From cdaa91ff5e57357c63b5e33e07b0a2771923de57 Mon Sep 17 00:00:00 2001 From: marrobi Date: Tue, 3 Jan 2023 08:58:39 +0000 Subject: [PATCH 01/19] Cannot create private AML compute Fixes #2780 --- Makefile | 4 + core/terraform/storage.tf | 9 ++ .../workspace_services/azureml/.env.sample | 2 + .../workspace_services/azureml/porter.yaml | 2 +- .../azureml/template_schema.json | 30 ++++++- .../azureml/terraform/.terraform.lock.hcl | 42 ++++++++- .../azureml/terraform/acr.tf | 14 +-- .../azureml/terraform/compute.tf | 90 +++++++++++++++++++ .../azureml/terraform/network.tf | 60 ++++++++++++- .../azureml/terraform/providers.tf | 4 +- .../azureml/terraform/storage.tf | 39 +++++++- 11 files changed, 278 insertions(+), 18 deletions(-) create mode 100644 templates/workspace_services/azureml/terraform/compute.tf diff --git a/Makefile b/Makefile index 64204be4a1..fdb06994bd 100644 --- a/Makefile +++ b/Makefile @@ -134,6 +134,10 @@ terraform-deploy: $(call target_title, "Deploying ${DIR} with Terraform") \ && . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh env \ && . ${MAKEFILE_DIR}/devops/scripts/load_and_validate_env.sh \ + && . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${DIR}/.env \ + && . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${MAKEFILE_DIR}/devops/.env \ + && . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${MAKEFILE_DIR}/templates/core/.env \ + && . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${MAKEFILE_DIR}/devops/auth.env \ && cd ${DIR}/terraform/ && ./deploy.sh terraform-import: diff --git a/core/terraform/storage.tf b/core/terraform/storage.tf index b15504d49d..540416df2b 100644 --- a/core/terraform/storage.tf +++ b/core/terraform/storage.tf @@ -36,6 +36,15 @@ resource "azurerm_private_endpoint" "blobpe" { } } +data "azurerm_private_dns_zone" "filecore" { + name = "privatelink.file.core.windows.net" + resource_group_name = azurerm_resource_group.core.name + + depends_on = [ + module.network + ] +} + resource "azurerm_private_endpoint" "filepe" { name = "pe-file-${var.tre_id}" location = azurerm_resource_group.core.location diff --git a/templates/workspace_services/azureml/.env.sample b/templates/workspace_services/azureml/.env.sample index ee8cbc0d41..497bce4cc6 100644 --- a/templates/workspace_services/azureml/.env.sample +++ b/templates/workspace_services/azureml/.env.sample @@ -8,3 +8,5 @@ WORKSPACE_ID="__CHANGE_ME__" DISPLAY_NAME="__CHANGE_ME__" DESCRIPTION="__CHANGE_ME__" IS_EXPOSED_EXTERNALLY="false" + +ADDRESS_SAPCE="__CHANGE_ME__" diff --git a/templates/workspace_services/azureml/porter.yaml b/templates/workspace_services/azureml/porter.yaml index ab6acfe35c..d4405bbf41 100644 --- a/templates/workspace_services/azureml/porter.yaml +++ b/templates/workspace_services/azureml/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-azureml -version: 0.6.0 +version: 0.6.1 description: "An Azure TRE service for Azure Machine Learning" registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/workspace_services/azureml/template_schema.json b/templates/workspace_services/azureml/template_schema.json index 5465be0fda..cd382e47e1 100644 --- a/templates/workspace_services/azureml/template_schema.json +++ b/templates/workspace_services/azureml/template_schema.json @@ -3,9 +3,30 @@ "$id": "https://github.com/microsoft/AzureTRE/templates/workspace_services/azureml/template_schema.json", "type": "object", "title": "Azure Machine Learning", - "description": "Installs Azure Machine Learning. Please be aware this template opens up additional firewall rules to enable Azure ML to function.", + "description": "Azure Machine Learning empowers data scientists and developers to build, deploy, and manage high-quality models faster and with confidence. It accelerates time to value with industry-leading machine learning operations (MLOps), open-source interoperability, and integrated tools. This trusted platform is designed for responsible AI applications in machine learning.", "required": [], "properties": { + "display_name": { + "type": "string", + "title": "Name for the workspace service", + "description": "The name of the workspace service to be displayed to users", + "default": "Azure Machine Learning", + "updateable": true + }, + "description": { + "type": "string", + "title": "Description of the workspace service", + "description": "Description of the workspace service", + "default": "Azure Machine Learning empowers data scientists and developers to build, deploy, and manage high-quality models faster and with confidence. It accelerates time to value with industry-leading machine learning operations (MLOps), open-source interoperability, and integrated tools. This trusted platform is designed for responsible AI applications in machine learning.", + "updateable": true + }, + "overview": { + "type": "string", + "title": "Workspace Service Overview", + "description": "Long form description of the workspace service, in markdown syntax", + "default": "", + "updateable": true + }, "is_exposed_externally": { "$id": "#/properties/is_exposed_externally", "type": "boolean", @@ -124,8 +145,11 @@ "{{ resource.properties.workspace_services_subnet_address_prefix }}" ], "target_fqdns": [ - "aadcdn.msftauth.net", - "ml.azure.com" + "aadcdn.msauth.net", + "ml.azure.com", + "automlresources-prod.azureedge.net", + "update.code.visualstudio.com", + "database.clamav.net" ], "protocols": [ { diff --git a/templates/workspace_services/azureml/terraform/.terraform.lock.hcl b/templates/workspace_services/azureml/terraform/.terraform.lock.hcl index 8dac16d816..5bb7318950 100644 --- a/templates/workspace_services/azureml/terraform/.terraform.lock.hcl +++ b/templates/workspace_services/azureml/terraform/.terraform.lock.hcl @@ -2,8 +2,27 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/azure/azapi" { - version = "1.0.0" - constraints = "1.0.0" + version = "1.1.0" + hashes = [ + "h1:IR+AHCwfjl1c0baWwfOwZ6QZtHj41H2syTgHkJtAr/M=", + "zh:2a25df6325a49f9e821f0b02c7da86167fc19a3bac647cd1edf231300f29d077", + "zh:2b443a836a39724663fe455d4deee408ff3a2d9a8b86f8408aa7db2e8aa743f8", + "zh:364ed09ddfc50d9bed8d930f7de489cb654a9908feb139413a097823a50075fd", + "zh:523bc005f56ae785867d230d55c29f59db4b599dbc6c38b4d03ea55a79458916", + "zh:60ded375fdb305b60bcb4d9e596dbb222cab166bad1b4958199b05a72aaeacfd", + "zh:61e69c58642fead6814e511c872b7c0a6478ec6af4ab758b4512607d910ac078", + "zh:823b2154ae2262dabcbd11aac992e3cc29eae0f7baa96bee1e3e2fe1ece8730b", + "zh:870ea9cc24807ef5142e4cad0281dac7173f7b6bf818a79762b6c690d12d4c4b", + "zh:9094ae76ed66cb328a4f35bd18b9140fb6fc6859c2e46431ec73c018bcb58d96", + "zh:d89149cfd01cb70012459536b4d36490b58e43312440562e5910bd5160537858", + "zh:dba7ec06171ca062fc423ba5b4776a5600444e45e57f4d1cb043bdc3eee538b7", + "zh:ff5bd6883d9ac8334e043434246357a55107411e9a962856c1d17e47ee15ac37", + ] +} + +provider "registry.terraform.io/hashicorp/azurerm" { + version = "3.32.0" + constraints = "3.32.0" hashes = [ "h1:OsBIUCGM+lcmbEJqfHeY9ScQoWU5Ir/MdAUU4+lNNI0=", "zh:01a33aaefe4d185e70d926103eeb0ac9fefeadf750f69c5977ead2ae02e0b038", @@ -80,3 +99,22 @@ provider "registry.terraform.io/hashicorp/null" { "zh:eff8872458806499889f6927b5d954560f3d74bf20b6043409edf94d26cd906f", ] } + +provider "registry.terraform.io/hashicorp/random" { + version = "3.4.3" + hashes = [ + "h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=", + "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752", + "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b", + "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3", + "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5", + "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda", + "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6", + "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1", + "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d", + "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8", + "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93", + ] +} diff --git a/templates/workspace_services/azureml/terraform/acr.tf b/templates/workspace_services/azureml/terraform/acr.tf index 7dc8eab27f..a84d5620a2 100644 --- a/templates/workspace_services/azureml/terraform/acr.tf +++ b/templates/workspace_services/azureml/terraform/acr.tf @@ -1,12 +1,13 @@ resource "azurerm_container_registry" "acr" { - name = local.acr_name - location = data.azurerm_resource_group.ws.location - resource_group_name = data.azurerm_resource_group.ws.name - sku = "Premium" - admin_enabled = false - tags = local.tre_workspace_service_tags + name = local.acr_name + location = data.azurerm_resource_group.ws.location + resource_group_name = data.azurerm_resource_group.ws.name + sku = "Premium" + admin_enabled = false + public_network_access_enabled = false + tags = local.tre_workspace_service_tags lifecycle { ignore_changes = [tags] } } @@ -37,3 +38,4 @@ resource "azurerm_private_endpoint" "acrpe" { subresource_names = ["registry"] } } + diff --git a/templates/workspace_services/azureml/terraform/compute.tf b/templates/workspace_services/azureml/terraform/compute.tf new file mode 100644 index 0000000000..f4f28cbf71 --- /dev/null +++ b/templates/workspace_services/azureml/terraform/compute.tf @@ -0,0 +1,90 @@ +resource "random_password" "password" { + length = 16 + lower = true + min_lower = 1 + upper = true + min_upper = 1 + numeric = true + min_numeric = 1 + special = true + min_special = 1 + override_special = "_%@" +} + +resource "azurerm_key_vault_secret" "aml_password" { + name = "cp-${local.short_service_id}" + value = random_password.password.result + key_vault_id = data.azurerm_key_vault.ws.id +} + + +resource "azapi_resource" "compute_cluster" { + type = "Microsoft.MachineLearningServices/workspaces/computes@2022-10-01" + name = "cp-${local.short_service_id}" + location = data.azurerm_resource_group.ws.location + parent_id = azurerm_machine_learning_workspace.aml_workspace.id + tags = local.tre_workspace_service_tags + + lifecycle { ignore_changes = [tags] } + + identity { + type = "SystemAssigned" + } + + body = jsonencode({ + properties = { + computeLocation = data.azurerm_resource_group.ws.location + description = "Default Compute Cluster" + disableLocalAuth = true + computeType = "AmlCompute" + properties = { + enableNodePublicIp = false + isolatedNetwork = true + osType = "Linux" + remoteLoginPortPublicAccess = "Disabled" + scaleSettings = { + maxNodeCount = 1 + minNodeCount = 0 + nodeIdleTimeBeforeScaleDown = "PT10M" + } + subnet = { + id = azurerm_subnet.aml.id + } + vmPriority = "Dedicated" + vmSize = "Standard_DS2_v2" + } + } + }) + + depends_on = [ + azurerm_private_endpoint.mlpe, + azurerm_private_endpoint.blobpe, + azurerm_private_endpoint.filepe + ] + + response_export_values = ["*"] + +} + +resource "azurerm_role_assignment" "compute_cluster_acr_pull" { + scope = azurerm_container_registry.acr.id + role_definition_name = "AcrPull" + principal_id = jsondecode(azapi_resource.compute_cluster.output).identity.principalId +} + +resource "azapi_update_resource" "set_image_build_compute" { + type = "Microsoft.MachineLearningServices/workspaces@2022-10-01" + name = azurerm_machine_learning_workspace.aml_workspace.name + parent_id = data.azurerm_resource_group.ws.id + + body = jsonencode({ + properties = { + imageBuildCompute = jsondecode(azapi_resource.compute_cluster.output).name + } + }) + + depends_on = [ + azapi_resource.compute_cluster, + azurerm_role_assignment.compute_cluster_acr_pull + ] +} diff --git a/templates/workspace_services/azureml/terraform/network.tf b/templates/workspace_services/azureml/terraform/network.tf index 06805ad39d..6490df5157 100644 --- a/templates/workspace_services/azureml/terraform/network.tf +++ b/templates/workspace_services/azureml/terraform/network.tf @@ -4,6 +4,56 @@ data "azurerm_network_security_group" "ws" { resource_group_name = data.azurerm_resource_group.ws.name } +# Using AzApi due to https://github.com/hashicorp/terraform-provider-azurerm/issues/14852 +# resource "azurerm_subnet_service_endpoint_storage_policy" "aml" { +# name = "aml-service-endpoint-policy" +# resource_group_name = data.azurerm_virtual_network.ws.resource_group_name +# location = data.azurerm_virtual_network.ws.location +# +# definition { +# name = "aml-service-endpoint-policy" +# service_resources = [ +# azurerm_storage_account.aml.id, +# "/services/Azure/MachineLearning" +# ] +# } +# +# tags = local.tre_workspace_service_tags +# } + +resource "azapi_resource" "aml_service_endpoint_policy" { + type = "Microsoft.Network/serviceEndpointPolicies@2022-05-01" + name = "aml-service-endpoint-policy-${local.short_service_id}" + location = data.azurerm_virtual_network.ws.location + parent_id = data.azurerm_resource_group.ws.id + tags = local.tre_workspace_service_tags + body = jsonencode({ + properties = { + serviceEndpointPolicyDefinitions = [ + { + name = "aml-service-endpoint-policy-definition-storage-${local.short_service_id}" + properties = { + service = "Microsoft.Storage" + serviceResources = [ + azurerm_storage_account.aml.id + ] + } + type = "Microsoft.Network/serviceEndpointPolicies/serviceEndpointPolicyDefinitions" + }, + { + name = "aml-service-endpoint-policy-definition-azureml-${local.short_service_id}" + properties = { + service = "Global" + serviceResources = [ + "/services/Azure/MachineLearning" + ] + } + type = "Microsoft.Network/serviceEndpointPolicies/serviceEndpointPolicyDefinitions" + } + ] + } + }) +} resource "null_resource" "az_login_sp" { @@ -16,6 +66,14 @@ resource "null_resource" "az_login_sp" { timestamp = timestamp() } + # need to be disabled for AML private compute + private_endpoint_network_policies_enabled = false + private_link_service_network_policies_enabled = false + + service_endpoints = [ + "Microsoft.Storage" + ] + service_endpoint_policy_ids = [azapi_resource.aml_service_endpoint_policy.id] } resource "null_resource" "az_login_msi" { @@ -93,7 +151,7 @@ resource "azurerm_network_security_rule" "allow_batch_inbound_29877" { } resource "azurerm_network_security_rule" "allow_aml_inbound" { - count = var.is_exposed_externally ? 1 : 0 + #count = var.is_exposed_externally ? 1 : 0 access = "Allow" destination_port_ranges = ["44224"] destination_address_prefix = "VirtualNetwork" diff --git a/templates/workspace_services/azureml/terraform/providers.tf b/templates/workspace_services/azureml/terraform/providers.tf index 740de5ea42..f8e7b4fb95 100644 --- a/templates/workspace_services/azureml/terraform/providers.tf +++ b/templates/workspace_services/azureml/terraform/providers.tf @@ -16,7 +16,6 @@ terraform { source = "hashicorp/null" version = "=3.1.1" } - } backend "azurerm" {} @@ -39,7 +38,6 @@ provider "azurerm" { } } -provider "azapi" { -} +provider "azapi" {} data "azurerm_client_config" "current" {} diff --git a/templates/workspace_services/azureml/terraform/storage.tf b/templates/workspace_services/azureml/terraform/storage.tf index a244c82c29..5e3442365f 100644 --- a/templates/workspace_services/azureml/terraform/storage.tf +++ b/templates/workspace_services/azureml/terraform/storage.tf @@ -4,6 +4,10 @@ resource "azurerm_storage_account" "aml" { resource_group_name = data.azurerm_resource_group.ws.name account_tier = "Standard" account_replication_type = "GRS" + + network_rules { + default_action = "Deny" + } } data "azurerm_private_dns_zone" "blobcore" { @@ -11,7 +15,12 @@ data "azurerm_private_dns_zone" "blobcore" { resource_group_name = local.core_resource_group_name } -resource "azurerm_private_endpoint" "stgblobpe" { +data "azurerm_private_dns_zone" "filecore" { + name = "privatelink.file.core.windows.net" + resource_group_name = local.core_resource_group_name +} + +resource "azurerm_private_endpoint" "blobpe" { name = "pe-${local.storage_name}" location = data.azurerm_resource_group.ws.location resource_group_name = data.azurerm_resource_group.ws.name @@ -25,9 +34,35 @@ resource "azurerm_private_endpoint" "stgblobpe" { } private_service_connection { - name = "pesc-${local.storage_name}" + name = "dnsgroup-blob${local.storage_name}" private_connection_resource_id = azurerm_storage_account.aml.id is_manual_connection = false subresource_names = ["Blob"] } } + + +resource "azurerm_private_endpoint" "filepe" { + name = "pe-file-${local.storage_name}" + location = data.azurerm_resource_group.ws.location + resource_group_name = data.azurerm_resource_group.ws.name + subnet_id = azurerm_subnet.aml.id + + lifecycle { ignore_changes = [tags] } + + private_dns_zone_group { + name = "dnsgroup-files-${local.storage_name}" + private_dns_zone_ids = [data.azurerm_private_dns_zone.filecore.id] + } + + private_service_connection { + name = "dnsgroup-file-${var.tre_id}" + private_connection_resource_id = azurerm_storage_account.aml.id + is_manual_connection = false + subresource_names = ["file"] + } + + depends_on = [ + azurerm_private_endpoint.blobpe + ] +} From 982a43cf2390cdbdc1fa337202925903ac3124e6 Mon Sep 17 00:00:00 2001 From: marrobi Date: Wed, 4 Jan 2023 09:03:00 +0000 Subject: [PATCH 02/19] Update lock --- .../azureml/terraform/.terraform.lock.hcl | 23 ++----------------- 1 file changed, 2 insertions(+), 21 deletions(-) diff --git a/templates/workspace_services/azureml/terraform/.terraform.lock.hcl b/templates/workspace_services/azureml/terraform/.terraform.lock.hcl index 5bb7318950..a40f550eb5 100644 --- a/templates/workspace_services/azureml/terraform/.terraform.lock.hcl +++ b/templates/workspace_services/azureml/terraform/.terraform.lock.hcl @@ -2,27 +2,8 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/azure/azapi" { - version = "1.1.0" - hashes = [ - "h1:IR+AHCwfjl1c0baWwfOwZ6QZtHj41H2syTgHkJtAr/M=", - "zh:2a25df6325a49f9e821f0b02c7da86167fc19a3bac647cd1edf231300f29d077", - "zh:2b443a836a39724663fe455d4deee408ff3a2d9a8b86f8408aa7db2e8aa743f8", - "zh:364ed09ddfc50d9bed8d930f7de489cb654a9908feb139413a097823a50075fd", - "zh:523bc005f56ae785867d230d55c29f59db4b599dbc6c38b4d03ea55a79458916", - "zh:60ded375fdb305b60bcb4d9e596dbb222cab166bad1b4958199b05a72aaeacfd", - "zh:61e69c58642fead6814e511c872b7c0a6478ec6af4ab758b4512607d910ac078", - "zh:823b2154ae2262dabcbd11aac992e3cc29eae0f7baa96bee1e3e2fe1ece8730b", - "zh:870ea9cc24807ef5142e4cad0281dac7173f7b6bf818a79762b6c690d12d4c4b", - "zh:9094ae76ed66cb328a4f35bd18b9140fb6fc6859c2e46431ec73c018bcb58d96", - "zh:d89149cfd01cb70012459536b4d36490b58e43312440562e5910bd5160537858", - "zh:dba7ec06171ca062fc423ba5b4776a5600444e45e57f4d1cb043bdc3eee538b7", - "zh:ff5bd6883d9ac8334e043434246357a55107411e9a962856c1d17e47ee15ac37", - ] -} - -provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.32.0" - constraints = "3.32.0" + version = "1.0.0" + constraints = "1.0.0" hashes = [ "h1:OsBIUCGM+lcmbEJqfHeY9ScQoWU5Ir/MdAUU4+lNNI0=", "zh:01a33aaefe4d185e70d926103eeb0ac9fefeadf750f69c5977ead2ae02e0b038", From d57cfc61ea2e5a4d426a12da69fbdc5fecd53fb1 Mon Sep 17 00:00:00 2001 From: marrobi Date: Wed, 4 Jan 2023 09:35:19 +0000 Subject: [PATCH 03/19] Add missing updates from merge --- .../azureml/parameters.json | 6 + .../workspace_services/azureml/porter.yaml | 86 +++---- .../azureml/template_schema.json | 19 ++ .../azureml/terraform/data.tf | 40 ++++ .../azureml/terraform/locals.tf | 1 + .../azureml/terraform/main.tf | 76 ++----- .../azureml/terraform/network.tf | 211 +++++++++++------- .../azureml/terraform/outputs.tf | 6 +- .../azureml/terraform/roles.tf | 2 +- .../azureml/terraform/variables.tf | 1 + .../aml_compute/terraform/compute.tf | 2 +- .../aml_compute/terraform/data.tf | 4 +- 12 files changed, 270 insertions(+), 184 deletions(-) create mode 100644 templates/workspace_services/azureml/terraform/data.tf diff --git a/templates/workspace_services/azureml/parameters.json b/templates/workspace_services/azureml/parameters.json index 0e77f0980d..8482f49d68 100755 --- a/templates/workspace_services/azureml/parameters.json +++ b/templates/workspace_services/azureml/parameters.json @@ -34,6 +34,12 @@ "env": "DESCRIPTION" } }, + { + "name": "address_space", + "source": { + "env": "ADDRESS_SPACE" + } + }, { "name": "is_exposed_externally", "source": { diff --git a/templates/workspace_services/azureml/porter.yaml b/templates/workspace_services/azureml/porter.yaml index d4405bbf41..5b0232f9f9 100644 --- a/templates/workspace_services/azureml/porter.yaml +++ b/templates/workspace_services/azureml/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-azureml -version: 0.6.1 +version: 0.6.2 description: "An Azure TRE service for Azure Machine Learning" registry: azuretre dockerfile: Dockerfile.tmpl @@ -41,6 +41,9 @@ parameters: default: false env: IS_EXPOSED_EXTERNALLY description: "Determines if the AML workspace will be available over public/internet" + - name: address_space + type: string + description: "Address space for the AML subnets" - name: tfstate_resource_group_name type: string description: "Resource group containing the Terraform state storage account" @@ -106,19 +109,20 @@ install: - terraform: description: "Deploy Azure ML Service" vars: - workspace_id: ${ bundle.parameters.workspace_id } - tre_id: ${ bundle.parameters.tre_id } - tre_resource_id: ${ bundle.parameters.id } - display_name: ${ bundle.parameters.display_name } - description: ${ bundle.parameters.description } - is_exposed_externally: ${ bundle.parameters.is_exposed_externally } - arm_tenant_id: ${ bundle.credentials.azure_tenant_id } - arm_client_id: ${ bundle.credentials.azure_client_id } - arm_client_secret: ${ bundle.credentials.azure_client_secret } - arm_use_msi: ${ bundle.parameters.arm_use_msi } - auth_client_id: ${ bundle.credentials.auth_client_id } - auth_client_secret: ${ bundle.credentials.auth_client_secret } - auth_tenant_id: ${ bundle.credentials.auth_tenant_id } + workspace_id: "{{ bundle.parameters.workspace_id }}" + tre_id: "{{ bundle.parameters.tre_id }}" + tre_resource_id: "{{ bundle.parameters.id }}" + display_name: "{{ bundle.parameters.display_name }}" + description: "{{ bundle.parameters.description }}" + address_space: "{{ bundle.parameters.address_space }}" + is_exposed_externally: "{{ bundle.parameters.is_exposed_externally }}" + arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" + arm_client_id: "{{ bundle.credentials.azure_client_id }}" + arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" + arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" + auth_client_id: "{{ bundle.credentials.auth_client_id }}" + auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" + auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" backendConfig: resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } @@ -137,19 +141,20 @@ upgrade: - terraform: description: "Upgrade Azure ML Service" vars: - workspace_id: ${ bundle.parameters.workspace_id } - tre_id: ${ bundle.parameters.tre_id } - tre_resource_id: ${ bundle.parameters.id } - display_name: ${ bundle.parameters.display_name } - description: ${ bundle.parameters.description } - is_exposed_externally: ${ bundle.parameters.is_exposed_externally } - arm_tenant_id: ${ bundle.credentials.azure_tenant_id } - arm_client_id: ${ bundle.credentials.azure_client_id } - arm_client_secret: ${ bundle.credentials.azure_client_secret } - arm_use_msi: ${ bundle.parameters.arm_use_msi } - auth_client_id: ${ bundle.credentials.auth_client_id } - auth_client_secret: ${ bundle.credentials.auth_client_secret } - auth_tenant_id: ${ bundle.credentials.auth_tenant_id } + workspace_id: "{{ bundle.parameters.workspace_id }}" + tre_id: "{{ bundle.parameters.tre_id }}" + tre_resource_id: "{{ bundle.parameters.id }}" + display_name: "{{ bundle.parameters.display_name }}" + description: "{{ bundle.parameters.description }}" + address_space: "{{ bundle.parameters.address_space }}" + is_exposed_externally: "{{ bundle.parameters.is_exposed_externally }}" + arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" + arm_client_id: "{{ bundle.credentials.azure_client_id }}" + arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" + arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" + auth_client_id: "{{ bundle.credentials.auth_client_id }}" + auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" + auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" backendConfig: resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } @@ -168,19 +173,20 @@ uninstall: - terraform: description: "Delete the Azure ML Service" vars: - workspace_id: ${ bundle.parameters.workspace_id } - tre_id: ${ bundle.parameters.tre_id } - tre_resource_id: ${ bundle.parameters.id } - display_name: ${ bundle.parameters.display_name } - description: ${ bundle.parameters.description } - is_exposed_externally: ${ bundle.parameters.is_exposed_externally } - arm_use_msi: ${ bundle.parameters.arm_use_msi } - arm_tenant_id: ${ bundle.credentials.azure_tenant_id } - arm_client_id: ${ bundle.credentials.azure_client_id } - arm_client_secret: ${ bundle.credentials.azure_client_secret } - auth_client_id: ${ bundle.credentials.auth_client_id } - auth_client_secret: ${ bundle.credentials.auth_client_secret } - auth_tenant_id: ${ bundle.credentials.auth_tenant_id } + workspace_id: "{{ bundle.parameters.workspace_id }}" + tre_id: "{{ bundle.parameters.tre_id }}" + tre_resource_id: "{{ bundle.parameters.id }}" + display_name: "{{ bundle.parameters.display_name }}" + description: "{{ bundle.parameters.description }}" + address_space: "{{ bundle.parameters.address_space }}" + is_exposed_externally: "{{ bundle.parameters.is_exposed_externally }}" + arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" + arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" + arm_client_id: "{{ bundle.credentials.azure_client_id }}" + arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" + auth_client_id: "{{ bundle.credentials.auth_client_id }}" + auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" + auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" backendConfig: resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } diff --git a/templates/workspace_services/azureml/template_schema.json b/templates/workspace_services/azureml/template_schema.json index cd382e47e1..05a090f70d 100644 --- a/templates/workspace_services/azureml/template_schema.json +++ b/templates/workspace_services/azureml/template_schema.json @@ -33,10 +33,29 @@ "title": "Expose externally", "description": "Is the Azure ML workspace accessible from outside of the workspace network", "default": false + }, + "address_space": { + "$id": "#/properties/address_space", + "type": "string", + "title": "Address space", + "description": "The address space for use by AML subnets" + } + }, + "uiSchema": { + "address_space": { + "classNames": "tre-hidden" } }, "pipeline": { "install": [ + { + "stepId": "12ba0dad-ea6c-4d0d-9255-d316212f5ffa", + "stepTitle": "Upgrade to ensure aware of address space", + "resourceType": "workspace", + "resourceAction": "upgrade", + "properties": [ + ] + }, { "stepId": "main" }, diff --git a/templates/workspace_services/azureml/terraform/data.tf b/templates/workspace_services/azureml/terraform/data.tf new file mode 100644 index 0000000000..83c3ff9dc3 --- /dev/null +++ b/templates/workspace_services/azureml/terraform/data.tf @@ -0,0 +1,40 @@ +data "azurerm_resource_group" "ws" { + name = "rg-${var.tre_id}-ws-${local.short_workspace_id}" +} + +data "azurerm_virtual_network" "ws" { + name = "vnet-${var.tre_id}-ws-${local.short_workspace_id}" + resource_group_name = data.azurerm_resource_group.ws.name +} + +data "azurerm_subnet" "services" { + name = "ServicesSubnet" + virtual_network_name = data.azurerm_virtual_network.ws.name + resource_group_name = data.azurerm_virtual_network.ws.resource_group_name +} + +resource "azurerm_application_insights" "ai" { + name = "ai-${local.service_resource_name_suffix}" + location = data.azurerm_resource_group.ws.location + resource_group_name = data.azurerm_resource_group.ws.name + application_type = "web" + tags = local.tre_workspace_service_tags + + lifecycle { ignore_changes = [tags] } +} + +data "azurerm_key_vault" "ws" { + name = local.keyvault_name + resource_group_name = data.azurerm_resource_group.ws.name +} + +data "azurerm_subnet" "shared" { + resource_group_name = local.core_resource_group_name + virtual_network_name = local.core_vnet + name = "SharedSubnet" +} + +data "azurerm_route_table" "rt" { + name = "rt-${var.tre_id}" + resource_group_name = local.core_resource_group_name +} diff --git a/templates/workspace_services/azureml/terraform/locals.tf b/templates/workspace_services/azureml/terraform/locals.tf index c99f98d5eb..ac11d6c921 100644 --- a/templates/workspace_services/azureml/terraform/locals.tf +++ b/templates/workspace_services/azureml/terraform/locals.tf @@ -1,6 +1,7 @@ locals { short_service_id = substr(var.tre_resource_id, -4, -1) short_workspace_id = substr(var.workspace_id, -4, -1) + core_vnet = "vnet-${var.tre_id}" core_resource_group_name = "rg-${var.tre_id}" workspace_resource_name_suffix = "${var.tre_id}-ws-${local.short_workspace_id}" service_resource_name_suffix = "${var.tre_id}-ws-${local.short_workspace_id}-svc-${local.short_service_id}" diff --git a/templates/workspace_services/azureml/terraform/main.tf b/templates/workspace_services/azureml/terraform/main.tf index 9435b37e43..696d40fefe 100644 --- a/templates/workspace_services/azureml/terraform/main.tf +++ b/templates/workspace_services/azureml/terraform/main.tf @@ -1,61 +1,19 @@ -data "azurerm_resource_group" "ws" { - name = "rg-${var.tre_id}-ws-${local.short_workspace_id}" -} - -data "azurerm_virtual_network" "ws" { - name = "vnet-${var.tre_id}-ws-${local.short_workspace_id}" - resource_group_name = data.azurerm_resource_group.ws.name -} - -data "azurerm_subnet" "services" { - name = "ServicesSubnet" - virtual_network_name = data.azurerm_virtual_network.ws.name - resource_group_name = data.azurerm_virtual_network.ws.resource_group_name -} - -resource "azurerm_application_insights" "ai" { - name = "ai-${local.service_resource_name_suffix}" - location = data.azurerm_resource_group.ws.location - resource_group_name = data.azurerm_resource_group.ws.name - application_type = "web" - tags = local.tre_workspace_service_tags - - lifecycle { ignore_changes = [tags] } -} - -data "azurerm_key_vault" "ws" { - name = local.keyvault_name - resource_group_name = data.azurerm_resource_group.ws.name -} - -# Using AzAPI due to https://github.com/hashicorp/terraform-provider-azurerm/issues/16177 -resource "azapi_resource" "aml_workspace" { - name = local.workspace_name - parent_id = data.azurerm_resource_group.ws.id - type = "Microsoft.MachineLearningServices/workspaces@2022-05-01" - schema_validation_enabled = false - location = data.azurerm_resource_group.ws.location - - body = jsonencode({ - properties = { - allowRecoverSoftDeletedWorkspace = "True" - applicationInsights = azurerm_application_insights.ai.id - containerRegistry = azurerm_container_registry.acr.id - friendlyName = var.display_name - description = var.description - hbiWorkspace = true - keyVault = data.azurerm_key_vault.ws.id - publicNetworkAccess = var.is_exposed_externally ? "Enabled" : "Disabled" - storageAccount = azurerm_storage_account.aml.id - v1LegacyMode = false - } - identity = { - type = "SystemAssigned" - } - }) - - response_export_values = ["*"] - +resource "azurerm_machine_learning_workspace" "aml_workspace" { + name = local.workspace_name + resource_group_name = data.azurerm_resource_group.ws.name + location = data.azurerm_resource_group.ws.location + application_insights_id = azurerm_application_insights.ai.id + container_registry_id = azurerm_container_registry.acr.id + friendly_name = var.display_name + description = var.description + high_business_impact = true + key_vault_id = data.azurerm_key_vault.ws.id + public_network_access_enabled = var.is_exposed_externally ? true : false + storage_account_id = azurerm_storage_account.aml.id + + identity { + type = "SystemAssigned" + } } data "azurerm_private_dns_zone" "azureml" { @@ -89,7 +47,7 @@ resource "azurerm_private_endpoint" "mlpe" { private_service_connection { name = "mlpesc-${local.service_resource_name_suffix}" - private_connection_resource_id = azapi_resource.aml_workspace.id + private_connection_resource_id = azurerm_machine_learning_workspace.aml_workspace.id is_manual_connection = false subresource_names = ["amlworkspace"] } diff --git a/templates/workspace_services/azureml/terraform/network.tf b/templates/workspace_services/azureml/terraform/network.tf index 6490df5157..8e12486364 100644 --- a/templates/workspace_services/azureml/terraform/network.tf +++ b/templates/workspace_services/azureml/terraform/network.tf @@ -1,7 +1,10 @@ +resource "azurerm_network_security_group" "aml" { + location = data.azurerm_virtual_network.ws.location + name = "nsg-aml" + resource_group_name = data.azurerm_virtual_network.ws.resource_group_name + tags = local.tre_workspace_service_tags -data "azurerm_network_security_group" "ws" { - name = "nsg-ws" - resource_group_name = data.azurerm_resource_group.ws.name + lifecycle { ignore_changes = [tags] } } # Using AzApi due to https://github.com/hashicorp/terraform-provider-azurerm/issues/14852 @@ -55,16 +58,11 @@ resource "azapi_resource" "aml_service_endpoint_policy" { }) } -resource "null_resource" "az_login_sp" { - - count = var.arm_use_msi == true ? 0 : 1 - provisioner "local-exec" { - command = "az login --service-principal --username ${var.arm_client_id} --password ${var.arm_client_secret} --tenant ${var.arm_tenant_id}" - } - - triggers = { - timestamp = timestamp() - } +resource "azurerm_subnet" "aml" { + name = "AMLSubnet${local.short_service_id}" + virtual_network_name = data.azurerm_virtual_network.ws.name + resource_group_name = data.azurerm_virtual_network.ws.resource_group_name + address_prefixes = [var.address_space] # need to be disabled for AML private compute private_endpoint_network_policies_enabled = false @@ -76,75 +74,21 @@ resource "null_resource" "az_login_sp" { service_endpoint_policy_ids = [azapi_resource.aml_service_endpoint_policy.id] } -resource "null_resource" "az_login_msi" { - - count = var.arm_use_msi == true ? 1 : 0 - provisioner "local-exec" { - command = "az login --identity -u '${data.azurerm_client_config.current.client_id}'" - } - - triggers = { - timestamp = timestamp() - } -} - -data "external" "nsg_rule_priorities_inbound" { - program = ["bash", "-c", "./get_nsg_priorities.sh"] - - query = { - nsg_name = data.azurerm_network_security_group.ws.name - resource_group_name = data.azurerm_resource_group.ws.name - nsg_rule_name = "${local.short_service_id}-aml-inbound" - direction = "Inbound" - } - depends_on = [ - null_resource.az_login_sp, - null_resource.az_login_msi - ] +resource "azurerm_subnet_network_security_group_association" "services" { + network_security_group_id = azurerm_network_security_group.aml.id + subnet_id = azurerm_subnet.aml.id } - - -data "external" "nsg_rule_priorities_outbound" { - program = ["bash", "-c", "./get_nsg_priorities.sh"] - - query = { - nsg_name = data.azurerm_network_security_group.ws.name - nsg_rule_name = "${local.short_service_id}-allow-Outbound_Storage_445" - resource_group_name = data.azurerm_resource_group.ws.name - direction = "Outbound" - } - depends_on = [ - null_resource.az_login_sp, - null_resource.az_login_msi - ] -} - - resource "azurerm_network_security_rule" "allow_batch_inbound" { - access = "Allow" - destination_port_ranges = ["29876"] - destination_address_prefix = "VirtualNetwork" - source_address_prefix = "BatchNodeManagement" - direction = "Inbound" - name = "${local.short_service_id}-batch-inbound-29876" - network_security_group_name = data.azurerm_network_security_group.ws.name - priority = tonumber(data.external.nsg_rule_priorities_inbound.result.nsg_rule_priority) - protocol = "Tcp" - resource_group_name = data.azurerm_resource_group.ws.name - source_port_range = "*" -} - -resource "azurerm_network_security_rule" "allow_batch_inbound_29877" { count = var.is_exposed_externally ? 1 : 0 access = "Allow" - destination_port_ranges = ["29877"] + destination_port_ranges = ["29876", "29877"] destination_address_prefix = "VirtualNetwork" source_address_prefix = "BatchNodeManagement" direction = "Inbound" - name = "${local.short_service_id}-batch-inbound-29877" - network_security_group_name = data.azurerm_network_security_group.ws.name - priority = tonumber(data.external.nsg_rule_priorities_inbound.result.nsg_rule_priority) + 1 + name = "${local.short_service_id}-batch-inbound-29876" + network_security_group_name = azurerm_network_security_group.aml.name + priority = 100 protocol = "Tcp" resource_group_name = data.azurerm_resource_group.ws.name source_port_range = "*" @@ -158,8 +102,8 @@ resource "azurerm_network_security_rule" "allow_aml_inbound" { source_address_prefix = "AzureMachineLearning" direction = "Inbound" name = "${local.short_service_id}-aml-inbound" - network_security_group_name = data.azurerm_network_security_group.ws.name - priority = tonumber(data.external.nsg_rule_priorities_inbound.result.nsg_rule_priority) + 2 + network_security_group_name = azurerm_network_security_group.aml.name + priority = 101 protocol = "Tcp" resource_group_name = data.azurerm_resource_group.ws.name source_port_range = "*" @@ -173,9 +117,120 @@ resource "azurerm_network_security_rule" "allow_outbound_storage_445" { source_address_prefix = "VirtualNetwork" direction = "Outbound" name = "${local.short_service_id}-allow-Outbound_Storage_445" - network_security_group_name = data.azurerm_network_security_group.ws.name - priority = tonumber(data.external.nsg_rule_priorities_outbound.result.nsg_rule_priority) + network_security_group_name = azurerm_network_security_group.aml.name + priority = 102 protocol = "Tcp" resource_group_name = data.azurerm_resource_group.ws.name source_port_range = "*" } + +resource "azurerm_network_security_rule" "allow_outbound_to_shared_services" { + access = "Allow" + destination_address_prefixes = data.azurerm_subnet.shared.address_prefixes + destination_port_range = "*" + direction = "Outbound" + name = "to-shared-services" + network_security_group_name = azurerm_network_security_group.aml.name + priority = 103 + protocol = "*" + resource_group_name = data.azurerm_resource_group.ws.name + source_address_prefix = "*" + source_port_range = "*" +} + + +resource "azurerm_network_security_rule" "allow_outbound_to_internet" { + access = "Allow" + destination_address_prefix = "INTERNET" + destination_port_range = "443" + direction = "Outbound" + name = "to-internet" + network_security_group_name = azurerm_network_security_group.aml.name + priority = 104 + protocol = "Tcp" + resource_group_name = data.azurerm_resource_group.ws.name + source_address_prefix = "*" + source_port_range = "*" +} + + +resource "azurerm_network_security_rule" "deny_outbound_override" { + access = "Deny" + destination_address_prefix = "*" + destination_port_range = "*" + direction = "Outbound" + name = "deny-outbound-override" + network_security_group_name = azurerm_network_security_group.aml.name + priority = 4096 + protocol = "*" + resource_group_name = data.azurerm_resource_group.ws.name + source_address_prefix = "*" + source_port_range = "*" +} + +resource "azurerm_network_security_rule" "deny_all_inbound_override" { + access = "Deny" + destination_address_prefix = "*" + destination_port_range = "*" + direction = "Inbound" + name = "deny-inbound-override" + network_security_group_name = azurerm_network_security_group.aml.name + priority = 4096 + protocol = "*" + resource_group_name = data.azurerm_resource_group.ws.name + source_address_prefix = "*" + source_port_range = "*" +} + +resource "azurerm_route_table" "aml" { + count = var.is_exposed_externally ? 