From 72960732c283903865c9d2419f0c4bcc6d780386 Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Fri, 22 Sep 2023 13:49:56 +0200 Subject: [PATCH 01/73] docs/Cluster-VictoriaMetrics.md: update `-help` output for enterprise components --- docs/Cluster-VictoriaMetrics.md | 36 ++++++++++++++++----------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/docs/Cluster-VictoriaMetrics.md b/docs/Cluster-VictoriaMetrics.md index c69ba299d..4c24ca044 100644 --- a/docs/Cluster-VictoriaMetrics.md +++ b/docs/Cluster-VictoriaMetrics.md @@ -821,15 +821,15 @@ Below is the output for `/path/to/vminsert -help`: -cacheExpireDuration duration Items are removed from in-memory caches after they aren't accessed for this duration. Lower values may reduce memory usage at the cost of higher CPU usage. See also -prevCacheRemovalPercent (default 30m0s) -cluster.tls - Whether to use TLS for connections to -storageNode. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection . This flag is available only in enterprise version of VictoriaMetrics + Whether to use TLS for connections to -storageNode. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection . This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html -cluster.tlsCAFile string - Path to TLS CA file to use for verifying certificates provided by -storageNode if -cluster.tls flag is set. By default system CA is used. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection . This flag is available only in enterprise version of VictoriaMetrics + Path to TLS CA file to use for verifying certificates provided by -storageNode if -cluster.tls flag is set. By default system CA is used. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection . This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html -cluster.tlsCertFile string - Path to client-side TLS certificate file to use when connecting to -storageNode if -cluster.tls flag is set. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection . This flag is available only in enterprise version of VictoriaMetrics + Path to client-side TLS certificate file to use when connecting to -storageNode if -cluster.tls flag is set. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection . This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html -cluster.tlsInsecureSkipVerify - Whether to skip verification of TLS certificates provided by -storageNode nodes if -cluster.tls flag is set. Note that disabled TLS certificate verification breaks security. This flag is available only in enterprise version of VictoriaMetrics + Whether to skip verification of TLS certificates provided by -storageNode nodes if -cluster.tls flag is set. Note that disabled TLS certificate verification breaks security. This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html -cluster.tlsKeyFile string - Path to client-side TLS key file to use when connecting to -storageNode if -cluster.tls flag is set. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection . This flag is available only in enterprise version of VictoriaMetrics + Path to client-side TLS key file to use when connecting to -storageNode if -cluster.tls flag is set. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection . This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html -clusternativeListenAddr string TCP address to listen for data from other vminsert nodes in multi-level cluster setup. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#multi-level-cluster-setup . Usually :8400 should be set to match default vmstorage port for vminsert. Disabled work if empty -csvTrimTimestamp duration @@ -937,7 +937,7 @@ Below is the output for `/path/to/vminsert -help`: -loggerWarnsPerSecondLimit int Per-second limit on the number of WARN messages. If more than the given number of warns are emitted per second, then the remaining warns are suppressed. Zero values disable the rate limit -maxConcurrentInserts int - The maximum number of concurrent insert requests. The default value should work for most cases, since it minimizes memory usage. The default value can be increased when clients send data over slow networks. See also -insert.maxQueueDuration (default 8) + The maximum number of concurrent insert requests. Default value should work for most cases, since it minimizes the memory usage. The default value can be increased when clients send data over slow networks. See also -insert.maxQueueDuration (default 8) -maxInsertRequestSize size The maximum size in bytes of a single Prometheus remote_write API request Supports the following optional suffixes for size values: KB, MB, GB, TB, KiB, MiB, GiB, TiB (default 33554432) @@ -1025,15 +1025,15 @@ Below is the output for `/path/to/vmselect -help`: -cacheExpireDuration duration Items are removed from in-memory caches after they aren't accessed for this duration. Lower values may reduce memory usage at the cost of higher CPU usage. See also -prevCacheRemovalPercent (default 30m0s) -cluster.tls - Whether to use TLS for connections to -storageNode. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection . This flag is available only in enterprise version of VictoriaMetrics + Whether to use TLS for connections to -storageNode. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection . This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html -cluster.tlsCAFile string - Path to TLS CA file to use for verifying certificates provided by -storageNode if -cluster.tls flag is set. By default system CA is used. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection . This flag is available only in enterprise version of VictoriaMetrics + Path to TLS CA file to use for verifying certificates provided by -storageNode if -cluster.tls flag is set. By default system CA is used. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection . This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html -cluster.tlsCertFile string - Path to client-side TLS certificate file to use when connecting to -storageNode if -cluster.tls flag is set. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection . This flag is available only in enterprise version of VictoriaMetrics + Path to client-side TLS certificate file to use when connecting to -storageNode if -cluster.tls flag is set. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection . This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html -cluster.tlsInsecureSkipVerify - Whether to skip verification of TLS certificates provided by -storageNode nodes if -cluster.tls flag is set. Note that disabled TLS certificate verification breaks security. This flag is available only in enterprise version of VictoriaMetrics + Whether to skip verification of TLS certificates provided by -storageNode nodes if -cluster.tls flag is set. Note that disabled TLS certificate verification breaks security. This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html -cluster.tlsKeyFile string - Path to client-side TLS key file to use when connecting to -storageNode if -cluster.tls flag is set. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection . This flag is available only in enterprise version of VictoriaMetrics + Path to client-side TLS key file to use when connecting to -storageNode if -cluster.tls flag is set. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection . This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html -clusternative.disableCompression Whether to disable compression of the data sent to vmselect via -clusternativeListenAddr. This reduces CPU usage at the cost of higher network bandwidth usage -clusternative.maxConcurrentRequests int @@ -1047,18 +1047,18 @@ Below is the output for `/path/to/vmselect -help`: -clusternative.maxTagValues int The maximum number of tag values returned per search at -clusternativeListenAddr (default 100000) -clusternative.tls - Whether to use TLS when accepting connections at -clusternativeListenAddr. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection + Whether to use TLS when accepting connections at -clusternativeListenAddr. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection . This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html -clusternative.tlsCAFile string - Path to TLS CA file to use for verifying certificates provided by vmselect, which connects at -clusternativeListenAddr if -clusternative.tls flag is set. By default system CA is used. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection + Path to TLS CA file to use for verifying certificates provided by vmselect, which connects at -clusternativeListenAddr if -clusternative.tls flag is set. By default system CA is used. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection . This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html -clusternative.tlsCertFile string - Path to server-side TLS certificate file to use when accepting connections at -clusternativeListenAddr if -clusternative.tls flag is set. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection + Path to server-side TLS certificate file to use when accepting connections at -clusternativeListenAddr if -clusternative.tls flag is set. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection . This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html -clusternative.tlsCipherSuites array - Optional list of TLS cipher suites used for connections at -clusternativeListenAddr if -clusternative.tls flag is set. See the list of supported cipher suites at https://pkg.go.dev/crypto/tls#pkg-constants + Optional list of TLS cipher suites used for connections at -clusternativeListenAddr if -clusternative.tls flag is set. See the list of supported cipher suites at https://pkg.go.dev/crypto/tls#pkg-constants . This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html Supports an array of values separated by comma or specified via multiple flags. -clusternative.tlsInsecureSkipVerify - Whether to skip verification of TLS certificates provided by vmselect, which connects to -clusternativeListenAddr if -clusternative.tls flag is set. Note that disabled TLS certificate verification breaks security + Whether to skip verification of TLS certificates provided by vmselect, which connects to -clusternativeListenAddr if -clusternative.tls flag is set. Note that disabled TLS certificate verification breaks security. This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html -clusternative.tlsKeyFile string - Path to server-side TLS key file to use when accepting connections at -clusternativeListenAddr if -clusternative.tls flag is set. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection + Path to server-side TLS key file to use when accepting connections at -clusternativeListenAddr if -clusternative.tls flag is set. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection . This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html -clusternativeListenAddr string TCP address to listen for requests from other vmselect nodes in multi-level cluster setup. See https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#multi-level-cluster-setup . Usually :8401 should be set to match default vmstorage port for vmselect. Disabled work if empty -dedup.minScrapeInterval duration @@ -1367,7 +1367,7 @@ Below is the output for `/path/to/vmstorage -help`: -loggerWarnsPerSecondLimit int Per-second limit on the number of WARN messages. If more than the given number of warns are emitted per second, then the remaining warns are suppressed. Zero values disable the rate limit -maxConcurrentInserts int - The maximum number of concurrent insert requests. The default value should work for most cases, since it minimizes memory usage. The default value can be increased when clients send data over slow networks. See also -insert.maxQueueDuration (default 8) + The maximum number of concurrent insert requests. Default value should work for most cases, since it minimizes the memory usage. The default value can be increased when clients send data over slow networks. See also -insert.maxQueueDuration (default 8) -memory.allowedBytes size Allowed size of system memory VictoriaMetrics caches may occupy. This option overrides -memory.allowedPercent if set to a non-zero value. Too low a value may increase the cache miss rate usually resulting in higher CPU and disk IO usage. Too high a value may evict too much data from the OS page cache resulting in higher disk IO usage Supports the following optional suffixes for size values: KB, MB, GB, TB, KiB, MiB, GiB, TiB (default 0) From dd98385a10347cedc24475e77a3be55425ec9169 Mon Sep 17 00:00:00 2001 From: hagen1778 Date: Fri, 22 Sep 2023 17:21:32 +0200 Subject: [PATCH 02/73] docs/articles: add link to "How to reduce expenses on monitoring" slides Signed-off-by: hagen1778 --- docs/Articles.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/Articles.md b/docs/Articles.md index 8cb903c6e..96e9c7a9c 100644 --- a/docs/Articles.md +++ b/docs/Articles.md @@ -137,3 +137,4 @@ See also [case studies](https://docs.victoriametrics.com/CaseStudies.html). * [VictoriaMetrics Meetup December 2022](https://www.youtube.com/watch?v=Mesc6JBFNhQ). See also [slides for "VictoriaMetrics 2022: new features" talk](https://docs.google.com/presentation/d/1jI7XZoodmuzLymdu4MToG9onAKQjzCNwMO2NDupyUkQ/edit?usp=sharing). * [Comparing Thanos to VictoriaMetrics cluster](https://faun.pub/comparing-thanos-to-victoriametrics-cluster-b193bea1683) * [Evaluation performance and correctness: VictoriaMetrics response](https://valyala.medium.com/evaluating-performance-and-correctness-victoriametrics-response-e27315627e87) +* [How to reduce expenses on monitoring slides](https://www.slideshare.net/RomanKhavronenko/how-to-reduce-expenses-on-monitoringpdf) \ No newline at end of file From 33c17a5a2bc1cf7915cfbad4909b850a35c021e2 Mon Sep 17 00:00:00 2001 From: Github Actions <133988544+victoriametrics-bot@users.noreply.github.com> Date: Mon, 25 Sep 2023 18:42:05 +0800 Subject: [PATCH 03/73] Automatic update operator docs from VictoriaMetrics/operator@587ea54 (#5054) --- docs/operator/CHANGELOG.md | 1 + docs/operator/vars.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/operator/CHANGELOG.md b/docs/operator/CHANGELOG.md index 6341ddcbc..67d6c679f 100644 --- a/docs/operator/CHANGELOG.md +++ b/docs/operator/CHANGELOG.md @@ -9,6 +9,7 @@ ### Fixes - [vmcluster](https://docs.victoriametrics.com/operator/api.html#vmcluster): remove redundant annotation `operator.victoriametrics/last-applied-spec` from created workloads like vmstorage statefulset. +- [vmoperator](https://docs.victoriametrics.com/operator/): properly resize statefulset's multiple pvc when needed and allowable, before they could be updated with wrong size. ## [v0.38.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.38.0) - 11 Sep 2023 diff --git a/docs/operator/vars.md b/docs/operator/vars.md index edf6939e4..ca25c0ba9 100644 --- a/docs/operator/vars.md +++ b/docs/operator/vars.md @@ -10,7 +10,7 @@ aliases: - /operator/vars.html --- # Auto Generated vars for package config - updated at Thu Sep 21 10:01:40 UTC 2023 + updated at Mon Sep 25 08:27:49 UTC 2023 | varible name | variable default value | variable required | variable description | From ec50375991ac4fd4a3b014127c50f645c79396dd Mon Sep 17 00:00:00 2001 From: Roman Khavronenko Date: Mon, 25 Sep 2023 14:00:41 +0200 Subject: [PATCH 04/73] docs/changelog: add link to sandbox (#5050) Signed-off-by: hagen1778 --- docs/CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index d62de2cb3..a32ceb413 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -21,6 +21,10 @@ The following `tip` changes can be tested by building VictoriaMetrics components * [How to build vmauth](https://docs.victoriametrics.com/vmauth.html#how-to-build-from-sources) * [How to build vmctl](https://docs.victoriametrics.com/vmctl.html#how-to-build) +Metrics of the latest version of VictoriaMetrics cluster are available for viewing at our +[sandbox](https://play-grafana.victoriametrics.com/d/oS7Bi_0Wz_vm/victoriametrics-cluster-vm). +The sandbox cluster installation is running under the constant load generated by +[prometheus-benchmark](https://github.com/VictoriaMetrics/prometheus-benchmark) and used for testing latest releases. ## tip From 34d7a670d06be1b4bc4248563a0312bb4a6d178d Mon Sep 17 00:00:00 2001 From: Zakhar Bessarab Date: Mon, 25 Sep 2023 16:01:00 +0400 Subject: [PATCH 05/73] app/vmselect/promql: add implementation of median_over_time for rollup functions list (#5042) `median_over_time` is handled by predefined WITH template in MetricsQL library which translates it to `quantile_over_time(0.5)` This makes it impossble to use `median_over_time` as a usual rollup function for `aggr_over_time`. See: https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5034 Signed-off-by: Zakhar Bessarab --- app/vmselect/promql/rollup.go | 10 ++++++++-- docs/CHANGELOG.md | 1 + 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/app/vmselect/promql/rollup.go b/app/vmselect/promql/rollup.go index 2cf827344..cfbc03055 100644 --- a/app/vmselect/promql/rollup.go +++ b/app/vmselect/promql/rollup.go @@ -7,11 +7,12 @@ import ( "strings" "sync" + "github.com/VictoriaMetrics/metrics" + "github.com/VictoriaMetrics/metricsql" + "github.com/VictoriaMetrics/VictoriaMetrics/lib/decimal" "github.com/VictoriaMetrics/VictoriaMetrics/lib/logger" "github.com/VictoriaMetrics/VictoriaMetrics/lib/storage" - "github.com/VictoriaMetrics/metrics" - "github.com/VictoriaMetrics/metricsql" ) var minStalenessInterval = flag.Duration("search.minStalenessInterval", 0, "The minimum interval for staleness calculations. "+ @@ -125,6 +126,7 @@ var rollupAggrFuncs = map[string]rollupFunc{ "lifetime": rollupLifetime, "mad_over_time": rollupMAD, "max_over_time": rollupMax, + "median_over_time": rollupMedian, "min_over_time": rollupMin, "mode_over_time": rollupModeOverTime, "present_over_time": rollupPresent, @@ -1396,6 +1398,10 @@ func rollupMax(rfa *rollupFuncArg) float64 { return maxValue } +func rollupMedian(rfa *rollupFuncArg) float64 { + return quantile(0.5, rfa.values) +} + func rollupTmin(rfa *rollupFuncArg) float64 { // There is no need in handling NaNs here, since they must be cleaned up // before calling rollup funcs. diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index a32ceb413..eec787fa7 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -55,6 +55,7 @@ The sandbox cluster installation is running under the constant load generated by * BUGFIX: [VictoriaMetrics enterprise](https://docs.victoriametrics.com/enterprise.html) validate `-dedup.minScrapeInterval` value and `-downsampling.period` intervals are multiples of each other. See [these docs](https://docs.victoriametrics.com/#downsampling). * BUGFIX: [vmbackup](https://docs.victoriametrics.com/vmbackup.html): properly copy `appliedRetention.txt` files inside `<-storageDataPath>/{data}` folders during [incremental backups](https://docs.victoriametrics.com/vmbackup.html#incremental-backups). Previously the new `appliedRetention.txt` could be skipped during incremental backups, which could lead to increased load on storage after restoring from backup. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5005). * BUGFIX: [vmagent](https://docs.victoriametrics.com/vmagent.html): suppress `context canceled` error messages in logs when `vmagent` is reloading service discovery config. This error could appear starting from [v1.93.5](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.93.5). See [this PR](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5048). +* BUGFIX: [MetricsQL](https://docs.victoriametrics.com/MetricsQL.html): allow using `median_over_time` in [`aggr_over_time`](https://docs.victoriametrics.com/MetricsQL.html#aggr_over_time) [rollup function](https://docs.victoriametrics.com/MetricsQL.html#rollup-functions). See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5034). ## [v1.93.5](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.93.5) From a7401595415b33e68eefd6594f598037e388b52f Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Mon, 25 Sep 2023 15:28:10 +0200 Subject: [PATCH 06/73] app/vmselect/promql: completely substitute median_over_time() WITH template with regular median_over_time() rollup function This is a follow-up for 34d7a670d06be1b4bc4248563a0312bb4a6d178d Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5034 --- app/vmselect/promql/exec_test.go | 10 +++++----- app/vmselect/promql/rollup.go | 2 ++ docs/CHANGELOG.md | 2 +- go.mod | 2 +- go.sum | 4 ++-- vendor/github.com/VictoriaMetrics/metricsql/parser.go | 1 - vendor/github.com/VictoriaMetrics/metricsql/rollup.go | 1 + vendor/modules.txt | 2 +- 8 files changed, 13 insertions(+), 11 deletions(-) diff --git a/app/vmselect/promql/exec_test.go b/app/vmselect/promql/exec_test.go index 3290612a7..d7c01c666 100644 --- a/app/vmselect/promql/exec_test.go +++ b/app/vmselect/promql/exec_test.go @@ -7669,7 +7669,7 @@ func TestExecSuccess(t *testing.T) { }) t.Run(`aggr_over_time(multi-func)`, func(t *testing.T) { t.Parallel() - q := `sort(aggr_over_time(("min_over_time", "count_over_time", "max_over_time"), round(rand(0),0.1)[:10s]))` + q := `sort(aggr_over_time(("min_over_time", "median_over_time", "max_over_time"), round(rand(0),0.1)[:10s]))` r1 := netstorage.Result{ MetricName: metricNameExpected, Values: []float64{0, 0, 0, 0, 0, 0}, @@ -7681,21 +7681,21 @@ func TestExecSuccess(t *testing.T) { }} r2 := netstorage.Result{ MetricName: metricNameExpected, - Values: []float64{0.8, 0.9, 1, 0.9, 1, 0.9}, + Values: []float64{0.4, 0.5, 0.5, 0.75, 0.6, 0.45}, Timestamps: timestampsExpected, } r2.MetricName.Tags = []storage.Tag{{ Key: []byte("rollup"), - Value: []byte("max_over_time"), + Value: []byte("median_over_time"), }} r3 := netstorage.Result{ MetricName: metricNameExpected, - Values: []float64{20, 20, 20, 20, 20, 20}, + Values: []float64{0.8, 0.9, 1, 0.9, 1, 0.9}, Timestamps: timestampsExpected, } r3.MetricName.Tags = []storage.Tag{{ Key: []byte("rollup"), - Value: []byte("count_over_time"), + Value: []byte("max_over_time"), }} resultExpected := []netstorage.Result{r1, r2, r3} f(q, resultExpected) diff --git a/app/vmselect/promql/rollup.go b/app/vmselect/promql/rollup.go index cfbc03055..9f84f74a7 100644 --- a/app/vmselect/promql/rollup.go +++ b/app/vmselect/promql/rollup.go @@ -59,6 +59,7 @@ var rollupFuncs = map[string]newRollupFunc{ "lifetime": newRollupFuncOneArg(rollupLifetime), "mad_over_time": newRollupFuncOneArg(rollupMAD), "max_over_time": newRollupFuncOneArg(rollupMax), + "median_over_time": newRollupFuncOneArg(rollupMedian), "min_over_time": newRollupFuncOneArg(rollupMin), "mode_over_time": newRollupFuncOneArg(rollupModeOverTime), "predict_linear": newRollupPredictLinear, @@ -226,6 +227,7 @@ var rollupFuncsKeepMetricName = map[string]bool{ "holt_winters": true, "last_over_time": true, "max_over_time": true, + "median_over_time": true, "min_over_time": true, "mode_over_time": true, "predict_linear": true, diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index eec787fa7..0a2b2b9f2 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -55,7 +55,7 @@ The sandbox cluster installation is running under the constant load generated by * BUGFIX: [VictoriaMetrics enterprise](https://docs.victoriametrics.com/enterprise.html) validate `-dedup.minScrapeInterval` value and `-downsampling.period` intervals are multiples of each other. See [these docs](https://docs.victoriametrics.com/#downsampling). * BUGFIX: [vmbackup](https://docs.victoriametrics.com/vmbackup.html): properly copy `appliedRetention.txt` files inside `<-storageDataPath>/{data}` folders during [incremental backups](https://docs.victoriametrics.com/vmbackup.html#incremental-backups). Previously the new `appliedRetention.txt` could be skipped during incremental backups, which could lead to increased load on storage after restoring from backup. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5005). * BUGFIX: [vmagent](https://docs.victoriametrics.com/vmagent.html): suppress `context canceled` error messages in logs when `vmagent` is reloading service discovery config. This error could appear starting from [v1.93.5](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.93.5). See [this PR](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5048). -* BUGFIX: [MetricsQL](https://docs.victoriametrics.com/MetricsQL.html): allow using `median_over_time` in [`aggr_over_time`](https://docs.victoriametrics.com/MetricsQL.html#aggr_over_time) [rollup function](https://docs.victoriametrics.com/MetricsQL.html#rollup-functions). See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5034). +* BUGFIX: [MetricsQL](https://docs.victoriametrics.com/MetricsQL.html): allow passing [median_over_time](https://docs.victoriametrics.com/MetricsQL.html#median_over_time) to [aggr_over_time](https://docs.victoriametrics.com/MetricsQL.html#aggr_over_time). See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5034). ## [v1.93.5](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.93.5) diff --git a/go.mod b/go.mod index a6ee13e10..6d1a47169 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( // like https://github.com/valyala/fasthttp/commit/996610f021ff45fdc98c2ce7884d5fa4e7f9199b github.com/VictoriaMetrics/fasthttp v1.2.0 github.com/VictoriaMetrics/metrics v1.24.0 - github.com/VictoriaMetrics/metricsql v0.65.0 + github.com/VictoriaMetrics/metricsql v0.66.0 github.com/aws/aws-sdk-go-v2 v1.21.0 github.com/aws/aws-sdk-go-v2/config v1.18.39 github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.11.83 diff --git a/go.sum b/go.sum index 9bfe01c62..aebec4c96 100644 --- a/go.sum +++ b/go.sum @@ -70,8 +70,8 @@ github.com/VictoriaMetrics/fasthttp v1.2.0 h1:nd9Wng4DlNtaI27WlYh5mGXCJOmee/2c2b github.com/VictoriaMetrics/fasthttp v1.2.0/go.mod h1:zv5YSmasAoSyv8sBVexfArzFDIGGTN4TfCKAtAw7IfE= github.com/VictoriaMetrics/metrics v1.24.0 h1:ILavebReOjYctAGY5QU2F9X0MYvkcrG3aEn2RKa1Zkw= github.com/VictoriaMetrics/metrics v1.24.0/go.mod h1:eFT25kvsTidQFHb6U0oa0rTrDRdz4xTYjpL8+UPohys= -github.com/VictoriaMetrics/metricsql v0.65.0 h1:+/Oit3QycM8z/NbMHy4KENSUDS5q9QRx8h2x6cvoQOk= -github.com/VictoriaMetrics/metricsql v0.65.0/go.mod h1:k4UaP/+CjuZslIjd+kCigNG9TQmUqh5v0TP/nMEy90I= +github.com/VictoriaMetrics/metricsql v0.66.0 h1:2TaBEM7L5L67Ho65FdJVZ/qvjWmC/+f17nujL6dgtmE= +github.com/VictoriaMetrics/metricsql v0.66.0/go.mod h1:k4UaP/+CjuZslIjd+kCigNG9TQmUqh5v0TP/nMEy90I= github.com/VividCortex/ewma v1.2.0 h1:f58SaIzcDXrSy3kWaHNvuJgJ3Nmz59Zji6XoJR/q1ow= github.com/VividCortex/ewma v1.2.0/go.mod h1:nz4BbCtbLyFDeC9SUHbtcT5644juEuWfUAUnGx7j5l4= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= diff --git a/vendor/github.com/VictoriaMetrics/metricsql/parser.go b/vendor/github.com/VictoriaMetrics/metricsql/parser.go index c40876857..8458e5f71 100644 --- a/vendor/github.com/VictoriaMetrics/metricsql/parser.go +++ b/vendor/github.com/VictoriaMetrics/metricsql/parser.go @@ -55,7 +55,6 @@ func getDefaultWithArgExprs() []*withArgExpr { clamp_max(step()/300, 1) )`, - `median_over_time(m) = quantile_over_time(0.5, m)`, `range_median(q) = range_quantile(0.5, q)`, `alias(q, name) = label_set(q, "__name__", name)`, }) diff --git a/vendor/github.com/VictoriaMetrics/metricsql/rollup.go b/vendor/github.com/VictoriaMetrics/metricsql/rollup.go index da3204adc..99d8f56bc 100644 --- a/vendor/github.com/VictoriaMetrics/metricsql/rollup.go +++ b/vendor/github.com/VictoriaMetrics/metricsql/rollup.go @@ -44,6 +44,7 @@ var rollupFuncs = map[string]bool{ "lifetime": true, "mad_over_time": true, "max_over_time": true, + "median_over_time": true, "min_over_time": true, "mode_over_time": true, "predict_linear": true, diff --git a/vendor/modules.txt b/vendor/modules.txt index 7c406cb47..37d0db292 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -99,7 +99,7 @@ github.com/VictoriaMetrics/fasthttp/stackless # github.com/VictoriaMetrics/metrics v1.24.0 ## explicit; go 1.20 github.com/VictoriaMetrics/metrics -# github.com/VictoriaMetrics/metricsql v0.65.0 +# github.com/VictoriaMetrics/metricsql v0.66.0 ## explicit; go 1.13 github.com/VictoriaMetrics/metricsql github.com/VictoriaMetrics/metricsql/binaryop From 3b9605dba5a29d62bb68607e170b6db902482c78 Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Mon, 25 Sep 2023 16:14:14 +0200 Subject: [PATCH 07/73] app/vmselect/promql: do not sort `q1 or q2` results This makes sure that `q2` series are returned after `q1` series in the same way as Prometheus does See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4763 --- app/vmselect/promql/exec.go | 6 +++++ app/vmselect/promql/exec_test.go | 38 +++++++++++++++++++++++++++----- docs/CHANGELOG.md | 1 + 3 files changed, 40 insertions(+), 5 deletions(-) diff --git a/app/vmselect/promql/exec.go b/app/vmselect/promql/exec.go index acbaa59d5..ab14cb14c 100644 --- a/app/vmselect/promql/exec.go +++ b/app/vmselect/promql/exec.go @@ -111,6 +111,12 @@ func maySortResults(e metricsql.Expr) bool { "bottomk_max", "bottomk_min", "bottomk_avg", "bottomk_median", "bottomk_last": return false } + case *metricsql.BinaryOpExpr: + if strings.ToLower(v.Op) == "or" { + // Do not sort results for `a or b` in the same way as Prometheus does. + // See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4763 + return false + } } return true } diff --git a/app/vmselect/promql/exec_test.go b/app/vmselect/promql/exec_test.go index d7c01c666..2ae7b395a 100644 --- a/app/vmselect/promql/exec_test.go +++ b/app/vmselect/promql/exec_test.go @@ -8479,11 +8479,11 @@ func TestExecSuccess(t *testing.T) { }) t.Run(`result sorting`, func(t *testing.T) { t.Parallel() - q := `label_set(1, "instance", "localhost:1001", "type", "free") - or label_set(1, "instance", "localhost:1001", "type", "buffers") - or label_set(1, "instance", "localhost:1000", "type", "buffers") - or label_set(1, "instance", "localhost:1000", "type", "free") -` + q := `(label_set(1, "instance", "localhost:1001", "type", "free"), + label_set(1, "instance", "localhost:1001", "type", "buffers"), + label_set(1, "instance", "localhost:1000", "type", "buffers"), + label_set(1, "instance", "localhost:1000", "type", "free"), + )` r1 := netstorage.Result{ MetricName: metricNameExpected, Values: []float64{1, 1, 1, 1, 1, 1}, @@ -8515,6 +8515,34 @@ func TestExecSuccess(t *testing.T) { resultExpected := []netstorage.Result{r1, r2, r3, r4} f(q, resultExpected) }) + t.Run(`no_sorting_for_or`, func(t *testing.T) { + t.Parallel() + q := `label_set(2, "foo", "bar") or label_set(1, "foo", "baz")` + r1 := netstorage.Result{ + MetricName: metricNameExpected, + Values: []float64{2, 2, 2, 2, 2, 2}, + Timestamps: timestampsExpected, + } + r1.MetricName.Tags = []storage.Tag{ + { + Key: []byte("foo"), + Value: []byte("bar"), + }, + } + r2 := netstorage.Result{ + MetricName: metricNameExpected, + Values: []float64{1, 1, 1, 1, 1, 1}, + Timestamps: timestampsExpected, + } + r2.MetricName.Tags = []storage.Tag{ + { + Key: []byte("foo"), + Value: []byte("baz"), + }, + } + resultExpected := []netstorage.Result{r1, r2} + f(q, resultExpected) + }) t.Run(`sort_by_label_numeric(multiple_labels_only_string)`, func(t *testing.T) { t.Parallel() q := `sort_by_label_numeric(( diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 0a2b2b9f2..d204d463d 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -49,6 +49,7 @@ The sandbox cluster installation is running under the constant load generated by * FEATURE: [vmalert](https://docs.victoriametrics.com/vmalert.html): add `eval_offset` attribute for [Groups](https://docs.victoriametrics.com/vmalert.html#groups). If specified, Group will be evaluated at the exact time offset on the range of [0...evaluationInterval]. The setting might be useful for cron-like rules which must be evaluated at specific moments of time. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3409) for details. * FEATURE: [vmalert](https://docs.victoriametrics.com/vmalert.html): validate [MetricsQL](https://docs.victoriametrics.com/MetricsQL.html) function names in alerting and recording rules when `vmalert` runs with `-dryRun` command-line flag. Previously it was allowed to use unknown (aka invalid) MetricsQL function names there. For example, `foo()` was counted as a valid query. See [this feature request](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4933). * FEATURE: limit the length of string params in log messages to 500 chars. Longer string params are replaced with the `first_250_chars..last_250_chars`. This prevents from too long log lines, which can be emitted by VictoriaMetrics components. +* FEATURE: [MetricsQL](https://docs.victoriametrics.com/MetricsQL.html): make sure that `q2` series are returned after `q1` series in the results of `q1 or q2` query, in the same way as Prometheus does. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4763). * BUGFIX: [Official Grafana dashboards for VictoriaMetrics](https://grafana.com/orgs/victoriametrics): fix display of ingested rows rate for `Samples ingested/s` and `Samples rate` panels for vmagent's dasbhoard. Previously, not all ingested protocols were accounted in these panels. An extra panel `Rows rate` was added to `Ingestion` section to display the split for rows ingested rate by protocol. * BUGFIX: [vmui](https://docs.victoriametrics.com/#vmui): fix the bug causing render looping when switching to heatmap. From e453069dcd82ee51d655cedda8c3bfa7ed3b2cc2 Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Mon, 25 Sep 2023 16:15:58 +0200 Subject: [PATCH 08/73] app/vmselect/promql: run `make fmt` after 3b9605dba5a29d62bb68607e170b6db902482c78 --- app/vmselect/promql/exec_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/vmselect/promql/exec_test.go b/app/vmselect/promql/exec_test.go index 2ae7b395a..60430bdf1 100644 --- a/app/vmselect/promql/exec_test.go +++ b/app/vmselect/promql/exec_test.go @@ -8525,7 +8525,7 @@ func TestExecSuccess(t *testing.T) { } r1.MetricName.Tags = []storage.Tag{ { - Key: []byte("foo"), + Key: []byte("foo"), Value: []byte("bar"), }, } @@ -8536,7 +8536,7 @@ func TestExecSuccess(t *testing.T) { } r2.MetricName.Tags = []storage.Tag{ { - Key: []byte("foo"), + Key: []byte("foo"), Value: []byte("baz"), }, } From 717c53af27dfed0d6a2038466df8fb24b7d56157 Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Mon, 25 Sep 2023 16:52:37 +0200 Subject: [PATCH 09/73] lib/storage: stop exposing vm_merge_need_free_disk_space metric This metric confuses users and has no any useful information. See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/686#issuecomment-1733844128 --- README.md | 3 -- app/vmstorage/main.go | 5 ---- docs/CHANGELOG.md | 1 + docs/README.md | 3 -- docs/Single-server-VictoriaMetrics.md | 3 -- lib/storage/partition.go | 42 ++++++++------------------- lib/storage/partition_test.go | 24 ++------------- 7 files changed, 16 insertions(+), 65 deletions(-) diff --git a/README.md b/README.md index 769f87d60..8cc97172b 100644 --- a/README.md +++ b/README.md @@ -1937,9 +1937,6 @@ and [cardinality explorer docs](#cardinality-explorer). has at least 20% of free space. The remaining amount of free space can be [monitored](#monitoring) via `vm_free_disk_space_bytes` metric. The total size of data stored on the disk can be monitored via sum of `vm_data_size_bytes` metrics. - See also `vm_merge_need_free_disk_space` metrics, which are set to values higher than 0 - if background merge cannot be initiated due to free disk space shortage. The value shows the number of per-month partitions, - which would start background merge if they had more free disk space. * VictoriaMetrics buffers incoming data in memory for up to a few seconds before flushing it to persistent storage. This may lead to the following "issues": diff --git a/app/vmstorage/main.go b/app/vmstorage/main.go index f3be38ff9..e81e38825 100644 --- a/app/vmstorage/main.go +++ b/app/vmstorage/main.go @@ -585,11 +585,6 @@ func registerStorageMetrics(strg *storage.Storage) { return float64(idbm().ItemsAddedSizeBytes) }) - // See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/686 - metrics.NewGauge(`vm_merge_need_free_disk_space`, func() float64 { - return float64(tm().MergeNeedFreeDiskSpace) - }) - metrics.NewGauge(`vm_pending_rows{type="storage"}`, func() float64 { return float64(tm().PendingRows) }) diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index d204d463d..11b56de00 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -50,6 +50,7 @@ The sandbox cluster installation is running under the constant load generated by * FEATURE: [vmalert](https://docs.victoriametrics.com/vmalert.html): validate [MetricsQL](https://docs.victoriametrics.com/MetricsQL.html) function names in alerting and recording rules when `vmalert` runs with `-dryRun` command-line flag. Previously it was allowed to use unknown (aka invalid) MetricsQL function names there. For example, `foo()` was counted as a valid query. See [this feature request](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4933). * FEATURE: limit the length of string params in log messages to 500 chars. Longer string params are replaced with the `first_250_chars..last_250_chars`. This prevents from too long log lines, which can be emitted by VictoriaMetrics components. * FEATURE: [MetricsQL](https://docs.victoriametrics.com/MetricsQL.html): make sure that `q2` series are returned after `q1` series in the results of `q1 or q2` query, in the same way as Prometheus does. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4763). +* FEATURE: stop exposing `vm_merge_need_free_disk_space` metric, since it has been appeared that it confuses users while doesn't bring any useful information. See [this comment](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/686#issuecomment-1733844128). * BUGFIX: [Official Grafana dashboards for VictoriaMetrics](https://grafana.com/orgs/victoriametrics): fix display of ingested rows rate for `Samples ingested/s` and `Samples rate` panels for vmagent's dasbhoard. Previously, not all ingested protocols were accounted in these panels. An extra panel `Rows rate` was added to `Ingestion` section to display the split for rows ingested rate by protocol. * BUGFIX: [vmui](https://docs.victoriametrics.com/#vmui): fix the bug causing render looping when switching to heatmap. diff --git a/docs/README.md b/docs/README.md index 169780f44..11662b275 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1940,9 +1940,6 @@ and [cardinality explorer docs](#cardinality-explorer). has at least 20% of free space. The remaining amount of free space can be [monitored](#monitoring) via `vm_free_disk_space_bytes` metric. The total size of data stored on the disk can be monitored via sum of `vm_data_size_bytes` metrics. - See also `vm_merge_need_free_disk_space` metrics, which are set to values higher than 0 - if background merge cannot be initiated due to free disk space shortage. The value shows the number of per-month partitions, - which would start background merge if they had more free disk space. * VictoriaMetrics buffers incoming data in memory for up to a few seconds before flushing it to persistent storage. This may lead to the following "issues": diff --git a/docs/Single-server-VictoriaMetrics.md b/docs/Single-server-VictoriaMetrics.md index 3a9179479..94201fedf 100644 --- a/docs/Single-server-VictoriaMetrics.md +++ b/docs/Single-server-VictoriaMetrics.md @@ -1948,9 +1948,6 @@ and [cardinality explorer docs](#cardinality-explorer). has at least 20% of free space. The remaining amount of free space can be [monitored](#monitoring) via `vm_free_disk_space_bytes` metric. The total size of data stored on the disk can be monitored via sum of `vm_data_size_bytes` metrics. - See also `vm_merge_need_free_disk_space` metrics, which are set to values higher than 0 - if background merge cannot be initiated due to free disk space shortage. The value shows the number of per-month partitions, - which would start background merge if they had more free disk space. * VictoriaMetrics buffers incoming data in memory for up to a few seconds before flushing it to persistent storage. This may lead to the following "issues": diff --git a/lib/storage/partition.go b/lib/storage/partition.go index ddad2b67d..f13bd3fcf 100644 --- a/lib/storage/partition.go +++ b/lib/storage/partition.go @@ -119,8 +119,6 @@ type partition struct { inmemoryAssistedMerges uint64 smallAssistedMerges uint64 - mergeNeedFreeDiskSpace uint64 - mergeIdx uint64 smallPartsPath string @@ -354,8 +352,6 @@ type partitionMetrics struct { InmemoryAssistedMerges uint64 SmallAssistedMerges uint64 - - MergeNeedFreeDiskSpace uint64 } // TotalRowsCount returns total number of rows in tm. @@ -421,8 +417,6 @@ func (pt *partition) UpdateMetrics(m *partitionMetrics) { m.InmemoryAssistedMerges += atomic.LoadUint64(&pt.inmemoryAssistedMerges) m.SmallAssistedMerges += atomic.LoadUint64(&pt.smallAssistedMerges) - - m.MergeNeedFreeDiskSpace += atomic.LoadUint64(&pt.mergeNeedFreeDiskSpace) } // AddRows adds the given rows to the partition pt. @@ -1146,10 +1140,9 @@ func (pt *partition) mergeInmemoryParts() error { maxOutBytes := pt.getMaxBigPartSize() pt.partsLock.Lock() - pws, needFreeSpace := getPartsToMerge(pt.inmemoryParts, maxOutBytes, false) + pws := getPartsToMerge(pt.inmemoryParts, maxOutBytes, false) pt.partsLock.Unlock() - atomicSetBool(&pt.mergeNeedFreeDiskSpace, needFreeSpace) return pt.mergeParts(pws, pt.stopCh, false) } @@ -1166,10 +1159,9 @@ func (pt *partition) mergeExistingParts(isFinal bool) error { dst = append(dst, pt.inmemoryParts...) dst = append(dst, pt.smallParts...) dst = append(dst, pt.bigParts...) - pws, needFreeSpace := getPartsToMerge(dst, maxOutBytes, isFinal) + pws := getPartsToMerge(dst, maxOutBytes, isFinal) pt.partsLock.Unlock() - atomicSetBool(&pt.mergeNeedFreeDiskSpace, needFreeSpace) return pt.mergeParts(pws, pt.stopCh, isFinal) } @@ -1629,8 +1621,7 @@ func (pt *partition) removeStaleParts() { // getPartsToMerge returns optimal parts to merge from pws. // // The summary size of the returned parts must be smaller than maxOutBytes. -// The function returns true if pws contains parts, which cannot be merged because of maxOutBytes limit. -func getPartsToMerge(pws []*partWrapper, maxOutBytes uint64, isFinal bool) ([]*partWrapper, bool) { +func getPartsToMerge(pws []*partWrapper, maxOutBytes uint64, isFinal bool) []*partWrapper { pwsRemaining := make([]*partWrapper, 0, len(pws)) for _, pw := range pws { if !pw.isInMerge { @@ -1639,14 +1630,13 @@ func getPartsToMerge(pws []*partWrapper, maxOutBytes uint64, isFinal bool) ([]*p } maxPartsToMerge := defaultPartsToMerge var pms []*partWrapper - needFreeSpace := false if isFinal { for len(pms) == 0 && maxPartsToMerge >= finalPartsToMerge { - pms, needFreeSpace = appendPartsToMerge(pms[:0], pwsRemaining, maxPartsToMerge, maxOutBytes) + pms = appendPartsToMerge(pms[:0], pwsRemaining, maxPartsToMerge, maxOutBytes) maxPartsToMerge-- } } else { - pms, needFreeSpace = appendPartsToMerge(pms[:0], pwsRemaining, maxPartsToMerge, maxOutBytes) + pms = appendPartsToMerge(pms[:0], pwsRemaining, maxPartsToMerge, maxOutBytes) } for _, pw := range pms { if pw.isInMerge { @@ -1654,7 +1644,7 @@ func getPartsToMerge(pws []*partWrapper, maxOutBytes uint64, isFinal bool) ([]*p } pw.isInMerge = true } - return pms, needFreeSpace + return pms } // minMergeMultiplier is the minimum multiplier for the size of the output part @@ -1665,13 +1655,11 @@ func getPartsToMerge(pws []*partWrapper, maxOutBytes uint64, isFinal bool) ([]*p // The 1.7 is good enough for production workloads. const minMergeMultiplier = 1.7 -// appendPartsToMerge finds optimal parts to merge from src, appends -// them to dst and returns the result. -// The function returns true if src contains parts, which cannot be merged because of maxOutBytes limit. -func appendPartsToMerge(dst, src []*partWrapper, maxPartsToMerge int, maxOutBytes uint64) ([]*partWrapper, bool) { +// appendPartsToMerge finds optimal parts to merge from src, appends them to dst and returns the result. +func appendPartsToMerge(dst, src []*partWrapper, maxPartsToMerge int, maxOutBytes uint64) []*partWrapper { if len(src) < 2 { // There is no need in merging zero or one part :) - return dst, false + return dst } if maxPartsToMerge < 2 { logger.Panicf("BUG: maxPartsToMerge cannot be smaller than 2; got %d", maxPartsToMerge) @@ -1679,18 +1667,15 @@ func appendPartsToMerge(dst, src []*partWrapper, maxPartsToMerge int, maxOutByte // Filter out too big parts. // This should reduce N for O(N^2) algorithm below. - skippedBigParts := 0 maxInPartBytes := uint64(float64(maxOutBytes) / minMergeMultiplier) tmp := make([]*partWrapper, 0, len(src)) for _, pw := range src { if pw.p.size > maxInPartBytes { - skippedBigParts++ continue } tmp = append(tmp, pw) } src = tmp - needFreeSpace := skippedBigParts > 1 sortPartsForOptimalMerge(src) @@ -1709,15 +1694,12 @@ func appendPartsToMerge(dst, src []*partWrapper, maxPartsToMerge int, maxOutByte for i := minSrcParts; i <= maxSrcParts; i++ { for j := 0; j <= len(src)-i; j++ { a := src[j : j+i] - outSize := getPartsSize(a) - if outSize > maxOutBytes { - needFreeSpace = true - } if a[0].p.size*uint64(len(a)) < a[len(a)-1].p.size { // Do not merge parts with too big difference in size, // since this results in unbalanced merges. continue } + outSize := getPartsSize(a) if outSize > maxOutBytes { // There is no need in verifying remaining parts with bigger sizes. break @@ -1738,9 +1720,9 @@ func appendPartsToMerge(dst, src []*partWrapper, maxPartsToMerge int, maxOutByte if maxM < minM { // There is no sense in merging parts with too small m, // since this leads to high disk write IO. - return dst, needFreeSpace + return dst } - return append(dst, pws...), needFreeSpace + return append(dst, pws...) } func sortPartsForOptimalMerge(pws []*partWrapper) { diff --git a/lib/storage/partition_test.go b/lib/storage/partition_test.go index 931ada012..2643347a5 100644 --- a/lib/storage/partition_test.go +++ b/lib/storage/partition_test.go @@ -34,24 +34,6 @@ func TestAppendPartsToMerge(t *testing.T) { testAppendPartsToMerge(t, 3, []uint64{11, 1, 10, 100, 10}, []uint64{10, 10, 11}) } -func TestAppendPartsToMergeNeedFreeSpace(t *testing.T) { - f := func(sizes []uint64, maxOutBytes int, expectedNeedFreeSpace bool) { - t.Helper() - pws := newTestPartWrappersForSizes(sizes) - _, needFreeSpace := appendPartsToMerge(nil, pws, defaultPartsToMerge, uint64(maxOutBytes)) - if needFreeSpace != expectedNeedFreeSpace { - t.Fatalf("unexpected needFreeSpace; got %v; want %v", needFreeSpace, expectedNeedFreeSpace) - } - } - f(nil, 1000, false) - f([]uint64{1000}, 100, false) - f([]uint64{1000}, 1100, false) - f([]uint64{120, 200}, 180, true) - f([]uint64{100, 200}, 310, false) - f([]uint64{100, 110, 109, 1}, 300, true) - f([]uint64{100, 110, 109, 1}, 330, false) -} - func TestAppendPartsToMergeManyParts(t *testing.T) { // Verify that big number of parts are merged into minimal number of parts // using minimum merges. @@ -69,7 +51,7 @@ func TestAppendPartsToMergeManyParts(t *testing.T) { iterationsCount := 0 sizeMergedTotal := uint64(0) for { - pms, _ := appendPartsToMerge(nil, pws, defaultPartsToMerge, maxOutSize) + pms := appendPartsToMerge(nil, pws, defaultPartsToMerge, maxOutSize) if len(pms) == 0 { break } @@ -118,7 +100,7 @@ func testAppendPartsToMerge(t *testing.T, maxPartsToMerge int, initialSizes, exp pws := newTestPartWrappersForSizes(initialSizes) // Verify appending to nil. - pms, _ := appendPartsToMerge(nil, pws, maxPartsToMerge, 1e9) + pms := appendPartsToMerge(nil, pws, maxPartsToMerge, 1e9) sizes := newTestSizesFromPartWrappers(pms) if !reflect.DeepEqual(sizes, expectedSizes) { t.Fatalf("unexpected size for maxPartsToMerge=%d, initialSizes=%d; got\n%d; want\n%d", @@ -135,7 +117,7 @@ func testAppendPartsToMerge(t *testing.T, maxPartsToMerge int, initialSizes, exp {}, {}, } - pms, _ = appendPartsToMerge(prefix, pws, maxPartsToMerge, 1e9) + pms = appendPartsToMerge(prefix, pws, maxPartsToMerge, 1e9) if !reflect.DeepEqual(pms[:len(prefix)], prefix) { t.Fatalf("unexpected prefix for maxPartsToMerge=%d, initialSizes=%d; got\n%+v; want\n%+v", maxPartsToMerge, initialSizes, pms[:len(prefix)], prefix) From 15dfd94f3b42511f391d616ed0fae4a6fe6a346b Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Mon, 25 Sep 2023 17:15:43 +0200 Subject: [PATCH 10/73] lib/storage: make it clear that the number of big merge workers always equals to 4 See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4915#issuecomment-1733922830 --- lib/storage/partition.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/storage/partition.go b/lib/storage/partition.go index f13bd3fcf..b30ce098d 100644 --- a/lib/storage/partition.go +++ b/lib/storage/partition.go @@ -1113,7 +1113,9 @@ func (pt *partition) getMaxSmallPartSize() uint64 { } func (pt *partition) getMaxBigPartSize() uint64 { - workersCount := getDefaultMergeConcurrency(4) + // Always use 4 workers for big merges due to historical reasons. + // See https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4915#issuecomment-1733922830 + workersCount := 4 return getMaxOutBytes(pt.bigPartsPath, workersCount) } From 8e722e10ee73506e2a4c761ccd80aaeacb380563 Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Mon, 25 Sep 2023 17:33:58 +0200 Subject: [PATCH 11/73] docs/CaseStudies.md: add Criteo case study This is a follow-up for bdbe6164087cdd76b9c1ee2c9aab43d74f2d137f See https://medium.com/criteo-engineering/victoriametrics-a-prometheus-remote-storage-solution-57081a3d8e61 --- README.md | 1 + docs/CaseStudies.md | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/README.md b/README.md index 8cc97172b..8d560f75d 100644 --- a/README.md +++ b/README.md @@ -110,6 +110,7 @@ Case studies: * [Brandwatch](https://docs.victoriametrics.com/CaseStudies.html#brandwatch) * [CERN](https://docs.victoriametrics.com/CaseStudies.html#cern) * [COLOPL](https://docs.victoriametrics.com/CaseStudies.html#colopl) +* [Criteo](https://docs.victoriametrics.com/CaseStudies.html#criteo) * [Dig Security](https://docs.victoriametrics.com/CaseStudies.html#dig-security) * [Fly.io](https://docs.victoriametrics.com/CaseStudies.html#flyio) * [German Research Center for Artificial Intelligence](https://docs.victoriametrics.com/CaseStudies.html#german-research-center-for-artificial-intelligence) diff --git a/docs/CaseStudies.md b/docs/CaseStudies.md index 3ab0d3279..0e94fdd2b 100644 --- a/docs/CaseStudies.md +++ b/docs/CaseStudies.md @@ -23,6 +23,7 @@ where you can chat with VictoriaMetrics users to get additional references, revi - [Brandwatch](#brandwatch) - [CERN](#cern) - [COLOPL](#colopl) + - [Criteo](#criteo) - [Dig Security](#dig-security) - [Fly.io](#flyio) - [German Research Center for Artificial Intelligence](#german-research-center-for-artificial-intelligence) @@ -242,6 +243,13 @@ after evaulating the following remote storage solutions for Prometheus: See [slides](https://speakerdeck.com/inletorder/monitoring-platform-with-victoria-metrics) and [video](https://www.youtube.com/watch?v=hUpHIluxw80) from `Large-scale, super-load system monitoring platform built with VictoriaMetrics` talk at [Prometheus Meetup Tokyo #3](https://prometheus.connpass.com/event/157721/). +## Criteo + +[Criteo](https://www.criteo.com/) is a global technology company that helps marketers and media owners reach their goals through the world’s leading Commerce Media Platform. + +See [this blog post](https://medium.com/criteo-engineering/victoriametrics-a-prometheus-remote-storage-solution-57081a3d8e61) on how Criteo started using VictoriaMetrics +and why they prefer VictoriaMetrics over competing solutions. + ## Dig Security [Dig Security](https://www.dig.security) is a cloud data security startup with 50+ employees that provides real-time visibility, control, and protection of data assets. From 89a5e272161289eeee727350be3eeea09ab80eca Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Mon, 25 Sep 2023 17:35:29 +0200 Subject: [PATCH 12/73] docs: run `make docs-sync` after 8e722e10ee73506e2a4c761ccd80aaeacb380563 --- docs/README.md | 1 + docs/Single-server-VictoriaMetrics.md | 1 + 2 files changed, 2 insertions(+) diff --git a/docs/README.md b/docs/README.md index 11662b275..129d651e8 100644 --- a/docs/README.md +++ b/docs/README.md @@ -113,6 +113,7 @@ Case studies: * [Brandwatch](https://docs.victoriametrics.com/CaseStudies.html#brandwatch) * [CERN](https://docs.victoriametrics.com/CaseStudies.html#cern) * [COLOPL](https://docs.victoriametrics.com/CaseStudies.html#colopl) +* [Criteo](https://docs.victoriametrics.com/CaseStudies.html#criteo) * [Dig Security](https://docs.victoriametrics.com/CaseStudies.html#dig-security) * [Fly.io](https://docs.victoriametrics.com/CaseStudies.html#flyio) * [German Research Center for Artificial Intelligence](https://docs.victoriametrics.com/CaseStudies.html#german-research-center-for-artificial-intelligence) diff --git a/docs/Single-server-VictoriaMetrics.md b/docs/Single-server-VictoriaMetrics.md index 94201fedf..4603ffc52 100644 --- a/docs/Single-server-VictoriaMetrics.md +++ b/docs/Single-server-VictoriaMetrics.md @@ -121,6 +121,7 @@ Case studies: * [Brandwatch](https://docs.victoriametrics.com/CaseStudies.html#brandwatch) * [CERN](https://docs.victoriametrics.com/CaseStudies.html#cern) * [COLOPL](https://docs.victoriametrics.com/CaseStudies.html#colopl) +* [Criteo](https://docs.victoriametrics.com/CaseStudies.html#criteo) * [Dig Security](https://docs.victoriametrics.com/CaseStudies.html#dig-security) * [Fly.io](https://docs.victoriametrics.com/CaseStudies.html#flyio) * [German Research Center for Artificial Intelligence](https://docs.victoriametrics.com/CaseStudies.html#german-research-center-for-artificial-intelligence) From 223ef9619873906a7ae3951b1e65bb3360ce052f Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Mon, 25 Sep 2023 17:37:24 +0200 Subject: [PATCH 13/73] lib/storage: remove unused atomicSetBool function after 717c53af27dfed0d6a2038466df8fb24b7d56157 --- lib/storage/partition.go | 8 -------- 1 file changed, 8 deletions(-) diff --git a/lib/storage/partition.go b/lib/storage/partition.go index b30ce098d..c9d7860c1 100644 --- a/lib/storage/partition.go +++ b/lib/storage/partition.go @@ -1180,14 +1180,6 @@ func (pt *partition) releasePartsToMerge(pws []*partWrapper) { var errNothingToMerge = fmt.Errorf("nothing to merge") -func atomicSetBool(p *uint64, b bool) { - v := uint64(0) - if b { - v = 1 - } - atomic.StoreUint64(p, v) -} - func (pt *partition) runFinalDedup() error { requiredDedupInterval, actualDedupInterval := pt.getRequiredDedupInterval() t := time.Now() From f897d5241d4651bb4109ad5c9a94b8a2d96ec96b Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Mon, 25 Sep 2023 17:42:16 +0200 Subject: [PATCH 14/73] docs/vmagent.md: make VictoriaMetrics remove_write protocol more visible by mentioning it at the top of the page --- app/vmagent/README.md | 3 ++- docs/vmagent.md | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/vmagent/README.md b/app/vmagent/README.md index aafd707d0..7f9fd0b8a 100644 --- a/app/vmagent/README.md +++ b/app/vmagent/README.md @@ -3,7 +3,8 @@ `vmagent` is a tiny agent which helps you collect metrics from various sources, [relabel and filter the collected metrics](#relabeling) and store them in [VictoriaMetrics](https://github.com/VictoriaMetrics/VictoriaMetrics) -or any other storage systems via Prometheus `remote_write` protocol. +or any other storage systems via Prometheus `remote_write` protocol +or via [VictoriaMetrics `remote_write` protocol](#victoriametrics-remote-write-protocol). See [Quick Start](#quick-start) for details. diff --git a/docs/vmagent.md b/docs/vmagent.md index 0e918cc38..0ab5d9514 100644 --- a/docs/vmagent.md +++ b/docs/vmagent.md @@ -14,7 +14,8 @@ aliases: `vmagent` is a tiny agent which helps you collect metrics from various sources, [relabel and filter the collected metrics](#relabeling) and store them in [VictoriaMetrics](https://github.com/VictoriaMetrics/VictoriaMetrics) -or any other storage systems via Prometheus `remote_write` protocol. +or any other storage systems via Prometheus `remote_write` protocol +or via [VictoriaMetrics `remote_write` protocol](#victoriametrics-remote-write-protocol). See [Quick Start](#quick-start) for details. From 4d1b572f4699a13f8fd8f41d55a06947cbed2da8 Mon Sep 17 00:00:00 2001 From: Roman Khavronenko Date: Tue, 26 Sep 2023 10:50:10 +0200 Subject: [PATCH 15/73] Docker add vmauth (#5057) * docker-compose: add vmauth to cluster env vmauth acts as a balancer and used as an example of how to interconnect VM components via vmauth. Signed-off-by: hagen1778 * docker-compose: add vmauth to cluster env vmauth acts as a balancer and used as an example of how to interconnect VM components via vmauth. Signed-off-by: hagen1778 --------- Signed-off-by: hagen1778 Co-authored-by: Nikolay --- app/vmauth/README.md | 1 + deployment/docker/README.md | 31 +++++++--- deployment/docker/auth-cluster.yml | 6 ++ deployment/docker/docker-compose-cluster.yml | 59 +++++++++++++++---- deployment/docker/prometheus-cluster.yml | 2 +- .../provisioning/datasources/datasource.yml | 2 +- docs/CHANGELOG.md | 1 + docs/vmauth.md | 1 + 8 files changed, 79 insertions(+), 24 deletions(-) create mode 100644 deployment/docker/auth-cluster.yml diff --git a/app/vmauth/README.md b/app/vmauth/README.md index 610462412..71a627e01 100644 --- a/app/vmauth/README.md +++ b/app/vmauth/README.md @@ -25,6 +25,7 @@ The auth config can be reloaded via the following ways: and apply new changes every 5 seconds. Docker images for `vmauth` are available [here](https://hub.docker.com/r/victoriametrics/vmauth/tags). +See how `vmauth` used in [docker-compose env](https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/deployment/docker/README.md#victoriametrics-cluster). Pass `-help` to `vmauth` in order to see all the supported command-line flags with their descriptions. diff --git a/deployment/docker/README.md b/deployment/docker/README.md index ed9364557..fe368e880 100644 --- a/deployment/docker/README.md +++ b/deployment/docker/README.md @@ -42,30 +42,36 @@ The communication scheme between components is the following: and recording rules back to it; * [alertmanager](#alertmanager) is configured to receive notifications from `vmalert`. -To access `vmalert` use link [http://localhost:8428/vmalert](http://localhost:8428/vmalert/). +To access Grafana use link [http://localhost:3000](http://localhost:3000). To access [vmui](https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html#vmui) use link [http://localhost:8428/vmui](http://localhost:8428/vmui). +To access `vmalert` use link [http://localhost:8428/vmalert](http://localhost:8428/vmalert/). + + ## VictoriaMetrics cluster VictoriaMetrics cluster environment consists of `vminsert`, `vmstorage` and `vmselect` components. -`vmselect` has exposed port `:8481`, `vminsert` has exposed port `:8480` and the rest of components -are available only inside the environment. +`vminsert` has exposed port `:8480`, access to `vmselect` components goes through `vmauth` on port `:8427`, +and the rest of components are available only inside the environment. The communication scheme between components is the following: * [vmagent](#vmagent) sends scraped metrics to `vminsert`; * `vminsert` forwards data to `vmstorage`; -* `vmselect` is connected to `vmstorage` for querying data; -* [grafana](#grafana) is configured with datasource pointing to `vmselect`; -* [vmalert](#vmalert) is configured to query `vmselect` and send alerts state +* `vmselect`s are connected to `vmstorage` for querying data; +* [vmauth](#vmauth) balances incoming read requests among `vmselect`s; +* [grafana](#grafana) is configured with datasource pointing to `vmauth`; +* [vmalert](#vmalert) is configured to query `vmselect`s via `vmauth` and send alerts state and recording rules to `vminsert`; * [alertmanager](#alertmanager) is configured to receive notifications from `vmalert`. -To access `vmalert` use link [http://localhost:8481/select/0/prometheus/vmalert](http://localhost:8481/select/0/prometheus/vmalert/). +To access Grafana use link [http://localhost:3000](http://localhost:3000). -To access [vmui](https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html#vmui) -use link [http://localhost:8481/select/0/prometheus/vmui](http://localhost:8481/select/0/prometheus/vmui). +To access [vmui](https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html#vmui) +use link [http://localhost:8427/select/0/prometheus/vmui/](http://localhost:8427/select/0/prometheus/vmui/). + +To access `vmalert` use link [http://localhost:8427/select/0/prometheus/vmalert/](http://localhost:8427/select/0/prometheus/vmalert/). ## vmagent @@ -75,6 +81,13 @@ with listed targets for scraping. [Web interface link](http://localhost:8429/). +## vmauth + +[vmauth](https://docs.victoriametrics.com/vmauth.html) acts as a [balancer](https://docs.victoriametrics.com/vmauth.html#load-balancing) +to spread the load across `vmselect`'s. [Grafana](#grafana) and [vmalert](#vmalert) use vmauth for read queries. +vmauth config is available [here](ttps://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/deployment/docker/auth-cluster.yml) + + ## vmalert vmalert evaluates alerting rules [alerts.yml](https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/deployment/docker/alerts.yml) diff --git a/deployment/docker/auth-cluster.yml b/deployment/docker/auth-cluster.yml new file mode 100644 index 000000000..820fa0f40 --- /dev/null +++ b/deployment/docker/auth-cluster.yml @@ -0,0 +1,6 @@ +# balance load among vmselects +# see https://docs.victoriametrics.com/vmauth.html#load-balancing +unauthorized_user: + url_prefix: + - http://vmselect-1:8481 + - http://vmselect-2:8481 \ No newline at end of file diff --git a/deployment/docker/docker-compose-cluster.yml b/deployment/docker/docker-compose-cluster.yml index 307765cad..35945cf1c 100644 --- a/deployment/docker/docker-compose-cluster.yml +++ b/deployment/docker/docker-compose-cluster.yml @@ -2,7 +2,7 @@ version: '3.5' services: vmagent: container_name: vmagent - image: victoriametrics/vmagent:v1.93.4 + image: victoriametrics/vmagent:v1.93.5 depends_on: - "vminsert" ports: @@ -19,7 +19,8 @@ services: container_name: grafana image: grafana/grafana:9.2.7 depends_on: - - "vmselect" + - "vmselect-1" + - "vmselect-2" ports: - 3000:3000 restart: always @@ -32,7 +33,7 @@ services: vmstorage-1: container_name: vmstorage-1 - image: victoriametrics/vmstorage:v1.93.4-cluster + image: victoriametrics/vmstorage:v1.93.5-cluster ports: - 8482 - 8400 @@ -44,7 +45,7 @@ services: restart: always vmstorage-2: container_name: vmstorage-2 - image: victoriametrics/vmstorage:v1.93.4-cluster + image: victoriametrics/vmstorage:v1.93.5-cluster ports: - 8482 - 8400 @@ -54,9 +55,10 @@ services: command: - '--storageDataPath=/storage' restart: always + vminsert: container_name: vminsert - image: victoriametrics/vminsert:v1.93.4-cluster + image: victoriametrics/vminsert:v1.93.5-cluster depends_on: - "vmstorage-1" - "vmstorage-2" @@ -66,9 +68,10 @@ services: ports: - 8480:8480 restart: always - vmselect: - container_name: vmselect - image: victoriametrics/vmselect:v1.93.4-cluster + + vmselect-1: + container_name: vmselect-1 + image: victoriametrics/vmselect:v1.93.5-cluster depends_on: - "vmstorage-1" - "vmstorage-2" @@ -77,14 +80,44 @@ services: - '--storageNode=vmstorage-2:8401' - '--vmalert.proxyURL=http://vmalert:8880' ports: - - 8481:8481 + - 8481 + restart: always + + vmselect-2: + container_name: vmselect-2 + image: victoriametrics/vmselect:v1.93.5-cluster + depends_on: + - "vmstorage-1" + - "vmstorage-2" + command: + - '--storageNode=vmstorage-1:8401' + - '--storageNode=vmstorage-2:8401' + - '--vmalert.proxyURL=http://vmalert:8880' + ports: + - 8481 + restart: always + + vmauth: + container_name: vmauth + image: victoriametrics/vmauth:v1.93.5 + depends_on: + - "vmselect-1" + - "vmselect-2" + volumes: + - ./auth-cluster.yml:/etc/auth.yml +# - /var/run/docker.sock:/var/run/docker.sock + command: + - '--auth.config=/etc/auth.yml' + ports: + - 8427:8427 restart: always vmalert: container_name: vmalert - image: victoriametrics/vmalert:v1.93.4 + image: victoriametrics/vmalert:v1.93.5 depends_on: - - "vmselect" + - "vmselect-1" + - "vmselect-2" ports: - 8880:8880 volumes: @@ -93,8 +126,8 @@ services: - ./alerts-vmagent.yml:/etc/alerts/alerts-vmagent.yml - ./alerts-vmalert.yml:/etc/alerts/alerts-vmalert.yml command: - - '--datasource.url=http://vmselect:8481/select/0/prometheus' - - '--remoteRead.url=http://vmselect:8481/select/0/prometheus' + - '--datasource.url=http://vmauth:8427/select/0/prometheus' + - '--remoteRead.url=http://vmauth:8427/select/0/prometheus' - '--remoteWrite.url=http://vminsert:8480/insert/0/prometheus' - '--notifier.url=http://alertmanager:9093/' - '--rule=/etc/alerts/*.yml' diff --git a/deployment/docker/prometheus-cluster.yml b/deployment/docker/prometheus-cluster.yml index 32336929b..e765b0860 100644 --- a/deployment/docker/prometheus-cluster.yml +++ b/deployment/docker/prometheus-cluster.yml @@ -13,7 +13,7 @@ scrape_configs: - targets: ['vminsert:8480'] - job_name: 'vmselect' static_configs: - - targets: ['vmselect:8481'] + - targets: ['vmselect-1:8481', 'vmselect-2:8481'] - job_name: 'vmstorage' static_configs: - targets: ['vmstorage-1:8482', 'vmstorage-2:8482'] \ No newline at end of file diff --git a/deployment/docker/provisioning/datasources/datasource.yml b/deployment/docker/provisioning/datasources/datasource.yml index e16c273c4..c0a7a20c9 100644 --- a/deployment/docker/provisioning/datasources/datasource.yml +++ b/deployment/docker/provisioning/datasources/datasource.yml @@ -10,5 +10,5 @@ datasources: - name: VictoriaMetrics - cluster type: prometheus access: proxy - url: http://vmselect:8481/select/0/prometheus + url: http://vmauth:8427/select/0/prometheus isDefault: false \ No newline at end of file diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 11b56de00..ed800d3e3 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -49,6 +49,7 @@ The sandbox cluster installation is running under the constant load generated by * FEATURE: [vmalert](https://docs.victoriametrics.com/vmalert.html): add `eval_offset` attribute for [Groups](https://docs.victoriametrics.com/vmalert.html#groups). If specified, Group will be evaluated at the exact time offset on the range of [0...evaluationInterval]. The setting might be useful for cron-like rules which must be evaluated at specific moments of time. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3409) for details. * FEATURE: [vmalert](https://docs.victoriametrics.com/vmalert.html): validate [MetricsQL](https://docs.victoriametrics.com/MetricsQL.html) function names in alerting and recording rules when `vmalert` runs with `-dryRun` command-line flag. Previously it was allowed to use unknown (aka invalid) MetricsQL function names there. For example, `foo()` was counted as a valid query. See [this feature request](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4933). * FEATURE: limit the length of string params in log messages to 500 chars. Longer string params are replaced with the `first_250_chars..last_250_chars`. This prevents from too long log lines, which can be emitted by VictoriaMetrics components. +* FEATURE: [docker compose environment](https://github.com/VictoriaMetrics/VictoriaMetrics/tree/master/deployment/docker): add `vmauth` component to cluster's docker-compose example for balancing load among multiple `vmselect` components. * FEATURE: [MetricsQL](https://docs.victoriametrics.com/MetricsQL.html): make sure that `q2` series are returned after `q1` series in the results of `q1 or q2` query, in the same way as Prometheus does. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4763). * FEATURE: stop exposing `vm_merge_need_free_disk_space` metric, since it has been appeared that it confuses users while doesn't bring any useful information. See [this comment](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/686#issuecomment-1733844128). diff --git a/docs/vmauth.md b/docs/vmauth.md index d6e631a7f..65e8d929c 100644 --- a/docs/vmauth.md +++ b/docs/vmauth.md @@ -36,6 +36,7 @@ The auth config can be reloaded via the following ways: and apply new changes every 5 seconds. Docker images for `vmauth` are available [here](https://hub.docker.com/r/victoriametrics/vmauth/tags). +See how `vmauth` used in [docker-compose env](https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/deployment/docker/README.md#victoriametrics-cluster). Pass `-help` to `vmauth` in order to see all the supported command-line flags with their descriptions. From 34a9d1f818af48a4d5bb4dcde4148e390a0c2d4a Mon Sep 17 00:00:00 2001 From: Alexander Marshalov <_@marshalov.org> Date: Tue, 26 Sep 2023 11:18:34 +0200 Subject: [PATCH 16/73] fixed ingestion via multitenant url for opentsdbhttp (#5061) (#5064) --- docs/CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index ed800d3e3..10b57ebdc 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -59,6 +59,7 @@ The sandbox cluster installation is running under the constant load generated by * BUGFIX: [vmbackup](https://docs.victoriametrics.com/vmbackup.html): properly copy `appliedRetention.txt` files inside `<-storageDataPath>/{data}` folders during [incremental backups](https://docs.victoriametrics.com/vmbackup.html#incremental-backups). Previously the new `appliedRetention.txt` could be skipped during incremental backups, which could lead to increased load on storage after restoring from backup. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5005). * BUGFIX: [vmagent](https://docs.victoriametrics.com/vmagent.html): suppress `context canceled` error messages in logs when `vmagent` is reloading service discovery config. This error could appear starting from [v1.93.5](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.93.5). See [this PR](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5048). * BUGFIX: [MetricsQL](https://docs.victoriametrics.com/MetricsQL.html): allow passing [median_over_time](https://docs.victoriametrics.com/MetricsQL.html#median_over_time) to [aggr_over_time](https://docs.victoriametrics.com/MetricsQL.html#aggr_over_time). See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5034). +* BUGFIX: [vminsert](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html): fixed ingestion via multitenant url for opentsdbhttp. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5061). ## [v1.93.5](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.93.5) From c53b5788b4735ae78d768e7ce7d2f374a6d7da8d Mon Sep 17 00:00:00 2001 From: hagen1778 Date: Tue, 26 Sep 2023 14:26:40 +0200 Subject: [PATCH 17/73] dashboards: move `Concurrent inserts` panel to Troubleshooting section Moved because this panel is related to both: scraped and ingested data. Before, it could have give a misleading impression that it is related to ingested metrics only. Signed-off-by: hagen1778 --- dashboards/vm/vmagent.json | 289 +++++++++++++++++++------------------ dashboards/vmagent.json | 289 +++++++++++++++++++------------------ docs/CHANGELOG.md | 1 + 3 files changed, 299 insertions(+), 280 deletions(-) diff --git a/dashboards/vm/vmagent.json b/dashboards/vm/vmagent.json index adfb37735..3928c3248 100644 --- a/dashboards/vm/vmagent.json +++ b/dashboards/vm/vmagent.json @@ -2373,7 +2373,8 @@ "mode": "absolute", "steps": [ { - "color": "green" + "color": "green", + "value": null }, { "color": "red", @@ -2389,7 +2390,7 @@ "h": 8, "w": 12, "x": 0, - "y": 4 + "y": 36 }, "id": 92, "options": { @@ -2475,7 +2476,8 @@ "mode": "absolute", "steps": [ { - "color": "green" + "color": "green", + "value": null }, { "color": "red", @@ -2491,7 +2493,7 @@ "h": 8, "w": 12, "x": 12, - "y": 4 + "y": 36 }, "id": 95, "options": { @@ -2580,7 +2582,8 @@ "mode": "absolute", "steps": [ { - "color": "transparent" + "color": "transparent", + "value": null }, { "color": "red", @@ -2596,7 +2599,7 @@ "h": 8, "w": 12, "x": 0, - "y": 12 + "y": 44 }, "id": 98, "options": { @@ -2685,7 +2688,8 @@ "mode": "absolute", "steps": [ { - "color": "transparent" + "color": "transparent", + "value": null }, { "color": "red", @@ -2701,7 +2705,7 @@ "h": 8, "w": 12, "x": 12, - "y": 12 + "y": 44 }, "id": 99, "options": { @@ -2789,7 +2793,8 @@ "mode": "absolute", "steps": [ { - "color": "green" + "color": "green", + "value": null }, { "color": "red", @@ -2805,7 +2810,7 @@ "h": 8, "w": 12, "x": 0, - "y": 20 + "y": 52 }, "id": 79, "links": [], @@ -2894,7 +2899,8 @@ "mode": "absolute", "steps": [ { - "color": "green" + "color": "green", + "value": null }, { "color": "red", @@ -2910,7 +2916,7 @@ "h": 8, "w": 12, "x": 12, - "y": 20 + "y": 52 }, "id": 18, "links": [ @@ -3004,7 +3010,8 @@ "mode": "absolute", "steps": [ { - "color": "green" + "color": "green", + "value": null }, { "color": "red", @@ -3020,7 +3027,7 @@ "h": 8, "w": 12, "x": 0, - "y": 28 + "y": 60 }, "id": 127, "links": [], @@ -3107,7 +3114,8 @@ "mode": "absolute", "steps": [ { - "color": "green" + "color": "green", + "value": null }, { "color": "red", @@ -3123,7 +3131,7 @@ "h": 8, "w": 12, "x": 12, - "y": 28 + "y": 60 }, "id": 50, "options": { @@ -3161,6 +3169,123 @@ "title": "Invalid datapoints rate ($instance)", "type": "timeseries" }, + { + "datasource": { + "type": "victoriametrics-datasource", + "uid": "$ds" + }, + "description": "Shows how many concurrent inserts (parsing and processing of scraped or ingested data) are taking place.\n\nIf the number of concurrent inserts hits the `limit` or is close to the `limit` constantly - it might be a sign of a resource shortage.\n\nIf vmagent's CPU usage and remote write connection saturation are at normal level, it might be that `-maxConcurrentInserts` cmd-line flag needs to be increased.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 68 + }, + "id": 130, + "links": [], + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "9.2.6", + "targets": [ + { + "datasource": { + "type": "victoriametrics-datasource", + "uid": "$ds" + }, + "editorMode": "code", + "exemplar": true, + "expr": "max_over_time(vm_concurrent_insert_current{job=~\"$job\", instance=~\"$instance\"}[$__rate_interval])", + "interval": "", + "legendFormat": "{{instance}} ({{job}})", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "victoriametrics-datasource", + "uid": "$ds" + }, + "editorMode": "code", + "exemplar": true, + "expr": "min(vm_concurrent_insert_capacity{job=~\"$job\", instance=~\"$instance\"}) by(job)", + "interval": "", + "legendFormat": "limit ({{job}})", + "range": true, + "refId": "B" + } + ], + "title": "Concurrent inserts ($instance)", + "type": "timeseries" + }, { "datasource": { "type": "victoriametrics-datasource", @@ -3181,7 +3306,8 @@ "mode": "absolute", "steps": [ { - "color": "green" + "color": "green", + "value": null }, { "color": "red", @@ -3221,7 +3347,7 @@ "h": 7, "w": 24, "x": 0, - "y": 36 + "y": 76 }, "id": 129, "options": { @@ -3240,7 +3366,7 @@ } ] }, - "pluginVersion": "9.2.6", + "pluginVersion": "9.2.7", "targets": [ { "datasource": { @@ -4063,7 +4189,7 @@ "h": 8, "w": 12, "x": 0, - "y": 38 + "y": 85 }, "id": 73, "links": [], @@ -4180,7 +4306,7 @@ "h": 8, "w": 12, "x": 12, - "y": 38 + "y": 85 }, "id": 131, "links": [], @@ -4219,123 +4345,6 @@ "title": "Rows rate ($instance)", "type": "timeseries" }, - { - "datasource": { - "type": "victoriametrics-datasource", - "uid": "$ds" - }, - "description": "Shows how many concurrent inserts are taking place.\n\nIf the number of concurrent inserts hitting the `limit` or is close to the `limit` constantly - it might be a sign of a resource shortage.\n\n If vmagent's CPU usage and remote write connection saturation are at normal level, it might be that `-maxConcurrentInserts` cmd-line flag need to be increased.", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 46 - }, - "id": 130, - "links": [], - "options": { - "legend": { - "calcs": [ - "mean", - "lastNotNull", - "max" - ], - "displayMode": "table", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "desc" - } - }, - "pluginVersion": "9.2.6", - "targets": [ - { - "datasource": { - "type": "victoriametrics-datasource", - "uid": "$ds" - }, - "editorMode": "code", - "exemplar": true, - "expr": "max_over_time(vm_concurrent_insert_current{job=~\"$job\", instance=~\"$instance\"}[$__rate_interval])", - "interval": "", - "legendFormat": "{{instance}} ({{job}})", - "range": true, - "refId": "A" - }, - { - "datasource": { - "type": "victoriametrics-datasource", - "uid": "$ds" - }, - "editorMode": "code", - "exemplar": true, - "expr": "min(vm_concurrent_insert_capacity{job=~\"$job\", instance=~\"$instance\"}) by(job)", - "interval": "", - "legendFormat": "limit ({{job}})", - "range": true, - "refId": "B" - } - ], - "title": "Concurrent inserts ($instance)", - "type": "timeseries" - }, { "datasource": { "type": "victoriametrics-datasource", @@ -4400,8 +4409,8 @@ "gridPos": { "h": 8, "w": 12, - "x": 12, - "y": 46 + "x": 0, + "y": 93 }, "id": 77, "links": [], diff --git a/dashboards/vmagent.json b/dashboards/vmagent.json index 4c66b13b9..de0502665 100644 --- a/dashboards/vmagent.json +++ b/dashboards/vmagent.json @@ -2372,7 +2372,8 @@ "mode": "absolute", "steps": [ { - "color": "green" + "color": "green", + "value": null }, { "color": "red", @@ -2388,7 +2389,7 @@ "h": 8, "w": 12, "x": 0, - "y": 4 + "y": 36 }, "id": 92, "options": { @@ -2474,7 +2475,8 @@ "mode": "absolute", "steps": [ { - "color": "green" + "color": "green", + "value": null }, { "color": "red", @@ -2490,7 +2492,7 @@ "h": 8, "w": 12, "x": 12, - "y": 4 + "y": 36 }, "id": 95, "options": { @@ -2579,7 +2581,8 @@ "mode": "absolute", "steps": [ { - "color": "transparent" + "color": "transparent", + "value": null }, { "color": "red", @@ -2595,7 +2598,7 @@ "h": 8, "w": 12, "x": 0, - "y": 12 + "y": 44 }, "id": 98, "options": { @@ -2684,7 +2687,8 @@ "mode": "absolute", "steps": [ { - "color": "transparent" + "color": "transparent", + "value": null }, { "color": "red", @@ -2700,7 +2704,7 @@ "h": 8, "w": 12, "x": 12, - "y": 12 + "y": 44 }, "id": 99, "options": { @@ -2788,7 +2792,8 @@ "mode": "absolute", "steps": [ { - "color": "green" + "color": "green", + "value": null }, { "color": "red", @@ -2804,7 +2809,7 @@ "h": 8, "w": 12, "x": 0, - "y": 20 + "y": 52 }, "id": 79, "links": [], @@ -2893,7 +2898,8 @@ "mode": "absolute", "steps": [ { - "color": "green" + "color": "green", + "value": null }, { "color": "red", @@ -2909,7 +2915,7 @@ "h": 8, "w": 12, "x": 12, - "y": 20 + "y": 52 }, "id": 18, "links": [ @@ -3003,7 +3009,8 @@ "mode": "absolute", "steps": [ { - "color": "green" + "color": "green", + "value": null }, { "color": "red", @@ -3019,7 +3026,7 @@ "h": 8, "w": 12, "x": 0, - "y": 28 + "y": 60 }, "id": 127, "links": [], @@ -3106,7 +3113,8 @@ "mode": "absolute", "steps": [ { - "color": "green" + "color": "green", + "value": null }, { "color": "red", @@ -3122,7 +3130,7 @@ "h": 8, "w": 12, "x": 12, - "y": 28 + "y": 60 }, "id": 50, "options": { @@ -3160,6 +3168,123 @@ "title": "Invalid datapoints rate ($instance)", "type": "timeseries" }, + { + "datasource": { + "type": "prometheus", + "uid": "$ds" + }, + "description": "Shows how many concurrent inserts (parsing and processing of scraped or ingested data) are taking place.\n\nIf the number of concurrent inserts hits the `limit` or is close to the `limit` constantly - it might be a sign of a resource shortage.\n\nIf vmagent's CPU usage and remote write connection saturation are at normal level, it might be that `-maxConcurrentInserts` cmd-line flag needs to be increased.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 68 + }, + "id": 130, + "links": [], + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "9.2.6", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$ds" + }, + "editorMode": "code", + "exemplar": true, + "expr": "max_over_time(vm_concurrent_insert_current{job=~\"$job\", instance=~\"$instance\"}[$__rate_interval])", + "interval": "", + "legendFormat": "{{instance}} ({{job}})", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$ds" + }, + "editorMode": "code", + "exemplar": true, + "expr": "min(vm_concurrent_insert_capacity{job=~\"$job\", instance=~\"$instance\"}) by(job)", + "interval": "", + "legendFormat": "limit ({{job}})", + "range": true, + "refId": "B" + } + ], + "title": "Concurrent inserts ($instance)", + "type": "timeseries" + }, { "datasource": { "type": "prometheus", @@ -3180,7 +3305,8 @@ "mode": "absolute", "steps": [ { - "color": "green" + "color": "green", + "value": null }, { "color": "red", @@ -3220,7 +3346,7 @@ "h": 7, "w": 24, "x": 0, - "y": 36 + "y": 76 }, "id": 129, "options": { @@ -3239,7 +3365,7 @@ } ] }, - "pluginVersion": "9.2.6", + "pluginVersion": "9.2.7", "targets": [ { "datasource": { @@ -4062,7 +4188,7 @@ "h": 8, "w": 12, "x": 0, - "y": 38 + "y": 85 }, "id": 73, "links": [], @@ -4179,7 +4305,7 @@ "h": 8, "w": 12, "x": 12, - "y": 38 + "y": 85 }, "id": 131, "links": [], @@ -4218,123 +4344,6 @@ "title": "Rows rate ($instance)", "type": "timeseries" }, - { - "datasource": { - "type": "prometheus", - "uid": "$ds" - }, - "description": "Shows how many concurrent inserts are taking place.\n\nIf the number of concurrent inserts hitting the `limit` or is close to the `limit` constantly - it might be a sign of a resource shortage.\n\n If vmagent's CPU usage and remote write connection saturation are at normal level, it might be that `-maxConcurrentInserts` cmd-line flag need to be increased.", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 46 - }, - "id": 130, - "links": [], - "options": { - "legend": { - "calcs": [ - "mean", - "lastNotNull", - "max" - ], - "displayMode": "table", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "desc" - } - }, - "pluginVersion": "9.2.6", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$ds" - }, - "editorMode": "code", - "exemplar": true, - "expr": "max_over_time(vm_concurrent_insert_current{job=~\"$job\", instance=~\"$instance\"}[$__rate_interval])", - "interval": "", - "legendFormat": "{{instance}} ({{job}})", - "range": true, - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$ds" - }, - "editorMode": "code", - "exemplar": true, - "expr": "min(vm_concurrent_insert_capacity{job=~\"$job\", instance=~\"$instance\"}) by(job)", - "interval": "", - "legendFormat": "limit ({{job}})", - "range": true, - "refId": "B" - } - ], - "title": "Concurrent inserts ($instance)", - "type": "timeseries" - }, { "datasource": { "type": "prometheus", @@ -4399,8 +4408,8 @@ "gridPos": { "h": 8, "w": 12, - "x": 12, - "y": 46 + "x": 0, + "y": 93 }, "id": 77, "links": [], diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 10b57ebdc..b3cb479ee 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -54,6 +54,7 @@ The sandbox cluster installation is running under the constant load generated by * FEATURE: stop exposing `vm_merge_need_free_disk_space` metric, since it has been appeared that it confuses users while doesn't bring any useful information. See [this comment](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/686#issuecomment-1733844128). * BUGFIX: [Official Grafana dashboards for VictoriaMetrics](https://grafana.com/orgs/victoriametrics): fix display of ingested rows rate for `Samples ingested/s` and `Samples rate` panels for vmagent's dasbhoard. Previously, not all ingested protocols were accounted in these panels. An extra panel `Rows rate` was added to `Ingestion` section to display the split for rows ingested rate by protocol. +* BUGFIX: [Official Grafana dashboards for VictoriaMetrics](https://grafana.com/orgs/victoriametrics): move vmagent's `Concurrent inserts` panel to Troubleshooting section from `Ingestion` section because this panel is related to both: scraped and ingested data. Before, it could have give a misleading impression that it is related to ingested metrics only. * BUGFIX: [vmui](https://docs.victoriametrics.com/#vmui): fix the bug causing render looping when switching to heatmap. * BUGFIX: [VictoriaMetrics enterprise](https://docs.victoriametrics.com/enterprise.html) validate `-dedup.minScrapeInterval` value and `-downsampling.period` intervals are multiples of each other. See [these docs](https://docs.victoriametrics.com/#downsampling). * BUGFIX: [vmbackup](https://docs.victoriametrics.com/vmbackup.html): properly copy `appliedRetention.txt` files inside `<-storageDataPath>/{data}` folders during [incremental backups](https://docs.victoriametrics.com/vmbackup.html#incremental-backups). Previously the new `appliedRetention.txt` could be skipped during incremental backups, which could lead to increased load on storage after restoring from backup. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5005). From af5379933210fc09311ea74f234c44732d81c0a3 Mon Sep 17 00:00:00 2001 From: Github Actions <133988544+victoriametrics-bot@users.noreply.github.com> Date: Wed, 27 Sep 2023 09:04:33 +0800 Subject: [PATCH 18/73] Automatic update operator docs from VictoriaMetrics/operator@958ce2b (#5070) --- docs/operator/CHANGELOG.md | 1 + docs/operator/vars.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/operator/CHANGELOG.md b/docs/operator/CHANGELOG.md index 67d6c679f..c9d2022ca 100644 --- a/docs/operator/CHANGELOG.md +++ b/docs/operator/CHANGELOG.md @@ -10,6 +10,7 @@ - [vmcluster](https://docs.victoriametrics.com/operator/api.html#vmcluster): remove redundant annotation `operator.victoriametrics/last-applied-spec` from created workloads like vmstorage statefulset. - [vmoperator](https://docs.victoriametrics.com/operator/): properly resize statefulset's multiple pvc when needed and allowable, before they could be updated with wrong size. +- [vmoperator](https://docs.victoriametrics.com/operator/): fix wrong api group of endpointsices, before vmagent won't able to access endpointsices resources with default rbac rule. ## [v0.38.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.38.0) - 11 Sep 2023 diff --git a/docs/operator/vars.md b/docs/operator/vars.md index ca25c0ba9..5142a05d1 100644 --- a/docs/operator/vars.md +++ b/docs/operator/vars.md @@ -10,7 +10,7 @@ aliases: - /operator/vars.html --- # Auto Generated vars for package config - updated at Mon Sep 25 08:27:49 UTC 2023 + updated at Wed Sep 27 00:09:29 UTC 2023 | varible name | variable default value | variable required | variable description | From 1a834b421037bb42a414ac3640acae4dba801216 Mon Sep 17 00:00:00 2001 From: Zakhar Bessarab Date: Thu, 28 Sep 2023 15:45:20 +0400 Subject: [PATCH 19/73] doc: mention InfluxDB v2 HTTP API support Address: https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5076 Signed-off-by: Zakhar Bessarab --- README.md | 2 ++ docs/README.md | 2 ++ docs/Single-server-VictoriaMetrics.md | 2 ++ 3 files changed, 6 insertions(+) diff --git a/README.md b/README.md index 8d560f75d..42a08b6a9 100644 --- a/README.md +++ b/README.md @@ -588,6 +588,8 @@ curl -d 'measurement,tag1=value1,tag2=value2 field1=123,field2=1.23' -X POST 'ht +Please, note that VictoriaMetrics also exposes endpoint for InfluxDB v2 HTTP API at `/influx/api/v2/write` and `/api/v2/write`. + An arbitrary number of lines delimited by '\n' (aka newline char) can be sent in a single request. After that the data may be read via [/api/v1/export](#how-to-export-data-in-json-line-format) endpoint: diff --git a/docs/README.md b/docs/README.md index 129d651e8..4f41e7dd1 100644 --- a/docs/README.md +++ b/docs/README.md @@ -591,6 +591,8 @@ curl -d 'measurement,tag1=value1,tag2=value2 field1=123,field2=1.23' -X POST 'ht +Please, note that VictoriaMetrics also exposes endpoint for InfluxDB v2 HTTP API at `/influx/api/v2/write` and `/api/v2/write`. + An arbitrary number of lines delimited by '\n' (aka newline char) can be sent in a single request. After that the data may be read via [/api/v1/export](#how-to-export-data-in-json-line-format) endpoint: diff --git a/docs/Single-server-VictoriaMetrics.md b/docs/Single-server-VictoriaMetrics.md index 4603ffc52..02c82ce34 100644 --- a/docs/Single-server-VictoriaMetrics.md +++ b/docs/Single-server-VictoriaMetrics.md @@ -599,6 +599,8 @@ curl -d 'measurement,tag1=value1,tag2=value2 field1=123,field2=1.23' -X POST 'ht +Please, note that VictoriaMetrics also exposes endpoint for InfluxDB v2 HTTP API at `/influx/api/v2/write` and `/api/v2/write`. + An arbitrary number of lines delimited by '\n' (aka newline char) can be sent in a single request. After that the data may be read via [/api/v1/export](#how-to-export-data-in-json-line-format) endpoint: From 0adec4818271e2ecbce12fcf5eb3ce5bd1594c54 Mon Sep 17 00:00:00 2001 From: Zakhar Bessarab Date: Thu, 28 Sep 2023 16:10:50 +0400 Subject: [PATCH 20/73] doc: address review feedback Signed-off-by: Zakhar Bessarab --- README.md | 24 ++++++++++++++++++++++-- docs/README.md | 24 ++++++++++++++++++++++-- docs/Single-server-VictoriaMetrics.md | 24 ++++++++++++++++++++++-- 3 files changed, 66 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 42a08b6a9..d290441ea 100644 --- a/README.md +++ b/README.md @@ -588,8 +588,6 @@ curl -d 'measurement,tag1=value1,tag2=value2 field1=123,field2=1.23' -X POST 'ht -Please, note that VictoriaMetrics also exposes endpoint for InfluxDB v2 HTTP API at `/influx/api/v2/write` and `/api/v2/write`. - An arbitrary number of lines delimited by '\n' (aka newline char) can be sent in a single request. After that the data may be read via [/api/v1/export](#how-to-export-data-in-json-line-format) endpoint: @@ -619,6 +617,28 @@ Some plugins for Telegraf such as [fluentd](https://github.com/fangli/fluent-plu or [Juniper/jitmon](https://github.com/Juniper/jtimon) send `SHOW DATABASES` query to `/query` and expect a particular database name in the response. Comma-separated list of expected databases can be passed to VictoriaMetrics via `-influx.databaseNames` command-line flag. +### How to send data in InfluxDB v2 format + +VictoriaMetrics exposes endpoint for InfluxDB v2 HTTP API at `/influx/api/v2/write` and `/api/v2/write`. + + +In order to write data with InfluxDB line protocol to local VictoriaMetrics using `curl`: + +
+ +```console +curl -d 'measurement,tag1=value1,tag2=value2 field1=123,field2=1.23' -X POST 'http://localhost:8428/api/v2/write' +``` + +
+ +The `/api/v1/export` endpoint should return the following response: + +```json +{"metric":{"__name__":"measurement_field1","tag1":"value1","tag2":"value2"},"values":[123],"timestamps":[1695902762311]} +{"metric":{"__name__":"measurement_field2","tag1":"value1","tag2":"value2"},"values":[1.23],"timestamps":[1695902762311]} +``` + ## How to send data from Graphite-compatible agents such as [StatsD](https://github.com/etsy/statsd) Enable Graphite receiver in VictoriaMetrics by setting `-graphiteListenAddr` command line flag. For instance, diff --git a/docs/README.md b/docs/README.md index 4f41e7dd1..85217fadd 100644 --- a/docs/README.md +++ b/docs/README.md @@ -591,8 +591,6 @@ curl -d 'measurement,tag1=value1,tag2=value2 field1=123,field2=1.23' -X POST 'ht -Please, note that VictoriaMetrics also exposes endpoint for InfluxDB v2 HTTP API at `/influx/api/v2/write` and `/api/v2/write`. - An arbitrary number of lines delimited by '\n' (aka newline char) can be sent in a single request. After that the data may be read via [/api/v1/export](#how-to-export-data-in-json-line-format) endpoint: @@ -622,6 +620,28 @@ Some plugins for Telegraf such as [fluentd](https://github.com/fangli/fluent-plu or [Juniper/jitmon](https://github.com/Juniper/jtimon) send `SHOW DATABASES` query to `/query` and expect a particular database name in the response. Comma-separated list of expected databases can be passed to VictoriaMetrics via `-influx.databaseNames` command-line flag. +### How to send data in InfluxDB v2 format + +VictoriaMetrics exposes endpoint for InfluxDB v2 HTTP API at `/influx/api/v2/write` and `/api/v2/write`. + + +In order to write data with InfluxDB line protocol to local VictoriaMetrics using `curl`: + +
+ +```console +curl -d 'measurement,tag1=value1,tag2=value2 field1=123,field2=1.23' -X POST 'http://localhost:8428/api/v2/write' +``` + +
+ +The `/api/v1/export` endpoint should return the following response: + +```json +{"metric":{"__name__":"measurement_field1","tag1":"value1","tag2":"value2"},"values":[123],"timestamps":[1695902762311]} +{"metric":{"__name__":"measurement_field2","tag1":"value1","tag2":"value2"},"values":[1.23],"timestamps":[1695902762311]} +``` + ## How to send data from Graphite-compatible agents such as [StatsD](https://github.com/etsy/statsd) Enable Graphite receiver in VictoriaMetrics by setting `-graphiteListenAddr` command line flag. For instance, diff --git a/docs/Single-server-VictoriaMetrics.md b/docs/Single-server-VictoriaMetrics.md index 02c82ce34..59cca35d6 100644 --- a/docs/Single-server-VictoriaMetrics.md +++ b/docs/Single-server-VictoriaMetrics.md @@ -599,8 +599,6 @@ curl -d 'measurement,tag1=value1,tag2=value2 field1=123,field2=1.23' -X POST 'ht -Please, note that VictoriaMetrics also exposes endpoint for InfluxDB v2 HTTP API at `/influx/api/v2/write` and `/api/v2/write`. - An arbitrary number of lines delimited by '\n' (aka newline char) can be sent in a single request. After that the data may be read via [/api/v1/export](#how-to-export-data-in-json-line-format) endpoint: @@ -630,6 +628,28 @@ Some plugins for Telegraf such as [fluentd](https://github.com/fangli/fluent-plu or [Juniper/jitmon](https://github.com/Juniper/jtimon) send `SHOW DATABASES` query to `/query` and expect a particular database name in the response. Comma-separated list of expected databases can be passed to VictoriaMetrics via `-influx.databaseNames` command-line flag. +### How to send data in InfluxDB v2 format + +VictoriaMetrics exposes endpoint for InfluxDB v2 HTTP API at `/influx/api/v2/write` and `/api/v2/write`. + + +In order to write data with InfluxDB line protocol to local VictoriaMetrics using `curl`: + +
+ +```console +curl -d 'measurement,tag1=value1,tag2=value2 field1=123,field2=1.23' -X POST 'http://localhost:8428/api/v2/write' +``` + +
+ +The `/api/v1/export` endpoint should return the following response: + +```json +{"metric":{"__name__":"measurement_field1","tag1":"value1","tag2":"value2"},"values":[123],"timestamps":[1695902762311]} +{"metric":{"__name__":"measurement_field2","tag1":"value1","tag2":"value2"},"values":[1.23],"timestamps":[1695902762311]} +``` + ## How to send data from Graphite-compatible agents such as [StatsD](https://github.com/etsy/statsd) Enable Graphite receiver in VictoriaMetrics by setting `-graphiteListenAddr` command line flag. For instance, From f0e33700fc04f7e2387d03363e219cb322474e0f Mon Sep 17 00:00:00 2001 From: Dmytro Kozlov Date: Fri, 29 Sep 2023 11:47:45 +0200 Subject: [PATCH 21/73] vmui: update information about tsdb usage in cluster version (#5004) * vmui: update information about tsdb usage in cluster version * vmui: cleanup * vmui: add CHANGELOG.md * vmui: cleanup * vmui: update logic, move information to the visible place * app/vmui: remove values fetch, update documentation for cardinality explorer * app/vmui: update CHANGELOG.md --- README.md | 8 ++++--- .../components/Main/Hyperlink/Hyperlink.tsx | 7 ++++-- .../CardinalityConfigurator.tsx | 23 ++++++++++++++----- .../CardinalityTotals/CardinalityTotals.tsx | 5 ++-- .../hooks/useCardinalityFetch.ts | 11 ++++++++- .../vmui/src/pages/CardinalityPanel/index.tsx | 5 ++-- docs/CHANGELOG.md | 1 + docs/README.md | 8 ++++--- docs/Single-server-VictoriaMetrics.md | 7 ++++-- 9 files changed, 54 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index d290441ea..aab85c42e 100644 --- a/README.md +++ b/README.md @@ -405,14 +405,16 @@ matching the specified [series selector](https://prometheus.io/docs/prometheus/l Cardinality explorer is built on top of [/api/v1/status/tsdb](#tsdb-stats). +See [cardinality explorer playground](https://play.victoriametrics.com/select/accounting/1/6a716b0f-38bc-4856-90ce-448fd713e3fe/prometheus/graph/#/cardinality). +See the example of using the cardinality explorer [here](https://victoriametrics.com/blog/cardinality-explorer/). + +## Cardinality explorer statistic inaccuracy + In [cluster version of VictoriaMetrics](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html) each vmstorage tracks the stored time series individually. vmselect requests stats via [/api/v1/status/tsdb](#tsdb-stats) API from each vmstorage node and merges the results by summing per-series stats. This may lead to inflated values when samples for the same time series are spread across multiple vmstorage nodes due to [replication](#replication) or [rerouting](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html?highlight=re-routes#cluster-availability). -See [cardinality explorer playground](https://play.victoriametrics.com/select/accounting/1/6a716b0f-38bc-4856-90ce-448fd713e3fe/prometheus/graph/#/cardinality). -See the example of using the cardinality explorer [here](https://victoriametrics.com/blog/cardinality-explorer/). - ## How to apply new config to VictoriaMetrics VictoriaMetrics is configured via command-line flags, so it must be restarted when new command-line flags should be applied: diff --git a/app/vmui/packages/vmui/src/components/Main/Hyperlink/Hyperlink.tsx b/app/vmui/packages/vmui/src/components/Main/Hyperlink/Hyperlink.tsx index c1cd58e3f..32dac0b3a 100644 --- a/app/vmui/packages/vmui/src/components/Main/Hyperlink/Hyperlink.tsx +++ b/app/vmui/packages/vmui/src/components/Main/Hyperlink/Hyperlink.tsx @@ -8,6 +8,7 @@ interface Hyperlink { children?: ReactNode; colored?: boolean; underlined?: boolean; + withIcon?: boolean; } const Hyperlink: FC = ({ @@ -15,14 +16,16 @@ const Hyperlink: FC = ({ href, children, colored = true, - underlined = false + underlined = false, + withIcon = false, }) => ( = ({ isPrometheus, ...props }) => { +const CardinalityConfigurator: FC = ({ isPrometheus, isCluster, ...props }) => { const { isMobile } = useDeviceDetect(); const [searchParams] = useSearchParams(); const { setSearchParamsFromKeys } = useSearchParamsFromObject(); @@ -105,19 +106,29 @@ const CardinalityConfigurator: FC = ({ isPrometheus, ...
+ {isCluster && +
+ + + Statistic inaccuracy explanation + +
+ }
diff --git a/app/vmui/packages/vmui/src/pages/CardinalityPanel/CardinalityTotals/CardinalityTotals.tsx b/app/vmui/packages/vmui/src/pages/CardinalityPanel/CardinalityTotals/CardinalityTotals.tsx index 0c1f53e1a..63845403a 100644 --- a/app/vmui/packages/vmui/src/pages/CardinalityPanel/CardinalityTotals/CardinalityTotals.tsx +++ b/app/vmui/packages/vmui/src/pages/CardinalityPanel/CardinalityTotals/CardinalityTotals.tsx @@ -14,6 +14,7 @@ export interface CardinalityTotalsProps { totalLabelValuePairs: number; seriesCountByMetricName: TopHeapEntry[]; isPrometheus?: boolean; + isCluster: boolean; } const CardinalityTotals: FC = ({ @@ -21,7 +22,7 @@ const CardinalityTotals: FC = ({ totalSeriesPrev = 0, totalSeriesAll = 0, seriesCountByMetricName = [], - isPrometheus + isPrometheus, }) => { const { isMobile } = useDeviceDetect(); @@ -50,7 +51,7 @@ const CardinalityTotals: FC = ({ value: isNaN(progress) ? "-" : `${progress.toFixed(2)}%`, display: isMetric, info: "The share of these series in the total number of time series." - } + }, ].filter(t => t.display); if (!totals.length) { diff --git a/app/vmui/packages/vmui/src/pages/CardinalityPanel/hooks/useCardinalityFetch.ts b/app/vmui/packages/vmui/src/pages/CardinalityPanel/hooks/useCardinalityFetch.ts index 585ebf245..c1c88b6e7 100644 --- a/app/vmui/packages/vmui/src/pages/CardinalityPanel/hooks/useCardinalityFetch.ts +++ b/app/vmui/packages/vmui/src/pages/CardinalityPanel/hooks/useCardinalityFetch.ts @@ -7,12 +7,14 @@ import AppConfigurator from "../appConfigurator"; import { useSearchParams } from "react-router-dom"; import dayjs from "dayjs"; import { DATE_FORMAT } from "../../../constants/date"; +import { getTenantIdFromUrl } from "../../../utils/tenants"; export const useFetchQuery = (): { fetchUrl?: string[], isLoading: boolean, error?: ErrorTypes | string appConfigurator: AppConfigurator, + isCluster: boolean, } => { const appConfigurator = new AppConfigurator(); @@ -26,6 +28,7 @@ export const useFetchQuery = (): { const [isLoading, setIsLoading] = useState(false); const [error, setError] = useState(); const [tsdbStatus, setTSDBStatus] = useState(appConfigurator.defaultTSDBStatus); + const [isCluster, setIsCluster] = useState(false); const getResponseJson = async (url: string) => { const response = await fetch(url); @@ -115,6 +118,12 @@ export const useFetchQuery = (): { } }, [error]); + useEffect(() => { + const id = getTenantIdFromUrl(serverUrl); + setIsCluster(!!id); + }, [serverUrl]); + + appConfigurator.tsdbStatusData = tsdbStatus; - return { isLoading, appConfigurator: appConfigurator, error }; + return { isLoading, appConfigurator: appConfigurator, error, isCluster }; }; diff --git a/app/vmui/packages/vmui/src/pages/CardinalityPanel/index.tsx b/app/vmui/packages/vmui/src/pages/CardinalityPanel/index.tsx index 631441041..777b2f398 100644 --- a/app/vmui/packages/vmui/src/pages/CardinalityPanel/index.tsx +++ b/app/vmui/packages/vmui/src/pages/CardinalityPanel/index.tsx @@ -31,7 +31,7 @@ const CardinalityPanel: FC = () => { const match = searchParams.get("match") || ""; const focusLabel = searchParams.get("focusLabel") || ""; - const { isLoading, appConfigurator, error } = useFetchQuery(); + const { isLoading, appConfigurator, error, isCluster } = useFetchQuery(); const { tsdbStatusData, getDefaultState, tablesHeaders, sectionsTips } = appConfigurator; const defaultState = getDefaultState(match, focusLabel); @@ -62,6 +62,7 @@ const CardinalityPanel: FC = () => { totalSeriesAll={tsdbStatusData.totalSeriesByAll} totalLabelValuePairs={tsdbStatusData.totalLabelValuePairs} seriesCountByMetricName={tsdbStatusData.seriesCountByMetricName} + isCluster={isCluster} /> {showTips && ( @@ -69,7 +70,7 @@ const CardinalityPanel: FC = () => { {!match && !focusLabel && } {match && !focusLabel && } {!match && !focusLabel && } - {focusLabel && } + {focusLabel && }
)} diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index b3cb479ee..bc5b82fcb 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -41,6 +41,7 @@ The sandbox cluster installation is running under the constant load generated by * FEATURE: [vmui](https://docs.victoriametrics.com/#vmui): add button for auto-formatting PromQL/MetricsQL queries. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4681). Thanks to @aramattamara for the [pull request](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/4694). * FEATURE: [vmui](https://docs.victoriametrics.com/#vmui): improve accessibility score to 100 according to [Google's Lighthouse](https://developer.chrome.com/docs/lighthouse/accessibility/) tests. * FEATURE: [vmui](https://docs.victoriametrics.com/#vmui): organize `min`, `max`, `median` values on the chart legend and tooltips for better visibility. +* FEATURE: [vmui](https://docs.victoriametrics.com/#vmui): add explanation about statistic inaccuracy in a cluster version. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3070). * FEATURE: dashboards: provide copies of Grafana dashboards alternated with VictoriaMetrics datasource at [dashboards/vm](https://github.com/VictoriaMetrics/VictoriaMetrics/tree/master/dashboards/vm). * FEATURE: [vmauth](https://docs.victoriametrics.com/vmauth.html): added ability to set, override and clear request and response headers on a per-user and per-path basis. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4825) and [these docs](https://docs.victoriametrics.com/vmauth.html#auth-config) for details. * FEATURE: [vmauth](https://docs.victoriametrics.com/vmauth.html): add ability to retry requests to the [remaining backends](https://docs.victoriametrics.com/vmauth.html#load-balancing) if they return response status codes specified in the `retry_status_codes` list. See [this feature request](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4893). diff --git a/docs/README.md b/docs/README.md index 85217fadd..fb316fa7d 100644 --- a/docs/README.md +++ b/docs/README.md @@ -408,14 +408,16 @@ matching the specified [series selector](https://prometheus.io/docs/prometheus/l Cardinality explorer is built on top of [/api/v1/status/tsdb](#tsdb-stats). +See [cardinality explorer playground](https://play.victoriametrics.com/select/accounting/1/6a716b0f-38bc-4856-90ce-448fd713e3fe/prometheus/graph/#/cardinality). +See the example of using the cardinality explorer [here](https://victoriametrics.com/blog/cardinality-explorer/). + +## Cardinality explorer statistic inaccuracy + In [cluster version of VictoriaMetrics](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html) each vmstorage tracks the stored time series individually. vmselect requests stats via [/api/v1/status/tsdb](#tsdb-stats) API from each vmstorage node and merges the results by summing per-series stats. This may lead to inflated values when samples for the same time series are spread across multiple vmstorage nodes due to [replication](#replication) or [rerouting](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html?highlight=re-routes#cluster-availability). -See [cardinality explorer playground](https://play.victoriametrics.com/select/accounting/1/6a716b0f-38bc-4856-90ce-448fd713e3fe/prometheus/graph/#/cardinality). -See the example of using the cardinality explorer [here](https://victoriametrics.com/blog/cardinality-explorer/). - ## How to apply new config to VictoriaMetrics VictoriaMetrics is configured via command-line flags, so it must be restarted when new command-line flags should be applied: diff --git a/docs/Single-server-VictoriaMetrics.md b/docs/Single-server-VictoriaMetrics.md index 59cca35d6..d7c0b73f3 100644 --- a/docs/Single-server-VictoriaMetrics.md +++ b/docs/Single-server-VictoriaMetrics.md @@ -416,13 +416,16 @@ matching the specified [series selector](https://prometheus.io/docs/prometheus/l Cardinality explorer is built on top of [/api/v1/status/tsdb](#tsdb-stats). +See [cardinality explorer playground](https://play.victoriametrics.com/select/accounting/1/6a716b0f-38bc-4856-90ce-448fd713e3fe/prometheus/graph/#/cardinality). +See the example of using the cardinality explorer [here](https://victoriametrics.com/blog/cardinality-explorer/). + +## Cardinality explorer statistic inaccuracy + In [cluster version of VictoriaMetrics](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html) each vmstorage tracks the stored time series individually. vmselect requests stats via [/api/v1/status/tsdb](#tsdb-stats) API from each vmstorage node and merges the results by summing per-series stats. This may lead to inflated values when samples for the same time series are spread across multiple vmstorage nodes due to [replication](#replication) or [rerouting](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html?highlight=re-routes#cluster-availability). -See [cardinality explorer playground](https://play.victoriametrics.com/select/accounting/1/6a716b0f-38bc-4856-90ce-448fd713e3fe/prometheus/graph/#/cardinality). -See the example of using the cardinality explorer [here](https://victoriametrics.com/blog/cardinality-explorer/). ## How to apply new config to VictoriaMetrics From 9310e9f5847fa4d0fa49d1f081879014a33a4dc9 Mon Sep 17 00:00:00 2001 From: Zakhar Bessarab Date: Fri, 29 Sep 2023 13:50:14 +0400 Subject: [PATCH 22/73] lib/logstorage/datadb: remove parts merge cond (#4828) It was added in order to limit number of goroutines performing assisted merges during ingestion. It turned out that blocking ingestion goroutines lower ingestion performance and limits overall ingestion around 40k items per seconds because of lock contention. Removing parts merge sync.Cond allows to remove lock contention at write path and significantly improves write performance. See: https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4775 Signed-off-by: Zakhar Bessarab --- lib/logstorage/datadb.go | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/lib/logstorage/datadb.go b/lib/logstorage/datadb.go index 41f9c31a6..d3afc82f1 100644 --- a/lib/logstorage/datadb.go +++ b/lib/logstorage/datadb.go @@ -69,9 +69,6 @@ type datadb struct { // stopCh is used for notifying background workers to stop stopCh chan struct{} - // mergeDoneCond is used for pace-limiting the data ingestion rate - mergeDoneCond *sync.Cond - // inmemoryPartsFlushersCount is the number of currently running in-memory parts flushers // // This variable must be accessed under partsLock. @@ -173,7 +170,6 @@ func mustOpenDatadb(pt *partition, path string, flushInterval time.Duration) *da fileParts: pws, stopCh: make(chan struct{}), } - ddb.mergeDoneCond = sync.NewCond(&ddb.partsLock) // Start merge workers in the hope they'll merge the remaining parts ddb.partsLock.Lock() @@ -415,7 +411,6 @@ func (ddb *datadb) mustMergeParts(pws []*partWrapper, isFinal bool) { } if needStop(stopCh) { ddb.releasePartsToMerge(pws) - ddb.mergeDoneCond.Broadcast() // Remove incomplete destination part if dstPartType == partFile { fs.MustRemoveAll(dstPartPath) @@ -526,10 +521,6 @@ func (ddb *datadb) mustAddRows(lr *LogRows) { if len(ddb.inmemoryParts) > defaultPartsToMerge { ddb.startMergeWorkerLocked() } - for len(ddb.inmemoryParts) > maxInmemoryPartsPerPartition { - // limit the pace for data ingestion if too many inmemory parts are created - ddb.mergeDoneCond.Wait() - } ddb.partsLock.Unlock() } @@ -696,8 +687,6 @@ func (ddb *datadb) swapSrcWithDstParts(pws []*partWrapper, pwNew *partWrapper, d atomic.StoreUint32(&pw.mustBeDeleted, 1) pw.decRef() } - - ddb.mergeDoneCond.Broadcast() } func removeParts(pws []*partWrapper, partsToRemove map[*partWrapper]struct{}) ([]*partWrapper, int) { From 8a23d08c210c7c2440c224debcff266de3353a64 Mon Sep 17 00:00:00 2001 From: Zakhar Bessarab Date: Fri, 29 Sep 2023 13:55:38 +0400 Subject: [PATCH 23/73] lib/logstorage: switch to read-only mode when running out of disk space (#4945) * lib/logstorage: switch to read-only mode when running out of disk space Added support of `--storage.minFreeDiskSpaceBytes` command-line flag to allow graceful handling of running out of disk space at `--storageDataPath`. See: https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4737 Signed-off-by: Zakhar Bessarab * lib/logstorage: fix error handling logic during merge Signed-off-by: Zakhar Bessarab * lib/logstorage: fix log level Signed-off-by: Zakhar Bessarab --------- Signed-off-by: Zakhar Bessarab Co-authored-by: Nikolay --- app/vlinsert/elasticsearch/elasticsearch.go | 18 +++-- .../elasticsearch/elasticsearch_test.go | 6 +- .../elasticsearch_timing_test.go | 2 +- app/vlinsert/insertutils/common_params.go | 12 ++-- app/vlinsert/jsonline/jsonline.go | 14 +++- app/vlinsert/jsonline/jsonline_test.go | 4 +- app/vlinsert/loki/loki_json.go | 17 +++-- app/vlinsert/loki/loki_json_test.go | 6 +- app/vlinsert/loki/loki_json_timing_test.go | 2 +- app/vlinsert/loki/loki_protobuf.go | 17 +++-- app/vlinsert/loki/loki_protobuf_test.go | 6 +- .../loki/loki_protobuf_timing_test.go | 5 +- app/vlstorage/main.go | 28 +++++--- docs/VictoriaLogs/CHANGELOG.md | 2 + docs/VictoriaLogs/README.md | 3 + lib/logstorage/datadb.go | 69 +++++++++++++++---- lib/logstorage/filters_test.go | 4 +- lib/logstorage/log_rows.go | 2 +- lib/logstorage/partition.go | 2 +- lib/logstorage/storage.go | 61 +++++++++++++++- lib/logstorage/storage_search_test.go | 4 +- lib/logstorage/storage_test.go | 6 +- 22 files changed, 222 insertions(+), 68 deletions(-) diff --git a/app/vlinsert/elasticsearch/elasticsearch.go b/app/vlinsert/elasticsearch/elasticsearch.go index a3ae68f19..d511d3729 100644 --- a/app/vlinsert/elasticsearch/elasticsearch.go +++ b/app/vlinsert/elasticsearch/elasticsearch.go @@ -12,6 +12,8 @@ import ( "strings" "time" + "github.com/VictoriaMetrics/metrics" + "github.com/VictoriaMetrics/VictoriaMetrics/app/vlinsert/insertutils" "github.com/VictoriaMetrics/VictoriaMetrics/app/vlstorage" "github.com/VictoriaMetrics/VictoriaMetrics/lib/bufferedwriter" @@ -22,7 +24,6 @@ import ( "github.com/VictoriaMetrics/VictoriaMetrics/lib/logstorage" "github.com/VictoriaMetrics/VictoriaMetrics/lib/protoparser/common" "github.com/VictoriaMetrics/VictoriaMetrics/lib/writeconcurrencylimiter" - "github.com/VictoriaMetrics/metrics" ) var ( @@ -101,8 +102,11 @@ func RequestHandler(path string, w http.ResponseWriter, r *http.Request) bool { logger.Warnf("cannot decode log message #%d in /_bulk request: %s", n, err) return true } - vlstorage.MustAddRows(lr) + err = vlstorage.AddRows(lr) logstorage.PutLogRows(lr) + if err != nil { + httpserver.Errorf(w, r, "cannot insert rows: %s", err) + } tookMs := time.Since(startTime).Milliseconds() bw := bufferedwriter.Get(w) @@ -128,7 +132,7 @@ var ( ) func readBulkRequest(r io.Reader, isGzip bool, timeField, msgField string, - processLogMessage func(timestamp int64, fields []logstorage.Field), + processLogMessage func(timestamp int64, fields []logstorage.Field) error, ) (int, error) { // See https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-bulk.html @@ -171,7 +175,7 @@ func readBulkRequest(r io.Reader, isGzip bool, timeField, msgField string, var lineBufferPool bytesutil.ByteBufferPool func readBulkLine(sc *bufio.Scanner, timeField, msgField string, - processLogMessage func(timestamp int64, fields []logstorage.Field), + processLogMessage func(timestamp int64, fields []logstorage.Field) error, ) (bool, error) { var line []byte @@ -218,8 +222,12 @@ func readBulkLine(sc *bufio.Scanner, timeField, msgField string, ts = time.Now().UnixNano() } p.RenameField(msgField, "_msg") - processLogMessage(ts, p.Fields) + err = processLogMessage(ts, p.Fields) logjson.PutParser(p) + if err != nil { + return false, err + } + return true, nil } diff --git a/app/vlinsert/elasticsearch/elasticsearch_test.go b/app/vlinsert/elasticsearch/elasticsearch_test.go index 09d1bf770..3935e0dee 100644 --- a/app/vlinsert/elasticsearch/elasticsearch_test.go +++ b/app/vlinsert/elasticsearch/elasticsearch_test.go @@ -15,8 +15,9 @@ func TestReadBulkRequestFailure(t *testing.T) { f := func(data string) { t.Helper() - processLogMessage := func(timestamp int64, fields []logstorage.Field) { + processLogMessage := func(timestamp int64, fields []logstorage.Field) error { t.Fatalf("unexpected call to processLogMessage with timestamp=%d, fields=%s", timestamp, fields) + return nil } r := bytes.NewBufferString(data) @@ -43,7 +44,7 @@ func TestReadBulkRequestSuccess(t *testing.T) { var timestamps []int64 var result string - processLogMessage := func(timestamp int64, fields []logstorage.Field) { + processLogMessage := func(timestamp int64, fields []logstorage.Field) error { timestamps = append(timestamps, timestamp) a := make([]string, len(fields)) @@ -52,6 +53,7 @@ func TestReadBulkRequestSuccess(t *testing.T) { } s := "{" + strings.Join(a, ",") + "}\n" result += s + return nil } // Read the request without compression diff --git a/app/vlinsert/elasticsearch/elasticsearch_timing_test.go b/app/vlinsert/elasticsearch/elasticsearch_timing_test.go index 9a50fe0eb..5d8cca1b2 100644 --- a/app/vlinsert/elasticsearch/elasticsearch_timing_test.go +++ b/app/vlinsert/elasticsearch/elasticsearch_timing_test.go @@ -33,7 +33,7 @@ func benchmarkReadBulkRequest(b *testing.B, isGzip bool) { timeField := "@timestamp" msgField := "message" - processLogMessage := func(timestmap int64, fields []logstorage.Field) {} + processLogMessage := func(timestmap int64, fields []logstorage.Field) error { return nil } b.ReportAllocs() b.SetBytes(int64(len(data))) diff --git a/app/vlinsert/insertutils/common_params.go b/app/vlinsert/insertutils/common_params.go index 23f100775..1852f2233 100644 --- a/app/vlinsert/insertutils/common_params.go +++ b/app/vlinsert/insertutils/common_params.go @@ -72,13 +72,13 @@ func GetCommonParams(r *http.Request) (*CommonParams, error) { } // GetProcessLogMessageFunc returns a function, which adds parsed log messages to lr. -func (cp *CommonParams) GetProcessLogMessageFunc(lr *logstorage.LogRows) func(timestamp int64, fields []logstorage.Field) { - return func(timestamp int64, fields []logstorage.Field) { +func (cp *CommonParams) GetProcessLogMessageFunc(lr *logstorage.LogRows) func(timestamp int64, fields []logstorage.Field) error { + return func(timestamp int64, fields []logstorage.Field) error { if len(fields) > *MaxFieldsPerLine { rf := logstorage.RowFormatter(fields) logger.Warnf("dropping log line with %d fields; it exceeds -insert.maxFieldsPerLine=%d; %s", len(fields), *MaxFieldsPerLine, rf) rowsDroppedTotalTooManyFields.Inc() - return + return nil } lr.MustAdd(cp.TenantID, timestamp, fields) @@ -87,12 +87,14 @@ func (cp *CommonParams) GetProcessLogMessageFunc(lr *logstorage.LogRows) func(ti lr.ResetKeepSettings() logger.Infof("remoteAddr=%s; requestURI=%s; ignoring log entry because of `debug` query arg: %s", cp.DebugRemoteAddr, cp.DebugRequestURI, s) rowsDroppedTotalDebug.Inc() - return + return nil } if lr.NeedFlush() { - vlstorage.MustAddRows(lr) + err := vlstorage.AddRows(lr) lr.ResetKeepSettings() + return err } + return nil } } diff --git a/app/vlinsert/jsonline/jsonline.go b/app/vlinsert/jsonline/jsonline.go index bf8d4760e..863cf2047 100644 --- a/app/vlinsert/jsonline/jsonline.go +++ b/app/vlinsert/jsonline/jsonline.go @@ -75,8 +75,12 @@ func RequestHandler(w http.ResponseWriter, r *http.Request) bool { rowsIngestedTotal.Inc() } - vlstorage.MustAddRows(lr) + err = vlstorage.AddRows(lr) logstorage.PutLogRows(lr) + if err != nil { + httpserver.Errorf(w, r, "cannot insert rows: %s", err) + return true + } // update jsonlineRequestDuration only for successfully parsed requests. // There is no need in updating jsonlineRequestDuration for request errors, @@ -86,7 +90,7 @@ func RequestHandler(w http.ResponseWriter, r *http.Request) bool { return true } -func readLine(sc *bufio.Scanner, timeField, msgField string, processLogMessage func(timestamp int64, fields []logstorage.Field)) (bool, error) { +func readLine(sc *bufio.Scanner, timeField, msgField string, processLogMessage func(timestamp int64, fields []logstorage.Field) error) (bool, error) { var line []byte for len(line) == 0 { if !sc.Scan() { @@ -113,8 +117,12 @@ func readLine(sc *bufio.Scanner, timeField, msgField string, processLogMessage f ts = time.Now().UnixNano() } p.RenameField(msgField, "_msg") - processLogMessage(ts, p.Fields) + err = processLogMessage(ts, p.Fields) logjson.PutParser(p) + if err != nil { + return false, err + } + return true, nil } diff --git a/app/vlinsert/jsonline/jsonline_test.go b/app/vlinsert/jsonline/jsonline_test.go index 86a917491..f6da725c3 100644 --- a/app/vlinsert/jsonline/jsonline_test.go +++ b/app/vlinsert/jsonline/jsonline_test.go @@ -16,7 +16,7 @@ func TestReadBulkRequestSuccess(t *testing.T) { var timestamps []int64 var result string - processLogMessage := func(timestamp int64, fields []logstorage.Field) { + processLogMessage := func(timestamp int64, fields []logstorage.Field) error { timestamps = append(timestamps, timestamp) a := make([]string, len(fields)) @@ -25,6 +25,8 @@ func TestReadBulkRequestSuccess(t *testing.T) { } s := "{" + strings.Join(a, ",") + "}\n" result += s + + return nil } // Read the request without compression diff --git a/app/vlinsert/loki/loki_json.go b/app/vlinsert/loki/loki_json.go index 88a75df1d..653416faf 100644 --- a/app/vlinsert/loki/loki_json.go +++ b/app/vlinsert/loki/loki_json.go @@ -50,10 +50,16 @@ func handleJSON(r *http.Request, w http.ResponseWriter) bool { lr := logstorage.GetLogRows(cp.StreamFields, cp.IgnoreFields) processLogMessage := cp.GetProcessLogMessageFunc(lr) n, err := parseJSONRequest(data, processLogMessage) - vlstorage.MustAddRows(lr) + if err != nil { + logstorage.PutLogRows(lr) + httpserver.Errorf(w, r, "cannot parse Loki request: %s", err) + return true + } + + err = vlstorage.AddRows(lr) logstorage.PutLogRows(lr) if err != nil { - httpserver.Errorf(w, r, "cannot parse Loki request: %s", err) + httpserver.Errorf(w, r, "cannot insert rows: %s", err) return true } rowsIngestedJSONTotal.Add(n) @@ -72,7 +78,7 @@ var ( lokiRequestJSONDuration = metrics.NewHistogram(`vl_http_request_duration_seconds{path="/insert/loki/api/v1/push",format="json"}`) ) -func parseJSONRequest(data []byte, processLogMessage func(timestamp int64, fields []logstorage.Field)) (int, error) { +func parseJSONRequest(data []byte, processLogMessage func(timestamp int64, fields []logstorage.Field)error) (int, error) { p := parserPool.Get() defer parserPool.Put(p) v, err := p.ParseBytes(data) @@ -165,7 +171,10 @@ func parseJSONRequest(data []byte, processLogMessage func(timestamp int64, field Name: "_msg", Value: bytesutil.ToUnsafeString(msg), }) - processLogMessage(ts, fields) + err = processLogMessage(ts, fields) + if err != nil { + return rowsIngested, err + } } rowsIngested += len(lines) diff --git a/app/vlinsert/loki/loki_json_test.go b/app/vlinsert/loki/loki_json_test.go index 93cf8652a..f285dd1f7 100644 --- a/app/vlinsert/loki/loki_json_test.go +++ b/app/vlinsert/loki/loki_json_test.go @@ -11,8 +11,9 @@ import ( func TestParseJSONRequestFailure(t *testing.T) { f := func(s string) { t.Helper() - n, err := parseJSONRequest([]byte(s), func(timestamp int64, fields []logstorage.Field) { + n, err := parseJSONRequest([]byte(s), func(timestamp int64, fields []logstorage.Field) error { t.Fatalf("unexpected call to parseJSONRequest callback!") + return nil }) if err == nil { t.Fatalf("expecting non-nil error") @@ -60,13 +61,14 @@ func TestParseJSONRequestSuccess(t *testing.T) { f := func(s string, resultExpected string) { t.Helper() var lines []string - n, err := parseJSONRequest([]byte(s), func(timestamp int64, fields []logstorage.Field) { + n, err := parseJSONRequest([]byte(s), func(timestamp int64, fields []logstorage.Field) error { var a []string for _, f := range fields { a = append(a, f.String()) } line := fmt.Sprintf("_time:%d %s", timestamp, strings.Join(a, " ")) lines = append(lines, line) + return nil }) if err != nil { t.Fatalf("unexpected error: %s", err) diff --git a/app/vlinsert/loki/loki_json_timing_test.go b/app/vlinsert/loki/loki_json_timing_test.go index 9c51f593a..37d922fc0 100644 --- a/app/vlinsert/loki/loki_json_timing_test.go +++ b/app/vlinsert/loki/loki_json_timing_test.go @@ -27,7 +27,7 @@ func benchmarkParseJSONRequest(b *testing.B, streams, rows, labels int) { b.RunParallel(func(pb *testing.PB) { data := getJSONBody(streams, rows, labels) for pb.Next() { - _, err := parseJSONRequest(data, func(timestamp int64, fields []logstorage.Field) {}) + _, err := parseJSONRequest(data, func(timestamp int64, fields []logstorage.Field) error { return nil }) if err != nil { panic(fmt.Errorf("unexpected error: %s", err)) } diff --git a/app/vlinsert/loki/loki_protobuf.go b/app/vlinsert/loki/loki_protobuf.go index aa4e6b592..0e7aceac7 100644 --- a/app/vlinsert/loki/loki_protobuf.go +++ b/app/vlinsert/loki/loki_protobuf.go @@ -42,10 +42,16 @@ func handleProtobuf(r *http.Request, w http.ResponseWriter) bool { lr := logstorage.GetLogRows(cp.StreamFields, cp.IgnoreFields) processLogMessage := cp.GetProcessLogMessageFunc(lr) n, err := parseProtobufRequest(data, processLogMessage) - vlstorage.MustAddRows(lr) + if err != nil { + logstorage.PutLogRows(lr) + httpserver.Errorf(w, r, "cannot parse Loki request: %s", err) + return true + } + + err = vlstorage.AddRows(lr) logstorage.PutLogRows(lr) if err != nil { - httpserver.Errorf(w, r, "cannot parse loki request: %s", err) + httpserver.Errorf(w, r, "cannot insert rows: %s", err) return true } @@ -65,7 +71,7 @@ var ( lokiRequestProtobufDuration = metrics.NewHistogram(`vl_http_request_duration_seconds{path="/insert/loki/api/v1/push",format="protobuf"}`) ) -func parseProtobufRequest(data []byte, processLogMessage func(timestamp int64, fields []logstorage.Field)) (int, error) { + func parseProtobufRequest(data []byte, processLogMessage func(timestamp int64, fields []logstorage.Field) error) (int, error) { bb := bytesBufPool.Get() defer bytesBufPool.Put(bb) @@ -108,7 +114,10 @@ func parseProtobufRequest(data []byte, processLogMessage func(timestamp int64, f if ts == 0 { ts = currentTimestamp } - processLogMessage(ts, fields) + err = processLogMessage(ts, fields) + if err != nil { + return rowsIngested, err + } } rowsIngested += len(stream.Entries) } diff --git a/app/vlinsert/loki/loki_protobuf_test.go b/app/vlinsert/loki/loki_protobuf_test.go index f6eb5f0ec..cc259bce5 100644 --- a/app/vlinsert/loki/loki_protobuf_test.go +++ b/app/vlinsert/loki/loki_protobuf_test.go @@ -14,7 +14,7 @@ func TestParseProtobufRequestSuccess(t *testing.T) { f := func(s string, resultExpected string) { t.Helper() var pr PushRequest - n, err := parseJSONRequest([]byte(s), func(timestamp int64, fields []logstorage.Field) { + n, err := parseJSONRequest([]byte(s), func(timestamp int64, fields []logstorage.Field) error { msg := "" for _, f := range fields { if f.Name == "_msg" { @@ -39,6 +39,7 @@ func TestParseProtobufRequestSuccess(t *testing.T) { }, }, }) + return nil }) if err != nil { t.Fatalf("unexpected error: %s", err) @@ -54,13 +55,14 @@ func TestParseProtobufRequestSuccess(t *testing.T) { encodedData := snappy.Encode(nil, data) var lines []string - n, err = parseProtobufRequest(encodedData, func(timestamp int64, fields []logstorage.Field) { + n, err = parseProtobufRequest(encodedData, func(timestamp int64, fields []logstorage.Field) error { var a []string for _, f := range fields { a = append(a, f.String()) } line := fmt.Sprintf("_time:%d %s", timestamp, strings.Join(a, " ")) lines = append(lines, line) + return nil }) if err != nil { t.Fatalf("unexpected error: %s", err) diff --git a/app/vlinsert/loki/loki_protobuf_timing_test.go b/app/vlinsert/loki/loki_protobuf_timing_test.go index 18f5b89ef..230ab7a47 100644 --- a/app/vlinsert/loki/loki_protobuf_timing_test.go +++ b/app/vlinsert/loki/loki_protobuf_timing_test.go @@ -6,8 +6,9 @@ import ( "testing" "time" - "github.com/VictoriaMetrics/VictoriaMetrics/lib/logstorage" "github.com/golang/snappy" + + "github.com/VictoriaMetrics/VictoriaMetrics/lib/logstorage" ) func BenchmarkParseProtobufRequest(b *testing.B) { @@ -28,7 +29,7 @@ func benchmarkParseProtobufRequest(b *testing.B, streams, rows, labels int) { b.RunParallel(func(pb *testing.PB) { body := getProtobufBody(streams, rows, labels) for pb.Next() { - _, err := parseProtobufRequest(body, func(timestamp int64, fields []logstorage.Field) {}) + _, err := parseProtobufRequest(body, func(timestamp int64, fields []logstorage.Field) error { return nil }) if err != nil { panic(fmt.Errorf("unexpected error: %s", err)) } diff --git a/app/vlstorage/main.go b/app/vlstorage/main.go index 0a6c9b55a..4533e7b25 100644 --- a/app/vlstorage/main.go +++ b/app/vlstorage/main.go @@ -6,11 +6,12 @@ import ( "sync" "time" + "github.com/VictoriaMetrics/metrics" + "github.com/VictoriaMetrics/VictoriaMetrics/lib/flagutil" "github.com/VictoriaMetrics/VictoriaMetrics/lib/fs" "github.com/VictoriaMetrics/VictoriaMetrics/lib/logger" "github.com/VictoriaMetrics/VictoriaMetrics/lib/logstorage" - "github.com/VictoriaMetrics/metrics" ) var ( @@ -29,6 +30,7 @@ var ( "see https://docs.victoriametrics.com/VictoriaLogs/keyConcepts.html#stream-fields ; see also -logIngestedRows") logIngestedRows = flag.Bool("logIngestedRows", false, "Whether to log all the ingested log entries; this can be useful for debugging of data ingestion; "+ "see https://docs.victoriametrics.com/VictoriaLogs/data-ingestion/ ; see also -logNewStreams") + minFreeDiskSpaceBytes = flagutil.NewBytes("storage.minFreeDiskSpaceBytes", 10e6, "The minimum free disk space at -storageDataPath after which the storage stops accepting new data") ) // Init initializes vlstorage. @@ -43,11 +45,12 @@ func Init() { logger.Fatalf("-retentionPeriod cannot be smaller than a day; got %s", retentionPeriod) } cfg := &logstorage.StorageConfig{ - Retention: retentionPeriod.Duration(), - FlushInterval: *inmemoryDataFlushInterval, - FutureRetention: futureRetention.Duration(), - LogNewStreams: *logNewStreams, - LogIngestedRows: *logIngestedRows, + Retention: retentionPeriod.Duration(), + FlushInterval: *inmemoryDataFlushInterval, + FutureRetention: futureRetention.Duration(), + LogNewStreams: *logNewStreams, + LogIngestedRows: *logIngestedRows, + MinFreeDiskSpaceBytes: minFreeDiskSpaceBytes.N, } logger.Infof("opening storage at -storageDataPath=%s", *storageDataPath) startTime := time.Now() @@ -74,9 +77,9 @@ func Stop() { var strg *logstorage.Storage var storageMetrics *metrics.Set -// MustAddRows adds lr to vlstorage -func MustAddRows(lr *logstorage.LogRows) { - strg.MustAddRows(lr) +// AddRows adds lr to vlstorage +func AddRows(lr *logstorage.LogRows) error { + return strg.AddRows(lr) } // RunQuery runs the given q and calls processBlock for the returned data blocks @@ -107,6 +110,13 @@ func initStorageMetrics(strg *logstorage.Storage) *metrics.Set { ms.NewGauge(fmt.Sprintf(`vl_free_disk_space_bytes{path=%q}`, *storageDataPath), func() float64 { return float64(fs.MustGetFreeSpace(*storageDataPath)) }) + ms.NewGauge(fmt.Sprintf(`vl_storage_is_read_only{path=%q}`, *storageDataPath), func() float64 { + if m().IsReadOnly { + return 1 + } + + return 0 + }) ms.NewGauge(`vl_active_merges{type="inmemory"}`, func() float64 { return float64(m().InmemoryActiveMerges) diff --git a/docs/VictoriaLogs/CHANGELOG.md b/docs/VictoriaLogs/CHANGELOG.md index f2bb6d29a..8f40aec7d 100644 --- a/docs/VictoriaLogs/CHANGELOG.md +++ b/docs/VictoriaLogs/CHANGELOG.md @@ -10,6 +10,8 @@ according to [these docs](https://docs.victoriametrics.com/VictoriaLogs/QuickSta * `vl_data_size_bytes{type="storage"}` - on-disk size for data excluding [log stream](https://docs.victoriametrics.com/VictoriaLogs/keyConcepts.html#stream-fields) indexes. * `vl_data_size_bytes{type="indexdb"}` - on-disk size for [log stream](https://docs.victoriametrics.com/VictoriaLogs/keyConcepts.html#stream-fields) indexes. * FEATURE: add `-insert.maxFieldsPerLine` command-line flag, which can be used for limiting the number of fields per line in logs sent to VictoriaLogs via ingestion protocols. This helps to avoid issues like [this](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4762). +* FEATURE: expose `vl_http_request_duration_seconds` metric at the [/metrics](monitoring). See this [PR](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/4934) for details. +* FEATURE: add support of `--storage.minFreeDiskSpaceBytes` command-line flag to allow switching to read-only mode when running out of disk space at `--storageDataPath`. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4737). * FEATURE: expose `vl_http_request_duration_seconds` histogram at the [/metrics](https://docs.victoriametrics.com/VictoriaLogs/#monitoring) page. Thanks to @crossoverJie for [this pull request](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/4934). * BUGFIX: fix possible panic when no data is written to VictoriaLogs for a long time. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4895). Thanks to @crossoverJie for filing and fixing the issue. diff --git a/docs/VictoriaLogs/README.md b/docs/VictoriaLogs/README.md index 22c722cc1..ba8e2c598 100644 --- a/docs/VictoriaLogs/README.md +++ b/docs/VictoriaLogs/README.md @@ -239,6 +239,9 @@ Pass `-help` to VictoriaLogs in order to see the list of supported command-line Supports the following optional suffixes for size values: KB, MB, GB, TB, KiB, MiB, GiB, TiB (default 1048576) -storageDataPath string Path to directory with the VictoriaLogs data; see https://docs.victoriametrics.com/VictoriaLogs/#storage (default "victoria-logs-data") + -storage.minFreeDiskSpaceBytes size + The minimum free disk space at -storageDataPath after which the storage stops accepting new data + Supports the following optional suffixes for size values: KB, MB, GB, TB, KiB, MiB, GiB, TiB (default 10000000) -tls Whether to enable TLS for incoming HTTP requests at -httpListenAddr (aka https). -tlsCertFile and -tlsKeyFile must be set if -tls is set -tlsCertFile string diff --git a/lib/logstorage/datadb.go b/lib/logstorage/datadb.go index d3afc82f1..d2fd8d5c5 100644 --- a/lib/logstorage/datadb.go +++ b/lib/logstorage/datadb.go @@ -2,6 +2,7 @@ package logstorage import ( "encoding/json" + "errors" "fmt" "os" "path/filepath" @@ -78,6 +79,9 @@ type datadb struct { // // This variable must be accessed under partsLock. mergeWorkersCount int + + // isReadOnly indicates whether the storage is in read-only mode. + isReadOnly *uint32 } // partWrapper is a wrapper for opened part. @@ -137,7 +141,7 @@ func mustCreateDatadb(path string) { } // mustOpenDatadb opens datadb at the given path with the given flushInterval for in-memory data. -func mustOpenDatadb(pt *partition, path string, flushInterval time.Duration) *datadb { +func mustOpenDatadb(pt *partition, path string, flushInterval time.Duration, isReadOnly *uint32) *datadb { // Remove temporary directories, which may be left after unclean shutdown. fs.MustRemoveTemporaryDirs(path) @@ -169,6 +173,7 @@ func mustOpenDatadb(pt *partition, path string, flushInterval time.Duration) *da path: path, fileParts: pws, stopCh: make(chan struct{}), + isReadOnly: isReadOnly, } // Start merge workers in the hope they'll merge the remaining parts @@ -221,7 +226,10 @@ func (ddb *datadb) flushInmemoryParts() { // There are no in-memory parts, so stop the flusher. return } - ddb.mustMergePartsFinal(partsToFlush) + err := ddb.mergePartsFinal(partsToFlush) + if err != nil { + logger.Errorf("cannot flush inmemory parts to disk: %s", err) + } select { case <-ddb.stopCh: @@ -235,6 +243,9 @@ func (ddb *datadb) flushInmemoryParts() { // // This function must be called under locked partsLock. func (ddb *datadb) startMergeWorkerLocked() { + if ddb.IsReadOnly() { + return + } if ddb.mergeWorkersCount >= getMergeWorkersCount() { return } @@ -242,8 +253,11 @@ func (ddb *datadb) startMergeWorkerLocked() { ddb.wg.Add(1) go func() { globalMergeLimitCh <- struct{}{} - ddb.mustMergeExistingParts() + err := ddb.mergeExistingParts() <-globalMergeLimitCh + if err != nil && !errors.Is(err, errReadOnly) { + logger.Errorf("cannot merge parts: %s", err) + } ddb.wg.Done() }() } @@ -263,7 +277,7 @@ func getMergeWorkersCount() int { return n } -func (ddb *datadb) mustMergeExistingParts() { +func (ddb *datadb) mergeExistingParts() error { for !needStop(ddb.stopCh) { maxOutBytes := ddb.availableDiskSpace() @@ -280,7 +294,7 @@ func (ddb *datadb) mustMergeExistingParts() { if len(pws) == 0 { // Nothing to merge at the moment. - return + return nil } partsSize := getCompressedSize(pws) @@ -291,9 +305,15 @@ func (ddb *datadb) mustMergeExistingParts() { ddb.releasePartsToMerge(pws) continue } - ddb.mustMergeParts(pws, false) + err := ddb.mergeParts(pws, false) ddb.releaseDiskSpace(partsSize) + ddb.releasePartsToMerge(pws) + if err != nil { + return err + } } + + return nil } // appendNotInMergePartsLocked appends src parts with isInMerge=false to dst and returns the result. @@ -328,15 +348,21 @@ func assertIsInMerge(pws []*partWrapper) { } } -// mustMergeParts merges pws to a single resulting part. +var errReadOnly = errors.New("the storage is in read-only mode") + +// mergeParts merges pws to a single resulting part. // // if isFinal is set, then the resulting part will be saved to disk. // // All the parts inside pws must have isInMerge field set to true. -func (ddb *datadb) mustMergeParts(pws []*partWrapper, isFinal bool) { +func (ddb *datadb) mergeParts(pws []*partWrapper, isFinal bool) error { + if ddb.IsReadOnly() { + return errReadOnly + } + if len(pws) == 0 { // Nothing to merge. - return + return nil } assertIsInMerge(pws) @@ -363,7 +389,7 @@ func (ddb *datadb) mustMergeParts(pws []*partWrapper, isFinal bool) { mp.MustStoreToDisk(dstPartPath) pwNew := ddb.openCreatedPart(&mp.ph, pws, nil, dstPartPath) ddb.swapSrcWithDstParts(pws, pwNew, dstPartType) - return + return nil } // Prepare blockStreamReaders for source parts. @@ -415,7 +441,7 @@ func (ddb *datadb) mustMergeParts(pws []*partWrapper, isFinal bool) { if dstPartType == partFile { fs.MustRemoveAll(dstPartPath) } - return + return nil } // Atomically swap the source parts with the newly created part. @@ -435,7 +461,7 @@ func (ddb *datadb) mustMergeParts(pws []*partWrapper, isFinal bool) { d := time.Since(startTime) if d <= 30*time.Second { - return + return nil } // Log stats for long merges. @@ -443,6 +469,7 @@ func (ddb *datadb) mustMergeParts(pws []*partWrapper, isFinal bool) { rowsPerSec := int(float64(srcRowsCount) / durationSecs) logger.Infof("merged (%d parts, %d rows, %d blocks, %d bytes) into (1 part, %d rows, %d blocks, %d bytes) in %.3f seconds at %d rows/sec to %q", len(pws), srcRowsCount, srcBlocksCount, srcSize, dstRowsCount, dstBlocksCount, dstSize, durationSecs, rowsPerSec, dstPartPath) + return nil } func (ddb *datadb) nextMergeIdx() uint64 { @@ -610,7 +637,7 @@ func (ddb *datadb) debugFlush() { // Nothing to do, since all the ingested data is available for search via ddb.inmemoryParts. } -func (ddb *datadb) mustMergePartsFinal(pws []*partWrapper) { +func (ddb *datadb) mergePartsFinal(pws []*partWrapper) error { assertIsInMerge(pws) var pwsChunk []*partWrapper @@ -619,7 +646,11 @@ func (ddb *datadb) mustMergePartsFinal(pws []*partWrapper) { if len(pwsChunk) == 0 { pwsChunk = append(pwsChunk[:0], pws...) } - ddb.mustMergeParts(pwsChunk, true) + err := ddb.mergeParts(pwsChunk, true) + if err != nil { + ddb.releasePartsToMerge(pwsChunk) + return err + } partsToRemove := partsToMap(pwsChunk) removedParts := 0 @@ -628,6 +659,7 @@ func (ddb *datadb) mustMergePartsFinal(pws []*partWrapper) { logger.Panicf("BUG: unexpected number of parts removed; got %d; want %d", removedParts, len(pwsChunk)) } } + return nil } func partsToMap(pws []*partWrapper) map[*partWrapper]struct{} { @@ -793,6 +825,10 @@ func (ddb *datadb) releaseDiskSpace(n uint64) { atomic.AddUint64(&reservedDiskSpace, -n) } +func (ddb *datadb) IsReadOnly() bool { + return atomic.LoadUint32(ddb.isReadOnly) == 1 +} + // reservedDiskSpace tracks global reserved disk space for currently executed // background merges across all the partitions. // @@ -817,7 +853,10 @@ func mustCloseDatadb(ddb *datadb) { // flush in-memory data to disk pws := append([]*partWrapper{}, ddb.inmemoryParts...) setInMergeLocked(pws) - ddb.mustMergePartsFinal(pws) + err := ddb.mergePartsFinal(pws) + if err != nil { + logger.Fatalf("FATAL: cannot merge inmemory parts: %s", err) + } // There is no need in using ddb.partsLock here, since nobody should acces ddb now. for _, pw := range ddb.inmemoryParts { diff --git a/lib/logstorage/filters_test.go b/lib/logstorage/filters_test.go index cf7d6e782..289492045 100644 --- a/lib/logstorage/filters_test.go +++ b/lib/logstorage/filters_test.go @@ -9277,7 +9277,7 @@ func generateRowsFromColumns(s *Storage, tenantID TenantID, columns []column) { timestamp := int64(i) * 1e9 lr.MustAdd(tenantID, timestamp, fields) } - s.MustAddRows(lr) + _ = s.AddRows(lr) PutLogRows(lr) } @@ -9291,6 +9291,6 @@ func generateRowsFromTimestamps(s *Storage, tenantID TenantID, timestamps []int6 }) lr.MustAdd(tenantID, timestamp, fields) } - s.MustAddRows(lr) + _ = s.AddRows(lr) PutLogRows(lr) } diff --git a/lib/logstorage/log_rows.go b/lib/logstorage/log_rows.go index ce759b85a..789dab6a3 100644 --- a/lib/logstorage/log_rows.go +++ b/lib/logstorage/log_rows.go @@ -7,7 +7,7 @@ import ( "github.com/VictoriaMetrics/VictoriaMetrics/lib/bytesutil" ) -// LogRows holds a set of rows needed for Storage.MustAddRows +// LogRows holds a set of rows needed for Storage.AddRows // // LogRows must be obtained via GetLogRows() type LogRows struct { diff --git a/lib/logstorage/partition.go b/lib/logstorage/partition.go index 64465de20..df609c3aa 100644 --- a/lib/logstorage/partition.go +++ b/lib/logstorage/partition.go @@ -77,7 +77,7 @@ func mustOpenPartition(s *Storage, path string) *partition { // Open datadb datadbPath := filepath.Join(path, datadbDirname) - pt.ddb = mustOpenDatadb(pt, datadbPath, s.flushInterval) + pt.ddb = mustOpenDatadb(pt, datadbPath, s.flushInterval, &s.isReadOnly) return pt } diff --git a/lib/logstorage/storage.go b/lib/logstorage/storage.go index 9d840fb5b..341ec46c1 100644 --- a/lib/logstorage/storage.go +++ b/lib/logstorage/storage.go @@ -26,6 +26,9 @@ type StorageStats struct { PartitionsCount uint64 PartitionStats + + // IsReadOnly indicates whether the storage is read-only. + IsReadOnly bool } // Reset resets s. @@ -58,6 +61,9 @@ type StorageConfig struct { // // This can be useful for debugging of data ingestion. LogIngestedRows bool + + // MinFreeDiskSpaceBytes is the minimum free disk space at -storageDataPath after which the storage stops accepting new data + MinFreeDiskSpaceBytes int64 } // Storage is the storage for log entries. @@ -126,6 +132,10 @@ type Storage struct { // // It reduces the load on persistent storage during querying by _stream:{...} filter. streamFilterCache *workingsetcache.Cache + + isReadOnly uint32 + + freeDiskSpaceWatcherWG sync.WaitGroup } type partitionWrapper struct { @@ -288,6 +298,7 @@ func MustOpenStorage(path string, cfg *StorageConfig) *Storage { s.partitions = ptws s.runRetentionWatcher() + s.startFreeDiskSpaceWatcher(uint64(cfg.MinFreeDiskSpaceBytes)) return s } @@ -357,6 +368,7 @@ func (s *Storage) MustClose() { // Stop background workers close(s.stopCh) s.wg.Wait() + s.freeDiskSpaceWatcherWG.Wait() // Close partitions for _, pw := range s.partitions { @@ -389,8 +401,12 @@ func (s *Storage) MustClose() { s.path = "" } -// MustAddRows adds lr to s. -func (s *Storage) MustAddRows(lr *LogRows) { +// AddRows adds lr to s. +func (s *Storage) AddRows(lr *LogRows) error { + if s.IsReadOnly() { + return errReadOnly + } + // Fast path - try adding all the rows to the hot partition s.partitionsLock.Lock() ptwHot := s.ptwHot @@ -403,7 +419,7 @@ func (s *Storage) MustAddRows(lr *LogRows) { if ptwHot.canAddAllRows(lr) { ptwHot.pt.mustAddRows(lr) ptwHot.decRef() - return + return nil } ptwHot.decRef() } @@ -447,6 +463,7 @@ func (s *Storage) MustAddRows(lr *LogRows) { ptw.decRef() PutLogRows(lrPart) } + return nil } var tooSmallTimestampLogger = logger.WithThrottler("too_small_timestamp", 5*time.Second) @@ -515,6 +532,44 @@ func (s *Storage) UpdateStats(ss *StorageStats) { ptw.pt.updateStats(&ss.PartitionStats) } s.partitionsLock.Unlock() + ss.IsReadOnly = s.IsReadOnly() +} + +// IsReadOnly returns information is storage in read only mode +func (s *Storage) IsReadOnly() bool { + return atomic.LoadUint32(&s.isReadOnly) == 1 +} + +func (s *Storage) startFreeDiskSpaceWatcher(freeDiskSpaceLimitBytes uint64) { + f := func() { + freeSpaceBytes := fs.MustGetFreeSpace(s.path) + if freeSpaceBytes < freeDiskSpaceLimitBytes { + // Switch the storage to readonly mode if there is no enough free space left at s.path + logger.Warnf("switching the storage at %s to read-only mode, since it has less than -storage.minFreeDiskSpaceBytes=%d of free space: %d bytes left", + s.path, freeDiskSpaceLimitBytes, freeSpaceBytes) + atomic.StoreUint32(&s.isReadOnly, 1) + return + } + if atomic.CompareAndSwapUint32(&s.isReadOnly, 1, 0) { + logger.Warnf("enabling writing to the storage at %s, since it has more than -storage.minFreeDiskSpaceBytes=%d of free space: %d bytes left", + s.path, freeDiskSpaceLimitBytes, freeSpaceBytes) + } + } + f() + s.freeDiskSpaceWatcherWG.Add(1) + go func() { + defer s.freeDiskSpaceWatcherWG.Done() + ticker := time.NewTicker(time.Second) + defer ticker.Stop() + for { + select { + case <-s.stopCh: + return + case <-ticker.C: + f() + } + } + }() } func (s *Storage) debugFlush() { diff --git a/lib/logstorage/storage_search_test.go b/lib/logstorage/storage_search_test.go index 63404838c..d61035a5d 100644 --- a/lib/logstorage/storage_search_test.go +++ b/lib/logstorage/storage_search_test.go @@ -70,7 +70,7 @@ func TestStorageRunQuery(t *testing.T) { }) lr.MustAdd(tenantID, timestamp, fields) } - s.MustAddRows(lr) + _ = s.AddRows(lr) PutLogRows(lr) } } @@ -366,7 +366,7 @@ func TestStorageSearch(t *testing.T) { }) lr.MustAdd(tenantID, timestamp, fields) } - s.MustAddRows(lr) + _ = s.AddRows(lr) PutLogRows(lr) } } diff --git a/lib/logstorage/storage_test.go b/lib/logstorage/storage_test.go index 193179bb1..9951a6a4c 100644 --- a/lib/logstorage/storage_test.go +++ b/lib/logstorage/storage_test.go @@ -32,7 +32,7 @@ func TestStorageMustAddRows(t *testing.T) { lr := newTestLogRows(1, 1, 0) lr.timestamps[0] = time.Now().UTC().UnixNano() totalRowsCount += uint64(len(lr.timestamps)) - s.MustAddRows(lr) + _ = s.AddRows(lr) sStats.Reset() s.UpdateStats(&sStats) if n := sStats.RowsCount(); n != totalRowsCount { @@ -56,7 +56,7 @@ func TestStorageMustAddRows(t *testing.T) { lr.timestamps[i] = time.Now().UTC().UnixNano() } totalRowsCount += uint64(len(lr.timestamps)) - s.MustAddRows(lr) + _ = s.AddRows(lr) sStats.Reset() s.UpdateStats(&sStats) if n := sStats.RowsCount(); n != totalRowsCount { @@ -80,7 +80,7 @@ func TestStorageMustAddRows(t *testing.T) { now += nsecPerDay } totalRowsCount += uint64(len(lr.timestamps)) - s.MustAddRows(lr) + _ = s.AddRows(lr) sStats.Reset() s.UpdateStats(&sStats) if n := sStats.RowsCount(); n != totalRowsCount { From 94627113dbe0b7bed23a7dc4864fc2f2903a819c Mon Sep 17 00:00:00 2001 From: Zakhar Bessarab Date: Fri, 29 Sep 2023 13:58:20 +0400 Subject: [PATCH 24/73] lib/logstorage: prevent from panic during background merge (#4969) * lib/logstorage: prevent from panic during background merge Fixes panic during background merge when resulting block would contain more columns than maxColumnsPerBlock. Buffered data will be flushed and replaced by the next block. See: https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4762 Signed-off-by: Zakhar Bessarab * lib/logstorage: clarify field description and comment Signed-off-by: Zakhar Bessarab --------- Signed-off-by: Zakhar Bessarab --- docs/VictoriaLogs/CHANGELOG.md | 1 + lib/logstorage/block.go | 1 + lib/logstorage/block_stream_merger.go | 25 +++++++++++++++++++++++++ lib/logstorage/rows.go | 10 ++++++++++ 4 files changed, 37 insertions(+) diff --git a/docs/VictoriaLogs/CHANGELOG.md b/docs/VictoriaLogs/CHANGELOG.md index 8f40aec7d..50a67d8d0 100644 --- a/docs/VictoriaLogs/CHANGELOG.md +++ b/docs/VictoriaLogs/CHANGELOG.md @@ -16,6 +16,7 @@ according to [these docs](https://docs.victoriametrics.com/VictoriaLogs/QuickSta * BUGFIX: fix possible panic when no data is written to VictoriaLogs for a long time. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4895). Thanks to @crossoverJie for filing and fixing the issue. * BUGFIX: add `/insert/loky/ready` endpoint, which is used by Promtail for healthchecks. This should remove `unsupported path requested: /insert/loki/ready` warning logs. See [this comment](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4762#issuecomment-1690966722). +* BUGFIX: prevent panic during background merge when amount of columns in resulting block exceeds max number of columns per block. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4762). ## [v0.3.0](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v0.3.0-victorialogs) diff --git a/lib/logstorage/block.go b/lib/logstorage/block.go index 83834c895..7e73c563d 100644 --- a/lib/logstorage/block.go +++ b/lib/logstorage/block.go @@ -505,6 +505,7 @@ func (b *block) appendRows(dst *rows) { dst.rows = append(dst.rows, fieldsBuf[fieldsLen:]) } dst.fieldsBuf = fieldsBuf + dst.uniqueFields += len(ccs) + len(cs) } func areSameFieldsInRows(rows [][]Field) bool { diff --git a/lib/logstorage/block_stream_merger.go b/lib/logstorage/block_stream_merger.go index 6137c2406..fc0834377 100644 --- a/lib/logstorage/block_stream_merger.go +++ b/lib/logstorage/block_stream_merger.go @@ -5,6 +5,7 @@ import ( "fmt" "strings" "sync" + "time" "github.com/VictoriaMetrics/VictoriaMetrics/lib/logger" ) @@ -117,6 +118,14 @@ func (bsm *blockStreamMerger) mustInit(bsw *blockStreamWriter, bsrs []*blockStre heap.Init(&bsm.readersHeap) } +var mergeStreamsExceedLogger = logger.WithThrottler("mergeStreamsExceed", 10*time.Second) + +func (bsm *blockStreamMerger) mergeStreamsLimitWarn(bd *blockData) { + attempted := bsm.rows.uniqueFields + len(bd.columnsData) + len(bd.constColumns) + mergeStreamsExceedLogger.Warnf("cannot perform background merge: too many columns for block after merge: %d, max columns: %d; "+ + "check ingestion configuration; see: https://docs.victoriametrics.com/VictoriaLogs/data-ingestion/#troubleshooting", attempted, maxColumnsPerBlock) +} + // mustWriteBlock writes bd to bsm func (bsm *blockStreamMerger) mustWriteBlock(bd *blockData, bsw *blockStreamWriter) { bsm.checkNextBlock(bd) @@ -133,6 +142,12 @@ func (bsm *blockStreamMerger) mustWriteBlock(bd *blockData, bsw *blockStreamWrit // Slow path - copy the bd to the curr bd. bsm.bd.copyFrom(bd) } + case !bsm.rows.hasCapacityFor(bd): + // Cannot merge bd with bsm.rows as too many columns will be created. + // Flush bsm.rows and write bd as is. + bsm.mergeStreamsLimitWarn(bd) + bsm.mustFlushRows() + bsw.MustWriteBlockData(bd) case bd.uncompressedSizeBytes >= maxUncompressedBlockSize: // The bd contains the same streamID and it is full, // so it can be written next after the current log entries @@ -199,6 +214,15 @@ func (bsm *blockStreamMerger) mustMergeRows(bd *blockData) { bsm.bd.reset() } + if !bsm.rows.hasCapacityFor(bd) { + // Cannot merge bd with bsm.rows as too many columns will be created. + // Flush bsm.rows and write bd as is. + bsm.mergeStreamsLimitWarn(bd) + bsm.mustFlushRows() + bsm.bsw.MustWriteBlockData(bd) + return + } + // Unmarshal log entries from bd rowsLen := len(bsm.rows.timestamps) bsm.mustUnmarshalRows(bd) @@ -208,6 +232,7 @@ func (bsm *blockStreamMerger) mustMergeRows(bd *blockData) { rows := bsm.rows.rows bsm.rowsTmp.mergeRows(timestamps[:rowsLen], timestamps[rowsLen:], rows[:rowsLen], rows[rowsLen:]) bsm.rows, bsm.rowsTmp = bsm.rowsTmp, bsm.rows + bsm.rows.uniqueFields = bsm.rowsTmp.uniqueFields bsm.rowsTmp.reset() if bsm.uncompressedRowsSizeBytes >= maxUncompressedBlockSize { diff --git a/lib/logstorage/rows.go b/lib/logstorage/rows.go index 76516bc8b..efb3bf995 100644 --- a/lib/logstorage/rows.go +++ b/lib/logstorage/rows.go @@ -65,6 +65,10 @@ func (f *Field) unmarshal(src []byte) ([]byte, error) { type rows struct { fieldsBuf []Field + // uniqueFields is the maximum estimated number of unique fields which are currently stored in fieldsBuf. + // it is used to perform worst case estimation when merging rows. + uniqueFields int + timestamps []int64 rows [][]Field @@ -121,3 +125,9 @@ func (rs *rows) mergeRows(timestampsA, timestampsB []int64, fieldsA, fieldsB [][ rs.appendRows(timestampsA, fieldsA) } } + +// hasCapacityFor returns true if merging bd with rs won't create too many columns +// for creating a new block. +func (rs *rows) hasCapacityFor(bd *blockData) bool { + return rs.uniqueFields+len(bd.columnsData)+len(bd.constColumns) < maxColumnsPerBlock +} From 896c85a4a4acb328d3435a2b14ee3120ee2c738b Mon Sep 17 00:00:00 2001 From: Dmytro Kozlov Date: Fri, 29 Sep 2023 12:03:01 +0200 Subject: [PATCH 25/73] app/vmselect: fix bitmap_*() functions behavior (#5021) Related issue: https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4996 Signed-off-by: dmitryk-dk d.kozlov@victoriametrics.com Signed-off-by: dmitryk-dk d.kozlov@victoriametrics.com Co-authored-by: Nikolay --- app/vmselect/promql/exec_test.go | 54 +++++++++++++++++++++++++++++++- app/vmselect/promql/transform.go | 6 +++- docs/CHANGELOG.md | 1 + 3 files changed, 59 insertions(+), 2 deletions(-) diff --git a/app/vmselect/promql/exec_test.go b/app/vmselect/promql/exec_test.go index 60430bdf1..d92348437 100644 --- a/app/vmselect/promql/exec_test.go +++ b/app/vmselect/promql/exec_test.go @@ -5,10 +5,11 @@ import ( "testing" "time" + "github.com/VictoriaMetrics/metricsql" + "github.com/VictoriaMetrics/VictoriaMetrics/app/vmselect/netstorage" "github.com/VictoriaMetrics/VictoriaMetrics/app/vmselect/searchutils" "github.com/VictoriaMetrics/VictoriaMetrics/lib/storage" - "github.com/VictoriaMetrics/metricsql" ) func TestEscapeDots(t *testing.T) { @@ -245,6 +246,23 @@ func TestExecSuccess(t *testing.T) { resultExpected := []netstorage.Result{r} f(q, resultExpected) }) + t.Run("bitmap_and(NaN, 1)", func(t *testing.T) { + t.Parallel() + q := `bitmap_and(NaN, 1)` + var resultExpected []netstorage.Result + f(q, resultExpected) + }) + t.Run("bitmap_and(round(rand(1) > 0.5, 1), 1)", func(t *testing.T) { + t.Parallel() + q := `bitmap_and(round(rand(1) > 0.5, 1), 1)` + r := netstorage.Result{ + MetricName: metricNameExpected, + Values: []float64{1, 1, 1, nan, nan, 1}, + Timestamps: timestampsExpected, + } + resultExpected := []netstorage.Result{r} + f(q, resultExpected) + }) t.Run("bitmap_or(0xA2, 0x11)", func(t *testing.T) { t.Parallel() q := `bitmap_or(0xA2, 0x11)` @@ -267,6 +285,23 @@ func TestExecSuccess(t *testing.T) { resultExpected := []netstorage.Result{r} f(q, resultExpected) }) + t.Run("bitmap_or(NaN, 1)", func(t *testing.T) { + t.Parallel() + q := `bitmap_or(NaN, 1)` + var resultExpected []netstorage.Result + f(q, resultExpected) + }) + t.Run("bitmap_or(round(rand(1) > 0.5, 1), 1)", func(t *testing.T) { + t.Parallel() + q := `bitmap_or(round(rand(1) > 0.5, 1), 1)` + r := netstorage.Result{ + MetricName: metricNameExpected, + Values: []float64{1, 1, 1, nan, nan, 1}, + Timestamps: timestampsExpected, + } + resultExpected := []netstorage.Result{r} + f(q, resultExpected) + }) t.Run("bitmap_xor(0xB3, 0x11)", func(t *testing.T) { t.Parallel() q := `bitmap_xor(0xB3, 0x11)` @@ -289,6 +324,23 @@ func TestExecSuccess(t *testing.T) { resultExpected := []netstorage.Result{r} f(q, resultExpected) }) + t.Run("bitmap_xor(NaN, 1)", func(t *testing.T) { + t.Parallel() + q := `bitmap_xor(NaN, 1)` + var resultExpected []netstorage.Result + f(q, resultExpected) + }) + t.Run("bitmap_xor(round(rand(1) > 0.5, 1), 1)", func(t *testing.T) { + t.Parallel() + q := `bitmap_xor(round(rand(1) > 0.5, 1), 1)` + r := netstorage.Result{ + MetricName: metricNameExpected, + Values: []float64{0, 0, 0, nan, nan, 0}, + Timestamps: timestampsExpected, + } + resultExpected := []netstorage.Result{r} + f(q, resultExpected) + }) t.Run("timezone_offset(UTC)", func(t *testing.T) { t.Parallel() q := `timezone_offset("UTC")` diff --git a/app/vmselect/promql/transform.go b/app/vmselect/promql/transform.go index 94da2a572..64b4f59b9 100644 --- a/app/vmselect/promql/transform.go +++ b/app/vmselect/promql/transform.go @@ -11,12 +11,13 @@ import ( "strings" "time" + "github.com/VictoriaMetrics/metricsql" + "github.com/VictoriaMetrics/VictoriaMetrics/app/vmselect/searchutils" "github.com/VictoriaMetrics/VictoriaMetrics/lib/bytesutil" "github.com/VictoriaMetrics/VictoriaMetrics/lib/decimal" "github.com/VictoriaMetrics/VictoriaMetrics/lib/logger" "github.com/VictoriaMetrics/VictoriaMetrics/lib/storage" - "github.com/VictoriaMetrics/metricsql" ) var transformFuncs = map[string]transformFunc{ @@ -2589,6 +2590,9 @@ func newTransformBitmap(bitmapFunc func(a, b uint64) uint64) func(tfa *transform } tf := func(values []float64) { for i, v := range values { + if math.IsNaN(v) { + continue + } values[i] = float64(bitmapFunc(uint64(v), uint64(ns[i]))) } } diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index bc5b82fcb..7426c8580 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -58,6 +58,7 @@ The sandbox cluster installation is running under the constant load generated by * BUGFIX: [Official Grafana dashboards for VictoriaMetrics](https://grafana.com/orgs/victoriametrics): move vmagent's `Concurrent inserts` panel to Troubleshooting section from `Ingestion` section because this panel is related to both: scraped and ingested data. Before, it could have give a misleading impression that it is related to ingested metrics only. * BUGFIX: [vmui](https://docs.victoriametrics.com/#vmui): fix the bug causing render looping when switching to heatmap. * BUGFIX: [VictoriaMetrics enterprise](https://docs.victoriametrics.com/enterprise.html) validate `-dedup.minScrapeInterval` value and `-downsampling.period` intervals are multiples of each other. See [these docs](https://docs.victoriametrics.com/#downsampling). +* BUGFIX: [MetricsQL](https://docs.victoriametrics.com/MetricsQL.html): fix bitmap_*() functions behavior. These functions will return `NaN` if timeseries has no value for timestamp. Previously these functions return `0`. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4996). * BUGFIX: [vmbackup](https://docs.victoriametrics.com/vmbackup.html): properly copy `appliedRetention.txt` files inside `<-storageDataPath>/{data}` folders during [incremental backups](https://docs.victoriametrics.com/vmbackup.html#incremental-backups). Previously the new `appliedRetention.txt` could be skipped during incremental backups, which could lead to increased load on storage after restoring from backup. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5005). * BUGFIX: [vmagent](https://docs.victoriametrics.com/vmagent.html): suppress `context canceled` error messages in logs when `vmagent` is reloading service discovery config. This error could appear starting from [v1.93.5](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.93.5). See [this PR](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5048). * BUGFIX: [MetricsQL](https://docs.victoriametrics.com/MetricsQL.html): allow passing [median_over_time](https://docs.victoriametrics.com/MetricsQL.html#median_over_time) to [aggr_over_time](https://docs.victoriametrics.com/MetricsQL.html#aggr_over_time). See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5034). From 859859aa1c07901cba526bf52eb2848b7ff5d5c6 Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Sun, 1 Oct 2023 20:52:25 +0200 Subject: [PATCH 26/73] app/vmagent: follow-up for cfef8147503158571cae03058f640ede45800471 - Properly handle /insert/multitenant/api/put url for opentsdb handler at vmagent - Document that the bug has been introduced in v1.93.2 at docs/CHANGELOG.md - Add a link to multitenant url docs in bugfix description Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5061 Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4910 --- app/vmagent/main.go | 2 +- docs/CHANGELOG.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/vmagent/main.go b/app/vmagent/main.go index 51fc5cf6b..27db29f99 100644 --- a/app/vmagent/main.go +++ b/app/vmagent/main.go @@ -208,7 +208,7 @@ func getAuthTokenFromPath(path string) (*auth.Token, error) { if p.Suffix != "opentsdb/api/put" { return nil, fmt.Errorf("unsupported path requested: %q; expecting 'opentsdb/api/put'", p.Suffix) } - return auth.NewToken(p.AuthToken) + return auth.NewTokenPossibleMultitenant(p.AuthToken) } func requestHandler(w http.ResponseWriter, r *http.Request) bool { diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 7426c8580..bcc078b48 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -62,7 +62,7 @@ The sandbox cluster installation is running under the constant load generated by * BUGFIX: [vmbackup](https://docs.victoriametrics.com/vmbackup.html): properly copy `appliedRetention.txt` files inside `<-storageDataPath>/{data}` folders during [incremental backups](https://docs.victoriametrics.com/vmbackup.html#incremental-backups). Previously the new `appliedRetention.txt` could be skipped during incremental backups, which could lead to increased load on storage after restoring from backup. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5005). * BUGFIX: [vmagent](https://docs.victoriametrics.com/vmagent.html): suppress `context canceled` error messages in logs when `vmagent` is reloading service discovery config. This error could appear starting from [v1.93.5](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.93.5). See [this PR](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5048). * BUGFIX: [MetricsQL](https://docs.victoriametrics.com/MetricsQL.html): allow passing [median_over_time](https://docs.victoriametrics.com/MetricsQL.html#median_over_time) to [aggr_over_time](https://docs.victoriametrics.com/MetricsQL.html#aggr_over_time). See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5034). -* BUGFIX: [vminsert](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html): fixed ingestion via multitenant url for opentsdbhttp. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5061). +* BUGFIX: [vminsert](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html): fix ingestion via [multitenant url](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#multitenancy-via-labels) for opentsdbhttp. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5061). The bug has been introduced in [v1.93.2](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.93.2). ## [v1.93.5](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.93.5) From 74ca4d09e79bb53a4fae7a5bc8e5b4810010d0b9 Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Sun, 1 Oct 2023 21:15:01 +0200 Subject: [PATCH 27/73] deployment: update VictoriaMetrics version from v1.93.4 to v1.93.5 See https://docs.victoriametrics.com/CHANGELOG.html#v1935 --- deployment/docker/docker-compose.yml | 6 +++--- deployment/logs-benchmark/docker-compose.yml | 2 +- .../digitialocean/one-click-droplet/RELEASE_GUIDE.md | 2 +- .../one-click-droplet/files/etc/update-motd.d/99-one-click | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/deployment/docker/docker-compose.yml b/deployment/docker/docker-compose.yml index 0a615325c..f2969f575 100644 --- a/deployment/docker/docker-compose.yml +++ b/deployment/docker/docker-compose.yml @@ -2,7 +2,7 @@ version: "3.5" services: vmagent: container_name: vmagent - image: victoriametrics/vmagent:v1.93.4 + image: victoriametrics/vmagent:v1.93.5 depends_on: - "victoriametrics" ports: @@ -18,7 +18,7 @@ services: restart: always victoriametrics: container_name: victoriametrics - image: victoriametrics/victoria-metrics:v1.93.4 + image: victoriametrics/victoria-metrics:v1.93.5 ports: - 8428:8428 - 8089:8089 @@ -57,7 +57,7 @@ services: restart: always vmalert: container_name: vmalert - image: victoriametrics/vmalert:v1.93.4 + image: victoriametrics/vmalert:v1.93.5 depends_on: - "victoriametrics" - "alertmanager" diff --git a/deployment/logs-benchmark/docker-compose.yml b/deployment/logs-benchmark/docker-compose.yml index dd3ea91f0..8e131c3bb 100644 --- a/deployment/logs-benchmark/docker-compose.yml +++ b/deployment/logs-benchmark/docker-compose.yml @@ -105,7 +105,7 @@ services: - '--config=/config.yml' vmsingle: - image: victoriametrics/victoria-metrics:v1.93.4 + image: victoriametrics/victoria-metrics:v1.93.5 ports: - '8428:8428' command: diff --git a/deployment/marketplace/digitialocean/one-click-droplet/RELEASE_GUIDE.md b/deployment/marketplace/digitialocean/one-click-droplet/RELEASE_GUIDE.md index 1e558c8ef..b91d1f83d 100644 --- a/deployment/marketplace/digitialocean/one-click-droplet/RELEASE_GUIDE.md +++ b/deployment/marketplace/digitialocean/one-click-droplet/RELEASE_GUIDE.md @@ -8,7 +8,7 @@ 4. Set variables `DIGITALOCEAN_API_TOKEN` with `VM_VERSION` for `packer` environment and run make from example below: ```console -make release-victoria-metrics-digitalocean-oneclick-droplet DIGITALOCEAN_API_TOKEN="dop_v23_2e46f4759ceeeba0d0248" VM_VERSION="1.93.4" +make release-victoria-metrics-digitalocean-oneclick-droplet DIGITALOCEAN_API_TOKEN="dop_v23_2e46f4759ceeeba0d0248" VM_VERSION="1.93.5" ``` diff --git a/deployment/marketplace/digitialocean/one-click-droplet/files/etc/update-motd.d/99-one-click b/deployment/marketplace/digitialocean/one-click-droplet/files/etc/update-motd.d/99-one-click index eb45bfab1..c6179e002 100755 --- a/deployment/marketplace/digitialocean/one-click-droplet/files/etc/update-motd.d/99-one-click +++ b/deployment/marketplace/digitialocean/one-click-droplet/files/etc/update-motd.d/99-one-click @@ -19,8 +19,8 @@ On the server: * VictoriaMetrics is running on ports: 8428, 8089, 4242, 2003 and they are bound to the local interface. ******************************************************************************** - # This image includes 1.93.4 version of VictoriaMetrics. - # See Release notes https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.93.4 + # This image includes 1.93.5 version of VictoriaMetrics. + # See Release notes https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.93.5 # Welcome to VictoriaMetrics droplet! From dfb82bd12613ee89532b4a80fd90c766ffa0b44c Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Sun, 1 Oct 2023 21:20:43 +0200 Subject: [PATCH 28/73] deployment/docker/docker-compose-cluster.yml: follow-up for 4d1b572f4699a13f8fd8f41d55a06947cbed2da8 Grafana and vmalert now depend on vmauth instead of individual vmselect nodes Updates https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5057 --- deployment/docker/docker-compose-cluster.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/deployment/docker/docker-compose-cluster.yml b/deployment/docker/docker-compose-cluster.yml index 35945cf1c..ec9c3052c 100644 --- a/deployment/docker/docker-compose-cluster.yml +++ b/deployment/docker/docker-compose-cluster.yml @@ -19,8 +19,7 @@ services: container_name: grafana image: grafana/grafana:9.2.7 depends_on: - - "vmselect-1" - - "vmselect-2" + - "vmauth" ports: - 3000:3000 restart: always @@ -116,8 +115,7 @@ services: container_name: vmalert image: victoriametrics/vmalert:v1.93.5 depends_on: - - "vmselect-1" - - "vmselect-2" + - "vmauth" ports: - 8880:8880 volumes: From 5e49b72126fb7e0d4b6d3db3440390b9e35d039d Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Sun, 1 Oct 2023 21:33:29 +0200 Subject: [PATCH 29/73] docs/CHANGELOG.md: follow-up for f0e33700fc04f7e2387d03363e219cb322474e0f Mention that the statistic inaccuracy is related to cardinality explorer --- docs/CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index bcc078b48..c6debc584 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -41,7 +41,7 @@ The sandbox cluster installation is running under the constant load generated by * FEATURE: [vmui](https://docs.victoriametrics.com/#vmui): add button for auto-formatting PromQL/MetricsQL queries. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4681). Thanks to @aramattamara for the [pull request](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/4694). * FEATURE: [vmui](https://docs.victoriametrics.com/#vmui): improve accessibility score to 100 according to [Google's Lighthouse](https://developer.chrome.com/docs/lighthouse/accessibility/) tests. * FEATURE: [vmui](https://docs.victoriametrics.com/#vmui): organize `min`, `max`, `median` values on the chart legend and tooltips for better visibility. -* FEATURE: [vmui](https://docs.victoriametrics.com/#vmui): add explanation about statistic inaccuracy in a cluster version. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3070). +* FEATURE: [vmui](https://docs.victoriametrics.com/#vmui): add explanation about [cardinality explorer](https://docs.victoriametrics.com/#cardinality-explorer) statistic inaccuracy in VictoriaMetrics cluster. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3070). * FEATURE: dashboards: provide copies of Grafana dashboards alternated with VictoriaMetrics datasource at [dashboards/vm](https://github.com/VictoriaMetrics/VictoriaMetrics/tree/master/dashboards/vm). * FEATURE: [vmauth](https://docs.victoriametrics.com/vmauth.html): added ability to set, override and clear request and response headers on a per-user and per-path basis. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4825) and [these docs](https://docs.victoriametrics.com/vmauth.html#auth-config) for details. * FEATURE: [vmauth](https://docs.victoriametrics.com/vmauth.html): add ability to retry requests to the [remaining backends](https://docs.victoriametrics.com/vmauth.html#load-balancing) if they return response status codes specified in the `retry_status_codes` list. See [this feature request](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4893). From cc3b1267f529862d8374039da61d41e644d0cee3 Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Sun, 1 Oct 2023 20:31:12 +0200 Subject: [PATCH 30/73] docs/Troubleshooting.md: describe how to optimize SLI/SLO queries with long lookbehind windows --- docs/Troubleshooting.md | 40 ++++++++++++++++++++++++++++------------ 1 file changed, 28 insertions(+), 12 deletions(-) diff --git a/docs/Troubleshooting.md b/docs/Troubleshooting.md index 8204f0877..e05bf9770 100644 --- a/docs/Troubleshooting.md +++ b/docs/Troubleshooting.md @@ -296,29 +296,40 @@ There are the following most commons reasons for slow data ingestion in Victoria Some queries may take more time and resources (CPU, RAM, network bandwidth) than others. VictoriaMetrics logs slow queries if their execution time exceeds the duration passed to `-search.logSlowQueryDuration` command-line flag (5s by default). -VictoriaMetrics also provides `/api/v1/status/top_queries` endpoint, which returns -queries that took the most time to execute. -See [these docs](https://docs.victoriametrics.com/#prometheus-querying-api-enhancements) for details. -There are the following solutions exist for slow queries: +VictoriaMetrics provides [`top queries` page at VMUI](https://docs.victoriametrics.com/#top-queries), which shows +queries that took the most time to execute. + +There are the following solutions exist for improving performance of slow queries: - Adding more CPU and memory to VictoriaMetrics, so it may perform the slow query faster. - If you use cluster version of VictoriaMetrics, then migration of `vmselect` nodes to machines + If you use cluster version of VictoriaMetrics, then migrating `vmselect` nodes to machines with more CPU and RAM should help improving speed for slow queries. Query performance - is always limited by resources of one vmselect which processes the query. For example, if 2vCPU cores on `vmselect` + is always limited by resources of one `vmselect` which processes the query. For example, if 2vCPU cores on `vmselect` isn't enough to process query fast enough, then migrating `vmselect` to a machine with 4vCPU cores should increase heavy query performance by up to 2x. - If the line on `Concurrent select` graph form the [official Grafana dashboard for VictoriaMetrics](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#monitoring) + If the line on `concurrent select` graph form the [official Grafana dashboard for VictoriaMetrics](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#monitoring) is close to the limit, then prefer adding more `vmselect` nodes to the cluster. Sometimes adding more `vmstorage` nodes also can help improving the speed for slow queries. - Rewriting slow queries, so they become faster. Unfortunately it is hard determining whether the given query is slow by just looking at it. - VictoriaMetrics provides [query tracing](https://docs.victoriametrics.com/#query-tracing) feature, - which can help determine the source of slow query. - See also [this article](https://valyala.medium.com/how-to-optimize-promql-and-metricsql-queries-85a1b75bf986), - which explains how to determine and optimize slow queries. - In practice many slow queries are generated because of improper use of [subqueries](https://docs.victoriametrics.com/MetricsQL.html#subqueries). + The main source of slow queries in practice is [alerting and recording rules](https://docs.victoriametrics.com/vmalert.html#rules) + with long lookbehind windows in square brackets. These queries are frequently used in SLI/SLO calculations such as [Sloth](https://github.com/slok/sloth). + + For example, `avg_over_time(up[30d]) > 0.99` needs to read and process + all the [raw samples](https://docs.victoriametrics.com/keyConcepts.html#raw-samples) + for `up` [time series](https://docs.victoriametrics.com/keyConcepts.html#time-series) over the last 30 days + each time it executes. If this query is executed frequently, then it can take significant share of CPU, disk read IO, network bandwidth and RAM. + Such queries can be optimized in the following ways: + + - To reduce the lookbehind window in square brackets. For example, `avg_over_time(up[10d])` takes up to 3x less compute resources + than `avg_over_time(up[30d])` at VictoriaMetrics. + - To increase evaluation interval for alerting and recording rules, so they are executed less frequently. + For example, increasing `-evaluationInterval` command-line flag value at [vmalert](https://docs.victoriametrics.com/vmalert.html) + from `1m` to `2m` should reduce compute resource usage at VictoriaMetrics by 2x. + + Another source of slow queries is improper use of [subqueries](https://docs.victoriametrics.com/MetricsQL.html#subqueries). It is recommended avoiding subqueries if you don't understand clearly how they work. It is easy to create a subquery without knowing about it. For example, `rate(sum(some_metric))` is implicitly transformed into the following subquery @@ -335,6 +346,11 @@ There are the following solutions exist for slow queries: It is likely this query won't return the expected results. Instead, `sum(rate(some_metric))` must be used instead. See [this article](https://www.robustperception.io/rate-then-sum-never-sum-then-rate/) for more details. + VictoriaMetrics provides [query tracing](https://docs.victoriametrics.com/#query-tracing) feature, + which can help determining the source of slow query. + See also [this article](https://valyala.medium.com/how-to-optimize-promql-and-metricsql-queries-85a1b75bf986), + which explains how to determine and optimize slow queries. + ## Out of memory errors From 7af9be92cc0353757a40ad2a80630bb0905df9a9 Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Sun, 1 Oct 2023 20:32:53 +0200 Subject: [PATCH 31/73] docs/vmalert.md: refer to -evaluationInterval command-line flag instead of evaluation_interval option, which isnt supported by vmalert This is follow-up for 5c42c1218a1098f7b20710a2dd9dccda47282adf --- app/vmalert/README.md | 4 ++-- docs/vmalert.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app/vmalert/README.md b/app/vmalert/README.md index f68a8d3c7..1a6693aaa 100644 --- a/app/vmalert/README.md +++ b/app/vmalert/README.md @@ -526,7 +526,7 @@ Alertmanagers. To avoid recording rules results and alerts state duplication in VictoriaMetrics server don't forget to configure [deduplication](https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html#deduplication). -The recommended value for `-dedup.minScrapeInterval` must be multiple of vmalert's `evaluation_interval`. +The recommended value for `-dedup.minScrapeInterval` must be multiple of vmalert's `-evaluationInterval`. If you observe inconsistent or "jumping" values in series produced by vmalert, try disabling `-datasource.queryTimeAlignment` command line flag. Because of alignment, two or more vmalert HA pairs will produce results with the same timestamps. But due of backfilling (data delivered to the datasource with some delay) values of such results may differ, @@ -778,7 +778,7 @@ may get empty response from the datasource and produce empty recording rules or Try the following recommendations to reduce the chance of hitting the data delay issue: -* Always configure group's `evaluationInterval` to be bigger or at least equal to +* Always configure group's `-evaluationInterval` to be bigger or at least equal to [time series resolution](https://docs.victoriametrics.com/keyConcepts.html#time-series-resolution); * Ensure that `[duration]` value is at least twice bigger than [time series resolution](https://docs.victoriametrics.com/keyConcepts.html#time-series-resolution). For example, diff --git a/docs/vmalert.md b/docs/vmalert.md index 03e6f49b9..b8a3ac431 100644 --- a/docs/vmalert.md +++ b/docs/vmalert.md @@ -537,7 +537,7 @@ Alertmanagers. To avoid recording rules results and alerts state duplication in VictoriaMetrics server don't forget to configure [deduplication](https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html#deduplication). -The recommended value for `-dedup.minScrapeInterval` must be multiple of vmalert's `evaluation_interval`. +The recommended value for `-dedup.minScrapeInterval` must be multiple of vmalert's `-evaluationInterval`. If you observe inconsistent or "jumping" values in series produced by vmalert, try disabling `-datasource.queryTimeAlignment` command line flag. Because of alignment, two or more vmalert HA pairs will produce results with the same timestamps. But due of backfilling (data delivered to the datasource with some delay) values of such results may differ, @@ -789,7 +789,7 @@ may get empty response from the datasource and produce empty recording rules or Try the following recommendations to reduce the chance of hitting the data delay issue: -* Always configure group's `evaluationInterval` to be bigger or at least equal to +* Always configure group's `-evaluationInterval` to be bigger or at least equal to [time series resolution](https://docs.victoriametrics.com/keyConcepts.html#time-series-resolution); * Ensure that `[duration]` value is at least twice bigger than [time series resolution](https://docs.victoriametrics.com/keyConcepts.html#time-series-resolution). For example, From 7373d04d54a98bc2e84c294cbe4e94b9a6d1ec9f Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Sun, 1 Oct 2023 20:35:07 +0200 Subject: [PATCH 32/73] docs/Single-server-VictoriaMetrics.md: refer to `active queries` and `top queries` pages at VMUI instead of refering to the corresponding HTTP endpoints "Active queries" and "Top queries" pages at VMUI are user-friendly than the corresponding HTTP endpoints --- README.md | 12 +++++++++--- docs/README.md | 12 +++++++++--- docs/Single-server-VictoriaMetrics.md | 12 +++++++++--- 3 files changed, 27 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index aab85c42e..525c6f2f6 100644 --- a/README.md +++ b/README.md @@ -365,6 +365,8 @@ See the [example VMUI at VictoriaMetrics playground](https://play.victoriametric * queries with the biggest average execution duration; * queries that took the most summary time for execution. +This information is obtained from the `/api/v1/status/top_queries` HTTP endpoint. + ## Active queries [VMUI](#vmui) provides `active queries` tab, which shows currently execute queries. @@ -374,6 +376,8 @@ It provides the following information per each query: - The duration of the query execution. - The client address, who initiated the query execution. +This information is obtained from the `/api/v1/status/active_queries` HTTP endpoint. + ## Metrics explorer [VMUI](#vmui) provides an ability to explore metrics exported by a particular `job` / `instance` in the following way: @@ -855,7 +859,7 @@ Additionally, VictoriaMetrics provides the following handlers: * `/api/v1/series/count` - returns the total number of time series in the database. Some notes: * the handler scans all the inverted index, so it can be slow if the database contains tens of millions of time series; * the handler may count [deleted time series](#how-to-delete-time-series) additionally to normal time series due to internal implementation restrictions; -* `/api/v1/status/active_queries` - returns a list of currently running queries. +* `/api/v1/status/active_queries` - returns the list of currently running queries. This list is also available at [`active queries` page at VMUI](#active-queries). * `/api/v1/status/top_queries` - returns the following query lists: * the most frequently executed queries - `topByCount` * queries with the biggest average execution duration - `topByAvgDuration` @@ -865,6 +869,8 @@ Additionally, VictoriaMetrics provides the following handlers: For example, request to `/api/v1/status/top_queries?topN=5&maxLifetime=30s` would return up to 5 queries per list, which were executed during the last 30 seconds. VictoriaMetrics tracks the last `-search.queryStats.lastQueriesCount` queries with durations at least `-search.queryStats.minQueryDuration`. + See also [`top queries` page at VMUI](#top-queries). + ### Timestamp formats VictoriaMetrics accepts the following formats for `time`, `start` and `end` query args @@ -1815,9 +1821,9 @@ Graphs on the dashboards contain useful hints - hover the `i` icon in the top le We recommend setting up [alerts](https://github.com/VictoriaMetrics/VictoriaMetrics/tree/master/deployment/docker#alerts) via [vmalert](https://docs.victoriametrics.com/vmalert.html) or via Prometheus. -VictoriaMetrics exposes currently running queries and their execution times at `/api/v1/status/active_queries` page. +VictoriaMetrics exposes currently running queries and their execution times at [`active queries` page](#active-queries). -VictoriaMetrics exposes queries, which take the most time to execute, at `/api/v1/status/top_queries` page. +VictoriaMetrics exposes queries, which take the most time to execute, at [`top queries` page](#top-queries). See also [VictoriaMetrics Monitoring](https://victoriametrics.com/blog/victoriametrics-monitoring/) and [troubleshooting docs](https://docs.victoriametrics.com/Troubleshooting.html). diff --git a/docs/README.md b/docs/README.md index fb316fa7d..4563dcaaf 100644 --- a/docs/README.md +++ b/docs/README.md @@ -368,6 +368,8 @@ See the [example VMUI at VictoriaMetrics playground](https://play.victoriametric * queries with the biggest average execution duration; * queries that took the most summary time for execution. +This information is obtained from the `/api/v1/status/top_queries` HTTP endpoint. + ## Active queries [VMUI](#vmui) provides `active queries` tab, which shows currently execute queries. @@ -377,6 +379,8 @@ It provides the following information per each query: - The duration of the query execution. - The client address, who initiated the query execution. +This information is obtained from the `/api/v1/status/active_queries` HTTP endpoint. + ## Metrics explorer [VMUI](#vmui) provides an ability to explore metrics exported by a particular `job` / `instance` in the following way: @@ -858,7 +862,7 @@ Additionally, VictoriaMetrics provides the following handlers: * `/api/v1/series/count` - returns the total number of time series in the database. Some notes: * the handler scans all the inverted index, so it can be slow if the database contains tens of millions of time series; * the handler may count [deleted time series](#how-to-delete-time-series) additionally to normal time series due to internal implementation restrictions; -* `/api/v1/status/active_queries` - returns a list of currently running queries. +* `/api/v1/status/active_queries` - returns the list of currently running queries. This list is also available at [`active queries` page at VMUI](#active-queries). * `/api/v1/status/top_queries` - returns the following query lists: * the most frequently executed queries - `topByCount` * queries with the biggest average execution duration - `topByAvgDuration` @@ -868,6 +872,8 @@ Additionally, VictoriaMetrics provides the following handlers: For example, request to `/api/v1/status/top_queries?topN=5&maxLifetime=30s` would return up to 5 queries per list, which were executed during the last 30 seconds. VictoriaMetrics tracks the last `-search.queryStats.lastQueriesCount` queries with durations at least `-search.queryStats.minQueryDuration`. + See also [`top queries` page at VMUI](#top-queries). + ### Timestamp formats VictoriaMetrics accepts the following formats for `time`, `start` and `end` query args @@ -1818,9 +1824,9 @@ Graphs on the dashboards contain useful hints - hover the `i` icon in the top le We recommend setting up [alerts](https://github.com/VictoriaMetrics/VictoriaMetrics/tree/master/deployment/docker#alerts) via [vmalert](https://docs.victoriametrics.com/vmalert.html) or via Prometheus. -VictoriaMetrics exposes currently running queries and their execution times at `/api/v1/status/active_queries` page. +VictoriaMetrics exposes currently running queries and their execution times at [`active queries` page](#active-queries). -VictoriaMetrics exposes queries, which take the most time to execute, at `/api/v1/status/top_queries` page. +VictoriaMetrics exposes queries, which take the most time to execute, at [`top queries` page](#top-queries). See also [VictoriaMetrics Monitoring](https://victoriametrics.com/blog/victoriametrics-monitoring/) and [troubleshooting docs](https://docs.victoriametrics.com/Troubleshooting.html). diff --git a/docs/Single-server-VictoriaMetrics.md b/docs/Single-server-VictoriaMetrics.md index d7c0b73f3..ffa2fa2af 100644 --- a/docs/Single-server-VictoriaMetrics.md +++ b/docs/Single-server-VictoriaMetrics.md @@ -376,6 +376,8 @@ See the [example VMUI at VictoriaMetrics playground](https://play.victoriametric * queries with the biggest average execution duration; * queries that took the most summary time for execution. +This information is obtained from the `/api/v1/status/top_queries` HTTP endpoint. + ## Active queries [VMUI](#vmui) provides `active queries` tab, which shows currently execute queries. @@ -385,6 +387,8 @@ It provides the following information per each query: - The duration of the query execution. - The client address, who initiated the query execution. +This information is obtained from the `/api/v1/status/active_queries` HTTP endpoint. + ## Metrics explorer [VMUI](#vmui) provides an ability to explore metrics exported by a particular `job` / `instance` in the following way: @@ -867,7 +871,7 @@ Additionally, VictoriaMetrics provides the following handlers: * `/api/v1/series/count` - returns the total number of time series in the database. Some notes: * the handler scans all the inverted index, so it can be slow if the database contains tens of millions of time series; * the handler may count [deleted time series](#how-to-delete-time-series) additionally to normal time series due to internal implementation restrictions; -* `/api/v1/status/active_queries` - returns a list of currently running queries. +* `/api/v1/status/active_queries` - returns the list of currently running queries. This list is also available at [`active queries` page at VMUI](#active-queries). * `/api/v1/status/top_queries` - returns the following query lists: * the most frequently executed queries - `topByCount` * queries with the biggest average execution duration - `topByAvgDuration` @@ -877,6 +881,8 @@ Additionally, VictoriaMetrics provides the following handlers: For example, request to `/api/v1/status/top_queries?topN=5&maxLifetime=30s` would return up to 5 queries per list, which were executed during the last 30 seconds. VictoriaMetrics tracks the last `-search.queryStats.lastQueriesCount` queries with durations at least `-search.queryStats.minQueryDuration`. + See also [`top queries` page at VMUI](#top-queries). + ### Timestamp formats VictoriaMetrics accepts the following formats for `time`, `start` and `end` query args @@ -1827,9 +1833,9 @@ Graphs on the dashboards contain useful hints - hover the `i` icon in the top le We recommend setting up [alerts](https://github.com/VictoriaMetrics/VictoriaMetrics/tree/master/deployment/docker#alerts) via [vmalert](https://docs.victoriametrics.com/vmalert.html) or via Prometheus. -VictoriaMetrics exposes currently running queries and their execution times at `/api/v1/status/active_queries` page. +VictoriaMetrics exposes currently running queries and their execution times at [`active queries` page](#active-queries). -VictoriaMetrics exposes queries, which take the most time to execute, at `/api/v1/status/top_queries` page. +VictoriaMetrics exposes queries, which take the most time to execute, at [`top queries` page](#top-queries). See also [VictoriaMetrics Monitoring](https://victoriametrics.com/blog/victoriametrics-monitoring/) and [troubleshooting docs](https://docs.victoriametrics.com/Troubleshooting.html). From 3ca6fea8580dfdae0dca754abb530bf11bed77b7 Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Sun, 1 Oct 2023 22:17:38 +0200 Subject: [PATCH 33/73] lib/{mergeset,storage}: perform at most one assisted merge per each call to addRows/addItems This should reduce tail latency during data ingestion. This shouldn't slow down data ingestion in the worst case, since assisted merges are spread among distinct addRows/addItems calls after this change. --- lib/mergeset/table.go | 64 +++++++++++++++++++--------------------- lib/storage/partition.go | 64 +++++++++++++++++++--------------------- 2 files changed, 60 insertions(+), 68 deletions(-) diff --git a/lib/mergeset/table.go b/lib/mergeset/table.go index bf7274a8e..e6f840571 100644 --- a/lib/mergeset/table.go +++ b/lib/mergeset/table.go @@ -773,45 +773,41 @@ func needAssistedMerge(pws []*partWrapper, maxParts int) bool { } func (tb *Table) assistedMergeForInmemoryParts() { - for { - tb.partsLock.Lock() - needMerge := needAssistedMerge(tb.inmemoryParts, maxInmemoryParts) - tb.partsLock.Unlock() - if !needMerge { - return - } - - atomic.AddUint64(&tb.inmemoryAssistedMerges, 1) - err := tb.mergeInmemoryParts() - if err == nil { - continue - } - if errors.Is(err, errNothingToMerge) || errors.Is(err, errForciblyStopped) { - return - } - logger.Panicf("FATAL: cannot assist with merging inmemory parts: %s", err) + tb.partsLock.Lock() + needMerge := needAssistedMerge(tb.inmemoryParts, maxInmemoryParts) + tb.partsLock.Unlock() + if !needMerge { + return } + + atomic.AddUint64(&tb.inmemoryAssistedMerges, 1) + err := tb.mergeInmemoryParts() + if err == nil { + return + } + if errors.Is(err, errNothingToMerge) || errors.Is(err, errForciblyStopped) { + return + } + logger.Panicf("FATAL: cannot assist with merging inmemory parts: %s", err) } func (tb *Table) assistedMergeForFileParts() { - for { - tb.partsLock.Lock() - needMerge := needAssistedMerge(tb.fileParts, maxFileParts) - tb.partsLock.Unlock() - if !needMerge { - return - } - - atomic.AddUint64(&tb.fileAssistedMerges, 1) - err := tb.mergeExistingParts(false) - if err == nil { - continue - } - if errors.Is(err, errNothingToMerge) || errors.Is(err, errForciblyStopped) || errors.Is(err, errReadOnlyMode) { - return - } - logger.Panicf("FATAL: cannot assist with merging file parts: %s", err) + tb.partsLock.Lock() + needMerge := needAssistedMerge(tb.fileParts, maxFileParts) + tb.partsLock.Unlock() + if !needMerge { + return } + + atomic.AddUint64(&tb.fileAssistedMerges, 1) + err := tb.mergeExistingParts(false) + if err == nil { + return + } + if errors.Is(err, errNothingToMerge) || errors.Is(err, errForciblyStopped) || errors.Is(err, errReadOnlyMode) { + return + } + logger.Panicf("FATAL: cannot assist with merging file parts: %s", err) } func getNotInMergePartsCount(pws []*partWrapper) int { diff --git a/lib/storage/partition.go b/lib/storage/partition.go index c9d7860c1..d0c0a29ef 100644 --- a/lib/storage/partition.go +++ b/lib/storage/partition.go @@ -634,45 +634,41 @@ func needAssistedMerge(pws []*partWrapper, maxParts int) bool { } func (pt *partition) assistedMergeForInmemoryParts() { - for { - pt.partsLock.Lock() - needMerge := needAssistedMerge(pt.inmemoryParts, maxInmemoryPartsPerPartition) - pt.partsLock.Unlock() - if !needMerge { - return - } - - atomic.AddUint64(&pt.inmemoryAssistedMerges, 1) - err := pt.mergeInmemoryParts() - if err == nil { - continue - } - if errors.Is(err, errNothingToMerge) || errors.Is(err, errForciblyStopped) { - return - } - logger.Panicf("FATAL: cannot merge inmemory parts: %s", err) + pt.partsLock.Lock() + needMerge := needAssistedMerge(pt.inmemoryParts, maxInmemoryPartsPerPartition) + pt.partsLock.Unlock() + if !needMerge { + return } + + atomic.AddUint64(&pt.inmemoryAssistedMerges, 1) + err := pt.mergeInmemoryParts() + if err == nil { + return + } + if errors.Is(err, errNothingToMerge) || errors.Is(err, errForciblyStopped) { + return + } + logger.Panicf("FATAL: cannot merge inmemory parts: %s", err) } func (pt *partition) assistedMergeForSmallParts() { - for { - pt.partsLock.Lock() - needMerge := needAssistedMerge(pt.smallParts, maxSmallPartsPerPartition) - pt.partsLock.Unlock() - if !needMerge { - return - } - - atomic.AddUint64(&pt.smallAssistedMerges, 1) - err := pt.mergeExistingParts(false) - if err == nil { - continue - } - if errors.Is(err, errNothingToMerge) || errors.Is(err, errForciblyStopped) || errors.Is(err, errReadOnlyMode) { - return - } - logger.Panicf("FATAL: cannot merge small parts: %s", err) + pt.partsLock.Lock() + needMerge := needAssistedMerge(pt.smallParts, maxSmallPartsPerPartition) + pt.partsLock.Unlock() + if !needMerge { + return } + + atomic.AddUint64(&pt.smallAssistedMerges, 1) + err := pt.mergeExistingParts(false) + if err == nil { + return + } + if errors.Is(err, errNothingToMerge) || errors.Is(err, errForciblyStopped) || errors.Is(err, errReadOnlyMode) { + return + } + logger.Panicf("FATAL: cannot merge small parts: %s", err) } func getNotInMergePartsCount(pws []*partWrapper) int { From bf6ebc86fd9a9f55d3265b51e558c17fb4034e31 Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Sun, 1 Oct 2023 23:31:05 +0200 Subject: [PATCH 34/73] docs/VictoriaLogs/CHANGELOG.md: remove duplicate lines about vl_http_request_duration_seconds metric This is a follow-up after 8a23d08c210c7c2440c224debcff266de3353a64 Updates https://github.com/VictoriaMetrics/VictoriaMetrics/pull/4945 --- docs/VictoriaLogs/CHANGELOG.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/VictoriaLogs/CHANGELOG.md b/docs/VictoriaLogs/CHANGELOG.md index 50a67d8d0..a945cc2f7 100644 --- a/docs/VictoriaLogs/CHANGELOG.md +++ b/docs/VictoriaLogs/CHANGELOG.md @@ -10,9 +10,8 @@ according to [these docs](https://docs.victoriametrics.com/VictoriaLogs/QuickSta * `vl_data_size_bytes{type="storage"}` - on-disk size for data excluding [log stream](https://docs.victoriametrics.com/VictoriaLogs/keyConcepts.html#stream-fields) indexes. * `vl_data_size_bytes{type="indexdb"}` - on-disk size for [log stream](https://docs.victoriametrics.com/VictoriaLogs/keyConcepts.html#stream-fields) indexes. * FEATURE: add `-insert.maxFieldsPerLine` command-line flag, which can be used for limiting the number of fields per line in logs sent to VictoriaLogs via ingestion protocols. This helps to avoid issues like [this](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4762). -* FEATURE: expose `vl_http_request_duration_seconds` metric at the [/metrics](monitoring). See this [PR](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/4934) for details. -* FEATURE: add support of `--storage.minFreeDiskSpaceBytes` command-line flag to allow switching to read-only mode when running out of disk space at `--storageDataPath`. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4737). * FEATURE: expose `vl_http_request_duration_seconds` histogram at the [/metrics](https://docs.victoriametrics.com/VictoriaLogs/#monitoring) page. Thanks to @crossoverJie for [this pull request](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/4934). +* FEATURE: add support of `-storage.minFreeDiskSpaceBytes` command-line flag to allow switching to read-only mode when running out of disk space at `-storageDataPath`. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4737). * BUGFIX: fix possible panic when no data is written to VictoriaLogs for a long time. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4895). Thanks to @crossoverJie for filing and fixing the issue. * BUGFIX: add `/insert/loky/ready` endpoint, which is used by Promtail for healthchecks. This should remove `unsupported path requested: /insert/loki/ready` warning logs. See [this comment](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4762#issuecomment-1690966722). From d41841c0c93d92616bbef6a3fcf308c8049d0fc2 Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Mon, 2 Oct 2023 08:04:59 +0200 Subject: [PATCH 35/73] lib/{mergeset,storage}: consistently reset isInMerge field in parts passed to mergeParts() before returning from the function While at it consistently check that the isInMerge field is set in all the parts passed to mergeParts() --- lib/mergeset/table.go | 13 ++++++++++++- lib/storage/partition.go | 13 ++++++++++++- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/lib/mergeset/table.go b/lib/mergeset/table.go index e6f840571..a5420df3c 100644 --- a/lib/mergeset/table.go +++ b/lib/mergeset/table.go @@ -1018,6 +1018,14 @@ func SetFinalMergeDelay(delay time.Duration) { var errNothingToMerge = fmt.Errorf("nothing to merge") +func assertIsInMerge(pws []*partWrapper) { + for _, pw := range pws { + if !pw.isInMerge { + logger.Panicf("BUG: partWrapper.isInMerge unexpectedly set to false") + } + } +} + func (tb *Table) releasePartsToMerge(pws []*partWrapper) { tb.partsLock.Lock() for _, pw := range pws { @@ -1036,12 +1044,16 @@ func (tb *Table) releasePartsToMerge(pws []*partWrapper) { // If isFinal is set, then the resulting part will be stored to disk. // // All the parts inside pws must have isInMerge field set to true. +// The isInMerge field inside pws parts is set to false before returning from the function. func (tb *Table) mergeParts(pws []*partWrapper, stopCh <-chan struct{}, isFinal bool) error { if len(pws) == 0 { // Nothing to merge. return errNothingToMerge } + assertIsInMerge(pws) + defer tb.releasePartsToMerge(pws) + startTime := time.Now() // Initialize destination paths. @@ -1091,7 +1103,6 @@ func (tb *Table) mergeParts(pws []*partWrapper, stopCh <-chan struct{}, isFinal putBlockStreamReader(bsr) } if err != nil { - tb.releasePartsToMerge(pws) return err } if mpNew != nil { diff --git a/lib/storage/partition.go b/lib/storage/partition.go index d0c0a29ef..ca91d71e3 100644 --- a/lib/storage/partition.go +++ b/lib/storage/partition.go @@ -1163,6 +1163,14 @@ func (pt *partition) mergeExistingParts(isFinal bool) error { return pt.mergeParts(pws, pt.stopCh, isFinal) } +func assertIsInMerge(pws []*partWrapper) { + for _, pw := range pws { + if !pw.isInMerge { + logger.Panicf("BUG: partWrapper.isInMerge unexpectedly set to false") + } + } +} + func (pt *partition) releasePartsToMerge(pws []*partWrapper) { pt.partsLock.Lock() for _, pw := range pws { @@ -1222,12 +1230,16 @@ func getMinDedupInterval(pws []*partWrapper) int64 { // if isFinal is set, then the resulting part will be saved to disk. // // All the parts inside pws must have isInMerge field set to true. +// The isInMerge field inside pws parts is set to false before returning from the function. func (pt *partition) mergeParts(pws []*partWrapper, stopCh <-chan struct{}, isFinal bool) error { if len(pws) == 0 { // Nothing to merge. return errNothingToMerge } + assertIsInMerge(pws) + defer pt.releasePartsToMerge(pws) + startTime := time.Now() // Initialize destination paths. @@ -1278,7 +1290,6 @@ func (pt *partition) mergeParts(pws []*partWrapper, stopCh <-chan struct{}, isFi putBlockStreamReader(bsr) } if err != nil { - pt.releasePartsToMerge(pws) return err } if mpNew != nil { From da9ef90277aa173deb5c5b29e463b29b4d66ddec Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Mon, 2 Oct 2023 08:20:34 +0200 Subject: [PATCH 36/73] lib/logstorage: assist merging in-memory parts at data ingestion path if their number starts exceeding maxInmemoryPartsPerPartition This is a follow-up for 9310e9f5847fa4d0fa49d1f081879014a33a4dc9 , which removed data ingestion pacing. This can result in uncontrolled growth of in-memory parts under high data ingestion rate, which, in turn, can result in unbounded RAM usage, OOM crashes and slow query performance. While at it, consistently reset isInMerge field for parts passed to mergeParts() before returning from this function. Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4775 Updates https://github.com/VictoriaMetrics/VictoriaMetrics/pull/4828 --- lib/logstorage/datadb.go | 63 +++++++++++++++++++++++++++++++--------- 1 file changed, 49 insertions(+), 14 deletions(-) diff --git a/lib/logstorage/datadb.go b/lib/logstorage/datadb.go index d2fd8d5c5..81d3ff322 100644 --- a/lib/logstorage/datadb.go +++ b/lib/logstorage/datadb.go @@ -228,7 +228,7 @@ func (ddb *datadb) flushInmemoryParts() { } err := ddb.mergePartsFinal(partsToFlush) if err != nil { - logger.Errorf("cannot flush inmemory parts to disk: %s", err) + logger.Panicf("FATAL: cannot flush inmemory parts to disk: %s", err) } select { @@ -256,7 +256,7 @@ func (ddb *datadb) startMergeWorkerLocked() { err := ddb.mergeExistingParts() <-globalMergeLimitCh if err != nil && !errors.Is(err, errReadOnly) { - logger.Errorf("cannot merge parts: %s", err) + logger.Panicf("FATAL: background merge failed: %s", err) } ddb.wg.Done() }() @@ -307,7 +307,6 @@ func (ddb *datadb) mergeExistingParts() error { } err := ddb.mergeParts(pws, false) ddb.releaseDiskSpace(partsSize) - ddb.releasePartsToMerge(pws) if err != nil { return err } @@ -356,15 +355,16 @@ var errReadOnly = errors.New("the storage is in read-only mode") // // All the parts inside pws must have isInMerge field set to true. func (ddb *datadb) mergeParts(pws []*partWrapper, isFinal bool) error { - if ddb.IsReadOnly() { - return errReadOnly - } - if len(pws) == 0 { // Nothing to merge. return nil } + + if ddb.IsReadOnly() { + return errReadOnly + } assertIsInMerge(pws) + defer ddb.releasePartsToMerge(pws) startTime := time.Now() @@ -436,7 +436,6 @@ func (ddb *datadb) mergeParts(pws []*partWrapper, isFinal bool) error { fs.MustSyncPath(dstPartPath) } if needStop(stopCh) { - ddb.releasePartsToMerge(pws) // Remove incomplete destination part if dstPartType == partFile { fs.MustRemoveAll(dstPartPath) @@ -548,7 +547,43 @@ func (ddb *datadb) mustAddRows(lr *LogRows) { if len(ddb.inmemoryParts) > defaultPartsToMerge { ddb.startMergeWorkerLocked() } + needAssistedMerge := ddb.needAssistedMergeForInmemoryPartsLocked() ddb.partsLock.Unlock() + + if needAssistedMerge { + ddb.assistedMergeForInmemoryParts() + } +} + +func (ddb *datadb) needAssistedMergeForInmemoryPartsLocked() bool { + if ddb.IsReadOnly() { + return false + } + if len(ddb.inmemoryParts) < maxInmemoryPartsPerPartition { + return false + } + n := 0 + for _, pw := range ddb.inmemoryParts { + if pw.isInMerge { + n++ + } + } + return n >= defaultPartsToMerge +} + +func (ddb *datadb) assistedMergeForInmemoryParts() { + ddb.partsLock.Lock() + parts := make([]*partWrapper, 0, len(ddb.inmemoryParts)) + parts = appendNotInMergePartsLocked(parts, ddb.inmemoryParts) + pws := appendPartsToMerge(nil, parts, (1<<64)-1) + setInMergeLocked(pws) + ddb.partsLock.Unlock() + + err := ddb.mergeParts(pws, false) + if err == nil || errors.Is(err, errReadOnly) { + return + } + logger.Panicf("FATAL: cannot perform assisted merge for in-memory parts: %s", err) } // DatadbStats contains various stats for datadb. @@ -646,18 +681,18 @@ func (ddb *datadb) mergePartsFinal(pws []*partWrapper) error { if len(pwsChunk) == 0 { pwsChunk = append(pwsChunk[:0], pws...) } - err := ddb.mergeParts(pwsChunk, true) - if err != nil { - ddb.releasePartsToMerge(pwsChunk) - return err - } - partsToRemove := partsToMap(pwsChunk) removedParts := 0 pws, removedParts = removeParts(pws, partsToRemove) if removedParts != len(pwsChunk) { logger.Panicf("BUG: unexpected number of parts removed; got %d; want %d", removedParts, len(pwsChunk)) } + + err := ddb.mergeParts(pwsChunk, true) + if err != nil { + ddb.releasePartsToMerge(pws) + return err + } } return nil } From 7e744f86cb21d582bc20171ba1adae89c6f152d3 Mon Sep 17 00:00:00 2001 From: hagen1778 Date: Mon, 2 Oct 2023 14:07:27 +0200 Subject: [PATCH 37/73] app/vlinsert/loki: make fmt Signed-off-by: hagen1778 --- app/vlinsert/loki/loki_json.go | 2 +- app/vlinsert/loki/loki_protobuf.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/vlinsert/loki/loki_json.go b/app/vlinsert/loki/loki_json.go index 653416faf..914b66412 100644 --- a/app/vlinsert/loki/loki_json.go +++ b/app/vlinsert/loki/loki_json.go @@ -78,7 +78,7 @@ var ( lokiRequestJSONDuration = metrics.NewHistogram(`vl_http_request_duration_seconds{path="/insert/loki/api/v1/push",format="json"}`) ) -func parseJSONRequest(data []byte, processLogMessage func(timestamp int64, fields []logstorage.Field)error) (int, error) { +func parseJSONRequest(data []byte, processLogMessage func(timestamp int64, fields []logstorage.Field) error) (int, error) { p := parserPool.Get() defer parserPool.Put(p) v, err := p.ParseBytes(data) diff --git a/app/vlinsert/loki/loki_protobuf.go b/app/vlinsert/loki/loki_protobuf.go index 0e7aceac7..eb262dcc8 100644 --- a/app/vlinsert/loki/loki_protobuf.go +++ b/app/vlinsert/loki/loki_protobuf.go @@ -71,7 +71,7 @@ var ( lokiRequestProtobufDuration = metrics.NewHistogram(`vl_http_request_duration_seconds{path="/insert/loki/api/v1/push",format="protobuf"}`) ) - func parseProtobufRequest(data []byte, processLogMessage func(timestamp int64, fields []logstorage.Field) error) (int, error) { +func parseProtobufRequest(data []byte, processLogMessage func(timestamp int64, fields []logstorage.Field) error) (int, error) { bb := bytesBufPool.Get() defer bytesBufPool.Put(bb) From 62de314510790664dbb1e9fa6f9d9e830382b12c Mon Sep 17 00:00:00 2001 From: Github Actions <133988544+victoriametrics-bot@users.noreply.github.com> Date: Mon, 2 Oct 2023 20:50:08 +0800 Subject: [PATCH 38/73] Automatic update operator docs from VictoriaMetrics/operator@c7125bd (#5102) --- docs/operator/CHANGELOG.md | 132 +- docs/operator/FAQ.md | 67 +- docs/operator/README.md | 100 +- docs/operator/api.md | 12 +- docs/operator/auth.md | 111 +- docs/operator/configuration.md | 260 +++ docs/operator/enterprise.md | 36 + docs/operator/high-availability.md | 392 +--- docs/operator/migration.md | 203 ++ docs/operator/monitoring.md | 72 + docs/operator/quick-start.md | 1883 +++++------------ docs/operator/resources/README.md | 220 ++ docs/operator/resources/vmagent.md | 720 +++++++ docs/operator/resources/vmalert.md | 362 ++++ docs/operator/resources/vmalertmanager.md | 270 +++ .../resources/vmalertmanagerconfig.md | 101 + docs/operator/resources/vmauth.md | 237 +++ docs/operator/resources/vmcluster.md | 612 ++++++ docs/operator/resources/vmnodescrape.md | 46 + docs/operator/resources/vmpodscrape.md | 64 + docs/operator/resources/vmprobe.md | 226 ++ docs/operator/resources/vmrule.md | 99 + docs/operator/resources/vmservicescrape.md | 77 + docs/operator/resources/vmsingle.md | 282 +++ docs/operator/resources/vmstaticscrape.md | 37 + docs/operator/resources/vmuser.md | 135 ++ docs/operator/security.md | 85 +- docs/operator/setup.md | 117 + docs/operator/vars.md | 14 +- 29 files changed, 5059 insertions(+), 1913 deletions(-) create mode 100644 docs/operator/configuration.md create mode 100644 docs/operator/enterprise.md create mode 100644 docs/operator/migration.md create mode 100644 docs/operator/monitoring.md create mode 100644 docs/operator/resources/README.md create mode 100644 docs/operator/resources/vmagent.md create mode 100644 docs/operator/resources/vmalert.md create mode 100644 docs/operator/resources/vmalertmanager.md create mode 100644 docs/operator/resources/vmalertmanagerconfig.md create mode 100644 docs/operator/resources/vmauth.md create mode 100644 docs/operator/resources/vmcluster.md create mode 100644 docs/operator/resources/vmnodescrape.md create mode 100644 docs/operator/resources/vmpodscrape.md create mode 100644 docs/operator/resources/vmprobe.md create mode 100644 docs/operator/resources/vmrule.md create mode 100644 docs/operator/resources/vmservicescrape.md create mode 100644 docs/operator/resources/vmsingle.md create mode 100644 docs/operator/resources/vmstaticscrape.md create mode 100644 docs/operator/resources/vmuser.md create mode 100644 docs/operator/setup.md diff --git a/docs/operator/CHANGELOG.md b/docs/operator/CHANGELOG.md index c9d2022ca..ad05d2f91 100644 --- a/docs/operator/CHANGELOG.md +++ b/docs/operator/CHANGELOG.md @@ -1,16 +1,22 @@ +--- +sort: 10 +weight: 10 +title: CHANGELOG +--- + # CHANGELOG ## Next release ### Features -- [vmoperator](https://docs.victoriametrics.com/operator/): upgrade vmagent/vmauth's default config-reloader image. +- [vmoperator](./README.md): upgrade vmagent/vmauth's default config-reloader image. ### Fixes -- [vmcluster](https://docs.victoriametrics.com/operator/api.html#vmcluster): remove redundant annotation `operator.victoriametrics/last-applied-spec` from created workloads like vmstorage statefulset. -- [vmoperator](https://docs.victoriametrics.com/operator/): properly resize statefulset's multiple pvc when needed and allowable, before they could be updated with wrong size. -- [vmoperator](https://docs.victoriametrics.com/operator/): fix wrong api group of endpointsices, before vmagent won't able to access endpointsices resources with default rbac rule. +- [vmcluster](./api.html#vmcluster): remove redundant annotation `operator.victoriametrics/last-applied-spec` from created workloads like vmstorage statefulset. +- [vmoperator](./README.md): properly resize statefulset's multiple pvc when needed and allowable, before they could be updated with wrong size. +- [vmoperator](./README.md): fix wrong api group of endpointsices, before vmagent won't able to access endpointsices resources with default rbac rule. ## [v0.38.0](https://github.com/VictoriaMetrics/operator/releases/tag/v0.38.0) - 11 Sep 2023 @@ -19,13 +25,13 @@ ### Fixes -- [vmuser](https://docs.victoriametrics.com/operator/api.html#vmuser): [Enterprise] fixes ip_filters indent for url_prefix. Previously it wasn't possible to use ip_filters with multiple target refs -- [vmoperator](https://docs.victoriametrics.com/operator/): turn off `EnableStrictSecurity` by default. Before, upgrade operator to v0.36.0+ could fail components with volume attached, see [this issue](https://github.com/VictoriaMetrics/operator/issues/749) for details. -- [vmoperator](https://docs.victoriametrics.com/operator/): bump default version of VictoriaMetrics components to [1.93.4](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.93.4). +- [vmuser](./api.md#vmuser): [Enterprise] fixes ip_filters indent for url_prefix. Previously it wasn't possible to use ip_filters with multiple target refs +- [vmoperator](./README.md): turn off `EnableStrictSecurity` by default. Before, upgrade operator to v0.36.0+ could fail components with volume attached, see [this issue](https://github.com/VictoriaMetrics/operator/issues/749) for details. +- [vmoperator](./README.md): bump default version of VictoriaMetrics components to [1.93.4](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.93.4). ### Features -- [vmoperator](https://docs.victoriametrics.com/operator/) add ability to print default values for all [operator variables](https://docs.victoriametrics.com/operator/vars.html). See [this issue](https://github.com/VictoriaMetrics/operator/issues/675) for details. +- [vmoperator](./README.md) add ability to print default values for all [operator variables](./vars.md). See [this issue](https://github.com/VictoriaMetrics/operator/issues/675) for details. ## [v0.37.1](https://github.com/VictoriaMetrics/operator/releases/tag/v0.37.1) - 02 Sep 2023 @@ -41,18 +47,18 @@ ### Fixes -- [vmagent](https://docs.victoriametrics.com/operator/api.html#vmagent): fix unmarshalling for streaming aggregation `match` field. +- [vmagent](./api.md#vmagent): fix unmarshalling for streaming aggregation `match` field. ### Features -- [vmagent](https://docs.victoriametrics.com/operator/api.html#vmagent): support [multiple if conditions](https://docs.victoriametrics.com/vmagent.html#relabeling:~:text=the%20if%20option%20may%20contain%20more%20than%20one%20filter) for relabeling. See [this issue](https://github.com/VictoriaMetrics/operator/issues/730) for details. +- [vmagent](./api.md#vmagent): support [multiple if conditions](https://docs.victoriametrics.com/vmagent.html#relabeling:~:text=the%20if%20option%20may%20contain%20more%20than%20one%20filter) for relabeling. See [this issue](https://github.com/VictoriaMetrics/operator/issues/730) for details. ## [v0.36.1](https://github.com/VictoriaMetrics/operator/releases/tag/v0.36.0) - 25 Aug 2023 ### Fixes -- [vmselect](https://docs.victoriametrics.com/operator/api.html#vmcluster): fix cache directory when `cacheDataPath` not specified, before it will use `/tmp` which is protect by default strict securityContext. +- [vmselect](./api.md#vmcluster): fix cache directory when `cacheDataPath` not specified, before it will use `/tmp` which is protect by default strict securityContext. ### Features @@ -61,7 +67,7 @@ ### Breaking changes -- **[vmalert](https://docs.victoriametrics.com/operator/api.html#vmalert): Field `OAuth2` was renamed to `oauth2` due to compatibility issue. If you defined `OAuth2` with below fields in vmalert objects using operator before v0.36.0, these fields must be reapplied with new tag `oauth2` after upgrading. See [this issue](https://github.com/VictoriaMetrics/operator/issues/522) and [this PR](https://github.com/VictoriaMetrics/operator/pull/689) for details.** +- **[vmalert](./api.md#vmalert): Field `OAuth2` was renamed to `oauth2` due to compatibility issue. If you defined `OAuth2` with below fields in vmalert objects using operator before v0.36.0, these fields must be reapplied with new tag `oauth2` after upgrading. See [this issue](https://github.com/VictoriaMetrics/operator/issues/522) and [this PR](https://github.com/VictoriaMetrics/operator/pull/689) for details.** - **Affected fields:** - **`VMAlert.spec.datasource.OAuth2` -> `VMAlert.spec.datasource.oauth2`,** - **`VMAlert.spec.notifier.OAuth2` -> `VMAlert.spec.notifier.oauth2`,** @@ -69,7 +75,7 @@ - **`VMAlert.spec.remoteRead.OAuth2` -> `VMAlert.spec.remoteRead.oauth2`,** - **`VMAlert.spec.remoteWrite.OAuth2` -> `VMAlert.spec.remoteWrite.oauth2`,** -- **[vmalert](https://docs.victoriametrics.com/operator/api.html#vmalert): Field `bearerTokenFilePath` was renamed to `bearerTokenFile` due to compatibility issue. If you defined `bearerTokenFilePath` with below fields in vmalert objects using operator before v0.36.0, these fields must be reapplied with new tag `bearerTokenFile` after upgrading. See [this issue](https://github.com/VictoriaMetrics/operator/issues/522) and [this PR](https://github.com/VictoriaMetrics/operator/pull/688/) for details.** +- **[vmalert](./api.md#vmalert): Field `bearerTokenFilePath` was renamed to `bearerTokenFile` due to compatibility issue. If you defined `bearerTokenFilePath` with below fields in vmalert objects using operator before v0.36.0, these fields must be reapplied with new tag `bearerTokenFile` after upgrading. See [this issue](https://github.com/VictoriaMetrics/operator/issues/522) and [this PR](https://github.com/VictoriaMetrics/operator/pull/688/) for details.** - **Affected fields:** - **`VMAlert.spec.datasource.bearerTokenFilePath` --> `VMAlert.spec.datasource.bearerTokenFile`,** - **`VMAlert.spec.notifier.bearerTokenFilePath` --> `VMAlert.spec.notifier.bearerTokenFile`,** @@ -82,22 +88,22 @@ - operator set resource requests for config-reloader container by default. See [this PR](https://github.com/VictoriaMetrics/operator/pull/695/) for details. - fix `attachMetadata` value miscovert for scrape objects. See [this issue](https://github.com/VictoriaMetrics/operator/issues/697) and [this PR](https://github.com/VictoriaMetrics/operator/pull/698) for details. - fix volumeClaimTemplates change check for objects that generate statefulset, like vmstorage, vmselect. Before, the statefulset won't be recreated if additional `claimTemplates` object changed. See [this issue](https://github.com/VictoriaMetrics/operator/issues/507) and [this PR](https://github.com/VictoriaMetrics/operator/pull/719) for details. -- [vmalert](https://docs.victoriametrics.com/operator/api.html#vmalert): fix `tlsCAFile` argument value generation when using secret or configMap. See [this issue](https://github.com/VictoriaMetrics/operator/issues/699) and [this PR](https://github.com/VictoriaMetrics/operator/issues/699) for details. -- [vmalertmanager](https://docs.victoriametrics.com/operator/api.html#vmalertmanager): fix default request memory and apply default resources if not set. See [this issue](https://github.com/VictoriaMetrics/operator/issues/706) and [this PR](https://github.com/VictoriaMetrics/operator/pull/710) for details. -- [vmagent](https://docs.victoriametrics.com/operator/api.html#vmagent): fix missing additional VolumeClaimTemplates when using `ClaimTemplates` under StatefulMode. +- [vmalert](./api.md#vmalert): fix `tlsCAFile` argument value generation when using secret or configMap. See [this issue](https://github.com/VictoriaMetrics/operator/issues/699) and [this PR](https://github.com/VictoriaMetrics/operator/issues/699) for details. +- [vmalertmanager](./api.md#vmalertmanager): fix default request memory and apply default resources if not set. See [this issue](https://github.com/VictoriaMetrics/operator/issues/706) and [this PR](https://github.com/VictoriaMetrics/operator/pull/710) for details. +- [vmagent](./api.md#vmagent): fix missing additional VolumeClaimTemplates when using `ClaimTemplates` under StatefulMode. ### Features -- [vmagent](https://docs.victoriametrics.com/operator/api.html#vmagent): add [example config](https://github.com/VictoriaMetrics/operator/blob/master/config/examples/vmagent_stateful_with_sharding.yaml) for vmagent statefulmode. -- [vmagent](https://docs.victoriametrics.com/operator/api.html#vmagent)/[vmsingle](https://docs.victoriametrics.com/operator/api.html#vmsingle): adapt new features in streaming aggregation: +- [vmagent](./api.md#vmagent): add [example config](https://github.com/VictoriaMetrics/operator/blob/master/config/examples/vmagent_stateful_with_sharding.yaml) for vmagent statefulmode. +- [vmagent](./api.md#vmagent)/[vmsingle](./api.md#vmsingle): adapt new features in streaming aggregation: - support `streamAggr.dropInput`, see [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4243) for details; - support list for `match` parameter, see [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4635) for details; - support `staleness_interval`, see [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4667) for details. -- [vmcluster](https://docs.victoriametrics.com/operator/api.html#vmagent): add [example config](https://github.com/VictoriaMetrics/operator/blob/master/config/examples/vmcluster_with_additional_claim.yaml) for cluster with custom storage claims. -- [vmrule](https://docs.victoriametrics.com/operator/api.html#vmrule): support `update_entries_limit` field in rules, refer to [alerting rules](https://docs.victoriametrics.com/vmalert.html#alerting-rules). See [this PR](https://github.com/VictoriaMetrics/operator/pull/691) for details. -- [vmrule](https://docs.victoriametrics.com/operator/api.html#vmrule): support `keep_firing_for` field in rules, refer to [alerting rules](https://docs.victoriametrics.com/vmalert.html#alerting-rules). See [this PR](https://github.com/VictoriaMetrics/operator/pull/711) for details. -- [vmoperator parameters](https://docs.victoriametrics.com/operator/vars.html): Add option `VM_ENABLESTRICTSECURITY` and enable strict security context by default. See [this issue](https://github.com/VictoriaMetrics/operator/issues/637), [this](https://github.com/VictoriaMetrics/operator/pull/692/) and [this](https://github.com/VictoriaMetrics/operator/pull/712) PR for details. -- [vmoperator parameters](https://docs.victoriametrics.com/operator/vars.html): change option `VM_PSPAUTOCREATEENABLED` default value from `true` to `false` cause PodSecurityPolicy already got deprecated since [kubernetes v1.25](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#psp-v125). See [this pr](https://github.com/VictoriaMetrics/operator/pull/726) for details. +- [vmcluster](./api.md#vmagent): add [example config](https://github.com/VictoriaMetrics/operator/blob/master/config/examples/vmcluster_with_additional_claim.yaml) for cluster with custom storage claims. +- [vmrule](./api.md#vmrule): support `update_entries_limit` field in rules, refer to [alerting rules](https://docs.victoriametrics.com/vmalert.html#alerting-rules). See [this PR](https://github.com/VictoriaMetrics/operator/pull/691) for details. +- [vmrule](./api.md#vmrule): support `keep_firing_for` field in rules, refer to [alerting rules](https://docs.victoriametrics.com/vmalert.html#alerting-rules). See [this PR](https://github.com/VictoriaMetrics/operator/pull/711) for details. +- [vmoperator parameters](./vars.md): Add option `VM_ENABLESTRICTSECURITY` and enable strict security context by default. See [this issue](https://github.com/VictoriaMetrics/operator/issues/637), [this](https://github.com/VictoriaMetrics/operator/pull/692/) and [this](https://github.com/VictoriaMetrics/operator/pull/712) PR for details. +- [vmoperator parameters](./vars.md): change option `VM_PSPAUTOCREATEENABLED` default value from `true` to `false` cause PodSecurityPolicy already got deprecated since [kubernetes v1.25](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#psp-v125). See [this pr](https://github.com/VictoriaMetrics/operator/pull/726) for details. [Changes][v0.36.0] @@ -106,7 +112,7 @@ ### Fixes -- [vmagent](https://docs.victoriametrics.com/operator/api.html#vmagent): fixes regression with remoteWrite authorization (basicAuth/token). When `UseCustomConfigReloader` option was set, operator incorrectly rendered mounts for `vmagent` container. https://github.com/VictoriaMetrics/operator/commit/f2b8cf701a33f91cef19848c857fd6efb7db59dd +- [vmagent](./api.md#vmagent): fixes regression with remoteWrite authorization (basicAuth/token). When `UseCustomConfigReloader` option was set, operator incorrectly rendered mounts for `vmagent` container. https://github.com/VictoriaMetrics/operator/commit/f2b8cf701a33f91cef19848c857fd6efb7db59dd [Changes][v0.35.1] @@ -116,19 +122,19 @@ ### Fixes -* [vmuser](https://docs.victoriametrics.com/operator/api.html#vmuser): fix vmselect url_map in vmuser. See [this issue for details](https://github.com/VictoriaMetrics/operator/issues/655). Thanks [@Haleygo](https://github.com/Haleygo) -* [vmalert](https://docs.victoriametrics.com/operator/api.html#vmalert): correctly set default port for vmauth components discovery. See [this issue for details](https://github.com/VictoriaMetrics/operator/issues/658). Thanks [@Haleygo](https://github.com/Haleygo) -* [vmuser](https://docs.victoriametrics.com/operator/api.html#vmuser): remove rate limit on delete. In https://github.com/VictoriaMetrics/operator/pull/672. Thanks [@Haleygo](https://github.com/Haleygo) -* [vmcluster](https://docs.victoriametrics.com/operator/api.html#vmcluster): fix spec change check. See [this issue for details](https://github.com/VictoriaMetrics/operator/issues/677). Thanks [@Haleygo](https://github.com/Haleygo) +* [vmuser](./api.md#vmuser): fix vmselect url_map in vmuser. See [this issue for details](https://github.com/VictoriaMetrics/operator/issues/655). Thanks [@Haleygo](https://github.com/Haleygo) +* [vmalert](./api.md#vmalert): correctly set default port for vmauth components discovery. See [this issue for details](https://github.com/VictoriaMetrics/operator/issues/658). Thanks [@Haleygo](https://github.com/Haleygo) +* [vmuser](./api.md#vmuser): remove rate limit on delete. In https://github.com/VictoriaMetrics/operator/pull/672. Thanks [@Haleygo](https://github.com/Haleygo) +* [vmcluster](./api.md#vmcluster): fix spec change check. See [this issue for details](https://github.com/VictoriaMetrics/operator/issues/677). Thanks [@Haleygo](https://github.com/Haleygo) * Correctly publish multi-arch release at https://github.com/VictoriaMetrics/operator/pull/681. Thanks [@Haleygo](https://github.com/Haleygo) ### Features -* [vmagent](https://docs.victoriametrics.com/operator/api.html#vmagent): add validation when generate static scrape config. See [this issue for details](https://github.com/VictoriaMetrics/operator/issues/677). Thanks [@Haleygo](https://github.com/Haleygo) -* [vmalertmanagerconfig](https://docs.victoriametrics.com/operator/api.html#vmalertmanagerconfig): add validation for slack receiver url. See [this issue for details](https://github.com/VictoriaMetrics/operator/issues/661). Thanks [@Haleygo](https://github.com/Haleygo) -* [vmauth](https://docs.victoriametrics.com/operator/api.html#vmauth)/[vmagent](https://docs.victoriametrics.com/operator/api.html#vmagent): implement configuration initiation for custom config reloader. See [this issue for details](https://github.com/VictoriaMetrics/operator/issues/619). Thanks [@Haleygo](https://github.com/Haleygo) +* [vmagent](./api.md#vmagent): add validation when generate static scrape config. See [this issue for details](https://github.com/VictoriaMetrics/operator/issues/677). Thanks [@Haleygo](https://github.com/Haleygo) +* [vmalertmanagerconfig](./api.md#vmalertmanagerconfig): add validation for slack receiver url. See [this issue for details](https://github.com/VictoriaMetrics/operator/issues/661). Thanks [@Haleygo](https://github.com/Haleygo) +* [vmauth](./api.md#vmauth)/[vmagent](./api.md#vmagent): implement configuration initiation for custom config reloader. See [this issue for details](https://github.com/VictoriaMetrics/operator/issues/619). Thanks [@Haleygo](https://github.com/Haleygo) * add more generators Thanks [@Haleygo](https://github.com/Haleygo) in https://github.com/VictoriaMetrics/operator/pull/668 -* [vmsingle](https://docs.victoriametrics.com/operator/api.html#vmsingle): add status field. See [this issue for details](https://github.com/VictoriaMetrics/operator/issues/670). Thanks [@Haleygo](https://github.com/Haleygo) +* [vmsingle](./api.md#vmsingle): add status field. See [this issue for details](https://github.com/VictoriaMetrics/operator/issues/670). Thanks [@Haleygo](https://github.com/Haleygo) [Changes][v0.35.0] @@ -138,9 +144,9 @@ ### Fixes -- [vmcluster](https://docs.victoriametrics.com/operator/api.html#vmcluster): fail fast on misconfigured or missing kubernetes pods. It should prevent rare bug with cascade pod deletion. See this [issue](https://github.com/VictoriaMetrics/operator/issues/643) for details -- [vmauth](https://docs.victoriametrics.com/operator/api.html#vmauth)/[vmagent](https://docs.victoriametrics.com/operator/api.html#vmagent): correctly renders initConfig image with global container registry domain. See this [issue](https://github.com/VictoriaMetrics/operator/issues/654) for details. -- [vmagent](https://docs.victoriametrics.com/operator/api.html#vmagent): correctly set RBAC permissions for single namespace mode and custom config reloader image. See this [issue](https://github.com/VictoriaMetrics/operator/issues/653) for details. +- [vmcluster](./api.md#vmcluster): fail fast on misconfigured or missing kubernetes pods. It should prevent rare bug with cascade pod deletion. See this [issue](https://github.com/VictoriaMetrics/operator/issues/643) for details +- [vmauth](./api.md#vmauth)/[vmagent](./api.md#vmagent): correctly renders initConfig image with global container registry domain. See this [issue](https://github.com/VictoriaMetrics/operator/issues/654) for details. +- [vmagent](./api.md#vmagent): correctly set RBAC permissions for single namespace mode and custom config reloader image. See this [issue](https://github.com/VictoriaMetrics/operator/issues/653) for details. [Changes][v0.34.1] @@ -154,18 +160,18 @@ ### Fixes -- [vmnodescrape](https://docs.victoriametrics.com/operator/api.html#vmnodescrape): fixed selectors for Exists and NotExists operators with empty label Thanks [@Amper](https://github.com/Amper) in https://github.com/VictoriaMetrics/operator/pull/646 -- [vmrule](https://docs.victoriametrics.com/operator/api.html#vmrule): Add config for vmrule in validating webhook Thanks in https://github.com/VictoriaMetrics/operator/pull/650 -- [vmagent](https://docs.victoriametrics.com/operator/api.html#vmagent): skips misconfigured objects with missed secret references: https://github.com/VictoriaMetrics/operator/issues/648 -- [vmagent](https://docs.victoriametrics.com/operator/api.html#vmagent): correctly renders initContainer for configuration download: https://github.com/VictoriaMetrics/operator/issues/649 +- [vmnodescrape](./api.md#vmnodescrape): fixed selectors for Exists and NotExists operators with empty label Thanks [@Amper](https://github.com/Amper) in https://github.com/VictoriaMetrics/operator/pull/646 +- [vmrule](./api.md#vmrule): Add config for vmrule in validating webhook Thanks in https://github.com/VictoriaMetrics/operator/pull/650 +- [vmagent](./api.md#vmagent): skips misconfigured objects with missed secret references: https://github.com/VictoriaMetrics/operator/issues/648 +- [vmagent](./api.md#vmagent): correctly renders initContainer for configuration download: https://github.com/VictoriaMetrics/operator/issues/649 ### Features -- [vmalertmanager](https://docs.victoriametrics.com/operator/api.html#vmalertmanager): Bump alertmanager to v0.25.0 Thanks [@tamcore](https://github.com/tamcore) in https://github.com/VictoriaMetrics/operator/pull/636 -- [vmcluster](https://docs.victoriametrics.com/operator/api.html#vmcluster): added `clusterNativePort` field to VMSelect/VMInsert for multi-level cluster setup ([#634](https://github.com/VictoriaMetrics/operator/issues/634)) Thanks [@Amper](https://github.com/Amper) in https://github.com/VictoriaMetrics/operator/pull/639 -- [vmrule](https://docs.victoriametrics.com/operator/api.html#vmrule): add notifierHeader field in vmrule spec Thanks [@Haleygo](https://github.com/Haleygo) in https://github.com/VictoriaMetrics/operator/pull/622 -- [vmpodscrape](https://docs.victoriametrics.com/operator/api.html#vmpodscrape): adds FilterRunning option as prometheus does in https://github.com/VictoriaMetrics/operator/pull/640 -- [vmauth](https://docs.victoriametrics.com/operator/api.html#vmauth): adds latest features in https://github.com/VictoriaMetrics/operator/pull/642 +- [vmalertmanager](./api.md#vmalertmanager): Bump alertmanager to v0.25.0 Thanks [@tamcore](https://github.com/tamcore) in https://github.com/VictoriaMetrics/operator/pull/636 +- [vmcluster](./api.md#vmcluster): added `clusterNativePort` field to VMSelect/VMInsert for multi-level cluster setup ([#634](https://github.com/VictoriaMetrics/operator/issues/634)) Thanks [@Amper](https://github.com/Amper) in https://github.com/VictoriaMetrics/operator/pull/639 +- [vmrule](./api.md#vmrule): add notifierHeader field in vmrule spec Thanks [@Haleygo](https://github.com/Haleygo) in https://github.com/VictoriaMetrics/operator/pull/622 +- [vmpodscrape](./api.md#vmpodscrape): adds FilterRunning option as prometheus does in https://github.com/VictoriaMetrics/operator/pull/640 +- [vmauth](./api.md#vmauth): adds latest features in https://github.com/VictoriaMetrics/operator/pull/642 [Changes][v0.34.0] @@ -175,22 +181,22 @@ ### Fixes -- [vmalert](https://docs.victoriametrics.com/operator/api.html#vmalert): skip bad rules and improve logging for rules exceed max configmap size https://github.com/VictoriaMetrics/operator/commit/bb754d5c20bb371a197cd6ff5afac1ba86a4d92b -- [vmalertmanagerconfig](https://docs.victoriametrics.com/operator/api.html#vmalertmanagerconfig): fixed error with headers in VMAlertmanagerConfig.Receivers.EmailConfigs.Headers unmarshalling. Thanks [@Amper](https://github.com/Amper) in https://github.com/VictoriaMetrics/operator/pull/610 -- [vmagent](https://docs.victoriametrics.com/operator/api.html#vmagent): fixed keepInput setting for streaming aggregation. Thanks [@Amper](https://github.com/Amper) in https://github.com/VictoriaMetrics/operator/pull/618 -- [vmalertmanagerconfig](https://docs.victoriametrics.com/operator/api.html#vmalertmanagerconfig): fix webhook config maxAlerts not work. Thanks [@Haleygo](https://github.com/Haleygo) in https://github.com/VictoriaMetrics/operator/pull/625 -- [vmagent](https://docs.victoriametrics.com/operator/api.html#vmagent): Remove single quotes from remote write headers. Thanks [@axelsccp](https://github.com/axelsccp) in https://github.com/VictoriaMetrics/operator/pull/613 -- [vmalertmanagerconfig](https://docs.victoriametrics.com/operator/api.html#vmalertmanagerconfig): fix parse route error and some comments. Thanks [@Haleygo](https://github.com/Haleygo) in https://github.com/VictoriaMetrics/operator/pull/630 -- [vmuser](https://docs.victoriametrics.com/operator/api.html#vmuser): properly removes finalizers for objects https://github.com/VictoriaMetrics/operator/commit/8f10113920a353f21fbcc8637076905f2e57bb34 +- [vmalert](./api.md#vmalert): skip bad rules and improve logging for rules exceed max configmap size https://github.com/VictoriaMetrics/operator/commit/bb754d5c20bb371a197cd6ff5afac1ba86a4d92b +- [vmalertmanagerconfig](./api.md#vmalertmanagerconfig): fixed error with headers in VMAlertmanagerConfig.Receivers.EmailConfigs.Headers unmarshalling. Thanks [@Amper](https://github.com/Amper) in https://github.com/VictoriaMetrics/operator/pull/610 +- [vmagent](./api.md#vmagent): fixed keepInput setting for streaming aggregation. Thanks [@Amper](https://github.com/Amper) in https://github.com/VictoriaMetrics/operator/pull/618 +- [vmalertmanagerconfig](./api.md#vmalertmanagerconfig): fix webhook config maxAlerts not work. Thanks [@Haleygo](https://github.com/Haleygo) in https://github.com/VictoriaMetrics/operator/pull/625 +- [vmagent](./api.md#vmagent): Remove single quotes from remote write headers. Thanks [@axelsccp](https://github.com/axelsccp) in https://github.com/VictoriaMetrics/operator/pull/613 +- [vmalertmanagerconfig](./api.md#vmalertmanagerconfig): fix parse route error and some comments. Thanks [@Haleygo](https://github.com/Haleygo) in https://github.com/VictoriaMetrics/operator/pull/630 +- [vmuser](./api.md#vmuser): properly removes finalizers for objects https://github.com/VictoriaMetrics/operator/commit/8f10113920a353f21fbcc8637076905f2e57bb34 ### Features -- [vmalertmanager](https://docs.victoriametrics.com/operator/api.html#vmalertmanager): add option to disable route continue enforce. Thanks [@Haleygo](https://github.com/Haleygo) in https://github.com/VictoriaMetrics/operator/pull/621 -- [vmalertmanagerconfig](https://docs.victoriametrics.com/operator/api.html#vmalertmanagerconfig): support set require_tls to false. Thanks [@Haleygo](https://github.com/Haleygo) in https://github.com/VictoriaMetrics/operator/pull/624 -- [vmalertmanagerconfig](https://docs.victoriametrics.com/operator/api.html#vmalertmanagerconfig): add sanity check. Thanks [@Haleygo](https://github.com/Haleygo) in https://github.com/VictoriaMetrics/operator/pull/627 +- [vmalertmanager](./api.md#vmalertmanager): add option to disable route continue enforce. Thanks [@Haleygo](https://github.com/Haleygo) in https://github.com/VictoriaMetrics/operator/pull/621 +- [vmalertmanagerconfig](./api.md#vmalertmanagerconfig): support set require_tls to false. Thanks [@Haleygo](https://github.com/Haleygo) in https://github.com/VictoriaMetrics/operator/pull/624 +- [vmalertmanagerconfig](./api.md#vmalertmanagerconfig): add sanity check. Thanks [@Haleygo](https://github.com/Haleygo) in https://github.com/VictoriaMetrics/operator/pull/627 - Makefile: bump Alpine base image to latest v3.17.3. Thanks [@denisgolius](https://github.com/denisgolius) in https://github.com/VictoriaMetrics/operator/pull/628 -- [vmalertmanagerconfig](https://docs.victoriametrics.com/operator/api.html#vmalertmanagerconfig): support sound field in pushover config. Thanks [@Haleygo](https://github.com/Haleygo) in https://github.com/VictoriaMetrics/operator/pull/631 -- [vmagent](https://docs.victoriametrics.com/operator/api.html#vmagent)/[vmauth](https://docs.victoriametrics.com/operator/api.html#vmauth): download initial config with initContainer https://github.com/VictoriaMetrics/operator/commit/612e7c8f40659731e7938ef9556eb088c67eb4b7 +- [vmalertmanagerconfig](./api.md#vmalertmanagerconfig): support sound field in pushover config. Thanks [@Haleygo](https://github.com/Haleygo) in https://github.com/VictoriaMetrics/operator/pull/631 +- [vmagent](./api.md#vmagent)/[vmauth](./api.md#vmauth): download initial config with initContainer https://github.com/VictoriaMetrics/operator/commit/612e7c8f40659731e7938ef9556eb088c67eb4b7 [Changes][v0.33.0] @@ -201,7 +207,7 @@ ### Fixes - config: fixes typo at default vm apps version https://github.com/VictoriaMetrics/operator/issues/608 -- [vmsingle](https://docs.victoriametrics.com/operator/api.html#vmsingle): conditionally adds stream aggregation config https://github.com/VictoriaMetrics/operator/commit/4a0ca54113afcde439ca4c77e22d3ef1c0d36241 +- [vmsingle](./api.md#vmsingle): conditionally adds stream aggregation config https://github.com/VictoriaMetrics/operator/commit/4a0ca54113afcde439ca4c77e22d3ef1c0d36241 [Changes][v0.32.1] @@ -215,10 +221,10 @@ ### Features -- [vmauth](https://docs.victoriametrics.com/operator/api.html#vmauth): automatically configures `proxy-protocol` client and `reloadAuthKey` for `config-reloader` container. https://github.com/VictoriaMetrics/operator/commit/611819233bf595a4dbd04b07d7be24b7e994379c -- [vmagent](https://docs.victoriametrics.com/operator/api.html#vmagent): adds `scrapeTimeout` global configuration for `VMAgent` https://github.com/VictoriaMetrics/operator/commit/d1d5024c6befa0961f8d56c82a0554935a4b1878 -- [vmagent](https://docs.victoriametrics.com/operator/api.html#vmagent): adds [streaming aggregation](https://docs.victoriametrics.com/stream-aggregation.html) for `remoteWrite` targets https://github.com/VictoriaMetrics/operator/commit/b8baa6c2b72bdda64ebfcc9c3d86d846cd9b3c98 Thanks [@Amper](https://github.com/Amper) -- [vmsingle](https://docs.victoriametrics.com/operator/api.html#vmsingle): adds [streaming aggregation](https://docs.victoriametrics.com/stream-aggregation.html) as global configuration for database https://github.com/VictoriaMetrics/operator/commit/b8baa6c2b72bdda64ebfcc9c3d86d846cd9b3c98 Thanks [@Amper](https://github.com/Amper) +- [vmauth](./api.md#vmauth): automatically configures `proxy-protocol` client and `reloadAuthKey` for `config-reloader` container. https://github.com/VictoriaMetrics/operator/commit/611819233bf595a4dbd04b07d7be24b7e994379c +- [vmagent](./api.md#vmagent): adds `scrapeTimeout` global configuration for `VMAgent` https://github.com/VictoriaMetrics/operator/commit/d1d5024c6befa0961f8d56c82a0554935a4b1878 +- [vmagent](./api.md#vmagent): adds [streaming aggregation](https://docs.victoriametrics.com/stream-aggregation.html) for `remoteWrite` targets https://github.com/VictoriaMetrics/operator/commit/b8baa6c2b72bdda64ebfcc9c3d86d846cd9b3c98 Thanks [@Amper](https://github.com/Amper) +- [vmsingle](./api.md#vmsingle): adds [streaming aggregation](https://docs.victoriametrics.com/stream-aggregation.html) as global configuration for database https://github.com/VictoriaMetrics/operator/commit/b8baa6c2b72bdda64ebfcc9c3d86d846cd9b3c98 Thanks [@Amper](https://github.com/Amper) [Changes][v0.32.0] @@ -233,8 +239,8 @@ ### Features -- [vmalertmanager](https://docs.victoriametrics.com/operator/api.html#vmalertmanager): Add support of vmalertmanager.spec.templates and autoreload dirs for templates and configmaps thanks [@Amper](https://github.com/Amper) https://github.com/VictoriaMetrics/operator/issues/590 https://github.com/VictoriaMetrics/operator/issues/592 -- [vmalertmanager](https://docs.victoriametrics.com/operator/api.html#vmalertmanager): Add support "%SHARD_NUM%" placeholder for vmagent sts/deployment Thanks [@Amper](https://github.com/Amper) https://github.com/VictoriaMetrics/operator/issues/508 +- [vmalertmanager](./api.md#vmalertmanager): Add support of vmalertmanager.spec.templates and autoreload dirs for templates and configmaps thanks [@Amper](https://github.com/Amper) https://github.com/VictoriaMetrics/operator/issues/590 https://github.com/VictoriaMetrics/operator/issues/592 +- [vmalertmanager](./api.md#vmalertmanager): Add support "%SHARD_NUM%" placeholder for vmagent sts/deployment Thanks [@Amper](https://github.com/Amper) https://github.com/VictoriaMetrics/operator/issues/508 [Changes][v0.31.0] diff --git a/docs/operator/FAQ.md b/docs/operator/FAQ.md index 79ca2662d..04d9a44c1 100644 --- a/docs/operator/FAQ.md +++ b/docs/operator/FAQ.md @@ -1,17 +1,14 @@ --- -sort: 15 -weight: 15 +sort: 9 +weight: 9 title: FAQ -menu: - docs: - parent: "operator" - weight: 15 - identifier: "faq-operator" -aliases: -- /operator/FAQ.html --- -# FAQ +# FAQ (Frequency Asked Questions) + +## How do you monitor the operator itself? + +You can read about vmoperator monitoring in [this document](./monitoring.md). ## How to change VMStorage PVC storage class @@ -29,3 +26,53 @@ With Operator deployment: 1. Run `kubectl delete statefulset --cascade=orphan {vmstorage-sts}` 1. Update VMCluster spec to use new storage class 1. Apply cluster configuration + +## How to override image registry + +You can use `VM_CONTAINERREGISTRY` parameter for operator: + +- See details about tuning [operator settings here](./setup.md#settings). +- See [available operator settings](./vars.md) here. + +## How to set up automatic backups? + +You can read about backups: + +- for `VMSingle`: [Backup automation](./resources/vmsingle.md#backup-automation) +- for `VMCluster`: [Backup automation](./resources/vmcluster.md#backup-automation) + +## How to migrate from Prometheus-operator to VictoriaMetrics operator? + +You can read about migration from prometheus operator on [this page](./migration.md). + +## How to turn off conversion for prometheus resources + +You can read about it on [this page](./migration.md#objects-convesion). + +## My VM objects are not deleted/changed when I delete/change Prometheus objects + +You can read about it in following sections of "Migration from prometheus-operator" docs: + +- [Deletion synchronization](./migration.md#deletion-synchronization) +- [Update synchronization](./migration.md#update-synchronization) +- [Labels synchronization](./migration.md#labels-synchronization) + +## What permissions does an operator need to run in a cluster? + +You can read about needed permissions for operator in [this document](./security.md#roles). + +## How to know the version of VM components in the operator? + +See [printDefaults mode](./configuration.md). + +In addition, you can use [Release notes](https://github.com/VictoriaMetrics/operator/releases) +or [CHANGELOG](https://github.com/VictoriaMetrics/operator/blob/master/docs/CHANGELOG.md). +- that's where we describe default version of VictoriaMetrics components. + +## How to run VictoriaMetrics operator with permissions for one namespace only? + +See this document for details: [Configuration -> Namespaced mode](./configuration.md#namespaced-mode). + +## What versions of Kubernetes is the operator compatible with? + +Operator tested at kubernetes versions from 1.16 to 1.27. diff --git a/docs/operator/README.md b/docs/operator/README.md index 765872593..9185fdf7d 100644 --- a/docs/operator/README.md +++ b/docs/operator/README.md @@ -1,21 +1,91 @@ --- -sort: 27 +sort: 0 +weight: 0 title: VictoriaMetrics Operator -disableToc: true --- # VictoriaMetrics Operator -1. [VictoriaMetrics Operator](VictoriaMetrics-Operator.html) -1. [Additional Scrape Configuration](additional-scrape.html) -1. [API Docs](api.html) -1. [Authorization and exposing components](auth.html) -1. [vmbackupmanager](backups.html) -1. [Design](design.html) -1. [High Availability](high-availability.html) -1. [VMAlert, VMAgent, VMAlertmanager, VMSingle version](managing-versions.html) -1. [Victoria Metrics Operator Quick Start](quick-start.html) -1. [VMAgent relabel](relabeling.html) -1. [CRD Validation](resources-validation.html) -1. [Security](security.html) -1. [Auto Generated vars for package config](vars.html) +Operator serves to make running VictoriaMetrics applications on top of Kubernetes as easy as possible while preserving Kubernetes-native configuration options. + +VictoriaMetrics Operator (`vmoperator`) is the classic kubernetes-operator for VictoriaMetrics with many [great features](#features). +It allows you to manage Victoria Metrics components in Kubernetes or OpenShift clusters +in a declarative style according to [GitOps](https://www.redhat.com/en/topics/devops/what-is-gitops) +and [IaC](https://en.wikipedia.org/wiki/Infrastructure_as_code) concepts. + +VictoriaMetrics also provides [helm charts](https://github.com/VictoriaMetrics/helm-charts) without operator. +Operator makes the same, simplifies it and provides [advanced features](#features). + +Learn more about [key concepts](#key-concepts) of `vmoperator` and follow the **[quick start guide](./quick-start.md)** for a better experience. + +## Features of vmoperator + +- Deployment and management in a kubernetes clusters of any number of VictoriaMetrics applications (like vmsingle/vmcluster instances and another components like vmauth, vmagent, vmalert, etc...) +- Seamless [migration from prometheus-operator](./migration.md) with auto-conversion of prometheus [custom resources](#custom-resources) +- Simple VictoriaMetrics cluster installation, configuring, upgrading and managing with [crd-objects](./resources/README.md). +- Ability to delegate the configuration (parts of configuration) of applications monitoring to the end-users and managing access to different configurations or configuration sections. +- Integration with VictoriaMetrics [vmbackupmanager](https://docs.victoriametrics.com/vmbackupmanager.html) - advanced tools for making backups. Check [Backup automation for VMSingle](./resources/vmsingle.md#backup-automation) or [Backup automation for VMCluster](./resources/vmcluster.md#backup-automation). +- Everything you need for monitoring out of the box in [k8s-stack helm chart](https://victoriametrics.github.io/helm-charts/charts/victoria-metrics-k8s-stack/) with ready-made usecases and solutions. +- Ability to template your own deployment scenarios. + +## Key Concepts + +### Kubernetes-operators + +[Kubernetes-operators](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) are software extensions +for Kubernetes that make use of [custom resources](#custom-resources) to manage applications and their components. +Operators follow Kubernetes principles, notably the control loop. +It can be said that operators are custom controllers for Kubernetes that allow you to create business logic for custom resources. + +Design and implementation of `vmoperator` inspired by [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator). + +Useful links: +- [Custom resources](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) +- [Custom resource definitions](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/) +- [Operator pattern](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) +- [Operator best practices](https://sdk.operatorframework.io/docs/best-practices/) + +### Custom resources + +Kubernetes-Operators use [custom resources](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) +for interaction. Custom resources are a mechanism built into Kubernetes that allows you to create your own extensions for Kubernetes, +working on the same principles as those built into Kubernetes APIs. Custom resources make Kubernetes so modular and extensible. + +In addition, thanks to CRD ([Custom Resource Definitions](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/)), +the mechanism of custom resources allows you to declare an API in the format of the OpenAPI specification and verify that the resources correspond to this API. + +### Reconciliation cycle + +The main task of the operator is to bring the state of the cluster in line with what is declared by the user in the custom resources. +This process of constant monitoring and adjustment is called the "Reconciliation cycle" - it is the operator's workflow. + +The basic workflow of working with the operator can be simplified as the following diagram: + + + +- Operator declares and owns [resources of Victoria Metrics](./resources/README.md). +- Kubernetes validates of the resource according to the specification from CRD (see more in [custom resources](#custom-resources)). +- Operator subscribed to change events (`create`, `update`, `delete`) for related resources. +- When an event occurs, the operator reacts and updates the state of the objects in the cluster. +- For some objects in the cluster the reconciliation cycle is performed at a given interval, even without the occurrence of change events (see `VM_FORCERESYNCINTERVAL`). + +### Next steps + +- [Quick Start Guide](./quick-start.md) +- [Setup](./setup.md) +- [Security](./security.md) +- [Configuration](./configuration.md) +- [Migration from Prometheus](./migration.md) +- [Monitoring](./monitoring.md) +- [Authorization and exposing components](./auth.md) +- [High Availability](./high-availability.md) +- [Enterprise](./enterprise.md) +- [Custom resources](./resources/README.md) + +If you have any questions, check out our [FAQ](./FAQ.md) +and feel free to can ask them: +- [VictoriaMetrics Slack](https://victoriametrics.slack.com/) +- [VictoriaMetrics Telegram](https://t.me/VictoriaMetrics_en) + +If you have any suggestions or find a bug, please create an issue +on [GitHub](https://github.com/VictoriaMetrics/operator/issues/new). diff --git a/docs/operator/api.md b/docs/operator/api.md index ffb60c700..dd14239c8 100644 --- a/docs/operator/api.md +++ b/docs/operator/api.md @@ -1,15 +1,11 @@ --- -sort: 16 +sort: 12 +weight: 12 title: API Docs -weight: 16 -menu: - docs: - parent: "operator" - weight: 16 -aliases: -- /operator/api.html --- + + # API Docs This Document documents the types introduced by the VictoriaMetrics to be consumed by users. diff --git a/docs/operator/auth.md b/docs/operator/auth.md index 2dd2f0df8..0773f42b9 100644 --- a/docs/operator/auth.md +++ b/docs/operator/auth.md @@ -1,27 +1,23 @@ --- -sort: 4 -weight: 4 +sort: 7 +weight: 7 title: Authorization and exposing components -menu: - docs: - parent: "operator" - weight: 4 -aliases: -- /operator/auth.html --- # Authorization and exposing components ## Exposing components +CRD objects doesn't have `ingress` configuration. +Instead, you can use [VMAuth](./resources/vmauth.md) as proxy between ingress-controller and VictoriaMetrics components. - CRD objects doesn't have `ingress` configuration. Instead, you can use `VMAuth` as proxy between ingress-controller and VM app components. - It adds missing authorization and access control features and enforces it. +It adds missing authorization and access control features and enforces it. - Access can be given with `VMUser` definition. It supports basic auth and bearer token authentication. +Access can be given with [VMUser](./resources/vmuser.md) definition. + +It supports basic auth and bearer token authentication: ```yaml -cat << EOF | kubectl apply -f - apiVersion: operator.victoriametrics.com/v1beta1 kind: VMAuth metadata: @@ -30,45 +26,43 @@ spec: userNamespaceSelector: {} userSelector: {} ingress: {} -EOF + unauthorizedAccessConfig: [] ``` - Advanced configuration with cert-manager annotations: +Advanced configuration with cert-manager annotations: + ```yaml -cat << EOF | kubectl apply -f - apiVersion: operator.victoriametrics.com/v1beta1 kind: VMAuth metadata: - name: router-main + name: router-main spec: - podMetadata: - labels: - component: vmauth - userSelector: {} - userNamespaceSelector: {} - replicaCount: 2 - resources: - requests: - cpu: "250m" - memory: "350Mi" - limits: - cpu: "500m" - memory: "850Mi" - ingress: - tlsSecretName: vmauth-tls - annotations: - cert-manager.io/cluster-issuer: base - class_name: nginx - tlsHosts: - - vm-access.example.com -EOF + podMetadata: + labels: + component: vmauth + userSelector: {} + userNamespaceSelector: {} + replicaCount: 2 + resources: + requests: + cpu: "250m" + memory: "350Mi" + limits: + cpu: "500m" + memory: "850Mi" + ingress: + tlsSecretName: vmauth-tls + annotations: + cert-manager.io/cluster-issuer: base + class_name: nginx + tlsHosts: + - vm-access.example.com ``` - -simple static routing with read-only access to vmagent for username - `user-1` with password `Asafs124142` +Simple static routing with read-only access to vmagent for username - `user-1` with password `Asafs124142`: + ```yaml # curl vmauth:8427/metrics -u 'user-1:Asafs124142' -cat << EOF | kubectl apply -f apiVersion: operator.victoriametrics.com/v1beta1 kind: VMUser metadata: @@ -79,14 +73,12 @@ spec: - static: url: http://vmagent-base.default.svc:8429 paths: ["/targets/api/v1","/targets","/metrics"] -EOF ``` - With bearer token access: +With bearer token access: ```yaml # curl vmauth:8427/metrics -H 'Authorization: Bearer Asafs124142' -cat << EOF | kubectl apply -f apiVersion: operator.victoriametrics.com/v1beta1 kind: VMUser metadata: @@ -97,13 +89,12 @@ spec: - static: url: http://vmagent-base.default.svc:8429 paths: ["/targets/api/v1","/targets","/metrics"] -EOF ``` - It's also possible to use service discovery for objects: +It's also possible to use service discovery for objects: + ```yaml # curl vmauth:8427/metrics -H 'Authorization: Bearer Asafs124142' -cat << EOF | kubectl apply -f apiVersion: operator.victoriametrics.com/v1beta1 kind: VMUser metadata: @@ -116,12 +107,11 @@ spec: name: base namespace: default paths: ["/targets/api/v1","/targets","/metrics"] -EOF ``` - Cluster components supports auto path generation for single tenant view: +Cluster components supports auto path generation for single tenant view: + ```yaml -cat << EOF | kubectl apply -f - apiVersion: operator.victoriametrics.com/v1beta1 kind: VMUser metadata: @@ -143,17 +133,15 @@ spec: url: http://vmselect-test-persistent.default.svc:8481/ paths: - /internal/resetRollupResultCache -EOF ``` - For each `VMUser` operator generates corresponding secret with username/password or bearer token at the same namespace as `VMUser`. +For each `VMUser` operator generates corresponding secret with username/password or bearer token at the same namespace as `VMUser`. ## Basic auth for targets -To authenticate a `VMServiceScrape`s over a metrics endpoint use [`basicAuth`](https://docs.victoriametrics.com/operator/api.html#basicauth) +To authenticate a `VMServiceScrape`s over a metrics endpoint use [`basicAuth`](./api.md#basicauth): ```yaml -cat < Unauthorized access](./resources/vmauth.md#unauthorized-access). + +More details about features of `VMAuth` and `VMUser` you can read in: +- [VMAuth docs](./resources/vmauth.md), +- [VMUser docs](./resources/vmuser.md). diff --git a/docs/operator/configuration.md b/docs/operator/configuration.md new file mode 100644 index 000000000..ec3921c9d --- /dev/null +++ b/docs/operator/configuration.md @@ -0,0 +1,260 @@ +--- +sort: 4 +weight: 4 +title: Configuration +--- + +# Configuration + +Operator configured by env variables, list of it can be found +on [Variables](./vars.md) page. + +It defines default configuration options, like images for components, timeouts, features. + +In addition, the operator has a special startup mode for outputting all variables, their types and default values. +For instance, with this mode you can know versions of VM components, which are used by default: + +```console +./operator --printDefaults + +# This application is configured via the environment. The following environment variables can be used: +# +# KEY TYPE DEFAULT REQUIRED DESCRIPTION +# VM_USECUSTOMCONFIGRELOADER True or False false +# VM_CUSTOMCONFIGRELOADERIMAGE String victoriametrics/operator:config-reloader-v0.32.0 +# VM_VMALERTDEFAULT_IMAGE String victoriametrics/vmalert +# VM_VMALERTDEFAULT_VERSION String v1.93.3 +# VM_VMALERTDEFAULT_USEDEFAULTRESOURCES True or False true +# VM_VMALERTDEFAULT_RESOURCE_LIMIT_MEM String 500Mi +# VM_VMALERTDEFAULT_RESOURCE_LIMIT_CPU String 200m +# ... +``` + +You can choose output format for variables with `--printFormat` flag, possible values: `json`, `yaml`, `list` and `table` (default): + +```console +.operator --printDefaults --printFormat=json + +# { +# 'VM_USECUSTOMCONFIGRELOADER': 'false', +# 'VM_CUSTOMCONFIGRELOADERIMAGE': 'victoriametrics/operator:config-reloader-v0.32.0', +# 'VM_VMALERTDEFAULT_IMAGE': 'victoriametrics/vmalert', +# 'VM_VMALERTDEFAULT_VERSION': 'v1.93.3', +# ... +# 'VM_FORCERESYNCINTERVAL': '60s', +# 'VM_ENABLESTRICTSECURITY': 'true' +# } +``` + +## Conversion of prometheus-operator objects + +You can read detailed instructions about configuring prometheus-objects conversion in [this document](./migration.md). + +## Helm-charts + +In [helm-charts](https://github.com/VictoriaMetrics/helm-charts) some important configuration parameters are implemented as separate flags in `values.yaml`: + +### victoria-metrics-k8s-stack + +For possible values refer to [parameters](https://github.com/VictoriaMetrics/helm-charts/tree/master/charts/victoria-metrics-k8s-stack#parameters). + +Also, checkout [here possible ENV variables](./vars.md) to configure operator behaviour. +ENV variables can be set in the `victoria-metrics-operator.env` section. + +```yaml +# values.yaml + +victoria-metrics-operator: + image: + # -- Image repository + repository: victoriametrics/operator + # -- Image tag + tag: v0.35.0 + # -- Image pull policy + pullPolicy: IfNotPresent + + # -- Tells helm to remove CRD after chart remove + cleanupCRD: true + cleanupImage: + repository: gcr.io/google_containers/hyperkube + tag: v1.18.0 + pullPolicy: IfNotPresent + + operator: + # -- By default, operator converts prometheus-operator objects. + disable_prometheus_converter: false + # -- Compare-options and sync-options for prometheus objects converted by operator for properly use with ArgoCD + prometheus_converter_add_argocd_ignore_annotations: false + # -- Enables ownership reference for converted prometheus-operator objects, + # it will remove corresponding victoria-metrics objects in case of deletion prometheus one. + enable_converter_ownership: false + # -- By default, operator creates psp for its objects. + psp_auto_creation_enabled: true + # -- Enables custom config-reloader, bundled with operator. + # It should reduce vmagent and vmauth config sync-time and make it predictable. + useCustomConfigReloader: false + + # -- extra settings for the operator deployment. full list Ref: [https://github.com/VictoriaMetrics/operator/blob/master/vars.md](https://github.com/VictoriaMetrics/operator/blob/master/vars.md) + env: + # -- default version for vmsingle + - name: VM_VMSINGLEDEFAULT_VERSION + value: v1.43.0 + # -- container registry name prefix, e.g. docker.io + - name: VM_CONTAINERREGISTRY + value: "" + # -- image for custom reloader (see the useCustomConfigReloader parameter) + - name: VM_CUSTOMCONFIGRELOADERIMAGE + value: victoriametrics/operator:config-reloader-v0.32.0 + + # By default, the operator will watch all the namespaces + # If you want to override this behavior, specify the namespace it needs to watch separated by a comma. + # Ex: my_namespace1,my_namespace2 + watchNamespace: "" + + # Count of operator instances (can be increased for HA mode) + replicaCount: 1 + + # -- VM operator log level + # -- possible values: info and error. + logLevel: "info" + + # -- Resource object + resources: + {} + # limits: + # cpu: 120m + # memory: 320Mi + # requests: + # cpu: 80m + # memory: 120Mi +``` + +### victoria-metrics-operator + +For possible values refer to [parameters](https://github.com/VictoriaMetrics/helm-charts/tree/master/charts/victoria-metrics-operator#parameters). + +Also, checkout [here possible ENV variables](./vars.md) to configure operator behaviour. +ENV variables can be set in the `env` section. + +```yaml +# values.yaml + +image: + # -- Image repository + repository: victoriametrics/operator + # -- Image tag + tag: v0.35.0 + # -- Image pull policy + pullPolicy: IfNotPresent + +operator: + # -- By default, operator converts prometheus-operator objects. + disable_prometheus_converter: false + # -- Compare-options and sync-options for prometheus objects converted by operator for properly use with ArgoCD + prometheus_converter_add_argocd_ignore_annotations: false + # -- Enables ownership reference for converted prometheus-operator objects, + # it will remove corresponding victoria-metrics objects in case of deletion prometheus one. + enable_converter_ownership: false + # -- By default, operator creates psp for its objects. + psp_auto_creation_enabled: true + # -- Enables custom config-reloader, bundled with operator. + # It should reduce vmagent and vmauth config sync-time and make it predictable. + useCustomConfigReloader: false + +# -- extra settings for the operator deployment. full list Ref: [https://github.com/VictoriaMetrics/operator/blob/master/vars.md](https://github.com/VictoriaMetrics/operator/blob/master/vars.md) +env: + # -- default version for vmsingle + - name: VM_VMSINGLEDEFAULT_VERSION + value: v1.43.0 + # -- container registry name prefix, e.g. docker.io + - name: VM_CONTAINERREGISTRY + value: "" + # -- image for custom reloader (see the useCustomConfigReloader parameter) + - name: VM_CUSTOMCONFIGRELOADERIMAGE + value: victoriametrics/operator:config-reloader-v0.32.0 + +# By default, the operator will watch all the namespaces +# If you want to override this behavior, specify the namespace it needs to watch separated by a comma. +# Ex: my_namespace1,my_namespace2 +watchNamespace: "" + +# Count of operator instances (can be increased for HA mode) +replicaCount: 1 + +# -- VM operator log level +# -- possible values: info and error. +logLevel: "info" + +# -- Resource object +resources: + {} + # limits: + # cpu: 120m + # memory: 320Mi + # requests: + # cpu: 80m + # memory: 120Mi +``` + +## Namespaced mode + +By default, the operator will watch all namespaces, but it can be configured to watch only specific namespace. + +If you want to override this behavior, specify the namespace: + +- in the `WATCH_NAMESPACE` environment variable. +- in the `watchNamespace` field in the `values.yaml` file of helm-charts. + +The operator supports only single namespace for watching. + +You can find example of RBAC manifests for single-namespace mode in +[this file](https://github.com/VictoriaMetrics/operator/blob/master/config/examples/operator_rbac_for_single_namespace.yaml). + +## Monitoring of cluster components + +By default, operator creates [VMServiceScrape](./resources/vmservicescrape.md) +object for each component that it manages. + +You can disable this behaviour with `VM_DASABLESELFSERVICASCRAPECREATION` environment variable: + +```shell +VM_DASABLESELFSERVICASCRAPECREATION=false +``` + +Also, you can override default configuration for self-scraping with `ServiceScrapeSpec` field in each deployable resource +(`vmcluster/select`, `vmcluster/insert`, `vmcluster/storage`, `vmagent`, `vmalert`, `vmalertmanager`, `vmauth`, `vmsingle`): + +## CRD Validation + +Operator supports validation admission webhook [docs](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) + +It checks resources configuration and returns errors to caller before resource will be created at kubernetes api. +This should reduce errors and simplify debugging. + +Validation hooks at operator side must be enabled with flags: + +```console +./operator + --webhook.enable + # optional configuration for certDir and tls names. + --webhook.certDir=/tmp/k8s-webhook-server/serving-certs/ + --webhook.keyName=tls.key + --webhook.certName=tls.crt +``` + +You have to mount correct certificates at give directory. +It can be simplified with cert-manager and kustomize command: + +```console +kustomize build config/deployments/webhook/ +``` + +### Requirements + +- Valid certificate with key must be provided to operator +- Valid CABundle must be added to the `ValidatingWebhookConfiguration` + +### Useful links + +- [k8s admission webhooks](https://banzaicloud.com/blog/k8s-admission-webhooks/) +- [olm webhooks](https://docs.openshift.com/container-platform/4.5/operators/user/olm-webhooks.html) diff --git a/docs/operator/enterprise.md b/docs/operator/enterprise.md new file mode 100644 index 000000000..49e889f07 --- /dev/null +++ b/docs/operator/enterprise.md @@ -0,0 +1,36 @@ +--- +sort: 13 +weight: 13 +title: Enterprise features +--- + +# Using operator with enterprise features + +Operator doesn't have enterprise version for itself, but it supports +[enterprise features for VictoriaMetrics components](https://docs.victoriametrics.com/enterprise.html): + +- [VMAgent Enterprise features](./resources/vmagent.md#enterprise-features): + - [Reading metrics from kafka](./resources/vmagent.md#reading-metrics-from-kafka) + - [Writing metrics to kafka](./resources/vmagent.md#writing-metrics-to-kafka) +- [VMAlert Enterprise features](./resources/vmalert.md#enterprise-features): + - [Reading rules from object storage](./resources/vmalert.md#reading-rules-from-object-storage) + - [Multitenancy](./resources/vmalert.md#multitenancy) +- [VMAuth Enterprise features](./resources/vmauth.md#enterprise-features) + - [IP Filters](./resources/vmauth.md#ip-filters) +- [VMCluster Enterprise features](./resources/vmcluster.md#enterprise-features) + - [Downsampling](./resources/vmcluster.md#downsampling) + - [Multiple retentions / Retention filters](./resources/vmcluster.md#retention-filters) + - [Advanced per-tenant statistic](./resources/vmcluster.md#advanced-per-tenant-statistic) + - [mTLS protection](./resources/vmcluster.md#mtls-protection) + - [Backup atomation](./resources/vmcluster.md#backup-atomation) +- [VMRule Enterprise features](./resources/vmrule.md#enterprise-features) + - [Multitenancy](./resources/vmrule.md#multitenancy) +- [VMSingle Enterprise features](./resources/vmsingle.md#enterprise-features) + - [Downsampling](./resources/vmsingle.md#downsampling) + - [Retention filters](./resources/vmsingle.md#retention-filters) + - [Backup atomation](./resources/vmsingle.md#backup-atomation) +- [VMUser Enterprise