From 16c0f1462306854ea99664d7834b48b9a31423fc Mon Sep 17 00:00:00 2001 From: Tobias Schuhmacher Date: Tue, 21 Jan 2025 14:00:29 +0100 Subject: [PATCH 01/12] First draft --- docs/user/README.md | 43 +++++++++++++++++++++++++++++++++---------- 1 file changed, 33 insertions(+), 10 deletions(-) diff --git a/docs/user/README.md b/docs/user/README.md index 1c6854d..db783f6 100644 --- a/docs/user/README.md +++ b/docs/user/README.md @@ -1,14 +1,37 @@ -> **TIP:** Apart from the {Module Name} heading, you can use your own titles for the remaining sections. You can also add more module-specific sections. - -# {Module Name} -> Modify the title and insert the name of your module. Use Heading 1 (H1). +# KIM Snatch ## Overview -> Provide a description of your module and its components. Describe its features and functionalities. Mention the scope and add information on the CustomResourceDefinitions (CRDs). -> You can divide this section to the relevant subsections. +The KIM-Snatch Module is part of KIM's worker-pool feature. It is a mandatory Kyma module and deployed on all Kyma managed runtimes (SKR). + +In the past, Kyma had only one worker-pool (so called "Kyma worker-pool") where every workload was scheduled on. This Kyma worker pool is mandatory and cannot be removed from a Kyma runtime. Customers have several configuration options, but it's not fully adjustable and can be too limited for customers who require special node setups. + +By introducing the Kyma worker-pool feature, customers can add additional worker-pools to their Kyma runtime. This enables customer to introduce worker nodes, which are optimized for their particular workload requirements. + + To ensure customer worker-pools are reserved for customer workloads, KIM-Snatch got introduced. It is responsible to assign Kyma workloads (e.g. operators of Kyma modules) to the Kyma worker pool. This has several advantages: + +* Kyma workloads are not allocating resources on customer worker-pools. This ensures that customers have the full capacity of the worker-pool available for their workloads. +* It reduce the risk of incompatibility between Kyma container images and individually configured worker-pools. + +## Technical Approach +The KIM-Snatch module introduced a [mutating admission webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook) in Kubernetes. + +It is intercepting all pods which are scheduled in a Kyma managed namespace. A managed namespace is by [KLM](https://github.com/kyma-project/lifecycle-manager) always labeled with `operator.kyma-project.io/managed-by: kyma`. KIM reacts only on pods which are scheduled in one of these labeled namespaces. Typical Kyma managed namespaces are `kyma-system` or, if the Kyma Istio module is used, `istio`. + +Before the pod is handed over to the Kubernetes scheduler, KIM-Snatch adds a [`node affinity`](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) to it. This tells the scheduler, to prefer the Kyma worker-pool nodes for this pod. + +## Limitations + +### Kyma worker-pool is not enforced +Assigning a pod to a particular worker pool can cause drawbacks, for example: + +* Resources of the preferred worker-pool are exhausted while other worker-pools would have still free capacities. +* If no suitable worker-pool can be found and the node-affiniuty is set as a "hard" rule, the pod won't be scheduled. + +To overcome these limitations, the configured node-affinity on Kyma workloads is a "soft" rule. It tells the Kubernetes scheduler to prefer the Kyma worker-pool, but if no capacities are available, it will also consider other worker-pools. + +### Not all Kyma workloads intercepted +Another disadvantage is, that Kubernetes calls could be heavily impacted, if a mandatory admission webhook isn't responsive enough. This can lead to timeouts and massive performance degradation. -## Useful Links (Optional) -> Provide links to the most relevant module documentation (tutorials, technical references, resources, etc.). +To prevent such side-effects, the webhook is configured as non-mandatory webhook which allows Kubernetes to bypass it. This could, while the webhook is down, lead to scheduled pods without a `nodeAffinity` configured. -## Feedback (Optional) -> Describe how users can provide feedback. \ No newline at end of file +Additionally, all pods which are already scheduled and running on a worker node won't receive the `nodeAffinity` as it's only allowed to intercept non-scheduled pods. Means, running pods would have to be restarted to receive the `nodeAffinity`. This webhook is not restarting running pods to avoid any service interruptions or reduced user experience for our customers. \ No newline at end of file From b1db8d107a513e1d0909bb70702e1d52f7b45475 Mon Sep 17 00:00:00 2001 From: Tobias Schuhmacher Date: Tue, 21 Jan 2025 16:58:42 +0100 Subject: [PATCH 02/12] Add more links --- docs/user/README.md | 37 ++++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/docs/user/README.md b/docs/user/README.md index db783f6..2850986 100644 --- a/docs/user/README.md +++ b/docs/user/README.md @@ -1,37 +1,40 @@ # KIM Snatch ## Overview -The KIM-Snatch Module is part of KIM's worker-pool feature. It is a mandatory Kyma module and deployed on all Kyma managed runtimes (SKR). +The KIM-Snatch Module is part of KIM's worker pool feature. It is a mandatory Kyma module and deployed on all Kyma managed runtimes (SKR). -In the past, Kyma had only one worker-pool (so called "Kyma worker-pool") where every workload was scheduled on. This Kyma worker pool is mandatory and cannot be removed from a Kyma runtime. Customers have several configuration options, but it's not fully adjustable and can be too limited for customers who require special node setups. +In the past, Kyma had only one worker pool (so called "Kyma worker pool") where every workload was scheduled on. This Kyma worker pool is mandatory and cannot be removed from a Kyma runtime. Customers have several configuration options, but it's not fully adjustable and can be too limited for customers who require special node setups. -By introducing the Kyma worker-pool feature, customers can add additional worker-pools to their Kyma runtime. This enables customer to introduce worker nodes, which are optimized for their particular workload requirements. +By introducing the Kyma worker pool feature, customers can add additional worker pools to their Kyma runtime. This enables customer to introduce worker nodes, which are optimized for their particular workload requirements. - To ensure customer worker-pools are reserved for customer workloads, KIM-Snatch got introduced. It is responsible to assign Kyma workloads (e.g. operators of Kyma modules) to the Kyma worker pool. This has several advantages: + To ensure customer worker pools are reserved for customer workloads, KIM-Snatch got introduced. It is responsible to assign Kyma workloads (e.g. operators of Kyma modules) to the Kyma worker pool. This has several advantages: -* Kyma workloads are not allocating resources on customer worker-pools. This ensures that customers have the full capacity of the worker-pool available for their workloads. -* It reduce the risk of incompatibility between Kyma container images and individually configured worker-pools. +* Kyma workloads are not allocating resources on customer worker pools. This ensures that customers have the full capacity of the worker pool available for their workloads. +* It reduce the risk of incompatibility between Kyma container images and individually configured worker pools. ## Technical Approach -The KIM-Snatch module introduced a [mutating admission webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook) in Kubernetes. +The KIM-Snatch module introduces a [mutating admission webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook) in Kubernetes. -It is intercepting all pods which are scheduled in a Kyma managed namespace. A managed namespace is by [KLM](https://github.com/kyma-project/lifecycle-manager) always labeled with `operator.kyma-project.io/managed-by: kyma`. KIM reacts only on pods which are scheduled in one of these labeled namespaces. Typical Kyma managed namespaces are `kyma-system` or, if the Kyma Istio module is used, `istio`. +It is intercepting all pods which are scheduled in a Kyma managed namespaces. A managed namespace is by [KLM](https://github.com/kyma-project/lifecycle-manager) always labeled with `operator.kyma-project.io/managed-by: kyma`. KIM reacts only on pods which are scheduled in one of these labeled namespaces. Typical Kyma managed namespaces are `kyma-system` or, if the Kyma Istio module is used, `istio`. -Before the pod is handed over to the Kubernetes scheduler, KIM-Snatch adds a [`node affinity`](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) to it. This tells the scheduler, to prefer the Kyma worker-pool nodes for this pod. +Before the pod is handed over to the Kubernetes scheduler, KIM-Snatch adds a [`nodeAffinity`](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) to the pod's manifest. This informs the Kubernetes scheduler to prefer nodes within the Kyma worker pool for this pod. ## Limitations -### Kyma worker-pool is not enforced -Assigning a pod to a particular worker pool can cause drawbacks, for example: +### Using the Kyma worker pool is not enforced +Assigning a pod to a specific worker pool can cause drawbacks, for example: -* Resources of the preferred worker-pool are exhausted while other worker-pools would have still free capacities. -* If no suitable worker-pool can be found and the node-affiniuty is set as a "hard" rule, the pod won't be scheduled. +* Resources of the preferred worker pool are exhausted while other worker pools would have still free capacities. +* If no suitable worker pool can be found and the node-affinity is set as a "hard" rule, the pod won't be scheduled. -To overcome these limitations, the configured node-affinity on Kyma workloads is a "soft" rule. It tells the Kubernetes scheduler to prefer the Kyma worker-pool, but if no capacities are available, it will also consider other worker-pools. +To overcome these limitations, the configured node-affinity on Kyma workloads is a "soft" rule (we use `preferredDuringSchedulingIgnoredDuringExecution`, for more details see [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity)). The Kubernetes scheduler will prefer the Kyma worker pool, but if it's not possible to schedule the pod in this pool, it will also consider other worker pools. -### Not all Kyma workloads intercepted -Another disadvantage is, that Kubernetes calls could be heavily impacted, if a mandatory admission webhook isn't responsive enough. This can lead to timeouts and massive performance degradation. +### Cases when Kyma workloads are not intercepted -To prevent such side-effects, the webhook is configured as non-mandatory webhook which allows Kubernetes to bypass it. This could, while the webhook is down, lead to scheduled pods without a `nodeAffinity` configured. +#### Non-available webhook will be ignored by Kubernetes +Kubernetes calls could be heavily impacted if a mandatory admission webhook isn't responsive enough. This can lead to timeouts and massive performance degradation. +To prevent such side-effects, the KIM-Snatch webhook is configured with a [failure tolerating policy](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy) which allows Kubernetes to continue in case of errors. This implies, that downtimes or failures of the webhook will be accepted and pods get scheduled without a `nodeAffinity`. + +#### Already scheduled pods are ignored by webhook Additionally, all pods which are already scheduled and running on a worker node won't receive the `nodeAffinity` as it's only allowed to intercept non-scheduled pods. Means, running pods would have to be restarted to receive the `nodeAffinity`. This webhook is not restarting running pods to avoid any service interruptions or reduced user experience for our customers. \ No newline at end of file From f4bb7669dc1ea3578939368698a15128063c3623 Mon Sep 17 00:00:00 2001 From: Tobias Schuhmacher Date: Wed, 22 Jan 2025 16:51:56 +0100 Subject: [PATCH 03/12] Add deployment pic --- docs/user/README.md | 2 ++ docs/user/assets/snatch-deployment.png | Bin 0 -> 74773 bytes 2 files changed, 2 insertions(+) create mode 100644 docs/user/assets/snatch-deployment.png diff --git a/docs/user/README.md b/docs/user/README.md index 2850986..25039ba 100644 --- a/docs/user/README.md +++ b/docs/user/README.md @@ -17,6 +17,8 @@ The KIM-Snatch module introduces a [mutating admission webhook](https://kubernet It is intercepting all pods which are scheduled in a Kyma managed namespaces. A managed namespace is by [KLM](https://github.com/kyma-project/lifecycle-manager) always labeled with `operator.kyma-project.io/managed-by: kyma`. KIM reacts only on pods which are scheduled in one of these labeled namespaces. Typical Kyma managed namespaces are `kyma-system` or, if the Kyma Istio module is used, `istio`. +![KIM Snatch Webhook](./assets/snatch-deployment.png) + Before the pod is handed over to the Kubernetes scheduler, KIM-Snatch adds a [`nodeAffinity`](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) to the pod's manifest. This informs the Kubernetes scheduler to prefer nodes within the Kyma worker pool for this pod. ## Limitations diff --git a/docs/user/assets/snatch-deployment.png b/docs/user/assets/snatch-deployment.png new file mode 100644 index 0000000000000000000000000000000000000000..6ec12e1f2984d6e8e09ec8fd283f88a1f2e65ec5 GIT binary patch literal 74773 zcmeFZcT|(#)-Ea?k){F)O8eRANbdm^M5IZR8W5!y6$rhHs1&fC`~V z34|_43n3uA-<9Cr-`?Lj=lkv$_ntA%9ryQ7bcHwXyVhK5&H2n{KI?t1r=!8dz{POn z$Pp&Zo7e9gIYQ%bW1waH2r*>q73@Cp(S!N4o;d$B@?QNByMm8m z6qLW=nR_{NbMV1AQ&>^cCm)_nT2rr%_^u*VUHJQ3&HHNl)T4prkH|7oZDQC3WLJ9(?)j5enCM z>q=ot@TB_PqpV#WDZDA_|9;WKYat>1G4kTKz%LQ=)btL>{Hfcg|Ls0mwFP1XVrN^(vpb%8 zgd#8U#)Dg6%0pPd6(hxYiAiyy?5GV#n(6a4tA!I)5BJ+w4%h~)}ZOBo=z4~eLnvUSDA#& zRz(Np{iVQ_k#Z;vF>fU8y{Y>i6K0}yRm@cym)lZZw>PcjF@wQI7P$X_X`u+Q=)Q`@ zm2W8@cZgMTGi&T7PIk;26=8Pw{JwuIy5$}SwH_w_G1e?fqK z5$bdTY?uru2@}$W;RhQg@c%PoP(&h)!VOK+&GnZ-8bng+*Dvfv$(gY9m2 z;HmPtUDpYog&S7-Dd*o3ynj9H*&0uOV`0|s%$76ucyhe(<@(UV{r)lQw@dakkyyqG zv0dNc#JAzE21}(qrWt!|TD9BX>0Y9_7VNN)XgAV-hWbExE_|bXInrAa8nkbk*Msv& z>9DIG@6LEMNz;TM4REcV!`UP*&A44kcGFQQ2<`}ETZavL;Kf$^5~GA`pHxn!&Sc<(WytLiuh4ywnkG~Jl06o$@J?- zLg(4Cgb{EF|FSvX#?S*HbdbZD(TcDEK$H?R{zrHd5N{)v4lM7 zq*E2i9?KAqyX9}2#J5g#sm~Nm=KCkw$SAS4FL$a0$?OntB8+ZP?2{qa(D6}pj7*|} z99{dXlZHKBDTK$1ye#(k6J0IX&JstJ#4_Q;CzDmg=SS`Km}G>dxkoifp7y4GNQm@} zfGV=vy(|QQw9S)zSh1kqWdvNoJ712tI*G9?Z{JBMw|lfDbq*6`$&6WiGVgnTImDPB z;Tn9fR~~uojvxHGS|_S)BwdlZC8mNDBFMNeJXxF}jiaV_B*7bX1r4H$!Fxq}k% z=JQ128E5IS$7qBB_qRuL5%y209BOe1b_ILPVrSgTBDQSi589EUFC|z;J)Ap^5Pddj zP?|&Q4bG)BC3QMG&1d@^Pf09~ls9$?Ce`dUJepXv+))qA<;7fE(I0X`!!chKJiJkH zCh_QVq}}*V00J@3IgKSZ46lR9`K#SC4E&*26QKw3-@0KRkB_u??a`@KP}|_CI9`~9 z%{bU3`PEVEz|9k+Z?qGjrVdyCnSAzPnU60ZV?j)6Ma>-M!?}I;YRoz(d%GE-f#QP!TU+;g3T@KI14g8^qaa7Yp_nYNyxx@dY32X4=IuCeWVT>hDfc(}qF_qu_aL*$oa$pCK8!rREdNp6`5RTmV{&$z!6L^*`r?aUDjn!-7V(T!aYb}FG3ciFPolU& zw_d64wHw7@6bjbcmE+>mb!IsOGV~zGBHlhP-IeVpr9X2c{Q82F!PK2Ke@=kkPU1Z14t%0Hi!NM&a*kDf`lV(YVkosBv*5^+7VhiQ;b*K zWfk^xQ4?HR(-s?J-|D8RGyR_Z5Fuch3I-o^?zNAfAs&UzjQXy4HQ;e00|z;H411t| zV)@udRx2dml8VeQJGINm%lUg&zRQD2dJ8WaWa8m4{Hvb2M(c>S^4Nq8FE9VlMUSP4 z)v z*I2o^=eI7zlPkZ{e1Fscwl{xYow>2rc!xyJnpN^`)zW0Xm3_T zj+j?#d`!Z#x5h5dtG_J|v#Jsf@ti7DmHL2gTo9xid$-B&%ST1odXf+EK$8S=2HBs{-GnpCH(Ct% zkD7kw@|ARn?wopO%iJ!PzP>%ggYm`HsNIbyDr4e;IWHNlc=&V2c?5)o<@+GAIxm0f z)9IeYeoMEl__c3;8@)b6D?0Zzw5ELQGGj4AHnBVPZRK{A!U^^Zj`c9jlw`Z!XUHc1 z(TyqO#I;IkEC2Y1Zd;VN@bwYp;n&%(3~jQ_6cNJr@52}Urkbs1oFuJdbbrvsm%>%e zhi1|@3~nkc#*6#nGm2vUZHrAGXMYZV>9FC^I#QmscKa?Sa8*h7qg20>X^C_}Z1CvW z;)B=;uX5$3Tt{?sb)+BMZ@58DwG0-7=QqcfxIEyJbkJMfUk+J+W~(cHu(OU&D$SR3 z+MAp3i!cKoYQ(?3xd!7EesJ_^sSk0#n3y-;e@u`{$#h>YK#Ns)tUVrdF)@AeC!hpQt+ z*%P2eA=*&iVB1Em29Y}oZW!VkOXgGPN6kw)lJXJ3B6d->Kfk{e zYl>Z{bU%gK*tc|EKyYtN-|s0IRAFInJJlspzRMt|A^W9bH~6BK zEo;}eeISYMLf$It#e)yu!b)RN%Kb0peb%!zFd&wmS(n;gyrjM3I!)8tT-+E|J~J31CpI`k!}5#%-i*rZiJ}cN2Y&Aopo`VlKcaFkS57k(jsytUXpwLaocMI|kj7KXD@)bH=O$tB_q;j*tqZ80ixd9c+?ji# zvPv`fmF@xp9=Rs((OdS3!em&30$OsT6JA=75@Z#ezBOQ+LP2QitbSlt=5#VicWCEb zIwsINmU(B+zgev3*Q@mKlqj$=zcb@NkhflaC`kw-6l4446yC8Hj|LEX?7EvdWXfOi zxOJ$ke0iw2j@*>LWsQ$9W`de@DFX|%3n24tR_pVuF6|E~Zmil)>})71kGd2-8Zrw$ zxnH`&VN-!jhz=$uCgItW@Tykb=OliQ=;1S08Z;7`s^DiA*ZaIQDRBm!RbS5re;@pZ zm5Fc}?N-Z~hz6z3Ir~^bkX^)qv#K|F*=hp2zPu9a6uvPM@)Uh%CVk)>`+71bo-&+c{W z=gFGq9S=rkpme{6%WEmk2=~kQVal02_7>JUiiBYVaht(ma>8D5woJn~tJAS3NZQrB zW9WVL&?q-1IKK|5uGCpOd&^@}TuJR5VRg?t)3PzeD+xk8=E19XO4M-G0!q`*kUvSt zAoqNs-*cR7uq$ARes*|7N`duELjx%8)E1z|)@HTr(zRte6)KiR z6>XXE)y|uvoPi=z8Yx|Ej0?fZoG`D0aW6txUlHXo;gW|-9*T&Vpc|Gf*M3}k?a~vT z7%RKjyEJo-d0?bka&d0S{!G_A4PmMe+rS&V$+NO(UVz=i)$Hk20xL1sOss1(6`Jn# znLrfAaou)fI&_gM`wMSbFyK1geT&!-7z$G^?I#=Wx-1bvpw+dMQHXc0LdVhdLy^~Iat*fPzqM!KvSZls}PpXG8M%` z&>uXw*L8+$Gm-)Csa3xuWz?@;fIM1Y!Se-ZoIe4g&ZU%~TDjG%li}l{+iQV=?7I^) zqgSQbi^wuY%-v0f&ki}RXCQeV7b=kA4oG+<^$Q;kLziQqR5%zM3TFMwI3E#yJ?~E!c@f#T%+lgL zFHmCa121umTO$Ep?