1 : 0 + name = "rt-aml-${var.tre_id}-${local.short_service_id}" + resource_group_name = data.azurerm_resource_group.ws.name + location = data.azurerm_resource_group.ws.location + disable_bgp_route_propagation = false + tags = local.tre_workspace_service_tags + + lifecycle { ignore_changes = [tags] } + +} + +resource "azurerm_route" "firewall" { + count = var.is_exposed_externally ? 1 : 0 + name = "rt-aml-${var.tre_id}-${local.short_service_id}" + resource_group_name = data.azurerm_resource_group.ws.name + route_table_name = azurerm_route_table.aml[count.index].name + address_prefix = data.azurerm_route_table.rt[count.index].route[0].address_prefix + next_hop_type = data.azurerm_route_table.rt[count.index].route[0].next_hop_type +} + + +resource "azurerm_route" "aml" { + count = var.is_exposed_externally ? 1 : 0 + name = "rt-aml-${var.tre_id}-${local.short_service_id}" + resource_group_name = data.azurerm_resource_group.ws.name + route_table_name = azurerm_route_table.aml[count.index].name + address_prefix = "AzureMachineLearning" + next_hop_type = "Internet" +} + +resource "azurerm_route" "batch" { + count = var.is_exposed_externally ? 1 : 0 + name = "rt-aml-${var.tre_id}-${local.short_service_id}" + resource_group_name = data.azurerm_resource_group.ws.name + route_table_name = azurerm_route_table.aml[count.index].name + address_prefix = "BatchNodeManagement" + next_hop_type = "Internet" +} + + +resource "azurerm_subnet_route_table_association" "rt_aml_subnet_association" { + count = var.is_exposed_externally ? 1 : 0 + route_table_id = data.azurerm_route_table.rt.id + subnet_id = azurerm_subnet.aml.id +} + +resource "azurerm_subnet_route_table_association" "rt_core_aml_subnet_association" { + count = var.is_exposed_externally ? 0 : 1 + route_table_id = azurerm_route_table.aml[count.index].id + subnet_id = azurerm_subnet.aml.id +} diff --git a/templates/workspace_services/azureml/terraform/outputs.tf b/templates/workspace_services/azureml/terraform/outputs.tf index e9bb0f2a56..b122359bfb 100644 --- a/templates/workspace_services/azureml/terraform/outputs.tf +++ b/templates/workspace_services/azureml/terraform/outputs.tf @@ -1,5 +1,5 @@ output "azureml_workspace_name" { - value = azapi_resource.aml_workspace.name + value = azurerm_machine_learning_workspace.aml_workspace.name } output "azureml_acr_id" { @@ -11,11 +11,11 @@ output "azureml_storage_account_id" { } output "connection_uri" { - value = var.is_exposed_externally ? "https://ml.azure.com/?wsid=${azapi_resource.aml_workspace.id}&tid=${var.arm_tenant_id}" : "" + value = var.is_exposed_externally ? "https://ml.azure.com/?wsid=${azurerm_machine_learning_workspace.aml_workspace.id}&tid=${var.arm_tenant_id}" : "" } output "internal_connection_uri" { - value = var.is_exposed_externally ? "" : "https://ml.azure.com/?wsid=${azapi_resource.aml_workspace.id}&tid=${var.arm_tenant_id}" + value = var.is_exposed_externally ? "" : "https://ml.azure.com/?wsid=${azurerm_machine_learning_workspace.aml_workspace.id}&tid=${var.arm_tenant_id}" } output "workspace_services_subnet_address_prefix" { diff --git a/templates/workspace_services/azureml/terraform/roles.tf b/templates/workspace_services/azureml/terraform/roles.tf index 9a791fb743..a3c5d445a8 100644 --- a/templates/workspace_services/azureml/terraform/roles.tf +++ b/templates/workspace_services/azureml/terraform/roles.tf @@ -21,7 +21,7 @@ data "azurerm_role_definition" "azure_ml_data_scientist" { resource "azurerm_role_assignment" "app_role_members_aml_data_scientist" { for_each = (data.external.app_role_members.result.principals == "") ? [] : toset(split("\n", data.external.app_role_members.result.principals)) - scope = azapi_resource.aml_workspace.id + scope = azurerm_machine_learning_workspace.aml_workspace.id role_definition_id = data.azurerm_role_definition.azure_ml_data_scientist.id principal_id = each.value } diff --git a/templates/workspace_services/azureml/terraform/variables.tf b/templates/workspace_services/azureml/terraform/variables.tf index 4cc3dca6ae..8c8ccd9278 100644 --- a/templates/workspace_services/azureml/terraform/variables.tf +++ b/templates/workspace_services/azureml/terraform/variables.tf @@ -12,6 +12,7 @@ variable "description" {} variable "is_exposed_externally" { type = bool } +variable "address_space" {} variable "auth_tenant_id" { type = string description = "Used to authenticate into the AAD Tenant to get app role members" diff --git a/templates/workspace_services/azureml/user_resources/aml_compute/terraform/compute.tf b/templates/workspace_services/azureml/user_resources/aml_compute/terraform/compute.tf index 554921a0c7..02b4a88bde 100644 --- a/templates/workspace_services/azureml/user_resources/aml_compute/terraform/compute.tf +++ b/templates/workspace_services/azureml/user_resources/aml_compute/terraform/compute.tf @@ -20,7 +20,7 @@ resource "azapi_resource" "compute_instance" { } } subnet = { - id = data.azurerm_subnet.services.id + id = data.azurerm_subnet.aml.id } } } diff --git a/templates/workspace_services/azureml/user_resources/aml_compute/terraform/data.tf b/templates/workspace_services/azureml/user_resources/aml_compute/terraform/data.tf index bed90ff9d4..2c69844b09 100644 --- a/templates/workspace_services/azureml/user_resources/aml_compute/terraform/data.tf +++ b/templates/workspace_services/azureml/user_resources/aml_compute/terraform/data.tf @@ -7,8 +7,8 @@ data "azurerm_virtual_network" "ws" { resource_group_name = data.azurerm_resource_group.ws.name } -data "azurerm_subnet" "services" { - name = "ServicesSubnet" +data "azurerm_subnet" "aml" { + name = "AMLSubnet${local.short_service_id}" virtual_network_name = data.azurerm_virtual_network.ws.name resource_group_name = data.azurerm_virtual_network.ws.resource_group_name } From cefb58867e3c0766c9a13d99dcabdd470c172f87 Mon Sep 17 00:00:00 2001 From: marrobi Date: Wed, 4 Jan 2023 12:29:55 +0000 Subject: [PATCH 04/19] Public IP workspace works. --- .../workspace_services/azureml/porter.yaml | 86 +++++++++---------- .../azureml/template_schema.json | 4 +- .../azureml/terraform/.terraform.lock.hcl | 30 +++---- .../azureml/terraform/acr.tf | 3 +- .../azureml/terraform/compute.tf | 16 ++-- .../azureml/terraform/network.tf | 12 +-- .../azureml/terraform/providers.tf | 2 +- .../azureml/terraform/storage.tf | 4 +- 8 files changed, 80 insertions(+), 77 deletions(-) diff --git a/templates/workspace_services/azureml/porter.yaml b/templates/workspace_services/azureml/porter.yaml index 5b0232f9f9..d90504b247 100644 --- a/templates/workspace_services/azureml/porter.yaml +++ b/templates/workspace_services/azureml/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-azureml -version: 0.6.2 +version: 0.7.6 description: "An Azure TRE service for Azure Machine Learning" registry: azuretre dockerfile: Dockerfile.tmpl @@ -109,20 +109,20 @@ install: - terraform: description: "Deploy Azure ML Service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - display_name: "{{ bundle.parameters.display_name }}" - description: "{{ bundle.parameters.description }}" - address_space: "{{ bundle.parameters.address_space }}" - is_exposed_externally: "{{ bundle.parameters.is_exposed_externally }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - auth_client_id: "{{ bundle.credentials.auth_client_id }}" - auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + display_name: ${ bundle.parameters.display_name } + description: ${ bundle.parameters.description } + address_space: ${ bundle.parameters.address_space } + is_exposed_externally: ${ bundle.parameters.is_exposed_externally } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } backendConfig: resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } @@ -141,20 +141,20 @@ upgrade: - terraform: description: "Upgrade Azure ML Service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - display_name: "{{ bundle.parameters.display_name }}" - description: "{{ bundle.parameters.description }}" - address_space: "{{ bundle.parameters.address_space }}" - is_exposed_externally: "{{ bundle.parameters.is_exposed_externally }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - auth_client_id: "{{ bundle.credentials.auth_client_id }}" - auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + display_name: ${ bundle.parameters.display_name } + description: ${ bundle.parameters.description } + address_space: ${ bundle.parameters.address_space } + is_exposed_externally: ${ bundle.parameters.is_exposed_externally } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } backendConfig: resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } @@ -173,20 +173,20 @@ uninstall: - terraform: description: "Delete the Azure ML Service" vars: - workspace_id: "{{ bundle.parameters.workspace_id }}" - tre_id: "{{ bundle.parameters.tre_id }}" - tre_resource_id: "{{ bundle.parameters.id }}" - display_name: "{{ bundle.parameters.display_name }}" - description: "{{ bundle.parameters.description }}" - address_space: "{{ bundle.parameters.address_space }}" - is_exposed_externally: "{{ bundle.parameters.is_exposed_externally }}" - arm_use_msi: "{{ bundle.parameters.arm_use_msi }}" - arm_tenant_id: "{{ bundle.credentials.azure_tenant_id }}" - arm_client_id: "{{ bundle.credentials.azure_client_id }}" - arm_client_secret: "{{ bundle.credentials.azure_client_secret }}" - auth_client_id: "{{ bundle.credentials.auth_client_id }}" - auth_client_secret: "{{ bundle.credentials.auth_client_secret }}" - auth_tenant_id: "{{ bundle.credentials.auth_tenant_id }}" + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + display_name: ${ bundle.parameters.display_name } + description: ${ bundle.parameters.description } + address_space: ${ bundle.parameters.address_space } + is_exposed_externally: ${ bundle.parameters.is_exposed_externally } + arm_use_msi: ${ bundle.parameters.arm_use_msi } + arm_tenant_id: ${ bundle.credentials.azure_tenant_id } + arm_client_id: ${ bundle.credentials.azure_client_id } + arm_client_secret: ${ bundle.credentials.azure_client_secret } + auth_client_id: ${ bundle.credentials.auth_client_id } + auth_client_secret: ${ bundle.credentials.auth_client_secret } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } backendConfig: resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } diff --git a/templates/workspace_services/azureml/template_schema.json b/templates/workspace_services/azureml/template_schema.json index 05a090f70d..037fb662a1 100644 --- a/templates/workspace_services/azureml/template_schema.json +++ b/templates/workspace_services/azureml/template_schema.json @@ -17,14 +17,14 @@ "type": "string", "title": "Description of the workspace service", "description": "Description of the workspace service", - "default": "Azure Machine Learning empowers data scientists and developers to build, deploy, and manage high-quality models faster and with confidence. It accelerates time to value with industry-leading machine learning operations (MLOps), open-source interoperability, and integrated tools. This trusted platform is designed for responsible AI applications in machine learning.", + "default": "Azure Machine Learning empowers data scientists and developers to build, deploy, and manage high-quality models faster and with confidence.", "updateable": true }, "overview": { "type": "string", "title": "Workspace Service Overview", "description": "Long form description of the workspace service, in markdown syntax", - "default": "", + "default": "", "updateable": true }, "is_exposed_externally": { diff --git a/templates/workspace_services/azureml/terraform/.terraform.lock.hcl b/templates/workspace_services/azureml/terraform/.terraform.lock.hcl index a40f550eb5..5a22423fbb 100644 --- a/templates/workspace_services/azureml/terraform/.terraform.lock.hcl +++ b/templates/workspace_services/azureml/terraform/.terraform.lock.hcl @@ -2,22 +2,22 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/azure/azapi" { - version = "1.0.0" - constraints = "1.0.0" + version = "1.1.0" + constraints = "1.1.0" hashes = [ - "h1:OsBIUCGM+lcmbEJqfHeY9ScQoWU5Ir/MdAUU4+lNNI0=", - "zh:01a33aaefe4d185e70d926103eeb0ac9fefeadf750f69c5977ead2ae02e0b038", - "zh:1ce767851be07e432b4cdde91b40beef84f030432bb7b431ffda85b89305414d", - "zh:1cf15bc8430377091c06373c74a68ce61a9f36dd1455929a64e8083332f2c291", - "zh:4372f59b2761b3ae4b59d59f978af547cd8fae44d2b2e5baa91735b0ea3b16e2", - "zh:6602e2aae7937456418f53372d7139d2f56aea5e46dfd46634f9b202988178c0", - "zh:6f0945ee6ae05cbd708c10ee7b0f8c987032e35122a01d661188538f7548e59f", - "zh:6fc5e5017b8f87aff48732cc619f1295175913e3c1c039a170e8f0100a8233a2", - "zh:740f6c339f28406988204af6fadc9e58c754a22f234902b34c1f6d54421476c2", - "zh:7f003da3b64cb5129627b96a5eb0a03113853a0b17fd4cb77bd505fd27a8ca0b", - "zh:a1ed7aa209cdee91b013691ddb61d77eb3d840f9cba2f4c8b923ba80823c5912", - "zh:d6dad27af147a127027a8aa08a259f6dc418b09f842620e56e5db85547b1b090", - "zh:e67ddb150ff40cf9453fd56f47c2ac657ede1c1861b4d2f9009e98bddfc345b2", + "h1:IR+AHCwfjl1c0baWwfOwZ6QZtHj41H2syTgHkJtAr/M=", + "zh:2a25df6325a49f9e821f0b02c7da86167fc19a3bac647cd1edf231300f29d077", + "zh:2b443a836a39724663fe455d4deee408ff3a2d9a8b86f8408aa7db2e8aa743f8", + "zh:364ed09ddfc50d9bed8d930f7de489cb654a9908feb139413a097823a50075fd", + "zh:523bc005f56ae785867d230d55c29f59db4b599dbc6c38b4d03ea55a79458916", + "zh:60ded375fdb305b60bcb4d9e596dbb222cab166bad1b4958199b05a72aaeacfd", + "zh:61e69c58642fead6814e511c872b7c0a6478ec6af4ab758b4512607d910ac078", + "zh:823b2154ae2262dabcbd11aac992e3cc29eae0f7baa96bee1e3e2fe1ece8730b", + "zh:870ea9cc24807ef5142e4cad0281dac7173f7b6bf818a79762b6c690d12d4c4b", + "zh:9094ae76ed66cb328a4f35bd18b9140fb6fc6859c2e46431ec73c018bcb58d96", + "zh:d89149cfd01cb70012459536b4d36490b58e43312440562e5910bd5160537858", + "zh:dba7ec06171ca062fc423ba5b4776a5600444e45e57f4d1cb043bdc3eee538b7", + "zh:ff5bd6883d9ac8334e043434246357a55107411e9a962856c1d17e47ee15ac37", ] } diff --git a/templates/workspace_services/azureml/terraform/acr.tf b/templates/workspace_services/azureml/terraform/acr.tf index a84d5620a2..33b4ae315f 100644 --- a/templates/workspace_services/azureml/terraform/acr.tf +++ b/templates/workspace_services/azureml/terraform/acr.tf @@ -21,7 +21,7 @@ resource "azurerm_private_endpoint" "acrpe" { name = "acrpe-${local.service_resource_name_suffix}" location = data.azurerm_resource_group.ws.location resource_group_name = data.azurerm_resource_group.ws.name - subnet_id = data.azurerm_subnet.services.id + subnet_id = azurerm_subnet.aml.id tags = local.tre_workspace_service_tags lifecycle { ignore_changes = [tags] } @@ -37,5 +37,6 @@ resource "azurerm_private_endpoint" "acrpe" { is_manual_connection = false subresource_names = ["registry"] } + } diff --git a/templates/workspace_services/azureml/terraform/compute.tf b/templates/workspace_services/azureml/terraform/compute.tf index f4f28cbf71..a8ce2d890f 100644 --- a/templates/workspace_services/azureml/terraform/compute.tf +++ b/templates/workspace_services/azureml/terraform/compute.tf @@ -66,11 +66,12 @@ resource "azapi_resource" "compute_cluster" { } -resource "azurerm_role_assignment" "compute_cluster_acr_pull" { - scope = azurerm_container_registry.acr.id - role_definition_name = "AcrPull" - principal_id = jsondecode(azapi_resource.compute_cluster.output).identity.principalId -} +# This seems to be added automatically +# resource "azurerm_role_assignment" "compute_cluster_acr_pull" { +# scope = azurerm_container_registry.acr.id +# role_definition_name = "AcrPull" +# principal_id = jsondecode(azapi_resource.compute_cluster.output).identity.principalId +# } resource "azapi_update_resource" "set_image_build_compute" { type = "Microsoft.MachineLearningServices/workspaces@2022-10-01" @@ -84,7 +85,8 @@ resource "azapi_update_resource" "set_image_build_compute" { }) depends_on = [ - azapi_resource.compute_cluster, - azurerm_role_assignment.compute_cluster_acr_pull + azapi_resource.compute_cluster + #, + #azurerm_role_assignment.compute_cluster_acr_pull ] } diff --git a/templates/workspace_services/azureml/terraform/network.tf b/templates/workspace_services/azureml/terraform/network.tf index 8e12486364..29019dfcbd 100644 --- a/templates/workspace_services/azureml/terraform/network.tf +++ b/templates/workspace_services/azureml/terraform/network.tf @@ -1,6 +1,6 @@ resource "azurerm_network_security_group" "aml" { location = data.azurerm_virtual_network.ws.location - name = "nsg-aml" + name = "nsg-aml-${local.short_service_id}" resource_group_name = data.azurerm_virtual_network.ws.resource_group_name tags = local.tre_workspace_service_tags @@ -199,11 +199,11 @@ resource "azurerm_route" "firewall" { name = "rt-aml-${var.tre_id}-${local.short_service_id}" resource_group_name = data.azurerm_resource_group.ws.name route_table_name = azurerm_route_table.aml[count.index].name - address_prefix = data.azurerm_route_table.rt[count.index].route[0].address_prefix - next_hop_type = data.azurerm_route_table.rt[count.index].route[0].next_hop_type + address_prefix = data.azurerm_route_table.rt.route[0].address_prefix + next_hop_type = data.azurerm_route_table.rt.route[0].next_hop_type + next_hop_in_ip_address = data.azurerm_route_table.rt.route[0].next_hop_in_ip_address } - resource "azurerm_route" "aml" { count = var.is_exposed_externally ? 1 : 0 name = "rt-aml-${var.tre_id}-${local.short_service_id}" @@ -225,12 +225,12 @@ resource "azurerm_route" "batch" { resource "azurerm_subnet_route_table_association" "rt_aml_subnet_association" { count = var.is_exposed_externally ? 1 : 0 - route_table_id = data.azurerm_route_table.rt.id + route_table_id = azurerm_route_table.aml[count.index].id subnet_id = azurerm_subnet.aml.id } resource "azurerm_subnet_route_table_association" "rt_core_aml_subnet_association" { count = var.is_exposed_externally ? 0 : 1 - route_table_id = azurerm_route_table.aml[count.index].id + route_table_id = data.azurerm_route_table.rt.id subnet_id = azurerm_subnet.aml.id } diff --git a/templates/workspace_services/azureml/terraform/providers.tf b/templates/workspace_services/azureml/terraform/providers.tf index f8e7b4fb95..63a33fb1aa 100644 --- a/templates/workspace_services/azureml/terraform/providers.tf +++ b/templates/workspace_services/azureml/terraform/providers.tf @@ -6,7 +6,7 @@ terraform { } azapi = { source = "Azure/azapi" - version = "=1.0.0" + version = "=1.1.0" } external = { source = "hashicorp/external" diff --git a/templates/workspace_services/azureml/terraform/storage.tf b/templates/workspace_services/azureml/terraform/storage.tf index 5e3442365f..a03cff560d 100644 --- a/templates/workspace_services/azureml/terraform/storage.tf +++ b/templates/workspace_services/azureml/terraform/storage.tf @@ -6,7 +6,7 @@ resource "azurerm_storage_account" "aml" { account_replication_type = "GRS" network_rules { - default_action = "Deny" + default_action = "Deny" } } @@ -24,7 +24,7 @@ resource "azurerm_private_endpoint" "blobpe" { name = "pe-${local.storage_name}" location = data.azurerm_resource_group.ws.location resource_group_name = data.azurerm_resource_group.ws.name - subnet_id = data.azurerm_subnet.services.id + subnet_id = azurerm_subnet.aml.id lifecycle { ignore_changes = [tags] } From f07f274ee8a2ebb9f6293cf80f54f54f5d8456a8 Mon Sep 17 00:00:00 2001 From: marrobi Date: Thu, 5 Jan 2023 11:09:33 +0000 Subject: [PATCH 05/19] Always deploy 445 rule --- templates/workspace_services/azureml/porter.yaml | 2 +- templates/workspace_services/azureml/terraform/network.tf | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/templates/workspace_services/azureml/porter.yaml b/templates/workspace_services/azureml/porter.yaml index d90504b247..d1db6c1674 100644 --- a/templates/workspace_services/azureml/porter.yaml +++ b/templates/workspace_services/azureml/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-azureml -version: 0.7.6 +version: 0.7.7 description: "An Azure TRE service for Azure Machine Learning" registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/workspace_services/azureml/terraform/network.tf b/templates/workspace_services/azureml/terraform/network.tf index 29019dfcbd..e6cd7faf74 100644 --- a/templates/workspace_services/azureml/terraform/network.tf +++ b/templates/workspace_services/azureml/terraform/network.tf @@ -110,7 +110,8 @@ resource "azurerm_network_security_rule" "allow_aml_inbound" { } resource "azurerm_network_security_rule" "allow_outbound_storage_445" { - count = var.is_exposed_externally ? 1 : 0 + # TODO: this shouldn't be needed for private compute + # count = var.is_exposed_externally ? 1 : 0 access = "Allow" destination_port_range = "445" destination_address_prefix = "Storage" From 11b1602a50488089e5e01539d1cc5412aa1ce916 Mon Sep 17 00:00:00 2001 From: marrobi Date: Thu, 5 Jan 2023 18:08:13 +0000 Subject: [PATCH 06/19] Fix various networking and firewall issues. --- .../workspace_services/azureml/porter.yaml | 38 ++++--- .../azureml/template_schema.json | 105 +++++------------- .../azureml/terraform/.terraform.lock.hcl | 28 ++--- .../azureml/terraform/main.tf | 2 +- .../azureml/terraform/network.tf | 78 +++++++++---- .../azureml/terraform/outputs.tf | 28 ++++- .../azureml/terraform/providers.tf | 2 +- .../azureml/terraform/variables.tf | 32 ++++-- .../aml_compute/terraform/.terraform.lock.hcl | 58 +++++----- .../aml_compute/terraform/providers.tf | 15 +-- 10 files changed, 207 insertions(+), 179 deletions(-) diff --git a/templates/workspace_services/azureml/porter.yaml b/templates/workspace_services/azureml/porter.yaml index d1db6c1674..a4ede6484d 100644 --- a/templates/workspace_services/azureml/porter.yaml +++ b/templates/workspace_services/azureml/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-azureml -version: 0.7.7 +version: 0.7.16 description: "An Azure TRE service for Azure Machine Learning" registry: azuretre dockerfile: Dockerfile.tmpl @@ -86,7 +86,12 @@ outputs: applyTo: - install - upgrade - - name: workspace_services_subnet_address_prefix + - name: workspace_address_spaces + type: string + applyTo: + - install + - upgrade + - name: aml_subnet_address_prefixes type: string applyTo: - install @@ -96,6 +101,16 @@ outputs: applyTo: - install - upgrade + - name: batch_tag + type: string + applyTo: + - install + - upgrade + - name: mcr_tag + type: string + applyTo: + - install + - upgrade mixins: - terraform: @@ -117,9 +132,6 @@ install: address_space: ${ bundle.parameters.address_space } is_exposed_externally: ${ bundle.parameters.is_exposed_externally } arm_tenant_id: ${ bundle.credentials.azure_tenant_id } - arm_client_id: ${ bundle.credentials.azure_client_id } - arm_client_secret: ${ bundle.credentials.azure_client_secret } - arm_use_msi: ${ bundle.parameters.arm_use_msi } auth_client_id: ${ bundle.credentials.auth_client_id } auth_client_secret: ${ bundle.credentials.auth_client_secret } auth_tenant_id: ${ bundle.credentials.auth_tenant_id } @@ -134,8 +146,11 @@ install: - name: azureml_storage_account_id - name: connection_uri - name: internal_connection_uri - - name: workspace_services_subnet_address_prefix + - name: workspace_address_spaces + - name: aml_subnet_address_prefixes - name: storage_tag + - name: batch_tag + - name: mcr_tag upgrade: - terraform: @@ -149,9 +164,6 @@ upgrade: address_space: ${ bundle.parameters.address_space } is_exposed_externally: ${ bundle.parameters.is_exposed_externally } arm_tenant_id: ${ bundle.credentials.azure_tenant_id } - arm_client_id: ${ bundle.credentials.azure_client_id } - arm_client_secret: ${ bundle.credentials.azure_client_secret } - arm_use_msi: ${ bundle.parameters.arm_use_msi } auth_client_id: ${ bundle.credentials.auth_client_id } auth_client_secret: ${ bundle.credentials.auth_client_secret } auth_tenant_id: ${ bundle.credentials.auth_tenant_id } @@ -166,8 +178,11 @@ upgrade: - name: azureml_storage_account_id - name: connection_uri - name: internal_connection_uri - - name: workspace_services_subnet_address_prefix + - name: workspace_address_spaces + - name: aml_subnet_address_prefixes - name: storage_tag + - name: batch_tag + - name: mcr_tag uninstall: - terraform: @@ -180,10 +195,7 @@ uninstall: description: ${ bundle.parameters.description } address_space: ${ bundle.parameters.address_space } is_exposed_externally: ${ bundle.parameters.is_exposed_externally } - arm_use_msi: ${ bundle.parameters.arm_use_msi } arm_tenant_id: ${ bundle.credentials.azure_tenant_id } - arm_client_id: ${ bundle.credentials.azure_client_id } - arm_client_secret: ${ bundle.credentials.azure_client_secret } auth_client_id: ${ bundle.credentials.auth_client_id } auth_client_secret: ${ bundle.credentials.auth_client_secret } auth_tenant_id: ${ bundle.credentials.auth_tenant_id } diff --git a/templates/workspace_services/azureml/template_schema.json b/templates/workspace_services/azureml/template_schema.json index 037fb662a1..6521b3ffa4 100644 --- a/templates/workspace_services/azureml/template_schema.json +++ b/templates/workspace_services/azureml/template_schema.json @@ -78,33 +78,13 @@ { "name": "AzureMachineLearning", "description": "Azure Machine Learning rules", - "source_addresses": [ - "{{ resource.properties.workspace_services_subnet_address_prefix }}" - ], - "destination_addresses": [ - "AzureMachineLearning" - ], - "destination_ports": [ - "443", - "8787", - "18881" - ], - "protocols": [ - "TCP" - ] - }, - { - "name": "AzureActiveDirectory", - "description": "Azure Active Directory", - "source_addresses": [ - "{{ resource.properties.workspace_services_subnet_address_prefix }}" - ], + "source_addresses": "{{ resource.properties.aml_subnet_address_prefixes }}", "destination_addresses": [ - "AzureActiveDirectory" + "AzureMachineLearning", + "{{ resource.properties.batch_tag }}" ], "destination_ports": [ - "443", - "80" + "443" ], "protocols": [ "TCP" @@ -113,13 +93,13 @@ { "name": "AzureML_Dependancies", "description": "AzureML Dependancies", - "source_addresses": [ - "{{ resource.properties.workspace_services_subnet_address_prefix }}" - ], + "source_addresses": "{{ resource.properties.aml_subnet_address_prefixes }}", "destination_addresses": [ "AzureActiveDirectory", "AzureResourceManager", - "MicrosoftContainerRegistry" + "{{ resource.properties.mcr_tag }}", + "AzureFrontDoor.FirstParty" + ], "destination_ports": [ "443" @@ -131,9 +111,7 @@ { "name": "AzureML_Storage", "description": "AzureML Storage", - "source_addresses": [ - "{{ resource.properties.workspace_services_subnet_address_prefix }}" - ], + "source_addresses": "{{ resource.properties.aml_subnet_address_prefixes }}", "destination_addresses": [ "{{ resource.properties.storage_tag }}" ], @@ -154,21 +132,17 @@ "arraySubstitutionAction": "replace", "arrayMatchField": "name", "value": { - "name": "arc_svc_{{ resource.id }}_azureml", + "name": "arc_svc_{{ resource.id }}_azureml_client", "action": "Allow", "rules": [ { - "name": "AzureML", + "name": "AzureML_client", "description": "AzureML rules", - "source_addresses": [ - "{{ resource.properties.workspace_services_subnet_address_prefix }}" - ], + "source_addresses": "{{ resource.properties.workspace_address_spaces }}", "target_fqdns": [ "aadcdn.msauth.net", "ml.azure.com", - "automlresources-prod.azureedge.net", - "update.code.visualstudio.com", - "database.clamav.net" + "automlresources-prod.azureedge.net" ], "protocols": [ { @@ -206,33 +180,13 @@ { "name": "AzureMachineLearning", "description": "Azure Machine Learning rules", - "source_addresses": [ - "{{ resource.properties.workspace_services_subnet_address_prefix }}" - ], + "source_addresses": "{{ resource.properties.aml_subnet_address_prefixes }}", "destination_addresses": [ - "AzureMachineLearning" + "AzureMachineLearning", + "{{ resource.properties.batch_tag }}" ], "destination_ports": [ - "443", - "8787", - "18881" - ], - "protocols": [ - "TCP" - ] - }, - { - "name": "AzureActiveDirectory", - "description": "Azure Active Directory", - "source_addresses": [ - "{{ resource.properties.workspace_services_subnet_address_prefix }}" - ], - "destination_addresses": [ - "AzureActiveDirectory" - ], - "destination_ports": [ - "443", - "80" + "443" ], "protocols": [ "TCP" @@ -241,13 +195,13 @@ { "name": "AzureML_Dependancies", "description": "AzureML Dependancies", - "source_addresses": [ - "{{ resource.properties.workspace_services_subnet_address_prefix }}" - ], + "source_addresses": "{{ resource.properties.aml_subnet_address_prefixes }}", "destination_addresses": [ "AzureActiveDirectory", "AzureResourceManager", - "MicrosoftContainerRegistry" + "{{ resource.properties.mcr_tag }}", + "AzureFrontDoor.FirstParty" + ], "destination_ports": [ "443" @@ -259,9 +213,7 @@ { "name": "AzureML_Storage", "description": "AzureML Storage", - "source_addresses": [ - "{{ resource.properties.workspace_services_subnet_address_prefix }}" - ], + "source_addresses": "{{ resource.properties.aml_subnet_address_prefixes }}", "destination_addresses": [ "{{ resource.properties.storage_tag }}" ], @@ -282,18 +234,17 @@ "arraySubstitutionAction": "replace", "arrayMatchField": "name", "value": { - "name": "arc_svc_{{ resource.id }}_azureml", + "name": "arc_svc_{{ resource.id }}_azureml_client", "action": "Allow", "rules": [ { - "name": "AzureML", + "name": "AzureML_client", "description": "AzureML rules", - "source_addresses": [ - "{{ resource.properties.workspace_services_subnet_address_prefix }}" - ], + "source_addresses": "{{ resource.properties.workspace_address_spaces }}", "target_fqdns": [ - "aadcdn.msftauth.net", - "ml.azure.com" + "aadcdn.msauth.net", + "ml.azure.com", + "automlresources-prod.azureedge.net" ], "protocols": [ { diff --git a/templates/workspace_services/azureml/terraform/.terraform.lock.hcl b/templates/workspace_services/azureml/terraform/.terraform.lock.hcl index 5a22423fbb..11412f37a1 100644 --- a/templates/workspace_services/azureml/terraform/.terraform.lock.hcl +++ b/templates/workspace_services/azureml/terraform/.terraform.lock.hcl @@ -22,22 +22,22 @@ provider "registry.terraform.io/azure/azapi" { } provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.27.0" - constraints = "3.27.0" + version = "3.37.0" + constraints = "3.37.0" hashes = [ - "h1:0CrzPeSTqt0Q1i9HymfWMovS2/2omGYS//cFYkDU0So=", - "zh:02e014e70113c321aca49e76c4c39e7d7ca0f45763f095a063d523f0af1a9327", - "zh:17457072dbc2e0cb112dcc246173895f873c5d7d907e2f6883c19a104e053e66", - "zh:2f38a5326dbadeba80da45c1c6f4eabe207a7672d3e7c9056df1861433148790", - "zh:63f608417196fd88d3a5a20b037de0064302985414f49ff494aa65e00dc5d218", - "zh:705d67e00c77181bcc6c50613bb8aa2c77988f86534bc240a300a1826efbc24c", - "zh:72f7eca9bd3b7b1e6fffb5bc7b11a9281c1f34319b2073b2c7db1b08b558b2f8", - "zh:7579eef7a029f0bb8440f161afd53e59859541a4aa05008d0d88c5ecf2d81c23", - "zh:78429d5602a356acadc3c4b2d19bbed3e1a373f8c89e2bb9871527a1c56f51cb", - "zh:e0eb79998b61d7d2a4be05cc28f7c2caa8bc50edddd2f0e0bfb99a833982ae6b", - "zh:e6b3d8da3e75d6793a21f318937ce3ba81d6267c18cc058a9366ba35d37cf3be", + "h1:83XTgyPKUKt706IjTLHo9HL0KN5m+DwmSKuVQv6dNb4=", + "zh:2a7bda0b7679d1c791c762103a22f333b544b6e6776c4177f33bafc9cc28c919", + "zh:49ff49670c349f918017315838a43ece09bf6f1bf7721b992f1cadbceb273c62", + "zh:55c9346d03380585e17616b79c4233b726d6fb9efa1921848834fc881e5d7d54", + "zh:5ab117b56a4236ea29926e9d95c27d7bf8ae6706d0fffb76c0b1bfe67bf3a78e", + "zh:5cfc086d5d56308edb3e68aac5f8a448ddc6e56541be7b152ae886399e9b2c69", + "zh:7a8929ed38152aac6652711f32193c8582bc996f8fa73879a3ac7a9bf88d2460", + "zh:895294e90a37f719975fcd2269b95e973147e48ec0ebb9c2fe472bc93531b49c", + "zh:8baa5e2b6e5b02df5b45d253a3aea93f22619920cf9577290d682b59a6d5664b", + "zh:b146a732c7909238c10d216b92a35092be4f72a0509a4c6742cc3245bf3b3bf3", + "zh:cedef898ccd512a6519eae3dff7eb0d581d2c3dad8e0001992da16ad1d7fded8", + "zh:f016d9ba94ea88476883b4d63cff88a0225974e0a8b8c3e8555f73c5de6f7119", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:f7905b2ac7e3a71ebbdc6846bbbc417df4be5690e7afd74d2aba48828a21398e", ] } diff --git a/templates/workspace_services/azureml/terraform/main.tf b/templates/workspace_services/azureml/terraform/main.tf index 696d40fefe..7df42a0a34 100644 --- a/templates/workspace_services/azureml/terraform/main.tf +++ b/templates/workspace_services/azureml/terraform/main.tf @@ -35,7 +35,7 @@ resource "azurerm_private_endpoint" "mlpe" { name = "mlpe-${local.service_resource_name_suffix}" location = data.azurerm_resource_group.ws.location resource_group_name = data.azurerm_resource_group.ws.name - subnet_id = data.azurerm_subnet.services.id + subnet_id = azurerm_subnet.aml.id tags = local.tre_workspace_service_tags lifecycle { ignore_changes = [tags] } diff --git a/templates/workspace_services/azureml/terraform/network.tf b/templates/workspace_services/azureml/terraform/network.tf index e6cd7faf74..486179d4d1 100644 --- a/templates/workspace_services/azureml/terraform/network.tf +++ b/templates/workspace_services/azureml/terraform/network.tf @@ -79,6 +79,21 @@ resource "azurerm_subnet_network_security_group_association" "services" { subnet_id = azurerm_subnet.aml.id } + +resource "azurerm_network_security_rule" "allow_outbound_within_workspace_vnet" { + access = "Allow" + destination_port_range = "*" + destination_address_prefixes = data.azurerm_virtual_network.ws.address_space + source_address_prefixes = data.azurerm_virtual_network.ws.address_space + direction = "Outbound" + name = "outbound-within-workspace-subnet" + network_security_group_name = azurerm_network_security_group.aml.name + priority = 100 + protocol = "*" + resource_group_name = data.azurerm_resource_group.ws.name + source_port_range = "*" +} + resource "azurerm_network_security_rule" "allow_batch_inbound" { count = var.is_exposed_externally ? 1 : 0 access = "Allow" @@ -88,27 +103,27 @@ resource "azurerm_network_security_rule" "allow_batch_inbound" { direction = "Inbound" name = "${local.short_service_id}-batch-inbound-29876" network_security_group_name = azurerm_network_security_group.aml.name - priority = 100 - protocol = "Tcp" - resource_group_name = data.azurerm_resource_group.ws.name - source_port_range = "*" -} - -resource "azurerm_network_security_rule" "allow_aml_inbound" { - #count = var.is_exposed_externally ? 1 : 0 - access = "Allow" - destination_port_ranges = ["44224"] - destination_address_prefix = "VirtualNetwork" - source_address_prefix = "AzureMachineLearning" - direction = "Inbound" - name = "${local.short_service_id}-aml-inbound" - network_security_group_name = azurerm_network_security_group.aml.name priority = 101 protocol = "Tcp" resource_group_name = data.azurerm_resource_group.ws.name source_port_range = "*" } +# resource "azurerm_network_security_rule" "allow_aml_inbound" { +# #count = var.is_exposed_externally ? 1 : 0 +# access = "Allow" +# destination_port_ranges = ["44224"] +# destination_address_prefix = "VirtualNetwork" +# source_address_prefix = "AzureMachineLearning" +# direction = "Inbound" +# name = "${local.short_service_id}-aml-inbound" +# network_security_group_name = azurerm_network_security_group.aml.name +# priority = 102 +# protocol = "Tcp" +# resource_group_name = data.azurerm_resource_group.ws.name +# source_port_range = "*" +# } + resource "azurerm_network_security_rule" "allow_outbound_storage_445" { # TODO: this shouldn't be needed for private compute # count = var.is_exposed_externally ? 1 : 0 @@ -119,7 +134,7 @@ resource "azurerm_network_security_rule" "allow_outbound_storage_445" { direction = "Outbound" name = "${local.short_service_id}-allow-Outbound_Storage_445" network_security_group_name = azurerm_network_security_group.aml.name - priority = 102 + priority = 103 protocol = "Tcp" resource_group_name = data.azurerm_resource_group.ws.name source_port_range = "*" @@ -132,7 +147,7 @@ resource "azurerm_network_security_rule" "allow_outbound_to_shared_services" { direction = "Outbound" name = "to-shared-services" network_security_group_name = azurerm_network_security_group.aml.name - priority = 103 + priority = 104 protocol = "*" resource_group_name = data.azurerm_resource_group.ws.name source_address_prefix = "*" @@ -147,7 +162,7 @@ resource "azurerm_network_security_rule" "allow_outbound_to_internet" { direction = "Outbound" name = "to-internet" network_security_group_name = azurerm_network_security_group.aml.name - priority = 104 + priority = 105 protocol = "Tcp" resource_group_name = data.azurerm_resource_group.ws.name source_address_prefix = "*" @@ -169,6 +184,21 @@ resource "azurerm_network_security_rule" "deny_outbound_override" { source_port_range = "*" } + +resource "azurerm_network_security_rule" "allow_inbound_within_workspace_vnet" { + access = "Allow" + destination_port_range = "*" + destination_address_prefixes = data.azurerm_virtual_network.ws.address_space + source_address_prefixes = data.azurerm_virtual_network.ws.address_space + direction = "Inbound" + name = "inbound-within-workspace-vnet" + network_security_group_name = azurerm_network_security_group.aml.name + priority = 100 + protocol = "*" + resource_group_name = data.azurerm_resource_group.ws.name + source_port_range = "*" +} + resource "azurerm_network_security_rule" "deny_all_inbound_override" { access = "Deny" destination_address_prefix = "*" @@ -196,12 +226,12 @@ resource "azurerm_route_table" "aml" { } resource "azurerm_route" "firewall" { - count = var.is_exposed_externally ? 1 : 0 - name = "rt-aml-${var.tre_id}-${local.short_service_id}" - resource_group_name = data.azurerm_resource_group.ws.name - route_table_name = azurerm_route_table.aml[count.index].name - address_prefix = data.azurerm_route_table.rt.route[0].address_prefix - next_hop_type = data.azurerm_route_table.rt.route[0].next_hop_type + count = var.is_exposed_externally ? 