features](./resources/vmuser.md#enterprise-features) + - [IP Filters](./resources/vmuser.md#ip-filters) + +More information about enterprise features you can read +on [VictoriaMetrics Enterprise page](https://docs.victoriametrics.com/enterprise.html#victoriametrics-enterprise). diff --git a/docs/operator/high-availability.md b/docs/operator/high-availability.md index 38ec21574..6f648ef34 100644 --- a/docs/operator/high-availability.md +++ b/docs/operator/high-availability.md @@ -1,381 +1,43 @@ --- -sort: 7 -weight: 7 +sort: 8 +weight: 8 title: High Availability -menu: - docs: - parent: "operator" - weight: 7 -aliases: -- /operator/high-availability.html --- # High Availability -High availability is not only important for customer-facing software but if the monitoring infrastructure is not highly available, then there is a risk that operations people are not notified of alerts. Therefore, high availability must be just as thought through for the monitoring stack, as for anything else. +High availability is not only important for customer-facing software but if the monitoring infrastructure is not highly available, then there is a risk that operations people are not notified of alerts. +Therefore, high availability must be just as thought through for the monitoring stack, as for anything else. -## VMAgent +## Components -To run VMAgent in a highly available manner you have to configure deduplication at Victoria Metrics first [doc](https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/docs/Single-server-VictoriaMetrics.md#deduplication) +VictoriaMetrics operator support high availability for each component of the monitoring stack: -Then increase replicas for VMAgent. +- [VMAgent](./resources/vmagent.md#high-availability) +- [VMAlert](./resources/vmalert.md#high-availability) +- [VMAlertmanager](./resources/vmalertmanager.md#high-availability) +- [VMAuth](./resources/vmauth.md#high-availability) +- [VMCluster](./resources/vmcluster.md#high-availability) -create `VMSingle` with dedup flag: +More details you can find in the section **[High Availability for resources](./resources/README.md#high-availability)**. -```yaml -cat < 8480/TCP 69s -vmselect-example-vmcluster-persistent ClusterIP None 8481/TCP 79s -vmstorage-example-vmcluster-persistent ClusterIP None 8482/TCP,8400/TCP,8401/TCP 85s -``` - -Now you can connect vmagent to vminsert and vmalert to vmselect - ->NOTE do not forget to create rbac for vmagent - -```yaml -cat << EOF | kubectl apply -f - -apiVersion: operator.victoriametrics.com/v1beta1 -kind: VMAgent -metadata: - name: example-vmagent -spec: - serviceScrapeNamespaceSelector: {} - serviceScrapeSelector: {} - podScrapeNamespaceSelector: {} - podScrapeSelector: {} - # Add fields here - replicaCount: 1 - remoteWrite: - - url: "http://vminsert-example-vmcluster-persistent.default.svc.cluster.local:8480/insert/0/prometheus/api/v1/write" -EOF -``` - -Config for vmalert - -```yaml -cat << EOF | kubectl apply -f - -apiVersion: operator.victoriametrics.com/v1beta1 -kind: VMAlert -metadata: - name: example-vmalert -spec: - # Add fields here - replicas: 1 - datasource: - url: "http://vmselect-example-vmcluster-persistent.default.svc.cluster.local:8481/select/0/prometheus" - notifier: - url: "http://alertmanager-operated.default.svc:9093" - evaluationInterval: "10s" - ruleSelector: {} -EOF -``` - - -## Alertmanager - -The final step of the high availability scheme is Alertmanager, when an alert triggers, actually fire alerts against *all* instances of an Alertmanager cluster. - -The Alertmanager, starting with the `v0.5.0` release, ships with a high availability mode. It implements a gossip protocol to synchronize instances of an Alertmanager cluster regarding notifications that have been sent out, to prevent duplicate notifications. It is an AP (available and partition tolerant) system. Being an AP system means that notifications are guaranteed to be sent at least once. - -The Victoria Metrics Operator ensures that Alertmanager clusters are properly configured to run highly available on Kubernetes. +In addition, don't forget about [monitoring for the operator](./monitoring.md). diff --git a/docs/operator/migration.md b/docs/operator/migration.md new file mode 100644 index 000000000..2609c3733 --- /dev/null +++ b/docs/operator/migration.md @@ -0,0 +1,203 @@ +--- +sort: 5 +weight: 5 +title: Migration from Prometheus +--- + +# Migration from prometheus-operator + +Design and implementation inspired by [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator). +It's great a tool for managing monitoring configuration of your applications. VictoriaMetrics operator has api capability with it. + +So you can use familiar CRD objects: `ServiceMonitor`, `PodMonitor`, `PrometheusRule`, `Probe` and `AlertmanagerConfig`. + +Or you can use VictoriaMetrics CRDs: + +- `VMServiceScrape` (instead of `ServiceMonitor`) - defines scraping metrics configuration from pods backed by services. [See details](./resources/vmservicescrape.md). +- `VMPodScrape` (instead of `PodMonitor`) - defines scraping metrics configuration from pods. [See details](./resources/vmpodscrape.md). +- `VMRule` (instead of `PrometheusRule`) - defines alerting or recording rules. [See details](./resources/vmrule.md). +- `VMProbe` (instead of `Probe`) - defines a probing configuration for targets with blackbox exporter. [See details](./resources/vmprobe.md). +- `VMAlertmanagerConfig` (instead of `AlertmanagerConfig`) - defines a configuration for AlertManager. [See details](./resources/vmalertmanagerconfig.md). + +Note that Prometheus CRDs are not supplied with the VictoriaMetrics operator, +so you need to [install them separately](https://github.com/prometheus-operator/prometheus-operator/releases). +VictoriaMetrics operator supports conversion from Prometheus CRD of +version `monitoring.coreos.com/v1` for kinds `ServiceMonitor`, `PodMonitor`, `PrometheusRule`, `Probe` +and version `monitoring.coreos.com/v1alpha1` for kind `AlertmanagerConfig`. + +The default behavior of the operator is as follows: + +- It **converts** all existing Prometheus `ServiceMonitor`, `PodMonitor`, `PrometheusRule` and `Probe` objects into corresponding VictoriaMetrics Operator objects. +- It **syncs** updates (including labels) from Prometheus `ServiceMonitor`, `PodMonitor`, `PrometheusRule` and `Probe` objects to corresponding VictoriaMetrics Operator objects. +- It **DOES NOT delete** converted objects after original ones are deleted. + +With this configuration removing prometheus-operator API objects wouldn't delete any converted objects. So you can safely migrate or run two operators at the same time. + +You can change default behavior with operator configuration - [see details below](#objects-conversion). + +## Objects conversion + +By default, the vmoperator converts all existing [prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) +API objects into corresponding VictoriaMetrics Operator objects ([see above](#migration-from-prometheus-operator)), +i.e. creates resources of VictoriaMetrics similar to Prometheus resources in the same namespace. + +You can control this behaviour by setting env variable for operator: + +```console +# disable convertion for each object +VM_ENABLEDPROMETHEUSCONVERTER_PODMONITOR=false +VM_ENABLEDPROMETHEUSCONVERTER_SERVICESCRAPE=false +VM_ENABLEDPROMETHEUSCONVERTER_PROMETHEUSRULE=false +VM_ENABLEDPROMETHEUSCONVERTER_PROBE=false +``` + +For [victoria-metrics-operator helm-chart](https://github.com/VictoriaMetrics/helm-charts/blob/master/charts/victoria-metrics-operator/README.md) you can use following way: + +```yaml +# values.yaml + +# ... +operator: + # -- By default, operator converts prometheus-operator objects. + disable_prometheus_converter: true +# ... +``` + +Otherwise, VictoriaMetrics Operator would try to discover prometheus-operator API and convert it. + + + +For more information about the operator's workflow, see [this doc](./README.md). + +## Deletion synchronization + +By default, the operator doesn't make converted objects disappear after original ones are deleted. To change this behaviour +configure adding `OwnerReferences` to converted objects with following [operator parameter](./setup.md#settings): + +```console +VM_ENABLEDPROMETHEUSCONVERTEROWNERREFERENCES=true +``` + +For [victoria-metrics-operator helm-chart](https://github.com/VictoriaMetrics/helm-charts/blob/master/charts/victoria-metrics-operator/README.md) you can use following way: + +```yaml +# values.yaml + +# ... +operator: + # -- Enables ownership reference for converted prometheus-operator objects, + # it will remove corresponding victoria-metrics objects in case of deletion prometheus one. + enable_converter_ownership: true +# ... +``` + +Converted objects will be linked to the original ones and will be deleted by kubernetes after the original ones are deleted. + +## Update synchronization + +Conversion of api objects can be controlled by annotations, added to `VMObject`s. + +Annotation `operator.victoriametrics.com/ignore-prometheus-updates` controls updates from Prometheus api objects. + +By default, it set to `disabled`. You define it to `enabled` state and all updates from Prometheus api objects will be ignored. + +Example: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMServiceScrape +metadata: + annotations: + meta.helm.sh/release-name: prometheus + operator.victoriametrics.com/ignore-prometheus-updates: enabled + labels: + release: prometheus + name: prometheus-monitor +spec: + endpoints: [] +``` + +Annotation `operator.victoriametrics.com/ignore-prometheus-updates` can be set on one of the resources: + +- [VMServiceScrape](./resources/vmservicescrape.md) +- [VMPodScrape](./resources/vmpodscrape.md) +- [VMRule](./resources/vmrule.md) +- [VMProbe](./resources/vmprobe.md) +- [VMAlertmanagerConfig](./resources/vmalertmanagerconfig.md) + +And annotation doesn't make sense for [VMStaticScrape](./resources/vmstaticscrape.md) +and [VMNodeScrape](./resources/vmnodescrape.md) because these objects are not created as a result of conversion. + +## Labels and annotations synchronization + +Conversion of api objects can be controlled by annotations, added to `VMObject`s. + +Annotation `operator.victoriametrics.com/merge-meta-strategy` controls syncing of metadata labels and annotations +between `VMObject`s and `Prometheus` api objects during updates to `Prometheus` objects. + +By default, it has `prefer-prometheus`. And annotations and labels will be used from `Prometheus` objects, manually set values will be dropped. + +You can set it to `prefer-victoriametrics`. In this case all labels and annotations applied to `Prometheus` object will be ignored and `VMObject` will use own values. + +Two additional strategies annotations -`merge-victoriametrics-priority` and `merge-prometheus-priority` merges labelSets into one combined labelSet, with priority. + +Example: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMServiceScrape +metadata: + annotations: + meta.helm.sh/release-name: prometheus + operator.victoriametrics.com/merge-meta-strategy: prefer-victoriametrics + labels: + release: prometheus + name: prometheus-monitor +spec: + endpoints: [] +``` + +Annotation `operator.victoriametrics.com/merge-meta-strategy` can be set on one of the resources: + +- [VMServiceScrape](./resources/vmservicescrape.md) +- [VMPodScrape](./resources/vmpodscrape.md) +- [VMRule](./resources/vmrule.md) +- [VMProbe](./resources/vmprobe.md) +- [VMAlertmanagerConfig](./resources/vmalertmanagerconfig.md) + +And annotation doesn't make sense for [VMStaticScrape](./resources/vmstaticscrape.md) +and [VMNodeScrape](./resources/vmnodescrape.md) because these objects are not created as a result of conversion. + +You can filter labels for syncing +with [operator parameter](./setup.md#settings) `VM_FILTERPROMETHEUSCONVERTERLABELPREFIXES`: + +```console +# it excludes all labels that start with "helm.sh" or "argoproj.io" from synchronization +VM_FILTERPROMETHEUSCONVERTERLABELPREFIXES=helm.sh,argoproj.io +``` + +In the same way, annotations with specified prefixes can be excluded from synchronization +with [operator parameter](./setup.md#settings) `VM_FILTERPROMETHEUSCONVERTERANNOTATIONPREFIXES`: + +```console +# it excludes all annotations that start with "helm.sh" or "argoproj.io" from synchronization +VM_FILTERPROMETHEUSCONVERTERANNOTATIONPREFIXES=helm.sh,argoproj.io +``` + +## Using converter with ArgoCD + +If you use ArgoCD, you can allow ignoring objects at ArgoCD converted from Prometheus CRD +with [operator parameter](./setup.md#settings) `VM_PROMETHEUSCONVERTERADDARGOCDIGNOREANNOTATIONS`. + +It helps to properly use converter with ArgoCD and should help prevent out-of-sync issues with argo-cd based deployments: + +```console +# adds compare-options and sync-options for prometheus objects converted by operator +VM_PROMETHEUSCONVERTERADDARGOCDIGNOREANNOTATIONS=true +``` + +## Data migration + +You can use [vmctl](https://docs.victoriametrics.com/vmctl.html) for migrating your data from Prometheus to VictoriaMetrics. + +See [this doc](https://docs.victoriametrics.com/vmctl.html#migrating-data-from-prometheus) for more details. diff --git a/docs/operator/monitoring.md b/docs/operator/monitoring.md new file mode 100644 index 000000000..2fdc295d8 --- /dev/null +++ b/docs/operator/monitoring.md @@ -0,0 +1,72 @@ +--- +sort: 6 +weight: 6 +title: Monitoring +--- + +# Monitoring of VictoriaMetrics Operator + +VictoriaMetrics operator exports internal metrics in Prometheus exposition format at `/metrics` page. + +These metrics can be scraped via [vmagent](./resources/vmagent.md) or Prometheus. + +## Dashboard + +Official Grafana dashboard available for [vmoperator](https://grafana.com/grafana/dashboards/17869-victoriametrics-operator/). + + + +Graphs on the dashboards contain useful hints - hover the `i` icon in the top left corner of each graph to read it. + + + +## Configuration + +### Helm-chart victoria-metrics-k8s-stack + +In [victoria-metrics-k8s-stack](https://github.com/VictoriaMetrics/helm-charts/blob/master/charts/victoria-metrics-k8s-stack/README.md) helm-chart operator self-scrapes metrics by default. + +This helm-chart also includes [official grafana dashboard for operator](#dashboard). + +### Helm-chart victoria-metrics-operator + +With [victoria-metrics-operator](https://github.com/VictoriaMetrics/helm-charts/tree/master/charts/victoria-metrics-operator/README.md) you can use following parameter in `values.yaml`: + +```yaml +# values.yaml +#... +# -- configures monitoring with serviceScrape. VMServiceScrape must be pre-installed +serviceMonitor: + enabled: true +``` + +This parameter makes helm-chart to create a scrape-object for installed operator instance. + +You will also need to deploy a (vmsingle)[./resources/vmsingle.md] where the metrics will be collected. + +### Pure operator installation + +With pure operator installation you can use config with separate vmsingle and scrape object for operator like that: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMServiceScrape +metadata: + name: vmoperator + namespace: monitoring +spec: + selector: + matchLabels: + app.kubernetes.io/instance: vm-operator + app.kubernetes.io/name: victoria-metrics-operator + endpoints: + - port: http + namespaceSelector: + matchNames: + - monitoring +``` + +See more info about object [VMServiceScrape](./resources/vmservicescrape.md). + +You will also need a [vmsingle](https://docs.victoriametrics.com/vmoperatos/resources/vmsingle.html) where the metrics will be collected. + diff --git a/docs/operator/quick-start.md b/docs/operator/quick-start.md index 402c384d1..d1511ae1b 100644 --- a/docs/operator/quick-start.md +++ b/docs/operator/quick-start.md @@ -1,221 +1,187 @@ --- -sort: 9 -weight: 9 -title: Quick start -menu: - docs: - parent: "operator" - weight: 9 - identifier: "quickstartoperator" -aliases: -- /operator/quick-start.html +sort: 1 +weight: 1 +title: QuickStart --- -# Quick start +# VictoriaMetrics Operator QuickStart -Operator serves to make running VictoriaMetrics applications on top of Kubernetes as easy as possible while preserving Kubernetes-native configuration options. +VictoriaMetrics Operator serves to make running VictoriaMetrics applications on top of Kubernetes as easy as possible +while preserving Kubernetes-native configuration options. -## Installing by Manifest +The shortest way to deploy full-stack monitoring cluster with VictoriaMetrics Operator is +to use Helm-chart [victoria-metrics-k8s-stack](https://victoriametrics.github.io/helm-charts/charts/victoria-metrics-k8s-stack/). -Obtain release from releases page: -[https://github.com/VictoriaMetrics/operator/releases](https://github.com/VictoriaMetrics/operator/releases) +Also you can follow the other steps in documentation to use VictoriaMetrics Operator: - We suggest use the latest release. +- [Setup](./setup.md) +- [Security](./security.md) +- [Configuration](./configuration.md) +- [Migration from Prometheus](./migration.md) +- [Monitoring](./monitoring.md) +- [Authorization and exposing components](./auth.md) +- [High Availability](./high-availability.md) +- [Enterprise](./enterprise.md) +- [Custom resources](./resources/README.md) +- [FAQ (Frequency Asked Questions)](./FAQ.md) -```console -# Get latest release version from https://github.com/VictoriaMetrics/operator/releases/latest -export VM_VERSION=`basename $(curl -fs -o/dev/null -w %{redirect_url} https://github.com/VictoriaMetrics/operator/releases/latest)` -wget https://github.com/VictoriaMetrics/operator/releases/download/$VM_VERSION/bundle_crd.zip -unzip bundle_crd.zip +But if you want to deploy VictoriaMetrics Operator quickly from scratch (without using templating for custom resources), +you can follow this guide: + +- [Setup operator](#setup-operator) +- [Deploy components](#deploy-components) + - [VMCluster](#vmcluster-vmselect-vminsert-vmstorage) + - [Scraping](#scraping) + - [VMAgent](#vmagent) + - [VMServiceScrape](#vmservicescrape) + - [Access](#access) + - [VMAuth](#vmauth) + - [VMUser](#vmuser) + - [Alerting](#alerting) + - [VMAlertmanager](#vmalertmanager) + - [VMAlert](#vmalert) + - [VMRule](#vmrule) + - [VMUser](#vmuser-update) +- [Anythings else?](#anythings-else) + +Let's start! + +## Setup operator + +You can find out how to and instructions for installing the VictoriaMetrics operator into your kubernetes cluster +on the [Setup page](./setup.md). + +Here we will elaborate on just one of the ways - for instance, we will install operator via Helm-chart +[victoria-metrics-operator](https://github.com/VictoriaMetrics/helm-charts/blob/master/charts/victoria-metrics-operator/README.md): + +Add repo with helm-chart: + +```shell +helm repo add vm https://victoriametrics.github.io/helm-charts/ +helm repo update ``` -> TIP, operator use monitoring-system namespace, but you can install it to specific namespace with command -> sed -i "s/namespace: monitoring-system/namespace: YOUR_NAMESPACE/g" release/operator/* +Render `values.yaml` with default operator configuration: -First of all, you have to create [custom resource definitions](https://github.com/VictoriaMetrics/operator) -```console -kubectl apply -f release/crds -``` - -Then you need RBAC for operator, relevant configuration for the release can be found at release/operator/rbac.yaml - -Change configuration for operator at `release/operator/manager.yaml`, possible settings: [operator-settings](/operator/vars.html) -and apply it: -```console -kubectl apply -f release/operator/ +```shell +helm show values vm/victoria-metrics-operator > values.yaml ``` -Check the status of operator - -```console -kubectl get pods -n monitoring-system - -#NAME READY STATUS RESTARTS AGE -#vm-operator-667dfbff55-cbvkf 1/1 Running 0 101s +Now you can configure operator - open rendered `values.yaml` file in your text editor. For example: +```shell +code values.yaml ``` + -## Installing by Kustomize +Now you can change configuration in `values.yaml`. For more details about configuration options and methods, +see [configuration -> victoria-metrics-operator](./configuration.md#victoria-metrics-operator). -You can install operator using [Kustomize](https://kustomize.io/) by pointing to the remote kustomization file. +If you migrated from prometheus-operator, you can read about prometheus-operator objects conversion on +the [migration from prometheus-operator](./migration.md). + +Since we're looking at installing from scratch, let's disable prometheus-operator objects conversion, +and also let's set some resources for operator in `values.yaml`: ```yaml -# Get latest release version from https://github.com/VictoriaMetrics/operator/releases/latest -export VM_VERSION=`basename $(curl -fs -o/dev/null -w %{redirect_url} https://github.com/VictoriaMetrics/operator/releases/latest)` +# ... -cat << EOF > kustomization.yaml -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization +operator: + # -- By default, operator converts prometheus-operator objects. + disable_prometheus_converter: true + +# -- Resources for operator resources: -- github.com/VictoriaMetrics/operator/config/default?ref=${VM_VERSION} + limits: + cpu: 500m + memory: 500Mi + requests: + cpu: 100m + memory: 150Mi -images: -- name: victoriametrics/operator - newTag: ${VM_VERSION} -EOF +# ... ``` +You will need a kubernetes namespace to deploy the operator and VM components. Let's create it: -You can change [operator-settings](/vars.MD), or use your custom namespace see [kustomize-example](https://github.com/YuriKravetc/yurikravetc.github.io/tree/main/Operator/kustomize-example). - - - -Build template - -```console -kustomize build . -o monitoring.yaml +```shell +kubectl create namespace vm ``` -Apply manifests +After finishing with `values.yaml` and creating namespace, you can test the installation with command: -```console -kubectl apply -f monitoring.yaml +```shell +helm install vmoperator vm/victoria-metrics-operator -f values.yaml -n vm --debug --dry-run ``` -Check the status of operator +Where `vm` is the namespace where you want to install operator. -```console -kubectl get pods -n monitoring-system +If everything is ok, you can install operator with command: -#NAME READY STATUS RESTARTS AGE -#vm-operator-667dfbff55-cbvkf 1/1 Running 0 101s +```shell +helm install vmoperator vm/victoria-metrics-operator -f values.yaml -n vm +# NAME: vmoperator +# LAST DEPLOYED: Thu Sep 14 15:13:04 2023 +# NAMESPACE: vm +# STATUS: deployed +# REVISION: 1 +# TEST SUITE: None +# NOTES: +# victoria-metrics-operator has been installed. Check its status by running: +# kubectl --namespace vm get pods -l "app.kubernetes.io/instance=vmoperator" +# +# Get more information on https://github.com/VictoriaMetrics/helm-charts/tree/master/charts/victoria-metrics-operator. +# See "Getting started guide for VM Operator" on https://docs.victoriametrics.com/guides/getting-started-with-vm-operator.html . ``` -## Installing to ARM +And check that operator is running: - There is no need in an additional configuration for ARM. Operator and VictoriaMetrics have full support for it. +```shell +kubectl get pods -n vm -l "app.kubernetes.io/instance=vmoperator" -## Create related resources +# NAME READY STATUS RESTARTS AGE +# vmoperator-victoria-metrics-operator-7b88bd6df9-q9qwz 1/1 Running 0 98s +``` -The VictoriaMetrics Operator introduces additional resources in Kubernetes to declare the desired state of a Victoria Metrics applications and Alertmanager cluster as well as the Prometheus resources configuration. The resources it introduces are: +## Deploy components -* [VMSingle](#vmsingle) -* [VMCluster](#vmcluster) -* [VMAgent](#vmagent) -* [VMAlert](#vmalert) -* [VMAlertmanager](#vmalertmanager) -* [VMServiceScrape](#vmservicescrape) -* [VMRule](#vmrule) -* [VMPodScrape](#vmpodscrape) -* [VMProbe](#vmprobe) -* [VMStaticScrape](#vmstaticscrape) -* [VMAuth](#vmauth) -* [VMUser](#vmuser) -* [Selectors](#object-selectors) +Now you can create instances of VictoriaMetrics applications. +Let's create fullstack monitoring cluster with +[`vmagent`](./resources/vmagent.md), +[`vmauth`](./resources/vmauth.md), +[`vmalert`](./resources/vmalert.md), +[`vmalertmanager`](./resources/vmalertmanager.md), +[`vmcluster`](./resources/vmcluster.md) +(a component for deploying a cluster version of +[VictoriaMetrics](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#architecture-overview) +consisting of `vmstorage`, `vmselect` and `vminsert`): -## VMSingle + -[VMSingle](https://github.com/VictoriaMetrics/VictoriaMetrics/) represents database for storing metrics, for all possible config options check api [doc](https://docs.victoriametrics.com/operator/api.html#vmsingle): - -```yaml -cat < 8482/TCP,8400/TCP,8401/TCP 8m3s +# vmselect-demo ClusterIP None 8481/TCP 8m3s +# vminsert-demo ClusterIP 192.168.194.183 8480/TCP 8m3s +``` + +We'll need them in the next steps. + +More information about `vmcluster` resource you can find on +the [vmcluster page](./resources/vmcluster.md). + +### Scraping + +#### VMAgent + +Now let's deploy [`vmagent`](./resources/vmagent.md) resource. + +Create file `vmagent.yaml` + +```shell +code vmagent.yaml +``` + +with the following content: ```yaml -cat << EOF | kubectl apply -f - ---- -apiVersion: operator.victoriametrics.com/v1beta1 -kind: VMCluster -metadata: - name: example-vmcluster -spec: - # Add fields here - retentionPeriod: "1" - vmselect: - replicaCount: 2 - extraArgs: - storageNode: "node-1:8401,node-2:8401" - vminsert: - replicaCount: 2 - extraArgs: - storageNode: "node-1:8401,node-2:8401" -EOF -``` - -## VMAgent - -[VMAgent](https://github.com/VictoriaMetrics/VictoriaMetrics/tree/master/app/vmagent) - is a tiny but brave agent, which helps you collect metrics from various sources and stores them in [VictoriaMetrics](https://github.com/VictoriaMetrics/VictoriaMetrics). -It requires access to Kubernetes API and you can create RBAC for it first, it can be found at `release/examples/VMAgent_rbac.yaml` -Or you can use default rbac account, that will be created for `VMAgent` by operator automatically. - -```console - kubectl apply -f release/examples/vmagent_rbac.yaml -``` - -Modify `VMAgent` config parameters at `release/examples/vmagent.yaml` and apply it, config options [doc](https://docs.victoriametrics.com/operator/api.html#vmagent) - -Example: - -```yaml -cat < + + + +### Alerting + +The remaining components will be needed for alerting. + +#### VMAlertmanager + +Let's start with [`vmalertmanager`](./resources/vmalertmanager.md). + +Create file `vmuser.yaml` + +```shell +code vmuser.yaml +``` + +with the following content: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAlertmanager +metadata: + name: demo +spec: + configRawYaml: | global: resolve_timeout: 5m route: - group_by: ['job'] group_wait: 30s group_interval: 5m repeat_interval: 12h @@ -359,417 +488,99 @@ stringData: receivers: - name: 'webhook' webhook_configs: - - url: 'http://alertmanagerwh:30500/' -EOF + - url: 'http://your-webhook-url' ``` -Then add `Alertmanager` object, other config options at [doc](https://docs.victoriametrics.com/operator/api.html#alertmanager) -you have to set configSecret with name of secret, that we created before - `alertmanager-config`. -```yaml -cat << EOF | kubectl apply -f - -apiVersion: operator.victoriametrics.com/v1beta1 -kind: VMAlertmanager -metadata: - name: example-alertmanager -spec: - # Add fields here - replicaCount: 1 - configSecret: alertmanager-config - selectAllByDefault: true -EOF +where webhook-url is the address of the webhook to receive notifications +(configuration of AlertManager notifications will remain out of scope). +You can find more details about `alertmanager` configuration in +the [Alertmanager documentation](https://prometheus.io/docs/alerting/latest/configuration/). + +After that you can deploy `vmalertmanager` resource to the kubernetes cluster: + +```shell +kubectl apply -f vmalertmanager.yaml -n vm + +# vmalertmanager.operator.victoriametrics.com/demo created ``` -Alertmanager config with raw yaml configuration, use it with care about secret information: -```yaml -cat << EOF | kubectl apply -f - -apiVersion: operator.victoriametrics.com/v1beta1 -kind: VMAlertmanager -metadata: - name: example-alertmanager-raw-config -spec: - # Add fields here - replicaCount: 1 - configSecret: alertmanager-config - configRawYaml: | - global: - resolve_timeout: 5m - route: - group_wait: 30s - group_interval: 5m - repeat_interval: 12h - receiver: 'webhook' - receivers: - - name: 'webhook' - webhook_configs: - - url: 'http://localhost:30502/' -EOF +Check that `vmalertmanager` is running: + +```shell +kubectl get pods -n vm -l "app.kubernetes.io/instance=demo" -l "app.kubernetes.io/name=vmalertmanager" + +# NAME READY STATUS RESTARTS AGE +# vmalertmanager-demo-0 2/2 Running 0 107s ``` - -## VMAlertmanagerConfig +#### VMAlert - `VMAlertmanagerConfig` allows managing `VMAlertmanager` configuration. +And now you can create [`vmalert`](./resources/vmalert.md) resource. -```yaml +Create file `vmalert.yaml` -cat << EOF | kubectl apply -f -apiVersion: operator.victoriametrics.com/v1beta1 -kind: VMAlertmanagerConfig -metadata: - name: example - namespace: default -spec: - inhibit_rules: - - equals: [] - target_matchers: [] - source_matchers: [] - route: - routes: - - receiver: webhook - continue: true - receiver: email - group_by: [] - continue: false - matchers: - - job = "alertmanager" - group_wait: 30s - group_interval: 45s - repeat_interval: 1h - mute_time_intervals: - - name: base - time_intervals: - - times: - - start_time: "" - end_time: "" - weekdays: [] - days_of_month: [] - months: [] - years: [] - receivers: - email_configs: [] - webhook_configs: - - url: http://some-other-wh - pagerduty_configs: [] - pushover_configs: [] - slack_configs: [] - opsgenie_configs: [] - victorops_configs: [] - wechat_configs: [] -EOF +```shell +code vmalert.yaml ``` -## VMAlert - -[VMAlert](https://github.com/VictoriaMetrics/VictoriaMetrics/tree/master/app/vmalert) - executes a list of given [alerting](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) or [recording](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) rules against configured address. It -has few required config options - `datasource` and `notifier` are required, for other config parameters check [doc](https://docs.victoriametrics.com/operator/api.html#vmalert). +with the following content: ```yaml -cat << EOF | kubectl apply -f - apiVersion: operator.victoriametrics.com/v1beta1 kind: VMAlert metadata: - name: example-vmalert + name: demo spec: - replicaCount: 1 datasource: - url: "http://vmsingle-example-vmsingle-persisted.default.svc:8429" - notifier: - url: "http://vmalertmanager-example-alertmanager.default.svc:9093" - evaluationInterval: "30s" - selectAllByDefault: true - -EOF -``` - -## VMServiceScrape - - It generates part of `VMAgent` configuration with `Endpoint` kubernetes_sd role for service discovery targets - by corresponding `Service` and it's `Endpoint`s. - It has various options for scraping configuration of target (with basic auth,tls access, by specific port name etc.). - -Let's make some demo, you have to deploy [VMAgent](#vmagent) and [VMSingle](#vmsingle) from previous step with match any selectors: - -```yaml -cat < 1` +Check that `vmalert` is running: + +```shell +kubectl get pods -n vm -l "app.kubernetes.io/instance=demo" -l "app.kubernetes.io/name=vmalert" + +# NAME READY STATUS RESTARTS AGE +# vmalert-demo-bf75c67cb-hh4qd 2/2 Running 0 5s +``` + +#### VMRule + +Now you can create [vmrule](./resources/vmrule.md) resource +for [vmalert](./resources/vmalert.md). + +Create file `vmrule.yaml` + +```shell +code vmrule.yaml +``` + +with the following content: -{% raw %} ```yaml -cat << 'EOF' | kubectl apply -f - apiVersion: operator.victoriametrics.com/v1beta1 kind: VMRule metadata: - name: example-vmrule-reload-config - labels: - project: devops + name: demo spec: groups: - name: vmalert @@ -783,753 +594,101 @@ spec: annotations: value: "{{ $value }}" description: 'error reloading vmalert config, reload count for 5 min {{ $value }}' -EOF -``` -{% endraw %} - - Ensure, that new alert was started: - ```console -kubectl logs vmalert-example-vmalert-6f8748c6f9-hcfrr vmalert -2020-08-03T09:07:49.772Z info VictoriaMetrics/app/vmalert/web.go:45 api config reload was called, sending sighup -2020-08-03T09:07:49.772Z info VictoriaMetrics/app/vmalert/main.go:115 SIGHUP received. Going to reload rules ["/etc/vmalert/config/vm-example-vmalert-rulefiles-0/*.yaml"] ... -2020-08-03T09:07:49.772Z info VictoriaMetrics/app/vmalert/manager.go:83 reading rules configuration file from "/etc/vmalert/config/vm-example-vmalert-rulefiles-0/*.yaml" -2020-08-03T09:07:49.773Z info VictoriaMetrics/app/vmalert/group.go:169 group "vmAlertGroup": received stop signal -2020-08-03T09:07:49.773Z info VictoriaMetrics/app/vmalert/main.go:124 Rules reloaded successfully from ["/etc/vmalert/config/vm-example-vmalert-rulefiles-0/*.yaml"] -2020-08-03T09:07:49.773Z info VictoriaMetrics/app/vmalert/group.go:153 group "vmalert" started with interval 30s - ``` - Let's trigger it by adding some incorrect rule - -{% raw %} -```yaml -cat << 'EOF' | kubectl apply -f - -apiVersion: operator.victoriametrics.com/v1beta1 -kind: VMRule -metadata: - name: example-vmrule-incorrect-rule - labels: - project: devops -spec: - groups: - - name: incorrect rule - rules: - - alert: vmalert bad config - expr: bad expression - for: 10s - labels: - severity: major - annotations: - value: "{{ $badValue | bad function }}" -EOF -``` -{% endraw %} +After that you can deploy `vmrule` resource to the kubernetes cluster: -`VMAlert` will report incorrect rule config and fire alert: -```console -2020-08-03T09:11:40.672Z info VictoriaMetrics/app/vmalert/main.go:115 SIGHUP received. Going to reload rules ["/etc/vmalert/config/vm-example-vmalert-rulefiles-0/*.yaml"] ... -2020-08-03T09:11:40.672Z info VictoriaMetrics/app/vmalert/manager.go:83 reading rules configuration file from "/etc/vmalert/config/vm-example-vmalert-rulefiles-0/*.yaml" -2020-08-03T09:11:40.673Z error VictoriaMetrics/app/vmalert/main.go:119 error while reloading rules: cannot parse configuration file: invalid group "incorrect rule" in file "/etc/vmalert/config/vm-example-vmalert-rulefiles-0/default-example-vmrule-incorrect-rule.yaml": invalid rule "incorrect rule"."vmalert bad config": invalid expression: unparsed data left: "expression" +```shell +kubectl apply -f vmrule.yaml -n vm + +# vmrule.operator.victoriametrics.com/demo created ``` -Clean up incorrect rule: -```console -kubectl delete vmrule example-vmrule-incorrect-rule +#### VMUser update + +Let's update our user with access to `vmalert` and `vmalertmanager`: + +```shell +code vmuser.yaml ``` -## VMNodeScrape - - `VMNodeScrape` is useful for node exporters monitoring, lets create scraper for cadvisor metrics: - ```yaml -cat << EOF | kubectl apply -f - -apiVersion: operator.victoriametrics.com/v1beta1 -kind: VMNodeScrape -metadata: - name: cadvisor-metrics -spec: - scheme: "https" - tlsConfig: - insecureSkipVerify: true - caFile: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" - bearerTokenFile: "/var/run/secrets/kubernetes.io/serviceaccount/token" - relabelConfigs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - - targetLabel: __address__ - replacement: kubernetes.default.svc:443 - - sourceLabels: [__meta_kubernetes_node_name] - regex: (.+) - targetLabel: __metrics_path__ - replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor -EOF -``` - - - - - -## VMProbe - - `VMProbe` required `VMAgent` and some external prober, blackbox exporter in our case. Ensure that you have `VMAgent` and `VMSingle`: - ```yaml -cat < 443/TCP 4h21m -prometheus-blackbox-exporter ClusterIP 10.105.251.80 9115/TCP 4m36s -vmagent-example-vmagent ClusterIP 10.102.31.47 8429/TCP 12m -vmsingle-example-vmsingle-persisted ClusterIP 10.107.69.7 8429/TCP 12m -``` - -So, we will probe `VMAgent` with url - `vmagent-example-vmagent.default.svc:9115/heath` with blackbox url: -`prometheus-blackbox-exporter.default.svc:9115` and module: `http_2xx` it was specified at blackbox configmap. - -```yaml -cat << EOF | kubectl apply -f - -apiVersion: operator.victoriametrics.com/v1beta1 -kind: VMProbe -metadata: - name: probe-agent -spec: - jobName: static-probe - vmProberSpec: - # by default scheme http, and path is /probe - url: prometheus-blackbox-exporter.default.svc:9115 - module: http_2xx - targets: - staticConfig: - targets: - - vmagent-example-vmagent.default.svc:8429/health - interval: 2s -EOF -``` - -Now new target must be added to `VMAgent` configuration, and it starts probing itself throw blackbox exporter. - -Let's try another target probe type - `Ingress`. Create ingress rule for `VMSingle` and create `VMProbe` for it: - -```yaml - -cat << EOF | kubectl apply -f - -apiVersion: networking.k8s.io/v1beta1 -kind: Ingress -metadata: - labels: - app: victoria-metrics-single - name: victoria-metrics-single -spec: - rules: - - host: vmsingle.example.com - http: - paths: - - backend: - serviceName: vmsingle-example-vmsingle-persisted - servicePort: 8428 - path: / - - host: vmsingle2.example.com - http: - paths: - - backend: - serviceName: vmsingle-example-vmsingle-persisted - servicePort: 8428 - path: / - ---- -apiVersion: operator.victoriametrics.com/v1beta1 -kind: VMProbe -metadata: - name: probe-single-ingress -spec: - vmProberSpec: - # by default scheme http, and path is /probe - url: prometheus-blackbox-exporter.default.svc:9115 - module: http_2xx - targets: - ingress: - selector: - matchLabels: - app: victoria-metrics-single - interval: 10s -EOF -``` - -This configuration will add 2 additional targets for probing: `vmsingle2.example.com` and `vmsingle.example.com`. - -But probes will be unsuccessful, coz there is no such hosts. - -## VMStaticScrape - -It generates config part of `VMAgent` with static_configs, targets for targetEndpoint is a required parameter. -It has various options for scraping configuration of target (with basic auth,tls access, by specific port name etc). - -Add `VMAgent` and Example app from step above and continue this step. - -With simple configuration: -```yaml -cat << EOF | kubectl apply -f - -apiVersion: operator.victoriametrics.com/v1beta1 -kind: VMStaticScrape -metadata: - name: vmstaticscrape-sample -spec: - jobName: static - targetEndpoints: - - targets: ["192.168.0.1:9100","196.168.0.50:9100"] - labels: - env: dev - project: operator -EOF -``` - 2 targets must be added to `VMAgent` scrape config: -```console -static_configs: added targets: 2, removed targets: 0; total targets: 2 -``` - - -## VMAuth - -[VMAuth](https://docs.victoriametrics.com/vmauth.html) allows protecting application with authentication and route traffic by rules. - -api docs [link](https://docs.victoriametrics.com/operator/api.html#vmauthspec) - - First create `VMAuth` configuration: -```yaml -cat << EOF | kubectl apply -f - -apiVersion: operator.victoriametrics.com/v1beta1 -kind: VMAuth -metadata: - name: example - namespace: default -spec: - ingress: {} - selectAllByDefault: true -EOF -``` - It will catch all `VMUser` at any kubernetes namespace and create `Ingress` record for it. -```text -kubectl get pods -NAME READY STATUS RESTARTS AGE -vmauth-example-ffcc78fcc-xddk7 2/2 Running 0 84s -kubectl get ingress -NAME CLASS HOSTS ADDRESS PORTS AGE -vmauth-example * 80 106s -kubectl get secret -l app.kubernetes.io/name=vmauth -NAME TYPE DATA AGE -vmauth-config-example Opaque 1 2m32s -``` - - Generated configuration can be retrieved with command: -{% raw %} -```text -kubectl get secrets/vmauth-config-example -o=go-template='{{index .data "config.yaml.gz"}}' | base64 -d | gunzip - -users: -- url_prefix: http://localhost:8428 - bearer_token: some-default-token -``` -{% endraw %} - - Operator generates default config, if `VMUser`s for given `VMAuth` wasn't found. - -## VMUser - - `VMUser` configures `VMAuth`. api doc [link](https://docs.victoriametrics.com/operator/api.html#vmuserspec) - - There are two authentication mechanisms: `bearerToken` and `basicAuth` with `username` and `password`. Only one of them can be used with `VMUser` at one time. -If you need to provide access with different mechanisms for single endpoint, create multiple `VMUsers`. - If `username` is empty, metadata.name from `VMUser` used as `username`. - If `password` is empty, operator generates random password for `VMUser`. This password added to the `Secret` for this `VMUser` at `data.password` field. - Operator creates `Secret` for every `VMUser` with name - `vmuser-{VMUser.metadata.name}`. It places `username` + `password` or `bearerToken` into `data` section. - -`TargetRefs` is required field for `VMUser`, it allows to configure routing with: -- `static` ref: -```yaml -- static: - url: http://vmalertmanager.service.svc:9093 - ``` -- `crd` ref, allows to target CRD kind of operator, this `CRDObject` must exist. -```yaml -- crd: - kind: VMAgent - name: example - namespace: default -``` - Supported kinds are: `VMAgent, VMSingle, VMAlert, VMAlertmanager, VMCluster/vminsert, VMCluster/vmselect, VMCluster/vmstorage` - -`paths` - configures allowed routing paths for given `targetRef`. - - Let's create example, with access to `VMSingle` and `VMAlert` as static target: - -```yaml -cat << EOF | kubectl apply -f - -apiVersion: operator.victoriametrics.com/v1beta1 -kind: VMSingle -metadata: - name: example - namespace: default -spec: - retentionPeriod: "2d" ---- -apiVersion: operator.victoriametrics.com/v1beta1 -kind: VMAlert -metadata: - name: example -spec: - replicaCount: 1 - datasource: - url: "http://vmsingle-example.default.svc:8429" - notifier: - url: "http://vmalertmanager-example.default.svc:9093" - evaluationInterval: "20s" - ruleSelector: {} -EOF -``` - - Check its status -```console - -kubectl get pods -NAME READY STATUS RESTARTS AGE -vmalert-example-775b8dfbc9-vzlnv 1/2 Running 0 3s -vmauth-example-ffcc78fcc-xddk7 2/2 Running 0 29m -vmsingle-example-6496b5c95d-k6hhp 1/1 Running 0 3s -``` - - Then create `VMUser` -```yaml -cat << EOF | kubectl apply -f - apiVersion: operator.victoriametrics.com/v1beta1 kind: VMUser metadata: - name: example + name: demo spec: - username: simple-user - password: simple-password + name: demo + username: demo + generatePassword: true targetRefs: + # vmui + vmselect - crd: - kind: VMSingle - name: example - namespace: default - paths: ["/.*"] - - static: - url: http://vmalert-example.default.svc:8080 - paths: ["/api/v1/groups","/api/v1/alerts"] -EOF -``` - - Configuration changes for `VMAuth` takes some time, coz of mounted secret, its eventually updated by kubelet. Check vmauth log for changes: - -```console -kubectl logs vmauth-example-ffcc78fcc-xddk7 vmauth -f --tail 10 -2021-05-31T10:46:40.171Z info VictoriaMetrics/app/vmauth/auth_config.go:168 Loaded information about 1 users from "/opt/vmauth/config.yaml" -2021-05-31T10:46:40.171Z info VictoriaMetrics/app/vmauth/main.go:37 started vmauth in 0.000 seconds -2021-05-31T10:46:40.171Z info VictoriaMetrics/lib/httpserver/httpserver.go:82 starting http server at http://:8427/ -2021-05-31T10:46:40.171Z info VictoriaMetrics/lib/httpserver/httpserver.go:83 pprof handlers are exposed at http://:8427/debug/pprof/ -2021-05-31T10:46:45.077Z info VictoriaMetrics/app/vmauth/auth_config.go:143 SIGHUP received; loading -auth.config="/opt/vmauth/config.yaml" -2021-05-31T10:46:45.077Z info VictoriaMetrics/app/vmauth/auth_config.go:168 Loaded information about 1 users from "/opt/vmauth/config.yaml" -2021-05-31T10:46:45.077Z info VictoriaMetrics/app/vmauth/auth_config.go:150 Successfully reloaded -auth.config="/opt/vmauth/config.yaml" -2021-05-31T11:18:21.313Z info VictoriaMetrics/app/vmauth/auth_config.go:143 SIGHUP received; loading -auth.config="/opt/vmauth/config.yaml" -2021-05-31T11:18:21.313Z info VictoriaMetrics/app/vmauth/auth_config.go:168 Loaded information about 1 users from "/opt/vmauth/config.yaml" -2021-05-31T11:18:21.313Z info VictoriaMetrics/app/vmauth/auth_config.go:150 Successfully reloaded -auth.config="/opt/vmauth/config.yaml" -``` - - Now lets try to access protected endpoints, i will use port-forward for that: - -```console -kubectl port-forward vmauth-example-ffcc78fcc-xddk7 8427 - -# at separate terminal execute: - -# vmsingle response -curl http://localhost:8427 -u 'simple-user:simple-password' - -# vmalert response -curl localhost:8427/api/v1/groups -u 'simple-user:simple-password' -``` - - Check create secret for application access: - -```console -kubectl get secrets vmuser-example -NAME TYPE DATA AGE -vmuser-example Opaque 2 6m33s -``` - -## Migration from prometheus-operator objects - -By default, the operator converts all existing prometheus-operator API objects into corresponding VictoriaMetrics Operator objects - -You can control this behaviour by setting env variable for operator: - -```console -#disable convertion for each object -VM_ENABLEDPROMETHEUSCONVERTER_PODMONITOR=false -VM_ENABLEDPROMETHEUSCONVERTER_SERVICESCRAPE=false -VM_ENABLEDPROMETHEUSCONVERTER_PROMETHEUSRULE=false -VM_ENABLEDPROMETHEUSCONVERTER_PROBE=false -``` -Otherwise, VictoriaMetrics Operator would try to discover prometheus-operator API and convert it. - - - Conversion of api objects can be controlled by annotations, added to `VMObject`s, there are following annotations: - - `operator.victoriametrics.com/merge-meta-strategy` - it controls syncing of metadata labels and annotations between - `VMObject`s and `Prometheus` api objects during updates to `Prometheus` objects. By default, it has `prefer-prometheus`. - And annotations and labels will be used from `Prometheus` objects, manually set values will be dropped. - You can set it to `prefer-victoriametrics`. In this case all labels and annotations applied to `Prometheus` object - will be ignored and `VMObject` will use own values. - Two additional strategies annotations -`merge-victoriametrics-priority` and `merge-prometheus-priority` merges labelSets into one combined labelSet, with priority. - Example: -```yaml -apiVersion: operator.victoriametrics.com/v1beta1 -kind: VMServiceScrape -metadata: - annotations: - meta.helm.sh/release-name: prometheus - operator.victoriametrics.com/merge-meta-strategy: prefer-victoriametrics - labels: - release: prometheus - name: prometheus-monitor -spec: - endpoints: [] -``` - -- `operator.victoriametrics.com/ignore-prometheus-updates` - it controls updates from Prometheus api objects. - By default, it set to `disabled`. You define it to `enabled` state and all updates from Prometheus api objects will be - ignored. -```yaml -apiVersion: operator.victoriametrics.com/v1beta1 -kind: VMServiceScrape -metadata: - annotations: - meta.helm.sh/release-name: prometheus - operator.victoriametrics.com/ignore-prometheus-updates: enabled - labels: - release: prometheus - name: prometheus-monitor -spec: - endpoints: [] -``` - -By default the operator doesn't make converted objects disappear after original ones are deleted. To change this behaviour -configure adding `OwnerReferences` to converted objects: -```console -VM_ENABLEDPROMETHEUSCONVERTEROWNERREFERENCES=true -``` -Converted objects will be linked to the original ones and will be deleted by kubernetes after the original ones are deleted. - -### prometheus Rule duplication - `Prometheus` allows to specify rules with the same content with-in one group at Rule spec, but its forbidden by vmalert. - You can tell operator to deduplicate this rules by adding annotation to the `VMAlert` crd definition. In this case operator - skips rule with the same values, see example below. - ```yaml -apiVersion: operator.victoriametrics.com/v1beta1 -kind: VMAlert -metadata: - name: example-vmalert-with-dedup - annotations: - operator.victoriametrics.com/vmalert-deduplicate-rules: "true" -spec: - replicaCount: 1 - datasource: - url: "http://vmsingle-example-vmsingle-persisted.default.svc:8429" - notifier: - url: "http://vmalertmanager-example-alertmanager.default.svc:9093" - evaluationInterval: "30s" - ruleNamespaceSelector: {} - ruleSelector: {} -``` - Now operator will transform this `VMRule`: - ```yaml -apiVersion: operator.victoriametrics.com/v1beta1 -kind: VMRule -metadata: - name: example-vmrule-reload-config - labels: - project: devops -spec: - groups: - - name: vmalert - rules: - - alert: vmalert config reload error - expr: delta(vmalert_config_last_reload_errors_total[5m]) > 0 - for: 10s - labels: - severity: major - - alert: vmalert config reload error - expr: delta(vmalert_config_last_reload_errors_total[5m]) > 0 - for: 10s - labels: - severity: major - - alert: vmalert config reload error - expr: delta(vmalert_config_last_reload_errors_total[5m]) > 0 - for: 2m - labels: - severity: critical -``` -to the rule config: - -```yaml - groups: - - name: vmalert - rules: - - alert: vmalert config reload error - expr: delta(vmalert_config_last_reload_errors_total[5m]) > 0 - for: 10s - labels: - severity: major - - alert: vmalert config reload error - expr: delta(vmalert_config_last_reload_errors_total[5m]) > 0 - for: 2m - labels: - severity: critical -``` -## Expose the VMSingle API - - -> WARNING: Please protect delete endpoint before exposing it [doc](https://github.com/VictoriaMetrics/VictoriaMetrics#how-to-delete-time-series) - -Example for Kubernetes Nginx ingress [doc](https://kubernetes.github.io/ingress-nginx/examples/auth/basic/) - -```console -#generate creds -htpasswd -c auth foo - -#create basic auth secret -cat < + + + +## Anything else + +That's it. We obtained a monitoring cluster corresponding to the target topology: + + + +You have a full-stack monitoring cluster with VictoriaMetrics Operator. + +You can find information about these and other resources of operator on the [Custom resources page](./resources/README.md). + +In addition, check out other sections of the documentation for VictoriaMetrics Operator: + +- [Setup](./setup.md) +- [Security](./security.md) +- [Configuration](./configuration.md) +- [Migration from Prometheus](./migration.md) +- [Monitoring](./monitoring.md) +- [Authorization and exposing components](./auth.md) +- [High Availability](./high-availability.md) +- [Enterprise](./enterprise.md) + +If you have any questions, check out our [FAQ](./FAQ.md) +and feel free to can ask them: +- [VictoriaMetrics Slack](https://victoriametrics.slack.com/) +- [VictoriaMetrics Telegram](https://t.me/VictoriaMetrics_en) + +If you have any suggestions or find a bug, please create an issue +on [GitHub](https://github.com/VictoriaMetrics/operator/issues/new). diff --git a/docs/operator/resources/README.md b/docs/operator/resources/README.md new file mode 100644 index 000000000..52691151b --- /dev/null +++ b/docs/operator/resources/README.md @@ -0,0 +1,220 @@ +--- +sort: 14 +weight: 14 +title: Custom resources +--- + +# Custom resource kinds + +This documentation section describes the design and interaction between the custom resource definitions (CRD) that the Victoria +Metrics Operator introduces. + +[Operator](../README.md) introduces the following custom resources: + +- [VMAgent](./vmagent.md) +- [VMAlert](./vmalert.md) +- [VMAlertManager](./vmalertmanager.md) +- [VMAlertManagerConfig](./vmalertmanagerconfig.md) +- [VMAuth](./vmauth.md) +- [VMCluster](./vmcluster.md) +- [VMNodeScrape](./vmnodescrape.md) +- [VMPodScrape](./vmpodscrape.md) +- [VMProbe](./vmprobe.md) +- [VMRule](./vmrule.md) +- [VMServiceScrape](./vmservicescrape.md) +- [VMStaticScrape](./vmstaticscrape.md) +- [VMSingle](./vmsingle.md) +- [VMUser](./vmuser.md) + +Here is the scheme of relations between the custom resources: + + + +## Specification + +You can find the specification for the custom resources on **[API Docs](../api.md)**. + +### Extra arguments + +If you can't find necessary field in the specification of custom resource, +you can use `extraArgs` field for passing additional arguments to the application. + +Field `extraArgs` is supported for the following custom resources: + +- [VMAgent spec](../api.md#vmagentspec) +- [VMAlert spec](../api.md#vmalertspec) +- [VMAlertManager spec](../api.md#vmalertmanagerspec) +- [VMAuth spec](../api.md#vmauthspec) +- [VMCluster/vmselect spec](../api.md#vmselect) +- [VMCluster/vminsert spec](../api.md#vminsert) +- [VMCluster/vmstorage spec](../api.md#vmstorage) +- [VMSingle spec](../api.md#vmsinglespec) + +Supported flags for each application can be found the in the corresponding documentation: + +- [VMAgent flags](https://docs.victoriametrics.com/vmagent.html#advanced-usage) +- [VMAlert](https://docs.victoriametrics.com/vmalert.html#configuration) +- [VMAuth](https://docs.victoriametrics.com/vmauth.html#advanced-usage) +- [VMCluster](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#list-of-command-line-flags) +- [VMSingle](https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html#list-of-command-line-flags) + +Usage example: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMSingle +metadata: + name: vmsingle-example-exrtaargs +spec: + retentionPeriod: "1" + extraArgs: + dedup.minScrapeInterval: 60s + # ... +``` + +### Extra environment variables + +Flag can be replaced with environment variable, it's useful for retrieving value from secret. +You can use `extraEnvs` field for passing additional arguments to the application. + +Usage example: + +```yaml +kind: VMSingle +metadata: + name: vmsingle-example--exrtaenvs +spec: + retentionPeriod: "1" + extraEnvs: + - name: DEDUP_MINSCRAPEINTERVAL + valueFrom: + secretKeyRef: + name: vm-secret + key: dedup +``` + +This feature really useful for using with +[`-envflag.enable` command-line argument](https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html#environment-variables). + +## Examples + +Page for every custom resource contains examples section: + +- [VMAgent examples](./vmagent.md#examples) +- [VMAlert examples](./vmalert.md#examples) +- [VMAlertmanager examples](./vmalertmanager.md#examples) +- [VMAlertmanagerConfig examples](./vmalertmanagerconfig.md#examples) +- [VMAuth examples](./vmauth.md#examples) +- [VMCluster examples](./vmcluster.md#examples) +- [VMNodeScrape examples](./vmnodescrape.md#examples) +- [VMPodScrape examples](./vmpodscrape.md#examples) +- [VMProbe examples](./vmprobe.md#examples) +- [VMRule examples](./vmrule.md#examples) +- [VMServiceScrape examples](./vmservicescrape.md#examples) +- [VMStaticScrape examples](./vmstaticscrape.md#examples) +- [VMSingle examples](./vmsingle.md#examples) +- [VMUser examples](./vmuser.md#examples) + +In addition, you can find examples of the custom resources for VIctoriMetrics operator in +the **[examples directory](https://github.com/VictoriaMetrics/operator/tree/master/config/examples) of operator repository**. + +## Managing versions of VM + +Every custom resource with deployable application has a fields for specifying version (docker image) of component: + +- [Managing versions for VMAgent](./vmagent.md#version-management) +- [Managing versions for VMAlert](./vmalert.md#version-management) +- [Managing versions for VMAlertmanager](./vmalertmanager.md#version-management) +- [Managing versions for VMAuth](./vmauth.md#version-management) +- [Managing versions for VMCluster](./vmcluster.md#version-management) +- [Managing versions for VMSingle](./vmsingle.md#version-management) + +## High availability + +VictoriaMetrics operator support high availability for each component of the monitoring stack: + +- [VMAgent](./vmagent.md#high-availability) +- [VMAlert](./vmalert.md#high-availability) +- [VMAlertmanager](./vmalertmanager.md#high-availability) +- [VMAuth](./vmauth.md#high-availability) +- [VMCluster](./vmcluster.md#high-availability) + +In addition, these CRD support common features, that can be used to increase high availability - resources above have the following fields: + +- `affinity` - to schedule pods on different nodes ([affinity and anti-affinity in kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity)), +- `tolerations` - to schedule pods on nodes with taints ([taints and tolerations in kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)), +- `nodeSelector` - to schedule pods on nodes with specific labels ([node selector in kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector)), +- `topologySpreadConstraints` - to schedule pods on different nodes in the same topology ([topology spread constraints in kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#pod-topology-spread-constraints)). + +See details about these fields in the [Specification](#specification). + +## Enterprise features + +Operator supports following [Enterprise features for VictoriaMetrics components](https://docs.victoriametrics.com/enterprise.html): + +- [VMAgent Enterprise features](./vmagent.md#enterprise-features): + - [Reading metrics from kafka](./vmagent.md#reading-metrics-from-kafka) + - [Writing metrics to kafka](./vmagent.md#writing-metrics-to-kafka) +- [VMAlert Enterprise features](./vmalert.md#enterprise-features): + - [Reading rules from object storage](./vmalert.md#reading-rules-from-object-storage) + - [Multitenancy](./vmalert.md#multitenancy) +- [VMAuth Enterprise features](./vmauth.md#enterprise-features) + - [IP Filters](./vmauth.md#ip-filters) +- [VMCluster Enterprise features](./vmcluster.md#enterprise-features) + - [Downsampling](./vmcluster.md#downsampling) + - [Multiple retentions / Retention filters](./vmcluster.md#retention-filters) + - [Advanced per-tenant statistic](./vmcluster.md#advanced-per-tenant-statistic) + - [mTLS protection](./vmcluster.md#mtls-protection) + - [Backup atomation](./vmcluster.md#backup-atomation) +- [VMRule Enterprise features](./vmrule.md#enterprise-features) + - [Multitenancy](./vmrule.md#multitenancy) +- [VMSingle Enterprise features](./vmsingle.md#enterprise-features) + - [Downsampling](./vmsingle.md#downsampling) + - [Retention filters](./vmsingle.md#retention-filters) + - [Backup atomation](./vmsingle.md#backup-atomation) +- [VMUser Enterprise features](./vmuser.md#enterprise-features) + - [IP Filters](./vmuser.md#ip-filters) + +More information about enterprise features you can read +on [VictoriaMetrics Enterprise page](https://docs.victoriametrics.com/enterprise.html#victoriametrics-enterprise). + +## Configuration synchronization + +### Basic concepts + +VictoriaMetrics applications, like many other applications with configuration file deployed at Kubernetes, uses `ConfigMaps` and `Secrets` for configuration files. +Usually, it's out of application scope to watch for configuration on-disk changes. +Applications reload their configuration by a signal from a user or some other tool, that knows how to watch for updates. +At Kubernetes, the most popular design for this case is a sidecar container, that watches for configuration file changes and sends an HTTP request to the application. + +`Configmap` or `Secret` that mounted at `Pod` holds a copy of its content. +Kubernetes component `kubelet` is responsible for content synchronization between an object at Kubernetes API and a file served on disk. +It's not efficient to sync its content immediately, and `kubelet` eventually synchronizes it. There is a configuration option, that controls this period. + +That's why, applications managed by operator don't receive changes immediately. It usually takes 1-2 min, before content will be updated. + +It may trigger errors when an application was deleted, but [`VMAgent`](./README.mdvmagent) still tries to scrape it. + +### Possible mitigations + +The naive solution for this case decrease the synchronization period. But it configures globally and may be hard for operator users. + +That's why operator uses a few hacks. + +For `ConfigMap` updates, operator changes annotation with a time of `Configmap` content update. It triggers `ConfigMap`'s content synchronization by kubelet immediately. +It's the case for `VMAlert`, it uses `ConfigMap` as a configuration source. + +For `Secret` it doesn't work. And operator offers its implementation for side-car container. It can be configured with env variable for operator: + +``` +- name: VM_USECUSTOMCONFIGRELOADER + value: "true" +``` + +If it's defined, operator uses own [config-reloader](https://github.com/VictoriaMetrics/operator/tree/master/internal/config-reloader) +instead of [prometheus-config-reload](https://github.com/prometheus-operator/prometheus-operator/tree/main/cmd/prometheus-config-reloader). + +It watches corresponding `Secret` for changes with Kubernetes API watch call and writes content into emptyDir. +This emptyDir shared with the application. +In case of content changes, `config-reloader` sends HTTP requests to the application. +It greatly reduces the time for configuration synchronization. diff --git a/docs/operator/resources/vmagent.md b/docs/operator/resources/vmagent.md new file mode 100644 index 000000000..73126c82d --- /dev/null +++ b/docs/operator/resources/vmagent.md @@ -0,0 +1,720 @@ +# VMAgent + +`VMAgent` represents agent, which helps you collect metrics from various sources and stores them in VictoriaMetrics. +The `VMAgent` CRD declaratively defines a desired [VMAgent](https://docs.victoriametrics.com/vmagent) +setup to run in a Kubernetes cluster. + +It requires access to Kubernetes API and you can create RBAC for it first, it can be found +at [`examples/vmagent_rbac.yaml`](https://github.com/VictoriaMetrics/operator/blob/master/config/examples/vmagent_rbac.yaml) +Or you can use default rbac account, that will be created for `VMAgent` by operator automatically. + +For each `VMAgent` resource Operator deploys a properly configured `Deployment` in the same namespace. +The VMAgent `Pod`s are configured to mount a `Secret` prefixed with `` containing the configuration +for VMAgent. + +For each `VMAgent` resource, the Operator adds `Service` and `VMServiceScrape` in the same namespace prefixed with +name ``. + +The CRD specifies which `VMServiceScrape` should be covered by the deployed VMAgent instances based on label selection. +The Operator then generates a configuration based on the included `VMServiceScrape`s and updates the `Secret` which +contains the configuration. It continuously does so for all changes that are made to the `VMServiceScrape`s or the +`VMAgent` resource itself. + +If no selection of `VMServiceScrape`s is provided - Operator leaves management of the `Secret` to the user, +so user can set custom configuration while still benefiting from the Operator's capabilities of managing VMAgent setups. + +## Specification + +You can see the full actual specification of the `VMAgent` resource in the **[API docs -> VMAgent](../api.md#vmagent)**. + +If you can't find necessary field in the specification of the custom resource, +see [Extra arguments section](./README.md#extra-arguments). + +Also, you can check out the [examples](#examples) section. + +## Scraping + +`VMAgent` supports scraping targets with: + +- [VMServiceScrape](./vmservicescrape.md), +- [VMPodScrape](./vmpodscrape.md), +- [VMNodeScrape](./vmnodescrape.md), +- [VMStaticScrape](./vmstaticscrape.md), +- [VMProbe](./vmprobe.md). + +These objects tell VMAgent from which targets and how to collect metrics and +generate part of [VMAgent](./vmagent.md) scrape configuration. + +For filtering scrape objects `VMAgent` uses selectors. +Selectors are defined with suffixes - `NamespaceSelector` and `Selector` for each type of scrape objects in spec of `VMAgent`: + +- `serviceScrapeNamespaceSelector` and `serviceScrapeSelector` for selecting [VMServiceScrape](./vmservicescrape.md) objects, +- `podScrapeNamespaceSelector` and `podScrapeSelector` for selecting [VMPodScrape](./vmpodscrape.md) objects, +- `probeNamespaceSelector` and `probeSelector` for selecting [VMProbe](./vmprobe.md) objects, +- `staticScrapeNamespaceSelector` and `staticScrapeSelector` for selecting [VMStaticScrape](./vmstaticscrape.md) objects, +- `nodeScrapeNamespaceSelector` and `nodeScrapeSelector` for selecting [VMNodeScrape](./vmnodescrape.md) objects. + +It allows configuring objects access control across namespaces and different environments. +Specification of selectors you can see in [this doc](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta). + +In addition to the above selectors, the filtering of objects in a cluster is affected by the field `selectAllByDefault` of `VMAgent` spec and environment variable `WATCH_NAMESPACE` for operator. + +Following rules are applied: + +- If `*NamespaceSelector` and `*Selector` both undefined, then by default select nothing. With option set - `spec.selectAllByDefault: true`, select all objects of given type. +- If `*NamespaceSelector` defined, `*Selector` undefined, then all objects are matching at namespaces for given `*NamespaceSelector`. +- If `*NamespaceSelector` undefined, `*Selector` defined, then all objects at `VMAgent`'s namespaces are matching for given `*Selector`. +- If `*NamespaceSelector` and `*Selector` both defined, then only objects at namespaces matched `*NamespaceSelector` for given `*Selector` are matching. + +Here's a more visual and more detailed view: + +| `*NamespaceSelector` | `*Selector` | `selectAllByDefault` | `WATCH_NAMESPACE` | Selected objects | +|----------------------|-------------|----------------------|-------------------|-------------------------------------------------------------------------------------------------------| +| undefined | undefined | false | undefined | nothing | +| undefined | undefined | **true** | undefined | all objects of given type (`*`) in the cluster | +| **defined** | undefined | any | undefined | all objects of given type (`*`) at namespaces for given `*NamespaceSelector` | +| undefined | **defined** | any | undefined | all objects of given type (`*`) only at `VMAgent`'s namespace are matching for given `Selector | +| **defined** | **defined** | any | undefined | all objects of given type (`*`) only at namespaces matched `*NamespaceSelector` for given `*Selector` | +| any | undefined | any | **defined** | all objects of given type (`*`) only at `VMAgent`'s namespace | +| any | **defined** | any | **defined** | all objects of given type (`*`) only at `VMAgent`'s namespace for given `*Selector` | + +More details about `WATCH_NAMESPACE` variable you can read in [this doc](../configuration.md#namespaced-mode). + +Here are some examples of `VMAgent` configuration with selectors: + +```yaml +# select all scrape objects in the cluster +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAgent +metadata: + name: vmagent-select-all +spec: + # ... + selectAllByDefault: true + +--- + +# select all scrape objects in specific namespace (my-namespace) +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAgent +metadata: + name: vmagent-select-ns +spec: + # ... + serviceScrapeNamespaceSelector: + matchLabels: + kubernetes.io/metadata.name: my-namespace + podScrapeNamespaceSelector: + matchLabels: + kubernetes.io/metadata.name: my-namespace + nodeScrapeNamespaceSelector: + matchLabels: + kubernetes.io/metadata.name: my-namespace + staticScrapeNamespaceSelector: + matchLabels: + kubernetes.io/metadata.name: my-namespace + probeNamespaceSelector: + matchLabels: + kubernetes.io/metadata.name: my-namespace +``` + +## High availability + + + +### Replication and deduplication + +To run VMAgent in a highly available manner at first you have to configure deduplication in Victoria Metrics +according [this doc for VMSingle](https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html#deduplication) +or [this doc for VMCluster](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#deduplication). + +You can do it with `extraArgs` on [`VMSingle`](./vmsingle.md): + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMSingle +metadata: + name: vmsingle-example +spec: + # ... + extraArgs: + dedup.minScrapeInterval: 30s + # ... +``` + +For [`VMCluster`](./vmcluster.md) you can do it with `vmstorage.extraArgs` and `vmselect.extraArgs`: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMCluster +metadata: + name: vmcluster-example +spec: + # ... + vmselect: + extraArgs: + dedup.minScrapeInterval: 30s + # ... + vmstorage: + extraArgs: + dedup.minScrapeInterval: 30s + # ... +``` + +Deduplication is automatically enabled with `replicationFactor > 1` on `VMCLuster`. + +After enabling deduplication you can increase replicas for VMAgent. + +For instance, let's create `VMAgent` with 2 replicas: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAgent +metadata: + name: vmagent-ha-example +spec: + # ... + selectAllByDefault: true + vmAgentExternalLabelName: vmagent_ha + remoteWrite: + - url: "http://vmsingle-example.default.svc:8429/api/v1/write" + # Replication: + scrapeInterval: 30s + replicaCount: 2 + # ... +``` + +Now, even if something happens to one of the vmagent, you'll still have the data. + +### StatefulMode + +VMAgent supports [persistent buffering](https://docs.victoriametrics.com/vmagent.html#replication-and-high-availability) +for sending data to remote storage. By default, operator set `-remoteWrite.tmpDataPath` for `VMAgent` to `/tmp` (that use k8s ephemeral storage) +and `VMAgent` loses state of the PersistentQueue on pod restarts. + +In `StatefulMode` `VMAgent` doesn't lose state of the PersistentQueue (file-based buffer size for unsent data) on pod restarts. +Operator creates `StatefulSet` and, with provided `PersistentVolumeClaimTemplate` at `StatefulStorage` configuration param, metrics queue is stored on disk. + +Example of configuration for `StatefulMode`: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAgent +metadata: + name: vmagent-ha-example +spec: + # ... + selectAllByDefault: true + vmAgentExternalLabelName: vmagent_ha + remoteWrite: + - url: "http://vmsingle-example.default.svc:8429/api/v1/write" + # Replication: + scrapeInterval: 30s + replicaCount: 2 + # StatefulMode: + statefulMode: true + statefulStorage: + volumeClaimTemplate: + spec: + resources: + requests: + storage: 20Gi + # ... +``` + +### Sharding + +Operator supports sharding with [cluster mode of vmagent](https://docs.victoriametrics.com/vmagent.html#scraping-big-number-of-targets) +for **scraping big number of targets**. + +Sharding for `VMAgent` distributes scraping between multiple deployments of `VMAgent`. + +Example usage (it is a complete example of `VMAgent` with high availability features): + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAgent +metadata: + name: vmagent-ha-example +spec: + # ... + selectAllByDefault: true + vmAgentExternalLabelName: vmagent_ha + remoteWrite: + - url: "http://vmsingle-example.default.svc:8429/api/v1/write" + # Replication: + scrapeInterval: 30s + replicaCount: 2 + # StatefulMode: + statefulMode: true + statefulStorage: + volumeClaimTemplate: + spec: + resources: + requests: + storage: 20Gi + # Sharding + shardCount: 5 + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + shard-num: '%SHARD_NUM%' + topologyKey: kubernetes.io/hostname + # ... +``` + +This configuration produces `5` deployments with `2` replicas at each. +Each deployment has its own shard num and scrapes only `1/5` of all targets. + +Also, you can use special placeholder `%SHARD_NUM%` in fields of `VMAgent` specification +and operator will replace it with current shard num of vmagent when creating deployment or statefullset for vmagent. + +In the example above, the `%SHARD_NUM%` placeholder is used in the `podAntiAffinity` section, +which recommend to scheduler that pods with the same shard num (label `shard-num` in the pod template) +are not deployed on the same node. You can use another `topologyKey` for availability zone or region instead of nodes. + +**Note** that at the moment operator doesn't use `-promscrape.cluster.replicationFactor` parameter of `VMAgent` and +creates `replicaCount` of replicas for each shard (which leads greater resource consumption). +This will be fixed in the future, more details can be seen in [this issue](https://github.com/VictoriaMetrics/operator/issues/604). + +Also see [this example](https://github.com/VictoriaMetrics/operator/blob/master/config/examples/vmagent_stateful_with_sharding.yaml). + +## Additional scrape configuration + +AdditionalScrapeConfigs is an additional way to add scrape targets in `VMAgent` CRD. + +There are two options for adding targets into `VMAgent`: + +- [inline configuration into CRD](#inline-additional-scrape-configuration-in-vmagent-crd), +- [defining it as a Kubernetes Secret](#define-additional-scrape-configuration-as-a-kubernetes-secret). + +No validation happens during the creation of configuration. However, you must validate job specs, and it must follow job spec configuration. +Please check [scrape_configs documentation](https://docs.victoriametrics.com/sd_configs.html#scrape_configs) as references. + +### Inline Additional Scrape Configuration in VMAgent CRD + +You need to add scrape configuration directly to the `vmagent spec.inlineScrapeConfig`. It is raw text in YAML format. +See example below + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAgent +metadata: + name: vmagent-example +spec: + # ... + selectAllByDefault: true + inlineScrapeConfig: | + - job_name: "prometheus" + static_configs: + - targets: ["localhost:9090"] + remoteWrite: + - url: "http://vmsingle-example.default.svc:8429/api/v1/write" + # ... +``` + +**Note**: Do not use passwords and tokens with inlineScrapeConfig use Secret instead. + +## Define Additional Scrape Configuration as a Kubernetes Secret + +You need to define Kubernetes Secret with a key. + +The key is `prometheus-additional.yaml` in the example below: + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: additional-scrape-configs +stringData: + prometheus-additional.yaml: | + - job_name: "prometheus" + static_configs: + - targets: ["localhost:9090"] +``` + +After that, you need to specify the secret's name and key in VMAgent CRD in `additionalScrapeConfigs` section: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAgent +metadata: + name: vmagent-example +spec: + # ... + selectAllByDefault: true + additionalScrapeConfigs: + name: additional-scrape-configs + key: prometheus-additional.yaml + remoteWrite: + - url: "http://vmsingle-example.default.svc:8429/api/v1/write" + # ... +``` + +**Note**: You can specify only one Secret in the VMAgent CRD configuration so use it for all additional scrape configurations. + +## Relabeling + +`VMAgent` supports global relabeling for all metrics and per remoteWrite target relabel config. + +Note in some cases, you don't need relabeling, `key=value` label pairs can be added to the all scrapped metrics with `spec.externalLabels` for `VMAgent`: + +```yaml +# simple label add config +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAgent +metadata: + name: vmagent-example +spec: + externalLabels: + clusterid: some_cluster +``` + +`VMAgent` CR supports relabeling with [custom configMap](#relabeling-config-in-configmap) +or [inline defined at CRD](#inline-relabeling-config). + +### Relabeling config in Configmap + +Quick tour how to create `ConfigMap` with relabeling configuration: + + ```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: vmagent-relabel +data: + global-relabel.yaml: | + - target_label: bar + - source_labels: [aa] + separator: "foobar" + regex: "foo.+bar" + target_label: aaa + replacement: "xxx" + - action: keep + source_labels: [aaa] + - action: drop + source_labels: [aaa] + target-1-relabel.yaml: | + - action: keep_if_equal + source_labels: [foo, bar] + - action: drop_if_equal + source_labels: [foo, bar] +``` + +Second, add `relabelConfig` to `VMagent` spec for global relabeling with name of `Configmap` - `vmagent-relabel` and key `global-relabel.yaml`. + +For relabeling per remoteWrite target, add `urlRelabelConfig` name of `Configmap` - `vmagent-relabel` +and key `target-1-relabel.yaml` to one of remoteWrite target for relabeling only for those target: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAgent +metadata: + name: vmagent-example +spec: + # ... + selectAllByDefault: true + relabelConfig: + name: "vmagent-relabel" + key: "global-relabel.yaml" + remoteWrite: + - url: "http://vmsingle-example-vmsingle-persisted.default.svc:8429/api/v1/write" + - url: "http://vmsingle-example-vmsingle.default.svc:8429/api/v1/write" + urlRelabelConfig: + name: "vmagent-relabel" + key: "target-1-relabel.yaml" +``` + +### Inline relabeling config + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAgent +metadata: + name: vmagent-example +spec: + # ... + selectAllByDefault: true + inlineRelabelConfig: + - target_label: bar + - source_labels: [aa] + separator: "foobar" + regex: "foo.+bar" + target_label: aaa + replacement: "xxx" + - action: keep + source_labels: [aaa] + - action: drop + source_labels: [aaa] + remoteWrite: + - url: "http://vmsingle-example-vmsingle-persisted.default.svc:8429/api/v1/write" + - url: "http://vmsingle-example-vmsingle.default.svc:8429/api/v1/write" + inlineUrlRelabelConfig: + - action: keep_if_equal + source_labels: [foo, bar] + - action: drop_if_equal + source_labels: [foo, bar] +``` + +### Combined example + +It's also possible to use both features in combination. + +First will be added relabeling configs from `inlineRelabelConfig`, then `relabelConfig` from configmap. + + ```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: vmagent-relabel +data: + global-relabel.yaml: | + - target_label: bar + - source_labels: [aa] + separator: "foobar" + regex: "foo.+bar" + target_label: aaa + replacement: "xxx" + - action: keep + source_labels: [aaa] + - action: drop + source_labels: [aaa] + target-1-relabel.yaml: | + - action: keep_if_equal + source_labels: [foo, bar] + - action: drop_if_equal + source_labels: [foo, bar] +``` + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAgent +metadata: + name: example-vmagent +spec: + # ... + selectAllByDefault: true + inlineRelabelConfig: + - target_label: bar1 + - source_labels: [aa] + relabelConfig: + name: "vmagent-relabel" + key: "global-relabel.yaml" + remoteWrite: + - url: "http://vmsingle-example-vmsingle-persisted.default.svc:8429/api/v1/write" + - url: "http://vmsingle-example-vmsingle.default.svc:8429/api/v1/write" + urlRelabelConfig: + name: "vmagent-relabel" + key: "target-1-relabel.yaml" + inlineUrlRelabelConfig: + - action: keep_if_equal + source_labels: [foo1, bar2] +``` + +Resulted configmap, mounted to `VMAgent` pod: + +```yaml +apiVersion: v1 +data: + global_relabeling.yaml: | + - target_label: bar1 + - source_labels: + - aa + - target_label: bar + - source_labels: [aa] + separator: "foobar" + regex: "foo.+bar" + target_label: aaa + replacement: "xxx" + - action: keep + source_labels: [aaa] + - action: drop + source_labels: [aaa] + url_rebaling-1.yaml: | + - source_labels: + - foo1 + - bar2 + action: keep_if_equal + - action: keep_if_equal + source_labels: [foo, bar] + - action: drop_if_equal + source_labels: [foo, bar] +kind: ConfigMap +metadata: + finalizers: + - apps.victoriametrics.com/finalizer + labels: + app.kubernetes.io/component: monitoring + app.kubernetes.io/instance: example-vmagent + app.kubernetes.io/name: vmagent + managed-by: vm-operator + name: relabelings-assets-vmagent-example-vmagent + namespace: default + ownerReferences: + - apiVersion: operator.victoriametrics.com/v1beta1 + blockOwnerDeletion: true + controller: true + kind: VMAgent + name: example-vmagent + uid: 7e9fb838-65da-4443-a43b-c00cd6c4db5b +``` + +### Additional information + +`VMAgent` also has some extra options for relabeling actions, you can check it [docs](https://docs.victoriametrics.com/vmagent#relabeling). + +## Version management + +To set `VMAgent` version add `spec.image.tag` name from [releases](https://github.com/VictoriaMetrics/VictoriaMetrics/releases) + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAgent +metadata: + name: example-vmagent +spec: + image: + repository: victoriametrics/victoria-metrics + tag: v1.93.4 + pullPolicy: Always + # ... +``` + +Also, you can specify `imagePullSecrets` if you are pulling images from private repo: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAgent +metadata: + name: example-vmagent +spec: + image: + repository: victoriametrics/victoria-metrics + tag: v1.93.4 + pullPolicy: Always + imagePullSecrets: + - name: my-repo-secret +# ... +``` + +## Enterprise features + +VMAgent supports feature [Kafka integration](https://docs.victoriametrics.com/vmagent.html#kafka-integration) +from [VictoriaMetrics Enterprise](https://docs.victoriametrics.com/enterprise.html#victoriametrics-enterprise). + +For using Enterprise version of [vmagent](https://docs.victoriametrics.com/vmagent.html) +you need to change version of `vmagent` to version with `-enterprise` suffix using [Version management](#version-management). + +All the enterprise apps require `-eula` command-line flag to be passed to them. +This flag acknowledges that your usage fits one of the cases listed on [this page](https://docs.victoriametrics.com/enterprise.html#victoriametrics-enterprise). +So you can use [extraArgs](./README.md#extra-arguments) for passing this flag to `VMAgent`: + +After that you can pass [Kafka integration](https://docs.victoriametrics.com/vmagent.html#kafka-integration) +flags to `VMAgent` with [extraArgs](./README.md#extra-arguments). + +### Reading metrics from Kafka + +Here are complete example for [Reading metrics from Kafka](https://docs.victoriametrics.com/vmagent.html#reading-metrics-from-kafka): + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAgent +metadata: + name: vmagent-ent-example +spec: + # enabling enterprise features + image: + # enterprise version of vmagent + tag: v1.93.5-enterprise + extraArgs: + # should be true and means that you have the legal right to run a vmagent enterprise + # that can either be a signed contract or an email with confirmation to run the service in a trial period + # https://victoriametrics.com/legal/esa/ + eula: true + + # using enterprise features: reading metrics from kafka + # more details about kafka integration you can read on https://docs.victoriametrics.com/vmagent.html#kafka-integration + # more details about these and other flags you can read on https://docs.victoriametrics.com/vmagent.html#command-line-flags-for-kafka-consumer + kafka.consumer.topic.brokers: localhost:9092 + kafka.consumer.topic.format: influx + kafka.consumer.topic: metrics-by-telegraf + kafka.consumer.topic.groupID: some-id + + # ...other fields... +``` + +### Writing metrics to Kafka + +Here are complete example for [Writing metrics to Kafka](https://docs.victoriametrics.com/vmagent.html#writing-metrics-to-kafka): + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAgent +metadata: + name: vmagent-ent-example +spec: + # enabling enterprise features + image: + # enterprise version of vmagent + tag: v1.93.5-enterprise + extraArgs: + # should be true and means that you have the legal right to run a vmagent enterprise + # that can either be a signed contract or an email with confirmation to run the service in a trial period + # https://victoriametrics.com/legal/esa/ + eula: true + + # using enterprise features: writing metrics to Kafka + # more details about kafka integration you can read on https://docs.victoriametrics.com/vmagent.html#kafka-integration + remoteWrite: + # sasl with username and password + - url: kafka://broker-1:9092/?topic=prom-rw-1&security.protocol=SASL_SSL&sasl.mechanisms=PLAIN + # it requires to create kubernetes secret `kafka-basic-auth` with keys `username` and `password` in the same namespace + basicAuth: + username: + name: kafka-basic-auth + key: username + password: + name: kafka-basic-auth + key: password + # sasl with username and password from secret and tls + - url: kafka://localhost:9092/?topic=prom-rw-2&security.protocol=SSL + # it requires to create kubernetes secret `kafka-tls` with keys `ca.pem`, `cert.pem` and `key.pem` in the same namespace + tlsConfig: + ca: + secret: + name: kafka-tls + key: ca.pem + cert: + secret: + name: kafka-tls + key: cert.pem + keySecret: + name: kafka-tls + key: key.pem + + # ...other fields... +``` + +## Examples + +```yaml +kind: VMAgent +metadata: + name: vmagent-example +spec: + selectAllByDefault: true + replicaCount: 1 + scrapeInterval: 30s + scrapeTimeout: 10s + vmAgentExternalLabelName: example + externalLabels: + cluster: my-cluster + remoteWrite: + - url: "http://vmsingle-example.default.svc:8428/api/v1/write" + inlineRelabelConfig: + - action: labeldrop + regex: "temp.*" +``` diff --git a/docs/operator/resources/vmalert.md b/docs/operator/resources/vmalert.md new file mode 100644 index 000000000..9e5b9c272 --- /dev/null +++ b/docs/operator/resources/vmalert.md @@ -0,0 +1,362 @@ +# VMAlert + +`VMAlert` - executes a list of given [alerting](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) +or [recording](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) rules against configured address. + +The `VMAlert` CRD declaratively defines a desired [VMAlert](https://github.com/VictoriaMetrics/VictoriaMetrics/tree/master/app/vmalert) +setup to run in a Kubernetes cluster. + +It has few required config options - `datasource` and `notifier` are required, for other config parameters +check [doc](../api.md#vmalert). + +For each `VMAlert` resource, the Operator deploys a properly configured `Deployment` in the same namespace. +The VMAlert `Pod`s are configured to mount a list of `Configmaps` prefixed with `-number` containing +the configuration for alerting rules. + +For each `VMAlert` resource, the Operator adds `Service` and `VMServiceScrape` in the same namespace prefixed with +name ``. + +## Specification + +You can see the full actual specification of the `VMAlert` resource in the **[API docs -> VMAlert](../api.md#vmalert)**. + +If you can't find necessary field in the specification of the custom resource, +see [Extra arguments section](./README.md#extra-arguments). + +Also, you can check out the [examples](#examples) section. + +## Rules + +The CRD specifies which `VMRule`s should be covered by the deployed `VMAlert` instances based on label selection. +The Operator then generates a configuration based on the included `VMRule`s and updates the `Configmaps` containing +the configuration. It continuously does so for all changes that are made to `VMRule`s or to the `VMAlert` resource itself. + +Alerting rules are filtered by selectors `ruleNamespaceSelector` and `ruleSelector` in `VMAlert` CRD definition. +For selecting rules from all namespaces you must specify it to empty value: + +```yaml +spec: + ruleNamespaceSelector: {} +``` + +[VMRUle](./vmrule.md) objects generate part of `VMAlert` configuration. + +For filtering rules `VMAlert` uses selectors `ruleNamespaceSelector` and `ruleSelector`. +It allows configuring rules access control across namespaces and different environments. +Specification of selectors you can see in [this doc](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta). + +In addition to the above selectors, the filtering of objects in a cluster is affected by the field `selectAllByDefault` of `VMAlert` spec and environment variable `WATCH_NAMESPACE` for operator. + +Following rules are applied: + +- If `ruleNamespaceSelector` and `ruleSelector` both undefined, then by default select nothing. With option set - `spec.selectAllByDefault: true`, select all vmrules. +- If `ruleNamespaceSelector` defined, `ruleSelector` undefined, then all vmrules are matching at namespaces for given `ruleNamespaceSelector`. +- If `ruleNamespaceSelector` undefined, `ruleSelector` defined, then all vmrules at `VMAgent`'s namespaces are matching for given `ruleSelector`. +- If `ruleNamespaceSelector` and `ruleSelector` both defined, then only vmrules at namespaces matched `ruleNamespaceSelector` for given `ruleSelector` are matching. + +Here's a more visual and more detailed view: + +| `ruleNamespaceSelector` | `ruleSelector` | `selectAllByDefault` | `WATCH_NAMESPACE` | Selected rules | +|-------------------------|----------------|----------------------|-------------------|------------------------------------------------------------------------------------------------------| +| undefined | undefined | false | undefined | nothing | +| undefined | undefined | **true** | undefined | all vmrules in the cluster | +| **defined** | undefined | any | undefined | all vmrules are matching at namespaces for given `ruleNamespaceSelector` | +| undefined | **defined** | any | undefined | all vmrules only at `VMAlert`'s namespace are matching for given `ruleSelector` | +| **defined** | **defined** | any | undefined | all vmrules only at namespaces matched `ruleNamespaceSelector` for given `ruleSelector` are matching | +| any | undefined | any | **defined** | all vmrules only at `VMAlert`'s namespace | +| any | **defined** | any | **defined** | all vmrules only at `VMAlert`'s namespace for given `ruleSelector` are matching | + +More details about `WATCH_NAMESPACE` variable you can read in [this doc](../configuration.md#namespaced-mode). + +Here are some examples of `VMAlert` configuration with selectors: + +```yaml +# select all rule objects in the cluster +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAlert +metadata: + name: vmalert-select-all +spec: + # ... + selectAllByDefault: true + +--- + +# select all rule objects in specific namespace (my-namespace) +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAlert +metadata: + name: vmalert-select-ns +spec: + # ... + ruleNamespaceSelector: + matchLabels: + kubernetes.io/metadata.name: my-namespace +``` + +## High availability + +`VMAlert` can be launched with multiple replicas without an additional configuration as far [alertmanager](./vmalertmanager.md) is responsible for alert deduplication. + +Note, if you want to use `VMAlert` with high-available [`VMAlertmanager`](./vmalertmanager.md), which has more than 1 replica. +You have to specify all pod fqdns at `VMAlert.spec.notifiers.[url]`. Or you can use service discovery for notifier, examples: + +- alertmanager: + ```yaml + apiVersion: v1 + kind: Secret + metadata: + name: vmalertmanager-example-alertmanager + labels: + app: vm-operator + type: Opaque + stringData: + alertmanager.yaml: | + global: + resolve_timeout: 5m + route: + group_by: ['job'] + group_wait: 30s + group_interval: 5m + repeat_interval: 12h + receiver: 'webhook' + receivers: + - name: 'webhook' + webhook_configs: + - url: 'http://alertmanagerwh:30500/' + # ... + + --- + + apiVersion: operator.victoriametrics.com/v1beta1 + kind: VMAlertmanager + metadata: + name: example + namespace: default + labels: + usage: dedicated + spec: + replicaCount: 2 + configSecret: vmalertmanager-example-alertmanager + configSelector: {} + configNamespaceSelector: {} + # ... + ``` +- vmalert with fqdns: + ```yaml + apiVersion: operator.victoriametrics.com/v1beta1 + kind: VMAlert + metadata: + name: example-ha + namespace: default + spec: + replicaCount: 2 + datasource: + url: http://vmsingle-example.default.svc:8429 + notifiers: + - url: http://vmalertmanager-example-0.vmalertmanager-example.default.svc:9093 + - url: http://vmalertmanager-example-1.vmalertmanager-example.default.svc:9093 + evaluationInterval: "10s" + ruleSelector: {} + # ... + ``` +- vmalert with service discovery: + ```yaml + apiVersion: operator.victoriametrics.com/v1beta1 + kind: VMAlert + metadata: + name: example-ha + namespace: default + spec: + replicaCount: 2 + datasource: + url: http://vmsingle-example.default.svc:8429 + notifiers: + - selector: + namespaceSelector: + matchNames: + - default + labelSelector: + matchLabels: + usage: dedicated + evaluationInterval: "10s" + ruleSelector: {} + # ... + ``` + +In addition, you need to specify `remoteWrite` and `remoteRead` urls for restoring alert states after restarts: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAlert +metadata: + name: example-ha + namespace: default +spec: + replicaCount: 2 + evaluationInterval: "10s" + selectAllByDefault: true + datasource: + url: http://vmselect-demo.vm.svc:8481/select/0/prometheus + notifiers: + - url: http://vmalertmanager-example-0.vmalertmanager-example.default.svc:9093 + - url: http://vmalertmanager-example-1.vmalertmanager-example.default.svc:9093 + remoteWrite: + url: http://vminsert-demo.vm.svc:8480/insert/0/prometheus + remoteRead: + url: http://vmselect-demo.vm.svc:8481/select/0/prometheus +``` + +More details about `remoteWrite` and `remoteRead` you can read in [vmalert docs](https://docs.victoriametrics.com/vmalert.html#alerts-state-on-restarts). + +## Version management + +To set `VMAlert` version add `spec.image.tag` name from [releases](https://github.com/VictoriaMetrics/VictoriaMetrics/releases) + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAlert +metadata: + name: example-vmalert +spec: + image: + repository: victoriametrics/victoria-metrics + tag: v1.93.4 + pullPolicy: Always + # ... +``` + +Also, you can specify `imagePullSecrets` if you are pulling images from private repo: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAlert +metadata: + name: example-vmalert +spec: + image: + repository: victoriametrics/victoria-metrics + tag: v1.93.4 + pullPolicy: Always + imagePullSecrets: + - name: my-repo-secret +# ... +``` + +## Enterprise features + +VMAlert supports features [Reading rules from object storage](https://docs.victoriametrics.com/vmalert.html#reading-rules-from-object-storage) +and [Multitenancy](https://docs.victoriametrics.com/vmalert.html#multitenancy) +from [VictoriaMetrics Enterprise](https://docs.victoriametrics.com/enterprise.html#victoriametrics-enterprise). + +For using Enterprise version of [vmalert](https://docs.victoriametrics.com/vmalert.html) +you need to change version of `VMAlert` to version with `-enterprise` suffix using [Version management](#version-management). + +All the enterprise apps require `-eula` command-line flag to be passed to them. +This flag acknowledges that your usage fits one of the cases listed on [this page](https://docs.victoriametrics.com/enterprise.html#victoriametrics-enterprise). +So you can use [extraArgs](./README.md#extra-arguments) for passing this flag to `VMAlert`: + +### Reading rules from object storage + +After that you can pass `-rule` command-line argument with `s3://` or `gs://` +to `VMAlert` with [extraArgs](./README.md#extra-arguments). + +More details about reading rules from object storage you can read in [vmalert docs](https://docs.victoriametrics.com/vmalert.html#reading-rules-from-object-storage). + +Here are complete example for [Reading rules from object storage](https://docs.victoriametrics.com/vmalert.html#reading-rules-from-object-storage): + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAlert +metadata: + name: vmalert-ent-example +spec: + # enabling enterprise features + image: + # enterprise version of vmalert + tag: v1.93.5-enterprise + extraArgs: + # should be true and means that you have the legal right to run a vmalert enterprise + # that can either be a signed contract or an email with confirmation to run the service in a trial period + # https://victoriametrics.com/legal/esa/ + eula: true + + # using enterprise features: Reading rules from object storage + # more details about reading rules from object storage you can read on https://docs.victoriametrics.com/vmalert.html#reading-rules-from-object-storage + rule: s3://bucket/dir/alert.rules + + # ...other fields... +``` + +### Multitenancy + +After enabling enterprise version you can use [Multitenancy](https://docs.victoriametrics.com/vmalert.html#multitenancy) +feature in `VMAlert`. + +For that you need to set `clusterMode` commad-line flag +with [extraArgs](./README.md#extra-arguments) +and specify `tenant` field for groups +in [VMRule](./vmrule.md#enterprise-features): + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAlert +metadata: + name: vmalert-ent-example +spec: + # enabling enterprise features + image: + # enterprise version of vmalert + tag: v1.93.5-enterprise + extraArgs: + # should be true and means that you have the legal right to run a vmalert enterprise + # that can either be a signed contract or an email with confirmation to run the service in a trial period + # https://victoriametrics.com/legal/esa/ + eula: true + + # using enterprise features: Multitenancy + # more details about multitenancy you can read on https://docs.victoriametrics.com/vmalert.html#multitenancy + clusterMode: true + + # ...other fields... + +--- + +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMRule +metadata: + name: vmrule-ent-example +spec: + groups: + - name: vmalert-1 + rules: + # using enterprise features: Multitenancy + # more details about multitenancy you can read on https://docs.victoriametrics.com/vmalert.html#multitenancy + - tenant: 1 + alert: vmalert config reload error + expr: delta(vmalert_config_last_reload_errors_total[5m]) > 0 + for: 10s + labels: + severity: major + job: "{{ $labels.job }}" + annotations: + value: "{{ $value }}" + description: 'error reloading vmalert config, reload count for 5 min {{ $value }}' +``` + +## Examples + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAlert +metadata: + name: example-vmalert +spec: + replicaCount: 1 + datasource: + url: "http://vmsingle-example-vmsingle-persisted.default.svc:8429" + notifier: + url: "http://vmalertmanager-example-alertmanager.default.svc:9093" + evaluationInterval: "30s" + selectAllByDefault: true +``` diff --git a/docs/operator/resources/vmalertmanager.md b/docs/operator/resources/vmalertmanager.md new file mode 100644 index 000000000..559c8b5d8 --- /dev/null +++ b/docs/operator/resources/vmalertmanager.md @@ -0,0 +1,270 @@ +# VMAlertmanager + +`VMAlertmanager` - represents [alertmanager](https://prometheus.io/docs/alerting/latest/alertmanager/) configuration. + +The `VMAlertmanager` CRD declaratively defines a desired Alertmanager setup to run in a Kubernetes cluster. +It provides options to configure replication and persistent storage. + +For each `Alertmanager` resource, the Operator deploys a properly configured `StatefulSet` in the same namespace. +The Alertmanager pods are configured to include a `Secret` called `` which holds the used +configuration file in the key `alertmanager.yaml`. + +When there are two or more configured replicas the Operator runs the Alertmanager instances in high availability mode. + +## Specification + +You can see the full actual specification of the `VMAlertmanager` resource in the **[API docs -> VMAlert](../api.md#vmalertmanager)**. + +If you can't find necessary field in the specification of the custom resource, +see [Extra arguments section](./README.md#extra-arguments). + +Also, you can check out the [examples](#examples) section. + +## Configuration + +The operator generates a configuration file for `VMAlertmanager` based on user input at the definition of `CRD`. + +Generated config stored at `Secret` created by the operator, it has the following name template `vmalertmanager-CRD_NAME-config`. + +This configuration file is mounted at `VMAlertmanager` `Pod`. A special side-car container tracks its changes and sends config-reload signals to `alertmanager` container. + +### Using secret + +Basically, you can use the global configuration defined at manually created `Secret`. This `Secret` must be created before `VMAlertmanager`. + +Name of the `Secret` must be defined at `VMAlertmanager` `spec.configSecret` option: + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: vmalertmanager-example-alertmanager + labels: + app: vm-operator +type: Opaque +stringData: + alertmanager.yaml: | + global: + resolve_timeout: 5m + route: + receiver: 'webhook' + receivers: + - name: 'webhook' + webhook_configs: + - url: 'http://alertmanagerwh:30500/' + +--- + +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAlertmanager +metadata: + name: example-alertmanager +spec: + replicaCount: 2 + configSecret: vmalertmanager-example-alertmanager +``` + +### Using inline raw config + +Also, if there is no secret data at configuration, or you just want to redefine some global variables for `alertmanager`. +You can define configuration at `spec.configRawYaml` section of `VMAlertmanager` configuration: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAlertmanager +metadata: + name: example-alertmanager +spec: + replicaCount: 2 + configRawYaml: | + global: + resolve_timeout: 5m + route: + receiver: 'default' + group_interval: 5m + repeat_interval: 12h + receivers: + - name: 'default' +``` + +If both `configSecret` and `configRawYaml` are defined, only configuration from `configRawYaml` will be used. Values from `configRawYaml` will be ignored. + +### Using VMAlertmanagerConfig + +See details at [VMAlertmanagerConfig](./vmalertmanagerconfig.md). + +The CRD specifies which `VMAlertmanagerConfig`s should be covered by the deployed `VMAlertmanager` instances based on label selection. +The Operator then generates a configuration based on the included `VMAlertmanagerConfig`s and updates the `Configmaps` containing +the configuration. It continuously does so for all changes that are made to `VMAlertmanagerConfig`s or to the `VMAlertmanager` resource itself. + +Configs are filtered by selectors `configNamespaceSelector` and `configSelector` in `VMAlertmanager` CRD definition. +For selecting rules from all namespaces you must specify it to empty value: + +```yaml +spec: + configNamespaceSelector: {} +``` + +[VMAlertmanagerConfig](./vmalertmanagerconfig.md) objects are +generates part of [VMAlertmanager](./vmalertmanager.md) configuration. + +For filtering rules `VMAlertmanager` uses selectors `configNamespaceSelector` and `configSelector`. +It allows configuring rules access control across namespaces and different environments. +Specification of selectors you can see in [this doc](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta). + +In addition to the above selectors, the filtering of objects in a cluster is affected by the field `selectAllByDefault` +of `VMAlertmanager` spec and environment variable `WATCH_NAMESPACE` for operator. + +Following rules are applied: + +- If `configNamespaceSelector` and `configSelector` both undefined, then by default select nothing. With option set - `spec.selectAllByDefault: true`, select all vmalertmanagerconfigs. +- If `configNamespaceSelector` defined, `configSelector` undefined, then all vmalertmaangerconfigs are matching at namespaces for given `configNamespaceSelector`. +- If `configNamespaceSelector` undefined, `configSelector` defined, then all vmalertmaangerconfigs at `VMAgent`'s namespaces are matching for given `configSelector`. +- If `configNamespaceSelector` and `configSelector` both defined, then only vmalertmaangerconfigs at namespaces matched `configNamespaceSelector` for given `configSelector` are matching. + +Here's a more visual and more detailed view: + +| `configNamespaceSelector` | `configSelector` | `selectAllByDefault` | `WATCH_NAMESPACE` | Selected rules | +|---------------------------|------------------|----------------------|-------------------|------------------------------------------------------------------------------------------------------------------------| +| undefined | undefined | false | undefined | nothing | +| undefined | undefined | **true** | undefined | all vmalertmaangerconfigs in the cluster | +| **defined** | undefined | any | undefined | all vmalertmaangerconfigs are matching at namespaces for given `configNamespaceSelector` | +| undefined | **defined** | any | undefined | all vmalertmaangerconfigs only at `VMAlertmanager`'s namespace are matching for given `ruleSelector` | +| **defined** | **defined** | any | undefined | all vmalertmaangerconfigs only at namespaces matched `configNamespaceSelector` for given `configSelector` are matching | +| any | undefined | any | **defined** | all vmalertmaangerconfigs only at `VMAlertmanager`'s namespace | +| any | **defined** | any | **defined** | all vmalertmaangerconfigs only at `VMAlertmanager`'s namespace for given `configSelector` are matching | + +More details about `WATCH_NAMESPACE` variable you can read in [this doc](../configuration.md#namespaced-mode). + +Here are some examples of `VMAlertmanager` configuration with selectors: + +```yaml +# select all config objects in the cluster +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAlertmanager +metadata: + name: vmalertmanager-select-all +spec: + # ... + selectAllByDefault: true + +--- + +# select all config objects in specific namespace (my-namespace) +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAlertmanager +metadata: + name: vmalertmanager-select-ns +spec: + # ... + configNamespaceSelector: + matchLabels: + kubernetes.io/metadata.name: my-namespace +``` + +### Extra configuration files + +`VMAlertmanager` specification has the following fields, that can be used to configure without editing raw configuration file: + +- `spec.templates` - list of keys in `ConfigMaps`, that contains template files for `alertmanager`, e.g.: + + ```yaml + apiVersion: operator.victoriametrics.com/v1beta1 + kind: VMAlertmanager + metadata: + name: example-alertmanager + spec: + replicaCount: 2 + templates: + - Name: alertmanager-templates + Key: my-template-1.tmpl + - Name: alertmanager-templates + Key: my-template-2.tmpl + --- + apiVersion: v1 + kind: ConfigMap + metadata: + name: alertmanager-templates + data: + my-template-1.tmpl: | + {{ define "hello" -}} + hello, Victoria! + {{- end }} + my-template-2.tmpl: """ + ``` + +These templates will be automatically added to `VMAlertmanager` configuration and will be automatically reloaded on changes in source `ConfigMap`. +- `spec.configMaps` - list of `ConfigMap` names (in the same namespace) that will be mounted at `VMAlertmanager` + workload and will be automatically reloaded on changes in source `ConfigMap`. Mount path is `/etc/vm/configs/`. + +### Behavior without provided config + +If no configuration is provided, operator configures stub configuration with blackhole route. + +## High Availability + +The final step of the high availability scheme is Alertmanager, when an alert triggers, actually fire alerts against *all* instances of an Alertmanager cluster. + +The Alertmanager, starting with the `v0.5.0` release, ships with a high availability mode. +It implements a gossip protocol to synchronize instances of an Alertmanager cluster +regarding notifications that have been sent out, to prevent duplicate notifications. +It is an AP (available and partition tolerant) system. Being an AP system means that notifications are guaranteed to be sent at least once. + +The Victoria Metrics Operator ensures that Alertmanager clusters are properly configured to run highly available on Kubernetes. + +## Version management + +To set `VMAlertmanager` version add `spec.image.tag` name from [releases](https://github.com/VictoriaMetrics/VictoriaMetrics/releases) + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAlertmanager +metadata: + name: example-vmalertmanager +spec: + image: + repository: prom/alertmanager + tag: v0.25.0 + pullPolicy: Always + # ... +``` + +Also, you can specify `imagePullSecrets` if you are pulling images from private repo: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAlertmanager +metadata: + name: example-vmalertmanager +spec: + image: + repository: prom/alertmanager + tag: v0.25.0 + pullPolicy: Always + imagePullSecrets: + - name: my-repo-secret +# ... +``` + +## Examples + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAlertmanager +metadata: + name: vmalertmanager-example +spec: + replicaCount: 1 + configRawYaml: | + global: + resolve_timeout: 5m + route: + group_wait: 30s + group_interval: 5m + repeat_interval: 12h + receiver: 'webhook' + receivers: + - name: 'webhook' + webhook_configs: + - url: 'http://localhost:30502/' +``` diff --git a/docs/operator/resources/vmalertmanagerconfig.md b/docs/operator/resources/vmalertmanagerconfig.md new file mode 100644 index 000000000..a615b72df --- /dev/null +++ b/docs/operator/resources/vmalertmanagerconfig.md @@ -0,0 +1,101 @@ +# VMAlertmanagerConfig + +The `VMAlertmanagerConfig` provides way to configure [VMAlertmanager](./vmalertmanager.md) +configuration with CRD. It allows to define different configuration parts, which will be merged by operator into config. + +It behaves like other config parts - `VMServiceScrape` and etc. + +Read [Usage](#usage) and [Special case](#special-case) before using. + +## Specification + +You can see the full actual specification of the `VMAlertmanagerConfig` resource in +the **[API docs -> VMAlertmanagerConfig](../api.md#vmalertmanagerconfig)**. + +Also, you can check out the [examples](#examples) section. + +## Usage + +`VMAlertmanagerConfig` allows delegating notification configuration to the kubernetes cluster users. +The application owner may configure notifications by defining it at `VMAlertmanagerConfig`. + +With the combination of `VMRule` and `VMServiceScrape` it allows delegating configuration observability to application owners, and uses popular `GitOps` practice. + +Operator combines `VMAlertmanagerConfig`s into a single configuration file for `VMAlertmanager`. + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAlertmanagerConfig +metadata: + name: example-email-web + namespace: production +spec: + route: + receiver: email + group_interval: 1m + routes: + - receiver: email + matchers: + - {severity =~ "warning|critical", app_name = "blog"} + receivers: + - name: email + email_configs: + - to: some-email@example.com + from: alerting@example.com + smarthost: example.com:25 + text: ALARM +``` + +#### Special Case + +VMAlertmanagerConfig has enforced namespace matcher. +Alerts must have a proper namespace label, with the same value as name of namespace for VMAlertmanagerConfig. + +It can be disabled, by setting the following value to the VMAlertmanager: `spec.disableNamespaceMatcher: true`. + +## Examples + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAlertmanagerConfig +metadata: + name: example + namespace: default +spec: + inhibit_rules: + - equals: [] + target_matchers: [] + source_matchers: [] + route: + routes: + - receiver: webhook + continue: true + receiver: email + group_by: [] + continue: false + matchers: + - job = "alertmanager" + group_wait: 30s + group_interval: 45s + repeat_interval: 1h + mute_time_intervals: + - name: base + time_intervals: + - times: + - start_time: "" + end_time: "" + weekdays: [] + days_of_month: [] + months: [] + years: [] + receivers: + email_configs: [] + webhook_configs: + - url: http://some-other-wh + pagerduty_configs: [] + pushover_configs: [] + slack_configs: [] + opsgenie_configs: [] + victorops_configs: [] + wechat_configs: [] +``` diff --git a/docs/operator/resources/vmauth.md b/docs/operator/resources/vmauth.md new file mode 100644 index 000000000..d3aa3cc72 --- /dev/null +++ b/docs/operator/resources/vmauth.md @@ -0,0 +1,237 @@ +# VMAuth + +The `VMAuth` CRD provides mechanism for exposing application with authorization to outside world or to other applications inside kubernetes cluster. + +For first case, user can configure `ingress` setting at `VMAuth` CRD. For second one, operator will create secret with `username` and `password` at `VMUser` CRD name. +So it will be possible to access these credentials from any application by targeting corresponding kubernetes secret. + +## Specification + +You can see the full actual specification of the `VMAuth` resource in +the **[API docs -> VMAuth](../api.md#vmauth)**. + +If you can't find necessary field in the specification of the custom resource, +see [Extra arguments section](./README.md#extra-arguments). + +Also, you can check out the [examples](#examples) section. + +## Users + +The CRD specifies which `VMUser`s should be covered by the deployed `VMAuth` instances based on label selection. +The Operator then generates a configuration based on the included `VMUser`s and updates the `Configmaps` containing +the configuration. It continuously does so for all changes that are made to `VMUser`s or to the `VMAuth` resource itself. + +[VMUser](./vmrule.md) objects generate part of `VMAuth` configuration. + +For filtering users `VMAuth` uses selectors `userNamespaceSelector` and `userSelector`. +It allows configuring rules access control across namespaces and different environments. +Specification of selectors you can see in [this doc](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#labelselector-v1-meta). + +In addition to the above selectors, the filtering of objects in a cluster is affected by the field `selectAllByDefault` of `VMAuth` spec and environment variable `WATCH_NAMESPACE` for operator. + +Following rules are applied: + +- If `userNamespaceSelector` and `userSelector` both undefined, then by default select nothing. With option set - `spec.selectAllByDefault: true`, select all vmusers. +- If `userNamespaceSelector` defined, `userSelector` undefined, then all vmusers are matching at namespaces for given `userNamespaceSelector`. +- If `userNamespaceSelector` undefined, `userSelector` defined, then all vmusers at `VMAgent`'s namespaces are matching for given `userSelector`. +- If `userNamespaceSelector` and `userSelector` both defined, then only vmusers at namespaces matched `userNamespaceSelector` for given `userSelector` are matching. + +Here's a more visual and more detailed view: + +| `userNamespaceSelector` | `userSelector` | `selectAllByDefault` | `WATCH_NAMESPACE` | Selected rules | +|-------------------------|----------------|----------------------|-------------------|------------------------------------------------------------------------------------------------------| +| undefined | undefined | false | undefined | nothing | +| undefined | undefined | **true** | undefined | all vmusers in the cluster | +| **defined** | undefined | any | undefined | all vmusers are matching at namespaces for given `userNamespaceSelector` | +| undefined | **defined** | any | undefined | all vmusers only at `VMAuth`'s namespace are matching for given `userSelector` | +| **defined** | **defined** | any | undefined | all vmusers only at namespaces matched `userNamespaceSelector` for given `userSelector` are matching | +| any | undefined | any | **defined** | all vmusers only at `VMAuth`'s namespace | +| any | **defined** | any | **defined** | all vmusers only at `VMAuth`'s namespace for given `userSelector` are matching | + +More details about `WATCH_NAMESPACE` variable you can read in [this doc](../configuration.md#namespaced-mode). + +Here are some examples of `VMAuth` configuration with selectors: + +```yaml +# select all user objects in the cluster +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAuth +metadata: + name: vmauth-select-all +spec: + # ... + selectAllByDefault: true + +--- + +# select all user objects in specific namespace (my-namespace) +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAuth +metadata: + name: vmauth-select-ns +spec: + # ... + userNamespaceSelector: + matchLabels: + kubernetes.io/metadata.name: my-namespace +``` + +## Unauthorized access + +You can configure `VMAuth` to allow unauthorized access for specified routes with `unauthorizedAccessConfig` field. + +For instance: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAuth +metadata: + name: vmauth-unauthorized-example +spec: + unauthorizedAccessConfig: + - paths: ["/metrics"] + urls: + - http://vmsingle-example.default.svc:8428 +``` + +In this example every user can access `/metrics` route and get vmsingle metrics without authorization. + +In addition, `unauthorizedAccessConfig` in [Enterprise version](#enterprise-features) supports [IP Filters](#ip-filters) +with `ip_filters` field. + +## High availability + +The `VMAuth` resource is stateless, so it can be scaled horizontally by increasing the number of replicas: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAuth +metadata: + name: vmauth-example +spec: + replicas: 3 + # ... +``` + +## Version management + +To set `VMAuth` version add `spec.image.tag` name from [releases](https://github.com/VictoriaMetrics/VictoriaMetrics/releases) + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAuth +metadata: + name: example-vmauth +spec: + image: + repository: victoriametrics/victoria-metrics + tag: v1.93.4 + pullPolicy: Always + # ... +``` + +Also, you can specify `imagePullSecrets` if you are pulling images from private repo: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAuth +metadata: + name: example-vmauth +spec: + image: + repository: victoriametrics/victoria-metrics + tag: v1.93.4 + pullPolicy: Always + imagePullSecrets: + - name: my-repo-secret +# ... +``` + +## Enterprise features + +Custom resource `VMAuth` supports feature [IP filters](https://docs.victoriametrics.com/vmauth.html#ip-filters) +from [VictoriaMetrics Enterprise](https://docs.victoriametrics.com/enterprise.html#victoriametrics-enterprise). + +For using Enterprise version of [vmauth](https://docs.victoriametrics.com/vmauth.html) +you need to change version of `vmauth` to version with `-enterprise` suffix using [Version management](#version-management). + +All the enterprise apps require `-eula` command-line flag to be passed to them. +This flag acknowledges that your usage fits one of the cases listed on [this page](https://docs.victoriametrics.com/enterprise.html#victoriametrics-enterprise). +So you can use [extraArgs](./README.md#extra-arguments) for passing this flag to `VMAuth`: + +### IP Filters + +After that you can use [IP filters for `VMUser`](./vmuser.md#enterprise-features) +and field `ip_filters` for `VMAuth`. + +Here are complete example with described above: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAuth +metadata: + name: vmauth-ent-example +spec: + # enabling enterprise features + image: + # enterprise version of vmauth + tag: v1.93.5-enterprise + extraArgs: + # should be true and means that you have the legal right to run a vmauth enterprise + # that can either be a signed contract or an email with confirmation to run the service in a trial period + # https://victoriametrics.com/legal/esa/ + eula: true + + # using enterprise features: ip filters for vmauth + # more details about ip filters you can read in https://docs.victoriametrics.com/vmauth.html#ip-filters + ip_filters: + allow_list: + - 10.0.0.0/24 + - 1.2.3.4 + deny_list: + - 5.6.7.8 + # allow read vmsingle metrics without authorization for users from internal network + unauthorizedAccessConfig: + - paths: ["/metrics"] + urls: ["http://vmsingle-example.default.svc:8428"] + ip_filters: + allow_list: + - 192.168.0.0/16 + - 10.0.0.0/8 + + # ...other fields... + +--- + +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMUser +metadata: + name: vmuser-ent-example +spec: + username: simple-user + password: simple-password + + # using enterprise features: ip filters for vmuser + # more details about ip filters you can read in https://docs.victoriametrics.com/vmuser.html#enterprise-features + ip_filters: + allow_list: + - 10.0.0.0/24 + - 1.2.3.4 + deny_list: + - 5.6.7.8 +``` + +## Examples + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAuth +metadata: + name: example + namespace: default +spec: + selectAllByDefault: true + ingress: + class_name: nginx # <-- change this to your ingress-controller + host: vm-demo.k8s.orb.local # <-- change this to your domain +``` diff --git a/docs/operator/resources/vmcluster.md b/docs/operator/resources/vmcluster.md new file mode 100644 index 000000000..722271277 --- /dev/null +++ b/docs/operator/resources/vmcluster.md @@ -0,0 +1,612 @@ +# VMCluster + +`VMCluster` represents a high-available and fault-tolerant version of VictoriaMetrics database. +The `VMCluster` CRD defines a [cluster version VM](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html). + +For each `VMCluster` resource, the Operator creates: + +- `VMStorage` as `StatefulSet`, +- `VMSelect` as `StatefulSet` +- and `VMInsert` as deployment. + +For `VMStorage` and `VMSelect` headless services are created. `VMInsert` is created as service with clusterIP. + +There is a strict order for these objects creation and reconciliation: + +1. `VMStorage` is synced - the Operator waits until all its pods are ready; +1. Then it syncs `VMSelect` with the same manner; +1. `VMInsert` is the last object to sync. + +All [statefulsets](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/) are created +with [OnDelete](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#on-delete) update type. +It allows to manually manage the rolling update process for Operator by deleting pods one by one and waiting for the ready status. + +Rolling update process may be configured by the operator env variables. +The most important is `VM_PODWAITREADYTIMEOUT=80s` - it controls how long to wait for pod's ready status. + +## Specification + +You can see the full actual specification of the `VMCluster` resource in the **[API docs -> VMCluster](../api.md#vmcluster)**. + +If you can't find necessary field in the specification of the custom resource, +see [Extra arguments section](./README.md#extra-arguments). + +Also, you can check out the [examples](#examples) section. + +## High availability + +The cluster version provides a full set of high availability features - metrics replication, node failover, horizontal scaling. + +First, we recommend familiarizing yourself with the high availability tools provided by "VictoriaMetrics Cluster" itself: + +- [High availability](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#high-availability), +- [Cluster availability](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#cluster-availability), +- [Replication and data safety](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#replication-and-data-safety). + +`VMCluster` supports all listed in the above-mentioned articles parameters and features: + +- `replicationFactor` - the number of replicas for each metric. +- for every component of cluster (`vmstorage` / `vmselect` / `vminsert`): + - `replicaCount` - the number of replicas for components of cluster. + - `affinity` - the affinity (the pod's scheduling constraints) for components pods. See more details in [kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity). + - `topologySpreadConstraints` - controls how pods are spread across your cluster among failure-domains such as regions, zones, nodes, and other user-defined topology domains. See more details in [kubernetes docs](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/). + +In addition, operator: + +- uses k8s services or vmauth for load balancing between `vminsert` and `vmselect` components, +- uses health checks for to determine the readiness of components for work after restart, +- allows to horizontally scale all cluster components just by changing `replicaCount` field. + +Here is an example of a `VMCluster` resource with HA features: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMCluster +metadata: + name: example-vmcluster-persistent +spec: + replicationFactor: 2 + vmstorage: + replicaCount: 10 + storageDataPath: "/vm-data" + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: "app.kubernetes.io/name" + operator: In + values: + - "vmstorage" + topologyKey: "kubernetes.io/hostname" + storage: + volumeClaimTemplate: + spec: + resources: + requests: + storage: 10Gi + resources: + limits: + cpu: "2" + memory: 2048Mi + vmselect: + replicaCount: 3 + cacheMountPath: "/select-cache" + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: "app.kubernetes.io/name" + operator: In + values: + - "vmselect" + topologyKey: "kubernetes.io/hostname" + storage: + volumeClaimTemplate: + spec: + resources: + requests: + storage: 2Gi + resources: + limits: + cpu: "1" + memory: "500Mi" + vminsert: + replicaCount: 4 + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: "app.kubernetes.io/name" + operator: In + values: + - "vminsert" + topologyKey: "kubernetes.io/hostname" + resources: + limits: + cpu: "1" + memory: "500Mi" +``` + +## Version management + +For `VMCluster` you can specify tag name from [releases](https://github.com/VictoriaMetrics/VictoriaMetrics/releases) and repository setting per cluster object: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMCluster +metadata: + name: example-vmcluster +spec: + vmstorage: + replicaCount: 2 + image: + repository: victoriametrics/vmstorage + tag: v1.93.4-cluster + pullPolicy: Always + vmselect: + replicaCount: 2 + image: + repository: victoriametrics/vmselect + tag: v1.93.4-cluster + pullPolicy: Always + vminsert: + replicaCount: 2 + image: + repository: victoriametrics/vminsert + tag: v1.93.4-cluster + pullPolicy: Always +``` + +Also, you can specify `imagePullSecrets` if you are pulling images from private repo, +but `imagePullSecrets` is global setting for all `VMCluster` specification: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMCluster +metadata: + name: example-vmcluster +spec: + vmstorage: + replicaCount: 2 + image: + repository: victoriametrics/vmstorage + tag: v1.93.4-cluster + pullPolicy: Always + vmselect: + replicaCount: 2 + image: + repository: victoriametrics/vmselect + tag: v1.93.4-cluster + pullPolicy: Always + vminsert: + replicaCount: 2 + image: + repository: victoriametrics/vminsert + tag: v1.93.4-cluster + pullPolicy: Always + imagePullSecrets: + - name: my-repo-secret + # ... +``` + +## Enterprise features + +VMCluster supports following features +from [VictoriaMetrics Enterprise](https://docs.victoriametrics.com/enterprise.html#victoriametrics-enterprise): + +- [Downsampling](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#downsampling) +- [Multiple retentions / Retention filters](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#retention-filters) +- [Advanced per-tenant statistic](https://docs.victoriametrics.com/PerTenantStatistic.html) +- [mTLS for cluster components](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection) +- [Backup automation](https://docs.victoriametrics.com/vmbackupmanager.html) + +VMCluster doesn't support yet feature +[Automatic discovery for vmstorage nodes](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#automatic-vmstorage-discovery). + +For using Enterprise version of [vmcluster](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html) +you need to change version of `VMCluster` to version with `-enterprise` suffix using [Version management](#version-management). + +All the enterprise apps require `-eula` command-line flag to be passed to them. +This flag acknowledges that your usage fits one of the cases listed on [this page](https://docs.victoriametrics.com/enterprise.html#victoriametrics-enterprise). +So you can use [extraArgs](./README.md#extra-arguments) for passing this flag to `VMCluster`. + +### Downsampling + +After that you can pass [Downsampling](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#downsampling) +flag to `VMCluster/vmselect` and `VMCluster/vmstorage` with [extraArgs](./README.md#extra-arguments) too. + +Here are complete example for [Downsampling](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#downsampling): + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMCluster +metadata: + name: vmcluster-ent-example +spec: + + vmselect: + # enabling enterprise features for vmselect + image: + # enterprise version of vmselect + tag: v1.93.5-enterprise-cluster + extraArgs: + # should be true and means that you have the legal right to run a vmselect enterprise + # that can either be a signed contract or an email with confirmation to run the service in a trial period + # https://victoriametrics.com/legal/esa/ + eula: true + + # using enterprise features: Downsampling + # more details about downsampling you can read on https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#downsampling + downsampling.period: 30d:5m,180d:1h,1y:6h,2y:1d + + vmstorage: + # enabling enterprise features for vmstorage + image: + # enterprise version of vmstorage + tag: v1.93.5-enterprise-cluster + extraArgs: + # should be true and means that you have the legal right to run a vmstorage enterprise + # that can either be a signed contract or an email with confirmation to run the service in a trial period + # https://victoriametrics.com/legal/esa/ + eula: true + + # using enterprise features: Downsampling + # more details about downsampling you can read on https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#downsampling + downsampling.period: 30d:5m,180d:1h,1y:6h,2y:1d + + # ...other fields... +``` + +### Retention filters + +You can pass [Retention filters](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#retention-filters) +flag to `VMCluster/vmstorage` with [extraArgs](./README.md#extra-arguments). + +Here are complete example for [Retention filters](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#retention-filters): + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMCluster +metadata: + name: vmcluster-ent-example +spec: + + vmstorage: + # enabling enterprise features for vmstorage + image: + # enterprise version of vmstorage + tag: v1.93.5-enterprise-cluster + extraArgs: + # should be true and means that you have the legal right to run a vmstorage enterprise + # that can either be a signed contract or an email with confirmation to run the service in a trial period + # https://victoriametrics.com/legal/esa/ + eula: true + + # using enterprise features: Retention filters + # more details about retention filters you can read on https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#retention-filters + retentionFilter: '{vm_account_id="5",env="dev"}:5d,{vm_account_id="5",env="prod"}:5y' + + # ...other fields... +``` + +### Advanced per-tenant statistic + +For using [Advanced per-tenant statistic](https://docs.victoriametrics.com/PerTenantStatistic.html) +you only need to [enable Enterprise version of vmcluster components](#enterprise-features) +and operator will automatically create +[Scrape objects](./vmagent.md#scraping) for cluster components. + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMCluster +metadata: + name: vmcluster-ent-example +spec: + + vmselect: + # enabling enterprise features for vmselect + image: + # enterprise version of vmselect + tag: v1.93.5-enterprise-cluster + extraArgs: + # should be true and means that you have the legal right to run a vmselect enterprise + # that can either be a signed contract or an email with confirmation to run the service in a trial period + # https://victoriametrics.com/legal/esa/ + eula: true + + vminsert: + # enabling enterprise features for vminsert + image: + # enterprise version of vminsert + tag: v1.93.5-enterprise-cluster + extraArgs: + # should be true and means that you have the legal right to run a vminsert enterprise + # that can either be a signed contract or an email with confirmation to run the service in a trial period + # https://victoriametrics.com/legal/esa/ + eula: true + + vmstorage: + # enabling enterprise features for vmstorage + image: + # enterprise version of vmstorage + tag: v1.93.5-enterprise-cluster + extraArgs: + # should be true and means that you have the legal right to run a vmstorage enterprise + # that can either be a signed contract or an email with confirmation to run the service in a trial period + # https://victoriametrics.com/legal/esa/ + eula: true + + # ...other fields... +``` + +After that [VMAgent](./vmagent.md) will automatically +scrape [Advanced per-tenant statistic](https://docs.victoriametrics.com/PerTenantStatistic.html) for cluster components. + +### mTLS protection + +You can pass [mTLS protection](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection) +flags to `VMCluster/vmstorage`, `VMCluster/vmselect` and `VMCluster/vminsert` with [extraArgs](./README.md#extra-arguments) and mount secret files +with `extraVolumes` and `extraVolumeMounts` fields. + +Here are complete example for [mTLS protection](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection) + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMCluster +metadata: + name: vmcluster-ent-example +spec: + + vmselect: + # enabling enterprise features for vmselect + image: + # enterprise version of vmselect + tag: v1.93.5-enterprise-cluster + extraArgs: + # should be true and means that you have the legal right to run a vmselect enterprise + # that can either be a signed contract or an email with confirmation to run the service in a trial period + # https://victoriametrics.com/legal/esa/ + eula: true + + # using enterprise features: mTLS protection + # more details about mTLS protection you can read on https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection + cluster.tls: true + cluster.tlsCAFile: /etc/mtls/ca.crt + cluster.tlsCertFile: /etc/mtls/vmselect.crt + cluster.tlsKeyFile: /etc/mtls/vmselect.key + extraVolumes: + - name: mtls + secret: + secretName: mtls + extraVolumeMounts: + - name: mtls + mountPath: /etc/mtls + + vminsert: + # enabling enterprise features for vminsert + image: + # enterprise version of vminsert + tag: v1.93.5-enterprise-cluster + extraArgs: + # should be true and means that you have the legal right to run a vminsert enterprise + # that can either be a signed contract or an email with confirmation to run the service in a trial period + # https://victoriametrics.com/legal/esa/ + eula: true + + # using enterprise features: mTLS protection + # more details about mTLS protection you can read on https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection + cluster.tls: true + cluster.tlsCAFile: /etc/mtls/ca.crt + cluster.tlsCertFile: /etc/mtls/vminsert.crt + cluster.tlsKeyFile: /etc/mtls/vminsert.key + extraVolumes: + - name: mtls + secret: + secretName: mtls + extraVolumeMounts: + - name: mtls + mountPath: /etc/mtls + + vmstorage: + # enabling enterprise features for vmstorage + image: + # enterprise version of vmstorage + tag: v1.93.5-enterprise-cluster + env: + - name: POD + valueFrom: + fieldRef: + fieldPath: metadata.name + extraArgs: + # should be true and means that you have the legal right to run a vmstorage enterprise + # that can either be a signed contract or an email with confirmation to run the service in a trial period + # https://victoriametrics.com/legal/esa/ + eula: true + + # using enterprise features: mTLS protection + # more details about mTLS protection you can read on https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection + cluster.tls: true + cluster.tlsCAFile: /etc/mtls/ca.crt + cluster.tlsCertFile: /etc/mtls/$(POD).crt + cluster.tlsKeyFile: /etc/mtls/$(POD).key + extraVolumes: + - name: mtls + secret: + secretName: mtls + extraVolumeMounts: + - name: mtls + mountPath: /etc/mtls + + # ...other fields... + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: mtls + namespace: default +stringData: + ca.crt: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + mtls-vmstorage-0.crt: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + mtls-vmstorage-0.key: | + -----BEGIN PRIVATE KEY----- + ... + -----END PRIVATE KEY----- + mtls-vmstorage-1.crt: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + mtls-vmstorage-1.key: | + -----BEGIN PRIVATE KEY----- + ... + -----END PRIVATE KEY----- + vminsert.crt: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + vminsert.key: | + -----BEGIN PRIVATE KEY----- + ... + -----END PRIVATE KEY----- + vmselect.crt: | + -----BEGIN CERTIFICATE----- + ... + -----END CERTIFICATE----- + vmselect.key: | + -----BEGIN PRIVATE KEY----- + ... + -----END PRIVATE KEY----- + +``` + +Example commands for generating certificates you can read +on [this page](https://gist.github.com/f41gh7/76ed8e5fb1ebb9737fe746bae9175ee6#generate-self-signed-ca-with-key). + +### Backup automation + +You can check [vmbackupmanager documentation](https://docs.victoriametrics.com/vmbackupmanager.html) for backup automation. +It contains a description of the service and its features. This section covers vmbackumanager integration in vmoperator. + +`VMCluster` has built-in backup configuration, it uses `vmbackupmanager` - proprietary tool for backups. +It supports incremental backups (hourly, daily, weekly, monthly) with popular object storages (aws s3, google cloud storage). + +Here is a complete example for backup configuration: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMCluster +metadata: + name: vmcluster-ent-example +spec: + + vmstorage: + vmBackup: + # should be true and means that you have the legal right to run a vmstorage enterprise + # that can either be a signed contract or an email with confirmation to run the service in a trial period + # https://victoriametrics.com/legal/esa/ + acceptEULA: true + + # using enterprise features: Backup automation + # more details about backup automation you can read on https://docs.victoriametrics.com/vmbackupmanager.html + destination: "s3://your_bucket/folder" + credentialsSecret: + name: remote-storage-keys + key: credentials + + # ...other fields... + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: remote-storage-keys +type: Opaque +stringData: + credentials: |- + [default] + aws_access_key_id = your_access_key_id + aws_secret_access_key = your_secret_access_key +``` + +**NOTE**: for cluster version operator adds suffix for destination: `"s3://your_bucket/folder"`, it becomes `"s3://your_bucket/folder/$(POD_NAME)"`. +It's needed to make consistent backups for each storage node. + +You can read more about backup configuration options and mechanics [here](https://docs.victoriametrics.com/vmbackupmanager.html) + +Possible configuration options for backup crd can be found at [link](../api.md#vmbackup) + +**Using VMBackupmanager for restoring backups** in Kubernetes environment is described [here](https://docs.victoriametrics.com/vmbackupmanager.html#how-to-restore-in-kubernetes). + +Also see VMCLuster example spec [here](https://github.com/VictoriaMetrics/operator/blob/master/config/examples/vmcluster_with_backuper.yaml). + +## Examples + +### Minimal example without persistence + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMCluster +metadata: + name: vmcluster-example-minimal +spec: + # ... + retentionPeriod: "1" + vmstorage: + replicaCount: 2 + vmselect: + replicaCount: 2 + vminsert: + replicaCount: 2 +``` + +### With persistence + +```yaml +kind: VMCluster +metadata: + name: vmcluster-example-persistent +spec: + # ... + retentionPeriod: "4" + replicationFactor: 2 + vmstorage: + replicaCount: 2 + storageDataPath: "/vm-data" + storage: + volumeClaimTemplate: + spec: + storageClassName: standard + resources: + requests: + storage: 10Gi + resources: + limits: + cpu: "0.5" + memory: 500Mi + vmselect: + replicaCount: 2 + cacheMountPath: "/select-cache" + storage: + volumeClaimTemplate: + spec: + resources: + requests: + storage: 2Gi + resources: + limits: + cpu: "0.3" + memory: "300Mi" + vminsert: + replicaCount: 2 +``` diff --git a/docs/operator/resources/vmnodescrape.md b/docs/operator/resources/vmnodescrape.md new file mode 100644 index 000000000..5ace0b19f --- /dev/null +++ b/docs/operator/resources/vmnodescrape.md @@ -0,0 +1,46 @@ +# VMNodeScrape + +The `VMNodeScrape` CRD provides discovery mechanism for scraping metrics kubernetes nodes, +it is useful for node exporters monitoring. + +`VMNodeScrape` object generates part of [VMAgent](./vmagent.md) configuration. +It has various options for scraping configuration of target (with basic auth,tls access, by specific port name etc.). + +By specifying configuration at CRD, operator generates config +for [VMAgent](./vmagent.md) and syncs it. It's useful for cadvisor scraping, +node-exporter or other node-based exporters. `VMAgent` `nodeScrapeSelector` must match `VMNodeScrape` labels. + +More information about selectors you can find in [this doc](./vmagent.md#scraping). + +## Specification + +You can see the full actual specification of the `VMNodeScrape` resource in +the **[API docs -> VMNodeScrape](../api.md#vmnodescrape)**. + +Also, you can check out the [examples](#examples) section. + +## Examples + +### Cadvisor scraping + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMNodeScrape +metadata: + name: cadvisor-metrics +spec: + scheme: "https" + tlsConfig: + insecureSkipVerify: true + caFile: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" + bearerTokenFile: "/var/run/secrets/kubernetes.io/serviceaccount/token" + relabelConfigs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - targetLabel: __address__ + replacement: kubernetes.default.svc:443 + - sourceLabels: [__meta_kubernetes_node_name] + regex: (.