_tTt+djS)9j#V74o-zFD>NlCqstYh0naZuCwb)ZZR5@?cI+$_ z%@R#4u`ju;SFN^qq~kpIEh0&_(6a)D`Mv$vo9yr88CbjekH@~`2dj>q_1RNpzs+9T z&bpJUTnD&Ht09p4Oy?XgpW!yz-Ni<>)W&-lyX>}OA5)iT@RpSO?#GKyY_8T{i7{n) z{KK?TsmhCK45!@ZIXl+;WZ7&H8ifyI?$GGZq@h^!n6vc=(vL{Vw7Jf zoxja{xh%+2I{^DIJJpkB-$3mY*)1Ia9;odOnV9+d39ONeZH)*L)dE439dSI2!gNzN zZ}47c51fRTTS>sz9e8U$aR-gC+OuR&E zZuxIDxwU6J1;+`pK|#OMCr8Br!Z5O>%j4P3h^))b9;I7ETgK468l0Z6`CyhqDXIhG;;6Ub1F32%C^ zOB9jv5Gk0hj1wFXiYgjs2SV1PuB6a9H%Tk?;yWUtVo@SxK1+9Yqs_QckM4A?IPHCw zo3B^G9P3o(v^Y6dl#691R2XzD)9iRDe@W``*7LdEIu?B3+M*cnQtsElFkMyPQeX5q z%h6@-lI{@Wje~&Sm+a!!@zc@z3T3(4Uog9mnwc^3#B8~bTG$@@(dHBm#oC2gsu`* zwf&UFOzPJBYU!eZJ9YL(w(zEX3i5~hKi_hmzP-{FSRRQMcD?X4x*EGs-CBF&m_d8% zC}M9L^SEPSZyX;#A=0%!vvKuYB=mhxoZ9z-+K(p`dxdcGf(ZC}n{Ec7O7KZ}f5!*` zhHF|Foq(#dOypdLpfw_OCgN+B;W;^p9X);9#R@hAYp?dF{dZkmm+EV$=i5Z-MSb_u zdE4J;VTPXX4)?r_w`Cs8Y!RLs@@b%1+2@~lV$dm`ndED;6b~YHekHM^dpeg#nW+2ggOWKE{$8Zk}7b2f{KyHfRkVj_A6Qz}x_&!BljeX~6F>^+f%z{eemCH}hT z%{1ZKHeKQs)}F<7Kw(W;n2!Nqkbgu=)%Xp}E~Twq|5CfcsnRa{H=DDlZo0I&nb{^( z3A%jJ&AgZ1c4f^JN|Co%b0Ff1`QknHeNJ7$p!8bl4+?^NosNXRYq^b2?=^m+nuf!d zf|myqd}BpNms!ipyo&l@3W<34!1Ibv&uK!CJ6u%>au~={XL(_Oe7Tms zW8q`GVVzl&0Ap0y`>x^3d+Wn}g2y44@daR}4c|6Grg!Hr*E8ef8<)jN_>q!Qlk$8Z zw*~rmI?MQvuHO;&mJvT_!3AQh zZF;QY3EeAJ!CPAz9_kzCqG7t~WQ^W{o^nEsTy&nQR$gvX(VlEM)}NE~MMFk*W$GMe z&wGSz6nU+c3iJM&8*^|FvCjQtkB+RQeR&qFRA4G-ZY%Rz)GT%l8WfZ(SKU^PGMi*E zi&B95_1~D@H0WU7>76NUT0y(lF+fpk&m!YQtJf+`i{@19lhk?50K!)In7HUGu)AC1 z9euS%S5AJ{lqKA}d`(3mcanwpViD1|Q+KeA5G*J*yWyngB2rqTLSh|963KbiU)=IFvU zh$`Ygam~P)D_|vqZ8Ry+)J#JFn2Ay zwOKSf*z$Qa3Qyh{0_Q;9%4zRMuI^k0bYj_cF%i;iojut#NJ10d9a$z&WQ1?Pu!7u- zpS-m2Q+!B0G#DefLl~A;jFJx0DWEdQ@_M${NqnHrTqjVG(Ir=r-}!o(#Msq>lFYWT z{&YA%I6i+tAb3swcv=$Jf$;HkmARpc=46)S0RdO-A<=LRVL{0oyjm+q*bIg_x!3+$ zpB}Ca|K4YGgQ#HJ;^|=>>55s9LuvQeVKAjKqplnl4^v;nhIWvB{4G!*5*~@xB?n7G z2p9(CS5FeJ@#!*xZ!UN&$d$y*e}LLtKz;oyDnpj*kTNA9j30pb(C$o5CY!_QIAB41 z$#?mW55sU^cPYboxxc`Wm;o}AzbpAPngrU&IRW`YuNYkO?S23${6G*VNV%(C1`GH< z`HRDk&=TO2dh(C#k;%*{ur(go{L3v!_xbx#e;e@cW$`bY;{WV@73x`x|A!Xf|K;tR zV=(?g`I6zxmw2gvIGXW~kb2-R;BH)AAPo-p& z{R^mAl1leF@1q(>ev5wdBJjWFH{w|+2agw05D=>2#S)j*Nu`uSbF(re`ORlH)Sc`q zzI^Dm{#jkB_W%h;=dt$HKklsF7qn-zz8<=_08mw5OMTH!5$Xbbqa8{ln%pnaMlJ*$ z$fY^F>?$9q?T7v)Mop~5U1SAxr`fzw^fcz2tc)UJO3?j4709XS4#RAn#2 zH_iUjiBg*N|LHC#cqRsN{4^zHGI*w++1-qYKYtme2W^8}7s&$~2VOa^txMfE06FUSwBL#&naL`J^LOp7Sf1z*(^jOW63n$6Z@u4XYGyIwt zhfx;`gP{<%#pDnB&kEwr2dTqY0HFmxko9EaQGuUuUZ%VTsW$*t(LL5y@{buf1KRGl zzFjA`Ex;|jD*d9lLtTK(!w#(+&HTr-z)TOA4(In31%MKaY@z&o-GCx5Y1Z!6@?O_MLhJd-DeNoTKx?~8f($jcV z_>V1?)ImG(&eh}Ob{x2cWj>Fs2Hy}E%3wZAIyw6w4ew9R0d9LA*iV}3hBZCC4`9*p zjyCZee{A6c&JAsovklPZP?=n4#v*d8O^l3Jb41FsGmaHpv0M zznKvYIX4 zD*AF_t>4|!UDA8eB7H0o6yOyqB3k-t19z%MV>|iv*1$?Ns-r$ac6MLGfJfoTsXxuS zWB@!!XVq2YHv6-uu?+kLb^F^%%xvG2Jv!v3-+#S~`*xA}!@7zy5CyxE%P^k(^WMH|j5t z;%H9u-JTPd*}CSPhfORVMfh$`M0z}htqaGHA!N9|YZJ zY#yQb_L6S?@i07wjyFJT>2~_@u8dTj6lD-gwk<5DpOPZrcr*wz5})rO=w&Yfw{G$6 z^g{;92ufV)waA1a_c|r}>oxux(*6rY8k-4WIbhNScPsVN)q%jLMK0wz6je`o?DSsx zNaZ@CZeT~y155j|{oR#Lbqxlgk}fs5jXO(O^==XD#$w3a;uqaB3{u>fC9s}pCzA8c z-70^z=OFXBR^cTh{=^#f)LhrrvmUn}F6QHc4|bqE;K5ww@`RF}Mvnlg{w8Jxp=$M3 z#@UKcAA^A%Flf4iS?67x4f^+YL2O~~jHfYDsldo?opIc;CnJ7i)W6fEc58Y%4jL3s zJjX0~G3FpMC5WM=r`mU=x|QKPr>^+QESJlVPtRZbmpE#F9i<)dbMHc^+VyD5U@CQj z4ZFDFuRge?=b!hs&jhNpId)Iuui4>I(YoEMo4NfN%H=pG>x29>owAGocVkYuktTmRn9*a5S99gxm^Y!j_h+?3-Q zov)QvGz<|IEY;u*?6rUmKA4!s*snfwf^OoS@q!PBj7k;3-cl08F=_Z98VN0({-s}!qwQ(Yk_PG4(#;2 zVDHGOmQ&s&Z1?S5(oSHDzGBw7Ily)Y`mlkfK?hoTelq(d(0%3X7iq7&LgPF-l}Qqws?W=AWF7&457m;w*e*7#lf zIHdmcHAvf4l2IfP7;i60`nHYzQmmEpVii7rNtj?b?1mR z>{{%vUT!&qd9A_2IokHLw_8qqCjS^a2hOr!+cY$@BYzLLL`)=a&_@Xor7TyHx3-FU zc}Y1G)Brn}j8nkca@#x}F~%UxE-UEStE11Uo*0|(>}4j10n_gcbTk!{x0oDCW2-#p z-WcovvtSp%5E@MDfrhT*==)L~!*kp*tijI`_ozZ?gWH75KOR4)KGlw0ERHFNn@u|E z5VencNI`i4Y|9T{nwt+{^*ar~LMi4Cv;Tp*=Z|0J=yC(gzoDs-0Y1UWa-%eTy z?ppSsSy=|ceyKJVUqS2tl(5pN;?CxW%kX!~$H8|&9HCKgclF7aLo(xP67MUP!r628 z)137-7W?zeWtsEBGn4&tTJo*9Bl+XbxK%Vn^C-zzTWQ>O7?yvksyhFQ|JvjI5Nm7{ z?47yoY3cArH_f3IimQ?=PyUPjN0s1DkT2<_icj(k(HMpaQM08V7qN&}H;6;|Qi~HowmSf`p?O zc3q+(v*qoLQnM0Zw*~H_w9#Ir&L-Mup5Wc(*7318GpB66lHP0W%3xZ?EsWp>PKg~s zBahpJqZqD;#VViHR?znn3K_|E?)==hSL$yB+Uz_efFkE{hZQO9G9czL(LD=yqaQ)P2JJZxt8B9nucE#XtZ3PvVex#XM)3o{Ds<65{; zPsKt#^Df76BYR{mCnY_#G^n51mgY&>poeREMfc8}7rIH7=h^(%XPZq0FK9}-EnCZU zBgVVA%hsb!cY<~;%yz7c&QD$`W6(P4P?~OTKQ2-^^+qb}M*vH0yCzN0&sNPZ_?b@Upu%e0f8E0NOAM z=ZwTf^7uJ)VA1TiW4WXR0=^opPH)R^+C*}5)PCx^v+*n_!h)p=2e59Va~cJq<&68; zh1n8qG#`OkvnIo`0-uZ0S%SF&-{aor_G4COP>udGb&0$*KiBk?kW!lrCLK`i4D=X& z)JijQC8;mGYt#>)H*Qa;kKuWX2*L79SbKZ6v~sFU*DH?;@I0GV&?*P3x;8DfJSdiU zUAWArM2F4lBBySVe>2uP5!60kO1cfp(l>+uId z&zA5zHW}{XeOaS5XJlZ9SQotcWpAY${rQOj*B2?xyB4sjr1xjCh5sbV!5=sn^|s#)cR}RfB=2YE({?apzgE>uV}sHQJc< zxpmY*s$dg4=6Y#8$z18#ZI-<6*fb5v*}d&y)g9mlsb})k&EJF=E4=aQ4O23|OHtf0 zRGQZnK-gi>XaCsJ)ENL~oi*KA&nEZw+Y%o=AhJ5|WDyQo2UChNIjR1H6rJ=UNGZi# z&x~kD1hwo>gj$#9WC=v_Y|r2)`GdZ)P19^YOBU-Fi_xXn7Vmf`liU&21kr&!ppi>f zJ;QRdG|CA5m#Yuw*n9I^5Tqp<1QKXR>^+P^5X>#rGD{w6g5`J&PmyqVOI^ay?sfl3 zZSny??oTH5E<1N(xj~k(#CLV*XJ}Ppmz>A+6JlGbYB+5+Z3!2neV6=R3NP(T2q3}Q z)W~TAUZ7+c3xGb%mo0FAYs)c3ye%K81&2eYHn7l8C>_5V54$V$fcZ zui)SX9Ta$0t{sYUdGJ}!_vHJcemb_R6(YC<(W~4%)p` z9e);nkDcVGKt)Cv6NUWasG@+QGQC@Qg_8c^7YgSiq1P#al)OrHH^8(eBb}8kS{S5E za)C*nKQ!g|vqlYrUa{O?@o4Aq6G6w?udO#bgQ~z-&$d1Fgu*3e{N+PUogXH zu8`%$T*yV?TJ++#GUaCywwP}2`-3fR0Bj+YI}FN#WE$=K34kr;FXGs9MpC;oMj~-G zoUSY?yAKObO5#YV+<1GR50VI^6j;-O^$E-7i@}XYFMZ6nM022p0-&mh=@YIvqal#k zFMZZk-a1b&m+m^-m73v&@0Z&CR(?%l%$g12Y_*;{a6Z%_m88fR4`&IpmcyyXo^|wO zYy=4Zew7#A82OyiJ1=6b-(0jpbU>m55_&nXH$$y9xjnr$gtahkDg^&a<4r ziMzba26Jt!KdOO{1Yr9|bp;oh#|te6WaEd3_lbbICK0t@(lsf~Xztj_h7%v1}g$StoCq7T(3x0o#|H@Z-)yAg6WcxAG^9YY-^= zDp6%OI?ML}WC}0%`I1*fIa7hV0Ktuf%X@wI4O|!~Y7puABwTxKGc}Uus+MSt=jQSt z%03ck&C(ig!vm4r@mshO$DVfJ`t3-`L^V-RG1_0?a`)`zm{@1`qA>U6*%O z2}4-Lt*N&YJLWD$5tX~Y+rm>oO6x4)vov093xcR+A@c{|rjf)>&3wRl zGHRqK2Rbdh>kllMG@)3eJ>#M`Steg=)0?HQ-U^#?er))WcSM+n#epC)b*Hs`jh=7m zB`}d7#i8B)mCKe5ClRxGw~w6#m|!Bl6!*wyEO3LJ@p7Bg>njEsr{S9DfqPLjXp>0| z@ps6vs?m*&v0#~$;C)|NJHmj4@2~fQiyYi_YF06hr2O#p5w4y$S|X;{E5-{RIHg=% zFz}Cd671+Z+pQHYM8AMuj3%5Th#2qlz zpYD)!Z=V5s|3RQ-jlMkvvMcyIq5}%Av)Ys-)4jUDmn$2+tt8XevLFG&yUd-IrHluq zUQEFA(}+uyEQ(8zB|fo0j3RE;$Sd#xoXj(XKu9N*`bl+WKwAHgm4f$jp%YD!iRSJ# zQuY>GJb!(t43*#`A%f6ekp3BnQcxZG=lau>X2ulY2#OZiY!=1Cr$Q}4eIQ6WZ-A^F z?Xo|A2s^BEgqne$nerX(%>R+gHlC&q+9AlS;0x*!XgKcH3zZK)ZaDaH$fMr`5G3*X zbLYd>WfX9A@u8JUlt!RDVBXwpKYw^vzVRo3J30B_-YasumPD&q*-S@5{D6(-274q9 z#|rXPa6(4<`3dYH<*#Q441JZ#!=F0mE*Qg$sLtL)p9-lz3QTnA`xicPI{=t;t){V^ zC3F?|lO9y2{UJaC`h(}7M<*`iA0GbvFG@`(K}U4nJy$&}HHm=9@{fq;rJMt9E5ly5 z^Up9sASXbN&fl^i2?BuLC>~g@jj^3@JnJ6#UO+_IfGiXN_P+!=0>6ARoDB7sECIu| z!62dX@5Or3l${69)qGb$d${_q0>gaZ{5W(@uNi!AWD$@NOMcK1N*&-&=`g5-Sh)t`1?VZVV)HilpE5%dsH}LU z-DW&NYS()MYmN!F@3P+11@>3+_xtBL*f-$07xfPh$52pzCrzuJwcASwJBg}!v>Y%0 zXXa%2fyu7NpC-viLPCh3_q8S;xAXL*^}{@& z0-&dPKYvPi{h7Ik;N)um^Q+=F$?Y-F`@jORm1}%Tz|N}+bDV#M!TR?C{Cfc&I@rG# z;QuoZsJ5N$^$#t;-`?e~06L3CCMebpUP}E$3MOK{XZpORc=Y72;i6XD?6? z0w{k!It*U(KVl6s&6 z#9?`;+Qkrv9k};V2MM$+CrO_Q{zL;H$etA!xE32XNWK=_U*24vHWo5{cx~NHPQJry zNs9csIBJT#v9$*wTs@NeRhaNC|vov@M-);MH~Q9q_y8B zL5PO{H}uyeh~J~O00I62!s|iaRh>g?}y0MK}`=@}C; z19}dGE257w$hr^kHUtF+B_XH#w-yj<=-PIYvgDyL=$mkuYC}L&DP5z`VY`~}n zUoxGk6#*Q*fLIH7E}=xekcDPI6>p<|&fp&1{|);>ZiCJdFQ`KB-huHXQO$TRKzpdq zw&V2otpJ}DBE1szj)II+0U2|KL@LxV9KxwjAWcd9OWE?=I3SvZDe`8tlIF+~6Ca=- zH)Dz7ia!D7;=do*Jz&Bh(W78V;M*2R(B2*l4KB=0rNOsCwr)K16C>*(1f#@3Le4R7 z8Xe{wd^Z3-V_Tl%qUa#tG3y8Q0;etidQ@!t=Obeea~UlYuQCDe{I zkN=)OT|i)V|9TK|IBM1|TFSGJ>I=w+f{##M0joUYnJ$*z2cUQ@2!88?y&w5P9)`m3 z{-!kbj4#ap^}s@-=@oaEnx;YBj!B~@-%_Cmlz6Mt@z{ctcyU|xrBRU7TFZMcCcQQl zW2D|C$;Z-TBkcaW8GCg+^rWt0HzViO^JjtBTgXNkWZONTG~aTaE17sbI*ThsR_?72 zNnAblG&F>lGzGn{!Ag+7sz9=z0@#McTi>6seg$P{VG36}4%_>DpfV_hXWDgI!0Mg?RO#k3#oV8AD!45A)KKjALgcKkX@3tWuLv>6iNEJt0>yv?z$G=U z&UQDIIQ8W`(ai{UtPL?v_uClp#sKOkMFIlr%7BWhkC%gmJGKV4!vAXDHQ(?9j9y|a zw*q)*k?e|G1}OUWR&PxwPJgtG6>o}UN$Erztxtj~`v`0Z6U`}+F%_~71Ql07xn4RY za6R6!H|w<{t|Z&kd&CQzTZnPKeH)9**kIQoonj&t-5S>9XN)%r3BMhA}bLyK5HVgWts2uF}1S~bssRvKJUUov} z*%{xpi7?ywVJ|6-aR)*L7Rt?lm7E2JPvu!83*ke-G;beHvniNnd#%>`<6oot^b_3S6tv`1m&f>@J`jGoYXjc3hCphLOwWz`4 z`(**tF(=rZhE$P-zoR8OzRGp>2kG(uI(jL|TBLUKr&!kB&nVF_y>96}ooYa^H4vW) z^{rNd`cG?;?{xfhMxq--tW_a#ZZB|S1RKpI^z>hC739= z6cxbwhE4wU(^jajZPbvWc%Kzf`_mPy1({P;J~ph38i`@1F@fXtp;F4I$ykL1pn$kQ z@9Q`RTyO?7{BbM@ut`du&WW#rBXE43^H|?L`)yNH)_AyCS(B9i+IHFTM|aN zPb&Ghjb?^bk#r2QXYQ_))X9{3DXM@na72y@#z;Z&6nHbh#COyV&4nEfu4o!95_(&fw5juGRqfsk;6m@5SN4VK1y@gA|SiX_=&% zK>3YSkFD_pe3Xp*y+-L6%Yqx>!<%#)1GX$A9n@2_`I>(rMtX>v;*qPcpR~Io!swZK zmTulTIozu<5i72^#UdbL>64d$Bk70$4J$X})u)bD zVZVhd*l^CxDOYahtWF4r*Z5g8Os0cT#! z2X=@B*dbdFjyklJ{=9_-i>C%?z#d&V7QhheC73+y+w zkFa^*crM#_jlavb>YUF|Vs|Z)4Ctr5fs3kmnu|FYjD3Q27a*zQx}PEoX}L;w7|Og3cbJEdjE( z_O0z|7`3xWMndBxse*g0Pe+?32AsI$%5*9NE{$%crG-~7GJ~E-1$N3`R$oT?GGz`3xz;}-rd~l3%%xBLlHh1rP-F7#xqDv36^@t15>vb zx^yPO=~O1AIN?>PHrjxWiHq$?N;w zgqC5ygPdEb62W;6hp6e%F%0oL@Z9z+<`8y#l?FgCxZcH)CM$cq66_c1;axb zCFi%$NpA;npDdUAG@(9UN6l}NL>T3iSQnL5Ld6{bf1^UUd7payT4hBzr5dbxO+eM z;Nt86?a*T749^OXL($IsHIyM$FvdPqa>m4_(pBDGW=yWMRD^Fd*93T0zhCXc7@(~; zIYCRV_40v8-~Wf6m#!0{aIG}9aNLNYEm`&uTodDu$Xd=Q@GPkK`J$n1I~qo%-Wg&v z?!c?_DddJ~RDzmP#4{&`I=1U`NaDIfIRCY$rm^iSkpL8uzOjyxwsBir|7VkWlr2ScDvm5_tdu=olAYh5A$bSOXI(I`<Ew9#g6L3OLS=c&9#8*VvPCI|Lt z0lvQ1N3QClus538wtxmD{H~j{gVD#cBXit9LZ(wTqPz7 zkba&=tSZRzu2_2o-n_Wk%6$1CwbYzgy2~Y0cZ1uzx=(`WrI1kiG))^jch+%eAt5&^ zF7{qw>x@rr1S0*Lk|MFT- zh#Co|=~0&)J*5{fiX=RvBBb@595_}wt53}k%%%wRiB8KSC_mRAO0z%$6napuJy8VH zpMMq(@+NtotPiyra8X2_U@A;=ez?oX#8Qg>>pqab(jHu1GO|9i_hK7}f1Ny~-Aa^z zcx*!CK71ty{=skd9n;Wg(2gr=;^~>`0K4h-c-550hAQ*As_?LTXV&MbaQevf3kxR0 z=`xyJK(D?18JbaL- zb_s5hJ&sbQ!U3Q;xJ!~5hnXnpUD;j>j&NoWAapasF4>;FrEy{)^7-6XdbkF%ztUr7 zX#qQH&z5`TiNY)*JS;?OrT~{QlETnV2(P%G7x|$%5$xoJIr<0(13p=sMrzb}*s-S? z7YCO6VEK8|$fcfS&IEM`(l?8_o6dExaxg@i$8cV83RI2h;v5%qR3*oIseXChf6}-( zTXcNI<4fp>>KTgK}visb)W~5Z830*d>&&Vi{!AI*xyjo|( zHL<8D(krr?4N5qyCGaq_EBQfG3wT&RKXe30R1Rv7tzo~6&)(Q-Y`fD-anZU=z5j3`{F>MYG( ztV8WGcSm=jd8^25z`dbWPHw!|qn}^6Y@<(f*I47_Plvh!9){tBZI0Z&qvEP3rX41D5_V(511 zaZ}x4Uzy!wYj@g6Vscos>P%J&N4dH}kpCBZZyi;2+pP;rBS=Xp9U@&yr!>+Xi&7L> zfOI#42!eF?qB~u586eUPvLuua0qKVCUiduw-QW54yZ1ihJLjKs-e)k@SUfm>amSq3 zyyi9MJ?XMl+%_u#9fEaG;1H2Q`qhUKmgq zJh0lzwY^|SY``HZde{ZQJ0QyNo|e^%Y)4c+!^9_mmHHbAZj_#NM?v z8!b@9z2wncRWUgeF1H=XQr)FAoV7uA{zyBVx%vMswtv(J2)w=C+e3*qolMP@ZOavv z+Y0U^2&@aJWkDu{)>oZAPnvi$@m>9@A$&L^V0Z&5Pk+)?VJjl=$ntp!H%7L#m+Gs` zffuzXxxT6j7%cE{w32z%pD?%Ya_w5>CiRb{dk}D!figF)$?_Rao37$4q*8lYzS8RGJ?gNuYIC%! zY=A8YMSFyoKekoy90O?{LFH%+A%ecN0PEY@aRAV3@fA{zYl-I60tN)$tS8!&TY0qk zU62Q^+RlCo0WdJ=l`VwXEz*nAuO(!FIZ=QArQw+&MzY8VLz|zAX|*+#_(K7a7vmbD z@tZLyNGIKNpb)g0eBdeGr?&83L3a!YlRv{8*Y5=T5Wq+AT`t<>qt-P1Pje$Dl-mx9 z=iE18lV~&0|0W?-F4-c-zlvHYUlozOsA&n4jn1I+|Jblra_Q{M| z`AHBarjEA2mFvExYHE}Yu129kY)*57mn~&JDouu5S_Ag|w3Y3jRF;8BU;w~*FoktgA_3y0b{n<- zEFA)Wjk2B&p;m=e+Lo@pQ$5r5*-RgutT-6Tx3)!87d^vqQ3;Bqh@N~nC`Rnm(Jo?E zuGZJ=2Y~0sWL)zFvPSnv36S{zjHN!2gM7LXCnmH3XeXA_gXP;zF6&wugUG@!NY^j=oh8WIOz#>4&qvw$Xc6Bc|>0%I2=k4jbwMTzL|4JRnXK2+CLyFE%L66+R@OhE%0WhCnVc2vPh|xi^4dqS z|LK(eo$#ZB;h}q(@a3^hprY97#-}_+X4bYq?AN6KQ2t#2`}H_hl<9uCR$c`JkUjxP zJez;U*#G}}459e|v%i`RXn|S>Ridm4qTk4fGhkwmY2Z)u0x=SB{}8zdmABOY8}hpU zN~r!Tp^9vi@V_{ricHhocm=vYmCq>${&zMoNaGOx2u1TFy^ekV(I)=7kq2nykt8&F zT_FEkBY+xCL&pDr2_(b*>r8RSwIbs7e@lvh4u5q+f$DcDum(utCk)sD*7;F>)XZxY zfLB{b3JvlP0U@YBS5Q?H!&)8mA1CqtWfK0SvG@bAP4lY5z23@xk!|7q1a^W@r zdA;fZ21#$W<+eDe4=R=tq;k}_X?yxdjROk+kV_e8&w7}y;ZzTz24%C!yVbO(tAPwT z13(Z@E74>)ga%~$+1gFwD7H$!UBdrZJkXXQ@c>vqB-PCXfR(cxA_qo4v48T0?$)D>B7kQh)GUn}>>D2(j-^%95y*Ou-|A^xYU!u3B#<|aWi zo@=HJbfMSw+P)EX9fjl3D4Io@2;SD}7z$?jQNc@4Wf0_(|k~^e=PTA1D90U+%$EF30A zv87nw{{sQRHIbc{*zWxqQ!U1SOa*|AdIKU6nV<+kqfi~`_5SV?goL&LE^8%%f+$vq zF>;J`kVmyRO<3*AK1zEd;`_Iv3)wvB6%M!(2=Z&jK)vViJOnvafBMO*LsH>X5(2wMCUhcce1+6nDc0PZaVQqZA zvVV8E=V^U%J4h?fX|GN-pAo(I8BE3(q%dpImUjB=cc!W272NLQ)#YVZ)^g3qT$^e8 zBkDRnquQCOFB|R>`+1(*pVggB&8oYdmh%{!?s3(lPEp$V4~g+C3qRb+RqxlI^P}~t z(+%hEmoGO;)^4JHj<6eJ+qp1qa_C8#OKzt16QOcS@^#}aEgx}dEByUidoWFZE;ZRX z>kBT&lhgEx@-MB0m&flLm*0q5x6HcE&8Tc7+6){SST}#%zx%MC^r~ytFhDTI)&H2I zu7Pvw`ajb$Arg0YmMyz*j=Hb&dQ>>L99wN)=PRzZr!Os2AK$mVulgc(-#u%^yY0m? zqUEUI`CMkYsJHON`H8j;d%U1%0&6OF$1^U&_rZ3vzI3O;+-vu9& zDav&MJUmt zdLfc~TY39#_+*bs5?5@JlV$InoNPC0F|{R1x7f39tuGQ~&@H+y7oZcdu4K;5o-ZHf zD`gru`hGt2)oFIM4{!4CqgAhEPr@1A!L{ByCo}Ql&daVMI_yV7UWf7lu!CO*oujXAU@b7EokG#(YPx*&$rSwO7+ftNeJMwG=>Fq7QCnyB`uivIxMeQ?Y4GRInXO>neD&lk@Zv0%~j3$MP-Q<$_lf8T~NQfC1YYFcx%{apA265 zA|mGve-HcewDU0uk*%#M9aIJmrC*+4Kj1^qk@xns1X*hCL$^TQ&V z4OGVTq=W$yzhflHHM7O0;4hg%#t+b?dW)G0 zqO|0DmrKXqsa^Qq44il>+PNnh2nLS-&3`g_oap6=w&3whh7M_jBkuP>3ZM<&+_7tm z%*JybdZTZCks~ga55DbWmX7QGEzi>p7vZ&e+H<0x3*u0Bb=!Oc-W>K*N?{9nJPJvp zHi4%a`s-^mIxUx%7g)YmMA6}becVrF!!WrjXIt{06>@95Th(OsU0>WcD!U_PCqD4e zYi|I}>vT>z?8t~C22J4Uxe%Ex92=6jbVMtj%`UhVI^Fh|xU(?6`?g^ow2BP8=lucG z2BjEAxxBKwqZ;YocxzjHze2*$1~$BR9z98Yb3`klHO9BTf^QHGThbxWx1S|tec*xj zpg{HU-O&PAktPF{utJ6R!hmm+<5?T@v$RAJ308VZ&>pcf=mKDdjyw8kcs{G$Cx%<@ zE!E@8sYDX2>CC+`(>A{}bJ=hu;hMbn-~3ZyAvryS@XXe4$d5J;5yBfN;75@DhSbJ= z++eG~0Lt3|FkLggJRyx0R4JPa)r!RVCu3uBd=Aqba*Q@kiR@EsP{Y;7jn>}oQ27N+ zO!>aVvQahJMkn5KOB;0C!x6l-^QDa(@m`UEC~H##9kTLaNLyc^$4K+iCkE2}f0 zbdKpc7)$=0>g-a#cAB~jvz@Tu;k;tx2|VqcSs;<{5%T;-)P@WF{aSc;!@IElCeZ*B zi&XEfPd9>dtmMoA_jQZAry7QnB_57_Q9G8@#*`7#K>jDT5mTyk03&eXG;P{=Xcxsa z1M{6epTVMNGGwCiMJ=%r2B&hpaPLI8-|q5PS>}2y*;OZ(h01Q+9`mSNoeQ;e(n?!W zI9}`7=z4$iBIrt1sos1)Uf7q7i1)7XT^={Gh|D_0iZ7`9YkTA+{e4R{wL#T=lv&^E z;&+$&R31C)Ymqh@`#VGl@ReDL4##)?`jzjGF6^p((~1ikWNjd1?)J2)t7W09I;GD_VbsIl)0Vl+xO=A3;~5 z3mr>wqY=9A-Wvj2>W@hQ=1G&@yt&?1HZJ6lu+jHqFP|UXu4t1s+!V zDimuGTg*N;?E;3v@aqMZWu5js`p(NtZ)gcNSa+p(;A11a5DmG#2_1-mBetv2NWPEV zKo6YIfm{$w_s{;ONr!P7aY$a&I*A11QGT&zhM;qXcLUEG)`oAFtk8+Gn3DqhreTirHo z4Cm17hO<=fU}mw0$#CST;IFG^6<=v7*`M8{k51vmMQFKx@AXv7_22EX%A7*0INdF!XkVY5)bBzoB#3%Iu@8+W+;5eu12;qmg z5WBm^B;{mMl-z0@L{ioW`-{U1=w?=PXRVEbK(u}oQ7Q&!{SsQ!X+)+Ju77=>q>Wkt zqs`!!>EpNaU8MDW7@HFo+C@$&3{DS6scL<8KAd{$v^?SR+F8fjJP>7_eD;${((dKF zPyI&SuWY*@=I*0o_Oq44ODfR+CJSse+YDde)Ii>vYP!_#C zY{(@<+`rY7ZMpc4Psjn?Kry8;FF8DGn=z*Pi^2+)nFM;Y2JpdxL$d7-9MoQbDp?|O2 z3NoqEME`?tiJf``q9Y7YL$77FNduKo{})6(L`77*-NW&fl{6$+s#g6{Hm9$t@*A(d zTE)0Mxf&kDDYk^Dhg~k(EC(J=>`1a&)W|v=V3Z1Ire!iNO~%3!xYEVEWAyB2A9tN| z8$`_4>JB-@J0hg{m#SMR^a?TJFfq>35XM6TcgE91>TX3B7#|bzOQ@)_`C#iuxuMt) z>3{)5!d8GdM!vKkhQCNxKK_(Ixj4@F16C%ya2h`S(K^s=cRFG5VV^$Dfc+>cTP$~o z`7v&iy++*#-l7c^wOF0MB~BJcyN~K7ols<3!aZJnmjW2SW%t6)B|qo#8jGKV2sPEZ zh9@oXFG%Ye%7fGU7(W}{5?koSb zQWb-g#W-UzHffx z=$r8;rA3pW#W|b%nyqWUg4yBFgRFV}%C*u-dtD69m7B{xAGI2NRtb8d?+2UXFAsO7 z_XOnn#x0iIn_RH5S&7tzd!L-*bq*LPwJob47l(jQ^xRg~tp~b_4x8c!66ocH6)!(H zO95PdI=}Yl20HkeehqMV8V5VGzJ&*0wOXjvHX zi}aVhwK&Em@73Ne{fqOK%N6e4m>#O9y@4|^MDU=dT6_VE4?pAlwTCHQF^IBA*?4`W z3_92neY4DA#Qm_%+nSw8IsH)!*CdQ_Q^H01yf5aXK7l>qU|OLxYLasfnJ%m>OwcUYWJ8ctbEYhaT?%NrWd^Tx{D`g)YD}x<6wv<-?qw zZ;j%5v&>f#aeVo~VgRhz)h{#Ul+nT(qoGIuQs41;@;lk(6~U{A;!n7Qq--*u)tRj%@&W9LL2w!L zAu3C;<=%xYj@-Z~8PUmN%v*x!@@pwrVT0C9IKeBeVlqFc!j_CbpTE?4n$qUJ zN!63a7}wC@`CNE6apUn)*qoPAmWZ&f&1_KJFNu3*+vC}HBPfRqsWRO_K*Ofl%vs%% z7*-71lzeeNBBjlsO|ZlsYke+1!K3wgKbiHEZ}PlwATiu{$|r)0#z2`Wc%W14Qyug& z-37YfQ+_oT9CnI~Ec*V7@Z#@5Ta>y9d7PX=)6y|%Af0h)laijRTMF|%1aVbTZJD_i z$LetvD;I0o z_|$7uXUGoW7+_tuUJUKUifHw|()_4h@+2H)!8;f@3wJ0%yZrnnUdFJg{;NArZJAj= z-c_yZWjsAJWANKoB06Y9UR1TzwH2Pc==_Q2S2%XctV{nivkd3Op)n%QBXf53QF)}D}$3QQ) ztmMwbN7~^>A5;Nh($p>eG?nhh8$ck9lj8;IW#FQh9|$&b1}2W8=~zuf2=TwNIPv)vR zN}4R6f!Hk#BM75-;8@{tT&{+RJ5gSM3*09QF+M!b$V;4g!`7C_ zeG}4lwKHnDE^b~@6216!ST&qkbL-{ZCEmvNngdbvHdE1XCGwkn{k>~wD!JK)q3`by zR3s~FTKU?~dCL~#pvwmvUbN_P;Qu@6C5z{a%a_u{QU(;%KgSQo2Y9YwWS0huQrw zTK$;iA8l7|^Ae3!DzlzHl8>i+B%OM|NqO}eNAz(d8{7x2e;5>gp^ofR;4dw?CI4G< zMA_CYBV>{I`H1F{{qpGW0!t}T2qj-JH9D4AO%W(Kai4A{_MZ$DwR4*i6M_D+1%-U9 zu?R8D@XssUrkV{^Pdl^qd2&Su{w`;K^*n+CWx*q!QX>n<2Chk(Apts6J)$K z6b1IMUs=Q*KxbjE-yyzU;y1vuuEqk3-G$)~u~sTIWSt${ge2ZzwBTwN29&(F(aVX( zc<=w^ZGcH2048Bo_C_FCpkA+D5Nuo;*A;0p9!Y`+J*^fnzlRNBEPAGbyes$#fOXO! z@Bj7&I+7qO2lPTP**fx(1N^}451!d}C=$ZuHM)}j(0z0_q{79K_a_GT$A)kkfnA5o zIfj9}*ag^;>s^S@7+|Pik-UEyD)1!U$on(@8K^pn|7xJXlN=)NuLkZ<53PO44{ih3 zAV&_#KI09kQd%2E`9K(dpvV{W>sPn|p5zzuTL!p4GJ>)O^8wA~LJrBQ0>EgJ6Y}rS zrEJh$-`%_>oNs_9`GyAGN93=G82{Hq{6{PHUlZ}K9r3@&?87gP zzwN^ZQY0k!#3tm2-+sOuzPf*Lb`-fijp6+o=K4|YV>}Wz+(4HGmJ=~lzwBX7I0TRr z((1L6K`?B;Fk~~Ls`r{cG9h$uMNJ~WlKmhv)O4yeB`ApvIcsQCF10E>@6Z9q3hu3_ zyQlCi|1l;%PQYV``$z1&rh7v2$0m9c{B09?Vu4wY+0T#^Kri3BODT+s{Eb)O5BH;s zG(%Lt3=RBc-tGU*yvqYlojuWRpJ?=0`fPBFPQ%?i=FZ3*;TRrw%B)&C`s{j zfR-|F;^bWf6^KI=Pw!CvaV38lVfQ~qSb+L(BmCqZcxJ{mQU90Nkd=o5PUy(rp1nl6 zhJUlGGk-BtE`QtAfEe)35qaC^)&Bu9{o7|T|M6L)|9Yu^&D7r*;Q#RDXG>Sk=}(;# zcS%lq{3!%iA?U2G`qAmH6XjF^%i7KZ%-UY<<#)w!j#s^7)S{j@O9^K}1!KTk1Ey%9RW!ABEvW;+0kIZVJL%io(A8i$u3niT0x(u{g z#raif+$^);lhmVayRDnHyV8Aodd#(zK&q78ZUzfrKkCK`H0h!BFv_4m3FU7}u=m?2 znzg`+)(J?7BX@ZfKz`*S1uU95p_ClX8mM5eW7e#$K8$?PZ)RC7ZkIWyQml1P&v@?l zibTmwUcKCmWMWhyVq7`cBYbnpKXxF!nc?&;Aw8Ar#t=(~Z;j7P%O-4EJ^YIY z-3@b6MD*P7`+0szZpnJl_=Q3)jgKRoq}r-U_wSmBzyG+kcC;#(;$vA6`@OxTJ;DWHvl{;8 zvN*93KQL?y>kgo&vKH`{ZMXYZ$5NDOn4lq%DGEsy)3*mn06iaWIZ;!&Ujh!~5Ip7d zWc51R3hInbPy8^;hv$V0(SPEt%*8xuFj&6y?a(G3DR4UHy*9xv!zF z`J6)PY-hppbZ0N*4xRD0s{M^hA`<1jlRfg&!;9tyvgITm64sH*U0)+csQ>w~6akHR zKBeIHXqS2xtJL`%i|zVz5^=~QC4$ji1s)=}RDXzEQ9R8(d~Zfg{lrIoq*v$qK$Q?$f5KN={%+~TK4cl(W6H2oyr zcD|fz(P$C)x@|s;S>`aVY%pzek+L3cVB>!|Zr0{!ex=ouB>KL;{e4<3wMwtP zebR<=mgo^poY_O?7nOP*wyCw$IYom9rzh|{^(=|fWmxOc4>P6A;;`wNk;c!f@mF$? zChO9^q!j$sB_@0_qr)?S^~Hy3AKSc^=Hbr=H00F2!