1 : 0 + name = "rt-aml-${var.tre_id}-${local.short_service_id}" + resource_group_name = data.azurerm_resource_group.ws.name + route_table_name = azurerm_route_table.aml[count.index].name + address_prefix = data.azurerm_route_table.rt.route[0].address_prefix + next_hop_type = data.azurerm_route_table.rt.route[0].next_hop_type next_hop_in_ip_address = data.azurerm_route_table.rt.route[0].next_hop_in_ip_address } diff --git a/templates/workspace_services/azureml/terraform/outputs.tf b/templates/workspace_services/azureml/terraform/outputs.tf index b122359bfb..427828e4ab 100644 --- a/templates/workspace_services/azureml/terraform/outputs.tf +++ b/templates/workspace_services/azureml/terraform/outputs.tf @@ -18,8 +18,12 @@ output "internal_connection_uri" { value = var.is_exposed_externally ? "" : "https://ml.azure.com/?wsid=${azurerm_machine_learning_workspace.aml_workspace.id}&tid=${var.arm_tenant_id}" } -output "workspace_services_subnet_address_prefix" { - value = data.azurerm_subnet.services.address_prefix +output "workspace_address_spaces" { + value = data.azurerm_virtual_network.ws.address_space +} + +output "aml_subnet_address_prefixes" { + value = azurerm_subnet.aml.address_prefixes } data "azurerm_network_service_tags" "storage_tag" { @@ -28,6 +32,26 @@ data "azurerm_network_service_tags" "storage_tag" { location_filter = azurerm_storage_account.aml.location } +data "azurerm_network_service_tags" "mcr_tag" { + location = azurerm_storage_account.aml.location + service = "MicrosoftContainerRegistry" + location_filter = azurerm_storage_account.aml.location +} + +data "azurerm_network_service_tags" "batch_tag" { + location = azurerm_storage_account.aml.location + service = "BatchNodeManagement" + location_filter = azurerm_storage_account.aml.location +} + output "storage_tag" { value = data.azurerm_network_service_tags.storage_tag.id } + +output "mcr_tag" { + value = data.azurerm_network_service_tags.mcr_tag.id +} + +output "batch_tag" { + value = data.azurerm_network_service_tags.batch_tag.id +} diff --git a/templates/workspace_services/azureml/terraform/providers.tf b/templates/workspace_services/azureml/terraform/providers.tf index 63a33fb1aa..023b5bd40f 100644 --- a/templates/workspace_services/azureml/terraform/providers.tf +++ b/templates/workspace_services/azureml/terraform/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "=3.27.0" + version = "=3.37.0" } azapi = { source = "Azure/azapi" diff --git a/templates/workspace_services/azureml/terraform/variables.tf b/templates/workspace_services/azureml/terraform/variables.tf index 8c8ccd9278..ca61e4c792 100644 --- a/templates/workspace_services/azureml/terraform/variables.tf +++ b/templates/workspace_services/azureml/terraform/variables.tf @@ -1,18 +1,27 @@ -variable "workspace_id" {} -variable "tre_id" {} -variable "tre_resource_id" {} -variable "arm_use_msi" { - type = bool +variable "workspace_id" { + type = string +} +variable "tre_id" { + type = string +} +variable "tre_resource_id" { + type = string +} +variable "display_name" { + type = string +} +variable "description" { + type = string } -variable "arm_tenant_id" {} -variable "arm_client_id" {} -variable "arm_client_secret" {} -variable "display_name" {} -variable "description" {} variable "is_exposed_externally" { type = bool } -variable "address_space" {} +variable "address_space" { + type = string +} +variable "arm_tenant_id" { + type = string +} variable "auth_tenant_id" { type = string description = "Used to authenticate into the AAD Tenant to get app role members" @@ -23,5 +32,6 @@ variable "auth_client_id" { } variable "auth_client_secret" { type = string + sensitive = true description = "Used to authenticate into the AAD Tenant to get app role members" } diff --git a/templates/workspace_services/azureml/user_resources/aml_compute/terraform/.terraform.lock.hcl b/templates/workspace_services/azureml/user_resources/aml_compute/terraform/.terraform.lock.hcl index e9fa0d994d..2d50ab9ef5 100644 --- a/templates/workspace_services/azureml/user_resources/aml_compute/terraform/.terraform.lock.hcl +++ b/templates/workspace_services/azureml/user_resources/aml_compute/terraform/.terraform.lock.hcl @@ -2,41 +2,41 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/azure/azapi" { - version = "0.3.0" - constraints = "0.3.0" + version = "1.1.0" + constraints = "1.1.0" hashes = [ - "h1:KGHPwnrVw1R7UZjCJUwD2ncSR59Evj/woOXq6kMokI0=", - "zh:2d6e75d48f649498982aa0405161f18715ce61f651e3bfb798d5eca19241e450", - "zh:472f93b81b30e07afcea8b56048847f80bc10237a74f75f178a69072a74109ca", - "zh:4b949da7e9c3f98a27a43e579e801e5878d33e9602272c1e79989b7b197db7d4", - "zh:63a5e9f037158dbf9676d7918ff5136cb006e6e44d05518732a1caef76f19032", - "zh:8552d620c2d5af9b947286ea1224642f507e103b542dde66a263bdd401672db4", - "zh:8636c942a64665a7a68b7d8eb8d30b535fe8c3bd5d8b28133b092416006693a3", - "zh:8ab0534b571335b17504a15c697ed71c80b63e78bf265f836bac778efc4b2f2e", - "zh:8f290f233240b4e2771e7a678186033c86b9b30dfcc86b52ee7b8d4552766fb3", - "zh:a425eb1a5d5bd17f5a2398c7efae1de89c09927f4c923da3ab9a6615725e1375", - "zh:c30d4577d22ef1bdf850c70c34be66066ada20739923cfced805a67bd5c0cbb1", - "zh:f5ffb5eb96ffaa4e039569cf4d620dbfce1d68c65b6199b6d057556cadb7fe8f", - "zh:fd6e626c32e8c10edae52e89aac13d43936522d1debe4a60acb8227a562c8173", + "h1:IR+AHCwfjl1c0baWwfOwZ6QZtHj41H2syTgHkJtAr/M=", + "zh:2a25df6325a49f9e821f0b02c7da86167fc19a3bac647cd1edf231300f29d077", + "zh:2b443a836a39724663fe455d4deee408ff3a2d9a8b86f8408aa7db2e8aa743f8", + "zh:364ed09ddfc50d9bed8d930f7de489cb654a9908feb139413a097823a50075fd", + "zh:523bc005f56ae785867d230d55c29f59db4b599dbc6c38b4d03ea55a79458916", + "zh:60ded375fdb305b60bcb4d9e596dbb222cab166bad1b4958199b05a72aaeacfd", + "zh:61e69c58642fead6814e511c872b7c0a6478ec6af4ab758b4512607d910ac078", + "zh:823b2154ae2262dabcbd11aac992e3cc29eae0f7baa96bee1e3e2fe1ece8730b", + "zh:870ea9cc24807ef5142e4cad0281dac7173f7b6bf818a79762b6c690d12d4c4b", + "zh:9094ae76ed66cb328a4f35bd18b9140fb6fc6859c2e46431ec73c018bcb58d96", + "zh:d89149cfd01cb70012459536b4d36490b58e43312440562e5910bd5160537858", + "zh:dba7ec06171ca062fc423ba5b4776a5600444e45e57f4d1cb043bdc3eee538b7", + "zh:ff5bd6883d9ac8334e043434246357a55107411e9a962856c1d17e47ee15ac37", ] } provider "registry.terraform.io/hashicorp/azurerm" { - version = "3.5.0" - constraints = "3.5.0" + version = "3.37.0" + constraints = "3.37.0" hashes = [ - "h1:T4XsCHDT839VehWKdxbVsLn0ECjcQaUTzbSGW055pgM=", - "zh:0d8ae6d6e87f44ed4a178be03d6466339b0bb578ab54c2677e365a8281b0bb7d", - "zh:29d250d1a18d49652b28f234ecd17687b36c875dc47877a678e587d5d136b054", - "zh:2e69ba373cf009e8a60b36d04f3dbc4638708d1bf88be9f96b3e52cbf8f47f31", - "zh:53d525dd84ac63b5f749bfbc6b70a202dacf29597664d2ab1165efea6f24f630", - "zh:a25024d574ccd5ae6c2962f3bb71d510f62899f493b1ed096f2f7f0e2b18f975", - "zh:aabc64fe64319b95aaba1d1866f87abc7b10adae37d2eafa2f85f37317fdd49f", - "zh:acc6a977814897cb23d3b3753213281334238f8bce6d2b21e9f04fc4087ee980", - "zh:b24987e9416c39cd59c0fa41c139a97406b9955f0607fcafbf3315014456338a", - "zh:c550eae45fd32acdbe32b4e5c450ae95df6cb18903ac7216b1b07b23a16ce045", - "zh:c8f83b763b643893dcb6933a6bcee824cb514e06e7e5c5f5ac4ba187e66d7e22", - "zh:dcdac07e7ea18464dea729717870c275de9453775243c231e1fb305cad0ee597", + "h1:83XTgyPKUKt706IjTLHo9HL0KN5m+DwmSKuVQv6dNb4=", + "zh:2a7bda0b7679d1c791c762103a22f333b544b6e6776c4177f33bafc9cc28c919", + "zh:49ff49670c349f918017315838a43ece09bf6f1bf7721b992f1cadbceb273c62", + "zh:55c9346d03380585e17616b79c4233b726d6fb9efa1921848834fc881e5d7d54", + "zh:5ab117b56a4236ea29926e9d95c27d7bf8ae6706d0fffb76c0b1bfe67bf3a78e", + "zh:5cfc086d5d56308edb3e68aac5f8a448ddc6e56541be7b152ae886399e9b2c69", + "zh:7a8929ed38152aac6652711f32193c8582bc996f8fa73879a3ac7a9bf88d2460", + "zh:895294e90a37f719975fcd2269b95e973147e48ec0ebb9c2fe472bc93531b49c", + "zh:8baa5e2b6e5b02df5b45d253a3aea93f22619920cf9577290d682b59a6d5664b", + "zh:b146a732c7909238c10d216b92a35092be4f72a0509a4c6742cc3245bf3b3bf3", + "zh:cedef898ccd512a6519eae3dff7eb0d581d2c3dad8e0001992da16ad1d7fded8", + "zh:f016d9ba94ea88476883b4d63cff88a0225974e0a8b8c3e8555f73c5de6f7119", "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", ] } diff --git a/templates/workspace_services/azureml/user_resources/aml_compute/terraform/providers.tf b/templates/workspace_services/azureml/user_resources/aml_compute/terraform/providers.tf index bc6bfbdf3e..ae58c6f613 100644 --- a/templates/workspace_services/azureml/user_resources/aml_compute/terraform/providers.tf +++ b/templates/workspace_services/azureml/user_resources/aml_compute/terraform/providers.tf @@ -1,20 +1,21 @@ -# Azure Provider source and version being used terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "=3.5.0" + version = "=3.37.0" } azapi = { source = "Azure/azapi" - version = "=0.3.0" + version = "=1.1.0" } } - backend "azurerm" { - } -} + backend "azurerm" {} +} provider "azurerm" { - features {} + features { + } } + +provider "azapi" {} From 1e2177491691fe23101734113d8568361ca02e63 Mon Sep 17 00:00:00 2001 From: marrobi Date: Fri, 6 Jan 2023 09:46:03 +0000 Subject: [PATCH 07/19] Update ordering --- .../workspace_services/azureml/porter.yaml | 2 +- .../azureml/terraform/network.tf | 32 +++++++++---------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/templates/workspace_services/azureml/porter.yaml b/templates/workspace_services/azureml/porter.yaml index a4ede6484d..9c493fc13c 100644 --- a/templates/workspace_services/azureml/porter.yaml +++ b/templates/workspace_services/azureml/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-azureml -version: 0.7.16 +version: 0.7.17 description: "An Azure TRE service for Azure Machine Learning" registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/workspace_services/azureml/terraform/network.tf b/templates/workspace_services/azureml/terraform/network.tf index 486179d4d1..8aba333561 100644 --- a/templates/workspace_services/azureml/terraform/network.tf +++ b/templates/workspace_services/azureml/terraform/network.tf @@ -80,13 +80,13 @@ resource "azurerm_subnet_network_security_group_association" "services" { } -resource "azurerm_network_security_rule" "allow_outbound_within_workspace_vnet" { +resource "azurerm_network_security_rule" "allow_inbound_within_workspace_vnet" { access = "Allow" destination_port_range = "*" destination_address_prefixes = data.azurerm_virtual_network.ws.address_space source_address_prefixes = data.azurerm_virtual_network.ws.address_space - direction = "Outbound" - name = "outbound-within-workspace-subnet" + direction = "Inbound" + name = "inbound-within-workspace-vnet" network_security_group_name = azurerm_network_security_group.aml.name priority = 100 protocol = "*" @@ -169,6 +169,19 @@ resource "azurerm_network_security_rule" "allow_outbound_to_internet" { source_port_range = "*" } +resource "azurerm_network_security_rule" "allow_outbound_within_workspace_vnet" { + access = "Allow" + destination_port_range = "*" + destination_address_prefixes = data.azurerm_virtual_network.ws.address_space + source_address_prefixes = data.azurerm_virtual_network.ws.address_space + direction = "Outbound" + name = "outbound-within-workspace-subnet" + network_security_group_name = azurerm_network_security_group.aml.name + priority = 100 + protocol = "*" + resource_group_name = data.azurerm_resource_group.ws.name + source_port_range = "*" +} resource "azurerm_network_security_rule" "deny_outbound_override" { access = "Deny" @@ -185,19 +198,6 @@ resource "azurerm_network_security_rule" "deny_outbound_override" { } -resource "azurerm_network_security_rule" "allow_inbound_within_workspace_vnet" { - access = "Allow" - destination_port_range = "*" - destination_address_prefixes = data.azurerm_virtual_network.ws.address_space - source_address_prefixes = data.azurerm_virtual_network.ws.address_space - direction = "Inbound" - name = "inbound-within-workspace-vnet" - network_security_group_name = azurerm_network_security_group.aml.name - priority = 100 - protocol = "*" - resource_group_name = data.azurerm_resource_group.ws.name - source_port_range = "*" -} resource "azurerm_network_security_rule" "deny_all_inbound_override" { access = "Deny" From 847231f1ab82129b31805a5a5f853b1c69f3f2ea Mon Sep 17 00:00:00 2001 From: marrobi Date: Mon, 16 Jan 2023 22:16:41 +0000 Subject: [PATCH 08/19] Add 5831 rule --- .../workspace_services/azureml/porter.yaml | 2 +- .../azureml/template_schema.json | 56 +++++++++++++++++++ .../azureml/terraform/network.tf | 14 +++++ 3 files changed, 71 insertions(+), 1 deletion(-) diff --git a/templates/workspace_services/azureml/porter.yaml b/templates/workspace_services/azureml/porter.yaml index 9c493fc13c..a7d385aae9 100644 --- a/templates/workspace_services/azureml/porter.yaml +++ b/templates/workspace_services/azureml/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-azureml -version: 0.7.17 +version: 0.7.19 description: "An Azure TRE service for Azure Machine Learning" registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/workspace_services/azureml/template_schema.json b/templates/workspace_services/azureml/template_schema.json index 6521b3ffa4..7b0a68ab4f 100644 --- a/templates/workspace_services/azureml/template_schema.json +++ b/templates/workspace_services/azureml/template_schema.json @@ -90,6 +90,20 @@ "TCP" ] }, + { + "name": "AzureMachineLearning5831", + "description": "Azure Machine Learning 5831", + "source_addresses": "{{ resource.properties.aml_subnet_address_prefixes }}", + "destination_addresses": [ + "AzureMachineLearning" + ], + "destination_ports": [ + "5831" + ], + "protocols": [ + "UDP" + ] + }, { "name": "AzureML_Dependancies", "description": "AzureML Dependancies", @@ -108,6 +122,20 @@ "TCP" ] }, + { + "name": "AzureML_Client", + "description": "AzureML Client", + "source_addresses": "{{ resource.properties.workspace_address_spaces }}", + "destination_addresses": [ + "AzureActiveDirectory" + ], + "destination_ports": [ + "443" + ], + "protocols": [ + "TCP" + ] + }, { "name": "AzureML_Storage", "description": "AzureML Storage", @@ -192,6 +220,20 @@ "TCP" ] }, + { + "name": "AzureMachineLearning5831", + "description": "Azure Machine Learning 5831", + "source_addresses": "{{ resource.properties.aml_subnet_address_prefixes }}", + "destination_addresses": [ + "AzureMachineLearning" + ], + "destination_ports": [ + "5831" + ], + "protocols": [ + "UDP" + ] + }, { "name": "AzureML_Dependancies", "description": "AzureML Dependancies", @@ -210,6 +252,20 @@ "TCP" ] }, + { + "name": "AzureML_Client", + "description": "AzureML Client", + "source_addresses": "{{ resource.properties.workspace_address_spaces }}", + "destination_addresses": [ + "AzureActiveDirectory" + ], + "destination_ports": [ + "443" + ], + "protocols": [ + "TCP" + ] + }, { "name": "AzureML_Storage", "description": "AzureML Storage", diff --git a/templates/workspace_services/azureml/terraform/network.tf b/templates/workspace_services/azureml/terraform/network.tf index 8aba333561..d2ff1460a1 100644 --- a/templates/workspace_services/azureml/terraform/network.tf +++ b/templates/workspace_services/azureml/terraform/network.tf @@ -169,6 +169,20 @@ resource "azurerm_network_security_rule" "allow_outbound_to_internet" { source_port_range = "*" } +resource "azurerm_network_security_rule" "allow_outbound_to_aml_5831" { + access = "Allow" + destination_address_prefix = "AzureMachineLearning" + destination_port_range = "5831" + direction = "Outbound" + name = "to-internet" + network_security_group_name = azurerm_network_security_group.aml.name + priority = 106 + protocol = "Udp" + resource_group_name = data.azurerm_resource_group.ws.name + source_address_prefix = "*" + source_port_range = "*" +} + resource "azurerm_network_security_rule" "allow_outbound_within_workspace_vnet" { access = "Allow" destination_port_range = "*" From 1e786d9dc9440d466c4d2654755466ef1d0e50e0 Mon Sep 17 00:00:00 2001 From: marrobi Date: Tue, 17 Jan 2023 13:54:21 +0000 Subject: [PATCH 09/19] Additonal ports. --- .../workspace_services/azureml/porter.yaml | 2 +- .../azureml/template_schema.json | 51 +++++++++++++++---- .../azureml/terraform/network.tf | 46 ++++++++++++++++- 3 files changed, 87 insertions(+), 12 deletions(-) diff --git a/templates/workspace_services/azureml/porter.yaml b/templates/workspace_services/azureml/porter.yaml index a7d385aae9..c0a6540a53 100644 --- a/templates/workspace_services/azureml/porter.yaml +++ b/templates/workspace_services/azureml/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-azureml -version: 0.7.19 +version: 0.7.22 description: "An Azure TRE service for Azure Machine Learning" registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/workspace_services/azureml/template_schema.json b/templates/workspace_services/azureml/template_schema.json index 7b0a68ab4f..300f8461cb 100644 --- a/templates/workspace_services/azureml/template_schema.json +++ b/templates/workspace_services/azureml/template_schema.json @@ -3,7 +3,7 @@ "$id": "https://github.com/microsoft/AzureTRE/templates/workspace_services/azureml/template_schema.json", "type": "object", "title": "Azure Machine Learning", - "description": "Azure Machine Learning empowers data scientists and developers to build, deploy, and manage high-quality models faster and with confidence. It accelerates time to value with industry-leading machine learning operations (MLOps), open-source interoperability, and integrated tools. This trusted platform is designed for responsible AI applications in machine learning.", + "description": "Azure Machine Learning", "required": [], "properties": { "display_name": { @@ -80,7 +80,22 @@ "description": "Azure Machine Learning rules", "source_addresses": "{{ resource.properties.aml_subnet_address_prefixes }}", "destination_addresses": [ - "AzureMachineLearning", + "AzureMachineLearning" + ], + "destination_ports": [ + "443", + "8787", + "18881" + ], + "protocols": [ + "TCP" + ] + }, + { + "name": "BatchNodeManagement", + "description": "Batch Node Management", + "source_addresses": "{{ resource.properties.aml_subnet_address_prefixes }}", + "destination_addresses": [ "{{ resource.properties.batch_tag }}" ], "destination_ports": [ @@ -91,8 +106,8 @@ ] }, { - "name": "AzureMachineLearning5831", - "description": "Azure Machine Learning 5831", + "name": "AzureMachineLearningUdp", + "description": "Azure Machine Learning UDP", "source_addresses": "{{ resource.properties.aml_subnet_address_prefixes }}", "destination_addresses": [ "AzureMachineLearning" @@ -127,7 +142,8 @@ "description": "AzureML Client", "source_addresses": "{{ resource.properties.workspace_address_spaces }}", "destination_addresses": [ - "AzureActiveDirectory" + "AzureActiveDirectory", + "AzureResourceManager" ], "destination_ports": [ "443" @@ -210,7 +226,22 @@ "description": "Azure Machine Learning rules", "source_addresses": "{{ resource.properties.aml_subnet_address_prefixes }}", "destination_addresses": [ - "AzureMachineLearning", + "AzureMachineLearning" + ], + "destination_ports": [ + "443", + "8787", + "18881" + ], + "protocols": [ + "TCP" + ] + }, + { + "name": "BatchNodeManagement", + "description": "Batch Node Management", + "source_addresses": "{{ resource.properties.aml_subnet_address_prefixes }}", + "destination_addresses": [ "{{ resource.properties.batch_tag }}" ], "destination_ports": [ @@ -221,8 +252,8 @@ ] }, { - "name": "AzureMachineLearning5831", - "description": "Azure Machine Learning 5831", + "name": "AzureMachineLearningUdp", + "description": "Azure Machine Learning UDP", "source_addresses": "{{ resource.properties.aml_subnet_address_prefixes }}", "destination_addresses": [ "AzureMachineLearning" @@ -257,7 +288,9 @@ "description": "AzureML Client", "source_addresses": "{{ resource.properties.workspace_address_spaces }}", "destination_addresses": [ - "AzureActiveDirectory" + "AzureActiveDirectory", + "AzureResourceManager", + "AzureMachineLearning" ], "destination_ports": [ "443" diff --git a/templates/workspace_services/azureml/terraform/network.tf b/templates/workspace_services/azureml/terraform/network.tf index d2ff1460a1..d8bf23a6a6 100644 --- a/templates/workspace_services/azureml/terraform/network.tf +++ b/templates/workspace_services/azureml/terraform/network.tf @@ -169,12 +169,12 @@ resource "azurerm_network_security_rule" "allow_outbound_to_internet" { source_port_range = "*" } -resource "azurerm_network_security_rule" "allow_outbound_to_aml_5831" { +resource "azurerm_network_security_rule" "allow_outbound_to_aml_udp_5831" { access = "Allow" destination_address_prefix = "AzureMachineLearning" destination_port_range = "5831" direction = "Outbound" - name = "to-internet" + name = "to-aml-udp" network_security_group_name = azurerm_network_security_group.aml.name priority = 106 protocol = "Udp" @@ -183,6 +183,48 @@ resource "azurerm_network_security_rule" "allow_outbound_to_aml_5831" { source_port_range = "*" } +resource "azurerm_network_security_rule" "allow_outbound_to_aml_tcp_443" { + access = "Allow" + destination_address_prefix = "AzureMachineLearning" + destination_port_range = "443" + direction = "Outbound" + name = "to-aml-tcp-443" + network_security_group_name = azurerm_network_security_group.aml.name + priority = 107 + protocol = "Tcp" + resource_group_name = data.azurerm_resource_group.ws.name + source_address_prefix = "*" + source_port_range = "*" +} + +resource "azurerm_network_security_rule" "allow_outbound_to_aml_tcp_8787" { + access = "Allow" + destination_address_prefix = "AzureMachineLearning" + destination_port_range = "8787" + direction = "Outbound" + name = "to-aml-tcp-8787-rstudio" + network_security_group_name = azurerm_network_security_group.aml.name + priority = 108 + protocol = "Tcp" + resource_group_name = data.azurerm_resource_group.ws.name + source_address_prefix = "*" + source_port_range = "*" +} + +resource "azurerm_network_security_rule" "allow_outbound_to_aml_tcp_18881" { + access = "Allow" + destination_address_prefix = "AzureMachineLearning" + destination_port_range = "18881" + direction = "Outbound" + name = "to-aml-tcp-18881-language-server" + network_security_group_name = azurerm_network_security_group.aml.name + priority = 109 + protocol = "Tcp" + resource_group_name = data.azurerm_resource_group.ws.name + source_address_prefix = "*" + source_port_range = "*" +} + resource "azurerm_network_security_rule" "allow_outbound_within_workspace_vnet" { access = "Allow" destination_port_range = "*" From 1f182e5bd35305e82ef2398247a2ec30d3b7788e Mon Sep 17 00:00:00 2001 From: marrobi Date: Tue, 17 Jan 2023 15:47:35 +0000 Subject: [PATCH 10/19] Fix dependancy issue --- .../workspace_services/azureml/porter.yaml | 4 +-- .../azureml/terraform/data.tf | 15 ++++++++++ .../azureml/terraform/main.tf | 20 ++++--------- .../azureml/terraform/network.tf | 30 +++++++++---------- 4 files changed, 36 insertions(+), 33 deletions(-) diff --git a/templates/workspace_services/azureml/porter.yaml b/templates/workspace_services/azureml/porter.yaml index c0a6540a53..7cd6624881 100644 --- a/templates/workspace_services/azureml/porter.yaml +++ b/templates/workspace_services/azureml/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-azureml -version: 0.7.22 +version: 0.7.23 description: "An Azure TRE service for Azure Machine Learning" registry: azuretre dockerfile: Dockerfile.tmpl @@ -117,8 +117,6 @@ mixins: clientVersion: 1.3.6 - az: clientVersion: 2.37.0 - extensions: - - azure-firewall install: - terraform: diff --git a/templates/workspace_services/azureml/terraform/data.tf b/templates/workspace_services/azureml/terraform/data.tf index 83c3ff9dc3..cb798b5b71 100644 --- a/templates/workspace_services/azureml/terraform/data.tf +++ b/templates/workspace_services/azureml/terraform/data.tf @@ -38,3 +38,18 @@ data "azurerm_route_table" "rt" { name = "rt-${var.tre_id}" resource_group_name = local.core_resource_group_name } + +data "azurerm_private_dns_zone" "azureml" { + name = "privatelink.api.azureml.ms" + resource_group_name = local.core_resource_group_name +} + +data "azurerm_private_dns_zone" "azuremlcert" { + name = "privatelink.cert.api.azureml.ms" + resource_group_name = local.core_resource_group_name +} + +data "azurerm_private_dns_zone" "notebooks" { + name = "privatelink.notebooks.azure.net" + resource_group_name = local.core_resource_group_name +} diff --git a/templates/workspace_services/azureml/terraform/main.tf b/templates/workspace_services/azureml/terraform/main.tf index 7df42a0a34..2fc9f06031 100644 --- a/templates/workspace_services/azureml/terraform/main.tf +++ b/templates/workspace_services/azureml/terraform/main.tf @@ -16,21 +16,6 @@ resource "azurerm_machine_learning_workspace" "aml_workspace" { } } -data "azurerm_private_dns_zone" "azureml" { - name = "privatelink.api.azureml.ms" - resource_group_name = local.core_resource_group_name -} - -data "azurerm_private_dns_zone" "azuremlcert" { - name = "privatelink.cert.api.azureml.ms" - resource_group_name = local.core_resource_group_name -} - - -data "azurerm_private_dns_zone" "notebooks" { - name = "privatelink.notebooks.azure.net" - resource_group_name = local.core_resource_group_name -} resource "azurerm_private_endpoint" "mlpe" { name = "mlpe-${local.service_resource_name_suffix}" location = data.azurerm_resource_group.ws.location @@ -51,4 +36,9 @@ resource "azurerm_private_endpoint" "mlpe" { is_manual_connection = false subresource_names = ["amlworkspace"] } + + depends_on = [ + azurerm_subnet_network_security_group_association.aml, + azapi_resource.aml_service_endpoint_policy + ] } diff --git a/templates/workspace_services/azureml/terraform/network.tf b/templates/workspace_services/azureml/terraform/network.tf index d8bf23a6a6..94191423b8 100644 --- a/templates/workspace_services/azureml/terraform/network.tf +++ b/templates/workspace_services/azureml/terraform/network.tf @@ -74,7 +74,7 @@ resource "azurerm_subnet" "aml" { service_endpoint_policy_ids = [azapi_resource.aml_service_endpoint_policy.id] } -resource "azurerm_subnet_network_security_group_association" "services" { +resource "azurerm_subnet_network_security_group_association" "aml" { network_security_group_id = azurerm_network_security_group.aml.id subnet_id = azurerm_subnet.aml.id } @@ -109,20 +109,20 @@ resource "azurerm_network_security_rule" "allow_batch_inbound" { source_port_range = "*" } -# resource "azurerm_network_security_rule" "allow_aml_inbound" { -# #count = var.is_exposed_externally ? 1 : 0 -# access = "Allow" -# destination_port_ranges = ["44224"] -# destination_address_prefix = "VirtualNetwork" -# source_address_prefix = "AzureMachineLearning" -# direction = "Inbound" -# name = "${local.short_service_id}-aml-inbound" -# network_security_group_name = azurerm_network_security_group.aml.name -# priority = 102 -# protocol = "Tcp" -# resource_group_name = data.azurerm_resource_group.ws.name -# source_port_range = "*" -# } +resource "azurerm_network_security_rule" "allow_aml_inbound" { + count = var.is_exposed_externally ? 1 : 0 + access = "Allow" + destination_port_ranges = ["44224"] + destination_address_prefix = "VirtualNetwork" + source_address_prefix = "AzureMachineLearning" + direction = "Inbound" + name = "${local.short_service_id}-aml-inbound" + network_security_group_name = azurerm_network_security_group.aml.name + priority = 102 + protocol = "Tcp" + resource_group_name = data.azurerm_resource_group.ws.name + source_port_range = "*" +} resource "azurerm_network_security_rule" "allow_outbound_storage_445" { # TODO: this shouldn't be needed for private compute From f90dda78818a43190ab9733bae192fbd8af3b55e Mon Sep 17 00:00:00 2001 From: marrobi Date: Tue, 24 Jan 2023 15:34:55 +0000 Subject: [PATCH 11/19] Update overview and PR comments --- .../workspace_services/azureml/porter.yaml | 2 +- .../azureml/template_schema.json | 7 +- .../azureml/terraform/get_nsg_priorities.sh | 19 ----- .../azureml/terraform/network.tf | 3 +- .../aml_compute/parameters.json | 6 -- .../user_resources/aml_compute/porter.yaml | 38 ++++----- .../aml_compute/template_schema.json | 81 +++++++++++-------- .../aml_compute/terraform/compute.tf | 1 + 8 files changed, 74 insertions(+), 83 deletions(-) delete mode 100755 templates/workspace_services/azureml/terraform/get_nsg_priorities.sh diff --git a/templates/workspace_services/azureml/porter.yaml b/templates/workspace_services/azureml/porter.yaml index 7cd6624881..6bc6d81247 100644 --- a/templates/workspace_services/azureml/porter.yaml +++ b/templates/workspace_services/azureml/porter.yaml @@ -1,7 +1,7 @@ --- schemaVersion: 1.0.0 name: tre-service-azureml -version: 0.7.23 +version: 0.7.25 description: "An Azure TRE service for Azure Machine Learning" registry: azuretre dockerfile: Dockerfile.tmpl diff --git a/templates/workspace_services/azureml/template_schema.json b/templates/workspace_services/azureml/template_schema.json index 300f8461cb..769c8360b9 100644 --- a/templates/workspace_services/azureml/template_schema.json +++ b/templates/workspace_services/azureml/template_schema.json @@ -24,14 +24,14 @@ "type": "string", "title": "Workspace Service Overview", "description": "Long form description of the workspace service, in markdown syntax", - "default": "", + "default": "Azure Machine Learning is a cloud service for accelerating and managing the machine learning project lifecycle. Machine learning professionals, data scientists, and engineers can use it in their day-to-day workflows: Train and deploy models, and manage MLOps. \nYou can create a model in Azure Machine Learning or use a model built from an open-source platform, such as Pytorch, TensorFlow, or scikit-learn. MLOps tools help you monitor, retrain, and redeploy models.\n- [Azure Machine Learning Documentation](https://learn.microsoft.com/en-us/azure/machine-learning/)\n- [Azure Machine Learning Python SDK](https://docs.microsoft.com/en-us/python/api/overview/azure/ml/intro?view=azure-ml-py)", "updateable": true }, "is_exposed_externally": { "$id": "#/properties/is_exposed_externally", "type": "boolean", "title": "Expose externally", - "description": "Is the Azure ML workspace accessible from outside of the workspace network", + "description": "Is the Azure ML workspace accessible from outside of the workspace network. Also opens firewall rules to allow compute instances with public IP addresses.", "default": false }, "address_space": { @@ -143,7 +143,8 @@ "source_addresses": "{{ resource.properties.workspace_address_spaces }}", "destination_addresses": [ "AzureActiveDirectory", - "AzureResourceManager" + "AzureResourceManager", + "AzureMachineLearning" ], "destination_ports": [ "443" diff --git a/templates/workspace_services/azureml/terraform/get_nsg_priorities.sh b/templates/workspace_services/azureml/terraform/get_nsg_priorities.sh deleted file mode 100755 index 1a1d8aa510..0000000000 --- a/templates/workspace_services/azureml/terraform/get_nsg_priorities.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -set -o pipefail -set -o nounset - - -eval "$(jq -r '@sh "nsg_name=\(.nsg_name) resource_group_name=\(.resource_group_name) nsg_rule_name=\(.nsg_rule_name) direction=\(.direction)"')" - -# These variables are loaded in for us -if NSG_RULE=$(az network nsg rule show -g "${resource_group_name?}" --nsg-name "${nsg_name?}" --name "${nsg_rule_name?}" -o json); then - NSG_RULE_PRIORITY=$(echo "$NSG_RULE" | jq '.priority') -else - NSG_RULE_MAX_PRIORITY=$(az network nsg rule list -g "${resource_group_name?}" --nsg-name "${nsg_name?}" --query "not_null(max_by([?direction=='${direction?}' && access=='Allow'],&priority).priority) || '100'" -o json) - # without $(()) command fails - # shellcheck disable=SC2004 - NSG_RULE_PRIORITY=$(($NSG_RULE_MAX_PRIORITY + 1)) -fi - -# Safely produce a JSON object containing the result value. -jq -n --arg nsg_rule_priority "$NSG_RULE_PRIORITY" '{ "nsg_rule_priority":$nsg_rule_priority }' diff --git a/templates/workspace_services/azureml/terraform/network.tf b/templates/workspace_services/azureml/terraform/network.tf index 94191423b8..5aba3d18b5 100644 --- a/templates/workspace_services/azureml/terraform/network.tf +++ b/templates/workspace_services/azureml/terraform/network.tf @@ -125,8 +125,7 @@ resource "azurerm_network_security_rule" "allow_aml_inbound" { } resource "azurerm_network_security_rule" "allow_outbound_storage_445" { - # TODO: this shouldn't be needed for private compute - # count = var.is_exposed_externally ? 1 : 0 + count = var.is_exposed_externally ? 1 : 0 access = "Allow" destination_port_range = "445" destination_address_prefix = "Storage" diff --git a/templates/workspace_services/azureml/user_resources/aml_compute/parameters.json b/templates/workspace_services/azureml/user_resources/aml_compute/parameters.json index afa9df266a..f863764854 100644 --- a/templates/workspace_services/azureml/user_resources/aml_compute/parameters.json +++ b/templates/workspace_services/azureml/user_resources/aml_compute/parameters.json @@ -34,12 +34,6 @@ "env": "VM_SIZE" } }, - { - "name": "auth_tenant_id", - "source": { - "env": "AAD_TENANT_ID" - } - }, { "name": "user_object_id", "source": { diff --git a/templates/workspace_services/azureml/user_resources/aml_compute/porter.yaml b/templates/workspace_services/azureml/user_resources/aml_compute/porter.yaml index 7729c4e290..64ba3f5ad1 100644 --- a/templates/workspace_services/azureml/user_resources/aml_compute/porter.yaml +++ b/templates/workspace_services/azureml/user_resources/aml_compute/porter.yaml @@ -1,12 +1,14 @@ --- schemaVersion: 1.0.0 name: tre-user-resource-aml-compute-instance -version: 0.5.0 +version: 0.5.3 description: "Azure Machine Learning Compute Instance" registry: azuretre dockerfile: Dockerfile.tmpl credentials: + - name: auth_tenant_id + env: AUTH_TENANT_ID - name: azure_tenant_id env: ARM_TENANT_ID - name: azure_subscription_id @@ -28,8 +30,6 @@ parameters: - name: vm_size type: string default: "Standard_DS2_v3" - - name: auth_tenant_id - type: string - name: user_object_id type: string - name: tfstate_resource_group_name @@ -66,12 +66,8 @@ install: tre_resource_id: ${ bundle.parameters.id } parent_service_id: ${ bundle.parameters.parent_service_id } vm_size_sku: ${ bundle.parameters.vm_size } - auth_tenant_id: ${ bundle.parameters.auth_tenant_id } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } user_object_id: ${ bundle.parameters.user_object_id } - arm_tenant_id: ${ bundle.credentials.azure_tenant_id } - arm_client_id: ${ bundle.credentials.azure_client_id } - arm_client_secret: ${ bundle.credentials.azure_client_secret } - arm_use_msi: ${ bundle.parameters.arm_use_msi } backendConfig: resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } @@ -79,11 +75,21 @@ install: key: tre-user-resource-aml-compute-instance-${ bundle.parameters.id } upgrade: - - exec: - description: "Upgrade shared service" - command: echo - arguments: - - "This shared service does not implement upgrade action" + - terraform: + description: "Deploy service" + vars: + workspace_id: ${ bundle.parameters.workspace_id } + tre_id: ${ bundle.parameters.tre_id } + tre_resource_id: ${ bundle.parameters.id } + parent_service_id: ${ bundle.parameters.parent_service_id } + vm_size_sku: ${ bundle.parameters.vm_size } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } + user_object_id: ${ bundle.parameters.user_object_id } + backendConfig: + resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } + storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } + container_name: ${ bundle.parameters.tfstate_container_name } + key: tre-user-resource-aml-compute-instance-${ bundle.parameters.id } uninstall: - terraform: @@ -94,12 +100,8 @@ uninstall: tre_resource_id: ${ bundle.parameters.id } parent_service_id: ${ bundle.parameters.parent_service_id } vm_size_sku: ${ bundle.parameters.vm_size } - auth_tenant_id: ${ bundle.parameters.auth_tenant_id } + auth_tenant_id: ${ bundle.credentials.auth_tenant_id } user_object_id: ${ bundle.parameters.user_object_id } - arm_tenant_id: ${ bundle.credentials.azure_tenant_id } - arm_client_id: ${ bundle.credentials.azure_client_id } - arm_client_secret: ${ bundle.credentials.azure_client_secret } - arm_use_msi: ${ bundle.parameters.arm_use_msi } backendConfig: resource_group_name: ${ bundle.parameters.tfstate_resource_group_name } storage_account_name: ${ bundle.parameters.tfstate_storage_account_name } diff --git a/templates/workspace_services/azureml/user_resources/aml_compute/template_schema.json b/templates/workspace_services/azureml/user_resources/aml_compute/template_schema.json index f963259de2..044dfa5ee1 100644 --- a/templates/workspace_services/azureml/user_resources/aml_compute/template_schema.json +++ b/templates/workspace_services/azureml/user_resources/aml_compute/template_schema.json @@ -1,37 +1,50 @@ { - "$schema": "http://json-schema.org/draft-07/schema", - "$id": "https://github.com/microsoft/AzureTRE/templates/workspace_services/azureml/user_resources/aml_compute/custom_parameters.json", - "type": "object", - "title": "Azure Machine Learning Compute Instance", - "description": "Create an Azure Machine Learning compute instance.", - "required": [ - ], - "properties": { - "vm_size": { - "type": "string", - "title": "Virtual Machine Size", - "description": "The size of the virtual machine to be created.", - "enum": [ - "Standard_D2_v3", - "Standard_D4_v3", - "Standard_D8_v3", - "Standard_D16_v3" - ], - "default": "Standard_D2_v3" - }, - "auth_tenant_id": { - "type": "string", - "title": "Azure Active Directory Tenant ID", - "description": "The Azure Active Directory tenant ID of User who will be using the compute instance", - "default": "", - "minLength": 1 - }, - "user_object_id": { - "type": "string", - "title": "Azure Active Directory User Object ID", - "description": "The Azure Active Directory user object ID of User who will be using the compute instance", - "default": "", - "minLength": 1 - } + "$schema": "http://json-schema.org/draft-07/schema", + "$id": "https://github.com/microsoft/AzureTRE/templates/workspace_services/azureml/user_resources/aml_compute/custom_parameters.json", + "type": "object", + "title": "Azure Machine Learning Compute Instance", + "description": "An Azure Machine Learning compute instance is a managed cloud-based workstation for data scientists. Each compute instance has only one owner, although you can share files between multiple compute instances.", + "required": [], + "properties": { + "display_name": { + "type": "string", + "title": "Name for the user resource", + "description": "The name of the user resource to be displayed to users", + "default": "Compute Instance", + "updateable": true + }, + "description": { + "type": "string", + "title": "Description of the user resource", + "description": "Description of the user resource", + "default": "AML Compute Instance", + "updateable": true + }, + "overview": { + "type": "string", + "title": "User Resource Overview", + "description": "Long form description of the user resource, in markdown syntax", + "default": "An Azure Machine Learning compute instance is a managed cloud-based workstation for data scientists. Each compute instance has only one owner, although you can share files between multiple compute instances.