+) + targetLabel: __metrics_path__ + replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor +``` diff --git a/docs/operator/resources/vmpodscrape.md b/docs/operator/resources/vmpodscrape.md new file mode 100644 index 000000000..cf829af21 --- /dev/null +++ b/docs/operator/resources/vmpodscrape.md @@ -0,0 +1,64 @@ +# VMPodScrape + +The `VMPodScrape` CRD allows to declaratively define how a dynamic set of pods should be monitored. +Use label selections to match pods for scraping. This allows an organization to introduce conventions +for how metrics should be exposed. Following these conventions new services will be discovered automatically without +need to reconfigure. + +`VMPodScrape` object generates part of [VMAgent](./vmagent.md) configuration with +[kubernetes service discovery](https://docs.victoriametrics.com/sd_configs.html#kubernetes_sd_configs) role `pod` having specific labels and ports. +It has various options for scraping configuration of target (with basic auth,tls access, by specific port name etc.). + +A `Pod` is a collection of one or more containers which can expose Prometheus metrics on a number of ports. + +The `VMPodScrape` object discovers pods and generates the relevant scraping configuration. + +The `PodMetricsEndpoints` section of the `VMPodScrapeSpec` is used to configure which ports of a pod are going to be +scraped for metrics and with which parameters. + +Both `VMPodScrapes` and discovered targets may belong to any namespace. It is important for cross-namespace monitoring +use cases, e.g. for meta-monitoring. Using the `namespaceSelector` of the `VMPodScrapeSpec` one can restrict the +namespaces from which `Pods` are discovered from. To discover targets in all namespaces the `namespaceSelector` has to +be empty: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMPodScrape +metadata: + name: example-pod-scrape +spec: + namespaceSelector: + any: true +``` + +More information about selectors you can find in [this doc](./vmagent.md#scraping). + +## Specification + +You can see the full actual specification of the `VMPodScrape` resource in +the **[API docs -> VMPodScrape](../api.md#vmpodscrape)**. + +Also, you can check out the [examples](#examples) section. + +## Migration from Prometheus + +The `VMPodScrape` CRD from VictoriaMetrics Operator is a drop-in replacement +for the Prometheus `PodMonitor` from prometheus-operator. + +More details about migration from prometheus-operator you can read in [this doc](../migration.md). + +## Examples + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMPodScrape +metadata: + name: example-pod-scrape +spec: + podMetricsEndpoints: + - port: web + scheme: http + selector: + matchLabels: + owner: dev +``` diff --git a/docs/operator/resources/vmprobe.md b/docs/operator/resources/vmprobe.md new file mode 100644 index 000000000..c2ed443af --- /dev/null +++ b/docs/operator/resources/vmprobe.md @@ -0,0 +1,226 @@ +# VMProbe + +The `VMProbe` CRD provides probing target ability with some external prober. +The most common prober is [blackbox exporter](https://github.com/prometheus/blackbox_exporter). +By specifying configuration at CRD, operator generates config for [VMAgent](./vmagent.md) +and syncs it. It's possible to use static targets or use standard k8s discovery mechanism with `Ingress`. + +`VMProbe` object generates part of [VMAgent](./vmagent.md) configuration; +It has various options for scraping configuration of target (with basic auth, tls access, by specific port name etc.). + +You have to configure blackbox exporter before you can use this feature. +The second requirement is [VMAgent](./vmagent.md) selectors, +it must match your `VMProbe` by label or namespace selector. `VMAgent` `probeSelector` must match `VMProbe` labels. + +See more details about selectors [here](./vmagent.md#scraping). + +## Specification + +You can see the full actual specification of the `VMProbe` resource in +the **[API docs -> VMProbe](../api.md#vmprobe)**. + +Also, you can check out the [examples](#examples) section. + +## Migration from Prometheus + +The `VMProbe` CRD from VictoriaMetrics Operator is a drop-in replacement +for the Prometheus `Probe` from prometheus-operator. + +More details about migration from prometheus-operator you can read in [this doc](../migration.md). + +## Examples + +### Static targets + +It will probe `VMAgent` with url - `vmagent-example-vmagent.default.svc:9115/heath` with blackbox url: +`prometheus-blackbox-exporter.default.svc:9115` and module `http_2xx` +(it was specified at [blackbox configmap](#blackbox-exporter)). + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMProbe +metadata: + name: vmprobe-static-example +spec: + jobName: static-probe + vmProberSpec: + # by default scheme http, and path is /probe + url: prometheus-blackbox-exporter.default.svc:9115 + module: http_2xx + targets: + staticConfig: + targets: + - vmagent-example-vmagent.default.svc:8429/health + interval: 2s +``` + +After adding target to `VMAgent` configuration it starts probing itself throw blackbox exporter. + +### Ingress targets + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMProbe +metadata: + name: vmprobe-ingress-example +spec: + vmProberSpec: + # by default scheme http, and path is /probe + url: prometheus-blackbox-exporter.default.svc:9115 + module: http_2xx + targets: + ingress: + selector: + matchLabels: + app: victoria-metrics-single + interval: 10s +``` + +This configuration will add 2 additional targets for probing: `vmsingle2.example.com` and `vmsingle.example.com`. + +But probes will be unsuccessful, because there is no such hosts. + +### Related resources + +Following resources will be used for the examples below: + +#### Blackbox exporter + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: prometheus-blackbox-exporter + labels: + app: prometheus-blackbox-exporter +data: + blackbox.yaml: | + modules: + http_2xx: + http: + preferred_ip_protocol: ip4 + valid_http_versions: + - HTTP/1.1 + - HTTP/2.0 + valid_status_codes: [] + prober: http + timeout: 5s + +--- + +kind: Service +apiVersion: v1 +metadata: + name: prometheus-blackbox-exporter + labels: + app: prometheus-blackbox-exporter +spec: + type: ClusterIP + ports: + - name: http + port: 9115 + protocol: TCP + selector: + app: prometheus-blackbox-exporter + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: prometheus-blackbox-exporter + labels: + app: prometheus-blackbox-exporter +spec: + replicas: 1 + selector: + matchLabels: + app: prometheus-blackbox-exporter + template: + metadata: + labels: + app: prometheus-blackbox-exporter + spec: + containers: + - name: blackbox-exporter + image: "prom/blackbox-exporter:v0.17.0" + args: + - "--config.file=/config/blackbox.yaml" + resources: + {} + ports: + - containerPort: 9115 + name: http + livenessProbe: + httpGet: + path: /health + port: http + readinessProbe: + httpGet: + path: /health + port: http + volumeMounts: + - mountPath: /config + name: config + volumes: + - name: config + configMap: + name: prometheus-blackbox-exporter +``` + +### VMSingle + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMSingle +metadata: + name: example-vmsingle-persisted +spec: + retentionPeriod: "1" + removePvcAfterDelete: true + storage: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + +--- + +apiVersion: networking.k8s.io/v1beta1 +kind: Ingress +metadata: + labels: + app: victoria-metrics-single + name: victoria-metrics-single +spec: + rules: + - host: vmsingle.example.com + http: + paths: + - backend: + serviceName: vmsingle-example-vmsingle-persisted + servicePort: 8428 + path: / + - host: vmsingle2.example.com + http: + paths: + - backend: + serviceName: vmsingle-example-vmsingle-persisted + servicePort: 8428 + path: / +``` + +### VMAgent + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMAgent +metadata: + name: example-vmagent +spec: + selectAllByDefault: true + replicaCount: 1 + remoteWrite: + - url: "http://vmsingle-example-vmsingle-persisted.default.svc:8429/api/v1/write" +``` diff --git a/docs/operator/resources/vmrule.md b/docs/operator/resources/vmrule.md new file mode 100644 index 000000000..8f7416160 --- /dev/null +++ b/docs/operator/resources/vmrule.md @@ -0,0 +1,99 @@ +# VMRule + +`VMRule` represents [alerting](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) +or [recording](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) rules +for [VMAlert](./vmalert.md) instances. + +The `VMRule` CRD declaratively defines a desired Prometheus rule to be consumed by one or more VMAlert instances. + +`VMRule` object generates [VMAlert](./vmalert.md) +with ruleset defined at `VMRule` spec. + +Alerts and recording rules can be saved and applied as YAML files, and dynamically loaded without requiring any restart. + +See more details about rule configuration in [VMAlert docs](https://docs.victoriametrics.com/vmalert.html#quickstart). + +## Specification + +You can see the full actual specification of the `VMRule` resource in +the **[API docs -> VMRule](../api.md#vmrule)**. + +Also, you can check out the [examples](#examples) section. + +## Enterprise features + +Custom resource `VMRule` supports feature [Multitenancy](https://docs.victoriametrics.com/vmalert.html#multitenancy) +from [VictoriaMetrics Enterprise](https://docs.victoriametrics.com/enterprise.html#victoriametrics-enterprise). + +### Multitenancy + +For using [Multitenancy](https://docs.victoriametrics.com/vmalert.html#multitenancy) in `VMRule` +you need to **[enable VMAlert Enterprise](./vmalert.md#enterprise-features)**. + +After that you can add `tenant` field for groups in `VMRule`: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMRule +metadata: + name: vmrule-ent-example +spec: + groups: + - name: vmalert-1 + rules: + # using enterprise features: Multitenancy + # more details about multitenancy you can read on https://docs.victoriametrics.com/vmalert.html#multitenancy + - tenant: 1 + alert: vmalert config reload error + expr: delta(vmalert_config_last_reload_errors_total[5m]) > 0 + for: 10s + labels: + severity: major + job: "{{ $labels.job }}" + annotations: + value: "{{ $value }}" + description: 'error reloading vmalert config, reload count for 5 min {{ $value }}' +``` + +## Examples + +### Alerting rule + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMRule +metadata: + name: vmrule-alerting-example +spec: + groups: + - name: vmalert + rules: + - alert: vmalert config reload error + expr: delta(vmalert_config_last_reload_errors_total[5m]) > 0 + for: 10s + labels: + severity: major + job: "{{ $labels.job }}" + annotations: + value: "{{ $value }}" + description: 'error reloading vmalert config, reload count for 5 min {{ $value }}' +``` + +### Recording rule + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMRule +metadata: + name: vmrule-recording-example +spec: + groups: + - name: vmalert + interval: 1m + rules: + - alert: vmalert config reload error + expr: |- + sum by (cluster, namespace, job) ( + rate(vm_http_request_errors_total[5m]) + ) +``` diff --git a/docs/operator/resources/vmservicescrape.md b/docs/operator/resources/vmservicescrape.md new file mode 100644 index 000000000..3f3ac770d --- /dev/null +++ b/docs/operator/resources/vmservicescrape.md @@ -0,0 +1,77 @@ +# VMServiceScrape + +The `VMServiceScrape` CRD allows to define a dynamic set of services for monitoring. Services +and scraping configurations can be matched via label selections. This allows an organization to introduce conventions +for how metrics should be exposed. Following these conventions new services will be discovered automatically without +need to reconfigure. + +`VMServiceScrape` object generates part of [VMAgent](./vmagent.md) configuration with +[kubernetes service discovery](https://docs.victoriametrics.com/sd_configs.html#kubernetes_sd_configs) targets by corresponding `Service`. +It has various options for scraping configuration of target (with basic auth,tls access, by specific port name etc.). + +Monitoring configuration based on `discoveryRole` setting. By default, `endpoints` is used to get objects from kubernetes api. +It's also possible to use `discoveryRole: service` or `discoveryRole: endpointslices`. + +`Endpoints` objects are essentially lists of IP addresses. +Typically, `Endpoints` objects are populated by `Service` object. `Service` object discovers `Pod`s by a label +selector and adds those to the `Endpoints` object. + +A `Service` may expose one or more service ports backed by a list of one or multiple endpoints pointing to +specific `Pod`s. The same reflected in the respective `Endpoints` object as well. + +The `VMServiceScrape` object discovers `Endpoints` objects and configures [VMAgent](./vmagent.md) to monitor `Pod`s. + +The `Endpoints` section of the `VMServiceScrapeSpec` is used to configure which `Endpoints` ports should be scraped. +For advanced use cases, one may want to monitor ports of backing `Pod`s, which are not a part of the service endpoints. +Therefore, when specifying an endpoint in the `endpoints` section, they are strictly used. + +**Note:** `endpoints` (lowercase) is the field in the `VMServiceScrape` CRD, while `Endpoints` (capitalized) is the Kubernetes object kind. + +Both `VMServiceScrape` and discovered targets may belong to any namespace. It is important for cross-namespace monitoring +use cases, e.g. for meta-monitoring. Using the `serviceScrapeSelector` of the `VMAgentSpec` +one can restrict the namespaces from which `VMServiceScrape`s are selected from by the respective [VMAgent](./vmagent.md) server. +Using the `namespaceSelector` of the `VMServiceScrape` one can restrict the namespaces from which `Endpoints` can be +discovered from. To discover targets in all namespaces the `namespaceSelector` has to be empty: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMServiceScrape +metadata: + name: example-service-scrape +spec: + namespaceSelector: {} + # ... +``` + +More information about selectors you can find in [this doc](./vmagent.md#scraping). + +## Specification + +You can see the full actual specification of the `VMServiceScrape` resource in +the **[API docs -> VMServiceScrape](../api.md#vmservicescrape)**. + +Also, you can check out the [examples](#examples) section. + +## Migration from Prometheus + +The `VMServiceScrape` CRD from VictoriaMetrics Operator is a drop-in replacement +for the Prometheus `ServiceMonitor` from prometheus-operator. + +More details about migration from prometheus-operator you can read in [this doc](../migration.md). + +## Examples + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMServiceScrape +metadata: + name: example-app + labels: + team: frontend +spec: + selector: + matchLabels: + app: example-app + endpoints: + - port: web +``` diff --git a/docs/operator/resources/vmsingle.md b/docs/operator/resources/vmsingle.md new file mode 100644 index 000000000..62835c229 --- /dev/null +++ b/docs/operator/resources/vmsingle.md @@ -0,0 +1,282 @@ +# VMSingle + +`VMSingle` represents database for storing metrics. +The `VMSingle` CRD declaratively defines a [single-node VM](https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html) +installation to run in a Kubernetes cluster. + +For each `VMSingle` resource, the Operator deploys a properly configured `Deployment` in the same namespace. +The VMSingle `Pod`s are configured to mount an empty dir or `PersistentVolumeClaimSpec` for storing data. +Deployment update strategy set to [recreate](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#recreate-deployment). +No more than one replica allowed. + +For each `VMSingle` resource, the Operator adds `Service` and `VMServiceScrape` in the same namespace prefixed with name from `VMSingle.metadata.name`. + +## Specification + +You can see the full actual specification of the `VMSingle` resource in the **[API docs -> VMSingle](../api.md#vmsingle)**. + +If you can't find necessary field in the specification of the custom resource, +see [Extra arguments section](./README.md#extra-arguments). + +Also, you can check out the [examples](#examples) section. + +## High availability + +`VMSingle` doesn't support high availability by default, for such purpose +use [`VMCluster`](./vmcluster.md) instead or duplicate the setup. + +## Version management + +To set `VMSingle` version add `spec.image.tag` name from [releases](https://github.com/VictoriaMetrics/VictoriaMetrics/releases) + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMSingle +metadata: + name: example-vmsingle +spec: + image: + repository: victoriametrics/victoria-metrics + tag: v1.93.4 + pullPolicy: Always + # ... +``` + +Also, you can specify `imagePullSecrets` if you are pulling images from private repo: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMSingle +metadata: + name: example-vmsingle +spec: + image: + repository: victoriametrics/victoria-metrics + tag: v1.93.4 + pullPolicy: Always + imagePullSecrets: + - name: my-repo-secret +# ... +``` + +## Enterprise features + +VMSingle supports features from [VictoriaMetrics Enterprise](https://docs.victoriametrics.com/enterprise.html#victoriametrics-enterprise): + +- [Downsampling](https://docs.victoriametrics.com/#downsampling) +- [Multiple retentions / Retention filters](https://docs.victoriametrics.com/#retention-filters) +- [Backup automation](https://docs.victoriametrics.com/vmbackupmanager.html) + +For using Enterprise version of [vmsingle](https://docs.victoriametrics.com/Single-server-VictoriaMetrics.html) +you need to change version of `VMSingle` to version with `-enterprise` suffix using [Version management](#version-management). + +All the enterprise apps require `-eula` command-line flag to be passed to them. +This flag acknowledges that your usage fits one of the cases listed on [this page](https://docs.victoriametrics.com/enterprise.html#victoriametrics-enterprise). +So you can use [extraArgs](./README.md#extra-arguments) for passing this flag to `VMSingle`. + +### Downsampling + +After that you can pass [Downsampling](https://docs.victoriametrics.com/#downsampling) +flag to `VMSingle` with [extraArgs](./README.md#extra-arguments) too. + +Here are complete example for [Downsampling](https://docs.victoriametrics.com/#downsampling): + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMSingle +metadata: + name: vmsingle-ent-example +spec: + # enabling enterprise features + image: + # enterprise version of vmsingle + tag: v1.93.5-enterprise + extraArgs: + # should be true and means that you have the legal right to run a vmsingle enterprise + # that can either be a signed contract or an email with confirmation to run the service in a trial period + # https://victoriametrics.com/legal/esa/ + eula: true + + # using enterprise features: Downsampling + # more details about downsampling you can read on https://docs.victoriametrics.com/#downsampling + downsampling.period: 30d:5m,180d:1h,1y:6h,2y:1d + + # ...other fields... +``` + +### Retention filters + +The same method is used to enable retention filters - here are complete example for [Retention filters](https://docs.victoriametrics.com/#retention-filters). + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMSingle +metadata: + name: vmsingle-ent-example +spec: + # enabling enterprise features + image: + # enterprise version of vmsingle + tag: v1.93.5-enterprise + extraArgs: + # should be true and means that you have the legal right to run a vmsingle enterprise + # that can either be a signed contract or an email with confirmation to run the service in a trial period + # https://victoriametrics.com/legal/esa/ + eula: true + + # using enterprise features: Retention filters + # more details about retention filters you can read on https://docs.victoriametrics.com/#retention-filters + retentionFilter: '{team="juniors"}:3d,{env=~"dev|staging"}:30d' + + # ...other fields... +``` + +### Backup automation + +You can check [vmbackupmanager documentation](https://docs.victoriametrics.com/vmbackupmanager.html) for backup automation. +It contains a description of the service and its features. This section covers vmbackumanager integration in vmoperator. + +`VMSingle` has built-in backup configuration, it uses `vmbackupmanager` - proprietary tool for backups. +It supports incremental backups (hourly, daily, weekly, monthly) with popular object storages (aws s3, google cloud storage). + +Here is a complete example for backup configuration: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMSingle +metadata: + name: example-vmsingle +spec: + + vmBackup: + # should be true and means that you have the legal right to run a vmsingle enterprise + # that can either be a signed contract or an email with confirmation to run the service in a trial period + # https://victoriametrics.com/legal/esa/ + acceptEULA: true + + # using enterprise features: Backup automation + # more details about backup automation you can read on https://docs.victoriametrics.com/vmbackupmanager.html + destination: "s3://your_bucket/folder" + credentialsSecret: + name: remote-storage-keys + key: credentials + + # ...other fields... + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: remote-storage-keys +type: Opaque +stringData: + credentials: |- + [default] + aws_access_key_id = your_access_key_id + aws_secret_access_key = your_secret_access_key +``` + +You can read more about backup configuration options and mechanics [here](https://docs.victoriametrics.com/vmbackupmanager.html) + +Possible configuration options for backup crd can be found at [link](../api.md#vmbackup) + +#### Restoring backups + +There are several ways to restore with [vmrestore](https://docs.victoriametrics.com/vmrestore.html) or [vmbackupmanager](https://docs.victoriametrics.com/vmbackupmanager.html). + +##### Manually mounting disk + +You have to stop `VMSingle` by scaling it replicas to zero and manually restore data to the database directory. + +Steps: + +1. Edit `VMSingle` CRD, set `replicaCount: 0` +1. Wait until database stops +1. SSH to some server, where you can mount `VMSingle` disk and mount it manually +1. Restore files with `vmrestore` +1. Umount disk +1. Edit `VMSingle` CRD, set `replicaCount: 1` +1. Wait database start + +##### Using VMRestore init container + +1. Add init container with `vmrestore` command to `VMSingle` CRD, example: + ```yaml + apiVersion: operator.victoriametrics.com/v1beta1 + kind: VMSingle + metadata: + name: example-vmsingle + spec: + + vmBackup: + # should be true and means that you have the legal right to run a vmsingle enterprise + # that can either be a signed contract or an email with confirmation to run the service in a trial period + # https://victoriametrics.com/legal/esa/ + acceptEULA: true + + # using enterprise features: Backup automation + # more details about backup automation you can read on https://docs.victoriametrics.com/vmbackupmanager.html + destination: "s3://your_bucket/folder" + credentialsSecret: + name: remote-storage-keys + key: credentials + + extraArgs: + runOnStart: "true" + + initContainers: + - name: vmrestore + image: victoriametrics/vmrestore:latest + volumeMounts: + - mountPath: /victoria-metrics-data + name: data + - mountPath: /etc/vm/creds + name: secret-remote-storage-keys + readOnly: true + args: + - -storageDataPath=/victoria-metrics-data + - -src=s3://your_bucket/folder/latest + - -credsFilePath=/etc/vm/creds/credentials + + # ...other fields... + ``` +1. Apply it, and db will be restored from S3 +1. Remove `initContainers` and apply CRD. + +Note that using `VMRestore` will require adjusting `src` for each pod because restore will be handled per-pod. + +##### Using VMBackupmanager init container + +Using VMBackupmanager restore in Kubernetes environment is described [here](https://docs.victoriametrics.com/vmbackupmanager.html#how-to-restore-in-kubernetes). + +Advantages of using `VMBackupmanager` include: + +- Automatic adjustment of `src` for each pod when backup is requested +- Graceful handling of case when no restore is required - `VMBackupmanager` will exit with successful status code and won't prevent pod from starting + +## Examples + +```yaml +kind: VMSingle +metadata: + name: vmsingle-example +spec: + retentionPeriod: "12" + removePvcAfterDelete: true + storage: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 50Gi + extraArgs: + dedup.minScrapeInterval: 60s + resources: + requests: + memory: 500Mi + cpu: 500m + limits: + memory: 10Gi + cpu: 5 +``` diff --git a/docs/operator/resources/vmstaticscrape.md b/docs/operator/resources/vmstaticscrape.md new file mode 100644 index 000000000..13cf6793c --- /dev/null +++ b/docs/operator/resources/vmstaticscrape.md @@ -0,0 +1,37 @@ +# VMStaticScrape + +The `VMStaticScrape` CRD provides mechanism for scraping metrics from static targets, configured by CRD targets. + +`VMStaticScrape` object generates part of [VMAgent](./vmagent.md) +configuration with [static "service discovery"](https://docs.victoriametrics.com/sd_configs.html#static_configs). +It has various options for scraping configuration of target (with basic auth,tls access, by specific port name etc.). + +By specifying configuration at CRD, operator generates config +for [VMAgent](./vmagent.md) and syncs it. +It's useful for external targets management, when service-discovery is not available. +`VMAgent` `staticScrapeSelector` must match `VMStaticScrape` labels. + +More information about selectors you can find in [this doc](./vmagent.md#scraping). + +## Specification + +You can see the full actual specification of the `VMStaticScrape` resource in +the **[API docs -> VMStaticScrape](../api.md#vmstaticscrape)**. + +Also, you can check out the [examples](#examples) section. + +## Examples + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMStaticScrape +metadata: + name: vmstaticscrape-sample +spec: + jobName: static + targetEndpoints: + - targets: ["192.168.0.1:9100", "196.168.0.50:9100"] + labels: + env: dev + project: operator +``` diff --git a/docs/operator/resources/vmuser.md b/docs/operator/resources/vmuser.md new file mode 100644 index 000000000..6c1fdf04f --- /dev/null +++ b/docs/operator/resources/vmuser.md @@ -0,0 +1,135 @@ +# VMUser + +The `VMUser` CRD describes user configuration, its authentication methods `basic auth` or `Authorization` header. +User access permissions, with possible routing information. + +User can define routing target with `static` config, by entering target `url`, or with `CRDRef`, in this case, +operator queries kubernetes API, retrieves information about CRD and builds proper url. + +## Specification + +You can see the full actual specification of the `VMUser` resource in +the **[API docs -> VMUser](../api.md#vmuser)**. + +Also, you can check out the [examples](#examples) section. + +## Authentication methods + +There are two authentication mechanisms: ["Bearer token"](#bearer-token) and ["Basic auth"](#basic-auth) with `username` and `password`. +Only one of them can be used with `VMUser` at one time. + +Operator creates `Secret` for every `VMUser` with name - `vmuser-{VMUser.metadata.name}`. +It places `username` + `password` or `bearerToken` into `data` section. + +### Bearer token + +Bearer token is a way to authenticate user with `Authorization` header. +User defines `token` field in `auth` section. + +Also, you can check out the [examples](#examples) section. + +### Basic auth + +Basic auth is the simplest way to authenticate user. User defines `username` and `password` fields in `auth` section. + +If `username` is empty, `metadata.name` from `VMUser` used as `username`. + +You can automatically generate `password` if: +- Set `generatePassword: true` field +- Don't fill `password` field + +Operator generates random password for this `VMUser`, +this password will be added to the `Secret` for this `VMUser` at `data.password` field. + +Also, you can check out the [examples](#examples) section. + +## Routing + +You can define routes for user in `targetRefs` section. + +For every entry in `targetRefs` you can define routing target with `static` config, by entering target `url`, +or with `crd`, in this case, operator queries kubernetes API, retrieves information about CRD and builds proper url. + +Here are details about other fields in `targetRefs`: + +- `paths` is the same as `src_paths` from [auth config](https://docs.victoriametrics.com/vmauth.html#auth-config) +- `headers` is the same as `headers` from [auth config](https://docs.victoriametrics.com/vmauth.html#auth-config) +- `targetPathSuffix` is the suffix for `url_prefix` (target URL) from [auth config](https://docs.victoriametrics.com/vmauth.html#auth-config) + +### Static + +The `static` field is the same as `url_prefix` (target URL) from [auth config](https://docs.victoriametrics.com/vmauth.html#auth-config), +it allows you to set a specific static URL. + +### CRDRef + +The `crd` field is a more convenient form for specifying the components handled by the operator as auth targets. + +User can define routing target with `crd` config, by entering `kind`, `name` and `namespace` of CRD. + +Operator supports following kinds in `kind` field: + +- `VMAgent` for [VMAgent](./vmagent.md) +- `VMAlert` for [VMAlert](./vmalert.md) +- `VMAlertmanager` for [VMAlertmanager](./vmalertmanager.md) +- `VMSingle` for [VMSingle](./vmsingle.md) +- `VMCluster/vmselect`, `VMCluster/vminsert` and `VMCluster/vmstorage` for [VMCluster](./vmcluster.md) + +Also, you can check out the [examples](#examples) section. + +Additional fields like `path` and `scheme` can be added to `CRDRef` config. + +## Enterprise features + +Custom resource `VMUser` supports feature [IP filters](https://docs.victoriametrics.com/vmauth.html#ip-filters) +from [VictoriaMetrics Enterprise](https://docs.victoriametrics.com/enterprise.html#victoriametrics-enterprise). + +### IP Filters + +For using [IP filters](https://docs.victoriametrics.com/vmauth.html#ip-filters) +you need to **[enable VMAuth Enterprise](./vmauth.md#enterprise-features)**. + +After that you can add `ip_filters` field to `VMUser`: + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMUser +metadata: + name: vmuser-ent-example +spec: + username: simple-user + password: simple-password + + # using enterprise features: ip filters for vmuser + # more details about ip filters you can read in https://docs.victoriametrics.com/vmuser.html#enterprise-features + ip_filters: + allow_list: + - 10.0.0.0/24 + - 1.2.3.4 + deny_list: + - 5.6.7.8 +``` + +## Examples + +```yaml +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMUser +metadata: + name: example +spec: + username: simple-user + password: simple-password + targetRefs: + - crd: + kind: VMSingle + name: example + namespace: default + paths: ["/.*"] + - static: + url: http://vmalert-example.default.svc:8080 + paths: ["/api/v1/groups","/api/v1/alerts"] +``` + +More examples see on [Authorization and exposing components](../auth.md) page +and in [Quickstart guide](../quick-start.md#vmuser). diff --git a/docs/operator/security.md b/docs/operator/security.md index 64a0e9849..774640ab1 100644 --- a/docs/operator/security.md +++ b/docs/operator/security.md @@ -1,25 +1,45 @@ --- -sort: 12 -weight: 12 +sort: 3 +weight: 3 title: Security -menu: - docs: - parent: "operator" - weight: 12 -aliases: -- /operator/security.html --- # Security -VictoriaMetrics operator provides several security features, such as [PodSecurityPolicies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/), [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). +## Access control +### Roles -## PodSecurityPolicy. +To run in a cluster the operator needs certain permissions, you can see them in [this directory](https://github.com/VictoriaMetrics/operator/tree/master/config/rbac): - By default, operator creates serviceAccount for each cluster resource and binds default `PodSecurityPolicy` to it. +- [`role.yaml` file](https://github.com/VictoriaMetrics/operator/blob/master/config/rbac/role.yaml) - basic set of cluster roles for launching an operator. +- [`leader_election_role.yaml` file](https://github.com/VictoriaMetrics/operator/blob/master/config/rbac/leader_election_role.yaml) - set of roles with permissions to do leader election (is necessary to run the operator in several replicas for high availability). - Default psp: +Also, you can use single-namespace mode with minimal permissions, see [this section](./configuration.md#namespaced-mode) for details. + +Also in [the same directory](https://github.com/VictoriaMetrics/operator/tree/master/config/rbac) are files with a set of separate permissions to view or edit [operator resources](./resources/README.md) to organize fine-grained access: + +- file `_viewer_role.yaml` - permissions for viewing (`get`, `list` and `watch`) some resource of vmoperator. +- file `_editor_role.yaml` - permissions for editing (`create`, `delete`, `patch`, `update` and `deletecollection`) some resource of vmoperator (also includes viewing permissions). + +For instance, [`vmalert_editor_role.yaml` file](https://github.com/VictoriaMetrics/operator/blob/master/config/rbac/vmalert_editor_role.yaml) contain permission +for editing [`vmagent` custom resources](./resources/vmagent.md). + + + + +## Security policies + +VictoriaMetrics operator provides several security features, such as [PodSecurityPolicies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/), +[PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). + +### PodSecurityPolicy + +> PodSecurityPolicy was [deprecated](https://kubernetes.io/docs/concepts/security/pod-security-policy/) in Kubernetes v1.21, and removed from Kubernetes in v1.25. + +If your Kubernetes version is under v1.25 and want to use PodSecurityPolicy, you can set env `VM_PSPAUTOCREATEENABLED: "true"` in operator, it will create serviceAccount for each cluster resource and binds default `PodSecurityPolicy` to it. + +Default psp: ```yaml apiVersion: policy/v1beta1 kind: PodSecurityPolicy @@ -48,19 +68,39 @@ spec: - nfs ``` - This behaviour may be disabled with env variable passed to operator: - ```yaml - - name: VM_PSPAUTOCREATEENABLED - value: "false" -``` - - User may also override default pod security policy with setting: `spec.podSecurityPolicyName: "psp-name"`. - +User may also override default pod security policy with setting: `spec.podSecurityPolicyName: "psp-name"`. ## PodSecurityContext - `PodSecurityContext` can be configured with spec setting. It may be useful for mounted volumes, with `VMSingle` for example: - +VictoriaMetrics operator will add default Security Context to managed pods and containers if env `EnableStrictSecurity: "true"` is set. +The following SecurityContext will be applied: + +### Pod SecurityContext + +1. **RunAsNonRoot: true** +1. **RunAsUser/RunAsGroup/FSGroup: 65534** + + '65534' refers to 'nobody' in all the used default images like alpine, busybox. + + If you're using customize image, please make sure '65534' is a valid uid in there or specify SecurityContext. +1. **FSGroupChangePolicy: &onRootMismatch** + + If KubeVersion>=1.20, use `FSGroupChangePolicy="onRootMismatch"` to skip the recursive permission change + when the root of the volume already has the correct permissions +1. **SeccompProfile: {type: RuntimeDefault}** + + Use `RuntimeDefault` seccomp profile by default, which is defined by the container runtime, + instead of using the Unconfined (seccomp disabled) mode. + +### Container SecurityContext + +1. **AllowPrivilegeEscalation: false** +1. **ReadOnlyRootFilesystem: true** +1. **Capabilities: {drop: [all]}** + + +Also `SecurityContext` can be configured with spec setting. It may be useful for mounted volumes, with `VMSingle` for example: + ```yaml apiVersion: operator.victoriametrics.com/v1beta1 kind: VMSingle @@ -89,5 +129,4 @@ spec: limits: cpu: "1" memory: "1512Mi" - ``` diff --git a/docs/operator/setup.md b/docs/operator/setup.md new file mode 100644 index 000000000..3c0e6c378 --- /dev/null +++ b/docs/operator/setup.md @@ -0,0 +1,117 @@ +--- +sort: 2 +weight: 2 +title: Setup +--- + +# VictoriaMetrics Operator Setup + +## Installing by helm-charts + +You can use one of the following official helm-charts with `vmoperator`: + +- [victoria-metrics-operator helm-chart](https://github.com/VictoriaMetrics/helm-charts/blob/master/charts/victoria-metrics-operator/README.md) +- [victoria-metrics-k8s-stack helm chart](https://github.com/VictoriaMetrics/helm-charts/blob/master/charts/victoria-metrics-k8s-stack/README.md) + (includes the `victoria-metrics-operator` helm-chart and other components for full-fledged k8s monitoring, is an alternative for [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack)). + +For installing VictoriaMetrics operator with helm-chart follow the instructions from README of the corresponding helm-chart +([this](https://github.com/VictoriaMetrics/helm-charts/blob/master/charts/victoria-metrics-operator/README.md) +or [this](https://github.com/VictoriaMetrics/helm-charts/blob/master/charts/victoria-metrics-k8s-stack/README.md)). + +in addition, you can use [quickstart guide](./quick-start.md) for +installing VictoriaMetrics operator with helm-chart. + +## Installing by Manifest + +Obtain release from releases page: +[https://github.com/VictoriaMetrics/operator/releases](https://github.com/VictoriaMetrics/operator/releases) + +We suggest use the latest release. + +```console +# Get latest release version from https://github.com/VictoriaMetrics/operator/releases/latest +export VM_VERSION=`basename $(curl -fs -o/dev/null -w %{redirect_url} https://github.com/VictoriaMetrics/operator/releases/latest)` +wget https://github.com/VictoriaMetrics/operator/releases/download/$VM_VERSION/bundle_crd.zip +unzip bundle_crd.zip +``` + +Operator use `monitoring-system` namespace, but you can install it to specific namespace with command: + +```console +sed -i "s/namespace: monitoring-system/namespace: YOUR_NAMESPACE/g" release/operator/* +``` + +First of all, you have to create [custom resource definitions](https://github.com/VictoriaMetrics/operator): + +```console +kubectl apply -f release/crds +``` + +Then you need RBAC for operator, relevant configuration for the release can be found at `release/operator/rbac.yaml`. + +Change configuration for operator at `release/operator/manager.yaml`, possible settings: [operator-settings](/operator/vars.html) +and apply it: + +```console +kubectl apply -f release/operator/ +``` + +Check the status of operator + +```console +kubectl get pods -n monitoring-system + +#NAME READY STATUS RESTARTS AGE +#vm-operator-667dfbff55-cbvkf 1/1 Running 0 101s +``` + +## Installing by Kustomize + +You can install operator using [Kustomize](https://kustomize.io/) by pointing to the remote kustomization file. + +```console +# Get latest release version from https://github.com/VictoriaMetrics/operator/releases/latest +export VM_VERSION=`basename $(curl -fs -o/dev/null -w %{redirect_url} https://github.com/VictoriaMetrics/operator/releases/latest)` + +cat << EOF > kustomization.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- github.com/VictoriaMetrics/operator/config/default?ref=${VM_VERSION} + +images: +- name: victoriametrics/operator + newTag: ${VM_VERSION} +EOF +``` + +You can change [operator configuration](#configuring), or use your custom namespace see [kustomize-example](https://github.com/YuriKravetc/yurikravetc.github.io/tree/main/Operator/kustomize-example). + +Build template + +```console +kustomize build . -o monitoring.yaml +``` + +Apply manifests + +```console +kubectl apply -f monitoring.yaml +``` + +Check the status of operator + +```console +kubectl get pods -n monitoring-system + +#NAME READY STATUS RESTARTS AGE +#vm-operator-667dfbff55-cbvkf 1/1 Running 0 101s +``` + +## Installing to ARM + +There is no need in an additional configuration for ARM. Operator and VictoriaMetrics have full support for it. + +## Configuring + +You can read detailed instructions about operator configuring in [this document](./configuration.md). diff --git a/docs/operator/vars.md b/docs/operator/vars.md index 5142a05d1..f127dcfdb 100644 --- a/docs/operator/vars.md +++ b/docs/operator/vars.md @@ -1,16 +1,12 @@ --- -sort: 14 -weight: 14 +sort: 11 +weight: 11 title: Variables -menu: - docs: - parent: "operator" - weight: 14 -aliases: -- /operator/vars.html --- + + # Auto Generated vars for package config - updated at Wed Sep 27 00:09:29 UTC 2023 + updated at Mon Oct 2 12:46:32 UTC 2023 | varible name | variable default value | variable required | variable description | From 256d8002008188bea2e1842ebf92d232ce8bb918 Mon Sep 17 00:00:00 2001 From: Github Actions <133988544+victoriametrics-bot@users.noreply.github.com> Date: Mon, 2 Oct 2023 21:50:18 +0800 Subject: [PATCH 39/73] Automatic update operator docs from VictoriaMetrics/operator@44bdc27 (#5104) --- docs/operator/README_operator-workflow.png | Bin 0 -> 824679 bytes .../migration_prometheus-conversion.png | Bin 0 -> 651680 bytes docs/operator/quick-start_alert-1.png | Bin 0 -> 319487 bytes docs/operator/quick-start_alert-2.png | Bin 0 -> 387339 bytes docs/operator/quick-start_cluster-scheme.png | Bin 0 -> 414280 bytes docs/operator/quick-start_select-1.png | Bin 0 -> 379751 bytes docs/operator/quick-start_select-2.png | Bin 0 -> 618475 bytes docs/operator/quick-start_values.png | Bin 0 -> 966762 bytes .../resources/README_cr-relations.png | Bin 0 -> 1350033 bytes docs/operator/vars.md | 2 +- 10 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 docs/operator/README_operator-workflow.png create mode 100644 docs/operator/migration_prometheus-conversion.png create mode 100644 docs/operator/quick-start_alert-1.png create mode 100644 docs/operator/quick-start_alert-2.png create mode 100644 docs/operator/quick-start_cluster-scheme.png create mode 100644 docs/operator/quick-start_select-1.png create mode 100644 docs/operator/quick-start_select-2.png create mode 100644 docs/operator/quick-start_values.png create mode 100644 docs/operator/resources/README_cr-relations.png diff --git a/docs/operator/README_operator-workflow.png b/docs/operator/README_operator-workflow.png new file mode 100644 index 0000000000000000000000000000000000000000..1b5f2ecec23e84bc5289d011656ad29be572b759 GIT binary patch literal 824679 zcmb4rby!s2+O}dKwxXhhATdZc2q+~XF`#q~ox{*DG$INj-7%D;)F2(hfJqHqL!&ed z4AL>gw>jT+j&r`t_w)Vz0W3C~z1Opz`+n9_Yl5FE%U!uhdGXY#Q&;4lNvobZbus7E zDKhd4=YcDM5#6)EkJHYoa#E*|oz#oKFVg1P@)lt5DOO;7;ne9M>r-b>ZUMe1fv;1i z&SacEbq4r(`s7*$$-n=4F(>29zsF?cCpYqxkO!VRC2>k#T2kHp^zt}qih)Mu?wSBP zkD2koCM5f=XEVvO+mZAtN839;9%PcdqSKJ^P3yB-o&*k6rjG`1Fi-dq$ zH^q+8+roqjuiOdI7*W2)jn;Ny%Y@3EqlpLYXt??0D?8^4q$C&UUY`1A-*hhAvgk=b z{_}slpnW=8bx%^_)akR=|IxP=-Iv+@MPy|Ebfy>RBve_&&;0Y5>RgJ9O%`}?`kzhn zM5bp7vzGr@J_$M~urlQ!#($`Z6T#&34=(>>6<#pokWjT5e0}yGso`HY)3L;*|5N=* zoboR^_e`N9Ir7v$*9BwFI^RE6d}JlCGCJfp|G6$+W~=+2|L2M?yFrE}g zU-bpm02p1_*7buJ4Kz@m@C#4KFY()+II<*tg!Hi{nbKo)1SLo*TF+? z*_nNVST=vj3-ygPPcL4Swg9t4_nJ5xhYwsaSf3u%!eo_H3=s~i*bAT`(`DB# zZvBgBaoLBezU@&MhF5sLhO7)ZtP^+U?=;P@1i;``_5M8Zt+E-PP?tt$jOe`9c4lMLy6fe!-NC#Vj(~;59nXjyF zV~MBy$7MW4(r{wB9um{#(}(Ns+bf#2d+*QpIK$!I^5wa=Ft2XYRQ>wGm1Lm8Oo1uf z7%{_aDM-Vm2C^`l9*bzrJ;FxE`Y#NJ>g1R?CTmhKQIp-0h7aPlMUckT$o`f6O?AL5 zOb?k~ZV_RY`_(xS@Wg_+p-nu3)-JM|P&%E@sR0*(tzItIgpXybhmYndY)>}mzdJN| zK01P$Eye22q**50Mnkpe#a+8#Z7`>$x|k5zkN4H&{yGIGHoz3yJqZpZwgF%1y8A~s z;Nk;}jebRvcd%|2q1xJXs@bi1G{)=JvRTrfE68M=Hq+vq`qMOc^K-dB4D9;(mc78I z^f9`E*OvRIcZ#Er#avR<;}EBXiJ|((`S|m2N~kW~Jw9!;N2Iw>M*rKcsZNCHFefdA zS09jB-80c3xB$(c3~1UIouNhwfc_6DW0avvrts=`kpXG z@K2;+EW`lNJPYw{1ltL=eo(2Oh>kiXl5(EB@X~C{6V};FUK*_;F-Ar5KV5?!8&ASfx zwndK9{)=hz5FMscCp)4i5?kKiCdI!81fa{xOIqg|k z;mKJA^%A<^Xd5}pBd*-s%;#4pi>1PcQ3`_yU3OZo)kwvo8rd{2lz`w~*YfiR%rvSD zR7o`I{|kKgJUp3!x4I5F@eCx4WDN4gwx4B;>g@CaT|x{oioQ>_qkJS#_&<+M$pIv%FGc7z%RStWm$-=VoTfOfris4~>3(BLZ(ru2cc{X^CtZOCtZ1Eah0C$!3z z3#q05ZT`7Q&Oy>AL5*G?CDYuC&HI_(Z*Ts(m3Vm!;7v>b92p6~{$B_a;9z5kw7;*; zkepF~rT(ME_-#ArUVeIZi;l&WQOu_O-tS5H-=O=|>jiV_m|T+X+H)%s&3PuMnVB56)QW>&Cu&;Ofq!@dw3g{unNz9q`ar4Q=>WG{9jJkZ*>ukB>YaCo`{<; zVy@F^oDdjUTLQs*RLLjnVeL#Tm(CJiXlpq4{EG21kwM5ZFmi^>#GbUun}xdh!+=Q)ZdOesNK{sAf%xz+rN>~C=SlOK2eh81izUe3@u z$}7z}dcFhyfx$ZHnk1oXtP``L8q_e(Eae)FlG ziN(mhwjp5zg9oQ z4lW*d+P85bj{JK#J}KvC5!TFI ziG&UO1+N`M-&DvLq?7^S;W%S_$ z88*gKM6OQcJPAe<-nOhp(K>obcIRsTK6iy|JV4>=k9oDy9_xSxLOb*1LTp6M6Z-D7 zs%|`T{u|m)kvwJL7MXOVQQ$EldJ%Wq*>J+*`p`Rmo$~BQN<*O<;lB{G&@bQG1LN^V z0_8$%aed);nZL_qIgi(M2XyIC7A0KzyGReuz6+v%$V0TXNf?=30D!G%pmtC`PQ}og z%wT#u05RLEVf<<-uM0vCE;f!{`awVESMr8U)O@^EW>5Tu#oNE(oI&+vs;b<~*Cyid zvL)6B&9_{m zu1>m2yHR@1Hx`kt4qkX{H_7VZI5U8WW_`*FW|4B# z;gzzNxG#QWRG@_DcK%`=wP)#>;B9WgJ#{$>OHdmaFu^MX6I&bj|6<`l`{O?M}|5Eyo-mnjt_ zEI`qm9~4GD?plFl5jxGRNzrx#rS%SEZu12PMDI?cSz+sWemTrmcr>im#TAZuHJe&h ztcSfP7qKevKmfLqcVDa%1Y43DgR0_o3#58z6vcH1A6UHYpFW~3X22zW!&-J+%@%qx zX4I8`g;YDS@U=S4_V}BX_3wuTFx90~d6Le5A=-6`j7gGn<8upeC?)as`RVQL?#Y8| zkKw^ZMXS-2F%CNE0gSyXLadeYDXW||U2QVt;{OWxCkhn+f3bFuIQ5U8k3j0UOm2Q^Er>RSlu(S;Y2V@zC0sk-)p!FgPb zw3EeKCz%pIT3u5F&MsR>y#HSgI9`D&tW>b1>)?y~-lQmYh^5|rpuJM~cGKTd82&F< z0sTDmG19q1q#yay;P}TsduLUxoH)Rp=7T|?=!suwmi0J{rrB-iwuQOVcImYF^y1nz zr<&DTQ0?7~5ne*(;P+roW3rtm2*R-!ZpC9D5mup;TP=wnqrK z*=oNM+RacmZuz>_8LT8JAB~Dgwk+}xA(T$w5=5bt+1o(WKEx*ZKRhRfoBw71Zw*rS zwr&yGu9u%4-f%xk)kH<>GiKXlEUimzyx95~{@#*W!1t4CocTGYwP11+vivI+a=rG3 zdQ^(f#(|WV$I|+}vPri?m1jP?v++aTA}EvUZCMQ9>(j$KtZ$8zxzaUDifXiEB`7DX z_d3W8^tIRT93GkI)D@^TxJgvn#y+c9QSk^V9XK+brzBZG0WKrS;;l z>nl0MFZD+uh`ojV>vSxY*XRm}B)`i+($z=~ikve6Cx7z*Vv$$RF@r8`@}$@nWsCW~ zr|{xfmg)V8;EkE5O|6?P;i>k%V|LLZ2`w?87yUF8zSghwecH_6qa_B*z?$hLltEjEuDud5W%O&V|*-~ z+f(OiYVRY}r0VRazU~KSQGBrH!x15Nq&>&tHM!>;Zu)&E-a+l=cL z8VQ8{l~r_9{y-JUjQnK-kyWLOJSH&!bvYfEQ-pw&t`3xD?bYm&Za8^*p>;ySSOJx^S#kTew;rgQK;*kgKKk;vv@0Ucr`PAfqfHgs-G9PEIwN z({Fzu*y$59o5>S|F3NnB?@n{uSVt!!q4gv@XBOg!Ths74_7XEF1oc-XNo&JXJa-@I z*t&ty8^N-|P7w+ovjKv8pBM|bU5ohMKXck5~TMiUSQ+NhZ~aI}Fv z;ayA-7ca&^w5b8$pqao9v1mm5-*1mWLX+gX&Q>lT5dklRUhs$Csk&w@RX~40I22^z zwBbj2yS0U^R&FIn7PLmqFL7r2BIg$yi{qLhSKzCUEmm2DH!e-fjBd?q|KD&?H_iP? zXw~21WlIRh#1kkwnV(U8GR$Gw{=^f4*$yJ z=)3yCsdoMz7Y`q7Y$}sv&p{{1R;*C^>i*B01jjAp_*d~%PVxdmr)+WYYP1)4eLl{w z*xA7A$??WyN7+u*>^<1Ki(kzKLK^ucj}FvhvOUI++_M(2lbjH_Tov}Vw^`?s&Ag(5 z9ZzgpNgtXLU!s#cEb_l#tFTC z&WY9 z`sSXIV^D?b<`Ms5;3_z3MUb`QZ5;dVx;dNYc#?XI9u9%ZF3lOmUlcV}Ed?upn_34B zWpTGKk2l;G94BRPEur#@t(CQu5s&_cTkfi}`xCxawjLjKiHI(n^9i~UXqnd^mKQ|Z z^s7N0-yczO+&SOe8kVOLC7jT~J)fW7K(N!|Jl>z2AXgQ5u{mQ{Osy_ea8;xh^yIX2 zPg|#vvc1pPgr!u0;L*}7o7r}L$cYmtIav{cXs?4$)Uy}2#dGKkSd*)6<(4Z3@;}gM zPPBK+b8SAub=5w)j4I*3s6@Oy{F`*4kdvg=swt+82y`Dw*l=~yF|Hv<8HOgPNtZZci(g387YiZU-;Fje)vxvZT8=J=E@Y6; zColY(M@2DNHG*fS91yd`Dj+iUV&%J+S88^KLBa=LawKCqEaF=N5|k1c;3cul^Gz}8 z0kSLxCAi96znm8Marv!s8fN^4M)Z(?~3}T3SfHt zw`8eWTx(Om*i)TH$X+k~ISw*7n5J#*ZP>q8`%fA;xn?Ry=bhlbT$B_?f{6@bsuMP9;j$S)Wwb=E1II?Hl}ksj7{;<+JPR3en44N6yjIa4I&Lr;6RD>~%fFhUC^cLC@Wbvb z=;y{8Hp}z;L6DE?NWToRn$<;<#RBEwz0nY}&+oV$o%gfpYk}}Y+H`EA{nJfV*A!P~ zOHfY3-r5g%l+VIshtsdlxU#(>2hu^c5*-$xj&M^i9^{|qv+OSH;Pys6{`OhdWCvV$ zh;qt9CK=;YHrjX2{AAV0eCWeKIuP+z@~71geF5OVdErb~*>7i~Dg4ujf`Z1+kao^I z%gK+df#cmKWg3J>oOK*yG#ZFB7l$x*zTg6yGn4)Nck{Vthr7nu;ZcVUIw*awC9}QW zyn+D7h7G^U^#}??0HGp;_V7VN15m7t9Is+kgeGs4%~f?Dr-Mr4|C+P8-V!I#Hd
Wtm=U{xM&85Jf zqp2#Fy_<)P6Yo6z)2b0)`*h*<0%82ejXLh!|H3&vEjvCE?_kZtH5OP*!*L+ z;Y=m`agRvZ);^QuXyX$sqsHu;(zDnMr$`FGVH5k1HfpcVD!#Way_YUJ*plb>QTo1b zEz{c#L|<+TP>dqov8Jd_5f*rOG&0M!yyXDO(TwwwFJEP+9@`ISb^d#OOd0@dn2|&9 zZ$f^uBHuNV_a^PCENy6={*p)2xaT%WmTwo1Q+jw4JaGV&!D{JyQVj(@3)F4cJQw~H z0+jN~ygNR@qsEP6RDlftMd7K;9H--rj?W+TkXrQ4oQMa2WxLYmiK+pjfPkfD2rR0t ztefS--OP}w%n7&?O{Otf$nP2ad6cDZv^%jyJsZh>?Y9y1_r8_b=&}OJS?bJX!?n+k zBC@_QN_9>Y*?v+Y*c)uy>gs$l!K*FIp@cF_pQH3O}5aJ2T1T5)`Ir zo;K{Wo#&@depcVoBG1ygy0sY2-FgOIX?G6CtADQ`V1FF{;e!Z-V0!yamSY z^>fq#T@OgF49HcKQU2JvLjYUnBd8QEqVe&IBbUyK&^j~8D35sOo&?Za!duVcboH2| zxc#~2Gl~l1E*8P{2a<>)>x<+fep{0dG?Rm$-c9ZPn`PsU2e3k;7$FG#?W){$CfSJ3Wqx{<;@g+F)X&ce zFs=Lgs1rmub@*%nodasV9`Mw$WAD}ABt-kecnV|+3*bFYNtvZsDzU~}lfRqU^(hRf zd&Mmz_z)oqWWu1V7iZBj?`L0lX||PH>ckq{IO_Sw+8Q=f-9z+}7 zU7wRGT|;y1Z6aD2ofFgUE!AXlsaAz&`?RA$?Gs1tiQb-*GRChKyN)VkIct3?aTC)z zJ5GiI}rmkfsb~x;e zYN|oEVK7|E`nm4+@?XDePD0Bbyn0Jy3H5JUUl>hSMj;64~#3%xI@`RX^iBp{cHR#H`II$MK6ofAqozBgWjOO4xQ zsS1B)v~>&ILsYF~#-*0^Ra3O4U@V@=D3}yp(zc4$=@K=5Ma_+pvh&K8oPcycU{i|5 z-DUvy$GH}5|caI=;g8>%6C~!^}dafE```0c7;#u85b9u}N3%ezWH8@t2|s=~Wdh}P+gU|xrWq9T<~*VbxY|E<}@zlY@{ zndq&rbDPMzu794|jCeNZd+*@dQVZuV@CSd{cpU{<@5S@qgkdq(d^ z7*s!uSpmPol?kMl9rgQ*j|+D*RxXv|XXqDs)9o5_OLxpVW-U?zd}}J2_pILFH|x5p zW(8R^R=d#FabxcLx6qfvg~aVHA%iyPlg}2R(77vCqA453?8JV`AE`1-g0|n|E5kM| z6T_^W1V&TGFh8QAfZl|XtI-CGv~;F;AzpWgrdcV$C^-64)d_vd9Zfxv#D-*U6tsWeDWz;wbi+em{Bd1V(sGl z^C*PX^KQ)d6I#28!J_ypn_@&_4BoZ#r53EeS6uhTuV@NyN1L}Ad)52FjZyl$wB)b$ z**ZEu_B@5VK3R-Rw(9w4c)Z`RZ%i9=nrLDEw1g5yE@VIzq3*tlCQ*yb%iFs~j$V*w z>WK!5G0i}O*G#FFo~@(2qd&Xec#>@|&L?4b%o)h{VDcLwESI#d7L}YwLYJZg=Ny8% zA*71=^*{nscu$K>&Bl|{)6zIdsemlq7swFIb$&G5S9k3?9r)2=FxG_1z~Irpx%Mai z{p*^)?b$DInet#MLt;F%u=xv#cSdCQlWDBwQIA^$^p!vw=s()5F8DO}WxV$*1u!Pr z1C;*Teo}B=!4tgJDi*a2es&aQIU7w+9ykQ(J1Ev*pnlEX_Ak8BMX`6155|kJT#NQC zDV1z%PO7kajVp|~bC=^K{<67;O8W1LelxxPl8GoQ!%cY(;@QZ-6@Po2MxB}e`Fsg>Js>^akGGnuu; zdUuKzF4UbA&}+gW)QzjZR^#`3${Zj?pg>vwD|Cax(cthtpFvDUb`Xe8|EpCX8J1MN6?zJWlkU zGhS|(X}_VIdkn2PAM3VU3DyDj<#<yAsYM7irBaD8uWV|wl@ zQA^FAX(Jo{=@%L!?4*>)LL?W1?vJ1MZ}JCuy%4q4PZlw=mQOsDG-7n>4G?3*iKjf# z5F@m{3x$Z+TWdVu9yn7l8|Q&ueO(X+7lXa%X7(&~Fwdi|Q#60RiD<-Pt|DUFfWp~n<)%kn&5;SR+c(fafL^c00uUyF6ctJU7<@8$&OqdH{kW@eni z?!gl}Ft$ZZg(A*3W9W$9|Hm0~Z=c=Y8(bU;F#b+-YpAq8XL--u)W`%mZ4lG|r>uPJ zPN0~$0-r5x_3Z z(Q@J-eH|LN7=71<=7Y*kpC}|q|bqz z1SzYm7m@8;*EYh-!Fun_3CxWvx!P?cye5mFNPYC;DzE6Pt22*QHl}AznkQa&Ozfw+ zeXGgXF9ESsiZ=tzt-OBLj~Xk)(uY1uhYuC27POJ3Jx9dFLfTa&xR|=hP#c>m@)SnkM{_MNvUK1TQBD7{1{5YEb8d22MTq(ApSy%xN zl#ic0Hh@L+jrkPv3Y+XGoYY7b2Ht1ZsB9=yj>Yb`FbtNlbFiF z=T{JP=sRug0nth*sYLt?NF$ z7bU|cIxC7DygG`^De>(F0j^F|HAMv`Bx>ANEm!#l(LDbwTO?2dv|+vUhUl-MO8%DM z-gyVw=2bl=l&f(_ ziCXDKXanK41Bh%+{LAZI=Jip6pfhvl2l)~TG}XLUUslkqB$}_%dr}%1A6d?Hhfp*t8Vg( ztDvZW>rm^p%YVrzNF1MCpQdR#>WI@M5|6GsM51u-!%hU4{-*;iU}0DZzL{fJM{UGx zj*t-0$N9lor|;vgk|8HVMcM0c0t`5BUR%H03wl^dyWk=N;J6C&{d~|0e6aC_(D%fgEDr=gqf!;FvJ0;ynEN2l^ah3>`AE%2HiFI+Q@ zwnWHBb8rObHQDlJX&-q{@T0PpPNx?|ww1a2Aeo;aS^17)ob{v|Gnb>N3c`FMSt_ppR+RQ&*>3N-3PKK!`(#7l+TU>!C$`d`+1?q*bs zT!T>o@-uYORk53Yia=VP0(NQRm!z=*5rQtu{#etR4vr59j#@51>Nn|$aKt_pZ#z6` z@ecG8eD>5i@o=Pngh}Y}5M5)P(Aa5>(dul*9GkuKeeYHhAlK&HeS8t@IzZS2R6>}N zZx3VEuz3h+a^*(&jC(%dpT-DYpg*v zJ1)nyOG9KbRS;LZn#)Hxz6Be`|aHa?jA)O>XdX8P&vAXN+~t;^qC67+1486{bG@gZ34v{7Q<|zf!SPJ1G}Ct{{d8*FXuA&5YvUO@$A(`t9*9-o}_a5 zRPSeD-qRVBI_je=aG=Ssj==^kFMHTXz!9jYnGMq(0zKP3mZ;DC-4RL0Oc0FEttrQ zd(&EO`~{{RADR_w+*_=eF`!zlSVA?KR#|*ciyV$FMN8|dna$tD#b{cHSnE-J)kkF; zm9&SzVqP0$A}0lP=Q-mrtEUOG zcI;YnsXpX1%@xkD`bTTLsrnURAz84j!!ONU(A9w;=(~x+v%ejHPebI~jZzkVGmOvN z`dUtueyS0!43Lmc_(BwUgl)jgcM&JB=G>=`ms}EsAPGg*F;6%>ATBX! zCgsqUGn3;ls*-i$2K0ey%)5xrf8Px_Z8Jfi3IaLzmaoM>Lmqt}ZVei2!Cw0ib&Pfn zJ6JOeJA};417)v`_Rg$YG5&jQ_@I^b{UF%-{(+l^D+Ey_*owdp0R>ra$3`1ez+$_+ z4Du1K9FO!o=!(avmh(aV!hwbtpac3Llf_rH!+F2DavKEbeU)nnDBDJ=_nlJsA&t(P|?+4~7 zdWL}n6U*oc%dl^c;;h0U}KaSjhx3ZYFm-hQv*A>Trx z&pT{w7eyU3i+;d)*o{0I5fesg(bA4~j8kDdAB(~J#F&5J@5;8YZ>ABO>!!K z9=2}liNroGaA$=fh^Ktq+xnFSYH*mqsW;zdx>BcvoAK59PA? z+K-|hL6opUp|s)V^Lf)t2d^5A+;iCx(=&&btsX(JSn!1hECOs|B1E%`q$Ro5(9bSj zW2~VJ+6ca)INQ{h*8()RZc*B!^S@`xe@GuL)wfV$t)g`thX#qU3Isdn50AS{L|-k( zSt9B!qE!rm6AH-=qLHRPd?j3dxw>MFa7Fj+fg>J(R zpjzJhcsVlkYjPyVTIesuZ-F&)yuOW-{E^1-r+i9h+pMqg8W* zm6uZws-onfTqR=5s|I_sS2?Wan}1ECY$%xTO5zSBAgPEjs;=*Al;>cThW*{NT6&}L z$oJTB`^8BsDlYx!ku_IR^aI*GwWd>J)(&*ehDC4rG%2>%lpKjXF9WALKU1Q26mHaf+smET#nj%#7x3y z7xQ|KSzv;`cFr9(;yuL?eb|SkHhe?y>WFJ%un12oQsHFPNl#Im+*-SH?{Ip+Zlu(? z3QB2pJoIA@l;wBLd2qh9C#&SzM7tI3iY+qcko+ef1lLle690|#Z8$A@P;*YlugKBD zr>L&0mXYdPme=t!VM?BIF$iz>-om@gW(k7jbd)!B)#kep_}?CrG# ztKy9?p|_J;=(L$vq$7>hYvgK*S93;qLPNLBPt_;>`?CN_M;frbqx$^nvIo1rM(71i zWC_|Zg?e_vjcmSAW3!nLUbu6iB+e&H)s9|HU zS3gwAr_GPmDA@TuPJ5eAt0N9oD2+u>cMFNxCUoJoALP+KnRvZ&2Rx&Mr_P*yVsX<- zMJTvpn3@ANF8DwLPF-v-sADmgD3J54O24E6s8&-xjnRu~wka3IyT#qfC6`FTn1n^ppKyps+_;ggiXdp{vP#jv$;hUQi>g4SrN!d62; z{d2)2q~S!L@S%2i5X2@*t6jOE_E8(EAiFF>Hu(}RC$q2#AFkGG09rY>HZ%D-JSW&^ z+f^v14?Y>NmZO8$mM#3&7_?2sLxwR$O^UD6vj2_R<8^}6v>JCoJRV%n) zI<=_JFDdj0fr~bYQKGuXc3;TnF|1^z_eivp^w>KwK+z5iDqiyOOj3-!LT)F(GFa(q znQ&0B)5>d5J&MML*>}yY8k9V~FWu<&m z&m&Nv;$t_m#@ufqP?1_*7+j`ITc)OIQSXY!{C)n#hv6Z}u*_ zsTa?S$tsd#y?Zs-0?KT;_`yX;t2d#mDK<~7Uo98{~at=o0#dK(6 zQLhdBLNmq;vlKZ8oi>8b_@`X7nkoP{4U`8{gCSwe?Vhe8HKR|4D zrgqOY7uy8JW$?EFueAf=rn&hzndwFM&$_mE6KV?AU^!1l_hd&sHTK6rtX^A?vJ#5E z5Gdu)q|7VFcC=7K@!HaI4TO+UGTBpA$>UP#%Z}!T|4iBJ#HHUD-IA|>AEwG&9}Nr- zja#;-)Gf()?3kX2P;_%!L;q^6m0Qiiy2bmy=oaF2yDrXSXGM;bA;^tF!=QODd%Sks zJ;|o)nl?Q-uur=rZM|q|g={QDfBg^V-}Y~H?>zdVa-W|nCb9a?IP+5~yarS6 zU=LGQ2j)P%$uISZo?xnAjf$UHUcVSEJta{REpn2?d9G>(=-1Q2-8{FsA6ux^mNpvO zS{%XO=0|Je))~rJWaDGl90uCsOWNHF3$XcDQP{v0K2X@fnLT`;v;(;y@IXU6kiexP z*k*qOu_rfLZ7@phe{gNr?9JnK1;rv{Ma`$jEE{|eO#}`blSCRG3OuN6bUfZyidjgw zFMhNxUCsupRR>No6mCqRN`S^bRS($F54f@b!K5v;m!-FVxfl#r8n<_Qf9sZ;JZku7 z#kjB%R>G7gsrWR$eThez48lTZ_ zC2(6fL69Y6Q9Kl*gY7*BKU-8kJ+8PJbXGu7wJzepX|B%$dLI=vE8%lmmkw8?Fq^-S zE9TGdAC3UmBuBXucCnQPxykm4ndfal!_VQ0_=$>G*jb z`!K2|`6lcS-MLO=4wRx_22|XE_AJRlyYU=|*jFJ_uh4FineJ~P=@xKXogMWIl4$GK zx%i26lpjKs*8X}Da^+^p*5HhZ$Gm%p|28}#IAmDM50=ma()safZ{Ez+yNQwuadlcsy;??IJsWg~^fo*i(0XB?)( z2w&N>6sVn>$x75oFAF@2c}bffeZ1_)Idz)A-|BvO>Trv5RNzXDUsKA|IqQg!PQDHJ z@$PDI>wc)$m7BsBZ(f<|;cdnMo|W_~1jcH2p|YwM`zTY+!ly#;z9MuAT}cPb4D+FL zLEI>0=2Y<8;6+B8zB%%1k3JsxY=&v&0UipSZ-O9pf|ja}VUW(0V{J(qO2Y+Q#O`

UonewPLsSI-T=cW&8M!VHuzq$g$DW>&F?XtTW7@MRoE=S_5#5 zX^8-)YgN}29{_p+vHG%l*d@@KIpWKY=TWeD({xz3*S6hFp|bT|9jw3N&{|}XD(I-u zg=`=6nuSaiLcCf(3Z5RUaOJT@TTkAL-E%y+i$rfG~+t`@!$;u?@ z=yT;F1*1gWZq#d8Auby61@cAvx}jRD_V%+1T*AGIotx1NXlO|>a&!ypT$IXkp*dVT zNh-m?nviJkpOn8bx3HJ9RSi3=wRv)ql*uR|3oH=`EMZ>4dEvKOe{G?kB`q#Ms$EL1 zonNUeX=u9Z1y(hLZW0i64(;5zJ{*19!LhZD^d$y$4W5D>E6`-T>vO$3J{$x5-E~H` z6kV&hxn;;szkAZg;1Oj|I>p(?rw?De1?5ca&X@?#BX@Y+kJivM<|v(kd$WfuE#5*E z;%FO0ER zSNJ)~aeqPGgq5vS;H>;N6)nYl`J;}x?$;dPgI=x;;RnO7+d>+)zdLSB)q+|)Gy{TuH4CVpZE zhtU+*cJHRYK2lmrc;b0fXr;uqcnMYaHPkCgt80HJt>JAk*L_^bPrQs7EN=x}HQ`#( z`Q71=*VMffc9|SQh5f$MED)z_Z@OzLGg>?3rmsd@xIq|kJoFeXZLiiA^`pVdY-$@Y z23p@K(l|DxfX8j#_`TohMDoc2N&>P*>t@Ie&kYeyA~V0xfMruqi1^uqO}IWIQrCM!4>V>&OQfT zVLzL&^L?PjtJgHO@R^rMC020O z>C^H>k6$v!&dUbVk|~Wfh8i{{auBllT+!^K={IwUL7@KoPDiQ)3kiM+;M8jSM3K7N zXqgg_Vdifw{O;7clC<3;HmqM_w-9X+W0nF_wGnh~X>Qn;exg)1a4&bY9}(fax|*^X zc4vH1YOUz>%}czSLT|xV|CJDxc77l%T-pN-Yb#tI_Bns>->7=irfB(Jx)X zIiIbObVYvIqKT^D(83j0ler5cGRVrYqk8GKib^4*kQ{pMU!myTnwMhp-G*p^VRp~r zM!oNCD?UR_OreW!N4mzLK-Q(xGqp%De7X|r2C)sZY#t=ERK{C2trPZKN4|o3YrVu} zySrkcs%iJ_LT5x=@eqT%qJx7j)y|bX^};Amnr4JEeIQGP*ilX0bs@VS7Ht)N75doB z8|Yo*%a*fEu0AHSol?{L(>CakxT^CsV4pEc7qN*HUd$_P!78Dh-Q6Q^Sg3>k{B?Wi z(u(d^v591T{gN>RiUQNAfz6GXJ&~d5F*l;WK$#0>Zcv7Svm(|unsN!T}{rAx}?)zH*C6w0OyR<*NZ@YrCE14c3aB;ItHED;OK8S?J)%Yg_s zL1em*w_jyzf?EVu1xEHNf?Ll(3t;Oxa-=WM_vja(s0CZYxPLdxrSr&l~8ginUU7dZ!PMbMNDY z)O+WzT!OFWt&L25Y=_>S$ZPJ_1fD5D!S!%QYIxOHr+bKP zXVk18v7W&`@x4KK1-@ajyX85}>9y{-RRwdHHrTX$jAgQdT4p%A3P2<`2Mu;+rk7Sy z#x5Q>a27ygLVs=rM-2Dr>$8tCzg;z`+0~st8re{-tsgShIha5>n@>zewN~j;#eX0D zKWx2cSX12=Ei5RYNKp~#MQPFz1O%k1fOJH9SAifc3WP`(QBY~pYbYWm2|e^sM3fRB zbV3WL^aP01NFZ?IIrn|#eE0ha&)(0Iz1LcE&N1egV^1hoAeSm8J7V#qd(#cFn9lLW z(4)!dpCOoq8`GWA3W#|d+^Pl{@v`|jWZ z*)fc+oJ!|0(x$92Swq58-MMBH>ZJ_5&DtAkUf!YUP6pGRgzwin50L2&UN%`WuFbJ* z(_=pW9Yu0-qFyS5StWit;{DX~(pyAJnq#Qu2J5DvruxueO)W?&u7!EpgHm4aF?Y#+ ztNN--hV;jII4IY?i+#73>B&*Ed9bIX$RdzB=tk&hT;*<--}l&DzR*_|wYMq1${yO+ zo$1M-o}(Cv>Ad{>KiD$n231IyQ)L%>kjm3aga0XF!)W}LQCUX0*NzFx;#=TESJ$>9 z+YonC*oG{$r#7=ed14;m2uYvX?NPK@oW_**l>~)7k21VJRwaK!Kc2`2a;_P9g{oe2 z^g6%{06ukwuC~?Gsse0_0cEm_7jj-IVY$}`Q)=?<4FYzuNC zZuo61Ie;Gyr*rD#`}ru1B=&jg4MO<$iqn>ZaQ(q1jD^|X>8gdOm%_^dJyDMyJ5|mX zf+Gu4c)hzVQsTFhhjPZXA zKQ#8JRmtk|S;nh^qVfk_Z%!I1l!C&&6t1&kT@d9x&RyvO8D{?R2HILi(DHon}0b5+5*(Czm!2`}m;dlv}O3=*Q|UET_zKxsFE2Pe54!&VY@)UUhcm9&P78-DEY z19T<(B6}}&lWloxubFb{MUoY=$FQ~snmG!?WR}AA-4w#d?A$KF^}WZi7&|V>5swNq z;R(GRWi(Kpg1hRNJ7YV~F3k&Jw7aS?MGniK-qri7g*v7Md-R$*ce zM9E2;uMS4#U-L@68&bU@MKz2EPGv-=LmO9D9eV%uKnowb<`jz8wbzSkJ*)EnmkU@L z)=Qy26EynkHF0yrdO6wC*O~;})Ogws^dFRv$(Z|XQxJPa4#VGeS4pwfp;3yE{N zs`6I`u#}#-{QY5&O9(`rGQ7o=PT?)Oit8%a{Y-J-IPNqC0D(Xe?O$*EeGgcS*^8^q zy|LXt5Sz4eJ8rrjwNZY-AoV|vF5$d1Ggpf+3~9 ze{a5^aH5ea)0?29rq-B=43{Fo`_*xAkBSIo>X*7w0zAO84k`m*{A8oJFyeCSp80cV zJCy?dILU1aa$NIR$cgr1!Owp?|2T`ufeQc^-x_z0lHWyt-5v5d*nW&IH|VN;-lqsI zTmNqpjaE2sU~^Z}#Ly(#0Z*`~@(JRrdw$MUIdjjK=)kA$@X`AR%;F&4t|p#$QRt1V z$KyuwuHloFw+^M1ZICF-$>m!l*K*7(0k~X>p>*cY__FW_G#b@2DV7`c+IKyk-jYdu z=cyh!>5;3%%!P?BWO+85qM4r#JAh3LXm2EoNLZDLeb)8B*6O%tyjO$-#-2+Y5@z4uw_G)DY9{v z0UQsP*v5{x2AahGWq~R6vZ#!&=>wSxiWBD9^6k~18^u}9kr~U1Ot5oBg({Gvtv2Bv z9^;!m$1{yn!ne+(sM@V$9dB5LxsygRfsQO2JF8QBAhr4WTA!}Q5!uZ3O5FzOJhdCq zak)dcOrL$zO}YmD;Sw=|L(el$Je+EQ_e~HfVe9%4c~gj$?0k8NxpBX4D3wVue(H zO?%noEidp?Rsm%7Zf2hsagXQbH(vC8@65q{h?Li(%YiwMK zvT=-TeK$(G*Z7S1mCE51;FRtl!FI!98T`!G$LkB<+g|{Ig4k6qN;`@dwY?UdlaRvr zqd0aY49pBs3c4O8sBi)eo#m$(=T-;IC4$*>7ViF!ckX?*-(MWeeU`I3cTl%QTb6*k zdxpgoeC)zSxKWBI#*{J?X%^SwoZ;uUcYAU&EA@}J!6dC^uB=k+50&#Bis`0YJ0`!| z6PfnA*HW88AJ>n9M54~MZN&cMy>sSUF1E^UPgdn~(|mhcrVHq9+Ra-3-q>S?q)6ff z%;1lyP^K+%0juQ!1Wbd3FZV2LYE``+#l62{J>pi+^$ix(DBeo^Go+?i)L9IQm{KA6rc<*7g+NjNr>7#MTXuR=8ylPxmUn- z^2IFVf8G#oe~xO9372Iqb}Qb&AKcjDxI##BM3 zKz}_@*PqdWY(<;3CS2whA4_%a<;U9s+ww_*hs5Q~dlg}n;i>A)n8*91@Ud!F$^NIe z#{1b%2xa~hQBU;wTYa1A_aajrj$GCzem<%_d4UWq&5U}rkyH!zP@uJ)SFn)DA};jA z1q&IUeS!6;)us7m%TW+2Mt46qorI*rEwY6{&#O_7JjX2w)*m~;xN8CFXJDYFA{Tgv z;``R^{pV1=Z6bv&lp4(&5IJ^t(VipMGlNyJff1JielE)`R2^qr4FYnddK9amGlb*q zlvXsxw!YOuOrNL)s?Np# zF-$||dh0=!8oT1tDtJwJMprX)0^sru>dtAX?^E_QH6RM08Ecx>%ykT|H}?*>wKJ-L zP-FzVkh{+J4?Fp*Ua z6#n(ZqHJ4@?>7;?D@6(MEtvSX(meyWyVLhNq!qh13KZv*J+ry1^|flc9SC(U83wQ( zgQk}KAGAYQHQ(olTO0DS%ds*)%)k%#w*X%RCkG()H`)Kp#srYqyWK&Z zt><395BAuvIYH0zS6-o+QkGK>t*(ltczyr=AanEN`6_h@f7RFGzZNs4LU&x`v4m{! z2uNV~pVSkW;s2IG&S_!vTHtYsGW>!S3`+riit|gZHo?om2ixswy zOX$G*5cB4h6<}RmSwb4I+TcVq`flv>P%FY9z%OTpJS!I9)@hS*_{(^!my}BP>9DNp zk2;dyj#?pNZfRFxyG{4CN1G?z{|sYPmcHyM(+HxIrMj5xK3QPcaia5o)}CKpNV6z6 zQ$+cLTn_3-y=MZ7b302z8fzkf^_dQBWp^P2ZxpygJ=UzgFBj@8bwlZDXm-cp>-OY6 zCQ-QiQ`@$m&XYhhTa7jB@|Esgk);e%MVQloYLQoBze*_^Pw-e(WAzKKfjpgVC7|AjDW z9^Hod4DahlB%|n)=i;-526Mn%o1iW_#0}YQ=V4*k6c8PJRLq;0HF+f%=MLpHJxU4+ ze9N?DV1`I)@n**o0}Gq?&0{?_{abQx-_Vy*zSh;aG21b`(6sD-OC2MBvsZo~wFhB& zMJcMTZ9n;Tz*5A$Mk|`iy^U1oriwx?PoK_QJ=F+IeXfK&1R0?*i~VQ`6IE2?xM-xi@4y!>Q%8 z>29AQ04%`|!h}P87N09^eLD=~2-__he`(gTj+zoq2~lty_eS7#huRClIS_&(|5$!# zK_lHKUb(9e>&)wpqq2Ov9+BdiNG-cD)Q$K>dVuR>PmpUjp|i#%jB&(!;-o>U8nrn{ z^0>%9_d$BfPqiMv8EX1csj?(CS734%pgbve+=9j~hvvewbGJqZlSqs9vJcPc?J8_4 z_RFsrM+KaC@~^oXcV0cWg7t449EeWLCWy*giKd=xUop`HvI+Hcfx&4#^`5nU_+21m zX)Y9#P1b;B%Zu7lT8_VeEI1+?t&EUulHyNGAdt4E2f_~Z-~4KSv^>n_urXwNmQ_{N zca=?TDmCAKxWR8f@OjGwV|7(S*_D)dlE~s|HdfU1-00g4-{%gAc0qR>%=Y??{+^p) z8b8luL)D?=)S3Nlot0J##aqD_np{|taS?akKtC&ri!B_oUD0hRTg-233$1fdYj9QM zFim{g#3V;~{suG`rUnnmGfTVo9bDf2SzF=+D%5B`#~$?w*JfR-e!X`4xKMmHPImod z+UlcL{`ITl7~$V(#`8gWJ-v>9H0{VzGRRv|ATS z`k45!6LXSA^HIiCNF{hqmtn z>pI5W$yC^+!Z6)xhP4CEQ06vS*CZSFfE{m;=HT%=L6Hyh71JVrQzZ$$~Td791{;Y|x)na0v* zn8uow$g#M|HeB6Xtfqfz)*cD9=bx|4IKSI|F5OknP@mrWw1kjdME1!EG(R;eNOxz+ zgaPlGoXt2gF3${jvFJqXTlqwNH?Xif1CUb`{?bdWh zg69ly0mt<=mR z6K>7eMI@NGWStBL7N6IoANcD$6R_c|&B-$pU_EIjMtSn6^_;5+w(;I5U%UjSLkREX zvruMhIGvJ`!=J`8wyA*^`8uRrUU_!sXEzM;9)JZzGTnR0#-5V1o@ofS2Q;coLS z_<*W)cqb3+uQbzLkwFcYU|`;El)qkxOAMLQaC+iI%_|bMQq80<9w*sF9EGHxm}=4h zT&m=_&Ccn0`~@tcFroUt;r*+b6A8L+dZ9C~&keM6*x~cZ*1Oj@eJaw`8ZH}ZliwFw zspBD6XHGF#tThCHy((*uSKG%KBUd|ah;^(*0BfART5t_^9HU9gEFJfHUH@6CaR2k{ zu{T?rMgy7SYmpHS;+Zss{sV@)Hi^1t`e^zRYi{~E-Phc1xlxQb$Bs4Wzi){1#KyRV zHP8y6dOJ^SySMLNVthx+yedK8>lHMiWii1gbb@&vXICEK`H(fXb|8znN=yeDiLwrp zN@3ZU68;md!a@s76+D4i%QnJx1o_?mt)(^2<<^}eSM)Z+sZ$o_Erhno z-O9-~)}pEIBC%CZ^FTt9u&ds42e(NhPcdv);;zD^^|XX?*DAKcqPvcMjw?&C#YBn^nEsj(e^M`9ODs9mX^_tuSew+qnQ#`;kRQJnUq z>DYDKvEKYp!lJXFuD?ySbCIx~gLd_04!ejluJ3n?FIRG%k;iX`Uur&uar$K;al&Fq zqxoz)*{joA!R*cj9)aufX9cgEFtE;(qt6aOBq1GndFhBCI zDdr@Lyu+ytWh7NEzS5~X@FHx>`M(cc9fr&3k}iwr6TEeY;kMPEV2&Ef+p921u}To! zFp{X7z-M_AwZzlfUVP;5^R>*@#f@-T$@Narj%CJu`^9og@kLJ7+d;|n79q#T371Aa zU84)rK>xxNCS60_4?$@04{Ltjb&YYXgnxpIMkx(#nllQ}w(-lY6KBMo+!Rs_G;xn_ zz8QZc7p}oig?QNjXr17vytnu0^d{FJNU0>8h5S9g&8NHDduvBYK+xJ{t*{n|BBIzuA-OjB*ymVs`9^H0@6uoipt_QOcYOHxl_!vVp{cjKZ`1 z9ie7pbuI@nE;WE+gv}0*Gr3a zVG3B>b`S8fudJmhX>RivzxcAx)AhQfdz!n?hVc$S39{bu^ za!Kyt^m*iweVUJQCAh8bX>-%W+yzhHhcQ;5R5POO5hmxuGQ(#Ofh+g#{(3BKl0C2D zNha~^R(YA7A-3APlL)D1Qp@I*>28b{>r!|nnpNO8AEe!! zuCM7mdMa>DE#trN<^MjDghZtwqui{uK2)>F?3Jkse#qOg4d-R}F(R!O=2cc>)**De`=C;o>-de_0F_ysP*=hSpVfM^fJuj8Vb`f4zf=|SqQ&cIZL_VJtJc>E1 zw_DtCayG8%<>&VK;lzF3AsTt()F8i6KtxOq07In-qDrap0e0u&q&$x(I`Egmu18;id-(Bt&r4iAh z>(0e9%n|X4L9TGAu=egdbLE21Z2G9htuV5fJnk^wqG!M$^+5}wpceU-P~0?owMX|{ zV$R1%bRIkX=ydQvMc*hI&x%rNmv?)CGC3KE(yly<<(=d`^U8F(pi}vuvrS3cezM_s ze#lTNpt-NHm$|jV*VSU(@zQjzC8bmxmK4#o@bXrQ zRLXegLm0iItFOCqoe}>Rzu$YHL09CD$}@{FfPR}4eUR*8X~FvY*^z(7-qxk(H$jJB zh&A7?$!k^f3p?Kv4Jat#N3i;1g9N|m4qp?wep_3iXvMMa_g=Ntlr9t84^XfYieva1 z5iRF3b(QS=<$G$>^?ti1n-(S#QEGCviY!UM=Ij}Oce1~8dd4f`Pk_(CfHRkN;&mg2 zSAI29)Gu$Jnjany%dT_Eoj7G0{8r&Rqh}hIXQ-73`Rizgy!LXoo<;Pn>-v|%4jBD9 zwinfq?xt-Ktu|(ahjT;krI!xoie`atP^mbvdNSOOX-)u}k+5{MeSTqyEqEGdqhLxP z)&J~aL73HHAZ5sg`O@H3tRxha$^3VvAeMR6Xesq_=q1(BfVMAw92jXGJu|0F^Y={Y zQx8T`hvvr0oBPUHD21cca(Q{8wSKRQzDopW(X6mJu3-`C328B_bdEo~xmxDX#^vyx zLClW>^oF?HHp9O6a+Dh6y*{q4<4?#HM?&$Mjx5$sHxCZF%h9<&OEZ+t`MTbiH`9d% z5Or;>c(v-n>Y;s-W{5~%gEyGNB>7Q|TUsgnsoQ}hfx0_xWcyn7GR4{t?}o6UFWnjs8}z+c_~%5uSdY!SZg4BUCm??RT!8u4w@V^!-OY6H!P`QWKpy zDjV~$HJseB70CpY%jWvMhoMz+!uVzE+Ma^*Qps3j=VHt)OnE+#egeFxpln9ygb|?}`ofg1`yg#fwD zWymV9Znd+J(l=Y`VO-obb?{*0DN!(?*=97gmJd@b&AUq#>nL6E%#~W6z7NDBhe3wQ z0Ozjm`y73pm3?|IA3n83;JLxjDRe=@C@?X*K?j^s@+vS2G>|-tn*pmXu)AU7`Uv;i zA|?sfKwfP->#hJ9_czMYcSV))Tg8-Q@bNV1b#R5O!DKi_{G|b`T@h~iJFuYUw z{94KEq|Zu;cVY!~(_KmJ4Ab347Gt4H%lB?OMvx}7NXl#Ub3Zoy7zZu>&933U&QnMd z(2*^&CFnev%{GYmHSq7EoaJ{42&W{^L?wOBY>xX6lUN?7%J1&Oqn*DABmD-96B(zc zy_I*Zc&wRnQ4xKg? z(&7<602W+`n-elD;>}^%z*egM`-7;W&z6eA(}-cBDV9r~&uL9K<@M#A?CKTXP2mm5cgcg)`xo0C#(y(? zBIDVR@GkT^L7ep~%uy#^JXIy0OX7_+Pw#d302@TNzOG6ahF=$pa4XM7I!aS0#NIcL zM`h=mp0Nu@T@BnxZVBox(_xnNc0S|YF$6@ou6hJ7{geekfN2y?CPVUySqsy6baA!C zE;+$?92F$?-2qT^Q(QTZyd-*hac5Jt@5+r*%yJvJ$Eg0OZ1{dI%jOG4+&p^^eh`#n z^+RQ5?8+a`?w{@Ww(eAhX@MmA=tNkdfHdWorpyPSByypt&FVAPV?P=dZFsM!n6Bl*0ByD5aXbLciT3^9L(&hD(ylY zc&wy?xH#<7cxSf_hE{wwioB8Hp0Ns)V&f?d7)dzY49GIF96R2-Sv-BI{Y+OE4k>4| ze6QI)g7ixZr|hR9FPJ#@W8>h*$sR=26`3IC+N#qX?l#ApZB}r^$xr1qrN3kpzS2)WRt}!eYcXB2 zvac&jqBnq@_@H$e3rZbp2Z^6$|&xq4OU=nGxeVIqpTI`mh$lVsRy@3dw%c$R)0X&m-qvIjo;@-IvuiO;t2rl}fOdnhZ2B$o69Vi_5PXV8WRc5fBjozJm z)xnuR4nI;G$4`iNi13?BA5TflXHB|JzxN~m5c9>y@ZqzOlSQx0nAwxAhP+Q)*sz?g zwj}$yf+i?zAk%=_EnBtB>1v>A$cX5^Y>9~aW(^I^zX1af4pWZmvoV!AJ_?2RS({%~ zZjhOftpmoz;L`+xU~6xqVmFqmGSSydB5YfF$6?yb7k=o(h;HSuj_#-uDiSGqe#OoL zfCwhdTpTXu$3DSoam60<@EKgl=!#Unl`j{CGf3tG@&5uI7-ePeuTf{HhDdLwLAG5} zzCDoUiu*Va{)eQd;qphtiiv*`=Qju10!*8i$zwiCYO3E~g&J_|o`$huXk z5yxxE{ftWm9}@8uF+v7R#*TpjH3R41lw|l_o22Zg9)4|?=V&cJppakgTZm=w3BT~q z)zk{Ap7&JFgC(ZVb-AC&h<^Uz=Y^NMU&+UA?f#_gxv&4BDRS@l*IDN=TN=HuPEJhTSB)29_JhCD9u+jplF=Nu3D_F7hves^DZ-$N38XY$O3!aJnVo;`7+ z6}PP8rWHp*E~@?AYG0wBsfYuN(8c|X9<)S8*M`M4GBSWRq6xUt>$13!#GC6e_G@Qd zRM`qoaP)Gw2jz3xkmHVF{9{l7Tl@~4JcHeM zq|>!5mhd_1KG9auYXgVMqaKX%AGpkO`$Y`>XM@-~{u4}L-w$$nW=u&pCL=n$~KLsI>DL;_iF#{H!wmCnR$ zf2xZy8=U36lsx62H2xQPY2+oHUr8WrsMTwr1M|!jyul^v=^`arUlPt4KyE7BU8;CL zWBBzx4=iIF=MtX}jm$FEyDY!+=|?G(IZk6jJts$6WNsu?Yk6!{h-XSz{KV20zvP`g z%wdVTFP$QE!^FCJ@|G>sLE4^XzqYu~&Tfg@8ykWhNLzbGn}Tz)wj9z-(q62j3yFH9 zXoGGk2RLLJ@QxU|ypu?6pO#%8(QBzS& zdV%&Xz{5v|Da4QHRq52!EZV}>9WUFwaw6)00iD(cQ6Ik93qzmzP07>&-{AYH=-48YFFlC+HK@lgS_>MJFfcwE3&e;;8&D;z}r-5f(~;=j=~I}B%ODy92YjW zDh6VJ5^sVSM;=@J;{~ApV|I2=EGn4v5c0!S;Nl0^={JO1$j<`&yRo)X+-EaOC6|hgkB&h2)v<~I5ES0D z8v@n+P=WsHmMUb<+;}v>(P2o*3Y|$~>LlZdf_rf$cM z{8gG!_u>`4@G8*3Y7iHLQZMYp35_XG)_3a8v_@o47_u5pdgTYc;(T9_nqK| z$q3HC=sHIq3*1Go6IAFas@}5<>yT^UY;%6amP!Gb7w3$e^*EfN zEVl0Kz4pi|5noKu#COUyTbKxJs}; zAl*|Uo!5)4%ZJ;$5|o{WkT-R{b4Rp(7J9F0=C)DemgE-5`Xt*#od;+`(aURB~dIpr|JJcOOz^VK6iSIxgAI6 zc2{zyg~2>#@dR>Nc|}bZub-wL-As2887)e8I6L42!LaH6dhYs(iq$BOUrwuBximNXMyn1o@^DP?VyKWG#G?+QYu*CPgELv+F#U2SQi;qytNFFNGT#TXRfa41h@q8JGTp{=#*OO}?LM=i zEex2E6u3FxK(K50kHd>C)eLw{GDrL;nI>@EN?%lds`sR*Pd5D>f7W&H%gKRQkJd>$ zd;CtHeiA0M4SrZzq~~p7G21o23^GScz&9qn?D06F8&?xydIj;|W9k`%ikmjq*=ngN zvYMZnVgM;SL3X{+5z-NK;8DaRcx37#rskWQ}nm+n@$;|ET5Dr6ldAd8WV*qVfXYZa;J{ZBr==G`ff99PN^u z!aVxa)^QqA(DyeCYVcp7KKGc{4;B`5F_|;E;EUSHwYf&k#+@Soub*0+=fh=pd{g9@ zyGsw(Hut*he`)-Rj_VVxMqQtw1@6X$&Gj;s7xSrgTq9*EC;Cw<$<*ZNVKS{TEv|;w zyI&$EW+VBE8v67br(ndx}fyiaDSH7nNP{wnr zBe&F?ES`m?yV0JkFYG~_7y3l7?1G%@K0cJzij}Act^XF_fa`<0W&~p~ z(chL?r`^A;agS@(w!5;l9=yKlla7*r%a!8@F(FY4DiysNA+T*!awb$3K@xXeHm_+_ zvG+nuDP3IkFd?c~{O2IqcO`@W5>RJ;YH6sK79U-@)^PWEbvyV$ z{*JWnUeH6OhO#O%8EOi#n1avo>fPA+{_V|h{jJ}pBAxcyW&h%aA-2Kr^!(%~Kq;fk z^LUs3>ibJ?F0kXLoFFLli(*Qn(QGHevm=PaQ+DMPo~Pi5Ux_v>?8IMI2&W; zWiqpOS4s{9^k#4sL37F2NDlT7jngdm)v{7V9JgULJOJ-ZGwRW3P%E-`d z(VqOdw#~`Na+&ih+YVNAxYd`V;oelxz>E;HUpWu>9afFzoG?}#fy8e?Q*J9@LjFt( z=6PaJ*^TkJ`R+L80j zdLZ!L$8>Q?fR4T2he?FOfk=K|mrs$Gy`%-mYu2V2&SV{VS@iYSVW=26O-3_kEV+&O6UeLD~oJxo{MG2eiy5v{Zll z4i_l(ayK1Xn$1Xu8@%eaSNRi!;5-`yi(4YsLKtyJojB!~9dN@z)xt@x%HpETJ|Y$o zpn#la`F!=}t=nNV=N?78uETMIHvuxN6n6d85z+Vq%9jW#|d}Hm5bx1BJVt z8ef>NbC*GwbcLi=V(Bo?Wru6QQ5uL_qsQa*4tE37H^Rc&#-7}O@7d=17RM5<^4TMh z&H3o|hs2FX>6_yPa_&FztgJqVEb6^9(h`>tk9t}#?-u+5FK`$N)P_N5CJ#uXpd;$- zCuHpEz_rxndx903*kvn+sM+PWc=p$Lm6=-A|Dk%>sALN}dlNoF{>F*3ewV`SNk!dv z*;w^_(!I<5FQr!c-DO_4#!N_n7$uGQj7&Hl0&goxOH8{8{Jm}b!f*G+=Q1nhA&AA_ zSbYYrMo*720}9jGC9@lOp3`g(Z7f&9`iCGb(+rF}e`v9fFXC+c#TT8;q1&H2qFJup z(aS8=BV*^X0TY9sztQdA`DHzFdN@TvN8e-(5Dk8-_kQJ}lzB%UvuIB;o!ONk=JHv? zIFpXBgI?O7Q=eacWN2JZ*W6lb6c7?OBtO9#LlGQ+wVUTBb`hc-*3%5KnN89qQJTjc z4l$0qTXKC{?dvJt`L43N zSo+?-V4eS^M%v|xpck1linSWvhgqA3b5idvMH=BX=3rB)T)02dF@dynfD(Pj#so!` z`hP>1MlwyPb=$+7qnTUtZtplh9^Ge^P$Qm&t%_TY-ajP|zECA1+tUy!}>scI5hcim5%2``PMLROoT2d7**DI#?RH+nYke z1;fI#b3H~s;KN?{Hs1CjJ`8wL)ySj|3G5r6PUJDe`KL zF%{b!Wx(sw2@7#VYI5&S!?Ei7G_&s8IRQ}FnxIq$G4uy=rY< z^LMYQt9ycI!*DNe@@ODnH5Rhwv;!=}6)ENGJtf)Ykw>AA>Yi&X<9+M(Odr3p3p8%(5QS^e%tKC$Q+n_?UED1^> z-68<})topDeM^mx555;MMT&Rt)DC4l+!ePgY!}>y^TsK2yLe>)KbLtRExBhfz-JH- zC7zvPrh4P?K|Tx1o<{|?uUMZvU2!j-40;|%cs|-&E)EB((lukothvK>P_*#0O(yLc zy*4)QQh!=DWl$AnbA7BHm*RuRRPmK~S&UC&EjRardxyO4j;F!;qGnwv0!iN&zaCvgeOZ~x?RU09 zK6BO^>lm@T&QkDkAnSY>X4);)7_x^gEGBFYX874t=(3wTPb)389{9s74SN@^v35UA z9ouV<$FRHdsyV#~@2V>u1oFHH>6APFNe{A3YB1uk6-~H_u~D%A5boVgqU+vg z3F@V^^ge{a`k>0}805^?xmHs7NvZXaweLf7;ch2Nh;6l&#STEMIB9Wrt5AZTW;4?SHAlc% z1=OWdxtKuaC%`wM`0qYEA7H(ltfgekz<6)6&azU4J~1>SWSra-fYR9ixkTx8EnMo+ z+hugMhf<^G%sA4XJcyfaxkn4@>pVhP_KG{>=C1TiOt+>`NWnbW&)#N}<{rV-2c+r9 zq1#^b_Mx)fdH5Csi8d9GZK?l%!YTPrIPIaVlj8rb)BRs8Dej5~IzBJs&K$G7KgIR< ze`g+_?LKex>Gp0_O!G@E5Rt+Qr}3oRT{2D@aUP!V%TTH?VidXVb4)`sTtD$!yQv3f z_BYRdefN@yMCqI-LBT_JtND<&@4&UIHN0PDN>?Ppf%Z4hO2KuLvhAaerLy_6VZ$a$ zfp%3temY8srcubV9~~l0;vdABR{;&dI$|JOZ=v1ZPf-I8_)obDcwn*U#Hbk$1O;d%=E89y4{PapO8USciLjhAMs=d zeqm|rZXr}Kk+?T$(+_cE4H zme|2ZqWG$BdH_C?b`;Zkqvt$*XmOE=wO!Y*gJzo`YIBwwUW2($_OVbRu-5llA|`JG zSX$meq3rOj5B_q~7b-t$yvi*xLtK1By&Hkd4u75gKjU9l&mFEFQY#%$Atf9z{s?lP zdK#*jxcA{a(?9~2wz!A#$s>Jp!=z7z!ndLpM>9UI;c{y28C`IJiX6MLpX$Dje4!`= zeHDnEN!u>OtIjF0#ZPo>|KXd$P0skQXU%iRO$Ax4|Do18U-L$0k+wzen)7GcyGkhx zyu#Vsko$aLu4QXvp})5aC0`-+a9Z5A?8<16aqUK~F|RO7RPC9YywJ$zP%RfeGNtC} zA}N3Hba`49V;%yMw&a;|bmz)iXtd^&oz;N!O>g#xXZy*mi8b?XGsi9JIBZ*t+WCoiiE6vC}4!``Z(8d#lH$?XFc@=wx{{@pE(D!qL%~FlC@G^QAR49W=jgz=A5c zxWu4bxi>#((i#Y+)jewJ@qIy(9vl2YHlXg9g; zw~v^*O@TW%TRZyE;<$f~CZ+UwTlA7Mrm%M9qL@)gpeDZNAc{?zTPP|@1ZlS!CsO|9%T(>Fi@mf`YZ<|Do)y1FFon|6xH|DM7lVyStG_ zy1P52yA==+kd#L0E(vL*8|m)u?sy-Z?~I4JbMO4#|BmvUeb!#lThx00%V`<1%;) z4M79zZZU@kFJqDqHtAT|&o|3`RNnUoxct~7`5LH+FB`qcGVXlTleuaa#>h&=Nwtfg z^*qut#)QBr{%rmmw?qaF|A>gSHNOT$BtwV6+L)!o)+6-#i` zJ+f-71JmGQ$}O>?s{WKM$KvG3|GLuow4|siy`41Nv!*}3^jp1}OC9#fj4P3_3B(z#O5Hc1 zx%Q%A4I z?C#l^9h*!`;n;Vz7f!onBJmnWSB7?sj^ks#idnV6QuaG6Gh-N`TlMtBbNA8xJ+XG zD)H~?-?$b^^}9KJp;n$A_m=5YSf462&v@x+t@>T{52=R>15ty^6++b!$D8TjKA?aG z$x?QUX+10=y#ww245pvFAgKZ5@8lN($u!)jU*2s_Ftg0G@DM4vL%I_+*@&5oNY0LN zYL036MW!5N)EFD<8!LY=mI^PYvD_=RhI!HteO-~%6kGM4&4tY;6yj}(Yru^bQ5HDohVAZ|n@NP0 zJCj#}bsb9YV9PZA)j~K}xfw8`Eom=5;2IC8aEP3CNA8)E+wi>p!TFN8F7MkIrXlAW zBW-w6`%FA=O+?6s?_ZnaKQfTYgEQC1+u zlED~=wSt1^V;xmgdU_U3(xSAHw^jpi)1_s4>2TC__bn_(W8oT^UzKlN6ojEo@!9KS z!&KP%5HOSpcHvq`;|VG9LwlwiFF2{yG_$*#yF1NM z_eIA4q^?Emj^>?>%y9nX=J+O-@TH}CL=-tB<*=E%jRfmNLS~J0V}fD;+Nt^NjYe{c z)7U-hKt-rqRc_kYr(1cWvmaMu);w-zY?zI2)VG=OLFGYk1I{_TWJGsMIqe*UE@5?{h?7UVW5>Htt<_=XXw}4avj(PKZ_X@-8%KKa*t*CzIWNzWv#t^ef#kB~9y-CVTO8QC}xw4tJb}7&I%ywU) z7{ImngZL1bD1N|X0V#D1)3D)Z*2x-7TnP5v2rs+IjD|wTIfmYuxYz0h@f&tM&} zqLvFDr*Ala6>^#qz=0l{`GTD2C}3>B#2^qk60Yx#55G-ml<ro&Orlv~^ zq{TVxu;H0<9i)XkI%-Sj*(w0;)naFq7j8Y#1WkBhgmm~#;ys+kpj`KXehYu=U908; zym&@wqtqE2u?8H*JXyxs{k3n->9%Fszi14L8jdt}LI!B0wM*M1{fnpkt&lVKp@+NO z5*&xc?E<;?&NBqx51i`-tq}!sUqzLI|Mesgbg7E-BPy|9jd9>fO*xCD)VWR;;W;V; z7yeCAQU0tiKOBT1q4@U2z#oMdvv#@j#RcCLh?>$s&wzLI_FXLa85sY9`?__&wYUD6Y~&QBjN8^rne0NJFQlguDv5=?%=;7w5jo# z_G$1?W~!Tv(lDyMZ;|E zGw5^p?=4-giksm;S>WUI9%AHHKUKb%NEUQD22iy}0_S|<=n_u7P8HOq*2O6kk=Q2PcGL9C_D#tt3O(69$Z8q_oJc2$9;c^Z4gZW zW#w<_WP!7aUW;TCE0{|nVsn9XeLV3EgTsK#WJQXel2aZ7{li~h{+;^)_a$i~7P7q! zB~JZY9=(@)qYhjIabpxEddd}%od=`^66DLj7xXQGA-?z^QNhMiWr1%fVTF!O1>!|~ ze3T$?`WpBGuq=16C4NwPe#Hgd`ETxkeB!5u?2N{G<9YV+FWv!vWk7k0!Tn`ChcOeY zHLtzk;||CbVN9VLmN}6G0;G*IvYG*(Tp0{_84#{vjyI$2CO}*_}%?ixbcA5eG_d3Ac z;#{Bf4{0OPZl;@PpgRV|%%9}90@D}l@L6T;Up%F0`aP!UVY#Mm@G#QlF_wvs{z@O? zvVI>i{Fj{}ZK#8Ly~qrn-4U^TLg**|^a%sV_JDp!ngvr<1YWC>M4^23TCQ)8PCP(k zjlb3p3I+;(^%FSl=X$pVOG(1A<^-?SKq29i37H@n@X@pc@b#NdMVJ3^6%bH7w7^GQ zm-u1n0Kqs(Ji^#t&M9>Zn>m{E#1t{ZkddnWDtO!WKjT_%%?E)z60@KU> zt#beT2?_n7!!5>~sTLVK&BRaw{zayw^rJcQq z#u5v<1pQ52Gq755S@Wmy@-&_^rl50GK%e@{ezhtSG;_=4P2lXl0T+@rw+yFn2erh$ z2ymZyzKomNoK2LiM|V(@{u}R~_|lRskdZ3wgq_Xmk&svPB#StJm_FZrl0m~G9{~Ma z61#$8eAW5?QIdV_G8+$=_8} zuuMqG=d@?U?4W|`*gx*JB-SVOv*IiAQT2}CF%V*X_@g0u0n4@9j;WYFLhbbE-3R}; z)7C^Gz1bTb)QF4^zn&-?DcxaGSL-nzPc;|lIQ*-N&Ezr;IOc3-{l?c2+G|{ z@6@Ga^Z0PrKplk7Dr7HX=8I_aOF_}6ph*5p4?#4DAOPG;Up~38jO(=w1OSWYh~%{( zcT51!{S5Hhwt|&^;Ruuue_EYi|L5`yI5nk=0p`{SgU+qtCn$pG^@3)Z67)8wE8>(k z_&1WC_#(g%L#U4LnIe?D+qd+S_ms-{eO?B{ZtO4U`=ZUC-9pRbI3{NO4#)l*WwD;{}FYLH-~HbvdnZ z{83%QuJC{{EPg6(@o%Ce$O8v^@F2);gam%_>25HSn4qh@(`eEI?z4!=npfveK1zuH zNt6zRzVDs@acUF*dzk+ijet~A=QG*j3X!RPH~5qP-?mv&;?uWdT#(8NY!Nz84OC}! zJ;BN)b5AQtx7kwA{vBMUFJK}lM|ZRf8rNP#Z#|xJ_HZ+qH0l-6iGn+6IrTgl*6$mu z|4p5Q)CpcSApl|Klb}gZss=BCaJ4Thxs0PT);zf7`M+(DzbPEJqkFqR|N9O(fFI6m zpT_E8D8Tn5ALk5H{o5iNIsC7E6mtzFc5~=K<{bc`+YBr-OT3AMRS8NomNRrT6sVnj zWEB2SkUk_3I|#?_rN;1*%!vY^wK5<-Lz{1uSGtIZ1wQK0wSD6PaeG(^7T+(A zG;&F>X>onC&dpDLd6{5H;@_B7lH@aseAO8ZAaRd=hye6)7~v)zS@U$B6MXS6JBddB zrae!5U0xofk}0+BkqJbor2>>a8m0mUvGls>rzM`t|DT;A5m3fR=Kka(-9ZNBi$3)N zor3vOfm{Y&&K;0}Euhc*=G~H#k7Vwl+lnb0s5XDoNXzZ=7!|42KvSv;U$dZpJfjlS zYW=zF2G)ap00ySjw!8Avf%2nC>S1eEz}6JmD0u%}4XpsLc-JD|6+LC#Mh43B4MHI5 zJx&{e@{_OaRO4p@{gHpNs01_MK+sl2KK&?x=y?X4%1!eCw`44{!=|v1%Vx=P*nW1<{iK)%zpVx+Yc!Zjt7oc zLWiY4X^DnMJUyFNskEHKDc1Tj3u+A>TMrDl37jwUHd3rJFJc}&#h(Pjp3v(J!!mW7 zA@?!r?x*B0&RD>DT<@~k-PfOYhKBP+8lUP4`MHI997Md5S5Yx33>d-!W#D7Eags0W zYZpvrq4XI)zQP96>dzmQ`isxYi%3Hvz!C(s5O?R3k{l-s{wqx%uDd$$J;`%7;~5vz zP?CLfsZt#RuJCF{fBj@w(Dx`Z{0%7bovX^#a=#j}$bpB__q>$-!(XRHq zr=~0AGJGVilbCkbR#h$|OdvBF|MvU*+;9`Ov!N`TNCLT}^dS8pfGzZZxxi-pT8b;P z*CtwQM)IH%{KSwr2!VBnSB*x+vmIR@I`FCHz3-DzQPFye0_O>Zm-nMThVVtu*yBe9 z)KGTqI{WN6Z|M-THELKy?KPg`iNBG43za=(SvlqgI$QLy*a>t=e4l)fZ`(5&ktp{< ziZ&+|d}LT#-}^KI@^Ig15pNaFHv8qr`Gp`Ho@|EP-vox@GRgOIE;Fl@=r%a)PimZT z9coi>E>Ngd=w=nfyT&jp7DS%-y<)t`K{x7TC>GN?gk@YQxGcLjvL|MtNw2WtWM|~O&x3;%emvlC(4 zbZ_EeTsj#bwrOg{gD;lap-QJyf3@77N+sT9R(PD^a>KBxHYC;0w~w=4sbTW_*4<-# z14ho5{MkD@=+QM8qs`bbq-dzMZ65&ZI`BIno&_?Dx(UmN*X(Qc z2K%8a3+qFCz2Qz~zTrxIIWa{hjr~>+-R&EZa2#4uTn;tkfx96GPvd_IivIXNBzUlU zS9#$buNM&U6$3ZL>&6y;(@s^fruhhDc)%%bi2Z!HGS|cj9upIDbQ0wq)5v|76CE4N ziOp(VHEXoQFy19&WUw+!mlCo2tT>v~y`Jgfo9T$!ko~>|F-g9tSh5%$2B86++N;sT z_3kaieiRMQ_x86keDSZYSgdEP?Uwt7SF4w0A~G^EA}afSfQtGtf*lkIUhymD&FTaY zL?xp{n}Z9ofI5`cK)|A8A7kx)K_o-Quh06!xa}g7Q&B~c-5q`AzHHUW`1+NE-{Iz+ z=StA9b+irJ#|XB$`+Unp?^5PT^N}@_4BZWeA&VRM$XLD{o>~hnvf6cR#m0$eYttri^>! z`-p6vD@|kGnmEhLL%M#SkviYN?x11g&Zd^st+)JnT*`Ak{zkp7e4R~Q17haZjbm!t zdwMk15C6JP`k%-agM|=_rrhm{mXI~i2t%6&%`SX%VAyYr zC9HxauqR+2#NfjM$!a}8Fs^MM^BkK|7SHPdEH^jzQwtgXtK$0O%;$+m-)2rPu8&gP z&!TDgxM{=MlOw112{65mpc!4d`H0g^6%9FKBFG^H!yioIPmAMD7)a#&nA@3nM0?sbl)C-5qvo0Hk3csUI}ImGBivU)1P zFjw)in(z?ST5i??e}zCiDx!f4O(-d^F(Q~swcEzsPl0&RV7G2u*QMsG65&em|H0b7 zygmWWLnLDVP=LVcwgh|ZIa!V*-_t&j^Vz+er)bIF9o6`HkF2#n|gv}MI_q-QViy)=gZKmGQ-n}bboi7 z^({(v7Vl0}OxvmFm>we`k+b%6;qaSY8w*qR1H1}ow3-VH;jsV1r4u3%kSa|@QLua` zg4fr2^dP|)_}!8;_AW$b`_)Cs!-yCHEbtI?y2$JOdeJ$LWk*|foXDgkYLis^B2DjM z{1xwG^Oe?I=bklT8*%$6Eg@)MgcL%avn0~^HiNG}>j=(2rTG~mIyL06d6H>(yUA0I z_gZS5SE%S9-zM0N{InZB;p@COL{b0WFb0rH48u5$FOX}@I0Bk`@N2@bk05mzXFfz# zmbicP6fKD^tf#JX_{+^-?oSVmj1U7bW<0%lwi1AC6B|Eo6+tB3Ai{ckRhna}_%bAc z`h5$~&*82~yZOF_dbVpvds(<~%b7Z+kdKebC`8A?3b-TINOo1R-*DYUQ#DHqjc;eV z&HX?8G*U2-M!mNR8{DrVg_YuX!cI~5aTv{jXF4Y>Nq(b*vf&jI< zkNu1<1h~+z!l+opqr%nTB*YDn0Rm%VGx-3$o zYkR5E&4qs>Ln@g>or#UcwN8?`nx{KrpXss#85yaDGj2^0PcmeG13%3yGC zU+WW|-g^&y*QGvFpG)j`E^lhffdkhzi^#qc#>L*^)zOS=!tUIex?IwN5LYStWv|FA zk#&f9uQK-jxYwAhHcG0jb~2;3%S4;{IF#p@dw-HRIey;*x@|l4{dZQKO$9vxu%hZ6 z`OKU4M4QF#{Gx!Lrq4I;$_`P}o;{LftJOvAT7_NrEqlYdi z21i|G-=M20-p=5%r9UjzRdXIh z`h-$0caz>}z_3OuOtSw%>>pcD_oa78rW^%s?mm|orL<3Yv?mw}Fn9FgPPv zGU{d`o%l8S{&H)(`Z88y^pg62GWi?0a^J1$uAR*AbBWW8AFhw|lV1#Gg2hZ8o{(Ir zLH~!jy`fl42+dc^5$E$z9WjTvj~ReQ4i-Zg(r?}KUaG>1%$6F|4pj-Lsa5Y?Ve7Ic z9{xBU`1v()THq=}~Bo@~hrNKn~s~ABWr*@2(fKTWRAC+rgin4KsFFATEI6JT7 zRtb2~rZ~gSd2Cw=iHhd;s6NKTW9a(6BG@lN7wyK~~g7ZC9CsUcEe1x=(3*6IN z^E+0#34SrHfiI}oAMx}F zG)C(^mim;xJPjfF%f;u0c5zFn4_2@Ny+pn6Vxe(=Sw`j_`TA^635(ugf?hI#8Ixsn z)Ma{ zhhEQ`SD+utK?z|vlIJqyAG7lDVsF}#ex6=d95wm_mHhk9I(0_??!c*eiSk?mI z-Vna~wXhK+!s;r;F=4v?Cyq-Ap|A$XMcWp)M!gw-!oewE7~|={SC`p&uAt84lQxxk z-R|gI+*n(vM`S!E{#}-j+{&@-ny6Lf1jEf@OtKTP2=V>o`AL#=oV$9HWNwNg`-1`b zEe04^u*9`4ZckMVNk*-_o!^yE<+h6*^Cpk3En++LO8(sdnI|J+p;P`3yKmJP z9etm(qP_1o3|tQ45MNPJnx{pT-h&bXLKE;2D%6J$cq7367y<^RQ}iQ>HxR*b{p8y) z!@3qciUxiPhQ!bXZXk9fcmiJo5M{}_{Bc~TrS;I@Eud%=V7Whk{uGmz77-NmkHoB~ zslign#t#hHyI~tzzlGV3(7=emf(T^i^u)@V^~6xvoA8f59Ivj}=(=|Y|6uzwC?u?@ zEb~pYQ3x7s6H((mO+sSg?AR*A|B^v~Pv_+_>xSbV(+#YI5m1Aa|Cd9>B`hEYCM+TPxdxzl!P8+F-< z8KswT!`<#7ZTaCd5^;goiogLoyiXxtmYoH7e1pXO#(lir+70l|-rSELKjMuq{x3fS z;{_J4`C}oHrb1~Y_JBo$(qG>Hp1u72BUtg1J-~&>P{L?Xfy^aI3W&YZ0>K$EPE(8P z3Lw(woCjvfI|oGd^$8;*BMIVIn3;o~k8x^xw*aA1y_6}&Euu%M0nAonJZ?qcNr$0* zJdfkShj0q8JQN%C@aiwwH5JR#HVy5N>&gD1Bg9Ew-QpMXWcal->;DTQ02`mbcEnW| zM$MZeAy=Xuo{MtSnpcPy_(uh`isXqW9?fv(>(k2`iC~YmB!(nMdJW#!*LShrL#H?M z`BU}%T8%LwQ-bAvAfl6v8%S`(DNv?TF4FV`qAiu=0r39?@h~5OV`GW@vn)$CE!#$o z>Ar4F$wxu0EWu}p9j9|kcTN(8yz60)-e@dI(NL=|fQqW|L#00iNnyH*hc#zkf4mOG zWJ2q}_XgkE-g-+;hlmye8K+}Q!mIHOlA+@k-usdh@4IlU>>lg%+(-Vgr1=m6LtH{4 zqQh0T`Ni3DKH18PgXMe2auRffN3QWP2uff(Ym28ObCvseCikW+H>@FPvws`G2it>G z06wK6+=)UQ)qFe2RX&PW&}UNnfc|&yd?qd1Wo#N>?$=+3P0dj#Wa;0$gH^3CCmAbH zE9~W4?kzu9uu1)q_v4exjrYfrs>+=0@~nZu)B!yfsydsp0`jjmBy_-I%v85LB0<6VWj~s9e7}<=XINkT=qX;v;OL+lW?*1&IodRdVBb@( zE6YJ1g+JYLqkc~9`)+ZafRhzDk=3eI=A$!J@_d==anoyEo4_?7YRM8GQfWSd5ebK7~Ty>SxGYok|=JBx7RXc!>aG-vu|FY%(F? z;T17gH55r(oz*wGLxxbTEq@=_66Vj-N*?&pgaR|17{PL=pSi42X&KP0+ca12J~%SM zd_X^8@ZUq_SHwtYYhE@$?(z}Ocr{nCQUTRG@WM{CwsnmQ|@K6j&rxxR?Zgo9FLXUm*B-0BCIjN>8kz@__VI2TYYe8W3=9m4cl}?wqmdVr ztDs{LMj^*c-MKkAf;~euMWJtl?-*P}Q4FWiV9hr|16lj;AAtyKg-2yvAd$S&F+RJ@ z*j^_8EgmQ_z$O<^2Z<%#Yu9P~$Z+XI`2N*3e@98X-gZVD4Iqx1Aj9%25G zpa4Dk(aNJdF3^xXo;eqLb-i%ID^yZNnfr#hVONtgZ!<#>3Hrg z0rlm}+}a>qyE1iSU+`pDX0nuA+Q@kMOZz;#|3T-%#4}Ut)SAGwhhUE7+^}~0iNAa; z%97pV-IzjtD-Mnz6BCijQVa=~*@Lt)nWTq%{>0bVo{IOX6zmwUt1bEb4oc_Vh_ur4 zScCiaB=ztBI+y)?ZvS9B?mpzFLA$QEHEmJjnR#yt2d<9iC8W9ri;66ikBW{X1KoaF zO@8$&vRpvcgYo<>M-ar>@XBax%*^C`#mR*|myd#u-(Uj@CP(U(J)+vvYp1)ur!QfA z=dhULH^MS?co+;- zSCxbDo$CJm5KVEjaghSrwp6JpxpugeO_EQZ{oRM0Z&CEeYb5ODYfK)8{i!8Z)5^V# zEBd`j9M8ge?;!el*ELNlaG=E&qQd#)Ef_^iavnDH9k8AqN$-P)*kY6nD-|&%`~T5` zyz}$%crvG7`op~9hknJkxHfJMD=X~$?V!z-453gg4xA|!UH567kTyS-Z8rUZIZYDY zQY8o)O2nle7h%k%jSCrAZB*eLHTamIyB!pB?VAweCR;J9XTmKAr3XKTh zQ965AkZ!Mb!-10l&4^(v*MLEWdi=wxU4v#(0a-Uim$(=j{yp^Mn>Ycc&9aQbiCwsE zH^wt2N&VpF9-3%Jp1Wc}NL*u=nS!2pJFkLV`U&1alm`72=e zIPseVz3a#L5Rjf&!dZm`+cMB{K-J&TyMRzIH)dz*1EQR#yCTnQFFOh9An5r1-Ez}PEV-xX9DVwQeHB`ct zEXLC7zJilv8c7Hm@#i+{A_?T6HDY;PQIP3RMT>h`)mjYj7EG5+7F%htbkJq4e;cu)lPnNkVyq^3Xd9sBW+kG4X6RA$G$7yA6z#gKW(zhh+ zi5dyJvUHE`MCBzECi^zy06{k+KPwFjrds?S;*|Ti-c)uDm2tdKXmh>MhxXb@3I3S;N599o!=e7qIY;BY2y?q$n1U#ceNb4y?lMn*7hx@Ab$!M1NO@3?HUf8Guj;&_@HW%IiG-8TKj z&>M!M4flzP9moQ$S}61sZ`v>}YgVuG&UA@2MelMH7t6sXDHMeqvP~MkIRf@0O5Up9 zU@oFKyZ$jlVqXIf@lp*Iyo9vgjR1Rh2bIwsY#3pfKf9)!ZSXaUUW`LyZU|`^c~Y=M z#gK!Bobs%s{=7W$1q!`Ex6n_7{B!K@1@Q?x=*?N2n$(u+(H$v9rxuYrlq(+Fw7+SckZ?@O*eVpzc)N?4IMg1Estk=0RQ zXTyy-GrkM9Ft&DcjiZI_;rn%is}szNQycHVXLL2Hu8ecb{p{rmzJ50zj%rJt&qf%Z zp>9a?8?#Aw;{fm8st0PyZ=Cc09@GBe$Tk#wf2NB#z(_cK)MY8+!LP8xu zE|7^Q@VRz0=IdMBrDc8F<hjcwiwpKou&gL*{*0|;C|zF>5Kv*>`J9cz_{%^2(#`oO z?C_01iYVr_#dVO#Qalf#L9<%P+lHbBvSd%f5{4>aSP`xIahh{de zYAn_p6k>^PwTw;~uy1YjJ^Iyx1~^bEAbaF0S6N1Iw7-t1H7skj!gIjp5=J<-#!$&s zT=OVexY%k-qf)AI;7E}=L)m`6LdqAQ???cRau3I?@8#vTF`1?7S*3de6h|Igx zGV{B|77R|wna_*=7@fEg$SP_1Yt^1p7QarVw+=nJa`MhgWY$Z1(KhFN z=&Kn+RNovC@4THuR>lQpR??b|)01z0Ih|smSSho^=5F8W9je#LLgbXR3LzT0)1+6^ zA=)^*l}$%zKc!|}}PkBb)q zbh^V3nOjD(c`iI*+q!7z1nfZ0;Yml}%^hcBqwFW=jAO}vxp!_0ym6~!#M$FEy7wI= z)7S3a97aL&bAK3ZAig>>E8_Giv$9Fk9}p#!Jr!L=!At!((#7^_eQ00Sa{*h?(i5`Q zX}7hHO*@K#36Q-v81)!KW#(c1 z(^<yq1n=dVp6W<(bG1l`FyZP(mhqH5rwO>Xzz5b-47>cs2-?}~l?dvwW2UZ=a zJ+m(^F3p+6!}j6HYScPTwuf8oE5`UAx}Odey}k*0`d7DW%dK80DpM|Z=b5V(Dpx5T zKMRS7bH*@mM+(|jenkdUh_Btr!RkZnoG?FAj6wot=ux)o{cIvSM0D3P8i)q{uf-$V zrtTDVt`n$%1C)9a-Ip>wv=bBWoV{{HwQb8`&~A}L$N8Y`we$kDu+oPkI1foPBx~>j zVD4#YMToSJ1BlFO=n1l+AaCW$u^(b{ds$w+1OC<9akl&=Ffg6Lbx z@#VsvqYQJl3J1%4yO{oh*wWu(Y{_dXV!(874Y8#wniZ;$e|3?LX#2D6c*N`<^9+7x z@FS(e+VeI2+4jDik-9NW#!At$D&?zx8Q|U%VD-{y%f{=je_OHSUVDO{h)*l~2 zy?T`<IaXle|3^0Nik z2{VQh)=a@haH%r{ISa8jzvN`mRxI^QA#-j@a6a8(Ix&Yz)wc}y9yzrNInj}u(fC&0 z>`m92_m^)D&+yz&&Ry2x`4-nStlK=#d3^LHCvm4ZBTPC&68c|RZSD5!4~9xDy?Q6m z<@Q{ffq+CiFarZOa`{9IbvZ-z@+Z~uh3R1)^*JAW^4XV$uCUa4%@4SNy~#x=!Ot>c zdbO$j+pnEW1MeRWp7{3b#;a=A=N=i>KU@loI9Pm}!+46PYQ57_b90N?D*~MuUT${` zW68wO0)cp|o>mq_Odm?#?$Pi{UBxPR4gp^;QUY%@#v%EbflvyRS@&^sbUuWoE9=kF zH)Qkl6JE*vp2E^{O|Q~E>ad#9<}oQyHUj0B-+4q@lMix94-9sk0B?l}V`tR%S@X;~ z82j$E@dxmy0%=*zVc~IXc+sNS(Jt(BD{QNPUNAsQ>K9L@gP9 zkyIWdW3NQpU3rTgvP#o0H{Khi3 zLCEn6_a1KuY2C|E83#F|p)g$%V!n0^Dn1Pe8W?0g6nB)&Cf$fB!pSYszelFB3!%P{ zHe}{iT)J~Bp4$LAySQX)R!8S@5*!~I3_uwH@MI7X60UW-Bkrd9g%RP?jBO-jyfAT; zcD=1=@t}|oFTk7$pN!HLS&@U~6j_u3Mamp-Ms_7*7dbx#+;NzPv$?cqVDT`Wjt4A@ zU_c>rtMqXp^If!$lzpi<9o}+Ov91#?^^`+i(K9umDtd!PURb$!n|XSnX((!CUYdT@ z#73@pN!(j;Y3;c6{1YL}308)5!^_3PmYLYoGa;cR^5-0@;TR4-iiMwSk&#c|p(RkA ze*q5m+F02AVKi@H%hq`PvW~QJrtUd-uMVEBGMVgssJ{12UH%b58=%eimTu(s*2Y^2 z@zcrH?kjnSFa3DfVNs+)x^qc6b8}kRrzXT(w%sc*9#vm*haKI@__cczSqX8nC4-yZ zSrQeDDXUug2zZRH46k>q-q6^GtzNlt>~f+RVKQP<`I&lR8Y-(@awwhbkJ;-VPUeZ! zT^P|AzIC;M?^-TW^q23Ec=IV?tk2@qE&o+P+l;ez)u^z8Trrs_!I`n&udm*W)j&o^A0O}IUAxven5~k)K3P1hpNd6}htjl_ zXQt(RC2@n`>|K(k;yfd~dhhH>7^&|_o?mLv16Ga!y(bb_aGezYNo%Lx2Cd5?IIjQW z57^}&w%7KnR5P+H#jQ@3otCehC zj6m*95vWJ>0e>pYujy}x?XYz7PW4+ciw_nigbQ>s+Be9*J z+S2qBmu2s@F1EN{jM91g0;f7SRWokSfOZ33!}S%14SVk-y^6}lF&@vU9Yk6R+Zqjl3 zjN`po1_iI%dc7NNUI3AAU(eNl8t7NFCGIw~Xw>S2MYZ4f=((Iu#FE^GG=YfiYsF~0 z?g$cJyQS9wEIW9e(c8Rgq$#wd8n*K%XZW2h-zZQR$eD;Pu=>zWbA3GWNhCMW+}R+tayaH;}*Azy)K8m7V+hW>r9O|noc;Z>|-Fgf=s($7ZIm z@6(%M7An18LXB$NX<5X$A@9|DDk^j~axO>9OT!WvE%SLU=-?gB1Py!%tJ2c(0IwWx zRCa$WoiN(yn{^$i^q&}TTBo@mfmW)_8ZROJ1v=ilo5+i_9*jJv>Zl)%CPK@7!j3%M zu~?Wz-^<3k8p7Ik;?sZFPEVHdAk>|XoJD_N`}+1WJq6A7Z`IsiX6&hA+V}5}&%9N$ zpfX6wNR}c)`UO2CnbobHi{JvsF;3U2FyE&17_kVvp{OYHb;~CYPMzn|OLH-Yvn4sv zXqI^W`S~BtNRDY>Bi!M>5NseN{w-N*(g54Fh)x!l=Q4aVTC}l?P>lx(_1Q;QQ}M!1 zim1q|2DQ<%Tpl7LL9T3*#L|r+Uyy$*A}Y1@TkR43MQg`vRstn=7byn+2%u--r7EQXac{-m$J3`TOU(jtJA0mQC>ETK-8%ix=BW18FriQ{QuRLUp_jAuI41 z>DeM$E<1#m5{AD%RWnK*d5N7XXzp?C+?1MZJ-~Ebu9j+LKMq;i*#&bG5(9M3Wu1Mg zE0Clq|Jzm`;MdgjvSfN!;vf-KOkBD>=9uoarbBc!jtPD>`3?tU*e4%p!#By^hnL+0 zU&~?N#1=MPNogcS;hfupS#d(H^Qf3qdDf2tFH_FO>39?_@OQ#aOlxm0TUHnC&b|PO zN4ZgxThqht{a5T+P5j8F=4NfzZ?BS9G~hf`XaAE~7}el%a-XX8@7maRSH4#-4ILxvMIwqEtKT)< zij=H(r~{$?3l%M1ME`QAT&YXjHgn6#O2K5~FZXcYX7!c0HtN>5l3vYAZuT^#De8Qy zrhQavL{bC?j(H-q*I`6pTg-``f(2xBh2^b+3@}h5gt3_xYjo)FZ zoLCKR8_+EI3`O>kpGo9dMu27b0;9BmcOdYt$WEJfNO{w>#93f3Zbz;9?#ZZ}@;JD< zBbljeUzYEDWYa!3VX_u{9AG@4j-L;;v%9zHTi3EMzxln#MLj+qqf;*5vmhaQQh&U- z;LzL_p%+l=C8~y!eLNBCNh>ZsFu+kNtd9r01pLi)H53eYt@xv5aol~S{pDHW{= zJ%2R?t!x@))5ClI(e z20W4?=OGp;XQi*IAnCj|JMp&7zSA8CcU!sKB%5=Sfj9GcQ{(>pn#_YsX}+sUHwDzG z)il`=1ocA^V3*QE(;YD)&1G@wW(VGvryuNIkrvEOGjNquIhu}#h~a!#%e$SZat?Pw z&i;qfV2n=i1h%j6hHz)e;2oN2qX_BR;URR~=&2r8B*DSqUzKh`y=o7jiM4HE95>F zCl8w7R&XnplG{#!nQX`vZ5nb7$2^Cw*)7ug&;xBHOsVfFvTj*;aFwx|n4TlUiY0rL zADICOJ&^8G3FI-VjykfJm=IalUaE6n^aQ@`&^ljK;k&0;T6U*_}cN9 zA1ZT>k50OEjTE2(9JTN&-I>as=22nf z4=)cD-~;2c3>X!NI3LM6T~u+jH7yssx$6V(oV=odHvQ(fdFob26`dmLXGLh`EcLI_ zOtMDibd8c9n^kfchXe{G`>(B%xnJHgPqxpYPEdev-5q=K#9C1bUTS|@RDeiljkVe@ z>1mZi*Bd-+6mhvJLFi#`DF+&oA)a$wiW~NMLR7fUr|a*F=J3=(0R4hB0#d@rcSkEN z-6nIR=L@-HUcSgJ_9Ls!isW=uEwMC-F{GPPrSu}1kOi(}GNBulw3zIk13fR$*v!#%|2UY|O^CZQHi3Mvc*!jT;+{ZCg)_#^33S@4fxqJI49r$ru?KdG^_R zuQlhIb1lt=H=4yt8T`96jw?aqabIMVi0@pqJMiZa&X4w=qIvWl)H7%l+TU=M_k2TJ z@>%l(@1jm}+TTcaDa=M`+b*V~I8J7F+ExSzD;wM|k&d(TnN3T8+hafWoa^1R#vA@b z>i1gP&FAqHzVB~ZOW{%nqMRRA2UIU53oy8~ewaHYGF5#{(|Z5;d4G(W)|2}CN*O)Z z7ixWh(t$%~7r!_62Oplh3!DGdApae@;N`(gCGm5iv)2$k!LS+W!IcufqB{I3TXo+{ zC6U{$x8S1<#0Y3wN=~{3Ae^T8uX_N^t8vQXs!@&PEhnCvS^tVt_VAGP2YlmbpS}wm z%u`1V(GLayIH!x=a6ZM_rl&mTZ1A!0O{D(}2}pFijP7@w#(Q#?Is-@Vei7S)hlYPD zkZzNGP{)x{aIyz0L-dYm3EVrDy}GL!gftshEvoK(A#QtKO=L`qKE5(i`RzL;=&}&- ztjpu$^i|W&EM()g)si2wfD1qSHCGd&h)w_OH_WavR=l2Re;z80@%&i6>8K`JO5)jDnK1k7L zYP;p{(<=XAkyW9zr4i7$?PsB463Qh7mL*!l1E4y-dm*Q~Y@qJ#8RBWaBW^j6a7~x^ zTvKK>J~6@LStwjKXP+x$PZt?DbP=1gC&_UQ%{UEVe*8S zcO>*_ZeXE^xJC5mBRwRkxw9onmtZR{&cR+#R&p2&$kl~};X%(zjX)~z{aE`}?#k+h zn}lNk+lz-n`_w)(ixb|Bl?*Fogne~i83doZ(99=<8m{vL@jqN*g2MbzZ4Ll{4%Et3 zF_uD@!TsZw*{*cslMhrx!l&n#u)v<4Q4DImw9b+PU#9szF3dkJ={=S-EY&H?8T(gI z3W!JhVUb-h-^4pm3^a&oyxdkD!q;Y7vj z-HH9n%LYYBMaAh4UAxi6W+&)abc|9Ju_7q)AY08q-O9SUo|BC^m&WjGFA4pzY|LuQ zFBXD7)lNL>6aji}ZmtpU#`f(P>OYb2lbsNNNuV>9!fQqjQZv~L;g>`N7O!RS@}Ld3 zE1+3;EcU<7F0XTgmvoV||C{Z)@dC4{DD42%aDN9_nIWQI0pKq(`qzy<-`v*h5?GBt zWqWQ)qg#8zHKyPUsa1&;$_B1ueRt)gwt*GZ{f#I(@rM3cgQDbGgTocvz>^d;G$-ol z9vx80rqvPHTa8X_3${H@sM*h9q!QDRV$_+*4pI>M?KaBhQee`l=c<-63zP5|{N!3o z>}e<#ach0Rg*$H538R5f)tAeIyp>twtN&~zy&0&OIH*_YYS_I@-7xx}%CGOG`4jC8 z{cp3^3i-`H4CSby2!C<85^h*)hDM~;P@2Q04Q}IC*V-mD6T3kUwQ2Y4M$6iq1c>0a-fW=^|;m{CZO@XLttd3AyDF0vYh{gh=Q+41c2$M`=B z;}>$oM+5YiRknQU=Uw7xb)R?ug4^XGY22Nq)<=44B*_?Qf~X%q&X_YjXL7A%ZII&6 ztbLdX2@a!+7WSj6F&gn}owfX0hMc)6sTemPl}`0t{0RM?iCO#x{?~i(S8_x-*$Jtc zM%Lg*sDD?r@u7a%1}ify;2V}0cwiB^17Ut?>Bem$zU9YBz}&MST^f2)xgKcd<5u1O-klBk>+YcTzBfb6!-Cyg$kCh{akoKKER;4HWI!Vsvl?iX{H~4Xs zYWY|-oAf|$_32>FIZlMj$$Y+s_6_$#lG5BBFBJLe-36bFH*?472%s@->2^?~3}J zhHiZ#lGKo=PI0p1%H8?#(+HB42SKNh{{cL{J@3B}riu8CK<5XEsLx*Z9DlSHR<=r}xWT>hHr|q#v8D=lX0-ls+lgtU$CAo&F|;oa2Lu z6KmTCl&es8WQHA;Mv08WtxExZ7rmy0XAfzQK@z~FM0~gXC-%-SP9*^Mf3-%q{h;TK zuoBREc}z3$y|56n5MwSpF7DhxEtO6uaDU&lA$ut4gJm;C$Tx8mpQW*jqp|_pd6?(z znIhp$wd*GftLomhwJ36a@^rc}7~e$Cscz_pT!f2I_^d77d~b};2fj(G zA4g5e*J4XGvVEp(p!lY1t);3P@ZKZLeshypomMr|XTNl4RQ%phs!H(RGO$B3u)Q8p ze|p;+MKldMKsPIqi(x?}@$;djoQH0=4XC)FvHwJLC1jAiMocaz82Rhf@QVW>@%+Ul zn+TirJV_r=*K<|8Z>fPs!t0Vd|A~M*UmY~6eS~KSol|1Wo2l}1%dfK~ zX@X&-Og(M38Z;ZhP9!~15hUC6$`}g-1yTl2HHZrvlfJ*x@{QflFgU7Op|ruUP>*SIz_aV#Br^?Yk{4;QY%1OKF7qp2XT z9vtKmmf%K7*x=$~%gUhJ2)>}px$z%OAnnBRdK><8Cu~GaOsGz#6XRk zm}a3Lq6MfXKoqHHkM7_uKL)olxaGHto&d~&H6Z@xBIEd5CH~m%FLSM&T?LB%Wo{p5 zn^4WS&mSOva3(7Y3SdZRa8}z&=Ro9O5KV(^HC)x1JB$6n~N4HFhQ( zRaaPPTB&TIx_0h$2rMc&PWWIjp@iB>xnV|G`Y!`b&{> zi**cYrEZ6t0$5zeKNM|~1#AGZdq6x!JYTN?yd=WX&Voko+Ia=|c#{&>LX!n5B16Q6YS`WP`b&DJ=b}*L54DNXOaEJ z`=0OhC;S}i9PioumeBUx`qO>+ZSWvM$U6FW+53V`nb5KHfsPk^Ueg~n6gph{D@A07 z@8_X1a``k(gxm(HK9k!&vGl_$uIME{VW(J+8OWDWZ|mfhmSR6ZhH%jGkzh46R&~rE zkoNQ@@LE%f!V`vOo*KZge}4Bvhkbv_(JPW#=e+Q_Q zB<8N!-Zb%h693woX1iLAFx*~7qofZG3IQXJOK7-$O}z5fmu^aN zD;R37gh@DPr9QIjMk-$>Xjks+P?9_;&YHu!Z*{gbg!gCiN&AN;7=(QdP$Wl&`(Ike z{cHgeBkA4j){+oVTIk)o4c7sMjQne8{qHCnfCliNB^8!_-?&)Gekpi-Jg5s;;kE+8 zu%{0HE3MVW{rU;_9-^lbzZb`CIySr{NXBRWkEiMX$ooHHT_-T91=m1hXVK!uhWY#$ zU4$~-AD_|9KbDkNE0F^hw#(U<;-=T&Pxb%X3xEN+FzLervD5r}#sTA&v4g%YRB-~Q zX4Iq>-!;#|9k2V-qtE|kgyZTF5$#V&!4xi(K6S_%hy7~Uiu8_EiyNuRX?|wL!C4q< z-IEc66Fcu^n#h3<`b~GyLsi-@bJ&ta&fUG_lOV(mlw-JLR`@_IzIiEUFewJxDb)}C zQ)IJ&B>pohmXojSXOfa5Nzx?`kRlw4-so%@l{4c*Ics@Bweh^p;a@RW>Dd_5V!79d zKmN;i{-2L6C?!>;Av~SQLfY1}(V~MMo!%gJXu$Br2Qy^V63}kCNT~d%L|C7uX!C{q z9W03E^5sapmf^3E;6DMRIOQan6yl>v$IN8xFsK2KTw?Oa)r5~2v}2$Evz=<4(2L)v zL>6Qj4z!S{Vmjf0dvUoP;|Ufd>~1-Z0eZzJUw+rsxiV-qDr=zQ<1z#)N};4Nb=0Z& zWE0YANSvdkaR~7esciFIxneZ#r}=zA)UlD**|=v9G9Ea1?(bAgH)(1B;AFO&^! z`HH^+)Ai)TdwNLCKfC#6?oD`^igJY_U`HDWL6eg5#w^LVK7Mt={`*D&gS~0yj{)Rv zh#x*&j+6A2^DU43k-iYq5N&LKmngul^)cwh2RBG3G6HDx;<&lNks;u~4Lke|3xYHK z*}%%KA$}R#`*F=2@631+Lw7^n!-09A6gSR0)ZCp$*>znJrc%A&c=a#9i-SIjaWH00 zh7FSXE@GE_`CX}KU}QuJdv*PpmV2cde;1!8958$Vy?t_*tW}P~CDS(5bh6nZQL!ak zad*#8F{RGe;^Qw{4kluctFQ$+pKJM2NX|=kupnz|ZpYU2WZ<3IRu(IoEkEK&HAUvm za{fFC^uZ*!WiWymIo%pT`b?ketW)*1#s4}e zz@`~g&aLWr3Glj&AsGGYDINF0O*Wtl_GbNdwW~3);ejUCgNn@h%NJ#UA@|#B#{X-L z|Hq!9qjj37;8bLMd3)Jzw9d??PXx=t!qR2gK*Gg^6Tw*w7sz-Roj_t`vZ-761zG3G zC?`==FCVIK_!YENw{o64i$Rk@BitKmVze`Wz$pBw8!Hi;vC)1^2t1oQC7|3zCOZYf zR5zFkK4BZJ3;@pe#Yk43WJD_I?r6x`3+Rhcqg$6kbG-oFV}))^5cVQQi^W;;2BkTy zhKWf?C$PTdy^B9AW}(q+xmikNxA==ld5{8bN+FL>9aNf=`EQKYi&EF^)(DnEyAtA6 zo;Og(1PHFp2`4_zc+lFUX@?6rxMP*U^=B~TAjK?4yuVdz#1xaCDd$j}jb~e-3DbOd z6ks`F*naB4%qny14ieCGo4H?z`X=qlb zc!$Yv8qH&1&GFUnc9k0dN zPmNAnZTqj&LoMw)Y`}SMz`Q`EvsUND{zvC-*9vM}FH5FLIy(G@WrCN6^OLqzGUTi? zcI^(78NU&Pdf9$fDd0;1J5q_2iOQAQZHWWo&^GLU^r8Fhse^`?3I$Y7XI73OeN3`G z(s0t;SgyYIQ?5NiLFL>852Y-xo(C#wX=>UZ+JhnP;seUOjEoHKxrpfKuJ~>ZENUP; zvQFL3g=X3I|5w+EzixcM@nLRh>j%!sL_IwvZYqf|9@MX@(4_~4{jDs<_@;^8*6kE> znPG|AX38SAa_;P<{iBA!p>_=4-HkQaUwaX-6S0lqhGl(FY!E2L1VswWBLRjY#oV$M z$pCR_@xGK8nqACxhi|1aYK$s7d~ya zX(TKH-8AjI8u6|c(#DYk0Ev-8^S#j?Zu*niSsB@5L*_IW<>Y+|*V!CCEFGnhKcR*?Trd2W_yQCsH?$ zvm2$HY^ID{#HhjXlVCr^wjrxLb)r96iIlHV2P$URKQ-47+!IPNQ}S?1G^a4Py7rHcQ8_KfO_Ihhu2|mcza9cNKAhIRcOZA@($CoL&=9CrWfX zAj2uEs!~@*#YzdU2h2$>u~N<{&D6~xFoqAxjOjwW{sQr~<7mwrphqZ;=?*}|UR`*C z48F`yX>h}TssBF1^|(x0zH>5=yt6H&$CI{i%n=J(z1$kk%gHnn)J{TFxs8SU9r67S zYp}MbCtvnF4q9u4PDn^7v2vWnO-2Pq?1W-!RFg7SPop5cjYuDRHiyZ0XWu@gi<0Hu zzj`=WhU(hUB=}k4WPl`9w>=YF8g!FR`cF=AwFezL7?U)j_Z&H0>D{U}woNvhnn19# zp5#LJA7hasDk=jAj0g0@JJ38@sD`*LL!QsVmM0fy3n22&mYN7f#3H$U@C~%B z;cLSXL}c&e;n9}lV+LY7`2;J^tr`B>%75~pu0;R2y*XN_?|Cy$CUPr|Ky4iv2fUI* zi8`kSF~(?5hNeL+0)gwE69~~UBn$trb%prrbl~)v*mp?weA0C~<6@+oQwiGB$0(^N zkx!qup3f__rs%m56*iMr%b6E@Nwi`jlX3KJwgRo|O>8jpXBT-|s-x5Ey05f8dBK9lo=d^v58qy?D<$vK@MRk_0M}%L!QXa;3f%DUww@K@iSsp$l&;ZwWQK^VQFG zes;7W#k95TN!lXs6FWhs5BzK*?^bt_l2eqT$`UD;NSgr~uFqVc^_A6*6H@c}&~LJ( zdvQ*8!(_Pz{cfS6%|)afC7Dg+S4w&!3eJ)u9VXmeRCGz}-KmhTfI%^~0`v3?BMAjA zX{Z?~E7=k>aTVYg{znc4qXV|U9(L$_ChO81*Vd7t$Mq)>JOH=VAq8(Td^srsWg>*&h|Ml{&mFUHZATl ztvkubj@<|4xDNflriK7jj9a@hF;hlMD5d9u!$ZqOYDdMb?VjvBtTH|WR4#r%38^x# z@ucJQw~<-vQjw4lEFNQV3bC>4Qx~fRYBtWwhtGlS>DU@lT^Rbzm8jNyu5>icXKimsWHhwOyF|!;F4_MeoEt*0jdO*YoR0g> zZ1Y52j`L(ObUEQ|$3 zfy>At!tli~^OzD>c)@RVDv)d?U4B=jwSB|rqACrYhH0SDME|TJ`O415=KDU9tr^V| zBcHUH|7R|Qlu*T4LJh!ys$%R91v^}UMG`B)h`>ZsHX7dI@+6y-%w4P5+9;>{BRQbN zNHnI){4yfa+Ap`ug*W9d*8RUWAW*JhS#{yMp!tuY8RaI4{!GD~Q#O%Bkm4WOOu^{0I^^&$zCh{tT|Ye6 zx`y(AD+*epFCjBeOCG#`L{6t>L{w~C&o-URcbyTVH3tQ*0*d1V%xa}TS-EWVfStim zFKsn$r-2fC9!3VlCO);;G3e3d{ufg&8jU!hgtk*u*D~?-aeVtx_r%TnPJ?pep-R!u zXvr1Ghm>jy*X>R3LB|cE&C1$pdU0b~jYb(m(aY1*m-lvxiX;PZ_%WA8qNHqW9LuNE z-kATsii6T!`u02!bh!Er?ruJZ-&j+)0dmG0H9lY;?jytCna`8M@-HVwn_=Ue#)IK* zs$2xRc`MX+7Uy!#3vfVNEQ-Fpzi<%$B+8{}sHixU z<;yAvve*h+$GmkrswZ0)I^ysR`}oeKy07rZ)LV-oo5g4+dE9bOSBznV@`ujSX!#sG zhiJ=#`Y4njG)yB-i+6;1dGUAOZ+3Qafu-`Pz+%G_3Qs*YE#Wd0nq)MAs%U_5h=b2XKdso)yd<`mjkxFhBJY* z@rM8`u|jF(@=`#RAB}x)C>H=JMs1Dt2|VV>)7;#=udLyu#%O^6CH|BkA@f_je`z9x ze$Ve381{w@^^+4eN58+e)*nI~pasLD!<93ZKIvYL0jbp?AGpgc2&v}8c}?#g#K%jh z&YQ51ZIWBY>=7*U3HGar&4r~IHL$$Wp?~*C3&{QWgL5KyS+mTJ8;vPa+OrC%ed@5P zBdP{`{Vq0F1h_47Q#5k<)xZHIt7?!U4Gm2~Qqt_)@o_ES+NRmNxpAIVrVswYL$LK> z>G+BtW4HRq#shN{pYTj6IhJU)14+`^#yAP)<}}7&mx$Dsn;XhZI_lJ+%iOMhqG23b zuiQBc-kp=lBvaE2AcYqz$KtX5Q?0FlLRNpth-a%lnq0H>Y8!^tyj^hrHbHo1a$0}} zbCH4jIHN;%gIfn$`x@W8+`mQQL#u$2lDk~xg?Eh|w$S$gPJ__ZAFOJ(EM&5x4tpie zZNH+T2MICMlB(;VzNw4omnoRaUKr}jmwgo14*A#ZhYlkP*2?kVfZwysRFIxYrL=;n zSx=>+!)}-cEDvI% zr3fhOkyx+*g7=69ttt67f*K*&p09LcKA1_G-t`c09eRr4~u87}7w{l0-a+Res_HgFY{xmcZsm&M37NZT0_vjC@9 zTIwLDSnG*g0qk&?dph-11*xYuE2|TEof+4iJUaa*8#O~Ru~H$t>J!iW%3|1b<^~w&%mc4|&Vlw?%`CdVbywwfDa3trZ>((7N)t$Ftsydhbc#UizTqFO zTY!#!-apZ#@G9|GnJ5-BM(zOg@C7CsCn3lO`pSDTuspQPUjQwMx~`Ckl2tj5eC2O; z&z&weLPAB?ik3a4TG$nT_auiC=(PihgNv)61cG6Ng_|Mea#CevPql$l3^03ru3r!+ z{nL5IQ$gz-hAUb!XW6R#(N+k}*VO)fi=IEirG6Tiu@RY8!%7YPIu;s-hu@EUyKkV{KT= z*hYsFJLc<;S(|J=v@Mdw^H8fQer@dvz6>L~GcZ8TF4)=VvPQ{94yC5&8?gaa3yp+7 z@KKM>f6UgYa{j>aD-2Zo^K=w48c2`P)L;t5`)bQJGeFn!#lW4-d0(tT;S7 zFdN)3`?s_dVgAvYqM$&WcWm65mV)&ernJOrB3}z@kw@bO?U;@EPaWon#h4G)Vw5W= zY96RE; zEapanL_YrO%Ts<{9!mLqRoHU}7qmuoabEdDE&g=hMwctLdZ%qK`PSAn;)3YU`d^hU z^k}s{-^F6(J4jy}g66^9yejHmEe@pO zPV*8o%@vd@pLloQv%ex<1%$16-IpRAID1+z zXB3aJo=b4NI;^w#lnj={=h$uG=gygkyzF%$vhz>SE<^XYZH zk@r)<>59q0namLfnHmN`Z(SJiXJTDj&^; z(a=+WS$=&n&p2u!Jn$T^S*$dLK|=~MiEzC+-KzXfR%rW%cvVlhfNuqyby`BnsA%hn zv%{8-rajn8BCWz};@ZZT`lsXLC+d~Y;%znE8-8e9D^zcHBd*Q|o6DHZm5 zyFW(H7a{${N!kWdCYm4h;Soi zh-jVEII3+j2M?dP0foz!MXw85E_v(zRIAobPKnDx^Q4i=(CS>}|GLEE>EgG#kS8YuGlM+{m5H zCk1IV_^dXp95Yc?NJE@HWHhk4y>$~n7YsxF%GebVi!~fAL9qqe4+=sZ->?v=oJm13 z;tfxH1k*8UUu#(L#AUYwIq;WNT&jN>bpE14?j0H9s%SLZ@P$Vc z08H`YIR^d54VGQ;d@Cb1yBl?5T5d$lr0;hIqOZzvu>C!RA%5LBt2Y@iD=H~If1&5A z(ni1@TALAQBqjbrkVqbVU0y~;0;30|aOFVbx#zsvxBGWfzsQNe* zu=rQ_t2~GYo%16iKL)Xg&B6qd#qpdiu`Oc1)LZBH01GB}i`nokUzOXPVOB}xB0bzz z>m;vDB54wP&tRCq8#AB-KoCqU==c57LW}G9QkWD27vXZ4bX%p_ZThV`p}*@;*SuAA zCep)25MOV)3vP|+i>M!)%Zli0)>ou{U}AFX*uAS^rFqcvy@DJxw!hB^!b13liG!~S z8E>cF70_Lv#kO7&ZzH3s74~Wi%Ma=SKbemikjGYN((qJ;daDoR7+lYT)M*Jk508l6 zBigl`Np`N(INcLmG7f*uW)t#&*?TOnzIb{9z7hTJjssA9HE!ow*~s(VB17$f&*d2S z-Ubt|KmwAKj#Gc3FEsoC{_sa6JD>7j+UH(TyB;Gd*9Q+i>qIM;4+|RtP)qm5;*yep zy#Fj{;=?4&iTENOBfvN<=z4u(FB|q(@^eS6a$CY1A92%EeAoF z7SXtYrz=PZ%0bWlOpXg-Hw7t!13IeznAQ=fblkiLd$`L|zidoxd4#&Obj!H92yeKKh`LG({a2b$HPLQZb;H zsZp&g2f2(ivIcG4SA^~FVyck@*d#&*%0Cge1{j6IgSFps+OOZ)6>x0)Hj{EpSOqz8 zKDAT>eP}o~&GX3fg5!}TiHMU~zFvgg@C#A~e1d@a6pZYNfcJt}b-zBLrajTF^;PBc z&70=jvLR(o$GG#F$BUbrnR~B^=7HtujQfMbXGI>}Q=$5kFOSuTdH8SrA`p&1Bm&Q41Xrppgi2k7mq% zSDapK2~EGR1?>Hkm!wr;uLHX1g^p&rYm1@>6S8>m`J<`xO(?C+s;pdOZn8NSJ)<|z z5d1KR4L27#_S96-5k-&pmsT{rESQY1Z1`n!uVR` zvkH6WU7MK{&{r*`t;NrMh$#nf2jWYm(IdYE@b6QK#?5NvIb=;nFd052P93_|o*au( zP$g8+hoifFEM#eh_ga=lCXsjj0LNOP-uMkQWu&QEI8kp$tVNdx8@3jJ-)3s;EPJuGHX2ihO)x1Z{Hm*P8 z6t?Px7HZ`q=3ywc_ip1=$Pl^r5h)6HVqKJW2{DcEWlCMH7+dKVkZ;@++vWbZJYLm#KnqfUA;3Yd_5 zFU#udd3IBs)Mp9K-uizMj&4g!XvFc%zEy8_g252I0}qPgFLF2V7b(R%K0Xoh-7>RR zh&Y=v?=1Cz3d>n533@MEYKa#f^bW@VUmkc>aQt*azAHP@AiN`-pKC`iTle~Vfes>s z0jOJ%T=kwyf9Id7Jt_IEEm(sEGN=BhLbsY%lBg4>s6#Q3{hgw zLxQZlIb>T=RGfsr@T+e41@lJh+Z_MI3rAFF;jw2PM}$sA@KC2;!L~#&)0! zUFTGQ#8xbhW+C3PK*gxuS-$s*q#%0Oi3YN7XB4KgMe05zE*!MmESH?rI&yVt+ERL4 z#cn!^&2hBi=_Dz=rU{tbqghn+C}-Vs1W0xn{k4&;{qMQg)y;biWnK4-rlkFNl#Lul zdLC?v?HDUaHBul;Y5h;nyJS^qG0)E9)4vL)>NpDcxe1{u_#B7Ay%7tJ;7h=tT5HK9qcqj5L8D_#01l(|45;4^{(aODA)*q1CIPFDbm- zrDLP_!*hE-VhBB0V3}i_`9gqLdaH^rdVj3NmiJo?<68=D=PBx-rx63|!I^(qcq=K% zz`X{?h|ty7}P3J=&2+g&0BQUqk#t*9gg^{EG18QmQ$q14x3X6&s!cnbaXdwCqEe91{m~62`u3f zGGN=vM5eNz#8vvf6O#7%qtc>=%AL@DhP{%VWs@4@Kw9+AU&2%vY$c-QJABNc;9(b%u-Lz z%Vv2UWhe0>ggW?sn-t#EPxjA5eH=@zDnI!GS{IeuQQGKSjr$N{B%zC+TkPar$e_y+ zC%t`5uJ^IIq6ME*X5GqO;#WwIK^h-(9+a;}L`b5GOVu3z&+IdhIfn(#PN&oJ+l#%f zr#iK+w-kCO?koe1$9Yt%1E_s8C-ri>B^sA`S%-26tJ8mw-t}2)&}mjXfxK`fk4C^Z zjV{yo!X@J4i~RMWuMQ7%al6~^FMFv=Jx7CAWN@wRqeZqVD@9y!JDCjkMuJ-$Hm+TR zNmoquqL~RZNNsdxQZ&Mbhb%x~9101(3L$X8np0V#&yOPjKtisZr2x+527% z#kmB8*T6J3WGronMeO8|BfNrCWx+R3JZ*ibCG+2D;apu*Dl+dKkbz(Mzb8OIs%z(= z7OQZDYVKO?tB#iaBx-k8esb5mPFQjk#on0Ob~_4o*7srtdgiG@I5aBGsq4CFTo9z@ zK_B@0m(ykC7SoW3jywIB-3pw;<^u$z&tDM4O6rD?J;v#rw#P-^53Fv;s zi2^Fc%o0EP~7Zxkg8dxR^BTodH(F9$5YHW zjQ?r(#MIY!O!e6bwLt}xkZwc&kmTz*1`>prXGf~|-Hp`>x@*50~XrH@eZz`mUk zEU|28No8iyqOEs(6Rqo@9)^EXUG{LDU-)P+~p#vF>}!70B;t*2{_Te*I0k#-rd_r zwtK-Bg%#6Ze`LOROC9*ot?zdN|C8|a2SMzJ=O>P7 z0pBxfB>HcIm0RuGG)>{We?2VjX8ff;K9IAE!QY9f2xMAMXb%l@-oUYvi_! zKOyJ|S7K?RmIpwk9Naf*Mi9-OjbR1pv_G%%#MVosHnL-(lu9BrF84+ z*5~nC3v7hD?Q2dS(Itqwk@kQoHW2@O^h?nEm5${*-!r~;%M$UjieMWWefR2zBtuCk zA>Dj1p4+ReTBwjdf-wZgt}9S*gUjs&g8IKcOaX{vaXE`s3%~10D4>N)nV3$YDFf1n z4NJ`;($Kt4w|v-5CRcknT5j_{aotx9=Vl7eBpM#25gJd4Z~ewb*eWYbz$nCoX_^s9 z+>X#O6f-@ss9(Hdaw$lYJ7Q(I48>~kY?fF)^D2$dT|2~Ve6UIyTicI~D}L#@ojDe= zPGho6{v^5g2uxiRE*}RiU2gxrG*YaSiK#N-mubF!b|KAwa2dnzi_Md3-yn%#9z(KX_KgDpTdtK&`uiVaHaUY8-3M?p0a45#^vD1lw_ zB=KdKg>0-yg?UJ&HN&R-SGmNJ$rAcVf4u`D#*z=_sS)vN`?GFNk}+SVrgJ;&v9#kL zn8;V7l~;M1DW(Yxr+xj|{oocPX>JD3NfMIeJ)maf8s+=y}IAU(4P}lLT6@W0AumeB>1NZm;jg^+HSY8h4cM zxi$p1exvL3pcn1*ex)X64sM@G#LS?4+akPS6k46TLyt@9jQdWrhi^x(po#004ThjH z=J!TTF0ZznwuU)93(#1*bUs%{P>v1EF z(Nzk{XJSsV$!ol!O7m{H`oH8YouNVOlN8RD@UT=SBPCf6ofNQZ@#L_ zyDc7e!x_b2guVTdH#@al4MMH&Jm#Rq&4f-x`{(%-i)Uoh606Cq=GeH}FZI5*_T2kj z^deiG=FCWwlhS3fi!Bci(;Rl?kvg{>CXu|FriPP>#Yt&-YEsLfos}w4$bCvYzFy+v z6)XSeb_90hq!+{@uL9z;BLz6jZxVertxp2fshrL?5OjKN{-~&-MN@$cvhV2_IH@F1 z3L6^*lei|U%T=7R+5OP3)>2-Pkp<9EPhNk4tA@Yk;@r zrqqJG8?vyoi((5MV58OKuIxI|-dWIdxs%MIE4!MMB&d-{az0+p5(oox!{4Rdo`VzH zDN@to9w~<{QoOKEm;8Kf>8gZehVZ-__`KzO33)KZZrh$PuGbI<+`t~rEqOH& zY}U(?a$m0T+F#C|oFAnl>|1Zi*zY;;q5s30A+thc;-5W8>CmPa#-+n8$l-$youj^K zOwzX6-6^?ETKhwM{kmENQ`xhJX>frOuU3*IwhwPe&pbMa@0hsw51i}IzkzB`r*TTP zEC0qZZIuGySds#Fypo;IihLonIhru02B!UWC3$9%?6&k?N9uLRqWdh&?C>z(BceNdzIsnhS}J#i;mj9FnZ23(!b8GK zH)TzY(PTogmfdExq>mFAuPbD={v=PEe1=NZ)YLRHgaUcfenRe*)C&f40~v5N)`>CZ z{FT^)BWvw49@*4&l913n-nR7x*JsMRx(S8wqZo6sTp@1N6N%5Bl-f)M_Dp!lrsHN9 z4TWrW(ZYsrYWCxSpZRqo{xqtYV%h$8g*vUh1P`L} zMtvVj)W9tFMc*LkYb%yVceCQfKa2^QQw|BTN*hUa9;_ zmztJTE1y`W*WERj-!|GibI*O>#@B6r=2%V;qyYVd>$JVkFlR3Fm7F&xQK)IE4HZ6c(8(RX!22tW2RDXZZN#z9AF?p zZvk_~4{^q%zMS&Je`oIeddQQb3i1_zF2~0!PNWouh;b68?XnxOP^xH^Q<7&D#wty9 z41R)a&hVsQO@wXPw<0Sxb>+ypFvzk+o4fZc=Xcw2t8n=Vv=$hBvV)f2b z;H9VIS=^MbX(tx@7;l9>{m9)^?@*2~z_YSs%i^^a*XA}ZLFbda_pj4gjN(R~?b!hE zC9*+?iE-ZCMB#GY#Y&^A`r!3S&*M`hybN5(G8s$}MRHlvrBqZwNid<1f9Ghxjm!A$ z1BY_Ha=WRoC1V_}5nMKZhW%niN!cBT!%U-2pO)O#ayfnB^Hwvj32A#A3>Mnj1QD%{ zleW(+OZpKcxK30B6>A-P{5Y328l#duuK@us8SmOwWi*ZVW+_k0CX^ez0uEAj3z1O026iJ#N8b|M9 zKB%>{tVPt3&&JY%tb7i~`F1(^Ca~%qg>W!XIL}m!)A+eW0{;bk*{u3i)kz8MFo%Nm zn1BfJpRbb``GP`nj;j#rT8Jw6Y!e+BCZa1lD7*cY7{9mkCXtYHg)5=!e9sE-utMbv?5}w)eZ& zrewhYvPqZbv{g91vsr12RBQ$&_f;1azdg{dInKm*i|16mgsTqvgheY6kkuhbl}X57 z$O(UNUR)`$?roRMs@tzF@Z)_tjn^&8CLETb#G|m085;v`2L&$Y-;@oF4HB8Z1rVZC zJfy_Mb0yGV$)M)|8yT#a@IPT9kT~fRq1todOEx)ki6^3Cy{DWeCg&-)w2aV;-Q%cU z{rWXi`jp23YZAn-^g{) zbEM}L?js@&FR<-07hQ`{G*O-kaBJTe>-~hG;OU0jdM~jFS)Ls^ZsbpVQ5p-&a;2#`%FS zOAW;tG)%AretviSfIH-;ClCI2()bSIG3H$>W?7J{?ntf%>QJ60y|@p-HqoRW1luXS zO1dn)dVU`%N*ZNK4HDb)Q3E-b);auLJ(x;I|FpoHduK?8i-sis%l3J~wk0$^P1DRJ zQ|qp*r*_|o7KM%Le8gU%zTiOhM|27cRHu+`1z&@e`?oH_pSBEx)Mk)w?aUNm&?v@CrVI zFzoj;haHSfXiS+`-OBWgMkL^rl#v;e+-iCB)aY;~{6HOy z4EDds^Z#SfLpyLFT~As?o9RD)3)FROI4!Ty?7IRcaDobZ2W7*_4pw;6O~4L+I~bX# zyGPXP|Fru!0Yz-S_R|D9i^D~Ov2wHi#W$!0aPwVZSu5rDDn&*rK z<+6%7)JLMP-@Uy*&Z&N6IMW)!M#KvuNs_Dy3qy#FuvCIsRwGRXO*q92Xvq-Zm}l>& z@=^L85A7M(B!>++lKha-%aW-;$ZrdTe1L@n?pb+7OM+F3tdIf)~?|sLP7pxmtcDmF13@|k{y?pkz&Nu$p zdX2+(v;Vi28nG!)UA^8M*z-B&$PPI{KbwZ*#{7#$+ zv=gJ4Z(1_r3)UBPv`ne?ZMJ(8MZ_LXrGTphMF-=Fg|772o&LJh{=Ch0N06r>l;$-g zq8gTi5`wBa$D5F@jgKB5yjOpbS6ePBTG^i*GYlv!9wGDjTn1HF4DM{`0)lTi>-RTVB9~N z;>eCboV+4X%b%6<3dp7Ev`i}ip1H_3SOy;t}d{=^6nRRta6|DY&q3kk) z8&CCc{zj{LvNJY62F~y#du<v-vdA6~rLe>fYyDW*hLGE3Pq5iQK^J#lmpP@aJj$xwz7M38TGeY7YSf%D+DZo2bz z$IwHT=i|?OL2oy?of6-z+3L&G50#${iDcYW-obiNDAznVQrcfj3WKwJd=s1^Wq!j- z!PjA~jPRS|Wzg_Z5<3xrV=J93JvmCd*Br(iD=vxc&m0}qcU75H4P$>7J?ey`m`dw z3=3KCiURo@)3NW1t^`W#~ z%^??iwQs;kuLy4le(yf}bI66&9#77kzPNDLg|*^dm^TrOK`v!m|MKRKxInjx66%7uW9cID|l#S-N1mg$e3 zUq9t2%_lpVHAzCeuWzwHPKL2TtnC9yYI)c&%m!m|KkvH&!rq(=b&- zQDqe!b4D+Wx?3S0EwPwrc9D@7?BAIT8qAOAJPx;onxaJpWqAp5*nr}M>hOec588(o zIApoD=>{Man{2th_IB9|-a+6VQvvcn@U#sd)(k^ye>HV|asxhB1gZHbmtpAxiX`9_ zLR#%H=EW}Wfhsb+T5vum}uI(!CEpb3! za(-85)MrXKYJjPxN>D3l`As~dk&0EcLo*U5^hjyJm8w?Rq}dZfcOcb-HvkBp4U_G>3-@K%P$Le3&Kx#Zo50%aUQi-o*-{U{$dODlQ z67c5`3K~dA2aD9G`1ozLqc|hO<6y4HOOfk)&UeSB#W9+j{Cjcr2fB^;f@*3h9@{UY z>2nM-u%|PTxh!(gWq;Jb4j#{Z3bE{jQfD0ElJZ|RtA;1&sJzxtz1BDJY}F^u&bu#y z%U!6{->c9y#hzQy5Gua!oe-CfmQyV788To-korF_0J)Wu1@|v`03P>l^i)pYa3`Bu zEzD2!)cZjm8pwyg=^})9ON=}+LrBz_dW-284Ol|3hcaZ5a)%YqY(TqetiIKDfqD{- z0vST4xei*cwDa|L+VKN#Jq5rc@iHCyTM{498i<)Xn95$iW$qSh5W4zQj!>9I0}G=9 z5V3~e{Lt|V-kMu-Pg1(>A0r9qd}x;n01Z&{e~pPG-(B7c&-;8OoRNaWyi;Y`!DzpsQR8! zpCikz;moUXt&urAM7xS23ElOLZAXLYLA3rpMb|(6?f(OMeNdquqo;jaShA&0kEY=y z>KXlVlcQ;Z86(=YGO~8I)_LJo2@|Z$)@4Xg#ng9LNP1?PVC2X&gYD>XzSCT}Cx6A5 zI?;^noEUTKv+(`zxU0*3UF%)Y>?)~&s3h{8XMU3JmyiZ7LA;E}=SCt?4@G*Q?hip*k=JT!(7+naNvz zar&~C=nXFgAMSf7`!CBrn*CrE&4HK6>MlHJ%AJ`>nQD zs+LiydE~E4ZX_er?Et2o=70ybnhkUhJSToT#yjr&x?mraROmtJq^+ShT=yB7f zrft<*UVK6)kJFcPh95O6)9?=p@8im1JAvSQQW%(4cn+*G&_duSt>p9bm=f&@>aF0< z^iUZYSf?)WpIC#~le6}X0i|u*7ag*$1(lI2>u>FD7QWN<{@cXl4`31mZ=nx^Gm=Ir zky`3mm&qc}KzQ(DdTxrWA${S{EyhJii)XfF9qpqM#z-ENFuGodY1J6?bDGoDWqm58 zRP83ZI}OXccz0}kLk+00HiF8Eoxr5On+aF0wJ3Ow^sOCxmWh_0+RZ4TGuN|9@V;-4 zfo8g~-ihz#;k1G*`W{I!fo6Kqr(oC&eAIM3zHQsoH_o|=2RXo?BWMd0dyN|E1f!!; zl-C&{=!jzS;gFypB<{zDe3f{JV1Rd^&tA4&c#Kw1fj=(Hd zI(2(LAtFL%WM5nm_wo=fwy|wk3JQ*M7^M-p=ZQ^96K{qBof2Lmm;{J1Uxiv>Es*~$ zgBqct^$~Bc;yFWW7Gm-d86{AGnNkw4K_t@bEsvu4%~TvX0z`%!Vl8ym=cx3Fx+$Jm z&@Z+bLI18R=+>k0v>7WtWz8UGu)s-qi!ERTExn{@dmV_&NtTt!kWT-R?jcIo9jM=8 zZOTGfL0{=Oh@8q|S6#^#$7LwQ^&V$oW`=98yk+_5nr`Q0!TU??;T$6o6?K}$eLU15 zy%Oc>UQKVN%fmEb z;H-XE5X-qWq#^+cLHYPzCw}1R;ppTzFHTbO61vS&ZkdsJLDXv_BfjCWOoA1)_O9uh zID1=MxNw6i-uouu8n8=_n&;UN*B$Y;^TLa;FQ8M} zviJB2;OC=9XqpdJk%fRGAbLj2-xyu4u#&$2GWs4T(-JShpTpNJk)wmlM$9yU^s7a3u3lrO%)BoK6mcH0(ce-vhj}mbkS~1e_=AWZqIT@Xqo14Sc zR96qk#?uf=@|F|qcX(ET6#6gG#_`>&i}o)aQ`r=mCg-N)?VB%NM}6d$LLVg-@QGX) z!rpQ@W{%;Ng_mFTxp`Az6=5xP(N{rcWz9bMr=6|mse7f#t0FN)wvdXS#G^h^1}Ubl zao}L&R38YRxt9omGCd8sjbXjmr9N4!i$YC>QpR>*SdRtxOsU@=|0^gS*=Tc!39l|c8 zg+nf@vgkYYppGIUICO`n14YylDXqNs-ZDyEtb5`2;G||sdH^m=04b@h?N9v8kSnBGlGfG zoz4M}KdS9OHdLvi!6p1|^e~g`l%`#2T;*Cf&N%6EP(G8a_D-o5;3Hy)8gG2O`WRwa zi{ws;-u|@h48=C-R=fQC+gjyN!$Ig6x@vfl@;ZH#Z0*cMT27MO)mO}v+!f~KOFIcw z_9X7Bw^rdDGDhkwq4pm>ApPTJe8>J8ydb3fK@F^3wUm8>3F@GAWm!cU=d4v&TpHxY z3sFGvz`KMqu+Fs?(2(X9)|2D{6b z`21~bZa-pV$*MH?tCYL8|;QWn1{{ilnW1 zU5F0lh$`A|VM7F!mxjIk*cxFqsf2j`h)lm-U1M5qN(8ijy957)xshq1(?b z4$4SArQemd)qhO=I)=CL zNvj@7MJ@2glR#C00Y9>?Hl@c4Pp_L!*Qtetg3aL+-r>#`PV`x7H7)=c^>u)#hzNhe z;3~^nC~z5gFZv4Z4?FY!ec|%KR?A6PBzi%S;y0n(K0=>nGkdo61!+r}(sAgcae-S1>cp9r`?jhG-Gjg}8HQwtwhkOC;zNG*Q|H zk0?Aj3EWd1U%hs_d1Q`I0n6hnA?^&5nHU?_S#2Y-(l_9@qeU;Tio;sIxi^?!A)}&%uw)9qe_QgWSjW&!zas~zE1qLO zFmh`}Iv@jm;fz~c?im)~(Q94Htw>m2TC1Bj-<%&^>6Q|K+r^OH#=!%<+_j>2)Pi>g zaxq&zruorAN@$=NHOjI^;*pHFF6nZ{8yG&S;erG}#JI{UJ zRDFb%tM2@zw9iSfrKYY%L-}rdm2NsF#r@5)b1z^E_rJs`NoHxxserB_Fp3>FNO#x8 z(gZxQov3m4wc-GD?m?=fAghR6&tFMz{(P#}xRy#!iAKdAP+88&+dnlt9#2o4m_o{1 zc07N=CBWlz2%AAmo7YfPpkiRh1p*ZSzK-92dq+oGoITkM0t#j2hiVTHblgv3eY66OYjw15z~y1RWSNU_}!sAe@~or_Lb$ zI*bjz*v)e#XxuV2%O5}7Q?+b#FpL_f+mYCFC__QC>-;oX(kb&QKve8Y@cI52TGtzl zP~h|?D%?LKI}{(Pr2ttPb7G*qi#n&*3i(y|Iv`pKD*#&Kf41c*y_`=Ll!NlmI>>rN z#AIEKwqPJ~y4&Cvo9sbs{Jou7kX2Rg_U(3vm1S1F!4KpBrb(!?okJk4c`ZG z5~4RBb8=5h#Osut`7-JZT;>G9(K-&s&{%gHc314cCa4*Ge~L@W$=f->mx4&mI+-Ui zb4_e_YAiVAXG90@79E_NsHO{jqr%3`kLugv`BddTQP6pGIitaD%VTk*IRMIfj!)-G za?r{8E~WH%g_8e7uvA7Q@ppIpzc~|C6b3q}hfW^FN>!lv6;^U&SXWwGIrQqRe9yZ3 zV?z?4Qq?U+Po*TF-@X<7wi) z)&MR4oKuFip(}FXAVm1 ztefbEiYD-~$yKibxPU#21`kKyAEhLnUyt`c-__81Tm*G2*(RtXsM`;xOeo}=sp(jO zEq^!g;379BR*^+j5}zT!^y4+d0yVeuBiy@Wh$J4 zsLv579jp^tt@aKbi zhietlPF%VrQ~5{s^i3sN(?^UoTW~chwS)v|S-(Y|ReT17?kzN~>sw0w7#S>f7D{qX z*r}|D$E9AmyP7JIGlAH-OiX^Pok&X?_UpyA3W)r?IvacdUHgmZE$adCFM2p=cxjdq zzCVi*KdSBZL_k2e9I&<@TbI0mKo>m?@Zas7Sc)xh0ERGbu3n)qh-^JLens^^7c|AX zS*xL!H%=+Ty}!>o*!`W7N#t}<<&_DLi#;CH!cPJxrGK?f%eZVS!R{ZPO6p4v-fVkR z$`d<6;Ra9MRp}q&`g@gx=`dt)7$-*;L`LS(l7EO#+`Mb~m3v}-Je0fIJSK5sbI{_g zxo4!=^$C(!iPWYX8|PdwK8fNd{a+5-$O3&A)qand$0cZgpTMHRK~Y}*@&tx&PPW1u zOvsRUs?n0d?fp&xJ9oI{0cAXZytmJ$wojejJI~1AdzM_D6lSO`4~T-A-ZS)z2n9m9 zZV_QMQ@a!2^_#da9zGjuQALgMz>qt`6o1~!fr9pja8;l)IlLuswQuG1FfX5rtrOjk4&nycj3owrV0 zBH(S7&rFVsH~C^A@-b6$CmHxYDe#@7V;Qe6GNj`Xs-5){ajXyA&@fpV@tIayT#nGI z?w)t|5NF6R8-Bi|1=P&JwB2ao`c1x-y{ws*t!^sJSXnYIKylN4TrugKSnAk{GbgHk z(rW6xN?{0sXoj--_(5c~g~FD9`QL4ER3h|Fqqw{Kqpqol1|e&GAGk@R?;2zFd!YeQ z5|F9!7ybLB8v2w%HDI6>&t&hxjNGz2UqKN6Wz zscki^`8l~bBRok7x_i4-b*$cZ_e#$WsIQ&3-#tlZS4|2U;^(o+?zR!#8X zTnELBq0mJdqQw8?j$MWpE zfyLc|DRfD?LW}`+O>;+dXY;S=GfG`#jLrP4n?>qVq6az0*89(5e`^cHtg>YB3mGhw z>KNx{3Fs>!l`J154Vr@+B_Xt8GQ~*JLG4d6mKZJ7tx688l`GCG%$Rvj=!II0ibn5n8P|BQ8b53r1yhhr@-F@5HBSc%)3IH8GyAFItzj zMEm*7DkX3M!rkJ0Us?vvL_*6+uKG{R?y&Nm3{|5lE~hV+P!Oh`UM5TS;+H7Vw{VD_ zPn|FXuie;NTBhY+7R?HJS1ofsKILUwZVPP$eeFbZSB3ncgw!HWfwrwDEGQLNIlQ^bP1tuWcYeSzpRDb9_+@3rNag%SeWq3u_T}VY~6d{K`!k+hZr<7Z~yH@xI z6s@sbPfa^1z>7OiFp>BVJc?Ja-?&~kEw_9{lz^0alhXD}K&dOAE9$pRZaxZ#YR)7XEU3sg(&kO-LNmfLhvY6n5`}6#GgB4m87?VL zi&NMSKUZ=5mZu0p9dCao!MhfQ`~GRjWiUv}SS3^A`+#phV0_%(ULIWB)etCH?!C1< z3l;AV#kfhk-IZzuE^=NZ%s%5NfBeeWW#2CRuyny;Iq`XG>dD$qu|mN+e&acO$>|e1 z*5`(|U~E#EmZNbUud^yHD=v3smEerlyCgniM=&A!hOxy!-*LytyC@m;2X`4E!P`BxoHf?OqhZS%}iIkf_Or#F3a@r}xGD>z|a z)tPDn1LaxyzvS~*u!P7r0&k%w@IWe6*aCIZD_J6>9>r8moBv5j4g)hTOCp8KP;Yn$ z1z%kZBn?|;EHy!g4x^3_d@&bZ_K6FIgMEKBGOq$y;0yhB05ulfu2x`Prr+?}S1l~} z!K$L|1h26RAmTmw)>9#`yXW`LW+GxOjYZun(raO&%yiQjiK^oEG)LvmQ)gAl5M}3y z&i{Z47^}niuKs->&6AM=@78#!Bqk1^Um`$ZR+Tcfw*&F8O3Y6F&5b|Tpy@JroDJXzuS3Dxv*z}Owk()BYg`1-aTQu~4DsABP zS6p_R+NqRk;YA&LHD*Gmp@R1+-AggvPUaOgTs8umdkjlvdlY^z0cA(L?C5>FozpIZ zKiqVR9jQjJq9M;>darWTo*71&TviRQ7>_B>AE!Uc`G;zbiWerbW!kD8$SV6^ z8vVpe*dG+AhBzt!_2DuT;dW@#CYU;`}*Zee}_WWt7YEQt~tz;6j2pv~y z$SAEd5^2cZ;YwT0!(tqbE>>TCWcFm2h55~jsb9DpedpfUF$-nfgvjv1yEvt z{6U|81h!&iUc@$@<#jy|$S<0Z`2w?dAO-nsNovLuztLTsi7Kpt+0Z8cqo2_9hR`B; ztGyTb)Zq(tiZwEg`lyx@mhTn*Y>fu`e@XD?umb5oS6^Xj4rS){&_@A)j0{Qf^wqkv zUb_E9KmZ^1B_ix+=!pi^D(;xDsS3S*C?w0q0zo%uM-?4}jC}p4!Yb%rJgbM!zU&GE z7ud7^B{HAN8nvN@aVGs#9q0l_sjmk}IR$&fy+M3G87wljbnHfWs?obwgr6ZVw;0@}ruPtx%q&`D}OAymSNv+2`nBnEa1D zcP2Yy1OV=SFHIA?($}`RpiY0KM8}(VdeRi{&t2ZbDW5xeqw zH;oJqj>%;ywH`BgaZ+_nXsxaDLFK|bBY^xh{JLqVPO+k%cjDKKjwse5v2xKgUgTwm z@JE&ZQk1=Vo$_UY7flhuhE)+?ldRQz*`a9R4yPQ@9Cbw8zOOzbA=vOcuYJXt&W0f`+x&EvShn;&(A+_anV#6(Gdv)pFUpkRy$R_;51Ce5mFypclj8DyZGQq6vj% zuaKhtkS+%XiKGOWTu+nAm?AtdF;FLS6%DQ-^t+c1fCTLiiM~J0fX(EgA>7bER1-Fz z)ODm+*4~zL(tO>^6LG(cZ`5AU9@GNv21jeKaoH{bF7sBPbU2e3fqNW2zeC&-!>}f6amd_g~-qo#uA2U=)WJJ@|$fy&M2XScioiurLowo{9se@~wP9I-y)) zTiv|rh2^RVT0M(~G!VzjaFJodrnT*|RJ>&R{5m(k%V4$p#X9!AW^IHnIf!-j-iqSh zO*Pa>rXMP|;YZIBQiP84`;aT)*q!s!@$|Z&6n8}CHh@V_w7R0ebDJ&=X@M;7@o?xu zOSN98D1o>`^7OTmKJ`v_sCMIO%b3iI{*D{!bmm1ZDxvVRBBJkI45v$XS<%yb;GK_~ z01~B-B2Q5zy90%INT(Qx;P|ZYd^AQt{_Ko2{6NsEuVqB8$V#X9 zj|hCA72$L#S_N`DX^vcAe7g`SpoS}5O)81)oRE@OeluV;b(bJ!dYlnu79jTx&gocK z$O0*U?h748QK6k!Ye1>4CBCxB*=!1wT(W#8A*gLD7=dc~y0W1qPKQx2>0(;L=Nz80 zY3)*n4`{3z?adyWkRVysc2`Sg#K25XwK!t0Y7^6-u*S=4R=K_9Dd z3?*juog4m3-}VaL0-;dSs!@w!r(}yAH+ovJkjwkVliB|+FyM8M$R=uB-g%8#lA2%G zM^Y~Yi!$QTa%;__$x`Dz>*^nApzG=P=YKaIBptB7p&K=`3rjWOwSvB%N;G8X3~GN^!SmMVvn@>h^g*RJTJ~iFO zs@Qmgxs#a#D|ep-1uF`I|9F}tZ#p9~defb73Q{G?^Hza=jv&MN)}PhS8n^u5F&$9z zx|^O&C~~*cmTTZdq3vzKvaAS2k=N{#i3TlQo__p7(c`U{ho`3A+O#ZICjgXFN6P%V zSXQE#3uo7#-NkbhpSjd@?CrYBd!wOp68kY7G%Z{P?aRt?PM%sapP7yku$!$|=Jz)9bh;RI;cL(L70r1RP5c zp3gbE9dSXhgl-`d&MjKJh)~7sSSb*y@O;(h%;kGp@hkMN$NY}=_0gY5CrI{+QZ3S` zXP2ok(s~ow{>wORGk*@)sIr$rN~;uhBe~g{lvW5SdFV1StR}J{*s4+V@)RGH%Xug| zxmO=wiydGZWiWa?|7f)lS@jOGrFMCktJ&x*=ZepYujlpwaz1(0fnCSX?N+orbs$Kob zl1{w{x9iiIh5qpVaSboP z5(YQo?B?jQt^%{)j1*UhZh5nVu>d2gZhg*WRTE@#&#kfk?)qdh=xn321bgRiHSxbn zyAMt<#EOvSsSjdWu<0F9l?An#Q+l06EHKo?l3*|28_LC}E$M7TzhVnJORS5m@w(XL z)c~Yy7`Ftu(qDtVEMFSKOJT)CF4EQKe#c&G7tgTtY1Z6c-$=rF{)Gs=Nqohe@)LQX zff1V&BFLth4x<3Cp{K;o}e9`kUh+;%rM!|@fH6&OwJSbeRw9U5QUZ#=34{w@9dPsTr$`XU+c6dJ5r6iJrvtLls> zc#)N~+mK`chH^AQ)THgx^ILly4G7tuwr-@drd;h78sjqkjw!vi?~=ms$S#pzrwuc(y8CAL&NsvuGoChjVHG<{Oh->ZR=#5oB@SvBXzGE_LAbP~Ovh<=%E#qCpI$>3ym{GR5DIH} zTOCF0mzQ$vR~umGUmY#zfVwUC>o z_s^#Q40X=NqzJjth@1y|02u0Rfha>*wo2w7ZPY$ zfSUAtw3x!-8gKuJ4pCv6lzRE)=?Oab>c&ePB}zDYA#^3!_Xuf;8sK^cWJsV0U%sNG zr1Z>(lJfq3UjO<_Gnz80{ z8wTlvfKB0`vI_SXvr~2azvG33MFif$|JK4E*D?cm^pw*@K=N}e>Y22iZ&$pV%ZgUN z%%$CEKx5sPh*$R{o{%rgqb!BV@N+)Y#)yWUmkmZcO-twTr}L!=p`0pvU}~ zQ^j-*k0&U}0P!%KR~d#s`xuHt>QmcPZ^`f{%<#Me%=X!pYTUVYN` z7rH$)-C?y|R>Ez@x8@ImNI2_eZp+gVxeR7cMoGa2k3&ZuIwk1!PGI!lzG+Pl@8Xnj z2?GB{&cM%~Xm2)tEVA#tTT3p+9x6Im8~x6=X?~y8+9bl$UbH$)gO$~!4E1=4`QB0j zWx8xHfn1)h4F7xiXb5}gcH^TJSxM-^tcZNSADPtrt%r(ESXXjhJ0)K5r@dy)`2JpMLCaoK%m+S?kb{Yg5;18N>C;qwTaDXh|2`;*w$> z=5x{86HS@z1 zLoT<@VkTHOZi2k6H@%(De+HJmh$B5cHgf2&%{zDaJvzKO+h!~ejTc7D%vBpjerJ5? zSl^|{Eubtu`fP!VH0sch-qR{mPEMxlP<4dCUZ(vVgXyu)!476DfN2PNdc?$a_@ zv*BbwmQQ1VR1{5iWMpfW|M>!>vqp}Xl;pauV8#-jb3O8cx@S{ zG#cbAHSC9g>rX^$o}KulG+VYTL8~ou6b<_Ky7>D18kyo1b3q<+OQg1pVm^x#SUVhd z^`#Agbiua?Z_613j*wo1YVCjU)z-wTOqaINOe2ksg6(~Gng$#VrKuECC9GFozB4uK z!a(+RUe2WNXIj`T@t@g%)yo7w%)Z@=Kr!JA@7HX!x*+KrjV1Du2l+Z_F66(Hf{_uF zk}coUWhGJQ03b@9wWYbTT7|e-(JqT*5ZSGz{^GHrA>Ey`m?AP0VpkUUej1+VH1Y=v-eEIyoI8pbZK{{Qf=C|ne{%!uOrY^Wp|-=jcZl_d70gV<6E1uVVi>RBC8m-wAv%G6|eWR z2ClSQHv#Q4oe0xozAFQUeo9X$+!@{FS4ax6Mw+D&l7%n#C&lNV>YhTsuKnSJD|0Lp zEWZnYMGbxRy5xpY_i2}N)PP7-Kz{Fe7&SmK_x(S+)z_%IwlE8IXVvxxmi{!B8S36m z{)Hc5qvIDK5RVc#c;EGQD2}l^N5X4#Ghrge(?{?%;uT^Zfl_Pn?_>^3Hs7nBGTPoJ zyoM)&)qIoQ=n2D*-fH_jaqi4{*8Z-M(HdStgrP1UQPL~W>|@#%$<&Aah0%i^Xd-~V zB|=^6+xCdP>ev;Pfu-a!aL2}LKkvI&)m4o(b(e0}(D|`G2MY_j=XNOmDc!Bzv?#cz zjZ$3sY}IPdl8C`i*L7_X>fAr z(fgHj;M3ON&bOwrqEgUN(+z?dc0WQ5q(S?q1J-7dr#{BlCtv%Z!Q9c&SvuT@<~J5B z6R^gcTP=-r+b1BcVRvzeaViiWlb_j-f13EfP$fSwJ>=q+u&Z z_-Xip$7$;mw2$1jH?HDq{H>Q2StOeqp>@7`M=_4erGguKP?w>+HSDLCX`W5#*# zK|W|Qe5K)slSZ4EI+Ca&v3Dd}{TsjjoMC(|??*5=XIgNNSWk{3%s~5*F2qoHRi;UC z&SIbD%~rty4I^!0EV@ZQO;B;qEpEkSs<&IxOC)Ett8$)2Tg5c()rL(=+|0-7iDR-f zJyV&7q824(Z`BH?<9rDF?m^vh>7Pl|-&g&=2=sx$?e(mAp>^ls04OyS>w+^QJ}Hgp zY^?&(8p@ET<8%FHWp&Vfeu^};VuwM0-8EMJ^F!nQLFKBIZ_ZGwc1gryx}m*Zc=PNZ}&>Kj6~#=j1Rr5ygxe7^OU`B-xc&d%J3|rXiL-awKk}J&ob6oU^-VlNKp?IxEE2!-iVPyvb$LDbIgRXsFrMQ~4AhunQ zT++B{l3@-ZN>HdGIPcF`t0$T++idM~x$gm0qv>_$ludIS1KruS$gZ{hx&csDG<0nnVHaHurCfS4&ZdPe`J0iz1^!a?+GaKsVqWrfc9s+Qs+M_>$`Aw|iY((s z^r#t)tM)~>T(PjV#&AyUn4U4q>k9G!u%*!O_UD%{{oW8csrW)KA&LtB^-Ir#bZW#5 zK8z(&ppW{=-SF>Xiho0Yj9x*3i}u{{Y#=vyiX=&!SVUY>GxvM@(Q0$xOo^`CNr`9D z2gk4}Q7@+jo!zO_G|P^iRf<5`TkeySCfdMl?4I!w9O{3~$mF7=N%38HWndncx!ipO zhH%cOc|C9MV8^m4u&PJ*_J_?=7!y zR5bUL;!Xr`D#<$bUK2vvYHEce{3{-f38NU;XE%NWO?KLw0oRh2J7xbz=Sq zP-Dg-!*%Vi+|prz*u;rOI7=3&Iz#22W?Vv#pDDv7%JYROnYeo97?_x_$x4bU80gP( z89Amb2~}&O2n5l|zab?~n_;Ci)MS^-z|Ly4)0(MdYVp}qfm8ydqjB!uXAqf&;lTG zpHMJx@Y9qVduDIeszXRfd!XB01#uQr$B?*f&0+j+&0tECQ3Ifx6R)m&ok#;QpJ>6e zPuhqPXhAkJhFx#8gDXNygm(U5;%-+hAqqyH=dXY++IpG*A;t@Mb(fa6+$-_ zoL@7uD$)v&q5Gpu{5CcD{u8?XyHdYeFGe#%HU;aVqN1J$dLe09Sx9Txmj1i!f&vQb*V$}MmTI3V?yvStZP=f3 zWy=?BXc*|EZmLUnSL>3vTAFqBKKMM&CuNTk;^Z#fu<-H7Nk+SGB^hdu{Az~M4mO*Q zwi~vovaYOtV5u>)S!ght>)Nk8>-AvK6T7rM7xCU&U2t`Ud7T(6ciYGdN@f?mIp{L4 zH>e&oR-F`1g&XT?{IL7vbHzuf2@^WJyt%o(5y5#-;k7I!kIRjZBadrt5Vh^s%aGv^ z0P`AExiiu<{KM6XHHI-zvIradua%QW$|4zLVi{s$!|^(k^OHw4oulGD9NXqbG)dgp^%tWI${L#B~5<$IC3hV z;ZiH4Dw%ySjFV;Zk&!i;5JG5b{AL!BlNkxl3w6S=sBlaB3nls!zCl z>h^Za{cIFP*q8y%dh79m`gh6Oh|{PvyRmP#zlktTBdBAHuU2NVzAA2~+@?32N zie&8YUmX~}yc6`gwwdoN=l<(^{p;AFn~bRyK_)w;ExXKS$9Q}eUsxMsfulBTUNoVwElfF`_ObfZ8&fXXt;!-hU7T0kE~7ZkM?ylw!t5?lrrDhCO6QJuYZB)a{PI|CeCnr;{(g<8RK1!QO=(kxCyhn_1 zoTpSJ6*kdMeIR1L8RmPdBbP0zY=v=L!$wn6BSc9Y@{eD&h05zQ?-gK|cvm7BJ7@sT z=wM{Xjgh^0zzb0b)0&qUhvv6JJ1x^d%lQJq!dvj$i&Zu*S_Q)xlmCyeuMDel?YgBw zP#Wo$Mvz4}N-5o)!lJu76_7^h?(RmqJER+=rMqFB$M1dj`8NBw&p)n<3)Xs`d){M? zIc6~&imY&t1|JzdbkiE-lm-7{QND4wG7yw#OFx_r@luru?F!X3?%3R3FN8eGQy^TK z%=S{X0s}aP69h?g*SRMi(|9pi%9Cm$7^p?wUH&}cBEeecnz4VTMk>vRYfYlcQGwPv z49oV{ECB0miiQ-_iMY1jZ3Wfso`NaJ_D!#>g>$d$p-AiFgXcbm)-Wh*@1fNj3Jvlr zV!mzJ#fHM@!H(uK_1NLul^m*d6Wgtl{%|=cAVT?G{~v!9U;faQgDKvnkq_ z>e3NJg1(QQZo;G2_{2Ei#-jz3NY%Z zX?aYiE7jxs+areesdTAEILo>j{QZO1J^i8lesQ zS)(?<=9_r5m2@4&2^YEDx#>YvSQe%;q0Uc@Ivd+Nn7)-VdEVr9%PoZL6zQr)0_?oI z4|~47Aao8^20}zs(r#a2@r$Wh=i~C1L2jKjah=pwhU{0oMh<<*@G!5^mjz=W7PHa& zLvGVX-T~>0wHL;?R>DtL{iPqk8%7p1SoqmlBwM`4^K1kSfW*&s8^ z<{~-aPO%BF;I#$P# zrfZ7(W8S*efkCGBNfc_m<2J9@C2-FSWv`6d{3LuF9j!7oSZ;7`8qrK^%QoNFVeOgM znOW=Zu5)M7Lwr=HO>^HQJ?qZ_sFk;{x2CmqOMJKm+F!%g`;Nv@qY_kO0UQn;QOgiw zK%R}^!mA-VTltIQs}*0 ztx#Pur%VSU;dwDu-b{7ta(n^fQCV})i@~?8Fx$31NbSXBq{v+~ajcVZy>iz*zrB2{ z2n=0P+M={yU*Ug|dD(d9jfNjTzdTTh7E4JDl4>+*G5ksBvU7yHz8=gVr@nNK(syvM zsAvYvIC%gMmS#bnlhrEo!2dzC~v0b+#ygm(JlJ9NbEm;O{K1 zP*5V!B<-_J=uM~AmOG+Js8ikp?&B$IL_~ye2Az-VVtiD*(@zmcXG?BwIt)%Ndw89c zR*}Iz2Er>+9>0pLfOV}F10A#;G34q_AE3_7u4+Y`ACYrj_K2V= zno;4@*5-TtBf|S5V_jbGP-SGow}{CNILle@>nXJ3Yr?&g)7w-Exf=eI565B3C_2mc zqy~DRq%%RtLwv;$@)MHxdu=+voOX6#>_*`7_O^kKH=Z&COwZ%WGC2$R>dT}OwDOWnSxBJMBtDEgZ~%z1OY_dl^6COqmft^#-jVT8Td7D z!EIL77@zJhQXl4#`F(D*S`DVNY`(zw;>cB@&T#0*@-K(I*f;K6etJ?+&+-L5_H{B9 zh$U2%;t2W)(km)7k*_f$+jYyDE)hywwlpTF9l1_!JZZUaatgwfk=dlv`P^wvFPlu~ zewBHU9uOn&gdgWPX@2JRv-f})hOzo)udVBg_|^HmTzVr|Jg$Sb z9DACd?ArS;CJ6Cj2L%Vc5%Z+y@63;j;q>705Nch<6LiY1kgls%%3^|jBPk&f25tta zNv%H)6P9&zZfS@86h?eY&G;tnTOMoq&JtRM-mg2_*9@#>W^xhO(2;Hhg@w~aJ$JDO zx(36y(rT@)gqMec`8CFdV8T7H-Ud8YFaDq#c=&es4dTY`!Kvr4Y7!&9?C{=Df(QdW z0kyP=g(q1rn8ZNjQ?FF5s*1XQm^Ksc@{J9A_L6v73FrtJID|8?{twUIq~*D$=m7dm z&u@n&`YKqesIq#}d1$9TjGkP_h}j}5$(P6`^9QAH8pd+A{uEmmuIc(aXKeq;L!R#hm(oq7h9~l>35;W z<RA7Ih`jYy1;kyYsfVS&W=QNwY@*EI-1JzXN}mG~3q(lu9dww|0k^y4PH zDGA`oDG3cT+zN=22Sk(8RI!eiXnJ*W0zbjUydQ)epZi($E(k z21pK#&-<3^!Gt<4o6UipZf zvTX5O$w)S<|WHq!F@I|G&1q+|WzdgaFeKhY)(0Gpl*<;E+~g4-K}xEc7RJiQH#94SP}uVD*gMa5 z3Pg`RC}pqPfMq117ohb`Mhq_AtHL>oJL8}qEzS^fM(sDKgJm3RQ#X=iRX=xgBqcDZWx2{kTMXRNEFV(ibbXj-O2zf%F$8qG)mP_l&yXfh zralQte|TKKDMFsynPq+o>_BEC9uvl_Inc#*V?_VE4+Upo0a(rqN&wkuPRbXFMRd}A zFjl`OG-0;EGHY7WvEP*FakUYT&6&jlb#&r(m=Df*4-N(t&+XpX8O!=`c-0aipCzU_ zKY!OTdUy-3QhHBB+SK~IH-cDnEtA34Q1W3#dUfPA963i+^E<70v}aLA9JBiwNELx! zT1RaTtd$;92Hg4*oITaOt!H&wb%R=3_eZIjM!!4?i$G$(Z>pV&`EBR6H6&L#J^$f* zAHMkLPns&Jx)}GwR{u*G+0Y{s$Xe&?@lCZAyC*OFyV)aR8*+cF3T=;}XBm!1`{pqz z)=JGeGP4{sbEE(8s3%z(x7n9+>Z9zHUHi()a7D})s`v|k-u$kVzus^cK2{)8Bw#v( zIq{RNf!N1`+u_+NNP4ZYt1G+pr_X=pyAz#fYx;@t=awk)}6wx_||3gxw88=v^rfDa|DF*BDDHsmWy{D^q}nB z&8`B6sQwFWEzrTcKKocI3JNXV5_ol^?Tz5k?*b@00136z>PZ)&QqXdbTjAx`Qv!x~ z{*X2laWn|L)TB@6; zZgEn|fXxx>MDITKJ(ZTn2%#!OB2@e#^mXPBdzrO;k&k)m7 zN4birmpi$7%g2?t^{lI_Yjr&$Zru+hcWozQNrPr{Zozi{TjQAZ<%9;h)|uOuPKqd* z`&p};{8xiytK`0b<5gjAP%N(k_!sXH`H;LfmVss)tU`_!@vhlk-eIAzr&y3)Ukky@ z1;Wc?ms#N~J$tc`E0Yrv$1QE9knbjSU!2ypi$V^%-Oa89f(Ss^vix_+R1D(cx24Bg ze{iQJyuPEVW$kY<&g&H6Al=

