^xW=DPLLvQ(+? zt0dSDub6Bh*X2``oEF}@o3sp4M;jzuTk8=gvZXgLi&uj{A~PSL(yZ-q`h>{Tr|@*Q z_fOuZ_2~+9%t=db%lRUmVP{KizqZF4jx_{x^~L*-!9W?6t9{1dWeYSu%dLS#ss)4# z1{pF{cBOH_>++MnFCoA%-gDH}lID54fMbh6ME4-L*MTX$tHy)avOE~SFt&B{tef-*%totm1+G z;n_KyUeq!eG#)U- z^&haK-T?h0Ly9?;EMz-Y1Q#9$p41pGfW3IW(k?Q@m-HWzB*8H@1Fhmc*e=h7ukP7@<%{gMW95q^xTKQf%4WLqvEX<(!ngfrl*<3c)FhE z+o0j<6v(3JunQO)pg`mh?qTNchPlt4&zYKwdj^p!(R$JyQuF3{A0c34bNO4|9RaImugX|I5I?=~ zybjq(Nl#t*1r)UY3lz8)=83DcPCidKV=sx0jy`uG*beKG8+x&)@N*)|ff?Z=G~bZ_ z)tx)9GSvk-SZc|nBTm|oc2L=`_vBP3s*|ZSH8XSh&l0JOP(f9o|^}_gIO}3z}c{$ZbZ#I3HN@=zZ)(Pm#(#x4yBCuW<9%>Sjuj7or0T6u= z>PSZqgeaurjMLcfj~{4qAr%sak+qI6fm{}CUgT(nK+e|wdI*H)!JEJK>`Ik^N4cU- zfaf10Bm}?ij%57sQHC<~|uk2at1u+_`&U$f1EMcVzx zuqpq1Y9}sr{@X6!nNjs;^detI&4EZV4+ui3uuN(Hk;A@~o8q43_BIzqQv{2K9wtr< zrhJQDP~2dm6-j2wxb^0__iaC@TWR1$Wk0{V#9w&29a18A`Aau9c?_)^jND|zU9R&R zF!)Swd=n(&Gp{K^KLFkJZ9}td&kf^TDy-BhA=8qjaa2ViBnpA(TNQ=TD4q_1hmu|& zpcw*K{Xo(ge;<MB&C-Dzmrk&E2ifHfAnaYdP(P(%&P7;z#k;8%Vf^qngL27qm(QPbn{BF^(rs(NR6&8XDz1G;PL0CHd`?;pesVDQ zS=vgxZcfj4T7&eHOwFh@KWpwh8xoA2s?z(MKM3g$_O8ttejW{zeUOX9z1L3q6>*KO z9bz`Tqha!8i>m%ZiBy+!%ybkapOAS22ApY%Pepc9MGd zDp{zk^bCaOT>ekR;VOYSV?Y{x%8RZ^qUp_JKDa0i1$f2phPCAZNe#jl5yswh-chD7VO`52( zZGn@C6*T&kzhy}kKmq*Qw>sF)4c~DaCM+lJSpFDmo9;@3@R(?JvPt1VUF)g}n^{hR zt62V3^HTeTiN3aFOQAltI|2wUb)3MQYCxi=cQ?ENNu}U#1~DTKGWUDt=XD?kFc3Ac zc~CgbyN+XPXkV|Ub>9g4*s%@R@scx!c+O6`eN?nPcNh z;wwNa@%##UC#W#iulBH+WM}{+jA`e0nr2v>62^hyxl>)#?+dN~3WT0WjE;z>Ia8GYx#gafbd<^Qa|JZs1&_as zmUFF`K%BZU5k!KQ>;)pOX&@*iA3VvTiOE>WalU!{##&_hYwM`Z<(z-9jh>Ln2|yuYJ3mBK>4(tG=Rojeq*-&L6E_GFLr`iwQEg52F1EiT(q|##smM1mm+~->c5w(LW?m6fM5UPh4**BCwDu znK&}~qQ8X^9_C&)&}GycqEqZPnhG2ZPu_Vc3jccrJFS3)jgi()f_m`KSosvOd{^sz9r4k>6ZCP@7c`@cLRh* zTtSP{$`I)3-XqQ3N#ZvW(JugeSnZW(d42lL`>{7m^m6bv8T!H)g;5h^7$7Z>6yAhq z2p;@k`eQ@&({N$lZvbok8@j)qb7ykx0qYorG)jgS-7ufT(qLMBf0|;!6V^rk788p4 zs}a+GNRDP5D5^tkY!IMYIpp=MxZfETs6{As@>fV7-aXE@rKOrY@|6Aq<%Yy zDH~dbTsl%O=YMdXni$)UVFIO zo7L*e`e|+xCIuNh9)O%T=Ji~;I7U%*a(vwzapjLV<7TUy@Rx9{K6;vHOyBd93!iHl zXCg|p-g3xUoj0#F3~kGMU&fFGtSd-=vlb!nt{SOH8V-`#)QqT~W+SP5X0^+j!A`g3 zf6`#-T$MZo*rt3&KY5}bEgqKq=R6nj*DK4qiKq|}TLFD$-(q9@{M-c`wz(n(F8d;s z+K6L7p!0ESN$zM}JkFST$73u(5%VC1RF4lQB z{3{kNgts1rbnZ6KhQIbhEHk&`^3%16o+q6s8E}&x+)R@F^_G#watTmagK}|4|F2}+ z^8GR*4}Fplb)imj2Ocmv5sF3~ZBQpxeZ?NwtmCb=`W?iNDNuykC=&Ph2qvH?b_y#{ zyb#U!3NSVbIUA(O(e5E^dB^(O$7JZ0=G9}7w~e)d(t?5YmwXxW=}9IL0JcccxMLtC zs8wTWZbMBvpp+^I5}RoagP43pFV<^7f{OD%ZN<1i5?lbb*l5Ig6Bww#`d}!qtXSfpQUUVrPz3f6@dRWyHRN;*9LuZnMgn)T<62bt^;0x>L z-If3BRu@u;z>c^9fzya=f){+ZU8JE{7Ty~W-aE@*W5aHj_k@iA@4|r;Vfb1c_Kv*3 zL`Zv7A&!w7fc^49D55Tw2`G}2UCEae3citav>dO%&OzdO;YJ=U;CVstUnYY7(rpz) z;wE}GaWO{%^VLw_L3PJl;piD1CEj6LLDR0YYnx9~Uc?B_n^!3LBgkOG&1h*oo24XK z1{{q;m`0Ll%yGi%cs|f3|3|nJ*gTEDfPS90vxpb(?NDDW0R!M4&6|Z3dZGYL#HHcV zNuvCAlT|okwgNO$Wr-SeRFexxaq|G+)sK3V?pEv{D_AgZXa26v!R{%kz_}_*0=lN$ z2T)ipz6YX6^ypG~1vDnZ<>e{h0G)4j(YyhlCiTlnhH#TXkC-I7;baASX$DDIDExv! zZ~Y5{w&!<(JiOhmYI0ApIUP-)Y?F&fEc)t)PgYo5qhP==O~0~I_rY)M+8td-#x5yM zhs}MHo|R_?kIY1s3?c(Hp(Z;(l1uIE@I*6GQ>E}x*l?vfaX?X7gP>Pv!5DS}#Hq99 zl?xI)-|q*K^(QK7B9##q7W@Thji-vs;VQPjDQb9H8f1uYxQkd)wIj8DuPXQ#&CI;TOM=Y`D;*2WNTWNZ92bUoiCy3ZS~WqT@@Tp4QtI$y?c)` z5fyYGBNh>{b{8GQ+72h6c^vF~>m4V2uSeW7xA(>cA!5u@&8Gc%oe|<g7@S4L5LXP_6m?|aYFdjc|D)<6bXSCI!f72u0!@rzz~iw z5rMF>KQMVX;wh8{CT8i4_g82U=Zb^wqY6_gfwA_tl{34ehoxpE&nk8CR8aajV9OQk zXO@mut7Yh?BOk&=B4Tn?0z6MD_+OgjY43Geku&|78t*n%rq+FPg}&=mcAoPuv-GK2sw+l^A4A?NPbr{Cm*w-;n}V?{niFEQY~U3*WX z8TWBS5*@g^9EIy3t!3I2+z(C?=8*;dSw7&7H?(+E4gSh^#1M zX?=OuLxV%9UZ(w%F8#}5vw>1t8nQP^5Pmr0nX$!grX_*`x>j`+bkI()Jo zNj=$DsjbzWZD>|uVW`Oki5f#8@YoFb>yuznv#35>;aHe+H8C+UAa|fC6utQAlo(3B zG+3a4sIi8m5Pp7}qw2`8J$_X&;~6@zu?RKE$cf0vWhoQ-4+;>G8ND&Mh++pOwB7WL zk?BzOZO@;N)?1U{j$!tMl`0l9-#P=y&%eXhoejjZNIata+m=+njB`R6y^dJ;GTA+^ zcBJ3#1N7A+Jg!G6oowVT zRVz4GemnEFgim#{ID{X(Q%fj&*G%?2V1*(p`dPIeJi@qeonxa~Q$#~QmMEjeUB3(4 zrKqk>$b9j|duXUP?nNF7R_%1u2*qEZR3};3svg?`20xmB8pc%Qq9*EFT>~lr7gGN& z8g+4djLDUt$GHg$?{L;SBznWs+&FEN;2qcbS8Y}BfRYoAOR6TufvcKX+-Ko|w& znrf>Lwok zhlk$1pm{kpIb!h9{b{BthD1P03aEoh;GlIeB;Wy&=h9QqK{g|@{p9I@rk|=YAlRGp zQR<76bo912D>4vtyGmVfp*83Qz#Zmj)dSgOP?>pj>7juH5&(;e_sQ9rWt!8HJp7(S zJ^&HA1sW$*p>WN9_^bT#=O!r5pJlo#CPQOde6w-kXF`oir4D3tr1KLC_J*zado#~RpPC@X1>NV2 zi*so?E$56gUALvaDYt5bH}r+8ryG@suD=fJ%_vCZS-*wR4hqYvEX<<*V^f_ZO`KOA9Q!w(2nU75;EBQ4a2##I2ra? zb_sk=RnD54CK(A=sQHQnPi}aZx&SKS#VyOzsPJfvHPhFbG+Hauz3* zl}eG{+0WaArwlz{A@AR$7NhWN>D+Q-O`~F zJMNNz0;5G_ia=rsIxwJ@TNlKNhWRG($35>fos@P@5QAHm+8 z%|7~K1UQ#*sKUP%9MO!$ykeiy$WM~Q_bx0vMzC#w%Tw!qw}ZIG%$D(eCwX@1oWh=} zEoE6zyg|LNFN*PpqgAm?`_AptmSQi5h@fZ$oYvg(qhw<=gcMWQ!~ zgvUh$7ZqpZ9;2Z~d+-cY!8PR+kg*kD{BzybgLQdoNH7`7nuJ@k1)s4NpY%+ z8DX+jlPIsmkt$H+-A4yNeerX5x!}d-RKg0hK#ho*LoMU-DR-qVfz#$Ht&AwfjcB;r zVzaq>1#FT$O-J_2R>+zCsa<#!P@TMs1~)JLuF}0=LySpqaIV&h9e>|QLvxX61u({7p{~0W4;F?3E!;lf~$#FOT6%)F*8C z_2{y-h?^X2dG~is;&XGh!%o>fg_@egHC9$0xG?5swwTKsR#l z<5b*{YzkS66SW4Z)*7il@bf=QG3FmX%m;s{_Hqn(0W4T9A7XRzxJQ6wvQ!XjB$x7? z&6l9+u>T)n?;a0j-v5uc+tya7Z57F?-FBn0gu$3m+1<9fmP4 z+D$UJCMt)Dp&Viyi;&D*iZWralg#BzsZiqgde7)Sd_MQ*`|FQ=+>g7*BWAAa{eHb( z&(n(|@7}hW6a{jzQ#WX;O1(!+$-ELW@0UN;-7<>Kfp-@_w~%^w!A$M)ocM2!LD>tZ z5H)AiFMC(PErQS|*+qOyUqbv?RY|GS^R?->uLo*(Lmcz4H*qc@>$OcH)|51+L3k!& z^#tG3gnePQDk`Q+P&LG~NIom64 zfQlB0L4W+}?XO`@e0HN4Z|~HVp>oYb9E;8%mSA$hj9&LnSGbiERi|SB^gmd;zjZw% z8R=a4(5iub+*ju~m54rOBH0M_b}c>NsH`7`|I9Qp(HZh&3#{POJnF}jEny&jeTt@x zF(*GyeU6tZlE!-S>kzE$rS_ncWAQvEL1fWlAFJQJ@=$F|w$Owwbrcl4^>~TrQ2td_ zle}sHa1wf{Ff>o6a;5mTI(Sj@hj3GR-~g&~n-wtTW(u^bjHN`!x3e$sdpa4+9*0Nz zDzsr3AJ7IpXyVIdM9iZRoUy$QH|IpE*`fg)jtRFhmZtVTT?B@r+4J(#<}bEX8CueP z<8=KMX96whU9w&Uj{Tpr^My|;jV&yq73CO`@P-~Mued|Yv~NCemKJ56S)^$=)>sG8 zk0vY^N~=>G)AdM`64$EavwyGT3FdHt#aNcK+VwEjI=Bn1yjvhM2WANn5ps-F7m~Fs z=+>cAs^Y`jyHOg6y5`WcQe2U|45~mTh#AHST6^hD4a{P0P6@mv?!5<_(&^G$F6c%_ zKhr5#@b;nxwiya4bNFj{du%$1dSmpiO2^QEr$JRF?z%HqLg^adP>iL^7#p9}ieJJ3 z>7Z%3NIilHpPa%=8Q}ksRhSS5Mo9M>T-n7GF4a662PrgE5H5k~s@W_92}OsHW@++q zbeE^@-Ge-j0juH(sMn)@y)|d@7gZmSPNn6G(>ofX(>m3wcDDTup!XL9S*2_^F!Ri9t)8=?jdn=6YqAK$ZoreB;&d{ zn{N~N`>dd-`s87r*F47BKAE0K4!&(%Cprv`G9`tf>8;&KBXj*`$B^OP(Hj9=s5r7R z0v=ZQM-zMqr6~>ut1Az^%*2TFy~FpSVbBB(5jD^l*7-^!I}9LSp>H3GB{ zi}7Y9vh6T*603w}&SsPKyN)_EO8n^o;ZxnK8_h;Eu0+Hfax`IsNA6s%GQ60f@YD-L2zW z;LFoe)CUF=zY>Ah)NKtDTwJ|(&WZiMhE*u1%+!#T1P6o0%(}46pb>X?(SUkovPqx4 z8WN`|5Kpgh#&Clfg@v_FyM-6~0OT5&fCAYm@1kL7^Za5-`A_WEal zdH!P_W+xSU>XAa6!94@qc=iCu@!16c00a9wOLSUC0UI_~%&=ZRbsc zM(}1Q#`>z_8%A2yw55XOAP!8})Tg?j-`~38<)w{g`2v3ExQcvMJH)|6xh@+A@dgD_ z_w$k?nDtk{phjUILZLAZ<#`5>_=bIV?!cJ*%(&ap5^{6$%^7P;U8`=24(6d+JKGD} zm#R>Hhu>DyanrIR&Ctv02T@_31wg?%AM#*``h>)+r|8sci)lqmT^K$kZB53IHH|k@ z`v4-JyNerWbwImyi!$?-yMi+F<;rP(cKl#iCKP(OB6)qXH+;-qDw}|^;{||4*~Jmx zPQ_hyImXMdWh`0+4qCS%e5%)OPMSH-A);vaw& z{1(qQAmPS&gxV`#U+9(Lxo^O9P4TN0w|^-3qy=Du_+Q=OOhh+yH?bvNO-eeJ^q!SM zH@K}~s+RZ1S>|jnkEVJ0*B4WATG2mZ{e{2kRot8u7iXX%56UT!O~Fr~PO*?rXY=x7d(lMlCJ;u`N#qc~20m2r2rsq{xHS_(tQ3i?xc&D{p)ot{{I2S&49@Uh=aA*1t8 zr_23>7ThRz4jp&6v!F{-zzJ0Bf&>VM6$vH=I~9k!QmEuSq&jPh}!_UUddZw_V= z+gt)=D0+M(779|qZ4&Xv57Dkn9VT(EG>_n)1i|)0!KSPNcjjQeJM%p9*zA{iY@n|g z0Y&ZXXn7(~WZ4!Z2ohu`&x3QNMCtQd8!YgV8Jp_Pf{h!nD6r8PlfQAXacD)+*L|-O z*Y3p~y4D$^OFHz!JBi~-nl}t2;8NC@j^VbPX*=V?VbzcNJzo?Ts|NuO@`r?>C`O&( zRy%a8a0o`xRPG@7-32r@E6hhQ2^~^L5a3)^XxxH_Xpo9IG5P>CUqx)&TC&fC`gj1( z_k>*Tod0uTRge`}FZsw?w;1(D6z|S+{Qa5VXgabsXLQ;N?2c^Ccx!L2txQ0APXlhM zGt6nWXN2Sx^yFppq0cRpUX!AJ=ykfI0o>WxorKG!+qjq)L#HO%77gP9Xr!#at)iU- z>cZCqcJ007`l-hpyvpU#T2^kCGW2&uGPbA}+T_J)iuF`>=KtIIY}?^_M}@Nc>`9#i z+Wa-#z`)HJ25+)bF!73ux=dn>MAmnUU^8Wm^!bytF}_V+sAk9L>j+gF?|;p&a`|J~ znFuMvFvyBdrNk2a!BM}9O>#hDdy%w2DJ$e(IsUJ-!7pQ1@L${Ku$I1ijQ z7Tl-}h{?~&fJnA5^nFF(->!;(Ow+2Owi+dP3O$2}n{elAtkMLY3@*sch!0HN%*9$5 zI_zjV`7U1S_%xL=fK&AAw#QJ&%ax6HwoOoT{CO`QH^}-|T}|=rP0DcBpgv0eKw}oN zy_QaMX^}qpP>g_+(Ox{`(OaZAH}eiap?JO#lr!ZtjJLT&v%T&0Bpu87bB_}A&VE%fkm#)T zo}W{b?a6!j2giRdz;BIiuJUSB6ew$@Z`(80p3Vsp2=l7%!LWEZH~#6O=6)*q$9rj> z>|gx>u9nqk9&dwKO1mhau^kKM!l>I^oZN-R%9^eBcLFQ`Q1T5+dR$@BTVDK|Rfs{5 zg>$$z^~u0qPhr}bSX#4Dk|x9GV2lyuH#lTlEjE73jZZjEw zp_ERueM-}66;I)yi{+S`Tnl-%~QF-Uk91E^A=@4n71IX;M^@ zvFp%Av3Wf$Eo<<0B&9k5ziKjda}eQMBjlIGU)~=~gg7zyUwerkww=EYqP6qtHq2Tj zh)u^AWE*UIx9#>hP;-34@%mf|lQk0QvK{rYBVym+Wav(&l5#Y3vWN$4#`d`MzT??K_Dyp-{VB6cK<%=_yfiZpG5xCYf8(Q#7zA zh52PCKv0J&%n8k}CKfd7^%Yo^+|!?8WSM(E)@KI{z^##tcI3+6WGkr0+9NoOOE;_Y zqyUUR_B*n4njb7siW+8UmNJ@@&RdmS%{Ql}LNLZZuM2~|7gtmNGN+nmg+a?2V9;mX z!Q)@cf$inw1B<1m7$8`4=J*f7%X#b$P0N%V)}@ofo>ACq6_@KUXL|gD%)*E$nk|ro zIr=R9zTY&kXSwl%SInt;#(lb`(qo_+T_x+0zZ^j%P!$*u(TFQZHpzA8d9(*mB&WQ1 z@kjmvj`2DiuJp_66Ur1!$u$zk*K7BI=_x$eM9cZGGmG$bvd0pnVtX;dN)QRDTdw)q&$3`Z)}sD>5SPabZESw6Pnu#Q*P zL7j~6W~*?$ybA9X?VQhH-T8Cljr(cIE0bCInu)BxZtK7j=?+|b7;i8j7nen1iPCS7 z0Yn6BakzwCcO1^ybJ!*^(#Q{^$@*LXZ;mgf5+hw|~ zK?Lmc?n+aqC9{Gxuxe%^h|gKKjFSF{rTOgp(e!uO1sswf9a11qO(py_+Xy?>eWGF& z4(oSsaHh1T68z@R_Y&Tup25veV5Fns1SDGz~o~TB6t(==ZAx#RnpO|SBXRLvJ=7rx>^HzQse}p*q zm9^Ne#qlbQnt`sml4e>_#c(dv^6o?H54-U0vjfYPaFrt z?>JDUK7aN#--eXGuF*!GdyczThwF_4SvT)&&##h+s8JP_O{=@(&DobVrd!Xtb$~xJ z@m9-W*pb-Nk-3%)9*_Y%?xW#r&xEkg;s#sl4awl(y^?Q`3I7ssr@5*x7p@{;Nb5_MM1D0%uvzg|u3(P0)*dz)|A2rPBEw0b;ztnPGQ? z&~Z6(!<0-5*bOkz##MwlBNpW_Jq05T^vI&+uikE(kMX5qFEJh`0saog%e}2wf8k{s z7mL(5q6_^iz_#<+3vBWfH1T6PnzAuYHtPJ(`SqE;(B-`)&+5F&)IzKW( zm$B9q)w?QyY8l65T_P?&ncXdjo24v(a-QIvW!Gt6-?xFof?v7hSEZ6Em{M4zShB}Q zhB|G)l?NWm{7Yt1@fy4oxVEBlWeUProq+kPeY^qJ*6VW=&AUifa<^dmB=Kvq86;K?}l<#I^`&W*S(uHzSVNWLceN5gAc!!(k!${_JV}n>GboKUKyDv)_Xj zMxZmC7&5`8XO->E`Mv&S!D9qpXh4x1bJhKth{50#-p9emgKmjOaKX7$IzLA@-J>DA zy^A`6$6bB2duh(&rR2%0cEyRH+Wj}u)idfVR6VIhA3I9?b$7Go$U#M^vlN0MIQ~!G za*i?dz3;r`@a(l)O9 zNcli^jp9BxSA~|HIlnKYQVb-Ucr}}XdM_vU2Mf5;&JeJ%N*r748#ZCqWq<0!D-mQPUa*!$oZV9ocK)xN#?2t&P1dqvM84H)j+m0Kq&34PQ;Y62p)$v zetkx53%lp=glfdAUVK-?`({bk)KEfWL`qTh--BQB!e1Tl=`S3OzOY%PbIZ(x@)vV{ zx?auCnx>N%L2bZkFH!9ML%>fnf(Q0KJrN7hI0Bz7&w_d6@p@{oVP9Ad>UI(;-xYil zm*ZDy6L5m@B}rV+ILan0{Kbn0WddAqb!y#63`}_ zGNZZJ#*e*bRc13|l?x)I-r<^4!mcUdD9`V>!$iNROfzhty;H@Rf2{D?#)_1%*9^%> z#iUTeo_XuC5b}7|3iu91O%fd3rUV>B5rqPDu8JisxiD#Kw?m=k8-t%}&S#0z)O*iH zG{mM(V3o69V>=>?=1nrHX4xV;k}vSjHbtm3K!({~LXR&^rPr=rIZY!&dFj?9z!CdF zHetwdSc`DGjiId#)e#f#imKm^MI>ze_|_$=@^w}vo!WQm?=QzxAMOGN(*(cq_?EC2 z=PDIOQf5AEK05l_M3co#!1SHx3YD*7{LaAASkz;z>IClSeG9Wi5u?>#k~5v` z>WvYT=f+x9t0UfLj-07}GBM@ewxkl)!VAr|SGAP}OzTg+E1Fp^Hk;uz5@sSW>O8}) zC}ff|+~qSnUaX#Z)h=+y^<;;!%JJ4E;VYcW--k^snHjwxDI#F8o1bvz zye2urFFp3wej6z)cW%Sob}Y*y!s;`CijvxTk@W=OP_7yUg!9DXqLpX=LG1w*@J2X+Bgl*cI?Y9 zp=y^vOPTrtK){`VQSQUAVVis*UsOK)Rw5khN}1rRQ~iV~W~29)M7EonO2CpgIr=tt zhC6ySs&i#U|Fhi1u>E64)zH|5>fWjDiNwY*}g5w zl>6;f6*F^JD|Ss}P|rq;zAK9I3+q;|uKdt%Tb(7kvSjsiwVC2fzlBRul+TNlkBp6> zb`uw1$@|o{x1pV5S4O*2CVnjrn%0LM^V0@X+^(fF;wU1*EZ1~~3}5GHI^;4MnpzWeo@!qHs<&bED;HH}Y z0YQlm$iD%c(CH>1JVMvUwkOeUOI6-8qweiC4702e4yMoyu&BC8GVmC)s+-;8N#>{Z zVq*Er9--FPXeUaI*n(>*SWE8i97HkL}ad}wWqtbAip zxhz~drBYd$S^0K}LdDclYOst&xqR%8LnktnTwT;LdZFuW&gjRHnV%+J z#3V~Xr(f=>O8MBD!kwX{93S2}@p!9W;+O21W7CXn-;V!f_91`lLUYWh0$f5BuSF4? zr`juzznE&A_+e`GNJPX$bmc@>Ro$wHO^yy-3)sQqRpZDg zQy-KiC;Vk?TdG*^ad?b0km~_VT^|SV3@=ZXfNRsN4?}{+>J-OLz~sA&X$i{(tuT}^ zb*uP6plnf1UQT>`vulPm@j9XMAoKpY(IE-D%zahuJa02jl=~W)WoOGs`iHYF6K5xr z%wHXxJiYq;<4uMin$3>;!NEJez6=}h3`&n|XdN z{!+^H8}BN1#TZx8ePL$*#Pqh*cd%IfjLXyu_pylKO4!ILNtk}`S0$<#4w6((w^s@y zQpQJeh1GYLM7;c-jIg;LVxl!z%o{UP(06fYUl1`fzIu__o2xsdGn>C2*jPDHQ&%m* zXTm`#;2H$`c=!MfAW=v8M+mjbt4;%njq1k``pY*~C4c>8uC?{{9$*|wV=d~$c?#=V zmp%}pKTe%csI5JX_2g9UO*W3*@H9J{*O~0kRT#_ zrcZ`XlQWg0P9w)`Cweo@G{PsfT^5drOBb{bcQ`0?edwIgcd?kfx?|PCt~VLfDD)_;&G-_hRW+2nmh(oO1* zjb~&7x-4z%CnHU9;PRO8kwj8_ z2=^i09s{my@>*akt;h*P@OS-n+i0pird^XHUrmeN`D@e@Eud9LJvWAiOgwGg)o2^> z$J=;7lPr&ZAmI2;Ph23mtQU4?j_pdBNg5EjY>EgE?$pq-q`Q@L6bE3PrsJ5|I3@vR z^tuGRx8zlEilOx@z%~-WcBNKe; zzr5=h32zKrE~RuuyqoIk37&X27BQcp^O@^fA-{bRNQc7oTNpvd2cSjjiK6Jb*@apa z|8)mct!AP^PGNSu<5Fd&>$CMFO>uCxEnF*Wi%t|?^!g9{kIsw7-J14;_`8b#y-ZM? zu zZ%Q%uVI{w#TPIE~3G-)GIH6+tE^77Sh>@#NRpVvkW(mXPLkUFiu)+eTy#rQE*QZSN zZNfkF$GIf8vqp}Oe5jgv?J{jK@xXRkH>}TW+I_m|{r9UU^CurQ6jgp4lK9QMV~}oQ zVS7>IOt#idf9nI`T@zAjwQb7Gdr`%^LP_9m+wztLo$b*d$QNeG*X9mC*|A#5Y^=4BsLrpP`B0gX``5CM0oM|S$6O|=$}S8? zUohK3Z3!R!`{$zuG^NUMzZqkfxbpd?jui<_u&4@6afpkwX#@m2%GdyV>E9I2Js>0rg&~JCpvF z?{zVj5B1#I8ay|P*J$e~3HS}J*3}5O8!{qUOHZ~fS-t7umGU>&Lk?*UXIEMaeqHCy zcz3RHM@yGO%@VRQA>ruck~us>@;8Y%dKiRP{-A5M7VpGzT%1U}RE?Tv3<3&FzdJHM zIbbf*=*x^}sRJ6Av6mw(c(8=HRgwLw)f=n$?x4$w2TJerOF+10 zJwsH^5QY2#Ms`PEA6G&x3dqYv2u;X&2yQIF+L8Un-C>}r6ImW?njDnXODj$IVRGr- z)2)Ah59498ao^{4qf6q5%~M$rQVim4F7_o#X8{0-ye5I95pbinx8AHkKxx7-M?C~; z@Zt`UWiT}4E0S4Tz2lfa)j``RN1dExG_ygUmv=k>sdQ^iZuCOiJ#{$57aYA}8FPvs zLW%?SK+2*6>6q(sgcy1cxr@!{qZCGAK>$Ds`5hgDCv>y091*B))epdY)na`&{%W*& zLO&-foaZraS#t7@IlEO~WC56ZF(3U=XBX)L{G<7Wj3OP8mI2M-TPHlD&{kv<2)cHV z)aoMa^J38>+~I2~dGI*46e#Sczs@b`ZO8(||7bvxC(##)y{LiXUK)dbAAlzdNarv~ zO~VQ6u%WMdli)d8X96*FrFj^);QZtDK)-?IBj=(+j7B5)wU8z$CBb=u`bHLRl#Svx zWtQg~4IoZ*Ii{20b5zB(NiE7`SJ})bEkML8n1CfNVVk{@O?&>xrhTuOStAvnOQunS z`+z>CES639-c%V0{<={J= zmV+yskWwGM40RJN1WgX-#4GCc9sJH^_i1ygk#V2bUXXJcka>#qX7oxWfDc459!Y?i zp`mp&894JTf^RQM#7%gqCtS9rQPAo;t|{|3dTGGpOV;JP6GwS3zltM_5tblFneKyo z0wRV%z5)L!OLffhacdHW)$7KM}|1YJ|fdfeyvxgd+MR3#Q2yU+Q z-vL}Co1I4?T&=uXA&0MmZ=#Peao~tSrG0JVH`iMLyvM`zkIjTb`dHbo`xCM9Er_#~ zI+g%!`WWD4W>@e4=o*c|*3{*~!R9e8{`&i0MZtG2!Ee}T6vq<8`+kxs$w7vHlPP_U zf+unwjb_i2F_(~7a{uI3z`+_#8s>jsAE7A)5GhT8A z90<_nwxctB0_-LWNav$_e2C?si8u?ID?kcFUaqsh3*cfk^Uc zzyositB~Hmr^bRsReabX3ua>wJv7)e)F|Y;JlNTRB;FRC;8*kP%}~3%pHZa~e#EUR z#R$-GR68cSe1RRc1)5diXM2nSYqunoj^%fOtV481~tO z55&p#T;5~i?F0SR(h)qX9aq-wc~F-GcCr3VFR)P6YKV*my?3odT$^!+29$MTB32E2 zLJDK;4iFkgqPG<)wYknPLYc$@Q`TPtr3=gN@fHggSWKv5+9sreev2@$#elv2;Xe>#xCIc{_`eb3VwE#K>7XA3v5|5& z=p&F+9o$R0642@NG~o>PCqoYd2t)&XteKYJjqrd6BTv|n)MM}?BSy^@atY{Q!_zKD zbm;8x`^bsnBSN-0rpmgO!^VQNWVa?-RK)UN0%*+ob8Xi!Bc!)^ZCb5REyJi~wy=Q$ z6u3rR2NoX9|AdR>nDmuuGw7iL8VS(NgKwe5tUL zi@=Y?v%2uhGJX%(%?^9Gg9I=$2|Z27e1JzQfN6AE$vVA9@a^8SzsA24D8+ek%VkzP z%aRwPeyMtWmo+xaxt**~S!vhUCKti1{U3H6fep~FSqrJW+B17w18%k3lHymdnl4Ar z53-XwI_r7owfy#`uNRzIBKw1K#{>QsZQLhF1Ci1 zr$hoWef&#|sWkglWYft<3($Ap-fjxgg{IU7MHleq4bq=K(wA7a9K6e(E#9zHX>Oy$ zMXrXRxZIbqIR(DFmv$n{l6z~Ww1w!Q#=A8Eh13_8h&?%Boy02q=hr+r|F;vd1|lRFG?F|2cw;96A;I8V)aDAXk%DRMvgh@RSQYp z8q>l-s}he1kv;`jZEb^YxiF&P1T!oZx+HMD4nCGy+N_iyra%8Sbww0Iy&NC=dQjX}n^n>N`LVII*#=!k=~TK8XV=E^Q`_ZknEC>} z?pq6*Z62mIz%*jiXKf8=YiukCDgFvD@jgsIs3**UkT*a7SD-_7u#n4Sluib}h6IAJY!F;78 z_4r#;hwfItFwS}fwkzU8X+nO+JQipqmhZ)Y1lF2c;$fmSm+pepdX9!+^%T;Q{`}f^ zzd`r-J-C`8UH@ed5?SY+jzadJL9zfd<$5-PzZtI0{a)1*`>#9zLhF@fZ55 zsRyko35=G&GJ>yQy2D-DnFdfpC*D5m5WfQEky98jn!lkhx?RAejBanXrj zKKE%5`s!rF{0A_EIPiV$Rb0C>5#F(GZP`#7hp63(mc@1kQ^|$8mW*R0Uars1Q|yo3 z75H8{SOswtK*?I$E3V-vKXe7Tr`*Dj?{9tPNZt)FV9-Kp3r6`ttv9 zASJRPYz3;em4mh#i|5X~tTF#Ge|xhJ@1m|AEuv;?#~T9#C%krqAbA|h_ArOd!DhH?*3i~pX{5TI5Qd75%_Ng zCd$Zb=>%yV?!csB+C9#s2p8Zf!0{(ow~Vo;m&y^tRVJ5St&ec6TIn6ij- z`&}w#`<%MXc=UYV7b>4|C(zZkZ(_96%%rIQR}-zzO=%X>?`zLswqjGT@9}SJCP9KZ zl8)(`9oeaVD8~!W{g)gJS#s)800`29-H5ukgA-|<>Dx3fRG1%=)SjWb_}93=2TaomgUC#L5d$I@dbZN?~AX( zFxr$9UGd;GJcyCbUHQG=9@>uV3vji|}bOkIq>LE+Ug67*|Wf zKb{r%6VP_FwA?MEiP|r)A%ai?BQ9No!SMeHTJV+RnzE;IO<9j%06LFgv1M^8xbeUZ z5kduXM6m%~s?rz-#k0Kd@|yF}b{LI|RlA9Ci%2ZbTMOJpvjz-zsiQT>tdZd!wtJ~P zUTA8aQ?M)&|0(Bg+3kL&Ftjh}Yr*6YUYZ4vGFWZz0%=#v&>08qXr5?U8<5TRyE@W0 zA6ho8RL=3Yaa%E~W06S=bdfBzuaJ`=u{&Yz{mpcZ$i4q80xwvP_A>K@@Q@KY@7$2wA=~+dK}7L_NlQ5 zwcy)6iT>a3&lLYxpOrTuJ}SF`dU*c@&2YZnSGd>Oji}F|ZH^-nXzT-rz?MtCPlBUi zS|f#7zjP~!dV+n+iNY9rA%6&@ccu9Z4Zph0x3G{|MVdS;#Gc~Qtgq@?o0t@^ zKhnE7XJsG=pUwL~+8-6|I=mZHONJ{=lQ1=4e`n2RV9*Yglz;=%Fx4UvQ*V{xHYQ{} zcz>*5f(l~`lwvID`4K7mtLx8yuL$?Sw@|_6&N<|VhMDW`InU8C-G9c%!mGoOTnYQD zSOP1qkY8YK3-Qx;An2%8W*)x%MIMqD1B$(4HekXRAcTcvfhqYOZa{6(Uh3||Q~&0v z`Xqe$r>Ck#N0~^xd6<{6wGNyVH=Qt5DGq?lD}zhggSe?+7zcC!JIh; z6AbyeHQCi?#_rl&w5EX~Ey&WOO9MPy_~cFtu#J2Vch143f*25w9y=?8j6qmlb|3}} z)HUE9fcKWwj@FNWVR{H9s%&NwtvQ7Sg=F3lde-8*%PEql41GJK#G0Kuc}~%44}ST1 zGYamw3q`u0<8KUl6d3OJ3yQC`TfnC^ze8hR0%9weSkA$o1nqiqLU-~Pg9gNy7$D?P z7BN87;>tf%Lj(^Ec0?{9bt`;o%27xI*g+oN*-QBFJVd3{0-b>Ak$sb{T-D!jsbP%+T+4&Lr5fbMkUB6bvoisY8t3i0! z`Il%qIRrRdr)7sB_3Nkc#WrqO@Gwo`;C2l!$Dl*JC;O6E6hU#55Zwfj1T2f^u$Yo% zgg`#Ya-yR=dNz{d8BB)IXd=^AbZ{dIje$~Hei0PB<9e<7k#r`)JZ{+F z@1Y*Eak*k2lXl9XgR#@{O239OtVm&QLnpQkVt91w&yRIbk#s)^+X1iTiym$vt;j-l z2LW&aaT;m_kH#w$cRZs4*Y9ge3aay3z-PLH!u-4Wd^K1-<-EY?!CJ0ea=gXD>un>=sRO^8lV1;8B`areZCsl`imwHP#~yd01y?rS8knB$ zg5^NLdSSNYh5HZHyXTy^wKOH-0qOl}@$E+(BEZ?|eqkvzkCJ|TRjK}sCbLJcX#{AGvT9v^t zvCjL>sp&G@n1FDF7B3-A`$L(my0#(fDdbf zkoIJMe>%qeo=I#QqD>ZBcj4`oj=p{1CJx|vf?YtSqbe}!o{!wOa?ozb0C7s--Qx~$ zk|%pP$)3ppEW!RmwN~Yk5daiwXlQ81@FzFl1t1k92u>A><&_ygg@Ht@>>n~Wg*W6) zEG2}M!HI0*+_wR%9uEyM5@(GBCjm;=xSFbb`>Cvblh=oJ+LrnHeN$(AhCl&gcU|q0 zNS_K02ijC}OQ~1hdMVzPmVC*TpaC#3q#h+l-3~%4-``2gR7NB3UA7n!7`Oo1Yb8I| zry9!Uh^csKq%2lz;?*&@nDdT?2<*!)P0S}DYjSa zLejNr9&G)53<)q!U|*z2GI;%$nxRoZt)7+_s^}Nlz{Q09xkw6K+T1KaH+~y~)SGSt zPN`z=Fp{x;zJI<&Ub0Lj|1-wgcJHdhY z{<&x$*LnJ%XDTKcB}cKqlLXP5eDqcOTG6v)ITY5LBTp8x9$Bd$B6Lm_DMJExJ~n(C zoK!eiYhubdm;nx9J2DCA4#aGbUnA4mi{#y60SzPp4Z1Yp?d&FJ{?Ea6j^Ptjmi_g< zf>|}AjE>ozV9w4^o#qD#0N|?MS7_6GFve?c)tzA$3Vxi_z%t`JzaW$h{lFjVfzgOjt+61b==9nkK) zdl$wc-tsIBa^K-+)yOveC^a~?vxQyBxSPO*#lLuMsVay~WT|-JxkMu-c{5IK22ckP0Z z*4-UR_0Re^VDLw5)9l6DR_gV2oUY3Ic`+jhR01VNfmdFL1_m0?{w;UFZEZk)EgRZ^ zTnaXWA<&RKz<@>sQmp~N?g;%vNrNLq+nBsKu-s~HiNT8J9M)E9oOL<;+kjxt{;0!M z>F!LQd;3)*VbQEnMc*aHUBvWK6Ei+9stWxr5Vkf|68x7I`je;jlpXoefV_M6uDkp} z?G7fzG3xKQSkn~?K&@cfFMm!y1c0;_Mg)L4=*gm)eVR_WxxKgLtdW#CAft^q-=ik2 zb22MGHk$l-aQG$JR>crxVf+ktxYn*;WGICpx4QZ)jm^;`4Mg@J#%}ujAq9*B zf69n{4Vk7KCt&nCmrH>bZeS9@y#W~U;0i!U_V6TW(t`v)(SPfXSuL{MhPOL;p{mOT zAC+k?qHx;-3?v!(EoXfI3EH4IqnQcIX>|B4D67-LguV1JAd0?6IN-i_m3y0%$epn0 zNDLT!T_~=PJq#aQeNyJ6W;Z^E zbh{I*Q?R zJev-2;cw>QH)%zmomyY`NefV3=<6fD3y=}#H4KfPm+YjI^TVqPbXkJ+GN>1os}sh# ziD~ZErc(-2krDRuI||bDcs$LHf>z+ymmBt7V{Aw`)W)iVpA;1Z^ICup7jtlEx0m9* zpP|i)CvFMQ_Q@d)2HZV@R=Hh3vqMj1kc}K+`>QxX~_3~hDccyJ;)f8Rhko1{=;pBj4_9> z7}yvElfNbiI_TCft#;sFzW0)N9f|Q;qi8ujIXgM!PRoq~#z+ws;!Ya7J-4f~EdI%} zYTkSl1Cgz%2wNT*I$m5jt?-O+Ujd9k-weQY*$rkE6J*YG`O_;%<`?