\n- [Azure Machine Learning Compute Instance](https://docs.microsoft.com/en-us/azure/machine-learning/concept-compute-instance)", + "updateable": true + }, + "vm_size": { + "type": "string", + "title": "Virtual Machine Size", + "description": "The size of the virtual machine to be created.", + "enum": [ + "Standard_D2_v3", + "Standard_D4_v3", + "Standard_D8_v3", + "Standard_D16_v3" + ], + "default": "Standard_D2_v3" + }, + "user_object_id": { + "type": "string", + "title": "Azure Active Directory User Object ID", + "description": "The Azure Active Directory user object ID of User who will be using the compute instance", + "default": "", + "minLength": 1 } + } } diff --git a/templates/workspace_services/azureml/user_resources/aml_compute/terraform/compute.tf b/templates/workspace_services/azureml/user_resources/aml_compute/terraform/compute.tf index 02b4a88bde..5ff10ccdfe 100644 --- a/templates/workspace_services/azureml/user_resources/aml_compute/terraform/compute.tf +++ b/templates/workspace_services/azureml/user_resources/aml_compute/terraform/compute.tf @@ -1,3 +1,4 @@ +# Using AzApi due to https://github.com/hashicorp/terraform-provider-azurerm/issues/15362 resource "azapi_resource" "compute_instance" { type = "Microsoft.MachineLearningServices/workspaces/computes@2022-06-01-preview" name = local.aml_compute_instance_name From a55b479cad7035101ce93079061976a1090363f0 Mon Sep 17 00:00:00 2001 From: marrobi Date: Tue, 24 Jan 2023 15:41:32 +0000 Subject: [PATCH 12/19] remove data --- core/terraform/storage.tf | 9 --------- 1 file changed, 9 deletions(-) diff --git a/core/terraform/storage.tf b/core/terraform/storage.tf index 540416df2b..b15504d49d 100644 --- a/core/terraform/storage.tf +++ b/core/terraform/storage.tf @@ -36,15 +36,6 @@ resource "azurerm_private_endpoint" "blobpe" { } } -data "azurerm_private_dns_zone" "filecore" { - name = "privatelink.file.core.windows.net" - resource_group_name = azurerm_resource_group.core.name - - depends_on = [ - module.network - ] -} - resource "azurerm_private_endpoint" "filepe" { name = "pe-file-${var.tre_id}" location = azurerm_resource_group.core.location From 633475af129d7746aed87636ea84f3d84279040d Mon Sep 17 00:00:00 2001 From: marrobi Date: Tue, 24 Jan 2023 15:42:43 +0000 Subject: [PATCH 13/19] remove load env --- Makefile | 3 --- 1 file changed, 3 deletions(-) diff --git a/Makefile b/Makefile index 53c9260fa2..fdded1aea5 100644 --- a/Makefile +++ b/Makefile @@ -135,9 +135,6 @@ terraform-deploy: && . ${MAKEFILE_DIR}/devops/scripts/check_dependencies.sh env \ && . ${MAKEFILE_DIR}/devops/scripts/load_and_validate_env.sh \ && . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${DIR}/.env \ - && . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${MAKEFILE_DIR}/devops/.env \ - && . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${MAKEFILE_DIR}/templates/core/.env \ - && . ${MAKEFILE_DIR}/devops/scripts/load_env.sh ${MAKEFILE_DIR}/devops/auth.env \ && cd ${DIR}/terraform/ && ./deploy.sh terraform-import: From a5e9b800c7ec95f9e6ad9347ce6de515f8804a26 Mon Sep 17 00:00:00 2001 From: marrobi Date: Tue, 24 Jan 2023 15:56:57 +0000 Subject: [PATCH 14/19] fix linting --- templates/workspace_services/azureml/terraform/data.tf | 6 ------ templates/workspace_services/azureml/terraform/main.tf | 2 ++ .../workspace_services/azureml/terraform/providers.tf | 6 +++--- .../workspace_services/azureml/terraform/storage.tf | 10 ++++++++-- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/templates/workspace_services/azureml/terraform/data.tf b/templates/workspace_services/azureml/terraform/data.tf index cb798b5b71..63cf294ad7 100644 --- a/templates/workspace_services/azureml/terraform/data.tf +++ b/templates/workspace_services/azureml/terraform/data.tf @@ -7,12 +7,6 @@ data "azurerm_virtual_network" "ws" { resource_group_name = data.azurerm_resource_group.ws.name } -data "azurerm_subnet" "services" { - name = "ServicesSubnet" - virtual_network_name = data.azurerm_virtual_network.ws.name - resource_group_name = data.azurerm_virtual_network.ws.resource_group_name -} - resource "azurerm_application_insights" "ai" { name = "ai-${local.service_resource_name_suffix}" location = data.azurerm_resource_group.ws.location diff --git a/templates/workspace_services/azureml/terraform/main.tf b/templates/workspace_services/azureml/terraform/main.tf index 2fc9f06031..d1cf6b14ad 100644 --- a/templates/workspace_services/azureml/terraform/main.tf +++ b/templates/workspace_services/azureml/terraform/main.tf @@ -10,6 +10,7 @@ resource "azurerm_machine_learning_workspace" "aml_workspace" { key_vault_id = data.azurerm_key_vault.ws.id public_network_access_enabled = var.is_exposed_externally ? true : false storage_account_id = azurerm_storage_account.aml.id + tags = local.tre_workspace_service_tags identity { type = "SystemAssigned" @@ -41,4 +42,5 @@ resource "azurerm_private_endpoint" "mlpe" { azurerm_subnet_network_security_group_association.aml, azapi_resource.aml_service_endpoint_policy ] + } diff --git a/templates/workspace_services/azureml/terraform/providers.tf b/templates/workspace_services/azureml/terraform/providers.tf index 023b5bd40f..994a7dd380 100644 --- a/templates/workspace_services/azureml/terraform/providers.tf +++ b/templates/workspace_services/azureml/terraform/providers.tf @@ -12,9 +12,9 @@ terraform { source = "hashicorp/external" version = "=2.2.2" } - null = { - source = "hashicorp/null" - version = "=3.1.1" + random = { + source = "hashicorp/random" + version = "3.4.3" } } diff --git a/templates/workspace_services/azureml/terraform/storage.tf b/templates/workspace_services/azureml/terraform/storage.tf index a03cff560d..fd23106a9c 100644 --- a/templates/workspace_services/azureml/terraform/storage.tf +++ b/templates/workspace_services/azureml/terraform/storage.tf @@ -4,10 +4,12 @@ resource "azurerm_storage_account" "aml" { resource_group_name = data.azurerm_resource_group.ws.name account_tier = "Standard" account_replication_type = "GRS" - + tags = local.tre_workspace_service_tags network_rules { default_action = "Deny" } + + } data "azurerm_private_dns_zone" "blobcore" { @@ -25,7 +27,7 @@ resource "azurerm_private_endpoint" "blobpe" { location = data.azurerm_resource_group.ws.location resource_group_name = data.azurerm_resource_group.ws.name subnet_id = azurerm_subnet.aml.id - + tags = local.tre_workspace_service_tags lifecycle { ignore_changes = [tags] } private_dns_zone_group { @@ -39,6 +41,8 @@ resource "azurerm_private_endpoint" "blobpe" { is_manual_connection = false subresource_names = ["Blob"] } + + } @@ -47,6 +51,7 @@ resource "azurerm_private_endpoint" "filepe" { location = data.azurerm_resource_group.ws.location resource_group_name = data.azurerm_resource_group.ws.name subnet_id = azurerm_subnet.aml.id + tags = local.tre_workspace_service_tags lifecycle { ignore_changes = [tags] } @@ -65,4 +70,5 @@ resource "azurerm_private_endpoint" "filepe" { depends_on = [ azurerm_private_endpoint.blobpe ] + } From faac4679e301fade4b0c88a8f5762c5c598bb36b Mon Sep 17 00:00:00 2001 From: marrobi Date: Tue, 24 Jan 2023 16:08:39 +0000 Subject: [PATCH 15/19] fix linting --- templates/workspace_services/azureml/terraform/compute.tf | 1 + templates/workspace_services/azureml/terraform/providers.tf | 2 -- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/templates/workspace_services/azureml/terraform/compute.tf b/templates/workspace_services/azureml/terraform/compute.tf index a8ce2d890f..a0e7a26da2 100644 --- a/templates/workspace_services/azureml/terraform/compute.tf +++ b/templates/workspace_services/azureml/terraform/compute.tf @@ -15,6 +15,7 @@ resource "azurerm_key_vault_secret" "aml_password" { name = "cp-${local.short_service_id}" value = random_password.password.result key_vault_id = data.azurerm_key_vault.ws.id + tags = local.tre_workspace_service_tags } diff --git a/templates/workspace_services/azureml/terraform/providers.tf b/templates/workspace_services/azureml/terraform/providers.tf index 994a7dd380..67cf34f0af 100644 --- a/templates/workspace_services/azureml/terraform/providers.tf +++ b/templates/workspace_services/azureml/terraform/providers.tf @@ -39,5 +39,3 @@ provider "azurerm" { } provider "azapi" {} - -data "azurerm_client_config" "current" {} From aeee7778cda7bc2993791faddc56735d6968e81a Mon Sep 17 00:00:00 2001 From: marrobi Date: Tue, 24 Jan 2023 22:08:25 +0000 Subject: [PATCH 16/19] update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0eaba83060..61625862bf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ FEATURES: ENHANCEMENTS: * Add support for referencing IP Groups from the Core Resource Group in firewall rules created via the pipeline [#3089](https://github.com/microsoft/AzureTRE/pull/3089) +* Update Azure Machine Learning Workspace Service to support "no public IP" compute. This is a full rework so upgrades of existing Azure ML Workspace Service deployments are not supported. [#3052](https://github.com/microsoft/AzureTRE/pull/3052) BUG FIXES: From d8c1c894156176c245b79f3516df97c8a9e7b4b6 Mon Sep 17 00:00:00 2001 From: marrobi Date: Wed, 25 Jan 2023 01:02:41 +0000 Subject: [PATCH 17/19] Add aML back to e2e tests --- e2e_tests/test_workspace_services.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e_tests/test_workspace_services.py b/e2e_tests/test_workspace_services.py index a3b993511c..9739bd4090 100644 --- a/e2e_tests/test_workspace_services.py +++ b/e2e_tests/test_workspace_services.py @@ -8,7 +8,7 @@ pytestmark = pytest.mark.asyncio workspace_services = [ - # strings.AZUREML_SERVICE, + strings.AZUREML_SERVICE, # strings.INNEREYE_SERVICE, strings.GITEA_SERVICE, strings.MLFLOW_SERVICE, From 6bb1c758fd3756970bca424ecbf1308b5c2b7236 Mon Sep 17 00:00:00 2001 From: marrobi Date: Wed, 25 Jan 2023 12:23:17 +0000 Subject: [PATCH 18/19] update docs --- .../workspace-services/azure-ml.md | 25 +++--------------- .../workspace-services/images/aml_service.png | Bin 160786 -> 160786 bytes 2 files changed, 3 insertions(+), 22 deletions(-) diff --git a/docs/tre-templates/workspace-services/azure-ml.md b/docs/tre-templates/workspace-services/azure-ml.md index 7a8ef5412d..d356de507a 100644 --- a/docs/tre-templates/workspace-services/azure-ml.md +++ b/docs/tre-templates/workspace-services/azure-ml.md @@ -6,30 +6,11 @@ This service installs the following resources into an existing virtual network w ![Azure Machine Learning Service](images/aml_service.png) -Any users with the role of `Workspace Researcher` will be assigned the `AzureML Data Scientist` role within the AML workspace. - -## Properties - -- `display_name` - The name of the Azure Machine Learning workspace. -- `description` - The description of the Azure Machine Learning workspace. -- `is_exposed_externally` - If `True`, the Azure Machine Learning workspace is accessible from outside of the worksapce virtual network. - +When deploying the service the Azure ML workspace can be exposed publicly or access restricted to the virtual network. Depending on the choice appropriate network security rules are added. This also means that in the public configuration compute instances can be deployed with public IPs, and in the private configuration they must be deployed with no public IP. -## Firewall Rules - -Please be aware that the following outbound Firewall rules are opened for the workspace when this service is deployed, including to Azure Storage. This does open the possibility to extract data from a workspace if the user is determined to do so. Work is ongoing to remove some of these requirements: - -Service Tags: -- AzureActiveDirectory -- AzureResourceManager -- AzureMachineLearning" -- Storage.`{AzureRegion}` -- MicrosoftContainerRegistry - -URLs: -- aadcdn.msftauth.net -- ml.azure.com +Any users with the role of `Workspace Researcher` will be assigned the `AzureML Data Scientist` role within the AML workspace. +To ensure AML compute instances are deployed with the appropriate configuration we suggest they are deployed using an Compute Instance User Resource. ## Prerequisites diff --git a/docs/tre-templates/workspace-services/images/aml_service.png b/docs/tre-templates/workspace-services/images/aml_service.png index 31b5c1c2921860c2eee2c3d3cfd1ded51c8288b5..7baaf75233db252ff2c8eef972747eaddea59d12 100644 GIT binary patch delta 121865 zcmb5WWmsHGur>-I2_b?exZB_a2oOBL;1=8=xI-9RR|JB)J3)i{;1Jv)=)mA%aCe70 z?ERg6uKc?F1DN)Xq6cm(KGSXlb6qF|wC@7EL zJbQ}#B(y2OHi`-a;5wtA;5wr&m{Yi;pxo!mfJN2Z4R+?yKfUfEMn3>NzxyqC?JER7 z`=+&ofghR45coX!5kB~XRo0{6S5IC%`liB48~6_AbtHYW%zm?9a^!;h_0TST!T=rZ zGNiuo2G|d)6%eRz)SIrKcd%%6Y|KT)`ENv_K>!#^0&DRQPWq7;|7ZUefTtxe!a-{^;n`)XO#K4OScb~ApqvU`9^rq%!C!xfl|6P{v9fqOI0o)r=(=7E3H!5f+ z00Qz8Jrl(+mHQx2`}Ticfd>St6`ZH7q|n4%lLc@I2olEf-90_q2L?jgY_bID-6Uyg zX>)c`aC_r{TQ1)J=DEp#lZSBHJTCJnlraTxC%7d+a*;4~X%t;aU${v%2*)hKdtZ)n zwoa}c2Gcwhg?9hXtIgx^dBlltQyBWuFf5a z`T#BYPfmQsd{?rHfZi&PF^%QgP8%1s1@(2dGNSa^_t0L~Ddid5%HW_N<$>WFFYHxx z2n*#`+b9w%iGRff!G>s=r+VWmFGOY*yj$gQJ?LmAP>7|ha1L30Irn@_hOvxM$K@e}r4>AaiboiX< z3D;4J6O9lm&P@CX@7R8?V{Ar7hJg*qOJh8w4y@wvy^O)*T0x9`3VlpReO>7a^4kf4 z$g!OFRU@2&!@|@DaCZ_$0s~27a*%I?Y4P$giJMn>1{DNztp^?2;`L3`7O7WRf|NkO zC&(8I(%`;ll0=7nABdC}V({K#Bok(bO4uV@oz1&9hUW;aB*0L!^yrQmNt1z!=##$T zWK4gC)+i?unuz9-Ym#)j2en*9#XuoKwZ#bUE4g_236JmT3;~^%vF{Pxb@3|0?#4DGbw?AV-{V zyid4%=q83{*eQXjZ~g^`D=jEOl2ZN~EcIDf?;(+gmf1bG5=XS549e^?<6}%*>h<4I z(_qAod#5N85vEezec7Rbe;-SLhueC!*$Gi($^2R0{BI*0Gm=&w)U}> zLX7E9aTdm8z=&yMV`H^NRy=-A3Z5vZpzv^w2+kQ3-xh4Tb?=Ib3hSAXk%*oQu;PcK zOSveZMegdY1(i?O319SBpY%2u947NOSh<{zXmQuZxQvMOq}7 zB;9ov)a#qGZ*(8SNAnDcfT-i;JDc{0-$qC&?X($vpOyq!DlVkHChx_b3D{{r%C#r| z6?d!DvLqxVbeeoa$HAej|0!k!fmt>V;3#7f^`PM*j52vxpSA_25}X_2AuUTP7E;)z zSeQheJp8y+4$?>f9);m3pUEuoAOS}AnOW3!hWGfzW(?w-_llkx@=|b9Iz;p>^?KJW z%nzwt>m5jF&V289QV}++R8B($5p;BPWaL_3Pl#bT_LY%FG31wH6s({ID%tr)BaP>9 zs7wtJPaN?6@2?Qy*h1T5jMR8#d&ggt&`Z=80yxw?W{)e=b}8vVi1XM*&9@&V5n6-n zZ&w5E7?=qk(?AU700ksOA;QRMQ9=lFY=PMk)5pPx%rLTNQ7fEdfxQGRIn$rj$3%%+ zGfw27z#eVT#&B=Nx5r+7CsL9h9@GLk7>X+2Y({;G;`p3`YD?WiPh&iYHdET)i)w#& zjT>bW^+LWIT!q`oGe-7*EV7vd^xO1RAuapRQqz(xMenW|=Ux#T|z2(G8m6}6>_dnRRs$A@0O zgy_$%2wM#D!Hsfyd!|0)7H0DNK|hfwo;5-Q1g7F6pE%s*{SQ?B*+XS;6a_WJQ{EAb z@cthopH+-h=YPKa=Lac1@GqwRT@g_}XK%LRyMS~7wDk1t3k#mCIDD0fiG(h* zEjv|}`wh``b?<5E=-LJbhi_A`dK*Ah35&M` zfJh}}3I9?XBRDO3trmeu#l^){i{g{@_DNgcXL!Ji;QD}93Z~!6Mm?bqYn(Tk@Kojd zN8TQS;(66kxB<9huxSV;7gCk=NFQV^O^EW>VyQU&?h^-_UeE;0)&l@0 zqJ-;9Q*`2&394YG>BjwmF^CKx9p!is_P-}wU%oL->sQ+7m%egtycT@?-kqLl7S+~~ ziynvM%-`f@1oQ_OL){Ssh<`dzQEMh>M?|IG?)fpy{?AEKLzJVL5V`D_pWu~F($exI zR*>`0-xJEvn{I`c2@qk_tIspN)3O*;SWxbscrPt){v>eI!mJZhf(|s=Z1v_h9{KBd{(XA)D;36?Nq@ zeLgi74MOgLH&WjVb8A$dpBBc7rCH}H*T_0vT;(fl9-I#sx!=V!GifOz*U) zq<$`TqG>g4%Jy&A^ywR9OE3x^h>^YX{zd&w_OfGk1aB{W4=y=L>yLN`s7u_AoKzX? z?J;buhUu)zWqRh~K4VBs*1YsI{pQ)sPLL|;T)YcvqszLXp~tBEb-OOFhRfDNM}wXe z(JS$vH%B}gHVE&^Ssebfgb;u4IQp)w@fpi<1axEqJefzgY{wA|=cg&OyRGoCk$}DXjtw-GuW?B*fCrA&>Q0!VN>QKJ;yr>Ym zNbt2!D(m33g2CH|0oUX%3!A54)equD@1h9)K ztt3U98LzaE1O_XN)nel$foy$XKM+) z13P>GUyii}g1z0|<1({%{+0AT8^@C2b>nBkI9BTUG!%ysn=_1ka(H+s zEidnvpATwkRxPVWn!Dg24q#rA;ktOIv6PmL4O2!&=HTc^#XpeL(Al}#^W^aGYd}DN z&alG;(fj;-5v|Y{n$)M;hb-cBXHHe9iNFaHBmO zsB~c!Vd{l}fl*l3*w_K%<<6+jj%ks+B27PDZN7`aT)OZ_TBnkhwEpFwDY_Hx?VLs} zXC8ck(%dx5GexAa^HKTi0ZgzWbPh2s=ng?a;uxDYIU^Ns{@;cR39z;Y*Sa(3bYWXf z-0V#!crBW4{N|A|RD&wEnD80azQFalhwti}4OMUU9(3)e57xZq7>S)M zg4PaqM#cVVg-1}#ziy)!RbIz^4T@^ZZiw|5|6J-&_A7&K{d2}_2xXzq*QTOIk-2?MvbZBTF8&zZ`3Jjjp$vw^b6iER*dVbYD3u7LC zLBZMJy;vY^D@6Jeh8@Kf(=>@xqQA~+#-)$TC8E!o0K?FZR?WXB#1M&pNifpT@_l(> zj!NhNuunMXVzLToN~C~nGW8?iOj@^}GCVC$OzClidvp&u|dd9Gaz9_c9 zgQa0H#2O-HQwfuNQWrC~6u*NRp}TkBcnmJc1impCmIf~T2-Iu)8VI&+v7RNJuC3b9 zduMER!CO!IAA(6k4Zk)GqL+YP*5{(9u8Me;RIm!zO=K@f3K6^DN057#+EGJ%D>d1L zY=i<_?HiJw`K9s<8Htwq|HJejctSvo8>;@BhV6X3-{hAa%6`Q!#G_w5eQOvf zGk6U6T-mB|I+-*QK5VsjnU-!*maz{W^y@wTca#)?M|h_D#d5I<3~DHER~b^w1v|4dU&cfYU1)--RDA;D*2_zeF?l z{v?d>a)8HH&^ZXi^T2mpKM|AJ0jq#Y8F~trEzLa_)S^IPYa1uZr?2I_KjGT(u5ecc z=oM}jp;k5=&=n{HZO9>>&s78E+IM+@5fM_x#?*pBLd(0mC9vp{F4{S;yE9?d3e5>I z%z0ab^N~*ob#E(elhEynPGt>}K%I8c{(mf8Dv)qPlGeP(Fh$lByWDHT%gg(&K<#xi zTulnq5O!6YngNzdF@Jvk|Hl&2oZZ~qOt`(9k%XO}Q8Ep`zS;bfPd?{!ytX*gC&IQV zclL%XdX01Q6e`avu9}z#tb0SC5dmhb@WHV{;_ROwmtH$U6}$vIw@zcqQkyK=RapX@_aam)o{_87aKOF zSP*-5M}~i{H_&!U==XZa@jK*Ag4`G{>m>Qzv0e^Pep5747*=j;QN+^@_j-QB{51hC zAI+^wH}m@YG-89+@^-r$Ppkes)gY#RO+6&rt&#Yk($!P~GXj;;_vvu3s4eb4lz&(# z9Jf>Wut#G2+vTOMBw#+^Bx8{1$fNvwM!C`?x|0 z4AB4WS;^a%lX_d}OWAb6ZN^(q)M@_scU!U0(YPJjG}QF+X3BsaWLHTexW=imb8TQq zlXbIp68DP*y}T>lBthL8=K);(WSke$Z?t)Wl`XUfXH6&AnC(u)!1deKeviu|a$bB| zRD?jLT>nhd`m~95Izglo+K|%V^V$Wzw3r(2%IOE^rb7SK^0i{S1Y^c+JNxC|{-@Hi z=B3nGHJb7&hK8W3nbt5fjcO~5KHhB9JKMwkFSAV)RATLWX$SujgxK~EE zTU=A`Aw-N`n=WeXy*DzrwYT}h`c;3XWzuh!RtGFMte4)FJahBzx-}&nY0vm7Q!0W8 z-)$SZyp1Cx-?P8Sg3UiWFtWF`=+Hg9Bzn)Bhe!3`u{Obwi0m9ZzJ`-;EvAMQ7(wry z!jYe$jR$>n*24u1E{{;!?Q_ zfN*)$wmw*rsP6-9j#N1F>4?g`j8D2p=bwuyBLH5S47TrpEQm5YaY#xa=0Y(KgT08$rY?%>a}jD3f`gmGw{lvlr~adAaE0;kMVsP zQ?jL@#3w1GOtWAqoPScNQa$+b%)OG`T{>nq{r55}|Yr?7|ds;yj7RPRP$;m4%e1a<>r2O_b*`2R8yMc%IVc(70+nk~S z(|2nnw5lrZ)DR&u;`s4|%DuLyXF|_t9x$SWkZ0|nZZp5k@T{)Xm(_s(G6rTO@8rPH zsd{zCrilt$b0dP3!gUmyOdp{+?4_>qeCB1t@xHkRvn`0dB%R6j-UUlSh-UQU$V`YU zX*8>#8dZO5|LZfU^LX{8s4hLTa~SJ)`ncdNn}4?l5w>9RjMRQ}?0Fm=$D?Au7!LXY zt`{G!Nw?I;6(VPe*#tZiY#Eh%N$6f&o7TrNZhe=f^HEUBWZqf{|1F3~xu`xtVsI7= zkJ0~!+fJLICx7tZL8!aPweE~uhEUtj5AxIKO9b2**)3%a?T11NF*!Cho(5RC7dD&k_^N`kZM@We;x@Ut23YmwULUBhLg{UY!q>p9gW>YHZ1s&_c6 zuP{m<*fDaf`3LsmY;u^Xj`EAXv4j@$0_=rhHHVYtbRl+u4CgMbWv>mk5^w8+D#iZ_ zv#YV9PzVHMGd*_CRFDa8cSRDvMik!NvcyF97YU`b=33O*J1KZ6fg6hMv|Sxs92(3V za7e0w95|L2f4}b8<2Y~ule(?W9jp|GDUL0t^*PcGsANZ;tcIGJ<)~=Dv7_{X-l39+ zMOD(~drh8>32NxlK58|443D9!{qqB7@q{Cfgl<0w!F?%axAQ5VU4^Myl0!sTtN%)V z%vh{RzRJMqGiIe&^g)1qrTImVyW4{nSlRJIULEtMiHnV~ro=~!3KO14ySRJ2%@hZR zgUlwX(_Y}rM93dpn9fGKZvibT+Uceupk(~RZnRt{z_dF5j9E~<4NIcQBR{3c7<(2Y z=b8;R<=}=oi_>z?y7;~3ymRF>5={^_^x^r=oYfwjgio^q@aO36M(zp3^`7n0U}q5G zoxU3 zeL7sSrM^V^*es)s*UNmic{f#VN`F6z(@W`T4QtHq!{*Lhk09?PM??ZUX=llEE<8Ox zed;M>(1@%j4(k0{P&%@4KS*vi+LU+~b2d61uYwS1|I1<4_*zxpd_4>t>qQ%R>m5*e zrL$+L+KxV=j`;7@7u$>VK9ttSW&~lzxMoy?8*s718&vN6C!M zQj!sCbTK?ft?yhk;5n~V({w1a1V>L7a4)WEk`H=w0qNz`G%b{QQagrVZ4Q zW*J{2pv!3NCxg5QzW?`Sj6nG&|89w33l^vC>F!P6D4OQy9qIWo zxFV#Mx5c9_&Sgn$Q=f#BKKnlH>bf~b=e!Awby<6y%~&Wb&ec*Wyf5HF8j7f0pX!6R z;d-HCFxz~ONwJOTx>(njZr9)ItmIr*ZsJm|h;ddyPi|DCK!s6#9-Sxf_%a7RPyU*m z$`*ZDrtR5W%lpw;6k&tZ)UaM{3DA6de~4qE^8x*oWrXI+Sa__kD;Lh>Bf$fAZ9_m% zzl(zVxz|s>R`i>uxus3aIDuIPP7K$~2!Ve51Mo4f@J4P;Ywa&A@0zR6w;s9cb)*TQ ztLrNVL(9@T%~6?KeKmDfhOgHa>63#0pPXF9wb-DUI9oDo3^w-s<;%|7vNw{(kTn6_ zsvir|(oO#Q*Ydl`z{I&&G<0!q!674ULh5>)*KX;1igMqy({G+KM!e&5R-%Ga!6^q+ zMlA>aIiG<|n^-aq4vwuaAJ4RB-1KGi^it0pL@*2t3<@J{rklNZeQ!@SeTH(Z#`Cs} zDfmR{x1}#GE`E2=0O_emT%YAJWcm^-k7%dJn+jpmibI@FfVXRX@GG4)jeWteimE$_ zI8M>Tw@bdSPu4kVX^?UKhpgT7v{uayGIE|9!WGNC0towaH!9qI%q{G49PqZRBvZFZ z;oYQSCx6w`a%wSoR7X&_TuS`aI%zL;4u`F4ex9tQrNy&k<^Mz__|P{i!sq4NM?l$; zkuv819iyD58s_h`xzC5N-1n(1Nr!1pbT@(rwsgQ_&qIO!blN-G{}_DKv@5-6t-P7l zVt*Z|xBrkPg5v>$Dt(dRi?s&5aVV~RlnzYWty{8(hK(N(We&oR&VttrjQS!5F#BlumNHHg;a~DDN!d)^ zjLw)=Azc6F<)B_`*{zkN(5#j;=0h3jNa-^>T5ARTjF673sse)EUJs7I-9S^3ckK8R zL7|S`MrK~mO}xx^S%6tB8;gqht)N&567}M~Vg*SNnz;+5IHXi<9cB-=FAg)tuafOv z`4sar5uC$doUSySnBQCV!=~%1K~9jt8s8D^n}Z(mW@H3GKS*rhVAR1!NnUpB3YEsN z`UGR`GMg1vGP#-)W+lW<+XbTH8GFZBr89%F>$Jp28O2oxkS6%`1vvawkzb?9W|im$ z(eR+VrS>TmV}*>o^D|YXkDd2rC9evf^&Q5mWcOu$Pw4W8GQzy8Qfx8_Up4+swixqN zx)d2QJg)VDZ%(}h53aHORVR1vYeYVf>}sV^ZCsHYZ(!9Tl&hs?dX_H#VygZ+-oH_a z5t(BS4D96r!UH6hXWxLZEmo{{%pNbxVX1+~nfya_ox4W? zT2zPIrwLUVTQt;%`0Xo|z>X^mCx!@lgxDk18a`Iwfzmooe9{;*AWGoBeac=_{6-(n zvl)`mh^3?9`$(T8;`cnPS`c=+sM;bE4ZX- z^XU1+CBI$4ZJ0*OltIwF8WI`3u541B%eRr@fuTbSzkU{5YB#?nFV+-8!lN_NZo2L~ z6=;dCkfEBbu-F3=L!%%8)kQ9 zVo>MF<`Qe#!Sv*W4#@;K+b{EDIGEz3`L#DCt9jP5aB(t*+)uOza2Dgs%yw%|8}OoJ zka0)J?QQvOgdQQ0^M^{V+}GK|JAg84yGWhX%wAg#1N5mauYZ=| zL=|~f+R20Tp!xZ2$IkGa0|~LC&r)l#JW^PtGK=JDg_yLyiq*c2qo-veG6F? zcr`OJ5pI5HIjl936P96t0uaY~eKeFC8J|ZF>#yMzit9Rdcek7sLS<(!v5ZJ3H@7g8 z)YYD#@Yi_<)fV2G$TF}nPy!Ec_YY}#*LYKO`|Wj>-IGgY$qS@OMMpar%?xu9HhuyL z>o=hXu;ru^;wazI#h~~!ZIo}(*p?VO0x!4q#F59phDLBO^o{Ha(3zs8rC+HD0;rgH z)~ha&6$CcgplALsEJ23Jy(y0H`e

czD->G0k7cl`Jb-=*``eTLnh-z+Mi!CenbI zC|vLOyY{A$w}!mHVBJvbj5H&JpC6;bYV3DX>yH|#DBsz_7ZvXbhgTRaIw+wXqYeaI zB3~kJ2aBcC{GwC=C`oZOm+U3=>C*lih7wM-Y{Yz?GJI_$+iGDNq+q2t@-AAp8LF*& z46B-RZRDwx1`qGLPb-98nF+Y2HT;Otq&{3vcS>x$`_(decQ*r|{?t|c+qo)DDo7E| z9>3SsQUyCL0mm9D7&wv!u!Fa3psIgH@V@h_OMHn4Fo*#vve!#jnu)e2?doRUkP`(E zh-im1FLQXl!l}=C>d7C5$U(ewnk!Oes4@;SBYBAEbf;rFwC0eTDSm}Ds(lt?`&Q`oGJF_f& zTb2-=a|^7Gyl|AB*zV(d8@T&v5UsH=hXn~asb+&R>8QN00;XJrOb6w0PkO=m=B3@` zgrno5#n>pAj)eRUt9n)qE>W6a)q0E?Np?xgCnnrb&3i68E^-Brj}yTiyMFPq$J-UxH0qOh zHF}T5G8KTSC|*B*8zu&#?up59!TOnRJdqPBsTnnz-78Dt$hmdKD1oRMnR`bjVs;`( z4P?VO9he6+O=1paHz)LN5En?GNOKPBu-ArWmd#|t=?4?IiJ&gxYID12G8i%yI-`m| z#%`KqOr1HQ`@!R~O-ur=pr!sv(-5e6*O5=6h>ji2DHsuoq>sP-a_={7te#xu4z)Qb znLW=R$G*LY^?PtOm%cbnlU1S+pbGw2ir+xqYS_~*(j@AMynzitaN`&*f z4D9LXRxT9Bm%edI_#9Xc{C!{^5uFj5dgbyK=B$dQ+HTicDrz^Zar^vSQtey~A*{@0 z7R_NfZ<2gzWpC~OInxigBhC684i;}0?X{_mOaFeJ)@U~K>;vGUqf;w##dpPRa2{P` zLSLBk(e=257q;DM`~}?XxzUFJ{)5v7AN%RKzuC=aa#$1KulkP1 zlA(;e(AA(=V4*(guBZa4AIxVn8)j@_fu*NJ3yxvRN?P0sFyuwj;T`+4;$ z`~EHPPKY6?hQrb&fSNPiQrUn*LR&Z)pLJF*OrdjB-XMh(nFK{^*Y+j%(u-E=EE*r4 zl;1WV`)YV#WS#qD(kE*$nsY}AIql+v_tHa*K;O6aUwXXoCamwOLjJg_qVL4^~=^L}`J#wG(j4-XaHU3A_Y=YWNsU1Mx< zH4v3mTM=-v@p$KUy;z408Hv)@iTlT>xf;UIn#bsfK$?sZp1B^)mzACq%&gn~P;U+< zjt-pBl+x}z#lW;9!7Dt%k!(%oE#+$^{Mq6L%d?w@!a>)!R+wy@ELO9`V^A4G+-Tf# z?~&Jjwj>er78-wl`@fq0>@2)yM+}60C*aY(C1QMPGi$36jpyieo&9Waib_97@S@=k z6B(_!@w&imxiQITiPwliad^2u_sn;}gZI&Fbm~R((MP-LU*Xb*Hf{lHk(6 zo@#=^hLFd+S+*jTlJsOGC(`P#PnvJL8i4b(o*pOOZJT;=#fI*Y8NV>EkxhUbj9@B^ zKNL^O%HxwX&iY%8M#2X~J5|lGo_)4-+9GrG5r~ru;>L+usmIR<*D?u&>A$7O}K^|{o z>U9>oNS)SH7sfIKI?ksQDvO72_`7nCmMU5yQ@gnWN+x&o;l{L(H-|xe?iLHade2*L zX+>w~eC96lw=+#6%M4=pL>!bFPeVHLOS@1>*5>H5n%0q-Sf%SJ;7dk?)t3(lg>h2J zf_3GBb=9@)sbCq6Swv}h%<}uj`(&L`%>tCYQnH-*pk9t!M;=N3q?7sYTPisVO^H0Y zk*6$BzRyCp6}n)t=wukfss&5Nz#LiijN{~4PnfALa^r+G4oL*eY9uw81Rl}_?@VlY zZ7kF^;LmggBRoieD%Y)B3s+w^=IqCJU{iL^M_zkBvYFnS7Pux+zT8s7T1XG)LLPR$ zEAGXFkb3dc%GE^6%e^YC^2;1#&~uoHP4v<9^=Bah$xk6v5gOvlDC|DFXT<94U)c?i z#A?6?x3>j{C?84im>E?5yx1kiS00doJ8Fp;Ti=_fJ|za$zprh_uLtHeOz===^VBo) zQDLC-CO>8DlW3t*(r}&@#Rfm7wf1RGVo;Uu-q0Nk$t|wNnSz6RKt+A{s`KrwMvhi+ zElwaj6dA!DT0U^+-bx`QKmuRUl`@3-Iys7f^;L-Lrj|W#Fkgrr<8{p;!yq)D@!v3h zSuHRIU`L_NcMK7)pz9JsC<}3>rTMo2qV&tEx z`vuC}7$YjXpzi_P+VOxrMQK-F!Rx}m7O2*)2;i=MWsM8U~J39&S!;}k{CJ! zw~1Lnh78**uSe}dsLb@sxExH1qL1cO2Dj|=-RIMK9ZMG6$QN&2kd(JbEs}j<2hhU0 zbA2{A9h@H^a3!oI(9uVpup@|!gn|{f62jKY&F|m%3_;0%X_C(C#81L1%ZzIN63!IS zJ-VqB4i?B))PL4vgLjWCs@Mya1Z6dG{IZeo!3Ycu{F>63GU>#u`lb73RHwo=25M)| z2ORLXhX)j`Zmm8#7`)A$;Kbo81%|GqH{PXz+2T8pw!UoShmWk}7hS6uU9)|cg`u@x zq#+ZlbjZbMs{8Qx0>5J#j42~YH!}ZO9=QQ$Dv>7GF587WpZ)Ww!4scye4R;_g0kEi z;}JgZ7KF&~M+F2pez(c*59>OzY@|>-kJ6w?gxftO0TMPo{wD-y%$h6mJ?z(|dExy~se0lLHE4LKsI64??z<_ONZ9KQ z1sJW_yrom)m-6hIQNZ-V3s2eL(r$n;4g`nqX=kfZN(zl?<*t|4Oe2^B*{caS=y@`4sKeHP-)JZ=O5=SDk!i#4y+waYIwR=eJA-`vsE1_r`G&>!)55_PzQ} zQIJQkS>^8<#{B8zMae_Gg890Y{L7ir2Qa!L_WoKb54-~~jE%*RsbAd5isTyV;>nbR zQ24ZtvpeaX{^!@V)hkS!N{c%>f_Aszdt{L;>)7zruJs#g2R zESh2S9~99$s6x_2rM-5jM@7xl{>Gbn%gel##0uL8q^BDm?inEKNG}bo?DC%U)RTWy zJiN}shq23WW-JZWRAIhmA?(q?1&8xnrNfO;N)A6vZSap-LI8#Nq`1cad|O z**iH#i<%7OlXb3io}qDFwSIBY#di0@mXU*_Tf@S!+WE(iFCOPwncV%tXJJx>;wY!b z2wQgTRXv-Bj9D{$`$`tn7!%PyZd}-H8 zDf|;Jq?^x%We%=J8=10vzH=UwbZIrtON7*teYK!&l-EarPGXG2fW&BV} z4a_3gJQsEmqRl}vn4^=&mOo*0FQd)FtvtY!Ed(oVRiY7Okv;XnddC(V&KkT)64X1I z7SfN5(~e>3HxZSU&A=)S+;=Zz45qON0tqM!EUVH{VI+(gXwK#Y9SY`US-&<(Ib_JSuh(E$Qq>X| zeetntQ2={VmPcm1o1t5^09~6`BUB9RA**QYyWsw^)%$#Kfs+&I9qgDfD!9Y8G%RLr@!32 z8#bQVuc_>{FEtKiD$YDYW=S@FoeHoE!Lbd}>jgqN4FndD5fl0yK3DAr8G>jkd(I0m zm9WO6s7t5!*C82CWUk5z@Uw z4NhNN7WB^dRsb^4ZS+3Z2OWgpMSC86I!x3Fh347iy%}#P7*>n>F|j#2KR{Moy37`23R))R# zG3j)p;+;Q$If(Qgdw(t!w4lej$Sg<$PnjQ^P6c4TpR}EL(&PKUtx<4eZ=Da7Q=9RN zVAC1_Kj;po^>dMi>(sPS$NezsDbGNC8V*t2!BuDLXT%OSl3l0jua5Z=9?EYa0!O2| z!4X?(%=6hE99t|DL$!+-eLl@jT~>O0W{=BXe7XsltZ^Eh+uaWAg${#t9#_P~j1wFK zyF@ik)jUbna?-M5^3M@zOAyDV89-cr?8o0WpZZ8q>(N~9>ky|{n7QRP<$G)6FlkD;F=_6{n*uB{%@UW zkLH!ince$$hNmDXBG081i22_M)*n>mubPpj`nx?Ieq=1X+P6XVzxbKNker^}bn zGcv{t)5hctSbarHe4|0i1uvUkjlL{BvK@eR`|{z+5g~$CJ}3aW>1W(6`XFOk6Pp< z>^K+g%g4Ii-^HDbI0f{`fMdlm-~^}aBoQVnQE!V1IIZI`#qKd{)a|u&XI&sqO6LT# z%ghX&y&q4J-N+bLk@ZF009rK>Ooy?T7BTF9yAYaJM?e?EM&oWHM_wX2)X_@cU|&XLPavI1GTAp~)A z6r6$P@Y^F>e&o+KmRI9(BcZOPbS`V6Ha2z;v2P!|VCfy3_oYDLY1UT*!dqMQ*KA9< zQ%E_1Eqh+dz=c^Et#-9(?Q&{7z2a$L9;t}HxoY-e7C^tNM~-|I{Ls!cJF8okyYrCs zdHRwtvn=-wAz>hX^K)yE$^c8t5*9@i-6^CVwLaAc+{=_Jb(?3|Q_ zdPW=8@UD{k481IjdJbEw>1;qo@%MA`cBWs}Q@E?oy$7yXNuF#g1T;GE`Gi%{(9=tj zCH4z5Uzaimg@lZ^sKqR;uI4^BTRhUY-~g&lNvF+#kP8#{b;)|%-}qHin5vg0``}1J z$EJHk20XgvZf*GXYTq%=SmG#4+giEg{gv=XIm7JY;BcOyv)z>yG^~iZA+()e7et6u z`K61&PKD3Mkf+;EFkxB&Wp#F)WST+x_@&^YD5;%*r!GlDn-3YheE=a z;o9T#i}vWobz_xbN}XNRpP3;i_#L!US23tsFxHP&%?)s~}T4s@DBtJ3XP zZJCZAsqN%;Uf0j)!of- zstBIm8WiZWh=yadtb@dXK)K%LFXJ(+MVZ>_+guy_d_zr@;Ip;dQ-wE=YymF|h%q%V zyg!$^j%thJv?*xppf?JGNR57YXj{|!6GAp%^xGtFf|{CB5I@~uZ|i2zbM!7djiKKJ z?m0eUA*CXQJ9P_rPxnQ?rH8^yXwN^Ne6ax|Z3|(zC?>yPO-zGvSGCF<+0;{iLJ<&M_7~S= zp6&)KoIU&6>T}Fql$+SUD|s%~k|EWD83UDs#goWN$u4UUDN+3`U6DXcBpQeex!HA5iz-H~|A58s2+8uHIF9^^jrD*dkNp)TXl-`~>f z$`n4pA!Q;=8r4TSj3PEyM#oY%UDXOg*imUNwyFF&J$l~8ob+Xafg5#mDSz4rI(TY1 zJUtNxo<*B+su2ET?_IaaV+64RNoidm5$eze}6^0 zs*0icrI&{-Xw(>@nGmrf-dT^#7On)=J7ZSxvLVx*>ObATJcw@NYq!MPoz01$*DEG? zQQpi%c5tPICE9YAS0>OB$^##3z)Oz z3JR|o5c%;Y*?%i;9YRv4{cn`-7l^HAZcgXs=MR={@3w%^NNBDU^~#9PN=c4jJ`F4LtEn912AVuZZTSf~IqE z+WSd{5ofOoooC9%F?q^uBNDB;GJwBPQWTRmDjfNHX$M&WP41Wkt`4G= zXZn8w5yJwlDyvH*YHDQ_Vf8cuS+*Dkfdd$OtpNRC&@O4IU(ZTS8P;+G`KS2Sm;_h( zgj7>vd0K#nPejf~{#HPEqPDap7PaJdv?SrP>9#}-lgMT3TGyc@!8RH#!#)RyXSH+l zK+C&@aXscxAe*`+-Mvv=;$p4czxC!riy?#=#DgpwG(VX;5w#rZJm54p{u}Gfk<&G9?4RsdJ zsPS;}Xu;a_qoQXNe7yXOGQHQMpokod=+VxA=!-#@w8?`wV`tK=4Cg7J<2l36Lgtms4u8e@`JJE_ z!y~kO$kjvb@a@!|;H+X`D7G%{vcV?s{TA`IZ%;TpffFySCR4^A z5rjYK6^2V|T3OxG$0Z@`B{)new zlepIs=~Pyih$K*(>yB$6z^qU@%_@d_IU%d!Y`udK)mBEE^J<0(8UC*?H#bA$So>;i zsmF=Z7bLUU&${d0-(;E_R^xhRYf>`by!v8!{<@I!%kFQaKW__7zRj6*raqF2?s(}@ ztUgYnUUadv!9nC-IB7`|YIjuUJ}f-fHF-TMEPf=n_VBY?M`QzOP#Vb&2d?fn z-h}pcY==g*%PHmkDlY^F%t=D!`TV2OMh zh-dYDu@s{u+$B_^vuQ)xXT_}K(}Ghg2$?$1(7Gr1OKrbl0}PAq2_LfSE{98*Mr`_E z?b)d*8)onPMRpWNO%H>F5AoMZ_#+}~jHF|oq{H%S1q7P~u_q4_<*$SO$vygQqO_yK~HCB^`l>|}}DdQMcFo>3Fs=q#(%L&%fann4vJfs%ILv;ws z!|MY{4sYcFWNKP#?(!I@%<6^iS+13#I)WPkvR|S2ibR|YsV&o7LtFRj&8=#>jGyH)*%k58)Wna%zcpbVgoz^Ej zKYomSu9Lu^tRi%Eb(v?|h!mgwT-{Im=CY4JA0_huHb3xLbuv|Q`>(jxkd2~Hw=;`(Jv+9htV3G zMgwh{TMpgm56x*!OE75DjY$BNa;7zbRX13h%OXoMEZMzaUyf%}03vQ{`!b&0FgywF z)r{=F&4VTPdZlx@m9}(KCYCe_*?<)F2JR45>#p|gLoX~&x!3>Zr9Hk#i2vXUf6YB} zxFT>bp34c9QHZ8+yyrH;p7pSsBM1*_O_Ow2+v3ZQXeGd1iTTXTcj{dt-um8|@I8j5;_q|I?%WP|^&X{ibvk<}^0v-Q^00-EqRdX5Ls8lVbNT zF7|*{(7H+hGH|Sf{p?kV^>2|suP?%5D9=RjMRzCxYo;LG-9Y^d7w%y)!y9+I!A@zt6Mx^X>KSf4=!6Ye}-q%ynJoc^t>Doek5R+tQ`W zJ;S$NzE?IEH7HhN_U^&D-s~R=U#H`o3P>s*`6yv+5vS&Br4kW(n!Z_Wch2_yV*e@E zC%RF~9|U_G;jAdifa;~~VM{Bc+aP!qb}6H4l#VvuS=CcCKzaT-S!)A?bc}f=@fA&XU^wf zf5|oV%w65UQQ5|3`zD(f@yyk6cw&DWBPHb1FJX|8Jd1VXS2))A@Ljd_^1S&@Kn-=} z=;%<=&=0pnY2$JO`9erwFuXr}s-ZA08&Zs;61?zSz5ts>7Lc&L#aj631wM`mGrB&J zK9fAn$d|g6^ZKtUZw{8{Z{p0(`)ke4J)iGowDuvZ;~K@j*NbF)I~VXy$t!!{d~d5e z(9fh`C<82t>}GoT(&0OL1RDX z)&*f_JB+c9R7o6HdK)t$g#B_~ea}p$(2m9sGfJ;o#!kv#N6#&oer0TE!$?JxgRXWW z@1wtX*z!OXiig4UE3wnA`$rL@( zA$*&_wHQKw`|V_$?&kXW@BP=skRcw7g6|&O3-jd_?$4H?+*d!Y|7`j3hR^;j;!t-Z zmM`wJvF!_~X7u1qQD;R1NBv40X2!klTg@_3tNd?VZR-XwB*aUm0R$fJ){~t7 zT@Q*-QfDl#J71jd=45JNG90vR8^HY;LcZ6kbE5AJT!SRLZy4T> z_+8Sgog}hBM9;#zCA;ZyJoEt)qh!7c_8p^RZP2*#lGK6 zQM3{{)B0M$P`VP;jcY4l{5)zZGA3$_R}B+L_udSmb3IrayurC$uY-&h0{BXx`K#== zlNHu(+i3DXSqceHP|l0(z<*fk!GE2I(yuqAX0;sDmC0`lBs>?#)6ZN*&Rg)t3+`(^ z`h1nfBA?o@BKF7OHC20oy9p1pY|EjVRG*#WJO0^$TL{;uwAKD^Ho_U`JAn14G2+Pw zxPVOOgxdQI3X{ch#i?h;t1ru}J>mKr)EB2H(F4zxCj-wJo!5t2pds_YXVHV7Qj>q) zvO}DkQn>Qru#Og~BLfRF-v;FE>~ZH5O@BJ7xx_Rsu&F+KQIz)g^Bpx-C|2F9*T%4e zJ{$Z+67`&YQbI^D=3=1Tn-iMOMsbG~9>>4TO(CX>M?F|;4wkTG0g+`A!=V*G_x zsl_SsUA;)@(|Aa6(q@$99B8(b4ky$)OU$RsdcKxfhenU@=iKNtBB}K$RS78n<-7S-ph)|6 zMygr&m5P-1)eTskr_tn*b>ePQgfe-5oBJAK(d+M8`IlZ^eO>uILTc^66eBW&al-@NVZ zcT8sUA{2YYWsLzwF`duuA)@{jOz;eyuc(8!-hS#^{p8P7h0i5(cQ3ocO#Ndqr*~4_ z{lSRlLQhxcll)*BCBfq3A1ZLt8W)0&VCyY@P6Li|r6i9OdxN?{i}9VdJCwn7YC0ue zv=W$=sHid2lX=1GA%&!a5=ZhzpB}(l%9b-b|)=I_Ytx-hFu9 z4c({>uEbX~n>3HUJAgzeU#DToGevA>zm$9e190I?a>}MN%&g$*x-}ink zfGQlBj#5sI+62#j9@W;z>l=DeD__=J-&GYjq#9jV-uCq)%WD`E*e4zdAaG-J+9aKT z#rN-0n&8P8CfPAnSWdV+!!htrZ3T%2WPg0p2pc~-XgMo~)HVv_$8FGFB{pc`+z4X`+t;r4_=0Zty8i0) z{lR*8Du8EH5n|VB`K%J<`3xUEiOne9DzN(?APwuMSo)mE<^Lv{dfah@Ml5j6nLyF*_H0s^@f@!x!>P6teUP3 zyTH9SP}#NWp1In`$b8Kv74pT9jCY392<`md@5^xCzn2Izx(>jw0^1Hxhph7qqPE;9 zocN>d>HLAzNbip3Pbe4bZ+ntDrMvAWisu|#G_>Jn8^v8G9-zqPE3+0zlZB+Au7MrC zYta@Vb-2zyl(R_1Z?RflxU$-xp>1$VeQ{z$$)fx<)8RB`OPv!cprM;8NgY`IJ+l>r zUz1i;^;9ta^D}p*rWY0dg{Lm{U1j2uvA2j^1%`@ruQ21gJNk9a)k#uPl0lltlY2XI`_ykZdF`x5?1?1YNr^pbWDJ&nVvilst6XyX@+E97pD8 zX7rWL-d9??`>hKWtD!RPGj!2zVb)8=svGs^s;c_bIbO?2HG$E4A$R9g0KK)rXH!+3@~f_N3kf zyNf!!%4q4xAS%{Mgxg6IeQzfqp^_B`=Uk(3<69O%#@lz4BIfwLZfLhgfrcBtQuq&Y zUO&JmgNVfY)dJ?CK6d!@>Ir_YL*nZG@*y!Tq;4%HxO_JmrLm5bbNN-{p5F8k*--h~ z(~aEw&kx}%eK^hsnz5wOF&gbK&$R)m+aCK$hqhL~{kdO$SEMZOi8{k{aX*7Dk~>{# zD9yb~*yZ>J77J@$*1Fk~J&r?$c}IJ@dHl*y&4LV{xpLws{2sh6&-B!5&w+_4Up9<+(&>B5{sV(IqlPchGqJaZ~Wh`?GRYNfds$FA{v?N#=0W_Sq#q(d-n4lpOfyr}|- z=zgb)c>Xl$x`%uH`ZuGt@O9JVfHURjJoA;_6bd1m&H@yOA5b!T9($wUpCA5H|b2;PKl_kH0J0Pvpt{D(=f;o0zOvBa73t);u`Xq zVM6!@h5YTb(rG4qkV3~H?#h49$`i?q)p?crgLp{J`LyEbcf4nl`kPs z$Nmydrs%EU3T&Glrn?x#FbFhDPc?k$v5bm+5M#VzU_+aF^M^VOt^W7qxs4`2ECzTlrR@)% z(%PiD{c067!&c@kYuboB;-5L)v z0UO;>o#;9_J51K8Wx5So93w(&&N=0RkFXZZDq12$?@c*kr~r|Qw761ZpTz)Rj$-T- zZg6>l(f05@t>66Xs+A!9nfIJHStK0PYIcpm99J2za$~m0b`JfZh-@JeLnAw%(Pb~X zhI^IKB*gafKabud`h^nl=YOO9J7N!;Ja%U}y{08g8tNxmY$s3yXrU!^Xx>na1gw%0%YI8<})9=W}kGtn(=C2VxDO7}Ok8p6# zz!Y!D?=aY>0!^y0^|hzv`x1@H>|3-Pek}uZLI|FY^19_w<;D=d*Zzu+Hz((p=H0l! z#JqN5+#8liPo<=F%iP7!b(!}Z7QM!RHO*qtd6c#KZENV7+d*;LV^OBRT#?giwqi%K zD+|F_n&-}r!el>(t5>`C658?@F0u(hC|l8F2n0w}_HRc&PPqv($eQ5} z94Wx@Cdt(+9OS+FN33?LvZ%hLnqK15{4Ug+a>(EI;07nJ#n~~E-0;8?1*+h3UaFW? zTZ!4E`B}Y)HGb3;Iu$RpuEMXC#;UCvgiTY`hB+(TO27P>zR%D2dTDq1j4OZ2%wO^B zx6uuk9Ec5&ckr}Tms?`78mq|)LX*yTDLcEz&s{cgA?Q>ex6TXAJM!br$HR>g$Z)h! zFGsta-2-;|XrjDEbh7dOf6qYsCx#8=i>QWwxlwF_^gi86AN%Q3SI=KCYcu`WZZ-+? z)#xTcjlU|Rj0NlGR0=*9tFLFj0EbO0N5^0;869o%nSZvhv*k~b_sn97etKO5I!Wcl zz&nMzb#LP4SD~&eE~#CQt_*FAr?S631A9eg&3#FXpH#@bcjE(Dzw8&TuM3!^4Ma{k zYrS$N59TBazYVt9R*dt;Pn&6NYC#9dVSe)gToDgg2mn%Y4wK*B4Q+S-8=6Q0cK|>P z0AYAayp(8i*ApO86bH*Mye;!u!|pHS7a{sbp*?+ohb;Fb1sXtTJQW!FuT*F*z$t|e zDEQX2jj6$&7rLHxO|{%OP2UpQLtX6kygu_>CE3o?rZyqCVa7U+k?!RCg7@L#{MbOZ z*6ylas+)L`oQkp`)2~{SuJ^<6t#g#9v)#}yInpPV6SrOYtv`Pz<5({!l}Ytn38#Tx zSK6d}<({2y31NHvGYvmp03c|tl~%zd%<`)Rj^Y0!(hi{9lCehdVphBB`PY70t|*s3 z^71|}v!->c(BkIr_?n!!M0QJFA$6P%I=jkmIUY%q>NgZxK9kFIkT4G!3|MKCx%$g^OlOi-=-YjUX3ML7nn-Tg4P!JYQcix2^I~_397ZfBzl_ zp({)o*(%A;e1n2+YS>sX3ky>d3n*>aOk4t*Gk;U6Y4m z%5#k{L#x5>oZB@h*b}p{KP)tn)c%`;`kv>QLw1yvqT(aW!P>__A;_hBWS{Tvs|NDn zUMzP1&x`md|zmY3)o8zTi8m5WGERGpcpfe?TH8yDr7#aW}Sfv@$cnPL!f9_&PPd-=6Tu4i14WV4w!@84)l4&0D3(iuidjDX#g_q-m$j0&)N@{n zT|S%yLulEd`0@&a7m%q!(KYv&O{UbIc<)4?s zYw*pnEiCp0@;{sYKaqss_x}6!|04qTzmkZ++y2LU{`a?pu%D0`o1OUY*MGcc=eKJ& zj*N~r-+-=r9J}`a^?Kv9ImY9(Jtbwp*r@~ZzcA63M*kJ9$QEKT@*}_x59>vDHwDc; zxUKN|<%xfXDuFToTSLPOZz!0});}QN-I)wsuId=!{ig$#dP$RnAww&JA7$pT+i9@FRot2e0BU!7x4`c zF@%*QD&Xj;0TLFP+t|n-eGbEhj?D?uML9;E#5AY-AMg*XjNt?1278a9rk`0}`8zdo z?_c@Eu_pOiMXf}lXKCA?c-z?oDc!;U^c~Dr$sYeZ(8MVlTYy_YOboFg$;{`ze?3Rf zi9s@`69Y&VRb<8b;w7Pft|yx0-|l_5`|XQj)QwOxb3D z3S@gz!t^S*9dHwH+%Kz)*D2k#sl_*Yg| zf*6YMM=UJYOOm?&rNEI;QzNOZtyQOIXd|bgDWLWC@`7gP=F;Q$?_+m2z&!pFW@j{9 z0*BL0O-=nRk@ok;1yb1Q|F}_b?{2s#olFGv$Y|QR=k5#Oa^HD*dbEyIR^CJ+h=%h= z+xL*%^z^h~_L0ewk30B!pqwh~3+9R0^uUP?ewKId-kq5CP&q-KdvbN3HkIa8{*KIC zJV1u=QwRS$N;9xN2r;Y-paWWxKyFF)p5A@LZfnxyG>O6A-`QH|?d~ zoIZuuzn_ld(E4eMgn4rg_aq4vTc1Al4$~$4*Ubf}6dg3%{e=%Z!$xheX;edht&bGs z%L7tiK28hs4!yU;&i6621XMNla9R;R@I>YJpEL0Cs^P^GzI&H&_x}Bl0Hn@Ut;$wT zQ9C5*j)x1mY_b*V)qG#??r1-?oY)W4tM&)jcg`rFdcGZb$k?Bq*h`uh#fVS3T%5UY zRfW?tFo+i^Dx@mtE7X@lOI$V%Hn$C5)jvqFR#%VJWYD-_=2Z6gLp1KJC$#HRefo+* z$mRAOTH%~g5LjH5TDsDk?zTJ69yStAGr4QkM>|&UEz}xud6Ta8G8O*`YO3lQ;sO(L zLD~=@dXY2WExYp?XE6FgV*YUv;)oq~x%ukHn|&e=#Evj1!%+66e=u%+6C;Bide4Mx zQUB-LtNNbKSB_AVfhZOz#MkzYdJ!wOSqvscG?!#4>~s%Kzf$v|1fS=__Jr$Uwe!Yq zM;l%Kv3zfsm{lh^6S>oi7auh7)6{d-y0fIv@m|FS2p^H95K#mrkJmGwi#1lP^_tBz zb*=xJ<1*Cy5njZtzd3lnDUfJTdDC@Or(-zG=U9)-D=I4Rdex!#j*jh`>u z%%bsDz{u~ce*n|fOiX{gx5u$&7ca(scU}sZ(vsVz1RZxkU!?B7mPNkXR+2^Wcvgcy z+I^(^%gI4$-_FphX&&?T#%(EM)A`HBENug#Ec^ z(iPv7$YZp-ZdruIa~41kp?N62e2}z*#>Jw=!k1_JC!70y!#DQ`$hlTI+bIRTp}RUP zE;$#qU6-d*}HD#xkp#PYk2nl|NiqsJhUalh}bv|A~}U`R(DlhQ-ho z@c8oc&JF2&44kbDKxBBK_b8qlKb~=0aQ>lFscb7&xLM|+TW)NBW_t49Ht6>^3c+al;*O+p=lg5Gy^T)q_{ zzBVU2NlI4IvyK%VYy{d&r%L+b;Qc8!k~uj&-O$+we^Z?fE-^;Cb#Wc4aXA(m?go)C zu>yfDrI_!lH7a$=S8F&s{erLpU-~t6MD^iKe}#D1*eLns%8-ObZmrD36c=Oc0PF6 z$Q7|I>UwnFK;^GM8wFzQ&zKjT-z&lkXCP>6Ow~t!LLQ>J;%+dHxICJTiD=6=sT$nM zcHjS#elGF4+Bldh*c(*-(ECD~B7IsDXpCc>M;30`Qh39tfu~YA4=bW3ls#buy;X@+ z$G=MX@~2rp>SSpJK8)gMe3T3JpdTK{fteF;CcTD<^2;0(ceqGdpLnVxU=7x*W@z~3 z&$~k*O1^>6Gp284pYL&gb$|_J$f$%;^XN|ZaI8sYUh-kC(s#|kU>0w1X2g$nlQbRF z$#35lZ@Nx6B)h2sJHJim^F)6#LDawKVn3dV^GD`Zbj_M5l_)LT8zvUE{Omv2LlAPnKKi-WQ!S{osr36}3^3#U>AB6BV_cks{rcFph>iq{a`;Cr4|7kc{%CU+b zUV!vJ+a_rc1bd9cqECqz=TD&FzHs#HH2^f=q!aiI`Xq3%|Ke)Q=B`itaN_TFcmdxU zCOF5`MX$-qtq=XD?gFxxau@1aLtA6!+ ziAh(UGd)r+TJwb(&ZCnp0Wg}1%x>D0aFuZP2~P1lHq5w(R$L0~)^KJ@{V;7;$P zttE<^KhdP;;@XX!ohG7uxS-D_+r39Ohb!-@zTdVUl+HRl(ccgN@s2NRTxhyegk%mS z9Eg?n^aX5ZbhEAsrfp3+@ND{zKwD^(=;1!eLHvdEM3>nb5W3}FC~<}MobBFtbZYeF ziJCPbNl|j3VbocOppM0)>Pwda_m&vmbv zY-RehR>Hry)MfS3VuWUmnKGu;X_PuIA%eeX#cwrtKoV; zc<%Xs%7fqMafn@qj_JlC2D0QAGDi^T(;GReVI;BIl`fpmomSIQFAHn7#o;jSycg=y zUS75Rm>JLE(^#a+ud1s28Kd&;ZKEGXGYz0IY-*W7m|B1lXCCp4bDr%s zI73wT1+0d!kISOppeG9YpaETmiPX3*43FwdhkJku(L;@?9`ZDBFd` z30jxy{whL{^4wWXl>1yS0H3TMf#k@GNIW`sa%PpPoGlCr3v2pAFEMz?O(Z%+yuaKl zW+r>{dOe!u6CvGqmRCo62jXC`eziRx={0F!(e|EO_%gXV2LPVeG`N}W!d43^)gPSY zvex8=7%affWH*Z3vJ3dI^Aec9*x*sB)}`-znhCgT)0Aa5X z?+p-%dy{1_Rfk{k4_`?ib}gIt7~^K*b_X1owsP)^7xv3-Ys>zB9QtIpb>1o|lU>`!Z>gEzKM<|*RMYd0iprpw6xoM*RJ{}FLf3JSz5So* zX-1`naVknd&LY-~C$5ksQizvfI@tsH9+7~1*7H$G8vkmQ?1LifvY5W#lWjuNC{EN? z{7COhHa1y<=)M8+Tem199^4jAT02=#VGMKm8CM*vyxIS$zDMAGk+t?KwM zBID649wNuoR8P!4AR&Xy5jw9``nY?UZ%W^rO_Y79esJ7EZeW;RaSmOc!aWM|H1g*c zB1BdD7|%!Yi|RkMD8w5cC0FI>)l}rMuKaUejVg>WWBRG>gnx}rg*xL_w_}jcX^+6k zS!tiTK2ipH?%WI{K=vm)^tV@$D&^Q`s|EDUX@0~Juz_3GkZv?|UOV;GhdRpOd*~aY-YI zAa)_Z`^_XvhLiEV3jj_^4VwnwsxOvbKR^}j6?B@(RuyP;CkbdRS;py{F{^BKe-X{| zpzP-){j1}2tkkp;bGCR-OO6KHuNNB!o0t3o)QdT*$DsY@nCjsfs&>DklklNCq|f|^ zd2wVSyBr?15}jPpXUXcd%#`xkE4+2(?98!lNK#(hPjhdk$e`x?z|D43M)*b`;3&t& zD7KsjCDu5OedaLzQg-Z8ZIx69|Kl5=a8>sXLnci z>YB?jG6HChe&4sftxmp{Day;rNX{%& z5wpP@7TG`}^gW(4j@#glx4ze{cL`is2P?~&eUEfAgQ$2O`X&SQcEjkX4BjW^;lSFy z6*wdo_WllNigKfwhjZ-c8R78N0V$DASN{X%z0}1KuMAXA=$xvQAhzsw{R{8*)8pnZS6lQs262mP;{?jj;LI0 zdfMKultCw)=N)g-t@Z^>3XWKa6}x?*QHVNr+uTK^xY@5!4B~#==QnOQ=zP49(NkwV zyMl_Csq@UY{^D*l`+|%*DtSmDfwN`E9BC9=anVc)>FtKac@=-Ni~9Y`V=M3LLw#wk zLbPdE=eR}Wi=7668@c^L23~^1_V&f>59$Hp&cw_*H>e`|sxlxIVFz2PP^;SV?j9>X zS>Lc#-_iEtS~fH?v{T9VeC%~{lRw&YZ6J&N=X1;D2)A#RTDR$VNDM4RIWkC8Qianm z)t49VL2m8^5u#{Zx=_lG;VIAON>xNPu5#SUX=f652)SJBK<4V$GdFPf!YzjLbC3Je z#3c9`)NIP>^2$A356p&p2Zr;t9vip64E-}>RQkO~y+MmbF6Kj-aHViUs5mc9%k^7o zpjA>n-Bix|5FV;83`(O11cWr2Ra{FINOlb<&jP*@nD}^(K)22TFJH3&R3P}AP}8S5 z00-oj;qesnu#+inXci13wfx@SI6{q1+}6sdoG`mg4egj?qTpZGlOx`z2kJe)mWd5H zJv9E(?wTn)A5k#HQmgIBc}o&7CIW!|rIrq-4p=d86U*`ybXa_Rv^{Bx@hb0wN~X`Z z9^20+tl{|eic5!gtUPgEe?n&LS?%e{k50kG?QrjqUAbv(ASchebzFCP(D--@S-BYI ztutu=M#jQ{5Lr5os!IWzsT^r0dD=Hsvy4}#zw%q=1yjRUG5!-Obl#ix{O{&!GNki} zM|eH7_oPfEr61g(-Wtcv&qjl~JSY)z{vcLS9 z_Pk1fuGr;Zm00n_5T_o!oHRMZz;*Th7ef8^{U9KJHEcat8#_fp53jygAjyoH6ffw)E=iToc0yUeVcmFSSs)ijpmlk%53Acb-vjC$-Vv4<1MY2 z@{XJHfwUG8mlu;Ci|W7nSI&44^iS+lF}Y@n`Mm-A&lekePR$>`s^gFpJZ6zmDI|+g zFEl#Tn1_)H4x{pqM{f>2u^4)N>Phyp>pD7lsZdjAcM1W8Z~oVY-{TMg7JmA2OW~XTImUviJSY9o7wjDQTd%(N_kB9uwhXkb zPx(mLq#EhOUEK)RjHkTEVO@nk8% zBDPp@hPg2`)Q@)A>mW_}eQgg;$zDxod&d~xSrqtE&NG3YZmL}NRJHqGnjwB0lfg` ztGRJ8t_JgseDnopMhde@&`o?^JSP(p$u+*r0{3lmG$c6A)oAGsqi?j%F8^Br3HdBx_?gM*o#t1 zy3k-8U^;L9`L0Q0O%%YJzcu}CMo(h4Yjm)xBaBL-^izfE8;q6a(iu|u>V@A17-ZLp zZVCH$UusON!HI8$Plbjyeu6Dj}X6y+{mQ`mklcSs+T z(qU$G>)YA+G4dCs{or@TAP%jpp~rCY0fkyoJ8* zP5&jlx0=CDF_hV%$Ie|8i6~wiifgFk7xNWcojEt>|Lp@-K0Ev*X4-EUHJsH&>XvgZ z5mZZ=J7I%4HsEheITL{lPJ}Lwcbe82M_@8f51aX?}_n6GMVl+uWWA+ab z#|D2{m915z+NiMqz%R5tj@S*s`T7IUT)aco*ID@0S6;6Rz6FuOv~nLYr9G&UHxaMr zHR)Ov{SqH~Jyx|1tU)QIvr78~#Kb~AX5;|WJm0ZqfBz@u3YiyQOj8@%7DUxh3zc~3 z76))#W#;Ukp-*CoJ&Wp&*a4*x!@JJSx@feDgs!-3PUWV)nmLY95efKAHi)$F!5o3)z_sQ2m~PiR^57aTPL0zSUW>)-&~LHo91aTgks)|{f(IMNpQ%J< zez-f9na6mjHb&$2F7d^v#z}qtOY<_-SX|+Y7Y~f<4io`9O0;0jm2M5cA9D2?hVe0* zY}OOAsb9hPWA#8M)9KDp)tJGMF@*GLkEFL?Q0?duQt-5q>v>sj!SCcge~X{^do5z2 zEyBD{puys9H<|22z)GqoEddxF_fF-Xr_lBZ7aS=un6kJ|%HHwXk6Mmrf)JVdRDACr z(fa(#fY!;a(sir$*0-@Nt&L4(2~Vh)vX^me0QIlxPEIe$LghV=P8+UMtIjPaF7fxW z2~&j*kCVr*@(>H&q3q#UbTQhWjNd2qxo*s{C&HHdj!EWMT2kuae}axY`YhD%MPU5Uh^&Qo@xN1V0B>_?Gaf!uTIyP;n4BrN&+metJ>QhR0d(2 zf7I>!;caxN&^10F3_KQ1v+dCVOTMiO2nUOzIDv71t{#K23_abEpceI^ju64H)h9l_ zYTBDTqJzy>uHphF^A`@DJzvp`Tn6<&Ml+eOTHZ2K;9)uCQG3yzF$H6MNa}ATU^7kH z%A}xXSYE-q7KV0t6R-1W5vp41f3US=%E?L|{iVqBzzg91E(@kT1~OT8k3H%3Wa+9V9yasr2<{*!jbD`QlL=Pe%?s6GwGC2^p&SfB@+?)*wv_h=455 z&l3vhS}2%z-!@gi9H2nYA^@aPXA z_dWmWyWkkln@m|!z&!T6w{zn!(q*QGZ4{~qTn!-Up$7{E9RRHeDyw8b%W$ z5$FJGdZR0as4zQe9n=&z^ApTnp-P9DIw(gZu)q>%(7>?MW*)W7=El`*iFha6_4Ov4&|ZNkH z=TC)@bLp$|%__XehY(tz(Olr!?c)9e>3G_bl);=<@1|~!5YmO;$GTJufy(8V!(pDh z215)(2QELKX>T*Rf#OS2M#?o!(BE6~lb$CFmJTZ(M~5$U#&NiZ$q381pAR?=hYjlp0#e#d78BCCo#o{r7M ze02s^vAG-pAdGO_qq*2#?Ozwtbx=N9o4(&vzHmw-?G0D{uSjW`R%5K_&GSl3K-vX_ou zqE{RaOU1-|*N>yWETOC&x#i;?1&MvOcqhu1(uO6()gi%%a)Kf6c52E8L+oh zj@oXdc(y~hHRhc%;|FeiI~wTrSxF*&*0K_IrWZTRrA1MqKMlg3#7B*hM2;7G-w3CM zW!m!Rs#lfZ|CIeHBhBBL1Ncvuybo@mvf9lz%VGI}Y5BYf%Nr$?Hey-aQIL)zhoz`( zWb!D<6?TJkarx8k*ugvgKsyhfM23M(x~MB?kN{wJ@`s*3D)Q_ON$5fw~*vrKPV@NjFwBVs|J zoLeo<$Ri{k?=80+-8qGRBY~lvue{zB1z}C>aGxW=+H%+nHMFe$X;PGc{rZsH@Oxk# z`E|M-zy5n-=;5o~f|0fWf36P^5dzD-DH$vj96E*6^=KDf0D^q#N7aYae0{26{q>2t zA3*uDQro8Hr4acc?;MwVn*y~Fd$}W807KK%^PdEbfjp#eFxZE90D~#({fWMU0ZAP@ z%V}aK^IgI0$A~BwHkRktfswxHc+fO$rL^v`SF_!4LeQ}gz8~G@TBn(&5c<6A4m{FZlz$Tfh z->OhHiUDY5^YD)}f2b2HeVq#6OcF3UuXZ;3lSU5?Eg!&3@YP}e;H_{9M{iw{D8dCT zpSo;K<+7O7(x|AYct7O-Y1FIYc?q~jC~EJ*B=f+ssP21(d*b;IF`tW5^TDC^yI(d} zLb&VI&GG#`5bJeGvOg~YY6zfBv6WsuHGQMAHux-n!UuG~QB7F!zW#u+T~_Voh3Bst z69wVP4Z(6HE~kzZ62RPOY=|EL!9vnJ9Qa_xW=s?kz5yLgjz<2y`XpWmuS2c_h{F&t z3qkEk$a}aCxEJz5>`Bhz-&Wv;F8NKi5Rlse&B6J&5>r^TZdy!;&8=I(Y=tSYwo^aF ztU0vHf{rjfL&4RHxFYs@xJR2a1>0s(LQk=3?b%ryyBHnVlYz^+!x0@ez3M00l{R61 zc=$Q0O9bQ>pSD#*p@LKy7COtBZvj+tHp;0PO_vwhsWoEf*ME5lDjvRzcGSdVO-^?J ztyU~K4i3(cUK;4^{Euj!