BbRIamB=Os5S$%Zg=o3v_E@qY_ z@!WVA5Y~WP^aP7nnv_xOq7!7mv5NS!W~e;T?F~o4bc=vo@Ww<)u+L}m4U2#5^XMUF z#!o|qrc9#UR9m81B&4|Jli1#|O80Ha*!CreHyT+^2o0+*7>uY!Taqv4@X2_f`bSo;iEj)?lC*o=9I@e&)0Vc* zMp<#b&}R?j>DHN`V%(awj}=XNTAG@B7uuy0taNaMn#w1(LM@5v0bz+gFOq75ieC=( zEK0pQ6nh#-{bmqClrX1mAv%SHMHgmr&Cb%&KVay3$SZg&~V0=bD+0E)JBY(dR3X9n$>4VJn$})3ySj6-0T}MJW z>dJy!dj7^d{qgHF#v8e_#R3J8*@gdlWa@WBsI@b1Cw-3`V2Dw##e zsP=|iSCLPFlpGuy3nHm|vr(PpwtJ|S>P7+VaaAQ~ll4Oekryl) z&=ynK`3Ww zPcazo>URIYRT{wu^~kVFa3E#Xn+=@URo=R#;EfGKzK8v@*X}-07b=^D!mcqc%F~&} zl`T3d${}mxW*b{L6wIwqHxzp!Z{Ly!2P4b9vQml0#!auzM%v8zJYU4MjV@7j6|6TG zFyV7U;ACPU%SG8JWaQ%5IG|Vd8f&875pBTq%p(PM;R!tb#~@5}VPpbn&}9XPh>AA} zXLMh1Uw9NFyZ1Tb#Z?}mWzr;5KOXb# znFY?&Q&xtNkT-R3?B0soYS&S|HM@#SxC1Jr{Xk9iil$@I3 zCUUa%EM^8gJDS-`4NpRVN;e3UnB!8i77sBT=@+8- zOah#%goRi1mS)Vm4a%ePBX_P$5`rqYfTIN~Z6&b$x+O@0n9yN;(`Q~KedqYDPoS~~ z6y$xsw=zGe9@~Rjk4{V+)-AbWs%rdl>$$H7l}M3kb7!|}AKk3mji&$(FnPY}h|KAT z-^cUra(%2FmdouLN`{CxsKaBg+Ip&+rbcK|pp*G+#LueZ6-XoMgB#V2C!^K-|Mxya z!6(v_k)Mr<>7xQIg z$Ykd@{irNLCFSWemn#qmh@v>l)t17o6F1Z^!Sqc(#RJVM8C~#cMpYqG(NHH_Rw3+x zIc9+vpVK7n#c5NXHrJ0m9`ETvOBg`K^D&Ivk+v`E0_Mp^r6fh<_aU7hEoh?DUeMS~ zrX7h%IbeT82Mbt)%rtxUYTT0z@5mv%+7lhcE@nP!UPsD*<{M8}v+hyLhxOz{+5&xU z*-~$-Qx}Ib*g%SfXi^-AVQsGKBb|Ptl5dXY8M@Ecm`(~iqR?6+$T^t;S?SqLdis5< zON1+gE8gMyGc>nkX$=wcX@|Wc4YYRW~gE@j_hhv3;i4ix?I-$VQM{DY_)Q3a*L4e=ZCq1DLHtgA0nm{T>Tis&EGt-tE*65SVv zoG=?C#EdXRCV%xCG#YKUK7t4`YMgSQlJfgDQ~39+kUr4lN+lrIEriACxMiHdoDBT| zJ&@{sxKVPrZCM>_dsHiG{E_mx3X_zO-}pMHlX44Q=;UI9mCVLRLA5csz(?@3RDw z^wp<1lJD2*c08ZKqFq?`FqejPm#}7bV|^F0svt~4RnqT`GD{wDTz5z%{B^^=6J)!i zEZS>px30+JfB6{VekclohGn$WO7~$JEA#eVbiCr9XQ1RK*8lnQmcB*tNnrh-FX;Oc z7YQpt=t4nRxj^+s1{&Fc%y)oZR<3a9ad7+*p1??=M35!{yKl3URi<2QGUc+0=DEIH z;oF|4TG3c4+@f)A*jTTHs`u+JIA)hhH^N^&!yJgNrg=Z`hZAv!qs2`dvkxsaLPcqd zk%Kp!=LhN7@V46yWkUDYC;i0Hj3?RDR-ywAKU~DI8NS?K8bDC>I(x*-fFCUJCy2AxCzt7vVw2F_WUSC*y<)v|~(2eB_Y1CPTm2OKsxnci( zZktk=t%4>7dOlzC?Rn;_Jm6Hs+c2XCqzc;4+TrwGy}*Q`yE67920Uep;Vkej{-!>| z)%XmBn=t8M=5V+ulm#Rx3>y~L!TO3?3xxG6%6{DL!I?LaE&Wc4(cg)Y;^f7P*X$VN ztgD(fr&K%8HkM;PSbmj_Qq)>%0ifud-;gjdIo@JtL9-8%<(sKep5i6N&(1S(>x0^< zZ8CfB{hbTwAMAok|I$y>Sj2oi4tlFW)GB$P zr2Tud^0kRQJP2jcn7^)fnNBPR33Tvn*XOxVjJjGgd|nbSvSWbW?T*bs&4Ug5mDjr+lMB?-*)^bU;=21CbEdgq#zknubj?E`ef}rql*PH zoJ4x%_&0cNzD4^3LAhRoR!f@nWpl^71gN051(sI{Cw)(@WE(fqWMP6rH}8WwUL??!|6@C=dX;TaS(NMc2Qi+@(z{QeW*0i?f^1=yzBWZnF+Dmd zV(rhHFSfl|bX8{L*e~kf)r~Qj8j+}9ygjR*R*dm2LTk}6VS7Aqe-_VO`{;Ki7>k{e zor%h?xQ{o@fZgfFgF$NfApTJbBG=^N40=3Q!B}3AvpUBrj)`1nCOezdH*f)@M3;TR z2*N+7w*U(z!-LDrqzKcGjzNStavGHXPJ?-&C?$e&0$3FbSF8?fg*R0gJQgcWZOi~_ zFVunXcdM35=SQlak}3f0O4FfIS!TA%9?>n?M8Q}xjWuf$2s}8zQ-=|jhUKt%@`I)! z#7oqW+Tq@3WQ-ROnW=}(w1bTd{rRHu>X)Pz^u54XR<2a-EGsj0nJ-sx z%_JlF?L7~vG&P$6!lHV+?B6I^t~zL=L>s(R1M3q{S2@?^UxP|ZX9=3r3C$QlHhNPA zv1boA%!fUzCjd{oTIQoE<-KJ$ zH7aCOHHS{Hd+w}ih1&(QYpL?UVPVgjqcQOb?&OQT$rGc1f**o0^C`H^dT+%5J2KR* z+9P_#QLIR&2Hz7-67cz`1QZb0u=xy|_@PS;by`Bn1LQEtJf&Itt(7D zM>pB1xytUOn zC6V;^#0pRK(7R@AW>|M;iQ63u)S2@hBMl5ngt1)hPocCnLaqP-`5#~RFHk^w35}oq z5?@^~E9$w_>(>UglX^E6T&T#^pP;I;Yd?Lw`_-BI3aYT=LZC6lP3*aZvS_{36MU;i zfxh63I8A!bi)bWaiAzd_I0xrz&XgA1D)1Ov(fbpv#lLWEy~pm2id7=P=LCa2=68c9 zC6C`Rz1^zN%e-}hBkGh^!(wt=MBqY}uj4EhPwR+En(LdU?dUT`(D@w9`MkWOi~B0| z)WM7*!Kq>C29^M9gI37bi9t?zv!RxRgk;)k)E~AE`4cU7$(|gk zN8tv3_;z1{kbSY0r3ZlB7(ZKq{_;CTBnsUjgqerv7aZ-37BH*q5I_$rpA`+_aY&{~)As{X_3LlPg4IMb>Sj_h_5^UcS z+4Pg;jdMIvXm3PCDnoD2c{LB< zAA6102;C2f?Y2(2RV_FH?MuwB;|ONj(O^sAp4{G%oJOC6Mym++{OaP$$D=pw?cu+& zI$5goj%W(Nt2^GybhV)+=9zT2la)PH=)2-_yHHX1j{8uflkaY*rdQQvtt}NpDsl84 zDqA&BACp#=BU&DA)#v9wwr|=2%b5;b_E#WX;)8-+sY{Kvt8HG4kYiXz?eE#I1G)?p z{=nIwk>R3*WUNwI5)XKt@g09#{3Wx^`SpkOSE$4SMw9Bl;$e0lR4*Qj%c`8NHQJq? z7`hKkJENR=$`ql5f|BJ9YEDJZaQdX)qZD^-?z7ng4x-sQtPi#r^Wpe}B%)GvUxE$= z8cd1dUCiTX@C%%>6)>XbX{LNi`F^zkh=%Of0*e5|9 zuz6asV9yM(uIPZ&hJl|JudI|Gt86Yd-Y@cUqDJYbh88Y_yW|p$-&qV^1+7Db^!0sN zK9LIttfk(0nKITX=VWHW=$7hyHcs_I4n!laeBNnPMNZN5cxR&C4*!qm`H!{u%22&= zI2KCgNhwXS7jbdP<8e-9gy;G0v&3ep4$fhx6BQS{3it3zZKS#|E?AMrsmo;SE?G>g zDQ0^O;K8SM`X^Uo%nQyeMyg=<9OG1q$Z1cO7Jx;;G-mPLG$98iF4W|{&UBp*^Qef+ zse$qy-lYxMROpD!V``p<<#vE=KA~e%yLwM`xnC_hj%i1H7p7hnSCOh+`bt$9y zn6W1NdDyIfU0kynk$^}#(3zcwPGI(8jGe>evqZ`@CnqyAnq(Yf&pqc#o2qU}6_Ii{ z3p+c`%t(s4={C%hXZvqvH(h8O>%B~2s}9|06QG8sp!pa}`JytSlWZmU7FQM)!lu#5 zN+aiA>6$+z#{i`G{_$^w82Ir(LC6zR)>AwfNm0&0deb)n^f zSSp3*fXI!%PJ79UGn|CmFHYAB0~kr&5!D$;=zxcT|K$XW`eRp6)QjngKbDrrrQ1Kt zc0BN7FdFUZSNs*vr|+@NtrHL1oGw*TRn@=;kZTi zAo$5_q2B?n@OBD}F394kNAlAUN+EfdBJd7%S-%dUlZBQ&Ur+({kO=;;#ek%=>6ft> zbD-dLs=W1}gh>3wk(^GXK&rO?(E~4T0(|ayZtmMd-d`O_41>paswi*H>ePWkm3P>2 z?x4U#4)((3$}$25!U8RFP+YYa#h=NG=f$dpEl%@L@5o){_f+xC$#$bGd6cCucn?UOEu}vr*H>RnnsTL_DYwzz*3H;4`h|le-)Z6S-KC~L?rM%{3hTadpxkyBU zUU)1RGL~_Q<|HC6Yh+!QiPOwYX(FJcCCLg@p0%m~OWUDn=jZgDYWADIBwteX6SB5`wb8m$LC@&7mx98?$q?&OudQ&;BbQq3aI@DUD zk3Pvb5{tBzKnQs31$HAS=Jv-FL8)`OV$x-9xhdAzJMUpKD0a`T@&2OoikIZ3mM^=YK(d~r>zYhb&#rNbSVXr^I2o7|KKJF z71ArnAL{Fm0DPc)6m$Xi+?>m0Lf-MlI^==@fCL5}9)fSwx?=>w8!UgIl)q0oODM=L zs+>O+wik#JOki+gVgf{5MCt*KWq_RDZzKK1j*wsfv1o-BP4y{3X{VPff{UMTdWGdc z8^&%W+ooBbirXvd8;icP#QGv+DE-zEws058)S{{gidHCGZ`O_8%%-akY3jIw}`6 zP_}zL!>5V_I8iwd)_z_88a)EVYGzTuDpXa1P9_y)*Antlftgsnp`9GDB~w3b(#B6b1*H$cQ z;MhkN@a5h&?x*e_yIn8!7M%(?n z&@Su20ER|8fF5O{4$XaVdx{pDX??Uz z%gi7KZr3MrgK#`=x_v#HT*6us9%?+qR4jV+O7^9KwRhPTYZ=Dd;s_=t%)5q@Gjl%Q z{FP*q&ops3>ud5qufHJ49VG3xRqPY&bIXT)p5v}4%9P1IPO+f)iq$O6U)iZM=EQ*q)+v}R5$!$QBVn}-VVRU z0X@&m$cWlZt3{ilgYu0-{QIkccTauiUxA8m58OLL!*8KRMcjbD&mSeTYHpPJISg|tnW zQ%@m|?al~zanT?=Ozbk7p6~7YcocvyuaRDL&&zEV`ak~|fjy_*7^FA(XewjCxaGNg zQ%DptqgGXwI8*1~`CFZXj5CK>cQT#fKNy|lh$ICB09mIDz~ z+!ldLx3CgMx`r7-#@KkQMvSQ*yXuQK>!fCRx*i{K!oBXX&Ql($>(Pm>C1Fui;`HCk z(ol51JD$9wqGh_W_rhhF7i?A!vcQ(Az*=?qamg85eP5Fs;%{7v~YQ z!nzqLc$YlLAtR2&^nT7~K~SR<$V%{>Y~6p3JStJ9@BZ9bW8TuW4)J_09zpa2)x2&Y zDlsv*y4s4%X`dDuWz=fThAZmpcuq~g@cKV4%YV5^wJ|jF%*n#pFPnYr9SfLW_!m`{ z{bw?gn~pz6j&BygU(FRySgCOymr__9hn@y+fXM+>Kxo6FfEmrqSps$Zb*-(@L&Q}w zzNi#7cW7Qd?B>&JC7e1xM)HsQ?1&)yR_6&fqzRd1>Bcv|YLSbVw4dRJ&PDquans(s zIh-JkUCoh|s0q!hv>bhg>-H+`jw%c&nIF>>%nG!M}EW5_>P_ECc1j4^j~jN z6-to#<*9~Yik&ZHpVtlrkbIHgWRfK~#eQVDb7qZ5+~Jll%i}<#(ztWBmd!V{{VyRY ztN4F^rRj>u`4hsk(NIcX*5rUBLG(ObD+8ZtL>r`w?O>tSvb}}BvAXB}K~ldeFl#2X zH3WR|)!(=^HeXq3=50%&W}#N9C*)d;yq2iA=XhDhLAsn$U_M|6iI75AxZ0vPLuRyL zGI(zR9$Z7q7{kno+~qFTLRjRi{BbX1cMCOd?(X7)<7#)H5&m84$uvwTv3qI-(N1u( z9SzVAFe-4y)^hzZ$B7GHjR26|$^8S#`1y(RWKux$!otGx%E~x9`W62I%Q6(`6n+YO zzyo~{uuL@)$LbpxVUa0tE+Y|3i3w-WQw3=iv8vzl*#BAjvPuy6p)^SH-vj)Ic1!sP^0D%nP0Kq92Zeq`y4`rUrU4)?+6$2qJa{2?+>z2iwD=;TyD zB7vJ5R4j03ZVE1mwVb+(Em@#1TMGT67M`S)qD()f$uh|FDl1mUo^T+hI zgVzkK%WBIJUZ>h+yIs~Y0gkF8yOYIAxN({nGCcgvJUKBcBCtSLUPmYV;qKDZ5@c`Y z;lW2Oofv9X5uvkD`{l!jTZ(^+MONc{lACGxDY2~TG#7M?B*8#m<$Quqy%nF`wcP!= z_)4!Ru9Stb|F+F2HQ7;3Vu+WuC^a+-t}CQFEpvZslxZ>GA4F^c`T84`a`>2j-J{>> z)vxASeqNFk7+>6aujLo@XU2kcM6~XARb0(7z=u8iB;<0T&*uqo$lCKnL?yhK&hJBk z;3wd_h{0ta&R^8nzHeM&vO<_#-HD>iFDYqFdq=^-_!u4Xm+Nm;ws8?qCBhq ze(nBph`{-^#kCDgnIBJQ)>Y{BH&XokR3F=wuB5AEktZ~U+-HbT`6+XUjpYm{9*D4HPPUz-zJ~l4y`T>>X@lV9TUFQ2VZW92bPESumL-Sc! zSn6*R%~|#;=Vq%-zky9;^04H8{D|dn#d>?${x9AhS{Ft>9y|3rRr>wpB3SxiBur9kRPHIQ5|TfDXRYL%Zqv{^Q;C zx1gY)|Dm;Sv((iSTpk;YE4(2BX@MvxD4p5;xT~d&M{gx0khfYda>1JTP4~l^ty5(A z%9lrW4U7wRf0n;|V2pf$&LzSScQhgqOUn|qmr*hTr3ZwBRlupk1wuho{MYS~R%zcw zkE-e1#fdi0>|V0c1D(Op_vN$fPtXb-54tYxZ2>A3?bHgXgfBk3dybF|a-ZqE_gUke zyy~9VkDpgR37uxgbQBZ%jjW^`ef8Z43UH_U;Z*_RlV`r{p zXf(M=>P4$Vdd-(S@vAFeKFjus|H|x0v(BPtncqG1pc4pZjE2;n6R{zIH^E|!#gm9R z)5aP##jAhTJfYx6kj{7Kh*^I8m{$Obc!7%9;wj;G`)rv2;Q0Cwl+U6D43XDH`jjMG zX#fog??|B4M(A>w$^8$VPxx*W1C#P@72*X!luEOGRybG*;KVv= z$eFPN8BMwR|BYe)9@y()L_%9;i9KhX=dhg9(VYRE(b)?VYF7L{+z2R$jQ@5O($ISk z&kiT>=hiw6&&BUAhF0eoo}4R?YeAP|O)XRu-|00uoN&K=1hB^#BhvRvS@R?H_;*L) zlY%n2)MnU+Ek0%#Md7ICb@=4#wK@tWWtoERwTQNp(WB2re2Bo9LHyf`qO`>QUgt+_ z;XpU0rn`yJ1}jB1wV)g8=Fcg-&MpT7MpYTWt@s_wcf_b_mw@?W-WHp;Xjxh?TjRZ= zp)t5Umy}~@fsIjC?%`1{7>yoCS3*Jlm;4|BQYZ;G(P_J-dZoRc?eQ2!2?<51d_Fig&7^&Nn{@WmhAXn>!h1g9s&$QOmgr~S(glHGI#@fU5$g*ZL}~qQq^G**sH?8k zk+s%hE|jUDAac$`vr6g9s=VvIC<<=6iZt_U1PXs?#qRpU`gNN6lb$4W5|VHrweL~w z!A;M=5SG!?)$?(>co3*)QXuuw(6%i8hJ%o!!Syd^zA8*cK|ut1qs$DjQM5WuJ|xnP zF{-6cN7zUb(2rpVo4w;}{tBSX-MWvK5<-=&R~k3W?jhdq_9LITQKV`g9`;X(7|Mbz z+6jssz?J^b!DH3$WYS$vq(L&_33AKs;XBsvvLG>K?OUPmmX|+s)vo1H=$lC!8OE;Kcgo(q)}RCqlC_WlB}_pyI_c4fVe>k1?^l!<8^ z?3elz)0P(tEIY$RxP)}*&tX9A(30CYa^KYV+6#@bY?CcvOP>aywCENvW;O*&y=WiV z70tp3h6yZadQN`R?!%TVfnv?NmxIghxCsp2p{c4&q7Vk1o_1#|q4xGG^qD(MkymKK zmeQgRgTL$48wdCgJ~ou97^>jRDetYAi>XO^#<>lA5j88+gbD19B+o@>c4^To2- z^5Wv+!Q|nKrKnqg{p~9+M+3eNVPTt@rK{C|B&(h}tGi3?ih5JXNInbGE{uM*sr@gUh=E?m0fFx<&d`fm372oLw_~ zApvpuzq$W!LZ9MGw*5X}9p4l(*G#`4tkaW&c)gbjDr+S%nU7Tl!WA{Rkpnl^@?`kl zAN4+NMapOb%17oOjgVmt-JZBQ0D79KJ_0S?_mWlN%Q^|Hu z;su!SAHKemS62@#Dr=~nay5)JadLX88~U z1|g;kYMtP>*mi1}D2m+S?~8~7+4)WQ#Y2tR108B@)hry%$FY5uAo%?Oel_nSpsAld zNKgs&X*uLEQ#v)DvKJaYZ$WEH0^L-){%4pl%NG0ph*ZwfBW4t)qC*$Xx|4pSmjBtHG@%mQI;p#L(~+Q;H+Lm)8vQ z8=F-!14pnZJcsrCCt}`OLQB*@SfEn3Q&ce*&r*kBP0V*ed)*P|-;yTj$bErp#-qvM zGuzD5et_g^U+#9G8ZWR36ZJY~CP9grNim%r?vjM-6$r0P*g}e}w6&RECi1UY07j@3 z-HaL<`a)*r$B5l5@1pTH4BsKEPr8>-IL(!Hq${hi#t{^a?XEXRh^z{ zkl&-nEdyaNYEUmr%4;h6^3C5iaX7L%+v)FCo!28A2UGR?j}qq*-?)GBe492NeF-m(rB6Paz85ERfb^0lF&< zSs9&ojV;5p^>VIbT^S%CHmO8g^u zLZXMRJN54^y(b$-G_TY2rUi=Qm^z)2uU}q2I=6=T`N3HFkB!N_*4*;(g~h;}LgcOd zPR>`#+_82`#+J*wy6zX4ARIlKF9EBvmj&U@*_Ea6&Md;Y%7FX} z`Iwvg@^Z|9#GU=|KlJ+lR@Jo0`c`C#uWkHtAObl4fjE|~z+OQ3~JRIkt_NUH&D z)wpgk6bAcPF+IEbIjMIoGB8tw&^`MVO{V*Ng8AI(a#F;dbq{K>gA4QpNwHhRG_Ftm z>&}0`X1eDy+Aj(}8TyLf<|;Y%UOLVby@uBi)$2B9s4%{=3MJqt@JDzt?T3B=d&Elz z`Vt(d2Ocx^EH~{GlEWw3-LqCW%A;&eN+WRMNePOGu#TCCnUj=F<@&On=8nLgn=X&9 z#^D)pxs#E;5_x69Gt;%>r$jd7uzMqDaot^#KVbjcGkB~FS_$ToNzTzGq>t$pJ z47LeAbb^|GZ)vkyqZezT$T&>%`QaR~>PYGrxu}hF0lcZiYtfbPBVt9NFv00GlyZiC zyN71tw)DyH8~&f_fB)!oVU+rqRfWa~B(56mr7~g4lMUK2DPQ@IX3jUKDgoyXZstas z=tzb}hO1=}e4z&myLswgg)4!f5`ubAhd9s$tjsC!NyBaz?{#(r?XKU%dLOrJKL7gl zo6TOGm3euyv|-N+G&FH}`KXF!021N4{w*t*UH}915NJ715j8c~&H{{NYtT(At==0fzn!vMj1ZpZMlp7CCZ0C z66@G!@T1M9^`6?G2`-G;{WnZwaI!x^w8r{28dVl7P}2jATn+1c-^AB+++iONnNEuR zk(-^px_syLnH!j42A{8?68w2>?IWY^Be_hPfMxO5w|NFVq1~?QJ%pBSq6jr&A|ksX z7e^F|g+t^2sxEFJ0c32gR@18MXIAf6nYFb!?i%?obPRN5)xDPoYwxfDI2vR01^Sn- z&DK?txniv51X;*Qs*GgBfk{WPPD~C0(Co~mkIbc*-;lkne~+d)^9*$9`M;I}h#)3c zFjk%;L9E6fRkx#$e~bWiB9B?y&j11*EYuP|zaOKj(-AT%Xs!M&IytoQumzEG(FH4c zBmmzEO!liEi>BP==et3#lV{K3fiX}bV)X5K9~qM3^JqX4mStGD8Fj`~> z%j{y$lcx-DT@lxUpjGgS=$VBDNltZUH(3v;0J;qQ@3JXi5EK^BI>N}X!M^@weYErX zOw3){L~kx0B}GF>8fxRHSp^}-X}9c!Z0g_1@qwaH3c))-ixFhNFWNA9{6ry z@H<)@ONHO)@7PB|=^3Se*m<*==TQ#%~1csagm>&VkJ%u)f z{HO=#VdpzFlpC+SwSc&xouVMWMzG^3#^?;tJMB6N3J&x*+w+>{c$)cB@@%gcqwz=18di}6YHkS#O3Vf-ku))%YE*hajGfcSF`&-_KibD zx7ZsOLNaqA<}>w4^6xhDS9yXD3^WE32AXshQ?>vXJDIp%9=6E}3{?(Tt^C{*J1$yH zMueIOkHZ0-I%q%t#CCvPXD}A%eoz*Ap~AjoS7VjW$U>_O{gdK}Q$@drc{GxUF{Xf( zE0WIJII70X)mF;^P7R$6rlzKbBAtzRRN#(H$MuG)#EL{qO6s}MXamtV8fgwr&0R1U ze0@4NHCwZ1p2aVsr4DHP-8D1A?DLbs!f-h~y}d=lf9|IN%GURueVRq5D7`aRSFCaM z&^Q|7!-V$}7BVzr`C5aAV`&l?o>~r<9q>8e<7ALN9_qLt=& zi?EE6hNc(f#eJbrrqle}9-#s!Ox5$4`xp!6=G5aMTZ9yy1zzgUf-n`?wb{VPfL5Ju zJ-@niXhTNMQt`I2APHe__J7&Q-{l4&pr-`=3hrGO?4;uwv=u%N73l_3Sw8kel=$uc z;p@8NsczqYWF`@!D3t6_${<49vQlIodvC|F_oif&nY~HbdvCw{XgoYm z-`_vaOAqIB?$32!^L@Rq`{oOomJK%~%kk5$B8}A@q{fH1UP{C3i8DQauYq{BKppQW z8hxXnk6+x<`@W%DQM7XJXt#AQQ>z3x3h$B2qnq~&@^8+6^tvcwkiKpFY3fiZ&5Z>* zHL9;G4QG)lKFjia#5f+>7xDCy87mVV1a!r8sv5@ZsY6^!k;7&2Oz1{NMiyGfE)RF> zUGwZZ1&N4>*{{BD338Z4e7UP#--I#0;RVJKP1I`0qd3gJMip+?*WVttTIbLrAz636 z;*BN#Ok8{|e{e`wo+T>J=d@=yrO8Y*l&Er_LcTM<99dZ02B$8`rCq*E{@%mG?)IAj z7lI#-g4YRzc_p7JGUu40mp6IWZiYS0mZ4n|H8^hGE>~$PUdhcB$*J3AZGgiWUcAsF zYy9eO=n~e*a7C_6)JH(wvO+^j{HcKd(#Qc}=#Mcg> zb=Ml~I)@62gQc@&W`%;;=1E8ltxz^;xb~4C&{sDHyjNF2j)2dcTH!% zILq$a>aq4f{3_x)ett zJ0OYYn*OSXDL@<+qIHyL`*=ksgWucODvGOs`EtYqOtx~r9GJcRuASwCtY&6Zw+3j8 zfPM{!A%!zI#A3q_U81m7wJHnbuWb=2=uPbU$7^dB?xQuhMNdhUDpa=KfLC%1#@C~owhz+Au@P|vdhaxa#?d((aJ0Sk zhRVb;u825%F3tDP2OJIA+&qqqv*~< zp@>IFVzN@jl*AYI)my6dMSU9HO<)YEqI}$nyOWx&XYfw8X!Aw1JEv6r^p6HOP%}gI zdoK^{wcoCFh~O>TRLD@1ABEPr1E%^Q(ewaUS%5OT<*W6T&7~@(Dx0cyK5!7t8>S(f zcv-aS&n_hry?Rh*a75#VIS4^vq@AqvMNtioR1p@3T}8gi+X$w=YT)E3n? z&yaqf(wOzFt4i%N{rxsah+veqRwi$Ma^nY-kS)eWWvXg#a5&VW3?&JXs zC8`@+_jelrjE|qoC`KPn&ql{beChQWGsg08BM2VUn!{SZcjGgmlaWBCy=pHKtw0MF z@Ugpp$8oK{CXO9)m_Q}!Y(~|n?b3YFeb7}qlxo0? zkmcHAo*y54`1U!6-l81tYxh!x2``R{34tX%wR3Rv%vgI83GIQd?3})#^5ok-?XGrmc;+VjFIEJY zO0C+f&ktIwm0*R!1}uxhR4e1IMdb-m!PXmmjb1P*%23`#)jtySYun5``fRGOYMzlN zmUKll$+#@&%sv6u)rE9uil3hN6%xf3;gP<|_tr=wsJlf8M)}Xp68axwYAz2OUX;KH z6cKF{zzCnCmVCO)w!LS6m3??yST3UM`Em83Qr%JXT2C)^mNCQkOs02oY9%me=h~0VrsYUt1cSSLI~rmx!p2yb zo!B0??`C%0XE#l7QqMa#2fShhkyraNAjQKZ;5ggLcr77tSVzTjw8LOiVXf{Lsn^r@ z{)E@t;f0FqE*;ePKkw_)G)@X2DVh8>dC#UrY2jdyFqxEwImDmW{JL5758|eH8O;=> z7osp_#e#x--)Ar4GSn-+mCt8$43cIxE$T`m%9?Oe05CE|b7DJSUru`pq<_Y@LR}k- zaN51ZvuWPshn~IHC!|#pB=7Ws3khM>(G~-^Vzu6Ppxs$iQ(a7 z{N>zH$t#AQ^P)7Yd{OT%#&4w+N`_bSQ%$h{>pKpJ@bLmv#C7l}c|s^8T0)ExCPB@B z?}57JW3O0*6QTc__s6G6a$W~;5c=@z^cjPub8^bxg`Y-DY-~{+;8!_rcMet_`nRCI zTZMF)vdvRT5lq$>K za%gW+=Ryt&DQX4CJh=nhUPWDTX-NJMIhuGLx*~rzpL)+Yu8``L`>ytmCJ3(#sUoY( z*nFCYdB{3aARhfiu3;Fny2W(+(g!$;!Yu}d3nUtLf#IYG0tsTK?$nn-I&b{^J{4K! zGy*V?gF87WNE?X-UnhZPOa%pmznRa8!vxu%nVGCQ0AwH9CyMP`==>{){1GQGNzwP@ z9NbG|CH^w{p2!vGpw49}94a7w_IER-{>HW_L^aaNPFR#x6wr=Sp&lzh+Lkehq=X*ehLSj{2k8{z>uXP8Q$3iqKE zH!+in){7?rLtb89+Wol`;SY9EH7oXdve8pwwWQ&iO2cpdqhvq#0fi`lmF5P&{Z~%G zn(8V)ZbsybMN-ALDIl}zp0w7!3;#+ZiLewC&#obDPM`z3o1w;z^h?N`K>&Tx zk*It}3=!sIBt5}fKuip~*R@DemFyPtIcvc89<9nv)rS%CO_FI+F>ZW)yD=z*kQpf%10iU5_*FH# zPNK&mA_C9D%QZMjofV8X?2GJ2szHKGBb6Rqvdg<~vjw0y}@ znoD6521yHg*3K}H_rHmKQenQ7hhaVtZ6#@+V9p?NG~1*ua}v+TxWsk_V{%RS_+7U z2H)Ga@7O$ZJES*e8jP)D4jAjY(f~rzJ%qlO3~Ox#P1J6hRm-!655|j)HZ=wHF_QFz z*!(-Q58m#%ZY`acgs)d_@3`t0Z(~Sk+R!KZjG_e@pklLmh~Mt3FP2qL>3?~BjI6O* zEZUK9C_mu;wNpBLf)D|0*d>p!K6wb3`59Q~FRS~zx8oR)5o1l|O{>?0@*WC>zqVBA>C50iIJ z;TD{?XJsuY+~{l!(V|WpZP8YQ7ZYl@hxI0RkMj+ldf=Z&chct?w~IQMcZCKFyjqw` z-)4%=NluR1m!#*WPGp?Z5mpSA#li6sQCxZa?i}g}vsPPXZ={0}@$o&H0uv6iAladm z=jYEX6;g|^F&f23Z#1Pri0ol#u5cMpfwgwt?ie0MoZsJ`Uo27d_P9Ypl6IL&)Tk}G z?B*dy{;TFlcvf{a-}eBTc?ZDJyD+PR{vVOz3s9D$85y$}^+Z}TFmp|yEp0kjPv2mD zp!;>F_99;!25B}ydWps@esu>L{9xWMvX74N6+emI#iGQoLe*QP(DYEwxSb-htS|Zf zlqfb-P%30KR|qEWjg3{5v-S4(YF~G>mQn$KBG8VX4o7sq?bGPmwVW2j2nmhNc3f6P zL=O)K9FZxn?m8LWWk_M?V9O}n*zk+?a=!c*MNqqKv9cmlRj^bQuD7-MqHF%jS7vn-f@Fm_l^>l_ zF{lClU30t220z)As}CDSf+9LdD_Kl|22u{9tEi~R%UiXGi#xNupd(7@lhhw zV`Hr8?HD|0u)iPwzIBvyrFz6>OT-u0RkQC-3t(qY3FN14bX1}G`T407xVUdoJX}E2 zRve7xwolY+kEW@RWq7xbu9BHN7)VU~y@Frs*5h-~^vk6K(+D8lR?(;NrythApe2d> zT=GU|dE8-?ct#y*;bnpNG@S14Zi60piPgc*YCr-_TC%}bjI9v}xJYHtrcKd6WExw( zQRgj6tQ;0sGL;t;6pUK5`lGd{zMxbp{(HSxmV;xAk&$uC_PyWj{4AW_~7ZyD4+8->N{ur>bP~Tv0+pgf`1-ux{c-c66Hjko_&N4G;#b^RaI=j_<|ECPCs3ZQR|1g=bc_e z_aZa!A`%}l(C}xTqZTQAnAzK$x0)HR3kam9p)oq}04!5$l_$r3+5J~!7L7erRa7D& z3N{+IQ@pwo@J>JS=h7{_1?+`WLTgq-KYwA2b_)s$Dl|B{j!U61zR~%H54y8cI)fAW z=CVNTCaT_Z$^r{%$Mcl*MZDMcPFqB65h|aK5!N!>=t0#0$Br709jXuz&Ihdi9`W`V z-b@mg^~#0so#WJ0ta5lP%J7hokntrlvmuzQv60aSa(%^qI>rio8?u;F+y6%;mhk%v zb&a10&gFhcP!OC`qo$=TqY_9wF~}KWlyw>7`6MMN0~E;aVHjh&2Fnw$?X>kar?IEqqURnpDq z`U;K>avKoKt$P;}qM{)wYm|$Pw8ejId#x#IR&$ySq_xbpwRcem+<*G`+lftE1iCdg ziTmB9h1^alpAouEbo#Szo{oDlq&Ns^P8hFx(#Q(i2yY332M;q@Bp~icQx}0qbX%Io z$ExnN=iHd9z?0)v1Zd(LeDLsbSOZ56I5VOYCnqaqHD@p>Sogkto7q)8(z45i@!t&= zh_^(aYA=)15%H7P)AI@h0vFqYs8YE`Oy^u*PF!0^sL|pe8?+0#q#g*Q0w6182527J+BiLYCnv{9TX%yBX5fgx3MR8HZ`aidxm=nW*MEBZ}2=vhVweq zXV0Du)-3B}sjo{~*v7}eU|FIRj%wiMNz>vHBT*AI#H&}9LXwjl$FD98e7?)7_>(6@+8+JDG(44u-OcA;*#;Hfw1DdzV^U+u<$)M@AT=&bmm0` z&OyzHSFW~eIbYUGX|S;zRwF<2`_ktq1y|!<@)Nz{W2NtTYJfWsaRsSwZ_z*yv)bsF zsXE$w%Pyn;;>FAnCb_(bh+dTGjn3zanm0I>Y@DZas?$Jw3!a-RZ9Br7MkU$G^&g}A zXMf@u(S5zMKs9?oZN#ZB(k@1u2@7VGKjW2C32m%dk&1Yq_5Zz+ywzG@KR z@L&e1ZI3UI)8Bs%8bxw9&8t*F)(F8t^IdQ%?2Mo>tVo*NHKZ^klkHMn3baFM^_VFWV)X+g-8{=iG zOOZgU-J;N#m0kT~cpMd24yO9ncAah}fCy*!Ex9?8^Q9~ZsHasQ7}?1`I~lcHDGDvy zy$4Ho&leRIa-Lsxr~=0m{`~C?rjAruBae1vG4aJ2sn_dB+x-0$fi#>QUo!FnQX`9V zQ|t^W81o$>=b#2e>6w{bp-fRl`t3{X698VCo1pfmqo>bkW#|4a($nvgC>39xs*pLV zkvT~##Z}j+(wuJF8k=!+xE9SvS|t=;U9C~E?SdE{Hu1Zv(9eU>N(Zv0E_7cX+MYeS z-i7UbDjd(`?xyH|oYPNLyFJcoW|u8P2hor+7zeT3As5`a*-2|LAs7Ln-n0h{3r{o( zGP2AMuLWB*Eu{XJbm()&=blXp_P zr;ys;RkKf@l9o2|b(ixhSV?IpGL{uF+KT1}gpm3W?4MRhw@kEy23&tG>&F(kQ|zn> zY<8N+lEiHYos^Wc(6Ns>Q+6(tJs~wE#juVS2Novk>C4Xfx13MrwwB^YC&xucZl{fK z!lK5>&O-X&2gVKZ1E!&)v>n4=6A5XhFfq(%y@VsL_wFZOy@!f5oG#$|Qowl5FzOn; zpMGJ(^EL*tj7#WeqRbm&l$x4Ng_&3NvBn|drokbk6Rom^O8B%Ok}*R;%Z|x$R=B6P z+vDPJwr@aKpOi!>Gw!VZ|0q=66JIgjjNF80X4;~*e{SjcCXCZvL%~ADLsymi@>@N9 zk&;iwR#0$Emap%IMtW@k*kDHV7F)`L29wamPlB>Wj`uf^h0|}%b2CQwjh0uZqJ`+m z!XrB71|Jbz1;5n7dceUkKMp-qshGN<^DZPh8e!O_Z_u6IXzq+qJXe_Hr*a)PAI9T5E{z2 zM~6o{*wpctrIl)qf1j1DDsspIXY0mj$;ruCEx)!WjpXm2P3o*be}5$~WU%5G?XCk_ zxkjy18|iaN_!IHPz4o_^w@%5amgyuFkrPFW8%2Z|(G+4VOPu(uOtt`JG_=@qggWEpprrW7<=hREwPZ$cq$G3X*QHy(%ScsZ#av z!Cu0RZ7P=^cN#$N>F&kIjsO>yq8zT3Z|tdEL_u>%b5o}8p?IzUbgXK<9Vh8j4L}J; zZy_UJ_oB120Q)%RN^i%C6ecAD8fY7Dv<+oiSAI8Q^XRSZ>gp=8TRqIrOvyiOMZfp) zv48Eps;$9L+lXYXP5#8|GF$W@*%(PuEG1OYcW-Zaqh>l}PpkBBNAnsYKOTr(f3>2B z@0nj7dw-9tDn-s9SBA|HBHrk_WQshYhxM5kuW`%SY?~HO*ZXF;f>pUSBHQs*`#M>n z4-L?_adDIy2zhzoMj@zzw4Z#s$fLCXWg6uWa|Vh@@k)0A&GYvPPp!J68r-l@RPZt# zW?%=l6i^#p?io;aFjyeclZ!I`=-P}4N(HC1MIB{@bJpueHV@^+7Z;>F*H2r4fH%(0 zK|zi*Gu!PPJv1H)gxSu?vJ@EmHvV#@fmy}-t>YF)P z*;}0H=vn+k9CuR-_q6*>6d0FXi3zx3?rYCM^Z)}`YIS^6di;n1Qa!V;&@uAlkZA7s zf#hbeJ{%T<%2PPpq=52`km8Yuo`a53 zYqcv4T;Fi(iS4}K=5)?DKrJaYAdfclx63%$2{#EeClOirwu)FrF8~a_5?FN+4NIL^ zM3S32`t!!E#ldP*B5QEl=N)T7o1Oj{kRcI9RGud%WO*~3nkmH!=9Lhyxvap15dI_6A%{m z)X>-pnwy&&^Z-qd1Wa-#>5Pnw|KYg6*LSjvZ|_57Uwydtkxs;f(`YaUP?DsY*A1MDH{a~ z^t4wJ$aLG(wrKiR))3>TEZl?0Cw+BG0ht+)V9P@whM$bTAd_x(nUv(@nWc(pgO%~R z|1Abyp>ZV{AJ%{m3A;a&mX1JFy>GKA5{mB*!rN7-n#6k8$VY5m^hcjb5AbI=Q8YXJ z0-P0cR=qS5x*#JsZlmPr#A7njOjzs~&{x(gMof33B_yTVXG zW$~j?qyuY%4#l!T+*0I=g*)}%w!dceLTn>pmsur<4G|rKOHdP}0hY_er>3eHkGiPR zN?tc76xP;GY>*01_aUS$`n&E4^x^b(WtJ2cS{-_pY5Nn?<)q6C>*{Lxg6fF$p@D!u zIg2|$6KpSp`#<+yBG|3=%)tOt9P-14Lg96 z4A2}5GeVgh#p>j~7rp|Qz|SRkhapqAqIYAbpMtaka&$Jcj@bm!Sk$MQshQ97)x ziiW@CyTg#%#XvPRx652Hc2 z_$NUu7p#4Hr>b|OM^DyB0*yml{T@a(GEf%MN-HX+JtN~VIzDnXwaKfoBM*wpLErvg zz73j9NLL}94a@AC8Q#sW6=qQxn+*w53Q)OokIiCd1C#0%wdPkd0d=3-DTdK6 zTlkFLzUwj^KKeinTz!W+a$8GM{Mtjq6tGiHl4Q&;f@D8tba?++5Lj9^ajxFu3(76^ zUE_X0z1p7`{KE7*Mo@8aaR-Zx(~3=p25E>Y7_7|9vdNYA45Cc`mQrF_okS?e4eKn) z7-nl`VvrvH9iFJ*?o@{#KXl9OR<)xtX#n^JN)u9B9z4#$@xLWOR{6Ew6w7^k zxKZ8RR@OFAF80nvcAco;N@Sb09xmRWx~EQuFVE29)N90-hD&lqEMr1`28pEoQ6xp2 z9lxK>Zd|7-A!j)dSh^6f^x+c_UI-J%PN${|!&=a@B{?M@OT>&^yR1E7L~FV2pQI;o!|iJ`o>YDXQYtx+}c|D$%| z79H;hOmfg4afIiXTQCR2#H8$J&86Er?{ogystnXA9i=22>Hg;+ix2gbJpE!81#VnS z9$co6Ef%IE=J;G!6i&(z9<&3OILTPfguYM~JThq`qexf)x2C7EN4+zL0az*F1)-rxDlkH7WIeq9XBWSRSD}fv@M!N3=h01tId{j%%|8 z!^Y{7(k&AmM5bjnJ<9X`aJrqoJH#>~ck)4jiJ!=LA?%sx4m+{UtsqD~)`Gx;W zDhj7@aKf~-l-X*}^#^tx0%`ug>e{MDZsHkL6LNaKr|p`u<{pbjOm5F8f$=c?E;D+~ zP~WJ`N#&tVYtg*tID4>bsj~GIr+3WU^a~g5F9qhYQR_qh1pA|Le*_HGpvyfTe_mBK z7ZVWZf5SOysyYq>5xNf(a+kleAoNQt{eX3!Z{iGB8dMP7YickR3W|| zTlYBB&XI6?;k ztra+ZsmhEx#Y>fdkdW==x7&U3L36U|V$w}D?Oz%Rr9^R5C>j3|v>MHBr)tboTvTWNdjTin zp;SR@5zmM8jXzqg5H9bZ443LylN|6{bVX+X6^FJM?fy7C&4vOr($bq zgwSRNr0nJMOI*kXME|1I>8$tHj+l|;)-*cn^bA2g`XQfiH)*p42;uG0`DGMs5C@N7of zia)Ar06BN^Bd}}3z&>RX#;VuyNwdCpTS(a0ybrx&e|wk)v{ujRBCw=%{QlhC^H;*6 zEwt4OwX(G{g64q3q*RJePp?;A433&FJSm<>n6w@mLD0A|5@{T4U5(Vv^xVvpfY$QX zJNor4noTWMbrci;%ni#5;l_KVZ{nl(#!|)n$5_sr_hfV${knFr2|t>po$UvJWtHG` z_wK_Yt^8OPhxyKZtI&ml!$J&)-mACS>q*AJCq7D3-jcoJE#{aSC$?%#&AL#KDW0rCPJOx%n?@4?LwLtZ0UR zG^5AUsK%@JIIa39tsMzJsT{Vc{MekI?#=bdbVnD@`d(hrhp=tqMp&flwT90jY!#Bq zQiRFaO*^xBDbSf;!Z&=^ye}#|f8?UC9<+X|<0h&wbz@dWK1(}{H(oO~2octcbeqs@ zqBk-#1-%mG2ev^s+;^|Czm5hNfXxr@#-h_Z9Ipe=#>$f*k_l3>hP+=*TyE9c)Bq@==YVB?Li0S5Z^twc0FU|MjSl7dZeBST9Mne&o@UOn?p za_9>s%dgkP7nkq18l~%OPD*lyAg_tl^Gy8ga(5HC5&c;-T{YWJ5OsqeUUFt zQ?=NvulPpAi<*nW6@+ARuwfxqMvH7)X0cQiUq0E8G?EfPUo2hDmX z+uNn2@ZIa|J6xuYC=JCWP?s}qvepk3+!jd5D6qa*X>o6eLn3VKOHCzk>K5W44hSe> zg@lF8!*p4iZBta<*tfPI?(iP0P`%A#Nc|6jHm(2_qK(@8(!=Jk{1Kxkb|mYoDZdP) z(};06Q?Ba$HCBb3n%&T#ERwr%M+eJX1zrmy6{7E!B62=F|G1$zcBtvFuu4lrCNcL~ zm4E)pWIo}%0zxfoU6%ya+pbE3_n_AKbJG+54I++8%>mC>ncQ=vF+7@6*Q4+$a_lYj zjKL9Ik`%aT!*?voH+)G+$$DL0x|%y2%@YjBX$w&*RiEIKm5DqxpH@` znsuxVhr|w%7rZ=YJ2_#KhHTl-5J5%ezx?p$+mi-oZ{a!~foWjBtM_EPQl;=JV$P(% zNKaU1Jl}rC*v*?oRC!#AX*kyz8D3_~CVNvTKpEPSW*DLnodBX>EB;Fkz&cL|2_qI=7Rh4Y3 z#c+1Ed^*-s0X@+7FNIBf1=qyq|h2|@7?9PG|c5ZIp5CUD(&h#-+ufQ+th&2xz2R_44F{bH=hrG&HhpIm}+_CFU_MwpBP5lWXn;EQkl+!Fn8A z+xaa%xjO;brqvfkU~SxnUe&ofB=K!Q*uz1S)hVzBtKf&TL5L=mkfWeTf*pGUvh_DCUR%h8!s1OS~+VsZmpB z+_!DbVB#)V^oDblmBmPFhsfkUIZShgG&|GIP$)>SEc2%Ar_#)iW{7?MvVrkFirYF8 zCS9s*o}-a+yh<|mb!nsm^$?IG_9plbs$%yi@HV<>`7(0&))6$4(cNuDGdAyPC#V`X zMpL(AEJReB)4`CZB@oSX+Uh}98-TyXbZvc^&;0a`n2v|BYc>fgP>9tp)(aYjP>aRy zb9L?*k0oZ1=}^^^TAdKy&HWsHJ3!truO~lU#*E)W0f6h}@5!HyE9<6Pg=?sOp9S!4 z9G8y-H$oby2_~SL$c#DLI#={)5CjK3FkE}#cfFGf^4Q_rO`(6K2Qz|Dyi5Jf>1>0R zh-PuYk>syg{PK&lnLgfi3H9}MFt%^ce>~ew40c*kcul3|^nLM2h^6+&A1}JUW^DO)fic|b@Ej5Z($Ay(7bO&)-*scyoV1Z|jM zoOQ{nawkUr`s>8PhQsgr`hcX(b*KO$6jw${?)_$+(ikq$ngU?4PNc64EU{V&A6@cr}_99A}z`NUP(9 z)W$wDSd85hxIdToHIxx1GbAPQY>8FUndV{E!et4fNx$WQ{x-K2g=C@57bY@Stwefiwd?T*J{Xv;%(I@3eC`k5yvaWLO<2hpmd z$rw^tbWxCul$rc2rp^7iUiL7b)p~{ki@ZJG<7ipT7K4H+DxR%4gWe-T$lmN4!^l1E zPI&B|NAc2uhr%6K<>Tq)>Krg@!WjlmvFoZiTF~4u=RZ~)Ij(izn`3RC11$&6Aw#R! z+Cf_mc)fV4vHFrKrxdu9)LeaWWlWA%s=L3lL>Zz)sH-Th`v{;~L|4K%h3KzF{tnxO z@v`tCzRN!;ZNEGz^b!e3Ro<Rd;c#EXS2;ytjar|HxMPb=vHF5qQ?+@k2X_={WTDRI3 z4Dv2un(d_DTnP?c=;RGv>SEDwdEChFqI#?ac`{OIA8ct~VKhC@sDX3vG~zy6K=j^> zjz1$9DIf3_X~bR_-4EPy+R3y0FuXoWhlZaTYG7jPqHk$u~c=9Y}#T`3mX9ai7Mkk zFkwx=v;5+^KV;Jw7#o}5i9Y|FUNbVY!idpS(eT%r+y_OQiIb$ZC%`b6> zRii4qscg;*J-a%#3;o&cE_=ay@64U$H21zLZtSMHjzz9jS*C_8n}scv9)U69qNS=# z?7Ad#vV@4PG%Ha$H9{!)%>e!v0epkD0^kyAxthvqUhStBQNar-*4_~z-;lb4WGXl7 z^e!DMzSwXfe*FG46f;8EK||kDNqB)UIHGh8r#kpT0l)gsLi53c2L{`1F?&0c{vTr7 zVqaxT#qpKfu73MV(l)MuMjFLpxEsoS7zXoosQyfn?(4AALpvD#l`Jl`ny@-Px>Jgt z&)Fhs(QKCUWwkKBrn1hn2|htW;v;c>JGj!2!f}#@%W5BJv%mWA(Egjp(LvN$2QtcR zIK~~nu0HsY!{9n2tQx~ zr{rgara;t{Vr<>JK{#nzFp_n{hP-|$=~-|4IqHqwYM0~X>WsJkt{EJfyBrV&dCup3 z-Q6>3{4SEm2mbs$R1y?DigES|ta>e0#a(Znf@UBlf$aR;{CP|;+-=-^ew)6RjMr7~ z78$+c&5j~e!2WZ`xHL2P?iCx-6W%~!Wjiura!~GB7s4yI+Pwkmkks)@mOt+SIb#wf zZeva2n~wuvMoX4IJY8(@LS{e%7JfolmsLY-&i5Acy!Z8eI^ueK{;l7S`3Rf9{(rhp zCqLom)qe7laIjATZgCXu>rgCD%i*GU#XGEotNPg2JiUD}4q~Eh6J^@j`&`j|1_4Xuj_=ES&TuY}zQgQEd}><`$yfnnlETdQMn-F+ zu47rb)(rOPt7TRZvY4ZtsWoX<^6a-W?ynMlE;|;(%}~z4p*X78T6R$kdtHq)3~0&= zaS7{0-DPRJ-lo>2*>d zlXR24{_jpw--U4O6g^OB)K-B(1D2qQ6bsr!WVQK5pw^||8W77uYxayP9MgW%Esz1e zVn6o`cMqxR#@O;28}puDQz#J8$#s9dy;?u(+&#A$|DbO+k#8 zyt;Z)kMXEA9T;&RGq7H7HpbCGZ~Z z zm}N$G_zXgEBYu*Cw{?M4#CfxFAzajrz293gnW{?o8nMyo7UpyzruGPL@JC=@_PvfJvf5&%v zxt3>$(`+21oA1c3jll8SYxCFWc^h^t_oH#Nms-;@%Gnacro&Vh$ZE!Uu(z!@Mm;X- z`t1wpzIRrE2xmfymPyK`D+g|Zi)1?Au^iB>up0N8IB!PiZ-Q}^@0$)W&JJ>u?u$Ht zwfa=6iG1Gg7;{-Q9c_N!mrQwXetvUnaNBBU=H7HJIBOT+Xx#I^y0ikdhp6{Nu0b4& zOXrzxr)WsMSv*rFGN2U5!Z}_i%d@`hp=f4w$|hy21E6Oi){YZj4ChNh<1zcRkpMvI ze_(!uI#BbgQ}ah=_@%M6p^N*QG0VqlQDgQRtt9PUBfR<>!E^kJ#&4zcFYM(CD01s) zSAM>uc712o@p(<#@}VcgrK($+mhP7QQ>{@ij){nf=Oi@u-nwjC#w|m(SHOT+AK-Fv zk{9SpD%MnzWtKXAR|*`}SkInA)OYt%vr-AYBWW$UBPMRjHt}mN%C&Cw8OqE>=)0n#!Q2UTSZJ(`q~FGmQ- zwi)0?Y;TiVG-}R#sGhby`gklY*GfM(Lv7`w|;)G^kT+r zWE6{3MtDF#{L4wRK5&dJ&wj^0+x+vVc!<_~FW!d#@rLE$)(?{IZt0;x(}VXiQ!D#y zT6=x4aNe)|4Rc^RhenUye2t{X_8SEpZUAdr-1Rh)8uFF%@NR#kIEl6r6wXhP z@h0+~j^6wf`KIF+%pt3U%3F6+cXl{ON-Sbq=pBd1R#pKAW-i7Wo?W&#&CbLI0kC6c zf)GZD?NuZ^k2JY)R1~V^Zid2_Y;=}U$^tWUv5Knl;#EeE&d_}l1>%bawT#mPo#^N8 zea_gUDpNJ8I#+}2AY!4Dl96q$ic%Q1FO5K{R0w5xV>2UGXM5$X-z`;1t*)+Kj)jf< z<0(#lawr$j)lG3Z96L^NJ*wgFN;prUe$C7`=#^P;PM*j!l6ECe*~Jos4#1D3&+9p< zi704*!&$$%NY3EvEm@vOw{vI6!)dh>$#{mJ5$ApS55m^kGu(b)kx=hg!jOrw*<1a z>NtE3NJnfP^pgPvXtXL=;-@<*H)K4kj3Qx?O6qu334+{vq48ii($u)j6?03lkZoIv6Sc`az(jC z!cul{yM$)5)JceRCtz)Ts5Ln%oXuD$$V}&*0t*sD^Ilg`>>FiDAz6P!_DKpY`)Ei z_Bp)c8GkmtryG#Gk)my?lTm|g5FVH!`5Uk4lzO#K_kn8^icA}sX#;yk&6Osk=ljdV zB_%J|UPZq8iDk*6Bvtz(wjt3!REDBsd@;l_FtE<>DaXxFTvyZsuE3Si+0-_`SOgzc z4%_g}lSVYhZHv`!!c{f8?-smew!UpTz#=2zsSP6253fZ;s8sHt3|x`_cR+CnbK}iy za6Os}b66^)fY0>j)s9zT&wjqPnf$8ZVM=5$nYGdSSbEu#nwF~3@$4M`dV2`_%KLP; z&(F4vdd9wc)^jJ^<$FVo9$*B<^&g>e@ALsXSdI}d zCzpVonRZ~1C3z5Hz8F`rRIVy@Tt{Ivo8(V_^FnHNjlto-aHVeMB){b#k*;2`=4MfT zzBr>oc5m6bZreTJ7b0!9P5j7MKLeN+DK8*2UZGl@7b%hLMj!oxKr7~7+!kZ>>=w!& z^(10uVG$wXDe~S(GKy6I(vxVY9>F*7&aKUVw2_7LnvOLG)1Ft%?Zd<+MGO?^+jd;x z!u|OTf3)lY7T`*v6I^lK3!b(*I`|C+lnK@dAuBjSBl2Bi%tqu5P; zE3;)5q**riDgCIgdH&Hc-}PuCA_oJW<}!g(lQSez#-VKaF%_@7znka{KM$iEKt`+@ z2(t5BK28OAbl-Hxm>cz64~Y#WHnRo&=2`-STn#lAX0B|&)XWbqJ?UQ>5ZsOXbRsS= z!SP>lwUjKkl&pV1H(Sz)r5e6>qE~?zkR1P}z>kB)o9CzT9pM$FrFH{d_Xj23LfEW( z5d(8wB{>Cn0F^lHsGzZo((3A2t_RKjo52*vPXG}O3LR|rwGTdid`*Z1e$erSd*z$6 z5uERGf9SA&^q$ml`TYw^dA&M`7&JBJ2$uuz0gfBXw9_ec{45G%2ivcDIM7=O9lP`w z%Fj>A?i-IIYNU@1HM=|yS9|z6b%S%p9ks7g zhxc5W+7)VMX34TLXL${mIv=_&cx3sGOSOfKfWc2EapEbEnlB&U3HRDAINopHtEkym zRnH9~Sfn=XxU(6x$Ch#_I^(TSj?q}obVgo2T`m*-G&|$9O(_`Hf{XFUQ%tOdZ-d7^ z>kTuoWBYj)%{KDjct8G`9G+Nuh@6DQ1rK9ya)NMLW@YCFSIM#xR|QDp=+^=D%g<$d=R^rl#vf(@Ux60mF!n*OECP zz(_L@u`svo8Dl3VdBWLFcWd0Ch4a65%?7g=VD^~yH0==DMtnCjI?{aFv!Xhp)QARj z=S~_^lmsaIb*;ky^8}ZVoTqdG*0?&g~lM-AS^1SHdxoSZq4{fPmd{@P8 z)`awQ_Q7mduiW6*NbXatOl^$YiOIgmv`_?Ck2Bvhx}c^S{))C^_M-iVEp1AfvPN|s zH}$r0vp7l$(;FloWR(S37#$V|OP_B}Q`rCZsho^EuFBFu1-_>=)|g8<&W_~FOFk*t z8+&hg3mKmUFmb{m?W&q8Wlq6SX{-Ht19@k0zz2D&+9p>UfW%lw>N=p9qR?ou`J-3NIWSCB1+>=S{NcPO1)O| z5Z9rwj@L#1ZT0305pVApe3B&3;NXp|wqnR#o&)U|CqbUe14oAH`J((OHAf%fX3S%q z1>*MVgGt$)N&%!hTweCYb!bc(+}aMc99ad2vnc2_x}@@D-WPyDX1inaD-#pv)|Nki zsWCQY;qI%B@QS$_1xTp~#6?|w<(jPGn1!(D5G&TS$*Z7A5KniTo~=eM=TkE>hi$`; zmo?H)e|4s@Z2@x|qab|`JGLJAWIW8Ydn-cmTe<$pD1ZPw8~#<5aZDb}6}eH}yb0zH zFLi^M^M7=G1yoh*^R^&LNh2tYN|#7Vhk$e*x}-UDcY`!YcgLYax>2ONySuyV+jy_{ zUj6;Qwf0h$2lsjRe&?NdX66~Z?MXLAE4j4QID`#gasabMp__#12PD45*D)Gg#|J;V};EjH*R;g<)nt!y4pPnl9``(yzGa} zGB_+<;O4yr6Pl4FCew0e06EjgP2E(KW(L$AnZt}!n~b}bLxx0$j5#J`nc>!s{FysD zG9EzoR6@rK7WqpOOy5JMrdqoBW?k)ISh0*p>dk)Qm&mO)$++16+R;=ssIsoyICGpm zp3qX+?Z~Ocv#g&0m|SX6k%UT>>w=sBz?1>9wXLKq+{!H!RaUMA$}x*qR#wJnUH?E! zPKcn`I}h}^@9i4S=bm!j)un(&{d+wITS-@e7Elejz3TohjD(5Tg3jaBA67Gk-kJ>3 zgxFr0z;n`4j3#`+l6uMF8Xkf-RgA(tlOMjMwTgo87^uwRdJ&c(;E^eF{qb6NDmQ{u z_52NJbd>VFs|*R5#MXtsEZD%HdXL^#CO1hnJ}N4$phs-G>NMh0Md7^d6S;7SV$lv{ zPM)7lB>|qlI{*Agp(r1^#|3`t9ygbT7EF_igNLjM@3LI>fb;Y!K*uk}9!}&(7@!EF z;;5HpBz_|~Ha0Wu34aAZKE7^#&D+fxi1q#-h~^i(;26ylb*i-l;l7NNFLtDQTk=A( z;Hv-P^Hs=wB8LS9C%DARvO(=#vcJ#a)#+8Bnq^^8tse{VYx7*h=S;Qwi?15$ce0x8 z5Zq44G&cRbecs`&w6r`Ku!+l~n| zYl`HmXCQ#9QyT=KU{knf)c6^YY= z!DA*>!3YJ%+`s(VUyiiog4cN!D}3(R##bRuQ_#m-nSR_Hru6Lwyg6wv+KusJ^q1Ng z?;dlkuCCUa9o~9mj#SMl=N3tba9SLd_a(Cv`n78JwzBISq<#qn$aK`NQSb*FZ();e z`E0AdhHLf0F{HXBpAORanS%E;I#E)PfGZol^qc~JdpSy^OU*k0RPe|R8R ztfn>(?vc&EaOlv&LPeOg*Zn{J)f?N*;ZzdO#1UqV*z4X1n50nBhv3t{xizq2s@x)j zR<#;+f^$xUXLr1*NklTm7FkkMbR6J%c-)yQLH4K1N?x4e`KoRiy#G~tccx*y zCVGBvY-(GCT*8w$=d|4ns!) z2>3LV$eWc-P4<_g;~*u_^C7e13I811SF<=RmkixPJ17tUFR2C<`=RgHk}~$`&XqDE-U#3qqQbvjAq|Fd1SV(Y>evOP*j}s zDBYe_u;|`9n5gaSGwj$f5ZmzFyW+540Y0@&HF|AHfRT~vjbJJnT%;Pgf{nPiCi&U< zXCQyQ4d0^m42TK5o@fP?s@-CHSr?l8-_74oAJjY$)X%&y)l>F2U;jyiQ}P5{Ko<#A z3?%{G7;dGBK$|Zy{}D)4Zsk!{R+iCT{iPb)lN2k9U!cpc&_In;Q=yK-VyW7yVIp%w zLIi(|TV8S|Dm|TnCLlCWTEz1-VnfxL@VhLfbehP#JOWSe%{%iA=wEm*RgsZNM?!G{r`eH#?Qbc~1ynE3eS z(xrTmjPDvsv>GVkp)cJ}9xC+omFU3|3P2BE&0Q@HG;crst^UHi!QCN4dk)SA*Zsdf zdn%_#SC>ekdPUb{Vq{_gptXhohXv_mGD`4W**hk;J7|5vKOdS?R&y2C%=;NNElF+O z;-o($;&bcvw4^Rr6PqOIv%8PdOBP0Tc2_o{lGQ4pw7M!s*jIvSThTBuUfFZo*6001 ztJ-1i?c>4SS&j52w=-FfHx(w+m3cs_gYa^=v!^N zQ}LLSscRd@Q4zU{2)PUsf6<0S1E;$l;nB+>MquWg%gLbc6i{BT*Bd`e(Nfw}1y=~L6aEF|I;x>dwVR>>-G)?o1ZDA zOg(^z3P1q+E@xPOJCWAmJO|}6XCzbCT1*#5>dSRN3K;Ud{%12fKzhV9%B0-nngnE8 z9y^gJb>=+r@nLh`_+ljo5Jj!^C6TeekNSi6Aaxx9Kxa0+Q0DBOzOc(e&mLY(|J;7% zYTT9sLlYNQ00a)Im`W>YZ(7?oI_qSix!FS)Hxgmsd@unDBZtsnGI!R&SJ&C(eNAst^nM|V9qc5ysWI&m#TbMnvmV-&q;RG_TaC{jdUQd>yyM2cZ!x}CSCgwTSAkebB%(b zu;IPp#P~0^?qM9?*3nR7#`jOBm>k zmOnlQm$?2(bm&;w476B6KMoS_Lb?gDQ<4FHYEo=CC~Umi(|_kA#|J)0$@6bnDx^Of zBwNddv8(%<^o5=gRY4n6YO53_LnaxAqc~rx?G*DPAt_3j4;=H+Dr}C{{CZ*#XP_yC zG=vb+iD9+1TUbYqMkpnen41S zMR@S-uI)|cT`SUs9UW`e=oA-r_;VSH8yKkvb z^1;Blsj1_dV0~pQ<*kxh)tMy3>1-KRY*f z%U%-(KCY$K<<0Ha`m0uk1_)msyz71W8_qJumL1z(N3F2~9%`gjq4Hz%3{tUpOvU*M zD~OTS8`NJ89g!lyzA2J5qKP;4pW_TrKEU))LiC=Gm}i{e6fa+@viT@fPi#IknZp6} zg&Pfa^B@3AAW8+8dXaFMRbf#G%%R1^g+~h}?YidLeyalnJdm;{%qCMWUZj#~C*l}M zkhkGNyo1taxi(lDW5##st?eGAB*vsWk=7i~anKv-xI-FmQf&zghrIn`B4o~YCTC}j z|Lr@1qtXNzI1%A|*gNbQaZR!R=xsWOy9j;-2@`8yWl~=}mZlixBqR@eXy68cqLk~- z@X4k|Mi|A*3Gg0L6~i&f$=MFa>+Jsb^o zsn3DN@76G0iU>23rSIOMMp&96!boel@_?{!yI#JfEosze5zd{x-$aG_OO_iHn(ZTT zWROOkvHr?dJME{C2>z!~j7JXPBDg><)PW3BPi~EC?frK=KI{i8{vaozcwELH0nQg2 z$Mzf|;-Vlyy=)*y1$(8Xt<7X`fErB5{q23o|G+nx5AY38p1yKuUx<(k@4-vD7PL3^ zjkK-ZU{J?S9(ETwc84)Extc1Aoz|t-h;%gs-nf`<8v8y!XN*yN@2~pjaU}G#icVG_RF3K@4vbe76KmFvY1ULQroCde1ZN&kfPL! zk8-Eiw;m1QvNDV&SJqiskmcVza6n*Mp6uj~?P9;Mf(??BJw0qTh$w!8Ydb#BbU}2U zk$ub05Z+s4sv+5f^NHkLdwyx&hsJE>U5Z14AAVtAps3>RHU8x7&k<4p<(b~u1=rN%tW(J%t&@cK3$ zN+S%rFiqyl2RB8lt^j9X{Vx*R|9~bNHPGx;W+=~Sv*tgHCSAWBkmzdQKytDRzKS@W zQFvZnN3C4U&PXT!*s7s0zvu#g*&ig+N4^=ZajHvbbUr8;T<79UR2j-uf1}^|+yfov zZ*_P=3AHQ@{y3G()!;IGu*0rPn|MQQ928f(si4EsMub=154A{u%8#DKe5PtIy`NMqR2I){Jn7@kMJU(Ge} zJM&fjjNh=5<>bR9lkbu`d-FjV;RMH+AsnBUh7JVLVr`~h@p zY%Ko>-%h-=yfP8l7RI|AX|fqe*)p(fN>uUn!e=356Q?HZiXm_5CReJRLTbCpzlsLx zUHExEf^+}t;_*Tqs7p&8e{r)xP!>MN(=qgjSft{^6Nf)G8CkSBN5xgYcTb1bWjz!@;FWX9%%OR1cv2`nrF= zcNvYxFEG(IP=1+28TosXjpuWpIeEP;QWMgA4=a$`ay$CtS?*Ms+w}`-1E|JFe zQ>SQJ#3ZpLb~G?#rmL^dRwwZV?ynp3Fuak9Sua4ocwX>Q{k_=B-``g=7+NMG}oFgD07%5U?@8XCN2Kdn5^$!n6 zIG*eX<&EDe{jsH}21PJu`_p8Qz3FU}Rg$;V_K36n*8#rc{#2&B=v;oc;m@`Cv*a0i??9#aWqlbLE>e4lR%Lbq2ask_rv zxekp_y{v_8tgK{@QK5dFu)j|d6soy8w6yf~>WT=*lw?q)lZ*f zVHNEKvl-ec920g7eGM+Z=~taX1%2F{)Eyz~N!p8D6UuN>piws&fuATn=AGs6)3`}k zV$Uzz9BvY0Pnjqc&5u7r!YAEcjSiIQcCPKPHr_$Y?-L>c*4Iw-B_Tm5jNLY@stP-p z;C-U<#x4xLcI=BM4VBypeu!VawnijU7>5S_W2vmDP#F?YdDw}{IAAsT10^u* z!vX8{<@xl97@*^q1sH@98QIe+O=mv?RCeU=DTI5s2htu3ob1gyH*049aTtjPdf@TM z?L=s(Xd>T4noQtgbca==Z%uxC6V%&9m9Z&FmVl%`f2ifS(O_L`?#I$wn@#fMMg08d zy!w(`x0uWBaUr)AREEiyDq>lJRC3St7)>G$OxV9DS655(Dl9jnn6+L}mHYq1Vef7shpDEJK|PwP-HO-SaY%XGOP)K884 z9~&X=<9;V73e1oD+T7mm>nQL6)oi$f zHV=>0tYaW;WqX_I|D&_t{AdS;G~+nnLg%uMm-`K}=$L0nvc1dxIFpZlTl+eNw3nVH zvz#%fq7HFm>j_2qx?*Y8l3s+}xHY%qwFl8uo0cOjo*!{ zB9Fq)!xNf1DNYTH3vStkP=I&OOx)ar3lvsEDqBr+;T|?)Kn{K*IJuk9t7EgA=y+db zy|6@Nlr!EWPw}nk?<&G$jW1OUB4Sg@7p2@u0U8&y`sC{X=wC%iA~N;_X0y4>Q!v~w&GwJ9yIWx__ypkHcsj|t9ud5>gMp0Pk_8xU@WV5n z2a3JV-n#4Tp~GLWvj)LS)O>xipHwi*og|N;YRoUWzT3Xtb`L85C z-rhrl8KmvuSXz_jn)y69%rhsCaxaIz_wfElnfw&2OH{upGxRL1mz+7}ZzE=q(pEkh zjBh-;<5X1Krti^+6Q;WB%s+MLv*)w-!*x0NXat_G{p6GTJbeUzWob_osDF@CRQz~o z@w_jvuLIW#8cLtod}+kchEnZ2TfW7Ihwo^fgxgS)>t>0~w~a^5k`ILS`QxaC02XeF zNd-ST|1ty(+{pauL`Uyid;&=s#+QeeBM){Vd_nimilINHxl{G6mD*i)mV;XeEMLq*f9p!vy{t-Ns<#MF4I#T{&(OH_8 zg*7T)cS{CwfIDIkOObNv3=It#?9Xv-`5`^k*qVi)0Jy(w1lfn&4556(pS%CNz$GR; z+D`-q8A)4O*pO*|icTyr>v#)^J<)etXKUp!ruR=Eec3S^Ul?aR7-!HjVCrp5!SadS z;eslCWSJR^-wUYxiNI!m+2^#mN!~=Gy`!V*YH4Z@D>kr(u5B;S>D89^lfk|H`svXh zvQY8MF$9a!sg5G5&?I?1cqVJYsU;;}(lbzGYEiQ-H6dP=Cj2=)ih{zz!teTfdxNJc z%!C>o1v(h-{txT!3hi8Mz=+e?LiQ!#YyX$P1eVM4&23DKdoBDAxl@P^qXqzuS9A!R z>NgJ2>{-d)vUzH885XD|Pdoqu+T31icn0{c(Puy3Qz|^VfpqYZ+YeZkm}_5aU9 zRJ5HlHZG#2=^2Vfzhb*$rvCLDL@X>Zl>(;Esa(WUn7FvOMyOtS0^JQlJLz5Drl%90 zBIA8{>Xqie_r2hMl)y`LR@CPt`f4(fbRp}VkX;_|;?f%98%sp7^Lhz}G)FO=vkIDR z3)@|ZQzJJI4q}#1unt!?k%to*?ci}Zu-79vMsknvaP)vcNxAE1DBGEBXg}YU{+m=c zbfde>v7;d1aeAKA{IMs7g%ua?k?~vYim-Os9BUA zK9F13XP6FQBGH%`A@!P(|EHsV36ICBiJpZMXtkn)l-8069ui&;l3+@?lE@bQ*a8#V4=tY z%>w6dE5+_h#=aW>%YXDl>5t`yi1N5)WHh0DWwe}a2sdXhmqYyNaU}5=8d9_-1!rgr zg^FO-s|BYtaocQ-_#^w9;6yFZ9eqY2OnYMiScHH4#J_$pcnX6Fk<-olJg_J-LJ?wN zh?)haTPgoGHJVJO<52agc(Q;q!R zX*~2kE@;-sQc5-mASxUo;cv-dq7M;^jH(X|y405o*R|bt3FN*%RO!qIu}qGKz4qOm zBEx|NEF`-J297j%+}uxQTLN7lu;7f(A5L|qo4k=B0cw_Vx+idEe|vAfB$^}eB5J3i z=hQ)}bRta3R#iG__&OdBZmY-l?|i_NP(~kL-)@BuAIxw#^$L{K>B3knhTd3O+1Z)C zh{b=|Uzmv^g2<3-dweRfg&3dhEs0W!m+QG^x+q>p+x=k*>W)k>iATS@t@37CtQKrFMiYKsc~p;qvIqe zMg!__=1fI#yR1zNx>5gnn352lxV08WGWO}(2q{38ez(o>L>@rhQ%=U&!T!g+&r(dg z)M#^g1m6;Q_-TzjC~mZlm-avv(&nk@M>oTiX~{>&(FWPZzBCE z|Kc8on7RjN&f8_Unreq`SB3kEz|SZ9Q<~a5Lcpy@F%C{nGL4GsBhk?#a_m0zZ&79Z zl+Z*!9vjcmyzJa##JoJ5qu*ZYgBME=Km*b9H5)PON-wgF5Rb(&Y#mY@&}9BPSn}ut z0WyJsfrT81qkp_to>W6LzhF+jDJKH{jgo98C@R6}MkbhCM=__6=dwCtE&eh!ZucSD zD{s3*5LYa$RtOw^a07P@;U~&8d5c6aky7u?^Bn47yW$Z&YGdztfT4AB__4o739Rr? zNu;3a)G-eF26Ir^vUM+6#?znPq`LsLvUFZ(XlN^2$Dc;WBU@r&!Q-)>?12rR^p=V2 zP0!lI3`XaA(8-DZdcjouSaiV+TkMBikp$liVxZW10XV6DMV*=&&@>%49@`FV#kL0O zeDUZNB3W=Ba-+Tw{fViB!N0J{lT)CQ%e7JZw%+mVEi<4e+Q`g-k>KDxl`*3vPe7&N z-luEA{C(@czFr~bUBvdM@LvH1?(!ZjLqGX z*>dZbn3yRLp%`5$k?hhwlabR8{MU#%K7k32j(Rt)0isl({{kC48K^m4lod<3;u%3N zlK#c%{)z&5cHuS{bLHP>)ow*Ezw8E&lYzb5IpH$1vIg^>YYdJRs*p1=MGXmD-CQ1z zq-hJqGn=r@+7I^vi`5A&G8tRz#2_d>WSc_)h5HDefX6|&PM4kJGPm4zn7($qOZ^m#O$MmPzf~8H3*1QS z4Q%?z6>59UZ(9R^k`m42ADpHZrudpTBvrrx3P}8WIcAb}WeHm5Jv}rdt zHzL6VY?$J1ccszl&WjGpH*GStm(eOzqlP;{^R8;*Rw*u@k@5V#vPPOUstcUY*)_F( zja<=jJnkhq(IBo3_S-Ni4av~gLs+Ci^uxeF-{_{}g0vH)tZwjEc3<>-$Tb(KK-6YL z_$8G;MTZIPql847%XRw3!Q$&9u2o}Ij@CAUEJWHDys{9nYzeK!jQo5f@!r&W9B5^T z-2A|&(Gg=ufp1VnC(X~AvRTa8gIHffg7jQtd8Nq$cL!=u#jot}AOSL$1>EC8e34*I zu91HZQqF6r+hzIP<%zAXye(wWtmYZR+W zud+_Qv>l{E+zb!QmIWqHMxEl-G*3^f;H!)E5HroqylTaP$a&Ev$|Ovmwmbhoe{oJTiz9lBs*km)#XIqvDf?rKO`mqgUl$L_)YXlY|r)G*+*AV|BF$;b$%9SUO{Gxi# zwh(;&r(TAoFA$|1e0_6r$dyk|S@;rby*)pD2e{ZFys02#P#7cw<6@rv1YLiJvVOD7M2i6r{lWs zdG;t!N?R**xVWh}%Whsnko&Ga-ga+NNUhFBb{o){L$yu!GQ+{oYxa}tHmWof@@HY6 zJ{@ZB=FW&b5o5EyAP>fK@KA0G(@${~aWRL`44C59*qxi2NJscr8O{pgZIMKOl_v4=?f?%42Wd-%L|vkvUDcKx#>Rg#292M1r0aD#Ot!^1_`ZTHdv zkU3FZU!SFCAu%;(!wYs)>EbC05w?OP)2!TUY?R~dP(l;&Z>X7FqW05E za+Fk7iTRV?TZ5nNQn_k(O0s_pgJr9AWeIn$<#9>3j!oz_z0mW|r=U6q{#uq# z1gA0Sc<{`^l^E>TZkwe73ZDeGdgp651rbrRmiFz{DNA?Nnv1EeClbbuo9VY3>=7&n z0`9^)@#mS8PpFF;mI9~@Ct>%gl&mkz#Ym*{Vydc?UC(xunC9eO_mBbkB>+~%wL#di zj*N``NRmYYq?nw*Bm{!f>?2#Z=!M<<-~Nhid56{H}`=ggsI zbIJtjqqW?|DtpI5d}UN{u)U>04!(D-xbAOK<>mkU3^Y8|F=9B}`yp4KnzbJ6Q|%8A zKQ+9KKi}wrYZ4lidEsq;NW|=!Es-RM@2&EM$)hU${y4Ov-1U}i(|L-v9A7+%tD&oA zY=pGV&-HwlZ<8_k0iNHzPvw?4*S(& zyFMo`r{h^cB|y6+*2Q5L;;CF!6eTKS8X_F2jH{n@rJ4aI^Wgi##0tA(GbIDOgBMP& zpfmu`lL)-7V9-j_^sJ`SRsh*5Cvh0QIt7#zkhTUTP3;_=@6P7;O|py}HIyiSgL=jF z9qnWYjq7OjQHzBiami~+Gu5*9wNj0ET2f5UzL)8~aH!l76HtQa_C{v74VGS@Zw;m$ zx)SDn>LC9I`!Lsn*1C;QD$!Fy`H-vE@#Vk4Bk;4iH8h(zxEC2})lRTLt#HDi_B+$) z;CkTUdu*t=+D10|ym!+!+jsKmM~V?S0|j4$F%Z=Y%!QMHIq$vIEBmY4~IqC_BbCR!eLG8S0ah2&)GLufW!1Ht$-lHOewlrcf-RE7BID;Ve<6 z$0hReW)xsPryJNkZD%hS~|;K57&zQ?#~=%+AcHDqjpiCj`iZ z2AZ(YHJam)#F%yFp0o5JkzK_POd{Vl_%R14-Cuc6Z++qQ%F*v9uw0BkQ%_%;OM(aj^=s9VVlfy;;L)g= z`kkiN0&1ITTwjlF?bN0%E056`%A4SrlO{`5z*`>uEAEIx$b<22D6*lr*Gx(9nwkF? zF!2EQwL=fQsBtDA^0lQhJBT|X-IaXjt3`|iH zv9aR6Y|zrAlB06Irw6)#+KI5z8^#UPVCWtv#iDbJnh-dxXf-n^>s{gqH5fS2uFzC+LP5BsM#hVN%`63JCFP|gfXSd5EJ+ zze{w(E)MAF#QWQ-{Ebh3G8KM*BOJi484y8V34o{6rt@&1KjebKc>mD%?)>Pi#ZI>A zgH<4Qb*wD#<3Jgp*#Qmy=HS*Y5~!g?4xSa7Z1_t5Jp_Mx)b#SxO7$Veh&3n-_s;6| zVSZk7`bQE>Ki}l3=B57o+xgp*%_GT?o$38*SyQKCJ%d;KP3N?|jyLq;$kIloPh8gf zKFNsXa~K1IJF`~1xwD_p(J&VfiK$xJVl&RS0IF7aBxlpfff@2Q=1_j609n{zCc z?Cm!h?Bs;$P%{hx5$MQqUSLVW7Dz!=Fi=B-@BDt=OAmCJR*8O-XCYF!&m?ozjP`&i z{ChP!Li6(SGCB->pdi&PrJy5U26}60Ng$a4YWU~|`**k2S0^t6&)+F2P5z)m77E3W zfgW90(A*-%x;ot-k8y-g1G`sCj&dhfx_XOetfd(QlQZe~@uRS9>Cm5|oSSdZGmkC2 z(iW?$VU)kO*&Q!#AqOvR@vaBAe)YdikeAA};Hvo)=Ast1#DSW_1eH-5WZ60|p&kh| z+5jiEH_rVML%tL@>-k$EkqT(^yg%?YR%DNNyRK+jieqe9TWV<5y{vsO^x=Bqset3P z*2LN$^z9bqCPk^17$YDx>>7{N;BBdqk&9Q1U}TqR0yUm4nr=L5h`L=bs9d*OuZ%X@ z?T9|OUK4ZH_8MRBa^B?{iStOxM=E^U-gPeUq(hsb6Uaj@^(9A1q?ZbXbR4^?G)##_ zb|L3D@@@eY|6WWOnx*7)1jBSh z%lqf`34H46T;d7L0<1Y}0oUFbC&ybFn>}%5ShxV$52Zo$RuG(M#b@T-m*!@M_bpI`2JMV8u~K9 znCJ^4pG;=SIev%}um@IG`KtE~yv^w887(w7i#6Sz4GgTKd&%c3E0MTq7yi9R_GGh* z$$DHo%8nt|PTv3!&Qx@dr6u&Mvv!RYtq{>4rUIO;^PE57T64Vz_^EEnA^1dY{hEL5 z;%?;LFq~nyZRTHz{wdvfA@0&uH+{-hj}($9N8vzuEov&y{5A@+L_eZQzY9IYARTIr z=`mnroPv$57iggI9HWSu)~*@>Iv|13N6`4(wmn+dRw+)OO>g$aR~A26x^#ATXT*ha z@^xX+&#dWdI19vRSY$bJAPk?6`JlfBHS= zjh~Lww~kMdbZbROlAOoXoGf<9Y-V~Lbhe)x_UGz0=Yw%|PP5GFC9u`3OWBH@gULbH zT+&lTz!9JN_SX>ys_*dpIYl&FD?DkFEZ~s{nMZ2K0w;m|guDA=)P-3*0DoJhVyzCw zlm1YgETbC#W{<&ke^NA|$~f)hBuFHKDd34u{Y0<^q(3pOMGI;nnkLM$DxgTMMHkn_ z@jN>DMHgfXXtU`x__$9#}%?9_f z%Vu=vQ-rtGu?m$|c_kmtwbPTX%XE+LlE`w?j?xr@u)$(SkV)<@>Cym~{}nmVz2*22=M% zo&n+{krW~H&gU+zb{D5}8CwbF)c})$$-*{%Kk^v2o3JUy`IWL^J?+mtrK=g}TH2u> z?eOj$O%+;A^KZ0}@g$Ntc*ixID&mNkUZt}D&0R8i=8~&lfLP-J&5KcU^$}~T+;|>G zhOtD5Rmt^UpZS)iG6w|(5gYkwCqSdwP4PNo3D6Go+L2pB@R0%$BGub_PMIxv;cKti zi~BSVzG5QS?TiT5R#2{va%wg#a|B++})gz;h3U z`LYH?<7ROu%IMS=0anJ{oGQdEyfZ-xuF-_SXGJ9moT!jTn_j~PFasQF)~vB}9K&`` z)}OJD`!V{(Vtb0gEjO;ga#O-aem{3s2tGUOz79RZgX3c^1zq1!Aek~ZlA({XHO%hW z7K$tCbiNxAl4D_UxYdwgdr`mavz1B-lPBcO!}QLw4mIkt&Bpx?q-7&%r?@0P5pU8?Nvf>7be%cJ8`_H)Rhd*Q-b(922c=NJKu@OIQ03`rJ z=PE}Vje)nDwHA#lQ#|~=bjI-#xjm)26K?|Mk3604YpSb|9C`7_=_7fQsee>_tx|L%9VhD6&Ckqc&|+;@I^Uo->tq;V)z46-G^UcZRw=TL1@nF)~6z z5`J;rsF;qJj;`48v=ccwfc$g`5h86V6FxP^(BB(Hn*@wB8mUvTqok#c)>WxAj!qvb zFK1Lfa?~xQtt*gUEyqDc<&oq%4Vr3iL%Pqgz)EZ^J)vPL3|4jNt@uIb0%tNV!FFE~ zt4N5|Pzw-3uB!vV(;)UFb&@>o7zl^)0w>a-LI~?IRT|(F%0xWT42~ z&l)7jRP0(_S5^ylvHqQDHaCT)1}`P^$gn*m3G>B70Gt1H;T&2+ zj@dldNE$!v5$3t4I7udWZ(7C11ZO&{y)9H)Mqol64Tag0#CQ3XF@?Q&IA3YmPaH4o(wBA^R%Rb6J$KRAn|dHo`HiL>pHk^i z4Qyd9?p97FS#9Qk#NDsrA|?2dt@i*h4~1)R8&;-{-17%~mYN0+!1i_a7A0EMAJIu*LNuoX34e-U)CVrm4!Cb*pQnK4|UC$iL9CT_8!efx-&VC4>dGp>G2y!#wUQPC%TsqK+un<(F z(+fYV(>Z?!dZRL-s=JvvFeDcBzN z>=gj-U2XdA8vv6Dk>ATdLx4&2X`Z}*p`@U9$v&FrawY!j%#xNL4MC5Kom=EU;wxV6E^r+5*A`2#)*@d#`xDI4MCs~OJM)gJ z7gJ6d?KQa{a>w}vR#zhwQ{|f)4C8~8RO9KIbBM>S@*ysxfQg$EcrElSE5-GO*M=R0 zSm*~ZGQ?U)Nz^QLoAhqghdDel%_byY$$X8D=RDxsO@oaWm29;8Ud9;WK2o%ygK^EkspPBFK{N-JaX&M@J zC^+xGLp$!@>XzT7AYsz^aA$#-1`RG@)6+*9U8a#`mP7FTxn|ANN9Ju6ZTkvoQm`Al zGPAgK$Ilq^x7)MW=A62>zQrh z77~zv2T+B{!$6v<5u5EW0wReDaGB04@Pz(700(Rm9)O?ZjY{Ow*1C`tD7CJ$mbHD1 zXY=^s4YL%(Tz~$}cj(hv8Z6;}p6or;tVs`d~yX%zg%^!!$QI%?L z*S%RMD~Xeq`A&0|F1Kysj5-}sWwzV#aH!CI8g3e*%WWYtv&xgRCys|i;Xbh}bJk^; zV_46zhF&hNIc|*z2LJ@}2=eSUdt%gh_#D;WL8QksH6r|rj)cw^7Fjo&*yc)YK;hFtJg`R-=A=qffU` zKaEW_*FTV=^?rTPBnFqtVtOGIy*pFmb5h%l1>hWG#i_W@d&g@hm_a1Od6fOlIU*Rg$+Qi7iuZo>N!yIrO6Wcb&wlz22s znt3Ry>oKEEvIcdwI*d5}_%bQ+$1tS{WUyH5T*oI7jMfux<5@dbA`gL3J@>nKkt{h( zAa%7W(DIsCE^IK~$Z0ZNnn2*RLJTtKL^_r~6;;=u)&SX*t5k>GHl9gVC^og?1+q0= zfJsU(K!mmD0E?MmaCV_eRYy7!pVa2!Vw(K2$(Q=wI7Dg)JoXs(y<+~F z>&>9=NoPBuFw|~2B3&ks0u{KuM)@+%SNP`Dp@oHvecsCH?zAMwTcq%1X9d>V8Jl(! z5wzP<+hCj~;p!!cSc54`$=(8O?|IxQ^Mhund^|g|nqAxY^BXIfg`Rb~>jjsqo#9nX zv_X{siwJa#EQY+XCsEtMze{t)8dyNqCQ<(`rZjhi zp4vaFFKHtnCZ_i&cbm4fI^G!+uP}*@it5~_a?}q4OY#vv7y?!zC>9nL@NhQLA@Xw| z=gH_iA;m^AvtqkHOO=>oCu?c>wLYfMaKl-$1(EJjKr3t(fbGkH(x}azsjpewhu<6D zmfF*Ea0Jy_!$UL&A$4_5;=NPl&h5;@E;$Jbt4^QGqa^b4yM8m|132f1ls2|B!ZL^b@FA+O(OA z-IYCDKGzI&NFW_jt~0ddgNw>X^m-XjS1%4P@sg$JY_-X5GShdr~??0^{D<)J!ORl=H@~Ea7Rk_^PfH{kbyyGt@(3M2Z(B47>Nfb{!Ko#pi zaXXNV5`2DEO4S39FjH8z>n!aq5jvfGI$cy>87s^qk4lm~<*n;YZ7e7ujwBw&Uec#rNE;9$_`;Zs63czmdJbUGi(4_^m#%zh*=7H;~UHGOP+3L2Fi5Y zS`k)0>Ees$T<^@2D1LW;P3V@bVp<#Kdb8+MfgI>+w?9XsAwpXB4H=iq^YgLM4>%lv zCc*hdUe9vVcM5rUmU&C6(vss#U{nD_kt8J)!iZcvbyNG}lDC98Gdl|$0cvyD?nU8N zmtaw~3&v!%62RL0IA~RKpyc$9+qiK%*=aKulEQ=$Z;6kk%z%qUYISiG*bjo$P*Hn5 z`Svfdf_>GT5~ttaCS8xZq_3kRReF)ohC*IvyZZ`%j)=A3wpHdX`6%uTJuCUW)tIp+ zHL6L+!T9{PL1%(lcT*Ns(~WA+a2au(kj8_jrHKuF!_u!Y({hxr?Tb7Dk%R&GhvSf2 ze+-=A|39|A0w}IM`8pvGED#)mL$E;u!94^Wd~hcuKo}snyE_DTXMlm=?g_yqxI+l; z?*3ig{&)Ait*`19HN~BxfZOxy?$hU-ZrUujRva9x^2C19RG1&uR&u-iXKPF5xq-p* z%_k9&X8_$J6hQ|m#!FV@`1FwGrQ%ClJBQpadQFg_456N>sczPjRmo>=dZu-?dn1Q| zcL9#runYwd>}FA+pjnIw55*yE+DhPfD}}w)L2&NaY@}e&%dcFwpWRO7+^Z1to7&W? zakKW~)$JuITG$4_*ki{y2syxGq!btZ9*9^CP^1MMC^hc(3>lX!s4dHp9hDnyUx%qJlILg>&7g4nYU7#zUxXb^M2!{~T?UgJsZ;EKVh zUGhHPU(b+pHZKgkV8EP%;3ert2Ee;G)a2Q-XJ$RaA2D}Zqn1oT4mG-vK&7t|XtWS8~7cuOR<-8E{r^4{&*4fXFFO^(uXewlY} ze0U&Vwcr|XHNuon=8o8J*ue~)HK-_4;6MATA>+JgFjegyLuYI5*`_P2KW3b5 zHGkQ1GMV}~@&ZJV;WG`)f#mE)Gz%^lLiT$OQ~g0dOz`_~ck$Ryj%H3fcDs!+!{S`_ zN!JChss~G>EwCOQ%Ub|`x!g*eIGvn30881*{(SURp2G-2Pu%kafLNM_nhKa}&s+K| zeAw~i@HvXBa?xbNZ}PjXxq0G-2#&XJjnA#jCx<6A^s~!+IUmnSPBR2|D=Zuw>IM0k z3Hy%VrDfq2W(hK0>86X_?6*emki!(raWC&93__*j4^#vtMD~|EmnjJeHICer&>L2| z_UabIUQ1*OV(J8(p4!*Iy-Nv;kMgm!s*1h$8;2En?dKe;Wxe`piz(x!ZWid~fH4t$ z0>n1|O5t@a%&2YBcI7pka_{Tz_d!{dN&&?anKSj`Zij&aige~BaNj>XF4 z2B#dMc)*t>Wx3V#Go8!u|(R zZg9Z2s!Zq60f%#-w9K+nFUjLm6kB6XX96YGj4>mpNOLuj>*njVq zi`n<3tl^yBMgCs1NivkvX>Xb;{XIH5ItwNfi;z5;S*H8;D=4TmomTlU>zyCS_J-B< zT8#jQ777KSxt^Bwo*WG5#%oujZ2s$|VwwTT~xyW61JR!Qj3;KvXXeT{v2TpWM;8@az|Fa6;; zIWG~5fkBBTtvFn0Go$Gsjyf5tXt5q(lB3GT_LexrhzgZWYzv3{OM<~%NA&b-lLBDV zeKKq>eVD)M_0ey{ARo5DsCnL9W)7#fECaI z_y;=km1ZL40guZEqpM|cScIw#8xD)(_~wFuuQoCgXy%OHB+RDmOIkpq~!atCcUkuegfJXSfc2va+f zneC0A7O8LMsN-RKX2CI-nT?ki+ISCLb`hJ*Hxyh1iSTJV6PYjd4oAhb=nDgpGv@P` zNf{N(k3^V<_1bJyT68e*=M+wgS$*`L;*(#WSb9X9?!Cr%gg!B3{)}&p)$H#}TQCo% zo%!3>uJ46oGXpz`O0hDXZ&ZU#tHu8G#?p-f2|x7UzLD)TA@y6Fnnqw4S$7jo( zhBS-Eu5;wdo!sFs`c0^P)g}v7sxV|@W)63^*sN{YoCvTD!i6n9UAW!)4!S|-h`+b6 zalZ?)Af~Eyyf|^Jkg&s;m8_Uf`Teuxi`Plbvq2VyT#7nwd1dHQLvCCq4sF2-34a_y zW70vS?TYv_d2-dG78wDn4q%MDE%j$SnHSR9R)_KBy>N>o=nhC{6?ziK8|Iqmbsi8??QHMlRPe(us3)-#t>;^`cT1Ua#4}N( z$CkC6$_FHd*YIJbjq}qXWux^q=W^ zD`_1E6|s&0myQOaE)C|>Lu>_K?B$!ZCIRxf@n<{=NIoVqqM@<@RXRRckwyD3F~Oo> znfT^VTa{N$$|uWD)HI>vp>px{GMYt`*kY<~sB-3ZM=zG&+6^R)aN4vxZ_gFf%?IRh zZ)j*Z0d^54olfBbQbPctw61*X+ZP34;P)2p&!fF~J_&tSH`Cz|A}T`I_ls?8ZB}?| zJx4`wydq5Te!%kU(WH&@L|#ZuT&s<#nH33w}Z!DAOBlqk3y*82nW=I zZ~xK^`K&8sAtifBRhj&F<+<>A|A2Ua;-5(Y>uJUNG%YNXFm+@NJ-yG663L*@M>)lQ z^Ujw>0J-@*b8`TYxI9IH{wBVwk2MQePMZZ%DH!>*WZyS8_L`IQscvrI$A}Cd)_0{0 zS9`EeFDTk{cD>Vww6anXG8AZurxanw0P#4EA(8+k4h86Inz>k=-o5hy*9x*e?An2z zXK>p1YI(||Iz9n7KF^=0)aj{^oPkW8L3;0yGoUay<_b>4N~o-l6L}aiHW`Jh6oe2GK|62NYC7kbs+byn zPXdAG$RXL9c!FQ-6B@GODS4JvgT3vt87l>dRTCb z=fnhJuT8GkwHDDi(v@ZQcQvqUW2vksZ`?d!DUN7nSU^? zz3s5xY@hoTMyM2p{ZdmqXxt|Ce}j(o*%Q&%*LSnGATyecz=Kr8GrY3HZ{P_P*7j@- z$<@uzcX<_y`1O(z9!SF?K>Z|yLMq_t3pC?k9qQLx!`Vb(Iyg}jJPC~sdqz?F<`Z;b z4&g=)8nVc@shTF=G=X*4Y84oJX){#}d6qiYO9h!~%3HG{_j$7bc|R15sRBCI=l~Pc z`Si)ybj)e-LG;zDjm`N6J9}-xVPPhMfz3`eHB^Ypi1m;H53WhKl zEnY^XJcx9PX@Yux-uJk4*)Ya5SuI{|Z7n56i2`Qf_;!d2+1|5{Zi<-{>Ta&CXg=^L ztfb1ZDqhz_ivILW79=XDSnu^o?caua7QQy$_>3VdQx^ zhg#$9u=~9!P7$5>wra-M$vu{=h6jwS+7jKJiEo*8=(I5v`j(s>y;|*q4!`I({5NNb z;o|SZ3mrX3wb_-0vVTr*Ow`v&p}Ss1iXLD1P^$&_qM%GCi5fvdZ|4RFuS45DSo+OP z*CPY$Kj8VxCwlK=7hjTnTW{b@w;JRcLgM;Qhw-l$X=&d2(nSU}zyLtcq5m?x99)7) z*e9ALgJW3N_``2WdZUN%0CSQdH+&fr+^AA z(c_fe<7xs78rG_G#s)TZmvw#V@3>f1TXcU-Cd}4$3V}|sR(IKLYx{I+l4^?PE!1XE zAUrHSyBH~{o2TiJoC9&OM7Y`?=`NCDzXX1O=|zG#+%tTkx)QFOue9hixW#DwKwl#H|%IM z6$b2p!CicxCTtftZOQ-o^?UpqySv>q(kn2I<)Kl1?T;UTV@tQ|O0vKK(rlB{OOF;P zEt!C;YHgk6;2hrk8D)TiYm}}~>aXSQJ*m*m?JJP|6_T+1$){%l;DN58xa8n42K+If~l}>fKhbusTm>!2MKZMCh4^V%lw?fI<-&>fl6$hTSh2kH7 z>s@sOT?jr7@8cQZ9U_XpY_*BMBslR69KcZHOK9|u3=L>66+{KC-k_J(yg@GPXB4jb z^_VRFcD*x<#Trp1)KBB7n~cnusL`0>Ah;`cPFOh6+yuzHLt7YBawVYKqYZ=8Urh)7 z&|R^*L)aBpI%LE4cTUPP^ekqi-w7_;alHwl-};y)Lm)0XrUbk*{4{j5TC~y*PELgF zWAO1ZD+<77PQ+nzSRbt#Dv+_c`5u5WwL=}WhWP>f35`IE8Q>!LqyWXRm}e_i(t1^4 zwU}lRiX79iyfHH`3!YAAVnUqsQXw^Eypc-!rmBuQov@R+r<~4-a|t{fKk>TUS#?L7 zQ6itX0+a}ESBb5UL(0Wx(~#F)WinFH>Q-H6Jia`suB8$Z@^jq#Ew9sQvt+~~ud+J@ zvF;K>8382#ZyBl}9HE9l-IhM2Pw+nG1do*hJTQ!c0 z1*p**HxGP^l3%Amihca3|Nh{MQT>AgMtWllioS^)bRvmyo(L>>&XqviHH{?%2v^tE zlTkeYJ3{DgwBDWY{igw|p+!c(A;@(31QxSeTx-btO6~DlolOw48vh zFe9vdr!KnoZ*QmG%IW_2d9GG04NeF<2fRrmYZ_a(IqDMbS$hBMFfBa9)z0j32{NZ? zmKRy?&Ntu+U3D@kzr_1PeaJvG9_`a`C5q^QaAKD1; z@Djpg<*8K&R;#8}$pgNQ;PLRK*y`>WYD1tnDU1kXXv$_G$^CGd-Opa3w^-A9ykD>R0mJ?d1n;*H(r;wX(6w$(_vKaS5fK0bSMQ?JBdJKb06Gi|MuOl{$gXoS-xL7|&NLP#C$bNQq=wHnN%+b(-$ z+p2*Vr+LUGoMfi@4u66HBLSK>!CSaowRm%InQ; zBGZo@jwA?22c#(A@k%Ol>K@BapRxcHbnizv@UQ9V~nC*EA`X$sq-zBod#eTVSLPTDWj+& zYS{3wQVQ3JGBLZmChf?WKk7=+UVf?F$pztw=LyEO;f&O{z6Fnv?&;uNRnPX^foB%2 zRV(d{gHv%+*2a!iE37WS&r)rmj`8`||B$I7U)~fhf%R zt3%vsnvCN4+CCuksTwm1DhpHgqJjeYhE%>psGb~ODQ+5fR(&=1{AE?B$RjHr@I$+h z<=G0i+vuoyvv{9QNPD_771b3H)Dx8 z2}kwL^``=>9z^c~l6v}!p~|#VC9+92TgImV3OClgkr}%`Y3cvg0c?vvc6UU)?YUMb zmZW{M*xYz(eqg7W<;nq9ZN2}kGm;wQhTaH`d#T4UAA~b13*!75Q2eE1S(=rJmHol8 zba~*q`_^4|bHnnA^IH&oXIH$EiT*3&5Do2G6QL?-p@33W8n% zrxmZj(>pd9S6nLDlOTo(9Q@TsCe`0AUK&7(84q2FD=OPz7SR=04QS8$Z~5~*1XV8W zO@`;?zByH8NDgkd;&8=E_oJR8E2aIMU8uZlt#uaYYy))Wl zXgLEDJA24%4SJ2UgQn=|T4+4<6*>u9(_`j{0{d$6f<2-n-h6$dh8 zJZ?@$2-HGP5~jh1BMGo_V4w>aa)YPz?ILE>N17*21P)phi(Bt&V|aPl*`wD5&t7=6 z-hN~RaTAIhabKtfT>mPOy4bIF9$|`4d5MOmdQw?gHSTOlEpmJLw&m))$)up%&+zkS zl+La$wCp08_@4-$9Jg8?e!C59Q$IzBknnyetBeJO$-q9s@#5DZm=v&SRqT|Mj{Mt( z@0i`UF0f!ZrbuR1V^bA7LY2MAgYzVM5qAeW!pEkyR}4ZyVF04z>I^7X4VF>!0d>zT zsFG@t_O{zQ(yVD1XPX(@fTljaGf}~0#)%9G$sSCtLu22f3dLoGKN3}aKUy08U=`4L z6f^P5Q($KrBTL-Pr|B{>Fy}4j7=e_8>HWWH&CG1KKeHqOHy75Qjhw~&+Y2C=gX337 z07@s#q~tWM;MM8dYCzL-z12;zT0_R^%)7TxvE- z-T-6aLCV~YxKTD}^Wbtjb;9QK>Y$Bde{IB<;5W83i%06YsV_gfH~>{(c~jPe=rX*( z1#pWWsGEemI#t{#IpfdUlMFce7W(GV~==v&YB zNCFCM_qoYXFTIwO-+9dpT`9?_Y1b%S0o8U+BD)R9&jqPl_vgT8pA)RNwsx#$bZs;S z-=s7hG{@fC{d9mFc45}P6gjWAr&>K8)TsrO0+d+0l3CT`3=dYxy0Th^Dew8jqHO{d}myPC5UVgf57G!7E``3c7P^1iCY9Z@CT}wZjCqpEf?5y^`lAxP zB)dDQD_!YVf^~)(ZCFE16MWo7`fe8?T{EZ?YR19HHLYF z#OAA7#?g-#Iwt&{^O`Ujs<;zM9u2{5WgkiiJ;Ln+iwK)Rs0^%!QwKXW1+ie)cR);q z0Be11Lxxb6;AKh&jMxXBQc$0gFsW^*nTlHdd5Kz=NoZ}O=*JW#8F;29E?}3=2VQ2q zgtx2`&0YQz9_)sS4J_u2--oSHtHj2_t-0~dRGP)y`>5SbUozti;(8TpN`LcML;GQt z;cO*cpd{5-(x0BW%&`HUkH`o>HXFXnFydKG$#vNCKx- zN+2c~wFu$e?Th&BSq{HNjm5h|+=x~~UO?CJa=~M$B`zgHBBbEuXh_Wkq)xUC@IJg0 ztfjRxwc5FLc};dz+8!@#F`H`J_mKW63+~6nHf`fbo<#BQJmtND^XK5ttYH9M{NbRc z>_a{PNl|Hc~F&zHKsl8$l#2H&{6}KaMHxAK(TqEMbW6 z>;M*D^=*kgQ5QdGy?DAeUz0i;5U3RBYyhzIw5bsK)puTOE-FU69&JWF+U6A*MfSB3<6b2Z%P-i}UJKrh?kUTPyV%TMz?py&@!X zL(9h%gJouF#-lo65KV2*I5S6{Gb+WGR2=wX;;~8N_Nuya#^i~p74XzlY7VXkLE9Wz zmdw04$*1x8>qM zU>S5DH4D_vVRf}Q=w9O%kFd}GU0FX+HV?j4M|~=0Du#Lk{(lnBul^@LVM_gJR*;z$ zyLi*w_;g24Ey98XaAN-Zn;hweOLR0EuZx&IPfRWLWpG>m1_X320qJffpECkP-v_!j?_ZsUkNx{UKM2a^FF+_+{Oa{yP}l!p8Gpx=r!z$EhaNFGi4p6X@^Dk zGzBj^1wXhWfknq`YF{Yl;m0-gTd5{Fs_)}L-?K!ym}t4;f&F=K%Q?fh@A8+w7OCS! z+ih@|{SHG{MHb0uqjp_(#FV6&njGYmmNdy(g2mk9&(RI;5t<_L(F z1o7$e@{##7MojiptoUp$cn?ySJ!Pa+Vr#C=3;bcS_#<$@yN*B|E!G`4I6jc0-`-H|(d0N@;>Lsa1(*3=Kj}C6ZeTi{ZstcL%(3Wc&Ax$wn1e-*k82kN ziCF9xgpotIbm0Y_9@k2ro0PUP%qOFt(d@Tw=!ZrMOCPkHaCGZL0S;6E4qWP3r4!6~mZM65 zEkO~Ajp;)^t{3d0d1~Bm4d4bvfbXS%(@499L2j#ut84*}aes}Y*yYLP$0+sf1ikAx zB~4B24MBn-p|b&9e)r2@h(sfGrIH$|6|;*93QMArch^;1|8%x8YO)cDtA}BMD#1s_ z#kq_9ImKAINS@-ZWqQk=fq^_JicATB!UUgD6uCmQBv_ty*m;O{@wz`tWCYg$Y3-MU z_(5ntW}&t+R7@-fFYlNyD5|5VV1J=bF+!0@M4vxP-)oQSbd0SS#9>Q9Cg3UdMdo*j zIUzB(1%n=^hc;~&^jR<`|5F0m%FC~1ZCkX6`C^95D>L{m%nHn`tT7KF1L6f@-hDYL z65derk!-vav?WTQhXaDgAM%OOKYz`}505AXu`nZpyr^6iO->8=CX6mfg&<2EMc(qx zWip8{R)j4qEHr=w6b9B3)b?EEMVB8GFIYoRwOK&d6lWGbQGE(uHiB|Gv2(?1peXit zECvQ%ulbhcMmfJMFJ@^-%Y|JCI-Kjd;!c~pF^aj zb)cY*%UgYEFgPaD{H9|$@bVIoN=`l&9l2h9%_?e?yzK&TJ`~NBipmMj5DIyqt4NxN zmgp;E@$`#CG2K7gxzCS9zR%bHS(^7#z$*{8ZBe47ROfwZ27VY$oXau_f*d7}4YF}M zCtsu6Wle$lg2}K752Dh=`Tmo?>F+URy(xO3orR=j`|K>@a7;H4`Xlk)Ga5!k)d|31tY7gc&^(s z8>$~R{Et>X{|Gx7zpf1q$EMB{Zh4(|7(b_Tw_|k-s~()Avdh%2$b)n#WN!3HWbSXHRA0}Nu;tTu5)DfzJF`rn_O}t%e*}7O>`%0 zJ4{buW>2*j_gB7{|L5ZGM(R+v= z_kTI(PJHg8`zL+TDp^?IW^tv`>0;om;#}lDMoU3#7H1tVssG!ma5DetxKSA+6>vW{ zjTru3b!6?Ti7d6M?YXes`8Vrb4B4et@WDuD=v9`&9*=*&oiQGZwm5&v?*=UXICAHIa-fa#8~j z3dWDN1Ao8&9q|-Vy;M8meNa@-%9KQ#41ImRJaMi?G6%#^v(S+0^*j0oB4N*4O*A{t zWPwHLdM%ZDZRpRWiie-^Od1o^ICi7zXRF+a@k_Z>6h;7T5F!U7OY|4Xm3-khIjE+y zSnI&VtaaYROpQGH;dM-1>O}2p_C4SOllRr~w*Fx$y8ixTgRO^-W`OMW9xMC~AZ(A9 z(f0#>;N$x*DTHDW7!(y>)`a7@2%Z$?sM?y-Y^W-}R8(?9J0Z9YT})t(r)HAiWn$_O zp^3Y`%%$Rx9q@2(wz<2;Xdt_;-4hsT)guusGmoX0zYdyzEprPtl0fr1_#L6mWiIVA z1*|%)IILUz#CJDV>0-wve;0Rnu`lFoHT<2FY80}5TiHRA^Liu)=qlMm6axNmN_YJ@ z=EBFPO?%V3#L11x&Y|v~AIPh~`_Ux633QhUvm7NO3mA^;$X`B_pjLSmRvm_y#s5>L z0~7Nck|m9xLIUEDx8;RZM?g$i^qlM}b3v#Qy~dM&^ogmAY`&JO*2jU7Rkn;6MJs~-OI-RJ#ui)j>I!l+xZIO z^dYns<%5X6%Pf|r?II=KAODHMPb5!WYp0&KG(_q0=7Z$$%2LJP} zzakz8>^JWbKxvS-+29GDi74a1#C{c{|9l`GZ{s4^h<(n-pdr=+q+YYs_4T~3t$sJ# z%DUO!kB2(P1*&yU0;`C)R4X~?==nVAUH7yB+j}N;2DZ+EMRx&tAu`kqX@+Z)egbH+ z@CdNf-eRuxJ-+Yu4rno3PbZv|T{lz`WMyt1cF=bB{Jk)FDcTpnBI2;kW@RK-N5lQ{ zhui48xDLV4B>SE7z0HLxWCxA+6-K`g&)!;?9qjM3_LJ~@3C3sAD7M6#lBp4;k+$Xs z|LPVah@IY#9mzes52BDMXeATC$Qj>ou$*mBYAm-#P!)#@INq}$8PMp`War>Wf1S(r z5THf3qB`fdJ5L(`OcS>b`i~UKGN3~Am4TvZ(~xvsN(_WC%B@WzJn@_{Lp6JFP8U&y zu|SBzN4!LpXpK=$Np)0w%YdJ-T&$$g^Npe&)#f^-l)g=mz|qwd^Vj0ARdVLe{Lt^J zr#!)m0e@8UwrVnQN$G2xRQQv?*zk9%;C2XqJ4gX1k+?5rd+Yw|_i<@m;>6Kj)p4d} z2u?a(j2ryCV~Ab;;)gm)h}|3sB8-Mq-to;uusr?+q=+zRSsyH>^x6ha%^{Di10LBL zLkZvFa#v@j$-20SrB__K_d|xL7Ili1!Kee!WuNZOyfw7}gvb727w5y})>m~=`#^H> z;C!y9*o#A}R0B2!L1~dU1v4^im4A#4Xb6<;DkL)MY4hjTTHet)e$fwLbm0H9+Im*+ zWQ|6O-W)i8Rcv~JcXewbMk&0_zJGfWz@NHZ()|%a!J|n`t}$+_@b7>F&fD*#sCo3- z6GO>>=7c)U^zZTZc-I1TxJbZK+8imPmJHUbCPQ*sT0G0I@b;faF^iA7Rc(iXQU6V~ zzv(KPloT}Ey`l2*e5V(LXhid3;<;@P4PoO3_H3;gOMo6AP>pSe0VUO+Gi|Oh!T8+i z*{iyMlcS$eZ?hJl8RFvjeTnZMJUu!m`zIjb?{s`0F7G(Quk4vwb(`}h$J7V$Hu>Go zHv^NaJfp8XZZHAo=34VP^|TWT5Dkk#X`01U-H-sU+kW$QJ0p7RJ&1Dt{5i&M)Vh4? z=P=_G@diEqwt)EJDU=VHKVWArda3uT>5JR`CxmpxoiwFm&vA%6`93t;x2g64GfN~} z2#lo+G>~5RL?JSAb2__awBwT;LhlaG7s@x3N)};yC=#J~+%x-XAR1&99K_hmWd8y@ zWQaETsx9$z+kv?K{GwsiU_}_p#2?#~lpfZ%FYMMTzm~!v7C;SKy3Dn?%#5jllLDE= z8k^jv*;XJ(L5l{3D8_c=({R#GsodR2nyepF&y7ksyJAR*`_rS!27FcJwE_FUFTJul zu$KZk*K%`n{J(Q5G$ud;@@3Sdbv&pnU{t84`{tB(a`N(A_4y!$Qa5@*Dv zU+s)aaN8(7sFGs~18<%vu*I>cNTM}KGsyc^;gsN>$+Qym#nNqL1D$LV=$r=h0@>?+lAjWMn=8 zOM*?n#t?hPW0|uKZTw`k-_Jk5so$s>DYI_lP0g6L(7#%G_iZbK277HWWV=a~a6~qf3dJExR8s%d?Y& zPE2{5>Z$pE6IWnI{n6f)2MX9f#%=bkt@bG5g1ktJ6D7t>0(HxpEqlx<8g+^Vgc^T4 z6#radQ?gMo4PGam(UULv8TW>T3aIw`&9uZ2%DY9)L}^}+aDnD8Ya=yp^IwU=r9-vi zik`J={jrZgeAUAEKb({^LVv4@VZ$Odm%?hgVxl?oolO2vA18U0OY1ZkD4@X|s#`7%Z)S8HpDqs?Oe#EBP%9>$6LtP@Em$sW9e z$T2zxhLlXl+t*_y;H<1R|4FCefO$d;8U4cpIXjOTpL9xzB(Sy-ejUVvzzz+;^5=#g~)Qx zNbXR&kPS69ucc})dwnV)pB6l6e{?5Q#;*i$z-ud+Hs>2 zM|6!E%6Q%b+Pq3pAGl_0Je%QmWkj`gE zG?|{L?Xlu%NowLPUx(Jyx-XwTM|Q6H`uF3<`3E8g6Zi}}XPhX4;j9r0Hk(fc_P9#S zYxzUcRq*kDvNRBFSkK=}`Ut-<=GEEh3~2~L0K4{rZ}lOH2J zDy^Hc`WdQ9H>(*^vdhB4GB6u|ZuSt%A2L-{RTYaj+SNtZL?pE5JRUXO*w8>_(AwOS zs6i^jjtbH1cp&62h>gv?Z4-acI9+TL>~FBsHgLUT)oDe**qQiob+R$OwK&6r9T}h> zl&&LFvuiB<;$SmeKZ0xxCf+6ZWA+Za-dOXUp?}_)7+b3Qv4J)e%+3R}p{m8&NL=RQ-_0kAUn`Oi;aOG| zd;5o1b2)!sc_K(x0mn-hCNT3m0fj(vb1_&8M%Y(f8AquVmsN1U!u`HtBqZirwot63 z#vgj2Ju((hUR~WZ*ptyewos-81pq!?b_Y|xwZodhmcmhzjs~I1uVF_HTSpT_4svA1 zMTUnG?BZpEP-P=JVZcYfFLOekyJQOA<3(LX1-=4|hTH*5OhpRB>0r+p42B)5=HWkO zMD>^X3Z|Ae2QlDR;6@3#(R6aAJ_;Kd#dY2IN17RURZqb zwNRNl%jxgYa!GeCE7fTtAQ$G`osK1<2p|y%%(CB*?=d#J%PEM1pG3o}H1wI~U5TRn z?d=E87^mSM1*X>_NJZlZHqr?Df|1=mVeHe6%xD*WIODbXI6g}u%Xj2O3=>_9gv2Nt zs{BUF8HS5jMBiozeO|Y+=QpNWYKd78?e9N8(ia0eGv9w+<^$^XuY-v9^W~^f9aUQ) zv8Hdz4Xm!hqX$)%$NtJb0~t@kAcOY=M~KP)#Yz4GO`Nq6LK=;o2(A@H&0c)7DkiMY zABiviZwUQ6^~`|3O9ZF=_9&rfpA#7P*Q4yV^;zY#(WBCbkv~x;iUy~t~Z0EyCnnkn8 z1F&6sDO&kuDRhXT@kdJ5(I2WPvhM?iIaRx|A)kqf2^jmO?ZLj|Nt%92QE( zz6h`CUAnE9JF_^fLhM$HGb$d>cb^Y8BKjo4fN7R*M8g(Ih`B}rnj)TfHP5`J+>*y4 zY_SvmGtsF0-jL=Vf2Au~6GYA|4u8uNX!P05)Pa=tgLyi-e9?68%5e)X^BkGap4cW7 zN(zf==x8mTD^!^|9YU%Xs4z`J^T(B=OhxfWrFX%}gJf;c!GnkL8xGC>di3k!q7Sjf z`}A5BSYL&)>4NCD+_zT?GCrxN{R2~Y?C}OrH_3=OR+zIM(v?jcq3asI#()e%S%94d zF#Hd0UV1&WpcAs`e(ww;1k|3sM#7zkogHi=g*LG-^hW(|E{>)QNUXP4QTcwYF(s~@ zR|4y2I){MXj1}^VIGE(WS%?keDb8Iyt6tx3S&+Y#R8;!+hLa5#<-Qr6oDnZh0{AhG z#{G<3>fiCFqY+Ax;G_Ugx2r2>Y}b~Lwp#;7$lpIOctaEzQGKcCl}fUYqIDYUDP-vA zLeo%D(}h~|M#%TYYWi+xCgy_J9kKQkpHrE|lyk~hgXby*=q&qL$EeFf<<1bs@|w4; z!A2@Jn%YSOB|?KcJ~u$Mgj%xo@SF_H>#)svRu=OAb1LKcm>j{iImo!>r zE>K$Er3HAQ*yltLp#tvq3nGjZOb|AC#nXK;ET1*&&A zB2_KW3?f|TGZfu6M+|fIvi8ALo{p$L3Jfaw%#HSY&yg#PKS{P%oooEExjdvI6?VpQ zI#`Ie`#kxL4~-C%qnaA7h<3DDcCzu|=e5JOdc?@v|CZO*0q}xKzka_n-#KCAS5%%{wO$hm zU%G3(A7TM8LtcK92T#j*ieaQeG7ZWZ%S%dAFsR;))1~jNi9^h<-jpWiNRLy*$%dqA zE?Iy9*d`ta9VY`UrIO6Unnr3MFQfrdRSl-kH= z>&*RZ*ZO2W*#2rPN@JfZU13N!KbWn*&B;EKhO07XmkAo9J+)Tg`=3reviCr zAr{Ez;|#&%A9wujYxw~*yH?vDa3rL=^x4Wf#giz_`x)U!>pM?D@&FoXcJmRzghK6h zf=+azer#Pbmf@=C*S||sNn$ku4ab(GbC047BHy)97%5eL<@)VDNPfU+gLiNuDgUYK z=L|xwKvR}V`g~F&KjQe%yzeBfL;p2wom(j5C9bnE>SqafXLF0b7N+~sW0UPOfHN!- z1FI7VI#Mw-8S2{m-*jS#!1mSq_rmyi;wW6cTWm^`&04;MA`wVJU%7pxUQ+nZ3&>c= zh?Yid zb5sO$l54SzdI`7Yr4dFB4^a?<5MQg-r#?p?F|#gz=L|N($%-M0_xFH&F2YVLT2`?Y z!r#x=+OvRy=GkPjm;&;BU)kjT)QVN#&ikrS{x(<^fNmi6P^>ga12s2o_Es3ddCJPp zsc{Bw1HM7yYB3tb(&F1lj>}srY0I$X&QPEGOdDrU#4e9}B-Wd&4{M zC{xb6&)aYU08R3<1oTFpfpp2RRYn~DQUZlMD(o)xJiVO_$+4ny=+73@+@rH1EUq&7 zI97`Yb*|l!eFtP-0V45ls#YJA%_xqcb2I$5y^;q3Sq>5sl-Gx5EX)z~&YF8$Ty1NU0S!gX* z$VpOE<{CtO{BM6RRuH{-%LoM5_RiSJ{Ridk;``9$o&SLn`GQ4r6yl*WH(thXH0it! zSlnomx}C;fr3vwTL|B*l{_tB!?sD0VS*H>4G@w-Y)TOR$zDUU+L;L>r%Fbx6hr8b4 zB)^wV^>^Vry1N_mcqjQ#^eM$IN(NJWi_fgao5LWGkLlM2U5hs;una&^$~!YV2m zzfuk>Gw<6vIub}#4#yn>cu0TR(k26`e8Br}5!9^s?P4HSe3u$#c%<$dt4(mX#MKDZsVlq%3heO4toMQ_uYu$NYg+jgVJ zv>#Z&2`pW{ZSj|7Y=ALlD*|OWjb5#QE{G$v7h4V0fc0h9p43tM4=x^U^*ZE1MbyEf znOxsGjKD#Rj(9g4uuW~pk#bb0kUq_jUX~%%IALiA>EkHlB|_c7yh>a5skIaC;uv3Q zcZV~u>2eGGVKXHz%JQAl(+wXGu9Q(uo)y8RUR5jv6_)r=Rf4memIaM zT8n$wVlQ+1b%xaG%c6nA|!#=$x+3lf=^a$UiQ8pB6nYKledlc~PB6$jaAh5&$} z#TbfA(7w>%P`my^H^FxitRZn_9~!af+q;4(JcI z(+tGyg^~j=X>S(Zn(D13SnJ*fIi75+L+U;kA*)=W1Kcal-0>8KMVQ_Z9Klmvb&6&s z_PV=A9S}zeTI{u;5f9kTW!tfV69yjMb2Ed>l=z3ze3O@&M8qRl>5{0{8|}dbntO_F z=3l|fCLyRx-lQE%0g(H`H#YDn{dK|vpE)T+5gmmVqf>AL6;F-OYA)^0#etX}R=JoN&O4Z%h_M+eq9uIUe*}d?+q=atkKI6pDp)DosUN*lZcBNhONdk{QzoB z0;xEUtc=s_?&f!{G(Z4SW6tq+J z@)N7>_aa4E3RE0u>k0t479>;EyB4E?aCmsQM!TrJdpqP0mM2c@mn*(3SFa#$q(DTO zv%~4zuSlT&gD!P$ils&6)eIjjh>8lvWQhWfQjsEZnIJ9F!>U8|1Pkf$J=^yk!yp^s5^Fw25Dd#?2O2W#J(+!>(Dwzm{s}BK8B4pATG{?^ z!Q$QQMS?H+P_Kh^Bz*zP7hiLFH@<$nXcaL1NALd0FYXpw;UmwbVULdpeBwq{HC``Z z*(Yvqvl-SbMFR93!+W^3m*6oX8|tTL6e|x%t_L(#IG6B$E9QnS|nd}sde_9f{A}nl8<$Gc^nV8HP6y3;iT2@ zg`y!Lc}J3b5pWJCitJd=Y0GvG2-_k)TW%7J`e5o`Q00;4&Dj}LGt%V#_9-}sk}xHdN zM-a2aMol5*fJ4nv;PL^5167O+3k(En$QIoou>CP4=y%OA0o`9YyV54$;R z&H!js_(hB;eU%cX9lvPa-dhK{$l=$WBWs1&1Er$SPn~em9p(1o+vWuoTTJ^I~yhDqf_D zE!za)%rp857tUJXfcvrDPk+02BJ{hVE&=5FBr^}Hjo)*5^i>3KF*Fux)$p?qhn&M|T zq@MqH0d14~&iM}ai~9r8(|oyB3HcXTPt8}2(+GUnU)M-JbWBVrlCPh+HQ!{5(v6qxL_Lj7x z0P#rdr360JCunDClGs?ZQZ*QP4}?)CXDG&FXHpN0j}#%87KpT3OOueX5Gnq#srR-` zH))}`N)?o;oAE=sP#DtLxu7L$%br9KC1%*~2T3)iVB`zJm&s^|xsdFCEMTSj-nD(~ z!WYmDs%)teqNlQ$N>^~3@@i0jL;ThqZ_Aw36at5)1+{b37Yqru)}M&&2%7h3l@?Y^ z^xoW){UYHG%3BYff%vA>Brk1ya_-zT>E&2SfCP>e%L0_sE9%bDHEOuu)pDi}{B1ww z-`J*z76g$ew( z2;ub+2?|kfBD*haZEwm<-c8)%L{4su5lSW+S4PYYn+~2xRVpw%U^$448RHXOcb2rY zv=xbWL2?lhy2(IO5YM}=EeESt@6-#k6l}QBvJ})qPbNEwQHltdnFTC<6C{K0Sx zw_2UeoNfJ4G&qgfk~4=Rp)!wO9rk9gK~c&#oMMvLV+p+}4jC0^Ct&vB-+wdC@=Oj1 zbN87A#Aa8k`4_u5FRv&2GNEtIu63wheY?0xW3lglkGAU^R^81Q^9z%*9B zNBH9QZ9BGmo^M7}M1icVyIRlTB5>`-bwn#iw3oDU5{S%TjH`BY(`)!rb%yqoY>HIH zqhIMhV4$3yhY%nU)?P57iGnps)@SW4X~fn7$j8l9)A3u~b<*9>jaD6Q5rj(6F&;(w zu8M^kSbW0?L0tAxcq*}MsL}PYVa!I-`cKUbs;!?3_T+Jpkcj-NZ4E~{Gp?8WHmO!b z-}=|`<^7e|M=XII@i}>=dLH-spJVtTvO-u}TZ@i}k(F>R%*}Q5^a#U90%Hf>ACUX! z9+C2+nb<7V)zzVl2-iYH0+m_p?p)$@QeK0AiE1cYJRtmKh-$weFwz;}b6wqWMT!g` zeo0086$-TDWI8(7Fx<{4BtWmyLZwwQocHB;$YCmsO*@o#RKy5hS*U#}^enwifJ zDRQGXlv!}2`x8umA!cE+$56nI$CZiAK+C5#xO2M7l~trN^rh}G|D;rd%x0|m9ll9M zWIx&PV_J7UyJNU~Uox|$chdIDp|&kRs7CA4xZ|lU{bi8Gt@&%xzgfq7!rOvD#@!f+ zs1OG7Tj8nD*DAfo`c>>YJxjGrk zngoxNJQC%4ExFmcW4_&!+ou4bNj6gI(JwDqYU=xQBiWR@;>X=Z*XN~d=}i5+x^Ka| zA_NFsphRFxjrOp^sqbFXtTifC=#jCQ&%bGLX?s1w<2=b*K!)oFs{-f^Z&ld#Ik;VJ zy~pLUlQs7Mh9_2=j=lL2SH{2Ka5!b-o+Y0%aO1rF+3oF`!~@5pYXl-I?O=J0uALo= z;R6TW&PZxkA*jF|#pr(fII?_YPLv8=IaC}aUL^OxVRXtN)ih?vymrotnFBIi0$UpB(Z%Z-< zFT31cbhnen%2O*>k;#e-B%SgW08V&017O{GTq8#z|C5^yQMB_=gi+Uv5%+t5-i=J$ z3Fq7m(by-e=hnYM&&lQQ1pnV%PoM#5X)5r4LXpKrnW>u!kNu!h3LxnGh`^eta30Jz zyw(mOpy-JKvhBX+2HTV4G|x#FWN=zEi!5*$^!MlFq1|jH5F(Sh1fF2e_fI!AC$Idx|Ppl z3oF;xeKXoJABvPq#+rpClvLMtcZ15vJwuU5L?o>Diqnnq1=rdf58p2+)8(MhS+W=D z{pJ6448e>$kQ)+RB1RQ?)Lon+W)-{FGZOat;ijZ{BnmqfsQAf{3QMehR4Jy14jzm< zas4_j^N9J6U0dVJGVR2=jKbhMu#pQMsQu*z^2C`k14+KV=xa<&LE1Any zXOr?AULKN29v+A7b!IB!q}ZzK9C`yNG(j1iG_w?_f_eW&)HkLn^d!+01o3w7;IVx5 zW$9_<3%0c2AbJ^1yXRS%KsP6~tGtmz-<9Xpg1+@I;6`}(KxZr$6(Je6Q)|{e?R9?p zaV;CrUKua1Qw76;;E~yA^#Ko!&i_8tftSN+4eUbugIOy6cydT99pJ@9LiQ8A-g*P+ z0FmR-qUjpD0(tiEKI>SOs|txgVRSSKo5k|iD?F|&!yz@*YNvw8db_$0gi&e`GPqnHgbBlX_7o^kAd%F%v7!O^L#WhQxWeXDq4uNMUP|sj zKhjn77|GiYxUtkRJ!P=lBt%3V`6e6WQm4nQug9mVoq~`n!{*(%46EnE?jmtao7hT5 z3k_^Z#%NiIJ0OBw7;ZItGOnYRRN--F!|lzU75moy4eU;A0C-nB;an+d!la5k^sN;? zUkF;*jkZjhpBPG8#0W2e`;E8N+_5jcr6YQ<_44~Jh)cPuUbB3S0%GxadT;_FbV|y_ zbFuP0$~1uz|LlzAnx2%h)Scd6mPH9-NkCA1XWKIW&{=tB%0+`*aVmp|6HkjpxfA<< zbz{;u!yTt)_PN}r6Xo=2B)no>djn4yrcqt*w4WzmbDFIyFH{E67UNt+FjkMP@V-Dk zPR(t{`fSHqZNh>CSHFtu{SATdb0oo}u4f`Q!Td4iB+M`Ppakq^Q|msvWsxoAcGrtM z7{#ypW+Gw6HMIC~9V(C~g3`19Dysh#&=a~s0~&pFm*NvFxqZ?FChcp~Hub1yJ{+h(CQUEOEPY$ew4~m2oiOIUH09+r{ z>`5b;gua;n>A`rc8H=mhG9Xtl<*s+X=7n<_L#Gb$(heY->2rdrj>`=l?_y?Vmc7%1 zYwgV=_Tn@6(UFW-THnn(91x2HLpOK_zSR4MUVBYBL_o?1IGyxw_VuklsR_JaP8UzFU#$ni8D!6O2wmt_^569+^t(aPMItr5Nq!g(U@ zh~JA3()j>(A>kAi4}nFV2-{0{ad{^(R;)g*V*SfQ{VIt60+(L?s}@*ymSJ{=cC3+N z!4K7+V8ub7V+%>TKaxlAdWQ#ud&SqW^J1TQM-q+;1w!A!VFpHK_j+{~-Hq01dv^Eq z=w9@%?Zvm#mzG+g46C4ucDr0XkO86_S}@X5oL-SXqj42>6WATY?B2Ajx(cTqf4uYL zx?-k%cE`%fdc!yF&U@sU(EvAHAF)>!aJISVa=H#qRZOQ`%<+Om!{c%5J~n=egbLE& zLo3zU1z*nt!}d*)Cm|s*K+tFOFw1+vfM{v}iEg+1n0KcjY26{&A$Gi;X@&*rPOUmx)iga#Tf z#edxkl!>puKc)zTY0Ys+<2rQxU0E0m_Noj_G2A*->TV|QtNQgC18Csg%BRb=xjhEq zx-c>Ap})hI-$w0qizqtk-jvFjr?{~{3TL44ofCLn<;nQ7zT?y#tzXQ+zJ%WzP1ZQq z_&mKT(QRy0qDm0JkehcJ^>$c%k36up+jQ*}D0!i^H8is28MJxkyLlemaH-3CA)UhV z&shoYzae!-DniRFwB^TR^tv%AV}0lq^8Z;Y)^#`ApwA8Z`n3TTw88f^yN(CvpNj>r zVKy%#hD#3Ts|DkSQ$Ho=v^^8;NQYHm!ChTlWzap*(!ueKP8D8qT|Lwhl&IBx|A|3Zu8!=%Id zsNbKdOy}pfO5h5DZDZ%xbF1tsP&-A1Ug5S*Xk&H$jGd*7rA~`?7zAH~x2j`y;1at` zg%3f2$y!l4=r5R-+fqKf5+XceNwBs#rJBuaIc43BA&6Uq7LLs-I)GcRGaLE7psMO^ z8cmQUcTh!~XB1@c2d6B1DOVBxB*{o!=_qDyko zT0cE3yQ0h&S4;Pj!H6cmf~NctLznD8f>PrTgVF1H?5UGQ-VpdctLsCEA}l^sW-pL^ zTb*q}r*ONXx5m?VeE$xOLg8*8Uwy~&*yqNDj)2b_0iQDvbbWY_0A$cHA63>;uz{3m zNh{XHyqKeDes;FM0Rfr5$ksD46!52hWyfS-kdS7{KMqYKVkm>ihmv$}P9mvFvu(Dh zRqJ#~!U*`j?5@ak1)=l_loky*$8_|^)=uwRdU?FsAFsi&bT0B*OZc@i-` zXuP*$DZT3>3J)fOaZv>b3uGF&w1{Z;U@AvF`ge_pH;~xf`I|A=@h4!@f+2-quBobu zRCyeXv`EK~xL#{`sbeJq7Bz)ZQjk1vq`Qkl3xYp5riP%q>&Y$u_;5wir!upM-f1!g zvwT||xj^p>zt=7n^vZg9&GxmGW_^jFQXqUI%(MH(2~_?E1tyt!2diMo2Eb=EN?ptx4rvUE$&x#p2(kdgc9cOQ3i!#6*JUuQCjFS zqlBW_5C|*{GhqaSr^icVjW5HT8gfxrS=lMWZ1|EQVY2FB5|faGO6Oq2n$nm}<_8G} z$D0PPuC98mk%)Zvr3RcRp>Wx-^e_NC?9b4@6ohtc{o`p9yl#;>tWF}h8rmG6eX}~rJoukmO%vH7Ba9Ek9goxaV4(Ay zJ)iH_IX8%W{74E*O6Wv!73yULP$^~k7w`aHp3lnGk9^tIW;sryU#211-VDWJK8^^) zB7I4G9>RJWq(=|zNdEg${ZV4lT1anfq#iR$qES<*eWUJ;i?FYVB}4{RV`pGohu=fX z6?Qblwx*H1H6bF>Qt}yf%fVXr54>z*CCbtU{ZcFQB)M26XQ33M)>KTFq*xOW5DgB1 zv)_WL-7i(Lbk2;ljfi5*6@Cy6+4gk5>p1fyF1HfFB-W3ygqS#p${gtS!{nJg2hr1y zYGcM^y3j|ZQezQ%Y(VR*AQ7kebNc+I~arMd>D?$i(=L};C?sR0={32 z=ZiU$SWLe9_`~EFXEXFCGZ6fAisL7a9yb`^`GL3?|HsyVYcPZ2;~#xsRs*Qi4VX=A7KmC|5fK{jL(@p9<+Yj?oL|nd4VBj^mnsPB>S!o(Fc1<Ez_(1tk1VLP`pzQl=#!YQ?Crv?$x`6!fMkrB$&1M*iQJB9HWB zH({)w0ll^@9Vf)lqn&$zFYahE7I2=Y!Ew!YJAPeme>xCl^8P(v$3uy( zY6S%-9L-!N;HDHWYCqs(NX)A3fVw|B06-D_;@2*3*s+@(JC-cH(C6*qMI3J?;o>!& zWZ1UPFh63T?8eV@cu=#ZJ?K)bhWNC!qH{)j=YuPluth0d*OY08mqNO3lPlH(e@x;s zx!~t$-h>X-+aIvsvUBk+GwzJ^h6V%&2ao&d{{@URPl8>@nD)v9P%)$m7f>ZyLI3q? z|9XcF#R&!S#A_4}P?;FDVKo=tFR5Z-`XmGUbMh4+(#01l0jvm3R&Dy153X)e@DE3U zfOrdTVt|T>0KGjfqTU_Bjb~o%{10`Oe1PVk6)-Jo5ovglC0rbhMh}QF8SLmk+7AKY zyN}7Mb(Hl;k@_#3oSX(zqYRfES62={SB^C=obxc?@wq}o!U=+V7=gaa!JWiLi+O?0 zzCK7Yi5UJdVqw`97bR2%WyvrBi+ypYo0H6_%|A|PFooaS2mEB=*zD9|MA{~ICw}@v zY)8DVZtB(aWnx2ddH#E##7BjYLl7jn;lFG0*$t2i(xk{Pe|BRjF0nCCdn2y>eP|B( zi!gUrWW*<9altvVPT|Yc+%Owm=VmKyvYm;AaO712OolM9MKp`zYtT2l{R!1Oc^Wdx z-ETA3oy|umIThzBx2&!Xuuw5PZ6V)ar=WG6WB%tz1wb1lFgw1g0e?vosTAP?ld-iI zu=T%=kioA2D~W|!x?rr|t0wGNsK*-~ltz zO^UQKXCIKl=KhLK7qv$V*opN`KN6rVjSCbSPcBa0mn5;u=1T4=-X|0~CAsREreJ)m zeQpnU)&?q5I!m z@ID~VcxD^C5tH%&H)IiZZ;{LC|Mo!<fh6l9zp%pi^9X%o4=y7@(PgKIQmgK-UN;j z?x?s!At3Z^)2Ub3&a7avl=C&(JLBB#oR%y&==2VLgo0yTj`LXd(H^T3VRt*xx;xUB zv6Z>79r~Q6q04TGHdAYhu{Tu`?C5emc!0=ZcLT+H@5UnlQmt9*zxF71$Dz~+dp|+im=YsnfBUIr8upz7=QoeA)xaN za;D7YvE2VrCFbgLm%nQfr+-3KwAJ-I6)MWe$E_aXZ+HuJnIA%veqJaW*(Q;X`2WW> z>VS@BJ{GnmC z6&09lZZTp4g$}Pw*#SlihuaNhYYHR&@UXPJDEEDQgN=r{y7}Gp77Zc;Sh5h`ovixj z7!SY{S=tp0$)(bKp05t$TNpH&{VEM4vU|^6>S# z$73&?VuAceDDC|WD%m; zWrl^&e|ow2*^tWX>iROXDP#eTFQ+f}vpYyYbL^^Wh9TR~&nZsx^_I~3a!aDm=H_oV zc0T?bD+zACp;Bm*s+irL%Iy5BT-96%7E8~^O#T}86M&!>S$Iy=m z?f|tcGIe11C3La46fDNfzwB+v)f^)J^-%-C&3w42A|*8S^cfIyb9`jvuf75B(5FAC zh^8gqD=NmI!bRPiEOFK3&=hJ#6mkF)3&60UnP*B?yg(lBycem;G}|oXBh*AfIF0!| zV<@#GxpNdJSkmWgxAm6p+7yi@6>)-LY*t7y#*0+SHkt~wyC#_D+%H#JT$KcodikayQ1aHW(CP!63Qj04uOv+9_2CMGUt4O<$#qM|>nRuW&ZQwKv>e09%NRcv z@xY)UxhSUGnSp8okM`Ul^{F$q5_R1JitMRha22rDg!j;jr5eyEt!duS`T+yqZyx86 z(C$#(ibJTeErIc>YL4Dnj1~{9s+^civw*PmbIp#cb7QL-&BU;d;U6Ui%Ht0 z3qJNmiTp36f0Yvj5gR01C-U>1zM=(n^qe`FWN3#0u={j#&CL&G z`Rk{x|2a#fR#!WGPp+?37_tO!&u&cau0O!5kk&TaTqap{Bn53yycx~~NGfrlBWomm zn4I6@DCKa|pDk%A$&vQ=SUta*|1|n>Dz@nexHA@uN!fboZD0MPMX2yV*%7HAAMmrT zd9DrZAIHJ(H219nLyr? zrRa2jh4(S_5skUmfA zoJJW$b!7L2^TX%62$%vSe&GcKFch4J8f%m%jV9?ZEDVf*qM6dnLMzxQ2)&2u>-XHl z6S*jU!3Aue3^NxkCF0g+Pf<*-9n2R*$4>gk()*c2h@!|H3c!)MX^0ppMa6Ql7Ut*k zFS}#j&y%i_=^oEoZ&+^+eymADPG++d5UzM6iBeI0d_pVTISwl|y z7-hQ~Lf{#p*W&tgEmv)fL={15ori3kd_|=#<>%`wfGfH&cD0`i8uTI0ogFRPZ&j8? zQnSUd1kq+d%uN6H$w>~<&PmAm;m3snh1FP6>Pss}k=^l}(c2Q~@k^UK89p(A zLlPq8$Ezj+M%Qf_n?TpjDFtXd_pO0Axk@TMR#8zQaaF>2PvHH$b}V}mTJg~l8D9+9$>zwj-u)4IAeM#! zcX?->gRkJ=~o7; zB4@)PMHBHeA}nH5mR7B~JAd~U7K8DsYD6x_#$a}CLHGITHHY(F_57Eo(ug15kg1g^ z!*e9ib??HNHyy6TIiY#kE#^Z28M7d|1@26dx>74^Yq`SE_4OY2kh9yft)7FA%>06i z?&a0h@9!PVb&hqygS0)!ie%C`N$})@QK>@8PZ(gWzqZ z!!o2=d4c1!cavnT`rh`$JmS7JeG`VyO$Uj*HARD?A>RpfVd2z1&BMGM#79;{IguW3b z&x3)1tpcs}`Pyal1}}YkK%U~2h?vnvfWvmozYrI?8FECB9<&H<+TPPtkT}S=Bh$6L ztcN?_1_2OhR4Yv3fOPsRU)(djgM3BL4Fmc11MDWvU-sWVfsDA~j0L`AS^L4B7^rr= zLmK`CPyCe*>C}Q<81l!VW2G17NXI6%D;Hn|^wA}@OGtWYtTeZ{uWlZMFcR^OLm&^| z+}>7FD#7|syhH}xxT0R&4&vo?BlY)}l>n>E$*F!^sTatNZ0_w3(GTV!G@I-`r17N9 z6K@VhL%x&^A0grO=Fa#+Y9%OU=(t9b_+~Qo0~~(RcLP(jsi0wMbb)!URP)CBR7>CF zgd`uYxQReRBb8~<{vue z*9bg|0kUMT-jQ7b%tw0}$M*MOQ>Az^GUr{@~6=o<~7cm)Oyu78t1 z1_k|=$0!2v66e(AF+jTCH@~)-I;5_pR35h8KKO{9L;Z@=@WsFqki560aP&q;trOV0%5OIJ za(VMdcc4C}z$A{*+HNa;?hISI>1EhlpK^vp&#Ja!J)UhXQB{lz^!8oxjjwYYZe~nl z{VT~y^YN;XLd0^zM2HF_M@zhco^jF{{wwnOr+UZY{eFo87xs}NgN6LtFUhMvJ)BNK z(4)0K=mp=%3j#!;*Fo~`44UH@wttFUHkcqK+>{LthNKbomVhfYRj^Stmu*V}xK&P7 z2DZCrCWT=Gdy^io+Xhp-dtfo3KuleY!7DG=cf!$%MjIp?2NO8e(IAqrC7Lvw3tXrd z&X2W}BE)Y2Qn>;cyCXZ+1fS7xic%`~lwf3r*|Wtw0^spS(S_!?cqJ(&YbpmZ73SHr zpy`L{6PK}{oEK3HcoTz6@Wm+=^D~-Nsyq|(Pzx#mv{Qak(nqmm)(!}ldK}szyct*> zu0WfLD3LMj6>|?j4jw2Oyw9uS+GzKFoUL?@wv)o+zN#8T7db?DfbT)oq&-d7v? ze*!RJewuz}vQ1`tRsdLFvWb59*@eKkRmAYtbNF+_O-wB}g`CN$Ue73?*ChG;#2s?K zqMBVYD-|kXKqijbmygtSvQx-6+GK>l!NHL)^?l7|t8hwQ6%)|)`awraJLMvNv(jc6 zGh^iD{s_zs)Tl|Qy`xk67C7kY>RhmeL9f+m862PQEFQt(u;;jGI^Xk*QwpWX8WmJ`W= z%P+IUlC(Tafo7-GEixU3ZvI$m6=`el>YOtJKJDEYLG?qMfA&_)%P;LWyN9T0X&XQfSP^UlY^<-n_bQlz5 zvMWzkBTPOKip|zOZ;vzCm~J%GD@F8#H+rlYVa3)G5qnMAVwz4G%zs3kYOLQ#j#{Cv%4c^lKaG_RjrS%z@ksK5r5XyK?v$_jx zat0!Y%>mf3_C@SmaQuU8i|N4eeN63dTt9(-8_F1CS6*gmJB|uMKW`FMwElnX8pQUc zcVG$=CWqU=eZjBWuF2{(aEDq*pqq9o01f`OEBY!*Y*a`v+4cI!H25D42F?(EJv|?; z4M0x%$Kmvpk0LVZ2U*Yt$)_r#@TeiXhne1?8`~w95ZrUBFX6bUox78BbI<^I)xL-J zW2{2R)!uEM*L|ezdBFULyP6$JIzOsA_%&o(_*E*G1jR6sP(bE}y5@<+v$txiUJkWr zO>J%GPWmH4nUc(MREyoNyzxwJjSIZmMU6+7_W0pBpoNG9E&n5q%GXq>sL=d-N9_A5 zwKPTN%X!usDK%(p2?nbNvkh`~pbg$J7`o&{i+k?8QobH=6-e3GDI@y&~PsvNiAF6RsZZPHAmq>7Pty za$^s8wxcVo92}(a0~KCeH>4Cwj1pqgvb9;8ic6}=;oKXdO4wnAujVF4*+DV zN$XB7faVYj+~=4GV4A=p6xw^(QS0bEcg=?oGKnXcAy0g&}`)3$iWXLs|F zYLm>NnvBOBs~E1M0}G?gjoE;S+>KK#(EPekXw>#LN22vi7DjAQEUbF#2X=}{k#a#u zaWln$a~e6h?jaE1VcX{z1y!Vnpa*LVWXr5P=`Gx2)}-M|v?ZR!It}F z3nGEXMaAH9y|n_>_CE!RnD(rOmG$v0bq-f6y7kUSYu6Eq6BEuENu%Tn6KE7`j@eBg z-&F7eb75M9$T)+fX3D&~MW)(_!;pEiJ=&gxi@NjWrKWnDtxBifh7bTcA+RrwLIyN5Q`ZIqDhcmhItG<|KM%z~)i0bSfy#T3D>K&- z>-$P?&P>$5#GAiRZ9;+T?1r3|D(3BO^4=HmYzh_N^f{?SAv_JuwjwK1Y!HW$GgVY1 z9Zus7RW6Cr+|qKucXR(0e8-3KCr_7@KZK*5RSv*rl5j@nVw`Oc1z#P`>n^!;Ihtxwk!|dj++QI_^p_)(c_Kj8B(q?NtQmGXsMMc|7+Z=y%DSDbG z0!6LCsEpH{^j!UkxROeOAP#+f{TivYqoXe$;IK0k^59Rd&X@`(i~x2b5#C!2hL2wW z*@y29ag4;nFfg4@kC2-Jmyh?Y!5;4SpXT0;F{m=L222i^P8A0Y z#8R(aBr;b91q48nO94!!e4XtOg40whwJOxFNos=a^F<<#vvYGfY$>#sGqol4WzT^n z$7vaE4K@X}B_FfDY)tN`B!%}d?M>T=j#)X6w@1@RjwtLHPN3lX0Blvojwt>w3r2w<9uDkMT@8b_5+5|Xn9O2g?*Y__s2Pk^Zfu6Z8g zTP!wvN3&b5qvO?CtOLTFOs#b2nZ4bl47g)yzO5LP8sDJAW2r-zJddN4_?|9o8$G*f z^sSPBL*;hQyvPhplnY=>Iaz3|m=$jGmL6DLlnPs-H;S(EV_t>;Sr6o3Cj7%D!$ zN3Z093mg{~I%-N4F}&cnK*NodRez}IRFVEfZ(9gG8xs=@5U;aQZ@l>f^w5GH!(kKF zrSMs=qkeHusU?(gHSmSJieDEKz7SE*aonH7A^k}jufR~2)hRUvs;jH3hjU3|vw!;< zKz`SR&cZVRjRS$ktl>mflygr_N`H@e+i$VCher!FQd+3GfTCy}mqUbzh6c~k?MgI! z?nSnjzJbJzieIozX!E8&9&+ z%}k*H>w|7+je09F3*j=1dFl-a3Qljst#@+0!=EL6rpxjqJ9|TuUqs$&&DC%?f5y=% zK)~)84QH0h_rT1STfhO@dgIOEc1PEc2%WPdyfSYO0mvuQEPfbZKPJlIwOANF^1L=0 zPK(Xb14^>lE((d^ybrGcidH^liuOM#{4EM0(hdTFiogO;Q8Bn@T%5gpOIv&piAj(n z%^RN+ikQa*6In=7{25PI--zSj08cl40Smq%wOdaLgM+K7b7~5Xp1#z|))q}rK|)oX zw0(dHNf}k0v{O1IeBkh~*w3|qthksiCz|UWMr3y5_gUgYwuUsQvCk=FddPH082Xq2 z8f|C+4#?3_s~1NtP2-0brK+?-CRo82sZEYnD=P#p0aj>Uq7f%7ZC1eya?N00<0-w7 z$;7eOqlnQBF4%2$qk80H#4le%z)d^+DzzC(ug+g?j_CHdjca`~+K%shQGWqEB^k)+ zWwe}V!*!S(t4&aB^={4EqmCCU-Ct=C@CQ(%xLHY8Ia%=VygX1?ruKH+N0mL#MYaw? z3=?Yi^bq*@?m1=tn-EuN~t&`Tobt&+@Nd;@e@m1+w9oRGHI%^S@in4nfF4Z&-2 z_(8B0V-xnfRJb}tXmvVHM)iti3sY?P6C2xfp?*FUv9>g3IKYxBP};O=bn6knxx0gw zD`*>A!8P67+$614W}xu*mr7=dTZgVWmq;T-`aV@O!#`LSc(XTE1O)^CA#|p2qw9J_ zA$6egE^YID@$=Cmf~WbSA235t5ov^qPK_nrXClRkj>qWt)An}1r=P|Q*($@rcB&PM*-iv&7vFe1h&2#KKpGV_K4JD5DhmczmV zX$^pq-A*IauEtUBbnlc6l=$^%*0}fVC&J|gyuIs5YuQT4YIU~%d{G%Xh)v6bQoUB# zvmUW@D%ovY|L$m1a;f+GGS*MIs`N0IZj#?fJor1*8OIe=8_@nXNgv$-CLn}4WO;TZhx6X$ov<7Xj@=)I<={gaB8B<7rbEGTK$(!KmsR7OEA@8 zcQ%|$^2EhnjXTxQ{~%z`M#sFX*@ff0Vb5ZsqEMt4_<|x|<&|8HhrZ|tp#EsI(5_>z zyKOvbJZjo+JbL*-J^qa(9~C6$dfCs9u*DA<^xN68tu;Nf<2Xu`*tX+CH|O=D?Z~?w z?sMqG#2sD?5HLi3LLKl*jbpDx@7xBd#k)7ld5F<_T^$gh0t`B>--3Z+P~LE=yN^8F zARs7SZSaHKN8a~I3G@{x6j%}e5H@S^Li)3Ca^2^esuYXm<~bP3p_4Tz*rI&p>BEWR zy?G_ar8y;_1SF>gl1n~esH%+ZH?}X)}W&%N~t8{EJtP_vD?c4Bz zWVR-J>+JA?0Cg$?;KwhaksNRlZ>H&fDIJ!D=MNb*2$cIljVNtGE%co z56V!igIWOo0l4JvABg3kGgWSR$`K4tB_kW|UujyWj0kX`2oY02<>X?ga(<*TCGIy{ z_Im$EJ{F&t6Rq^6)hxydF{Os4b z@@k9eTy`cvF7ccAkT9T$3|7W(XIFjH+SEkAFE0Ldx=j0cM*8(X%lX$=0P7GF#^1R{ zG8~l57G%5ka%m7SixRJW8uhklq?kPs!T-M+5-Yq9)~P{?ciUR~uy7fCXHqjVW^1tslM$CJ^lwaO4!=yI&?o9sOwYh6)G!?5lJvI`QgLhz{=+aoG zZ{bY-nowj?QsLwM_5Q`~1n=SR7x(|U5#Sz3N%13hY@Z-5_o;}p7)=v`E7IRa;|0c~d29s}Lp5a&t*wl283$@SCkfb^xGW(Hiz1-ArWC-< zb(6ySL%b{{#!h;n*5cB{==IAf@$ZKJ^P9L9;geOC?YN=TdI}fXFJlpes&5rhLTVEs zqpU$30SWl~w)uCV>R*cqEm}s{B*t-jvHn0?P5O~}APBrDDEVqRUtO;D4(s+}e#F;U z9AdXQVEQic|90ha+4dRdEq zEU>)<$qF*6@wJpKcM-SO6y9pmLdAj5EALh0z)BzaCi~;k@^Z#>|2*KZ==yRgE+cdO z|NEh(Gkoj`cDd|L7buEV>cW8JL(Ya`NAhL!5n)u@9NfjV8a%1*E)4&B)u42|B~?gG z^0~)Z;v4SUK2oo{Q`m4~GyzZa88$&@GFK|O;N$uBe4Ax@RYG+&3mLw&te{}CT8-&p zwSvGuOa5PL;vI!nZ?q{(=3%WUh20l-5X6b|^2GdUpr6Etq66XodHP>x2qoxI(b0>S z8JfUrPfCncw|ud7M%V;N*s-^7_r|jG2)cSC;;StV)&BpjeP>tKRHZX>TN7UF;u{VW z;CiwiU>ZTPThfQoGahwd0tFUGwg2_Tz4$k|0wVB0ar@Ue%_*NhQ{-=dsR5Z|Zrm%$jxKVKSe@^&6r~DqCB% zdl4|LuHR$!_B+r)p>ALm3)Ga{@2}1mB2!X|M|d@N|D3A)x2OQF@l`s7BeR+JGedgO z$a5hwJb?qK{E(b$>l^9Ikdw|bkL-`O+onr*aCci}o<$Vt&dRX7s>Ta0cPD}W8ry$< zlRX1HI@Wk>i?(+kOX@@Y9+L!#*!1^Z5?TSLQRKJGBhd+s+`ZwLz2U}xP6V`kjfTp` zW#{-pwT=RE#3==Nd3v+QM*BvG!z5y2VxA$MU-ljI+8fa6qI&yQ4q&-Ww7TEdJh$&~ zIiG#Qi%=_3V_mX0Qh@`;zrJg9R1pPvLZ^ddai-VZ=pEv9A8bos-qMhdy3V~i=F5nG zJ`rgukxu2>o2>ACv^AP3eF+L=R+`y>(rzvg>i|~XwaewW?B;%Ps&~1&Br!Jj_N$EO zXd<%_Dn5Rxh2zTqN7q-!MY(-n3xW~`iijcz>Xj6bE~#rENOwp`4IPd!blD)Gg!G_v zcehG+3=M;#)DR*J12YW#&Vza{-tYVVb3fzdVK~o;z1LoQ?R}u@2*kZJ4_dt6Gx7D> z^a=UeM7WOUN!d*ILxmR(E+na316_Dlz$X&O2~)*u@zavgP@M4(q~pp`OTJT;eDi3o zQE7XOwueX6>62{p4ZGe$bs@?UKkaQ1SC|FSd249g5mWD2e?_Aw4}`a}L2s{>`o;>` zXBqE)f!Tmgaju4si|kRcLQ)uT>G0a913E8PO3ZsKy{p)H%x2GR?KGjKq|_cBcSN_b z{$@@?U#yU=N0kL(tMS8ak8h~G(!}y>lS5UJoX?(eT)lex`H7}+B4TB184)k06Ah3N zTFQs;pY!qa%(BPI-0eFtXZ6SN0v3E?RB3Wl1s*3)KJ3j_L9}tu2iBM*R0cI~g~doW z6ffK`s(B=j^ucEqD?va|CTWQ(x}Ms1ubml-ET8J;V?ou5hr6sVz>otQIM|q;<|N^< zJ>f~Dl50yyf>cLH;qGxP4|)d=cV*RFEsI}dHCx8`5~`a+d~f+~V=xNhzEb0PEg?+9 z%)47`7Ut$7vYE4@0w+~uY|4)61<#7@*`XHWT?aybui$}IoxVDak453_nrvahS^?_C zvhOJWSWbc6}HYQT(omBoZ^e+Mf)k70&&zw5-Spe11)`njihy-`dZTxaF zNlTP9YoUALZDlcr=X>jsK0lI~=hLNk-?84n7j)XsN;a8y`z+`C!X0E+txq<$w1uZ{ z5#w}AZM2xF%tY1-DW&YOnBn2#o*TKJKR(Oyz%EJ=I`8P~$6D4%-#Z!NtGnktXIM|v z8!q1I#tbiXJp2CLNh|NZ9!Sg#X1xB0Z6M;l4Mw{Du}J$4hb4oIGb5nKBcCfYLjyUr zdx4G^XZ5EqBGqW{X43+g#59g&W8t?6fg2SE5?6vCd&Z8V;KX_L~+2cN-4|G7kgq)<$V^vO{1J3g5 z&BhZxKX11F@`N%lWb^nN7je};U-##>Zq;fKF-KKVE9KQ*1rf+0Q;~ySi7doVB24g; zcm4}t)V9Bj4P52w(3m*|Hc6`?3oGj#BL3ueN(CWVA^ExRlEva43WctO&{}9R8mOY} zhI#9M$YIJ>>zI>89H$g#m>DtjVK!$?d9>YT7ue|NL7&Xp9naKs*a*gR87nea`hMT-1 z;u>>knBEwlVCcP7@u~8NAXm;m*-Fd0vAP0ef1COzjlOR|!C3*$R zIrLt>^$O&=6xAcOA4oZpgtz5tVTNq_ic&XMMrW2F*XFu1@ouIiH1om7JHJhQ1HC9> zC4LIOD$#u_IXM}d@4GXJ_nvC7?#Sl1`AU(iyPY`%?o~iYy8nnM18WTSIi4xjB6UI9 z!GbavMCt%S;+K0IKLXuai7n0nh#9n%zI=H!oM4!1Ff`n@`nhSW=Um-dsIRyg=$a#o zWWHez;};6H>{@x)%SEwOHm+ZdAlRd~%3a@n#eXsT*c@E7SLeBdk9&6S?VAKwGbTE% z(b2j{I)UNPv%GyRLp>lzyF(fg{-zt#`kHs?SdBMfqZ`iIgpK7p57Y6fQUG?hm@$L_Yqa`hUX{v;q8zmBjIi33BgYw&Uc6A4n#?#DF8(sdA%|o$Pmuos zi6|bC;BF)GR@2}Kbw3e4rg7=kA^)Va879P{Ozqq%JQlM`8(|Z0yE|SgStwfv)95_& zcG=%d41TL5syl zSJ}`MQ8@q~Fb(2BiNsJnFUku)SK_?o^nPk!l;CtTHr2=-{2Q;4WDWp8FLUN^#}v%~TX2nP<)R;yk_vC5!)PIwj#Iu-1C&D(l5I z(B*Wb_mUO4SlI7g0ErKFE{5k^OHDjIK0jnEXc_=FCZg-Dh|hxgdk{vc+FcWm-vnWV z%=nAC6GV(1Yl(T_&rB z)5F1NnS)_+n2P_##v`U;o@jpGndfJ}p0(L#L^?p$t$@0s9*!j_50OWBCTaqTg#KLI zA0bKwX-wWm+KSA;gk|DzT;@cG1v9X#s=&_yP$091ulL1IxZ>1*T=g!p)qqKCpYFh?Kfb_$(p?Q6_;kS z8SfsuHInSH)F)i$_;{F)6$r zn=oe)5L3*>`W>5qKo>u@swZ|iZn?Y!@bsk51}&jEt5#(}joHh$a z9;>=vzYL zt)TI@Cw|F!JFWx>6wnL*GN~kT`XDfz-P)Qrrl@ma@)h@izGohWbv>GT@x~*8ds%QNDJ~F1s`Xr)6tek5QR*0J zW%&h5We!oBSFX^hg(+qlp+m>H{$dsKLt3RhlQ~4CSs>-iS1!6TTwkxEn$QZv33(V#h9x!aY9g)Vmaw4V5_D z-UG&^_dI7x03vNrHGNW3@es`6>gD%uz>UCGFi-ozjCTxr*ydofWrI&T+1lLYH@!Dw zk`z?<$~S8wQ;lk?vQE>bc5rY=rCXbjACF`C77+2ptt%xRrW@nvJ0E_j^mfoJzDdRR z^19WogS+qSHMZW-4deO;kB@Au!c>G7cHF(^s?j*gyTLDB^oFb4$OFOMykDd>4kb<0 zOYfOzy;F_Y+YPw(y6%7lJEOodg*kCZ=?eqB&9M{v+&a6Se}FfqdJ%la?!bdAetw|< zBMvfIEe?#9em-I1a1QCpOn!68F_{*O0i>-VmP`*&;b7*=JZ21&EBqYi(# z0@=eOWQyNse7FWOI6%oQ*WfFq-VE3=0Y4l!kl*2Z9TjOc@gG-xRg&d`2S0zhh1r}# z_ov=_yX51zJI6gani>SRMZi6=()F8FdA{yyQEel{4&xm~;G|ufk5g0YH1)Uak`f6gokiL!;iEUWyGiAD%YApK$kOM83eBO3sAj z=$$|CuYz6!+*7?rkm^TjDWUB2$|0Se=zUT`j569UN!Wf|Kc-pV23=RHEE2xp&=J)o z{$Nrn$LDeUWB2&O8T%(UqRNl5Zi6ghWvsTkVV&>%%{@H+Lbo$2Hz(!F^ONwh;%Y5o z@1>hdewqWBFX{ZO`CsjBrAwEG^7+nnmywc=m)hDos`xl&btg!`hP(FEH8ilz=)KI~ zIN=WS&w}TS$bKm}9(UYbkv$(9yGM}x@l1iz{$cH!bv>RA! zr8oY{5P{DZ*-HjcTGY&Exe|uT)R6O(=%VtQEJh%E#6b9+y*N>syiyH&wK$xg|K!QX z?!uXtVAOCOKBw3)J`z5}y{N=@Ug`qqq8EP?CK0vfg-a;ksQ2|zLi&`oFPH_m(R&rB z0(t`V*lcz9%E@3H<+O{qj~>UO?d*HH>7AkR)vaUIo;??dUt#sCEhm`HoI3vwr7b*} zJ60?>D`NkqqZa)+A%deHIPk(8; zr_AaLcQ&wF%H6xLr=9n_5G=jF$tf0gA>BmlA?VcowxeP+PB0M{m~@x@%ayvs9F0n* zk5Ce*!JvW6VK75Y18CGYpwNwtEjPy$#1H)=M_b&P|7L<9KZ^`GgJ8yLr`>WD*4>iQ zMcjanHVnT!S3fuLVPc6;MVDmF9~%2`SwAb}qNL4m?VgD9hvcca#mVgSJHd>3C(ll` zW>vw5c|7;PEh$1S_(#Y(%a0RLQ-q<7DW=X!Wb{__fO(M{Oea>vF-@Adc2aq^6Cmvo z|G>0-wrGLs8Ew7BSF6g2UzYgySTBk{x+_iGrWSX>mz=nG<7@csiANLFjz}W>Yb(90 zQ!?U6w>GzdxEUR+$vhfsjsynvL7}-(SI^GkU|ueo*yC6V0z{=mek}>trAH?ONSat% z-DY#ds#d4?JVvOLA;nBFS~CzI%V!o1cRPAHP8j~V6O^khF&8iMux6CFF6+A%w_V2& z@%S;gvDQp;;mXZ3XU|$nBYh+eQbp5eDcoT4!9n)sliZg#&c;8zw0|zCI3Z^95;;@Y z?(fCfUnUuA%8KH+vtL&dSL#*@6>OE_K@zn+O6CzNi{ZLS5<1tBSC8aYko4|IW!J+| zeY#>OVC)5R9;4nW}qECN&!FhY(Vs6%kH4845et3|} z00+lHjWHU8pS4>U0bV+uFGRs{_^YK$qU!3Bn!%d5T9f zpMN!PhrMt7ggdbDvuzhVQS4?tA&!DkA~64zDfXjqqPq$O7hPp znvzixnAk4R%|m+w zV+b-83$^n5d-YeGu72wK2?hHh!92~`2KoJY{|oN_P?kzIlf3Ue??1-^%zQ+aOd9rE zIfBwfF4kkUGi_x>*~CWpt{_MuBBl=i5cP+2mgrvnY`R0Wi`oH z`xsa54NBre6Fp|LhgN^sk19)nfW>?Dx%5yFZ*2~+&FLxx*X0cZuHFH{V^ASf)T0g= zqZ!7zOt&JB*kw&FtG$9URkhlMhx369bOH9n;4Y`O= zMwQ5$r7Q2#qAUgEoJTe{qL~gnNx|ZzG3_zbRh3Ei{e8`aMp7gHTs>{cl%&U7%KqGd zTjnRBeWdxZ{jP}9ca!Cb%8z>9+S*adNbyWS3t4?IqfKyyn7Kow{v0L&>_|7S_jKlX z30T1F&^PqfCIVGEKFQyh)bDbYQ7R|+f(S;{t7f1_W1qL&c)SWSk#Ex5d};ul)>8(X z0f1by(Db&X*n+cGzIIn#D&BY(FVf?Hu@m8G_|d&Nnk4J(Sx;Hu<+dYAXc1$1+rBm< zQePo7xw15dVvEb3>y6^pcgq^HAfJu(?Rgc<@tl?xJ2~ge0yjV)UIH4=u<)7$A|Bo|8e^4kI8c?ZG0w4GV6@$9TnS;IrywcY&d0}x z2aMhP>*vhZZN;v&KeX*OT;PhQB*`VEOK_thK6HSXz#qE44*wqB!g5 z)!#jVY@ezZ=}P{++B)S@l{dpaI7JEtm!N{+f1TGMQW7qcfV;K#WDhGSr43$SelU5i zNhluII|#WuM)IsXa<&bA{`fgG+KKd@B8+zF$C@1T!e_aQT2@w8AuYxG`AU}SWQs@H zg6MhM&7TOCC*vYYF+&|YUo|^(=a75d<;%w+MzMVUp^2yMiE+-~+Ue#tH{o+#Z?`F_ zv*+Oi*MYsyYctCqJEc_gHruEOXEBK^aw?uip*pp*CIO1|>$#5Ro-Zgpat*7ay5q%c z_u|UDTa;Y@>qOXG9$uH;dc8a&);kfh8ZwE%YJ~N<=STs~u&$C)6QmKhs!WWw92-)Ka9##{gp36Q=RDF>8yen2< zc(=0HmYz8O9F1#Zyuf6r)g!fD(j3f`ErQ19&vqujkQOc7hWdpMQ<<(|#Oxm!39ycg zYINGVZwJy1Vc;3*9OzILX|Xn+DJ5YYjaLgQKAY5B5{@NIBX&bWSz7mm?E62lb=cIY z$jAXS@Ea;pvC#O6_AN~2SjTIm|2BvsJnkoU-1%=Fc#cL!CPu`J+%8y^tF?rsiRshg ziHF>+x$TZtdjaaQ)8H1W5tu z;w7gRCXcyX-??*PHqGAy9ZLmN>UR2rT+gblt_=(b)QAXq4Bk~La9DRxpyitG(SVYE z2z1<+(N5gV{Oc=&CDydndoMnJ%;AIYk`6E7BAB#6?C6B=TD`GK8)n1r9XsCFqAOb_ zMxGMOcRF{x)ibc|q6d)Kc@`H%E}*J!>FQ|(CGUJI9WI^!7`imwwi5!ImA0DpGo=P0 zZS6yB790;is_o84+NEo`9a4G@M>|*0zA~P;-J``pwfwptMT*m<2tN9$=tF2UahFcXW08wN)VzYY)tFVstvM-a!^@X*~<;>>+*BU^20?%FNR8se5ZUoJ+X^@H-mGh>jTb&H}=0G;)aa} zkj8{;MN35$zVm8IVVEuFlVj!HxDo(q$h<*gB>?i5(|mW)^~>X$v5Kjck$`Q3OmPZa z-e#oWoe^OjS<>CUCGOVSFmYmlmX>*-JrcQ)LwC!D|3U04Bx`jx$L#7d4C&rX740oL z%y&aVL)}Z@J%b!=>sWhLbTVLzyX_a{&Rh;kpJPmvTVHiB@_)-pYd15ZD`YcxmpfKO zqvI_1k|L7T)6O}{$J@hpGhR%)dEi1%Ol4CB<(Ez#jch^G7X&*z|H<*$C4 zg}pRlT8#UEZKXJKzk%p&^)#R<1#fXJ$nMtA|q}6?W6eM&)eeiIu^*I;9=1O8t7V9A#uHI8kBTc!yIKs7<)FnutQ`hl` z(GHduySleCd@)O}I4w(~x=cAy+&VY){j*~iQ+N_2=&*v@;&q1AW%w4fQTbsp9fQWM zZEn^>k2>dHZ^AKRY1i}5!isnrWx0u){ z6|1Dx(QEmIMk3E^9bV$UIQpdS67ggHInvvGCj}SQUh3C9Om$tIN`_<)dXFU6H+%$1 z26b}n3dvGEvQ_1Nn@$?`KtDv(AS;-s*;U_v^mTiQrBY)Y>X+C{?|L!5I_Uqda+uUj zZ1P+p-(hK=oczc2-6sbvj|OwB1zeWLw2;>fW;c}X-5aQ@1=)~cWtWA1l=Uye98b#H zJ5U{+6TQ+IJw=ejzNEbv*~V{E6y?#r$t1C{gY&g=j5SfA^^1M|`t#`WdUWIhapY{3rX;EX)hM8p{N zDlBOy^chL=o=Q}&s&N~X^)egz$U|;0!g`?8caMbY@B*cT+emdf<%FFhdEp5r{*e>C zF1`yIBg3!G<4`(ALy!kb5Q7g%rBa?D*8A35??u-e0)bA>s|=B%X^);Z4Fv4Akbm3B zQ0BQ&dsy0JH3GTGEShxl`IqIK4{F-r&Nc1pMQuY02dKxS3bHS?Jc%|#f8|v?vtZmm zN`F(G*^tleYphPpK&tuzjWw%%D&vK{Pz@p;I*ZvW_N}>6cjL)$d?k=E}Y&&hQ%7 zEoI^*%YYogXluJ?XKa1EH{-$0803d2*~3Ri8l#>{*5xoG#_e;lamKYKyjLV8Cr>B} z`7%cvOvoAdCnqXqh~*X+4Y0_u00!AFum3cgB)umaY2qsZ;M-nB$U2 zhy;uBaqDal%6jPex6D4@ch5focSG*!3RA=TE}-7j(+!Sz$?9BKzNq;s2-gHKyTtTnS3{xu8WkT%Xm_;@;&@poLi}kS>Ji^x={Wfw;~CUpkxA|qeZwk!#NBZ-oJn}%_laX9Ew!0EMkR^h$!rY@Dde}40<zs*SKOOtZ@GCtfpx|9XUcD(|A+Wap>h#iqeJV-{tDTY)vVDWQZPe}mOCA~{L%wafTbVZ@utyW&(UC}XwVIZ5qFTKtdtUebIb!>RH>?-Ur${ z&oOU92ZHtum5lqD@7AO{)1ObX2mn)gt2-dgZL zYEGoQUDEkWMHIK;;xAdA%r^at7a1uKum9Aje0Ms&+(dTUSdi=5n?w0Am)D%HANVsr z=WW8&KftF&L3NSa=kIeD_lNuIKY?;A19Y;B-5#;XVsIcOUt5q@K?lwMJ=Lw2PgbpA z@3MfztVfj|G&*=5barv9)b_X7HX^vNEq-j;b!eQ=y$^+1wr<YASRM>n9`_pC*CW%gpZ8CwcC`kOxXNu!y)C{MbB##Ax|DSzrSp$p z5D^>Kq-j<58&-7XEIF7B+INXEdS^0p&$4yJ@6$TJR+43ltmr;Tin+q^y5U1ycUZ#6 zfy(V&pINgNHmfJzI<^5l^) zje6SKF*KV;E5Qu1_>vTO{dWcx)EXj(~ivdU6yOI6B`J7tHw%jvDe1WVte* zrPZkQ`Op3#DNDT+wovsK@1S>^krXSPdSki9kPF(r4BDk1sGdA~#wlD@h{rM~Wok^p zpS88N_P+jfD_3{-6+f#1A9 z(IlzOZ+UmTP?xoX<-cpN@5UnFz>Rfm({}#&btd-ThnF<(RwflC$5#79jQXV6S+83m z`(~Bu)~#C^K!|HIoL39zoW-RIfY5=+CM`jtEc@QD#BZwXHhqOFHWu8-mi9DAs($YXAj14z?y0qXt+Uy}*15Cyrd`+(rp0r_}H5p_P` zAan5V_yUX?61dp&S9K{Bj^p1RJ9Oa1B98m#hhU_FV>o3RG+`Se9y!h+y8P3BQ?WU*OBofju? zSl6Rx!lQ%}Y!`=$K#?Sxt6*#%tVzEPE2t0p4E(C?|Zoq>j$YV>P;Oak#uZ z1S$H?T41W20NT7ZQtAuoX;!-~zgN5REL)@HL?9>yyL{<>WdK)xUK!_mx}|Q%r4OT6_5hMJy46AN+(~R;{XWyJjlPD5klK| zPB%KcZc4$9{?r$HQKqD(+5!eFw%+93<}x}TNG8QvN^QrracD&7Sebn?_JXiYTan76 z@6(qIYdug48p(H#O9U;)Jsh$hzNttA?ECDx2-+_b0I+(E};b;*)&AeCzaFtb%p2b4^Pt0L})rSZeEn z-#8z04V4y69j@5BIInia1>j??V$0((GwlD)JJ9y1=eTlkS2u9eI2{dpRz<3~ z4p%_1*q+T)U;lWA8Cc6CKT4l0!|IUc33xsbVVs`@6<)DI@H9~H(zX1adR_qmA|fOI z@N{KsAWZ_AiiZ*-f&u~q%^8eZdLN%1>kDf<>;g*Fx{65E!QDZrpzPU&*ipaEsgsuj zf*9-hutuB7tjPB{X8#?p|0O4}tGB@ol4_BhYE{*?a}CjFilOrvpxWS4ERQKJeSe82 zLSIli6!w0>}ANXXRc>foW%i3N}y;K$y_uyJMK1Yr?4_Unpf|T#FZA z5_ePO&YfoeX~$Pckp}g=ull{mu z0{e!By-4QnYdMoce;f+vr~*SylC~Wa&}KAmc;kFY&G^2Ou;~)GUHP_<{g5J&aPs?k z9#EUn5^`}MfPDQo>iSN1ee@h8AKu%+*+c3|0Jm1jQiRKW>XkiA--B57-R&T$!3lTj zN9C-C zExrFC`c@1SSs&h^H1|08ywgpV4!TGN^%og~G{X`s7y({ra-BNJKn$1Wxms-;dHJ$e zxAQ{(ZSM-J*WHPdGrtgY!*TytuN1wDyeg-BU`4`qBPkuAEKs78{0>Nz^*@ngj%s@^ zZM(@RVS-(X5db3e5(1Qm^?O70ldm(Ap{u9V$uZKa z4-Ho?PI>OLv$tt8G&%le5_i>14@oF-nAC?A0Epo2Gwm1U`{U(BMv5Vexr|IC0L`SYEjv+lTB=lL!f9O_m#L@0(WeVxYe>;E(HUDcm zWY(Vp)V&2#tBUiZ)ELr0!iWT1(V=zQ8^57-|2{2~RQzs|occJ)n)4VlaacMXNhM$Nuj5K>6g%%Jq<+#mK+i z1gK60WierY-%8b&r}l2gVx;2sD`%G3_2zV3wTc%adP8O8~hFT|uL z4tnDzlY!`sCXB(3mvQJ1ZpT8KWs2*bO}vZ$gWDJZ!Jl?+`xJ|Y&9*y_9_4}k{!PCj z0VVi}=|OBLsyfs;G$!=Y{60$1g_QrvcY=ooajXCgUO3Ov$)b~&V%3$UHC7BOcc>?Z zkcM_Z(T_iZ=$MkBawI10>o)4@Z)iU;gUTaN zQ*ZtC#b=x0vf%gc-^b5n{JZ}9pUCR`5UMrdCI6E&St{PC@K3D3 zIsKLc6^Rv;UUy~F>1uE9QQLrm{6JQdfOH4j0qt53T;EaZS&7FMdi75LT1?XuKm%Z@ z_71#Z<7Fs64WxWFD>d7Y+&0hfUg=w-cYnWFSsZJsaxuFJG+-)6rKB@}J?bDUh*gJh z!Z{bv)G@HMXdxP12uVkOFFs^bKyh1Cl!Kw4+lQC~71lB)Kmw_wde?;KvEG5;1MK-a zQoTH2EfG&L9dUN$6OPdiPlV0KBkzE(P0}S-q(L1vW8R=ntO8|ksX_Eyd}~gHiJ^_q zUy?anVQO(JLBi2LO)()2)RT#kWP%PQi>TsiDBb|vZz+%@T{Wm@lO)N^)h`Po@NKS0W9!h`)c$wlBh;c9ph{cc-OkQ_D zAP7oB1I~8V$H=164}&UlKN&IFy9(m@06h+Ojuz7)opf2vvN*KfzaIo84-v0lXWC1+ z&O4dDr_EttV91)P^;iTM*1-l6B5>;5PoI46a~1QnF4(7ge-DY`G%zwRyA|5rEUKzP z`=CAY5ON|iJ3YMVz`LsYkWY}LK;%ZwM8bVkq?eHN&EBKnJJ=)qwiC3<9V8_TvIw|g zplQlU8mttD&pvwBJj((tN)831q^sg;oyhHVdatCJ78TJLXPcp%OeoOW*bL#*qoc0Zj|T(fv~?BX$O4 zff%JSuN|n-^8dj;eS*d1X!Ir$R#rrxmOg3h`Cg*P=IM@I9MU3sxBw{0!F1zH{=K%g z_9`DUW4q)#v7*iapmPtUgbG{Lu*Pf8C=AJ{6gY)+t29V8_mwqLoXneUL0Bw*4A zt?6|Nnh1ttJ^Z!@3U87aDaYsQkS%;d=Y#K-d4mF_<%n(Z@AO)2_~l-oCYv*RR^8pBgNvZ=MeR+x^W0?ry!Ha-S?rjO5@ z7-A(SO(ky8oN5Cj19cn#k&0pg@%>5Zeou`w>$$wi?$xreFdD6wfp12AyQ%Kff^yrU zqN1h97#Wn@MTUGiX7{_`4w2WDkyri`Fad%qMR#=%bT>ESZLSfq>#tDT);*WKZ!W*n zvaq8C^&q^^soeMyH)r%J|H0O8>LGSK?#0W!;kG6yqz zP&PH+r}2(%d!)G$azPe%_Sp;pSRyFov$1Fp%kAt`L{`S-WK7x9<)U3c5%55CU-Bcu z^78VvEUBXfe|SHzUOZ&rGOtHy$t!?DxUZ4cedNRwF-0ks`!9ko*7lML{S2 z0Xi85{bMoehBuFl1jd{IyGw_Jmc=+-*^tX%Q8d@MzPs(T)sU@&8HkKIm&Zyq0Mg~m zC(EG*)-@`k@T&Od?G(g2|@$^PA&9_EXt2dE$eU2GhRNI@?^C6Q_oI> zT>*y7jSRqr!D>fiA;-QCFd5ngm!&Pfu4ukVHeFOY?f%I-M8zoj9mElcqO-h)Y4Eu> zMaS=A6J3*^9T!?Fl*3LxKA8c;aG*4B=0MVRf4+YHhsBSK3SW9nHj`xIE8id0TCI8w z64_A;7W~K0mQg>sS%Ow9-4EBAI#WtzRA$$T2QrvI;h!< z7DXO8e({UQ>{YIT>F3n+iz9u>zY4KQWmzPz+`JdXGXU8hLP$atAb9fz0J|339PBMa zd(mCD96e^C=^^VsBZkJ_a3xF&n68_kIfve@R1Y_IP%Wu` z=EbX5ng}ip(1`{8StKYW<*!<4vu8X;HS^`6kc&zBiyRa`y#qyVi;r(JFAlb801BaV zZ9~XLb9l?y4BL9;WTySNa9~N%-x|NC=iiBfKCy^`?D_GKxfrbj{KAtV>m8S)K>!C@^ICrk{FW*xp$r9Tch@MN zV^_X%=+~HMDwb*Dn*N@;1F(5tN(h&q51LEg{qiU}NX}fPbl$P!X ztVRSq3F7->i3UMw%%i3hpmdByUYdUl{@TQ8&?qR&s-Z#FW~?Lzy*1aJfZDLuZ~}!gIya zPY+iVUPNw1Ls1CVINU4-ZT3G#>Xl#R^qLLNDu>!WmqEcuf(Wx#tN;5dyO2|&f#o0Q zxst-X>hj&2lc&-u88M@DU&Naeyio(85HFZiLZ;Z^5}ny>z-y8!Ka^zt+_ z>8M_FqP$<&wyNvVvq6;=HRPOHfxS#j;-GDo(Nvc!F))(b1(lAp86V31<%t40oj`d* zmqCFHR5=JPdIH%7$?;1{!h`;Y@wWZ6q1kdchrp1KC`$Fz|3Gz?=~E+!>7*~Tr!7{R z3%%#S{i~t-uOWLG*xRrheb)}ee*Q%~(+Uxs2tVuHp}7m!AMl^tPxi~u?%P`FjW8gL z@=lA2j7$af^`oQeT}ScI`T@PuoA7X`(5$P>=XCBdVKEEykUV{@lM{%1(0=2EgCiR9 zl1)P7&Hp*7>~f@Q&uIbMW2cJF{Mn(2;so%Rk7wL1BM;1Wggap24q4y5#Q(5zl@r5I z)On#0u+{9$K%5cjGCVmsmcvX<`iC${ zIKT?q9O6M8yX}W3a)O)w1QfW#kIPBwTD8M}1ps7~GM1K6r$ZTC&cq4@|89!*|B-93 z3`7nJ4vH*T*A2~`Fn2jxHET;F4v{P6x(yRYsvRah7({k2J*{}Zpj0-Gn;4Y4r=j$8zo2-}?rScdS-6G(Y;j5-lr=8YvzqUa9RD?Bt zex^wrzG+wHzruRG4%TzgW3jCTm5$&Ar3p%`PKkeulmy7#Nk7=;N5 zPR{3c?f72+)$W)J2pu#_6&%w(>oY#^N5!yiAp~PKSGUmI;ZewCL=^Z@lG&cQkWFAd zhe6DOxa2A;t4;HUb=Au5xB1~X$h9^YPZwY%%zs2=>Q_CAdDD&T*+j@g5iKYVYhm`( zOptI<2bZJm$&~!hF**H0SmCSesKzAdEy!L2hbFsWUaSee_*)yC`*$yZ--ffj zNG6KwJ7)@wTINcp5g9!4n+_RVE@_8aGnXM3G|J@y!UMEvcsTFEOsLf0yT?a~n|+Wc z_{#cydk%@2Y||(KZBq>^-1x@*20>3$+ntI+533!~QU?@R3$1qhyP&%mc>cgpO{hUy zQ*Dm-egOu6*FgJ`L+7E%^Jf7RjSvO$QPcq~Cs40A!Gv63l3hKq6V5q#qQg7KWI-xT zCg~Fyr*=+;WmlZ_*9Ijg}pMpAoOP2@Ya70vJ8tfSZ7B|s0uBmx3_nP5z5+uksYFEpGRZ?o_&k9ed8dS znSLgd#>FXA0?ppd`#1lFsxZjnWfT>Kf-7-Ss2sfkM+czd>j%x3ABkRSbYwmbCc@9a z1az48z}0f-SNlBXNl&RjWCx%gwk(%p+T>NNKx>mM!|bTP|K8dfIT`pzI1h%xNPhaX z!;w^BTZXr0(ysfn8eva@xXgmH+0yLe{vdpCs>xFPB>V=MOk$DpI!?7WtBiU(@ITR#dQin zO2ia4)+`uqCGcfP6k(OM{_%g*@?ZTKF0uMqLQ|Ji(gGDf5?f|4+?`7f3iCLBqQP4?unPa8f<(G~U(I>W$uA ziMXi?F6b+N;ZCg(cdzt9MgZu}C^Pc4s>_G=~=;%X}qLb`OpG1S1<&u z$Pa^pwx}x5X4Jc4{_sAG29#9_%p92PdxAt_jJVS@JT*0S`_jZzT|%PQ7s}%o1wm(! zAx!{qXbG40jne^R6Xxg--iRGQ@@n62pnF@k0UNrde_x`Kv_tvb+HBiXSr1Ck{oW_v z)Egq%wYKj@EY6t}9rvJzV}4I zahsI&kW1flW@~V3tN0^!BUY=)>L>b*>9w9v{C^SX4JOafGT9TAz7cS*5xx+5JGj^s zU*(`Kngh9+kyj&eu_yM07fJUiD(cm{Ft{5aF8N{&J9XffB76b4r-2w6*rBL^GE7Lm zpRhIxYJ3YdO5rvr{Sg;Hc?*<>r=RuRdA)zILD&VTRV--e7At03cKY-QP=IXVRpjKG5r-~`+UHz2$V47Sf9toX8wKSio2^uJmduqa9c*o>uuEYGMm%YB{RYAC)^ z{NdLZ{QUf0hfGc13%M>G2IX6ifv6#sQ;#GI!fDfcqtz$3(%Ol~r&V;s-zc+RXutDp z2?$sWPEB|i4twVtwV$A*;b;SdV_UsIaY z#ruEMAbZ}ykT|b!){U=itEzsaXOa$)v&)cBfsaqG_Rfba@v7-$>yrZjeJyA5q4fTb zRqvBN-MN(I>x_+SdH2ub`#*BxBE@H=;j_}WN6UA$PwOeB&OQ&ufG;!pizdyXbh3U= zrgO(b91;=?31q%;+v=6I)2%;|-15rBpqY|N6?C`Ly>^!FuA#pLmo~WAE~sF9*@4ZV z^5NB2j8exWJvU{Z&RcEaiVZQOddSlKp@*864lZj439D1_-nYk zsinniYC`O;fvsPcoLi*Kty`jdD;rsIPZFR>Q*|TNYkfE#vn!xe{?sPmon|dXI>*n6|24?`Grc-O zC>_Zzm2|9_HclG(qxfjvP3V2Tl7q&N*G)g&jo@Wo?mHjX^=$RzQcF}<+>I#bBjBsc z$Ux4qA>MsmD{}DL7Ps(F^4~Tf?c%)WjeGA|?f{q#8QI-c&9YB!!Ureh-=#m3B;!nR zJwl(c{Ra5H1EX^4*k4~iYo8O-n3>($+Rkgu>gzMjF5scn)7Q@(vl`6c!*49d*|q?W z82~N;Y_t=etBM!kkn!*5rAhbcN$-h%36i6qAKqt#bmMH_Fqj~aqWC-|k4v(T8@e9z zs@sC`KfCI{08|G_kENb1y^d4a-=n{We|HtTd?1XU70`&fwW!e@b#;4Nl7fn zm~K$u6e}(ugsqRoSSJ6u%MXqx9vV-&aOmwn$D^BcoilaO(E!8nh5i5d`s%o-+O2It zkQPOOL8T<5LsB}FZf1rC0cq)!1}PN*rMqK>?rs6;9J;%^^V|5G=Nvuf`QHEL2YX=e zd*An3*SglV*0O4=AO}{_3-19sHnvFdGGkx5v`TPlrD%7*McQhP{3YuU4b2GpNKvS45nUjSJg4ui`ohcpg`Fi%Y`0V4` zEw@8}e*eB$Y?*mKppps>k}4hQw2owT8J1Dag$6JEdV5S>3vC|5$S{p^b5WZj7u3Zn z`;FN;$w#b79)jS2AU{jt>rikN_o&7nYw+7GHhe+F+-1!pOvI@c`{VV6sd$M-QefHpeSdAIITTOCVt`Qd#Zx z>B=OsKH_!U_8EI`t&#iTz_8+GT5@$dm;O1$bFzG_|Kt5hDS0LjeIHsW{KFD>xniwm z$E;^3EE|cRn;%|u^$Jwnzg;6sJeDW2s{^G^*SU;m`x$f9*Ma@S=0X7YH~xs3JT}VW zmHfN_qRTs17foBHO$W!?UcmHF7$%IZ5a{TyY6l6fw%bmFNSKe5;mA;jo+O~S{J9Rl zz1m4Au+gWXxLooPzrVtCl_UjVqkr~?RcjP0-o8=6CY zbbhApZGMVE39fVQe!>_+7p|lXUeX^KuGi6#sWC#1;i!Go*w~o&gAhFz`lZ63#2c6@rLEHV`?d{2h*(LOfLwiq?#-7eejw)fx0 zraaa2X3J@S&*+c)Pdda{rB7eKn{oDvLMs`}5*kCwaqAbHsy*xL1%dR;7wy`Mx5HgT zBvYlT45MY{SV7NTc>{r>3j;G2+u{*l_k93P&UK|@`#go9j@h`cjxo^m4u+b->flvy zALT7mD>wPk3tKt?jc6Zzqk+;beAcI^pWl%2^Aocf_B0hO(OXjqX!A28LJyqTK*%hH zhsM}XU#j}{(Kq$V^LvfmF6Qqq;XjY}xX829K+?ST+@x))W1r_ek}1|wDSc1ozn}Qm zIw;s7yGOW&(6lTaJTw!5b@D7n2c+n4PXoT8V*r!Vl``N!@~i0$ zLzG}Ivy*ByzcrWmn zypZs;-Tnkpp19WrGG{E#ATUTAm>NjF-GN^|GlJRQ@3iWL#$q@m0Tfk4dw~Va{(n#A zCGzOBHe{`vB*31;0vfoX{GUe#7J}+|5^l&jVB;vMh|V?QAUg$FU5 z=6=KG<9Ztr-6YlQv7v>!%{+X&eWF=_PPT1-fTua``=>JvM%99D?_)=l`2)cS@%Rod zkIIdaFKego-n=ZkeA^lRe0JF}dc&PN6!`-NB{h}q@n)rJr71@q6=g;4aFV-QAPEO@ zJdeX`C#R^1m;Yd~KWmV2aNxIjyz*K{z{!-{6l4A})KZB;iXLJe((CCvuNp~yf2`TE z#|pmJlQEV^+ZRdnVeqMT&KZ!wCVvWNNbSbjmB*(^vh3ni0r$>W2Iuee7`ThNzWW#Q;pvMe;@o9rs@kan9r z?aMWJu&#pB@Lda+PRX@_EhJUY3&71T*`lK*m-2N?{qdM0;pMGm{*)tZdIEJ zskd8MD&Di-_;s6Hyke#t@#XnOKFO85l5ROZeT06~k54o@0^|B0OrpNMZT~UZZOEW3 zJTT4Z&AQNH3=ZnJ`WS5ILIB;7ZN$bG<0p!pDpB{5}BomOeMJN6z~=zAr4T%#TkGBp8`Eug*mCUt+gyk#Ir02^qJEUNG} z=^rXCJGxX33&2*FF2XuUqM_*i9R)TGIUaRV-tGbP3^UNuaPm)KI5SfBe@|O;n{7 z%hDv>qdVBj2qj`hMc;QgNCN1)CzZPCkhb$nNhB4osp|UXd8$sp5t9S4#K;?Uko}L{ z75VdhlGVK_KyJ~BHg_dU(icCkhixt zUxdpMsB-d0CD3TpnZu!b%aiftA?_gu z`TTj|z{{eNT@z6VIYix6i5eLq$1)i;NcbW4duoUL*}%uZVns4$FN02%w?HQlZtMNW z00fwVR=Zqs<4X~L1`tbAaJi6O@!bFH{;-^ec4ebD;w&xt)>l0bf7xxC3FN9^6MhRh zn4pWF($Vv{j6b$}jgpW>`R4fLp@F;>;WBGpZ{hllXNNvp&+TOjrYP8Oo;M%w;q>LX zq2*{)x2DeEx$~Z0op2X;2=X|rFBVQ}7)tmK5d+^D>wRb z$PUknlO<*E@^E6mzTidfmq3LYkSff0hLongQ0InxEqGbJLE+#MJi*4ccNC}w7)E?1 zouEMr+f}-kCi5sjWch5VGg6t*;YcUbS}Sznf1I(`Jbpp;mqVkTcw3SZsH~q-Jm_CL zgbT?}X^NX0h$Vh=cuv`#M(IPbJFvPcxO*a3y|~5g?}51TIYlaq>kouB6yr7FZ;bh7u4h-+9CZiZ?21c@&zC3;=->fwyx_kK(v(oQnI^O#D6=&D@ zyVkvfF;eeIDaQ$5Uf3hirao?Jp^5G@dZMTr9<`?)&Q2gbx_3G}p{6;B`BF_{kV=m7 zlOUU9chC^0>I4&2w@&uB^X7XVcovJSNi2k%d9DlPcYgyNv6-uljx87Pv z?a?meBqSePiFbay;V&<^hn+sY<#0PdbtX^yYa5A2%4>NYk)*+qXzShAbkv6|Fw@jI z78ED#9;p(;`B-9T*Mw=~63PYRNu>$nN6b{e6#H5sa~&11{b2rZ)Ge&K7D&#ruhm;0 zH!QvxH#YH(fTa!-ab_r_mI^w~SLJ>a-=;UU|MCLL-uUv773@-UEmOH_fX zLmn%I2N@nzJ3dq>2;N{C*X{Str!|RYL1hhJ-=*yql#dtqii$;`3zX|i$Vl1nh66Qq zdO+d~7%4~;D3I9hpQlP*eZMeW@_LXs&NHJ0uCol z6(`1k1C{OwVCX7h!alh;M=M-7gN~Z;c{5yN10gQC1v6xU>*I;>ZA#>#-Jh>P6NrFD zbJ0F{p77Ioye)OqA^++66muI((om={$K>jltNOGQ5uZe8_|cN}-0BPuXopeGhmk|t zS4k_lVQ+w@!1Bi3wfG&;F%ZENk8L_&x;dXH;Vbzk0|oZzm|gcJs&g9vitUf{2jJ;Q zbj{ibPamM1mg}DA9XKR+lZs!T>#tqNjdE!3e(0DvbmH}o1Qku76zrTVTVQoP{6&x4 zukg=PC<(J-s=t67sI>P2#+o{9k~1>m03$gmfY$CGN%&oy8JOWjFZ3ZGd-Ip>l~F+# zF0s4I{NF04Q?6$}v3E_rYmI2;eB5egFN5lFsjEQaoNb!Eul*L{)my2-P+`{{WIYx5 zN_WT!78MhS@1hi<%dCoie3*`1Q%m-clv%zhiIW^O*b=}KezmvjsleCA{CFa0w7{ww zb%#O5r*Q@iwx*`gV$ND4ica$Mu^)jwcGR^<$*?#qG^SVPy(0g+NlPTuwC8(pgjs4s`9rC*6N2>G(#zVfya7)$9{Yd zhv>T*4Wws#9FeVBwfNL-r~mHxNL!P@g$@MWeqEidM^mcpuAAuIu-muwsBQ6YpVOY+ z&v?5mh82_`X{)2!0D~`Gmat^`h*F(KXCNniaa6Zf^pzKP!0d;|bmTEhfFQmGDy}NK zEbzK7Pz?ft_r=CYLlJbwJnFv6F6>y|w4-PQr83jrlp%DC%JCQT#L%3v#FVqisi`b@ z+VUNPtfi`Q;j20BtvATDwCf-ET<#C&Xa!ePaKC%^uHwjIGYZgLu3Ld&n$e{5mF-sl zgT87Y0M8VsV454lIz29X{N_$)DND5z{eQyM^mzWoQ`@R&vu$qkfwCmOu?!=>l~ zTJXfl*F}5sDX`F9DZluT$#nXZ)YQ_qao5}gUr>Q;(~rtxBSne~V*wd%ckQOE_ETA3 z0n$w)rEn>Vqp3dRn3>HI<8Wz@YSR-{?GPe-imRbL5!M_xmdh*G5_o2(L%Q)5Xov~K zky6b3Nvpz!KhPN~T+t)n15aS;#w>;tC95uNMac`&RIFe9q;T8isepP!8Zw+f#zo+X zVzLrF{%-GeGOF^@mBLNJsf*j}{`{kW;QG(64wm(g%FRMTLS`M_l9K97^1J6?rrj6y z#l#0IoS)y_C?ohEh8qCZRAi2ml~%07W3X}TbRI@-5dd1uI^dtyiVy<)OkOW`0@v@p zLMmD)BM%PCulu1b&?8>|37nySOJ*uSQEy4^RA(H!%^|hy0JvbU%+d4Hi59HU0$t*5 zk6H4od5xIsz4ttInxTQ&?GAitP03TS_daaOBWKx`tCD$vVb9b-xvo*9+dF1WKZD3w zP)?2UCDPB0H#vCEOR&YlvowFcld(}RNnWcEx0i&#W210o3IAa2ahUYVaE5pYwebFF-yFSqGn^$&rqh4Ad*nC<$xdFkLF2_L*w2GH_<+Fnq*)^nsMI zYMI@qDyxf2%HCQiA&gYG^3?uE9F^}c`_rw-=w83`SCns+0&x(T-A^<2LTCugA#amW z_Mts;j$u*6X-(Q}So_Qmeb1}cd_d7$_%0Ilg?neiWv-!XtpE`P&y&5?28Evv1B*Hk zJIK`el`}UaKL6THN#oni<1e0u z$PHl_VLWs7?dD8kLGk`53Pb}gC8kqPfWBOBfDxikI4lBn+^>o7BxGe}Tly))tu|K` zON_^g8vOa3UgGGu#RirDsFwJ_=leMPck`a&j-)e=0k=OWv7IESQ)F5u0+7@Ku!FEfo}^l1!&t{|I-^K{3&qm@Oj@5ssNe zT*do-3Q$Q_H^C~`C|JnCaZ^WG5P)Dny~~4^vl8eA9qcV^+$$G@iL(!k$g$GW)AhG6 zQB~{R@Al|aBwfi>lB5^~Z-Y4P(4TOb2F%XB9eMNYzbLF*7*gx$+I}_^&DP^SoQDr| zZ$K^ulcaQ}|IbYwFdDT0{cm)zOGBmz|78r`GTUCKPVYQ`>yxbKVY&nwC0#r_x&b%0@#Z}QA znuCj&%E(}2``!7+B@Dy#l8#(>Tbg0)hJ%42)`Hoeo-(sZ`D+~?=Xq+{I+&AiW!h%bGM6`$I7zdT}r=TJAwnwb&+e3j>%Gpgd+jEY(JXr@Rp6`)im z@@Yf!Pq7G(Q%E^1*YnB8%rZn%lFx21(M%!Ec&o#nL*nV4>)l^&z;b*O^BHv_XVi7n z4_h)Ce!Ng=cWEz%Ou2cn8DLccH|s-&IkYhBe8uw&PrNn_p|(scf?cQR9xGjID0q>2 zoMX%|sQCfy%S|EvS||D}AQp!%8X%_y0;p}DL>-3*WA?;Bf10~rkmI9J(b)W^AuvvN zh{Jz_@L8PgtJ^aSV8-3YRyRKyY+tSX7k~sJzYVo#Mmo22K)m!mNxx-EXXSD&dF1VN zG)u@xNJv?V6k@zs)l)&h+?^zy`fGra&c^J9hyg`x2ljrvkd}TJ-KGilVPiF}xGWRp_12a@L3)D*>Pvg7X;-Y> zukWv@tF)XqV8uGO-@}9m!8wOv8o2p2$2>q6LEo$_8xXsbL_%B0NXOQC#Gdj9C54Eu zLZ+b3wEomxI`G*T{M{z=Vn>=yjf-;>OHcYs)2j0b@5!Dz&8$R%s<5^2YGoF;S|TOu zlC)SbkDHzZh=;u^&l|oY@BK;{E0Sr{qA}fU3`u#!-n}*|sC=1fzByeIh?!ARd7qX_ zmEhu{x7@uFDO^H(N?=j^wzn6i-Use#tF>3l&N~moY=j1O<#l{mwz((b?fMXZ9ShP2 zEw%y6hci3BgDd1*i=>zda&OayM1}bPO#*cRY-9!Wqex3%^7&-2mB3%64^+q+52UfC zi2&({|7PNoO0a&~r`6R~MIH~nz4?_sONv4TNiiB)k^IS7(nNXI!C_#x>N9B4SBq5#%<>eo>!aK5*AVa07Sw03r1-LmdHPxDC@3B~L#ewsY!pPBQmm0%29(SS!+Zh;iY0!Kq@jX$`jpzSx_Wxc{nknRSDZz6op{ini z8VFjG%qpyG8$%L zAJ?y=4vczP)=TUSyGD)uz*h`i)DZp`M=y0tFyD4CuG*UIwMVZi4p`N?ug-qqCUu0RB$2wwCBedYmz++jEx(l5?K#c2&z^o<4XZ9*N#- z8{ZMRD<4^Qm=kn|ZWttfe2<5w!9w(P%T}!ffefQ=XA)mimeImX7Tb?->?(0$LDFzB ztYVMKt!w~+lWaz6bwlbeV=y<|Q{xEWNyfTR>#y=1KM2jf?}a-D-ZByJ%rdhF0dvG6 zC38R5*zt!;^>Uq`-Bi;kW_O)0hA13bJPc$qy;_E+tZyeOS-<4Go4bLUqGo>gGR+yz zgLDS_oN3w!{=oEjn<9shj(D&zlF3AO2Gj9)=zRKgX-9qu=JtI#>cEgmT6>2>0ALdXa7`x(2l z9)qBq|6k%IDKzBYp2eQRQ*52H_dU zib#krdk(ISeE1h0l5f%_JPwTsQ1nBBp|23~{Mhbv@pL-(tg+7z7&Zo@F`aI%@2VD> za@=?IP^fmGI!KeWp94Bh=4Jk6mn7!2siIp7_Nmk`$Q4k+MJ%-62fJZ@5Zemfrtm>ES>Y}l=YPt~*Z z>3dXEz`;r{Z=`%Ir|i?nr1jPQ)IEQ}OC+GPrX$ne@b;EoYS?g zdw;1=4AjU(r?Rgm+-TKj4+@2oRWGZIK=$*z*4z%9wS7eJ@RPPHxZ`?J>GK(MuablET93h$p(kG-NaJ57Ck4rQb*OdGopCX zhVoXA`4ROYyGghr;rr6r{@}bM=>;-A4tDHPx-7efRw64bZeyfsOi}mzUT7 zEm4A^9-`9UN^n-X71r&)0SZaIjxbu)LOoRX(>b)!Er(i2!XQxa_WERd%6i7_B-wJN zZubas!du-9REucr?ReZgH5< z$Wy37-K?s2I7Aw}jEfgI2LD98*&jsxODOgObpYVmmK0~BYcA>t80k{nkT_mW?4f%f_y}QbmxaL#{gu{aB*Y;2 zFq?7naVn>4?Q|ep`R(H@xz&Wf(nzj`f3UzgdNwfT5Jm>i zUIgYnu~<&?nFHB$PLdCc5BZKq_0h4gY_+z^K=rO?FST9w-gHH=icSsWTM4EBig~Wq zK%$QVZs)TL!Ggem(j!YO<%GW?j$aEdR3-#H*0PO%hI-BfQijP12Ho26M4=c=My8vd z&-NF}yZILstYy*xPn(zt2lsYwS}0z0b@1Xy^;a+7OL3|uo-Cp^&fya zdf%)&9N>LE@-tNM>Z+Fy6tc9hc5%Dd=t7aO2eTfvIvmPW!M$UWAPU6e0w}3G{z+mb zf(g&?GJF-eo|VjXt6>;xHhW6e%F?AhN%PJYR;?WQEDvcx#Nc1`=NquliJhg&8F;*o zc119*Bhi}DtI5D(=#UU1b%zTaVXYw#06Nq7iZy!ZpiJEHaBT_;XQ-4Wwg2j*)r_b6 z_UV3M)ZbS6Umt0nBVC1CU5V$NH&2%(53w2b%mU*FTY(8%N7Uu)Za}-qn!^Ft z-n7e(?qr2^c}e|1$=+n8?cV7^@WObhS)~K-Ypp)Zff6G1lJ{R*Wn)q_&uoAq_t#mN zJL(Jsl+={7KzRG?W)D;+SU~DuHxvBh$LnA>$&d<@!3?K^Zmzu*!J9GtSGRJtzwa_k z)=NffKbY7Ycy z?xarA8=#?^d3=(ti0^@+NC?b_?&`i8I`%D!_db{n!!w=RL{*G~-y{muK72^z1r&h~ z!HGWd#1m&_fhAfA*A=Ogvk5G;}9;|CY; z@6z@g2=N1gT!l<+enxKEx%N9Bkt9E1NGK$CN=NEhug;!u=iDoPHKxx643_$Fy0@^0 zP|=zD!dxc=_+9>CS~!tS5a2-oVVMw=b(xOS7W(d;CPa= zu#9X+$t17OyHlB~UEGhi+PRCHJ<&K;=(a(?5XXha>-b)I@Kv}Hkfbi%-Pv1c+XG5z zc(YX&t89CI!wfW!kd?x_OC>?ehOzFCrkE@p9RHF4sbHn0NrDjG2i8PR2CgX7$9DBs zmjE$cQ_S+vgvj^Cbo4q%2tvg1ICtGyJ2FIYr<|lvw+vHi`v&2HoDiOR$#PV=A8_BX zp7ElWaA2>?NCk)jw-Lc7UwK~4^-l?=n~Jtb2m<)h`yp{)mI{^7Q-(5z&8t^9_)TsQ zgP}Vz>jq6$_+s&O(>cECnR(qJ{(fGd{{8?lR-^#TBT-Mi@9QwSa?B6++Am7@%6xC$ zSM^8ZcNf7SbQCEn@;{GWr1l30+4Fab%SHUDhx`*Ixt}<%nd3_VJ=&X_aRmeO>#uo6 zGQ}3C9Zl!j6KXG>v$Hdd*dMY{aep}UCoOQAbInn!#pBfYJV6I&4uIL@#054>QtW2K zUFKuCa)4|SXtswoQEu4=3`w&--c-}9v_ak5+xrPLQ*|JH^5paW5(15`zu$Pe<`vMG z*ax^O6-dFBJ3E=XR8QqW#DRw0MQzvH#zP?H+I=3%F!hk-jSc_2DHqe`F}BRTV~v}J zo-K_j2M+snFfe-^35$>k9ITf0XWlN15y=gr4AggC#^nmgKPM;trOh*tC8OfNl6KV4 zm2Cf^|B>$odaWn>vhH$Nb5$37RwQ(iAzV>!N%I8pv+k%eJ6G*U{G3A`GFM~O0=&=e z4bbiq+mco_{HvvMrU<2UXJ9yUZVFwF6j=G5;8AcQCLC~Z@XUzi z6IG0)7#V8w2ao<+Q~0<20ZfsBno!fE%9W)3TSWFr|hG9YMEz+{qv!9h!B(jsA?-7SmB043l4PYR%e3~islyVOV>ccPo? zllrMLTx{$n(nJ@eh3%L-7!d@98uiB-mlvd#^MGY7pSn*f@C;~wb3OIAY(ngJ&VmMl z>{wHTB}qG`Q};dS=CJoZI#%7@$tLAv{a)IN;EzV3te2@Ddk!qLDIQBFm~O`{-_o02 z0}NycCY7C1Q+$Rc&aLy~#_yC}Q+l+AEbv6;zIuC>?TtsD$HVz_B6~G^`hu$Gd9w+e zhEB36Gwy=DixSrlVozQ>J#%m5#G2L)$?~P=Cy3}LvZuSa#dh~falBY1JkD4z(&SqV zXFce@7n~KyV#UFq;v_4llI56mV5P^w#Y1P5ee5n=H~0gm#D3Y(5xZiL_=5zJQ+4VPFu zOSjb)m~+zDuEkqkO(Iu~7+LO)?XPolDL*@l4pG>;*r^X@t~(XU#*Rre-!BeIq|@!M z_weAmxjX<+v$#8_bsh!zg!Muz4EOoa3+$2DsJff}Oyl92bbV;@4WGw0LxS@rdE6_v zaq}6=x-)8Rk1PA~4}ZKMUSyo>qDSpzaUITWH;9MH!b~2FOE&Oxh4p0HcF?h|98Ia( zkpjaNg($4D&zj&?mxq#uyp|!#`8vk6Ul~$2RPIPXt+#jIEZJWX5K(~uaB*_Nn*6`;J|TG$OX+^YldWtMXzH$-%sfJ|LTl^ z^D|9u#g+`l$dR%_^ivklH6m)p%^ym+Ek_&eHlmSM5Dn!(o|3v9qXIoVmO1MSs426~ z<}Pkp4)ZfAwu*o{w9#@)QlKN~Cg+XVBLI94i=-A77ILX~SISth8nVZP#F$pYq~MNI z_Jq?wt2@`DEx^+mPgQYrEyumkXpsuvJBu6y@`V}2%x^fpM}>I4AaT0`w8pe1X;KMa zRIPPBVpK`B-wyeer2SXusZFJ@vlL&Dw(O(i@gbWc&}+Mq(9IuUrN3Ck05qsH@}~%y zP5y+>>;3K(#TktYL)WQrH>NSQQ(Z6yQ_%LiAE|dmAHK87het;w_*y!svC2c;31NK}_mo2|*a4$ga>p{CKp1|Wcd@`gzYW%12#%zhJ3Wi5 zK9xXB_IxeQ&UARcs>Tn2XJ8h0p2SWCwf{*h{s%MN!Y3LMuN3Tb=V|3!rykg7&`Yyn zhF~Gn0|Lgq>$XG+KE9ft=j4rjnTakB!y)KLf;X43#WAZuFEdudE|5eE7zkMo5_#+~ zaRo0~fL@y+MuJqD6DbDt>}LI#U!QOZzXLx8YF5bc719AE4<)5$v#;%n)$YX=x6@m} z`=sY2fapR$(RR735oqhVo9}Uj6)bpN(PlG3#9V(_q(O#w019vvJk=>gQA#JBd-%`^ zSf6+n2g>>UA0}FzU<0lMw_~+u0?{kbgGwctlBYbnWq%Y+LDSd*V>X)YcV9nw=j2$J4@I&M!+fq1)N%Gw zqRr21b(H0a*>UFVV0b$>VI)$u^J@9!+rfKkj!xnbeh6gn>;2y89+g_0PBP22Ao7uq zw!Z|I{|@i|LUt`oAu%zZx2lh4W9aZWvvf#N&|Id!WsdT;-2Ek}@>D@z#ll$?usK>? z_^SMkBs(&XNU7zZawWlb!wzAJ_`(;m?%Ytg@FJ^k5ntwP)1zk$7-!i~VloIQjd5SC ztcf3Qj(sE-^_$&a>O6nL5-q}Nyvh>zgpCA%j3=twJk7@Ja5zjX_xXFE+O*`2lCXXE zIz*M*<9^UHfyF8wyho4rems(&?MoItow>P=G_!I5f?L(1cb_I4JU$%ZFh1VkEDm@< z2hIv`oW4QFo#8@qaB*nK(QgZy+sLnPy*ioE`60ft{Tp-kSwkpN(if~>Jw`1I8p)W+ z+<5tmwcO=I!bnXBk`-@WM_P5yyzoaR&>#>{`{vW4L{u8moMpp%{Haz(y+YZtNE~7s zpAAp3;ME%x@jG9lVkO33|MHFaD`=1dWvSUlBrK@z(#8FGgp@H?s+DMU&{bqrf;7DwLrQ!oIN7fYORG}45hgBIsrzyaU!AAl+3bb}#|q70~(?*q;5pAHuIg zH8j2*B*YlD4v54klIrwxAoBlZBK`&lVF3-(cm1t)t&XQmgRir;6DEq(J{^8UOaH}? z?L7MFeQ{(*x+-9Yu&K;e+vLh)bG}K88W7>apXDTe&#LU_%2L-|0_M7TtlXN{f}rvz@@7?tb@4VK{ie zIF;P`g`c?oQ)MxHA6^3Gc)`GcZrFpIcJnc_{MzN5OFFEWY^hvP@jx4m%nItX^{s+$ zsfA9Bd@JNLP763PaonsULb?#7Eip$g14sKnl*!y&Cg}sr3u1u3SyY{T0n#Uo7B$6e(>;zRp>4vMrCYo-fC~ zO2Lb*6ZN%E|8Ay(AHsfGT|fUqjcqR)zI^u8$AL(Uu}`0Ju0NN~l|i(0{~CmNg%S!@ z9qYeWj^l+Ldw*=Vd<^4(t%(vpWVu~|b^sU1Qm}#{@{EK)%i1#WxM8fndjW(oM@!hL zVh(q(o=)c!?vei2;RCY%g;;R{w!JFAaQnveF3L_Pro(L8hUNV zusNCj^!l=6BSb3ScPxh8+|Q(VS-;=A^7Qm(TGYnoyX^@;XNc6hUlmv{h@spw^jO7z z`ZQaXS4D}!!}a*hNV^`X$711&LesOCqwmMcfM)S606W+ZG=A0F!NLWqlKu{lfx?O^ z893Br%P}}Zx@`4hj@o(r_4fTruH`Cd%pfIcNKUmE+g)9 zig!+1qeUvwO8&dqk5rPUU{tq@GW1rg)aD0I;;x=;^)sOJ$3U72i`Ses7o4J$i<)6g zk6gNgf+Jtdg@#MshSB;E1cDQ%C_D2U_N*{bDpLyIw$1A4w|($$X5wECn2PRgnX1*A zP24b=ppM{=p)6?1)m-DR>l&(24oP9>6(hd8tM8+6(wWpt&?O~bA$8g;rIuo*k|4LR zr@Gp)Z`ZA8yS`dtTX~o%7r#y*6|T_>oV{8LFYsBPrby(=RY4)g?NtJCN_Jku$tmNJ zI*NqLW>IdB?Ht=+pxEmN@NPfRDrXoU0P~EJ;m}3bsJ@&J(h{Wu-{0fYfnVQveJp&p zhit?Jw7+asfGdCe4}3^^j}8>{oL^7t@K(l^UGGq68FEB2a^EVUfSDE&0rE_{VJhXx z{@6^ibgAyOje)2W3X0BFgFKVqQIZH1nz1 zQe~^h;%9n#x4-$gf^Un(2rw8J>HKW(prN}T9) z^U=a`QaqTX<)kJTKapgZHWM$F~*(xxIaxNd^da2-CT-_XDu`cG1UJdewtq+;iS zLHo9pSDZ{UEV~gty$%oqR^(dB+8 zbI;k!{SKWQzvO1|s&4xAPk=zeb^lBy%I*Xd#}iE)6|OIEbvU>>Rm}yA)m|O;WtwuX zkc}LAU45VUAqeC%G_;A!Pr3P&lr$KqG7SeuI%)pf4heaQJf;bxgAEY7JrH}Ng;f|i ziGOQ?VhKY=s5DFoM3CJc=pNPth8nm32>fc;rHmwHGkNR|u=@#5o-7x3j>R%W zRWT7Mg(IHER5fB%%@FzQP05Cs=2ezft-lc2(&<-Eiu~p79-Kk^_ z#B4jY5L@XNbbEQh^A*KkWmD1%jOxICmh$tMg3~-is^a8`Q`f5cfdtSkDZ#mxj43;l z=f`R2U-tfYnvEOTp_&*d2>_a%{wCb^M2_*iUcl%LW}8gvct->A4&~I4d*c^VYD$q| zC|mxB8TQG7-?_?HsoZ?R51^UfE_X#+Xg%R|NA~*)+TzTwpbn&dG<~)ENal&)6GK~v zrQwni_FIlE;Okd=hh`NwI!XkjHd&Ia6fjv#ae^zGJ!^xRL{j#qR{!!zz&(apAYJ9U z@HeNQ@d}bo`Q;&04$9H;ZYz|NtWYT5y@2ph1wMJO`QeDVJ?4`d-7_AeVj=>FaA|>h zNF!SQ6tUNJt~bBKS#KqVY8@}?+Hn(aLYuIKo|tL?vzQ%rV-%AZIH)Q?V#wS>(pNDv zmrcK&$xqRqol1aqrw~uT%~3Ih09b^AxI2emQk%(}0cMV260oCc_U1}Nr#BIlb9W)c z75dFWliA2{#tlOiwQx9WVDaW2o`S(YR9eptqx5K11RNf2)^}4-G(9AGXl=&3IQ$Dw zDJ-KDS?r4~anAy?YQddorW3BO0RcYs^(TD3ns;FXYnJs_1i9*^HphwoG1EXv zw2IJ;e^5S?X3PxRU|U@cg+utvv@JidtPJQ9AP(j9H9#^tn~w}Trw*quvMdvVhfB4z zH<>CX1NJF;KL9p+=6Kmms@doTOzGZGD6dHbRLT&0*+=)vF#LRsZOsZtHlwPB0}ZMn zAdZju%aueQI{7eyrSLT{)PmO^dkcQWaC9(Fi;0-)gRwJA8aAHqm|FyAYOYLLGXMrX z?eeYQBfqS5*j(%8I_w@)-d_E0pz{01RR9`-^l)?KYO(#h;wK4c3R9_5*{e2j5E>9? zknXTqKI3k?;c~X$f4i6ubKxJVIAMHMu4gtQYNrdu%ua7ci!E=wqK=Nh&(7uwh6P82 z;9Vh~;nS1%iFp>gr}Srj%gI`ZG~{&}w3}yQ4Nzh)k00WzYDNCi8Vc!R{FDx!^d_Nu zn_26=rV}{y+{`orif<37m(!$7bxV2SXm5uTC-dL@tdnmwoNbq%x0dwftxf(UKSC`$ zo;$5E(wP?!tx?bPLmE&`($^g%e9o&p3O(RMeF;XL{-D9A4$*+Q1Cpt@4p_G-5m~b> z1zRB)Qma+djQk--EA~>m=0^5ARJc^XnQU@q#0OA=kJIHLl+*imWZg|>j#&Od*Ei_^ zNFrB!l*|x%G)HAF$h$tbR(MfVNXxmq#*VgU`gt>8U-Xoa%yEFTh0_v}TuBnKF+*c~s zbM&!erW!3RcprvI9RpT{jIT-KiOIH>UnnKz$7nGSFA0B^X)x_<0;EOiG#A?VBE%!z ztFBBxcjPi#g~zS-;KX0bG)gexBX*5j?;!j~^XlLf3 zU(&zp58vpBXneZ)8}a|=+*{cG!Ud>$a20N0p2?+K z-wmSDf+*F$_YsMh$KE=A34dYA`LKf{j4qzn=Jdh1{i^ExRgE1jK_p_<7=UG2KrdGP z@4q7vsY=hfl(n5Hyyv}xh;*f+ne|RvUZ&gBMhGqv#z4EhOPlmp4h}4!n9rB?C!s7v zLC!*v86rfuQvlcKi?ya|zdBw#<9?l&E#dp~hVQ|rG8|<72*GP>zB=B7b=G=HLvC+B zN7!!iAq3vmv9X&RY64W6HmZjsE9^NNpWK#3+k7S3z|9a6seNytLMDkSEvO#hGZx$J zlw?UG=78yC7CuR*=&UtUcC$N5h(^L+Oz6<yzUgZ#^)rfUf4Om!)`?HcxWs8oA6^g#1&{JWw%S#Njs8DR((Gal!WZ6&hpS`4v< zdjUCJ7va$?;MD94_s=)`{k}3!?%hH<7xOu16$qU`l>YGPsl}oi;>@a7Z z5;vAs2i6p4yW@14wNy}h;yy9hSGv-?x+JkDec=m7`=~3oOElMEq8q>&o~Fs%X5DV< zwRItTb`sTZw;bE7?J(f?jfrz`1a&0Zn#`d&(?-60k(wIbRF5o~C5Gs-94sFDpq)os z8Fd4WYX1g}=p7aYZ|4p3WVyrCqqhG=wFW?WIwKAtli|!)D5mfbTrKr|B1`XIx;{*X zS-j4{p7%@Q&Afuth;bqoAUC!#l^8DZg+C3(Zo?E<+Qt?j0>M5l!&VfmF*S zbV}I>U){qw;JeH?+SuL1Vh(q@V>eZvJ$24)x2jNXBKO-73bO#14IQ3yD--wL9xApB z^CmJW_oWIFRGK7Uy_xV{+vBv8^2P?0qA5L4ZX~4um$uz0^`5kG2c&3q3gxts6CpFE zp$kXG1U}`Yf%~I~YaOM%%P=zuxxJu)lzFo9cccSMDCAya`3;15qlIEb?T1NaW8n-- zukR;H4br79p_;qA$kD!RiHZEGTztmK8M`hjoh1a0ty?U z+l6{_4p?%R%Op(^eQU!2sLe{E+ZE^=NrPwlHGmdVA#4%wR(I3PpbpqMa|3r!TjJl; z)W09utBB5Ox$D(YdiUlA(3<&mGYC%!Dj&Y`SCgB1iV!yhyHR?M#wCwOGon#;-HMQQ%^v*t?ot-b{2PXPMBX(w9a0I84#MSQs}#BhU}M_5gE!O`cEN&5OWePY+W?x{HPNMG~|>-KIJ73y<*GI zznpqR?uGbnI#?GM2+WXLnWLbfum&0-uh@aXuU4E)o}A4e$g{jVmGB8`C^uYm$R@p- z@tCRrN>%-V4mwrczn8WF{5egD6l~1*JPu^Q`eT9b)vb~9r6X(PfCa9jmrsE2*sU?q zQ#y^Onmm|}0(rd!3P<5W6Fd-%LtCJ60se+|Wg!_c96C)JoK0q04^7YkU9C)_FetiJ zX!oU%RWp~E1B?n7@;clz2`mwADBU^WN?Afr-a#nlYvQH#VQb1-2B_KMwtJb|cdjt( z$gX-;_d(ug!sHl=ByEzIC(){67FxQJIDu*KR>VD6JH{F3Xe4IO-z$05+2{eC_*tV~ z=KyjRY~4|DxfIaN`vDfqwYbx}g|2`eqN1hY7o%A$_~xl;*2)?`|5rGknH-glxDX^E zHOLeGk0w71AE{kEj>m2I15c?LYuNga*}n=qoX}SVmF-=j^M&(AL;x$u10;ECPUpXb ztfvj!mfv=*>CE-FC04nww_GgjFG)x7n)yu#$FiGv0}7{CD{5VaD;4FzfN(M@|Ab56 z8uR-2TxWNfcPATn#V&E5aPQMCZO^^mth=JPcxqXD6k!|ldu(DL+OU9296511y^0OV z_>sF-Uz&LXO`PbsO&VIbAe~{UV8LJ`&)RgV0g9VETyg~db|U1M{B-e?&G=TslD%oC z?o$Dc@W4doMOX4tvVi?e``B~5d2D~M_fWZ@`;&ZMo}&Y4y(&NWB(3mJa)*e;7pAT9 zY=^EH(?(%@ZsIXolpTR*7#`uP;UP1AA2}KM&IT(r*yujlGQ#zx5TnlP4u|*%#^u!J zD~0qp(s54o*IQBv!EV}aA(&M!`OYNy9Im2bMoiP4>n^qVxt8G2xx;=hUG=_7@nSN{ z%y+j|4X-O2G)fJ!&qkR|c29OnlBX#nF4V1qC(wmEFP*K7_h|Pt)Gt%dPrZ?(i+U2+ z4<9#eULQj!FF7iRth$@t73YTBcsv|&`-e&=g>e*0jfeR77#qHiUyHp?((_#%aKPMT z{zV@BKfc}qs>*G9A3h)oh$6Wu>5`W2?%H&hba!`1x1@A#Qo0*S0qG4$cb9a-_j=Af z_jvF9et*Xvjy-UUEqkr?uKCPoKJ%Fvd45NyC1=d>tcNk~<=)2ZmoO>N31ZU|v?v*NZ^UJ_$d=3Ev&n%rHcF3dF0ri5 z*@}1cTwcuRxyl#-YdBV9k1o^vM7-UaOEBB)PDTQ#o_%*qJ?5NqRqJ&#!5pyZNX zCL&yp8#A@Fv;`F(@45L`o!xaH zPBFShJg+L@+60=`+$_|8T+Ej}qq)leklOsZg=6VR_I|Gv#R4c~)dLw6OR2S=9$$ym ziKh!8zb?2G_V%(%gf9Qab3eInQ+zaEIA9h?!hVJb=4kr4Dl(v>(WQK@8joC;j(=Zd zjo`uhMu=UdS3TI#9*4Toq8BKvk!dh5g0-m2q4c1ol&g5(Ki&O&s&u?lZCG!+*-EpSWU@c$dLHAx^j>(m0?@^*1YzlR z#*s_gt#rbeV)1)D>0rO|$L811b<|ae0_rh{3?0{BZr>Aae+&esjIS@cF4L6=JN(t? z@fR8=f0zBnPvW9F0B}S=%I&j$XLpCd(PbL_zQkyh%#2e*g`YP!zz!%@RP9W?41GBa zMmbU%;!|jl?U>RUlMedMSR%Fl;4Mq=LrVqH{{~=F&LMGc9Hk`Wx_s7^%_^oZs58-a zwAvU%k@BPh@<65TF~tWj2MO%*;_zaiK6Wy2N_MUS z%HzUO&`~+}b`ilQP@6KEA&~eQU_GsEosYW@Kox+E2m_jD;YhiIvjyw+r8r4rlyX;1rle8^gLC_uVStpJ&3C zV#STR2BxmO_qlg7(n-EKTzk&*(35w);+usf{oeU9(){z~rV;y<&0@3uT2I)I8q=8h z`(u|wWnyV=FYkz>kBAM=wj2#+qOEN#fw6^zfQ^`Xs~aOQ(c;h-eSjGMEs~=!i@XK#IS_811`S(`{hmL~P)i>p4m`Z>4MtGaJVN;as0sEZ7c&V2>-mFU`R=VQ) zOX!x{Rls!bMvsp)<#;{+KvfB8dh#U_l^tTj!7biyu$l+D*8*P8E{EI0{Qyin<>>ZI zng7eJ@we?xX!JX((cFfoc6a&$R694*f$8WGfW`7^hU=0&+FMR9gezHWK+>BLfXm35 zafak5LhaUmb*c54*Rgrtrc|vW8n8v~9vyuH1W{2ZCl+AxL#;F5bW^JG#CeU#&A#w1siwvN_COs#1{2 z-;Z=W!Fc-`WhtUI07+OwwWrN*r*x$k=#VjrrVeJGHx^&{UX}59Oxf@CtJ}c_NN{rp zuc&GaP5j`-LDmf`L#!sBty8d}6mW$6sNn$D(p|(~j51$H6JPaERMsf~vzOhb1!wNh zDgIn+CS%|ca5r*WFj#QTSi?@98DhJbT9j|b8HY&5x*$1n9$isR)Rq)!`Bs`Yh&};< zdqgTOY_ERjO!>1aY@Gwm#eCcI7uO#Q4&sV{ignO?n4oj^ru5g*EFw@2@ zWpl@iL2jcc7eKM@dj1RCy{kUSi_-V|MPTA0E%K|qV#V2vr-q;PrZ4V(6Q=*eJ^adC z7fSr@W^Nt%)CMd&_(}qbe9~H{>FUl7U0Oit+6^`t^PGV}LF+N2?S89yeHa!hqe_%= zD`g!W{@$J)j@-I{Q5rA}uRsOMnbvIuFl7TYhW%t>(KsP$Pq(f>vJnF)4hg#9Fa5El z&J?nwGB_Pypp`q<0!<ZU2du+HmcAIr5AzJooiF!)^vy!Wg=TElmE$ za}sJ;Y6Mu2he}m8;iV8TW_uTuN)({Hiy-kjClKUu9J_?x?tWG6>DiLJbQEXmL%_|= z%zZZUWHYmHDAiO!VOd#!U1@Zpz2x#4}*ss*yJN|rJ*n}1&iLbk=m=g$OuKkzHUn=cH3l4^^6ZX;1BIGs~EW@6XLwZ2 zsf_`?9ulV1p>}yj?MQshbFq7oYZv~0$xE-@i}T`Wao$S8^>_(VW!OIfpuOQ~Q&auL zW@qz(IC5Z?blbrJ$lL!91i!yu>hJuKu5ybm^8X-j9^|91-R^!d=p%(wrnDzaEM;AU z1_3!Y6y{~IN$%PueEb7p;~6ZiP#q=%sBmDn>(DK=mO25Jp-)mYs+4QOj#zASvz>F% zJ5J)PA#l=TRXbIq%IxD{G_ap)7F2=db53gx>15&al-f8-j)qWzWc0h&qUp5XEOq83 zQ57;9(Zp#2Y4%3Y88?o!B}#mo5@|5Opwbu1;mL0)8=k+cDnCgQ1P7Wrdq;aMeO%hv zF~PL=ZTyL7%}-#BS!Kd1!S{5-%-0yftwLvrQn-Y^rtAVv>@8k8VuR|0R?qTI^$!uX znrs`mAU-OE*2w8GYcnW@Lv)|ROQsJZe?hjBlSM=y6#N5D;Qx5h1`3FY6h{Rq?Y&M^ z+9O^~&;)^t3ywE{31vHg(jo_NYMl(<;ML7tnyKKKy0R6(q){p8>e_@(PNuzm`?d$| zf*1qsH1G%!W@`Z5AH(T1&_>eTxe(Z#JV5EB0Bq1yFU1W|2$UbqLr zOiJS(A0Iy#>rkV*zUMSn_x1H1AWyu>PpY?Blp+<2%m&ob1=F@QDNNEpwAqqr_4wenih;Z$ke- zQm_tOExdo7)SE?He{UlCPN&^aeKEfr=jfifu8!2=^nB%(eT$yEO1M*}hYpKgbH zoJzi{2~-R?evGoa3wXY0E2m z^c2^x@t82)4AJR?J>NgIt~_I3H;=MYTXbMaB~i4Oa|Xnb+jvMA=BjP9>iijmw=4VL{GZ6 zu^|)Tt0$;Z3aHSo4{SP5B7L9m=bDYa8IJ#mQQo&wtOx64kA$tE{-8xA9!*MRa9CF zazLqcfu+qb62xiA8w|?;KXKy;FTZ4@W|$ui%RtkJoYSV=AEsiV4)eh@7{?Tf9T*A4 zk)=KL$_b0G6LZd+5PgjtvB$@TAC{EV)bZ}E<{48W%25n$t!Hrx5~d4gwulFIl0<0` z(ni)D$*#Ry9GN2i*isbNE%&Dk`O8zCytc0K#NMKVpW#NCe=saQ_V@P=t7*FJ$_XVj zON1&RDH`PL);PZ!DOQn6a|Ig{7)Q(^UMXP_GdUA8uy=E!)0Lxg2TK3cgU`)(B!O_3 zdf}Al4fuPoxkBnM0zFGI_PWUS)IX=b)1|^6T_^qhod5e;`_~%*FzUC^cXgjoAWMp2 ziZKWZ7Q4zK#RdE`qs2Jt0v+3^K19fa7B^RU&CHBlz*fr_xf(=01b%@g~P@ zMF5&pQBz9+D4im835PY(WK>Va$7geLO3sDFKyWW+vTz5k7--6qR*D_8fpmww8I69= zv>1|=MM$UJ7`x@a$z*(Skj%cUQ%W&D`?{p9+!M zru$@30iope?P>p##I3hD+@g;aO8201Q`-erSL0IIA{i<{gbU|$ov6G`p}-c>_rYsH zOyx;g&mJmb@aoWzKYgbVOt9wpZZK!p>_qw14&{+mx>ME*`HM>IAUf_zEBy0iscdf{ zFKv0WtgIGr&)88seJ87u5&SXcFDlu+)2DQXgeWw`YfixjnL@li%}&U zitNOSn=^HHi04;d-_6;*(?oMCy$K`U`O(XHoTcfBn1@4bd#C*dnXR!f@mYTnxBaX9L<&HSXiLixqkud?#p^q7k6sF^-`my1aJp zyVSQzKPKZ%?m0sCZVKC2iU<5teuPCt8*pybv0y;Xh|F@v?$*(Ks6n{z2TTxQ&PgCGM_^EVsS_`y?(umyykfJF8v|48ec~stXNeg~#`e_D3{5xndRW&O z?0Hu$gVP5w>hiGCUMlP{k0>upu0(#1{th2Vdgeh4ez;P8)f=`S+e8+e^CA(y*c1uN zLTM)K;087+{W_Fv{0-9o`v4FXA{zBj)qPD4*#%2{K~wB39F>=p6F1gN8)yI*yB;m% z0F%7Ux6^3ufUaoeFY1gIKPrh2mpih67(BsBk3{th7S`M3V39Kw18GjgYSuP{}!&FvFMU4FF8VgOvDC{%(wwp_olh`r0 zyhWo}nS-B=rKe zm?3bQ9kTw|Z@k{G@}m0iTCEmkvg&NxR!9UyADELK?(t(nD`R1Yyy~7UqC-8Q$;1|e z?wT@yAkbu?4JwW>b{hdX)HC0t=B$zWNcPnIK!+J!>U$KE|8BK2RV~c$U}_@K13_GT zbYruRFo<$I>rTY#E|-j5++?Oblle7DbSqPd1!Gmz6{`QYnjL9v`hVPL>Lsg^L z2N@~Cbf=&7N8Kexx|#>xIToKW?V9!^6W#)YQ}*RTO7S>hOvUAcIuXrfQ-_ zMr3tXR(yRxKf)y7{7_^0?)(`n(I0=mV#VR2_1+YgFB7VXRj7?*utmw<*;D#?*jeYaAOr@&&X#Ifj+V9!X+U50$H1Lh5CR7rDlw*`GUQM{sRBDIJa2zzM8 zd|MP_XJbv%Q}8`(a@X>t_H-Fx&gJ{c!ndR1QT}zIhq)$2PU3*|o&Xh4ZaFA`8&p67 z$?9z3O0O;W83bSyzBRAsP4vEhFyovY_s$-x?z83Gm=k3NKLeZM8{-J;!Fs4;y5v>#IUvN;5mmC+5SFoyun zmuC0ZCu@DxCnKl3*-Gag$H~Q0HKU3ZYPa(7CUg@{REc*}HiQcua+Wh+a#>4NC)zw+ z>!y@zOk^cv_xAToOV#)#Ug#v{1C|%oqDVq_tICabZ6YNx)x33wNSs4)G?^qh>bb6AOFbtqa zT?6uIBg>Ik>*8aV>*H}dDq2~1cL&f}1%y@gNNS{2v_QNAei+7Dp-?B|WHA>bqYyRF zu15++_k5fnkz0zPg!Ak-}qMExDXkE^_tjs-?g{M(TTcV<<*WBF#u9;E-G_4TxUB- zr+(t?5mE(vv6*U{FyM##{=bj_(IVV60ffsutEpt4Bda1^5ty7N13>T`m*|Pd6@60k zozQWU{p!-6_f0j>!kGvvm;QiRpr0sTy`oIL$pHf8V_{L&B0o%~S4x_zKL#4g+4DUf zA2&7=Pvh(lI&r-oX`d4y#RjI`T^;2F!kxX@Xm&Z2l1`>4my?sLSqH}UB>xbd(#E}7 z?LVK}e>SYLDK(pL++MIL?K>590kjWIer7au+I;u>39m$kg;DF?xgnH$_m%DES@uQV zKJ^`yF#z9D8N-wxEKunGIqQus!k|-jB*B8}btnLYC z@#QQ`tr`-RN8ZO4l4c$|wj>i;w@2>adykbSti`7(GCU4rtFQ_uA$5FZPIWJOhTXNc``&1lkjr!HW-#;!AxNhWp zW)olCP~1k>1z@M{C}h>a`m-bZTJiA)d=pzH>uYFhaNb6`=KSc-eP2*6JtloO%@b=g zOX;>DDMsFb-(1}%=DMjtw=G@s+TuXtDw$sP7YYUXn`gD_lwI^VzT944e=f`7G=*WcogK8&u>pb8 z>kLtix=+X*Jj=6e~jh`&f9vikAnDM=%2fn%E|<*(33!E|{s#;wxB9bmJL||=DH(BdGeclfhfPejGkoMoW^3TZnXI;1r5)q>Nj0EZ zwC9ZW(Igau!HQxRpWrTA%RGqO6Juy_n!>MslA)zTGk~rOC8VkqgWcix=(H8)rR}b~1anZVdNG7Vw{BN-E=1%M0 zaK2=8@{!4Sa+O16+wQ+Hb_O3%42=|DP~+M(28)u9pDuoiQ=;A;CI2|WtI%ZhpXl*@?e%DzC#iq)La zBxFg$4eWS$0Mt)u+wnn-;9~D?@~fdBw5KBpc@wZB*ab`mY5})Fos6acG;%44a>%b{ zXYccIai{Yg1;^n)?ja>fx52f^ND5b1S6m*q_uiMYradz{m1G&Iu$^t4Z#T zY18@2HP*d=&x(JmKlQ9;CyA5z_gqz-(4TC0*`Dp1yy2oPEEF3~k+^e$5A?a3yCnU( z7ArWw>8c7P@1^NzM=#Ua$w01jJ6vtWu}pWSBPEb7Y2j_#_92-bu zr=o7_rWpF$dEaY>Dv*ZWjYe#IPz&X{<{mFCTgcz+=6vBIwL#vgh7cmAL1xJSZC%W? zN0lCIQLL-JR4lR=TB+ZasNL9dyD7h!Qam*PPxG0;pUe(b1StF1syj73%J1=8)n8t{ zr#T_y!IHi=z=8^9EEWkGi{nmA=^%X7A)kRlT1co^CX~~0(XSHf5mq@m)Q#o*p8$dmH$1!nz(WCc_nLyWR}4=CW;R=DhmXF;S%Wsq6@^c)`(sAgIb96%`c) z0YnS?6#XMPv=YOm8!IaU;&PdgVCRy3p=+SclZ<^rrBroyPm$VerW_xi(?P^zIDvT|?Hf`*q@>qfgp`TB*Hi~KH=F>vo|%#I@Yl0RvB zd^!Mn?u&sC;SR!j@#1g790&m4-oof+s%AjDSe@N9-OG|x@|X0CaQqo%WI3mBFBqpH^?nf~jf8pxl0UnzpCa z*4Y88%Z`1`@tB>sfZg@6>f8C~!>5Ue#T1Q=1qFmr%Udo9aLGXdE)FSNi6CQ7uA4^o zpl?m3A#+DKRy_nO$kF1efL>XsQKaU*O1q26IoIdt;#|c4x#WRNIX19p!13o<9j$dp zVxH*rF9aq30Rc$(tJ#?Aj4pDaz}%433_abKikp5`R#v;}^6%T`*4>*?tf*sk+B{gJ z@YtgZz!}u+ax<6EVx?NM@m!}m*-{0-EXKUk4`$=wAYE0-;8R&s?P`{evJ^+Gromj* z6;Yk#Y!6v2P^0aln+im5`3H4$av>NcE0s*^tISt8j|n6YeRzOV52cRe?H#1(YpRS5 z#}}~Wk;&Ez#C94Qe>dkgH?uAVXW~O6>xi(S(?v5xJP_G*QN}Atj5>@>Ug8v~6S#(gRC7 zNOi5sLx)Zu^<>v#q&D07S=fglK3Ts)Z{VIc?w-jOBn9Aj0U+MvK2DOB(2eK-JEz(m zcH7{Xr>5CFp(i9VG82C{K;mFsq22DJ7I;pr)1&I(ceHXWGZi#%k3|gLOy0<*hAZKY z5tj~7cF}1gv}k;+`e@zdvzzyqN&Mx%(a3{`DRtv~oISDMhyV z;FZY3^sj#>LYL<){}g`Bm&av(Rd+aL&1pN83k9ke6J=TrwT`*M{)NuQ?i!U2!yX={ z(D!pSmLZbZlLfMQ)G8%o!02Py!QsP$rM9%WT64p4>Pet>|Aols=H_Pn>qq#3{{DU| zy`!Telc5=_>wbgh#cwNW+|FWf3FQeMh zbMn_tKacgh1T2A5NN5sH?;oal@<5A|zu)eY>ltA(ZCy90ofY3%drNAu&37TH{E zCL;u35_dc>kikZg{aWAphxO!^=b{+6(*sx1D zjDye&j8?Q(+ZLxtPWoiOs4GnkWCv_!ZjV}y14(1<0ser3b|X)krZwg+8vU6i&iI?rf4e@lx7WF zSZYhToiPk(`H~i4eV1{F+uY3eBMUqX!VZHBBleKfC>K9NLh= zS(Zbk8|y)sBuwDeTJ{#2a@4eOBR8|>nYP}fD6aWF?q0fkdM?s}FL zsXQcdbJ20IexR7kU}jW!o7h2>Skm?KAj-|d_R+9Jc`$QnZ-W9++LJu1BQ07)dhN~< zn7pCcd@=S;o^I1x+B!&}PKTFrAgaz%9FaK z&c$|1NVbGik{?dOnil#yAo+_~0id)+GL*?!DqO_@sjn^S{-NB!<<}<1-oY{5D)(84 z7I!?}mPXs`P8b)Nl+86eNK;+wU-IldYKu4f9F|B*{HkK4vD+%{PC#S_JueR=0pmbM zD&~gC0v%6WR+qOoi4`BpQ*(2B6!jyp##%XRzE2MY%~a@70%?`Uc82ROa_;=`?szg9 zzu>5R!Q~Wal?E@~p6Y|zj8}L2vwQ@XeQr`D)APh*3R0L&Qxo*zf5V8K4v1vt%Ebq@ zp8>8-e?sYS^pMuUCE(?UkFT=unT6m#fD}=z6$3$$$dPueI z$r?Csay)GV{kkk^zt~FT_65bJFfGW8PW5}ry0zl4f+lRMFZA`6SMF$oHn6U0A#Bd+MNue_TQ!G#ld0DgF}idz2his2e3YW_wWYD1G?PxgcE6r9&D9!@avb1b%#YB@F?W?*i;DpbdWi?P0S!Z%1#sz zROB!|ZFdXM%*DqNZjC?2{4Q;TzU)eYk%RIt@sPzO1L$4;_-^LlTAzct9)a2tS%My+ zkc?;wT>v?qUIb?#yZbl~a!U|bF&_|o)o(({d!hZlQPHD$Rsyy0wd_kT+C3Nq_tNh8oyoyyO${h(mq)TXyEx;j zH>iTa;=M5c3aS6Tj{#0egov2&lgX%-%*jdcafa=MuPk;Vj@n3FK@*YcpM0AC0VNUt z%xdQ7QgptHQVi8cWrj^D?mnE02-ZheKcU=6{%Za+XQfjo$=M#_O3`32? zsu4TbrOe0hE0oUSb%h4009DM(RMxIETvZnqPA7kC&($P^aOn@`R!8Kvu6TRn-xEFR z?TB4CH!yG$MfQ;#-7K*@`!&H#~~Fvo{H+9>@6%J?{- z3QHfI`t-@j@;GS{r{#jgn89D`4f<{xCUNZtX^so5nU>_#rm>o?iv&IRkv^$4Xs7fp zRz?WI_Rd8}Zhmr2V>BCPd2yMj92#408L?=^Ge6jnmKS-*1J`)%GYB zlp@@W9v=-ZCj@Q(ce^3)%Xzp9Gaekfy0jNpBRG8HaJs-vXw zCkQJ9sBBnFuBE&RYPEbqrPk)S^R08(JSE?|5lU7zq|zy%EnBW8onlMUMQl)(_6^xoz4U_(AMIp@gFl_kQt`h4CLUfxzOl1>#7kN zvwPdsC9G4eSJ;C=}=Aw@YN)Rmf)j?h-dSSjD9<)MwwBE{uE{7ES*E6S0 z6pLC2wa9v#U1^s0>06U+YFtRo$x=Let3_>-oZ2`kL2+YDMoj3m<{`v9kBKNHvRJ=4*$onpiRG_s7CqtnT{B zHu_@-;~N_O=W&V=aN&el_^w=Hs1_$(nUIo{l4W1c#Y3`a#WFfL(~*&Kin&fIOu28l zCo8uX5;u1>0=c9^73!>~`XNcK&eUYLXW0M~Og)U8837r0Bv3G*59iW&HC>;{d||Um zEuxRCNJ~q-=*SeTil7E1{rUp*nD{oxvjnM5r74#WK{nqRKF{pXSD^>FSRzT1hztA} zsAb|ci#e6!xa)fGy_^wAlmFnu?RxWjfbte{h&ZAv*8@JGrxYPW-_#sPMJz+Ed1Zsq z^v+=Ed!#CMExX9RdeRVstyPA?EbchvnOBPj8NfN8Br%8rD?4nE3Uk-`Vdw&fsJV;( ze}db_8`$IuT_p;|oYsms@fZJs3QST0R}xbzy`K!&RVk$op^_a7_dgX3mD01x)vPo- z=%;>aYipZb`HByW(7P@bsCitGyVzwg@5Ae8zus5QO1jq+=i-8B7bmt&ZU&Lm1bp&x-C6ERHY@)c4%ph{uc zrf~s<*NHscpV=kG2jr@1$K+!Nuk~xsL|*OMnB~Wtz!TefSA>LY)DO;t3kyZwp2SgN zfD%0|ltK1Y-)fWXc+O916G`60fODPUb9deli?v<6Q_!UF^i!|C6J15tD*wFd$=451 zceG`*gp!^g4IESi(!i}|1;jrk5D<}sJg{HrJK402dX=S8!rgZqhiB^!>yTeTaW@al z_vV*+js~RzKb&Xz?a1g6(l5(q54n<(ozUo&rq0;qn+7sl01_{N-HTYi>7`=YqMAjN zrPfQk_Q;&wuZH400>JBc0{j;jq68a5z@IZV_MYkmJUl$LQi)M!-^Z_iNhH2x{ISf) zQXrJ?y=U=dUHhmAU$+1Ixvr5>{?U)%DBS(QFF7j*DMYu<16>%x_?%n39*$$N82gST z24iEWCZfeWy88vM%>gx}a*hEc9hXo1&e@rjYwO#y!?`-?5d);((wYxn;i^ZerkvtX zv_7A95+E1_`_W2l8g2qprcbDJ&;yh>r_heP@^tMAgN5LFcXcI5hUYQB`)@>zHO*9{ zXt^K8X@ZKI>@L@x)}-FbYU4Dys?}!l| zoW%p39zL9SJh|8?SLNe-Pc26TyIjQXJ#OtwweAitN3OgKlgNz<$%9}Ksx=qUv0{u2 z)5=?`_X?s;4e>v&ep1g)O^cqyNqIB(&$0YBr!FIK7`LZZPCNVKgK=bndCp%?2N50Y z=^0^D#_epZcEOTn;=79|_9gj#`b|o?Cxu^k7GTi|y-FmY3U0c-!c=a^^bNn@)Ul_1 z_t{5-CCleCpD4R>1y;*MEul{?+acG^9sI~2$!LX%$}NgAaCRrK&K>^#vh@0X+qgW$^^C|gL@17wn!&$KwJ~mReS72X0}aJOK{Rt4bx%<% zl#Q}o?13g7tacEV-@R=((9nqgdT$Lp%DXNj$_uEH5Ch=3yQ)3+d`)}f7M^$8F;gyw z^X%RQ^gXc41$0f8;Mn&69uo~Z&2JHgj?)(m19+6+9 zK1?W{f^ak4EdnHIM6ui5GzqnZ5JHSZxbyplPuDT((r=a*WIB6^|2x#j_QTQZH5G`+ z=Xi0F|0)ChxnIEXytE-(=9Zz;NPOo!Rie_|ZU2x;72IgQPfx8;;uL<- zq{6r|EU4TjMu&TQ`Nv}HaTJc=K@peL2DVNH1dGLbS_o^c)BhQ<)RclC%s-J|9pqn# z3rUd$Dd*plOFs05otb;vSJUE#zJQ~R@Vj+N7%khsLN^y8l=Em0L#hg8<~pLHTgI2{ zu!_k>sQTh1D>dh{$D<+_S=udiF-ywQ*LA#?U>1~(e18J8g}w&rvl zK{|_)0V^iq3Qqmoh|Pr8p_$fb$`S@3^ECC@CV%5m6OUJhLE;ALs`_LBdf_+zS59(@4>O!M$MV|u zi&#Rl&x6Ne+Qni5PBW7Nuyy^&^T z!7VEJvqW{uxRRd*-ah~=;C=gzot#JeWf=LPPN=9#>6O^{Jss-#d)hNyPoBQ9@}qM_ zM>Xm-8`6u5i&J^YpUr#g22kHQ;buD;KJlgSLC9gTD~;OT#J7~Uhp*AfO1lt~7IoS2 z!wP^ZF3UNm>%i-2Nsb1GaEu{4TV4TvTKRnxc>_z_ALN%k^NZ-*!7Xvs;Js4 z3b4f$Ek1qo8hY{VuX5dge0@Iu(ixjj6^~c^2Io||k=oknbo^!_2!CGGu?=vqV%Q@Y z&1{hQSgY<=32QCiyeAmsEJcO1|Lj64_!Q9w*2$bq)NuIPi}ba2WqZ~{m0@unZ*81!K#4KM3I^=S1D&q2J(Na)> z1mpKu#p+L{v74m*8M9E?xg&kXt8hZq5U55GVZwS133|^9@@26RhQ$SX;=K`{ynxrx zd)bNIm2&=)Hul!x*P40VgNy^ITA%nXl1-b5w>qU?n>?QM)p{fpFh%eiNpR+{H@dl zswe#N0TuE~zh(O=!_N5(h{lSBmCu_Oj21K~UM)>k zI5|_@Pd?S%8?0-wB?QzjA#qE=jI$RB$zzX{M5!gob%pv}m~{meqhK@;(y=SA9COSGU~C!W zJUl<>oqU}0x{jFRA&>YIDQ2&r#b&__z}1dwZ92GHV&+0So*uQL)n)-17>&F1=)v+G z!}BcuLL|rSCE<;g4^C?1td*UxAV;6`NA6m{&Lnk_xoI!u>VJ9EV(HD? z@kr#~u1O$t;56S5MRQ?xBn8~SQWf!PYi42Bt&cQ;(5>=BemPyn|!k$eOX@ z-XT7f#lVsLUX=U`m&YOs#8St1g8od5h`15VSe=8n%c!obPI95Zu;jhmES5ufofHU& zjGTO;NZ)q9Yn}5?;8B+IVJ!g%0~1vcn4rms=z976xY#Ab1KMcL9Pc2#sIOl#eZfjk zKe89tl{AQD{}1gb;DY9-WZ^O)qDK_#4F`p_*T_vl&xOV<4df~lC&Veq>V5RvJFkQ4 z{IPj?I{oXZx7z#jsh<#i^&kcmkZai2sI(i)RcS2cWP?6SgMns($pTV^b2$MPUSxKz zy1|PdAQ@OewRN-kDzkw^rVbRqG>)l52GTjQ-rguSa!nHndPEnjc=^@acGX9-u=SZN z;el-O5!qP9JgHekV-h*ppqdp)d+@0bQ0&=QQxCoNa9dU75h;FtsT3IYzd`I@0nIPd z?<6|6eMCE~*VDPdat4g$8UogFGEUMQ1K@J=ScwWS*@Fds5l-Z5jN?{(j2xoQRHfiE zD!wJIq?=olQx={3EU(kB@>kD)f41G_h$PQs#oLVB#PXCPcCOVO%k^;%(GLXySUi>) za_a7J;v!VP{%+S8C1%Op>YybltBnO5YbPZuR{}_}_>K-G)7npSsup?41gTrH_|SwV z-xG^j%MbWxVh&X$qZk6Z!gnG%tI++lyYt%w_#OjZ1jR|=rVn)~^%OF<2OA+8S?IY3 z0Dp7Vt^6Kd(67S$EXdNLVf1Jm2y=1I==Gj;xGly{d#h?Ygu1xAchl+b;l(@}Lo}i} zLK`x8T1ne&DTihIZ}jyK2oU&6l$=`)g^DQFts{OGq^#v~e-I#}hlaGUCV+~sIWX3!*#YC94+q3S zbTAx{Ejr&wWY{eP>d0{U`xxz zm&i_J9I6gdvf@`}u)k%ezu!K)JQkEN^M&s4miM+s6Z?SuXB008C1^ zb77#SV+ORDGD2 zl!LoReGrRYT&-U2#3cM2uzIm!ol5OkUq|xPj&K%bY9f?&NrIQ5)gP$}Plc3whh%Di z(cAEoIipQV>m?q7)K}d@%C?-ivW8oH1tU)_lyrK-xpeM)3oj7i6iF-B-CmXPq9kgf zM^vnHzU6^WR*vw^t48@Cw59}f1cd9}T=KPXA2VjOqKN}S7HF|QGv^O15`MyN*7{5o zh(og-61Z5SGfMdPE{cCD2LK65w2UgB7XNbt+DE=cVF{d}Ebq${dXp?Pa%bZt^-9le z7ajH9aIC`Si+ktIX>Iue8I2OsEvM6K#(48rKI_h0APg%-lQ3@K;F#R!{G)7$)??X% zwJz3=b~UUi*uRn0o#B60mx8LZrKZdjiTP^QMxP6fYQgSJ%D3a#Kls4*_6~W@qGvVO zF#!xUgZMB5*m)2yP^mDmlDdrLaPE81p^URgsYl3C8SLC(iNp^ETRJ#hQTid4i+1lc7hvSPzqT)~6^ z&LeuwCZ+8gcQ}vjP0h#?ofW~2tniaige|1g&W#F$;o{k1lWTo?5JiDU!>?nK4uf~Dzr_7f2yY&1}RfhF{@M_5%pafYQ4AJ?{O zA=<&+zGok$skir4SV9%$w82^l9uI=BClQlTAz>_y5qQsa!{bGY74=W~>%4-P6!Nnz z&973t5ZGo#{A_hO5n+lV;@voLMZSshSQQn8&|%ViXAsU5g&?o3e;|FNM4=1J)-}k| zapXMl{C=p>8JXY%3xj1?Y>UTETu*MmJ}hFNN{+Bf_vD-Oyy;SC!IIJ@!!ENybiuk< zR)% zH=noO@21~KoBhc4r(jOuzoNwDGN@Ib7_TNoko~)0W6C5LeLVlwf0WhT#es-q z-QU;s)c2iR5gP~2A;j+zBjNc9Cy5lDO{23tsfPL>b3*cGzD#6=l2nOWly7xKyCOiJ z*SIY=2~*PHGxsE**Fv=7!z~L{ zY%=7dWLO9<{BRQI`$ufqvs`9i72lHE0lq2KH4UWv9jBaJ(GXVxR8+y^NCL?g*W+Bo zEN{UF_*b>(v1hb=m4nRZ*x0|7mH(6;ehK!weCNHb*e7-pSv`C5{Yg#x_=|wWD;|FQL!VR3Fr z*Ki<>2MZe9rLo{{3GVLh5Zv9JKnOGvf(3VXcL)$%g1fsre0S!|nVIvvAHSfvuBO@d z-n&+V*>!3(}0D-PASuVzyUhs z=%)SiWWUMi^3>*|*kt4)`{5i;cM$P=(g2(B_u^c2Fh;|(UAu}QAWu>O7P8~W`+pit zzEPa2_`*ZHy*=N68I&NN7u&LgfvA1*V+oo@ohyD%g-FFG2d{f49I+#`a6YLax*qf9 z@IHRolKykW8+`iY{+_nqb#nln`=8TSFlYmE`BNWE?jKt7L8?VCExquagYX5TWLK@> z((f=M^33Pk1YqH0G$CN#n?DgqQjAd5vnehya3>V?gDmPM5TLmPhlTlYK5+$#3l~MJOm%Uy>j^|>GB^R zY6fllBpN@GFs{)aabp#~>60r={Y{GnjHHsBAUvKvIq%OmzK-^Cqkno&Zn}Y_=jrov zJw&R5*Y#N89ELf*2Ycz~9?HDdqI)7Pfww?) z*ap}Cb7KcMza0~hlpWRejZ%@iKA4r~+)~${OxnZK6zbf;=sU=AKk5GBVtQBEF*o;3 ztKKsI`}|2e{Y-+UR_Et$PA;TrTn-=9L!tlYeFIuZU*%7=ti>n_lTboi^&8%qi2yv& z66=OgiW2c215*aQRIBIcDnyG(^S#TXl8$Gy!aUXm+al~Z<2$|F&uJ8iEmVE*>fEqk zII?(K=tD8yx@I_=`@yijaE3)Dz8v_T(0TB$WVq+-ry&dlAy=bU%W$Ti&e)PiLqB6iS6or4Gh?{@5kvy7^Ux{0O z%I5!PQe}V$+REu|VZU>M62pY60Whk~L$+7xGffB?f_ZqJ?zdqunm_!&ZoEwZfYjcc z<~`-MY~R<*?`f-R(g6MDgAblhSF?M7o9zEZsZda*RAhwuu1b+gUIldrkeH9$zyLsi zfAls*oSm3XlMPz588x-*dj{=cHAfLukwPqFM&EuWa~+754m=h2(rmc-r#rm+H%*CW z0@Y4!GmAJ(zn;b5-1eutU~CI!9>ugI4!zSn>SE$A5gTyDFE~Ob$C2LQlxPe%(+hn5 zxMM^qEWk_PRHVHeP)GcQ3Oi4Y(Z=rVj9dt9;0x%_*}m9$Dv>$*)+f80eU?GF4ZpZ=^vpo zO|0A4-j+j0Uz5@RtQ3^a2mTW?fp0b$0H*IMksvgBK94!*hb8K?b6V%}7y$^82JazOAr|_Vu>uZW=A&zbDM@Y(2#W*p1PEf~;U)|Uuw;(OUka~eo_09;n*8@a! z-OKevX`a(^9x|9zo_UDVGu+zjCY#5aDb}6V>yy3vG)#JLAX8g<0Y9GX>rBi#;ovu&qsN}PmyWzgSaon4r zEYhgV`afMCju}F6C7#kmS_f0fU&9f<7Umq&TJnram|Gx0!^8?nbseXo<*I>A(e!ni zjO`6g&k9Q2eF>e}(~Z_ye2=kjAZbeRGRuwgzM&3sx*^I%2+3@&`$)6%2<0Aeb`DX^ ztq`%zf;utiQ5Bb*m1QO|pl~-n+}^$G(6HxW9qm+=lUxs%5~;*pXFw`-WF;v~hK)w^ z3iO-Z@iFX#j`iyDJPRf&Q2`kHNMNy{;sHlqA3dql`d&>7NVSoe)Y&|RLB|l~0u}gi zzy^2s@$Lfid^6(bRD7J$v!9rb4uPncXiCj!Id5XmU}xuP_Iop*>*2jOkEr>0imkCx8xhmwyf=4d_CDyMxh_LbqzCv22&fbtd>DgYgFByraO99OYKE z(puqIMWc${GJ|pKlNzHxlImX5kl*=r&$qxqQeDrrO-7M7GSWwin>oyc@6M|GxE2^v z$bUXsqM;LfJD{%c{+kYI$7}{pN`t}yj~tte3k}fIkw&+H9W0EJ7DYK@UFo1JtMBFL zNJGJ$iyho(97AFt3Gz*0kMHX0%8C6g=@?@#v9-0OEY0g`oxf|*eKoeUl*Z$F9H({R zt$H(?BDfdiaAIa5H(Xm~KUJdF%2SDCGnx0R&}!Q1-9C9e-o?WpN~5c*rXR%IvLrS2 z^XT*OVq?5vj;*cj<=U;h#qV&%%W`|fHm?(+=>kpG?x)pP|BiP9s36zlWoh$K{n$LE z8Vhu=UWtWoGWPag*|~u*z&|S0jz$cJq+HomZF~MQnF9>MoyC1QO`FPwClK9#CIPKD z@fEi?!zeK^RHiVN=IfA?!tt4XDrKU_z60!&M60(Izvrqm7*dila2X&zv`o$s~ybejm7JTxBQ&9zrRMAvnJV=v@S`O(NdZrAut8(p{*N zr!C9(6Rcd|v%e#?-x;yFcbX<1B=vb{Wt1UGSG-mpwAOg32bgIeI3->MFqT>hHxaHx z05CLva?D?(QTVpjVlGZ9kv@0W?4;cb;%)T~n~vo>EHa)_>-{qjIa0JP_{xo$_j!%Q z#$%2a3Ou9nE^k6h@Xa@2i*Ik;@7+di?@!vFAjz>py*}Orro}TV&8~!m%BZN>4<|mP zG{3CRPfs&#nOc(Px*Z7q%|U7K2js6yFH9eBLOf0d{^mq9prNAP=2p?=a_}$Iwbl)+ zUz^K(D~PiEc|zx63RBoIGn0rXFqs@fBw)gFRBayEBMZ?2B1;YHakjk0evh5Z2LN-B zUX{Dbf-C>-q5ShmW9dLOoRf&A!h}EgF>m%9w-|az?t=Y~A0^Xge~BYtVkA9rwiZL` zlEk=}5@YMI@OtLA2*XF`Ha@f@kE={|i#fh(A&!%XD8kY)RowqcH+OQGGLFm8%8#V9 z69fLBI)uBNRMO+M<3Og{_+1FK>uv5$jfSDNmD+}7QDxKwZSf$}fxq$T$8o}UlIj5*Bke8GF&Yo0F zYYS9`DA6+)Go6yk9A}E^ahP;6Y2&FUz;OxRAcOHP21k8g3)oJvWI5b-rdL#zDQlpCl>X>!f#+c@vqWANPV# z`@aYG%H=zHo^MvB{;IPvGJ;-eby8o?I%Yfl&3u3QbhCTB#H&)H!K_tbA91OvR4+{Q z@5HVoqJ!{kBW-sVm)3-nQ~jJ)Z#bn(yyUNQsP*-?@|aT_c8_gM2zV3mDd&;ru*g89%56faJwKO1!tq@a0k5|NM^C;?aE)p9L?9- zg!s?bggmi!=hffDo?Wm4a$18r->vBQ&1t$`55L==&IW4t{TqUr3B@xs4|_jl()c9N za~vPczz*l3?X%;kE2Ei!#^P=hm|lRmok5qByLcZgDlAvIP8=(je#^j+EI7JYp)~iH zu_Ki+DgS&^IFT2-e}RVo>G9>ugpf%LAyTF^4wF=u5<8sBcgQ)Dz)Cd0FVhKl$?hes zBuZuo`uZ&s-13Nuh)9GjHTb42dL`dU&aZ%b@{Nu%5D8@;%+RA^akwz;AF zVd2f+H+L*G(74f>_gTAB{w0Vo_wC>O*#IrknE?-x{tb-uxy_vpY}nwNg&A<%EI$O){YlDOz!dc(|om8{ZCSQ8QltZgao>z zCIzFtlXk@VU*$3}rZ{6PT`-rIdn9ple7=w2YEPAM%P*_scsI{sR7YEBWTH{vtSL0o z&0ombx2{086^FDY=3k#j7lJn8JI!RC#$-k5Smx-d^@j z@L>Q!jh;lWfy7j}h+v><#V;GcMaqWq@`VzuJZWk&zicZro==S9N1unvTclRxQt93D ztvPKLg@6W*T&UM8Dgrn3Dk#|NrgCto1ew~Lb^uoW+8qWCRA~%asJBBBJ{o1aPP^Fz zWZRzTpN`a1*bl^&{6ej5jsT>A&SrMlETwJoZ~mI39A2l*2s1bFhAv6n&_L&3xFf(@ zPRJLVLSA{1Lx$BdgF4qkNRB<3!zQKdlWS?sC7bOqyl!|os<*VdngSB`W0ef&Re+EF zbb_Xma5Z)*JuN}c|5g%6;3))?R5c1@R3TNDW;N1M768VpC$4!N5GWzUw9lb1fB=*} zOp&1ns%Mdn#yzo+ANpD8q-0&CT5o!Gn^bdaI(@G0gFuKsgCDGf@7~m42i8CxMN5}p zLp+Sr0bzqBw|2r^QF;#XLB0UfX0n8!AtXbq3bfom9ML99z&RFp?6=zrd8x6Ln3y?r z|LVmKtD{6+jVaU->WX~6tuF5YsF1G%*Z~nq4)P3@4X06~Z=hvt`$vjSV!Sf03Asc* z&6MUZdEH>J#!Ze8E^L*|m45%;tn>_UAe0&L-$0~!D%7?31x<@O>BinSY2)ktN}+ZI zWo2b-UL$-)7hleZ+w90BOchO(*8~*1|_HQA<0T<}CHT28XHF8UxXQ)WKIhIDE*RY^}G4M3F zpt$xTaQw6Yof25(T~wniuVEKRRU@>7dsa#}n~$-5t*<@)lp(*ft4WD{j zNAYzGQQhykXkYVG#yUVxcz5uh zR$p#+lLs3ao^KXT7JlfBWLt|rqcR#+E7g|%u%w^Fm|x!ZoEVCNFFf57>EdYQHu_D_ zo9QI))Ax63kLkZs?}8*>0KZc~tvW}n=|W}o$UVOdU)%MVp~|1YR|R5V3o$+hId^*7 zL^T{Czo!Tz$DCXSN62qcRk?_wn=1_=e;s-oV`JllryoHpc`w%|%Gda8780X%mc@tq zP443&6?mA=k$T5-X$?AQ8gEL>MAvx{d8g#=kMSj)eJ=WtU7R-m4Jd%6)M<3peV1+h zO)2jsL&@rI?j)cD!(B=%Dx;=V>8MJ;dgOAf%H@0N9v8k>t2?R2?82AooxMRs&(6^( z-yeC%`^g5lY!$?WND~*VmJo4X)graY=*Oe_l?foT{lDoVA+*&Q{+Hxy^)$%F1X1x5 zUc&j;0;qsMS(02QYM=vn$s_d%^}ZNjs`1ZM%905^nis~hD=3;sb!1uNO%(T+sQWfd z6~RpE(K*x|^XS+)*shhyD{KcrA_(vn@GZ+D(J@g@o;Q-&4N8-s=0dda7}jS~wt^_$ zrxxziuI#u0!r1_of***WswAQ46n4w~%ae#CHa|#Y_s(KtwPkNr?!@XLc>iEWoV@3J zmny6A5c!w2UCZJlkZdPUwN7PIM-yG3B+zOn{?YL|)$pfKGU=cC5wx6`N;Uh~nBtq> z9y?$6NnY@UFN|ohz5KG%DTD7!d%oR{DFMr;B5F6I_$4zo7A+T<*D)_qrYA~r?xnt{ z5h$?B_~DLcn==)@Yi?@08Ns#ObH`3SZ&|3Z$#-T3@HCJ2Zf2FB<0bC???Tq2`Nofq z@CkGpu{?fjZ%w~>HhSk< z`+ZJH88lmB0iAEzt0#P#EBe#TBzluJ-wmE<0uBf;#avWVsM5&7?|Yd{B*?+lab|9E zQhe|Y{d2To6kIi_OVBPa@D${*G;nA0n6mnqM=-3uF z;JjHuO4W};r6JqTxzRIt`gold0OdWr{>NG8vC)jLL;)Mm=ep9NBm^;94osto8^q{1nk4riOB4_#**7k@R}sC?L!@*zvZjE zU=}*v`TB)cHxaBFDe&|tZK|KPH*v+ip414mP05dshu&;QKR-z@5D~JQl~7c*Q7;-V z)LZ6q<-ii~7lkWDVbT^k4`nHFhwyojnakFxhGZXRQMRL(pY|7OUSRhG8p@%@hZF;m zQMTT8DQ@tVSYKaI>-^v(u0xBlB*og=apT_Q-fKy#QRAMEj`we3RtN>d0Pg$~r!6>J z2vU^!Cu#r;S;q%>jo|6toeaOSZpBI^Q=lygi-50UW#U8CZ+Ej1&CDp90qrM%5mp)# zd*s3YU&+r7M|cX#Z-YPw#eTz^U@eJ_>LPtdve#)pXyGwQpz&mjsx*+Il&X2BX#n!p z<2Xe|4~!yVR-aN6PNE^^yZOIbeMq{ z;}oqdJ)>>=TP|_srZJzToXz+Qe6DP7oU8L1cG*`%G!vnYK={QLOC4}(lE-M2vlu+t zG;{}*?DrISrD^8M4(E-~t9`N}#cWuc`37NljO<)T*BKMV;{2o}N!}~DN~2zj>%}{j zDid0lO2(5t%fp~0t=b6Vcb7BxY>u}IJnpOhbv()s^sou>)lo=TfU#WNb9D${hE9Pa zy#VBD(hKax>f@aH_`RvqMYEZOlV;&Be(#>o1w1z^92e!C{PMa&kmw##4aMi=`}`#K z9kyTr`PY;7OaAV`H*`eWa*w`+y3$+cQ*{K@O{ldbSFJaKv8k?e2@sfafF)3FLWJka z+Kh@E4NN^=Zp{vtoYPeQ4ouNlZkNnOk|Z3=v8&3R-_`i72sBE}`*K=VMUbfK-c{Sv zsa5Zcvi{A&Y+?uCbJ|4_i{Q2udw6+8v}4E+E;!MleEy44QFsrZERc&ur)5Qq`>oRe zJ!{HzDDfM@ulq26ZG0d)G4jPO+$!Esb>+IdJwK2w)vDkxFTVh+p%+Blq?S=Jv0_ zRtmKu!u~iYq;r@%zD$`s5w*P(ycb1vbgBzq5Nl-C{rnXbfvxmdVwAd>ey4kHYZvl? zJUR>9h7DR7d?qH|+y#ws!(*aB|M>A^P-aM7LK`xOk_!bTPD`^3v8Ve*M7@V-q@x$8 zD<}Si;A^6K(v1f`4vzT2%(Ezeb2~|6+@K4Cc5PyhZx{+*QmJ{rlB?!YwVR;N<=IPt z<)qo>)|PCGH&6Xe74r9&AAPbDdI6;(KjY37;_!>B;!_QiRJfVr4<)LSArI?YYolrW z(uXL;vh;C2=EF4i8t_tc+zHAK#KbA>_UM(#s&ZeyDmo@+WxwgtZS-Gx5w=6l0jviG zMSG5$_Aj?~G9pd4i3_8Kw^_R*m#nsW$QDGAu59ZaTN`bFc^wuv7k=Je6hgE6l2X-T z^8~8=pg<7PYaBZ}JB*#*-9L-3{)m@bGMTsC?tcR7{|IcMvl&X_Oy>;fkC8M@C{|&% zWc{@Lg=$^1ti^GQB^rxY*a%FwhiqaOTB^lbf$knTIg&!Dyp_N0{CSr+W@#ms=GU5(iE zT*+*{-wQvy`1bz=KOWGMDR#V%{!EjSUIo`XKHrXU;R1!8DKq)Ert*K~ zF3g=|s%NJvLIz{ffPM!>mBUFH!1Tm@LCS7Kw-QqC&0YANUW(tBoAIU1;ajREAiXnH z`&AL`>rY#IT=-4yfYE!;KZT$iY|U*C1+}*wL1Q9dwcm+=m|~XZ!4*o78VhnTKnbV# zKXM|=v#?C;+FRRB0MayhU%NwTpvAELMpF1^btc~=oU!ZzJ4GqD;Bbch_K364dd{(D zy$u+6Kzy6^6F@Jz?ZzwY;p}!xErnAF4C-=&)x}$XFovF#DJ-i%uMdPgFldy{W27R} zX=T|jfkjYIkTN4d27T=_IG=_z_3*-qDKh;1%km$7cTweS*2wqva4E=pM9apB$?Es~ zo+fAsRSj3wOl=SXNmL>}p>}#b5ko^mDdIyV-klwo%W=4k-3*5Bx#s{IqcobNmlFaY z(Wyn}m(gX94pD~|pU1CY3B^d5*t{%_iX@FneD=y-J!6?l%Diuz8Myk!MYMfH@wm~E z>=Av~vX!FIgevqB;<@302`FtB!4>BYs(;?XG10g3V(%80&ObhFH&e4 znutgRE#eQ4289d?#sP=uPAsg9y*obzqUK<{#dqM1|Nes_nW^ybF`qxU z^l|0JQK@E1d?L#fgt}V|APMYnv5vey@qCh=NoD=5zGmb}$&9K6H-906^DVp3L`>xu zoRws$I=z(aPlcwyTCl5r^!qU%RcX}(GLJq39LJn8O!GLN0FVHIdb|*>kik#6+_61Z zGtx~QDSh$xnL<3lz{iNka3{O#-dztt;u-S0>%|cf2AheDuLIIB&P3TKBY=oND#Gif z-ox8WFfA?m^W6gz4y(m=f*jcZ6^!O;@Mt#8t$}YyL{l_f={!rmiU-6 z?H#u-lSD|#>j-rHDv`!}wmW_+DTE{xG<<`MHHtl-4?pSzN?j90FrHEhgL&gc>0}P*4G5 zbvC?)7zz-&U>=u*VO<@p(cP-*1eEIAlAR!ri;zR`Crn|aesfd)P$%j1&)6y5LiKZNPpw6kZ1X*a}+ zbH5pP`MuD>@eEh`Oi}%3v-rcSm_diO1ms7DrEFwBCPC_6)26|z7(!d!$TCN5Hp47- zPC+d8XR2V`%;_3#3gB&*7(l{&c(%drHF^xaBFup_Soyhj8l%|fi0K_$6q8X_vOlw1 zh7ipd3w2Y#!5v$=oYUf<7;__qOfn+E>gQ~BSz+$GIRC)D()P!}REmVMc*=x}VYDr44`h7y zx7FGHj#qAUy*9>VZM|j18e)cqq;Gs&(VQ(7@a}JpVDjbCF{9F%ov<^LyD@*5m1<@E z23#k;*V(Lf=))Nf|8|%#A$nPPxX5(NXtUZ&KAoVOoL*Gkde{FMA5}W39K;6GsnF`_ za{HA#n*+fXY$j^1fw}H`Hb-rg!e&HMeA1@>nkGB}_VLI!qH&{4qwP(eY}&AB(JotL z*KPt`A{5V;tZYWc3I8p?lvyk#=dItxQRBL+jB^bxDxwvAA3s08hxcZ|_*j7=+80#f zGXjZnW@aY`lb-OeMiZJ;Qoa6+Z5kO=7jK!XDb{O3GOZCLbd{cb zd~T%~O|{7r&$I z=wliF?>qe6kd}qJUWv$5?RT3zNl&F$7nU=ucx;7!pq~e{ucvSoi;|j+I6h-iIrfgR zbR;7Geyt-r5Z2;-|7KMo^5y&3f@G7V1DOIX{Nuf_jRh}nqtaz=3(wbt>__X=s}fd% z=;06&;@%x6kJ^BJQfLt&&H&D3Z~QX7)-FQUd{)EUG6Umm9#-6@_&OR_@U%;6+r#72 z>(!(cS4X&^O>It6ZtiyqGzXm`fqHt&iwsUb>sP{iUH0ZxKg(xu5tB!*&fFPtUF#~Qs?F82bE_qWq!|Nb3U3Ogob`iD!>>+ovp#b%K9+{=KhNK z6;RAqlw@_?sGVK$$I*8OvS~t?xCAk(iM0n+3$!rOd{dUK0Z%94Zseg zYl%rLe?%Eu!yd)w*|b6gTtGsCULJqpEWYf2D({YBYVTT-A5G&$T3%j0U3>A#*;8OH z^$Cj^t5&z;ay})Nke0@p6leXxbWU$H(#h}+ z{VJ+NyAOVov!YJY?)?4W56^7qt!_-qu2^CzOq8wv>D2eZc9xzx2Ha6qz%UX`3@1?rWh8H zlioPE43@L+Gpe&OO0AEUD(42a(qy>*8iK0!w; z_Ir$o60X#hM?T>XoZ;{!dty`shoIT0tVFHnHbRS zScj^DZ`wRwti`cTUd6<*?6{!jDwCQ71Xuc{&`U|o5_W$47aR$bd~Y3yk4x!`>cgRh ze)Jj2!uxyg6p=tZ>V1XXqB|Ha5NQhPRdpJ4#kMPY?wUx=mr?HS?jEXnJO{UY%+DVz z21k|mcXmSAOJyurMhYedqoi^Byq$O3rLb1J#ap53v$P2&$&eG1$Y=kbi!EGe4uj?` zrhTuf=1*VTgglt@kEWtYc{GF4pdt`d@%lInfioH`UNBU66(VoF-KX=4Lvat2+cx6%Dx~X0B)@|E+;!KKHmF%|HR2OIqQW$lI8k z2#Y(^d?Levle=y>)0HGlJCu0{Z1Q9{sMN^Egm*8?FFIo zWuMzXm$k;GKC|Iw=QU_;{f+7!QxlW->f?+$^q)Nx-bA4k+{0qBWecej*;9QqHe(eD zu(pJ5xp~`xU#?HP;~#75TqfR&Mru(>p&>lhJ-l*08k1V=8yHfi{+6H(Mlq5Q zEd)pBBL5F=K?`uCRLHs4hWk7&I^ak1(^ov{jwp_W zD=%^yD$n~>*+ZF_n@8O-pRablPO#Y%0|4LYG-p(2qt>ESgarWBQdl-e#2U?Gmw z2GOZD-4g28TMMvOP%su!*FyaJ?i-8}LKYXtWy?fel#&a%wo$pl-kOFj3j1qGi-@4+ zjJ3=R$ow30MtTlK3MVYJr@nt8qV*&ET|R@B`XMCn8ALEgEImD^&C6ZYnVTJk`r&3w z?;b}bl-q&iGxYx+1%D5;_l3$uCDP}_N>xiWlAt0!sK!^4YrU^x(;h%^Cn;)>{R7L_ zBPeRIuH|UQd^Eu`0j{a-D!8ii7)ncJc&jy+9x(DGPrjrzCZ<{M*?G8$iA)e$X>AG< znEcXGW=I;Q)Y_I6zl8e-cEqVK4lvYW;=K07Ml!S)7nf+zg%7-_iIw{V1C^@A7yS#- z1(>uK2w`h_&tW&7)w5R{L5yAi2EE0==q=-zCH+juZ$^K4BKWGSi=!)1)-X0Dg^Y+= z#2&jYhLBfy)^_QK^lX_zzMQThPHBWtBU)@^iHq*&)&y?RpZw$xqM-<&5{`a_^FIsi zKUD%cfCzF)AsR7s`Ddak2pU=05|2=MWNi2ao`V0Goazl=u zA!A{kHQwF!vujHmJUM}E>te~>D@iLeQaif?Si~O(ceuH)GtU_6AK#{1S=rsCWfGx5 z@x#|xTEIEK96%Lu4Lw)Sz0XYR620TVD2$^~{dr94WZU9-g_vrn{8>CWBMh_+y4zhN zr=h0@bh{5aHh1#7oXEv1Pe`WQ`4cD=KEtaJLQD2$sQ~HFDWFv|=aAZI4bXbt9=E5Y zfTy~BzKS}I`su|D9DNWpdVvJA(pMLSjm$`E#A(@o1JFMS?O#W-02kWxjoY_0n(0nq zW_JBvw8`?B-2+ANI~yA;)L$xZEwe?SqrVyZ=P4*CyyB{r77YWcfGW-y1-}0{(nipE z&Qg>GzzKlF_4*0f|A_H3~8G=)!35;RD$C^|thvgY>(zzt%R z!|5Zx+cAAA&mFOdUK0r5Tg)aun+vSMzSlvE`ddG6Mv%JJ>I8d>3N&n-q3NVN( zdjw~v{O5iCthWk0CIYx&T}2sB?q{T0VG>8UkSeu-YKcTI6x>=H1}w2r+=Xn6xV=>C zFc6%?Cr^LtWbdDyRc!aKG-62y#(~ zSWJ8a@{U3VBsK5|P`tdoZZY11HW&eeVkBt@HR|;Gh(LpOFgm$dS51;0b~7$9F;gF4 zTS(SN`vElktz((L*>K}NqqB1yUEr}DX7z-agd?fU5*+ot9p~gE z;j6)TFh5c&bW>_cN-(~VsuqO@l8Fe(3H_o}b!_iR(STTe(nZGeT7ZrmE2r4%ZWzOB z;YP3YI5$hM(neGKp==d@@49NCkNnmSr(+3@LIOhwb~gW=0SLRM3=ibVf_@!?p{bf( zEq47@@Syr4-9Jc|y+C^i@BACA^0}&k$=B`W`I~)r_@CA<(HdgJGCb#HYapet>LV@GRAE?e!Hj@f#8g2r84J@+r z4y-gK#>QT(7NXNOT^s#h)&R?f*l*tuxVGGcp`5O2>$a7BH)>WIxVX6d0p_HksVOiz zdJcIZedYT^v$ngc>gu)oD;lor6GcW5 zQMajno$!=jAc>TA)>DB}^>U&b%Y_&OMP8vvvtNx|Kff-O@0N%&7H)gB6`JNzqY+}| zD(&uM_;#fRM;Q!^8CLils5xZR*MGsyhev;}4qaKvoJE4QkPLyq$M<~++A3}f>JCGJ zem)BAT*w#DpY;33s{Qptrd(#1cqL#Ail|kkDflIaaUz*e}R?O4duvuU0zXT?mJ(3met7OKon2wlf!dm!Wk7f=~! zyFNdM-do?^?rWo_%dk+;7rWm)m}%kp&1^`CNKXrqS^bcz1kuva@DM574aXz&A&ep7 zenb88fC?f7BdUxe$SVtdbvH10ZP71Muq+_3+EEvT#~Iou8`$VhaH5DPk_mo`%i|65 z{zJ>mI%o+x%k+xko%;R|0u84L?J(;8a82W}=Vg$!wo;j5-<@sFkJNTGZb}ywzyxT8 z|Hd$2r8-y;R(A^o$bW|N<(Jwk?gNRd;q&8NqK8?*bV6c>-9mz$o%+0-Qvd&4OhCi9 z%svE+vA_CS`46P9pdumujAl~6Y|Ue?9JcKnNxR8Jz5Nl0=>b+Cj1TWHPF-(Y)!~B` zR>2Tyxk9NTuId_or-IU9sC+%qGjl5|a86E+5FQ5ZDjrNWja2tugCZ_i*I1`58YPbl zs~)hw0r;*YNaY(Drg8-hje&)jBSAksZo;aXXFPT*A;4L9b*L7w$?~=w$dkUlxq(a7 zOAQPZlJF-?r3`4&OZq56kC>0O?qUu{H-OXj<`RIREI)p;kqQvS5O9O~zYqoi{CNk? zW_4B7Tx-cwGjeYMjY5%fGYX&K3xKc&Q&osr9hA^-@9#TvXh*yK^Wjp|%?sH@G6@j) z1g~I@!7bisP7-%@sKRzDgu|?p`cH0%KPTcS@4Kc3}wZVTt z*nd_uph!sQnL;WD?8%IB;XXIi9iwoEU8s#CVOi#uB&g*2d8oorg`YT4_gFjw&( zI9BKmy`#`Lw^J%ZpLgOlg~Q#Csw_%wS}9Nw2b6Gobd!xGK_MiXMwL|LPiXAFab7>| zo`a0{flzTcV48H<2fS5!dJE-bWLz%fpfV@vU|<5o^bnctP1ggACIH>>jvpVxR)LDD z{nfrIqd=*Q&(t(dsuBkaOB~a=cQhV*;EW9BRGuup#dHxC2nI%2)y36%AzY;J{NUq) zD}|RP2{EBkY4O>~>qlOh=lXAT#zS<3As=Yww*wuiSj2yDGjca_%h;#%_U6OA+~H@H z>27!s3HtU-)^cYJE<~H=Qc!>7apLN0I^`-s{U{~|3(BxX1oS+hW&uOlun7+Ig14a4 zW|RBRny168A6KJi^+W8DndDk-C+JiIVO**l(JTf42^^Ol#@`js=Eu;VSC}TyhRp&F zCu+a5MXdkxEd1f2rKE+P3 zI9sL@dX^mu*kRhXSxNlk`q`4|h$ZHo$D;{92!1kwfMYY+(G@5=-ms|#s&o*>TWgt1 zU`E|fR|d2^Qrkb7LDhg=rI2@yy}`d|rbEAkbx~r46xiU;T^Nsw6$>aZss<#ycWUQA zNyt-QTU)E}d2s#R>cz?Dekyc`gA&`=-29Pn+cA7Y!R26P>(ipxjsh<)Z`<#Mg$s6` zjJ}?pj;n*&UYIns+K?2P;O*^g*j zyyZB!)FK#S8Aaf>{O{FSzyJG1PI(D&iP>?Yzo!Ti9x9T~nxAUn&DF8*0&uh>3URkEfc8t~oh z1_)_VGP1yW0vHe}Dd`xXK=sGcBXeM4PLuhnq2<%AbNITlvx=x9U73Tny%6TPwx%Xj zq`brDS3}~Jv`yq$LPr2V@J2sZyTn_Fd~&h3UnSGFMs4ClJer~jd$;gOp zl+49L70NI^OUllUb$)RUb(8InIV=Bu1cwUD05;icNX$ceh`OkL;%ZY*hdQZV&HH6A zwrZYf*Y0cZN&7A}e<+@MTGazyLwlj)aCW;R*ZVQskc7_C+KeHRTX>K7fr( zf+k--|BM|qeWSvan`eUAl}r=~*S`q?=i4HWA`M`|hTPWH zhQ}K^>7MO=HT;d$9w>P-iU7lJLgTcNLkh`}WL$3=#1yF+w}~oBcc&tw_%ao+mW;-^ zv0>_N<8IkG((Zu1gDuTF4n$vvuc7%FzIb^u-=Kj983?!!NV{pOEKZL{My!^SGAJ{{ zG>fvgLE}Yb{KW901NWW4`79|p@Uc@;zI*2P!~~$na7e*!Xv+8R{blVszQ|d;m3a=c zh`V`O3A?_B`}>H05XgqIe&u^=3F124dRu<`(mlixIT_H1P7?6M$TFomCMPlUe2!eE zMdrz%v1NeA{fxcnX~pw@pO#36J@mPG;rWhuiWCQu;(jdYN48pIg=DeAl7&W9YH0>7_4p_+bA$OTRtD0kLs``Y zj6eFw_f~{`LZ-8?DTn=iy>KJpPh~Gkl}G@L81};yvj2w6mA78w$)xe9_7GPG0XX2)_eGR82SyJjC41IWZpDKrD&kNeRyD1tbMKGRxr{#O;gcl1E<4!#$n4_ zHHr<87>uiRwbdILOf(ue*!cMP$EoxO95(;&efVDpGAP>N4_9kOD%D$E;jkf={N6Bd z9^sv!6_-4({VA^dOj&7NdlrWG(<8VE0b5^?2Sp;kcW7YjaKunXyj-^x`e61M{^90m zycn00lT$)Y4%W-7w_BkVB}?WX$JJD<10q*wIwJv2hF2kj4%~(Be;4eoSb0ms!M(D{ zZ*y$kKlE8uNT9I$}|SUS*^Xw^z(pH9S$s%zFit#yalpRM;QsXGCZ3LP-7+s2kkG+B51 z^H};Rxwsmpwi0%rXmnmqz&?z--FzE{=oHLJ*6s6=YbMT8(^O~TJClN_hhepXPw;0l zAb_prBtxZS~fMk87Q)LiAC86LW@X@azpT+dc)M$lcj?Bxv5#B zvsGL)HbEOiL-A|S2YS{vd4zU)NS9QK-y^!me4^Oh-Fzs`_Woj2aK|gwD&Iy( z1D_%!as}gdA~3H#d*uE2ZC*4!$@v7OP=J*rRGK(o*8u~-fz{5uhwIahklv_zLPEkn zQEMbs049l1&;Rn$Iqjw~-`r;RcOk~*;WU1V(~TadK%YhbqTHWb&0r3Mh=kNJKW|O+ zNs~i{U+W9g1ALbcf7QY8haEX;qIt=GUqC|SP?*_7&o>~QMm(7AbVB%Ly(_luY>~eo zn5nGL{b%@tIKht-D(#w2o-el>Uw%04jJ&rPBayWU3BTCM)Rn-{s52KNjOe^+j4QcjEh@9mdK4b}NWaUkYc=N@$T zg@O+j2J=r*aZFao_lu;cIP*_Rq|eStWli;sewETzMnpBX9jOPu`8{b#Q4yoP5vG34 zAzG=F_YDDzSwLVHwLN2KPo&a4A)fa3AqhGNUN2p; ze^L@o=EXi>USa?ki&X#?w%ba3>Yb%Z<;&e6B8B@ZHTeL9=&VkI7`a~Vjc+D;zC80w zw8xhvkzjr5#u;_krr={FB~3>dDe0W=3oW{ZHZx zD6o70vf5YX^}y@fWd*x|Qh(C@Au9iof%0}9Botx+(8V^BKY#}{T*K%yue@BJP>=+* zIt0a0AAQgO%j7p!>}k9~730ExZ)vW8f?W;xcKe9_(GYzKMX)Z;U%yc>1m%o|SD@d& zssENhgN4s;zbf>c#~Z191{IWdI{!Jz{XFl8_lKmtvaIGHLo_UVw0NuI+}jN#<_ZuF z4$iYdaH=9QNFwb2qv|W8vh2R6rMo1hBoqnh?vN7cMj8a9yE~;p8l<~Zx{(Iy?(Rmq z-osPx|M!Uxuom~auXF7)d-lw1Ff;k*eSMZEVfA?&uKX+vfPHSyP-x@A$suEdz3x$? zm)_+%NSGg44$Nvw^crO<`inCqBcz3*bYP87byfZF@7emG98OWtP{BHSx+$e|ywu#( z9~z3B!0YPZtRi!9sBcL@sD^1$_ zcP9VW_stOLrHKAbq}M+O7U$FRQ%Lvsx+lhD5!<~&T7A^F|HehzwG;cED~HK(Vs^OU zM1QC!=Di+uft9w*Bx!_#+(y*rm&~7LpTOc%bqR$cJ8ocbfgl38W<5PW-Xh_O)k818 z|6$A)CLuxZ75YuYOL_utV;NiM17NLD#*Kyoo&hglc1b~leE72Eqn}2uW|pgov^1Oc z(Ng`dydPWPMLP}sxwk-H0Bffio0oB}Ej67a`w6R%>9kO|b8l#^Zg_GsHbU)3&7>ke z_=0XWXN@oqF3k0cpb~Q);=l0RE z|23x#G}sPWZTRRiYUG6!;P`k&8cN6}B&7i>0CPyT~ATYQnZ^@Gd=5 zb?uYTPTX8kj!h`aqWmed27YmI@rz;iW*03TZ6cy_gIC#!1C-(G;dL9^+xx{3M(y&5 zN+BXeY?7V*(8Y)tMP%U=h(mNkvPC$-%1Zu48l8Kk;$=!jI6v0rzK7`9D@$@et2MB_ zJ3547?>T2@spo&{xZ%f0>jD^b)!~4LZm2q}G_?8~ zp|IQ7EUNf4;h0;>MtCyJFx&={!XEkY23CdO{`Wa(@1&Ex(D?6V&FByn^Q3-ISSWPf z!@qg+=0p_b6;tOue$VHPRiVs@vDAdXnJAG0p~Rzu43Hsg?{X-MUzusq`+EH&)PdO)ja<&V`%-q~w>C+v!9w{kgRkNuj zq#C|Mw|ID1`Iaci%aizWzL{rM2nM{OS6SKX>xnX%gU~l5*wIUM*1qv^iHYqA%U(Yx z6d#kj`}$rbC#R6S$OlC83{2%SCef;Hd7 zEB-g)N%w*8O`8cE{%-fPhfKI&#)I(s4mj0Fn3*wME)NiJ=`==0X*Wx0;>jW6Mbc;$ zDJm0EntAOGCSGyb9Y7P!H0Wlfzg(_FR&Q0#L7rm>eS!Mt@?g#z?Q`!ZaY@BTYyUe! zBBC3zVX^stU;4kmzEX%+5>z~2t3x3U*&Zzh!z+k-i0_KE<|c9`NS^+9a4B-?>;mk( zUMG0tfnqt*1>2eD0!;fweX43Uf+@b(O|%7Q+MW-rX>wv;&wb(0>d-}Ia;tAJoWKOt zZhs2p_VUowBPNQm zoRVcqtxZVf%c$lK^XeJz$X4G{L`L6*Y}_9dwQb*~oHP zr9<@XKVS<-NZ>XZ{>OXI@azHt9C8V4{D`9jfRFBbjzNwo0$8|==@4s@68{6~iI}q! zR|;{Db(Vjm1~;i^qs)MAjO4RGQS(ZCkQS&EYv9Y*HRu`T_R=rI zd5DKJu0v6F>OLP$r28Ux<_d)?H)e=K55>?QN0M1IMR|uyKKPq?0WytD1Kj<(ju1cj^aC z7qg|>t*A!~wX=<8L1AHFLJdvPq4Hq%dwBYhdj&9KO-u@@jWT?9K1hFlb+8Gs{g6ZZ zHAK|OPQeY% zI|*zqZ(m!mDtB`L(5$)um7Mgv_JnT?)5GL&>aDf~<(#qks8N~4gl67~8eDi`?+mI;dd!bCl3uXh$qK&MUX&wdH6p>GMONgnlOM2vzEYsI9d830Oeb1vkPNJ4km792Hs&1$^Dnig5+dE zx#FZQum#zxTD7jftN6Vp`cFht5iZPzN_W*Xy6-=l+;f+@8!Axhb_fa?NlncpLn*&t zcNQy8A?7J#HDr<~-5P8AN>v}Oum1|e8@Y$b<0@O-$W~=;krrAA%BeE9``Tqg1@?OY zv6z!?|Ccs=*pQ)jg5uaDPcN=)NB&j~z1YLcW#$ zijZ({ju>8scM=Al`4@&c#G=x0C9b+Oa5gY9j-rDh95JJjCDutxckZ|2h5C@14>!CG zmdC{TU3}9*A6!j-8&Pq~^6;B%SOrFe&?rTN1`~l+=(CV72pkdg4Pf}vE6Z?E|7$qQ zamn>{?r<`S7}{%}iJvTA=Ze(|<~}9@bnw@ms!9z}@X5seHGR23hvI+3AnGVDw;h?Z z_;i}CS`}GY^n>}@h^ih4{}10#1yxn?%;tW6T*o@i<@$(10FzjlFCjMs_&=TF(v=@9>+a z=c|5!h!{q#wW-5yM04U$yA|$=>M&VXjzDxxY-sA(B2OjI6W~d-X(jgAkn~M18C=UL4=@&xC5Xhn2HmF+5FnBmOY1s1;bD{W5OA2Ay*j@ zw*Q01?7Fc6OonBD z=eFSaX+E9G8A#2)eu^iT-QQBqK&J_PYBGvRs+lOZ&=W2Q*LGk=@ijJBg;DFh*{0Cc zn!C{4dQY7;dLy6SsTmti%0LVI=C40vsfl#qhd_I!@dt%+DWruMhE4LTiMhdV&9977 z^LoD*J{Qfa72-K`!i zHk!OD3cj z!*_PQ3l@R9y$iAq{u^|Hdx!z@Y?bcD_YDe)0#W;TWcyfDaY;%2Iz@v8aA_->J%Sac zE4|;zPrxHTe;b7&fJZ>gQ-|hU@9gDk3&<`VBTM?n1oj#;TkglB6uUs6!8iE$o;aN; zw`A3f1i0#yyRig&{qQgNer zW4+YrK?{-W^;Px`c5*6y?7-Kwmk=q~h$;+;F*w|xD8MvZY```gPDKHp-L6dgpr6I4N^4V@Cpn%^kFj;%lp0M}D|WVak)3aXE#dEv+K!P|?}RXk>=uL> zF&kcm6YxVwr}6bc7dDatk}2gVof1b1=*OS^JaslVOn-LgaZ?Fc1L{j*gD2C|qY9|o zKTA@%L;Gjfjw?QLQ>Zyuc34)rH4E6)vmpv@g>D;pzotPH5Ly z;=&ZDj+i?v_lXqbn8U^S>P=6?D4rOiHjjA;%{nf5V9F~fwE1$HJk=Qz9RqJb8Vf;0 z)*ThsT`Iq$^a8u-rRhj*n#VG;I-8|W+VlhT%wv>LN`w7R!}dEkkrE**2M3Hy!&*_e z2`RI=JM4itA<+PNuSPH@x6(=LQOK3_XJ2w5Fqtfd89GRH>rK}4_gXs>9faQkr2G9j z?l@E;!Cqb({maU)8u4BA963`V}Sqd1Rd$F#Do*s_?@i0N+;_~Kbw5E~YrNcrB@-X13H_TuK}no605H`Lve*E%SUF1O~@ z`hL)a>%w`hzkhUGa~z#ukn60Zx64K&6iQ;qUI!xK*5S*gTUZy#{|Tncqs;Ar8-kH^ zQtz$Ff#_16F|zwAQUzmY)zk&8w`0;9Pr#lq^4>R|l(+Q#+RQsM8oB^z!QR3K!%QVp ziZ{xbwbWyb^j!6GDz)@DAJR>0k48#d(Uw{-_NO{JA|4~+&3pJ-KOyGwIli4#nKMO7 z!!SYWKABRc$ie)FGGvGm7z_JhmP^*PyhMC-w9@g2lMcH7zlBYi2)#WIGYp@DGWrAM z?Z3A{fTPTPCZf(asBZxQ2Z?PtXOyTu&Qb&ST6{&(6>u=qb!jjEg&uz&Q!h41d0oP- z3Z}JT+neRf>-3c8ejX9>EUjg%@z;cO0c~)K{IdXXMz-sNp8s9ysS$avI_H8l7b4LE zr6L6+C7D{e4n&%>0f4(rracMiC{T#(*%sP7-ydmIASrp0`P^OVr#{BU(nHvZH+T3I zl;F=WGQRal3Peci1)=lWigy@zYQz%-vVX$Pjg;L~;67lGh`g%Bogosu#mE z?;?LhBP9-cv-(O&g^x$)<>YioQRs;1&WB|aSUt4}jTlMJOSl%V@Tt$OGqkq7{QW8> zQ@K7}si7orer~3GzX+D2%DB~f&+^`41qdllGa`p-6C-0S8-09zp>#C2UUsmRev{$X z${$PqT)oittv+0Z_@O-k?ttP-!9!xq7rWD`gp7orWdhMx-Vyoqex#V(3 zM5<S`2Bc-&`~B@bPU zaUm~c%9>$TDBm#rgew;FsGa|8oKQ+;Qo&5>sW`AiFW zQ6W5|g)SJ_>)`)`7Q`XV!bxNIX5kb1YjROG74W58slwp##M2FbC!O4%5C4jxQXqNr zrn60+dW*qr-i7-|DLh<90P?Gj*EUL$pYoOerkwu5%IFZ@UVBiEZUVFi8P86Z+&3hx z)!A36R3Zg~geXb3b2f}94Tqd_D!!fbFjiL(3hap_EI?~+wCJe;{R&M=Ar~P@L?j`h ztz7q4-43F*7d9ke=_a( zlVTCBASF7exOPS%a*C*Ib!aI!!lQixS^4=Rf_AZ%gYa5CkNNJ9n|~3h zV3SR8-!sSdB$lI0bD;2?mFA}($n0uK5p%~67l;Mve`?nrWT>Q8`Y&}Q#4hgdmZ?Ft%mVXfR0#F zoEn~#nVES7YKj8uqbcIu(@c*@RMMqxQgrm#+k>GL?zzf>>@2+VVW>N$v6CuT|C}6N zOG@~q%0t}1FCEvQO)QEr4h{nXy9CCEw}D|nax|#(&p5#8ayA1U9WTEIM2={AdYlPk zf13b;x7C5N79f0UUody%#iT(JG8%k39wk5d(N5bcq=H=wRB__#TD zgwJj|vkJbEE2N;tA7iszLe}pIpDfSYqgX|IVl$r;FlCdS1Y64R7<69L)z_=>L*xx>b>{cD-F-(Vk;3E5giOqnfOf6s23G*}f4G}+0Z5TbZEoe;`?-oX5BcaI0TE1e z3tGWs>ID}{oZoI=xU7xHE!C~c72xHd_NjBBP$K%6KVF$~F?N|+&$#z98RB5fecB(x z1bKP*n6+=(hxwldyWRpNz&C)lqts1y<&rkwv80;s&ju){ig*zF`jxP`lv!kFflnHu0FOMquirnw6IIe%U~gAzCgs48J-)dR5BH)?FqppUpWTgqsnNAfz%{G zqJlC`m|fPbov^Dwy~a#WLBnx1vqV%-kXkx|8cul)1*>W;ftF4(KA%;*D|M$X*r!$q zt3qNeAvO93d9aFHo6A*rhj(mGJpm17btP*Hy4THbD!jE3YK|%im=d1^r3xIs;{NKA z6k5z&F5WRd>VLBUtTU*Ci|Tb^gOoHiv8_p^zL$#A7*jANYdx&{BMA$#Z9Tc1%J1~F zto!L08KKp%&E+Y+z8|cToZyNG2|j(S8$QBRnc{Q4HW|fTXvZ3_SbjF8qE^?L2Rm$R zQ4{TJI~yla%66U2*O>QcnxMVr3jCoF8swvtEUKjt*-(qK>)iZ1ne_*fgExRKOHB^0egtQuRTntrenqZ<5s>Tag&l z!M{$LFMO|<+{F#HRHh=YT*ND8SWzG=8XX-yD0z5M;+u3$&KZJ&&kJ&{=s9v?(5I`1 z`uZR=KRGzm%sq~^gp@9>Hc zkY}z?jqj0J62{(Q516l(IrX}One$xvZW^N>^E9u5pBGnuM!15U1gRfYf9ZRJ6_)u} zs=+k=v=EKU!+AK+$@&1Awj%(AV8xNGn%)15+)FR_xaAJ@bB&prM=ZXY0^N^*R3BYv zx=!Y4smoHK-}uTJfx*k9*R%3pA+vXsgOGx+n`T)y7aP6_ot3Ctooyh@)H>2*YKj!H z;P>c{a$@^`2Cn<^Gn&elHTK=Q$E9@}RnA$Z<=t_Dz%Q&q!ZCLPGKac8#Z?S{CqB8!OUnfaIY{AkQt9vHx! z3XghFkKVAG%9m3|%s{Ty=oI!9>BhOg^>@yitoe<74uQ>4IS=5Lx55bYu)8(Xb605D z{K)>Ts*;iOt<|1Ia#AVWrtIvgerD@MjdqW|OFO}q!X>wuPu!0J0x z%3XZLF?*iFA}2`8<_nzns^tPDq&rRJZZ|fMUO6&pd|pQdGQ1a94~+Su!7u-Y*ng=D zbzJ^pVxMHAo+6pt_X~u{bY4Mk=);S=)RmKzsNjwcY9IpvaPPK$(LiBmBHJx8i+p{R zk6y2*mTRNUD$+PufDCLFvut@&u`RS5I8|TzUOvj7fPhw=t--`{`+a4;tbv2sDjK`J z-Lb1~rU(Jufl7mc7bzyRR9~VM3fn;>^EQG;<9E2<_XonHAS7-79p-r1XDlvm4vrHT zBO_pvfk?kwzsRSYX`(_#CAt^OA+hTg_I;r-Hf{+et=6)-ZNFe&4P=*+(9_{ano6jd zC@Ih7Vkwoe303MNt5utV*SHFx zGD}^4>%P8x=!+JjsG(JCP}}>eDk>TvtxLxR`SfQU&E##m*GpU}h&tp32qu$pI2APhG=q}gE8{${H= zI<<5cJvA<^4C^D#25$c5ui+QTM?__5k5H+~v;1zIwj)Iz|bi&+TysW5KxEjDCNAue*2~mI+0j%WkpYcihsx zui(gV<3AUd zA`8TgBte4*JCgY%Z_=BMOjeA1A?RG`6hssPHor8FTZ9u`98|-PP+Sv7%dKhj&w~1o z(G=~0804LTEXG>@TVxXgyfiop*I#8AQ)kPAX)pl8Wp9!c1EttXD68vR^%~T$SnHYM zn|}@pi4QS^#TYBr;;+pP3`JiGNtT{{?+57`n8BsNAa@$}UdnT=6M=6W0a4+KNu>)Y zDIkXgK4cug5B^|B1JipA2kaQRKF*C86RcTVz}-?mafj{JZY-0FV$*Tsb!~&)xo)R_ zicx;6|MUU@_A`Vv7}?`CNZ&RYzqK|sA#bI+pjj|DHj@JfuDiB&+itPz)h?1?m`_`` z^4-L?5a-XSh!=c;$bcHB_6{Vdm!2IlH(py&Kt-ElZ7` zJ37k9DBlSgcDnU^O7S}19u@?yqWZ74w>0z+hzg7=F-IZsbP9=ci&%$k=Wo%%!&!A^ z&tj?dcXyJ4=~D45mJ}Ow`y)!!s^Svx}IwxGC8)k4w z<7!8UHT0Ls={0=}fB&d@g#(q-Ncm4}if|hVr1xWs)wwcL-DDvG3gkTswJ$2!-{|5w z;$lPQ^Uv1)g5nh60tp-}a!4|7Kzl*atq#gTyw);C0$9TfO{?X44T(-tDO?%bbniT&CSOdmym0&JXK~>+J z0odcUT>-H!kdNC2#t_4~H+%^C-J#wf@8J|zdbAxg?)=+XN=d%K#`s z(Q$BK0m_ANtC(JZ-3jt>#xCox3z;q^!t_|v=DmDhN|UU&tSux^JDfNOap8Q~(X}P@W2HC4*XnSNl_I~!n_|!$ zOJwR-02&KruEp zE*K+oc5Cm5ASIDiYQjZNCzL@0)~Z81(hQ4c7oiyUJflEsQXjekp}^3lYzhhN%hhG1 zte()#fmX4Iw#uAkpPx&nDrIdkLF=pYIRhCo%N`xN8hH189Wa@cb`K5J6c{;ddR6B{ zhTF>U1M#%}ll;ZH9bf!$NH+0*>9hw)wXP-hw@ygUy`Usf6R1V7)P-1JU%f$piIPW6{ zq;lK!b-RkAr>F7RM`@muwH)?}2!>%KtNv!;?&RpPyP; zKZGGZvfz3$WUGVZiu{-3@P@wrv>T;=;mo<%@%n?f%O^Q9Sy*ULtjkmiuH#NXTZX(p zUG@#QD6Fm~_}p*H3reuiK3q`yG5sF}Ah5{2m3?zpt)DYoMpTkBiV7$W7L3Sc1`B2+(L?@lWYe@3+Vo{tWAGlBKy6uVQO9PxQ0G%Ld`*RR`Yo#*M0Dk(w{m zVQdYj4HJYO>45p0jzTwIm!C1BcSu$idD_hvusPQ1_Kz`mBYU2gNfUs#5*j$uAYTpa zG&|SWZ1jFVdAvI|HCq5oyKZ09Tesy@Ue}e2Y3=ERGBV6Qs!5Jp3~Oge%Fg8AM3Puf zqwX>*G&D52Qlamo{0Dqu+rM^p_Jwd_Sv>;M#W9F*akyF7paL%smu^9i~;c|5&5U7ZK%hOipQD4@+T z^sHLnzQfdlX2LD~C^-WniB*3l*Vbim=8o8on(y_H2$Ajz6ZS#u1@L1z*4?#LM@2CRPbgD z79(E|`lKdu5kK>r)!HFsuTh7hg8$YdqW8x)woF7LL*BRq7G!x7B$k_sgPvj=359*J zrGx~BpYf^=Xb{n?Oq^~)vcSN@pa1C|Q@KP=L^N94Aq>a)k@kG5LvPzusfTCMxsTk1>r z_~7F+2^5GlenpZ$le7rMww3JWy7#+Ayrz@a8U`S+`uPM|YvV``hXJFyQc}Atcb7bA zli$5ToROiSNQF&@_-d5sVtg1E;Rm&;!cQp8U@#2pK->C_%ce9%X;-XJOP5`ND^{6M zcf2smJOTo+V|nW28n0c6*X0HoafozA5pYt3_>-^r<>~^5Dkxd7AsaS5F8g}!3F&lE zm!9r)huv@c=y66QVxBl(vWJ$QfV4ih+LV&BW9_D)$C+B(fCwk)=?s^{U#5W8{hUd22oeoA zRj}3{TWsN;lLuA9DJm-JqD7E-9aUkq2z)3fyC!3CO%JLKkS&*9T&DeDZXX`j7SH{k zc%r{295yc_`6Vay(ZQ4~_FO()D>3i|UvCH1mU78wm}i3rL4He~<6jB&Uq{KVFXt_9 zepLa?ENFVU#q^&^;;(}X1&?>4FQ!gA=jS+groe@fj|fcuaAWFp6ti}81-yJ}K-!QS&X~d4Iqr{IhQ)$e&XT8y^}Qda02p=rYL`6-<|>W9$~mz)pM9BW zap&gX=02BRKXy+3y>YXhwjEwTE*k1}-1?LnqQdC0-i`9xin3Z5l5$ENOiFmp2boQr z<*r%H=U6zLPSX4N3XoF!!x5Ky`?7`+^kv%XcQoiEy4VRKDLnfi);B|O7Vl45EHMDo zyKqm}yhB}hbvo7+l6jY&+p@+Q!c3C!;^6X-g=3)8s^!8xgB$bg;`oV$MTfp<-==y( zks>D%4Wfx|L=G1hTkV| zJrCPfKu6Eqx$u2zMp`cU46*)BaxDO>+GG;a)FF(=fFu;pzQ=b=~e0S>Pd#LhAM6Il$;fp!vb`Q!7G=ea#<`H?eNfzO(b`w z%Q>ci+L6(T7%bAl^En)5xqk@b_elbLY4)q6b&ZpiJ07y@|KSD+0lqj=&#A%!jh8tl znL@_G0zxm~xcKf*J|u8E(j6F-B7l}d4{9RVTks=WiJY4+K9RbW@oeSWbPnv-3ttJ~ zCqJYAU+38J31@iGu20FuU+c*)Ds4%YG=TZ1`DL4D?W+~j?a$mfQ52hUyj8p;6%sG9ZF(F zdNdq&i6CG{1?rvNuA-e(i4H|hrNw!Ua7Nclvji^tLQxD%L`6VSWKoEV;0_oL_6-q! zkZy6~sJ1JyD=&g2^>&c03c$w1fXH5^_v1!GT=kg3v~sLjn^&vvo|J3AiS<0P9d%~N zzhFj99v@4NOP`3Rp##(Hm`=-}-+DEdO(i;Y|aSymPA9b|qt!GXAl z^1G|$3|7n*{`0}Akp?MsHh(Vno*loh8QgM!Z~mY$<5kkFm5-!?ln_`w<6e!v4x^DD zpZGlky@V-#a()+amAauUbDtVf^)=tb!4gf0-RB6+G2Ao36z8amkd#6Rrybg}PMA|5jsMgBA%N8Nf_hNSSB@R0gZNVNZp?Ux)| z^Zkm^x4^?utVBjrHbRaQIHO5_&Nvf9%|?4TES+vJTv>F|0#jqf%FBKJ7ZlQ|nNeV= z$BTr=ZSMy?E<}$}nCfgV=?ozOt)21)`vJop{uSdcR`LTDo3Lrp2FGU&Q0B}sOYMxa zgl;Y_W!%Nt*;ZAhd*ij~5n_l^Mo|&^-sHItkg)#BEl1(m1(vsG%yYfkQ%#MUBjmBm z1?-%WFu~`pewT`vt1^1;mqX!k(VVYksb;!_#d`3|zwFuwbT{~9Y@-ek@;VTvf1(Mt zkdq99ShNbOuL)fZy8wZWA9yeskTP_Ebo^hhfGh&S$}%Ch;}gV3b_=2XxZfEn5f-uK z@e^+WhW)F>Yd~13OJiBV)A^WzfA=z$NO_F(XBu$Q=jT(>NsD9@)D*PY$=TT2`pRXA zo)$p6ySdpJ~C_(@QR#}94U>lU(hqW3glrJulI|NJNkJgUuCYMra=W%ql#2%SpR zQB-g5pssI@#k#QuBDw@4t3EY5xovx@m0LwWGHZe*?*7;#>8U7YcWGO@6LJEMT-3O9 zOcmt>n3Fe^wp$9YE$CS2SyuV_Y!?%z7xG76nALMCI8nV3Nup%i|tq>AX^bR*n zb2~#QR;vn#_ipXUlSv!$jLt%$0kNZg0RbJrCtA;(oV!5jlfzEUJeEhdGNh#F~ zXMXv}?FGRj)x$Pg@Sa%Za9KPYmv0F9{0N4u(^G48Vq{XmYQ#&T9<_ct5MRM@?W~#K z&45*TjC#-4evEccT(IMH_2_$dwc7e5-PVo5Uq#hE94zfKR+ABl4I?4H&A$*~yc4jq z_Zc$@8t&IP6kOt0Mx);=S>OSI{lrN5- zEL$`Y-R~}Nqpol7Z)^wMGGjl2^gHaYvpaM3m7XU!pMjoCulb}`5EG>RhGAwHw= zv&-Bwk8N$RP0b0%{jmcYlx_){?DAI&1~kgnf~`MYuzXNo--hleQXl-PgkxS0n=Sk8 z4Ky|geO%L^NqqlD%aCHB-nK_aOy0ee)_L9jl+WWpJAujA$EkOifL(BVNVC)Y9|@em zCRt>BJlcRtnJ)b*?`kVXt`zaG7QX!8n0&p9MDyP&fA2!^wz%djn$TNqnE{^>`k^2^ zpFNI_RRBE>#}DfFMhtK}-HB#wCsV4_gXfdTHew2c5OXlRU&6CkEF{P%T^%(ZcK~{& zUVxQH%u-A>mL|v3$DZJK5u>OR< zVivW9jdR%=e3igyOOftck_&AA>{5M(-{YcD7tfvGPR*zdMLu-n75+M zKe@k0e7xYCdU?h(NavHUeuJ)|eeYH<;mDr&JS<-N!%Y=Xn)8 z*ilNZP$Gjq>GJbMwlb+$)?&KJCYmZv{z3PrT#I$O%?XDGiQ~_tb4%DzftsXOaHfh> zM!ERKoxB3E`&fS?5hWxoReGBZ$fTTY#_QIStVaW8I4{y)0UrRN%Z1i;cMrz#Og*y* z=zu;VoN0|{4DUyIcS3jzb^yeeE;@PGk;Z;w8|18Sf(oX##Pu9rtGz(_+ler^6(^SQsriQd2gJ~R~PJ~jQ# zuk+0#!K&T{c3V6y<=fn#cck`vNlkVnEGuOru)5SvefH)l*#NPhMzD5m;eHl4}H6CLe z6_BV)>Vvbz$KCqG2((%WMP?QV;|W<#mczU6TR^;)!MOdj*P}U6+feRC`#XJ%6=ZV2 zv93#}+{RRUJhVLDY`tC!(U7b+9;Xoh`0=}84hOkx z2!g-}QMJC;@sU{NGWLTlBi{&FMS5Y4jRqATosA;MSR-GhdQo2fLzuTp2Ub7Wz z=qRTPFL#^%z|jr85=)iboH`&&$@#Dq#WI* z>A@^>rYUuBM5&nOx0T!}28)h2QH;F4yEu-)k5=^e3?`K2U>?QKlI$2~G8->{-XISN+1bQ&Wj;9%Y_ zch$uho?Ah;eF0vJS`rpR$%)#DH>$!{-JOJo*d1RHpwUG)`y2q>Or)t6&n1{hTN$ zw;bpN0lg6=w0npH6r0vYw*3Cl#DI0^9T;R}ErVvvZqXF-&PJ!+XPFgx3e|kaBxg13 zD8DKgr+aP+E)Y+G&(JN~QxLQplH` zw~4NSEtT~M_odtn{>ztSW=V@&tpbrNMeM()8t@(MJPLz&?MyAuD7)F%So93uJ9mZQ zo*xduEpSfC)++1I>-Db>i*C1fE*;pWU^>T($;?R*mNUVoQmvvbrA3*ovgEqXk=)Y+sT9W zn(s^6NA{JK_SQrN{dai%$@m{W*KA1pxv&NTB9s?Cl$aUkmRY60ygaPjKmjj1x3E<} zu2Guk@=V~}&RhvMri7zE*x0%!XR}+G@QGVu+T_8;)ye4v$Uk|B`LdIO%`)S`brPhE zu$j-oK0P=>PTiN|1M3Fr%}t@_aF(fA)fU*eq2wiIZ9l5MkWtsDZtZwQ=8qGMMMIZU zr=an9VYMfOyK8ZgR&`|M2;r>toQ;{Ad3MpvfnArq{^~9YXytbk6H^kehPc@q-%PDH z^u^NDD&8p3th|5;xB|~WDJH#>DB-puDFG_<1$i4h10->XK+*&im1yXWP{JNUGaUWg*UO0kSv!UA8v=P|Tupz>rwmdu?TI4r!ADP5vQ{ZD3hEcN=qFs1Q-f!PZ?CDX*G`A=T_qlb# zDe@Do{M5B!HP_ocBoy?G2^j9>v9PO=)r#CK+6WQl-RsKz`aO&uS$vgiUxOKE)pF^Q{pXiqb(cRK z_JtFrraA6!QyLz>^M!m9bMj7eGr}D4PTvdXl~+_yueJCzTeY1IbG|*ctC07G@dBt( zq5?ru6=Z|$Hrsv*eE_ploCMIr7QOHAPj*GwbroPO#B9sMS>(n>Vq8JU|i zTy*C>Obyrh^^QS4J5D84u@@Et^VP>BPXYlgAZbRBiq)ZbCWhMHL@*rwm4S?-v6yNz z@yUVGd;Q!{iIKe;t5q^T{`U>_$Lk-!GS%o1n5eg(=#+RDZ)VM^6-b>(7@90Y?qn+@ z6PaiPmzW^`ItqS(C_NaAdy7fL=^%f3)*(VqkrS|X{##T3?}rQ@=w;2;p88!O6s?jG zGE{(pG?H8lm2=eo&yE~Em)+OMSeb~|{L+Ap$`9B zDB*rOi5G;A{UJ02zu1SzJAOy|aUfQrfF#?8XYXMJGv|}uXFJEs0Im8y7aH@|-k;37 z!d>bEb_!#9=G!pZ?8mGo^zrFqUTfyKnHDIcD*zJKbT_h#gA%{SayeBxnM3!~X|hns z7*x|3Zbu83>yr#w9_J50+EA0gRxAu;b1`5#VHq3Q;Cf|IsMXx?Cc8U~V48vyJE5Jn zf&0gq0|vPXN75)GF%dyp3@mFf=7FCgErnEnSGtrhrrf*h3D&w8?Cu zMc*ii#Q-1dK8R&97|M()5%lVTw9U`8So-t&cM_v!l*VE~>q6X!ufSjear{6Mgb3Wfh8<4eLe)asig7^H(fSy+1iu-xZ_0j`g?(J~OKTipM9{%fgn3o@~ zzNe%F%KS9)6`vn^+Y3O&qilWwk#?r}K=%)Afa7}D7yXXKdQF&`LW4mtY$M%@AVARa ze@g-)q&9LH-|E55Tm@wK_aj}(ISIOOLues-$nN=%t}=B|F-g3!L4hv2HS`8DhcXh) z1@9O+gKY#?wbU6^YSgHrYcEL|JbMUkl_C|&mK{?%N-MTNiUHWcdGzbI+xgb-zRxWi zKFMHV8)72t7Z%F50V2M8NE7;SsDxj?7yB^6hko+s<-sV$*KPz|o=kl97Ql z5ew=uhi`3VBt$GOrRvBko0aH4m3CNY<&L9*>f@SlUaZs`GzkjeRxUV82AHji7PXpI= z_J{}~8Va1_&^UUVU zkymcHLn9Ugsc0SoCWS1hj_+|_2I~tBsyEmb5So@xNY%ZwTx_WRv*NSjt4qd`K-8xlggr|O2 z)hDauviHyk`P~uKU)$OQ6?05jl^9>GTUmkStfOT3Y#a1k*7pgD7}C)cw4ej|(S6Sw z7Z8E>Q6vOAk5cdS#?j|{i2f^R;~!zqH=TDniIwL2hTXAxaw6PT=DW+IjICDI45Q)H zelj5C+39c|ze7_r!F(f$7n8|Z0t21g)#%}?ZBT$st(-YgFs_>Ko%PSxEJOpT#$+Jd zxMlB;n^mA=_0LU8GC`gmdPPOl)$yk-^kacHX=l$XZyh0$I4dMDMra)cdrGsZKY0I{kmtSZ>o04uaqG_WB=lo2!tq;wE4ROeu(fs;|=W#<`8hft+_o?v!Um*My1Pq2TDsY!bV#R2hjgcuNOwv% z(kV!HcOxwgdY9+kbDwk!pWOdibItkH)NOp2vd9&_%$%x=uGDZ!Wm@F67$t_29mc%G z?5zQD!!k+AHg`7D#bRLpaelsRf{r}a;pSFfr1WdopK+!r$pUVdyNdVc17tgJ3-i^c zKhA*X`Is`FaYxAeRt2eLh1b>jhKO(^j+=6Z<-}uqpX-%3Qsm1s1y!8J`Z4^**LSH1 z8*NxYzm`2NCbL#NRni)c8Dz1hPGMHX3_Ctbg3d3;_)X~eg_(Q-CF5idjceaflGS{e zD!1LeLMopJ?plx# znwn%@V>%W<58d+V>In6f<`<}y`XNEc@W0#w9h<)%Br)Min?lT{6OpK7;%(}_7v?~; zK0zDCdEbn{pvkqon+p%$zY#N18v45DdA*==Kv%^Zrd4YRoszlh`!$UO^k7a*L zIw3c&pu5I=L=IHpf^_~5Is(L{o17M-3V^N6+a65N{fXaCZ$0~!K|__xY=~N@;j2O0 zqKS^~Cy<^|<&qNnRy5nJAO)(r*iF$G?Rol;RPk_ouo!9)bSk`k-*AUPmjkh6-;XY6Qh_@_F_YUL?7L)&l?=zyz|c;B+>8Vls~>Pe8F--7m*PmT zjwoM+f@`{r;}5pht9DD!x^>E7x3#jW1=kct&6^{T9<=bC*xou*{4@7Us44b@7W&?%Ht7PO26w;_%x$FCvj(c65JUt zX1#aRAv0e^YvEpMvZ$i@IEAbm4cjokt~2U?GJ^jp z)>&*+M55iayCoobZd;-tF})NkqE;$_xu3VD)#5bA13w8z2tCxmZ&)CG1Jxzrfl})YLC7Y9HvwY)D_Z}ca$-CGsq0M zC|H6M;MRzLseM;~M)F$iAtr;GgXpPK=;Hp$X0gqNZX}gI5Y&s~@RcoIF7O)>QN{_s zLC|S7C%GbG4`XIvwZODK0q-jMZ1Nv2bM7aeD&G`G$)9NMh)09l-T$Efh=?pfZaB1rMmz}O%0r5brXpNo*wOA> z`^xP^kKfT=%Ur1!49#6Jop+I+i`TL#xZQ8*t^Y{R8C8ybLat-OcUW!vkPm765tvkV z%I)KEcbK$PKcN|T+fp5jMusv1A!v8W-!!p2VY`XOgfPI{eyYocIKS6hv?{8UjLtoUmVG_-Fs4EZx8xHl6upW4Y`x1T zRlp33B}F6_Z1p?tj$dgkb_j2L$n9qNcVK+s&sS}#x_r9z{oQR$yVn?96*Fv%7f47& zmZMROPob3Nj81zlLm<=pIw#%}2g4~mE;lMBfWRKcP%gBK)&J$}k=!#C)75J%7Qb$yG7TQGh0I}c;e{=OyOwp@-8 z`5m-W-Uu~W+#uY>dQoZs|JlMfJ}&xbve&N6PY;#9SH_{g!D%dG3{Q^n5-0A*NoLiT z10k)o^UGjx#==nt8wD8j<1B_#J~h}bh>vB7G^PmCe*zJq_|%fem5M4(p~rRQWxe?_ zn1YC}nR%NYdh=_dHJJiuGQIELAA@_HAeYE22`nNxIxZh6=^1)V2EyOG-|9~={{7!i z%7p31co?B!V>wj!ayn0oY_Zyltw1TGKS=|g{)kHx_m&7!YCPEfeAO7q@Pz4~tCfT4 z&s_p7U1@Q7h#_ov<=FGkkjkx}s&36!><^6l#hJ44G>YP2276(RnV$JCAXJ3{d;EyW zInT9fk&InkhWyXXI`I=V$(bB4QKPd4Q7^~K%?a6OHEyQ{_qL&4FimSxo{u|YS%xi? zU!eual2MjUMF(h4TfFRW#?N8FHbI1)qML4g>HPT<7dC5IBS*vigX{GTs>K$c&lN;8 z5qPu5-yYBmU!8mmY4Yg`_M;+u-8F;9`WX|V2(d&&8=e}Mm^)3Ak*wIaSx(u2L=-xR zcx&jZzEK>*)nr$DSDzC5(ePlFYOY?FCFL3G8>5jNx9N6I<_Hp@eVcp`Wk%Zfz1`;l z+UkB@Y|!zNq3s?zs(p{^k?v*vsYf3fd8tQ({(L`rblnBP)v`B3PT+7)v!@h7{64rtOBcsq-1emAe7f$TRAuaC+FwF z2R^7o%CK5{z}-`?#$GpJ++y&7gF#1iGPC-C%{kf($<8Q1ZvKLUe9@vqiGv5d2emcn z*^Egh6yFt5Kk?XE56G76v8D*6z55YAc<}K(?Egng9{BdsA7hFP?NrRNjdo&L&#UxF z$pC2Jk0AkLO||pma}f~1O@g1O7zm#e*>j#Ee1Y*h4|uCDxZ(${%No<6GqOp12Q-bNmwpyhgoUX6SJo1nTT0k9Gc>usSZy zptalo3<$>#7Kg8+_HZ71Sum{vL3azsbcDce#rY>c`iu!@gZSq4$>)BND#wQc z*O)Pt}$16-bwLc@x(pGeQlI=B#8wj|%rES*7@!hE=^Sk*e5d~( zNh%~nU;73*9lty^g_bgn!F=w6c)x)M&8ifTyA*&gH}UIWs^o7){NZRc;t9-XimBY; zU^=0lQO(Z2n7NI_(x&iE$8^MoU-i8eEnoU0rdBwX3%sZW@&;PV`DXX#>!ja&q)#We zz>&C@u&*kjDUiB!Q{6`xaVkbyedRFG@`ty?!{(262H~H36v=QCO>H&w7AwC>qE|v3 z%U?0XI&ZB_#s*^QLtb9qU($S~*>jg7pQbcAGH_&Jn30h1dDw_lm-D&Z+u8o%T6x;i29(rx*SUfX^i85%5MKc{wwu*1gTKi+Q1N0n zFLZ$!Ms{v1IrVwBEC9EjVK|xgh8cgR!;?3&-olAxCO@y{j}g7N#mrx<+oB1w9nJeJ zBFD+-UOe;~PhIUzr15(yb+z|d5)toooH2Fo|2A<^5Mlvmm1qGLNGY<1cyt{X%&92Y zF0ZO)(_>AIXiK?X`oXviE1jfdZQ)vVv;{PCofM>8~>Bj zlM@5OxhzJVn{Hx3dJmY=hC+P+Y`+iYGqlfrFJHo1VE9?TDUeID>pBr-Q45 zujzX`X(;rLl34Xq9hE_q>;AIqXdp%2i%B48i<9wfT|g_LYvymL>cmpxsdHb4`^Lw7 zbwfk0W-9Ax`j%_Y#nD~{F7>2o0M4rnxRwi+qx8;24`guKSD|1!ZkrAS&wNmg5={{m zmH*v-2rW>@X5dK|VLEtJynG1e>csnAY^V)Kqse5f zG_f=yl>p?P%kANS!NT2ACi)0z3}g8x7} zE__bm>S1uMhk{{t%>B>$@cDe2LPC6TcZJZVoG4KOsr5tLOL2!Nq7LlC#hCew*NsRh zqBvep_eogW1iLflh);Bp_H569K>A{% zu7GJEOc3yzZCxD7d`u6)yv2hs>$OHT9M4~|l%hFhB;)AeYLSVtG81s!-hUY+QGMem zx;UfX9Wmj9IE+lz_U(_XW7nZo|6FuY28Vqm6XtEM*^lsmo`pLl(-PGF8;Um*$u*9| zR2YnyXxcA z$bs0Bs_XN1$DB~f)CN3@0NcAcL*GGHBUQ^5=YxQH#TdMgK=@a-s+KA2BL}9>ytG#i zrG0s8&l|Z6NGQ@g96+>;S44$CXJ=+&xfm( z&P{Qbs6m&T)`$|$gu%D}=Lr0rI7)>-DfE4m_Wv-}{mXqFkUa+%J3kI(VZznFRgzXw z8Bt^Dx4M4R(L^8*E={R2pP}c})x? z@z0gpqW_-#fEwlJ14-v|Nu^c#VsB{jN(LBKVfUW%J!-y=sa0 zTSlEGBbY}aihxQYWj^`k{&i89cL>4beivf-Q}G7@c}lDam=F|*W$25#NWD|xJBd@D zdXAX9PwYzW5oAn)pl1x;>}5w4OLv21;4!&9rFZiLcy3so)}yRSOk?tg5F9wBn9v^0u02#Y}Ksb}c}<`kY)4S#S|zm*oV8!G*xUo^D43E3K#OrWHcDTz2E?fBMw z!@o7l0Vf5|uC;kwPFK+G{(CuPxZ;WERmIU{oBM_~e~Wnccns56Fw4BR&j`vut|ayyKVa_k3Rp3-jbe=8(?!WOO4a|4X#(E2RqDzt2CYpRS2(6T7NhAoAdgJ$Y8tp1 z57jlItUR(XA+qqRtse5v5Ye^tYeV0y#LQm(yo-c+yVVE6;!kv?Z|}ZnOy+tNLl0y0 zz4n1F2y3WVH5ZgvyLO(hXmew8(LLkurO>52Wuj|8#~Tk@kRUv$>97UHvcqMD`nisa zQlRGG&v_5a9gJQxmUYOL-t;IZ3R_78u+J8}9{rppfdbKZd=dT zi+Jq#Z%$TmSC3ljLiue)JCpXhRqE`ui&g|iR<616HL5E>QboQPEscdelfK! zOCH+g`~OTz2&W)d9}<=1{^Gk$x$Q!Yleid>g##Z*3&WvPBGz|0mTo7JZ984Az*z}a^HeSe?e~a6a=nC%q*?f7>)g#@d z;a!#Zu#qRrFU3GCCv{SscrUqy#vFkd4;3rT;C2atuQYtv-| zEsC?gvjS|TANe0NX!OviFc2`uF9PePe;x_%N-~Ug$J0nksA1*?oSD33hE$U2Wq0ea zC&~r=z}^-)!W1w! zg`gm+fpj~tn&R@+6hNv97Hz9vzqCtnA83i2;%z7x9)|AjW3f_MdnpX<{E-4iC75#p`XE*y`6i=J5z=yI*Jbdc@GW9zWqoRTNvJMj~#$uj5h+I+|P--gXk4X~tfDse(o zm&Te5xQv*9>X?QFuC%f}83j>rA=W-z*>xaHKX~{iNosAOzyyqaPg&&g#U>A&U zYx4CEOUTPW9&ji~ijeJ#z|8|jA}mdwS`IjhXwe1Ef?jf0jv+QZ^*ZZ`>58LQ`Ae2x z$8PdIVhIC?x}Vy<`p}+W**pk>u(A0}^BoAN34j@u3rN?#Q4E`?KHEoObU_+2`GIu(~v0X7yYjNvhS5z zU-#(yIL4c?@Du_@3M!`gO`9-(5lBT;0m*pKk6Qb%qg`z>k<6kCF;LG&h;;DO(gq;c z0l>wvP_z;U%-|)+L54n?TPODkR$zVfO=b!n-+J4RU-B#vyOT*#dqnW?!bfz1OlP?K zaBN++Axv`rB#7zTp-bzziVW+RKfGUy&bNN6-tZeqb%v3}@OiQh7a+W_8b}Y&O(Lyl zLUxdow_j^!nb~V=a|jFOMYQZ`sjss;!V_>e5?N{cAT2B9y;7|5FBjK|iV;>xQ2-p1 z!{(9pEA3^%f3Rp2L^+7H;cHGijc07$4dDzjNM5|-J=zZZ|G_B3xGl|)zzSaELLlwZ zNb=I*R|y)AmjXUVufLQR$w_|#oiZG~B%y5SEb>6aIC$-+3gkcU1FWE1e+0Lr?h|+? ztwBhAU*ukMg#EIG4W!A!I|zcgosUafae_Q2E1%4q17@p)0)IABbZ>8OOCS*7{`lzr zRtk(UB`P`M{qI`GAn+(~3$^As6FrD!W@Cm;DXYHYOrJ^-SE$cazlKfgBX2SX>;wb?-&aukZkYBQ^Vxs(}$#t~{KZr81%M z)h8_(hu>-4M|1Mq*6hU5E_lbBPadCFJFX)E{3*h*%|G8J))=;1DC=RA#_uH+>~Xp|y+e49kY2#C8nmg=XLcE8aq*-#Z^&C=Ns>Q4`idv?X$pHq z)gX_mcY6ScoO~X`{rZ=zU(MD4`uz=ero$qK%UysO3LaWUlLoZe zAfW0Zt?c*Tts3K_WdY-`ZVoAYvYC2c+c5)SRK5q*m>V%$Dj(GrTw*3~I(`J579(A$ z>+zx_&_@@7fMG;(Ln03UAKgIz_M;=}B^NYLD!Lf_I}Vl93sdN-1$@ABSd9I;py|_} zSZL_Uh2O=+c7f2bO|QI|#@|}sgu*y{v(J`SoYA}Tt#s`kGkF{*ZW@n;uq5ugF2lo_ zoQ858`U%*EJvM{f5-#(p2~)alj<|7@?H}?YGrvDY;Ij~uw_%-Mmw!nlTnRzOotF8` ztSg(=Xjk-^&5&WCuZ=82F1&rFSToq^DXwR;)}*I@8-I*ya#`7#ni^+8$~{fskyrI%IOv}u1G8XNgqs%R+Ef{^}M6W zb2Lz^=R^Ij@w^^3m{xpuPd_ZQ|I}2YiNMa>?0X^2_T2yQfq>RWP+GsihG{TOm{W`c zqqOX0yi}rn4qGi0ME}P^3|qFC#xj5_Ri>vl^0^L>c_okvf`r>+8BG7(m+VGV=R%aDL!@;U)EQkREc#g726R!HY1b%)NgVy0+2&kHL@kz zf|(t9I-^*3&;;C>*+ou|^iUr*;L_E@%WO0&O`xT)3R)Q`Z>nKkIYJ7w>xy@)S!hPT zu;3^w6N@MTB_r-B%?%{d(tsfB_2PZB%ZC2p@#`r9GQ(F=&hAW|UyryuWt$X9-MC1bX za*YzGjGsH`^0d1HHH^ z;1+pCgWd#4DI?iEjL}sczsFHbR~m|>&GZ~E0kbsKU}%33#fpXLQ|l=)T*@+|VSDRi z;KeWq5rVM3IK3<5USuRG?Pzk9iXspL*%*oNGt6&onaCFzW5H;CO%4NBJWDC<>fPnv zke(eR_MJ$?gYkIDH!M@ohq2ZKtHr7BV!B*jTGsRNcH(CRcZ`bXaM}Z6nMUW1bXtr) z1pbXY!o_;}T_kn**_hJtGwQds_JQP5zp3;*QyA#Tn@I(|C4TP=eF?n(_0#%Oda*`p z-F6Gg)9qSoaNXHj!8Vi3fz&ew=bl2A3pS6M{OPOM81*_wF@4TrcfdqUodxh&4hnnU z(#yt2Y)%J;#_l&bx|ztHV{4Zid=q0Slpk=#L#mb;uU#V-aK0^8NPFeRn#ybSHFXTS zK553b*kndDQ>^oaGhdl5;U`A^ltC^r1{Cqvfoy?XicG&RDv|6Tu+kgvSvnR{l1^M$ z^zPx&?pnbQtH*q+QYL&;pSg;)?6oD=+=YPoH1Q^n3Bs^3l5fAVL8w&SL_EBJGCd}n zVZCPjYhRmbQ8&E>q?4oF68BIjq@fP?TzzP@`R5tc z9O<9&+BKBcZN4R-!f3%5M zL4|#PZKCYRJdvz;-7lCXKFc`qre}ni>&g3^g|uyEff^Zbo`D=djW^x0c!mbcGj3_} zNfQh~EO@aF1{kgau0LhC%!ji zttLajB|cDw zHGcF7NB(r#jWFiEVpGrgaMwffd`kD@1x=ihDf}`K>~RyWPU>*CUZ{`|dvYEN$_H#A z&#N5XV}bG2m2dl9J)wy_y1ZTysA^VG1OlF{aLg!dyyjTN zhGHc9UUHgK4%6hzrX?fev&wzpG)p!+bHS#j=jZq@Y9z`|b=G!9P&|(kZ4`-BWJ@OO z$^6{53cWH&j3zNtz$=qfgk$6txDub_aEz1GpX>f#ocjW?!5F^dV#{CK~dEa|zTKpD%Cc7eHkf6BQ`WS@lZXX{j0(Ejh zS0Lh#!SJu$Pt`ona(LLq8822_Tp|yrOWt%mUZ5yu2qcZ4#GTaE3p=(RVaUW&hday8 z=L8ba<0M#v#`Du0#&^4h7joU8hQ<2=MS9YB%b&5xiX2Ks;i=Y>iwHxhp?!^~w(+-fm2ZY-#()V=coq*o9_6IZv{lcgT7 zqM}YNV<09gKZoj%X1w-trm$CxPW`FE6kRlmsDe+~`)YG_IU(0g98?kx0Z~I1O-jm~ z!o>nFhx^(OUZq+^$*C{SBc8O&OI4z4S~0fv&#|}nEPl87U)atv7s6W6bkvZ%dS6=l z^M%Q z6Hd6$LmOZGS(W8?mkRKt!fvPxxNWhNt%y-%BAJs#%534;L*ler6wgeoYt2XU;TXRc zCVzF>8G?^}rGnPiGzCZ>GtRiTpVr>KAp>DC$^e@v?A>fb^XcujV21B=^8j{htLb7@ zCl1bOotxt&I(+`XxKyD2CKUE=vdyYJ?t~{$e_N(udNVX?@^bpIc`EoZ_eXYvs%)$z z+9p>@cjSZx^XuLtVuK9~*J#p4D7M4jc9su=9g89omu*9Zr{77Gml;}DTmcNLCaU#> zB8Qvq15tjMZ@k9(tg0<{fFJdjihGB=&bK9c3^85^3~~s1FDc3cN<K@WDCUnJ!KPB+&nR!?3ewTK$z&z~Cs_dY9VI~v6<%ud3XekOqdQ-3G(c@s z^CV_Y5Nrs7B;r_e)~!Zdk5{ELUe_g2OVLF0@MvMMzkZz1FN#Ap8x?!5(iekq{}7SB-U$b(u} zetZ_3dc(9+)xx6s6;f|Kp`QHV_oL)un}dkmVvWAA*Tn9`9|eqxmJ@m6I3(k~kKe!O zBO%P6ESHn@+H3!@Ac55ygrTHYH!>#gaI;*J$I~!2NzYQGYZ?LxF2$ z2+?A0JYCLlwwl_X))9-6dioQU74#1F#ZUu*sLE&pxQ55C-KL6t`^&BZ>K0neKHS%T z6pEmRz@w81<$`K7S-#}mx(caUq6$8nzF2kNw(8{?;Xyp& zjZ0peInXr7od;vJ(p+L9uNi1nl!iKvyt-|!Xc>bY6YG>Qx!h~yUxuYBn(6d#Y0?}0 z4spkVTYM1pLf5_HL9**2^tz?MO{{k$bO1y>`Wd^UEj?v6>PvR@kXr>|KnrI}8b|DwStKfg6$0=S} z5x)Icpc^Zq8bXap{Zd1(2Fj?RS3$d=?sf{(7>nun2EJ*?L18u_G z>*wX3@~`#ZfiR5aMM31!vG%@`frvK@?e4Q9sY0J8Bl?yy?JETE=PC>eCi0}lM@g2R ziNe)SASD!P_a2R;%~{_A4TAWm@l{VKGMkrF;61}`mr}$HZXd|=l-Oa?Hn`2pueKnX ztswGZ-{Ah=HSUTO9VVCvZfy8m6F(>JA(;7mBdN{`sv6>K#gI-w%|t4ZGzFjsxf&+M zFuK+Hi`{z)_t(7zK-l(QI>D9PkD|Sk+0u5PQ|>ZuOZiEkfoY@#w~BP6>vpl8y@4^-3%v}OzonVsg+U$L-TAx86n-yDc#)6ik(a0BatOEO!4ShJaM zSkuPw*jW69ZvlLBJ;*SaM5WYA2RPy=Ifh>%qn>U^;**elZcH3<-x#>+@>i-DTdl!5 zPyi}f&HmXv`kwA6<}jFCu2)VqjXRtbD}_pw&uF{pHlMu7t~a06;m9C5@rBDQKipJW zmXqRpq{>WC*A?RONGuVT_()(Wst!|1a3dFY_sB-m@-=xP|9R1R;97l107i>* zALIFwCFNZJq%;ny@38_?)G?q4&04cui-Yyq=2yALj(VFe!N%Dyr`}tw1dI=>`HsA!~dP%gdiMFWUguKWB zRMua;Fbl3u^p5Fr9*}WepdWDb2Rt9>zpB^-^>pe<3`-ZqAI(zRdlp|LBj$@rD%U5U_<~(ZuLNqw<6z`ZR;EQ&`QvkOoOU9ILsy5B z@FvI>npR+r($E_T{Ju~p`{v%^lGjDJAKEPAyLtP*#pfZ}dl!!t8U!9xTL!DJ{^kq4 z?2Qk4dp&>b&t3mxeFfmpo=6E8a7m@D)lu&^BO^bz z?uVot1sV@$doRRqwvF%$haY*4()^El45ERr+oY{o8=_7?#ptGHxZ07QlEZ!eSshQ) znsMOg0w7g{U=Hd)*JG_Isi+WrhVGZ|wB8AOzkxXS)%+#5Wt{VZ`PU*q`9mq-v9SOO zlK1E7)b|(2w%~b5D=JFrPsG>v`{~B;ug|T9sgXR_9&8Y*Aw*~#%@R>2Usd|TDM{j9 zBPHYFlI4QBo#7AxV-S>+7$Bk-`IpxNS@H53DV>B3zzf%HSo3bMSS%3X*AKQ1jPDh; zQGQeq%R$HQ==i4;#@bI!9!qHTjPxI42sl+V9N{@?-ks-)zrAFATCOTdMf1PJXG1dC zRpVjV%ohDC;eywA4FcMoNwTEB2J|{yw?9KX*e>BZe7_tjvdzvE-A&UvA^MKwTFW^Dkv zFn(*Xi`X8t>=vOqXvDMIKfEHkAXx6V7)%eZD}BiU)C6G&P*?>pwg>jrbWX$JOx5%h$DK zo~_0`2rYE#H+vE=#ss}marv+)~32&7H{)<6-Jw8gHS%?p&`jFe$K_|IjFz>L?8 z;*Sn&hN|(>Ky9o5a%$-?v@>`T!`rQAPSaTuE?0RjSab;e)BKaQ=5O75V~GamG~iZkd9bQyZN-@}G7&KTG7hl%y&NYpErwXQy z>KQ;{S%g(!uR5Ch{L%^#F2BUNT%Tdtr@0;%tL?E`FUFw(1rYtQL7j@=W#|h{*B!hd zlVKG7CP#xS(p%t?(rLG4a5-94`+Qw)zC5z1jl#(XRi3jKa&}>Oecns#CoVUWNw(8e zZl~R5Z)@B=@ITpBJ1U$`@O!h5L%1v+Pxq+D%U+@^jGt576q2c{L3jBt)l5!}IX+60 zV-R)v++0a%4?(lli}V#1ZN0q}u@y&HrWBKYOC8~JT=hIc1hnoICBQmZb^5_7eM@`> z>j+2(>kNp|<}+;czpe(Ln;Mjj0N$GMYSRJdgDSXdUu+`%d z3XDHH^)|BQbDA%`qcCra-@iiVW`4qZjwq+nub#;UBpy?k(E6+B4EDE*MZH@BYit)b zcA5S`;ilT#jz4c@QvuE$oyDyoEz@_7Ao7P=&p8!oCHZ^s&QKyHh6L_2Ve%4dI{eX$ zSJ;Xo-jCVTGX-M#yvh+cgC(*(2-Z6CunMW4*|emDoS#A(e8ZyHcN6b%23#M;solzJtkwlSJ zHt=x`uQBwGqJRA&OiOWcVOXEkK!)wIJG`VRT}-MwTB5`gv+D}FDD}@gosW`?G9zoZD1}3zOD&-Ct)Ip-`OdHt416&iH%jz ztCxl{dTm>9=Y`Yj4j#DM)#I7GG|+Z(nr(DT?tez;0Cv5WsaPJHL34xVO-a;`B{r(E z8V87p-*oG3@%-XSi3ePd@TSCPLGE?wM6&v~y^$xfkxU*cfSe2lN!EA;L%J|IUghwZ zz6B<~LM4(#SmeKpRDON>ms;1nIzwh*!+KYt<5f4mNy}F3 zV;sh2DX%}Pf(Vw13^TY_mPgT;JwHbfPQ9*mz_tF_7drLtGtUe+krx^4{`*>Uc&oYl z%%|YLh|u5V9xU+=DZ6u1be|io z<_*#@SY)AIyE~eptCXotxwF#YoAvwth)wo7Xfue)?i@P;EDdx~J9-1tOBN^Nb#+(} zIUtHh%Mz7LEsLd}s4AHc7G$UwMtzaVm;c$3KqHUGzX5APVGt)O^P)mnw=`>O85@=! zHjo&V^H&OoDLn{vaOJ_ljsc*3t+N;(FvA?2j8{aZ(+^V_smsk^(FI}?OWt9*;DB+t z$g_0%oBKfo%(mLj{58q9q-+(|TREaeTa6nOd`8g%c|5Hfmgl9K732tex`$|1OZmiA zbuyGC?g;s~63Tsbhs8RN2CeQT)JRn$i4<*mFEH2rXyL}z6m=U)IDiU5iQb@_r`2SS zO%EF2ghFXQ*8a>TqMT%@eiqZ@(^<`&hS+Qd)8)Eh9)gHGt|m{noM>57I5nM8WsWvEb_*Jb!1v%t zkm82I$$?9X0MIwn_n*qIk{5ipK_u8T;84gLfBYu=#qf6(c`IXU{$C`C(i-Gmlz;_6 zPSyB$)IFCV+vxo^pE{WCH8i+=7{r!zYu<$`@@OZ9oL7So3^hUJhq?*0`PgIE}+YPQ6S^MJ?*mX`L0{1p&Du?4GTm>>;;tQ42a^)?U<-d*p z+78EVsY6D3_Nm<0K@1W7r&cUzU}EKxczyQ_@yAG5jITf}n|h;?qIm19=waVuwDsly z(%8(Wp3uqpjsXmHgE!rJF0A9THzq${^y-?eqMQn2(<$fi+AWnuexQtC-l*t(v-botkv2r?~ZV4s=l zZ2boF98%zu&gIor!SAPsslT$C2y!qa;s$ayB3S|LL7l9bE|?)J`~9~)=d$BN!h^F3 zWU5vAAQi%h1uW^aLKvMW{NG1zzp)~)a+K6N?Z^cTMY8nNqw*L(8atJN#0O}`oF?gC zSpW7+RaqenLwH@{6#}c+$0!_rEPn;0D;NvZj&BhRtSd=Awpx`dqNa4Ih?