$y>=exysd$~Em2^7i3 z$-5UeIGVH4IB(!ft|Pn|W}5bf=66!MU&olRst>5_iqD3(Fz4q0O~T9<@x^h+hIKI^ zMB?{koYm+p>b}-4~piU7u@j|Bv``Vtsn8Cz|TRr0-#5Mujc6^fZ znqRV|BL`{2!f(o2jw=Osbt-gFG*i@@wnd-+TXK7tm^4l>$_CR)jC31TOFD+Bv>Z3 zwua%$YIr0cv`l~j*UxE`=E34Ga#6ffuN>1@qPn+Gy~3#{S=8qviOvM|Jv|#)yvrU$ z_0YaT#pOq(r@6huRNWqrZt-`{uL3Q4h4@^B`&Mz`ULUD%zvvZf7^J4O)W|-clFg!@ z619#Cfz?`VG}ui8Pba*4o zM9dqzcAw@x+pV?9#5b4Q{>BDA)i)MuUd}qqv#1rn))}G^^LYatLf$iGZk9!Q1rsO3 zW|y*K5#Pn*U{c&3r`Y!0f#KGIU6+NDw+vCxv;oGo!x;qzrdK-0BL3oj#{q})HYXGJ zvKybrA>QAJytAV(++)xrQRXj7Fx#+qX<%n-jS13={0e(4h4R2 zG_LS!IA_V9?M>_pbV;(piraw|;V>&2WBhXwZ7fxsvw7AM) zu+GOULCf-(UPsRtOu&=Z0V2RB2Cyn<+UJ0>gdsMnSx+^%%r6jfWY zaf#hd30wN%G-OQ#4}XDIkf@59Go&1JdY_r}#PgzBgW{{x5}F`vo)^ zl%thI3`6O`{u+gu3#63VK+81!K0Qc}ZSrasB-xor%{~eyB&GRf$;SRzZaPo68k;I% z|B{dsDqL@!^>H**TQ!-?CNQz{SIi7<&*?XqRkn)sZxXq%k3V;Ia4&92n*a1vvWs~0^+ zfL3f^HdQX>KVE^M+XC3Kc3h0RE4Hjk`N$SBMp9|k<|Q*ud5pw2fcgE5QD~|`46pk| zjUgLH4l+DnJ-`9$kU;|l8}*+Pfrp=harwZ>c8~^#>;m20-Q66}+Fxs;%#goU#^R5E zzQ7ie9-0^^^<#Ncu3mjP#%EMoGV%HN2W>3g;?@~=o<9uxX7dk(^iTHlrXu>J z!`9j)kh{Z(dfDm}4_kto__vep-dVn_7CRMn<*W8~L^pcFv7=&c03%H1L&^BIl+mTg zy~%3bq06&HNu}hvmg&e`VPWey+!fPuNM*B6rCt96hFt?Tn~CilOir{>8bx#Mrom4! zdwr?$3`WH87AymKrB37Lv(0c-wWB8zm3N7~wY%z2q$h#&Z@4PGzFudiMTgG*ga7v4 zPg7$dX@M8-pz|6$qeVt-UBYkK6FF5d_AK(}%)3a0-5MR@*_B^#O`vn`g=TR4Ah==d zK~1o&B@*_2r9!JBCt^t?HcxPlvTlpIk?}n(9ke`V=iLTKFI7iQWPY;6u&p$0h0b@p z-E~gjG)iRCDSCu~LjrSI8_`S`a_neb8O$23wV7N!-dTV@>jI}GdDl-DSPo|LfffXV zrceKDtp-+<$3t&)oSN1ao+0Rd9HM{H#!T|X1dcra)xVn-`yQQd}~tmUJaPD5@s0jNywmwwx;S9Vm!oTeWTS| z-%FIl!I3}GZplu;Z*Z~+D%24b8_>qc@<6wVbJvayri5V`k+9FL4L--mZ*w}hbCR>} z8Jy%;;Xn23-%VtyuqvL*p)H>wJf54FKrgov!Ll2~%1n{(zVz@_A{$XqPcQsrVbuLu zCF@(72nHk6v)zLI+lTdb!E`m4MO?{Pg|2PPRTA#Xg=%be?07sb$8#gT3TZ0CGzLS4 zMthsULx5Z3D`g)x(p1t{=6mwapvCeClEcB^+YsE6vTb7J68v-vOw4^@ z1cypl4x|$iENyOb<~#)r_3THLOj^BkWoHI5#f`=W6WGZ)4QtSc;R3@l*SPgBZk+cv zwonjoD-VlA>eYeKYD1!>F`xo41S)_J#W}ZeYrz8eYL>M^l~ZZjK5jDPv>u>G{f3>v zqP*2RogRvHV8yvRkxB;SDCW(23jyZ^#xKqei9+z2}YzO3w>ka3g5J-J*vcu8kqNRIZ zeiNZ;M4-_xFTV72MV(f$JZ-WnS^m_xc2Sa~iol@ zD`oU@#N;Po0=5;IrB8vImrIYT$#w7%H?@;Ax20ZLg&C+#RG5Z^k@m<5*W~BE^IZQ* zV37yokAm@Mg!6q&*_&Y79YQcb0g_f&bD9|056^zteGa$TQyDJUj$UI3(_>o}wm$J% zE189F|6py5e28Ao$%>zMQ_SmJh06L%&3<1ad&wXYZz8H4n|!tp(%c!6wrJB1S)2}1 z1zyCQ{zl*v`Iagmxx4~fWn?sl_W*ubT%Mga0SL6w;P;LQJ4UFmQ=P}oy!60CrCF9< zrK#-#Bc@3?IQs|wqMw4^ihxEeR1p%QA;*l2*$ABgY@xRdrFry05qy&$ska9NnXBDj zYi@8n5*FcdhM?e`nCI(P2wqSCL#}&e(02{q9apHvGBZ#5L-dsci7B0ZP6V2v8mn6v)Iok=vRR)e6DQj3`DbZKDGx&TWo;9_hsd z3d>%8JDiaZ4^=EiXNJy63acPPy>Zpin|Vqx$#$6pzbrreHste~XJ|Cb8c>DK7un6% zp3pz#NH*kC?nFrGE;8h8NKo43wvZ`?NlP={Z1gaUMw~4ot0o>9oqS6MS@5lg zs)rO#i@bs~!bNDEVR!q@gDN5QL6KCF%w|~v+2pQv`dQ~!Z7QB&{0Wus#Uxv7Q1VqX zR1_DopDhpnuHGZPxXT1(AN!?(jAK@IfAqL1rL$z7BYf<4B~m0TBSLQ{hIvMs?Cs-q z9deOjMH&L^;@5XnW0i^~AzS8!MoXm1mC*Sn%pQfKD`r+f#$h@#NBwhW%53Ih!_cF?a4jABDMHLQW z8Kl4laFL_TFZDfl?)h#;qY{e4*{PLI^~-EJjB<#mgxK0)Mo1X8{MI+)p+hR3;QOj( z^ikbr!|EAqH&rR;!j<&w3JIe)s84A8FER-5A95B9X9Eu}JHC!3AGV94jj{V8yGfPfRG^3bq77&v19=T#z;+`_zdXwu^nK=bRY&J!BchK8wbtj0Uot$CtSm5`4 zhC5J%H6PLTY7Q100i$cFwk|`B7$f~`@N6*0xP}A=F<_TfnmDIP701_M{dNtc;9h3f2QvSLTHgg>@Q4*e5LxiNA)_Th4VeCdY%Fh$KjZIs8WZIdy zErwqnEgR|-JeMfMhD0h_R1}0brKkl2FN|7pFDiqD>bz#_rW&HX;fS#K2H()fXUx zI!xd+I?tbQNua;WyhLL%K;NjfSPKuK&jnA6gzf3)7 zmQ})%5PFx-_^?E;IJszK#5>tIfzep_!6<~6I%MPA*__j2Ai2l-LaDZy1^+9BWDc&Q zsVP@Wg=^}5oub+BU?CHea%@0Lb5zWk@5OIAxhS&WElCgQ?gzSwmCjzlD6Nq0N>U&xiQ5rEDU^1=|3xF&}DuDf0@_oyJZaK|Ns@Q!x(|E{meiNF(-4a!#>O zXM-3q>k0)ptz-9Vo%UK={t8FT6*JLRw)qn#wSsekokn^v7+I}ikDVwLeo>F!r0aY& zUcN;n7(M@iF>!cZrokmFXtL5wyDyoybFtF6Q5qcE<-Trh-0GF^;5qhj*A_qq$at_Y zGGyRSD!vT({?4r%C`U-U?Y99EM{O^FCg7LFz^LcRI&~N&^Zk6q#L!P61eT*8s9t>y zvGu*Wl%cBVoY#oGLqIE@zejFAl*DaT{G_dHp6-DW&e6f*n*aXtruXT=Bz8QHAJxeZ zE+a%p9=^hu6Ta!%iSXP;74P06*R~0wfY68jZtp}LhxK4)v$W$vM-G^a(8{xBbI;2; z_S3U-ey`uFH-m2yzq!p6%5Jbjdn-@;sf0aQ@udAMvH3}7@1%LuJyj|*S)x6}cWsZW z>9(`z3P64jX13?KSjB3;abcB}ZF~>(Kksi+eg`U)>hlcoCS_a%DZ8EqXh2l_a;gSy zqyOV==D=&M3S(h_>jgQ@+R{_`tmgZ&hXk>OGCov2{R{;s;HlAKp#=my1i3_!AhuKV zzhw=Yj8p7T@ryl7^zvM{JEy$NzZbd)dXfwA9r>8aB^G}TMPiUhng%GgId2mID=8f_ z|6_0O8410##|Ly2WUeo>mG?TPH-QW(t>N8QO_de*Lcee0z8tHPDVE~n;}gC7Atida z-VXhk+yeykuk)6!6i`syL3VIMtu(kXFn|ddtfTLwK*FYe)q(=%(0eN5MVZ?j@|8}D zo6P__b?PsjY#i?Pvk z_5!qha>lNHJmzW3Lxuf1IbcoS^9??A7!*NBEQj?6BMN*$MfnRiS{~iGEydp7Pb_H< zhR1s)c{cN;1iF*wk z)keasMrEQm5Avuaf_BDXr0is^9z-6H0f`* zG7$lqoR?KCea@WpsR9Pii+)H0$YBEIe!2xQ&JV@Oy9G%_2hX@P@ALQadJs&SuJB5tSv8s3&%$LR*jz~i%DC+v=o4EvIY zSsv$j%vZ64!9prS%k%y{SFB5qA!W01C?&3Nn}-zXzUo#}bGx}sn(`Xjz$tzu#*H=O zRtCiI=^MlFNMrH+rCVT$4Zy-Ar2bO+OgxA!hH)BH!E)BBpLOXp<7{RL0-eh*9;8_3 ze@sjVD&s=(gm|26p1f?msTe3=RQJ+lYg%~xr=V zqwB3BcLw!PGkgi6-E$l2^c0ZUByxr-z*_L8VR~9N4wa!6K5%rv+W9m&ImxuL()ajr zpn!5Bhs%7&%}xz1e4u@m___Dy=3Q)v<(A?;9w-DwLhZ=BH7{R~J(*1va+2rbggPoF zGbT~^Hj1Dap_lL9I;YidcHbuBZuh%T`uQnX+gA+e1qBzO5Z0WDap9+a*&#R3ZC4F# z#EMsd%W|FJuayJ4t@F1h;}dG&^4uk#y#V-L>3Tad{=FUR>}FEQxQrD+$Mjf6%#2nl z(0KnoEiEmQq`|-?6Y>_?CqR9G0`%^H2$=W%xCBh?{1eey^HNv>f+3ZRawGw%JQ%Tl z!bJy*08=So>NPRJ0NwFK3)CBIeOrx`9jM(16j;1v(ujo((KpSA9_-J@*aU082%Ju@ zQ}@yk0gg8QnlRl9(R?ANS!s%C}>eBbsyNy`-1%HiAVanGY;gm`rI!oZh%?6Q~rA0AC0M z`@>%{HC1uJJviahm0alMXXPo0cbnlb--}cJ&UbgU#X#h)&*FQ!56M(@o&m?4YQ4F2 zR~F=HOf}!#;pIDeg-Q2>8%!eS3T&pv0(ZRJNdMMou{Lw6gm2S0{U#}Vnm)&B)8sMS z87ZSsh>?|~gGqvK7b)LGa)6@Kd1!u5o=!7QsLIvdQ?K>Pw57n#_x^Ag|HPp84`$P5 z7mo3A!!JxUe#5(xYbXAd9mXRCYD)a2iDR~=3Xxg43`;GGJC_C$nb!K;Or}vO@Z?j1 zG}bw9A75ss(5o~%XIxb@q}1P92C4UNg2OEKwNlXlGIBI{^-wtkpBf6zSyi)*@iG9I% z6%G6^p0JGN0o_exYpO7Nz&u=1y)^ypi6#uqs3kXPoU(*gwM+S+?^0aa&*IRU;r zdrBPQ`|nf_GIUveD?s`37x7`=gPu;S(QOpg;e8fDxR(aL-z|_(yxZsus1|qA)*mZd zyVrDMMCrTs*Tnjfm@dy!MBs{S#u=>dpiJS^cfq^Of-A`a}oOgJwYwooGY_RLeHMi5Z?dwXP{n=9iR zr6ewD3H#(n3SnppTaPBUH-1;Q7eh}b!rl%XZYpfHTK7&$_?@d{ctvU}PJ1{$8_l&5 zWqD~}L9$tIKex8LiRE&#Zae>V8i_f+?6Zb$l#*5qW?eKo$l5hHJnbAzUpN4{O;*QG z9`O<;PUBP+K;*wY=RZ_9n6*ToD;s&wZ`tza>ZHnDEv=l_JwYLoKIgLfl{5Lu`u0Ti zgUJ&4$=+iuF`NZkq1XtJR~+i>tzVsEzIuCJ+t-uMOmL3O1@9h|Cd+)|dCF?ufjw`j zw(an1(X&LOfH0VVcHlrTjravfLZcUPjR8q2F6SHKf_bvQ#4J&8AcMvW@|JWUiEiXHM8oZbNk7eZhL_|21d$+` z6j&5FMdVswDbO>89@0Ib0{e5}8Nt!=gM^-Z?TyzR@jW1X49#_%Ydd=~oSEzBZ^oAzd;e`^gMO8Z zvWVY$V1r(zo?(e${=JBl7K5*b#j@aRpZo8A$%FGJZYO!|r>Wp3+SS|%*&t<453j38 zllFg!PIZ(2%oF5dawg%ohjCzT(39QA5Twu(FP?spyH8}2>sRB z>Py1@!etPVEFgi0ULFCPh66=w8drM6s2e3H+Qttf=T_r3YjY{eOIUnaW>6iPOB93n z@FgS28lU+|DeU5Kld?0CI&HSimwm*EN`mSbWyD8ofDkT*d9VC)5-oKJQj=Q;P&yNU z5luFhrLfMGh!6Zg!!~pA>s?Bxx`|qh_aQhNfmO96uSBN$Ypd5qg-@kg#7I2HW7Hi) zVLP{KX7z)wtTm5jsvR*&duXFaqLlxV7zl_{fZEKZaO}oLhp89i0vv$^+Ym*L@D2WL z_DN(IpCRln=f`;yqV`jxT915J)Jx#2@bli-L^u0PRt41W>`+g9Cbl}=gl{A0Y>Aw* zHi?l;%blG%L%X$#F$`=Iw*nJco<+_IY|^_|x>y*|>|o!8T)7-6R9jslg$PdHl>iZ! zQk9iOt6OPmq6krQ=K(2^X6F&7fhmv<34>#DSPI(Ds>p?7o_7*rpueL7L$=hIz+o7R zPbEaR`w*<-fpr&ZPN;G`i#Z#%U{v`K!&FS&nQPSL7DS$3y~s4 zpg>;pfG^^G`ny!R-|aW!?nNpbabw9QTeB|L#D1?CQn@3EPc81KM$agWx<5TUx1@t< z9hk`U95L2SBAsx?0byaLM(}367%*bbQ4q8jWl@j&9?zDkFS{Rk7tt*}lqwl@589;y zQMm}|*O^{+Y)DrAu4cP2y#E%3VF-}G#Z)*+2eFKA@}>5cd!Ex5t9CsAHOL#NNcqLm z#k!g+J#@yZ7Cty$j?O7bqcE~N*(5xJLJs^6J>;4kA2kEyc&N!*JVec=>UsBV*#U$s zK|=cDN8zw?y>bfMshVJ|d?h(BYH$%w1ssTMzlig}a6JVWl3%!l4oJIQ(d-6_bS3Q3 z%YdkIW6M%u@ZBi(bM7&Xt-8NN1pS|r3s`@A0g(d?M5SSVLj2MPm=ZWsjUX#)jex~A z*mFToepClP#Cq!kPtW34zVzDlG5FNx>7wXIt%DB%RiSnr4DhEjIPrXrKJ?zgb2iiQ z79EHaX2)K?lJSNlG1Hk;3-r=t-kf2iD8uaS@~**onY!Ip zfntoGuI!LfgfO*icaA3uP-QTb81&4PdhSfOplDGwoSkttW<$I4NRVzk__*$eRQN zezd@#DtrDNo{WttXMI-v;V--S@~-SdAPVZVah5vUz4W8!$T#QmZ$Ec89vCc<8>(>; z|2-)tM`Nfq^+DJp|G^)6v>bJBztN^hx$@Edy+VS#iGG`Jq*9_!jyWjA9b=}ifKGtb zJ@Vb|##6vdf&y@LHcEZfJPKVU18jsHHAT$!H=4*V_vC?z4sgp@;5#n9ePrn$NK)j0d%VB=cG z$u9*PLb$K|6KayK4`Z%>XuYi&a)U_Js;Qdh=a#<%YsNI0OMyW3pBf^68IDpz0dD_M zLz~G?;?t-Y_&iBZYJB8gjXzDr%vqX50z-+WEZ)B4wNGtTA(@!k3!w?L0*T+e_w?TY z$7I-tE<+5fiAG9i7%*XLyqt#ghtgRex25A2%73Q_YcQ(!d|&n0md5C4Yc7~Ea@!&? zYb~vwVw&|ab9d?S%#|abcv7icK^Mquu*-;CAm1Ma<83O9^E(R8s)Y1`M7!+u3)7#Di6`GhUlO7*SFjb# z|3M=04||zZGTw-bi)SmJAFj!`)qW;5MhO z4dKn!J^Yhy4~;N^Iv0lPW?`Ag+Nz7bWKSGiR{(66&wcEy-oaUTuis#uoH*3!zj#B2$xHA}4h&Qq!&uXe z1*naJWtk0{-Fea0y~kHWDImOteI%tTl-w0=}KY{-@iF zf~Gbie+O!g+;Q9xk@xPRsn8H)aM$mey`i9pHXEH1_*2r%A)-sklpmVq){TOx!uHan zPl|I8f+>8kbW!4j+{@Y_!cdK5k|W=;WbWK-;7A5RZc`>!1|2+whmaPmvIQaN<-=rU z6tA+>P)tw~WE#aARb$?s?loNr19sWZTR#j?=_CSOY6rdTRhl5k>u37m7FZ7KOJhPV zECNRoG?2%fZINDszA5kw_yt}{^SAPiNn#@AMb)4WX%CWV&I8}yrf!(VGzspzY)=v+-{T)=zx zUORo;McR!w&l5CM)Uw-*q%mIy2b;g>N4`1Q+h62QeEnz;Pm27f-h-gY7T7JOfDbS* zup5v-@gfZ+2B`k@D3934`fv=7X0xfD%%%P`kLvQPzo_u{xg%G3G=~y*qo*?^aCq?l z4C43s8sd7BxpP>5VjZ97+rUFiy=o4kEFu31mRYi{52^El#7nr(El#J~!K52>a`n!Z z&+3^Fi~5ja>uvYpU(F_O$!C>9i0&y5^`Nu1k?yEWX1S#hlpWPz&|F{nA^6&6iV%xQ zoNKRZF?Dmwh#nAND|u+4cK)-C<}!fXq|cwqgePUg!=j0ahNLHm%W|7~PJ-0K8u(?1 z{#9w%{@jdJ%;(~BETf{dc}ZMN*xp6_&T8GkH{Uk(h_E;sHS{Jf2T1j&{lx~AhNF#q zX$EwBnaUC#UUW1bup;*B7(kdrYzgI8{3oxo{=^Di&vA;*se`hU-sL}=`<*DhqRitX zjJoj|m*DNl2%bXK8{5OZXbK{W4DJAtcseV9c2JcP?(>P@E|F<2#XU^BpasO@>=ZGO z_IZBmmki%$KENx2QA{X>6Dmu@;KRI*!5g!d{R66 zYHS>z$u(TK0*4u)J33Iw+pBB*$Lv~h>!s?l32xmnmtEh=z+Z@Yt%oKnQ~vpDSHP0?6helBxt;|hI!Cm1z2VIF;P z&CNQ=MQzmmx!onVpnZJ#8eZ@x#jf4(DfmsG6YpV^w-83IlL7LwAN;4Hgw6* zP3Ttla&{qg$}QDIu|37F{j82^-;=Dwa~edG43fS1MAQ|3;I_pVn2#{X>1$WBIVisd z-k_bnX?_Q6$gE(44Li_i20{bmn6@;=98fXZu+ETf*~j=`-<0Ufy9mt|zf|0QQ5f1Y zX5oNS7E}vOFg;#A$K4jHXR6s9{$c0~B}I98kh64=MDUDL;8dEtKCQ~Jyjl#Oa^31< zZ**Pbm-$2#Gg_cTt4^Fm1vR%DK-rui`E;wVM&uX}&|fDq3Yp6%2Kk3mc8rY0U9Oyq z-yS^vfOCWk0vlS9&J)7F3sj6YXCj(V_ATJ}ikQF73>z&_EGMXjTs|niX;Zl&PNNd_ zmS&D+po<)hpk!^N5B+o2igKZS`d5PEzv^&&O$#{2o%@pgR{A_Pq_{gY3s2u346#+t zXM3(m<0BFSMCt853aAlK0tfP!a+iyTMOi1~sQDk7cG!FjLY{wt7NJCp$Ae?aEpNi{ zO5c?bPWx%!>55*Ytvgc!CJZC^Okj<@J5v*Wb#=A5J6-L1ec|SPb@rmg?^0V728WJ3 zH~A49$8QJeOXgvE%npg`i^mo9ieL1}An7EsCZWQAO#nwrZPy=i-((Eyj(6ukUD|M()zT280A{xL>GnU@lk~8#i62O;xx*Ld=C#^G2&sC9Q>I%j zn^0LxXKba{=I>`cl8pu2Zt;RCSXh{IF~H4{m$t{3%T)8H_UiS`Q30Yz>HQrm5#Ld+ zz7(Dk)80%mFIhYCTH-0j0V)-%(E>t=)cZ5d9}b5<|K*XP(&tdimi<~4->-gP((+vP zO@D<+RZlvf6Uq6W1lu$2#I$o~^%$ZLofLz4JJA_0x2}?p#9%Rfj(2~)Ff(Do+zkmYP~fdTRc(5 zGF4q8QG}*A?WM6X29)gDRr{Prxo<-u;-h#Rx7&RWU)&H+U`f-;ZXQ33q?S+y@rDA> z8RGpyi%)@7^YAgs9XmEDiDKJf0D+TX8-;$Qg}MdU{w8PyzS9hqnfmBF+2QV_QzGLR zA{GNrW@_zH=VbQh8j3WF)Z;jf#QWlyi5V1PgR|xEKQj6pt>cM#{t4hPXnX~rV=mx> zqZ}!7wa#mO;}u2{EP(Fbq9H9p!1Y-YN(x_(smADjkQKsCUR>Utb1$mUHX~s39Lr_{ zH`xk8HRmJ0b`(#V=)c$+R<(9tkR3tR4oVP8>Xud*w-%e3GF+#oY0cTB^(!Km3^k#W$*e@J|);g zq+^sGnhDi!5S&;q_HSS9@RuoK$l-%pi5(+7t@K++h7$J1)2F*H)5a3R6K?8nW(5uk zr8@7rZmd(59K3*%1rX2YMqO{jw0?}tRT zrt?@vQuxi5=?NU3oJ@@3Z3hJ`VM$%;dO{TI|p9E@o(z%LZj}R!L*vqwocx+HyD(^yaE^> zWjcs3)dycMgIDFqVE?U$&K7+y;;DRcm1TZ6KJ{4fhZ5*miqf)SXa;4W8RFsb za$Dl@#e_|Y2c+^+Aq3@pvjy1gU;%N9)zg<`db$5{3kMD6bi3!kq6uX zRC9ikTikg$5tsZ=ZZbxF07~#CuCr?v_q!Md-GN`BWF7Gov&=3{6&L8s|H73#mcTH1 z)7XUsSmlb$`0m%VcF<(0r@vn@(sys7gcOfLP&G2Ph7@0J3YaYFuX-GpdXfOlQU`AB zy*;8mNl6{_ub^-dFDvQT$H_CCm9flFevNUcn$}c1VURZap}XW%VAblJ_q&p_;+sW#rt$M*+x7(&w>K9yBu7V5=mrd^XLeR^ z6}}OKAg`^!$1K|`RR!tv?Qc=&`_SWb6C5;*wzjvZPu-he)9z5;(JoM?B;4vlkEe&+ zfAsvfD$5mL7l^pvpbf-ur&$gi)4T|M7&0W;9*8MjlEo*}6O*X!ucM5|WpVLD>j&*) zI11I7rzS#<2hFC~v=sF-Ydu-w%iltB`G3`!WrCs(-f2-a^7(hHX3JnY)?;}QXSzgi zX7z$B3H)mXkjxHqJe#HC2TK1`lowZue;Y)K?Y@Pk@HFj|BAth?PygG;v> zXfDL3TEw|Yu(#_zOM z4&tPiUT1f{bw!Yei&mdCfAuo}aX_AzxIhh>fw&b}he3rJE%b!WZa@%7#SzpZm1MK* zPsH!R>Af9+n|9tWP`4V*#VONoQ2$&B0v+;@f>GIxNE(6}ti94T9%i`(3e7xuE$_cq zA0&lMhA@jYbF#4(qVLaG?4_t>nzXQAn14^=QKaXdGiO*{NsvtheREE1yZtX36-G@w!KM`Y{`oKP%3>xr}?g{+wa^F^i!pw%O5- ztp|cXw7>BvL}W2S_x27p19J}1>_i{R9g#5W1|O34s>r;4oc~jSSY&zccY+_lVqI00 zX~5|%Ebb6&ECg`x9egD~iEst3jsHug9H?ikY@-TTlY~P34Hh8cSB6V=V@EqsgZX~ny=7Y0BPL&(o>_rkdpm^ zj})HBsh=-wz7yun79?cNR~SpL;{G~;JGl_t?&T;ovUj9wuKRBX)8@}5V%K-KgkHjI zlR}}6L9cN1Pp{WMf06>6jN)4H@JGya&Zu$n+pmKHa4);?%fNj8uj&wu{$?Qav73xO zFo0&b#m6Is+dQlX%`%QA9@DALe!gdFij)-tokIbY5P4|-2t=sYKPyaB3LZTQyyE{6HBhE$2W|o{8pp zg%6J93lLkF2(4Dj0lQwtFw+U_`lZiml9B{~setXoi<@ZH9Vv7r$))$==(`CP?%lMH z{%3zoP&lScNev&<6;*!Yl^xkquZOn1F0EWaRr_E%cNBEk#Zkq2`s;_ev&*`J@n&t@ z<%&Np08jh+g)e5tvDmS6W{q_#6$rJuVEF6k9}-u&IYxbl`%m0;vRk={h~qGW$fSmE zaH_R9pZw%o#QIXCAMd4=UKD$3U0N63L;1>Yw+DWx zW8-gi3hIp5d|{@#|ENJGvx5o0U?u|nq2`x9KvjBfS*5?6hcKqLo}k_QXeMJO00SFi z7yYp9C{Hnwh}BYK^pS#0OS+!BdKAC-@&?HQd*M`c z#_|ThhpO>Ew0*Xo*ipEs7h|`ww8ZDg{`#;=p3nfPaJ}wTcf+7S4YaseQ7D*`r>?x`K-yA`w?Jr;~ zYFxjgWNDcbZy%n0PO1F3wiH9VH8n9?yT={2&N=-&U&zeV;dMMWj#lx!Oosb{e)8sO zpm|s~^jEP&*^ODEZ^T+jTjt^KMWjd$Un9K3J(=)Wq|6QRHB}eAY?Cae7@N1^->}B8R5Nn z+OWyty!PMP;NXS?y@(3o6AQMP{He?9V)}ck*R1=K5@$vmLHf6WHF*t?B2&goR<}Y| zqZBLp>EmPsF=wRc*Xb`7W1n$&I&DZQb)DbQMlOqOz?94B^Ik=B2)-P4UYOE$Yu+3m z(J+0I;j?a=ETe3g@N@L4_RQ|<84gCaWkZrITKLq;U5)GYlUG!_W!IJ1_KVMH<}s^# z^qyA`Ofp5K#U_`m;hi1}fLv`SRyG*~(9 zBH!5{<2}a*g9gism>NaB$OUonS86%05~lNqwA1b9y$X%5Z+cB+jxFLFLCxEt4(D{3 za%tYc)A+@=m2QZNvrdxoH2nzv1&aPtay1>7 z5IUBR2PjeP4B5KR*wi1{?M#+g-CUh>yu#H$L(2x9E^;k0ExBsm~V= zsz3J?>lTw3G`U6ypYBRhdf#2W$HzXZZ!=yYm6IPC=io#Zm`rRzC`X!_c$a-!qse~n zky@Gl2Ff7sZxVQ+$dSKwZ+Ghe+1WPMA@km z%fSmTfxUn3VZ4v({G>tZc`KI*syCu&w?l_I2WAZHv~n$7;pC||EtML4uqJjrP(BO# zTI}ANuL@%rbV>aQ11e4Y_pV+D@dC(#Ftq#M)AReIZlrb#Aa#h`DAORfq@b+*HiVJuZ3xgc82ojeEx5 z`=3}J4mSeiZmCOT2KX+AMy7pTe#}lEZ>hAexKOt9QTSHBQ9&1XJaP7D>iB%;Vtws< zM}h0sHv7fl8Y_qsM53q?jqfKg*>TrFy7kx!EK_50!0IEzH?PWs<==y|NZ0iP*5jKF zxxQFtKEU&$>49|!CGHK*;{WvgZ`LeeuxNJkW@2o_w|MWBdn%JmJsm4}WT!+Qo5z2e zEBL#XVsJohP+h3m=BwhyjN9)D<_1;}X;*bi7YD%(OZK!E#Hf!lnKZ_-##7}6nytQG zFICiQYoB`^uF}F_u$cxICO|QDOv1m9U5^f&m^yE<2GB5f0g$kvu8XdnskX!iOaRJE z0qOgrr7a>jkc`GhGBy`aAg}D8#PE|8WS$#25?kNbkwj6fNWalJoO=UT@GMrbv+4sB zlW*+=_U%*rTzVme|lNZSVYUDU?!BN(bpQVt}T68 z58?;(w{h6!125ZsL5&bixJB<1T73|rh2A?o%{HQcl_f=Q$?EP?%VzayBZ=k18ns|@ zj86AbSY>Y4z#dX2N2`-tao)siW2EPApuW;Qb1M{+L?OuK`ORe60MI59Ltiw6$_q4Gfh7do9GtZWVw`)?4_-;(LaX<)BQ|=J zRLS!Kv^^rJoYW_tsI^hqf!^w8JL98MpY|Qy$|XEnnXv9tJoA8Wv8%L2pJ&gPKdlRI zeekA&$TE|0N5XgTs=;ekocr&&Ri&keKc7mZ7~_%HBi)YKcm3K%>v?hDSm&3RaH;Zzn{H*vCRh&5qLd{0>h_D%cI@#Y4LOT}Bw7?BGz5yb*CFZQ&&jMJszK zG0ib^X0^v!7@;mHVt#?%P-(UCWH2asWi^Z?@mXoW!}NQ-n@$x!#r0~AWkw_`R~b&s zJMt?AHmKRXq&SM_c-;|5z4iVVa@5R!m+U9{ITAipb1$BMyG}h=U3IZ$JkDvdh!VQ^ z_%?M&z{txxi?{Kw^^rLXn%%i#UysjGCjWPHWwbp8(uCNT_+qaT*k&(dRrV~6GaoX# zPAazPml- z&m%F>wwWFNZlx>YsyW8uhUPB(az=(6@r4Z~%95q8As>fMw!(DsR)so=wTIyXqr1idcWW@B&-#dQ2N-1L;QGPlmCtEXD`~* z7P$-exX-6bgUX18qeTI!T$hP*U736pGLzN;vSDk<^UW*{=PRe~p0x7=hP1pAq{z~{ zs({nQC}gaNeZvC$@~1|HLaH);_l51~w-BK!$%@xHe2M1$I!ps?6O;le6(=%QZmDyr z1hwKkQ^Z3(4-zN~>I$MB<3*l8s_m;aE5>A7uMdWPiIGcq8w`mbjoYH_ zZPFrpf8?>Q#ZRsO+%NN&@k)MSmHUXr)ls@d+ZV3fXRyF_Ivud!p-|_uFJI3zU_>w+ z($GjW%iQYYv8?FbA-wbX^8jpmw83GBQ}yB491gTYQ)%6_EZ`{U8#U}o?HIvtaN+zd zCrUhp^ux5~qb^ghl6A4MF?9k0CNpP*II&kYB91Tay~xrEyxz->&zWx5)hiN}7J z4C2%N+ldnCn%Q^fp*Dk=e7~>PtA#9>N?f)gC(aDYhQj-oF(7{X666-i8|gbsv?{$A zPEuXJZ#)z?A_rslv#wW~%qxwqZ`WtjokypA7G<3L%KFW>`#av;(K~~0SDsd9jFc?C zZLn_9SLZvr(rHQIZ`96!RkaNywY=Tt-F|f0?17vdE%8}aoTzFIw!12%8a+Jqo<^T3 zh2=~*-3&0T7SiJ*P7|+7%4YLClZ7i0D<13l$jk@swX%{nmIkAIEbhbkilamB($vE< zy+eiBELje^HGiFNq#Ra$J<)(;P1@c*o4GSU6&P?IDmi;};epqWq=aQ2eMCH*8*XU@E@mmI0Tf?4#1(OzOmL_rgxZW%15zU$aL-YE;-`F*T~q zIq4aT2V6!rn}tg&E5wY7O+I&15cb8eh%~jUxL*x$vh160Zh;h@zXR7Vbv=G`g_d6U zZG12rdXnZSaMO^YqZO-L5%v0c6cxGSc}n{UXI>pfw=_t@y{f9w=6yBw zn=4{E&=Rf8yTrGCTSJ2zPr<`ZFA46e+aW6kF&^D<8Ek1B)AUGdMSf>;wmKOw%9A)c z&UT(DV(R>1B=%Y|>e28{w}C|ei_YRa_?t9G9&v2D`Q}#97l${&?)-KObQ}6{URMEz z!pdSD{5ypAE)FYO@!<-d{H=DDI*yY(-szO(y7#DIR23_pDo7LVtIC#c!O~0PsyG%W z?;klv4vVw}arOMOo=DQ+ZHxm>Peylr>B+x8LkA~{6XMT#GUR(jdIX4v?>2Z}Qj4JN z-9!ZW%57pm^k9;BhuJ2(MYxVXrM4|ZQ9U`o-6g;-2fxoWL?Q(pyTuCSD2|^BD|_GG z!kk^KxMp`2Ce_Q-bw7;~-t(?4&3Lh+@8j+l9k;Wh!r%8HaX#(XM{jbFx5>JCf9`Xe zF2ZHP#o**(BNMioWp>&Mf88->AuzRInVhod-SSA{WHmUw?!xA#v6}zJ+hu4p*ag}& z=a>3md+G%Ot*lH0>Nez^uvg_pY}OP@844n58V`k9)jzLIc1`tGuUxLLS4chIr_I8X zdFqmeiDp;7qbNzff59!Hi0P@2#PGrRNg(KGho{-_gbf`BsP`K-Y(t{;NFP;<84Ts= zOV%Bs-kyamWo&i zo2PE07icAHkvniJKfC0Gj?ZU-icGL;yCD4y;j`aC>ruK^xb1|x9uz|MLvA_?}f4ntTMn?Yr6QJ+f!FLe5 z@7Y0*W|iyz7ZdOv0Yy5$xIg{wduazrUV!`XN6TCrgq#^`*EC+LEzVYQwOOVw-;$m# z!r2aXK+kP)l^g66i}h`A_B7@bLM412IT!5j+^8OLT2wI-1jM;dPz(!*{doa@&?` zS=Yk3KYCEMc$OE(GE1{0j;DUoY3eZG$+UE2p;Z3GvdjD?%zrXKTVgD|VI$40m`%5q zWl3m5#^}PtAARP7qIevu^&a2o>9OaB?1HrCxFmkjf26BX$k%2e^BKU!@47}|!(R@K zZ@Y=R@+^Olu&GL}55PE=j%wM-`;tuN2P}0FS#HwW^S$~t7X85u*79P$zr`wRk8OXa z+9Pb`I5)6tdacR25I}prooI2P%fj>U14lV%2W?;iCtiP^r2 zuL-O=$|!~_$mUHT<2$|4vv2Eq*@i6$_TMKPla9uSD$g6!Ba^>8%3n&X4dPc!&##e- zYaf`5;>4<$x_u%=ZUlv{OP8JZu{K@@24Pjr3%K;9R{71kGyBd}s#iF*#F4BI9keDU z-dtyw8Z{a6m)*Yczh2V;7mX>w+_tA;6j=;o)qUnD-T<58V29shU%yDNjzhvBHyNN} zyQ=x>1{@2@+UHns?>Nbk*c#I&!KTGoeX9Kl@vZxP7dtoJW4p{bd9o*pX2=Ri%ReBz zbndZuQ>PEPxw5s}R@R$$YN}9tspt1yYsrkq<0B(36qp7giirbWuZJX%wnuwcnD7hV zNmBo{@r}|cxqkDtB|@h0*GCd$rM8g)lYLdWcB-H$Xb!xJ79GOc|0Cq+))rnD@Y`8#|)&j>^N zW8K2@jK2@?Y*iUb_};$P|)@AP4P)h6M#MBZSn z=#V08m2!NrVB~(=EYfWWuTUeVjyJ=lPTg^Dc;Sgsuj2z=YEOWi5fVVoSNqeNLAr8m zuhGhegmPxNp1xSe;<8!6?fK8%!~wV zCNwg9yexKY=1)qSGEZ2%6#S;YZLuC%&Nq~bB;~jg4u>?&pforqN`v?BvJpWiisJ!8 z?R&A2h-;((bh;|R}S` z)^Cp_sy!)9{J#D-7vP8AY_07Vht?a$rRwQ}!C2GI@J{i5Mad@XP8KW3Wx`u>r2|_Q z%M6#0bMK=rg!$ySZk0>7@{!wgn7R3n+`rC$zWdxpG3|)!|C_LCKpo+BT7KofAWsjA zMu%7;Z4HBTL)om+_C}H734K#@PxW4;>ZtI^0eg0?fNv- z_SbP<@`e%Ymfiey1~Y@=BgBcQ3s2&N4Sz3Ie9BMz>$CYp)25FuN4`%`r~AvtE*YSQ z?*DVThhrwN>C$NxYrbgG0ueQq#+*rnqQ?LUtM(iJi!CPIX3t8^^0X&6XF~iJvXa2V zfGmHnfKZNIFd#y}n@&SgxLxOlbHf?Lv-XB--otx)T76av06fdVppGZa=$qqnHE4lw zd+z>z>*Iw3O}BInJ+L`4{9;=0Sn0`PIkkrZ@*%Q6sE#BF5i0uPmGwkR0v5G8%71ac z$#$B%VY|5G%!@waO6oqe!uE`F%gw>2NV~{311pS^IjMu90r} zit1P<>*a>9wur(y2mA&abRcCSLYA$FZz01s|#&!?%q~0 z380mYdGGbPt%f67qv@DPW4u@whg>8tXC2xUr^k3O0)4#S$%i*Vo*C$5!cISo7wLEV zR+xt-#Qv2mpqR?c$SaZfnBUlcT0jkp4Z24fCml-ix_{>8ydZP!BYl*7QQ4yZwbISm zN>uKNLebYdi*F=%jQ;))5E4%#k7g&FPth6RJ~A4g-A%fg*G=Tx;ND2#^SLdRc~q_c zc}>j8+hBZBF-}sWx7@EWEy}@G;t={Dv)_-IW&me=>xDFEI38`W)btY4oHx)YQfC-r zXtHdHE2z)}b|g;?f7#+Qw~8KLg{c5FjMYE45{PoMqo%>B>k#CZ3xUO?2)_7$(}hW7 z7y6=>o_JUb7uy6Se74s9i%p+-EA*RQoBe3%M43>+<-W*4LPhH@x4XI78227)|bbETC4^`bGqADI4hbOmjC2$1i3QcyMAU z7q5+nWDKq*zc>#|-MeeN3gm7C6X@35oUSb(VK+65&F54NUzP!aEB>E?(`?6)cW786 z@!D_L5T#rzt6N|}NZdA8+=dR0;f(1TWBrn1JwzJ86l=oEc{wLX@2GnWZ|8l@4hi=j z^oP0ERvWqy4_jvmd#qD56il?_r*BVb3oI4550RzlCH9MTOtR2TbAh@JPGe2eMXvP zM)R%ojyC$s3!gm|<6h0xP)dtec6A|Fb8#&0eKS;++~GA`zv6aQO1D`Za2bj# zsc2&P2D^78;^;oSuETYU*qKJM>Xbk7U+BqXK(o8K@+3pUYz9rsPljfqKr`=aRb;se zKx(C1IDtv+#abn~prGVBmVw<2Jf@o(Hba-Gg3p(uT0mYIOtx4 zV3|L_?QY{$<|uL3ttF@&yY^5liA>&D7t-;SENQakgMMyv4c!)TAx)Xj7~=C9ddBSM zzx8VhsC5{Cj8+r5HKo2V^U+wFdhc_s#Qq4S?Oq%iW%+u`^*Dh%#Z-><>Pk*g4y_U$ zrL)%7f!(i{)cl!Bdb|_CnchMx;}VNgP2qD3>!-h5{&sT|#z2IoA{{(>9+PVF7zrb; zPd1Fy>mXt-j1~Kne(u}VI86n|43;Ow^UoK3uOr6Gjr8tDc>NTmrXHSbZp|0vw#a(K z_LhsYUtALb+z>`XppHuagpLur#O)Q2gu`kM1t$EweMJqE;1B2?KdE7l5TOT2V{>B< zaiC&r`8=4X_nS{9_0+2^l#T*PMfB3rt7jGgNjXn8VxXF?f#91Ks89V}`t6?) zU!lTwseFAHP~HIjbz+wOZIVcbblrnD6gk`yUaxjBezKfiXULjpb+z0VaUtoMOLpj= zOLifa{(V+CH*-j`HB(nY;c2{H5w$&X_sC+9r%B(f&SrAwGJR1oo;&%go$vF#&l;5Z z9BC>h0YVDmIm< zK~e4H9ClVE0&?o%?eNKCc`Ob>bcl%d_qhg_Jp1`Z3ohW5txF*oULTAoAdqbLK>_{2 zmfe_uNkzMZOS-I+g)}O{k2p~I*>5H-KjjL zZUx&`mT3ulmtJ_#74lItT=B)@hEl@@$bwOosGjj`xr>O^Vne!Du0^NKpjV~v!p`=@ z>qgn`2nq*rhw;)FA#^ED%d``+sV||jr-;)us)j5%&dtYdiod+dAraPxzj$&6k(Mf{ zlp=>xh@=RKok^>=QO3h&gvTjOrjcp-$E$B8Q%@)sC9h;$oT4$|9LxE?;306bp>1Ud zz;T2sudtyS0xLLRoydW8LhVuE&5(8SdM48!>@}wX9ZXYn?>Q+@PvlKNu}&g~L9SdB zmGiio+?t{lh@_3S!C+5CJ-=DW-QrJwQ4#O0ynC*`X2OY;O*Pzlb<8?iXS4ngacxj{ zy~DpXv(fs?u0iO%dz;;4i-C4?-H+gU4bs-iwpo`GKQU>^DDKULuRgmsQFZ0qu-2@% z`%(IzBn;beAZ~K@$Qz$oH{oG}uE#^=&{kU?2fc<8MW5+bJFt#=C)TTDR3bj76N}u8 z{N-L=ifKp*U*Pro%PX|9%VUZ%;szS**@6X#hG(=i#r7qmghzR-z{yuLLol4b-Z_s= z^E(r`@nNTi#{h$TsDk-{9c8J4zV;X}y{Tr_M$OG9#dIm8sTD>|YC^%KhV=&Jc%+0F+PK*G zd{4Od6Vu*hA-W&hFOyJeS;^FwHQ3O-t8P0mZG#TGe~x7LcV0@S`mpZ5x`PG-xcB+pS3TYY>i2IH-p+Yf#ek z4uz@7`dV*qF1Z~Rntv(l+hw`$&5QyrTakVP_b4`|GEE=aUWgm{S{Ex1B6uR}8-R!k zJIK{dCiAzqOY1&n8RYaj`hE@P)zoNvg;F`@yWcAFZ?DrkQg(l#F-1=v=`G$kmJ3P* zbgB5R6p+h!EM;gOKNG6`Q@O6!fCEirhcL2}nUl4O-@18mtw@dJ+^^afHRN@Ofm_W? z&IuTg-)ZAh}F}N$^b?Y>6=LdVXwl$P}~;nuPkqg^fvs#alRG@Qt(W%Gs9G);_`&X$OKo zgZp|x({sg6nGxt}521X(aidi+eSk@*l|)OQ1u<8neK; zk$)RGFWlEATr=dPE5s==MlSxVS^uHfuIiSTii+3Chp7P`vh0NCe#$?NY{U&&1t#iy zeffQVa22UB9m#|O8Qk9NI25^$#G{P2krhIV=7e+3@5_kXiHbV^6Y3&e+M~4yzKROw zjxPK`{?OC9c?R4CNc10Pe)O5uJjSe=znP_<%to_Lr!6!2HpX_&;YIpt7hdlJ_~YZh zw}9PI0Cq>_#XeF=a;LR2Q!JP}Yj3O|>Ue*CwtgFi+>Sq|BjmsgdY;8e1nQ>72=Ukh zX&jzR8FfqRT}#L@W%^d7xeN(8|Lr7IoG8}vLVHUPK9Ka~zUz}#$r*kzT4&+Lm&aA3 z@iGWycD>3{QGg6Dc|S_rH<`ZhSnJ7&I%dea-kVy?{XT)W25b?om6kF$9;^8xH`{^| z|9s0f>$6?V+^GdsjgZLx2T~HZySPOf4Uy;7`59?@-)(h6QE1eS@Fad!6V>73=qhK;W=*Lj93-T;Kp+=6pQ24m%{y^ zYjLIpJsYXw0$;0L(mh7J4v%+;&7?~F_c7BiEb&YMuhw6utj9Md$#BJpj44s8iS5+Q z9s`2s;ZQHi<2$+&7NASh24lR&-+_?2fA%B-UUCX1bO{kXo~ zhmx|rrO`3;%99FPlqxX-8B0dRTK#ia9UtzXW78P7Nor!u>{B-Ok1LG530yE}(~K0p zDD)$-0cbuCbufwnP!*2?S55wN4DqimLXtc@+Vmic^DJvYi)w8Rz!sWoZnxR~A>e#{ z1*^T1lNIHaKJIz{F7a+f9UN-yo+-T1)3qpYJ+TFjq_$u#owkaVdgOPX)i4{7COG-j za`NcimlMjiSiQ4(P*P> zgq`1Hh|jDkugq@vW~k-QTrTIs*<1NT|L)qd*>@c?cvVMD2WtRt^aImq&cQeXx$xuU z8JZo}j)G)rv;F_=-Js|*epr>gL9>pD@nGHELH|w)Vjuo^$x^Q1D0r{ygAPH5JbsHD zp}|mV?DPAs-vb7Rjf)!G*}uU(N1r)!vHU`59(}TjVMs=@FEhAHAW1_397Rio^wl5p z!5ZM&QI=E$KjZ^#O`plo0KVX#vk64S)9`#HQ)mCU!D#L4`v<^vcLIOo5Ded~u=xDs z-`A4B*Al=Fe-g~&DId7!h-U+^2I_Ci?}=wAt(~C{<=`PrE!?qb2slvNY2wTDD@Abo zq!Y$02JnNozGxsDaR-eZ&F;x92{^=)tlaiR7(b8o^A||ogL~oVYv8!jSE469LoL4| zpx*L6n7qYa1^S+!RGwr(`rmuoEE&BC36{K%PT>@du6@VB{GQ#N@Pr@H805q2Cp|%P zRG*@QXzS>J^swt`KnMk$MTzcr47i!xu+@GD>h;0P9vx;20dS?71xOQ~y^94reNQLU z*{7v;mJSa~S>1=dWz&(7hvZf3d~<`BAH9gsz#5^^0)x`*tfxlv0q%*tA{iEX+JECx zT61`Sq%*Dn&uFRXMfCiVN~IRN%*0!LIO9s85uLa~xXZ~z4-Rz9AHb1Io&n+hvWXIG z^*SaTwG0}-G+<`4v_G72)XAWPCrk;Xf43G6GVE`7LIos2@D@C`Js~oXo(A=8%>Q)} zxZi#s@i0Vx(Un>$dNGHHE#DN1O%ovb8%4`8l4c|@0aqK7Wd55s)07*^ouMPt* zbco{4j&@SY{_vE#cnE6GV=4nlJ2IHHWB&vreBbZ{8;S#dIfKc@eg#Yq{<(OjtQvT$ zJ(XPakQp)Cn%Ucbj{;xD(BZ!O8LY1Msekj^p2*c9cPH>87-mS*Z%jDJ| zgb9ctS_cfIxesea2p!VDy*fdNX;1mp_$gC|6c8*rO0Y@lFI4}|1JJh*vzQfcESAmGVj ztX^ZVZ@|qk12G;7w)?jDAot}<@qnoNb}d!6<+yBdL^{A1FiXL`Yw{mGzzh@xGFtyM zI2DQ#wx2{uYo%i+Zm~a0Nt%=x(s&YcK$2 zCtW8V)N4P+jgdnAyWtT{)*yqXqysQ58ystcbNoYpiYEr{6N2Y1f~oi8M8lAzF#?yK zFCVR$pmd562~|33$9SPGrPr6FLS3rLPs#av;|1>jk83Mc`R``)V|9rqgp{KmivW)m zV=8!wIm!Ye8QRJ!WdCON-PaKu)XXvhf$>T~W*(rGseGtBkw?>u)c;e&<{AzpamEPt zFu52deKZO97M#m_1{*cl0^GOG(#TAbW&2D1|Q_Fb{{@20Xzr8RwC?s$LPpoAcx>C^Y4*ScR!n(P zn4*t?QzlM?J)ID2fP8b>5p2|r|D*oI-Cj!W5c)<(;bM2Y@n z|KpO_hr7y3DoUm%e0W8V+9Pt{&QwyD<9KLg_x_lGGWrx;KB}gT;C(O;*@sQe(5+^V zgMI5>Vt~iAw4-oWItq7P4!Ml1L}%;`7=Rp0MCbfS!v~ZYgiF$s=>jC5fT47#cBX9r zSvmW4IKPrqjeC{D5pIgB5Dv;vrep}wDIpme zl;PkInH?38u@03cq=}@YLNX5rWp2)NOc@g4R)&y@Lx%Kz);{Xq+w*;Xzvq44|K7L$ z5PPq^_Gen3d96(yfOjWex|^a0eCwpiuM$Q}eIxV(FyN#LZ=lABB{pe7vAM6FUTjfC zg5(M!va#he0apP?&5*-4@>0=TcW|FNg@}I>UK<)dm1ct@Ex+|RK%TfF+Vf!EJJl$7 z>pR5LhQk|AQ^(+~6>)?eYy{9g^(~M3B!I$IG9XMhdv!j*DqlUQyeNJjPof=(LlueW zI}$wFzNhOn)ejzRyRyoXO%grYx}{GVJqo@h$#`*Jvob(T<(=KdvQN9@;mOs+OF&;@ z4Ll-u=`*Zq=m#X3pS{e1%v?fqc%KV;7BC{+N2axEYt>TDkIb@)%VA@xCp8Syo2>==S<)HR#p3{9Ejs7JP=7hP4sxEO?W;b~@^ zm)oZ`WP8@-oWC|O_`NA)x=(zb(VjeaH6&|kv6vVrWp_9owa?pc=?j0f64)Lb6atEG zg%_)LrN|`t-Kr3_jnKL7*P$AdZIN}2`>g62pv+cdA{(h(OFiq_+b8yCnl zefS#nBlt$WjKLsb_!eR9#gjn5z|f`zRJyf5Jy@g2w0beB^xwTI{1 z33O~@h2^=Lh{#*hDVb!de=ZoUt1+0WykPQ<434zvyH+P*Uz0?x3yNj{YWrHbh*6 zlK4HhLrO5Fw;UKh)lZ(-200&?)e-;bfUrk(^2F;tx-51d+7Xdrx`dpPtR2SZy%EFld@o=#IVEuj_nE*-A=Eq} zz}2upuH575L29ngI0G;l8Ez%r5of-o87?F!8fm`mX#a$hMV(Gt4gCJT`9)M+`{8 z-n7^t#s?$lD;l}VbqB+j6L~3VHP!q1a~FgEZa*+=&#^A(?5u7ibWI46LMh=)?uoD7d@SpVBZ3_8bv;3f50|L5ef}wjx?v zB8*D5I&p*>0d*8S%&=Y~WhUG>|D{&Rr^QsG8j7Ee6g5ic9>t2Uj&iU)Fl2suK*hUj z!}R3q1NBo%58f@a&fkAV0L~q~QZXJnX1+sbwE~HzJPLVmnV!)mOp>TNF!kii@CyV! zbs!+FGdIh<|2VqEcNA>E!S)UA#0+iMvC8lBR$ph})wPgCxk30moKsn&P~0V%Q#oHU zJ@+Pf?23e5L_oSeaac~{28y^6L8k`Qn7VRq#R#Ron>(=@izQB=C`7=y?$EMVI8yhY zHp$zTj#r(LNp$nC74z@dXC(6VLq<+Ad?chl*ibAmd8F%sIcx}z5zK>@H@%_*J>Jh^ zTIgL}9JCTryQ$WXUVu{n*F_W;FM5}c_6s1s`NXDbp81(!rC0Fjpp~H$O%Et$khfcH zDC)N-d#qi=&u|=2QhY8J?6tk&(0YXKen6LCc|K3dp%@eL?zNYj5F%g=?T~WLkhEbc zf5;8RGvLcaDbBUAvjQtN985Yq_NKe5z@v4|gWhoNcl8=Qmmx79PlV4IrTDy%IJJt_ z7h=B&QY=#ip*tGNzd>HX>1Lelu1Ar2M}|HG7HIpA#AIZb)Zp*a*Kv0qXq$wOqbLap z3FQZTcAOr%d($LX_^Y~m^VS*0aGZiHrR#oP$js2)<~%1uxxML^H-3J?ui{)IFg^k) zDJAHCxnvL}T>a&JZ3=8gbV&@l5!fG}r|uVGodc&Rzew7A-0^MWx|f;O=A=T8)q686 zOz+#(GfaAFl`6aL7rD0>q?#tUkn4(E>aQKlF>pbi*b~sx`74=Atn*#|DeI+u3AJj>USf`%GOad)iKv6(IT?d0J4kq8h^x8~XF;<9R1t+T!*s;gRiCn2|X zrrQTlO>qn?^8YZDwggch+Ba7eB0rSXvpF-XDoXWDk}%P1wO^}ZzdHzynIhD|vwZ6XKCB;eC=8V!4Z?)~)% zGIUAENq=Z-of%A#&Ntn;@Re@iaiLB7x5vTkRSW@V(js`XM~syS2<@lM?Ibht>>J z+06F3`1L6kS){z|@6!X~1uc7zzda=uBs+;KxK2+R?RrqaBdYasW2JkGbW@||e9%bV z^LN>$A63LnZ|d54v}aT1SBf_(+7y|rvB+EzYyye7AO@=Y+ZvM zYq{JQwjFTDg>;==!~53pKt}U`->EF$r|0dC)RTip3-f*6Z*S_(395&0X?eU%yHLMd zk36sqAIf!=BkwcoXsm)wvQ?gAU^?p(q+m9q+*A;|&?ej@=uGJx2oTCWV=pju4@yg@ z#f+Y2lj(XH=V*FEON|M+D75?-9Ue&c9s0vOG`vYyyHdG+EA%QIsr0zABvN^rLQ+@axzwY-rU*F_#GCkV1n=-ueT+*ofF>58A zzZ~e-HT&N}31GLG_9)GYn8BLM@z55z8Yt;;hZNW!MV$rOR!4EUb=wC|V2YATB*V?| zHOnIhd_s(@AUVAM+YDp&#>tO+{OG4z?OWUJ2YT#@BF9z{Lpr7(FWIyWPOWhYb8n-g zHiVgGg>L-}%Y3T(Q4LQsZA*qVZ%CZHwIjVW6!eEluo)O44?kDR97s5389EEs_61kt zI$7B`oX@0_O?wL6yGICu(u+;ZV|OkijM~~a1NP!43JArpjMHQ z%;!XSvBJ>|9?%Bs(l&#WcXf3$;|Y?^^xawo?Xd|N)FPW=?=R3rcvZUKqd{xKgfsa- z<+mc_F(6eLz4oADs6-q;Cv3@Kkh|G4+dW4!wSUwDAuOG-F6<$2__F4QU zZB|M{qK^J~)zg)`dEE@7gqOZ8vk0L02ROJoPS6KhY=njdc-q64uMbgaZ|?c#=&M)cfT-t}E*BPfoP# zIM1Fob8#K7?px@v$nJpcC0e(*cuji(-tvye^EZ0GE~=l~UioonYn<0pdpMC(#r6J& z3;55KGdJavT9=>IRC+56)@?BRb!Iy>AIPI-gK4YB=Dd-N?XJWO*Cz6jZokxS*Tg`B zYigdcl$F9;hnqOG$OG)|BT0<8F&0rtDm4Ybj1`R7C&7n9`c{8c67R#mToz+)*e!^$ zc`5GoPx9Gm!X@NGPyg(1|IP?vv|6UX0iv%2RINgL!xouT-HS_X(Axik5BdtR8r`_7 zj(HJ$4I*zq?R2aC`|n^Q>s&!R3>Od5_wqVa&d+#ieyU>QpLv;E2zjIa^`duF>JO}Rg zaTMrnnBTw#g7W>O6J%s#pupbQWpfC^m1Jq~X1mT&)eHTeK$R6OfdDxO#8Zl5&`84I!=FX~M#m*|ye#N@TAJ#$V@@ z&L#$Dv>S?t3cUVP8(e`VDYl8`<%iva=@&Sl+eDR>#_{(6uWyuTP$plr>L{d?lLR=Q8)c>_qLf$&qItma-cQ7C7#xq$>q!M*9uOX?Xxj zwZ8n%BakEUKx(QSmXeKO7fMh-@DK-=$R5ExmeH^?(7C(B&u6Op$hnBy)r#HLD8QH7 zleV+y!0@Yrl5=Xhwyg>9i6)Bf5&zm}m8-lUMCcz36I$=G-*d;~_6t&m+hKp=vWmOU zl?H38uGhNnXn5Qz#eY5S!qZL3eK}&?F^o(boj40N+Z*O^%Kow$p>>WYUcFD>m-BHj zs#0}pTR{Nhnx?Odm-kFz1Wm!Fs7_smV)z`&*xH&SxsM&|H4Sy#u9m{*@y0CiI>>{L zMfr{0oDpF}PSCcOmS3T&pE!3z4zm|03_ww+rkH452<4#B`M-Y~J63OVy~>o1_*>G+JCX|+ystZcmQm^OEC<#D4HUg5tyzGlRtV(6=; zj96qTSa8(!f#`ur=jQyCOsfeONzz+$6y@-W8=1H$RLfTu`wf42#a|^vQd^1@{9^< zB`C!Q{w@VB{G&@A1Fd6otuTOyZ~^O0vZ0~m+d@q3UESHF$eJbU=OBRb&>99=FZ+M- zaCK7Qoj)RR=xsnXHQ>7#MztW?%R%Iy0k3FqAvLPGCW6x~OP>4q76h8ZA_Y(QzYBu= z)k%Jy6f9i@4hV8=C>V8NbI~y%P`2UOgfog3?6|X`;^l;PeJ1DUW zZ)!&BT7COk5y_;&e0d&}d>~Rqv2+tNIrUp8ehbBKq4=?%=6|FqMl0Az#a-^q^Z*n% zlybojo6}fE6;x4Csgu>766L2h^&dNpw0bgVWe~jOplIxfDMolcWlV?7?L~_gG*}w^ zxjCz=;<+hNgkGYu7G3)U*TR$}`2SHrWR7NGm8$xKB#1-$j0Go%Oyy2|1eLfAOoATC zDi!O7wN#QyE47BW9DkeQE0lgsmgE0n~^!x|O? zaasf|*Mu9v2Y0rhqUp8WDofFyVFWNtu)8!;l(iJ59nD^HhiSxMATx^!vvOKNMcs4r z(iJ$I1agAi_r(h`LFQaA;rk^q3^qfg&g;Wip^fv0X*=!24Nyh~Q;Lw30aJo#lnaWt zEnHF=kKY1iL6PQ1Dhf=%_&A|Ufa12jdMh?C91;NNYz2S(2uxd8svG&o0tSE@G9PGa zhcHMSv+Fx>a-M+JTJ_|U&Lrmh2zNL^mL6XQ+Zk4jD3d}Frb2o zMn(t0zzvTm$l~;fgk+djLP5R-GfTk0Mv$6_)XOG#G?4HD?rzQ&b26-g6bY$x`0?NZ z22h>G3=N{jZ$bMlXuk#Rw?_M|(SDoG|DNfDo-Y6M7ytG*I1fW7-!jhg6}d0!#;H2N zlOt!IM8=~=J}Qv_CW~#CG{+et0Xz#fYjqB0K7$3f6w)+N4o&eYXx!g5Jb;mz`;Q@M;QkmCeyJ0I zA-T3-uD{^cZTw-bnbtLo2GgXTykLOY%4Tp761;bH{`7;G7BqJkJo_wN8TEFsuu3F3 zFJ*clKLOsl8C;CTdtIUt@+=5tE7b^Q`tyeqM2JD2L(Tq;*h9TggUwoAGl2#1Kc^w| zLPamD=g*{L=tW`3+{^R)0aX@|Ax9<~Dd@A}80ZHw4%SR2a@GFRW+q z161bVZODytRuRK6_=I)@a68ZZM29)%6Y|N%7B_Cfq!4^Bk|4*wfgz$?^_`v0{igv5 z{7#sXs_*myfd3mO7MvV-u&E}`ppO79lY!ttw@k!;8FLiI%-FHc7$PXQfj3+G=oes4 zhXZ#6((6_N-eD|&Hb<@-4<^!oBSvrr8egssz^+tr1Hej`hu9Wav_Pb)18})=E%7@B zfe}cT^@?AB*#$g~+Hxgc3XtU^!jvq6Q4*--?H}Wk!KY485n6(w8Xy7b-=EzUKL>tA zCy*RrA7mEu!4X#A{skDqV&KlMG!9Me|IT>x;yyy1<`@O(^FR&ll@E5Cf z5Om?p?O)XfeokDX@dw2?r?hgmG}&q&{FYxWk0 G@c#nCAFgiz literal 0 HcmV?d00001 From 2ad8dd8bc286a8509b99dc792affb92f099fca00 Mon Sep 17 00:00:00 2001 From: Tobias Schuhmacher Date: Thu, 23 Jan 2025 17:42:56 +0100 Subject: [PATCH 04/12] Apply suggestions from code review Co-authored-by: Iwona Langer --- docs/user/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/user/README.md b/docs/user/README.md index 25039ba..538d83f 100644 --- a/docs/user/README.md +++ b/docs/user/README.md @@ -1,9 +1,9 @@ -# KIM Snatch +# KIM Snatch Module ## Overview The KIM-Snatch Module is part of KIM's worker pool feature. It is a mandatory Kyma module and deployed on all Kyma managed runtimes (SKR). -In the past, Kyma had only one worker pool (so called "Kyma worker pool") where every workload was scheduled on. This Kyma worker pool is mandatory and cannot be removed from a Kyma runtime. Customers have several configuration options, but it's not fully adjustable and can be too limited for customers who require special node setups. +In the past, Kyma had only one worker pool, the so-called "Kyma worker pool", where every workload was scheduled. This Kyma worker pool is mandatory and cannot be removed from a Kyma runtime. It allows for several configuration options, which can be too limited for users requiring special node setups. By introducing the Kyma worker pool feature, customers can add additional worker pools to their Kyma runtime. This enables customer to introduce worker nodes, which are optimized for their particular workload requirements. From 3f36356747502816b74f1266b3ab0b4aefbd96c7 Mon Sep 17 00:00:00 2001 From: Tobias Schuhmacher Date: Thu, 23 Jan 2025 17:43:43 +0100 Subject: [PATCH 05/12] Apply suggestions from code review Co-authored-by: Iwona Langer --- docs/user/README.md | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/docs/user/README.md b/docs/user/README.md index 538d83f..c4056e9 100644 --- a/docs/user/README.md +++ b/docs/user/README.md @@ -10,33 +10,34 @@ By introducing the Kyma worker pool feature, customers can add additional worker To ensure customer worker pools are reserved for customer workloads, KIM-Snatch got introduced. It is responsible to assign Kyma workloads (e.g. operators of Kyma modules) to the Kyma worker pool. This has several advantages: * Kyma workloads are not allocating resources on customer worker pools. This ensures that customers have the full capacity of the worker pool available for their workloads. -* It reduce the risk of incompatibility between Kyma container images and individually configured worker pools. +* It reduces the risk of incompatibility between Kyma container images and individually configured worker pools. ## Technical Approach -The KIM-Snatch module introduces a [mutating admission webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook) in Kubernetes. -It is intercepting all pods which are scheduled in a Kyma managed namespaces. A managed namespace is by [KLM](https://github.com/kyma-project/lifecycle-manager) always labeled with `operator.kyma-project.io/managed-by: kyma`. KIM reacts only on pods which are scheduled in one of these labeled namespaces. Typical Kyma managed namespaces are `kyma-system` or, if the Kyma Istio module is used, `istio`. +The KIM-Snatch module introduces the Kubernetes [mutating admission webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook). + +It intercepts all Pods that are scheduled in a Kyma-managed namespace. [Kyma Lifecycle Manager (KLM)](https://github.com/kyma-project/lifecycle-manager) always labels a managed namespace with `operator.kyma-project.io/managed-by: kyma`. KIM reacts only to Pods scheduled in one of these labeled namespaces. Typical Kyma-managed namespaces are `kyma-system` or, if the Kyma Istio module is used, `istio`. ![KIM Snatch Webhook](./assets/snatch-deployment.png) -Before the pod is handed over to the Kubernetes scheduler, KIM-Snatch adds a [`nodeAffinity`](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) to the pod's manifest. This informs the Kubernetes scheduler to prefer nodes within the Kyma worker pool for this pod. +Before the Pod is handed over to the Kubernetes scheduler, KIM-Snatch adds [`nodeAffinity`](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) to the Pod's manifest. This informs the Kubernetes scheduler to prefer nodes within the Kyma worker pool for this Pod. ## Limitations -### Using the Kyma worker pool is not enforced -Assigning a pod to a specific worker pool can cause drawbacks, for example: +### Using the Kyma Worker Pool is not Enforced +Assigning a Pod to a specific worker pool can have the following drawbacks: -* Resources of the preferred worker pool are exhausted while other worker pools would have still free capacities. -* If no suitable worker pool can be found and the node-affinity is set as a "hard" rule, the pod won't be scheduled. +* Resources of the preferred worker pool are exhausted, while other worker pools still have free capacities. +* If no suitable worker pool can be found and the node affinity is set as a "hard" rule, the Pod is not scheduled. -To overcome these limitations, the configured node-affinity on Kyma workloads is a "soft" rule (we use `preferredDuringSchedulingIgnoredDuringExecution`, for more details see [Kubernetes docs](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity)). The Kubernetes scheduler will prefer the Kyma worker pool, but if it's not possible to schedule the pod in this pool, it will also consider other worker pools. +To overcome these limitations, we use `preferredDuringSchedulingIgnoredDuringExecution` so that the configured node affinity on Kyma workloads is a "soft" rule. For more details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity)). The Kubernetes scheduler prefers the Kyma worker pool. Still, if scheduling the Pod in this pool is impossible, it also considers other worker pools. -### Cases when Kyma workloads are not intercepted +### Kyma workloads are not Intercepted -#### Non-available webhook will be ignored by Kubernetes -Kubernetes calls could be heavily impacted if a mandatory admission webhook isn't responsive enough. This can lead to timeouts and massive performance degradation. +#### Non-Available Webhook is Ignored by Kubernetes +Kubernetes calls can be heavily impacted if a mandatory admission webhook isn't responsive enough. This can lead to timeouts and massive performance degradation. -To prevent such side-effects, the KIM-Snatch webhook is configured with a [failure tolerating policy](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy) which allows Kubernetes to continue in case of errors. This implies, that downtimes or failures of the webhook will be accepted and pods get scheduled without a `nodeAffinity`. +To prevent such side effects, the KIM-Snatch webhook is configured with a [failure tolerating policy](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy), which allows Kubernetes to continue in case of errors. This implies that downtimes or failures of the webhook are accepted, and Pods get scheduled without `nodeAffinity`. -#### Already scheduled pods are ignored by webhook -Additionally, all pods which are already scheduled and running on a worker node won't receive the `nodeAffinity` as it's only allowed to intercept non-scheduled pods. Means, running pods would have to be restarted to receive the `nodeAffinity`. This webhook is not restarting running pods to avoid any service interruptions or reduced user experience for our customers. \ No newline at end of file +#### Already Scheduled Pods are Ignored by Webhook +Additionally, no Pods that are already scheduled and running on a worker node receive `nodeAffinity` because `nodeAffinity` is only allowed to intercept non-scheduled Pods. This means that running Pods must be restarted to receive `nodeAffinity`. This webhook does not restart running Pods to avoid service interruptions or reduced user experience. \ No newline at end of file From 3a25ee54be4e4fe940d7cd13879bec340268c23a Mon Sep 17 00:00:00 2001 From: Tobias Schuhmacher Date: Thu, 23 Jan 2025 17:54:56 +0100 Subject: [PATCH 06/12] Apply suggestions from code review Co-authored-by: Iwona Langer --- docs/user/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/user/README.md b/docs/user/README.md index c4056e9..d64e1e2 100644 --- a/docs/user/README.md +++ b/docs/user/README.md @@ -7,9 +7,9 @@ In the past, Kyma had only one worker pool, the so-called "Kyma worker pool", wh By introducing the Kyma worker pool feature, customers can add additional worker pools to their Kyma runtime. This enables customer to introduce worker nodes, which are optimized for their particular workload requirements. - To ensure customer worker pools are reserved for customer workloads, KIM-Snatch got introduced. It is responsible to assign Kyma workloads (e.g. operators of Kyma modules) to the Kyma worker pool. This has several advantages: +The KIM-Snatch module assigns Kyma workloads, for example, Kyma modules' operators, to the Kyma worker pool and ensures that your worker pools are reserved for your workloads. This solution has the following advantages: -* Kyma workloads are not allocating resources on customer worker pools. This ensures that customers have the full capacity of the worker pool available for their workloads. +* Kyma workloads do not allocate resources to your worker pools, which ensures that you have the full capacity of the worker pool available for your workloads. * It reduces the risk of incompatibility between Kyma container images and individually configured worker pools. ## Technical Approach From 6bfa5b0a8af949601dbbd7ea6e23bf53dac92b49 Mon Sep 17 00:00:00 2001 From: Tobias Schuhmacher Date: Thu, 23 Jan 2025 17:55:52 +0100 Subject: [PATCH 07/12] Adjust wording --- docs/user/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/user/README.md b/docs/user/README.md index d64e1e2..efbdb2b 100644 --- a/docs/user/README.md +++ b/docs/user/README.md @@ -1,15 +1,15 @@ # KIM Snatch Module ## Overview -The KIM-Snatch Module is part of KIM's worker pool feature. It is a mandatory Kyma module and deployed on all Kyma managed runtimes (SKR). +The KIM Snatch module is part of Kyma Infrastructure Manager's (KIM) worker pool feature. It is a mandatory Kyma module deployed on all Kyma-managed runtimes. Mandatory modules are not visible for SAP BTP, Kyma runtime customers and automatically installed by the [KLM](https://github.com/kyma-project/lifecycle-manager) on each SAP BTP, Kyma runtime. -In the past, Kyma had only one worker pool, the so-called "Kyma worker pool", where every workload was scheduled. This Kyma worker pool is mandatory and cannot be removed from a Kyma runtime. It allows for several configuration options, which can be too limited for users requiring special node setups. +In the past, only one worker pool existed in a Kyma runtime (called "Kyma worker pool"). This Kyma worker pool is mandatory and cannot be removed. It allows several configuration options, which can be too limited for users requiring special node setups. -By introducing the Kyma worker pool feature, customers can add additional worker pools to their Kyma runtime. This enables customer to introduce worker nodes, which are optimized for their particular workload requirements. +With the Kyma worker pool feature, you can add customized worker pools to your Kyma runtime and introduce worker nodes optimized for your particular workload requirements. The KIM-Snatch module assigns Kyma workloads, for example, Kyma modules' operators, to the Kyma worker pool and ensures that your worker pools are reserved for your workloads. This solution has the following advantages: -* Kyma workloads do not allocate resources to your worker pools, which ensures that you have the full capacity of the worker pool available for your workloads. +* Kyma workloads are not allocating resources on customized worker pools. This ensures that customers have the full capacity of the worker pool available for their workloads. * It reduces the risk of incompatibility between Kyma container images and individually configured worker pools. ## Technical Approach From e45b66f1e62d9c5fa896b8e6771db5a0d7f97225 Mon Sep 17 00:00:00 2001 From: Tobias Schuhmacher Date: Fri, 24 Jan 2025 10:47:27 +0100 Subject: [PATCH 08/12] Distinguish Kyma worker pool --- docs/user/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/user/README.md b/docs/user/README.md index efbdb2b..955db27 100644 --- a/docs/user/README.md +++ b/docs/user/README.md @@ -3,11 +3,11 @@ ## Overview The KIM Snatch module is part of Kyma Infrastructure Manager's (KIM) worker pool feature. It is a mandatory Kyma module deployed on all Kyma-managed runtimes. Mandatory modules are not visible for SAP BTP, Kyma runtime customers and automatically installed by the [KLM](https://github.com/kyma-project/lifecycle-manager) on each SAP BTP, Kyma runtime. -In the past, only one worker pool existed in a Kyma runtime (called "Kyma worker pool"). This Kyma worker pool is mandatory and cannot be removed. It allows several configuration options, which can be too limited for users requiring special node setups. +In the past, only one worker pool existed in a Kyma runtime (called `Kyma worker pool`). This `Kyma worker pool` is mandatory and cannot be removed. It allows several configuration options, which can be too limited for users requiring special node setups. -With the Kyma worker pool feature, you can add customized worker pools to your Kyma runtime and introduce worker nodes optimized for your particular workload requirements. +With the worker pool feature, you can add customized worker pools to your Kyma runtime and introduce worker nodes optimized for your particular workload requirements. -The KIM-Snatch module assigns Kyma workloads, for example, Kyma modules' operators, to the Kyma worker pool and ensures that your worker pools are reserved for your workloads. This solution has the following advantages: +The KIM-Snatch module assigns Kyma workloads, for example, Kyma modules' operators, to the `Kyma worker pool` and ensures that your worker pools are reserved for your workloads. This solution has the following advantages: * Kyma workloads are not allocating resources on customized worker pools. This ensures that customers have the full capacity of the worker pool available for their workloads. * It reduces the risk of incompatibility between Kyma container images and individually configured worker pools. From 81aee6e4f1aa5135a17ea79b6c4e2fa434f1d680 Mon Sep 17 00:00:00 2001 From: Tobias Schuhmacher Date: Fri, 24 Jan 2025 10:59:29 +0100 Subject: [PATCH 09/12] Remove module from name --- docs/user/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/user/README.md b/docs/user/README.md index 955db27..1aecc0c 100644 --- a/docs/user/README.md +++ b/docs/user/README.md @@ -1,20 +1,20 @@ -# KIM Snatch Module +# KIM Snatch ## Overview -The KIM Snatch module is part of Kyma Infrastructure Manager's (KIM) worker pool feature. It is a mandatory Kyma module deployed on all Kyma-managed runtimes. Mandatory modules are not visible for SAP BTP, Kyma runtime customers and automatically installed by the [KLM](https://github.com/kyma-project/lifecycle-manager) on each SAP BTP, Kyma runtime. +The KIM Snatch is part of Kyma Infrastructure Manager's (KIM) worker pool feature. It is deployed on all Kyma-managed runtimes. Mandatory modules are not visible for SAP BTP, Kyma runtime customers and automatically installed by the [KLM](https://github.com/kyma-project/lifecycle-manager) on each SAP BTP, Kyma runtime. In the past, only one worker pool existed in a Kyma runtime (called `Kyma worker pool`). This `Kyma worker pool` is mandatory and cannot be removed. It allows several configuration options, which can be too limited for users requiring special node setups. With the worker pool feature, you can add customized worker pools to your Kyma runtime and introduce worker nodes optimized for your particular workload requirements. -The KIM-Snatch module assigns Kyma workloads, for example, Kyma modules' operators, to the `Kyma worker pool` and ensures that your worker pools are reserved for your workloads. This solution has the following advantages: +The KIM-Snatch assigns Kyma workloads, for example, Kyma modules' operators, to the `Kyma worker pool` and ensures that your worker pools are reserved for your workloads. This solution has the following advantages: * Kyma workloads are not allocating resources on customized worker pools. This ensures that customers have the full capacity of the worker pool available for their workloads. * It reduces the risk of incompatibility between Kyma container images and individually configured worker pools. ## Technical Approach -The KIM-Snatch module introduces the Kubernetes [mutating admission webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook). +The KIM-Snatch introduces the Kubernetes [mutating admission webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook). It intercepts all Pods that are scheduled in a Kyma-managed namespace. [Kyma Lifecycle Manager (KLM)](https://github.com/kyma-project/lifecycle-manager) always labels a managed namespace with `operator.kyma-project.io/managed-by: kyma`. KIM reacts only to Pods scheduled in one of these labeled namespaces. Typical Kyma-managed namespaces are `kyma-system` or, if the Kyma Istio module is used, `istio`. From ee04c57280593d9836e3c232f614d971f3ca18d2 Mon Sep 17 00:00:00 2001 From: Tobias Schuhmacher Date: Fri, 24 Jan 2025 11:03:42 +0100 Subject: [PATCH 10/12] Diagram as SVG --- docs/user/README.md | 2 +- docs/user/assets/snatch-deployment.png | Bin 74773 -> 0 bytes docs/user/assets/snatch-deployment.svg | 4 ++++ 3 files changed, 5 insertions(+), 1 deletion(-) delete mode 100644 docs/user/assets/snatch-deployment.png create mode 100644 docs/user/assets/snatch-deployment.svg diff --git a/docs/user/README.md b/docs/user/README.md index 1aecc0c..11b4f66 100644 --- a/docs/user/README.md +++ b/docs/user/README.md @@ -18,7 +18,7 @@ The KIM-Snatch introduces the Kubernetes [mutating admission webhook](https://ku It intercepts all Pods that are scheduled in a Kyma-managed namespace. [Kyma Lifecycle Manager (KLM)](https://github.com/kyma-project/lifecycle-manager) always labels a managed namespace with `operator.kyma-project.io/managed-by: kyma`. KIM reacts only to Pods scheduled in one of these labeled namespaces. Typical Kyma-managed namespaces are `kyma-system` or, if the Kyma Istio module is used, `istio`. -![KIM Snatch Webhook](./assets/snatch-deployment.png) +![KIM Snatch Webhook](./assets/snatch-deployment.svg) Before the Pod is handed over to the Kubernetes scheduler, KIM-Snatch adds [`nodeAffinity`](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) to the Pod's manifest. This informs the Kubernetes scheduler to prefer nodes within the Kyma worker pool for this Pod. diff --git a/docs/user/assets/snatch-deployment.png b/docs/user/assets/snatch-deployment.png deleted file mode 100644 index 6ec12e1f2984d6e8e09ec8fd283f88a1f2e65ec5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 74773 zcmeFZcT|(#)-Ea?k){F)O8eRANbdm^M5IZR8W5!y6$rhHs1&fC`~V z34|_43n3uA-<9Cr-`?Lj=lkv$_ntA%9ryQ7bcHwXyVhK5&H2n{KI?t1r=!8dz{POn z$Pp&Zo7e9gIYQ%bW1waH2r*>q73@Cp(S!N4o;d$B@?QNByMm8m z6qLW=nR_{NbMV1AQ&>^cCm)_nT2rr%_^u*VUHJQ3&HHNl)T4prkH|7oZDQC3WLJ9(?)j5enCM z>q=ot@TB_PqpV#WDZDA_|9;WKYat>1G4kTKz%LQ=)btL>{Hfcg|Ls0mwFP1XVrN^(vpb%8 zgd#8U#)Dg6%0pPd6(hxYiAiyy?5GV#n(6a4tA!I)5BJ+w4%h~)}ZOBo=z4~eLnvUSDA#& zRz(Np{iVQ_k#Z;vF>fU8y{Y>i6K0}yRm@cym)lZZw>PcjF@wQI7P$X_X`u+Q=)Q`@ zm2W8@cZgMTGi&T7PIk;26=8Pw{JwuIy5$}SwH_w_G1e?fqK z5$bdTY?uru2@}$W;RhQg@c%PoP(&h)!VOK+&GnZ-8bng+*Dvfv$(gY9m2 z;HmPtUDpYog&S7-Dd*o3ynj9H*&0uOV`0|s%$76ucyhe(<@(UV{r)lQw@dakkyyqG zv0dNc#JAzE21}(qrWt!|TD9BX>0Y9_7VNN)XgAV-hWbExE_|bXInrAa8nkbk*Msv& z>9DIG@6LEMNz;TM4REcV!`UP*&A44kcGFQQ2<`}ETZavL;Kf$^5~GA`pHxn!&Sc<(WytLiuh4ywnkG~Jl06o$@J?- zLg(4Cgb{EF|FSvX#?S*HbdbZD(TcDEK$H?R{zrHd5N{)v4lM7 zq*E2i9?KAqyX9}2#J5g#sm~Nm=KCkw$SAS4FL$a0$?OntB8+ZP?2{qa(D6}pj7*|} z99{dXlZHKBDTK$1ye#(k6J0IX&JstJ#4_Q;CzDmg=SS`Km}G>dxkoifp7y4GNQm@} zfGV=vy(|QQw9S)zSh1kqWdvNoJ712tI*G9?Z{JBMw|lfDbq*6`$&6WiGVgnTImDPB z;Tn9fR~~uojvxHGS|_S)BwdlZC8mNDBFMNeJXxF}jiaV_B*7bX1r4H$!Fxq}k% z=JQ128E5IS$7qBB_qRuL5%y209BOe1b_ILPVrSgTBDQSi589EUFC|z;J)Ap^5Pddj zP?|&Q4bG)BC3QMG&1d@^Pf09~ls9$?Ce`dUJepXv+))qA<;7fE(I0X`!!chKJiJkH zCh_QVq}}*V00J@3IgKSZ46lR9`K#SC4E&*26QKw3-@0KRkB_u??a`@KP}|_CI9`~9 z%{bU3`PEVEz|9k+Z?qGjrVdyCnSAzPnU60ZV?j)6Ma>-M!?}I;YRoz(d%GE-f#QP!TU+;g3T@KI14g8^qaa7Yp_nYNyxx@dY32X4=IuCeWVT>hDfc(}qF_qu_aL*$oa$pCK8!rREdNp6`5RTmV{&$z!6L^*`r?aUDjn!-7V(T!aYb}FG3ciFPolU& zw_d64wHw7@6bjbcmE+>mb!IsOGV~zGBHlhP-IeVpr9X2c{Q82F!PK2Ke@=kkPU1Z14t%0Hi!NM&a*kDf`lV(YVkosBv*5^+7VhiQ;b*K zWfk^xQ4?HR(-s?J-|D8RGyR_Z5Fuch3I-o^?zNAfAs&UzjQXy4HQ;e00|z;H411t| zV)@udRx2dml8VeQJGINm%lUg&zRQD2dJ8WaWa8m4{Hvb2M(c>S^4Nq8FE9VlMUSP4 z)v z*I2o^=eI7zlPkZ{e1Fscwl{xYow>2rc!xyJnpN^`)zW0Xm3_T zj+j?#d`!Z#x5h5dtG_J|v#Jsf@ti7DmHL2gTo9xid$-B&%ST1odXf+EK$8S=2HBs{-GnpCH(Ct% zkD7kw@|ARn?wopO%iJ!PzP>%ggYm`HsNIbyDr4e;IWHNlc=&V2c?5)o<@+GAIxm0f z)9IeYeoMEl__c3;8@)b6D?0Zzw5ELQGGj4AHnBVPZRK{A!U^^Zj`c9jlw`Z!XUHc1 z(TyqO#I;IkEC2Y1Zd;VN@bwYp;n&%(3~jQ_6cNJr@52}Urkbs1oFuJdbbrvsm%>%e zhi1|@3~nkc#*6#nGm2vUZHrAGXMYZV>9FC^I#QmscKa?Sa8*h7qg20>X^C_}Z1CvW z;)B=;uX5$3Tt{?sb)+BMZ@58DwG0-7=QqcfxIEyJbkJMfUk+J+W~(cHu(OU&D$SR3 z+MAp3i!cKoYQ(?3xd!7EesJ_^sSk0#n3y-;e@u`{$#h>YK#Ns)tUVrdF)@AeC!hpQt+ z*%P2eA=*&iVB1Em29Y}oZW!VkOXgGPN6kw)lJXJ3B6d->Kfk{e zYl>Z{bU%gK*tc|EKyYtN-|s0IRAFInJJlspzRMt|A^W9bH~6BK zEo;}eeISYMLf$It#e)yu!b)RN%Kb0peb%!zFd&wmS(n;gyrjM3I!)8tT-+E|J~J31CpI`k!}5#%-i*rZiJ}cN2Y&Aopo`VlKcaFkS57k(jsytUXpwLaocMI|kj7KXD@)bH=O$tB_q;j*tqZ80ixd9c+?ji# zvPv`fmF@xp9=Rs((OdS3!em&30$OsT6JA=75@Z#ezBOQ+LP2QitbSlt=5#VicWCEb zIwsINmU(B+zgev3*Q@mKlqj$=zcb@NkhflaC`kw-6l4446yC8Hj|LEX?7EvdWXfOi zxOJ$ke0iw2j@*>LWsQ$9W`de@DFX|%3n24tR_pVuF6|E~Zmil)>})71kGd2-8Zrw$ zxnH`&VN-!jhz=$uCgItW@Tykb=OliQ=;1S08Z;7`s^DiA*ZaIQDRBm!RbS5re;@pZ zm5Fc}?N-Z~hz6z3Ir~^bkX^)qv#K|F*=hp2zPu9a6uvPM@)Uh%CVk)>`+71bo-&+c{W z=gFGq9S=rkpme{6%WEmk2=~kQVal02_7>JUiiBYVaht(ma>8D5woJn~tJAS3NZQrB zW9WVL&?q-1IKK|5uGCpOd&^@}TuJR5VRg?t)3PzeD+xk8=E19XO4M-G0!q`*kUvSt zAoqNs-*cR7uq$ARes*|7N`duELjx%8)E1z|)@HTr(zRte6)KiR z6>XXE)y|uvoPi=z8Yx|Ej0?fZoG`D0aW6txUlHXo;gW|-9*T&Vpc|Gf*M3}k?a~vT z7%RKjyEJo-d0?bka&d0S{!G_A4PmMe+rS&V$+NO(UVz=i)$Hk20xL1sOss1(6`Jn# znLrfAaou)fI&_gM`wMSbFyK1geT&!-7z$G^?I#=Wx-1bvpw+dMQHXc0LdVhdLy^~Iat*fPzqM!KvSZls}PpXG8M%` z&>uXw*L8+$Gm-)Csa3xuWz?@;fIM1Y!Se-ZoIe4g&ZU%~TDjG%li}l{+iQV=?7I^) zqgSQbi^wuY%-v0f&ki}RXCQeV7b=kA4oG+<^$Q;kLziQqR5%zM3TFMwI3E#yJ?~E!c@f#T%+lgL zFHmCa121umTO$Ep?_tTt+djS)9j#V74o-zFD>NlCqstYh0naZuCwb)ZZR5@?cI+$_ z%@R#4u`ju;SFN^qq~kpIEh0&_(6a)D`Mv$vo9yr88CbjekH@~`2dj>q_1RNpzs+9T z&bpJUTnD&Ht09p4Oy?XgpW!yz-Ni<>)W&-lyX>}OA5)iT@RpSO?#GKyY_8T{i7{n) z{KK?TsmhCK45!@ZIXl+;WZ7&H8ifyI?$GGZq@h^!n6vc=(vL{Vw7Jf zoxja{xh%+2I{^DIJJpkB-$3mY*)1Ia9;odOnV9+d39ONeZH)*L)dE439dSI2!gNzN zZ}47c51fRTTS>sz9e8U$aR-gC+OuR&E zZuxIDxwU6J1;+`pK|#OMCr8Br!Z5O>%j4P3h^))b9;I7ETgK468l0Z6`CyhqDXIhG;;6Ub1F32%C^ zOB9jv5Gk0hj1wFXiYgjs2SV1PuB6a9H%Tk?;yWUtVo@SxK1+9Yqs_QckM4A?IPHCw zo3B^G9P3o(v^Y6dl#691R2XzD)9iRDe@W``*7LdEIu?B3+M*cnQtsElFkMyPQeX5q z%h6@-lI{@Wje~&Sm+a!!@zc@z3T3(4Uog9mnwc^3#B8~bTG$@@(dHBm#oC2gsu`* zwf&UFOzPJBYU!eZJ9YL(w(zEX3i5~hKi_hmzP-{FSRRQMcD?X4x*EGs-CBF&m_d8% zC}M9L^SEPSZyX;#A=0%!vvKuYB=mhxoZ9z-+K(p`dxdcGf(ZC}n{Ec7O7KZ}f5!*` zhHF|Foq(#dOypdLpfw_OCgN+B;W;^p9X);9#R@hAYp?dF{dZkmm+EV$=i5Z-MSb_u zdE4J;VTPXX4)?r_w`Cs8Y!RLs@@b%1+2@~lV$dm`ndED;6b~YHekHM^dpeg#nW+2ggOWKE{$8Zk}7b2f{KyHfRkVj_A6Qz}x_&!BljeX~6F>^+f%z{eemCH}hT z%{1ZKHeKQs)}F<7Kw(W;n2!Nqkbgu=)%Xp}E~Twq|5CfcsnRa{H=DDlZo0I&nb{^( z3A%jJ&AgZ1c4f^JN|Co%b0Ff1`QknHeNJ7$p!8bl4+?^NosNXRYq^b2?=^m+nuf!d zf|myqd}BpNms!ipyo&l@3W<34!1Ibv&uK!CJ6u%>au~={XL(_Oe7Tms zW8q`GVVzl&0Ap0y`>x^3d+Wn}g2y44@daR}4c|6Grg!Hr*E8ef8<)jN_>q!Qlk$8Z zw*~rmI?MQvuHO;&mJvT_!3AQh zZF;QY3EeAJ!CPAz9_kzCqG7t~WQ^W{o^nEsTy&nQR$gvX(VlEM)}NE~MMFk*W$GMe z&wGSz6nU+c3iJM&8*^|FvCjQtkB+RQeR&qFRA4G-ZY%Rz)GT%l8WfZ(SKU^PGMi*E zi&B95_1~D@H0WU7>76NUT0y(lF+fpk&m!YQtJf+`i{@19lhk?50K!)In7HUGu)AC1 z9euS%S5AJ{lqKA}d`(3mcanwpViD1|Q+KeA5G*J*yWyngB2rqTLSh|963KbiU)=IFvU zh$`Ygam~P)D_|vqZ8Ry+)J#JFn2Ay zwOKSf*z$Qa3Qyh{0_Q;9%4zRMuI^k0bYj_cF%i;iojut#NJ10d9a$z&WQ1?Pu!7u- zpS-m2Q+!B0G#DefLl~A;jFJx0DWEdQ@_M${NqnHrTqjVG(Ir=r-}!o(#Msq>lFYWT z{&YA%I6i+tAb3swcv=$Jf$;HkmARpc=46)S0RdO-A<=LRVL{0oyjm+q*bIg_x!3+$ zpB}Ca|K4YGgQ#HJ;^|=>>55s9LuvQeVKAjKqplnl4^v;nhIWvB{4G!*5*~@xB?n7G z2p9(CS5FeJ@#!*xZ!UN&$d$y*e}LLtKz;oyDnpj*kTNA9j30pb(C$o5CY!_QIAB41 z$#?mW55sU^cPYboxxc`Wm;o}AzbpAPngrU&IRW`YuNYkO?S23${6G*VNV%(C1`GH< z`HRDk&=TO2dh(C#k;%*{ur(go{L3v!_xbx#e;e@cW$`bY;{WV@73x`x|A!Xf|K;tR zV=(?g`I6zxmw2gvIGXW~kb2-R;BH)AAPo-p& z{R^mAl1leF@1q(>ev5wdBJjWFH{w|+2agw05D=>2#S)j*Nu`uSbF(re`ORlH)Sc`q zzI^Dm{#jkB_W%h;=dt$HKklsF7qn-zz8<=_08mw5OMTH!5$Xbbqa8{ln%pnaMlJ*$ z$fY^F>?$9q?T7v)Mop~5U1SAxr`fzw^fcz2tc)UJO3?j4709XS4#RAn#2 zH_iUjiBg*N|LHC#cqRsN{4^zHGI*w++1-qYKYtme2W^8}7s&$~2VOa^txMfE06FUSwBL#&naL`J^LOp7Sf1z*(^jOW63n$6Z@u4XYGyIwt zhfx;`gP{<%#pDnB&kEwr2dTqY0HFmxko9EaQGuUuUZ%VTsW$*t(LL5y@{buf1KRGl zzFjA`Ex;|jD*d9lLtTK(!w#(+&HTr-z)TOA4(In31%MKaY@z&o-GCx5Y1Z!6@?O_MLhJd-DeNoTKx?~8f($jcV z_>V1?)ImG(&eh}Ob{x2cWj>Fs2Hy}E%3wZAIyw6w4ew9R0d9LA*iV}3hBZCC4`9*p zjyCZee{A6c&JAsovklPZP?=n4#v*d8O^l3Jb41FsGmaHpv0M zznKvYIX4 zD*AF_t>4|!UDA8eB7H0o6yOyqB3k-t19z%MV>|iv*1$?Ns-r$ac6MLGfJfoTsXxuS zWB@!!XVq2YHv6-uu?+kLb^F^%%xvG2Jv!v3-+#S~`*xA}!@7zy5CyxE%P^k(^WMH|j5t z;%H9u-JTPd*}CSPhfORVMfh$`M0z}htqaGHA!N9|YZJ zY#yQb_L6S?@i07wjyFJT>2~_@u8dTj6lD-gwk<5DpOPZrcr*wz5})rO=w&Yfw{G$6 z^g{;92ufV)waA1a_c|r}>oxux(*6rY8k-4WIbhNScPsVN)q%jLMK0wz6je`o?DSsx zNaZ@CZeT~y155j|{oR#Lbqxlgk}fs5jXO(O^==XD#$w3a;uqaB3{u>fC9s}pCzA8c z-70^z=OFXBR^cTh{=^#f)LhrrvmUn}F6QHc4|bqE;K5ww@`RF}Mvnlg{w8Jxp=$M3 z#@UKcAA^A%Flf4iS?67x4f^+YL2O~~jHfYDsldo?opIc;CnJ7i)W6fEc58Y%4jL3s zJjX0~G3FpMC5WM=r`mU=x|QKPr>^+QESJlVPtRZbmpE#F9i<)dbMHc^+VyD5U@CQj z4ZFDFuRge?=b!hs&jhNpId)Iuui4>I(YoEMo4NfN%H=pG>x29>owAGocVkYuktTmRn9*a5S99gxm^Y!j_h+?3-Q zov)QvGz<|IEY;u*?6rUmKA4!s*snfwf^OoS@q!PBj7k;3-cl08F=_Z98VN0({-s}!qwQ(Yk_PG4(#;2 zVDHGOmQ&s&Z1?S5(oSHDzGBw7Ily)Y`mlkfK?hoTelq(d(0%3X7iq7&LgPF-l}Qqws?W=AWF7&457m;w*e*7#lf zIHdmcHAvf4l2IfP7;i60`nHYzQmmEpVii7rNtj?b?1mR z>{{%vUT!&qd9A_2IokHLw_8qqCjS^a2hOr!+cY$@BYzLLL`)=a&_@Xor7TyHx3-FU zc}Y1G)Brn}j8nkca@#x}F~%UxE-UEStE11Uo*0|(>}4j10n_gcbTk!{x0oDCW2-#p z-WcovvtSp%5E@MDfrhT*==)L~!*kp*tijI`_ozZ?gWH75KOR4)KGlw0ERHFNn@u|E z5VencNI`i4Y|9T{nwt+{^*ar~LMi4Cv;Tp*=Z|0J=yC(gzoDs-0Y1UWa-%eTy z?ppSsSy=|ceyKJVUqS2tl(5pN;?CxW%kX!~$H8|&9HCKgclF7aLo(xP67MUP!r628 z)137-7W?zeWtsEBGn4&tTJo*9Bl+XbxK%Vn^C-zzTWQ>O7?yvksyhFQ|JvjI5Nm7{ z?47yoY3cArH_f3IimQ?=PyUPjN0s1DkT2<_icj(k(HMpaQM08V7qN&}H;6;|Qi~HowmSf`p?O zc3q+(v*qoLQnM0Zw*~H_w9#Ir&L-Mup5Wc(*7318GpB66lHP0W%3xZ?EsWp>PKg~s zBahpJqZqD;#VViHR?znn3K_|E?)==hSL$yB+Uz_efFkE{hZQO9G9czL(LD=yqaQ)P2JJZxt8B9nucE#XtZ3PvVex#XM)3o{Ds<65{; zPsKt#^Df76BYR{mCnY_#G^n51mgY&>poeREMfc8}7rIH7=h^(%XPZq0FK9}-EnCZU zBgVVA%hsb!cY<~;%yz7c&QD$`W6(P4P?~OTKQ2-^^+qb}M*vH0yCzN0&sNPZ_?b@Upu%e0f8E0NOAM z=ZwTf^7uJ)VA1TiW4WXR0=^opPH)R^+C*}5)PCx^v+*n_!h)p=2e59Va~cJq<&68; zh1n8qG#`OkvnIo`0-uZ0S%SF&-{aor_G4COP>udGb&0$*KiBk?kW!lrCLK`i4D=X& z)JijQC8;mGYt#>)H*Qa;kKuWX2*L79SbKZ6v~sFU*DH?;@I0GV&?*P3x;8DfJSdiU zUAWArM2F4lBBySVe>2uP5!60kO1cfp(l>+uId z&zA5zHW}{XeOaS5XJlZ9SQotcWpAY${rQOj*B2?xyB4sjr1xjCh5sbV!5=sn^|s#)cR}RfB=2YE({?apzgE>uV}sHQJc< zxpmY*s$dg4=6Y#8$z18#ZI-<6*fb5v*}d&y)g9mlsb})k&EJF=E4=aQ4O23|OHtf0 zRGQZnK-gi>XaCsJ)ENL~oi*KA&nEZw+Y%o=AhJ5|WDyQo2UChNIjR1H6rJ=UNGZi# z&x~kD1hwo>gj$#9WC=v_Y|r2)`GdZ)P19^YOBU-Fi_xXn7Vmf`liU&21kr&!ppi>f zJ;QRdG|CA5m#Yuw*n9I^5Tqp<1QKXR>^+P^5X>#rGD{w6g5`J&PmyqVOI^ay?sfl3 zZSny??oTH5E<1N(xj~k(#CLV*XJ}Ppmz>A+6JlGbYB+5+Z3!2neV6=R3NP(T2q3}Q z)W~TAUZ7+c3xGb%mo0FAYs)c3ye%K81&2eYHn7l8C>_5V54$V$fcZ zui)SX9Ta$0t{sYUdGJ}!_vHJcemb_R6(YC<(W~4%)p` z9e);nkDcVGKt)Cv6NUWasG@+QGQC@Qg_8c^7YgSiq1P#al)OrHH^8(eBb}8kS{S5E za)C*nKQ!g|vqlYrUa{O?@o4Aq6G6w?udO#bgQ~z-&$d1Fgu*3e{N+PUogXH zu8`%$T*yV?TJ++#GUaCywwP}2`-3fR0Bj+YI}FN#WE$=K34kr;FXGs9MpC;oMj~-G zoUSY?yAKObO5#YV+<1GR50VI^6j;-O^$E-7i@}XYFMZ6nM022p0-&mh=@YIvqal#k zFMZZk-a1b&m+m^-m73v&@0Z&CR(?%l%$g12Y_*;{a6Z%_m88fR4`&IpmcyyXo^|wO zYy=4Zew7#A82OyiJ1=6b-(0jpbU>m55_&nXH$$y9xjnr$gtahkDg^&a<4r ziMzba26Jt!KdOO{1Yr9|bp;oh#|te6WaEd3_lbbICK0t@(lsf~Xztj_h7%v1}g$StoCq7T(3x0o#|H@Z-)yAg6WcxAG^9YY-^= zDp6%OI?ML}WC}0%`I1*fIa7hV0Ktuf%X@wI4O|!~Y7puABwTxKGc}Uus+MSt=jQSt z%03ck&C(ig!vm4r@mshO$DVfJ`t3-`L^V-RG1_0?a`)`zm{@1`qA>U6*%O z2}4-Lt*N&YJLWD$5tX~Y+rm>oO6x4)vov093xcR+A@c{|rjf)>&3wRl zGHRqK2Rbdh>kllMG@)3eJ>#M`Steg=)0?HQ-U^#?er))WcSM+n#epC)b*Hs`jh=7m zB`}d7#i8B)mCKe5ClRxGw~w6#m|!Bl6!*wyEO3LJ@p7Bg>njEsr{S9DfqPLjXp>0| z@ps6vs?m*&v0#~$;C)|NJHmj4@2~fQiyYi_YF06hr2O#p5w4y$S|X;{E5-{RIHg=% zFz}Cd671+Z+pQHYM8AMuj3%5Th#2qlz zpYD)!Z=V5s|3RQ-jlMkvvMcyIq5}%Av)Ys-)4jUDmn$2+tt8XevLFG&yUd-IrHluq zUQEFA(}+uyEQ(8zB|fo0j3RE;$Sd#xoXj(XKu9N*`bl+WKwAHgm4f$jp%YD!iRSJ# zQuY>GJb!(t43*#`A%f6ekp3BnQcxZG=lau>X2ulY2#OZiY!=1Cr$Q}4eIQ6WZ-A^F z?Xo|A2s^BEgqne$nerX(%>R+gHlC&q+9AlS;0x*!XgKcH3zZK)ZaDaH$fMr`5G3*X zbLYd>WfX9A@u8JUlt!RDVBXwpKYw^vzVRo3J30B_-YasumPD&q*-S@5{D6(-274q9 z#|rXPa6(4<`3dYH<*#Q441JZ#!=F0mE*Qg$sLtL)p9-lz3QTnA`xicPI{=t;t){V^ zC3F?|lO9y2{UJaC`h(}7M<*`iA0GbvFG@`(K}U4nJy$&}HHm=9@{fq;rJMt9E5ly5 z^Up9sASXbN&fl^i2?BuLC>~g@jj^3@JnJ6#UO+_IfGiXN_P+!=0>6ARoDB7sECIu| z!62dX@5Or3l${69)qGb$d${_q0>gaZ{5W(@uNi!AWD$@NOMcK1N*&-&=`g5-Sh)t`1?VZVV)HilpE5%dsH}LU z-DW&NYS()MYmN!F@3P+11@>3+_xtBL*f-$07xfPh$52pzCrzuJwcASwJBg}!v>Y%0 zXXa%2fyu7NpC-viLPCh3_q8S;xAXL*^}{@& z0-&dPKYvPi{h7Ik;N)um^Q+=F$?Y-F`@jORm1}%Tz|N}+bDV#M!TR?C{Cfc&I@rG# z;QuoZsJ5N$^$#t;-`?e~06L3CCMebpUP}E$3MOK{XZpORc=Y72;i6XD?6? z0w{k!It*U(KVl6s&6 z#9?`;+Qkrv9k};V2MM$+CrO_Q{zL;H$etA!xE32XNWK=_U*24vHWo5{cx~NHPQJry zNs9csIBJT#v9$*wTs@NeRhaNC|vov@M-);MH~Q9q_y8B zL5PO{H}uyeh~J~O00I62!s|iaRh>g?}y0MK}`=@}C; z19}dGE257w$hr^kHUtF+B_XH#w-yj<=-PIYvgDyL=$mkuYC}L&DP5z`VY`~}n zUoxGk6#*Q*fLIH7E}=xekcDPI6>p<|&fp&1{|);>ZiCJdFQ`KB-huHXQO$TRKzpdq zw&V2otpJ}DBE1szj)II+0U2|KL@LxV9KxwjAWcd9OWE?=I3SvZDe`8tlIF+~6Ca=- zH)Dz7ia!D7;=do*Jz&Bh(W78V;M*2R(B2*l4KB=0rNOsCwr)K16C>*(1f#@3Le4R7 z8Xe{wd^Z3-V_Tl%qUa#tG3y8Q0;etidQ@!t=Obeea~UlYuQCDe{I zkN=)OT|i)V|9TK|IBM1|TFSGJ>I=w+f{##M0joUYnJ$*z2cUQ@2!88?y&w5P9)`m3 z{-!kbj4#ap^}s@-=@oaEnx;YBj!B~@-%_Cmlz6Mt@z{ctcyU|xrBRU7TFZMcCcQQl zW2D|C$;Z-TBkcaW8GCg+^rWt0HzViO^JjtBTgXNkWZONTG~aTaE17sbI*ThsR_?72 zNnAblG&F>lGzGn{!Ag+7sz9=z0@#McTi>6seg$P{VG36}4%_>DpfV_hXWDgI!0Mg?RO#k3#oV8AD!45A)KKjALgcKkX@3tWuLv>6iNEJt0>yv?z$G=U z&UQDIIQ8W`(ai{UtPL?v_uClp#sKOkMFIlr%7BWhkC%gmJGKV4!vAXDHQ(?9j9y|a zw*q)*k?e|G1}OUWR&PxwPJgtG6>o}UN$Erztxtj~`v`0Z6U`}+F%_~71Ql07xn4RY za6R6!H|w<{t|Z&kd&CQzTZnPKeH)9**kIQoonj&t-5S>9XN)%r3BMhA}bLyK5HVgWts2uF}1S~bssRvKJUUov} z*%{xpi7?ywVJ|6-aR)*L7Rt?lm7E2JPvu!83*ke-G;beHvniNnd#%>`<6oot^b_3S6tv`1m&f>@J`jGoYXjc3hCphLOwWz`4 z`(**tF(=rZhE$P-zoR8OzRGp>2kG(uI(jL|TBLUKr&!kB&nVF_y>96}ooYa^H4vW) z^{rNd`cG?;?{xfhMxq--tW_a#ZZB|S1RKpI^z>hC739= z6cxbwhE4wU(^jajZPbvWc%Kzf`_mPy1({P;J~ph38i`@1F@fXtp;F4I$ykL1pn$kQ z@9Q`RTyO?7{BbM@ut`du&WW#rBXE43^H|?L`)yNH)_AyCS(B9i+IHFTM|aN zPb&Ghjb?^bk#r2QXYQ_))X9{3DXM@na72y@#z;Z&6nHbh#COyV&4nEfu4o!95_(&fw5juGRqfsk;6m@5SN4VK1y@gA|SiX_=&% zK>3YSkFD_pe3Xp*y+-L6%Yqx>!<%#)1GX$A9n@2_`I>(rMtX>v;*qPcpR~Io!swZK zmTulTIozu<5i72^#UdbL>64d$Bk70$4J$X})u)bD zVZVhd*l^CxDOYahtWF4r*Z5g8Os0cT#! z2X=@B*dbdFjyklJ{=9_-i>C%?z#d&V7QhheC73+y+w zkFa^*crM#_jlavb>YUF|Vs|Z)4Ctr5fs3kmnu|FYjD3Q27a*zQx}PEoX}L;w7|Og3cbJEdjE( z_O0z|7`3xWMndBxse*g0Pe+?32AsI$%5*9NE{$%crG-~7GJ~E-1$N3`R$oT?GGz`3xz;}-rd~l3%%xBLlHh1rP-F7#xqDv36^@t15>vb zx^yPO=~O1AIN?>PHrjxWiHq$?N;w zgqC5ygPdEb62W;6hp6e%F%0oL@Z9z+<`8y#l?FgCxZcH)CM$cq66_c1;axb zCFi%$NpA;npDdUAG@(9UN6l}NL>T3iSQnL5Ld6{bf1^UUd7payT4hBzr5dbxO+eM z;Nt86?a*T749^OXL($IsHIyM$FvdPqa>m4_(pBDGW=yWMRD^Fd*93T0zhCXc7@(~; zIYCRV_40v8-~Wf6m#!0{aIG}9aNLNYEm`&uTodDu$Xd=Q@GPkK`J$n1I~qo%-Wg&v z?!c?_DddJ~RDzmP#4{&`I=1U`NaDIfIRCY$rm^iSkpL8uzOjyxwsBir|7VkWlr2ScDvm5_tdu=olAYh5A$bSOXI(I`<Ew9#g6L3OLS=c&9#8*VvPCI|Lt z0lvQ1N3QClus538wtxmD{H~j{gVD#cBXit9LZ(wTqPz7 zkba&=tSZRzu2_2o-n_Wk%6$1CwbYzgy2~Y0cZ1uzx=(`WrI1kiG))^jch+%eAt5&^ zF7{qw>x@rr1S0*Lk|MFT- zh#Co|=~0&)J*5{fiX=RvBBb@595_}wt53}k%%%wRiB8KSC_mRAO0z%$6napuJy8VH zpMMq(@+NtotPiyra8X2_U@A;=ez?oX#8Qg>>pqab(jHu1GO|9i_hK7}f1Ny~-Aa^z zcx*!CK71ty{=skd9n;Wg(2gr=;^~>`0K4h-c-550hAQ*As_?LTXV&MbaQevf3kxR0 z=`xyJK(D?18JbaL- zb_s5hJ&sbQ!U3Q;xJ!~5hnXnpUD;j>j&NoWAapasF4>;FrEy{)^7-6XdbkF%ztUr7 zX#qQH&z5`TiNY)*JS;?OrT~{QlETnV2(P%G7x|$%5$xoJIr<0(13p=sMrzb}*s-S? z7YCO6VEK8|$fcfS&IEM`(l?8_o6dExaxg@i$8cV83RI2h;v5%qR3*oIseXChf6}-( zTXcNI<4fp>>KTgK}visb)W~5Z830*d>&&Vi{!AI*xyjo|( zHL<8D(krr?4N5qyCGaq_EBQfG3wT&RKXe30R1Rv7tzo~6&)(Q-Y`fD-anZU=z5j3`{F>MYG( ztV8WGcSm=jd8^25z`dbWPHw!|qn}^6Y@<(f*I47_Plvh!9){tBZI0Z&qvEP3rX41D5_V(511 zaZ}x4Uzy!wYj@g6Vscos>P%J&N4dH}kpCBZZyi;2+pP;rBS=Xp9U@&yr!>+Xi&7L> zfOI#42!eF?qB~u586eUPvLuua0qKVCUiduw-QW54yZ1ihJLjKs-e)k@SUfm>amSq3 zyyi9MJ?XMl+%_u#9fEaG;1H2Q`qhUKmgq zJh0lzwY^|SY``HZde{ZQJ0QyNo|e^%Y)4c+!^9_mmHHbAZj_#NM?v z8!b@9z2wncRWUgeF1H=XQr)FAoV7uA{zyBVx%vMswtv(J2)w=C+e3*qolMP@ZOavv z+Y0U^2&@aJWkDu{)>oZAPnvi$@m>9@A$&L^V0Z&5Pk+)?VJjl=$ntp!H%7L#m+Gs` zffuzXxxT6j7%cE{w32z%pD?%Ya_w5>CiRb{dk}D!figF)$?_Rao37$4q*8lYzS8RGJ?gNuYIC%! zY=A8YMSFyoKekoy90O?{LFH%+A%ecN0PEY@aRAV3@fA{zYl-I60tN)$tS8!&TY0qk zU62Q^+RlCo0WdJ=l`VwXEz*nAuO(!FIZ=QArQw+&MzY8VLz|zAX|*+#_(K7a7vmbD z@tZLyNGIKNpb)g0eBdeGr?&83L3a!YlRv{8*Y5=T5Wq+AT`t<>qt-P1Pje$Dl-mx9 z=iE18lV~&0|0W?-F4-c-zlvHYUlozOsA&n4jn1I+|Jblra_Q{M| z`AHBarjEA2mFvExYHE}Yu129kY)*57mn~&JDouu5S_Ag|w3Y3jRF;8BU;w~*FoktgA_3y0b{n<- zEFA)Wjk2B&p;m=e+Lo@pQ$5r5*-RgutT-6Tx3)!87d^vqQ3;Bqh@N~nC`Rnm(Jo?E zuGZJ=2Y~0sWL)zFvPSnv36S{zjHN!2gM7LXCnmH3XeXA_gXP;zF6&wugUG@!NY^j=oh8WIOz#>4&qvw$Xc6Bc|>0%I2=k4jbwMTzL|4JRnXK2+CLyFE%L66+R@OhE%0WhCnVc2vPh|xi^4dqS z|LK(eo$#ZB;h}q(@a3^hprY97#-}_+X4bYq?AN6KQ2t#2`}H_hl<9uCR$c`JkUjxP zJez;U*#G}}459e|v%i`RXn|S>Ridm4qTk4fGhkwmY2Z)u0x=SB{}8zdmABOY8}hpU zN~r!Tp^9vi@V_{ricHhocm=vYmCq>${&zMoNaGOx2u1TFy^ekV(I)=7kq2nykt8&F zT_FEkBY+xCL&pDr2_(b*>r8RSwIbs7e@lvh4u5q+f$DcDum(utCk)sD*7;F>)XZxY zfLB{b3JvlP0U@YBS5Q?H!&)8mA1CqtWfK0SvG@bAP4lY5z23@xk!|7q1a^W@r zdA;fZ21#$W<+eDe4=R=tq;k}_X?yxdjROk+kV_e8&w7}y;ZzTz24%C!yVbO(tAPwT z13(Z@E74>)ga%~$+1gFwD7H$!UBdrZJkXXQ@c>vqB-PCXfR(cxA_qo4v48T0?$)D>B7kQh)GUn}>>D2(j-^%95y*Ou-|A^xYU!u3B#<|aWi zo@=HJbfMSw+P)EX9fjl3D4Io@2;SD}7z$?jQNc@4Wf0_(|k~^e=PTA1D90U+%$EF30A zv87nw{{sQRHIbc{*zWxqQ!U1SOa*|AdIKU6nV<+kqfi~`_5SV?goL&LE^8%%f+$vq zF>;J`kVmyRO<3*AK1zEd;`_Iv3)wvB6%M!(2=Z&jK)vViJOnvafBMO*LsH>X5(2wMCUhcce1+6nDc0PZaVQqZA zvVV8E=V^U%J4h?fX|GN-pAo(I8BE3(q%dpImUjB=cc!W272NLQ)#YVZ)^g3qT$^e8 zBkDRnquQCOFB|R>`+1(*pVggB&8oYdmh%{!?s3(lPEp$V4~g+C3qRb+RqxlI^P}~t z(+%hEmoGO;)^4JHj<6eJ+qp1qa_C8#OKzt16QOcS@^#}aEgx}dEByUidoWFZE;ZRX z>kBT&lhgEx@-MB0m&flLm*0q5x6HcE&8Tc7+6){SST}#%zx%MC^r~ytFhDTI)&H2I zu7Pvw`ajb$Arg0YmMyz*j=Hb&dQ>>L99wN)=PRzZr!Os2AK$mVulgc(-#u%^yY0m? zqUEUI`CMkYsJHON`H8j;d%U1%0&6OF$1^U&_rZ3vzI3O;+-vu9& zDav&MJUmt zdLfc~TY39#_+*bs5?5@JlV$InoNPC0F|{R1x7f39tuGQ~&@H+y7oZcdu4K;5o-ZHf zD`gru`hGt2)oFIM4{!4CqgAhEPr@1A!L{ByCo}Ql&daVMI_yV7UWf7lu!CO*oujXAU@b7EokG#(YPx*&$rSwO7+ftNeJMwG=>Fq7QCnyB`uivIxMeQ?Y4GRInXO>neD&lk@Zv0%~j3$MP-Q<$_lf8T~NQfC1YYFcx%{apA265 zA|mGve-HcewDU0uk*%#M9aIJmrC*+4Kj1^qk@xns1X*hCL$^TQ&V z4OGVTq=W$yzhflHHM7O0;4hg%#t+b?dW)G0 zqO|0DmrKXqsa^Qq44il>+PNnh2nLS-&3`g_oap6=w&3whh7M_jBkuP>3ZM<&+_7tm z%*JybdZTZCks~ga55DbWmX7QGEzi>p7vZ&e+H<0x3*u0Bb=!Oc-W>K*N?{9nJPJvp zHi4%a`s-^mIxUx%7g)YmMA6}becVrF!!WrjXIt{06>@95Th(OsU0>WcD!U_PCqD4e zYi|I}>vT>z?8t~C22J4Uxe%Ex92=6jbVMtj%`UhVI^Fh|xU(?6`?g^ow2BP8=lucG z2BjEAxxBKwqZ;YocxzjHze2*$1~$BR9z98Yb3`klHO9BTf^QHGThbxWx1S|tec*xj zpg{HU-O&PAktPF{utJ6R!hmm+<5?T@v$RAJ308VZ&>pcf=mKDdjyw8kcs{G$Cx%<@ zE!E@8sYDX2>CC+`(>A{}bJ=hu;hMbn-~3ZyAvryS@XXe4$d5J;5yBfN;75@DhSbJ= z++eG~0Lt3|FkLggJRyx0R4JPa)r!RVCu3uBd=Aqba*Q@kiR@EsP{Y;7jn>}oQ27N+ zO!>aVvQahJMkn5KOB;0C!x6l-^QDa(@m`UEC~H##9kTLaNLyc^$4K+iCkE2}f0 zbdKpc7)$=0>g-a#cAB~jvz@Tu;k;tx2|VqcSs;<{5%T;-)P@WF{aSc;!@IElCeZ*B zi&XEfPd9>dtmMoA_jQZAry7QnB_57_Q9G8@#*`7#K>jDT5mTyk03&eXG;P{=Xcxsa z1M{6epTVMNGGwCiMJ=%r2B&hpaPLI8-|q5PS>}2y*;OZ(h01Q+9`mSNoeQ;e(n?!W zI9}`7=z4$iBIrt1sos1)Uf7q7i1)7XT^={Gh|D_0iZ7`9YkTA+{e4R{wL#T=lv&^E z;&+$&R31C)Ymqh@`#VGl@ReDL4##)?`jzjGF6^p((~1ikWNjd1?)J2)t7W09I;GD_VbsIl)0Vl+xO=A3;~5 z3mr>wqY=9A-Wvj2>W@hQ=1G&@yt&?1HZJ6lu+jHqFP|UXu4t1s+!V zDimuGTg*N;?E;3v@aqMZWu5js`p(NtZ)gcNSa+p(;A11a5DmG#2_1-mBetv2NWPEV zKo6YIfm{$w_s{;ONr!P7aY$a&I*A11QGT&zhM;qXcLUEG)`oAFtk8+Gn3DqhreTirHo z4Cm17hO<=fU}mw0$#CST;IFG^6<=v7*`M8{k51vmMQFKx@AXv7_22EX%A7*0INdF!XkVY5)bBzoB#3%Iu@8+W+;5eu12;qmg z5WBm^B;{mMl-z0@L{ioW`-{U1=w?=PXRVEbK(u}oQ7Q&!{SsQ!X+)+Ju77=>q>Wkt zqs`!!>EpNaU8MDW7@HFo+C@$&3{DS6scL<8KAd{$v^?SR+F8fjJP>7_eD;${((dKF zPyI&SuWY*@=I*0o_Oq44ODfR+CJSse+YDde)Ii>vYP!_#C zY{(@<+`rY7ZMpc4Psjn?Kry8;FF8DGn=z*Pi^2+)nFM;Y2JpdxL$d7-9MoQbDp?|O2 z3NoqEME`?tiJf``q9Y7YL$77FNduKo{})6(L`77*-NW&fl{6$+s#g6{Hm9$t@*A(d zTE)0Mxf&kDDYk^Dhg~k(EC(J=>`1a&)W|v=V3Z1Ire!iNO~%3!xYEVEWAyB2A9tN| z8$`_4>JB-@J0hg{m#SMR^a?TJFfq>35XM6TcgE91>TX3B7#|bzOQ@)_`C#iuxuMt) z>3{)5!d8GdM!vKkhQCNxKK_(Ixj4@F16C%ya2h`S(K^s=cRFG5VV^$Dfc+>cTP$~o z`7v&iy++*#-l7c^wOF0MB~BJcyN~K7ols<3!aZJnmjW2SW%t6)B|qo#8jGKV2sPEZ zh9@oXFG%Ye%7fGU7(W}{5?koSb zQWb-g#W-UzHffx z=$r8;rA3pW#W|b%nyqWUg4yBFgRFV}%C*u-dtD69m7B{xAGI2NRtb8d?+2UXFAsO7 z_XOnn#x0iIn_RH5S&7tzd!L-*bq*LPwJob47l(jQ^xRg~tp~b_4x8c!66ocH6)!(H zO95PdI=}Yl20HkeehqMV8V5VGzJ&*0wOXjvHX zi}aVhwK&Em@73Ne{fqOK%N6e4m>#O9y@4|^MDU=dT6_VE4?pAlwTCHQF^IBA*?4`W z3_92neY4DA#Qm_%+nSw8IsH)!*CdQ_Q^H01yf5aXK7l>qU|OLxYLasfnJ%m>OwcUYWJ8ctbEYhaT?%NrWd^Tx{D`g)YD}x<6wv<-?qw zZ;j%5v&>f#aeVo~VgRhz)h{#Ul+nT(qoGIuQs41;@;lk(6~U{A;!n7Qq--*u)tRj%@&W9LL2w!L zAu3C;<=%xYj@-Z~8PUmN%v*x!@@pwrVT0C9IKeBeVlqFc!j_CbpTE?4n$qUJ zN!63a7}wC@`CNE6apUn)*qoPAmWZ&f&1_KJFNu3*+vC}HBPfRqsWRO_K*Ofl%vs%% z7*-71lzeeNBBjlsO|ZlsYke+1!K3wgKbiHEZ}PlwATiu{$|r)0#z2`Wc%W14Qyug& z-37YfQ+_oT9CnI~Ec*V7@Z#@5Ta>y9d7PX=)6y|%Af0h)laijRTMF|%1aVbTZJD_i z$LetvD;I0o z_|$7uXUGoW7+_tuUJUKUifHw|()_4h@+2H)!8;f@3wJ0%yZrnnUdFJg{;NArZJAj= z-c_yZWjsAJWANKoB06Y9UR1TzwH2Pc==_Q2S2%XctV{nivkd3Op)n%QBXf53QF)}D}$3QQ) ztmMwbN7~^>A5;Nh($p>eG?nhh8$ck9lj8;IW#FQh9|$&b1}2W8=~zuf2=TwNIPv)vR zN}4R6f!Hk#BM75-;8@{tT&{+RJ5gSM3*09QF+M!b$V;4g!`7C_ zeG}4lwKHnDE^b~@6216!ST&qkbL-{ZCEmvNngdbvHdE1XCGwkn{k>~wD!JK)q3`by zR3s~FTKU?~dCL~#pvwmvUbN_P;Qu@6C5z{a%a_u{QU(;%KgSQo2Y9YwWS0huQrw zTK$;iA8l7|^Ae3!DzlzHl8>i+B%OM|NqO}eNAz(d8{7x2e;5>gp^ofR;4dw?CI4G< zMA_CYBV>{I`H1F{{qpGW0!t}T2qj-JH9D4AO%W(Kai4A{_MZ$DwR4*i6M_D+1%-U9 zu?R8D@XssUrkV{^Pdl^qd2&Su{w`;K^*n+CWx*q!QX>n<2Chk(Apts6J)$K z6b1IMUs=Q*KxbjE-yyzU;y1vuuEqk3-G$)~u~sTIWSt${ge2ZzwBTwN29&(F(aVX( zc<=w^ZGcH2048Bo_C_FCpkA+D5Nuo;*A;0p9!Y`+J*^fnzlRNBEPAGbyes$#fOXO! z@Bj7&I+7qO2lPTP**fx(1N^}451!d}C=$ZuHM)}j(0z0_q{79K_a_GT$A)kkfnA5o zIfj9}*ag^;>s^S@7+|Pik-UEyD)1!U$on(@8K^pn|7xJXlN=)NuLkZ<53PO44{ih3 zAV&_#KI09kQd%2E`9K(dpvV{W>sPn|p5zzuTL!p4GJ>)O^8wA~LJrBQ0>EgJ6Y}rS zrEJh$-`%_>oNs_9`GyAGN93=G82{Hq{6{PHUlZ}K9r3@&?87gP zzwN^ZQY0k!#3tm2-+sOuzPf*Lb`-fijp6+o=K4|YV>}Wz+(4HGmJ=~lzwBX7I0TRr z((1L6K`?B;Fk~~Ls`r{cG9h$uMNJ~WlKmhv)O4yeB`ApvIcsQCF10E>@6Z9q3hu3_ zyQlCi|1l;%PQYV``$z1&rh7v2$0m9c{B09?Vu4wY+0T#^Kri3BODT+s{Eb)O5BH;s zG(%Lt3=RBc-tGU*yvqYlojuWRpJ?=0`fPBFPQ%?i=FZ3*;TRrw%B)&C`s{j zfR-|F;^bWf6^KI=Pw!CvaV38lVfQ~qSb+L(BmCqZcxJ{mQU90Nkd=o5PUy(rp1nl6 zhJUlGGk-BtE`QtAfEe)35qaC^)&Bu9{o7|T|M6L)|9Yu^&D7r*;Q#RDXG>Sk=}(;# zcS%lq{3!%iA?U2G`qAmH6XjF^%i7KZ%-UY<<#)w!j#s^7)S{j@O9^K}1!KTk1Ey%9RW!ABEvW;+0kIZVJL%io(A8i$u3niT0x(u{g z#raif+$^);lhmVayRDnHyV8Aodd#(zK&q78ZUzfrKkCK`H0h!BFv_4m3FU7}u=m?2 znzg`+)(J?7BX@ZfKz`*S1uU95p_ClX8mM5eW7e#$K8$?PZ)RC7ZkIWyQml1P&v@?l zibTmwUcKCmWMWhyVq7`cBYbnpKXxF!nc?&;Aw8Ar#t=(~Z;j7P%O-4EJ^YIY z-3@b6MD*P7`+0szZpnJl_=Q3)jgKRoq}r-U_wSmBzyG+kcC;#(;$vA6`@OxTJ;DWHvl{;8 zvN*93KQL?y>kgo&vKH`{ZMXYZ$5NDOn4lq%DGEsy)3*mn06iaWIZ;!&Ujh!~5Ip7d zWc51R3hInbPy8^;hv$V0(SPEt%*8xuFj&6y?a(G3DR4UHy*9xv!zF z`J6)PY-hppbZ0N*4xRD0s{M^hA`<1jlRfg&!;9tyvgITm64sH*U0)+csQ>w~6akHR zKBeIHXqS2xtJL`%i|zVz5^=~QC4$ji1s)=}RDXzEQ9R8(d~Zfg{lrIoq*v$qK$Q?$f5KN={%+~TK4cl(W6H2oyr zcD|fz(P$C)x@|s;S>`aVY%pzek+L3cVB>!|Zr0{!ex=ouB>KL;{e4<3wMwtP zebR<=mgo^poY_O?7nOP*wyCw$IYom9rzh|{^(=|fWmxOc4>P6A;;`wNk;c!f@mF$? zChO9^q!j$sB_@0_qr)?S^~Hy3AKSc^=Hbr=H00F2!$y>=exysd$~Em2^7i3 z$-5UeIGVH4IB(!ft|Pn|W}5bf=66!MU&olRst>5_iqD3(Fz4q0O~T9<@x^h+hIKI^ zMB?{koYm+p>b}-4~piU7u@j|Bv``Vtsn8Cz|TRr0-#5Mujc6^fZ znqRV|BL`{2!f(o2jw=Osbt-gFG*i@@wnd-+TXK7tm^4l>$_CR)jC31TOFD+Bv>Z3 zwua%$YIr0cv`l~j*UxE`=E34Ga#6ffuN>1@qPn+Gy~3#{S=8qviOvM|Jv|#)yvrU$ z_0YaT#pOq(r@6huRNWqrZt-`{uL3Q4h4@^B`&Mz`ULUD%zvvZf7^J4O)W|-clFg!@ z619#Cfz?`VG}ui8Pba*4o zM9dqzcAw@x+pV?9#5b4Q{>BDA)i)MuUd}qqv#1rn))}G^^LYatLf$iGZk9!Q1rsO3 zW|y*K5#Pn*U{c&3r`Y!0f#KGIU6+NDw+vCxv;oGo!x;qzrdK-0BL3oj#{q})HYXGJ zvKybrA>QAJytAV(++)xrQRXj7Fx#+qX<%n-jS13={0e(4h4R2 zG_LS!IA_V9?M>_pbV;(piraw|;V>&2WBhXwZ7fxsvw7AM) zu+GOULCf-(UPsRtOu&=Z0V2RB2Cyn<+UJ0>gdsMnSx+^%%r6jfWY zaf#hd30wN%G-OQ#4}XDIkf@59Go&1JdY_r}#PgzBgW{{x5}F`vo)^ zl%thI3`6O`{u+gu3#63VK+81!K0Qc}ZSrasB-xor%{~eyB&GRf$;SRzZaPo68k;I% z|B{dsDqL@!^>H**TQ!-?CNQz{SIi7<&*?XqRkn)sZxXq%k3V;Ia4&92n*a1vvWs~0^+ zfL3f^HdQX>KVE^M+XC3Kc3h0RE4Hjk`N$SBMp9|k<|Q*ud5pw2fcgE5QD~|`46pk| zjUgLH4l+DnJ-`9$kU;|l8}*+Pfrp=harwZ>c8~^#>;m20-Q66}+Fxs;%#goU#^R5E zzQ7ie9-0^^^<#Ncu3mjP#%EMoGV%HN2W>3g;?@~=o<9uxX7dk(^iTHlrXu>J z!`9j)kh{Z(dfDm}4_kto__vep-dVn_7CRMn<*W8~L^pcFv7=&c03%H1L&^BIl+mTg zy~%3bq06&HNu}hvmg&e`VPWey+!fPuNM*B6rCt96hFt?Tn~CilOir{>8bx#Mrom4! zdwr?$3`WH87AymKrB37Lv(0c-wWB8zm3N7~wY%z2q$h#&Z@4PGzFudiMTgG*ga7v4 zPg7$dX@M8-pz|6$qeVt-UBYkK6FF5d_AK(}%)3a0-5MR@*_B^#O`vn`g=TR4Ah==d zK~1o&B@*_2r9!JBCt^t?HcxPlvTlpIk?}n(9ke`V=iLTKFI7iQWPY;6u&p$0h0b@p z-E~gjG)iRCDSCu~LjrSI8_`S`a_neb8O$23wV7N!-dTV@>jI}GdDl-DSPo|LfffXV zrceKDtp-+<$3t&)oSN1ao+0Rd9HM{H#!T|X1dcra)xVn-`yQQd}~tmUJaPD5@s0jNywmwwx;S9Vm!oTeWTS| z-%FIl!I3}GZplu;Z*Z~+D%24b8_>qc@<6wVbJvayri5V`k+9FL4L--mZ*w}hbCR>} z8Jy%;;Xn23-%VtyuqvL*p)H>wJf54FKrgov!Ll2~%1n{(zVz@_A{$XqPcQsrVbuLu zCF@(72nHk6v)zLI+lTdb!E`m4MO?{Pg|2PPRTA#Xg=%be?07sb$8#gT3TZ0CGzLS4 zMthsULx5Z3D`g)x(p1t{=6mwapvCeClEcB^+YsE6vTb7J68v-vOw4^@ z1cypl4x|$iENyOb<~#)r_3THLOj^BkWoHI5#f`=W6WGZ)4QtSc;R3@l*SPgBZk+cv zwonjoD-VlA>eYeKYD1!>F`xo41S)_J#W}ZeYrz8eYL>M^l~ZZjK5jDPv>u>G{f3>v zqP*2RogRvHV8yvRkxB;SDCW(23jyZ^#xKqei9+z2}YzO3w>ka3g5J-J*vcu8kqNRIZ zeiNZ;M4-_xFTV72MV(f$JZ-WnS^m_xc2Sa~iol@ zD`oU@#N;Po0=5;IrB8vImrIYT$#w7%H?@;Ax20ZLg&C+#RG5Z^k@m<5*W~BE^IZQ* zV37yokAm@Mg!6q&*_&Y79YQcb0g_f&bD9|056^zteGa$TQyDJUj$UI3(_>o}wm$J% zE189F|6py5e28Ao$%>zMQ_SmJh06L%&3<1ad&wXYZz8H4n|!tp(%c!6wrJB1S)2}1 z1zyCQ{zl*v`Iagmxx4~fWn?sl_W*ubT%Mga0SL6w;P;LQJ4UFmQ=P}oy!60CrCF9< zrK#-#Bc@3?IQs|wqMw4^ihxEeR1p%QA;*l2*$ABgY@xRdrFry05qy&$ska9NnXBDj zYi@8n5*FcdhM?e`nCI(P2wqSCL#}&e(02{q9apHvGBZ#5L-dsci7B0ZP6V2v8mn6v)Iok=vRR)e6DQj3`DbZKDGx&TWo;9_hsd z3d>%8JDiaZ4^=EiXNJy63acPPy>Zpin|Vqx$#$6pzbrreHste~XJ|Cb8c>DK7un6% zp3pz#NH*kC?nFrGE;8h8NKo43wvZ`?NlP={Z1gaUMw~4ot0o>9oqS6MS@5lg zs)rO#i@bs~!bNDEVR!q@gDN5QL6KCF%w|~v+2pQv`dQ~!Z7QB&{0Wus#Uxv7Q1VqX zR1_DopDhpnuHGZPxXT1(AN!?(jAK@IfAqL1rL$z7BYf<4B~m0TBSLQ{hIvMs?Cs-q z9deOjMH&L^;@5XnW0i^~AzS8!MoXm1mC*Sn%pQfKD`r+f#$h@#NBwhW%53Ih!_cF?a4jABDMHLQW z8Kl4laFL_TFZDfl?)h#;qY{e4*{PLI^~-EJjB<#mgxK0)Mo1X8{MI+)p+hR3;QOj( z^ikbr!|EAqH&rR;!j<&w3JIe)s84A8FER-5A95B9X9Eu}JHC!3AGV94jj{V8yGfPfRG^3bq77&v19=T#z;+`_zdXwu^nK=bRY&J!BchK8wbtj0Uot$CtSm5`4 zhC5J%H6PLTY7Q100i$cFwk|`B7$f~`@N6*0xP}A=F<_TfnmDIP701_M{dNtc;9h3f2QvSLTHgg>@Q4*e5LxiNA)_Th4VeCdY%Fh$KjZIs8WZIdy zErwqnEgR|-JeMfMhD0h_R1}0brKkl2FN|7pFDiqD>bz#_rW&HX;fS#K2H()fXUx zI!xd+I?tbQNua;WyhLL%K;NjfSPKuK&jnA6gzf3)7 zmQ})%5PFx-_^?E;IJszK#5>tIfzep_!6<~6I%MPA*__j2Ai2l-LaDZy1^+9BWDc&Q zsVP@Wg=^}5oub+BU?CHea%@0Lb5zWk@5OIAxhS&WElCgQ?gzSwmCjzlD6Nq0N>U&xiQ5rEDU^1=|3xF&}DuDf0@_oyJZaK|Ns@Q!x(|E{meiNF(-4a!#>O zXM-3q>k0)ptz-9Vo%UK={t8FT6*JLRw)qn#wSsekokn^v7+I}ikDVwLeo>F!r0aY& zUcN;n7(M@iF>!cZrokmFXtL5wyDyoybFtF6Q5qcE<-Trh-0GF^;5qhj*A_qq$at_Y zGGyRSD!vT({?4r%C`U-U?Y99EM{O^FCg7LFz^LcRI&~N&^Zk6q#L!P61eT*8s9t>y zvGu*Wl%cBVoY#oGLqIE@zejFAl*DaT{G_dHp6-DW&e6f*n*aXtruXT=Bz8QHAJxeZ zE+a%p9=^hu6Ta!%iSXP;74P06*R~0wfY68jZtp}LhxK4)v$W$vM-G^a(8{xBbI;2; z_S3U-ey`uFH-m2yzq!p6%5Jbjdn-@;sf0aQ@udAMvH3}7@1%LuJyj|*S)x6}cWsZW z>9(`z3P64jX13?KSjB3;abcB}ZF~>(Kksi+eg`U)>hlcoCS_a%DZ8EqXh2l_a;gSy zqyOV==D=&M3S(h_>jgQ@+R{_`tmgZ&hXk>OGCov2{R{;s;HlAKp#=my1i3_!AhuKV zzhw=Yj8p7T@ryl7^zvM{JEy$NzZbd)dXfwA9r>8aB^G}TMPiUhng%GgId2mID=8f_ z|6_0O8410##|Ly2WUeo>mG?TPH-QW(t>N8QO_de*Lcee0z8tHPDVE~n;}gC7Atida z-VXhk+yeykuk)6!6i`syL3VIMtu(kXFn|ddtfTLwK*FYe)q(=%(0eN5MVZ?j@|8}D zo6P__b?PsjY#i?Pvk z_5!qha>lNHJmzW3Lxuf1IbcoS^9??A7!*NBEQj?6BMN*$MfnRiS{~iGEydp7Pb_H< zhR1s)c{cN;1iF*wk z)keasMrEQm5Avuaf_BDXr0is^9z-6H0f`* zG7$lqoR?KCea@WpsR9Pii+)H0$YBEIe!2xQ&JV@Oy9G%_2hX@P@ALQadJs&SuJB5tSv8s3&%$LR*jz~i%DC+v=o4EvIY zSsv$j%vZ64!9prS%k%y{SFB5qA!W01C?&3Nn}-zXzUo#}bGx}sn(`Xjz$tzu#*H=O zRtCiI=^MlFNMrH+rCVT$4Zy-Ar2bO+OgxA!hH)BH!E)BBpLOXp<7{RL0-eh*9;8_3 ze@sjVD&s=(gm|26p1f?msTe3=RQJ+lYg%~xr=V zqwB3BcLw!PGkgi6-E$l2^c0ZUByxr-z*_L8VR~9N4wa!6K5%rv+W9m&ImxuL()ajr zpn!5Bhs%7&%}xz1e4u@m___Dy=3Q)v<(A?;9w-DwLhZ=BH7{R~J(*1va+2rbggPoF zGbT~^Hj1Dap_lL9I;YidcHbuBZuh%T`uQnX+gA+e1qBzO5Z0WDap9+a*&#R3ZC4F# z#EMsd%W|FJuayJ4t@F1h;}dG&^4uk#y#V-L>3Tad{=FUR>}FEQxQrD+$Mjf6%#2nl z(0KnoEiEmQq`|-?6Y>_?CqR9G0`%^H2$=W%xCBh?{1eey^HNv>f+3ZRawGw%JQ%Tl z!bJy*08=So>NPRJ0NwFK3)CBIeOrx`9jM(16j;1v(ujo((KpSA9_-J@*aU082%Ju@ zQ}@yk0gg8QnlRl9(R?ANS!s%C}>eBbsyNy`-1%HiAVanGY;gm`rI!oZh%?6Q~rA0AC0M z`@>%{HC1uJJviahm0alMXXPo0cbnlb--}cJ&UbgU#X#h)&*FQ!56M(@o&m?4YQ4F2 zR~F=HOf}!#;pIDeg-Q2>8%!eS3T&pv0(ZRJNdMMou{Lw6gm2S0{U#}Vnm)&B)8sMS z87ZSsh>?|~gGqvK7b)LGa)6@Kd1!u5o=!7QsLIvdQ?K>Pw57n#_x^Ag|HPp84`$P5 z7mo3A!!JxUe#5(xYbXAd9mXRCYD)a2iDR~=3Xxg43`;GGJC_C$nb!K;Or}vO@Z?j1 zG}bw9A75ss(5o~%XIxb@q}1P92C4UNg2OEKwNlXlGIBI{^-wtkpBf6zSyi)*@iG9I% z6%G6^p0JGN0o_exYpO7Nz&u=1y)^ypi6#uqs3kXPoU(*gwM+S+?^0aa&*IRU;r zdrBPQ`|nf_GIUveD?s`37x7`=gPu;S(QOpg;e8fDxR(aL-z|_(yxZsus1|qA)*mZd zyVrDMMCrTs*Tnjfm@dy!MBs{S#u=>dpiJS^cfq^Of-A`a}oOgJwYwooGY_RLeHMi5Z?dwXP{n=9iR zr6ewD3H#(n3SnppTaPBUH-1;Q7eh}b!rl%XZYpfHTK7&$_?@d{ctvU}PJ1{$8_l&5 zWqD~}L9$tIKex8LiRE&#Zae>V8i_f+?6Zb$l#*5qW?eKo$l5hHJnbAzUpN4{O;*QG z9`O<;PUBP+K;*wY=RZ_9n6*ToD;s&wZ`tza>ZHnDEv=l_JwYLoKIgLfl{5Lu`u0Ti zgUJ&4$=+iuF`NZkq1XtJR~+i>tzVsEzIuCJ+t-uMOmL3O1@9h|Cd+)|dCF?ufjw`j zw(an1(X&LOfH0VVcHlrTjravfLZcUPjR8q2F6SHKf_bvQ#4J&8AcMvW@|JWUiEiXHM8oZbNk7eZhL_|21d$+` z6j&5FMdVswDbO>89@0Ib0{e5}8Nt!=gM^-Z?TyzR@jW1X49#_%Ydd=~oSEzBZ^oAzd;e`^gMO8Z zvWVY$V1r(zo?(e${=JBl7K5*b#j@aRpZo8A$%FGJZYO!|r>Wp3+SS|%*&t<453j38 zllFg!PIZ(2%oF5dawg%ohjCzT(39QA5Twu(FP?spyH8}2>sRB z>Py1@!etPVEFgi0ULFCPh66=w8drM6s2e3H+Qttf=T_r3YjY{eOIUnaW>6iPOB93n z@FgS28lU+|DeU5Kld?0CI&HSimwm*EN`mSbWyD8ofDkT*d9VC)5-oKJQj=Q;P&yNU z5luFhrLfMGh!6Zg!!~pA>s?Bxx`|qh_aQhNfmO96uSBN$Ypd5qg-@kg#7I2HW7Hi) zVLP{KX7z)wtTm5jsvR*&duXFaqLlxV7zl_{fZEKZaO}oLhp89i0vv$^+Ym*L@D2WL z_DN(IpCRln=f`;yqV`jxT915J)Jx#2@bli-L^u0PRt41W>`+g9Cbl}=gl{A0Y>Aw* zHi?l;%blG%L%X$#F$`=Iw*nJco<+_IY|^_|x>y*|>|o!8T)7-6R9jslg$PdHl>iZ! zQk9iOt6OPmq6krQ=K(2^X6F&7fhmv<34>#DSPI(Ds>p?7o_7*rpueL7L$=hIz+o7R zPbEaR`w*<-fpr&ZPN;G`i#Z#%U{v`K!&FS&nQPSL7DS$3y~s4 zpg>;pfG^^G`ny!R-|aW!?nNpbabw9QTeB|L#D1?CQn@3EPc81KM$agWx<5TUx1@t< z9hk`U95L2SBAsx?0byaLM(}367%*bbQ4q8jWl@j&9?zDkFS{Rk7tt*}lqwl@589;y zQMm}|*O^{+Y)DrAu4cP2y#E%3VF-}G#Z)*+2eFKA@}>5cd!Ex5t9CsAHOL#NNcqLm z#k!g+J#@yZ7Cty$j?O7bqcE~N*(5xJLJs^6J>;4kA2kEyc&N!*JVec=>UsBV*#U$s zK|=cDN8zw?y>bfMshVJ|d?h(BYH$%w1ssTMzlig}a6JVWl3%!l4oJIQ(d-6_bS3Q3 z%YdkIW6M%u@ZBi(bM7&Xt-8NN1pS|r3s`@A0g(d?M5SSVLj2MPm=ZWsjUX#)jex~A z*mFToepClP#Cq!kPtW34zVzDlG5FNx>7wXIt%DB%RiSnr4DhEjIPrXrKJ?zgb2iiQ z79EHaX2)K?lJSNlG1Hk;3-r=t-kf2iD8uaS@~**onY!Ip zfntoGuI!LfgfO*icaA3uP-QTb81&4PdhSfOplDGwoSkttW<$I4NRVzk__*$eRQN zezd@#DtrDNo{WttXMI-v;V--S@~-SdAPVZVah5vUz4W8!$T#QmZ$Ec89vCc<8>(>; z|2-)tM`Nfq^+DJp|G^)6v>bJBztN^hx$@Edy+VS#iGG`Jq*9_!jyWjA9b=}ifKGtb zJ@Vb|##6vdf&y@LHcEZfJPKVU18jsHHAT$!H=4*V_vC?z4sgp@;5#n9ePrn$NK)j0d%VB=cG z$u9*PLb$K|6KayK4`Z%>XuYi&a)U_Js;Qdh=a#<%YsNI0OMyW3pBf^68IDpz0dD_M zLz~G?;?t-Y_&iBZYJB8gjXzDr%vqX50z-+WEZ)B4wNGtTA(@!k3!w?L0*T+e_w?TY z$7I-tE<+5fiAG9i7%*XLyqt#ghtgRex25A2%73Q_YcQ(!d|&n0md5C4Yc7~Ea@!&? zYb~vwVw&|ab9d?S%#|abcv7icK^Mquu*-;CAm1Ma<83O9^E(R8s)Y1`M7!+u3)7#Di6`GhUlO7*SFjb# z|3M=04||zZGTw-bi)SmJAFj!`)qW;5MhO z4dKn!J^Yhy4~;N^Iv0lPW?`Ag+Nz7bWKSGiR{(66&wcEy-oaUTuis#uoH*3!zj#B2$xHA}4h&Qq!&uXe z1*naJWtk0{-Fea0y~kHWDImOteI%tTl-w0=}KY{-@iF zf~Gbie+O!g+;Q9xk@xPRsn8H)aM$mey`i9pHXEH1_*2r%A)-sklpmVq){TOx!uHan zPl|I8f+>8kbW!4j+{@Y_!cdK5k|W=;WbWK-;7A5RZc`>!1|2+whmaPmvIQaN<-=rU z6tA+>P)tw~WE#aARb$?s?loNr19sWZTR#j?=_CSOY6rdTRhl5k>u37m7FZ7KOJhPV zECNRoG?2%fZINDszA5kw_yt}{^SAPiNn#@AMb)4WX%CWV&I8}yrf!(VGzspzY)=v+-{T)=zx zUORo;McR!w&l5CM)Uw-*q%mIy2b;g>N4`1Q+h62QeEnz;Pm27f-h-gY7T7JOfDbS* zup5v-@gfZ+2B`k@D3934`fv=7X0xfD%%%P`kLvQPzo_u{xg%G3G=~y*qo*?^aCq?l z4C43s8sd7BxpP>5VjZ97+rUFiy=o4kEFu31mRYi{52^El#7nr(El#J~!K52>a`n!Z z&+3^Fi~5ja>uvYpU(F_O$!C>9i0&y5^`Nu1k?yEWX1S#hlpWPz&|F{nA^6&6iV%xQ zoNKRZF?Dmwh#nAND|u+4cK)-C<}!fXq|cwqgePUg!=j0ahNLHm%W|7~PJ-0K8u(?1 z{#9w%{@jdJ%;(~BETf{dc}ZMN*xp6_&T8GkH{Uk(h_E;sHS{Jf2T1j&{lx~AhNF#q zX$EwBnaUC#UUW1bup;*B7(kdrYzgI8{3oxo{=^Di&vA;*se`hU-sL}=`<*DhqRitX zjJoj|m*DNl2%bXK8{5OZXbK{W4DJAtcseV9c2JcP?(>P@E|F<2#XU^BpasO@>=ZGO z_IZBmmki%$KENx2QA{X>6Dmu@;KRI*!5g!d{R66 zYHS>z$u(TK0*4u)J33Iw+pBB*$Lv~h>!s?l32xmnmtEh=z+Z@Yt%oKnQ~vpDSHP0?6helBxt;|hI!Cm1z2VIF;P z&CNQ=MQzmmx!onVpnZJ#8eZ@x#jf4(DfmsG6YpV^w-83IlL7LwAN;4Hgw6* zP3Ttla&{qg$}QDIu|37F{j82^-;=Dwa~edG43fS1MAQ|3;I_pVn2#{X>1$WBIVisd z-k_bnX?_Q6$gE(44Li_i20{bmn6@;=98fXZu+ETf*~j=`-<0Ufy9mt|zf|0QQ5f1Y zX5oNS7E}vOFg;#A$K4jHXR6s9{$c0~B}I98kh64=MDUDL;8dEtKCQ~Jyjl#Oa^31< zZ**Pbm-$2#Gg_cTt4^Fm1vR%DK-rui`E;wVM&uX}&|fDq3Yp6%2Kk3mc8rY0U9Oyq z-yS^vfOCWk0vlS9&J)7F3sj6YXCj(V_ATJ}ikQF73>z&_EGMXjTs|niX;Zl&PNNd_ zmS&D+po<)hpk!^N5B+o2igKZS`d5PEzv^&&O$#{2o%@pgR{A_Pq_{gY3s2u346#+t zXM3(m<0BFSMCt853aAlK0tfP!a+iyTMOi1~sQDk7cG!FjLY{wt7NJCp$Ae?aEpNi{ zO5c?bPWx%!>55*Ytvgc!CJZC^Okj<@J5v*Wb#=A5J6-L1ec|SPb@rmg?^0V728WJ3 zH~A49$8QJeOXgvE%npg`i^mo9ieL1}An7EsCZWQAO#nwrZPy=i-((Eyj(6ukUD|M()zT280A{xL>GnU@lk~8#i62O;xx*Ld=C#^G2&sC9Q>I%j zn^0LxXKba{=I>`cl8pu2Zt;RCSXh{IF~H4{m$t{3%T)8H_UiS`Q30Yz>HQrm5#Ld+ zz7(Dk)80%mFIhYCTH-0j0V)-%(E>t=)cZ5d9}b5<|K*XP(&tdimi<~4->-gP((+vP zO@D<+RZlvf6Uq6W1lu$2#I$o~^%$ZLofLz4JJA_0x2}?p#9%Rfj(2~)Ff(Do+zkmYP~fdTRc(5 zGF4q8QG}*A?WM6X29)gDRr{Prxo<-u;-h#Rx7&RWU)&H+U`f-;ZXQ33q?S+y@rDA> z8RGpyi%)@7^YAgs9XmEDiDKJf0D+TX8-;$Qg}MdU{w8PyzS9hqnfmBF+2QV_QzGLR zA{GNrW@_zH=VbQh8j3WF)Z;jf#QWlyi5V1PgR|xEKQj6pt>cM#{t4hPXnX~rV=mx> zqZ}!7wa#mO;}u2{EP(Fbq9H9p!1Y-YN(x_(smADjkQKsCUR>Utb1$mUHX~s39Lr_{ zH`xk8HRmJ0b`(#V=)c$+R<(9tkR3tR4oVP8>Xud*w-%e3GF+#oY0cTB^(!Km3^k#W$*e@J|);g zq+^sGnhDi!5S&;q_HSS9@RuoK$l-%pi5(+7t@K++h7$J1)2F*H)5a3R6K?8nW(5uk zr8@7rZmd(59K3*%1rX2YMqO{jw0?}tRT zrt?@vQuxi5=?NU3oJ@@3Z3hJ`VM$%;dO{TI|p9E@o(z%LZj}R!L*vqwocx+HyD(^yaE^> zWjcs3)dycMgIDFqVE?U$&K7+y;;DRcm1TZ6KJ{4fhZ5*miqf)SXa;4W8RFsb za$Dl@#e_|Y2c+^+Aq3@pvjy1gU;%N9)zg<`db$5{3kMD6bi3!kq6uX zRC9ikTikg$5tsZ=ZZbxF07~#CuCr?v_q!Md-GN`BWF7Gov&=3{6&L8s|H73#mcTH1 z)7XUsSmlb$`0m%VcF<(0r@vn@(sys7gcOfLP&G2Ph7@0J3YaYFuX-GpdXfOlQU`AB zy*;8mNl6{_ub^-dFDvQT$H_CCm9flFevNUcn$}c1VURZap}XW%VAblJ_q&p_;+sW#rt$M*+x7(&w>K9yBu7V5=mrd^XLeR^ z6}}OKAg`^!$1K|`RR!tv?Qc=&`_SWb6C5;*wzjvZPu-he)9z5;(JoM?B;4vlkEe&+ zfAsvfD$5mL7l^pvpbf-ur&$gi)4T|M7&0W;9*8MjlEo*}6O*X!ucM5|WpVLD>j&*) zI11I7rzS#<2hFC~v=sF-Ydu-w%iltB`G3`!WrCs(-f2-a^7(hHX3JnY)?;}QXSzgi zX7z$B3H)mXkjxHqJe#HC2TK1`lowZue;Y)K?Y@Pk@HFj|BAth?PygG;v> zXfDL3TEw|Yu(#_zOM z4&tPiUT1f{bw!Yei&mdCfAuo}aX_AzxIhh>fw&b}he3rJE%b!WZa@%7#SzpZm1MK* zPsH!R>Af9+n|9tWP`4V*#VONoQ2$&B0v+;@f>GIxNE(6}ti94T9%i`(3e7xuE$_cq zA0&lMhA@jYbF#4(qVLaG?4_t>nzXQAn14^=QKaXdGiO*{NsvtheREE1yZtX36-G@w!KM`Y{`oKP%3>xr}?g{+wa^F^i!pw%O5- ztp|cXw7>BvL}W2S_x27p19J}1>_i{R9g#5W1|O34s>r;4oc~jSSY&zccY+_lVqI00 zX~5|%Ebb6&ECg`x9egD~iEst3jsHug9H?ikY@-TTlY~P34Hh8cSB6V=V@EqsgZX~ny=7Y0BPL&(o>_rkdpm^ zj})HBsh=-wz7yun79?cNR~SpL;{G~;JGl_t?&T;ovUj9wuKRBX)8@}5V%K-KgkHjI zlR}}6L9cN1Pp{WMf06>6jN)4H@JGya&Zu$n+pmKHa4);?%fNj8uj&wu{$?Qav73xO zFo0&b#m6Is+dQlX%`%QA9@DALe!gdFij)-tokIbY5P4|-2t=sYKPyaB3LZTQyyE{6HBhE$2W|o{8pp zg%6J93lLkF2(4Dj0lQwtFw+U_`lZiml9B{~setXoi<@ZH9Vv7r$))$==(`CP?%lMH z{%3zoP&lScNev&<6;*!Yl^xkquZOn1F0EWaRr_E%cNBEk#Zkq2`s;_ev&*`J@n&t@ z<%&Np08jh+g)e5tvDmS6W{q_#6$rJuVEF6k9}-u&IYxbl`%m0;vRk={h~qGW$fSmE zaH_R9pZw%o#QIXCAMd4=UKD$3U0N63L;1>Yw+DWx zW8-gi3hIp5d|{@#|ENJGvx5o0U?u|nq2`x9KvjBfS*5?6hcKqLo}k_QXeMJO00SFi z7yYp9C{Hnwh}BYK^pS#0OS+!BdKAC-@&?HQd*M`c z#_|ThhpO>Ew0*Xo*ipEs7h|`ww8ZDg{`#;=p3nfPaJ}wTcf+7S4YaseQ7D*`r>?x`K-yA`w?Jr;~ zYFxjgWNDcbZy%n0PO1F3wiH9VH8n9?yT={2&N=-&U&zeV;dMMWj#lx!Oosb{e)8sO zpm|s~^jEP&*^ODEZ^T+jTjt^KMWjd$Un9K3J(=)Wq|6QRHB}eAY?Cae7@N1^->}B8R5Nn z+OWyty!PMP;NXS?y@(3o6AQMP{He?9V)}ck*R1=K5@$vmLHf6WHF*t?B2&goR<}Y| zqZBLp>EmPsF=wRc*Xb`7W1n$&I&DZQb)DbQMlOqOz?94B^Ik=B2)-P4UYOE$Yu+3m z(J+0I;j?a=ETe3g@N@L4_RQ|<84gCaWkZrITKLq;U5)GYlUG!_W!IJ1_KVMH<}s^# z^qyA`Ofp5K#U_`m;hi1}fLv`SRyG*~(9 zBH!5{<2}a*g9gism>NaB$OUonS86%05~lNqwA1b9y$X%5Z+cB+jxFLFLCxEt4(D{3 za%tYc)A+@=m2QZNvrdxoH2nzv1&aPtay1>7 z5IUBR2PjeP4B5KR*wi1{?M#+g-CUh>yu#H$L(2x9E^;k0ExBsm~V= zsz3J?>lTw3G`U6ypYBRhdf#2W$HzXZZ!=yYm6IPC=io#Zm`rRzC`X!_c$a-!qse~n zky@Gl2Ff7sZxVQ+$dSKwZ+Ghe+1WPMA@km z%fSmTfxUn3VZ4v({G>tZc`KI*syCu&w?l_I2WAZHv~n$7;pC||EtML4uqJjrP(BO# zTI}ANuL@%rbV>aQ11e4Y_pV+D@dC(#Ftq#M)AReIZlrb#Aa#h`DAORfq@b+*HiVJuZ3xgc82ojeEx5 z`=3}J4mSeiZmCOT2KX+AMy7pTe#}lEZ>hAexKOt9QTSHBQ9&1XJaP7D>iB%;Vtws< zM}h0sHv7fl8Y_qsM53q?jqfKg*>TrFy7kx!EK_50!0IEzH?PWs<==y|NZ0iP*5jKF zxxQFtKEU&$>49|!CGHK*;{WvgZ`LeeuxNJkW@2o_w|MWBdn%JmJsm4}WT!+Qo5z2e zEBL#XVsJohP+h3m=BwhyjN9)D<_1;}X;*bi7YD%(OZK!E#Hf!lnKZ_-##7}6nytQG zFICiQYoB`^uF}F_u$cxICO|QDOv1m9U5^f&m^yE<2GB5f0g$kvu8XdnskX!iOaRJE z0qOgrr7a>jkc`GhGBy`aAg}D8#PE|8WS$#25?kNbkwj6fNWalJoO=UT@GMrbv+4sB zlW*+=_U%*rTzVme|lNZSVYUDU?!BN(bpQVt}T68 z58?;(w{h6!125ZsL5&bixJB<1T73|rh2A?o%{HQcl_f=Q$?EP?%VzayBZ=k18ns|@ zj86AbSY>Y4z#dX2N2`-tao)siW2EPApuW;Qb1M{+L?OuK`ORe60MI59Ltiw6$_q4Gfh7do9GtZWVw`)?4_-;(LaX<)BQ|=J zRLS!Kv^^rJoYW_tsI^hqf!^w8JL98MpY|Qy$|XEnnXv9tJoA8Wv8%L2pJ&gPKdlRI zeekA&$TE|0N5XgTs=;ekocr&&Ri&keKc7mZ7~_%HBi)YKcm3K%>v?hDSm&3RaH;Zzn{H*vCRh&5qLd{0>h_D%cI@#Y4LOT}Bw7?BGz5yb*CFZQ&&jMJszK zG0ib^X0^v!7@;mHVt#?%P-(UCWH2asWi^Z?@mXoW!}NQ-n@$x!#r0~AWkw_`R~b&s zJMt?AHmKRXq&SM_c-;|5z4iVVa@5R!m+U9{ITAipb1$BMyG}h=U3IZ$JkDvdh!VQ^ z_%?M&z{txxi?{Kw^^rLXn%%i#UysjGCjWPHWwbp8(uCNT_+qaT*k&(dRrV~6GaoX# zPAazPml- z&m%F>wwWFNZlx>YsyW8uhUPB(az=(6@r4Z~%95q8As>fMw!(DsR)so=wTIyXqr1idcWW@B&-#dQ2N-1L;QGPlmCtEXD`~* z7P$-exX-6bgUX18qeTI!T$hP*U736pGLzN;vSDk<^UW*{=PRe~p0x7=hP1pAq{z~{ zs({nQC}gaNeZvC$@~1|HLaH);_l51~w-BK!$%@xHe2M1$I!ps?6O;le6(=%QZmDyr z1hwKkQ^Z3(4-zN~>I$MB<3*l8s_m;aE5>A7uMdWPiIGcq8w`mbjoYH_ zZPFrpf8?>Q#ZRsO+%NN&@k)MSmHUXr)ls@d+ZV3fXRyF_Ivud!p-|_uFJI3zU_>w+ z($GjW%iQYYv8?FbA-wbX^8jpmw83GBQ}yB491gTYQ)%6_EZ`{U8#U}o?HIvtaN+zd zCrUhp^ux5~qb^ghl6A4MF?9k0CNpP*II&kYB91Tay~xrEyxz->&zWx5)hiN}7J z4C2%N+ldnCn%Q^fp*Dk=e7~>PtA#9>N?f)gC(aDYhQj-oF(7{X666-i8|gbsv?{$A zPEuXJZ#)z?A_rslv#wW~%qxwqZ`WtjokypA7G<3L%KFW>`#av;(K~~0SDsd9jFc?C zZLn_9SLZvr(rHQIZ`96!RkaNywY=Tt-F|f0?17vdE%8}aoTzFIw!12%8a+Jqo<^T3 zh2=~*-3&0T7SiJ*P7|+7%4YLClZ7i0D<13l$jk@swX%{nmIkAIEbhbkilamB($vE< zy+eiBELje^HGiFNq#Ra$J<)(;P1@c*o4GSU6&P?IDmi;};epqWq=aQ2eMCH*8*XU@E@mmI0Tf?4#1(OzOmL_rgxZW%15zU$aL-YE;-`F*T~q zIq4aT2V6!rn}tg&E5wY7O+I&15cb8eh%~jUxL*x$vh160Zh;h@zXR7Vbv=G`g_d6U zZG12rdXnZSaMO^YqZO-L5%v0c6cxGSc}n{UXI>pfw=_t@y{f9w=6yBw zn=4{E&=Rf8yTrGCTSJ2zPr<`ZFA46e+aW6kF&^D<8Ek1B)AUGdMSf>;wmKOw%9A)c z&UT(DV(R>1B=%Y|>e28{w}C|ei_YRa_?t9G9&v2D`Q}#97l${&?)-KObQ}6{URMEz z!pdSD{5ypAE)FYO@!<-d{H=DDI*yY(-szO(y7#DIR23_pDo7LVtIC#c!O~0PsyG%W z?;klv4vVw}arOMOo=DQ+ZHxm>Peylr>B+x8LkA~{6XMT#GUR(jdIX4v?>2Z}Qj4JN z-9!ZW%57pm^k9;BhuJ2(MYxVXrM4|ZQ9U`o-6g;-2fxoWL?Q(pyTuCSD2|^BD|_GG z!kk^KxMp`2Ce_Q-bw7;~-t(?4&3Lh+@8j+l9k;Wh!r%8HaX#(XM{jbFx5>JCf9`Xe zF2ZHP#o**(BNMioWp>&Mf88->AuzRInVhod-SSA{WHmUw?!xA#v6}zJ+hu4p*ag}& z=a>3md+G%Ot*lH0>Nez^uvg_pY}OP@844n58V`k9)jzLIc1`tGuUxLLS4chIr_I8X zdFqmeiDp;7qbNzff59!Hi0P@2#PGrRNg(KGho{-_gbf`BsP`K-Y(t{;NFP;<84Ts= zOV%Bs-kyamWo&i zo2PE07icAHkvniJKfC0Gj?ZU-icGL;yCD4y;j`aC>ruK^xb1|x9uz|MLvA_?}f4ntTMn?Yr6QJ+f!FLe5 z@7Y0*W|iyz7ZdOv0Yy5$xIg{wduazrUV!`XN6TCrgq#^`*EC+LEzVYQwOOVw-;$m# z!r2aXK+kP)l^g66i}h`A_B7@bLM412IT!5j+^8OLT2wI-1jM;dPz(!*{doa@&?` zS=Yk3KYCEMc$OE(GE1{0j;DUoY3eZG$+UE2p;Z3GvdjD?%zrXKTVgD|VI$40m`%5q zWl3m5#^}PtAARP7qIevu^&a2o>9OaB?1HrCxFmkjf26BX$k%2e^BKU!@47}|!(R@K zZ@Y=R@+^Olu&GL}55PE=j%wM-`;tuN2P}0FS#HwW^S$~t7X85u*79P$zr`wRk8OXa z+9Pb`I5)6tdacR25I}prooI2P%fj>U14lV%2W?;iCtiP^r2 zuL-O=$|!~_$mUHT<2$|4vv2Eq*@i6$_TMKPla9uSD$g6!Ba^>8%3n&X4dPc!&##e- zYaf`5;>4<$x_u%=ZUlv{OP8JZu{K@@24Pjr3%K;9R{71kGyBd}s#iF*#F4BI9keDU z-dtyw8Z{a6m)*Yczh2V;7mX>w+_tA;6j=;o)qUnD-T<58V29shU%yDNjzhvBHyNN} zyQ=x>1{@2@+UHns?>Nbk*c#I&!KTGoeX9Kl@vZxP7dtoJW4p{bd9o*pX2=Ri%ReBz zbndZuQ>PEPxw5s}R@R$$YN}9tspt1yYsrkq<0B(36qp7giirbWuZJX%wnuwcnD7hV zNmBo{@r}|cxqkDtB|@h0*GCd$rM8g)lYLdWcB-H$Xb!xJ79GOc|0Cq+))rnD@Y`8#|)&j>^N zW8K2@jK2@?Y*iUb_};$P|)@AP4P)h6M#MBZSn z=#V08m2!NrVB~(=EYfWWuTUeVjyJ=lPTg^Dc;Sgsuj2z=YEOWi5fVVoSNqeNLAr8m zuhGhegmPxNp1xSe;<8!6?fK8%!~wV zCNwg9yexKY=1)qSGEZ2%6#S;YZLuC%&Nq~bB;~jg4u>?&pforqN`v?BvJpWiisJ!8 z?R&A2h-;((bh;|R}S` z)^Cp_sy!)9{J#D-7vP8AY_07Vht?a$rRwQ}!C2GI@J{i5Mad@XP8KW3Wx`u>r2|_Q z%M6#0bMK=rg!$ySZk0>7@{!wgn7R3n+`rC$zWdxpG3|)!|C_LCKpo+BT7KofAWsjA zMu%7;Z4HBTL)om+_C}H734K#@PxW4;>ZtI^0eg0?fNv- z_SbP<@`e%Ymfiey1~Y@=BgBcQ3s2&N4Sz3Ie9BMz>$CYp)25FuN4`%`r~AvtE*YSQ z?*DVThhrwN>C$NxYrbgG0ueQq#+*rnqQ?LUtM(iJi!CPIX3t8^^0X&6XF~iJvXa2V zfGmHnfKZNIFd#y}n@&SgxLxOlbHf?Lv-XB--otx)T76av06fdVppGZa=$qqnHE4lw zd+z>z>*Iw3O}BInJ+L`4{9;=0Sn0`PIkkrZ@*%Q6sE#BF5i0uPmGwkR0v5G8%71ac z$#$B%VY|5G%!@waO6oqe!uE`F%gw>2NV~{311pS^IjMu90r} zit1P<>*a>9wur(y2mA&abRcCSLYA$FZz01s|#&!?%q~0 z380mYdGGbPt%f67qv@DPW4u@whg>8tXC2xUr^k3O0)4#S$%i*Vo*C$5!cISo7wLEV zR+xt-#Qv2mpqR?c$SaZfnBUlcT0jkp4Z24fCml-ix_{>8ydZP!BYl*7QQ4yZwbISm zN>uKNLebYdi*F=%jQ;))5E4%#k7g&FPth6RJ~A4g-A%fg*G=Tx;ND2#^SLdRc~q_c zc}>j8+hBZBF-}sWx7@EWEy}@G;t={Dv)_-IW&me=>xDFEI38`W)btY4oHx)YQfC-r zXtHdHE2z)}b|g;?f7#+Qw~8KLg{c5FjMYE45{PoMqo%>B>k#CZ3xUO?2)_7$(}hW7 z7y6=>o_JUb7uy6Se74s9i%p+-EA*RQoBe3%M43>+<-W*4LPhH@x4XI78227)|bbETC4^`bGqADI4hbOmjC2$1i3QcyMAU z7q5+nWDKq*zc>#|-MeeN3gm7C6X@35oUSb(VK+65&F54NUzP!aEB>E?(`?6)cW786 z@!D_L5T#rzt6N|}NZdA8+=dR0;f(1TWBrn1JwzJ86l=oEc{wLX@2GnWZ|8l@4hi=j z^oP0ERvWqy4_jvmd#qD56il?_r*BVb3oI4550RzlCH9MTOtR2TbAh@JPGe2eMXvP zM)R%ojyC$s3!gm|<6h0xP)dtec6A|Fb8#&0eKS;++~GA`zv6aQO1D`Za2bj# zsc2&P2D^78;^;oSuETYU*qKJM>Xbk7U+BqXK(o8K@+3pUYz9rsPljfqKr`=aRb;se zKx(C1IDtv+#abn~prGVBmVw<2Jf@o(Hba-Gg3p(uT0mYIOtx4 zV3|L_?QY{$<|uL3ttF@&yY^5liA>&D7t-;SENQakgMMyv4c!)TAx)Xj7~=C9ddBSM zzx8VhsC5{Cj8+r5HKo2V^U+wFdhc_s#Qq4S?Oq%iW%+u`^*Dh%#Z-><>Pk*g4y_U$ zrL)%7f!(i{)cl!Bdb|_CnchMx;}VNgP2qD3>!-h5{&sT|#z2IoA{{(>9+PVF7zrb; zPd1Fy>mXt-j1~Kne(u}VI86n|43;Ow^UoK3uOr6Gjr8tDc>NTmrXHSbZp|0vw#a(K z_LhsYUtALb+z>`XppHuagpLur#O)Q2gu`kM1t$EweMJqE;1B2?KdE7l5TOT2V{>B< zaiC&r`8=4X_nS{9_0+2^l#T*PMfB3rt7jGgNjXn8VxXF?f#91Ks89V}`t6?) zU!lTwseFAHP~HIjbz+wOZIVcbblrnD6gk`yUaxjBezKfiXULjpb+z0VaUtoMOLpj= zOLifa{(V+CH*-j`HB(nY;c2{H5w$&X_sC+9r%B(f&SrAwGJR1oo;&%go$vF#&l;5Z z9BC>h0YVDmIm< zK~e4H9ClVE0&?o%?eNKCc`Ob>bcl%d_qhg_Jp1`Z3ohW5txF*oULTAoAdqbLK>_{2 zmfe_uNkzMZOS-I+g)}O{k2p~I*>5H-KjjL zZUx&`mT3ulmtJ_#74lItT=B)@hEl@@$bwOosGjj`xr>O^Vne!Du0^NKpjV~v!p`=@ z>qgn`2nq*rhw;)FA#^ED%d``+sV||jr-;)us)j5%&dtYdiod+dAraPxzj$&6k(Mf{ zlp=>xh@=RKok^>=QO3h&gvTjOrjcp-$E$B8Q%@)sC9h;$oT4$|9LxE?;306bp>1Ud zz;T2sudtyS0xLLRoydW8LhVuE&5(8SdM48!>@}wX9ZXYn?>Q+@PvlKNu}&g~L9SdB zmGiio+?t{lh@_3S!C+5CJ-=DW-QrJwQ4#O0ynC*`X2OY;O*Pzlb<8?iXS4ngacxj{ zy~DpXv(fs?u0iO%dz;;4i-C4?-H+gU4bs-iwpo`GKQU>^DDKULuRgmsQFZ0qu-2@% z`%(IzBn;beAZ~K@$Qz$oH{oG}uE#^=&{kU?2fc<8MW5+bJFt#=C)TTDR3bj76N}u8 z{N-L=ifKp*U*Pro%PX|9%VUZ%;szS**@6X#hG(=i#r7qmghzR-z{yuLLol4b-Z_s= z^E(r`@nNTi#{h$TsDk-{9c8J4zV;X}y{Tr_M$OG9#dIm8sTD>|YC^%KhV=&Jc%+0F+PK*G zd{4Od6Vu*hA-W&hFOyJeS;^FwHQ3O-t8P0mZG#TGe~x7LcV0@S`mpZ5x`PG-xcB+pS3TYY>i2IH-p+Yf#ek z4uz@7`dV*qF1Z~Rntv(l+hw`$&5QyrTakVP_b4`|GEE=aUWgm{S{Ex1B6uR}8-R!k zJIK{dCiAzqOY1&n8RYaj`hE@P)zoNvg;F`@yWcAFZ?DrkQg(l#F-1=v=`G$kmJ3P* zbgB5R6p+h!EM;gOKNG6`Q@O6!fCEirhcL2}nUl4O-@18mtw@dJ+^^afHRN@Ofm_W? z&IuTg-)ZAh}F}N$^b?Y>6=LdVXwl$P}~;nuPkqg^fvs#alRG@Qt(W%Gs9G);_`&X$OKo zgZp|x({sg6nGxt}521X(aidi+eSk@*l|)OQ1u<8neK; zk$)RGFWlEATr=dPE5s==MlSxVS^uHfuIiSTii+3Chp7P`vh0NCe#$?NY{U&&1t#iy zeffQVa22UB9m#|O8Qk9NI25^$#G{P2krhIV=7e+3@5_kXiHbV^6Y3&e+M~4yzKROw zjxPK`{?OC9c?R4CNc10Pe)O5uJjSe=znP_<%to_Lr!6!2HpX_&;YIpt7hdlJ_~YZh zw}9PI0Cq>_#XeF=a;LR2Q!JP}Yj3O|>Ue*CwtgFi+>Sq|BjmsgdY;8e1nQ>72=Ukh zX&jzR8FfqRT}#L@W%^d7xeN(8|Lr7IoG8}vLVHUPK9Ka~zUz}#$r*kzT4&+Lm&aA3 z@iGWycD>3{QGg6Dc|S_rH<`ZhSnJ7&I%dea-kVy?{XT)W25b?om6kF$9;^8xH`{^| z|9s0f>$6?V+^GdsjgZLx2T~HZySPOf4Uy;7`59?@-)(h6QE1eS@Fad!6V>73=qhK;W=*Lj93-T;Kp+=6pQ24m%{y^ zYjLIpJsYXw0$;0L(mh7J4v%+;&7?~F_c7BiEb&YMuhw6utj9Md$#BJpj44s8iS5+Q z9s`2s;ZQHi<2$+&7NASh24lR&-+_?2fA%B-UUCX1bO{kXo~ zhmx|rrO`3;%99FPlqxX-8B0dRTK#ia9UtzXW78P7Nor!u>{B-Ok1LG530yE}(~K0p zDD)$-0cbuCbufwnP!*2?S55wN4DqimLXtc@+Vmic^DJvYi)w8Rz!sWoZnxR~A>e#{ z1*^T1lNIHaKJIz{F7a+f9UN-yo+-T1)3qpYJ+TFjq_$u#owkaVdgOPX)i4{7COG-j za`NcimlMjiSiQ4(P*P> zgq`1Hh|jDkugq@vW~k-QTrTIs*<1NT|L)qd*>@c?cvVMD2WtRt^aImq&cQeXx$xuU z8JZo}j)G)rv;F_=-Js|*epr>gL9>pD@nGHELH|w)Vjuo^$x^Q1D0r{ygAPH5JbsHD zp}|mV?DPAs-vb7Rjf)!G*}uU(N1r)!vHU`59(}TjVMs=@FEhAHAW1_397Rio^wl5p z!5ZM&QI=E$KjZ^#O`plo0KVX#vk64S)9`#HQ)mCU!D#L4`v<^vcLIOo5Ded~u=xDs z-`A4B*Al=Fe-g~&DId7!h-U+^2I_Ci?}=wAt(~C{<=`PrE!?qb2slvNY2wTDD@Abo zq!Y$02JnNozGxsDaR-eZ&F;x92{^=)tlaiR7(b8o^A||ogL~oVYv8!jSE469LoL4| zpx*L6n7qYa1^S+!RGwr(`rmuoEE&BC36{K%PT>@du6@VB{GQ#N@Pr@H805q2Cp|%P zRG*@QXzS>J^swt`KnMk$MTzcr47i!xu+@GD>h;0P9vx;20dS?71xOQ~y^94reNQLU z*{7v;mJSa~S>1=dWz&(7hvZf3d~<`BAH9gsz#5^^0)x`*tfxlv0q%*tA{iEX+JECx zT61`Sq%*Dn&uFRXMfCiVN~IRN%*0!LIO9s85uLa~xXZ~z4-Rz9AHb1Io&n+hvWXIG z^*SaTwG0}-G+<`4v_G72)XAWPCrk;Xf43G6GVE`7LIos2@D@C`Js~oXo(A=8%>Q)} zxZi#s@i0Vx(Un>$dNGHHE#DN1O%ovb8%4`8l4c|@0aqK7Wd55s)07*^ouMPt* zbco{4j&@SY{_vE#cnE6GV=4nlJ2IHHWB&vreBbZ{8;S#dIfKc@eg#Yq{<(OjtQvT$ zJ(XPakQp)Cn%Ucbj{;xD(BZ!O8LY1Msekj^p2*c9cPH>87-mS*Z%jDJ| zgb9ctS_cfIxesea2p!VDy*fdNX;1mp_$gC|6c8*rO0Y@lFI4}|1JJh*vzQfcESAmGVj ztX^ZVZ@|qk12G;7w)?jDAot}<@qnoNb}d!6<+yBdL^{A1FiXL`Yw{mGzzh@xGFtyM zI2DQ#wx2{uYo%i+Zm~a0Nt%=x(s&YcK$2 zCtW8V)N4P+jgdnAyWtT{)*yqXqysQ58ystcbNoYpiYEr{6N2Y1f~oi8M8lAzF#?yK zFCVR$pmd562~|33$9SPGrPr6FLS3rLPs#av;|1>jk83Mc`R``)V|9rqgp{KmivW)m zV=8!wIm!Ye8QRJ!WdCON-PaKu)XXvhf$>T~W*(rGseGtBkw?>u)c;e&<{AzpamEPt zFu52deKZO97M#m_1{*cl0^GOG(#TAbW&2D1|Q_Fb{{@20Xzr8RwC?s$LPpoAcx>C^Y4*ScR!n(P zn4*t?QzlM?J)ID2fP8b>5p2|r|D*oI-Cj!W5c)<(;bM2Y@n z|KpO_hr7y3DoUm%e0W8V+9Pt{&QwyD<9KLg_x_lGGWrx;KB}gT;C(O;*@sQe(5+^V zgMI5>Vt~iAw4-oWItq7P4!Ml1L}%;`7=Rp0MCbfS!v~ZYgiF$s=>jC5fT47#cBX9r zSvmW4IKPrqjeC{D5pIgB5Dv;vrep}wDIpme zl;PkInH?38u@03cq=}@YLNX5rWp2)NOc@g4R)&y@Lx%Kz);{Xq+w*;Xzvq44|K7L$ z5PPq^_Gen3d96(yfOjWex|^a0eCwpiuM$Q}eIxV(FyN#LZ=lABB{pe7vAM6FUTjfC zg5(M!va#he0apP?&5*-4@>0=TcW|FNg@}I>UK<)dm1ct@Ex+|RK%TfF+Vf!EJJl$7 z>pR5LhQk|AQ^(+~6>)?eYy{9g^(~M3B!I$IG9XMhdv!j*DqlUQyeNJjPof=(LlueW zI}$wFzNhOn)ejzRyRyoXO%grYx}{GVJqo@h$#`*Jvob(T<(=KdvQN9@;mOs+OF&;@ z4Ll-u=`*Zq=m#X3pS{e1%v?fqc%KV;7BC{+N2axEYt>TDkIb@)%VA@xCp8Syo2>==S<)HR#p3{9Ejs7JP=7hP4sxEO?W;b~@^ zm)oZ`WP8@-oWC|O_`NA)x=(zb(VjeaH6&|kv6vVrWp_9owa?pc=?j0f64)Lb6atEG zg%_)LrN|`t-Kr3_jnKL7*P$AdZIN}2`>g62pv+cdA{(h(OFiq_+b8yCnl zefS#nBlt$WjKLsb_!eR9#gjn5z|f`zRJyf5Jy@g2w0beB^xwTI{1 z33O~@h2^=Lh{#*hDVb!de=ZoUt1+0WykPQ<434zvyH+P*Uz0?x3yNj{YWrHbh*6 zlK4HhLrO5Fw;UKh)lZ(-200&?)e-;bfUrk(^2F;tx-51d+7Xdrx`dpPtR2SZy%EFld@o=#IVEuj_nE*-A=Eq} zz}2upuH575L29ngI0G;l8Ez%r5of-o87?F!8fm`mX#a$hMV(Gt4gCJT`9)M+`{8 z-n7^t#s?$lD;l}VbqB+j6L~3VHP!q1a~FgEZa*+=&#^A(?5u7ibWI46LMh=)?uoD7d@SpVBZ3_8bv;3f50|L5ef}wjx?v zB8*D5I&p*>0d*8S%&=Y~WhUG>|D{&Rr^QsG8j7Ee6g5ic9>t2Uj&iU)Fl2suK*hUj z!}R3q1NBo%58f@a&fkAV0L~q~QZXJnX1+sbwE~HzJPLVmnV!)mOp>TNF!kii@CyV! zbs!+FGdIh<|2VqEcNA>E!S)UA#0+iMvC8lBR$ph})wPgCxk30moKsn&P~0V%Q#oHU zJ@+Pf?23e5L_oSeaac~{28y^6L8k`Qn7VRq#R#Ron>(=@izQB=C`7=y?$EMVI8yhY zHp$zTj#r(LNp$nC74z@dXC(6VLq<+Ad?chl*ibAmd8F%sIcx}z5zK>@H@%_*J>Jh^ zTIgL}9JCTryQ$WXUVu{n*F_W;FM5}c_6s1s`NXDbp81(!rC0Fjpp~H$O%Et$khfcH zDC)N-d#qi=&u|=2QhY8J?6tk&(0YXKen6LCc|K3dp%@eL?zNYj5F%g=?T~WLkhEbc zf5;8RGvLcaDbBUAvjQtN985Yq_NKe5z@v4|gWhoNcl8=Qmmx79PlV4IrTDy%IJJt_ z7h=B&QY=#ip*tGNzd>HX>1Lelu1Ar2M}|HG7HIpA#AIZb)Zp*a*Kv0qXq$wOqbLap z3FQZTcAOr%d($LX_^Y~m^VS*0aGZiHrR#oP$js2)<~%1uxxML^H-3J?ui{)IFg^k) zDJAHCxnvL}T>a&JZ3=8gbV&@l5!fG}r|uVGodc&Rzew7A-0^MWx|f;O=A=T8)q686 zOz+#(GfaAFl`6aL7rD0>q?#tUkn4(E>aQKlF>pbi*b~sx`74=Atn*#|DeI+u3AJj>USf`%GOad)iKv6(IT?d0J4kq8h^x8~XF;<9R1t+T!*s;gRiCn2|X zrrQTlO>qn?^8YZDwggch+Ba7eB0rSXvpF-XDoXWDk}%P1wO^}ZzdHzynIhD|vwZ6XKCB;eC=8V!4Z?)~)% zGIUAENq=Z-of%A#&Ntn;@Re@iaiLB7x5vTkRSW@V(js`XM~syS2<@lM?Ibht>>J z+06F3`1L6kS){z|@6!X~1uc7zzda=uBs+;KxK2+R?RrqaBdYasW2JkGbW@||e9%bV z^LN>$A63LnZ|d54v}aT1SBf_(+7y|rvB+EzYyye7AO@=Y+ZvM zYq{JQwjFTDg>;==!~53pKt}U`->EF$r|0dC)RTip3-f*6Z*S_(395&0X?eU%yHLMd zk36sqAIf!=BkwcoXsm)wvQ?gAU^?p(q+m9q+*A;|&?ej@=uGJx2oTCWV=pju4@yg@ z#f+Y2lj(XH=V*FEON|M+D75?-9Ue&c9s0vOG`vYyyHdG+EA%QIsr0zABvN^rLQ+@axzwY-rU*F_#GCkV1n=-ueT+*ofF>58A zzZ~e-HT&N}31GLG_9)GYn8BLM@z55z8Yt;;hZNW!MV$rOR!4EUb=wC|V2YATB*V?| zHOnIhd_s(@AUVAM+YDp&#>tO+{OG4z?OWUJ2YT#@BF9z{Lpr7(FWIyWPOWhYb8n-g zHiVgGg>L-}%Y3T(Q4LQsZA*qVZ%CZHwIjVW6!eEluo)O44?kDR97s5389EEs_61kt zI$7B`oX@0_O?wL6yGICu(u+;ZV|OkijM~~a1NP!43JArpjMHQ z%;!XSvBJ>|9?%Bs(l&#WcXf3$;|Y?^^xawo?Xd|N)FPW=?=R3rcvZUKqd{xKgfsa- z<+mc_F(6eLz4oADs6-q;Cv3@Kkh|G4+dW4!wSUwDAuOG-F6<$2__F4QU zZB|M{qK^J~)zg)`dEE@7gqOZ8vk0L02ROJoPS6KhY=njdc-q64uMbgaZ|?c#=&M)cfT-t}E*BPfoP# zIM1Fob8#K7?px@v$nJpcC0e(*cuji(-tvye^EZ0GE~=l~UioonYn<0pdpMC(#r6J& z3;55KGdJavT9=>IRC+56)@?BRb!Iy>AIPI-gK4YB=Dd-N?XJWO*Cz6jZokxS*Tg`B zYigdcl$F9;hnqOG$OG)|BT0<8F&0rtDm4Ybj1`R7C&7n9`c{8c67R#mToz+)*e!^$ zc`5GoPx9Gm!X@NGPyg(1|IP?vv|6UX0iv%2RINgL!xouT-HS_X(Axik5BdtR8r`_7 zj(HJ$4I*zq?R2aC`|n^Q>s&!R3>Od5_wqVa&d+#ieyU>QpLv;E2zjIa^`duF>JO}Rg zaTMrnnBTw#g7W>O6J%s#pupbQWpfC^m1Jq~X1mT&)eHTeK$R6OfdDxO#8Zl5&`84I!=FX~M#m*|ye#N@TAJ#$V@@ z&L#$Dv>S?t3cUVP8(e`VDYl8`<%iva=@&Sl+eDR>#_{(6uWyuTP$plr>L{d?lLR=Q8)c>_qLf$&qItma-cQ7C7#xq$>q!M*9uOX?Xxj zwZ8n%BakEUKx(QSmXeKO7fMh-@DK-=$R5ExmeH^?(7C(B&u6Op$hnBy)r#HLD8QH7 zleV+y!0@Yrl5=Xhwyg>9i6)Bf5&zm}m8-lUMCcz36I$=G-*d;~_6t&m+hKp=vWmOU zl?H38uGhNnXn5Qz#eY5S!qZL3eK}&?F^o(boj40N+Z*O^%Kow$p>>WYUcFD>m-BHj zs#0}pTR{Nhnx?Odm-kFz1Wm!Fs7_smV)z`&*xH&SxsM&|H4Sy#u9m{*@y0CiI>>{L zMfr{0oDpF}PSCcOmS3T&pE!3z4zm|03_ww+rkH452<4#B`M-Y~J63OVy~>o1_*>G+JCX|+ystZcmQm^OEC<#D4HUg5tyzGlRtV(6=; zj96qTSa8(!f#`ur=jQyCOsfeONzz+$6y@-W8=1H$RLfTu`wf42#a|^vQd^1@{9^< zB`C!Q{w@VB{G&@A1Fd6otuTOyZ~^O0vZ0~m+d@q3UESHF$eJbU=OBRb&>99=FZ+M- zaCK7Qoj)RR=xsnXHQ>7#MztW?%R%Iy0k3FqAvLPGCW6x~OP>4q76h8ZA_Y(QzYBu= z)k%Jy6f9i@4hV8=C>V8NbI~y%P`2UOgfog3?6|X`;^l;PeJ1DUW zZ)!&BT7COk5y_;&e0d&}d>~Rqv2+tNIrUp8ehbBKq4=?%=6|FqMl0Az#a-^q^Z*n% zlybojo6}fE6;x4Csgu>766L2h^&dNpw0bgVWe~jOplIxfDMolcWlV?7?L~_gG*}w^ zxjCz=;<+hNgkGYu7G3)U*TR$}`2SHrWR7NGm8$xKB#1-$j0Go%Oyy2|1eLfAOoATC zDi!O7wN#QyE47BW9DkeQE0lgsmgE0n~^!x|O? zaasf|*Mu9v2Y0rhqUp8WDofFyVFWNtu)8!;l(iJ59nD^HhiSxMATx^!vvOKNMcs4r z(iJ$I1agAi_r(h`LFQaA;rk^q3^qfg&g;Wip^fv0X*=!24Nyh~Q;Lw30aJo#lnaWt zEnHF=kKY1iL6PQ1Dhf=%_&A|Ufa12jdMh?C91;NNYz2S(2uxd8svG&o0tSE@G9PGa zhcHMSv+Fx>a-M+JTJ_|U&Lrmh2zNL^mL6XQ+Zk4jD3d}Frb2o zMn(t0zzvTm$l~;fgk+djLP5R-GfTk0Mv$6_)XOG#G?4HD?rzQ&b26-g6bY$x`0?NZ z22h>G3=N{jZ$bMlXuk#Rw?_M|(SDoG|DNfDo-Y6M7ytG*I1fW7-!jhg6}d0!#;H2N zlOt!IM8=~=J}Qv_CW~#CG{+et0Xz#fYjqB0K7$3f6w)+N4o&eYXx!g5Jb;mz`;Q@M;QkmCeyJ0I zA-T3-uD{^cZTw-bnbtLo2GgXTykLOY%4Tp761;bH{`7;G7BqJkJo_wN8TEFsuu3F3 zFJ*clKLOsl8C;CTdtIUt@+=5tE7b^Q`tyeqM2JD2L(Tq;*h9TggUwoAGl2#1Kc^w| zLPamD=g*{L=tW`3+{^R)0aX@|Ax9<~Dd@A}80ZHw4%SR2a@GFRW+q z161bVZODytRuRK6_=I)@a68ZZM29)%6Y|N%7B_Cfq!4^Bk|4*wfgz$?^_`v0{igv5 z{7#sXs_*myfd3mO7MvV-u&E}`ppO79lY!ttw@k!;8FLiI%-FHc7$PXQfj3+G=oes4 zhXZ#6((6_N-eD|&Hb<@-4<^!oBSvrr8egssz^+tr1Hej`hu9Wav_Pb)18})=E%7@B zfe}cT^@?AB*#$g~+Hxgc3XtU^!jvq6Q4*--?H}Wk!KY485n6(w8Xy7b-=EzUKL>tA zCy*RrA7mEu!4X#A{skDqV&KlMG!9Me|IT>x;yyy1<`@O(^FR&ll@E5Cf z5Om?p?O)XfeokDX@dw2?r?hgmG}&q&{FYxWk0 G@c#nCAFgiz diff --git a/docs/user/assets/snatch-deployment.svg b/docs/user/assets/snatch-deployment.svg new file mode 100644 index 0000000..9903ae5 --- /dev/null +++ b/docs/user/assets/snatch-deployment.svg @@ -0,0 +1,4 @@ + + + +
SAP BTP, Kyma Runtime






















User
R
Kyma Worker Pool 
















Kubernetes
API Server
kyma-system Namespace











KIM Snatch Module






Mutating Admission Controller
(Webhook)
R
 \ No newline at end of file From 2b65c85a8b572f923a9c343ee7644b114e552a54 Mon Sep 17 00:00:00 2001 From: Tobias Schuhmacher Date: Mon, 27 Jan 2025 09:00:25 +0100 Subject: [PATCH 11/12] Apply suggestions from code review Co-authored-by: Iwona Langer --- docs/user/README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/user/README.md b/docs/user/README.md index 11b4f66..1933902 100644 --- a/docs/user/README.md +++ b/docs/user/README.md @@ -1,22 +1,22 @@ # KIM Snatch ## Overview -The KIM Snatch is part of Kyma Infrastructure Manager's (KIM) worker pool feature. It is deployed on all Kyma-managed runtimes. Mandatory modules are not visible for SAP BTP, Kyma runtime customers and automatically installed by the [KLM](https://github.com/kyma-project/lifecycle-manager) on each SAP BTP, Kyma runtime. +The KIM Snatch is part of Kyma Infrastructure Manager's (KIM) worker pool feature. It is deployed on all Kyma-managed runtimes. -In the past, only one worker pool existed in a Kyma runtime (called `Kyma worker pool`). This `Kyma worker pool` is mandatory and cannot be removed. It allows several configuration options, which can be too limited for users requiring special node setups. +So far, `Kyma worker pool` has been the only existing worker pool in SAP BTP, Kyma runtime. This `Kyma worker pool` is mandatory and cannot be removed. It allows several configuration options, which can be too limited for users requiring special node setups. -With the worker pool feature, you can add customized worker pools to your Kyma runtime and introduce worker nodes optimized for your particular workload requirements. +Now, with the worker pool feature, you can add customized worker pools to your Kyma runtime and introduce worker nodes optimized for your particular workload requirements. -The KIM-Snatch assigns Kyma workloads, for example, Kyma modules' operators, to the `Kyma worker pool` and ensures that your worker pools are reserved for your workloads. This solution has the following advantages: +KIM Snatch assigns Kyma workloads, for example, Kyma modules' operators, to `Kyma worker pool` and ensures that your worker pools are reserved for your workloads. This solution has the following advantages: -* Kyma workloads are not allocating resources on customized worker pools. This ensures that customers have the full capacity of the worker pool available for their workloads. +* Kyma workloads don't allocate resources on customized worker pools. This ensures that customers have the full capacity of the worker pool available for their workloads. * It reduces the risk of incompatibility between Kyma container images and individually configured worker pools. ## Technical Approach The KIM-Snatch introduces the Kubernetes [mutating admission webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook). -It intercepts all Pods that are scheduled in a Kyma-managed namespace. [Kyma Lifecycle Manager (KLM)](https://github.com/kyma-project/lifecycle-manager) always labels a managed namespace with `operator.kyma-project.io/managed-by: kyma`. KIM reacts only to Pods scheduled in one of these labeled namespaces. Typical Kyma-managed namespaces are `kyma-system` or, if the Kyma Istio module is used, `istio`. +It intercepts all Pods that are scheduled in a Kyma-managed namespace. [Kyma Lifecycle Manager (KLM)](https://github.com/kyma-project/lifecycle-manager) always labels a managed namespace with `operator.kyma-project.io/managed-by: kyma`. KIM reacts only to Pods scheduled in one of these labeled namespaces. Typical Kyma-managed namespaces are `kyma-system` or, if the Kyma Istio module is used, `istio`. ![KIM Snatch Webhook](./assets/snatch-deployment.svg) @@ -30,9 +30,9 @@ Assigning a Pod to a specific worker pool can have the following drawbacks: * Resources of the preferred worker pool are exhausted, while other worker pools still have free capacities. * If no suitable worker pool can be found and the node affinity is set as a "hard" rule, the Pod is not scheduled. -To overcome these limitations, we use `preferredDuringSchedulingIgnoredDuringExecution` so that the configured node affinity on Kyma workloads is a "soft" rule. For more details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity)). The Kubernetes scheduler prefers the Kyma worker pool. Still, if scheduling the Pod in this pool is impossible, it also considers other worker pools. +To overcome these limitations, we use `preferredDuringSchedulingIgnoredDuringExecution` so that the configured node affinity on Kyma workloads is a "soft" rule. For more details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). The Kubernetes scheduler prefers the Kyma worker pool. Still, if scheduling the Pod in this pool is impossible, it also considers other worker pools. -### Kyma workloads are not Intercepted +### Kyma Workloads are not Intercepted #### Non-Available Webhook is Ignored by Kubernetes Kubernetes calls can be heavily impacted if a mandatory admission webhook isn't responsive enough. This can lead to timeouts and massive performance degradation. From f24ee0aab2f664a5dccfe6eb04f041a1f483a6d5 Mon Sep 17 00:00:00 2001 From: Tobias Schuhmacher Date: Mon, 27 Jan 2025 09:04:14 +0100 Subject: [PATCH 12/12] Rename to KIM Snatch (without hyphen) --- docs/user/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/user/README.md b/docs/user/README.md index 1933902..58b3c6b 100644 --- a/docs/user/README.md +++ b/docs/user/README.md @@ -14,13 +14,13 @@ KIM Snatch assigns Kyma workloads, for example, Kyma modules' operators, to `Kym ## Technical Approach -The KIM-Snatch introduces the Kubernetes [mutating admission webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook). +The KIM Snatch introduces the Kubernetes [mutating admission webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook). It intercepts all Pods that are scheduled in a Kyma-managed namespace. [Kyma Lifecycle Manager (KLM)](https://github.com/kyma-project/lifecycle-manager) always labels a managed namespace with `operator.kyma-project.io/managed-by: kyma`. KIM reacts only to Pods scheduled in one of these labeled namespaces. Typical Kyma-managed namespaces are `kyma-system` or, if the Kyma Istio module is used, `istio`. ![KIM Snatch Webhook](./assets/snatch-deployment.svg) -Before the Pod is handed over to the Kubernetes scheduler, KIM-Snatch adds [`nodeAffinity`](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) to the Pod's manifest. This informs the Kubernetes scheduler to prefer nodes within the Kyma worker pool for this Pod. +Before the Pod is handed over to the Kubernetes scheduler, KIM Snatch adds [`nodeAffinity`](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) to the Pod's manifest. This informs the Kubernetes scheduler to prefer nodes within the Kyma worker pool for this Pod. ## Limitations @@ -37,7 +37,7 @@ To overcome these limitations, we use `preferredDuringSchedulingIgnoredDuringExe #### Non-Available Webhook is Ignored by Kubernetes Kubernetes calls can be heavily impacted if a mandatory admission webhook isn't responsive enough. This can lead to timeouts and massive performance degradation. -To prevent such side effects, the KIM-Snatch webhook is configured with a [failure tolerating policy](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy), which allows Kubernetes to continue in case of errors. This implies that downtimes or failures of the webhook are accepted, and Pods get scheduled without `nodeAffinity`. +To prevent such side effects, the KIM Snatch webhook is configured with a [failure tolerating policy](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy), which allows Kubernetes to continue in case of errors. This implies that downtimes or failures of the webhook are accepted, and Pods get scheduled without `nodeAffinity`. #### Already Scheduled Pods are Ignored by Webhook Additionally, no Pods that are already scheduled and running on a worker node receive `nodeAffinity` because `nodeAffinity` is only allowed to intercept non-scheduled Pods. This means that running Pods must be restarted to receive `nodeAffinity`. This webhook does not restart running Pods to avoid service interruptions or reduced user experience. \ No newline at end of file