&jOEQj=E2@OC)w>z5y#!hU6|Kkb6ARuf0h;Hwhmib4!Mebq3g6!yM8TZ6-kXU_471vK;;&xdKH47ZRuNDa_M09~Px zxs&9euK=^QrK5}G)X@YeR$AFvH;`Jq-K#|A5r+!W`#QKA0CQS|REUojN=ofUt>6yf z=5&pUZCvV^GSJgD1NtZp$Jn$lxe@5YhWq3npU!6~uq%B&F`p5Bq*p@W%3q~$+I=to zIfO>L&iLF1Q4?AlAl}eoxG>CouwKgq>=o=`5xTmhBp)i`uhl3eRg6`egiuv+)~UCA zCL;!p{|zL@$ZtfY1MjKm<&{@Pd;=yAG-qI$lB|y0Bs_$2V_+$s`$xXLsAEgm%dLojWFFgMG@?}t@J*#oBe>F2o#Qr zS$_QnVdJJEP&-MK8rAMJBR{j*K7o8 zKtlMF6SN`@ zf0=YN$ze%n45>fhE%MJJ*crF3s z zx%2wlu^nQHKL|v%9gF)mx&J3ausg7emMi{XBW>xVVP8Hn7Zq~b(Q!+6rE?ApUTnDB zu6bzTfAp)^=_BEkH8dGB-sDD5Td1o0DayuO;JYR2&A_+X(`_?=IS^9A zyl!$^B0_K{IMmr9#B2#$`x#{br|>v#|FnIM@tNDsht4GLgH=_p^I;~k&;){zXrh|e z#fBCRavgJYRMl6&ifRHLn5J2JiI+wCBIkOqG$|QpOk!*7#RR}H;V%|zbxkhg${@dV z`tW@>qY*N?bDP8rS|Hm{Ibts0R zTHrF*0YnVYng%IRR@u$r6zW#}P$PL0U9Zn#9@jy>q#%RSOmaIu`K%Rl;eCq53VxYy z?Aa>fH1INL`$6^03USTje5UgBuGr;$!(Bd-CbOmQ>kXl}HHU0jr zE~KJDG*oDf5kz~^J$HJ!^fUhWfnWvmPfql&rBgYa6&{{`b}2dIMJ4Ca_DPAryek#8 zML2i_IV-#u1+wekz)YGOwMY^g&;1%*$MkkOP3)T0I8-8qhcrP3fByU%y4(`mU*;S_ zvBSfLMvDv#M958OuKmIa$G_xnAx@7`676Sqf4tsh#SYH+??->UQ9yp>`CDHO1eV~e z&H8Sv(*jssV&QUkPYW794&#O|QcyH3VTJ9w&X*$Y^SI&?61$VO1b+bd6gTsd3(__9 z2jc7%?9ue&5~90XOFLmcnW_6V-L3H-)xeVdf>|g&YEwn zXK%FBF<1mKI@nPlC}Iu-YxqF|xUWXJSz|)O$F- z>L=m9MCYpC!BBvu$Qv32kj)VA3?69DwjOSP9D%4UO5ewFQ4e#Og4>I~L^N0MFE_I| z*mnaxY`8x<4NZAhkPn;`?_l+?Ezz(&vN1=$;JIH7UIxG~^1?wRKXG4FJ-{PP4HsMD z(-If=d&6cah^GZJ;KU_G6CO{V{$D*cv1+{Bm5ygTG%&AcAb+0W&v|Y(HWZ8+JXFJ^ zQAQm-I%kea#7+qWX1s#T#DcVxZ_RLjn%rgn*Xi=AseH=HU|8^Vl>tF$f{w#E`BzuKU-%rk`3cx@~ul z_xBwqoTy3I_~?Q;S3b0+(4*^ASV~w0S)vK#)R5abtH z^B@x{ZmXgJpO`BgtO^IF+lJZULDAP>a&j*udwt2%e(?F7e(DYv1i3DGI1{5qdaoEu zYp&lYrDN)3j?Wd)6(o#KM#(=086Hit3r4p8{c~DB?~jfO*=sjqXIOblo8#PKlqbXt zhazyhLSHEeR`Dy_amu_8!75BIFV25CEb*=n<%R%t?{6g109*<|6KmrVYTJ&g=zNe4 z$aeX!Jr6vYVpg+2g4UW50sCIGgzEEar);;6rB=BW{<}BXzFt-`+?RYB9Gryp^vq)o z2r|*gk7ICe%)^la9VmpDQ3e};mPbUo*%m|{gT84*srsmLLFfJ(#oWbGUg?kT505T# za@cf1ehb)@WTF_PfQ^^uPB2@3H|oPIo&$pe|9^eg#nA^Yug92yZt|X7M+XIu zA(MOpR{`ezT3hIY2rt?J6;r2E5#sScV*fZJ==Q#9ORXitaf+}z4*kBwPrErFS3H7& z+^NqjO4|dKKyt0>)B50PR0tN;rIz!#ZDc zbONu(p4GJ%LycFwl=(^-7TmsD<-BV-Weq*GpKEa|1+*)fAz~ovmI+L2o6WLVy zV>z1HK^@GbLr^bGG}by;*SbrIHWpl;D3*n@F_wa|o`VW6Y@7x`A>`g109abOF^+Gj za771a+`(>TWhHx*Bq}3%dNNVTfQ7-KoRk+^22^}*8g?}sM_*!=dv5ak8UZ2K0jDIo z3*6@&p#4Y$V-T1T^F~RgzW^a`Zq)c_5u_)9U2cSTG~24c@U=Km@_*=h>$s@8u6=w& zL=2D+mF^M=NnuE(Q$mzR=|*bkBcReC-Jmp5(hZ_0-8sMz(j7wx2z>Y8{XFmed4Ipx zKh-&BpS{;!d97=aw8Rohl$4ZMB7xwE5Jk*I!iuro_4dCJZ{gEAa1?pJR9Z)tT{UX; zd;_qeFI(Co+}Tyn_J=d&9=-nch{gI;Pjc|O(QE=^f{k=xxomU~$=Y+?Nf4JTE-Ia?OJEn~Z z6nm+9KRPaPxbEiV>}k_YL=c{1WCi3LNV;O{kqaGhqZmPn$Zyjm(79K&b>kYD+&1Xz z2`8K(DRS>`|FcPOAR`&3!o(3xNB>1{V`Qs++B;twTmBgO09bHVDkK^BZO7gqrrgLK zmrmdA-sDi@Kvvmtf;@4_s~>5uzh}d6H}8aiy8a4AeAX> zi0Wf$D%m2Zd#m9sF^~$~b3^a`_Lzgw+&0+|N;pm&hn^boBh5lhrRm3#i%gzpq#Ww8Y)Nd8w&j zLf4;Df3iM1soj-)E!m@tHAd9tlC>uW{Dao&*G8%h+I)OiNyJ@5CW^;zfOY#Q6Hc`} zuyCy*mgNvQ?N4N70}`=Iy-#uO#{=#GsNq->?x? zoS|$`=JCUU(>8CGyYahEo<8>-BkJl=Y2u0Cd3c~Yd;f0I*&nnDxac^&B8S4q^}o|W z*Gob~;BVt!gGk54bf=X8ARL=PAt93HvH|i(8uBNI(F&{QPRrY37g8+<1yfutd57IS z-=aa)4a~K%*oe!^YXov!0!{0|yQKFlq_EY42?TL!a+zAMNsBGqKUqASR{6fJRmSyd zUKV%@62*+^1^3STWdcI#154&ahpYnDpEL#=8@rgddG31+@jZ%1Tme~X!3g;ESLDW$ zmC3ms>d2Xu0G6u^hU^xQ7sDI&tBXgWdm=;+c%;*B90_M`ek0Vc* zR*XO!f*&z+n9=Wm2n@Kb@m)Zvy!4NQ^_`pg?s=R-BD(?l3dRNsaU9R+%K%jCJ-E39 z6cp|bIxt^fA@+gCq=#QH%E1EaqGb6Z#d-3F$i$XEhD{AU=YpO?qs ztKR{HAXoFL@f{RkZGtQ{iQh#Tcct>&_3`lm0y71Y@Ys(R{S9Y9cC2#43v>5=h9+Hn zC=2J`6&WuAuBiLx&QG5LJ_U+*7{H27K-&nQ=e!1qiQOa@eOyfIKmp)mw7k3;3*AKq zO+MF6t8BfBFZA_#AW+cY4+;V-pBk`}*)YnT<2AeG3dv|44$wdZdI_3Ab+K>r>;!b) zwGxq%2KN1RhBQ_N?wj!s&H#}@f-xiDyCf6SK!!|U+B38Y=azIFhYIE?6Ci0zfC07Y z+EDN9?+;o9QiLZ9DRAjXn|ipqe>UWA;sj=6-4D80N5`Qkl^7L4`aQ3%0=_1Cbjsa|;J!xg8-b~NxuXPvab70}bjIEg zu4a+058$5xS}!z_4~&WfnI`oMUtP74`{lQ#7Y&v%9T4D8VaK#UVuPj?nPM}KU+8NF z7*w=7djwh#RBW!Ba_asjAFph<1=tTSxKuDU)8y{~MRV%bI9!?g872kBwO%&_zMCe{ z!ePc!^))Y`vsUVOK94Z{C-e2+zH#JXz9#QNR(Q7H!1XxzE4v(aOFfkL;HEbd`K{gq zZwcI@`CNTy`^3Mm?(hZx@D(Tc`sm6#IB;Vi=7yF2IXTx&5i7fIFLsvu z+XYOerT{eRyk%5~HEaopsICI+KCuDG&0W+`%Xo#=L$9AV8{W57JkYDX4g6{Q(_?2~ z*`-H|nz#4&hc8Z85cml|TPy%(W~0gKl4{6%Be4V0%TqG}Es=sz-o^DHObFDwIQ`Z9 zQG%LOQ0>Z%K+51#O9L-~q>lrD&@WbleR0h5Y8YamU4zj)b(t$)M1+Nbw9Q)^L*5Gu zjlXR>G=}n@s}wUjD1rVeRbp{lkgp8wh}EF~kGWm|{xJmfV?^f*P?Hs<5WpZl2|4Tg zbcz}2%nnWu2fuht@GG9#27%KVKiHV?|8RsZaagzxk}`5v%B+S8^6VIa*r)yNs*U4X zsN34^^wTRTK;Vf+4^|OGur~-K~7?an2 zjQ*48CP^tsnvQ`%QVC0|)`^slyUyzb|H2-R0*@C6uwYh`W>E{U>N{OLBHL=yjqdD( zHKqE!2QBAR-Y+%|C6Ar~ae4eik-khsSmasHI)`5Bh0N73{XOTEuK0(PVqNi{qzx3r zg9CQ`K~v^jp@iM5k##{#GEg5H@RJ_C2X0 z!LN;4zxMX3EHr_emJ9ZnWf%~KZ_oPAahYujM?cU~1Kv)Eq?8m;4?yec)rJ6@27Dk8 zA4<+w|GftOrLX6tK_=^yKNY}|Ob=NF1{6fmxF{;#{0WeHqXhjM49v{=y!71M6N8-! zkW%zGfb?8!Oe-b{1U4qb!25_4bbG!9Z50E`xqe{%=^>!I`lA`J_eTrQ`|{M8!Dp6Q zf*LL^UP3tNbo*#!&jp%xnp<0CF4l7IpS5hSFsFfJk@LNW4!08p?21N-2vJi(B+#!; z&c>$}!0te->EP@zle)D-yF?v++k@cw1W1eE^^4tQQ2{}_+(MJ`2$=f>0K95h^1#do zly06LPWjc*WEy%E1!kWADc|IQ;mlX3GDgW=c8#S<#$ktcw{8wv1+?Ay26B(U zaWE6G9>c|$x6dR^-$8C#^zR_#K$5%%NNT#tb0k+f=uH zHJ)q&(QebEqqn2uWze`%2K>|vU*v^-f`EZq!2c`B94=c^g-rI*{W|p0VHmlw-m03u zV>mTg6VHR7^7Qls3bix~%p(JiUanzfTwE2fPk;ddbK;mubKuxii*!njAO3{){uRK{ zb%@wCiQHxky4wnBILmy%#foLu`|OJxwVQkj5sTwoMa*4cprb2g{ky@>y+D7+i!U@9 zS+^`ki&8*D5nZR8CR#WU1j5bcD#(;-)_s<^LTVRC9N?5(F;PWF;UC0}j!2DEV;P zI&j^e7U>FN!ju14e}07Fxi^TXD=deHaIHBxIf1Q=@WOLa|i}r3+C~7fPgXW zx@oa)2^Ih=Xwd(UeG>Y+z1bJB5+x4~$X5O*R*HrM!l>aGu31n_^bR!bP6VEXu?n+t z^3&$^>AM^)UWXM=07Fneps&HKsDI3JC>L%R-kcQxtD;0S2*!bSju zBS!TsjD2o8*Cc*~gIN37A1XP&?F~8>3k<68r&ZEEjS@s;yr^`_yKZXG^!jphbF(Fp zEHyPXW?L2zf2A+1>(7o%%w>iY zDC32X;K05>6fwHIafSy5Y|k<1(fi%9|9HXC2Gwifz%EE8fSPSeEgnFfA7gsxNxw4D zanOw!AQbl>XGzGV0_Cu!j_NE}KIDr={xs z6{PAxU#|`*=>Mpi_VjCh^8O5J^Mi|4npeWfD*HV^Ok=# zTRw;Gqwo@=pI?EUQkr>@E_n@e@2o!P)?wPhK#Iy8ZzgNsEr0Y+1{i6V5%uByL+**r zPI90l-A3;bM%?&IEHi+tw;%?DQ^5eo@vE@;3D9D6qdUO6+y*S^(6W`qDS#q?uA|T3 zA!QeB-w9sy!V~~E@+?aH_^&6_mhku9Szu^4K;J5sUHwA>RH`Si$8-*O+@#6#jiRpG zU~KW!P#%yFTRp(BkPK+kFwzESI;f;ZXADWYfKvW~F-pl1b!W2RD2`grpwpB6tUV^h z-xOu0X92yU=gF5q-dQe`OhDQn|NIH)z~4{YGye66&Osj_c)yQMdj{Y78S*27US@kN zBRu!Uo>_0|FgV?aGQiOT%pJ8LVl!Eun23ZVZ!{hg_JFOr3>xi!fKFvqx{hAw`7D;rE&B40imiu%3${q-ZKIrw_?ucg1z}y!-z%%9Q*hiz7!jFd`KrZI1 zaaxJQ3?lic-{1~fSq>k1^yu=vbWVc+G3tE4?EMBzismXPw*d9TOh->YyipGLZ!8;R z!c*@Xo`Rt1BVhEiObK9V(k}U>0%#1#0C`3@zs>kB(2oW#Rz!Zpjc0)Q7Z(gT0P5~@ zGO|#+Y6OHl5%d>Qz>*d(Vs$55@kkl;OOl?*G#!eLms@0vLIi{hc08tvm_ZZUr+cKp zkFB|1^Oc$#Y6MAMb{%{Sn||Mu4NPE)nH|HF4rfBiIygAU)6$*1Mj%vJZEbDc3!QyXp2Wy&ETsO)$_BaZ04^*4ix3_UY7Ur{BXj_U^v;c76BR+ii z`js!j5Af4yOf$Q^ejN?2E!06M7|*r4dVS?<2%8hdii9!sE(ymax=xx13JuwZhkzA! zwk?7la4B-5$vP(aR z)zj-^qN6i?rKQDn4&;o6`T%=8NX2{~D$N3M!zY&%p6mNuOG8OquWa#|fLI;;Y+@$!u-UFY2$hu5wu z5JC&=op5^Nrs!9gqLON5eE8SJOI#6i52-I%P-tK(;ef#J*_CJj>CX2ZakjLQ(uvie zla#D9^bRrHiXx+{6+!#3INY?`B6RAp-I{8+-`$4M<-iwQ1|=sx%b~uiNOsb@l4#3v zWjGhp}C4Un#%6BRs* zLMwPEz3;|sZNd@BYr$mzOCTX8&ag#utFQq=T^(>}9;s~vs?b4ui4QiFYl!_4$a{fY zJ-9>Wd(goq7FSS)&CGA&yA0LpAFIp7Q7DT%n9V0FXMxpe9fV&kxrT+pjq;(7?9S!Y zbx*ddnWse^%jP2~2x@dUBhPO!)$!CZM@%HRxwrscyp_@7CJL{vhc0X#Y$7742S+E^ zzDb9$_u_hx512kAo>zl+-A0kCiIHHEH$GE>k%XGsE*ADw%bXte={x00$Jg8EvPw!Z z{RUnpSmW$EmC$1YI#ST|f#Z#Q<0`NX+>^=QN4}V6pB#iY` z)YJ45cF>_Lg)hGN_8gCn;NH^bj8eXMN)i(G)2n-N5V{9GZ7XGA?|TK8-RG=}s0HWg z{Y|acWVgka?Q?Fw6qSI*1b)0s;6BNZ^;|_GY^ya~pm{wr)0ntxBu_e?%xD@*y#QadwmjD2yn{@-}F5pr~Q(xoMP#V zRL@q7xN*GCa}huy3+)M8a2|(y7~J+9gZbk8uit#K1lDR=k!QEFC2$}|g?eQadgHV@ z)NXr4!kT7}paqA(X&L&6^~oRq{u}X+p|H19q##Z8WCY?~MsqsNxPKs&O2nBYDPu~+D4FD`~{VkPHE)2_uAB(`2j+|azdoJzx0jfAJ!wKpbo2vo%mNu@ zd|&iZFq?G?oRS3iVgmQ&k65_a&^WI6@~2P&A@4NacI+~s@f+ds0G;hsSK$s8|9?Dv z4?{56NOc;cn85u*ktbci$9nj43`$!BZ0i4h!#^*mUF=P>lQuo)ew_}+0>~WiQ_}#x zg;Gf83HkrIwV&(&x_S}k14v!Q5Gy}wR^%DTN7&Wz@&5mO$lupI^JNOAM05E_fyhncu%;{C^27-^8CIbT==3lVUQ97j(QA z;eC2l7SM^Uk9-EwhbscEA2y{>E)Wa9>of!y739y4H3VSpN?a!sujl4lh*hG&6^sLI z-4lfv_4VJM467?EH_jX1mDRTezRr6E4X0{J>GyIk;!&4qL;rQjwqxVt&3!S4)B$0a zI44GAgo%#Z;!*tT#^Bl1)Le;7NM#F5DlZyWwNlyNsLP( zu_`2L>^Cm)q_p|J7wah}C-+d`&5&VbPfTI+y1ELy+qTg2U)PH)k(+1NWb*l%3A9T+ z!2su(KB8Qd(+WRURh=cGBweWM-}8Uzp-UbaKE`;)Ys=OmMTgW} z;ys}5S68w7FS)l|?#np#6_ndO6(Bd>-{oC8jJ2zJboKNV`t5Hroee$K+r@Nr^xsXI zTy`85uR!csht2z*VwW)5>%SV}srGa@wVf{#dc#vw~^qBxp-|CN$Zd~GMF`)VJuzZizj)=W-+`HId6%wYmCOdtJJ!|dKwMy*f z_y0NumVCJ;=+x8~$);KG!TaJN|9a6(Y?3++@lU(Rl8g~Jo>=co6md0v zl>OFB1-s*!$H7jJ@mit|ZMBb8AzgXb1AxknLQnTC3D!Xhf@}467PCL#a{SM2lNNVV z`X9|399Wa(TBzxx#nuG+gtcTO>fh!Kw^GBTGkUe3y-#s;@Mmm-4 zRvt9Mx_+bY+KIbdD&xywcL?Co=}xXV+9 zHaSaF)GA|?sbpU2sEpQ?lV?l*r8Znh!V$VA-LZ3ZD6)s$D5df9f!v1l+Y38{PdPMG z?w}P^f850_C)e}PXBju=*R5MO;<(6L!t5jAyW@DKbvBpT*=`!$g%&jNY-uKVj>n7O z?8FF3msGt`n~GJ*j(vnvbkWrzzHq7GjDOw3KPEsWGR2>6RKIrk70BFi<@8u#O9VS_ zI4kaEWKNo!CWw}86s{At;46_;pCMEeqXrlm=~cMPZk$AMZ0YV$nL8QB4+Y+eOWpW2 zU+`oV8dH0F{jUWXn&I*IsqA(>91|IlYIQ$Y7VjzCS^6#dhX+HY+3iZvZ^U0mW-7GM zf2y36@-O$Qjh4Ig@s;sDduPT_N&a=ju#z-lgO^vN6Du$@IJ&dgip`%A)rX{h_Rr0q z5z`q^Gx0D@%=4d3s?;F+IULEfQvr!wVYxewyIs}NB1zmubvpc|Lw8qMThRKBeKPToPyNFUm%3Bb9X+IYKBQam>ifb6{1S&>KF*oS zx(hgxv(*16v1XI00=?aXU^WIe9u>Mt)lublFQxV2N4Pn`IY5iQNP@&G7gL-O;~&0d zY2BV3xjuEtnteB<`d~g7yVQnY0^Ib;vC+v9eRoQ==_NG1{e{sS$31)K{R8XB2z5Q_ zdt>rIc2x3IQE>OC0(1J0rJ0$T@rDPZ88Qk0`J8Fcbmp*Xk&|FEs_R(sK)brH;BaH& z`DV?bXxS!R03{hTPKDv1a8H$f|0wBY)b4 z=Tx$=bW$|)Z~*<|d$gcI(3bj)=WE2ogs9T0bX&KXK=k-)Lgj0|sx*FMA>CKs5JVqg1@f9gHm)>Ds4t^AivqhK(@Uj8g5;;$U^B0i1Cqnb;&%HvmS zw$p>>JBy_|f84#rs~&j!aJQ4Q9XKM8HGcEvv=r%X2V!FV4HJ8bUrG?Wa}p_mNszD! z;{p4Es7|EALW!!53A#r&hk}n1xKFr*LUhN&W^svGVYM!oyU2J)W=g^&@85jv;XBGy zO+jetJCSN5b@))i9Dx$f$^Pa=m%?3!5)Nlts##yNn3=%t-VlwLB}_duGRTL%x}_D1 zHFeb+z+hj@u)lQrr;!nmC03c2c$AyI1}Nxq5Px+q5)??E)+jWdA>x?dY|JagBeixC zy2R=pG}<6`$7SNADr?%y*qJ#E^p9QgALyqo%s-6+g7b!8r*~_@cws<8cB=SQ+u*yFklf{wMZpvYgmESF2fgYd zAL~Qs=f$#72GHcIrpqw!hc8r_t&~}ZhCCn;cIYg7e8`bI2h^g0Cc`Y=}mo zP0~)x9U9ji#g>AzyVkLej0fe59BiykwDAv)i4sb{+ET)K}R0SaD6c&c{q| zT2DV-K*F-P)tqZQDhMaL`^-gaPw+am-N9%-atj?bs;u68w9<7YXaG`A{r3SEQv{YyWFz7Z!CUB41I)Ku2SVn%8a zcZ|5p+OOI#)qyYi+fY4x8$n8Or>HZ!3YxTaY^MLD`Bqr?OTyrJ#g$w&pZXGdOyKqS zYQ^fZs{8VA83UV0ZSf+|m=*w#?<`*3!JlNbu;dt$!OtAD}0SUD6rOkL9asYMM<- z^L^T6xU+-xgN*0|gGItoC4;MZ+U{-?MAp$v`OEs+XEmS`lB-~EXarWj^F=1an#pKc zeZ{=x!3`NhgdmGP&h(&UEw#3S<#6bSvETNA#pE1?LOn0`;=v`Y^XQovIk`~*A}c?m+v?L1#u}LItppHnSDS`KvU*m_j?^D_ zsUJ&m;%z=?`E}cVc*M{DxQA5NfG%Aa?Z;r#8Dk*B*cr#U9_7)Ci*5v0F zQ7ykRubO_en% z6IJYGt$#EQ?7LK6she3CGAz-Dh98DqGRRm{25wn}awHQS8NG+A$HvJP#+j-VG z)i6ET#AE!Eb4B^`V{$^ehOoQ^3v*0=6YU%#T?rdsbQzQv*KA#%t{fl zLeL=dyS97Q+_er^^*3#(Pr6>{uQ#M?gK!%rA#WG?d&_RZ*iNws@HalW28 z9EgF*romvG?3DeDHMF9`p+%qYq;OH2w|={|qgvtHZB%%_%eUHhLY!5Ug&Pl?(<*{X zyZMzM%3A?E6H3+NqW+5wX^ua|;EZCu`IoRTJDAJurVQE5)+!#Yho|iRzMCZC_!3Sj zT$Q#Y$G^4S1g|lv1N#`nOnnkP*1P6*SkmkJ>k>l43L^%x8)LETNUfuEzj!{}g6o&R zr8@I;2!1P5VmpYYtZia8T*nF9pYCaazSZP9LuKK%4|@xH7qspa`O7Kl#=9wJb#g5Q zYm(KncWL!6wRQ3(g|?aFz3}KjE!m%Wqz)pB7POT8%sUq!^j>Tp>{5=S{COSAGyOA{ z;G14{4fXuq!G9XKr1&@bB;>E~+pnMYE-G!0Wvgwd|49q?l3!oiuRj?xLqQ|f$i(?! zR;dbU0&vU=uhNg-g3&k=WA*!-%h5k zjrA(HTgQIMF$`spFp8iuuUrvhrly>mUnjmhPjb64Rm+`9{l(&Z3JPJ{%intyv!%Gn zVh({li~DqZp8iz;&hEg4I;!WooTv>X0uPVdXq zPOvtS^~=f3eRKjW8(O2I!7c~e!aIpSv`p*B>qk<$zBPs+7Ym>@Tt^t}sqC6u%I9E> z%6VQM7%c1KY4iR>8Spxij3=X0B2%-Tuhvqwq|3>OoZLTDZZ7XlWZ&bo3gTJ{mw?t_ zU!DsJ3NitFf~=xq2)mTYv9o8oC*0CcQb-If%X7;a43T2c3&)+-yJNtnhBK*ZK$juB z#3)eM76D1;KuI>X;UD zeOA=k@L|=H{lg#6h4oT<>nb%s%-TyN0Q;tKclydz&) z5;OCm4U-qA<*XY4;PujsonKgx12p4uu&1QJAnIyDE|u1kp9LHbvSaodYb{TvWF{`1 zZ0^P^R>-s2Z{?XpWfLi#YI2kl5`=K`@T4?Ki$ZbU+5QuUOx95eY7dKHa1Sj_T}7Cf7m%P2Nk^ zWsp-x^3YtatKjmy>xpc{WHMH}qBH*10WLK$H3!f;&N)qVr0wtgy*KFG8(rhsd*X8A zxt3mMw?$`dwjCN%MD)KT(y7~)fLG18-`Zl9b8$(%rfD_D(~4ax(!8Er@2QedCVU+I zliN_1?L=0C>2Fr=@edO-GYl-<2Exw*$Z_J;Du?vYH-?e~6X&JL-m^Mlwh>Zm+%|y% z8w+mE*j}H5ygCj%@j$#86<5K#hFdR=Q^IzLyaZc_O^C3QzHc$WD%4eb<~SnarZUjs z(I2g-#Ve?OefNf9Pyj(*3;|Qcs+*c|IZmvI+)`hd$_EsyvO4P9?c#P;C^(4SGek7! zL^qMQdZTe9th;6x?avw+wxCzFW0f$G*07tc~zqgqYciVBY+Qy3%Dw%Fbsu{cKAIz|<5ypxl0%vtY> zGvO&U`Q@J%X=l5dyVdI@w&^h}U@?_dlwbpcePn15cd?U`VLk@8<7~WjI6QpkN6cx!?qg)XPfo3N9S-zanlLh?%x@q07$*D)!)IH*Ly z;|`9vOVJBic2#YKTLm#oO-So(CAn_H84c$aCpwt?JB4?bw_5G^+gnOfS0tTQ2~zk$ zd&j2dSmHM)A;MmMy;TDJpE+fm3pZH(rynx&!^FvWgDOc%5qKLT{ZgF=8vb?U*LRbp z#r1tiNmC4h*z)%TlMgbk$=0>o-;qk4Zfv465hZE-?v9tdbpwLIZogEfo5+-)5U4Sc zhX+JNL=21m`0-=oY^njmnQCXh3cD@e-WCNE9@=>FNhU`_l)#oJ<2o^Q<&#=TmDtJ% z1tpk{itAP&)p^6ayT%GmJ^Xo98&~t{R@4KLNB(b3>~>DaZ5@#N(R;#2+i^C#o4pgs zLf_Tj_elYZ3;Ak12HSC{Iw+(kP?!D9`pO2YV^zGr+lJ;x%30x@?`G<>Th1qs^v3tG z4jXhXrGEnV9T*FC4_W&GO8VYyl%3YtN^Q$G0|NA{U zobriPL1lu4t~MKWS2weN)h*BM?n>^KrkI39t>>;jPDH5B&Y{s#4k@Ro`Kae5b=tl1>yv5GNG;R6w) zfR%9H`2NQy{`docuYt%htJS0^0!OD+Hlv%K!DTc}IY(e{ts&Y|<(yq5szlvoT!wxK zWWL|fxJ)s!ZzS&O+M7h?y>%|+DmK_l>%5Ju56kT7-p9`1`?wM7k=j~7X8NpiFRdrA z@MMCfaw!ef%54JGHlcr{=t|b~)_EAzIgGn0iLe2Uj=LpZSUf*+!Y8$}h4NU@!-s9Z z_%hP0u$Qar4%m z?xnSEQYCTi9O4qV>%)@-lG82Z<{q9@4)H@DJG@tQ@E57|{zbJ&6s0`*@W|32nBg>A zI(;U!#1DL7s#JH6tvsfk{nNWDFxah)t-|TpISO(cpR6Mh#<*e|TZg0ZMW(po(uN%> z>}T2#sMgF6u*w5)11)GNIk0AHi^)xXlXg#eq~CBvuRi3OKS1U)a$MY{W$H#O?AV?ulzA}Xafc3>k-M;uOs1~ z$IH?_*}$qO4M#-i8$~3n4_}++yXlqjLUQmA+Ka4v^~{H0JT7y_noRPT_%Exw4RgFO zAo|$3mp)oA7Rbky7u0`id_j^U-Y-}V&`&G?j1vV4=3{E%+rAWmy}FEeE{Y$d1L+x= zoNM1MSUax93nNn_+0qmT_Qe}@G;U*(J`Q*FQQGN7^bFH^h82;+nRlgY)}S6J=hMe? zVUwwonhD;3l%$j`hTd8;>XT~J$sHx3SMXM0rs)UWMnU!OMW>ifU!`_>G;mpLA5SW1 zFXLcj8E8*F?yBRRJ)o4fUc)F8Gk(ZryM@1m*2J_}Rg zYAbIz@NCy8#%rlk)7Y;;tUOsemBm@jBbQzD8B6!{XZZMobLFwcKYzY6atkZcb#v>|C0`f(ru80fV!E=Pj}DVE*Jrb8 zpe%nYHyAb>**D2EDa0dZjQ)ewD{JEq$DJr!bh^HukIvGZ!?Ku!+SRjT&sOqg`QD@~ zIdP$PMJQ$U7D>!=24mqSH7+6oDuxBnh*}REw!?r={ zoFpzHf)=zJmIzLl_Y4b76*hVGdmU7Y#Je>i@Qghit4Pkz#w%^u0AB2GuE{VuA;AIw zc=cjY=xNA0`pC+f29E0#n8Juh?;;C&cDe%F0fIB$LTm`2#<~Xt(>no>i_yStX5JjI zYw_AmO%~*UB)1Jm$_==X(0D=di;~9!gCc0iLrfar>w6zmG!8`|YlnHbkE7@cO$K5iI=@p?m>ZgFxr`NbfWBc)BbF9HmykthooP7Ew2gx zmeyfN^oU_;9ZK;=>0Jd8i65Q&dE^f=sa@ZdyY!?wrDzw=PLKwl%# ziK3l0*YCLhQkOCJn7*mzH_J4m{eeD^e6)kyuAUa4RqI1Yd88wwYG#eNFew098XMsy2=q5TNofySQlj%p1F7jWc~MIPYq-HTquG2*=&n!*j;B0sk6n zR#(@3)C9LXOW^Kao4YaXmksgY@WuqR^-+-Ez{Eegj;3S|Fv8vpjyeh%rdmAQtG@Tq zIIP)2`Izs81*{Gz=F;=ClO$Fd-o6H#34VY_4a&^QLN*YDU@S$z@_1R;o^WaEO1YbF z`;nl?^o+ZuMp1X62PjJ3pW((!dlGziIt&*2XlQ z?B1;6m4=PBK{ELqs)`K+aQ8iT@VhqI7v`4~9BjiFp3P-W8x*0zEjtTlhP{z>eGwle z>=!89z7g&gN1|eaGP660on+3<7{kZY9sT^QQ}MMLQr++?6i*CLE?mLOot{JiJkq+M>$SFnT!9Mq{6cFrD|D>n6}oBtJdejInKv|X zwfS0x2m|fXQ)Ih?t@Re2?xomdzy4LO$or^h!CkNz=L^cM6t%zIW?uujGV=scJo7u^ zz|{HQ1`QrDIEVE%^b7sYPg!H&ndU*5JI4}`(l0SV>nHE~gd%%Rh+aoi*|;k^jjCyHkBFu3jTkraYfiN`p~D0*C8IE%HDddPUk91+ z2vlE5tEk_pl)${O%CfGQqAa=8GSaU==E*_PJ}+pcA3qvx1(u|E+#53PqTgCp+!$+y zs&6cFQh(tZKe^X;hW+IdjD>MaXzaOzU8*jz@xs#4AJX{Bu;)~;nf^w%0!Q7wmS_cr zC4~r$L@(YLGwQnO)apwr24HxeakK9gs1%GwM)}x6{o+E8sr#?Ma36*y{b>8tIx0Y^ zwefX9FciCY0FTZCYlx}Zx>I;C&~>qLM6d+KDm!^vA2lI2;#S^mRGN|{Dt)*=ZeTFD zZa2E`1yaPK%m+3McuDR((U)OwyasEX?AniB9TuGJ!T0xhSb%p(Rp&QW7exgzH=rBU zEDl*u9FIz!*EErUU99^kyEjANH#?Qn6bNxhy9+0tI$l&WhRh6kERY;M*s&Gq2)|*n zH~g1O&8W?ym~+<|@N~`078P7H&o)pJRLS7LAd9C#u@|}@3a-@-|4O??HVFOcNUitynr!htN+yI-?Q%8(@LEwBg z6KkqXxFud1=F9J6t&>eDthah?%{ph}V>?eufSEzB6OD^TC8Xr;D2*x_44hvMrF6be zWVYf)sj{Sc=y-W?(b-1yzL4Uv0cxP}2{3iq+D)5$3FHSy5X}RN6$w#+o`(S&$-kPs)Gn?we7!CtEQH|zQzT&K+x2Q zcV6#w-gCAMGZS5(qs$awMao>d;9F>uaiwJNc@1K>SM>Am*T)kE*&U+> z-n9956(ic(+E8*1JPdB%v9yE`iCyvh&$5*g9;oN^M7!lj87pYN?R`_JAmh5`L=X6o zOBi#DFj^3I%}c{~$d0T5{=vq#Pydp&z)W&n)KbDNcqeP8%jG_@FD}$ea;dP&9AN=Y z1E@5`3%EnYOS|LK#9v)fd*y84KRTORhpM)2!eG(wMzRuxeSE&n$6BT6s4pW{Pt2ai zms7x=E|1wdcSqArwf3Ugk&W=9@uK$d6W4?77gc=Eyw4VH9nBA_M%KShcR$@Ri;_U=q>`!dJ2>tc0z7cVN-<(x`_o^qFjs>7??&0i_<8iikzDs(C zLoeMD#HhjNin^d9j9-EPQ!K`&Z?K?-;uh|b5}F=cp+~bPB0mo@Se98&l}luI$J2K% zD#vw|Yg|JJ1X6IkI47Hc@ja<^b>rH;txy_@YL5;`wSh)7-@R!j=k1WyyFt>N30 zEjwDBu8r`>P`rK%&{3@g8BUWmJ^M>}O~oCz7yqPtR^h_F22;iJLKY@O#2Jn@wDF$D zi`ofdB3j8V!EXf%FN@Ss&OX>rD@y8^ejswPR-5lCl>zbfYXdy@zKi zSxX%ia!|BGkF8r&-s2-(4g4&soRXZ8(;{Z@sVw2^)#6;=2Noms2^98UFRA6nE=gvE zMUEInaMp^@(?3yDS5p$nbJVx;_%4E+jT)>9EkG$kt3yg3-d9M{r5iB{-B(Nh<~0o~ z1(Xn`J+_BOwoRul7NAR5OJ*fA$3r=><>$}DD6E)3fTL6U zCDh0XZ3!lb>kpFq4{YDZzw+0iH@~Mdips(%tf=klHg&2jv&|-cEe{glo zRR6^v4E7uW9ym}K&62Rjd;4+SoSx<$Vaq|dTmInuPVcB&t^2sogt}NaO0)gst^a~T zMy`^B;RZ=%%afC6j~lPHl(a1qL0_MOgIekQ{G#jeXQ5roTi+}NBF6WVmtgX%l?Lo9L-%_GmEC`Jn69wZ zOx(AiJ{=IXO`uS>>)3?3L_`rQGnX2MN9;7@KdXxcdrE3Kzq6)gsa&jqDEZI%T!-)}7W zGjR#2oGPd}KC%h9RGzNdy@IvhRtSspt?UKc&>0Iy^Q)?(8v{q_%vB-^Dwcf=+M8ar z!3jy^&Hk#I7?hDlkK$6@1$WBJc2gn>|*w(ZV7LTOTUUE#@uS@S0~~4 z;b3S-cE74E2AQG|VauiN`f<^n!`nT%rPIYrN2pByn4BnaPc07xusLNX9-6{}r>l7c$;GMX*%Ij$ZxfV_5mNx0 zq&l6GHm%rG|E9Chm*hVgLNztD1JV{vq_PZTrTsZCN#VYJbzSA58gS+gz0byFpp6re zckkXQ%xPCJjvsl9#{tF=q81M3aa>$!?2=P9L6PTYcJtbDlQA}{cpEqFBfL};pmj&X zZ^9OLDjX4Y;^Bhq+T~nppa+z<^OwXr;9p3{6E1H8)W6C|;1{qy7eZ7}m6bQB{$UC= z$?A=WiLsfA!qHcGbml6!U#<=@($Y3>`ji659R?_jhnFN^+!1y7fH(9ig0~V*q!TCK zhfBv!5VFarA%T2q31uqB$6D7b@1--WV>-2 z535}UIc1eH#^L7~wfpm*zlT-Sh^!6g-<4SZZ?yr^w01c5Hz;sk4J+-1>k(cZN#X2H zN62Hsz+ve`dGZ!bZO&Ex=U|R*H;ZirXhA^vs25%?pFExDH_~xi@o4z{D>#9;E(AFE zu%{f|+CSy%ly_1E3peUVHr1Bu`5jH*DTXO`CkiG&b)lhi@~CwGwUAlmq6f8VIE)_# z!MxKYRvQ>ae3JE=`^`Sl(Zf5JdcQu$f~{+vESBtcIB#T0q{vdn&CB)NO>0MO`g_Ue z?0Ia;0V;!X%VBviYwiL^oF(*>tt;9>TwCTv98-0z8``w)y&)#S`8i>(*L?Mw?u4=J zP<+x-!4i`E(dvLw>P&ggqz4KK#ja^3F11&kB-S(U3l}tcNdZqwwGpfQhx&i=m?xTW zj>q~q@%Sc=M@n|=jGRSR<8-bcfh^fq~r8RY* zy*?nh1QVA!x<25}+@M&?gdFVs3cm$oNy%;Fs@Vfw$6>~^U)wVi3aSH5MlqsSaQ^sD--c=M;E_ow=+-Zp%8tM3gR3XO%JGc1 z@O7;)3)qF~qSyu6V^`*!ED60thd-)@Fbtu)55tAyM&|W{x(0O8yB`%Gcl_Bz)=cCr`<` z=mS5K6Ltko1*)b<$$o+X&$v$g-Mm6-)MQV3F(lpgvX!^o3I_X1Jt>5+yU3iK$iv>0 zuAv$$h21T5NSzG?YVr-N1i$FnYz=UPzJ98`KLT_%VDum8 z$?OCHzIBg)2;pf@xfml4yfaqAVCUg$hmDu5H>Qg#8E6B8x$^ zw6zbDh29&#m3?&Jn49P4NNhCz(k|A^1h78+T<&dpz&&{paz=UB{i{8b83FZ;#JUPEHyQZeBBi`o}O?`3=|z{m7B;fOZK3_zn$AU=l3=wDj3& zXlmj8erm1Xl4r@ON04B5lAd03QaKwc5Je7a#aqowtjSrgoc#eLkd>Bx$Hi3!LwjWJ ze&J*&>hMz-oHB_(NN;-YOJfyZg4%fVxZd<5mHFm%Opx>uve87wa0W6=I>7*) zMvXpyF_Eo>O7egAA`lD9Tt1W;0;;dx-d@8fX4~F>HInbrmJVm;K8rtbG_}QsKYwTL zfygX>(djss|J)#5RrGc9@W!|te)rUhBYO!e!h#;}%fU>6izzqF%&RZ&rw6v9;vyL4 zi_b?>Pe_|un-IhD?HoHpNTV z2HVA$fuT_VlyQarOZfhRSmwS&HN1+A{&k z)SJdp;Z=z?Z-R}PHOZdO&Q>K+^t4STg9u(r_U_$`#3RxT9?*Z3WA%bGs=RlvwZqtAOwrmU}Y0T?*nv{fJxY ztsio__rlFWG39tT5p((c5#&ezv3=eYjTF+ptF zWZA-4rAYS^h6)M5aKa+8|H;99V*87xK*rz_!*yrxf-bmgmrPt6ONw#kW%;y9&`45X z;Cp2P4Zntti_ErA-Zi|`UKVz9sP<;~T>LGE>(8aAQ_7Y{lj{o#ZWNJip=mR;p9ok_ ziav43E9B3K%fxLWw(U>u%E|TP@M$JJ8F4Gq-Ob-v`2TG<*pivnnw@wypA+z{f-;Z^ z&BS1}`gEBJ$C?Zjyu6fNZIO?ti@K*4=Z6G$k#ElC$AnQRCw=dDf)9SEcJT0jKEbx+ z+d02~$RtHuVV`Z71eYd z8o~rEqZ=SCBGhW=-kiZ1wioCK>4Y{2o_PiFEq3HH5uVfoXwMe={Q z-t0Xqf%ikCQZfbrP=9X-NWEz~Ynf--tpJU$ED&+C9WV5pME2VZ-sKI$RL+5Ow|MYv zMZ6(47FThRO?>ZKr2d}={ODcY<(!C%^aO5{qU_`#)4UaKZon-R%slqWvGq7SPlD`}ZRn z|9_7DKOY?Yzy2>C{eM0<@_&3X|MRu~&qx2C503or$1dsR8xdjJy~q0QKa(%PZSCy_ zozU>{Dk>m=1*8GC$E0K*yH=)=mNQPe>L^3DQ&m;fqlDS{6q61fr4h?M-@aX`t*_^6 zo}M2+jG-|sTFnAu46Qm9}o&N9s=A6`v- zR;@55w6wfzFdHtAWjL!*Ti+N2M~!eux>FzA2FcH|V5UhY$FdFreOMI^F9ZI(Iqt_GxhM$OL5m*Xzg(_Xa%_5N=%R+IF05$t9mni2IILM;V4tYet zz<`#loP5v&apL2w?Cja#rP}7^kj1}c0jD`td;HtlVfNYTK#oeI5pdi*;^XE+Zj$jm(!RV2P7p97NczFe-X&2T(KTiE} zvxHH8@F48p9J||sm19orH)W9sLGvv9uS^5EPxqs@(i?*kR;O4fC2p6T{JwWjFgpH` z_l>2yt=M4*>&yQL=fo$ z=DM+>2BEWhVrN5m4vU{x)~z(Z2u>L_UV=jx!G4F=9@ktb)~-Hv_vJjMXp?b(n#9=H zxTuUKar#G@E(Rmj>Pg!^+H#8`sAwK9!(BL`XFs!89kn6!L(6rfYg9v*bKX|c(C~MV zyv75QsN~T?q-^tSs?q8cx1CBfcWzUsRqA+2KHi6r*8CAW?KHok9X4(=^g7s4_hlkm zn>@~ZIHca3bb>GrCJgvl7MwV4x3FWpW!#qOuXvgB?%eY9DU1mngXAidB=tq}C2TY+ z(`+(KSWi)y^~;M4IjNU8sBxGv)^SZG1$IB{n)xK6F)Q+o31`(R_-h&-X2FtN6{vTCE7U)oY!kF&^kZW%Xk z|D3Az>h~SPqSEN`P1`9sP0I=Fh|uUp-$qF|!8h1st=)#OsXRw``|H%A`(6Y!W{qV> zL`AhA(KTl;o@^eU%^wP`=V7`+ZbPj<*04KL!{Wo+U%F`AJ~WVCdb}^#i^Fvto%Uyyt;zHP$|waTbt)} ze`JCB5Ev>5jrBY;0P8Trs$iWBWObWTqNbV&r+;8r*x$5pxfnz^LEzv~=UWjXH;io- z2vM9gHTjVq{}bv3uIh8xZ%_*nmgYn(>j5xra6ETS@6F02Hu(1Ke|Ac9f5)<9f~_(K zcm(jKeyTA{ zYW`iI6^p?Nl-HzV+^XuNOz68GYP!zs00;TA%7xUJrk73?kC!eHhIeZKS5E*tincUu z5&T;CSA)up)h2@Apndav=)BzS^@oAin^x>Tvr+MrNE*a?DPA*HAlrUT7!I)AoaccI z-5>TVp*dvzuY5^zdw~27LDwVwksKI)kL8d@2Z9-29n?Z2hmxFUUzU@!fd`=dOr}hu z^~Jtk%huwz0}#d(aN@%`T+y$#UM4*o{&|oA_8c}Jkxi4qg{680Z87KKNc%DMEHFvN zk4=4L?VM~th(AJ#`VTws4kp^<tZQ6$2c=@U7XVu+J3WTBI z^6h=*c~)-0PTiqwcc*Bk4=>jwG=5I=!dQ>vA6Yh(I=Wxt6r;?vMeL3-bm`=KAi*WW zXp>M?-OamQusDn}a?7_4`e|zkBXz6rA z7@xc@$nkQ=)`zl$cjZgD|@{HEYAHD~Yo;~)BiP2ryahw;PEOCSQe_G3C^z`S3 zWS3)TIlH_SqU#*St_%b0Z7Zso5UmVAXWYE#uZQyD=K3v45}CmcVyn~wPrS4&(!SM; zYvQ;oE6ZN+cdh^E&c^hE?6T7C>GYz!Cv_vWhZO!I@xR6*EI3|poF5lhIy#5ndnbcAvjlq{m)jqqO6jdiK$|B0{vAr{{{>N1norCs4$E9+->_PiX!s zL5<_FqhQduYP4pSEq3iCw!(#E`xsQ)>I)F3{?T%56d1#=mWVCYR31{eWkewSv9>s7 zJJW+ad{IFhKRwfz+rD+hP^f=({JsCm_!kM0?IKc_Iw|@%y&UH)2pC7Xt*5?&y?brP z>lo)Hk7Tmkq4o_P@G?neQ#-ANUF|HIE*8R${iDVE+_!gpXLFA0EZ-Qta@uB7=(Wm@ z(Rq^(1FRrFJdg*@Xle+AztfPl@oHC91u4v@cY?wA19GXIXulWAmhlIB|sfx|;vmc_!!e^X>23pApvQOF3W7w8}JI zQ}rp)Q2X+u>80xCE0ZdBO8GLy#u$n8Cs4~8Y9nl59TqkD5$4byPfCB4&tCR>WBM4H zvSgP!4+e=xp8`0f>`zUki^bfld%P^_*5wH|j3dW<0?ZZKr%<~bI>+e!YTw*4i^c{jV z#?QBBcL;~q7@vK0{oUKzTDBOyrpwb`+(;>IlzZB$3O{mJ$c!`Mq69onY{*l}vZoam z<)D#ZI(|$8ztSd`2$sZ4(9~52C9y@*mvn8-8(y+6)z!nYIN4_hz z#puhPRohOsWX9JD8n>y0iwuW+#l2rM?4!n6zI^%8P}dR`&2@<+IUfA&xw3h2J`QaH zDTetU;}XX{_#&j#}VMwnSBD!)fg{L!(^$9c5SNPAL=WwWO7H(>4y1t!C!5|#E{m1l&oS|VYJ6(i;DYwMV!fVlu z36`;fvd(0gqeqV>ttbjF6=BDl47Jngkh-SYm)@-+`ar+)0w|}PF1j0;q@$i^7S@|? zoc&orx0!HvlUuteln_3#vUuHWfSJj8!PTCE!6VhcVb}f8F`97auWb$q*br_**jD@T z<58R;LO274)l>&r`#c6SKdBa!V2tUX5j|2v@6>Y^*joIB0~cbC`>ESkavrC0Ua&$J;e|oYF?PnQsS)INvO~oHKZfbi7IA1>L1N>~wSWrp+J1N#CyVZf3mr zt~zd`rsgEe$ou)Sd`%L}5eAKJ@s(esyryIK11yJ%--gj__L-&y4YO@q)M?SZsL8S+QrIT7w^5JYOFG$_EY@`6?{WL5Jy&V1eo!gTJ18i~wLFbJVnx_Vb4hMO)!?9sUfCI$NfRrjH+T2~Uyhw#YJB zO}T($7fYK8^n^SiXky|lQd`G;T)~t{W%{_FJ(=yMd%p}upEbTL z^Al5_{TMgnv+tq&t{+5&y4CN#0b{StiAz+KQ z>NqbgFj6zjIyFZ-NS5i&HaoO$U6WyA`5Ptv$CooLQ1_BTpy1G}LBxVk4f6G(fW}2v;>=BCS>d8DeC+^(<~01 zD6D2PzbTuVaUzmd3%+3H96K;TEwtE{$_RSv#2nXn?U5D&p?r7e0qi0?z~%*KH;WhD zWm82Igf~q8ydl4ozWiyDkjpbih>I_=3CtgQb8Eb=!=C@6pcZr)9->nb-&y}V`dfza zx?qe_pTb!_TTlG^H&)YDVnX5ub^l-wXl}1|>$YVhYCL>L8~XvFNwoQ@`Z=w0WAQaX z;;P`J3E3c+bOYYITVb$ zgRihQj{sZ|nHSPN!@VLp55rhFVvx1ub51qq???woEKRWZ`$x_c``GeUJNSEFQ?% zZsTp7be)gb*23w#szZisuO`(tM~TQFjIVx?czApBE?Xgl+5FF1<6T{xNJ(O1Vr>*8 zX$p~RR#UPi7lgalXb7rC6Iy>z)1U!nC0!=eLXj7k> zA1-oL_eN})mfdWw)$TT-9%XLwRU>WR#o*S2>?h*L8aF%mdUpwBWHYKh)0PDlo-K?m zWieZen-`Z$CKGEMKOw_%K$(q7Cn={&sFmC&N{LDLRqEXVP!9GSN@a!n$e1*uiuyg(3rAm>$`2@F1hjQ1#|~iP01;ihK4Qy(KRs znJy%}3x7V!<8T#+wt-Ec3?hqKtI$Pup04436URsVWEiiRyL{wfeEylabVN(# z;5WYj1xQOttIIrFjMIf-r{&y%kq)_hk?n3d9@>i@5!8)=q0`;7_EYylAQg(Y7|Q8A zH@!OMqmf?qgIM~fhlU|_8;binD9v`wrVf=n{R;)4p7iq=q~Z_&Vw^O>&D%}=mU7^V z^`S%Eq4H@7dB)+U)l5#+G)RLr8?jR-{47gW&-CV*e;q9H)oJ~RQ< z70ITU%>)*E{z=#2O{?>PO=pu%#@am+Ck!l`dA#@jzJqJCR2W|r*Hq$jLI{KTRx7R5 zq4q*H|AcxEbjfvu_V<;ojJ!R}wUSl*Cj@}CvKHwhCp6fcfZws&A&y5pd9+?Vx*kR?g&V*#+yuCa6sA3^{BvY$O`Q zsu{2|2k&zJ6zINC;Wk;fvQQBVmFG=J^?N#^FdNw|wU@aCN)qDrnu zdigYgJDdNqOUv(Q>y(+I+oWG~0H3~c>oB6rO-oD5t2ZKJ1wcn_i^#F0)2$d=Q1>*p zf`y)6zcjPE*ApptAY4N>vdkNiD<&j?AM8j&T6-iHmUkjize)|uven=LoAIbNq#R@a zrC}8#h_Cv;VsCzK7-g^qm&bz=pzTtf8)mT~r=mN6Y^$HZ(nUo6 zIiScPd_j(q_Tj^amq?E2pe^;rFKQjDE@IZR^nO^;ikpRwjE#jw2-$)d!-9RP-?A*I z6t@ZTkSOQdaH(!6JP7t}G`bG0J!TGL@G)Ew6U->MuN*>;kNAyGg|H_!CZD60_06X~ry=ipC7WEt!Dtda;e2nBn zpjv7_@=%0;AS|r48{P2+mBfV|yq{506&Lp(aitR=Ljr?#qNYxl-y?n2+S+Q!Ai1zm zYI4C>?f134Ba^Y^zpQx9$^2?!y!FHdcDilM+DN*@Zs7S_ho|3k!E38IN|q7i*wFfn z3hWdM{;_1aI!oymL=kK?4SdDGAe#>6AQ^+}?BNWXUsBA|)Y7mN_{{G^w-&It$MN1{ zNDFDGBbE*08t3I8uMy>_Yn$waa8n=tRSzSnIdnbg0Maj(Ym(S?(wt)Y(SM{bvo+5( z?<7CTk#qT8v9b~o_auBa@CoqIB-wZnhEsPMr<69MR)k#3m(t{{lXJ9_a7~hV^RUP- z(}-C=ul(M9nUn6c<~;X1&LrM&|NM(;hFgg+IK%cMVm$uS zG5R*mEGhE~C!6J5uUHZ?@sCGNYxq2m$zC7kLn$`*T4>2>fVBFm>F&)II8rs_Zp6TVA!BdX~ z@Ls;5p_hRn^9O&(J^Xot-XcR&@eyi=1Q1PTWP5)4Ifsd-c{v*|Nhu_4q?kqcxk4p$ zoi~VVc;c95L9&^9Yavo4{|N2NhX8V7k27)Vxhk|V5#PAg4Gm+q$2cmXom!u`G@1p* z`s%;0h)r|a4X4M-g`@!)FC6TS^KQE3N@6( ze&=8FgxHvN*SY&K$;Mac7XqFRZ!k}27-HRdwkW48K)yqmZBK7*Wj8k{%}*~a zzlkyE$@p!x+Sy%GNhx*(HcU@_ef`i`jLTB%SHHQ^X$9YEZJR7fs#8@V=-wgK18TBH_at&^=U_D*+@p6|FW(Njfi1|8BN|Gt zt9^lS0BC#;vx%}3VrTFD#r!A1*TeQQwxoSJ~Pa5 zVelUXk%S9XKtKRjv)HC*@k-lA-jybi(Yc~|KX>;dMWWIzdhW9+u@2xfKDH0Xh|u+S!dw{IYkCP)KY!Hbc56Y+VV0>0TCGUPDtYUK zg6E7)xa=>7X2AazeF$%0R8gg8=};c7h!%(2m^A9)I>OJ8=vdz< z7={TIdH(%>7k$L*HkbIygljDBGb@`obf^G!oio@zD1Xr88g@^!)eMQw9^zRAt+Na)ezSLA28M57EusxRY;c&+L zp_j<}k+IRb`t)MGF?sHfo-4;ae0=hSRDzbG@84MKc{bYFtrL>#J(IQvNRC`J*6 zc!vPHQwuN8NbYE^$zWgF>CQZJ5#!#Jpsls(^t^*Te6Sxv_UMa79lZTBL+N*(XNCMH zkGV;L7drV9BSV8a&h%mv>6PF|4$??rRX6DBI;U7W0^kPvw0c)2S}V79s-2ckxSC-W zmSzhwKbI&$?y9LI?7&jfEHS)UatyPtRXTD3;#lwit~<)=_gfkOoyA#UxKxg&Vo zoVu)>oB&A!u7*YP6 z3*f*zmJ>H@8_rH5-RUu0>_y-LuM6XOD0{P5TZ1vI`(Yr(UB`J7xVl=S7#v5l=;pV9 zSMBn)$J}nhx3o39O{kqTihL?Pq^k0+$wQv1sIC)cw!>h8y=cQaYBy`sU3*gI9Q&>L zf>k}bR|Ujz!M`UKekh{dP&;$ZC2En+p3;ff9DlRVE7 z{mx+ENf2mX?$*KuUD3(v@ht5UVm|3)t>ONj(c!K|!Eb4( zxsWKX)B@Nk?m9VfMcjJSW}n%eN_aq}Ik^HJJS$mO9%qy{oH&LNaE*@C&b2bYTTDFG z0#u?wo{>hl`e8ZE{;Iv? zp&<}<9aNakb@P!)YP$!rZhSFMZrmET<-s=UC8!eu(xE>{+mkLh0~>(IeotYaF-^mFS=_v;0rfG|sJDs3yNnsEJDJv#r}$=X z!(v7K9lI?CQIf$qrm_$Q!l0(OwIGl{jO8$~8{r~$X)80m^#j9|Ox8MPQBB7d-tH%* zvd%>4Cgj!6=txzT5#M_8=A85TZ&(jOLk){Fu&-Q_5AQj(`#4kYEsRXBuw=lgGyu)U z2I)q~?#?ojG4hk%(*HE4T1^!>wHY}^u7C6%LAfO@7J9zo_v7->P z7Whgs`(f6`NLW&gKfPta!@1qEU9{6=@WYc_RQ@4K)W!e#z-jKW`%NoTN!WHqAA965 zuo*e`!$g0KZ6$%g9WY0`8u;2S!)}%L4Fk8=?B8AZ8N4?A<%Jb|srHx2j-k{qPLYJl`YVRC|_u7`1(X(4=kBnRJsr0!a zwWsXbu|b6aFjx6LGc>ux!$izbgZ#O{#x~uYG%a9n8cE*nFL&pq#cHNndBGuOwkT`= zOnjpGM^~85wpzinisBM1Pj|C{f``}5dY;H_O+&^I zBC)%E>+^#cL-b`mhIvdm&s&wi6T{2{fu7CVP@foLB~dyD;{G9H=9x5+d4BA#(v3b- z-d8nLMTg@4fbJ{!Bbm+>$ZB(0cd|ilrEh3>j}7#vH(9S=Z)zA#QLa%r9Hq8hIGrXa zXx{)bHi#Eu2?-bFq}+C=8-9AxMMUV4{@9O99KV2h_eFDcm>5?3o<;iJ{190$*OAl6 zHZkd&ZkY~u>8n_-#dJ`{g+C;saL&Ps@Aui2$d~nsP#^waUFXHO>IWok{1AVCC3ZGv zdO-kbhW8)Xs4r+O(G;Gx!m)eME@EU}&gA4-T_@sOEvw1Iv3E{EPg$3rlBKdxNJ#B$ zTD~KSs=ZrSc(I(n3MxL%SpiHeM<}zclv^Y50gNUw=)dmPa~ZVX@N5*N`941oj8C_l z={e6L?R+sQ$`&acbW_ZRX0b3q_ynfAhlAILp&4ZaBwV>d2Lsj^gzth@MjuF!-c!3G z z?EZ?~yDXUk?x`eZ43{ylPzwy`aQGhH`E@i;)6x&w*_J_}MOyxeQ*f4<5D#ijf%0#H zo1zoHUMDI<3B$wx4AYC2;GL;Vo%=?kW9?_wmm`ZVV>txFob#wFvIn%SP%V}h_gqGs zhrkP&5(L?)$7y*Vufb&HA!L_yvNiraJS%io9V&_h#NQ*YY8MR;Ld1~(bBc<)GTRKu zck&=%C5;Dq6P@%>IpVoUTv}AsvEXp4k7XkH2Zj~Ev3p+UC`i7c==Pt!=!HB<{0c6|$(a{!iTb94dT~YoI zWl7O9BnoCXH8*Dq?cS4<6C`kAiuYHk(>hShjT6%|->wiBDo+LpYtTG;_UDadfZ;C;6R?~E^fT#!KNz{2y(f|9gT`6hU zeK(yR0$EEf8I#lH{glThUeH=}CZm$WJfRzeR|cz7kE{k3tNTwKEPCc6rU0Y$MxY$e zV%_O3y+ziWE>9mOZXS+4EPZLc`5p`GPP{Un-K__?j5--%Fu&G;lDGQdTVVx*YwI*E z%UGg>?V$Q*Xbin}i$Z*aDq^_|9jM$i)h+|-05ftoZAcJ~pM4SMv{74~mtb}7Wz|W; z!V8!q1|Sa#Wa#H)b7ue;%)8b_aOVP?KrtQ^Omd743pa^SwvY6VM+eYb6t^N4H*N9& z+L-Lg3}_^FLoSUH^>87aX5>;ogm9a65Zp#Kf%|3M87J4mdAOH0>5K&oq%VS1JyE364Y9gTEJ3PIFWz{FFIKs6M6xFM0z z%6et^ks6}Qm0r4(b&-{|S7~>uH#_7aTT-ZfFA1}XF@qW{OJ;j}TR}35(;h_OLO0o| zrgM!Y<2}^pqALrPO3;AFV`1Y)hoI>?8{HnwTo1NQKiJsWYwFKO9e5~qs1c1Oz0aJz@uxm&xF=E(=q2m zE{X}t&ipVQ5{7IV!d*pU&1O2khWuwgjP2_$H264x443d)4BVhacK*nrxD9009>EdJ zdAl-tWy@=tD3UDwRE-)%?qFZ%Z(4%b?%{OOYYpQ{HEy!q_ z98Wgu5gVBPXsF?rF5?r-DtD$|X;K`Ry*XRGC zm6+kUI%kfRe7JwwS!fCB2e_i(>1(I;-$$S?$7j$jocr3fhZ?zS^C#kmoTs^^os}#yiEtwy$i;9{=W< zUsTZ&e88#Q%c{+Ttv2H~&plHKvMVS1+W2@I8oz9fg1T`8ZoNkZw`Rt~T*&RZ(*BNlW2Dp`KMsww z-I(P4Jx-pNFk@>r%nbv$eh;1M;nY}%Qyq~7Jb(`pn%O>9ChxQCd()E+%!CcarmLoY z@T$^*4YC+SlS?DY4`iWPh3k%d92++bW&%{dK)bE2%?vRnzQD?0IxFtbXkQsdBy_;# z*Ic&OlK~9abBs+bPLa=$??s3=k%VE#2Xh76wnCec*pV=!m>_T$>*FdPN=!<6^!(x) ze3zqXBJb-`^9L_AM&xHCelbQ%V!oKw62cG*9*@t(PG2{i_D{u#QPff~97)VQ3MWy@*D0X7{x5UAiFO$6iBEY^n>g^QPj zh=Ixw&Nup$I&K4Pw6t}sQXgnHt8Q((@MN#LTci@x-B_435SPB|a%>bPK3}~#nH37L zBOxiVmewc|N}u6<{FnKnlZZv+aaz&G=-Qe`7F=l;Ndq6*!?{XvMdVMIa4W4Sm({D( zp%07DPf!QBm1o(12>{~~aJ}f~N>qbLV>>rs4BJy7(1k~`JMgLXe^8RDz4^v1y=TwN z$$#wwjR$jcI#fWcCNl~ZTnHk=i1Wl;;J7HpRnowcX*0AMVNv*yLU^4SyR2B=8T<4W z_R(E4tw@k~KFUJ7>JzP3q;rTwA{v+EEEguce-2Sc`PXYIDfw@0ckA*#DaU9Ym_dg; zfNypxXqaT)9jCq0D?Zc&Cf zqB~u~WxgktsHmS7)UNh(`0+%w`JucVMc{uU?JRV&2O@Y%x9S=~PGI835@~b;BL~jm zH|HG9WaFOs2=z6D4I;UwYP2tYzg_AGcu<$|v=S6m6q$|~$Dey};=!OqxsbXOf?7P- z@diIi@pCsZ^v*%PzRb0*m3%I^#QJ_oVUMIW(^ zFZ^abir}m8q|OBgt(Sm~$6j+-QL`F7eJf$yRcy2ox+Ea0@8xnqU`n!@zyHU>nKE8< z2Eh{B>+wW-Ey#Gnh70a|9D_l4J`wgGUE73FggLW1#utKL1F?T&Aoxt-!uO9CIXLQ& zv3qpZwXC)$Fj5cVrM*S~=7-0?({l>u-PrZyO3_U)-dND16|wc?B3bk7Itwo=WuPfa zWE8|uz7Jy%3+~FYopk_stg3p!3s`4P7#(He?nI@kTfojmbF|sN+6nK-AtQM8NbEh{qH1LP?(@^Ro zln~kYpSP5cK_M3Pax8329ODoa)rYUNquLBqR`6?Pt z24z7SNPJOsSBOx&JaZ=2sACO#)Q?^F5om$_H ziIYqfPFwn-GV5=o2K%W(&>R%f2I~t?(Xy(Z!R~kvs0xbi+>VG32bGCAxuQKx;T`$- zFb25T!2}dqf*u*ZslrQb#@ueiu^@;0Uz)1lf>$U==7$@-q?^lr9nd_gk_tIGR;$Gz zBd&z1aAyOV=8=_E2+rPE$z(lpy2AQCu+Ol(@5ReE{;t&Vjd9+PojWV6(j@#fW7$6{ zN_+OTisa>%CS%ylK^W8PpAzpn2#twYt=O+eRTuymROu7ju4z zYM+>x;5hbp^5sqCmyc*ANloZ<*@6XpwNJC*SKb6OQadqx#TzUCIa-nAwb+dsRP zmj1G1k@5Dm8@880b52^(SMFR~vC!B+0(5tU^D4t(|`^7Wo!m zyb>yzarB6&T}L(}%|L9P^BGd1Rewh6mGy*`$FbEHwWk(IB%k1`4~k`uY~wp@otPy8 z_D?1Vh65oqy63q2^DKf;VQPuPYL=#G1@CMihuzeH11gd)E<3+{)1=At#oO4>aBQyo zgf)ht9E_-(x&q|ra#GBOko4s0xRkStw4nLzyJw-cN6x zZs_UzVe*#dd`(TUNc68@*w3g6`6G++i*&xkP=0HJIy z#!Xdz*zJ9E!-tO_`KCAQZAklE%lCE`6?gA6MscT51l_a^=cbhv#5yh56HaK&ZgH5e zx1B%a7GQhVMn5NI=3&T?n$ba%H*79TFOvu@8{jqmNL6f3C+y_J$!JX7PsiJ~v1vnk z>nMv~XAVglie<_w-1DcD@m!!SSDmZj;wC@r7ID~nptZ&I?91d80rDrL6^*H7Hs|yW z5C-~{&|i!+1stSDEF6}4PiU#xI#%q{JEKcOj`MXbA{HSaw5e-v7Uh%==g-yr&_SV?>hI$bqZb%si#I6ZX#!;19{59jcaSPOMpsMuWU`HT2~jC9a2AM?d~;K?Hc zn|q|Ky@xQEPLRgIxn?@ccDJ5M>yD3%p~XV&Vs*?DU{GNX7~K!XVh+n*f>0#P0k}#L z2nrvxi_LQXSDx&DbL21%+mAl2Oku1kf|JSVhSUau>EDBZR|v}gOP&M?ZIG7z=xM7b z&CyF^5tg#(IM6fbiH?Zwp}JRr(mhWpzV6~g{BhZSjz}{CyloCp${;|S+B=WS7KmSY z^=qDZcz6fHs}GF#7Ot~E4G3IP_FiY~J4fPZ$VjUUWANAXLJbhRpNDM=fqe@-$|D~X z29i7>fb2Nor|LKjMn9ZJGsZT;0Csl&N*MP(I+Iu^bXC&I<}~=sYwFXBIe?AK-n$Uy zg1rm*0y=N%(Nf3xAZRsU0}{nw%VxFH7G0j0gKT?uBT!Z4L9Ji&t3FW&DRI~npF!Q# z%Z2_5Rq(o*rU_j$~U-^w-{S@7?x!3-~&LS-WSI1@R;y(yET#7TJ3)Z^ZY1VP?>7*e}j* zfO|a3FEobyGG4SGJ8 z%xBd#3r{Qc%c1ZI*0jt`tl$JLG64h?9v&W3ED@_ruv2#w3u>D-GG2Y`F6=7Ky z-t{qHO@8{G%E7X~iXjmZoIvP|Mbkq=P+kYJvcm|kG01k{W@k@Ow7ECAh;sJ*QdP4+ zp-Uayqx?gA_89i4OHT82$q58e&gC!GWRw5=SxZ0(YfQJR{q zRgux$m^0xnk6wxqOqpMM_v+GhE+Q_ZuD7V@4RTooDSyR&IB_!A~1BtO(>KD85-1w5~&7GVA>L&9J|uQZQl~p4~r-AWDvC z?G|%5$82|;fde%v(R5=1o0QSY;gGsvxl`s%`JpvO@I+6Gwp4?Ot*B4nS#j@n-m=SunH`f1^dpy+(cBwjEhsvA;K14* z`6x-%n~5tDT`%7qsplyRga)mfX=OWyA?*|v4tMyy;V)>~PlFqH#}IArL!u%fcl}aW zthM@fzDd!@7&hpz;-Hxv>_rmRMB~%A> z947DBLo?#Y6!aefNOTv-cZds*c&=Qzf1$F{i~=J{$5sU@VX9;XdgE@)?taXA3(Y2M zYC86Bzv<-GAp^ykmcymC$EZXve6LK_2HXQ%q~rav@~Al)wv6z_;{uTbNm(Qza+-p4OQ$N3J}&VvrM zVm$ISfe)aM7UoA{Nwr6^}ZHYw) zShv|T%4GS+5#aFnm{!U93hiuiN!CGA8jOOfm%STo*qogP7( zP1EXAj>gBu)8ccUa-0m5+EbIm#^?|2oV9?vM=-B}HoK12DB3t*1^KUGUB{K>-V`ES zwX{nW35j4Sp2fv}PbAf7#f%k4Y5Z)gP5OCVT^(Jk{QEfOROmE&ICn%Qmm5 z+jP8_|3u!@iD3KV4UM^e-yrH{moSXSu|`}0HeOvPQN(+5%-PMND{4p8T>SAhX64pR zw;c1zOZ80{0Q&u2E;R@a*aGdI5j;ZQA85;<%)g6X>i-p+EA0^`=eM8HxHkoNo!lAe zwv0D+QnJ4Tm{}viWRf<^g1W##p97hFH6m~Mz%MGzOM`qA@nJ}m+s%V!kQrxC{a+C6 zGFYm`t$Gsfng9A+E)vcZF0O%+JaPcoI%10($#EB9T70Y7w(`%x*Hdkin%NUX$TDgN zxGrJUq(Tn82YYk8{vt6z+=~+*V}FpLJ^%gL%JLU{gCsWC9uhPACu#(iPGz6N?%sHPSU=F49zZG>u^d1O^1_2a zsH3MNA}`%XW9s!RN&Wii8NcwWB4`N&gTR%4Kl489xk4kssE2_NAX>7CFHV#TKUGYF{#>qKYry?` zL(*T*&z}F{V}AHI!Xm_@3QnLjK>pc%V7W|Ow>DY0Idv=C_5z*^NO$%?ozd>t6Ii|h z)tL9f)_>PsQ)Xl6DBZ7qwX+eEkqYrX(1zC8{E62de)3fx`d3N z@xLv>8ihLC__jT>tvXM#tU4spRrzgypakGKc7BI@*XnW61+IH}z*{t>1bKEryI}c2 zT5q7j^SZ_n5LeVO$Mu`5%5Gtr>1tkK!~=6dyjC5_967zgzt_N_Tt`Ezw29QLkoNzh5~`Q)xBcMGjs8Y;$#i&%wKGDnbH>dL;HJoj#WA-S-oBBgf@ zy=uFODpgt;ZlMJ!fSjJ7`K(vNGSi=0 z`wyVplZlJ2VET(G4j!Mrb|79rH!64e8lfh9DD*d5m~b-C}cs#sYp@^(%TwBiB`D9ty{bN^pju!iyB&r5Io$4Xytdwc$VAu0cus9(mB zy2}_#Gu;>-734tDBDK4t%x}#LJEK~lp*SnO~+LWe{#>@6v?KYh6A>ksaZ ze|+b#g;FSMJMxxrR_@XJOs7UxZckH(3S+N}H!NQqEjbOTjlBo8du)5p9373}=0ZCQ z9Y}}B&xgs^q@)Tib(6yv&Asd*qQYtszK6Rpiyc7ecJZkGq=-(EV9bY~J@qj|sz^o9 zwSoGD^drv_u1#{-F!|_6I{GKp@<{uhB&&v#WEOneZlERZR)0a{Hf!0Xil9%_5|*)k zn|q&b>Pp&vf&31GxaTLHj3;q2e@ki(F>ervB@Va2@<&L#So5LU;SE|@{)C@lz{DW+ z>Q$!Fs|F{&BkEL<6mxO>4N6AtZ@I6M-hBker4Xnv6xUfMN6)|8*s}1o8=BO*cEv+s zNo2Ft%gwSgH%ilG5xbT<09Pm#B5_oB^#SaU>{X#PMhSzVT9$VeZd=H!JgFBiNFVr} z_9`B@pnQ@!vt?#x8-!v{?1vmtI$PN_ASI<qtZHPjHeqTMdg$Uhp7@=z#nZ#aK$ni{Rm4@J+qG7P-x~K%{1lKqaogFIibVc#M< zl_-!`m`(4Fe2fe^JRrS66uq!BGY>KpeGX|3s%>@Oi=QI7@a^}0PG02?EKaXHLP`8i zk-lany3_aM#7AjduG&FCUG#Qq>6RklENowBW-n*6oe`t^FvV4xxc;~KMh}x$5ehPIr@HjtNv$)Wao&eYwUQ`=oa@&8_(5 zg~}*DDlBdOj_0>H33E5pxX;I^?DVKOndZ0Xqr4kq6tt24Ck4hidEo_W?#qF_Y^5<6 zN{1>ISmXQxwi}M%i8Eb@KmKfUeLseddv4+h`qB{1=+R6f1c%peOHJ$zGV<#>1G#&Z ze;xKXfv^lptd)^dGhB6BYd=XIeCXEsOI{uw^*dA8x3PBpf+Xf_0r<1WxUq@=`EOv^ z1MkQUgK~>wQQMY%`>wOt+CARH@iAxMYCn5qiC9jkh>WgZSw0=b&fBTcC3`=U*o%W& zhu+X@w^qi)3co^b_Uxc(u)l~6lCO>LxKaPIux`M&CW@HU5yuZJ4O$^W9QR_8CFG+2 zdi353Rs?4`I2S9VtMvoj=ej3CbSM#+nw-x45w4@)lf@o2W%VX|{VY1W_Vj7gY@UL~ zp-x`b3Wl1!+FnC94YB>8fWmO|=o!@6^DwBvcnKuI1_tn?(PEF>GIWKG*WaY|H)(gW zi*RJN98Ba{vnUu8i$qOr3irBXtoBCr&GC+v*$2%nSdK}YJSpX>$E^_bd~h%|mqR4i z>olh|pcev@xOovRBCI{JWA>h-QICBX7wdRbEdFk!I($5{z*=?eraX=6TY-2LoUt?% zDYK8|x)my#%yKOjvPIfS&eCi|E4}RNH@2N5~i5_#18_`9*U?XQr$K+#{%W4+K4 z4vs&RuaS|(3cqmAy0f9hsr9Wimxy5nxR;3hq&IXSQ2{$$o zTfWIk>nFBTXv{p+-5IW=Xw?~3_UY4yIH513F`R05SvUGlo75-52D!XfaEU1Ucp3$5 zF(JjY#znJA*`M0GF6#K*Sei%@K$NVq?#o-LriuUkd3`KVhcB?0>6S-{cj~wHbb;3= zofxu?3Kf24w%)y4Qq|_m-Iqf!OhnaUKjQX7w31LHK;Z!R`^Q%e?{ z{Ncsy>Z4|7W*iF6@X2EV0g|f^r3PTTf7h|yQ7Q_O!N05*uPppPE54=AyU`bIAcYK2 zIyE?cmu<~9-kmpIZqyeKo!0 zAZ2X0;2r7q!+7_nMan7MOlNiSQGAMok)gz7p%G8U_acMjrR9;;6DQ8maY@oX)Dep|DGO3BrgJO6~ z-d1w=?hpN1L3z2eXs+?-C%mtWQ&9HFiP7A++U#d?K7ZzGJ!Tj!|Joww2ZN~-VZz73 z44$B}deyYv`!b&ow9IkfaVm!$)vaL1)O){~aFz2yfNELUp#)prj`UEeT9%xw3x)7r zDi$Q}$m`ZzuJO`lPn}5AvYV`D_Vv|)C!kBsm7ar*GoZaAJ2$)3h?%(y=dh0nw1iWJ zwSB5>Z9o#7VV9`)A9#?JL14wBhAmkAbeS&;;{?>s4oT1j9Ao*gk78|(?9FHf3zL|d$&q&k*Hm41+%4BqjsM)0eGvhy6)EQ5;fN{LZi=%?mYji16Sn%D zqCFO&Zy>xF&fZvy~L`c0pm=W}T*tY%5a$~lc)-98b{c`$#kV(H{tSeF%< z{Vf+jZ>g_o`&EvB%(5h-AX=M`U9l%tXElh&mCHcTa4fmS zu=&N+hi4tGVVBjylUHe|H5?S~kr>bq)PKYWXAtzhkm=uYWqnE1f}&bD6Fb%TeBg;{ z6-cG)vZWMM{SaMmUz04OHnsgJmWs2sQ$00_j}d;+{p+V|vc@RqtFRmW{S}+@JL_H@ zH5QKB=++yz>C$+KbsVEo;gGm>_3-HZ;HnJcX-U!{bKkJ2P4H zXQ*|Sa`n^oeZ=wX?WpASrR*5(mzx~?;Wdb*i4iq2aap^cG1tRzS612Ddv>XQ6MRc< z%XW98kZ<}__(($J)C@7TaE$~Su$8UJJCvkb4Nbd2eSq~B!b*uUL9HZto**>uN3^nI z6`pl!{K8FoC;P$*Tq>0Z=e574nKD}Joiov<-g{FeWv|(o7p`B(h88>%E%G<#|Cz-5 zQGsf6U%1jw75RP|#Nc5!DyoV%=1n^*EOi%&*js;Gvsgl}My;8LjYue{_QuAy7YS}j zU(7$9I&%DYTmA95KiL2Ng4mScYhso$3cMYQqb}1T^=&v5w(Mow@NXTejNJs zX||bNOyk}w`)4NAB4^9P6=@S5s0)(V(_!gdesk=;IQfTZd|}^>ih%TF)^4GgMi=$_ z2FBDdIyqf$&$U0m1JNS(PfKfV=b<* zpRaWdg$Tzuu&*bxol=$(gbEBdC2xre|INy>PE4M>Fr?D3wRiGYw^I3c7bR`vL~#z3 zcf)0V&a$fl$?s5dEVN=|H*&0$r}VqvrmDo(xi2%@6KC|HLY-1dic^ zQ&5Xh)7LoVKlv{EM1!4u{>+3GSu%P>0ruUwjlSEDuq<{ezlaapj%l>dG3G?1G;)n4 z8hBsGirca8jAirO6`{-`tQc|R9aq5yJ}(nwaSLZ6BAY}+Vw`6dRit{o=TlyGjPJ&5 zLMrkackgzrdA$}(*W|Kg@Lk!i79!H3_h}ucB$-Hq^bFIPB2QSjE9Xd`R|n`MS)N#;Z}9vkcTwTh z{0UewLhdCr#qE->cc(*<`M;liJP080Y<-l8jFM@d5HZ_i#wZ-RMlhMpHc&pZ+#oiqvwo*g+4 z31P9*zUXMHotHUop+5NM7aj5FCfpFx9b7O@1o3GWAuLq=@?8&sqzbS9V7iwnvrDwrdl7OT zil{8Iw+-f^!qJjVhF}Hs(Qf6(poBEZwciVU@g1$+#0@Xs|9FL0#M; z@A%8%(1C+3-jZx;lh*T`&c|U>ftYrc{Ui2s@+|h-ZqrHrMKqdnwz%=P)7h#!$q@j>Bk0IV zB=@AlN+G+q=yG*e9F;^$&U#;{W}I`Z+NlB0n4~10)N;?Druy4?g@l%hi8ii1;(e(+~VAZg#s_ zl)LvSygn*s4a0twddQX=?}$SST_wh|Y5mOKy{PjVt1$aJgF~BJ6H&sELkT;5sY#C< zQ%?3C#XovOTnuu-zKy0i$?6yo)oeKv-H?7IhMgXEeH|jv%XG9HPHbWC`W|^8@0_P; zkY@X|^@o7Xb`*1)FerD+xUfPAC9H4#^59->@07sOJcCgSDpvZqxE?`?61)F>IPg`- zJQnZ`MjnKyvb)aOI>+NK=~lkob=3=Tb3jQ|xL?{$7?X5H=Ssz8fI&Lt=pU|n8NjmC z-PJGz$SQ+oaMTzjFW)PWP7N*lcKmitP5E{^nn5>hA5@`*?3PQOx*gCFjE2-YuQXa& z%bA7TFz^KF3FUtDkW51Vr!S=OTVW-Q$&44SsOpNOmN4z!=s=;mbg|d8tbH_U9cR&CmC=x^!N*5BJ9bSO41@b>(?$9h6y@{C>v!jLS*E;;5H>JF z=b8PHC}d4`J_TGbzEEvup(KO#TqqN^F9V7j6nu8Y`1;R;a{{ry!XRGd_-kze!HP2w zN~@C>YZNQI>&Q*yRg{vPGsFyll)2^9K)&kcakm7|`;ZWzp-Vw4=>GTgi-o*hZqcO4 zW`%bulY#THXU8c?s_Kgv?&ANN`ZU%(^OTe=Qn<#&C*ux>>rer%^B;d?%j0HM{1Nmo+)V#YdT-?1g`Zawd|Nhw^_Y}x?^X)-oGX6l`z5;~`uS8{U zI~W?=7vvuSAny6Eo+QZT)8}F}%``*xh!w?g#$>PJvYciQNADOTuVwrG#sGOk4HvXL z%}%eP+vQJNSglrDu$v+dpTOA0yFULLl0ws4B@mR~{Ue1yR`4p2Gkf(rxQ>-%xa}98 zu8ZZf?w)vSd9l<=Bg1#MOCe7GAqSwt=e>>%@fUKMENQx^mK*ajvvn@l%}}ZLBvG-A z9zc|o^OVIbV*A(&mnLR2J)fC_3NZHL`DEL|`6GRtL&^PAf?bGmJ4%Pd&s5dOM66$^ zODa@8`Kz|Z;hjztGG;%ap+DcrUgYb}RaNVK_m7|duCE^=w8!U~AWYoK25VSP(5h*y zztNzRjof={G_@nIE&S?frJen!MnRXzM82<&B(8d*WR4WlgAI;6=td_Rxe}WeC==le zx?^#TCjFJssk72m%x!{kH7cYrS)zN<@2d^RnogL&QA-+~n4!=rhsZk(Ws5o^4-Kru z)HJDOp3DN^no#6JpF+1VAFt?IS>;}h8KB#eYJ%F5DeiPOdNivE;NzA~QiUOHPmlKI zzJKGcv^@N@Q4w%-QvvCIC?00;a3{w*m=tBbb=~b^kp)}P@iuFiZwkS<0-LAvJxYF} z8dFdkk!<-dyJZ?=NpPkUmZu-s8J0)BM&Iabgm3?ZDvO`~cqNjh8{>B@A2;`!Fz5uN z#9o+g>l1o)+<8D70)G+|_t>SBQ+ru%)gQ-Wx>^i}!+nVdNtU^*e&%pLRdn$Zi+4`% zbgEDg@*-lEcRhyOM<>TRS>>Hs#d=Yw2CaaUDy{Ss-{*0De9h0}io)*rl^kO0XBOZ0 z*P-H|)CaCJw+%0q&xSI19{WpJMqa1JNvH&dDK{^T()DKsI1r2tE%m;$pW7%s-E1VV z9=WqKxA~*tW=q(^H=~`-V-4c`Ki`K{ZMzzsdAhy|*HQ3Q1Pio7BpBnyVH3olB)*pdjPM3q_pKAmX{__d=!I_^)*;vwifF=YeEJa=joh7e6pjlR}}m+plGZ`vLkUhUEV}i z-f|QzT_>0;)_o)X^zxr!;Cwn$Y|UY)w*}PCg1Cw_QcKA z^eM73iEqw^h3j%Ku`!n#BG@xk&l}L_i9G*~TH*pcYOLn8$|mOJ#a{iT)5>`C7<+$F zGjI0i(}KlEJFc49G9_m_O9hPW+r3ew+yW7_T(ie6VOdaPSPoRB9Ldjp4dxI`0I!aq zAgrpbeSG_tJ%g`e|K$oOx!Nf0$m+c<{|{TX}n?YEUPP`fc^pAa{!ly&o ziRVsC&5z33Uk`|stshx@<1(cedH2joCut(!v9qm~*lyO_pd{%$3eojI<7`u+bz9Hv z7vTno&1+5T)6Zmm!v1!V@z2+eaTW)}r7pS7v;fOlI=p))3SWmJt+7cI^h92WXt>zV zt3|KYP*5?lau>-LWS!G13LT#ErjoXuO>=N-#?JPbs&mkXaX!E)9=&bf>5Urx;;&;e z=WFLMUk5ZS% zn=_1jo>3~8UlMxGPGW)aca^dozdwSy+V2+We5z-$5V6ys7h_W;Q3qkO*!iF#Rx!4G zC(i~W&u6;)7ip#46LmrsQ%=OXgW%NSS1IC}M;c-oEqX0u+SrinCPjZ=qibtND|gXdR9wB2dgoY9Rp z52kDVC<1k;Y#FUrQXwXl<#%5?Jh@f+%^!7Emp)Q(9wUfIAY7f$LQUjFV+Wrk6Nk>D z$UjOk`l8EWQp9{>MBZJvLsLRyi;ik?>fK`sOQ4m|K z^vp;nnjP4%SM+RO&f$A$^jAoS_WJ9o3nKkB1yGp7`rL`h)0|xy7=s+)+JqL5NL{FP zyB4;i`7GLYAp^4cC^z0IMOh+9=5pQtb*X8oC&~PqV9)AWn8Q^P3sZ^ggV8YK6olanJ7E}638eL)r5hFJLE1k%g7v&j~Z*CoZeO;VG6!aBfi{Ym=C z3pp{iOfR|K$jAXkkXo_EpY260QpI**CFwnW+rw@P{T;!~e@ZhDQj8tg>k?whiA{t2 z#WSQ?&k8R%K#AXI*nlWCHnyV{A{5iS+ac)@PO~(qfiPj}mKRff2!y~s1g|;X?Kq>I z8rsSTu@|CD3Vg1v@Y48c^51n1?@b&6tSpB&+KEY-14$f04HB1JkFNS>t2^bUQY;Up zTXjQw5KnpS&EQ0WquGKqGM64@rAWByG7~qoY}f;$=Yn}_W9p=RkWbav z!4+KQvkjBDIL?#zgEVEw?3#qmQ_FzULOrNCoo+?Tw&nP3kVt>VQ@gL9qciE+=_d&T z6L9?%%|_mBPEoT)NH_iR3~49&jG&da#e}fLdS#P?7jZGKKkqM3mSiMyFmMmq7yTE= ztvPOkg^K?|lPd4&+`s345Kb(v2=`Nr}`AVg6gpSCe=1tkej7y{%@&vx6LY7$A z=v~pBU*#v`odv!t*^{w1&}xb07OCDHt_l|~RqQxT)CL^L|2oZbGaFCj5hdEar+#ts zSpYstp`f5&*6SOC`DEScndX42a4>G3*gw6bAFpeH z)sk`~YDenZdMIL_MGB3+a3^&jG4n-kkeK0Y{2OM*jRqJScDN9ry(MXU`WuHfXKMMOTHGMx;nWW( zolQ#FbeXC}(uKjzY{dQi@f3p*kp(KVeEh=IBQ#L{`s@_gHiWR_@0>H zvY#ATbQQA=#u1aE!bbDF=GU7H8;o4_xJB}<-&;oHZB;F>tNHg=u7G#9~F%{?hl45$}hAKz66GJ*!C&u z`Vjj37@NZz7{Fbf9cn?x$j?<8k4}o(ckS7TC|XK3u0SAm6BYF<0QrN~V^VcBDXyE! zH^kHCeK<1SrSj87OTs-=43n?5La+gQKjO)IBX5h6Y(30-A1;-U9c0v`n57=ASY+JJ zz}zO2E5VTf$yzKs(P|uv3NE{2DwTi!Lvvz~zo|-3{QBuNRqo8Z04#k36RlzPdzv2# zYrUkf4QRLk^gM2^IVzTJ?6O`14`za=QKE5o)`6nzTArJksX$$5(`5!afe8QkKa)jn znR1}7)6)GOd8R>GNlT0NrLdYb!%05}HCs$}jTC`&5A9fO@v&FBs+GHEoz$I@>XC04 zGRV7kq?F7>yir*5!^#zWyecY6>XHMu;D3+dY=h4Ro4cU;<&_CpXbDffe&lN3M*?&=xpl1U^kw+s_-%Qx9qdUdFs@Oho>@`m6nh)`uzZWJg*iU?dUBT#+P87dO zoh4&-E}ee9}7sk-Dq}9%&pF@8CfwpAniZnAWS;O-!mB`?=x^o<5~1R4QQniwmQ#s5qdUc!xxDzLCJSI4n`^lhV`Xv?Mn3 zTuOAvUxmV7wyvi^^;VFo{mJ`dTe%EB!H2yfjqZ-g_t;2#9+vWQkRP<6gz}?@`9#)yvGbi0GBS1-jns#fMv}>AxT*hst&zR4 z?g^>a(8Fs0alwqvmiJwT~>{;=v zT$b~vt>}B*WvEb(7>{O&O|*ZCzh`&U44s`hV304)BUQ?u3ffW3Y-xazF-wS?aJ5q;uc2YHaO8lZ$@M?+Fir`HJXV}Jb$Lh z3NtdH6O4^Hu-NWbttevH|5`BtRWXiLj&UidvG4kQ5ff?L6=CPEenu#eXdQ;ri%aK> z)~TtKH}FO9h?95XE45(^qIgemE-MJb@mpgyzBc}+_xFQb`<&a|Cdkvs!CPlWquL@- zx>TtHKBZQb#j}?QMnyM$TNTf)IPhv84dR=Cwcy!$4D3r+7AhdcC{3&WE+Ib1&G;x* z^zyUvm9Z824TVIk%Y?gFqq3(#5Y3=ngGCM@w#CFafjcYSGoruZcg5PRRer;>^T!Lk z|3B|6K;^G+SAS|(mmi;_C1)an{lAWqXp{TC)d}YQNiVsnq$`D4w(yn4KMDWo=P8(w{0&nyqZH*%en|@B|B=$YukKbD~0*WCNA&wePTVfII=WD ziYAOWpHCHj*8QaO@AI;FbW=o|z{SQd3QS$(2Lbcs2OEm#y~zNIT=1`I;MIP-6?tnX zv1!BQ-2=*dmaU<>OOFiIe-(0_f9?uC;SiXNQ~TV7-yX&Wor!5rwxHJdH9o7!EM>EF zr_s#Vt1*-B`MSpbedpA_ex>^8$Ywo+nBh7hQ@LJpq?