_P#)RGTC>~^! zr}@_kFSmlluwak|n+aeaNqI}t({CWYqv?c2a)4)&zf7+opMFo2EZoP?p9`9iA(T#< z0UmhIUh3Gh_0*a)ZPA&rd=<>+A-sK=lbRjodG5nMjOSd#h)h~hfm8;T&@rS}T}jmE zdc&>07G8I%nI=vb8>Y?5)+r-m9CU@LaLYho%%OFMRHo;}=f>k;Xiqk-PfHHIwKvBQ z(|uwD%A0&8(m*B(49|uC3r)OetsoV4P!z+$FaiIN9$I&FieFy-5$30!m9^opIWZk9 zmg}{YN?uY2_T`~@6Q1ck*{FR(n6?+@qhP^2FsjmfUTo)DqZq@d_TW`rWJw<@Ov-!| z%ir4#*0=|N!5*QlN6sI9nJXGFx`exsL5amfcBS@Gp!)+(t@qBiX|73Y0D;wbo^ZST z2m*g2SLScL4rkE&O7d$6Y&cjuuf@ypgjy7W9Px9dNR#gg1wwDt<83ZB@JzOymicn- z?JyZ1%!k+405vjipq{vc_@(SE1n9Q7%FGD{%A0VU1B-UI@I(!a!k9z|`TI4xg zrgf-0f&K5wIeRoa_CfX2uV|>P!5!vfD&Y46?Q&S3%JG|rn!pZN0nVcQUOe<9yiOPRgi;RxQ&(j!$?4#hTs^9GBfKNwQ}P4^q4EOmTcIs}&RQ0R#P{sE#J zMz8E5f_4&iVs}|y^du%hmr&j?G0ar62RDvP69EJJXLGW5&nB>dXD$$6khnrl^Ydc@ zh&lz+skdL%q(XDx@VQ56rf^QwgAUaf%#Bvtx zJlM4V@p=)i#}jHg1tANZ>0{8}z(P(Xf!rzfom5<23Ulp#4rZ)z1RR8IY3eo=kS&Qi z7kQ@Pro?~7hZdf3*VqdDCWn;|ZJDoe9|ZkaGaz_pB`YrOT%i$LO%RhWr1_wX+M!`P z4n(K%8~lg2Z-Qd#h=xu*l#piytyAeZWTp=Be06}rxS`z-u|=5}^I1v1M=y2Mwdw7# zkAhej?!K8Ve0YdMHUHZ#M+wR_)E#IQA{+RdoFBePz6=c;&r7_Fk~0K-B80_h=!A#u z`-K#L+m2gQoDfjt4O@CLws8XbUq=St-HjNs1#d%4@zv{U)O*OQI(s<=Ck9l|k^7AZ z5(vXs;L%6nY8wo@GmOAG)#BB(R%nt?co`I@^f%ys-3>#TD)cN66d`*{=b*TRXoAl; z2B?6Fi^~`3=u1#bMu~ZAz~LU_!Pp(#3(+p9;YDX|w++Y3y=ih`b6XdU%-c>`m+Q`i zm^BPYgHC8xseLMDge-yz|i%5Vg^Od{1QZrF0^ zG}zQ2;R9vjESj-KV#Nn(`AcRl&j${y=&0_^y|5B*xGBx_3g=5K3f?JqL}5Dv)!^$z zbd&@wCDzJss|93U6^eRgBi3&fQGX(5-3`be8L*S-7K3lPGgAjS1G2yeIC7>PvQhBM zW$2NGCc9U`?&6cMCbGZ}q(gvMSr)I?#7{5GEYpHWY$gnXFZQt^&-jNYR8^2}bor!+ zXsXA5Rs$7kHH{w#amnyhs`;wFy+h%G1xP6RheJEwK9X)(a+Fgr5zu&HvwZAB0@D-0 zU)^Xq2nqvlZ&cW1Q4_?cz+W6>7ggAG5a)WUHV5yxCv3 zq$N;I&>_nnfG7kUWP{ISqC~u!&(|p`%`_yTm-|CN`yR`lC&h)8jbGP&N-u=_g(*`a zu5irUx{m3_A-K0@rEvZk_l`b9-Mu!IT01<| zPhd1^WS%a5>EuD&%tliYAnJoS1)?vgU!ei;?<|mf${OMIz?*|EvHe*PVVBK4!pg;8 zch$k2ZQKyc`IjdRJ}FfesZ=SJMHsdmuRYI5R-@+YLEU0p2PYkFQRn!Ui#@8~r_rdl zascL41axSm^BG7BM^KLTSCE0g&n6(=0ZNoFxPOIKpe6A$^K4uTiPhEV&d}1y02$e2 z`~RK?p&tdQpk@q=Y5HXBVj)C1K@|b5k<`Ayp-3NYn{TNo7J9gUKL8}-JUaPn(X9%a z?JuO`&j(rru{3o`tRASXWhPJDnCeaK`CHx@$LXZmNh zPAj(8iJwkn?9G7$ch5SphdpF%mi*-un8(n~a?j~Uap5qd6qQ3kFN0hb1#8*#wH`GM z4y8qx)!-n4!SD4ISOfxX-=5P*NBE?}57c|YO3~W#ifi9T%Jc%D7=U<3iDRms0|Nfa zjyg;1>lY`2>xb!}UbXZ2m<48IIEFMf+tAezO2vHo|s3ssV^ZC4#v&D(ey7t;P! z7Y*;7iO#JvRG1;`i)`|SOcMQ@?FOm}07_XN8FA&Gg24$2xmaLI&OhzeKQ9G3?pjTx zBQQCO0p4HmuNkX7VXSmrFYC48(&TyVkrG6}X@(Hw{ zjBi3R;g+5ALVp1?h|Y9q`{nI0M&cLz zq5W=e?cBq`rh((S>}J&jL5L8fv279;_-308dNbCZ_3<_8%MgO-0J82O z{3!QX0hMghzKWwRRrG%REXDh=fJi*TYESlN#@VmEYUwLPwQ?N z9T7ZFD;?w{b7h1VEgHzL2$<2TX>R(_9&51waNQ&=Nzy<;u+Z77`3NOfn zI(yItt@wt6fF`4R&+s@GDrm}i4yqD-!rmP$O-j80b?Nva2=C8q=oZr6^urPtZxEdF zo_wRYj2kFd0gA=KVi~7qy&i$6N14iz+#tajg?*ZiuCh~kxJu8mxTFP%eDZ=Ue{4BO zN7044rS7`NKR_JV`FX5FAjtJd&;yobgB50*OE^S~0(oA>LV#v(F>PFs?+i!V73xj< z^WT%PQ)S>M_qPr&-fvR_?dm5&bq4?3Og5HzCVf7^W zhqoNm-Krm5cu~i&&!DtN(W+$fSi{3x7I6ekc*o@l5dd3$x4Py5b9fQp0n?7{i0dubGxtdLu9T8)M|m=mRyg)z-( zsB(%==Fmj2i6?r#j2-z&4O$o}3*2Ib=^>z&1ypPUC8t*x%mYF+GFq_z)tFP=<-n;O z0l+DnRHG0N&MRaKiy^NUa1%JF3xr0p5q30?n-Z=i0P-mZ~W@L%Nbf_Q;Sd; zAT|nl3&oP_z-d7Azo{=;lJV{^FgQpii-M5mq>7Ca7sDFk6}>H=xNTsWOJTWk5xFoSf!EKA$Nh@DMtN zY6hVYE-3g6^M1O14(x6w_@y*1TP(n06uqr28;Qt^h@RU@7Q*1JFm` zaMlBSfv2vC9nV<5;`jizqPl+|^`jJ)aMnnx0J_3gl>{HFpTI8&*WwzROJNpS@O{L~}&h19OIAc}f`TCqdX z5Q8p;F}WJnepKXb3cU+&9e>8()?oNlm^f{x(wG|Fnq;ofr5qUBbu}pye$pVXC5A>iC&> zWI4U376)XcAgE7eeHWB=0_%n$H|L~TZ7}xFrg{G@w5Q@GVp-_G-+Jh&L6=^3qO~n` zf`Kk4xM@n~-E!&1phi|EZ)HalTCoBRoaqc}Ya)__=kGZ%20CG1Uj+ax=)9dUUI~R* zCX?Rfjye{rT>&deTyH;Bm&`=DNVL1Ys*e6vhTq~e1Xm>M@VCvsWnfn3eL7uRR@e`s z8w^5^WW6@Nh3ttmyN!VRZYf9_j=%^+>3r>qgR6mGHJz9o=o`J3pG}}Y1~I0E643{h zG=dn;nMY`Bp~CKIr$rxUns?}X?ZFQT&?Op= zovwQ2Vn|Zzx>9SRK8P6vbCqi#f^a4@+nR$GYY2KNSgkPo04vM3LS3qXEYhVSu#1Mf zPm2#jEC2*MoASAP9(EOg0f-nQ5KYEt!wl&q<@XiI*#ssFQ9!VONanes0PH$ekxLZN zI}|c(bbpesPTb0lY9Xnvp#yZ$F-^T{xG(D_9BK|~zm29m7Z&iR4^&`agaak`A#{4s z4A8~jX<&P>a+6oca04rcgeXJ4vN0)`Pi@%FN-2q^%LClg-<$7GQnKhxwOJ@S7bAT0 zAvH$a)`3sGZD@gRMIy-;K$(DZQT&jA$ib3Q)Mn!r(*KB`{SdmWP&xx#m=4!9V9<+N z$-bBW1lnrt@+Sc2^-vkY_At=igI6E8WQ7N#_S_gLgk6TX@2X-Q!_Bh+s8e%ik6zX0 zf4pLZV#UJS2$1j?J{ixyq!XtBzyiU%7luRmz}mg!0WEpSfHMYUy$wJGaoT zNr{mJ4^cxO!`nADXbO~kmAYH*W3d95z5_~pzJ`W?pDqG91$4sb`(EJ$=%;rUj8213 zEaV&5C-S^47F5yZAne%JjjA#2s@2i=18u}#Y6;krRfh|sp;SDG+HP5AHoF?=w9{7V z-*VJa&NDwNoj91WUXfTW%weT@ z!W_V5;{M{A0{QX9$BP5HpIA77E%zZ%t5_#?jO=Z{JpJzjZ-IPI;In7~*M7r@&(7Sa!pk3o$sB+M*w4xM# z0oyj9=Vz+SmhW>vmq8BBc&Z6__fQAYa_ZhR;}ZpW7l*RiD?}44&~fI*=gC{VWuBz8 ztH-dbA}4xQqMQxI{J%#GUA$xUx9s>>&6ZGAxJXG|C*=W*};{Xik6) zQu)>8P^=`!9`Sp8P@n|ItTWZ-kRqoE#{qR{z1-cn0}6gKchPMMbfs`4Mi4qqpI7d8 zTt2k!@R#>LFMQJ$6*0eeCMh^*e&F!EY88I+n5naL0*S46fJK+nfC(scQq4%5JWE5S z`>8;Dmf7-GXshqpUsmnAbw4IDn*QvINd_Trg~h4QN9~?is!SZL+^lxm7FPoB?I6fh ze;b0%f2xIAB zSDujfoqp8@($1r*1eVsU$PnV-EW?I2if6kL0pMth3^U<-=!?T|mbIV$^u;Ejvvry7XE_y8!x zY_HQER1%!gRbA)ms4x+Yzz)VZZiQb4;UBdfyToxN01bfN4wL1>eBf{an5p-C054!; zwTE>z{0+krWtnJr-*@q0F3s6E`(KMc#wsA<{Zt@8Q(mGgLLuVJ9Xto#Q(M?hnXg@M z;%2^N+_pqSnhXPkGG{cksb*Q|ZnH}|7MIvS8)gHcm=JN>_nj$yRm@6oh8!F+-gq&J zH-OWD1#v)T(G$rOFP4@7#4s5ve3KG5!r3zEnc2X*#=RT@#|tu;mx70~r_j_jEA4uH zCm>POd%?(?h-)IlKPk>TgPYLD(+yDPg4$G`?FO;Ct4kJj>5g}>-3zM*Zbs9C4t`cy zC-#qomRXDz9&y7ZXn#Kv;Hy5!#tiOc7D0x_F^f8xMf;qoq4IuL+-hmrA@UZNST0_v zL{<%xE>?hxVGmkW3!cBpY1#mNOZ{uw+Y(-hQr;T1;EZ7XlFabtF-02p-xm)QDvQ1c0Tbfx3A$6m0vBnyaiR z7e~hrjPF=-kter4sLFqxKyGygHd6CpDV?0wcrExrMKdevFHHnxLf%ZfwfPK9(9{c#W7>$V=i%1~*a2UB6C`!wWn-brO3M$W{6 zaxMu~3q#qUj%upifmX<}y`I%+c`qCcm?Jv-4dD$gz<888ZG{~s$H9-asBXp727Yvt zh&pmV<8vTe*$r@&q;y9pl5$Utiz-%POWQ36ilJTsRWn!t!&_5BvUozwD|)hRZcsM`~Gl+4Z6S4YkSOt z{?P(#3HL^RbZ;z0qER#Lzm-3>Kb*~~kpgJrHLwLEl!Tm`hkx}lEi$-UVzLP`>_%&* z)6dS(#5_^zKKMRyo6o!B9LH-mF7Xa1;SH9O66?@WcGmJqmotsjh7J5Z)3DZZ#tgMN zI9G}sfNjO2AD8{>7RN_}+obI$_`3bU*Q!U)Ey?HTF9!sV39Y_WDxXYS#D;ig8=@wf z=urR=S=$5NM?6V2=7s7YpuT@X9jnteS^%>C?;b*^D8v0Az!xE>0brz%o6k1wUsw+| zI5@Dr({_7csGVk(jakUUfO)Sm!_deC-~9u4lq!HG&?^8`VD1{GYmnw1Ixv6s+t{iB zd~k{z{`TiIcuvC%1O;jGwOeW)9iMBLuC6N!*ts-T?w9c}xHdRo`NX$okLYSn;1%tK zGaf%tLx0!egPNp`v=165)^Rkj7!7*5JLY|$cC`W92Rmj84AHh1K5&jNv>f;N-ysm& zm0~~fS7W>!BHZ&wgVxY#b^aVIKAdi!22gfj4H0-8U^K#zRaLml0Xj3mKUdM0XSzxK zy2}j3paH|)3)O+P7~=ul4D748v`DYsNPSUQ_CU*6+; zV1e$J6*e~e^@oM2GoP8kiw#SzD%Ux)dEWwpK0k{n=dqHzq=R{*GvBZ`%)=3o1&X6m z^Uu_nb}p^U53*c92dadH0vw>4-w1O&Lcnk?p7+u3)`4UHZdwr@{_lB&>!79S=*2oy z@5swpCVGiF?{wxa_x8j~*u3ucS^Vp1T8-lQXAfhg&i!F_`rFBdUtWk5{JQ_q;Vt`~ z=WjWFTI0`sC!E$D`{9SR=4*~_78jEYy?ew!X7dl@wZa*O{mjVhG;K_e&z?!57x!*j z+l8?8MyLfGJJOiu=l;)mhs&RPWCirR3ovAOBnt}<^C#wEM_Z3Nr$KHhEZ(aDSjxzv zh>3AFoeB6e8wVhx;;!^c`X~%|DECnpL^J?KDVC=G7!`^H&nQSgk=75~HJV(yYm{1| zrEedh6>S$4G;9(5qR;6Tc_R3zg>N;AKPdhd{l~oxOUO58sI{PW~gQO#6?e zW@&fRD0;yc`+&xiXEK(VGeMs~7`j;`H(YZD4l9Nqp(30o1l{?-i#bTC%O z0-FsLTu`en?<;ojT?kBf&XSovGR_1$*vY};UW^*bMA#QvXi38`z_kStj$>dbpn`5l zCaDg!#e%IXkNS2s+vM6!2-Jf+BbWU|_-~(A(#IAQCCo50U4C=T!E**GbL?gRO}4$) zw{-UeY+g*95uRA?o98^~WoZ76l`_AGfcSx1T3CF7GgHUWVCKjRxjX}3ChQg+tlTpI6N~sFt+?$vEy#G{?4>2di(51 zbKwGk)MGfa(E0OR@PV1f<%`|Yv;MmaZXp-b(yp-gnp^iUMmO-&+rjI=H!ZECJvS0o zW<}%rcA^)t)^nrI$x}}Nfoi{E4pfepAhG?5IGO2CrTWN_qwULlRBoQ@uVlM(9lo+W z!hO}-Fl&?&&x3&aCbYtQGfG|^D%m29&12#esEMnQ=uA8{F*EZz+|b7oS<21j^Yx{( z_QCw{jZb2F#!eib{xfFSCKy(C3kRZx0~K{?y}<(AT_?(e^5WL#gvjgk>^do~d=$tfP%a#N;S$0|_ZU3J>$wJs*xD##rqm# zYEbICJ|G&N+itkko6c36;^bu1Hm(`@E>DRope%ws1x&~?%jNkVRc&z1VkSDGi$^&Z z?Feh1sBx3>)Ol)P7=Mc6u8|+5l{4ok*89lhIY)OM~+{sT;{Gbu@!*h(8(c{aX zZM#~pw*`0IU8*h2Io`YcSM~7I`4f{Q&b4NX<>Be~DFM?uu_1DIn4Nok3zy0JHtpRca82`}8uyMiNdFBCE_>6``e7?fM?I6KpwZ{Hv zOA+jzCVZ++n--mcVGFPrMSrNxRN#(Us>B0I!t;3t@UxVrz}psNpcY3nxL+&sohf9m zpDlrK-K!-4&*nG&N!^;-toXlR$FWP(vuUc1kEiJxvXTz*ApecnneHn_@(^GB6yZj1 zWYebg|5chhp~EPfy__J|e!IC#zbTs@~MHqun5|5aXq?z4`H7cY}VS5$G?U1ljJ)CG&2Q-A3Ai5-jBD> z`3K6U>?Y&NX6-)b1on3cPmaxgFeDSl3@0NRZGSyH*B>*i?JxG>Si#^@$Q;o^lwk`0N?%A(tX)MsOVYBbJ9NA5lD8Mu)yLIxk~0zcD3#!*wCG}-`l3yUAPNE>b_^U%9C(wP6)V>!%sl9$X)oPPVo z@mPX59}+7^8%P`5Ug{P0Gfy>lmYY%*eRQSCma%oCD4V6Dlga@w|%RU6s3qswjae`-u0^%=^O!K%_>9`DlTNGG*T!)?P zXVM}j7feTKF%~xIu%xjR7CoJWfU?#FLv78lC2&;0}#xO7lb5=^k)_a-G_8 zBNWm;qUV3*l3gpgr0K632uv2ms1~s3FNuX6?aGcFRh0ZG47~52AI%>psY8QEXc zJcR|?kNtv+wgw7q?D~(uH+1k6J{qn&%+21(#%1M~BoZLMh#+`_3~K}+h8XG84`kNR zD!#S6XEsZjD~XmoAcEXIr6D-sJANS35o%hux%7gBU9ee6Bw91Wj9rszG=>^1R;P}L zCz6AJo8idOs0^Mnzr+7EPI(6zj|eTLhn3EnzUF`I9)T*ZtQ1+rPMc!?F3GnG9Gx0o zRP4S}Hon7t0R4i$wR7dJ4;Bm)gB*$UKCa2)X(Q3$iz=#PhnunsqzZU+iG&xv#W4aIuezQP?=1z%jW7E=t-kYUzMRlao-0(>GzW!{y_^(a0ZuZ9Hg( z)3y2g1NgTzmHW6KrPBteiHNEZ;$GKCm60|N)3YeR%}lZuhgHgFPEX?OXD&_>dn1pW zTx;d_^9(L#h8{dWFd69ab*XT_C%dHO+(FnplZaRaBG!m$t0sRP&y__tSLwlV+@C3s z=K{cR;h!7%D8cK=1*{r2^w0(CYGb@KRt?y1eFfyWFEgHVNw!yAuEg2GZ ziGib+T4urKF~fvUm8K@HVjK$`qb^7W%1~uO)F6_qBIn|W)^1ilUM`&TZx5We(Ylm(?vx! z45wT{#qiH#GV;(bKRS9H{P!^ym-*kTUQzbHR)K*Oq75&qr@t=G`zCD7+nWW$3heDm zQ(wb^&BbjqwozW6r>`yK=fj{5!{{&~)M=yUS-I`&LaOkaJWWLyI#inv$f_pQD4e#9 zo4;qvouI*YCnkl`rJDnnC9+SBEp)`K-F<23tC(VmZ0US(Z$eqGNzY7D$#mzrYG^Vx ztEeizv9M-m(Zfe14Tz4cFba~jXx{G`9Zp0mgWV9S-ahy#)zRId;*mr(q<-CG@;lW+ z7)GXyOgEqwS5(L`pG$`EiJq%+I}*HLMummfMbt!x&-GDVSpqy?Er9=-g-h(g`II_Y zk8zv71)DvR4qub9LoaCORPET4?k_oG>~9?9-M2C?DkZc*pe?I=yf>7jGsQeqf8CKB&7+_i{IUkVJNiR_s zo32|gF2YPV`Q6k`<073cnXnxb-|6i?&7RGCedx~$Dmy9B07nmihHFo*CXvLhCsmzC zOg|vfoL$>3Y|P!z^!luw+G>R;VIZ~dx>QBqmjX*FwD^R6)E1-b&iBlA6aKRAJ*rD1 zhXz0Cgc>;Drg70yiZ3Q>$(e9x+(WYcbi10uOaW!poX@fTWbyQ^PAxPdnORR0?e3@T-k3JS&LY97(kqnW!HaYMN*|Y%sGZU5!;&<}0LuyOUUUWK0=jSM&XPZ`TC?iS;(b>UgppQV@=OP$|lSz^d(M6zJ* zvfjdo1>B|>HSsmwefBw%1rNH@(9H zSvmosLT-IZ-bf<0n%*k^(5#rhQM#K&Pt_|d9;S6!SKvzZX3pmF2fESUd95h>*#+VB zs63^3hXfQTP)8{T1;4X)+2_Za&CKUofEq@ER*2*1pT(aW$oV^mpowIrI7g9chNoX; zjr<;@aIrQDGq?)YVS6cnj`UHyS0EE)Hraf)+9}N7FRuo3*@s{Zf(Oos@V?Wh*>@x! zd5=-E1KigQYiUJIQ%gF%H=~`d23A5M+*(ID66cea=E^d8;LLK$%BNP*-2ypOQZF?M zS2+BDRHr-ikP{Q2UvG*AxSJpmJb9|p8APyXV%LnX@neQ%#}l?<-S4B5A>0Rk%qheQ zD*z)qQmi~5u<=_rV1=j8S4}|+o~On>KozxZw>FBw`MESIC`sX`V&-MmS6pJ790Xg} z7pjE^!P_WgrQX>PhKwEy)%3Gj&wKwUwu%~Ygg#X>cK9GA21HNuv7od8tydXN4vCg< z`a3khRaK&b);!pma=kzK(Gkvpwdrk8wjJ=RBPhnGr8ug&W~Da*>4)FCG}NX`T*>bB zNl@+dS30EYX|n)9hyF5Ai2LH{^EGAa>Oy%$`1@O%S_lZcfaIRL3)hxl(|c-~<&>E} zDT+XynLV<9C4+tk4XnmJz$1jE%M*X{m2~(FjvDJUYg(A+GI(m0+%UijLW)4hMTCf>EU6_CUJ6OC$;&}ei_S#E~Qnd_0b z9kt!LYJ-Uqx2f`0#IZ{63)_?ku;b(fLB*<=tk-^#=TtQ$Qk`(6%13SIg}&pP#TgU? z2@sMU>Yrs~`>|o^<@*_Sy|iRocqBuJ^DjtaQzJSM>6q!Ao-4K6b4}$$U?gjbc^}JG zI%ptTfS*nEVAsNteV3N};h*ycn@Vn7x@;YRo3xCuDld3YVALC^njR7qT7n;%qmXM7 zJZCd&2nOo+3LXIaE_*g-qb?I|YjD!Kg*T8} znQyJ@cZ20E1fSlQ5PU)*_$)dd6wIML>S5`aY&qu^A9ca1KKr_k)b(LV1~$}`*aDsP zvjEdkY7EEbU9hFeD6LCd6u&;eRFqs-r`-JFP^!|c`_4m9tA$ptp~ghfi~WS#8N6N0 zO6n^QQ-}dM1^cTKkWYyurx3bq`}dU0gByB(2qQ2iX@CX>y!N*A^e$ZbF}Bvoql}P8%eu7P>rV`()J=(EKYOq4)LB zL$A(IufC+T>uTRA>1=6BN~Fl#OFqP6Z98uuIEDMKdRISuey)=4fOqZF%o&;7jzzZ^UIR-ErVc6} zs)B`lvsL97Y_>x>H_XMvdHVvk(qI{eO;TEY*e3h&ZPeB&7H#LqC=BXe8l#r<^wj>-ucsGKk?r}^_5h?g{uaf^D~hGo1QlojzX zvV@CsZrrD$)_RS9UZ>EqYX~xNPGQOQ3cUKTl8TzL0{M&alAoIQ)vJdJ7S#})#eiQs zN2{Ot{LpemfoZbl&&9=Q^3;bt^DXoo_0?{9+BQ+1wFG;_^Mt#R3Te(c!n;*sU0Jw4?Q#z=EBHRk){emEVJY+E8> zzZA4NI5}xSZ)9YLBu4vAh&LV+=gbtCTPIX-Ki1_;mi^yg)iwo0jid?dT04p+O-Pzz zV6N65`!024hc53OtX4P_1IQh%ulG17IO|dv&HFWv``AnkWS4leQTjtRE~AGopJE0o zs2T3S?(w0}Got*K&vg2cLSOoT_g4|$uLkD7T5j3%IPUU;`d>6~IVE3DlP7pAOLuP3 zze*RrHZ(VI?30pUy?HVZ##&oTCR>aqkOy-1*S!*6Smc~IU{`vGPtVoKAMTHXeV^nf=&7Os3I3ktT4nji&a8RqS${(TU~H6Y<|h z;J+vNmY+O9pYXMEJul&`_nw=C7Q$zb3V^S2f0TzEmN^&Mbf=kg7uw34+|GL^m zNwLO7CQg*U`8L5Cs#)kXi0qC@cKm0$QJ&+go|gA|kb$xq=bjL}69-%QfV$ z$1cjV1wYUd_B}NdrL7XQT%ehdU$Uov`o)zRI4ZIuIheg#af5&RYMEr8kUJkY?_!q) z)q+!a^@$&ijYGp7Fu$!K>SNmYb!JQYd9za&ubpW*LKlQ@{pn}r$7RXSFPIw88@Q)S z>|eB_InL0A7(Wad*VEdCo|k9S2|_=af1q9zD0uO|W4*irb8jmE{09CFdWs3x04{5nr`s_f4n+Yz&yxPFK{7CxY7RuX)7 z=J$?RBW<3L8HJ;1qGRa^GUbYI71F#gL}5bWuhKl<{IhCnnWJ(gExEKWo_GEYA0!17 z20%$O1?s^PQ{0SZ!e2_Z*{H9{>EVYqyD05a=wUIkMF9n2)uk4nL&o^S&@-{qd|6f> zkeFTCwqxAY@9vlp8w+ekjRQFl@Pw;?08yDhp zz`6==mR)qx4tsLv#7*bX%eAvr>%UB;3NbBJ*RS_nGAL{EoM@KNs@?F`_1m^^f_d#= z-fY6XU(Oq0amRuV)y$;+t2Qk&N8{Z(t6*Y1f@4wnU@nzPTa_>Y;vwPH) z%f_BMGPSnqrOPFhbwlI}reWS4wcOG3j;5pW0pk}`U$GDFV6qrIt=3BFx?yM}=HqP< zb+5(u_5WxA3<`VC;rUfey6^lCJzEfzPS^Yoe#t zTVt(&J-i3Q)^Qo=ymgU0=Zl?-fW&s1X49S$cfNx*)-?J|q^DX|0DJZDn`5Q`p@jna za_dNj{^duCRq68NRW0??VH?@cWNA`@_Yw`-c3L?l=g+jx8MWe#&9d#LM6Q<62fXl! zLCzD63Th92zZGS%^THF%wk%Ge{#b8+k*jUAi!*P1%RM96$YSpr;bP_Gcecez9jX~e zfh(g2_zl()b~5!S%e!8F3v|%?5^x*pQFcONrghR$T$+dbMJ7GFfGkLmspSsj6h_Tl zze)Sf(ZIpIPhb|6fQ-e#dJw!p{Xx1qi8`$8P4HS=2UP;Bx=ir$_hI_SljUZs^7lZy zxm)|yz)@X3Z<=sd-S4>w)CyRi#*Qw;ITTb^jHy`qc5>kZTXNieVXQ)G-f%{1yictU zMO4J&YZF25_tvnV&%QF)CNI9@#yu}fzZ&`Wuxy1Xlix_^eRxks?mZFCv!^+c0zE@w zz2whCYsYwJW_SHC#b`TXh=~*N#`&;jCt3bk`BI~3QTZK)_$1bP-I#Ixg7u;<|7iQ= zjS(Z19Zl+TQpc z2&$=iBS&jIzTe@oqij?4F8%Dx*{f;SDMcFlJ}uv?YYd%RbY9Z*Q5FAaO!Kz>*>BL< zxtwZJM`b6-j7=PT2wI&5hmG>gJJNw~6*63Gk%5Q7<=%n>EbT8(_vWao`oBL`AFXtC zv^B`ry&40b%}_i=p(PSq+AsnTvZOP?L5ZL!lPw}+YEb^snz=pmQD!M>^ zm(vKwC6zRUC|ioa(nq}wJnA}L3j+mbp;XZWZ~|_|5-xEgz9ZAJ0;iV>kaLSG-m7z) zPbVQ5w{4)Kx~zl4VJg`Vl*E=LVgHQ#8gl1NFX6f*^5?eTGS~7MV_WZZQ~GiDD{eqw z#QX*Mu%&{#g{}9;4&(%h?M+LQ8V2y-nJ=uD{qM7-ao||1weflxca7(uuoh47Ts5~Q zr-lHk%qeU?m!E~uq~cq2IeN}~(N zr2~XNwIww)rWj2(3Zxjfj?Z}NH6I~r34~5Z@iu3Pxu0bF+^3u7(s$&m?0F44PyKDf z!cvVtSVql$+su2yPx!s<`hH!!rK{NBo6dLnMFzMSRicnmoZP8ST!kpLI7^o$_VE;$79R@8>2ag|jkX>kqOE>(+%43(~Vw{`kla2M_-K(11 zE^`R)KnNg^mA)~SaTEXLhYsh_G}TPAsN$bqCI$vNijE&_-0_8@_EOEOY-g}Z3$l1^ zr}stuPD&)l8!K;XCO6SMw;Usy-dUwR%6J#&K`H*2x(jFVGqLS}-x=wlU56|iG|bAuk9QAQv#_*m-mpfyPfN_alrQHcclMnq$lWrSnWu!UT-&nZ{$$C ze6WM!yU-BtqcJ#4U9UcPjpDTdI~d8I4J%a7I9h6qxF?xq;o>Yk{K>Avw1_TbK)TR{ z2Nv{~Y>wD@;8^A@DKQ*^Qo!)!eba*B^D(A}eooSd4d-L&G8tFB zaR14z^p{M%i(*EDB(Z{VjV81JKor{kZ6O`4!NyDi!qRoPkAk;}kci~up z%}CjJMad zk7QVrBML6rG`I82t5RCy$)ApO?>|Lc<@2?(VKSN_pI;nUx8no-XzB60g;L$6 zSIkwzZl&-eOOgT9AxQ9q&m45Ri^4PAu3?_se|*X4Ht z#*p!ADyfdkt4+sJu$4FqjDZmbZlq1TUrXF^QGlYq_rUnn@Q88hI4wYh<~J*DBM&-33iSXo_1c-^_gC4=QhHoI>3-L0(M%&cj$tUNJz?R=l(Bd=Ni z)=F2!ZG4Y+-HE~5j!Fz&!e|FCvxg}FFV0r)#A7miS%8W4s238~@N?N`NzpNXfAY9_ zzMk%vF>ytFC=fRTbl7wY@E*Eso;Yf2R$@~03#>gh%^)?n?Q1U6>V^yEhVO4K9&ZXyZS$4-@z z4rztj_$fB0JU`q=DI`P8ztBBvSLTcL#>RT~m4wXN$jD=+Do_2fo7{WGL*iu9Fa7EH zUUp-+C{8cZtddL9^^1B1|9}#bdUK{aPI=j?f zHQ8{;qsCr_S))`{=@i*8^FR=Ij94FUjO*TRWL8MU&}fwe!?S9lyy^9J#18h=t3cWO z!%_s6p<0`}Rx0xA;27LkCl;YCnDfs@y+*==7uT)K)u*KFSQvR!W}e#xwCF(C8F(_gDYEY}Y@#SyiWvi@hnwj!GdWLuW_nw(}m1G$DqU>;X?$$Wx zI#%&VVNdHS+`ndzZPe=ab~($IU`px~7RSK#Oh=3+tk4^J|G=$qF^4#p*>=(=QQm+Y z>KU^U3#S9`SVsVsve1;CJ+a+Hba69DQ++TNuv#A`ZM!jE49-QN%+PtqgM777+(h-; ze2L^w2}WMeNoqANtH@WBX$_qX$6HwVuA+)!*COrtIrq)e@oajVH;0?df2dpUlhpC@ zi~ElbPqrG9HRNscLjEXJxZubQ`RRq6LL~MGu6sVj#VyS}aA;C*veNpo4SV&FR=ak- z0+P5R@pd$Q^j8j{#L->5SyR~t2?&@swMD8ZHe_avy+k51DwZa;cPZgNJ@foU;fMtP zAsYjk=cCUb^4e9A>oJ43YkZgvwZA*pPN}2RNm8LausJUt$#dw#t9_Y69<}kheBdXX za~jzNA!^-8x&_+&pMKVUHT+%(kiXgTru{p}5#b5G;`)#`i#CAA2DoZIrE2*pg_K*7ETrEv^4cUtab5CgI9bk)BJ?rIv&7o!5 zH+-G5r|p9}VRtRz6TZQ1;&j74N|%ofkzU^GoyW6wOEXhjvi56KZd+j&p0mC+Iwgnx z|D#?K+*%}u{k)RSj1k^mGuja<93S5da*$nC^5g-B)QBVe4FatNSA1eLUcTKnX?mQ^ zsZx3O)+T|gnIp>D(4J+vwyvdN-S$%Pc0cooG((f!|-g)jEL3PuXCBpVeI0!CSwaDa8mng2~EO zvJIx|@&N1?RX`j_nt|=G?eN)njv1kjpazcr1zCoE&K@n2p=?F~TV&W+oW{i|`!%L* zCrd1e(_Zd;5Te#`oaor1dQGsf+cv>L`G@Y#P|eX}S1hg)iNkxN^jiJxx2er2S{|+F z;LHejm{h#+Kcl&(J~!bHfMV8L2mB)StDMeNIUP$E^4Tt7z~{2&=)_RE1nJerGZtoQ ztXMJTipXSBA7JsBQVTn9iR6iBdgW6{AY>+Vt}J#>3T!1{X$t1p<2fpL-f040o8Ks8 zcyl38YpD{6xK2c7+!?>28_`ntX$W5MB_6tI~}LRNm#v zmmK@0aq-ZFi?3eYjGCEx={3~;KAxY_Hnoe`tt*nNS zok74q>}u-t{v|c0mjilZ-_5Y!2K--HqfWl8XNr3ab&vJ`M*})UECmf{lYFh-%(EGN zjO%-hjQiz-{kJzN5q7SN6|2VdKZngoFb~<8Hu6dqdq74_Vq5!pne4#}Rg%N}Vp%gg z6)TD){{gnZQMkWdGcMlDD8OA@VEPjx)JO|9)dHokyL*$uPEay>y?cFQc=A;k`5;vW zY*C}zA=P-*RCnjw;pHqd^vTgQ>Cqdu`$>kBIG^mSXF1&$t&hd|s^wn9cuBI3JM8C) z%BZg&tCc#Yn>X&x#N=y9W;qOW8zaq}hm)+GRo!Qnm$b98CJTmIBIz0=(~_|aE2NA^ zeWA$@__sKSUP14zE7@Zd_m_(*ugOu>c@gEj16Mfj4PQS!9C2*fN~#(HTR_p8L-4@f zr`i~lW}nO;6#A0(lHw3(rWWNdvYdPyt+tVs>jbcMPQ3f0H2v#yBU=gEouJ)lwmph3 zHOasVHmA5dwu%Ux?Q=YIy2xtgwla=liZK{(Rq?$sFVzFGo=R$EYwpzQOuRP(BhKn_ z4NA0lNEnSbX_5h`@Gguz>4~G2~>JsmUz)Q^=*5nCu8cIgw>No20pBa)j`Z z2uI1?p*?JGmZRFXCiyv#y)yV}N4oDcr^J}x&1R_UKFNl-zgA*arzW1fNzS$UE7ZqD zI;`M!_qCRn>un=k9)*YK+kaDzeB*8WtD;Vk_)fxa6R(EZCulD5Ys_pPyv}ZEi;g%( zH_PifucMk;c&Q%gr#Fzyb-rq7AZa-H!#OM;(E4FSoajfHRTFE~}zY)cj zS5F#cf=`7?Wh!F-q636>Q&e5vQI0W6p@ROd+tfn34t$q21%xBie>J6n;*;D+)0u3H z-@qs`%)ky0+&7i@I8Yl}4~i<=^bWF>VHkOb^Qkx;j?t~FyPD2;ELdfZ8B=bkY}|CL zJvw`~vMk+6RF!j+lNp=qtHJ;1a*$C~m^o}f*#5A!RI!udy^5)-|Eq%tGBGpT4T}E7 ztA$)UaY~oRKAQIzj{kNf?oROKp_HtkKf?Yi4ILEL1;3vE%&4Gqe8xjLB^$#WDPGmv zCMRHTEX9igrrTjam4mFt!I@BPjEa}c?6Kh1zuwB_S<>rn#Olu*1ak>meF`?KDBlWk zDHnPZ-CNVLPRYcckWI;Z{rO-nIVJn{zczVwiz=;K|LP0rWYo(qf7K;4?_nKnkG}ou zLQ(zUB&%_jl6yK;;bCI-D{d#7;6yLZv-v}vPhu5Vf02&QxA_!q%AC1=dIg%hg!8_3 zZO+Q)269h5@9o#DdMVHuI9#wqpANe%QUykVdncpm3(TT}7q%-PAZfDAlD9CeBYXfS zH}%2K4i|Q{6Syh5QwN7zTu~Fs3fY!tO1Gp0#o2N7)mpjhG&d?L&gI}(uLjRbGdpA;&pjAwpTN%{w>u{jEAR>nZ&B5j(PqKUeX?xf69%`E*V2DshYA zVVY8raF8?kUW+}pY1h<9Z;nkEE}JbB%u@Z1ySa*2R&MC)`&3cs z)0e{PY<;{u|22AK=I+9Xc~I|5D+d>`p}XRUny1JWomq{VxLjeE)qUMM0$MeL)t*H&CWmAkUbxHTp z$z5UD&6yj8tTNw_fK{KiI*Gey>XJp-{q`k0?w=Q3Cg3*?)?VnoNYa-To%#9=XN2`= zy}^x@efKP*J{C*+g@UEQ_VN+t4z?=ej1KPa&x=FS($dRh+di%x^VYcwr>Y(fl>IgX zaABsc_%4#VMEZ*4v*VIXwtY2pT8>pyhd{{#0d>Tq)>bDuf_&OW#meWiu?|v)!jBmN z?yI^t^S?k8YRKnn*pegIyMklb&O=TY7l(w8pP1?e=3QOurZsMSqUYn7)z+s(+J+cG zVgH4>p#pJ@Awu1xO~)aon3Am2O#X7<@ui~uWn;GO=Iac!1B1IdUmxW06cG7Zs!l^L z@9Ux2hj_GCeCz#jU|;}yMU=lw?;2UrEaE(8AOB)i&0iO2&|iUJLauC{qRl<43;@ow z2Nz6=tN{#7kpwVl*qRBmaP2)Ho&bTma=RlO@*hB6(|79#k=R1}nV4`q?lrGvYs)N! ztaXAm=czrq+p{XaYh$R-5%miEm+=4+Htoj)uY9pRw3E4gea2{tcCt}mjNcK;UOU|Bu0*@{TSis!n$!kyA2szXR;HA2>uRYy#_R*jbL(pp6~ z7r&lY#5eo20-+nloXJ^Fo&Ong_q<0-&0i_&7tBl;r~53cFRodZQtD1QQ%9hgFkYhG z2>AlaiZ_BW>>q~x-l^4x+_}Zv?JOv{wiX)S7m-SR)eIQ-Uz1fN$~RdN}#6Qd+9dN z#B=WYz1x>l6Zl&@!DepL-MPQE{1+D1P^`EdKivv1+U@Fo37_;WIf+yMA7sz7Ezznb zGu&s-U`MT^kolSfRn^1R+N5IUowmD1w$e1nZM$hvN90=0#I5$5Z>RY<9lsq!uPD5o z@z&I!J^G?7qoPa$F_Au_ohNE@BK(O5L5hxhXx5X%Q#}20G*+d9VpcqG>tBW6M%;1& z^l2;FuG~ZN%N^6woEqwU4#nmYj`e>)(I}CblEZO?nE0`~M#`aT6_h-!;d3IkozIQr zV$=>iVRP~ua>wt6`RJ<1seCAMycwm7t7NDWE&0XidA=Q!mRN?9HTLw^+o9R_S+X1F zMQ~5{@pEf)p9bMLKC#EAzSrRQpMRbIZA;*3)jsZ%llOX79ol2~e<0dFkpOcs!