`vb%F-$m zw##3W6kLDy%Dxv7Opxf(-MrCJo$T!r5vZdn4h$e@7RNYdHMqdCA0b65$fZu?lI9iD zW)TZUhNt${rThd`I+2HSWpAve@}(vw*{#m6+wR`HmH&Bld8HOV@gX{mOCki_qW}7L zAfnS55!pcU3m1h{fxuRWRVe!2V1_*70xfW2oUHkhZ%M~ykjs|h2IU^2o~Cg-ZxaZB znIx4?f00}Ls|T=<3*twg%IU$`;`tO}dqne|6rc|2d}g%M$qX9t*?u~P z#d{SxwV7z70?bFz{I`D&@mkTwD3uX#m`c5}~{s=o9sZ}}sRmV(S z0s-KUG)t?kE@_@Oe3BUEUUG=sWRxqZ%Jp5MyPhXsn&E%Pd7JF=b4Yq9eo}(A z$$jb0$t>rQtrs)wB@Z!8nBB*$x*0$BZhbaeP)Fj^JwZl$Nk3A2sZfa9G+@(I0ZQ>x zmUNq21<`IIH`v*MY|UlxpOfDzO z3#GZ<7^V60-6OR%RYN+$aUrR%9F#(Xyv*XXTU?Lj0NU|MLL-VJIPnJA<`~89ob}cl zl|v>oToPVoNQoJ;zj(uD$Ja~PgUbO&8q!&j@j5@!rC@7d_RVTr$(kCSwqS?y4 zhGPL0ff09+m=3J9v!mHme20K({`VK^a_b!`xT|ABNtL4H(V8XN2D;Q4m}4sgv7{wd zpV@SCV=Vl(`QObu-j~=5eL<9%OXv5E+c?qxCexkYPzC5k=s6b63_S~jsyw9c@|m6H z&ua4*w6SM3JYFZ>=lZuKxZgkPGABNfC#+zU7BQ$5#$WOrFV#)%NQ*pN6N&zfgF(pv ziYiJx0+Bors0D2l`IF64rZvcU{c}OmX7;H_orqZ%7=O4yEPlzwBYpI9(mbgbc_1oA zH3EkLf}GE!#heHHx%9F@juIbvzQV8C^dsa+M^;Fb>1xg7;nBnKjYatUzIcm-(1IE{ zru2?z^?^~6w(-aS5M zNuptQU;C?VEWzX{eS5KzLJChoU#`PhhwiJQP;ch*a6N;`!`^ACP8|7?tFWB%D=A8h zux@!2y88<_Km#X4FpwL8xm+Jh-R*c0*YbhmE~I1l3zr%Iit;I|3pAGe@p_TOdEh>N zGq>8@XyG)%3iFL;>- z*MKD3PQW>bBJf@{Q;)yE>+&y$A@}koiCVm`|4|N;C-v^-ukY(pD6Gq|S%M%fxXJyC zRLo0hU)K|IO`B9hwruB?(@u)i4of8cW@`h{Pi)HeVlhv$yX9I%cz-9J5DxY=i%z2h zYtnpW$sI8(y#i#jr0kXq9*a!sDoVIL<9WlUV}p5EsP%cSqy!QA(1j?%$(i&kMy-ZA zYFkpFj{&Y>msYljSY#LyV?b;q%QNXk_~`i6?M8$}Y1IOQ+AOvmMwN-0N%dQDRg%Dx4cxXQo9&=reeepTq$ECuM!l;t^iG~KX zhW}G9g0Git2_(iM3^PYmGpyFB^c|hRBGP7Ei)>Qe*0BfF@t?LB_L*C2z}9C%39#up zAA~c>QRYXz*e2_L2UOvtGK>Rgr+BOp8$1?3cmq;oq$>c?Rbn84gFE@+CFgi=I5yI% zjS=~YiC7&~rhAlP=S`#Ld7nG+LvazfvGH-K+TM+#gIE6ARUyHC-)(FZen35l@%i9V zT>|~-Tmx~mPJMEN0{kj`uGcltd>>195$M9w)*B$qZyzfcc`;c2ynMw0LvaOwN9WC3 z4jvLX0z*O`CqBh2eqH*=>yKkrIQGbw=<6gFStL!JJ^)LBPWxkYQA*uW-~PLT%b4(aaRbW4gL zphyWwBc0OSut_PUQE3p6?rxCo(r@7zQE@V&L*oV~y;^ncNDQGQ7vTImRC z*RvSWMgP}fvDBGQLXORtGlx-CV_@U#e~u2nTBt3GnnseSHgKN-%vg?I1 zS9FIggP5oUljbk_CgEX`fKISI+QIi8te&~N?FL4UT?Okg;QUdTT2Ip6$kE2QvT-2tt~lAfyZ;Sqw;PZF;tz;dqK`m+nZNbQnmH7amU^(He+)PU5@Rv+-3}I&!LpAF zS*}djPfQB%oM`P(eU2k% z+w8xlF)$*^G9kUMbKI3&x1X!VBxKPFW7e*aopVc3T+zrW*PXc|kH8oHVo2XxYglGl zUy}j}Et2~#YXm>hDKQ^gg1?)}ayDvHQr#7P6B-?xb{morpHRkFJOS4UT)izbV+s}} zz#!jl9syI>iioD)u8Es$#^v3v`}1I!uUvL8hi|)7L~kx($`vaIwgXi=oQnF0)uKA)SSaT8W!4@w z#rBXgV@Zi`H*~KkkM5vtOhuQs{BLdL6>uj2)0&DZ*~HYu^-4z%LXb8cqd^Oa>}b>G z*v9HpbxEomSZQmyw)zhBSFl`U04aY&WPCbO79c!Zsz35WGrnP^Z|aamHtHHQETMq4YHc@@w%`DJaBC`-ZEp4}9o?6agg(-E87x2%91CLoaBqMmUFTeg zzJk_>wSgU05IR^+mGuYMuAQry@GO3pf_bWQHQzU(2#I6K=dG$F zwRZo6m(R&1*@S;esrROV7g4ZAZ3CIyw|(5_K0nK&`QFdER8vighy`}9-L|S%Q81fJ z&QZtm0t-M+R6ItBl1v}0P-j95yz!0iZ1ACQwXk$YqmD=xQBq7Y11r{NVUXWErVBSI3G(>2?SS*9agJREvFr-Lnr>#Z zOW|`=4xd?u9}&w5uXvag;|peONhk3%voQ$`DjI7j92(!Qriean^SL+lQuz3H?sJwQ zzmwAb+?S#bsW=lZ_jbnwH@mN5Vwbj?k*~(Tx~szjyf?y=>E`Ul-lY8Nr1-{z8_K%L zLU7Bt$wbcA@)FGZr9=BtuAXUjdRt5=Z6LF%IM;a({ogiK;5TAxjp2424-WL7U=~7{ zGhS(86fy`LnA@PQZF+7mOrrfgDDFg9`)Ld_C9On3uzE=VRQ`2_> z`eTqzvjGxRKxSSED1o{h((w?_6;uKsa*-&wMEHanBwUq00m`NjmeIslq=^loUM>|w z%T-d_m4wnM#s_ikpy(t6C$`=qeJheio~HC>mQz#uzxD_A!d+WBkeQ;(+q-6rBG08VMGNTFD% zQdwjPz0++VRHYW<9>hK-t=$Yo{BZx`v#9D=8*wD5SV}knbICxF!;{CI5yZ*e(PRwJ zG#l67Dx{-j?xYc6phK&xeYCbf(SskSPH&E1Zz`sLyYUOId81dw=Z$6qh7wIx zRhs#zlCt9zfj?})NxrYRt3igt{Q1Q-Sh;w|*j}jeh65x_NT1^nC?>NR$pO)WRt5GQ zyn3>rr_l*xva>)#`u0URnVtWgMGY360o%cL^V{6Im>6t;Sqo>@t1OTI^qS}=8nW#2 z_tRy)W6U~SNrgAEptzcKdh~ma%Q4F8HP~yGUEZH_w_93j_p17c`|aw(z-D{cHP%=P zWHn(6@yF+O)C=N+o$NHX&c88~gAjDaDzZoYpU~VLc<%ttfF6*c-9#w zn>(?Mb^Kw@`84d^`gS|qu6|d6-C-eZLP>*N2r(5_oiG1*V7VjY=2%qbF_}ovXu$-B z3}D!0#wV(wqqyp$9{c3f12&8TUKRi2&R>uBXMX`SO#R6C@|4`}pQOR`l6VsPn|v*_ z-Ctj#$PQmiMC9^pA?-h>38EkfjJIvRcxnrTxA9tcvue(Q&?7f|J-pb6WJad7Q1~rAf z&mixYnksCnjN2kp)WdTR{%^7RDhW#R(jxL*MbfOzpV_Z2yaYWH752JC(gKpN{nNI< zGS%w~GG=l?=k?f5bxWxR#@m$;%E%G_14}$>;AFGN=}uoBB0qQ+iJBN?H&HqQ+@}-L zDF~cjh{GwjP^1bAdp=_})j({6^C< zRGL46?0RyGNSNaPxDP4RpoMW7CH=IckVn=a*&oYKmz9;nQ7O}@RKWZz5C|;X1UccR zCVw@;!mBO27|wDpV)({gG@SS8667hxxzrg-&>kTwz9y9E`+)X%Cwh7207OPGlUgjXJ-**SRN0( zraiFS1e`MBeS*mH4?o3U8%531Hpn-z!Q@IrG2u>|#() zmu1nd(s8SBB&0b8`;whOiSLmRlo+U%hcbky{Z3d8((kTMeoc>bz}1H<5rtE)2pQTIdAsL!C`5HUnM=**L|bQk-njcAo+6`Zf4k4i1z2VT=gL+3R1eMi$b_P<8KHFpF!FHBajAq*(xKUbE+!ubA3f-@bW;js4ss#BH4O zpcV*k%wVJf5OL~ks4I8Zr)9VLyiv0KlP$kX(D$JP9Htq6uD2+kj&!6v+TUGjZ>Q^K z?vW5O0ZeW%jPwT~dBrlP{3JL>KHF(1kng{EBVzt8Im z*BUge#~n}2BZ}@Fv+zfqHBgM@sSoN3M7z++y?ejC)l?4$O00Iip>-)0QJB+Wou-~H zeAJpT*=D6bZK7;E_?OdC>qMceO^?nNl7q&P)N|SXgz31VlWnKmyAKu*02bb~lZuMO$PSfujE7Ou2miscX}RLwWL%cofXPkuq5Jz~Ro(vgp&FGKWNwej?Ya2WMl@eD2LU1ft)ZNp4Zka=0VN>|VbfpQ^ zSCY?KLLnVHNL>Es#0R&6M;SfuaQ%!*0TOvYT;;VSx(&Eh{oSBDN5rC@F7SC+t&M7? z{ecALGK3;Z;+#2g`$w1Zy6ZU^b@|gExt?9<$#Pzoa^b9HU5Vx^iKQ&&ozaqZ*M3o$9Q#}o`snjb9;ryQwBRe#U0qTpqC3`ah2dbH}O)pbGng z{L%}oHrkFiN*i5=oN0svH+yvD1eKCR-#aZzHAeV6dNMAKFas*BL!uODW99#_0QMoT zh<(3c$@EnEy2Sd)73UKol|oM#VFVsJ zQqA!qj3-<|!Bl{%XH~r#H@~NJ%AH9vtviS`eTz1SekfM}V`T8ut6TI1q>T+})@v^< zW=}ya^w31j>+jyu0GEfCwjpIyBmmzoYnkE_%zIqxjQ}1p$Nr*q*j!z(_ zMI_;?B`3}#6ha+kQ>TDg#7Js$#M&?3%GOv zAhm)aeoI?bE`vR_KDP%Lga?U?`{YtDlThl%F+j%zfja`;3}l_swkb~ zQJ`>y3;LDM)F^Vh{`F~{*h8{1ENQhHG^u*x@Wj>p7>l=E-*dgk3a!P?uf*U>#YyZ?(vz>$`?6}h-2I6JI=Ic)Z; zn@xBeMGD7(spxo`*y8C*_fr3havgLbw41wP!lS4|_(A|`y_+K$SkTYG za3;Zu{gZPV>i$tfz;U9K5YXpYKeKv^5KtlL3~P4$$*Ujun+Q>{OrEW`lbjQ%EWEBQ z9w|C!L03wttSk7jPhdQLxjPv=TkoiNzB^u{sGzeOefxnNeo^u}kWt9zCluZd?`-w@ zn^gpK7IA^sN?ilmc`(9K*o+cii9-+j!?Ku=R4G%;^&nNi4-8y1&XjC^RlDn#5wWG? zMhzN>yK`kv>ItVwv(uHxtT87hfPY;fkC}jFpT2txQ`(=OQ}-J(9yr zEW&^Kut3UgQ-w4^nxa|<3Rki;ab56xV+^L7px_d9-DGv$9?k66t(3H8)-BE}WPv@E zd_%#%>$Eeve;DgMnAiCRGZX{@UR9*-zeUK_WMp&4ud4 zA3mOQ`Hq)wN&>sF>DNLMq=TIqpotkkd0qbraSt@M6BCj6*7g0rY#8X(Dc0469g0-pHX>udL= zpvNEoA528cxi4WXLbCvWeepzx3vDZku0bMQmU2 z=w>`Lnr&XXQX|UPU#=lVRF_`9oOED(Yq6K5|0~;!>`n=vK~-}LJLj9=p6@9m=)LUR zt8H^l(wBBdgHMGlsPROI7DwuWwC{8+somr9Y}EO5%5;kH=#~3V4wf!+E#+f06H6z? zPjC_5k0~githnr+r8@ibj=o^E>pj9{W^!7XmW3iy==2-rsn;pQoo3x%5r%lE{HxsM~n6#nGW3V2xRp%u!uQdeRd9= z{bFBr`Zx#~^j{@W{E&DCRnTxb$UGHtEy4?U@kHDQ>D)&ne$}Tlqg(6P2eTefi=szY zWijEt?P5~0^pUQ>fO!p<=BlcnXyW!7#bHEX zF@Mr=x&R~2e5lf}@B}dncd6(lpcMWGNO~c+%(Bx%*G{|7m@SyePXMSnZ(aful6Dy~ zepT=d`TV32%_}4s#$O=AUM_y2F2@kltjR@DG)OTF>?SE*+5tP7&RRVp*0*oLf`95R zd@m}IIm7cX#dlgSaSV~D$768{E=>!eG*qGCyoC{uWHmJ;AwDvl0W?&tmo%zEh*Ewy zN(xAHE>g*V+MU>&XPS+jlh;R=0{eyz)b1UfoZL6l4>PT&gh|%jot?u+-EbTvdqZOk z_Nw?2F}-%*xMc6cwMGjZArhk>`;S3ojy|=~8~5gkLs~*KeCrAS>l}8IrX%LR@egQS z9^whEjZg33_=q?x3j@tv5uB+cy%ICdLr&tgH+G4P6W=#(?r-Btal0WJClG&LP_XkGn-X%fi|%uzn)xdti$`6^KZ#IcQA%Y;Qsj;+v3+mwI?S30 z`gH8wg|PuQN>+;tfi3f`?YSGn8}sl{QtC82gfGI6;}8^B1*wnbSFZsAw?*s|e%5GG zU6h2>Cs?hOXP6QpH{79?2V0izy#468X%5)p3JZf5&!C(I{xyxYuf{5!*TQAbUDIi> zQp1Bt@J2_O4T5#u2B@dJ*O#*gj;YTtp3LGAJFjNCuo4*u!xC&$T1!<4*F&U1< zN}0ZYcVM}(t^-mXoT~_1>`DR`@95xm!F_2bq5!xNE1S(8KYCOMUiD1E<4Tf<&n#Jq zq7ah3${!fUzW3+E8|!^lDOjc-{1RJYiVPY zRt^%35a0Y+$gCq;Cv9hx6qaqKex>{DGnxA8B}V5k(Ed+W|CCs2m_~cEclfaSj{FfY_`NQdF zD?QoF+)kv##I4V1af#6=L6dyCg?xTm$zJIx(iSH&?=Js=2pP4tSo}$j$&&hA^ycvG zfDJyi2a?X{)48vE_rGrp-9O->kH7xlO=AKTuA#78+np>^FMPE4m-8zaovB*l*)8VL zpYJa8{3daWUvtGTjQfb((9NP-+DSpYl!xwZ@|VxopT-fJ=M?foYZd%OBUxDl&h<9+OWW;!Jo;zoTb{LXiUesBkbL zyjAadEuvoHnrM2&nAV!}NCHHrGr)N&8q|_)UgQn1_Mjk2O5or?ApQ`EZx%vH#ELSy zcw>#d+M8TsDsk7tJ&r%-Z1LIHi)6Mmzo%m0zEDam@JaLm@@mmdrj zNt@Ed0|z3bjrDwmoPqh`aLLJa6=h4Jv&^hrjFeChmy*wp06;AJ^mWQtWv3US3jGnD z5WjQDUK>U2`{arH4a2Pj9fOw>xf54u*RuFh@mm``OpxC{jV` z@Q{E%GT%U4tuRnbK7njk(v8oiag^J#8%w**SkSXk&Xtf^=ZzjmmA%KZNiE>|X^has zu~*lv^|?MFa!Y;uHrxDa!C|sMGoi>+w~TBfg`AW6Na^+qV7`4YtnsF2GippDo-vL< zdZg{pDk6H7c3hNP=5@@YfH>RmzAWqUl!{WVPD`FXPl+8#7}f0CnIaX)>Pg-wZZGBv zA_yJ@qJ4q3ch698w^|={Q&JPrK=0*JZ!K|U^(;2N;+iENAUplOMW%?u#E0=%dxQm4 zis(Qlt`b<@YoQ`hsV=vw^WZQ`5>#8KbOLSs5`BFT5gD~Jr3J{O>jwvwi)`wgk{y~K ztDiFZN$x1|0Q6VZ3-0q=kQ2oV5~mAyn}Cq<;8d!!(gqYjq!A)haZdPzpU$p?RIoXs zE8r@DS--NUrx&e;5el^~PYbc-NHLq#ZUU3mPa;)43mD2`nfX)-BO_Op44jaU~qoK(EOcmqs@MMPfqo2Ug?}Y^}fYmhB|+ zTS&w3t{y5gseNIFj#i((8p67FJ&%Rn3Hg;CJ7I^Gb2=T8wb)vsn6!}>g%$zTKR2!3 zZl|ze7B$$V9`04O zjbp#E(%t`N&R|8RW2Jm_SVLQ3Sv>UkmQ|uH^Q7a_^HhxTl&QkBUI`wd3x_2-Z}sJ8 z(Mw4MB;IUC@6Q3Wov$ms_HwP`n$5ZQ$$sbItBxC2rLJ1CPoaDrcd_}qBmJF3YyA0Q zSFxxUhc89SSHr)}TsrI?DfKXJy`d5`70`WR_dN6vRZ8t*G_+Adbt@t`q`Hf|5Gh9%-(>4vU^K+a7=4Z zz-G|yfNAs>K^Vrvi%$i8j)Tbh@w*dQH^Q6t?#ZmiFwn?rX&j-n(zB)WbDw6FWXFbr zZ~Nz%h{eMBoUyTDE}EXSsR);N*m7Lo+L9OlbCsWl!1;K{9%}Iep_8v9T?&PUoldnx zR-*6hdtgbw8-S2*`ui;yx^g)lztD;{V>j2(tkA7Un?XQNU~yjWl?13wI9X^|HK$lu z2(3yJ1P!e$?2)>Uxvcot*J0Wv9Wsi>tkgH;$!-c+<5380_+SXFjrhp|>_6x%@vU`c z^FfYUL&~J}0aP6hj49d;Z~CeC4fZ~fE4M;DYWJ8SEk8|d_zFG`=;`Zh(#!I8xnc@j zB#-XRH-LZ^frPciG`V8+2KqfO~o^N)~X6Jmh zvbf+C{$|;DKFp+6?rBOlUp{GNYJ!zV+iZ<%`rnihk!ni8&eE4ZObuI5-j@lOqOZqM?C9{f&^Px1MS;@BU2;mNWBE*W_ms zG6-zn9lLWByjLgh%r8hH(u7=@?~gjLJ=4HMZe&>eZ~5$(Ou|WkILKxBwi`x6Q(+jU zhpeo!+T<&;T}`vz!{-az97}*jwTs%u+`9)9ylx$5gVKp2Q4va6^YVXmFG79vr1Zs4 zH2N{ga#k`U2c*y`kihNyS?7qy z#43eDo2b_N6OF>Q5?Bqw?T$t06iQdhNdQOXl@O@X@hTC`&%X!Wdd7KVb-d&H0mR>H z(nDr(%B(F}DPh9zBn5hx7=+i0D~c2pS?fO`(<#t3&+mA+5Xi%=8H$f|^t&*sd`4PH z^!J{;yf*3`Q*93%KVI?SV*Tek5&aq0Jl(KLG`?Fz$*Qu}lgu^7f;;Js1n@z~&Gz~gsXB;ROhMeB}!TBa*VBg%l2 zgNNRQk)KQX(C39edEi1zsdZr}$Etx0$YLpd{gkX$+mSq%lXb=2nc8BZ%iXdnSjgk2 zXQ$O+bTZkNTI~g@UVz{KsJ{oAQeaeP8%L8dCuIS=%|U+tq&VXhADmt%Qg5O7cS;}x z{^`0Bi+VAT;|-sQB9P(q9)by$P08V5&we3t&b<)qc1@?1cXM{XZ8$fRzfgb@X7A;fR~M{n;lrs))bWn z6WKCp^2B^@0-{mHin=Kpb%vixxFWVgL`xdILsEDbg-3;)Qdhgqy=OA(H~`xyS;N( zF_2dfFbjt>1oJN}PthRQEwuLGMvVAbauz?3Hv(fZ=6M5=o-U?Vb3Trc^1a?5&Rj1o zZn*|Yc(B=NyqQp^`=oGlM!Nk@cZ}`O)W415GPvzZ);{ZEu4@0uSDjMN zUj=<}nCg*RtZV27>Ze3(`qp2AtrPnkmnL2DwE~?!Uv>aPPsv^-(kI!|(;siv0*pFy zZz5vT&E7AsRD%E>?J84bzD3u-u%6<(`_vqa_+4`h^ElF<=60w^1ih2cm9LIWqvr-b zHuEiS^F7_V`HTyd2n!1^P)tgm^whmjX3_id&)oq;1y^{CeXxR>tI;?{<`F&%*JXuBq<^KgI(0^voJ-zzdi<` zK33Ydr$)eWwG9l_b|*BPoEnXGDd-GLcj>3wGsrU09n%Usa*I~Ui!x02sN z5h|}iljA2BO%6{8&0V(`%*^4!o?klKd+AIZbVx=JvLYw1f};=yCDGvkAOhg8D8fq2 zLk{uY#%QJs-q={mpXIYJkh#*bN{^cQsiQm6L_j8|*7X`c=ackHy$XXWfqaLub@8}d z0bLq5>KBbSL*dWsOg0o~B&jNBznx|@k+$o-l+NDmS$p!9#W6R*bLDMIc)2M*zIqbg zb*7ifUr`@(4W%fv#$&q#t7riv>xfjdXIzA#Z?Q;-@In5wc2u!(m8tN|?_I8)Qx+-NV4=i`EqBhU zrAAd^6QE@#P9+#on`u=o_x$asLBmkzy3jeE;B|R8LPS&sq!rq-KU;b6BJP@rTQp^! z+FF>gCmRvkG;)Gekrs~F)YylXlCcr?26ppxq~gM2IV{N>r|(wY78ZC$X7>Rlz_#e) zZDg3HMz3tc`_qq26nCiv&GB0d@790jW>w_o?C$7f66&y&plEW{n+^T<^iIco%k5}$ zxeDF+Fay`eErr1YvPeyFrW~j9PNl;M*`(Og`6h>zW&Y1937^ z;`e7-33U3T?~j%x3G*`QoDuLb)4GylOA`YtXm4M$>a7O&u|YWfw5m)+2|3Zj!dk&y zG1o8m0%*pC#yRR>g-bwYV6A%MrOV!*EoQx&H(`iK# z^IcyV;BYLIh_>EQWdby<-iEu4UOyO-=}`zDwT1t&L)B|OatXvC?#NTdF_l#D`@S|b zTW@d4iV?vF%2dmZ_nj%9!NC&#`B#&xz3dTRR&6A*S=~MG9VQi9i6=ot-d_Z?nRp8) zHO8Br)Fx-8D8Rk3x8@oh!9#75c|#rcZy~%4h1B*J*ld)0B%z}}9#uQFh(7TYX_Q|c z^7*xVsqJ^Azf4En`#G5w*Sp4ma#J)NTTIX=a7ZD zzI9#kta)W%&GKL0uM7zY+2?t7GnM?{z+AXfGz?7K;xMZC9>JJw)FYlzDTz|Gy zH+b{tVFKy7mFd1cD6mxbOgUrhdFk+5M?Wi-G3bls{rV|WEyO?tFecUgPQ-X+O6^DY z_%aBrFxDl?4q+lGMoR#RmI?o_n8>E0b;CQuuRi##lYGuAlJNq+l#maO{H`xD|L(pd zn=C8qp^twKCRLzJYmQFe9Fv}IWw>=I1`7BsFx zYMPhBa?Bxc!4^jzEtR9Nc&6Q66ZZPGdMdEU(oj-TZb-EO*0$aJDwv{Bcs*OoK!^2y!~qMNI!s?cYwlqL6^+SMa5~qU?N1k`CN97q*Upb zR&i>=>^zG-fsXe196@__IK<&A0Xz6FhvWO_oceqAfU09`%~0m{zN1ag)oK4t_^i~M z0$5=``r>A1>9g;`7V;=xDxV04Ybcr?{g?yoLm9#-C$xZ?`gny6)H+*asF@fW9TPs>TrAt zA7v+s-5we`h>rLtt6Ze!ttFF$#6GPD+$(^=&a~UZKByHjxLEt+CNWd;R^{bwuO{EFpJW{OW0{Ffz7@|N2@eQnduaA+DTP z-{Y@IBj|-B192W0QaNC8j(~)uWSqaHwKe~PW{`#K!y@+dXY&W*`HxbA24`hkDLae+ zSXvq?j^Aw$Sin9(P>oGXVHswLb(jH;5NIi9FXjeVwl1jfb~eRPz<|^oQ&|iq)1nPc zIm~Ae42J4tJ`r%xL9XeAObqoW1|d+eAUut2P|Qd5WD+p=ZolL&edFUCDRFMkhF{57 zwz6L+Yn>jBRPkW~>eQl_#ddt_=+koiC&^1wz2F<|%anxD z)Z>w%-(MA#sf_;73(5Vy&GMB!@b<>P4nMggf4f*NvzCW$uT&y9Bb;f&XX;}R(a-;g z3MYGyfx!dlC(@w8W!zX`HTc@VcHH)3>nmLK-1_}6?p@vnqeV>?k| zPOuGT9q4el9C94Sc}Pfz7KxX;$k5_b5J@kG-|Z{wbiPyACjIG|YQg?**JUAm{inw* zcI9T^iUm4I0V;%5^h2)tP*-L`$UI;~gMep1J=QS^p4KnEs4##VcJjeGUUGc+r=O#$ zpm{NzlEqk9^rH-!BU{w-Oaqabh~$NTGjHtHXS<1s2_02ds>~Gdi(_GV{uV!hhhxHT z2yBZItc(-!gTQ23$h5lneL-*Omy_Q2l2p~WwzCb?`*-d!rTp|*B$Z2bvLPkBpW1nB z5|)^s#>#{@B(f-XWrmM*Dd*x&sTPz~$=FGimkMsb3##N%l&Y=yZK1+?PW__oV(4rx z^Tv}&6z?A$QVG7rA#P1C(=)!mX(g!?_3Zul99ykj%J59jS>)XIL5AXfU=DK=OiEh8Yn6nev z_@pkT84jC0UT+v2aP(r)E|CDBoYut_@ROrpGvxe(eH^G|S*&$lz@l^-Io;|!jxG8# z1Z!yuq!d~Bb=!SDB$BgRbgh2;mS{A*oj>!H+$|>Bh=n{EQwg5tpHRxi&Hab})z-iF znuIs*^PW@cj*zx07N7QsVgWYOFBt%8U*$8P{@Lpt$)++!4Rb-Et8Xis>dk@CgUX)B ztTTI3_q!MdS@l}zgeW^U*d9!WkqNviP0+ko&&mPxgxIP>%_bbYJdRO$QjbX#MFM}u zj7rm1DgP~`S3MWLjF>EYgsl3Z^9u`!;mqUO$_b2$sobfHiLsRZx6|^yT@ZU&Z8n4O zuu|8FyPo>8scpI`Y(kw9xM>59#YJQU%CZN8%(ou}zdmy^lv3n_9dO(mL_$4v4vv$v zay9FjS_A^4u76L%0qBc^!P)1ssiX80_pURg^&%l}wImb7Og!zDnotOt$j`57*(@19 z5dSMFDExuyLkmy5LiYJF$2$1sn1oOmocfd4%A~>%LV3XnMh97Dm!x$KIeszl&}cmf z>ITB|Pk!VqpMug+gUc9`~3?U3%)2LXUcDe-$=4{M! zGIGmh)t1|*Z`a^f=r7$SblBqTV?esJJ*r?tzbn2lf|kN=L(6tSY^5R(ioc9BRTE-B zZEhT0?iGJg#;0o>X>USR`vjgi7&hbucakDJ4Q3}osJ}L+-bX0_X}LblII=NqMlEBt z_Z#>H;-NI#eeM~lsJ@-JWL$oIJ(EX7Y*9_!o55uOq6@~S`+;o%{V=?5L;~8-rF01d z$jNlHpAtn;L!VPf4_iHAx@5?p<>1#8f)OvXRA3kuuF1i6%4N0 zpA7_dHcikf$U;BhlV{Q1Exv1VyCo(3nVA)-1TTRmhi#l@bv&U$0e6l>n$+@qW3A0P zPJ^6pe$O87eQ|2}#Z}C~eLuXRR>yd8Ut9whD)|RrSs2=R*%XEjci973$$U90es<4L^iq<-EpVaXh6N5xA4`8!+H=Y;I(9_Mm5cQolBee*L=Dt zE=5@72#gF56{Ccq)H2-MbYS`rZ>a0l_3k-=+swKo41X6^aURc34MM!q$MQ*gI)i~~H`y>*A}|298iDDu;*{v;im+XK zsj)iKnZRP06PZ9b6U3PrbtZz4E#4(6E)5?GQ8_-~$OsS1j_EleZS2r5fwg6ST1B|^ zBPICNBC2sDbjAIxAC1o3=y0J0K2sIHTpF$YiPN7z6@C$n!tk z>=d632_KSRr*>7DwX1<-cMI5evGc_n0H$X_>P$BCfsc~*L2XF)rzH(IaX30HLcXmP zbJ(s|39Nm4lwlfn16)%V~HF9OVloTV=lWm7LE>m zE<2dc%S}7i$i>Ae#A2-9O`O-kP*36B>1v71Ptw!hZ3Tn$%WDU1QTHdi7lVcRYN4GE z7?_Xf#l^*SxkP`?S-PYW%a9UV(^fL2;tlH=w|S@D-K&oR&nBbSm)}7sCg6hB;PY{- z(1&w>(!hjw$r;W?o^K6go3SaB_F6ota@kdJKb$u|jPNhd^VE;iK5qTaHF)G*0&iH< zWv*dDt^j-SDTp%B9UXO^zi>{t`$LZO*ls@M^!MMaE7jI1ZI>}eKbzb@amLpN^W|lZ z#%+0K-y+F`fUX*kz;>lo{-+Nlhf2ss?fJgAH7xXt_{)BU_a7DEuFO`NQL<)Z^3a_V z!+yqHI8(m-sM3R&Qwe=xyfZ9#x*ZtTK?qm3FW#Ut4AB#^E4E^RmK^sMG&mmphIDxa z-G$Q`Mo!4H;8qTU=6nP&%lcw^lw&v*&pX4`TmXQXhkp5GxwkK+KQZG%&K?07ky1~} z&nA~Xi+TwV5e_T2*j3ERGF|Upp8_!Wln=8SI$iFlh;*Z?LqpmN&8X*|SFxbWl`K}f z9y8a~MA779+!hh_xziv1d-tAB@`9oG(OOdsemKrwZwQ=D7Q?@=lhK1BG1X=L8%84xnf)dDRMVw*( z9BuC)+%lJyXL86-DYsL|Sv-HMSl1Kb=li(;mu+55FsB@2r|9 zb4=CYd7R}_K7KZ@Y^8ns=a^NGkj57e%U_7FR->LfwS+k&oSp}^8QIM;{C1-4dNUo2 zeboSI=AC{n6&yIQLfj4)D;8&%Yca>SvC6)Aoo!2k)P>?E*FCvp){&S%jbA_nKhMH| z`SVGO0|yvL!BEXBRxvFxsAW*i7Rv;P3OO)G{hCBS*&|Wpcf+*blX-anK z{@g+EgmXgb&8Ee=6qMEIR}wef&rF($AB<1&!D}pxi-7336RvYMl_9<}hi;aRyQ2~0 z6^x->Tp0?TMt_;6m_%OrgjSJYSf?voP!p73@Y6Dr9YF9VASagrZWT?X(myRF+u-uL zyOwF&5Vdw57lo*SxIaFIdea2~UIpj!kqKD(`8xfK|U!D(GitqJlcCq{q&N56>$O3)t4gF>bz({BbC+M%7&^5z%R# z`7?xA%_Q;}Q+>t`>9vHPBHOP8!B3?lf2GF#eIkl_9cgGa76oZP%n5J^ZVcx%uc}2d z_^CA743ZW0?)2UO2|>Q90p@cvZPQ?mpMb=W>}Daql<4ps(E;4Ox!8XZ8*YSuupX9m9Emn&*!lY`vOYJ&;D%~ zR|64zXqUDZLRt*Y-~KG7{KSEO{eomFlm7!MXusLTx|A2S!zG-X9Dfl(t*O?3rfQiq zt93=Nz;=Agtvqip9E6BHqIFb05GbAlaGguCVs4tbBwm6lE;t8Nfn5Qke$3Z>-zwgY zpSg3Dl#qo>Ga*q$RHRgs>)Er~Ei-TVWmyDj4)Hxgc9;xq)12#e&Mx|6jJyux%N6O6 zggoZie9~Q?v+X#H&MfqtBhQ211|YwJcH>2tHe-#ahX=Rfgi$>r#Q0%`g#&@nAjMF~ zitFkG_LbDzdlq*(DyILBkp__m^7Ex#*zZ(0Up5~%i<;X%_(nNg9LhU!mA_Hj(C1jFi0YwR9c#5{8yYUXARLi;|v{An^(nU;Evvpu~ zNOnbk?@qB>FJ|q-Av-1f5-aG3b|7q2>(HGZ&{@9NwhZS!ih3dt&95qzRiax#7WGs( z>Dig6MfoPEw$B#54o9qYYmwfAfns0K<+Q+}hcvvSJ7p&NQ&%eaF))ygJZM&@!{T~^ zyn1zRR_Zl$A;V%t*;5OJ?5?$1hc<$YzC)eQo>d56#WHX-tA0HYw2705_kShdl`D`n z8Ys`fXk;@s-NW-oQi+laDSr2MQY6*j~9u7F&7) zZVX}QE6%shEsmVNIZUaW{fWveZ1t)Q4bkg&)uqwEbzkUcDd#b28}nH8O3u`tzSH`H zw7w1rC?^*EJrm)$*r14rSlqkyOHx)F#hkD}dyv!pWcfQXA^3`V z4#`3y=2BDB#r4%yi=ySyMCyOvfOuM@zoZAQ-4{BSPxJrH&<60fKo@eQwwYxNyXdZl^;CQh*Ws~pUHXjjc z8jU{B9|!umhI}BP7VJ&=Mlw5Tl%xS3GtErEYs}%NKtQ!DEEgUJ+o2&Zbb|L_t}yJDvC*@G zJV#yZZ#+P{sMChD$}cpzC?(z}sC7L;Y!qAln7*!*3)SZ)_+}UyVzBweJ1$&)Bwhzc zAqlFF*H~}As97+6#>%=4qjUCHQM#)2VEQw`_>zX@sfYt?;;prmom|o=X3J~Xv~m(v z@rm3RCS%)SSf7HV3Yx(m(zwHyzmG56PbvtazPcD;**Di}I2dPXVuY)~w-8t|1mW zo*ymNZW$Ov@Ut+3>-vcNqugs*x*~icdQq6?n;2_8tkXsl5{5RZX z*R(nh2I}4M#s(hi^4elY0jhgP%QmJ`X|cZM zIlFk7-9NTx>)c$`a=<12c=K8vAviPZj@$jvLVW4* zhWG#RbXEaTg=-fkC8Sf328lsXS~{e=hVJg}Zt3ps7)nZz4r%G`ln&{Jf8#m-x#DJS zfIa(rzxA&5EN)yw3J)%+*_aukXinO>Z-#b>ih#*987^4(5mJQWSC|ywhYFYf{=FRz zU4w8QN+O-15yKgnrE()#{c2CoPl9)RWkFc+3f&&XfAo!(0~d_{k-AR4D7a41ajZhQ zharLD4UMVYP$FFcjtsDj?Us}jNy_lB4p_lFUTw0cY$4~ZSlwOU=uS_fRS+tR?e_MD zYLVgXf+z#8xrTk-9u4*6{_zen7k^}QWO**@mF5OxtUB*l!8Pw2?IZxD!xR4NptlMP zusWrICJzp&3=D2NB+Uvnri^3h&}Ks=6Q@Hhn-x#l7CAn}E;SOwb9Lr6VfBS4FO&9D zUibTeXTzeIZ%6SYV>H3%g(cn6It)ZL46*dYE3FTij5@wU8)=IM{0vLLq}5<@?q!OK z%lW_g;TJkI54Xv1vP>}Wl~Pjh;Vb`zT$sh>n#bLEDzCTB>C<r^=$e?r@PrrNbJ%=NyN*}%%;L9Y z{IgZF2sk>7fn@2pn_R1kYv2yJ@~cAU0PFREeI2;4 z08_c0qJ(%^*!hI`hkswaRE*B>%`v_Q>0lt{Qi>!fjn`)+|F4fsa=VX?}%C9v!cf|a8>At^i-i^FmaDddv zI@Dd!NY9E~5zxW?po^=&PmQ_?I@ycSI-#Fod|yf+-OJ=9t-h&%Wq{@$*OYhyr#^9y>sD%b@bo%z0t zg}O-DRfR6-PB%2OP#Ixct`%b-iGdjGIQT2VLL7517bYwh(Yci&mA;J&zgiLtIA}w| za*=UC<6@-V!hi}VZy^_L(Z{9|;Q=@f%YYl%7cizv0--yP}v7+y%^<|^gaOS z#PwDS%o^=pKOGb-7;+j6-M&=}ge#K)jWpXCw(T_%mvESP*&ORa-+{#IB`^Wf$J+pv zveQBB4IY~gC~s+i%jY1KUnCrORLNpanN&5p@n~O>4j!YP4H;r zZS%vpN3>phHASdM3>08GypH5-mS4sLUReIq!JR;bvpc!S`7^4xcBqss9P|T5XB|PJ z7$!0ft@!AN%(A{=Hg)MO=#?fLig2Nk%K=PMWc~cTt^T-Ey>Qy0u@twy)*m|_(82T7}hn3yZ0B=CTWk4L^d-URC$#m z{Dnnx0R%E!Lsp4g&g4)MebRdoO_|%>9A89ecDr?fgT)5=Bu4E;6?RTi|4u^}xrLh* zK^%vTe2Oa{9uK&-$*L$BFTe((O;bp5W=-hwB#OZvkEZZxIwZa& zc&%NA_u;aDzSV(`2AxMX?GhDSmic{qC8&FQV8YO2Vq>Gxd~>_(a^?2Zm0_sW%8##W z2>#CJ)BCI^7jjpINCXnU4=LHatB~%}#21jh`N7k$DS*SUt5g*oyf8Y4Pgh!Q%;q{? zK&p#6*(CXqSg5$(vO^rvvz?vipjA_;WK-?Ssr&>7&=Frp2VGQ|k8ON|T;=%|0J zw%aOVJGst^m+c4_&nMEG7f?W*?{E9u#-)|_TfR%1OGuI~clS^X!;)u-()yhmt=dOUEY$9GS1Jzd4)P2> zcoZp_HhXiwn#q;mz|-D<;WfbSn~7P^>&jtcb|j@39_a6lLd z9HcDZH@Ho};#-7ft+_;%#Hd-b2(rj%v?+*hO@CYg!VDgK?FcpZ%VsG;J*7=bOvtD$ zzvqU)0T0)Js)4QJ0C-`Gm;2vO(TF_$UJwuw7g=$2r`QaX<16U!c}N4)pIDrcFx9Nx zz<`l++qJt-EoIH3fHz?}=9^A?ML*^lugkI(Ke;Q`#l5&pj-`+fwW3QmIaIH3L71m1 zC80S>^x(-pi%&i=x2r<($Fws2r+Zeby$5q_l=p43Z{FNai2Y0!b?_=04dIGj-#-v2 zntqk}V$d?#%L+|~{$l<7yq~m7yniXu-=GeT?|U(tR?{m({02yNwOk1$inzzCZQLV( zvd3;UF92}%lpvDPM;3Z|xgOsRml{6_qT&waUcXBe)(70&D%MN2#y~;hRtydfPGPjA z?{_i)11e&{;dy-|Nsdc3vxgE61{#Q!j5mp~C97T=#2QyUBCbzX-fRE(LVOBj?Q|aj6Wb-HXMAzf(dy9=GA)FSA5>U+>*~(bCkxlpzm7Qj zjUOCo1?ZT-&mo|bPO{-9@I7$JPHN4`TQhUAIr~}3$o*bfXlUtbN7yKB!XyBZf(sv;)BoHs{BFC@SzIVPR za-dU62i6p&q>jpP&hM>n5lGKYq)g~18!qg;>)oD7C1j;XdQMXO>exTKZS~0zG8?cy zv3aV5rw29p=B&sw?a!IL(^{#qTE7{`&I|EJ@um2xZ0-McUu zKri1)sfR^$z7@%fsJQshGP@>H+!#qf!)J%KW?PdO+}ZQ(WrBa{2mRGo+TzFI@Zc=2 zw(bZK$-;_gDj~}Te`x14OB8U`jaBK^vebKtGFK9wlJA;3Z!Ha`WKJD03#Xy5=^84O z-VCKae+Z~u4HP@qjzUfTF=?WwrIex1>hQcGZES>ClU!S(EwyM5)*Rz|6>vOZbv3jr^z4AQn)J^U3N5Eb^ChWVB^2gY#NofmwUc0rT@f zXQtF3_}po8n~qqjV~fU+s)$j&JzgT08b-Ja=5Bv3r+6yoVrOd7n0}wU9KQ<)7~|L~ zf|S2_$J}9t)&iu{qB?2OcJGJiRas%_4$Sk$aa)KNF+h2@*vi>FGwIR-1ggAG4NfVdN@Uu zTt$@&m^CN-oV{cA`t)|I2(qXvlwO2_8<*)p<)VI ztQE#M9-SrXeGHQM>&hVZ9J8~I3=c3=DrB% zV_SB`x<)3xzkewG|E{3_U3MVCC}4iiys0s*Qpv6=*rWxvWx!)9u7W7QivZz31pZEi zx;}Toz(&fXE()NnQ^BF&bY&RNu z)0%5RnJn%s8?!S-k=pKC>4>ml@_eYKY$X7l3`4wm_RT?Sx#wg~$Fp$1-2K!U_A?LE zoiygRO$}ScZP>WkbYi|uDc6(LBCXb1pTp~{+4%7b{5aSu73^QrP)hW|9xg(Wi;7}asBC>ms|c~2h%^yC z^NX-o)w=>^gyAb;-of+by^v&RAjgA#^KVNSl~C0dtt&ejx@MgUeHX& zvb8bC1YlmzX8*)*0$e`!JuD1DtF3p_-H>zXkJd|7yenI#%j@f8MJ5MZuxv`cc)Eyl z+(>Lw|NN}g(DE#(Jg&*l3(dh{B@2UtgJBRix9|C79N;QN5eBZFCO#BR3>C~=2Ms^` zLSQ+WelTMzfbO>Zne}60^c_hNuz!qSt1*OFjc}v=kZaNj;&z?a?3yXpI_11K9mXR$ z933s3#tO%Ii#r1-s`ee{2iD2|OH%%SpmG*-d?%Te=!ifCR}m7DZ1r!J5Qjztj5~rd zZ+w7jcRe6x;x@A7g+phP`aUYaSA02{EQ&~%4hoRhsE2?-3ic%iPG^dx2hU8@MWUwk za}@=4DmsD2f1rOv6E7Y}IGzi;MwrN4KJ8HeQd1Gora9jAmG3f9)dYVVcfLXAn)>G4 z#v>Vk(CwY2Qjm4bR%>RAe;dN3FP+(7Dr)3G=-wE~Xr$G?cS?*wnEC8xRy}fir>fCz z5fzPa?*HzvPk0yYcuBth`gpp%rd1Mm8HxNuI?&NNV`Aw1)X{RIcu^c>epZXCGG!K6 zs3NDqx#zk`>kq0A)eKsj|q(L6bJu3w#cE&9cVIpLdJI-U8(z0G_s$<@h% zc3gJD4?WA%T@O0eNOs#5QT-!XJjpjj?pVl8#)Ae9!&V=s-tptwg;Y1p)O+`LRJhm; zyGiy6MrQLIi`{#U+A53=`cFp)Oyd)K>NqQYBAH}Sw0X2(fwnXs#N}DQtvJyqn;U!H zlDj{T7^5pF%_tofekd+IjopZFx;SwZvJ3i&$3m)t_??Wfw>X;6rg$wB7CLT-{p16M zcp3h0BTgjQ!E@Z@Lj|zzLcL4qrM&dPK;LJM(H>h)A@& z54<@$TY6K3T)G^tWSJ<-qi|fTV$^`R7KXSxqSgizR6*Ntgd~%!L0N7%tKCSO{*+3Q ztl4i$``6c~J7S?+j{o2e;sTxT^W(Piau`y!&UBlYTyw8Qv8me18nCN62kLDBbNHoh z5CZch&f6){S_pGD;L}MOItat=H}9=2N~CwSxqh?WEm^E1DbZlH;2`-?@asS(QAP@K z-5j**4f1sRS1}PD_aFUS4MAckAl=@GqyXzf?GtgMH zNAGU=?(NmrTp zUaBsY`Smf!T5ibIp$2u7{R^kmZ>#zGwB%~7ukAkl&YR?jMOBQ9(^bw=77O`we>R}o z_pA;sbIeZGBJwju7oMR@27NcpHR^0&y*YOb9b6bmK4ewGzJm%v-bpH-o0hyX#K2e`UQ#imBtSzt1V*Xb5$i#8I6;EKDG)mb2<&0KMz&hzIgN5z#OmO zCs{om9`TzmZl6|wb~g#1JSVVv{r6_(_ECn!0R7?-pWVX`hEnLmX;f+YQ8DE{IH=0K{bXpoNQFBM zSQtD5yPZf&`-z>v^BEwrEDhWSBH3jm`SVt2lsxzqH6Co&d}UR;a}+js_Q6w8fr~;o zvgSF(^&AY8-`%G~sXd7euoh5BD1R3EsP-`6r5OCC;p!2(e|Qt1=Cr^4x_vGD2=})= z8{h=tuEV2kz5|%(#Xw*BR1X4rs*^|B<74!Me$LnJ;jvx)3LA@7RROgPk{B5ZEmP+| zZ^_A>^j>_1hDelhBg1#iFhl@BCf?EBbf^#!L!ThA$m=7;`?b#Osi%7{per-E5Eq7J@LLZuZOF zDvfbGOwf=>TPQ=#K<5d>RXQRYi-YX~uNq_2#F( zZ0LM;^#Ey8!ScFY2FM1bB9yP?%#;?)c#pk>m3JV zKU=j*4d;Q8O0S9`anvxu`oN{XG;()*YE6irBx8K?+=MRYR>!`OAIOF>pIO1dY%pA- z1zR=%Q22Z2bc`#Bv>LI_^z<^#yYuN{Yi{c7Rq(1@G|{y}c=0pM)Bg3bT^m+pouL;N zbbs}^>+bSGUA^(J$xt=}H+?N$31C7!AOQo*tD!Mr<;XuhK+zdz9rDiwO+oT&Y51a< z?O>;YW3~WR1z41I)r|@2$$ZjmMa-k7iXvu1_$?WY1iWBd@UVaXcx^NJ{9#Xr7 zrl2qg5O5F`@EldKW<7eB&z@ncs?mZa!gsS&F&z!(0ybBr;0Dzt{~Fx@aVMykllK|c zfaXSjxll*cXwS;_LA1EBmg0VCux$TVMHL{zTo-d>sWa6AiQZn<=PzMPpTDaf{1Fo%kAEtBJ#bztS#8&=akNCn!WnO)u0od57qo9=h!I;;Xv23K?Mk=LxGD)F8<~PmjQdi!Y*Ykwu>9aiy?nfZd z0WXNLtzO{n2`;#IK9rBnp$x94`O0O@I5&2cr$yzfvc1!+(3d`+%CuL^c`Q9W-E$46MUYXe{k7I zAzdvt999Tv_En&4jbc47`=+w@xQVNVpz5ir5Hewh7rYL~U9k6Yl-20UD9m5EPj>`a5@lU2@M!Ixhe0TCT|pN&&q<+@0aeaCLB6LgnUz|QX93_D;}f!)VYC5kgfnUhAovyN0_rV3!s&)6 z$j3X>>nmW`LDcJt3nFA){uEW(3Z4g$BF{V1n@qef@+qg_!yqp@_%2R`N)Gj*6980| z+P4z5zMJZ8sGzXYj}s7jpZHd_O0B9}pE`sf308q45qa#wAT%V3PzgX3fE`_qm-SWa zKtPF?OgcN|r|N?W<~;%t-enc?+br0P&)&_Ki7{bHTLtr{ z7S4W{&BE`43DlDT9lP|CxhnjKvA7`R!m1UW0-F`xUHc`c#WGq=G4IpdX7}w-bnT7a zdB&=$3Pg>Va6AUQB0f$%A*eM&Ef&PPJI~`^pu(Bk=kcej?1MU|%D z4+O2boW^qa3xLVK)GnbdN6`4{)}CMEhf^4ZTT4?DX0K0c~@8KtrZ8hVO`l+GcvYe zTUwz;kt7&2u&o;PuKZ6*C7E8B-!nQUC33jO7Xm6r;HRQXE>2)M(H0lHGxCuK5z2;4(pd4s5ao80sF<0xZai%3fnN<>s4V8 zQO)P(_)Z;D(L(b1SJCmm$y_*4fR6+vs6`yEsZ^`p409v{U!pdWI)l&)Iu5rhSoPNB zXkMYLR49s#O`TeWsPg1bS&Ph??|LkSiAm&N{brvnJeV%ox@&1kR>I|YU)G(s&a^Zw zFcx#vipIE9Qc|inBw*0g_ZtLI3V;i*%oCAHDQ}H&*LxeDnmv=R>Hy0mSC`ScxkjQ1 z%+UU~X6Eu~L`+7XXAHnU%X#wbwo9ueORm_~F9{AVTzu2{jIokT95!uKw3wSq5tuIf z%hobbAzhUZX?6b6wVARA-qEF?YWsyc{_OH;CDlr8IePptj^V(;sOpX^;quvvxr|Uj zLAe-E_@idMxIQuusq`U-4K=Op^?TMtypb&8;CB_KE_!f5Q>Ym~4nE{-M-fh!c=D|C zN8oBlCA`s~(DQ5W{KI>sXqM^%8p1Q$Ii;4Hi7DAyn0-EN?L8@J!K#wND0_oSU|u|g ztZ3ncmvRVe%%IWST`^GI?<2{kdp#Sokxugbtf%qa4e9B5S4)MVsakxV)QhL@U^mU2-{^JQOR0TXX&EzRrSy z4To~!j2!9apa?&%90YZOX)Kvi{QPu3(TGh`_VDI}7-+sNkXU;W$nm~Ml4JiPBf=Z4 zty+H?9=8{WMO2iS&acWfltAeaf5Te7+B?%aoR(;e1}BUqzXDj(d+)?(OZpnD22F|m zL&bCtX_WRAq|t7Umr`gTZDxPhyTYf_-f8zzT?2Niq>}J77Sr=z&V>eERtGm%S71o_ z9s(jAl0MlR0rDAzp(>;aQL$tKSh?P~8F6(L3_nH4L?rAISy4C=j5)kNU`!h?#q2RN z4dS3Q>?o1T5bAh2OHtflArT|$fYnr|!;s8Ka$lxnE7~q{U+q|Ms4s9%Q?I)(Q=il++b<;OCTZ@)9a^&=-fM+ zrCW4;bVX;o>gAG@LWJcnaKH1O7YS69{KjDyC}}VoIY?r)`bB&2FuP>3Wv1c5BlkOp zBgN-&jg`cgiGiZ;=l)c&q6&52)&5jUNDNWY2i2upuRarak)t5M*_Bi0TLLauQM|1j zupi1iI!4TKOi^tCT@CCZx<@zJG`M)PJX_u$m~wfA1Z##3}FQiEjEA7KGWN`pT} zT&u&?B=|4dbP$ct4eC>!bHpFIA{ZX)dzA9EHQKPLztCFrWXhC&xd44$@XCFre9e#K zv;MP#+Pk|uV&Ljv*e;f2K*wh|f}@@ojCx|sRp<>*LWBdO zUu&%Y+E%sBoKUuR{qY|#@$k*u24znZtV|tIX&!qleKCZt&M^lpl(_Z(;g+8W`^VzC4#QZ2oh`Tf%Kp zkWm#*tMz;&_>WScj_CFmq#XpT-Nx^)4$U{ZgX?YA_%gD-ATakAN`TxvJ?R}@oy|#} zgn&{Y@TwFX6e`nt2{AM%1bT%3K3^hryd)9uue3SVxaXsgOFPP6VCul;qQf03?|6PL zagntChC(7h#$XXxLmAR8=6QWw5|JV_RTaKBS5Q>eQdpF z+cTl_>7qznJ=6L_uj*RqRB{e|qFmHadDCdIT$*^WIssG&L!xcNqg+m!ZhAF@-9Yv_t_I!zgB{74j2i0Zv4hnGdu)^8#R}K#?lap(k zpFDQV=+mYXU2w~;eO9;vI9Q4!7ZJ0jo{fvD@Vex@quhe3zfXIvlTFh`dx7|jqbXx= z+cF^`-PI*!8=vfbW|zTeI^eAVg0B7GkW*2DQ(K4b$*% z@%FGcuT`QY?tG*>8?T=AY~A~u+*G@^Jzg0@0L&p5z?8g~D>-oMLovVcjGZQ}_&^69 zK_TEnQ;?E5kP|Krn;_) z@gYzWXHimNBX|%%XaRh-thJ>@@hdUkk@sT%+xSZL{Yhg)PzhNYfbEG0zvxzoZD#d6 zeabuFKq}-pCH$l`WinD~G^lt`-)IU(-esat>yu8Ko?Yc9^Y>&|2ym2kEA38l-ZeXpDuTsl(Xo?oxH4iEo4lZKJ{~>z zLAidfDp}}i;MLZ5o(FoFikSlN&^{_Q(^0z^9m9rv@(^KKg?y?gf(LjutN8(Dg5I0v z8RW-|!Jo6h1Lbag=y{3gY_=5Ap8YqfS;vltZ;iWB%gXfSnckaQzm-smon&rPzVCST z7_8A`M8|Jflx0d^`C`9ffI^s!f?@YU*S!hfWV-R-b8|wBjE1aeq(EC1fM{{~(L@yQ zkLUQSr2xgVXt7D3*Vt4)3~Tg5qCp-0n6qC+_&M9xHu+*vzjZN89buI;u$=DkY?Q=r zj(t{7Q_fDn6Z4)3=l9lLTm;>jmrqPs1)_ZNn>^fKYP7X@`n_7Mp6h(-MGyqsO(sR_ zY=Lsk9}+R0QjaL%{qj7%7H5UFN%jA*seqrh3UNI<`r#+D_4}G~>v?rrasZTfq3)f=*+s-^FP(jOW;8yQ;-79V#f_s|Zps%K}d`bT|{ zetjL`axs(QRfnE31HiZR*B$r_c@#WQIzn9gY~m`!r% z?guF!3%~9qxXbfae>$ch{An@!HiI{}F{c|zu7$2t^71P|wejjg{ydo39{%Q>bv>(H z1*zV{AgoXWPDiam*IS}wu4s`_s-FU*b9*$6W!G$KXT(AQQMrZwY}*Ym*<6MZJ!XGh zD0JM7c1p{!{9(n0xon>U1h1vHI_{!HV+hT!TtBnHRzB5hpy4dPoWk?E4^i5neNM^W z856e$OELg-58Tm=Y@1c@s`4figKny!-Jee3mOs(<3?PgYl?i9LdskaA{E7f^W-sDX zJ6S9PD@!|#SwB$&uiZM-Yj_X%%?(`Rn((_LdI41V@u;D#P-V5eXs{3{QE@8XSfXe9 zsPH-St1VxF=L>HMk-BvFQgVm%EpZPVa6H6nVEQ?joMu6o)!9^UT>|%eb#6&fIl`t7Xaj?21)T?$@TA;lx1G-H+$hq z{bwZn4%24k=I8jdxe1C<7U?S3Vnkkl*ZI6}M&OFzEI5%&7)bH*7<7Lm3OqjinOiWS znp$}|F%X*PJD6z!*pt*lTDNUJ0ZdDop zK=5c;Yng>aO)=5t>NLA4jAeZ5ALU}6Tk7@nbj-iPDl6F2d9Ht zVZ6Jy=XGo^XA`(Kn|o6~R_y}Q(!n1J#c~yEi^+O|KifCmfB$OM8!oXgcKGH{L~bq; zvTyUUT_d@k*gvfj&}VYEqD8$}WS+$;o-pXNe#!b`uhoD_bGE>sQy(kp{WnitW1)r= zkak%9s!62 ze)=wEe=6o9%!6BZFFT_V&G0#elx*v~qYs8}*Nvvu)R-=h>J8iK-)F}U*#VV`Qd>?K zO72~nd_rS6A|(A!i-{@2;k2+1;twD5y%GUfI}6&fWs)fUm@-;>KLnLlD#_FWf08ms zhjA`~S)os9hD7OkH7d#+WGeQtD=l+79~Qq0SZzCTC_2Dl=;ZP4sz7)M_Z#lN2Wh@6=SUocuns>HNQG24@SO`)-6zW!cIY?C&UCZo`iMAu zl-}YE$fb&n8ufR7Ip!eS3|K$KjreNc>8kV^Gp?ZYI}MxocnaU=sIlzzMuHpkpA;FK zzjBlSFu0fjt;uc=x+QQCO!Gzk z65tu{@B7GfuBYno{SQ55QmMf9WB5v+CYGXH4yRQ6qxw74r^mHO^@{8JhO_Tqw@P3} z$Kwk6FPYEICv$a(y-5#p$ckk%d1QzKB|*x<`m%uGkl{J=Ez0DU2G!%Wb^3#=@(dOR zBW8uVY_@=3fSELK(f+DLKQRZAftc_qp>~l0lVTcgbWEUpN+QSo@<= zL!MWKI-A$DN^z=f7~48M>ylsO6!k?QPRU=2S4D)?b7BT-h#gGPX=rVd-0kD=dy$d* zn$iz?c6|Kv{oe$+dE7N#5|g0}_dbd%SM4qL@Q>EB8+rGA1uRvm`|m$ka%nakbXeF7+6 zNrm$jCGL4bIORw^l0XDvy@WHBKofby`P0)=neWTw#E7Jg6ocHzH zIhAK@Pey<#-DLxCR}NzD-T67b5haliQ)e`Jk}NUp$EwAk>*17)`-4}DnGWZ>Evqy} z7!phwE;Q}FASbrw$hyxHuZ#2A4{uKwTxmkWz6ZuuyS> zdP(++MQ(9Eq|V|eEnQX%w1N+oDiFkE!}hcfivbE8l*Vk13Vg;TjrQX|u*M)IC5NyJ z-PP#?h8$5mFeh|gPqlVDQ^b1ccS4lasc^qc>puKmzwH(dySO}HQW{z4<*J8m?7F>UH zygr2s_{f()kNH+%{F=k_hFMAc70XI3n_e+ZDL9*Uv1^q@7IrDGVLj6v)x)=SgMhBg zIMi@$p&2Xi4TX3#s13#msJdMQaFvw?H-F5qyHgDL3xFixxLA%Cr1r~ZGlS}A)DPPS zv83{bg7gv^pa7wLVK;aT50t*u?=3+#(+#sgKi~AJzwgeoWagXYZp0Y>l*^3c()b4D zUS;D09gMJ=TIsz{4mygmIpAjz5ijG?IEz?cz@@?tdZ}|I_EW&ozLmhz*kj0}$%8{A z783Koj4ci&R=|X>@dHlv()kvO06)LbQgMX$;tB$>M zkgDZ20kJ^>XHsY+qMNnOP63EQ0p5%$E|@mmK=Z~`&sx>i7#A%2cB`wF*K>84<(sx1 z{LV^!G(2x^e)t3Zn*oa++YLZMu$TZrEN|0)4^u5ER^)3Wm^LYaAQeLzt#0<;4%Oz! zEl(*rZQk%T4pQcCGIuAzppT(@0okXZzkMJ6jm$fsb-*2$4$C<&Gs>>);Kxh>VsvRBQpP~f zlIW95K*4GbWJ$D^bxR%}P3`sl3+FHG*GZETBU_*3W@@%vO77fVPRV8^uiN(ZFGJej zk9O?8G_{NDkFb7u>%M;e2=U7cmDXe8QJOVC383~9ruZjX4DccPwa!Dp^bLB#rz69n{&gaLAF$=ohpjMleW;*y85Ew!QX6-3--JkBFD#}-Q%61>kvnC@Fx|&!B zKgZ!)6c~u$aSxX~R~DMHohOzBZne_6-yy?Prcq^E4gN-3R;edi^qJAbPjoZYmN}9# zyOmfP>If@UDU2`uRD~2ubSk-ZF4CRu@kDj;dK}iPLrTWZioF~)$mKuK*NBUhMX%Ur z?H1dfp8JQ&45Gx`dI1Zn!O9!tYTY?bx|t=r=GKQiLmJ_mDs3zbFG0modoeVw&O$$u zOr0t#f`(JB2FrBoPTQ}#*j(q;ABJVT1iO1Lz2t|3dxnyr`DwoyEI$1D_+hT!nA%01 zfpd3u#=U_{L&27b`l7hcPMYjR2)q>|5@C);ALthgLERv)ZY@sq)FnCRG4HOEO>v$T zCi_6jrH&nTm*ZQMF?2n*z}omDgT#|Ha3UKSbr*8saB1ziR1hG8-=R_3Nwtbh%)fGtp!p za*lT*Xm0$@>P^u!5K2jvbV$u77^-}W_fh_)zDN2?_%;E8lbDA_J-qX)e5wN!tiYYN znb&kgs+lq>NVZj$z)Q|k)6Gm`T?TG(zA=DYIR1{82?!7<7J(WnQTg*b78%zJ8GZEQ zAl!#{vt$je%ub<;(Gku>g^^`>m9uT0a)%}XpNl^?5)OdLJY_Q9`$2}(#%Z`V;!Yl9x7=v8Ik^bIX;hh6yasUOQf+Lxm5R)>-g9_mguB>h0}~R z)zgIHW=oCMEam&-XN(9!5LqY_c~kGBGaAIHgg|My2cH8Rk=B{J*X}pNKA!?*N=$?` z8z74BRI735ieQ_y1*9NPtzZ#&ORCU$)tbD&p#{O8$%BIx8LTE7u}k3}vNKrCA;qkX zvkCEscz*x~vWZIImapY>3uBlUSnb&L0G%Jypcre2Uo$Rb;o~~L&qmGH&U+wpk=|vy zpD@<0++X!RiN%!h{GwrutZ2*l*c%R|mNs$XTwecr4&k$UJz>I+7MH^+lYB0>zffb@ zwX$&{f<(ce1mCY-F@@p|!&5`H_+VgOs^9LGKNw=rmjE#$Il8j^4p>m@;<^<49m(6o zyx}Bzxm#)KIBDze>a%z{jl(X@l~VYz850?G?G9&p5#`%F zLB(QuS&cH>%R-y!r>DPDpDxFrst(8R;x$tAzO}G_;mfqX^0gc()o!^4EUj{AVnx%~ zaWr%_=BI$kwg*(WmU@M=Wtpe-v-XIrjyp>m(_jRK5k|xf#A^MX-FjBAdB{R;(ZJwH z|ChGGhfq}=VhL{7<5~4YL*i&IYtov6n+&ELCH?G!-x=3kG&$Tyb7NyE9!@Pwe;7}W z7Z?P+P*wH=9Uy#s()bgH*(WA^l>-r>vkaQF@XFHq{GKN;_pVoji!Couc9)yEs-GW$s1m+zlre%GEj?awbS82rS>?6M57LB)< zW}`KSYePy_0BnwL*s8Z>P+)##njnliGW0IyJrJ2-+tJb@LM{_zIUdRntobPCJ6|W} zn$F^yy>Rx8Hy;-2Em!R4(9OrYx6A(Z89O64N|f1-yADUKf~IWQBeoqEB)p@ z20XjcZex9yv+`|Tmo@E|Mja*7)7xCUWo)Z$4dxC-t1gXbsFj%jB) zS*f^miizJ*e7g7wz>>hLsh?vlvWNxPbG7u`07^%P)a!<-wt^W2>%1b3<+q^NfLe!7 zQ<^S}c?6UXf4i4la5WYnee%zt+X|$5uM^Q1oGjM_f|ciLYEM15hEA8zZb0p)<|0a= zu6mvC5Gw%>^Df*^x8(I7}L9T{0HM5SDGrTIpFu8S`_OrL?C zr`&TIS_~JAq718m_qK`{<%>KB;{J4(CO;{!@aKB20vsWkh-fF#E~_bACweU314|Bm z@8x%pm9TZTiWG=tF8s?Qoz0c6(uBXhfxmlz-1oofDQ0dMH`@oxLB)n`!(ISpkfE@| zURmbT)+{-rL7H>n2+L>3o2?EIt|e8!?wx&^`a1S~!wN zs*ujoGc1C$e5K%~RvmkHB)z55am6UyAcY8W#AkGxlMXl@@6<*0*H7f+S#{?5us?z%M^1jK2vwEI% z)H-QglH_=C#+{*?%9^&7N0Tn4FDRlM2t9#et^W{_p)Vri0$6p4=j)wLL4;hCIMN_by5zNKTk zA}h{+vulcwt?uSiW{O`eC<%}-Y6)Rz%||;G9cZUgB5t42|qL$h)^bB{kU8)KX34 zXS`C7e|EV50Z}os^fh>&mo2#loXwk{WQLPMc54j<>m5fvaCdiS;S$^}Sb$)`5+u00yIXMA;4Z--z{1_(cJ@B!p8tt=R`={VYE*rd z^*5npIgxR=IpzV6L_7u%4%Cr{D-X^k4S~p)8@|hK)fevp&#pFCDBxvGy<1zQnx+xW zRgYJ{+UH526w9;!T>@EYRKLI^;Q1<^*1V}r^8zZO$-M$ z^+K*Rkc&0kcst;zM^&A-A1e^T*AzZGTu-E_se6xd@}**f!!{f65Cz+e{kYH+2k-!D zhmYu^QJ-&cfk91MN_U>=M@^lCy?sWR{=SO6VcyS4Z{|5~Y}T*}f(v z%Aa(a9ldCyyv=y`b`P;d8uP{w6_oY^_*3%v{zcMbbQzuf)MM3@og zOX@X6xTp40t?!YB-hC}pNwD>mq1*!>P5fiI!^O-V=lP+Z5y4tk+!3^fp1uQFc|()+ z`W)dN_wi}_t$!Vh5YIhs{4nvz``@{JMpng6kcH1H zt#c9)7xs?(-w@!HLTvxH3+?Q2RrI7i|LPnT-L<=e+MO~EWN?MJ{5+k-cw=*-dOeN2 z?p4WDZ4e|Xel37XcP})DDxM}ibzbj<0mW##kkvC}Kp>VF{A6#>&Jgg=+OV>m1}N1M z9j7O9BrDB4XNy&%=7YR1=B^%Cn>wbBKf{$?)wJkr{F`zcIBJJy3HumVHPt;=LF%rT z=dL9+y***2nFBL$fu^vz5_Esi0%b_OBx6m0Fo=_7kI;x$8YKr?JPZ^Rlr_Lh!@cMpJ z8f4zVp`Di^8q`w&w;TzVJD;sQu>Pgh8M0i95UF_M?HrqHTkK>44^L~2kD=$5Ofbd> zTRm2%NO2j)s{&J%+wIj+)H}N~diH!#W+vJAizTq6%W%0))jg6^UP{#j+g+ejYoT}Q zJEJwME$4-#<$amX_CF|rIU*H0qbNyf<#5U{qZ75g%xrtvG(==*TglNvy!z)3Bn+5m zh`QP~{0yy)oX$Z)cfB9e*dO%2=2bF62R_xabjs&^J!YuxFBF2}wer#-hfs*6l%k7C zlr6vVE!r2lW5C^bdAh4jvw^8JekTSX9CloN=k0O)qJJ)aln)oeLEprU&Pg{iI-~VQKWgP!ANOtU ziTZ78)+A1?+Mq*v)-O#gUT2wLU;7{B2-pcfQ3mMB?@t)#;Egdv=xVJtIF6qo&eNUJ zv|~#y>?1X?9Y7j^Ff_Kh08>OAG8F!<8CSb8wMCY1Ej1{j;6F$&b1xV`C6kc|Mag|< z{3TYa%Aj;k;~lf!?zAS2^D{G0Cc*6d=(aU|xz^^nZ_^8=IUH8B`)H?$PDQ6pYL%DY z1o#>>M6oiVaK*nSs1uFi?3vBnjy#=Bo%2Yij%Ixe;yf^!FS}G=W@)d| zFHTaZb4;BnbekU)yBywm!JR(a9-!kO4IFwBtdRCQ8Xh9`{Z^c&tFYR1HmBzH=a{cC z1v3faTgl|LPlk-=sz7n2JOUfrV&cyDl`5VWawezkRpZZW!^Cecx^mvVy8X7xPb>WI$>cGt=zZ2mI-Q#p>gCA6c{_Gz7K^~ zBd#Hgt?0Vl6reo{iW&cbkr~z6hk0j@f@U+76WHox&!A!Vy&0MFP_MS;PPAYa&8}j^m?D3pM?DRKHYux3> zY4SB!Gfd3q^Q5bk^+iEv|K+9-O{IWjIa{nb&kMr)?zcaxNM_FJ-e&1gaB??foP686P2M9$fvHB$(9N)v?TIjGK8u^yIIlQO~aq1j&!r6 zY#grX9&tN>p4i4)=X2(e#2J|AhK*ipi1rlhbX9sM%w@l{eKv*HX`GjjB)J72A)#YL z`KR0p`9Im`Vhe5(YYZ-K9rg>j9mtNSZ5+zY+qORKW|$qd^d$Vb&-x^zIN&oQL)Na6 zQfHta6dKw!roUK;tD#+B)nRS>%gbBHAD~3yoRWd1mn~CCu)Y-f* zSJL-I`8koF&r-g}guN79monsUr=>xv#ezy_f+2m>Mjlz_TlbYgQ&Vi_gLYMWt5(kM z@C`h_4NT1M2wQLN0+OO5RQYdJb$}G z{Yh3-I?*>T#cJF%qYi!vTao2Bqp;GVfyq2hgBceRV zF<9mb;}6?vAf|}BH`gG@q3$Uy2C?x~%k|FCdYr02laUbXA1*H7HpYT3CxTi?LCxhL|cUBH~5C=d|5Yjq)OB`bN9`A9AO~GK+0C z7skJSx*jJHG8ZC?VqOJ#t`~Iapt_FzM3j%!EY@92=_S?ZI67R<_TFX#-+d;t!^3r4 zBF`92W>g4^CI+p3UJ}4o*RRz(@U6JE@}a}7TgAS z;ioub1tL~QgA9oqDsOU9L83Z20an49I1tm#y0e1~aoY0{3YSHkIY0CNz%BRNY*0xPZP+K(IW=YN zTNG%Qq2w{qq|U9S&VsnEc=yqIwTwE7gph0g$gMfM=JYD}zth>wUDkN7V!jDDoR1$yA&!Pwa7AHk~@VxMAWmH}OxXyP{Cw z70&70wvw1Ow(X{o`J93^hetBSB<=2&64lF-xQ68fqJPUeCdP>nAS5t<_&}ku`MB}+ zDg)3ObD`nUO2qV1Ua{}cg>pvX`2|OUN|W<-GASx6U>Pg^vTEh-st_e@8aE=1oU$@J zK(CSO3l%HEbPjgvWqyvifSz`+nHuVlnFMl)*%=i^5cQ>P7n9)f<@iAe{@n4oDQht_ zI)_`ZvVk^;S%N{6JccRx!-E1O{H5uJa5P3yJv<_s##B(n?r)ReG4e^VWy~^PRz-!E zo0RFfIuOxU!s1g+Ai9ds!Fi2KnlWu0tI?ItzO1PXTYGgO96fWL?eDT|6jRp_*lo)t zc%)TzKNN|CgrvT;;tsylTpaj}bW(5Yv-FFl)_+UCOt-u#^<7}5fJY6|KCxCwMgd$n zIa-SE^WlCtMyP{TAIEKF^G2?AXytxZ^S`epfX7vJ06vU&qnnFFio1<^=DUbU z$w*Hdx-+HvR&t9j1pd`wnj~op?+3w$p71 zjH3Z4xW>M0Gdjc1=o?>g2k)cSMpGm~AvUMy(;rtk(hlUTy`p1&K!=mtAOAeGkaZ&(8Vb6U@QJ+j?w}OB+~ygbo7egSr1>DwFFzRSe*>OpwB?)JCBV?* zanwuVe#|hMthhhN}Q2fb!fVF`?f%PT1nGgYKX^3Tbl z%86o)KX^yA7Q{un%ntMGI&2S>l8*%LLzY`Ienn#aZTb91Fn=G~jpi}@H*EvFVG8el zE9xicJOB+|j9-Bn*f8l>I`)X@CJ5mHxbeM~leW|5(h# z)Ek<*BhVQDm}Cu;l=$zWas)>DIS_4c-C|`U%FlXS@gBRhpkkg`tBF(@vMOh@ zT+vA?ZiH*vnVc@TJaDkGHJ`jX&nhLa`s zB?No#i{ol0OoEq3etez_L`c|zfIso#qm)ap-{M5gusj<(R%?cd^5W$j`Q!}IUrW`! z4ELog-fz{^&4cpfNTy7^IPHhVNB-p4lQDp0F5#jGhOZ?fN!p(@&LI&L~9Nthl!%Wt$GNp!oG<7d3Ifd~_SEwlNW^m_fpQ(_vqI^6HMqF2CyNu=-kN>Nj0 z=B<60bQTYi?t}33oto=r**ej;ym1|qTDe)v;KQR_9PorTRPPM10iwT*`*3C(b*C2t z)s@M+uIP8$vVZ86I{%=aS}IjG8*N>+Db);^z*{oXvB)#;C15<2&hM&u z(!>a}DPshcRp1y$v$7rUj>t-;hX&e`CwZJKtVJHJ?0tYY-CaHFROvYL7sd4CqQHB4 zwpcKz!%|ZdYg=GG1gK(VRU+?Ls4?g@%v6(n?@rV#aamCOX4&2k-e;b5?elYr!!R)Hg&gn zoM_P@GtIV1+aOB{8&jMi8(s(qs%*3W!>my2U)d04z0f~Rfer*VSS=nA(< z|JX0lg4+k{)l8%rVyc_Z?_?$W^%_If%i7N1VhmmU`<$Q)4%L}HsYZ;vke4o$=xWg0 z<{RpcpTCx%BcH|cqZmI``!f~Y-Sa_q)$81fK`iq1n~{IbMfD~0|6nBEHI`NErw=?a z|DJpBfk;es^HmN+SvU2_xE>TKL6A-7Cf^XDQV}7K+UBZ;8Rs7JQ7x~^Vg3{rvMg$> z0-&WF#5ZD|+4W;m@t0F32gf!f1p0Yg1}xft57QV^m`zq)zzI!RQl(SdYhp{J!Z5(e z4IpXqftEDRwUN@S1{N-_&F;V3xRa%ph}#o^?yVQa%??@A-lJ((=xoaw1;^%j7OR`# z<*RoLQbm9pL9H0=q*Q$Xqxpe)>y{jX@~n-_FAv9d`YUZqeCb=fFUTzBcI2ILsWQ5D z<*&(pI7Qm1qy9wLL>8GY#kUC%mc{iEG*a;DL+eJP5BkZ@2E_32>#Nscsvl6nyz!7@ zYFafrw(Ppx^A6i|g+~VM# zo{EL8^JVrnhuJ(@)qRQQgyK&Ie~RxcUY!hnzm`YJ)9$$m)G@93_!4TFfMn`zW#$**tFY)S9t#%(-vjF>X+sx$X(-UzfR zYUdXl9myB9RU3Q4s#y%oIy2BsM97Sdp734Tqb~W!lXpliosAS1!`$Y!f*kZo^9_@N zJVoWWXMnrD_{SA>rp4-woM8>x!{ThKDR!DkA6wq+112anE*{U*gnge+I*nyO?>ix= zl2AT`iKH@XAvNjY`OE#~ACmsTRsYwtgvX&)yXzItEX=pHMobbxe}A30XIG-d>obG> zbDX*5E)73#aMknm&L!jZ1yh^&ZbNbe_MCe5^D~pfZx-9q(+LUNosfhyL73c>N5Ddz z7Lvn@v`2w5@oV@mGL?|utt5u#cSeDsjM-r>I85AsgE)oo(s@iWK!^0)kK|GF+@G=fKVp_ehyeZyf7JQ;{P2`T)J z!Qg2|ZLgRW7p?#Y5^U*ahc)qHuaBKF!D_EbbbqO4mU}yoTU(kP(n^JRCrF*2Z*hkV zqD|t!T;Z)aQsnp5#?3z#YQw=sS{5O;WdcDg(6$xirFfeJWa8osbg+Q@`|Bs}4PYOMTZ#O9ldZq*y6Sl-f&+T6>|$OuN_kT^&V`U$N9XJgX@|gkY6UQ=y#pfAac$MDR?F@%I)=W{1MkNYU9;lm+H zUY$J*$L4c-je1^htbE%g;m_7EKCOTs)cI78Bu79qDj|hyTLwzuRm~_S?Z~vGzCQ5S zREN>Msg7DaNR%t3Dulzi&D~h96S$L^?2^>LTTP6=7LM1GpvJW=4I0WW?rLVg$QWPT zN7K7-$J!=?b%yEKUZhLSihbCGm*h3akARL znJCni`Ah<+_=Pf{K+y=Z>Cn;+TE&ctIWzZ+axR3*p&z86C;Oh0u--hL3AQ5UH^)(P zy_d657~6~cESQ$6J7{$E{STgPp!@j~rEzyV>g9!PUsF}rPfUef0(1i&_KPbfgf~1g z9ZKlJ*RpwS@PRHH>m9*%xy0y>C}?=Gfs&BF%)ev2>-I%vC`-;uVfF4NkF0_>aXZVB zgeS!ho)%1?bs}ZZtcg)4tC}=d!;ogIk>`Nx=O=ppURw*8rJmYG-_LVYq_qOFzm)3Q zPZww)8~6L<3T6ZT+(fhy_dV#hO1T#D&dYo;z&0uKp`PK0=ovD>Qg;C6J@pHe$H(;V zg5+DYv*_u%KjcoI(X?u!nNwupSBBs9cCw%-+LWqEoGWZ#fbqgbDa>B z*F);#^3a(E&|OVZ6CjiBZd33!35mNrT!QdfUY-PC!^z>PgI5*heGOzw32qwX+y3hU z?bgM@#1!j#zC?a`JgWZAZ^p?0a3Hlv+P(D`zKUuAAYCxlcm_wb<)nT$)d4mG2QG_N z0(jm6Hvw*IuEtMDtM_NeZc#7QB8%d<)T&5u12U)G#?+4)KN6f#+KC0%EDyG z?QGA97vG&G3=RH_y1dYJw|5(1#Nl zk=JTo5@8YxYF+gCBxP8_A)495Fa**rBs%K}LUc$Og2=DW$1&>darEcx zYc`2+w9tV&ij78^+Hj3+QVK~IZI;{e@2f^>@ZjsVtg`(S0gSvH zQ@Vs+{$P|%Z?i@MRJO!d2eXSj5u5H=6>3?ea-+;g;nxC%MD_i#l*7$~SSq(5M4fxT z(d;gWM25ZP+MxHL1e~nnUp}D*(_nO-N8W`xEY)NQd%p>l;SkC@MR^bHFyyCfE&z@U z_z+#ip|!VEs}jQ}H2DjR$uGOBwPpe@eeyq5`(Po}iN1A_UwA(e2Q7KAf%DQR;1(?) z%BOQ34oy-*{`B2#6m!|V7OFXQDRAjZ@lq$nZLFnC8#7S0xclGq5lsaIPO6WmH71xc zc5>vxJ#D0MUGro|0~rzqb>30Y)XQd(clr?uyvP(e2>FWQop|x=fP$k<9$~tv4;UiK z)aq%)QQa=W&0pX?X1BDovb^z^^Tdx9)2L4QS#(Y&gI zfWS$;@F~--7G`W-$ibq9QtXPq^5f`j^0VrH+P)#G75umqjcZXoTeIafHR``;9!w)o zG=m6f@C)En6{%4fE7ZueD|8!&5iD0-on2MkI*?p$-UT(ZAo~?Yr8gnOE<=(m|K-c6 zV0Jf;4sZ39xDI)sNoBlTp?$BTKrknVx%RT#b26YfJ>6V~Rw z26lzPG+MymE>91S)k+h9loQ#SqAsQVzTj_|6Q~z1j}rZ4*^n$iTb;p(wr+Kw9n0U2 znLxB8Ft1JQD7++OfTgRrBi*P6VF%)N4Xo5_TV;E-WgGxTal zUec?cR3SqbPFJUPp$Ms5(_HLZW2`=IDG1XX6|3A>nJ5=mQs?w%AYn!9P!if#=5JM& zB+|kd#-L2%>PuHrH-3pV--+K34PSAwYEDL-pS>=3wd5C1FAqK)5Od$gYm^FTmlBVH zsoYB)Gx_Cj^vp`Hd|XkDSP%qN-wkq#t#F@pi2=6i8F1#};d1rl;Q>x1nf;!Mg!c+= zD}OYv6fMj7)S0u4S~WUv<*Wf}+CjVSl@@D(?LUWXerNe4$VG2oC1G*1&8pg&$>V+AI*H z0vYTC+;WG}k>gQtlo_9lr^|(*$ zq3&s|3P0$fAtC*FP4(7HmMhBzm6a@)XZ-qIKqoB9`4J9Nt^%fDV?UMh&fKkIk5 zZr?m^rv=`RhLXpKVVox&E_4W{tlXV4Q#f-k|wOg(t|9$$Iab7Y7!poJbrvt%O zH057C<~&4ZlR8_XxVn?l>#oAi`f08W>Ax)v5w8RWer|qas4L@2r;Zk~M(3N9F)h%U zQA>8fem|dH0d|fbDZfyJX&*U;j(OR38mPaD9;t5c2Lkp|s}s`)U1*HrOtQ7i63A*@ zf2gC_hokvx{Rs`Jm6TRAO#-%vi~XRLAL71o z#HmSxN^Wy^L~{n`JXK}8g{M<@MmNtV5|PVl`Q|MmpH&TIkALS0yPf9r;WNC4{R{z> zpa~QyN~sP?>!JBZe;m+rkKS~Mu~bMxDVQ2f#MNB{`4|ki;O_Rp4~js(GB3L_>9~fR z+JII5BLvFj+!AMng^H+t^X42WM-ts?pjPocfn#q@?40U=5SpPOQ_{mxGQ%@qzv^&P z5%bO|6p706|6au8vC-p*7b6;uiJ@*Ao@-`N#l;CsI$wK}<^fj>V2&L7C{@3zP$K;0 zzNS$ZOBo6h$j3mc^1l~ZW)l(WK~{`MshDIF!BZRH&@V48i@cNp?piZAkcxai=r=En z3~E#<82XXd^#^9iAY-Vr$v9&u7hd--Ca!8`wmG2TW@aZ*G&gvvkVg4DLc*iMbyh8}h_TI412YmkH>Gvz}a22>g=Qe6pUWR^%V97%=QS16ei;Az4a)Qpj;2IB@d;2H zn>$gCgk7(MBXH=&6H`%;<7`RruzK84W{yu-UAwVFvi;K7BE0WfWw^}VGpfDS4!aJV ztxkI^7kgrKlbI z=L}8(LxkCzi^2%f6i%$jXlO0-37xHL#FEsHz~6 zRz|G~Rd8tp9`mQ80J&dHvTOh9cp(r)+|}b6E{i3kmgW}4HIxk(#%QfkK~#%L)_*v5 z#`x`Z>kdcdAvnJ|c+il{G#T(KEncl@ex@o^UB;RtZ;$J7;6maJhNQZzealRwjB1@T z)?de6^w79wCZdnVPIE&jL^F{Zj6s2)+>Ys6RmD04Wj_(H_J7?JIQ9X4B zZ~tc`Gfc1HXS~tpQ{BYLc#+2+W(I|~Snw(Y`@G576DBGOj&!`;r}9f=1j+W|47cx$ zmQ{Qu2s2`q7VRxLpC!Supp?3isrcDEl)@zSjW-&m8;GT zoDud<0F2!kT$;$Nk7PZ6#))i5CYj*34|HFXraBQT#6ApQ;o?dG#zLTP=5E$F;vN0K z+^4-!MxYl{vmAu15rhE23^)IkH@py_G~(dni-O9u3O`i1k@!B;QT951+*`OgT9~fN z6lig5`&51<43rvFCTP9sc1DVNqtjvLobsuvRf5X76B!KoM|^(pDDxPhvjreFc^z?s zmtP!(Cj<^6st1uM<^!k|-k4R%Mb>6J7*P-2%+pA%fKB*8hZ>a)3uEz*Y~IvYquSAD zp`ybdg`a>O-!K+J`&G}7W@HE*(5qohiVmmwvDO`wdVvLS(21ZX7Fnx~3dYvs6Ev0O zfPT$?YsF>|AQfe1>ns!+0T4$lusIphSbHp2nnYz(oh31t{RrA*vGxPi_!9h#CJ95ASq6HuQlaZgpwK&dPaH5Wh-^PPT;aYb4z>*F@$Dw+{XSKd)Y4IgYzS2||W#zOtts6|_f$(7F3a zSzRPFPN11s0>}<+W6Gud59_v=Em!Yv`t1z#;Kd_p;TS6rzh_2@`zlz~hTpy%+I(d! zNA%uG=;4Z(w|1NS3GP%<>Y4Hoph7mo5|HOt-oUk|n#HkoS46%;)oCua!0{AnWV6RHKZkYG!IWM#TYlFnCVB zhR-#1J2w*F;B)8r_|m+g>8ol7ym(1vEEV3U3~G5W{u}xmf5ytxai@ak@JZ4?+j89xiMGR}+hbLhx13k@;WZ~+kR;Pbj{wK|gSP$VNe~qy3qj_aeTs}}j8ORhUI(CDf)^*O4#^;kIcHd{b1FRwRf+2|()158) zsqgK6mG6u<9U|P>?ez7WGHFpfk%6W@ml|3$;Gr7qRl*pOE(ItYCc zUWQSVbB^$aJoD&M!#$srYGP53?6%KqswdV!!(0Jpn?)fwioBPhU^_CWjaS=($pX6) zzRf~PEru%<$Bw#<@)T}ppq8C!fxO`>Q~CG$G^U6zwKR};k~;RT!n;=6e9(kpr`-OBW&iwzI>5rkP6!1!*m8k} zu4%jKjv~0l!`r}w03R2tV5bKbm3C!h5D6=K@>oI>z zD&1+e0mcBm6vS&5P+T()(e^x5VmC0e+ODJyLE7IJbv79RVY ztbhPL5XWJoH8H24_4^$nwe}H;0D^Icw-hsgxGBV@{ZY<6k;WH)S)XQMZH+5c6Y_~e zGquA+b!@1Od>xk!T1igJZ|$cSvhVeB@_LC8csKwd7*sBfE;5y_*WAt_<)`dKqCP)0 zdc8+WHWeC`Zu7feuEAv%&k4kQ16W5y@uVPpi6&9KLI9fDFtk{BicIOZ($@4}k%>UH zix);fcho$SP~C!c7@&QUY{sDe*S_)}+Eh0el=HPw8=k~FuQI0EYng84z#YuOvC4=# zWbT3zwgs1)X{KTP6ESAJy&kWqya|`nW{@M%!~E^YpppA+InlcNs{BCrs-v`PWbDXT z`LBbXfi9`@D7%G zgI)$-b9C%MJX%P@74Lms9^F@39R!#STO)6e*X%r?a=FX5e!pYT`I}6W&rM{wnDc@K z?V~2BvB=1{7EjQCNF{aQcd%2l1#4a z;Sy6ZZHuNCQNqM*>`gZIlLMp!ZOLh13(?{YYzfKj`A;_8sMrhwi+3NCNmOv@LWiqZsHwzyfRNkbPfVd>FIJuM9y6KxY%?8NK+*%vf$)+ zC`HJpsH|MQa5OweuiB3{Bv@0`wvz5B=l3W>HzZ_W#p&SFu2UqVV9+msTWfRmC#rqp z=5H${zvpemVYHany}%SV6VQ^FyEF8Ip34da;`FmNt+`y{R-+aGjI8>4fh*$Eu9dsRrxb?u*m-`3Or;J%_AxMIeC} zN~Ly&zT|%Kq1y0{)~YnxS>QF@UC z+d2Jtgp&*Mf!y#oR=%3F2;cN=P29z(P;Qop!_AL^z7TWI@QLi-?7`Y`tm94OUastb zg!R1=H}sMj%#IgjcYM!ZF{Ou4Zo?i$b5Ie{@@CM5WNCF$%}-We^ORSU@&KX`kBo}6!C11` z(8J7olJWiNJ%;4l{JaWhq^rqH-X2i0OEVgpvm4cMv>WAOE2H&ybabvC^rn-j3QTI$ zjAA@Qp+uK!`q{49u;|e3&JG^f! z{bg`S1f2u!nzP{79CL(xJg_zO8n@EngS^p?H;Og&-M`o_q{Sdn!dSlR6<+`RB*bq= zgp!ihT4+BgmSdE;ay_P@qFR|Y-!W67ymng1VHE|LUs3}K`+!qxn>yrf_eR&bg}Jbb zuljlzc2?s3hvhl5^WK)pur8)gXg$#UZ_hhZGz83t!7m)KS!DMOUKOgZog>IuK#!KF zv}E_g%-p0%1L#iV(8Fgt-}P8&hT4Mpzy7}e*!&Qn&=3L&@O0P%Z0pU&~FE|WFopNvb)kO($A0xfH0#=H`zi2hMmK4tX;k7_un-S-$Sqxo5*U4JsbSdpmzLcw=ID$%;X2?Mao<_9gyBU`ie z5GJj)Ib(E$YXU=8duK*~j1(Yk;#x=Okj3h9 z9wEIx8T39U1otF5qcNt%#$SfPu-x~1i;_a~lG1-aPC1wWA`Xr%XiGlv2E_^$|H?}N|NJqM+SF4-+1sL*8Gs2K3xy~eJy~eM zcDG-I`>n$LY6pXJINNE{uYXm*WWOrYi)(6-QpqM;3(L&*;c_*9?yed;V!YGl3ki{z z>fmeRF|pM~)4uBu4h4Ovq?}5%Bo!j%j82+3EfzuZB6n+i*}gUyR|R`&W?Y@G;Xg6p zZ@=osLAUeSFBm=AwfPo2U)^aIc+7{F7%(*J_9JYvAT(WExG0K8YG|+y4Gz>jN(v5K z@oQD`MJ>8q5R?6~`vDJ0pH$2mvBU0SfMEuim6mOM1y;h5ZF-A5%dcZlC*`t=+V7+?7AO5X-IQ^ciPy#VYIrg}q={~AZa3&NF+Q)mkQn7QM|Ovkfhr~x|f_^gGa z77!=o?&VOQ41txqgSn)ana-U!vOfv<? z@#GM7#KZYINLQP@CD{w6H?vRP8 z_>}A8^5L;Gh%_yk+vQ|4>&H1K4NajcUnSW!|4s7v-Uw_>jYgZBxoj(dO5BB?|3jvD zMDOp4o(1ZlnBZnT?0WVtp3ccgXtNLB+2pWwv=d?^)`|h<_+?PK9(60ZA6-ng^!pA~ z=|5WNKWF_WH4JOW2yh9KdXuWiw*{3??UQxMgm^uwv5Aq_lS2&s?HZhq(_P5`t)w!Z zS+pLe4+&;ucwN@+v<0-BdmHq`Vuk4X2lLU>-?uc9R zxb_VW6B2fjec;Q3UJH=>qV6&Rl|IYiLCH)aOpHJ=!KSjEP~&Kvbv`+!v0EVdp7+38 zGG}3^#}bT|=u~h6iof^mvX!pxn!HT&pO~6r1j(#-pPGtw3f(&;o)vpIx+iZ{T`%x8 zpnpuE@pjbm3iQpkMyYrG-xGxZ7g9!Q7D|4ala4p#)P7ogeDl-uJsZ#qK~-snJMW<1 ze9i+0XGi2@aBgUWJ6{s!C_&Uo@An0f0{XDNRB%13DyM(#x|;zP8as1Mjd~zPK07s>9Q>OzHTn1 zN77UYN@HHf)AGW!jAJTt?prE8AqTP7E+BG1)VW1}M{{POk1-aE#E^7d=u5B4H=Z5=qCi@{YY<`IlP|UNT*cL!s)~v8 zvz70BQIw6seh~02n{o5KZ-`N!#rdePrz(!m`Vr#hY$H2~Nmu;k@rFYK$nA-)df6(u zb(%nKy#cHm%T_K{`z2QJOd)b2y~ZFR^Oh#Lvm#EAMqrj_M41?(qGCv$r)j7R(>iSJ z@D3$g!T+5)>Nue8n`+{vB5GD_$U{Ox)F!j;rle@HPAz8W5z3Bqq;56?p<(=kx$o7g zj9T)NfZ-4mq4H?4I{&O#ITx!UZv}v(ffqW$e(4gm^Epp&YsqmTcm4#-2vakAZwHp6 z{MZy2T9rsjsjLgR1LOt0&W^6NKtrRB)NP~J?AOs`DyF}hd*WM_+R#kC{=3GA>|&*& z*!=bUjaQxBaYK2-zmJz3<~?9u2QL(2A3k9`-<{hP)DTg`=aG+393%YZC7cE8D`~`pw$z_eTK1#-&J9 zG@jPoj02fov-!@Wl1tg!w{0bM&aZNRF`t#8!S|W}k2a#MXPT(pq-~7kys_azmNk~+ zIH4P9et=prR~IwNze1(!@y!Tl~Y1&@!9>ehRsbA?xi8Ge}ymBuRR&Gznm z4m>~L!^swP=yA)aiMZ|Gix`WHjx&rmeg?O{%OaD6MSib|DD5gXR_n1u{^i$5ZAf2W zevbb>RD-!IO8I6PbpP~c^F4+86_EVT{@3B%SVA@7oEr4Zt}pSw__6dD6WM=bKPkVj zR*ok8kZM5beDlc6@5h}b|E?Z8%Fr@FwwfXUZRPf4bvA{~%zCpsF!&H@n(cYXEP5K? zV_F03oCdEe%ff*0A0Ks)wYa?>_L57zZ@@-&VVdSLo6`1|r$M)ISn|j)x5Uv(aS7r3 znR4<<5z?}m|NEE#YN!~@X8Q0@kYOzjqfy3aB8!Sr8Yf8j+wd@ULr9kdWlBLfSAu$D z7wi!ck7Efn14H;*k5Bnkdl9lXUsJG-(~&b^KP_U^6dHGLl}64*dQ!Ld7%oV%@6<-II3%+GaM_R-t;F z;CJd}&1y-H>fsRW`O4LXAId-7=KXQ@({)vomo5Du8cX+o9+?kNDTBLbxaGtQsB~(* zCi>j$@1V#H9hQDB+j9beW3H{3fMiVP*Qtx$o#9_fG2j^tNJg6lLghZgqE_4A(34q0 z60Z9!1p^Upc~|c~l$4&j6{C7UT%6thWrPvrCpngIj{TyGw9)ci1?=-7QG)puydPySsaE3GNWw-QDh! zcV^C+^IiVH&kd~AtGlYYsuVBS!^qfpPQ*Dfmr*xY?ftC`)}~hvr?if{JSS{~HG`WA z$!jT#X!Me}qNhGr#{h-MqtX-X$;2!nc4Kor`-3D_kFa{ZY*dg2M*`FQX@^~-baIvE zh|+*;sDD|d==`vx!9oo%Y*P|7swM-m^sKh4t%-ntuH@f5LjR|1)R_ir4Ue5z$zr_@ z54dTH9$wh=Rs&?;4wav?Tc02S*DH3KUe-@Cq*nqd=%6^p|E=i$->o4xJb!V*BmqGi zbp125YGu=_x@|S@Bw=^wD}%J9DCN1WNq48KgAnFbX&8R0UpIT)d3xS_ext{$=c^uP ze>veZdX-qNb!l6QIzjDjxw^eohDZ{ozq`FwGZZX;eNjzgLNZfdX_p`j^yVH@42tB# zz9`?~Miii;&RE?__1#!+bstSJrM{D(*EI)cc~R!%DjyoEX^*T9gW$&Lq}4Ni<|(?A zBU0B-X}g}@twb~fl_Ba{Y|OmQ(tD&uz?-h$RI~DZ05&pmEgQ@DTE5bW(0-m07>_z# znIsBN%3l&FFaplX5Fc#0RvVzfh82Hpby3ax$5)314g6wQYYakxmivxcOIB9%zo8u_ zl8fGGR{S9j?j@S(V!vW554g1z&=_Drhz=%u&d2i{Mio;feZpY()%;3*3JgeL)@M1?@GZ>&NlU&$FByVWc){a;X>&;3d>T#D-xa!TFu zT1zJMoNOYE(8dYHL?)eMrm3tjLjM2B5?(?ABch~zdfqekw-lh&F2@EQwj^9On|xq% zTp=^J;>$;jxv`%d(pv2Lfk*Vl(@CdQq#GA*+5H!I{UGhCFp(6k@rk^_aPAUH>l-;Ky8)7EpKsH6z-dUMC zT!Epeetxcac#0$HkQXezfYWTw6!siFC2T$hxOxxKouSJ~!JI&Wo^W^AcXf%3rVk^< zvI#7utT-4MkOi`dxt`x-YLoa@UH!lx6OUkzgdc&}#p%k`HjDkr)%x&c2sx3Uf-EL#Se;++>(u$H^USvn z4yX1l{$%GSFexI!!`&1>5SA9?^54?o%9NmZ+L14Qfl`){|1RwzW+M=Dp_4!8V@d=K z{z*$5Cw%c#*kCm?5b|+l26c%J`Fm>*1jCHklZNpBxf#OUtdJXDS=Ce#FmeGwWHD%W z#93pX(fRR;A}lJZ&`VD56TQ~7;fG4|2G1nfXIAI4_#%aw(z*A;v5#HBzQx%0-U*Dl zGLNBv7nroEYIFWF^b}j!1IO2kVSnF~A6aJ2{7md+KT<6T&dy4DWRn<+cp9uyE=%A( z8j~LB>tq$V9^F`KUmTxX2?INzty$1FzM!#hJC+2YyP|@_N9@*z4V)5FSK?i?S;QeN zN}2zH6F?(8cJ;`CaFrzMi2OH*`FXSj(A z3bN8IIMA~a!Zq)lLg z5zmY+GB%IA2k-dNgRjr#i`a_#HC#dWCW5$ZbcDwR)<)3Z^1)77L9kP*57N&jxZ5@S z=_?2C%}4iU2CJRI>Z>SP8Jyaj>Hm6vfk_qxTtGmeJo~6BDYyI&oFKHhjD8{E{o z_48VNd>a{J?x|n6=sdUX*zQ zPjVYAE(=RO^z4a4W<5qAMZAi<2n3$=b~5UrgGwQYYd3Wv(_5T+GOidqL0`Zjg(M<( z4(o*_bX#p&K-`g`EoVZcLGj$#Kvy)G!>?AV6bn!_l7eFoL5Q{Sj|Vlz=wJCIK8=Kg zhm+BV(&XfV9URc8w6X!Jn)svHO8LLL&E%@ZGzP!k;*4vE3!fY$V=It(T)e(H?q#Yo z97{s9VP;S4bFB@=3Z^6~A!UYbj}tv-qGVp5tCfNVqR(v46whyHSjd{KHY^Va~z zzQ}LLj-q-ZTGE(dIcuMP*MGgGohU^c3`n!T=y@Zjw&|(LH(OQ?$Uy1*^+u@PV2Tp+ z_jR9k==6G=E$8n%(U)Q3b$);yGoPF4I~g~VSG_V-UkXZO(g6HC0Q1r;1RpLs5{$>R zdK<~gkP^w%gQe>?$(a5!*NaI*tI2ZqNZdzU7n^ks;nnd#RTH6fR%VR1E&%&&~CoN!M1{`GIh!bIjiC0LgzYVkCUTqP(ybsJkgnuipJ>89ILHu(l;^Jfe)#bB@ zj7v~h-~W^m|L+>e*!*Vc(iWP4?ZjkQQhtrnlbj26g#n{W%yXT53z8yi#k0VD} zY_X0O&BQ;D1{{_EnNQI)XE#$+H`5ncr?cpWPIFD*yg8F^`>*m=?5KIPrv)!`@aoGa0&nc;qrj_GEKL zQ92CGum z!4IH!BNLF?W!{{plE;NO(9ACVae}be-DgK0RXroWH%PxfWw{^0u|oAJ7iW(@7>0%Y z1Z+bA*&~CvxGu}JCIs+GAR5-h$?KwkDoo1_AD*+Ry_o2JRX({z%Fs^atNyFduz_n- z>8jlSXsq~BN{#$%vQZ%+Igf+mm+-I^cXwyHLzdL|?=xc}4JmZcJiuh~=)R0r^ECjj!)0pk9LazHe2L9ij=&2nJOKTHLYE<8xr58BMeiZ2IjT$Nm(d(~z|v2(K!#dv zx4>yvMzvg%Ig?|RINLuYO^038`n9sh0hPL6b+j1_*#p_!#rfAI`(GP?{Rf;dz6m+? zMhL3ygFm}JXNzSRai49JJ?#FthqW4=V~4glh6nq)`B5U#NZdDF6shqV!R|QVr4j1MgRngheDE2XCl zx}T1Z+awx6JRlVeRORa`pQsk2OBVazivEvje$e;2t@(92^|krCJpDYCLD$*)sUPmH zKS805P$r-l3#2-a1K~R@VR2Q4A5oJ9qtZxW0gABCpNEQwv#(H5*sqxQs^-6%TqN9Ri+pTm4~_A)=68VZ_so zR#Q3!$#h@lO$9>#Qidnt-2i42Ls=kVv!W$N`bgVGiR0Uz$LgiVgNrZ>iOVH}cyxgE)PV8EyhrwLvSJ zXprz=iRxQ`?RIvKx&g9wbt6*>^rrx$IOFjnj8=M86ad{U1}v)O1S*Q>h08}avN)?i zLbp&TiM$+ug+sDzIC~U(R7*bbwS`KbYJg{H9<}cpK3l1xp~ur`9c0j)vHA8v=*0MR z3Yd6_hmyk6U62vm#qn3?Bma(#@w^(gvxQN%kVMe>w`Sy9pYxBp5shdXF1v=iFVyyx zya&W+x)WkcqsKP@fJfV`p8#SfKWv2tdmKvTqSesR5j%u$KRIb6b(nTyYODAZo1wy_ ze$1#mM0$J*j^;dR;AhwkrP`eVqggEWNcP`TG;vG`%H+A%6R~=wc16HpXK*WJVQN+1 zj*=U6!&qW@Fx+LtJLx*SQTrd%*ONBxn<(8?vryXJ^xy} zPaA7@xXdNBe0ttz-*(P+ucPESaC$uoY0?=GWw@Jws?#mhBGY(lOZ%%Gjb!On=^~I+ zvU;^T`NpaMgG!c9I$?ipc2tgNoi6$Cv0=T+tECq45LhJwn1k*v>o->6$yZFXK;ZCv z4EykuR=zjfK*x`$-bYUVuU{yJ1bMO17SH8mky*4}95_{=mO< z52!tM3RTC`q1~Yrh^SqYsFnZ7D}*W_KxWe(*z|{EeT|B<74Ei%&EF9nwB}6?W5EaK zwEL5Ni^n|l^c(Ircmy;v-8ikk< z#u_gFN|%`Ln+XGdtbdyXwr%v&_A;dp9kJ)f}-9 zJEc(>lc`(j4}oTm zfh~^sU#G{R4H+8<_!c&lqcSzhBw@#ZuCbFB6>KlG{eX5s(bA zIw#gW_7x^tM%O&e$I~a4`h%oP-ccqlFz?aM%$*rb!**Jgy~bh1aKTX=;e;cPJBh`$ ze>CS>h40W1%TYr^M=Vp;5^f0(1Z|BKRr=QlY9PDm??s zxN%-GkhAMq2c+4-Y(Br@Me#3{hxnXlCFN|@$8no7pZ#=N<6Bza#r9kDKQ~#E?o6N; zr!0F8WASaU!liN)#`R{LX5MT{} zQQnH%<~h;rPYqdgrmz;)BFGiZmy0R1lf@3KLB&kWOwW4G)i_eKWwsKiO;u#Y-C$FY z&{&8njfzZ_K%rmfW=A{qtfBPhJ|!{=5a~k_qZa8bX}*U{SgD#dJ1jHNSd(s>18twP zH(Y(NNeIf6^UC;Y3bUtA$P(6AMrf`$d{9ayIdvf5eu;*+aJYT<+7|a)@}E!H2mJ#f zE{4ruC8uAR!4Gqd3i*!P%c%e z-a@&g5lwz|#|-E1uN%Sw381wIPGh5(Jm70Ef*D7OZqmX~f z+8_bdE)VIt#`ZwXDdU?#l45|JF5o*2j${5rA#S>dy4vqe*J5=zzO(%X4+UX=PIPf` zfo?a=x7+ifq$JJ?;#KeQ>0xVyvsV?<0)<4YHlJF*k{%zGO2X(;Izb9Qi1)MgG2~~m zo{~i_(VynCM520~k(+6;EVL-f7$78qL(x7^zXiCBvn+3Y>Lt#2*XkF~mj^8VK#`+* z#5?Nv6;xSI-t6~UrshY|3m+l7>LQ!hD4Nq#=4?X|=~B;Q)CYR32|mQD!loG8Ka--3 zqcQXcEd|o4keZ%?2bl*f&5sVtRnaunwtT4>j{3?O7iz2<%2Hz zi&W3`MH8vS6wX^5|EA;#re;r8ur=iJH|I=p5wK> zkG}tXaYvcG85P3WAf5|0ctvcN9H0DvFw_I*Xc5|>S9hxNR1X2CIVTjM| zBZ4d~o9F#AN&7H3U8mFOlc?ld#Zrcxot5)xd>sOZ?NVjv*+QFVN@)`e5>fBTWBA5d zWk+4oEMWg@6THUXYIURnZuN2X52?A^;ex&0xA!#^{Xkv|kY7WcEOm&~-6pAn#5}wD zz@vUt)p~osfB&fC+g5?W+$7^E4cfqWN)ZuOBH${9T(iUP%8VM7ohTYM4$+H`^ zLB|x75IIO^j`bQ+9TR`+To98a3lNpkU3{jCbkH#Ea6B7tU)Q`{&* zUdCCx&QY(YVA*i!Ab3o%jAiy%R&&J7tu;A?xS8kV7i2KCK>46=rS=g=T%?6*2xn=v zi+RNbrBvuPK~}4Q9CrsblWI1YaP+6g?+5|vKE2KAuElzb@CY8{0~?9@j+e^WJVP~K z1eItt_+}Y#iQ<=+@?PmR9uVB;UvL=u0=@D1e9o(qVUtMQCwWix{nP6Y6O!qR&RBos zLHl`&?AG~0tQ1?)2iH42)-Xv_J_n!cP02cy^UmYo{U8^PViWdNWQN?5B9eGs%4xHW zxPflzK}I>yT!pT8Bq7g}N3}{+Ex{#anemQ@{NI8N)NSHD5+T5#hz!+2btN4qo?U)g z=RNZkreDIsezxih0>sl@-1T8FG97zjU-t)hhF0fYs}wS8&8{d)B)D+ZG9Bfwc2dM{ zmH6K-E*z`NizYH9gPctL`;Wtw&~1D3j!LTtDH!t6VZ)9rT&maKoJ!Z-niT@ zlKJc~7Oqu-%g1Gq4l8C-!Li5e6LGQZg|U-lJQ%e(nIp>OaZ{`+s^%7tsTv=ap)njs zG4m7?!H?o>0e1T<0H)dfnzB;Ai%}3zhl<3JOHWpO;dDM<(`}7XT^Kg}_x;`$*~ll( zKqTTNArvU;eb+k(V?A#V zP5=`ojoLpTml9F8&orXq#2U{k$$?G>(v(KLmNJ=%HKw$HEfL!oPUdv0b_!2oTxhPO zVN6hv#bm;yk46=S%zX?`_8Y*Dt5~mxdh-wD%~n*bpm*GYZ22}zAqA2kODj{IwObM`*H$ktQD=#lM8Y>heO+#f?Vcd7wUuiEs~P ziwlQLJ~MUP^=tGV3pX(=T1ywzaA(<`%biMz#OdkooH~X%lYGFX%rpQh*Cw{yj~06& z%d)LeWqCY?&qABDBm>6^y#_p%Y$=xztS6)LXJXK}jKQp1Ke_fFr+I`rSNNW`CnPFd z&o!$jbM!Gxq~3R#ka}tVx60faS&1b!8t^)CLGZ&s8P`)I;h*fcx726nS)@;BDzNZ! zQgc7h2mdLF-9WtsDkCy0vQk&*^b6})q-4Qdu{x9%i+LPy3&`Qroh?>qY1<4?ZTUT3 z#J(}WGiv6pxZmPpl>}kZX^U~nhV0kx<;hAh#4s_LDf|qPnLCz2@;ugH_*By#w{e2n zDIW?H*nvv^=Yk(XsL_^-PN;P{2Cb9&h(4F4{e?Q1~{}1jSDiP>Z z{WpAgWCpXaF~kweTNe3>vo*_xnFaF$WYgmoB+mC|tBWmPsQ`K$LN`wKa;slisrV9| zTImDFmhcH+eeU!tL8|yBTfUMQP5iSOQ%q6v_}0u+q`H+52O6|8S-#<+CBU z*;pDywD;2uN_ef8G}$SslQ{6#=!O*|1)s?5ilMc;sa4?R4ozq^zSmq zsJH`DT=1UR94ftqf9YPHJhU1wl779xN7R8SfyjbhhzpD_#foEk=^G- znD2z=7jfAd$7_z&1A~148xk*awKcG| z&XcYK(t^SsL!Jwl&sKdye)UQs7+GbPnSJ^4geBTVj-{f}xxDSF}4rg)y+`bXHuy zv~;6-BfjUrT6FC}((vJGXI}SvL56(ucpdnZ&gG8l78n=Yl#F%omMtq$@T>y3i7Rzz ztErYM2?vKp$eiof3?JB!=wCRG1>AiTLRE2TZeyU;+@41e)bT)<;-QE*;9xN=!)y0` z6F-)jPni}#8L)i{4p{K{{>KQ-(nVYlroO}`QdUH~R!SWKt|ILY=`P$W^V}aU-p%+4V>VKMEdlsNnG|e9c0cL|B#0eA>30cQf?SGXQpFfF;FR z(R<3E9bsgzQEdIGQR@Bqd{pxZYxUJafZYorZfbQs<&S`^hmxw&ZDjm3I%%nh!UN42 z!q!~E|MQF#l4kQggkDbR@VZBY)6#*8KMcI{i_D~_$rXq0d>7l;tKfwuF--oP^V{up z&$h(I%Fd4KM~-Tc)vsmE&To1K-dKux7KdTf>V>F)9Xx(%5ijb?=h@OZJK}x?8Cd10 zR28Zbqgl#OPil!ChE0+J+T8<9^%&67KcmN__(okB9nd^u3!Tm|4DUw>u@PtUG8K8a zB9w3jufK|xk|Yg!hW3vGrk|TYR5)?mK^O*|2^YO45V;5b6u2Oz+yFc|i}jZAs>&H0 zwrQ&R1Y8cpK&0Id)6pb9*eaWUuEuBZfgmB4%jXL04%m3l_@!%1T4ilX5O;_3E-tMG zeO2iFJ(AG*n`k{c$a3MVd8&8!OqX=kW~oy}R3iT+xe9s?dAM^3uveiOXqTdo-v0}7+1pA-M7o&%{9F)j8i&3+49fyhS@xA zyRRK;K}fEbD*4iQ`q5Q4q4iK|;Src{E>Ic6XA3(CkG>(Yg2x7ZX9N=_p%GJm)rqzw z73xZ~@89cGDN@*e2@3Ba>o*q`yG7|zTh5on&1hL{Po^_hP_5F#5D&))s&L2>zlS6( z8Bovbq64LqvC!hY>MCnih)6o-eOb;qjhJw7L|879H{CyT{L!Q&cd9)DZTw|P7VCE# zWX|Q8wO~2Vksl+w&F7j(0@Rf>KXmnD^tztOLO5ohc)UCPPp#20%R6|oiUg^wUyNptoepWm zZsd}=hl~@(6O1voeWf!db@CufU*%-Spq$sN1RiN$Md1H)gP_T>eIREs zmLB4J6)5-u<$v|-4^pU&PbS`r5>p!g# zX<+v*-9kV`i)1k=V;`&-7)q;47e56HCB+d^AoaTLd5KnHr({aJV6^dSlm_!eKBPLs_^w;9dW~qkvP2Z(~cu9 zyBg`-WCtaAT~l3vwlw?Cqk>1EqayB~WGRs8nP!plOE_wEI)zp**DEXGFpoOH=F5)W z(}APcY?l*F0mg`s%8X??>0eP|t-3898R}l^daF~lT4=%{aOobni&ahJXFNRKF^|q} z;$_1HVIW!*Nh}849JMMZ5pp>YlU-jQNTGjhS3&RKAq=6zv@zx`BK>SAT6VIbrsLY$AOW(0EB- z(d?$OyXEY)1b$BAG9w2}`twTSV7o|4N@v`J`1NR2+a%a;&ZaQ3(ldnP8Eyz<5^13% z-uQ)8sG!z5zKV^Y)6{Q01pb|E-sTJo-p=ps#Z4N2xuimai*2}}$xL7|>h7OaI`@1SZ*AEikq=$dS(^O7bbud-Cm!B0tzT z?H33}t-tyGIb^tSL*RWta9WIA&sQOxnEGLJ>xdL#XZK@#&ep_7T{f{=?9jLJOt9v# zo{C2u0aP44jfm}TEH+Nqx%V^no~7FJrit5o(2f2uagqG#xrkTGHvc-y&i|Mb*^ki0 zh7AY+2&4W;g2P^9_1PUh{~;2%4MHDJ0|HE&lKR+ybL#w%8?m+;_|v_PN8a# zP?5Zc8C9v#&MlJ0$mIwjb4{HSRO%s`p;9~dmwI=#Qprs{Qi zX%Vi&K@o~F_`baytak}I?F{*u49EGQdnGaHM*(c?2$X6mRlGyPpGsX`HjBv*El#`e zHCCj}?cUFrKahw9o^FpFulM9D+JWtuNuHvh#mDRY(TP-6bEQfh?h0oC!+)W3A%u|V z8dtMCG`_SFCexwDlG5O%EiK&Ym0C>k=oGR%k8i64Wj=#+yJv!4fx^9#c?NG@{szXO z*H}!O^QUbxwd72Dqw!z9D#X)I5>D=>jZ3FJ;&^H0YpcIi$JOMKZgTrXLA45Y*2e&Xa{I;CbdBY$EOW>1Zw~Uxy+i zD*s}s?u)t2S|h}8e@DWs>|7yb!PDcDVXxqqdSJ|I|D8&PceaYO+|XveE-Woma2fHF zO-)pa0(9{wRYjS&>#lO)%a(ZeD4o=BjBj9xmo4?H)V%J6*KS--bGWGBuFUrJ~MN@y>(<8=F^V{p5BRWu; zlc43Dr?v?SSkPop`$b6`Z5{0iZ@TgzWi{x_+S)v^g7;!C#2L+;q3?Nwux~FI`&+cK36EepP$_t$tu{h`!1}}R%;x4{3603%0#jzvzH^85 ztZn(yM(4LT8+157t~QG`dN!+hZ558aBud@1YE5FZ1ibwLmqkLpkWe%#nV#}O;S8b2 ztKH3wjqg}Ydc=l3fjlK%BmW*k6JeXZ-z%HAmxI2v7`dmaSISv_qEV}`YE_8&G{-cN zu=J%_vCC&W>1C*g=e^;fj5&_nakB62na%=5-H}@)Up6R428W2xD}vYUJjcM#%gHFm z?fq9AAWsw%%V2f^kK?kSV?Z%T28k$kxE=FPr; z^kFmCATO$@y2X8x?003ybAyz$C8!8hY;0I6i;h{_B5G4fNTbZ2F_l72fl|ZVekMikLJCJ!xn7g9r3hi0%h~s+Q-4aH@(Q$U zvCCYRNS$FNoPHnZ7s!SV$7^*8nXg{w2arz(tZBcMn}kga`?X&H%K|C2t%HYyOElq3 z{>rGh&Ff@FA=$F(A%T?5@MPlOIbcrK>aZlE3F7-aiHP)b z*v_h2&Z$=^O%Zr=;PncfX;jhAg@J!gTxs#86h>mA3r30vA9Tndd)w$V@p5uymj>eC zel)vHUO0^LzreP^qlS(TzN-FrgCXD#1i*j?+P#>Ac2C_|uk0|r&x(@Yp5Jen)2o7_|4e4mu>^s6p}t0)=FbK_%ZJO^z^|8u+{AJS-W1#787a$Xa7a<7 z9$;p#k>~VX$Npaw51KSP?LsBo^<_AAzEVq9y~}h(p#{3m{TPwid`*H?@QP}MqrX+Z z)5BJ&$$A04FOfx~LT4(Qg~W8Z#?)I%n#E^u?{=Dw(ALa;xmLH>Jv61%+B}Lt%pda7 zC69gIawb119kJmDC5V>-CHX>oby-g46O&nb7D~t=Y)p|1heWq3vJwN0vstCTn zrd3#m1QKF0qizoX<54WJSWn|iPcV=c4DIu!Y6$sTfS5(a8Bm;*?i{wo zRaRCyIo?%uz4ZVu=#A+n*S|`ZAGOeTRa%z{pA7A3{#Mj1c3CrO_-y@7pTw}z{3G`R zix^oqQc88D7GsT((&+r^CDG!DQh8y&l2n`XApOoZ={w0Ch z$~!vXx*ylej0pBrA?R>{Ja4-g!fC$-Uto^(XjkxpIQ88UO@C7)=<~OY5A;}8>-?V1 zqF^;G{;;Jx1SWh@RT#HekOG_%m5+z|(> z5b;7igiUYX4nT90i~f#tC{#>)!ZoPoV#XuOcSMvGWBGzyu(Qnj*NiAdaH^$OfLIE`N>Vms;V)|h|?8>P+z^cyic4M?msBaVj_ zg(YM|23{a5T~}-^RkO|`k-RYu-Fwc8{X*k9Nh*$>8=x)+wv*eS4sTQfr{s{=;W;?w zt1lyt~61px!u`0ou`zgnZayt)|BR z?l5^Eb^7)o8ccu35C%Nmt4m5J-&zKZ>|ZBW1;?~TRFBCC)3>x>_yVfxCZBc~>)GP&3eo^^0Jy^x1cmuME<*(&8} zW9+Ja<#RfLRLI~i;wA#dIN>%?X>T27(qDGVwFC@7U(zp9_Rl?QTR+BrDN?}BD?t9K zQk=fBylka2AJ0R-N`^6`CQl$F7y%f^-V{AP2)EAYoDNl>kr2e1|~BHmF8OY za-&D5xY=c$;@vozlY&tog@(3LOUDG$7K09iEvD0m70A$U0TBuG!{v?kc6M>aFJ~Qj zlpX-|l0DqI-6dW7Bbp$2U05C(@iTaA=ywh(_GbNsA)D}H7F@^|h?mQqC6yAy$}{v= zvqFVLcnsPE(L+$d4*w*J9-p+5shTP~XcGzH(l+INFMZnCKR2ax*2Mf(u*7TGx~7ag zi}rHF@mXY`V8%E=S zh+>VZ%okv@KpRygL5zxuN-l#3gHEF|0a8W#4|xwQP1)Y4{s$s~mW|*2We*oqP(*^< z+gJT{Tt43f+o7a`0o8y$Y+~6$u;{dj!`l&~pv>y~?!oRW#LeT*3%4dajuX02m0yX2 z!953`Cu*^JlE%&LW!{gAcXw? zB!0bBmgmWTuu`MVu`aqhqGypS&1QuZ2Gty?(aGlKIT0?`#1W&ME;eYyo1Xdie*^ed zi=qtSe0ACblG!Wg3b*^pzhVV-w$n)(t#;Tbd|sMufUl)^(vpw=L5Y+^uMg0HGNGPN zRDix6X=hKIIZY^)&5jK}jw}01)mz$d2~OR9uNrmV9l$RShlS{Ed%1tj3nWfPMM;cE z(1-bm*nCkPspi7+_r@W4l=VWqOQ9fDfuJWinEy9!b^NSRy zKDW5dX9g3wWKIV8+eCWXcbXaV?c*lmhV_9@$9|RWBEk=V^*_y7j3NwMyQ` z0TV@;^cgc$D9ve3^$>U>C{yd;ISYT@q`DjzAAtpia50?Avn2U%1=Y2+30>UvI57-P z$k|;DAAY^7&K_BiM)aT;X@ce0EKA3TCnMzk6d-d^B~6L~I>a;o6d4X+E~7u+{(h%s z>)0vnAQfsNe)UM-d}uD zfBpnx;>%|3T?0p=W^@{)Qy`40Hi@B5EK+)QofVfA{ogn2GdMFIn8v0!W9iBG>NB-| zBO4FAVU#0U(TG`B$=0DZZ@%jvvOLsIp*(%7W0L9rnb7CkuAKG=dQw)s7M9QG?pt&aDbA;r{j6g?7j` zuE{Kf6GAdcIxaAWvNUEMfU0gt$Z7EoOXHKp~~gD*S-Gu$C+saT>%}V10UUBTO5M>Nvm3&xKPYwdp^U zO2&%;Q_@H4szY5`s{4iRGKV0v{di*|dsswlb%gyWNBcAwo6oBrlcb@(+umSZkHwxj zXGFG7i{)rLhiuR^<=q&P6b~%ubH%K6h%77x6OlX?*wsr65M)Z9!V7b~|GOt_S9UVb zlM|gr2R0OSDg2&*uEfl?m5gmXGrrA)9WF6Mq!r%P7OJIQYW^Du;`b1PJWj9p9aYl8 zy$KV)xj{bi8b=X4&qY|bt=aLEPj>$F`w$=l-C5QeOvBKSVllhdG8^!GMNH=`gc@aq z2QpY>?r)dBHYP}X^O?yiZwiS)KWoR94-wz9YJP0p>r$^oX`K2S8CP;KkAo7hH^cVqd?zAbfbwS zPTEm_N!o^lRn(dZ7tDk<(Vh*Fb54X>bICV+^Nzu@Q>o?C@Buu>GB+e z?o$5;73te$7WP(us0j3)TXU`M1Fq*B zFflPxcpS@BcU7l9agV3*z+sFg&yC337Xa9-(cJQ<173#|;u4Oe{2?$=3ICA1h065= z+FaF;SuqSUs3kx_L|ybNN<17L9K~?>fKZZry0QyHBEa;GKv-7Y$i;wX?zEd^fyPz%C+e8)P3J!s#TO5TWFgVnG|fK5T@ zKiUCkwJPEwO8GSOc{o%HpMZ$kUgmriF=){BLg0ca0|qZ?X%vP`F=C?`Nz_9KapBwR z&y?k|D28@#-_18XLGmWf-XSwM)0PiYLz8ps4l2liOej^_$jWHteYn0T>TS_`3C~e{ zTND>&52=P(;UN#Uoc}CzyUCwJ^L1(7}pMND$F z8DE$emG#VXk3LrCm63S5BD;iN``lkmSh=crwnsIpm@Sv-T@r*h<95ri6PRqZZJjDQ zU04HXQB$w>#)Cc{&fuhFT>p>qLL#7>iJ(gYfW#{znVrb;BLF8@o(LRP=%}cut6Ts9 zhvN6V69eMy4e9=j9rv=t zAJ7o7)Jw{MhDkn!@;4x}Le$sS$7!-Sl+g_LVYgFKjF;5!R+Ovm@Og#S50uTf z^55|QDDpqP57e6T2{bC%p8HY7dJUlJ`gV7x9IY9N#da5%6I2#UYHT5V6dG7$VPRWZ zyJjAqZ<<9q7a#GB;bA9vwRP%ZhNBBVL#v#S#rki-BBG!u4To^;Fl{At4T^ER_omFd z9<=R*tFnFiUGOSMQ;1q}bDrdSpu2#Hr|3>QmAsB&xzeIF`jfTU5&nhJ(lHRovn zHFdJ!|J8f`Zy$zyjiQ7A66?1Z#^7}a`^n|XCX-BGnR*``)+k@`i3tL>cV~_;VJ;=NV=$jEHYzN=s7n8btKZGTe693F?;6_a#F+|kOyJc%wT0FXk%o#`1ZU!j& z6fRQ<3oWjHGtT;X^>_dA0{D*dnFlhVfuz8=_1Z(G{Rvw#hE>j|(HWB3#^fFWNF5~iZe0YURw-LpatSPqu*96XPwww2QBTL+ z9<4)6PVtdhi$Cq3K>5>a1bJ09&VwE9x8Oe)s{DUEyQLtgwfXkLZ%<@_Nu`U$WCZrC z^nWe7IC#@t8Z#MI$=w82j3{+I77?5jI{$FTP-(d4$e;_h{`hsu`j2eO8u{YtO2U7= ztL@APLOjo`Vsj6(o|sU-nci-t6>21zA@b&MdgPg4*YoKFicz;EEIhe#@`C$EvCDH(>NPWdb4qWi{g=Q5- z;u>6h7pRpcJ(xC8ZY!Su7 zIXON?e8pl6^(^J4O`yw5?#5LYKeEPG*OMu-=CnMLOJ%Phu0BJ@Gns7!l(r1hv;`MB z16DJ%cd-_!XU4xmhuL!g5SQ0>ru>ymgvga2p8n^82SO4Q3D}3$ZA{fnhlxqHHg7RU z>NH6Q0!3f2lXOD(&r85O>q7%uegbD&UV4d?3Vwubn02byZK306fq>gC)=%!kHGN-q9e zp!~C!s?lFZEZ@gT3>e<*JhvU8=wg`BdG2ICQED}Pc8%yueMqvH?sg%{M~#oWp8wI0 z9Gv)R{Zc_`z~WB<%?!imp5@M;y6vu-eR0=qZV2BxB!HJn;Yr4EG}TDbc)YNjk9k4e zKYeQ0W=cJ<^QG{-k(*eSnxfLg2WWC9_+Ez6pe<1L!^mk1c&M?kkPQuuRG~+L!0SY4 zGo_wIcp!!8wJak1g~+o0DzCN|W{=w3A`N}GF``b@&kYF(KvL?BB@)h0^q#LVV>JGW z!D6$d{j0X(EiEdDsgM8pApl_7t`DcNGeN-Pxy9-QSZL($-H7g{B23~RP7n97bE0vv zH)+%o0P=o#qmN5>AM3At!;+@a_x{QA)gF2c96nubI$EcqlpXQhOW!d|a}{ef6_LJ< zID8%sB!)RB3X;Dw`d7}=gbpR;aJ?~Y@N`C+W@v;bvL}th7ydrD{w$Uxi76z>#^DWc z+&J9s%1Hg`GWltQJ`Yvl=4FhH>b1r93;>FK*ol3^^L9RQ3+7M4(EiAi_4e*#Er}S(V8n%nwt?NE&e5Eo zmJEl4hpAa!pqfM2v)+|B(VRB*e-)y#5fIiol_db%lL<|9*L&|UY)62a-hPjb|C44= z3*se5@BeY_$>2Jr1{sq4JOxZ$tJeLo3oVgSFUG6_MxS}0r~)ZGH8YZONdH=BVw8nStFT0v=kCoUQvSszfhu;1TJ3;nIl! zl_OsEHXGZ&UBO>g2EW+|Um?i?r)Z$-5XD0YxV!Arlff0!y6;=C4KlA?-QC4B#0Fen z6s>1L$*V3<<&5K+N+PsQC5gq_)lem>71^7EF+2n1i&a!Z=7aZtN(vAHHk<7)xuOxq zqnSagWU{dQRba%&C1AeN1PJfR4#3SShk%7V_9(%1HZ5gI9fG-cTu)L}AeG=8cwpq8-k*+q%MZmqpB@KwdTYXG-2ewq6%LEqVEX1bLT9tj2Bgrw?HHY zdP^+esE~@HgmJiY979fJy3Lj{+a6k7emLgbXX1GYo1#zy_+Zvj-tg{2%P4M0n)q3> zT2K&X3%E0w3Kihe$hV zGv+L3Sj_H`<)?;ay}$f{uOm#J-xo+TV)WnG<0Tegj{<8&z-_My+xoS1#s&a9L5Hq^ zE?guuXA~kuSWJh7X81fGaIA$&gk~qorLJ2{>Sen~mSw11bJGg>X2ih-7eK0bV033y zm}QP$yCw2TSj==p7y%`xN%fJOqrt?(bndg}`rAu@ufwkhCLJ0|_X8%Hz`%tCb+iu_ zhY_ktZ+t8Z9_pRp1Pv^p%=jhQ>a{rStA5g~0n-yr_0M33#1M#|qLInBx;p_HQX&T< zF1t;D>PL@YNwC-T7ADqEYUHo&(a<0^W@U)NyTyAXKPoiEq~r3&pde6+v)HO3SrVli zDa`C9f=TD$A9m%+->)*C}aaSBeo1qALb}ET9S2L_BIT8G8)K`O{Vgn9R za`1G8x_^zCVu(5g1q0N0lFPgjWx6ImM09~HmUZt5YWgJJu2a%#oWqf|En^-Jt_(5JgwPI z>bIzSEN|FzUg^ZhI_RukY!<;?avADGnTd$&J?k|*GHt~+WpUl*ji{TD=ZhWeKZ;8k zOBhF&1eN*M3Vv3;d<C@&$bz(A1yah zX+J&st2{tc>OpWN6RAQP?1Dt3V8ysyWZ}#%e^A80&GAvt}9L!ZwzYMwq5K5|^* z=Im7BAsKg2N}YrxE8|nUr<+E?K1{g%UR~xiYLQ$hN{)W@_#xiII7nJV(xp9+q2z2^ zgVcftSQG)Q{WTIrO%0#;R*1j_&%zP#e!8+d)y6`2+$?ElAC8v%BulTCZwzMlY?2qr zP`OlpbZ#F%hr9DC2sRLmQisa6?#&zaz1Jn3=w+iGUFLX~eK<6lJUK$p`yD1OJnuWQ z!ua$#GNYW=`3Mbv;()>3OyuM@?4xsEJ>L;aQ)N%ahA0Nq9db5|9S_>5((@9@K;<@n zgRa33|67I&Re_y_HHh4)xkn~27@q*Vr3L7fwL99dQd0A-TZQO&j+!97rR)S0A;3h| z2^3+%U?hUaqgJDn0eM3{?}vN|GS-QlfV;u-5&vh~?Ikan)EvK)cvGbE>rxc>X2;Ev zoHtcKgZ5)Bg4o82gCB>4Bj_ zuk96aaw@`^aTwF4f-H(+dD&WNFd@&*-dbci-b}~fX@=|ALl$YZYKgAYz^^nG<<7Ub z;+~v)ET-W;Fnlx6vMhWSg37l?S4cG2!=fS9Uirk9e@1xiOpj%?xqNW{JZpr|S7a$v zo68`*W(9#>6^-h>MpfQdu7n0=vz_y6uz%GJ#0anNhTTrjSSz%fqxadZS2y=(CN#hW z;hRR7R4SbbM@m5GIF^tsI))M5Z?r;h<#9a(U%LOq4Z5Zl9A@T0eC&o*6BHn5pSW&yXwsob=oVFquZ4`W<442 z_aeMd%RJAbmA!gnO}VV0zF%^Fu|?d`iMmJFz}&JG&N)#0CZBI}g6rrRwr;@eJC>Gi zwk~AJgi4{6XDTwTqWk^j?WH!Wm7_cx8}zRs)c7T@6pTkcUWZiGH;5}Z|@VQi4d!S$Z=qDxlb0s&1v^LpcI6q&r&8CYVx@N zVcQUxkG)jGs<;_L8Jw)@>1cM>OK(Ui>^`injtIJ5{W~Yuhn9x(3oV-p-xc`HYX8w^ z?LhRCb~S;xY-Ts03fZj%S7EBIQCN`l<<`qR#L??3= zFj?(tGcR{%jE*hQwj(Z_wphUDJl{aySbRk)k%~WOzY$zi^iGv7B?3A6n2fRBIe?s4 zk6A*5*X;u2Y^h5>*e1#A=y!cSZH4eNbF8-CILXT0CIaxdT0|l3pTC@%clSq+9>Z>1 z(yJr|=J57_x?li}(Uryo&6*$^FVHi|(Vm8NZ_LnE%X?5JoMoQf zzDuRGXuIRS5{y8t3qWz$C?Tz3j=;$J6Xy=ml9Zo>)nQPVIer<>0hNS|h^mY}qz0eW zXj|2v1Qd8*eH2KcDSIEu%{V~Y!Zd-bXSC$ecRyMvRio3etW!eGOr&xfjJq6{Iqp7L zhcwL?u9jFw6?gQeX58=pHRAiCj)``tgR`;e^+cOx7f1VV7HirPzhIN_rI&!7Xr#| zZq!Dlhbw<3r+U8KOv9toX{CaT72zQh+MJTww!51(aCLM0d5Sjv-F&zSocd{Fkqw@K zzooUx;tx4bi;K7z<|jpbCtNns7S~RfOB!RtpK+lOpV~cNR;lfEAEEEr#`koyE#71V z{0$*0Qd>D*GfUtMwvXXSpAbCmdx)(tt(P09r%bhK_RE4$siu#(J%t+LoCSNolac1I z7OwQH19hWcv9PcA48T&bTc7@@-RS&@-mUFYbiTvJ(0(~_-Jq`)K*gG(nG zKCibT8;8$0lN}+e@UJg28=Q@Zil2m=ItFn!(_1BRXx)3HLf>ZWjqys?rMc<|UVf93KM9c^~B`duhd&Yp#) zQSil!j56l#ObH*=T=<7iFX?PDT*9WNiRtZMBA+2A6w5f>)({YnG7|N5{$m%$t&;_Lg_d%m*y0Su*jeRg-~F1+G74Z3-h1zhuv476;2{9&}L590tC>vkI?Wz;v zqfi-~pmp2eTb8NUlk086l%>gFro7(0ry2*x5jT<#0j*3O2qkXOr5Xm0fPw_&Bkb5@ zK>J>GvhA*2Y-%6S*>^5<$o+ZxxJ_^aGVp&ku%78j zuHWW_*vw?ZCvEU#Z95-Yk8Y02@8U)Bg-9sR7k^#!XCvfo zBi|vgA(7N>+^y>{xJBThE6S|I$CWtMYj&zA_7b?3ABu>8Su<>M;9iaDeEt`s@zQ<; zgY?TrLv_2fma`4=s?87I4$6cQ*@~OuPzCPajztb+hPR@^|B%tD?S2dq^v9FbR2QfD zwc@}V4sUL1ytv3q3iovyN%(s}bNygGkjx5B6z!`w{lln!_Z7*)zxM-RVLeyX#wH*_ zC;LA0x&3)1=jBWNlc(rVM;TkqkgRl)To#g2I@=+T2~Kps?lk(O*Zjfdh(8|LbA*r| zR&hhyQnMLfPn%x~iaL&(`x@W3W|w&{nt7HJRdY0xCmbl3I}ZP-X%t>}pbn(9%U88j z6ZsDmKj+OE833-T_;e}to12G@J!6EEqhXqqufTlLai1F}EP*uW_kF#3n{8ds@kHZq z*DKPUoU_e+m)Vy6SDry7M1OC)JCvK-a|+$CZxb?Fb$QP#tM>J~3qcWfR}Z2b2>vA@ zAtCbOms9S8MT=N~s|^tUNZ%su1oWPN$u(%@f`turgBQDFSZ_#<5-8tOseKC`rOr>* z%(FIXadDi;H~yI{h`t4cIJ8hg2O?xGJA?ZNVMVZ^E?gk0O(bfx<}*V&=JUjQeJkc} zO^=t)w+I1h-n|LeerdQ?>(6qO<@097d0rACx?VTa$PoOYv7$^`RRW|15NDI9kc8?K zbqB?GxNpod{Yw&)%P3v&Xu91kmAv{l{R;LCD~WrX#W)-=iDOk zg%TpzNorie-2^l4&0HCTJ&%B!L1Y!tKe5gn$p2Qce|KGoq5?cLxTSIWKPNCt87(K( zU7v3Z$`&8iA0;!Wjf<@&%_gN2+5mmcFk=)QNc)cU1X0)?c0u&#B9b5&pJc;!m~D#@ z3FhjR!r)Jn+2!b{644cdGauis-bM&m2gaK`m6qthdloE&|Q`(|Z9s!+SQL;^>)^Y9)HvwiUm zqA(!$+n!EfM&dKSKF6Z%UA({UwoZ3ofD(%qi1;EimS;hs4hwT0`w8g%!3kU{;6eOR z*dBFgZ?nY@U@IvG{1E$^1sV4F}-s#YKwvtntzL!#|DNsNw z4t)7X=KW9fk;e2>G8xG+n$fkrI~i9FImx=qAo6OG|Ap@MEzlIB+5QL`>Vc$gJXXY9 zl~$)%nJh-xCr%M_1u&S?IaH47lONs&j+LUSEb> zBTIbIskcLDYxF{=w|zP}2l7%sof)UM0rf6S;V21b5q52r&qGDuF@$I2`?SJx}zu+uRybnK!mN2~%?MS~ z`lQ6qk4r;MuiGY+7Olf*{D6Z&i`L9j1xP%)?z&|5reHRgPQ!fZIDE{XNpWr#%B5(E z(+ukpYRC%Z2_Kl1i;YbA31Tp+x{gpuqkPB^tuiPqai-D* zIgv^Qz}B^P0KA)gt;7VtqhyVvNuD-s$QWwS4$$5qJHn1+s;IFMtYgN zzUh;i(J*Pmi-Y{HVh1~8)*mS*0hQq`bf{_m6E~S*$@f@grXn&;zdgTf`4x`|K&~IV->n^zVA;x1hkcw7k?i1UnQlNaEi9c1U^i`wkV#{HKQx zzOCGKD}7S}-;Ju{jTL_AlAyQ^%9E^3v}I`7p3fU=HQJ4Gl%w-vqy>`FV!Q zSgY`38f4ElID;QWuaEjOI+*a#+c)ycI zGCZzw00h~YP0(vYXhRw($1DXrHyMVW8mSM8{^u_P77uU?Z4 zL_F_x3inGpQ0w&l51new;+%M$^dzX>d#^-N<${CZ?Y88GTkgKv@4{CsTWcw&*p@I< z=8^KohqX5mSc0ll-Qw#)9gFvRz^PDo@u7Jf$tBao00_19S7C#{>QjB7r@kbD`wd-Nt&acGXA7sFBbDNO5#{6Xz+n=u!rj6wT$3Jaj$IG;%-I4qTQKN*F zOO>2g|7gJlnlOVO!DYyMw#Jz=lh+Lz0Re&Kp%n8BixR&=>f|zl=1HR&iZFetTYGXm zTLNK&UYSMP$@WW*JxQC4iut7A83t9g!@k%;qniwh(sH)hFXt*5(~vLa-1@(Qr_f4( zK0i;Y@^ySqiN1JXO>2m3uF-y>&?W5yvW+CK=SwHDF6av@w7jrjdpVEv!uJ9Sf8U~_ zZ^|lHB$!Gcp-?Z=y`?NI%i`GOtVyL(McQiGJulxjUmbkwnF7i?L2B5P9?8w}a&%A@ zrCzbV_r_=%Hbk*d;NfO>pmKY-%*Fc#txmD z)GoH?$_M<}h`iDvx@K!2N!D{hQ-sQZwXyYs?xX5D>qn99BM3lQkwANREJAmF{l>oK z0mqj{&eQe~Lb&Af-uDM6`Tk~isS~L<^hYuVlmuF84gj3f^kP#&Rop#JJ9_hf{0Wf) zt|%ZubWNK(B{4%vK-v~u558oPIasd6G^SPwiHWHsABpV%oVNMYJCRiDy-jM0!r{q| zFHb@1k3Iz$M0d)a@Pz)UmO6na?yk_|iQ4_KZE!!r>t6cDV+CbIuPO4y%x_(eJCIJ5 zx8#Yz2}qO&OCF#eN67};J#b)XUr*Q#5L@3>u1 zZ)Sw(B%nEn$$#a61o|;6-(f`Gb4P>6FMeik$$?Qs@o8ro?;rfJ&;8|OD4^BI2^hXr#+z%F5Wvx_k{Oja6x@6{nMdH z2~Q)oOm#|;&j>_kvR7UJPXFU76W~Cpio7Ghg}LgX?f6n~G<;*kRaVnoNMFL>H0fQuQy@EcTG?H ztNRmzlstvtO#Cl)>pve{ju#Vt7GL1WG|NMD0h9mhIySZedS@*xYV}tzXPZeSC0JNn z@u9eCC<-bT+IJ-@{{~2Lf(1l$9Sw1ydGN(LJ_8XEwX>1(*!Z0rDNo8aM>;7M8k4AD z6CNa7xq28qTQg_)lzMjqng-A3FgK3{R^u=f_Adc=isa!D=|U0-kpl|(Kj#giX`10? zK$t(?h`2vN8Wlq6VbTO)9W##23DGa|!4L|*A&7J>lIVym_7$8In!{yQ}t`R+Aw zq_@3uXYVgHTM5csKGfzLPwyL3428?f#HW$N!-H6mpl6OgE;d0|E&SnovfB*3+_tev z`E_`=T;MC@Re^G_sFMi+)Q;f8vU#zHn96hTjs-Vc|9CAiaV62&PW1;00&ZX@CbK~a zMaWpZT2qtTPnQF>K}Q1$C|)1`6u$T%kxWI>hnOOae-oga*a8JJLE9z5kKg%Y`vBeP#;dSr=NLdjU&ozN(@ne$@lbG?Kjl6E{%^Rpdg8OUak0f)JiA%K+wocDx9p zpLMNeK}nUOrov#M!&;a{!6k?g9niEwQDVRq-#&bNbN@aowxsZ-tsn4PjMx61@1{j67dNqz z+30m2ZjA6nQivLoTemy=5wm1cKR3D)HkhBJaTI9PncOe%s3m$t$ocFxUd=o0!dO_~ z@pwJFx_7afDw*y6js7i=n(jqD!~vu{w4IAplDfm$C?H;t3#cCIHI8Hzy3Oy^X6R2Y z&d}hCo-{MaiSv_^$Skd_^i95@0I1&^(4H#|8?O8Z{OSs)iuT4#ShdvJ7oNbg^M zB~YA9R6s*i7100q#*u(90X5B@m}WeSu2D8?Y?^@W6e%s*^_KA!py(x0nG=cYHNctl~@_xV5h@O7r;qhm~4=MT%e8`<)Z=ff?*qu|cNwp@WYOT;}gcg2x z`CBG_d!OBE9FI_QV=~1-zS3ES<;5CaZk_i9^qu;@K?({w%GjcBMJ58GnWtDzqWjH; zhAW&QHR`uIYfYL(?r(H@aKMxk0kYh=w%qC#6jk~y46ivvS=H)yPMRQm>4m&RMgH6q z9u(wvAv!#Sx7v9QO1s@2^{dcoRV@gnQk&`ff3dg zGWahV6lf1M8@m%g*w_JTpLUBq=4fVX2Qpz!DD{E_&e?bA_8gJmi%TTsrrhPPVOTx@QP$O#mS=q4t2^6-VZ2bV;Q{C9ZYc=oK+h4ke}Y zySIkd^FTh_Z*j4-0{CZ9UfblnJ-nRQ{5AKp7tZVW4K{I@|t!Gvy_s{4AaNmd!w#}%+rDf!9fuL$jb+95FiBhn`qi8GvN2`c{i z6c8fcx+euly0-X>E_(h6(~+Ihn6L;-6zDtPM!~*Cr~V1Xh2?xmrwW!f_33Tu3`>vm(cC*NExZ~Rn*ws1)g^_I_7YV5zkXj3 z6SV14L`XG>a9B(~0~9JGXHSs^DW!A@hbeOPYlzZAMl=GG+9;FyPv%d{tp~dXo?OSBN5iE?>>lt$-1V7f0P(>BgZ(@b zk3_q`9rmtfgTwmLqX? z-MIW#y}+b_=MMe02Gix#*LaS-y1pOrDksz&mMBS6+87lssZLUT7p}EROH&S?Iwxn)SfZ zrw#SLt5SY$s0|2nq19Hpo4xFiN@#H+wT3oz(cZMgp*rVc*Z5ogzr%HbH31NOLaCjkB$>;|yO_+x zm3G%Bj3PPwIO|kAHVd+_sJIMF_ZyJfDc7=zJjo0yfLcy)(hWdDnu-o8{c7l(nKR8 zHW$Gpm->n^vYR2_ZfzBb$BJ*E`l&NHu3gFn6JUZR(!kJuQtayKAEEujtdcA?Iu$+rNM#-*UyR5tre_i9C%mSH*70-!Ic-- z#{h&{CZ4P_@yeMpS=1xfeD~>E6Tak9vS8Al@gu*&n(AL#T`U7iwg(3!pIYqxf+)|< zOov^UNc@KXfB&(8FRhOcRah7tg^8n9;%v^JhL-o>q3Kqm%1iy-K_eLn2p!ATj?<7%3p_41U^p<9Bl0V za8HoNWtX&R$%zBrTwq`^OLinZ`QiN7ezSfpxL55bEbgmp|2H6%0n6{Wo2Ku}`bDHb z8BsR(QBfqE*rYGVRCv4XZmOi@LakE(Dcx7d2}1e=xA^22w}br|`q>(5RxlX=eabH; z$v>A$q{BAjBYO>TZ96>=%E}|@~dmRm+Lb@ zH2y+Bvx~JwZLLR)?m#T9TmxNgEt+_Dv=osVbc;{SN3EyctxJosLL)U`Z2pR%zQX8m z*(b+g^eNu)L8Z7Lv(*(wg*q`TShMlP?lmUr3mcK|>3%k;F($P{i;V0E{}4Eu#UFqL zBl4|)f%#2igDs6FbcHB9QNj;q(@RP(Y3X>Wcz4IC-c3^yfop|cAVxwJ@MN>R)*JEd zkNPVR{yVg5QvBvC8*a0t~zbuix_B}SRerNLg6hHbQZ=lIw6o~ zcd8G#SEl#8Aw?50#6I@!J9~3H-jzZ~W2l0@vp=I0OHd zDM;Ed%GxX-c)exyobFU%wbB+-szxWwmniozQU(`-8xy(f=kLAVy#T1sK7`agEGU2?}=l z$GWPl$$b_jR@PM4%vGF9jmu1s^Yc@0^+Y9DILAN^rWz}A^4J(kpr7zeh2ybajBPgl z`L+AXN(%;+jhD;$I0j)`cJ<;k@8tZlFBLOFp+XT;xl%`u*`fu}!+oJEy!ZT~&Z_gF z@y6&tB)I@lg=s8}0hdIg7KmuEb2#t3nuagvVf)y;dRdC?dbPoLbujBcf9ai2tJCU@ zXB>_l)aW+3Kp+DVq-@YtQPR4ldx3D}K3JaB^1F!J&eHokUG zPh$bG+Tb(`R1C*KWV|$GhI?5N8Q`sPN9Ar~5r2VLP&(RcmFl#59{CcXB-_Prlh3tm z-h`8S5+ncIG#F3{ZsQX2A2<4#p!i=y<$smjAPY*CG$3XusFw>~PMcf1-Xw|;B?&Mb zKf1R4W%l;lF+60ND#6g(g}WwgH(;BODF63p=d|3exd>pD!NGsNz zBw72w-pcwvhqwW1b`W%id2lpss%gs|Fs=Edi{JgfG!Wo!b%HjGNR&L+z{1Kg&x)I} zpzo>BWVNB@Cw=?Fb>9GQ@pE)3nt=A;<@D`I1UX%mD-6QI)YbgDGFE3g z2O?_32JW8kJ!6*doqlVDBqSur4|({lhdc{!YF0~Cl&h9znl=+w=rxA=%#;Z%2Fp~r z&lw8d@%rO8o`KXd9~8?^*QW3&m2!)ht{g~#9W4_5YVlzi&S{O=WOV&zPzj_4B81`# zrp$$3Gjvq9KQ+uGllp=|vqz1gfItH9TERqEFoBf0sa3e1v8vDy43tQ%0n`VUKr+^ZXCPPbL zQZ^9kQSKxuS7(61{aW2oi2gbbN_gogxZE|sCpbUuv(it2p5HKwhh&UX*BM~Y(EXv> zh1Nkx(wm8aM@6@xvHWzH>5ow@?^FDq{~1S_5}jB;677jzi%vkj+0>PloaHi_(7bgG z`B&KbSKq?&+Zbe375I=g7ka^3qKc)fVrBdu&6SZoCb>ueE{orX==^24S0IJepX&3} z3sBDmDi%nXi3_hjawt<4M*9~SQ+{Ck?sIpmVvTG*)%z7{A%4)IrKIHl^ zah$i=xeJhn87v20&E`uMq$neyyCvR`{n(-d-tZ;OMb{BCUOsJ!7)oKZfEZlnY)W%6a8 zHHNQ3;5=Hr$>1PQHV?6E8F}){2k-H;ni+P9BLFTYf^NGfk%aO{*D%Wm$kU@@9W+;+ z8Tnh)gi!lKmG7gSt=y}Jm++zy-^5aDcJ-~wp9R5sts7jod9Dn%I47?O`OU50pa|Hl z;hvfY{tnqt}duVLaK-8-ZT0m3(xyTRi4;WtBvb{JnrXg}CGHm~5<1 z#K8PcZ;RJA0@sHPh(axZtS7O_)CMjcbbvb$xHmRAmoU$# zss>V8tYMl4WC~ebS8?r8C3 zeGc)l0F}BzY*wB1{OG+awH+jA}lhv9BzAM8dj=scw^%`@1rnR@H zjtE^m%l|0^5t3kJt>)pFx*mb-N7OT!78AgDaLkUgOisGkAqKHsI%hs=kMzu?+(KE2 z|EuEzyTT@?kqQ1O$r*ieJXVc7+W%Kr|F5QYB#!0LIFQG|xIUe99&NrZFzFb$i{ooW z2QaFnTkVhI*}6J4mP^oPLG#-u3hM$6XmN8X4%lN&!r0PTEV3iZB47F12uFdwuF2Uv zrV#<_!{Q_|A(Xs~YuRGGL&Olb)0#SfCV+W#zeItrGe}aPLJf09`Zznf(}Xw}OJnk0 zINl7hUuV4xQ_p*ZlNf{k*G5J`g&G(C5mSuC*9R-|@wLwTc%m801D^5Si{0rA4}YFZ z!M;pBZ*}X4Z*(D{q^Dt%H`npE@jWS=QfxJQV=85;6VD8}N;=7l?Ecb%d-fuxk9TA} ztyxh~NKBz21F5VQhW%HE@qr~Nr+Wnm*~l814|MUCkV&}>27Wz4iBFfO-bjQt^tY#& zTEv-RMYlJuMl*G^vrVUZWtz2;zdl~?jOU&96Z&-Y_lx&w!R5j>;)AqXTU+$0RcT;E zvvaXC4wZlAHfh!E`@=9(td9qHfY)QOG=6ON1bAf5wwZkdteL*PF@D(=xdKbtl59&r zNJ)SL))N>}f2-8)9!IAjOBr8&E+@^6r*YB2Y_tuBWlvR3R{HZNrx>{BT^xd>o;<6* z*Ts`6D~hNnr*_kV{P01n;T#(DuIKz=^PB;Q#IdVRtW)2a6imA+45UZ&^s z&u=UminC#&EOw_lEiTWm$)!{L0N|DV1+)zz>T5nwgL$BCu{eUHp!V5cgodPQj zpA*(L%9PFn*Vp)`%PW-~iqGuXd#}{(xj+D8)GFAWOzG!^4WFlQ1tNL!+~9j&teZ6l zTkr=DdT8R11h|D#^`C~S7jgl5!EI>AeQ`56mAcV?)#EEBBH0=+QnMOC3<@%=BBkKN z)c>E1XANyAg;S6%4`-K7*i^$;!`Sf&HiKt9ArF_3i}_L0g4amO(C-e-iH}~cQn3I;;7^)wIHD{_82sne2nW)i`?q92XfGGOsbilbf)u7UV+fl1F26}u*d#YGt zJ&wWK>@*#&<_rkaul4x({Zzi}HVKEZe`yBruD8T8CB<fq zk0qfpEIJ3rDA?TkW7oASWjTP>hHWJF@ZMw_v1xGQc&o7dPqpJMbqne!bvUg?n_@+m z)qDdHkXg(Y`9+%%@&Z{KnmeEHikueY<%THz*$+dC%B=%lZh7UnsNL!<{8;h3Tj$Dh zPQK`i6T}-Y6AzD?imO74dK;Kt?-0G631uj^5c#}RZGn9C@kXv9*n0eez1$+`1dr1> zx5Z_5OXvH84ZsWQ%|6CJby&Yk->J*GHp2FM-Zk~5Q25x_XU*O4B6R?ibJO8IH9=|2 zecJqSE>!r0`Q2D@HXNc!8Ki16yyaYZRi)3eY4{Y@-e|`c0&xe0$&>@-Z@%3PauuiF zaxW42d_l(;HV94>IaJqj{=enWPz`8sHWAz5ijR1YHW(?d#8SR8I=yJ0SHB8>yFw=q*FT7&J50%>c>NX? z6YTID5E6yqk32ly8gb<*EONWH&X_8N&uIy(+kVyML}Y1Drqkf~K`Uq=G*|minH>oy zeY{+8RUek%+$>uRD)dJ2#nh}j2QTmoK8V1Q(rNa|Ij(uUB1ECjQQ&kH_LB?SSK!`NRd!F4m9 zpT5c2GGv(hYVe9oCRMt`9nGyS)`Bse#~HR#x2Ook;G8=0+ey%~UAe;%@F2uQ+JWg*%bz3@$uSpEGk6t z{u&UOGI4I-%(v#yJEH+c;^Pt23Sres9YX7~Btu4_Dp1?y{*(^QaP2<(IK+cq<@9XS zjd@kGAyyT4_#^RX`IAX&PtC3k(x%PyEy6co!i`vqIDC;0PNh(jg;+|8$SXD!s?>&S zAk@zDZ;$kN<~&G*FOh{e<^;++lNnDs;jz8g0GX)bLZcWJ7j>?#&BNfR4)<{5^j(hT zDEO6+ecM{)n?Bnues;eOYjHj9d?S%AlPBEv;=g%M$Qdk&`3r&Amf274g3kcmPJxg} zr9OupprZe(%Xn!CAhQtsqB@tuDdg3-5DB=XJApq>tsVoGBA}0q<~*h=B3Z^5J! zR*u^B$^>!C&DS5Yzr~hl5EhUyF~r$ZMBWO2`dZ!f_zrp8Wko(G`c9J>f?Ig=UdIET z?14W{S0632H^c!=_YVgj7V4PSc-WGb_$TMUQUE#d8pf}3%_Bp^Gf~{{^P0ya|0zU! z7XRB3jKQzLF&Iusf<-I+vFDTfaCY@^e%7BGQhqSp%Xy-r2#GEdeg?yq49?~4$*@qN z(0^>I38Q6@Zd-3_MI`Z?&Lq$@oPKS1{naMoytaZ~D20`irV{!JJ>IIx*c1c2dH-** z`nSl$=qK>~Gw#^~qk^AoinDVa7h~{Yye|w@{shO(fmwpW^UQpg@QygAsx=sn#pVAa z>n)?AeAjqkMUa+m>F!R+Vdx%)E@?@Tl17p4E&*wnLAqNyq*GeDq`S}KfA4eNz2E(5 z)|xK^v*v#8>-uG_*)-{5i!WJqp=#opV(>;pj7>l5yz+R+h}dm^<8$)`p`+1ubr?vP zxm(5)2y2M>c(n4RrPk(DD3V=}VIpA%HO%cVXY;Sm4#Rw&t~So6g4rAzZL>9w(I>)u zv6i%7#6=4X}M_ztmT&DCy|9X}n*VM1q6b40L{!l(B> zlQjsVmzx((} zsG?7ejg3R=K!`o?_JDb{m9k7pv{(?2!yoZ}R!mmI8X;hg4&`NxS?v&0%l{yc{JvaA zsNp@4?ZZ5_&ih5#CPkaXjTTEpKM};8w(GS`CBT&U;S>XCod_Kb2vy{)aixrekN-?B zrRr)#L$EzDlPTCMh-#orOHUglTC|{JPU?3UxtGACVR4*q!6aWaPy%Hl3;;YpO@DsP z1TW1(r5)$iQzMumhtdiXy;$K{qD|r&JEiLV@hCifx&*uz5Qq}xQmFPy)4|sJ4gcYR zK^H;us7XuYNkUSk*8hgk?`qq{{F;M#&T#!@%4FE8t zNPAx2m45osia7Hi^c#E{6=qmCTuELlQ9*%ON0ZrgGTC8gA}3Qc2HZ9!C(mxslnBKd zjuR`fO6bJY^xi@{JqJvdnEDFjY*V8O4_C_%A2O1=$_+|H zc&tb0-2<%!OT?65OOeBH~#Wtp&v`S=N2 z!z{eg-ec7an(VVz-6F6LUIGoyvQ&V{h6Z}6+?`jo7YUk2@}f4Zy`oP zc?Nfx)*Y#>7vwJm6oUwp*tkrW3?gl9UeIK?!}yRCQH1wz^QKj zl{0u${+n^){~mxHxgX;kB&3O|%vkB~Fc@FT_=bY~WnTaMF97cc$~&r9K7~Ic29~2% zzlhsp@uuH?O&*q{q52a1@Od|(H_x)Vm#PESuJe>v7{(^q$#4kw@#hH-p>&fWw(V9x!dS7>dRUnG zseaQQE_yR9Y&l^R|Da7{%h15XWMEX9#3UM zN`X*xbfpb;b!=bsPjLgMj(@`NIeU{6QV*^5IQ`X+ef)+3(98L7DT=Cd8YM zlZ12R5R6t}Nejp4D0V*rBJOQd5z=_9rsijta$I1)_*dOC836g=h(L21lYhkSl?Pn? z$cH-gyRVmff*ui@ez-xsnA7f{7Mq@s&b^giM;&=H6oCVi=CzP3*vtuxP4skcm!_Sx zk=|xm%`omRmWAIQF(uw3ALY|V{A}D%2C&c`wj!qrTT_H)C~Y0A(=IFnY6JW zrsttK+3Xko0CY-Y5~?V2adAH9QVi5ay`C&Uf-S~3eJ?CXLE8zIupQr4^F^qFdQ;?Pu4}syBXP11m+39Eu>C8$+nox?6J|cQQc@X%zwC9Tj{HB~>QzhUj zn3i-g`W5ys`@}&Y9ssCYq36~*OXnl%UU_vepRJ#y*s$)2#rJOg!bte(^5Bi)2YrK1 zp|a61?JpjTsyLy85vmyisjSw(o%{tSwi_CyBS{16r2D(f<{t39_qqSBq=aQ~erx`m zDQf{^^R!5E@|2Lc=^nGtts=;qKeDZDmB+Ar^$hrd*LP+RKcv@xOcTaXC;!378o z3uaF;|3?G(7ExrTB3R*+E?eeB__*)a|5;@f5OWv0^er6R02fsi9S+6O)H3-QAxAHz zd9V5Xj>K52lHB$6t)fO43NMhAapHUxZ8Y92r^EM9`nfkQkRbnt{#58!^U7OhRWs%N zffuiR-z`U?z${FVzR_~n-;EeSz@Y$5as2l^X}QScEcW$W6+=c~bf!~94CTaKX!iy> z5e~JKX|vyG;tA6eaAh##V3sn{E7Q2e8VPwTIxZ zcwUEe5o&8!MFM)378(!@4ldCyweab<_smyZ^_Nqlwmxh*&9l&L_Yy8M z7UBG8a{*bt=cuTz#X*EJ#^Tz_O3BuSZY8}@2+E~q&SznPDH?Px6smnQrl6@G0avsF zYxpB$O#x}>rER=x=TFL|lMT`qz5UBnL0_7CpH@q7l(d;5<(Sgu|hno7m)tgn+?-U;pILF_eAJz4d-{>{_z4)7QW5SZGvyjgaP8VyK z;nLIQ_v8zR%IEi*M?`8IFiC|poM7s0Y&(<2OnuSc_%Hz*ew<91Uj6d|rQ}Zr<1{SV zz{s22N62Q38;qfVE-A0zx{-=%IwcVX-K9oJ@^s#eEN*;B`NnhadwQ}TXUMBRC6{ty zR0!u{dR*4QP+8xTwInLiH|VFEgi^^EVjsafSv;mSx}V8F_XVekXD~g&pfEngGEXlo z;_oubM)juEbZ#>Q-NUK@e@b8$aD$fz`)@c$);!I66H)(4tcO71HGxF1Nx+4H3>fH= zZ(3S>xjqbHuo-h16#hM|@&y#2acyqrOwHVeuT>?EDgZ6pvtSj~(~0*%^=YX=2L6o& zwfF!y-!l3+%c`;l&dt1Di*$`onCV68PRs3 zslY$gN`yd0m(qGlMIyt8*9PD^;3*~Oj#zE?~LJ4su&hf7~Ngb@uGn13r)1C{0*OkjHO|N z2kIn46fd1pi?TUucQfHgW*DIFfw?GYI20!pSVF61g;xO7qrzuXzvkWLS2pQ1!Msd> z{sA`{j`aU?s7b9URquq724(@F7nv_0l^?!Pm zMNu);i8%AfXe++NJ;*$skO= z#0FwL&#;4QjhqpMZfMWmlfFTd>bTG6{3N*=+i8H2gq9jA*q^ZuY+klfjWTODyzL)U zwlw*u$xfxjbC*x^`wPAX3I?~rI>8X zZnjNIJ?5!vp`;#Ev*)*wC?(^Tqb9-d{A3mlWtI$Cr~qap_CV@->~M zTLJD)m~h;t@a6KHXXD2-)ly&A&)K(rfNvJ7mqn%rBe)vZphL1_q>9C zg{c^FpI-8|1%Ee5O51s(N;eHJ+q$l`DCY42)8G1E2jj3l^t|UB%Sk6NZoLWDGgwie znJ!KiV4_Zh5`1mDVMq7^I%K<0DhRZT9y3=Y{fosvqdl&s9V@6Khz}#H+RFV*>9liN z-8Jy=_saeEo(jBhA$fW0ARVi9wT~0{@gSLqyfkMm= z*Nv2qTfm@2QO)Iri(tK}3%rso%BBVv(kqLVv$9) zkNG2ZdR^QQ7h41c3&GFg;p?jngq|4T1xLvo+AP329puB;7m%%Y^Hmx znz>8?0Rc|?BVsv$>BbL{#J^aT=dbbOIE+LxB>X9WNdGRNes>DFAffM7hhcHM7F?fK zHQk^>USqM*_k~V(ZT7DYu{W{o-l{&h;8lDpQRd>`oeP0clIrReR0bRm zMsb{7VbS}ffBi~k$X2UyW~eT!pXC17Nq;l0qkhH^6)W3U5c5TvR5??K5O6s5Dr#&c z+09OWuR#gkqb3*+zSu`|cEyX`gB99j5rs1%87=Xp?=l;1rl1Avh-`vwqv0|?)RMtLoM~%cI@9l4VMJL z1WAq$h`%VYv-zrwt$8OPA4C=t@ZrgF$1LNx$#3=0n(fW8aXh52wo;~AVY#ASHGHOB z*UT3AjceBW7XvlW;EiQJYexDiQ-uEFPYO%qw(dRvtD8O^-1hkA5cm-yqM=UjPIzj5 zN-QCu)v{|-VtIF*{9jBv6*raS8Va2;j*+a3hxE(yu7)s8CtxFh;xF$2w&9pMpql05 zE1D`1lh#WRAOrlc^{b;lz8Ba5vAE23r~s`l_N3K_l;n>-lm*3Wt&&spDzviRA30qg z4tm+yhyq0UwsU|d&(}CHJM9KS=6rC^_2u3L+0Iyjb>wUp0kHo47!7+itN@@$sL!7- zeUOsgvNexN^m>>fC+PaQ5*8X1L8!CtXxtotY4?a}2RoAKT_w6g} z=XjE06$8uKeD7=-G`o@plMsAy)0ur;KYo-0>UNzTyigRjelKTM)Kq~0SLu4b5&#@_ zblrVCnUUxwUk3=k22OFH-39cyrEx7^#gO@Ls0p_4F;J0y8kCTzVbbP9KQIHf7nB`_ z*q|?^OrTX6gqb-)2>4BwMIm8xQ&Y;=8Y(pO94wpnkqe_z-=-ala5s$f(`>)b&CPet z&Z=3_#;*!eZ_4b!(`A7kkdZOxCDlHa_z*1^J>dHW=ZJ_EWr!JJ6LOBCF zGrqQsDIz9ukadk>{a5u_%+XMF;BSx6(2 z3OhLw?n@aRr`V_t{5nJ35JQhGXhMqz-@ar%Py5Qy;qlR+CUZ6F$7oX*h3VG@k1Ov6 z)Xm8NJr(Y%M$DINCtotPAX6O4xB%*rx1>xddhr!T1;7q7~-#+xG$x{IpwU)GXh2_@B1Q|EGil))WRrd3!pS!pQM?`g93WaaXEd z<xRPB=+1UlLPA16=I7C70`N>NEm4(L zP2(r_dA*JrX+$TG5E1)tuyLP+ybneHvNa~o{~{}?^s%YlH`@c)faIr^DVubjm^_jq zGJ(j-oUcFoAF_YHU2MEk-|_-jGa$#60V={C%lclN3) zhA7hs{-O^jk_JGEU6Cba?9HJemrGGX&O5T% z_lwX3^~@!2tRI2g{_=v`d(WeuF}v83HU`hq6^Q$vKyV?3n(<>WyDh%8duS zojgwWOae*wTY@4^j>paU{o^`U%O(Fo1qo+eS5-+^wU`)DVfZtK)3?gfS_#n)p}vo= z^R1qasUD6WQdkh%=rWNG%g=p}}$IV)5TMq*i8L$vQ zI6!MIYu!jmK3mF=1udpdwPpFOnFW*wpk1sOX4jF}p6q52&s(VyouS;T$)!a2Bb!sW zlzqktWd)+V6bF38tyNQAzaX1?JCq)a6opfJP|_~}$WL_N2w@I3=l^(b$h*x6DbUiBy#g7aVXUp~iQSBw#nE{1iTrz0d=8A3 zoV#cK9WUcyrs3F~EA9IJf3i-@(4W&F_XZ=Ozmira4jaaxH)@SQ2tg41$GXAeTF-^(lQ9sy>Li#-H(TY2_xk#%LNUt( zAa@nahLU)ZeSCZ?eYYKB$q0Pw>_)|152lR8zz#QT#*rmZIF+__Fs`B!{zts+B^7wc zW1~f*qH00Pj#T^8XA(_@Y}WyGw+{u9G`BcuiDfc8G(v^59^3L6T$!G6Oc9?Pvo$(l9trhImb@=LQAV?PJSKKpWe-CGR5 z)4QT<$I@PRMsw5dISj43fQ_>BMa|(Fhqqo%_^T$a4zOPj1X{pkmI+pu=2@F4Yy)l|X1kg^| z({mOz@m{?fsQ=(8ygNRBa7uz^ADU6Yqzrk}v*wT2M&A)tsju?Zn+oi-CQ&AVOYNO( z5bDC*yu8-(PaV)ppDa<|VE0V#Y?JasCY?ect9z9TDKzxjRn=81?xHqj-3mHUq7D5(ww zqUkY2f^E+-#wSggTaKyFJ!Ab#%(usoi#~+0{1zl0VLG`anyp`+9M}N64uNm6|BEvx zKrlOeEw&$AoXB$MhCE#TZp1ezgc%Rg zB^|tuhlc<_{6T<7w@S&i9k}r%I#zhH_G44I!iL*+yvibnn;JP}e-I<)^60PzlbSC( zdM;|QHu_z}V>IJ)gwJxC{61zio zHlC}&Qso2NTN+(Dv}2puAcYnnxRkZ5KMjp~{2Ondb2<8 zhZjE0=al3cC>O7B81P|fGDd!O2|lkPR+P3)xQ$$FD^euzdJ;Wep>8xw2pxw$n*7u* zp0m|1hX?OZ!E*|V6(3;g1q}Li2Z2CrXum^J`URKIlu&8PX(tkpe|Nv*6c*Il{85VZ zWFl9Akhba~zmm3g?`JxFwPHN|>3%}dxXb9%E&DlA*dW~yEiWE7S3a?CI~Ij_?jO?D zr6yk@0sHxIfcMG{(QQ=T8%USsF#C%qvXjl^YCM=sOY4*`VP7TY#p5ql7#s0t^}_&w zBYeLW$LpLV6kunwwI6!ltuEt~%$Dh(!d%HCDNdTHs);ntWc%FiR9>jDq-vv*nPtAI znfA(}dHwPg`Db|TzUi<2N&xc^ly4Mj>Bs<162>lPQ5ZR5?rARG8}@bmzpg)7enz;BXG|A@Xr7(EqBpi2jK`dF+3FQj!)oz4 z!5IA}CUuKJV&2-GKc;^+8w?=jjoK$-$s9>sKZO?83Bc$)zk|62@d3~NjJ7riXIfb~^=p611Pc1^ zFS4{;z7rl&Wv^Mox)rTxD3>oAXeAUgGD}O<^YQmmZ$S7w5daH?8{iN48k$aZ8$80G z7r@GHAX0weUm69pk167APaDtDQ=cYWW1b%$BPPjkE{Df6;%EU&dGuz<%$lH->JXb@ z%|hrt4Ny3af`ak`NJZ!tfFeas8HHuQZy?!InbfTbEfhB2w97Ju++^Vwwzxc#`E?-- zbK{*f^s=wW0y?^6;VdO!Y`Wavm+(f`zd_y`^x9Gn-%FrBXVNnRWSzC(?61toO}RuobB=llg!X_If~tG79S z?{60s7CeJ3YL`KuAC?-($KOSLt)E^8r@x93QUOnukuT&(KKj^t(I4l{vKz&uZ*eB( zU~(~&Y*L}UO{WNrJHII7Vw81{Y}Y$Nf0o$$Gl z8=|x!sM{f;(H+>mt~C&Miqgaff4pS(s+5mITwgpG^9vS4_(J24_N{W09LMO@qpd$wY6MqzIry-vv>t$`i|$=sg1psg+_|rwfbJEhJPK)koFNc&0m0dQ!X}mvWg2P zEcBw>pQF&Jz{M!#&-(2vL!Q9||G^SI7Y|J{kkPX-yph`gje28Q5^Sqd_5s^|e^UK3 zdCbY#J~F*3OSzx!nMfb#6XkIe4yb24EtQ%ESQeL-dS1K@Ra!G@c1H!pswiudZ(H7> z^YjP(oUNTV<)F|mH*TU@7jN+o2>^8naIj^Xdx^IA6TQC&$yXC6n! zf*qZgDn9%a7&55PExtSGWMAD|Jc??kdmv#kPy>VXwV<0R;ZEA@25f0a^dBhi}dC5 zDIjY0$VY!Oto`%mm=dt>2eB`>hfn9;IURP&sC(nncK)5R&W&lA!E-=Cgibu#nq5UQ zf}P^3pVeM|CHxc~&lN${napXRA8)-9_B;|R0Heglb*TxzpAjYIfP3vqis?`r`WCkd z5)1=4*VB|5<@=+mkQvr4*Yuu+#C>((rOHnVCK*oR;O&;@nEBw@H@HHU`OC z(=1KhyH6I69nQPyxh;!*2&Ijhwo?j89d* zB3tst#4)ss*ms{(wKmsHcfxv@L&uLj2?+8u({$Wo;U zbY1Q&PDtrYfEd3Ggm;Dqdm1tctdlXP{>sl=Mt7fL~o!*3oRch@MbDJ#& z;bmz$&H#ZH&H>GID_sCKc3xKmS=~WzD{_ow&{?5ccf_{Z^x$Nn3qHpNGF1@OPs`42YQbvZ?LZ##waWAAC4an?YF z#Y=nDK&P_#+jisIS2DuUQ%V5P5vgT2gX(-n_GOS7wBMl7RWM)JhLL|fS13*7v3N2i zqHHk*Ph!n6Zx(QJ3cWWb1=aa7qQ*k4)A?XhmSC&%C3%{cQ2E_i-Ml*gTYM%0aMW-K zr+fI6%K1?+D_)0Gx?o0Y%FCLTs_i+N(= zkX)_i#cq=+O4uwi!NL{6mqGsQU115q%@54_`CL{iUzrAeLX!)}`Oofq&=n{OL!^|H zluj0i#Zk3*-@68u8?`fY4=3}Z|8?IK(3rG&u_OO_$Ir+712;|Q+qhf3&61)*Rn+J< z*knPNV+-dU*AwZ;qJN2YO=B~hyVF(e`)e7m6oNX0FiCD!MyuL}I+|qH1gZQQu zGW<^`NGLyI_b6pNBize}vx?+te7t5{bu$WO3CDluvp!rBvw)rsj

fEp+gT@Q+69Cr!Rki3-q@meh_K==F2~mA)OH7>w|dnJ9*@jWxNSj zQnpvG^z2f8-*#gDcUq@>DoSdowMGy&x92UJ{bCFIj0g|Vd%%Zld|)>DX#9Y+#cp^n ztuSwSCL!6OfJp&5&ksRyo+1Qs@oh_+anANEcILJxcRe}mTsuJr zH${OzB%AW{z`9&sJoc!D{n6tWA&(uDego?!*WFlIj}5x$F67nCge^BpajyXX$E9MO zSXt&T^})1bdMN2`?-ul}P}VAmyFRZcjt5IRpI{U^DV2-eecI#YD6wp|sOVny3)=MC zl48UGC-ANuj3-WT6%66%o}xrQ98*Koz0a@H*tScb$aZOrnWq4WL&mLfR!*fO_Fp4pl zUA?%a7ezb?QGiu?q4~`Z?#%nIKWQ_GXT5}7;ONCI`uXEpyzyG)o(i>32mD8gxZo)> z8KZ*JJXjjcN1irGxvoL(Q$KK5r^Hj*V!~FJ2{>!&9lhmenLqXfAVCh-aEr!R(ybZ>!&9ILEkX^%gbZ zDO?3uIDimACEwY`BZxKM4KkW3Y#9K3GOTrPr9+>DTW&VQf7@e=mEg36me34ztuoV3 z@=NFcYT$wVe6U;1poC{7<|>S9aYN)HNGIZY_G+<@zM&Vf{cHWbnEy$~hQ1GwP@8@+vKm#0;u+ zYK{E$?nxTOXENqo^|Vul0GSoIQHqephO6TCC!KO* z)A3vxmRA@1vpQX2VzClxs;|XA=r?^VY54KZ1N5S6x)1p2E#4ig0VpcSom+^afYw&r%{2m&@Pb9_0s+TJi4#gD>infJYp434oJ0jaKNP5Au$L4CR=Qe z;nou>eTCq8w$VFS5W#gGGv45{nLeYTZy`E|KjK6iBX7YiSfwAXh36;!e=;afy(;z??}mINTDx1_p2)vf_jv6h!c%X zask8QnDq~AjGalmDAMk-`4UHONAE?c1=Xb}-1~91JWwMK&}Q_7RHl=sUQD#$M+k1( z@&Ha(Fh(q;1T~NJGR}a@5};}B3jM<5>6gqN_a(G@pEEGE^Gx@u`fbMpM#Qrd!ujTU z(51cJrf(m$3aOAVka#qm{s`;bLgx(j#9pN~_wm7aBPiG=mGK1!1?zbxGp@8FWe#oh zD#7iGlPd~QZI`3vIt5HY+Zj?49xKR|Ijf`~6teu9*Q-X~a=kaol)hh7A|ef~px&p^ zW$m=~Yt>IFsriybAD{E)sVH_Iw$ks@@H)q3Dkw%f+S)6;JE*$QaTh>D{+TIV5TY|y z1^UaeRs{W=YbkIvFmF1F?m~ltkPOj@@PWsp6FU^8u1=uyz#RoJMfm^=P%q6}Yisn| ziXL_ZaI&GOzrYBf$({ynp5OOG1mu^MM#>HrG`eghvee~Ue3f{gC68K|UqhN=Tl67f zFJ^jVd!z4INx9LDa0OP@f~!f{$ocn?!;Jury=4&}Xp2dhU@&OfAf6H;=tb+9?EfSE zTM)zODY$jl8L$M>5z5sTr9&s!k#c7CSl;u58gF{VcGsLq3;~ z|I~NLJE35caC6un2FO4ff9F5k(O9+huZR}hyY`d7K`!3 zRnf|CQz752jE)0FkP|Qh)2r?a*e7Q(V2%u-VuC&)MgTErap3!#>+3+)U~_d-4S7E2 zUvGC?xzY422_X`G_Zwlyi4TZG-J*MO=8U=e(8SXoem@P{n$Kx`Nsyk+4hZb!TJL}v z<@2T8xFbz|905961sE2ESW;5^#gz_at|2g#e-4nLv4<*?*ANAMD_@h-)ugYrnfzsN zfUo($Q@2RNaRY_yg#Z1fBh(ZhjU`4i-BZ> z_G54YLZ2(^h7{MXV*^5?npVE3^N0 ziBBD|n!3eJBFZeD?r!{x2a3~5f|>PS6n_6v;IOpD{NZuL`cEr1vCZUr@mHNKib@(}o3>E0}#f`iWyJ9{>L;K0E& zUiADS7z(=~BM{vFVrThZ4>J^*AH*@iIgPoD=i4Sfk7b#hUhORKdZF=UC;E80tZ%IP z?kwhE0jYYnlCK^V1RR%xL$D~#C$2Rr6p|Ei?NtKb$to|*95i$Joz^hvNN-Hk`g3ZW z-Cf@XY&oNc-RMdK>1Y^fJR(11+C=G; @Nbx3spnufrTKJxsJ&IqXH*o}_I6>+y! z^r;P70ctr7ZyD8m#hP6CQWN(wsKpqf$O__96>QwLvwTqtk1EI2aSK?W70)szi$WSb z(LC<1JI|JVMG5Y|^nV9zyu}913_K#%V~TrMTT$mbiYwm$uE&l%A}q72K#4?)4W|hh z=|8jTl&=GQP7SQLB{Erj@S0-AXwGYyR^+(t``$xa8ssp|ZgfP~My+6v+DL8)Jm!dO z7wv0o8n0Uhn);Vs_9-WOKwGRyk5TeaL9DdmIOF`~XAVa1)$M6Ux=Y}J*S zOM!S@r>OT2{f8C-w*`<+XzXV6%5|XmTAq#NX#w_NT^-8(y~NPs>8k~#Fx^?E_kcXy zgX|cS=n&{`UMX)<@Q}bo4E?SW2(3cnV2;%;wr%t45|TwQ2oPRu$)!KF=FwVEiZKwy z%I)m<4>{alXzrJ+q~|!%MQ;)WKCubJq^|>63rr?;81r?G9HNzlTCZg8l2IDaKDdsz z==}m%kgXw;{8P5b(&M#F)^|%~yoJid5dclrFFc+KRW@p|5PsBeoA_k~-yN7-1T2N{ zyU{EOqO;~lSscjp5Dwxy;}pb@{%AB@ThkmgMHX0ow204CgAnzC%$Q*w)_6u;A<24c zxl*4y3w6>UmHppbnOQ494W?1;rDgFm9qH2DeXaHUt2*ulkg-(mbll!`eRQmW=r=(@ zH1VgzO2~3B@!fKM99xWhAKjSy{w29yZ`K1cy^bVrE43*k?tnwS?Uw6rraOab+Gha2 z+Gh_xZLGH~yGqSeS1HxrB)XYv{U}j5oMCr-wcJTlfR8kFaamlSdlW~vW?9URyRuKO zac?ZQEgZ#skI_S2H}RlmcosgcM$Jj6J@(tdkVOM0O&IoUY(uxR=!F>Qgk4{mO} z*Dlaz`Z8Gg)rJc*ei4|1F~>>3$4R3031}x06x6x$FO)RRNmk5<9?h0p)Mrk-=~~~q z5c2OY>ZMakehoM_yMe95>FChN5dSd2$jHdQaI(uciUy%(Flv!CL-?a{nJw+Ehx4o? zyg0b!$AolzLP8!?nq6-Zv(b42QK92&S{j@)P{W?o`u}Ss`AjJ(xlJxlpZ6dcmyrZK zigB3`TqS@JPyt0v^^ztC`yrJTU)BHXZ+b(M-DU2YH;OM9X?0pVB%~*P@Q09yK&v~~ z#Ewp6iXC3zvc&pd*2p~$6{ao>zaqE3%bkY4|4y1JO9--=T#DDG`C)X96Q za$>JHrN2Gv-&*ef91}vB5dk-zrQz4|a!P^sOB@nLB6Tv}S2NrbbTs+#0YwE)^lI9G zz$6iet`!jV{Ej_-MnXUv)CHI>&H6uy7aQ?{vm?5FawpLjQ#ehyeJ>4TMfPKUEoXj} z>V{S!V^OXG5I;U!?2%kJh9KuK?Ke?h?KLHr&X5kU8}k3n0*IkV37pE#&UQMZOMKDf z%f-)+#5{J3I=vDa8Jex-2P;kr3>}s*0}O5;Ad$^!Z%7zcMq;ejvuMbjt)`ZyEr^K| z3X7bek1&7xv>cG(h4^&ei~~p_##G>kL>xN-%y@nBNpI;V=I2T2yE7zwMcm#+0Mql^ zzA~|wsJfQ&M}Zn$A!u0eo20c)d)P=1x>cUeid2JdpXR>DKA}n%eZDO{{u}ThJEQ?y z7A4>u5J9?ODYb#}US6ozYh$iXb7w9VfhmK2FOuchdp~tZ4`uM0uwaA?+>4nlclHpA z6n|^LqC@f}5(Rr>p%}jRUc|Z3ks{ZqGkd?%su>{bkaw0L%jhTTM)L}{8e;qU(})%+ zP`(RtmnQ#di@`}|WF1HXm=Z zHo90OOsoO*XUPW&+lj`G>k+r+hdxNq46C8koM3>1-;w@AQNwB2L}N1MXSe(kuRA;+ z2$fMNfO^G600sA)&>`N@E$02GwZAAxZ(xP}cd{EpW!a`8<<8Y5~9-nAM2C+UAA$F#Fo|6`FulSoAceEtZczMxazz`!k|}SAQXF!c03((# zgK8#@xotXF-uLP8%lt3^hNp`9@fE7Rj^KkGOnaCk(9QD#l8y5{L3y~4EF*PN|HsmW zkGCH{dzUJ3FWB~yH{^!fzfC;`-g`b9Ta(|SR|rK_7&NGK#tg=wq~GVGd+(!G?bcVu zrQ+(UOvIon*x9Ou&aTloYitb3Oq|d&u;H}G7jk|sVLs?#ztBMFKk^k7nLKEwu$})$ zjl%lhCaCYmk12F|n&K+e_4Qrdm9*UcGkn-5d^}3b;H|xxvd^0lMA@L5DzAiQG|={9 znr00OtO<3una|$Ie@+}PA++}HbQdAef^MYm#-4Su><7L z0@1@%ZCyqcwg(~|l?`kI^NMLT{JiL;(!Am=POjf3ce*)S1p10RR0^i9r#KwZX|uzg z#m(^#t2>%T#zMlLU7pXO|Cwte`Aqr3qPbWqt=e+d-u!#8N<3rVmI~RF2uw_?L|g01 zzfRJ5^@z)R3*#795jK$U73DPZOW=>Ge#+F;&S7Cq!rC27GQqXYpDBCdKv)Lo6Wx~0 z^yoK#c4@%#A3+on=WLk(kP{vsyg7|&I!$EK3>UFZH;1EC50)xD9_`su#mEolYo3)_ z(ZGD-TZ;Jp1Lwh(z#j9PMs-^tm(cGk{X0A~NPg1Z!VOcL^kcS#ce?>H#Bil|`}Jvq=Zb$$zN6^D$|;d}0}Z<8@a~hlu~aoQ%DSn3@^j%55~=Q1rcc zRQ}*7JRGZRJ_V~1lDM29#qs))ea;_P1uq<4IC-TOH~}|H?#vX;L{_1#Kg}P6+o*!3 zH77GB=|V^nSoo>K_`bif(GxL2!zV!Nx(I|gq@-&T-y5);m%fiu<^Qg(6B{#!`x1d1 zu18bv!c_UyvB1PF^bs|WaZwRC#lU~_@4*O&j{C9gQEb@gxgSkT&#kYg*Qqn~0nid+ zuCzMPrt{eXMMCL)7?|J0y(xzE>-&Hp#7YIGcHEn@83(N0bnnZSAR!?4PyFReQmCQ2 z6Bi+eaX4UlL`51pCSavyjof;Bg$825nd>iBQRsfAa%d<_`}0=1FRbNCl}Qq)$$5Q7 z#2&^Se}cu&6Q0It)D~{esA{u0lF4f(nwiO)ZMzw+?`bt`#MFX~q=c~H?_IxsM2~Lj zKn_x+4;rqd4N)+IC*;wFqKH(Oyyus|p}o7@%ZWF%QO+^gzSMU){0ktp+i7Pz7ogdS zFMR@JEa#DMGBt~#fpyuxHedaaVxt##7d)x*3f&tDxf#a|&%ibGAeJ~Ve-u<<_f3u4 zoho3?Z~BxuVKKN92_&Jx2ll5+3s|19#yydXv&iQdX~6W!6U!m!MqcMVO_%{{7rP1Z z;5wMYe)3)$)QrIJrO|15x+JY+;3}q_j%}^^vx%nu80&DQCn;ikN*1ueGlm)`@A=sy z|2c4|wERg}JHOcI(xq{)`#5#UudC>iplJK{w;XCvf#oj(&JUk8UT!O&eh&II)3MfL z4rI{~bDMz;`GWQ%XXMVhc6{ zAx(2T=$|+N4ZJ2mG|hh=5`Ub~J+zkV1zJZEfY|~gBY<;hATXY1pmnPJV9yIbY>E~% z|G0F>)!Nb#(#aG?P<2`WRP+ud395g5w>PYFZumQ*{Wf2=Cx988Cb09ALg^l(z*?>S zk-x9BuS3^G*ZYSyb4oomiqESVQ_P4Rgfx{88~QtMn>n-#&I;90J6-<(A&TFHvZJc2 z)qAF`35+1WyN6?|RFH0_##P^tH{vTY_Ls!8f>6tD2UmqYCGznK(|s{e)npe+Pp*IF z+sO-|)&}a7ZG^-far$ZdiycaAV@7$X`5i}5XGi{nvIpQF!q3-*iSU}(#nvnQ!MsVv zsFWoR$(1<$2N#U3{-Wyl%*ksGP%{snNlbm>M&?rp8e>L7K3VS>@vJQ|FbPn?G zj}i9xq6|~`C?pCz#u76Gviq=Re=}||) zeDrEXwYJctiwS;^?B>jkN5$ds@ei%gkoF&&l!);W(d@rwpx! zjk3W5?5jMMow_h_xaaRbH|WGbI>_?%-OnAsZfrU!QS$qDtgMPQpoJ9mx(EAxBb_NP z>DBzypG_+pBkkn0lR5?DR7-x-vU|kYSc<+bF!RJdNp35*0Qil>@Tzop0iT-l=DeFB zK7|E9o6(Dx(~BpuBqn%Pl6%Wxz%zFm~!C*hBomhO7)M7mC& zy|b+6=9oVo`tUXnE#563-QVUtqe$|{-eiIDRah+#hqsW)(h{20ys=-Juc)ne4+3%F zIIHjm41CL;+F=^*XI0}olM~x01gj<%{#feLY>ohcd7|QR#rYQrcnk!;zm|A3;oKg? z9PG^PyR~q?MVTpE2|W%)0n4ojqUF!e&E@JP^mdl{P2Q?izI$ZzO7%jWhC_oxLf*U{ zI5a_kF{phulwzSGh((h}%12N$dj5dpfkC)QN4JrVcd=0idA<*!O8NnHtIou%b@maj zYf#nS8?qgunn5-J(=x2$=*PX-*gu#g`#)5DQ(z=o*X+c$t%+^x#J25;Z95ZZV%yHd zHaeczw(aEh{P*7PJO6vXbobhOuT@p6O1E}hexOyMFh1)Rn|}=B_8>(*tx-T)XTF26 zEuVy295AXI*b_@mLMJ^JUsI*l62!1yHleZk)+hr-sPzW1Rob#gb(TbLls^>~To zgV!k5?$1geesazx&wF;-Ls)4*Y_j$>f6AwCN`q{-4DbsogOmrT3jM$Do09^X<+Z6D zOhCPb!wi|##>`pZbP(wh_bJ&*W%uPBKE=Rw@R9)5LH%YT2-1B*H_-=WN6YX237S%+ z8G2-J8WUsS7mQ*;skrrSvXjwvI5*8~I68_CR&E9ZyZ(4*P9Kkpi%GHFzYeL)J$?lY zvS9iZTb>76?(_PBzX^*lrw?PZn50#QW(EvqYKjUKclkts7|4S6jU{9roH5=hYPXr? zbD;4QnQib?xj0vKGGa#$ADwOa+BVXL+61ofz(8$aR0<47)!t*ocAs86^X7far_U$` z%KF21rv9F>%>uLj{QLWK=hGpNuIbAD8EO9C))*1v?R^rj9*3d|+mYTHmGBoH89>`$1G+VB>)=wSv zKkxKI#83!y`$fdeMxQDM=PBr*ef>HqRI4%Qi3OTG30}~QeH`V3^1(V06-OVh`6KK5 zUeMF&w24PQ|BQ}g`LR-~8YBFiGMTy4^>gp~Vc0c|*P6zw`*y;h<%7UvEnN!i(%B)cU za@*NPZJy%}dM2fB1FvTq^vQm)^W)gfRXR#4en*h8r(&T_t1J1?IhOkoq4wUprIzFl z4sC*dIr^Yq6Hfy~&OS>IJZDJa z^I3EejFiNdGSLyeSJBeEl;*k%9OB>eVnB}VGfV&bSWvmZI&A5}Kj4IihVI@L%RuvZ z{?eyJ_Bz9K+UQbU_)M*mw#de#419y-b+@rsm$ngk18&^HLL%aXW^&r&XlLztW?^=H z;rTL$XG!t$Kar;RwrZD77+t{+?tFA80>Omrmz3w;Z9I`O@{f1${pH#(Ly&Ts%b1l7 ziNs+9>ZWHb2hsuJ*p7X5fEI&HDoy$Z>E!Aq&?d#BZ94P$b0ilo6a*72N!mf$)9(bT zw3vw1IBm+tZK4a)NzWqZHebA{0tcTr*=#5hV<>2aH9BVm_F$a0au3L41GAF<5z0;6 zlyZDz|x7Y57LGx~{zgwi%xxj=WHE&eK z-izI|m0$zeNko2dQ*JU$n7;qYExoyXcF>K9`0hA@_1~F!dAUf?fVIl?unN-a;ps_* z1LG>SMz`4P$n_BCwbzU(58!Y%QGPZ1MAr3QcKib#pGVn;a$&8#y%icu^MNmikjEq7 zlddq=_PC=gwm@vs{;Khwd$QawGPC;CqsmvCe{{_yDyxYorpiEAO~_xd!x+)%)ML(n zOt#wc(CM@O-D^&~-tBE_+IWj_5<2IP*?6YbKbKW*H=UQG;XtyO2{=9bo(lpW0RMD2M&%=Vo@p64(ld8fZ85a7slBSPJ^J`+$eJ@@Z z)cy51XC5CeK$9tAwN(ks#byZ;|fA_`ahC$>%4~cT%dv$={>o3yyudTZ$ zoaCldSWR`1usv*9vs6`bP-uDln@+q%o4HWZ)}Tkj|nltYvTw{kyLE5y6%Mfc)2UG zpc3(gC3YRUcbIGG>=Qq9;VtcOaw1#e>_BiAXRFCTtT`QD>#hMSFeb`(_LcY$ z+hsMNZ6mOg7n?2b2IGO?f{o`s=_6Z@_K2W=Lq&FBC)aSF-ec6t)zIcHbhY)acGQuAMM}c3m1XWvZJTLCyT}uBEpUyQPH%85z}qfiabpP>+P- z#EGEfc$k{cpdfD{7l>)j6c-mqnbCkB>gsH~ zb28agy~csZ<&ZXgVlVXxOE&QNB{sf!&rW57MTM)kk zaZZHx_imtZ=AJGm2~NI_`Ra&+bSJcX(T9j{RHJdc+uTeQCd&*l^jCM^B>*dO7zZlrquswgX%CL8s6$m=pRxa{&s*)1|VVBV>9ShkZ~j< zCaHwmGoEwVTD1N@#e~RtnOfPK;&?aT3>usN^bp90gv%&JpPhu^`104qD+3g~Cq?Ki zEY#f6v*he5Sy*U#uPupBwz_kIHIEH7z!7NH%(y7wU)+@1GB0_vqw#idc)$CMR;TnW zP89g^OQ>Eqf#A4e!^^AWX3kcmfE_+Pfp;WT6uNolS&K-}y^ug|T}?u-Emj+bU&>`8 zqueR}aE{EIu7bSse#|6vpnRUoY8A_?LTw@aqnKOc?;0X5AnF7#A+V4OYe85r=*s?d zv9!m7KRb*>bU|1?Iho#5_~K2CHb5dbw!a1|x=mdM?K{eyW(S*PA>Q7{0SAV*WBJ&d zk+c;L{^!T~zdiDcP+()D>URnX6d&AL5XHS+m^|Ze52RDMl;4skvRfJXN%__dzt(H# zCDzK6OjK)?z@(&95g+!L>olq~nLRKV<$YbIFpo3$-rOgDt12__7B`e5ga-%nr!Zti zNnI%n04+-fJFDJ}B)Wm&oGAO8cyf5006>X(^;(G<+(h~fNXb+d?G)ToDTm#Pev$Im z(8^o1T|R(;~CrCR_5auWA}@8W^l;W)s_Cq1vOqq zPKsDU!9b(J%}M3itkAnQ3$|^e2P-vj=(J+cD#L@q5d~NclLK7;{I}oB_X{nn^LKMw zx!`UBYNQF>(?k<#CaAD#i<}SLA6MCF%oYMEvriRjkvo=zjw4}Zn*akM;5{;g#%;uLT1!2O@6nQtkytk#$&*4z0kkHYEfr0 zg6ML#IH_Ghb(SCp;c-6^gV$1Lw?~05i1XbpZ1)&sd0q}B?!H{@H_z*%9|ll<9ZVLZ z>RiNzbf}v!41nlH`TccyQ?__7iGM+%ChXQMQY0a7? zrgM1$#-g@#H~iz|3~x=tNT>PBrU6s>z{Fl}jRY)-C+|0H6J9axz$`h$qwBCoJ4e!)LJxM1;ES63&VKuzsh3F)Lc%=J zAJ@~%s&XBJ_L^0>_QIaFDT{7I9H);xNz~_6)2G=LdsD=s%~-DpXHJ!&Ct`sU=7K#U zqtXgQIF1p;l3yd&Pc-5TW#!8MG$j&yPvh z9UoHfECi0|VM-1(z`NJ;{A1&%I8F9^*TaQ3 z&p7QcEsL8AnttBqcez+sqFyw<%I0Y#i(tTDJz|(|PtkAlLa6593;yV6j{0x_+|1Oi zJzE^vMO|=~LbRde)|-Cfmw|MEL#CJ4E|I6QwloOrQToOgi)^z!O}m^FZIt+~arA@S zBl@}nP~WkfKEmA6*%hwcDX&MB8vTB)<^;~HfOAZ1)nPMsJ@d7@oaU)~6w|8j9Zu@- z+(r8uh8rpzI%I`h;Xx^}mX_NX@@OOk!3eXc-Ndj5;-@ zdVVSs>EKvyvZ$RhhBQe$ewtlW2NUDv3sm-%NkXn`X>d|iWqZB%#%mgta#j4|bOojt z@yyN|hR;uP`sCm7?ikiq#(+Z8uBCgqFTK%sd7LvU^G*(0MsN z$H=KTHAtzT@G2zLM3+WDL>%^qLJHb|#bdV(1oL+PnVrg@(f5Pg$(v-$<62M<$;rM; zfh=X&Xf{5^)oy8E6>yXwiC-+8TqKV_S=_s-DdU0hgsJv3Hd5&6asxc6-StczrdWF% z24KujsEl+IlgU~C5}sSAz3mv1WK0VwX`;nSgHt8Y9CFvgaI9C6stdzb z{)t)KN51X`TzawoD{@6tJ@_e~oef^rbbMpX4-i3$9h{En*SfZ#TU->KyA;F%^41I@ z8i8OIF1% zzy|fHfv)E4pQRw|zJ}P`_&R)f9a3M5S4S7I?Ea;vkk4 zh~;_L7vcwI%y_Umzwanz0LEf@c=Jp&HJKITS)tRx2j-rYgz3H2*&$}%IbQ-_@!9%C zO7{%}{~?nv90Z?s(|9cHMOk-NoG(xG$1G{g*t~Hl@4##e?&S~HcbQ8dCT&7P+J2y5KmJ9V; zIjr23jFgnM>h?r}mT9M}ydT~Iw@r#Az?GH_UZrGm5a{&GQdOJNHx&g8Ly&N}_q{)P zXz)r9E6KfBO@~A+G5jnrTUEXH+2nQcCG7ZIrFdlae{=y2zao8}(26=|r3__)Z!x~{ zVLC1c4{jRzVOkIjlBT3Jf_im6!{v7iWvIEV$;5S}uw>g*kt|l>GURxR!i^~|Dw-z> zLzGa{r51I_C1KYel~O%#WnZOht=a6im#R&bd^T4lMfNVg67yj4w#8d_@g(?Qf%h>{ zlkIHr=SlR6@76t(K>4L52zUc1W;@YnR8Zy3*R8q#$R1&nRGWM3D?eR{KFyreaaq(5 zaAP}P?WdjQ{UR^GWtOKm+hY^R<^z#J@{=}_~f1* z`>+M8g{pkLDY(5ob}#_Fue^8H9~Fx&?gfQXCfbkd2lMpkL z_5>Uv$F66KKbuZDZAg3PXEHelkAQ=BdcEsqweo~Gm^MY?g1=Jx%1$OBA^C8fjuGMz zO_r;J^8%Y9)~wqGzpq)Ap6&@zCOztjaK%4EGzI^>JzjXfVkELN>40<(*UXOA3x2-C zt$nTh47Wt;E8LciaX?1`?e50rx57T1f&Q-3j;O1fMIK?*eCs6kpDqEN4#Gt|@=rd_ zh%4-3{di#lu(xlh`Nr=C&7`*SXZkmGO3z*>b8ZIY+$T>;2!+}O#D43wtwLx0cU>V* zT}%;O=bkRcZ~wTR`@}25!;Hm+%9PT#>9K??**k_f_^3Y8Zv{F?OHJFQz$-dA@I2ji zb3nIcQV1X&|1o9)fB)7q~8dHBj^Nb*C)1#_dvjVVXh# zRjb?@<@R>p%Hi`jJFpl6gfIOG1wAVqV%XiPFaW6oKE#q~q2$_lhB^XCrG9eYX zZzF5L4vFi2z6$21&F?{_IO6EMe!Nqr(orI*HR}VY) zuAKD`|3$U$AB)mdgKZ+Er|}_e7K|ax`QKPuur=s8`LFS<2iHVtT1`rqU$~ zzz$2Iv^7Wgr)`Xpvxj{OQ=^D+h6o5`;K7>d8+kJdbL_w8Ic0vnczgVyYn3Y|9+ioC zHs6S;>MQ&qYJl>3G|5?k#h@!>V^cL1W23()bvfP$>Vu%y?G$r<{WWCo|1L&gVks#t zU7|{YD}iQ0evPp8Twgd-CL9njtOt{l5?eNmo;d!Wu2qo>ea3sS-lNcNM^TBeST*mO zs<#K{Jk3hvTMBA56~D*V6vOg!+{simx!`afA~$`*!1liWW!j6Hmk#KFuF5A?Ok5b2 z1elY3Cr*NRU4DsWXkYsfcnP8wM!M}c#d3RLZ$XF0z`rAdcXv73vS*6$99BkgM-fY7 z>qnUpXQIX$*I94c(q+*Oz*f$Lr=#+;l#+4}fo>I;g6C2r?P;ASAyAqUyR@p*rMjeT zdQJwfCpRUkDv0Q|Z5HpO=`JS$gQI#Zx`Nuy>L+M}4N&8NEh~dNq~Q06)^Q<_-$agq z09XFaTZbwKlXjr7^~mt-p+nb<=90Y-X2;(9!_H(6%>=y|cbETH-pq}4Au@i!NeE1g z4;8*{&pJk&-$gcaXGi8YZ%-lV9@rR2|7h!a-pe!D4ZaLP55>+yVnT!<6RgZjU0+JArpst8!7?}PE#kV53p z>AnF6%T%rIc#v8da|Z_U;9RxhNT{2pAF>s_hc$`mSiJ@1f8 zNsDhEQhW4v@e5}MIg*}2ILwPa6&r6r$vpV^Qn?5(vpr&)W-N}N)|qCx9&;+?^Qy;3 zlRh@Li$mC+xgjU#tM}K2w@{I>e~Anw$U8GOj?b%Xi3A{iH?L)@DCw{(WRDDNlhZD& zz>7VG8}rHWtNw$C&3+MEU^64SMt8X>9$9<(nLY7DKKDkiI2Z}N`AobL&qyz&?(~SR9x6<4dWP|1|x{HX%NA%kayaH|CWvLaEs+mB~Z@5#7 zvrkI%Y<_pbD}~&cp*xE+AEXY!C-@4r%19&)|L6e;mq4T9DoKna05B>$BaB|~L)z;V zX34OrCf}%~{%f1WOhxlH>rhqDw)l2-&_o2m@}=yvp(0cS#Lik{1Z}|jfi8Hi!rVD{ zd@`radWj)qj;b8B+mA}C9sbuCD*vG$o6X5^W9!pgxS&ibeXTQHi`_vj9#l3!=U4tliB4dWN{fe@wWZ5Nz==jn}ujR zS(>{Snrbj`>`uAUK`%&}^#`wRql1|^xo=KtZzQr2WXrb+gkY_O#Bg0_{rk}{nDizM z*%QV8BZU8!Fgbc2hetLOR^;r8q~Bi*3^o~bU9telAjW4CA*S*e)Hh62s>J2s$~FSD zhm~)oT8f8l?9931&Jlb`4_*$VZs(%R#bVqGgIe!-JmW}H#0+cEGs{??AnP(`XDkqy zr&eS~?mlt+?1HSc5=Owb;;TX+NF*E1nfi{L3DUf;dIcY{87b=?Saw|NXswo-m}u#C zZ6n-UhKQ}M zO2!S=*Vc$D7H2tUXR8g|*^hMvir|zR`dOt*!DQ|nv?|1JB!I=>>jPlBfmp#6Bm?D- zoe!bBaK_3smf<5hQ-yl&S9ui%7*|I#)a{ZTb{>^4-!oW*Z&n8=_GnyBw#ImQ3THi* zI#1;>hCAU6^+W*^U?Fan516I?eH)C{!a6((Ln>aax5bR7GVB297GRL@*7ev3k7R$>Jj_8ZCTX43b-q_EXt)A}{ zs^yW82za~c7P$kwBH_lHL7~q+179;&F)bluif&K&Jp{o)Z3G%HEb~h-8!8xeQ!6Vl zTfS`|z?24B?ALn+ece^t_t0YRZV*OiyjBuAI-8 z4+5FI>l=%+q&V}gEx5Se(p>xAwJUhe(-2;hM^J}sS%}QM7}A^_pf|qpLVP@)bGJsx}y# zOa(GFpDp0KSra^v-#cy>UaC?eU=>KC^HZ1?qOpG-TYXT>+|c@a3G~22r68H}EjF+3 z2Lk{!nA#BcSD6!CJ&kE%gN!}zq=U733aqH7n;UDp&OcH8xZ78n=5eZ(DjBA-c*^N7 zf%(a020h)6&PG{(ZCx%mIvn>$QMkA*dED>qWpkPtrq}?nWPGIfzzGDy6$np=1G61+ z-4#}a?SzS?V zQ*Rod>X4@QrGfv+onwlstjgQ5dYaK5NpRO@xvxjTH3uvB)|{ zglL|zY=j|B=HJMJke^aOU`|K~_)Y*W7FIYks4SyFcLXr6gCtG=s0@kWSA!IdgMs?T-VKYiqBG3kG@oK#e4y)Np?FZaz3Mi>C zJ!jh6e(Gc+hOo!?51*#+ovR}W?NHdgY|ht5;XQGLI+qQIXh?6~*S9vW-o%l1`UHBb)@=iB*uJrD}quIB8G{rQIYZc!D9 zsihvgj&(GdgD6isb#&R&J8(Qx6VodGobmgaHT z@_|Uhf!my?BoAt%634iBTFUB9yk&Igx9gg=fz+rZo8 zTS=Fo)N!FcCK_6lt-sC4Fk=s-0$${W|5ec=4W6uzdt(aN?!zPAi`@3z!#^!Y$Gn-F zQ)Xr7_MBeYm~g(IKW;{i+dM7y?aZNQmUHV(6+g8l*}K&KhxuH|7=MS zi(p#@aAcME4rWk+lwi8k(q!=@e{^oG5u{QVzqe(!$0h)pLvKDfrE>+UGAkcvyc=g+ z1wLZ_EQXisS|nr0U@(TE>^oJ)_D~`C+7vLnw4N?$epjaPh7|KJZCFlD+FL$=@+dcZ z?LJlHx$`YeTo^L*&LH4-CB^&7DWIzE;^E__eee6f6S{rawd zzCJ#(*_2N=#^D8yB%RUFyP+);1`Wf>)9K<~@La&s+PZ?>iDx29j> zx9wWD6P~`?AUJa$B(Ii*Bof#HLHK2JO1CV@{-l`Mw8xBaOlf+fZw{04D=%i5@(%<+ z@-+B4#@TURHwnH7_iJdJQG)V}`d{swD)ARhuND;AXmSFGs$V_XX`8c!BMlX_urOsP zFU>S3Cj7HwiZY&)@PXm+bl~e2J^}uqi}tDrOM)k{p~eUL+Uo(!D4;|PzVc>#GW#-r zJVk6$y9xTAYO>eZ@mUK7K}NDb;(^Wx5)pt2jr=8@6Qbjb&NIz*XwI$V3s|zbW)v-`O1z6q!N)WZ1+m1*!)4Ieb3TA zC6}+;;}=aQK=IZ*6JF&pBqbWosq!L2CEd^`GLmaivYoXeh}q0dI~(GF>x9v zpkcSq-Nw_tHZK%>)ke23)ZQ3ElF|4?(DY6tH5x?OWZq_{n2e!?b$FaQomf|UQ=j3k zC@3doES@dXB(Hzzt@FG4G1GJM!nUopyHA*(4t|qe!zl~)B|FCXJ-6wgW@|@VV7|h~ z_T6x73qHIn%k@-`jL!y>4Zir%Qc`}#CwWRng{6$4WTpZ9&)1h%(y%P0t4%npgVQCE zmv@A|lxcTw%!Bb{HS?b*F=qlpi(6m4Q+nRVJUw)I`bh5Xs#FF*p!xO3N+*uhVp)lE zS1t)v7E!-U%Kbn=F>M0`2dj;M%Rbl6eAWEP@MNaplBV-+i{MwkaL^#H`;WNYp)O>f zjEP}HbHoZ(!-;2 zGpDb&e?qMHBnEK}<>zrbrxNcZ;PXKKB$t8X{*~xzJC@rlj_6W2&{tHK>>-5I_?~BCrCJOYQ+7VnP2bMHhJkT1JTWVEXJ~Vx z8-ywGPg1uM~%*cF`N#wu~34vlG+0tlnaMz5zV{4zwJx?h5 zFC>3tDxQ084SM1#0UOA}Mf>Sx;XcH;$}kM9*tpY&o;Ob64<+8NDIuJ2Mn2>tt(UFY z=Gfq&JXN<*wUKQLUGV76qokLaN&)0oa|x_0;yiT_3!Eatf7)++KFW0ecxb=oRZ?#+ zjr0tm@SO%>W%Bk-iN8>MJMguw^Q+<%_s12p>&1=G@FxPUw28K%W*mwrIEgL9d11_* z^-}L~6P~tpaa0+{1s}neR+|PFgMc?T4Ah~*W1XE9(CxX0b?M6vNGG@<)k z5BZ*+gV=>w^Avcbe|iC4A#Sn>GATQ&0$X2R?;RN_3{|^Sl#!A22owJoqFJdDU{nzT z9;9fp*IQm7B4WQYk3GuTzfXZa{}QeOJ6k;g{t1 zNeeqZegkjaWIiDs^*w+MINjZaB_bkHtpPBUxhi(Z696+igL{kDU4_|?zSn!(=nv{U z`Ppn%0h<*^w-F2(Ov9nmxN`edA`sWJyb-vKdLWp`N?D^1*9Q!% zuaE3i4O^zeF_Az(o7qGX{G!QHTG2~58{auU4*@zEo9r+D-2d}qrP~$K#-dXYM-G=0 zed*wk$S;UqFEfi=1?B)p_a!UQz58*={#{x3YaELaSw0qiST2*FQKeLJ(;!#FpucsN zZ0HrQ`&qgO|ERrIyBRu}MjiRcVd{N|wAgb9_P{d{-Uz_XG5`tj0}?E!yc}oEs=+D3 z=kjvoxVac-RUp!D}l)Z9YVFCFcihTm+JZpZHY>Z)`jq!t8{9YZrQyHu_o zaYBPh(dwrmrGcLrC3gGaRcTwFe0!D1(iDMM$(l~S(K0Z@){o3$5tyl&p%bmiNO_b* z@&we5m|6P2cpi*Y7!BgO-$!5Azq~w~Zoq|suCOCDKqq-^_k!db7Y@rcl6@;EU=xhi zce%5opRKT!picr=o_U6(Roi;)wKdJN)}HQ&7b>^AU&RvnzoT@xT_ShLNl#?r`8vlX z5XEzOs2Vup5)7dHgJj9#q!CzD^gYW|Lbbs`(CNGtoBVMbB(UuMn=PzpQ{j~=P`d#h zfvecUkfoP32rWmhCV9E2o5JwlM@dLnmAHfK8nyuQHVufI1y<4a_K-xHR5Z9+JE54S zj!u6vZMNp5y<`6cA!Dw*_L9}7xV)&viug1DJ5N#h<)99FtOc!-2m0qy9VEPN3?6HV z>#AgCt2Tdr>M7zN+iGv<)90prhOg6$kh$_AdI-OHA%bS9+Sh%_vM{W(Yz3xdOTOT% z(NaLePWieeW%BH?Acra^itfK?cgbN zYs7G1>jqT*Lh7%!*CF+V*CUVqip9$0F5kfj<%vFlx;xV1mrkv@Yea4#mQFKyCUj2Vr$IUv z%hl$x;CJDUU6bSSOHdyyL_hdK$Th8>V$bwBKv8n4r4 z5y;9YnwasIOG(pExCYQuAc`@!-baZUs2oSQu->>(p{G-M^KneYe6f?x%SpUSU}n_6 zFiBv`>o(NG`-Q4guVV#FfNN0vr%&ghx@8kp(MnXbm8-QA*Vnw}7l%TgQFpn!>m71t zXjoWAN1N`nEW|TZi10jG66t<#pUB_f!h*ufsBja%h{e*)ho}QK5{wh^&-9w?*$Ph; zC%H#-;tEiVvsy;M|FuLh8VS1MyF3OE*l+*)4)>`C_)CPCR776vxg5iDW;iwNyQX~M zM?HD9nOG6IXLaO*pe#hz|2{AU-Azg4rMZ%^OfoWzC+Wjz?1JCM3SvhPF5f~GvZPXm zuLGht(`kg8GtH--;n2TS^AsTYtW$rBI8aRGonFYw-L;ux{b{rJ42otIz4ng7l;6dW z5~2%k^_kR#mBF}j^t!Cj9d5`quJ=mAI?ol#I*(m#)E4(hb?==jeV{1`&imluvd*7h zY&!4Dvm*D8p*;l{7~j0@d@m}Rm8V*MaG6cP_Gx1!Br|XjSqjTIXOn*vo2iUpU9=hZ z$gU7plc-qY-Cu3L6J^0gjt3yt0Ge`sy<)>-Ij>U+-A|iHdDN#TK2My%pPtg_mxCu` z7UP7iF8$OQsxUCQ!D~A;$He>kIYJ&3t;I?1;k8=wgCPE4RLrTEv}`>cUyZvWwVwW3 zk*0&ENBWvCxP!xm12yFVW*COVNpI7;)RPXnx>dt4518EfIRffXZylbH5lh^Xe#Y-q9G6jnOj<;o7>}%(O89=!bs1|Y~SFu*=g3^^U`L)vqzIouI9p^aIztR zqR9ifP@yiIz1jqfy)mqMKSuivVW?<3czmPDhN6cD-?%?$* z0=~v!{U<^>TEgV$a*u;_{Qr9a_(Lf20yPbto26LTx*y&n48bSMau*}v+s98-*>0KY z^n(?gCtem{Ro%Y&>`j)jFYLSTe)`TaI7^27kP=ImOg_aARS50xU1`rl>Tmvt0yz5rTDV)iTf0NfJ4?|G_gooj9D ziK@M_5c9V6oiHs=8EC+Rt1ySaAu$x0j4VOj%w=rC_PA>2a%UqqD-Tipc)5|OOrF-g z(^&GV)6S61;~K=zzkFQ=72B$L)?TkHo^g%jsN|Km8_w$2D>Uh2^B|0aEX#n?5Y-*Dw9wQKh8 zy%r#QDI0h$aG_ZR+CU7{3*-?~^%`Qde<|1kmf&k6e`%V^D`W(##H{9ZZaG66&-e3>(AKLSJUMd_Z>bO3KLe#PQmkHN_ z@;w}Uvpi)f?r8^0bIZfzTlg*_t~a4pSDJC`;YRQzz`>2@fwlEiCZYC|l9}MpSpMCL zcO~s4TBze6KW!$IoT2Dhwcg}Nx^blxJAaU1(?W(DM{hI`8(WNeVe9Wfj9J~?{ zfA$2xCN>YzIW0aNvS5JWK5&h zzh)c1jt})eqKvi=q?tCRPTkT%T7nxLslO{L9mNJaD={jQO=&Yy#PH{bKhh zgP2UO*UHp>w|m4;LM?C4S%{X%UXpb?AJsU_KRn%uwKbTHJv4$%>9ta2p{}q278fBI z-LArRM4({u5|5a{^}@2;omr=H1QiS)P44{*YnKs%i)93LV?shEpqLvFuM`Ls9(-dP z+>4A)qq%qA9abO4(1s(g@Ppgok-K@lLbMiotj$l|f5RryYUzT=qtqhGa6dNa95Cwm z57e&tN!*plL5tQ(E%{I<(Uk|jUCsH~Bd7V^nNykNA`B17q{=m5oO%H)%L8gaPi!ZU z%1K5@k#jE*_bJPTVlifpMkdVq>74itIz5!|g{0bFS{)8b(qc=MjPTFpt>lapW_0&T z=pDXa6ZiM`JAAylCedn4WmKepx7SHplY>Rs>%anw7 z0pWbOc&x!wRw30*yx>xL9X640 zH(O-I7R0QqY%1G`E{|_x+P3?v|H8^7AtqFaKN56*`|$uwHy@qo|EJjUsCom`QG%M6 zh2w*>sWlL2W4ojJQ4-@3=PgrCKeO-T;H{DlT@ISD*X9sp{6@LT5(x-5^dh%6a@uW4 z=3c#^uOC?2%rFlP72|hA+~U=CTY5zamSlhgDQj<=xeop?FfkehloRK5Qa-Eo_S?BO zAf9SuJgNJ0jsFHZhAoR!pz`hc$ODy2kFO)n4c=kY#o2C`>dKl-eXxe;4AX{sVrl0vo_dcB5;XYm+pUcf0YlrTR(2{>;FR!e|Jga@nGw;iBz*LN;mIRrBoq1^lR^U{zruTI33PaCHp5^m9r8&>5S_Ln_~I z8c6AH&-g>ZG_r0Aj!%^{OffhB;d@RE&_d|~@k#A6jX09|Z>mM;cktzyA=?wNo)`wc zZ~U8ncdm&Y&Mq#TirH%YJE;8lb~*#WY@;I?TbY4EC(9aj zM<2_m=i#|03pp+0Ygn?YtqomJD%B8<&(Vi^xvo<0>JCbRW}OH3GgmaklJ#OE_3@u_ zFznB4HZxpA75`^!(4TKzi!wH^8&85kaw$B`_SRKY*=8;O47do4BP|vSiHe5Ehjw<+ zWe%mUz?#!MlZ(*A>%h*KmBciLTT0rqFHEJNDF>F;1o%-fJ1)ixpUK*tg343vo71u_=UumWV_2{#e) zpP#2_7h$o1JzMYJ{s5H|jaHk{+lC5E+qM#9%)oWle+fNCZ6W574mugl)|K6!tWRzm zbdcJzfi-gNf-Xs>IG&P5U%V4SK#GNMJs82Bz;sB1tzfxSY7^c6>bQ9+{Xc zdOoh!ojgy~5w9MRv9Mcq2fp1Uo^n$c7X-* zfEz{tY7LRxDx3WRTAc7Xn%3L`&52z#6>rD#?;dt*d~@wt01w8wVr5n~X2`-;SSIhY zryfDpqu+`G^KNlYtssF|KsC_)Mke4WegOqr{<7>rJNajG3o;;o>7VR&(Jdi=SAt)QclD+K%1m-@_vOvs*} z_2}Iv0<*T`52krdW$+L!FHMP=N2;jp?qgEFM`E)Fi(jlxNEG&Gh z@NIJ<_sE4<6*s}m+Jf?%Dx@Sg+INu}lBJrRE&dKMih&8yZEy4`=~2rvJ-v=5yl% zl-ziv{BgbeIIdvNRr<1J6OY5Lpyw?enXD<9E0INA(wHeX1fpAdTqVs#-5Xz^afZ{I zAJ3*2Ue761B!5eY(KWeZ%pEWu83>t&#z&R&^a#`jBU+C^*#kdY-RKTc5pv zghgh!9`FXagjXIQ#+zXm*T@$ktMmX|B zR-DDkUVeV6g*beFV3FQtf=c5-EM@9>{awIT3cOd>lDj~kLsD^_WKO~*BxJDbm6@50 za$-#prS9X#ubvD~gF!_*)UZmo4HanC%37=zs5eztii%|ElEOYzD3L+5 zQ6LtDa{R6sO|}1e6Py`6fw3LFyXJlw0TnHBAMXe>!u+mc^%II3zMv!>qTqJmHz)U8 zv;7k8#ag3yaU{lZ{)#@|KF!v{gf(&M|2j-{S)i{-ys(nyZTzFZ{-Q$tCExh)Wp=8m$JRh2!^l5;(tG^3!VJIfvc9K0Eh-W(!?z~vH@D=n&jYH0q8&j^7i z1?0zxo=(RW+60}4;7Zv=r!we)cjQ4Pq|b5#n8pk%aM5Q4UEE6ct76Z?0KQi6`L79Z z6}7p;Fv(Z^H3mq1HQBt;Jo#3{s!*Vc?8p@z;k;%qbP9-N4~n&ZzBf~bw0NWFVUqG3 z0?!k_a6`^OY!8zrkF0OrSFm}FV1Ypsp&8(Q3P8Tr32hv$yRxMXL%RO!;m{{<6pSO&B?#HyVpm~ZztFw=_{YtDUJOA8?Inh*` z#^Ph@gvTVc<_K(VLL+p<03#H3t`kfs#x1zKVX~3j>SKQX94d3CB;nz~JrmHQj}1Js zeZRHt{7@HcO_*~~4>r;RR=yBWKM!(qbHxnBd*JuJ!gIlH+r^&Bo(Nk+o7cS*uV~fI z;BjQY-YYE%J&Yg(3$_I0|>FuKZHRS6Wgk}`7+KNcrps6NssKr^&6C1jU^ zaCt#`EtsUBSx~b?husY=;bhOm2e-w+P~GRwDPVazra4RC1xylpOS+=y_P47YOJR%J zgT(*h0i4oBuLh;BRHm%>zn2+$7#sB%PSSM>#^h%+^C`qL%FmLKzxub9d11|zmk7TP zA=tkzXF!69l8*UMZ2q2$x%aGRlypHCf@l)Nq`!orx8%|n=TP&=Njh3teBEIlq3%T9 zf!IX%qDEbIytTy=}DC^zvhMNkrKeRYe=vwf_u0eLSBUD`Ihx zL^|!a=UKi(nE(ICk%LlDoW^c~g579Tv+4osp9TUy?Zbk2Nr-1ZVKGd; zbbIEiZ1G7_9kJMxFDU(#C&0(wl>1#&Sy|bbsXuu0r>=BM*T0bE(`m2izA_e;+A#7V z91@aTe5E}24Fm)-vOJOF(L4rXDV$M)1{aj0mo6?E1vxos;A2|NFPzxQK$Q`!Z=2H? z=Xv3Ijus2u-Ay%LY=@P@~ydWfjw-ee=_o+3&RXEsf!67I++G zQPdC$fE62d;3N4wAXD55@P@PAc&9%4#K z78LRoMHD2w?Igd?=P@A?!qu)xj{K5Y>4}0VuEj5nJR;GyH zE>vL@Er#J-jEM0kkSJ#>StyGr=eMvJ;ApUEf1rf;@SzVOs&1Z(t{fd9AUAfuBtz*ZoIDf<48BqwjEAtRD*BY2VpBVn22cY;l355spI|{nh*a)s>AP zD#DBTVj(S{D8gS`>+2H=dKBnesort>UtP-Qa-X%%R&D!+8izJx*Y`g;(sd%x9OvBU z(FiF!N!mDTx1^fPg2#TVOo_jJNuA~^5&|t2VQE)w?T6DGG(B@9iRv$pqEesez`M&) zRC!yj*j+V5aC@5hgVU9wh0cYZ41sm~B?v$N0SvZWata~rC*F973sm38ZrVTA}9 z;Pqn!KlhmE?Q9EofO6@4`flg<_k#*$a*8JnGxOf2O4(#W(Q@LFumV{h!Y`h<)DbhH-;3eeXQ{fYOJbxYU9Y``nRLo|c9v+6kVbJF2wt>ysOoBNc z&5FRTqe3>D5d31P?Re&kdg8ib&KWG8jk=z&_>%n9c&p`pvruoU*pO#aklSY7K{|z< zZsaiOjmH7IN31OjLkg?2XO*{9g~{F1v4inLQx+AB$ybP@Ii{BI74?{i7@#8$Zu*qC zv6Vk!asrg&eA>;(Hy@5j)6ycvqLseS(Iy1`{Y zLXa?2xsuKJnjfgxWWadiqAOUe>iE;hxH_k^Cuom_PlHCSf(~P_7-D6w2$3a4c_$g9 zEb4Y4!xfdaDek^yZEl&$cPXmFWtn_?el0kpXp9W7?kOull2kiM&h^w ze*QGr$nrJNyTN1Y3(56Wg+`^TXt~|;tqh*OP_mUCL(48RqgpW|6hmqnkb@)vmJ%<< zk)+`L3iI+z4oQND5+#8`N+)&x+9EI%V|NoDGg+ajk6bngUWoJ+o{u7Bn zPU!mnGo;swqPKtkpm)UzWVjegK%TBnco=c>$jCkr<@@7l;a4^|cTGvrEQ(DQdj$-9 z?VXjmt1|PU(wzN0P~RzhZFU;4WaF|`ZoC=4r^C*AWJ&oCTE0g!*;b5Zkx=uY1+0b3 z{EsbmZBn*^&+_CV0o%PYGP`FL%5wcH?X(N+qf2yd0za29mxgTtV}8Y@&VSOu3|yW( zKaNlid{%X~BKD1M2A93)b^xveDp1wpK#92`!B;mmHp2MSipS(YMmOh3r&OO`TnI2R zJBKuR6JZT0u$@nO#~1K!Uu7yv)uGWQb;%ZCEW)aQiVzf%(&Q-uN{SLLR`G*I!?ldP z#{v7SYN-56!Uye+M>{0IQ7nvEt~twdc|MtC`-5~U8>5tGz4kmHG4#b{(ahs|Q}I6W zd{d(dcYJ(4<{}Z?&PjCj`o`JBa&KoRKxG6oTX*%(#ubOhwaeG#I+l;O-a=_{-#cu? ziWOfEUbPqS&9Ma$)0oTjd_AGx(AI_W3(B?FgXmroS(HeCevk-Vo+rPcV7MNDg2v$t z35fn`ZFCg0Hdt>R~{m4G8astn#n+sg%qi%Ugiu3vs$$lJAYD zhxvYh4n?t$YcOeQaeh_c!FEBfyg3v(q&dx&Zh|vg%xm&dOgD?qWD_wk@GC-G2osZ_ zL1taI!c5d(esJI17BY2bgKDf1#cXrb25vyjshVyW8}Mt$Yn^4Z7b$4Z}fwSPj}l77Y{8A z(D>Q9K2++4Wea}vuvu#*sfIIg3SQCc$Klr*bO>1wi_r*cX@MS2q!Tmm2>W!ESX4y4 zSv|UCrAM^r^cOa;zY|ly8k-S8h(BrjDJ>Pl`{Q@ zncLZl@szi4BBQbmdX9mWsq1hLx|IbVnCZb$NIj;i^Sm*dsLkToV{Tj~l$sEQL`pZ*V%C1<(JSl^HuVcRW0Vkr@gR1QE5dS1unyh9OszJk#_ zJ_emyUk9M%jS4Jln@>XmYW4kh>)uf$LO<2*>+F>q@EW?$R}(XJEYsTCN)#p;33p4d4#Bxg>eV}l3F*PQ~ zMxKd+T3;9Ypjqixi4dvyc>k$EQK7t+ey{b=7uc8~7cXE;e*O&fAJ{7TlPnd~r<%$> zR~3=JZWn69`FTZ0sDnQ>T~U&fLWm(k!#U3aK7pheE7S2Ch{v>mhT(duO^({x!p8o7 z;pf=@QvTGdAXc!(#`E9;aP9d&l8`J6qNEcm+X)z(UjP361^WY6BYjAh!l_Mdu5>2A zLJTZS!WvGXV;l{2dEjNf=3|8sHKAb5%Q$p(MS$oBy}dW#{75}R+@ zpgs@wvYbD8A1oymVqo+-VqM$^#c`YVMG@-ndN153{o~j~w5`I6B0tT= zfDaE2ieD^+5u$%mJRegO6eRWYllvq#3y7;u_t9F{yRMH?J?G=8Qnsc#aX45+T2ZzW5 zC1R+uITxX;Oen*?kE)|kNa^Tg=igQLNwuun2874jIV0}sDjHJljFi9yOT78@GLYBa zt=UgGZ0+F4$Zj^=**3?&mG=(=M6i@i`Mf69WLLMhqNVfSznGmPyV;1Ggx~(zwG;fG zK=-b5=<_x}6?5f^-{tqUlRWfwLa)sZst|^cSA?Mm&^|5Tt8Ee0p=R4CBGcBUMk7mE z`)!$lgmd#7t)!)e2LawAoTs7Z$MZcC^F@2N**^U6?dcu6*Xt{tOPsxp zKq#OVCQTu;7*9jD3DV$CVoZs8ygAxp0N;Tp8PDV;XovI(`nlR);eBUt?$hx3k++r# z%lPAj{Ri#w;i?fw8M@!jZvw4sW-u1Yl|Q|mPTAXh0nreB5x6254f1#k5h_tt5i#%= zC$aas4O?>8yB|M|(pRkT2Q^|bK*C8j5A^0F_~4(?&|}>-&&NyPvEJ@kWxFlPG&}}Z znx0R4anR+B1Zl9|1$utmHo@n&6SvYUl?BsvJ&}=IKJ`K8b`C;1MZ3b8txMc!9vJ8g zO%+q)aQ-SSgAy_N{CkiL`O5wLVl`Vq+hfKPAZ!Be)T-fITR$DVE-uSH@}FP!NG#9O zPyN&dgewc|t>nIxP~M2Ej>P@_UtEOWa8SvZaU}noOFIp4Yju>!;*vZ@LtTfS{NKuu z8Q#%{Ylf(V--i3mJox(YY@8gr02F7@o06;Nalq_#p=Eoj(mxDL(G+#G+3GjeM<>TV zS3B8Nf_U3h_`pFNAkKoa)%2~9a2sX5&_btl`q;z~nzX@6SlN_&V+(IaCM!>27CmK1 z`Zpxh*8~K(#Hbvut+p)Im?AlytO$HK>v2R3n>kReP=o@EJOnEFDzhC9uV+iR>4uU1 z6T`oRtc?_WtJF^~p>%_{8#xV=7e35$r}jFArd%VXm^I#I$TfI#Ez z>fH-i#v_Sj_JnHSP;1SOpP-QlL7d><`yV$ND^OMU_vsqXN3Y(4 zY~!fR%Ch_~A(sVc*UdC^_ZL(BCuq$=^f7 z+3_hm?ug7ohy(oMk2abf0Ue2V&j`LM-Y z2?WR(xlS|!_x$`i9=W6n&7jNJ+;tEuoPaGYJlbwSpu-EKgTMHK^~cE#F=PiUEg?80 zqR%Ir?BeEae(%YB2@rtsb$nYkLWkkV13aq{Fvn5@0XLseQy;+B;M>k`=fT+$nAf$Y zPp`dh4u^|tlLeS5@2jtX=8CX{M({hRmI84kz(C{hMhe8k2)G}K;Ew2QGqh|2y|^u^ zcD?e3*<`D=7eYP}<>|>uqPa`uyuDrZV5)%y|Q@4Q#&hqu#NhD!NjI6wc$&8TwzqdYi$>IR!Pf$NRL zZ7IQ)$~0MF5z%1M)=>AbyFu}Y8G(n(U3*Q3jPGy3ZmhX92whX#RELiE0)?_O`%ju; zL9BLOgVtXh{`~ght^GcOD}&4C(~_DBrf_m>Ril-+BKx1jR_vofd#>){ldm>53hr`< zH%Rl(kT@C&iW9*J#f>J{b2U8_PHg6Nq$ei1Z23Ni!D(jP<;$1(>ckJ2*LS@e2`D%# zpOh4d4EvL&?$=w^%oKVA8gs4re+8K0av3b~=(^ZTKyJmtCGTcyl5^1m5!grz{8a{b zS!o8b6uq0ctzF5tdi2j45x*DtMzk;hGc$gaN9$xL1k{lF1F!aBMY)0isE_#TbB1h- zu~THA&h$q_FK9Bc2wy4z^8ZU-VWazT)sJBH;KlOC@c{Iqh)~{CQf;m1`w%t<-kFQ7CHsYl~*xkzAVm2l<48gjXBG-9h7~T#$vP#VLB3 z8ZFOOz1fp6tv=WT~bTx&+% z*5De`iErBlGL2p*C7e`8{8$s|C`1pUEdiDMw5k<;7HpQeiU}5w=vr8#*eG6VvvrLP zdnT9cTrGCW+3{NQ_{Zlz4lh-H!1--c$%Y>8Ko3FY#NyFLyv|Y$*4TZ1&eEz@!@KNTs&t{M1^#jg7r$*wiM^03g=7>}#mO=Q^&D zxYV^)A^>cXU&3H z;Db|VXJ^NU-k~;S>YyWO1fYTiakVtl1}{SyWUzgs!gmrkFH&IcVtZ z+mkQ3ALJW5!k*gF(scrGKHZr!gER}QaPH&J0|~%O;2U&v+(XI45W{>K`mg7~${B$8 zIfl``Q#N>7cp);MI5AunoX1Q(m%G7g4U>Tq|4%` z)@8c>qVgACsCX^D+XwFnThbVNBHenA0H2`GEAB9}wl0W_P4U(xAF2Jx&i@BeL{yka z+fSKu?FqgjB}Op31@FiRJPrdu1xLNvf#&h{p}GSa(CqV95bB7bbNy~f_%r> zdXmjaXh*M_^;t48XBOi+=Z@KU#Bw68E+hAco#e(j%_dbv)s@2v{&SX@OcxUU)ZH1H z4=y>rg1;;jnV({??IVg84iDoVKD2ko{l`X~R8=zxvM$Lmg-if!OtTpTrlkLw>r)@V zA=_u8nILw~EQ!AOo~_SjdmX4vB+a}h^i5TtF6C4M$O68YY#kkFc&~m8%eU|m<>aS} zs4u(TQ}-U>9BW5AerRfn0Nq@4AoIq%50H|Do+U*k*ZY6=k8+eL#FX0t6f~YZR zR%&_|D5pM$TU^5I3f^CJh>TluT;;({?{mHMJu7bH<&^mARbnd;k#{UcLP7$;HwP+8 z>O?fNg)B@)TUqN%A77#D-^H`k+J55X7$)4=-$zojNHTHB2Pk3(7totY?ab0_5uJWNnP!&F=-Uf%aaBj@)$%~qMn!EY0Y&RT0)Het0 zt|A`f+W+l*ru+5FX2~#!PN<-w!g}j9i~J^RzDy+yY!(bW2cU3=veJbtF7m9GcOXxVbTcN052P_rHTmv@xw>Ft6_o8dV0V^92P zhSUjo&@a!=z2bKOLIIx7tvC!B+1va4%}|#ri^Rat08n=`-PhZ|Dy-U1#iP*aP3Li* ztkeTY5{8y*ty~rh6*3X2Uqczd-dDHH$y`z>{P8S5eE4uNM3uQwm|1ONIdOg{)ut;p zG;Q4XA(i590+#V=69KK$wp7G$2H`18PLLYn{G&N^ONK6~`0c?(9Do@>LkR9d|F9Mx zmN@_5B;oB{Yrg8Ih{`Iq8;YTSrZ30P>y#tFM`b+n{eK1B9S*2#Y{hc>Z(clz8hXW@ zZ%Zw3_tcRbkD*Yp(a7R{P)MhUUFGtUG1L5r`RFvYjaoGHBB2=6wIG^&`7&`^XW$D~ zK+un3^6hS~I;kZLf=gV#{h6Hy_+oi-vT<_W8+&4fu>Axc+XmmKoV%yY!Rtv6gNGDE z@e9`+G2Qzotkla?d%>rV>=Hjk`5(6Cc`Y$IH}>DYbzZwCPxXADuqPMIhnSeOAJ&n+ zrwk;msSa0pGI$f#+fKXDB+Eki%?NQb!cF36_iZRhJ-U|UErsSvw9Iqi_%A6qx$?_( zj9riW)gD3`TAz}?huiHj&I+)=a1$d^D0-~rL<}qP7$-sPh{~uf(M!(=Z7lwyi6JBI zbj0X~*7j?jps37#0^%;6vOGCwNqQB(TB<0B?0gRyo5cpHl4OO1}F24Jdm54t2l%@EqrV9l*EtwaP#P>1je~RxN+}yQ7QA=pm=Dj z4KM-?2>7K;lWkWm`R;ViW22kz_lwcnYe}|pT3D5;jq#TFd<&uZ12&TzzHB*`y_)WmOt-9eG~7EmZs*xFi!*W zctntsGN0?Ex=D9(ypkbAG9;;zV!ns@P4}((rT1qRr9n*7WJ@x9YL@HFj$SFtVmpi& zK0}k^D2UPi8#^mO(~Y{{ARuWx zz%wU@gwI->O}H0UISNL_#YQdxg})jT#Y|y@?^yLso=5r`j8gFB1_`s`qlrb z(e9zTC^G|vQPvb4_U8G)ek=A)x0cFu#<7AlOFWa}NroUDUj&N2=}2q*7k!JSyNg>1 z-!6TQU%k-~>F%$E%dbn`qIYe&f}-?F^`CKBtpWrC;phxXjkyWt-#_>;Fo|$pcZZ%v zCjKCrgG3k)=}bO^4;@74CYg~iVV#FFg=M7c@yiyulUy~X*?=KM2?4L&@s4GLC64RS zO^ZL+K>q&EWt-DvYwD;O#^lqaQveg%wC3nXlo-%!9Tk+lzSj`kuBAE{ts?Tk9 z0Fw`ft70M`&~>m@%1hUS-GDAB9sKs@3N7B89b_r{D>Q zA}toYgbMuBmIDV_aDtKdji=*0wA3t>q~EvrfGqX}Ft9Uhj>i+7B(0k+@?V zB~1Kh`~levfu82fctrGCZL|1&@$d*tdtCk*}`aMU{DQ2Hj&}bT#4Y3}AB)B|1!G?FG!k<%6 zH5wQ%MsrDETJm_Zrtek?e}K z#WP=HDi`P>31OiR1IvcoVDq%q9cV8I%7-{I7ZGf8+YS9=GfP&@HbjbVrq(-y3_*(_ z&)Zk-yf>;5&1R{ZpLLMVmU`LQ=T*O)^V8{IQb0PB9RVQD^ptCHl!xkPD9c`<=Ci~q z{GGEQCM<(XS@qMTn8$k$F*+#cZJv1V>n#Nlc-`@UWP`49k+K9zf6wtO$|mWL$9OiH zn~F@m#=~QbCW8m&dpOwW+l5S}3ze426P5UJ4n*S4s&TO#hr( zLE?jLTD*~}tmI}lEPYCi5ej(f^B`5m=fk;aCCa+qu);o_&$eMB-(s`ZYh%)yJqH*( zG&^9ua4$aqUSie_wC8tSm+*+7%N=X%o0+KOh94+igm;$l1}e{<06zw;5q>neZgWS5<{YKO z4Tw-|7$m3NLvT8uYO5sCYt?5N4aI(&7Dk_Hu+h5_SZH>%ygpke5;H3J2HZQ0hXw#W zQw{pQR0ZuTu)mqWm#gBTz5eBk3?0E(t-YySDI12_iTN`Or}ry_$!JCx0EcaF_JFaC zgr{%EG(o$ja9_Mi{+h+12*pqdErPn-N4qnMJlfWtSnG_$DaBXJ<~j7?nEbNKTJZY+3Iac@z$K?}1n2f&3cR zC-y->kv;sofQNaoZoY_qCe{<(*pAW#^UdTNNkv#8DQ%`A_)Yj{@{Ie(wMZv^>^5A5 z@=;+B#*Gq5_VjmaO-9DU5!M(v3Bj@0J}t`GmQ?8V!^b4yr0s!78kO3ztflD7(XIou+S3M3*~brm9KR(xpA`&-#LrW%*E|LK~u1ldBr2Qlbs@ z(oO(IMD%pKu7&X!X?2`bKQRsOS7e;V+vCB9ZK8!mrdzo#1Ifu1II-OcD#;oq6>dmn zrrDVdL1SicRi`hMOIJNAiXqXbPKpiqMg5JmH*U$p!wDEKfz$Nz=zF*(DrvmLhm)Kk zQz+9`iJ5rZ@^EpbB*?Gwt{4kSvF~6(&?d;+?~E1)7rS-a8BzD2c-F_wtnVy+jl0-j z;C+bV^}4QV=DNvjXpvX2+fiUj= z%^m@=5(epNm3?mBu4NLG-2KdoI}|q*N1?Oj|7Nhn}|r3Yc((cGG~4O%R5(eE>t{~n_}K-rND%sPkb|0g4Xt>GZ1o4XSqQi zu;<=18AEz>zpT1pcA_;hu?j*YFxtyXa=l&GI7H`jK23AjGErbGDV?|ZXzPM?a@luv zR6A`tm^bf!cdYssz!^&GcwaA|;u#;>pgp31nF^b<3jVRx#27Oe-S{}wQU0tP-Vg7YydhEQQ#l#fB<{5|&+ukRJ!I)}_p(H;-mE8T-m{-~B?yl~sFm#G&P zwd>+cc!Z$Goc;Kg`_fcsI9IAz7cBUcE8-kdht~JD1d(jA6Yn<`!o7a^Ozboi*@T#P5O)FrFDY76eL^x)!M9vW~^c^ z>8JK$?nAp{f3QlnN~WPg@EpG*M)IqXB*s!$Qu1uV1g14QH3m96Eh9E!^I3Tz)8sQ~ zWm=gezBWa+{l-6IsT{V~2Pi0v%>@B^q$6_0CEQ%81A@f`l3V6{Bw2eSnR+OS#nB}) zWakCQ8!oo{r=DNj?vY6f5`Sw|eI!ZP#Rdaie@yG(PfZjuPnQ0_jEsDe`)3 zJgvng&@fb?fNPyY#k|p|d(ADH_nNekwg7Z9g zhZ8o>&Z2HlmJNS3y5y8=)OKV@Zn`l zu+f(EIBY#^ABqlvT)|pwvM)Sxs8FxUS(WuC+QDMfNsKzR{Knm_LCp`dNYXpraDeR{ z5V@t8_k#pgL29_!M=><31=TB0>`n|fz1jgVw*J3O(ROU+MP;X*1SdjEC|0KUNJ>7(6IEZC!#zqMUsIQFq7A5mD!I?UO z7MdCERcDo2Uc9h6!iJAb^V9Rf^+(qWOos6WGEyXqr9 ze~WIM5Kk7&B`r37Yg5_OX?7fl&gR$XJB&yY+W0e9stQe>R8_`do|vaBi<-6CWDkvH zO!@&fPolf}uHS_etPat$9KbVvjOGtH&W~z114I#ozXry@CBE|L~ZLHb3E+JO&Ah zOozdAo`#fwUrhetCz2Y#0kpyM1!#ZE>B+AdLquf_`6YUIU%xO;)d%r}$qIq-Jh+z!I z(NR%`6Bx_Zo1S^iRmgL(Q=U{&H&^qLjVn8jkqYY?jGY%%Z5viorzibeyVF35Cvt>m zq}7>28jwL$(%zzx<;`9*KSk7RSdWBFKs}h<{E&;BHJ|Zi`Sa4dI`bg~{EQZ^gvop$ z3ctI8Kx?vcnPZTKW$(RglXhf%pV*zM$IZUjq((BVv0 zkXDb-erG(4mS_$HR941&n}!daaE^5tD!%^ENc}+a`C>AP9Z#e55uoS#3P|bzWYuYt z;m8rSO0fi)wAD9ZT{s);o>!ru-Ux{u7PK9AO}ci?P4!GDwSlKjHlrY^`Nf zq+AmeVpb}PgkcDcX*$X)Ql7BLri#8gicu%Z57>{kLvNY_4N5kF`s>w6Bho z)73;nXU%FIXOks;`(_U!ETy&NMFXr739h=$c2EzOd;LIPUq1X~J&F8TtLhIeLp4II zMxktmzHBvMbwbi;A~aRDw%3>pgG?4Gda?GW(Uq?H6H%wo*Goc97wpx*XQ^Z0F1@#| z4S_yPG`_q1=uD#DaeWtq!3G#V%kZJ)7z5>)u|!`O)<7(U)NjuxC!_0eU!aR8vrn`N z&2!zGwMC~nMJtCB;h6eaM`wF7Op)*$JbJK=nxIe>pEus*Eti1w5_C?ZL{cJ@v(n)` zA#0^xGo4nU8Np4hUfVc&Zm(b~7MUqHWB@hxl#52KT!j1+9>))mGtIT#?pJU8K>~ba zrHHE}=?xgA3o#mBnVb%Dl=3-#?L9Be92t@c6^tGUU3ZSZlsx}pv;0#>=s_b#K|Txq z;I5PGS@eM|jrn;VN4iK=PEx5 zA=^P`#dlwt4B=QSHp&L`QzO;sFmtbdl{fA0)vR|__0^! zSbe3uA7Ydwt%-Dcglv4pG+Q5q^!*gjs<;PX4d4;XQI9-*HC@-eZCVi0LeG!#I)8;ZPtx)}+dqdGi9 z;-RY~bJH8LElI;gt5_OCq#`dNEJJcetkK#g0>#!5Eq_I(R}+hoqMeMXfWT73DmVH4F6cjzrGxO-H$L%?Gfi#kwACG&s= z07{(=o^HcW9jPT$S4)7i5UNpVaVX0~IJ58AbiLJbWTt3j*O*oVeJ&Zo{#g1aZ)rFc z>U4HPOuk~>G3`5XB(IQk^fWsM>6|aCZKgz=8D~dFeq>@%*>Ta4nO|KWQJW6){%wW# zP=1r=^G)W>CPS<5W0S!w+U?%+Arpi#nHU~U=VQ<~0t_YUQzgxWbb3>35y^ZvGwC?R zzZ?$`c!9~1ie^TtwPp%8;QdkVUcq(dGaut9WxA`q_e1>h@$81ATNkPlq%eOW$&s^I z4Xc(JteIp9rl1Z7wx}4fvICjvXBZZv0f2$t-)~1LNGn5_DWmY#dNaad(4$0XZ<)lh z6v`Hbx|@y^a|^>Kfik@wi&y1>8SfpUl*+_OZtR9r6ug|zig5}O1F!BxL}mq{E<;Ey zU=@Vv$%U1LP}pL)=b76OE#E`Of52>R2=+AP^0>z%`6Dvm7WrZe`mp$CetJ{xACAwL zB_tBkYRq0`^rGc!H9*vJ`Dq(Qlw(hT1#cD$FZ1(Zs~Mro;dLIQJe-N$SIq;%G>5_a z))-_f^&G?HC!<1ZgMU zwxjqJEb>3?P4uWJuvSyV$x}qVe7p7&xf?|~|I^d`PQUUq)_7);=X|gGwx;~I2y!eW8b$48LK>xf=GcQeAP*vs zARkOu`D0W?Fsu|xrx!eR8g6j&A{3U7Ml%`0?^vaaL>HL>IZ+Y?qx?>|y{{^^+pf(% zxS<=L%P!|zZhs6>)?Gg*1pf1G%^ztH2I&zm33O(X=}E};z}(ecz*qlDy$-_c?s5eh zzK&wQBl6RdV(fe0uW#x2>B7aV2-A5opQxy)5(ef<)vD|VoJ4dZC3&MK98HHNG?eAj z=FW26>X33B5i5UD z`%)LQM+MtIpmv}UsEJE2)1DLkIG!9GA&NXtg%MzSRz6{y+ zpNHIG(v=shux_%n+E2M1(Uv@>b^NUC~_dI$bV5U~lmfmLRErYn*ClS__W7kQE50qp#-cX+$^T2HO@ zsU(}Dz7hvX=^DnI!1liw=NbiMQKWX0kNHOYz6gdfW7H&gXcDhlZ0bjkyEa8)0(PU{ zirh7$WE-18Wx92W^x;$*frMGw!n}iXeJV}I`LWTTda9$33TCH=rTFdUEQm-7k<;)|sUi=)5LCWbsSuF$R!i^LZXB}odF3r(OgSw~}Sfh4ugYT?agXq9~(#W~tK90pw<=jWun^a48* z<$hBTpjjy2Dl8Gtp!0D}qvofSU?^=SuwY=26mG85;w2NKQL6lata~^u;<)JEk(pOX ztWbi09z)5hwGui-v)#H63b6QI;KZ7+{gUGn~FGEQmp&-0n;sW6KJZQ40c{ zicF`Dmmx!dSq=Vq53<#I(+oN{%y_YUrF)Xb)f+9frwwxdXS$frGjPE(_yK%?pv%4CN42j$)x;OX|) zSCHE5$s-82ZGgd~WqHr0{-s2n{^T-U6M1CAkgqqv&dY#N1 zz&vkY`H++jDi$fumW!$|Tg!`?r7LzAY!Qd{B;A#i=7%>}rO%_w`)8o`Pxk8M3GVd% z{rcwtWSQUYucnb1D@trliu~E47}ltwL_qqxb{Eb7Bh2hUaCQTKoPzgFxqTuRb zWt;Z^XZz82o``~N;by*Vfh-Rf$5ua+JQfl*_Y|%GcX_6;eXC?)f%Ca;fxL2OFy#}4 zr-yKQ5wc>K<N*at(f}KM!>8NtjgD6Zc4)GF{R?%gEzaLSZ(iyh z*5$*Y-&Oh~6E0Mior+#BhZkEaaTH@(?q4ZVh z0%^7zKuWvG0mPQkB=ncAw07K=l!2*WQ$f&f8wxgd5vDA96N6zm(8?$;Bn!_148)=k zVsa{B6A#r(4Y@ic=%C)CrNe_AYT6?67*%EYVk6w=uh<+FIz51rlmMG@B2mi4i!b4a zxM7#dnrQiAhYThq6Sj}3axg`%MxWUok62A&k_IoQ0qzN-KL{cP3`6Vt+^?I(I(H&U zIqa}-oSEgiU*vgfjkZc&rj$_-b^H(5d=#O%Z=C{*-W&4q#!)zLc!`yo{wXuMZ91kT zveSuQQROP=$Sa$!Ft?rq!xRz;6#Q;a{$y!vf81MbaXJ$LG$hBCnJ`?a<4j|RIfC=6 z+FrcQ<ET=r_YgMF1{dJ^Xo`g;}dZ zAy+gs*iDA7-V9)Qie!9sjTSKZaJtr}6&$6duwV12USo@QFYv~!TB1!sr+D-epwvpi z2ME98lvs4eby)Mnjd39cvUN;d^WB(7;8rO;qpcpc+&AUDm>zpPWqLP;e^xU zM`ek1h6j{!{f*G^YK@em_!VwD{r13D)4V1ak_2*P8DUQ?HNm8R2ipJMzo$^2v4+Uj zsJ2S+gRA$U8-VSQ7f_>Sl?^~LA zqH0R=&nvIuG!&Qarx8 zI4UzuDIjQzB#qS-63}Y_N5vW>fo!;5dsc7|8#pO(DN`P%TTsa1vXCrRDs0(30J5PdN+O5@IAFmtf38yY;$29YtbD;WHo3 zdhOG2TBhx2NdjGGzH;&Oz2nvnOh_VKB4f{n0RKj(?@P&NLOJ6lz5cgQS|ZgxLy`w| z&2+iHn$|yICsKGnts|jdpyJ$BvjJ|iWtuIz#q)no0hcSy-v{drNX(`~5VT3v9*9m+ zL>!np+|J5Dzau@yP4{9#iFtl1FN@UtW$CM-RJDKj%)=45+P^BES|%R zHfERw{C8&J1ciC+_i7clBaWIz_X#pXA|qvwTqPlhG6PRf3B{?lGfpqz^J$M>p6+Jb zy4UyG-0$L#RE_SLz76ezsQU&!+=aYlxSSmltMrLkF1d&DC8p1rZeQtnb} z_T_7pq0pQKIX`~a^!movFNfX{)-GpMdStTB^NK= zy^}=p1@Tc_VPQ!Oxh_?tdnd_o_fP!FhL4F4G2+X)6Ag_H5262aqt$)EL@qv`94g63 z*7XYgAFkdqs>-PS_EtbjX#qi+O*aTgh%}q7O?Q__gS03}*M?1Zv*~V-Zt3psmag~q zdH(0T=bX=cUT3B0Nhsc?$ z@Is>y**W5@iuHEf~ZPECyXd;wV zJ@KWH&Q39ck*J!$Z{h2;#R2SMYVA4Fdvkpvs71(Huz?~_rFNOL{!|_?ZHQy}E!2H2 zT(L4O40rtv?!3xy86=?Bu6|ef&GY@3-IvFcj#uhP<4jq!#EJ6vPKAf{blE1SfOKLTx6Dp2W}$CgOaY z)qCA9b-m|Li>*#r4}xAndO@(b9Xo6lZ!^cafhn8O93$_)`^#ErjPkcmjb`Jho!6$& z*%Q@g67dRI zaEQ-jn}x-w+~QQZUzl&TMi`FPh^0Nea6oErCN64%djEq6dxW315 zTdxBk?9;_sKV@KyMmv8};g}P7@?roe!r}Aq?Vokr^XjmjF#I`CVsK`4eXD4!)Z$Xx zWjF`2K>_dXsm_&6Cg!`?)X16KkiyDTnTni}>-+utMXo*e%xBDz6n;OHbCncP{+O0= zi{B|ks`&oRlK)1;|6i;DfC>Yo4&du;)7<5n`FHEmA$-XP7~E<07AXWTwva+S-!>+3 z|I-6OPgM$Zw1#LF4_($iI@ywb4p26-s{rm*M|c4Z@74o zR?n(Xzuws^i7N1#&1%v^bMK9$aqz1s#|9~{iHP{uye_!oVC zx*?5c)&CIlL!Zt7UYV;9L!6ezfR7d{PK}um^&O9dd7wz79ko)6O9;F!e?TGen*&uw zc`5(_$t^&0FhD#lD9n_U@#Q#oZ4*5>cU2oz8B~&|WYd$Yl#?tjs?W_(`U_h<;85&R z4eA5FTGNivpcd8cZBs;DJZr*R+fy&O!uj>|0T7KgyC@xADO7GY`))HL&@T9=eQGpX z{^3h4xU4Vm1z)_%Y=q288RE(v##j`WGii5!$?d9DQuskeboJ?xwga=jN$qnn2r2FH z^bO9;joIP52SMwcDTlcCDQ|>xrvleYm&QM~n%jU_pd|M@lb?s0z)FmIdBx`h3Hm)M z3Mn5W5`9O0SC~jCH;D3)2zoKkTj#J649E$_$8+mnE0DHwkV`sFxFPxq=dkC7PUdHf zi5kFIAFb0YnPT}8wHb-{9+OTW%jweevU--B=9J6q&c4e>VH^~{j z+M7u|ns1@uH3ff#t9s_Ke!`~46Pz5^a}9(>0H3>D`Kkc>%7Mv1!C!vgX=f`P(YD;+ zYxRnO(Azv|#EQzwMwJs51h#?! zL!(2ih=_pJm*R9TZ>@CAw$Y|kc7~G!VN7xD?cJ(A>?2B*)m})i8C*t6Z3|9~T&5Zb zCDhAW?&rgGG@Gp614jmEa}rqwr$)cUL$loQrQ^<@67%qLv2x(XKOcjk{2S>Hrb{>g zc=^LkH8PLgO88OJwNw!q7WrbGjMOUx*B?FAV`^$+#@*}(WnJ|SM{t!iGdf1;LdA5! zhzl-)>%&<%1(WU~iWC;B?2ogiJ|J^;VKcki+?;59d zQ2yV=tQpd5Eq(W76lS91EpE0JjfI@fdu*e$m67JiL;d4EN>G1kdZS^V?m>HIzyf(D zAWPAwEs5Z$ddj!tpA&QLyyOfrwtSKcX3sKn^y2>2U#J3}B6xTM!UR>>1KB6k&LzN-P zcbGN0t1%Ppj9Nw~;+9(6g#{=mYX@hd;$FRIGjVh)jUEN)J&ivVl_ZZ3W@;`Erj73m zeAhc}FOw~uMkw0)CZ@{Rm0U}=`VtW%WhK06lK*COM0u>bApSLnu&4d`JeQJDWumyYiY=|P|w;UZM(>)y&cC^s`6J@B0 z1uYYFf3(~(*gS%IsvBRbnF~H94G7{>ek*FlTWTQ1q#UGIZJJ0mdVMr8_))whndhG5 zXW*MoGv&Z#wzS8uOO1u|qX4O@otq6c?~zL^UT^)n&=V4MXEbGxCxd422jkZO zfJPargMkl$YNbl-#fnc(ihdkUdK73o$qJC2B+NgiRgHXGXFWFXa%jW!{aS&hWAAuSHAW*<~0Nh@PKYfV9F9^#h^nS@% zXC~izH`QjFCZ5CXJ)Z>}AKo&?GWY?`S0iBdc=ypB=<*{e49X|>{u|Bcb2wYEJ72@Z zs@LeRRb@_T(CW22RRqMVFtT!CsT%JMT&`bH8Pnd$Ctd=k`Hw}ae3YaF%oAjBd?p^Z z_Cr5AQLff+qQ$nUzSsd+%|~2{mzP}?ot%hFFVP8^fwgZPRTrF9ee=hR365C4 zt`5BxW+~;*i(JL?*Rv@>D|bKr>-qB|>ELf=esH6Z{WPtyXn)RJ*lbEzUP8Q;D6CXO z)bQf%^ynz&i}^^l+F*uE)cDlQIEBF$Xv>h+nJ1D;JgC1U(EYQZ^1flTEHB19b z+y_Jh!%H8$Cj;-pA1V! zMzRHj^_#WVO1{&f6fd8tfq#o_mjBE5zqR@^3;4W@|_q3A9+Z zf@EhTRrPo;+|Lvjz4w_PXSmHWb6iQf28cdmeApsP4_ytqtnxa`@)aS$FwqgXjAZDc z1%qkMU^!y4RS++;hm^Uh(IPj4O>A6ah& zYL8sK%R=tU(J{1L7L3)C5K_1F4Vd4;Y26R#Ga$>PTUKRkgR)P$bATCq) z+z4YLzeQ+~yJTWgH}z`|yd z%v&tNkv<;c^)CFb#T6Q^7v zrBub^`nW_lZL&m%P>ah#{6f;D!f=mq@#^xmYJBoc*(z4_rUjifAbG{!hi~*oF2EYn zSZ#?n|0Ekkt3;9ty=ZjLROaAjUHDUyJQ?WmBpUD!Jjq2$Ru_UMf3U)hSCpO6`;Wis zzh?>XcB7!hE;q`RywH(ic-19-#*g)%_uMHbs$e|N0isqxm~`^w7^&LbVwlp|S!~pM zsiA9)u5llXn6*t9MXtXUKXJX!HD3?&xkgTZ+9lNJBynN={4rplY%r%OVSJ7>{jFP9 z!~6DxR#sy*^?w_ytG8L^x!750$|olAKi=}izZ-q^NloP<*tpmTbduIa6ei6?_5;0; zS|@-e2MXS&Lr))s-WjCA7>;;v?F{d$v0tAuFF=V^ObjgBACA{WN%7fBp~PD#mNU8 zJe%;lQ4DWC=3sjz@N})ZO006AH&I-a%%z6DBD|hBj!z9CYE;(vy6NlEeq(~7Lt(+z zbd)CtZLx8#j5U=|e*&)rEE1#y)%gOGl8%**p~aB7xk2r({y~)wjoPCtZHi~sFBUXT z#femf@X;6rBc1@rbUV-vtz2)9qpVqc0vm z;(+aVnGK)XhO+l7ynKlz4^o3_;5$rdCI=NE`*90qMcF2H1&VX9YOosAF4->oke*wM zDjUk1X4cE(iZV{&zW>K8{dj@z35Y2hDPfoI)b*Q_=5VRPy+Oe`Ny((m{aV}P`m<0- z;$#O)i>-E}5c#R?=c3&#Aa1CxlR9_$@z56?iyFtb3KBG&%9X6u0F2nA6cv-@n5q29 zXoZp_Gl1&WzQQH9p&EBK=R{F4eqtWWl__q(@gE_219733{6 zMRFg<-LJsPXl+FlQM{n2X|`%kJ4h5saqvS`LR zfrNJM_x(cw$VfjRswgr zT6C97I;WejeHv$6)_)IBWCWZ|bUn{JL`MrXB27FjTY8T#pJ2hS?H2Z@N`4;e@h23C zu>Nd8E&ONdWNdFQ7YmHck{uBmPZRo(1?=blxvjc9kivYvqhLL#>4l?xt!Q0u{BeT+ z4+pt54`1HXxo(v@NdT*!p-j};>g4j=o&0bw(5_08NoP{@Ni<7GuKTLrtFJ7}a;(ZT z?qzIEXJ9;{+ZbV2J@!ML;KzgdM!uk*D(s?{(f!P+5BDfEbs#an7^acNTy5#*jH1t<}NLy*$|2dxc z%|?6&)?9$~CHN>m_uwCi(%gxPq{^a3%p}Hf8Slz4YFb~0jnwgZ?{)z}8N3*$!30J6 zjAnFl5$$%msbzVfm62&xj%eLWV#E$ej{!9cva@l;ctP!+Srej}%A?}c-TwH5cHXDR(3`*3UfhZ-2^2WxO58%R~ zI;-5%dmHd9Xm0jo&1n;7-3<0aT1m*j*eOu|><|dqSRXOuo$5>ya>-fI4A!tMOsM%g((HW%TiXkiqDd%%r0`I;&k3UtVKhPQ4XHqAiSH zM+7y|;I3PDh@;VbkvH5Dx@zx5YQ-^vZ*U_ZBS4O-LGO;SBc0cX7W|_-eK}9o?czZV zytZGMzAiNvhAg$Z6j52sLoMgby_Sxd1hHpY+ror zDY3x@GRKqaZ{e`__f;w_wSv>A6Eu%uZ5D+V{y5jAB})>8Y@Syn*1Ch8s;C9}`rzbg z*|mNf7l5xw`RG8>%#)(j?#aPvA~3?i8S%{b`X%h(?fGI~O85H)r!8c(0zRiL+_BV2 zSBF4St);(0;lgs%8MOF8jUQNo3y^yyk^$Oo0LDNg_=Ci{5@D+H$co|9r%j?!T-mr1 z;Sxn5$rCa?dqvu4+j-ols`)e*j`Obo8e4638&DBUar=jYVTH`~=nf-CK4w1Ua@tm4 zwCGv5DI_rQ^~8VWPeT->ht0>RJn2H$7aA6~^Qe9KS+Evv6-JvexEj+N;t#0Fytbkh zD)_6ksb3zx!68Q`Lk~`zJjMEcq7pLT{G^(JpHoC#t34C>BT@N=Xt#z2K>&nh0{A6l zIBLA_uio)|NuWwqk0olozdng4f_o0rkPCUe)6J>`erUAZ?9NDZvH3>aQ%hxU^fESH z?&J%f{rL@!nw(?wZrzb)g~shwpIdL7eAdm~JFQCdUPO1TR*zfg(4ky7FiXv5e@xB) zKMx~-4#QBmxEMn5V*4Bv03m4a!&aE*i3#KcTlOMdN#2y+y zKsW+qQlv>l(V$f2^hh|WrOZs>QS71SuW4#jv|zH`57Omc*VL4CLS4h2BjMKmT5aV% ziwW1yO^-OghP=NUy2QMgITq}Jdq+-rpXt~ag3FK-BbmF!yd zOd4RnAI1LG4r<#*?1?h-Aoq@z02qhxWUGps%pRKFk}Z!9d+|3Z2zBP?nn==2r4%9o zT_DAAlHtjQ<6Qd+rWnSHDK1(EjL`g;^4 zpqY`eJhMxU`U_P#l*pxehhjMKUI7v~1t^UpVoBS(9I8#VDP% ziKpaQ!f$;Zl+`q$`gDqkaB#@;P--^xPtq;#8x_WuzeGKaI>c%@2hU}!S4Xc&Cyd`4 z?;W?O23~2>fmGbEum;6SI`l=8sz20*1E!cpC>d8#qZL#A{Rb*~{_b&6Nc~CKZ{28-%GIXJA4L<4>jhL#3Rdb2 zA8Jfw25#p{9bJApT${G{AKr3xIWg0bEXMDca0)mg2gy^p6M`sVC&^xPPY#B@)d#cq zfsrJh8>7l4m!an2!&{XKXh-5hE#LMyInBX#tTsn?;k%ztrK%ho+ynnd>-p&an{=-z z;}fhE_1}#9>-X#I3BerWv#frZ8sL?iStY|-)v8nXH5>puj1GQr-)vS%GVTBu0EKPi zn}JXFap5+~XPx^T5aY=?K@4=s&O8Idj#=fK?PR+sd458Vzq@`0zK{48-Kl+l_a-d(#gG+`I+K=o+w=i*fQtJ*adbTAfWp? zTm5_)2Awl8X1$w8^y{Mq4VRAjhHt4Y|L-9sOc5(%0{=pvN`nc}*H8w|sBdLB6bxe- z$UJ51VN3aG#_`N+L@)tQxrWfTM)!=oD276khHpF6PUAM~LXU)$H7X1>Zr&P)pYPv* z=*IJkeS+jf4U1`IVA(qP!d20&_2k$c1Rr*=uMy$~QXpH4u7X~NVO$s9rzE=~?FL zC*K2VK+ZN~ovG}4(I5oq#waj$jO02RB^;G-+d*!a-9p%9=b{i3 zKHfy>`Zue94|zd|G`vMvLpi(#lAuS6q}{3iYNFVxxCyJUM_}8)mrH#p`T7Kj@s1A6P>2f>_3srKX1>DHK zg*aw5VMFxv0>BJ1(zLIXaMdulm27B~a2bw_XwTuHRL+$?I7GpDpdYsZQo1!ksslx$ zxUX>~J>{Y`$Uk}H#G;giB-xrut`q5H#}rr>RujX!tf{J?nv&}o9lCuu(;#(aW3v=y z$hpU3utD^c=1FJ~YSatf-CoMwx$NZIx4#}fqJk9Sm^AdG#|v|YJZIRK6-{~-*?BsP zrN5ml6$Pr$=6THD$?GW9+efqS>CZHttdg;_SO2`q`jErZ!^DqEsrt;Tn9M6Qmne(YA;XplrMA9h7 zfJE2-x-9V2v&a9R2v+H^0vf%mk_<_nlCv7pM)hu-T9oH2h%~hq< z1~PWW?*&h;fCHqzBy8ZGT*irKk1Uszp-VLGleb0gDUMlfrDA0Ghe8 z%@H#mlS;kecr>>>wO+eMl*vNw~FnDCg&SsjDuvsG2&>+)Ucxj z?Q|he%(>>Ogesi|4^rd@_SuI+?vv5~4oTR(*!3(iotD}R+!1>9ZW)a@*PMZADHwFz za&4ZLG6zvEWtEq$GxJ#oE>HotuMO{6jMFW_pWrV@#h-GtMmk-vZoer@JExj5U&wEd536Pco|A zQZ;5|&IONZTygz|r>ySGB4nTj#BKBcY_UdBvHdh2XUBH`$NLoiLcsZl|NA7RNfj%+ zR%t&*@2`yGX$(Dg&w!*8QVv#=f#;I7k@#1M_I&tqye;gdNsm_GI(Mr|=tZ8DH{c3g zb3Q)9Z@0aP?;krR{EQSp??Bw!TT@d6gpH`2NhxMcd@|=3!=-5OxA-+*cqC-Z?Gs$n zNc0K*)I#~<08>bE&{`TMQ$k|}J>K54ZY`zPVO>5$^+o5q{8gV__d!fL*1^valbTR7 z-Y7B7=vj)*9^6*}d!2-AENxjsGeeACRNL#gAho!pF=QwIB9@K%dO}Z^pKwibO3RVL?ItAimMH|cJ9K?~i>co2nf`od_=2|R z`)!p(*uiyS0=HXQ!DXP(#Gx`8yvm0@hG*HIl+T02{bG}oFc+=RoZk6A5j!Z@r!;IuAqpgPgO>SD9Ip-gusGR^WuG9()gc z0$d!aaHm2?*yL+Y-ftu2F{=L!2>M_9r+@k|p33E?|A<>INV5^2(C)B;#TMhrh*Hoc z1az_DCwrar8V_*L&87Y4X-Ll|;=fvQF3!mH<%H}AQ>Opfr?G}-O*Uxjww?%DsbG0C znmH#rWBIzcNl~7N?=JnGlG6?^ddE+PMkAyJ70BjK-90kA*jF)2~8|3w#sM@Q1EDhWqdp5_^_t zTH#Ec)uDAi+MRqUOw}}`@W?0z$Grvmhr@4LV{YbZmu3dS zIhVjI4V_yN+AFO`p+)No_mu^xcel3;_`;>+g7szKm@?0oAIouJ`;2IjphJ2nTtpYf zePAnX?&9Qx7r-Yakw;|(MN-Gjc^eEfl|ge_(1#awt#9=g`DEyPS(nFGui17Dx`V6e zW1zmFEFjKNqb!B~X0$HWjX~-SI5x^Q8Ea3u#b%l@?T?~zM+Xr)5~Eq`LT0HV_KOuF z6n>OR8%w=#&C@k@hcY~lroUwRkQH^k!xFObuSE(FFv(6asluq5P?c`vgsjNBuD_oC1i*B}t< zeF#~LNAh)B*-L#C31OH8QMv_?Q441oX5Oy?cp~wLlsp<+Z8mP6+t&4*5gls7P+=we z-MV+a0uFN@DSr&4PUI^{wl+85bNqdJMBx<4n0)`KgomZ=H(@$&wDfB(4x2xMf^QXH za9Djg*&a^$<-FHy%(;MiF<)i(IfQ`Kbh*v-QPPXo5?nvx;Y3CH-*3wS)o+1vnK(@d z!y6@1Y-&c$yB8-YsF--lDo}=09CnU>b$z^~Qy8Ac=Yo*0Kq7IKlBXq1K6CdbUy-bL z?dQExjz3m&)s|PlqQMb%D+R0+LYl_;+F_qumECfb!buV+IpmB{2?x6(1LeyK4OMXM z8aNKAxqP>V?_S0yw#tVq+T2DOJYLm5nQWU7;_%Q~*DcQIG#@H>*{%Kl4UVAC+n~xH zF2hOO8|!k{K*P?qDtO}ap)+o!>yQe!PXC-%ChCC1@rNJ(&rsfxt7osfrjk3 zD7ul*^Zl?(4uMnC$S1?sy9{M~Z#0Ns4t21k_oiJ*emI>0 z2RW#N6)mH7JC*k3x0PnbJctzc5W^YDyCqsa{wG&L#k4u0+;GUWjXsua&CJ>b8NJ43 zx6{Xrh^Vrvd|CR0ZjG7m0|m*ELhW~AiXAjp+B+n5b#dP5<6a2kdWEHtd>wyY;#R() z86DE9^w%L?>Lw*5{8QA8e|BZ7y?3Oz2U%R9tDH+1c4D&GKnfe9+KymS8xj3>s#kEoX!qn8@RoSBsx%pLd_iM5e0Q?`= zdJJ0oymmOp#Tah8)^B=f0r)~>DxCio;K02($D<17P`w`*@#y1?R*0wGa=SF zTm0G8FM$L`e`JjJT9QTf{ZOHsJTa-T_ZL;xZSSPnmORSo* zn-4mfYGNzMv5tzp2jJ%UEgpj!Zm56L_Qe+9`v&|-w3_L~bCm(ftgMnM#rfZYq2P3( zmS8VpQBnDHp`ZA!4rhzbsoV%xk`y25XLZF@ten;xms;G&y<16xR(irEe?Cu1ti1dj zWW4V^`Lwyg>tP+ddAkH8Clu)9(;{OK`LQh2_JVH9oA&i#5q^bNZbXSwkEpO{i(4ura|xA1wspq+RBkzZbPb21NCt}Jsd^E~*~8&&d6 z^7J3rs$NzC5{x}z9Uf`ZH7qebPa#nLK*MBe+&8y#0Fl)5ujj@kO| zl*~=(A71!hd94AzWAfSFW=7p&C0@L^sFf7#kNvux?{@t{`g^B;j`beFr&jFQr^9_e zUC}EO!D}7uT!dhb>VRsS@r?~>NFnx8+w zs4_W+S(Tx-yh6qZ_NKQ{V7^*gbcqPv)_a_SdTXmi0}fx~>cV4V2?aA^sGk(uU#T5_ zR!bEQXC>IClKwrO#t-32x{<1=Iz+|+?tAcC{lZ4;Ss&nRYRQAZ}3tl=L7rWLoF|r4QhM&BF(}|s(>CIwPxnT@leOV_-efy zbR!g@b#>?$DL_?g+$QpDwz zvN29A@z?d5C=Y+VRr7?vl`vVvTmIUG`&U%4IW*_W5G`|%&UGYNfO@azf$9@ z|4^AD0E1j_mvoH%_Ft90I_R0ordH#GCU3B)5LBGibxV{o?4M61F(udNw9~q`v;)6w zQy{e1QiGZSnb%D$bj;0uTl;3KdBD9n*rb5f#tLKyEs)jC;$-~R`0HZ=19X^D#bvzj z+|eyK5;v=O;5bgDfka6SoDF2OZu}^S8_)4X?DF_o;NhdPh+`|HV6DzrV(>>=4-xw7 zeViMzz_q0y3ggze=15m?@rdeClrJd9^=3*DM}?^F>=bV_*Sl~r6Y1@CclUJZ4RR-k zgJ2HWnz0&i)=L<+9@>1;p>9k#f3k+Oqs_I5;#*DtMOD}GOF4EZ9~rM{PueCNBcnl{ z00PKtF|xo2pQex7Y@y9P*Jnp9Y<4YN!t1gYWjxrWKb{W_rXnX~Odun0n*kLZ&sQJ< zvnpgD6|_FvShZadO@uGk;=dUy8KkEmx_YblmEN~M-IRvWTct%cnnCTO_$x?v@Vy7+ zuZl=qlnU$@D>v-{(7FwIh+yz~LHZv}2WK}~@vp)ov{;?9hvgs=0TY<6o@ zq*sAHWghj(t?~LS`LiyQDekXLvqaRVSR>x?qYmrTz^*HscIOLQnkNFDSu7*DKKiav zaSnKz%tWlL1~}6XrM8X26F}!=SMC#%vu>*tSBEue8HOOa^gpj-=)z!VC|@OGwHGcP zt;e8S1(1rAhUS0SFg7DTNm164;wb-IbM=7BSC`oJs0U+$S0!#pG8TwGH^xAy)w9P5 zrk+**_!qNo2~TX{Fe;hdN3cM&(P$WblSN5WH}YEn`9ywJ)a}A7&TOLefHBzUH}!3w4~Tp}LVeHJW224m z+2VxxMfS&e_6Jc>FgOSWi0Kcc3Rq`lQAt6cSD8<*tsY%hqSvqf7)wy6vN*qfe2h&8 zMtE$qV{MviLPZg0?dLtJ2Cx#xFKUTH(QUYm!> zf)DnQ1&F&EJa>4;^GAXls>LIaC@GNqzhh$~hzg^kzN9n+88UDOwXJEJFo9VA{UGQQ zLS*_={-R<-kC~X4lGEvuWh(8n;5m}48-E518p+&kb!P#JhZaHNp9S2ox zuG#r^D_+=x&^+%S9#BU*scyQQTV2B>l5@sJ#cHS`3S_cI5jR^sBD&(AA`Pfw_nn;- zf{pn|okbYaqeAlHJ);XQw>#Ox4Di2?XiI(!u*R390dLLp&i|xLXk^7E;r;c*-NGMUz0%R+~u19p1hII>>q^)$zC=2@+1W} zLwPAt8Mlx8eES`0H0owJMe}l)#fLZj2<7#d+Q|(|T2)CYy;)7PRevuoRM*uA3M;9z zam%3zunCeKLDmcZpE8x-)tG8v=qO!}qz1|_mX`su8hhWQ^>iV|} zv*X_895*@rIO{4l^F6+FpXKj}fL74njF*qG*vsG2KDTH{5dx87fejbF;m75huU}F| z4War6NIsaOqP~$)X?b?|`^_}_1gHlf=($n;oH0Z9xGK9+*m}Rs#O+Qi#Gg#<$%C6! ziXc#jd3eonJkgZ{STu`dEk@$-O?)26_?%3oqB~wu2dlVm`9*rTh#e4|*|67s>1Ko! zD`B$!)r;!{>_w*zZ6mRW4FgfW|M?K4zYDh`++OMo!c@_@y!6P-2fDWhK9O z8W)8nsl0dgk+@&ijUAXN(`(`ZddS0EY-UCsuR}*`+zhyx_+)EI3UpiI9F_DMOkWC- z-2^1HJcRJ{?ypr5vYPDHt(Z*Qaa(_nvDmqwNGVHiBeuLamyQ&?MbFUe=d>1{JYNUA z!piFd6xyXBV%C9^^{y8@=vyNuS|8LWGDp%Ar*>o!{g?N~legxKsp#pklc$r+4PdMq z%1fSPlZosOS=z2W1Pjczxc~D_|K|e-e?%Z?a{{OSy|U$qzX7IKyA}FE5mZz^Q!xrP z_}luk-B*hbD4prIwBvE6XWPcPG%1wJWEKdxaU1qg~nocmkkWng`uYEJdEdBbmK)t1LUNgfZ zj0EELWu+7eKGP=x3&?#LJA$`wf_|8FJJEGETW&~Af$_8@gSp|+zySDOSVR$ym7*e>nPrp=UJ+DjT(@~&cyJ;=#F3eQ z{FMpA&sS-{b`PQ>r&d`+>9p!ONToJGz^bWcrJ8b~6?V1Rk5?`XTN=?Uhp&V9*Qy!F z(iE>(T}be5ee9Q-ms&jO@@NlwZvsYpKO|(8 z*?om@FU*x^woe|(uO3h-|1K&1_;;gHFyPSZG{$PV0h6IkT%12P*b-qLBv01HgUrNT z7*rPx(1dx^&k>~cKmqmD$()~znhpGF+NTcZPa1zPU@tQq{8eK)THjDXeuj%BEAq8; z!h+HSncPv~Q$#kM!o+XWF3y)_*5W`bMgbNbgo6y!;<}-p5~{)yFYR#-+Eg2^4&Erz zV9jjrz{b5J=xUgtvnuC!Q**#A+*Dg)o8>)@`hVU23$)m;lOPMn8Py8^{+uEdElsJ~ z`+^4M6OOxWe=kIL9I%Gt1ZRZH>m5!>J~I;^BD(G$LKa?K)FKykdL1@(KP4=z=mfv5 zgI4X&y~o)gViqR-Fi3cTa!XG)XxFEF>HGS@S-Hp+LubiX(c4qTn?9-YC7v%<5L6Lj z`&j}rwMcq(u2`jukq7oVw+EiNSMGRiLeh4gBA(9{73Uwp$2FU++d5ewEILuGfRn{* zK1ekZnJ=U=v@m5qM*20oF^?m%JKMzf^`u0hS6F=APPiDdql4L6-lvAb%GZ0HFSOV1 zf-hNX581852kAqt-MN180>yT~WUN`ki*)eh^J8CvRQZ>#YUpT7e@w8r_GEm4=sSl^ z_U*bCu_Nh8y6Ey-vox;X=&-8c`(g5dY4jXNc(@zpR24k0%Wr+oRstQqbFpvIY(oX? zjWHjSB$yBGdC`Jp0SToLiJ(BeL|xCe+4R02ueTzm=LZ(aY$Onx9kW3D8uDo3%+qN9 zB-r|BULdNHDJn5pa?Ls`&%sq<*ey#X00j>P>w>kIw|95Nnb>k8mBsrv^4r@*HoxB~ zp{dLNDY}+Fv$uc{)Kq>u-@|)7qef5x{Wb+M=jJQZj_8$iIZ6BE`AeXBlgw`H6#)ll znX}MZ)|4|yb7~_`&`#Tm*;d=}3WVs7+79oxQX{PT6-rTqf;6Vb#&ewxL>R)d7CARfM=B)D2m4PGU*Yns7MD-@-i z%9a{lwWJZh59Ykp_4@Z#llkv(x{(b;&*8>McI6MnW*)OWCHokazod?hb0uOG%BOet zqaS;O2@LwA)^13UobOH&q0d43WNX{oeuO$tvXwx^LuBy4So$hcdSGXH~cq0r4 z6|^tE9T|#5`q86$DcSAVgNOox#m{N$G4uo;kIzM_r6Ke%SN+J@{h2%c9*m|-CN2>d z?wYV^zEc$fJQYx;#c0ywanSjF5nQS=G$~w@35ICK>kMAuq2>bnB^(!#VPwv+v>ynk z%$75mJj%T+X7I#;`j`MZ3epFd@+3M63Kbf$ljsRTo5(X&XCw+F7>Yy&u*p-6)*N%` zqWnaDz)GHd%3Kni9FIEU4sK9>2ut8KrMW&{`U&Y51Ss8s<(XNIt6Yq(_CviU1QX*) zqH3NAy=RD2X9MVixZ!?fO*J6BML=V2?m0l}N=(I(4b1j`?%Vs&Kb65qAMbGXi0Lx^ z=HRlhyq-jgn?;q5__bR9e`P!rG>umA#zkf`qJvHnPyq0Q$RdaZskq;{iI=5N#==>@ zX(SILUDsAx4?95sw|1n*$=(R1|16VGa=pzGUvoL%x2KuM3_)ViI%Nrz;lsFi)0c^; z(05l$&0ub@p@wueU=LcR3-X+wEl@Lc-3%~XV5XEyPWe{5CiF$j z38R+G*AKf0Xyj_H1k`Gt7#W>Ja=(P>Iu9`y4htvH%(Wb0i_qnbR-TsYYLebe>~?9j z7c6UJQ{yM!S$8X$!v?3;M+MVbVM?yP~Pa0#SnU$7GrKqG1 zMPvWz_nzXQfaA#u&#TuG$ft@wR*Nnhd-5A2wKa~*-JMh-6R~JmO3gO^^{EG$-LieA z`I*9@)3p;BtR$D4+=xtE3R3t(#4Zy;AdD*xXVFO%jkm5m30Fx`Xk0j3?@4sVbWFeG z94wz_Nw8AvWRXCPnVl}8vQ>KAst#@E1(Ziwcs(E=rGckniYC<55JAnzp?o)XOL-&k zq0EgMf;w2$Bc|BcOcV_q-CXp8Oha1O!|+CVQrliDwCF@$n>+5aG^C0Xkz@V?TD5m< z;@Q3-jqU|8ISro|-|a;jtEKgC#q#tBax};pn=`62md5I&>)*+KCF89#SqF6S$eHdV zi>X}o+0=RG7u%!ZdaH<{fC;4m4LR%wWS`%cY1wa`BBM{;pw&9Gij?+dxx^)2YxENM zQ{$^?^Vvu~c&;AX7nt|Y?-a?xgsaIAr-L9BjUKab_{n84egIN>y?5pvv29#z7N>M^ zrJ8To^ z2%MFpC2gd(YYh&`n(dt7;ts`HM%WKYxEf-UXGk@(+dD(F&p2s{b-3DyO(${$_5huf znVn5po3k!g9B!L8fK_=1FqEG!On--Q6EnR#uqrR=*w*Z}7S$`E|8)#e>SD*yH_*X!H%wih}%i7_srHLr*%st2=dU z(?TVFZJ}bo*A5NVvU(bD{hcmcf-}p8R-Lrt?;BB&fOpCGQX!Y^J^fL2L)nq0CFIl1 zp7K%5W?=jqdX{oOKsPSSJ|4L?=g{x(MoWMM*OD>1jDSv0>dH7$xk=9WZI>bBd7aDQ zcuqjtEvelGzUlft0Y_1^SMnt_bus~7!8)4wc6&&5+IemPF!*%731>O5dEBA|FEzt{ zHg>zZVS4Ie3pjP&O!rI^8M!08-47OULzLF2%RgBRzx>ati0!z>ZH|cYMBmB$1VaJ` z@s;E>inln_N2h!S`T~{Re8eUAbK>V5!TK~0hRc1!rAChr2QO-YWVDNgSn4ru>r0rL z`3A*t^k4i(cvdzf&fJTz5y56Y?aXHcSk1X;v@tqEVOKn(%=k=3?*U1R-2FfEt94ij z@WG+!6CHNfDUG&!kLoO^8ubDOm-}=-IO^P1bF}`UM}Irbinp(w=I^*OkICy^;Z*Ad zG!9vyoZOP`=;VEC#pCAlyXG5*Kg6)s8Nu4yI$th1jfuo2UX)(DJV-9Os?BdF>G*}D z)9T(F`h|RX;4MGAle}IX(R8ZuztmyWGl~& z9!h)b59r~mew{t$F}ZWnNg>wTKid?oG`_LYY_Jiajehd(Nt?ld<0dv9=DI{ltyg`E z*6(yQ1Lg5>BRW$uudU2IVT%{+NNxbR0@xT~@39-7Vo)HMg1Dj@cu z7ueZfz6lumsD`_WDCaeA~O z7O7ILtf4iTn(~J7=Y$GbT?p!GqxF*N>fnXX#v@(oj4*9%zo{4)fgUqLZ9@oZYZ4nr2Zt{bZlPjgoX`?+A!?s*>tm@IoF0Wh-lE*F z5}Z7-X@4ssiy!kW z-QpP2o*$aZfcXpofx&1|psiCqg9|Ka_}8HG$&u(_*K<0kJ6fB@a@p{PCe#gv-Yxb~ z7t>=*Gj|$`2*5yO`POGxW9L_8awDKBmClR?dvl~h)Cnw+6Ql{jP^wYBPOB%A4A4?^0<_rO+3m!;IxMHhMtD^^t&Hs& z&FKko?ruJE%E$HxD-6vo>1h?~(dPx0ZJnY3;tjkU8?f6IHGVC#A1>F&vB-{P8a_IkA0>y(rAPDmBDAKtNA zs^UFGLd6TbOOdfls_MT69nEislUVzWFx$%h^d#|mxBd^w`IcZA@5uCd-QX{k|oeSi^g z@TWrIlg6Waw6cO9%)abCu@(LVB(ggrd5z~jIdtUXuk+nU)>v#)U1GCibhkZ&MEWNh z^gDF&`Sz!AQ&+5!(c^EmI#muPCHHT_4f>)5_YEFTmuEFt6O(Gu1&U+@iGUa;QHFH2 z-YjRjC=J(K+c3(_BB(~%00I*Cv)Rtv6}nw zsnGPD)Z~svz+*BQXF|}?Gn-FBNd9^Gj%e;FID^9x$su_O<Kn6F6tQA=jQt$3u;t3D<#aoU^t7*cbT?T?q+*1B7C~ zgi*xyLkt6+4E3#%@m%<=pWlF6-@R2Z(5I(&zcU!8P##^6k3`jy)nRwl*dl9GnPV513kE zXUpRc&2ClA`+{giMWHDwv71E$j#q>nRWNVgMwuLQ1Uj2ezAetA8irJfmF?0t?=99G zNyia%ZMM6!a~M{hQalls51YN7tH6leCj6 zSADGLdL2jrA?vi6LM2NAPP~qUK6KWJ)h!F5EFx-l4CAP}woa){R~1%ASku?N!DvAg zEaS_O zt^iS^(Q3a_rBdzoX>G1>S)l=Q+XN)p;udbR#-M^gXA%9=(^}SvI{XAkxLk#-TpGbN zl6fH{3d2RdMSCr+mv)T8F6x;;N49pl-p%f?8?lhi>%kc%>FvyUVC2&8P&&ukS5_&B z{yQ%hT8GN^thP9QnqR*;YPJ4BS_f-keLN`J%(aiFS?uSyn4HC6nOztT< z1ev`DAFpwECQPn=r6uP*7nHqBex?xTP{ewmwk3>+fL43dYR-vXfqvFDkj<_`+ibYE z4NQQmh$anIq*f{M1*CTjCVwI_-@Tv((n)`}L!&~YP=nLrJq!YoO3M%l0G37>17Aim zG6+a_zjYd+&j1?+6T2yjW{Kt4~!F zmP^zPqpGS(s^RGDoIl;C*0GPow!qCUt*>I>siEOWU29+#{ZIrdPVz01n3C92a?_?F z-PJXM-|M@Vc%witj%qSq6-y_vZH)6TbiNQA!}*RoqiVNlA&>^4OP^;c9UoYGmB^16 z{D8d{T@805LfhqekRJMDwESBZCLFj(Dad8gxb}=r!q7Wc@?)ouS9q3qa9xAf4U&~+bCz$Rmivt| zlo(=CP0uj)tj)ze3ylstGT>NJw@0suK9V}EgC16s!mqUcmglO`X)|u2?u0kP;?&-d z+=t4N!^A!df)$DTz~f}4^}bJE$w`C-22XcLM3P^t-BWAy`da)}{n^ccqH9R*iPM-9 z(FJB)L6esm#Z3p%WTtQx1J@Mu4L-GSV;?8!-?{34keY}`IJF?wk`ypHF@>#8C~7#) zM*ukXfjjL$N)-97!ldfs+@juwd@hi5BSHAq<>%*72`lw^Omr*1jd~u!+l$=~hup`$ z`@J}f4YAlTBj?*)MufKml9%aca2GK5848_KwAr_oi${AW1z2VliXWlI{|?R2yR!RIFT zGESbJB|d2cSOeLB$U%+nzXMVwT!(ag>rF0{7y5t&oeD$iw#Yqv$i=uF9%853F)Lh3BD3Ec`3w7q!d9W(mGzZ=!hrm z`_uE`>rQe8&bBgUX6j9~pUAaoVovKEJz_boc5n6*YA9U4?ifBK(%xR97eRzL&kL23 zN4=EFdJ$e0F&&Z!%4QO7h+jW|gkq9@`X=`xpvxg;op{ZCm?R79W6_v-s?S9jYZ63f zF_~&pbe6*81MQ5Y^rR=xWXe2=%v_QS3~F+F{i!X-#(Bi(mrd<0<9VqD(WTsBF80UsMPIoOCh!r7nL<-rqgQ8WD2$Qlh7qwErS~>)x${O zr5J0`^mZbn+T#(D5rxM`!-*|QGszU52o(SUBY*}W`;6JhQzhe_K}Q4X`DAH*{a++s z9?fB`RvUxmiGOCAM0Tk$zo2g?-1jFrp5~LLy1KeMrOF0cu zk=e#_?Cb{`dEi^45PY~B?f0~nYqn(pZ!?*vuxTbzB4~?{H+;nmFsy?WWF!F;vDhk= zn&LQIt}rd{WdR8)#?2jDcBfk%EQ<4v=5NEt$LoQ0xXt>(~J7nK}r@R#onqNU5 z>#wXL_nKwZuPBI1>M(dDzf;NaC8FVK z6?%i#5_LyLOfL=d0e$*lAolbD^S%4R>OV9cP+k{KyRaV!s*b}yvD=?F=tpomnrU$E zLjWGFzDTJ}nWjHDFTJH<4nS*lzexXqCVxpL5ft!hQa~^j3(cdN*1Uq&9TJdw%pK7| zFpe&|{%k`K_(Ntf46&X@)$ER6WU(ag&UlX>+B>#b1TZH05YwZ-?yv5o5eF>E({`Ux zkDeV7d4=q5`9KUW*&M7R9CBi+cbK`Rd{ho7qf#DdreMnMtMBF(06s8*|Or9xro^x8dJ>7H3PLop_cZ9nWLq}p;;+IDE1 zbZr5NE*-RFpwR0a9Yubwxx4c}QLh;^txenjb0;im2#T9z1*&z6{T_t;xIKu~HVa+S zVk}P;9IiuNkn7cmTceJBd$ldJd1tDnC0?@+lr&{6s#(f1%|G#pQHzuJ*yE)oiFEKD zjC{w}-9M$jj@8(9&z2Lwr`X>AR&QC&IimpfK!~FE$B}AKnJ9F$Lh|P)!cL(=ZWF~OAygc0hxeGD4MqG%mKnWfln(FB zso|BE{+0TD3#D{Pj2!2F}q?hK6e{z863iTeJNwXoGngPBt)bv#`{t`1u#+xbNA zh1pjbs1ioMrAB)LKx#Q?GV2p6(R9K{;DG_qX7u~;aGAomQn|RfZeEvSlN332!fLr^ zs&_lD@2%s_N=MxPR{#ME1;yuu$Tdj)Mv$BgI&QSC^zrDUVyvCi>usT!L*McQ;VK@9 znG7xtsbUP-x}xPRD5}e9;DN!&^bV<~Z;G#ZMV>y(P(&_5q_f)g2IM}=*V$fVlKFc1XUBz)|hZB#}^yqJ%CXVQ9$3R)}r_FRv2rp9ITB_m`-21!t;-rErXU ztr57mx^Kp-GuZ(1_U$g$yK~atNgPm#pN&NTFB}ul3FtX)QTn$v$$6)^R4?Q(4&FF7>y_bAV|r~}X}`8wW#(yi1kuv2ys zlnbjq#jszE93}rn@)LLvJ?@cJj*H-3KZMMVB)6j!O_%%t45P8COT(HQnbiG0<8-a34F3Rng9s~^1m7bu?c7zPl&)i0`XPLy%b=N zT8CC^5y4VC%?QVRy6DsJB{GAy?MJx#O@@c%du(3N>f=eU5V=%s3Nx#7Cy`X@nPgQ{{)GD9C=}^P zRoxa#Rv~phT*$t@y9lIE-XwNkBsqO$R80)}*TVma8N|TFRm?VueK%L(=%1yL<-p-P z)-m3+s;WC()bY~NP6_hm0KSWhi<{z7u#t4~ikg1*z|9l>X1q>(=j1XXKoJwh($J@f zFbXGEnrnB5Wi3;HOw(agyzLmrZ)Tg_9a{x-y6SvACHbhdMPU9S_lPu z@90IE$qfY|>wvsN(wrz#*;vRT7-Df11=ED-%uRxXfDNyLAcD;C-Fvh3JiGi7gfE3H zNH!I+nL?ZAv)>>NXrt&ZPyhS~OO3Jd8cCUNuzx`NZ1md~(1k1>IJcIsO)(RMR){oM zIAE`|n@s2PD(lJgp;1A6PhhNqRxV#d z(qtdX4+hNyU2-Y^bHf%v{D7kr0D^EXH9PBAt3I%nMwL>;65ih5>+M#ot2OHpw_(g7 zyV~t^{aWunoefJZP;aFIZ3>lmA>((3sN36K-oiieN(%i=Jxg#(Wr&7{ZoT}crcSxQ#AXGCvpH!fY58XUjY)`J4M(s?|BO0j37aGx|aibjz9 zg3v_$>3A5A^2ZxopRnTSll-q!n-`}Pqz+vMEq7>nf6x!VyWzn?NskY4C~a+i?)o|1 zUihd_IG^Zo60Tb9V_P`iT(V4^YhndJq)Ty0O$9>vM#EbCcJ(^ zfCg8wS%@{2>6L}G6c~d}+3m10=490XCRYknIEbQ&_{KJ^?o|MUB1cql(j4xxV(eqcF{ZeT*YC!Wcu?08aH4D;@ z_Xe1}yt`AFZ{L0DitP4}V6)~`DpL^dBQQX>&nh1Fkpie8@oeVZ2%z|%zPGa3mBEXzCa5oa-=dPa;Eg zX>hMBDog(YdHU)6z31C!{YkYA_B(Xa?1SD4q{02q!XUj+uNQkbOD-qjdOF-Qfd|$C ztzwa^{a!5)mi0;#VshPMAYi^iUQ{P(@Hau*3S?LvX}HzC;BbD4W?YUO>8}|K^8}Jb zM<1M8m?f4pi@sTr^y4|W+zRoxb^~M!39^5Z<9_jN7$2M7!1s9*QJosKgoQ$Pd;qBr z!x0bHU&f~%D^Nd3xF_r1@aecNO%~&C5kUkg6)50}KJygB@ocyZ%~*~%nL?eGIQ<0% zApY(+ua9g^8cwYVxwo&IQc_Foqgxr9X;I2wqC~(aNbZhoctyq5-gi^iPLvFl@#qVW zHu%JG_Xa9D)(&Ly`*Gc}Hg{HPF_zogeSE2Zg6~MAO1}(+S8s0aeuC#hWgYw}k%v+t z0O|TU_e(R@h{Ug_&Cg!nt|~=kKtJp&a2jem|Bw%o<%&ncOc&3}ea$-bW?mqJs~A$# zuv^_mOl11HoEJ}$=KkdmmP88HJ&u*tu}V7iTR;9UD7uVSu(%6)lYNK@47Q+q@T2$_ zX5s~Ny01;pP!Bi4W}>1g?2c%Uc=WIQ%`M>!@SUAR45$4F7<@6UJMD^A)E<);`b4W`oXp(peIV9N>n4L8l}TW{p+3)1*)) z6U4GT6gp)VU{--LQs|X{4$0t7Y4h~yi7Xpo$W^=J+m{9pv6|I(xZQD4S z+qdLlxIbl^-n*pZD7vDN)1$Xr-#Ase@4D!M4k3Dg^??b2Yx_*D% z$ra;|O=eqAQ&Mm?%jNAz|KCIV+iQ#RL+6Me$4U6VZmdyn+F$%4B`Glzl32t1ty8QU z{S?v`w1wc-xF_>^!tvcU%2p9bMWltlOfxQXk5?5jHO<%yycm^XEUe&WH@oQrl&u^` z37=%-ZU)^r`ZWJ%f7a=g@wU9`SlT%KF9dfWF##scpEXWU!JVoRg8PZsnYTHC11#hE zzgh3TM5Q74kcbeF2CC0jvT5C4{)!?k7N1J$xu;kb*MP=bYA=T_Tq=$v_R27}zRVr} z+0}=5aJJS7^(u;k@MpL-GfrF)xQhUKNJEKuqHJP!i{(14_HS=d_jhU7?d}GZ0o!); zZjq4BL-n~ra&i@)aj+T9Xhu?a$iFLnZQ__f1O6FM%3t8sa_(`5_0woNeR>)>Dq+MJ zG*PKG=J9^_C{;+OM!r%qO0HeEBpP+dqpKa}gSQ)Ea+b)E^K|&8Vf#qux)&0G@iDi_ zd|9^LpDohO(R2<&r!bO@v^NNTsx)cgJY031BO`dgxVamk8m;X-zyXy~7JYYmmf!)I zjcp{Xs;w8>*1P|tgTIC4zZVfo@D&NtAF}p0lm<7!L!q!CQz8s%6@#{TOjN1;5ba*6 zc(oGjlu{fMi_~YD0L#dwJq{sBMe2vM1bdbzCON50u4_KK(;Y{f)>irc?&@zumY@OO z$((zvXwP0GpT6zM3?VC6?)PAy!h`P-3xscrq81roQFHr{3<`z+AwDZ%-txX~C&yY# zZH@;=R3Y2dp+{WcTRECpx@n-GiNJuX5VRX75kXZ5GS?_sey;ps`q7RIPunc)%)iTd#1tr3t-)jcdk; zeH|YzOW|3GCARxm3%)`fCYilIOwh>Z^(u4=T#b7!T9OZrrTOu?y|s`c7)^%nU;`6C zJb&mpc*m9Bl_wIbhOHJ@64twJOfo*rGjdY@^p+}E8$L#;CiY;J6 z^V;p{A*b69*>n5X?L?qJt0fHj7}J_F#jDR1y_KFS>M2_vDb795>k|!?Iu1)l<{`Az z%HVW{ZY)3>Nt57Geuc9z;2N59dh*xH3O=a3B?1sbuuzt@I~T}bkptUZ#=@lWwfuNZ zdK{=OXA?`9EF>g7c}>JOXOSSREZ(D)WUmp*vBrNwMVJDGAvCY6ZK zo>!1%Oc#m@$Kz$V*4eP-@3N0k{Z>igG$; zr!JDG?Bf}^+D}O3}*K=cwZ%xnad4pS`QJ)wWIEk11CbnqW z_rv^k_1Ar%Uq}6j;cZm9Kun`H9q=D5fCQsu0N8}F&y)Rf6Mj!^`wd*r!J!%MS0IV@ z_&uUOJd#k+sK#s-zP(&61kf4p8eWE4ePU07F2p5<4~mAu-phXdiGQ&V0w7B*p)x#^ ztre?r+|eClk+A$j;ZPy)RNzA~G~{WGQOzVK;>?hW;-DlRc^?e9oHbj~e+JhJo^4jW z`F2?$cn4W{rf5wMW`8F9{tI5=6HT+56Fmg#F#SGY*e8GYX~0om+%P};4|J`dw^P;gM>GQoQ{Z@cOsdSysbE8ValNG>Ulm;5h^& zB&6G$HC~z|K7>+Ehc9(Fjjx-1yVMgrARpl78rXy6)5`VIwS*ZROHj+do@H|J?5|d5 z69&q0b8|J=7@a(ozo8=%3&mYh2>$OU*Y9-UZJrbZ=YEFIo4%P3UDWt_&fxuaepU31^jo=S@fqmD zy_2;e)?>4--z}w`4NiRTSIV4BWUaa%(Yw6N(Kc%blHwh-|1GDD@Hbp(NY7xDCZ|1L z&XXyjyvr4nOKp#8n2LabT^Td(Uqs`8Z(3i8S}>p6CETjl4K43o0h>m>Mc9V$yUxks zx6RHcpPNObtP0xN+KdcI0koWdf=DhC%rTuwty*5_0dW4KRA4s?*j`)TxFfF2+5RWn z!&~tuD$~h4?oZKEp#Iyz1B5a>7FEQgsr~KO zP8!{>k5tdVcjtwzkHpXxejQ$BLQGjK3ry-mj55H{fC`R$rBZWXfSR}KHCN>ko@ik9 z{6%=IRF;qC)(~qXox{(S$xGzmI<+ziN6C7*;itMH+1OdzMnaJfIQVIjT(-h&{!0qC zr%>UAd5a>lUr=0!rd=)~N&donOeTZtmOB%&?<@)-Q#>lVKalBc4Up=}&1rCS89Y}J{ zc&K{$*Hu4|%&)6UaJBZ`rUo11$B5iS_<=6F8TvgYGM;$*(4BmR%U^TMyG_YY^pNBlWZ#zmwEs%n^jk@%nYYVOT^(fr0N1;Z0ib6vlWa=jW()^R0CLvnv5Sqx#^yQ zs`F&{DJX9){?G@+QmbZR4C}`N`}lvy+kalnu|hcU8xra(37GEe;;$4-8@@5T$QKER zDNATe6JqhCAG7{RZ*+Af(rstDhJFdcY(11?PlihKd(N-RukpHH`sjt$w!=MX>wQ5q zkyoXu%_ZAQJJCYprvHwcU?+m=t%AQb(lw5#P|^iQxNmTaGXtKYVI%j>McRm>p+W~E zcld!pXAV^8t}P~Q`e>yS0|Vn3c)9NU4JCpi3;NnD&x`W5tTux3#v*f}B9SO(bk<_; z0Ft?Xt}0R&*t+IHmqYELsA;ZJ7W}v zSm*h%{E#8t%jU%sI4CU%f3`nW7)+yH-RH6rN$k%E7$cQDZ#plvd+{l#qd6jBjp6%; zY0w{@>RDTd zU!c?NH!_*lPF2O4@0$j;B)vgME1I?P2HMV!W=C^T*Dln1-qQ%267`NGdRaUdclW(* zHT2W1J;k}j`RL~KA8FPh6$DpZy^?)2fq!$lulHLY?PWe8EOK%l=c9XRH|}=!+KI`P7LnGZJ8$e2?(eUWf zSKjP{oHM?R2)XG42Z<`HZ1V)8bYKltoW}O1jfA!2D!HQvHM1vfpt_=(@*W?4qblEU z&`z2n>oi%4aB(dCEzuYVobeO8<83D}%%NP}k{L8@yV1ZSzr{IX$-D;B#g3mVQE}5Z zshldvaH9>l5uo{+(G`=4&IHs@We*Co*DXZWMdNC+Fd93|R*>mTqav(+%4$~0v?xRo z0pD>hp`)cWjU9L^?0+mp#%kZ)j|2mE97XpkOP$r(>=>J!Z%D7c#NoA~NdsUM-EG)m zZBMX5cLe@g((PF1Z)eKCnydTSm20**aGax4=sF#ugR-8v_sF*c%$x{|ZRS zP2fEcnd~$CP#g^meSO(mzyKMLRs5LR1TN_LKF$;H?%lhtrdsoe#4_ceo^(1o>*rRV z_{?;6&y*Qxk5T=^Zhz#$quIL)2IuE;iIxKN47lc>o~#voH1X~)e-2*s){N6P{qaRH zgGI5ufTdt*sDkG*>7GRGd@QD_i&_((kA8i!nvefrwmZA8y^mRrsfRBA$L^vJk=yp^&v+DnRF6``R3g4EV<0C2DhUkJG4JwPY>DjyI_^A*oQf{ z)>g_3RaUuoKrTJifL0?=uQ5TzA?zQWzwi{E9l+$Qc)>W_-B2S+O|0J z^nB`*R{q(q(l49zoo_~jy^_p%X2R=lP%1$K%5T1XCoE&g%Z=`UTQRoq9y+^uUfv&4 z?4@EkJ?-R4;d94AVot7FhSiE}mqUF;dRTmbVc*8hr{L4mXC9W~hI_6nxi$sm63wbN z=%eY%t{%M4ANiy)(2q(s3(Vs*Uw_^Irh-!==wlde(Lz1gt7xVMjZ8`sKrXb1N)Br6_O4wB_?;D*t?=Vxw=>2a|^Ae2MA<@@>=pdHJYKv+~$&?qD!lFqwZx zwmnT4B56-%4^zyB-X#Z`2%BGg!OjtBue#JAlhmQcmjrowh~{7@cW~gtfaa4 zQNyr%54iFW4tw7CO?R??7~UFXW8f!h1(ZV=Q)!ocCtMoMmX9sWjc8=jDcf-N#K zvc>ZS{YQFjq6x+kcAzl->3KzZd)0m1?zlfg4BIx9@Yxjvb9qucLJ2rxT;ttx4PImq zhJ?;8E;57{Nk;+TWyd0_T7wCEYyPM&wMUrcVvUG$Us)>4ehd2c&hnxb?Om!?o|1S7 z))_74kH-Dfoz>(=o;6#sfCa9|VjWI=>!$`Z_{`1KCkCv=x|6A@Z+|B_D3J0fVzGmG z2u7p)X-kcl*?iK8GVKuYg${b4l93cvVLmbdeUpO@p)NUU-3?b!BqoDU9@z~0+ThkuyI2pCp0?%1$Z~$dkCZAP@^Jjla{Ih&y-Ae4WDEJv%|eP`ms0 znB!STux4YX`@ZsU@88QosQ{KR7iK)p7K4FuQC(A!0E1me(#|KVdK6ks8RI3S=Ef1tJ1e!O~n&zpD6s zz7KBs_{E#6y!dd{TT{PZd|nEIx!Par;PY262!1&q6=&#=1kfh>Cc*X?7)#?G3J;Q6EtUAE~z(%1$|w}HD) zK0ZFT_6KM@9-DoRJb22!57R+uTuV)^AAt1M6?;&>wzigW&un#QQmtq5jN7)g)?~X0bGXnb$V2}Q38@c&>?z|%mYbc0_sYyvFiDMM(tiTl9%f|kS>s$M z-Sta0r8lhYW$zN_Pf__qT<0Bt;yFtx8_FuiFMHt8?w4)|wt=Tki15?n<1e2RC@E4# zb-#C?Lj9FmgaV_~nmrA29xpLJ@4AMAiI-fjewz?gUb(qr{~2eNt^%Ms7X-*pR57Yq zQ~XXVD-D>42eUt-vxzlWtb+`xRa=FJ?WjK7-khQ`n@;0R7b%GxX-vy|Euj$q`q|nre1%IGo0IdF z`uJf2mh!JZ2I2U8mpy<6gjkP+ObTBK?%SJ+pZ#ce>1q&Qe17>zow@1*wNl-GI%42OWAXz<+kn6PoQ zSSO5a1<9ZvAxc`5nMHbT1QZi|&Ww=@SFLU2G5G zPa4{8^w8^Ju+_c7!yHR-d7!?tZ{r!Umgh z&?NBDgTe=6i*+v>&VsfNb&Ld>Ra*`pfxbwtRKu}U!sCVYMyPxXk+{-PmX_Yyp{LpF zByD>gV-j5caJlaT9ERB4zD-p4WM?oei9A(pI26WYEJNMDsF*L4Gx@X*T%UXOF%Mo8`ecgJXc4JMV?R)o2F5u$YmU&NVy@24(` z>}EuPL-Gs(MwbPl!Dr6MJItnQF@54k-MbzyXPf;J-h=7!|3g{saDz0Ij2G%hvYb94 zV%645U5GNI9u|56T-qwzzEDy^gA%;APpx7$C**4wm=Dw>jUiK0ZA~a9Mk5<_bhWxjRQPT+uB!9>N%F^pQ6DBkYXm zZYHhT+=T5(y01LG9WQXjW(i=nA9Pu2a}{i5^nAY41;0Ew6aA4srpMT8|F1Ow3h>S? z*tG1GSPB($B$Hd+s`?9^ekJU%Dx?(08O)Mf$+CB)iKb_9aaSg=ETW^E_H`@g>_2b7 z+RgH+fuOe>#njL|LNp!XTp=sf>MjYR_?-RgGuL)(V13zItZD@0nUMF36T8sOjR7as z3xGJkj(s}9m!)dQN?Z|`1d8HDkusoQJYck0pC@{QfvEw>Ee3l=`saW(yF&}kmsw$x z31VSk+Gv^e_26MMLql(--rxvGwA7(jCsL;rzjIrN4Vp+yn%-TyO2s z1ku_aSLMJ@!wgTFRv)Yn=?2S+4iyI1^Wit;+dZMCO0Hx`@|B&;Ln$9UPBZ59$VH>8 z56J8UrXl%yQn?+IR*-1ZZ-j%nBq_W`WcmimP@7@6lmK&^M#J>FBQFZg>3~nt>(fhvT0PbIfav8b;+i;vtzbQV4 zH)O}Vo^Qeb1fOy6-ZdbrZL!^62vDfx5X^ZfAjB3cjb{xaUd;+io+7|Qx3;!kfx{|J zYXzHG3lu83>#XK2oPK|n&k>WaE;;dk@wRSzlJUCM=T6{~#jAzpLike4;5=gSX?uGy zG?R+MR0Lh^k;7~Y`F{O;o0>rNc!|nmTLM}UjUSC#MUx&~xo5E-md$!aNKC9JstbVs z<*cfc2x3PK$l0}5+Vp!ROqTO#sm4}5w;b_QmYg_F9`a*h-%Oo1iL9R;1SqhT=)fL5 z+ogi}09i|GGO=wio$>pjIJ(YxCgTwG@xIj>OCa3`Q~w!vQbT%eC?#HpZ?i+clbCeE z(P=f|@UQmE@&T&wzbDe60>?gf(gN_1JBNlo^vkAvmu%1@YWBqT%0G1;)!ceVCjdu+ z28ouWghgIawrzb^(AgB+V@PSd!|YOSCGB7}3prnHq!Pb@8C%NbATs2HYs!Hp3LRmv zAB?WIkI`@Z%#HVOb2w&<*Khb>k$dcabE3EReV&997v4$SF=u`TAccyycj|OcPGY~Z z;Qw3|$10kYYqy#VBt;h}QJ(9DlwOMdUru@iH*gXnwB#}M12N7JrvVKO?B5CGfbW}N zp}VKZRpa@+OKGTJVHUzdP_hUy^CzFZWKi6NMdX{80TVCQxF0ojbK0iSz-p_M_15AH z?d+XznqF{eybs)z9$LX3HD=uVy*C-d9vl8}f4}d){QuGQ)p1d#-TQ(FA|fa%3Mwd4 zQc6mLs2~!;&@Ii-4MU@XD5W$*Ne?OAB}hmNH4HE`l0yj$9lx91ca``3?RWq1GmE>! z^W1UHb*^)rb4EuS@`58Lfqu&7pkICF!Vjas$#Jh^@kYYcWV>^A@tRc(KTPNj^pr?k zP5HM}iOp}{zTK1MNWFYDF4^S5E!OYBpsy3`W_xRh=*5;GEE=~|I73Gu^*nvJQL9Fe z`%}DNDOR%3xZRIfRCb`R`MhAu%3zHuv1nhn;`e59_;!