_u&_QP1tw2-)R=7Y|!xuf_~ z4_|q+apPaOMI-C}=Ks6%BLS|T8D!}@VGW_n!vs)@hZyFNvy5(^LQ6eyx?geF zGzi*>@JG?xPabmCVZfL;6h8l{f6qPX7-d+UxJhRKMd;pXvC@L3@4~;nK5Bhuj+U4`Kc1c z#F$&@D}&6&l{u=OpQ;?wUJPrOrR=%Hi19Y2Ff}T70E8;IZs7BC!CZq`u^osoB|q5{ z>EwO1DdLAn<%ZXEM?pcf6-XbeBsCs7BTSaj&-T7KOdjWLh?VU>vh(}TSz632P>aD2 z#CL{rrvJ=px)UtRK0^{!pQS#o42{vZcn%^JNZ7Mh-Zgy|4}-?JE-KwFzJ7l52RvMg zp}>}5l$M5+@Ix^9OXI?#&;6@o-Je#t5v?;Fd{9Q`(Ib;iZUHHG`tw_^{2StHuvZV> zVSQr@8+*t!g*%JpPo+Iw3OfF}P&0PvooQFB#!@!@-|t`-k(vHF{hoqmm-nQzbd&Gt zQ%hG&*=^VPoT}Q~n)>y{yys0ouzzDk^-rH^ zdee3CIQ>|@v?^uG`I_eILFbhLu*|JkT*L#Ibk8kH%H)`+C`M49=gIT(g{DkmkBJep z`6()zrBG>QqOH6>U-k}BXj@VzSGBQCx z-_=EukU0{Rv{x2|t-GEZ#}}w~-+g|khfs-64ix3u8NpVF=9 z2we{Pv*x}jMWaHY1qB(I$Z9Lb0oHnXBly-Nd)>dGEejGBAXr2hD^g*Fd=w}}={I>+ z(w5yB>F0dpPp^P(A9lE zNgS^))3s8*q@g;ehNkmsPgpBHL7chBKp(*9Vk496bD4 zaMuY{5R_xMFL}ntKgs5m(l=E^0Q=Spus#+;-(q*~fIDxVFFdWwXjaYTVa4OpZ*m@P z7nurG{6rrOqE%JXc;1W?Z96bjS7_|qfCWC{u##0sZXgEQ|$qLYJdYmzgO9n6c^oh^H@ zikdfIIe*z}E!a@i0K4(z=g*(4Ioa9IfNn@?XmRx`%X0C(SkId)pD$@y`PYqw>M8}8 zWK`#C32|$ zZnGU018VUVXMcSG+cVhn+sbSgVGn<~Gj2qi>hTck-tH{=`Hs(SldzMQ}-{20E0w*buGs6cx2-UnLKOXWdxVAe@L!vA~2O#a;d;YTPJ zKH%~1y83@q+h5>c)xV3G3*7VX3VeHByKw$TL>YdKfWfYo0OfV&*!cKyU&f`=V(mVc z*%yYA_Sz;x$#jI~)hdfM00J&H^etR}IA2`ulT~=4V2AVrFJu ziV@{Q`c>R@)5lxN@UKf!)+s!cMy~?e)*A_}foK5_z$W#sq#49!MVpRMz;^MY}Li`~Lt-q?-JylZCSTBU>5+Al_9fT~bLC z*GGxs@KWIAZr|j_;|oih72|jzQzvX22B10tUEmd>soFAEHI)&Rd46n~ckD^%+g#=> z9W{Jrao#(Dm#|w0b8&`Fu}ABWG@bYM!}`7EqxouG(^ybhhGsd&15xn6a=^74717QM z`eSi*U&!XSbin=wTY)K}Ih6v0olX)1lUC+3o~VE)en$zJM$Kdbu&;Mi(}>!5c(PNo zJ|5K#UM669sxXM@r}(aUy8`{lal#Nnzqfnb!TDZf&XiR-u>B9GCmM1f z+V{mG?6Bu2RnaAEvjqhOtoLeCJRh>Kyz_M7w87f7{r%&*T#%;#&IdaOFk^pygmjj- z)3M>fU&<*0>Okp2Woft=evG*tue3hpKi5i(ihn{Xp~c6?X8}loR$7}Eh-mIh9Rm$W zAiKM{!A5V`PRlB`S`~eDw|RSp7y>ew13BthzgV9YWu@VTfe&Uvdvg?`bNd0NZ)@7pHj(=bzH4xB zSXgR#@_xrE=0IJZmPJi+eaX> z`T=Teh0}=-l^C?^MRn56+mASdZ6#5fzMlHr;Q*AxC%geR3rL{=g8!b1F;JcNirxdD z!LCN{EsI`>Jw7jc@mFX5n}8FZ)Bv#Oh!2?XdbhLKaVNMosJ1g|K3fwTt5%{c0FoQx zdn=Wjp!%`1>;-*CvU4MkeX(aA(4fpkzFtVogOJvVe3qXaDwe%`3rU6Thm}>OR<#nv zEh`$2P~)3hyi&=%sX*8s;6+0Kq>vU5bMCIi_%Xp(`p1k0efpf*t9oVu{Xa`Syaru9 zGACa+N&Ud=E1+>W=SmFiEdiwHfl$8!bW9Sk8|=7rxysFJWO7fB zwk5s@HLbn*JD3chUQ_2ZP_G&4rCS^IxzKUj6S> z)atYN9yGDFIitjze1b8cHLS*iRm(JqD%ZCMdLsbu&=k-Kdt96wm#n-O#;kL^w-%zT zJw#~_wV5Ei?Uj8oYBgF-0zg3y z;_wtk)((GAiJJh0i>=iST-ppudd4da*@9&dOz#*Gx8v^|+D1k%m#4?DDdvs`1jGaY zDf3XLX~-;_kT_2{k%Nd`1D9`VBGC1qEPK^$SUb1dt3VNf}V3&dMzT zC}-V@SKlvE)EU&c7qCOcI{{|~9+-^PWRoJFrFmTo#L2F((-d8!pUhB%^FzTz9?lDxRY2C3GlsWmY^gi%wdTK`cjj04rLUe zGDDSWymCu>r^b-iBzM8?*NaV8be`*(U7SR-0>H|IDE)t2Ti9M<&G+KYL*?kvnVtr*$;#*u4H->kAsvzP8TMF9y#N^%^ zu0M2JP_A4Lm&)yg&U|x+;u`IEa&60u2!`qP(vSM&>7i(VpVrGYz*3{0_GY#+y2+@H z*BClAAq^z0(Qn1p>z;UySyF0Z*5PLtIM4L;>s{Y@e|Zw#m*q?5y*q|ghUZfb3yk^$ zu3`sR=ox^%`+MV?AOBVCMNC(j7i4h&fgF~D#UJFZ4MTm07!MF{ds{+FP=MTqw7&9{k z|BVC6eo%0GFpo{22V4f>tPJ<6EKd^;3(a*&e`OKwO7AUJ{bq+mps&wPI5Y zs(Tvl@>zVKa?FwHy@9I?rxsQPnOL;;9tmXSN*`zh_8Af%y?E1fJDaIDmR~~x>;}1l zlGd>40eq`(Sc`G%jYnyNCC1|`xZmZ$`VC9Q*8u1lp#60cq&Pg2 zCi5M6Y**G8CM^r+JIkrr8A}0+U&s)+zg5&*9$X6OvFT2+54UKiS(N!tFRgd;kmS7?*6)fk8T{ZDU>r4>>I! z+>ZLkpJMoK+k#C3bP>QmRw+5bc=YF~VOolZ3kqz5ri%@McZ$3(w`u{Hn#w@3hWX&Y zd*P3>Xi~ijPRR9J`$V}x^naMt52E-moD_+S0Hn%) zw6j$wFJ*5gF0Qw>m6MR(9T`b}Oyzgjj?PJE`stxmA4j$>TZpc9TNR9)iHd6Z!2LB> z>@dL`@3PKChbTHZmGRg#U5}58;|ZblN$}h3Z0B>Gdp71)+N9j%gDVzBIv$Evw?{CA zN2#WI)|irKU$FLqe+~Mh#0wXPEYL*7kmwBG08f@oK3<~rQkoX`$UDyYLESwq&E^=h zgvaCLBs%rB@M$M8nm^z3jdbB(Kefu)5eP;OE9I%w&GjoGy=pZ>`uhi%mZQ;Ln3J9l zHndHX-#qNyBA?L{7GQ~iMu;HgC$iBq7~DOAuxW>;&6c7n0O#8)Y|Sl)mBImILyB;Tn87s3lB)i>&SV_k0Xi=}r_EwucN1 z%9{Fxz87-K%zQdt#c$jrwyU!8vq}XXH=n5TH1EH3YnKDVrpTw^(Sufl@yk$-hwJy&%L_YbA)6LlAur;= z5zXDI;gO{e&fEh)wt(LhUvK;IspX1id$C`3^qP}Ord&nR6vhb+4 zWAkbPpOJ(bVuT^~0_vwNNy^#oc&U}KydTc(NrN8t8hj1?Q&}o^`%Q8f!$?8Iw@xtc7z}d!$YgVik&m$lF9)f z7@89=iunSLUyGc+rC4c-6!?I*p$SA{ z%PEPxP1`S@$$KU3H2b7b7tJnpJY0>T^E!6XVe`nDc>RL}$O#K~_UAxKa~(|K6{hOt z6B7mtSf8Qg=eV1Jra*iu$7Pn4wJh6hz`n(A>Mj(mnlvDbN!v;q>LO+w*$*Jbhz?mz9TCv3V?|F#J9Cgx6;o} zN0iOA{vT)W9TY_ueTxo?AR;DIB%>fm{v^W?4df(IGAc;UNn!(vU_x>pa?Uv?0Y%b~ zbB;q8f($tf_l$hs`{TXetGf4gl~pn|J>7k}d!K#QUVE)O6sgecAsNfnWIXt-yyhc1 zO_IB7&&>uKAShb&l+$&mS4tki$;=+C&Z-$zObvGo1Gy>k$eKMOR8e$v;^&_hQl+R( z+d4SI$;Ll*wpif5-Ej&57aL7oujs61ihJKB-_KtpyvnnA>^(@c()mT+}dGkIkF*-tWf$i=+kfCo<>QX+Xf+=1v8?6s^^ zf@vS;JL*e>bbq3=uF1+NNQu%YjZgOqt|t?))uq?L;!A}Zs39TeFrZA{iTts5_iyoX1&rMZgjjg$@}ooq!$^6{Uy| z3ZN^`yce1QlJnE?f%x_-p_{N-@VU4EKwr*(4%Ub(N}O;1fgZTOZv6)Z0y(-S9L9RS zNx%HxLR4_|2i*2QK`OY<|3AMjeg|MII5#((%?l7hH6HCtVT5fa4v_8-WvVR*Q>_4taM_Vd@r;uoSA)7d->9o z<5?;o&wd!OANx5lpw`yeS?YktQ2egq%NWTZag%I!nBqJ8kV4M9umR(WF8wUpTOlXpa+g=v4Iv*1`-p2f4Yq2S8FN zurp2&YQ}$nW4~Jfv0Mh?yKF(#PHO~;d}N&ZmJvYks@QyxMO8n6fvO95nRHrcj2l}F zW-ki;U<>{EtTxveq?p7eLI+fIFI+mNY1FQ+O z>(Mt5*nAG%%AO;UBRP#cU1p$&BKmrsj}it2 zY(EjhUP~)&@T`2&d;a4UUHs0P=N?)MlriXmwN|;qO$ES^AQ~|(WQ@m)rH+O$Ho4S& zfC>&L6Ho5lyk2)>9Y1&{*`?MrHqq*R^68~pIzR_;#<$e#dn-ULVksP)&Q%%$#$zwSHA+ErV# zsD0l~k!mkgCj@IG4=153f|gy=NE?R?)oUfCYsRVf-7iQBBM)njYlNqOi8sJ@r7an* zi2NBwiaSk=Ev9egWRSHvQa%DYRQ_0N0jAoc<5~Q2JO+Y&X*p^{? zIG6W}_oB0FIDlBJ_dURAz@f~8N=g!C4%ufLu=0lWJE>PtPQk>Ddr9j)<;3IMrnxAh zF~$#sLwJ_7<0TEi*Bi$)0jG2MwT%HXlT%R+3hh4t`MSk$KJcA?gQ6oh_3U@Jqd<{4 zHuYo8_UJIK9Iwq}rSIX8i$!p$#V`^n!DUxL^2wL)ewEqT0dOnCspgLgN;7`yW5m7Z z|D9H2#4%92UpPd?hkuLZlUdWqTgb23EZT>S1dE(aIBc&2PzDr37NOJYA7ubSyDkEA zeg*{Cfxn&W&?-Gy8`LeV8YqUvcfVd}9Hon^F^Pw-TuK0*KC&FOGafk5iprt$F_+tp zX~{Li*4>V7v5uZlr4W#_JdNSE;c!P6WdO*rc~2h(j{z9Z?{EAQbS@KKHMzP~Pmu6U z57*g4l<_?D>zgx?VaIubr2J6KC{s~avQ;w_ z?OTHGZ_ix39%W@HcRrjmGEyochb^Rxmlr{$RTZG)oktSy31i1UB)IQs;eP7~5({rm0>A_QZ<-vf*^_AC3X${gxwx~2h_bOm8rR{`KolIfB8@IZ9n}N*?$UiwqB4`h09V&w;8Z&=rrmt=-)l-|j|_ zZto5!VHm8xi2@5;pa5uY^Dx7GqfQC9$C=tZ?;}h;Jw(yo$F%F|A^`v&y-k8NgCcS@D?+;|ao4PA!jTiSjh?uB2fq-(w1jzP%#5We& zLc21pJ*(@uZ|O{7{PbQ?&huAu)>)N7sDPr z1y52~5MhRy?XhG|XGym(dqzCh0D4$4(Mz<>Qwfzb*zGd+iRpLL<2Mg{XOPmCB7vfo z&%fK9{ArE$&tC3^4qo}UuMXxYjPhD&bR_vxQHA!-z|13jn=X*1itddVqIhamvmG5l z%EP@-G3^DFIKT$fzESW-qzwsn2%_RxabCv`^y35w^X0~i*F!)}pcgz+s(CMqns)FA zuTdGH@KJ3p%g^nozlm6m5dO`j$TIKY%Kn|DR^u8%E>r4?0$2e-Y$dSI)zl9LS0;r8 zi^f&t{APgoZ#}=g~!+aTa&B&Nmmw{e&crB1$ToU0C_iVZO)ab)54O6^h@q}9kyNb#!p#(JW zuv(zY;m$~SN*l1ZNM`UGl>8WK*2`mS_l_uWZkIJiJv$9&5o88#S{u-eMAc4+T<1@p z{V7jPU^uG;n8`=c1{L}lJ{zA%nMMjOr~PoK6W;=UK^>Gfwah@6JdH@d!g>eceF-!`qJCom7E1q7DuI$zylV^V zzS%Z)jDCa2K`?LD@7Ko(J7%^OOw$!x^>{+_t=~Z|Nj5GBGmioIdQ5#=xTgNY>mnzG zy3i>}A27h_#`u9-INok!NN^QT9mhMq!7X$_2ldqRFkEvH1pi22zR>nqiuPdww3n5u zT{ecVN4$+uFs!W1lpZQDAd4cj8s^Y@NKfA^OqUBPKigpG9z(aC0G%)c|A~D*ZH}6l&fztUVj}sYQENdIjR- zOeN2@zYsO%)a{Ky9SatPb)}`xu%|BhZ7!xW@4%_bN8^0JV#+K!1MpAzOBG(p zta3E`0YW(&D&9SQbjTq_j-yHqCv&-0%RIbLwGM`SX)bc=kN`|zGpGBD1O1A;?;XST zL>xZ{gVJx575};o71Z>H>vhZJ{&-k;lK&MDJi$$hSrKy{Gh-4w2zuH%F#_Z(^E`k- z5sHy6mx%>ZIFn1)Uc^RYzEgPuO)Ntz=W?*p?x6DAdCc{8=N`AQWX;~Xy!X%x4GosG zhYx+|a^mTn)~jRL4C*K3cavI&N-Yn$1YiFS3NkDt=yb~dM$T;##RYXA=qL)WFs#)% zbYiP_S7Xxp=-gktD6%XLT-gXPeha-Fvv>f^snVO%9kco)m)#F?yO(MUIC#zI#ueVr zZEyiPbe1%WN{ymb$-wrJ;O8%S-7jC>6Od7hF;KgGb)v?szQz)O*QpZkKXRGwPZ|$( zYH>9m?MDGSQ8e&UbtZys^`oelb%$pGEJjA6;k45CT(ndu9cG>ms_t44&}e1?^Gcb+ z$xba>45^}UuMp=6+dlz#;$20cx^@U=31CzCz0l#rajP@leZ$zsPiQqW#kd(1cV(X? za^Y6_k4xNkDKNHy3i*d&yr$Z${KH?Zhv+tYhdzB4y}ayw@fwe+>2l`0tq|fTC@Oae zBc(nd@XfX~rEaZ30hVQkKQ0KO&?O3m47}{>itu$uhZAItBOgYrM(Xw&QJ6KYV~?S# zq*4r!AHMt8zf>nOUoTg2OzEwoclsd)HSP{bXS%l!s2r9$A7eytwhUJQ-<_NKbD$_E z2ghRvN$Z?wZjd*e#lrIxQ~D1cln zG~D)_OrLIl+9ly+U+gR#SZQ`do5VjPGq5kJ{qt*WyTPI$7!>q*jKa#E(q0}-dMXu- z>84s4ZfHQPWuzo?RxiJ}11i&hHxj)YSKC6UN6> zuVI-$rt?pK^l~@1$H70Y+n<;g%Ezt4LHvjzWOD6gmfjfxh7k==_tBYs!3lP}V5x+K z1bw!R>GrXL*?zqz`s5?kV}^xfL-l1BUwsBjUi(x8$dP+6pU9yz_TzPM{i?if`6($y zyRU{|=64aY3y;3nlmqhcXZd?#@yx%KnGIZ@H+REeI`XKOL#YVQ{Q(mAl~e8B-nK)) zqtYfpNNGz=Kmt1wzOJsZc~Gn+sqj!E2H+3!g<2UX+vRoBm>3?j*X2$O2?Wl(_i{Ir z=;JWCr&^<s*xy3yV@F=t7lcBu$4@91P|;bk zjtiAo(dA`JYO6%C9Bikep*vWkExAaZ-w?;n%a*b9ykh9L;n=?E)*@`7dah~);;Hp*cq9I&guY^ssfg427)JB z&Fdm?py2IYfm>#HVON-37kXRKaqRQ>IXHo3z;DPv5Yt7kxNd;+eoM0eJcU@{E*%pt zn{~yn<_Q4U=?`bxuo=~B4Z2nB!&iHDA^-Y*~&*Bnfgc;7i$ z2IR%dAqQ`1TnHVxLeVnhAEB;!Lr3X~(>3(VemDVc-ryE{NFRh($*x_gj3dWzj97hn ze@$5W*LPYI8$4-eG3?eU-=&-|(YR_5#JSA+jNpXg#Ycc7V%)P)W7B()y4eguHNMZq z_<_lpitZLjQ^9sKT^{iOR3TA(kU{R+REobVvT=K{12<5z8TVts+8$lDKjn-ZTAQr7 zPFCqnVYnLBR=lrYN)#Y=&VqYjnwY(2J&DfC%W%mD?qmuea9N;W(i#A={?21D#I}$$ zsUt_bD)34;g~P{)->V6K)T-j|_fc1l3f<~Rul^;u1N>L~LzZfKOR8$N+x|*3dy_cH zj15`&>0HF>Xij8jg4i^E9*iNwxFbTwOy(27_QsH-Zf?Cg-SA%ycEm5vSGqTz&>mEK zow|*hWgyUTRw)&i*QC+g+xB2ExccBc&TDspwX5iXI_(WXYc>}%SQ|?OS$SBriqQo~ z!t!53Yr2*XpNgt@N0KTolij(~hSn-UgW)jUUXXcgMY+TA&92i2DC?d1<&BgP33c^U z7R^^Kli>8l!FYc72hn#gFt^YD>E3d0sLlr;20oi9VL)~JOFs}C&sR#Q2Vhr7)S1V9 zX9+ZiUX84lR+fB%=p=;1^F4uugn7NJL1+`qgkLI$Jt1FesA%{m4={j^1|>i zsIE`|y2>dk1|mo)zftg&3Z>y^dmEJjiiX)}c6i+#I7wdlt4nySbSrExE5)_TzCMlZ zksilKlHEABJNNePa*a*X$kX1_K=W7*NNeQlwl&9iGnBbH=zENP{HQT5-UwZh7IL+- zB-OBWArSueW(GxOAo_IOS)D0(OzD8EXQwAILso5VR|sXKxBA5k8sfLOP{dV#%t$K> zFL9pV0DQ}-T>7Fn@bG}`LyxyHx2$gxgoFmRAYU=?!D7LnE7BK5zrOspxe0h0fx9&^ z^1Vd^TV(@9f~rV}-_-LL%0Zk}cBYgknCV-E7ec96&FGKGgmM7)hp!K*x{j^4OYF#bL~ zu+nG@Mt5jhlW1@MT5K>Vuv!;zTtH(dq_yz#k4F+nPUXcuUjFxD4l+nTDP{10CBCez z9GV^0_GJ7LiD5=+i|B{M^(SU#xE-}xEQD?vkNMpK!+lQo@b=#M>IlerbN>~b| ziT44IwqSDhI_pUxIFqv}nfHPbl5CD=(Z8Ixl=w1kFkW|7b*UuGU855e*d0V+q8}F0 zTMT5rm=H>%RdD?Rt_KM6zUR<= zC)1!Fb}K5Xn1jBt}{X$S&=iw77 z$=7RoI!AO`8$r(m+{|G&2#+8hV?cW9G_|Drap%sR=!bZgjY?8F5n*A!k9La?#~KaS z`E91;3&BslU4?-;!tl%R&KnR0KTc7=S|mW3qsl&)+L^@YqO`oW7$SHCXVO80UUr<) zL7X{1|0<;mJeS%$IQt%73Q?Vq)H83)<^v~VNug!cw7poA@EQuBhJIG zst$bXAnA5Nnu?;)nS;yB)0lzp#z3YWy;c=hxdi$W@!cpzGvH*73)L-R2x;{D5#lAz zARNmH_Z*iKUAlB>>46j5%Hb2rG5mLl6$CK5qK}(gdRCt8 z%G`mJT?Wl&tLuX_;96&S+V2Y2tMhzbm^ri(7Fq42n zp#Mbz2%op!b1#0!+|Ym}-R0D01NDC`$v_I@rPe?{KrVfT^9CMu8iw?6Be^sNvTWbCRj0Kg`m>UY`o8Tcn1OK>OVfju-?YTEz8S!ao|jD^llHIZVQx@#x%l<7xL@xAC_ zi4@CZwt%Ax%*dntTLph`-}y0|q2mOW;Dsh{Ly1lo|Je3+#!-u?sN zWX|CXUGp{?D6kPD7qgD5D_aNbXO_umKG2Nid9)J_NUklG`e;xplm1R4LS)!XO83{GL&xRquP`P2cA55M{Vw(gB*}E-T?n`)_BeriVSKZGdTFI{NAc&y z>mvsGuDiTu!}$o1FO9}|^nJ3&UIJP;UdQVuD9buv6|68;VZ&(>_lFivczLc5S90{e z?0LKkko7m*b1G6AkH>CFdr|0S>lDO;3+V;(@X@<_fNri=l<(DrP8-22nCh}A3baIw z((!U$eyu)P$)Gjf^xP}2fHCAu)w$!kJ-VJIRs2*E!#;XXux=fH|I)j^mTIuZejF`2 z1>mp7HdcsN&7wi~p9U_x$`&Un+Mhc94LUb=d#`v-IEm5C(gf zty7UtWjo^oc*(YKlMavF!N}sZd_5cw7K}m6OlqhSA6X_yJSU%_qu_$)=4N%NWX+dE|AwhA5^NcQ8Xm4bG0r0HHvJD6Q=_`5fWq!gv z5Y%wzFeS0W7GzfSixkN=MQR~iJK{_Uo&yiGU27XKdHc6R07n-FCUrO9gj?q>+Tv<@ z)sDCXsLdq7(;TJN1@H!D9O?)bz}!(8<6fL`$E5r;J%Z`Vz! ztHC&icPMe67HlkzCq%6sgqslE;^LyS;v%je0<0G3-zCy3 zKV63!@l;;Eqyq_dkpm0A%Z6^W7*y}d?j7?ygRbAd?Ao|5PztV{1H4x#ETyv0kL9nU z7A)}zA)?x>&dBG$*fZq7|2K2YTMEO360QF;|fM}t{4nXl+#4T20t!pKKBmtdG{ozM+$!2{YU_;g5 zd&ewSzWE*s2!L$>TLr2*Wg0b!5^JGKLNDqM=7_b5URQbSuUFuD21Xyk26zBXTuaDl zZ1ijX-ZqLB`VE35y^`2znCtH~T>pj%6z_ERy5qC(^VCb3*|Tvz71++UhcN@434)vf zu07@A{d3q)hxc(~l%_>k}Ikp6@tA#v9 zQ#y%~pawJF>DmaE2J2K}b#gg{g*~|qptfhf^Fk^HLx^y@nh9O`_kO0OWS6BJ0{*mQ z=eIg*gxJf)M<9I$Z3ZeJK=Ff#N5N_85Cy7?XH<4R9aWW!J%n{$fbz3FN6ZP5V)Nwp z1lJ<~^!rSA;))F^fL%E|BG^L#hAgqv9czNR(0iVaDdUipPXMIt6E5v#uYCh$zwM4^ zAJ+8@pK#dM8?w+CtpY$Wcxc-nw^CVf*aB&Z(WKa*u8Id2ved zE+-IuqhQcrz)gB|+%g_(neFV8XkLf(zaao-9%4ON6KnEj`6s*7fu7FnTOAZJpsiF? zoG%vv8)US%m5N>=hA$kj)2A#oZ)Xav<(4e&0s~2j_XMN35s8bVs#;F|vhX}d&z8gX zxdkOi=Q%kWwm(OI#JQLwFDduyLUupT+P;!=eb-NF`Az%bf!|P({ir}OITsUZZ!+o>kzCVpQ3ij_UDtzud z>7Q8%iaSRRVgH1Git0=+OLZHL)Lg<=^%&QlHUjb)ZNNHgZ!0*Xz+O=8(&ygDY*5>3I~Pi(2FVmbO2U zGX4g4{ozG|t6{wYTC0!RhICkfZBm+B<#Wj;Fl@ZCS0fTrt;El0Vk_MqYDFFMjRp9XLh zexP39{6bsXTt!POdL_tS`-)lv&<4TSikL)ScHB_Q(Cc~Vy_&Y}!$_hJ#Q(;t#+77b zWD*s6Fa)qcx$z4bdeU-o zE?92d7qFWy42xf|6SvOC(;_8<@%6t|FKs6c;94!FGW++W8`{nclzx{-;u! zw?;-$#!h|W;RHqD?k$m_FtzI$3O##2vO=?~Iqg^6Eox?LH*i#qY|VozUx-w4NC;45 z2VFOCIvl|H_KA`g@s%s+ymhfvQt=?TVJdZBZf>smT2%GLk?|DOtBtWci`d-5;3iUYkx;ynZ5LBHnr+{&?*rpeU^92TzyZf z4+{y^&sg|Nbv-;T2&VIky0nj2_sjs zYEK0irL?d%C!(>8AU95kk`wS~Bq57JT>2ALs%N_q7_g6Fo50Lzw)*kFbQBv(5H-w` zE*346b%fw|S`f$OPcNv8&-ERx4D`Mu%mKUjs>?&{_zZkZiMeDIb51^T;}=mLKd1!= zgWgTNSBZ0@JP#x{G{=}9Dqmu_UN@3DCsN!lSWnPZ1-~e5ImRKd%cF1g-a(f{-{A+P zvho7^&+%BHRWW0$`3Jz2_8WRlQ^&R1T>h(wR(0Hh3dpIN^tu%K8nHSxs z%AMw(bJ2KOPmz@N2fC6jK#w%6W8o70Vuc{BtbVT>ykN3iT#={=rY*6&gYE7z{Ij>w%V?U}kT!{^z?IW!F)dO4)vXJI_& zK{7!<`uG-vi#c{brO^lOjss>YxBRm%I6j+5FFOR)?K7CG>}MtO!LE>7m&Wd{4vj&cYp;sb2tNspl%`%PoJ^v3g+VnIDRv*e|ZQ z!TPmD(d+s*;nC8DA`NX77Ro$~Uvcq)|2?39kP0a_Q(@d+sBbq%)inx@)SM0Sdhq%Gcv zvtMjZl~v})8VQ(X9ZAlqPv@$NihOJ#{W<@40H$8`!(Og^x%kS@9EH+u{n{fYR!`cP zp_50(ejV$#U=tHg!ZF!lqcqvjwri>U$}i^Nb>DDVKE*OQyi9Y??9M$?rtIyAjc#@Q zVq}TJBYjM0Smd3Nw4h}iR~dK108u%k|I_X856(?H&Nlm5UXmY`in(({q0|`uH{mCI z_JQDf6vl`60Ti4uphSb^&fKacj=B4iy61P6nn#wPN=<9coLn1J>`?eHN|E7Eu>Vu# zn%uk7-l}B>3$4TSA@xa<0)=n|(37xL(rq`{8Fv`Cl|b)teDKS-Pq{V&-ezeZW>i-7 zd#WkIP$+l-oDC4D7}N2Z-ObPlRO(Zy$W=I4{4!d+oWQ%MapE*>!DKd=l~lJl$@qw= z;JM_dt64Rpx&Dw`n%Gr2rLd*kI z5uGL#VkIT(inFdiI4m-^`-GWUbzj@y!8u$!iKeZ4JDK$0#_xvCKC6s52kcggxu}*5vy2G~;s8nm0%eD!G zEJgk%2jV0dr~KY;NUqlnwQ|K^cF3q1NMc&p2828!@#Zd6!1 z^c9lL4vXL@Sklk>d5n=#0&*kS+(~T)*2vn|-F$S~EX-L`)fox>#~61e*b6n4$oBS= z-r2#mcHuRz(y#>0y6f7dqUJ3o1&@;6p0DBtY!wLu|Mf$g&Om~RZAc7vOz{8Vk= zmBX}RPEHp^hU}?OmP+gDJ4v}wt?`DM8Eo`&(1meimQ=OlkSaP`A1WwUq8L^xiI}qT z4Rs7WU0uRX^s1F!7Z0itbseJ2`E22pJ;=vn5vFYxTPVU|`8;QHeo`{5fW+leI`rgSMa>tug8a^U@Y+0#7xJ zT_i*)YBX_*fhtM8WuIlSCOKsZzdkDBU1JqBcv+GkGmfvbjM~evW$dP>#ZlJ5broLR zS{-3_Y2|z{Y7ApY$o~4}>cF4ErkKr9#u1{%z}6gg+mJI(IvmLzd>ig9z8^wZiDx@P z((D{XjW2$|LGeyDMGWJIZ>#5bVFb^ziw?>f+bv1cm}F~fZwqj52U^`@B=%?*g2KFP zl|@8WK>5y?#``5F;Way973v&4>2BGQX>##evz(byB6TZ@m@+Fv&+qQTvoAB^grY;< zAYu($=S%8KD-FSG_f4{)6Jyi?!Uu!O%&b6%wUz{pxSul=)-HyTeaNof zP0MAp{*fzMFvBfAG#IfMs;|dwwDS2@bWP!0x3)Svm+ZoCx7hVONZQG*mbHF|VDE1E zGtgC`rP1ml__vVMaz_F^asZm%aokX!;LyO*QXVbkIA`+A~NKQD{2KL&<$tIA!TbFX)-CdS6+5Wpf%W4Qk_b8$l+R$%rQ z1v9+A9W?)|4Jb!g*j!pUE72m~RHtd#2)~~*9NvbmdN@=SE8VbuyG6e^`PtIV7R7hx zDgB!pEmO{G!v&E5zZpA$f9z;$3x1k!&hq@B-yKDw9`_1I86`~HfvoSy7~GbY$wS9V zft!^b-svBO}W07V^q6of{_PS^8zz=UEW=}L*+!SmCn*i6!AixdHyb&<{!Ik zmGlS9E4yf3!&X&m?7P88LxlY{PXP7AX8EpD$*OVF^KucOiN~T!^MdgTtpod;*2Mub zsNvCW+Y#%_FTNJ{jnNBaivrHu#1Sv?x_ zaG?~t|2s*KGfc87Pq;%$!CL>g;=!T4^PVXgfwbiO`@Hg5s^czi>LB&!wX5>d#Rr?n ztpe7PyZT6a-tyJ6`+A%~{YR7RXVeFYRKpmkFH1(OySO)Gw}Rb%I)Y)}HJGyu3N(pL zL=g+ZCr#J8i>68cz4yS|d_FLlnYBd7{_fedx+XlwhpKn|%F56-%iEvapdVhjYPd)ssa1Dv08B z3owT&Mh$w{Hyn=s{a^I!v}qqGtfAG)+$bKY{_r13o=;3a&rTQwF`M2!_Mm z8z7nd+Uik-G}TZ%tnUl-gpu;{+PYd!gpxL|5>aYI*NNWuAp3AD@TOZ`1c`^{g|={; z>BLtTG!)~TNB3m)bkJ`ix6@OKcjqG2c@~_qvL3L8Hi`O)GeiuB#P=V+oR+;+WV?TCOd~3$psYm0R~8kyq>puTW)~;2^c7Ws7tn)U3*N}F=-sFKk>%oQThw2R_T? zUdS&VkApo!shj9#)plxYgOd8u@WrO~YSq)Yr6Jj$ona4N6<7>DP#>#Mgsz)Wt`5rV zZeC-pQ6Tcp$R6OX`)8w+=supIX7tuTIo2BNfFcGAjDLPu?yqt6dG=L3T|Ru$@fM5m z3%Ql!V;?@b^da@UHZN^I)^=4UhAbiunWp+{mg7yxZe-}r-I?}-_Y=(bTa`s~2y>}t zqa8j!=`(=HTk+)Ni7|4lKR9kDT9eq^W%agI}G2+xe%DCvyhE%V>0c zbVKZ0ft>sWnt;60Hz)%lx%_Xtt~op@PhzhOOY8R%>~~ynbUOU3!Ww=_MIxz=UKu%M zyX`nwwt+%l&L_C#y)3*YZ<{hV&v|V+mIb4neSTIy+YMtA z&APPRr7JOb5IPb+lfB1=&v0bkgYA4*cm>N85U8| zsv_rJw}d}wk6NITGFtp~sW>wvaK)DwlChHshSqkm3q6Bdo=Ilo?XUpG;`)P7)r1q7 z=zHbBdYHvb6{|1wivyLHTdNk48*LSNT_n(c=zSaWd|9`QI_Jg4*oHv-HCbDDDa~QW z>gT#wpV&|gMPnbPjU9T0YK$0i!sKRs;%*Xisl4e}HP^X(JItGb3_|A~ zhLX8>JvV-$T6H44M(u8s${QQ;djt|It4QvD<4WYo3Fnqq2j{k+ZqT$As``uEY31`P zsW7|P5|83eEkUrx-f8aSH@2Gk9Q5WLwUm0=*Rc>T7|T+=lD^X~v4<}gciWhO=J>x)_A+IB02=%&N(GT4b@dX?Vn7kjMU)aw6SUQD$`Eo}@i8s@q3LmYN=U|Ls?W_y(8=n$Brc_Pq=ly2g_{+f`nbUg+C4V zz_kW^1L9+$DmVd1h`S&8Ga?FfJ^{5dSCCJEqJ`kh9HWYwwjt`>xD$%UY~qoE7p3N- zpAQ%Na@;=}86PcF{1K9IQa?z2W$n-=+Yw%yyj#p?Q-z>qX76HhzxF$XD<|g^>MtV3kz9K07Tzv08ux(7`Xw#)ff^bwP z*o|i7NsMy^Dkd;lUoT;2f*lYiStGO@WK*^J)mA1RHw(YCS}9hkQTu7nWiD42_f|z) zgDr=jJvgNJfxA-bwe|i~r!S6&ZRTWi)Tu?9o z*tuo-;s0sZ3 zt@ogncMn2+z#R6aDQ;ee^1`pe33VQDa(1)j%-6(m<5VOP8GGIZ!K<{!7dLtpXOF{= z%VygiMGjI%{+=rOd(y`>{&~ zpIc3TZ*2z_p42vdD>hoU)T-B~9b39$=pWAAc9+XjrgULz488D;~CoNQ?_m70JDu;3p^DC@?D>B=Db6Cvzt+e327pAqXAoJ^P>r~O8@dX=v zx(^y8E_!y@1DB)Fh(G*9&hU^WSNf5d-J6xg<$M%N7 z2JrJ0<5sSIOtoh&iTKEYaQag7H9EF$)JEkXuKGw5GB!qg_>T^8X=wJTGb(cgmFHje zUY>CJnS&K7xngQamns@vTs?5R=7@5Jh4RHOq)P@n$HhjScX~tvOqz(&4+bOKo5Th4 zN0F*Xi0Z6pLgp+x^XuD@PEnU=)6I%I#<}VY=afzH5X@>zbfE5tXo=Of?>Ng#kUjt5 zfJm#SwTmucPUN8Ynv?Qyyc^#du0``|PX6J1FLS8kdmP5$Yy4nMZ^15GZ0-D(jF)TL0r9RX;ZW7pmqPV>>U z8p}Zhu-@n+qf?Yq{mjUcb7L2?hQyz!dfE_*fA4s-sL7oWRe?flyUp)f#ozOU_gnwL z3uwxwo85gVEZBcF+N3ht3En(Ky9ORPvVNn6>)y%~=x>>vvu!LWsFWz?q~MEcu|*Dt z$bKuE7Ic5*yiyzzw-Q?wN=W_5D&j?Z*xktXU%alxUW<&Ojv^Bu)nkoTCI)>{3;uXC zYzcqoaw?&e`Qk<`Z?5mcv^oE%%Y_N1KBuMEw5n>TXvxGi;}xvO2)&U=)ax-?t+Qw- zXYW|LH10=|!w((rv)0Jdx!SEO{Yk?gyQGlCY?dB?`y|Vh)|<{n?@9r;V&kwyLRx0x zh!E`vl_}{q-|Y_(Wf2`H!toF4UxqI2*L3({9?h3vOEW7}6BRNO`Wcet@%OO+B?|j@ z#Kol(x{g?d!>g>XmGfPUJ3YfzJ!ACZf690U33Q}piFHSmb@1cw+2|V>E}qhJGj(21 zZSYE1JN3doJsut3I9;dMWHecKXt+x4SR#{w_WH6jx-t{Q<+C96>>smuR=llrUeVfm z({Lgg=Z9CmR`cjo?|lEx_M0{2(=@^OC4~}3&Z{&X+R-P?Y|)QJM>ynK-# zTRsyZ9=nxLw-NlyN!u^%lk~=$5o2ZUfB6?7h)D^Drh$#Ll8rDTR2Xw7C*OEr$eao@ z``-2bfzy>}GZk&~>*J*>7IE|N*2lV=X*sjT_S|c7pw_Y=2>uhDb}SIij`s|OZ(Umd zEa#~Ymnik-J=uyc#B!;r45d?KRjYM1swlW97xhw>7z)x)b*Oe2rD(avcX3DxC4}EcnH9Rz^yO@g*rb zzj5zU+C={D%C;GrG;TH^t9ML@q;oxgdd)B7WSB{+e`H7O76Z{9-!&gDnz&-@n*+>~ zkph=?fwlX(hd;RX>LJ_v#w-Rg_;f-w_0J0Au&*iZZJ`b;5Y_9JABiDPfv!N0g2JZR zqP?E`G-mJ2-eBJA>Yqn7mS-#T0~(t zCw5y9O=~J!KLTUSO7^8l1tQ4Y4HCa1CKe};FB;c=h$NERc!S@uV({My8JW15Rqtdp zrbF&otnEgo+a?0W$#$P5+23qBv`3|RS{e^c9C!9DNM2^2H#p+gl_4AIvm6_T)e7!1 zC>u0|c)pi3#Oh=y`h|T<_w_`&69mpOkactQR(6cExt`voCKNZ-D+;XWY7b(Y88wWIC$a`qBC@5gwCUFuT32m~aqE6OT-5{|ED+!hF4k8`I5^lHE% zHHqzMfX)J{=NMc(`!?Tjn~$S0v?UU!JP!3e1vcqo^j{;0X}Xb)#G{*>^R*e->K$Z# zcTM~D?!)2RhRC(%@1&!5E88W>2fr-;Th0t_le0@9^h=nz041VY&$_7ZxpN-qJ0 z5Ng1JA}y3qq^pz=N+Mlq-X}V9)_K=^?s@N8=idC41#9h{-JboF-}m#0blP-%(``b_ zB^#|Qw+J#_cjHSX_(5rlGTB$_`#=#0%s`PQUn?yso7m|5$H%Xtmoi*OmFW@p1ho@) z`FBH{pmQZ)d+Mt^wP|~QPq#>yN43naJ|gjb&O>{60R0`W(zS)R_vHucVI^VjA!%rRvA%kY zYz9^07Tu0)7hZjQvMl$WfcC&>Gxpl%Fq``kjiYaBZ^~r%isz!;U6VTk4N|Yl@}9@^ z%Bo0t+eDsh%>>Sm`a}YZ%#h`DWgl61JA|6PbYs4grfkq8|KjN?cZ|T_9kqt!J|hLS zi)EoH@f3aW7t7b3b0F(0;*Q^ANso9*kd5=`+-s$ES?AIE{?%j~M^&z4=3*~tlXXYJ zif#`iMqwt)Qm6cnTHi7|LA`;DsKlB4axu58%HrL=Ar9NS`QG6n{y|?vzgbzN9wxPv z&0KiRDf^8mkP%mbPhO6QQqnxtp=UQj;V`P1%d0CThkC#EQ8(HCktpDbi|ec_Ll%{;&>T zC?jg(!rYBLgEaYm`RxnS*Jy07QwybQ@v*WcxhnDT8~UM_F^~CPLbxu%8@;{z9a49` zq$zvuF%W29gw%#u5yGnjB#!yz&tr50YYZRDAH{d7=N`xEs~M9Bj*TH&U}|n_!KAHG z;pzT_j#p{Ed$>qJ$nHR`qr#4UR4cTgNDklM=XmfQs;gev3&Y{<`hA4e>~~dzm4W?j z-(wST5+?CJEcLFd-UG+VHeUo@Nx+aqkDiZ*Lh`)3TRo_^Sxj+o87ot1$Kk7mlJ&lA z)1i$n?-8MKAy{yK4+K0+h-5YwKU#~t3G=+{tddFTcRe4TIWF}jrcN%)DYa5Et#uPi z@g9ZE5&X7g>+?EpgkpW2qR-0#kNr#ZLS@0~?JEOBis|p&0vC`?a_ZV}GnsAZLPpwp zY0hp6c$J6(X-H4HB#bkxs4ssXhu&n{x8;378+`+*^CI`k?f$rc<*u-g6kM|tZkbpP z=$@BR!>$UtvHV=WC?|8KtGhXPUDQ1m*KK1MF2Ck~Vc_ha#{1}%mzvA%1;1~+J@R96 z>{E}_zSfIIx+fU4>&XSsszq$wQ|{OW$q5WX$0w2XbBpOQFwE=Y?>uTJ_A5iSP9J}h zHW85fZC!p&089&t2ibq7C(k(pl3h2S#Kjj-c)_;`Hg)?mX8wFE(I`=e zVG-EYh-1A=Iv9J#Hs;bDcepi|i+uRdbrTGZmcQPzlW7{UWXmTBY4RlbVEbyE#1A>h zZ{yqs74O<$j-zeg*o10bP#-{hNei))l$s!M$?*bGybqSG=36*MeUuOHyE2D^fW$MF7me6#j@qk9Qr8;r+CrA-ER zWv+muGfVg}%S$+QsUp|0D5X9izF3;|A*q;TdQP{d6N>Vt$$z!|5Rz6TW+*TvdF3BX zH>vm?A-BckSZnn7rSb4T)f#<_D(!?%)amFGmF7i8cV{Gx!M#CRRDN<506$3WG z!;NHaoc-*Tj`+Ct1Q0r?et7tV$PKeMByMm1ZEzZO#;uL=c*&;zzFlo zVC}bT3S~4U^ZA{D9H+`d_EsQ8_4kU{Wc$a0hYtSL33d|K#PSWWIeED{Zbj<3x%qld z=1y7qZdNG{1Fec121TPn=f7=sLL5-xUraGprCe2#zMEOs%&Llql_i4v*Opi zDh1za567g1bho*jQ66yH3mU-_$*!15jpPz2t;_eGVlkq?b{uB!9b*FjUi{vn4+Ns&xW zP6l!q>JTL|kvR``_G@nr2g5V_Ec@i&_|SIlC!DRTg0^>hjLD+! z1!M|yujoC|w^uNJ-(0&jk3OZ6odD{ZB&4O|dU}j?4Gqsr^slVTFdZ?@j*hym=GY!B zzj1_su>JP#ed1I>z32TzFwUWkqPvOw~(rgsn>^4wR zVdLMvckPdx693oSnotYMW3YoQ`A*CDo8QFNAvj%LPx~57H{0~fl>TIEy7U*v?UojF zewX}v(M!hHY+Q_^<6GwqZaX{KYqtnyAdwwyiGmp@)J%ISKDse6U z4%CuahEn|`R^7>cM*@#{xn^zo+)*+}4oWUxlAq&yGcMpVoJHaM;&?JPs8PMrbEIW^ zTgUUSP73;Z<`Ge~zU0kY%{medrZBhl3eopZhuD5E)p}Ce6OuowHfLBacJOlGRGmo~ zHt0&Wa!1KQmM?1yp*cC5J*smC2n2+ftxO0B5y%!bg;aEcrY%>(W(|;+G+Chx#Q*C5-Uc=g9XL3qyI{&r zh!040!5z)~T>lvsVt)Oft2kwD4SfD8IQ?0F`oFdHAA9<@8~>~R_5UL`VQ%ODA#wiL z_P*UHkQ_Lkt2@E{x<%`Qvf%sgdw&Rj^78aRIXQ^TMN{`-|IrfR zc~d~*r@x}S{FLauMKg^TITr z^i=3SK5*t`_(u(L*r}`L=3)S_90!Kp)=uq7!o}ve7?6Yyk_(%~U*8S31YQ`B03HK* zO@Z+MX8z$}>OU4^z*-EDas5}NO}aONk44S=U5o_JbZ~Yau6bp0_3Cxm-lpPF*58Bv z*-ym$S^tfj23-IDtbiNrMCeU>(qa|g?e90_fj>i~nVweB8MBXL8Yo-f+unDjZEKsx zhWvTYd&XsB`A&ipQto>akqNgoIDsjLzb_GLlaLib%h;}H_ z%d7)9vnEG;NzuzBH46~4zd?DC_p|LfCA1I)2gxLBzO0SiI(iNskBLxb=JL>EA%>uO z4O&Rk0oZH+jN0lLD@p-)7AE;%^4aN|jFhJ5tG4&%vvvYuKp|Dz5tG4$2 z2s3&J>f4yKjy|V&aB#~Tl+3n!+;*qXBZ2ujIluS6#vzBD2HEXbzDDGnpOze!uq3ijiP%BK zoZQ^Onu3Q|OvW<3F~)5tm8vr{>c7nHt-iBzWYBp$B-e8kQx1qMHLLyBlYrP2J3r6I z1VS(&n6XUOk(hp(ko!PMJV3wd0%Xz@pl8NF%ycm)eDZhSv^rY7Ns1y;5~O~j#WMp& z*xDGCV`b<}_%tILJKuX~oJ)QCbCUp4Nz3lXZuIv43_FrRfb zbldKh;C14(a0MfLi=Jo*-_^ma(qw=$j|pvSElE~z9KyT$yk=$p`1T&hBt)?GI>%b$ z)RCfF+>dh{EO+!NTZKV8sHcGd(HSZN+#d1v%}=A5={7-V+lbakho4w`vt`a6TnQk2 z!9Q)M0sjxcuW z1FvVCT;ukiLzV902;ACD5MN)K5#dTza+(}~?5|{hc*e{~mNyFoePo(#z-6hOcds<0 zF%mZ$tmycLPzATR!nR1YwSqn+q|&PCFdoFvbV3cSN9=PcuR1Gu-5&gC2srRS1b62{JH*OXUHlVsJEgdO!AZbr|ttnD$p+1>=1@a zl$;;`#&_YP&FcZ*I9F)B$W>ZVnZT9cO?T zd@JCWI=1wP=8Xod##>Ap75^}cwRh$s)2xV?N|bid1Ou-ZSAlYhauB-tFv1%@RmfL|Q{&=#YYYcVLt=S}EX?+xG zq&8uX!)>P9H?&J@ml%`tpqVZ%tsR*1`T$1TQK_Mb^f@qcbOmsr{lbFWc&Eluuy`j4{-e2w= zVtsl{DgodH!(I2nkFSNJw%2^-kX0?<_`vo-th@oUGVeN;e|zG?^xL%k^7Q&SSt?kl z81b8UCN@)o{2-SNy&5VCLJYrjPn2C6SLlobn!r{j*(_+j=D`S%V#r^A%~CTxTa2)N zp-DWCBTVrW^Q#2TKv#=LtGl=7G0*koK92^`LyXHj`H!%$$5`%QR&mOK;oyBsK17b# z24FDoOv_oWZdlcH6=kExZr8P^p0^-@M5+FnYmI`uN^UMgdvFsXjRF#l+e=Ssx)cF| zr==B)#s{t~gxhJ+Kixi{cBMjFunTl=dR7CfIB>GFl|^ z(;_U^Cli`q_o|@24pP5|@`s zGN}+##izvy>&1Hw!DsGC69dls^y&cBAMYe^o3w(ovV&}j@Z!&S_Te}K^6gI`>MBz; z!Y4nzQhj?OXSuX4C0bwkt9NF|x`IggxihiJ(ZWogDR`YGAL`}l>ghIT23z%$&b(o( zKutztV|oq^IcJ~}2I174SO}5t-Ex=_JQTD*tb$#BcmJ6_%U1LQL8Ujj6*vP|M-il7 z4(b6XzawyP#Q;41ku&7ztFBb4Q|~Ghbwwtrq-vyLdjvq{`+%Fo!fQ?*e4XF?r|$Zy z{jETTBRpES9>p#Y+_n8QRmn?Ua}KPCq#PP;!*N#lds^G}Et(QfT}uH|S^{H(i9gA zL$pS3ESITw@bf6^zJ+hiiy(*aXVoLHW4%h3h93@$2axe6hDbA=IM(u*7-L`YW+QFE zTcKD`!P63Iu2RTdrRYMShi;|%d!XlhnQ$wpe!q^nmAc~R;>%BudnRz=>X>xnLdNRc z`7`5ljf}NAMVGFwUhW-(eify>owFTjaxSSavZGdQG_R~IYxmpi6&57-2(4kCNtItC-b2&*fzlNwA=|`BPO&DSS$3z)>$cZM~ z?Jqo_SG)Z!n`;UXd8^rV5)|5g8t`-{^JYp?S7lPi_MaKn#fJ>#q?=f#tYN>v1h|g2CY3Std1=>9Yh~ z+Vb{P6$`*G^SYy|mrsYj-x^XZ&JL*1r4zTXy|0vmcs%@F9+;{4Du-xjYBtO}qlQAa zKyT<;PgwZgj?+@kr*eC&vFFa@@Lx46vkR#(#fWCE*_FPB*^1 zy(dgx97T_(Tt9L3$jpjnej28zhWzG4V4)^Y`elv$16|{RM54OrduQ2eH46>RG{E>c zy|J_Ys+?jM1W;Lol4}h%vjfFUq-N~1{00%szy+uGh;REiSdA-?tH|iqVI+_GA#8zxdsqAp?V(b9!JN7+CCx z{X+ZXPF;VdlgJRK zDcJZuOqKCxj^4b^v@Quvzm?mdJCfto7%CssuMcg^b*ei6`tn(mG}o=qUDsdPeV3G! zjO)dl9?|fhL8FKm6e6nb#RD}dHTDAp@u_hC56{a6e3JkoN9OwmPPvquVoKb6vyLLG z)B@~rfUo$2&~+6c;m(-&)M?>B@l2i z1g^Ylo&qqG-=6-_Yov|g*p)JGHXwrlzSA8o8tme^Guh*eH`m=d^>ZR5Q?1W=?)<07T$U@l@m2E%c=*XWDBc937m7f<#=u z?I!1E$}jsgZ1h_*QJ0oAyO3Rgr>BgB)N1E=31C9sQZ5CSh6J_sA*pWyVBmIVRbY(O zN9Y89==Vd@Yu_`WjX@9hmo)$twA5bFnLHk7>-JJt+oqQKuthgktkpq^8pppdRF%jD z|E{q%<}66|RP^j=8XKoCSwpljJ|$7 z+*0!SYwZ3}zl)oIHRO<+I8~4xNm!pb%CXwsdxbOI$$=V^>l8`{M!LTGX5jWi4(;PF zf2^x3491k!FgRoS#9g+S)bW z)Ft0eHFp8NbpUNo3VfN}y*`jd^nVF7pxO$Rk4SSke(E1GRw>j&E38J!Wdtl#G7_>r zIt6Zqv+9W?-jXVdxpxI=!?^GijR+ksOVo{y**+)hh`#&`ObV0DKOOF@e9~Imz % ze}?3dvx*8k+5k+{v6r*b&NV2@o&qs-W9CY1pd`Fy>w1siY1Z`ImXuowP(-OkuLm%m?1mL;`XsiADM95hldg zSfz?U%tiYij0aML;Ue<84lR2W)^!J~Z)m81R-aM4Wd+%%vEu;Zs7)XC0&Rz)kB#zW zSD|)|Y>cJ3Mxe|cmi~ltCCq;|#$4_K5?CGX9#_u=tYh`)hFUEV$*dDo$m370&+sm|CaJCH+lk=RMY@KLIH zg6X}k&QfI+y|3VryB>h&b=G$@FDEA@^O7JfPo#$1I^85B02;LmT5#Nbw(GCsJCWt4c&32CSb6&}=q@BpWpL*%+}X`|esj|+EZLU+Ot8&)KJT zNj@< zc@)oR%BtNbK>Iek6!SX@kbUmN*mvU@`6&}Kd#zE}AbwVAyTwA65lOj`NZ{Xu1L!*F zacQ^%AiQg~Un88wSWbt^&-1LL{t^ebCDN9=cr4=vT+IOWql(yeIhzWuw`=(`ikOUyt<^P@Jv1J_KPm_eV*5I#oyMGrzvOVK+PLgA z%;9ah?fjwx1@2|=y72c%y!9(YpPt$0nSRASf2?P-wmBmxCAS})USUN^?62d+^7-UI zHA$t7>{i^U47Z(-E}u;`Tr-(|9rwi2a!{DNxl+x|F{FRG!#c^AgUEZ)K7X8|>|8~V z8?vL)!%4`pg*f|8}yV%_kX!9vx2hX-LC89KQt-cH752nrNn$FGl-^S5DxFO*g zBW^vM_f@J{g>F+#6?jT|USCwbV+Jf#5*~5;^%Wno3ccE(Xv)fmOO_c`59>wb@SKhW zi&sKxE8$s1z-jpMNpS|6~6BpC_dMXXm5AZvXwpf6o8^+a-$s^0zbp@h`UC z6yHfvXajTJ6>L%80UV>fr?BzWG+Y+BH_GPgsBD)QOUoNui-|s2CZQATU&AIh=er>+ zJ?nT_Q(n4p{;k>G@c%IO`|=UqW9%9?eeJ)AG3&a+awxQUKy?Jv zO2bMmo=zbG`3s<*oMO)}{Qz)FLu{9U>PvWxo4}ONgMEy^#H&O_MV$@^-G;3yj%636 zO}L9Eao9i_H>G4{v0MB+w242C9UF9KIUEhtL#506ei}HNm@x%Qw=6xCw=9Qa`wgA( zj+ZarxBT#gz(HDJ#d83j%;!oIZE{b~SLMUQF#E30#{u8=Q5#6`tSXKD=w%7f6t7OD zeV)~o6DbdG%3kfE#<_*yu)`7Q{+bbx83;q@i?EzJj*GQAZ-!zk9zjN8KTOLW6k43A zxnpvE^$r^KtZB{i;9=(j;CvVS0R&IsLh<_v#mi0HVdrtNv?o`1m<$s6xjxPD;R6}& zL0JoT6#nFWy_Su<6J!x6 z9916RN{~311UsOy+HFwKue+|(JWGpGPBZ#!ux=VLXi)e1o@~~p3x6-+jjLeqT6OhN z0qJa@eBwfavZFg%!)$8K1qMHQ9ak6L?lor$nYx8h?a$XBUN-U%*G`#?Q)I=J$W`pfUgaFK$)~=HLGV_zauq62m8N c>;S>tPKdcF-Ae`+OaHunr^@9MYf_wVobIgaNK$2hKWT-W=3Ug!CGz0T$B`GUan1%YEp z*R3su4;(r0*I$1LU%q61L{{6fwuX=@!q#siOq?G^qOGkcc#|MLn`1jX;uH-k6$P=Xhe98Mr-Jh5O=l%VEUpXSDMV0?^ zhyPsh3H-mh0r3BPhyS-50RI!4_YwPchOu$ku;@HUAJ9Y4#b`=k{cB76?4M z`!-Skp#MGzhjTmgJ6!bfo#n~x61896cXueYa;b;)fRPwGKZUqYCJRx7e{XP*Y3RG` zH()geS-~aci%pSn*-Br!$Oo3aAsi>xZyVsv%6P<~(c8JXwgH`8Y`GQL4S32#z zJ{{;*ubhkT-V@~ZWbJLY2N0yd`&_+~vqP?%{|8F)*?Gvs<&Y7a#bfN-f)?6ffa6wqkL(diCbvI=XozvZo`kzq3s(c#3OMP;9Co1v3=0 z&NY&B1GYBkt+KE<{mB@ex{Vg{$LUd!Y#4l{MG71TAU zXbOQrTXp8C!ron@5~lio5v;B*S5kj}M4XNFn1bnPPZt(T-K7zK^_QHf5z>Q29|p(YoA;X}d-k*yJ>~b!$3# zOJeinx|Kh=nR7gqdO(^vzE@mR{Is|&zg!%*t{aw6;GHX^p9WUw`5mE=Gsy8tt-&Ll zSBsPn*LJqA83H)t1s_aMS6?rj(WedH>I($O=2i_K#IC9{0%qqVZxhTvaWROkCHK`S zGt#JRcp^OH?$*Q_sV5LB+>Bt{rn24imxVkyRDqO_^8D~{1z{B%RM-BT45rU@@TB1% zO6iNqD=Ao}9S8!Z>K_Kqw5JzCucBY!v=L$(W^$=iercwwP*R5Dxss6$`@?0x)J@E0 z%XHK+=)oCPlERvwnB9XL-yZEGWTnQPUlU1`97|1@ZcD2^jLqn+zT3Iaf$(ru>BQ4X z7fJHB+Jl_=x^bGgXVFTv%k?-??_BEFmIK{q%3ppxK2>U^# zXFG{L6|dP+7srjIa|+nkTgNY&`umhle_`DgXh`b?$cyssn^v_=01nGn5!3brx0;(0 z^ACte>-h}dpTECWdx2Q$Sbn@1iZ}J2#DOJPR}Fgk-cATz!f;%erqo4AIPLTPF82XUhSFgLN8 zemXi)cuyA~xRp=JJe}C|N;&bX=an~oOsB!tgr7-gm6i`~R9Gkqr@4LaVA1QF-d?ewXKC#>v=NC?PgRy!&Mrr**v-qS%CM_=%$JJ#*Hlq72rJivZUlYC~r)ZN*g1B54V)8EoplMu3cmm&e}nM;SU3+D_XwIM~x z?cQmjs_C=^RN1@j+-g8d>Z*|x3ga8mDYJRCi>8(wC9rPE^X5K5MqHbCj7h_YFoB#1 znByfm_6t@skido>dhn#Y`y>ug!l+jzsN$ng|Au?{TT`9o7~W1k*%c&2tK!_T0fnDxQH1vDM4Prr27Bmx+zpq;C-eDk5dyj_JV?wU&7lMQm{ zhRC4UeW-VZ!x{)ZGw8v!$ARi|I(W&oPC;)VveZVzfsA`(=2fH{@}*j#>#YCqKuAL+y|?y1mIe>p68axrrdhaAU@3C zyXl1bqJvf5U)^Noa zM1CzKd=3Ylf<6~fNv)IEPpmA}b^)9R{4(8+*S^ftzp!;bGRV&~WM$jlf3}C^u@BH# zcS+`Ec5ZOSYcz{pDoZdop=?dJkF@6RwP{nwi!^R}p0f_BI$paciEC}j!e(ojiA5Y2}lgMnFIGO?X< zpdyWTE*mSw6iIG~40M;T;(ur1?KCy!O|>wKAtfNMz*(sgi`Fr zo03xdfok#9EO{ZURau(*qA8*E?&N{3_w9uEzGQBH1uOm~zcfsA&COM|%72vn9}DhJ z;H8B5;XK3bDGvMdf+ZdXVQjQHQ=B^b(qDFKvoB0${vhulb<7G6TAJfNf5 zjJ&Ymcjx?Zh+ztJBn7S6pSIUjxO^`T)c3EcgLuddkP79ss7rB@46E?EmjdICBQE8B z7quTaA))pIvCeVeiuIlFGWs2XI_!!0N$5=}X3@3_|5B%5O#RjEcr$0vFi4qB`d}s+ zw@+O!G1oZ4t8@L+3D>Czp$tn=UJRIoJ0Zi3RVg8NM|*~>u2&!2u!w8BfK#lyV3Jb~ zJYoazf^lcanR3{~!``%u$e@$>gA-&8)7_Bl7KkQY(PE0=IDU8kr06J*ik^xrmK^%j zf8%ORn8A^KGw#w%5zBzUASj=YoN6yW$4PclXr7T4hZV!vuOELzkd4&na>Z6p*~ttX zr&M!oJ>5ZdmES5cS!LB^q-WS}bknv)7clOMl)~SU9$kR%5ltBFbXGvlH5MV>nrzN} zLMONlFKZrv*Wz(Re}u-Ot{L>u`o3eZ7S7-5Mfr%2r&v!X!!4l4@nj9080%N!&OlmK z+-zyd0hj6r!W;jk}+scaK9CbHjyx-^w%D>=}ay#!`PxUKy!&Oi=6|@~e`w zl~38^3L*SXL+C%0Gz}I$p9MT3%15&Pm>vm3E;(^;bgnN8Z9gs;jvFj;@Mb@Gc;bj> zPjp_zR8$u!Fx2uoC~3fMF{D@TM#SlJ0{1~;GRMQRKVTDGP^2jJ%~|}!d|;@`GkqSU z%T+eCAcU`*xuld?QW~?Qs6D8n$IkKK3P$B4FnhKc8wb8^i>(Ld;{aS6G^HN>JrJQ+ z;VTLWc{r(eM`!gHH>fQcPEi+t8@rS`tz{IZ?ZZmaVoQyjC6{%|Mv%?Hf>|kS0o{6~2gNZ@>Fc22!DtHks9?g`iy&9c_mi zHR{W~+Yy_JA{AN1yscSZHw6dHmL! z&6aqWIctvem4fbuNU-gv=E=VMwsnSKB34;i!aUOFuZ^Jf;D*jA>YqwIg^b4{KqCa?WM(y!nebTnZ3l z8L=m-@4t6<#PA3dr6k2=Ed&LFR4?7(TJ;)MzP^RfVuvQvB z+nJTvovrUZcFrf~w?^-MI`<`?URkqN54Fu8SMI6chhx9hZ1Kp+v9|=`aFb|)oakiN zhOW^gY2ofc{F-Q@D@Vk8xg^e1XH#oceq3PY{C^?Gz5#$mHQw&0FYg-c9;w*jvO0zZ zO>dsVHYzC8eV@AgbcE5dm^ouLlA_Dcy=E+OkB{G8i4Icys!~_=j!W{MXgDQGi7jC~ zfa_$Jd(C}UbB7-6DlY>mFDfs1G?)@s69wLI7&RHaS?#dXDNuf>?`xzUTv4-+K*JLR zxrrbmAoCIb_0$+pI?L9us}v5cm;;eZj6|;7GpGgKQc;`K^P32`SJ?HbPV*PTo|m~M zy+2Glg#_s3y#S-3ENcFr4D;%@=HrudI*Iue=O=h7ByeCqPY&hnXDvqnQeO^-y*p*m zDZt@Vp>$fOmmUZZV+6J(3MvdfuH2ct54b~9Fo0&8uwsexl%i?)@!N*)X6IM02ymAy zss3TC*OIJ>np48Fc1N-sB4`9!1&ALW_dwYlowO;Z{J!MRR&4~?)9&U^XJiDnGupH2 zc~Da1xw-FQ=_u!2J)vb(p{z|UVHdMRz$#OtBXgcMTA`9%eq-CWwMTvB77j?Sua{yx z(~|F+r6}C|z7Tl!=hX|7OKq)xYeu}E%#5YQ8LOZUOtvR2e<4TgR}dv!gFGwAsW^_V zODJ14nOjhMM!WqVu#p+r&q|Uh_$H*TwNEH&=+p43E1JL@?4A{)=!`t$c3ji~0YR-2RPjn~B2+nfa$>8fton9O{H zmITiRkk#+gqj0IGrV2w{22Mgvi@#NxD973wQzGOq^K)Zj)C2&or4~`ft2;;5zSuFn zhtupRVy(ru(x^LDu}l9g!akvskh;%I8TKKAvbTt}FOQ&{7W^6Hmd_l?bR zxS40__sszph@cH28XN;2)(V$)V>Xh?yw<+>Z^(JSxDN6CYhdkFzWO=Te>sO|o&{#G zgJqH947d{tsGp@6kg>sVchFF9;RKvEH^JH7^j;QYbRH-^KZTB-?*6I6+E;sbvVx-^ z?BVt0hgzR&ZFqcBq9|we_krt)VjL4-3r7y-ULBc#+VX@3)fZlCUKrtP(bOv1m>?{(S{!HK(P&aUzyaXQgFIg*_~K zbb0$a_*%_a*-ma?OS{D7hvS1>YJI-@Pjar)Ry#x4I0d%$YF@|E`)}^tKPnT@qFS93 zUg=SyRhgV4Jieh$8TEh;>Qi<#B9}NnFJRpiXfE`+-3(W|$zsG6BB(pabz?Wc+*bO) zoRWPAZ2!H-eS$peKHd6sboD-Dyw0S(XvCBAOJ7Z^t-2BQ8Wy+JuBa$rJe+&=!0#Kx znz;>a>X*#B+wp2LDO=Jo12I6a>yyT!rU31+B3g=7eBtN=`zh}V=0D+6P&#(Vi-5|N z|1w-$!TdayK%K}rl-5HfWJ9yFlR&GWdEUGIUQfeaf31W#SsJAj13#MB{ZlF&YO3pL zGlE0F^->5&Pi<&zya)A1gr02o=Cv$Re@&51cj-2Vqp{82S4IFO$59tINuvuRO&f+( zJmy>PcC}fFXkU@{kf{_iFo3t&(FE=)*Kw+iLxaiHfL%`T!Ck65uWxoJ(x-rSA zt_%N)F^50^IF$T1*ozi2@S82+_9nM`q7;h9wM=llMmOJbgGoPXE|V50+uW?0=?ZQN ziyZTu_1BG3#adB+`R+3@mGGza@K$QauRDvE8DyPO{R$u)`Ri))6yh`vJ z_&S_&S4V|yXK&nOgjQetzw z)}-sTj!N+IW zuVsIIdEEa+%0APe^}4x*Q-#=IfJYZMMWvZy1BVq&Z;c0YRXZ7nP{n`u9Aqpt=iGt% zow9{?7GouuvtB$v2nTh6%{%ShOll6g;3jYE5F*t=@i zedMh1K+tVG>*kUZN4#@InPQluHQ|Bx+xn!v*~Z>O{U(hr8(i%@Ju4NZ(zEX(BUdL?Myg5-U_})Ehxprt89O>g+0*X;2*aYVH}Z zgk`96<(c;~NBkD`e~9dnQEgc8m+N_>tFGbt{oCNM;sXDRMAyJD&4H{u>nJ2uwnguY z7`tnxWK_>EH#Yy_2?F4kn!2Ce`5*lwJJQOUa8Lua0baiP;*5(yXbFlv(LtQCeA*8b zgkQkV@7u=Tl49lL5e)a0*Qa^Y6yZ_VB9|+N8|S*Sb;Lf-7EFBdc@2fi@VbG+ZWRo1 z2LE`Zp()=&w`}^Pr7Fq*CB^vVu=699ZTH>d3u5CYV2eq+-(shUbV(OYlaB@u+nRLe z7C}Lj7J>k`@h#kb$_6nPDaZ_L4=aGAXXRjdmm_IgDY0{L?6rAss8?Roj~WrVt3&;3 zk}JpY+UGLGpY*gIlkfRcb-Yz%@2P(MplkQn-5+Yr!gPLX$NXNZ319YU3aS5gZSZJ3>*wksqa@b7=enDBB4h zhkadXNi5Apyohi2o0&DfU(EWD=! ziI^bw)+aLVqhCEoaXyR*JAKBw36cN$xCy*JyQWG*B^A!E((USM0xS%Dc^~qSws7iC z`_?xxg|piyV_+p9=rKwxm-p&<hK)nOdwy9FK^lR~t$lkk+8*hC$eMq# zpWb6D+eB_janXPb&Ue14kthqr}<;6o_?i@iv0mteJgH~D5KWhs*!09rSW~ zQ)-k7uK35nQ)P5MUR0R78Djdhz=U$4$S)7qye$C{o|K6^JDji~=Vlseqj&U2_(}8B z>K2}Vdv^TCzon19JqugQuCbu3^Vn^q5w9!`udDAXLZjWw9xgIjd%GW$J_~7;SVC&kp}82kKsqqXv|6D zCmA+LKc$pHL+jmaO7!IcSH9JZ|BwaYyzm*xc3n^=s?zdrH$!q@Sm#PZs%XK!XzbMk zoE*o}%Og!WJ~jdz#+ypZktX3mO~NE#0CQ2N>O6#A;`=$Bnl9Ve7%!-E%u96GZ%AfO zw)cD**!d8X-!ZP32cMWvPMq@&@&egX)rXdJP>^(KrZNzR@Rh;(?Av0Uc@mGLh|&sA z&?8Fx*u<1-#qRy;YTXlUR%>lfb6+9WP^oGvsbeOCcE+Eo@-zN~`CFshfs`02f^n{^ zsJ}J*tbfN6NgbQEehFDL`B2+$`#GgfeDPXObZ_R#Sz~EdD&tW=#UHgi$V<&d&YBPQ z{3-<|Zp?bqCft;Qo(t@xq8$M21%B@60??@&tJtT#M-^#(FS&Kw6 zDSAbGz-#IHC8Cmf8yJ47<^;5Y!SBk$z+x~N`FkW2P8}u~-nyNN7H7;hBd)Y(<(nfZ zX$*3~Uej2S#~j3%b26vTFvuq6EF8uJCj1ztm1lS2-0jDaC|3ixC5lSKJ(Dla=55r^g>|H0j37?7o z_Olq=*;dq=4)4E!wXdo!D~&cZ?Gj){|0$cKS!*1AZ(;z3L}A>{6Pv~?ivfa~qnA)P zl{h+3!EAnMAi+!*l{3JefT-LN`}(GmAo8|)kq{Ie=9yJENSEiPf z*(|3^mjt4(Ck)9y+3HZlL^x0R{e28XPfIl1au&HH2MJdbsxbml`zx5gKd>Kj+zEts zhQ`v1NTI{O%PgdsJydHN5E`yHf^1$3u}J`df%k18iQ6+C`_mRcPPJ~nv(p2X3t6_G@J-VMh+ms%P;BehXpR{aiF(uf-6Z3g7oj2OgSI_VBt2+VZ`wiS5QXmyM!S}B8`lZH$ zvz?RuFu|*zwAtJJ74uQkOXavu-r{0zQ&!5`OY1D&ZV8%KRF9i7U!yc$@8WTd}m}~)=9Yt z%d9dx@2qE)_$cx@?EaliH|P~&LDq~?oLF;=K5`XMD)FY(D%qg?uX!!AwRU{!yWCu974G~u$I^J!6}QyaWr_QOL@nnUZLLSL#F_kX%x22I*qe!_{Vu=} zLeB(LFA%=MnaRmPJBy469Yr-~MKZDOK*tutNEzbxJng6jaqWIhScQ#pOGw20k52_( z4a#;Ot2~SUiR0`_>lS(eoV<2mZLYhsDq7p|JvJY#3ldY2W`biUep5`E-zjizq)xPN z$V)vyC<)z;Jbqh$&W9Cay{;$0_cS}JBzZl|=RT(01lR}GIoKbzU5z;%D>=-1ii z$XJ;BwmLSVBvxhKmI}CRpVFLZ$;gv-iiT{?|9pgX{@4sxZf#TmM7rafk~zVhE7MLK zqvkD=hsuv+c$M`N)LCN}k#>Q;Hvs`vBJrzQ6Z>t44SlC6A!v!sj7T9 z_o*2zG+gAwqOKJHaGypr(Ul7tJ@Zo&bl~z2eBJaT1N7hoZ{JZku+aOK+`-13o$OO6 z3&{M#6GmrCFb=WTJ_OO!RXTfq**JbJpx+c8*(QAp1htTno4d2P!v`$}Rq1w(SaG{X zq$72!A1GffMyR?&^xL|#q=jyP6%OO8PtkRIpMSUpq`vPTSF%qq44J!^$o|vl<{YxA zkT15Jc!{wr{3z0|p3D*FEQ__|n3fVIH4lfMku#1~8xF)yl+@f?PwJn<>XUJA5X^E6 zTHF0XW|n=4^Go@k?Rq>(-(!&%VPq_|s8sl69LZXy_ZF!%W<@KCc&{7HbgftsXo4>a zaKI5Mkei&|1EQlz^?MaqKyawme<98_O{&KU5kk@2U)UE_-u z$0yFHw2oaHXv(<`icmv(^TXAtla6-Umo^GR%M`5Eps%!bmIi{$+;pfLcH1v8AmEi7 z5|7X&PawCojF0Vnw{xd#6f_z{HZ74@D|RIYE3Nv@fj0zNsV8R+b6Ny8>k=d8YW(Sh8DH zRug0D*bkJSP~?s^a_Brd+h=ED+yp()qU~`alRRD7z7bL;*RH{ z1zQW{30J{jxMB*NwNThn!r0X9{~0qo8QqKpU!{G+z_tS5h;1zpbq)O`rN!XeBkZX; zSagN5;Bbk{Va}j4aUPQ5;7n8`q;TYvsY%{dG~6SMqF!JzttLWG!OjUZXP z8Vw+5+31ZjTqv%W-H(;xWvEh_8csKEzoC)a`V{i6-ca~G+)a!!h+)l!k<2`XymoIX zT9%3^Mh4wtCEBVtaV)>^1CYB>tXfj3=cBFCL@faTeD5-=vmvDsDs=ns#4vE4Re@YP zvuj5MJ0Ax@KCoxydwVB9V!SL)&H+0e!2Q>GJL8s60sL0`d%BD0HKCp9h7}T2K~aL2 zKfIWQ1%U6jzI>P3YSy0&zjb){iK(qUF{IvQ+#u2;;I5l_Jz*2L5Lwfh#Qua`8$1(s z2H7PIn8tPBujiJfc`wh;M26mNI9Ta1IJf1QH3x-6BJ4ojD#&Ju^dVXT_eKbi1dsE- zLR5-bl42S*Jf)k4Q*Np|mn#TzI_7pV>eIG9-y$|$AuAYv6K6`(MDi`3uJ*6y3R_7t zmw7ErXyEbg+}{Bl2CbZa2S5`NC}`FH=8h8LviY5ma8n4K}pwz%yk zi@0)+wuC>k4}S(ypguoU07Zmna=vl?rp47y9~(Pf&rk%~-~`gF4lz?`Y5t zWn-yP5L7oc`5#9SJ#lhLimfcTd8P|LI#^T_6^$DEPU9&sj?=6suI z)pp*H^1*L^ka^B+B2(x)24-AbhQ`co&^ro50Rz7oZ`8!_-S7||4Ub+iT0Oq;#Qb1* z>x5Q<+{?V+n)!|Drs0n;VMQ7I+y3S)MN^~G#7UUr;nR1`BiXZA70T?*^{=H@g3caz zV@)jjnRiFz6?9u7vQv+uZZc>g7j;r|%5K1PGk!-mPRwGeATGM3*m4BFX;s<%i?Gvu z5U}o1H?IpgZ0hZBgJ?AcF%3ozz5P?r_&R%oPgKGGO>9hiQ|Q$1c9=^wFMhWksKTn$sBXq;RUvBX<4RjN@Ss z%Z@Kv4#HVS(VM&r;sqbTwPH3NIsv2?Hq>k1{nYVea5Gj%`*7p?QLBo&cGCNpFy;e+uI)ck=1)hzMC5cd6@wEm`d-GB zcz_j+zbn15C-#pJb!xascxFPitjM^FTUXZI7)Q65J8rss^OB+j&dZ@hV19JZdT69u zCEvn_xUH4n@%+{DFB#*Lr_Tb<(zaS3R8VSF6s?F7^WIuZQ($KNo(&O2qrqhRVyk-T zeFzy|TTIbt^wG;^1bn$h(TLtc_P5g!7O_2ff~pGo*8mS!uNgwC)=KE*Ip>z|*Dbte zlRDfGO(6uZ^p{#H@cjv-jx-iLfNB#&-P`2$hI zAVaNfKfMh6`k@oOEXuSdN({j!(E+cEPOQpz3%|U) z+LD$@=`e*3zb0=RW8H+z5`;P!qy74KrqD@Bwc_!(%o6C!2oEDU*QXy3F%Mlm;8WAI zPK~L_&75gFrA)UH*z~=~t8a|ij8}4=fPu4(+f(!ld&fj+b4Gv7Hg7RG%f2hB6<#ds znsarJ6?0D*U0rKcc-*|TONlBvs7yUZp3v%sL{8mPcW%(il-M}Vt5m5=Fo#`&(4v;= zL1@7cHzInw2OMNZlyGPU2hmAY(D&bu#BZs9jFkhT_O~KOo#6YWev(ZU z=dKdx$m#J&<=|G>hIZN>pu;K8bE04aiRS(rD?^rI)`+>9T@w207N zDsHKj{6=sQ=zPY98Vls9&|Fn2WP=jd3(%kW>ngfzj4WQx{c*l~tSX?BF=|)(+(Gy7 zzInN5a9thqUih{50ULFc1rZ;$AlSaXoTsJI@d#i1*7~gcDQW}Csz`dh3~Y{Yi9@6~ zaeBlUQ+=1=$rU`2PO$D$)KRU0y-ChIP^IGV#TPjEyQ`mdRpyy=X-P98RW%6RJt1u# zd_M??zHdrI`*q#DQdnRflN<~=rZVG!ckcOBAlh%01SiK~R8pgYfWml8+sVhA`3G(? z38IP!E=?bD{W7Pe}%hmmgMlA}QViuL9FLv*HY55Z|Q06mJV<4w`|P}7W_!&Y>bH>LM;O4C_Mt)jAznzj}$(dgL&NK{Z3)d9Ih|HnBsL@ zI+HnW`Ci`)R_dJ0j~so_oQ@Hnf2zJ#(BOSsPlY<_*Yh>hT#KyGmx8g}TOc}U1?sM@ zU~(8a{uj-oZOi6)j?nwP1Jw~kqe^HNo{#%k!MH`Oh8?4>smyw0ZKvUH0NilRF++;? zp=|e-#6^hFG5?E!|C-JJQ9y#Gq1g8C6@+kS1^RZMFBE|`MSS&aVZ1pk$aKR-$G0iK zHHdH;mQ*$Nz%L9kC#gRv-Gk%I(#tLNRGRG635!_ct4>wm&WblJ!)`IstnOVKZI@|D zwW*0|Hlx2jk+(|$IQ9*q6V-sk<(Ro%LH~U#FQzBGuEQR@xzBzCX3Dl_wNvWK5_hyi zTpa6|*Q=B>9{wG9G5L=v^Hf{F!tIZhXCblG^Ywj=cJfagrwW?uc$+SJUP$A2$5%TX z+by5s0JQ={Y{=WA>HRJmrC#p`QLiRnsNc#)%jkZ50i0c(SXG(J8jFB-Q?^j9D$ceS zuxs#MEXg_pF?M0@j^8 zSY4G2_n-Aq>=nB@iaGKfQ!4x!^tuwV#@<6RGfW@#;SwdX8v_U*nS&Jzv@#}JJ#dZPi;M-9o zulD)nTz?W=P2xyegJ37HzqG#@Jn~Y4r3#z|ecTIvauHEku@NB2sHKAT)=k@56Pqj( zx>dsil?UE@inZcCR%y(L1ZCT9UdJX|t%W>k*}DG_Ej?Zvk>hhwq@m&w*hA*L=pQ6| zIq8Q+SC)P|fsPcPXK7<`OoAHfIl)l4GYbTIFx%@Z>OcBI)_pal8O(Qm$jpBR@PWMd zzb(w8$NhsZ%`$WN6=VEiW@n_9WA_WIZS&CFt&XuN+Z0tT%I{6ohsX^1vbx@HjOLlJ z4VCGx2RBTfeOyd|88EyIlvF5?(_t*F7#Tc72<3B(A5mT8eC$EH_F^x)( zo?dXF#Z^czKTxK$*bpX;WCE~}j9E|nXTN5-pVPn)VepAJr zqhBPkUUtM5`m`*okoK`rfj6aEdWxz{uQ;pzn8TOQ(`n&4s!|!g{HyqGs<%7*j6dq* z>36YbH`B4o%yEZ`v-klDcsDT2kZ|`l7ua~;p5`;&I8vHX1~T>opa+>BvS#L)V~~jD zkJ_PhdhzM3qr66zUo$`WsrJ)I8`$4T=w|Sk*y7uKMEcht-OwN?_*DN$tP@8EHL19L zT17)P-M&nTQt}E03xan3+){r~XB@Nj#g^nD`o%h-Ru26Jqt%JGpIW-PigHubR~qmh z<+K`;pxzXIbQd7N={dx7*nq1_F#HMGyc)_Y!w|2kk{2eIfWOUNFYAdd{?wn`y3gA7 zgTHt;v06Nu-Sne!>1!;@z~IJi=yoJBJXDG&H6aXN9vUw`)fco06W^xQ9`gsQYtFgb z_BQ2c^M*@Z+|h4JXuNt?@vl03C5Bhj18C3K%8>iOkOmoLaHUL)+3gpSTd)4vr)8=F% z5Di3zoDoqK$@y;N66M|Uvb#;|arFKH==l*KWP(cXxIbomiwIOtvZN-z^1v^ep$Xr= zDWhE(Yb8GOEz98xG3(HpD$=i~wHWlq=sw!0eXSy2r#FL)vY39TI@_}40>ipSewIiV zXDuIFv=V?PMXOVk7i%Au@x5%`3W&|B0$4-5=JF9X?f22tvloP%`&8dOjP|Uj^1{rj zd!m3bVKoICi>Z@rb4Bl5b*nrM32`xygfLPfMx5XR94VEVtXI6A;*vyU_~q?2{Zb9B z1~Z}ZAF-`juaCo@DTJBXz(PCJwWzhyH}t+FXiH-gdUT&A(i*k(R zu2fSzj#(QE(3}BnRdVOb=bEJ}n@hVV`(%8Kf^5vr&(HVWZ{rb|HM&OnAj>6qH$-`1 z%xYj*jiL{A`lo_c8gcXrXhGPNnh*M1`F0vp?$?IurTs!g z1!YToH`2v(DG2r~JFv6Wqoh!Rs*{eESQg*BEJaLq(VO9Fe{00G6eG@$WWA{bX?5sV zFh*6`S<8a4n{|#vKSjc?{)Jzfa$s=jNK9kb1#sv$&_5Ods70}hmPSKRYBhxGYJF8t zt>g|(guMN!0CgZ@Jj|hJ>2zrgFF$!Y#+R5ji9ag?Vzs!9eGR#8(EFtBs_{qV?rv@R zuNQC6u!d{^Dc%qdz*=9I&sC#BhJol5*r-jek*@4a0Ra=XG;|mGcX;|PWdTk>wcO=o zrf*~$aS-T`+{IdAkM{NP4lj&1gWLCRJ9G+0A5PhHj>noK^d%WbRjGo%EjGvXBdrC4 zY%c!tCo3GZnGIORLQN3fckd%-M>)Z}fwfJKl2`JNq>~uI8F0oh%sHZX--|}mN;yc| z*9wNAIMWpJIxF{a5w9HmiPxU=%C6*_kw}6Y0lFK#eYi{iGL}e&-w$T05-c8%h>S4n zKfs_KrG{alcqHi|p8~)Bc&MGa{%H_??JOLkZ;;G%q0q9f=4 z^M(ed2}}rR2g97~M=U#6fX?Mg@1bq>l3v`g*aS(upN&GF06SD}8q4T@X5+7r)N;4- zzkG#Sv?sh?p(#^A6v&l$_VlXyNbL&@X#S%d5ZEa}dQw{uhX(?!r0{7bk2ty&Wt^HC$KNKaq{Yxh~<1fPdMi7<3S2_%kqFt*sGQ z^DQ@bN>K&tF z{vy(C0VsHl2QjsIfbu?mYemEVHAcS?hmpevUO)y7ZLcESr`GZ-`l2&Q<@nUt5QA?? z;M^Zd-BmL$OpXT;j#~bA98uNH$d62Rnv0c4r3$~sdwE4s+h&BW6|)peZKW@}z!TGU z?mfVORel;^O*Wj){7m2c{`%L31rYy3A*`>yq^;50o4UwDmk2YdM9%)FSCE~^KSO2S zF9IgsfzEA5FE1>S_Ec1C2(T*je| z4{_jk3SV}@NwcnLyh>ZK9Que}fYub8Vtw_%T~!AOK-m4H*8ubzovQjDO2>(G3qh*!Z`x)m3$q& z#7~{}QfoShn-J}ved#{VL69I%cK<3H7hSz;HxOVwRb5+{m|h0uROalCtfrH{wAJ5^ zy>3l}7{^>m>0h-Y<6fUrC^-M2{I1sBnIYb$m+uNvQdQgU;^Rf}E=fG&ytj1Oim z;&=kLB0SQ`1|Hiz?+sw0$nd$3+CWq^8qdoD z;Q7Cs!IC2J_a{y&QA08UGcbzyNZw4xgWY?#KjY6l!X2=M+K)(^VEBU+1z)oJ5rV-bIHCzKX zb|s=Ate5_Qz(Ap`Q`D3TV|^F-#ggtNb9m%>NkrplO1R3!DEKPHNw)Fp%L1DP?{^Ik zMAz#mJ|JF?XA-e+@1%$_-6LqydlS`YH_l%$mn*el-#dI_(f!0??WZz6X%WMm4@p2X zxJcs!m9UJ^mVKRj_WliqlY|QMCB zjf38wXbH7P7o(r;f3`jny1GmsWE;9e;5Iy^Un-pYdR7Us`ry~M`=ipqj)RvKkM#c&~f18&Y z3ic0GF)myaSIsyk4vlIf{4qVvTa_HTmsAABJq z&WgK?kRT9JtMcx*fUQDGkAyiB3mD@OR>iEPp+`8t%@$HnAMt%uDsH#IKv@oE$96|@ zRJAasI>XbU%j+1qE;gI6v^etf+38m;zu6Rh*)T}w8qWe2GoV*tWs;Saxb{bZHa{^Q z38oCIJp!LbH~XztTm<2oZNrbT)@=nk3!N)AvAnj5hphKBufgY8DAIg#Qs%n~cLia5 zOM>MjnMB;eo>;DvAR>V@w zXbom5=(_%DiUV(GoH%VQ%g+;`WiRPejR|8|SW3xmqdoNpViNP+&gNnq<})uKCudg4 zxK4Z+x-nRZT9Q|4InXp}7;YB?1Mop;aVA8e>}XNDQ*?{FYFF1hpf^j{+|&83 zdRjhZnGxKyy?N!q9ZEu-0( zkBEpMYV;BjL13c_eN`Oif>b|gWY+P zeW5mS1UE6S?5aKUZmIRowv-?m{d25l)sQv4`l{3lW8m!Nud}huY;n7Hi43N?>6n5zCRO2}EnH~X(EirZdxKz>CRn?mcRKqLba;=kv%z(_ znh5st4b=mSL%sY{Q{f!vfW8BdkV;BQ60UA8%mT)_l07Zk*(bq zEC~?^#O&0@(q$^Am2tp8PV1KoAXV-{k#Bp0;3mp=$`iytr*nL+;*K+_&g(W0GhljP z*3|Aj9`ltROP9sftCcLPPYpubUmGxa@bM2s`}1u|T|h?#BZlz`t43wTf@CHAKGQ@pb{Ntfr?HZ> zVBV%b-i@1?wa$b}Lz$87-GPWNvAF&(&0`Uw4fWW)zC9e)(FMFj?6EjE&{_h`r++d# z^AqKn&#;(!P1<#8>B3_06-vqs#-n!;?=RJkMz4<7F?=M z>(qWg>bEhe&$91TeU3j~WatbbmKX`43A7UiE82c`X5?C|ErOYL5Z)HsZhy_Kgf$=3 zer+-0WuAPm<~Rtx=g{hy-Rftv7!E>rW2WuHOmrbvrTI>`9hQY+koHkWnu0ur7Fq2SWtEb6$1t@l~a=?)Pet0kVtr0)#>66PfSOv zX!iwHW$-z4AV*RAzVB@$ zb|0g0A(ard%TR(M>&PO_Z0QN@{t8;S#n}Ei+pJgkHHn>QLXhbh5Pj~-g{=eb*6es~ zK)L(n;x5#q&wSuHl~=6(;k97H*rMf+)a!@Bzm^C7Y7odgpR4J}HE692aMdl4-h%WG zO$>vtS=Y|R@)$N^;dk_kinV%sk&nODIIvP0+qrP@d*S|RJ;$ZTNhAW02w2KAjC6lg zZniz;F0=ru~G~KM=4L$$gJ|ZyNg|cT@byoW?i^m0Nul z$ZbIlxilcbdsXjs4E0vsD(WAaacBcEEQ0dpkzxnxmE4ZYfJ!8Zv2aJr`~D$KevQT6 zniGSSHZczuK6?;1-rZE_N#L8Xrb;dKBKmBJ79=>qa>~*wf#XP)8X^>XUN6MOmadQZ zuc;=2+!y)7Wwk%WQ`~&ay~k=@>e;%Z0ATpe8FdNqq-qIRc~uR=%f&Ve#_| zQ$yM?fJNTzcoiMH(8l@pvXkXa^p>C94ViaOzIsR_Fdj|OaP%L|Gp|Eax7+Wee0iA`}E&K5Ckh3 z7Y<{m*un#nAGcwxK4$9&i{p-yIYg$B>s9)C3ks8N;!B&Si((HLuljL%SN%AzZ$PLM zrV3$nQ6IVR!{0$kgnOMc?