=x5l zop|yPOs9$9lcRACO)$GlqZs3hci|Nc_!nE^BN@kYiv@Q@uDYD{XmQeByv7N1#}NkUgD-1a<=RIdZX7u!>WQc@e_g$ir`UZj#zocXPXp7!s?C@ct^Uz6~ zk<`kK)#%lHay&i)Au*rGc(!`0x;#<{f2COc@X^DsF6%$$n#w$ExMp847K`XcgdkP` zC;u}W=EV2lh_k2W7aJohH`h>4S8NfE1m2UByHK@350p?r@Z~SmZgsAjQtw}f>4z#U zdu3*Nl!Bpk7(a;Z_T-Py`7N0gZ%idmH5@{ zZu0T0YNp&$M|A}NW~F*ETpPC!aev%1ERu2FyzXgSG)VRnr!=||4feEIcNm5rpe3M*S)^vFz zPYbV(IyO0p;uF>Ix-o3m_Z^l#jPUe}i%!LD(?KD{kr)qpUtf^;0%A2mFMLSSw^+YX zm}{P|f9i4ZgzaJr#Y*iH4^yK`-c%X zAaq|vL-+7X=x#{y1S3dS(SNeNU8hn#-+dM`CfQ?9iw=gD_-%)??6Z^KsBmP z6ms_kz?!nZtvyDks{FW3udA;tdLlHF-Co)#W+TiYZp=Ut2A?`hTF%=^@6?;A&0;1IuZUL=F< zWN%ctR<|5SU2fU))Ys}g|CKE*t_SZr-kkA%9b3=;>&G)ux1aQygsPNeb4bi0M!c7p zH0n2nPw)Z}7R5^sG;2kVK2eMc`Rr;Fx<;t*qeh`-+`&{}ZBIVHWt3@s#B`j|wlQ>= z66kOwvi!HnXTLb;BOT{vd`NVS;f)S#)*|Wl9+ zWAvT>TGyM~m+lhfvg@$$Q>XRTvZ44A#?Zeba@fi%eJ*05%FKt_e0g$r@6>3XMP06VN$1xyq4WY|qGH z)kq4wRnxOJ5Ci=N+*;~W*zJ@C{Dg?F(~UzHw!I1uou^kG!HbS;kgzo_`oG${*03b+ z1)kb8otG_Jd9Pivwh}LBnmAoHvuwtmxxD36BxFinflSMEqx5)fWr}xmkY*v_J@ho3 z6(%5x2s9U^c?=LmlX+J>fAH))ecUDi%@(B&GbIQ@7@jP8>CXC$) z@K8-}L1$eB?%i!Eox%PgS58Q_$xqEW$O^$oajL7BciprSdq@#F%`xtxU_-{yiZ+ME zVAJxF7Gj;V*FClmId(XV zvIqzqXTAy!V9)R5iWClhb>e<8$S;tP@#n*Fnsh*zp+RRU4*fHd+Yk`HutK>5iV4w0 z@doSK2i=2^5IE@+MrbXq{SMYt;kjDrbt`W7j=53M-vjL|Rns#aRWM~{oZyjzt7*K~ zwk#LBt`Dm+4c4G|S{c_VGh}dtZ|!O(X%V_?Wi40x905J3`~HoXiQ`t1X}BO&m+&j` zUgBOJg1LU<1rhAqYQjpJ5vd$~NnFqACJ?1^pGectF~ZI1HwDH~4!(N+Fy9h))rWsH zB`Rs;@z&9>?Rv?+f!);S^X7V4KTaAhiSA~n23=S?tdA=pBqy&2kDWMFuJUOK0 zw%+7in&*S>Ef&}j7yI@NXqd&=Vy;__>RU0|&FYuTWuF_Gep$;kO93cZ7n`2#nb&J0 z!~p#3cO~N_4IF{&!Tl#Y2Jc%MY3YYAUZs5MiPkr*pY2jZ z-4KV+1k0W~nA2Uqu731V(#p_lg)&z0mCis{eueO$khhUlvh!5Fqai zPN0Tl`R=MT71z(b*^kuP+F0_CV5Pi?eTs4Bv+Lqx(r1 z-`io0xQtz)i$3GTO*dm&eb;QrL`h9I? zm(p7polEtwehS#+M`VnvsY?H;NPD5tVd@^$bTDK3`!)O!?)gCaLzKnZDb>p0OCpNX zASU-Mo_Pzc5~oyemgJ1t;m`bc_+-rTW_e1-JtSQ9o6Zr@htbcsK_T7wmODjY(T zX>xJ>DzTPh{4lev20^>;?;9bc!+l>iQ`XP<%{5QF0-G?4dE`&000Yk5yid#SUyl7i z@@Bj@Bg)w#4w2*Xdp=fHsusp$HBSanP4@ z!-4j=kbY{jiXrz(Oim%aMcKnSoMDD`lJ(fB->AVjcPJMs3#pbxHWt*yz`Ba%OII!xOML)qHQk;9+5Iay$N-&m(_A8{& zl!fK)W1}B`LA|tJuTfVed-)P8ytLL(3u+`}JkXGZa{J1ffArE2@o*&c`^Jh!Mg3S1qrV zdlLKWO$^z``&pa z=3w&&eIQ_pm4eD(fP*o_UsglE(puL|#k1xeWw|b6b0K;3%qSboUdz}ayIbKRQUFzr zD%;rf7`wWw`YE+NjJ)R}KU*&JVrk$_FvkXJz=o>G<+y!WA_)3D3fqz00%Ah(OCl*d1WKEDHG{2b*SGd@)@O09G$^Guw5&n@_yeKqFB zL%g8l`y$@KcsGuPnx`k*xdsR%)h653_P8s<)H4d6+sn)IlLB~pF1-?H+g>YD9;xHn zF_P9O1#oOJ1$9lx_`jJG&(wzjTfq+*+ADj7u~E$8NMKPHOql~4AlDjOi?OZ14B;#N zJLBu`WdjCPP>$QBNvTptK)Urv2iY3?!d9HLorS8R_dYnrx6y?pp9`)?{Riz3c46fw zYCn}6NkfNwCgw}WBCMLXHtK_%RA73+ZR$~4Tg?l{Qc-$w9Z(n{D*61aDwVwK zEf$xhcxhHMW3fS>gL{t~@~6*xP4h^;3DpZcBR<09zBnAoq?aZgO@M+k(JbR!=nb=v zSlSiMbm80tHWx5%gLfG>2uYHmSTSJW$D^T}e3FoY4@H+TP_C;ZS}Gu^#K}^-9XSsO z&lqHz3*8JI06Y(kdyfSd^U^c+BF;H3UYe^^UsdwX->fB|x}|#EP+IZGBkd2VvUhnA zJa34-F-Vf#YB^^M6!M;K7T7NYrlEfI_VkMXOeuRH|A0;%Xbs>yiUj3J6M%VcEDN)S zDn5Fae?YI!j(DOz8*O7Nmc<}mhh2AoB-vC%igVr{o|(Rmu=MVx5(W|YF*|MOkgYfBXu_2OTLv(GAu zx5%Hedfd7--s9s9%j-#=hq*Ha&=8;HNjFlG`?ys>%VF+;aSxbE`CB$qa;IqsnJZAbyp~~@4Szk~F`K6@2|M9)>PxD3;00T-&cQ+$liZUn-Lkz7_($Wp;NDVP`hltEb zcMkF0ocH&h_nglk@Y`z*thM*dv!Cbg`?~J;&oq?DZZX^~91eCE718(m{?8AkQAe21-@yQeJmxV4r8L#OfGi}edbm#KIEe_Sfpj^tFi@)EWF z@u$%1{ve_5KW_Z>+~JesyGQ^2B3GWUMtYv$iOB!GZCEG_6?eP$vG(%pFRQ%UPWpXXFYsn=LmLzUE|tdzGE=oq zA%mdwO?MP%-J33R7$MPu#IN<$rf+TqZ_GEiOs{_tINTh{NXG3cY7~1u>M4{ih{$*Z zyQNx)Eu1-KE^9s+yLbP8SG0zW#$AadT(x9Dl0<3OG9rTpC(K`vnv|3@{OHl6{KS+L zx$I$-#BAEIO|gFYMvLbXx}RIGWWr%%rs3iMKYtONa~tGXETqop7}Y^O^E)79!V}R~ zCzrR5U3Z($HNpFch$Ibh+@<>ainr~i1(q*QN=ccob{s7#Q%m7F%ht%0bTR%ad}gR7 zs>TS8aurr;n{;iuaB1?xuL6gbQ%0z8LA9V-e=kE7PnN8>w6x??X56sT)s5hE)B7sm zBBrw5HL%M^2)E5AkBgRdc* zIWmS1pULB6McyWArRDxlR`+?c&^tRjf~-M%gZyGItE$hj_UWSYM`O0r z%%im?_(=wNRbY?**r8tMN@Znbv1#z}QX9W{VsL2#W8S`?N->sc_OwpU2{;>0FO6TTx=2jXo#KJdmqtpYF`N1`w_dD7`QJ_94M*8mNeH07*V*V{uz-g@Hg{jGl3QI+# z1kCnDy}QMmy6FkwPRaLwFR!wj*W7%X$6emMgC`SE9dD7J%7->>ir*~MDteHX+YssD zyPTKu{fh`CS=7JRyD#Q6_{0L*6)Q0y_bQB-x+ zA+Gkg1C;I-5{8ZWYZKNmQ}=Jz7iim#6zfk`idU`oTK30`J}SquEKE6-lNIZgIu3XX zLOP@9smmI$X#&7XlBI7_Rhe0Xj~47-jCBk>P(!sG&N0@!Tpp^~;07zXH7@51xX#ow z4A-=J-TvQ3UN7~e_;iMs9I&^|jQ}n~HdL;ko;yGBJD_d8z@_ORDNRbXFxfsqBTbl# zDPXO_Vzso6yv2Y27Hi;^eCet%9HI)kyj(tlZ;_ca0YO0^&W@U#y&LN;zu=DL|SyNdD2d{3y$zIssig{NpncTMB!FW+V^>Fs{RQ9Q% zHeH^Vph{aZ@S(@C%?5_Yig+h#@eXpdXEZM*8-0JS%zQUS?)=F8cf2yZlQkqT+D5P3 zl-afyNhS2at!ce>Yr-nF-KNoJ)6^RnHQ~VD9ZgPLB5NDZ`=kG40 z1ez%q8QKdu!KS;xw--A*7u*HavI9061pIb>zvyT7nW5_OTL`25UXUHku)4F|$r^5# z9VFTe9BtbTZT`n>1-9EK7B02fEL4V{w95|j+r_po1WLX9Ln-OKM(0|;0N(;Mr)ZVD z5GELI2803kaTA~R#;X2=2WsDcyr)L3*Uhuwm)>(`y>t1{y4iLS+)FnbbU14@z1g(c zdSnos`4gcjORQa>L3TI;(_9leu?FI9MQhwT|Co)D&wP-NaJHby|H4|X*E3U7+29`D zI_GJEoR_80AGZH+9=L5tKVN`ZYO46)!V<+XAr zMrxxTDeu42%^40@QBwy;JLOUnLPL^kZ(~*}tu&m;Q>FgsS0u_N#e_yfdi%#f0}SUr zAb+#nOF*Fe2a}-XQ)8AlRH!&lK_`sd#pyt)QQa3@R)EqqS_P_{o&9k$ih?YEM`4yL zRofBVWke=T-qF(__GEAt5bs{NVWrM`%+7BsGP3~j70DIQ{UGHnib77BPtEq>4L&$$ zKFEd{c(M(fk{^3$@EKX-Yz63=1n@?)`mOIIi+0CehOL2qYih}Pq*Ds>#(=affS6dp ze0-+J=)jHtSf)S``M24r^q5ap+I0R@v&C|{=;T!M8RVLk>m|uIF6&)f2J_MXPg)7> z@7Uf!y5cI3;dJ3#+zF(ZZ*OjPI;(>PyDJ0#d<_4T+6dU>7&7;8J|tuUkjyWfby@(wI zDvYeu8eoqWUte9Rpg1ChB^;PHYF!XhgPy{WwTS19_Jg00sS$%cTP@akI|j8HuRJ0I zBRtUl)o;8l(UqhI`GsvSVt9;BZYZSGMlpyKffjZC&XG?IW$)g-3)2u^c-u#}Bx;o) zI(3@6pBkQcE3j!DJ1tl8F(=Wn5VTBd7Dxq^B9&E_jFM1)49|Z+eVaM~a3#9#G-DtZ z8&hZ}E(si0f|gtH8;n(4f^r5a3syeUE_LG8d*IcI8luYC+>VTfL+CdKl2eH94aY&om)CI(a1%d2Z zuk=)+;AD|Od%q(2I}V2R;1^Kyodkz;GyeZ&0f%E9Jw3igzN2zKbSU~w~q{Qn05`v2*akr&0M_9#ZT&6Eq<3;0YyL??cABUMs!xT zxCkkWzmNE%!xq~@EyiR>qh))9{nhhzw~*rQ)~87C-r?@%^vm!pOwjal`8KY{xYpUg zm=;BG?ImECX5}EReRGXx@JbUPIx&$Wd-X}pux#zp?R4$;+V5n_1bFjQ#X(fDE4+0x zw-4q5HjyGd0&S$@YK#ZdZf*9ruT2*~dxs`x({c$!8MthqZAzxA{4@xF$dMy7`~&kB2W07lZ?qc{r?J zg3}oY)*>K>l{&zRMS?MLKaM9$kvXJ_>hqPP`}eAnBn4gy(3kyFZCdZd=6tQf?@#8| z(C3kXA;ZSG>hP0H=#-0GV+}?MJ~3BFIAz+4wL0EVbZHy$=2k(&fpEipK@fbrtGmbR05e0n4IZDt-W=$ z7|U;;0LC~7A`*KC0ugttVBg;oZ%e@|+6R6#=Qa=KD0hBz>t16LvQ-xc;`Nix80H+0 z$Sa2S^(N>I;A!tCn~B-EmH_1{q&EnW=xkWqve}C7u$c^Qg{Y?b%y=j}b9&`qCPZ&M zT+f{gJ0U?NetexuqKo)n*v<8-1T2iPxC+u{;*u~Xm0m4-18_)(;`++;8kg~44<}LO zR3G6G``KK5vjDNQ0=iFmtp!ZcT6t-1ATC>GrC$L+r~_PR8wpF?v;)eb@Jt)Os5UkQ z_*9c?dK zHT^H~U3TJ6|sIyEBdg|3*SG!|5<@}{HJU@^&$ieF^@? zcaC&3SU0rMHu+Ms*`J8D9+j?oG=L!!oq<$VlqT&WruvIUCi}U9}oZ^C3v7vTh|%UMy>rGX3x7ZA{(I@Aze4kK@IT(P*%3h4WAi z7$R1vVc>GvQ|i?UBdYln=F41^?1Rt?FsxY6UN=8Zc$N~XH6>~Oa|;>WBwLG-6>n6V zr>W!pXGcusu%zR?GP0ZvNCfIA2x-%!MeJ?vs1HRKYwJLCXJ6*Ho#WgL)94W*kntJ= zbgiI*6Jx)Rf+(a=Y~9!l?``4|VB)Iw4`+G$)KF@%BYK+V0_@f`TaG)>&Ao1RyX(tr zOy*)+SaNqVqLp8G-jP8=EGT=uKse=~@I>{MhF*8+FUv?ARAnPQ|_a?PB%))lA#j zO>&AH*m_R113h|DlsCo5XUi*b``I5kd*8m(PtLgC!+g=%vCVl!CDl;$hs;8mJu;gg z2b-fZ884^4zRQ|7|Cngczi{0!8{-l!;PT4tuYSF*oo#K1P0yvvRrXpo zs$yE*HW_Q?15S9btJ5#iaPUlTN=Z^lSX|_va7ylSs+gOp+i8y@>+bYEooC&jXHAzX zNLSbD*qwDo^wmnV)uiTn^%2Q@Rw%bW8BNwTOkXhUV&K3#j z3W5-RsaUBcq2BJq?e|BF>;m*54)jrq=lRizDDTVqLl`V5rmf^GYy|6Z#doqhq4PEZ zHG|IM@X|FDi+51*7z%V!{K{9mLOIqTOUpjd-KrObMqpFz$|gQ35h- zSD4{k3!*Qei>cvF7vbKOD`*Wo%#lVUo@mi1IR+o^DYh0G_HyJgooBB%?aLe%{R>&C z7L`5zjWF8cFAnO3?qDDACP58XpEWV+W0cd>hgh8}k6D#!goSRv1Z;dP%g#PZUh{Op zF}Uzl2}>n9Wx}Ut8y)Fps76tvU=AMCWImfc;!2tbJE9?CITill!5aimk2U2d;Q3G6 zDy3a0`n2(m5M&oRk0?I8MxPgUfO+kgt=&0w!r|n)@<3Stp$gyPhn<+#WFMCT(f`;W*8oxN;K3mbu0sJ9qF9?~(f~OyM0nRB*9}At?Yxo3>O=8i>O(6Q z{>Rev`8>+=)?o&zq>3w-Zrd!aPT2=oZeHsIaIAeWYnE{& zMAd932n@mB5r9YCNqzxem5i>MG>@kjpJ^ynEI|+x1 z&Yy=R+jcPNW^NnsunXHjlfkM8gS5)$^gCYTEBkaOwMa-B{0O?b#8`uLE6hL?++u%(p`G**u(Ei)(e@8{DI}c}|Xfu#{Ue zZB2R~{bBxLY+KcC;*MV})5^0h4x4n+@bndV8t1gwL}!d;YHJB~PpPPKp@N~TQ$oJQ zJ51RIZ8FXc&aTnHmD*vrMAu{2nhTY^jy>DjEh2Y1kOKqWfU$4pdVJNKjKXK zHXoK;yehid82E90B(Lu{D8)>}B>DM2EAjh7F99L|(}T>NFFg=hwMn31aP(P>f;2j4 ztQQGEXlrSJk|Hu4{+!qP^JqH{RAH5-=biN&w31Sd3}a-5sIFb`ML>$^3;tEeSS#c< zHwStEVKw;0x|M4h;4o!2U9*NbcA)jWsBmdwPOcRef?Jq5_1xeUA$0Q&R_`6q(R102 zv5Wz|@jA^Nnl302Hv2PGn<61X4-)M|75>|Jo$YmWbOJ*|48C%lDQP2fvw;|wFROqX z6E#~lD-Q3q;p?-++A|oY`0=j-OXi430gF8(ySqB@MfG1LhN#XXZf-dzb;Qe@D9A}^ zd0OteoLgbOI{F4P{>P65)ZAD*53g{FtqGQy*E)sc*Sh59BSD$#yOVdEGqgKo%F@8kkeWk(97@LVIM=@zKAlH-S1M0u$;y{UdQ@Jd5}l<`_|ZgbHnZZ{2ClVkE}EPyV|?zduRp} z$C*DdVlQAc>_QtL9eRuq&xZ$&RlBds99OFW&LMixoTCa@sfsp2LX)*!PGx(FQ1P-TR(jvM-`D z1u@NR-uf*vYV4j00;*>IIBtc_zeVW$$3DT8XgA5!$49(KZGLNY#{VGul1yTJ1f(%D zX&GH=&uatdo1E~`VtuE-on0mJ38FeREziMz7NNoTS)vHAXO+l%P6=g(HID+f_wGQu z$R3-`$gypdCqh@^n*QGNZTnk@z4WwPGBLH(su4fsOZ#(h;IJyS-8frZyHQ6TkRju zMkR;P>zc!V*S7I`VW2{-OE*c&D1o3)lY#0k+p7h{V^GP#V^S&1V`7+R)014Nq_v`b zk`jEr7L^{c5qbAembLZh7YXjce+j{O8bzzrTtQ{)N8R1Ri^i5`E%d9=AtgPmZgE!v7(*;!otDWu>&-zvwpuZU)N)%byn5po2*} zi}r}SMe&MlmPktg`u?weRGbtLI$W1N0M!VB4q=+i7|FDHn*n4|nh!(S0;D`GC$5wD z^IRZKL=D}wiyrvLxfQijbLYo6bpJB{Pi!Er)EGKHq<_g9G#YJ5Uu5y=;#nGP@_BS> zbDsDq_~-Ga0vKxK;Al+D-WU>|^NAzSrE4-7dB-QsGGt z+$&QP1%)xGp?)^JUCa)#LHU#0b8Q)a^_yYJ8qYndNnRAiHxJBY)kwv(UHo?zfN?6O z+O9;u0Pg2s+uL+hP)P zone@l0oWyvS?rEgW~22gz<(Tuab^dCd(%XmO5gDA(VvL`Y#q`-pK*^qC}rizMddku zvyGMPa|cnc^!|wU0>Jacd_!n`k-4hDM3Q&);*!pi&dTz`rh2ht6qQ3x+KCl@$u3-f zZ5;=K@hz7&++7&kzPm6K-t(Q_Cnf9(MN-%_C^6hew#3+~;l#1yd&E|+(Orv!Peto3 zqD}WRJdF&*&-yE8M7dGTHg^~D?H+wU*G~z%R&K();a4F|>Q~9bBx&vCyAxeAE$WX$ zMF=d+Mtu1*T*F@+Hx&HAYc+0!l50>Bl#^KyxL<)|iRC(-d|{8aWgi;94RNz;($T8J$FO9~sg zE1eqv_QO~{X{o;9~3M{EL4Ed3Qw7SCs!jGy+=DuWlRh`Y4OJ!gwnzhI@m*y!FKK zo1M-Nk)+mNt-FKDtYH9mCOP9ZZc<@(l!b>BrnE5x%tJhUJuK0QTnm7HV)3}zY1c^1 zvT@GxbVsw@`2J)a*VG`LJ6VQ+#S=PdU-#3NPLGM9ejfn2jwibg)dF~92O&}c>4OQY zg#yBwGgW%R(0-s1cb{@72)jfi z$4vux)2vY86tUT?uwKEBW^KXSn*iJ@b3;i58{q~P;0(D-o>RDC*KnSU48vS%b=5xUIH%8B1(uzB+wF#6n5%w zk*EV_c-tvX1V1(qUpuKBuzTqzzLLMQRUl87zqC-=Kvurm!mt09TtPoP+_ZFREGjH% zAsMjKvG;c^#yXQ0mg^p&&foNWuV6=`)~UHs+(M5~hz673+4_jBj*Obsf`}Q=W|vDr zPgkXYgTD=8?Pelab=mBsp-_G3W$6l#lj;FRHixfitq{is>ix>m3Z8~ zKaa;)83VLumn?6G|ExQTY@0#Q{Oc?GlG63h1cVxb1p-+{kC+gIQJMgA5W&hc zm0?<;gE1YiaO^Q28;Zs^1p|zx{u2d1et;AK!w@dETZ`$hB)>7u#erV*v=J^*(Sy5v zCjh9`ihxV%H}e&iN*kghbN}1V@=1gD*h8U&+r*Ey#PYeZH@}@-0_HO?j7)`ea7o+V zkeVQ!;;Y7I9V?A+^DcV33@RZuZJHal4{nfNahmEDFhx?)6;+F*e^V5Q@giCqQbrCE z4lh@oekBVE_3Nz+yXxj#rm-NgVO z+KM%6$CTf+Lea>K>SzLTd4-spwLPu*vepXjf%ke{&^ei>*-Kop_v8|b zScBR<4o`P6o$Jr#qHdhjvz0_c(%gDWd5THJq;;vzai1y&@EZ{V+bw7TyXQ8($8RY6 znRKaYSKB0Kz^|7SUL5!lVOq4Q;BrP(uITsb!*#_nu@0=da4Ak*n;gr~Ipb13cJy}) z#*Dc!hKGVevyiA9L%i_1`>sWAanizM9XG1bNAGPZpD}X`{c{%A;MV)eV#_TN0^q}o zWs;(mqmAaG%5HI+CW=-qDlAXg$;P6lLa+Ez6C;cv-pFmGmy#wp0e{+uc3<17+-i#K zd4iGZK_wdKuJ-noN@0_Vyg%Sg%ZP+%^@8dwb#0KsEi1b(=3sXhmJYdLXFB-S7y2MB z98KpV91YGGTv9*xTu(c*j_|kNbB=(sUq?9O#nYVNK#X6P-_zra;gJHmz3cqtacA+Y zUAZ%@LHLdjQsd93qT>`BlI0HpN1@y)Pb zAFYWK9ES^9b^P!YJQ$Mw)PgiLCi!Dz`pH5rxd?T_L7$jn>hG|2^MKo>fQ+#8I72jV ziCp4$oG-;s!z5Dj7>cWy8QMQLPr{ry)_?orCM>gIr68lvFPH%mE`P1|WuT{w&C@Ff zY6=H-uvelU&KV)+$AcxU%lYYJT}QoQ5Vct~durVE$zUGMhP|MVwN+%vd90ImJmbdj zJ(~-!wF$vXx?7gfW?@d+{pZ&s_2j5pEu2K>%}yHrMi1T}bQZak=Xu%U`VBbGpkCRV zx#z#r6y>xz%lMZK4c1;b@!gRsJIZK;$>17${kp4gtL1GhaydbJ6q7m4e>!(5I%%_E zEFOG2rznvx10?3r4V#XuIIa2TVjGYdr}}XZ{>2w6UK*=AC75kY!`CXt@rPwbHKR^J zsADwAvs2p-CLV1|W%DB`tAd?8c-{a^**c5KyxsiEm;pEESXqt3NXtXi>3Ol5)WdSV zL(_h{l_zH};INFH7coxeu`DvbD*9nJgW^J33+&hr#Mbj%6FcLYFKh5mfX8d`j&UsA z6q7f9`bF+~n}E>q0)}GOTAIn@2bG|``aLdrg0P=505_(7`l0{HtJn8rfMKH@?2A|uPES&Wd}qW zxJXJ z_*k@ASh{$}7n64eRyQKtN3HH!#1;c?U)(0=`qa-CyNog&z`*7!&gKt{m^B(prKJ!2ZR&R_BI^73 z`}s+v$azR|%!)`OQ^M_EZFu^5`JL%^Zr+f4&VuD98N9bHT~fre0*3^yZS8FB+)V20 z;DGXzf8o7)5eOHzBMufD^;3HmZ&Nj{Qk&Gz-A`Q`J|PMxyWsp|>MU-KesC@RmH)Zg zwXm`rLVv&12PVo6LgU=Yi;|dzUcVln>J-tqmM11!W4t(ioaFccd#p4#BlrXuQb}z0 ziyC|)k3#TJ<`b<^IF(^}ZtbCw==_559`Yc&$RCS4MJK|q-m z8*R%x4*qZ^t?v;iIHU-kQq9C6O_{2AFfwUuq7s~bbCLkSY&G4`@x}N+f*=Qu7aLcO zaf=Z-d3P2Mui$-IQtHxi-Y8i%boL$=x%e}2TrS?x0Qw@c0T}T~2J6hc0Ik|+u>{>ursC$e@0U}^%Qvn$#N-+~iIs z4RjKVIBB=t5`@hBGI#&=n42r;U5e?SX%(Udr~mb8Adeqxv1inE9S`=#23);Q`1W`^ z`>Is8@6S%KJSa4tF!0zzb0C}bf>ggFb_Jf6>&)E(?V}9O!v+|#g1B5B+*6#7V}5+^ z%I^;|J72#&mD|QgtSCTTQc;8gjGZz3cixL#Z3+wG`(E8nMo5r$0gy#^l;PhRPDcp9>kEG{n?3UUrVFqggko9$Uj=;jFG=dJwP zuXFFHup!Zmt7|@2530kKh_njo=7<{;@)VxE-|4=U7sEtdqCB5e#M(17&P5RZ4L$Jc z_)6ctMS^9NWn7k2qjWEqVCho8E`36sGrnfSAm>6!B(I%N860rc|M&-`fnJ6WPXZh&;_~?C8S|8o-+GhUjti4u)d$L0$xssg>1pjb6Wc6R3)-OwPiC)hbjhh7E)f^^PSpFhyHV0 zv$8s149zy5t^MC{`$3qHW6ACm5oDrCB6djt3JEg&s}!6I>l4)twHR8N9G5aK#U}k zbx-KESs8D}VxoMT`J=%ULM1_B!CQaC5<{^(+1T0KwudQaiUIVNnO^n%19o{UUs}lu zwG1-$IPnPCUy_}kOlH;LL8^=nz&OnHlLz!(Oss+Z=Xn>mY%KC5w}x)XZ?2ubi`sci z!*o$lKD7P*N{_cVc|(jAZ4~}w4Fk7b5fj}L!q70OAzSvCl{6(q|KrL1TpJIVasoA* z{I0OItq1m3-I!iFM^&IDFu{)GX9-zy^`Zl;4o`1Pg}zt7ix-Hy3h=09S{dII=c_N+ zm9Yf}eXVF0?6jNd5!|Z6T(OSJ!-LOI`|t%@zk_?lEfW=E#^6LJsWR2n+~q0s&hfy! z_0rvdkLCYyU5r8A!Ikj`QynrqVI1lFjjM)U68G&lLfbr; zJVW?xrm(T+&!%M>TQRLnoQa*H;&Vr(sG9ey;?q5Ctk`TuFPEFP&L*2J#uN?Yo;>DJ zu<{SA_4?)=JI!B@F|}1Vsd3qu$q||-r=_2*a!Iu?KD1?W$A?Xi3|bBBA-6N1pX z4hL2*j@3}}JMs^%x+2Bt@=jS%Z@yBw+}~39^5*e1xAg*N=Bu{}i-?p4aDf= z?-8WpwoJAWWJ%MaI!`bnf3qE-+_UIj&pD$-LpHG5srw^J8=w}&@{H@`j1c<8l%D$#9eT7fkvzqgj9m*<6R^L2u;FmApW|2B@ zzZ=^7vvys2F<3hshvvqVg4dRd{N;r6iUQ$#?SwYuI%5{%vx~}!VP@E=ZzrU8qa3F9 zu{%d0D~D@Rx>y$=V>Q4%*6zn}UkyR#6CR}RG?xPO8O?LiE_Ipu1F9|_>km|)^U1>C z4oi|~KjnZ1KKEHrSD)Vxk{iZ3h5Yhn{X+dxq36bS4Rh3A9=P`(8ov=#B&yz(7&k|M zaOJs12yalbt}<+3G0%9$GOd>Skc)(AF;9oN5*8pThDbaZI%JaS=2$vUf%`9+em%Ef zwS{V(#5gg8z@$B!&5=VCB}OIW#*5mbLATE|4=8N%UdeTOG5Du?6|#2Hy7>Q%~ePvP5vJqAoch4NCbIZj307QcRT_`sz|U=gC{yUxy?e_d9Q_V&^FUz^-vF zz;A3JFLv$FA??n};}(IIU5rnRRhE3cQvSX~czv74=6~iu1_2zekj5<`pA|(&IduBe zVL~VPHz(jhKM5y@^enBZ#M!^ZVHXO^A!x>R!bAG9gs(z!zlq^xn?Kb;Uwyl5#;ZgM z+2yH2)vMEA5xZF;OgelB#fgN?i*CQPGl#(vAy8T#-%GPyO5c!o0+`YIFzJ*prq^sBh1RPb8pl$z=*H1cpUxQ)V#$ zDO`I}fgx6@$Q0gV{MG~~UmZh&men@(;r(LCVJvmYoxMFG{pqUe-RQ?WSrYOWho43* zdPsVH4b=Tqk-VIiu7bHhhnhU6nNFY9bRVziM?dYIP|nwT3skGIN-LXu zA7zUdw_3&S0u%#Y4r5fsOgh+;QR1Us@-BZhj3P1IgpZ%X2q(+gb5L1f*55M4q^@=K z(`ohx{%?wv!9*Jg&xaFnE+*<){nvUk3FV!8^`goGVXs$7<)8QCpP<|eQlJ7m^`?W~ zS8Fq*9D*G}bE{)r21Lth2(^}}qi&yslin@6PN+gWXGQ7miepq;cDsrqKHwZzTu})b zo^#eyH(41lhHCX*FH5f$TPIoRZ@uTnr(MY3G~&yOAO-Flw$s3ICj#i zIu3%C{m?eSAE*&xA!<%3oU-7(OmQH`Z=V+g3R^&TdG2Sc?tnzYW0SEOpYYf?QM#LUkH3&873 z(hI&_rX;@PYWqugY~XA^!>Gf=?&-Yn=T?wIP*#vO^HJtkHSJ~pA0CKG=+ z{dwy(Yv>Ce1wB%O>wrJ>=UP+~ec@n_J3&Mnc5&pDS&M&h8)nkD^s<7-RQsArKqin# zzLlC=GfJTlb%wbpqzy{J#yF|ysamDwTC13X^QBK6o*C4KfOiRl8!`*49-+uIb)T~D zpQmtt&%TkYsBn9cdiW0e4gg`J>ctf5T`WBid*funkW__49$k2k&F5L`nO2!Pa8y7s zI4V<1cPtnH4wqteY^t(+jr@cmRjIj&BKcF+4`7MvTIv>4ui)5P4+Gb;6xjOd?_EmM zOkI(eo6#7Z4vV0W>2jXh@&;sX1}&Eqh+(#2H*E2}RWldHD70|$Bg`PhBBu%%P$Yjn zH3I6du&!Q87vieo?5hBd-bZfKe~c1oust8mQ*(mr{J4j0M$!F}?jZc>pKN;cQwnU{ z(CIJoZO8SJ~;3VmTyNlPukut1#f~QFyukm5MM&42aB<+AX zsNGAL?7dourNBUkuyv4Ovh2^Sl(S~h98o-&q?10V+a1G&=O?RDk(p2mx&%G&SCoWZ zem5&JsWm@V>|kE+PRp&CRTIzOiGF3BU^}hRR>AtmZLEO8FFw?z-0j*!r|LnLe#RK) z0~z>TuccHDdKcqjN2yL<8q^+SJby}E3*7UE`$Wbj*`x1Qz14J$iInKu#iB$Ax`vio zIH0v)X*pK-X~22I%mltnM=nKjUhs$S9IDw$YUbLcC_CAfTcf^tL_S`>acnEFQ`WhE z+~uciS|wA}p~i;749>6nL5RlC)W+bx-@(!(A$8_FaiTmc8yb6*W9B3TS)C%^;M#9F z1PQhAfw(ZTr`V6Br=~eBYgSX8Ju?4cr_yqv`F-ae1zQ)vRc1%a{O2^HXLx3#((XMs zxmj-KeYtS>1wK0fzIpy(X&=>g5tzNTT1rkNH}i|XueD6>cyi7H6XgHaW!h(qz(oU$49e;53=Q=LSheQSg| ziY-p*Rh#H#vhe7wAPXIJj#Vc)N$8C%nXHjj*E**^(^8yR7^<`vkMX;%U437ATgm2+ zhnipSmu8nIioP!1HcaS)FN{U-)*uUi#d=)(&cNpD9q~H*G=%Ux2lKHp(CYv={UtiV z5bq@dNk!a&C6JD3Z$6CO4V67Hv@t&XVbp{As*FZm880IbC+CfH`M?s$5MxlwO@xN|)GyO9wB!G<~? zq1AU>ZQsdA9_8`)^OLA}g3s4*kIqy+WJp%Jgf?eXRmXb~f4VJQ5O~6UJ<%Y`rHTh9 zu#U^fYdZ=_3rRa?i|h4zw=3OZjvyPUq);2R2%_jqB~=aW9JzVz%~?mydv6PsN`8{m z+`taXMZ)fGp8RzO@^8Z9tevE1=$5#%@8EWzxD|qEn_2F_c!no~U`XQ4bMSiHTeqm zVWgs#jY%JPbRyih+~t*3ThK7(CyRw;`9$=w&A-5xjfkYJ)8b>iwS&Pe;`x(qGa>eF z{={#cm~8pIu=LyYi!sHih-wM5y5XAmRf0BMU)x+W2|k2`dcZDpNbB$qTpF*%0z?>y zUk0b~s>D1nOEi|pycT;h7qDuT;ModuhGpi-b>%}*hhRy7O214^AcvgQ6r&B+m`!hs z`kj?&6thnZS>4>hGrE_PT?5-&LVwL4D@}HcwMhx@Ne4Z1Wvmf zwf*Y~>U*D<9Nh-fzC9gyZ)0HnN96bNTImnZ>qe35Gwk}f08jj{5?I;LUmotpx_d2y z^?S2!R;9vmI%_xKa3zQ<*Kdl5i9MUW7)|2(_TuFAz3W%_ueuTTXeU$1-vqlZ ztA$z<_6@s7IFx<8Q_uEUp0$cpKJE0Y(Z|NEkXmRQ;_>P4ZiH13k>@j3^d}9%7-Bdz z>HUXjFrn6vv0s?F7Ftz-(o%p5`HkrwQb7QI@`Z2xQ($Nxpu}3UqF`sliTSVmD3V&} zhw`!;1^`JfU}Z5%S%r*8B9!NJSPmK+c}_QeRk~w8M{M;gvz5Fspa(cv@LI600aI)3 z@R!Q^HGnhwRN<>hg?PE<)ZkUd6KU}I4NKv>-Keon4jbh3Fsuih2n;@Nq)wmL0!Zdv zt75Pmeomh%yyrps%ZqQti-Diox{zts5$7AfMl1Sz+a!HFl875kE=DV&nc>M{%r{D6 zye!MK!74szmjFz0G5nq_J=P)!TZ*+xuzcs)d_RW$YBW=)gKSH_q#IZEVv_mHN-Jxkx`wro~6*ms1;HoIjMx>~v6(AImFsaBY1ezo6yyVqVF_TlU#WTJTS^UbYzGGApJK zK*m3()V%*JgtMB$c%iQkg~xf9wn9$A7Rz5SI|@OD&r%iKqJ{j zwc@J=DEn7$*J3IZD6<=F%IPz>>7LIR2|ye;FQK^vOOQkGbobHs(@*6Sa(i6UUrD(V znd@btT4iC?1u$Iy;BQnQM9GLDzo`}$wJC94Pcu}Pkqyk07*hx;O3>Epc`z?tNRK}c z*Xo>tyBjBgA+J+xhn}tPF^_vssiaTJNwbRWw{m-FSasdSlWS97i*1A%Yx7-LhUPmF zuP-$!m^8rMS)S2=xV(TQx^4~ErtQDbaVx{jXb&?j9;4QW?AkX5$@~rgc0y?=D9%ZI zpRHJoe(-W;*+KcBQGYyuf3gf{H3n(~16pCT>?Fys%%!21gh=#%^JsL@{OQ3@`;3-j zY(N7mZc|BN<@{#WtxffGDp1>wo_HSa71E%gc6##SL)JojiYZ2B4MR>LyXWj{%>z4X zPMPlSb#K?L>*(#nbK0n!WUuYM5n$uiS zJC0mm3w)XF>ug!%^s2TDFsz67j=CsFA)M2Gg9n~!sc5C#(I&CO7;oQR%v2TJ83Mt$^R$+*~Qt~WZI8z9P zUuf%x@;Jn>%UZGC*0J_WhPqhMucTB;PG%G0h-$yYI&gL>c+0^~DRZq_M$Fn*!jI&Z zsH&}+oZAMP<5p1|(fOOoY%_v|_l;$1?=$3FW3fD%LfglU5$dMsre-O00Oc-gDbaXz zF?!Cp@&1nn>F$#ZNvFQXej`JA+_jdCLbUs)+FgsCD9S2%`cFRFJKtBKsk-zVX*%>! z9bcik-Yy*XcimY1x5Y5kdBHtC`Z82j|EQg_Up@AHgndi`y`-1-Xd_RjK(hjDx|1-v zqxTezBn#+U)Lm~+%rmuFV(T^4q3@ggrm54x78q_jRo@C7da2=l%CUW$s8g~Nv?RRb zr$(97HVLwU#ZV@8{$_jJb3yzyp#fFV54OHSRo~~vK5dC7REzA>H~u53$}F%vA!>VN zosB@1d6H%QW9jnDccKMp8&l!dPL5Bq4%vfz{kkg}kCEO5yT}tN()`mq!sQJyJZD20 zpG(PCsaKQ&DmzK{)eoyi%Bq<L8N(KaERR^@=tOGpQpgO(_2FcoUd64{^S4rwcw9Gg;}fpA9WaplJ@odh|? zC*j~f{I&6LL057NYc)F=9y;BiH=t2=*SJ_b{7-nb8vsD^XwtCf6HSI!3z6w($bbOo zvHRg~2FS&SHJ|^$BPXiqLgOWCBFP8CvZnA4W)hlJSSRhx|Fn!#3QhGITQVI2E}FPo zWy;OH86< z?aFY>-gL3-q3KHRF*Kmww!>-hNTfV^ayN4xws#kgY|Le=^RtNB|7(~NQ9U?vmKzC^ z8?Xzv%L?LR3R?3MT-*(*li>l9vN`e;oxZS?GEaKb=MQtr?BQ2!%Y2)1p>m=(H=>DB z%skZoOy!tmf~gP?Nyoj#h1d{T(ArifJ8G~qQ{QE#kF?XLP2jW>b4c9jEg_fTaiA+< zLSJQY;r+GS<80n7fe>aH0oekw0%6FKka zYb07rkZrpXOSC{;T0R+ORl}ozzq@({PknIlqEXB5RWj*r>)XqEF1$W%{n56v^bqABa}SDA!