=pD!gfYD?vl2kLkdW5z=1I z?n=#<)3TcF$tAeio)ZI$ebz{Fon2*0M>y;r7!Un@ti~-+9a_=L;eV00{UiHp3r)4? z1=j?lAvm8EQ`vyIYW||XJ{Fg*d;`-_0y6@kOg)x@36fqM>(XE{=Cwx7Ovm6c*8$3}dWviG z=Y5)CO@^=QnU4YJ{q?8q?9 zdF0xLN2>Ct``aORMp{06-*{xZx&7F4le{8fI7K>W_{QdpGm~xw)zL`#bqGV?w_G^- z6L9wyLxt!1(q;Ru?Z3G4!9n^zS<}B51KJ+)9psat*AC?YxpHdz)6AuLjJUt7rA5S< zk5c?!`w$FYxn`=z>V%%BSOn)WIOJ_%<6C)Jb?*>;Cdo1}g?o>J zzdkMj?Jk&9(+%(AeJRlUHASE7AjK0oISze!oujwNu6yI$r3KRV3VRs3>vr|Wt4Bxs zw4SjK$5_Y9-&T2v5kSmc3)^$9R}0nX<;b^tp+rho+p_bvv!($g+7(FfL#v4CiKV{e z&@EMB3mGkSe0k$sEg0cD(9W(~apBILJFr-~jvD8X73sH7C+{m*bnf@9x>9vxNoi_K zbAE1peZ7>?BFckE7(^pr>dK}8Fdls@sZti4d;_2wjg~+s#QS3r*N0G+tn1fVH9k=D zSwUa8AI{7%DP|^}J{b4Av-kZob@Ksb!8aYnZ@M{FwRyNB8hDHAZtwO_cW&ZWzT{Fe z1gtGP5RF~Eh&x>Ob3<9&R2;0vudq?0iAa=%O((vXuhyOfy0>n}cL=zF#x?W<2ljme zH%wl~UXxD!tIySLvTO9iMZsIU+euVn4^#^t5PI?l-cp25E-g?*a~nT)vK-H{a0K%k zLns*KlAM-@1BzREEx>#Hc0fL~Zi-$JC=Qz2L2RzUL-?B13 zPQ#A(0*+Wjb)#f(iUy8KLD?v>WhGI&%CTkate3&4pKRu&Wn7Yw z*xMx+qFd+0Ce5dud#1|bBsB@HP_EGzjgrL&AZw2&970zEb7}z{R6ExP6^hJKw(ki? zRXB1zu`o2GA}3cDGgEo(@~v}%+--CIlTVYdl)Eu1&b4`gtU)`eu&g z&tCJJr50nUCbvZ#q(X>@h_JuFoExld@Xqe;7vj-&3I8M1M!ad7h{62!0^>u0ajFor zU#u~7!_BUd%b+HelU=7g=>v_(t)5cASeh+ATrqf4Q6LgP;`39^do0l&leomcw=`MK`I5&v)B}&8%3As#Y^r1!_|)pI(MuaNH@(22P_B-+;YRXL0y9a zV>lPoGvpHbr*FNsT>zC?o7F;u+YIvZ^1^i(|M-GsWG;YzjJ3xrnpa!l?H$Syx+G}p z(Q_YjN^G{4ZYt#|-I?o3Ko#CwR(H45x;fL&ys=gAG5h-Z&j6dq54mW#in9e5dNHDg zT&j!Uj)=Rr8N~DXyTY`d>KAl&@<;8^TRi4K^pnU)cb3hoV-ln|)e08L4&CMLtP(h1 zU+mp=!McL#g1;3Z|&auqr?of9Bn5yCwHZla|DCyM<&Z1BVGD-Q7qjN8^q0 z-SOtO6o2Iy6J!En8i3MlJW|+O`@>ALN|W>W7YhG zXFo*kp6JeJ#5^0874@OEWNZE1L*N_jX^1GH=ni^BPS!lY(NvGtr|=KJF+rnk%BZ z)pptyk8LNv9PeLAkvuY0*G}aoQJ6cfJbzI6Is*eMG5^H;1Ft5ID4@l-BQ}UZ7QW!x zEH!&k#O21y#Biy$TSuyq{E)KkujF_0lFI`sLbrgk-`fh=ar+pArY@snkEY&d1O?o; zh}Y)oeO>K;O_MdE=1A(ci_I{XAnBdm;|4jCSIBR?KZzj@i7xfJA`0}jF8=KJq%DeD zEWyqnww)0Q)c^M8q*DGrVkZ3yT=$|=-lr_IRLGw#Yfa&2G_`qRs zU8$AWCw+Q_EQ@nLJL0#42z{qw4Qy=4FWnyT_qw#CoR{G)3`zx=)KYI$SNBbBbz-9h zUZ+yMpE3|yQ!KO6-dseH1X1xQI`zbz=#ftj_&-j0@B!ZSr#H_Y^8RxJY-PNord?m} z65eV-hcCVp(`TU7?{9M7PF;RN>vVn)0~dw5isji1y!Cx|VIjFcTQyIwBlFYF!Njxhe3F~}7R=1R)D@1nY;^n0GXyI`<-RM%7J3Q-f#fuaoC6K)qt zIjE%=v&9M9KX!pl?WZvI)h@gNVg}VI71_Wa@6=>Qz+{>tdxL3Q^R?!4_C&4tkd5J?(WEx-RJRc`0SQ2Gz?2NlAm}sGpr9cuGzl`rsb< zLn-;mIb5{qic0tr!EzY4dcTugV5W(yS$+2iiKyuJO3y z2eT3dZ67LO-;sL;)3AM`Pupr2u0L2J7`kIu$IV%H9v6RRL~ykl5-;GW7{h5)4KE5j zgMXgZ`>#L5Dz6WEPL#(6YApm8X!U4m@D|rrC3O1+q)9VD7Pa&9Q1Y5|quS#O3YtMI z*KN@1VrTFO$bbLw`JP^SX1;pO2e^?#Lq;OD8Ez$4{4rk8DbuMF%DdLpH%PE0+?$eN z!ZT({wHt&2AOks7c!3x76T zVxNJ`OP5V~9)!Y8t}HsV#Pian%b%^gMj<6&we%6T9nU|!HJA86?Q2qOS$VVE@>s2e zBsBrli66F^=|@Jb-(rn#MnrlOT2v8CO+i_1iZ4mYAqcnaTYdN|ugl|D7(Tgy%+;J8 zUD4g`??amI^c`n}yUQMgeCo%A!(@e9c+@5HGnKWyEQWs~1m=beA9>8xR9M*{GJM+f zhUeN^aAQ@gE?G;ffx8|qdod=C%Z_ZLu+?{m`&;~!SZmaWYwe?pFCaP!&UN*QMYdg- zB3!+P_K4FF$!u~hu>;SL>og1H`u^+!M_Q-w;d-E$3dKV{3irp`9;D8kY;YM&f|wr* zw!i0?f2avq(lCq9x+=K?Tu9;kW>V_;p^Pc3pAXT<&d!Uo<#dfL3+?%o^i^I?PygDV z33q&>cCGZe#G83gW%ja|twidZd5y=ndx{!~vR{4i<>cF!Y)Qx`D!m(8OHj>~#(p%d zJG#)pyTIJZ&XMUHKg2+U98KnnI$TB!%m+s}=!Sh>fjuEn7hpnB&xEjP^1vLT#~fE` zg(AglvdpY~g#baH$2r52Y1r2LK&LSLLljd?mQU7f&}O74uj%rlZt-kX5zRTw}&yBEk)Zb+vDS%WoCfSz^!X?F;>>p)*E%(OFaz| zM3#hYTKx71rG;KfHcUtbJEub{t;g|lS?s}&Y-o4V>uLib-L!@2b`Fs;yi%4Zjxu#! z`MAfISJ{Q#gwuafFbr8T<6@iKlI|BB)$djvh$h`}a2ZQ;B^+Z268y=_QW7K1Y3B z@m0!2&v~j=DRtR;qkmCcyXnfy<&qrV`}c16Y=ChW=N4831u|P2wJpK2A?ICL@)^eWMYCiRQ2TKDA8APLj_9J5m0^6xS6v~k46i0E|; z7Q}M8779jqXHaZNHVbu7-aMku*mx(?@Z?>b}c_P6}h@Uet&iOw{asEqiw^Vg-O)a*5H6jWNH*`NXZlPG$lEC zYE&mpS~*v{u3^-;uu0Zq#z@ekhWO5=Ow5v*p06jEyOk5kH?=P~L>u(lbG#fY?WdUhl{= zme#=@(vTiRZRFc2i%=^_-rJ;3BD&+=TH|NwTQ7Qiz$MJ%@V?Y?zmLHWimrXbAQP+4 zWzI-wU^VDsIV+=$N~&E%XHOpphjcrSa}2OqTB+p4@jJFw%!=+tnC<;6;uy8PKfs9j zd!^pXC#eK2QVr&pWvL)6_-F(@74OO|MKRwMFT_I_4|R;0;6s?t8{YR3^Hn6OE>kb^ z8pb9Jd~{Y)nQNvW!M(lS8XoH%xck{;YiS4uj!j&Z3A#L2=9QV;T#!YVRz(Ddm*@A# z)_KQ6`(<1;U60CSp&VK>BhR48%hUo586{AZ;_`6GDBl{w!(vbJkCB+rzi_Z%C~dhI z!Cc}S#_ZU3&RDu;Bcfz)7b&&PJ+`c_8T8=l|L4%yOX~yC>DhG@aZuk$d^QHRd8~DZ z;!Hb-yiJtH@j;5$)?vy4aKWK3GAFgrNdyd`8u>5uB<0Jm<(qxuMUMEH-f>?K z|CQ`>>oA@XL!m8#)L1yp9k&Bw;bE*Tyt^%~h*(Fvc+H%Yno|vn&bP;uTG@Y0uRh2k zl_u+-ZAtW0@o}$kG+NdWa5^X-i^i2MqAGeTg6~AxIyR<@#$BAvhkobCKD+$c>F)!q z<^yxY&Id@+D3m~zf8Kvmf|v2A>+pJk+)so$A0DF15L5b;AJ;{Ica?xMPK;I@aX2=b z!!MdhDt+6{#AtMs=~q&J=*0}%PlOgLl}lg@uE)U^#(Hn!4cU@GJXg*8HYjYzCKZf@ zEIY){kSfscqKTyyJghgHBQ1;ha9{IPXngJcD2i(6K*(*uEV|>{PFwu@_s-cph>Bp& z7F?~BdX1_6`?}bO>6_p1Bb1-uK(xtCWWpr4Xqxp8tN@>U9{c2t-YHeT zn^Cj(AzeN(tIlav#6R5-p$P4nqSE$i41z8gZga=nr(lV?%E7*obYGjcL?WX-plya0iSE$`k_z{2L#{9bWff{>J2y@fb{qHUPDmvlf^b+6?qY(%73uR_7N(NS2OI&tuQ83F=F{ht{y=w z#Y5jp{FDa|kskfH-;^^|gT&KN$EVMe-@9n&>rxXkDyhFI$bwff?9*n9NkUKXZNXxj z$tU|evvBKT>v0iAG2EJ~TidJ_Kc96oQnk?EZ+Jlguq!#nov{nU<{GWl3K{=_cPA?y z8gcIPzBnTb+;-)Z!J`d*bne4d=H$DLei%tZ!_-o%(PSx;y-5(H@Iz=+@3oszRp(SQ zn0a^Iy(~uCNPMt|rK-8XEB!J~uP^!rBWDZqyZEIMXXlk<#>Ax*(Eb7=KwVvVU=n2G ztEzff*h{LzHhbTD(Qfq+w)5%E1-mPv^d%t5eKNa>n**-Iku5e0*U2|518BFpl>wNZ zP{04%HM_V7W8y#X*T+6X@I`G+AC8gdD<%T zg-wFb;1iPorGYqw4pjz6?am0PRA&@NqJTrC#96{iDxUf3VqV%s&nHvjCs5x-%PmQ+ zv!+(9EaU*;DU zlCr3!jseZ0$G>cgL}wsHj-^|IY2;I#dH-HYLcFk7U)?M00EVfh8pzLJ$*=y_Y!`!- zV<1OSSU|f_ged})VM4n^H5rfjFtQJ`%p}BVS#?@wQb_ z6s+sl_Bh&nWRMbX2fOmagy{_#S^?eAFYZ**ICJeGns>FPd? zYXN6}sa!%r!m+P2mwO430f;ANKC?bRQgR#hKK0mX&`O*@X7n9r9n9_D@MtfewX0hy?fmIxnrZcsdXDgtUb>|6(L4{emT@FM)1F9rW*G1j>GJVe z>ejWB1isIQN*P>mvnshb5Tj)RC~oz&dp9^{#FD|AsdpO4)cyAOistPHf(9RmMR*$Q8S49sEcoJfUt8-vY{)dpV~pXQ9lwA% zlA$gN&{MMJiR3Esjv*eaiautL3BYBOty{du#7)TiDpI7rKKnb+2AiK+QqNE0-3t@D zMf3aMoVq1GtPj@4z5HyC4LiO*MNwV|kZ56n=R>JV{p2C{hI0z_fc zUis#W*&J2sk`hmzIE*^7S&Bg`)@L9*w5Ur{9b|mqC{Xh^l5{3$mzb-Rkx`glzHIyI zcnPy=Xcwdik~WS*X=%#2&};i^n+BX2D}xp7#B!rwEHPzRc}DCaFJsl>O5GL{L-X5O z;|_ft(N%v^ZrerQxJ=f4QKF8f1Og*2q+Ae$rfiA8HO8{*SVpt2b%`2{j`6ryD(^Ak zv>`a9Bp6aIvh1nTQm|j%B3cw;2`@H)c~VXX&)w8Kn49HKcfHo>+{5uh~NFLQS&Wh4+tSwPo z+0OWp=eG68GX9v=kTX+}ymb+OHu2o5{*fzLDsU+8uUMW2FSLEH`JST^wgbhJfi`6W2u;&x1z1`@tZ1Gr$?}ygqm-;ItHN zX^ww3-)dN<@p$#7a<CDzH|@^u-TPXRPMc%K;bm{&f@f`MWMWJq$kxW@|w8MA9S z!zNtxn==tCL;grVE*6IU#iK(arAnn2xB2aqumi{JVdA{4FZ!Te!cDA1-*a2o+)x-x z@lubkeFIAdTcjd=B3Ar)HN<r^myX_Ad>o^)gdrq%yZP_*t4UcdbkPgPddos@pwPM zsd?&fNtgk7W7%odK;WfGs`F@+#P(?A z`ypGAS6|1DOwA!?7F7o^!SAmLF~T2Rek|;R?Sg65yJ>ki%{Ak1Y-5QJTyTt+(Z8TwNDO z=eRJVMDU`T84w<|e zWwJj6tJ|{8wgooNB0*?+BTKsBnf(#-;BD=@<2&}W&y@}o4di%9AqH`{>E&EH(5;VG>zh^(CKkZq5Z%yxy zYb;lJVX2tdqfGEp0ky$)Z&b6DaZOpkEwUAsW&D;FGoRFKdCg|x>*S(FvM^?gl zA&=oj(=SK8yWZ+%@09L%Ij_{MtW4K6c#T@NK2f+*I7-V92DiB> znp$Uk#l${Ph4}NwdzUk3#Lm2UDy}r@-ETMZBU=)wv*<9VeUpKfhx{HzzuMdnmZcPQ zig59MeqHfWOJcF}swnRnPWFfE7PKkUg9`)}!}XH#NvWjuLYOYn4-R{L?cja!MMfQq zI!S*9lJss8Xuyb+_6QxDaj$(@Ej2U9E`R_?7SC6{XcpV0P8X`>^VV0H0vjTO2p}%F zefpJpWoRpC9J=`QjybfhRI=>2dweB5{rCTvC7%w~ua4O3HS6n!Y&$!2CmWP|PVkj>JC?^`2lBvUAq@=nTxtF#dNi2Y7RInxBrj@vR#BD^1sZ$r8bWGX zGwLV*Sz4a^N$|mk*b$F&5A``UH<2EUNq+S|eRGQNp)zM(J-|J7_YJ*?k zNooFO>dGu5?9SbQ(j@W9D=td~E!>WaN`mP;<^%H?iJrY%%a}gYjhh#LpRY6c%=Don zRjXaj2Yu^@o8g`D-c#;w1^>t4XC|khNC5y_?&NR-e#K$0Bg#%WTe)vqUI=l*&4Ri0 zZtI^ueS!g9`acjXm#ZPGGnVhf5-5I`jyNyX8CS;;ckMrqU?}dRR`;<)98XUCMSB0m zt#(eYBlpD1aI$j=eETBQ{}nI&S>XTvM0?pMf+dp0eUm9ycNT>% zAGlIGZ4fbOC9>|cnh9!rIzBRY>zpNE;5HqUdgFHyvdog_P=sKxllnW#|7)uZ&*0TX zE6vTO)Dz0Sg6hdFB%?|#F`G!y<2bHJP)(2kkvw;531h_T!y+2&*=Ju`0gLm$n|S-7|BtF!rGOF1^NaCmKonaXeW1RuPCFf$XK|!`v;yqd$xehukCNW%wf7ZRyR5U zqE9Hoy6y-%P#go7mSf7lgt= z=ZoD5^bgr{2+u`}y-!l2Y2K_VG)J@7?9RgHF0N%|=SiakyLhd~a(dHVW`jH}NCSiu zUc8aSQFoxo@G8Rh&#nHyJ^`z+#n0u?m4Hhh+ZmUMVa-gBek+xW8A--_rh2U^wc8b<(%4pe)g0ZD?qsVaRdO61g% zKg9Rs8)vSEuXcTmqVh=C_O|#t+xS23mG(CAEsuA^HUT*K)Y>nGC^hY?e$eSwMfF=&D>$R|$oxg=3Go)v}4sweh%G%$*KQEgo zqRlsA^9CFx1jxp;%B+f=;w@AA7l!tyY>=U{7 z<_1y}(~%4cz{z%sotKBxZVNiigH!goLa+nk3G5Qsx-mliG1oc3l@z60mf6ingUIeF z&}k_EtjrAQ zZ{(&0{ScTsue#*AcIt5khodQ^Bk;>Ot43xI z08{{?I29oV@;u({ZDCgl(s@;0z49Y_^mXnB+3zp+X*ySEnBETzBd9DbDYSln7y#^| z0ayHW4xJINFq!%V-*Y5gi0!;g-MZRsXmb0k3tHPb-m31<$#K5B!I&#v*sb)oW@ju9 z#i(d4A+W1Xwq$gI`}&J(%!*C98?4cS z%Q~(z*Oc?L)VYj1)|58>6~_Lz!wda@Pju;4x1ih6{$)h32boYNP;uB;qCc#i z{l~?%Y5U+ynfv|Bj;b%oCFT!_Y&kx+W(QZ_bTy?lAn%Az~z%O2US z)GX!f3Os~nsl`CQs?I=^u6tf|^bO2_R!hxva8-X_+vnKEwjAj{u%H!&?->P+-wyG) zNpNm})dMJJpbW+kV*5F{vcyV9>|%o3iY>Z^vbXn}AQLLEO;j&Qrv}E0!4{kKDWytX zUVV*)Th}T8u^adSLn2J&kHH|9vh?}s=_0*s+avm~ug-i|FAu}6S*kSoIwd|vvaAAa zn=ObgaRYI2UTr19*LUj4IZ&ztLh5PK&V<9r_MOA>qYWM+dtQeW^{K z-?uar?<9)nkswS18#W%#SzoQPyFSxrlIW2RB5nGe-cg4>**Oagctd{20OhC8pYL%4 zp^3ilO&Jd=!tz4rRUM$7{gL75;!^Gw6^kS^p=V<|c%w*im1#m$X#e%>q(4n*1L!B{ zxG_}gx?v2WIvGr<d36v- zA7g(Fb9?;SHTe(_P+-7~hOU-xSUE0leFf;wa+H|yJPyzksKG~*0`8C5A3=CcLz60r2`CuT+9^z4{jsFX?4ctBPj0d^Ij;X~6LA6A$R3aF(K!g^_=gykB-f2u z5%^U5(n23?!nLrr{;E_%U^O}8`R&s&9#T@R{Niyd&rR;;vIWzKt_a^cftx16wGk(% zo8Yor6tIul+v8q!&e#5rgvdYk{IBPELH>}~XDnu;bj*F)>qBsGsT=S;nwC~IvhrIC z*+Q=Cg8~#ed&_0xrkk0U_x4xoM(MO%jc(%>F!GLAR1uecCG}}e!2$m$zhqY1f(nJP0prxoq7`qAr_A6HQ!DFjjwv*C&!z!?+0TEP{UwMqQWmq zFQfAl1wDNETPfs)zCck~ySI>T^k8@2oM^BYg{ujoI)VOhsYnDPx;IZJ8^ifMBly}W zJAWWD_ju^$!#`H$4`2qLyzuOEof=v;c+93;TtAb<+?PV@pcT&&T~YyUYnIqE;yFel zj}O9{-v$lPzL56EoYy zZt`efeoSQG@4)A`#|Aqr_WauW45D?y>+A9GL`?XA0p=+Y9AU2#NRj9_*I z<9tN&ox&Jol`>!5O|0zK83Hf@c~|isB#U@<34}HBb+2E){*fqJCm+8pt)Ussd>ims zGs5>l0M%r2=*}W8E)K)ymKlmnxcmS#Ah+$*Q{)5WpSyB?zIa1)^>gP2ackA*)4=!C zLuGn1ZY&H^HiA%!mv6%iN5#{REoect63g(Qjb(=_4E%KxcVk6jMdfE<`ON1oTz%yq z91k)lE#Y(~a+)oF5FQ>upqL$3nsH{55^_{CA!>x{ySK@qz7U*mJ>fG@5Jo&u{!tXW zWI_=NI27hq-c|(35)=$hRQF~Lx zH?)wcGJP;T#)^+8uBx5Am{sko7^sxBuX@yXxB6hcePxq)g|O~jap`$dQXKUskOQx^ zU%Zk%KT=VIyh;v;I*mfZ7y4EIO@{y3i&LLKzNN}(xgTzQAWtH4)Y|E;k@@Pi26Ddk36P|W7c{fyXFOEA z!xw4ZSAa}%Jg`j3hZmw37CUbnCfI$yrs{G%3}@l{xXKYbTeO-a{zfT7?sj73j!N(F zH+QB-&RwoiKMBHOEf4^8Zm&EC54Ns;+6VfCUzG}4%4X&l*?aOoEX!a2O8dwM#3GA_ z+hZsoTdatYx1afuHeflN>6}>m1J0Mf{H?=#w=?1+Udb+fOM?XlV{psR#RyfM1xU*uye>9yZ7rVZN!QcM zsnVU5b)<3pr(DB7FJJ#*2GCm>aK7V7W073Nv@F=>Qraw=MtO|9vjB0_(e~cOlgw0% zm$iWTs%VwwZ+ zaDr`KD@syQTC;uc-=Bre#q-DVPxCl8_r&qrXDMTO7ncnoKsTs+B}B&l_ga9A-h^mh z>fD~$6I_70VXOPW3Go@fcr@m=imQ+U+BOUpBzX#*T^zx{B{Jd7(9T&i&dgZgzb%W9 zAhA^DA)y1#J&)Chnrtlhi;fq@G+~o{RTpVQw2ZTMh26FQonPYwdkg+kbZr5jhpyXl z32gEmr4j&4&Sk(!LP21>Qt7$@%5K6aCZGZ@NJx+qU<#~hkV!}MBtj8r&WfFuH7p0e ziq{<&vzrmN>ySR%x!(;; zczwmC(Juy!!o3>`?*!0hvX8ieK(U2n>_g8uZC*!!e4w_SB~%Yhzse-j{yC>-@O{oV z?LA8)jQuOtp(3Ynh!u3U5?*hm;}p*ro9X@{5i8_c=;4BHDYM}80F(5zjedmx8nPJ6 z;n1#B0!}vGBL^^vJv}`lmbFKF<}s4)^qic%ghsL6N)*x1A3({+V=?$Jah8HX<`qz> zdn|sg{5*U;;a9Xb2H5Rk*8BvS6QUIbHg=>VKSX#dI>S{AX{_-c1j1Sj^=LsCzNC1w zx4#WV=)$=ZBpI{EaS)DN<~k=(v-Y~@zeHxgQP!^u(dNagHT%J!o;opI)`4HYIT4^a7b6f_Wfr!S#qS0Yf)`pH7{{8U zJ?sfVL29>2;6rG)4q#e02z$F?lJ$V6nKOJwnkp(!-Iw1+3oR_!S{cQt)B(7%2TG2F zWt9+$^s;c?PHp*scl}>?fT;eY+t5{@|BkV=E}tX>VZt*IPDTY1;~|)T{pch5=XFC} z|4K~g(b#vbegc`6^&U1&E^QVv~x z%)S4L9RGGNhR^WqJ=}JYqGlkx01?mUNGrKu& z%5*9b23#w$uJb&!U_gR?9)sQx3N15VDL%_#!|^pZVvff3=jE9C{-zHL*w#?Jr^hFHQ7tGYsh>(`^PyH7&%ffI(EMb$4|YrDWF{%n)Yz$9tXt z21>vf$jR{rY;tlo{|Wz2t%g`!{hlM1+iZ&9a0ws>&csM|ZH?`*V{d^m+mn1UJMOs1 zIp4UBr(LAO(H7EiF|usT34WqV130$Xu~q)}a-V1!LPxM!G3-n{B77TuLJ0BC20)Jh zQdHJeB=^_2Yo}q0wZ}(p$mA1VS@>5I#me4y9jUB$Z9A1Nzw|wJXQK8%`0v<8AC(D2 z^}MgP^+V#P|A>SQg?;)2mhF3oo)RF)&YynG-v%v4PS2lg7$4boj zK)i$RE79X6t`iUoBAL=IE&tlA7ZjwoxSL*ZD?Mt|j*`O@sr-#$$))_no}lFo4i(b~ zskU!~2R{1x^2#|G<9>sdU^Adt>e4p<@?r#jT5j?;xzt6uppN$CI#na}+mf`7;7f+w zLAB6yqML|0hOq6k7NDmAD)~E)+-zUN1BK+b=iUbd^ne}A_^LoxGM8U>qL?r($uECW zv%d+c*~1wbH>LjGs`Ioqckz$V(6gQ4KLmS76y(3v&Nkwo=Jp7Bb?P_hYfSF@jP=Z! zA%EYsQ>PawI@t6Ili3gUSU}QD5x5kL#~VLVl-GnF0N1Ea_e#6(7Z@d=(YzKrqoh(G zrI!rQ?iaXbNvThc6%p&HrwNt8JC;F+;~A5Ka>JO3CBM^71i=y7t#ldTWf=TlzxbC;U z74q6ERl0ZY-la6@zV+wTX(1%htcbA~MOh)J_ag*&9>_7&#_pfr1|H1N#z*PBwCp=} zuE(5>|F&6DFMW8-Rm=}w8kE3r5BR!^WnwsCYhSFOn7kVJuESjL?O1+;N`Q=BfkdoR z>xtxH|I%#~=%EwAWztnFL>e6Q`~5@3&rQM2dPQGmQG`+1+-2g?dqDMX2KCfp{ zcKDiQ7Cps?e4s+FvpFk!BAWx%sG8bU!a3dDuiUA@IqYVYD>I@^bcW| zUx`uM+!UqX-#Onr_R0KLw>Tk$f0F0aEE?;_Sa&KqI22pPfc|%*FwFAeXj$U=}E1Z3JXFI>-16YCVzWmZ?O;OcXT1LKQOYs zijbf5Nff7S<0(Xc>Z!r=<5N6#f2>I3xmKGl6O(%472=;1nxKJNA>RiGI!t?#OIN}{ z^^&0iDUGo7<;$0?=5W;9{XiS5oC_nxSJb|C{m*wRO4AN-Jcy7%fV7V2sq;b`nhs2m zV;sjI#Pc!Y{}J}pVNq}2*NT9ID58iUrGN+sC@DRHw1h*qLC7G|U5+3q(jn5)3@P0q zASpe7ba!{dd&YZ};d}i(??3mMXYkH^=A3p;UOEno1G@+9cF*nP1Zuq`HJzR;C)wC9I~23mmi1T2?~lp-bIKrdI5jmj zGXT1^z>pC)Y>lcIfOIlt6heVNQ5v-09E5Z#RUE`-y{OvkH!;$~P?TZN$WNo3>y`oe zvVy6p#N34d?USFGU3w-InsbnO<_y}(=*q&80GnyJGkTd_?am#vznqw}<^>exYX1Am zJ>#D%C1548p3?~&NL(5mNXfhMlI)d77MO=z#;*tRpDhhkG3t4ZIT6JV^(YohTZoCt z_n|`j+<13Ln$8~b3#}%UP5}lhy|n?j<0pS-xHYn^RwqmBe~Y3M7w!F%e?g))@-ODe ztd;!}R5qoyxK>N%nZ*MR(I8^8MK2BINoTf3#B2{csDQe|ItbwMN#b+E#znF51EN`;LWU**sQpCPMJP&*6uS!DqA3_Jgz&Xdyjb zPjw#buBSSA_{?qYj5h*e7KIXU#(;NXEECPE1jsAdRxz^5$ne*%6W{A*29<-j1fd!^wV}Z~FS=C!-u5e$hEr*J$3qy1RPXU)|yeo}9=p$eycK zx7#=X3{zaBbOVJIgM2*Kz#gQVPW(VRO$JaRU&<^i0N=v8OW&cIqo6Uwr~!>V%l3gP z=_E@sUBx=c?8K%Ub-MEqL2|q~_8#qlsQuhARtIN8+^a|1(BJ+YA3{|}>OnWQ9+xBX z!4VyO+eWfLCm=ZG6;6>6P_jJ&_sQqO6K^xkspvSzd~K&89>vVEmnz#M0H_rN6b<2T z6ffbSVaW)Vk!S|aI~pS%U~x>D)X}!-O{M6y2a7hPw2s}Y{p$;i4-p2;swZyq#M?*+ zoW1gLZ&O8w5s(K(A3Z8OpE6vD8Fo=QZ;tcT7ekQ!f4ZxkhKk)U>Mq)4LjmHU{Z&Zs1opWB2j`ThwS&U|Kphd*clF_lCRBjx+Mpm*kyz? z#gK_s1o+#@83uKKCfj}}G!cNs$n@|&o0()kKfg0R66kIeDmyap7y(bZG-jO=pu%{ z^3{J{MTn1#e8VZ*Zy}e7-b#`CGV9Gfm z`+I+~upXPvimy-4CuF_Qdn+q*9}YkaPN6F=)oZcCqWJBgI*v!7RbswKKms2O%ozR> zgMEQK4G>r_`^}|%{qvis{gg3urDT}wd_JOo%Ph1~XoW-TV!*?b!saB>=;FZv(}fw8 z&iYa&oIAf&GOd{D?1XY+c`!bBqU;+O0Dzr$j`+MOd4z$r1Wmgy04~AY2YQG8Gs;)$ z(Krea>U1pGebEGcd_4X@q2-sIdtKu@=(|Dq6*59))zX>ZQUmj}w2vCkI(3@G?Lyk>p1!GvkKH(xhASG`TWXE1US2bItpU%(6`Cw&9DK*WueAQbn5f({~uz1 z`DdY-YvSXmWRnWDct925OS>iNIhWzE^rXO}jRK9?U$}?6x`u#1a$MH+RJUFKnXsV#|$$U)rZ(f$@ z+E1W`)sE&7S+3a50JII`YM}B;F)p#58%&A@O?snwz=qA#FWYq=vOTl{%JgViBrTrj=0_>IJDayk3CS`3I33{4p*oev=LpZnBTQN@ zpX}_(s}@$m%VrRZsUO{dQjHR3_5TD~gVn@v&X+6lC`MSfsMygwW_o!N15iiQd>GGX zp{0G)qiqw3I@BPsX1bwc8%Y(OezFjTw@h2C`e+{|0NIX=Hrqu{^sO?a8{zJBD{A-s zYf1@$V1P`Z{lIRW!+Agz&^v3Eu3Wtu4-lT8kWS!1z<$ARn zChy63>Z=i0aEcPH1c5|^7}}HE90|FjB>7&F_#wh@)zb{U&p?PH0m6=mM9yVlGQS(% zCo6LD3aVYHD|)#0v6UDIuz<>W;2bh@7y^_K(Dc5%pk`coZy%p-RL2{T>iSByO(F#Y z^;5QpRg&cZH~wdG)?;cW^sU-pB%BXnr!zhSC!I;UwHAu*$3efQ#Ug-*_}JxWxR0w}({ynzCniQyWCD}K)aHBj|! z-Ba|Q!>kN-cs7`WF}tYrjQ`{~0S|Wz2nI$NaJfh5Y!8q#?B86oPSEB*xg&&H1P|y1 zW_1OebOLWbZUb{{7kMzj%-=Ah%uc_UYNfpn>B!}j>{$S`?mb=F4+A+jid~eCkB0|c zpJIMh!lu{MXH7~3e|Un+>8b%WPBQWfkY4Hc>R`)~|Jg?Hz2xxDJ121&?Uf%t{E95$ zToV4ZneQv@o?Zt%*3U8IZ*aoWQ0;%fJmzZKsQGYZZzB*34;1Vk7b(myb$@v#0`ewB zPNS{>T=@j_Pix0Kcn%GA`>eQn@j+Z!pBD-GL!4|S`YUQBOkf#cGRj8|7!v2O%)nPR zI@CHzd9e?LT#)H>)nJG9S%16+L)Md^q{IgOU2KbcsfIa;nDL2?OplUI)}MiyaQJax zmUHk!$iW0)=V$F)Lc-WR*X<^=G5Gpg&JbJ&*JG43Y|5 zY4H+>eAlU53gL->qXYGg0{2ygYg{EKe>ES%vnb}hVXPAKT=W+)sce%gNlT&|KK}S5 zvav;0zSC5oyTjRe$ZINm@}&RgD@kJ29Q(XlAG;?^Drxedh#4%?ZGaXZAD!!B(-c!XLWq;(%jHKrTiBAVt~ElKa*qr*%3c&%mYB7Q5Xqz#*va? z&Ac`KC-ng954XVN?~JqK(v^niCMHdWyKpj4ec>M;L2rTmK3dckxCdE=fv5~2vtkbl zFt)7;REL^xxmX%C_zgthzGCki+`l^Zg)2rC);1_fQOP1($VCIR*+-#Rj+s%7?$LV& zQUp@M@rFcU`ufT(rvz)+o5=G*3z^9%E&Myhf^oSvql}}01digRLkk|C1tqm=%krV$hwKMP_;`f_P8&`td z9t&Y6BrX^|G(k5HzZQU7$V{^mR-b?ze>RdOpb|8vlkBKkx^_Zp=Vsbzwvr#Vl*R+m zUXS0iYQRyq)3abH7Z($QE$uJE#@tqaO;#WwCr_JV&S-CYCWm;{Yo0$SO2*}ZhUHUt zVS#fTxm^OM0>`K_{pG1jkVJ!;_?86g#5v@5K_?#%^z7x|2lwN}00ka$I@&4a>ytRk zm635haO)Lx---6d9bb1--4OKg;MolUs7sT&wIsJa1IRz zB&>gmv8p8m@Fi@A%cLy-wThE6<)2rOzF$yVzsWU2||&wfCFSlvf`mA{DPC zIsADaY-0UajHJnZT*mN#6{jQ+&%-C-XVq?^_TlVt__NG(BiUMZWsBd zu6Pd!GSXGTbZVoo9u^_$A?#MEt@WA+vt z=u7mEwNjVi{B|O&6+4Iqe$!sf>K4x{ib`B+x>j&BODTUl* z(Df5^`V0o*)>HlKD=ZHs>nX2Jl+m0f*+T4z0KMxHU+;pG-K?RT*I%7H4bDPeo-`O_ z+f%aq;|T!GDa@C^CCT%~#$AAI^~;wW7FnfgJMHQ@fkBo9T0@Sz$P6GCU+mEVAY?O6 zQq%PlUr$&_4QCI;Ds4|7i2WxUbZVfk)L0Y&V;o|#4f`YrST_#TKiGv_86 z0=HfQ%2p2n_fR|-S%$D(9c!G@b?(bC@I}=}IYS50fY9)&gbMy z5N-W_I+LplC;s;hWRDoYd}q4`z7o%eVBNWc+oK4wZD$=LF|<|{%^ zx-KUBZRI=KOScqY$~y$3X#jQYiBqk!db)&HOWsDgAafJ2q&}4opU`#~K42t*Um1^HM z-8}9sxpWVK;Pe`&l4gDTMrv6?|5%u}yoZ-2FJCfglbFJJ37S)TyPrYYIkj)cHz9or{E$160FpYDbhz241si8t7O z9eY-psSs#2Z`&gz$R=ogrV_`!%Cl?Z6O!g&X)Gui6cPgL<@g!A!?}XN zh`R83Kx6^8rp+@|@V!kn?9|53aNbz03jkDy2PN3DXgUi>8vf1>Mz9nD3?g`NO1$Wn zQmG`@!TFFnAS1@}TPfN?{+olqZEt-wS=J`K@A%nqdl9F|ayGzDNiy(ua2ThNMw1pWch7{5Vhf&|1OK`4w zeVDs&D)YdpNvl*cJ66-im_GKhOB)T>Y8qzX^%yIXFlO8-N%*UM^ER*2$O*!VGHsTv(?v-qpJ= zS*U<-6>}1TVmluOQ)tQr-SJmUQ&dwgFsAR#HsG!s98r9QhJKIaU&h&vhgKih?$O2| z`=^Yn-l2C)-r(5^3i(S-8vg|lcT27;vY6Hdm#ub`8IgcF;qRS@FA47WaTpIlJxN$^ z0!@H9xOy#grP_A3r=TE0(5a8y09!>mn2QlX_N@z}=WXiN*%>sqYkC9MwnC`uz_2i> z<5DoxB#s+11P#D~I9^-XJbOn_hqVXIkN-AWYC=x9bO=iWtI#p67OzbZP+neldGENW zu?`qAO-TedBqtk{XrEQNnQtwqh4SioZp?IxqO^Zh2QeNWrPn{DKhohWltOnC@OcbH zsj}A(Pt|#ZE7FxaB0_)DC_`{?HH*wek9H1iW(TrdUkzq|zZj2_+6*0!h}f+mlIWhq zJ~Ce&6Afi|_+&YYd;;`fCcaG22|+_-;RnTJ)rJch?rjO|N@zjzx#$~kbgF(xqPr4m zK^#>j_B5k*@w|5Q_kTMUVG+o2MdbI7B$7QW6nb4L!9eSh}3Ag2XZw)QWI{)=qA-^MWNPW$BSWZyKPO=I3FWkK2d*ZVF&GsXJJQtfB_nxd z-fQ0PL?a(lzsAb2FHi0|9`b?F1d%B*)Sj}LdVE_!zRTtWyL^pUe{AKq{XiVS-A*nQ zUe^U5yI&xs1@ygptlZ!*0p%94VgC|)Lllh%sRXzLE!9zAgbC$wK&-y2#%5Ovt|ja( zP9Lz^9-J!NS^B<-_ML<{@Rii1I5$y&Kt?y{;Q!b#|FsoIYa$^*zV9!HS%mah5!w4#fBpu(_kI4G?JU9| zE^jV|^MA_plg$$r9swWE2EhB-&Qy;GKog3{5oF7)p`lB#3eR7IWSwt@%z;+iM8Ang z)0fQiC@xd8+3x_>zZESBdUm++?llw!0lydi48}KFLdvBm@702*PhLA;@Ls!5`u>m0 zMJ2bG32(S3Qgn3NP9Egs)m!NiaG~Pbc>ITsG7SDL=Vs# zR62WjY;+A!%q{0uLJ#(rj~5_w0^0*LnPo?bjyvu2Ap13Mmr7apl1icID*%!pu6{TY z%wTIOS$3k%EZqxJljKa9)+7J(Y`{Vvu|N`#^~OK{+LAkU(5MOBFvujdiY-4_E+HR+ ztNre(-&fKoww#^#9-{5V# z96{p6C&~tjML8|m83LkEyliA`+WX>}%y(kco9w&8p2XI4T_wxq{mJor#f}?UPb4`- zJqwF5ThL+A(yN7Yk_qnbL=VG(-K?%Le-lMJk3UA-XKa<(&k{wSXj!J@5uUZpdU6RgdF zCkJdm5jtolo;&poea`g25=MEs$fhpzyYJ%^LaDOB;U}8tBLfQj-_Qq2B_R7}hAa^1 z$NyK!PsooFb_SN0IW&09f}4C{puwCVJ80jLXzWl#FM=)k^ni2qI5z;+!@_oaNt~_= ziJ0u2jt-e>*6>tTNMJhY68?p9%55Nfw;s3lugY z!*dJWXlq2^sZkX(;~ziT+6ETU{>R1PsKWuTQ0n+dr+(%M%_0OgR`VeN+>6-(G`9~&S_QAuH)gvO66L~S=TXmLH76Br9W4o>d$ZX?hnUA`6%m|}Xk|0E!Bmcs^X}a_ z7ecWFBw_LHV|3uMUxvEvCRFZr*Us9Q^_5Bczj&6y%Rh@iMnk?5>~($1TeH-*J>pU9 zqYv@s!6|EM9-XO(``1R??cG0`(409Z5r5^Z`nY(I{5s z>VuuTX^){WBNIruoC8pR423Fin^!#=r-|h&IUnZ0s;D+Y7c@yR>5T^gVu=qHd0Ud zw{mnF#1nv0X3cb!D3(}Zd!d)v^}Lf)r&P)lKBl;ni~;1z#s4g>*RhW;EDj1&Ot^ju z)4a)Qsx)xF2a{;?lH5&~Rn5Qre8P_yKwAH4xtxOKaBm|3%!&v%=!U=mE*&qk-x?3* zo`bbkr|XJY1027>uK}>TvXKgCN6xe#-f;swfox?Vy71M!Z#c>2^`N|KvtaRGC237Wx*i|5+Vmi-L;4Zh~4 zKO_MPs|@9#Mqkz%@v~IXNn_)B<}zpo_6&<FAadD$wXX1+ut{D zq#^kGZXPAdlAoz2vn z*0acmpslY6ZPtN=aTIAwaz?G1@}PaAo7;Z*nCC-WXsh?{2pp(n}PU(WWg ztpU*$Tq@!ZbRtq7TZ?+bgZv1?TGY*V_02J>Dx6PLuiT-PK|1}7Id`(U%hS@7G85PrLbDZrT zWgMx9F+7WP3%G4XCK=8WNh;B0wl@w5HoNOF#&wlLQaH-7Kw>z@3) z2*8mnww}Mq0F7U{|5gcYU24)Gg-MPnRH2GDgUE8W-Q&xrRaI4*$3(O^Ip+}FYEHf-l$v?9-=~c34X*=`=I7NC?>CHSMGU-<@VzR-W*=3Q zs2+P8Iu3Pmn>%q&Nv^8?weO7OV~~QAf4?fiZgOZ zzUy^^Ppq8czGh35zzs$PpBy`}?Wnq3)a)f=i@6EO61nrgT_31*eqP1dcFZE1s_RMl z@Z2Ic;`G$Z_tNkge*If4)6GTyNe`&?F~KB38Wi9Ek~1LOmryZAf?caO$}H8D-R7hD zyw`sqB%(KG#@0GBu>SL_wL4TU>Q)dLy$O-*A53&WALDW~S12UI7K(UQ8%Pw}2a4nW z0apHYgdn9vGXO@Kx6jsZno_^`?%nWob52r`Zo~5;)6utOkLhC}mP>Z8RQW^@B&^zA zwrA7Of)({O%+iM-8LMx<%>L=wXV9JtZFRn$UL8-T#Vu>4GPSOt7)M=Wek@v;1`Q(&tJ(n?agqo z;b3%ELrC;?;AnNZKbRX*M47Y{F$|Ch-J=7cc)gGMYj(qe*`NzCt-oh>_Z|RO8vHo} zCz>NgPzF+$Q?xr0a z_!+E>gl;ng(tXOTn4=Ogz#VuN=g|71dT%UYzUzqs!0-w``c6p1SYM(kx}bb=axhh? z2iCvCKCgx{q%c2GJkN$!zXDstv4W?L9r0CQBBcm6H5w0276s%|lsKBjmXawd2->}$ zW(FnWK712CNQ9_}+TMe;YLAPeIJ~GJ`6*qMAv8zVY)MMU2UEW_jKRZeKi+tvfM%lX zlAu>y=)ghle0O^AvKNnf`Vrr<)OccZ+IK&@u9RFbbHK8B8w6qVZGr8=?(fK|7}xW9 zEemQ>qa`*9hIL{+n|NL!LHGHDAU+@GhddAwvQVx}CM&*%oy^IB-P@3vi-(^Bh8~ z4IffJRifxZ+yy8Hj{eo%tLg=>o~cMS2XLlZE)KD;eS26c>f)T+k&r{d>&Se4L6bzm zX<9(&t4qZ$`wfL@&m}X|7B%$|15=km#8_U6+oyc$^2fB`$@q_wpfFXWT(!iXH&On9 zx(2J%WsPJr>9O0+J9ekjf3w8`tO%#3Kzslfrm1BQtsN~~S3PS`xCpQUxPa{$Uoedf zUw6uDcI$El|Ht1dfGgX5{DW2q=5LyR8`6`7XQN2 z$T3>v=eCUde@M=j^_M$^t36a;f+WgDsxRF;5;!n5Ti34r{zHS)L_d0Kmqa^=jMJ#M zDW@ijNRor1YZB;mCa4h_(ewCHV zbKm1dQ@gja3oN>Jo`zILn^cvaf67yf$su7=gY!jwak(O-k%A$h5j0rRl`?t?<|}B< zdEq5w4c?XuyCePSE|*+*hb@QwHf7m!2fVWa!{G8$8uI0+3#7NwJ|c)6winDO_C6Hn zHAg=&QB^t*27o<2(#qrNc16I8r?d1H4?-nLQJXpnHdPmWQ#C79o<%c71>;u7Mo9ro ze?_APZGm08;9<%ASykhluJ`HR(!_a7jU90#rB8b;`?y6ehiX4yQj2~*oQFod)-JZ5-{>qB! zbZlzoH!$^3wxs*}hA{OquwTA&Wn>W-b@9JDT(6&>Ry|37o{->dEAHd2k6(I(n;VNX5zr8wpRkhqPlpNfDCHNdj{1=ZF+fen_!f=5ci&i-;aOVDC4kY%Wo(}MZj6qDy zH@IJ|7-f(JInIoZLBBkG$RPjaOX`)@ifT{_?*?dOz?M)|Kgk|jGKRzYnYTy^^Ag?CEj%OmbpuNYyhi{GeRB_aFxM4TBq*)(g*~E zt!zQ7xge)r1T-;wzkShdPQYu)D(3`7s!YdqD=|8JPxTJ^PJS*uG=~H|_jLR6X8O{e zS6#!q5z%|6=b}+l;{FKZsV)z5!@bfNmmt;O6w}tu=p}T_Ar3AcFjB^Cj$p`nnb+e% zX}{y%sbj48`Cz5Yrn#i8#=6QfmM-jVba&0h2EotAJ13 zkta>RzY$qt83-6g{Z01=+Z(@%d+~tGQwa*Da(?ZM+;)SeDyClh`hxG$2Ed(oNN5&? zRv`E7N@Xb+^bYQZ*v7{XnAK7E`*^<+`8u?&k*A%ln{`($S7K{n@C9}@U{&8H^YlrJ zw046Yu9o!L39nL$>DSo*aj)=7yaz%dbN-tQbSj`Xi0K>;#ZAE8Ix;;)8pC;hwr<;T z>Mr=xYV&g#x=ER8;2eN4H%^h?Jq2E3|ID?Y5prP-CTM0C z>koqJ0$O_;=AcpfLAl@S?gPY&j(ABLFiq*JZ#b_Nj6pH^>#O0c!L);v8*3zYs9oJ1 zU-+&TTuC;{ZRyVvad2p%lj6VCTCozF*RYuauP5zH0<03XiH9_r5sXS3j7lt8#gF<5 zjA_=Vj$l#rW@9y|zM37N@Wpq(@GWU^ihF0QQP4Qco2P9W8dP}mmp@Yg7s zwyzwpTYK~%13RfRNt*TJwL?7sK5_!;QEy@KhbjUl%MtU47y1?v(qKf@2}^J= zg=6oS-ZyU`KUH267HVNCr>U}pa~o%~s-${MHHAx~(#+A((Jgy}B$H_EwfTWzx)+I$ zTe`CPdhpnoH8=u6FIe1uNU+S_Q~Ajv5Ca)`VdEHeC(p6_&5}~g8Q40U$+M;ByWazs(bba_023;-dt?(lk*$LP%_Q~BzZXPYPyOM0g_WaP`l!FDH zxDm3g$$G1;TgQ1wPW}3}tVm^f*im_^W>&<3pi7LJ=ue(0QYW%BrrS>&>c&8)}L13z?pGhgZVA(B+(>BVQmamPvvWrUh);y)m}=QQ70U<5CgWA6SQGPsFt}TkDiLA5I!L*!5&YS`Vv;52v>BZ@M{dPLe=#)QNlc*9z<` zCSA9OibnVCP=qt7NxbZ5hkH04I-ujvuxfgLw-%>U9VE8#J@?m2OcGXIMs?Cnjq*^; zqbfJtbkQCo%jF`<0#JIe&DJ5N9J=x1=OmYk=v|#MXv7aHmd)&1t;XQ_lpHHYhJEq= zOnxcwQ4g=ilD%~pXSzB6^O}1`?ap1WGUbwS>|p4jfL!vRNYfjY6UX|QWMx9mTWIV` z(HLSYu+4YuVb5_Y_tbO?>8U&&{(u;?%{@DdOwIrNzo>k8#G0fY^yrzsOm4K*eG@wT zk)uD8Ww?ILdge*p!Lkbzirm&Rn$_KdmmIylIL;fbT%uWMi#W&`)3H0Q_FXV0yM~0l zZ{aenRA~_<<$-x^%=Bsu*{(C^bWDXDp0BTM?vK~ljtT%g4vU4TvYx6Eb-T^1ur4iP z=rXIi;-`Zg%}*>EH~Xy@K53Wj_to{RR$LEOj+9B|D%Ut>ZlC`eraXka_u|lIC|EYK zBuwdnReu;~YJ$}FHGgcC^ux$Z`{6X}mCCcJHzs=^nsM8@aphEo%5+_uV2Ucr-`jfp zYy#a=vv(5flT9Wj>s@Mju!M!)vikigBO+UjRw>%) z*$>LVeQr19x>ITPuJ6|Op{O4~v7$^Px6?&bY76Vw1H@CY$x7~_ch0kUytt^5~iLqpP0dtJMWgM$t zz_P{rWHQwUlm4TEtM=glX8vmg>rAJK|(6(W7uALHV?wu52&1_&ZywI1 zJx&RBD`QSvE{bC1-4@7Lwxdqpw0SfxMo_a?Bpt!S=CtWiw= zwoL!s;|&?s92idb$TdByD^Vu$x%;=Y^)jtv ziuLcH&Vj8^qV7Y(zxrmC>CNvIWcD)BMN=G%v!hr z+G5zAohLvt&1IsKs;%BUEDxj3Xy+{`clYpU3eT)y1g!uL6%?5xtl;G&IZ=!Ym^RzP zo9CToc<-zDcE;9}I3)vvI+jwn;KiYS4i0|%1>5$zLZkW4Z40%dR-v`+Vd>^co*aV@ z?xCHe@Gi3#b)V-qTsA0uD1;ue={M?Tbjlkq@>+?WOGaG>T4yNk`gMPMF{iG!R-k8n zXwJ!Z-XSAc|D0a>#WIJ@dxv?MKphAW?l2wSzbUZM8PRKgbYPbw{57NVTF7;t@f7AS$Y8xin!HL4WZRIB8eVPZ}V(`~rSS zQlFXeS)K0T;M7FD+1%ln_fqF{KgC!C)F3hp_4XXdH{mVaKs!n$6O;EbKFR{Q>U);6 zCS<0$wd$Ee@(5*NZ>dhm@XV9pev!N?#JbtY7Ph$fxzb2poy;*r__ZUFHssNzEA-Of zhMhbk?y~ajVT1`b&SLPfRW4pC_EVGY+{UD?4faB%1f+UWW>>1xC!6^SI+L>1urglx zo|hCTN814k1EVKoT(56|>7`%G$kpgY+%IIvtRL?T=DlKmDcZrhx0!dXS!H^>HO~`K zuxo$8p+&PO{>!*P`m-9D@Qh`RGBKHwImEiH`UjPB!R39ZmU-%n@u>NRi0#9ghAUgU z=`EK4sj7_Ew+W0%VpcBXyS@bcT-P98;M{UbE3ak1hEMeQrYiepzx#2IKX1h8Hh*eX z*Q?-lP4@65&+jp!_nS7Od~kg!#zJu81l1hV9`RfaZRsW2^9LZvTu|I;3AK9VVY}oH zak-j#{Hd|ixd}B%TiY0zjSmHh{%)Ycj{REZfwwV(jbq zYB{=A>AcSseJw$WSgbu=pK+v*chA8v)sR2(VR0)eq&p6+MjcNbAPF9y7+K9dTQol?tWZ?sPi3tq)(m48j|Am=DD)XnyhEra|#sirCFR^++->rU|rXuimbC@*nsF99|KSCFcP%>f==CPw(c0o;}HRO;vxc#(n z8lG#d?YkM(^VQZ>%)8lz3v!jWIJyf!-7l<~dmvGDb|e352sjtdE>B0@6Dn5)%m>o} z5&i$R>ClS90c8wzhIJ5|^lcTX#I+A%&g(V=e7}4lmrXCUgRU9!C2ut$M91vicG_lV zqO5=H2Vl3*1Am~yIib>93}6L%@lpomA(e4otOGM-H0$}>>Ub+L{h<#27~@t z${e=7USx9Gb9$!im#6Y5rnAV1oBf9&ffgtla!q=~1RamHI)}hn26BaruQBej=N&f_ ziu!vk4AKWD0gk*-?*2AaCH=0=kiT%YZm~GB4mP*7mYPXQ%#e-(zgmOb6Dr2c6Fez)T6}? z?Reu*0vXgMAm)3b_-ax6^^eirFts}te{^JxZ>#Kme)fx}d^gU3GX`0AXJfQ-=NH}Y z=6dna-R!k*4$GfMJIK0HBqs4D7v#fzx}-kpI9ruHN90wMzXlSEqL*7L>6)a^2GcV> zZ;UIpw)P(b!(U|JXsfN71 zMw_5yV}16lr=ny2XH40lt+ml(MeT47V-_`XU$yN#IaE=2f85zGUNSH&JTG7ZNt*MB z>aq!Ex+CIY^|j`3^;FHwA`2atiG#wd7mt{iBwdp1hEq^w_`F)+_;{y47Kn%W!9)o2odu)bnahtRzNB`)<~XHmVUgQ_-A zR}0)dGAx`aG4> zg67q9YS_CcR<1)OPhQkYdR}E%FoPG?77ROT^F(M6c44dgg#@lwGlmu0OC!uUk1e=PRd+*^iQym7Y( zFL*`Q^y!$1PFfK5x?}wUIY06uHea35gI(gdu(^PQrimC2O6%8b`#J>IUk(*@IU$H%B%-J;$iN z0zJs5j(1kDwOl8%KVze}F93s9r+JW0%iwhZsbETkjJm+5PHmqwiw4_Uv6+{6=eHxl zIPQ@ClF8Q3P-ob|m$JtvDB-W(9Ke7%-1a~NUf&c-#j})ZXq)*Y?)F-X!*YM{H7D=> zY`Yw!b7|sCDpxu!kJ;MQcJavb#j~265?rk~Ek`+)2-3TJK&98(S$aGwzP3wpsMj7_ z5pVTz3R);}dDa9IC$2A-*UL`g%YmHfAwuGp=^u)PJ7=Mz3;neos?e@)Nsz(5z))u#XnNN``z>V;PfGXQT9jdw|Rzd zIOT>)^>v2XZ*af9w;$>Se8>oQc48M-oewE97)3bfowi=5|e z3SwYlR?qw7LCNx3xvFcVOxf~i+;L+GW3E!V@?VFIi(rlV?6k(J+ z00Zv8>amk|s>95|;6%hFw0h_>aod={hhv939+}I!=MVEWSoq!|_#8s~A3b@T2zVmB z4t4D(DLiOZl3|n!p21=ZQm0ms3hlhJR37h%O;B(9s;mogi6#Ov!dgL^scxqF+`BNeGuDR0PByQ|YFR~M^4%pJNS7p5d;a_yqe z66fuE7(`;xaYVz34 zPO40Rx$YICbhRN486=1paKj5(JrLULlum&w`V=_cq*O3DauS4OYUZ@`-0ms<%rB=o zQ2i6E714(*3n%ygl8HqqHc-+$51n};VBAD7fV}UMW1Q~N7i|Ny2XS>;V)4Jc@?)In*#V0*%1DAtH=3HYI z6$$?~^m>yl+TjSxZuEOdyyh;RnezwG#7|`Ir*rTjHxo>H8U=AIoR%GaHhdxYw%CJB z(DH5R;$8sMAYn1b?XrPz)?tD=9`4$1yNGG8G?&!vdqK|JqSlLPe^P#7r4juY#lxuX z-mNX>dCk&iLhS?v+5fi={)PpD;`c0o-w>5BwMebk+PsNNJt$cM%Yl5)WPJ+NgV(YE zbiWU~^&5>!slc6f#XtHW{zJU41RHBr*s-t{)r+hW_obiej;0;=rpdcDN%_nM8s!osn{<4KWz z?Z3p^GZ?FqBPr9*t1^pw9_0zASY2mKP$xP~ZEeHFEQZdh0|qm*cmh%wu-4UpD!h2V z#SJ|j0)8&`w&`ReaWBx@ftI<57h7@wjl;!;PXZ-w@7{?np1FCC@oHukY|@kM*mqcF z5YcHM1yTfI2(NA8b2u z@G-YX(t`SilRf*4r>yshhB7}ZVINr^`lb@mJ*MV!2+k@PP7_H$hU1>T0cy+}Fu-*- z-&MW9A14qb`5(y&p(z~nqNM;x@WbV-kgXs2y{nn`0UIKJ2wah~C>WWH>oz7((H@*2 z87M~SxDs=N0JlE>C$F61|0C?JDH{})-)V|_aJa`=?&s2nLu_j^={{^=LJS+LQ$gmU_e~JZ`3$y@SuH0-v!V z!~ez6ou*{dUXen(MX{*70}}D0olZEr>2HF8F6^hNLyD%k=W$-^1q*oUO*8e`747Fw zaGE2)27cyCcI!pRgSKw>GT<~Nh93Et)z)d>#iBs~SdMX{{s_RxrunK?;bA}F)qOyJ z7|2al)g)qzrg?oY7u(hTxk+cV@z*M6FXZUuSJ$Cq`_orW5>!XF_qn7@6F8(Zj)7|IrC

M6#MI!hj?-S2Z{Xzo|aqz z57V9oTJH}rOfzsbUC7Ac{o8)RII-@t0Nk<{y~g~WOCm)a5EKMF&%CJm$7aCxO!NR= zUP|i0!GV+L;EPqPpZw?TW!N5$@O2S z^WVK?{CM_WN=l#_vaqD3kc3fGdi8E4f3u9-MTwF zGHm=#Yht|EZ5)3 z2{kG|r-j}@+@kFG_|e-FHN|qtfCW2VWPEOeH?^)-7Y*bHynX{Y0{t2?Y+aXAcuZ`7 zEk|B!t#ndK%%7IfYrFg1!-@hx0PFbZt|{sP3>ElhIsP z6-SnqDPT|rTDh7xVAAqH*7g8po)Qk;9vT!!wx)9 z-ZYO2E~^&zJpD1{e##MmX!L#s?z7Gn;f6MS`{5W6kv;^9Fc?{b`Q1bG?nNd3n|FsX<`yd;peZ1GhW$Se%i#qW681T$v^lczih)VX|(a&!wquZcUcHOETk^_^M;lBvG{McQA;Ae6p^T3QUi zJXa=5SY>-#o3K3QD{Bn9O@d^5TM>|HxxGV#u;VVmvtg&=V5wDRA1{l91c1(DOnwgt#PbWNO@Jb{f8Dk0@ML|N zLUYCF4_@vL9iJZf;v@RF9TGWytaW5t_9lnD-+r!!b>^QaGEQg+v!$WaTa>eYENmpu zN1VpmLSWQ=7@?2XDZVhO(&2AkaqcvX^QFTNzb5v?csI#EP%v_NNY8K^ zVB#3eLAkoX8L?pNdsx<2b@km5LW{#3P@(6)l*TVR_THm}!R3;o)tv{xNVRBCca1|W z0hEL}D6;SXlp&`4Ia+V0FBvLCh~-24DWCgh61sA}X^2**z;|)DhD8{_c)dhFlxXx~ z@WaA4XbMd{dGgA3hkw%-U-9~juJ6z(z=;5dSEZhw@2i(>-CfQjj!F)D#I+kXn7+`I znA74r+o@9dH84A_*sx1-0Yn-j z?Zh_p|J+_P!FWIeptQoqyo0vv4JF5D0tKu56O>H8MpI?@&u@yAnLsA;$#Ai&>Bfvd zMo6Tf=Yw#G6Ji1`dLICTFPSD4#6HnfEQ{BcpDZ%1E3;}ymhhcgBlzS9M!I!|K6d=| zBjoLPh`za|sv$tLcnTMY=xvs|m#}ON(H6?XJ1ChQgKIwTKIJzYd}L#c!ML2B!oWno zV@sS#8j!d($bc%b!Sux*oT4GqjhREq2T8DZRnAH{NU)bmlDX__xERpyi1TF*Kl##M z&K_&uj&Zgb?#S#;xX)n@MmfpulU-#446bna-hGrAjme;mh}W;8#ixt>LRS@rQ@4$O zFW|-5+)FlCZxxy4-oOOi6IBk1U=~cqlZ=jj=B=uR63F5vMXPuC7j284$Ojk+slC00 zl+O=3wTBRX_20jH!-x~b&^ys@<~l|kjf>shV_LMk#U+kw6T*8IZ6=;@IR@|R@?L=s zprC0T@xrCF8S&+5Ygfu91JJ;KR*cr3fg4@)3$M4la@U9*9EtZ0F}Jy8l0m_Ou<`v3 z`s>gJRiOMca6Vo3p7bx9{~MZW{7baxTb88e`upCb$A4+=GZnykAkq?wDb*?KGpMD} z|0SeMM`>O>tMVa4~9kE*;e@=RN$WuBVR8TRM zC~diY51?%w2hlW{C^j$Ii(Ll#o(k=9ihJif9}@^W&WB>4Y~N{)0V}n$;K0gG!fnP6 za3`c7usmjDvfF^3cgrwPp6+~c<9SvDNdw?8JQEVg6ezbD*9#`4yN}!$bwE&;cKi4*fk+Aw1$Y9nQz8cw48H|Td+)>gi#tFDquWYGOmXXPK|BEZ7Plv!E zk^K4sDNpmGIYQNndJNYyQ2py7vH@nwH2fdTkGJXEO2cQ@m%VPV<)FH)Gf`U>c8f(9 z1+RUAYa_isQ-U_s0{u2JSX4+r79}on!Fli*h@qHWlkXKfca|YC--f9{%vQ&LwAf~S zxTVpd{~g_~gSPpRQm_3-gJ-CVdfpQZ|2r+-YNaNSsrRSXMB-EvJFzzO20R!b;#(}}3Z#wrxKRD9DGC6jw1OP#f0LKu zb&z(j-`V>~syKl^pT{FTQ>y;xu;CrxaRT;;+)5hohVMn3m)mXZYj1(MkVs))y1XAy z3{>?>`qq4aEEfkDp}xy~u)6rPQDS|ZwfUKzJEkx+->}|**2dH!e$}CjhAUfwr)j|~ z`*Yt7XhVZQGp!>u&he(Ne}c|O7&J3qzx-VsZ>A^NQ*EbfylWwZtpHf}$p_%@fZ`9K zsJpgR(12w5v~L0{JXbcaw%UD=Mc8}4bQ*X=P=d1ywmAl6QM&RW#v*Z9qugBaDgyE{~0RA^280yf*-qMwCf9vzZzxYNSP2a&ge^?F+x$@Vgr!{O02P@ z90T@(bP36W=4;)9GukvPF!Env@#i$qJBJh3KABd5?ob;*w#)-b(d{{2jyDi1MVSoX zSt13)5TEMf#lP2jR@@yZRJF&1UWH7%BBUu`)`wyV0$R7#pt9Nu8I$V!1Fm)S?(H74 zA1(InA}%bX_HRV5b3*bzGRX?*oN;<&P2)u;Pafu!R?rz|+R(TXR>X`^2 zZ=KB#6q$9_CZ?2kw=jG%&=`u3kgd@15CJ1|D=@fNx;Ka2*|FI_%<2TEGT|0)#eTp0 z)t#WDPK&ysjNsea;q8^p@hCv)zP}T}CtZ!4_GnqKIGi0^5q5Y826$#*6av2Kkj^8X zP6KdEh4sV2rdEd6+Fk%_)jDZ|9OZ1-A3IMZ(kid@KP?~M!CUt<1=Y3znpKV zt=iID_FY)DS%z64$4Ga*ox(Ljw#*eqb4z)az^&EY(NfI=6qPI<>YoX&kJoMv>y{g^ zS={-ykivf^XZrl{&;`GGaUQ>+%X&crPb6+{=Ccgh2t6m!I; z(eTHm`TfV*NfNF7M z)IRd}=;>{UkN$Xki1Jm>c;b%XZ`ApguZ)`S9cx#;tgC)Bdj`|Y_thB-@OBbED)rx4 z8|-cUXp{SM-__?c1(s~3-z^ib`|rM*4s&^Qk1`$lOj&no-hQX;qwm{gQ z_Ll4hKNJCO(BG6FD|#gSS|^z*ld~;&ElQ`MieBMPj6{B@R|24EPg`5ylq{O=&YZ6R zod#Q|78UZ*rrsmv#%Fvmo25AqR@Gt}{Q7~#Qze zhh@)*c<$bgJ8oSsXk7fvkfqS{GU&7P9?$&KdAh8vQM-{!`9OvDLyb~r8a}Fq5tsI4 zI(EIkkwrb=6s(fKX9HLPE`lNA=$)uf(YydEtL4JWu3o>h#SuA?ZA2ZVeCBh8;>YJz z_vgGGmzeXODNgYj>pS074jDBFK2Kw%BOBJiz4K*7BeR=4m&V>{ZFcs1UAW4iN!dB3 zd_K-v^`PrIg^TD;;ydQ;z;VWF1h5Ncw>UarGr*2rh8pJ0d_ zt;G?xHd3d`$3>St&AQt}m-OiYar-`Uxr<+fAt^?}u4Nyoo@>EBT4$s4xyHIk*Z0bJ zIa&$8h!Kv7=R(#WzK8i3FRy3Sgqpa&4te`p`}JuxHTTXj#n7>W8PuO<4 zY#7-}Fce#Plw{u>@V9K`--iF}vcesEuaNza%{nNYzCB6S=U~ytW;3(!*xb-wB>Y4c z)&^uC4E#3<{BZaxpk&ELh*2)Ffwet)`dO}bYU_J~{cG)Ybn)@2QP7fbTAmur(}f10 z083`g5eN*r=UF)GFd~mWJuq*V=rms{rYyE=eYOOzDfITDE7W2v1A|^##FNDu7eO8Y zs^=;{4V+u*wY7FAAHq#idrU(v<_$Uj=DrWs$}cx<@yL0c z4h7)zG*R!+-H&#n4`gy57h9ACcNY5|eF1spfAP&BcKnPJUo@yjAro&KJ|5gjD7SUh z5=;{I2E|Knl-$Afttrp#*V-o z%QlRbl+Q00bs8ZYwGO;Wb?30v%UCa(3psL(o+iG9v?6-ku%`EWLwkMJNX`u{>sa3} zKzdeWn%2?x@WGB{D+Ewg%FpCf_vk->(`2FSCPui2KDm=Ei*0_c{XNiW;jHNyke`^jshhJp* zM*P1!+@F^C>bEV!I};_>yLvgbh%%~$9{*o;%)fv4oY<e-FayNU{aeGs%LQC1o4rZ?)Nv}}eH0irC= zbPH4uKSksX&y$u<<h(2I4<#4d>1V4D@sB=p2h_^IuN{MV=ysuei0VJq}Zcmj8#~cK%Md}5afs2$oDlwu_)5e;7SH(;t zYo6quyQNeq97jHtGFAM3%NFh&Q|9-SaO&&nW|DxtU#LO_)Ml8NKI( zk&6qEOF|IKK>GN-_jf*N`Q;90FI|J|YGf!d@6-2rnw0U|6i7sW*Q0u+vwU%PKiTyt z(OAfLO1$=5K#DtpNc3H9lNG50@0 z3@>-TCJkWxhgi0?j(?l1t#8kP#6KZA2fd4yc35Z!lr*F$%T=F+af;7>1HR{qc*#o8 zK7hJ6a&_{3K} z04!VE#aZs1p67|-hSg?YsIM;%ZgdDO-j`gMmu%lsZY{rPDP!WZV5KL;FC8K)&-z_phh3{R^Nve#zSjb@+hz z4X>4MwGy>WC3W~<(S%@2Lo^tv(`i&l=dF35$a#;|oZkCufy*)t`AiVdUak($jz}6- zTWf5RnOiVkXs-{DGi%Ar=dtPO<@uHH!-7&XUp)7Rq2(a-Lj$$c(g8lPkWPX(sW601 zjU!ucwO4|w4OH*uwAa&vZ=C6eP^W1wc)GRCNX?t_mu91yAq>6)jThj0%XvDaZlVcB zxp0qN1chlsOemxoOmi-q?i6vEjOQP^d)nLioLEvr$OU>4s}#9hXM}_u&BoChy5Hg* z;A1UQh9{lwkvtIpqPn&y6tMn?Gy{X@AGfc+OT#vlxn6c_(DF_2$0QW87r=5cYW1T# zzX5rpC?<(6sTDKPMvGu~y#npAIv6@_m);sqMVhW}H~Zb@^su!?)~lnb;`n+hSidk; zK6Ii=QLz8%(t3R4_uLZv&ULSa#Kpgr?FoY!Xr*EX24`>C0qgxCn8J7ir}XI$MtU=- zscTx(wx%p4-#==5d0*<~+iLc9B|ZW!zc>Mm#E9aP~c3#$bnxdhv+MuP5$4qy<%sxBv!|{)& z@?l9nxSxF=%uX|v8OhNs&=j^69(ze78GP=ulDM9~kk|aOY)NHqXxkHc zVWoh9>PU-d;6j2{*rmI*sN|ZR);E+*;$zN>muOm8DT=sh{YX5ZrdU*4?q_wYzdnPN=nNjDbho6(KG2 zRh_B?mwD%3mWeKJ!dFL(?CUr8#d8xOJ^W5QOcI`ufzli$=c&%S4bAy4A?&lkM`E$N zt`qJR`gHIqL8raiZO@;O#EYS~iy$#9r$nvV z`b-k~s5MTzf243buY^PlyPoOxH>VijZ-OAhQr_q@=Hb3Kr55_NUJD6dxc;`D zFB>v)-b)8UgP$~tai-SXtd^7yF`$@yd!kz#>PN@UAFcK@PKmHn)Aqbl=Jmx zB^i!m{Gkw^_~BlO1%9ml#j1F8N-eGdgl3eSGAov&Hhr*h2EHH!g$I#pVr^Ipa6N?-lnQ0!vxjOm!?_$k03(Fcg|+ojaT4X1f;OsADhkNb&@LFzD(%b zlg!UiIq4+`{NL@$Yq9Rg=osW!=#u}pnXJ9=>L1lM0iFJF&db~5v0R&uoJx*oa{OH~ z2dqu>>JMC91$IO;EyCjWpuf(IQSDF{PVeD|#UTIIX1F2@jOWRQ8?!fq@9tggvE;6ojvn7eI!itm_!MTLLIu1 zE?a%NsL|$&caKfonJA*(I7uC;s2m3?_R6E3!A~Yp6h}H?pfs>CTtjy4xz>nqJe^WT z2fbx-GUsI*_M~%}YJ+y;TLdF`tI`syI`z{|v!r@87Rpvp(hD*&rDDCpI>-Ac-_o7o zY0NCD9F2v$P_5jL7oIm4Osa~E8Vau0;EVkDsuHwo17(hvoL%8uKqzO?09b}x$ZCnn zkynz7gKOR9zK!Yf+Zq#SZS|i*Sgn!x7a3kIqIkPxT*6uZ} ziEK|hEmj5dJ6);uNf|*W%$-w#k2PM-iCjjn*U^sTxlbQy{ova;G!uwbs}qYO-!qTd zAu8Avoqn43W4Bi#C4*@8`?-n)>hbS+o?rJ0N^{vm?)vV1qsokf3j1>UFM&zmom6>b zwj7JR$@SYLG&h$2HaM@7j8wE~vuOE5coUJ+uT+2M_r2S~-A<#yBc0kqX(T8|pbjR7% z&JsC|^-90D5I>_zKFewhC(2odco;kCx|)-X*$6@5S|S{8C2Nm-L8;j#RiC z?rx+7YzN7@u8gEn8M{q+&v{uz4^oIaf6NiEX4w|m9_$t39f={DO!h&vSFb16AV+@5 zS1-OaLX0h)wR^Kcyy`mbE?OxL#0Mj1IX5=`D^jHswD21$^yL0@sjP^GFG6Y^=Xks6sa&7H>-rGCntCsiERPbOcpA-JFZ>x;kX&eYgH*r5G0l4OcQ6 z9>Wvu*z1hflQt+}UuhITup1$KK)-)j+|aNs(;MLa*W;|??UD)CiE99g)?}g>c4U(p zN<1Q{_DLH;T^D(t7Q2bApwSo@Eu9r4aX?0d9q@AJ1<^vw7uZ>PXXJk3ZnzQrl#WRD3s0mu_r0o!fE0w0jOabSBl~khm zv`CeUc)8-H|#;41_eU0x$LS8fZ&iwJn}*HCcV(uHocdpX06r-DHyDhHt@hBSU-Dd3%?QnY3Mq ztMJbHXdc(;LE0mCjj!eX+Ad^7kqJ5j_S5xZdX9hzdT*m~Mm!T?V?vzIK8Ait;@rjE zdQKq7o1W^@PoH6;Qi9B%J}GDSi4OCO?d?;Cy;x(9FLalhZ9YMYtY3?3;O2$9yqsdG zw97QA<0Q;=uxVaxb+KI!eiUYD!V{f3?Y2ypG?|{IlUFWe8bzPBBg_N6;nTtxJj^}#nQ&I7JY~wrSA9!)Y?f3)NLicN2kc!dS z$f&56c>9q`CflmipeuLug7LG~Di4Re3adG-j6Dx~BwWwwfMH!BBA?++&j`0OtT{Vs zBd2POCN-}fe9bvUP3Vj7qFcE^Aoxziy+bn&;qBjkR#5qQm*!e&Kq8Bfg^}HH51Jtu zU#+`7lV@Rta~@&uJ5C#Xeuw(EEv)j(ln=^#^0-k(WDYinm&?hcF2EwFSHR7Dd-f~(2T<^2Sa@n$uwS^+4fE`$r>RFlEd@|vimE-H3 zAD5cY>m+wQurxmwSylDF~hV-z!I2u0NtGegW_rC6p^GmHYI&Ct?bR2YhB&mqc!DjBVRHAqF z?a#$1K4B>(el}T6aJI&4Chg){Es@lePpe@QayK;Rok5+4vn%o%s}prB2*fWfvhEDJ z5wK8buZ^s+2`)a99-kLw=bGFp^d$(Gv#_n0a*;F9_}VL?5@fdRN~ITFz975+IY^Ic zuJ2W9t99<2f5yDvH=Yq=STK~2Iuf*JXtX6$auh%AT!>yOY~NuJiSt{knD$BcT(9pu zH1#9O0V-HJ3p+xc`IqeKqq>n1S?dRVo4kKZ5Hp4*5oK@f*Yiuun76K{!P@TT;h^u% zUM}*TquRR7bGrAV2G+bCfW1?YotfC~AE-Fj=qOS8H5^GiHg5J-z`So2sczJ^wxra>Zz;|}-H4ArZ|w0xePAFK237(Jg*I+ZhX zH8xa3UL_M@Hp`+saW_I}t1Y%hpisv5I9-)*|NR#c&^vi4)zo(Z0n5+z4+yb3B73`2 zK%pk^qqi?dXqdY+B{Eh}%UdR^^KQ*`CvMw%?R-5NF^fdco&}*o+lF2uRVs6yW4eRG zb-A;y{L$jw(?;^jELNUlOO}jX|DLCjOE_}g_Ju*UY~t8U z4Xd3U6XH_~b1odNY;&^nS=peT9wqoJcMDFi_h%(f7-s6()Os(BKehOahh%i|udUtC zg-$gEx#*v{J440nNO&ikVm3O}Mni<_r!Q%@Y% z1tsv!v_EK?iyDW)zIGB9T)k-9b{;3oQ0u|3|NSKV$a^qsKVciX!#zt(#(l1`+;;Sn zK)ya3U!qo(gE>m;hb3|`?c*K&swRcOXZ1OHh(P*jZ?xUv&ft`1#e%VyJd2uu?-8nc zwV}cd`rQgIv9NAaTbG=dOMoJLvevwW_EYXVqbAa@_%G4l&0cy69xuy!@3ynji2is~ zW;0y>Foa)fTF2P^v9UKYLq7=?=zc?)N z56A&a9p)IGy>lFR8bLMM+<8?g+x>T6QR%ZAa<22al-MW^X`|2N`N(w&Oyo2UAb&cIG`h0pLv#O{=8xo}bO zm4Y$!_sEhXBmD@YF?I_cfQ;1WC&!82^iw~}}N~$1IkMm{W)9%~pa^ze*Fschk=(hRXZS!-X8?Buwl11bg zq{8w6-jriyjb~ElVXVg9RNFVZ-n$3zTZrYt1w_sIy!8(<2`c~wefDmBS9D!HrodNA znop`^xv)kyB0R$2LBFOl-)YTlku^}2xy1SV#d@8ytZXog%GJW9!un6lK;8mqt(n%u z73pu!6Xe>U)~a{MmPx!ayhc=Rf1p0Sjp8%wJ0-@AeBs)a>9OH!Usu-^+VHtS)hL16 zFhV)`^PL321}&Pm1MAo+?p)CSUEu8C@h z)OTu#92GWayfj!bnxMJuZ-z%Mnc77dTV$3(;t3pk9CyU%*+k5I;KS`qU&^bu`3s{3 zn>4qdG}7=xva7c_)xR~wlIexhsJPn}AN>f_P|oHXYS(m1+W$2Osw8jmTpt5TvY~wA zET|T=dbp)P?eR>wE!!YoX8hLHwC`|ER#E{33>j;8{DJ=b>n`o|9OVW)SbvF- zG-K*;o+k|LX1<}8zpOQ&YO@=x-YX0Z|GsNYJz+GWdY z*m!m@g72GAKJ$*-oOiu_L+-?|x2l6tgE&yFiyQVE*Qnb^I{$o~G_l+d&neYAZalNf zviETrmd~*rk>f>l&3lKN=eT3*D@wlIP^^Aiu_rS5pLo*$km;SJm?qNQD^r2Z+1G$S z{4bskpaswm8aqCB%pMN-d$7PMcx?fgC9qutGF-WKRY7nMG`0>6}_dUfc%Yq6wy6P z8`6(mGWhR~{qxWNAOCwUyqSzZ+6(j=H zTX4Ih{`aqpq;IrABJUmLalU^cB>2zyJ^4!ict$o9p1XEN%FT!j@D)FzC74cOeJGm* z-q2yxy`${H1IZVe|3B-*sCM^kbLaj;mkiB_I8Ejl5`L9S|9r}yEq;D>g_a%hdCT%7 zuS9Z`d}Q`uU4WwrtAfH4xT*qDpHbF2q@s40jJO!@RlRsqi z2NJ@|`GV81wh)E^Rf#+5E-o$`DV@pgG(_iXT^)jPM12^MgC$s>Fqbru~Gc5->Y zMoStQCHv@=K1`Pt&!ZkRhW8|inh)V;R;y$TzU8daj4^Pj8ZVfRj#(PFZ_v`V$W$_i zH^Ne-WDG|uQVJ@I3qgb8?BkQxd7Wfs)N_1JV8dN0!=aUOG`bA?gWtWvVgFA>YU znKrHAbRFH@q{%AaI)UY*<*Rr1eHYtqM5sd`(8%A%crV4fa8um(nBi&iLC)AO{ zsRm!zZ1vVu2%CM|jWb6s)eN8QgI;m+&IuVMP>dwbGj31;l$KByrK?$596G`H%7X&~ zP6tG+khZ=bJ^QyOK{XjjIC6f7j;6e#m#>vu?t!eA3^^Q{cFB;@ zI72g~f|un3qWkR-_A03bT#(s8rqj}seRm(%9gR6*9C;=bV#1RKe;O{PGHi5AmNXNn(_Nes+kp$A zWF$9i^a+OOC?GX%@ry9(W3OH60db&s9}lrSy?ts&;WbMfa|f^8Sby<1*b_eUt(%~Y z{Q$@vtEs4{Y)DdaXsM&tSeL+vj={)pZ}~w?ldoGpksnTDWwy3TCXyWo6hl9eaMnJA z+rZQuc%0qw#JzCQ-bVOu&`QywJcU0?|HtkHM&r-JQPjF0#{kaXN`~1C_R@iy(AEJ}5wcWDK!XxuieUuF_8Oi1hOu4Vz`FXH{98#~B}s%HtcwY4*Gpm!uA z=CKRwGi`x?GUv$n{CVRHEcF5}&Z8x5!MWG0QHS=<%7Ce1U#bR)u|47?NpJ&;kU=la zd=|nL7y{n9tN<4*ggaG%YPT@VEYAaEP{-?hFpu$oW+g{k7 z0+&yb2IFx#ym}WWtMZc^y)shm{MJG#r9e(L0@ka-#Sgr+o3u}ZvE2nRO%VE~0su3j zT;IMw9-bSWltgFyls#KOY>|=ls?b9!qY*jGgm4F*2+;t^6DR)*@d(^YdY8mqDyU}Y zDT~%bMvw^)Zrz`eeD0h=v7kCT|LFpuEF84spOJ>b!ovH{rtXDZ+k7|WiJ~(%Gh^fY zb<1*ftjrl>!$Z6gGi6J^V?v{oYKNmdv5!k}y+$Nb2sQKHE3NN4;@$c9v zPJHRjv%6F7hwuo)Tkr+$Xa%-1x8Z;~9BV&M6nL-GL9V+bm&a-ID*K7wkGrf}Vi5-V z0Yu8leB8!!gPN?m9$(+fK{c{^^omUUjokOlSEuR}tE#G+9F-Ln2m4#E<=Pa~sj!Ny z4h#;?ZSTDtkHZeJfd#QWK8=opwkoklt1Iq0^x;e=`dZ?5$RUBq`MM2%VvA#qz|bF? z3>O&guMDd4{ro|I1k+sE2cceLsZwX05fk4GCBXeUR_&at^Z?#y22G`(_!M-Gj2gP# zvz`wq6db~F9-^liuxgo@gB5v+&|5KRi5GaLh-jZmM~)m0842umte8;&LUt;aNP-MYoYq=lnC2;Rz@^PQ#E{-)<`uwl;A#y7%o?B&Jv zBDo)~YVtq*wG$0!f=`4a?@rT3>5_R!pt5o{OjAzmm%Ux72b{e- zmfNsO#TC)j z)nD8N1KFXNit9`&6QsX5LtR6|TpD^Zam(N!ci^DfY!r_`LBL(#)~0~{tzQwGMn8g0 z$>~3!HC${dZ15+fP>vKXlD!fvF?AG!Xs1pR@_6$?#` zC$^KEjnvGG%k7KUKTJJ~zoMf`u5d@npc*$OA%CdrZwPRJ!2J5#z&3Pp&a?6I z^5*SZmr?*uSbc(k*hB9^L?H=h^+OOFYJrkZso}_pa7pbAUQk_rq(V-H8@JG9Z2$S; z4lqLY99zxT$?S|ZQi@@z; z4k3lQ`HA;t6U7scsCWSq0ny=)@39{)$&D{Q+z<(PPHC1 z>Pw$(wHYm*#>8*iRiJ*W#hT>x2FUsr+=#e0K$M=@zOenfzBM*NRtDRSfT2Gj8YxUD z71?$_c)^sWN%HOi_Rk+0oMz8pSu30C!rlPjDHUW*P(VP@Ye)%PaYYus;)(#`!b7R? zG!EPn@U*9Lq_jR^BCboHfbDmzqgsnO>`px4r)J}_{dq7}Z7IkMYnlZiquLhUZo~m5 z&HF`gKjOqGBmDZ>&%LG%aFh9bR<73V4Di{FS8IXWmOJdOu<&DFn?c!tkn@9amPz>_ zFloMZgHPI5VuFU z9o**zg=E~klbdj)chF7t${8Bv6YF$I+XV1@fzQa44Rg~ivGgtI>Qb7UoBQTek3_%+ zgQyJi0Q6iP2wG`DAnc~F*k4w-u`#e(kO5y*xT8NDgJZXnU(T+ub58ldb@F6Nc(Dx~ zlL)=IZt^lq@e1cq<(G&>xQ@{fCgO{Vq8MC+z_QbLd+zC|_gW8pCDQxiRaIPE z{A8>I5bY5Y8M(pd=?Vauj$KSlSv*DJ-yf>xf?s=d;k_DUv~DQ$8ut3%BPLfs63RMa zn>R53z>95dZGEhuHumTS{m?{Vy;Dne<`ami25^M5(sUv#5a+dt2Ot25oL0SB#wA#e zZ8RW;d4S0~A`%pG$_f8h75-DYX*@m)ywpvmzv$inTqBY%Nq)`GBU*z<_~+k0@|Z;q zmwKaJ;+%t&LGU25ve96(@h{I4X2x>T)@MTiX zz`KwCr3W!Vv@-HVX1xv_PEReSzTI$a1RO`PZ?-kr*unFX7qj21e|Gp(7pXFUx0@zS z-wIICe}g;BCDn`Q_q{9oOds^>kHm%avG%j0%r9EL3{mvahDL=Rd+&j#JbhM)8Ma=Z zkkx-ft}+c48hU1drRHQCc(4m+()Iav3C+R)jRuI!{+NDpyM z1thzyC(i4h@^_;esdX>G6x?T9!}}wd-$nyeg;>ypq)xuJGHa4k@i|gzXnHs#x3rY+ zqHGw7qx(0G-|;`ZF{8TWVj!I}RcjT7U5hl=ZS-NW3^D55$l*Sj+dHtltMaS>z>@q& zH{`75EmN#fYla=2oo}IPU(}iDd=H3dc${Lx#n#-kvel$~8YB?nw)ZjC_@|ol=Z}ZB zr)!ELyvyb38K9RG%J3iKh$ZseAz#gGpPJv4^EMv~YQjB>gg1jhk{S;nD6Qdej>6i{ zKp~i&m6a9I9;c8EoBt>#wT_?ZO*nj`Pt9$fqz!jsv7@AhNXW3lHV}D z!+mKmhmJ!~EfIUlFF1LU2E=)WHL|^8=+I21D| z_dMrAwBnpk#(9Ki&#qJ`pBo|&7qd`*z{bzmiUV8yn&fxL@~ZjSD`HV_6JKHZ>Vmyk zz<;@29s#0_;=gCS#dthE%zLB5fWI_j&%DC7cjyDUWO|1L7c_g57of7;@d`|#dgN4C z;I=>O{)rHHV&V%4Seqc3>P0e=rY*XoSMMzJFVmvnidJh#5bPyN4~GE=K)S^7fd&Zm z@h=S4Ui<|@99YG=76OjOgNx0a5)AD~kS4x~#W=*+lG+;nZrj~e3YDM8IFL2A9O~jY zkh519Kg2gu#c1FPD_weM65)6TjV?Bi2UOo=-!*Exks>LURJ}ekX+W+P7+{Vu$`p?= z_;ikxhMk{ZEASD?rKe)p2Ni5r9tgBBNWL!}1OICQU<^;ekg;9l$q>AX2_#c%3GeUGeO3g? z%hpy*qdS%_@$<6;ac#$J0?R#y2s&&tz#L6BB}P_OITBypRPKn-p#=Nd0ykC-ZYnfi!n15adjlgAJe+nrYJb7iCEoH*gwSgp5Un z_+HvfY0cqsY-LKj=!G+<9XhF^*WAUP!qrxup9eK4cgm8v#r)k z1I!&A9qOM6ya5;t;<%Vb!}YwV=ic`1Lt`W&@KNVHvn34Y3rogbB=m*Qc#nuj^lE}B zd?+&x?B}njo<=K^8?A+34;?>xpVErXA`~meDZYYJ=l|RvL?zt^D;i<+{OZQw68%r0 zA0+7T(d$25g3|%#z-dp0K2Fb!OzOx!@Z({i( zJ(CfzoLOyI=1`jV|Jrr*#Xt>-mJpl{0~M<|jPkDgQ-0po}{FtDS=X z=Z}yNOPaFX9UX5fWoExCJ3W}Lubz4NRugo(qe13gNQS)b()BO9dvnV~LZ+-{8@CC0H$ z0QmHd3csAdebCoj2GGKO`-USZD4IMto8#Gdx_YMhE$04)419jAp4b60yVe1oi=GxI zJj^LPW)2go-7lUfbZwnaq#E>28xPhi5Z)~E^H!W&J;&~ED#VX%2*AwQFqM*cUeEHi z+C%N`BvBpE0E&EUsfsDq!M76~`7jWkKB?}Bj_klkcFZ47zI>$Lurz2jcMibK^RVqm z?KUPtdK;01^9%kCw~7FIXwtQJ(qnzn6+9Fe^xidaRXKI!WG#Kvx7Pq5md@K0vfZs; z|MGtScqV_L%S9<^V=_CQn3Ckb{piEuXU}&pyU1y_wQc7~=g?2{J$krqi+!zw$2`30 zZ|uAG0Mj*HNb%IJaaq?^adG)NxD2w{HP0ETGOK>+r6o$jbXm=R`SHh>xgu=x<;sJS z&!xenUt9ergZyta{`$H}h~8?S&8I}x1>BCyd*_l4|5eZn0|HD{mu; zoSynXb(vFf*qv(s-s+E77Tb!I9j?EHQjg={=TRZGEMHfPISbN_JU*y#(; zaipr?0o4|7C#l6NxYt;!Cg%1{BLJh0v(IhgSm-?dN}p9J?I&H8p^ndQ6mq^~_v89t zw#S&Bzs*or-2O%YYElxqR0o0$=%e)ikFmFain{CGK&1qf4pADF1`(ul1eNXv38hr zSa2_M!@~D$Y$Chk`K(rePt@qKsT`$B>I~pGLd6R8)xpCyTs|be%p}tANt8zO^ZkDy|;0maZcjyJgXph}D9>Xil-viHu%vy6i7VO?~ zrbQpOZI?N_!G@Y~_jsWQEQBo4ufIr7H`<_Ab4cH{Ay2I^t-rrwmO2i8PN#tL4m3bH zqO)w5fC*Pprm}nzQG1GJ?{aRj&7veoz^RSKJA*9ALjx$IkGGIv z444gmMOU*>hi9PJKx{aR|6bN6l4S82dk&fNsTQ}=*Vk{nBhL>51)iYhWU@#HBs@h# zL<}f2&N?}NqN^nIH(SEM@p3!7I`jC<%0V_YOHg5nB=?2<6718$Ix4@$-mCR*7emUM zS7MH8iW`r`iCcpPVC!Qo?wn(&bn3}Hi)xZK#rORJmO!xcY1B<`7)5C+c~GU~ek#$56(yJ&i;J9h#8klNnH*1RWR&pzS=Do`1T>!b*wo;#47Q`N7ut+bR%)nE>xI3l@?|52g&N@`6o4s6IU%;50z(V{2xEfb93@i7n#)=Yc4>oNCVISty zOP_wZN!7CvejfNjTJAK+eKBgDMe)r3vgZ$PoC9qm;x483tE4YL&aKObwZy0muR+uZ z$=}@ce{ic*Em!5?V$zgs^|(X+3eEGBMaxXUdmQZS%UaIOPU`QGjeb!0?oVAK!ryzP zUsX{xGEY4+K@J`zHT3d48wN<*b(G|uJGaz6Ty-6NMbV3TRu#g+Az{uTMgcMnc&wwv z$Mvv>7omhDRG{jSW_f2CZ4XH*C8QVvX>jPB8a2L2r*eScXWl+~baz(YyYMkEWxBq* zvDwK#KuzMBzy8&{&!eCi2$x*=!J@#-5FpX8($mw+^jM#T5|GPDImUY6p=(0Om3uQn z#|z=YuX;wUbu{=uCDbE^Oy#!3LvzB{g9U zGDCVN`09lk>*#0p0>it zmLWd#&VL+LB8}$FnYMJ$tvVM4`&`P6b^~KgDR&5EEK=j`GyM78&~pqDAPI>+xf+6I zutm@#U8rKIjpo*66<|S&QP420mVV^}PWilekX(*)CU&~$UO|%Mr<~3x_%)t)Isnk! zT^dmZF}q4Wn3x6V;|_GS^{;AdR9x0EmjzQn9+Y)7z9nkUUpd*HH677t zt=)gua-K!KAIxRLy&?E`eH3&6`;&jvN(}a#!@o`TfCRNGg8Z1+7TJc6W2k&S_82b!l6>98g!{i=TjM32x7Qo|U1dCgSUb zp>`fiZ`4on-yL@KDU#~k7$3=ac^*`f%#TZpvsq_ zJorMc37qB|4yBjkxwA#}`x`sw)a#K{Gh#-M^J=DGaS#qo&V={AM%1~ZM?rr|s#W&9 z^ihzf7HB`<{u5#uo<;6eNi4O#h_2Fi6H{fVNE@l@?kkFLsy7{PIrby*Yt{0F?g0?1 z0d_{U{;RR{XkU08ao=Pa0{2$ zJ^ojrbcV_;!m@Kv9l@{LC2Q4F++O3?UO@uu+_ z^VU1^9pm#JD^QeB`f1irXzDDP8~OS7o6cGv0#{U*oB_Os)(M{*1n0a=f^1XLqAOy!0e_Qo^2<9X*>?heTH2WfgCrO~SGa=7A%Ww7f{Vvz;hjltF&qwD!X?bLO zy^?7_Yu4aB;RU3JmcRgYa2+~4?J2s61o8jJwpH`HWcJO542X*V_Q=3Idrcs;gcx$K z`tZe$A+FTPCb>vz3gnPh_{J{WaBED61a zH6c9(=LLyKbsDg!mJvrAy=0E2b-sO4X0hvP54*p9eGS&2pr8>if!`NOC*j;0YnE$S zY032;1`z?oQ0%JKE2y~S9LFbF`440Gq{inWky)8$yr9ukm14h2i9(m90W0qdP8N~& zbQ=wsB?w}dTkt12?uL@{d#ft*{D}BDKFnh^_!xeOue3QymgABr$Q7x6k=qV(2nZyb z{$wcdoFF%Q0a)oh$U4CJx$(~BRM|(olt2tV$_4O?W<<7DQb-rxf6iGc3|Ye< zEq{(8?hC)8lp$vsF}*_l%1$l}`V#Kdfpgx=94SM;3z0!H>Ks>)2b3veI^$b@B+1(GnGCBhn-AWh7 zS8W^Z)1x4Y)iT}TCh7jBcD!=xeN zSF~c)7JV(mlNcD!^FBV`4vmk`KiF;>LXsoFuR2ozHLtE!Vh;ff$s6bUJlJIfQ>R6;eF@g3O_xhDW z(nt>IBFI_V&*{X^kziMXTqH<3o7ds%2%}{`-gEK`xrqfPNvVRiOWlRRwJzP{fCnQf zf@F^^|5Q~NmYkH z^k&{0u3PRB6}tKOP^%3C?pC9?#+P4QqdojhnU@t6F#J z>pmHLohX_wIvSEQ1}3C5>vLVWAOuJ(NZl6UvHg2EQgHfl2)lM8_#cmQ#X zG!Z|*m(3yh59BG6_3d8AQ~3otvn92N_?++Xa}GZ+f_crg&Q`l~Ay?BctH|%~kYo$4 zH0+7xkn>oX4*(Dw3mlAnK~v@6!*ACx(SPYPP!QD=foU#FUEkO|kG5)7)wcJyVm zb#WU>u>fT!LY1OF33%+hN&qFY2xzWcFvaf4M9fi3#_eQ;yUp}u@^u7Ht8n(pYVzT7 z_CsWa9+cCgs__IN1g4aJUB3l9bP!*txx2qA5&a*%Tx-OR+1gWqLkE&cFTc8dUBHGI2AOeFCGw*O$Ru4VuY!j;PHr}E(uq2!XC%_u)~P}!ku3OoLA-t~~Tjq9Wy z5%~S3)~XrrQ(1KU^)KbwV=~lPOv0Rde!=9u5>tqjI^|~ zM2?qt8HM;RxhVTma~2J;CC^D$sk}))XnXU$W-)2;vW2RO%9YW`-E(Rg2y%oK%AyD} zMp6@p0ck2~{AE5cAX(+^IX>lU4gxO;^_LzwpBZOy&LG_o+EjFq;+s%f(l*=sY#Iw^IBus{@B*w%cRnNhvqHs0k5czkApzgnT=Cn_!HD$1eul-$y~RYwDlnlXuWO=ig22+& zw&>8Iuc;k&Yzwz~FMz8wv>fI)UY{+viH=Pc@z5AMKL}Jq@$|tA2*7 z`Fl~bOL2sIR#LF`lu9Z6FBsLw*fGD%cUO4Ey?tpG3-udxraZSRd98;DC|AL~t+0i= zuYc_f$4+|`Cua~u&Z7dV$9e%)UX(ss<>;4_bu)M5+LG9h#)7j^=bxqdmeDIkECSr9 zbCAch;*7{du%cwAC=QdXYq~$dy{ZM2cUdimA&18KOJQQrjQ93V%t?cO5-)oJs$~-K zBc78rW_EUY%xd!)wFe>(C+d<5TJXgl1IjPaeYK0^Q()GHide1gH*-2 z{_aZUrhvnN>|2wDWPk!QD@fOGOwX9zzPKIvdi!bUnO!|az^3JCN5@#+hDwtH;u_*S zaZQEf6t8s+*YIq^3-*a)evu^3ddz~d@XZe zBHG$u8tMh=6u>L#Zz)Bb*!d_~ejV;RZ%xopgt#q91$R9k2=(hk#546^np_C<@i62} z`iT{Vl_gz;b)*$Y`};|<$@8XY0&baHq@Dnp76%3_XF9tCakHNPmC{OMz0S_LpzI5g zRGCU{uRaxFr|;SrbN-Q5Z3^yL*Pk}@E-FxQENVZMl|MaJy1?fGkr~moUnBU|MoUdt z0)yAxGqKP8u@WjOOhmz6BG=7r#?Rpm3g>@Z|9@=yzi8yV2JPrQt)?E2SQ_e&QDb8C z3TK$^zWZcSD*N&Z6`GQt9e7~~my^<+`xNKS1nD!M^>vW{O%cW#e)#gKfEl1hGM&## z!$Kg>8PrEr>z@oaZLxO9tNnh|Joz6PIR`O=pF)sn7j)Uo{{0$-cjqW>vr6DpDfLPG zFBA-1d<9U0z&u_47VFDh8J7RVtl+AFZTsU>d=k;f9k@Lr8JI~n`tKh7zpn2!9U!h? zi?DkCPqaRe73GMUaTHgX4Xt{w`Y0q5|NqBJ&fiaA>QMy^3j&&OzMXN6eYsc+HMuHT z6Wv7$h4cF@mG${%{u7e@=On=C%&HrP=#4NMryy<$D}kYlsO@ZLW#)6V54^LEX-|R^ zcO0*h;Y$Ts(EoasbKmpbVw^6g8E%C@n0PMVK9?P7Mi7G17mZZa9=|e)Lg|MeUT=9S zxm*;G{|e2l8d40s35l{E4$~``T)%d9jkgng5^o@bQN`iOsg0@sKr81K_g5Z?)Iqu7 zYj+a?jx+MvkqbaHB)V-q!I2q zk80OFo*pid0q}3L>)Xa;znb4AET6L<5QUqDlM(}qQDIMuY;vn>hu$*}Bwo#+y@Y!9 zLmJY2{Ms>0oSm9*@=3WjHJ2oo9UA%B-}wLfI+OzId7v~sdgg-vJv2vj6oO0te)w9; zGuAcun?Gf=^n)San-IB4mp)5N+teLEAQ;EcFTg^~pT4 z)tp-0x_Gw7G!1&!7bilEp4*Z&ML*r;h(ZYSZP2_8GG6Q1-tv@tYBDR975jyoHROpx zywRHvSJ@_Ux8Ss^vyYW@lk)TO3z=2h#4Ga)bK8yp#lK`9|H8AG5kET+3W$65Wi?@Cc=U=OQ3@aSl<%aQW;#rsFDAn54)DYEz(a$i=yM~3yxWT!FUuJ_PW^sqRpCBGsEybUFE0_i`k+kj z&t7lrcibL|m?kmBm^=Pxd)GRY1MdsgmXjmqS9Db9LOXlTwD#!r1;VdW`ae_QYhC_V z82@|`_}=G$&*WYXx6Zbycb``U?BD1AeY;s3MKOV&&W}jomr`RFluqou>ClYmvP|+= zkmzCKk3JKN~rqXI|bKXz-|orRrQZG60RUH+X%_0*ouGfCkvH z?!k9Ko8@^=+8DY&Ck}al-oJ^x?fU3JVk-JS??6C?dMwbz;nj|hf$kvWTh5}E;`mJ< zS|<9AJiTmG2GOi~*-Ja!v4#63Tq?vx?(_4_n`Aik8=50saL(7FW$PcP|LitPXP;-34BE=W7 z_JhBTW;bC>LNLb$|i+)Pa#LA(y4YT!w0T*6+zQYb};fW zCEjXEj;FZz;gFtYcu{?xAnBdQ{699nqy3Sy_WS6^Vq=fZZX+I$I)fYB-~Jut!X+=q z`h{!WkP|Ol%NFPEPZ+uKr1G`7zu%qH10^CDuD2kDikWglkL@>eY`bpzu0ErCi~Vaa z6pT{TDn3pFV?MoDXl+Mh9V$7-;7~1tuj(|m)n9q2Iz>AxIJXwMWtkB^s-%xQxYYTY zI7~Qsaqv-V;(Xl2@@$IyeZK-5^gyop3hw~wBXysg#(`BzoX(@#ck4?>?s`?P4K)JT zh$zGvMMM%o)cZ4PbwF;@q2fJ}2)~h^5A^k|A}?Junsd z+n3P8d@pfjGPEfB;9oF5_O}f2rAeiYpH^5;Dm8b{UiVECLhjRTI+Vs-VWUHC_k%C6 z3e)bD+dBkzOn}@s%q;b$Z$(Cm=1;4Bqs+rh&&tYc?kBlX(J^JUvzF!__0{Kb*8}5Z zoHfT}h`%E9&^<59SV2D+A#4XH!leOHrK(qS)B%MymfbMI8{Jn?T)#@=?BQG6bJ;Aw zL>JG)eL6tP;2qib9hYw!Q70t3)JmzLVAW{#PHW`ybinU1T+bh_67zaNMUETh|OU0$vbF%91 z{DH-}k}aySQM5-+=&(@$4>NCh{V|`j^*Vy{i*m)D<37=Nu&8N!>2V`QU+=v8#6mG| zlc8Xg7>)*shqvQYuF>vd=`m%3OWIFLQ}OfCKpi=EM%{)b#4Lg}`qktU^HbgNfan)o+=+%x{g{e<^o3k* zFOi?mkTVdQUaaLX2T<3FnWJ3C%>;D0+OqFv(oHGm2e4hX$#) z%FGh(&wmbzDKm>mSD}}EeW_H~X=j*owA_O)i2Q&`&*5vP)3QnQ$P2k)W|5Rnd$FeY z?$bV_$PuPP*rg&2`t>4S;`PB8Rg9kzoSf8CY_pY^uET;5nyj9Pzl>M-~cX6Dz~lNmw_Zv)2TGe)^4`jXi94E^H?Inn71 z*g?UppFljIVJpnucGi zEU5=&R6lw>OwIocQgqo7HnOPn>I&(SLFq~I^HR?f1axZ?{WoRw3GA-PR>;=CLXBB2 zjNLhBo>)-@N|@52t*(4}G!B?3_?)>fQ~Jm4Z4IN&-J?);>=R_4L(eVFhQS&29k_Ow_Gi`0Ge9y&O`QFfTt+IrN<5 zBdYwcToPhoL75P@fv+M$S7i~wa4b3#t?L|RA0K*zs^fM;LtSzEEB|+%#ML-l<-L)o zu}vE#UtG|574}z`@pMILhV^UvvG-e`TCI-az}~gjpm#xf5`>vGE5YaXB;6o z-?mLmH9vafO|U-?asDuIk%=OMnlM)~W%6j=)PwqlES~zs_iGHsAH^X%Nr;qE5;UBj*igoz-@eM&|ln{ z*QzQ-bBu-=4|>WkB-hO+TWi8R=W=-kk_I=n6@{wSqAe6Rj@q`X$JP#Z2YxHT-Pj_! zZvA@LghGcY2&Yie*s)}SqOR|p>cYPl4R~E4J_olLTh($G@L3Qo z%vVnB1MF6bSr4^4Y&qN5CDgor5htss>3h`5U?F39;^ozRRAsmLwO4kC`5psEeb_`_ zJACfaG|q3Cxo9yZ9udFQWiE5|jvXlBK1=!QD|&-7DLNxlO+CJ)<9Ch@svqwK&8)V3 zENSHAzdKmW+G^8iKBeidF%HBzxIScH zoTaYH*N>=bLWJRCxvn1KReEkQTaHyh+ndT?mc8OVRdPQWedKb#dcT`K^~e4V?jR)S zU7@{N_cBedU#>q6eDevK^Wx7BKgTvVogidGgm*51?hm3jJ3(sv+V0`6TeW)Vsn!A-@Qe{wa>CV9k1Zlw1}8d{kA z1ACZ|C|-VwgCk#W)#~eW!{pRo2y=M1{cuu`oFU#|!UM6)&Hmn9sI#i1)4~Sti5%6K z=gYGBkcD!KmLI=)hSy|05RKnTJsV3@EguI2+dS^38PkFZEF%J`QN~93d8wHBtj$GN z5zJz{g%f5c2^IE|YWxKyrr0;1$ov93( ze5e9~=UokL#~BGKmcsLW#640{fN<;Vn55yfy9ty0y$GOj^YMuK!SVKdzD0T6eCRQi z7rfTF;@OO+PQ|m-;X9$R8n=EgPJi^Q^tpUMm}8#0p@OKCJN zW9_th+PJxPFijNw_jXXDz!EO+FEo(FlU{;v!NtUg(|7obBKWRJ`k<++n+^m}d#NcH zu12wQ+l;Ek@j74WPTamnCE#%T=jUK*5t#;$-3%1?;g3~2rwp@X5B-9rFuy1#Yyl5$ zpk5G00H-93AQ!o}^M4@4>GRx1U9d|~5)1rPV+`Z530MtrIlX@cbj^I? z--NQC4u2f0@_w%mpR!U*d+@rXmW3d)n(5RE#>zJ1{OTI-U&GD&+uw5=wK@sXX~bY_@H?*L7uP>9fC~7Cu8xIR4%Umtu>3rI&5=OJn}D4D z2y1S!4_7V(Mx9tW6oZzdENEe)A*QU+_ydA5Rh0~Ce_h>|kYZ|@m$*_?!cP2DBJb~S zHtu<~`}6}&n4stWT{xH^U(6d&23Wr?0>9{s- z60{aE)xe!!8?9_oU8k`6dTC&e?uC}b2!!I)ZY&Vp)lBG@RQz3Xe48tC1zq{vF#=Iz z`Dcd(Z8K!R7O&%DoNlq)t!Hb)oPu@YZliUscHcRhD0uwAqydtOL<)X_NIS1*kNUN! zt+50G2iv_i$ErhM@a>S{E!qAruw-voZ;_tRa&e*Vyw$3Ku0@l%?1LGTJ(cZ+OtsSP z&M`32sBt*!aO@?U9ZPkl(i`=?)l$5@_v_+4cCstX;1U}KwRxMqE_CP4Nx(<;Z{gEW;;*-( z?1`77A6$PSt<@w!`F0o{HHiV|h_Fi?{d7PY0((Z5Q2^r@=ix~3{%uHN`;H(xQ<(A7 zt|H8cfUxEIqygawKAHgK+_Uvk8Z@^YKLnYJXYaiPg->I|o;XHkYsYdph=%V6R6o}1 z7-&jztV_JqrWEy#vA9h8y*|X?nckvy#5WZpuc4?j54q1hCp~uK#@2N+uV0PN zKRgeS2rtjlclzkY4JI%weLHj&7^OR1tP~#VM{4~io1x4+0>Om!7oH%H808+eBwOjj z8;{I5#8PIt*<(&o9V~G}#Ic)`YGK@co!7j_HL>6Fls@(ry-*@fB;0+81$$iPgbnBR zi1K9Dt{R9SV0 zPd$a(m;eNg_4>0&s*8(!MrU}3@cIg~Nc0Bpd%|#X+b>+Y25YAf?CqpxQ0$d!FR}OT z22gJNP}oDUG5NP$S00D}hqXIKG>G9HjpS6w4f*Be<<|keAlrQ&qWBvhP!K)4Dy81{ zd~scY+j~-&T*wv`bedIsU5fEXCrhECEwHe2rO$_+2C4Tq)vDHR zM1;lN^s^BN5A0wlgY8YtKhI9m@qa_caR=>5-;X{f3G~knO4d4Y!={0nI&tG>vF@*G z4~X}qn`zJM`BSG1@)+ya6uOGavG*+kUHxU*X#4nviR{&IOs9v8xzS;gc8h|_)KC06 zYb&khVQb|*gx>K?vTdI`?h3ggi*iN2Zp;V>S`y!wMFSR z2UeJoEP8QxG@@*1D)(+pJACUA>je$hZZ9VXHDc=2gKFTm$jdO`vsmWUpIyn6K%lapyg3h5t)&Kwu0h)Lg14MwIX` zC;a&lBUvy3ez^hlUom#csJ>>$m~6jQT%f#Y@QlW>>%z5@A@JT-qw-q$p!_w*w1nj0vXIXhu>LC?ZzEP054ThTDwpr)lS)FWivR9DVPO5V-DAlf0!})@!{|@EG3fgy!Now}i+M zU~YvSU=F{HODONAvH6A){}cydR$;Q~%3JSxs~La8!O-Hw3u>{EkUXLGsl#P`^dbFQ z($tBQW7#inNU!GqV;-sCzpdkE)$zg>>KfJ-V;^{$Ij(@(&yhCl8B~PACA-Q_K3%$DN zi6=l$gE}6$Xe>~~xNRRIJ_o+qD_fA-+Pih*d*}UzI~;h=A{}o0TFKYtvYkuO%$&pD zP(PH}=-b1%$_kCg?KQZ3v{DrzUn-ItWK+)kbLEK24$ASKY$WdpL0JTQD3Ky>thkUi zx~4l-Y8YD>GH3uJ>!y7uPLfl%-!@m%rRP+(+h>EmLYN?Nf8h)7PBcfe+`-DAY4pKi9<8u} zm>|J^-g@oC@wN#T}?L-$5w zz(!4VO?#lbi58UU^zD8spngOZbY#TsB0pm~X{(8*0~j_fzbiHF&*a74%Tj&ov5EJ3 zZp`j7Q4?ZsbakgApUODJsvXb#G!F}oC6_u)MU|^t2s}c7@SFA9AyKo{{em7wCv{Lgaydg^bKCu} z-p*TR_egLBHhF|46*P3;hw6L)`8SMweBXy=e0IRpWn)CLsrX1jbce!ncA~akg8t1l zyd%DNCEo9+`6~huUqjZ45_*n&#hXk#hekfs=ML`@YV3pNE>lZWp`cb=sDRvt8T*qP zL4-?xp%1y~@2L{~DF`Y&A+$zvsqAF0S_x{!k5S$6%ir9q`#{MI;SV+r0lwAj8gA1y ze#`L;W`JYSW{8qsu%`byEaJpW+Ib|ycr^v`Swnu)<3S%1&7xI&2hJbOqkR0{_hk)^V5fwqV!dp^Rl^pi%!+@c0|gVlss~~ zL+R1Gtg}oFEw~jDxdr2^(n~S)PNT~uY)T=QcRJ%9)#-D`uVjg?h1PnXc-7Wf7#-I4 zWCzVDzv*X5Po@QQ<9_7E}nhyQue>U;6US> z_VDeG>}2SDqc%kxK{rIOqt$x6dBA?7->LEgeMMVs)W$9`n_i>S%|F6>p)yeexfspk zpm(+RDm4Xu+P5;*-Yx5Y5JUI zmpIi=XpM9qWr*yRMkL#M&u%<{2ppRGf~vz_0y3w=^0tP zqJjqsmFkdK=Ja;&n&i_Viz$IB#eft1F4g`QM=AE2&`-asJqM2Qg*0sv3}NhbaYZ}K zH&3+h9U6Uss%&LQi83=c+ECY!I-E3)U!m!5EEXy08R>Yg&=Fj&H?nw7=D2U2<=Gn6 z6=W*(Tij^%NwgERQ0L~hhfqKOXoHlcGo&Yx-uf=n-F1A~Jm7Cchd>v;Ed!`Pttb4= zH_r!2kOZt4?_278;q@_mM{!jR!w+aqFK9c~xXz+!z^qU4WtGYL-zRfuDR}HlYeqah9R#$`4a!?+0-qa?8J|i#pR(5El8rt}#@QjO(-6yK zMX%!Ygh8t!6)tDn?uBF<4{AKmIBIvOyE8K8cG*i;rf02q6q==FkSvkX^g|W?rP*r? z=9cG@*`v!-wUl~bwrRGUZ)6DI=>4k61N7E#(b{26uhB(?a1Ep!SU8XaZsCM|00F8XAu7C zD(}GY^S3}ZfVz8^zDf6q(H%Q*= zw5V|z&eLQwr|mE=X{hf|REzuN^MDyF(eK3oWd-|Ks6%(vuc@t;l{u^GpTd#@4Dj!V zNAtXTupafKo7A@n=9qPbU3d|<_9gJeWXSZKuz75?k`)s8pLoP)y4|32yTuAqjTk~PkR{x1mbM*Fp6?Y?CS#HHu8dttUH z)}AZyr7s(Rcmy+7Dywj)XYNN|ZbvNIUToeSeRk zDeyzJ^TA?gz1yZ2QBJEA&XIbOLDBV(TjaOIHGNcIeymkkWHm$Z!+Gw=i zEgY@;7QP5An%!pOqP`@>U-;$st!X+2(pZ(b0Gg=(Gp2u@dRD&KbK_3bxC|1fs)q)M zoT^hAU(5|h(}L?__73B}ttZM}ZCDJx1Q_;8iQe|1&Q5mp1t6ykm9Kti3J1gUJ;?;uBStrt7fbV3teXW0YVsEK1*zP;BNj1al zyW9}bW7H;+7e|q){E8?8DWk_W=Mq5<6 z*$QHLnNOX`n!x7C1`jY9%{uYF@WY=(F1mA^vzhU8q<==PU`jafjypp1j< zh29qj+vdaH>AwCX_dLbBE_yM(8MJpjhm~eEOB`lDV_Vv9PH=B$3pjnHkG`zxNBQTm zX)mMdZ{z~k@bdK1MMJ8Ey5Q&vEBUe1%KKF1OPOfzZUFBe9R%4y7hRd??6vs*eFjgP z?M3)3>eOMZ#?Db358gd8Jx@;DW0z+t=ow|ntWg~4zvo(eeZUoOe}4)%(A5=3=-*RFhT z%z_&)UMvfzuQ%qePY8L5KDj>nB~_d8TW2nG=Lts~xBUyF1TGVW^p6t$s-W8rrA;jJ zaFbnf*HZ7C-^OP?X(DwnmLb=Aq)aVG=}AYl7|nc7bn@0hr=)B&Ta<*p8>s77$q3}B zKe$2RHMPRRiU;LNg54E0r#gHx>K1B#^zz4I$}~`_vxV-z8;9u*6g!wd1g|hwpt*dg zn@Tc0nojj|T3g~|(J9DD@cU8PN~}0i!e+R5n@ZFn22>B4+`q#XtlpdU5Q;e1Wfx+E zZihA=wGG)|SijwvP5#m6T;Qv8;kes1(Dz+K4#J2H1x|>?y1QJep&AuG%aW@$pSEP# z1(7bbh-$(17gKEwiiKLYMxL##!d?as_T;V}iI87UwmCd{>t%cBqL++cE9Z1&_&eM+ zm-Q&jcOiS;uUB$;b#8h4YCF{N*??JmRp}az8V!tDg3Z3C3A69sk9mi^$30SHM{HzG z9Bv+AV_$gn+D+=RSa&~!7_^OEfph1)NcIP4mU;NuWao&7@k=Z-bY zMyX}_vvPjB5E}Vr&^LR3D383Zk{O3msPFw?S6X}hN1!aBS8#aSJT1`x8x&rlLM zs(@r;BeD3T^;Dx->;m2DC}3vFg?rwTu`1wF@G;!VB#KQA8LaqSV+F~hQ*3MWCA zdM#B@L@hpo*+4D5|Ek@P8ApAR4Vx8CwLr;317&D`RAydL)%y-7C`Lrz--S=Gwuzdk@x0NnWn4^TAqD7S+qd;+B+|KbOpNO{>vq~STI?uZBP62 z32mq&b{EK%?jHO!isQAhR11H6*PEJ@IVOZbE>6zbwt+pbQ3(lW_>L>k{<=D$@CgWP zl~0PAkmQ>0DYX61=i7uR@Q|6cC>QU$mK=WYm^Y&Yf~R=Jg9p>A9GLt&)OH6iB^H3` z=1Fqvn9$$DcPGGfGJU9B?#_ec0L@Y`^+x1d^{0^Y6lJpJX=Jh%<;Vbnf(G|QYW!_< z{^v0Uy(EopP&0U4+Azja1Hlj+IJT*sTmS z$fFc+c-ct#J*4(Esha{NzVL_a(eCxcUEAoiC$}D{fG$eirfa84`oaBXt1ue$%tt6U z^3J{#_&QdWHk9TgUs1>L+?T8OQU+GTq57?l{zYttmv{=j&_MQ&mBu!c%cxaU!f~sVvFfqM$Qsj4f%bP~Ky&SL{bm9$ZfO z4;pj2h8mwgq>+)qo=!4F*CW_^e^s|5x7EVC&~iI3#d{;7NP{@x%pRd!!R9bK70N@Z$6T63DZ0-bKqW2 z+|8aNqemfW_G0gxcZ$`Pt=*d>IRb>=BP0C74|@SSw$*o@1TgCzs<|JIn1NzRQ#C}_ zy_OY;3(V7hy^&^xl*cs=+{bmw5%1sMhl;{q3c9YCYu<&~HqN-`Y2^~J>({;jc@_Xd zll?L45F#w1$Q4e8NEIK_Ki~NGr2uy`(nm{uP~*ihb=fld7$=%e10wK>Da|QU!S|By z$ej^!yQT(P2%Z0^n8%(MXu)v*Aq0AP0+wk%Mn_TLZeCM#YmuI`cYFrr=>*Rk(4-vp)`;1G+EhkS@5O zyxx&d$;I(P!LC7?GR870JJ~{hpty0AgwfjjSM`)qP=4O4imB4RF)(HL+RE;Xq*`Xj zJe_mzY0mRMSQG7Z5G0l>ySE^Dp`)qg@$;Ei_k+egTvcm#qvBs{Hs1f6Xe7XL!5=h| zW8uoY{5|a=bKDwz>w2z=VrwW1Pm5Hf<)}hcP0Ok9e?#}We$>zce}QpT(75+X6q~+W zO8~C3Q@&E^&4#TeJUq9X=$?IPlk3$gbyYSm;x>;JG!Lzg6xntNMQ9)M11e_9Th;Qh65wK}Rln|Km$O{Y{81K2v>PCIu;r z8k0`A^6CkoMIfOvohpEZOdY!ZKV*GnSd{J7wlso-fk-2$D5)R<(t@a@#L%Hq(k0!X zfHX*VHw@h~lyr>b&_mY%Lk%?yd^bM(-TQs_cN`r4dDO?b=UVr**168$&p>-y=dtOC zDx4jxJO9sO`tPZ%B=s%Rd#xI%VUWlAF5HMZev$1z=jS~xh4{f!GMZO@ibAU~8PY@S z266X!^zT(OkX;{($Yf&teo~|P;;@(x^Y5uLiT=+=xPJ90GDmp+{v;l>t-b4RVt}99 z=-_wn`h$FVT>g7C;tURNe5hUp_=!=JwPgs*y4;=9uhSnm?x2}$G$z#p?Hpv7-+iKx zSzM$+F&$3$ANZz65x>?3p$M>KVz`+EZGFTx4_%$?nV|oHjBboWbICmg%x{sMAJYMD zyi{BU&;iNSa|?@}h4H+>U8icvf4(V+n57r&RFZ{)?*AP9fBzaCC&9>@rLvi0YQPs- zFm_Km*UjW-`1Qx83~s$RJER}fP;VM}7$O7MK}pUbkZT+5{pFA|b+$l}c|RcYTctD! zUY}ITzV^y#7M~q3cl|dg_4m;++%(F`*Rgi+VgHAz__s`r-rBKaS5(7a5nulkne*>12!lNYUQIGgszscrs@lI69Qbd24Cc;r zCTKtLamZ7@XGwa4ws2y3iGQRe%(%GzM4re$?4ZVKsrz9*RXO&b3bb}hys7n^w5U|+ z;aDJBg7vF}IdFXcM5yLHWacmX{rP`5rxMIG#CuYbMf4XaanNAY3{d(bk!}7Pz>Fbe z@1-UBY;SOj)o1@7XmO}mH<5&z`_1)9D!p*5;fS1oRcC>r^b6C3e_4PlCb(;m>GxX9 zs^&R48UJ;LA~*2|0#Ttx`MZ}1!}(rZ*Y{V%(-X;u|18x%;=3feL)3sZpC?=uJE|n+ zv;)tx64r2S{(g0d;n8zPgUZ(O22)b^d^F*{5C0?Q@|9HxB=&{X zMx^9R>-LC534xPaIM9Z5O~bsuU)46gY#iqYB650W@{e;3rc9|`<{tw4OVcbr0Q>#? z8EY^Sn3S$hwf$?~Uy|1Cd2Y>_!SaPd*wD6%e;=p6UmD%r9#-m5V)+H5Kb@?=n$3JI z;+g&d&A+}AD869OC?_Dwe(_d$hexY90dUG%+fW6j=4g;; zu8Ll-#J{*A+xUWqr#&c{KfsOgq^Wq1C*Q4{yNld^on{C2Bsch!{32CXxy3@Mr~C)yk~WMAyYiEca=UcKyy*5O)NZ?Y9NE zL1Q>(a+ynSb^ne&XmAe2Zz1rpa3pt`|JJsTL^w-iTAJdsCDIhQxcd6j2MMA6H-;#P zqUEW9)y*BzgFkq`+X6gTz0P=w3taY>5_gFR2N>~>GR6S26=RBgQJ03}6Ml6bs3OB_ zm!N}q_D{VZe}+jot%SgeC&Pu@uG=I4xL*j26nb6*5D~teYSL11FWgFgebroLtOLY` zR4Nf&UU!HR?Kg91Ps~{v{utK1AC&s9qPl_KeD}FSBB8r1PxNho(sT3i#$Slq5?>IL zq{Uso_eS;J{$-m#k=ZPTA;WpDT)J!>ymURXTka30L;naqQA+M07gs7RQRGj8&%D6; z+~nwKMC87&$W%fSxw@jf@ib|NYQ;cLV{ZTyAde zaAvkIN~96bG$nv2+L5sU_^-hB6d3OLm+wVrc~Qm`5r6rMUj47{_8a~Hr_RN_DtPqg zBlJ0IAM$kLZ-qAawgS<-45K2*5)yK)96u&Dg>Pim7Jteg0yV*-!l%3maH7&0p@+5E zu*lDdVJ)g=Sm$R-Tp(NGjAERwwW1?q;GLWgf_%Tb zak$z2tpg1ofg5;!XoK<{+V5~^aOPjv^x|a#-onN6pGKEr2-|dFwsLtP_m7oEy#vnp ztR^JBU1X>%q`6vt8dEdMRm779)6P<5t;p#CdFk(bg013VQ{Bn2l<{Sof`YE^yw^AA$}3#eCrbA6iSY-=+FcQtwi*j;6K#E;A=LqI4cx%J zrenY`qAo{gYs?P#9|3{)n!o}h?19(-zo78s$4q3nH|F>qy@2zR633+%{cPPUE1`2{H|s5_+0`ZXRn=p;hfl`| z9}(?bAjK!rJ!XZ!X1LXFG73A*sw}QrIeeL_-&cB(OLpq=L`b~rcZg&Che2E}Tb z%~FIoe~;f2+(Hw=Ok%c(j4@(KNwWVthcF)k?`-jJ1Fa(kBD}2HgF*0uP|1I_n0Ijb zE%cdwCKV4gH#ltWEp~+0zIL?E1=gCcS1L#VDU$>M#W^KRRqogX-om8>xZ4OXzCW}9 z@%O_YRjs!FAiajY)x|-J#zai+D-WkD3V8IX~}y-9E|w zSyj)iT^}j+oa^=sa=tAXjA{7t@2$)BtNWHnRk%pKAmY14#ligC9EcdAEAD+X6L zO9P(A&PG0SY?526ieAEb8gok76YgP%ZBDw#c32HM{qvpbpZ$&WT|wYQ;J7{3>zDv^ z)(h-`e_5RNcYv!suJ|b7Y3$M!^+k#_ox^{_fGW5$@ z6uw|>WCy@T{<8(co=Bwel zgOeX2I?ucE2e8Mio({RsArtsEK!i%S!UC??2tJ#8>3CjJPn2c%N)#Z48aMRJx|%eM z`V*#$o&I4xl7#8YiuTv$$8%ZGHLVk&fV4_|X~2EAw)dB3H`jvYLC%Mm;cV*MoYMmp z%jwg6Lt5|PPwN9uf%ifTJ4ici8E_S{cl#-F!sl-w(&bX8L%o!|?e^?R+3lx7@e*cS zI#{5mxK=1SjQtX|W7)eQxybT1Yd0N;ZJdI1FPbFs8q@OUW~vN)iOld+nCya#Z}%HDtE=?%WXY(!T?EIUYMO0@QW z$HS?F8$@|qZ3Vgl{vg)G`45%va@QVye(@JIE6XbWP4eWpB-yjcsNG#FH>bw5C(wCHa)&i{$td2p>#kMj%Q3$fSq}R>I zgrG9r#QDvO+5z=GvSN+W=>A3nuQRGR{c0+GLa6r@wAvlceQlbjiR;B+bq`00{l>>B z(pWM_K!_&GC08fvhR!=!h2?--Xg?X7Tw4F$v!sr>Hm)P;7Ik+TU3wc*(8Uk$sihgs z7ycGbFS-@k$^Jgz&>xKGkO>7?+)NzFC0kdc+gdNboIdZ~dmKqN()Nh$riv;a#jEYv zO)g}UTY+!Gy=S_DY>O3Z_A5c69OB}k-%kR5u&v4R9)_K)gS@W%EiL2ue#dcWaGQ8N z|EFz>N2fpo?&!H$O^(&gR=F~9-6 zMhYEV1S*vNd57GU6L)A=a8`39VMifxE3J?}uHp|he%3={l_lj{Yw2Q}4|C#o*-9;8w?Lx8y<-)7QPz{oyVHyERQ2gRC+! z@A5^^N_}O2jdlHtvUM-PTOMUtK{H%zp#b|!0x(g^(a_&v z28)I(HfU0EAqL*W2EmE}s6%_#22smp=BJVk(bxPHlzC^<)bWeWOjT*82jnbPvpI#vK(+zbZGxONn1N5yoC5`@ zrReo|{jv7z^%RG50NdH6V+!G`23hV3Y!44#}hLsv6SHea-nf27ld53 z1#YwjGSqN5{sD)tiPz*}2#;8HBFnFXIIiT)b8Ue?k)K&hkl9>M z`P-4UobX*A(?ktn6QfY*zR5}GMaxBHG?YQ`qduO{-5M=`?EAr{dEVCq`x0*1H;#!q z2xH56KX3T+w0Y?ylim9YA_ZEmTs^tCvyb@-IIzJtgb)iQOl+)H zX(O#ckO86FsL>K=UZ)%VnLv9e&FE%+x{0b=l1pUfHqAGOo#}69R3NU2D7AJ^qHk4E zcg0|HYXn-m4_gs6UV4x??xs`RnH-xU(68`Z0%+hA?LU`_P|OWBiUSqOn5`eQ=l|(6 z|AAg;aSrRkolsotOh?I1voEHT_ms&9jjxY&&kq2~AK(Po^wam=R>LFT?ZmEW6e<{v(q@rARgO$_=2d_qD!9dlh+j z8DHb2vX7UzTG%k2`$7Ot5bbiN19Fj1a}L2UWmuFoyjnS_ubcPq7egNY+%mUHTm+~m zD;B_#`e@TMz5kPz+{1PfB38Tm^5hciy7k1d+*xpM7N_=hbKC zJ%=E$dKwJmia|NHKCtWV7?`G%Jjx12{z~Ll?kd$}k%J*oe-2rdyZJ{P3?7 z(pjT@N0`7!c0^4Mkk>M&=Dh8`nSM)G=vBO?ay2M^E+o6j$aMM<7p(|iXfR)PeAKkd0E@khZK zb^Iq6GYT`?QNv5qXDx93e03#piy}?THvDvdIp;DZ-J50TX#t6M*FcicFLQ)_$UTO8 zB5F6$wh|&`bLRB(l}af;z9sj(a=kcx!49w}W4S>|LwB^~h4AX*+unVm+ zZ8Wf>_HI2MkAd@G*yCe1U7?O;5}d{D#+q*b+eAauoSH$W4!Tsen1hfVvy1wQ--&Td z?iV)`m33=~X53ck2K1{Bz9N945zBU1;oRAO>M`%=h2cUrmd-S9EQJ&ze88(Ge0oFZ zuVCu^bBv~lSTRs8^Qcixu$f2dI_f92u1geh|3!pGIaV`bIcTxNs9Z#xIV;{;50NTKjR~`LtT*gZY%x=k`tkwV>#}`gs&(mVfVws9(;D)~N0d)L7Z%Ob9+kS-G zM(zAE5V4N8M*R$ps7o^EwH@JN9#>oOX?QJwcrPlxtq?~0F79EhzZU{I@#Bs{Ne`Pl!o!krXhqyh}+Si-~aseEtKyOB!;P%Y-E^?kaAgbLz14k=` zpx7Cl#w&Q3$~||--pf|Pk|o@tdR;7gu{A$G-OX=p=xmC4b!IgK)?cKSslpOeRzRFr zrkR;_x=oUvJ2|d->kWCW=hFVW5{FoX02p%l#8co)f-%3%yob6T_|~}-Gh_^!%4H}- zlq;Y9N>p+IyKr8=|pyR>*`oUo;074Z4Qn3*#P_fEOt?4=}n!3jAz>b4Cwx!9I za&^bi{I2O9A1Mq|hw#dU8(^3mx5lDq1+3qoAP6Z!cVr{IpsVv}R~b%W9wX6@!IT&N z05Do8&|3nLA|zuW?}PjI$KEmM219mV&)A8&Jg1D&1~A23b1NXwvi4Rm36bkJ?>ai{ z**a6B=7e0#Q^{=Tl`jyt$omd(O7;&GcJxriKT@b-zhNA&rO zMTl)0itZh>AC_9BKLqx6n%q(_3Z{g|>d-t?{#{Dv!^e?f@yNFbFT9|{ z-zrP{T06!=`yT0C%Sp8^!z|`5aE1v-!_d=t54}O8f7U7tE|%`~hM;r(Z9iLjWuHgOim8ZAS~a$5l#k_8EistCA_*BYYg^$4fXSZh`=9(5E+t8v^I$)JQ9be2cknb>5>_5CqWsqa zTw3lECVXeu>1NRtlBY#*TJZUIf8iyN%b6VC#}K@Cg3GJ`P4cdnGVxt`C7c9{e_QjsVvHS?&yCtOqQYqJzLubQHcKWdmVD4r&~wt zbK!x4EwrtST0gkadd^Kvp0lvY1|j~^YD+Ciz&ZTZp5V6)N>Q}5-0kP;nkN3st#0Iv z!~U`{rD!C46f#KLU*aiiVlDKiSU!>WXoLgY$E;T+dK*Je`BG!xUF^Y^X9(veZ;89o z_odUAs1IM~e{=1Jw|)G92OscJi=B$XqY@-dU^nnaKZYEb6S;T+TX3(#L2v8*t%=1>MD~UcNfsI$qu$YPuc`~qEQRnu-qg)`H7!qf_VX8iF_8^}*XT^GTdgbF2$e0nVZ5SZ zuYioLEJjiHQP8-QcmZHeZF96CMe$lp=QI-+s()jF z6$#DtMDxFYj9&PP$b2k1)rrjia+%O474TU}efZ{I=uP7GWR-heQCIb<1Y6xL{qbUW zP;c4PSridU;O$G~dILEPK6B(azV!=UKgIFN+ymYwh?~c!hMu;!^g;RY@0h$I0az@| zrI^UdmYJRC;Ra6O4^rwlIah9jGdfScuR#Ohd6uP=l1iDf%2Cf0spj&c31({VB~H)c zwww|oj2J&iz%VhQ9xQM+pKf@rl!1-nJd>!a1OYp?SnO0w>xJADLP3?GTvJ?xed61cV=VVL>_=gYVne@kN2+|9A($d@5-Nu?lIfNnUKpER9Zg1Ui~63#_&dj z`s1~NLq2)dzHpqDU$O|$adMxNiDJp0l>d#K9+Wvtng>WQwLWU(d21HvYf3VMbezGE zb>9!XG+O@pQT|^=YLr)Y8LR#$b+%Yb<=6CrT{yq#QwoF6_I_R72pU@hRjoLG;F zW^<#nk-4DsXHVHr;(O@OrC+yXk#5f483H!`WB9{AL@4qFBkIK*0XSWQpwk%#6wXLy z^wdt(rHuHUT7(=M8mHRD{|eV{dX{3X$$c|L!?F)vXo4JM2d5ip9g>|5zoPxX%n?E_OA z4i_JDEMJP!{X|C7p)^DH4CLv)VYSy)0S~^tl zqDpE1f_V0%zGJQFce0WyyRDVOaQ+Tq*Qmn({Okc5Bu0LJIadBq`NF7ZKgR1KbYaaf zB|J1~gIml^BlMcO9nK7)!)y0HbxR67WsU^abHC!DzmW;UzMQ$NEp!j7QrXi{O(+~t zP3`7o?wU|PBhgl2dt&F&fIASao(HgCm67YyABAq0v`c1!g9jpta&m?Ilho*J4%cC( zJNA3>IX@5)CT1r~axeF0+U$Rtq+uAGC-Ni2v7u|+nnpUf=tCeoT=Ek=WhMy`*y$>R zZS_UE^&JxW=I7=En%WR2QLLab?S7aW=spiQK3;jKe|r)j#k$&_;{XZDks~5kd?Iuny6#dt{y=zDY3Sj==Ci>dA;)~vQJP`DqL2Q+Q2O&{qdOE4ciyzP-EtIw(mJiq=p zZsoy=TG`lsvyqiT-UnO5-HdfB9-^*`4HFYyoIulQv8gJjbGX=N{AIVu7Vuz0L^utK zi2zfgTMMR1HnyxlJ8WzG(DbHb3sn-u-Wp77i4@zI>L;;W zyHPA1+PT`mPP=yuV0uE&tEf!Zlbvlux%_LpV9QJAE})SIl#f! z>p?IXc%Hp2a-8GmjpQD4R6MpYRy%xDW_zEiV4&uM0=rYvXrc*T&AK1$W`5=r0e!8FcPy|l0hj8tO^ z(_0swX9D}oe(dbe=aF{wFO8m}U0RxW+3GI#+9vJpuCCuPc!$_L=iY2_9o1#j4*I7^ zXPAMz@5`fBgs^PzE%^9bLXWDw4&J{qtjJ%)_;MuQ0j9&|Q$z0m>Ob%M#)znc)CU$+ z+%5J*54&UJLf`BSef<|>OKxHBGeTwfGgZgai~VjwjWCYT?T9kj+axV#CK*z{{7XLq z9Fv>2pNvyytm|}_b5n(W-Qkg(J@h}}65=6nzw)Qh!W2a-k=`HY`x$<|E1dhLd3FuX zLLB3-j2@}~aJNVYMc%lUWKp^*jdp@~UAQoR1sT+;!R?A2oHQV|<&->lsQVxL+MWO~ zdo`DHG4AWyuW~vLt#Kr2V^&D?NUl<>FK!CgN2*i`7;u(hlspszKm5NDQqW1#Zx>){ zKV6EP13_vrHxu`H)XHOW9~l0KkA&O!>AMWSov@#vr|eENMz_n=h@Wf96{%H3bLZ8x z2s7a?FmqvNm&mWF?2>Zy+pRS9E@#IY`sOxMU!G{diSbXh$u5K8haE_})r=tNR183! zOEQ5a^29eytoOD(_HV%knCpUK=UtnAQ4N$JA5{)XX2Hbf`bbQcER9o?RgEz#%#g<+ z)H>XIDxKG>V|J-MU`45IRn*?r?MdYEEIw?_aJE5CK*wjW+DsK7e21xsPF(i3*0@x( zq8F~sy(F_ebcKq)0iHNNOZp=EB^0lu8=OMGG^${}Zb?I#$i#-mze>Bq^$=N7}2 zTr#p6nBy{K0V*p~mNIc(yJ00pc#+s8*-$s9A3q@fojwKvFucb>`X^^N-+|GO6@jPj zUtl?Vnm1WIZSb15yKLCy-@D2>h{e7UtfJ`|%r-?W*Yc4ap z+C|u8me^S>OlrOr~=uz7KIz-+fuZmD_&8 zduXdP-o=ARJ^<$6saW7IQG$Q!&g9K>k#%(=un^$#2^&#f_oNa|Pbe)jW%sGtRreRM8KaQ^Q-RJ)A1{X%&lNHI|l{L7^E{Xm}y~Mnb+G-bX8K_@kHD5h7yfdcSFX*>Q z4=g)erfjMB+V+=Fzx%QOK8HAO!yvLfQqRHZFicr1z_UX@W03&+9WCog65sGIr*LQ3+WAsWyRLWw0OrjQi zZNA%1plf%(P$n!%bIto|E$~Zo`|xM@E>=_4KK2v4f4}T5R2qmh%@@^GjarI<=gs-1_Ida~8Ul z7>^5On}(7a>pj3)jF*FphYTk90?1n$Pd2XY<{J|1crxnToW`Ud!4Z+#>bRcFz~CH z{V9*)5`IjShMJ?RueC$8zg4_x+-|;nL$t0ESQ}TYxO&$;36zJ$6d4q2DI+3Qr?G>r z;8Hsd(CcI|OjZlk`%>D|3*CBK-|1K#a!S`G)pyCE&Vq)lrZ1P@&D#>Mbd+ zAV3CATw3%#;#S^IX057Ozy@>hZsKnp(ZdqrEi!!Ws`=p6{(>{n!Hr`bo6KHu#Y(?+ z1-gpu?&RB;1K7N`uHM!-#?XASpu)1)xjQv($l7k+_5;3wMdVYCeYc3j4mWJ`2-Eik z!>+cRqCLlNYf27g7r%Rt{&YmJzu5Pe0myifn3Py-m6CYHwAzmru-zWZ%yQtHW7JH3 z(#qMSq7fF!&MN%+z9y zgEyk(cpL%x{m~6lW7bI(coBmRWsf;7{Vi8Ox)(>+99ou^8(sCL7I0K7)&r+FO>a(= zk!%UM9R)pJ?%T|dui0^*dZxu285;p6ay$NL3^rR1xMtcP%~mOKL|M6C+q_l^P0?b7 zE!|goZmVBQb&XT2>I%OQ7Cmj4QD5(9YfM2$_P3uwGx*97cBY=@XTN{x*2Dr7`rMy) zyJn1^7T}iKvTr$EH+L@f+;pdCu#-==W?Mi;FV^H| z_)M3FLR1C6dwPZO5Z zszko}y!Ars^iZkFF=~Lj7{6|;VVs}2228vKkEhc(Z)Oml@T75o<~g}x7_`r3Xs-4riczrjT!pECJ^=Vaw zTO72%e}QTF;!5Es2|{^r7>B4-E@Q@T)bb1Q(7MV;b@eDQi}%nq+b8zi9=nAn;-*y| zXm9ZCbmuk_gBBrTeV9E8?RMKT^!@62{kbEn?v=}c789#JuvI8CGgc%O+5Qd3#X7t_ z>#GE|)>XLCu_E4=7nMbaMv^&jZ1y``I96rJT|=xz)L48r4jX*p+*)!jLLs10?JrS{ zKjsLLgF7?mnaZcHMgGIPo{IHxWdaSdj_Z!7@PD6TQ8j-c@%6u4NP4t!P4>Q)ud=qg zCVsw1Iyg5nsJHv`*EXvm_J*la$h)Zu*7EO}m8RVJ1uOcsKwEGBZ8^7HS%Nw7=AP7R zw~U}oq-trJoso^|>+?ao*tuwbP4r0Na&qnJ7j*4=WXkOiJXa5Jn$QxU12Mpa%3(zli!nUH%gOQrFfnU1x*aLO+(MNeiA zrPt;pB5xz#*?Z1#R2GNR2~6;MUlLG{s45XK5-uELbY9jO>sH6qkfb*i0ZgHHpjGvB z15UU#R`j#J#Yu>9Im*I|qExeDmR5)01AE(*^s#$d1bcTlp+}i!Ve}oH8Jm_fZNi@% zIO3--jn4rRhlAJU2VJ~WoMc(wDiX21g^ri5TiZyc=fn?!s``k-CvVzhcpT=)zJVz5Vsn-khkI(i! ze}G8^;Lx{yCRmYo9z>1vTOCw9aMEO)2;uX3YkI%LuFB6(%b1>iU^m%s?NBs$1gWxp2^f@imD_8$nuIyixRObD@cibeXd4x;jQSTyZ zom>k|L0jWZQlOtU^A3cXeA$nPTEl2WgSUcLqr_2n>)Z6N#o{^Qe`G1rrlEt*st8_s z01-$6_|xWQfU5lM1RB|1lE_z(tobFDZ_)0#`7ar=jovtbw|o#ihi$n?@_Hc9*2ms0 zbLut<=t}#YMA&&kLK85TH#wUIaCl17E$+r{CR>x^=i1jc8_UIOW6>FmVrlGBJf_|& z3!~}l+!^8mS8uC+^Zrixe3+MPq2nn9`ltEBME5v&uMedj0qde@Nr)RWKM@(^Smqtg z`!PUkptCkMRb>)v3{9T)^O1THk`sp4hj6bemWsu*7wq2w@W}`$&CBm`rKhnI)|2lM zVYG&$<5j8iC(U+Inj z@`__Li2>i4TZSy4`s?**U1i@-8{UEJd04oHsRBaL_`LOH7t^_!68S-o(siE$fQA{u zTqP0t_~hrx`SDJxZ>{0CGGb1TOg;BTh_xtx$x-fF4gUtsZCymk2i7HIik9FFz1Wtp zzl!MSzOv!Oxz~gF0AyLdtKzN!=TNB zyVY=yQ|%-FaD9d02haQa(d$a0!_k+pc~2i9Wk)i4ah=WbBmLa>Hta0y;{gQsO1|Bz zkQ;`F2a$0yKMfAf@C&|2_4|PRJ|)5SY4EpAi1VaEC1Q3_?!C#AsoqEZPm-@hlwR>U z@6I+H${~atc0HvCF=6anhSmk7OPDBo2Ni$DQ;o1u24A3ZgGHxp0CTD=V|ZI$D(gBSCPMZFAU__O3VK% zGffV+EB$qw*S*zhcSFwNQ4Wm#GzIed&q`D6F+pG5!83GvJFcGk+L6_4q^@-QCoX?A z|6SaD=8w7NpoVfQVO5PL19wk}E-piYt8Lv*xtP7uOPD{!2Vke~(a-*%$_AA-vM})4 zZD9zbnjh3xnG=Al;VWEtfA!f!{Opv~Q-}ZPVC)&H=Ma|O*Xp!`hGUYN7xNgiaQ&M{ zg>97LwE2rZr+>z|`0GhjAqx*;`N+^RtJer@O1w9|IN z@cFAI=VZKHh*h8i3Q;?~8$f4G@}Lo}s1rsfaFf_%AGQ&n=EaVzaf7AYHF|0xjM)b- zAD!JU?dG3`VGB`E)?f2U1;%#G>ac`OGLvJ*DiU+A)2Qy1b;M;P6npL-vbz3Q&S*E^ z!J}W%G^YO(m*H;lvcWNbrr#i_>m7gd=`=cd#h=2o?+@lGn}|idOyw&ESp+30z z>wFLg%}HP3Cs!K=bP8$|obIg5#H~l5^vX)jzb^AQ(*aFAB@e3Sdp_U7CVv6sz#62+EkdvRBk6YP{A2)qbJiWZwWD5>(C zDP-Q{s3zqQyRs}(D^r`&D64d+gDi-cjqJ&rjb)@A&!(>GeH~G$vEt5^K}X5 z`OSh}8KZKzk5v#>Ac`;?@DYwpXU12CL5XQzV ze)Ew~D7Rz1mRHuY=Ks!aV~!&TZOiUjP-*fMxRgSO|B9b`RSJ9lLsca8Q+_?pF_4AXXv(MSNas_jZu0uk{?5A6+qcww~N~K{^)MJYT5W zpsICaJQB?0A=vS9yQ#0e5Z9TIqVXLCaj8~muot*eq>%G@*MhLk%oY>?XrP@DCWA2n zrW3J1myFa(YL?6bn7NT+o*2wl;f?GHo(PH__FUZ0Ac^f}SA%3+Ly*aH{+ykG2(g>Q zT?!u*&^4~|q-BRpyOVV+Jp+koBxb@TZ0zGYg~(Akc-CBopwLsq)LKHqmn6l_?nn-& zJG-*D_I2^wo`;#G({=0?b9rH4L6Gp8`!2(ZPOWe@l&B8%r%gkTz}~fm174=b#$0gR zpbV4AMVOl^rZGi{lr@~qo_Kq40a2tW?uv4v3GT;iOq){Ai!&!dPZVN5e}k8``mC(> zJCL&Q3g_}`o#K*RJ8FM zq>Fl>=52p1#Au%dax?zE?$#h~VOlynGQ$m0?6U`Mxs;{YRtGyfR``*034hy&w1KmS z6nmGa*}P5Q8-Asd==x3sT|G}q<#YCjHG*(wI5$-|gqR8eC!;J3j zFnGdvS&E1LnRxfu`nF+5TDiG4k19;m=6RM|c)_~jTw^{ITquFGGc+J+^em_PcV&8Y zoRQxTGgQZhb|GJCqs)rLc|sYpO%(+6-{(veeh?KO!%V+R9~iE(EQV($#iY84@1Llx zI?bPeMEN1Yt5_e)ks^7|Zj36ampV05L5P`JWYKx}d~tVJ7I&ix!f@2>^zZicN)l1{PPuyyqNBVNxE?RksIWJq(B zA?bCr)6{+6(Z>tv74kc(1nD)f&!^w`@weYn8)P|GfQlz@^guYb#knuvT5nBpe5Fi& zeU^tS4T{TmM?qCzJ6f`_pLUx!8n>3>bh7u%(uEeO7x)yw*%WyRob~ zu6(c01#)n=)$R-Mdt9VnVRY1+~ZSAB;>Bu3Bws4|wJCgmuQFo`f+^;7Jka5qGK8LYG9zvrmu1w=XuCps&QD`u^2_YFH z%V2e;4~IrsiK%Ec?VAzBDhQet&&^Xj9A-PmyQA%%++`%yGpw!B0e8ay3J ztL`zJmA--mUs|~FXrNO>#93T*9S$47X;qgv!CQ`5ehoH|Rg;Fs{#bjv?qfF-J$~I& zQwMRhX|zhNqH+2y&Cd>t<#Eb3BfkYaYmj559O+)ixs38l9JhFvnV#ntJ-{=8Bp0qD zg|$ERdo#N9+^a8}citUO3q)|8N?rtVo>&*}rdp@RmlYw{J5u`Ew^PTS&-2xMt^#Oo zZlZX3Bt~jldr5U)3r#bzYZwBRKAz+PXJHhCB`L-5`QUx zU?KI^&LWzjQy8}Zc~T!JG6?Ihq>{OT&x>(I$K9tBDwc68#fnj)2oGTcREst$b*MnE zTNv4dnre!0L0nx!oJ5b$)y?^aT~OTm&GjCKbGTf>jsjPCXxJk(6wEE*a@jeI({@ml zMG})DcF2mY*h75OGkWeeplNWU`06zka~?0o3%hfY_i!8pSx;lyA#LT*X|Cqqn?+rtonHV+=WiHeduu<8=6!B4z_$_% zrBW0x&bAxa5|*#l&mVSCI;<>2{oHELJ!W{lh2q$1D(O=L_jzj{gj_=Npwz`MLPtCQ zMooF+U7J4{nS!o}lU)r@aW6T#4+~^Fm|Ab!8fVCfK19P4jo?|GGEIxNXwoY+J&ss& zZf(94IbmcwA(qyW@LU(a@*`Ck97^PyQIo;BzG5SA^SMD}+n&KM+&?aCWypP)zB%{F zif}H7>i^{5wr<|}D(3NXTQFgBW{#;t=fl|&TNUvs3D$&n&WqHm%HeYI@kz5cJKrDB zV1HkIvZ8U;UUA>w%vm2iU-#-y{QN5!SJj3mVppB?>!5%xK4jYMk6_7;fP=YgwC>H*Pp3H)xPQIMi{_N-^3}!38TF~cC(%B-K}^g?^8+fVX$9Ud*T=-g5*!J4miz>FSc_V zQDb2Yn-^6n)ppeB&Y)G+qP)VaQmaUiQf`zG@VizGCOSnD5wL64k56&^#t0Tm1Q~c4 z6cJSvW-L#X4n;%Uk5Aq57(0NAy~MP)ST8@E@p;}Bwv>RgSOReJhDHN7@cEWf%2BPZ zD~K9VnPhix5p-k+!VH$KLurd#SNN2WlJ(}|PEV+a%Xmf3i5RD*hFXSzy#)GUFGvgF zg*846%E!eu!Xjzc#~sdshvK)ub~U?eI)puZtm&i0HD9NDPCPU(`fZ?}d&UjRod#(k zimqJD{F8@*BRgn@uigiJ<4xXZ{pXHbO-p_DA0qT2oynq8O=8jR=tdnd!OJ4|*k?)v zblL<u#a##59{3v^W>kO(~ zWWuIqz+kH?6EH$Mcb6!KQI4nmI z9G6j5FzZ#i0DXe+>yF)iHHXrk$xDE!o{GOG)wC)jLzi*aE2EZ? zaPVlAJq&YhA=;lS5K`gh)gtI-IfgqvFcN))k9R~l~Un1$%WN;sa+STw|`-Ou3u~j7O8IPfLfdxCP z&?jRo<-6wp35|DU|8sGZ>nU1dMY1sc0;)>rX}cxu3ctU)l1n!zN#yEQzI~nl9c1VW z;HzeA$ZkS<$$H5`VdveLE;3w1GAN+C5T!)=72fMd`=(qS&5n}{eX-A_+)=~((8oth z0>U_c(~{~_5pFynX3Zt2zW)n|1$y+U$8b4r%joz$7jlHD<*JMT2QDq z0haSkR;Gfl-a^s?AD5`_d|ju88DdQ3(a;bUzA3}?;PpDV9CMP7!5o+*D>Aee;?<9> zWkRhj)nX)Jww)$o`KI@HTTLg!>n0e=*Wy!2g)l1DWVf6sZk)95Fo-3#L$_|Zr+_`* z_BF=c$a^&+&~!+TfZax&2uA3eAD~;ExcrznD@{ ze{T8oWO^Te)G52jZ;Xc8A6hg!mF0x6Tao@9y?65jQuOW`*7S?iNht+NsKAu&6-u8Q zu?-g?d@ML?F;;c@tOTzaM_8KG{KgM1xMU39inScPL(NzK|FzTev?Jj~`SeF<|I5zu8j~ zUCpE%=`xdW3v@Wb$o8ly>+f5pQqRe$Q8b0<-AKttu_4Yi4gtB%z>7K*g?>L`|AM}(%Vs*}@ z#g`J@0RZK})TC{-^;m-r7_i8oO9ogWD_l9- zPTpzwE?wv4>XE^ZV#a0+xmZ?4|G?>-88A+nd1d67?J^!k_;pfJXt{ZjXF`I&wJ^bv zv^LMn!8_7HCkxMgvE+&jGXg9}%gy`4<2stnS#wb5s1pw&OZ0+al|pOY0(*7!xzL~e zKjQ>nNw}%xkK7IteOS2x=-dA64Hg`QKjHB|^waHrg)z+Y=hovr^mr#7@hk1k3P#^RL zjHQwG*yJMEh&S0sTNF0FB`&nR_7po8d#9{&i(uKyZD~l{tA3{3BFt5UisRGP3oic) zkPQ~&6e8xfc+t+qclKAx6`AvC&$I9}CdngcrO&~gl|Xymz~$Q5+qQ0UghTqWBBQQ#K(E3i5V;0%)L`E}RF zy5_kv<(xo^mae9;OJE;l(BX*aPTnkCK}s>tPx*HW%LHcPjq|BPXmr&wet!^t4n#4L ze`Ck9e^uEOH2-Ka6XuPuwX>iGRbSu{zg|OAf}ySg%a96DoYJm!c>c#Pg_+49EWahG z0`qp=7QFQ5$KbZjx4yJD`P>trDaQfb9YYkT4aQH9fZgE9(%msW*_+WJ4Aj^KaOg6E z6Qr87@SvmzU=D^liJVs)*X*1(Q8Q?R@p7I&xDH6P7TkS~gXSZAdln)u;gBcpHn}5N z{~?k5mFQKjI>Z6MrVXo;oge+ay54ROs)xU zoL8SlES%7>td5?>%J5t0{aVXriUeo_o8=XV+ccLbXi{f4-LH^2F)?=8={)(Z(410V zoA>Ev+ZO6p4*fC?!l}`dLq%l&lQJ6}q0)yrVNqQqy|Am!PD3{*&eooMU8W~XArDM4 zxl>7S*)b58lE=nrPEl0hFYA1Rpp0euAFd)zZuO{5auG*Jp4%i&jG^IS#d;$ypQhhC zl#1?`;;m>;VzB(A+?6h)X8tA_WD zN0=KQ9~7J>?yA=-QU0Ry*(SB{P1VUap9shUKbP6Z@YfF=@7H;K5;nbfo&_XY793>1 zynlXix4~iIrLP$gpc&kipp$5Yx3qo!u5;L{boF}Z`2}2ni(KO}zr91EmO8!~!`+%c zOs&fABFzV$O7jKGp;B{Ph^NPqOW|`2$TO1FPcY_r{cH8``FT^){YmW2!=YwS5LSGZ zoMC9Kb()s^x7tC8o$$*L+iE@CG#5jv)dT~SQpz!ES=v|kgDRhzv{C(wU9O^;d=BTH z%bUs$9^H#zMix`-pf=nC0$O71vIgj|4W%R8jC=?esq#Y4MB4xSBk=?d_#s|1-&o@& z>f;SD{8D`QZsL`Bc%o;G$Go8e-}6_b%)jvEPDtUdLD=R5lWK;%D|ViEef9(2N{P&O z86!n6@7GUNt&LxvAY3?i+qnlYgRl&tTFUX^UeYfi`N)takf4MGHv@V_E@WRi75AJD z4*vvce@H9xjsuAeIB=D0aZ&vY`*2~-8)hTEnHx85m-PpvmIwXMn$G^~>jmdA>rP-@ zpQ#@BZ3S~e-YGR-k0#>`qdC6+4>MkXm!bpTG%Ch~$nAKNmDY+4f=oDPL8fPfGKwL# zKXQqA`1sm{$#=apHDfK4LQ{kie#`iOWZSQ+mSWHXGD}edk5bH(H3RjMAQ!YbH{JRU z$?X5)p-W+8{_<v~x%L z?_2YR7Sj?M@J`{2kY#Z63cL>=2p5%0CxSQp8x)MKE#(h!=RLH z$KiX5{pS~%$pWu0q1f5i1}?*s=Han^ux_jtYem}r;Z`tPmhzS>uU86JIO z>$D)0Lhw3_U<9RMx!H|HUM;T`w#KW2?o(`?qUTS^hfMI=Jk*&~@(_XZMeXz5z88o^0gi4di)Fps_=b#EJXtR_1R|KwRh3Uep;yHvXy-Mc*1oEnzg7t@u5p z9iqlQ7g=~t7XNb)S|WUrZ6l#%kLXd7fb+hqT_N@x%dQdWEz_R== zppl9K8f_01@=5%4QUDqxKzDwL`dGMxT)x|l20 zT38DN_UVM6m@V92;x^FU7+H&@6Q!D3C5H5c2kQU%!j{krck`U1L2o(8#?A26AJ16t z=56fC3>%%(4%Zc0;s+7&8wmbD?zVhxjDod*+%t(|%ov_*eIlS%(;8drD5$o4;&oV9 zr$l<575=i(wJU}CZ|UBwjgf#Qbjri6=iCsd>%ki$MN?vl14N&uBL8(#d?hHZfPny^ zRJZB?9qn1dlTA+qqB_=aSF|Tne=G+gYc%%@%Li~>2ten`zvt_ptMCkoKHW-(LP-qN zPEMmkBa?SNc~-UP2wOk@*U#r)`fgx}m^{gwN--yA6*|H(d;I*t+2TtiA|G6WRd>u8 z*sM%1@LbN)t+XoOekG?lrq7Xibq7*u>-`&Vqg&oy;KFLhY- zZl2(kw^Zjha8teI4p~LVL-qU)uGMEifx5kX*N?iBgs2qj=hMI>7UV)Vl0Mkn*Q(e# zy8XP``@=G`a>fIOe$csPw2X3azG#f^ge>b>h$ye|bxxq!|kzLZJ9G zYDe(+T1++BDkb8p!Y=PH}z}GFj2lnJW zu}oEG^s=+Zdsyd!L&7q-_+s+$)i(f;7n%@2B! zQF`xdx10ayDSxA(8?HYr0p@MD&r)?6|2?>*x=bWH7I$L=*;&aJ#28(cY@PqLZV z`VshfG!y@IEVMCKr>aNaMAM-T#V*D@Mszv*pW;q_P?J;poWOJXhM~fj+Z6$fKH?6O znqJNXg*@k_vtae7>!sb%%U5`rktsb1&?1P14JAd)Kjb@ig-Kg#$9Xr8)>RuEID6L5 z+nzwQ*dO?U>4N|K>iUBg5@A>ndu5-oOf<|xnDq?&d?Ense^o#&e`1Y`vZ|2-iv5Qh z&Jz)yi3 zY7bcBzyHfLlSeC1$g>TbD6=iS7dK(1Yeu*V%Qr2jNwgW8Wc-(c`E%+vUrR_yNr{QD z;$8t?hIvEA`3$wUq?G?#EX>DBI6#ey)luT*n9N`2g={68H0q@-slH#k1070XzR#UJttfIQ6eY|5ZpkCP7FUc^ zCd7g}E$(xLJlZFyjmNxym!^wOBVWV#ajt>RNcCd@b@FK^O&!&u?uMP(^Nzf~j{*Sl z#dT8W0w`)xL3(I`+KWE|tJ{M?M)$0PAX(8!Z=4$Uc!OeRC-p3Fx zQN~?a>3n1xCVUH{Cmm6$dq-m|pS_?=O^@rpmgnm$3J<;ts3@xn*zA!3fN6!0`akqM`|oFobo9GQRjru(r6huB|0`|*|oj;32Etf_aJy`3r z+dcgv;(Y&hW6d1#H}}^3QP@y|4qF=|%zg5UnOr57oD&RqXP3FXN$%JrubqFu9~Qc< zn-1EzUGX}i5CK#Q0HTc`9|+O*E&q)3Lev%`IODE`M=~WAa0t}CB?QXcSc^t*?8q+r ziND0u_iw1T1@$=}&^{uD|667MRuNZd!&T|%X+xv@?_Yo)apJR5c}{`J z$iPc^vI0nq-p5l6e0lD5WuN59N3bYgO4MQe&c&NmH-%dwQu-}@!lZwQ%+}{tVix8< z+kftgMYkeXmNqftLIT+@f7V5KCWD1AUryXuxPi`8= zupn8vZmX|op4L=jIpZJ$Tv9Y*HN%+P@0Ls-KlxXP;WsCQyF!*Qu;OtKz71ylhT+=8 zproWw{NDDz&f*&me9deGzK6g~RVUYnMnR&bSm4`btkDWSt18zdKn;p>X?4vWFf#MO z8gBnvc$~?1h6;d~6PJF5U5kdDSi#_#;OU(v zXmeqdISJ5^3DSwaxmMFX6t_$QZpqR$6T@*z=cpEBM&?hc*tm|G>6wC;BMVyp1>pa{ z83qU#p`G2=6%C_9S?{y@G>lz3iPS*29>H@Cf71fR&+{H=tzjvvDkd_|T7HmJ@tPas zyk#jkV?zq88vXC3RZr_hA0qKI#)Q;huE$r9Vk`g2qgpiVeH78|^WP#qV0`HW;>H%^ zYL3dqQ2MclvEa4;p%_m_uI#ijtIvS7J~EKB=@vSpL?FcWRd3GgL@a@FSZlbP8tsw2e z+3mqO&WG}Uje$V|Oo2`WYY=kj0s2S+v=5#?D6FfCf(8G(R+$^{il>g*2oveBo84a= zlYx+>f&6j-D26j(2BHMnpFL>6BJo+dqv&99)tv8AeR~1kF$%~((xI75M?6^x6mkyh zpzwuh5ar{X8D@X(`}+g{(qm!$(eBad>TImtK%lf^1i$b)s$V%%$R{s*&jSUN(d@HI zf-=ZI0pVu3DEiwp_Vo?Ys2Wn?u&ovhzuonPysG03yB}0?sT}wJu1*3-a9tr_RurM+ z;s#szZ$}^YgMo7rK!Tw?RZO)F;q+PAv zYn#MdnbhB4txEEj?mvVSbNMS6eAma7>*Ke0ROxdYaZVckvvr>{eKo*-b%eeHmJ;TN zG~X{2`KM@iMAPI{@|)?l&Ql%V5z-Zqs~!eW2!M{smnl&kFe}?aX&#=Zfo~Q0#j)l4 zM!o1_VXo$w+FI2a9{A@)f36xJnxG>*rRcIjAL?j^a{|39m32Kjk(0_B7xE9$;YV!Y z)<2Q6_VM!^6ZkQSt3RaGPhu830n5R^Vb|y{wtQ6a*r=gw>e9P?rXjNXsy>CH0N|fD z{d47TT}Dx!SA+H+qT;`Rwpk8gwk}QGQAz*has0j1a23d4cQhr^QUkOKjH zy&8+dDh6-!(->r5^Ixgsn3!d~R3L#&$0ie>ihu4eQlALi1ylkb3sAVxY3+g8$Qb z;*0^JR*D*7RHCroo+&4^R^uqNDMjEw!O`sMEhMN6<(O15_Guj<=!4RxP znSzg$X%Mwqb3w7r9?E~k$RA#k06qnO>5z9>&cbHFX5j3P+XVhnxVspW9M#9&x{B2k z`ZG(1l^QDf8ampPng2>;`z=2%KoWg5RF>`ipl-H63y2YLrRG$6xc;YW6Bxo_+;s@^ zl3=ZUM#izpaM;TNa$3JCWGN)iw<)AGh6 z6TGIF3I=lxd7HsEALnR(CFGes#^taxXM4!I!ggb= z`Zbj^aMjY}YqmIypA@JkeqZfTjLt;V+Lg*H|A{E@pWJ#9p03{EYz;hCZcN4$);JIdUd`EA1F4Zpz2!x_m542+(TW>mo3xEl!f(r=i zIYO-0WXAu^{IuvGp^WGeI||#ue-Z)6>nZNN{V%W9Jxr34_gf@>^2Y)=4zy{8Z6?}F z)?ANI8@bPrba<2m$ho0?D1+b)$9C55QaZ=J*x zy9f*VMdjsfJo&tR7Q*}^GOugVwEgh!SmWwR;ci8pA;#|+?;=nn_;TeLW%RN`V6{Jf zWf4TBsQcdScdX~7Ly#jpMwe?jdR@8GVz|9~q%C6}r+IFy!aif>dO0xcTF40uqdEdb zSx=h7rdZ78vs1l3{IL7<;ldZ@Ye6a~eC?bCX&xRPrngS$JEJC(am?qtYod&P51IPb zLvz+$KM|bg85-bAjr?+1xwK%%0oFNprSPG(z!P@)vlBgt|D^VPkLNOOxp%IZxdr+3 z&&qD9S7qmE8)N}LKHPoLecvcsVa!$R>OrV4JsM%Kkdt?;=f)tz*zMCVzWhTK60cK5 zJ-X6qB`~SIH|65mgQ*&iC{oU<7q0JgY(kZ51`r~B)qBPUpsMgyT!FG-qA*hTZacUtLf_1 zf@-kHRsrj<2j(`X3S6}gEw@pw`?Iq=|5n0$@k;H^i15Oz+Vbtx8*G{isERRgx|2IZ zP4+O8so*hsBAe5DI-3j0c&4oa{_HM^SvUnEZbN!y?mIA2u~}Km$(k2tqFC2Dl_AUb zp0jZ@tAqLEW}+paA^a~I?m0S%dYCxS+L;31u_g!eT}emS#W$|%uDTM+kO$H5HEP`cb)u4hqk9)1|uJuT`1sj@(WyAo>G zZ7bLA#GW`f_n2?)TR3_J4i+6&mU)dD)~-y`LaXeJEZtY+@}})8>>3lhL@IQesC**y z-3&>WCVd)?>V$ZWMS&6eM2?0JDI&46L0~E;%J_i-XzFs`4GNn(9l%R=M;C!Irv88l z_%H{`IEY-cAHgu;vSJX=Oy2Q5OMv-6@Z>qE>9TXu%skL%7%JKr>AEqD(;4rtb!4>E zIh}TcM8=Sg;$aJP2gT26W&C5I&hL|N6%Pyy)ryx?v}`HfLd}oj83RKjxRF+EUY^*6)9ySZl>?IH zrtcdG&8Fh2F(_0TzdLRlBkpAlTxA|mV5RjBxEjN^!r$Hb)iB(&*+--iB$y*gwDhRl zzM%;|{if35e2WI36N0_y!#V0)ugmfMlcBlK=G&5qN>~c554#?1YpR#Q%|6GjmJKHV zMd;8gxut{Am6ABAMq=4K_bJbb+=Q7$5!SeB4o=1XrCZ`hwQR z`FFtZ`tU-c)aV6E{|R3Sb>)|B+hm!Kihs$AVkirQ8=DietUuGEi*R7g!13P z?-T#1Y3%`$T$)o2R<#sj^ua_SDdig;eh2k1#CC0GYlgEqe5KBazGy&Dp2K=rmxoum z6MpgX{7?I`;t$*Y(qA1kKJU$V#~1=lgS*BNuET2)RCi%^K-@cS*JdDY(@ah-$#Ecp zmh+f#p#Ki-sWp$$YIs3PhCRB24hoe z-prSNYN0QtgICN3eQhRD>+;2CWomQzYr^Jw|I?+3Q}eM3r@#h~FS{}DRA8e|Ak(=I z=5YFv)&aCQSkIoM$1jI0Lwak|`Xl6poIYNJY8dCA-dE_*2$>0|uRYV?Q+8uLxZ!6F5!^r#$6|{GPJBJX4+Bd(~Pzoemr2?1cgESkQi- z?JozFIt|O%ewVr<)zX~@=@Y+X_%BcvE{+l0?2_D0K;VRyYNM^kE0~^k>=aSLvPDE4%5+C-3dL;mHTG9m?-v^JZ#H z-LQ{Oo*w1k#hkD5#gg(`KfJZ?K0Ug*Zc!c7;YDX0ha3-y=E3m@VtC%)^;CUgbvVu7 zph*7(Lv3lqE~&ke)>zpwnaJ$7-}YxK`@No#@vu%|70`{236eF&J?9%qr}Cf9T{>)4p`sO_cf zX_6ht>bGR%&GuoAnn`>-c2Z^39#qG!$U@`eoWh~8lFA;J7Q>oSsV8;qYl7G<7b#ju zEkh}2B;Ym|a)sv$awA)G(*Em|!^60DJbPjHHa{IM3x~Gtaj@s+c4N?2Oc0bEuIH6) z9A5TXv)*4KO?Wf4IMQ@4QU7V$Pjxl zF1`yvJI;6ArD2)bz>`@JbF4E3-HbcGI{sAt7(^Yzo=hSOTBcE z)B+K^HDHxx0pE6B_QRe4RZEIyU*1!1)Amq%{k#jZ)3s~2zI$Y8t&5rd*t};?y$6{9 z1FTdB#MoIcOcZ&g-e7^=$Cjd`sqDWaneFu>HQ38C*gF_Bdv(y9SYfCgxnNIdNpo4i zlgUbKZAsWWM%HejkfRLBwqLosz*9NQy!2F4N7MsWgcU$d-c$t0V27d3wfj@6eQChQ zMESt-?wCz61*_3X3hh9j>P*V2r;l7DPl)?c^~IIuh)PF~!^Ej-^Wxr7+gI7@k-BSv zJ(Z*S90q#C(X3{!UO&U*y9nTX6H4Y%$KHcH?CA#&1sj}XCB)?fYE)UPy=Bx}^lxXg zdz3ABvH#SVg2k55;)R~7k;Tri`P-Q7yGmK+&1}$i<)@3y!v{!C9?eQt~>!B~U{o_{98YgtNtPQ4S- zF*2Hf5I5q21%^_Z{Rlr~q^FlOq}q#QA<6UhzqI+eGy*g@({&hAlr8gE8{M3B%-EK= zLYOS1ggr#=dbl=JJ<|uRcsw|{DrQ3;ZUq5zP=+Bz9ZP6#(qU9F728j1H?mWqwGL(p zAm_Bupk8Xm5geU6sOl3!F}7P!nC23eeCG*ItKs68qO#dxy@f922h&1(-b){A<0f5I z87*~~9(1O_oHH5r&>P<6V*AX{CHc7P?iL?08(Xv$RL14oq(wp)Vd&A)jt{4B!*cbY zP;N`t;W&q$(p&qk?=v{Hr$yXzw7DSf9g=t^iJ#({eP+_}=m0 z8;(hCr7o5{Xr2x=%haP>Q$ps4`jk5hevB(J!*I3-21n%&r)kEj-9zoDr%IOc2gE^X zJCEx(uO?~*=P%H-!+@-yaX^b1<4EpW!{Q9$Q=ia8`=i!tX`g_0Y6(BvSKM2s0M^5@W0bGCnYe99sbw3p_QpC0p zm|iuePWFl2Wf~ei_i`ZH&THd&>*e}wFz8Mp+HCRDM$;_92xGyP$Vjy;hopxGYadRW z%67}ebTvyVo4oCgPS6tar_4K9ukK;^>`iZJ}3{_IK#^I5+fgbfW z{=KQ5EY%74P>!BeZLa0Z8>}sOmL=Er28p!`crsu*ay|!#;ns(1gkvW?pL|np+|tm> zccGwv&@F(?JkW=+)0`QTBs#8$-Cr!OdY~W4FhLX&ULuzGdBO&u&y}r=R3Fs=-L%Na zS-p;{kO(YOGxP4lb>)~ispecC@iJJ+v)u_$v8h@TF)YfMb0a)4t|5D7_g30X@+Q*d zmG?62bB%R*GeUNX-db3Mtn;Xc?8^cZ=%`5;>JaI=A7G|ZTKZoNy-=CTx|#|IjDuDI&`GC$RlA$ z(_!1NhLb_E1kp8(vEzZKW6dXe$5s1*b(_+yRM0$Cm)hBB&P=04NCLlG@Gaf#sNg}r zBt!Dkmy=KC6dfigUF7-_D;?%a9}|GQmZJvK7b3ggTHTE+VWnVv6tq^3P_>oewA8q% zDU7u;QBG=Zg0V=>qDyIrCn@0VSBUOsOMfbC2H^>Ik2vKxoSD?_@hpfYakEFIGeO?R z%($m3_VwHA(6HA%tv|Bz9pUTEhnj|-Uj$W4(B__wj1|p8*hzLu{4Kh2dXOydjdQMq z=mk_4mQ5iWww>}Ep609`%uJxceOc>&+*_+M)pg4oToiX`#hJ>Q*l){xl!w``5HKnV zWAgPCAaUA|i(A#`3>+`W|G|O(WFACLm1xzPi=qXv0-C5@IMBxf?%uE<@6d98rG=%OJ zJ*asCX|^nUvH(1NKYAIWrFd|bF8K#aax<11BfV=Mz6ax}>q>296P)$vXUa~4yWcEh zMc!Uqy(Vuu`dYzg$0(pOvaD^$tLIk^*8Q950ebz+ns?H#5u#WBB<7PTYs`aXVZ8}p z+)f*@nWTG;eYt9-S?tr%ysTZ9|EVD1)68W9FGYcbAMGEElT<<_iZOG2n){ERhKd}| zW9n3YH}axp9}ohz?l!k7Q+|6WDLXK;hk9NSv9o#|PTjg_*DQ(M&BnA+`OrlCC#}4< z_Tq@&l9Ka)lV{qhA-@JTg}ZbaZW=|Mni(^zeY+Vn`<>!hDU|IOakG=;xP_IHCPY;a zQOw&F(8+Rm!pwC{-!0w}@!A)w%yqeo$rN_*T(L>kq1*K#N`&yo@Y6P-Y1X6kG2$^Fz}4sAVPdzn>M&@E&=DmbjT@NvcDpz@2D zy~>E^xLT;Sz^Srvw+D4+Tbw@3&GQBwz8z%QPbG%%lMk7wdEunnp6JPgvrsuVTX?p? zPW{6HZo%~gBSkN3HDO8f$-z(RwmH5aP3|m}_8;rS?Pj?3omR76S6H>lSU@39fcYB# zuh27)KLELqR6ZboBhqm2nyk7GcY+*23=`J7GUuVD*P9uBZ!LoX74^f_oCSD)Sm*eIlAhJD?4GY_eMq~$M7}t* zi*`{Q26b|}Ld4%(4Qj<3A%S?*vGyh%ozJv7R^E-Bcxb)L?doEIHd<=2=%3=UsAs=E zUC!;xAuP(Zm@as2rYu@>LawuiG??uYnzcI3(FqHxiz%Gcw_Ww9zDo5`=Or=wXT5=| z5G8bP{h$6+6~-~7m9U*ehwlq}JtGjU?lkF&a=(C?Ql;Imrb+V%zk>(3W@MAhf&8Zo z!l&^xm-#(ctY97MC0!olHvJ#?hcf3x9ky`RvP_0=vvf+o90*GI2swF|+p$|1S(&yI zLvWcN-8wUXj&mZjBp2K6kr%7>+mMPHt5*~=)tV#ywRe>$#`9ftFm4zkUZ;qO?=EZ{ zU^rl4eK^_pM!Be*ikXW|gm`Z40}2ovPFa@PGCi@^W-GI+WgK*W65HzXC%$^lg7H!w zc&{qLc*C4&KN6HVF6Ck0_t>dXo!MG*nPdzT;a30-O~u7WqmRkpxmY0SGe7w@@Kd^h zDP5zejoTE+dtZJ~_g3WtoayHzaZ&yVl7gjdcTL)sG z4|*k6ezKy9;6Sh_7L}d=#>e%n%b!*uL$TB|E=cQ|k`f~QN3KJ_DSX8zYIvX`EnUVE>)pB;4fn1Gof3kS9u`)e-KEM5n@adZz} zc6Rsanjpd3b zH+xb=>%9)YBXh#GzYi<3s^{Y8y8-UzLksJm9~N^pk`mjBUj6j86=4h0MPr%y=HB)A zY0?d5)u{@xYHamgb+4bBGlp*`kz;Ef-BZ;&;je@%hRSPnHQ(T)VWTR^nRHNs1#|J#b$^T|HO1K*?m&7ixw67K z<^2&IaO%z^rDYjCjdFXORG20pgY9WZ^2Bu^af+32fRv8)Cx>B9VMe`@`RoV>36Bz> z#4ztyZqHiPn{VSzb*dCnNyHS?Rq~OUe&rhB&Teb(Z#%(tMU*<&FPJ95)^uzc^%bWYi>9A(rv1x32t!-I&i!Q1`dhLEO`nk>dwF zb)D5`(TPu2_Yq%2g?VI9ad|N7of9}m9~S7ukd`<+FUzi55wM8?m9h!lj;yX*A)^a} zfz(%Xofk9=OlLEzFLnced?EzYuf_~!7=?F5O-B~?Dje4ee;$EDi#;(CGBM;%57%|Q zTw)5;BkI35X}NE&GP0VC%#bTx$~b8nq117yxOM-s0DHKo?k?hZ<%DhQd(@2A5LR3a z)WSKgy{KMx$FIk9FwU-9yhrI$a6#ey6wc;*2fNKWV3diX>7j)c`aMh(T)OHp|FCD( z2m^~S4vOO;n{cyQM)!*Yt*)SA0m901Zm;Zk)ZW20$<1}gl>J-%sPAis4&Rk5(C{iJ zPi^%k6^6Rh>eo~+sl~p-al~KV2BJ8rMgfhD|i?ZXmxQfDX zD+PmFUgiQzp2zr0jtdDxH38kb-Oqf3fFsQaTk2T0=R%s3bu&@ve$A=@H?MED=^9&R z_j6^-G_=K;i)e&%kKfG+WgC3^QEa_$|158m&uS#{3w>(zD~_i7P$*Pkg+=Bn+-9Px zi+RoO`4Y9#uoMpWDXt1}LX7Pbe{~V7@Z78G`<6mYE-{74ZZS2ycnP@j$L3niQwjJ% z#PAp6r)gB&N2g0)q^UuqFKOm_z^n}& z612nErO!pgEAV8rsSu-HYi|>e&b2KXjRzwGDGrOND(U; z=)FW3^E&Jbd=ejJ_7lu_N}?di;okbFKX&obh(W$a2?wu*LR?=G|5CjM8s^?rvRk8u zE{$UM7lxc{*=6Qxjw;3E2Kq8hMTPUb!|Z{{o$HOkgzZE7W1%aq%CBZDd9R+a%MFPYJ)C{8cUuPj|ewwkU9Bo^4;C_?gxW$k|6uH@VS#IC_;(W`2UBzm+OAyma zZc~oa%1Mk^qx-k5Q@78wOM?Xh2`i3YxPy>4@hI-llmvUoBA!Pt&nnGj`l-sNxD^ov zyN6{Gmze9PaK>WC=Cdi<8PKx2dbC#Wz35I~PO)8@(MoH~m)8Ov2MaLM10u(nxh=wcl|p;^ zc^WHMy?!dj9Lp%OescWy`SnoN3evr0xx{L66CTUGnx?3VC57C(el!rV*4&f2Fl;)r zEZAgyzsvGLrg{on)|lX0mh~pt{`W1GGOt7D#)vl$UM<7RK{KQ`d!nvAg?DLcTEOI2 zvq||3vsHN$g%~U|M0i=BZ4`8;gn*C1##3R;;c?HSu|{i{#OG%|Gr~spm157_>UY-| z`C?|sPWWH&G&`@6xp^aGL_f~Bax1)k{~&YPty;#p4;~4nIYs9xSj}S<-dm&&kR6Fg z$quZ84yQUyd}hj=c+QxmVBe~dlRbW8{xaN280D<9uhql8(-TeU)5M`i9CG!}?UWfh`ZV;mG$)2ncY+Ot5@zru)B8*Z4@ffx9Po zDl~%ScN#nV+ZESa0W?=f+$%t3yO$w}zog&Ja|iTQ%%knOdv3EE4>!N2`FulaXd*yy zXHPdFn`zfkWMg0v)QK%b_^A?8#A)a$DRbrT-Fd10n08rn;podj zX^+QA!p*>Hj={2Ar6{-YA_*z>yy?O?{U>I!V->5|I%SVvE2M76qWV)Mk1l#Hjh>pT z-km}pb9+#W$Cy5CC7!$sze?#@V#z%I-i%yspU6cnfM3B83T?pAN@i$dtsb#Mj*HO) zbLEzBToWVHZd%>X*{xdYS9OHUDk=w4p5?iPtvKXDUMMruK=W;nW@%XJujrC*KcPSq{jjX7Z7`k^^i`SeXJ&X$u=fnJg4dLQ@baJ>o134>xNiwn!0US$DY$LvITK_+fY3?p@exW-|! z>)k4wDVR|BeLSfhzv#jV4Fvnj4}P7)B}Ip)1FY+;wb?5g2cD?L8rN*Jx1m{EGhg%8 zjT2r7!x1;O))RYsduxPog+T7y3-)k!IK8JUAC&Irl2rD8cv z&f-jR2z{yCK=l{BRN*q%7T1Z`%fX0#iz@Jh$tWIa9kU zW_@}U(X^851UtzDve#o+R{b$_-UPf2iCF?}Hh@d;%)$4du$p zvn13RG##&ZyeTut&x2;k4HdW;ErFJ9(QH~uoO5^(DKx^usS;(*8LM~oO}Rw9I(M<9 z*bN&~G^3k&7^$Xq#8u(b^(T8(drvNYCx3i5Pt<)k^82VE6DcVv+KP6N51dlixlo=O&vA8a-MQYv|oE9jrd`0aY>tuu*4N#~8-qVo9(e63rMjGPE zTO5{|1Kj%`^xnC%^DcYnUUC)X&F^6M(CUrGnYqeMDV4%8oT-h(R#7YERBxQg*p_6c7z*b6@NPYuRw{5Dhb)2c-hd zoV>Wznp4xMeRc^jm;5ju$ShLITP9w|Bjhue?^dePP=AR2? z$K3dd9=dM8SbvgutNz4$RBJJXMJGE_WWQIYHe238_HAe9*P;$DYs}ojjkNy#`>F2k z(boDdtP?raF6bHVjH@#_lzOy1;&rOH-zO}`zd5W`clpAryK28yjqq%IEqRrua9RGY z0#@(Iya_7z1eroua3Egk!6T1EL8aBm7S4#J$gAPB;-8u`26(BQR70X z{?Tk+IzlSuRkxO8E1q1@-p4S9_fD)drVHgZnG&G3FlWWyR2*c=pJD(*XLxAHbc=sW zmYyvH;B49Qb{vI*ah#rJLeQeX8Y?rTaHx;XJl%vYc zs3*AY2X%F>F~ZAAe6)O)OjrXXSU~f?BX#|(Pxc;FT&Y~`5~2f|jxLE<=LjfR&8lmav392a~ z=8RYrvG4T^qXx1YO>6g4T&C!?oYq+T5_L}3KRM82fjq>|TLX*B84rF6IIcO3@h_#{qLB+FE8AuiYfvO!T3H=b2p2Q zXT6E2$?P;iB>}nuyPKEbeK)V5A|3J64|=>Gk18>wyAJY9HFV^v*2k?1rr49fIB@e2 zMW>WYSxuXp+HRXKzM!q;t;P&zgWMy)4#p5vXivZ>jfS;lzXg6V76~E%ws(?g|MUV- z3Yb2n7G(?TVdq&_j`OVHlCN5SRbs4O;IDQ!59JlPoCmsz@Z}LKnHAg)e{ZQ%<}<)Q zgTDro*<7(}kVW7>2L@poEVRt?=98a49@Z{z_Lz>9HD3%ZG)>`v?l(w-e6j`K&1VLk zyN`9$d_?wjb$8w}wodI`jXbHo8ZH;Zs#Bc9#gC5Iqd<8ql&XLz8f7rKRPt~{G=`4 z0y!QQIkaQPBCiQ&kk|$LfyljBS7J6HRI-LPO49D8L5=qs41y zy9-dE-{oo$%86fA@dd+XPC%2%q57|iXnjsg?v)B@`>MbDlNDm+s$~_pP{iyG9GfrC z^0D`Hv5EF(Bqgxw-T>)Ykmvs@VhN&zFHD5WbbR&MbISE@qucB|{&G2M#QVwXn#ml< z{gGf1Bd8k5P}k)iR6;a9aCMI`YrM(LC2%+y4xKtYBKGeuAdvl9aod8|o-F!cvnFmn z@0v3DYKcw#Zt@LG{D<%4Xn>MvIP4eZaqfLQR_hq3LAdnsZAL8V4w~S~Dp1yj_fHP% z<;_px8HMqZ4~iewK8*i=WW956W&N`~Jh82r*!IM>ZFAy@olIyxJmCd5{q3E>ZA(4o(H!K`Zp%0=N0}I+l1R3KY222Gvhmw#38RJI` zVvg@=N85wcO8v)^&5$*@>`Z+J%*Ir#;{2LZPr&B_az)F`H6QB|0a? z2TElOKheW1*H$Pw7j66i1vK9}cA_QR4=Bwfsi3mTPOau*x%jVB%oGpAvFYg%>Ee1Z zZ!grDPJocy3R|I_KXqG2Xxn;tE=IOa%Q`>so-mGHuyPrlV?;-Rq*#AO(?Oo_U^M1Q zbIv<-;_t-Gwu{bwsEdw>MD!Ue|A7^(smwu=`qAFW$C|HmQ}O^tYli3#P86~hGupI6 z_FMY)$5)cWnX-g_F8UH~;G9;je4F@8#Si515+rT#N%P5*&{HP{o>}Y&XB~y_psn#d zObX_l<3Ceu8gfr4eg%i^*ot1TVVm<*sBQIV5$0eZfjS<%MF#1&hh)s=V|vE+mGsbY z6tRaXrfZfT_@|+T!rXO-He%V4o@>9#!^<=zrLkH8=X!ePnN_VHQmtDIKt*AdwOC(m zUmv49x}IT2;(3J(i!JE-fT_J&a^`dwpfWImkavTl3vDXp&2oE)ZuPd|q7`0S1BCbt z5CdTTxta0>%>Y!!7kF_3F5zaF;e<#{PyII#+jI>3!vE%<8|0gWAPrj9L{be+RJ~4{ z_w!YySx>+%GwE=qWtIU8`g-6}($Y1%gZ*x{=WT=sdN(5DUBV#z@O~6jK??~ zCO&#Zbp(7$x`ZYSx7-M>pg`5smA_*1VH);$*j1%SD!zPY%JDunHAsjT0CuTGw zR8(nQG9F?qots8_ZhOIBd<(Rpn^m}ZBm^Ta?kxU+X}s?larqK2uaM$Aoo9`jAKcgi zfiU!qwV>c$};OTRJYvZaHYT#g=oJ$H?dPTpKN3wrc4LkXA8z{N@`!7i;_BPCUCIiT-#e-b-d0~0;blCZ^#X%0eWA=8 z*lkXnv^X)Xn<>TSl8BVyB{&;QYwa2o1aw*qQE( zs=3bJWNp~JRr3Ms3L0K|$s;#oSz@VriW?)6t z%zUj&K!kshBK0b-M!*1w*=29u#nns<|K{t{jmrfW8yn_#)A636bel#`oXR2aMw=yn zMfMGI(CrZ#sGV$|h4jQL(9g^w001ANx>KkZ*lM)Zmi#|rc{;b;5!*(msvjHHz4%Zd`g%6#-P&)E)gju$9Vx~ zHVYgEsOd|{bR23`*A>(H1NfFMK|DBMS8WJz4!x@%D(=uDKE&HG zZdBZB>k0Z@-vf6HTU@hz2XqiR_N#LZa=s0z*=#MU#pUqPoiZJ^)#L-Gh-*4{(!kRL zJtp@KXd5)T8D8&|>O;W#n6lGD$dvt}V{@rCAtaoiWqPnsj-_5$vNb9trfEo*wOoI@ zJpbU9wSL$ijU`OyJ0q2?Na`>}Z4F?(YNePY77MZ$W;vu|VZoWNNHFbtbeyA3Ogx0* zo~)A`{arCx>E#(17`WZ-_r^h~ck4BvyL0~Mg+QfsX~FBZU0j_6nV<=e#I|{y^pvLZ zFy=13G39@Ph@MOe&s7wDy|b4|k$S>DcUC@Q=bx3q8mVw}^YVi5>ReF)CeZ#(7&S-}B2+lj*gWAfJcf>|{>nCA?U$3M=C2(0;m z_04h~Q?sMrpuEMN-}`fphNIB%5>DQAX*#qTETdo&@OuuKjJFOB%ygn|?j(G@1NDhl z3yNgD)`?-$Tso(^7ZwpF{3CB*B~~%k-iVG=6FZThym5)xJAvcDCuzvZA?4+~A@jx7 z!mBUs+n{E!A zrmrQUCmI;%EyvWqY7D;C*45QG^gF!P?~0#F$n*gZz!WS*k=XW>&iMpDnr8C5A|eE8 zQ&W&D;DK7oOE0NPhAGrL{#SJZ!O?dw9oifG(_9PDhn4v2t)9J~5fI_urbvN+BQz7)xUjaZ&p%X$-7P zfz4ZhvPQK52;avo zT11Dai~E-vuk4WJ^y1-0Uu7r=6VY!R&ns@|MdX^NXU{k`eVO@#28-2OlWy*x7*iSz zm|jZxy$8!vZ6*BCcb2^cr=TyGzHOa}3l~;)_<;?)?6!M>4=Hl&bfcEdBsCpzW7_^r z3!rHO@A+j{=2fBZ-5?R!>Sj#E_F9Z~9>XcIcGH0Tz0(*Z&kuQ36lRJiLXmEgveg%o z16RwVPL+u)EF%2@H!8`|quQ!;s#s!!W&m$`>%=5%@e#OK%*!c>^p>?WZ^EMlnYyoJ zH}V+mIK?qVG+jrb41AfD*uE5!SF5z}ZE~~EMA~NnIC6igO`f3rV{35QOHf7z?Do{e zE4We%Ar{Bg0u(sed*CuxSmt@M#Sx42eA!xQ0Pde;P>4!cJR5)o%Xqq$iAl81&WKrO z+q7|+hWw>+yDmp?d#L5dQFv}fuW7lM}MmO*1M+K587ox9T*&Vr{_vh*6KvoShkX2MfT>)viw0%j`{P^$GNHUD#J4&Nm)`;Ua z?!v7E-;vs7+vL9TduOl+NEEjI(p9!#T+Zf}x*Ursvv<2O8{+R;!%gx|?JKFULI12$ z*z*G(c=W0)esZ#R+d#_Zc3VZbn#H$9@n?O#+x{=+_I5Xga6g1Db=l4CPOq=bi?>a| zK=Z5dgU?IZdWzM*eU!jw9|Z-~za6DWE2Y{!*hlpL6rax)ihT1Y=s{h>A#1);A~w!; zRG)e&h1A^dr2MmbItTOhZJ3kEQ;=(Bvwt&F&i-ep6qz^{6cwegm{w7;+Pt`|I_)@< zuT1;r=gmH>dqFv_r+peuZ|GW#YqQm$5|xD{vxdNmZ~$7n06Nmk+uc*~- zB=*b=jQMLmEf8hCp#f9WH#4^O(CzYkwE&BSPTqlaXLg&e9XSz^*{(0^ma%s#5=Llg zl@Enj#eUIXJLtGGiX8cT0kQieeL8>7$wrRnr{Nf45CrSYFW0&t9u0LnUqY4p zp(Jf$2i0T+B+o5&VlZT(WCwX4_=EfFg7X;pajv-IH_yD>BO;aRXsYch?8Me6bT+@o zkeD0*b4u4@APybN;SIdG9q4ENX?79}ss#TAPtW5iSHJI&_uWox%hpMUKlJ6g2 zHd^ybnO=?l0|d*3&X?__`EEV#Ys22%bj=pp{5&vfoT)%{)61CjIEr1&mE6~2q9>8` zax`&GJMJ2#??M79^nuPZyuKU|^%U@_T2-1;ez(4YNUVRpu@sp=-YnPw9OJLbLgnK= z8l3GrZ7mM;)))9Yr;?X;l>d`$D00}+UFF4L!!5}j*}vA2mn~tdoBi9LYlHLf%C3q1 zoU2o-q*>6U31+NuqKt#faj#V~)eA}1&He(TaNzTvN-8lnJY2J!TNZ-Yp9q+l>=2hH zHB;Tp-;lbLSNb+m{_#!Ax_4cOfC1@e>Pq+ev9nrCbj1qfW3IXt15Xzr+93U`Kk7mW zJ3hW;U?{;25Q^9fG}n%a&u?K+E~K_L*sL^S+yYh52IOMCVD58V$EAqSNJg#z_zex26@`Z|<91$bW zqOM;PINUbB=y^Sn{mr=I64P;{vq3>DwYOifUs&6jtTCowCslGz2EzQywI(<+`u&F9 zbX~t{8+nrIxEFYh0xLOtNr*h*S-0(dLY;+C^>ddW)z}k}usu5@U?@Hk5xRp?)hFgK z_u2FiWAxjl!|Zt^Tu~dr)BZnj9}QDdg88J6M*y;QjLPlsN0~7`-DqgGqIPz%xreo$ z`i&LnT~(6EMziiie2pV{AGBf(0^4d3_?8SJPVG3BQT(tE_ zxX`Mxebp}_^oGekqCv!0#5Mc<0*&_R3JM(yOM7i}lSp0CNX5aQD_PO+LH+mU25$q2 zSmBpexR6$e1d{TByu_X&#jMBu7K!$IUAB2rj5$e-&aJa4r$f)s4kPU82YQj^b=#n? zgg~-%CYcvjyAvX94sKR7z zF#-^Ok}=35!Ji(Ibd<=&A=i-O&KsS0dtgMI?7#9W7+TEMwr=ukA`V_@U42-yXp9{hE;{K5b)9Q3NkIH)tbb9_>y5KmieV2*#UPg z=}CPbUomrq4UWwHK;ZoFVCHswN}ui#bVlE!pO?!#AFIW^|Et^H+z>;luet=y4+8zD zaEG_=C9V>1RPx&{9fYc(irP9focYgUPSsPySZ!c_efeCc97V#}Y?iAIgI*d}H$nhy zAc1v^{i|yW@n$xyLWi2o;I#D7K) zFGy0V?<`8Oienv59r-ube-jl)n6K7eGca_P@>FQ_3skEq=OnZ1Ytxn*9HI7Mn5bc@ z4+n*<03W`7DO}cE&v$L0#WN#U_t&UDAFE`blPcz1Qf@CvLc_zE0ljcV z;LOa^HEvT68r7Rtq}lw|txB|#au#?4{>`2ceOl!QpbLZo+vhH>uYQi&X2i}9>Ksib zkUh(5(M9TB!JB+bl)Q9-C02Lzahj<`dA19OhIe@dHyiH3N)FMqxDdIF4y znRNZfeZ;S1m4Z~7^HpV1koy?3;JoIkn4!-2&^F#tq+)jw?L2q`Ywt*Zq@a$L zD9&RM3!Bx-bt&f-+sxQooi7Xv*|3;Eq(LodLl5dbLVKZNw$tB zdE-6NdvO)S7ATOUyyh96UchJF!I&4q5bSgXs1ZnlJmYcl$|3deGPXw?IkuxVOQTK_ zVM56~7o3m7kdS)?@7ENUx!l{^+uDiY>&D9Vp_UbWU)+(;vrix=ccy;`dTi$S^){FM zc(#y4N!O4;ue5hWBD;dKwxbxEPe`#qApp7~7GT=lB}kB=^#cFN3<2!Atn7OiF0DSk zwz3dJ@WOHR4zhROacher@wwU3uV;NjgPtJgP-U|suti1t@gM3x84hmI!&nzi=_~=pUEv%FI>0*PH;95Pll#2^nr{*K; z&>J%+=Tbqm)EOOQAP-Gt%L6P^=}R__4A%r4s^4ajdc;db(hzS0VpK>wS<=~3$I98! z&t+7G2d3Jaj>)85qJzhc$)x=V2h@B-@qqP-=E8`^Rr_(Bcwg#*X+f{IR%cqN4pKTj z3z_bjnOpqG`5NU?CZh50K*&4-KKpwI`|KPsLg`GbA0zeu7bN~|!Ag)o_wz6RLKNNi z{h%7Ma7O4Xq;{>PoJ;$X6d0MIlP+Ly&*ZIj4c7U1s*KB-heh}N z^dy)+Maa*u?;>@!o?ncdFW0N8j?^D_vzKy}kGT@`61BvEQQRAfsA@bHX&$ni`RY#2 zc0tp~EruF(T&y+kFCxi)d)3b?3`UBj8UotfJQd~jii}w@a0ADzNL%DoIVuvZYG`dM zu92=C=ll~R9&KG*aX>Hu8OUdow!gl&*mQ{%@RIbS!x9xy( zZp1x0O(q3QbqYffO};}_b=_kl5-i&`v{6U#6LZIit29a4P>s|rAB~nX*3U&)(KNzl zhx#E&vt#7c*sZ-EPT7gT5S7K)NwJc0og^o!=2SO>zW0bGLh?>p9ZaFpBFin?hfqU_ ze{EE}Zrg>YgX95c#i5Q+x)~4uLyNJ;k*-HC0$_a%Qq9HtJe+yn;zQTJH3d6|T1<{_I;{Y{K?y1)4G-go zLYvS2uBE{&)C>PwWejAe!@z%ffoY&65RBI4qk4`r{Yx$XPYBvAp)&exQn9P2EDH|k z3|X!h;mO)z{2P7M0lre!M~H@lrbKll&a9k94+L)@%ZROJ=%mV-X^9$ zBr<_k5m9sVuk@t)zPaVf#p9plF*v3f5^6$ib5B%@6d#Zd2x)7$?MY4`DMfgE(|5Rf z>)M^%b(@9-nZBkA(x|CWaFEM%vnEUv<$j;D{kUI$6bVhrdZiUcCFjIX4bb)|5g=}x z{JkK(Jqvf`sF>ldVfnXLm@cr*$U~M1j~K>QBC*wLMeVQ04Z_dGYWz|4*W*n&U9&pt zye@_=7CbO0-7u4`^1hR*iE3(zLW24HRvurVIMp*lp;Cia0AlPd6q=8cjO_4*JfEn6 zvcOe)G)qX_RO5gskQL)L`w^o5k|bQvmp)0Cwu-h48I&JM^6wc5_}aP$m#xeFi??pk9o9nFaJ0E#Z`o^QWNF%97l3c_-wN%RU^S$b8KGe(3 z{JS^wWdpiO5wM+H{9qGTINu%Fy6Ltxyw4jAh_DwT zdL7|LueL^X%F!R3f=_GlcM z!buEH*6YZ-inX%vFcz#4L;nNd`HiOfwv+)#_#e~wWu|WHfo%9E#Orqj1iVU1>~VcE+~Bbw_*W zR`tW`qWM#~7*J@Xleq>AonzN(k(hiGV_wjU zG!pRRMpN)%^r&n#t1}$saj+KbIS+BY!i^7(i2}QS&P0mrG}=9c!NvuX>--u)r!Myy zu?!#+Y~2d~XDi^@*w1$oeNSDyHK}BPo7u%TFNQSp5HSyoCa|57E1gS+2@TTEengf*I&vgozf8uz>GM+@R0RJkzLnaRwTxE&gwzK_k|Ed& zhMy0qWczAy#B-*>=P`>nv2TnoV_D3P{B7FVd!`WJUoU^&aivZ9;M{JsO$H^NLV=M> zXSen9S*ZL2Tx?06G;{5!Tx2v`(PTJ5WiTRCfm{gdEQeS05)37g=YM<}uX7?cAyvWZ zDhhnb^wAeX4)v2(J!@6YFbj56;s7p>}RXPK(m;4Huwk97`UCox$l z=IHW@p1o}#3Erx-f7mQ7tNi_2bw58f1H-pxnTb!|{#U(E)pJTF{LP!xitaJF6 z;hI!#M54oYV>^BbgT&X}g5j=fXGP>6j8>l(QUacXJNmz_EF~2jyqMGnl`=Q>rJ&dQiAT+AEkVMIxRH(Tj*t^6K z8DAc=d#LW@+?Upv1qB6_lDBv69u$M$-6MAXiPhZ4;vV;uj27#{BV+&moE(Rr%f+Id z$PwJ!ag?l_S0uYxS|P!2#gbze%MGJTZHh9U>Dx#-I_kugD0GTM>r@t?*wE^S8vT7k zev|>eTq2?M3`Ju&>_A}nC18U=vOA43DNFUR4Z-S!e(7t~kIxvRjP!l7t)GL55e3ZU z_B;O{;OY1YJP)BPw1?*>4EBZQ(|AOdmf4emnDtYAMh=+uSEiO7JuUx1yX&Bqz8dWa zgUjuL4z!KXjAwBgPhYNFjQ4Mg0u36r&w!<2s=L&Ktiep<^PckrYMuvYD#WagK3RWB zt8s0@5E|4%HHtC4_<+K6tBI!(j^9Q^sA&(L_-bV6TMhO^hpXk!GxGNs^qy7W*80!n zW$T%QytCMSw;rhOX6z9Qn1Hf~t`9^EtR%H@9{sP5Dq8QiN6O?x5bTG6)#EXQ1#?k7 zUu4|%pUkilgZ=TQ?uvL0n^W0B^TS3t#i#B`#X zzKWsV05^rB%!z%G#0pYj!E?3{47Zbt3Xqaf#9w_~US8C#Xj+oYD6?(pL0Y)KPAa}- zTetA2L?kQhS!66k-zXmzcj-L3tFlnpbN2-Y>}<#m)=&KjMMUWTOHi9jH}~-;9+=Su z_zqj(C^7eT`UxRh8!NnMAbX1`cAg+oL*dnS?)|)*T{XV2h=JjcY9${VhT$zn{bB$dbyH+)1V)zT2w%>(n!lo zC*!zXA5ob*zgPw~wiN0?0PxZ+FN=^TeqAbj?Q~<-iH>0=dZ!MA0+1Qvgsl+!tA-+v z8v0R#M>vCYQcGs+P}xlDDnbcYR!Yg~2}TuO)+$9)asI{bZ&a44k{)I#<*to}y|NbN z^iM}X^DjF_z%EflW?fCet&oI&zKKwL++Tu@Jiahfjct_;oskIP-y4+~Msc1>lt=)9 ziiv^m!8q$6W12 z()lA5BVZnZl@R4;KD4}KY^!tEywF!HoT7mbe7He4SIB@2^`s1=7rD4z8mcMS5KU#l zs`hDFW=O@-5pIp+IC*m`_M_Aj7h?k`g1$gCTbHo+?UZ*54|MMgOp7_zB@}FyP%L{VSs_b0A6VMZ!f(^|3~tl*hIqRCM!;qrB^-j7 zM9)e@M3nMAO%p1;8q^3zzIntz!?+_(7oAZ>zyt#mA|arX$#VDv#}RkR6H<13ntmJ~ zYVn@!o^q?mrBqwy(=OXej||4G#*5+UyyH;77dEES!^%oV2Jz`(@cr^;wl(CHNAgm2 zVZGd7%Mdd8(Hhn>SN<+)aQh%w86Cj&lw)RP%h@?f zCXl+DtpL)4n>b6lBNxj6{%o$YE-8zH$J{j~N^eEoSXZ0$M5NHO;>1f1#2}QzX{%6N zMI--pdoB7+c(iIEUsD8T_W2ykar|G_CJQ=!pIlstGiWJxi4tDdO~swf72>~5!T%dr z$TJ>kN{p|BW?CLcWH%_@m51F-xatvk6g_y5NplOtSt`7)J`mr7wp`IT6 z&iFz7Bgmbkcr<_39H)_eN<3z0XWnKaJ%x}lwjb^3eR5d;PTr3GiGq^gzkYjr(7#R$ zO&*Q${#-5$lQlNgwlNHGm+1bq@>AxG8cyCPD+~#^PFWfKu1-6%CsQe^KXp9gxy9RD z`#h=g0k~Q{Ud`=UEQgQ`21va4ry(|!>mZSNuRl|r>*HYgyZ6W@;))Mzx~17+yjhvn zvqU}kBCccl&)oqLI*29MmXOp$-@};f;CQ}=>Q!0+ar><-=DIhdOqz$czg>^F#ZTyS z0uO+SsIxea+Gt3?Su)}d`*tWpBs;8Nss zTQ*~#qV~n^rTC!u3}$A|7%$!X!0aWWg{F4fj>{RT!LRnkmN3zVU=+(?&bzh)60$-2 z2v`?PaMl*3(o|Q|I=i%U;yu@MiF!w?1%Q}b(6@sJVT}>tiYrlzcZkWBZua(y6DNO? z3T04~sMe8}m0FX!j01SIW^@pF8XG_>^MUt-GvMup>oX<UJ4uJwV^N)6?ml2c+6 z{W_4zxGg42xx3@bkSx=`8d@ZJcYE}BDX#f2u_77>w}?$D3K<_^7&Pv&z6iO4n0wx| zD0N2VqauP}X%mArzRND#1WZXhO{20m__2Ux8SF0Bf5^PyqXkczhhMU`g;y(bu;aHG z=ww90+7O}*h>%4KqeotDd(zvd~VNXfZjK-;jPQ_GuhaGUKX z?Idj63Y`Ht=bGy|$}Mv2u$7=P^VsYod8Z|ay+>D9CgvOGlrAo$3x0G+`75~1=BAnI zhk~Q0C`e46D+|b?b(F}U2{8$qVyd1ir#L%BoyL|gz@}N|eZFL^DS3ZWY->^KXlCQ4 z`apyVQwCAIJ_^t`24(Q;O(u|qGQfzrVC*G4F0L#g`eQqOB%3L@^D9}uO-XTqYeVuo zR~FESG2UFGd>q{e4&&Kk#z;Lfx{0wW!Za8Z|Bipm_4~0`3zzF8=$`j=y%7xon+(30Hmn$Q9m)eYT-Ets{=nNir zp|rF$8mw)yPY!VEAGGS2n1Dj7A;2=RP9fygRyxH=Z} zJ%i}2!xBJr!ge9qb}OXabyzvXbssWYHTj#Jy3~h7;E!6~O48b(^riSO6xi?)6qJIV z`8O>|ol=zTiMGJH20HecfSx_46~T(#L<#GHgJaR-HEs7^X=Ca}%N2=$rgNmEo+0Er zF@($Bc!Z}%GxZweVX++XGASt4QWl_i#$&IHETO{v%cB;3hn$G(VtpDeqF7AoP8duj z^n($TY@3C}+7NSH--e@XSwu`rKb z3)Q@OmpN;kZAKJ9ohDdaTO9HF2X*m$@dyU<%Hq&!JFXyD@o81b3`;{s(17CS>KsL%~vrjiW6e(t}aB&=qgVbk4=1nf}Xo7_UTsghGuzc^tPEc05J)D zi2G;P4r4HAO8s%!-dqq?UQ-K_jI3jxsvZvHg;@I*c2fKG27zH6uMx)!5DhGmDrG|Rm zo~lTuJg@r8{9-7A&8CB7HV+)Xm9-xWg`I+v(?G*+XA4Y$sAjqF9TWd3U5iIul0l$SEzi3dCL-g~|#dAM)^yJJb8xltp` zAa#c^zBLSUA??K!YOmXBj1@rfV2M46j48oz*YAp9zA4a*92Fe)pkRTQbTqM|Up~^S z{;{iSWst^H#@*i?bkJ|Wo75~a)!<)gXf|`CO5T;7zZc1jzWmf=zUu9DFk$wR13db( z*kzlIE|r&3XaJO4PPl2;yLwCw|q7{k3 z5lv?r9Us{)?5~U!vQa;?;UhvT9tR_w6z)gB>PC3Vrm|S^e=+LO?JvYmF{Pb!KuT+jR(?71$9HnV>6L-Dwy7nGE! ztSbiUU4|A^7fL(S`;CPcR?wUJ7xnYx0pOY< zQ=n385Q%^*(BB`lua8YsF_(i)FF&Km z*}{kywiFzZ3vBGvL@gxm8*E9Uyc+^}bIubg4yq)T54BwpLYwTyM(j_9fM$Pg3x3Qu z0h8|wok-)e1-i{$FL`y-y(4Huq#BK*UmoBQV!;96ks>uL$bNb~A#;I5UU<^}bG-+^ zC8p(WVGqLF&V0fYrd*7G(vqNGLo$0hvYpu?35lR?$FjU{aVir>0IBt~y;dgbm zZ-rG|E2JENb+T@mfMekw=IVbndb5GP>r@T35RP#cd)OzOHz9yyZ%wNXReFZBd&cxIFQ zp(aKK^aUU<#C3)x~eVS|zaB?T8>_$5GFrz}OF4Gwsc;AecOIZ!X$(n$+j7s}v# zUt{_8)&v-G+IIGPyooZWx?eFZ+8*t?CM7yJ#uIh(P(kiw#KyJPWzgqgB>ocfD?XY@ zC}Wmq8BHDzO2t8EtzJHYAxN7T0UH{bcxpp$p~?Mil#0WyXf_Z5MmGDMSlL0^3n*!x z^63%7DGhce1>d9=85QzUNL9P(@~Od~Sj$f}H3eE7=V$*gxHa%03RfbMYtDTq+xB|- z!}xmXf7CGZnz~9F>!BmD@e+l+NUia0k1#!x8?}&*B;7^a@Y$Q{0%!ftpLw_MWzNQZjjTwt%+1!_W{WU6JqE8+jA5l{-JQ5SCNa zt5b?J@TZf5{40_!L8#%H*OX*vI!Qnog+!qv6M{j?lQ5f-qs+wBzzcx-!{4r3j!TUg zL8E#0DU*d3p-&*>Po|f^LW?VT;MRhAevOL@{C=n(ng@}Us%KgD9YUIGoNK#v#Ji^O zzkQ#;nT5MeRm3;H^1vR^f3SElD&vP&BUhAm*0-`c)`kCyn@{-uUqa|C2*^zc{#s$@ zRXu7$&#ifVF-h8o`uT^$&||d z$$sBr$H_wf?VwLzTch&9GjD%N2PqCi6at`j!%yf3Yk9hSM{5tz)+AsqBK)H;J7Ifl zVxo-MM!m{zs|TV5jx%e-spIC}0V1_1@~U>|tGpRO(@Q-v6{}-}HvyL$GEjiKyhQ-Y z?%r;0B`B*hoJRS&LZQ#g4@(>lo#;>uutFB4#;8%4=&A-oi9ceyecJ6ZzRT^pJnzRW zEfTNF=%WkG__$yiR@zaL`7M1H65-Me9m9X(0PFR9%=7WIm3d_Z6D9L7-1DDv=SWow z2Abal7MP@14hiWNS|3C4E0S&KV~ae=bI}SNd;XjQwEZtvUu9Z!ErK4+UIgi~nkBmu z-9%_O>z?&^_O)3jHv>X?3X)hd9R-;L&H=8Sso@SmM|=q9f5@H=`c-E34ks5ocz(I) zIU&>E*o05NV)XDX60HA`MIa#QT0jGFNQA$>5h&A;%@n-^GGZJ_TI8H0So%EjDHlA| zSA?I(g4|Qz`Pi6<1e-O~LLEy_^e50zUBWsKH?h`XTFls_bdhW-Gfo1Z%oOJw{Om4S z(LNM@*M zX~9Mno%i9Z3OP6g0gogO)9oMT90s6Bm)R0?V|M zh3xdRGhS>bl^k)oTe(pP*p20WnHVmFH6opLD%=>R9Y zW;@(5P6(<+G=5YgM0@+(tk6!q+FlVRJZwEdC{d^}%&Kld8}r|@0A2?8IuBP@;jVh# zW@Cr0KG{+W`#;COXfce~cSLLeyOqzQzd=7eAPhl_^BaR`Wb=2`1L^bbe0ei&=mn?o z_nzdLpemcg^^hv?gJN`oV#FUbzZF z)wSd}%?Sm(3gf3?apma~^!Axb`Yno6?QU#l6arkLSf@Q##IR#2lcrNyAoK|7UGjKx z0&ZmlCosv#w1DS~1U^8(7%KPJ$qgjCXVR1{HB(JQ>HkG^i9k==*c@xKpL10)ZIHJe zF6O@t$N!XIR+1bxG}5E;w|JK@-Nf`ccB^w#?Q80P(`N}Hh?Nc3uAF6zMpDtHvuQ1x z@1IwX&A)H<+T)++-E?he+t=`j^&kAJU=|?#y%`%Q=#Z6ZKk93`vr6fe4|A}3zZ_i%3Ek1{~{_cZ9;c%SiBQ*e`smpghp!8SD>{$Bu)j+wHuBr~B0=w#=%0?1yq@$b?`wxxm}tA}B0gR;K{o_i z;d#AJ2!FgwGG{>tzOK)Y=J!@CU2~Z&MR8aqlByQ!d+ttwaAb;DLi(J*9Y~okoEx zs?q^mvc7{=0SxME|Av~mFKn)#<*+ro%t*xE7uG}1bSI+U`CW<*7NkvjmJGVPlE@aJ z6(ij`1)z8&P8V*49Ntyv%1KRV?uA|tvu#oAhb9?~c$3>5CSG=@O#;AklOQl`(r`-1 z1Xu?^?L0701kg51A?1`wsD9Q8lwEO`$JE<@3G^5Ud#E)l%ou=)qawIy)Qviunofp^ z2O49I6f9(iCE3q3P;-eOIIOB!a%Izr)LSnbZFGJVAU9dBjpV5mdTYRjjiyn~Ep0eb z6_nvZ0^=|Fn;*8h(%R3%4U_vnj;{Y(x$NE(>VC}~lrh$_hMyNvp0f#L2TJXqBrY82 z{CJg1gwkjRjZ_1)9J&H+Mxwj{(3|HFYiKPt{M0&fd$Ac6!XRg;GsnjsN|4C^)}chH zqUxotDQ_dq;FBJeRF&4csTq-76#cF(L#L}hOjFdAA~ho}0|0#3^V86bR)_+u=3jO7 zOU~A91MQ^SGf-jZb%@-b19Qtc&;S$`TBbw~3sxk$L{8~U*sFvH7(k7O^#{hwIm4HGUD0uuGtUAB4?kT?#Z4X4tNuj`t#^uInCVxEO2edjWoig zX0Pq#5Lgqi@xX!sHX>Vg59-ZX2SCmYsTu*wfn{Wp^2xi@F&z+09hYy4o82 z!Qu5IXvf@jANTd5gB{Z`Z!;Dchszb(g_O=KYM!kF&h*Bhmj54JZy6O=qil-?g1fuB zYk=Scr}3r<4#9$JaCd^c1b65rNN{&2xCQqR+}&>H+k3xv?%D7CYQ|vw=rOuh)ts|t zRgqK}r~dK!`Og%<1`C`mI!Sqi#=-9OaeTSYG#TUnPHPNsKPkOzg^HK%457^dYYu0= zMdE+$lSmKfh5H@>WIe(QO5L}99eqIg)ui@*#dK|Q5xNNiPz}ZXV4d8_`7;#jqay?T zn)Y8@d}0I|49iI<{g@*YNTsyy$`&)DN^lAd4}#|{5_;taMOiD7dTwM?r>v~JisP-O zzbCtcfsH<}$%hD}#J2ar--Z1M!o-?GG$2U)ZM{TNLwVcFb4ee|`vc!T?%I1G^1&Mj zB^uueJrghkU|dP`m-xv$IF z`pAKm!j=`?PTgU{Q*D~9BQU5D$me+$nkq_N1Td6Yi zRgfYB2E6nM^8XK>@J~^sgZ(`r(ja@Z*rRFR@IjfP!1g$J^j|5eO9N1J_LcQeTK9H<4!2@oPY23N+O~c6s zGOq<7v=>(^qRu2_X)=H3yXx0mzdcf!z8x(UjI34dk~)T8KXXev8n5V4Xzaidgi$3W zj}~A5I$%m0jCJI2g=lE>LGuTcL%n~Qxsq4H9yHR>*4GD@R2`g&o)n9iB+1AQcMs-z9Y$JNshYNHYAS;59K;VA|E8s?oSId= za0KaGgwLAQ?0+W}_LdH#Y7B3_I%>s7T^-x)bRIJ&85KGw9gPGP(AXE|UZN#rsU1`Q zYGrDyaMmUl+hXn`^+Bnm|C>!pAj2KG0qU{Ygo~Hn^!EQ#m>6-ZezGUzDCS>)adLAEU&%_gWMR+*0o%Gpf&Y;qiB z*lW)PJXz||w)aZ9&wP|eZTheF2f%i;=wdjrn?|DSE1=Lvh?9^{C7wWMj`bGAx-I8o zmVtabhIWqYt6hp$JDQDmCfQ5i_Q|$S$72CgeSzfHdX|w*!YOPD7R6is=1Ur>wF1vMpNmftP>{aFUCnDZ@SW5;zv3YVTB>EB)s8xQs?Ag2qyN3DmZv>l- zae}Kn_(;kvWDC6&+ee#{+^PBYh^Jvlly@&TZ;thBOa)d-GO^CC>e@JF`!{R^x(8SP z+WlalZfiSx4?h<==~3Q7+KMy&e}4Y|nLz?|={}v-6rgOLCTzlh=8X6*SBq4a45G{w{&Tnmpov#nLx2vxKZAU8Kd>>zuTDQqp z^v7A*lX4808x-+0d`?BJgyz6$j-j?xCDaZ?`Led@j3&J@hHWOjqQ&l7j>Ej44S~>^ z$R@A$T|U2ri;l)BBkGIWk~5mP1x#N5A%uwhlz4l*^ENRKY2^G_T{Ihk z|b~^B>2}_KDiLt9n#Hn``r1_mAZ)6Lt^HGr;|xB{(8HQTs}^Ue3k>_uLoC0uOW<;S z6tOY}K|%oE2kG|>N362nu!^USQiP22c*@^ytaC?a6?k;bbABs;1dTq#0^JN@emu3s=>)X~t}I>x*bRj66jnU+i?Clz)SZ zGXv94j96sSS!N$L$G<*2m9c`L@TWLg+JAXnlrj+Be|MX8lT2wL_Ceky_ilTZ>E5A5 z%%rT`x8tVSu+IwX-C)06Rk?w%uefdn0b?v^O&}q&VPs}u|1lq7&`@*#Nbwd9W^0X} zMxK4Vz5dllkCogxP}ZG{`GcW)vrDc##=5AUXE1`Kpm4SdtK5S9s+qdAq)!%+r8-Ae z)_s(@MXg)-%`fITaxs~cw@?r~k2EWh6gg4~vSI&1{J%l*-xMbDGskPBTyU?nxfarV z34v`H`qvtOl_2Pj8KA4{29+_ENDI8Jz)|1%_TY}8jB6&-o{jKj-w@U2d|88y0H;s3 zCM$=C+wn?7%AdiDoQgI&7!+g}0puwv!8092x_94MLJ>d)r4WAWmJZk4AMeQ;n@Yx* zydL}dMyxE`gELt;=5u~=x^|$mGNgaTN5RYjr9sg%N(5CPe1Su z!&{PVlSryuV(k9@z4hzIh>h&0ZPu}JCbz}C0u2^q>9H9ohGoL41h0m?cMKz9JD=VA zmR?VX=&(u|Ib0YN@2DN60WM*g@GS*6T^@oh8KngaLmaPf0=*i=q?QwUhBFL%6z9}J zW_pf=d8^3icK$M-eFH#-sOzUya+~c6#!VKM zZwv`wlQnq@oRlX(-JTPeyy!Vg5s$_xHaAr2$^AsihqYx-HgX z#`R9Gj?i5#3aYhkEbr0Sq5!QZJNxlJ>cs<=$y?Q!;WS#3s-ffXD8%>QN<)Kd4^idN zVwXrdEt7Y$-y%EsO6n>2em}^Sq)yIh;8JwnAH(qv1^^5~gAcdB34d0hN^JseCHi;# z57s)ar7z%M%&jFtjiN6x?rIty@O-i|%`bk9bwzLrt%(OzuzRN_gRyYU>M5m|P`_77 zTJ|?;IZy_7mqJgcRe zD24RpMh9M<-|!5dsG$Agx5$3bbq!ssNM-1l-!WX2JlFLFCz01e{&x@gmO(R!=1nlz*jQt`4lSu z#2RhaLJljdMCI5#+#FEB;w&AiV3S;Ic<(&O(%+#lj`U;guX2%3DlL{28XiNrbrv`C<;L$!zaUkp@@a zN+YisW(4O{v`;Fa6;b6MX!#pGcwMaz<4hg~<2Mt{t*hclK>-ilCaAhoz!_ykX6<6H zyJ(x#VD&f&>zzNV+z6L^lqJ5h+uyWg15)x@}4ndvo8{^0iZznoDub| z(CYVF(i_5)d&Qlzt?kA_)%A{xnsT!SyK=l@1n8&^+!9PZ&I7c=K75>md;9j%Z?qRW z*)u7n#OT0RHKk42=&`c%kIXfzHtyLH+pGS`2r|NC+0pOt(8g>bfl#Uv+IWL66oKmW+H zwxR!5Da<24PLGl=KTNiM;nGYBFVj6@5E%R0GIaF(t26H6-w3kL^`~9${!TUKP+buf zo^(3vb)Ei^`FI~#Vh+{0pBUGv8{c~`RgMZ>z4eSDS~f!F^kzo!%@N{^Kw_@s7~@Oa zD1s2xUL39)jL$GCVO&C&C$?lWxlZJ)I=}k#91bXGujRk}wmobpP@7O(v_r*#>GS8?3}GY1}m-NQ5%U~*1kPGZxcL= zF9|YW*_oxJ>Wswh4^EdICX=pvFq@x+9$&bIo1F&=Y@bx$pD5#Kd~^7v$F?HR8k*Z+ zLU+zwFBOb#-`t~$vsfQFr;Voc%c%~|sB%0>Un94L9%-ixFz)}3??QP?S0Q%k@D^_y zY9elMGY9%flD&qRy|6hjX^phH%PR^d`wI-TLgmJjVoZu(oY`k1t}?(*Xuo9Wxm+cz zLu!%vh2xJa7(}HHhndToV)*-7zIv%MSO7W+-`^FxHr+hirsA5muf4xK-#RZ1rkgjs zw+6ZPCLYeXhR06CY{}^V?2IaiWYl1R-@gcRjnCIco3Ji6$Nws>A5`@^-dkx}lI!$| zmKq=m-GUVp71g_~I{P6&WlhG!q?n1X$ov=`RL}_(Q@`w4JFOLIK^Od3S>KaB+>Q7@ zx^RBDWxgut#B}a9%+{tuZbP@zk3Ib%IkcwJMD32vnbA)JSn>9);~^}^x!U8_Q$p## zAB?xY)J@7djG4Dv+UW9g^228qi_He2uiURDzY#9ZxY(eFrq7jd=-(|97Q>?dbZ`EH z{r^rjqQC@yi8fBj=KVklL0u>s;bZ|<^LKtvb|3j?32B$Pd{^(8VyXK2F@Df|DAU}E z;4+ia_&jgm>?}wyXd@OgU)vCpjfPB5(Lp^~IbcPyYp#cK1S!7)BvqETOq^2=0647Z z&PXS_2P-)YhCrz-4vW*d+^4miN0Fd%7B5Bo&ndC3`S#X z=v-t`P9>fYE8j;wCwh9#NZ?yi^g2!Dgx$5R2Pp-co#caEFefWt#{A=qxO3=xIa+0{ zm-)B(9(UVlY|Huq%ZT^e^-lRs4)z%$0bOl{@9sW15>m1mYQ3qz>Qte`4RSnhe7uK< z#52vs|0SJ`HkUu--sd$C2EUV!2Qc$!(+grcJXI0piehu5B(&yMNDsmbc9O&jZ~MKg z5I9Eyw2v}gB`4UcCoOb_$i`+mDPLRZ$1JWc-`9>dbvr{-FVgao$_C=*i0 zp&P$@ZP;g_PS@x^`L9YbGRZCuXO&H9FFTF;`n2;i&8<>NBbN@DVI+0L^y94ph{%D} z1f90beHnDidyBe<66E|!ynJ=h*U2kQdi-a2p6I%fhnimfEY~HpFQ0$a`mofK8ML}3$$F`~$W6?F zBM$OP!b1fh4T`pZQ`7%P9SO+9<|0hUh*By)sJu^0zviy6(B!`G`U@BWT5*^J#F3Z( zlo<<&kd|iy^^GmqR2GQ^fb6hFJ~v?fPVL<$sgxCY{BPV+Pob;@zT;ksp;U7o8M`bQ zACIgvgzDs2Ia{}EpvF_qoXF~O`v}Kn0Kv>X3w3A%QP}rwnxy@ca1VZyGM*i_<2u#V(kG9r+{iXV_<8e@Ibr(U z0iFJXno_N3USS-aZObF%je?rBW$#^fU-4U+_U#_!6n!j(c)%bW^3;%M%F4ZbksH4O zXCCcshrsDf)cHqS_CEIK=Xek4C>!s4z`{s7qhb+rY0RzhP*U&e1gETm3WU=y$((7x zlUqA*o>>&?6o{7+X=t~($1^>i5=pC$akbT ze7f^~#SqEybz;pmpi$j+^^id))m!eYKWNal1zUdK=ru>dC&?It|cWy!Feit8L|VKgl|7wHSBlS3x#7zYos& zV3`pVd1W14>F@9af~^p1Y0W|bVT>1)Jbd=N*JYnS<=ekB_F7fJI*C-K;Y{1|D{ErVL8rYE>5B`{5 zPS)D+#|u1sX|g8kf1Zkt4G@MWhZ=wFt}9qk@0a{kITw7cM|XYYHnJPnuT~=fnA}sw zj;q8!AkH&`li$kpX9=R^WnZ{}LDtuWKg3zwwr7$j5z~a^!HNX0=vw-M!^)MD`gN9@ zl7f!4Q8l@3)#QwHt{|GVz9uZtGB+JN|7uDR|83Rxc-rDhgKauXx&ER+`eLJ~W4iIYgG+rrs_q@Sg{1 zsW)PiAs@46OBT|03ErqH#@ltnS6%SJGDf%J%-Se>68=B&rF3HK2t>9z8qvu zcfV)Do}d_QQW@#4n8s$$TQvLpcoSH0KH6H}i$o^5Aig}!w5)DJMv%5S$*jCZQ90tM z`&@thG#_p3jGM+j5#sI8uAPG!+SgKVv%_U79M@gvwH2k$^%YrzmbrdhhM8|*hYHfX z>=2Q6Ns=g;+eQPE(;|dze`h52Q&$HWHzEBNZG8R3O^iv{7=Yr#Cl5Fd?xjsS7CWNp zJ(%_*QSs_2BTBz=rjV8i>%L-~fui);qLKA%0*rC(V&pi*Xl_% zmWNg~{QJvhbIB>~I626#aYl)k&!sFokw2B19+nPug9o?{{a=p-1XDwDEQYQ8=@Qi= zbZgphTqn>{=FrbM^uktk*3Sbl4iJrz{2OTkmHqRbnAs*4`qzA79?an4Ak zmI|qq`>Y##t5PS1k~SsiKadDeb9<*oO6VGNDJ@?-PUK>j_v}h&nB+zQAzUcw^+5B& z`fT$2}I7E(}9)!^H7;#b>xB9N3)7LBJFh zyWM9XgrM#{Cv6uJ7i{#K|Mvq99)^BcL4n7PooRtEC3zv2lT|M&bbrdE;fh>Y;=Xj zjuBURh|F>qi}NK3sd&u_QF}_=SECm`OmzBj;Y}Qjp^`(&Chz$CQp#O7F9*}fA01_4 zyi?kVqgX$Ex@DpZ80hkMPzmy0W5wDj-1Jp)yl4KH{^Bl^BvfQtKoS=!mQ99#B5@HX zObeXmO^OQHVgY}hsdXmCDH)(@j*tgBG)g?t(reQ2jEz^qf`ehngWqNGVaL%$b(!-hA|9(>RHcftDWXdT-iek5T!tY)`v-P4;dz{?IhA2K@a-hNke z|C|aZT}-)1_5Q`Kg`m{x(TcBOhV9{5seS?FIpy-8qUbvM6;9Li$ zjfI-i7h)LMt~?}<7LDs&Z}H2o7>pKRfhMbFCyJB7b=;+^gK%v`_BJFW79#>umq=%QJrhB4PciiVcxM7VOV9oSz8U&uJO@OA$8ml8QU(23{nkD+ z$Gz)fSeUc3*h3=X9G8Z^;NtiDyI0I_3peZa5;t%6c>C1atdj?HFZPdH{_J!(PeF~3 zy&YtTP(_`nAfnzTYb1XDDxZ1@cnwGx?A5!@1E;_hr`PHk!JpfinE;T(j0B znxPB(LYv!|wV;&#-Xv|YEFZ>O;9)^B^x_mQvo3t%2hm0UlC-Xdx2{2T?yvpl5|?JT z`dFCR8W|8qMF3cu<#>59|EXy^{_(iYO^f~eFI`%n7)mSb89dNS;kf8Kv?j)SN0N&t z6Hs5F+!vaDg`4%vMB{SItie)>ek_c6y63;lZi8i;eqS zd{qqrU4VTAb}K3PMr+h7u5)ft;XeCU&ZNZyuI2jO;J!$@3nssPbd&P)%Mo$d=^Kb4 z-8lmy=+l-yC&;UQeM7UFv`d@7n;tSc3+Ky3sduie-#+u`#EL<M zsP0-1%hNd5MXg^cAXb^JhF|4NPAW6_>g$Ql<#C3!NZYP4WSBxf@g)eG3NAf)og3~c-big|2r>n!3xpl9YyQ~CLR3vXzo`m9tZCU|F5(a!0=B%LXwtj zRb<$eQ>=e}=ckCV7i`5uYP%g5cHYm@ccuH>95B#V%-CPXkq~7q7Fw1y_wk6S!Qweb zmuO{Xr;!0WVLu4hq%V%;-q}#lN2rzUlN4A^mQkvR9{-^HLWVSr!vJ=*MOXpf&!#Dt zyvi_}eE}<}y9h)aJphL;pvZtNwSpdaGSvNw1B)y=9+cRQ+IO_%n)zvVX!2JT^z04F z6)kQNxG#r>9N@2B#s>JfCkasg>J%RV5n(C@`T^hgJzdhIUs$qaMWD36GS8xi})$esQBugJ=@M2vA0DZ z>hT8)Ml6*TVuw^7p$l=8(jC{N>-&RKPjA;h54+CPkLS)07fZbX2O!LdWg5hyl)C+i z*>eUu(qAAM;Qm?qAl^bTq_N^_?U-}puB-CcQ0F(;?UjJ>S#Nfpe7~o+;`Wl3RJ0I- zf(Ono{k)yb@Z&t-y>C`wQe0a+?lB3B`z=P`fzN7X;NAeVpas|?$xkE!!aICa&4Cac z*gMQO0`qfs{&qXvY(n;*9U+>SkY{Gx;gddtUQ1oU);upsBGVi z+YdCOLhA6MO@pL#QXM0Q!;X%xOv!Gb3EcNl<^N(OgIhf7C;t)tZQP4pEf1MOPibYP>7lw-$j1SlLnsWfaAi4RGNznWaqS(<)U_k4w68damK+HcB59>o7 z%-QFa7=^;=CY`whnlv%Gir>3v{}VI)8$rRr2Rbfrf8&BJzOb_S!0dgOVEu;l-zn+^ zsYwH%sS238HE(a#mX1mxgnu^v6i0&Pc>JDc^P=@#@@&p^-^)~9vAekMik%I?cL$TS zJjr7%%+j9nMmp4>WO1kZA~MESqXt`W7RFrPjotFjRoM=JtodOsq;x`MK*Hf>z#>NiJ6cu*)Ao>r9 z(^z(!;h#o&^k3x|K>EH%HEDIm!P< zC*>CiOh*dMw-slv3i0>TguCWLUBf`1o~<68Nk47mb(d`%wKY_X8`3A&KkINlVzB=k z(V$kOI@kRN=#Gf=>^_v%A3q@|vYKS&{ueoejSWbYwq6(l)U)Q4B-1Sf2z+HV`+kJd$DZS=$FPiJ5CZ@;qW>1HFFLF0X1u-&TcfCAIbgJ<`Y_RLt4ypqaOF59_3t8j`*}x+|>Vw`S zW)^-YrkR;{Rn#4}&6=xRh=#uXB#d0>3GyLR=9%P06R(-cZ=47QuNh!Ff33#tOwS)( zQz{zoL5s=10y1_%VkHZ0yx+^-E2;lW}{uGu+J2U`!`n; z4syL&B@0*}o17KIZejj$6KlGGVej70pn!^}r)dF1ao+ui{L?;_jk~>JM_0-)xPN)Ccg~`qQ@n6#uIYAncFRL_dxzb$ zRjhxMVs<@439>tDY*%tb+3-VEjC zj{CQ4%MJD^hkv+wUW;avJ@))QsvUg$#D>_9Y=E72m|*5|bT`8?>CfKxA&x?H*Lq}h zG_QndzE!iVdaf`XveM}`(Hmc5ey}k+D%`r)e}$Nj+B+U z!X>pW$H-s&D$y#{r70+F-KJ}fL{gxubvYTOXETUkU}|D9hIRL+7jxJA5%rH|@$1kq zd1AJ;taC9t9geB5$Kg`Y`lm{spoc>$I`LJ<&)=y`@7_kG*99uCBvi#AbVxPH zH92jbuaa>cgoxZT%^P5Ppso6%aGXW~|L0|m+wP5GAq_3Mv5KrzRBjX`E_pDa>chBd zh%h*-oRc~Ci|B5zbNadt;oRw!%qaL$FIbU+g)?>7Rd}TJ_m{gq=NM1e26cS=V$5b@ z3=VGvHg*=akfI$k8I0{Qj&yM&3;@`kxr)m}l19}(yq7KR$R;emU72P}2;^Db`@C1Q z{gbO84!Oo%D9qS>feaWzJH3QQR+E)nW|aOhx;0S|~$>ZCdP7g^^JG z{AqMYTb&EZU;PL9`4fKNV9~ari}~lzSOsSlBL>TjLl_0$$-AkVu;aUDmz^Z4w{ZB~#`HD$N3>2zariRJavh0_x!%{oA8HMrB)~dzAw4+p?OeLyVb){^X2tzi zGzNve@hx)Wdx$UZ*Jjp4)%~}0fYTk5yNq*59*;iAPHyg7CT|F-d^q(CkSz(dmBkY#- z@V||KG{(kB)em|!?T$SWWXei6xcjk(hI1-l-HU%SK#0@Nc!Rkq@(ul)-Jn|x&dy$p zw`lIuzDMU1Uibxb$|K&h2M^7xq40RZZB+BPPh%D->(}be?`1*3@E9iXht(rHaVFd> z%zSJjKqkb6R7xD>^;UPxo!wnYUELN&Cbase$$Tj_O?9?GyoFsl!Bqkron@Oo&x>Q> zBy~;g)pmWBwcd7bEfgg^ZH&_wU4(i+iX}bFtQcw8lqK9{r#dA-vH3UFk0cq%LXUCl zGJg`L0{6`lEc@4ZVm|6)-yJrA+`Y4bh>?imEFs%1GTn7D_qf5 zGN!Wf@?cFJ*3B?dhYRmj{STH@SQMLd5Jl{AUrL7EJ?4MF#0QzKx2&2Z*#nus(vuI+ zt@XqHD?VT&-+@n>hw%FKGk&%ef#P!JzCw&;`3R9trGlU^O05kd-GPP2@xrSSV? z=Tyzcu{^_sA_bFWNc%v#vbP7$OY~Ky#J~G%T&(iIMIr}kn65v)byaV#T=an=MGXh( zVck%{4=dEHS^2&6{Tn(4vZ1Q*82KB#$nP{pg+i<;y%z;+FM_`EFIkaQv92*JmCgnr zL!I&b-%EX3rWCt8%qQ|shRPEHzsT|-2aGcH;3H~kCiL^;VV_7&UdCF$EOL|S0g zp4k~t3&9+XstXh!``o(2>-)=oe?R}(LaWa_|c-$PbN;A3p;=-=#|Am0Zm_(EBcr4`c7Wo)B_t|XkTuo~iM!~3tVt24C5 zl7)bS(l1%knlwv^$08uc%3^5(ftqhyt*{9|`u^D?&GL&)GE^h+en zDNA*Js_ZN0ZZK{Bswi}2M`qG{8#XF&p}4UzVHS*p-Kozx!;2t9y)SSk_$bFwsb)QI zG5Mjljp&Pui=BzcRXso|kG$BYHJqtD%yYSF-dE4J1J-#)RMA3e7!*5dGJM~ZVv1(J zOMu2)Ly%yZ z|E5QF&}~`__1Luva$n@)>2IyKr?~Olc3}b!toIQ6E;&2lKfZ2J7pg?@t%-frjUbv$ zl?UU`EuG}M1a*ANJXJ@Z%q2+T1~C+$thKWi;hpL`4IA!0O)5iD19@n^cHG%XdQ{{?wbUB~;~HDdlnHaL;=+0!u-^?FZ;=hPKKR*hULe7Hf z#}8|G#Iakd#Cbomy;%D-t9>f|w#=;(`8;S|mY8v>rck__NW%uM10u$CWJf;>PU9`W z7mkMvrN1jHe-G>Of{qV7SRWO@*{SJw71U8_EbjYACuMZ)OyTovNm4Yhtx`JeD2jr73X~aOGBs4z#>ZJ1hq&=*T{g$QM;2tQAE+xYaE3^+n*zyQ7d=y_?_VK zgmm;`Gi9pQ;UnAOMAKrUJJJpn^Yv0v*w>!fsX3D$ZTFZb<|dz2MOH@-uKx-(l>RYT#N!G;{vf5Ksw50r*a;P4WND`| zi`{n!WA;xyBvUwBNkKIJ>S%7GWnUhMulL+qp`iH=vjaKI^BgdqO5D?k67t z3}hCa>g3ZKGB9q@tTgDYqD$->*Q{v6HzR0;XoP&=0(p~s|qO($m#TH2sWkQ~OkUQ+D12@ncw1M-*^SkiP zjcI?>7297_?vykAfVWS|**r3_J$TCsD&fE$Tjv!<%~mw}oSZ*I2lXutFtUYP`v>Ip z@meOq-J;483wgUSkwrO63L`UdJ_l6M>N&R-Dcwn03`2{0G{rg5Eai!-&xV1?F2dvj zeXy(3G@&@>ZG0F6eBj(1z7?7<*;lg$4f+(abdnUH!0*`}8O8x9{TuiQfZqIK(E%wz zsER8M+jW12_pIv@7K6T+sB-nYVuV(=N1ijCoNB!=5_b5~D3{$ppnIgx^u{BCXAt!^ z?!o=l#tx%qcJ+SCejQxZZe;NE-oL+=q^1!d;TTTjw4*Itaf&@E#SY`GD?{@THM67! zdF7s~|NL-AaCle83WB`sg;l9a_6D>BLk}j&aTjzS9NE4i^M^|3@n$Oi}`D3#m{0akZ&soy>`;o`{+APZ)I} zHGSwp1hOO;U%hjO)48a+CMmE`Ix1&|HS#-o^2kbxQeqd^^8?=qg%tuJ@CwqJ@&wkX zA9aaW+>V6wG2J_sdCnCuvnt4C`JIx!5oZ+5>U0Y22B+9rPfKK5$X}o3pl%rxLrbG% z&`L3*9(=+bJxG<_1QT7H5?^74>uXP4`c_()eA{qr0a*KFh*05vGM83d#b8um_>_q- zVz9>0};V3huL>oPsu*~}pc@Nuc9H?34Xel(3EQ>$nkGx+`@S0xg+X4pD zoR5lmm|f8m&tzjs@Xv^5Kc=UpvDP3&WDn z+Uddj5rw89C{{K_py9Z8^!*?$z1mUH`&juxht&i&3%iQiE^!h~AR}iP7N81hDns24 z%&F*_4_xN%{X> zum0ypbWDJ=2NF0f#*@yXhJ%L}O zZ-58gu*cSI(o2FcDF-jQd!F*!YD+Br_y@6a{&iL=ZulbCt_kA$0+&`Qe`2lO-@|<= z4&G_RNdZcY9XOFa9xpdURGUtROK3}PfDkmcX*V8tO*U~r0&TnOh!IV4vUFr@mH;7M zloHgJ8JMqUH#VQ?v*M)1fRS`P*aXD`VRB7oOY&ju5ZoNiX{SjYA6L$3QwE7`^G%3D-2Jj1{T zBWijndzK`iK{AjYcrZOSCu!v{t<4%O**^=Q>qI*+4oZsU?FG_(E$73<>85Ax8YdEL zKB@8*$la!r(O7f$V@`=|%8nHpKpS+83WB9eehC^RUi@P^<_P;Tq89jg**tb@q`+K{ zu-vj|*>0(*x^jy;x{_qJ`jM)yXPjfVyQBOlQlAPZmWjSS6&|GgTC{9rtqBrCFrOm9l5t}&CFNXyBbNWRx9Ai=F&sA2nD zdFgd;i>=8y@yB>?c}>j@QPM*WXX$e`Rf_de8o_rkf`hEtnY+)Ckw4tO{2$$1?&G#x z0*Sy{t%~VRnj4}-q$b+p8lbhjJpdyE+p-bK<0HUT%+wk_Tmh_$z5VoGnjn@V+@Ij; z@+rqmU8P~;;y5hZe?Rg-yAgZkpp_FM3bMI$alXBh{TZA)Pf$)j-0(Ym;V`^Q+`b8$ zf7|ivOG9?}K^tT%IzN?P3c${WDgt(7hg`MaYgl!Kj}&iyj>IXt;;AYVrySV84G1 zjuStv2?zd6q`z$i0T9dp(B?XXoq5DnAqET3O&%{zOo@w8oI>Kz_ZH_zAR%i}NA3MkIB-Y}tiNqi0*N$=(XhJCN%z=MnW)IX`)ZnN+{92j@#1GHI0Z(TES z6ZzW0QtYPk0pT4h*XXXj z(xuGqN3rA)D3s7qJaoyN7u*rb%d>ZYIW^@>fKnA-umnz0^BEOo-qp%a#IzrWi?YG&} zQ=(t~pRk9zE#|v}!@mNQ8EVs~MFC|@Hi!fjH=3j|OVE2G2F%G*9cr8N&{85%M!m5g z`zx)R7BAOL3LPi*zug;4Z(%npx1CIa?MRRT0LkQOBk!*G<)ME>qiQU*N1Tqe--g4Z z%T24;X2WSq9&HtAqhP7L>aP3_`DUo4&HBCChJV3wSo>N6a1bLh%rYryr?4_~;HOOQ zY@)RRRkU;>@MhM8-$hLIKnODKp#nsIcOvG-~0E!jQe|#@UUe~)@+c-vn|EVXfpa?;+f=G2whgb*6RHAcVCXPkXnS!H%$+H{w{Fv z&-gg0fTU{~oQwoznr`CkWWb2EnL&KCJfzahsZ5fTO;PNIr}@BKF>T0-mj3rdCTmXw zmtc670MMuMM?A{D0q!;xyuu(LieE5Qb3v%V+uA3DijFX4Ils-x=vSH+CZ`gsJ@Bfe zb`BRklc~6cx;PQCvysEF__{L3o?BWaO#3n3!e93zGu~HI_RU{n;eZ2S@idfO(Be16 zp4l>e{c!2!XO71#JW`fED=MAR|pru+#Y@H^1-KL-O`NKIuY%epdcUZM*E7goLJK@ zl5w9xd#)Sa!Z}|YO*ShM$^%pomTrYy59oBst+Uscx=T<1xU@Y6UI=`$UD*Y}HOx&w zXz@S8fl=LKGm`ep5Xbi>CL=Wc`$PWUUcN3PBqr}ID@}l=n35+A%RQ^#&FDXGv$t$l zWesDXvIP*r_;W7NOf+S0_krqcu{3um*7*Wf4)29D-1B-s9>20e`@=VX;x30LZIs4N z1FA3|Ooq?g;K2`ObsFegU-~0Ig%viRK#i1$kNzdSI=$JyfD8)QjVSoe!!5OZhvf17D_N7Jjo18K%$ zPWFfxv`4nBGRXFxjv8J4HA2r~hp`=R?=gDlQyQrS+&-XYBl0BDY#eP)(X7vg?iP&b zO~i!aeK#Ge)J!&KY<*=^mff~CrId7cH-dC`H#~GV zNOvRM-5`zRLnB?%ARr*!ozf`{->vW7-`V5r^Gk>D%X_Ug=e%mhuzpKxsu;F$BP#~I zv?A8eVj@cCcHz8FI*J_bHlFRv-WT?IL-R)_w~)R}+SYZd0`@ZbCzgcz*{6>=aUhVX?h~`#$VOJNSm2 zp8Ubnv@nhZQC-Yo1i$JX-R1r0sb?uf$-)Mcxf>>SLP!=pxq-4SG{ zjD>cOcs<>RTD~3Ed<-@~*y)59iA;`1CyYN?bmi?@$ZE=gjAL&`Axciil||kcphh!X zWL3MxN#ly6PN1T42h2~bjC9X{T0~O8_ezt8aTx^thhMuNr1ZQ9ql|D+>!sSY`&y1a zB?PJbYGeDVucu`e6P8CM@$EAVbOpOy-Zyrb}9%3o10h6RTNa2sKASi zf9!@zlnily@0F0AZnKcUb=E90S-t4&%VLF`l+uw;MD?PhiRAFCcBmRHb6F}ziqowLx^&S1|*E)oSosfU;6d3GZECZDqZ2v;LVTA}|-+IK^vOBj7 z1zxUz@mSG{6H3B==iwx#aCtWn}@e1aqTT zl8W-r7Ey!-e@Zs*&q#U75gD;D)m4GS1Pe1ntYWoZ$1@dJkxWdQ;Vt}Oun9Gszg4h( zicM;mNE!|d56h<|H6Ey;^TW%^0`%tC_}~c=*-!u-aD0V*bH3F)APRrGf`)zfJCYqR zyE8HrYjDyR6H7Q>-oK87Dp{s;*dQjV=RNg;U%2yqFtZDl4eT`Fa8T>Ub8>`u-ws}L ziLtoLw*bwvnrL;{yk%O;D1Dl?6YW*BlB?cr38SMcr|0n{j0lLT*V|?uM6RDaOGcMk z&6g^@Lw4y_3%@{4i{d|3yUszygPOOdw6pZpt3G_C$1uBdY!ROFJ|lX$Q^Gufey-rxleqr*%cYAkRZHm(19IcK!2cD1vvmqx2<_+M}!~WBm z8^O}0u1HBp^Z>+m{@1TlD2;Wa%Ax@>;DUxmZVlk0{|pjt$y`e$CIrAv=nowk|6RC) zfx?}uPr)z?M%n(DoU~(|o#ssWw>fVRfSI8$UOIU|raO&HDd)^>YNm>r{sO2-hkIi3 z9Ep#S@v#Gf3S&5QkYPI&UI~BN+fZ}&mWNb+t*%n+KQD1G zK$-Pp%JotOp{%QuTEAJ!`OD0S#0t>_a$#ouJ4q6u%k z@FEBK!lhY8i)OYuQBz$jwL0vMG^`poOXOH{ZdKts$654zd*BX)rsaG!Y)O`uVe(e; zpj=n(MtMuc;ihg+Ft&_v=cJ@=3l(uK^*L}{4R z#Se%!zmLR80h;73vMa6X*+L!k!>thV#~GYLw?ik%A7EiJRN}QK;-N+{`~0m9@4t8Y z92@f2YLt!FR^h{?K;!-A$yvUCb07b6=L66_KtQ2I0m}SeqiG`xDU=#Y;#8@p-2YZ= zz{0HL7y_^SFEK^Z7$F20sNJ-qyRG_(op&nK41`S1w@a$yUwlk{m(z1kNyklYWv9Gj zCN`Y~^(T1o6(2}BXScT@D0<(0NYOZybDc%xb}?c8FyN8Ais$svnTMMz5}D%6rJlVu z+D}^ro-=)HnWB$H-pZ)(V=L#cNm3p1Vse$GgSnU#e6wOTxkD#bGokTpV_Nl#Epk{o zw$^J5CMSe>)a+ptNb7r2qC6sr269{*A@vI{JM6vWStu21`?x}~= zKRJ#p`H`vGZ$)8S)iOPDBwKthM%T0%YP>I_USfjtSR)|MJBxb zq=Nr~ibbcr44()_4ytxC{^}ZOhvlZK zMiUWj!`Lj3={9rc)eHUDPrly+-;!Po#utCMSS+k{b>SfVekGG8FJEoJ8ZD&;7A@zSm z&`m%WBr3OPLS9`yT*^2<)xj53`JK5gU5Eb1(Nk3SPEA+J^Vvi*wEatfPEJ+NiSn>@ zP|KbxgLr5_W@>3u0y++z^DpBGMJ9XJh6ZB6=S_-&Wvj2cAlcbRJqo^gx;kE;)MGk8 z!{W@V1rPH1v7$ktxlW-k1gbxt847W&AXzOV)y4=aQp2Yg$iOyM3@BTOBM$+R1$)aY zD~-Y^=1;sks8Kp34D9>G-y^HOK5rqk9IUsVub;`m+^2j8*Q{j2n8HdF%6jk+GBt>J zo4|Ag_XR5v5*4=L)sQZ#e`Qc=6g8y$(aJ_XB_oMYnUn}(K$DS?0L8`3h*ECd|yc-fq$CUn4~Prg4ak zYkU->4Usea9txlaFm!qq%)IsyAG`;ZpTBi9igfDh_zV9$1%Xn+JW<7Sa2YA(SS;fc|7e!~18atq622ET zVDK8KCM6AJNYR8|Bdt#ObEE<}qXOEeEAWfe{L6~G$&1S)OJnVc`#6pcZEAu$TOloq zIKKeSfK<&xZEp%Ip+ubU9+Xg_%-CySgH+;w;x#SX3LRXh6Xq*~I6pLkTzcXf#R&(WPai zyf{k>{kT(9gk`JqT?Dm0c;W=LcKi&8)S;A6dTobd5_djikXB4hQLQ1ui4KuMC1Nr8 zVH~7)wS^>uS|Li69x*3goqVjTMv|H$U2M)yG&Q>TD}QZRCe&w*8Flvxe^yq1v_(!8 z_T5*ozd8hxx!+_4F6q=s^mc{mP{+q z_8Z-6?BDn6ulDF+V;e)M>fwB>ofq?L2{scKVTqR8YPnS z@@g*^_F1Vk`nlW^_G}pJO8Dd<8M*L^Q(fcU{@R2|LR3++lJf4>05$$mT#iTAFddTs z`D{IB%485|lSIvVj!qQMFFw(I_*%2L@2y*@+&6MiB)B2#x7K3Z88-DY+_n;$f}b<9 zERS+ezVv=9HWNtBVZ;EI7BsfJblb1|lkzYzP z4^m8v9XIv?)k2%j{`uKu6ayI?x%2w@}KyTA|mE8PXu&OUY%6rpKotu#-iRiUzqkCWt&Otx|7bDa!A(w0hp5z z_Q%`HJ5@Ep zX^8O+!g}e+JM`)AIhg2f4kinovxy{y=t^%C6E3r`O-9KG-)eu&#XJ06Ag&fN4GP~` z&jLGRzQL#O;3zchnMOURN==#Ev5()5?!pxdq0`=n>!@7BC^&`%r7 zq7OGc*`P!iK@?*Y=~r5+p%%(~D{HO>dh_i(1h*jjVFwFdxcp`fKd}(7m7&^u3y{nm zPf2#rNNiY1laugCFW(>RxtMI8UTtR))#xk>TUT8f9FoG7|FHpFumryLpS9JfYTt-`+KETRU$+Bj*cSvfxZ$`2hgnu=%|b zcKR*L(`~y)alWh`w>TL|+4yj&E5WQ!#;q15#>#IEL9??N$tS0y+R)HyOf_%$G8Zw~ zVpCru4~!TBe5CC#ak2Cn>5RG}s28?XALqW=vMq@a`10fwB@Z$u2S7OZ#8cvQ<)r&^Lu}=Osav9Uihr zpu$sUlX-=)`bRmt6KLTHcto7|y~~fv)2}ur()l3JyokTCLq=8)kTam=Mr_c39+a|B ziTUog9i|g7(;q4ABZ!=;7q=g|UxF#tFf1Zj{46*StV4nJvi8u5iM%)8$NV}1;SgB| zA_!uMRXk-VuVPw(oP-xh5cr1n`*;yrEF3TVuGOmx37OIVJ?{Bku_8#ADrpyfC{y>^ zA*%lqYNU;;(3P$Q7QfI~-C48N_r4J~AM4FDuB$ga*8pi;AQg6{b*(JUSh9V5vz)X! zWS)Bd5Kpz`y$JF{A8RKxom*y-e0Lzl>2HVSD_BbCPFM+T9&X!t(e)wF&kyd-^eQq({0fB$meOpb-=Q>)96FR8p_Vt+5p6g7+nJIAS4 zpW6&6OT`34LX^l$#sPove*V%g135ISXA^X7gD1|PUau|@TAXbe^_*ni z^>5wx<`DINx)0Va-tv~6Si9~}2m470?FMCC${F~5h7Nl)nP!f{qwj|~9G>sXp$>61qi$0r z>$Ca!v>34uR!dQA*PD>O6cSBn+ss$9=#&vEL7*9dtRZ^#$^m$#n;C9nImN;+HArNP zwc#s(%2h%1SNs>`N_q!JOXAxAAZ^9W)3FK{Zr>v}D03F8A0V6AB%APK+EWkeOh|4YF1#P>pO_j_{W* zIO0^O4eKMq*xHCvz0tHSB#op@L09V9E8+kJP)^vyIkQuucL_M5Q>T zLMHm>Kqfr#V+wRw1^w_3G%sTcWx_l~>3CtkIYn#{A3t?5snni#5s4o&B%V8+!G>nW zS%PBhh9g#_VB8;a0uic`CM}5%YslPE+Oa06u2oIv^JRCfDG8bM46CTy0Wi8mE8?q# zu>JrVcZs3ULYq0F@9U~-%l3FX$NeP3)$zK2y1oQ8ZoD`X?7n%>Z$t82bbwEkAsH-) zn#LgFo4uN+fqWi+*hdoqfiy&-B8sFR4$R>lx3!&uQe+?57Pn$K&X-V@umXN@x8cfE zo2lYxz}>VRjo0>4(P+Qn$xPc%T{zc4XTpGs9z8iqsa-d35Zzeg{m*HULMf(vcP*CF8TxK#67rOw4KIdhe#m%s? zvqQ37sfFYVRUSeI%xM{0?XV@zsg257N`5Moyd>GtM5rIzJwf<|k8eQliVcOhUW6Vx z-w6&PGp^x-ck=j2@o&XYiS#3U7504}RE9W~{48|Ba*X=b3{JJA?mbArIP+-&+&6<; zCcUe~u&zSlBbP-Doj1boZ84^Kfm*Gqls|GT2BKf=4h)8&<6s>TY1M8IlK}@Vy_KvC zPjN}5&M8b8_4;S(qae?}i=h`Sdc-u0kpX|pA2R>%dqWCGYq(O5x@v=t^9j?1;}>-8 z5v$_An)*9fNOf7TI{=%)elqpauQO>S{0V4n1MZJ9{X5dxU_Kbuq6FU-9G%jrxN=ezA#3*PgNEd&d z(9en}0%5E;YE(|CS6me_df(n(RP80RqJB<`!8|Lo)lS{&5g9qKXmfHPlE>Y(kYI=| zlWZh$m!&@z?t7lPmn2VPUMmwKQ%B(81virx$MO2bkQV!~nLGcK2Iu)+CSqcv$2a8l z?exA?`su{!j|A>f@1c{%_ul?(#%PE35PTE}sGos2n4VlXVoVmpL zk!JCk7!vEpE>`nP*kSQ)k-uzzBiv2^MMAW=-!tMhXIzsx^J1d+)z){%mLdC^_}43c z{!L{8g8cMUPo4({uD(eIvIZjK4@{l)S4=WfzREP-qy$a|)pB{bsfL>JGDZ3-mRI+D z0PVP{?^2pCtgGzig~bYmhz6|OoIaIDrN}xP^JcYcl_9i$Ee#sK z`N}r|*YUh}bSVo$8y>Dm-4D*m2<#)wV_P9l!D{SxKDyJoLkc&d4vI^(n?SQeFe$>H zOM?S9*rEF<1whNaNXTUHc_5eDEp_K)#(qZ)={hU%XPCD>`2bQpO1&e9jN$4`M9C8> z^P_bqmqv{Y@~d8Q8pl!q2}+yr@ZMeZS_}L~JaXDIUOi^NktlHRyPRMvAz2Z0t0-xy2y=15-@Cc|bLe|) zWT{(Y@0&JT*L@l_E=6R|u5A!CRHg%NjgdYWbqh~sD-dw?CXk64Pxf{htuArM%i19l zEJkyFpqoYf*#ZZ^B)G(Z=V{*KWf8eDV0z&##{cT$QT2eJ9*&kfmy^Fgx(f>UY8t?2 z=#C$~7~D$0`(12~I$9tR^d`DcMlly26AE!}0!N*Sicf9BS=o4yR&poHU+I0Al~Pe- z*2tdYU2=FwHNY4ODbL{Tg%1KA$z z9eWXp56MEERv*2*co_A+YGEqKpKNh8GK0XG@zybxTgsc?w6duP-xgToJnO~6*@(+i zC6!m8(}Dx+G-c#Z77Ola5b>uPzbqloeus<|bAE&5AQz=y?bb55sgM~KJ!@@)rgW%U zU`c3gLOOMNjKjJylI}d<*k(OaHfE}LK=;*txe-2zOalD{z4>2Q1ryc-C?bxNz^?m1H%-f)Z=b{BP|f!SM3x_CQMEs~iB zK2^mj!lI2h3EzPV-Cj}D*_x5~%$1pwrX4}>sY;%f5g(g72P#^I2yUR=FZ`igl$2)z zpft$eBAJvq=9Hf=jdf7ze!w331ju{XI)4|IkmkfsJH3*!>f1*mUCJGoV+;i%n0mDI<<`q;t)FKqYkvN1^E?Q8E*hrVT60PpU|;&BtcR#GF8JwHQj z6tEAl3X6rZw5U5*puGnZ3W$PW=Yj_z2t*YrJwSf!B5~RV834k!=8n%O4OPGN6o=S| z#EQ0LyL2iQi>&afE3EXSWbfnn%QE9fqf}C}(&~87z7ID-(-kM#Ej6Iow_I4j(qY|B zxC|*dTI{H`ivXSUiG`|*7+xUf9}??4Hh9!?b#KqXv%`Jh&42X?fS?Hlpf}fm;4yj+ z_krn@8ZpJY($wSBKXYhcQ)B>dvD!qDnuE&4wTd>9%-k|>Yqlkf-fb`}v9Gk*N;Ju3 zj2Tbs&H3+%;&Y%~%nrw}jAO{a1K2tJ_eMb8Kqbok`uvST-O(So?sAcU^MbURygE+;m3WIlDi#@^pt z5qoR{Qjpb;ICLiXJvS0E?+-*zT(E4KbQP0DJWD_n7sPb3klXfW-1I5iz4PC2{MjDw ziQ^*YmVx0NG3#@C9GITxg|y~%q;R*ppSN+3V*mvf6Or4!(MfMLX+18drmi)kY26~F ziNN&!h1lwdOfUbo190)7 zwOWVvJWgzjm+mIa9n$GNCfw)7u4Bl);p>dCn8>OM#2t>q(q2Q_#HFo3Cy;x~i!l3fQK%2=2wkg(F=8AH+8>G3*FZv>O8~ zfZ8?S0@d-BTKV2i!)8Wd9og#r*!}-;;@|*6y-ab-n)A)@j9X571G{ZzgCe+t{{6q4 zi!lKXa4j@JZ9c`b4a8ac{vc~lt?A9UV*Jl3^kirYbV#POiv#I;VSOQ-q>=SEpTy`f z%6w6JF3{hXZMaq7i?edl!RU&;`x8KG*`R6=Q^4l{&;uG1b%rHcPvw0=E?m&nbdh6PwBWhDI4vUM@%<`U5F`+gKs2vwgu8^L?p-TDa77KOM;*3OHiV(>Zm)4a zNFiNt{}$CU;qLjXjMsH;@JAR+|_Hr$-V}f zsQ|U=nWX_5oy}zlECtNInKUHVZ|}L~d7cS1hz|~fbqv+ydHdZ7;djF|d*X=r^2=&J zhqeB&+YNs9yq??kNCW;hSf3O3*q=tpghaDX1Mpw0b z7-Tnqq;u4)9nimrdJ}`|Wa*cRx*ykSiiOJuPG-s9gQcC1pc>6#^P8qF@ERdfLBV$Q zI1XXuL3ZRZwdc~cB}X;nzR!4d_VC~yd%nb)yeB9un~Szx2i@?HV;ScC9-$g}RI%L0 zc0r1}`6vb=5_o|L?4p_Sr?FbU8UdpsHS!{KmPVz#Z;sr}%H5VxCxB~|C(J!W*czZ5 zcOpWTmhdB@qJjXUdk@FF0W26ymyn%36_>D4(ngM2_GmWG`_DuWkPAoKRhZ;pC{+P} zyo@d|Y4qRF>Q8%AWxtr;*NI~oq_W5rQ+cJ%9ohc?tKA+jE1f?<-iQ2~bGN)%eQQ3~G3!B2;krawTDu)GA z&E;t}=IN%+w!%B>(G>LuC3D_hOorbgKA*5`m(<}b^Fh`?@B|r+WesU*dF*7muerIo z^F?B*9(n1qPf)HE4Kr=H&1=@YJYCXnLlB_L38TEb`24QrQjGz*_=K`rc0pTyQ(1qW zbVmL4@e_Q;m);G*4tJHsLTTSmr&%T~mqM*4nF;j9=3}_jNjI|tCOTTEzM#X~^;gPJ z*gx?&wQ$cvawH3VT9l67;&&U(tSwi-9vV~-Re&7B$vI4t5s65s7cb{h+nAmXxGgfZ z^~m@U1xHL_m{_F*lmLPbpWIW(67Ph5iyT4`juPpLnG8~Q5E?H-fzr&u4HyI1p;xnC3H~?bM8s}2h zk#qL@KS(5~5aEy@32RL@rUE(Jk*A(J&tr6Cn!gq2V?FSQ(4>CXc+bI`APYv?IK|SH zo4nvPM5BH0hRpV99U29}!v_g)<3niLRt3iUd7u~07&(q~f6U)hT8xPmHmSLA4j}Qr z3(Q8=Fqy0A`mRpnLGmZ!EMNC<;p09HB)Ji6FZ)`X*pOK)qXrSa%KJ!Io9o@UyVA+f zy<;%^xLsLmZ4^`yt$dUF5gH5O2@=;T<=$E6K9g2zD%I4>lWuAw$em=}t0;Rf1UgVZ z{AlxG{&I6$Xe57aucZ`RW*@Mwp&_DZFW{;e88F186tJE<8UUDtML?A<{spElxwip4Y zH{(>v0`hyDt;U#uI5<~ngy8yc2~l85ktSjekKcI2A|gZ9)&%T!r)!C!w$MC|zz6>L z2-niOs_vUP8xweCrRJi-^dAD6e@|Y*Mu3@o5Qtd$IwlJaTvXIU{Ci?fQI!kj%fng@ z$35gmS3aTUKUr^C4KvqF$8~=R1y)22#tA4CxmrRg3N7!Xe9Xa!sYA6O`UlUdc{R4Q#2n9Jcvjdk#^nWzz5K zq=J^s^DrE`LmXAGVON?fuy4ntgV)vp#AkZ2k`(IT4J)dc=2Mc#yd z{Aj~vK;}iT10Vs&IQS3|4-eZW`F!rm8$)6h`0((ypu>C9rS+VHzIN_Q5PcQ~WMoQa z=EtC#QeWr^fyZ~1T6KiT#JmSTF!M3p3_LgQ_X{XJO7%>Ao9mo){sty)KKsP5?699i zll-6${*!q+_SkXEk`GH8D_Cw#uz^7tXn41x;`HOEuWp^#8_qip)lOOKwTFpCAzXl7sS$p9R3rMlQTb30gRU$kgbsUb}3)w`K#{XSQINd9OxC;pDqp{yZ z$;e~~nuJl2oXw+>Q)I)8@KP4-rh5tA9^yr$`FMa1>s#>L^(H)5?hj{s_}scb629>N z#10nM@~3Z*8RD(dpVWu> z&P--CLOajNwqrAf6%H0;gU13)doMN;Y`d~B0jVQEP+xaGUH|J($g^}2JVtqWI$-wA zDoc=+1>26HMaU4qpe0f-bb0Xczpm6PtEfO?jAy|C%6I$R#R)lsyIYs@aow8H#)M2K z`6XemwRsq~w=J)|o`$P;db!nD^%@!o=2HMq7?_5PB&b>4D`NavpO9@|$VV+f4Op$I zFnVFA`57@>llNB4+NTCSua_nL2Mk-B=^ENB1++0N3L)xj$IDU$w_N}&qFWK1{A%Dw zl6hlWn6~23zF)xYp$zfzEUUX<K_+cmE>msNwo=dj}M>+l`Ht0 zq?D$=0$2Z*KtT!u?u^9pg_M7aGcqbT(!FFJN0gUt z>+2I${`i4OoSc+Q#xaZ#Z(tiHyjf|g3bhxdrYbX#s7A$gT7^{(#))a_&eU%_|2Y(T z&Xe?b(3TP)3uXY)GXEraT2kZmZ1$Ess&zvlCr0rWf8NNlV%vD|Um-=Ac&hOiB1t(Q z@!pxFz9~Uzhu*)T*rX~bx1VP}i?~;Sx^gZlTS5MlIT8KxNsacInDy?P%!OZs?7()O zAc9ASD#ZGeI`ZSyVW;gU$LL8f(JCUH-{=e0qdUiSMDgMM2HPru0#MRCUtOYJtK~q& zsi|Y?`V>E$rmO+uyr0xY+jL=n87_0@9gx~*Y3NH;$}{=x59{~1_OjwFng5>jX8@63 z%HC1)%!YtDt#0qtzhCwL&?0#XlZswYE$>y2=7xW5Sg8I^Qhh!zs$%dL?*;sJZy>q$ zH91C#+=UWA0!Yk7)Wq)<_B!5E)LPtF^Yj%}RAc|@Y%M5el;|Vvy0yVuiSHw>V8PdU zBmok}dxJ8cvS}RQW-!kJiG=hat#TfEcQy6k*ZsMOkVyn%`n2Z7%*>1oQ!(!Ce;*6& z43^#!Lc5y%tZivM5(>wt2`x*~Q9cv`;UhUPCf3jT^&bH9r8FG} z?p&#C;3DC!Do#ENYW}?~-lW}>Z#jmLgiDWA2 zAFLCVWNPGBRtAr@)^jl0h{p_dkz6!2d!pWRgsDon;Q-ObXub7K^AYPuY;px+AeeWD zRzV^HUyME|#-HH7QDH*Z9l7kuofz^7VBX`ADS1Dj>g0-qX`8c|MD>n0?mB;10A%c9R2E#i7 z!JrFc7#Jv^C3uJQ_dzI#3jlqPw(*I1E|IXY;THP)kNBYiR+h1H_Y9JL!`0#W6 z9_U15ivuFFy=Q0VVc6XtJ}$PZTGG-pV%}8ioa0@~wZWAmG>g6r(uq#qER6aG!`1V$ zHe_zt9OVod7=wurp17~iA66Sb;14^QsU#jokk7}}zfHm1jnbZX-S(r`ZUf_M0PX3c zK2($Bqg-M&B(h~EnYAo|FSPH)MV3)t9L25BowBer4udAI8i+0+&+iG+zH1v9SI~q~ z&&?XMa>*+A1U9m5Y!4o?Z5M>DWaWA4;s5?dEhN2NWTSU7@k6Z-w;tOs1h11@p(ol> z=$t#_L60vZ=WuKbb{xu|+llA=c_G49Q=yGFzvZ=$R2++Hdw7zZVHVPHgSZ6Llu=+W z?NIR`699_nqHJ6@gorc_b9wV)qQX<$Pt3E}gZ(8H@}C(Gg@V@0iC^e5!o_u2z0WX% z_pKS+$@Al2T-Qom0d$(Ujgq(wLpA?L>R0X997zjvjox`r2i<^Ms4AUcBIKuMb_fW_ZA0vR_GRfUKay~?iTHzmsJBaSS z+5Q4^b6<>;Q@(iSe^>V{wYE7y@{c-g+XtLrPY3%)rfr7>8QK*8v7`n{=$lYggL*@& z{(qjaf20PuFe#lEw)n$xvg-VPWM&x(qk+H=g!zQKSAPnPSYT{QI3S|9yt=7*Dg10V z_&tvasY&&{pf9X%iYj_Di#c6bY>1DHvDfEPY+C0@NQ&7aZ(uX7>k~N%dlt&89Cf;>Vdz&C6x&| z-nVB!X7eSd;5du(Q?zN5N`W}t006Y`YHnjZlsESL~L&%ci2 zw9F*Nv4mS6jH;_;KQ9i)wD21`0aR`#9(T&WC&S`%FQf9aBKYx>roekO?YC0>kkQUjiGP2ka&UHZJ~W--_UB^MzMiV;le`UlwlZP zyFhhzI7SRaGRTYM52CIt1>sOJMi-Ea`^Z|3rB;t<4% zJP05oBj0S*=I7(>C?_&>ywBh{p|DLZ-+9JqtS_^XzukXJT+KzgA-8qv=SxUWYIw{j7GA zEB=C%)kNzhW%>K;Ro8i@TBVShS3n&jE2tE1^Ny@PEGH=>s306C|86_Do@g$WZ}@=o z1bJ!hM)Ii5VCszJc`&adiSl_a`7XupjC(O$*tO%AuT>uYm`#C{#m<6|gMJZZOmVU6 zxA@5B6GEwZ1+H7X2}EZ^iNovQp00Nz*iNZ>mAm(Gckhsqdn}`|85DAOe28Z&G}20# z?TFxNdey~;at}wG$3H;&pn0md6oE4Nt%5+il}h{4x9B79#xXsi7-ip|w?jZ1L3!l{ ztl7*Tf0G*vl)~}KWpjY|-%IoqC54v>CNxTC)W%j*Y~0U^vSU!f`~EJ`vw)h55LR{R zrkf2-dBZE?BKwoBr~X)Cqj@YVr93K~HgJi9Si(^{g8giKa)1_eq~6lDpUd_IJsSxR zU-WTVsBp5P(V@gfB`>pp=y}rL-m}EKRd^g-T27`nXWLLZwu9{_?fH|*Ju9$9iS71O zD5W0K48#Zjx;Os#u1c44sIl<1uW&a{s@46<$>|fx%9GDqUpY>6WTP8a@W7=Bdd_d3 z5uCTFrgYEZif067UQ}b~4=3-i;%r{^uyE-c1NMv8{M3g>R260RcLKhNGm#RsYI8Y^JDCpEs+o>PE_KEoXR%c)%P8dAQUC4 zn;O2*1qJYTbgF)y;Fa$>>^6)X`pp_{*{^2^xu1HWA18`8HoTTY)Z?P^mWP*Nc)2cx zZ&<4jrdsR2k{xlqQ1jR_un}g1Rc~3Yk5^$GzTIQftFvrO*?oNsK$|1P1;5JpC=m4va5%_^@d z_|=J;&s&K$ytIU!K2P(rLEFV#lIAnPe2v^yl1U$`yGij^er9v*>iFLK@bS>k z1J4<#tsK>-xZyoNOz6Ikp5;8sM9_<>bV?#M*v{hbkLRjq$7%T9#8L)~+6ksssP&Y2 ztS9>w_Wq7ZgOMB{CJ1PlG1GhbgbG40tS8+1#G>X9k7s5QzBW1m(@p16cyTfB)yqkA)a+6X{5VF^QRdU88=5cOVDH0PLZp?rIrw~_ZAXP0l zBwji>IUP*>l1SJ;J;yL21+ui0s*l8KC0%APjV99=Szl0lDU4Sx!7m0yU3k%uy zazZhVbp6hFD&#^oHJRG~9SVx66qz}-B?3QWXWV33t{j%9*1G^;!EGsJLJ1pou??qB z|5w#=Rliw6%>Vt~Swq=p669eLtoK^Kk$w`ER!G14b2?AXs3v><7zG|B0gR!KDYDSHhe#u z`ZO^3t!Xm10YFqmCA}(24Aan%9X=4V$Y05@R6dxc*zpLA)+Ob$2u^mCYG9CMXtbAF zv|ffYBvH^us+Fh8ye8$sEa}Ggn=grvIlrxERhRV&cp*$ArrSjJ;KE6$9a_Rv{tko_ zpuG)a?{KTcP2(ZwMDn0e-C**g7{PK&7jKn-s#LDk`N*y4>#;-0P-=>!;N@j7Cp7J7 zH-sw#aiZJ7WS_JCe#?ER;|=1b@rPHzuWOQXb5DEAXUa8-3M=0}5%|A$qL3(L2V7v# z7$01{^}Qx~t+t4zuPLSy{&JQ`gcK3i5`D_-p@LoW;#ZaAktSc8hdAhZ)9+(gTp*d( z$^G0osc_eSiC@MQ!TVz7r@sZLIuf>j@^6iBMs25~v)r`9fwv`_7<{yPVn3-SW|}?}=F~ z)XQ2k+XS*6*-WEXwsE?}aD|?KbAEzkvRp72VKbS4*SaiZ2m=|?V=VU$Uj*X*!ksx? zfR8Bmc2U(5>+4~0Mt0hKGkGeoRQb;p`?K)yUr~%B%+DnZR$G@0*xfFukH!vUO#y$3 z+}mHeON;_YO7K+fpGhre=d@K%gWn_%S$KO`pS2Fdwa(X&Eb?EoWP3bdUmd=_qn=}l zpfDTRx_fN&b~D&X<}e6H=%Tv5{Gg~Ns#eho5o_A%KT$r|q)-e^@N|p2agrsTUTZv2 zqipKMWKAuX&EtQuP4nd<$vnO4v>&n-dHl;+&w#FeH}W<6U_&MhCVQY=&666eimNFN zsE;~5Qlj-eU7R>_ZqE9A5DO1-Rr%JmWOx76`1z}jbOIh95=izJ!TQ(cXEz=nZnRKm z-@c9Awwg&6d?eD@S#k%HXSZvpt1Q%*)mRfciK1(HIQHpfDFUH5t)fC}K7xs^8dW(` zE1IqS0AwP*N=oRe59J>D*~pvk9*tjFqZ;n2Bt&Gw+e6>WWjb)E`GOyB#YI-R-muI2 zHj*zVaoN7dVM230n67J%0RcnudtQXalMgU`*z^zf#`hH2c~r;hPo>I&m}LZnb1hL( zI$Aca)jesXQ|MkH+uPd*e=-}Fr#km)%j2%?>&t;iFevk~?(35icB33ozZWYfvT7p} zEsyT=Ea`(x_jRnQ(NI0GZpW(GE2>ly;q06p`;aH7ehoc2bbZsYkyQ|fmzUpkzX12H z+U?$5EW-ycjZi>K@PJF|U=mPJ8Se|i2i3eeOg`^vWuc;uql|mLE4q!6X(5pRo5n!F z0uLozezOeyvl{nRD{6*1+5i3aFhGQ&j^F&2W^H?{qsG7}(h3eoVEl8v9D@8XNG;Fx%`}UM~s-56hDP566~?gx%*NjZOYztOghB#TsB#F zvS`iT2xW;g`7*EmNRHJFQ5s>k1Cfuj1QD{ryY!O*>j*k(%+?_X-X?^2IE!_D{GiEq zuyV_Ay%}rgzC@XHdQz=Q#~V?Z)9Y}qpqBKA z%Dt#Z%vq9+NwuC;{@C%rONFQKyiqKszCvOFe5~5U{$7jc7mZ;+Zhp*X4)<2ZsXEQ3 zEN6MHf0ty7@LEed{=(?Wb0aaU+i{Fr;%?27^w9nss!(l1Yu&$1!cO0> zEb~hWa>TMRFMvb*^Su{mm2Mk#rE0Sb_IkqN&>&8uh9F7q?RzQtQmygEvl}J|^0)># zv(=HsX4cPAb;(%&BL@9iht^>=%AAn4(N-!iZms9jKG>-JCro`Iff%v<4ql`xjHq?2 zy*kUuQaXOW`1?RAi8@qC_V>o3KB0tVF?rwS@9bE`_5EJ9*`&u_$sTrt8K`eK_>egD zJO$I=LNKM!Tu?Wt9#0Rk>$JyHMRo2`EUk0$OtnXEL2^1wx0Js2pvpy> z0(&{`tS`y&IK5z#>E(oKJaS+sCf@Y~=lrgG{?Wt8LML5wifL2gP#c=7SS9_4UF3i? zLpNlV5mcLMOHr^;s{M(A(>2fg962Y6J*)xS0elB%&bLB6UKX+}yw9$;$KR`PWthQd zuC-OB$7Q12%by{Kku%vEdcW7mLP}ahHCmJ2OGQtizR(A=+A}obeWo|}#+(g*cPXYf zyu%ID3Zm>KPo49bbcr{rY(S=rmk7sGEaI2nw3SM*%O%6qdT8JBa{FqL0^PA#Z~n0J zk}eVP0rkW+TOtZBFf$W(2cdz})bR}h0LNdqFX0s^a83U#0gi_LW-nD&92Gs%rAm;f^@BK4iB$lP=U&Vc z>ZR?5nz$$KAYR>7qB5~tz5g0~Mzhk>Iq|il$GAMJ5bAw_QEIyh`5ZC2V4#XpFU`|e_1E~X}*Bh(oppq z0X;`d=P;e)vHNn;?q_g?ONgsP^fK&7p7o%i4C%bfaZc7J>(&v44C0R#=bzY*UfCgF zM#;WXim0lgU~jS&6EUgr&M~^9aE9hQNm+bm?WNQpU~!{7;8Po8gqWWnB#Bk&LE?Xj zs-kyJnDr{uF%Jq^5pF0Z&}f_TaMi}m+}^lP16pbcN;Q_>W^uO{S&_lT45n7+%5Xb| z1U(qFxEuCQx=rKT5%i^Ctptrd&ws3Y%mQ4X-Q8~AceFrN6eZ0ACSU-$Sq32dZQg8bRRq=XTi3Z;Oz^hPph|!4s z1Y*>Q8IXkgS+*IY)LE6r;Dcdk6pd*g179xN*k7_Xq(w<{{5XdTwz&=&rcOcF}X4i zq@K?+Mtu5?7jc*tp49!9_ftgB@4GZitX%1*_ZV<(vR|Y!=Uk!$wWPpk=uC@z>R3b0y;Q6Am|<^?gEeatJYK^{7MmTz#rTq>`zPjvC=6 z8){vTDU)cm--%k>q9f)GG(PNliqVXF-DGWVk2KLNOPgaEI~0uImZY=jpvTOZo0H#~ zEbfYR+_o$Gei+gI*%Ks5NX1xh1%~F;a?6#X@|h_TSdUVLrcSXFbtRJ0eLki>TKS=^ zMZrJ`NVG^b7T%^*Xd9;iNG%>+YpSp_dJDxt&Kr@7llMaDo!BMB-|yqBc|ZEhqX)_* zo_?vkBTYR8Nf}V66BAuTD7Ce?!b-7V`R}l_=RDGTciX~aYsoAi&* zyiX0}*`HbaX*6YXHF6QiTlEl)wdE9N!#jKl^2GU+i!Tj#hG-|SL+~*=>ARVszs?1l zhjDUhm!B^n;xiaukW%qmKgcA}sDrC$x4#-cgWXVNGg-ymG_X)&+G8DL#X8rtQ5YLy ziI1+zK~@=uqr1>2FPCjt+4tXTlbuFEysmt$t*uG!qZ#g|YhQj^tcby%uKK=oM#+;K zIZ;6Ih?c;}$^62BJQ31nuPqRKst+-|V@QN`-kz&iGhonA4pvSs(;P*A4n}QrJu9GG zvIs$0O1I6VaUbQt^gr&~JP);-uP3+W!U~n274ZWpIWhtD#HXuqo*(2=Y#vC0{x5Ei z>8;K>Xw)jOt52ug#@Z)(^AY1v%*p1X4E|BDJi24}qP@=tTau{Bh9emb0!uE(Nx(<{ z3Y|Oql|z?*;lQZW-$VI-hs{Pyl|m}5WOMS5HOdy`er}9^&g2seT%nf1u2BV4J?pxb z$K6=Iisjz6S9%|TeRrvAGg0ZJqm)q|%r5Z@nA4c6+W6)LHTIJIdPQ%5^Zd48HXP|< z(S_Tn^?c5^uTon4qe>&g%Zn!=VBeZ3yOiF0a9}rmKW8X&#m(m1DRlSvXw+99UAo=$ zwkQ+(Z9Pk?je|~Oud_P@>UWV(oG%bIM_Cs2jkX;xW_MeOCYK=hjTTnRKLxZy~gha<$@z-#U$!Z+z!o= zpdU1_{DtU_f^zCCW`1wQ%I-F2!t8E#21mu4NeoAJ zypvQJ9f|&gwKu2?C;)0 zS)B^Xy|1dRaq{xwaA{@AQfFcp>P}M7-=9UVi(KtOO%8rbPC*_A;ZI$pGf`It!)Cqg zx5{R#Bo&kM1?`E3`QnR7zvDX<>h*|-G4CP~-^c#lu*O>5^qr_nd9S)Dwf`noSg8xJ6UpAi6gt^L4<$rZCjdWlyc{|ABY$Z=mhB0%yij_I*ZCzCbcqZOh`;uSw{i zFDbxkkVuX6%g$t6C;wK#Zo`E9$x(4#R=)Es3syn@@zxVfJTP^KnsxH~RzvJ(rQ%Di zox!ZHPT5{CBq`wT^5cm+FJZK1xu(Eq7*HQsov1ZE^kY*%PuYki*Q>%x{RtFZ-l6^G z1-5w|2a%Mst83qGB!ILE>Swn#~-laUviIivouv9V0_)nE7K`CKO5z9|o16IMh+SSKRK!Qek%z+bi! zln9y~in*|SqGQ9cy*aJ08ci@B`iO;9DziHiCCKp(%fY1xI5{w|47~jC4%TWl99(EU`?ra3gOC@C#G`ir5_8{Wz zLnDRI)?)$L-Nt(a%sdT7BbdgmLTH_(Np+4cuzGzmfULT)Vlfko}WN_;*G_WpND!bmCUytg? zh7MTY?yNEo=SE?1;>fd@ePN@gmm5yIr;F}P)J(f>3+y&Jzg^iB!;!dP5YtHBt^sCLWgHm9b$4jyN9P7&3R3QG%flx|=vYj0)hEKc5LfD?C zy1mho_67>IW_lksxxgQhz)xH2Gr1gA$s25LAIJzas&W~}5V)@*0@X%8rQ7i`NJ-#Z zqkuBuN$i*EGcqFrZfZw1mkGq1>aPDN?EEfKB`Bn3v~o;p;TAU*T4M(bS@nkh`H~4V z3qI6v3NJ{az<%r)1k?$pise~?OL@%+!MbM)N3m9fWi=brIyL@)EXR0+n}85JE! zDRu+AKzMmkY=4AEjO=q^8FwckCmM;-T^P%kLUDOy3S?XXVU{6t@ZE`9xgHqbMhlGi z@{``*!dT~A$q4D`ag1N1)htixepu5n$;)S8x@?Uc4!$jbIwr>hy>LF4Bf-T@NG1{rR9=3tXQXwx}p| zi=&vba+tD$8_SJp*`ZZ^Ac$B!u-RpGY+oDF->Tj3dybyei|BwuN)J7gELsDo3!I)` zux2Sv zCjg;^5+KIlVk3cAv4#fy^Hh@w{z)J*J)-=Mlx)(L_(b!%ScoH<;s!bI}D?&0@d zcl^9$gM)%&(Og9r)TY)IOT&IvBGK6h-Idv1T)SNU))fClOZ%4nCZi=d#heejy8irK zv|-$8LQ4xb2EAs?uU`VjQ&q3mbcWq>)Keg;G-&w8rnTUA1Zf-wAjn+lxzve5b7tcV zpsK=wJQ&S!xPO`!R05L&;a?^fSg&y6DBMm)ukncRSL*w(Tn+s9iO@gW&Xts`m5VGQ zFNX$rnsDvLfzP)T{|L!-SujU6Whr=6S03I=1-w-xkI;M9x9pcN1rog&QpV~pc+q!{ zm`UcIredyezm~@C*YVFAY=jj5Xlw8IPGbj)E~;r_9=Is^Ch9GzJue&7y}@M-XLHR> zQqI-4$DyX&JS8%_B~hWBeq*V0fw8ejv(K#<)*1ZdY-4W$u}RQyYv$=^Su3pzu>c*g zt@h>H^v>yNtbEX;x{ox#9^YA(44m68hk?zMHk^ExWJ(sZQ|j6nPAj|imcW?V1fx`j z6#&%0&v6ph(ZPGT^_E?~?H#PXNKUM;H7JiNX-vYN8$tB})0N&IKo}3qbb!T=vW$SY z3Qz9e^6C|P=V_W8jZ}VxN8nohip%~@oy}`j+OG|jIL7+X~Kr^wZ&NHzLXC2;^x1XbwIi#P|;@Bf`+ z24Z}jqGD1x)#f{N2q7#4!z~c zk--J(VJezH(!#R1`A|qIX4>J9g>xcWlrci9+@p&!=XLAz@rk9XbSoEUEwO_j&!aK3 zD)1tblJ)qAV(?Z2P+MhCgqe1CRcZ{$WYXDm7kg+AJH&e}uH!Qj{0_T5B%-1!p#HG} z)Zr6GXco^&8}-Qxgrks6_g=`hYh53ty)Fw%_zu*OTLxaj=^H~n{kO6s3l`Vkj||m62gYy-Smm8 z4&2QuD}EfFt9ts*`!ynPBa-`szQeeyT6|qwJ4JJQd!28wQdUJM(qLU$*g8E{uFJGK z{8oVsApgNQ>m?{pw;jT+ys%9wC2niVUEW`9g6}k)(w4Yep!p8)gADy`Yt{Ezvzx3T1IUU zhov&tPxvm_Q~o>(fSnKm*!xLROOEAvX`)Rcdc5O}aN(0i7L z3C|2!xOsR`Pu;U#O2uaHP2ZCN zu2_->uxewIr(cLMxw?!TP&V275N zZj94twwY51eDBKoPEU*K7zV-JO(wnlM=%xa`;$kO3|?-5@a@jt=tgI|Y$oe!84VG5kCFF%7pwWm znYr{HMVOuRtW-gDMiGXieqHW*po2V*Q2f-=j***<%&F_fPv|ge9px;S`=F*$rMhya ztW{=a{;WViDwLp~R8B}N9BFH}C^_wJK5#+5wrS+x*6#5I zj+p*sg9X;CgW^`tIe-7=x|Oj?{FBc|#PSYro%hOm2wjo#7y-U{phT~@(x09Pgk_1~ z+}&sArF^$TRi-az2rq68mTy9wulm0E1Q$J)U~f!eE0=x2oThz#W5nks4|n=QG%`5e zpVQTt$TUrW9Qx`8A2>f~9C{Pr_3p!sbMkRZUc)kR&zv>?A35+J@ahjDiIYpRD9EK$ zEoiXoL5Kzwbh7@XB`z=^EJezw%5E?t8k-J~Y|UhO+#~H?qHmUr6BVl0`GWNMiLAFO zp>pySBv_$U+y<*~@$pk5#@NNyEBNyT1AzwCWqFV!iE017^4QVy-hDSE&} zm;E!H0?Ar9b;$EgR?RfN)^qrS4;2+u829+aG22&n^7b`?uW+Rt- z7$V+iLMyK>!;`4If=EZzejIc%Vg;X!uKe-GDp695JA z3CQ6?9Y~`0F60m`!cfYrYGs8mI4Z1br@km>`ewB(T_egue(XER0zKg|!YyMx1>dV_ zs1elln#m(E@hyveF#UyhQB~@`@@hAS?SqLFS4H@{2XnlpQ43n2DYH_^Z{dWTTEiZH z?z?hy!{hyot13}WG$g3s32>k-F%+R7Y|La^6^!4qVNRx2{e6|5V>r%jOXaWg=*U6< z_YMAZ&0?^1c~Bu|WJ(=Xv7)up5LOg&SzyET0hi=`*KLmMuiwu#^B$y#i@Uih;SHT{ ztLtvxRyNq!evZ*+(&N^$T3Zhg6f#>ZiLO@q=0N58Ue`-Lz1WikM>Su>;5n;Ql$Ji| z4w%Y5`EvUtg{;|sWn=tn9_bymrCi1nW9bh}fbmiNlT+H+Rd+4@mj}#YGzzvqWJXu598sVD`AKP|%PIxuJdt25)&9vC5LS>jf6Fo~ zZD~K65_7(^FYshjYCsd{%!l>UEG0*iGakelbSLcx#1R<`L{zscvRzM)(j$Aj6ftGt zVw*a&51rgh#SI^z?QQZ@<32WA3e*T-_Vo6y12Pzm!Du$O{s3lARKs|E^x+AdzAYw^ zP!b*- z)u79MM#Z?|Sgc6HLS&Kku5wefAD$-J!K)uff$3R=XC|>P71jDp)2rxRyJ>hmsI`-k z2_u)59uaC>f|%&pnG;`c-|X6GG|(qxQiTf-a5|5KicZMEHrL^xpv2tx4$5<-qlS=j?17Zrm83YLba*9x|Pp@LEO{{J5aLL$l{-5_} z_T!)X1KamTJ7HEs_3_JWN^|4C6oz@RPtjI-Op^63Z2g5?<~2ZF2?*CA*_TOWnr$e* zWwVQ*lM>LPBXRY|6g#uDmhHCXm=l#U4wt)!4WJ-dZ9pLmx%A1qRNQ2c^^e6yais zZPAe%aPQe!&$$&zc?j}Z-soVx-^b5Q7P@D-1WZ?FH{5|qmE5Mnk(jUY+kJkKcX-d_7Ujr8uRt5tg zQ>ZlO-=4a#Nf6g8KFd>S`x-w|_JA3=rf8V))37HN^d0PzG7FzqGIrTW@4Q4v;!+NC z$5MmSY>wyi=NZbd^vuoazA2|pMX0%g`j=OdxTxALL4>nWQ~_c_?@Lq7aIKD%E7hY{ zc2?#e87GyZ*}emQ!P{lGD|73G@F|-Q-1ef%{OSJGsuk29!7bj{w>R%Y-V_ZFRSx%R z58U~Lx|=q^Oq6Mmi&@S)aL9!TUmF!37RmSU4yp_7>CTUlzEwOeapIk+OW!sU0`J@i zEn6sX8ia!7JCAar@>dk;-{z`YCI*(b#(*g}E4hZ;12zs&mBZ2@*jpMLrkfJpnmuM3yg-ZUt6u6by^?t!c}rr#;7q zyM^QC96J;^Ed7z01`TQZZ}$SmF!EIPC#AC1OVo$}4tvl^Z)n_SvA7D;q(c#_#Uwed z$K4W`kU!Ry$5D`HKXZ){vlfGC0j|${5f}FmuKHGgVvOwU0$Btzr8wVp%HVw zZLpbA!?*Dt*(0X6pwXw=N7AD7EOw^S87O_80yNxxR3$HI6k@aIu znUZOqC~m&pPPs9KB+AMJt-oMn57P0T?YUNT)$Me6h~OAye3Fjs>T9l# zjAd@SKUySYfZ0&fhdUyC2a9w7S5vH_TRs8f*5FCymO(f;coC35rBaIAu5(_OZuY#G zZXL$S+DC=lSRuxd>(@Sy6Wp7bf3`mOXm;sC3D&a1tf&_Uh69tDac|90n*PG<7AAEy z&|(+-K|f2KbD#RE1C`iqZs>p`_PH(8Q?YCh+(nT!{@5QZa+O99LQZ095FVzO<<+Vq z(4}H3vGv~TsoGeIQaJPjJ1RL10!KHr73m+k%{DuF#=-v2P4esh1D+bLyjB)-HIgi7 zsp$Swv=*rP6Qt%3N=s(GYmHNFFW%U9|G9hqPcj0J4l=gd$}`jgvJh=Bh8e`oiFAc& zKyK_pI)XUvruR-O9uIKF2nS$+Jef zd!P#IBXLO2%<8EF>G)@0S0~JY!B->HEBusNg}QDvNona$e_MUU#YeC3{i0f?A8$;| z<|mAY)PHq%Q!;##V|R%jawP3Pw@E`rw0>#CGP$CO!l-K-UcQui+ma^?b^6&BlQS?r zE+FJP{#7gg6G9Qc$^MmMbpk}7{#jp(E>xkLNw|gtnlvM)BXLRhcT}2WZ!Mk!hJnT_Eyj^p%R%nScK6-nfgPl=UHu8rw*IkAJD2wwdM>_*0xtx+AA(Ch)wTvSY#VL68kztGxEi18yjNy$F#KtO_j|zwPFWz>p-5 zmL^GY%3Q@`*Z^%3=+h|zyOea9i91xgcLOXzg_)MP?v0om{On0gr!?Vee7$(v=Z1@` zEWK4;Npo{TLjZJoEe)NdqET1DtQH6&*rLY?bjK zEE-lcp95Ss%&Gw5y2r%^gBfEnP>flkPC&{lM(`?Pufh7SE=qhuuO6u?`@~0RDMX=J zy>cGKUeqzZ^=KueLk_}%jNWe zOpfFQ*7>RPKEXQ39}`2qhoONw;=htl&-|94FAt5toDqdw5r~o0hwlvAQIgT@l@D{v zK@$e2Ali42CZ2z)Q8U@^V699dZn?#O(=tZMapv~?fW_`Z{F~ovg23II@I-&!FIQ?T z9iG!5=Ej%{kqefc?l^AEV}0^m^zp*-*gN>m$cMw5-y4k_Cf_6jgT_^kr&XJhxI^gJ zIHA}u9!cQTq{E)|=<7E6cLh;xW8tLNhS2;hI zGDZ9kSUA~!mZeeR*}8Q2s4540UA3j`dm;DmoIIk2(=U$QBU)uTllYxJ*^{l7>jNCl z3(c$U&SWP-VdZi~J=ed_r4KlN^Ms#nIc>*mTYltHk3RfJ$yq(Pz3=$i0e6>!e00o< zYI~j`t_z;HZ!uNNY$}=avEh1XV6Sy{`aHS_j>PBQJX`P9xVR^#5^3gdyXr&cnKVb` zc^cZ)nn#yTE5u_zDVCVqND0Urh2TF4?;KS=PrFq!P@%Qv=|D%F+k)b{Gng!gQR>5U z@F@|=vI8okwQ+ZE)3xkMnbG2{5ZQbcDJT5xeFLs~vuC(f9*Kt2>QzDn2bvV+V8deT z_+8G2A1?0dQ9hegMGO3{M9SgM zp{XV~fc>9^11R}TTM!9E@Mp7J%!wrRNNT1CT^a$Uj_DyYUcKM{h*!XNr}%d=toq`Q zxK{1c9LX6bzC?k4Db4~+lCdFg$eD80-XwG8b8x@E6vLdWY>=sd`(3JK z3A^f)NoS%sHzTm_XKa-B4n+CWIvm9}mZzcHLSgBO<)1~wwirYpIh;Lo8kuh}g*&rR zyT<$xPNlky%2SoIp)sDbFGQRf zcec`jy&`UI9UaMT_Q^?@>iX-Eabve?WQ)YLP@R3ljp!3?QamzyWHKDB`rRl7 zNro)NZ!F6Ww>#wa(8ON&PCA8Bvv*A!yDeGC9qU($ss!k!tcnr$}%eXa$% z%N&^~7<{@&K|DTqp0_9Q7(F7QYhYmF(bm4c<1tqR7kU5waB@`ef`5MZo8zJAa`(JK zyA*Yb^3bYhcKoR18)J9uCg?-ml2la0%E|+`fnLBr-AWo(WK}Hp5Rd$ z9%}jQ$O?xPbjZ*v8ZMTU`-p|oxT99S-UdTct&@^*3ixxmh8gMT{9{$J!UyH616(U7W#!1y7<^`_#_Cdu8-#;WB}0sMb) z9jDwc9L(wWLwmd*e-K-!V?Ouk0eB5E8x_<2c!pqaye1Tdh!aY0@gl~~_dz{9btNiw z@V@WUMTRu;kAqWK{~hhF${4-I!EjJmw%4?d6*YZ0{K#0DfKo%u+NI`3P}54&CJ|aULU&vOG0&Y2v7*)+=&HRjKjhSA~k8@6L6U4{LoN z-wG-j-in$x)nRabF{M1z(}B{hH!NBbEL3INVZ zxWU{2t96e~%{mq%KhzWJb;R3TV_S?`ko`E&f`ZOk_rmGX1DtE5CAY=I`B(yL?l3J4 zkq)o4ecewK6%;U6<5VB#rlE_FsbqIVyj$cxit>XgbO~FPF4Hjif7C_FD|3kh1+e`-$1TC!9tWu|XA0R1)5;hB#tKNBKbLZLNI(l~9gJwzAHU-=Y3?m- zHfZL@|A&$QIw|_4XIg}76?8om%Yy@WGXIfEj^sXl*blZ{6jM?@qW@~=IOV%An6EfW?r=&P*jx*A27$Nxys%Wli5IYuu?4{!9xBBg$N0M9@U5?oy5L;hH5zRW@`d?M~+G4aL) z;owgarh2Yb*0K{SPWVI4Rn3S7B}t?*RFTkkU^D7bT$ZRGT3^1J^IGmygj%Nzz0xj6 zIg+q?On<1f#N`$SytTOM1YB#^dkY9fLrDYCaThw7@@me)u^7Ks$Hn!*g*}8GZV)Fq zuc`no69SUkc49@ypBCf750ZM9=?cnwz*S)kzvy><=^?wk90jBxG*cVS?CuRb#*;%B z4K@}mPt(+2`pgkVgB60GTqRAV&Tr}0Mr(?sBvf-UB0BM*0Apt%1u}{fw0_kSPIh+j z^Tt(son41PbCpzw+UT%i4o&G>2d|Q6d#BVlGAF1(o%DB`y%Y#}F?QUlk?M65UJWGg zDqbVvO>!{jwpkARK^7_U9X119Hha0vCi&0LN5Tz;*Vo*f&bGXu8fga3p~O!qRTX>> zH~!1ty7>n(*RICAlU*8~+CLBwr0a82)7XW;X$bm>mZ=GB5dWcJIUxZrwtZE_CQoP% z6reTy+Y9#>H2hM8US_c!FLiAzNp@w?g0OV4EySxESw{TpCguOrIGa&^%=;zugKN!r z@=}J|(KwHKd?0jdTif}{LG^gKu_b8_wx~w9BD~ryY2H+P4WKcoEZ(+ShD~D{Zu4M={~^JC%_=E2U`D zXv7OHvF-)N*7Uu-bq1>P19|&1ng$ZcLi`TS3Cd!`Q*6#7qGh-@eE}hFW~A3k+69$B z6WbN0r+lRSX~y$0p4bh>-#r3oU3{zp4iT*f}Q@ zfUNX~98d8toixU84J2fx2SF*PfKK~WGhWQxHSOCe>0kEPc}eo(kGv>CB^!qEaWNA{ z(LHSDNJa8j7q1^T?Eq=^R;?;>xnaLC&m-SZvNScU0%=Y$r>~SJYe-^mYi|p%Bn9R$ z6GRRS4D4NPTuQ}b#*$BNf#8tB*ecEuDQi)d}T*Yq*?dJjzW z!ttfYZGU+1w>b2X=Kmo`pnDfpaJTL<-{@@j= zl#nO@zJ}o(enKd)n{GJm%_v-)+eSPhfPD)kvC7cCGYNNxR4B*4VPB4(9#+A0OMA7K zk0O>T(qysvrj^76xXq_e9PGo*-7I|?N!5TU!dPUkD$Wtg;Rce>;)v0UP9!{UZGAE5 zbYhjx2Mz_zRQo7z3J>vdY;G3L8{+TARh4L^qQlwo5mKDiJC34zf3kjz5ZDxR!;|_Vhzn|Q$iKsgT<5=566!(Mc^+c1I=I?r zzK%HO!G~PY-}eWm?tdAw&9vu#BF7PV4P#hMb&}$;NzvN+)F9Orj-&=|ko$N}zO zSHTch;14=5{;(f}>43|!{0&sNt9}-!Sa(QYe^CdtcRatW2g`l){oEAsQN5;kAWj*lsLmyTS; zty=uL%uy#_e~lZTZ#4J#X;l+;4xo!o%q|de1SHwQ%CWRhBg)}*+%+wKx>_E^4wiKN}nXNLt6#0qiH=<>H z4lkgsY}u7*1+E>_h=m7L{xnJ#+4X%0dEU+Qp2`uIF-Sha#sxjSgI-e_B?6x5xlkz@(T_icDA)qz$1hHwG*+TeFSeoQ|eHR^NCp zeN%LJ-`Z~UZGlId;%E0FKV8s=SyG1xWrX+BLJfU1p83Icn5q=EL_*I7GK!xG@S-@O z;EgV~49!ZhE!2)#%F&qyoMknf^-<~*ehCdmrcOD)UpR~Yz$w0)$)9e7P835!_;FLj3^TjmySX|$K&qDg^$)0(pB2~&)*{y3Z%urTfHFP51_>x2Cxr7Q7{`3WvSY?sqK` z(#>Y)mQ+#L%!fEV9%lVDC8C zm!VG`Ix%(0I_<|#_VG2XidGQ9o}D115fAxFDWM9_KO83w4sZ<+e5?iaXI*4Yh>lBg z2$ToA{RD|bu4Ft)2yq9BQHTn0io z82Zf?&j7p)UayF}1L?!0W3FdsBhuawswvJaD&3yxCQ9Ppd&E}Kna7089XkngMX3if zLm4h#9N1J#x~at_n`1olBlcT`=2(O=R#lfTnH_P}=A;o5N&UPlv*^{LU_0eEBc$kh z4w!C+OUV1y2T#Q&cxSZBjw#$aN;XA$ZsO`5a%o=snguzm?Ts?F)BZ; zTW-vj3(Hz@e6=Kh0b>U`yZe$RGmF(wRuh@_&xTu_;{p3a8$-%6@gK}hPBcnz*UB$} zm#Vo)7Lub{LQV})@4*-DH+@2|`eKe3lCrEUiAPs57OY)OM#Q?}F&;PKK+G6=^pj%D z@ygU{o@$x%C3y1l2WftT1WC8N&udYlkU7I?!Hac=ltTr!M}dp(YJg)migncWHT)8} ziK=RmAliIYe68}W>-lurlG&?4Da-p>4@wghlxvKbjstHU#M}8^kybu#JbIbtXry4= z^PIlT;CX#Lc$RMm;q;-Qlzp8&dV-&J52H}RJ8~=)`oBpe*d024g}<`z%taKd`Q&V6 zaq$(Z=zc`|6##5CSpo~hRagrXpLB`ul1gK1D@`bqK~J@GN+{Q3b5cay#{ETla*Kyd z?(IeLDARQnrgUtosn+-36Onb_@fJ~w8*Pi&|qI)^iuED(fWZk#Hc$z9P zfX*+ZgSwC~h-Tk6{1WUaGmYtC#@7##kzhLzg2i1b4ah z0Ut8eck^p^63v*agz2Ymih5J+D_vFAJKE+*bnSwga{fyP9vPtI za=#ne90w?+?-IXcFOS9z1rZRKd~1yiM6*Z!qwC-esvRlB@rZoHgS8g9|M&mi3uo^6 zZtrJuymC2fzFHQw`@9-2<-J{YXedm(ZXL>tpr}BV!n+P8A*=leT+fn?7x%>ORNBlc ze1~?Ix58X~98G)C?NPB(Tvaxytv8cAf5Dtfu?l`#e>(tM;xcZ#5)i19+I03~iZx zTk;>=C%@@zg>vi!)r;b{nh$f(rwFiy2)SQWEEzI-cEl8hbWn@1$418v9Ug6!iBn{F zyamxO_f1K$H_LoF&GwGComX6AH~bTBVfgrizBueIz|rV_)uM)oy8iZV$u095+wSw; zp11P+Hn>BOR3|azCz*if3=Fu#s_}`@_D1D53*5}$a^4XmozoYYlM$JvoR=r~XwID( zp`YrC=d~XwJ5fH?f9_PvW!+G@*1)ze*m9QfgnyF(1tpRyV{vw(m}FY$&GP>Bbx&bs zRAl0-e2z3br=ykS$rQRu9+gPxz0z;~>n;r`d1m;Vqz}#$#o{GLFY{@p=7K0ndfTxP z`P%IZcg)ja(kB8pT6DvXz=p@1M{c2IoX|>#`om-3^ylUahNX6*a0pu>ESgz{k;(Y` zBrF2tCAr_Bn@o_afkq;E)5`Jx z%xd@-8j%!z!lj~MIUP^T@)f22^&k93H7$hZEBFnk2}B;9AHRv$>ZoMDEFN=MdxXbi z)Wo3JXX0Mbdzam#I=ZS+;d_mXAEc)rTo9~n>r;NO@K|?Py6I7i#gk95kMx zq-X${^iM?g6KB3IMOfDY|AwyZous=Y>`dWI5x<)z8ZmnD4#2|`ap z+LZ>Kq5CAGRW!8gJV`A-wUo>8@`x_%k)L@gH*?OQ)oYV*4Tx5@u?0TF7)Qu#siDp* z)gHOt7q6&{P}hRk9hCJ9n2{=;C`OOEA}2ugL>g%R#N4Ntm5IsyUiLUV8q#vIL+6xH zuF?$K#gh+`#N?$-YMv%i>tIEs(6Ju>viG_d6VqD<-k;_>_(8bw z;nn-Q_YTujOM1+y?N5F`&=l7`qnn`qMTw;fFgu1X*6$t6q;W~pCdB_zW|e=|PeXgI z=%>xKXP-akxmz5VNfsnGtO(^w%cL+G^xh~I(#YSRE*OkBP-vfdHq=VcGpz08;Y}ka=j;^2zoM9iC{Lr>K0DMCfx!^^=hCILkh~P0%D{9T4 ze}qUVmBUl41PHhFs}N?BQffn4InauATWWVwO9}717Vh%^iS{$W+Sat%YL1qwRJXSc z?%o>L%Rvqt+=ZiIOR6p$c>v7Lm9#aS9}^$!bNA~Z>E%{kQ-E;g>O^vH485928owD~ zF&P3xk(dWF$N7SaXFuIJH9Y;U+5Ruk5psr4twi2Q)4dJeiN)5wJoMCr(|{Ql{|80= zxBTIYE6fTzr{Kts4t5QanbuNEJxz6S?y-LZ$RcqpWuWiU_b50vvLZF0*KdV3ZPy1| zdA{F`J-ZnpLVuNnrYkT2CETrE#l9|U+WZ3Yt*t`uUeI-hykC5^VNX?@sVM%e-PZLQ zO(cYU=sQ!CHQXIWbHw!LzMWdPCnJ~2yy_SckIPV*r>2>3&G;*0J+EqxQ6O3shBQ@9 znT!(1eZ76hhF{(&id<3UgvB@NUgkB$llJ>X-2Hkp#!5Xo37g=r6%=jIPAnMYWQZ6s{OJrHCH9l zUeBI)IeO49Sa_k3cPN?c_0`S7IjL0r^2n;nD&oQs3+~zDEVuTzCPrFLYL#+M$uCE{ zU>H<37+{ly3zOp|zXja)Qwo8OWeU(yuke$92)~&em_BG-Zg)-gtap-=4gORLrsFtq zdNZbf>1a7ZHAUW^0@k>?rKSHMz4^AuLJG(^4R1VHt{B9WZE*hw>3S1^UZ-KugNAeS z?_|6u;5&5E%I^&_tGD)}kI~T-+|%dJMS|j^39Z>XgzAOcWS&uhJa_P6iiwx!FA|#d0 ze@W$mDw)k+^HV}J7*YO8>s{b>WLy@2X0zbd@0d}1oNzt&bNGDI31j@4E%i>?J||^T z*!~eL!e%w;cz&W?(B}`Kf!jH+2)13!CnXTf^&GQO`ApJkZ!a$|xn5)iF-4kLCbMvW zX7wti#=V56N+HdH{Z7pV^_xQFJGB*h3Iuq=>^hml{NVKIK@YOqj-b}ayle8Du2zrI z8SBY4uf)GSJY?_}w=HBA4myyF|2@U`?ltDfVSJB2xrElvIdA*+|CL*ELm<`5@2~X< zxn9PQ4$P9YHfniwobr)~f6a%u4W=C6XG$)kj(B7pHXsj-D$<@#b5$GQP7i@Y!e>JZ zK_TkdLlz`sJ}N~kY!up=Cupwj#4dH#LPgE~cGwu4AquX)73bb`lo9QSclBNQGjb~V zvZ8)0kyc5{y!~sQ{MQRNG#g(t&$O(8le z>1Uy3$t?tQYo**x69bFGvSyi?>ca?FSlKaiymqx-1dF{sA95*zt4F;7l3R$F{jxV9 z=od`Y(bduO@4P*K5$)v9Zl5^sJo7Pi+8wzgPBC#8$EMJBcX+_BZ4wJ}csfrxO4kii zawB@oWO}9NSbc%BMBFd&8(?u}^75sM6c`7CD1;v3O(waCD0?0|4qxPnTPBzMi6e>K`fGv#Cu%nMo8@ffTw~eOP!~wOE+(1T ziR~*@Mr1=+uo%%zd$w~UoBaL4X}{9Jdc?JqLSfG&PX8s451T=&9Wobba63omUQ_9I zTGFBR5L&CLstIw><+}f3_cAnu(eh?7VAg;$`RfWV7-NO+y;9-hkh7U+?u4XF>Ye1H z%Q7(!My%4Lrf%D`+xA`u=7@zp!8^USV&2PVx85(U;A=5Hfs-s#X9cAyNrLctY6V?z z>}<(Nsr>$r7D(x&5zQ;XQ1K--jEA_vX9cgS>7Jc8+dM?KN^R!3q5UpR883i-cI5Kj z?(zQTC=Kwb5-pQQ4qDFy$_z4IY9*C1LokFfnK9uAuEXg)N!wbWOWk>_f8>X;MvkK* z5Ts*kc`fYDqt$eQa;d57Y1J|Fr(UP4DyIK{TfPIvY-@q&N`W%DL>J~ed!r6lT6l z`Pq@E&Rj6>fAArXScCuV$bjfef^7#Y z8oTA3S|N9W7c{vc9i&TFZ8|Iu48VV~xT9?_MkZ&`t|vj5RBR8p1&@o1m;|{#-`?%z za`AjbErB#~fex>c5&eSAG}`jxiw}K#e!w`8FR2nC&W|l>%6*e0H&y3vZiWY>G=8}j z5eZM__M}1NGG>M13HkMA4H(YUQUJM3Lg>L>fXWcOK7;X?nF9BEK{0;O7~E#O_Ebew z%!KXrIs+2=!$=qpcCl*e1A%7I-~P%vA0t*_q84K!Y=wAxcZue2``;~9hX@ok*jvrA zcs;N%hGJCH(piA5kSTs%@Q_xu@J#}K$olB4*IlKSZB&`}MpPP*2^n|Bis0`MIsZeB zj_;3z+qnh*i~XCeKb&na9A0WjRswW1+|{$~3rjy-hD!?3H50}Tvt|d6k&cQlLhN!E zWE}|?OF=40V?Z8rZ^B#!R5snm-_!