=s)4i9cZRg2Ps#6>num!ErtsjviZRd=#)%o%tqu$G%VG z9C~p^uZ$C@pBwFur$4gX?g1SxSeyt*E;wBY4++uE zZ{J?E(xV24AG9Y?gTamJC9~#gT64x0iBYQKu}3j}q&OoyU)aIb?5<%I|E@ggi!Sr zYD`TNeVyaN$HF6FD~Z8j>aCWh8@{Tsfk!r=Q_8)#Ex14vLBX8*d*)z+h1sWzifdl_ zS+CcLEJs$v4sw|HTO@DrW-097f=gy1cwaj*{Vd@J`ZR0tgu~m(={cPCh+3BIay5&u zBU0fcmuf9i{v3e@I1uLsCrF8MQnSYOukX9->IBx(eys(yp5(;hcFFq_`-lI0a*1?j zSPc(^#Nf2!j9GGSi&Rh4Z=bHPLAHg8D_o}ahBWFf&j0*4Q~2Dn)_foCWh(BXbY)bI ztonxoYgwE(IjGWOGCM6sYL{|iVn*c1uzB&3q9YH2UAh6emGN^>`J!phgHh?~UV?Eg zzBn;lF0VC{1P4-XlTAM2>rkp4?G}QyC;SPR`U*<>McaE~ncZ&iYxTQB)#L8G`$getS4xpjm#PRd)oA;{&O7<_3-q8(qX^SMne2az&klj zQhmq;@b9n+SwiLN-xi2L@2ycgQ?|K6ma86Yas=GxsjeX7xcH?yus>jS=GK5dW9jH- zG-DmY4f&$CYYK7Q77F^KZj#I51N zXV5kt@4A&+GBp{;=W+fPQh~t+U5ph2CKg_;F1x-1Zh4n|Z;?3-KHj&-UEaA?w161z zRuzIW*~RP@F~=6w>5~6*{SOLx=c$3}hX%CAA!iD;;p3$I{zdq9 zp2HuX+5voAnZ@`Ly(gum`SF!g{DIVVcPy8%u z9;a0C9lLS^O8Nmm*D3Sn<-i&Z*hoSg`aQrl=Mo0;y@V|R*Ma5v{55#%W>Q|0UVs)&~Q%d zr=q{@4f#uN#$bFdlW|8^;i=1_VbeuB8f?F5Tj>0>x#u{rtAx&iULmh-FpQqdgJux#H=X`3vQ_vhwg{7_)8(&`NhV0I=S9ZRl-sR6SXd}!JqYd%R^j8RD+gY0PQsG|GC zQ&&gAV0<)FX2OGo1A!OQQhEvfHyeA!PkzgXi#?!IK2 z*9zjILRv$L0T=sV6IplQ1Q{Jub6kG})05=}K*suXtDZdYlpC=wKyOk;A0Vn^9n_;( zgKdIis1wbaWn|yn9HTv@JxesJ=acp8h2Q09vxB&PWveo!TxDNc;Hq~422R%FWnx3* z8IBUq?_jajzo++Qsm5ROBod{s+C$SVJu5xgHCVPR)W2LMeLYu6-_i34&j6dvfx!AO zJQVjQVuc3-V{`Vkf2KRws~Not-&dWweDD_R&7g@D8tw$(j2B4PvfQ0drUaoSkD!0H z(!xaBy!9IP`@eT40?@1-2FvaXiQY$~1Q8TY ze+B$ErR05k&7tRgGKC5j74V%j>ryEy%&=J z8{-7@_K%M>B-m|TD^2Z>FH;Ilnz5$fGc&}siDP*Ey_gXw^4`h85%*xqBpnod*7qC_ zbEpK0Rw_Ulky-a{eu|VV@}`;KvZZNUu=frXHQwA?OK0twe4aFDRMQ$!S&xIsz2O(L zAoq8NcWBetM&p#L$2mP4I3JZmqgm=9P&u!S-EFo+MpW-V1bI1?vga4`=ndmkI)t&g zFMCZIAm-sQx-93NAXXXQb@7o~W7G1#EbUb3nGHHr`7G1rR7+-O#oXlW^K6;PunIY` z$Fk?!K?c`bwPEtp{Ez^)uU&4cA6m}S-Ug_hTw;Nnt*7xW;T3^L+j}X3uvfPba%)@Y z5RSLE%bS<_^V+1Jq%^m=F862xiz6-v=O}2UCAP8be=8NEWy1(mXas|HPf!}n3RWgauZli?e$lWt)RkX%dL+ZOlM`C`s^BTVk?89D;efl)bKfwB&OQd@UM zr4^m`+2O|YAiaN5bFd4Gqt(#9ICHF#AcmA03K;r4;3)=`k)}WYMuf@pM+FKScbMJS z5zR=C>~SHY^C@~JXW_f&-_&tH4U=~X?#Ve|xNTB2rwg5Er{Pg$F7Pz&zTjC)(2miE z1pWu30>H~VRVYYCgJHEE4kvXo;t^)8PI~na^@i9|+t3n!g8=Uv6)ndzn#E>5Xys`r zH2TusXSy&gGLpkjGL|K>M7TKi*Vvcx)cgJ|3tq+Avi4IY4FA6Jj6CJ!+EmP`Wy52+ zjmQ7Ur4H0M=J-+3Xi0sYFM7d6J+6_{%drp8I&q!GTq6u5fYB4A4H~7<&1Jvncxmr& z{U|eyfY{d0m4iI9dkYJ)?*I>7#@!Ye>=xF`t2L~_g>#)R+V4a?nB-h9n`iH|%e({w z(o+vkn_87je@WK_EF^~>7CX{-WhHNRlsoB!YIXLs9%UO-N8sA(MP-w2jr)FR;{$F@ z7llKiDhn}zd?$P&evbtI7?b&-cwge5JmL?7{A&MDmTIFueBw(!aSiu;&fO-w#&u(< z)vLHXzvT&QWo?Smx13D4@cC$>gr`5)XF!Zk-QC^cS?fZ+fb8}2Rgk5b`WZDW5;KM! zv>wdA-)%IbUdsw}KH2qMi!^p_d<-0JPJH*#l@9$8Fe~dh6jOiU6nWM;M%Bu6>52Y% zmBVK@3(JbxKD#aX-dy}cr#dBkp-TOe;F8c6C8I)ws+{VKUWDDioxmXYO@+P0%X=Xi zKZ38_BcfY(cptT)Tr+v^hBxG3veBVh8dhmR?P#$TC`g_FM%+6L;$pWY;(;Lq2rtyo1j|{4)T~?ox-8w`5e&~&5{UmPg1-A|JydL(SzTR0m%+cR^SN0xz|QvN@)#&d?t zU%7lPj;11KUE1Vi_u2{2eLOIVi?gEvs*#jotI1JA$2x^d4zKe7tvIk@1ChGqkeA^) z?;%)jlEY)kE4V=u>{k>y^%;l`Q`@w6?zUm87ykhXh4C%)fH;U0{~cx{>+f;{)bpb9 z{=Fa21rFX{&f(vFP*bD^;j(!kE7U@Px7QHL69)4<-#Dd6>gtfcg}q@xU3bNC=kK+d zl)o%*G_-XJm2M^>P$@HGYUP9W+7G0vjUB9(YaANB{-##8@88(eCYM~cIOEjDFr*3&6lEl+0l$faoJ zO+d4F-^5Nd*a=oIiqB zp*@z0c;U@xI_Zk^UbppvD)L!SlY8}EVvk`4vcivZ>adv4^&FLK1ou3W(2pp#{2e}{W;uFRh(J_K8A??<_Gx`%a;66RN z#-cWNPu-GvFs>?GU_NcGysd|G_1^umKT$VzAVz^%6#k zdu2$68h4dE>dBmzzas0Qy8}V3u^mayh21*s-!uNIaHpt&e<+m~n!LlB+&Y+D1wcus zz^(@R^SozG*4y`Q?N=^B_}6{0*$dO`>@9ZCzq7}eq+Rfz0EiSD{?`Q*^cU=OVAo#Q zgj8`7*R{$*UY+FoPes7me3k0+{v9KKckTSA9qjM2?lvqZ7+{~l8ZnaQGL&9UG68uY zH34V#I)iQ~zN4J>q`pN+>N~FPh4Si8;wIJ*kks#}RMCQ6X4ughLiJt;&X?Sw>G;_5;Q?kVdHPO;c(c+GDxz(LJHceyvTmA%vc zo%l#?<_a9@A~U`V^1+MTftsSD;Iz~Tg+_1Blg7+RZz&Le)VCyG7r-Gb>VLdlN@>2D z3TqsLRyrvJem}5r-qCTzBW_7VECl%I>heq6mC;+ocOvPh3k>;pA5Vj#{osjNbnX-{ z)@mlIKszT*(8Qq!0|!>Yg280d3a$S54gT`e@n+}%K6N?z-O-32*)AEjQ4 zp>J}pNO9z6jt`-iDwNV8)GvFzcQ)G3PmcuY#1yxO?^4^Y z65$4rE^11DYQ*b855dWIriR>kFEQph*{lC#87>^fsQkCj7xmiAwP#qR5fsjs@5Vd! zRI#NLc;N3>PZJeBqGyBu$-%R0f9f$20e6#JJ~ z?Ze!!ZT?_<3R<)}!~eeQ?Ujk@0EN&F3-I7i=vgVl<&?d9_OsET2FJfHt;wxVQwAdT zvvzne&)722mSvXiyJk3GJ0|Ma^9u)8$=ayc1P={;mFOGseg)L9jik&0R zD$TN~*a0xtj$a(p88)vB2_Mo|5A&wG8r?snu4IL+rVk>AOKR@+94LAwMR7VY9aa2y z&9y^ZcR_nX!n!F>^hs(t{5TTfGMdrq&~?67(whdB4zrtk9DwuNsgkP;9_vrF5IevA z`?b1WVy7EE5^y z^w3eSz*%=56G<*Z2uj(MHYh$DZLfJ&fjP_;NLvF@;Gkg3!Uxzde;2QNyY7~)SE21l zJp>hX76&Z5FG2q{Hs;`)!s}}V#djoij^71D<7)gk$P+2jb>1epV38X)2=0_WHd;yEW-DpNR|MLx ziiMOpP(T@i@qxNoK8Ip-w=RcW|ijfphUXb%eha;-0S$1cnf5ug%LiT;JznS zib0hQL$me@_{MW}QOar@Ude~<*fp*et{?bFeI=A%Xor0L!L^4f%>o({ZPtvVaBg`h zva^t4h2MC=FlDLWg`udlC5^eFunU2UKi2eV;2@hIcCQAM^4WaORnaa@1g98&J#0Jt zGyaCJ+`GveoQOW`Hj9;6;5X5j_Cy8X*BzEnC$H6rwa}TM7En@I@aw-I=XwRl`JxGp zae(6e-TOvT&rI$C9}tV8M@*vqwMOF(rQ()JAE_jrnC_LmR_D{jPCPXbRy0;Ue&>om zSx&5X<8tLd82EvPNWwa00_eEkI}djkB+Q|@6xe58$?f<(4UHOth!U&A)jRj))?ugO z%8}u*IKuJvF;e)zfrK-Pxt!_4EVdil^gk61!rZ zF?{4M_AJHb5ePMooHTHlasfi1mLCV24cItroD3^g`_$T-9sji+#O3D+MfuE%JJZWTT2{TpT$bgzt!r#EuuEo8hwSALN&XIR> zfyMu`#e`>g{Y0dSLZ`fojoUn`>X%H4yr ztLhCZyOvDe-Hdqoj+s>p4oSK{@snTGsr$=8tl3It zOe4cayveYwDiaYZ%!p?2c-vu=9{&_O~Gb-gd z+pjOz?3}j-bNF}lERN4nRXRCEfnT!c>35nc4Cesb!OsOJPDJqfcI};d$bPKbB5sF` z;Y#+6KD&z&h?iapY3U_5aHLvb@u@6qM^q)Z17NwUxd$f}adm;Lx;t|2f`t~}dM?co zli85#IVNJSMlW1qGNQ9r>)jfaKHs+BZVe{|tE^aNi8YgW4VxH>L|Xbq*5pt>>BC1H zDcf(&Au=Dei&APW_QEIV`Kg!naSdEX30Dbx7$6H4)R)u2*FTKd*_5r%xiRyvCR`JL zRIn6dIMj7ijhPB>GWtvgPBhrzfn zeHyaLRB%g+S&``4H*Qak@h`z;8sN)PlpO_*+Au!mN{(vmy>PFEK)I#M{96*oQ7*uA zefZA(J#yU6^uE$Uv>H8bf+U3i!zdLLixbi5)C$gB)CsD^Urummc1YlqVZR1mKAnsS z2;2QFxa*J>dW_1n=n7P92gf5-UlJi38sKpE4-c8kcS_c*USEP3Z*B|xy!@(aobU z+-L3axp^^v%qevAlSntD@V{fK)>@FCj%V&O`5hXsudG$yqOaK!aU`-zeT)tyDzt06 zd686`OLdEhq&T&d%6vFTd}Ojh&Sb>m|v3xAUH z#01l<7sWa~8`^eFcRz>yRKak`@PopyLG+R&fv%N<7cT1)<`?T25OV}8Q_xlpL`s^Z|mFL`*glCEYWx!Ufb6?P|v5h_T*6|?H z*a9KKl?rg^S_m_%bvjXN>n-ol8?HU|g=sl{8zY(4Ksd_!Z>g!KCVeIJ7XT+G30Z=2 z4jjnCcZY5N=Sn=X^&jW>^1HJqncL=o`_Qgp-Igov&c%(brosHm@Y>@)`aX1bndwqHgzUv38)u&h<*%n-ta~Ds1kZI% z$LrHG5Uxmo5)*&2I&%XoC$l?pDz3j3KG%tre26kYTCtG&A0r)jTjc@Y$V%1ms$?3@ zB7(zp$;L{Iw7ECmuGD2nl^4Sw(UKHsS58`Pe7zjq%RpC!Ujt zMpLoi9hNoS-dOIF|A=ADN>q&j- znL6(@|Kl;gQI+^xv6DmIGvyB)q$YepG^Z8(^CmdcbI*D>-4U-awUwfo*7y|Xwsy;3 z8y~;^-EWXBQ4sO-y5Sq9e|xXlr{@wZng^)3Et!@+aH*aH|Fk$?pB*lG=37>JtmpG+ zSB6MjPA{a2`Eou`LF@l_sxW?CPdP@lZ>mMYKgttldlR;nae?(yQ%%M8LV`0joZ z1ZIbPJ4&w4eVoVa(RNdX!5m%3QJt#k)vwg@$_Z zHNem+llEkaY9X5x$#9*6dBh=H=v|5YU3^(R>QQsab(CE4t)({Owl9gwa;#=8m22(I z!J-<1Keb8yiR6Yh1I6aXT@<}OO6Mg+%!CJGiI2gMTjLQYR=)P1!$>t(v*+Lj^VL3V zmS)5J4s#0r{b;*4NH6HrVnLcCjuoD;{b;Fm)a}gAcdM*E!hg4sNA?(LHT|=UU-i$e zq*{S2h4$m;jN&`g;Q6Zfj$3TBpbMbx#-$*!fI8V5h{oi@J^X5S_;lFq)l8B0<5zGZ z9MoTx7gW{0W?x|ESaM?PX!MXL7(t4;QhFWQbuZW!3A7CtmURIZtAw0K${kgjX;HH> zUu)ANCrHlH$VzpQ7#R<-LulQRrX2s(L>sXYct=*!T=%ccag>~NQIrC+y$YIp+fH*m z>+X}vIzs~!^3g9J8(b2#(IaXrMuc)uwKb0lirTki?+Iyr0BizW+F=*bqa8WH5mMieYtL%4ZI?gL z9k(QgW3bb-XJ9$-d#>6nYKT}vJ>$cwe!xyuVt9+hx9c}Qd zH}r-O!y~YmB^H-6dWF71db&^*xBV2cBhuBFXxtIlm5I3`QQTkQfS#Z=e>r5bF9G55 z*Vpzcs}sc|#6zP0vEidR4xmjk@;{y(!?;EU_*{b&)HOXE>d=2=( z3Ks*>lC%$w#YyX^FV^70wI_#1J~yq`y`PU_n|3?&Q)Z}^W z2^!=$D;}-z!Y%B5>{zV$T%pYt(DpGFOL@V-$l}cGm^vYRHpJ;@U$BuhQ+NXU5Thd( zY*WnOZg!9QQ+Z_trba9Cv0E1F|9i3u#UItZS+AT6WIB+Ob$>Nmt@$fU(q!zVTDYHH zg4}*GYPmz5e9W%nz>WJAG~7R3iN2Zy(A9%^2HuLY1hT^Bt*WD;X~0t>!O z+y8-OnxPg)yetYhnh@Xy`_*3^oz7gqM;cTSUr02|evz;-7!8VdoWki;mBIUc3;fs$ ztSNVHByd~Bm5$t@%&5K_@O|Oup=rSFXzO&^aT2H26vSv?D^JDPF(^}4_Jzab3(YZq zy;+r=8L0XI81^yw-HxnEE`|t&PM`G>Cm>QMg_$cZj>INeBRV&U45Wnie-#U9v{_nU z=wD%j_9ZPV$4ir5S0p8>^(JU>WXtZ8uL*ZW^7vjBQx_C<$!)ASzEz(S{pZh8>srW< z1g{TJqL9=;xaQsAzM?VMw^*yMVcz}+;7%$EZBrwN((j2`eLlONB{I`Ntkv4YM~e~s>bGzZyjHXA~cc)|Rw zESo-n;^;g)wo^_JJ{N0N@r#iLy$9l`!Z$wUl<}{VpKoXYwRe9t zHF^xK^TX3XlNBX4D-kDw%5ji@zH!BTH}-opj?if=oPTGY<@X`9 z?)A6XHUMuBf)e5GneEuBXls420s}LC$L~-0SB#WzlKa}Q+X+fOPYW0*ZKmH}v4U^X zNSu+9_${elB&Kr$-w{t>vG8^rt#=yx40*=-KT8-W~3vJ4c)YV>BHkR$(GX zHYI`|3kdxLp8Zk)Tjm)_n5hagBhEw;i}s&nzVL)QD;vbZcNBpZt+wY+b26TX$+}v4 znOd@6Q!)#dr~msE2&cR$_Gnv%0ck*>UeL)T>P;Vhv9<A9p!+ql=$!TlrJi^By@fjR`&k(og0eqWM1|3AWg}p;l56O8N)gSJNC2~= zK#5XuiRC`g5C0I4k#>6DHyTg-26#W1Qg5V-7;CdXtxN)5Lsd|@bH$to*6B{f@ccmw z4e1$=p6qy4gW)bV`Gp^&?z!?2XNBce7i=iBN?del z0?lyXd2YT%o~}MusZjvggAVVNl^Yqq@ML!tcv1(*0$<;p<5helAKxyK$KERZP;gss z*8RDSzJsk zUd6kZY&71H1D_wyyCLZwQ-s&~R&Gv4IZ@S=-P@(v$AXWs&-vfp8Y5ulz&=d&G~tIa zF)HQOei$XEb`vKjqF-g^*=%yUB(wTj+kTtZ~o+k=j5a7lfJ&LcnPJn`^rE` z&BcRYe8$UznhD`#xqg;a4L&BRwOEn7{l)jMK}Uq>{2CAbx;XNB+9;rltRu?WF0OV= zvQ^gFw84A4e=i$~`&e^o$=@6sM|hSW8u2dVvV{@Kwas+;^Sy}{ve)_J<;v|gQNi^C z4UE(S%+R%(&Y;|U5n+`=D`mNwGBMzAaI;!7S^d}0Q6#dl=3TQo1|_}El`?V()@zP;2po&3Sgb#Kbp0VwhG2PWj`$=02+rn6 z4iG9vMm-gKDR1Zf+)9u~j{IA!nlWjB^vQT)ft-`TX^kkHiAig~vvXpO z03q3jrv7}(*(aa#3*6k5%#C1 zmZpJ(6Q`iY>z8wtnIr_#8y`IK{gdVR^yRZfGdX*8gZsRZhh@AD$%6g2R#gM-BDo@B zaa2K0VcapcgX@}O!&P)IxOU>Y0JW8|C@N+N!8tJx6UlmNp6w#Yp@80Xljd5?=89+f zKDmu0I|JcG{n<9D#IYHzA0<@kmZb+#x;^5Av6 z?!9j2bYOX|0VcSQb(Ewn-KD9s-p1cCpZ0DP^YD74MzG`ZbypcFnyx;ZO9kVo96wO} z{7wF=Kq2caDdDE|{&kHb-Z6^2>YeE3r)(OTF9N^6y7T#iAkWHQ0#3vzu+RMIR#g(@ z2z)r~cxE21(m@4sS7f66?Hn_u~?9C#j~Z{%eH^0{){4pTlAEK#YS}ECN-;!#GKrD-TS^E zr|?2tQFm)P?fS$hnQyeOR&!hJ!jJd3phk2fr&SG;-$NGZGmn!EieZ4}384;JXh8ky zKBiE!y-?ZU9(3f|O?kN-EXH-Qo;)%<=KHA~LVBM-X7kyo+P%bKyRfM4bhuKVsBA39 zNjU6ySb3ELA>$Oed9RR5{HvALwDlL7U{FxJuwK1W|4d3It$={dP9WCi4h6a}Sg1dC zXYWH#LJoO~)#kg=SwQQKZHfHR1JO;|(`2V-GOL-=jP`bc+??9%Rw;>~SHF0gBi$7q zfFQJc`uRiZ;o9wX3!O+=Whf`!$9SZ*D8T{XM7r6uOeKi z;?J6Rp&K821Q|~C)5QwJzD2PzTXuH4PL`P-n-(&azON-;Sd4LRz?LD#R#UMQg5g5b?>)=ZlFszKZyt<);YN%-+bj!)aKUe{fD#X z387^W84tse*rC|I7>U@n{cy`Qm$%4(Qdv#uG30E<-Tg=L^4ZEn-)z(G_%dxuV7FX$Ypp$~e+DS6jQt}dLOb&qr4Q^)CGAYZcgRX9Be}pW?JX+u1SfR*zLh%>iZtH zeCdn1WqV$Efw!lQlJ#UZ6i;hH8%$GK!P*Q%SS*|m+!UrH|Uwzx&TR$uQ{`f+ykNouW@<_MNSiVP+Ah=EIA8c7eqFYASukiT|j* zF8TGB95A<-3h`l3*dtf?Yy7nPKpXdTx<=(*sUIPw||-Tz}f@RAIy_5m9E^>G1Fw&$M{Gx!z@d?P*SM=!v^H#UmlN=hjv-Df+t} z*Vq5CJ#C3S%c0H$)V3OKsi9UiN%sX$2}gZv$36dZOpVj$*~$o|9qK}>MzLoU$$+{N zWNkE+DOzZTjI#Jgr8n}2Q6PDW(>|%wd%*dllB7}ppyzpg| zyDfIo$SoU3antscTI0Jeti}R(A4~%Uqd^LPhJmt@YEUrg!vMyk-vpU}6RL282lI`K zlxbD_CDwJ|%H3T%S5J$rba*K@nqU3zAKx@36~b&w5gL~-x887i>>DBCtlYf+0sPmz z543p|?4HK_c+cCyz;3$zb;VO`Y>kz0ZzEaWzI@P%}R!b7Z!{3V9lQ=dt zQ~ix!RE^>~Ga3!uQ~e^kTz=u1SMJK;?RBbsF2xehEb>&tTJM{l9SczL{xfk&^Y?@T z=})TE3a!xyPCLG_D3ZP zmYmpJwl3LU4lsKh{6M`V2WKP%$QZp8o*UB!IVAS+$#;)4ME?`l3CW@lZcxYY(9YChG&?hStr0nrxFolwPZioc!ZRTC$@N+wm|Xny|9w%*aJ z?S)qg=ArH4Zt#)15VL1lhDx}&^D1a(g6(UkxBP7LEG1$!9v&2>@lMnF8D;ujR^oi6 zl$OTPlP^Sn_Q=@yD_!=$E5rr8?`;GAo4#h7r*usOjy~@onMA22wYJ*GN_|VI@lDi- zc)>O$8eHn~v(Nv24|fVb;!7ba35H}oI`##S23?oY zuI!ckH?~v|MYi)l%Yy(u#vI4#*L(Tq}9sOQ(yq zg!AZL_G)sjYHd3fbleda(fv!q_M3na>-6O9dq<^Y%WZZq!aa#2=zt_^3ew` z6rJDoCW9GK&)LF6DN)JVx7_`3$NZBbM;*b#=D@TU1glm~)OtAvKalUI_iBmh?}rbJ zqBP_jc)cs)X4xmpW#{fHbYB+cU^E}HhV^|7ok#I}g>TnE-mXw*DL4QwD&ZPlHJH%V z^GbxiUpcJ|%kjMUoN$@UK(g`eCI|5FCEki#Uk$v7bTKcgJ|vL=ywZO1V55tap4K?G zJ6>ILYmz|>X<7-L!A@vwag-AK89@8lH_u-iRKL=Wh=(}xP4mGM1HZPIU(}*2H=glm zv&oG_@KLdp5?65y1FcHQCQCw3aE|%yJ+I(x2R%2?uuIElCldf(vxmCP#b^Bp=}$bH^R81*$CcN z!&s2Sb4$;8%c9>!V~Hp8$?7LvU**e5G8Xn07ex6dv}zhKWd8w%-}EL9cOSaVk>elW z`zlX_%8<8b*Xj++6Bgjt#kjxK(w{2-G;3GR#FT1?6!;-AB>Rs#{vIK;`DYgP;{fLD z34vq(lLFEWi?O@(Y2!G{H`sj$YEZ5li^#5OD!ACLsp4=WcBpDfCv%X3^Q;tge2md+ z^eLDt$^l9ww*AWA-d^^e#!fr%zQJ3lDqa?K-0@P8oFNx46{6=5_S#x+yxOv;FZ6)l zb=8LD-hgfjOu#nfHC5HDK5|Lub*h`5hNRxG+-YaAY&^CRqV;S0?loQYum=<=sIm3R zzg(^Ax2B)LV|MhMX2#VE88JGMMv zyM&Qs6P~40xXibTVKb9P>9lb)SSkM1VD#vsdHxpm*h%$%lI4ej+G?*j zyPZ_a$GZdbv33{g!bh5el7WW`*u7B6#M=$6wi1$7{qRBOV?NHRpy&m?7wPt{RvB)F zf`HzoF|EQ<^v&=t<63Lx`u(w)`Zry6PqK5bF%+Mlr?rVz`Z&$Svc%@;o=*KS3IEQ% z=_?EmMnQJWonH1U%*CIp!q z2&`B#)Kg%#Syg5$RCTL)IpS0eXP&7)lbna55nVO7wDh-$TYf*7^`qsseDp8L z#58i_hu}AzjJWa8vAk<~7beRm?rIV6Z3FLjS1PT?elGF6MRzpLc3=@1bf($Oh01Nx`}AImsORs^TgBTY||8g`;(*J(s+LwVhqK)t6hMxPy#2a9>&^ z5BuxawS6nDTQysAJTEE}>wwsJr4sMi1-I`I>l&o9D|6RI1%5ShNd$WMH3p#+-Z>f} z3TM*4xcd;8(!H;%!-Qs|(ET2_mj)M4&|oDt=oprN@Y{fYe(K?FjM>9S;_STrYzSV; ziQcTe(La_mMl!v}{B_^De`tii&;&2<5+f!l-nXr;uww*;DU0xf0APic z`BW>M#jtgWOTp-4WBwSQx0~LhtP=0EypAw4gE=ccX_r9~q0k;r8@7SR>L*iU4?jwp z(HN$dT2enZjZtQX163RO9=xiV_rZvNuIKlcYF`4~aB=3_efZ|bdqajtCo@ZO0;8q6 zts@J%wY#gT_691f^5!O9iPIt`dY1x>48rt8RUeHDP5l3;W-^jA5g9r+IXmAE8^5OD zv96TyoKpEvg;yySCb z^uFjLV)6KQy(TgV5UVcAYb*xaEBBr!9tmzek8? zO(Kx+B*~AAl?3+^@1X98>&X8UJWn48GCYldm9ly;28hAuO4Z(!u(VhU3HX0 z*%r^C-z=~bhy(b$+K@!eh#Agu_Z@#rpbU^@{Is=CK2zBRovjs2`8pXW)t{&@|I$y# z&>R;^OdWB7!$yLevm=1>G0y20mWt0gCPi6E;@>pr(j=)|8yrtKu}5*+)=m)%snsUu zeW^HD~r)bjXcam_EfQHl-Wl+Iqeubo!I9taT?PQWnPkLs5Un-Z?@Fw zh&Sz4Pa9>eE2LJt_P1I-l(po>_V*s85~$+9?1@sRhg(lia(p9oJ@-1Q`R|iS-xcW^ zC3rCKvKzujqw&f)kIbU6t5+-t7?rBTwXor}kl*7D(qUIY+ z1!xJjI%L9|KM1@+vm~Bsj(Vs5>w1L8Pqryfd`LyxN6PcpZOMIlN^S_LypFY4Y$Sd3u;W)3!oyMTF1%|exOsWLMbpy+Mcpbws_A9Ms zN0yo_>UL8Fr!&J%T!XvP6wRmA;JQB)0 zB-!`uNit;3QnK$PJK1M!WgXm=oseZvLUv={jXh%@MPwNaGEA~FV#pZ3d4Il--~aQN zb1&yU=Q`JQy`C?z$r!ThnCjV|1}AIEdZ|F07Wbe^qR!`dYcNF~e1Hm$=kGc3T9&#f z?MY*GMF?$UXH^tI9W@B|4MoxqLv#zyH&Nc-27e8Dv+_#a*yvDbq&Ti4S()suFu3F`7YiI)J`c7SKeSxQJg-mx7t)n) zGgo+Sq^!a1qs!qiN=vE$r-Kq?#9wTG$(pnW-Bm$Mf34Yswh8+HSi94&gBpS=qMIta z=Ck_-xLj$0S(iPd7x1ND;SB{P;L18{>jkA3hIgEUJSik_d372{ho8B=f4b^<@Uz{z zyC~^EdxmO#lZ+iF4(qcSFK4J~M9dkwv>NwyqMIByQDAkR=Ss0tih;y_?&ap%-|n*y zFaZmz!N3(itSW#@^XlbDvv{RQp3NH**$3X{otts@&rsp)lr`4=%OKunGkWQ^@mD7r z>ybe^c(E<+KbOUt3-}it)`WR_lxlufp5j;pLrGp4Cjeoq0gPPF)#*;S`6dy&O%lIg0MZ8 zevTu=sf{*Tfn1CH&K7Hv$0Pb4$$)MjGU%S-cqmdco-Fu9{7x;A1Xs`tjFunW*d1X- z=O|y;tOM*JnOmVT2Er71IvnLqYf|1;G2eZjp@$FGL={RY^2e|H6MMO=Zwh9t$wi2b zr>dZDEX0$w#+!YVuUcFw_){?HdsD!=xU-B}BpstXIxfhWdRHS)sFR5@L9sXjrU*7g zaXD%3PBG3tzAqTjptwsOkKE@er9qd*zjRU!G@xXO89m29+;DHpO-0kvfRr%gCB_Uo z8tRDj^^v{isV>xzk_Njw?9R%{`4k^Ir|HKfbBW#hSUOcuWP=n?ray1*6DT+uC7BhJ;5?MV54D)K9M9Xs#0%}VKAjPhE#*$ zJ7YE+8zzkv76e`#x>)0Y4H#=!xSj&DHMWjJ$y|VcYporoQ&UVLEq%u{#@koh=<7T1Z#TvBR&9+goGHM`s{L$1Q>i*bZ8CB$ zr`x~1TwMuO=k*Mv55Vj1^Y($xz~kt%8{bA^TIk%p&Ut1DVhd6FA?YXOVGhhWmSz_Y z4F3#?hN0Lz#OhL}%cQb5_4MxpQnpQ&VqPD^c2Q^1U(?XkWm=xS#4SlutW8!D`JC$5 zv?9Us)YekITCsT|(`Hr0G4@&_vajPni?nK2^|w2FMzU$wbS>f$>Tby$U;*8b5ne#F zlsECKbFAC-6HrV~SunZHxkJrLkmaq3+7pR`ikXWwL%qMt)k(NnH#>vB zTd;^fb=O)orwOn>8v?(5$Nqi&7aNO;HBCqiV;JVgeuYet0S&D7X=C%A8K%h*xGlWE zSNO`yEz3+zg!8lXmpV~Sfc>Df9w`YEF6y)?Vk|5`J`L517~N|Iu-uE8v)i@@f>m46?Mqs;C#}+<8w`O-oCT~^r z(J*TG*FLnQ=2M|3RR*2vet}^yb{w9smB$FdUz!jcZ23 zf>s$k^dovLDukytzQ(-%=4Y52vyAqbOVgi|MZBDd`Ic!T>?3pOE3}R9w@)`AKwwXO z+mSk=v2(fIl;|8Z1@{+zTaA$Ms(=#51Iqn{8H>i04yJek(NlD$d5s#ePYV1byr3oi zEl-37%vsr)IssvTrcvAz=ot#|5$ZpEz9V$yde2cr>T*;T6dfDH9F)hmnBA2D8O~>a zCJf+jtmR=N>4sNv;7iqXaXrlxj_ML=w?UAQl<&)-v0TM1dvz{xzJLA|*PkBWOk2OD zdX;%LPRiyI83n(O4youE(9NKFi#tdNz!tqt(-W zQr`vltrqYcxx-NN0`Fqo@Q-?dDUd^Jjuk2@`SAX`b1>)2lz6FHNGdggs$Q|*K4M`< zM%v|UJj~bZci_p_*%!qE;`BHF;dAy6-pBEHR&E3D<#6#VuWa0es6bJk6kwn@Q?2%n zQr}@krMqy5Fv!XG-9>!Q_w*<>D3ig_&)?%qlPD^G!=*yZ9LP$%d5Xj+jANk6n5%$? z#`iSE>d_c4J8dmkyu)*ZtDXnGJocOy=^d@3KO3q0(jO-yNS+CyGz4@d=rxd_eVz8HbPPFiq8Mn zYgSaKll{)HKrsEMuW|2zD(pVpmmOc=r~AZ-5uewsPwLU-E&QLZ86+h{$rUY{$+z4z z)%Hz6J*G4kv>}%K;G6WNhGVAhR5<>Cwv|0iHb`f`)X%gc@VVl~N%gfzUyqyo)6a%g zFapGW-Q3&keC*uYeGO#T6=Dp0xyJ{ApWZ(?zuw^M$ecH1XwFaGG3!qgVzkbHciI$K zgQ2y~M*L_Q4{7AHgy9^Ooy?QK5s}kp9@j^7J)ddI)%e+apH#-Mr|oWj#nZdeAq=Rs zJ*aSYr#buH&s$snNUg;8sVk_n--<|&l@%}P?0*%Ol=B7pnrMZWH07G%|4^`_|GpZ5yNM<4!D=%@3-(@w)?lJ z{ZRxq9Lq$|_$N8yiuse_^;PzR%}laPpbs#H)t9g(7BO&8vLr zjJiOquoIpKd_AfS+boet>C@W#KFgB@?7<|K=Q@WjFao*3JRABX3uQ+|z;!B?T~Phz zfeQGoLuy>eud$CG>r%g7j7WwUvt7Tei}j*rLp*&hfy*S2@=?yiW2zJ{U^Z989k&AvUb`Kg3lp`8YzH}h`*a(`TO-QxVfOEPRO0s6@MyaE`y#+k zixE|vGwMB-$~-Tpn7P7zD9gxowXN&hDJ9oRH{k=Ojf<)=I*d$tjdBvy`rjkGbTK$(R zH#WRo^pfZ-Z`BYpUC_f>1tF_E{&!$Bdl^4q@42}6pa12 zMpf=|wE2?{IZZMKNbXtY^dnLgK2x_hz*PUbLsbR!T9$OGJ>S|CNm{7(k{G4|M^kWlNEt`Gl5LAQIxGsiY@l0 zH9eQjxoN4_0566!)qYTgIGJnbZyT9Lh(6|kZzUqvvHlMM8HyC+^_%@N5 zeU|YErWUTJV$$pn3yKxin( z+M{Fue7?|ujz-N-Hr&4~l>?`GQs-J{*wCjFo1oJvi#2XR&f-TN<)K${;HFyaaOVcs z=`o3I^gFhZv%TT#e+)@|``8;opebIOgH)QEEcPOdnf`8zgS#{`xTh`sEtnzK_Pdug zPx}~fUU)%VCUng{qO!`L4&MpB9-ltx{4WELm8{uf!!gzzD3KgZHvE8V#4K_OC9Is@huMo8r}Kmau3$ycb$~WLC^+2EfvcVs}N*<&+@bmcF3och~uL_T^<`a2s8t5DcU8j7eYB%F5fyd`1$3PCj zc+B1T{RF27gOi)vsCYwJux>-rN-%Eq4z(0mHlVg?=w@mmFRb?ItfnLHw?c|Oxh7pOsq;+RSBW%5H-YeG$cGb zHEronhE$)K&zc&T&FVg%$YUI%-UCpzzZ`i@j+kdhvTjiMr;rcf6=&4Pc6Z7N^_SDH z+_=i9HO;d|t9Ty{x~cP5`qG!ck6TSC8Md$|%_IBC9Hp#34{)sb%0Avmg^E`4SDR|R zT@^vyBo4Wyf_&$TYoB+jd6ln1@7*@^wfp_#Qb8`o#X?A$=7quFXaWTN@$zJ5Q7{A=HYkNNx`F6h`%h!Dwa4~00MlTF>9Al$& zi{i{~M&+P1N8fqGc@$55ER@D7 zK7P4E=?!$bOmpd|x!Tfy$6I+=t2N6cHLm(i(MH4NgZ#;x&_$J@Q(+ofJJ znXjX&YzKQXeBwm6`lEe+2J8Ovnrc^Om&IKd-wk1KxunQ=53F96bYG2%#U&jPsbwqp zR*JBee+%-$*;?dc8~g#747TWhbw00qcr*c-)fb=1pQ4<} zzcu0$MVV8cXEc=a`t9ZyW1qC1I046hD?;gg(aQ?q<-gVrYF+k($O|e<(g$L>Qm-P5 z&!!K~vi`Fokss60p~<%gOM=}d!m1AvJ1gEgVf$ovSEOcn#}@#9r^D!e2Em%pr%rFS zI#UQA#>vXQh2u2x;nI7j&nMuvwgxKGwPlSvh`bd^vIq|h{gyhnPoe`ad{?|fV|t#> zACk5H>x;_iW%DJ03kX{S(lp~ovx`AQR#CqliUFz5?j*A*zOAD$uX5!=7b8GV%X)>> zy>J+C-^GiVJpec^wg)_UYY+Koh7fVH(da+S*+OfRI`4zE8zRycHC<0+@6)pV3WjX_ zc2cPedHe7O)alG9b6aLjXxin4T7g>Tdj7XEAqt5#Q&eR2nd!S2e`DRn+V-Vm@kf?1 z1QWNLAncdGBN**y<1#wxW1xbZ4LV4(oXx91o~waN#Kg?`^)qbK5#!(v7HC zY$@ifkf<=wK#N0Md^Ur2je*TBPx~Vk7*L~zV)K?{@rh0eVg}Vn8;#0tv7S@y^1bk2 z0C!tLzYuE)6+Q{jX|-ahow%_&2PoA>O~kdmrtrXM{fK>5lxvH9U*qwqN%*bd@H@5Y z?`A+Z0YYfXJf$(|N6N$@TJD%yl}4(kUgqLe5)@(nX_a9%z6ku@cA=4H&7I@_cE-{) zhu^914c?ls_Hs9$zOrP^YJl^X)_?e+zIJ$nj&98=Y0&ghGgLR@qy>h3*nvcO z)zo7@(wlF`lQ)0fNuABe7hygTpHI%AqX_)qux2%299v=>NTZv8iTwwmrmeCi7u7`M z`eP9pn`_Oo_VeveBUL&hgN&C(IMA^BBllkCO}9M|E*_0L^uHLDa z+pW7Ec$c$c_L-`yW?QTxZ6IC(`50&fHj7PX+R8d1TLu`rzdJ;S@^Cu>uOEL{XNs?g zemQkLYc5?m{R<(xR|my~J)55!Zm?az7~*6?o}4P&zKQ}+ru7{i-k&}$S}vt6!eZ-X zTO!4RisQpoBPyKZz8~4)jE4_(REK>^1okEs5oK<}JjA<7C)z4~c~c!be88^k@Rf~h zXI5)DBc5_ef!bI6iryYQ8SAuJ&9Br~-wGL8qt=TyB|sEL zyIg;m$B4>>Qm?h59+IA`nyJ*Yv<%d+|1Grnkhv*P+^_8NUg*?jolKW+t9hV}@e`l- zRf|sQb;tDignQ_@iqk?-Ko?48{Fj|~{pA(Lc!rlA?cn&N*Ib*SvRH0{m?4^Wa=G_= zmg*ygj+&PAw{kE=TJ~+x-aE5r%~R(sHI_Y-2~ecA(#xPtkvSa??}29ULhWp4p>10- zoku>rY${*(=nASKl>c=Ej+lv!OroKjcEr61v&|sx~Ufi-gcvi}@e+ zFz5h9TDMWi8!yxuQ~p{=YE!x@qCT8?Q)yc5#lTmw%Prb-q`K|0lVQ6~R_PjZ6@s>WFQ;M=0yIOz>8FDw_uZ{i$JE)?VTVOQ7zbD8Q zE}c1@V<64l1zv`A^ElU?v-3#m3RZ2D#AsYf9YeENA8?*#LSH`XIq6}l|_t9zQC;Htp{@hdBOL4zNPP% zYg8$XXHsKzKL;nDFdE`KHgzx)6Mft$YtV8Z(BVDC@cO~^;c%i!Hxhu53ki*r#<@W? z1C9=N)1jzke2SM*#N)i^HLqQ52ld@8wn@D`zU_vx%|)``*Q9#o7`j`7+XC9#F_ou{D{PaF`f(Pho&mU!Oj8!p|m`3bL-!BtWJHej6h&g{r?sNAfd^IQn&}6R}SJ8!Eg9*^KSiIKwi&CO7r&%|R)aiR7Ra=ZA7(A+BxRFn| zN|ygH!FA9H&|eb^Ou4*4Z~~!U1jwh zaEWGt@PO0ND zJ=M#-(xtm+TJ~g=j>Qh^HK4o~_3h;={YaNg|Gw~HSz@YWNEY^LTP#PLu!>j^Q~K-7 z=8Lq4Lg8EAb3!dbBEx#WG6*l4(7WqxG|61o3!dsVonO$vVuRf;?v8gp#5dm#G`7|F zHzFmnK<4o)q8@lu06PpPLsi#i4-)BxWDYPz0^^f*eIXun!^WQ{O-rZE8I*Yc7Y}Juk4`>d67_9xe?tr32)IWjZ6TtYDE$qEZB9Qz z+wZj+5g@jZd}B-q_3X=W#1bSCF}ul}t3oe&HcwK|ef-atn+odL4AXUE`N8dHB-tYL zo(4KVy;4Zj`Gf*;_FQ7oR1K-kZv#?>R}~1S?N??IhSolZtx=w`Si8L`#j5=^c2Xtx zjAy3&-cKsvgVqs!{DXMWZB2G3%kA<9YCX|SzoY`le0(Kx%0B%;0gLPnyJv5#Q?;#D z6wDBJldLnN^^ZWiHxK(SpP?VrUK~m69&o%kD}Kfmt=R3)*BbaMEg1beBWcG$%7sjh z$_NTo^5^j_8HD8{QK8)sxnpAg*EFW_qWSccPO@<#Wpo3R>U`41iVX}Ljs_6zFTlroGX563qDsBK-j z-_S9Z_&Wrt|8Krma#MQp2ANH%T&D2s=;pYQ_mp8l82Qm-Rric-SnQBxVHy!dyGBZ; z=bwNnF&;0UrJ?Zh<11MD7Yl##@NLbC8LADHcg_R|E%}d0d>Hok!h0iwYZPEt>bJI- zAcp_@?&R~@%DziKNzSzEr6Nj*p;$w9#uCEmbs zN}=fg9i+5*b;W>iLdW{e+Voox-Z1jA*>B=+g^R6E0ph^ld*xnC0{v>IZ<~q%#_1U* zg>9SFZfr#mT!U?0hF!BuH^~#@@uo;??MZG_g%DwfFZzT6!kuvuNIIk(s=30(Xo-U*&ji?C9nfr|MnKaPr-Llapvnbb+20w5xBx zS?)x|kI6({JrPi4RAt)jqZ$LG0+}S*j-vrKHtr7KsWIl~#w^Kxcw6Q4iq7+ic)p7d z+!exAh;?x$#A=h*r`7>^NgLH!I+yX%wq zVe-le%yiW(7;x_5SbO4&P&{UCHjy_g(qTM*=}9l3GYcM#A=wRTYycnR+4X4VG~mnk zp9;@2ac5|=Sz4YcpY1na)4QG-F0Qt2e+kqEIefJOy%FX3lb6?fjLr$`4Id7OC;OhT z5GoYEAghuQNQw~w%&HV2BNLV08QY#8HvYa1#c%|}x>M8aryoZ)c>KJ1=Jg?_=da`I zK{DxSxF}TB(K3Aa3}CA=?W%lB{mfc37cwf?gUf_b`+J>|RJreTlcHH0|6N)z9$x@G z*%;)#5m+XrhWUbe^G~hN03VCy2tspMTXQ&bJPWHXFN$z@)J%L6SVsp0Q{_yS6(;v4 zL*R#gFvThX2dyi_?6d6GNoPj57`LPMSdEJ(;aBNyGP)60!lOR^ zE#Wq16A|8hf}@Q5u5Q$*!ra zv76b&wiu))0o98x8X`b&$`WPBU9vqD7l&z{tnsDO?_zRDgKngx<7>ZVOUC_FnENsG9P~U{^W8n5uhhZV+V!?Jej1^KvC(1DiB( z{_KZ^O2sepg80B0OTWI-&6l3P)L~j(NghFO@ysyZT*+|L^X`S;E_By(85XiXSh^4U zX$(}xJSpmFfM11vW;m@T-X*+d`p9Tb0UzW}W5C&w_AMhc+JwRi6^g$x{rJes6;HjO zGi?1Z4>$nVVm;iT8xm^AU@9@qWe7{#NT4GqZ`gHrM=so|=DjjoRU${Y$lE0AO*&UbU*QMPs()9V7&fnB zMi}NyWSk@>(tUYJn^*b1%4=!vrQ4%&iiNm<;NU&TDGST%-P(3v^+9o|J3J~E;{wP% z((HNzRH4M$!?0WM9H%On^gLHB_>cR%f{}X6!(Pc2Y@)zx{4jth^Io-@GZ?K6iJjz1 zQ?1Iq`DrRiJj-VkeCdE;#rui7Xi%IEU8wrfkPp6Y+gsaKY=xHgI)&*qDJSY6RM81Q z9nX3okjM0ZJ*wVb=a-5M7NmD$-%0p;@LXuCg`dxs{Jg+qOfpDVHQlZ1%Q~R&lap6B zmqFXomB9Ac@?$jmEy9@xXKD=k$~{Ame!PBkx5)T7MK5?moVs4vmUbcyd%y zU1_G3ZVy>3c+j7Tkhg6@Cc)&%eGP!p(BV|jTEMOb^3C$!%WHDG&H9l&C%O@dTf&nc z6cS#qN%hE{JPG~qJ1X%$Sx~T-t_o@UQlkgcc8xI4S8t}SLaU+6zX8O(Lz%*ikj!&u z#rX{R9kj5)r#XUA%QNWi&`a||3{&8y3|8RG!5N$!9w!Cj&re*FgE8k>Dgkjaq#oBHNuOnFzea$d&TiAgeVs4n^fdP`G*#hfZ}-<9E&1NjlagH6^2>gS{Pd# zbb5TvnU33owr%oVJ2|b?uIDmhuoPF!Kmeb=T=1A<@u%CABX@5lQ%VqEWi+Y>mVjBy zmv8$LA#*d%II=Z4Q%Fo0aA}T|z=7vHw_Zxgb$PYm=Eh6YTAWJ7SuY#@;K)m-8ov^P zjpc$Yehn}8hlkNuLtd`xVC~3!5cD9%)c!L*$(FX#7SiW~HOQuAKKA!p{$H`LSj;h( zl!zdIp!kBvm1!l$t(4kavSOE_q~D2hC$;X1_6M@vWs!v?0%8>A4xarUzJD~~2c^bk zKQ?}b7A_WzLPd)E)u@-$6dsz5B_y)nw*F{RzoFn*RQO}hY>1b;izPmhosTr>``G#s z8I)DqRZ`5HMCYM4FK#GmKl1cOi&1Yyq&6va(W45M&)X=x#wM%NUPBez^N%Nu2gm)w zZ`=oY8E3Z=32=TX_TA5VZK3j}SlEm@;pD>*cCPL@W?_z>xb{fa^V{wpg`Rr0kc8B~ z{*DuuvXI^bUHD=YFHU28;tvz`@Md()X|K0b2lvNi_6a$23NE;_$H zwPJ)}wBNi%&Z;4LyYSWc&kBw@&d0Mqt)6#<20U-}1k8^K6KD9N&#q~~gTLiUm_3SK zuY{9}3hp!9ipC5&zf3QTfnjfirB?FE<2mDlK|ps7Ij_dmi{_bVuiyQ9Z_Z+>84@=qR*|1y9iR0nM_5lI>#re4+mZ~99m*!;9ix^t=d0Kjr7jmw~K{&a&b)Sj2r7TkTEg)hfZhf~I(EkFC}&Zp0`a5GmUgt?8v4M^)=CdIO+z*A1)i$jHB?7d?H^s!tj&( z@cAvzJXmq(`7b#16VmHD`C%JUfP(M8^u5MO8FK|WoO|t| zaA(Ejs*21>#Z}(jJ3>Dv12J=e`nRfg#KHz6VRe=}bS!kHn7BjB!Z%Oz2G#dgtx^dq zDeS5$%&u+)G~zOpQK`$GMl{rvoQy83eQ&5_blEeEN-j_TT8#->(2234>&m+SKnE=D zMq8eD|G_iFh;F|#HoMcvHNJS~CHz4a*}nNWE&Von>6(e_N^_Z&_co0RP)zaV%j^_MgQ0MPxMaw^G2IVyOi_(QoK)l68=Q<%!(h&&Qp}G#5BO{6?AVP0 zUeHkN>3)AIzU-^t2$`|-d(ImIdr-b#iZ8_r9$Pw(DpNVqsJhS_SK=Z*4HS6u+AgHY zL2NZhKO739826gqee%~m0lp~MO&g6r#=5he4MC?we=ly{V!l1>gO~IUHaNZAk>>VH z1Ahx7m_HHUlp7xWbNaOL@o+lRu?}=nd!yoC0%2ceN%#5GTLH;B)&QQ1S9Bf5)K~)w zCMD{4=6)%!tPFi8>pzc%kFsZSG5)rJ(;ZHm-2r93<+gQt(F{zgB|ugQmS;$2PhtR@z%w%6)-v+Zt4uR>N`PqCKlHkNn0M0xpC2cd;=6 zr=fYr?^rmZv^G#3!Q6_DGT;QR1(W54cDr-bN7F;=ukylCgaf;6?K`FVV>}KzCuU`M zOMU}!&DS?S4PR>S7a5&fX#IK5+y7?HOz`xXS1N>&)acOb}X(I-aS#vXP~0%}6)Z%v<+UdiAmh-mr^eZ8$<9d}xt@UcX-;+yF6TLw$|0wq+jbrXLcvtLgd zGra_HE_hc%fUCbHj>}>gK?`cEZLZ=V-5MA_p*lPmP!+V{-z%Nu^+vZ!=6>6yLFS@# zi;E_;VQt`dNg3W~#szCX!=eHN zRdVgSxz470Dz({87fS~vOKA>2i=|$)O4UhMgu&q!osc2h)6|HtIFnoco-hz6c%aZC&=tNX_uT|8jjYY(}|M z3cQ>sA;)nU9ab1c4mY`E#B_U74ap5vBV~OZ3PcE0NgqTa7>E3iCjz`!N$PVmCWM!& zTQzAHnKRX>6!)FC)?FzlH>I#;e@%#OK#jckQszwQ8U$?RwUm5V-=Bz=CT%S?q`UVa z_cFL7oI6HRGU&jchCp?D4O37T=(KGn{NFpbRr$I5qBhqIIq5me14jH_RQmpW#5<(UoeVoq zjyg%f^WnWUN_<>+tUDl%=>$yol6H#r7w%)n<`s6G2ORHmMp>Vl;|xNqLhK}5R&TL@ z29nl!BmRUStF<4YDye>1c~G!rm|E*Er`N4guk`0_Qp<*3bPAKb*I;pqVh`Ux{A9*t z#{H08EKJN-)FjTqhUT>T%FtoUC7E;sN2e%#mPE0um?1iP$D#rwXEi_`j&YapP0R;L zbQ&gosW$R0tDCYX{jWeLx97jF_gm8Pr`I6N5%AI@4FV_Q=DfgIODyuPF!&WnR}sZUWCCw*p@ z69kJTHw2g0i32Y-fxM&f-)h$Prshgazl`ynrv3f-g*n9Z=!x==Mz{e_NK_Dh7eP_u zn+iy@ku{Gjwb}JRXG$k+i0TooBV$`>=jba`E85uOZPG_N=i4J=h{p=2apA|pX*?sb zYnSnq<11R9xjSRYD^tMIGwSKLXg!zf3x4@^SWqd_P{~CGnB#Tfm}6}9_sM5;4w^ox zUN?zYeR}k+Byai^{BOc)<$u%DrZ4yV!qHR*h^KNayRG*>mi^h@Kzf_4k;8ZhOZc7xh|@wO4=!$A+e3$I>h|dwqkrZ?_NOx>T^~U87}F9@Ci+JHO_@sSeX7?<&P}3(l9q z*u*5wh^>y_pVht`YwuifM5^Wu*j4N;Ofu95bm=o7)#XEY0)H*~*|N7fwwyPZar$b6 zd!G3>9kl>oKytg4BYW~ai50OK7p5V-F{*cG+ZX^puXAy--pAlMB$&lu$*?`$PV72= zPuo~H#;WJZSq{M}XMr&C^w=tzA*ci_skm^Tc~*Y>5U`oqz7Rbt9#)R)kpF)2T^U&| z$x<~_5;o5g*ywgoivC+YWxD(?xfR}?cEp~_e{JYst${#<$Bhy6t$xIhf#REU@3O^w zl>o2v3IBgud%2cX5+}N9Yi)>LW8wE#ZpWq%()B=|2giyr%l`5!Dnv=ve7hBxx?G{> z>+G>8UXvizhN(UH{(8MzT z%hQjdS|Xo|*|!M!%(vei6X-NOjq;5n{tivRBzoj0t=_%h9X~X9Ru*^v@q!grj^HbP zQO5={%NyuM=e#yoe%k%>D^pV=+Zx4We$z@w4)?V(W_=w0(LWL>3=qz-?$K3tUKBT+4}-h;Knh9?{h^?oq>eB793>21107+u&(B$a{vMHGqq)$Zhp)O2F6-pvI zW^$sEUnB+UA)3);CfQZtb+kBhz$K3y2$X_N2X$dV82pWKYzh{R*u1#K(vqQQo0WS@ z4h!C*#Oxa&eHIv^45^-9Kzwh86otoXC|APdW-$O7F<=2$Z%+#unaqs>hSU!f7a(8L8M<{Rq$ zGlp2ezTIKf<*!u_6#kN;Om*`cJ%iVQHEMkQ^;gVRO9+2#Z3Kv(S6Qgd*>8oJI~5`! z@RR;s2xWSLmnaiGQX^82v#xEY{Glf<)$<3$&P1W#Y~E308$OPzU;a#=_B8s`{@oG? zO`Il)@0vbZouR+<%PuKdU&?sHBH6z(jPC{TT5?RvFVX|ZZ;U7-M_ju*9ZrL!h0e0U z>C(#^6w}%gFe!4lden)J+sr{Q8{E;1cqR3ut+i=f%pf6)7^!5)$+s69Mb-;h?jd== zE{b>2x2@A_)}%J2T7^{H%VqfWHz>L;3XU5)X z2@{dLbsH-Joewp0G&w;~wfVre{B>WHR}1NDE-Y2(>q#HoLzc8#9W|EwF4Sc?J?dFY zS&D}a(9Yj~#U-ay^cR_@<5ePej8h?@REdnZd>8W9ZPkIUBQImng>JfWk))8%8!fWPjV=+0s)TaRLcX9*zNI`NPn%Tjr z%j91E6@#YT5g(malaNLx*qD;k=BKValvHRCoL~)TLYGYltAvp~G`W)v+!ps!JtXaQ zBd(?kUxJU79BN@6JCkfH-G9Crno!S^=`R2Tw?2C=0YR)uff@p6TLyrc;%ahQz(H&o z8+RivGRW*}n3gvgREH;??*y(l>0#hJ#|(m%@8paI8( zK9~Gv61k|@LK>L?0XwJ?t%MmLj=S!CP7w7+=88|0b)hEuA!Xjb*z(M+Qg%K$ao(%X z$U$2qaO^cWw(dldm7R#zK*)7$6R#3kGe}{cqTXyCb$vciyfi?|<{3kCy+uapyrwd< z{m-+bWJGn7UbLdC5b#?0SeQN^Dbh2nssk-)o&2$tLdB+(JMND^WHIpYFKoy8yi4t}LX-Nj?iO70fB*yU?CDGhV&#Aw8*F#CCkUhU|g zF@}z0`XsP8sJ1cynBT~R-+xv88G80Uyr-mQi+iOW_KI`psV4j{Umh+_vhMnE_rypw<(la487Ukyjs?eRJiA$NB#g^n^3o0lBm$I=nK>L4VP4yM?P)#3ZfkOQE;DYk z^QU$~QXih`u$E|Wj>+3JSXF1Jg6@G-q^omGyiLhAvo)WsrH|gbFU|# z*UqY%o0qZ@46B<~SRqPc(h;B|`iYs#Ak~C=`%HKc8CJmBBXGpM6}!z@W~;X~roscr zL}a=5MM{E0%C_eNb#S&WT{a;pqoJauWKkL%u|n>}-S!lpqMEzEkvmfZiPle)SDGp1 zcZ~Pg8`_;36g3bP%k%fjub(=ag3`L_LG8zj-51Tb48`7G_I|eWx|H zvdRgs?=CPUPc=du!9^`!fq%}+sR`6g-l#VHHs&2gQ$6K$r_Co(SdeizoAnaJDys)hnDcFdoeZ7b@?Ln_?>H%gCNnM|)h7q{=1f7= zvHilyrWMuE{$5s_-Qlsw?7{%cc=)!*Mv;6nX0)2oywX*B&Aueq} z=uV4xzjpL%u+Q@z=fS<2EF9L9q1wLTQU-gc2>DOKj2>k+1UDVN)6AzB-Za zuxcLPKnZFJ(Kvl)kfxx65 zV(7+uWG5Y+(edKBxJksYEBaGY(iR}Ao8tyik#Gw_Gd}AolgU;`*^16Y9`6@%_wPZj zFI*Sx@p6Ik;erx!lg#e)AB*jY_L#m;^>-FUdx5@PYc2Qk%T~BD1C;wV!xA*0503I` z9NK&bj+-Qo!rUffSW1z!&Otlc(b1g-kBV(3Q(o@V9n`S&)lG>R=IO$0wSZaj!CCR^ z?XN8jW^YYb-K{G4Bq-1FLd$(ib_X)7M>9G?(afm{Zlb6>c&DS{|L(M~W<(!VjW;W4 zYV@90#|4moR<7@T@I>B;O1$)e^A0%B?Jn}6Q5 zSLBn2R$q5zm(@MH?*IyYH&c`_-OzQuMI&Y-R+gbn*UyJx+^@rUa^xAG!g`Wx$m9%z z7)c|T`}NP)a!YE0UOP58dis?X~xU?~KTyJ;I z=1fk02Ylaa>T9ug6@K4uruuzUmp~4!yl+^e#U>`g>Na>R2Sw*~5VxxHVR2{8;ta8t zgAl21%e}be^w8U5`OR{~%^u+HXXx*!wc|^t9_JM?2WMpb5(T`e{0 zJ9mrTyox!zo2zMDzMa|zBS!;XIZ$7_nZarXoQ~zR2{Vu8U;N1~eBM&{==Q&9vl;xd z$@n=*iZHT7_@k_wScpk@bw=-=k0TXlwYrYypQdIdP@nZqHArpcM-1&XdSmYo`Msl$ z?fVZ6mHadAOlK+IQv!hqk|!fl%-~?grt~3i@dR8jV5TEsEp4N7D{+Qyd}Unqd;o~s z4)3F`67TNo7LLdo4#4OId%TkFRH!P!yp{CbeZM#-^X+(O@BOOfJ%c5YN1Xo~q}cIH zTbgT;>|@Q9Ohv^~)i35WGZrO~9DowN(3Kc+T262>#-dFKYkBLk!Ebtwx!{C9fO71D zpOp7EBy>0X2b`6(W?-=o)xeQ&;=f`3i2C~N`98c) zhK*LzpyQoeZVfzG=6%AONNj1u*570m`dS^wTCJFuj%aDzEmU+N|1|Z{QCYJZ|Wki|r{zCysJo1P6%8vpK$F*N9b4NWV zJC|4fQ`v4`7+$OnZ_8cuX*x`|CCXQxOn$X6%+nvJl2H}BDZpv zXv1-ajKO}TLx ztXW2JB2?CFgQ101ibC0U$}aozB(g6_C1fe06WI${24jpRyRvU%U&q)6GtBRP)Oo+} zdwzfT!#TO1`@Zh$`g}gub#F+kUN62163(^g@nL8GRYb#rVvkT&h0MYT8nrM~E=vy% zNtM&0mW2W_#f{mu;E+Bhnip9ck4i8$bQ*pzE=hV(8p&C#Sl)W7It5blsRdUs6rsr* zi=x8<(c#C&EYyr|QXV)zt+p0FSY8H#=(p3af&GRcpjg4m@ds{GF=ju^>pZI-^vd7y zg(LjWHkXoCFQx3?S0~jr^aR{L!UdgaJxyA03?svb+1oCKZT5A^S`emrWx%!Hasmte zUqu%N%cSU`rEVEB=}m|-BoGxcJp&iP`p$|g0v%~VlO-rG`y5@(v^YpRDGF@`CR|PkoSmN zyk<-8i2qJDd;tF>I1=>MkUW8+XG)T>f24XvnFQ|S^Sn!QAk>Fqa!RFWr(&Lu`sA8> zD%+8mAz4(;!vdvaqL+;6)+GYlPWahP{eKQ4tAtnwMkoMEZue+KrH)>T=pVRelkBrAy(49*h|^|=LA)a|_RzgcKa zjPYAF2prk&e7lUfDai4BN0z$&k^Mjw)pZLT^>#*ktxoCS5&Tn&c4*oo(mr`k675eL zpox^SzO;i&%#_|B%k3Y-t9^=#l|7x1FPN@B!2KseVo#8WKfnt$MicU6a!vV)&nkK? zj3c7QGx+glfbnM7jMb@qr}Op)pr|eWV{;LL!RzxqAq?Cy7K5eE=Et04(m2lameH{d zYvGNY3-CswM=~`VA%~d!{Etujd^SdkNW<|{$lpFK=M5b-7)0_ggg?So8j8e}svo?3 zZF$p9A>q(qFyD)|umGOHgPbhoXFAg6>$nAfxJy2^Pg>wI~5 zf3pqH6~xm*&q2EVtgpyA1R@c34L5o^q>e|Bwdm#^IJX&xxdkCfPtp)K7q%F-_}~M< zeNrR4E6oYqLCCD$n>PB+F%4>IsP*M{3lD#gsKn~!b+HQ0V5WyJj!^UlZ?+HQ&ptr5 zKjl9Ebz02yY3X#e$`!@bwsEMOlyYXfH&B%c(rBBW@O?9twJ`+lNS#iF{B=hBrjaAU z2F`Nc7j$wB5++GmDc+x*uwzb7!q7jNm*7KZdS_6ApY8v!j)62Lt7H*Z#d}aPTgE9iy7_tp+sIN zgEp`+QB7~~#%^OlPLqemF*vHfO-J4lF|o$Fonx4lY}(>(zWt6EK@wm+Vo)FfKd(GC zIlQWQK_rFd)Jjs|KCcwZE#i+#VBY7C^D1Ss=an~Wz`e?1-)BD5@`j{O<8z8yk5b1_ zU^nUWSD3K|^QKqA50Lp5jW282LeimW4Aw6WXwbGmHqv2j#^CX%a#raHuhpsx(L4b$ zpRS&}OqNFm<%05(QCnRt*CWB9)=!tuCs+%nd?cO27#CUHhIew*gAEVp1EYx%LY8#X z5?zk*-8Y|#+69dSpJx+9a;90^E3!H^e0`+x!$Vpyw`?jgC#8HgGpTR{1#LBI7LF(f z5@u%8a>+l9cYZDtW1tGy+>yLUna4CUA#yw|2Y`!!A0?&}q{CW4!Ux#iH=TCoVaJ6n zhw51^pZ=gTA$zmyv_qP|K1tY=x9h0=;s|;Z$s$Q~IHXLeMNe4&B$WGkyE`F@b`JZb zV8y~5pSK0K)T^2nLihA0)s`l7NXyM=w~3~H6W#HGh5CmK@cbkPq> z@lI>E=y?^So98`-+;qpnF&%@P5@uI)1m9kBl1n^vVJYe0g(V+EPH9i4uN8rL^T#!T z<%DFl1{Z~jGd-uIC~v+;C+X?wgXeLJ>ZI@x_VE_Y`tjv+Nzk;E=Z{X~<(7iJ(>?~& z5USEAY>txD#$g}I7;lBPsQ^XB?kKwU^@rMI7XfrZl-1&nwr5m~Xl^Ng_J}`aoR1^7 zxX!grDSikw9w}Am0{VH6GD?SPSlJ#db3LZZ6Fr4}x}T?TKLjL$2OzoE* z4PoI0A`R8k`0r&9AiZnQttD_7jXb4VruSOWhWm98=7 z^pj^_dxqmDWCbsjO}xx8Dqn3y9@A|a$8s3|7=%V?_!?G{L4PD5ua${&sm6ZmKc9;- zs=HnqD6}E*Mq7a_KoI<-M7*lDmU+m}$DG7Z((3l3rIS`Uer)0GiGjm@R}{>6i9w#$ zs7l7cz{CEF1tqm9*2ECf^6))Qwr^Tv*;nQrZ}gUzI`TMy_eT4NJVp#lwRi<@C$jo4 zP5WPfpTzl-=5u3U5P%GO=n%rT$&deP^yq1|)(5#N!Gb7p@M51JVyx9j)@u6nvlR4(3G)2w z=?8TsY{MTpLsTdFz;$)Ymt|Z`NA$pZ?C8{=mhgiCV>kTtDmmQ+z;vGQ}ANDW@GV~4xT?QyLvkIk?nK;%E;$#;U`)WZ(9rU z)#QHM-q@$e`v_-O`DSdOZ(Gk-*No@Qjc(Up8qxLDThpnjKh2pGmsQ4Y4CH&S&n?qI z%XDM9{*$^D4o}vui62%=7=yZu`!_>TlVpzxT1AoqT%^Z4jlQak z=Vf+myl7)Rugzb6cRgp=8y_YF+GEf8Yin>?IlgigOoP~7d#y^O!E=sz zdIcXqH)s0fR)0ug=pg0gfLgJTba`+^%JotFa7RM^Gv0^rOVJ%;`Et|mTniQE|ISJg zF_=~KofI{09NqyhVR8T`iDIg{SIfb#yb>G33Vv1M=A&-nir5|i2L^W|1D~x-7kzPp z_yKeGsCBBJyN6Zhu|pFIe}&qasm;1{IWWvmo=qf?%OI|3}dwpW_P z#9+CC@TZa>)H`T*>%T&`68wGcD0!e;(~rDy-eA_h6g;zAD4qfyAA-9NnU7B;Ikv8> z&2*&0fShuO@kPa2=gnjP+j(B%RvV<8owQ9N7?*bX5tlJc)~1uysE~A_r!+YKRar=i z2kD*zPptf=BXtq|oNsqI+&jyqrRg+r6m0E4p2MdI2FF7$n4fRS`&Comz$1;mcF5OH%!x) zzk*oL{XCmd-TacM*7tEQ4n}o-m8vT8Qu)7!vRst9bIy0WE46hl{XKL!ggsXVu~xav zEZ2^MZ^mzk9A0X6WSxZ;VSWk&xvS2=Q z<@lwu@1eo#Uv#q1xRreW*jlEa?0QFi^4!h3n(k@i%96ZY!dlsErH}DYKIx%PrAM|# z@+NAU;*tDWo8$G)>ROj3pOP8pPQ-vCy0UoMX!mG@=@S}u(&YmYJ{a-OwE{7UT8ad( zHc?y};GAd#FHg>cqRc($$6wd<)^c8Lk&S^67bABuM}*$p+2{hpi9tw2?jF=kH)+<+ z(%=QHWA;aoPX}NtO*!w6j!<_-B4EQ!Zb~(bbPX3;-Xu;4p~^gKSyJxg=oOf)eKK9+ z@O-sZ0+CB1td&<2($(qHQ3bBktuDi5+jH6KF`V^I)p-AFCeDtW^%mnb;K1Lxl${0Z zc=NV}z9RJ)#tWcYpsTq4x8`|SLH&G_nwh(p8L@WV*`lm>E=@Dcm>JZJRLtsB3-|wY zEiQ~qK%+f>6{XydM!HV@IH{ztS-Sp9KLX|fzC>=WdJ}vgAH~ELQ+3^PO%zUk`j=mx zxv3Vz3H^76#)f?e=lSL>f0(LonPR|`c)E(y@@>M+1d>veKej7nqu3?A0meCaT#!@O zZQ0l6;yxcZ>&0vSGpNy}a>9iaVx%=|jMoqI@G{qFV0q=`C`-RKYV9#G9;HW|JAof> z#=qGhFL|JSptVrbHKttj?slht9}`wQ_=unIQdtCLhX9S(1s>zLaE?xXcd9ih(^lh^ z@B9u#B~T6h$vcUUa~p$C%Iv06SD~f?5{Q-`DY7j_Qvj+T_7gtF8zm|^CRR2HYiD-X z`7KrSp((SPkizG~Q9Rokg8~b(j>8824h?q69FT#Ns(b@c)?--uwkviikJ?iKW_(mNUY_ka)STc1x{-SC{u^Ec!{(5jCPFw z1YYt1f_S0V@Hm20YK9GGOIMF_cd9>W{mOhLX?QKOLm;?=TuNDKzFEG5=RnJO*NJeJ}ragJvt2*#j z?gGeoUF`fjB8=`St~3b14S574@9q+){zO>Xz&0Z-1E(+F{4%orrNg*Bty%&4Kbze; zX!qgyW$Fl(42k{vqA%;+J##QqGu0@%4Fde8JqWU_y*6t~Fa>>an#x|V(bzXBGt^B! zs`aHlzK;2ZW%jHrAJRr0C*5atiHvuLL1hQ4i5x?9fqw7$2T_F z4*OwdE>?^&IG#mMnbEW7&?I60iEGb%K;L)||7nl#5lYL*IdG$w9Oxje1E9T?qGxtG zrPggJ9qGXx<)azQ#4wQP z({*clr1$W{^JlivMc|O14<*eO{GB49_up>aQVsTTcSF3~7GpWwKLa(#iD8QMj>-vO zu;Cz3vx>WlS`{9HIlf1y9Eh7oR!!iT;i%0()Y*-tAtacOL*fMD z(pmG(s~m>X-reHfOnK1G{7vN0H~Rqq1fOWp>-y;X733iTV#kvHD41aApBYwD${$}J z2jGqu*7Ukj08w|rl!%R4qsR}ocF&G)_F1PY!7UzxUyUqdo*3C(9EpaFQ{6HLLd5pp zlPnJi@q_2!I08J)?B0C7BocAao6XU?E2*h~5-HWn2?(t6kP#nLqlN;C7jCH$mq%&J zW8GsqG4nenyuCdCkhzvPLUE%Y=6uR_cNTjHBQKZIqcsH$MPi+cA{D57SvcsADKbVy zT`>Iq1eomB1vtlTHJ{j5`(L1R<=lh949X8K#-;kDVQ>8}+XlLg*=oMHamsmsDk2~R?;-8ERVp^$hHS@ulyvmLKPUR8uFv+Sd$*RP&$I#<7 z^vz=`!5aJ?he_RC%Svy`c0FYTsu-LK&N2BT6<)3RO-UU4=3u{(ww*=lvMgFtqY0Qlnm%AzCWW1DJB?(Zp_zFoxK{p=TDMZkv|hz`T# zAgrG&eR65f`ruE2XwxwYw6)qC5REQd&9r4y&I6S(tzOj5tfrU;w(YqDIVP1#nQkT~ zx4oEbO|p7TX+~3;SBflvoNNYktKkZ+$en!aS#yZPqAh7iNFke>e-K|KAFMOTlyrA9 z*$2bv;ABpKu`dGd@>!IwB|Uqq!hDWPB=jdVAa9!ao;)%8)gZ9P5BS6oHbu$jMp6*l}BqK{af0!e*6~|Auom~R*x+A?lZ43yDbGWVeiitB=SVjXJ zx~tR+ZYr*r`49m_jv6T+JlWbg49g6_R2CR~mBJrRfXwBbhunHz`%x3xe65@bm859I zMOrqX{>~4O<=eb8oJagfQ9vZl5lIl0G|8dBh){${=6fIrz*pm=w`GTPbvEYx!=(}iFRFbuic$>~H%9{j`I*){J9O;E>2;W0DTD7#*ADcK zMmmRSzB;K^QXOxSUlheH3&Kf|o1OIYA6bS8d{AWddS|Ds%`aD|`gDCbn`pR@;@A;v z9F$6#0Q;RVGlwcB&pQ?@OMVZ}&a3)fT#$_P`2Skj?@pJQhk_+F!fPTHSU&&R))FkG ziQH%+H+JqPP`F%bZYE-(LdwLj$@xpc9Sk-EW&+_37)*8`_BV0T@=00!I7{AIO{Mx0 zpf?WP)v~FnE3dLxV?doQ;%Wr@p1ISqA~clNyJ32l_a*p@h%U}=3^)Qy-IDq5wz#`8 zZ;O&Q_b^)>wcP<&gR|!S<&f|!;Ko>(#^a6eh(~@Vf*KH-rwFDixXF{gaE;x5J^-Ra z0Jrbaw}GvU>9TX2h+l~SLvX1@a^0s zcBSq<0o-$o2M)d_=cN!7W$fRx`4-kH%~d;{@m1Z7g&hzp6N=(Qe8y3cR-AD2LK#fP z_X4pI9P!^aQ%DuoFqrWGLgKhlF8MhS>*tnV%6CF8}b2~eB}p6{7Wy`itLSlk6duYSTDq$?kJt7dOIa_zO^0|0QvD)#Pgm-wSU zX=yls5bujOUjM8MQ*KxQDY@WpZ4G%#*Z|5^#3;vC?w+7N2mepvSRISzIe!Al-*GMe z?xFv3hiyK11*I>>cr~#H?o8|GM4aXY`}vGG4fx}6Oet#HAC0#^nh}O8VL9ek0d2K7 zUO?BH+ylY;AFJ%vmrbYWZ;bU+F1f+~tY{Mi+x`At7-?ZvD3kNubRuShdKC7i(aKBM zp_Dxf7u$9h+Wuvlbf_kJYRyFgFhu!` zcICHu|0?=-11RT>KI?dZL5{xTu$I42wf@ENwaj!6D)Mt$6apYH5}?sT9L&e;ZP4zj z`u|Q&Iu)*+z2134qGK?Ze80o1x1Zb*;}5F?LAp&F2u&_W>%+z1Nzl3tFQ^tk_xCXA zU!JnNSFkH=+Z{*k!X0^QVBm~p`^ZpubfcPv39x%)W6jqdBmMpnobpBiY!a>%KxiC! zev6O)-6d#wJrAl}$P;?!1l8{8k|L`X5&KxS?g58#dpLp^mDk=gz21<8b}4XEJepoj z+7*u1u=%BVjDJMI43qETV`EXW2;m)k{FzE0zh` z#K28)qF0eqmAvrDm3WX6FyO$ zoU^#A5f{_%Q?~P{-Y~F0|8hfbZr_bCf)v=nie5g3z5`d5{vGDSbsSa8&kG%^VC4q_p)yL}q3ok)e^&~mvsdYs@K_pz z)w`jS`K&~YSEPrkEEgV3G^$B{9k}hv40HO?e;BR~6hkTlVOO(6`?mQEO9B7ertuhb zR^K{ryWj!15AIkwoIEc!b21Pc1Y%yvtN{NtUkm*ct)K<9Lz@fMD1Aub6aaTJ90AZ6 zT*d~q>D}Do@#YKVcCfiQ^h+FgciP0Gah0TD{pjn{pep>I&VVvc{NKN-gMq!1C;MqbU+|PXnY;hmr$Rc)*9~F*9d+<3aK3567s~g}t~= zpze-P_5E{aU{y>^=i9NNm#>$vtqbb_|6ZIvU1aYsp8sYg@w%|(00K3?)Cy;hrOO++ zTR~2=KQjU?elwe^zl?p4B#6$Bj)m}Dn4bW=Xeux7Z6-~Rfj~1i_L@;ES^JeXU#bD> zV^7l>UtEt0TRz0`MKr~0cs)77yPb=<|J~_PA&J?bDyG$NQyod*j zX_>7Gjm115&8|m2C@veRvw+i zs&tA=&Ah=m4Rxda@v2Zmrlz6@SAxSq%UH)X(GNS>Oc~ws10}JSzL^`>b23S%*!W(@ zAwId@8H-wa4?fcV#6Z>r{)UrT`*)Z5f`uzRjGE;Rh6Rs%a`6x-`%Gpuls{Jd6};ST zV#8Ul*Kqx*i-^;mGc&W7Ba!f`kNi@o-9D^DE3?`qR5*pR#B`0{$r6|q-6 z+eCw(@`5Sse~wEXz6#IcY^ei~2QlyWN2&Lw_>A>0{MBHw4b{_8d6;jTJ-XNM)twTaIne!cNsU5moTJM`aQkn{EFLwm~JOHw(# zac0GpF*Nyjde3qD5o99w`16H^s>lvT#oaZT?;lHOujAZ~v6KAhY11`^X4y5%9$6MR zkJrOokNr|I{O~B#+z*cmhH=j;)0b*@Q$i5Jt$N=eu>mx{Wq(jQyMqJTdT)dQQOMV2`|TAeArU(4 zqPn@~zz(X1Jc^$Az8O*9@zJt0X>=$IXTZB-+s}h`zUdRr8+l=a?M9l2TO;6Ns3EyR zXn!}a$KYKBK6st5toB9jg%>I0)Q)2>7JbxR(^>Mx%!_GaP&>bacO(b>@xnX9{i3nxEzikR;`c{rk1n{rQlJ?43~EGyDu=^U9i zCU&k;C2yGf{$+OpJfs8Vg<|H?fw1T)m;2V-AG6(aXJ+ZUej8c#exNtaBhdvvC`W%pJYc`q=R|E_f%TXCP}$z4Pw|t zbzWs3$r*l(N!?UVOJ+1LJYA04tw=BHxDMbUv1VKo`T+3g4!|RTd0C->yq0)qXmAqA z$l6wBa@+m*<9ab8$?S@*7IQm#cTliA%Xfdp#F{ha(oS?$^$msAnPV5`evl#lnAlwX zlH5Uqn4br$pj5I!jOi`*5BpYO!?l7#fA#Nn|` zR~!*6Z(=if%fsVxA5|r8ZXa_v*IN1Hk^D)>2yFeB`yLQ!TAr>1YJFJ&uRQcVP=|vm9gQ;&OMEL^ll_FS1QgvmJ*>ge+2;svB zXq#oIQ$H|c{QIE@vNCO;1}j%Zd~#sGDRAY#^o*mxi z>uBZNXBq!G?ld8@B}q0<@B0&5@TxpvTe4uq_BgHlv7;DH)&6Ntb$3LWUnEAHImPcM zMQgAK|0>*P{c5MXv9usdN7)9LfGl_d4uT0dvL~!ZrrR?FSkEO(r+}e<-zoO z-l}yxc2eM3g-}!U)|xTujpN#Z2?K#>*ys$v=yU%#*FR*}9@J2cGr6**H+lK^DSDT< z)8L!(u2y@s98uO;9P*&h_Z}@M3wNHK!NdJ<(gPvP&%rC!m(ld}>qod^3*5>#tP8 z(n{zlq#_?!%KpauiuYc+NW)SA$_|F;p{IT)1@^wy-}L)yhw&Mo*scysHQx??aogIH z$Ce08R9!Et>{z+}%ccDmA9dZrhEw1UDlR>MrP}=2+Qp#FcW%hS)+*j^;x1QsYDuHd!1KYX)=!AYlC(Xgz;U{?MpO!Tq zzi}%+{TzYo^k1H`QQpLITad&2y&6W-IG!%YT~SnGIv@SU-P3>Zc|^pq%odSk?O`^{ zLji^>TYoVzio_ho+szbcA^%o;4OLI&qrQCd24tt-&iUB5{y5+uKA3|Z;M|U~lW1re zo_-%sPNF{@BQTq5>DzO5cy^=OiW3*;UsI>a7nV(0ed7MI=g zeoEOPn6csU9@4T33=1t)k*5LIqkd;S`vYlJhK7FJ4nD400Ls2*Er}N=>kSpPB44O{ z+RXiE+D*5^ufQcovvyG@-bu!Z)f0-jpJ6Z(SRoW1r;4hRuq-i>>A=WOPVJLD;v~bF z#aT4dW)vX#IT%_&%NLqc{3u;UpE(QQ5(IsBt`69}Bpc_gpe&lf{d znl|_E%cK^$%>Y^??)#^8z9%;w-9(2~pJ8|Q)v|m5X|&uvdG*UN)6nXYbuK|QNNFdA z!LJxug}_bw-L20meR(PbqY=_^EYv;E;{)u8wkAw~r&s~J(ExbEq>T$6jUew261swU z%QJddg@JyYml7iJ{M^xgo_{3$}nHjOu?fzfoHzqAS?Mew|G+&b{} zL7naOx2K@ia9x&2qmTsz-O2KnK83aDsd~>eiJw)Gu|Q1>!%30&Olepx-hbcNkq&V| z4j0K8)v#7IiiYG{G#t}a0e4|_SGwgQyYEr#w-WIBCJhrBZ^C9X%D41Mmp4dvy=|B&+q_t|M>;-q&vb+QaX6#pmW71m;9T} z;;}BAYG{>j4$hAB+zSTW!qSNF@#jE!p9H{g0RY2yHo~bIe3h9^r-@Uevtr!Qp4(F< zJvsDFij(4z{s9XE_+d^N@v4C`8EM*jFO=5w!2X^-K+6F##Lcdx|Lfk-_ty^!r9k^> zC9i=!qz2_IO%{yqBA3spKcvOdDG7509$we98v>09isx$n0>ul#2|9p=g51Sei@wkf z#Q$~WK;89;|75<6tM2U6xk`FG<)rtLF)sq>-dB&Z2-RD?&8g9t^jxMxiA*h2RBp~t z46)Pfi{~MSvd0!U$Iv@tT_%Y<_h~gF>rbi5L`CTja$|xT6CERmX~tRX=|C!a-=xs4 z&W7*LoTOUVoG^W6e!^?YD?4VqHd+0q>2mvJrq}!d`#vh0o5 z<bB!gh^*1Dl($`KwL3Z5 z!$D|xb2-jO)KVhSfri_z-s+CrwgwyCXtv}MX67$J^C}7NW03;I34SNZlK0Ie?dl*- z80>$~ssGEgBS8TZOX%RT*IrrJU;eqNOanL@+gr z>cRH0ivjOSmhQOYLw$)?vm<~^iVr*<$FG56xy}>H#lSy=Sh$Di^z5^oFR~1!G%PS+ ztNh5}>FP1;9wUAp_FCNsM{*Q{JA_TF`Q1ZyObN$*qPvMUP`cSsULlG_sLx0BDl_>` zNtM^9&xc6(URxBL^t20{&o2V+E(#~U-XERCqvrZ)*j9=xxnbFV$Sqx=?Jn%vUX>+#;O}x^6q? z6?eKUBW%tEHq{Vynn6)YD=Bs;loD<3oc&GJGneqomjzt%>5^f2$G3fBNdD8(-^P1= ze!hSkZ(DvUQ&5^m%T6*3qCKEMPJl!iErh~f5vt5=3ruRBnay^7#0E2PH(j3q#m>p# z3lquvGy2kMwj3DUGrk;&^=NA~_%5XX<`rM!*WBK3t~oDG$E2`EInb1AL3O`o_(F%v z`Fu+^ml6Z9D5J8!<@{!c@f$wsGLV^X^|u1e?SnG?Hk~?@pwo6Gb(NiAlcf-0j4$$y zsVgzJPd~!1WJJIIvb;$yPXYR)Eob1NzGJ`f_LTT^U9pT{|}H60}m}>~9yi;aXRi zE0KhXqFZskkDxn_Ix-j=j^4O!0r#6DCI_l~$H#J_j7rw;%s%a$K8`!=wtcAQYL-C% z-~Q&9-WA{|or#6=)YkcuHyqUa^!xTv*REety|*Y#o`fr;Q-Pkd*&SOpxB$s*mO{4v zeq`c6D~{%;lAEpZ)ZPAgTgJXt#waY$5py*(nfttgzDbX26A~!pj|MTc70ls!VY~^n79ueZYJt4j<65Z z)*mmO&dEh@ufZi8KgNM8JY6Iwg%4+SDxUd^MmdE0Y|~92?y_My>+YFpti_JcOwEKC z?=3jmK2(DQ`ole>ORD*p?h%S({SwA)jWd<+l^~#C56b)B{N)$&UUig=+IHUR)o?g| zZA&bE@ZOJi@h#XbgDpG>>KVt>DOckLs&Q08P~Zi8K7kUjr0Gd5~L z+g3Q)0YvBf6>&txGTyC^5|NrLTZnNz7vZ2oUp_9;5bBQSZQ)zg{I>e*G`8vJ)MQPg;Fn?ujg^ktrCC(h@5}_E0ht&>_u2J#xZ2^yV{m-^b$fo|ahPkLpu)*a zWV2*PUHRK6+S95ucS~rI$LXAM-z%4CH$Dv(=OSc$D*v{A<&~-Qfp7c+ulzbamb^zt z^iOOoKVJRC26AiB5oT=P=v}St(=yRtrg^kKWM`Y{` zAEc}WU-f+=z9IY3c8$YAp!lPQG|0Ke1MEP>&o9B9dA<|wT$7!%F~hkfYJxx5fcoqhi0b`xLuBew#pmPD;5gu$|+ z;_L4iw)xFz-BVoUUdh->257!16;e!^o@{!#5@h?hS+XEpFhCP=W?36|d6sKue;=I; z5W|(}Tb`$Ydzc$%8h&C_+Kp@>4`r17{sgS+7l zI?P~WmR^-m`0?C_gU1SdGfq2eLP*!Uk45b&_->T-4u&f?3EnxeS*Knx=eXp$Lj(2E z+D`-b1@?91Ej;~a=0jGzC|<8H%DZ=TBFK-xV)1?(mGbc#g2xj{i)BuN#o_Nty;om| zG59-cb(`D23cF79;+U8hczNBqG5E{Z>#^k}<7ESm^c)s}y>#xOUreNOdP_tWP}24f zoZ(HQ8nipH5(k*y6=B~&nD>e=WLQWRVLs~@>!XS|99!O;pPav7ETuL&t+Q+nMR7HB&2dram4~?;@$wuI?1-+2gvAXx}H9d1W+jpyG?K-5b&Y zXNB&bYsQm*ohOwIA6mRb_EcZ32i&o)T4rlamc+#rY*=yyQnVRkP*L(Z<4l&tdn9Q8 z3}QSiBze-vXYs3H61^%ike9%*inuTw+oPl%;`+Qyu zfs?zMiQh8}a=q2Td??o`26o%X}K?wJxbs8kL=lnss96Df}L! zhkj)FSkzHIKr>~wXdGV* zYF%Y(FK_VUZZ}aA8gZKrw7(q;%8hSdHHz~FxzO-hm|ShQxpakdv{xJTh4Hie*`2|R z&`=Yti7ufs?{EvPca<&^66cTk3LLU$`pIYM=rK&a(~N9@Z2CLRb}3sIP0?mpDBNsk zdwo)4t5?MDQcOojd@=r#_YLEA$JT6uoAw}1vP*1+PmaD0!$PNf!SM^Dk-M}1p;Z57 zz4lK()ZAY1daAn;Y?Kk7lx=}qc%Ai&D%!9_9NIcFf`Alvr4QJf?E!>-kV1(dhQpwn zLhig1HwKPC+}8-cb!q4wJ#=xOgx+x>ngQV~|D4Tsj$y5p5#_D16;3bHcrDtV#etIe z4^N{U@zn~$s%l%Ias19wX_BF04@=5?h0g05$J!Z5x%D+Zy4RCCqDwL2n?j@i1 z7&5L{31@hqf1@#6sW#=lk5V*zX4U18YRtIQ){Pl6*9?IWfv?EPBT)H5W+`34LdI3k zlyhm&vZr#)Zh^$z>;qK71q(OZo3}@CE-bRPpU`D(_nE$;|DfPpED=+6%ls@~p*&d< z9%*s3L)h|fsp`0Yu6sxPWYd^&#q>*jPd{O(Z(vav5We7v;HRm z=#+Bk?;lJw4B75PqWPpH|JM6kucB1-$y@$32zQ&_Xk4e4p@OJu!oED=-hq_S~V zzvoK%;xC_p6B`Td5tkbTy${<9`fcz3!08-$t^QXx--qg!zND3_oV8|z!xQh)_X~+E zz2D}TmB@|Nt!L3u(L0%TF6YAJ+^LTTmB(K?*nNU1b?0$`iePkfU&%Ye9To1{&B(+O z#y%!D8{^E2XHl=h3K@#T(!VcnjuW%kBGnzgKKnDy0}NJAX4vQmvs;Z$>op13>#iv- zgMaD8IHqoI;-5X|6ML?bC`2oce`iyL&j=k=^|jIRZTYyh9bu7Q;ndOc6YuR`t zx$K+3VGE7$$Fg5#glk>d9U6Wa=V^x5*QpLPy^${H+&E0uNxt_5Kv=@enT6SSxu8(f z1+8aq!jMPFYBHG=<~NTYGLyDblv`@hbhV=MfYK$Yo=WkU=umH7qg zX9zB}-Uduc;O|Mvqfubx%^qr8P8F*v08|_yTXh!M@fE}L!}mskTTjbZ#isYx*j(*6 zGgf7KEBZ(Ckc=ZQDdQT#2hKeh`=$F|2zH-WAK=(f4Cm8b&^8rI>J)Iv_!+(^3I$Co zY|DO-o3^Qjj}MF=FlR=tW^pgHPoK?hGGe-+8%=BLTB)KT76j-Q6pHp=70 zU4Pd&{+Kfo!c}ffiFTEl7S>vGakw;ZH!W#}5S#hLYq~=&y3Mt_f!gfxwJA7a0yOGc ztDJjBO3fs_SHxDPNVruvriqW(4!K0r8WdVwFGHeIhs;?