|2Ds;JtX#3D(8I8iC9!RB29}{brSbxQ9E# z%Br%iy2UH3LbA|jqw1jz<5wjljJP2MHN`@cSlW*7PFdzzK1)4obBQmc%h=Am&Nuym z%h0DgN!Z7god@q94LG;<9Z2QtAP@{M%qD)o?%4UA#8_@9;3{#*{u2U@)8I}CHLxph{Vrp zdjYWi-K_j}a=kpL6ocsD2RF?h&pTOM@11&Kgi(p=ZDp)Lf)Ozcu7j{&O$O_ z{^PMFmLD5*ZMaqEwnPnGkef5XYI*+9Jg-uOC4O@zCkMD+UeM|dcw^-UOb!i4_Gn0v zoknBlX9)G}644tM%|yC>zskL;`B+YU<9x7-_cqH|b!t(?RfWE(Epe(d@uU4{^Q(xy zY#x@X&4GQI9u_hDYbW>;Mh{)ZUKCcj{D@g`Aj{pMUqEOLVXfJb%y7R#OUci)imj)G z1di~Vp{5G0-aL5M{d!z-Z|{D0j{{u0-4W%YxJU83-XNcxB^&+<+x#7EkBxDvOo~Iy zT=$+C5hlvR*YdJPdMh{b>}o z7F!EnDrNc2fwHE2eG;qcnGwO$sJBC7+3}-4i5L|f@=!MWIYgS|k$!xlHrGDg-|PNb z$6VFD>9;a^qhaElCqoLgkk{$CwK8I;E{2fP_}jcoz0@W%-*Vb}n@%zKcRC%&z!~$% zx88-9QYa+Bo6#ILSLpQjnOz}6WivsQ9@Ko>TX0d-Vei)|fOt9`PJD2;TUrxKxg{={^2R3;nR%f zmnJ3SYgbOYR-WMqB8Q9|pYAmOIrs<<``-4bcVRrV`kjvV;RB}w{O-@^ab&Kj`rb`Y z+IahRnC(T-SWeVt5MPA6tQ{`RkMKHy(sr?AM7#D%3LeNL^`cI;2wwrN=nwf%j8&(} ziT0N4Ws14=GGd}82IGP8)%gvgRql2A;ELy zYLcfigNkxbG~b-%lCf!`kM9JfGvK2M`$E6Jx>GOMC>~hYW~lh-Q*R?kc|Fr%tU0LfXTg<*bh&qbs=u<) zDzy_c7cJ*8-7@xD%?yDt`HCa+;I^BKLW@_;S$yuMswAzn-Bo;0ru0|k9fxbfs66B& zAth z2=v~nEDcmV;o`Qqze2qth1lE7P4RY=nn{q9O3b?JZoPkX)6#qCSQ=_4+ii)i6FlnD zdx=%ipR^BlqeI}*5z(d&0pJ-yyr*V1YBeo|6Wrj&3z4|1wif7jLu1R5HgX*6++1b6 zoLsoufftV;Mh{~Tvng$Po=)-xMiba8tw=KZ_a{fMZdKP<=Lj|(;q`RDF5fFU!{>^+ zXoo!GwNTY98ZbA7Z{q*K<>?L1CI8oX(nHCD>GEgoUZJCsanPamIONGRf7HDXgNlp? zo6y)OA9apkzW?r1O+0tVXuK1CU3zCHn0u*}+G06zxjeR>lAP~f0tgyRTF!o95&xNv zq2*bh(ghsXh#Z9@f5o5=XynU417E$f9KVQ5KphE5VkmMZu1!lsaK^Smko54)>$!Zi zw+);YUh8!_k4hrL*%bD+XFq!oqIK$jmb?^QR6UJzXaG6+i8fm1pHpk^XECz0u6yHPSfzRJP*<(^8Y6leZ|_9IWBZ zytZpRUP{=dXUo@%Qk_A4Arf2V=!)B5ZZ&JrhZ|2PLqppVd=nAGl&Zsx#>gV^LBWUO z+(+%E;^gW!ZC6~U?QLI;Sl>FIv+*>MH#q;msIH`@oA-O$V8sZJhl|}}om%ZUR2lV+ zbo(>tRsYW2D_tT;t!Y;r%c+UGbLf30ZIF(|Ow5O2LS-%#19BepJ|B?lf2IAHhyVen zLYJr$5;c1zWyk5VGBM($#Go1;2qwA&UJ2OhesJXx;xaUmi1roS_HSn>L54k+CZq*~ zIHM2vEbv4up{&9a$j2mQ60;(eFI}=zy8J;jF?qPwtY@hQ(@4XElp7GtByRgd(i@V!ljn7{AOtlf}2v<{#q7%b*%&&?D?9ADZ zb+-uim9wl-$IWOLj~=E%ky?71Cc$ewn|)zp68#>L0uN)H2Q>~v{N%sb%g1`|s@(@k z_r(F_#Q+{H+?tNfjT+i#xAb=MMo@e|~`=mC4}p6j3r$d40l zB{SySWg<(joSX;!M~^q54s0BWXXQF0UOT&UOA?w$jvn*p_1hX66a<90nPMOFVbEtZ znZ4R`$tZQG+GCj2*6O#*3(j!1W(i~LsniBW)6wn=@2=K5-iIY8maS17dEbr&Fv{CY z#&`qEout0E45ZgB1L-_|IxBFb%>T+vtyANtb3VZhltA^&gsda`0?dmn`fU4VTbkbR z_=SMo&`c3wUyE7z)Tx?!T+3oZ!T7n6g_r5#?JMU}0_L;bJNs29l$3Hn=IIOXlO|Yk zVlOjw%TdSyEz^a30kTg1_$!PxbVZ}ZeEqQP<7P=mR(5u`jGD5bSWrglWV7521uvys zyT=0{+w6c!FL2s-g={GFcR=dgx9U{1dU(PTvQGKkjp|I0lYN?gk$)iUoF%95{d~ZO zo@CuY2(tbRz*o_H+gSQW#43g}u zE}dSx!KT1h8{;(L-)kRqiA|APKnKNFtBAP8bX{CYp?FgiLJqWCJ+73r>3+(q%clF8 z04>h1f$?VHiY2)WL~(>H^U!A3x-X8DfJD}OyrY*C)Fx+P(cC6^P(}bUlnhECgzjJ7 zM=xSiruEmuZY`Zt%&gM1^boC;MA)5nIW-}hl&T28E_{&{`Xv1S&Q^_Q6>u7(4mU?o zv?iuH^ypfA6xm_)f=xaoc8rhU(QTlSYeNjJm-z&_0~C&V}IFhyHaQLP50xeC2z+1%*S(; zsruSHKbM(rJ69^!gdE;sDZHc=mRNoY)#QpgYxf@H0RuIU;temDV zd0Xwo?DhvTLKK3$8Rfl3gykkN?n7L%y|2S{#T6!@1C}=gn z=$p5tD}kpx+P3U-%G>Hc#s44aWRCZwpvg1!-(-LdgnrF@JFV3-T_y2XQfpQPGZL7Y z`zerHqN&$WRWZu;mn=O0H9_rw)LV!-C{}p8>YnWd5fRg-l;mAf?%0m%be{Zd>}DMP zROa@6A$llOUHO|Nw}0fUncAR1k`kvUUU^k_tHIn7=JkvuwQN!On(HjvVya11lgshmB@Ztx62)LZZU)59* z?|VQLNyU}u^^84yNF;}tuDUdz*zSGz+r@6W2@RhnF1nI-FK#yZTJ0gbPD)S5E%{g_ z__Q3idSgD(*y5wiqjZMqd0T3pvtKPkdCrKLLs));0fu|i5!p{&_mE_NGvOO1YbRLggLZEr-1ptHs)VRs+MnW10S8$yu0f2h#hN z@jdGXW~O1A&jfd;yXGaeC1)bf851RYq0{WS_@^Y)|z(zoabQ zPSc<50`@#qA?c2BMmLpP-!5y}p1fVOHM+B~Qy^82)^yQ-xZO%OJ<6)};KL^L;=`u#Mf^+Zg^i|+GM7Uh z&Dx{O9vj5NR-!<#a0BL+OyDT}OE1^RS$`4?}PsA*!4;Z?SUe{y8q= zEanON^Wo^vuL2tnza!&Vp_>#;Qfa*iBde|}TU)+8=bg`@SEd&GSBYJLyf4RAsQ;&- zte_7)RsBQRaQX$x!vK#y(SN0_^aI_b4q>g(;5-v-+hU~j2VItb|6K(5ohYnBb({8n z!tk#N{TV0>nZ?^n8i z9`R55{cQ$JJ@VhC^#{*>J6Eu*|M6lblmCCUEq`Cs=Ux8irvCfv5qko2%DZIou@>bK z$z8WFbE(Jwq#Zm_V6K5alg4zY0^jW7QC5ZV0=IQ{gTU(7bn z`UgGxf`N)Dy+cH>vhXORviogto#ycbX?+4ZffT!{!!VzbgL8>dJU^xJh%(L zkz-71Rg8h!epw0(;PoxT+jgH;Ea)AoYKUZO7|FS@1zfT%fj%VamfHvS8I`gVYo58o zqgu8xDCPwp$k-;0jRxX;1{ZjJdQzCV;(sF^V3TksG@3K1RCSXu^C;uS{AK02Gqm-W zZI>01ze?$F`?L0$dy|j(r3@>l_`G@Mwzz#`oB>9AwUsLHZ%k(H6dfa{#-=d7;1IA_ z;u8sUi#@%yZ3eAl&$9L8yMkd!u5A3HCi&FDwwvN()h~QP#`qQwBRgvZm>%zo z)|1FF0(miFI`4mt;0dVEQgw?{U6wQLR2Gdlz=T;ca9^29>jlLEzeT+P*CT6FHOhmR zJeB9h-9~@V333s%IDuL%tGh=~U=|H~HH)^gVm#Ci3taN~BsA7lbA}^i(zXs1AN=J? z)&!?jh%yg5ZmZSBYN;Xhl>BLw-K^VS;tSdnj*!eqIoVzJ8Ji{-e{VK(f3p+SQ{^;^ zk*1T%q&iZ2SzS7P)phJQvr*4>vG!FS5AvQJ`Qe051LH>S6?>;#zAjea{k(V@_&(fT zpUa(TQ{vkV+~{noX%nUp8E+Jv>^f>QCF?u$BP8W zH<9u`)`LKY`#{gjtL&^cn8&ae0+pGGZ$9#_mH~`R@;N zri^OmciZD!?RIeKH|^I z>4Z&9B)A`@=fAa2-e@v=rk=v8nK=KSiw4nqQ@8^G$+Hv#T`rxBG&X6tR~eXYRe6ex zO*YHplm_H=_~b5PA>PPf1=ByYcF+0av$<__xmEODTw+y6{;w6d`M&ijocD+}S>aBp zQL1+2X?uKHi&?OY!!Uk7TdGx6@*5S^FtIUCT7Ci0IRIJ?RS+vH<(ZGFmY+GDWZ6=HsV7Am0&#W;FM zXD`MGX&~FowbGM!==gc*tE7ZKTWB9$hR9zvesP}BEVFAIqj;19_-Dubw zL5eFSm!GmJ;@*NcjjM6MfSs9|O;Xj|?A!#WE!*k6!=j z+@qhbs~Jy$3Ib~k`+)7K_zm|-2Jha1q!8t?b6=O*Dh=g^Y?oIB6^aR4VcNP&CQepg zWPxSY3(P$pvc(C^!SDmCHqy?+_}mJR!ES%B^{Asqq4q-yB^YJ4Z7i7-X7xxBjhafd*((%{SK=4%nErScZT=Z9cE9*oQ+lE zk+F_odFqU%x9Pp!-D8t3^sY-Aknk-H=ThwIxz$lt|AT;ON44S_KLs&mvSpI}!vU?b z$(X!>iWUcrr@wC3iz{ilPUQSh;7zyiww=69sMo8|9(b|#6OCAhpwF1PxWW+xmI~p1 zjfOf1f|~SXpppU6;Jn&Vy$Pzh>+6-9Z4X!s5%S1tHM!P}a`=JzCO6_M-*gsEnckxM zBAG^}R1bzA8GH)Ckgo*EdIh0>dWQ5o1^voDdgx#wuLC)n)KERGY!S{2E1U7eq}x?B zrrTUu2m+f&l<*78=EGN_PAIP_B=hi6B4uTkmuyCjY;y>rsHcujfnK&1@2i$JvF{Kf zM@?%`XszV>MnhYdH81lh#BUJ#3PdP2>kC8t4EZcWzeAV*c0tU?hue}Y>9yq?pN)Qz z)GXusQHo*QpNSym`t6$wI+mp@yZ9L66`PWLVt7WBN(#GkD@{VRVS#?uK;w#AS3Jy!Z2B7~0l ze5QVW0NKZ+E)X4Xv=pw|KraTP3;y@V5I><$Fu(m&${b5g?+@O%hW-!pQzm0TL%(k9 zp9?$j-LtI!=bxU1M*VRVRKT0iC!p$|1=LS}z88G`FYD9;TgQC#zc%s&Afy`j?u(T8 z@e5g*kN@kdzyEf2Usm@Wc;w%P`|i81FMagK8TkKqfl2rOwF}R_Qsz&d`j!Ic)Ihf) z@b`Bj{_#`5kAGvEuY?H&-1#rOdj4;m_a||{2*04uLl1u8gg?jo_gDXKn*ZZy{0Fez zA20orz4n2j{(eZlu+bl4=KsZM_~WOa55?cu@alyhzHHdPFW~du%w>y18)%C)|M_y7 zum5pinR8L=Nsonu$7Z~{_T_Z_jR1kAXsO3tt_^gVbV>Wp6K8i6@BaM&EgyfD)j&_@ z@?Jx*-L6_K)c9cO;$&@PX5Lh^tzY*F%NGUsK-mk*C8m)1ZdO)MXDBb%qD(*eOqo9U z46c{0?#}3GMO4H^vG5E18=&ONy*7FIX;9Y1K{euZt7{kDG7tg!@I)bZS6VheLHKPW z`fi8p=<<5#mxX+hlCP)EK}8G}?+0H5 zF_ZH5X~+#@hVi(^=Hkc(s9AJB85E3C)X>tZ*rU^ExOCJ`9?#YLA2*gpT|rNtZC~Z} z?S-oOcQdVp>(CdWS_q86>6LnuC4CMNx$z32L~BZa5*F9BWg zP;a|AdT-jNpOO}O@F;A;aku5^f_oAHxvc zS&yhOF`j~_QrPhLI)|Csm4O2VZAkO;mfUeT6x} za!>!*Iw*=&5^sqb>gnw*v}y{Lxi_ii59&=(X1g=Jm%ATs^k_)<2F-&~WCiXM&Eht^ z{tK7lU&`YFTg<_7LJ6g=qe>iUm|tMF@Y!fkNUL22LAaZkn254K<=7ur+*iT2lL?e5_(!x}iTZ(>=`N~70;JHOB3kGB z;hNF6|0!QefLAgqY*)wy7O)Ziu~eT5Z^!$Wrn-R|HMm?ZC*!;&T0@Pnvz0i)haW9! za?{|v+|ko4T72zBu4&Ci9?GJQ(GZB4LG~;AV(8n`x0GkiI5KzxkyA*+Om81@l$7}8 zh|bicZD5a-K+nCaBhV2kaYMDBR5G&OdNgY$jb;&aSAjZL;vuY_xdtkh5kLhl zL{An}{PGRRHU10y9Q?dK3m{F$0G5NGi97$c-_=B%D2 zZdpIPvq2%xER57tb|gx+RO%<&btKt>0(2`f)Pn0=VPf&Ha6yQD%xtwM$pLcas$3=_WDd#kJRLjgjGvhrTn13_4i#aU0C#O~FV z1&Gv~yNA+>zv`%dtNx0jrT9(dJ)k`!mWvZ{_Dd5MQM)v!LxzncUn7xZbp7xK@BJS1 zj4kEWAp?qw!b&CP10DVRKX#aD7y#(Ap7flO7{1ROBI|dcV9Waigig ztL8;L0!x}G)b0I#qlKIMCeF!Pk@mE*-^qJ$l|9+abHw!0n?15@ta+)|!sQ-671Gi% zN2j1R9;P3rEFYVXVBw;!*r>bA1Mhz9MW^JS<#dSWP>8x6&EiK9d*dB5 zW2BGK&p0r&&2R0*v^8uY`gc9%mEc!rL1(q_GOmgmUtT_FU=rHk!5Vqa9dpxFr_|LF zh1ZrnW10m~gt^9~%6kb15=I7veE6Z!Xmsto-cn1L@C{R(^PK)5=7C4wOWlFz*M3Nr z^T=6}fC~SfxAw^4kXc6 zw1%__R#5OYTrT`HaTQ|Z#wH)OUkiI{hHn}z-}5vJvLk(2T}1Z+_)_O-Oe zy$G(F*C)kI>|suxiuN7a&}-%z3jnrAi z#f3{iKYJI2iu%Q{A@Y4xduE&NAM^m{sUloV@Nbn<$pQpV4K(ZUk_qpwz z)zGihs!27+pUI@3nW6Z-jl|dXpLMNV49k%*q|Nu~l=>dV6O!Je=JWfVd9I z`w_0ErJAq)0kqV5WpE_wnSpd}PIJF!)v+ve96IlN=q;GHdhqzS_aOeh6z2Mg20eKcb8rhZ~%0FZG!3^9N=2b0Me z9#nzW%z-Z>%V2b#4Gyb3U@LCp-M^UVxgx*X?H z-1)@O5cpm!f-YFe*bQHgx1T?L@CwWv<5#xyTPsRiON3a^f404iWEU-9zf}TRJt<-C zdR)Nnek|NG-Job-Xj<$x8J2~4DORwQkxPt)^l#5}SW?*2th9Pt_2Y+tE6^n|2Kp?Xe&#Uz? zeR4ygS}02cF%hA82mD^lhY^bb^NL3yD*q0c!l4z}E zDnKldle1_w$u#tFofv$7yT{AH#PW&V!9c1;3lQ0Fl=NIE(q)Jah?kt!zdZTsvCnRc&~&*iY58C5m%%fhM=~v~xw) z+ZUMgc-KMOrrzn>A=*ud*asdl>;p*wSzuy3CV zLaB9k#|KMnkX$B(c%j5R>P>!rSh(-*mb)ds%yqP090KzdcEmW|AH6>j{t9i-0=g|e z;ujDg{QkoMGrPE3=tHn4-b^pBP z3|WYQw}2L+HgwwNCfOh;zf;8OUyO@+3`A?Y9_{&dp)5A*s9D^}2a{<7Q+?|%*@b;P zt%QGv#l>bNHOkm7dt#p-8TM1vPY*V{jF?*u7soz06;s>0o@;`=Y`7Sd?lY;lu&ULl zrTKC{q@2~P9wDV z?KKAfoO$6YaFWl779cV2#SqHsNo3O9o2|`_kh$_X5z&$s2h&qk16ED;v<*r7!c`nZ zWk)g%(!btJKcMYpWn5!{-L-)u4YaV_V$jT`>;Vicwn*4rvJAIV<=XNpUeKECG$`wl>c56Kk$*)-vp7S5lEB8z>vsWMURrwWQ=J_5NF+cNF zZ{Tp)^LTkA_7p63j%if_Yl;*}FlzaU_R_=<`G;fYTbt6M+gJ~x26No9DTF3TjL)wx zr}O7P=+^vsVXsZOh+;lc6$hi^Zre>8l6wP7rCk-@o0M}poBKa45$K36gonQkD9KUp zcYtCJy<3dhQ2S-RVt@F~{R$h#WFG2td=_$CLl0(X;f3G<%4?y~g8H6V>+L|pEtQB& zob%}3ox4O8l<2v0`FR2Sk20~_7$>KpXI5oqXW&W3PwJLQb?nCjl5U%;t|w(x>s%Aw z|02LO`^RKySt4y(qEbe@9EmQ^rnE5V`gIz25#%BDE4ihxa5|^E*B!_2QB; zaK*EyGO~mg%(91+%WEK54lmM2?0enoOo!To&mLyrphK^tqnL&w*cms>p;ca({FFzF zWtXFN`Rto z5iWPH@2Y8hO-rtGzd@l2RIe~-D1&;(a!H>Yi{UcpCBW%@(@}V$&*`!LWIol7icpyR z&Wd!lTW(S2E|)b;g;rou(}af?j=qeHt*Hs`f7#z*n;IeHeo73=zq+%Y?1q!z!wX-- zOkmpq?g-l>;Z$%~AZ6VxxS$wy{B*rI*}I)cf7y`~O>uewKk_a*OFn+_VGf@~u|uJe zH|rUhCc`2ET!D|qAprFX2MTiNdi#*SUV|07Be9|Sbxa4max#BsCP^7DaTZ!(huQJy zMpH?oLs6&&&N)e_dEvu+FW;yvWo4+aRUYO8_IS@>j_l1N#l2HIDW)oZMwYbkkw~-h zlQ@CDyCXlFg67du0N#%`{=F~CV}Yd3(;1s3D_yQD4vpXOOTuiBM_keEZ>kOtyeh_+ z)P;4V#ZRniIYHsoBv?MqgzVk4kQPcgjD?KsJx2`PdmSe_;;?qIs6?9VGc*ZYbU$M< z)=oqH?8^e67%vh3jWbJ5-kqke25hI>J`~DWjSuCy@q1R7cP3p;KJJ*D^RQzN72eBT zpN^CEuG4MR)@sdnbm`5-7Qf@E$n;DeCKg&y-lt#gabZQm+&bzr5-IE_#4om#9?yM0Sn~J`^i|zhWc^4Rk`ydC52X^ra{YIn_TE z+_U6}H+ezO>(BP$h8Sn&(9JUDq+v(Ylc8H<;X37^7%`>@RSWkR|+~xQn+4OSab2FNcSk!8~wF z7l-$=s&CS3s9Y1U%!b+w!jQM2!wfxV^8hOdq;P%2TUlHmwG{*Dlg%U$p9s{np4yA_IviZYxw=zqK&8|afh zVp$Us_MYtW(zRhr%Qju$m48-eIW;rDV7IP$3~A!7pC7DB_IDBQk* zciId%CX&Q&|3{i6=S7Fx$IhDrhx;X{UuR5>CCX7SEnr9+cE+IgEWIIZ;~kn(kF!sJ z8#S_j1=9em_7&jNM5|A;a9<+kit}7?NYZi7$6{^)h4J{KfuLtuwn0Cp+)aOEx98MQ zIM0s8_=&m%LiJ$B)pMY%aOJ{>zDkJh?eaiR(~NHa^L~Zh86W#__|d_SD)!I~p~YR5 zI>rrJiD>tFBW6Fa?-RYq(gU_r8Slse!o$ENz)`gX{Jtk0*XVoFBpQRgXpKg-pLnt9 z)uDp$kX!bM$+{M^AIfE}B|PUlp2|jPw`!-XQ=snq=J16ALn{v@c5p$ksIT024ZZsO z2on=|mKFaP0%LzZuo|-!BdQht91Fr**h6z37h2>e8wsh$VOEQ@ACgc{HK6FdUz4PC za6)tKh1W8b;wyfxiTUW+n0mZ7z;C>ufPxeD$OmX`Pf~^E3S4LBC+N-%e#hDh=$gvh zlj9rP2Y82`ghviO@ikp|`_xP!t*S*Sa867CwR^w*Y`8^OjPO@X^vfj-=Jg!XFO`)P z3S;+88kY&^cM5uur`|p?Ldc!(HwoV{c4(NFuAw{M{1{#-g9|jE#3;v#nsJ#S%@OIL zM%L@UPq%JV`V)6da@JYU>mlkrXVo7TUM)Gq^>$W!p_L0KO^O@k9vNV)SCq_L0b6x6vkHdNr>9GF7d9}ZR zWxr{d0o3#?G>jwrSUMOm_*N!9W9q_#|Hg^|uD34854BNoEEi>Il!|kZ3;i1K@TW%w zK&tdsXpe)gNrGs&fMLXc4aEfN0DQa?9i6pu*RenozUn!LzH{SL?-_qIw`~wU|7LBhDTIDb3j8=5l>S%U9TfrB^Pkw? zcdu>5q3yyiJ};r_M5gk0hf0~N`RiT3LBygT{@druO(}97 z&Goyh8Z)5j1%OUy^ZD2X5Z*&GULWZiGhr^``ake=i&9_EQU}qB=HC`IukMp^8Fm0o zHQj5v94Z8&^UD&dlX&3f}7p^tE)x`ci+6 zTX+d^{_1@1jS$u$P;-Bm)?=pe9;}s&-00KS@#SWx)-0OV%1lpAPNo~-Ptx{4E02X# zAJW)C!Oz?94L2~iJihDU3@qPp2w(@Uzy)3A*qbx-=-}~!K*k=}kt_al+3^9%TFElT z?Qvpaa&k<#Xe~-pF<`4W6~Ip3i^Gnf?MNkHH39(r5TM%%6S7cFgJfjA%(8^TF&)XW zUGMTDK^@%c6JQ=7XmIDQJ;es1kOvKGmYVy}gW2HDYkM$^-HC z@zISp2Y4qfZGdwVu{znhJp&rHzo^?94Y<9O@A>wsNo+ISb-gQ|JS8*zih8z=&X$it4ZfVUZ)5;Ck#n{ypNvbj z8!5mj^E4K?Cg@HmG?h(Xm3HPU$qiL0jOF}w9j3nk4DjCE_u&yap|M-hH)FTJx?m%N zH9oE!_t_NJpS8DVK=L{TyYcx(68_^)1P|2;o_pz$XDzAL(@5Y!njd?74%@I-t#M0> zQ}p*!8JHf>3*!E}oX+DJYj2~o#<*;bi$OI!#6lONI?L{_SYtl|M`cOx(fkab_s`BL z!Q5-t)T^7xhyQ&6YoCmrY%yqk82a!@(Pi~kar5e}6R#M1n+tiTb_+(puYXA86? z;ka+Usxe+7x_NNCP%m43+uESC9CY^)C!7h~b;pXwegxATW>zaPSYut`@G4D??0 zoPA~)|0sQ+IwqyhB-zANzjyhh0F-|jaun8$adfE&v_cz{!ZP$IeJi2SSzlJCl_a&| zCEqU&y;;aFtb4ldiFxpY_+t*uXnvuL-^Hw{EJY=&w=%@M>}Uyu0TZO~g{@Fp+M zrD8E>^0qtLAVUupj}Dd{@zj5THkj#^sz3H9X#i%eP3e};s6MGR!3A;Dr9{NOgl9g= zot)6uQS{PAHAUPF9i5Y zr}!KkC6Rof3sgNR2S~aJh;%_xG!NET)cIBY8ZF9Fs_WzrFYLKbHioy2{BVHv{#4#Z zzd@CJT+T|rUotvC{pZJPGhJQrG4htrvO+N|{LbLoF?|WJHRhGg5e8s(cVD3wB2}0< zduf&eJ+m4c{ya$GheY6uMc-3Iy+?oZtW*Xbek zo`*B)dej>WNm+232)4HIxc0wkUJ~gCx-i3i)d}Ah8t2XHJ<-z2#W0>nMh)xdChgn+q^$FqlF2#oX^($6B?GjuQ$u`Om<_xHDuh*Y&Z1KzG{LxjCB|>6h(XzT4+D z>*r~nlp(vpWdk~S6DzxD*${k&&DG6e50V|Ud-kOzzp}KLYeK1^9t7EZ=W3Z2GI$O9S}CQwV6?{RMw1d;SF>K_v?;tU~^wi zw4jc~`lXjE3}$%Q%%c^?TI6C03O|=dCh>uAzCYFWKLSO$qCxw}VW7a=sqvGHo7K8v|NWqS8U4?{0JaVmk=kqN9TR&n!m0Z);nn6|5ZRrdqnV6e)t% zh~noo_~02W>a}Y?4+afi6i@nmIO$CqoY*5OYLG)Y zJYhN`A##+b+0V0q%mo4lyLU%hN*b`z8&Z4J8tqN9^mE|{p{NmT&wAL7F}-lbqrSnP zX|4Tv?J&(*2`ChEfRdM&2jb)uiB%pma!VTfsk7Zp@<5RRG|E!ejGyELfD96lcJI5u zU|u*tO=uO+O!$qvFQDDOxv)4ura`yZTvg|crk3i1KiGzIFh!X(%1qZ%bP z{5!Ssxu+!Up0aRWemhWLYy;GJv2I_RNRcr~kf5%zw~;uyR3HJn@9cLuu{l zu5?#GBp-L7Yg`H&nS2K^9_sLU69{KNX=S2?2<*w)x_OU-cT`}Ves$p1Cn<#+pYx@I zu8V^j5_OX;y$NiH-V&gEQ4r{}taKc_Uzj}F(4e7GVM>AVlJ9fj!Bp2g=D5_+z~bpz z(#IE>uMzoi2%;gpHG3m3uuJv)d^PAOs@>pIG6Mr$Ua-HucrYr6+@q=mp_G7tlnfwU(hU+r3k)Tpgb0Xq*Pw(TIW!6=%}~-Emm)1OFtnf|T_Pnzy_@TP z?)QD}`1F49@Hl{D<~+}JuD$kJ|KESFU&xqEF^7aYYDZNUF51sNSsQ&X?z3gOOB5Wh zIV<=*WIaLaUdX*0SCa9635ZZ1q>+vO4;8pA81)XTM8(4K6mK*dhphL9G;J0d<9^u8|BQDcecU%F*tw;=6Gp`R0muw# z{PcoR4KO~9o>J=@@&Tg+NNCY;*-<2k9E`z*g`aj}3TdPCr!;uOFuGq~xYS9vp56RH zqlp6w{UfIzVVa?7IHwiA?!flGLOfza9!@2{*G(PL;fFNBRh=s2xqsM*)e$k9qL9n+ z+GUVz>n`4 z@jA_Glx&g{NPBPmw0&?~Uw|}nK}$|Kw{T(2Y*j*oSl3JUO9Ur4;Q<>#*xNBea&=fO z8*M6Hqf?Z*(eE~p@&x#3nAGp+7#QXfz1MU;|BhG~--B9l^c%(9g1+z0_*r9DA78jf zaX%MD;r-mw_i6el3uU-Gx`9CgjJZauyZfYj^a# z?!|iv9t3J5jXGPsZp1MKr(tLhH(wBtp3Ua(y0!&|$mgDz!ceD0KI^`zSPNXkB{h-S zf?UgBjOkSUdVm+Xch$kE$MlEC0=g<3wLNV;Z$qja=htN!_BRY&%7ot^rPP5k=YK`c zKPp%=4FmYrx>8G#6IoKw#LI($RNlZtGZ=?sqWc)e9|?iMU>8F2*J$9<>tfj^9tLQ` z-qf2(eaOC)Ut=nlU{BUWhAc;ay3}W*DY|)m?4T%Mv}%d8UKQ?HZMeA+*4aS%QN&09 zg{x%%v*r+c@iWPE)S1c|WdRQbXY-BE@w*qwr*s>=@zy4$aG|rz=4C6Mf+|cfM~lK> z#H36Qr}CXs{#+kBjMz{)Oh201<0w7IDw;@w1W4=V^1q=zH-X*pmRy2n{#`Y?0k z-mUYKv6F*<5+9?`DvM?`gP4;Y=z1InmUD-Eng+X$d=}9xFhg7d2TXa=<2T|L@1)wj zYnYPqs`3i;W^!u0A4-uotCwe3qnS(I?|B%_qjm~Zn>PCA?2n6Fz#*&~s~88>P*V!I zVGg$XgaV6_oA6L4?J_-Y1q>0&eDZwEq+V+kG(tSri}#o=-YNHzEm>mvq$4XWk6DlQ zOGC!J2}>FIi(jA0mgpVSq81M6uje{uTlbE$P^}%CCKfPo1+;^gcENYnI@dawMGo`q zAK@~+$In)Jd`}H}x4v^>Jmc;ea+SH7K4v>EC-g zO6$R=2ypV3qEP%g`DI72Ak-JE6_U+3L`~f#F=JFp6YYwurb?oU{C+CLRQ59-t6`vt zG}Ms3=ZNkuO#W%)C6;CvHG6l4GSAt_y6lBsY5?*RQV0bZ_d;cnz>(@AJbkhirzOEg z54gCgj?&u_Z;o9cA35dTkG!8#kd0M6hMiZSCjF3gw!QHJE>I7zTyKRs%Zv`gWAhi9 zFVt;x^V|;B#*TJFFXt8ocNj>L3$n0==Y>9-Ezrq{2K~Rx=lx$J3#fFzFTg0$>|`Uo zRY<9yNayxEO|*0>#+vj_WQ#3c5*Qz7LH>NzWxKItP`Bi1A|E( zmSI(E;F$Cn6cL6n4(}XCg(4lL27ki=<@oEsY|P&#f3HB^$aY!5^1zJObm{2y1gFYZN;PlFUIn1PLKVl76L&#@^YtexNOAK zi=c2P6ZOrTWuk`_MiUpzq;6{&Ty}0_Z~YiqSNC_yP)JNXn_4wGRy)>#H(<{V&?A*S zzOpdX(`PU>tyj)0(I#;TejjZ&g>gl`{|xfC9+Tc34x=(B zmgpa>5zu$gAg^sykkMtCD@HBb`o)7|Eu=n8LyJ06WLEvR>JP5+$Mkwgap%dQ-KeAF zXJZ}GJ|)rLPiPROio@Dxh03PQTeiRcrpz5dKkGjbh<*b|W9u@xU+T zT{0xO3GJZhf)q-7i*ZJ+kf!EfwZnZjGMv(($-^udKo_A z+Bg;5zGBZY2@H!ZTrG_;Kg+?Iq?vf#EV+h}=) z-VLHd_(4n6hIJfXoJ$oNldK6%g4>$Uv$WISc_kAKMY!m zWjC^cebjimmgVK5RHtcBk|h9iFq=w9r&)tTZ&Nyhq}vYyU*1F_kR_>ZhL>f(wJ}eq zvZ$cQ&s6rvCsanrXIQIq)CKY>F--(m5-JUk^*ywE$8TLT&^^y{*Z-g9k1Ox@@&WmN zRaoZVD+5Y?vf1l4v7zO|k~F@4|3PJ>T7r7L*7yR-1!*pA0`%k-KQ`+1n?ZO*YRWUQ zGknE6RH=hrH!z?wO-;%AaZj7EY>Go1{+0e~dRB={G&qJ zZyp>1&t%5tHw7|>5TzZ6vhcz%jVMWsGXobx6*l$B?yzuJiE^^t^;CB%+W?(A8gmOld@0mp;ccQHJhMi_20 z_I?icA~9BuhysS6|I`8)d^~~2ak_KiSk8;xY~(E6X}+IT=&3h3#?iB))hjmg! z^Aht}md%y~b9|k!u6WpZaOdM_GSlXi%DTexv`Mf!Far zHyh$$v!Oh0?Xxk_KlRlxBAFSPZj9V`+*W{yuOK={CQ-3c;Zl)PNurEXgc4IQ@}M#4 zvBz%42IC=qKcK{PT3Vd*dqA=u!}{8Yo`a2*m_4a%gRlQ~zfQDq^vkLa>_8!shmOO| zh`8`#Y|r}(DjxYQ$zog{#W#Kkd;Zi(r=QaDHU0xfj?$kA&`kVrRFBv5{=0`2&{Aml zY^A(@VVPZI(RMkgs3}3iflq|CEAsn*P}wOr#65r z5ibZUZ&<@ZUA)K}p3VF?);Xsx`c1Z){w?X1Vd47%Be21E3&jK*rM|zfC#eS;E;}`6 zfSJ$x#h#yaKg=~)+6)5UC9kK(E@QY#T$9APJj&^*j#=4&a-8*Hnfxb|^u#TbPQqr? z$O|48(BNMWem@n_P+?M)qxC%Q69q^n*+uxqfnHW$UE|E6r7iQj3wOf0TYC~NeklgC z!zwOD4>}(QSRB4=7~72$TA46DY&?39yB2&tJSu#sjyv|T=7Sgv)P_Ly8Lj(BuV zHrriV1P(nx6%X6-cU0IPTY7k2DGm!kwPViqVj@mhu2_Rb`SdkV*4w%-kx*&FqNyd2X&-11ro_i8{cSOdLIK6^N7HEt7GDyYQ^ ztDh`n{-(vO;kBmJ&fKll5I&$<{{X27e>AI01v6CFtkb|PG0+~j29E`8pTmsSx~)OQ zP4$$D8-*H|rxJ9EvMcV^E{RE2Oq|vaoOt5G_5Gda`fVrm3|$c)CUy8r)HVv0EXfls zG$sYro{*0gfghKOXivQp*KjMf=CJkBwrs>|oU=b*&t&6scJ` z6D%kMe9lV{(-~l$r+QAoLjv^j(Qfr7Ykr{EEdBWkH8#;ml`uv;UaPrA@ZNY@>?S7+ z^|6Kv#&7b^b=-%xs#ACRnfa-`D;P|^*S-rsl<^K88_#nJ4EAwtUZ&lRa_hvT zw_N67 zCjbetUbf0kQ9E#gY4F~anta}z&yBuz)lP2jBG2L2hw^=_t4F#8G*uC8e3wLxrVNd} z^pd-q&WDlD+Ayq9G)#{qx}=Ijd7wXqypK8$u8a|@=(@|!d{jc|%>9H91 z!yFVd#(~O~iW;d|{eWfDRJx-Qeyn+{eXKj?&XEG`%sU?2!|Z;~Q9rKeeudSY;+EP6 zJ+zaPPv-C0s8o?JrHfIsF)fkP)l|b}Q+W}ud*V@k-XmHbR{bB=mQYNnw3ORqdD=@# z#|_XWVd(&!(~`^l2xLOCIytt97+1h&tCz&*u$V{iWe~c<{M0x#l3|YF_|b*)PU%^^$FV+QQGL;30Go7g?T3&5M7g2 z^U7ThS@(@QiaU>`^B(ceK?kka_BIaF>@DzAt9d-0!hJMbo_X}KC(g=WqS}^dZn8Ei z_~;y)!XdZNZ(@BIb%`~fII`|Mt6>`XQa`?E(r6jGdCn;~q6>QDgRyJJ9Q8SU19hSC z^tK}|rn`poPvRKt&G;YAzFsupv>G~fmsbeAnD;z7XsT{_vL%_$Bj_^wEFtdJV^S=+ zTXj(N+`djh?&654&3LQ#K8eNdvB6fTaGpCW%-9s31I-T4?C~@+*`YaYW%YQTEov^L zre0NMNtHJyBJ9J+vKi54ZF=CJNCsxyrs!3r)I?+fgO-BYz=m%=R>k%~C#k@s!}lRZ z*XiiKT};)*q2Q&&{jjXRc0sik0fu93# zD*V-~akPalcTO#@QSJ}&qGniJpFIj~dmnbbG2ql!dh5!&$LC@56XV9mu2&W(+i5ac zW~rww(^p!svdRj3pw0gPI6O6L9OQumE9~&m+0c&V$ztd@*LvPrxn_-tgLb3uCZ^6s zuJyF8^&z{po|o>gZ2_M^fuj*Bdv#Bbt#d-}XAcv0I=DlNB?C%yH7EIDU%sSM$kS>i;!*5@3Y!{3UL?!ZSE`q7jW> z+Aw|uNBMFa;_S~|mVS56JKB-xM+48Cr2N&>V~jH=Hc;W`w7L2r(D81q%)PO=nd$Y3 zKd!=mQz_|4Z>ZQ|cW<)JKIVLRk|<=f`ii29qi-A)Npq>VX8JD&H zXI=)aR)rJy{Fp(Y06M*jqVWzjJ@ugKecOxYZ8t*&Hb;p6*BYN50d2>&%nD30NNl@xE^F3EFf?}*R3dhCj^`h5^} zyVWV~{u?33==x`(KlAzu29CWOPLiDafx{U!7k@*)VcIOZ&%0u1-liP@!qEX8y*rbh zu@!?~mugT>hn2>)x_ZD*3>j+OY9;uv!6sSDtbmyn7K;5Zb3NcJ(|$PoBu&JwrApYm z_Br|Hq;ss!+qMFIfYUgOZ65p*(>5g3tDPIDze|1c+q$!K>$ls|%K2n17+CE@VksH? z#8&=9Yn8+H!+i8U<7=(m`?zxwczSj|0Mw7O-Wv6xM(aO6HUh7o$^2u#O^m~fdVsn6 zrn%ZL@47hK_6pWi%rOJ(Z_+QdaJIrTt+O#3P`e^E=YE^OuBaG=@#>T|eyJ85#Peg) zB?`MIt=>@fyZzOKlo7o-mq$lgRfS;*lu6DftnvF%XG2}f^?*Qv=TBC|uTWiU^||oJ z3&YRldd3b_`{G-RoIbZ z-%RUXYFd~t<|sVM3-k2wG4&Xj5GjME4ry)3EQq@SV=~>FF{JJgDs2|LxjBHN23@A|Hs0@8nE~ufu=GRNmuN$gXPxevqy~B4 z1e4t->a)^z(`4yw+$u$?Aq$Uz`QF)PjK-X_5A*k$dZ3GL5cjas@o(et$VN70x5hV= zzugYW1|qEz=d*J$u?oYf2MgA-4)!a?#V)6h7mhWQ{y9MYJ2?L#(ER4W4dal4V@gPR z-(qCioJ31^yPL=u<>%7up8aytgQqSq!N<&KCjjRFE`HUUKboYfvxucuM(;oIoW z9pD?`BW`Q_q#*9~RkjV7i@K3(|N73Uh7qa-{=ywx2}w_|u#OsLZ__a>5~%I@f;>Nz z+Bca4_D&WEP2(~i+Mf zo3G1-SBzl*I=*V7XV`tjBKetDl!FrfxYRLhx2-IdbfAdeur0>G5W8W4(q@u-{=Q=I z!(e3bmp#pi_n)53Y}ES;JO&Z7jr4NDid?~myX^F+n7JdS$kP#T2Ix!-{NazvOM1Z0 zK0GCV>-6%@RDq*M{pGKu+HJu`F?U#t<6y`oO4IzkZRvGn+IwtWV3lwKn{Sm~X4zC- zTzuf=@n)Tm?rjKMiVO`n&+F5{-KfaApxbQOFI&A9uU<$=95dUS!JG#Ma&x^PL~L@ z5&tHp_+zHm$SYjTZOS44=ANF9lG#KSNI(30+`fYzI%rT^H+FIqi*-tsOFifCBq0U+)(SWf`m%dD6wj`dmD zP|IG7S3C8csie$i4E7-R*_VgpHMA~-52u)I+sILq8bj#?p>2C-9FEw!Wvgnl!T`Ef zIdl{%^7X6~K;_E-_Qg;1I+gsRjBB-801h0PsDPailVo#M1$gEbb(MwtAUQD5o+ z^3y`rRvY9DqB1qt_kVo;cwumtQYUSgl8$BBRQ*b^oy+UVm%(yqu&!2viO*#5S4_tj z_A0F|RE&XhWm;=%y=&Em5nS&`n_)FrzcobAn&=Qn^o`#GN5Q0m$2w@gsoT6T70g=J zp^VE!27wiQ8TZTj=W8{oZ_1y)Tqp!c3?cspLp?ZSY(yA1+x^lAt>4>#>k!KZ>iYb| z%77zQVFC0Ce)0haB}~#@eL&^1nLC76awUeoQg_Sv|Nfb<@DBkDc7xY-q;WB1a9ru1 zV)1`EM6DOLaF!O$GD+TTzYp$&3|xA$1XH0s1%-dM??GD(nkD=C$c;LJ*o#;cR}TEX{2$UclV@0}up*RRRu&ia&sV!{c~-c69U?O|F0jj7e0h6lE*bL~ma zz-8obsEW!RI|Og=I#Eln14VCbAWuUAFU<^E0vjMxg7NzjE6F!YSSAUO%A2OeKtO7XSPHMjj} z*12Oug%}(z{Wdu%DXEUH(bQZd?Gk!&hbg;S|0cl~{GC;RA`5;8tV711muS^|9L*|3 z24s2o{#-k;Z{b|uz0@Cfn%Z=TjP3KeOvwK21S^S(x%bQjnD(THU%_RaU+2Ux z59cmt(Y(SO?uLXq`wdPp->j`3eBsqE!)Vk2WXdeP``+p1SC>0gUmf6OzK0uz6;&w5 zC^7hMuIuxk$Pe!0I9C4jPzPYYTCTE6d9vEJd{nexouw&pWd0nO*qAh+Dy~dd-K$Je z-)6VO*9G!$-t@EVP5+}EU#ITk#3U89W9Zije42tP;Mvv+WgE4iC=dv#&+c}AYWQHP zWIY%|Sh0&bMjE2|-`k?Ty3-kM<020X{D1L{rDtVreB1`Yd8--ju*|n_pBWbG)`OsK zowjW|oO~!CI}X(L^g@pi@KS@%2^F3i7B`q>rku&+$o}h3sU8UoaE%f-s6^3wX z4}>`&nC`iD-Y>1J0>YV)*tHOSMyQzWsg(F^Cm4dJB_>jwG&;0gd4~{QXZX3b*tz%_ zRjD%<$D*(>m%r~kcjdh$AJpVBQ}fyWS)I^D=vI5wlrbi|@seezJoE60&hLwr?6%Ay z?HFPId|jJZVM-d+zgTrB6Bh!L7Fu!d+<9?R33Y%SZAG-dfAsnJO&wNTwD)C>GuLV6 z{=Dq6ni5Xch>7xKH9(g6%ZhWQ5%?7OBi9t)y+_|Ej z78#Nqh-`3@feO?I?grN?x61@XEMB~S9PYw#5+4~HlQzHHBAN-yBAY%PdHtODaxWRR zw|jYVG20Z%sWny;U=D<3kD)XD|xe+z-#?+l;wOoze8@uNN7aP2gPMJTi5W zn0Ytk9F) zyN};RjE~nt{ed$%quTF#1l^E496S!-TCain$1_PhDEsq6%ZY}+evqocw)YFMZ=7Gr z{gEuVe%()jso-qHO5kEA+dWsgy8>KuzFm0k2|9nJPAa2a@u2oIll%`GZsMRN7X0$B zCGIRXDtvsP$he9t6L`2m14OsJ137t+9wr%|`?sVV(FIM%PhTLK6YGH4RkgMVTUeN) zydpCqK0q>E{88E`j)zok8gIC?Gblz@WiEj4o7)gBK>#j{QOxP4w9nQp?BS*f{-x%N z0*IN2Xm1=Nof13!Tka()2&{;6d)U(F)*l$-E4oCHLsx(fsk-Ry4MvO=DjC=)t#AqB zr=U%+;$WFFwZ;ya+NEz5GTRW^WlMQJ8Kdfg7-B~b?f$~8#Cew>cVxP?pPwMlFk(9& zJq2FiB|lu-XgvBlWpG?TBCwVZFSrWiNpn)z2*q8Fe6PbS7mgkEfn!iA$I=&AOR(zD z7xD2wY&R~>z+`^-ZBSUrka(=#zt39f4zmG7z>bCS3yN&D{H-sE+>UF*V;Py2{O z78nou&g-S#qEtw`yzjsUo648I5LJuL?ci)US8KGzoHM#t@U>u0pc9n(M5&GGi2V z($YCdtJes=bOci>;@-fCn|aoYWOW2aT}#KWp20;-&2-bWb<-*ce&YOr1VZG~+6a7V zrW||{bZS`oSMV>A&WWJ}zulQmy{`1PlY>-$nQ06(+r0$BQJFSC9#LMP)#42~PpgsK z<_yyo^-l0uQY}o894u_8PR4)utyFdP$qp>wbh|N%O(pU^E13{MOQmV`osZUOP|gPK zCuR?bgf$;!l9^#sySVH}&l@iX3>r#IAn5q{ihJb)zPn14dQKgIdG`#3s zbMQq$kgnGEB6|;FB$L#Wp$x+fjctv@6gizRlwC2d*Np4U zz6@4wio_1!D8V~9D2747U(dXOOo25Sgj>Hk|;82RO2-GE<#NMyyeUwD&y zOlFaGak#_Ng30#olpoxHUlHY7T%i+fPR`tZHEsHwWhHcuTp+Cy8ef7MT1bwNhOj86 zgr4N^Y1D9prFY%OZ~A%bQ4-lSAGFZLE+5?h6su8hTsx$c4Z7~Uqj=TVj8M|y&$K?$;t=S5aSI%`Cv^1YnO2S1%qP*t(8ABnd>UDSaxTRJX|$ZS>EemRgUtB= zAbj;9c{#|D7a|$<+(vO|O|V)s*w!NKb1Y5bn?E9zv2y2mRo%p_Uosp-!~PEb6oacL zeD$m&K&Ie_wtr)FeBp~ws*%8n0Bb^wef3+u!44!x|A`$xE`RflKH_)4n9R$fhUSqv zAqRpAPlS8li;Wv`;~UXCyDFn$qDamrVo3{tOUNG2ION7n)kHn~$WoxES6P=*6HWWhZUAZz z`!?a*=DWM#_UG64JV`^Y!@{LH1xxa7D0Rv%r0U@HQ8k}1BBk6Es}?w&PV)g~%s&X7 z0)~W>da}aR1OYV%&o>yCG?@5`wT*=m>uf&9xc5Jv?V7HZ;6EP}$S=RT356+CNTA}%hq9DUD6`dwSgWrL0jN? z>oOwmh%ko*)GdL*GLMsJB5hYM^P8=&{Zw^!it-nKmQ)9ip0GJ?PzSedpvr8lA&C|e z&XYSacOw6(1t`B}oeXKYt(RGAH-*;2-Uu()#gv&Od`R7#A*C5p_-4P8Q&6|OoNg@; zBkGnaf_4{?8~146f@vN(#0YyAEx#W3=$s&WNqS(a9*+A1Pa z)PDFDHC&t!cc2Y^+`2nAwzNkwBBAA$>ZMabox;2tD7dor4@-)VCXAhhj+ntf(C8xDk!}r`rwv=>@ zY`TD{E^65$tguT@#Kf?NSN|UGBOxIlAeyco0$3fJvhyt6X>(}k?c}XncmI7wyt?Rs zzm(8|M_bXlp}7{V4MQWn#+77TR)KQ6`y(r>BfwY4*=1yJ%8HaIosU@EIz&qOXJNit zyZ9RhY@1uS$tH5bB|1Xzc{ZE7ED!&(=b%KBXUv=>JUzJ`} z3@N`a!I4D&`ZD}~{6H`Ve0}bJ`~0i51pC7be8}IQlxXyKescQ!F?@pAM7z+nv26| zcbo>aUxtXirm$YNwAj{sbM4w6(Ggk0JBgaTK(Ehu_4*sePyG`$c z|7!LJzr7#70B%j=%s%BN-wO#S466jiDf`hmP_kdM?TID6D#g#2vGbC9a_0eH?b9TX zuZs#Wsj^~XvquxL1W^FG+D|ix4VA?N$xqUVT1O|7=@UYm%6Fva1(5fXcGxfwXF&dYf zQm#@7p8?jz{2rah_hFFdK7wDcA@j7=n_n5uW?UkH2o7AF$|m=})t?>k>xUw`JQ zPx2Yf0hme@c=iV=)wh+_Lg?x+3w)c1HRfm;26F!Zg)N15d-xh4P$9eYdo4w$pcjdhU^==Sy|uvpt1J(dmuJGCe==gGGoXP_rS1{7R3 z0OU;qN@Y9Y45GwR{rAeZB;6iWrynTZnpF%u+MNs4%&f!H2M6%}8U^kG*A8|7Ausf( z3o+X0x_FJL_FYQ3#&Gjm-s?LVkRdzOHiR)?vB*FvO9J*@aYF3TKF3=#qI}jJXDJO3 zdcczm|H5uor88>P3_@DEQGnv#yA`|!_7`W&ca5wT4e2{C&v)7HE_oVvjRM!_h(Uo? zKIJU@Fi0+-VaR>IdYi=J9RAMqghv+K1vmVG`9yH-vCEZf8+Ly z@$acev|2z^&46`z@KXRi{N5uiXxJa`*fz%4_}N-~Xi<2U*(+1)Pg zN6G2S5QTRSCKdTblBsU~D3tTY6F_qFT5FIXw7;=O^NG*;VBjXI)5@IY4Y^&ZpbS=5 zOp0)BewP?v9k5>bCr_bXN=Y6|at}{A(TuojY4%wf$4n3;A20~vAo0?Mz2&pOdji=< z&>|u%G&C){UV)96W3@IS`2rV#cu0H)Ox$E&-|Zc)#~&IlK{1oci+aUpoRMC=1Za>G)%os%zwrl_Fc%o?W>;|lZe z+Vze;WrG2t11d&H(2JH>`lSVM#TnjNAV^xPD3){yg-7EuMu~RVY=$#%vmJR44HRZt zxsQg3hxLS##NFh#*^cVm!4}><_7(B5wpn6IbSf=58ehO@b zQ&`Kkr^&!Ii(K~gy5WlgJMZygz&Xksy;-H1a$^yq`@@DiBF)OZx;H=65OFfl_DDd; z>L5-^E$}G|5cdzT6UO50XE*%H42<+BNoJXF%cXevZ05g|yZ!_)!$~T7=e9ng^1Y9_ zblZHN2VaMKkW-#3BUE+FI|IlNZe(}Q?sUPeGpBn;6uz_VGu16 zml-Dv@S*YB1e^tABYaSfK}t8pR;lztR~-BlqOHE*W<7Dv!-8cG!zWBL4-wZc2;A&W zuQlO3e?X^5*t8G-pOEr|@C6Z??=hX@6clve#Y0-VOJK>Ij{!eOSy>?R$`^3qw$^B> z;;tLBDru&`9?2#!Ot?#IMQz8R>EI2YC@bS3ZWv;QkDu&Mo<&c1VL11x7c2MqliMY9 zl3KLPQ=A$DB8`f&mHBb8lW-9;m7hg5bLS7bw1$BTk?czfQse_L=UZ|VR&JjzIs6*Eei+3OTTPb!O9?1Xfi zXQqd&MSAxm3f_*$g?zd$5f0cqwXQxE83d=JT$1zZ71Q!FF}dvp|$> z227KibuZ~XYeb@1eo3aP$NI_N*xBbXa`y zgp6~}>h?(P6@TeY8VdR5X*_Q$EAxuL^Q8lm%ae-~C`4lEbDPbu`=VQ@hn)Mn-7ec% zrDvX^(T=2^FE3K+EE@l{vGjKtZKY)Jja2LL?;p1%Cu{5nuk|5l+QPY1h=1Wj@pjyp z6T@1l5Z?cLAYShK(T@xUJi~^FrY{9{LqxLh?1mxM1-%kU8oaFsxRzYH90SZ z--q`z5u@3RU}80iSzcE(SP>e;itH$w&gQUk`u}W1~39gy4QtPmFjHWU8DdMfTKo0cZG@Ggg_YJBmydOVXs9`SPun z>>oNwqHx=bWo3gEfy|;ADRpBWPo8>(T=8X3>*`}}M4SjDd_tvpsCT}wMho-}&1)#M zUVLdDAVU6DAq?sIYd^*V=i@<`!!@mQkr78OmnG)+i?I^+p4Z)Nhm${RD$uL5^17vP z*oWm>j5rJ|Wu_m+*vE_JQn(#7%sqciUo$jyAh^%A9X#X*F>w^MuX)CQO!6V)53Xf2 zhcLlSQ33T7 z^Au6t#kz5a{f0iI8#IKLCJ650KB~UWXXbl0sC9-<(m#Zkg45Kur73uZBf-5d@`QG0 zj^*)#fwd*;8Xd|@1MzB{kE4R$)LM?7DWcIfnGh~p{8wzoZ;7Tg2Hl>d&*{*=2pTy# zz+qLRw;(mu(Yk>*-q)Rf$@iG#{`+^)xH9}tm0cK_oBk|6@6LV zQKyp+UE|)xicqm?1=bdI;OwH`+R5WAfTsNDYkxi2e%S&SGmR`#RU9Wp<=Hnjsd`r{ z%qz;#lud-6BN+(^$q%U$MFYj#$5O|({(+_|c(BY(4vfm>2_>Xj>sUfD+ktpL)4BGv zf=aXok*N?wbn~;U7Nutb%Z&mS_%FWqx;x4DF1jPc6XQs{>;=Yj2ecAXPSO$g6c!%c z_)speAGve};js4>EmCw@Q5mp%vgJp}zJhc5rO1I6l5zT09yBEQ1TuA4lKa~@FNR!m zf+ybazT;i3xfB%UTPMQ#FN+2N5$wSLKED1>lBfO5DT+5ADVZ0E*J zzCVbK`vak3&!F!+ywO)J5Cz37e3(CMWRKCcO<3TRbn8c?ObF7Ss7uq0 zArb#T^VjPTE02B-N>+4Z(2AV^bUEa^#Wzt~94Pcnyqwayig}0lw!0P!PUAtCu-yW5 zEoY-BXrn-|OTvaM1z#7Ze2w>1i4$i5Qqi24;?9{f#MH&;J(k7?UCt>!kL7-Jvy0S7 zYi9VQuC(nmCWP9yN3=DHdr5QXcUVDpjP!U;OS6pthla+b6!}^Xjcs2o;=+9~jS$w~ zqU~M4Lg>ask^Dz!WZYn|c|^~qe-EFynf#SC_VIn}cSx{OcS?(a|Iqasqp)`t$!T-T z7uvWleh1mgJFJEPf!QkOh@PSo)}2JbhHX5j!y`A5X2_FpKeJiqYyS|=kC7nV(`)HB zLubDPr!o5em%{W#WPzgSH(bG;+8-QpGp>q^k95R8-L<}!MGjs5tbo9M^%uIx?y_1N z3gJ{jr^FHV+4XAi&{~)u(J10*uu}7GH)gQjPzJJ1{~ zM~)HLy=R87&?6C_kTot>`SE54o}XQR!!(9GyYIS_?jJoUC4c#R*OR-Xj&u@*&b*%kfl4;_J;hQi?AQ!yu1$Q5}B2mn&%n z#$%ETU1~MfI5FLbkOvaMd7%?JGGSwd7@YV;pzQK%@b)?Psa= z3(c8k;&(;b=$a$wa==a|l9k)0-x8~K{;x^kAAOQVCylH}Hz}_DQX^#eK-q+Ep#dR$ zidSyiuSVwf?JYVUkKOOD+=v1Q(GdZ3Ke5ojpMFHjOoQYa1Ocf)m>{UMY55eR($DN< zi#TBY%J}ynO?Qdb)MFub#FL}62x0`GpK2iFc^7HgwzgT}1fCuKbNlo~K60c8b6r%; zQ!ckuX&ib4xyaB{6OaZzL3;Ikxgvm3&RL$GfQDjW3V zk}cL12##iL_Hp8~qPZX}qsbW_OjCvu+qN(R8*+$k2c#A;43XH#HB8q+{hUvNBnbB{&MD;Q@@HXE*a>3^VIrPa;YoK!Vc}zLJRuE*r|b~o zX?)2iIU{JR1nTol{np?_3LK_-Bpg&q3ihm{Sw zn?@(WHkM|4DeF`vyk<6KBv|#lTgqOQ+E=8UJ{@G#WA@@>uBDB6v45v zyHT{PK@BBXt2PoCjK_u6;5O)UQIIO85JW)qzA>@#+2i6`JtYdxdsfM=bpt~D4i6uX zsrCa09fb1byuB@W;Sniyg4~Z{`HVL3g>Vd}xkO28HDBAmkc%bIr&QE9UBg?&5jUW9 z5r7hir{cq;q6)RloYETbMEZMl5^v&sL3>mo7%J^^AR1;q8B*$VrWeVceSP@2Xn6!J zgoq-oCw&vg<~G+(ms$_ut%n9H4lg7S(4II?#N5Q^Acz+(V>GcRVV{xl?OL$MD`c8k zj;1EV&BD2cN?}j!xkBcd(L5ZSd9-3Tlrdsg`}^&W(;8OCS@x9E zm#5jM348e!vX@OR7@H2+%V@qmE=DJ-Hu>dqj^HQc@dM$Q8T15fnAJ z+)=*~c?hyuGRg0%3SgPVCB(UdP-ay#N7La^l}PyRDnoc&bhTbSQI%7ioIk>mLL~6% zfwtQ8Qv`mdt>ettZ<~JqI>A6P$!p*8-qz_oY1l2b5W$TWUezZQN|L7nT1&DX>ZJbu zjsoJd!e^#7N)KPr(MKshSb0drniSwjw^xv$DEH0WTqLy`QYl0Wk**P2$8*uz=7%Bd zRybYokhnuQo{s%SvsU{06t>!GmS*nSr{!q!N?Umx_S(UWJ6!_aAI=0dwMc632?g6` z8a}$680RM<&k@Hq8gJ?zN=fwNe&{XmmU>2Z;NUe2QtaQn+hZ{tbAjg))^0|TCDM^; z*sR~#CO)v6Z}*JIgzst>F3tRaqk z8AJ#CaX^JWeyS+<1T(?3sFVt-ArC!Fzr+Mj&*X*h{}WM*&i^pEZL z>W<(~F@d{rAAU!uzWz8H&qT5`EqIam-D}Wxo<8*dQ1+E!QElztGed`TH`3A|NHdB` zhoH1{N`oTJptLkd!=M6+(jd|xDUE~Djes;r_q)b(&hwn}{Lh#7(#tP1v-ftdweEYZ z`xo~T-tMcyW6VjJa^I%~i%>mHKqIvOK5+ijaj{!e{L+r=T=L|wcUw@$L~cWQH}*7c zd89@}{-0~*cPV%mKjBxx>5tlvcLI?=2m1#C8qMUHoyTMxf1)G>Xls3YQ$@AqW@+pQ zN&45$o;^z~s4g%X*>-+O--@zPUm*KnPAi*>VRx ziApawugkARZetUv-oC}19(}8+_qs(sZ#j=s#86TM3tlu@74EK0oEs>;{|`#?CtxgF z!U7mmJd2kARQem1_-Bv+7*o=v-fz6;FQ^BAK4^diU`*N-Hn_-=mP&`jQs%|iSEuH4{6F@0n{ua zoqRQ(CE&spnkD@-6u3AE7Cx*KuLq>7_F_QQQXK`Ik4Diz#UW4~Khg&Vw_eLxPg_8d zj~s-fF`M?0L#g}?507iR}MbPHEUe?(H z2%4<`vw2`qC}9hVr)5z97NB&XwkC@OytwToamSfPSs4Ih?VKc>L{Re^QlMP`ysogM z&=ebfyrz~ZAzXDn7sgD4#-8r+*>?itt9hE2xkJ%`={WS_j<~0X8-kt!PIEMFP%k-P ztafK)F}Z7B5G?Mm`lKnK)*XVwa*l1fda+$&JTHwV7GbJ@O|5lo^sYQg4^66vjaQMC;5B5raLvvB|b4!(cz;i?jj z4Dc_s`3a1EF_Yn+0TD46IN{#ONui`ofYhRK08qjX0q6t^tQkNzVW0#T3gEgMlTSt- zz5+g7Um+sh^1uyC#szpBy#h{h=D@{eXA+8m9Sm*}3cQyUw?iTMKwup)bGS7lpMB%e zw|9eePq%~sG^4K}E=>*}0|3qT>CC0vEv@lXdc9fBML^5sApAJOF7g)_fJsK;*5};z z7t~=)vOdAKNdKzQCrH0v%8r7oQo26q7lAMM0*g(=(lY)IxE*qF%NElh;GZo2}(|B2;Arc>M#S%U(=60X#c%q!+h zRpxMvPMzbin$A%)FE4u{Pc;Si18ol)jg095Xq7+4`+o&(Wh>$+!oPe()LX%+tf7=p zW1hNL$FG3=7KSFaJbU)+h;b|kK8#6BzK1E5(3OUj&@7lUdWZVqeZmCT9wG#yvC2U} zMnb@yD{G|)`g~r0CeAWzdU-OE+NX@oyZm_d8;=YCE6a%B{Bb*AQpXI&ixeClFC$|i z2d~1Iu63tk(iH>j(}b8km#@1Y|42ClbPfGHSZ3Kt#>xY~!K|cG_a&gOgKiryINwA> z05G!XSp|D~-3i0dP;Tc1govCyOW5+ROe_tCXaR8+`h6Ysxdf1#3pR@eS#)FF=Twq% zo~#CYu@STpm@r$Kqe=4JeB#QqqoI=ZNz3{)1%yRE>s_s7 z;401sXse&E1+Ip|$?Am>citxs ztjl)Gz#?JF_9LfTO@e?{fKCtpWorHr=(A;&#&eYuQ#lM!OlfeDW=7iF^#Wy1mgQ1R zK}d`&@7Nm(C8fKZFjU!XM-av457%WQ5Y})#78)&40_C6pzJ(sSOe<>l%)EduBCOi7 zPEH{qYQOvd$jE3@;swSpJC9Y2**G7BbLuX6u$6&+4zt1Fm|Mn+?(6j39<`B4i2i z5YD|ZE5*WJD)n8tgEx*zsAr$=POrXB3aEagGwt7K6#$jHujDh#V&9i8w$PXe7bW}# zW4c;Se;kwN3Qgkkt^=NQxT_Gv#3z?nGeV^0oBkx1Uqvr^G!?)d_9A2P{1i+-1KfU$ybhDeU%<6^mL zQ|E|$j4cPHFk7;OaxR`8%D4IpXs*nOb`@V*{vzO%RydB8A4zWD^@x0I?*1K=5x>yv zIwl-_*gI&UDOEzko$khhOwHtL!sBI@ipGW#-@Vt0K6RA6Za|pyznN-N07Lt4oDErr zxTL5-(72aZz%A0?(aS|mQbdBkRFJ>b8Fb17cr<&-jgYb7 z^_rQymYkwimA_(dPVZD=(iY-zvw9BwV!o^hnld5E5af(U2%9^iPVMlvdR4B;vw>N? zBMY;G9YegD@03#(h;G#Q0F2~zvy%Ul)o*wJosS;8ZmOiRWce)8fK+iFQknOVXCcu# zLZ?u8;qEYpDhj1|K*up5!dq^C91{qNX-RS%P+jO$+wtQCbag_lBgHaG5+QO^dtTkK zAS~*8q5kXC#`yRQCy(xV>sW1zOvvN+iPkX@(3vs{5d?)+w-?~p{Ok6@_DTY*5%HJ< zZ}6k*TuZ8x!6)Y_T(vG0%z*g#v3K|0;7SC!;jMEh;n-oiYU8NR!KUs;(U6Mrd9d=t zk&mVtxd02y1@}h2p>Ys}Qx}y0%X%wz5#s{l0VdcB)i!s=v@E|RFDh}=5~fxcyL!)r zMPnzt4nUgiQOY7*px$9M47;IMWca`__TDOl5H(V%=in?~ah0kqIM2NztuRTMfrnWF zkDbHg26O@Q5jmmk)DfV-s3G->Q`V<}*{GrtejN5JYGl2!s4}*SL~&ecl131~2~A%y zKL)k-vK8|?Z9;Wur9}cma{qk?Q~^qoIaWNn2wKj>L_$<9=pB7cfZV7+JFnW5Q;V=- zat-*oGQ6VddB^*Ug|a>I|7V`~-@JulJ{#$qEALqgWj^~E3%iO2_UVIj zYkU)6P=f?99&3pNF?=C)m}J8zzYp*lZ*_~H}XQeG@9Vb}} z+ULEl(is3$0JchX*9sY>?nB6EW$ZQDjBg6k&?bAA`zLrm`lb@E*WvJOSm0UqtEx`J z+*b&8FmqwblF04a+IqMje}#MHug=QWeJ_zmeQ_g0%tky*;rGCIx0M2a94|^+8!D6R%+l zRWo2f4p%=GSf-|+pm4xY{plW1C70|tRbi_+8A#5JE+AA#@s(1LsCe3uZM-5%4zt$O z>dyc>W6UB1ygyIfs&HxZ67X0nY}Ae4i}Q-8cd6yMAihrOqfEw$l&~I`@9|k%FCu9C3+|Vc^!2Cdw5Fuw*X>T(F&pwV^HU3dg z{y`79f57Ow|2>sQ`LywoH9;4sXA_oIwM&R$c=J8JWvB&&?lynH6Lti2gcQc(F`O%tXA~ICLtUC1dLB$<>>o}*cEcleqvtys^GioC!v8y{omVT^ooXAdov%9 zBnwQ@Y}$<)&3dNqdHs<4qRj5G00UnBILtXO59ra)T~~=@nits?|6CZA$7pff_y0Q;`QBk?y7Y{0rO`< z7C*kZJ_za9sk<~9EmjSD!1b->jji2KfWF~*zS%X91oHZ7+S zbFaB&xw({-?-#zuBcbxfL+nfr6K-C1-#wM8H&3YMOfLrZ=Vk)Dbb?cp9=#;STNs7*nj1GZnEQh;OjJ4t?5YYUz_LCNrMq{J~y5}7t_+{>b&NupfJ(0@cq#f zp6*J%5AqCeHE&E$a#lK?esXY_n&zL>ed~K~BB(m$vMRuCvM|tY!d%}@S7OP^{bJ~8 z3IF@10Q0ledx3NNNv37mJ+A8JjQsePGgU%&KN9qut_VKr*zLKtrPiiLpxpF5E!V|H zOXO5<%gYYC+0 zH(;g{V%Hq7&Alg!Y?9kFGnjC`lVmM@nd?_UIMipVx+15nsLpEmo7x*Pe5hpkE zW8RkX#f(;eOWV%1pSx@xdSUzYOuU6ppI`>ps9tg^)jGGvw49`L<~w*6iwa5)OgZdTpMG_l{#P-PJLXs>x3H75K4zsUNS}4EOV$ zeKIW4DC;dh*=@pKxGAYaa4O>Rd3-dxfLJg>xW;yGFZH8pMrdp**@A>+$FEVr?l;EW zZ!hwC#HoiHWYh%f1I*3&xMVAZqUhysBrE#b`!--Vw95N`x|Oz=6>;>4b>-6^1s78; zmi@oee$R`7bFIXu$Ii2HZ-)_P(U?D|pu)ISN7ULf`zo>DN8H{ZZf{s>s&!owYi^U2 z_zq;ORQXcKd$mRAtT?P?K(ImVx{DZhpnjMB7m|G()7tpI=SCC|%%@*=8<^$5sv15pP^c*A164&pS zD*zav!lnp!$cB$MYUtf|!PS+}=o21KZ;jscSZ=2{%>h5IO#* zu>|sGUzrzBtq#M^1PWoAG3Oh)5(03IVpgNd!V7k8JQ|KS6_56b+-j_H)>2PxLU}I- zxho&tV6Q5$EfEgsl%|R~{n;|`!J=X2c!qMJ$;y+6PDJ=VuS|bqC7|%*S~91SKl;8& zmHvr=W{%(K=$^S>_q8n$O3%7MjM4smR(Ns%E%p*~ksK9x5cD$*gxV-?oHIE)h+Bs}nX;g=2j$=NqsY3PvsdAPE!NG8pHLrNsQpk*l z+{W6l=nBG=xsOe&&jwuK;8GWHwstKUZHQIwxjS%72{SU zGALeH^keBJfc6-L?EHSpoB7dP&Q5C0)!NK)QR@*u$6t{2oXkvZS5AX#L#~Z{E1qBz zAfNnrDr-Kx{;b7Q?Zw8chncF<+?T(2*TQ_aGH4HN&$|X3lE#qo<(DhHi?4hKd|$ww zdTkm4J%e-k{8ckR$8`D=A{y$`Zyye4$_>MW;GEcSX^S-&&+pjw|TE?`*B8iTR3 z$Y4gRdR6Z|D!=y^4YGvJ^sh>xEp=Qi*WZ+x7rM7lj#Ty|WaW3pOv^Q!+)Pz}zq6Xj z{)dX8>KVwWo_>vt#_K-Q&&148Nm#FbF;Cn9!iK8`83ha?=C%VSw4&5wO&(tcyUaU! zt%WT;b`q|bFXVH*0Ng`1-UNrSfkY{Z0I9g7UC;-aeyR5%sM1C#r#t0Ai4i@bnY<#IY#5dW$DcJTuktLYu72Nr1lFQeJPr-lXb@qlM z%2=s8JB3jy7MEAgIilxcTKALhb=9t6mv3BWX9j{D<7 zI!8JdEo*F=XK`91Gu5=q;g<_sfkxAZ9oL*%zA=R3EJ8Pfs#8sLv$eEj)`*syO-q+`(O<(6v56LCf)^%p=!4V*$`(+k&?o#qd%O=pd zy5K>o$P+gj5kKu->_Z@-yR zv2%!iEc{hm)7Y*TQ-Ut60F6OG1+mik-^C1pA6R%)H^iNUgKAg}OJwdro)(&x}e4`_LeZ-yQ zSd85sv<`k4@PB2tI9$(akIo;cJo<%cr2Mh>{zky8TBTxp z%-itbNCTzu_Zx9qrH>qb4tqQ{ewOSRuMU_H4exKg5jj=p^*L;i-waea;4veYsP&mT zI1)5?2iGl^o1kE-JL^7iQ=S)?x*J0GY05xi^F}5W`?-_(x%JDZi{GQ0+|m29TS2+? zj}Oqb?*bR?=D~HQ+_3?)SmG@35uj0H|9xA16qi)^b^3f$u={G!OwQ9YBK>5Rl?Qq^ zV$71%`YRfK2*h1ck}?~-gli|K0(%+@+ILn=~qV}D!fx7(H9mGm+D@l2H z-o$*ePk#{6v#Y_D;l93(t2wr?=Mq<`Q9}}IZ5tGd=+xZ^rQ)YIB4b|^9m~vYvRdh= zMmqE+_rkRgR@gm~77>cEX{4N*4=Hph9Qhd&s5;Eef^&6R126MU($44nSbjBsCJtQ@ zO$n3q&})~y$DCaza|<;?(Q%j_+1GL&;)dy%u+xod6tykpb~M`B&I&B@qKkWM*efFN zLFPc={5^VGM}U>U1au+mQ*}2Q5u7@T0D6!c0a^m)&dU-|p!%y=-#E+4(@Z4M{p+KF zMEY9b<=4Jf7J12}$uKV7>Cs<>h}6p?x9`>v#i`E}T zR>>-ub^J4lCx1vFCEptM^}n)AA)OnZsB0IunK(;)@gZ#di7!Rg<@seHnRCIkut3OZ zPtT*ytpL+kZpMa(zh+KFsh|J$JCz zd-;B2{^EUQUg3pMz{u2~%;vy&jyZDFq#sLwm|jluY&}KHvT99?G9#>tF|_@p?lB`} zMHqQzZxPaQgfqkmr}0;s)F?snLEJrKU2of~jX);#3XTHQ-VW*ko;PUGj$DcwHqWKz z&Lvvp^OwGeT86zyzu?Zh2Xzk9Jjc}x0kPk8Mt~~)SEVGY$ig$Y`}mOhTx8^D$$-@}B3d~~ffZ@n{`W#)^MR`t zxLb$aq4QD+ zYC&{85dFblQ;Q0%CH!44Lx1pJnbmLB#J_zRD2)I2%IG-%AE@jfSNWS*>mSee7c~FJ zv;1dV(0h>o=)V5(kblxR{(7MQXzald|LuYPF4IDzXaDE&XjvB;&qIIk&o85=$3NdT z`pSP^;O{RMSS=8+tbpS3z21NQ)I=-pI(1~S?Z3QzFd_M(q83?X=kP)gotaDQIrgR8AHvDfunX*n|QhcrYp3-C$5Y3`66N zQFLP0915oYB!ovNKNz%c3IoO15MUqE=^=OW^Gzuz zehUR&oRtD#Z5v>O9b4$OoTZ>Zvwd;8)j0sy714gWIY~Q_^T!kYcTJ-g)(TJDp5W;r z_48bK|C{GFNElpxX4m}4V(Y@y;@j)(;|0M^YKG2?Dbut1%Mnfn|FzcC^E4N6`)9eJ zV22N|T0-DMOt8DuNASBEb+IgeDcPGU42}pWj=eSD&Lj;)S=*pv-fb4pn(~ttV0o;0 z13jPuQqI2xv_1JKwBv$Yi;5DI z(3ljvq)7F#T20p}M-$Lq^6JGne|>!?I7=BZ2!w#4r<-+xoA=Pb(vdf?GnfMntYWkt zgGZYKwjSm{PeS_IJ^Ei)&*Cjq>YbDRu*FSzANON&)=X}h%h=}{58XeVescwlqh33r zekD(;qmM!tPteGp9V%BjRr;y3#N(e@G8X_74$g3{?V7?= z&Jc6>Epr6WDV1TBBP|-iF2M+WCl-__4O`Rze+K!nFV4l-uQ3&^A{J_>*w% zZA{##KVHf(2O}>0fmfug z4snR3-eXD1xc(_R(?^-cm9h*jlAA8YQb$Rk(;Rnr&uq2;J0mb?8EtY2{LLZ&@~&IJ z51_{yBarb|u2t%cG zd3ISp35HF{B8jv5T>l6#pZWv$D3ngdia%)(B$OZi1k0?|67(Z0QLu_CHmKlq9IxbA z7j$Gcc=Lie(MA9- zIylWk_I~xhJwXw*S13uVN2TSwt>Ch6d`;Nhb4v@t3yct~#{r=Idi~#GEP?WFXf8wp zzWhr0gUZy?N_OUkd|QdV{xD(kmwW@5%0U@usYWi~30yBUX^@IymY4et?{55`2!~E8 zOIMVk8TMTd%dZnp)p5(i4GT0Sj^?v*^)zh@rb@1@=45?SefaOc#8QT)aabp!_kj$P zdyW#?9(G-bJrvPg1#3lX5V2h3^0G~Qw$op6@V_tQ4^HdbD}bgRACk+H0pP9b_03lb z=yf?av}{U%V^d6k)5%AK!_0?^qbJ8Ccm8t$SDTy#t9Z#K{`ZjtJ*I!!D*UA-US?--G_d|1JpX6c!; z-0+X=@INHn{}Yx%a+mqo`SFr$%z0QSSkil!F%^fHa$)~AN+1*7M4{mJ&+=;enU?*a z|FQw#XP4b#v8Mu$oKB$T@!5_l2LIn5*BeJ!6?n()54ku5S-nel`Jh96cm`02)m3)vb=m!>M zd;)cT8chI-6^vN{?cn+&Y7&k7#A zE~(;9hQB51m|e-r(&h6<=zy^hE6;R#JBwGhkXsk6a&9FMtk=3v1@o*24teG)s62Df z&vg#?qr7nP16uP)GcuN?mA6PD(6A2=c#B9_XM%>P)B^*Ge~I49JnzkbD3pBYH&*+^ zAyv#l*9&ken!eT~&UdEvX50|$M*=;6ie#Y5=}oAm%2{U=EqSLs0OGuF3N8`t40K$L zK1Z8DVOF4M0Ey#5_4&J!Yvbkai{0qZxqUFe(bp(%O;HD`ff75{g8@aLA=z5o%THZU|LxDRH` z72u=9zq2T94LuAcq$N8!++yBry1YPBf(9#W2XH-9x>e@SfCxSesPvPKZp@Z}WJ+4k zg1Cd$Iz9wDK+WrBSKcKcNa8j?>p(uK;S$rP(E#|BL8y>I8YHq1atEZH7b8%Sf(kH8 zUIAf0nwB(IT(^l2ngB*%qac~#T+42Z{!22DFQ5UUMOO2b9M0vusvpmkA!?x6E;?l; zjd($f>=b}o7dlnF0c(|E4d?n2Ml6CgllY5d#x;jcc4$w8q$NK5YBKm10pKykxb@(8 zLXkg-7q#x9oxMPBY#K=cg&yJuk%axZh;i0jt=q_uYBYd5lJXuf*Qh^RR*MX2!s&wVh;m@qM8WG0LWF;OaVu8UW6P*M>0qU9;5>#0PhGTfFO6u z@wEOH!5Tf^h0aG4Ij{br`>vMH>P{-Rs`A z&V-bGYp;Jzyca8c^==#A&4=AA(^l9hlat zjrpdWMh#3}_R4o8t3Bw5_27Q)Q(-U>yG^es%hdt? zjv!%4NNe&f{^IO0SCiG>^aG zwCMxwepv%$5EX>38Mg;Y&NWNwhFRz?Lko0xcnQfjnD7$HD;=M;?vc6z2ZRr!oaJ6Y zR+Ugv9G0tT@o=jCB49PffU|@-!a<{uA#n(@K{E-h{Ky61Z8Iur%wuxf^{| zKNq=2Jb0TnirDF`-xA?D^an~0!SY17AE5!iXIPt78?Faa>6JZE@Rb}!^BJ*ebyz5x zd4i-mf@<0`*{S>n7~c5XAM03XFsBlH8*r2J82Bn6!VvUe54rO;YmdCNV{)O<%GjP* zc+uBP(&=pgoLo33tCHTV!%MizI{L~6td!KFiJ=(#*?C!RWaVOdr zB|1}`B=hP8awAH8B>xLHR@F4O1rzJu9=ZWk03lor;$uu;r50D|v%gwK*#EYvO*%-X zTuibKM*8^OdvMwqK-}?_O_3$T6{5F8`h+?8gQyf*5o5&k!DoFzn()V@(rR~iG!;yjo|jfj{DIEP-yFpDg z$s*9ZR$^RG->$Yi*{CZcqME7l5JotwKj&%Ufi`wp?Vc>}62$V(WCZbS)^UG5PC}j} zTpFRkBiDw}eA{&B*H;G1!f?FZpo@GD#H%Q2ryRL)4PBNISR+KQSN-G*4XhTTZN(w7 zr9w}Ck}eWg6IPRaZj-iK8L@t=1Dm@?Vi^RyFyEj9^J1*=yZ|l$bP05R3CCpcV2JB6 z#te4X@Ln*`?YO=Svk&?X*V?QA+N1Uh5}hTX^CbhA6=o^9X&y2o0*y!WG%qS~M7n=R zIg&t(x#OS~juc~UNBiaLC3ZL?`QGjIW->rBbsDiuyC|v|E;&FPpx<(CiW1ESwhnGF zzfVm6sXSIPT<%ee-2&xv1waB({Inq?bKOChrE*P(@9_p;TT~1phImVyADh@D2W*|b zY;n096gvA=KHee#>Wa&h>{zMnqu6FJ3J9st_HWs{Q0M@kBHkAWrnPAYhHlq9ESOyh z9~1f-+U-@AebD=csUIq_gJO)kBbzy(9W$0E0_H9*0{1$LQB2BS^C;%iin!}R*H$5! zT7q$iluJZVWg#a5g9c0J6{D5X*QTUs9{>`TuK{DhSM<&K8d*|zM#xN8an^Ge5fxXn ztSnRZ)UK06dPLAVVHpck^)la1W?>;lbY?1_euga}6!;WXmgrTNVHS4s+u=2>^=6Y~ zgs|>Gn^mP5=*Sl;tQe8baN*s=g(T>#MZ{OkDSP6@q2WS=L$g+n^azKSE*1M7h}1j= z-|O?Xpwoy2xbza=Iom>#eqNM(M?$K*z&^<-<_AQW{qYoqdDXC z0UbNPOAIi(uwi{NbfbH|^9oqI)oMb~jVSE-j_E=fJ;?LLXs&a?D+vj&lqGu?ugf22 z!f!0bXQ|GhWHhysPUDZ`=d+ghtc5sxF#_H-r~YzON_*SvpAB7~A)r~537CvOxS}CX z!z$1mu*7WnSyZIX)TK5>u=eNcBTK}(ha|Fkao1P{Rtn=Qcp;gw1O@HUWq4PNU~hq8 z%0pCkF5b2_v77Bh(m|B@q*n*--yqVDag~{bC~3Nb2-m$BZ2y)AlyvRZo?Q&*V}cH$ zJpnp5zP+CkBV>}|$@Ty^+WsDLSjBfOG%)wV%e6#37}&Lyz1uPXl=SUjW&J1 zZu-zo@u$3<-@BQ2E+)&DXDFjq0B@39G%@?toD??}8`#aP6uUmmqnblD8qFmw=smDw zF#JSMcWru9cgGsCm*d3Ht`?kHCRMyO}xC(u;7_gdTtPf^>6-3B$DWPlc?nxg&)%?KSN! zF>+vq_cXQB7xHeRel6KiC7?X#l^82;Sl=fjZbOxR%Q9ny3s@iIFM9USX?EmXSL$x~ zLX1zt24@t;X0Scv#||E167jH?FPlrd%WOxmm@k>RBr!v(xWuxf-n09%1Jm7h*rk<^^f`ge!EW_0=^XAA6sv2$k*~Z(gXSpV6Q?vt1se3nF zpFP|dRp0#{_%0g**N_t(V-?>H5(kTany{ioAohLZ4;4l>4{wvCKh#cX0A@YhIb=%5 zpZJE%NndB%Lx%FtON9dG#3+`L9Bj|+Yi*1AfZ1w9G3$BUMK0*)9tn$AIB>GvEW zu<$~#fO28z{nX$#04Ocgf^%nll<*6oW*pnMX%Rw%>(Guo4mecX{<6K2+430-L6aP* z7Dr(R$z70U!4pIcX}^P{@@?OO(Dq|Ne!XVWk1yBsINVJMB7POWrKNgl9nAuPrg|KJIuD+OGHM} zD+0pTf8fdHz6{Dq+G_)W})+1I;toT(dgt~*yqF z+`43kNRSQu-l~hI;NW!=ghDde;tVD$)Da@E%E`&`dFwjPP&J1VKHpUht3zljh@k9HWG~w+=OMvDGs8S>YeQE<`a`lz2XeUj zA$D9sEwr}T+(I)8FCdxzQ_D{Oa?S0_G*fthh4Nj|vB{_#Wp4@lIk52#hD=s}gb@Jt z2aRYy+-6n7qb%2!@KAn0=znLdcJHs6hSMqLl;J+CTuK+mdwdQ_TNZa$N|i|qvsbL2 zlCu{X5wUYD?8Tfk+}iMwy#=h&6*4?qZxv0{g&?gUtFeN`Opm5LZS5ZF+pM*C)B=z? zzfa!~L_MX3GL;P6`SB+-Oetj8;V>ayJtt~TwM=Fz!6}kZA|x3Iyel*1s)99QFyryD z^1fMDg~j1Kn=1GI&}hxzcGY3(gSUERmLtY9GHRLiERKL1Ny^S&BwM+U=2gBkEK(?} z(=bPl@g~bX4Akkl+I+HreDK1O{4k#XaYM_|**xmf!0-q#fPzD#Punf~jED%I5X4s0 zi>Q)#oQ263)4kW-B3V!lb%-{S?xe{tG+gDFs5XDoSQZ7){b2kNu@`Q(Gvm5Wp>1v; zq*=dIY#KeR3NSwh*3(hvd5+1qup2+E2=Vo1eYz$i<8S|Sba8Wg;sYH%H`<4~Ndaa2 zvXYBOZ~~gttkcYdASA)#?%q`H?(t5pVYeh8X(u??bI&fkXR?lAX(u{}34tA9c$R*; zDg=?ZHC6eX1CWYd_#)^_gVp4VF)DXn%RSZ9hC_u&^xMgj{jgsTGQoLDVcf9$tg6Y4 zkUMr5aS`G})0p(!VLnGhN;m5epPQ>OQ_3OuEO^`OJp_oG>nM@hJ)G?p8i>xQWzu>- zrqQpE+~X)k0d@`zt7&Ks;z->O+y*H5u9oOuEA4SM&hrx#8la|evo1{6cBbe;g#tfDk_QdkgxXkBw@EnI} z553{5rQwzUFl0P%zvL3-t)X5?^q%wCbn5slWf4#vYKwa=q*-WgF|Zr#eW&fYg8>p^ z*wGa$nW{RhS5+;{b?hxb%DWWooAHF%pZrF^=;uif;_{B2G*7#fon2#%nZzUqJ7)cX zbevibr2D{5)T=44j?#djrSZi3oQYkS${flG?C8I7*NN|V+RZILn$ex7(!%jl#YqP9 zx%$fci_|y@?oX~=cQeF%^ZHV2CWFR%4S0)m8=MagFO4TJHkpy1=$_Q(#uSx~dFYMp z(H3|t6<6l<+*pRA<_p|nk=4yhy++nLZ}~rhK4yl8CYFq5!-W&y(+9VSf|J@}Nt z|FE`exNs&OL)l|DtW19IL-}ys45m@3YgRO}Qt11oh*3gq0BBQnuvhVYz2u_!-Gk!c zuKc$a!XDyf)soH#9*?$t#=0n_j}1~!`tiZ}`+nxKpkYdSr@%qe<(%XP{hH_M>E%Z@ zYC2_^QvLCa%KTAD+edDMy``UM5PajPuJ<<`Av31dJS~-0}oN5&-Y1d!Z@JLK* z?ChKVQm$XBlvCP(q?2C3^jMG`Xb9wZ9LZnh)rCzj;uu8aP@s8yHuwV#LTn1)3F#ZT;F}P;KE}7%{&97%0jNRZcvm zgu#z`tD#S!7YGjym89)}h^?$!sL{@NH<*_NaqHDPkrGj@snT#35-t_ra!(o@lIXHo z90XoC&4rdpnq`!r2zCUHR%`&9YSLD?tVg><1hoTZPUsBK>E_rHqHwN;CM8?<2U%JX zl@sYZ?6qgdLzT-$2@(z>+-UrpfcBZ_%~jR-oib;LYN0~0x%zEd-DdF_Qi2?2hv<(q zc{;o4^cMZ2)!CM9Sx1XF2{wjrpvpYz^mh-~<#d5I7bihP+@hbsU2cc1zi_UatGv&) zkga<{#8if0`}s1)LJo5WQ(PrL9vb_9zR;f|@Sx0l7Qr!4bSngZN>^K&R?&>tGN$l; zvxIA0W6;vkz<3Mu5=86EF5*cu18mkFS=JWIHSgUz31!-$wIt$x(DS6Z{j80D!UHeR za>lOQh)pNS7Gq~F+pG_&xD)F&FF1>=l1L8DMHmiq9dfy0RkCe9h~YpA%T#PfINFa> zvcK%I0y?%o7bY2dU*+M#CC@yqKffW7D@_Ws65Y&=0oT4*fRSdcjcip0J_Z&9Jo{1kbY9E`sr(ok2eWyD zVp-qVr`yVD^Nt(e3x~ez7EeD?2-P@LyKjNV($Un3e4n{mqWnmJ`b12y@!R0Vim3@% z4h4II3oDP{mUjU$U!PU|I~;BHo(Ffuc?A2QcjFtdF(KTL#V@X~U~B{=AwCcDI>!W_ z5?uHGx*}fNoPLt~4+(f^m3;~y=LyCw2q}VLuhrI%t%5>}B=4C$uNj6Dl#^Ri#mLI_ z>r?nkZm60rmllB#hAT{fy$6cH@iWY_^0`aWOf;c*lpHNr&Q)689CBa@%N2l87*4-{ z6RH(JS&HXpZX$t$OPzN&v4cSeCaDr-lR@nFmT_El^F=r^O8OurN*Ho%5!)$*;B@6& z;y%N82IbrdDHCmi-iu&`P{HvtTc~G^3kmx3`s^?)H?|o)aMxkC60H@h+>-k9oQC<* zyvqXY*iK@q(gd4joNk}lV`z2zmGz&93kR@p3}7O-g_mVE ztu2_-2F>@nq!z+Rpu~wC>6miv{z)q_zQF;sTmx9cGP^WuFC{IqfPMFOB>7~;kqYp; zGmVh-ND3a^X~pdrIGOXPs<`SQ@DNn{Qqo#{Q8J)6ikB^&%ckOSoth|<8b)EW)3(&r{v9GdmCNY?}-W&4b zhW>tfR*}knO!gClPdA^QA_KiE&K$<@on(xJSyrACr&Okx*sojr^6IVGVc=+1y!5 zy!lJ{X{M${HeB>_?p3x8Fg5xcYYw8eCGI5jV}(hdA6EHQC}@jFr<6=uD1`N?olkuY z;x%~hrzpdikU##~Y6qFu0Y5e^x9rqRb-5GyeMj8h@^i~R5xnAKrzFtGl&2TakQsH0 ze{z%^>{){)GM|=2ihKQhyoPd0I-d_BdzSbt_fU+zf&BE~$StMyC7a^L2TI=cj<0Vn zL;|%o#y#C9t1}nQe4qQXdK~xek0kR~l&~2IxH0IvZp_}S>%GXFfo3^wEbi03+Z(%h zy56(ME5d}MVhrd*h39S!pLQ2hW_p-$SUY3JzUQennC5gI@aQ;MKlkyRt3wrGIc=Tx zcMfcLM1@IMOZ7__$b0uukJuWT9%mu9JpA(qM)Zo@1B33@FxpNQUY=DRwwEtf`Ly8< z&`n7=gX=G;8GS1$v2_;sIn{X~;gEkt?Oa{=2eaqa#m%J`5>OI@&ZEG$y9RL=;mjM9 zKThZic1r{dtwd`*Ytq!^d=D7+2YhA&8h-T$$#iBQ_xF$I+nH`;%hwd)#9$2hPfgDG zeU%HC(Qi2M?K>Rd)$@@~JNrK=qk%uM@|@q`)#dg;JLAdmbaJ%sn9jg`WjHFq#O9OB zrLqb3N8easqI+9Z>{xt0;uhU+e;lrxOM3kzTpRbV+-ku4i7Aup_0g?g(ij6X?@BZC zX#`BvqZ_~JTXVje(dx)W`wYd-dgo1r{PD__9;elBc~y2h*fR=AvT8%DJg1K0PG1Ma zoyQk9wC_^gYxG<{@;+$UqW^)fJl0fUyX7YC_2s(nW=Jg&b!TpI!NVrs_m}oW%9j_^ z?YnzifC{{QsUD3yctKgREGLv5crubAL+|n9XAKjz%7VKr$;$?XjB@6+A9oJ?c1|QO zK)cQ^D*mybWi6do3d-En-5ntg!#Ht|IW3io!t`(O>jV%p3-@GSd+ae_cp%N;k*wW5 zHja^yKxxFW=yB94CTdf-&1Y~^8~j0S+167um3gZ7&y3KEZ4X%47P(CK77rI@?^Mez zFYK;<_iQki1ddjTD-{jij#N_~^13=%S-~UB<5cVt2$sjA^^w1>phUVI`KmgVMrg`<5#JxOhqD}65YX%vy$%kb1&6>?T zr`DVU#9G~Q`A^B?z&Q135Dh;X*;*RQ?(zq1;vOa>KEb2OY%(iq(0%o!U($*jCN%b< z(y&jU%Jpks;avn*C(oLc?Zu;}gLu;vk3nhsRSSo2l_e=ij*3Lt+dL)oaTL`!`s}+2 zySjy=j#EBSA4L|8YDO&+f0bWexE2_*+OOP?dOx!MsKTb?SD|+Imnvt`(FMl1B!7wB zUtBEq%f)OP$cuf>>$!#7ZCflW1WhF_i8>=OG-90#T8$P)15#KC+5yxM<$CVL9{n$v zc{7yR1>=41-!6HyzvrJ;jEZ&~O#fIXQQ8}n8~qDM83c%WR{`1zWhMMs^;_Cu^Tdr; zC3uvsDfw`v<#Lgw-E|l_vhDV{Fdq@9yJ_|AU4I8NzmZe%+A-7nh!`UWowZ%wYd9#9Dfopm4`5K zITYehA0e75+pt?hb9PeP{_nM3*5NCW=IKHclOnNtp^iv??V;LzhBXMq=ofFq=Z|Yu zr*f$bf+x2g(o5Jys%JHRQ>jOdns^li+3LVpgCf@Bl?$f77dTWOtk`}y4oG9W+jrn0 zIsJA9Q_#iegUP2%ImnAAbdL|+%88fPy+0J`q>vI}2kuU+1`x8GnlZ&CoogXAvNQwN zp;G=GA~SDxL2zDzqpl8&bPXXLfeZ6jaHz_izuv)gTB34rN_NFBR+ojx+WSR{-B0Tv z#n`MhkEz-zvka;K$Jv{JL%sKZ>*f{OekGsijTK<-_DS%JIuPb4csz8QYVug0_;9v@l-Xvk5AJTV69rkH=B` zsy#Oy-sn(;&3dozlS zj_sBXb$T63UFFJ7`3vR^yGu7%1_woDNtMpaICgLB$`PmCH8a^^tHb&&)@d9%*ELLo zrZf@y`yU8`h?--Pqpqd2#reiW0iRN-Ztt?m+RbjI@GA?!@XrM(I(;J~`w9QGA}=du+*g--MIR|&m*mdZ zNSCZ6#Uzvv;-gH2uu4UG(;Q+guM=g5KVB<6Vhb{)i_7OiEuu7T2*v77Unhw|4i!dF z(puBg;y*=s3vXTKM<52O9D-bip4ZNQu*}!xrF3P-BW#PjtADb~rkLdtf#}Jx+WG_?qNa` z*`48M4wp1itpMw>97&t`=(hzQW4Hv6qsp88;sb{k$i6$XZ-OQ<-EW;mYK1$EWo<+o1L{p`h~iRs;#Pv4$IQ1_@to4pvPOa zR>Go$W_Ue9IM*^N!>AF6&QNUMm8_C_MhPk+!#*O5nez_SEH0dNTs z_m;=X@G z<)#u!2Xm@QFt1-sJW=`pF1AAF&qJM{FLYwhJPIZP47I+ zu9!t`nHeA|T7`kf&n5u)>RMRc~a@Ta$IiqYZgEP}?cI^gs((3HHQid+NAv;jbb36KNq z&DD+T+bh6)->$}!sw<%FUwS}Lt#enhfQ(s)P&=QjuxD9@2DVO1YETo!0K<+tKxT3S zoHf9Xq^}RJ6iLnCIjUQ?;w#H`7~`1+1a; zDz0;oT>492g&=2ve_FZMxZzCavyck70>eJQX6=6GGyhW*@kXxo{Z0IyPnrdgC%Om6 zZ#+VBXf5Cm0LL$8sR`*^;F4DajAyWs{_8*8fD*%-ll4K)4O>UxbCw6+)}vZuYE~5={$<-;whQ~jNT6Q(x!W)ZjhgR zmpsWnoV*KZ09ubl3kBw-^kWG4v`=UY8}&jj8Wr|YGZRH2r|9&~o zAs9uTT3T%W)u{gajRLM32?NkcX-hB;K_$rr48kx2_+uuC@%Nx~RL^9C8j#Hxniu&; zz#G!0q!=HO#DY(8J4!&+yVn2-_@UmJkEd9}u7PyWRE>MT*BNEX5);v9ynhb%QL@l- zkb|{)QAfrDsl2-|+x5AD$%Ruwgf1i}!T5Z@xQ&waCa&Qz_YjhP6Jj!Qls}^$_Ez6< z4uti3HJ*{ZL6XUNWSXXS6DT>np!cAJdKjwhIwz7rkSVrtD045t8a!pqu>%mp)c4+V zUcIb?^^<@#smTzHnQ{WG>54Y^q|y*Rd*#4Mrm4n_;7|1#gsT5JYVK$Md8cVSpZl?>|>BePy?fcW8>qFAmBAgyrrdPrOSw2I5;mJBl-Ct zU-BI^5;l#$k3UC}2!wCrBhV!~6RNd~-hCl)D&$hMjY)^}>qDLX-#;?$3i$48LuYgV zww}6~Bqok8`;2*w`1=HQ)x(7nbB9Wr9#2nPn zm{x4xHQ;OnTKSWr$9g`Wa0B_Wy6#+HKl~~%{!&={xeV@S0}|bus|iY+Kb2%4DoG53 z8boj(p8&#NH?fvFo)g!5DUAEr`IYKxUwpd@m-EsgK95hy5h+$9A8BYFV>k(;H)k^( z0Tb1R#z=m95XYYDWM}@42YOoesQ{4x@-D8)a<^@O_HX7!YI(SWoD3M453QCwh zO#D1Fsi^5#P*-8VJ z8zgCBBILsCQ=cJE1y%{h^RUCg57C(fPqHFOqUOR{1vogd(eDIjLoQ6f zhoQCg=l=Tv&n-b`C%}5}-tqC;z6+Uk9|5@^`^e$6sBB+GDKjd&^mr%1rho$+>Yc_e-CsPhD0&FC{zvh+o&ZsWolFP}-kRD_C>!|?z9q5)kx`-~Ywueb}>t$hq~`y?1qjp^yLNJADYh)8Bk zn<+$&m{o+3UN|(xjAp>|fO}O;mXoW{P~ZZ4va8`1wAeg_cc0<=m0%8tez6L|rX~$; z01cUSHY5+N93nxHO=Utm}0psTC~P^2}*YinUH|X zUK8rPa*jBP4!8fOn(farrY0mCQq`WSsu{qxSFk-3L>k%9btqg3)F9ngfs&!3}YQ~&XBrV&t7($&j*)Ph_Pq=5G ziFSb@f-^zE;wd6)YDBa)Tq1}WhFi9bne(V>ha4(wPKLY&4@OSbR3IacDcK?D%G$x4 z!}FjR+TK!V+3^xgHZGUj8P&8WEwBa=JlPkub-3!r)=`%m_4r47jShDjwJn@-Mp%8?x@e##-M(rc5Z^panP&fjL? z`}bN`eg9oYLb^WsNWqQexWJu>sS7l(J|!BE3THe-2K~tRqdfa-qX9aDz1{%8pND=; z*Nt;`uYgMSuT%Cv{$+4+?==m?9V^LSr~Kb;^#9sN?@jCfdzbxx^HpoDR`7lQ;RgdB zn1%48VefGO=={&l=FfWvX|KOkvAaO6N{t;V>uP2kzadj-yD4ZXa9s-a3WJy z(+~ZcGyZ>%SAPpIshLGiIDqGgEZv!VMo>ZbvYqY{S!`Ga>Nqqwhs%JvYB(48HmVyN zQ~>ACULa1P_iytdHe-Y|9f3l%9O%+}!DZ;y5-+<32>wp4$haFd0evcN{dXgRFcWP> zz*4j|=Aoi@0Pw8NTR-LV^SY-0%FB>=aOd^{(?UAt-CiVpxnuhgO~0k=U2X7p(r_DC zpo7w3LfPQvArWrpynTDs8r{3o_$?aWe@-qkngaw-=6!;4N8O1u3z9NHP}D4O`~*_Rxw>d(HZ^@|`I!YsTzRLdre9|Hd3{ zKm)OtZlDLLED-93%{;$>t22<`nkiMvXZq}k_Fv$~nc!j_5i0#if z7sMOvex&b-+QmkJiYQuFj?vH#P%Q>VNm9wl{D{C$Oms!3$_5#~7}mdoT>FRg!N%T_ z1_|2xQNf_+8+!>lwY86|2#ehvI=un=4*K$1#hp11L@IO_j{r*jVsJS2192F=Aqc3^ z^3Q~_vr8?*4WU{f4z>bZ%~qgk%m+r_-LEc6uX9^`WTgYXz8b^F3ScUr&UX9j?+NSc zADBhd^nu`uX!2BJl}CnU1K29xFLUkd0v_&Dw%Nb}w;Sa2x`(QDir8CJdX3AQsUS2l z6OlBg1?X>!h`^CEN<%0fQ3nZ_dS~|-chK4h{($J>uLJpI z80~3|6kbL!Xo)QC_T}XT9cD;;woT-o2kVu+qFN-_A9Ub%J#+=}7wW@x9&w2LYzpfG zYNQ$4=+%9klY;$qrW2uWv(Kbwf9J@Q*?wsOtadj>BWfHs*ijuRGR=J923~jK>>a)_ zD9F8pc86kR^ zN!9Iqa8d&8!79Xff(Cj8ED~ZKeagA3{+al?iBv7|c=vIS)XB5uMZ@ycp|*0K%Hhp) z&uq94j^RTJRc&Wk?lsW7owphk!JozDeV7D>np^!xg#&=OdgL3Mj_*6SJ2QikyoAPn zrr0hOmvn5kC`F;MF7V@#5kKJe5Kx;@{O#f(?{+618wPkhU?WWSC{h-+KA7UvP9sgV z79YGhNK%;z#s)8f2KuYD-#9lg3+@T%*o-c6@L&6nCH3pz+##dPM}!bV!R%p4D|i$M zG9q*Fm0oeTuK~x|FgDptp^@8Qx3Y^hTeB*VT5-0LW(mCWDE?v%a{TB+tsr}pG78dn z6A!aBM=LYhLO@JMzx2RskPpnx)Lcj%N9v5IHbKvCe=EFs#;O)qZNuye*)Q>o36fAA zthd6fm1$D^iq8ry=j8_YXW9|R?U*HwTBEUx+MbX{N*o&~6*P&hxGIbhA~PC=_e1|s zWa=>eO{91N?-I`q*j{Z1Q4dsPrdtCb{!<|qoOQ$76RPZd_5}ocM|Kh45h!yQUUpl5 zi;-`pujIvg#sX!rATtjK6j zcLh~aP{7e{(s`v<{Kqj+phN1m=yETJx<}#Ik6%QmItggH#9}i%^<-@t+XE>U2a6<_ z!d$O)#H@B)8@ayKUd{s&Rqj^43FFu)bX<6{IhqD`iP|M8U9z8T)go~Ql7M&8!MJU| z4Jks>S3d7tH%eU1;Xp~d9A`0DzNR@%Q9!Anco!&xiX5AjFZd9YlM@o7k?!^QBBcp* z`SE4LT3`lEhE9_wb?BpTB!k#mKvS9mF8#7r93Rpp)Nh2peS?!~YP#jH!0mqezZ5~7+1 z7VU(4`SH+BF3U{N?TaCHq3{(wE4;($7*4=cApFy@heZ}oMS8;TYzPml>3Ul%jy4D-o@+c&Bqs0{sHv~KGRVX3s(5F9aa_AxyM%AcO=d2xrzAQHDJ3eW*yu;~Hi6pkD6}BNW7|v4l` zJ=y!=FGIQSMk-d|rTY&&EOJa1*|rx}Pr4WO26DXn=yGGqZzRc%oLvctD83v4dxmt+ zm`--vCuP5hppaWmk!TW3QJlJ*lVt6sus;&+2xY6hYB`?(f!$@5TnRkmqp3Sc}Twt^uj zp%!g|WxY{Qi)Ldwt|~ibR?2#C*<4r+-@FF@3H{<5%yBkS8%|ZmD+m!__ueuoKs*d< zUcRtFU4lpju&OcGMlNOI_h&*nVHt1|$Z>lj3I50!#JD;4wPi_e2&!L_J$@DBij>z8 zry{6)kQ`&868nK*wnan{^am$$D=P0)CdWniR2oH zPM&m2crngGU^6(Ikzaf=?w%oytj!m^naA9H5)zxNtkcNF8BudEsDuZaPqM*XLY3b< zM1VPwKQcs$D=k4%o_uf7c-*EFz)%B+RWgS|J;i?Jxn#;TEk-F8vRhn53pECQOo7Hy zRUrr83QwY2gr)7{uy9|pHYbit&+bDtxi>hyo&%rkHd`OFrWVR(FmXVw>AEtm#h=T^ zR-S4ne^H8WfxMLy)O`n4Q`K#U>Y7Z)cF-KtRt^%sKw%)Tz`^YhS2v#ra+Au~NUma# zXfO93<=6E-w$3k0D;=FaE1m2D?xN2M@1jVnc_ihL8r+i2;hSQS!6Z&7osSr z&aoXo)a4czm_YN=*nBe#4vS?mtVLbPJTm9S9xIK|Pmx<>kr2I7G%3zB_}qnL@n=!o#VjsgUVblP6AcT(A1{DAD%hYb zbudCrV2CuyiJ3Ui%-tyo*5|2k0W-d^bI5w81xARJ(P4$S8Ygj&C@Nlfi!oi18FF+& zLW#p(r}%W&{m3WFpdFagpCe) z+=*`{hW4O5Tv{=cBZvuI`2yxI{Y++^B@h#|AfB-C>8uvwEr*}VHx`L=+fknGi&fzw zRh&MJk81y8x(M1PFjAM3VAO%A;18l=2aEN=14ewUWH+m0y=Qn5b_K74LUfEb_{Ud_ z2NX~lbr8F<3Hu?ic@EB5L;QLF4nQ}xCP>@dT}XU(4Y`sq$-;!0b=;F7jC3+e1RT@At6>MZWL!A z6oYU~npty;UyN2%@Kz!^i}WTkVEaU!aZSyed3xPy_WPhO z)Y$PaGMeogZiTF(Hm$o4HpQV1Sk$LUi^-0#qIhUwOX9FC+Z)B@>PQm*I!lq%d8j$N)`H;r;vxDQgR%Im1J+i6$;d?n`$sMM*(ap zhX>Waz@F~qPG!b4sRb9bNq0uq5>+9Bm?jQpLgK(RHhn{zC(j}j^~iL>Jd=b&eqoQI z%V9{%WEh<4SWWnz;x<>W968D3Y3GU_^orq}l!;2~(dOpwgDMi;Niv?I(X$DUi*kJv zOK=uJX?3e@+?^*k+gex&OE*Y?ULkdhUWvt5c&WNBGU|XUA ztR#pWRBl1N<$@HH)9k3BmmQ#hLNmqioS9IOtTcD@J8ddaG}0S-I4J9^RL=QD&Cx{JxWgMwzC>lx1@wj_^e8bEa&sbV zIam^6QD79By+OXN;DjmyiK$|;#QP*WrI}k1r(kS3?J^kxG&;rSq!~CWO)?WEd?G8M3(ecqBNO5+s-IOy)Voz(PC>AIE(wHJn|*Qd7K)*f%EVJG z)ueYUYHYDi2RK=~v0WBOK{%m=3F5oa@y@XwqPltTbiHb1aT!E@0xrr6#K;qg6ueQf zfq01WKyQ|iU2~veTd;dkd7b-c>-t8!R{hY+ykLBN-`+LQ8>HGX*>{!(UHS>$c$HSG z@6O2ab*-916nwT;OmY5GW7;u$Ev{zBBtJ0&d#tf#yHkaKZiTffO5{EyRW_k@yNKs` zsp7a7{~0e6@Lc0&z(DG66DqLDV^>Vs2}>UXff7Bvj735J)vUqk|2}@73KhP&nv+skH!vv<7^+|qsMx}GXtd-D5 z*-&Zx5%gV89Zt9hYM7j-f$E5ty{P3R4#9sk{5jlZt3X*q7QcC;91rqW|5N(o(ox$`?2*c!~@iJ*=DOP;5mI6Dfd6|No z?}3&Ci-QHy+v0;NkWlMj=z5!Od_$CFXPKy296gn)0yl@+;(a%SC2xrzKY{1S+*ep< zolaKo;E-sa=ZnL%TAazdxW!=Zm3HWPX_Fw--4eSYjM*<^PgiCNz^?TeC zDTc1JCPQ%B3wT=iDb$)|#$p_eXnes|y$ChP3np04-^?|qjHyurfQ74j-)C;|y4cEB zX3y@gH_#j3hI8~dETyVTMn|enoOn|d`kiC^fl<87_rQi_nQbYoU~dck;}LtePNrQZ z2GHih35Vcz4=IC5gCcpM8_$})0riBDlD|=++_VD$+Jv75fMC+zo@a|SnFZn*o^?%! z24`jD`XxTfHHZwYc!|xx(M5T^wCU|Zism*`CgzPK70}E6X}~xg$ZC*v)^Rq9$Zi(Q zP-V*ufpFQ0n2}id-Q)cjJU%fYx&Z_Xy$;pIzs56+h;>4zK3G4i+F*VFd*OSKViZ_F zZ9q;wv1DEW8br2$4v;Ei0mNJ^5_VcE!KSEZ*-$SC6DrqtI)lL-a>>wkl+|`$CoBM( zeRdbm(b#5zKfJ*_D~dUFvGPVH6ZNC?2n*zKEwqqKR}EHyWH6}31+(sZGpsyXC3G@&b2zUQK%ax z9(yv=22j6njmc>PW9iwb70AXDH-q;ioo$D-$fU(sp;q58r2T{%Hg7g;mO$c}VQwf21 z9E2IAgqOprd6`(#azH3?v{D(KQS?CI3!5{MG7rNuiehZ|I>Tm9TJMOD9Kb&|mRE9# zBSm2BXE%%@@!}}iiTlQ8nO9NLC|Nvl`7M)e;t*1Sp_fsPtvBR}Y-lZ*6>P+_2Yqh( zU|p!lfzE|$++r4An{6;OCi>Xb52JF&gp&ti<^0caCF28#*gDaSA2I@;4YYK<�DF@C)2`b zy|>3}THBj9#%c^dPVi~kp2W-4l$@UuPlrdQV%6*tdqDYSp|rET0NsUt_N0tWraz|L zH@=kaNmgngMmllhQ?O#2Z6-tFicO0`l+iICEtdr(PQUJLnA=v2@gH;gUvwmJssjQP zP`oi1%(Lik%`H+3HfW70r}&X@c^#w&NyqAK=bZp%<*t~Zz_G9!Hf6_p*53YXd4A5@ zZx@F|R_xpgr49>fCcZ}Y>A)FlwC*){<+UKLjrlcQo^V|@gMe@{5``(VfJ zkA<6|oIi&-Mkq0KqTkVrb3fkCPiX8yo+5^@lmdAx@0rCf+iCr!pMtH{du%H5=LY<= zg4n6{Lbz(LaUl`P8qxC*M}K9{M8@jR8J)Qe-dBrN>VfZ)_6vWjs=Se=I?>F|{7Zz#3oA#>qL#V#$9H0QL}(X>CRWKXRb`TuNH)8`ayHlws;}LkqX7&71V} z$``(4R7{3-dy-qqqr&_to3a@WWB9aiM?UMr56Wz+P z+!?fq|NayI!dN~Bz23uP{_+n0p!xh)a_S!-;vXCSKbUU+qNe@2^#32f`X{aJKYy@a zi|bE{-5*8czc-Q$28;&tCA^ej94$YPzS^@#@7Nml`3#I?Z-U_wfPo6e`&1@B?E|gtLzS6LkWu$Ucd{CE_taub+9JZb+9${d(D^w9(Bma@-z* zFaXSi-AD_7URD8^J^g(pP9^1a>H;dRg}~%@cfB>$6j=to+W>$zzUhg6-&~%gFZUMN zyMaJX6)+0c^qx&V(>iaD{{+D90l)=tYmOD$!)8QycOdAvPJ(AUQMrjGqIxH7k4FJG zSII@+KssG-lgCu2Sd3zg`%qQi37eV#qha9j*2?b`35Zd1D))X|643H3JRqVo2y#+y z?{U@u6eeYFqZci>=$oN&uLTU9od6zCgqiI4#&iSZhB*NIxrCMXL@$Usb)YuIP(Fb{ z|F%Xy(C?i~C1ZXA2;17`+q=^Qz!M{bNirtY9Ym?F&sa+T6aMKRdTiZaAXUNnS^o9v zue;+VqE7(0x1X?c5|Iv#W95-61o}VAJV+18|@>Xow zAH2Fd;L$GRU0~}q7*5mM1<>~0AV5oUunAoK>gG28?R^hGBgPey6e9sl^#c%UP<*xq zY{7{jL=K}s13;mgZrT$Vif$5=n8m$!gV0678v!m<^hC-{nqDa z@|dq#dK|Q=tQf%+9)$H^Q{CIC(Bx(9rf~J5?-pT-NwOCk1EqdKE(bWcP8S|oXcdGK z{t3G+g%GpGkCm45THhYYuqqe6)fD~o-RAT4LFw-NNeko)?{5WHUR$d=BpL2uu+uRc zqr@3NGi!D5B#-42W*~EOwk;1&E@!JAy!i7O`&9Ez=jX@(o}^ zGoN3?h%l#&!kh3xz~Hb1$V*Aemd-w-_2KFF3=M{WDQD;R+W;ICl5xDBUC*Td_{khg z0HZJANy{p}7Z6zdyN?l*BXfWYkP4WpQv@4)CYTGswzx`>X=gw~fvVIwq86B7#wmM8 zdIB7`7cd?tci?9hIc)fpITPk@cjry_A?z4KJry)2`|XZPkn#e86BE|S@7 ztMg6EHR6)|>}t#0o=%Hr!#~qw&i`9go<}(*WAnzn*OnEj3I6#FrYb`=+SVVAU3GKk zeqFj=%lLB-aR;IoD9d2hm>hptye;EPFo{IlnR_QJ2Yca_MP)d-M)+gnz22bD!sLS= zpf5jy9wz%T=)>fp{=kj+uE!D1XyeadOgtcL z%aNb5pK!CpG8{8M%B#PBUxT!$q`ij62)=^Df~_<+{~YxFuAJW(kffFT-hbC4({ zV$nvUZyeKXcI}?e`EiLHp-jmIrDE4bAHZb#$uZZ-gyTAnlFr~47=B{%cz(KZ=q1TP zR8}%k@z<#C@8!Ecub8uv%gM}JkS>K{1Ikm{nGPrX501n@UpD%@}5K!pL<-){!LMQ~s# zwVyXG76fF+CkF|zZJFi$vG4+5Y~1<%SdJUHU@Q$l&=z23J`1d2G5dfU8uMM05k!2h z%LV|LT3L$4CeX5Tj}I@FFGehrTNt8Y3!`d1v0q!PU!rpz?-TfNP=nygo3j`8hcQTv zN@sFqCOg0BysQ5hdJ+2ARA)1Luh3Sx`H_KQ-5}#>44)l=NKDe`8h~u82NBDb)&BQ}mrq@El;eNVCdU6e^x-ez%->6l z=^GES<0+DwrK06tUj@{2{N~F)X3X@s_x3I>&poqAAPed4l)sa=DD5bp@15++W}JKN zP5-IlymWL|b)b^_SXl{>0$*EBgctwT_3i++w|`YLPw$NaFMsJ483vpHJC;Y0QAx9(@nC2Dv+1My`ca-qkl;ljwVf4remf^7)w-Vz~Bw zEDi9v`rU(QR>uLaDWnqs)5FD0lAU+D^DKurEMKme=E^vD*=L*=m1!c!N9sU=NEVsG zO?|K9aEd4i)FA}}=YhN8aBg2#hVwAHV!Plhhy_Zv26#&WfeDpa0VE#RmV>0{Za}w+ z=PCiW6K&IAB#Z-{)FsmQ0$n4e?1~A=j+D-nv2Sw9oCXvKOe0i6{#xnFrZ}~OpTQx6 zHHJPn5Wlj~?kjs!@E2kJKPuPxqagA#&itK-w9>gZ*DHTyE=A>I?`-Nsd+u;B+R3bA ze;ihz7Ux^PpG$OYd$Ip=8PL@9zx;%8oqe#`{bu*%WJuPMzxZU*~rZq?r~kzFGq+7l(x3 z%K^`2+y&^k5UYXJkF@FiFEa8S+pShB6zwPb-mFku8B!js;)cdOsU6FVhQd%=dqN-Q(KS zLGLc7bFLQ!zWBbg4%8m!H!o{^wZV#fe*0w=2&u~bUwNxPidiuT0;2DVPqN5xOIq}q ze2=33`?$S&cL4-XHq{UT3AtoH_c1lIEG-v+?Yolj(Da;Sb_25GnEP6N8yajMH&Tsm z)RE0$C{l5)S>knEq+YQpv<#w~DFZ05ag6t2{Nh>MYWqYPCzN!f;hUpsoQc}H_BI`N z0s6zUD65XceYc6aAD@eN~6R;Qide>!gCPNl`bjN-8I1cUtn3@StI z)dqXY`9%2v*8%U@vID8!eV^>5wNnZ99J}w*%4QV40IJ0uk)VJNARNMBUSx;Vk+Vb5 zMVZ@v-~2KegVb@?i%DNn`k)t$yX8I~NQoBQ?9@@)EV{8V_Pjl<^5f&|Em#`PcPX;2 zwcCyPMTfS-Bx3s$dv(y@`SdE5+p=!7fJOiA=U?$()1v2MVzYKmCnn4$4<0u#s{g=zr`(; z;j*l|U$yFM-rKUL@Mt`J=Qy~rc?EHAC*|INTi;T<_2UY!vgmS8>K#qYS`|R6`v-E} zTey)+w<=QuasIO7ROj{Oj}J}h^WH*_Shn^?`=kgbh!`;nQUlOP&C;{z>o7L)2xS(7 zzRz*?pdKZYQ>s9X=_Iz~9zWm^a{(pbkq;J+bvO5}0+=AgmJ!(n7el;Z_jO-c+YV)( z4!IMOO*XGVR}i#W(8i9x6~B?TJrt%NZo3Wh|Jhd}%`D7>cIz#C2K>i|#U=r%2P1lv zmIkv7KUW{^2@xYdc8D=EWcsYyNubsfT#gQ$64Et4l4NY&h?m(l+B1Ki={eY{u+7w^ zgaZ`De$@aDeZ%c$CibjS1pjN2mEDmdNQzQMQLRgdQMoDdp4oY+W0|KSEnv=M(et&s z|3hT^OLL`+jy<1T+Npdl4jT*m0m<@97-Nhtj+w6ivg%VZd%}ZbLEX808IfE;0x3Skj(^-!p3>zEJm=QguY8Q zmV*D{0yL|q2`C&~VCoddcmdiM`0%@93jkwVgxEy>K3>FXI^~shkFt~;@ zat%4|pD7W0vZWmyH`vm;i1#(v~f^Z1hgWhA0M)6&YC1v zAJ8}KKB16cY*Fx38(Z$Q5B?JVQdd_FrM6~h^3e>BAd+Uk?SGqV15pe-lwoXH{!gt| zO6Q&|`1sY~8Xtbktnu38dZ}@qDO<+g&hNf~LrG-ko@FSG*Zf1On%|RCu3ZD)ogijw zFztY`GpU;HWl8VGQ-HycZ{n>(1cJJ{YkgZPHbiCW=DeVqT?DUt;js4A)>^nAZsEIL zx(Q(2fD9pERgm8d4Fh6OuV#%~3tt9Ar{iB4X+rNfnewy@={P* z#lqw?bWCe@!%haO2z0W8FaxLy+7-5sY|fAjfo0#J$^mK}8)LCnQoPK}gx2nz0tJYM|Z^MOvb z$b9SScNJ#_7czPwj^Rar8B%~j#NK}_1jpcPRB2Yz`ELY+cRs_knoy^u>xN6|Mgt}B zkrxZ3jh5~}_>?47fn7jfVtf&pv{sxkQaVTDNOQgME~Y%DV{pH4(5}}R3c>idE{tp~ z>{#)e$@Gfh{jHn7*P>}~W|LJasz*X%b+-TA4WZjzJbh`i z0xd%s4>MjTfaXHZ9Y|a;HLowcj>rcVRG{y3ZZb_PH`S?}vXwx_mb$fM2x+bjbUCEv zPqE(f>dzKj=qusP!%~WdI-aeYT6~_MZ}T~XT+IupQ*j%bqrKR_4XzF3FfWDl+Xz4Y zgyl7E@hr~d$~)gQLIcrhFmv+DdN384>U$WUENS$_*hERiIS!-Z+B;&IYd~T)&W@DJ zBusKnUU-}|BWq+dag=_RcwI@@IkX1GK#(*Dw^lOw91{xlgyKt8K?IO{D*b$L(8d#n z2y}osPcjByfX>hbXMj!)5Uw98xq58p6I0*IcmXLUamSeaNz>wr zhowDI1!+ZI`ykecwIF-yZ<>|GND60|1lP%J9`Ew-IvmgDUUDr z4|F`8A7nRR9+H*NrZ(*g5Y8`p)lbK+AaR>1+H}{;h@62}Gy1zfzlG>kf05^ZgX&Ut zQaaPs*uJ$fncDZ#=-V*&@$wDp+}1?*O8K~zIOKI;mh@tX$)GRe?%b9T@Sm^9Gv2&{ z+rAoeb;11IEb?*fbRZA*p#Hmav6q01P|sQ`2)q6E_)g6Soh(K$)_lypw(28!bAHTU zCunnr#x4hF_p{Ljl)2@oEWNqCN%7ps2QA8^))pB5ejkW=V?EasXPL6-3)NBXFj}6( zVo75w)Sj5ZmGu@)X2DCi;l-d~N?X%p1n+w!s&|F@kH;qmm=MqtUAyqltSYMAuZNJp)ObT^7{W0LC3OKuy@R&WUf5zfs`8E)iIE_hM?=5u`1#+U)hEdD|QB zqLwV&hKdI$U2#Q^N(_blyj8HVpV7B#8(pY>lYGkKXqOI2`|4{ zm&(37N(&0gE4u{R&nhgw=9_Ho-g!zQ?V3j z3Yo6N1eJ~-FVAl5`L1GXpmMA)%cqAnC!_*8S9_O`&fIuULFH1nzNCLVx-R2?)e z>0jLkk24d@PgHu-@2quO&G(ZpPHN$rVlv9b_0IcW`5EL0DWOzb^psqYb+~T0x2ouU zwZ3b{U0mVDAIn@;EHjo@_XOGh(d?D%74+$fM|5+in!@RNiff`Kj&a2?vJU?9JON^_ z4~kmWUO-^SK6zCLVyn$H1vCP3om_bWYohN>o&1=4-s(2U*wnwF+y_($u6sT7(T3Yr zUynR>U5K4dPnaggHOyG{{It)ru1jBAc+)ra=h*l)+DopGZ_o7v5oq7BFKfEnXz7afmF;O|A9bVC?Z4jkHe9{f(PUO}nj=-g z@7Vz%l{#yqhU6LlRemQ)Yqzw|xbUk-tmbQ|Zn{7Gi*Km==-DtSGY@RSg>$YJ_~*(> zdXsI@LFOILwr5NkU3#%`#sFcIRb1wW;JeEz(R~ z?XgrBffagd)3HIOWXWGr7Vz%=0Yo^-VRr33&WEBE@VnXNVRz+XgE-5qcwc!iaz^TP z>H`Fd@n1^(zrh6AfM_;!<^KArN==3&F^fy;MB&ma%Kfu|op|hD9~NK=|0bEClYi@K zK9Q4s!hGW89zDr_QEu<2`ol}$f0UqI8CrW9@k0_{Bb>m|{pUFHudvFVcAESD|I3pD zb9;&wMD2E0&DM|OyPCD$^sRgEy~ZB{oj^XS=i6J)x{eH_J7`XpYlHUDMk5fQqApnj zVMId-YYTCFbhDj_o=^&Mcd%&~wO$(|1V%)A6I2iSI@IcV~-N2ybc2)1y zAD4SfD?9d&I^pKA6S=_3DBY_2;-6eacj zpV}Bu*1B2m0HTh(L7J0Qz_${o7!#sWgMEGNN*ufC{@Y0in{tp6w5g?NW3Z>45uuHQ zaCq6S(B^C1!I-vm&ny6h?6?B31duc`=(e1$V3fC~v|$dMwhaJE7$}E2V$DZl+~mp&$Kcf;E*s->NcQ~F>`;TRjcSxB`;y!=X8(iI@`Kfj|bwQUb?g= z5(*jipOFXCBut}v43)eHVh`)6hn9I~IrXaB|b>5T;FK!X(lK);fRf5A5&njuO?tJSsLDJVg}{&XhKT7cX&aF9zsH zALyan$!ydHZ3G=uvUcFP$tfFthR50^p?tNHHc;{2J7JKT%FS)ws9hxiUXI4EXtXxTK61R7&_EAvIfT zb65eKehvZ-5`sLtocy7A z+_sm1oBR1P}+PO#8xE@7?h*QwQmR5-MU|e1` zrzh_FL*9S`@Rg+*M9m3{LJ}B|jV|V9Cwhln~O6Yv-JMTe^@sCLR*8@VoxeH;Sngw;(6a!I}@qy8fua>**>00 zLR3AgH$+xc94MJgQA)+eP&TyU(xLRcQ=%Mmy54-dUU#ZIq~AYTUY{R!2MK8l<$xW> zn)wl=TMDTyeiRuwt1vnc{5x5hT~62yB6Zb05R zdOXsX@HHaHps;xu0t~uU+ALA#hIWKaCR?$cfZSc6+VOwHmjMO~82LsXVpJQ86#cs7V+TR=**x89lSej3WEsH8T%mTKi#aiswhn;vY&5m7cDG*0k}@ z@Y$bmj++mI&y5J!f0VW}7C}RmbPBRKwvQ+~8lUG$bL!3M7u9WZMs-#Nuue5=h!?EH zAb{lr*=@P0|LA}s(OF-xB%dnbd(^rO8XM_Z^oS2x^BrM-lP=b+Np%NmA}75=aobx) zkpS(Rj1}0mfLES253n&d_WuTxK5;rB@F}|izdg!I zhssNp9)b=#r`{7-*9c@rwXX%VP^zC~OhR_0<{2k|Cvt2&HgT2NELX(tK2pmGI+mw5 zO2#}Wf_kcl`b8)f3NIomuY}7|m?uIl#;?>|{bwSe6RUxub+OO<&^McAI1L;p4q$M< zu=JG7rfpq}=>RCSV9nyFwy132(jlRJjQbcAV%53Lpq=`O%Xy0!%bYrHIV=Ag|2_e(|v_(m~Pu=f9<>&xSz+W-I0%ot1d%D#=AtTVD@n^G7QX|sjQ z2wAd3$Z}Ly_AP7HTeh-<5GAIv6GhoYge2M5EWh`3yWjh{%kQ82xQ}L>Gv}Q5dB0!p z*K@$?{3uD;xfnC!Fe6+oYFsA$D_`+kc!JQd?(o zO9-rHeg(F`ice&#jh0b_o|q@ma1JzQdbOyYyP7FFd`6u)Ol!HX#?!t&C`=dstv1tW(=2Gym&xtqk`*}yAV*so z4Ntf>T8G`Q=I@bjDupH|vwf@@>0`qFe)2nqZ3osiDU+bzp^{u=mHqgi(AZDK@r(u? z!57hK;9*5hmb%dSI}=9EOeayP)o)x>JvKb~J3s*P4!{THk9o6Us2vu8+mTviLJ$+jNIw7&P~eBQ=bm$4xzk8H(7Sw(+u_pr_5iDTRreMc^B5 zdPBw}F4QL&h7HCKygjt$m2*NlQ3YIyMN;V|(i=e6?2w!;88(!7)om?%M8Q)@;^H8t_LYQ1qL9GQcgmp;o>Q zy6bzid%FnCLdcMD1tQHcY<|aezcfg)mwzF`i*-RtYu95QVH;df0`Ft?JR)4UX4^X*dy! zmz>9Hn#@m)_MHFksVDPh4no&w#=64cv|MBA@bwsuH9!#*oV?&GnRz=0FJYC9;zNFc zJXDf7HsC|q$G#n)HHI#~e{`<>2lDs=P5?sCMgR>K2OMJfYIv zA%lcxr5H+~NYt}9w(~U}b~JntevBbI%vp8JIw7`^*#-^%u!XZF0i^@62m7W+aEfOw zMo7yx(fCjg9y}P|WObKGP3|Meni;lrZTWcrYRLm5+Y}IpCuU18L6n7j<9=)6MW`;! zP<)Zbcv6#LJ3PI7N|ALF)q?PA>1?)vd;T=HxhiOto?z_ zWGA{`jL2yCIrEi$FBR72Bv$jgB%WuT??(nZRXiy32b&vK8(8`cl7wPqdwJG*nuBvA zgS#SQZczD{mXiqe$&1QsnJ4euii{JGbK}h#x6-?lqdscdGu%uVJDJvSM?e6I4i4XF z*rACP71p3*{J&A+_W1HM4o;eYMdzuSrh6?iua&qs#yhIHgvWUFP7Yb}q~@rvZyZII zecEJCeewSlAv6lL$4BO^NDJd><%WW7@YGffp0e_Bnh5miXSm4nG>9AHm@q~4Z9yp0 z@UYc06feXFGh6M72QXu(SrADiTsE|Dvq&X-pK-8BHY8Sp+D}3vVR4*oYtr~{T4Xe5 z=wtX$xx#DcXj!wU8&wuX?#i)1UCm+)G;N${TPOuCC3PU(Rdm!jgZwV@q+0O4&WDBl zImTi=zX)h?N)7nojc~0g%;i$4%n&<^j4z)t^%y#oO2y+8tlXqM45BbEUDYZdh7>E_ zY%HLCsQgiuVuF$|jcJqn7<*u@wuwK+Al@mIe)^7G`1K>|r%I%@g_h$Y`z6dG5Jj*d zf*?$cSHus8iE8d2UFn~m;&~f4f0u|*=@D~^6rd_)SIGy9a2@|fau+=DMe4Cv`t6)Z znriM`3&%Us4J0Lz-SW$uN0IAR`>QW6Cwnm$$(=7sIagr(ayr8sx)+Jkx*K~iE0nJ6 z)J^kV?sbNVm<^DG)QDHyy_^x}k}~S?d{~%lzD?6z7H!(ss^QkEZ(sbDxlW;KFYCp+ zfA1sx^~ycivo2$O;^FeAT7hD}t{Yq5zFuGVz5vYCE)M3&zE-NZl-3A`7I0!w;fRi# z1=&Joty~8ab8i-WX1IA1Ir6#G^!B135}BxJp9Wz&H*^5N0o170v2lx8V$+9)noF*puQ- zn$K3GQXLw!ums@Q$@I073Sr#B{jNhPBddz=wq!ya#A>#YI`E&>Qr72L0<0>V^rmy zOfGWKSQ~B?!?Xt(4f`>Tqj1if4b*-pflOK^~47! zK<+DuV{B2MyhE2#q}>FWUbvl8ff}=pRCFP!IhGt)b+lPbM5o{81(pKB`O_P$=EfgVp*;rg zPHeXnwMbqkF`)vaq8`ScmCU`JW9|fUzd^t$_>bOJL~sraVK}?y89bLWWpJ&ulb1DZ zsNWu);>kuCLoJth`rsV+pzGHxk2XoJL+%q<&!D5EqsWl(N9g408s=Dx)ZMkX)6}%t zjBu@f>_K_Xp*u(x$Th(r4Z)j05aYZSLKn(vxJ?X|laJVfHSp=wp3Nn+X8w_ zn<7yXJI-2z48y2>2y)BrglV~3@JBK}TW(1BZj?C?^(ci2XS4h8#3r~S zmY`Fuc&e(mO16k$ky8!ykd8XBu&1R#THE9+*b+OYs5OL`vZReG04qL3Y|2#_i%W}m z)K}&AwyfYvmxv3!NR<5!vXD~%*2Ic?#;!qcO${Oimy2t6uDw_@q4C1HMq=%3r-T-T zso#SWZeX7Z5!0)Bw8#pviB61mxI6G||E@uM7lokU_Xq)m7hY$aCy#LzbA>g&Nr52s zkY6NMcCf`fC#XYlkjyPI^n`)18LisNEC|O{1aHmISe*4_awlGtzZ%Lmt)SFU@NxBF z+~$S(Bjn1^O7g0B(;Zc9zC}Y5Siws^r08PXv_grUKl?&JW2*QM~ zFDV z-u7!Tjbgw>3o68|o#26N%3QAGmOZFn>^O;`4?tgmn&4-()VCq};4`EOR{AaagMz~B zDSBG+&BSs#)fi1w@}Z+9$ItU(CkE0G1cX9yT(H(+Px9 z>J4m2R414r>~>K(DLoD8ex@;HlTr)Ofu4pn>2S`6LHY&TbgucO-okAk*dzERJUG6c zce3KQP2Hlf1B-d}4atfxy-Op}I}@CE!P)4_{R?r1c14ZBD2?|Zzjol0top7!H7@a?>IbEkDy?vzm#fWb#BS<(urYdVE!(AImD zU~NI^K6k$VdpxcnhCvP_s>@YjL@oBUATSc)bB9_}CaJZC&LgQM zZWVRGF%@*Q$Ipw#Mte*Q+#y3a4#`_{M;vLqpovgA?ASmCD{4$aULx~h>n3~&M=sz& zrMH?#b>LyqGEpAJF9b0`_~vr>P;63j^e%f=4Z%9NoK&!17$Z>{>5WPYm6<#sbzB{x zTsC(l-N3poD265J52)B$G3a%z4y9B?a>{Bp~{OQA6M8mjt6lvcZvr# zIx9}0vqO{+HJn;iapQy`uA*Or@shi+v4? zQum51Y}y+%-%G`;Hay_0sQzVne5? zJu?u)xKq4cmh@kE=S2B=UsuLe$?w?~j*eSK2|RjhZ+mv`nTW_aeM!NGlp#>rOBoF8 z@l_UjehwcVee(%`?X`Ck*6)hv2ec>IeJS-DtT?>&%&BKv;E7HQVUz8vlhw1squ;K! zZ^F0cmZx$@h)p@Sq%NFSud~}+dXEEYv7zfWjo|{BA8Pzhe3%I9DnZkCcg_>f6z_hq zZjXUh9VQZgEC%>rsmvd|vDM{+JRRM>kvRV1>Z{u!G5K1&z@9}dz_nVicy4sBy7KXM z-N$D~2Ft?~v0C?PuGfB4&~@wz76`(hc9c$OzrikZg=0=5X@2w4>yM2Q%jQK@Nz00l zUu~+ojy~2XIjyC*+u=2Cc~$29v!riU)$-a#(S_b~NO(R)SxYe{%gwO&=D+91L0Lh^ zI;^Ib{_N~dh8o|K_2;@V`aE*#%5y&UpWP)#*Xv@|NxP@&C)O&Szpm7>*jepOBu@MY zN?8Ao!YnM6@a$PE-(jyd?2RCs&G7f?u9k!K{+qv!Zm~cZr|SQI>D(p=ILI0(2t8>7kz>RA1Y^pi0i5IiLfXM7q$dQW z#$E$hi6gL=eVCg&S=#l~Whkj`cWbr+NLG}RYd{CE0ys8R0JR6PyJ>1_sshM$ga>`@ ze*xZCH9HL_By&$u;g0}mi{Qh*emZ;n6>xi2=9vk>iSzY)fqttWE?8(d_m{2!c&75E zA^CH)`$TuMKv4Qi+tWaIqBs9y-D(hkD}l_Mlf!*hH)K|4dc+wyuX^T;JT+B70AY}0Qb0j;H#wuTrEZT)P3Y{o$Ume*bTp# z+~lR}z^O~m9Ozp$GbcWR?3M~(0;aU?0w_&0z+Ua-)!Id!#(6{;&=}hu0Xcu&+RPdW znSom~=ezDHO4&zx+}iz(!%FY^h}VT(-WELzM{&p-xPTW=sxOdHGr&sDu{r=CdMz#w zhSlb46*7FMQdKX%3&}G(sVFF!?fb32>`rBxQhLDJKyjIFLkW2Ln`(oE+UJ1%3B2A; zKk?5^xWWwo9QS`;%3PFV6C(9Hh0|DR*MZ_DPwjiPFi^CrXm|5~DP?E2e%C3afRuC| z$S+dk33S!Mh5P$Afd5$zFtx=pa^Z3+HSvcA(%8n&iZf10w?hfO(L zyOl6fFl&n0K`iQs$8w#OD!EhgOy1`$;n^f_HU-rI+iLLEa)q$ZVyu8mp_69j5_pT& z7+in^E%3MoDNpCTES3?G0&v!kN2vXQ3sjD4O<}^7uK&J3Q4oiT9PwNE5_jn%a3BQL z=&Ki-Q)vU_`u-zTw1oEieCl!sFdK~=)}Oneu=UZPppe`IMojHo)sV+|vAj+o)z^yR zRmIus0lk~DJqdXZkmbzBWV%jIZs%wE9lCX{ld+oacy0#iitX1eAe{2hg5%Xk55y%B zcqElOlAZz^)M9{dm6x56>moIR#OU)NCe{8i7+fb$o~#MNTUQB)-Acf9YOD_*cI?g( zw$&YVlnZ!V74;oh%`dGrDvw+{(|N?}`NiC`H)wKnmnjqY-{wUSYF#YpdPIOxBr4L- zMlv<7mS(%G*coqDB1%!cA=HAjE*_y*>{rJDD2&Y~7~mEJK|eX?sG zG>=V4`#~N6@UP}NBh-;p-w-Z63^solgQAusMw^bZid-=M?||46^7PYTkM>JtQcl32 zkgFD%+8T|fk^&dRB44q=&^`WRBY5A?bE$tdEU>I_jG?Y89<}^6HLVv`sUpj8yQv24 zZu>I?`FGo8~4(Gwf0o>QM?E(b@GgirXA_1bJKY%rgI7*pXJ`ilqe6jvtH3#b$2t2O!Q z?aN1J+7-Ig?>>DL0J_oO-bI=)ts-x>V~MlYZIis2Z2QQ$E(sjX5IkV3vZWJpX!>nn z)w`&PP{FJ?8SbpI3|Wu?W7_sm$-9CGkm?#nQnwQBqq)-vf5&RKy#%=Azb|nysV&i; zn>ga7&R zpUe3Fj2e0ZrJ@)7*#`LID62ZDKUZ1uprItNq89Ddi01gTHytw{HDa`~36E zf8Bw<9r=GR|In`+O!+r(m;Wf0{`UKR-mva9S^_iQk+VI&PX71jvMYpfhY-`nS6KeT@6&7`_Ywu zW?3enr><_|Ondp`!dHLZ?LQv_+a<$wIye$2>Io0Egmo&zZX%Bs03@+u=SR&p{s+-Ks@l&O{)MCBhiF^ z;)Pdx@5Iy$xjcHqTz!+_|WGv)fbP4tPlq8#_fe|fGGpoMV z%KL&9;FJ5b^Df}FU|oZhFJk@ zn_XM@`9EHvUh_R$K}XeygA2Xez+7GM%ih-%rpT-_m~@(+-M&0tgnrtOT}XJ=<$3#c zV7)@1lxfdEncPDuz(8@3c?~eP@`1zcl;P_KtfgNQFIW+PhW$h!GbZhb*Ojf69wW~* zP$njWvL?y(`COI1bZQV-t!6;xhQZL&t6E>vG$~r~xh6o%*%)wDI`?QD_|y{syX+)* z&KhE|*LJrz9f7WwizGDW0ZMj?fNsc=pC}J>^yrbEA&J=ii@6y*`ceLF|k?zpnMDUxM;}|5e)l@d9RX z#ZzO@Zc0}_-ZS65p8p!*Fdewrzw<&TCu!9CBu!q&WP>nHe?4Gtqz;JDpj0e^XvQdPLiy$=Z>njuBuEC{Yh0tTVA48&Fv)qN9=f#f(Yf(3YraW93r3ZUvx z=7EFb1{-qaXw9W#4>`k@uZ5s2QqfyO@3`tE5$6Vchlzz~pspA3uDSv0Db1zJfU2f!@nhIogjN7_hG zjYehqqRo}fAhoG=nvX8}cdF)3$?OeJwm5gIwtJ{nf;-Z3rvmwkS;Z#Ufprbkt^9@!+})f8E(IC5&rESUoA1vUO%l1T!b&cp zQ!8Qh6#{PDM9ztQ$L)&RC$<2|YRcVCn)5Y~yeh>=k~4kXTSb#US07NGV&2J)`p}fo zF@h7h2vBR+Wzdt4_WAhe*BtY!bO75$O4Fbs1K+)L{yFKxT!7uHxY!ll`5>ZS$b&mo z-}PnsG^`g>UOY(q;}OM^JdxXvT=MtPqVb44*o(4LT?ltJF6TjnLsB>h0YfLsg;hhQ zkH=>as4?=CYl949kUcNT$8N~lMtl_Y8omt4VMHDyZaaUVhlSf?JG5>1 z<{rqr*H%Ng!FU@Ht}v1|P(rGp8UUwKE6BRD6qI}d!Et!q!9ZZmY|o;b^qI0r$pi#~ zVXf#~jnk)UtZ+ubNx-WkFyuCv^V%|~ZNec9mnin+Hv1Kte#60S6*SeR?5P>N?J9zh7?}g}91wb5lQmLH zE7Hnnd{9?sr0ilJ`T|z!<&Ab<$gKRdBM(>hq&tZ9HrYZ)<{CvZmLXf>gDJ6D(?yr3 zpk}a!D0IbLnK-rG9(%aTlbXywr(p53O!(JoM@6uBI_Tnh>P8mN8MgSU^ihS%;YIT! z8v{$%9GWxVdrWET@;#zO987o@b6qKK>zr$LXj^xla445LqBK zd$GePQ&2yv}ORT*X

OWf^dhF#2@ zBMkGzx8SE$@ZHeoNMZ$#4S^RLM2tv9Ns;fRG*nZo+w&rR$D5F` zTm>ECwjJvoS>_V}3`7Kkov18M{B}=CzS!C>45gz^(bm zeK^PYx?e@?LE7eZlAI9CHE@^oyUA7O9eQcu1FWXh*@aYuR*%}ToAfyOh$@tLJ6BS= z!3{W>d<4VerU=3y;~nWbQ0nCxE*g4m-p>$6f*&;4fW1PoSv;v&XprvOW$BiiRPp<@ zFxO=C_PH_WwW-{dp?46CNGNalUQAsF+6HQo_qE8zO^1(ngz@ayv;zmOW=QS92yEYU z)2H`V&ZPS!Z&UoU;3o}y#ynkw+?W;Bs;y$B?{<1^o<=Cn9-5yO^PffQuUgmdKEC^e zQ}peejIF5&=1#NBwR#+u&-{7V!4?6WK}7S;{3*w->p{f;Q#OT)nfQ*73TO_Z9pYc= ziV4NK4wTz*QLlX;Q3DsY*Ao8udB5vZ2ExF8Hd7^sx7oF;PVUb~00Iiq-F@;zTmV;~ zyuXc|rA4V4()l`_nvQ61;btgkE?dzm$00(<%H^Dr0{vzOG0}BzuXc*I$Ip2<3eTac zn!Ib`j`GA-Sju6U_1f6$?I=2JKm56IM!iY1tOlr{k5*)IvxL-G2f_@B2kw(~@j_j? z=r7$>`u9&ZM5Z)tr>XmTd_2TK)|cjVvSo<;25Q+(u!G!xqbV#9DK2@(elY%$LH!q+ zGKk&tl)I&)6p?kJ&C@LP2Dzu-Rk_@(J+`8^I$6+>d|}H(^6vScdk?Tp_+wl4>rM`y zdO9R(aCIK75kr-Gol%cQ%Q}^*cqE0%zgDF3n#xjY&JDE}>0OVXj>ygjUxX!L9ZMou2#D?;$f_7H9A`z8?NCI}?ruuxm2jm2u zu#tlAuDNR(M@e58q?UeA4?S&{eJ*V;j%@FbPAoFUiO+~H#Q7oePAq0RcLEeh45gDj zl(oB(?=QWGx@RKm@;h%8Cfen))CY?Y(B`nkd&`We*tR`Ua6HhA6nt37s>h8@c?dcgUyAw#NE1+#;GB+>*K-O8H>hN2Bl z{_gJGI7=7HRHyW=etGK@`wyTDD5`9F0S1O^$_Cvk+S)j zV~9tN^qYJ4(JY&^?|n7h8OTZ84my&5k^aK;vg92c;)ETZd;EsYG@xKBjG=7fB+YM! z;-zqy;B@#fB$*lnxX-O`nI+C0gxOVS9YmkU%{jE@d{!Am7@~?AeJeb{B+T^+VW>*I zp#m!P^hS`s{+^ZRYmSURlLN1Y-?c!2)ZZcfa>fCDZ;*kpx%qp#0hc>dY$-!ms5a?Q zx6xPXl@mM&f08DpOO(tUi-MZHOD6p!Bl_K}{EZlZi$xFjnU4pI%8#{*iMl#a(jtr+ zu@LnVmqn|Pt^Q6VkC)(>l=0I22-&u>A~9PA3>uEda^D{TIXDDh&ZEDZS>DPNHT}Uv z?Ct&(^=n_=4ttmT3sdvzss-0pL}4E)mcZ77oxadT8*xvmas0P1L86t@FlB2-Bv?GW zg@xjk-dtHaRq(H^gx;W)pd;Mf@4->38zNBZ&=)}*q9R<6+8Dbd{eHeHKix0(a03?p zaAn{Q;w3Ug@xGszl1E@geO#B*2cELxWHZyknAJ9wd%IPNc^|$~6#(ISw@BInT8mj; zvMATfIJEh}xA!*Bd}p4HEo<$qtsJ~4$F$lspPx>17=7@G#x+$7)Bk>Jq6HmiJqfL1 zBb8Ef+$y5>p}jXB{MfCRb)4?c^Ys`YrteWq{M;rSt?NNRKhwt2c45Vj z-<8iS&wp2Eh*rw-upV69cw0f73t`Yx{jA}r7~{uWbkz4_rI!n zaj5sy4c7<%y0!EK`a|}2o2v4Chej?w?*{Gt?lqU8?zP9g`E&H=^IV*iKil6zo<_y8 zKOInv_|@h3$22_nUC>d~nA>8WTDtLseE5X#eW-g$={W^N`rq^Y>ghN>znznacXSru zE=@2z4LhW)`**G<;`Gpec8q?tMSeAUy1f|*g~2A}+7n#y&^tGO_JIe;e;gR}i9qAS z@72+6oP^A)Zu4m3Kacej8jM}JeJkgLvH9)XN=tRCpAYo!&7EW22bki|-^^X5;6aqn z|J4EckLDG4^PBPN&DVfXX@=qrvo&kI_Xx}jPovDJsIE%JNGbE5*Lk*mL_{K*BV6H<)fNxqjXO`u`s zFS=1XZ}e?lU(!px;Yk%L3G~|kcccOO7522VT>-fI$_xL2!hMah|9MmXd1oHRzUS!z zH|#d$3I0_O{?VoT37OGR+J1lShkrsnCRf#ec2j>g{Qq9kpVj+1BJ}H2fBnG!ZP)!B z`~SHQIIB0PLqUJ$KE6;(>zg|vBO~JoisH@r#ct3>=mwqYZU71et?dHa2#lh#az22z z1lCmN%$~Ylq(Eiblg>j`G6MBrH??--!PWL83QkvVkj}&A@*t|B^2MWK&j-a$!JKY< zHm<#CPb;GzDqGk80`_`mnX%SY&SqO+BQ*3u@ym4PsFq??R8y9ULg()Q_?ukUS~ZvY zHyFBmQBYF(TmH$kBrCA16;`)x2(19v;(3)t(4ol%x)5azuxp+H?GOXd@6iJY*u}IV zU{BY5*k@s^*Uv|T*c3_W$1r#g3PEoHNY~@^_(f7CK%rLJq#l1>|6p4RnjI??TnIFj zNn;cYfwy6i$ETF*3{TW!*7<~j}LS1jDoqFQ8gHQ($nZ2*T0&7huj z;34O2aCpz>DG`;&GeGdE5oi)Q7JM5Yw#hh^sjeDx!#A_Yx?WS@iOtKKyc{5eqJA(& zq_^Z^n%JrI6bg{@7!7)r9c71Z9=1BuM@f2|mI<1%E}BoFS$QbY36fFIXXZm>;AA+x zslVv}gd@IDn!sG$moFjcu<@KwH&ayO+hBdhLdVGK|idjD$$RNrlc}pYlVOUFEnL4_x3+PK8;U6 zYUU0=LJE}Ox{6{}kEQH;u7Mbws#k|y$2_%nOP+skQ*NQCXs$K$T_dI%HgF~1R_f%7h#3d4j5eH-{f`-}Gxx zeUC`LyzA+Vx3IbnbbEWIFxEjNqWs;n=*uO^(`#n-8HpghIIw?v+)szkQaLoBa`T04 zW4L;jN|ItAi0+(na_g|bNG+FJIky^5E*r?!h*)2k@c%k_Or9!=8!aToO zMqB3hIZoI7F%XgdYu2R$&g=?wdT?tr)xBY#i6~WKXygf~gHkA}i?lP8YKLIVE|BsO z!ZoLNDd6k;Tky=6-}slmXK@+7fjbjS2kDltK(w#{#6n&Hjg`&;1B6?(s?i#6Y66}x z#xEc0eV0{F4UxgCs|66w6ooSg8qh3d6Py9<*7y4e!MA}Bv2Ex69(*8sUo3M0+@kbg z9=di3K8|NSTi) z)h|3`v`W;BJzfN&a}nZ6Nf&hdsOA^o6(JOVETc^gtQO z>Pd-hbT=p@)TS#1vam)xVKRNrCApDO#Ixz^4I*2>C(d={w^{U@q${GMHV6c7drqlO z_gME*l`)#OuO_F^Q3fL!T^Fgica`ov?)DgF~C-XE0!rmL` zNM-LcH4YJg9`qloW*5nofyMEtIS@yKa;^Rp!Z72&VGLN?KaSxgJB5ElZ>c14UV;z2 zrI$b+MoJ^d_cM5zEs2FDkYsZ`z*xABA$Vt`CK1vwFKnGn6?WM}iP0h=ee$i6*}Z z8oF)t0-EGi>CJ^s~*R+PSMf8bm)Ef1jWaXczip>8Vse`uzAj*@!n^lPH4~Y zvdeS(Q6<`o!VJB1Z)0YucAO4c;-*%jeChORzm>Opgow^&I=yh2ngZVEoW8{H1cNvCl@ z&{7|#UqBy(j3G$`EAMN2U{JH~?LJdP#eGH+b_ZlxJE9K_gX9s!=A)OiUuic4l8AFaCvmac9#0O8RIr3zu_@Mhy-tU4s(ZIckzII$Ao2B}6QN$8gO#k;3l{3_M zbScseQOlx*5g^}k7rYE%VVNDl36B2b*1<*#-a){m^mR# zgN=A2B(usTvWUKn9gnC8sP7lAy*p7e59`{n1t4y}vj$G25u{w)WwP*KYr2iI5C4?F z-bOR8f{j@0osCjHtQRz*%D=%$U4*rFiZXCkG^dXTUskm}sTSM}4B|RcLm<(qE6%s{ zGm6k(Q6HPk?dq_X6F43hx+ssF*E3J&Xu&D$8wC|b^r zdz0pPF{Pl1I~-9r+fyD}UVv{jq+rooiw}_Foi|`nVtcyya*9k+@b!)XB9N^#IUneJ zCRPQzzz*ukNy}l%L9L&uj^Ii@fC=oL>dRG$%sAdh)C4e_c*c0?Dyh4S4K~&a|449; zsf%50i%}RiE9yY?YPw&RdBUhx_IRbpa_c3tX{gf+`yKnz`P-?CqWTpwWFg!AMvRLv0gZY_H00%5L#q$VLu} z=w*9yDOjn3%Z9D%c2)-RW$X{C(nGFk`g<^E95y+|@k*O< zF72yOI(PKP2Jf0hhF*QZiS7x6_Zi2nK`Brzl-N=s6V2upGN;^nOxQ^l7P7rzMy4|k z*@z8ep9^zQmpW>KXImCJZrx%m)k~)?b}Po0y~~u!_Ut4pgsYT@UEO`az*Ah8gl+KM<1wNw6{I=^`xLe2{qapljyWqbW=C#Ni%j}YX%ZWm z=^UK6;&&(If?CJ2h#Ra&i~4i~9gF*$)|!jxnj(E)d&N7^cq(kYs$tcgQd^GQJ;UUA zuc~=jFT(aa>zP35)4SG!|K7M{8pj^=*`FFmelxyS;NFwL^A(D(W)-mb)}&NGK3+a1 zpUvoiV8FZ%b5<<>3|)m^T#>(-wg`2!6rn!4X(~^)BhOacj4ifc{=p=1BI}Tgh51Zs z4xSpqx}h=Dyl7)E-8>+pwycNik~`$c^h4w9L(CN@JmjH`r^2&OBD|1GC!UAVjeWD; zowUX|$TnvM8dJLVRal&Yh?GCwySvZ*^Ve9!OtC6DJ?O(Q{*{i@W4wE zNr>nZo`Rg>G}#0t<&!jVTAT0a7HJkZ1ZN%te!{hGg1B8Mv$2eI;n$h~g~P<#3gEfzh9~+GF^`yCm&oaAKD0o6$~FT|2k<|Gn*BNg45( zx_rcjfra*(LpkO6qrizz@BA;|n2_``WXmkBhO5 z-o1#H&p9u@?8gMXbayb!O}3)iPo8v zA*9_iN1%Zqi3>155yQxMcS|mh#c!vx8Do*;=JQDioi7I#CTo{F+slx*k?GL>6~@s0 z**84~Iyp9wdXmRXY{ZGQUr^pcgGO49?BY#07NiCZG@KFKZl$~eHY&h`g6#sSTG!b@ zd>S>>AD^lU6*WMrO^0!Zq>gqkCABu%E9oRz;7x1+9}+f(nWk~}VIU*k8)e{VBr|s5 zswH=DP6Ky8=Y7pB1M7jC$!m~Q1RSq~;u^S@>TZ)}`c?3JLk7deL4?0;rb1u?@4KtL zJUf?Ou+ZBc?>%G|&~Qh!%RW-kT~gbmEj+MHY*Q0=57Zz)mX$sv)FN*6zTNw2kw&kq z6SzaX_B(7(&Zpj4$=zl+-+74<(w?~Y7T^fxEL<;0EgmmyU9rvF#h?{#o?f`^aGzTw z%Il3H!^RtCn(){J`|lpoWdlXicI(*kIEj>e2;FR|3@fweouQvSj6XE{TTRC{ z$;qKajn_JzX0d~4d%V7_>n8iZ$(cqHdixF|zPk$xY*71;HK|TrR>MOu{`^6FybS-q zS5^#%g%Wi~xU_CLL#sZr8o_c(ZLWer4WWrR0P%qL^F#9{#E>nlJcAl+?0rmf>SiB9 zDQ~JWhoV*JTF6lWgXn5VDbDOflQ7F~hQ|g`*Y5LY^JODh2=zWj^#!O>NJUtUIh3r5 zkcLuW#2}Bw(o} zl)>mY;LtjV{;V^l-0ZH79ry2*oqVT@OBi5hS9~@iyMy4zY5DYu&vWtE4mn(GoHZ$% zuMpViKd+}>6dd*bXs-inya#_7b(^k51lQsRjH7TFddxG*h7qOv@UD|YAG$g1locaDuT_Df-UZ})4Q(D= z<16yBY68<)sKCt-f5ZwkZu^6PHzqa5x!;CZ@JDPek~wXV7`Cz3i)1m^wR(Oj>ORV8Qp#MW)7qX z^Vl6YFy7!a_?Mu0Tk(Aoh`ywt?|AvG>wwE+U(*2XhV)Qf- z4EmGqPNO;)$6R;GUf(7z`_F-FeQ0csOCmuFajyFR z?u!KTlX+d=Co?V}D==g9#&Fsi=`2zoJ^{ZFV!@!8OpmFtC=W;qxUmfAkb?!aLn?Yv zZ*!#EnDtn^JkDhC?2;MagJuD63JZ_}yP*W&qe^@%f?x9)zD`(TIFm(P+n|ei*x}u)9-j?@^n%O0ei`Pz5pE;p-(pzdLau>304Sx_t zK4Qa+wKX`8VI3;e={1A(+o-dla_C|M&loicO@ds4+sKCaQ_g&b0>PatVeX>0VpEK- zRxlf*^vhS*c}Ue}m`p8Lki7^AGs^ti?ZPXPYHNfUco3 zsh+jIe6!YP(i?~aKW|jiY@%s?-llJ#b`Qv?rd`9 zj`j_y2OgVUueIJ-IWv=M@tkDZQ+v(P{C)m)zu90KoUw(x-!=31KW5%fH}QBX4MqDd zcNhKmZg308R_@qyv$u(Bs!hGoD%#F+^53(Xw@8vP7z$xF+5wUddybMDdpi>**6mA^ zzPtP%Hi24ABZA$|r*i(s8hia?QG6fG9mq-*p>Ha-#ESD8}q{MZpZjM?K|LTo-F$? zRmDFjFnTCvbQwj3a~TMK`mX9QPMkv5{s&6sjV9C#1lW8{=uHfx>5I$bB?dxC{Nq7N7v6ZRjhU8+ZpRO z4Og+g?&-77imUV8sbmP>eb;Q?)sJ0OR+ow(XPnP3iC%YL_ks1Cw^EH*oK z@g=e(+LIaMKZx6bvm9B|GS>AOic+X<;@v z`Xy#)7oZnbPTc-RQ{OXB(D&3W<`(@BsJH*l($lY56IafY`X6my$LBYHLY_Z$P=9T* z!T?cwB|EqZWgIfQOKcPs{{-EOj<17@0{zsql0I>Uq5RXD=SZ#U&P|KeT z`(I$}9{?(V*iKzlp9hZf#THLxf$!Xrx#61S(s{s5jP;)Xm=U82%!Oauc}P#YeFq+b zF$U@mvmuN;OQT<2gP5BbgNrM{bz@ZxNBgtiJ#(SB<8Z6{xZTqV3Iqmn z=Sr@2=MWqLEqLZhm!<)T61Y-$hgl%=@|$~!6g6LOmD0W&s`l>-PS?m$XqflpFCBBu z|8>*;7w814J*wJ81_%h)XnH`4IrHAVd)>g=9oLbr;%@s4aDJArQyAP7sEEQK{R%M3 zt&NG8GoGHFnoljBx^kUDoE1=x5V==s;5~6fi z$c7?4^bCS>5Cz#;5Ok4IMu2>o}XLdR1YLDbW#9AiYhGtkhL8_ zD8>xH?2JHcRHxbR&KG`cPG{v)bZdZlE=AGiy~dA;O%8+R`pi3Bfs;VCrHYI%A8`SG zgSgMzAZyWM1VA@!1NqRIFqaa=kTb;o$bgmpqWgS zko>s0<7UjCB#?3D)IT{m1^DD&LZ~}UH-M_=89fc^=uZYl=c7T&4=v*lQj^^Ps+@H8 z)a4lG>#D-;r_NmwSEs2@Gujt(0w6eF7uIe1x=LJLdBE=4a^q#(*&EB>z&b#)=GtgN zg@d+FE>^e1fC?DCe+HGxve?lQw(TuwHk()1i^V@NTlhuGdrgAc1ywCj%$R&ioG&OU zu%o!;4KL4fhYUuMHs%UF?BHYLKCtRjCC(wFCqX|bwm-5#$_sbR$SfYp1Jm#gQfP0` zl}}6GGds?j zlXkuqR0}H2Rsb=EyMzXUtn8dl;K{BS^jD8WyBu22DEgQf{k<(V+PCUYp^f}OTG0b> zyln4_Eg0?qPLaCY!}=yhU~l$+nY6d;XpqWdou*Nx^B@R)3KOZyJnNJNEYVJwHCFd%}#>u`(pO4j3PWD}$O}1iJ^%<=X zVx6St1&phnog&XMfulgE`8Ml*m-PQ3M^=5X$*-O7fx6yzCoUgS-K_~lek~5i#MJJl z?C_yI@m0ATOxP4ikLe_u-MKLh(*N{{Hkx}b?a;jfNAEWSfQ`;R-q?5|o$Cp1zBe&0 zcM*N3{7nGt0Fs`{cK~v2yRs)aFH1e56|E6LPyj8Qf}E8!_uL1<$+gok9Z303uIDa+ z`j&JD_^jgZTuM4~ygc6H;|UuRfNKSa4Mw{undEHe%C^eo%++l~*1rl1ZtgCo3I^42 zL`sy>>UDb1M+=bEdhOud=>wo_t@uTXzPPw(<#-GfeS1#qR1gI<(!zHB^t}EcSx%H& z8tMc^+lqG22<`f1&CeO@d2YsG4?K1UqLkIRI9}vyn(9|jWGqK#ILdn?8>p=gya7{v zqL4wcyc}Hf;vfj%Kr}D~9XS(9#?F9o9s#@OjA+4*r6Tz#J zGXupWmCBbg{YADb%m0xooSSWu7;K~6@$tou)#$w4m#qiC040vM0(DbynM)t|M8JAF|8@Rk9gRMNFuG(^lT@LGe)#nwI2ii^EQ`Cl{3jNz)j7P`xQ` zEaUv8YoO0w6s^tImVkeLh`DSvLgHS@PiVR zP4epKvO3VDF-Qt^gU;YZ_W4(aI4hFL6gB9mp!m?xTYLS1_0>TK%3Jgcpf0mHi4*;b zTcfS<4r^bE9M<0d$!c#Xm|16yykbsV-+isk=?1E10w8*n=3J6x#n#F{5wWHJMRE-J zD4#)GNg2%27;(M3T-yJlG(cHcXVS+Y1!#ZrVAoTJ0KD!Lz-_5;DA-&)zpxew&n$m8 ztm4qEpT4E-3oqQpP5tv#jWf}5ztbaZS1tZ3dxVU|f07|UiDan2@4s9Eki`Eq7k?FL{(^t~tA+b_ zyZyJyPTbb^>xD{8e?e@|bsNk3EZ!UdU1nB+7#;B245DM`1}LH)U{oYp$Xvky`QHsG zgVhC0z@?3I)MYDB;-~RBG3%(eJ{|}My%2U+2p9$oJA}|cSjaFiPa$)RjSCMd!>-NI z`40gKPe)f*_(b+xqD3>3=KVoixxu$qJ)Od2$5YU8;p^&gg}dU~L4c<)94?kXMhd5Q;YoL`rLczeG4@JZ`YR_^J4 z*qG?OllA-70H!D#Jedq#q%W=RWhNV!!8_KMKv8)H1e1X@pyZIuz!}gSRT2W*CMKHu z3Y6OcSbH<)9|!uiVo&1aEkOAezzM*gzcwk`9Cmw2a|tqlC4nVn$kIVMURFW`h_H66 zH^5--D>4P8S-=Kfyk!*$P9ViTIf{os=?~+f`X2msu|l3ms4#5q)y}&PJXlJ*1lpR3 zU0Nv0b2+-Qz6NSVYXCUSJ*@gl&X*%oAhLQ7JWT5U7A`OrUOP!82qON?F>KudPF zMDq~uxz^L|g31&93^qggGc*B|>fL+}#Dc z4wHveIB7$DlsnlE;6wZ%CDnOK*a>j6Pk~~5-Ap9e;lr8RpcHWm;FI(~%h8+Dpp4KJ z10Zy%GwZ+^h+>D`x-8kIO#PtN@J!3iEUE%MP>Fs!XkVLFf~vWt z{FB_4h32({wC7Y=G985>o92+fL%9ur`O5~ig_263fQ@yO2G5q4b8OU3=dw9p2%M_8 zP(u_C99usyR|Q19xT-8!w85}}2M#M0-;`XIjf@F_%(j?8mV&$judh;~S2K ziEOlw5{qLJdf`Xzxc+88gbgc944kpreevHy9t>LGaXNvO<2Cw1;mjZTLNIg{OQm2}oG zkM0va`RogJj5`-jf8p`*^Wrtx;TP*e%g(6Nd=Bwm4w7DEEp)5IC4lOLm_uzXyBK>c z2AI5_)y4r#O>g6|%myLx;~yQNnp%3>Xg-Zgu;TVx6Njh_voOabHyTlzOfh8`5g-il zoBI3xQQsc0cLT0!<8r>|`>c108>Y&*=_>gyx8N>wxzMuEGUtW$>oeUBk-fs?KCUob z-{9I5&RPivRoXUh&;38L;~2O@X7yat zH0~U~`I7CxSd;RBCqOo`+JoV8?@xj?Ok(N+=v7q@)n5PrFk%GK+yX#S_MN@*g!bkf z!16lpG_$_G#I}CcB=ADXPJ8_$7#cBG2t300EFY@Qr4yLu-Ww%NBWBOc9kdzqxnFY_ zcCh$(koNK7z7WsAL!-hb_vzPZh1NhIAy{yr-HDswS$atnHb|-=YW6C(koRLP4fc6eq%JR@_Indo!=g2`u6oz=c*B1I%(Z;inS6 z01n9=T5`wUH2RINkM*^H$_jF8(zQdL4`$UOce8X{r)$5yk*`Mvy#ipiqsJe^&-5ph zUWwd$JE4^JrUa9zSJ88A@KS#^lHHl(i}Ei{U2HU%g_bMZvEjMYPWD4x{BielYL z=|#CB%Yr82wHsJJJ!&}fs9agH>$vgIF;EK^!`H!P!!ah`#G*do7~*RVNA)en3Ckv3t53U}Ub@uOvg5n%^auc*Rgrf68|kKH^XGYS3`Db9!S)~AA~ zQ2BAqiZASYV(ShxUY3oHuYd@c9y>`xihJc{}5t zQ|!0D0vn1^Z~F5-3d|U0Ml1Ogs-A964woHZxc!t8XweYq*^nZD0ZD+%kj&M5;6`U3KE7g6B&QjK(9I5;9=#0wrJ^fyb@XIa$tt zzM&VzY#Z2ahR7u*U1;K(<2PU#eP019gT>My>=neabQ(g+4ESLQr1xpGF$7jBR`kH5 zbx`Ny|BOTYe$ZKKg>LDa_SP}991aqh2Q@5Pj#UH}OMS~cRB<=d#i;p3MI+{2KxB}2Okfj-)Zvb9txV?7x(UYl(1e)GD>YSS= zre%G{CQWzJJ(%18!zh!g-WH3=gz%Dco3TLipF)?&=9}Nn-Kam;ci8{L`S?oOH&*$y zG2-S$9cPkfi>}=TOYlAUn@`{2IXh#Zu5@C5`{A3X{4Hm%GvH>9 z9!Q)yO58Wv5d{~io-H;NaXC2%d9Mv z1UUDU#U>$<@k_;Vriv$~o3tldjKf@%D!-w{T!OM`IG&l+(?#B5*Kyr6;KC*Be6xd> zrt+B(#|=}}!`wPB+5zp8EQ{sl!*QHw$sHs219=1vM!)kS?R?;+-msv^hKD||A$z!I2x-Ud zi1w@GbCf`L>o=bm#94!!X%Heci|>a{iZ9Y$J)}3y@dxHJVE-g9!3En4(VsyJCwpcB=;Wh{FHbp1N?9sZx z-0m`=9o>+t*rO)j#$qssnt2#EjaU0~*!}jiqfX9BZDOY9ug@%3Giu2_ zSkYotH4^_LD5c~Tqn5x-f8C}x{g}1t+Xu-!4F_{uza$nK<-3rt-Op~{$9;N?;ZS?& zSXKBX>xt7YSsnQdNL5vZp!9bC2@_zef6Yrv;qRx|7n~~ zsT|=2#G>|r{IJJ?h|<6V^|Tf5%HnCrFy*9F5{(cb1+zay8%XmWRAAC@s_oK*(<;-P z_u*81da9U_1{TL^vjkchvntj-UZu~bxk`Hk#=kOs(i1dq)P_|Z$TXn0F$&I3qvPf4 ziFUqhNpqj}1xz-C|H;lbG`!YBLEeG}N%^!hUssb?18%1%fj~{v_YnSZn(xuQI+gW4n zG~|O6>|&g})_LRw>Pug|JY?^uoz-Bcv07&6+Oha7LiL8~vHCM*gThVGV%Uuq6kXs! zg@N)-$_uU&YOV$fP(t#5?@xi+v5CT6?Y0 z`(4Vjg?xtTr|BgTl}F!jof+grb)UiZXeA|U}4<5C_2k9r)fT( zg#4SW6KoCF#WI%T#UjH;12*viopUeaw8+&Msz^WkAdF#roTY#n>~;K-*})h>7Gt3E z!DolsPQ^;;BwMc(?~}B;OgXLwv+Wf4qs?*qHLG0tM%FeIC!Q)xonUKY;v9Q;q#@Je z#`z)}pMzKb4a}_wD$=9lkFcr@c`=9_$-JdG!FGlwi8l8{R{pM@(=^9h=|*XIzL<-H zP7;0GH@V9+c0QnG2;^?G^Ps&4V+%Z6PqVn&lc$$hxfbCi7mbvK|cddOLyw<*#>?~(VG?&&h?!e?=BC1Epdve3vpNOCsVwx&o zXHLbI0rqtMlHf0gom%&S+V2RV@<7#+*rFyejWJSM_;IU`EP!Vu^LU_e;0{fVSx2SV zIB6LE6vLMmme|JKs?W?}N9$u}jf%CVwB=$;7!ju)3MrRO?b9^ofLp511_m!b{Gz6Q ztBA=tYL5^-Eln+~zW1Y#_?>Y6n_(nPrTU9aViy7&K#vw=6HzA_Q^KDSe6boTIA#rV zp4!v0^FFYzigI*Hl2_^_Y?EJ=1i9x+Wvl?8rYvt+gWxEy%kie@omwU#!gJ4&8KjTy zE@px_r=8x#53H)coEWm*e?`Un41Ea$3!95I>h?aG7!QuYUiAm^U8zF)#cmGlR!kiH z1^M3GX98oxae!CMzD@SBsCVPau3c>u8|8#TBkO!xO~A*Cl-{Eykf|(zJl@BRVSbzJ zWEKXv^sIdjd-l=7jy+)vf8jUKG+;fu9`3YTW%Z_V!?F6tnSY`5geZ^8*2cdk1abum zblqpi)o54;dSs=&)(lF6vAV9)?F_t3qg=7Hf0=gtHkR}H1v%?QcR$rD)6c?z%6zxR z(X4at$^JRmwCU}4J6T(A6Ej_u<#_y-PI& zFX+MegnpE+WoPlHoUA{yOQ&s}u8hRGYxu#;i{=Ctc-j(NJhHZ6Y#Eg-kK?d`**R$* z7wMmr?7Pm8wD&-SWwjaXP$2#Kxp0JDa>+iHhNLS1$^u}wNA`j;1HQ1x3Obuyh6-By zN3V5(-XOOvsh%)zetT?6kVu!r*kY+TdAKX4vT+GmmOOsVHBXeR)r!r8td0USWse=1 zq4ycOT>y59wV)xjvSYoA!4k$xS3>)KlFo{2uqno+RjwgH=%erBBVeH%7n|^@XBRu+ z3acASc>=%H#MX87es;9nKCg`r@Xao=X|MQIYrj*VO5d&_VZE0P%6NEpyY(HV+GfzO z1>FrnC$}wykG9BD^B%{M-c`0+ARAQu*2CSg5`nz^;!TOlhv5^uR_J&tmCqD31XaE> zeizPaN0G(2_Z?8PJsP-Uapz?oiO9`vwKlx;& z#S42+d~}`5{+uBT_aDyZT6y*ZJ#b{#xinD8)|>Wcs84~w0lMpSUW}R-IcNlynLHVb z=$m#tK8b7yOo~b0bL1>cWtz7$ZSRFpX&Rf$!k{qPwIROf!*aam`u?tqDy$5xyeCVZ z0|>CV7}_2HaW3zXjc~dBQTe(5^6{~YaF+8;p@4;;1b&zz}VSVW9(Oe z|DE|fsp1*yLyJA}Dp}}!aY(?*D~r-U8UQe#Rd9mW^S%=!_JdQ?qc3##fsvq>AJ`SA zqmpc~%sOgh=q$>K=6%jMro|b~a3GpROc}tv=B$-sT(kzKcvgzaDksEjX+DRt&poXH z0mAB|F~wy7i8^)+rK&+b&uE!yF<}s>JDqJ-)N%X!3W);r0utDFQVDCSc9uJmUhGH8 z)>q~13x_*pI_!>Afx|}AyiF`p>RI|$AIuLPc>Lm2Zb*0IIsLN-^e;d1y71g2)FqrvK~2Bt^3fyN z*B7=>0dJD&y07jy-hcPC({8&=vrgqxg7{cGLVW+Y6`qJ=nk2f5Ut9s%{tFR|b|hI6 zn}qfF0#V8~?&Ia_O0_N>1|zohts8jk_@^sUdf4Qs*n>h*C)z?{G!k)G>&2I-PD&ah zJ3_u^T0l@@|J5jCq2un~o*iNnS9G5Cw9Egv7_;C>pF^o4Oum~Y+)J?V97)h<*GW3_ zv}H26tt&Q~*UD(6DwS25kXs!N|BP=%qc6uS7^puE*JeE_VQ3WWjKY8+?ZFXoPOlLI zor)=y*7@gI2-U$qs=SXj{aQr<={IMCz3t?gS?BuM_(`|A#0V-*G&dS%@V z*D_zT&!!`ySX-0|X~As8{bkOp0@i0l|5vC&b~19psdMeFe~=)LLsLCv?M&SRzX%eE z#35CeL-Mw*=}<9{+VUrJZx!Uv%;cHJN^OPP>_RW7DI1~6KR358+@r6j+?A@c0K>9< ziAcvx6U2y0xtrx#WO)K6-Y<A>r%D_?(FVX5xk^ zb>Z6Pjm{oBd;s0cXvr-_JoVL_s_ z)1;;#Am9pWm4X_tOC+(q+@iLqU`e%|Yhqg_SNt;xm@taUldD_o$=?)t98j5`3oUr1 zBo1rQz*GSPt5!Kl6L@I-L`siDrX z>NUr(yM^;by;fv<zHA%LJa#vt$ zV_AQTx_+t-T`03v+oGZ;;Z|GP@U@PS(-@&6ap8)DMD!6D?7|gTwAV&RHlMLhMhUs! zO~$FXgNpnV@(s8A1e+=uTAnIB@C?0Wi+v!5a?kQuwxExHO+^a5vfy`B!iHA>n!NI_ z3pp6KN=%&xMQrKnnk%ja?LCYtK@PWO=Jd2V6fd|9mJt?=uyfNh7JZ|=6?5$qxDb2} zaL~`Im~*YjyNw1W-Ch2+v|8al_&GDNoL~3UL1j7*B-TDH2ewA!##^n{>1?jTYA`TN)kS!ARW#t)7I z5^3UUc~ewa;)_e65cGwErnc6f>ZZp6FH~Mn^qBq{MObj-%B!&)==JfO{o+$N5#2xd zb>kYfRMXM+WDG4VP;(D=j4Ls^x4pd`bIsQFga8Z{l6^veJLXZgt*z~5f%uQ5epHJl z`YLz?3F6)Oelv4ygOmA=p(AUN3}ZI+bL!?zwS zx$aeaJ9s&;16ni}uBiA(gVzOq^T+>yI}b-97bzgI(F7nmVU(4J!=TZx8JAV#qoc?@ zw%}&qcfS89G&1-c0~$(-gtJPVgjl|PK;X|Xzz^hw!~oN9#ahNaE0E9<19TXG#7@By zkRCb>sbFz{iTE(Ud~HpKfD%%-1TqBd^qjGaof`x|i7T}I+ zwE{Ufe!yjY0CFic9u<5aMrbzJ4PXp`nq(OctxS-Vvj^PXfFWEQN~8Dy4)u#iYL}YW zvp_0M3{dV6HbCWlvm8F{Fvz(qvaO+$d_gUdIv|;_0*y`i9^0Oo>w0=V4crHZg@6ks zuESM+vq218A$La*c3Fi^pd+uCeb*D&wIRe4CRY_K<+OKBsSeYUo&b1sS54z4ty1$jc(O{0dY2irn^~b#xhtu zU`~Dp*e*T+2naI0~1{S5q4#y52bz(na*)F4R4N$fVetQcbT{usuQksBP>|T!6 z;0oo_PPhOV^V_0dv6?xFSUHS{TC{;zM!nh&mLnvh)xdhYa3%W40WGy|rnO+a;!6p- zDJJA%uq?NWyc8rOycKzfg_K^L@L)@y`z z2iPT7!Onv24{bl{sESYLOz?!%d7^x_28a8F-d9GV518QQ?;X4WsYfWtNjK3kDZXj) z2k8KlNLWV?cEaHvG36=i8Hmo&TUpQCP4a_%hOtaxP|Dhkdqg~1v|p-rJVx8{(|a`> z5^;6r(NV!x{oG&%CJ~L8&6UD{6$7#Dt$GO>0@%IZA68|ZDMR9-IoLaVu7LeVS_A+r zJtXb9q*8*!?{3VMCk_%%bxt>XAYKlEdgcbelWq`6Zr>QkLvRwO9bJrR2;U*a*Yh9@ z%?z@k0>>pY6%r3hVjVJ8Wfty&b*Ba)@pg5*A%kRI6Ud>q&9v}bMgv5j57<1Ee}BWP z!FZ5|kZ=Wgt3$jR;Vk+EG~}-HOlqJN^F^W88T)1Qf&c^spWyT-#Myz9tcFBLXclN$ z5C!(?>-_}?;ZIPaeUuEkU?xTlgH{EAh*AUJk!loqwZkc9#H&XKCnsJ2+9St{-Fkoj zkjVnb=@L@Jvz5Vm5(61Xk1c=#eXZQ>ZPqUcL?w`L-{m5BhhQCg1w#q5%1t})ag=x20gQGewsF$eT}XwHgKHnzkOaBWyHGJg#9 zRZ}DUj_3H$PXLBU=EGl6dAg8a54AxO_qDufx zk{G45MIk~;bp_S=kjwYfF=5k^&VFE#*ZBbOH>ITew`qq(_cCS3lmIkLgIF`iVY_s1 zL$A33?^3AM1(5eft||bTkOi`-O8}~nkFua|pwvJxNWTsUOOXb)m3|$PItk2?=<>Uu z7x9Hg#>X?p%DPP*U<0ZFM6>qw8h|Rt&b~#91T7`oWqi%3U?NPp98$!*K;QO90A&0c833_0R{$Jc8xb-*_REe2<^qJoG`{mx z`f+cwLcvVY;8(z4`pw28zay%jaCp!RNT*+M?7R`LVPV_SHV7VdR2E>v+df4j2FWKJ z0Mx}2(0=1Qj|pAB9N9Vx(#xTVtUHMIou!Ey>JUW~u1Nd<3Ya%V_Me^|l9t$Ey90u8 z%aG-XB#G0uv!dutrU*xZo*gugVYN$hSC=Dr%oX09(*$^|HA3xc zWjj<8n4%f~XfK1hgz3z9#@vUTcdjD6*FpNFl%wcIL^iu``i$?UUj(Ap9;q0G$|uzT zY^Sh>4`5k(JL9L~sNQW}>l=TnYSmF0&pj!<4H-IbcYT9b4#b*2~1E1^lgL53^4- zO^&U=kXmv?cEHD-KE6rrcZRIZ%Dx$3;64LSwQx_EJuKUMx;GTy0UTHEMQhBs&Q?N} z%`cJT^=fkz0jyB>L6`D)o&&Ey)6{Ps7jDrPr@%7-AQ7q-OkGj_%p(b2dy9uKTCuq3 zwAIawKg!s&BzDSYwkdl*Va=FOc!7T?U$PTd)?ORj8qs-V(c%PM^xCq6#PD0P) z0${Cvh#JTm13)N~bN0yB03I~|FftqTPCAW_50bShY0t8B+J2a1uprWaiHxgl>w)3D zFA?pBDRvz^=VXp)5xsHPtC%ps!kXfSZ+h=D1^;2J^;a@_A$HuPFMJt}M8sLH$R}Jw zIDW2a!cWxbN&R74&mrS#y8F&Ggm4FA*k{d@B|#OHD8qJx1>5!6-n<@l9tZljiUVT7 z)?7ixo`|?9V4<44cS3y&S;%?+PxHa*-Elcx z9WAN0ooSWw?S^#|I#gpqC9xKGB~}5S{cRn6xAv<#Z7#KD?U9hZW;5A3S_Zhyq?9wnoIl3!rBaopvPP>6C1NHB zyIN~H?dAqbu^~K>Uv7d|k(3kb0-))kL1D*4d@)$OgYyhv)f_WMWqek-ZCvrDp%R!A z0TE6y1q8nzK+gJE(J%Bexn3KWo)%jKt3ohZI5XhOn_K$juEQRC`W<

n2n4e38qD2jhB zQAotLX7St!r}mbr0?n#bDJ|mW+K6XireVr|%K8ThIhq|j97Nv~DV+?(Ng9D(C*|rhQ*#E1C`%4tTTX8mSON5WdId6%4HI)*I)>)V^#c$6f3m4Q;3 zQQULK3|;xOkPnUp{+d9cT$X*uH4CSV1Q|WF$-W$tF(Ix|%E;f$sg4;`BMIL6{KH`T z5n7{;BG_-JH-v{HvK=2>`lm$$jHTK0E}%07?g;i*paR6?)PV5XNZpl9n~CaG8Pudcvj^UF^RFM_epg;3mq#2FnjpFX8%ONZXLU!kmsR9NkIDSP_fb#*4A72C88nP=PulScM`TdOV zR^?w7>d#C53ig1T{Ett8?D*gB`p>_Ajbb}g^tVACfZ|5r`2X+>y-cltGrhk*=ufxe z`;UIV?O)dUe?O&>{YMPz=P5s9TEG4Me;YWYIHBYFwEcCj|L1c-af-iOq5tKW{|Ao+ zf^I(+!H)_4=ik4N8yL^qZ{x49-rpYiuWNsN{e8#%eCi+W-2d;ML1il1Yvd0jOAtAP z!C>%e1gY*kG+EG_0df92yy+5dNFnp$9WdCam5klI-(N4RTdzJkyRe3>&8TKK47OO5 zYC*!B_|1z1{v`MIX8x|PfjkNM%?+f5LaD!^t}rMj`tEMx zU;ft@;M(s$2Ce|7eE%gVDER9OD8T#uR(}Ny>k;&@6(!fku+eWGLSC1lS_5Qlzxn@d`+f=trd_Tc> zh&q`zsdCHERC&5`Qkih04@=NTH+jdeP0cq?TpcOz$40bnlso@<846(j_2`)tP2)&z zGcL~w;YSDWc0Q6H&S?@gR%F{6S^ugsP%t(mJ)(S3ncxAWy^7)4Df#Hn&ngG$pF+Mlhl)sH!WhvV0>m!ed z4kR{HP~-8QOt>k^t>18@POY$(t1Us{*V#+-2eeeaMSCHHOe;=RMWjug>W;cC>9E$i zvF3>LH=T&9{%a&MAXxk{D!UL>b*hRnKz)(2tBNs`wNS|P6nI6ymc~@s0WAxJ_bo5h zlQGB=P4XoK{Cf!Vmw1Ez1|jtCxhJ)4nel5wgBZfkmjJRL)nVBY@QBQEpA)O7n~s!x z9Jc7~cU`tUt`k$MY+6i{XN2YV`O7^RD&=lcev?Z;8$H8zC5}bSy?|ERUkl0ABHAme z&maqvjS#~=w-LiF^;@;X?Q~x|9EP20T_{YJE%(?k_`Zy{FAK>Y)Z=yW`0OdR@~4ga zpoK+PmPp1y6}KfH4)2fQ6|Mxz*kj!uOMFvQoYUa_74P|(pJ?R3X9iFjtU2>Z0T*9?}Zq|RZ_Y1Wq=b0LgSXg7@y3D2^(^-qe zHUBn0VBdO$X>|AaDzWQz8XpTtF5)#dRd}_dBb{9ZtSqJMp5;S2Yi=r152&PgANS2v zG0)XvA5y#wb}BKk89`@$DpO`U!wCDXm8w_ijB`?=JY&V>_AW7rJjxP9$jdVY2)wAR zP_*qZ;X}4(sCO^tMD{#u z%T2U;e?Dxiva$_ZDl-x~B`O?NkY(3Ak5^(@^U>V=V#QKUNOb<%o3Ce?a5UAFK-uV-QEH7=`<#dom*FGNBMWIFQ{(X$l` zd5uLrUll%4o4)?GB7g*{!tpqeU3)aFw#s_OW|427Ei_b$tu)$*Q5$jYO`p;62U2b= z=iO)vJA^hQl;a z9G=Xz*Pcy2kGEK3RVm!j3*7FF@q<|sc%i6=8Rmy1%#DvJxn&&2xDxCuS0`g^78=r{ zP{&;8QJ1|qsUD`%wz{}VyC0Gkl3`HfFd-rvZ@zU-k=jl0Shfq!KsV9M<)~2wGlgj+ z_3{RbG5HmQ1i2-0@m{`{0 zqI<9SjZ}2!+U(Rb-94YpAC<7evqjYfR6Bh7_JG+4v(=hv*Svc;BXmI$@te5Y{!Kq# z9R(SrBywad^veb%=k%7JUqs7|mEaz@V80;s4wh++1F;2{3Ya~QvDmhRA!+$N?s{Zf zm;a@{)UJG2{J+ax6)!qyKS7t&K-Sc6zYdFDK72$Al=w$$lB0R1F8%#x<;j{=xAna^ zrIqd|&)s@QJm0eRdS;PzsrB4{oEM~7b>f(a@ezO5G&U8N)xb&8aY{A;wZbYD~Y z?!a%Vf?qjC#NuFKElTzzX3dMEXES5HFK?}>oK60jmw_L#=e+QO1uCj7 zAqk|Uy%`%Q}mA8yHA_>Zz z!>a`q^Di{8Bxd~SL)K@2c!z0SID55;-AyRWM$mBmDf>?YW^5mK4DuPz)XSL|6w1e4 zQNc;~(mJtsQf~R(Y5KjI*xeCIl9HV(aM1b9C#Vzcp>pwS{Fof0V=+9M&)FW#Z^osaC?c2>VODG{z)o!HCLnR%W;?fSx}UFhn4V{9`g)b+PIw@^nCABx zmgWL__BWdbQY}9gz_wTgtL3{U{_ZV-mGMgx|MlIrH~RBB;7WkAeyHy+n>o)eAv%odSG=4O)*rD3r8X3!RqIev?} zL@?dHsaI-9w#8<@KlWiY2banQ&b?6=LyeU!N%mh!-DoUala)hK-e%RpL$XZ>RoR{v zp$-xmp?N*FahIn4DP8PEp5fr%Q^jPIt!-t3}NV(+!ap8`L|8Q;B`s9DG#73vuTrf(NR2#fieG!$ndf5JKdcui>St3JMO~pz=4dn(-c=Dmp?Wso za}QpFmQE%DX{fl~uQB$mPPvNk@E91bJuofbATAYB79uoSx8{>bl)aHBAcuJP*oi4! zjNGZ|J~!sXHI|xz=Vs*QpofyfCumMujgAk_M^;uVhCtwW}UEK|~e&#QK|I5-lI)bpozSJiYOhP}-!b7-bw<$81ugmYP+hB7085 z-G=f#Ni~_9gfII>R%0{ahnq8fMyA)-=inSyP$P8vUD+^S5L<`Dh`aiEq8wN;8=t-{ z!7&Q5`<3%=NIG}tDQ+$Cmpw8wOqZ64s#jcH_Z-U}z-!D^;Wg5$T(J0RF8CJ7;-T8> ztj^PDe`Bn!yKR`rr-1sTed^s#Ni_jm=xc>p z1fQI1=560Jq(#vNN^IUywKM8e^|`iB6)Wszq81pH0Plr;BQh8a80Deb4aTTXR<2>X z>4kZIbKZ?-%U)?3pPQ=LxiplYXgOVCHx`;>+kn;6VSvHD2))n^cmdYMAx-LSMzH6- z21BwDO5KNbU2E03=f33W&A!DX$UTw>9uCou)%M9p3PoAgB1bzuy%>(?qm;^TJz|mf zJIBZ&Dg7WaiG_}Sw%($0L33>2i!|j306DvE0Nr3O|z7G-MokW!Ndx7iW*=s(o%Jnz zgJlYEzFvU!B?{kFpV{l%q`c8D8ZC__jBH4K8TH@txs3I=>WqSuyd|B7igwt#Z;N*@ zgI@}G9Ju62V6KcJxjO0-a_&)E>!`P`ahs8rz)E7Pp1V;^Sn`)ykkU%^j&wi#;=)=R zebbbkIR~f6?BVkd^@KF;OaNeu{1?S4@vLvV`7@2)1BB1l=T2K+yw_s05MkO@r=5MCz%si zAfQ5YLg`EzoJV8Wcn zAMe6jf>(JnM}Vu`pNkIw;^-sdL)Q{md+gdn9hZm7{1-f`zR9l)G<;by7<H;yO%ZVHXvfE7wS)9#!6i=@iq(8;7|8T2*X1e@Z z#5u19vYOm7NM*l(L1tZiqeKQ`@&S8O{LFJhH}uB%iju^e0_8s!-|4gp z+?P3`r4gQXWKLlvk3ud!6#8&q<^c_^dv{2b@Q>vflIrdp#K4ebK0#_<;Sj%GVj3pV zPpN+&%V8dMozoh16aGj-n3asLMfA3b3ub2>sQb@7lU%oN_jug5&9Y6`4!`6*Q!c0x z!R4bFYd`$Lj&yw_qptIEm0Z+Gm)_;~EDEj{OXTY`D6SX-AP00s4ibr5#p1jfeivsB zU9Pr}e!}rI8Q@rGQlgiQs?)DW?xEsb`Q!TI->sxLX(a4Q(zsHvP)4`e%e$>ErzL7Q z4i1!KS|H{A>4|%D1v%v)Zb`Iie88i&Q*n<()Six>enafUyNBuKv`!hc>n&C$1>xBp zn=&zda;0YBsHHNGJwwy}k+Lsr7}@3AV+*uW>Qu1pVOCdhVuW3N6mwjjA2DQ5#H=tZ zD^j7lrT>m&@Eu&pCrTQ8i;_ebn9l4|_BEB`RgcWz;J-Ff7cpGUrbVp%*t4)F7&4K; zQGbV3OX80V?>prc+1gtbHO-?^UX#5!Y3kBe4x7q_1_NXY7tT|He)D#sF}zJmtKa*c z`g=uT=Qhvk#(*vIeGlI+iYbyj4jJ^adLL5zIXawzHvPcT$@3=e`sllFuyCy`>ogoa z^UAzyqBY5H(Eroh{;oqh#N4kz!A(u;p?5WiZ$&~m>&o;hmF??hT*K!RnZl_|&PVRe zo8@r0q-gk0IJgi~vO)d~D7!1?oK}<(I$eJAq2(jhTG5g!35AtwpLw1cEj%r19`VLT z1vr|TYn0E^wMuCcQ(m#Ere-2Owhl5mnnv<=7#!IG7F2?T9q6d$c7BaIw=f-tZ|jd2 ztGX2%32!U4I|$jq;E48mrQV&6^6Z+1Rf$OPOg&Fr71T(v^>gw+i?;t%JY%bbn+JeG zWjFffcfrkSVXzi5)xIPb55M+ZNhKD(AL`4b~vT>b% z7$N$JXjdn%ykB9geNC;~EnwlXEH+=eRlr3;*D&fjrwp?7q(--*u?$>7FM4o1JWPAN zJ?oZRZcU^jL8?v<+)VTvx&K}oAPqoS1fMSCiK4Gv97Ex%UKp7vDQ@1bcfdJa2OxxD zYBs@-v>C-BS9xKKv2KhTvem)y#!RhyVZp(U%$^u7*! zd;d!292zA0I_>Z-X$zsK~jUo9fDX2LGxkZcqspHvk-|XgQ1py?+P)0%rmo-`%W#IsJR^9h?E7q<@|Z{@A_>xbeS!7xL+$1M=6t ze+mH(?9WSn{qO&FH2?G8{q<{sn$s$a+oRbIVr_r=ZD9Y~A#7vle%|iq)BQgu4k zTn4WAF=4+(^S^!(P|D^1I_tllUdo?ju@(WJ_wbor9#+|X;paEbThYrob&4X8_xi;J zJwSW#=d%o2@D5KYFuZo}om^OZ1-DBdmV!J(Ulj(($%l@zj{rULw(pbhSpE5wCZkOk zjJJBXB6S|PmjW7z$bdxSRHgdarD}Qii?z~AZNs{h3-r(2kQ?>uD_o`6hbjepNl-Ky zI-J|0OV~6`(uSq>E6Var!TZ>?nB=n^N>ESi(r$MnQmG-`JtNoh&}7Ue^mm7;U3z$Vku z&oNK6ADVri8({p9Ahj(%@O6~xFHV^T*u|`r=JJ5snk0(bteiO&#mlB zW4$-q#W2E9F)@aOkTRATOV+Vu8Qa*mF*Dzfl6w7KzxmTV&hwn}oadbPc|Yf2^7kED z0{GnJk3jn(TpBx~(FB_BC;BM04+WZg>pa&5Nia7g(mf$0kJ+l=G@Hr4D}vq=p)bpVLg`NxELyFC@`)K4mQ`OH{mZ^?*l2 zR=xNKGmE%z0BfJNXG{oZ1AuufGDE2-NZ4nSit5;mcgxl%40+m&E82D;AKj{4eFqdA zCOg2P!@xLK$Ch3GkcDx2T!hNtB@?)FFDe z9O{h)&B1f_$Yi4fZG7 z;LS~WPw2ROAF@g+2-hDm9{6dhFN@r@_}MR5f-CE!2`M7rz6n2@SpEEKQelUfmwQO1_WnG8TzG&gUI&oZ}&l8NdRi_=CBAkJ~#%$UV7%nbyVeh!|LqBu=OYe&7=2^Me@zAm7 z%udJw2o&qY9HsT%l3J(Zmw2H~0|>~GS2cr$t*(Ual_}+waD{A&x03eyXSU>-xOqG> z-G%(lBKpkL3$8sdF2a0}$<-wH43+YRtAjf%90aKJKfsY{Mk27r;pmsXVlGT(kAJ5u zW^9g(yovXLg_50|5q6u~GK9qIeXpQRXXO2srgi*=&*?k9f1Em2XV!Cx*mSCOFYMI< zJKjaS?l*KueH7rPij)$~55R=H{pys=1@sk#^GR+0Vm!DL&bBiaA~371QA=Ni?0Fz(ExL1CW0G=a-M-z|^Xf0ESNM zGVOLZ@Rey7C#t06Tax9Q%A;wFsRb_v*)a~R)Ox=o_bFLzbzTms`ubq|x0w0`MI1w$ zS~YbfwOuVUUv}|oY>>bAzG`wuS%`_GuCE1#>^}k@MtQTGtHi?6aovYQsUZJpECfYwrtO|-En&C z;`Wckc;69K2E652w#xBU85AeVMmGXx$`LnIqgH)!W^JW1P7zY|wEH#P(s>6fIl^x| zagVt1q^U8fI!ybCw%}+@P{7mohxYQe`}RkYS~WbwOR0XUTg?k$I?nkYi!sBM-EHjL zzzKvH^|fLy%Jy2w=;{9tSMB9-1=NcAZ$DD=W9)3T3@?>tee7~7I_fB^B2O@l>NX#f7#>wzNYc~2V4hej_C;*o9)>SN>aF>~^HaIWviwNpC ze%a278(OpCsZEl@s>LJLE%&qkFupYz;QWaLz>5mE%-+Rv@-O1@c5@&0r)x(09k9=PB7mdNe`1)rtd;9Ed9aKNI{*stSx6*7gZ$3>_-KKvJd z(L+Cd4Uriq8Xr_SDm;X&9F&{w)BGvVZEHr<(59lET{XZPtFy&Xs50pkfzB-XBA@w{ z#-i4=@%&=y`FHCf6NMtw*h0Svrxvl8_TxRCu0MmDKLczETs1;M7 zotd>xt09y>KJX)|cOz;K2?pbKX8jA8bv;!yo*5XUv(*p~&sq*Dpet#S>vrmiVUW=@C4J-!hZ^082!AQ=Tu&_u~ZPdiRVMDu;9fy zTX-{$48x_8%*{HF#_*qRa-8hcB9JlYWmdC230R0ZR=`GNW2HoTY%{yo&%4eOGYEG(oWb4#2Lj1O|^+6-{Z@LIQ4-5vyQ50|PkePZ)9iPx>lg9ysBzlC16F^^YC ze0R?URynfdwRexVK$9Vo+LuxKx%X--pnLF z>|;-SCsdUYn-TnIt#y)q;O?L7LP7ARSpL>#Wt^%6q6Hd-Rxm|@uHmiOC6EM&OsXP= z#-GjZdA53ltvn`xwq*^u;=u{sC4wGD^sa80mQQ-&$CD&(Xkwxb=ki3UEq;LT}l_A{HQGcc@FVW_q5K{ z)Rrc-E`X*6q%b}b=i^&%X_1N)VHR)1v1xqBm>Guf@iO;dSk%sbkn^plk$sJKQRZ7f2GA(3ue;6tBIQwx9+o16z z;bS2P%L-S**=VIG2Q90^gKu(cO$i%_D{L7eMWbZhByE_3o==1YEErQoHblta5`=nOfd`bnIvA2l~s zDqVi1@zcM94LK?~3It1Ok`=~>OhY++bBeqk^m6@+GKK9dy#%AaP7nrc-?x!JrGV3* z^1R!?q6%w*$R8(U_E57?Ke=sw2=BK#9e3{_>1)gUcKi8bTsEk8((zZkyp)dQVn^gV zdtVy$aSutTpWA-imBZQ&P4>kw&_+Wmc^e9f7v~r&A1`3+CkAA9H^-=}eIZL!l~zrw zw2>{J#}+>-lgl{a=V&n%m)kDt9Cqz$cO=3FRW_subK5wul z$^tD!?mM`fkuKrphL%U`Eo{BJeDOB!aH;2O=>4#*7Iz#swMAt=tR7X?{i5sy^VOdf zY-!xO(&R6=q-6rUfgEHm>EWk;c>ivG{>SR~F!ov291R&nz~g;252Fh&?}tIAVjCo% zPnd=v)TBx4H%Uba1hRq%Yzt1>m~|J>RlTf1{bcN>oenDX?bzHL<>gSWJ+`~Bg^_ZP zjdses|8Olofj}@Mj(g2$D%tQ>-{?!{)EQGCV2yJG+_Y4xb$u z?je)07^dMnOcUYUBa60!`38cA-xotNH^yU>mdZDi zreSe0hEs>%7S+uS<+n^QKbHIKwxrB6C0(AUW-!A$NyUd>BfP_NXX=_>2B1yz$}d*m z?@oIsDAPa=PLNv%r^+3#k`f5nJrLV%z7J``%<4GsYK!gqHkFzB*4}^4Ip>m}$tg%e zIV54#1vwR#o+XiY0Cw&u8tZtFAy73Z}0TZ=V4B!R9DRLRBci&YkqBLM*n<^;syq*pJWF&W6cY2==AE9AzHYnw=hrnK z8EQC}EUS;zGmOrrzHot6%9_Yzf2Yy*aq&RfSB){&{9+h{g|-98GDh}@-~&&DRk`Sg z4ilH~hdI|@#92A2)1I3jLnrV-o49nBUm|rA%wS9AFv!N4WA&9~5&`+=JL(WxVuFSV zU9djBZ)kbn-2oBWa0x(3^dA$@Hk#+v7HH!R4oete+lycrojI&H)8WE*gV|_}iqxJR~nK1S{E!Ffg_bMT{ z*mDCQ94{6_oA`B0|AbXtl+m6ciT(2yvfLjV{iu&ytJCWA?jD(Sxx#^E{^{aeFoJ_P zl%49cSNBASgdhf-eVQWCO_vi-d(p1dt4ai*eR(@TM=*M(JY=L_p7Qr-$WM5+{_-U}ryejsVAWQ{(9-46;i(boBX!Mjg9FER2z7&Tc*sf#|! z{>4Qgkg^|!HB!Nb81;QDD3dXZKKAk%b@nz$Kgt60eUkTI^}^ckRGm(@Js<7V(Bape zvwD!^$On}WO^j7aZmb3AVZ*>?ku=hCgLRe3x}Xg}>*D_9-~g<#8$BVKh0;>?}j>1Prs^=xovK Pjs{RIgPX+~cmMt$fQ4y# literal 0 HcmV?d00001 From 8e0d534ee406bcd7674ca007c35390a599f110ed Mon Sep 17 00:00:00 2001 From: Karl Cardenas Date: Thu, 5 Oct 2023 10:10:13 -0700 Subject: [PATCH 2/2] chore: gitleaks fix --- .gitleaksignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitleaksignore b/.gitleaksignore index 655b75ffc8..4ccd774237 100644 --- a/.gitleaksignore +++ b/.gitleaksignore @@ -99,3 +99,5 @@ d916ea8726a0c226beb82fef8567877f5f5ef3f0:docs/docs-content/enterprise-version/re 4e46c6c2a90d3bb1ea17b70c15c8262aabf11c05:docs/docs-content/integrations/ubuntu.md:generic-api-key:96 eecf731008b962d7f5aefbeb6cfee251147b92b9:docs/docs-content/enterprise-version-bkup/reverse-proxy.md:private-key:145 eecf731008b962d7f5aefbeb6cfee251147b92b9:docs/docs-content/enterprise-version/system-management/reverse-proxy.md:private-key:150 +109fd4325ea00c4c07d55e8f9bafecb091c43023:docs/deprecated/enterprise-version/reverse-proxy.md:private-key:145 +109fd4325ea00c4c07d55e8f9bafecb091c43023:docs/docs-content/enterprise-version/system-management/reverse-proxy.md:private-key:150 \ No newline at end of file