%lviKNv>t7-pdXc>YLan|^`bfJ{Re`gcU%_rw zhwY+gPdkK+RF?PaR)xk=S=sZGkYuc?T>EGQkoq72WQ~R-Lf<3awG=c0mlaC3=Pq9^ z1Oz31G-?L(Oq8gO7#^R=&mDhHE?U2kO#@?Un`M6<7e2->udo_*L1j7x!-<6&%Vr*A z`Q2SZNXQ5<-8R4CZaiU*0uFgOP<27JbwQ=d`26`aPd1Te-P;TeGT@-(?qJAP^4D+$Z4nXmpBtJ`KT<#_3ZZ&M^g6!IAQa;I*fx=f$c^nbI)TyEx6p zzM`-Et{>DzAd_dGn;wz#3sMoeO@`R5;HH?a*}m__cznB@ZbH4dn&UNRe!>#abt95w z)W-T0OM6tQN=X6}Rn32TOU$RbPA)fPmAw*VUi=k(9OaV;tP?_vT#pW7?`4;u@eKEt zI2@-MdW18!XzsaMgY5C_#V%%7hGilrcic3eb_`4-`9yOWt1bgU^v=`mNE#d;KL;l3 zf`rg9m-KB$TO4_qBv2VZmLcx8iO^2j^0DDT*vNSh>pGvUGR4R<}o3{a-ft;n!j zb~+SUg*@IE{`TBX=o97SrUl!xS{U%hRj2q?SZk@EZ2%gYAx8{VtwQ(00yb@z{s$kQ zS=%!RzX)(Q7yeDFUhzY9!sW(;hRQxqhllO6qS|HPd7n|g1=sHXjUc_j(y^`2oYx9? z=Nhcae*AN7btEWB3IEUi2>RSO;4Z z&@nD8&$DD2$jR@nS+UD#5xI@A|CvrGYfR?TH4~*=7-S)JG9`Kq0uSd}H>ip_B0v~+ zn7;##<4Jm4Ww@eCF-|?mKSIPhu~dLEo@sAJD)ih^y#QjfF@bXqcX%){u8O^=SGhzRh$&N-yp4%MkgzQl#d8272N$vzgpEiCtw-+msvFrI`b1_RUmr zNDyd(l&O3xU~UL|%oa9=URN!xS84u#g1tG*3{`jm>rx|nB?BLn*S=*UK1a(4mu0gN4)(aCd zo|U%y^J<9su)Do5zC1}`yAz`py80UWV|8evBdLr91?}tjGcz=D z5JuUFoFsz?Q5SAtrAUrYFBf{-Ap8&=?pAz14taYSX+M85gI0WC2?4jY7fpuzepQ5+ z8%bymCc`)KO$&*`u?ppx*gEfTa64Xa&)FTzF7!!ZB@9pb|HzFXf$l!8Yu7>Sz~bBM!Fw4A9NDGuLW_0#ITZ#btZ9a+!8|28HmCD?g?0x1Eh>fXG>uMTDfUPh#{Cd&!o|kz zVy=Uh$n$p6Bcm$Adn`@EM+H}db(Z4%{^Aco#%6S>E!yynNwY2rQ01YPlDg?Sd>vx^ z&D&9i(z5-XCZYuLdQOw1x8AX*f#<`9{Z=qL;KK|z#Hk_|#s0xT%hOk;^A9(zMa&A4 z`nyTqjivK2_MJYAvn@j&1sL<8H+h|U+-V8N5$uo62)qcpp`otM!R~tFnl?9ErK=@w z`A-vAC~nOPFuPX{C!4dTCp;N`>n;V~DxM~iv*Gw8>%_xH`$FF62{(${%tttvL~WvB zB&52BU=9+GjJvI~V5GYDVOTO<3yz37?Oo6?3tD9(ccpz{r2gCUEF$zKmbIo;mLq&P z=I&0Su4M3w3<{kX3Vm3<`;)R|;XHUN`x&2F7f107=i`(mmSQJJdkW-6TTDOgB;b}U zK+osW)uf^P^22!2!s2=r-1Lzq>!!r6p(S>{3@?rhR}m`d($^090TQP9ea7Wte2;l6 zB_c5-29a>Uf=L9km>jc*wTWk?F0qf2KQF)xMnsC|E=2Sl<#ya;^TN8T>N0Hag9s3* z!(A_cYA9+5ud2&3JVNS zmD@LRX|}ucr_ReJM8-=;@TCA|W0ZhTo*PFtc40_olo>qUMr%H_Re5x3C-0GfKD@NX zt5KyLWT7f(=XiORct78V$3ap-76-^ii(OY5L=NrlV^x_C;Qevrm#rCx+k`rD)FIs) zmz|}7k~v*Gw}sUNo_y>W)-rLc7SdfZ-u}gv6F9du_pM7 ziD3xsvz-Z&8{fQXw|CBHC!eMW84~Zx9CA6T%lFy;?5L5AafKGg6bI|Kb4!KFcp5c6 zg@2T(_j|77o5%2w06r+TDGchAT6~@8k=x_&!4i1hGnU6&77`Y|MrhS4A(R}5ZDjf8 z?FHGITh8Bq0e%Kg8x1!}v9W1@{0M$9cFi#Wq$n#9^lsC`I3{ithIb!B#N)- zQ6CY^_xv{64uh{us^SvBS5KKuTe}#*NB3QWaW(@Q=#j;ESA)0i$Guzr+i^0hW2)dd zsq-Kh7%$Wbli@`*a_&;%iD&c?KK30vWHs{(Lh>0(Os<+sSPkFbul~>DYXJAzNoFSF z8xq*}s?9{MNR5}|?63LcJiv2#jA{!av|;=Z(2I_sAswHjZYVzG#>1P1PVY935ex_V zyoRaMc8Q-9jubC%1M#0Xg(W$XK10W1b zuMYieN!=4ux0^;q1C>!%tp=}qT3N(>y?bt5h)%ML{e5In#w4owG5oV++)|RftFxV3 zB!QBGgVAbHpaiKsIzS~VTw?g@fYfl^W2GEM9)9T$L6R35pyqCqh)9#(%-|HMb6cU_ z>YUe1he(d>AkA~9W~jztAB7HlrUN|Ln{z!e;6|5+^?n~vW4oU+t2W+i-;@(O|)OKMhNY|g6Z0>~$dHZ_+Y^=aMWJdWH;AJrXr5)Rn`0;?7Y zD`4c6N0nFFvJ2G5f{eb~F4tZT#Srv~qDI>z$>XaG(5L=xrPYADJ0 zCD(v)BM}3tv`!(q6c#OQzVT(e{Ef2;ue}{b%$F*?jYKc3rc0#?YHUD_PopYeI+R6q=Tz0K;!Y|p!(MxKC0YY7z<(mPKV z>?7Sbf*Isb{5EeXnI*B~DZ;NP1_rS?z_l~UH}37zJBP*;PfyWGtFW+y?l0sKE;&WRT=`;l%1 zzN(L>3b#9dz=g`Za;2Yqtfua4!Y(ar7YJ9gF|0RpRdze~BOrP=`P3NAXl-p9=T9{+ z@^MnEQ@TA9I!V7T1M?C~s)_=mP4xou+)GkLl9YHD+Nm&%GIw9iy1o;Bbh{7ccWKj) z>lkRl3toAI-IB9~mYD>+H;hPvF+#g%4rrzqXBF=OCSx-r>`BF{L`Q1O!i~NDbb4*y zRKsV#`4CDi1j-?o?%V96Qpm(pWFaC{O~fqpyQAtFNMK|vjfMAp&yFT7oWN3BzW&a* z)#2n*@I|@wnt7M*So-;oEh8EIW^7)V{qE@Ip&2C?1Oy>NJtDcC2bBD2vaRYOIwN}@)j2fRYmuX1Uuln3*_s{NkH1R2!O7=m#breU?oozX>NsHA z4-U-vu1~HfN}0!pU~n}!H#YG|FMj7brsmS*Dz8u0fRFJE$GNJ+lCgHb@O?Crsn_e= zY+#5X-)#T1EfD3<;wk)Lw?M_`3{ zU_x|nJ8R8tHJ;$Z=Sz4$n^lhuAce2z_g?|p;Gt-Iu@-}KamR(nVWfx)>1=B@PAFM- zbd+aC@XsK#Y#*qt?_)yH1Myf zAD4^C2&E`i;to~TS+SJ~@9`Ib_@PU5FEVQLz{XtCot^x;}aQ>d8x ze4?w=>u+&PauEbT;Zffq3}SzevdFGIk5fRWoiD+k(u5j3sc!IW@C9ogF}v{BPO*&2U7q&@9=YtTrGA%YIjt*chTriG^XBX_A8JX!(W272tT1uq z#gjVK`SY}G<$6-S8?pc$f6VZr5&cVf!SyhM4S9<^t)4Y{`@w}9zghW zEw}tATg$7f)u5%=JKX-(1M|FF&Gt&qVj||T%@`Z(Tg#KU5X%2tLdda%o&LfHnJeI$y@_7sAo7J z6m~{G->^XvkGWvoF7Nj%E(VQ4?5TS_HNlinJO#mfZoB1D#A@(652Ht^xx!gkH^i8) zW8tt-bu|C;Lb*ox&RFjt9C`m3>nT-bb8{!zwI8CBf+iP&Cf|sMt0z{rR0iyUx4X_* ze-@wC>0h7~>r@e%PCSXwH{n+%J3XVt?c(Lwk1ZRq7a6YC8jbp06Rb6|Wll%4cN1*p)b}ypCR+1F^2g%9Q zd6xM`MASnAT}_IYMJ>?5+m`fh{88rxt??WeP*G@;mQ#!4GZzH&riA;wrx{sm`pjJ z-yedkx7@ejs&ha=M=7^wV}1UqIn_#N`^fA2Kyvl)hl=_8fnIbL=gSRyE(!?V4Hk_^ zeBx9eY4K!pJj|Ai&mX11nQ#T1?K_Rew{ZGeGys5vtcP@8Rx(&cWbfLl+!ub{JH>wv z8FJ45`Fuc|GI%~%RYWWf&yndl1vBOHah{rfu)^n~}+%qME4<|7#|FAsY=rvf!-shHui2gp)d{a#j7@#q zI{@bK6zHm*ZjN#&yS^=pfsKUDO{mSm_6A$MRQ>`UQhe>9g`=3e7@_(ZOyFuQj-mib z@5u?%>kl&k0YPSFcd7y0u>H+8ti-opLnT~Ev0+CkeEIMV+jpL2QA3u}eXpNf@|3%N zd{J$SFc|zSm8o6Pee+3LA4lb=<;~7@l}l0wdzB42&$j%C%e3DIMhwmE>4w^~%RY!B zbiK<1FJ)B)+d>`o!B&Z6#ld|G5Gq^Be{<@>U#U@M%oOX}1-IilJSh_;MZ1MqXO*=XCR+3Ze={OHl*Fvp$4$J219~ zYByL}WpbKNDPi0ZJw96WpTDgMzNZnX+WP+V=H3hP1qLs82Zq+lTsVD0M5!dqQ=992)VcWxdSTgl-mH6@D$)A>Wp$ulH0d(R5&_{EQ|y zomtk=wTjjJLMYVRI(~9vCh`64jgwrMJ%3g3XvN%gni9VFiP0BvIq_&Q+Q8RE( z%+b0R*1a8iK{hIs%l>zUoB4EYLEgYAqD=?|sA)SDFbSXWhwsBkO*%d@KieK)u2OXf z^a~FDA>du6%8PKOS3CreCHW>~|AMTtA1&jo$|B*A_&=WV?`z+ng|6k(oiGF`vwoY` zlX7zhBsm~OCj1N26uMQFOKESf@q$=qbh!!w4Sd?8 z2Q4kMjK6F3pX*gd8zBA}!RI%YP-vPfTN0y&GU`Ur#QPJKV$zl`(;K|H80{kI?LNr- z(6pAd6Uw?J2wl5#m?;`;F%bxhdNLIIbBj15*lX-uWb{YZ3uiU@Tpc&Ne#^#cjGXMp z(uOuzla$ztxxmuiXC!YDK z49yxWbsA^QXFkw68aP1PtdM3jgfxGrouFLGq8V+r)5iE9n?)zNR_^BD!F={2C$z$K zJXaBMy4>{B9YTIF-%@^^iLbt2=8eVj>7L9(ygW-%t)ml9&vJz+C~X)@(&IHc9yB06 z*NPFm{2r<(;996zAfx^(^PYk<&pOuwSXSHL{?bQE@4Xg&g#ha&cSv3%q{4;{hX(yDPa~uN6Cw;vuJj#x zLW9Jih&fzk_2)qCzd+)@{(6%cvhBUrtePm7PSDKHQh}d8`V#!LAE8+E3$?@}nV07& zt~RI*X^+R-zMBoQsd6_~Pc~6*H|iR(lfe2W;|!m=c$ zTkH5w*{_Tjww7k8b0Z|l<|rw1BdTkY4E?F=@QDn1xTd5&F1@+m*;M5!>IoY^*)P$+e0*8&NF^3A0U06lG7kd^}(4?Fu-{Gdd=t$Dxr zEwXum*z>p*-W0^uBA4MQRh2?D%zIcwg&P%X3m_%US=ERfGRZgV(y$;YA5Dtu7q#xc z5EvsS5C3d1j>~eKV_u11u#A9u56c~mL*geyCR8*h#7l+`=>--NhRNW6I6Hh%TXskI za68KPUuOCrAK>0WyJe_k>XC5c6e%Pih}rJ@HFcp!hEw=Bi;=}tR@2Cj}R>V-Mop3Wxubpej_*a zWFv^-=lLkxr4`I;LljA$&iQSUv+3vIc!Xhi(W_UejFb)iUME9(G~AvMr)kVXb{W zZ(|s&iR>`Wbys-@@yypts?hN0UQXE*Vip#3#b`W(=l8}jki{2JD}g$s%y$uL!=lve zj6S#}`>&$@=*wpL8KOahFKjMPUNWgm#pl>xRKW;M;4fjHP^!GpAvp?2uH&vC@8UVM zG1^!HI^CDA|KhYZsrl!+(~^)2P$vZ0Krr}TAT>NP5-Go+fP`NUXmKbtsg%A{WJ0if z7hg3~Z{O$@Jg>pw!ktujR3OdEeW$WOlU~Y5`sUa$sl`b5%lF~}E>(_lS$_b+f*Y{~ zm9Z_VW#N~7qKMSy*2xl%R?o`En_DwvTilZPqP3{p!^JrgH9fM;hWyld74O&sa8N&UVp>`Tv;oMa<>tN)L zqL+X?QjFGX+or6iTx2{o!>Yrj39I%te6 zFT!JQ-2k7rM_ARh%t$vxtX$jmYA3Hp?i32EQN#APN+r8Mt~RUAr)YL0WUzN|ty7{2c|d?K*I41e z=|IpdZ^P-_T?~QS-7q4?VD2{@0U&T6fCN^^{KsR2N@kJ^ z`}oEV$VPK;+Y(HNjSC}?c}LlLD(L(6svFTE6S}lB_-Ls$Y|Q0jpRUc|1e11Skkj%M zIA|T=g4Ok!iLhuN9MIKy##R0`%-;Yu@?AtI+(tmjY?5y-r$Cy(r-hrdr~+B+pJr8^ zq5QRo9$g*pqrj7@A2m&&t#^9Z@&73odZ#p&I}Mn=SMIugX|6W*r|dkKt}8;LjQQ!pDNq6cQjd9c4!*1X`Rj6&ETn+ zsU}uI7Xl&wFEh=cZ4pVGR!0l5FD~W*Ps>;&>C@)RA<`>`b2AW$5eRv(+*tj0>ZgU# z5*~Z&xeQqo#`L+GfdRn0zW$wQ9S$~wu8^fAjf%>gfcPD?l(f9^rV}s|~;AKGS@&FD@nxVF_jSF-aZG!=sejJl@aE0jnF!=R*5q z3_~GA?I9`p-s5o-aPTlRP;Qybe|apSYBamM^p=F|->YemvZ>AHH>3X%pnL#IT|f5_ zYCRKZdrI5lb5%=e=e`F2O|aXgyB8gPw=6ed-V|1P5KZdUZIGF9zT*Sw(>HVOeWZnI z;Rdg6F-|>(TcNpp<3y?OhC!|be}3~?B^nvx+_-236)za8R4Xv%3<7!DmYB1uuo;~o z9zzcLbjcuch>$3vY0Z-WHJUJ}LGUF!iMF#xeHBbB9M*X6#R(H-n_4C&S^(_;4JAMW zAUxFpq0V5$EM=X<5l=p7^UpX*d6ujv=UtDLg()Hy`+A0>3~as33w z)iRdhcg|CKNT)R0KXXVVEzH!L3^o)Dno!$onXWW0CKG9nMd6V(uxZ8XMwC&EP<+>B zF_c#HgHG%+2`e8 za3b2fF#K;~0iVn5Qq@xRqM)mr5rHnbtV~Ek87qW_VJ8kl!$92$w?&+XS{W&65Hj>r zF~_r|_G|5TDEIr5p#DC=&Hh4{>FV?S2ir?|F7PC@n7Vba<>@)17n(q(5hVxxFqQ?V zMLxUtPJ0_w@agmKa;+!`CfO{Z%I>a@F*SUwwVgUn>y(OK&0h%$`FVL;$1cfR<)lrD zJE{i#APEw1W+fe+lYk^^xo)fG<$4e8d)m(Dp>gIj^%h~o0EC2cog!S*UpfIEwjDC* z6LHy8IdYkmp`}xQnEADmd1o_9TZpyi1!gk}w~oG^vW`gZJc^iF)Gcd%6+0WZz@|iFwa~Lr-?9kVMj(v78wf1S<)e0fWrn= z&zC{6{)1&MIlmF{=pkb%z28D{J|V=jzIkb%XTpAkwS;A>*UV+3jwmD~gp8C_WVyGG zEYX(}degpq3xJ;DCDz>dT$_l|G-u%bD(xWiiRu(A!N0LFBxMIs@}DV}WWdk{VjP%ojDQ~qRklY)&8OsrUtk3hw9 z{ZOijMk^C+NOAFu$Y?aWBP}H_+gFn(snlq#H6E$9A~HVuiA|3?SO!k>d|Kl671stK zM0#MiV;)O$=xD$s-cfq?>IAgB_Ug@WzNn(H1Zoela+gE*5q=EfLO^b}_tk|Uy`f~+e8ak9NC z;Z^jg$5_bGzQFXaruzMLNd7^-XBwp(){64pUu2Mz>n1^euik$>Lhw{dYRaYh?WMLw zfyTQxe`6{{{sO5WVUf!?6?l6m#1^39{EeaXX>)yZikN7Nrq1U zrU5Ds zOY!ShUi#A2NuPB}8XCL`)#=Z@HtBwida-Ty;*6Kf#ZyA7-MV9tlwUo1syg7iKJ=wM~>MiHf4y1?=;J9=;s17K5pdjgQ;%7*uJz$~A@Q?usk~dQf zUj0|b{O<>E62ruFbZ-BFf!&PT0mtzj^El;y!<8b0(Y_qjO6w$QQ;zBfWka*(_DYBk-bQ9S;Qz$V!yo+z*><}dHE-H_gJstf(gjX+P!yLQ zIr{19ek6LW>UeemU`Boc&t^V_R@MH*L+JG#X)wwQpMY0CoR$$7h+RZCaE-d2lT7=D z3{GATlJM%vVPZda)SgK&QULVKS$xmW&;YZ_a24E9*9zv*8`F!6^WCoJ;(3%+&KXr?bE!vn7p|f zu82_=Y%t}ScI{$}3H(=3a~%z&octITk=Y!v)RZx_2%uI z!wfZ=O+JN?SNg;#QO5QO-SY&;8}ph5gRo;WtL0k12Ij43W-T?+79h!tl4-xCYOm&y z{!8_DrEl7RIm>i7OL4KXAUX934Mhj8%josk#Ctq$_`Qu3q237oc zb+0lFje-&`7S^fULL5!KMI4jSL~2u}lV})ENn#or1a_<6a~$ipy~)zuU4Ip52CpZX z5EJBwo*>+3ac#cIf5EHsATzS~9|#2fiz&2(v5j)+;?@Z|^?6P?k9uj*nEcMEAN9Z2 zA`AT@Nwsu(WP1g(z}>x3r0X>SbtP1<4b^yeWglcd-)Fw!L#Tp#FaEr?`={$0R~oW* zWeZ-g0Q~uQwOhaTuch0RydK)hgRM|jbbJ__E(bV`Dt(CLvJ)a`miTtqGzM~cD{QWv zcWG{UyXA7*(R{vkqy3fEhBjR=`Xz-o;Hn5?h&OKuZ@xx*OpBj@@=}hzGFn|13oB%a zT>fefdZ*DiiP8OJXF*hcqna*E%w^z;w zIQlVePq$0g*bE0Im*-WOL((Yizxd2nJ}O(3 zW{a`p3N%$333yrgCHp~(63fGHz{PFH{-J@A2WfdGnlYlWb?fRtDZuZ+eqxC*i@ZEz zwm6`pTy%3X!;qGRw!X8sTxD%(Cl8j{+|w-{3?g*&tT?n6BlAz~7N+7RlgH21Ko!k_ zUBafP{ZOmv@|%-p4N}e3jMHX}l<0Z^pu8mr#~0u7ez|U|vH@q$Q;vHnmYeBchn=Vk zjaiVq;xPFmL8usQD*ZzXFXR8>6LMzrXVLkv|5Wha2I#7sp;6W0*O8T-id()K0m=bqodk~0Fzj(KD&6pc zz-4Py`W&)H47myAgs61Z#Y&%arc9}%^hu{G^6FEWxz6I1x>BY8(p+c#(&%ufE`=JS z)!@c4uf=KC^QaZm57*^E`ae)AuA@6H7bB4|4p9>LaxN#sSUdZpj`qa89}=kX0f0@o zm{6fWdj<9qdQv_Sg5`S}LK~IzQB9M6z4^uwP|q#7ASvmL218kAy^-w@R?M$yO)gS( zH}KbbFO6(WEiP_9xzUtv3i%zs_aFbm)V^rJ>_Acc^B)`*G>;Dv@DHSvuv>-KV}Hl3 z@PFCkmra<+)-s|xeP9|Y5l_M1`{0qkuUknD5=aZ4CaBrZk>6+%Fk$;DQmasZd zx8AGX5wkUyrEckVnvS2h`u5_*B(CnuTwC7wgLKqnpzaP3ZxfMT&jKliAdMn3$BG0# znS2$?pOz8At$@j2(s#+AXHow)JDia_+kQ)`&b!4{h$>j26M@LQsA&c<5D{x^y%)e&0|3tPP8sR-OZ5b+PFk?Q7z$$%HgEI9ONYJJG6tkV2bBTP?} zNp&Fj`3lnz8vYNQ8l6>d?}s|jST&X1-Fm^2%4&QUua0N7>ldvds z0s)&64aDxLA0z^RRajyR(X6Z$mKOGPz%cs=?M}YMv(*LN+5f-5X*~77e!%iiY zpuME~I@rKdTG=crlQnG^C_EqME>VEhbP5DY^E&rrhrZVHloA{o94q39YWQfkR>(i< z$|%Z8T56XzrWDMXNZ&dxmff&PPXbcdxF@tEqgCsU$jQk!c19AooUULLvIQ#WM>;LG zC58)8YZD*Efy=p~A<>^%tUu#&SO*r4r)`F?TTQpSA$oxbVF7+uyJOpxn=Y`^q1d7VJdMbd^4p?!yd0F zq&}zlgY(@LS)ZdOe0?!qm~;Y_@yrZooW+PQ1wSB}t)YObn+}pP4$CAM>#USsv9jjt zlKv{ORNeh`h&>02Z#2npaf11&S!pu%`zL1!I!9i}AfNv4!fLS&kr4d!9NWx!=;3LLzBh5w5mB#{*I z>ALMd^WqkMx z*I}3-RqukzMCwt@%++@n>IULCM8`0&e)^|!Qe*G7{y)CH0xGI+?OVn{N~BA=yCtL> zq#LADN~F7n?ohhBk&y20R8l&m8>H(y=zIV7>U-aBty!!Y)|@$eKl}G|oYBBy@&m&O zRbkB?9nD#t+MH&OU^nBf1j-=V?W@yGo0SgeYPqRZ+my7py!!B@VVoqpLQ5+<0u1qQ zVb9mKigvh8*43rdNZzh1x~_D%1SuH`x$~e#qgETY8B-q_eg70)-QeVj)Dr1C<|s)n${5-vWe+T3i;I9@x=Lxbfm=54(Px2vw3cA7iIzuk>r zeg~Kk>g^l9-`+_g1T9;++BMvyNI68&_lnWSkn#_5po$1E9>~-7HlUX@&=!_6jWT3u z?Zo&$#`PfJd6KBYl=TyY#J(ZM;xYTTCvORE|i}r_(`+ z>hOJYM@xJwqmASQyMxj|61CLA;K@0S_M8cRvAsA>Y<_G%4Q&}re`Nt9_w1s%ch2|O zifOg7u#&3P>*ToHZ&I-|{))L$7B}B=2aWdkd%rM-e~Y;N#%cQ#*7NF$l84z5?_qYD}d;iP7T%?{9$X9+ymyQ7FkRgI%Eo!Y1mF)+l#GjhmZ^Z0) zpPGB#F*W}{t~;w~H=QcM0b)#5Z{{BO_T6lNAXQ_v%-tPM$MdLGVHAl_yE5KU)4mXs zbu;5H0|Ca997VdGxlJ*#uQa*ex=lv%4l7Oje6l;|RQi*azi@TL2lW=m|6kavoE-Rh zVZ4w^C|Y=cYUuLU_gfzepz3yFiWoPyqdhzmdAJ`F#@<8}dRV&{ub|Zi(3SaHc~HPC zQ4kKepeI##-S|!4$>x5iss4wb{{?1P1CYHW;%annCg9WkkZMzkCcI}!XViH2H*cVN zXN4%9Ny(1M&_#{V^a=q59p>PaU@1V?ZCVaj?L_1CmQFaKPlacH0*3n&y({#1_#R0A@sx>ob{PLCe7q{CCp&_6;Rz-A&L{RwWVuxgA^ zfXCHp*OLYiLXrT=1oTZB{T|)B5}44vDIK#@+|tCXQv+nK0bA~WzmR#rKT4rR3)}5l zI2D0KZ-VIOj6f)=#y>%#3_Fc4PgKYF={t^RJ zs6Zev$qdkC4v)I*yF~uP?HCi_2mXiD`1kuZ1TdB48Aya3SlO}~=-ooIveol|EM+Ts zBiz5%$w#S2_eIJ4Lm;28?EKEDcjeRH)D?n5|C!=VnKi*gnWZc@OKVR;_rEvz`#<`p=c}Dd3R3m?X_;_?Nkun{N$ufz^I zE7dVTOZsCk5Lf^tDA)G>>+4%*eKDZ^?KgS*Kw?=BGzfdPfmua9keu{g(kL@!gxyq{|&g&xk22*9ZZTn+=Un5v-v@=;f#j4er>^~`L?>>!4`_x)>gn_y`!w!-f_NdUsLndkLe;RW!jTw03iu~6Eagm-~taas6^L?Se?<-!IeQ(%_KDRhdK2xZ3L|A z$Pd^VZ{{yP^cE2C8lA*7{I)Q4CKmno)_|mzoWNns&W<9gE3=Zidcp-vFXr!Mxr+%r z@EypCk36#UrtA`()PEC{z=0rN1F@}_*P98fWZv?W0t)5@>G~s)f0B?$7X(b)FP3@( zu)J>0&@bARp-~krR~DSXCkrGjzH2Op|3CLb1jPXhj1)jrr;`M37X{X8-rN~k2F~gQ zecbOluYdRuI1gXq+Rj3iGWKB;BfzZ;Yj8X%>@oVy&QFM!gY_nn<1X?UXJ}q93UoB1?qUz+uag^sVu|l!`8#-U9aj(u)6V(GT{KseXvqz9f_P zfm5dweL&>ne{U~29Ql0wFF1liAUeO0foXAoK+To=Y{G0^54aytSwRWfRVz% zff}y)l8TP5wr%Oq1g72vR`%Q?vNl?lY zhDD2df5|=|m5nve5h$D)#pecmPAWk#3+t)$lv1EM&_nc$ zQWjw0coWw0CfSUH16VI#nQm#a~*o|3}2w& zaK8j2JB1T`3@GIAZ*JMV&VNawc7aFT63fhOqw7$uoiAIs9L}nC zRe|>>*ZdO1TX24~vHg41?~K%0Y?L;wmFWrd7&{D6sT3ZSwnBb#G`V*a8NhZ?JfBn0 z|NH?6Em*o|p8rFGt9MKss4OfpytHI&VUS1MWTfx1xx_Oi4p*lY>|*YRk3+A zhW;;6a|wYE)72(TWTkbDV%P_s^MsD*j}}<;>O{ExCip0vGYQdfnUmb?D{NaY#~;%$ ze{=P3wXH=-^r0|v>4_GLC(*siWXnKNgH7kNCVpf14+Kn4NDm49RX=MqE>cN-0xC57 zm`uRieXrj?-l80(d<);R=}FJBKl{vI5(+q|6v!J&x^JN}r??OmCt}g*rdtW-U#70R zaNGEW_Ch7}2Sk>ks7LuLQu@JRq~qVx;+Jaw#f=8wE)?5^S;FJK1emXDCmXUR@o8xR zSEnr^7sU+*W02(XcW35D8uQdN6alc0O;CNoKVC^>fYFZpsbXaTmk23D=?~TDtw*BA zvf)Moxy}x207ll~KTv2#;EdSuKO(Cb-|g%@Oy<<-a9?_a_N~ z(!tvIi(%cNEsw=|t3!$7FP@*hq@|oF0=m=Eyz80=qcB^SK2m;6_tMC>98Tisy~`Fe zT+R>-3JMxh34kF(-U9%Kc+T2)4BUDPZY$j9=T#}5Qp^rKc^vVd0_TVuDtnPyWfPLL z^yDm}D4=|Pb?SEKH!&punKuH?NrM+ot=``0d+v_fuA)pQ{-=Ike&&t1J55T%1rM}4 z*kuDMLBJXXXwhWE^ti)l(WwJQzTw+*T}n>hkABnvI+TE337|v*SDwJx~YZ*HWfZ8RANJ&Z614nEgDF{&lUAujeMZowZpVk!TuM#m3V@Q$=!}gdSzUw81HT*7JiC{t;0?d>x>@E14uB>ks1HH*PL3 z4MBghpg=GQ(FbR%<}0o|>9m~T#&HbZvAc+V(}k*MrRJ7GoQEyI6YT@#Q{KC~H`xkn zhXG}{v`!N;Bl!iMQS_RPv_($toK7tb&lr~qB5TMAbt9uS^NClMU#f`R1tnw1rtt); z>3S+O2Q0QnWjg8qxXYHWd?(|^enEyD^C)*?^22=rjYajSqoLdMG5=cJ7D`koQ6>3} zxOAmrN&r?C%VcOIJSv|*0rN=EFZCP`x#v}LW!zhV(v65ZylTlAtocXN3WY;>F6(U~ zq2ph%cO+bVPm@n(*c1kRKq=SwELl(sMq6@!x=LV%gzKs4D}&1*x~}S!^*t78b)(oK zYm}TKhOs-=buX+A$sL3l3eEpe_2P8XBRG~ej+CB$csnCJPa?+36|JZS-+N1PI5n<< zGOqMH&X?S@xz8y|`D^oDQc-68j?vPxvOQIWgv-%#d_8U6zD(DdfnRgppt(65ydf%p zP1ufksk|BL3m95dDF6xlSq=V@?%v2Gdf$Q-=^26)CwYCfylG!=cC`O;Mqyz=(81!V zaN64VRo+(DrCA2Af6FPr&OwzXk}>m(E0gPDss3iWKk#vDVnW@=%zB3`DjA{`S)$(Z z+^XfcLBsPleLnH6xT+nEEYJc3)aS!AdJ*`%j^~3|Fcb&lawp2SzQkCR&17aKg2j97 zj(xf@+9Z-2> zi#{wN*UK~c;B$3q4HQpepB|B#PTw1d^O2GvKYzr)bCY00K(AT{LJE`9a5UWq= zzhbad!sT#e&oo5K)>Zpx{ruBMR5^hzyOUa8w<#?3T1WaWXmy{jrhc4x8_#3SUkPtx zUStVXLNQ^J+P$mCM`BdLuVzSx09|e+;CVYXZ*wu*l5BjO-V@^`vpE$tr%uvH-iSfQ z){c*(K*1f0_jABvJlS5Ed9+Xk+7ObIM&-7*25Xvi;5^tb+!MD`ZWFG*9&F7SMfx|=jN;tnFdt+lpJ2{G~7$7>hAYsp5q* z=!pgc5GvB=_U~SpBtYM^k;bq_+Me9QS$$1+O#|9)Ek8sI5!ZC2kaso-8RKK|TY@No z3gn>h@a~lFtjtd5bP`%Z%F5_PYGvMCIU+zZ+05)DO}DH&7S@UdWDHCM_y*saH%-%U zna-T`yr{aBP=&Dp#>TCsz29;?%JzIotJ+JW7W0e4&OA;e&oyVm#a1G1I-n~|A9Y0) zYsWEQygN&_Z9%I5v8S{&=&8Sy6BRpP1ZGWO-oR z-Ax_0I)eFhs^kB-?L*AH}CV|@^f*g76ty)^O&8hO~hmn3r+noL$_IJf0S zG_sZt&*Q>=xCdUe9;yk|1R&zBjARPi%q`C;6e_N}53>4#eNrJ>PLCrj=G`u|uVl&T zk4;OPn0()$6^6)9rr2U`Ix;GPCa)y*YUdOVfYPEE+8=m$786)*j{E_M)tbwXtqMzD z{b<&kXwU8J2VmiT5S4r05nkH&^r~05k|h+1M}JB2^4)Xs?v1CD>;l1!)6_OQ_GI{XY-%RBQ)Ru&nlPE#H=)OuXog>R zlNR0ONwA0s!0=Ev7PRs`oi>kt5hNc7o*IUJBM>bV&Fta&H#UD+B%Z_>t+2MDG3H<2 z=I$)0-m#!K0;azJh*+{M5i((@U(oPcYeH{~cSwH1QT?~qOH>Yv$7$AWvP5aP&QXcn z`ruWb)17G;zk9TE+4wa_KfLWFowzW_lR{6GmieJ-JPg`mRDbOu&ti~V^IP-@{v>T# zvp0~8o$iuiZM}Scb8*-y#mEymt?P#2aibHN*%`2MLfasZ9>Xa34vgy^6NAok)n%w& zr{}qt8HgiaGZOpQbUIrqAU(xi^(afP zs{l@$Wo^2v?5Cxs`du=qonK4X2}`UY23@q^Z{y?TM#lz2m!@2fdzVrctUNq;yl&@0 z%J#1uZ_ltqN@z0O{Xv1E3vmE#Jz)!E(aBfA1lIg}fk7$91KAlmgvRY9?~EuXI<`bt^tEWs9&R-Ca^dGW?UJzHwoN3BL_wtr27gjwsW1q|3H6HTY;7Hu zCrOWtg>YBMqobvH!awsxv7FQOAr=lOtbGMS(D;^gEn>PY}iVqL=to=++r;1-;{CFw|k215!_EWYBn7AUx^EzTx*(;st{E!F;wm*d?eMGsC zfERxa)i`h*R1@lfe|k7TOL16(%COd0j?m$(xc4VrS^UQ=3Kj9AH_c+Hw&;XFvsNOb zW)l+R^E7^Y4 zWnMg8$4203P4?_Lo?k&h!E#_5P81{*EYj3$)Qn1C8PvNnoNg9jw=r?aQ*HeHSd#vO z@R?K(QI<4)PB)=IN9Lpi&n4-nh_c=qdfX}*8r5PQrTTow&VDpXn;(7pdkc*)qx{@Z zWz8onAGW-*ZRPMIq_`ah#$nJTh{j;G>a3ycOh!BWOnNqPG@Q3zn!4Y;7g0M|{IVW! zq*yS&^TM*x+7(9jeNq-)iyGJUV(Y37y=T@b=dFh|dXY*<8)AHt^?o-+Ovtx8*o}g2 zK(dir1363S$yR;O2g@cBrcqN$%KydvsWLr3NM$Yp!nVeP8hM)q zF0zP`KNBYx<1MvRoG~3bZ+s&q)v1PnWvUq(N6%)n(@5ep=Sbbk=!M z4RanYMtXhT2({m^6d9gBr*HQuI`o3)^9_GHw!*W?*`+eR#=c;wN3@`m&y=peP+Ich&gp7~WX@J~Q5 zN}!)OLzkgr)kg)WL62f7AT+`GZ6k$5LTEe2dv2zw=E7v=Zt67^=`-qb}|ww~@_8@JZZ z?N&bFPpBoHNB8K`sn<}YDpJ#n+y-Q&Ti+(#e2t~Zmc>CQDI13m>g6KA3Qh!^kwEtw z4fD>c1f`K5II%KeT=I5e;dGjea-Jh#8z;J@BMnQXNPOb;AqFy2&?H-(bq57#^sUb7 z!``g_@mkO7I#zlwP)MvlbF@+?@p^_i3c?SE$7c^))_lzpN2e2Gg8fCr*+1_tHfS_~ zax@+;sqbL*>&{BZR|&<{L*AwNjV*?iHk#Yl+2mm#*O58&sN*cnLu6&bB~#3W=ALzP z%l2kq!%2YL&iC4XI8hjEf9eJrY?u;bg0AwC70PsYOEeoX4`p4&ah-tCIv?=exfvR+ z`AV+KFjWt*n9Z$W743Yc`8typN?HyV!g8`(X#v|~->zTh-Q3i0ox|7@`#t;DX&&cq z?RVzCr*-qfp(8+5qWb?X51;~44w3W&^FRa&o^9%H?;pWCi!*m;SlQuSv1cO8@8t9t zdDO**>SMYMMwgdSkI8xE#y?Qt-7nj9)PdUUECM`T# zGY=U3ujJBzMl6@RQJXPKj+Dj3Y@RltA%vYpTl=kMXFz*0+4WvSrD)ZDYr=68%}ns*_ixvvAcJfS{^n^KOdgH zH{P-D?nWXQk0W1dH2^cD%$A0$5%kQQ8FSDRI4$(5w>B~Yqo7PzCyF(bkw>_1T}CY4 zyqP&&@^aqXuRYr5kYZytcNPI(FFB*psFa2ss+Eq36m?`t#unAxETWj&bTiQ{C_by? z=u=dzZ{>%ktz@ZY415oC0ZuwK;S9JqM;Ov1v)@MGUTXsp6vp1J+9i=<)zA1YVNno9 zAf-7OZ~vVguqydsv73*4d0W3+uMJhm{oBcVba8<2F4LAWHfHnc#G7JOZ5*{O1=%Eh z)L)SW2m&~zKB?hni)LG-*2t{AK2;3~bk(jcE-I<@=gcaMiX-_LfU}`X);sGby1J}h zu`L5kZsh*9dSQ{xd9j3=pN+!Nz~WFQl9-grX7c%zl6`G&$?lbSZ!dudHe>58Nx*ZQ zkQJw;P@ov-wWV(`8L|X;q-Z^^bwRHug#H~FMSfB1W<4;7@2OD=f1*i(eh;j&xeaX* zEk{q#7l)G{SZsni(W}aon(y+UH|5?7X4MrCXyxh@H`=i^0tH2V=RmBF`Q%<9Nub(h zjiP?w=&{{u`C`elyU*>geS5qfdiJBSMRuC47`^tIqLt%jbq$H+w8*JuTqiJV<#T{w#?YupHp&7v)%Y`_!-{ONNU_crzDy5lPgOk_4V1qNF^Z^|hBc_QJ`VCM3}oFX z3S{N;BjXzdig1@k|DLjoZ{@eDc86c28b7;jpA{dUj)(Zu=!TeqsJ5oJAzreH3(e**p} zz=W*+^Gwb8LkBCT-Nvgf{nAZxjB@*Y47;h^jE?V#0v)=}tHI)e-f~PSG7(>Kpioq# zlj~8(^E`vbVeZF5f{L?Yx1Q&jTJ~Ef3t$XTS5p^N5rl*c!_cTruq0Wtoy~hm@Oy!9 z`YR-3C~wf}BZdo)2Y4OoYu>DpM0DxL$$Tnmcq2!*=24 z(s`NSLvC`LplS=d$FJYL%0F~zmXCw8z0Fx^k%pSxQg*k$ON}k9P%v@gNG|5_WF^;P ztFqaZZZHj)ds~wfA1)3|w;`9+{%pCLmBi}Kis* z@7&GuWwGy;u_w$u5#N1gH9Y7T!^qx|tDr6-DROd#ot%vny1hR{X3U!g_Fxa4k|a-!s|l5T1*8BoUnq`#m^aRJ#5O9T>2eIu_B&{N!;C2xrTr#OHD zs*yq!hq@)EL zpHG8B{xu6gi<}75Odg7*|FhucM7eP4T2;CJ2VBroGwT4RVGOO5cBPTq@CDtajK!yl z)rCRa$0Lkf=EtmeoBEUIv|nqy70~h>-y49v&f!N`O9{_1g<;s3ccyje?Sm9FYu-a= zqnJ|oUyVaE;9pHdNB7vA{cW)B!?^>*X>^krhs5?=4 zg%ri+BWv9!QOn4WU;qL)=qfRflHqM~=}1e4qqe2*xK3N39g5!7@JS@v5J=0x*;1S8!7TY+z`3d~ic(c%Q-; zkwgvitCP7ZnOO-b9>1JUeqlVk=!p9b z^;I^Lo4H!c?t&Y!u z3^n_Mr*5!9sl7it>LFcE`-@Vcz)K>X|*5H z-;EpIn#oLcbbol7eLUo6!iFUv4h4*MhJ$j6(wiD$Wb&M!;i*4kP+RiV2=`VEuPj{`So+n-GqTftM>=xz1-p5QwyZ>`L1U3Gq3S@=YY`O3RRB; zG76{XEhj}YFUslW@MI}mmqG(D(}k%J#`rM=lKjTVi0nhX1Cv-dLHN-ZL}oY3XP%lL z;f-GoMTrtMC?dRS@T|EmjSpJ`2L6n5w^*0g=k>;F-0t@i>Mge=S7T7)C5A-_puiaw z1O{UNI?))|Eg7E>77ir^nu@=w%7A>DFHp?3A4YbUOz;0NYd%?D_>Fp!&?MqF0K zV-BbkR`|D*?SeT`T5MU42X~nSfu)@)(ecl8T1?9?#=TwwCS!$vOTpbwB=qD#D3eX` zK5V(hHrpJXjn*HL0Al5fomp49%XxERtGW4v@vLS)hJdDA;xA{&%Bq@qsP>^uY@QF2WP1;UEDR|Flc}(# zx^C;_(w-(H&lYTP#b_>+ZRp<-LFuAMG(`okCl6nK$i}hhm&~I#P#(satjAUX&#i{g ztXiT#p4lQ(8o783s$M+orNTHXsSx%oQOI0mH0F+diQnTjhGoG(7F0k6LkV_4!@{Sd z)v{nfz0LB04I+}t>sxfI5kSawJAC((doy7EmDy~b8P})V(bM@wyAj?~r}25Ri{``a zGd8>OMsJvhVdDqi-Y)%z%g&2sTqIhxGSLU9r^K<6-D~K?pxew;@=(mx(9ul{pT}-` z>(V=(y_~6CYsTVe**R?gh zO8fgOn}s);N$SBQDj@;}1|VQYXCzy(DhUUN8aD0&-=OxKp@D(lE3c#XLxXEf`m1DA z`*%l!#IN0ghy&~MR0|803)_!&4Tld-{pio`~F*Py~MP+RZBk)F)wWgTxF`>0c&-?G$@x#VyPxX8X_ zFTHxEImIZvM7(yioiZ)Y+b72(i$Wr=0KN?Wj_+mF87URNa$7$x>PTDRgc(P*A?3+^ z!%qDrr5@>sT!&Yv0RgwcE8u4VnnX)82K5SeM&H+lx_2fftl}+`9aD`?gwjbo&zhCH^T;>>~9 z19pxx^WWMVhdm3tB_5(*TX|z$D;}#z-?5swrb|GI=hozgG<3Ht{K{%kNMf9Dj;xJv z`RXzosr>ymlK+z`f{K?%hn**uo4kn+OE5Jq+B0>hPBS%Fq72&#y*B%`Izn70{p2(5 zMnnzlc0H^^yw&>QS*>=#i1Ilda5?$;hTBL|e$!530kh0Htg!dm30^PYN)?_)&-j{W zC%Cyq3_$N94OVPwvAe13Dt$WdL54Nug@*b}NxCw?7{v2Rs^p8!-RQEW>AtJ;vHwSB z$4gl6dUXhiNQMZ=v2SpYwgMgF*NLm6Lb5K3ezOL48eQvDAs0Km{&1LwHm_)ZL?H?0~20!J#xeM_diIHCJb zW}VdAmzNgtH|@H?@^C^Eq|-4Hqf-t+n?igCRQ>oTbwLd0w~>7zN{rk6xT-($40{g| zD%=Kb?GH{#_)@tM!*{0XCMb=Oq3qBkWF=AKRCKCOC^z;nw2e+*5U{OG+dp?t3M;uK z@BQA1a=^xgpgG*T2`5ELxiIfD;pUd9_#?<}rdKQcYO3xH+KSg%qJF1oq0Pq^qLNaO z)?TaE486h0lKTC|3C?+nmZ`fKRX(E6`i{NF%K}B8JlTy*A-n%g9iG}l z=9^wom4}WFgKC*pFf>Aouws_unXk{&)pQP>WG+PE06yRM^}JJr`X6TVD?j!U=w;~9 zKykM-FExI(?$TC|2&8O5#|^2&4H(_<@EJ|SwF72zLfhT_g1i$UN+%kA~TwjuGdor28KGU{El`h zTfBxW0j-cyWR+F|IlEf%vTI-ea7Iyr-mbzz6qxTQ4%)dqxDWfcaJ-IXf~O;+%U+dB z0@E)rHpR?Lhhj`p!5tkR46h=k+M%cCCkL&|(fraqhkM&A9SJws&7bWecH$?d490t& zm)zx)Q=fkOhylmpC`ixe<3Wnzq1YS?A`OeLCnxs)G_j zmr5FAU80JM81TV|g+m5;Rx~}0Q7E{z3DX_nw8Y;K|6PXXt~d64KlI()Oy^|3Bi=hv zqF6kILgksJZ6y6_KbVU{Ts#?|ROooNilYsGwleW*^-vt+^3<9AOI5(PXS)h{$6&H^ zS=jg7hFrvXT-Yft3TX*0}pKWg!G%@1@I4sc<`H8r_;XMW2aw zZEM^052fB_C{bcoLKFVFAF&B(Wmir|`Jk5o>kSy|lb7kZ&$Y@Nf((V|y*KZ^_qwcW z3eC2Q&vh9RnzqJRrVsjpA#b$X@WaNN;vs!y@Hw~3XK;LY;urD+bSG3DX7|zV;Ok5xL>Jg?Bpm%p4A;!3L%m$wTk7JAe{M1Y#w+H|{zfPvS5N;P{3X%bSO*Ec1N9TS&o_(B z#V|)beorsAI`gnuJ>eHUV;KcyOZh2QYx>Q#+#5_T80g+MA)CmiGko$MqL--aKfIZt zn&EcAcsqjng45LxL~xj)+F3iMZHu0$k6UiCscN&;TB3>2GHEsT_KGB}df=33Ls`Jny=}Dvaf#<>1s|=-jhk~@$ zhT>=?X7?=DKM6xnc#AScEo})gi4&P^_jgpz>uuTZ8wKa((xmv^JLNZgsEcM zmhv%XtkomB>`}9KPHD=jLcOHUnYwf(8Y&XCEjHkmQkD1GVGmSCS~ZPD4n%F|9ZGIo z!pm*EccSIa9}VNL*(Qvf+}!cgV+Gm>!~(K~n6_D_34px7mJwJY>)Q%}h6iNGljk9T z;sDgm|HuzOn8;VdC6Gu?>YmqQFDOl>@q|Y_;z$n){2Wdq93=pAGcW1E6wWp}PY#JB z!7rR9QI?377GZa)v>j=QQA}D|Iy1oad?#Emdr??K7OkmOG?)ikGqMuTx49C@CqYS7 zZ+AKh?;Hz_u*9gtPs$+jje;7}!y2_Z*Ms5nm**@SBiMm$PjrttMS~!GPzO(bZpIC( zH7jFItYdt(g@K6hlohw<-Mz z3jsV5O?Qem343g+H6jYkyJgCnyYD|-ULBr*dcwDY(uR$q-cGM;rr3#!U0!%I@}~!$ zwcZU72#jMSG&D3A{7k4w__>3wT&9D6n|SSkg?@Ra``X}>!=UPq1j|N7Zf6cx%ru8< zlItI}L&NUX%bawfuLECd^9#sqoTq!5;Mx-IiMUT#-nQsBm)pGKb>sCm3E-uLRVj9P zd+w`VbN75$g04Acfzbi5HUm=J<`Q9gFbfvJuQ%l^zcWBFh-o+PP}cZep^}kx zVS&D8$zWA&-7p;V&#g||-6{=|`YUFBT94MJjIA)vNXMuN+ZqpQt&$WUijF4mm9gN% zs)>*b>$(}I%=Bo)TxZ2LpCp0%vAz!P6VeTMf}Tb>?XRtm&8oTX60jXew4Tmk(;3Pn z+Sd5}EFC4Sgn+@F+pACV?~sOM<0f|1{K9+*!M$;msgkYs&5!X zt@AGcceCDFW*oiM;R-u144C5x!d*-JYPE89EUd5)ALHA33eV4L_CX+>IK=RhKPRi?q_|H+z9JEGG7odj4*c&3VEdkIl{f zMXw_(N(|^uyEy0qolFcj|&JAUL4BJd7M1W3u2bVx2 zNv~R0bYU%Mw)_$`H!hDamK;QmG8UxJs@sGe91Q0l68OqA6jH;Q@$(>r*6h~0KV2K1 z&0ynsZH6OY_}#pz`|<)#&C7UD$=tt+^1Q59={zZaitM5gBJ**iD$$OLB8qo zX(4^5l#>E0v6s3$ZdzAvqdx1GGhu2|c)?mbX)rN|^d_w6X>kZyN+PSd zufArK^PQ6jerjOVO`wg(9UAQWn`eyya)Noi=$vX^7%x_2KE|igglVM32TmwEG=)g} z1}MA%8?n44Ka*bgrFVve+wd+F-^7@w*$ICB!;*c}L{Q+Lt>A40SwuuZxoCJe93Jcr z5tm1aye<-C;D-Y!U6CxairDU3SqIJ$BLgQdrR#!xDoy@*{j(TU(t| zNTy^UjjnfJKHy{0UzSEir@q_Jg6u4+^g7 zR1TI{gn*IX>y}g`9nKn%EXZSt%nBjduqB;xO!@*MBhyo z!OOD#@x28Ldr`gQLhG{cGSQ+pEU4v9Czz!s_d_=9D+8lGoGOXMnBaA?z?I7YH5>gU z12AwYrlnhk1sZk3t2mO0R(C$HI2$fiHC{?eaqHPM?oD3n3e|Qd>m%!leP*oQ!)qe; zre%~6HFPMG^qwJ<6H>5Kn(su=ozEr1*#W=7#kK-v#kyMy)Y%+=q*<9<`;q7HOtlo9 z0V@gv%R;>!OaLFNGHLD{;1OInM>f=xAct?D)!ZdM#xuS>-lS0s0W%6HO& zm3hNOJNBkp#$;`&d!D)vxGi_*79zaPdgW|b4{`77kKYWf*gV-Ivkw&{{1y&FBdr@t z8nmc$piP)Rs`F&?x_$oQcsyj?;J8pp2YTrl@7b#j&m&^<$s&4!Y>7z(s|=q-b{3kGq-}IRFA9KJOq8)6FbxPqhol5{mMJ)=uh_g2>md(5 z3FDy|eQ!{?`eo}v%3H-q?u8iV^*~JyFuNIfWnk?DfofW`f+<9nPJFdf+1^#nwGRcr zP|}VjIX;?K@!oPs!gpzvHasM-U&+MiyYg9BE;rlF9j@VUu^jUK4vh{?ire^c%{%s$ zaF4D{YbwILM_c_z`4a-3w3;V%siy1?EBjVb*#mS76*RVpusp04K#DX1cEV|?-Zs0e zbr*GJ^3h$YTxIw&>h6Ngw+s7DW-CB8ybrEV`>YiaGp;G5gE1EkJ*CiqWsx3!aJPPO#!L^^SWyYsjSgjVZlH!!{Hx#XRHtn*niH z0gy7H{%m~g6Q?VUK|c&BOhzFst@oK5fB`{Nu#h~2GilpZ;7`%clH!p}l+zpUqpA9B znBHei%W)O4Vyguox2;xem}~X!tyT7DbaQv|o&j-)IvLdceKX)FswFb~-Rgt`5Co^cbXg^4TZNP#ThtWoznYh`?h5F%1-r~K z+Y~huDOw`ac_StXB<&kni*FeZ#u>CbEn%8hKD4!)&RbAK@E7=Z{=!O;kpw<(BEq$V zzLF6ollRUC5&U!*;}1!kUHG^gzE(U#o>nh(yw+qSa;NCql&CN|+*Ks2Gh+CyS?=~Z zpeglM+Oqjmxt-eSdUAw&BMcmknnHqC)|b-}Uri$&6N%D=K-|I^OnGeiv*bKN>ktM} z+&pm<5BJ5N*a=3?T;wsuH^x7-k5r}tkun97sas$2eC1QtT+HAnC){{|VlQa6b zsJSl(SZjD`OxysOa<<7feJvyu_lLANcfP8 z73O6RG`$=mfseOunvj411khs`a**`Shf-=Vv$=ZJd2sJgf}KR&IqfH_JLp)F#<8}# zpk?G_RaC>Ev?qkJsd)OHXME^MJ>g%^-Dgyk(!f5nY z=SKPNuo18dMC+64t1XrYmON{b5pmhR84**wCTzv~w6<&vtvo9g1ne{J4MbPhhr1Q2 z%vFxq;9;&qnEJyWv8YTCZ!P-AyG`>?RkaGBpLa82ay&B0u<9sKsJR+n`*RBam({@n zrIez0Hmpo;FI;FertI^}kscp^y%5EPw8@tY`$;9Cju!2IX_y;fywZ z7+$=FzBkBPy;MHyj5;ZCw#M4-+HEDJd_zky73POylQ*C zmz|wmVe}PrTV>#qneB0XE}rZ;ZbQ<*e7;0|mANW}C@&UEqIdX%99~%^1aE$k3j{=J z9eVl*ZCB=cWHiT`#pO~B(d>c&=iZz6T;@e@xZH9f|lUT;-5<_sL|P$d0NW zITmm$fZ(YdfgM8S(kZ{v>`Y6kdst_>sq*-r7#fheUSD2W)+#{dZv z8k8{T+bTFe=|ebmHnnC_GqIYouuHC4^neD(qc>ZzCthW_fNHndlus#9Eev>`UroDY zC)}<%l96*TdFI@y)gCa{zS<8_Z_w4sSdY><-xiNm+hwynXu?8cCrk1ZA0| z?=5S7wq|^UKe%vylDTeBYlTPc@KrLn@ExC%*53JWx=TV04-D2}kqXTsAK&G2cBBml z3w*l!HO~CPf`cos$4(5<(e^|OeS_lxM2_zonNk)n@Z{@BJC{GT!aI-+^_6-H@Z8(s z(H^;nK9uAb-yh}sun%s}OH0f`3$h8ZP;n)?IYPbGjL6Gj221)6V?v!Sel2Rhw-Q6YK9h>fM>F(~92Bqs= zc%LWEbN=ra_Sjl#n#2F1P2| zBxzQQrJqTKOwaf|E}nhc6zViWyt?s8>BFGF&=X(8;&{a7h+BzRB-HfyF(})LSu67L zKBU*Of3UT)gO@b`CJ#=}!*FWJ-3kZK6Wj)Be4YhA>JO6i{v-D+#~-#F*7vJowjR-w zV_gk-+ipSx&6&0~0GI-w_k_)e?5hf(Z0}ED;c`==RV4hU(EqQK7Bm9b6ZE_pjI{Uf zV?EK}_)?5vF?P{jk+7i%?{qY))*t%jrATnv5rn0r5XITN2Ftm&bJE^nifZK=eqsnX zWE6^Oar#tMK~8?zBSseRX|4F`jQ*gJk$8If!G@I8eYkR;n->rH(l(Fb3V`oR7hk9| z<8gO)2cSx@79@NCa${UWVdyX)?QmI4#R=!if%}dJTxttr`nK)2(S~u^sMy0h zQ1}_SNN^?;z|M8j!c^w!-S^H8^}N z%?n0)QL@|Gg-BY;b=S{7D2JNsl_sh+2&F#{E0&!K?v!8-$ihhsrSmmz-mx)deU49; z7efx$mDt+eu5#XVFMTu-%PxQTa}rc8-{!YH8KtL&i(?Q&QiA&7<52W~*5)A5f>dKW z96m>BzrX`Z4uGt7i(r82d)n%tM@7`a5+1#ir`N@GbciVV(YL=bOZ<67>0-4ds%^_G z_SlFG;0Cm6Gkb4E=+G`Ia`lkzNte_;=Tsv_!E=t{Cj6qE*RTicQS1S4{(o!z{jeBy z9L4&E!roB=Y2l0%m%|JV@cw@i7CfU@OR8gLC~_Rp&g1nZEQ?bkQZFkWt^H%}e!VJX z{^$b7qGaH(*O&Nk<#7ys+mHqY<8)%1#vNeJ+oiq#_*&^p8^aoF+|VzlP7##JPFDnD z1Fr&Z*IRCKw3q8Y$(7g^j;FIzg}dR|*fdwz0kZZx?pr7*I2&(O8DWL(BILXRxt+^ z;<;(JN0tHueb8n%0}^ktFvi_2l|(e&xEG7IV$k}+tnb-M$9SvvIsdt1vR3F}h-yQ< z3|XW7eIHTzg1?*FI_f)n<9X4>`QvvCbW+VtUj}&69I>3uw0BV&e@L7^A3Gs%<(LM} zcy$W$^6yv>gqenSSe~zcwf72|jLU7iLMu}BDk71R1!9t$?*M!`#$lxG`kCpa`X#_rHXS)_t;gA}#!pC<;!mDmo@b!h`U6ekxzEU5g z>U?7*m4K6!^A-hvdWOvUh4Js8wkA1%G!5VuDtiR+q316xl?3id19PSr`h?f`t_ME3 zRM`N2;!d1KOhs_8M^JrGXiRAYW7f1hLZ(B`ec-{?$7`?oi`op z7Eum>B;2>{Go-o!J^1)&PWSkRg<|>JWvdRV z5Dca+^uAs*4ifvV2ozIHSGl=w^Fd;yunp)>BAW?#@n2Cb`$~SxjtQSb8a_Q5_vrv zJLj9J*zyX50>$`@&!%cy?zz`C+LQ=YCVGNwXUk^Ixqjq9h?>{WpBTDiPtRW57(+vn zI0+l|4gA{@=`PrbfP#UYTGGRHK;aL;CFOINxwim=4U8pvE_VOq`zRZDyAx36i9U$?~;V2zrQt)`47{O#x!L)uIG1S+c`255xoc>|5|k_@Ub%Jm+#8^ysc0ur+tAd zHX^@qRMFnaq3Z#ju9T2;0?0#%d2dzjyFSXxsa#aITl$`LK3Zk4cFU*xKfnCe%;D}1 zXG^xPPnH{9uV^C)_}-m<=u6~_YN^y(SSfb$_6oZ&2d{fp*3{@ZsG(KX{PuQ$*X*cHh44Y^PAn~pmkO(jh8F4} zE~=(uK@ls`(CFK*aLe1^{fUQU4(km$i&BFvOK&So^BC{*j%jDy)66e4GA~oT2nQ>@ z{xCXpZ*-)p?}h4%U{DtJad|d3qkC%IMSCWX)*d%De5m96<|C$$ajv0CZ-37@Da|@*vMU5s z|AQ8Eib4iL<@LhJv9IDPi7VCHyR9CH|2hPjn314nrZ6_5Sn}B8?_bl;q9uRd>lc#* zG(A6CE?_0|B2&zlQhna&u5njhnMpR*6UD$7htijSxdS+&re%yI79+BZulg;QZp5f9 zb;$!jYU%mPxgPiLUAg*fd3QC+2GD*jd1Kp^N?suaIW;w`bOK!$>o_m@H3mL@*l;4_ zc6R^*r`>&AQbmX%FE3m>mug8wmZR0rmM&C{d#$&Ho%}#!j8MO;ck~&$?x9m4vuJg9cS3p#P%Jzf}9&TZCB%39pv z+GE5qdvRgpB)t`NYFm0B%>&KD)rZN=NREYwa+g)HIHHT1X%(gbMK@er^Wm#W64BqfnRny$4%`k$;Dayl2rSyjY?b z9ln4jUTl&OFQv%D`vE9{1hN2wiB5|C?p?TYG1kh#jb)MS6N^|r5&$<2eJtkR)ui+Z zKXxZ*D(Hcz$Gi@~DD>aOQ0jKVPC?X_;>{XWww{bh_xGfvhZ@krlOfoDSO_~eVI#1? zQ6qaDvxobimr>ehVavk66|#MH<58Figg6KadCE|hS{;$6tK3I3o5bKUEOZ^yQ-vv+b5Eq&qg zqP)DkajXxkON*DClw+6S^u!~*sgOYg&}Mb97nK3U3IVmTe^&liMU(}z!-)6yFOJOL#I<# zBb>e-`L_-Q#4BkZlIm#j9vBQ0lYPvx<~%$Wr}CXWmQsx@Yl_)lB@DH-Y&Pm14_7!_ z#y{f#>@?UrQ1D8w#>RNxnbhS;=e-8UpBaLjHY79>#bTs%^AuXNN)Y5drBH#4(!<9< znmX|RV@?F(t@R48e%XGr% zVoBno$VBf@usyhiQ1iypxG=n4o*GCbcOhq>5wNp7pYFRebl=|JoJBbt&5@FlLIj}@ z_myk6Sf8!&tu#9z0M3M|WM$Pytd$jBsFL%no0W+m};4%%2^Q_EPu`A|mBO9Y|AL_2t2O1>7V$*A^wz-!I-& zO*VSndKijlqVdSfOLqfmp%B0zVQ@UWojg6Ke0z5n)=!foy|FY~a(kUxaei}c!42cv zG9o5eqULZZBfHa=`E#r+HX8&!AEe6sIz~{ZxfVk%aei1*u|ycLNckciy(-#ExPt=vo`_M}U$W$d;oZe)&;dHi%@!@WpnlpR{Fl zZkE6!o_zRu&d>~5l+NP_8{B@sr#X`L9EmF6`H0K^eDJnZy=iIg0`B*?{_uVQE7eJO z(Y7%6-myL*LsXkR0Sk_6$E1(`PdIQc)p2?&z*JyUuQU;lUzdOS{Gr-=+M#Shqmt5i zAPy0$xXS3*WkY&#T`#gQAIT-u-JCBWAkTifH{=Ys8WH$bP!Cl89HLP~3@_LmJcbs; zQiFrGqTJZLFcjx!w|0T&ImgxEcjE;1x>+ybuHBS>Ru&1H5ejHE90WIyCCh&j;vM+L z3s)Y)Q}+&!-_5F&^0OO0*(-Fwy~w6Q1~dwJQ$N%MKAIeUkfIMkC8YYl2+9a7(R}b&Jwq4Lnk-#;T7m?rd*|OSVCrq6?JPV@l3uWtn7aJ%nQaUPw1F zf6hu89i3(~Zi(tsPY)R5d~DgOb9lMs@|`BM8-Jx2u{b}6ma*X&KawJ#nFsLPgPqir zXk$Q3mZ1jRfquXWX9VAw(o(vS3_kp@Wb34kePB^3Dgq9J=z6Bk zGLsXBY>w3OwR=b)W!(ECO1>j2OR7aCr-+nrZ)8oRYw5O*ZVn8kvP6CU4Zr|O;vqzQIIF)P7IE|xB zmbNQe%>t}gX@<9P8CA5al>iIqP6P?)KmoA8;-YjqEyUXaZ9=zcDsB->{KAq?IZOI~ z4jq^)m|o`!@et6fd=8Yadj2K%6u2rX9U#$Let3DZh&P%tM1GKB#~BQ@po$EUf8iwS z-^u4n>aLHFu(f`8lv`Q5Cn$fK3*(|M7ZDPo#i_kxdml;3_#DRll;{Us`EKpuXQRmc zvf|ah?O}D00)uDsSU5NzKKZ1Dkg7d4!qRKhcDFKOGuarHtM{prYrzhQ3HOh!O$sUG z9>DLC(^ejERHctJ|;VeQJHhp)#bmBz4g(fLO?BIFF%M%JfF|cVw7vr7h zeU4?aT;T+SBIMV9+-qG=UuTpqC?fQpG@an{j(%UpMA_``kTl76x1JJ2lrPbK+Z=Ju zdyB@Vrd`(baE4WU-?Y&-aa8czmhqD@K9l$jO(RT8YHY_1%Fsfv5msr;ZSbFsynAMQvs)|!z+KLsG7}B zw*_CTj4QWbh$imYtEL+{pTE9^)+FE9IQVX+RB-nyb~b{_J0?x54*YQjA6ExcEdReX zY=Zy7Yrz>=%3!+1Y!N^{&_+4J#$p=y&(#eD>F%M|_B9;A6u7&aDh?eK4X2{t%qr-_ zAWis4QABqoeA%<~W}V;pdhBanx9sQKF)W21ez6=2-Cy zr+zxA+&(+e&$VqL5U9`|)mk|XahW5+{L`IUW1RP@i3DT*W)2zjiW z;0{$1vn@O%*h)!r&nn`bzY&zoV!Mrx28+p5{~E3dL;9kgmxUUI@}y@O95Ct~s2Kw# z+)^x%dd{yxdvx#BWP4W~T&)Q-e`D>1E8*4UT%j0w!Czo8-8YP;3+TU@#J;bhgWQQT z{jwh>{tDjcL4r&cy$q@uSLk+8{~hiDCck1zh~%|Ik^r=hm*PKAAaqvVRWA3z$L5E@d_-c}|)l(U9r{w1wTT$>5 zA6i`CN0&J^wO;SBXAZ*e>Qi!fvhjO@2?I7aB}6IM`^r zTU}{?SAqZO{cI2g&X#n)EtQO{HIjLRtNar@I5&uLnC{`&-z=D~1@`gD?e20niQNnv zh=8Q1<i6a$tFAF$EIgDnJ07V=ixJd@t+Ok<`2|{R9Z%I1LO)`2j2imZpan2 zeo|-E5j>*HH{7uduGbBRxps-=w|2wd2>4u~uJGBIv35EMQs}hLL2=1~<082XW5n+W+vikkSj21-355pgdpAWO!6uRZt2EveQ7e<V^1fV5#fU|5nD<~Kdb7N=A|MdT=3nV_m zfE)!77xd-m`lo@A1atl>3%rwIaqmgj%NF8=2io0C(Ht=k8wi@ zc^M6gZ8D`~R3UI^9U@C@ZwF+%NUCt`m(LE9>f463wuAf_QWMrfh_ zW4UWyOC6uP3E9K_lt6xQ|87Nq7w0nv2kFOW^x+4z;-1)Gt}85LqJ;_(W-babDvPp^ z8e{n*8TvmV(BE+KZ1*<@L~641x6U?y1{tiix^OxkCy|h8*PG*sN4)P9b-3fS-GK#G zUiwAgbCB`zX&Y;$^gIo~uITm>YWb9ClQHMThV4aHTCKP9709Ln`JnsTJqe4><_o%w z@9})!jhlCs2}qFeTu`1K;|AS}e5$6H`&Cem%-bf4?Y3+_X~UE^bz}4O#j};it)4_` zHz%u#F>3mwMe64WrD7KOC)d%?7HV(n3Pnf7Lj*qUi!s&=?ysxq6h-*T*P7PZ$8FcC zYQT<32bO29#Ik9L&u}j(^!;y%DjNESnVPHiBL9@H_8-O`fM@ja zZp+9~*7LvgO9RQikyZJ7XHlYmebx;y#irt%#bl@;K0<<1I2mbdt^4*^%R%gu_s5;u zZaN9~!h=$r&NW$tL2E}?8PGA4I9M~zzA?RB$~`iOJO?I8j*4CHYa~KxmGznKWUf2O zQ4lG;Qhv+$ki=5%W374o26BmErcL8_N$?1aQ=nR<2a#RGZg&pvUTr_eDOpKK>Q8V; z>Y$okeCK#<)0K-9)PB35Rb7}aDn`yb*TtXf(vTkeu1F}S&rSk5KB*`>jh?z=T1qF- z*^HT~G+l)kzq_lKoE&9^<)&m;R@iXs?&rZoW7 zq6xQaV2VfcU_%4YhL%p8cKN}?L`Qp1OemPIHe=Ci*7szK1Th)(A*ONJ6%4dDJ=DcI zy)~rJ!WkZMp@Cu)Knnmc)i4*{%grF-t%h~apFj`H^gQcjBan?hwGnpjH^03{>=%vZ z0k7CEAQDkdd@z$Mst1X}>H)3R{PTrK*cMc+u(2?i8-TF%J+hrzB_WYUtwv%< zFh@&5>vNpTYA6!YLA>Xwco?YZ?NKAuDpO-kSl7+5mLvV3K8mto)e(pi1AGa?z!Fd^ zl|DYrwZzGo*gFIsF4}J8?HB$c z)Wqq|1ru}pUL{3AAuc76s26xBS~B7b#*0<2Dxu1 zn+IPnVe=2*=R#XuvO2Ym{gsN5Ldj|8VOyzoJVgWSiTjdG=gkp6u&Bkl>M#vzqRONwHzCGrB^#ud#KtwvsjM8eA^xPVr+smDpwfsu z|K6J`8;M)bb`{*OUA3t|dD=_MR9b?7kq=2D<8NkaeOWx7VE2NL2D1i%BOQ1~5aj1k zzZokp;1?7G(|#w_CTb1><$$%-mD_5d{j(y?zx?tY_DwM$V*$f|-tWLj-SVBOw^-JH zxIQ_*xIpVETK9Y?+lbTX@boyh*dI$5z5|M;0pM3d-92Zk&m6;8e(erX0(=GXPi%VXN=1-VM zig`>vA7i8t3GWdbsjn_~rO$6r1hus2x_|yuXs~SS#xkc13IqL)cTpIu=}B&RS7*e~ zimbmBCkb=?)z7c=vDbXXVK(OKCv<){u&+d{^8>%hS*csXMcY49P(JP6Qa3g{5?ouBk$$X^Ki&e6t0OhVOhAo8cYspI*IBz*pk+=Ebm zWPN3l!|FV|m;xaFqda#C!yX_=T|pNH7GxKG4#-$6&ZhmxH%$UbiO%#vD*pY2h`S9k zdf*b9qjMlsQQ&2`MbuEd0K{qBp~{&_*Ap8cCEAd4g!ThOQh=E^|Enr^JF`^2E4D2C z!riH?h@Ja$$fyKsGC6oDUb$x9GJgd^c_E1reH|f_ej&pQOd%ut^X4%~7qF*vE)CZSS+z z=C(a9@Pa8?^osld-$;Q0unUHGBZMkL@a6d_pc)8z`hCu?myW0?X`fHoD*;6k7&G*-5W7?|zP-GPY-H?2&AA0_;P zRA|`?k6hK~xOx15Ta8i9!faPC%9Ve4WGdRjho(~CLHHfV7^jAw+xGGsLqZ8K?SA4@|BikNnP?U#q`L!(ta^wP8|PnP8+Fc;VL<*dTKU?S^32}hIvRt$+(Fn%Lr{_(#QLr*taYo+OE zQoIKKCEwnY;Vbk8ON@Nd!8fCh2?5+*1ZAzDiQruH^0Yo^PQ#fa_R1K^|sT#X=lLvv&?E?QW zf=R>p#k&d_Dd^wuyQzkY+H@7VnO$80;iUzpH(f6RPupc(#xqke14hj?Rm7n(t8 zmrSI+wNb--ARQM#0yT5xk|lPVm=u-9mwL)fzKq0!HbYKV-M+4`c_opk(ARPUaFuxb zdCtHxHu(xgJdBH~@7Nyzp#7C6`#B9^7=uWi`YZ~^ZOo|VrsapkLaXCqny&O|m#wt2 z0ZN#?;aEKk!~3&@!#=IkM(X&WpsK-RkI^sAu)Vf4xB|BAhD}=KSnFIVcY3hf62cVp zA>Mux!JI3ANonKc7i&*#zBtf%Ga{yYJ#TKBC!tyO34gv9fm*m>zZQr|#D;rz3HQB1 z-$1cF2-+fQpJS9Z`TJC=d=Si;DRx%i`U8ryRL*SY#ujis)#!-s8 z{RZa599=Qj;|5Fl)uYVCMWR?Bmfwn_(-^>v*g1;N;r|U|Yr9M%&h>fa3!yszoH$Gw zeFo-~@X{UF`VqIr37Mn0vMQrtZ0o86p0ieRSdgEepUv&L9%+Ski=!{eRnvaP&x(%c zp%vf!uS+IS&Yv%oVQ};wg5VCmRm^b`E@z9+N1?VGlukSYS;$a&hucvC40(5%RR;a~ zrz=eh?H)WVQ%b<$pX6y2$`QVTWk9Kai_;^Q#;Hi3;J7Uvl{z0E6Q?14KphQw%{n0-!4d60pSpG4QTjLFYh!JFiaTwQd9^ ze-RF+up*fP8w7x6EQUh-_J;&qRY12x-^@fm*xTmLPQSSNB4yi+)4FLGEReke@&~5 z5)k4Ph}kOAZj5OiZ!yr}Yle7VLs+k*qD#?1a{ zDfUU8QF0>v%XcSsPyj34)lJA&yKA1e(wfIJ5Xz1l^8r!bN^JM1a#!!J z9)+@_5b?rNQBjGCi|bG3i1{AaPZ!9-!oi^tfB?zrBrxliYBtDmQmWFSx>VP(%4v=F zc1d$>R6vX`wV`1yVNRl{`Gdl67{!GYO%)WPN%&V=oGM6y2|45*UdC3{o2ajVM-g2V z4BgCZrhM|o90moa=98JNfsf42@T$J9+tAzXcInPtH;uxTocFsqGinbg-hO`M)ipH% z`VE$Aq8b|Sd3kw5i@#mn!)wCmg%TiJs}s4v*M7UAM|R-`ZZB#{ce?0iw; zoc9g;MQ5nD2!YB4r&QeLEz~^=&K|oPD$u72g*x{P|Z zNrS$ts-0|KooYhI{wqhmF7z~v7>iKHn!IqnA*n&YUhx)3~m?n zCm2M`Y0N4jNGZT!o)P<*6#&u&KV(^-dCvR!}l)U zr^aXWAoF;&f1Iae3UW}0A)tJ5Sh+B#Xr`xvzjDl0+is!J6hRWwh)k<`sJe|fc-pv+KzYuIv6b|<=lev8RV`~q2 zC0hzLzuw|CCWnrVcsvbM#!_lm4-i}_=87YkuQZ~ue7W##e_{4nOT+R0nP^v;64Ke~+U|3} zj^W?#c(z7gYhhKvl#dZ6n`(>!IUnQ40_DdUeWe*+IhT8psw_=w31*!+Slx7k z*pj&V(EGYt45y7DH!Pqq!6E&si!ye)K)7 zcu{Ypc39Tc6icf!oA1idPH@xd2~o%s2E=si7!N$oUj;%yV(;g$HrEyZ_%Wk=Kbp^G zd%Z)lXwjIqsGiV+N}jIjdUBNiO|bptyS79c0n%d3Tdeomk_801-DeTaRsyY&^loweM zqVJ)G71H72rQm_o19O)PciyW%U(<7d7=^jd%NoMl08sEOnAWVR0K;rqF6mki|C2xB z=SckL1rJL6{qD=kUy_vkUoy#pLwVZqklK-+IFXgSBzyMpm8vYg0!hBLVNpn^mR~=d z%))Z5>86HTeJYISY>kW{*wiiCnU@GbS`>tMjxKI!xhOR(Uoz@vH5enKRrGkOf>4HS z@sLg{u!9Ct5=kX@{r1aO*`H)yGA=+?4J-&C_H9@iJp%1yGnZIYyj$a$%~dV2>jYez z%i@p7Za3xWfPxTfIsyAjjcfc^^tk`z%{xMpIO-Vhp0&?(HIAdE%yMW)WLe5so>tV) zn`TET0;8{l&e4ag4%>X18n&m{Mw+(&m);u>_P`77$HzL3lTcGtaD!@UT!o_4-w6^> zd;{5@ZVYEVW3XX|p^sG=fS=UvaCDMZca1H+$@CkqGJ>KJgQu_-t(~9K+cJeQ0uL8# z^+0xp{Bxuac7OE3EY5dJnhd^{y>Xk24-cyyA?(go8Tclya&&bN>l_~woqD0+=c_FRl5MV3cuYt zn2@t?qlw7kw%y)uO|{wnbT6{E@x~=%Y4T(Q4?X{KUdD0D;Ua(g{eo0@D(jE*#Hc46 zTmP~m$Gaa}?r-4{>Keleb4QRr|LW^-x_5ccSWRatQ~x7#h$t>tj&{^R_rWXC^@fs{#Kx)ua~)@??a;e)Q2w905nB0AvZ1gGs1P2pBuWLA z_l4h;T>n!Vit59HS~;)DGWx0n_P{g&4O>GN(f++Bpdf+&6md(cqc56_-u%gVA^J^x z`P+AjDj_nbKZYun-z%ER*>d8m@wdK5_7VN2(_dr?EefszZj$A@{oyI`9-6;8l}J-k zdGY!?t2MjLqX-zO+Tz@{$s0hb@hw$C#q2=tmN1=^%Y|d+bLx+xi-9T&Uuvq%gV?2^XdMtZ4%{BwUv5aD@GMh64;Obiu9BUIMp$Ixn)DGhreB3!R z(b1^cTFT0CaxR*mtuG!ugnHC3!z)CK&PBsa59Z47k(q25QM8nELEx_?!@+&|Me9M; zTNSXph78Z&Z1Az)v;HP-FKw-o9yV)kzv{G~OfNvvT&!4%g%G2G_97x(jlsUF@IKJ{ zaiOm#{cVWYKR7B1qj2L`>G~*gAqfqQLAVS*uRVZotA>-3j=qh0HrP^%&Nh_`x1)&; z++&-dOu{T%;wdZnv17i*En+N(+TrEd1N)=YY}#_wwoccgH9gN?Ee12xikUr@7#N2k zO`<KH$s%R?4?`|Pf^t}ieY1C0)-C7faIobb_R^kYGF9(KK86<;=*TI9+ z6^Z+=t`h-5Nep~_t)Z9v+=*BR)-7N&5fPr9nklT_l^_9zZwgDB!De__aX?*Im0@ny+JJ3M?Gee*j07s8;R0evpm%*2SCoXkGZ z9Jx^W^n1&VGt`gRSU{i|=I;-cjpF8Z@=&E!j?I_JX(P;dD7V_5o^KS&F z%fA|~oq-r(B+pgq+xC?LS$x13xw$u*`mb3|L2mopc+>&Mghjbd|V79<$JrZ*Ps;tg5X;=gPCeOHVgpXvsa_(w3Fmbq(Q zz&R51#=6n0$={Xf=TzVxWGD$n4J%kPsCt@;;`U9Zw5&Bq#)b{|!K)tfJ#!Re8d^Wh5&#g z_HdG;)~xaEVh1ew|4K$g{cnMQN|N_;B1wMx)=cMu$|KGVq!4I@uo-ffTIwGGNj}wA zNxBa)m?yr)zl6x>o5Bms!PoEBep5Kk(UVbQWzwo9g@J&6=OBEj@WPJU#Eybjt1gsK z8Z*CunWLFT8vUaG;n^A7fbZId|CZ0r*)E&bfhPt!0e8PU{}P_#^y4D>NT)ZjyUlFR zK0EdJ*!(r5Ni8vc?)2#)Mt|MW5d^50ai)zz+*>KNigems9SjW(Nq|^~1vW(XQ~v%a zVw@p|Xk!-A%E3!SlG67`2l;73Kg%sHemx;wsVC428aCj zV*vby^5@rBfN&crm0vV$AAS_O{A`kfEEM|d0+jmPSxH@Ii1z(U+Km*KD4|6A)LcHm z$q3R*@liQ;Yd5vNM?{<63s?TQ5tkBes&f&_)jzm=X&sZLhCoHonB>PSyRqD}?)4vasJ-s~1B-CJhy169;sr0}Hzp`1?DvZo}ff%Kjtyj79Irhfx zywg)CPeaE;RkZ~`E>K$>&k=oq4p=6U;zv>ezZx@*Oxmx*UMTQnaD=pA*+hzP4WRAr z)*+X&Sj)**T-{|+#1*)4m;Nf(<2LrqfMdDwdt}fNO6`l?N7d2^wEWBM6JR%rDA;%` zP3XbWkLfB%RO?y(1om;bi;iG83`^%o%X&!Q@b`Qh>i&a-$uptgnb{kwrDLIP2Ah=K zzSRYmZFd)&4D19_#%S!zFH298)jKI{x}GZm@f?4!b~W+{5Ry92`#kClEKJ^caS0EK zf!=m7NT(+EVmzKl7O5 zxidl!TCE6JQP80b?ar?Pvf0&aB9v-sK1$HrPMnARNq zUv+7|MV$96@LQ@^@emrchx9M~^5kr*5u=trqE{xFp}*bVO6O&6();=D@p70^KSe^L z&XgjLQLE8gkddZwfZ^)pSR2L}a~7L_QRj!O)t@yqXi>qc9BNvU>ot#@%VYVA!J0(l z3iXV(tnoq;-yBeWkd81MDoO31wc$Xg@$`|^!EdqV$*aed`|j(8VyEfW`nX3AAapQ2I2hI%R7#dXgvyB{z<6p#t2P}b-8{$_^mTAnV?|5n+P zq|J7rpLDl_u_C`*0}~n+M#{qS!^$a6U{MSmyB7xMf+2T_36FGx9x~v;)5idM%4ujB zH(Q}124s4?;awOmHCMgK6-38|7JOhEDEW93&{1_1;5xDKJrcD>)2f3IbnWI8iBeS# zYW5WEOxaN|S#NbAj{!XeJ81fsmym-@H39b$I;6k17n(IT++{)CM9byxf<)yYR1zpy z2x0I4`B;L6bS+Fo<4iY_-jmUApscG`PK-o@^nXJt28+C$)GXYO#8(}VCapgc2psBi_O zGVO*&l%qig_YVZ}$XS!pQbkwnMp>-VP&1FM?srV~rz>A>^*B$yI~$ivg-#o6zaaf! z9;UV7)-)M1=h-%C`kmT#@)Ze@h%P40x_H>2KQhE|0*}QIc73hMj!LQF9qx)Y%9TUB zd!`0$6|Z{qqYxS6R#NXk{X^7z_uQZNnXur6GQY(ug)#oz^3`VMQVL!hFNri3RaL3p z=iFYTb{*RTM$!!k$QZu9u&HF|XTFAzz@-6jX{mpBxJZtJwEM zm4^Ty&>AeL;*00w>L|Z$?vsW#&}6Yh`FenYNKnCX#qUBf{r=}9|8=gy?;!S5v$);; zmVLQ8FsW=>u{(1_{vKzMcPHFFu@1IUiA9DrEeGB}(3PG&OSB$J^Huf}&!)dNNMYuH z9(C5vcip!3OJ3FerTvzt*+5ulQHt}v7~1)1t$MJb%Qu$YNsYe#+dbk7_e>vfJ}r`p z@>!<7Ut513P5XR%@(7knyb6fhuQiLJ!GNwo z_V(b5z7!l-DrZXj%OjI+FaT%9h$@CcyO^1VXvS2h}h;Oi*;*hU`w|qZ+KhLV88}qgGy0f`zTwL`0Dw@b4fY(z#TRpH7$i zYM_GO?)cL|=Ec3QCMKkigGGfzf^Brp8^=8L2$BduZKo1K`}bGx?>B202;+PuV+!Sc zT*pEl8hW&tG}0W4zi+6rSSJ>qOo_$QMQn#8SZ^W@RU%JWMZi|YkC3lYtS9W)lZZU? zOHX}D&bML3G>894JpG<53El+D-y{zL>dP18%e5>aKT*w1w8NMm3SCNOusBt(B`u(8km*`A>HO+Zeu^r$9;eitbVp>G=8g0C` z%`9!a34}XEpvYP>hs`#;S=By>qx@97AQA4I-TyUKDkL-mEfoN~Ufi6JV`rdQ-&_YU ze4R!P=ihe;^`9H^Umv%@-oL}@x!s1XsM7+J6UJRCU!5`5i>wZg*hhodxmj^@U5l0|l)Fksmf^0DXnXr339&AMknkzp!xpLC z+0#Pb!|2@s1ko0h^6r@($EOo_S66NVz3Kf7TMb=7b~Uyyt11x$OK#yah-u==C{*ce zh}MGdGIA3cHJ6}{uERyXP>|_NuDpHM;JNW(|wLwE2lUMK_0Z$B|+ zu-s;D zN?O__0^mMy>hrem;=)nS2_ZD2erItS(4hFgee({<5z+aak6Y}!G}Q5R!Ocqcx#oOA zlHxLOx~N*PGdvwKM!&!pq7@!%%+T}35{v(S;J`O;DOl&?xI=gHd{Wh7sZ6K<($|YQ z3lB3sRBXyII89&866XL53K4t_z>^Kp%N`T-+t z<7QHh+i%co-SgnwjxL%7VE)Zzvl9P`KqZ}%TY-_`VZYH-La7AY4y8i5R=i^`x(8w| z#rXb)s|4rv0)aB}$}?v^s+w(=vw~DBG_33YkFB>1ifiq*ws8m=EI0%U?!jHtI5dsB z6Wrb1o#3wBxVr}kBmsiE1PJa90lrT5e(OBvJl`*h>Qz)xeXo0td5tNj%XGhQPRs~o zLkNfNX}_I!quuo6^M6Lj7bQd{hbq9#@wohmz473{z^I4`Q`oh}x?Ee)@0s1sb6XJ`wr#_)EhBTxGn zEta8yl@uFEw;X>QFK%_wW28GjFZjhAm$efkI)hV`h_V0)Ztn9Y)wj9ocx{Q#O3o5* zU^~0_Hz+*v!oqAL7@VN@s+9*y+eXPne|3-hdzb`7KgFa2-2e45|NW-lQWlsxEGB{| zUGfeVa&aEMW3wFW1Y^KhXE6a_{(Zh8IBfS0l)~DBdEm&%>P<5x1OBMwt#Z8+zK}V^ZaJurSN^N$_;q z?WS0mj9R+w<*9KPN$HXl+^-*TZO6qUWXW@ zkZ9{^Wj(T2DS6;8K-UjJBXwwCIm&{59gs{}Svc+&y>bZ%`OWsfD)@iid@+=_f!jzsG4E;0 zexfmJ)~4m07DKh8%%491L%AV}kjS@ftD|^W0;=Y5OsD`ri90T8{BiZNdz6&PgEDrH zC@Cm0rMembPS3Fjvb2v(o_>8ul5w$bPw@E%+nY3Tr6jVvPKGR8;N@cKH#T2G=7Uj8 zrP<$eD>!#>s8S;tPKXyq-76j3q2- zqzN>rjaXXJ;qyF$+1}n3laL6`(*M|~C07b^sd^{@`L&e*P%%)Gp#i{dW*%B{Ckegi z*XL6dDSNh56pOdk>}NuU&LG7f62jFhHTt2HcjJ%8w^>wN+-?X0eHNYQShAkXED|ej z{c|$n#jIt7=}O~CJj&>QFV~_8pud8X1vg`aS|GfI+)Bem7`fN*e}yno;y-2)RwL#V z`C5jbz6?UYksS@aZ!(I50_at~`QgWE){0W%JlTApvleJu&cVfu5uFN|ZdQ_WE05J7{P}*^tUsdf zSDcMBu;pa;)jEYz+vqtNJs9Ok{#S|*$;LGDPd#_ES_f~sL;YkRMhAPFXDT9UW&@Mb zXzX-mx@Ps9a=M-X7=sH~yZ=og0tkW5MJmxi6L6_Q2~#_ILqH&|u8yCf zfK%wT(H9h)x)cNEg-FYBO99LlpzYcH(5iyF2Ag?S!uJ4RA}Ut;j6c*0*z5~}7y1xV zo&6<^^!7DCnE6R*W0we*1P$^2zHV5Y067Qh9Kml0cL5ar;|!iBu|^>R1DQ*0HJOj6M#G@-(ZvETm%mOwtgqI zE~xFj(<4%ybvnX{#tU)|^T`(^_z4SL&nAua{CmqI+*sJ^EaDx&?xuA;^4kq*+IX=E zGJj}b0?KEsZX#z7-_hckxtYMVKAN6U336yqVqlof)ee#9*_!#2j$84fv=KM$dU_xD z@s=`~ogS(w{%4Z@Z{7eG4U-H^3zq|b&ulcJI8V%yjK29BiwZE|Y5?F9p-8OlCJSQ> z>%fDnjG~ILzM}Rl>nd9M^~8NPoMYno zG)^dU1AFJC7`DgV(-`pl%ZlE--G0dsVj|<5bW>jhk-PY(=_7t1njq$!1k0o7 z&Fl?nJy$Y*%y)lHa^ExKKL|(244SPj*zy<-BK!G)hReGVu#;y^p)DeNc!;5EPG4K#ZgchE%y3QUyj5a-~2pU z>eh7~O7?6xTXiGPz zGEF+tL7w$XS-9mC0Ty>S*Hu2p64B>+=#ipJ+;g({4cMyKlvm6B$>c!(02}v20sf{GODaZLM(|nzA_2MTD0wp0WGaM;0ZGLHbU_J34JIgT5K= zQ5bnWl&E=``UqUwUNlWl4y7eO-CxW|7MP7=XH+m!WOO$^@m{>m#OD6>O(8I?_TAtt z+s?rARkjZ)a6(Yqq{sgsyh(2iAm8aJgWl%&XYFb99@_Pv@Iw zh-yktex~Ns+z-$u{QBb3!}n|h+`8s;Y9U8I8q4|e8tik=Bv%)+TVg!Ki@Ad4_JpI@ zEe``SOtyKxtUeP_m)=C|iKN_veqrYhi=}hr1xMCc4)m{|{w$f9ngYTuM`BZl=GRhj zNxmDlU+*Ea7|$7nA|(HNTA|0I#y~d59T((0O?TeJlH^W-)Hx|2qu^aY%x8K~sFWLk zFA=Chqw+(DAB=%$8$bFq^9T5v_wrwbO>e(1;nY7Hzu>g&&2hWYt(E%a<9Pnpgl6mMKHGh@GIZ} zv`skpQ))-Ri%5`}#7j(J$^LOQpAwX|V8G3pMW9{}V~|9q9$-X@Yn9j3fPoNSQQXjd zpxoaO{a(CaO?xvUO=au3E_aocyFbqTe+1m07!LhSOi)tnGzbWhunI2T05#`QO0NEs zyd7in!79G;7qB}_fRe#2IltNTJfurdQqL7r>LH`()@QYob05uAIdFvtB%BiVIIFQL zF;9C$9aGi(WKEu$P`i|4aChi5rjQ_e4gYHyS#_At`b5Ok7<7l)BURgh0+W!BDPGs3 zJj05cF~Z(ruM(^euK%10?(fHdp(CyLE6*0>`K&zD<(R`0UxJ6&X!`>!KM#g?&pKL* zMwwlrG6_25N`AzDjF|rF-&}$|E)u1BM1_t4dhdn?FjZ_q<1rixD<4E~&tZi(JKaRof5w8FAI0ImWOaqt9~wD>+isd0y8M| zPpfeaU4=k`yM0F)t0L^r<0im)!)PrRhr9)FRc4<;Q_SX%uWJUm_3T=e8#>^}&$`qM z{DLb7H8(ms@=~fQtrz^u2ouI`J*$f?=k*0{lJ>T_Nw!1ee(;HD>&Qc9j%EgKF%HUh zt#20kC6AU+m4!VOBTNgMZL5v1@3NjkHvD_)Os525U)F6EYlDP%tRyuE<4wnE{$z#0 zz>(7gL72I^-=Z&S#46iLUWQ|zKUlXX2go0c_I&nG=Pf!UGP%u~t=xnr>G;e2+f`6o zvLr=+KHYD@Bqis~>%L4%$H2k;5XHnKedLO}I4<#u!UtB~n2?)flcwJRZ;)3D;XLWH z#__19o*ydNHf{t@@RqkjS>fC~UAE0iQV$SN{#XlQD%3`|(;u6!Tj9hp&}cvWlLY;J zzy5j6$S|N}6J*H^q9q?Metb`MteB01e(^U>puj+@ZVOj(1P@*d_{x*Mg&G!tfj0%2 zy`R`{OYK%C-t_d6g7{LaW3eS>>(*iy?$2fbO0n$h}Y?9v@RD;e8ps-h!Z*!;II7! zUwJ3vqJ!Y;X}6E*rj|b$b$`)AF;Wr97x3K%k(1cYOedX89~thzqHE_Ydw?IJno)H~ zv6tJ11iLuq>d%g>BmkT-pleF%3Qv(T$oaA?&T+VnYp6%X6)K1sr&>N^;rH;y|Cl4g zQEtyp0oMB;71$Ion_}bbkOfsU^=_e^oUXKU30+M}Iv#+_ojDnCfV}MZbROuU$Wawz za{xVaW_6l(Uq7p7ev4ji!!vxM1HG}lm;}f`C8@pQJKXh?h6c(vGzi>BEUi9%{AcR(?BnCmhl|lgK;gxFddpyTXl)(+ih%{Qh)>QSXyp93iFq z<9zu$ylcRQ&1j-jD8g~PMLGwqvI7A8!;dxS+qHvZ8_y{p%If&>YE6M)o2Bq+!W`i% z;@ripo*^l~{8c%Yd&Q5RV#L09A?utyGQpM$uaxd)>bi3f#vqjUY7sQhai}K z$%@5}_1-zj%lO{xVVVxM$0yb`N&z|n)V-g)uc85brLC~!k5!Y|j{ddN{7Pu+&(wL9 zKBD8!dR@&^r*2}Fqq7G)S^ybk(?;bDv0nWM8{_4E zVzCBmdM!`i0Q#?rA*-FF2Q!69|g* z)0(miTxl(aG=9lSBoyb^-kG|Ev9H#QSI&W-$i9N)uYXunp|Q z1+U+htUCM})NaHJBgx;zM+Uj1ZD(_q)$CMXpB6=+g=fR2$*6wEQm_xx?9-zc@3tgsDRY!?S!#Q=12cpdV-xUKsJ z#%V?Z;YYiX^m;zRKCigPvz#FFsi`SXT|%tm1kvY>L*v144k}6ESQ1{$SQ%=juOMHK z04)4=!Hv6z`NA41WC-fCvF$~3Y~oVd{6~j?6B8*X5c^G-Snnl3nC{co{^^eqi$3^( z-h{!>yVhM76L)MiwQq~>dT`42{0FdTk&&qt?ksuoG5t6nF+NCW+k`__*BgT{E4mi4 z3QbHtH1V-L+C_OlCnsrV!>KJ{GhCnj&^uR;+!xfo%j0uW@FHLd#_&(7?o2mRZuhUN z_3=nHXl9x%bu3V>TZ$BsIlqr3u|_9kz(0>9afaV6^&c!8{r)}Z&U3$uf>~?R%V|HE zR){R*$G7pM{zrZ!cng3`uE^+|En`KNfLm1>R-#o)A_;O?o_!EqjXh+KY;@-Q0|zG` zYlArlkP$*qEXTAKfuCO47nv4P*%nXcEttykgq#q`MZMw1s%=HBV(EcSp5`M_0wQ{) z15GW(=-;ZGS|5;%Y{}Giij{zB3yY)w%B=s?RFiK|_HqH><{JA?#5ig_czybSj<0A6>sfqr+N&xc5$s8V032vt^5%tevlav>^@zC^* z2fRxm^5GVqrnlgVr%^8!NiSq?73~!I_90Lw7Jd55{`7 z#Xt4_JdNhn7{-&tvY3~wrNPkiAHs*`SnkKfgn}*N60_NT;s(gF;GM-gmh^9U)0*y* z_Hk+n@>3f)c?C?EV&FbtbP*UHr zbmpcCVFq2V>F*616iDSbFtp+eB_8wp@VAkS=({MiXv7Fd(H~E6!dI~qyAmrHvSVti zd@E+Jzbe39cl(&=e_}G*<^UZe9q;HCw?DReTo|vsre1N8MW7k6+VtY#Zk$pXJzFFx zHX7;I(Mr?7n9nucK`oolCmAnq@ViaNF(8dP-NgETvjBRBV+`eRICxJ|A~UGVC?YB+ zng&E`Vnf{=XfL;F8`JBlABl{~s2QJnMmeNyxYZ_o?nJ}>n6nFYty$e>_EnQ1AwK?E zsz@Ul5J;=W^wnxkYoShcD=!zi_thS(&u!Ux19Sj6vM+zdG~&r^=`4*fbDghrbcJ!` z9<#3lS=^fVTa@VosB2GEOiM@SG6W3i?~Cl73Pvs4D;`i57l(yzm=pK+7nzwuq6o74 z9ErUqfrE3M7ruPfl3!ZyT z`CG-^(fa4nfSgvB^n>t7P&!~K%5p3=qTv7rna9&4rd6Z=82121y;(4N^Zs<%e8<2| z(;*Eh#Av6wGI8#uM$;*{ehT6yD5bNO4E&mT;QgU7Pu6?Gv>abQp-G^ITacKX<(jwX z>;BKPu{5UO_|y*jRpKPWIItZO=Y|-M2Qq%7+0))e_bW`DPA^|R^b`BUoBDf4jfe1Q(X+*AY2?(xBjmN{nyBoG4iJo%ox-)dB)ka))p_@&%54lUF|UkYMR z1hDiU)MkTl6eq(fySU*NSUcx*!s#a+{of9dn9AD%7oc3Vi&G;F-GR_f=p494FMjUd zyYJxb1`ryWB{F)+=kgsXUy6t69o#01=p*}T^fA?IzL4)CBBb)^9v*a`&;(n%0^qtm zQ!}w;X{W$?wU)`4J^t_W98LuE&_X))H@oj?1GiQ6;rhWZmLH)$1?fpcFL9ANxy<(An))WZ#s}m5eJ|!ulnh1+A-X z2sJsuHiqJIENpBMGc#n47o+7Bvr>IqRXWd=5IgHD3vy+Ls0hkd`(Tz+kFApFt&xPv zrFhb+y!xIbPu7$PRj^L`mmMMPe4nT6I@=q`*Nd0F^dfC2(9m6=oG+3WiZa?jfX+L3 z*%(t0rknrfv6*WSGet(WHblVV1Rd%@gs8{9p2@=)h3>E>>WV4byLluN$NUT{BQrEa zB6%@=rG0-!Lw%A{mI1eztyQQ(C)|jcXN+)K?6tNT=GWvVN+8GiNkW+VW_Nd2+}2i) z-nAR*ebr>KjShnHPYE3=xU=;uhNe2^t3b)N2MMdxJ(h3+5m-aMn@?6 z(b#&9AX?eSx~=ZjR=O0k%6HH1XR133;_upiqod{Y&q>>k-3!~61+PZf7)@ZeSjbz5 zPs1Vu@cMn=an;m!(Wsk#5=RyA<@H8C^-zq}gj_Hpnl25F3psny=(&6{RY{4Mg*^@N z<@h|H*_pLNVOs(+&-eemj&=5oOu^uhL=lYA29z7>_cQx@#zIm56diClxbtr|Vl&KI zqA>i+F8<>O0uHRD$wz%OGvwX$md~;n+jP=)P|r&2gA`Oa;%C}bXBd<_l!kgoaJzD< zU@72JRYP@tq)GHXn{R*s)C%HWYJVpED0lVCgpv~9Zj2Dkc1aWdkJXaE^tG_5h}@uy zmUyj=35oonEwHjEkN@-MR|V;f3>>GvOjvSSnfV&&jo?7kIp^vU`Q9=+wKS9GfGt1U9QHbK%%_>I?1P)TKly8PRG6v}iAkx#^eUf)f3Pg_Q zFXK384ogCl$V}BSpu+z2-6=#^tnj{wI5&)YV`XD z=hH|9G3iVdt{-jjVE8+ ziREKAo~S0jedly>@Hm}&GWBb|@h?iZUFj3}n#k_6T;{dxHQ^EI3Vfd8gX6RS{{eXc zy{(oe!=>TVGGEd|Ku^;|E+LQztSDqtAcvJ~r}~}L@8jx5BOHB$z2&-okKsPk*Gp#% z^Na*G?S$)UtV_`#Pp^r3lr6#dym2-Wmqba_x2=LsvoDT~3_K@;o*0MI-l<>(^ z81VZKQmP`@hgh(l1NMlR*b_rsx}GQD^f=rnn-hBv1=p6wGOD4#w%BFE>@`L-gBOx<3Zjf0|*?I30*}lQx$O zgj}ZL-d+4>T?|#}K~uG;{}dRYWnJw7NTxy~N3aOEYzD{_r+`R@Fh%(}!QY3_eGHo0 za=^(NoH)ay-Lw~UNcR(`rLnHwaO7DBZ#~?jru%oXWUZ|$EFSuUfu6rFB|PuvtQM~9 z>1qN)5kNEv&&RpHWz^Um)(qj*^1lYH6VE8u$IW)?;Q~1lzACl$g;3x-4jeMQFolPa zFi{SWA|-IS%`uH|*Sfndlf%H2v+_lyQ}XwgDNo{S{*F@`DD3O@AwVbd z1{QDGH7BK|Ax3a=3VRP|w@@V%Uv;Ogi@(d-pVs;X|k;<2ZH zV7+A6N~;6KsY3w>n6~jI6*7o-=V{EK8K#yDRNZvFX>b<1*jM18y`U{7#pGo_x9vskGr;Ld=3|b_W^;fY> zY!aDkejccfRSM_2 z+MsN&N8z4_eIfS1!S-SmJE~$2-H35vYeC^vz;T7MAS4fL;bR)p3K}rY$M;s7H76s5 z@qA)xKYQ9bXHDpAYz!a}E-q2T5rowy|yj@aQvSe2I?~zp=`_q%2m2>ht?JbLa!Mepq#qI zhkpnRgj(g)L_)#E?d2Mx$;?@?#$5rAL^!rEI=0a(|@VL`5R? zjYfAK`j5@{4_&Rwk%22k-ff#Xj$%dq>vYR)0+pPiN4M&1zs~s7hIRNTuQMHDj8@5I zz3}m)AU0%D^HXvWr#YH7%gu_NQ#$zh@$QO!e=yvXe$iNNJ1l&d>W3eK* zmeI3Ixo*mm33gF9JJTflI-2kM^KduAkj%5<;(t32f!;k(Np+Wd-egao?r~l5YBay* zO;?#DPGu{PaVSv@-{6=!wf>NUU4Dc9F0AsH>GMSz7j@U=P4=_(@K##|DQh;rd*IQ7 zpT64elUqyqD25a9#+;5{*Xh}e!Gl9R1j=-u{6?%de+HO`u+4krF7)LXaqa}J-LClw zW&n%zy2SeI9RxQ1q?BENOvqmrF^K}JS*xwDzr_RD9+q*;^;-pGME@tH_{aGfkrAtP zd(HOxRblGEPk#IEX%RXRn-QdBZ{u+MSNIQtf=J>%yby7_TsfDl`NL z=UC6LG-!)=#E_J@-)U??A8iUpAM>itsJcp0hQQXP#NAE3C*h1D*69RW zkV9tl!S$}z=9;|Sn6={%utiVTjT(n0|4>Lp-^2O3>Ah=;M^ElZdBkd0EpeW?)Kmb6 z`ph5W=grL&AHNKm?2outK4Tk(%#0zo1gY<{T5v~w|F{5#bL#Xl5(ZAfuJI`*_ZJtu zlX75yYoy{4YI`P8Vqyl&{k@k0iyOujw0}nRMZ(zhne7tqBhRxx1E%MZbu zqS5+I9sX3jlH#hk2?7BZ^bweVlK=x<*j@)nsIf4{>yNXJoUg|l-r~AC1`_%mG>L;_f4Xvz!j0lyd8b47wKso zhIO41agV((5@HJU$EHrKR?~U0!|AGQdc+khmt~PecYd!5I7c)i1i(Vh6fMB-*hIT1PQ|QiIf` zIr(w6a}Jlx$ytatu2!M?XNbwT5o%?%wtEs;ji(6m?|YI&b*l&)gR!ve;Rvo$BQ(DC zfaXusb67lrk3}R#_X7@|I)wtAl6A&Q8ux8kUIV$7#&&6J&GLVb6W5<|A z(FA87Z4yIXkE_jl^h5L4gntr}jbuaMgaHuVs3!l}07(=o1U{>kUNC3~gkfvy6D2FD z)?2Zu5jdN(y{H^n^Wvp7e(WIufXx;7XLSeDkAiq~2Vj)s;^L!!Dc0(CzOipR|0Pzw z>Ed(v^02r|SOXWjAM1M?)nP58kXB+VxgYis6pG6*OOpiL>CvbM7pqOt%o=)8RMR3f zpelJKO~R_vFdlWFlF%AuF*n6+y00_nU`_{ZqOG>1UwX|w`^Q8 z!|yv0-TNuxJ%ih{zaWUf@~lS-M+tZ}qr~dev%X8IKh%UB9C-Qauwlb-| zt!4Q)0(k<6{ZHRGoGZAIQGi9BwJG)Z$58{a31Qz!PFq6wV2*RWXxXzd+R#Ebg=Z^8 z-wa0dej4zi%Qm7Sne>pOpr&Y=2R?c#H;bUuVj;)28zchN)I9no3wxfBT0>#UF4^F2 zI?B{S+b)^E^=hlS{?$Y)ANua~8Ru-he|d=J=_Th4d<9JY0cZa^_({OQ(pb<}w;*aT zGGa0)7Mm5(V14jA41(X$;8gG8QX9b$hjK#p~2yP%69-=Y!3^$~9tf8Er&YF8u=v9%{@o|&>) zRZ@whIoiWo$<#MTuBA(R9w}IgZlDx=VwaR81YMRo-;`sPNY27Eww;-2TKZg(Rwl!Q zopE@~t)k1M_|=-d?HzaJY+05Q)gZ|(gj;solzZ7~qTZ}|hFsV?+Wz@!I$^+pZM;ko zb4bv%q`3CDG{9N(%$Kt(0k%xJp}#tI@_h!FE*TLCDx@8MOd5Vo=Wx#Vp2wqd49rp7 z$NXeAP`B)7-3)dOCe!j2LW>M)T#>tu(uphj#yjOjC@9G8ul^yd@Om zvfk9n%VnA|yqB==LjjMa$}bl1gTC}0=K5w_x$=C|QCX_$_>Dbx>SMVh>1KEKq%@yF zhOlSopI3QAbx#={xH|Os>Q5E37B7Q7^o&@IptNboUFUw1E17ZsU0PW4e~VR*v0-yl z2FR2O7jyVUu?EuJ|KSR+;hrT6;=$iMP5IoKM9CLAsZgv2_RKcETW%)^GyoxMS$zYK z&jo6kTVHx)GF}v@Y`t4?_1IUKF&WCeKsapDuxwpH#_}XhcST47e+MpVUNG*9( z1TtGAH-BqWx<9g-D6>-tWmV92erD#Yk3KgDYTov{$!e}}Hz!W?XdiAfkKFY&5t%@w zXIqT^?5Aqu2PuY2SFJo5E?BPi#>69d@DAPQ76sW3Q)_c9@h;&|Q#3qMNpbAX1zBWH z3V-4Umf6K4LO>ID47QilexA|J4q&HD*6LmgiHU{Hie&4?l|Cnp1U~|@+@439uwadk9K81&KV@(A4L~eZ8^2kbhX%+=UG=WLRHCAxR{np)q<^%O1_~cjQuBM3DlVc|vdaH+a$w3u zuIA2yx+{_I*M@Cs$Qep`A{2~ncYpngM56XFcnjsyLPLhW5JWv}VZ#n?;>4e=Rxakn zAL(qeC>6X@LaM?U=UGfbCnH2y1C_}mLq>~P9Qn#IdyE*tcZs)AY^cUJTj!3yUgPTd zm8JEvryXt*8!8k>AEp?-x!7569qPMNQz(iIzrKF*F&(;r?+N)GXXovOsfZih1l8`W`8cB>HIR&mMxE-|zBdB%Uu25wvC(x* zrHbvAtcZf3TDoZFWAO*cu@1My+}u^?($_*+^&Tl-mR>JP-W6`UDo^%nODeu500(8D zuq-S(c=ob-@6ETHbI*{BV?>0+@`a*0pAfH^CKyFm7C(^OUu_Y)!}Y`F3ba@)a$F@j z(%HdNH!{U@QH(q;WODLg5)NIG{?duCY1w$6xZ>fZ$2u|Aa2by$866_G9Pf$oNc>aQ z4kl(%d{E>n-smwJeA~K>pwM%Kn!&3HtR4w+g-$7X)$*Q!g7>xKHFFFAY!CB6 z8XEH6TD|Ujowv!D}E6dKmB{M zMUv!H!OHx0MZFtRREXNk)PbSmi_A`vX7k0|IN}b((3f6sN`T>b%t=E@PMxu|<$c{y zv6PnaJtBv}rwvW?a^+Q*l20jehTYUiC+1S$Oz++EBsB_inb5k2Z`MVJkg{**`_|sf z_}q|IZ$iE9Dv{)r?UrrQR?eN-6dxkKbI@AEq0M-UbF!*I6d5!>8gOjr?>^m?L{&4f z{+`v_VO?#pwN+yf_%#${K8j3;*=ELmapK4P!ME_JnyA=2NXa2|FoJ92f~htY0Jf2c zN$v1WldS(rxcF6OJh4Ohobn4oWI)zm+P*+ zD}5*Pm+wvrw)=IlN)0gLIE$K%Z6o??RH7>rQv$&9Z`i_pPI6DakIa_2@f^2GKIgrF zKS`Q5>uA1)l+L^h>S~XVYW%nf6{up)v2Vzqm4nvtxRw!K6U4oX%fWoyUH_8sHnWmt zRCl@64xeZ&B>QtbjG$*g@GVkX8>es8B9rV$%~PDCvjcq2z?0#HWubg*ZmPo)&pBG+)nypjj5E(ND zN961T4>`$H2N?9|V;AkH#xng`HYr3RsB&Djm4d5_1F zXe}@#_o96I41@znk&PQj9J(1h9xrY>?!>gm;U%gVpBl(WNIx1&Bd(01C{=4KgoanP zjw^#zcKW$mcB6BGQT>G%zq)FMdrd%%atd!hC5~?f8Yd8~n8!p{BJy>L=y->SFJAx# z?qq6m7__?Gzj>2t<|VCuwUAFHeQX=D6$$m#X+kYoFy(j$0qB3_JDUwX#&e=S}0pH~K zj7Wfra#L0+{sIgC*_~dH592ZlH=ab?)GQ(KV0I`o*GkhJmziqej?GAJj=% zVv?^~eE}UnA2?P!|13ygZT<8ixrq}9v4vXn1x-zOR8+o?N86r3TGT-vhp;0ras#6t z_bXMEmpv2WlI$>y+dkHo=o|wD_EY@C$ZB?`^WMjcR2{jr9k++IXhs*?3?_n!N_L7E zM;e%)Vkk(z{1UcDo7mb{z$Q-5*N~qdP13-)GMb-U#a#@BUcZe~_+a%qZ%sF`nPTA+ z6!q6A3&|0vFZ1`kuNl+}uyvH)B56gup-N?ehTKr%zfMj7H&RVUfF-eYq-xK9oxVv{ z>`8tOdGo1=%JI3aX`Qenfjl^L=l@qLmq)+0=T-xy+%b9)g$P92+0=DDx2#Da3@zqV zAiA>WOH4JVWhnC2dX`K65DEf8vhHeaYk<)hjA_86*uqbg{CJA-VBd_#?^B#I=q$(~ zBIs*vTu9z^1jAMi-xz}6V+*3JKVWgDP5!E?`<6sM{9^HupRUEfyCjF9BCGvDHQppk zs|)0P@IcQ_G|IF8^@ zXj9)kSGTpTnz#E7-Tno&5MfMRjn(3YM@A$)`KV(-ud%9s|E|#5HBJ`d%&)_nAZ8u@`OC-)#-hcf4BEB(hp=BFbS1F%(03i zt8n$X$4Yk2Ds7`%%zXbx+vvR;E6*DJM;Xo)XMaBQJ;<$&TMMmil`Qp;F-^-;vv1}C zCZgrU4{!Q!-(Q1=F?z)B)&$gJ5mpAwc-F!(+P#ri+s2(vQl0BkbFopEJHx{GYmN;( zH+Ogr?U&Zxt1yygnIbo9v##;z=^0=xW6t%l9Wufo*9u?A!U{cmQT}czOhy5(1rzsq z8}lGzd$W)L(sOgk`sTn4&95tJ-j#xy>q`Fg9#8V1@b${8Gog8-*1k!``|pVkaKVA& zxTT=--8;EtDY0beMAAQKeQyJ0Pgq5iwsa=`+Wg*hQ{snlb>aTia!4l$%xEM)N_ywp zG;+Ig*5W`afGt1-Sw=w=^N-S848xQK(S(nc{Xz@4e~@}-^2MgTT63`}6H0vHK%CyU zd0Kr8I+a9DTlt1~5{j#@+Hx4m@;DY~2ppO;l7R`oW}SAZnFFz6d-Xs_0k#lZ&~sK} zHG5S$Y+^-px&**m`rfK&Hie?BtrEmR;9meRk$xT-FMSII~FrG*Qt-k>Dz06 zk>V54lTSE|N(@iSjZwcl9j`MnadJ5WEZ0ftuu-Qn9=5>6N?VXooB7ai9cwSz#}#4_ zIdy0L;R^S9D+%E3O*At(6D4JTWd`5uNz=#af`WoTrYZN66@l~9s>bnPO3Cm(iJO;G zxzVLuDdH61pjffXOKX4b9a*6Qqneysivx6svzO)<``Yz7+3gxEWh9!i@Z?d*LeKW^ z&Dv6Xb!B^%4fjgN$TwLcqe#$_MDk}ZJ194t)Wz*LI(+w&_2Ck0Ga|V0V=vi-djK1d zTlyBKrxi1AOCJMp&SOw9H)zAqFo#|DE^h$MoD^WwU6(Icax+Dot}Zao*naTRdl*ia@PnfjDI=Q z|I+t%@qu)5;Bj7{j!9|D{qBcXP{}VgA|d9$-nMESvi8(qkL;$ZvW2!hE-kdQLk8#N z)!t>IuuDk=1Nq77Yd}Tee+|g_F#XD5MH6Fs?Q297SEKP#=lyp^Ct_ke#d=k4=?Yg2 z6Xgbgpi(CIJxIwf7+b}I6ap)I&y7@7#=hWF^=2*KaIEYz+#P`$Z(NksLt6`=Fx5LU zN#0y?b_Vf~Xlma;?1H)+LB)0;7T}cT7wArz+q5>tJTo`q_ zTzR)XJf8#KK8FK~{BhSs(F9t;i~CL~2ZgQs3YcPgawJBpu{h8K;DPQ!L5SMLw!qLL zVOcVq}H!OiEG@5se_D8~ju zlg|FwN~+C$lA?{W%Yj0uVe--o57=ABr+AY!_bDI}yMxMslYwk-1lzqq>cOmb+{ z40XMS5EJyp(e%LaHwDoEQlKkdHs>(hma>MSHowqf;inF0-(A1`?eQhr_HI4HDyBBc zn#TLZyIYV`A9ZU{R_=yi-A?+Pq^$JFaNlZz=>80{)Q_>T;gG7&u%d#39%a#Q6n^+o zDl9ws6G)GYepExi+?^YgrNhAG|9x?(x0!+~fC5ri4^wJLW%!$9vc7iojvbY+;PBD5 z!oYTeML(wcKkN!6C_XHZt9~Z)s!(ds%aOtfn6~$?;(Ebm_bf?;JVR4DIo~XHWaIG{ z6cx0Z*D5`(@rN!w^cUCEu~uJD^wt)jh@x)@R}zPibw{1R7foFk(equ)gq zz2}}NVq6xziJJ4+r<%8=V~^Y1BFz35O8|C~0hn@okw+R?uWM))X+%NY%VW8U>&hOL zw3W#B2z3Yzm>E~j1A?uaS%`i{Y@_KVPC|10Z@v}E)UjW%hz@_v*)T6T##LE9oAJ3# z(jmN5c}IsW@_rVnnxTlQ-(k}wN~k*hSr=WjCi&viWz%OY01rao$&R(=ps|07D3eVnq>Cu??y)OSkNg$urK9KKKoOpT~=N{-5l$F zfdWf7CXe-SNev$8*8`5b9mKDqy4h{!nD5R8v5bdfiDF&%iC#gl8Ptn+oz95^uEePI zc;--{9i%)|#XoO}%TtD5MD^x5&412S(Q1hwG5`vqDMa!V-GJk_u2go?ytz zy|*k;m#a2_56F5FC$*b_f7Vl-Q9j@ z+s{VRkKz#WmgH#MqoqEMNm};}b;wREY`7qqKRGA#|1OzX?ApIRRNJ_#H=P`f(?)^IWon)mg5#c@{Z3Ir z{a2xd!oXRNzbieec~E{#`!V`o)eX=wJmv^j3T}XpZZ%pI7>H-)^;7RZ%c&2D|6@M- ze-PV+Wk`bpm}e&hMR=$KFU6WwQ8;iqUus9LUStBEErHTgsx%EUnx`)aO3YOb0DTPw zX{sD1$=T`0wTXxc^5`v^B?9}X@DUNF!15l3;Fs~ph(^LByjMjPT8tz(!sddht3p4F zIn{zBO_)9F^RkJzi~VjP&x1x2sA)lY$zs?q|CM!5qLM8 zzkf&Sv#c>Pvo%~HA~NEF`8Gu?<^uCla<#+Fh4tqg&+z_gC-0F(8+4Vhgs-nq0V)K_ zx;}kYgO!zq5>Ro6q%VU>!s8)Lbxg*q%cEyI>4pPI)E}TGXTrQoWq-JY9FWmqd0m7u z7!3d6Jqg^X$DQy9Egr@!NV80%zrpSR!gl;65di*EuiEDv3tn|UnUc1RC~Evz95NGk zPeLW3%y2#NJ#Dfx1@pvc-A?%!>TWL>p^oquw?9-A#f^27eK)~_XPr6l@w}*zDSY#M zV*`Mez;dO{T#$}5?QlHR+Rk7Z@|e+D7@CASuU;u2FY=~7Vn?nFHcf5d*d8`(8rtFl z4^H$ur8K`w$>D1y;_@LlvV)u_u#5V=-Kp=PdrM(%Mb8QrJ}8}0tEg9>G<%=jW^mFV zpak87i^-pA`|aB-3+-RinnM0NGLsR*TGBRrvj23X#QA|3D=kCd{p5_-Uqb*S)`wdJ zUW13L>;$)iySIAaE#rYSZ?TfZja@?G0Qtv?u zQrX@eVJYu-%lW>P{)TyU$x;07OQ8mMns};rJYmQEodPZvdC|xI{TN~532plATOhg7 z2oVZvyl{S3nfWny%T~wJC_0W;_4~}*&d>Xvf)ngv(&m2r$X-wEHu5~6UCEdm_>Uj# z2lH*XsL7shY^h>>Xi{*gs$=OxOJ=@j^You#QyYIjfHt+R>aWvlTH}BC*g4JE?Px~+62{#u@3Bq&<%DFy&xNHX@sENBb}m2I(FV=E z&ekB^>;s2leKrA$;La^ov9DoYs_?40(URA(ED*xXXx=0}1{WlKH zY@!)7G?g#SYTKLp--|LX=m9=7rKIrKRtN*Lz#C-7hjzTa(;bniAIue1aoj*!Kc|Bq zHssz87*9SE#)Rkv=qp9b9YB-6%C!mvDyP1WFH@JS;XrPGGLUQ!x$Sw^5w~5szybG`&L<(bU8SrfGOoB~Xtx{UQZz>Dt^{v6p?;uwM79 z`eu-2`I`PLN%TlN=t`Mc<GA97CkZLaxsd~A%AZ>m4UVk zH6XR#I6C+BRlg-pxdIIF7Br&oMwss_-zn*wiN}kNMlQF|F5{r|Yi`}>0A1UgoJ+wvSL?{-?h{`}Yy$t+)$HFLjb% zJttJtpz{|`OhnI2mA$zf6{cs!xt~Ap+Fcc2CeGOS(jWq{E4wAm zOx3}$beyp7;8R#VBi3|T^Xp$I8X>BqGcoOyFITbSr+Dzpt0pm)dP~FpeC|>02%khWFO6!?Z6zWPCS*rRusj`H-WPn_NLGy*H(d;K>mZ}zgTVCrltpqW8UXX(vHwQjf8JquR0K#Dbr zx#k`|L&>mwGCpYtIVq_d{=;4*gUJKx?(9c4l4(+j|MdDZokpU#AmA!e$PyY#X2XDS z^iSx-8|x~^BX!Fs@z$0f2-xcJ!qeyWrl_HzA+V%nma3Z2jXMyLNe+D znK1SqnN>(!)uomf_=8-z;Uf^~ke4uienLPZej{!PoZ?DTMQneL*`949;;6_l6mz}< zGXz+d;X`E(FDCFrXrhLM*Z6!);c@OqF&VCJ%WDB`)CSO&a9KSnSII+>ph-coxgP3F zAL+M>)G8r5HxagdAL+72Ovnh~;K3_!0X8Be+7k(X32FZl=q6SYz%H8RB? z-!4=KB)vQ&I6MWFPr4gou#0)2t9)_9c?2~H6s@5#6^-JwLy}N9Gxvi_2cG=obu=t> zR(wBF7rWk@nq$03fG#U555>f0dT8b`+_{qFbDpZ9#;PJL7Ei-Xe5%_Vt%&YlvS1Os2J|K z*0!~!RXVX_7ScV|YFsF~vyR?Bs8Az7bozrqy)1_KzmEu9_kmpxp|a%J0gV-DjK)Qx z@|v+cbngiaz6zcAY-z`RoKGpbc;V~U87M0!P+paz5)dGUBH-UPX^o|PTGYRO`sO$> zKh$L>DpTmQqw{BxQIRh%F9!%rkLDa4TK}rnZvAp(8-ow63gP+esz9(czHWEXu{98l z&X`VRjCi&G;jG075>Rnatoq=^2!+5%HC((G)MUbsaJ%!m%FWV?(9$48=pt}SI+&rVs1IVGT7CI$F1-3QLZWbte3qrek% z$@_(T+T)#$+sANfzXe%C6RM6-yQZ9UxzKaFqB5}i?eGIF8qfIE0RPnQf7B@<_!`sS z#>n04b{4jP*0Ns<>KqNMap5l@f&JbE=6RBgIO1`{a0uX#(O8Hs9LiEahf||(KM#r) zDQcqwA|;xuE?oxOcm3exy}gdt-R)>+<|5?#rIy`pRQt>?b<@j*sG4i?%i%pMcNcx; z7b}5ob`U@mE#T;keoY4kL!3U_T^EhlNfW3Q|L7@CNYt$FO^z_Pi|;CL>XnP~JHV1C zRfNAx|0Om-EcfQG`|y{mss9AJGvHFSlQ)=~&c)3J2F;yZk61@UOmXg3#aPvZ?cOr! zkdUJ^5ZT=yY~o((X8S#c)Kc&kjku)$PS1lk6a{Orv1eH>u*Ct`6y@Vo-6=ddY+tt!~9T0T+nTwPq44}XTAw$ zXY}lT`TevoJ^HBQ^=5L=ZUKVc)?8Nl*JWkQ=C^21dyNXu-ji!=mIiOn$B{+{;0&Ou zs`GtgJ5zDY|MG`22A8C2HugH9{0B+-=OOy<8SaDx&Z{KtOfKxkBW4EWpVA@qkH|~` zsEj@`WXzuSR;H%DY;PHvh^v`w+d8MFu!UBvDO}LgM?PV{=H)yQLL#kuJ3klh$zods zx2-e3(q<-A|F{JZ|9t8~`uH)Vz*?+WqXj(1iHeH=S0|kvD_UtiO6hCl5EHrjfuDzS zqKhfkr!Bx!GT}V!xzz#7$Ye-O9W~v?9T86}!&%O@Tw*N>tBS%8)`91J7-{;(IrA8$Fz76O<9JR1=h6 zTNl}CW2t;GC8Dr)o$=ZWh7G^B)dc=(G!>ah>AqfY&1J>o21%B!Mv*Ev<5poMjY*@I zEN??B)qWIzr($A4u5_$4tPmwnJl-a1_hGEPd40bTo>|P|JDsT^dC+-iS2><8SSyLf z6-i5?rh><PxCQ0Mi0d9mMg^O!%R7I)S72;qJ`j1mjQbkgr!f(& z*T$r{IX4>}#m6kWo-qIms0k7LEW0#Fxm-JkPYF=21S|5lWd0i-9OTyu4aD2dhE!&` zIZ?LQ6(0UQn=^#IpkHN8C6;4mQWSGbIQwc#^(0sZyOYFHsh2d*K%*TTM`E?mm%?nT zKqX5^0QrJ_(;xlQUq|Z9`t>^4wD6WDtYljx3a^2hA-qbdjy^$@kg7B-fF2^E*U8Cw z^l`ArV^9kE>qlon7OFZ^^()2tP9Ox?HLnU^bhsVw0KBak9E>PSO$0bu{hvdE2yInB z77$tQ#?lmSVffXwGd*#86Q7`b_OYKZpg0=%fMyN-qDM0MXGp+QSUG_;tbbgE{K4Z< zRaHBZjKDP+wHq&P&OGy>#adfzFd2!)%QkzU!K3Z8nOE;U#Bp%9f6|IBL|IRKtfGWY z&2B$$m@-~mDWA1Vh^#4rY8IWv@QkkZxE~Wy2E2od1(h?tr8rKXfeI{;{_ABsDJY~X zN8NeWNb#VYvUX}zLtmX9g7fY(6}q2{OvsN}%jt#)VlFY4ROdY_WnADzDhV9|N;Qi* zACnf`mAvDp$b?o18(l^RfS(^Y-g`ef5toY{;(wb%|HKi*wX6O3}9d@{6>!8N*OURG@Wt=zF!{* zg=lx{?)C!|XweMJ+*uN8fgj1DDg{~`h?dU9jduj~2ExFE$K~`8TxXcB*6k?kZvdy= zo`?+iQw#lmP;E+JZ!i8P@U94`a9I%3k$@T&`(#<^9Y+gM_n-caWi@XLBtVgocMF<4 zI;Eu}h=R+zCQZUG5OK0Kw~E+^kdVMDWSDnOCVazNE`6_wfaJgnbkj;Yp73X4{BuL#cz1i*ORtyH?GLa*j*pdS%0X@$ybU{P#E=41+8 zpyM>xsPUP==Nk(!efZZQldCK6r5aYyTgwN!i;aL%#fd}+)w^Go5GBL^q_DK8zbR$B z;HJ+$GNx(?^l1bc&klxwK*C4euO)v+aUJwH{iNu5m84`yO}e_@O;}6Q#{p1LqGWWA zoabqGVJH@J*S39IuG{{M;eT(JzJ_FtA~Wa2eKH7Y;`1~(J5=wB{d@&Edb>B8jZ?n) zT(@W*D0z1olX=%NFp|Ro_O7gmv)NZVK;@M~7Js%=okeMvn58=OViI0Rm+tnhNLgA$ z3acUas=POzG>wAb(C056#3%9zfhd6{xp}_)-`zg~#}deJ>gAX(-6cb<v@fUzpt622j39qM_ys~!^2!m& znjYMN^>%GXXb0*lnO zf(sec_ZF9t1dqp;79M{>ritop$WSgpUuR19Pg8oXALv7lb6^F{{4P1=F>B&#eXvQ| zg>l%%Nu@h3-3J4Z|MY<*yNFYm-Mnx8wkGsPos0jv?e0r-0t-G>u&dSDwjY#3){#=h(KH zoX+N1um0U)y}q~9POv+OxFvC(BF9)~tFGvMIGNfil}#p-k~BFk%N{m;7>!q-@rA2+ zKE2K9l=E+LZ{W9gn6b4Tm-0T zik$6Btx&C$+5m!qo<^a_ ze^UMA$8_0Ll{vrMhV8_k*7?i^lMx)?^}eQ4!Ys~|PlP1H$Jje{dH7B8{b?`qFpa~s zemq=UY%XrFKnL*EI4YVczW@m)ICP24I~~ zGJ`K3F{oHCI=*hq{VKE9`TCy~_D{L>W%<<)VqYvA+!~F0<+|(LHMnR0s{&yK`+jC; zNKZskvQd;Sf;LfR62?s2-p{rRVif62XZnJU#^NV4CvvWOS-iZZT6oLv*V7$==~mGN z2jw3QblKgsT#9vUjZ1x^OQKxLAANr+ki^rg$dvZ@GixBl>9`}@;m(}sjIs`(D~>Cv z5qQa!PtsE6Jax9Uu*21DAOrD`P)YnLP6MX(ns1D68#fy+TD9AsLzoJP$P887Et4i9 zm!c^yb<4{=^&?zM(Y}6U57U^kT^MuUtsi#{>RVQ5GcdpD3=~yo%Ycs;EeFOACuP|D zUd`0j$7^PwqJnv}%}K6oOjW5+%O+o$tJdb=vN?z5(qTwr!LIFQR^rUYj)Br%QmIH1 zvPz408dV#{7p_v?4ROec*?MW_+XEc zkny{ab>64&-Vit0$U5)*XQ=>%^a_{d-72;2(vi_zzOgm$=YS|4p9gp$XfON$#MUrvmx zk%}iet#QhAJ7W&e6k^KJES74b?~bQ;A0KK9#C*w=W$s(ey>+lq87boI-fcy*G{|go zxXzuqfW<}BCtrSfr|F;oY-U6T{O3j0FH;2o?f3(S|K7ZSEeaaM5k$&HzWk^FfQYLA zauJ8%NcK;2!z9X^nz)ocJT!hUq$n0PuP-IFnXsLW1dqPMWNDdT-RigRL~Zl^?9q{k z)_OQ>BOw`%y0?d|eZ$vgfdVhoMkRP7-H^w$j!6}B^$4d3r<(%9k9`O!7zA zB$rP|YB>kJNhm4DmQ@ccyMUP$Br?GM6R4m;=e<}m8HCGoa67@( z7eD?j0B|M#9XVD z&;nGb!zspL9_B2hSuqR&5yxVR=080ZwR?rpi{~Fg!3$Zh1MuqJhugDL?z_pqQ(Y7m zcYP4b`PI_P`Pnj!^KG;##DsZ<&rzs&K<$Ya;e2MXLf>5Iy1p%a?w&9hF`C~-&NmiaX-k%UnHx4QbYK(#*CT&8JPb$J)@x0IA=-#HM+({as`Fg?t>=P&dp}LZW-zah4Nd5BpVz= zMWw^LxYu(x>NU90&YUUlxw;Bv&IU3+$nmV+^l(T+?xP{R68Ihmh3MpURHhb7zs1KH zis0``FMTay0Kb^TGPSH~9#72%n0C|_-N+g>L70RVEwvPZvL2R>JDqbV{55kqg<|3?=M{ZYA z)NW($(5OaudwlOj)Di*`GJNVrgRp|Hk7RL7Dc1_ zsTQhFr;s44oiMCs4aWG%cJ+UfQzpC++!$?5GdtW-S%M;jAdG_|Iohoj+_&9MNgy%Y z;QFh4PU)7tlfJc=6#AeU=)}3Z;`Q)16!s2^mOE{nmKxHNiQYBp`^w=w&DN`!hCcF? z!jAGi@&X+R6@I^sGIA2VY_whjAPaQP-MNe>S6pyrl^4OzaM?V*((87FCDWwrFDRt!y%PA2RI-@vZbIDI zzm!UqZEYfM8Ly99??I#1!TZzdd|GC-jn2Q9SiFkzIC;9~C z-OOMk1#PZ0;pWLPiZOz|9UK3@E$v@3bQk>gAj!fc{`hplb_q{DgXYKIUmQgHEeE^+ zQ!zZ2a-})5xQJ()Zt!43zsMQWK-G4ITOW8qM8zqp5ZvzTNlX_S2cMWu95cC<+Y(y9 z?w+iZh}4}ul4fM|X2gi3 zRdIh76&(pY+9#1>Ej}-a@dR5J$Q)4DZX7X<>2vwSD1Eq@K*x!G8o^RC<8SE7{ zZbaZYTctDzik6&6&SOkJwA;jnd z|Gn7%SDy++9*b0|c)p@EB8nKq`H9Z-w~a+WgUHkr!3IC<=Q}z`vtbY%q8Asl*Q;3Q zQLWLx12cFJ2O1)%4&A!&UXeWK?MuHoE!z3Qjci*ow*6xQKdU{*Jd0I33-6Ac z-)v@&4hCyYk78QuT>@pE#Svo)k`Jkve5?SVtCbP+D?@OB2N#NG>cdzkceY!qO*ZAnR~9mSf-sJBTAHOI=%}v zENVs=Ae$gHLL%{Xv}hcGLhJdtlt8K2(EY8+nMOW~KQcriD!^5etvq;`7j3p^biKRz zA(*G78@zn+iQ`+F?(rfr4i*sE+cTr7LFWCKPeS49UM@HDwa3LbeMIynROL51vUGcI zRxf^PO4S#7hDDdfRUNY|mQEgsWH>FMEiD09GXpHc8WUyTY%eGSis|qXVQaN8vV;7+p3}T~~>Odzl2DPK=r?w?X3L zk+D{<%%gmLKtsObhuk-zZEWxhhfRGpicIPJP$Cr^oxkw5ozyKgnnH*C9D_fS%z-KE zf-^<3$-$k#{%3nagkGJbTIwhbe`EUB6Y#$(1y~nZL4tZ&%2S)|yc)@8q`AZ#f6K|0 z)Ie(IfGlgW3jU9sbTcrcJEv!Jt;N1005xxa|A{G(QnkAIW0lhFA_OH$jE6PaUT@H} zmvpao-<mt81#fq=bo791;{1MrGG{z14ZOvmeVp z@UB7kCc_~He2@|5-@Y5=X5No~qp3byRrkUqhs2t7CNI4fjulM%mwmLX6(6i#%6YJW~9^W10M+WXArmXxIkuwB0dW%QhPm=goSJ#S#FnmBkc?R z>&gd*W|pP%^zrv$8H1NemW{U24L0JPeIo))?~=)Xb{|X-jN-LO+SGqO{U_2OgKSU= zNPTH*s|QXkG$POx@H|+CbNvzOq!cmC78mJT1JzD_yS|pRNhCTZ^shGwWbiF$n!_6kt2?GMK5>GDFdl*|SNv z2`9i1%F@$evxB@d8qvnNaILtzvl!Hl)U=%Tq;gv@uHy%@BRB`+cLPh%5jaeBSpByY zO6!Hv#-_zimH14H+M^yyqBS9+Yk!R;RdSz9?bldjEW+htVWY=24D zlze~ZezJH-z4iDm3ba76RjyVD?;t;K(U5AZS8;e%en}NlM91~57h zex1vL2p^bCy%xR^REYbsm~ka7v@UJfmq3)05Z4r)X43t*--ESICW!JQ9xEoOL|__b zG>5FX-crfj>rd_yz%MH3X-!$^L;ipyB8<_vs-!FA5Vk1 zJw!o64pVsB9zK1Clh>;~ch;KSKtJW^xOh9Tm5($^?@-wJOOE9c!$%RwW3(bK^@-Q8 zHiCTvLL_gS#5T-!QtLbrX7qIikcd+oD=@E!?*VpFbWuCU$Dz^swh29`rZZXnW5^;m z`F4udZyKniqT7Ad+Y&;V>92V;17;j6r`+I|_|I5W$P@>VGZ_!upkQE!&M|EiAhs^j z&NGN9p2Of9X?|;7Yf`umsvNXy;=%U7G~xd_COuIZT?58{8tZA?&3PXMsCl*~Pn!PS zuh7VVl`0P$m9aTVE^h9&Qj{`=AP6xOb_dr)iP9{KT#;6?C~Nk^>gk_GyYf+x1aEPE zhrQ$lrAW327UvW&d-qdhM3h|RG5R>cSVXjJi00UuX`TECG{J&$zLN83vmC)E4~|ME zWV>aOyKCOrcFDjOWEVQ(F?+ju-a$-~;FvZx! z=xk5xeook>GZw};WR&43(-&b3_PU9mMQ;Y8=14ww{mfw*?7WWC$HaZZqGi6T9-Pv+SRJ%lF!31I+kH1 z3MZz~vqxA%mYcdoJ1lP^8`<{(af7D|?NF=NyjA={AU9?g|LsDJ|9zRyn~r4kHc`1T zh{h$R(>;_>(9qcvA|pbxay+TzRj<*5jhTg+6my=NsyG4_UpFI2MAxzSwtWd!p`&Y$akP_ zIA3Arvd!g!llL^8d>X_OVw#;I>~S537@JiDK7x2ziR;f!NwCx7t1vdhT`lvdh# zA2GFa1bidO@3|A84YUsF9kE&xrVss}ovQBMJoDBAP}T@XxHj_&o-T&rU!4kqvW8o z7D3yua|pjZU)20)DnE|?e(`=-o>G}~JMg(h6%3KNSMRRi&{83ZV$}2#FlUR(?F9S%n$w!B5wN-mgPs=Ck?vc1oxSYRlkv<_Q-+nhfMrXiK;pMIwo; zwbOrlcIf*iI!n~zad`>W%xgm{N4l>qQ_+&`k)qgMhLkdY89x6yTD{p={F0zz&EQ5F zZ);^m3%trJA{(AsiGEbd`T*>`Da0rV2?@<7?A@!kSZOX+Yhyl~ErEqAM$c>mH~oZm zpb3#e46el3aKZeicV&Hi9a{+8G{+!myd{QK+xicFLWL^(~m^La+sI{39y z)l21df99}Y*3M*v*Y@fJ)h8Z(e=fkZf4r8sruzjgl+2A*Chbw4ojGai59@mSlXZ1h zfvIlCrU~+3Vx|B}mr3#Cr@7oOsd`O;zQ|Mh~k0q^>GwDdDNOgj;@@k%-#HJ)W&^}{6(Y0 zopKbFV2=}i+h%c%(IX!WMpJ_O1dj4 znH1V^AZ@V^Y&I#P70EQ}DRAvR@7y*UZA38Yhtc%ki0a$A17X8gAJ<{qGg=gy68CE` z%$GXg*?sQlAQABhgUYw_uy~QQ3Ku^XSSt@YM>fr7i@YqILt|9EMncu|~4`+9CL+Lqmy}sQU zE29IK0)qbj79IqvEt^Kr(HPuV-yrR$+|O4qibosa6`|Ul)>_P+wNLW=<-Q9D6i3sD zbxelAi(t*Enr@E|6Y}YB0WEe^F#i*twvQ{)aiQ&IPm|o`N|i#p<38c`>xc`?$(TY` zK`Uj~SN*Gl2?CUI<>CrE+4pbW9*=#sy;fl16FoZJkb#i*qkKeFs^F^P;T6elSpip4K>9- zaLa#tGeL(k5)CmTkY7PVv%mFP4ZyZMBsh zMewJ1>{)6jA5EX?Ma%dguT@@l$?*1=X#jiv@46g+>vO9Ta8Ly_3<1@}d4*=G;Fv(? z@Zz`{0;ai0%Of#Z`@OCA$h;uK%WPFQ~WW&64wB#8I5PPpT4N|F?maErb+BEI;I5d@% zi%149A!T0rBqJx6wtv3`YL3`#6WJiO(B)fOiVojFa{sY6HTkYT?MOlyQyP?^e^yVXG4{vDf&y@tlz1{ofX4C0Eql} z?v}ga7Axg}w(Q=aKHi>2lSfyA0}aDhzJ64RdVLq0wu0yy$o}YS7&avBE~ON47>-Ju z3ci%BDu)-5?T*Le=XmzMp!eD#VE=3)$U3+kc2Nz^}b- zQOC_<1M;rC2yU;%REK^v{U1<*kO!ojam+1N`FrebbB1i@a{Ttd7#$n`uRj6k7BkV3Y&Z%Xfm?K5HzP>djyPNe z^zQ6v2LX>upD6Y3cGQw>LID6+xZX&KWM#dCNsGK(sJ*BX>*=HorC^l`JDK9sa!0s9 zo+p`sMO1ZWMSV_s`72D)+n2&}rq#WwN)NMJyz-)M$S(sfuWp z@dO2&uJ)M6>$t2?bdKAr$2gtM;^g|&gP@Keh`%)p9M){C-H}_|ZxYu6o51lc`hf9E zcW8&Qm-a#B84iq>>MJT6DV7;_n8y0#QiEp9Y_yxs9jUB+U{u z#9Bo6g?DV$h1)9~#ou%3vo$c0MYyGHJLr?ej3XL~c=vLp-un6TIg-woiWidUMvI-e z^_r&I@Fx-i|3q$<2^iz7=Jlz_&L)8ykIHg- zN&C*!Zg~=@$4OMPgdOk)J$!it>^1sO$ygd3#%D55*Y9L)H=~Yaf9@5o5z6TwgGprj zg8b|jdg}Mlf0#Sw2}C4Y&BvO^-jCDs>gk^ z*ZVs~{u7$p$PnDhQkGM4kSoujXP5mpS4`#cE5PW{bUBC>y%a3o0f9B)Drs|y%D%@;in{RO8he_ zF4}}nEIE*xT*xf&8sF?$7^T?vRC<^Y$*7JWR%Nu}Wa@Qv!co%J#I1}DuZ3O`47hp~ zM{2Dsk;)7EwfoCktqp9x(_I{m){a9V^t!o2zn^7pj;h9$okvqthYC?`!`sU1R+g=A z01)G1EjF7trSjRrIyzZhQ@jO8$2Tc-+6795;%2jX{-luAKu<=}0cHi6(UYoLLm>uy z$xzX)&X@5~?;wMAr#cF1X!V_Tkw9cx(Uq4xjN`MiGD_glm9&h5Shvr6#~V=8!bX*o zl@(Q~Uc2}HxV>UJT=#vD6iU@S5LfI>z2V(iDVBoQr<*@w$#PjLCg2tlGxq-U1DJC1 z30o_NPY+Jiac4H4{T|l&1{YAtZ~V9wZ1cJ^pL0qg z*-c0WTbDAIhS({p3=!eqMV+AsEkVJlqX$$Suiow?5*rbIJ|HodPgW`J+=7PDmnKhXOAHX}Q9m;q0wPL$-iC z6$6ecTh~Epx!EUIddMff90ZK;y?bTq5?3L=lKyd&wBh1ZXJY*yhHNZVeG0CMKOQW? z853%~bgjlNN)=RB8@FrDxts#JpO(~3=^>}ip|M!O97jKsH$5-3d=Y|M&v?O$eY-+B zp`3{)_a`k2cAp}-is+wAs>Q?Nn?vsQE;l>nVBz85MD|CbZ&ri0u5vz~~bfz)a2P}A{D?kMnp%VA>g zc3oxYe(n$SFc|C8W#TV~IR%%-UPYCfpF;6WA{{$E_oh!LQ#Zn_lu2pC8(TaC{>j`& zp4<*lY~6iJvy(%UuJGG;pqOJ2W8lmx#7OR5=}mfFZZN-pb;B)LE+Qeg)iAJo94@WY z*>3C23Klr)SNCOcU>g4UIo?+9NbWUw-VY?=fBFNP9S*2e>!+B-y*rgT5cP(pT#=q; zFRBJTjKGB~9plNO6%Me*X=8GDVyt>Igb<-YWsNQ1f1S9Z|YoTe}&)} zl?HXnZhODtAur$du%usQTL2GVuQsFQbuIAs{#X6fhzeTsM{J8nw|-3dMN=Ob{_m=T zAd15*1!T<6aMqD8r9u8{t!N=Ln4?;ne1W==_T((Ka1usa|C1y$Ndtmn^Yr?Z0^)CVzDl!Z|gM&W1bb2>~zb)_%$lL@GL)B)QoJ?(M5Soamo9GN~oQODsg8 z%k~P8c_JhP(B3prtd!o%YPAc{n+- zSWKscfdW6a#bswL6}`ZT95<7JuU^z8t2$4|$UMlsvJC67U?q|A=<3vG@92-`mVx)$~x1J0s&+A+$p z?LB_8V*H@3mPg%zk@4v{K{$IG?k77Sr=5*skNe^F4lGLt@=WS zU8NrIBMbsQ(KNl$qa1(*%=j>U0yq+np|Ef^jP8c^( z=tH-*_$hIZVx>0GHQI(dsCMu49sgtPH0Ghw&xUC#H&o3UHHDOVLO%y6Ev|zmh z#GEijgXU#ibBc}PH=K=vv~8UV#JSnW+Ee$K!VS|2Tcl*@3=^BkiGkX4nafVRZ}NUw z^y;4sr@JtBX$7)o7|Y$y6S=@ zf5m^{;up_-ha_c|l9v|t@Zg3-#Euvxur(jm!q;}<+Kqbu2$f+nS%m(X$%32NyB)z& zs<5+m*f{T8u1pbFH(O7)zorxYMNYp4@lb0jI5qY%XHsP&Q2wGEZTj=2yQcp4YB_3; zP9uhqcuZfcwy$7fi5xO6ZlomB>?ltayYwRNDGvUw+FG*UUUhd^cbjTWp#~Eo?fZ^y zEB+gaYZA$<2G&=(K)(MAd--+eY~TEvO^yMzq4}ScbWNjiK{yt@)=s#M3PsIj4dBHxRjt@~S@U6#|{1zzy6q$lAEp-Pzp z$CY${sxN8(w>`n+`J~bjk3`kZyi)Vd+Rt~CrZd*|w>9T8gM+d;AoC^BH6+1R*{kgJ zt@HY>t3lbZK)yE6)lM~t!)v)@>J9)=a8Sq~X{;9saRhz51+hI67&Pr<`6Uv-7@k!H4naS*}Z$NfqW6BB8NruVM z4x#@p=k2-1?#ol9N=q{CVHY?tLKl3sT3}z_myI58-2Cs~(^wwmj;-y0 zL>b`m8`j-V4X<_!vJzPjp|;W*!CJj;B$BL__eoZX8*Y(1O=eRXYVf8rfYeacm91N# z>Ali8QF4~DE|b&QqNa;1pVKvAfQT@u{mTWP;|{(S7>KcUn_+9)6gzQTvFiTOv?h6R z^BF5rEdSc<58PTHZxtPUEU#yX1PAr^3E)SAJlmjBLF28nq4qzY1i!`lHmH*I@{ZAd z>Q{7T;EKqtc?6eP#FryKFl$X1hL6E?Ommf@00F|L~CiT=!DJ>m~Sz^Gkh&NWW^Z z_&;>LWl)@5n>CtX!QF$qTX1)G2@U~*2X}XOch@FZa3{D0cXx-zX`It}-kGVH=c_~A zKY;2#6!+fO+RJv1p6_mAqckeS3e>M?r4i5CIh!cIT4q7*A2^o7k0~?Lpz(zOCNEy! zCg#-zo098_tt!mh06fYb1o`}{W7fJfOWeFb1T9lX+J2$+{W~4M2zxKTKU zA^@`?Q-1Biguepxtie5f(k5*=k@ev8n@ zBSBZ$#`nWM4lqNb>e= ztx~^Ur$r;S$GVr)@j8;7HK#*k0Fyi6(LZHN6tm=nuO7^^DC&>>en}uLrxpj~DbX>t zg468w?)J@|Y^s1(;7%J=M|=IZ51TcBc|ue4bA0gpVE9!}s%$UeL&dM2Ca-t$+v;rtM7eXBGOv%g6%NBm}$SB2H zt&68fr3js}n^bNO{V<2O{Ao>}iOYIu0&F~@5r=ridU%Z!nkqDs0JLj1$4N~+L|rOB zV1)pkh!KSS37U(LyBO1izd-VD)M3FO5>VJVHHWJLdLuOq3!TDTm!A4S7V~W!q2S|! zi*LPA+Z-wcFOJL0>!yz*y^MucmdurzI(m*Xn+{}1vzmjLwn5n) z_kWV5*Z6J&WayufvjW*nWix;5Vu2|0S^b7d+A`D3jev5YUW5N^HMNU3?Y;F7_LNWm z?{1SF>fieZ$liR+(P&ofLqt?63RiZF$rb!}jBUX{G4PZe48$k{8qO+YCqf^QGBWOQ zw)dNDBpCB#!(+j>o>03zryS4POUe7`76gBya;|?_9*eNSofi78fC<43-}5$c<$mj$ z3^VDC8p7-=m%PGJktFoB3zsTFc_{q6b2Iuk-L_+h<&X(Rwe=ZRavo zfBEZ1>~B3*iFR_ZZHu!c?HHtybF);C-DX^LuHEtma-PDhgWp6?B$?mbBz6j}&-oJe zl)}$y^UXu%vdHc*WLzMD$W5aAgj0@}s(UpjnrG+1`!I`};gwZ{caZB`cCaak_Tlh5 zKC+?g&|_8xiQD`V1*2Ac=6hVXD>O>wn{&0E@Hwx`p1VqfIxSAPT@zk*QXF%QihA3` zE5nC?^qWmG;D&Z96#5S)o$D^=oD{A$qhi^Vio!hJg!#&h8sn)g(sH%t+!iAJffz!V zAyck1UN^u8s0rI2^oP|~w_kZSIwNpS!cXJdgI&-0zMVhC`)ZN^M} zP?Cw4_3n^p$+s5gU(z!LR++meGrant z)^hwivsKp*k*C(zc>0~tGj*&2 zujB-hUZGJ-bTTE!i+>n6&;$%+viICzP>s5Dv263uZnP%gtjxPbyCnMZK0>kXbA_P# z9eRw&!qDfvXNLbGmXslzS;0!Kvq%;9!0s}JMY{amUL;oQ@wLTX>JB=h&u=X+uq*^O zrQerJTu=%oB!fo7#P`cV{-Ah{L0s|bd#@T6MQ|Oj>DgcN9a#J!mg2ctU>)^0CG67a zW6rcqh@AbF#LuzbdNlb{wYDR_$WWGf0EDoAvhR2U#hjS|p!4;hn9mDxjq;wdqz3LQez)N|MW>hw z(2At}GTEvwRWq+b4jhoLn-TqLPQYE?vmlty)GU#pAHXQZxF>0lXcmZ~D9&Ep$4M-E zkHIqekCDo*rS>t=c&~h@tDT(LjQ-jNmtn<_Py<;aMxjclBoaTLB6VPs7vvA+p7dCF z=hNv=CHSB9QWa}#NO`(f^4*yV!_h3XSTQ#JI`vLm+}&l888xfJ(OAxb?M~Fai_Fq1 zxGrV_J2kJCnf{CEzab%5%Tmc{fw_N*tmduK`AsW23^2*;y6ZpOopSx2|EYO-B}EKx zbP}f8YN)^ z08Ff?w1;%xs1$Nk<1CkRST%62#|!WY0$&hKLe`Hss!ux}hT zUaZJNnWoaM`xZ5oA(dziN9@fo5O4=CeiM4-S%5}zbyaG|HFl?z!v@!Ex1MP5wR^#k zQjc+8-!-C~nBO!;X(2+jFL<{6OK9{T2JwD81N(!y!3$97x32W3j>QgGh9%56K30^; zBsJ}(rD_(>sGQl?491g@s_4&rhDoJUw@5Y2rFd^jvTa-IA=s15tto2h&lac)V?G)d z^IlXCqm7A~qOm^juk47!qk$kW^j5x1L1YoW=`&{i?K|w)lH+Ta1jM z&oQ8iNK*2{+*+zj$CZ`~mZuOf>aY#^o8&u*{5eKAm~!!l8OEAN^?S9W*jTeU@?}Ml z_p|AWNC-5d9$L%rFF927$lw^xS+?Hg_*Y+r?#JzkebfzFFF2*Ts_&seUfoI zDR^J@$BU$p(@Jw{R7W8vT}M_~$#INL#V@LJ^W9{zzyU&=Rx4@g>A+yX0<0F{w3G>< zr%_As;427Wr{?XWlIe#)$Yg0b1(6FupXoLQT`A|yQkRGDn%*_i4GT8+sySjh{^JSX zwUy^oh12ccwJhPB+Eeb@3p+qkoX`e3_?QD+H=_5#As~px`uTMXFlloF;i6Odcc(;k zI}<1_qZ}i7LctCHTD3ZSDnY9XP&M^#xy5kkR!6)!7#E2%=$y_M5i1_hAByQN!=l7o z(?o!3$aG#?5zyVh&@1_giE_mp>Y$H#?dleL6askqmWgh|t2 zJP)DbkoSv2vN{dhPwKlI-1^2(A6yQ(@?fOpimIpn|DU`V?nfnZ9Ht8PG8ONG zYM)#5kpCWPVg8RiX;vz9@`e@ym1Ze!_c%JxJZ?YdtMAAzjl9<^-;)8%0piG*im*d% z8uZ=qJL_5Q1sXQbJandl+!PJHKiFho)lv)wP`CQxq$wXBU!G77r7A zE9F{A3E^4ohH0K?ssJpYo*<%-kkB8W+1n5Y!FFw$Wmzb=k5jcI>;#Q+)j~TD@cr3b zEl6X0+`UkLU|}I0Uv5=UJWfaF4M!YeKXeAyR@<~Aqep^cz}2?I7mg5QZv^LJ{-q_| zF4ugmm+@1|4ve%bkPvMG^Mt#3dH#Q*5#_Tl2{v>aa03DY!m)xx$dvG*HrUu>G4UY4 zCQS-Z<3#PcqqitmNy`uu@8p(rdYkVqm*cyMErD=<5A=207fJO<<8%%hTz^I%Vj>2arpl-3`XT1dhOy6{lQ>65aKW!ElEz2I1`Pj%K z2LTd*19A7i$xn0YeByq)Q`c(@OwiS`QwX#XX=yl|HXCG%g4PF!dTs71I)1;(&`U(m zZqRivsuhjr%ApG6u?pNtgve5awH}$5HpLvp$=r%dCd0OCpxbbkW}jd(lHa}H1EZ9G1=ML#km6s-)`!!HTq$k$yfN(BJ^(Ja9X$o&!(lA)KaD9}VlE%y zZ*7nwID{R*2h;(H0-kuiCivgpV3BLOSwAUcat?rRdakwDZr8f*k(w#62W>V7bIZA{ zr*O7xb)T4G9j(r2;(y-_9A|EzGN;-UTiZ7*e)8!%6~oe#h!ipyo2?G|17FpL0!R-A zWOaRc>1y?PaN6GLekE;%w*&oz3@qNwg-J<)yMy8>5oGvo`f-tb?%`FME)|T;;PNC* zHd}AQOr3td{uNybw0_K#Nv+6>*EE?bG+oI~lYTpHO-d`Y;FiG2QOfWdg<8w|3nx3* zhzUXQ|Mn}ok$-#3XQwVxzadu5H8cL|w%hw^^pCxk>SNXPn3oUV^;vSoC@{H#nO;av zj``EI8uH;Ul#h#hrJ|GVQ0DS+^*^h{U1r9B5^=fjxL_D0GpTPQXo z(a;vD*#2E10qJ5hmZ5h9^7-mcjnKRJZ0R`b54N$6;Q#Idc#y6%Y=%MOGZcQz?f%_2 z)&#na-4bY2%0ENQNX!kn08#C(jmw|$roia9eb2uziy%QMj;f(rFXQ#%2DwPJM$CKp zkPp0u@SPy^QZ|;upqKjIoSPxyPbrDoKc<;0n?D$o2h#Ci!i__*)>aW)rD;k-qS;DV zU)G?;5pm}+<+YEc)hbenlFfC;mHjm^Ww#`PqwYZ#??yQlnlcg8Sr7R}Sd_y(0+NXE z{MUvsoIq*OiWaI?<9sh@^zWxZZ21fZd8}~Ic=A7)qtdEngny3scA1r_FTOCe&dcZ1 zVAL-Dc02`gMzVPT`Tl*dQIrxE!Df^sRWo@EDF2IBs{NrM4i5EX3v0K$ ztw?`%$m~}o?mkJ2Osq4=&Z{|Zn1b&Exf*NAyIQU3CgI?~aypzCd~w^5P}oN1X)8iE ze6j8PHkfH}lB23IYP=It349~f3s;S@y1ZcuWiv7W>j1Q=xyHwojP&7YbNk@Skmbn& zU?Mms^d?dL+VHbD(#wA>J>am}?62`mlv(Cg8gzjqyuBFw5@a>Q7tX=h9fvo2PnPeS( zL`4!2x)3mu`sH5vY0w)LdN*%JaA&1$ZyA-6C`0?t~d-%CWx;F}MYjmwM7^*lOa z91FTmC!!QvM|S)Qml{oGj4~A+7Wh8(fx+AE<3i=CKjf!3EL+eanx{7r1d$W)c$Cq{ zyXq7_xS^}UxK21F_MC>aqYJAfHJhZFSaG0p>8zJr&h)@kw{^$hXnO5a4*p}laSO0f zAm(lrY+g9r z;WAp<3Q!$4UuYEXJ7nS$Z&0WgK|~Eg8Fapqim%yTwp^DLUK|u8DVufcjv6{xADQ{J ze$?ZkA9vJ*S~K$@w8B_9Q_#Eq3*IJBcA-Y6vG`&}mt6Ex+@}vDH>w3=aUTv(_}Rl` zr_MrLD803}LNtdY0i0q4#rayzB!=pn7x<71CE0YSHo%rMMh~hVTxn}flMQzMJ>ucP zS)8+HPT5OsM|U1@{*%-DKXZ`*mBo#JT;}%MOJH;)>ujA4O$OJ0J|*l6r{yX;zM5=G zXXpMyJ(E^%Z&)UFO}(Tfbf*DnMwPhC$N55J^$S~lJk#5e z047hvZ0Dy|g!puSL^bw8bWcX5p{rvu-Oj zn^JOsXk+Dw8eOe?YSDqYQT9&9@Q&N$orda7syc1LVWi`3J}bShELui8$%+zR*$v4; zzmfsxypmuqx~fxXu+wMco6-o{NMJ$-M%{HH&LXMq0B^o)lqASuN<&j$rh{%Tu4WQ{zXbGFy5(3L!Y-UIH~H%o3RDn;Mv zx0E(_q^Q)6IIw%4gqIgyI}=gw@lKnc?UKv=5!0Y1|zvY9Tet-!2-?_XxLBWH+Xe!)?h1 zj;oT^IEhR7L%A_`u_IkD8w95rWCz9xzCjg9BKDQMT2Hrl(|=F#9yL{-?!-bG{e^k- zh}POSOU(13dx~7yF@xgQ(L|Ev6pC|QGRSCEy%()fAJXm?yZ35He0dIeS2#A&NB7Bi zxe2PDN*hGTF<}R4!G(2pkRxu*bY$F&---KrhquKLR2b|8N5pd-q$;O-v2 z{DE7rYju26FvFUn_RG0)oB%aA_&X!^k4T*AjyA7H49yU}T3l)SV^=B*{~mB6X`k$f zOU*#k!vB*X#v*AO)gI<>&vSjm0P9vxcy=Q9zAJjM)eOd7(_@M!<`=5F$$P?74Ethf zRAuYB$+jKEAo8gGu;CoAtyb7G)e;5K+uQ=BLXYa-yR|E&@azbFSaxYD32C^)C5zvT zT}RUHe?(Yi5(sVVWb-C_Sw`uiC9uQxmLP2r%<=iX)*}$+T99k3)Y#c&ciO{&bEy_X}_$$V$apjz>b z9yAOHO4(opsXw5VPS7lWb%5*IKSm{A|6B5bG?MfN1;eSn+R zEez>g=F(uw(AS%*&!~x@nNMtq3zn)TkyQYb>5z5uzS*yFxg1p|6AfXG)qF8BNpd}2oevyQGQZhJcFat312iUKtz!qblZ%I zXi07KB>`&J6J$gMBC49zdV`4)yrAow&#PMrr0r*-Aq1*v{8{?(vXCf+7>#uZHC@+4 zJKQh37IfI&pKCTLnAHZ{0^g*wWdp=Z7hoJu-flzIpaD;H!!aoYEpdiT=YMdYu5CL1 z$alpJC;g0xWDGUy+!P;MsdmcyHs>C@67QcXS(FJKqIv&JRZr0|`cI`19RyFO38Mx1 zBb~N#V0PZWVQLu0B^yo&d^4L|k9-o{+5pkp)TSy=N6dddN2EwH_EJm_P8oZ6q1LEo zC|ppF(uAwgMX3_MwerYCwz-^ccS^{y{4JkIYI8pE7n6!5pK8W6$dj@)NA`_z||;I~KL; z3^9k6_z_UHTTyOB*tW`{H^6ccz%FarY;O(HvtUa?)%r!KYI~7<;&IowC<5`t4XMZ1 zn0HR4AUt9@tdCw-dcC95t}ETPBelN=?bUT25K7oXRmN*TOb{&?_biJ%F18WXFTn?= zhQVCfS4BUxZziA1rV;Bz;Rd1PauE;^1Y__W;g}f1%Iwec_df z!c?b}(vRmy>i%;NA`wDge_pxcVXFOBCiIXAaM1<&v`RSY&{dbyaf_!?%&ZxGodA2)+_yD1K#O9N#g;Q)mb_n$y;_!S=VsMbqg;Ijq18LZZ zVaQPma50-PUT$w(zh-Ql&cG`ilXzK#Hv8sSGCqhkK-26`e?ni_)nsgU0=g4kv+IO# zYtscD^)DIkP~@-nu&|N*F^v1TLyKe{Sf9dY@F^Y=OM2oeA#2IFL_3?d3pVn zg0kz6d|EGNb(|gVKVU6b0v%eMsWGCssHH_03(jA@@sre6+S3X8E^{~D3|j zJn}V2+R5W>WQQzGJSXr}nu3)++LQ?&BxhWL>TvKonns#GvQ20$!WaLFV=N-K_wt`z z@_#!?`7o5Fofh%wMv~_+LS1~KOQ$)I*^}{5-hxwa4{4zoXA&1A^enjgIajE6P-dpiqsuyMmlSJmj!%oRQG)N}8mFG)tv_be zDrW;7_IyxgbXe${T)1*7I{LHP(VjOa!SY&x=rL;ch93qJK70SLN>NTl&b@_vi9O06 zuToxv$VX(Ht_x<3tIf$iW%DK5^1z=V2*S#y$mm-(&)US0PuQwyRYtGlAa=)NBugc!ww5=o1aG7h4{*%qzc$ zQD{#rQLs5NCDs!M`b-e*)VxHt85 z)MJ7}fFx>%?K21Gsz*+;u})gJE5<{nmnz8Bhk_z|hWStU(k3GuiT6pfF3nVeiDLkR zIjPm-c6K{0mI~M&Vz}RTknR@55&E=BS#2B3{ecaJ#I_QEU%;C0FBHL5cp0UWwYQep zmL5)^&yG$NcWWd}KZwdTHXu7QwFRYyBcklT&${Uvj&6g{88!QN-@SbB(5`A!Va8@{PyNYc^SQ?kkeQt;uhrY>H$eMlZQi%UxqFP0- zdbUkkWUKN&L^u+-A*BMz$Wi6r?{W+0N9!EbaS6a#^2tgbUvn;a0UT1rU;Wk}ZAtOK zO0MXrkHU){8?)wD)3--6F*x13g(j~Bvs&ePBGiS20H)Q(Q-5$i)cBhuSYH7Ob3R8qdid>MC%NhOe=ywX zPZ)bdsZn|AyEyQp`B0Qh{l`&T#?<>bArmJ9rHjGVqsY}m+!+2#PSqrr*-N@$zS(3P z!x_yHIeIuKD5!7C=JZqThiX%;2BzCjhRi*DXK3zW>Wy`nL)1lplxMghNgoo{>1Yks zIuecUSKmsQFs9NXQ^LMi?AAj8`Q#JE{-67DTG-jg5&*0aib0}2 zc+@{$r#4__sujaxqXXK&>lLYk#|_!6^PVoXYb`!F z`(w$8D=tol3^cD}B;}6gSq(QOf&t49ap&m%ilWXw0-{KcmDNmZZZUmV^msEr;09Nt zcj56BKqOQ7yw<%*ad_ez$-a{r?A{F=J;g+hHu_Zkbregb7k_LM2C;hew-aT%g>FeZ zrro1Y^&|9E?}Q^CW)f*qa#W)pM0(cEA(*89p^DqSwU{(%MCc*^8+Xe8o`CuzH8V>i zC^v(0qw+q;9CW@W&h+;+qf*|3EiS`)2}vxmRK215!2wea*5(L zc9k(Mqkz!yReju3$rWUGA$vfBDIdDsdEaaO=9mOB5kIEsSW40&kFmfP#~F$QdLkaF z*yA%hy-I@STR#1bW2l7iKDl^YFJ0S_Y@QooS%sJG&*sM)%pR zss{>r3S#waX;sX_J+v1C8OY8vIt7T7BI_qYiBl#(pEJyfiopUy`XDvaK04W`z`2L- z>n`=1FR;^b*Lp_`N3@T>5c4~y zgNNoR>{RE|j8bZW@qjG1?->n~;Ty{9Cq!{aN4B?zYdrRfcw>DLWW~mdNJHLfpiGv`vOB17hi z0kJoW-H}PzeonGttGmJeI>dqfE`$8hKunVLzFUmNJOkrPbm%ssV=)omzSA-L)O`U* znR)!KdehAANEQ9SoDz>UWNMOcBeWVlh3eD~-&^3oFA-+2up+45gYk=<64$j3Z`uEw zpj!&?Py00=Ph-d^`KSx81Gf1--u_6vzU2ImR5?r>aOkE4^( zE07RmjqYCIg@TC3N$`2GCJ73RI~0F|0fpZ$F3svB3XKGqnCh3k`n6E#!JUG`C~m;lfb*!&(gH1hKUz_v*jXHueY6(WTq?H1 z?p8OR#rkh2=EvwziGHA3LBU>K;HX6&YPmea2;z3punoN)@BxVpV~fk>uFV`}D7O*9 zUNA0iZ~N;eHS>MiITLlcQZO0yW?sfPrL-8gCC|hQWRNJmqxDo5Uot4Fvv{~J!LFgd z8NSb?>(-3^ z*rW~oPm}`;ItsX729&H8-(Kk{_b%p`KdDhljXXPuDcopjOc-WcpsEZf_)) zN>X3twT?ZEy#@xi7s4C&6qrs{eCYqhu4Ktksrx(Fk&NB1rMWg39!aXztdm{eBozNMr5Cy>_65KqAu#xs+&GWOD8<#iVLW*#<7M(y6 zJ`+cy3?xsQ#HS{Jz)~^}7`rm&f*|-5O9QL*2Lqfpl_Gjj2L?C}QkOu7ztmZ|hqyy< zQNK&z&k`&zQl!lx=T?6OSj< zm5*<79yXIqXwpFaMKMjj-O#kOv=6{l1#m|gg6ADD$mkrC+eJTUb`gnL5TPVM56}lk zvB^hQI=KdcqJ$+I;<>$ZZqZ=*4D}?qKDlkVO1|^P%-sg01z2kO<$chw z$9hODH`h>e%CdU+M5?pu$^u<|bY`Y;Xp>(4NKQ9$o?I%}&a8&>`^3mg$bqVqJOm}=@6?ZutNw*$KJ5F zjmNOxD}XBP=7;=*Lhu`?&sWlr)`a|<9MUf+&Fx6+CX54$8^^VGS2OO^_f-G&ve}XV z)P;sJaIfDVB7DTo+52$hw3qG%Rw)dt(su*2#v+>Q`TnJ&ARb_H8cJn8Xi8z z|55G(Qm0Qn>YwISt5G-vjVr3ZTdi;cb$srdJz9SsiN`apf${My*tnf5KCSB+K21?J zVGz$JXnO{>OS@_~c6!`drlgaxwbKYI{z>r0$bYWvJ&K2?-L1L;1is6jt?9oa%_HiJ%wlPsU zo`9i@A?_DdR`S6DkZ0;UZZ=aGB3@+O{-}0N9>#%UzEfH?E@k*tarNz?Z;b^4*< z5jl=oQFzU$J!1!9iKJeli1ha;x~B$qLY4;558motixIqj6v4dfxx^O4s#{*w9< z{@4wwh*p#nJ$L|+PNQOH05D6ij@Vpj*FQXcwCMLC@qKc`l|`V7xh!XN(a~pC*C`(l*2jS7K>ftA z{Y1S)^9M#g@Yk2;?)Ej{`IpJ8Wbt}4#k4i^M^D@Ny2sn^jY8#>dHb(Ab02P#Qnl@E zShU}p`fZ~a{xC7Gk==DmT=9qxl+7-=6^69TU3VQ`o8TbLnfOw?dXt3wc>O*Q*qI_W zHk&5eu-IDCJ>JxsQ>bY93nwDP!?9w`5kdpWp=cvcJDY9aM{8BeUkKx(>fL`dg)2%K z32yPI7X^~`%lbD%$O;`RoEfv;5H9v9GF1(YF{k^l*#jBL>n)$$5c54nvsa2-@N}+a zJ@%g>LJGTK(^M5#QA(!pQcPIVG?4D{wS7jXV;@s2`W}?=U*$<$EDod^={#gX&U#Wg z9RlkXo_0|rDWI#vni6}T6pXk4A)%B0YQV{NB|;Y;T@PP9VySvLfKVUQ_|~!^i*q;E-;Ww3Ci5 z&}x`-ZC5w<+9%xfun2#E63(YUm6jRlrkMwuQb z3@bOSrINl6v^Q+<(glgli=)=MRtAUho zh}99Gr(8A5M1KWF-{IK9PB(YCSeLVtQRBkZD?H~*AxNKlU9yrrRQ%KsxZO6G70eg$ z{$h+UzRdP8iJb&_$%77zQft#D`K2H6jzkp%f>T`R9$0-nfoBx{y!*r zT+*a2HgKtq*3`gj#mLUfB-QcN)la>=A)z;HYGs`=UT;rPv4nhd9GTc&0o7;TF~GCh z36Gq;B1&X5CTct8L-;o><?1uIgPLnYzub=yhg3~Ge}4=3~4+r_Y{ zNR+18w)Odv_%#WiTtU&7QpK0f-oO)f(z+x<{Q2iQk2k_d=(4e`hT9 z9*5rA+p=X_i6%xOCpd<-rT6D6(z|jUk0|!7ER~->>`3H2Jkjdt#W@(OfavLqEC%9Ht;p8Y=Ocs+LF>ni zjE+2hemNaKP^X!rZ|@9c`txv<3P24m?|q9}jyt?h>e~CbW6x)RB0I5eLWfJn0m}LD zzN`vCc7>MWotT=#U>h>?7i^eVk`E9hTUJn8$tPAdu!E2ge}Dd;N7(}E7Kll8#q#@W zqL|#s^U^j19MnGx;u|b?AMO04(y4tf`8c>0K8D2#+Uee+kpyndVJPQzTPlx6f3CH@ zG}+EzQ4F52;*5q05BrfF9mRBh@ypr9aJ2~kRjFAz_4v7FY*!{e6&$7xtT~C{wz9gG z454e%v$_xzQzh%s^9W1H)SbXh$_rs7B|cIq%1r%q|rZW`WD8 zEW^wW(`?G7;bck_ft41ceGSN+^#Pq{19@xqXe0` z+BRQ~-Y=5`YV%|=%Tow}$H0#?e1nj%BAj>bnP<|-S~CjubxYV(khwTF?z;IoMs zCFfcG5aJz^7lW;F4|IFMD6K*8ylKLW8R_1`Md);CP_7Ta#qb;BV1!dU zsqv(E*T_c3W_9E|Z^qG`+98v2{bd(%e*PX(;EWH2o;e-}-iP{ihz2m{{qC>b`)~Minz{;01Kxj^Im|W@H<3!NVk#Y4Q7-1|A0k z`$x&FW{feJIJ&|!P3VeZWIkSAzZt!>2Jz(f_@NJ)oRU&pKB$?JhD^{UC$fiV283vc z(k2_(-jcI300qmVVa1!s%XveQ3l)^?2La-;C5zbEPqoe45Jd~yOyD}#sd*+fa3Y*; zX=>j4j!(6rv`mRzbM1mCC5gMtqukasy|_+AHQ66=nv#u$Oa7r+-m>~95YFh8g z*Boa%TNTfcYv(!pqf%-~#ClLlh37VBlzLn_73UIq%qg|tlA6@D1 zI+uSYN1NJOpXsCqAX*+k{-JD66_mIeERwH|>QB?C-tmW9=6{a~@b|h<9nL4JCY%eR zcx}gb%ORAF^PfilE{qRQ*ODZR8lUUf?4+`+pC6xi9krT<(&Yz#fQ+QB$S&1~6z7@^ z{VbJ*tg5fRWv?qbIRQ+1ratY8QlhON&|($G?|7>=5oOnLr%2dY zONCAmNBtpXe(YgwmpIVCw7B@G&(SZ2K2UKwM0xlktfSwYe~lKln812PV3;0 z!`(aK%786aN5xXxNqpzI``J|L7NFpK`XFh_*Dfy-jDG;SKiS@=ESn+mTg}t(6;kqK z4bS~y%-Fv@i5TYPBM)m*FGry0dOocDbNx(^tIE7qKM%+C_Q}{7TESh*_HsH@H2ztK zM!;S3{(=MePDpCiNhU63vanwIYCe0EB`}h>tG_C#vVd{hZ2K5(IX8lwl%?LJv};aN88bwcIr2d4jh+)FYV)Rc#5*02VVx{VcciE z9!Rn6N|afvozlnAO(VW_a$DtY__HYa&lAH}^6K5oeTJ2GTS{4%nEaU1WSX|OL+AbE zC4l|G8P6yu+XT6Cvw?t4Q}5XWx6SDH6Crz4jvwyK;C>9Ar|$!(o`A;l3&_J55>Tpp zZxHXuM~?@AHLq#LkqF(+yqf@HI|Q^%wb@?F-lx^u zW_yG*p>A))sH=l}M)TPOwsua03cbviTCdOo*7{HX;O@q^K=NQY9p?vJ;| zAfi#cOEE(fLn2L!wPb$>sqZ8auS9k!&p~_ za`B5;xD=}MTb#hD5rM$DFgcH0`5T~;P7gpYVqi6jb7-1mJJJd@$?ld`Y>oHFD}4s< zWO#8z@2gu>dT?Lf&oe~m2X_x*(DSR%NWYE!&P8@eVNLxaBj^r{$gH4h*6ur)O~yZc zf3;I09RJuBGhB3m?gzu|@f4yA{xblRCORO^btYV%R&%c&jwc3a~(6P)Q`>!0i6<(fJJpWL-7Ah6k!Dt z4#sz({%1IIN}oh%t|v#YrWnbwK6C$<=FK7af-@Q&Q)ul4$ z#=|7LlIZ$BE}%#t>_%%T523iPa^91>CVakgWzRuJk+Lb_1U*j^VvP%pER>UEmjW*n zd;RKhS<3pE;v9$NeBJ*b8!(9PT#gW&%xKG8B#xdBMmo`r_A5%Dg)L-;#pluy`F<|< zip#y7>WjnNuhna_^HoyxYlYWut&8#XY42oT_~|E4)qQ zbzVx7H?PJknW~Mk@=!bV@`+fF;(>;rX5cFnWC6lloew~YhPT;&#lJauhTgUD<^;Sny zuPkAKPq5Bsx9l}nwyc@N`Hr;i(+#Vc+N4zRU< zuU7=1j6bk{eaf|ONSmI7Lg(Wejku_q-?3sczdGL1P)Ym=0?iTuja$! z<{Z9q#r2H2u6_9xSLx4WYXHdM5>_GNu}%BxlM+wkiAATr;MLuS!@zPW>nQH_NLbRY zt9f|#E6DnM_B5ut_3=&CGu}T4d|xMsm2*Y=L6O;^@S0ce5f?vUw}0!aN7QuA>@dr% zd%1s79(WF$DF;JS<^#rxtCV8jN20_2h~3+Zk)#<*{T0q^eCJI`1Jm>X=hX8X+G-=1o*$N@9 ztRqQLSpAirg&Pg-#a(Mew(kU5EC* zPKXX364k*n?>)7K0FzI#=AI6OO$$i;d&+9#&*3PLwgfn^M5>eR?yFLMpBp0=(OE?J)eX!z_khYAF$Ulqp; zXr<0XD-;jKTb@aO7E*##kQsj}p54+@Bg3u!YIQB_Lnn3Ds-=zXdgIe}WXquy_acz> z=(`t}9dmrzk@*4K>HDoXz)-Fc7H`@E%*RrhS<1^M5Fsel%eg(Q*eG+I+ZELMaB9)k zW}UgW;j*~yrsnL7`S|!aeZ;y;V1qogAMm?>L=9lG>N<*Md9`?ST~idn##m@#YEEjl zB%#P?aD!z`k;}kZrOC3cq5q6mXRgK2JKJ6i6wI}9Lhq*}h4I{d#eKR=6PLy6wc|PG zvq3Yz!F7bEWF%ILKTUt{DqDK@Rc>>?>0D_W z@AgG|j&B=$r!?G8YF4VN*KY0KB;$R4=C%p-VFfmr7;PWzFgo-@@C1!qZya2trHF|Y zPaQ5d+rH-pz2lW121;A@276-~CJB(NF-6hgp;t$ZpjamZ={X5S&NI`>4qO_eli`Q= zqCWV=b$1()r!ZP$C*Z3U9`7_6?fe|*^3u+A{&E$Bt3$8nZaSpm^{L;lFD!fndbz}| zpJTR`V>;1`#cy$mUb=CfC`$d&9lL!3TXEGVO;Tl1JAvKBB%1w~k`E$+indk-PVuM< zH_L+GPUfX?OCt#fv&&xF35OKUFeZi)_hZOhS-h90O5V`Tn|_5Y#$zIQoM?C{sn$(m zn}32JQPzRwravhLCbl9AmiJ#u<;-LOH1u2t2 zAro-NU${O7WDD+3(sG!CWPA*lTzw!63=Evl_AE{FV=mgmW@cxP3)=b1oe-+F)Bx(g z@fs~++DDnhc`jxRBi2xn-5hsNGtQXG6wmS-uNK8=_e$FICT=)Xn#0DXxMur`8})$0 znSEX-67_3}qG&u*j+v=I-VZ=dAG9Fd+Ee&P5QK8*3v zlCY$EdwWCI$e##(Lk$TDSzi2LwIAgl7WS#i$4y}Vr=g)GHE;$QUg$QpP9HM^b~|^R zY2EW`q8{a8mbykWpP5P{pOg^NBHi9Fd%ldIiukka=6JcZ&_spw=fN;2=j^VOp~pJ$7ax_wo1HR^7WIE@YRw^Z!$qLU?xG0-QJaKc&}iAAHK84>zITGf4> z(VJpweqxH=+)uiMUmgG-R_Z(0Y_fExPwG<$P2Z~ZU-di8npa|U>x)o1t6w>i*yPO; zQpyZz=509QL!JF;YDlIRD>SkeIyx1P$*vB3cOta!sk(f3PAezAkd=6Sa(!-0;fCmq zB?quyL~)<6eF@CX!=U9!S*g&)A7h)DJsRAQ7zJqhxQFhUc`L;fKJt|yLgA%R#V10j zRLFG;;}XF7`-?%%b=Ppu2``AO7%E)PqQ^r2A9@S*Lx3pRRtZK4{%qrpng{NJBH)^+ zQskczk*)CeW~A%&;=H`Czx$C6q>@LC30=A?B%<tdm^&7)ULdX zes@V8Hxsq)RsNGC4C;**T-lNl|O;C!4mt^RY@Ye)LIB*6oTgTKo< z|KYica4rA-i@^qR{+JeHCqP)36kIv zJh(%!U_pX2z~B%(xCM825AN#qt!7>dP2sg-qLMpfBJefORd`I ztCNZP-0I-dz2Kt`^ve;+l{^{`4?C14EmsXJ-0jb0c8FO4M<=;Qe&u#kK??eE{*7+- znk{W{b@gG0O4!k|8-tJ;*>*hmsmIZJ1Z6aaLeg|ezd%S+5RrTV!k9W!w#ZeJ(xi&bu;JL5 z%V!U1*=!U3>`)zhedR9c(vsA%GOY-L=Z{eZX*s5Rgp09+zAbn4h0#Zwt`F5D@6A8(Whp#(z6VX9Q@75A^NslXzrkZj z1zLoM5wZI>`))eQu@i-!>1d}AhoID)4)2GNrG^ybG&>* zc#?M7c>#*@9;`LpsJjG5TwjndhBXMoyde5x=d>%M`E0DvgV6QV$!+!P((MRC)bkG>+*z|7KGc|IVXmL@ zg6Y6aWa`g3!`Av6A`=Rd_5098%OZhxg_T zYvuNDh+@ovMWKZ!iG|if@Z+DeKQQ`Te-hR75TX1^_Q|VEW{Y7+MqM306o205S9Lh{ z;iMlkMlQNNXhPa@6CQ4cJnjC2tzET9`+!}#`3hrc3mv-4_>^z+6BIF8`dk_Q16LcG z+Xsf2MO;(?ix5AJ;5sm3_7b*Yo??eUPA{%{I(o?Oy5RC1zf=zO`#g#h-$GdPz)gLB;e?uE}o=^DcI ze_HN?p!$OkjMG;fE=<3sk}uz^_5X9Mp9;U{nI6qE)1}* zlQnXAAFfGnce;rROak#jog0rAzKzGfbI!MCJK^`}AF5EcFxHSWRjvp;zD^)j(f&En z-S5=e$!Rws_RR3yX#MK#8g*`uhKiz%%KH%T7RhEYUkWFg%^E?}{OkoKmgbX7n$Z9W z8UE9*X=kQXBtGdeC?0Y?Dircz?^mlZhRcd!A(LSM?qPuq=flm{V3GO~zL!{KQV$>E z2Gy%Lm>_(#VUl1fTA{_=PH@>JnLU|#mh}%^H2mIZ=oerTr z;i`?kM#K@h4|e7|($Ri<74B%7s{63P9L?as%7q<2bB&#$g(fO0Dxh5`QQ;B7oS#sJ z_?W@@;Vm*ormM9pncowy`r4tom|(@OzlO`}vfwzFxjheXMmF}_&de13y02IR1SnY( zSHcBbgox%Ues8rN?V2r5!SP`#<=)#9j}nHFpDN-#ta5_`ZoGm?dBy|GbQ|E zJ=@*~ooo>^E8T5GB!|?9OJ;m&CI?$*Duf^8cGFMEY6Zay)uKs%Ga|#6RbxBOjMHg2 z0$Z#G;qID>@rLoGNArD;#BVmMk&n=?3$wr|-8GD1Fsa3r(oLhDA1WDjq8>OV>vNcD zlg`Y6_dRgsTh6w$mDThC&21J?r-XD~iAT6&uczzk+E*vs#!s^4LKnHOeZ#zB5#3P?e0KdbmZR&u4Nm{DN(Gp#ETFDE zOkcm7sXJ`&fl9jUCpPUSFU@!lvX{K!ko-nDN@0*Y<5iwdK={bol@c~|(wp0x2&MDH zba!iRCHfD#E7JCbCIwx_yCA*BJXIcIB*pw_vrYw&d;h4xSi8^~! zik<(IB7Ly=#m~1dO=0h-Kxr=;iyrV%lQ*ZC>?fG*i*MhlyP7H1Q-M5ZEMf&f)ofK1 zEnU&^&XNkmS9uofy?j(?YsB`0brM_KupHbsYCbc9kX(+{QCiq=XxK&Z=~~Y$WNE1c z_Iay&pqjAr&RCZ!J4ogJwtZ>0w-``s!4eV_fP|L`ceY_)&Y%u0U3!$n4Z7GMMVq>p`i^kvIhhsP^D;{JJ zLU+-qTGDT>OObEK{14!j(j7!+2M^xayEfOm!Q|$v;3v48@8?>*|6THS-+=)N85vpi z>dLeTd&UTcC>V%?j7Y0FeuCTg|(x(T42dS}fFP1`5{1 zvH{0RmZs^s=#P&{Vr;a|qbw!&xx2eZp=Ev@)K3?i;sVxlm({&?_8~_YSl$64R+#q8 zxk6(D9&t1a&haGz(Z8;;Blr)l3gw^@p-E*j1>TuWUo+Vqj(^@=+pLhLE+1r3$mg4AGw;0|LfDOf3d~XQ< z#i9_woL8M!0<%T!q4O2!k-t5&oSrQ3@7}0FrN+N3&1rRSRT7lrTd$c-?1r`olsgmq zeNogD5=27@PR;apn23KhSAF7Udm+N{)~zo9sF2Q(h{V!X`<(g~akH6+9(lhCoizqK ztA3b2gzDm)?Z7av6&%wS7KCpQ-O*JUQQ&VmrXyOy?F;8Ej8y3<<)KNZH|?Q>=d7Y7 zx=1)p?1{UmZG~cBwSc+uW~NL-r7*bVFv{9xPz6yoa6QVzJXC8fw_hoW)I&anB`s`5w=_C+8P1BH0}WK@6l@o?0CbO>%nj~L6%C?UR_gDIH`JPe_M!h5OI@#I?)BSguZn z0K)LL)7Lk#Z}UWnoIFK5ZkYUheMf;2L-+(pVKyXQX)T&)#67ykx7CGmMc7xx#7n^g zy=AIul$Wb1dDj+P-00X!!I;tbUt)OkEjU+?K;Srwes6-V&=y3holU4*^vBYSkG-t@A?C4*UFb?vFtbg+u`!?%(-C4k{^Ch}Jn; zhai$im*416lkVvmH*?8qZB=|BxnfoWY#DBz33{2Sa2KH{d8a?k_}tUW)`M~BDDGiG zj$|0E270nAAIT{44N$m^iCVs9v^`3pqqE^ZrS+OMHypH8I7FgYsj0Um*AhvkcGghI zji4BfRFV%Qa;N8knWU{bsxE{ZJ*Hu;uRO^JGYxIx;Q4a z$J6sIKmpc3!3qPW+!gFu5-2^`XfgJ{Dqmdxwfrx#@9+2Am=^($@{~xK2DJLy`&#p< zh2JVCi2swx!hq&Q3Y2@eFD7#3LaSB5@nv|KuRsuiR@rMVpal$EYiv7iwiTHuQpgG{ zc$akU%^vE`t_Zh>a4B>_^3i^wGIm#ajCcC}D%k$(h3(y4ZB5|#w;IEu?{|bxhh|Me zqWkwf+H)J70`;)TI)$R95^XaYy1m^Pom`vq4l%BK^`qzQ%CF?BHV0zO^iD$qku~U1l{Ww*qZ@mbZPudh^9; z;bgzUg6kd{$|nfpD>`%-QIS+08np9Q0Nn}dYjF-@br7e}&CH$%m&<@yJc(pXW+VBq z)>RdHA&>Y`=dCRw9~W^7#aVLJYBlstzS?z&eJI)Ymzb|r8p4UL)aK)uzxUc63?+`1 zPAw$}>`k_kZvZ1=r1kq%d5cafzF@zFvM-U66wB!f!4iAPaUrGEShhrXN~e}>^lDw8 zr84>W%!Z^;oWMfd(oJwHSRF+$wB;CG7+*Et*cr%ODU`Z8N#T49_J0v_kk`tofo2_! z!{%LkbREijd(Er+5bO88wU(NYV_@`s`|;g zEZ1n5Yq9&mfxeaR_)&-b3B~dBnzWJn%K#)oAvT)&vEwkiNQNVWpTGv)A+QK zDg|d9%8+XYMAXz24jQG@zFGTqw}ujxjBX^gqPCEH?5(9N7J-a-H3(G--4^^7mmO=V z%Fh#8E?z;nN4hok4JpwCpmE{hmSsQtC4<7QVwtQDg;Xt;1Px|{RUm&0?ql^PPsp|2 zz^E~+K_70Tx#6^qT|U0awO>Qz`O@3|yF=Idjh2C_CB#=TWA*Sw;X@1-AM{57-NyE? z$E3H6b{cKNV1=bisUwj^8k$HOBSi8!p&K~prI6eFdglmv-2B(fMeoLL#o6T0+Q=%K>t8EyeuvL_ z);+-~TIOzAGCJI9W+5M1IR)(L6v6l8x7DLEq1{+;?5fhcZ{rpG;F%lH#iXPLTF^|M z&BYTD-BTWd*v9b=_g{9jfTvJgIAQBJmg}c5;Jm@gj5b$J zV{d6bu<7f!>EHkw&jEAC!fVZE1OVn`d#^-m1l?@*nOYhi3BiHgtyL_8T)MGUN6)yi z_AF^2I1r+3gT34j*8wwhZnGRKu(B(r@h#bXsP(M;dcI4Ku7QeJRwj}waTpO#Dy4_w z4d;T6sE3UZ`92^rc1+oWeC(+EH}crH$eAB~WgyoLd~TOUT!1hlHhnI$KAn!H{%htN zis79RRaS$^`0CSvLpimg&Co2VxuFqsM#%w(f)zWyPWhr&m>45AYqN{h>#?V-TQ;b> z9Frsf%?%Txd{nj}wf_zuZJD@bsBJD;@>u}!OrA!BK}D@WZr|CZ3HsC(9FfxRmp1Os zIqqJ3!HJ@*dblWaLk^k2jPzdH~lC!%1AqNETMuJ_bBSy|hitK#0L`2mwf9 zqmiiG_21%P@?@Qr6oNKFTBVXq`KLz-N-%!DxJ9$bGlp$A!v@_NK0fejX{>(zml6b}hY0FsrE(r*?+srwhCOAcJm=N>TKDar{J}B?G#!?1pM?;VADphEZP$-Y&%38W za(~Ulo|R>A3l(Tr$xMt8N^5=`t#gSg-1B(^p(8IG2&(1#jl?a8+wNz54*Wh!%^%1< z!&EKILu6tXA3j~%eDx)xH%q}DdXYwGZ0RYQgfsXfI&nK*@Rda>O!VVd2$JML- zc`j|YH*ei(Jk5iLhMz8Hp2{67u0K^{Kr5?I9qt{7*!Ys}A%@3fru)s2HlgOj)veJG z6WU5kS*+UVS~YSt5;Pr}O{W#$;D*R)VVIT6S8!F((uMq7Letj1LNIk!y3$>g79-z=1A#%ot08`r#2 zK6crau9aCm9kNa&7Y^Nw?nf1CbYD~kG|sG%ScH%FWI=#~%eWwN6(iuT&K}}@@J*^S z5`Xy$DJwA0Qnlh6btvv+`r^zro0()oxDHyX$6IA+l+8N~W=U$>hceD2dqA*8**PD# zCo};5h5_#dl-G|I&)Dn?7|Z88;w5|>=F@!W%&8{90SE1}Qm+PD^G>J@#g=X?M?v0y z{so4nrtY<$6k>ZeJWDBPoZXon6+zo5irDHl`^L>1U4_5V+-a)`H8m+LQ178bos#Q-Oqe7`h*rG}TGMX{V!|#`RVcM{3`5cmI6at#y3Q zDkLz@&jx*R2}_-MCoDKEYC3#@VnZQ682f>viG+aDB12ehmFnZjC0o2YAKzYJ$58~+ zP29MUj10;^8aE@~z{(eHc-KaI5+2Lj_ZmDk@?5K@VJGVZGO^GQo^OVTwM7-fob5}Y zvx`Uh3diWHgS=*aG;^H#lC$A~>#y$nGci{E&=E!O;6%rpOdU}}I`$MUbK02?JH5ZC z=naJBH?Om4U^8^CEj7_|=0N-^Lw%!Z8868mu5S_)P)Qn}DyeWEZ9P#YoJY(~oNm_~ zY0R(%l-;(sr_cE0?qm6S`WX}Q+L&S*?Ts1jxOFe_shewfboo=WNRPYn=*O>HUC4+} zV&&VSrHAzpjQrb-VXuPqMq`&WvwclHqLmXrn2c8AJTyG8K$bF~Lf>&hmK%lpZzwFU zc&>(jc1akY_pC$-?z#bP78tCwJz1i54iIxA+r&J^6L(M9c1=e)3UJ4#18Pe^AG^Aq z2uDF`25i+(5v0SCZ=`EnFaR4}8YrhspCoYP_VB4>4u}6ED_JRvQ9O}2Me5AFIF7!b z%iU;)gG-=GR`b#vb?AF}8u*;N%?I~v1@E8Y&k7zoFIzmm3r^Zmm{vuNOa1QlzXWZ6 zzgLoet&@iwPN_K5xXIdwX5;^fjoXQ#f$~24?fQ8ngf?R*nIyG^`AZiU!I&hx?5OfK zk%6T19|1(v`J>0Bw+bcAk($O9=?RjY!(nei_N^scIin25xm-2EClSE3g(>LrzLp1l z^aqdgx8;U>Az;Hxq)COh7~Zp2zkEkayJB~W3bjWcX9ec-!I(Zg1#a?u)YXlR^NCJa z*^BpviKFW|)MHe1bdo?+w+tlw8prCAmq?$McR`fc?)XB~Bl)prqRjWaY1g0Mlsxcy zRfd>EXf*9(ap@^4*f-@``&>&_tkE=u4?fbx-7e>AdREpcqp(r~|I5W0{$&Hx3WMjnS18IDbOQj2QH<#9u$>EHv43 zmZ&f?!l9?U8tcN_J-0R7UC1wE?$hLHl+QOHjJgYz+xGpf^^~VlWBr&Xj@H*glY*r} zcC~z+%qk4GF;2}Z?h=ZIr3b$?pu@e;jC+xZw4vhK=qlz!Q-l!Cz}}f9?~%S=7KtX$ zY&7t+x-%3#xkXbKxny_!h?xb?5`A}MA?bE^F=P?V!HWz7QKA9z$kSrxgqyEVcKl(u zp4xczBoT%LX(ttL+?w6hpzYF7#qm6(ek;-SAvJS{<%~8nt`_wFhI4iY=d3%LEa7%Z*=^mpN?~Zi%)GZ$O*S68$D(l8Na=-1k&;hLjvj-iNg43gLVRR7+(qj zvHVm-?YBiTp7}Ih-MB{F(=N~U+@iQ3Htfsd++#k!0iF`?DjO89ld}d)Wku-OHLL%Joi1> z7=(o2GYZ>mP5PQCIY>vOooD+++a`*%x8)Tx_qH-z5nbmGOL4mw`k4f1XlS5^TjYpa zUDWvt9>hX@w|*X9`}c{Xd#0dJa@|!aP)G|E1%7H)PGCn=k?sA)Qs=ESsJS6MiZmP) z9a$enyuy_zmlaqB%QE&hOZnLwCPyCK4(bZZBML>IzH7Jy=1+qUbpU05P+ zRGRORe`G|q+GUEU+I0sFm)jcp!GR_Ar*6ubr`?e;(gb$Fv3BI{cFjm%ZAt@XzMVPH zr!ja}fua5M1*@3vd&adr5%I!VuH9RwUYqL^Ou>HnP=tmjjFgl(@wC;M+PeIWt*sS{ z1uW>#?o=8dr~w^bMS&O?5u5R|qcx5QacR0^4pV4qeMH<40pmsAitE!|Df@)Wqv`1} zQqPnai68ei#9}SiZ)s_w%cbHwiU4Jv!SICIj#B2{*+gPA^5$L8Qg|*1amh!4`sg#J zUlr4mY5CsH+ZE?;62-gQAIP>E1ua547L4XQomh2e$wrhZ-eME?Aex*8Wb1ZWHK2c$ z{i)^hlo_B}6G5}YQ5h+RMp9tVRM)dG#(womhEx=~Zs=QXQBz(Jm$|~)iLkAx493B= zd${FnshIpyO4?e*^o}abw4(XLYa+R(kKy7|<`yL?!la_1nW01;poKJ-I3yx2v7eUcALU1Nu79iRGV!_T}#A#rzlzD07MPN;r4HCSvgc@Eem{T0VjS; z<$X9uXU2VVKDirvKFJ-r!xzqF`#5h5YH?FSi_cr+6)ddS@+%lO^60Riw7oix^!>dr zIpA#&UR)D%#X#GV{>jy+w}Ud_Q&$r9pu|*^`JoOpREW`lDSHJyg0Em9RWw!|{-q6% zjT?7>Noic-=e+TE;zp*DVOTdtH0YCoQ5FQsNz__xcuqI4vW)dPG?Ed$L{NMlPxow| z+0TlJj0pIG^z1$jZrW|V!#1Hl9-Y4s|KFt(FQ6F&+6nW=ZQbRHL5G8lA#ycAbbqYa z(~n;)KziX?=K|2eoTdPT}z=LpASSqBN_&bfZDHro0 z?{ZzP_aj#90fN&4O~pN#n0;1{eQz(Mkd0zX=T9yRLQ`3i!Vf zB@Rnz%^;>jagwNgrJ#vG(>rK4akK|=_qVY<-$sR~mL#DdCU*UVonV}$=YY1`9nZa5 zT;eZ#v(IRUX7gysOxD6*!)^9nx^38duim!~-(`ieu~|3e!%2Sz1R0z=%q2bS#YhxC z=sei$gn^H*{u4f?c}#cZA*pUkHa*^X^uEES;5nDK?1MbArS&b#Fx@E$oX#b@)VAP5 zxZf0XnHsR%z2e|`{abx*AnQQ#6tN{a>L;=sEb;o`nYC6xa;KM{Xoh4W^LUOp`fQy; znbTtkLBUn^YJEI(*~oc)?vgl~ z6)yi&JBT_BbWJhlswkYdas}n3#7^#uK*0OoAz(#;(<5>jwoadq-;pQaVn`x2&0{gum*zj}7`s2IomeR)jJex0tL(+qk!uXj9Hc!#)Kq}k5S&#+< zP1M%*oo1?D4M*T-P22WpnJ)QCyj-B97m5t`R45*I6xQ!#`U@7I>#xAOVd&4AMxpjj zn<~!wJu_+r0~pODSz2ty)zitc!FlL zwYi3AZiA1%WX5vgs$D91LJ7IUBq`9};;=@LkdPFp-<(z(_fOewrPgc%L(^=RLwFU+ zAy=0(__R76Ie+`;(4pU7`nf%MdpMEy8?WBb=EX*cQyA?Mc$0|-N4R@Y9r(+fYB zD#Yeb4M@aXT&id}o2s&q_QC8lJ$v?x_<0bItGBOb}j2h4Wp);K-rpywn|ZlhAy`ESM!_Ik13ZI}`Ct z-Fr+S4(rVU3O{n%Je&h`balzSH1hMgw@T>8?Zu(T41Y%nL=a84Y2j+A-s^K!S7A4 z|K{;l*h6cqxmX6C3pQxr^`xtJ7TA?8$o=jT?`t$Uf<`z$=L$5>w`;N0Kr&>$(+@R9 zBOq&qt)LWqa&NbRQ5GkXHg0{r#z^sbxtueSMe9x1JQ@pztp|z|Jenz{tqomfGyI|M zz{XLg#x=Hwp1a>>2|`;UK9O%kUgqMA_K5k2*GU!Gp{Ssb zvmMDyZVJDCXL%k_eASi{r%eQSKg<&@Q=)i-4VE#fm`Lr2R(9sGF4c9nzKP8C-Ea`& z@!FM>+ysgNz{?L3zsOhEvJ|2PEYwfbvuz5I26LV<7?w?^8u7ns1fN0MF1(|24a^Ut)jOL2F2E!I8^_s9#|k zpi$@kWJY-~b5`eAkO+2jw$GQYyBESHncr4QIV2%LHgs5x@@fSr&Q#UwG3nP)&v5=o z+dPaw?5Ra3N5mn?Zv@JH)-Xh60z4`B)Qt`R!MsonD!rkc+au+0acCz zd=%o@9tWX8dV9{*2`RY#iNc7+ofs}>NuMla#I9T`|X&SIV{k+x!n(XQ=7!sPB3*>g}-YRFMR5p z4H@cEKiu3Qy=9j3XA-CD6$muU0r3Cm^iA9M&Ja2Go(Szu;+4qY*HDa1z1F|zs-hcp zNhcS5I41qGMQ=ErGi>pfq!TNBtL~G_QVc8ThjcfV{OND#w9S+n=ut~<-eu+4RY${~ zv5Dcof%f)HPayO8lNjm>;`cvPp$XSW+=?7R_o8A;e__S(uUKFOJwoHxdfJSWWIFTp z6iCr}QYr=_uJ@O&RRQL(ehoYk$LaFe_Eg+wP4fXk6vGW9B{hQ0*?a)xGXrKYuU^jZ zY%c)H;I+HMNP(Y(eD2>Vq~D2@NqeMIxRcF0biR}jMSC*mJ{$XzbfHpA_GzFnlyvKD zFcsTJ*}0XZCvq7TK8N0QLqL4ptH_pLYdxo|xzTwGB;bv5P49k}hFV;a$q!BH z1EQ51C^Ll=$J@R2PV=wq4pK6z8m-oBPR^_OCa{5sdTB0)IJYiCGPjN$T>7l+mvk}e z8v;j%xiQ4i9?*2}qEh!%?UVTNl%&x;q?vanrWP}j*p7NUUK{<;hbu3-2U0Y-X$x8? zfMBMvO`L_x)sjzR?t$XQQ9sJ?D?#7+F*Y;{s=-Xrca(&nPmBV#zmS4%J6HBpViL76 z5X&}%;fCp)6dM$#n#03mTkEGwB0H~qzSvlw9m@)t)0x{u3t3cN(@X5fkvp>>u2$}r zzh@|7K-@&2Q8Z?Y6xeO!|6#`^u8}ZUoDql@U#Q*TVqA_gMI8GE`dMRy>M&)PmRDm@ zmT54MjNT*y2%^>CPmY+pg6L2=}+hCZKH^KdzPX}PD@KxW?`0xj zK5GSFIcGPI9!s(Zvu6cYYtcq)NT#1{HNmsLj_Q;GEM{ZLI@9!f=K4dkR%?#z ze3+sQ;H`?PMi@6l~X!RN=vfh^%?atNG!P7Ikl`r7`Te zg>zIZ)!zxrB!WTM-AwHhW}_=C1$zQ&Y{FA=ozZ6ta5^x}9SmrbL`O9omZUzxALbKzWW->c zJ^Yxb7L@pXgVhyuPV^zd+uJ)h%k&)n+2fGMy$~uSzs&6l^5PF7&j{!0rQ9vhMhLugC@xJT7`XZiOZEVT{CYBu{F2>~iP1%Q^hxw(8)8Tcs+K_=%8#z?R`DyQvJ@+&yPqP9ZzX41j@k~&XoSx; z85K@@>an1ZQ14De@e1trCSy<>)X>5!vgf-FNDIJQ;nW$k9i?o`Ivlu2Yy?&b3q}hC zJERLnXOv^)UJI2Qv_Ty$q_L9FWp7X!I*HuG*v;puA}M>!r=v{udDZc4pyexiKOhv` zqL8P5A(iRX>7BKPC@$7sss9ZJgjZI-0psRnOtW4^{KV`V(-XkU^f<^C38|x zxl3LnXzR;leCbr}>)-p<=k4PY>+J6CgiLMDiW`LO^W*)b4pU&Wff>r3qlc;zK|^Wt z$D=LXT<2ByAW{)WCudZTtJ`bGkfRr8vvYF+%`GjRKlh58>+@IOP~9sd1I6|eqC2`$l}0_9R+&<39I11=OEAu38P z7OtD^Us{2`L+oX1m`^;m;6ee%OlcghB83TylUvC2|NIFrgP$W}^q>ucp;T^KKZTln zME7!tG!qlkElEJ#&1VKQILSn=(8pUFb^>mD1#c$p`!Bc4(YUruSxjAIs#@|K(bL`B zXhHF#Dc=pJX!4he9Ec!G?fZ`T7$j?Q0B2YvVmeil%iH2CW8jQ?6R;rK8`-^mkNmRW zuu4lVF*sDiq`AxN1E3~|`C0sW>X4s3%#8xZo&uK!Uk;DmSalu@yH*q3-dJNXa&9bd zQ#_#K4}|}+U%JYR?Sv8DydmS`^H_Cz6cAF*`=-*16GM4)9F8h?yw-Ee2N3G7W zfxLE&YK&0g2w!xAi+e^R0UN9cQOFdJw%Od_BJCE#CocciMFWTe;Dh19Gb&fz0EVfJ z?6ZTI5geeT0;RuYH&o%A;pE41J(WxG6$O~7*jC*z0v?(Np6v%~ErhovU$=0w|H`|2 zw!qwX*5IQ3L3EVRJ0A}*Yoxyt@ZkX%ZV*ZI-vw2u00&GpVI&a)8H=gMJ{1fm5%4kp zLz{@fvzpkpDLzq#5!I>1^pPOCHM()DYONpFvZu%q7$`>}>7AU-9W{#{q#4owY|9g4 zP|6Nyk?dcb6Djg2q9YuS&#AI2v0?h9l@-k$PvhgPyQ)VX{(TS4XzEZLm(%1;iDr!e z0t=DC8GLY4bM)X-8T-V+Z7dpS&TgokO*9Vef>AhqkwhTcMLrfme`l$Ma_71397wsS z+qA!nl?U2k=0}&6F)9`*rDkPiQ++f&9Z+Av9a!lzRVe$s(HHLk(y}I{6Jx6YDt&mW znn;^Mk|cLj^!KlgqE7Q{&s1lz?0%a^P=K&EPOX}y2aD!D=*L#g={6cAPsydLJXog* zPc0v2jL1Cd@t?B0bQhE_w?~ zkY#4MmVSx<1WhOOpua`*lYmXu`qf4+TJ!sj&=($qU&Q9BRanHQ)#@}`n%O*O|8iya zs8nEdtbHzGg=cEv1m;|p^2Rsyf&(*a9PR1y2mC))jlY-lYq&hb-99~_>M#pL2u?wL zUTlug7kumE`5ggBa%Gx~@R^^1?%kD8P`4d^V^j1+%%X^{#2`BijUet)^MyuMn@fCW zH*e1G_XpcXNp~XB&Q5*d=NC{M$r!&8)5OJJFUcekvY3AY%v5|v=z3sCrc>6}f7qx<;@k*WC$Wv7UEc4LvY zJeSL|8ujnf;0aS-yu1sTP*)_PfF=|#R8moNM(f*)crBx?Fs%ZMCHJUhFoVOUDq6O_ z->tntlkf}{q8jPXjzZOoU182Q=Ne)#*GD9eAGwe(0q1ql{A>8n&hYf~2OJbG{xp!O zrFsR!%#2_j0i0a;YSnN46)^F`G|$)kApQQWFiYYVkJ`aO1NPfr%fXS#-{F6yT6433 zoj!INYf8orDoSnieu0-YUZh;MZNk|KpRdq86Wd9ubvT#qKGUi}HJ12KBwy;c~_Vg#}kY}^HJ4!Z2iUNA)e@YW_dp`Rw+0k`OYZ1 zI0YbPk;|(#@G5ZPP8H71Qb!8}k&GyalbL)7WJ45|pW)<;9qr^|V^jH-FK2CyMovKy zXf`4WmAie67-h2o=r{`$i(VrXV6*N)U}kGgMgN#GH?KfM61zdc-(;%HG0gqLhu)fH z>g?A5_A*2p#=EziGha<-K@%z*%n1DWcXslx3xrtD8hOZt0k`vN0=C*tgouyO?4eUugP zheK!ZyZR`H8*m->(<8)kX*Xh3#mVOfzp=4Epz3dQM7J5QxP|0=Nw=zm^tb-V|FEUp zQh<72T6wV0XwGh7zc+b62IX-838o&Q27d? z1+n+KTs#YjnvNCRW{c;!)|GgRNuOJOEqs2;tC8)Cs7Qa2On8P*f{c2ww@QRgy?aZ& zu^gE#5}lr&4hWY{NXxa?y2l&FNv<}d;PTVAB&}p52D2E z+3VN2yR9(=^Qd42R?b1%9Qkg7J|xoZp2wcL%cU(DHecTccMU1`-BCN)xbevj-ql>( z_ez_DgfmU)%0gJ=OiXCVLxQk31O;L?MZ$2i*CV0+K(D_WqEWTNIA*c^?eHhPsDe6= zoCd{Ea=Cm+X8-=Rzb>d0pf!svWysaQg*#k|kk<-@G&()c=NbPGRHKnBU_893Qb`V= zJeLVZS<{24uNKn;d(YbKehHFe)Myq1(i-K8Jkt6i*-X+GvJK}bKq8a)p}_@vq1j2^ z7n4z%sm@|-vPN)c#A``LZ#MvymQE6EqWPw)QX<)Kj9=1fk`SsH%|%rhW~kAg zK@hiMcR_gUZU5#wC;Z6^dNasfo`^WQhSa2~-k2nsTKW3l zDblDnK%^ORy!&wbHly)kccf`=a4s9NIs59hDJ|BHa5&_ApvM!jp2S4V9=pi|q=Yf6 z%5aE7IHqq^i43J&*i+a}BEBq3lSeZ`{Y^5P1^D&lQ9fz%-KamKM<&qW(8xCji^(wV zI;JakmXoEnk$SlD_ixGGP!1-hNHnz7peb>kl^Q2;nT-Mc&4%*BH$v$si2un)& z85;^f1^p`~2fsfCI&+-QpDm;eqa{7tp4U&}2=lc%K0_X`A61Q|rriA1ikOv z_Y+wqqz_tQu*f3j{7QEJ(eH2BvGe)9J~`-NCE%#=$rvNUBKd5Qc<%;oZ4sw{L{eCgpB zeS`gtmcJ$Z$3$QB9C7;q$?W=ij$mwwZ{O&;y1T{aDk?Ua7qPLilNGTffX?a|w6#te z2|>a+P*6|`aq*Q<>qkcxy40kxH#c{(U-{qLIXALMrJeh)+xPzL8sd9WKqErJWv%}Z z5cVfE@TYwHf4yMFFx)uAjAx{Am`haj`SC5k@H&69=QBQ}T5>h31yqYa6w9Fh(}>#r z;2aS`n0+~=jz>8^E8-@P?g6e@#{(qimDX2Zp^Snm6d&JYrr)O?X4K2@r{qmK= zf?3VpbVat3egmeEsHmEvwjm!GN>5PxcNLp$Ky0_&6WMXTYg#r&zjE!g+Gzz*E20R+ zXG?mPJp>8OI8|4Z%^1g;FUAPuRTbryl@ZfZq$+Kgp&BR(XH^ z90TzV{wo9fx0HbYgm`&l1*o2mJHZ`e@uQlk95^i8?L35t{bhK5f*I-!*5lpi1bAzJaa`{8*_-^$Ii}<4wHCk zv0Pd|^K>R#Dsv}qVOX^p+T8v!&2I4RrrYY53PzqH0-J?5#%d7CzUZhZYaR~=ZF!H? zaUAjKesGa)cU#gPQ^DUM@_$`)#qyhgKvo1?zW{J01A^Dv?f@eonS+^cWO*v-b8W5u z6E*z3<+`Fg^HFjk(c+W>n5fol;@czk99*U8awJEZ(Av=U6(wG-vLi<;+@wXNKxrot&PI#jcrKORA2Nxp=jl|FxSc$=ktEHe2-Nvu%e5b%7o^hE{6! zg@A8UYPx)?8Um7!&^|xD)+BdCl6raaz)Y{$Y!-9MO>`laEOlR2dvX13KmUC}9_?8o zK7@}6`=@_W%iQQ z{iS-r;XePa@OO82w@JGCaE>txXHhY`$Bkc99i=X6J`4u>63ua?>+t+nXYV*L zZ^;GuGtaYE{P)XCj=w#Q)?~)hQ_gaeLl`(QqJ;RdedV~=)UsSe2XVsn2{Qe4|8;x8 zDZuR|8@zFr1)^o56gjr~a;RsY<0s(hmtX5!Xk$1;!pO*Y+GFtR1-Ha_iLx}yFFba0 z850vo9$o%hHNG@*a`FvZxJxe}Tx<*YCG8lh>2_cz#rf}8=CA(?Vuw=88jpyG7<~(C z2w;DieK@^#>YC{mgLfbP0USK}q0omzgW z6w0N|^6US>879!qK19Z!z|JWM`Quscb|ZZMyeXh5$tN2t(1fu9e3C-Ihqd?5pXyFF8lnGe=80Sze}kdKDQEu^y5NRJ`@$29iI%kPd_loW}KM!rvrvvJprFS^~T64)H< zDi$%T!T$J22;&p=UvXw zAP=a7%L9~7CN{3%zaoP2bl|Dk=cUO~f(C{cM0dU`9vs23{dH)h2xJI{#Mv5_s4AJ& zxU4drUR~AEY=t=v9jkt`zLD_i9?n_x^!N9hEV*5=Rnn+EEjB6X*CKp_*FYxt^tFhl?_XB(zdyD! zK;xenK0SKuLqb5$e|NbL=6p!bsn`-^x1sz-_g@9@RF=@rz(5rd|Gc3$8a?n1h6}>R z&d(v}vvbjeb98YTo3v=H;>uAD$EGGBQNLf-=RtNET`yF+a5%c{fc#E_#%llLivD@T z|Fw}lJ+on^Q8C+?I6=tIO-uk+q=5o5Hkxc3=KiPy@Ug$%ivG)}FqojEkq^uw0eAKP z+WX3|sM0^sT~<`Yz(7z5*8q`LDUq;1KwueS=#*wiX&83a0Hst)8ifIeuAyN@QbBs? z1_2p5hK~CV2FKO)e?Q;n@`2|(Gv~bTulqd{*Zk(lnbBjj)Q_jgoIC9;4rVVDL0u%p zsarYiV5pBo(%h>uN!1{G*C{o!Oo6ko=@;u7Jg%#@h;P3{`wJA`gVxRh9B@qtm#M?! zhYwA1GPVt31xj2(BEE$OaY7PIsl@*FT1oiyt9}16595c)=eX=&6YfVUCVC!N5@{1= z_t{J4uk;=iBW^m=`L*vft}U^d4zs?$ zp7>K&CcOptW7mVX8Mk$ijbbbZScQ{+{+I6oGDJ2Ee*?o%SlFtjta#$oXXSn*jqmCT z_lv%UXfeL!Bxvt3AkNyg`L2sjOD(uz`Eog1C{ky-%39n7j%hcI*B4DacDp!h0uHZ?g zquU$sYBL~?&n}}}NaM|g<6`NF3u{(5g}&b6cP2a+)<7KkMkS>aOt5z355a}Z?Ld?7 zKuWbglZgH=mCzHPZ)cp6*wgmr`B$UbvTan0>h@j3xIY~yp5qbyw~2XoMt3qW45Jr| zdv5CpB8qsrFRtgKr+6Q70|Q=Cry^_7SK=ErzPhzIwM#rKiHl}Ad@A()^&7ihSnuH- zu)eME?53Y}L5!^z#Xkj1Nq_5#E0x=Y$lx_pX@Z)~TkMDb`aPfG-79<|!xK#kuD5?2 z@e|LaDG8nGa8ceUNYaMa&!S60Q$uyK=9OE7x2EC6ckGK@NOtybvt@r3EwMwc6Ry(uEP=46Z=b}H{UbY(+UpCoWbvCrfA1yx&pbNfrT8_beO}Ljf)wOuM_V&W` z*5>qpL+-}vOuT@$>c~bf^LnFZsMFd0L2vFb8F{KcQo3hC&)8!0=Gfp^2_u9CUm+_z z>}7S&bv``IYW~DQ&q7S%e)2wYr*R=C|FGbqy1)KsA*buQgV~WCz^wnKFz?`K_MNC^ z^B68qPm)|aX#JspMf`8P9Eeb25(RhrgsH8)T7&aBRq(p~f5+6YvX zqY@AujgVM9&%EW7M@&pQX?pN04YW#}Mlw^~C(Y~8 zQm3D1EWG{tE&%br#hG_WXw(Av|DaXu*d&c{U*7HYoUDYO@j?lqNP6?OMh14>7cSRv z#qHJ->1_K{vCYhgy{Mo;T$aZa-KNHJ4ZOrfZ$5hCgR%NN(>h}x)8zM=L*jIyge4ktY#&mRz>w>>FPY4T{aqfrT zS*EDyIbLB0l3wCQT`skQf%r{bM7tZReB{l_(R^FRNvWg62nm4lNAGhJSCOaXj{Z*4xFU-I_NOX42 zOLo~+3gkANU?W!H#`bZxK%BVAe(#$z|5NC(`iS(Hq+ z34gpU&t8Amb$`!88}n7Af8aK*7ZMkAHir!c>Ku!-oK|YI)q_3S%Sv2RdzZFCrbB;f z2u{;2`|7N!7W`1sCeg{>ymK&G@ zqT7r`xKiR0=V-o$5fnFxvG8N9slseE!XX^~I+!yR?}J+82z znQ)O|5RqYs!FQ%R3uQeoHaMdp$al|9^$?G()={vgcpF7-38~F<6gN{b&?oAw=2U)` z89QS-CGWA?JdoWi7e2npG}`wcHV3y_gL`??se8!d+Wy_OuE*>iZF}1Hl$~(tNfwi> z10BAxDi9>vjZrNY!DB}J)O@&SC)L^PqwAkdf$!6|D2$_=jhv?Dk*w<^a~)ih*6?hPd`_W0EwX+d*`LZjm1KmJI1%6VbXy?@mJ&aJ*|boX*mpZn$)m#A>sWBeY&O?WQZUJMD`_yA%4L*S)tjk1@sKPz&NDj{i%_EaD0f=bTBA^=E{hU3{Zys}~z`U}m38R1&2y?i(sz;a{Kl8-JKiRR^I>i!kz^AEtxd z1iH8^P&os1v6_OtLfDgOBbM%A?naMrS&AhID-63fhTAIjGd%W0f)xuFTQjd_P_-{f1H(L31F zwtVrd3sU{#B~z^f)4imn0XF%K3hQdN1djb1j!{b*1G045c|1D1f5L`idCP;|rR>_9 znfY%w2ADTyzX*YvZbY&DCBO4rGYu70aRjbo*y}qK#FtPfrvWSNXPEU@RYx`E4|ep_ zno!f9WcU?y-Q7jjKh$ryIrUXA@9oV z04xEUeV|B>z{IEbC1+9Q&w$tpQc#R`e`FarkK6Jb*jgWQEp-%K{xjt)l5o~TaQ(y4 zXd3VWkHl8DClC?;qGg_v{fEUC9;7^Q{y^!EkPW#*mQHG)OiJXSYC%Dy8O$sicS4`_ zt45x-en{Dx86+=|S+!C*#8UUqqnWTr4CJf;|NLlPOG*j<`fT*3+H#@eru%ri&fFl~ zBde0Op0Wx$EkYPKBzpQnkeDqBtD>0$18F)NiTNnEj|R-s6ZWlkzGT~g|9ziN76`vC z0NdP8)yVgahCm0n({noADlO0Iu<^MTSiO|h7g;{+wavL;seb<4VuaIpUr8)q+#!!o zHwQ|V@*SO~?4lSeR}>GW@SXe7JT2Vrw~OAea9Vb(#Yv3{;YeKrm7@{OA$nc`Kq*|0 zm}s%_B~M^{Z$Aomw4n=nA-5wWzoE__1&)jRDgV3_rlZ;YK`PUv#-%+2WcrFbQsm+` z7)vilt<N)M!@JAVLV;q+g{2b65f)|-T4cw@dLG4mbE98`B!)TPF zw$sO0-$5% z+Er{b0b-=`ncA%t(G)Ch61j9pAn)yg(wimo*9V5VT}{nT{6s7^Xz2Iv9(dd)oW$4e zh+7(Ly-&VLkb`2#0u?QoI`TriN(>zM@$Zw9g-GbZzd+De6w&dHX|#qr?y(WzTSpU_ zZ>#5LGU4lnc}U)sD_cdxAP?G-LH3d}MN5NAp7ZrM4W~ZWzN01U!%1`cQ2YPIj09_* zF43Aaw{)K8Iq5rcW@FTUv(LIoiuJSB;PsBs`{s^3Hb4`EjzIGvhV#I4z8EvI8Bp?w z;l@3?#74T{F6m^Tf&7qTa2a0DX>klmztgVp!H#JDNrUsI;>JBC) zCD{#={qw)L#F2oP<{c*%7;6b@x{M`^Q1~2TkG2a4|LoN8dPhw{1Jw6tgkxdhGSrOx zLPLMn;+aJqEBGf?^e}MiPvu3{wl_ib?2E9eJTXvKkw|Z2NLZh*b1XR< zVHZ2@*;X==cGIm^BO=CS?mg>h1p_$}`CfE5Lh;IQE!w)0I{3p`r)zW_WU(9QnsVIA zzfY!%pbrIUEz#6%TX^`MK;!BLke7DG5$M-58Yd*<)^C`7A|^PF!tvy%Oi-8WuU#(M zy2(tXV?ULj^6FYYvhO69(+B^D+-?KZ!*PUWc`=dwkIPy!k3ekr7w`_M^ha}*2zJLg zHRMgsXNhf553qU=pCHtlfY4fBpqz8X*gVtXoE^%Uc(qjhs!4gnITfTtu4QyhH0EuxkdT9=cgPI2S!413+w~$<(<{dqi%tF8B|a< zZU+n($B4#=0N7_kn9-W_nIGDdLh8Hk1VT2Fbkakl5h! z6i#i24#R<0hc^AJx2)EJXI>pb@5Qs9>vt!)}~P-bMD_fq-keHfiN=Dy618l z?PgULG7DR_MFL0Jkb_iWEn%!=3+kyBvq(`r#sj~qPENeoFwnZmDoc7#9AW*&MGYma z)lFJ%GCdj6@tvLO%PD=EJu}J1V#a#s(p)FaOWS&gNoD>bQ~%6_)`&8a!$%s{?9|j$ zuH>^jR^_XR#kisxO^!va_~`7{v8xH^wpe$k^EmCc_MpT-uVg=Y6C>1mN`OuB=US28 z<_P_%9bN*bN9N_5+FP~2F8qm7k95bMCcz zG+#nw0qj_{8hFZ{x;G)xL0#y&JYtA3}grN0o6s!vR;{7Dp&Uw)&DQHD4A&F>a?ok{ZodXFU^EjnPR- zZ(L#*$+FykXCFCbI5^Fz(v;V?!JKZr4%f0*b{c8+;O$=TPTMcv z(#(A0?ui2R!K%6aiZEdastdBGqXS)%9Y{*y(dq}y+gp^C`ks}`kZl0#t<$N2tE1em zx1HX4YadCq@ipg|7@CjXa&ua3jyh?nk{q#`B{p9^(^2on5`nBWe~iUqAKBmg2Hv-e z3Aug)<~5V$P*%}DyO(#jQHzlR#4-@*CGCaHnFZtZrX0h2K-Bx+?9EOK?5sVY3|v5U z?mNL9y=S;Vu5i7GFCkZxG}-J0KaHFr(p)-uWLppu#5EtSt(9!;DfQf3F&NmhHGT-u zC9TOu67bk)E0wjfjh*SAUS6CjXe)`2czKoKU~UR4*#kr90AP(_qhY4lEE8KUwhq_m zyXe+DiQ_H$Six;}{GA_i)!2i}ZMG(SAXsOkMa}OfSv0j!>)K|4pNN)3Vxu9SEo8Y> zu4ie11qvEW_7Squj4uN_mzp_|;Cqe~yqa+|BXV?wd%yo?BXw#0)3p1dwKsD`LUs&eaHy<@qN!>@YITp>;+srfV zxV7h@vB;VbIX=otaM=gkQ2zz0d*f??H>ZgXAd`?B3%{4VLxO{$_)hBv`o>C=Yhco2 zDhoyotUO3&XoN1RuzNUlfG^GUrqif!-(lnic;(%C1-o`h5|h|6>d?dGC0A}|8@0{H z0!4bu1^TbY^GBoT>O|6(*>gsFCW@>h$5nd_;4%9kHR)}0D#JdLUytP1oO>d3BjWGX zC;Dp{{zwkDnFrH{rd>vb{e?%Ww#wxnM=w8NeK@W??NZhA_$dHb@FKZ@Bsdl1XM_$5 zbWtj~UAdEz_0#N2PT^1U;Ww{|^~=pUd6tQslbEz@SNmvGIjlW}yLs0;qH)Q2n7PK8 z*L20F*WXSTp99eW+ME5J(AJ{W*73nUZBh1$t>UigO{;!wBC}El{gN)v1>}Mz6?=sP zO>RJTptdEe;coWZq1j^Zh?NV2Vp;2hc^8^ZtX@P{2f7DOKFZX#@HknM9ZfJ+U>T`L z!`=RvFlXO}m7Z?qux<)6m>JQ4hu3j#?i5u4&ASlXDYAg?)2R;O~H(U0O zFRHwcP_PVC_|a?r9cN7=NJBPArJqz0Ff$}C9|sHX^0v7{J)l`mw5vZL?@`J9h*fOZ zbRflQC4A)ayHyFUH1B{JvoWMNo3^L!1i)2X_^ZYYY`?wWaqx#fDwerrq zXD1U7A}Q}IFv7B(IhGo(!WA!8%~QHg%7~O)Ol2IGyG9&N)y66BCoMK1J5}Q6XDgWj2T~g^=1=ypc&a&nTc2{lr?XSCPfn4Mz5f=T_SU`Bj@N^ z*mfUD;;*_qtE$9`&aDWY8|kzdVNcllddo3nsY=SuOdan zNIf6?C0kg7WV>E==ICsd#II*-DJ2w7JLkG=7=`mDti~;5`(oJQT{<1yD{Zr+9+}SR zb<3%;a46f$T3x+dJX8miTpZ8Uwg zF^-_6$OcKV@R?M}2ln_r$a`r~tz49K*qh6eRgQCo2h&Unjz^szU0 z$%Ud7U#tCAZbOd-TGCvGQI+v_+s@aZf=mh@K-U$0vwE$Ty1$GD0YntJ`4 ze}jnr=P<;T)@kM@)5$4dq8@kkPB{#mDjDD>t51*l(Q0xQf#;{7W<^^n8gr|$pr>xj zsBNS8IWi5F-i|s%L7F{X4kB=B*5Ie&JY@53eP@>n99|R7F)LAHz~y8il*sKqCNnTs z@6M&Uxl&U$I>^7Ng>+sfu!@}!MZT{pW97;}r#Uz4?r6*{nZL{~i38 z2lK`|$?BXb&EzweI9A&)suatlIr?;IP0MRj=PRyEcKWkVa}t})&m4MB*TM50hB0jv zvrA8w<3kp5)w{TxRg9fy1w~a)i2)B`G|aaZR55)tw(-qf??WFe>)9$EHjV2{uMW7h zrENBCV$<9wtt(F$KQynzHKz&nh^>4KsBzgOr)sF9tUPtcm!w3{TT^mXRfT+PB&T5l zq>&qu^LFF_4zM|Gmz>aWAk9{)$AeP~7cJi&X_rT>J{-x8 z&f)a~|GLl>mq@rPRKoEsOWrqphpyqY`Rm#Jb1Msp30TWnFXcFxov zsNXeZYL}EmR|PUBWUj4jd6I5_&J;QP#oh3{a(5UGdN$+kU%SxMgsj$Ktg9Yzo_+Ps zG`|yhHz_1#x@|npmN$MufMI{a8ZT$Cl=GMqT16B+Y)Gu?3X(z$Z+vJ`Gxa||&3dx6 zxwCW9>`cR)Thgr?G zl~Y(pS)VL#Hfr=#muVxpf&LYmA1`FKN$bTUa-rkSHNOWVjNL;f;U&F6Yxr z3YxqeWBHHT2Ws6tP+0KPY~j@=2dYOq(Z!E+0KQsPkPREFhN%_K+rxXq9g0=IAf<|DEqiRO0x9uH-W@Y{ zIWx_3EfIvFTPnW4T=eGIzi|HQ%mitZUe}b-NkcNICT!ao)n^*uVN}V+Aj3hZ1i&P1 zRLmwXdu74gzmeys7uMyJ$$>8AxZfUww(D0+@cO70y?LQR-^M(SYjsT1r_@>Od0#U? zNd4nlem?k8DGVdkmFa#5!W$##4e88eT?&uQhM8q8SzK>1ia-0yrS>u$Mp?K=kG&~$ zS&5Uv{5!AIMSx=$Ste)#V8xn)Sp|dw-!S-gfv2KTErNl!VHWcNz?$MDz5`4QOkUh; zHZTSKn%NRP6-$rT&D39s@NJ3jE`nuri90%kQ3sZcaAaW#`fX9t}k#m+qT6FrrN}2I~B;QzsuHOJ1zaiKe{HyJe@Y zc*{0VewFrrt@QU3uLVC|K1{e`u87; zeNd=lSa_e{YfObJLI|}lw>>GZ^QADirk-o$-#4#WTjtH|x8PJ0^vWoO%4~CZK8~8uFU=`OLh$A%As*|k?tL|@MQ2ybc93gk= zef(ru&~p6EmRb7E_n~E(pTH?7P0_I`+WhL!)iBvkh0D!(6VRK;#$V;L6m~d*Dv54G zL{Wj&??kVEA^9)-Wws?d^@c_7+sQ=b?}S#D8MJ86|0MuMR62&-L9=dYz~a+CzgiAu zNJnplz&_3cUDq38Ea;p$X$a0Shsg6l+iK@mJ(9YpXQB`J_8U`oF2qME#-hx6tpyZe zH+k6jLhK=JeQ~Q@t&f2K8UUqR69k=1T{NLLLJ8IKj1oc&=g$OYM><_DJma1Tc%0tUC<01h0dJtU z7a#Saj%kHo_oa@rJig^qRr_kc=E{}p+s(57WRCSY%E}H3F{-!H7^zaInw;fK=eN*i zLipv}*t{Pd1oK~jm-p|K-JlZo1^t(M?`n$*jWz-rzIC~7mkpha05e2jxIryTLG$)7 z(Bi=tiK075{Y>`+2PtB2v!fmE%V3?C7QGBkeGAUpgO!szOm zpICt%w%`vRruWZPmn=9Ewxp#&J$Z(lsGVlpjv+t8fuGw4q69k0D*jx6Z(n+nqbvva zgLgjzZAUiJWAP?$;|P8uak~Rxj@KynL8y}cfnvPl(i>p=-$hTI+8=fl9^!mW9}<-9 zK=+L~K=&_bU+Y*M+csM%MbP%fCvOmK!H5zzv_WD$0$0F*Pl6(J;s~| z)PJu6ysz|WoqpE*`&n{kduz`>f{jBBGtH+b_;u-R6a^-T`x04MO8k_s}4KRQb2Vfa$uo z7bSPl)3T%e!htRb7yL~;{|w9>?a0-S#N#=9!7?ESS>UpAZ+;444u?v{>GYy)4#fJ_ zrU0g@NNe@ZvtIh@KOuhabTCO;i ztV_iVZ~g~()_lNmUjpdJyljQEPmezGfQ_}}KqX$2-K|E%fVueD?^jaQH z6yZZ76k=>IQd?I5p?)wYWg~{Ql_r|Wft?J}IWNsFH~%_S-R0+nf1=H{?I>bSvOq+^ zQH14NrnwJ&d3>f^6r0FmUafu^|6vyK`>Wm%U>II@mz2&Af&1ezMM*$xE=@g~I-$G~Z|EVamW92fdmnkW&fHIp4I475&;X$>gl}I%CnwZwUOrx)m;tizS3lKTkV8t4<0paizs%(8 z;&~tv`lBNkd`?kuQY`17Ld|SaQV#>*N3V5ku%Fc$B1 z9?jzQ>spdu9A40M{N9aECUR!h=KTK-W3d*MV-mb)$s(86)N)>l`^o>Z1TeCQWF+5T zSd{u9gF5ClFAMj~l1i9;Tf%L{A0o|oAJju+PGA3ZJw*2mIXu=ia@16;o<)G^Qc(dc zM3Yp{0LEYmN&FJNpMX#6xBf|Bv19DMkvgLB)Km_dH

); }; diff --git a/app/vmui/packages/vmui/src/components/TraceQuery/NestedNav/style.scss b/app/vmui/packages/vmui/src/components/TraceQuery/NestedNav/style.scss index 05f35b6b6..5e713fe30 100644 --- a/app/vmui/packages/vmui/src/components/TraceQuery/NestedNav/style.scss +++ b/app/vmui/packages/vmui/src/components/TraceQuery/NestedNav/style.scss @@ -1,29 +1,71 @@ @use "src/styles/variables" as *; +$color-base-nested-nav: $color-tropical-blue; +$color-base-nested-nav-dark: $color-background-body; + .vm-nested-nav { - margin-left: $padding-medium; + position: relative; + margin-left: $padding-global; border-radius: $border-radius-small; - background-color: rgba($color-tropical-blue, 0.4); + + &_dark &-header { + background-color: $color-base-nested-nav-dark; + + &:after, &:before { + background-color: $color-base-nested-nav-dark; + } + + &:hover { + box-shadow: rgba($color-white, 0.08) 0 0 0 1px; + } + } &_mobile { margin-left: $padding-small; } - &_dark { - background-color: rgba($color-black, 0.1); + &_root > &-header { + &:before, + &:after { + display: none; + } } &-header { + position: relative; display: grid; grid-template-columns: auto 1fr; gap: $padding-small; padding: $padding-small; border-radius: $border-radius-small; - transition: background-color 200ms ease-in-out; + transition: box-shadow 200ms ease-in-out; cursor: pointer; + background-color: rgba($color-base-nested-nav, 0.4); + margin-bottom: $padding-small; + z-index: 2; + + &:after { + content: ""; + position: absolute; + top: calc(50% - 1px); + height: 2px; + width: $padding-small; + background-color: $color-base-nested-nav; + left: calc(-1 * $padding-small); + } + + &:before { + content: ""; + position: absolute; + bottom: 50%; + left: calc($padding-global / -2); + height: calc(50% + $padding-small); + width: 2px; + background-color: $color-base-nested-nav; + } &:hover { - background-color: $color-hover-black; + box-shadow: rgba($color-black, 0.08) 0 0 0 1px; } &__icon { @@ -32,9 +74,11 @@ justify-content: center; width: 20px; transition: transform 200ms ease-in-out; + transform: rotate(-90deg); + color: $color-text-secondary; &_open { - transform: rotate(180deg); + transform: rotate(0); } } @@ -72,4 +116,22 @@ } } } + + &__childrens > .vm-nested-nav:not(:last-child) { + &:before { + content: ""; + position: absolute; + top: 0; + left: calc($padding-global / -2); + height: 100%; + width: 2px; + background-color: $color-base-nested-nav; + } + } + + &__childrens > .vm-nested-nav_dark:not(:last-child) { + &:before { + background-color: $color-base-nested-nav-dark; + } + } } diff --git a/app/vmui/packages/vmui/src/components/TraceQuery/TracingsView.tsx b/app/vmui/packages/vmui/src/components/TraceQuery/TracingsView.tsx index b89b469c0..0bf1cbdfd 100644 --- a/app/vmui/packages/vmui/src/components/TraceQuery/TracingsView.tsx +++ b/app/vmui/packages/vmui/src/components/TraceQuery/TracingsView.tsx @@ -89,6 +89,7 @@ const TracingsView: FC = ({ traces, jsonEditor = false, onDelete })} > diff --git a/app/vmui/packages/vmui/src/utils/time.ts b/app/vmui/packages/vmui/src/utils/time.ts index fb964e574..0f2f5b78d 100644 --- a/app/vmui/packages/vmui/src/utils/time.ts +++ b/app/vmui/packages/vmui/src/utils/time.ts @@ -30,6 +30,10 @@ const shortDurations = supportedDurations.map(d => d.short); export const roundToMilliseconds = (num: number): number => Math.round(num*1000)/1000; +export const humanizeSeconds = (num: number): string => { + return getDurationFromMilliseconds(dayjs.duration(num, "seconds").asMilliseconds()); +}; + export const roundStep = (step: number) => { let result = roundToMilliseconds(step); const integerStep = Math.round(step); @@ -46,8 +50,7 @@ export const roundStep = (step: number) => { if (step < 1 && step > 0.01) { result = Math.round(step * 40) / 40; // float to thousandths multiple of 5 } - - const humanize = getDurationFromMilliseconds(dayjs.duration(result || 0.001, "seconds").asMilliseconds()); + const humanize = humanizeSeconds(result || 0.001); return humanize.replace(/\s/g, ""); }; From a4bd73ec7e03d6849d9aeac97fb02d569f0026f8 Mon Sep 17 00:00:00 2001 From: Roman Khavronenko Date: Mon, 2 Oct 2023 21:32:11 +0200 Subject: [PATCH 50/73] lib/promscrape: make concurrency control optional (#5073) * lib/promscrape: make concurrency control optional Before, `-maxConcurrentInserts` was limiting all calls to `promscrape.Parse` function: during ingestion and scraping. This behavior is incorrect. Cmd-line flag `-maxConcurrentInserts` should have effect onl on ingestion. Since both pipelines use the same `promscrape.Parse` function, we extend it to make concurrency limiter optional. So caller can decide whether concurrency should be limited or not. This commit makes https://github.com/VictoriaMetrics/VictoriaMetrics/commit/c53b5788b4735ae78d768e7ce7d2f374a6d7da8d obsolete. Signed-off-by: hagen1778 * Revert "dashboards: move `Concurrent inserts` panel to Troubleshooting section" This reverts commit c53b5788b4735ae78d768e7ce7d2f374a6d7da8d. --------- Signed-off-by: hagen1778 --- .../prometheusimport/request_handler.go | 2 +- .../prometheusimport/request_handler.go | 2 +- dashboards/vm/vmagent.json | 289 +++++++++--------- dashboards/vmagent.json | 289 +++++++++--------- docs/CHANGELOG.md | 2 +- lib/promscrape/scrapework.go | 4 +- .../prometheus/stream/streamparser.go | 18 +- .../prometheus/stream/streamparser_test.go | 4 +- 8 files changed, 300 insertions(+), 310 deletions(-) diff --git a/app/vmagent/prometheusimport/request_handler.go b/app/vmagent/prometheusimport/request_handler.go index 2f450e1c2..58473dcae 100644 --- a/app/vmagent/prometheusimport/request_handler.go +++ b/app/vmagent/prometheusimport/request_handler.go @@ -32,7 +32,7 @@ func InsertHandler(at *auth.Token, req *http.Request) error { return err } isGzipped := req.Header.Get("Content-Encoding") == "gzip" - return stream.Parse(req.Body, defaultTimestamp, isGzipped, func(rows []parser.Row) error { + return stream.Parse(req.Body, defaultTimestamp, isGzipped, true, func(rows []parser.Row) error { return insertRows(at, rows, extraLabels) }, func(s string) { httpserver.LogError(req, s) diff --git a/app/vminsert/prometheusimport/request_handler.go b/app/vminsert/prometheusimport/request_handler.go index 09eefc7c4..2d5df5beb 100644 --- a/app/vminsert/prometheusimport/request_handler.go +++ b/app/vminsert/prometheusimport/request_handler.go @@ -29,7 +29,7 @@ func InsertHandler(req *http.Request) error { return err } isGzipped := req.Header.Get("Content-Encoding") == "gzip" - return stream.Parse(req.Body, defaultTimestamp, isGzipped, func(rows []parser.Row) error { + return stream.Parse(req.Body, defaultTimestamp, isGzipped, true, func(rows []parser.Row) error { return insertRows(rows, extraLabels) }, func(s string) { httpserver.LogError(req, s) diff --git a/dashboards/vm/vmagent.json b/dashboards/vm/vmagent.json index 3928c3248..adfb37735 100644 --- a/dashboards/vm/vmagent.json +++ b/dashboards/vm/vmagent.json @@ -2373,8 +2373,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -2390,7 +2389,7 @@ "h": 8, "w": 12, "x": 0, - "y": 36 + "y": 4 }, "id": 92, "options": { @@ -2476,8 +2475,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -2493,7 +2491,7 @@ "h": 8, "w": 12, "x": 12, - "y": 36 + "y": 4 }, "id": 95, "options": { @@ -2582,8 +2580,7 @@ "mode": "absolute", "steps": [ { - "color": "transparent", - "value": null + "color": "transparent" }, { "color": "red", @@ -2599,7 +2596,7 @@ "h": 8, "w": 12, "x": 0, - "y": 44 + "y": 12 }, "id": 98, "options": { @@ -2688,8 +2685,7 @@ "mode": "absolute", "steps": [ { - "color": "transparent", - "value": null + "color": "transparent" }, { "color": "red", @@ -2705,7 +2701,7 @@ "h": 8, "w": 12, "x": 12, - "y": 44 + "y": 12 }, "id": 99, "options": { @@ -2793,8 +2789,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -2810,7 +2805,7 @@ "h": 8, "w": 12, "x": 0, - "y": 52 + "y": 20 }, "id": 79, "links": [], @@ -2899,8 +2894,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -2916,7 +2910,7 @@ "h": 8, "w": 12, "x": 12, - "y": 52 + "y": 20 }, "id": 18, "links": [ @@ -3010,8 +3004,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -3027,7 +3020,7 @@ "h": 8, "w": 12, "x": 0, - "y": 60 + "y": 28 }, "id": 127, "links": [], @@ -3114,8 +3107,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -3131,7 +3123,7 @@ "h": 8, "w": 12, "x": 12, - "y": 60 + "y": 28 }, "id": 50, "options": { @@ -3169,123 +3161,6 @@ "title": "Invalid datapoints rate ($instance)", "type": "timeseries" }, - { - "datasource": { - "type": "victoriametrics-datasource", - "uid": "$ds" - }, - "description": "Shows how many concurrent inserts (parsing and processing of scraped or ingested data) are taking place.\n\nIf the number of concurrent inserts hits the `limit` or is close to the `limit` constantly - it might be a sign of a resource shortage.\n\nIf vmagent's CPU usage and remote write connection saturation are at normal level, it might be that `-maxConcurrentInserts` cmd-line flag needs to be increased.", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 68 - }, - "id": 130, - "links": [], - "options": { - "legend": { - "calcs": [ - "mean", - "lastNotNull", - "max" - ], - "displayMode": "table", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "desc" - } - }, - "pluginVersion": "9.2.6", - "targets": [ - { - "datasource": { - "type": "victoriametrics-datasource", - "uid": "$ds" - }, - "editorMode": "code", - "exemplar": true, - "expr": "max_over_time(vm_concurrent_insert_current{job=~\"$job\", instance=~\"$instance\"}[$__rate_interval])", - "interval": "", - "legendFormat": "{{instance}} ({{job}})", - "range": true, - "refId": "A" - }, - { - "datasource": { - "type": "victoriametrics-datasource", - "uid": "$ds" - }, - "editorMode": "code", - "exemplar": true, - "expr": "min(vm_concurrent_insert_capacity{job=~\"$job\", instance=~\"$instance\"}) by(job)", - "interval": "", - "legendFormat": "limit ({{job}})", - "range": true, - "refId": "B" - } - ], - "title": "Concurrent inserts ($instance)", - "type": "timeseries" - }, { "datasource": { "type": "victoriametrics-datasource", @@ -3306,8 +3181,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -3347,7 +3221,7 @@ "h": 7, "w": 24, "x": 0, - "y": 76 + "y": 36 }, "id": 129, "options": { @@ -3366,7 +3240,7 @@ } ] }, - "pluginVersion": "9.2.7", + "pluginVersion": "9.2.6", "targets": [ { "datasource": { @@ -4189,7 +4063,7 @@ "h": 8, "w": 12, "x": 0, - "y": 85 + "y": 38 }, "id": 73, "links": [], @@ -4306,7 +4180,7 @@ "h": 8, "w": 12, "x": 12, - "y": 85 + "y": 38 }, "id": 131, "links": [], @@ -4345,6 +4219,123 @@ "title": "Rows rate ($instance)", "type": "timeseries" }, + { + "datasource": { + "type": "victoriametrics-datasource", + "uid": "$ds" + }, + "description": "Shows how many concurrent inserts are taking place.\n\nIf the number of concurrent inserts hitting the `limit` or is close to the `limit` constantly - it might be a sign of a resource shortage.\n\n If vmagent's CPU usage and remote write connection saturation are at normal level, it might be that `-maxConcurrentInserts` cmd-line flag need to be increased.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 46 + }, + "id": 130, + "links": [], + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "9.2.6", + "targets": [ + { + "datasource": { + "type": "victoriametrics-datasource", + "uid": "$ds" + }, + "editorMode": "code", + "exemplar": true, + "expr": "max_over_time(vm_concurrent_insert_current{job=~\"$job\", instance=~\"$instance\"}[$__rate_interval])", + "interval": "", + "legendFormat": "{{instance}} ({{job}})", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "victoriametrics-datasource", + "uid": "$ds" + }, + "editorMode": "code", + "exemplar": true, + "expr": "min(vm_concurrent_insert_capacity{job=~\"$job\", instance=~\"$instance\"}) by(job)", + "interval": "", + "legendFormat": "limit ({{job}})", + "range": true, + "refId": "B" + } + ], + "title": "Concurrent inserts ($instance)", + "type": "timeseries" + }, { "datasource": { "type": "victoriametrics-datasource", @@ -4409,8 +4400,8 @@ "gridPos": { "h": 8, "w": 12, - "x": 0, - "y": 93 + "x": 12, + "y": 46 }, "id": 77, "links": [], diff --git a/dashboards/vmagent.json b/dashboards/vmagent.json index de0502665..4c66b13b9 100644 --- a/dashboards/vmagent.json +++ b/dashboards/vmagent.json @@ -2372,8 +2372,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -2389,7 +2388,7 @@ "h": 8, "w": 12, "x": 0, - "y": 36 + "y": 4 }, "id": 92, "options": { @@ -2475,8 +2474,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -2492,7 +2490,7 @@ "h": 8, "w": 12, "x": 12, - "y": 36 + "y": 4 }, "id": 95, "options": { @@ -2581,8 +2579,7 @@ "mode": "absolute", "steps": [ { - "color": "transparent", - "value": null + "color": "transparent" }, { "color": "red", @@ -2598,7 +2595,7 @@ "h": 8, "w": 12, "x": 0, - "y": 44 + "y": 12 }, "id": 98, "options": { @@ -2687,8 +2684,7 @@ "mode": "absolute", "steps": [ { - "color": "transparent", - "value": null + "color": "transparent" }, { "color": "red", @@ -2704,7 +2700,7 @@ "h": 8, "w": 12, "x": 12, - "y": 44 + "y": 12 }, "id": 99, "options": { @@ -2792,8 +2788,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -2809,7 +2804,7 @@ "h": 8, "w": 12, "x": 0, - "y": 52 + "y": 20 }, "id": 79, "links": [], @@ -2898,8 +2893,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -2915,7 +2909,7 @@ "h": 8, "w": 12, "x": 12, - "y": 52 + "y": 20 }, "id": 18, "links": [ @@ -3009,8 +3003,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -3026,7 +3019,7 @@ "h": 8, "w": 12, "x": 0, - "y": 60 + "y": 28 }, "id": 127, "links": [], @@ -3113,8 +3106,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -3130,7 +3122,7 @@ "h": 8, "w": 12, "x": 12, - "y": 60 + "y": 28 }, "id": 50, "options": { @@ -3168,123 +3160,6 @@ "title": "Invalid datapoints rate ($instance)", "type": "timeseries" }, - { - "datasource": { - "type": "prometheus", - "uid": "$ds" - }, - "description": "Shows how many concurrent inserts (parsing and processing of scraped or ingested data) are taking place.\n\nIf the number of concurrent inserts hits the `limit` or is close to the `limit` constantly - it might be a sign of a resource shortage.\n\nIf vmagent's CPU usage and remote write connection saturation are at normal level, it might be that `-maxConcurrentInserts` cmd-line flag needs to be increased.", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 68 - }, - "id": 130, - "links": [], - "options": { - "legend": { - "calcs": [ - "mean", - "lastNotNull", - "max" - ], - "displayMode": "table", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "desc" - } - }, - "pluginVersion": "9.2.6", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "$ds" - }, - "editorMode": "code", - "exemplar": true, - "expr": "max_over_time(vm_concurrent_insert_current{job=~\"$job\", instance=~\"$instance\"}[$__rate_interval])", - "interval": "", - "legendFormat": "{{instance}} ({{job}})", - "range": true, - "refId": "A" - }, - { - "datasource": { - "type": "prometheus", - "uid": "$ds" - }, - "editorMode": "code", - "exemplar": true, - "expr": "min(vm_concurrent_insert_capacity{job=~\"$job\", instance=~\"$instance\"}) by(job)", - "interval": "", - "legendFormat": "limit ({{job}})", - "range": true, - "refId": "B" - } - ], - "title": "Concurrent inserts ($instance)", - "type": "timeseries" - }, { "datasource": { "type": "prometheus", @@ -3305,8 +3180,7 @@ "mode": "absolute", "steps": [ { - "color": "green", - "value": null + "color": "green" }, { "color": "red", @@ -3346,7 +3220,7 @@ "h": 7, "w": 24, "x": 0, - "y": 76 + "y": 36 }, "id": 129, "options": { @@ -3365,7 +3239,7 @@ } ] }, - "pluginVersion": "9.2.7", + "pluginVersion": "9.2.6", "targets": [ { "datasource": { @@ -4188,7 +4062,7 @@ "h": 8, "w": 12, "x": 0, - "y": 85 + "y": 38 }, "id": 73, "links": [], @@ -4305,7 +4179,7 @@ "h": 8, "w": 12, "x": 12, - "y": 85 + "y": 38 }, "id": 131, "links": [], @@ -4344,6 +4218,123 @@ "title": "Rows rate ($instance)", "type": "timeseries" }, + { + "datasource": { + "type": "prometheus", + "uid": "$ds" + }, + "description": "Shows how many concurrent inserts are taking place.\n\nIf the number of concurrent inserts hitting the `limit` or is close to the `limit` constantly - it might be a sign of a resource shortage.\n\n If vmagent's CPU usage and remote write connection saturation are at normal level, it might be that `-maxConcurrentInserts` cmd-line flag need to be increased.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 46 + }, + "id": 130, + "links": [], + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "9.2.6", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$ds" + }, + "editorMode": "code", + "exemplar": true, + "expr": "max_over_time(vm_concurrent_insert_current{job=~\"$job\", instance=~\"$instance\"}[$__rate_interval])", + "interval": "", + "legendFormat": "{{instance}} ({{job}})", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$ds" + }, + "editorMode": "code", + "exemplar": true, + "expr": "min(vm_concurrent_insert_capacity{job=~\"$job\", instance=~\"$instance\"}) by(job)", + "interval": "", + "legendFormat": "limit ({{job}})", + "range": true, + "refId": "B" + } + ], + "title": "Concurrent inserts ($instance)", + "type": "timeseries" + }, { "datasource": { "type": "prometheus", @@ -4408,8 +4399,8 @@ "gridPos": { "h": 8, "w": 12, - "x": 0, - "y": 93 + "x": 12, + "y": 46 }, "id": 77, "links": [], diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index f4bfb5aea..729af3939 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -56,11 +56,11 @@ The sandbox cluster installation is running under the constant load generated by * FEATURE: stop exposing `vm_merge_need_free_disk_space` metric, since it has been appeared that it confuses users while doesn't bring any useful information. See [this comment](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/686#issuecomment-1733844128). * BUGFIX: [Official Grafana dashboards for VictoriaMetrics](https://grafana.com/orgs/victoriametrics): fix display of ingested rows rate for `Samples ingested/s` and `Samples rate` panels for vmagent's dasbhoard. Previously, not all ingested protocols were accounted in these panels. An extra panel `Rows rate` was added to `Ingestion` section to display the split for rows ingested rate by protocol. -* BUGFIX: [Official Grafana dashboards for VictoriaMetrics](https://grafana.com/orgs/victoriametrics): move vmagent's `Concurrent inserts` panel to Troubleshooting section from `Ingestion` section because this panel is related to both: scraped and ingested data. Before, it could have give a misleading impression that it is related to ingested metrics only. * BUGFIX: [vmui](https://docs.victoriametrics.com/#vmui): fix the bug causing render looping when switching to heatmap. * BUGFIX: [VictoriaMetrics enterprise](https://docs.victoriametrics.com/enterprise.html) validate `-dedup.minScrapeInterval` value and `-downsampling.period` intervals are multiples of each other. See [these docs](https://docs.victoriametrics.com/#downsampling). * BUGFIX: [vmbackup](https://docs.victoriametrics.com/vmbackup.html): properly copy `appliedRetention.txt` files inside `<-storageDataPath>/{data}` folders during [incremental backups](https://docs.victoriametrics.com/vmbackup.html#incremental-backups). Previously the new `appliedRetention.txt` could be skipped during incremental backups, which could lead to increased load on storage after restoring from backup. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5005). * BUGFIX: [vmagent](https://docs.victoriametrics.com/vmagent.html): suppress `context canceled` error messages in logs when `vmagent` is reloading service discovery config. This error could appear starting from [v1.93.5](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.93.5). See [this PR](https://github.com/VictoriaMetrics/VictoriaMetrics/pull/5048). +* BUGFIX: [vmagent](https://docs.victoriametrics.com/vmagent.html): remove concurrency limit during parsing of scraped metrics, which was mistakenly applied to it. With this change cmd-line flag `-maxConcurrentInserts` won't have effect on scraping anymore. * BUGFIX: [MetricsQL](https://docs.victoriametrics.com/MetricsQL.html): allow passing [median_over_time](https://docs.victoriametrics.com/MetricsQL.html#median_over_time) to [aggr_over_time](https://docs.victoriametrics.com/MetricsQL.html#aggr_over_time). See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5034). * BUGFIX: [vminsert](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html): fix ingestion via [multitenant url](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#multitenancy-via-labels) for opentsdbhttp. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5061). The bug has been introduced in [v1.93.2](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.93.2). * BUGFIX: [vmagent](https://docs.victoriametrics.com/vmagent.html): fix support of legacy DataDog agent, which adds trailing slashes to urls. See [this issue](https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5078). Thanks to @maxb for spotting the issue. diff --git a/lib/promscrape/scrapework.go b/lib/promscrape/scrapework.go index 3a23c8655..ac100e958 100644 --- a/lib/promscrape/scrapework.go +++ b/lib/promscrape/scrapework.go @@ -587,7 +587,7 @@ func (sw *scrapeWork) scrapeStream(scrapeTimestamp, realTimestamp int64) error { if err == nil { bodyString = bytesutil.ToUnsafeString(sbr.body) areIdenticalSeries = sw.areIdenticalSeries(lastScrape, bodyString) - err = stream.Parse(&sbr, scrapeTimestamp, false, func(rows []parser.Row) error { + err = stream.Parse(&sbr, scrapeTimestamp, false, false, func(rows []parser.Row) error { mu.Lock() defer mu.Unlock() samplesScraped += len(rows) @@ -808,7 +808,7 @@ func (sw *scrapeWork) sendStaleSeries(lastScrape, currScrape string, timestamp i // and https://github.com/VictoriaMetrics/VictoriaMetrics/issues/3675 var mu sync.Mutex br := bytes.NewBufferString(bodyString) - err := stream.Parse(br, timestamp, false, func(rows []parser.Row) error { + err := stream.Parse(br, timestamp, false, false, func(rows []parser.Row) error { mu.Lock() defer mu.Unlock() for i := range rows { diff --git a/lib/protoparser/prometheus/stream/streamparser.go b/lib/protoparser/prometheus/stream/streamparser.go index 5f34614cc..6463b2c3a 100644 --- a/lib/protoparser/prometheus/stream/streamparser.go +++ b/lib/protoparser/prometheus/stream/streamparser.go @@ -20,10 +20,16 @@ import ( // The callback can be called concurrently multiple times for streamed data from r. // // callback shouldn't hold rows after returning. -func Parse(r io.Reader, defaultTimestamp int64, isGzipped bool, callback func(rows []prometheus.Row) error, errLogger func(string)) error { - wcr := writeconcurrencylimiter.GetReader(r) - defer writeconcurrencylimiter.PutReader(wcr) - r = wcr +// +// limitConcurrency defines whether to control the number of concurrent calls to this function. +// It is recommended setting limitConcurrency=true if the caller doesn't have concurrency limits set, +// like /api/v1/write calls. +func Parse(r io.Reader, defaultTimestamp int64, isGzipped, limitConcurrency bool, callback func(rows []prometheus.Row) error, errLogger func(string)) error { + if limitConcurrency { + wcr := writeconcurrencylimiter.GetReader(r) + defer writeconcurrencylimiter.PutReader(wcr) + r = wcr + } if isGzipped { zr, err := common.GetGzipReader(r) @@ -44,7 +50,9 @@ func Parse(r io.Reader, defaultTimestamp int64, isGzipped bool, callback func(ro uw.reqBuf, ctx.reqBuf = ctx.reqBuf, uw.reqBuf ctx.wg.Add(1) common.ScheduleUnmarshalWork(uw) - wcr.DecConcurrency() + if wcr, ok := r.(*writeconcurrencylimiter.Reader); ok { + wcr.DecConcurrency() + } } ctx.wg.Wait() if err := ctx.Error(); err != nil { diff --git a/lib/protoparser/prometheus/stream/streamparser_test.go b/lib/protoparser/prometheus/stream/streamparser_test.go index fb37b49a2..ddcc941e4 100644 --- a/lib/protoparser/prometheus/stream/streamparser_test.go +++ b/lib/protoparser/prometheus/stream/streamparser_test.go @@ -24,7 +24,7 @@ func TestParse(t *testing.T) { var result []prometheus.Row var lock sync.Mutex doneCh := make(chan struct{}) - err := Parse(bb, defaultTimestamp, false, func(rows []prometheus.Row) error { + err := Parse(bb, defaultTimestamp, false, true, func(rows []prometheus.Row) error { lock.Lock() result = appendRowCopies(result, rows) if len(result) == len(rowsExpected) { @@ -57,7 +57,7 @@ func TestParse(t *testing.T) { } result = nil doneCh = make(chan struct{}) - err = Parse(bb, defaultTimestamp, true, func(rows []prometheus.Row) error { + err = Parse(bb, defaultTimestamp, true, false, func(rows []prometheus.Row) error { lock.Lock() result = appendRowCopies(result, rows) if len(result) == len(rowsExpected) { From f39045eca679a93de6790afa1f3b3bf3700d08b7 Mon Sep 17 00:00:00 2001 From: Yury Molodov Date: Mon, 2 Oct 2023 21:41:03 +0200 Subject: [PATCH 51/73] vmui: add storage for query history (#5022) * vmui: add storage for query history * docs/vmui: add storage for query history --- .../vmui/src/components/Main/Icons/index.tsx | 20 ++ app/vmui/packages/vmui/src/constants/graph.ts | 1 + .../packages/vmui/src/hooks/useFetchQuery.ts | 4 +- .../QueryConfigurator/QueryConfigurator.tsx | 11 +- .../CustomPanel/QueryHistory/QueryHistory.tsx | 188 ++++++++++++++++++ .../QueryHistory/QueryHistoryItem.tsx | 65 ++++++ .../QueryHistory/QueryHistoryList.tsx | 114 ----------- .../pages/CustomPanel/QueryHistory/style.scss | 72 +++++-- .../pages/CustomPanel/QueryHistory/utils.ts | 27 +++ .../vmui/src/state/customPanel/reducer.ts | 2 +- .../packages/vmui/src/state/query/reducer.ts | 10 +- app/vmui/packages/vmui/src/utils/storage.ts | 12 +- docs/CHANGELOG.md | 1 + 13 files changed, 369 insertions(+), 158 deletions(-) create mode 100644 app/vmui/packages/vmui/src/pages/CustomPanel/QueryHistory/QueryHistory.tsx create mode 100644 app/vmui/packages/vmui/src/pages/CustomPanel/QueryHistory/QueryHistoryItem.tsx delete mode 100644 app/vmui/packages/vmui/src/pages/CustomPanel/QueryHistory/QueryHistoryList.tsx create mode 100644 app/vmui/packages/vmui/src/pages/CustomPanel/QueryHistory/utils.ts diff --git a/app/vmui/packages/vmui/src/components/Main/Icons/index.tsx b/app/vmui/packages/vmui/src/components/Main/Icons/index.tsx index 6e96b3cee..4831ba7ec 100644 --- a/app/vmui/packages/vmui/src/components/Main/Icons/index.tsx +++ b/app/vmui/packages/vmui/src/components/Main/Icons/index.tsx @@ -430,3 +430,23 @@ export const ListIcon = () => ( ); + +export const StarBorderIcon = () => ( + + + +); + +export const StarIcon = () => ( + + + +); diff --git a/app/vmui/packages/vmui/src/constants/graph.ts b/app/vmui/packages/vmui/src/constants/graph.ts index 48147c639..97d0fcd27 100644 --- a/app/vmui/packages/vmui/src/constants/graph.ts +++ b/app/vmui/packages/vmui/src/constants/graph.ts @@ -1,6 +1,7 @@ import { GraphSize, SeriesItemStats } from "../types"; export const MAX_QUERY_FIELDS = 4; +export const MAX_QUERIES_HISTORY = 25; export const DEFAULT_MAX_SERIES = { table: 100, chart: 20, diff --git a/app/vmui/packages/vmui/src/hooks/useFetchQuery.ts b/app/vmui/packages/vmui/src/hooks/useFetchQuery.ts index 4ab13b24d..a4c39f56c 100644 --- a/app/vmui/packages/vmui/src/hooks/useFetchQuery.ts +++ b/app/vmui/packages/vmui/src/hooks/useFetchQuery.ts @@ -125,7 +125,7 @@ export const useFetchQuery = ({ } isHistogramResult = isDisplayChart && isHistogramData(resp.data.result); - seriesLimit = isHistogramResult ? Infinity : Math.max(totalLength, defaultLimit); + seriesLimit = isHistogramResult ? Infinity : defaultLimit; const freeTempSize = seriesLimit - tempData.length; resp.data.result.slice(0, freeTempSize).forEach((d: MetricBase) => { d.group = counter; @@ -140,7 +140,7 @@ export const useFetchQuery = ({ counter++; } - const limitText = `Showing ${seriesLimit} series out of ${totalLength} series due to performance reasons. Please narrow down the query, so it returns less series`; + const limitText = `Showing ${tempData.length} series out of ${totalLength} series due to performance reasons. Please narrow down the query, so it returns less series`; setWarning(totalLength > seriesLimit ? limitText : ""); isDisplayChart ? setGraphData(tempData as MetricResult[]) : setLiveData(tempData as InstantMetricResult[]); setTraces(tempTraces); diff --git a/app/vmui/packages/vmui/src/pages/CustomPanel/QueryConfigurator/QueryConfigurator.tsx b/app/vmui/packages/vmui/src/pages/CustomPanel/QueryConfigurator/QueryConfigurator.tsx index badf930ee..7648ffc0b 100644 --- a/app/vmui/packages/vmui/src/pages/CustomPanel/QueryConfigurator/QueryConfigurator.tsx +++ b/app/vmui/packages/vmui/src/pages/CustomPanel/QueryConfigurator/QueryConfigurator.tsx @@ -2,7 +2,7 @@ import React, { FC, StateUpdater, useEffect, useState } from "preact/compat"; import QueryEditor from "../../../components/Configurators/QueryEditor/QueryEditor"; import AdditionalSettings from "../../../components/Configurators/AdditionalSettings/AdditionalSettings"; import usePrevious from "../../../hooks/usePrevious"; -import { MAX_QUERY_FIELDS } from "../../../constants/graph"; +import { MAX_QUERIES_HISTORY, MAX_QUERY_FIELDS } from "../../../constants/graph"; import { useQueryDispatch, useQueryState } from "../../../state/query/QueryStateContext"; import { useTimeDispatch } from "../../../state/time/TimeStateContext"; import { @@ -22,7 +22,7 @@ import { arrayEquals } from "../../../utils/array"; import useDeviceDetect from "../../../hooks/useDeviceDetect"; import { QueryStats } from "../../../api/types"; import { usePrettifyQuery } from "./hooks/usePrettifyQuery"; -import QueryHistoryList from "../QueryHistory/QueryHistoryList"; +import QueryHistory from "../QueryHistory/QueryHistory"; export interface QueryConfiguratorProps { queryErrors: string[]; @@ -66,7 +66,7 @@ const QueryConfigurator: FC = ({ const newValues = !queryEqual && q ? [...h.values, q] : h.values; // limit the history - if (newValues.length > 25) newValues.shift(); + if (newValues.length > MAX_QUERIES_HISTORY) newValues.shift(); return { index: h.values.length - Number(queryEqual), @@ -243,10 +243,7 @@ const QueryConfigurator: FC = ({
- + {stateQuery.length < MAX_QUERY_FIELDS && ( +
+ )} +
+ + + )} + + ); +}; + +export default QueryHistory; diff --git a/app/vmui/packages/vmui/src/pages/CustomPanel/QueryHistory/QueryHistoryItem.tsx b/app/vmui/packages/vmui/src/pages/CustomPanel/QueryHistory/QueryHistoryItem.tsx new file mode 100644 index 000000000..23e54efc1 --- /dev/null +++ b/app/vmui/packages/vmui/src/pages/CustomPanel/QueryHistory/QueryHistoryItem.tsx @@ -0,0 +1,65 @@ +import React, { FC, useMemo } from "preact/compat"; +import Button from "../../../components/Main/Button/Button"; +import { CopyIcon, PlayCircleOutlineIcon, StarBorderIcon, StarIcon } from "../../../components/Main/Icons"; +import Tooltip from "../../../components/Main/Tooltip/Tooltip"; +import useCopyToClipboard from "../../../hooks/useCopyToClipboard"; +import "./style.scss"; + +interface Props { + query: string; + favorites: string[]; + onRun: (query: string) => void; + onToggleFavorite: (query: string, isFavorite: boolean) => void; +} + +const QueryHistoryItem: FC = ({ query, favorites, onRun, onToggleFavorite }) => { + const copyToClipboard = useCopyToClipboard(); + const isFavorite = useMemo(() => favorites.includes(query), [query, favorites]); + + const handleCopyQuery = async () => { + await copyToClipboard(query, "Query has been copied"); + }; + + const handleRunQuery = () => { + onRun(query); + }; + + const handleToggleFavorite = () => { + onToggleFavorite(query, isFavorite); + }; + + return ( +
+ {query} +
+ +
+
+ ); +}; + +export default QueryHistoryItem; diff --git a/app/vmui/packages/vmui/src/pages/CustomPanel/QueryHistory/QueryHistoryList.tsx b/app/vmui/packages/vmui/src/pages/CustomPanel/QueryHistory/QueryHistoryList.tsx deleted file mode 100644 index 0ce8ddf35..000000000 --- a/app/vmui/packages/vmui/src/pages/CustomPanel/QueryHistory/QueryHistoryList.tsx +++ /dev/null @@ -1,114 +0,0 @@ -import React, { FC, useMemo } from "preact/compat"; -import Button from "../../../components/Main/Button/Button"; -import { ClockIcon, CopyIcon, PlayCircleOutlineIcon } from "../../../components/Main/Icons"; -import Tooltip from "../../../components/Main/Tooltip/Tooltip"; -import { QueryHistory } from "../../../state/query/reducer"; -import useBoolean from "../../../hooks/useBoolean"; -import Modal from "../../../components/Main/Modal/Modal"; -import "./style.scss"; -import Tabs from "../../../components/Main/Tabs/Tabs"; -import { useState } from "react"; -import useCopyToClipboard from "../../../hooks/useCopyToClipboard"; -import useDeviceDetect from "../../../hooks/useDeviceDetect"; -import classNames from "classnames"; - -interface QueryHistoryProps { - history: QueryHistory[]; - handleSelectQuery: (query: string, index: number) => void -} - -const QueryHistoryList: FC = ({ history, handleSelectQuery }) => { - const { isMobile } = useDeviceDetect(); - const copyToClipboard = useCopyToClipboard(); - const { - value: openModal, - setTrue: handleOpenModal, - setFalse: handleCloseModal, - } = useBoolean(false); - - const [activeTab, setActiveTab] = useState("0"); - const tabs = useMemo(() => history.map((item, i) => ({ - value: `${i}`, - label: `Query ${i+1}`, - })), [history]); - - const queries = useMemo(() => { - const historyItem = history[+activeTab]; - return historyItem ? historyItem.values.filter(q => q).reverse() : []; - }, [activeTab, history]); - - const handleCopyQuery = (value: string) => async () => { - await copyToClipboard(value, "Query has been copied"); - }; - - const handleRunQuery = (value: string, index: number) => () => { - handleSelectQuery(value, index); - handleCloseModal(); - }; - - return ( - <> - -