%g()U-%&YH2NWP$JVm;)a zO$fOpGZAqBs#rIVWGXPM1YUN-cqdx2v1Y2nnrFduSK*k~8-~940Dus1%V_ishlO2MnN=Cpc2G;#RM zF9YEvnk_w!H;z$i=@C@U*$!rS&Zdxhx)s$yMem3}r5t1HyOnoJHY^vKi)miBjcdA|<%6eaZ_feK9U#=2Dq1RS@xvELe18|XTpVF#MUcf5hjA4v$DZZJ(UEiWGO#WUSm$Dapop zt6w`jF7NLV*%7HlQbeB7Y7F*v^K_IK!6;_xv6d#*wUSa-aolJpf^sDwMjP|CJGz>> z6ea61p%&V~Wrp-tU;ULvxg*%5MvV=ODpIsFwhmha>-A98EoA670BtbTHIBEXzx`yC z9r8Pvn9{l;J>X@Fsf=5}DqDk26W_;a3pI#IJ(bymjY+DsAt~1*zR%a~!+hmBJf0Dn zuc~4<{H;=M_VcgdV>zy&=oa~j;8-##C3yYS;rn*OlAS&I=Jq*4La&rL zR=dv`2MH+l%m!bUJygXLqchiH6WQwzz+368@vErK8I-rdL&l9Xg3W~&sJYHP!Jf9_ zNjV8sDefwUt9d`>pZQ%Py!#0TA_xdNyV%% zXW9>ZdmYF6EYL+fKw_W96Q{7rv(Gyqjqt-)yK=`y@oq%ip$jz#RD-mN5=FN4gl8efpSdQW91#ht!m zlyGHuxc=yvrzbR2n}FS37XbO{L80&EHsNx|wGjPk07TA~NC_L2yG&>ZZCQw0K0DK@ zacj7K;;H+~+wBg;e13GMsgGBA`V?c5oyVuV>^{UD^|^Avj3X&-wYw=JWhypoBOrtz ztgJX4Q|R}JcX$3ZTHmhsd!es|(+9l#l=en<{%xHcm>6v5RgLHyWzQmzbkgTC{?=mQpRQLdfx&+ zQbLZsVTZTQ(tQQDX~f6ut_(dw?95GB9Ddakf~K0dSI_+=R<)5msS>r?c7xBd^Ga9a z3S@ICGLD~c*;dQW(vsMntsBoBC*djio?i|>F%(w8HAJ%**MDHKCnev}Z&gvSkr-}O z%bYU5UB#tpdYF&QF|H-D+-ETp^!MTs z%HZw8@`x|LvLt?Gdb^Dmy;TQ5Q_d*k1-&0$Xpa2om#}@ON@*9YgGjr0XS4iqPim0D zSbY3an|to7EF<6B5^i(dE6g%FN49dMfkdHM+xX_t<{)qAR(FP9%P*-yKWlzU>od}8_ehqsB<3~bJH|d& z(XB(aDP<|1p)nqpXS*UFC`yJ_Lp_ndbnLW1`dRsGM7dk0`+lCnucz}3=^oMqdpiBe zuVPYfHY``}`0tIC*2Nq8J=mc49HasoqslK|%ZD7Rmg`p}WR{++9v%Q&x^Lp%mKRmD zUBz_`p*1`dC)a0`z_y0_LR*UoKw_PUDU!$+KRZ_acy!*P%nT_WW_#+&Uid>{!vak{Y+i|39@`W|Jlrmw8bTPp>r2_DCNCmc z#(bbj46UoR#f~Swv?>o?w$!~d-UvJmCmxhpRe>$-#OXbQEha_ zPYvY|hDR)OHj3P-w=>Pp4}d)sm1MU!dOCZaJLP#c6&A@)!0sS;OMLNahpI!_e1Kh6 z6A|i)H`J|4ttWj>5a;CN>~?xHTm8Mczfpr@^@h9)7^c_m53zU_ zkJDZ1OpD62mwWMr`f4Oa9&L9_hxe_?_hel_DJ`e{4wYLSs92c7^vSdq{ABYHyv+00 zc9h_vJK4He6aTho{f8ZT_F!8gDbMocS_72k-Y!IqJYP8LzJgfQIXct&)(~-^{>q^V2D57yOkGMIyNeODiYBP zB6^-vNy3av!`LAL@heyS(VTyL&8BCng+%Qut2&+KllQB4!a+GXk}gP8m_1)<|18s> zErX#*q+QVX>Q2`vkdlh~{cD_x3cm}tnQ;7&6Jrbs~EBqV6;AympLo495q91#!a9l z3J%WXt)RL~llD=bUrJ>Smy1}uBvO*~;ADj1Tm6&2M3!~o2wUgOn$9nW0r$_4q2!jD zs-_v5QsIZ9T5j*Q+b%RC{@5Knno`If&RJ-LR@cv^mTt!v8adlH_HDb38w;X^m6@8> zT}`6G0NG7-$@T)rX&=S9D3^<`%MmJOL!ZS3de7su~m)BqPYj+rL*filR~XEIKAZObh~l^n)k5eCrOW68(rll zOTyD|Q6ELN%ZfwY)BsK$Ryb< zrlz`6G;C3@95{$(ihhE_gHTp-t*U-l9uM!!`8X;4nc||CYWq=H>)G1gvlUN#FWy-l zQAgwbk12ivQwqv|r8TqUn{MyF78(c9>8IxB?PmX{qV2&6O5_yVoMX9In-tFwyfY&kn)k53YK`M-eT)+TdZc9Ay97zc<2f_@mu?(*OeO9 zC%&UJQ(=1D(TNvoIJoM0ZeH^YI;yv^O~G4Pe9)04I8<3O)^0)sMm;9svS`D z%1`I#jNzV*L|P6A2Ap9ybjLDz=S9+~(6B@4@3fBKB7FXXP$bR{`z~rV7X77foVBjR zt|C8TvIar^ou%1um*no_t!s)kJ0i98m00bq4QIW*PQ7yQy8{_&HJeGkQBDs658u4# zoI+uuVb;s_V#PD?BBFI4aidwBo%Y=-ZfpU+{tU5i5N!lGqY zd`fk1#>+p>E@xf~DTQgoc%1Lzx1z1EdL1`MR}!Em#4hDZ+R)FfXVxyQ(09EnLRFDK zF>s7_t4>wl8Iz%`jeOsSrv#E#Wc$6em77Y(x~Zs$@^h6&8JS7i2yMmB6m_Y1L3p1i(iXZOB{OfelagdH_6EyFXHBTEHq)7Ov9 z0Y(rC{j(DAT<=oG|LH2oMek7%2TD-fqoAjlE?lWOntiC|QN3}H-+id2aF0w0zJ=be z4jl75>FF~uAX!oqAab2%SmKoMh@tZ>YST!RKfG#`A9z30#A&K6VS?|)W>{QDgjNfl zK9rk4&^$lg7)9B;Qr9TgSOV#RE%h^T_Qw#-jH+zci3!ipF?*=+AsA2wwX|cVO2pRQ zTBb^4neFu0>OIQRaGp9`NuUtIQdy2LoPoSRLX;=n_3w2d!Ij4|nc(+;#-uIZH|vF_ z=1zQoz>hp)k*BW@M4!)%hWyV@NAdm{%Hm{B4^CXf#IFEX#+tN$Ra<^)IJvu_DMEH2 zXy??{@aONF?k?Jqr*dS&Ija*%T-SE)U*CiAWA*GLIt4px&2ATaWVG_p_6@ID zbZ5Z3u@gicC2x2ecCGJv#9}QbqI%H3At2qdqEUD8G0pw;Pf5&Bf5WHrd41*iVK*q4 zrg;XG&PuPxGq9IC^M_s=>s`IBV{&^3GuoXn-)df02|@1Owvt8m@VY+}IP45d%Y|+XLOQ(atSIwE8pk#1=95NAzE76Ye|F42AcN^y6hkPQZP) zg`-txE2x*%Je6qV7-%gj7jjbL-&PA|YHmH<`iqcFjNFPJ!bYmOq5`Xxu9>f_DX^6h$$E=y|7MLJ~td5E<;7K-tDK@jQEUSrq@WeaFC;`>jDZI!xw$3ft94~u&Q@b5^#EM#>&sE zm?1xB+|Mp+IHDb17GqtasUVc4A+yZN^=ASnu<`S`pv%EzZM}704<^|DH^kwtxi%`t zwkL^tx9~oEgcSNVEp5qdJ{Eawl2rDk@?^`6i9}Yb2aY z{d8p!_+Yb==y9VF-s58$N~nALDINN_mETj7f5=EOwnwYD=B{YTfp*~%@=LY`^n)UN zkJ;zdJGiz?WM6bjg@o7UfI(CDZt=MIS*xJ?eOOp)P69S;LZP3d4t)}^nc;<{#|RN- z%=hSA6(sXnEr~x%Z*$m6)P%%`wYrSsT$}g;-e&uXyK|mBd*(mf_EpT<{+N3EU)9Q% zD{yOQgIPD)=XArrDp~CkDu4XXVz5ar^?^ezom4s_zzEi^Es#nT(Vw=;9;AWEi+H6| zru@$I^Ka!V*g)sg;uGLyu}4mb$IYm%UQEwm{q(mEc4=uTm;z~+h8dy2J*W)cQz$(n zsqNA1xM%i-#LguX^|eUhDb#oXDvQTI_7S@7pbl;UGJD$dj=|BP-yAjjpIlzfEu2O+ zuB$XznWH6~L@G?7;)nItteX?c{TztlIeq!LDp0)m01fB>Ga)RaTX@d>SM&EzSbN^aU(ut(M#jG61O-AHtU;w^_B%y6wt@d4Z|v}@GBO}MEVd^|(Ta{X8Mt7M77nBv6n5*#(s7NT2gshPG=qW?_NBusa2CSXIx@3B?qLG?(P?aac-RP*6SSxm1a z$IQXFM#(&;`7Sb@Wlz{;lddalgfYtvGPPjHc@0FAYXFL?C5!pr1rIr)ejk+6tGKC$ z0oaRR-M*ZP80YR3g$cmI!3B2MIg*sXakxYb^O>x&d}>xMf>Dl)e&d>NIIxl(=$$R` z{CYyn4LvPo2uk#UjE`|zjXm^UHC%ktt!gEbp5oW z-Zt76*{}c0uV%$16D0aijfDtL4Tu(6B*5#&?c{;DFj~F7o8U70N%2iW+d0#zv})Xf zD3_rT$?HwE;NG8}dsff!Yw0!%361_*b{wymYE{{+a7m{Ka6 zHzG=YVAZfnSOR&otRGKzn}AVjz78$llHN<wMLf{ZTnK z;BEWamlyOt=GxC05wj0DmMzF$Rj@q4b0oJ)ho{3|Snepj+Cw7hHSMpGuMEpiuEV+109C};My%$~3Ug#!K!w$d+xT}vUTjw={)CZkE(tTx zPf;C-1#8Yu%#)f8Md3q;9o`f<*p!D&i_r<7+}ox5gn>Un(9HZME>S+ zcJyW+fAE^^H{TTfp}%u84tChEH2Yth`t!dGm_|6No%x4t97}$utvQ=XZxnVQU$OQ6 zwM(Q+kXiP8st|cy8maNfKu<*yK3|?+_iO8siMHIY7`)_u@^!w%+SUmFLZ)FoiAw1+ zfO@z4J`2+BS4dpN!mq=wNcp)(8fllG7d!c`N<7C$=N_K6+h}q~JjGgeo$6)j8u`q0 z<3<;ai*AUml~Eyrsu`bH`etW+SA_f1OD`+0Q<+^S(hW%ZQN9;1C!Dv~X*H!hTH>1J zr_;{QIl#9w`3h zmFJ+NW~(PeFHw1pF8gKU#I^!dTunlAUOMjJSdhPO>ukZ@9qSSlhSTNwUH1#BdVLT- zBFXs21ejDC7UkJ7%F_)aMpd32!Fc^2*0LUnF*_5F)oq9(jVore+Iz(XSk>Rmhj&}qx#rdFRw$70bu=e$Un z)w@I4=e(6Aqd6Gh4{X^Xcc?4w`cIxKlpU>#9}&mW5g-~C@x#8%R~y%;xH+7Nz+8-k z%3n-N1l4D8@-8BEZnL&Rki`P1Vm;&vTfyGCLYEjXPxMgvE|dG924aBsD|nm=Ss1s()WkbVe#aBsf;i$;Pbhd;h;jU~KPp@*C% zZ69G!`2eAN2$p&8Jz=%DoMCY}pIlOANQx`@hY8${yStHJS9XWf{gx*_QTYyb0b(li z6r?0Ky-*9;l5x~WY9?L>q${$h#(COk3OF9g?bD9ouQq0oSIwzK6)R_@m@OMbm%qUz zO^)sc`O#7mPq^5d&d<8`-V5Cz-P8#@G#tj_|-^{Rw&s zyiLevxWrqAZyq`UNN$Ds>zVgnhN@v-6|FU0Z%O_lKaaeb)!HZYwljbXooNsSYZH^9 z?co`WrEwt863G1T>(N6;jfwgXh5C-Ax6d2Qncn+-F-KzOeitYKEf;hHv2|GxyN!2^ z0lUMZsVnVIM}IPJT1yy&+N&6B_7N3wQLKN(YWmFILrTJjm0PHW|9#jf&g`5PYdLs7n&T=1v zENA-j7C0&Skyz_QZ@6EoBz#fJ5bYixIB?P}v&4y)Ld0$`;#e}uolKQ(utmQ|rFZ@@xx zwG0ici=yx;4dXPiah<=5Fxbpc;Ge#JWzM|%K3YSV>7pI^^4>S_2ZY@;e4E<5YI;Bj z!A*~9fO8^|8glc3FWVh)m&xyDuE(1$Dl?EUV8xz$ethslR!!CB8}O3qh$*$M#;CGT zvdSD;p{ch4&@~mAt_k}ERT^AH4ocaV99gF4t5@jFhJbFSSyb(a)}=Nmq-R{_KI5&r zg_Hz~r{{%D0yKvP?cYw;HZi1Q)NY*OI4Wda-^j>puw2k*LcmMYp5S`6{ z{D-;o{q-yCWsT8nmr%CB1n37nqdqFUl5hJO?CBaWf!^Am7@tx%#5~x^EBd&-IPrnn z=7WFn(Wi>d3M%%JwE&)gE0@WE5JPAF8gtSSDj!0y$Y@@oMVy#Q@!q&hNt4w5UC%=s zGf98BG!XX$Tjd&XH5mcmrF8v)Zv7$y8~C_{20en>6rQiQS&2={WdFs{97ggQAvf#F-13?X7J^-&>xq4`PSUZ8V+jpSW z(DrnNp-FSd=w)I+m=marvNYh&-rdSzcm!wpsxew`el0T(*8!Wu4-@n^uY&||C0J+z z%ExRM*&GgA9@)RJgfYd_-@ZUH`*XU>CF4ssgS(9fDa6Ca+6__$&x22;IFQ4!WbsQi)uqCKA1974!1h z&DXCA8NHAsJgB88ef>H+0|UJ7YtTaeq%CQ{q8sjYSIxaBGVH%J<#RpClLHYi^6$7y$D#S<2~4ikvrsS<4_f{h?y|G`ZY#P9ahJ`x}NF*`ZIi zdZ%)DMF{Pb1j39z0cN&Bw@;@V7h6*=hB}u(o6;55L*1De?9hh7V9P(<(Hf`aGm%sYaOItW?1K#WY5$iw z1tY)5mQ0zV_Ir9MFznrpsIXY&Tf7AGu6$(OtH16EPrqPE4D87eS>6@X6>8iMkI5yv zSoXN6Ne=2{CbdQ{-4y+xF0-Mk0lU0o6{x8AU9SMhSo#r8v3vJpF7wnR>VkPf_a?a`)zM z>usg&D|qoi^T|ZYlTJmevd4*>#xJ)*hnjNl9>o*lKQgW?yzVvF{D?qX6AugUGxoI? zlva9xF#%?C%H6-L>CbsPql_55FLqA?8UA?%ZcBw|;LD1L#o?WH+N^N3rEt3?HI3r| zfkt%k*ZvO!d4#mudM7Q#1BSLv0FQ;dxC7CGQqByb*>a2J%mn|AE%O;Oa5_1ShXD*6+0!q8UCkUJ=tiw6-6<;wb4fe z`z~?-YUuFkK`STdzo3!{ydOxz0AwoT@MiBO!S4}xyK#3X1YBTvtywn4cxeN1HdIlw z7I8wah3*K^d)vi(-1HL5@VF$~7o#S45ac!YfqQrO(B$s1b0)i{@A7|zGL``szl1ml zn)y<}(-HldJ#N@Qjvh1zvHsm}X)!ay8uwh5?{t%D%^bhET@H6x-{@12);AI%$n2SGBE6)WV25oVFij9I#<7OO3F}D!C5NW8pE@5&I;!$!5 z`574uw=y!XJ@36(Vpz2_M9ABD4?0rzf>Bsw+WHlEqhkAl)Yod6TxU>y(-C*O^6|3? z#ljbduMfDin+kyptb*AD!60mqzt|Fd&fmC2dXpyq^WPrkfQJLS8zS&et}Bi!;@9in z$sFHKOVoXptd*jVpk&*55Ki8tHc9}8THuN=2}Xwsy!(z_SKC2+$W%MmHE`m8PAwkw z)fT7ZZiPt42;Ou>Hi$lgxWFN<+0cX{V9;zX*$`UyZoru}lwM?_D)Z%^0DyWa@xl#3 zA{n~RH{F*1A}t5HT?ZIEfY~s12HrMt zTLU)u@F*bgb|nqCi=W?^`lw@ft8pEwg7wtm0$mtB7pwnk>|?~i`6@>nD>`?ZF4Q?) zNx!q`c9ryoc62bVgn5$at`LOaRr(#M)s-T*OIZ>wqQ#jzb3sdsBq5;f5k3jUpu$U% z!xwPwXG12g@H@cy+X-UOe9@A$A-nw5Vfj_xFYv62O*Ps#H)T7d@vwN9>iZyt6ALpL3?K`>yM3vc&+Czub@XH;-`Wa_2HS`)okBuP zDLgGT-$4Bpi^9pGJ~!vQ=T6dGBu&t;+>@rV-hu?6tT&)jZuVY+bS@(%eCI_{d$N&S zn(`*&Ia=bxa7e-XRwFO_^`&;O^t%m}O>HEP5vSPZD4~D~sXMEBvg)`eW#yIl6%kDl z#ovNtdY}Kd%{MYE>IR+Ky=M#NkWKD_&TL$|W;q616u(_Ry-iVi@UsWzrg1IsdbMt6 zA%OW>R(-U^qEE%tFR6LCH{03C$ZzBl;Tby>iGDMQhha9eU~LIDqU#182ii63^>Gtq zo5x#eUhEf6WI;SA^4~VDs+)OiZyB88*b;;wM1a|f2K!| zsw|{xlfzI-96ns!_B86BX%1?v)Oh}dXTZpaN8%Yq$C)!x#|C}IgJzjh7YB~KXKG*K zfhjv+6QUO+B;>o_CrG1t!nHz~C24txpy;hiBcai}8oSfGuO`I>42~^duVmGF_2*N< z?lsttWLSd!)j`W;#Iu#B!=?JZHAG2!Hf?@3yU~IJTmmJ++7eS7dnd7bI>_;XDZ{>` z?`klK&Z4_jofD)v5ZTFMfVT7awt1$x$@wQD1-H`@&+nZ*h?z6JUOY?X!r6Uja~6Es@N8DSEVu||Fk zd5^1q)O_d2CaH9#-kkHbgK)uMBL+z^vUJ_j^cFaGk;gk#-;K%-<4ODMQ%6ejZq$q~0uI(*TxS+LuK3hfV5^AqD9^W1> z^F4^>HA|lOPW+WQ4rE!>!WO2N%X| zXHKgwWYlf&p|YRhn*J6xyBU1rpq11g%%MgNXEf zk20#d@PjWx)L}Ns-MXD5BLBx)o1>u~V#V@GCX@mR{Q~%RPVY^GmA7314Po-R=Nsjv z^!tP)gno=4SHwIT9u}e`N0%@bs5#s6DV<=;yAK?o8m)r8$0A9yHN|51r^LcZj1emh znV#$+PzmVExiJCg&B;hw*kCtp0TcOtIq$+_jrhRlikd!o8(PNC=K5EF(AQyZ)c0y~Ti;Axeb)7 zGDlyprRj();k;iMwKh8)uZ;(Q-!d%|{wxB+FnQ1%y379DeNqj8(PI0%GU)HHxQrKu zuDE6_ZsNLl(OLYjrS_6dmLWB|jF30Ov-RN9^0Fheyflq85xfLk+f4hr@%nhHr@L?u zDva{k<=9a4^y61uSv`ts+xhz*gZ(p>`p{>KulGc}53CVO-LZ>*!nTCF9lIM3lB4++ zK4_}@0*FHsk6J94Xi+M4bkl{ROjq@lq-JI#ueJc1P>JcTn;M%@?{uRP16|9l+6X)8 zx+gxNZE(>Jf0@U5y>y#(nJtPw(UEQ+eyB$C7=L8I_IC00Yh^qWtm*khT%X|ob=_2? zFnwF{B>MgG_VM*TFzk%HZA;)46kQQl zZSbMewhSZ;YQ^VDf_&KYIVBVR${w10JUUF4tA z0?)yfeo=}&yFq;%M?}o%>LemY@eZ1)BiWpvj5z(ZcP)8Z8W9mif0Pgx7Q`2KJC62U z7Pr&sqIfOHAqFe!Aot5n{IkC; zZ4JwbhP`ktn|(>l{c-NoSVgGYp0qbWeTl-*vpq)6#=-VNhTd)O4Ie*YA8J{JsO)BqJ$Cyg%!7Dea*eqAxx>pSx2kMj_<>Ef1z1<3h0rFk2HH# zIY|Qv{z2?Lp*RE?838hjnF*dj{LS8IbZYi%88h<{V>mQ%yxH2KaFQ$iOU*@Tf}eV> z*q5wue?njJf+16TNGF@hbiVADJHH$_uhvMpxP~s*f0l9m$>RS2C?~*o-VY_~vc@rs zZI?W)RsOL!3szr_H9o{R{3s$c&c21PhAsi^IjLf_8FYVpL#))fV2R(q#;>umn=>*j*i42`z24-df!R?)Gb5HD zr$5HcwfDN~-FdA5#()Vi7fc---k$>~Kb)uq+N zP+u=RziS|fy}^=CYcW&tr1otvf8#(mdr{xdu zT2EH5Jvq~u4j|D!w&2LV2y<{pyHSjY#rn?w%*o6$D+O_JOzL8(-N{;IsdYIM^^T^( z!vHD)F+<$8Bg%^Wu=`sguCSXG0l8j;C5=JVp<>WJg~iPFFvV}l4gAuw&>`@G)X}}0 zZk(8*tg4B{+1~^fu!+d@_YEV?XI%tmAE0|eVS=o?nn9)L5f!1qIFE$bD9+lZ>TY<2 zQ2fChN2_4fE`^Me+l|^j{_>e`<1Z8sfUfjBij+P*@y}7yS+Hp9?V7&GJ_TKwuC6-{ z!evjEAJ@IvwmGlu)5Y4kYAlI)4Q^VHyl}Apj`n3~LLQZ#WnZssi2jK96H>4Xy@3cl zMBm*Lj}&0q{NSC}S|oUc*MW(7b=8k?c#Ld2d{K=#d9urM{JUIfx=(R9E|_cqc$~$K z0eqLox;|6=RLR0!7>dFrbg+Bh%CgtXI_~5m?H{dsb^o*r6Pv|~Fh!0JPNh;EPpH(y znFXB5Zj6s``MC~3lcP-!cn%E?Wf8-~_;2i!jubtYzFoo{-tsYWb6WexXbudtzrHkB z5={3P=)OrU!L$2DP5UKe8%>iB;0>Fwm;VEYEUf>_hx2`l0bdf+^}Ko)W>#`<_Fk^{ z@?L2dn1*2+r$>3L7WxI-Z)^b-C?d4oN8{91sL4#@i-`1YFHh zBqAxYI-GpLSio8_-jp~@dc*izk#3xnVS{dsrN=wJh21g6-ZKvYD>zj6YQiO5>S=6* zS`kR{g_*|Lvp#~TVXZ?N4=7=$x=fvjY+q;hob)+%Pwho5C-F-|GxJL&+;*c3b|9+A zw@=u)Et9rLbS+loBe8yaF0tgrmi)4*-&6U`9@=PZ>g|`$Hm8d0$AX2?PTc5W5;s3i z|G`4~Uh|**Ob7tB@0e9t_xgM~Khe)r+z*p{W^FOYf}v$1$VFQSyXix=4440)nEBty(RgCi zuFH-kr!cS-OkuN#m6Hsir`}b#c_br=(#VY>3bZE}R`@-Bkn|dxbfI;Ya<e!4Z(#m-MR2;rvY@ZL!iBwYl*{w3g-S@HDUNy-RjIv6d0xF?m=yxm%vWa&O@cjt zdHL?Sm?GfME_j+vWW$K(^*E>WUrrBOAc>k4s1pg~o0mf%L#<>MjtxzCiqoGbJF#u0 z5T$%g)}Ors;{%)u{mhkxCyn@Ami#XD+MIOlZ@%z^YT`X4b|vB^O5UyXExXSEw zcUQ|~S;&FPse6OTe=zd%+edkd$DD0Wwwr+MU7<^7qGf_tbE(~k25mIECnhau;EdXS9~NT$NSwSs}Y_^kEtC&f%x|IieX=r)*lW4Dq{hA zObl$to4eA73dY)nzNG0#*sw^qVv>aGeSK>?kEysi)DN4!iD2`Vx)>P%Q+`Jww+bHstjK*jCj4PINe1&%6g8@G-s5eDFU`Oc|*dCpX z-b0Y-wNwT*e}mqxe7em z4hY4bq~5o`XP@c~;%{SvVu{G@0HAz#d1(4MBWuQbxq&I8E!);A>oA4|(yDUcaw2&q z{IU^46Nk)mqCUp3P7%1hjnV=lP0xJ!G}ZI>6Q>LX*Fn)K+{V!9{70vyDe^M5E?=GQ z4xvkr7t(+1?a?>d_H`PF6%)r~!Y}bd%P9FJ11#rJ>5%Mt@C`4J^Q)Z!xRh*~bBTHb z?cUeqmJ;Q*{NKhikQs*%hls(Lf;5gTj>Mz+skHyv(yitE58*y|ME0$PO$*znh2-rn zXd6{q3ijgTASxzR+#DAO)419 zZX-8&bNGPaYIC-q<80yBuNILrJqkL`;sOuXXes<3DIFAn*)JN~d%OB;UUO5=P5K;h zZ~LjFI}abFI=x*oMiR)N?|*!-&}kZt&=?;^{??3-ZG~h_n-L`go1xXaUy_V;M96|d zz-V<(a20c%Ot8d91@!NwgH`ygKvpeFosY8;#xLgvnq2v?i@`Lo2QAUsNlg z-CKQSn%;E%epfv{HkEl~p*GH1BwW?;z%VHk9jxOs{)P(K-S^}Ek-FqO{c@Gnh8gw? z{Hdt0=X|E~1Hmc6@_ul>u6V8JTvSODI|muhj?W_ zQov-r+N#NI%u&e5qDDqr%B&*iC3wGOWU(t+i zn^PQMb2x)tCSH4uz2lKZCH-oUh%2(qYlyzo$8y>i>1oi?H|V->xpyX`z^OvXdzFVF zsZB$yiVA%fExs1!itj~a*8dN>jEfW^;Emz_h6)Smd9S>b>!JwZ={`S(09F;DGQn-r z#1DvykHkI0a<yScI-hUtd6eMk%xk&}|SDkSO7+tWDD z*C;*r0J;AzuYff6QE^kT9QDH|TlFokH3n=(8wMSgKeenEPz=@rcH*reD(CV(NwV~g z+C3zd3D#|>f#!gy5>vm1MCy0<=yQ>4vLlQ9RWlO0~* zNOAYQ&^{!~eHG0Ep6p8LL)A&ai@}t2)nNiU7~7);wSnP-j@3X`rF`?%PTr5#TRqcbIjCGV4L=nKB? zdOnTe|2634%J)=Y0t>mkNguNceq%$pY}`&FN}?k;$;XCf;KTi`H<-AyoRJuC71{?ie=&c zf)WsMv6nR07+^P%ejmQ5bRIUlyTl{5aYuCIGoz`?*Q1IThol>%7}e-z$U82;TYi<< ziLp14{NjKVB8|q|(B((~Ifs>HHW^(KC0WF-B=Xpq#H`X5Q@JO!Dqo1pQ*bcKl(MlJ zccJO666pVlI9m=v9d&E!eX7&wok0T3Q-HA|mg-Q(6HOCc$t%NP16eSZnPE4mwF62Y zUntOiB9T9P>IKVMO1gTYcng2%vPr!A$0yOXXLF>O;0pSwxS?EUqB7GapZ*DrWb5@i zWlRVSo2HDP$R8Vgts$QU;#;bD7*@!xs@yu*)lnk5AiWrh(z|dM9;J9t#k9y`0&Fmd zCbjGv?lTEQ+V9)&p4B+$0*5XUeWzq^%5s>Th-IXXo+xHDJCCS(1swQfL}Z!A6}`N(wTt(_3bjbstv{G+L*{>(wcXYnM+z{cm0cUr?i(-K)o2#UYA8>ji{a z8BMFf_Le_+Uh|Ofn3yY0$8@~T1^jrTKiX8}Fs^tqNVVc`_PV{{;0gEX7zX4BD}Jvm z$>k||c077=7T$H4S9}ESrs$&Lv~lFLSkS$;T*ptRYvB<;k`7DLydT@yIKWCI>e+!8 zf;Sf_sHcP4p+eE!h4z;42`a4CM(0vm+uh@PcPhodGndzh9u*H1%=vY=0k!lJG4NhR zwj+u*=8v}o{_h3@8R;&+=He3N$Q$omniZMwAL8Ao_=zL*U) z8=CL9UiH`_qKHukQ{RBl+oz0iIZK~Bf!tY-BzSKGFbPT(H z2q+nMHS=W>6~liL=DWOO%u@XQjU<(VEm`CG;sX!139utgd*>|@sAx2nNEX|RuoJ5F zm|2p??fF62$rGxtE0+6<@jKR|#*KZU|291$HX65egW)_(u;1CYYtGnUE1WYnlyAVO zQ{Z_~)f$@fx~qt_O@P9Zi7gmBU~QkO-5#Rpy1W_-=P>?iM>&F?6&T&Ag{! zGKN9Km@^5c%EIpt@*H9sN<795+zMOi`YP>pD}?h3|)^vQ;%3 z5{A5)twnnw1zX5HM{xwo4m{=61t5KzS3+F$g-ktLVIiK%G}>)I6wA@ralUm*+AawWv67r z?$18_{shKlMB&I12IikRSRDH-7BbKQ%PX(8^A&$Cu6(60^Kor1QFM4ou511*g0_=w zE6-2M{VWL0C4lM_u!f!Ki1-f=RpQ%0H$$fTv4R3M-pfb4V&$tl^v(>ICW4+5a{;^3 zaFpUKAFszQCE4!CwTM*%3YYZ!m0r?QuE{*LlFEs!xnDk7IL5$aJl<$T zw6r3{8?`{}QWW=v<*OwjGbJ4gpMEQGSob2RC7cXC!*~CT!5R!pC(ozz+3*Fdk0^=d z_E_`=4Osx3KE4AH3hB?bGK(EUFMi}l&h$=p`d2!J`G9|y`>xVmg2P2yIq~c=B`@k=YZ`)@$Wp9&!QATFqDdGlTQJqH%_tNDV)a`{?tH*Oc{11HuX{?~ zpg3Crp?O81n*96mGnlO&Qp}yWCj>$kMt7Ao!Vw7F z%#+|JQCQLUQRN3%&nvq#M>VR%XJr!@LN5|G_XKM_CdqFa)#OLOIMw_>{@}csg~T^I5b@c}!5WLKd&rc&yfzu*Zw39pX{05~p`4FmRzBnM3Yb>b zJ48+;xZ*PUbm_fVkJbGw7W)T2aapWP;qdqnTe+xCl=8htI09sT9Az-OmR-kh8~0_F zVHOAm_gHD7KB#cB%_UKfQY#d1DO}IoNBanbGX2=h!u6 zHo(ebuCXV;O+wNHt|(;{`m}b1%7+`Ot0Z4awX*(2VSmWccpRcZ0gc1)%H8KXvHnhZ zni1}Bh3HR&zwQH;b%h4RPR3ZaD^{v(TSyNEtz%McoVG$XW%c(MvM9|L6P zct@YW&k7sUxeVKU5np>R;kPw$oKh?9pK2g6Spvj;~&>VdvQH*+4GUlQmdG<|+HUr+Whsx`z;n`FM z48L*K3>jEO5|}||tTn4t89j6jKh`mJl5xck><8h2y(j(#ZB7>}W$7M!&dC~HVUEg!t zKJ)?p_i;Gt;K3eMpHwS$T7mwvIDk(WAJPi3r<7!->U+3LoXZqw$~-3*Ka@RpTh_D8 zR^j6fr3|9StdH@}5FHB&)xcgF~dv_hF;Z%D^IOOKKB=SYX@8FvaVj=hrc z*23Y%2o(~lFQp3YkaLo}Rf(&ieM|>h-9R(UQdEVJpjuoekAIOPnC}!dI|nax0FMlj z^S9bl5{fqHi!i{Dk#8IYVenJ`_Hr}wU5Ms-*ReFAqGxE)iazCW>hBa3c+IZK#N_@~}WA387263CcS}r-LMfb~r(9>vwmC&R=J77)cd2`2G3d$~` zHa8bGH*=N;TaBkVV+3cS*c;gQXxc-UJc&iIuO~&0vcSHw@Y;*T%(`sjCFXVLK>w%p zK5Pw7n+?6gn;x`$ZJzE_BP0C^?XK#Ctaxm$t(#GsTa?|iqp!iP2cpa5do|s{bNU8o z#R*S7rF~ieD|(EIx+EtR=*c_j#mSP4+s_R5S(8R?YD)+>uu4{0`WXaXDBv6IIt}Pa zG!;cM0ecfpkLi~Sh@8K#=Jm(*hot_*Lzu)xy;0M+ymiVX{N{09OP(W(baZ(PFV*_P zFwIfVhlVU%d&b>)zBH##_9~aK>~;q(atTOJWxdk`WT#_voWSav4SJ}gVx6?tLmx<6 z@;C_U0a0kKGdSgOkdFSqCX3(#KX^-yPuaK|fcivy$gf#^&5PG1th&jx$r^s{>5_qn zybcS&Mh?YXCrExb@Be>feRWt=UHA5*qJ&B#NDR#ol7cX#2r>xLEhQi#k^>^mG3b~9 zNo4?~I~3_qYH%p&0g)JD=#;MSpzrg3&+~h)YyRZ0&)R40wb$DFUiaOLYxanYM=Up6 zsG_8qo|%4-|4l^Ue^DDg^d%|Wagzbcrtu)!J=!(B2@_^G?3(&5e2;rk;{Cc2%`Gcc zOE8*Ur52it6_2+-f00;lLy81O*;6!U+C>7ai}bjT&AXhQE#3e{2!FUQj}DJE18dqW z!0dahGINIqI7U_Rkn=nxg@m#t^0u9eac6Bsw$v*}^SEqg-LqsOP!Xs7>N^Y$N5OZh zdBSaAxzVSj#C)I7B<&K+)6!Dz*mmC`DGoH$0-NPFpW+*e>(e7I3@v3mPj%>41(3jD z-#GVY?-3cgf7sO8=M`93m?PSMT&QDdq#(J-*?n%{N3w0a(!BXYCC|Jc_Fey~fcPG~IQC zW=P#?QLn)k_%W-Fw-YZ=Qw-ZLGX-yGJ!en$n(j~;&m#!1f?EQ8SDP?^#GDkmMw>4T z(tjRh#hm+zoAD`rotfn=jSPzv?2KK`YPLS-r1k^*{Lv@s-N1}S2WPvnjQj6i^Ks4q zvpUm8_i5%D*zTrWtmaAMbqAPJV zJi1o#JlofyE*dr1*L?utK^83c!dp?qL;8=OdeX!`nvkc3E8iB2dHT^dy>%*Bio#Fw zZE4}a^cRPZU5K6dGgvKhauzdyuX1XsMjf%ARRdzaov3P^DRcrJ;8W&)veEJLKcl4D(feka^Aq_}cbp z>1bAf_Sak9wy?xO!0mu)n9{I6bqEl<2$yK!X95^Db18d_$2+K<<+kz5t4`{w8$6hvfZ*y&foeGxoI?m zYFGHMIwLcayQMwMOWyic*B)6s2R8`=3U?2L2=ZHHOqj?Ezbw19!9p+knYh;QG&jLXdi7G& zvQzI>PNtbG%jj2NRp;Y#LCnyhp%~u4M%OC0@a^%X5sO@{ztMqGZTIwI)gGZk8Dm^y znEL|(P&+%l54n&ttjv$@v$2k#@kGCf4`D#{NklT2UR}Oe`!#sJM5-_JJP(}5h{uH4 ziJ3UmE0jDCO~QPE`7iKrJ5jrLI|_gA`d#wjXbK*H)aBkw*cFv zK=vC8F%4J_xV&IuUoJezUOC>tzV#WKRcM5p_VZ0%U+8J`!?if|3bI)y?bXMRm;w4c zftWJ619CnONZXRNAD>MPmNU{jxZ0K9^adv(%xJ%BR>xb{%&g#m@mV_$uZ+jnJ*~!v zN7fb((V<&9(mPL%?AyxI+C*P$gFn>ZCblBMH2IdUGJ>PtQ8#;&(V!Uoo>;W~z3!B?q*#jB9N`ZqIebs1rcemAL&ZZ!7Y z>kpr0D~UVjoAWdH>o}h&z%}a>G@zlje@W!vN{nb^QiOo55JlH!a)MwmR5NRWH%-*3 zRdilkPA8zv|KP&$9d`-;ppEqLy}N0BQUj4?CE?7|=(e18hLQv6Q+MRA>z^1<3=Y#? zMEgaeVQwPb_T+O6grqf+9B<=k`dQAaSw(eO?%WH;V<^_&$2tJQQgk5it_Ed_H6sxI z%dbHH=$*cM=j>MzM#Ty`mP-dWjwR@7t@*{0>LjWita~)p-DJ}*ype{))F54TCZF`t z$HQTgfktCTbE8tddh$g?it#3zmu7>HgmYePabTph{OtX|lt-4KWB8LdRhg|BQQhjL zF%+A~=7NT`lW~CIqsL-|PxH7Q;bTmFft3H7W#r08gnWWh zH*5zI^z*%vyO&I+#iCBY9f3~sG#eobnh*G{*?XN?a#sNDV{PI{%U>Z&H#*3K}Q%op+V!txlum*Wn6T-Bjdm8fqyK zGhP`!+OYYM8DC?UM|m!u;RBY)>e8PN!_63yIyfV(f=TmfqAcH4iraxe8S&uO0H#BP z+O~rZCX6$yslYPlI8|ikwd_;!;CDvXWAS5`B~GbTY?7MXksoz)bMX8)$Zoo8# zZIr_H4=rk2)%&lxbc`wm(On`__tx9(A6gf|4})|X#0 z&)Le%5sThc^fUy!nwEMMkt@Jko2RDb$;$>iLf8PC+B_DIlwzmWaoZ*BTY0j43Tgrt z1xviijz;?4VQK4SvZXqWboZ1Nl!Dm(ZsY_k`3a%>qU`yvVn2wrk2@_*zg{e&GYm5e z&?V>8e;#G|E9`k&iB#}x(vE%Z$vZHdHRoGmL~jqjq2E+Xl_=SiOi%(Mtp-kQ-cBk^A?zIJ2KquSg1(6dR@XiSb(6k7@7sy9DXLbQk?H zyZMU5HR3I8-*-J)3l?<@wHfvTZF@YEEC2Ipl4^HrK+29ia>-{iL!RZEX#Cw%cQYF! z>EJxsYH{}kgcGyUB?R+_vEOC=xJYE`OCA{PDrlGrpwW`oe>;udBXY}4gaanjR?1hU)x1(`%E zM4c25zgf6fq&ir#poZs~1XxB41@^-RK9iaD1duB2nWZw$3c!PUCHOq#bqRgq9;sdi zTjsT^R+k&LN&ffI))Kc_*8BOe zm^CMI%H7*Bq$o34-68r<>)O@kCzlb{uilk%^ow*w2dDA6d%q)bw-?VS?$X$FP2U){ ziIl{QN&I}&$Z3@QczfhZwF3{(l$53^lBmMj=HOmIZW<-i7XNY3HHu-ny)30P>Ip-0 zpc(7@#kLdXx0ioJ!ZNMg?7xaLGe7&=?gw|!apG39Xs@!~%%RZjVh6efkDu1zUYfSr z=9vX~2!l`kvr+a-r|sfLk3P}O6u*uQODbN}bV``^TC5zA=!ynvvzZEsQ;cBx^edwW zUU_>h;w(wE&SE3{ZN4d1SI$e@?v_z}ZqnqS2e4Lu=w-oW$tNy)7s{Apz7{*^i;#Qnpg+h+Vh7T%#{ z%!5yFUTQdYtsH4B*Lv{M-rGjHNY@(*AfZQz?%{yf>ay6eYF0*RwO5-uUQZ_f$ol@L z_-8gaW*eL{+nkbZnA7ziqE0<#ayfNVqpw?$f}V+1x^4|R`}k_Zr0f)%)f#5bXOTZ4)mIRWGR$+xQ(rzV*DBPd@dS-X~Ff?J*$L3DvBC#ntlx2~5*!8&1 zfjn*lIEfpa{mrMPi$q=aAyBGP^u0XLUdUnz_4Pj45zo# z>;4rBY`?1zoY5dU?Qvt{8qO{-J5~i$+#`G$*2)ucOG{&?Gkl?M`r8e zRAC)0IltnNeb}r-u|x|lt5BtFswLjd?EOQ`7}33sTNJ!WKro<^U1Kp)VZPFutcrIWW?HRVy`dwEX_pj_j}RN*;FuW`3!A#t+LKYULzaF^>2?*zL;o(I01*e4x6f zA>7!Ifb3K2SAW}9Qu9&`<**b*8dDaa|2Qi}T|vVX(0^y9esb0-lYKk_n3@caFJ;9> zD2N3|aiv~QT!Hi>W6FNIFYuGcRIm#ozkFBtif8_%BimRI~S>V)16yfb~nQ zpXoRwCj58lc0p0HGWWw?d`X&gmh5hyUDu6OP@xHba=6CIxw+sgHRe{ctpM^r5olH7 zUPJDx-h^MrmR+lc@M~<6a9?tJ#U?$^7q2PAiYEAEDemWSF2448Rb6whAK95D=oTqr zmgB=^K1!^}-FB-zi>|*tE2CW597;`(psw6x=dbsfjhHzi$T#HQcuiy)2_KGSU99VW z1^w(f8)V?KoKjJHxLOXmA$1Sx3sO^7c%PxrGcY&l^-uegj^46neb%9gT_^LT< zj3^J(>ZlF(qoYr^hLK8;43(sxA5T}`O$$P$G5VCH zx*fiQ(mkhoLZk93T+tPQFO}&VVI@nH(lz^vDQsl>EEiAC+D@*h*GwF@b=i*ZYoz$i zSkfojMn`LpMsK#3l6;q|brt}&ei7LN-&NKNOeQA%|J=_83rtFQFo!_3l!KyKul<nz4j*kXK60x`KKOsMcIrh5p=DY zaOdn}p*vUKYuKtsSD1WUpG53HoLJoMOHzvS%+H1J`X+wKDa4(d%}UEdGB7nfA02(b z(o)WM(>u~C&vNnYMB3hW{JWwpK>s49Ve@T#>-f*g#2uCrJ-JqKHv1O&i+M(y3>d1a z`QR8Ms$A%@`K^+M`}KW^65}x^Artkvg$}KXb!yPr!G6y;#2cR3#4l?zT{oIVBAs6$ z2LIy-F&D|XkeMx-&t|Adq*kb%*El?b~;a-o?A z$f@~HeV9{90&Bp2Kd0uJLZg-Qg2?pDQwfKSSEg8ZsY$6hsYWRrb2AlOSrIl!LLPX< zKIQnc$1LXnb4U)lJh!cClYgqiQh7FH+(S=LK1_V`&H=TY)Wp%Oq_-|(p&7?w-eu<( z>qf7L+3$FJ+?=)?2c$}l)E`J+;wG|@V>5o1T8jN-5%o~w?K8@Z=m})6O4$30Gt1OCnqHdm;9r0I&|4?C7))nEyN#XRX-RO^> zBT+u@j|OhyKgJfkh507_)$Gi*Ou-_pKjzjU*b1Mhd@sA3Pj3boeA-0;>)D&eg?5WE zVtOiJI#?cGLfd6bsTQd-Hk5_^IV_~Kb)51obsA1?C-jNFzjet+&qdwslN_y@%*RU; z2aAjER*JwLr00Uq+qQ8ZkO;ltqiArMdvK~t+KTf$^u+nd`9g1aa2$r8Dmjzf^@UR| zsRS>F_{>%=gZS6PdabkewEH&Xr?Hhj_FuLOD2AIh6O$=2GuF)_Qm{i*6U@;2<(?zO zi{{7oH?%QNSsh>A(lsf)K603Ed)Of|69qcGp6}V7Wcznc_EEK!9O+NHE7c#$7}))) zIys{8pt+;N{q&$>sl$dOpvbw&?xdHlwE_?fX)EMaN+C#@l|7nS_zUgW@|WgKa?x(7 zJHhTbfU`%JC}!ia!~@NnQ=ThQhVJi-gnk-DFvWcMMfo$Ghy*D?aP8)9pgdmYdvP1j z{7RMM3MN@JsOIHS4=!DtaCP zW|IBF!xbuu7HK%Z3z_L71OHTygLeFcmotbY2i#s+udUlDxthfyVXnr!ae?J;QwVB2T?d z%ARj`;a zn;AuUCsW-opSXqBo|mQlDr5Io+lc4Gi}x`4mSx?%#EtPhr@+)e3=>J9j#u|Rwk;z8 zJTug3k>x|)V5g>h{taLFZL78NycW4_cHh(3iJB_#;~wOXw1P^O>b^O}3Ogr3vxqSJ zcmofvvM8tgP8{Pg5H|gz5+dZpVA|FO3+_^PR58_BNhysMA8ezpnMtmR>(a|ncV?zS zKlRkv*F9BCdc$+)W-(q*;izY^p|5-6-P>e`6}W{5+6#8AfAA^|QlQQ;X8p*}7z?)q zF;_b6;}Ub>@uDSHHFWy~n@*FFVH7=5`Lc-Crz4eOZ1}H@&z5tU&gW zaqEc&e~GUd@NI6P@|tTY&aGcXsi?4`VRx7pm+Vl5#?!YuHjpj$D!g|BKPWSF%crY! z1C4#0AYbWMP*esbEBaTpg>tDP=_6ze1kX?AN41d$N+dxfMR;+Mv@2-Jfp?oe z9D?2V;^3lRG$I%hybR<=U*FP};a$tW941@!bD*BY_CffIh!(3dWhsAl5S5b9t0P^5Y=Tiwi6u+m^*iwvp*rDp;Y~oN^ClsH>iiTCvi`g6*vl52jlL|ubZ zD)($c9~Q+xFU>>4FJQ+9fzq2JwM6pUs4s+)7P;s5O+u5!)9dvNNo|_$V1cC3+GR4P z87Tst{8jZj{)w~Bk;iMY246)TEp{%DQj|${>lxz1ZLV$*+Pzi17=GyNhwWo3;!|^P zNpD4TI84DHhuMn}Qh5SDJJX9jZg!m2lL5CYeTT`qd-68EI@cEOuBapr(*)J@D*kX|&QIAV3vy)Pm>-mMi>wg(kUYN3-Uzk@a~sya7L;RgWA$qDyd79*nP4PB z&VrjsIsa-#QmCe!X8w3JN>ij;6j`Hug}Tx)qBXpN@up&(x%oH<<{po^4b6&+q%eAUnPX%Ruq_rX|UZ{LUKhmsLim-SH-~FYDC4dXEg-$=~{z z-rdiDt=uI4Mo;+AhtlF|J<3f(Sb%NNt;v94I8%OSTu^Cd&PLF|++#Alh41|{x9z0> zdE`DK9mvm)_dY)1Sw-Lw%6d@4J6v=(nNb8bge$~NR{D^dby-Eoj`3^BGm@=p6w0w- zClz>S+HqO)R(BoqN<_E0$?|x8EmwMojfnKI+u~;qY{NO`#D|nHl~K2b?I!_%9HK-T z|IS#!Y@)czhmgG8hEmrsq2akqDdPZnR4IAxy;+`UR|mI(4K? zAV;X=P4`f$1Nr+&ff zo0_H%3YeO5R~DG^g%{u6nwA10E08Ph_niu!v!8y-M$H7t-K2#-WeVi{Y1ryt$eDX^ zy`&0CKEhF<5um(z!zz_#clk6Xfq0RJ%=#VJnT8yDG2>Op8m~A_x!vN@J)0W(V$lwb zLTD$Ts|aSGZ3h+LHk`rQD_C#KGR%B!H`wY?O!#5d2MAIY=|js)3FOfBVqt*=w^HwP zPENX~Hb%QfZ)p=UnuXzJ|3h(a_n=1*J^s35bdJ5M_+hX4KVp3V|pxTr7`}1fR1AQ z34>7Il?2w6l+$lU<(`nY(7JKLwZU~Ey_HUU(rRaWJ@`eQk>As>stK_5FB zS1>qTo@s_sI+yPLOJ=iq<1yYsU^o8)!=YQb z=g(610A%ZdrsTk8V+$g{6_k zgf&)$jdWeGF%bzbdtIt$+`bKjUw9*b$I_a35gnjJDpF*qHt@Z{rw4tY?duL6`o1AY zz1O2CYp4}mwO!L0>$fOJiKsG9!?k{KYtwm^1cp|B z@I(YI3FW=84L@wlkscV29!AEIZ{L*>y_VZh{nGk(((;EK|7;%w%aQodJnqZz@t3p7 zW1-iH=*eXO0HI=H(#jqrTior5BRw6Z?-A;u(X?Vmu#vsT-yylTSNb*)?M#%8UYeKM z$}2i+bL~=WbhG{clsQ(QA%{>lSLMO16F8$VbiPYUnzoW{MbxckLbXjNAz z26IBHme@r-BCcZ%NAY>8k1ajEwgIe^#|$g(U8-G{v|GcSJHpzjKwcAW1_e^tt{sfS z0H@+AFd1>~Rw7DwWWkPm56h48I7Jx8vtfoljK&Vy1?BiZQ5cb)c}!LjS8-Ev2siP{ zFJ^czF5EGt(eJh8@Zj|4PZbHaL5pi2H&lPlbNH2e9+)qGnps1;6c*M$xDDjgi8$v< zPKSSP6*zI`(o|(ZSXgD$yVJ1m@P*=rfK=9)G1@6v@9>oj**6nUmdagH}+Y05m&a{n1wa7`P{@#&^|50YvLk!wRTE4*tCfBC}Kc-_{kem%{Q+pkv zXnpW_d!{niEB!^&NFvP*sAadrDVzW!JICy#OhxYd49^|+tOzL9%5zr}CKKq672dq( z{rM^C`v+&XMp(CZQ>&P(+$jy5HjLl%k*o@im&E!+IqXWzW;pdO2~%L2p-1%;)e_u; zcAD;93BU^b$Dx1kB{c4gx)cRXBEgxs|ok?^T= z1I-Yv1S!$D$DG$+^y?W5;Tw%N*F;>Do31d3+ilX5*2iRApf}%%eTnbq?4nw{OrLP z(ERIh!m{~u#+8&hWmAGD?S9lUONI4XS%8iIX7X0KQMt$GtWnY7TcYH-~#Wt!kgIN5`LcXPu^TT{;qNu!jxan}gWn7(OJ)N(SoIq5ZG=MWOKve(kyZt^!I=Y-?%wdDz0eC%y01RwGV5O8k=ul)&U$e^V*`7xka`g8`#L`I ztRBSA?`&w^bGTfghn;EI8~J0@JU)pqXZ`H>4ql>upK$#LG1BzFl7?*r*MzpMMhAUI zuA2&Yus)EtXl70PBTgiZgf_(avHi9Mc(O-l+E#447C0^3XuBrrhy1u(eiUc4l04*6 zs29+GDWw!V1pkpRovD=C4)xA<!YHX3ivY!XW8R+k4$YpwbkmYyj9k;12 zv+|Gm3&H9n_t_H|q}j;YkFvkJXjUk*nW$?UWg9sgVXF_jYYsOagl#*X#ZZNp)nF85 zJWI=T=&5B%c#Fn!?(opT0;#zF>RX3#P|hccKwr%8cI?N;j@_qhKc~e4&P*Y`|5OcC zckfZQ?VP0TY#mVp{;YqZ6)qK1Wk69TuTQ^?EdazKbl$I9$h-=XyHehF-AItztx9N4 z>;9Ion`|(*C11QbaDi7*tB! z27%Qw$iu=2W7cprn^aMHI}jkayqLVcXcDdml{_<_#GT=z0rzIcLho7uj8 zn{l_7;FNe9s8lTZ-2V6cyzu_V{AlD&ejSOkp~z^~VrV}V2~SmN2@CqAqr;(kM^#hw zG(v~#n^l`)F~K!wI0peNO2%yox~2Zo{g5GsIhc~QqC;&)cZ6Vhr|6g7>zMOewp{OE z3L;A$lo-;@&zaP_ug$~swxZ=VWWy4c6Nm2*KmquK` z13Nz`I3GzvPCh~v_Z)%GQKL|c*h9g^cU~;^`Qv;>4<2Jd{e>n3z`eu|guB*I5kD z@)DcP01Q+2^!BwniZ=Pz!gEXl^t;QCV#sK=&~06~OWe9#f$86e!*dKdVZyy{<^-~1 zZLTnN=%A|I!t9M(^Snqid~%A*zG+6JpzAv{?;^8Sg!ui+?Pp=0vPQ&ZV=)_Mj)}Mv z>tZLo$99s#u<@FG^?s2X?}@mUsOGGa6LUu@plkI^gR#;PTnb^wPnM2Q^&pc=pwYN> z!=5F0W!rpbwhZDvOKnrdkb~#G;!z--SmfC^el>%Yt+odt7OgJXCk2U&|J&~D??gOb zX;=>Dm(?BbW?LoeaPaEh$-VAQ?ta9=;t=E#wBb|CsfBfU;2dwTKeU}U4FR??js#YH zBB!1e;lnp>b}P1oDr?gokT9R9&A5W6(aCttymAf?p}8W6yDe7KQ*g%Y0pX`>@uQ`u zJx>}BShgtN2D`MW*t+PK*e5I3QrrBPKQ&CUU|NzBti>+P0X}? za;WJ2+WRF&HKINCCN>Ryb;{X@3N`b@wzN;4jx{m$>Y0@eYxX!Zc}xd`3uEOX6Jwjm z?H%%J9ZYc2QIrjmp}9$uy=~+Mg-Ea@h(-%MtJ?)RH7$NVbZ&A??B(k&`?=0H{kd8! zw0h4SK*~fSDw@S13>VK^D>uP8ECo^)^0NXX@b(EHY*XfXzK^VnN*s zCVAUB`9#mM6me_xiU_??`8Mc!Lr!bKy$aFwpX}NWwwD|p>D}MnFIRZ}5ye}q;@uua zn$oG%m|^PEAzchROJJTbA@C6(Iu7To3(z<{5*m9Xn#h`TSq3tPPv~cdt2RM(U#TL) zi@UPe+r-@n(Ae0QW;LY{H>=ujI7t0>q3R>$xnldoYOjp?j$-#6NQ#?zvigO#J*J@K z8;ou5LD(h`n`=?&Z2s-D!*Ie(2mQiW*2!4dN#A8}29TEh4`k-jdBmNRD?r7oF^{M- zHJz=2Th18)KQ#rhN>}A+Rrzx}nl*baf72514&!KK zc{!n$dcgAMn*e7|{eF<0>_-@hF9Lj~^)-b&P6yHBAv@Z`xnm!|IBP3=9{B#>nfv|3 zJR{drsw&4+Nh+&GcS1M*B{75-;xqpNSu*A>x3T`VR$Oa)^8$u*-SnGjW7F@ZR;E8z z2KOSA*&|B3{8x)vtbj%v3=-dPxGG?@vN6l*4bqF2yulpVZ>J_-BqnEWZ*WiRpfCRd z(Eja0f8G|!Nk;HVt99U7rWbsm|K_yPWx~SQCj?YfSfTp9q31&fNDuW8bzmc;#IuuyX(`4HdQi^qesF?SZgbG+C^TqC5vJLif2LL{bQj z_Uah6mzHZhEy{-LKe`+gzWjRY4vx^`Ci4nrL32@lgR}jf zCrF(oQ8q64l7blICj7I0{=5JwJDEPwlGm-Ci1XeZ34*QWo<9wYaGY;s*q4L6oHQq6 ziRHf<39s3oOnDKVu>E^jQFdi3*>O7GuxWH@kJI~MU}130IGF$9i8A*4<^Qg+-ybUS zvQ9LIHuRvnwkuhZ-gDfWkXeMw2}R5j$tNGIfDO0KCb|fU5RFOG|3s8O^V1f@8+i5* z@A9_b;Wy(lEvo5GQoqeaGQW6e0$2jVCoyi@oWH4nLB|LF_=FQD+2lsRswRh5f3`*| zi|3fA3QlV-+&`SbQ|{%Niv-)M!)~0P`1cfw=}yV?(j7)INnWd*2=JX1*x|EgguMh# zk9QL%CQ-Kf`+Z{JDrvciy?_6u z_+8p}Bt2*EW=)@VRPn=k$;3*yMJ$#=wSjAWt#++pGx?~jli%fr=aF2y0O%_J{8HJW z9G;+>ZB$^rvNQj30d@)=(m38}u}f~FObd6x&33Q>E$--#MPwRqs{n(nt-fh`J|*3Z+^YSn{4 zaqdPE@X1*8mqrk#gQD59PswCPeF>@mL&f;_0%~JWJ_oa~Vl`T>-kI;s@UON`Qz}gM zIS*{jb=fScY`+8F@fusv?u7bOxy@py1N~`p5eDy;kjyZ*vG8L~lx&|wZ@$A1+uG3K zHw5qMhL<$FKqWa@gxVs)5W#@M>&RSYUqdG?VUawoFVpJA%rEe|@cL8Yv2#S1790AB&*g zbD!(vb4e(F0F?6opAm$%M|txv161CZ#^aqI>MVV#lNcXb zyRLTz02%;KaP2P-+L*QW#AopTogMu42?pKFSF{^4PNU`c^avsT{rWZkk|gkI0AVdo z*4v&RC?_w!R-rz?IpghfTMMG>mKy(zbUKN?RWhdT_MjdAx(kS;O1LPGhPgjRfZ>A< zbV28PMDkkN^L!-uOwFbE3^L$(U-ppybBIV;BLgw^=)J?5r{4F6hHERD`7hmOhjH+vYpUR6gsIU-63tCB>w^L~;c! zg^cR@9JlC&%%p-P$GvR$l%b}$*GZn>vK(-@@FkAf&hlKU$owyCWwF7D+xgQWQy0Ol zNLAD!z3Q0W@W7#G!&ZuD-1i*0D$!_~y%gSN<%bAMma{w%+)=>&*QTAa70Pi0!p{UI z%7(+`njq({U*t)5Ym2b9U=Brs>;Bjup zU^ZlG`gyIQl(+_hh^Qjy9HC3$-(xXx)CaNnRp|__%_FtQ4bk5Z##AVPMuGIorm4(yqn*Y1I24B%}-Q24&T=8bMMB#IqEM}z6 zr@`AtOiov8*MwT@4OgZgyHIzgJfI@3Nv(Rmj1zr4C{MRTGWV=sIspDsYka!kg1rUw zJg8};aZ!E&0&~mkJe3$W(;I4Z&S#snIR=(YCm8$5(S&cLsY#RB0NJ*tAHNcG(MR@Q zFj9rkb6OceJUtk8nAxQ>GSlfyk*Q3Qbg|%z-d!HKIoIoY zwBl2+lk#Fy2*Jwwt*2-dZk0yn*R)|@^UL7;tf|LfSe*c5Hbq>O$tk@K%wTHkzEZc= z2l_h_2lQWyOU{9MeSUE;+~)JMO0kz8EG&V4e|-|2M;szlAyF;$f!wE-0sFJ9+ryTY zG`q5Ws3dvU$=mAq1{w}MZ>WXy{Y-r7pjVi0n76--JapA$zxdABR*HW^59^j@z+*77 z6^~bPta`h>^3p|UUB9s!Lh-wLIE$yCxg0c95tPbo>SF)~vkBflCncIcH`)It8+N$A zMM%V_y8PtS9I2KMpZP`!jy;a7O8k;o1vkSaQ^$h6>>oUFMSy`X3N0dmlOEOJ5{j8CwHF~kxDYUoj@MTeM zyJXNerlxUw$g~4-Se-E~WmizWf^$`7wQ5=_W(*tbGe-OHvnf+= zmdueSXJcWh%a4j8+MQ}Bc{{x%d#;f)`hJSE2PkSN+>{EvM!Dkys%l@)zk+T2r2RhPJ%^RkMJB7NleoYofHgu5jI|Q*wZ6wGd$A6r=h@y&XNBR|S91p}$ed zMCzBN0GYbJrRmoa@m|htM%8dKhXVk2{;X2F!PJi&;e4J4swc{=h)yV~OOkqL<1rCF zRXWSrV7EUBb)c4H0R28gYNgRBNRP&u>2p4`=3--DVSF_LD1^HuKUu&tKk05ROG}Oe)i*?Z9K@Ed`zb+0^;C?yxtBK-a+_ zqGxKN;-_+sf6)un8VU!t9+CO=HLc}bp%fKX6xN|29ahC@aao4CG$^qK$;Fk1kQ`P$ zO&bzMZK{9&q>IWOjtbu!c)9rbsTIXP&ZYjOu)z$WUwEUr*SVvqV!#waMl)1Jl)ueg zXL3u!(=b(rZ{6eS@NkEMBp=)Ci-Rs$63xyu&_(gx0~DaHeIBKbizwXVoY&JqA*U_{ zVSCk^Apc{BDAy&umyu86ZmZm11#8P425-3-R+M6s+T_;w-kBx0>j>@DW{|dIiuX&D zlQdL2M~_=s71P3fiiY}m_~AL56MX+lHvk4VRZ2BBm6*s-<>+ZRtCZ_|+MJcpqpDXR zTu5}wnZ$24t;+gjNoOJ3z8O3Xp`2RQ`;IIPfq`Pe!*hU77Mpp|nuHa_-}TfVACs`+ z{lIWh%v!f#uZZMmkExCBsK~VPx%s5PDZi3hiXP6(zxKPw{N)`e@Wcq$j4pL4e_&bC z-4=VQ3CezeTH=3~>N>BLt!Y7@2~}5~6RaHT(+8J=Lh&T$`UqEX?0MFC>Dk8XHeNWP zXDsLaWSiuN^fYk}TMCO|HCju22_KC9k?4TA4#Ndf6;jm}u5>ZzIuq&e9+S$;9soLy zyCFokM?+UsQ_O-SuDND)mM$YmeUBA*n;`$1D-q=Dz>L65P=L;zLtrn^foolc-NM8C zCX&7ea!%gDssz+hmkX>PFVPC}&ww)V=mtCgefj(6ge4}3=#jwrMmlx@aOBD{s!HmQ zKz)OB(GlC1edULeM$3m9xC{TTIm}g6HT5Sk6KK@=G?yCq%ZWU?BTc3K+j{HvU(ltN zW!86p`n-5uV=erDU4`K)yW&Xr7ng0S^RBu_Li%CBW`1{46-_SA@{ zG~Tv-vKA(PT}u4#`n7`XD`-PW<*PI?y1iP@wPO8Afq*^*ul32mz~lGMsfn+_67v67 zkQq*@UKJecQ(mAAdwVO?dpbwY^(F-@`W)}#VhP4b<6w#-yh%^O7`P2HXnNo8%KMr3wXh{%(c)Q#xmGM&G_$`doeT?7->Qf(-XM zU8)o)_PM<&yZpaVgn{LC;8TI~tYxy0mjD1ND)g14<$f`eDwcb`Y+M#_d=T7}Dm$}D zyyTP$_YS%He_ayJ{&h6`OUMd|pZV)AsPwnuy1ipp$e>m|`Nv*?XDZBAG&}#OaKVZ0 zMW|L~pJ)B>gY+e8y|{5|k|iX@_O6udLrm68S(7bUvWv_NV|(mmE8ApeEMsi*doy~T&-4BNugldHGw8pRf6Y~gr?U94=1*y+UaoOBZ)MM{1}ORGHSfG&-dS$I47|&}BtMDH_FP=SdpB8pLxix-s2YfEg-pM$1q(Vw8-`A9-Y~;SAe0EXk zKRKT{Ea;Evxw{$oe<0P2;3M*(bArWuvc0PPU-|OKuji%bt)fa_?HK=eBtj}I{Y(Qo zfW3y(EJZL^Kq!B_B<9`v`~M?)%)u8->SaUc8nXObY6GJerhmM7>s9(x z;~*VXmCRpquh{KG%*BHOvB&?rA3|U0%ShXNjnWWSfnWL0M*urCBsu=9z{&FB57Dpx z*P4YZs@(OHve|1&^+jlcsEf?I;N={7(2V4d@%0ZEJUcG`tGf8GnPw5A0JHe8F|1rJ zP~4BN;jsgk4ZR+#4Ub&H>Hi3U|6eDrh1^kgs6@NY@&mC!AB(|!(29`w$j->Mv$MH6 z)pfz%3Ruo@L%-Is8A%&C8hA#d8{12yMcp=1gxe(B6x8Z?_ZLc zJyGd$@0NtX6BL`cmw#4vl^`sy*R)7s#xLB+EzH5M+`HoDq!u}>dzn3;YA*-``_EAK zpP&xA;1>*TXED>K1C|2cY*a^4fQ|1EDV7{rHzVZq^@#i~MCXqha=y)OvZ><>ql==< zP1^GMRq24*H>G%EAxR9<58`UvD^!%k2_hg9rZA0 zEvON>_Etl~O=&EE?2#`rUb+4WYOAmmt-`~>4EY5-i5PQ2feFU1V?!-%gVMR13XP@4 z&J}!H{Fi;YuL8gMz+MRK@=qt~#+qt- zYOWqq=i~HL3#vn&gT1quvYWxk6Vz$~~DAEnr= zwM`a!ROH?-t@WNRdU$p( zDP#{&0y4fe&_(9pn0hZWf|t2iC?luK<4kH{Pt|YN5ZSW7WO$}YWJkhHx@ONi-0MTjAxsjo_Ijwz2L%#u z%H(Hp4ds3=TZH}NGT(vlhWaXJG(cZ4{0bHWlQc~qg&(oJ#Tv~9xk;cji}Xv}d7_j; z`%__T>HDIEKCs))H}?|dJ(+onWt!>j{c;PiTN@&U)jdG8EI=Ei{frUi?ebwFFoK`I z5=Yk9DF&FoW=;aCmKRa$vl)4x1MV+c@$1IG-DOsq{NYNljWnd8V4I*ycAy*MS9D>q zU$Ypi0nZlyCBE)^wjC-r?5Css8g|M@hm4sWEjPP~;uo$9=us0d^QEFtIH941EV8r=uxq+PZ?e$Jht3jZR8tCj!{+7yfv~y;IfwG8MnEVl*ACV zoxHIbZ9d6s&2s93IxAr>=MNDsqwPb8u;tM|o6p;hmnO(YJ|kq(U8DzOwafNWrQWu& z-8H|TQ^cnd84Hl}d;q@oP-KAKN*8iaOE5xrO^tqm6o!IX>sMcaYe)V?Or3JzWiT{ zM2s(fJXrOFr?SvQ&|yN^;csqj!Xgb99c~#Gv*LyxJ&j#vI;*436>Kt=By0PKz^fxLyPMrv-Ir zz4X3DbF*FcB@EXjx{RyXC%5mXH9n`I3kCZ(umWqZp3q)h!$Kyg571v@EN7~ zCRuzcFnZ5++1!3<2&((FdHi_ZMjJSEq+ZdR@UjQT zjO&>$Tm)GX#`&tV>|>`=wnsP}!9=Xgo;F6FUpV*#SLImh8eBQ`=;hSpmE0>DPb}mg zJwUxvP_D}^6QPV$NVo{>dp zbNF0L@+_(zt8f&I8E!A%IV^o5Rz5EPtTBkU##|W zbsM$(Cy?CNgyUi_*=w%WhxZsA<$uA-8y=vNYWUtYA!3NGiZ|KitR znQ%P$$|!{e;M1i|VY%lg>!yv+bz4Mj?e24o_IIsSMi9+BGp^$}5;w)@X84BjQLt1< zRZga}U@w?^uoclbRPF241j0=yAZ;m@Jr@vINRyeWcBwxU^a!2GnIiS8H_O0G zPTk*XngwPxB`j+;EP+fff@=jA^mM|{zx=_11o;AfXo|_sTNzeXwp%8+RiSUwXiHt@ zLZ)P$p+`#l9Rv~PLcqc$t4qcxBakRb`s)S@DGDxKFlrhU*v&bu=I!C}Owz_81nCj0 zU7xZdG&o=(?opmwix5lM3vWh=p(gN`@0BGk zaPkV?ynM4wo}lBzM_V3p2%&p}^Y^ql#iOS13rh?WN^C?h>P8RN{rDm$!8I?VIpV|! zim>C~*;Tm{{3zx4J;X&TM(jy~^W_4R)un>%SHVw1d>iCnB#$<5VxR?Q8+`OQ&XBo) zKp{><#+3@|Ti%h`Aa9qzxH7@~#j&93-e~NxJ8lIV20X-eu(?j8o&^TxF|+wa#9pQ3 z()1a-@UVizj~Q(BtGY#=(XWeQ{Zl&XG0Fad49PAn7QqIV<4Nx z9M}3+585U2#*cgR*$RcXv}MMA$w{5n_qOnS*3CHIqz6&hsna`umb7!?pU`yQFF!Qs zzA}%IAN5mO-gAujht7Omq!2jqDEkvPL!1q382xqh`4kYbDXh+UK74{}GTUoKU*mEr znbv?@A~E)v_jk|AN75{3!h)Mr$MntaM<8=1b)G4`ltTM-wH~cL@=d+cMdpUGOaV=@ zS8t*O!`S4C@0?k|_6_AL4uV=`6WDi?0f&8N4iRDKw_Q`uy5G$pYv;NPI1f$4jdBs# zQ_X(ylE-BFbVr3C0J*jAq)b-XT6yJ$8Vm(k$`keYBeQoK`J^>0)?VZ|l3z@K6;j%= z-27LBa~y4_MA2;NS`I2HyP%tC`M+)^D`}I92iy`2ijFj=k&nxU+;~~=@@b^b-zqml z;sr$V{$`fG5cR}(l6An=eA@lpQTub~v2L*O(aVnOn=lLJ?>U-6MlFD}wM_~+XVraL z&|f?S=^*%SLtdg69w~Y zf4L{CjHzWv^!IUdhX#%d42ArM1+2k>RW~n-pAIof<*`g$RR((`K312PzzPsK)j!wk zKXVt!sE-CLCr$b=l8qXg8gAGnS!|geNJN(&J`)vn)>BKwj6TO3r3kXo^%tXsjB+c@ zQdsTIp+8pWoa;a3ob5VfIz)o}PvrCL?>FC6hWP5e!_UFk+%i$Cf=6zjsPMj$67zQ; z6ERpZn4-CzJNM@7g?suxUg~W|Ppj7gjc%&!A#Je^W?Xu*4eU}{!Vxepb03AgxLCO? z&QnYS;8a1r-#!fa&M1ITT`BNk>p3fAbj36gcgJmp;vK%8#$9-+0b2U1EUvmF)MYx) z1tYKe-;K;|P4O>3zhV7vCAUIU^5de|LO6M~<)T!+-VRWS2HMx69n7NO7p!BYS|+nB z;>~Kh$~>K`?(}8gE+(d(4^ro2cK23TuZUovbv#4*{kowJ^i zWtZl<41B@Wc=pe^-zvw&g-c6}aHb8Wf$aF0XJNTs7Q)2rC;^6$+E^~+Etu}|#7D7m zg=xSzviz}lYva)MHTGi#A7{H{Qg1|tTc3Lsm~1qJF91nADH3^=W*oB^4vuz^wK8{g zVe90-7S%55XXp`2ho952OCuQ4_?(F~Aw;_lX+RzF4L!^(INtm&B( zP9{l&T8J~mU{RH{Sh0xuo38*J3wU*d9NReJ<7{UYMh4^4H_g7B1I6*pJ^wEnqYQnH zW`361rXqEcuaGTUl5d=BICiG%vqM0GVSR>mgIWL6es#ZW?|hv8z3-B{X3z}H0!B{E z$yxIpZ}8Yo6r7*u|IQC@>c$Hld!-PdM6mx{p-I1FwNH!r$-xtxD;A>K4)H#}8t(k^ zAT+S6;LW@XQDS1)I0+*=F*ZY|>kDAXs}iuS>CFFZk>Sbb16!3%AJ7k~Z@5UbYE*9* zpF1^GUw?L*UQVC&Xnd7)Tp-je z`LY1bf4pC?zQ+H7wSqbr{|lU1ed+@cahWOiO;Pmt^j(vttIMB~KU?!KbEaF(b7tD3FMFo2 z9DOmUZD>W5S7zkPm1gSCO!eC!x<|`KTnb`_}~5C{UiLXe4Q2|sJ~%XudhF!FD#ed{|w9C)z?o~ikk{} zwm||YB=t4A@+D zd`Ol(y4l0_6u>-mv@hR$(2Ew0TPU$X7RF_3&$f@sKb;d~2&f%?FGig{E|}B8Alw6n zvA3PG4TS`3{0iFe1-YkMw3bue67)nc@H>aKSi|)yPrWw7N2W^>LhkT}f(68S_Z zS1n)(zMAA922Q+`e!|w)Vr}hmZEf;m`0 zcDTnVC;^Jcy5w}=5Tkjt|N20USiJx}I?h2OY zx5&L4*5d2+|J?HgsGp!_KM3mSKlx{|H07z%5n?5`Cre`Mpr}KH;G#}{-ZgK3`gSfp zZ!)V5*!i2&*E;Y(!GY}hsTxo(V-8KZgN#jh_|8zd$Lr4jxi@tX5Id(iQ}~~&)C%{O zW5+EWRfxW3*Y>|R4B4NSU76=0LlvHnG~h^Utyae@tYTu%O|e|Ze@2Mie=6=U(87oP zg70tsn91*1g;jL?6y1w{$}Jj*JP_WU*ZYEn6lcc@!I1-VJ)!=na_#Fp?&Jwc@Sl&+ zY_RK|XqDB$o3%t)@2@xfC_kf8jnlxFph7gro^qJ;U0YmupuR`ra{~D@#??Na*&rF0 z#TOtgT#a}vi5pHd>g17mY}L6EnL5mTePgeBAHpI9l$J3v0WG@1XGvTvqsw=oztOS4>)qKBHb*rx}!W0Qs|K zs8?Dui$1G+K5YX`>u5}bL%Gk~mLsaIG$t68VzLhN%e#h4BeJB=oT)8}*vX@>35N#l zf<)a%zqeP~Mf0nOcpH$5Y-_oq{QQSb5AA_jUItYRlsV|pYr#NWI5tJ)oA|oKTlVdQ zYj#qSk9u=E`&V{lr)rqtwIG<&xq^cyQV1KZ;WZl}bS<>>6t z{!iU{P3%x(UZpF?d{<%q+B^!E-@AAJ8R5j=?TVi*KbJ2uvftp5wd>)515KCWBn{`p zksbF^OqhB*el(D^ScCHfUy!I zZA>LMl25v%EKMAhHWDMTZ+V|;Q&?%iE_w}n8j)AQKk6G+saaE%CP5)SZE)x-sA4Ks zhs0Cwm*Dh44ZE@XTLtDA{KU_6Yhk!j!=t@&oxOP#Xdc#$X<5`(SXPFw$?w)~+efY0 zx^E`!lyAdF>_1Jlj;^v!LEw=(wdAR!B$v;PL+}|{I@tEF)6M8@|L+XavB)V8p0Sx~ z{DDWH$+K^u77t6r#e0sF^nHQ~VDuKD8Gch_3OSodf-CC=S6j3XYwx5x!vETV9@$0M8A>JZq_|XOdF2x|$ z4Q{|z2gBu}t}@MoD+oK&#UCr8ecmiwN=^9B;TN|yrk=JyDLkk7DxC*Qv0EeW*!#KV zpN1of&2vUO&TBXUmR}yIb-^jig&wGDJ;cbJREgiPn)ml?KNErZl0K;f-xfbfQZW1} zSj=L?{(}Pk%Yn0#3Hz-A>38iPA|2w;&=d%|p14(}dj$?@g<9smuEQ9YN{|YEN=zw;U~QOBkLT|v_gEjBmAtKyqi!^Tsidq&yKH+ciZ zxe<+m8bkJ0x8-(|stx%OLQ~uk{+qA-eX@YwT$9NNmbOD0HG(p!Gz(=h~BHu1#%jW^4rwX7|AhZ_&xCPSPH}6GvHT+ZvzX3k=WBzrPdd{F_u|yU>({DgC)j$5x%L8-tz)Ji*yT^<=lHNj&sp1JH*N6W>z1y%oI)# zc{a%|)E+$0JK5bo572D;hOZ({I#0__v9}946QbQaMeY}WluUWY?$_CPMWrxer^Bzg zYO1m11BBQso?}$7fbUPc{-`&05$J~hM#RAqeXz0knRJE&(HIXq*kEO8!Vu{TemY#1 z7hfX^B*;H{^Xlv%wi$TtuC}sF=lGT?6bvRlJ$!D_mHa0m+BsL@(-`OjGmwiA*+KyC&}ty2fE zDowo%t4x!0&aWo#9c6kXqK-iMz9NG_)fpjVwO*P9=rHrfp#kM2v1y6*ZMNr6u_?9W z)5o$4N$>-wS5s?WUV!8%9W4gM(H|pub%fFK+kpiry99lQPfUZ))U+d@J3aV*Fz=YKGS{^aBE(hy0Zx4T@h1sWIKd$5dDEV$?Z5O@S$9z0hbah8p_Z06R4OE+`rrD{_LgXgSw` zFBxz+nAHT5V!1iDvVR;zg!IDuk3(M+i<1pRilgeZwVY6OmSC_oJ~*27r7jD|k6#sn zYn$R8&C$)596Ja;PEdo73-Owq+j8AHSRT(ub7aW+pXsINr{48}SdsxPx@R^yd%odk zOrO4ZNq3$pyglMH=Rv$0bl^Z8j&Dn@12(6#!fuD1^|W2;%Qd-{L9ggJ(+l($IfE&e z|J<4CUN16>p{pe}IHjE8nP|}!OO{9e%&a)omG*}`Kk@Ek9l>qwDQztT3<1#iQRxG{ za5xBQ!VPJGkQ~G zO0|gIQ9NgrJ<1Rux$fuivkI}IzQPmX@5H$UhQ@sl=E?`G4_33~u@yDE$%v!fOSsaa z1tePiQH8)nvAKN9PTw@)wtp_d%NHeVSm;?W9aCedF{~4>TRr{I;*IRWYgas74=2WF#ph_%W{rp4-z<^&JRPalQ{KC{#-TwdLN^q zJI?Vdc{9PxKkdL4e*gc$Zh$@GHevX|H^U;jSswMriK8kQjCO+F{cgEeONQBIGXJd> z0V6t=u7hE=JfMmmkDl#Y@)RjVsMVtiE6sXPt{5BP#l_B|QG?}iH6-I)z3oCAvPQz#36LkYe^TU&|zH{Dq$1Fp{IqHgR zQuhGT@dTxCzB}yS!&AKdj2zzXK>@lzHv}rC%P`r-R%LsSL#6qpa(Z z+O4%MUoU=#WXP$dcWJ$@bTJnZSmigWPT%7|~{KR}Ik z(=Gk2U|=N5ms*HBUb};IxvI5t%ud9G{o%}&o!PjDaa$cIHmDAl+!NrVjNiuN>^(Y! z!(FJGML9?#NfgI!sH7puZx6?%{zBS79AqQM7prWYO|Yhx9vUY3s}nKWQknr*vJ6HH zLf77m?b?@)uM2r5)u3Xv9sh*l@aWnVjW{-WuZ1gM?SyV!kj+pL;;O ztU|_tukcqlUditPctb~yK81qUmP9(RzYk_g6wu_l!~YT*!bONV1~8-BhXR0 z;kaPJh?U%35Vh1fNAS%mxC|nVh`o$_458O(O?z`Q5F;G0HA5tAJ-i}Z>N0$P4@~H< z@%MGxL4`HXFCx0~7`{h{{Y18n+}mE;S`>2SilQwf28?i=)cDS0MAjy+r%mpfx*D4- z^odipU%gfbRsy=NYc$u6ZsR$dlTPm8erstlgtvog5G}<5=8xvV0%!6oydAoi$eDjyg~OsNXm7@%x@C%5H(nS_?!6sfxd{t4WTfwe9DnS{@eatNrs!^%T9!c z&mwuDIGrrc{QJ5tK$ozKpsUFHu3A%y;xo$~ZML&ruI3h*<5LYV|5OVBz~y3;Xy>9& z>Y-@bqCBJ1`aHF1q#AN*rU2vW=HY4ak%=tMBV1rH)9$m%WL03)eVBL$sz_?u!aGl3 za!x1Ht+A4^NoN(bzRAYaA#)A}8Q+AVA`C~EgE_*dz+*=awQ#5~F`f`d={3l38~JRl zic_~dBp_f|UmC2rj3cS$q~&}Rb#JC?yHe465r z!aao7UDMu=u)%By&bmw#N?FD(JDJuz(J(pd06=O0&$N+>@|z=GqcvZ2)=OU+Z0gvhF8JR{{U(+BI(8^?Nd>0HiLMQcLl55jxrjuiJSl!%+UV3QhO1S3%~RoOkjACv zIgyp38jQP8>c-{CKYu;$s*{4jQoeLIq!2dl>yemZ|5Il8@1JTkDOTsXrD;@E0`TKA z8ne>J#mHO&f$i|kaM3mhK#1<~ZOi!seEu28%NA%*6v{He7wR6+A$w9Cj+jwf!%a}u zG_Gmz)%vW>jBx`#@bdXLD+HDt!#trjxssGAJ;2RwkG_8-rj>6CSk52B&yViT>|owr zHN~oCvZm#89Zw_ zKJ9Z2;zBVBQ9rb~2ei?@ynLXj!=DAKRGpO2UEeuGo|j1K3J{OVF5tyH%-6QIJ`NYz#VO3Rq$y)f;$ z(!#eKufws*Szz+F7zwlu9FwKmeiQ4RLjW<&D;BVPS~ukG2?>lS$Ay2{`J{1HQqzNF za6nrwToPwxKY-QdaO%`$Yxq)h`|8yZKTQv>ZnrnFnPfQ2`@^+O5^2l?SsAqt5>6ju~hsaK=N`oSZ7< zuT&W>iF^eY6JKNsO7V}|-H0X%AZLoqGuinz^9s6aci#0->}MD=?~hhdrjc5r5!Y~& zEnwee9X~<}-1ri~RZ|j4FiP-EPhw3cgl#mU6*f4RhYxq$>pBZ%()MqRqcD9N?M|qT z-n=ulJGSzWP1q>^N`^B4+gPWu4TxnMyy#IN+B%+nsB@wPifbAo7%n*f!Ddb$;0C%L zU<)3NAFHAh#fdF5*B|Ny#h|M!+Z7Fq(-4@KHi_a(ejbWjXDstye?XPv8XQMkD$(}r z^BcyB(+^&(ZB*={6?2y62=StRnY%7fZ6>R~^#B^MKdkKnTZ^edrqXsqne_(}DcXhW zdJ3E9YZv1s$3u&=qi)TeokJ_HeACCXkIZCNU9vd+ z9;U`QT262{S$lAJs0mQ9c%Bz0lzk*E7l+%c9<7?Yy(GV7eA~8V?T@h-TYdtRHupCh zHy2+Bzb?EW(f_-6QNb+HTx}{v6!ks4xqo(WvWw!;E*{(bm0a`=?KB=n5`4|-rYWgg zuAugQT&%-M$>%j1y~*u>N?9$|mI*bN8L0oCi)sKu8lyEQ?r(1g+2u;Khpa7 zuZ5YQK4>$@+JN_d*IY#u9UH3+kJ&h)(3!ltM#qV;dWgU!t8~~6l~)W=Qly9PE2i8v ziLHEGmx!hOAna_?Jki5HfF9W#1eQ*w|6QOMOJ!i%Ki44j)qWzn#<% zo@;UFEl2ycrL|>K-ROtJ0}E4k{L7Cp@$NJ-SOq{)nx6?CaTsH)zJ1k!6B+i%QgQ-d z0^pkCZa$-CIPADuj>1PeN*}k5sA1j!Rx!b5GE2cm@lEHOQ-SSThg&MbpZL*ROerM# z3_trB^nzujqxDFDx)WFg(}o+q(+zWiqc?BcaBhuL%KG@o$$XyUu|%oF*JbZcq0@%hh{QuWq5-zCV$ zPvHgB9Ui( zhuzn-y9&|kodMxcg4*Jbe~dKjr-9RgDcl1H|Hfi-#&&5fxTfXFr%&^${K?}P_ITU% zv3eEDCPq9;sD@~WD z-U&?!Pv1F2I0lMdpAe#gn9u6bnLZ`gTBPo9|1$8kzL%k z3?yTIemz6?97p%Zcse{cva{lL2I9S$i9|cQ6UR>3jL2<0bmFXqu#wm0VQtf%(|^#8 zRS0$7v5i;m#EfcW1Str`1t{PruipM1?tTZ2c0*ZYT3|Pgv&{kdu^R7`sDt2>x-aj@ zs76@nvz8a@-R?MQq!uK5eN!jdL1WN!g5v z&L^pc6P;gU=sopC-o&(E0~K{RkL1r+m0hlD*a&k_sefv38a4 zWzJvR@m6bY>fy|ozMnC#EJ5sONs9*}%W8#MAH3-mExp=z=fS~o2Rk@6kf9;kg-ZOA z%n{MK`-yeh+ey+(7USo!C7_-NnVgtG_sR>!DMIt#bt-iEOm+*+KVY1FznL9T9-uaR z00eTt_U;47d5nhK4CB8#-0r*A3FGoYjk6M2Z}AO|)P(Yq^ma2%^cu=q)y+!BsTH7!bu4M>5;rFjsjHaxgC8ULF$Rv)NYwtSyA!awg9}4%AqlLo?U8zM z|J3y?PwL)_4d08!=`+gXrt6bG*oKh+Nsd1I?!PgFD_6VxiQh?YM>lrszG{h5cE6b} zI&D&B1%rNZ&#SN_VQk!t~|N|o2^|#so;0E!x0%f zH=q}LG;ClwqZ4UKM-70T)N!5s`FES1`$H+YwT(3imR}B@{m$6aK07#%Ml<+eOW8 z9U%DbyjkpNYvJnOdKHd;!<#EnBoVy4s4o{ZZhOl>3LxuA>B{T7qO|4I92}%!uH`NW zx4rT^V2>CKm;=1mG>nb1nK3X~;~Idts|RV=?&dEM?$ufgyORL#3gAV1`{lddSDQ|= zF;BgpVc?$~akLCqlfMEbl6Fkw zv=zV@_?p=Bi2f?}Y>aTz@2T(rmcc!&A)#*%Ye-Op-pv$CwBgW*O>7nH#QR+!o)=B9 zB^sIboC?r=D!Czd$3c7d;c!C@86|yok2n5wal{ayiyV<&$S;e2Od48yU0uL;>9>_IDgQ?}A}{hIm+gZp}V&Vi{03*7?oav6dw23CC&g zj?@A`Inux-d<(1}(%ggS+};Bi6xM&gC6bJicjpYGQJGO+p0osBlfEAQfu4WyX%SMC z7=~R5!Fi!ZkG=PrU>rU67}xqpJx~p1E!AYXm0d8y)hdWJ(7peIBwzakLEhpRP15@V RMihee0KeMzAO4i|{{Sc}0muLV From d8ae3025292f817dd85604a67bfa0bad508a71cf Mon Sep 17 00:00:00 2001 From: marrobi Date: Wed, 25 Jan 2023 15:24:01 +0000 Subject: [PATCH 19/19] Update changelog. --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 372a0b3486..743f246adf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -27,7 +27,7 @@ FEATURES: ENHANCEMENTS: * Add support for referencing IP Groups from the Core Resource Group in firewall rules created via the pipeline [#3089](https://github.com/microsoft/AzureTRE/pull/3089) -* Update Azure Machine Learning Workspace Service to support "no public IP" compute. This is a full rework so upgrades of existing Azure ML Workspace Service deployments are not supported. [#3052](https://github.com/microsoft/AzureTRE/pull/3052) +* Update Azure Machine Learning Workspace Service to support "no public IP" compute. This is a full rework so upgrades of existing Azure ML Workspace Service deployments are not supported. Requires `v0.8.0` or later of the TRE project. [#3052](https://github.com/microsoft/AzureTRE/pull/3052) BUG FIXES: