From 896b825ccc63ff0dabac5b8b0dd2c251044d6e2f Mon Sep 17 00:00:00 2001 From: DeDe Morton Date: Wed, 18 Nov 2020 10:22:25 -0800 Subject: [PATCH 01/41] Fix Fleet link (#22642) --- x-pack/elastic-agent/docs/install-elastic-agent.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/elastic-agent/docs/install-elastic-agent.asciidoc b/x-pack/elastic-agent/docs/install-elastic-agent.asciidoc index ac9f641be214..fb9064baf5bc 100644 --- a/x-pack/elastic-agent/docs/install-elastic-agent.asciidoc +++ b/x-pack/elastic-agent/docs/install-elastic-agent.asciidoc @@ -45,7 +45,7 @@ include::{beats-repo-dir}/x-pack/elastic-agent/docs/tab-widgets/install-widget.a -- Don't have a {fleet} enrollment key? Read the -{ingest-guide}/ingest-management-getting-started.html[Quick start guide] to +{ingest-guide}/fleet-quick-start.html[Quick start guide] to learn how to generate one. Because {agent} is installed as an auto-starting service, it will restart From bb973c44c1d41183a8bec7e41493de5bc03c15b9 Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Thu, 19 Nov 2020 09:38:04 +0100 Subject: [PATCH 02/41] [filebeat][panw] Improve panos fileset url parsing (#22481) * Improve panos url parsing * Do not parse url details when not needed * Parse url based on threat subtype --- CHANGELOG.next.asciidoc | 1 + .../module/panw/panos/ingest/pipeline.yml | 53 ++ .../test/pan_inc_threat.log-expected.json | 571 ++++++++++++++---- .../panw/panos/test/threat.log-expected.json | 532 +++++++++++----- 4 files changed, 874 insertions(+), 283 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 46d6a9f5b305..b77935ef89b8 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -722,6 +722,7 @@ from being added to events by default. {pull}18159[18159] - Added DNS response IP addresses to `related.ip` in Suricata module. {pull}22291[22291] - Added TLS JA3 fingerprint, certificate not_before/not_after, certificate SHA1 hash, and certificate subject fields to Zeek SSL dataset. {pull}21696[21696] - Added `event.ingested` field to data from the Netflow module. {pull}22412[22412] +- Improve panw ECS url fields mapping. {pull}22481[22481] *Heartbeat* diff --git a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml index a958993a61c0..8b2bd7e83244 100644 --- a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml +++ b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml @@ -447,6 +447,47 @@ processors: value: "{{panw.panos.ruleset}}" ignore_empty_value: true +# Set url and file values + - rename: + if: 'ctx?.panw?.panos?.sub_type != "url"' + field: url.original + target_field: file.name + ignore_missing: true + + - grok: + field: url.original + patterns: + - '(%{ANY:url.scheme}\:\/\/)?(%{USERNAME:url.username}(\:%{PASSWORD:url.password})?\@)?%{DOMAIN:url.domain}(\:%{POSINT:url.port})?(%{PATH:url.path})?(\?%{QUERY:url.query})?(\#%{ANY:url.fragment})?' + ignore_missing: true + pattern_definitions: + USERNAME: '[^\:]*' + PASSWORD: '[^@]*' + DOMAIN: '[^\/\?#\:]*' + PATH: '[^\?#]*' + QUERY: '[^#]*' + ANY: '.*' + if: 'ctx?.url?.original != null && ctx?.url?.original != "-/" && ctx?.url?.original != ""' + + - grok: + field: url.path + patterns: + - '%{FILENAME}((?:\.%{ANY})*(\.%{ANY:url.extension}))?' + ignore_missing: true + pattern_definitions: + FILENAME: '[^\.]+' + ANY: '.*' + if: 'ctx?.url?.path != null && ctx?.url?.path != ""' + + - grok: + field: file.name + patterns: + - '%{FILENAME}((?:\.%{ANY})*(\.%{ANY:file.extension}))?' + ignore_missing: true + pattern_definitions: + FILENAME: '[^\.]+' + ANY: '.*' + if: 'ctx?.file?.name != null && ctx?.file?.name != ""' + - append: field: related.user value: "{{client.user.name}}" @@ -467,6 +508,12 @@ processors: value: "{{destination.user.name}}" if: "ctx?.destination?.user?.name != null" + - append: + field: related.user + value: "{{url.username}}" + if: "ctx?.url?.username != null && ctx?.url?.username != ''" + allow_duplicates: false + - append: field: related.hash value: "{{panw.panos.file.hash}}" @@ -478,6 +525,12 @@ processors: if: "ctx?.observer?.hostname != null && ctx.observer?.hostname != ''" allow_duplicates: false + - append: + field: related.hosts + value: "{{url.domain}}" + if: "ctx?.url?.domain != null && ctx.url?.domain != ''" + allow_duplicates: false + # Remove temporary fields. - remove: field: diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json index 8e5df2e94e41..cf6c021da903 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json @@ -69,6 +69,9 @@ "panw.panos.threat.resource": "lorexx.cn/loader.exe", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "related.hosts": [ + "lorexx.cn" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -92,7 +95,10 @@ "pan-os", "forwarded" ], - "url.original": "lorexx.cn/loader.exe" + "url.domain": "lorexx.cn", + "url.extension": "exe", + "url.original": "lorexx.cn/loader.exe", + "url.path": "/loader.exe" }, { "@timestamp": "2012-04-10T04:39:56.000-02:00", @@ -164,6 +170,9 @@ "panw.panos.threat.resource": "lsiu.info/evo/count.php?o=2", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "related.hosts": [ + "lsiu.info" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -187,7 +196,11 @@ "pan-os", "forwarded" ], - "url.original": "lsiu.info/evo/count.php?o=2" + "url.domain": "lsiu.info", + "url.extension": "php", + "url.original": "lsiu.info/evo/count.php?o=2", + "url.path": "/evo/count.php", + "url.query": "o=2" }, { "@timestamp": "2012-04-10T04:39:56.000-02:00", @@ -259,6 +272,9 @@ "panw.panos.threat.resource": "lsiu.info/evo/count.php?o=5", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "related.hosts": [ + "lsiu.info" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -282,7 +298,11 @@ "pan-os", "forwarded" ], - "url.original": "lsiu.info/evo/count.php?o=5" + "url.domain": "lsiu.info", + "url.extension": "php", + "url.original": "lsiu.info/evo/count.php?o=5", + "url.path": "/evo/count.php", + "url.query": "o=5" }, { "@timestamp": "2012-04-10T04:39:57.000-02:00", @@ -354,6 +374,9 @@ "panw.panos.threat.resource": "lsiu.info/evo/count.php?o=7", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "related.hosts": [ + "lsiu.info" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -377,7 +400,11 @@ "pan-os", "forwarded" ], - "url.original": "lsiu.info/evo/count.php?o=7" + "url.domain": "lsiu.info", + "url.extension": "php", + "url.original": "lsiu.info/evo/count.php?o=7", + "url.path": "/evo/count.php", + "url.query": "o=7" }, { "@timestamp": "2012-04-10T04:39:57.000-02:00", @@ -449,6 +476,9 @@ "panw.panos.threat.resource": "lsiu.info/evo/exploits/x18.php?o=2&t=1241403746&i=1365814122", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "related.hosts": [ + "lsiu.info" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -472,7 +502,11 @@ "pan-os", "forwarded" ], - "url.original": "lsiu.info/evo/exploits/x18.php?o=2&t=1241403746&i=1365814122" + "url.domain": "lsiu.info", + "url.extension": "php", + "url.original": "lsiu.info/evo/exploits/x18.php?o=2&t=1241403746&i=1365814122", + "url.path": "/evo/exploits/x18.php", + "url.query": "o=2&t=1241403746&i=1365814122" }, { "@timestamp": "2012-04-10T04:39:57.000-02:00", @@ -544,6 +578,9 @@ "panw.panos.threat.resource": "lsiu.info/evo/exploits/x19.php?o=2&t=1241403746&i=1365814122", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "related.hosts": [ + "lsiu.info" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -567,7 +604,11 @@ "pan-os", "forwarded" ], - "url.original": "lsiu.info/evo/exploits/x19.php?o=2&t=1241403746&i=1365814122" + "url.domain": "lsiu.info", + "url.extension": "php", + "url.original": "lsiu.info/evo/exploits/x19.php?o=2&t=1241403746&i=1365814122", + "url.path": "/evo/exploits/x19.php", + "url.query": "o=2&t=1241403746&i=1365814122" }, { "@timestamp": "2012-04-10T04:39:54.000-02:00", @@ -639,6 +680,9 @@ "panw.panos.threat.resource": "liteautobestguide.cn/load.php", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "related.hosts": [ + "liteautobestguide.cn" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -662,7 +706,10 @@ "pan-os", "forwarded" ], - "url.original": "liteautobestguide.cn/load.php" + "url.domain": "liteautobestguide.cn", + "url.extension": "php", + "url.original": "liteautobestguide.cn/load.php", + "url.path": "/load.php" }, { "@timestamp": "2012-04-10T04:39:54.000-02:00", @@ -734,6 +781,9 @@ "panw.panos.threat.resource": "liteautobestguide.cn/index.php", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "related.hosts": [ + "liteautobestguide.cn" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -757,7 +807,10 @@ "pan-os", "forwarded" ], - "url.original": "liteautobestguide.cn/index.php" + "url.domain": "liteautobestguide.cn", + "url.extension": "php", + "url.original": "liteautobestguide.cn/index.php", + "url.path": "/index.php" }, { "@timestamp": "2012-04-10T04:39:55.000-02:00", @@ -829,6 +882,9 @@ "panw.panos.threat.resource": "litetopdetect.cn/index.php", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "related.hosts": [ + "litetopdetect.cn" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -852,7 +908,10 @@ "pan-os", "forwarded" ], - "url.original": "litetopdetect.cn/index.php" + "url.domain": "litetopdetect.cn", + "url.extension": "php", + "url.original": "litetopdetect.cn/index.php", + "url.path": "/index.php" }, { "@timestamp": "2012-04-10T04:39:55.000-02:00", @@ -924,6 +983,9 @@ "panw.panos.threat.resource": "lkmpmlm.com/fff9999.php?aid=0&uid=6cbbc5081e7548e276611ff5059df6ed30c8f8f1&os=513", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "related.hosts": [ + "lkmpmlm.com" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -947,7 +1009,11 @@ "pan-os", "forwarded" ], - "url.original": "lkmpmlm.com/fff9999.php?aid=0&uid=6cbbc5081e7548e276611ff5059df6ed30c8f8f1&os=513" + "url.domain": "lkmpmlm.com", + "url.extension": "php", + "url.original": "lkmpmlm.com/fff9999.php?aid=0&uid=6cbbc5081e7548e276611ff5059df6ed30c8f8f1&os=513", + "url.path": "/fff9999.php", + "url.query": "aid=0&uid=6cbbc5081e7548e276611ff5059df6ed30c8f8f1&os=513" }, { "@timestamp": "2012-04-10T04:39:52.000-02:00", @@ -1019,6 +1085,9 @@ "panw.panos.threat.resource": "girlteenxxxfreemov.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "related.hosts": [ + "girlteenxxxfreemov.com" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1042,7 +1111,9 @@ "pan-os", "forwarded" ], - "url.original": "girlteenxxxfreemov.com/" + "url.domain": "girlteenxxxfreemov.com", + "url.original": "girlteenxxxfreemov.com/", + "url.path": "/" }, { "@timestamp": "2012-04-10T04:39:53.000-02:00", @@ -1114,6 +1185,9 @@ "panw.panos.threat.resource": "imagesrepository.com/resolution.php", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "related.hosts": [ + "imagesrepository.com" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1137,7 +1211,10 @@ "pan-os", "forwarded" ], - "url.original": "imagesrepository.com/resolution.php" + "url.domain": "imagesrepository.com", + "url.extension": "php", + "url.original": "imagesrepository.com/resolution.php", + "url.path": "/resolution.php" }, { "@timestamp": "2012-04-10T04:39:53.000-02:00", @@ -1209,6 +1286,9 @@ "panw.panos.threat.resource": "hottestfiles.com/search/search.php?q=xxx", "panw.panos.type": "THREAT", "panw.panos.url.category": "search-engines", + "related.hosts": [ + "hottestfiles.com" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1232,7 +1312,11 @@ "pan-os", "forwarded" ], - "url.original": "hottestfiles.com/search/search.php?q=xxx" + "url.domain": "hottestfiles.com", + "url.extension": "php", + "url.original": "hottestfiles.com/search/search.php?q=xxx", + "url.path": "/search/search.php", + "url.query": "q=xxx" }, { "@timestamp": "2012-04-10T04:39:54.000-02:00", @@ -1303,6 +1387,9 @@ "panw.panos.threat.resource": "infodist1.com/in.cgi?11¶meter=404", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "related.hosts": [ + "infodist1.com" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1326,7 +1413,11 @@ "pan-os", "forwarded" ], - "url.original": "infodist1.com/in.cgi?11¶meter=404" + "url.domain": "infodist1.com", + "url.extension": "cgi", + "url.original": "infodist1.com/in.cgi?11¶meter=404", + "url.path": "/in.cgi", + "url.query": "11¶meter=404" }, { "@timestamp": "2012-04-10T04:39:51.000-02:00", @@ -1398,6 +1489,9 @@ "panw.panos.threat.resource": "cls-softwares.com/suc.php", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "related.hosts": [ + "cls-softwares.com" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1421,7 +1515,10 @@ "pan-os", "forwarded" ], - "url.original": "cls-softwares.com/suc.php" + "url.domain": "cls-softwares.com", + "url.extension": "php", + "url.original": "cls-softwares.com/suc.php", + "url.path": "/suc.php" }, { "@timestamp": "2012-04-10T04:39:51.000-02:00", @@ -1493,6 +1590,9 @@ "panw.panos.threat.resource": "cls-softwares.com/softwarefortubeview.40013.exe", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "related.hosts": [ + "cls-softwares.com" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1516,7 +1616,10 @@ "pan-os", "forwarded" ], - "url.original": "cls-softwares.com/softwarefortubeview.40013.exe" + "url.domain": "cls-softwares.com", + "url.extension": "exe", + "url.original": "cls-softwares.com/softwarefortubeview.40013.exe", + "url.path": "/softwarefortubeview.40013.exe" }, { "@timestamp": "2012-04-10T04:39:52.000-02:00", @@ -1584,6 +1687,9 @@ "panw.panos.threat.resource": "findmorepill.com/klik/search.php?q=xxx", "panw.panos.type": "THREAT", "panw.panos.url.category": "online-gambling", + "related.hosts": [ + "findmorepill.com" + ], "related.ip": [ "192.168.0.2", "78.159.99.224", @@ -1607,7 +1713,11 @@ "pan-os", "forwarded" ], - "url.original": "findmorepill.com/klik/search.php?q=xxx" + "url.domain": "findmorepill.com", + "url.extension": "php", + "url.original": "findmorepill.com/klik/search.php?q=xxx", + "url.path": "/klik/search.php", + "url.query": "q=xxx" }, { "@timestamp": "2012-04-10T04:39:48.000-02:00", @@ -1679,6 +1789,9 @@ "panw.panos.threat.resource": "allowedwebsurfing.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "related.hosts": [ + "allowedwebsurfing.com" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1702,7 +1815,9 @@ "pan-os", "forwarded" ], - "url.original": "allowedwebsurfing.com/" + "url.domain": "allowedwebsurfing.com", + "url.original": "allowedwebsurfing.com/", + "url.path": "/" }, { "@timestamp": "2012-04-10T04:39:49.000-02:00", @@ -1774,6 +1889,9 @@ "panw.panos.threat.resource": "antivirus-remote.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "related.hosts": [ + "antivirus-remote.com" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1797,7 +1915,9 @@ "pan-os", "forwarded" ], - "url.original": "antivirus-remote.com/" + "url.domain": "antivirus-remote.com", + "url.original": "antivirus-remote.com/", + "url.path": "/" }, { "@timestamp": "2012-04-10T04:39:49.000-02:00", @@ -1869,6 +1989,9 @@ "panw.panos.threat.resource": "bklinkov.ru/hi/start.cfg", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "related.hosts": [ + "bklinkov.ru" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1892,7 +2015,10 @@ "pan-os", "forwarded" ], - "url.original": "bklinkov.ru/hi/start.cfg" + "url.domain": "bklinkov.ru", + "url.extension": "cfg", + "url.original": "bklinkov.ru/hi/start.cfg", + "url.path": "/hi/start.cfg" }, { "@timestamp": "2012-04-10T04:39:50.000-02:00", @@ -1964,6 +2090,9 @@ "panw.panos.threat.resource": "blogsexnakedgirlxxx.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "related.hosts": [ + "blogsexnakedgirlxxx.com" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1987,7 +2116,9 @@ "pan-os", "forwarded" ], - "url.original": "blogsexnakedgirlxxx.com/" + "url.domain": "blogsexnakedgirlxxx.com", + "url.original": "blogsexnakedgirlxxx.com/", + "url.path": "/" }, { "@timestamp": "2012-04-10T04:39:50.000-02:00", @@ -2059,6 +2190,9 @@ "panw.panos.threat.resource": "bklinkov.ru/hi/start.exe", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "related.hosts": [ + "bklinkov.ru" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -2082,7 +2216,10 @@ "pan-os", "forwarded" ], - "url.original": "bklinkov.ru/hi/start.exe" + "url.domain": "bklinkov.ru", + "url.extension": "exe", + "url.original": "bklinkov.ru/hi/start.exe", + "url.path": "/hi/start.exe" }, { "@timestamp": "2012-04-10T04:39:47.000-02:00", @@ -3195,6 +3332,9 @@ "panw.panos.threat.resource": "wantfinest.com/tds/in.cgi?default", "panw.panos.type": "THREAT", "panw.panos.url.category": "unknown", + "related.hosts": [ + "wantfinest.com" + ], "related.ip": [ "192.168.0.2", "69.43.161.167", @@ -3218,7 +3358,11 @@ "pan-os", "forwarded" ], - "url.original": "wantfinest.com/tds/in.cgi?default" + "url.domain": "wantfinest.com", + "url.extension": "cgi", + "url.original": "wantfinest.com/tds/in.cgi?default", + "url.path": "/tds/in.cgi", + "url.query": "default" }, { "@timestamp": "2012-04-10T04:39:38.000-02:00", @@ -3286,6 +3430,9 @@ "panw.panos.threat.resource": "sameshitasiteverwas.com/traf/tds/in.cgi?2", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "related.hosts": [ + "sameshitasiteverwas.com" + ], "related.ip": [ "192.168.0.2", "202.31.187.154", @@ -3309,7 +3456,11 @@ "pan-os", "forwarded" ], - "url.original": "sameshitasiteverwas.com/traf/tds/in.cgi?2" + "url.domain": "sameshitasiteverwas.com", + "url.extension": "cgi", + "url.original": "sameshitasiteverwas.com/traf/tds/in.cgi?2", + "url.path": "/traf/tds/in.cgi", + "url.query": "2" }, { "@timestamp": "2012-04-10T04:39:39.000-02:00", @@ -3377,6 +3528,9 @@ "panw.panos.threat.resource": "svarkon.ru/update.exe", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "related.hosts": [ + "svarkon.ru" + ], "related.ip": [ "192.168.0.2", "89.111.176.67", @@ -3400,7 +3554,10 @@ "pan-os", "forwarded" ], - "url.original": "svarkon.ru/update.exe" + "url.domain": "svarkon.ru", + "url.extension": "exe", + "url.original": "svarkon.ru/update.exe", + "url.path": "/update.exe" }, { "@timestamp": "2012-04-10T04:39:36.000-02:00", @@ -3471,6 +3628,9 @@ "panw.panos.threat.resource": "onlinescanxpp.com/land/eurl/1.php?code=", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "related.hosts": [ + "onlinescanxpp.com" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -3494,7 +3654,11 @@ "pan-os", "forwarded" ], - "url.original": "onlinescanxpp.com/land/eurl/1.php?code=" + "url.domain": "onlinescanxpp.com", + "url.extension": "php", + "url.original": "onlinescanxpp.com/land/eurl/1.php?code=", + "url.path": "/land/eurl/1.php", + "url.query": "code=" }, { "@timestamp": "2012-04-10T04:39:34.000-02:00", @@ -3562,6 +3726,9 @@ "panw.panos.threat.resource": "nolagtime.com/conn/?JKV_1RWbUUdIfRUWUaITfdIfbREdYEYdfTTRI-6XBB_1WQR-6GF5_1AU-6LC6_1Y-gW-gEUQQ-gE-tsDF6K5D_rpX51_rR-t-66FC_1Q_fQ_fQ_fQ_fQ_fQ_fQ_fQ-62BG_1Q-672V_1YOR-6N8J_1Q-6252_1WQRR-69LV_1-65GZ_1W-6", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "related.hosts": [ + "nolagtime.com" + ], "related.ip": [ "192.168.0.2", "208.73.210.29", @@ -3585,7 +3752,10 @@ "pan-os", "forwarded" ], - "url.original": "nolagtime.com/conn/?JKV_1RWbUUdIfRUWUaITfdIfbREdYEYdfTTRI-6XBB_1WQR-6GF5_1AU-6LC6_1Y-gW-gEUQQ-gE-tsDF6K5D_rpX51_rR-t-66FC_1Q_fQ_fQ_fQ_fQ_fQ_fQ_fQ-62BG_1Q-672V_1YOR-6N8J_1Q-6252_1WQRR-69LV_1-65GZ_1W-6" + "url.domain": "nolagtime.com", + "url.original": "nolagtime.com/conn/?JKV_1RWbUUdIfRUWUaITfdIfbREdYEYdfTTRI-6XBB_1WQR-6GF5_1AU-6LC6_1Y-gW-gEUQQ-gE-tsDF6K5D_rpX51_rR-t-66FC_1Q_fQ_fQ_fQ_fQ_fQ_fQ_fQ-62BG_1Q-672V_1YOR-6N8J_1Q-6252_1WQRR-69LV_1-65GZ_1W-6", + "url.path": "/conn/", + "url.query": "JKV_1RWbUUdIfRUWUaITfdIfbREdYEYdfTTRI-6XBB_1WQR-6GF5_1AU-6LC6_1Y-gW-gEUQQ-gE-tsDF6K5D_rpX51_rR-t-66FC_1Q_fQ_fQ_fQ_fQ_fQ_fQ_fQ-62BG_1Q-672V_1YOR-6N8J_1Q-6252_1WQRR-69LV_1-65GZ_1W-6" }, { "@timestamp": "2012-04-10T04:39:35.000-02:00", @@ -3653,6 +3823,9 @@ "panw.panos.threat.resource": "nolagtime.com/gwc.txt", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "related.hosts": [ + "nolagtime.com" + ], "related.ip": [ "192.168.0.2", "208.73.210.29", @@ -3676,7 +3849,10 @@ "pan-os", "forwarded" ], - "url.original": "nolagtime.com/gwc.txt" + "url.domain": "nolagtime.com", + "url.extension": "txt", + "url.original": "nolagtime.com/gwc.txt", + "url.path": "/gwc.txt" }, { "@timestamp": "2012-04-10T04:38:19.000-02:00", @@ -3747,6 +3923,9 @@ "panw.panos.threat.resource": "karavan.us/bon/index.php", "panw.panos.type": "THREAT", "panw.panos.url.category": "unknown", + "related.hosts": [ + "karavan.us" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -3770,7 +3949,10 @@ "pan-os", "forwarded" ], - "url.original": "karavan.us/bon/index.php" + "url.domain": "karavan.us", + "url.extension": "php", + "url.original": "karavan.us/bon/index.php", + "url.path": "/bon/index.php" }, { "@timestamp": "2012-04-10T04:38:14.000-02:00", @@ -3838,6 +4020,9 @@ "panw.panos.threat.resource": "findnolimits.com/go.php?sid=1", "panw.panos.type": "THREAT", "panw.panos.url.category": "dead-sites", + "related.hosts": [ + "findnolimits.com" + ], "related.ip": [ "192.168.0.2", "208.73.210.29", @@ -3861,7 +4046,11 @@ "pan-os", "forwarded" ], - "url.original": "findnolimits.com/go.php?sid=1" + "url.domain": "findnolimits.com", + "url.extension": "php", + "url.original": "findnolimits.com/go.php?sid=1", + "url.path": "/go.php", + "url.query": "sid=1" }, { "@timestamp": "2012-04-10T04:38:12.000-02:00", @@ -3929,6 +4118,9 @@ "panw.panos.threat.resource": "bizoplata.ru/moun.html", "panw.panos.type": "THREAT", "panw.panos.url.category": "parked-domains", + "related.hosts": [ + "bizoplata.ru" + ], "related.ip": [ "192.168.0.2", "89.108.64.156", @@ -3952,7 +4144,10 @@ "pan-os", "forwarded" ], - "url.original": "bizoplata.ru/moun.html" + "url.domain": "bizoplata.ru", + "url.extension": "html", + "url.original": "bizoplata.ru/moun.html", + "url.path": "/moun.html" }, { "@timestamp": "2012-04-10T04:38:12.000-02:00", @@ -4020,6 +4215,9 @@ "panw.panos.threat.resource": "bizoplata.ru/palast.html", "panw.panos.type": "THREAT", "panw.panos.url.category": "parked-domains", + "related.hosts": [ + "bizoplata.ru" + ], "related.ip": [ "192.168.0.2", "89.108.64.156", @@ -4043,7 +4241,10 @@ "pan-os", "forwarded" ], - "url.original": "bizoplata.ru/palast.html" + "url.domain": "bizoplata.ru", + "url.extension": "html", + "url.original": "bizoplata.ru/palast.html", + "url.path": "/palast.html" }, { "@timestamp": "2012-04-10T04:37:28.000-02:00", @@ -4066,6 +4267,8 @@ "event.outcome": "success", "event.severity": 1, "event.timezone": "-02:00", + "file.extension": "php", + "file.name": "controller.php", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -4133,8 +4336,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "controller.php" + ] }, { "@timestamp": "2012-04-10T04:37:32.000-02:00", @@ -4205,6 +4407,9 @@ "panw.panos.threat.resource": "www.15min.it/", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "related.hosts": [ + "www.15min.it" + ], "related.ip": [ "192.168.0.2", "216.8.179.25", @@ -4228,7 +4433,9 @@ "pan-os", "forwarded" ], - "url.original": "www.15min.it/" + "url.domain": "www.15min.it", + "url.original": "www.15min.it/", + "url.path": "/" }, { "@timestamp": "2012-04-10T04:37:27.000-02:00", @@ -4296,6 +4503,9 @@ "panw.panos.threat.resource": "tubemov.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "adult-and-pornography", + "related.hosts": [ + "tubemov.com" + ], "related.ip": [ "192.168.0.2", "69.43.161.154", @@ -4319,7 +4529,9 @@ "pan-os", "forwarded" ], - "url.original": "tubemov.com/" + "url.domain": "tubemov.com", + "url.original": "tubemov.com/", + "url.path": "/" }, { "@timestamp": "2012-04-10T04:37:25.000-02:00", @@ -4387,6 +4599,9 @@ "panw.panos.threat.resource": "pagesinxt.com/?dn=teenstube.us&flrdr=yes&nxte=js", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "related.hosts": [ + "pagesinxt.com" + ], "related.ip": [ "192.168.0.2", "208.91.196.252", @@ -4410,7 +4625,10 @@ "pan-os", "forwarded" ], - "url.original": "pagesinxt.com/?dn=teenstube.us&flrdr=yes&nxte=js" + "url.domain": "pagesinxt.com", + "url.original": "pagesinxt.com/?dn=teenstube.us&flrdr=yes&nxte=js", + "url.path": "/", + "url.query": "dn=teenstube.us&flrdr=yes&nxte=js" }, { "@timestamp": "2012-04-10T04:37:05.000-02:00", @@ -4478,6 +4696,9 @@ "panw.panos.threat.resource": "movfree.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "spyware-and-adware", + "related.hosts": [ + "movfree.com" + ], "related.ip": [ "192.168.0.2", "208.73.210.29", @@ -4501,7 +4722,9 @@ "pan-os", "forwarded" ], - "url.original": "movfree.com/" + "url.domain": "movfree.com", + "url.original": "movfree.com/", + "url.path": "/" }, { "@timestamp": "2012-04-10T04:36:51.000-02:00", @@ -4572,6 +4795,9 @@ "panw.panos.threat.resource": "gometascan.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "related.hosts": [ + "gometascan.com" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -4595,7 +4821,9 @@ "pan-os", "forwarded" ], - "url.original": "gometascan.com/" + "url.domain": "gometascan.com", + "url.original": "gometascan.com/", + "url.path": "/" }, { "@timestamp": "2012-04-10T04:36:39.000-02:00", @@ -4666,6 +4894,9 @@ "panw.panos.threat.resource": "antivirus-powerful-scannerv2.com/download/Install_11-1.exe", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "related.hosts": [ + "antivirus-powerful-scannerv2.com" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -4689,7 +4920,10 @@ "pan-os", "forwarded" ], - "url.original": "antivirus-powerful-scannerv2.com/download/Install_11-1.exe" + "url.domain": "antivirus-powerful-scannerv2.com", + "url.extension": "exe", + "url.original": "antivirus-powerful-scannerv2.com/download/Install_11-1.exe", + "url.path": "/download/Install_11-1.exe" }, { "@timestamp": "2012-04-10T04:36:38.000-02:00", @@ -4760,6 +4994,9 @@ "panw.panos.threat.resource": "antivirus-powerful-scannerv2.com/1/?id=11-1&back==TQzyDTyMUQNMI=N", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "related.hosts": [ + "antivirus-powerful-scannerv2.com" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -4783,7 +5020,10 @@ "pan-os", "forwarded" ], - "url.original": "antivirus-powerful-scannerv2.com/1/?id=11-1&back==TQzyDTyMUQNMI=N" + "url.domain": "antivirus-powerful-scannerv2.com", + "url.original": "antivirus-powerful-scannerv2.com/1/?id=11-1&back==TQzyDTyMUQNMI=N", + "url.path": "/1/", + "url.query": "id=11-1&back==TQzyDTyMUQNMI=N" }, { "@timestamp": "2012-04-10T04:36:27.000-02:00", @@ -4854,6 +5094,9 @@ "panw.panos.threat.resource": "basdzsdas.com/poker/config.bin", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "related.hosts": [ + "basdzsdas.com" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -4877,7 +5120,10 @@ "pan-os", "forwarded" ], - "url.original": "basdzsdas.com/poker/config.bin" + "url.domain": "basdzsdas.com", + "url.extension": "bin", + "url.original": "basdzsdas.com/poker/config.bin", + "url.path": "/poker/config.bin" }, { "@timestamp": "2012-04-10T04:36:27.000-02:00", @@ -4948,6 +5194,9 @@ "panw.panos.threat.resource": "basdzsdas.com/poker/config.bin", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "related.hosts": [ + "basdzsdas.com" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -4971,7 +5220,10 @@ "pan-os", "forwarded" ], - "url.original": "basdzsdas.com/poker/config.bin" + "url.domain": "basdzsdas.com", + "url.extension": "bin", + "url.original": "basdzsdas.com/poker/config.bin", + "url.path": "/poker/config.bin" }, { "@timestamp": "2012-04-10T04:19:59.000-02:00", @@ -4997,6 +5249,8 @@ "event.type": [ "denied" ], + "file.extension": "exe", + "file.name": "uLLGRaXP.exe", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5064,8 +5318,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "uLLGRaXP.exe" + ] }, { "@timestamp": "2012-04-10T04:36:27.000-02:00", @@ -5136,6 +5389,9 @@ "panw.panos.threat.resource": "basdzsdas.com/poker/config.bin", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "related.hosts": [ + "basdzsdas.com" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -5159,7 +5415,10 @@ "pan-os", "forwarded" ], - "url.original": "basdzsdas.com/poker/config.bin" + "url.domain": "basdzsdas.com", + "url.extension": "bin", + "url.original": "basdzsdas.com/poker/config.bin", + "url.path": "/poker/config.bin" }, { "@timestamp": "2012-04-10T04:51:29.000-02:00", @@ -5185,6 +5444,8 @@ "event.type": [ "denied" ], + "file.extension": "exe", + "file.name": "FunkyEmoticons_setup.exe", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5252,8 +5513,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "FunkyEmoticons_setup.exe" + ] }, { "@timestamp": "2012-04-10T04:54:33.000-02:00", @@ -5279,6 +5539,8 @@ "event.type": [ "denied" ], + "file.extension": "exe", + "file.name": "52hxw.exe", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5345,8 +5607,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "52hxw.exe" + ] }, { "@timestamp": "2012-04-10T05:01:00.000-02:00", @@ -5417,6 +5678,9 @@ "panw.panos.threat.resource": "softsellfast.com/test/config.bin", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "related.hosts": [ + "softsellfast.com" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -5440,7 +5704,10 @@ "pan-os", "forwarded" ], - "url.original": "softsellfast.com/test/config.bin" + "url.domain": "softsellfast.com", + "url.extension": "bin", + "url.original": "softsellfast.com/test/config.bin", + "url.path": "/test/config.bin" }, { "@timestamp": "2012-04-10T04:45:17.000-02:00", @@ -5466,6 +5733,8 @@ "event.type": [ "denied" ], + "file.extension": "exe", + "file.name": "setup.exe", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5530,8 +5799,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "setup.exe" + ] }, { "@timestamp": "2012-04-10T04:46:16.000-02:00", @@ -5557,6 +5825,8 @@ "event.type": [ "denied" ], + "file.extension": "exe", + "file.name": "Live-Player_setup.exe", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5624,8 +5894,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "Live-Player_setup.exe" + ] }, { "@timestamp": "2012-04-10T04:42:39.000-02:00", @@ -5693,6 +5962,9 @@ "panw.panos.threat.resource": "boialex.narod.ru/config.txt", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "related.hosts": [ + "boialex.narod.ru" + ], "related.ip": [ "192.168.0.2", "213.180.199.61", @@ -5716,7 +5988,10 @@ "pan-os", "forwarded" ], - "url.original": "boialex.narod.ru/config.txt" + "url.domain": "boialex.narod.ru", + "url.extension": "txt", + "url.original": "boialex.narod.ru/config.txt", + "url.path": "/config.txt" }, { "@timestamp": "2012-04-10T04:42:42.000-02:00", @@ -5784,6 +6059,9 @@ "panw.panos.threat.resource": "edw-melon.narod.ru/config.txt", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "related.hosts": [ + "edw-melon.narod.ru" + ], "related.ip": [ "192.168.0.2", "213.180.199.61", @@ -5807,7 +6085,10 @@ "pan-os", "forwarded" ], - "url.original": "edw-melon.narod.ru/config.txt" + "url.domain": "edw-melon.narod.ru", + "url.extension": "txt", + "url.original": "edw-melon.narod.ru/config.txt", + "url.path": "/config.txt" }, { "@timestamp": "2012-04-10T04:42:51.000-02:00", @@ -5875,6 +6156,9 @@ "panw.panos.threat.resource": "maximtushin.narod.ru/config.txt", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "related.hosts": [ + "maximtushin.narod.ru" + ], "related.ip": [ "192.168.0.2", "213.180.199.61", @@ -5898,7 +6182,10 @@ "pan-os", "forwarded" ], - "url.original": "maximtushin.narod.ru/config.txt" + "url.domain": "maximtushin.narod.ru", + "url.extension": "txt", + "url.original": "maximtushin.narod.ru/config.txt", + "url.path": "/config.txt" }, { "@timestamp": "2012-04-10T04:19:59.000-02:00", @@ -5924,6 +6211,8 @@ "event.type": [ "denied" ], + "file.extension": "exe", + "file.name": "uLLGRaXP.exe", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -5991,8 +6280,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "uLLGRaXP.exe" + ] }, { "@timestamp": "2012-04-10T04:09:01.000-02:00", @@ -6063,6 +6351,9 @@ "panw.panos.threat.resource": "marketingsoluchion.biz/fkn/config.bin", "panw.panos.type": "THREAT", "panw.panos.url.category": "unknown", + "related.hosts": [ + "marketingsoluchion.biz" + ], "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -6086,7 +6377,10 @@ "pan-os", "forwarded" ], - "url.original": "marketingsoluchion.biz/fkn/config.bin" + "url.domain": "marketingsoluchion.biz", + "url.extension": "bin", + "url.original": "marketingsoluchion.biz/fkn/config.bin", + "url.path": "/fkn/config.bin" }, { "@timestamp": "2012-04-09T08:18:27.000-02:00", @@ -6122,6 +6416,8 @@ "event.type": [ "allowed" ], + "file.extension": "aspx", + "file.name": "default.aspx", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6179,8 +6475,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "default.aspx" + ] }, { "@timestamp": "2012-04-09T08:18:29.000-02:00", @@ -6206,6 +6501,8 @@ "event.type": [ "allowed" ], + "file.extension": "aspx", + "file.name": "sck.aspx", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6273,8 +6570,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "sck.aspx" + ] }, { "@timestamp": "2012-04-09T08:18:32.000-02:00", @@ -6300,6 +6596,8 @@ "event.type": [ "allowed" ], + "file.extension": "dll", + "file.name": "ADSAdClient31.dll", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6367,8 +6665,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "ADSAdClient31.dll" + ] }, { "@timestamp": "2012-04-09T08:18:33.000-02:00", @@ -6404,6 +6701,8 @@ "event.type": [ "allowed" ], + "file.extension": "gif", + "file.name": "c.gif", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6461,8 +6760,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "c.gif" + ] }, { "@timestamp": "2012-04-09T08:18:37.000-02:00", @@ -6488,6 +6786,7 @@ "event.type": [ "allowed" ], + "file.name": "csi", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6552,8 +6851,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "csi" + ] }, { "@timestamp": "2012-04-09T08:50:12.000-02:00", @@ -6586,6 +6884,8 @@ "event.type": [ "allowed" ], + "file.extension": "com", + "file.name": "internal-tuner.pandora.com", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6643,8 +6943,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "internal-tuner.pandora.com" + ] }, { "@timestamp": "2012-04-09T08:58:18.000-02:00", @@ -6670,6 +6969,7 @@ "event.type": [ "denied" ], + "file.name": "js", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6734,8 +7034,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "js" + ] }, { "@timestamp": "2012-04-09T08:22:27.000-02:00", @@ -6761,6 +7060,8 @@ "event.type": [ "denied" ], + "file.extension": "exe", + "file.name": "about.exe", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6828,8 +7129,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "about.exe" + ] }, { "@timestamp": "2012-04-09T07:11:43.000-02:00", @@ -6855,6 +7155,7 @@ "event.type": [ "denied" ], + "file.name": "js", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -6919,8 +7220,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "js" + ] }, { "@timestamp": "2012-04-09T07:14:02.000-02:00", @@ -6946,6 +7246,7 @@ "event.type": [ "denied" ], + "file.name": "js", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7010,8 +7311,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "js" + ] }, { "@timestamp": "2012-04-09T07:14:39.000-02:00", @@ -7037,6 +7337,7 @@ "event.type": [ "denied" ], + "file.name": "js", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7101,8 +7402,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "js" + ] }, { "@timestamp": "2012-04-09T07:16:03.000-02:00", @@ -7128,6 +7428,7 @@ "event.type": [ "denied" ], + "file.name": "js", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7192,8 +7493,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "js" + ] }, { "@timestamp": "2012-04-09T07:18:14.000-02:00", @@ -7226,6 +7526,8 @@ "event.type": [ "allowed" ], + "file.extension": "gif", + "file.name": "__utm.gif", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7283,8 +7585,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "__utm.gif" + ] }, { "@timestamp": "2012-04-09T07:25:04.000-02:00", @@ -7310,6 +7611,7 @@ "event.type": [ "denied" ], + "file.name": "js", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7374,8 +7676,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "js" + ] }, { "@timestamp": "2012-04-09T07:36:04.000-02:00", @@ -7401,6 +7702,8 @@ "event.type": [ "allowed" ], + "file.extension": "png", + "file.name": "nav_logo107.png", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7465,8 +7768,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "nav_logo107.png" + ] }, { "@timestamp": "2012-04-09T08:08:08.000-02:00", @@ -7492,6 +7794,7 @@ "event.type": [ "allowed" ], + "file.name": "Eadweard_Muybridge", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7556,8 +7859,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "Eadweard_Muybridge" + ] }, { "@timestamp": "2012-04-09T08:08:44.000-02:00", @@ -7583,6 +7885,8 @@ "event.type": [ "allowed" ], + "file.extension": "php", + "file.name": "load.php", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7647,8 +7951,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "load.php" + ] }, { "@timestamp": "2012-04-09T08:16:57.000-02:00", @@ -7674,6 +7977,8 @@ "event.type": [ "denied" ], + "file.extension": "css", + "file.name": "8fe44cb728c0f40750c64ee906eb72.css", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7741,8 +8046,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "8fe44cb728c0f40750c64ee906eb72.css" + ] }, { "@timestamp": "2012-04-09T04:06:41.000-02:00", @@ -7768,6 +8072,7 @@ "event.type": [ "denied" ], + "file.name": "js", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7832,8 +8137,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "js" + ] }, { "@timestamp": "2012-04-09T04:12:52.000-02:00", @@ -7859,6 +8163,7 @@ "event.type": [ "denied" ], + "file.name": "js", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -7923,8 +8228,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "js" + ] }, { "@timestamp": "2012-04-09T06:07:49.000-02:00", @@ -7950,6 +8254,8 @@ "event.type": [ "allowed" ], + "file.extension": "xml", + "file.name": "appcast.xml", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -8017,8 +8323,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "appcast.xml" + ] }, { "@timestamp": "2012-04-09T06:48:44.000-02:00", @@ -8044,6 +8349,7 @@ "event.type": [ "denied" ], + "file.name": "js", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -8108,8 +8414,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "js" + ] }, { "@timestamp": "2012-04-09T06:48:59.000-02:00", @@ -8135,6 +8440,7 @@ "event.type": [ "allowed" ], + "file.name": "csi", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -8199,8 +8505,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "csi" + ] }, { "@timestamp": "2012-04-09T06:50:14.000-02:00", @@ -8226,6 +8531,8 @@ "event.type": [ "allowed" ], + "file.extension": "php", + "file.name": "index.php", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -8293,8 +8600,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "index.php" + ] }, { "@timestamp": "2012-04-09T06:51:34.000-02:00", @@ -8320,6 +8626,7 @@ "event.type": [ "denied" ], + "file.name": "js", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -8384,8 +8691,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "js" + ] }, { "@timestamp": "2012-04-09T06:53:41.000-02:00", @@ -8418,6 +8724,8 @@ "event.type": [ "allowed" ], + "file.extension": "gif", + "file.name": "__utm.gif", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -8475,8 +8783,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "__utm.gif" + ] }, { "@timestamp": "2012-04-09T06:54:35.000-02:00", @@ -8502,6 +8809,7 @@ "event.type": [ "denied" ], + "file.name": "js", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -8566,8 +8874,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "js" + ] }, { "@timestamp": "2012-04-09T06:54:55.000-02:00", @@ -8593,6 +8900,7 @@ "event.type": [ "denied" ], + "file.name": "js", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -8657,8 +8965,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "js" + ] }, { "@timestamp": "2012-04-09T03:44:49.000-02:00", @@ -8691,6 +8998,8 @@ "event.type": [ "allowed" ], + "file.extension": "com", + "file.name": "internal-tuner.pandora.com", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -8748,8 +9057,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "internal-tuner.pandora.com" + ] }, { "@timestamp": "2012-04-09T03:45:45.000-02:00", @@ -8775,6 +9083,7 @@ "event.type": [ "denied" ], + "file.name": "js", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -8839,8 +9148,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "js" + ] }, { "@timestamp": "2012-04-09T03:49:17.000-02:00", @@ -8866,6 +9174,7 @@ "event.type": [ "denied" ], + "file.name": "js", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -8930,8 +9239,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "js" + ] }, { "@timestamp": "2012-04-09T03:53:41.000-02:00", @@ -8957,6 +9265,7 @@ "event.type": [ "denied" ], + "file.name": "js", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -9021,8 +9330,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "js" + ] }, { "@timestamp": "2012-04-09T03:55:23.000-02:00", @@ -9048,6 +9356,7 @@ "event.type": [ "denied" ], + "file.name": "js", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -9112,8 +9421,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "js" + ] }, { "@timestamp": "2012-04-09T03:55:52.000-02:00", @@ -9139,6 +9447,8 @@ "event.type": [ "allowed" ], + "file.extension": "js", + "file.name": "ga.js", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -9203,8 +9513,7 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "ga.js" + ] }, { "@timestamp": "2012-04-09T04:03:55.000-02:00", @@ -9230,6 +9539,7 @@ "event.type": [ "denied" ], + "file.name": "js", "fileset.name": "panos", "input.type": "log", "labels.captive_portal": true, @@ -9294,7 +9604,6 @@ "tags": [ "pan-os", "forwarded" - ], - "url.original": "js" + ] } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json index de6c83a2fa14..d03e24e00c7b 100644 --- a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json @@ -75,7 +75,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -99,7 +100,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:36.000-02:00", @@ -177,7 +180,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -201,7 +205,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:36.000-02:00", @@ -279,7 +285,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -303,7 +310,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:36.000-02:00", @@ -381,7 +390,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -405,7 +415,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:36.000-02:00", @@ -483,7 +495,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -507,7 +520,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:36.000-02:00", @@ -585,7 +600,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -609,7 +625,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:36.000-02:00", @@ -687,7 +705,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -711,7 +730,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:36.000-02:00", @@ -789,7 +810,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -813,7 +835,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:36.000-02:00", @@ -891,7 +915,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -915,7 +940,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:36.000-02:00", @@ -993,7 +1020,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -1017,7 +1045,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:36.000-02:00", @@ -1095,7 +1125,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -1119,7 +1150,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:36.000-02:00", @@ -1197,7 +1230,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -1221,7 +1255,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:36.000-02:00", @@ -1299,7 +1335,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -1323,7 +1360,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:36.000-02:00", @@ -1401,7 +1440,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -1425,7 +1465,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:36.000-02:00", @@ -1503,7 +1545,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -1527,7 +1570,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:37.000-02:00", @@ -1605,7 +1650,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -1629,7 +1675,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:37.000-02:00", @@ -1707,7 +1755,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -1731,7 +1780,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:37.000-02:00", @@ -1809,7 +1860,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -1833,7 +1885,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:37.000-02:00", @@ -1911,7 +1965,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -1935,7 +1990,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:38.000-02:00", @@ -2013,7 +2070,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -2037,7 +2095,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:38.000-02:00", @@ -2115,7 +2175,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "b.scorecardresearch.com" ], "related.ip": [ "192.168.15.224", @@ -2139,7 +2200,9 @@ "pan-os", "forwarded" ], - "url.original": "b.scorecardresearch.com/" + "url.domain": "b.scorecardresearch.com", + "url.original": "b.scorecardresearch.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:38.000-02:00", @@ -2217,7 +2280,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -2241,7 +2305,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:46.000-02:00", @@ -2319,7 +2385,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -2343,7 +2410,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:46.000-02:00", @@ -2421,7 +2490,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -2445,7 +2515,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:46.000-02:00", @@ -2523,7 +2595,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -2547,7 +2620,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:46.000-02:00", @@ -2625,7 +2700,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -2649,7 +2725,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:46.000-02:00", @@ -2727,7 +2805,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -2751,7 +2830,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:46.000-02:00", @@ -2829,7 +2910,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -2853,7 +2935,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:46.000-02:00", @@ -2931,7 +3015,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -2955,7 +3040,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:46.000-02:00", @@ -3033,7 +3120,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -3057,7 +3145,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:46.000-02:00", @@ -3135,7 +3225,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -3159,7 +3250,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:46.000-02:00", @@ -3237,7 +3330,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -3261,7 +3355,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:46.000-02:00", @@ -3339,7 +3435,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -3363,7 +3460,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:46.000-02:00", @@ -3441,7 +3540,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -3465,7 +3565,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:46.000-02:00", @@ -3543,7 +3645,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "consent.cmp.oath.com" ], "related.ip": [ "192.168.15.224", @@ -3567,7 +3670,9 @@ "pan-os", "forwarded" ], - "url.original": "consent.cmp.oath.com/" + "url.domain": "consent.cmp.oath.com", + "url.original": "consent.cmp.oath.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:53.000-02:00", @@ -3645,7 +3750,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "cdn.taboola.com" ], "related.ip": [ "192.168.15.224", @@ -3669,7 +3775,9 @@ "pan-os", "forwarded" ], - "url.original": "cdn.taboola.com/" + "url.domain": "cdn.taboola.com", + "url.original": "cdn.taboola.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:54.000-02:00", @@ -3750,7 +3858,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "rules.quantcount.com" ], "related.ip": [ "192.168.15.224", @@ -3774,7 +3883,9 @@ "pan-os", "forwarded" ], - "url.original": "rules.quantcount.com/" + "url.domain": "rules.quantcount.com", + "url.original": "rules.quantcount.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:58.000-02:00", @@ -3855,7 +3966,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "srv-2018-11-30-22.config.parsely.com" ], "related.ip": [ "192.168.15.224", @@ -3879,7 +3991,9 @@ "pan-os", "forwarded" ], - "url.original": "srv-2018-11-30-22.config.parsely.com/" + "url.domain": "srv-2018-11-30-22.config.parsely.com", + "url.original": "srv-2018-11-30-22.config.parsely.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:58.000-02:00", @@ -3960,7 +4074,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "srv-2018-11-30-22.config.parsely.com" ], "related.ip": [ "192.168.15.224", @@ -3984,7 +4099,9 @@ "pan-os", "forwarded" ], - "url.original": "srv-2018-11-30-22.config.parsely.com/" + "url.domain": "srv-2018-11-30-22.config.parsely.com", + "url.original": "srv-2018-11-30-22.config.parsely.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:58.000-02:00", @@ -4065,7 +4182,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "srv-2018-11-30-22.config.parsely.com" ], "related.ip": [ "192.168.15.224", @@ -4089,7 +4207,9 @@ "pan-os", "forwarded" ], - "url.original": "srv-2018-11-30-22.config.parsely.com/" + "url.domain": "srv-2018-11-30-22.config.parsely.com", + "url.original": "srv-2018-11-30-22.config.parsely.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:58.000-02:00", @@ -4170,7 +4290,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "srv-2018-11-30-22.config.parsely.com" ], "related.ip": [ "192.168.15.224", @@ -4194,7 +4315,9 @@ "pan-os", "forwarded" ], - "url.original": "srv-2018-11-30-22.config.parsely.com/" + "url.domain": "srv-2018-11-30-22.config.parsely.com", + "url.original": "srv-2018-11-30-22.config.parsely.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:59.000-02:00", @@ -4275,7 +4398,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "srv-2018-11-30-22.config.parsely.com" ], "related.ip": [ "192.168.15.224", @@ -4299,7 +4423,9 @@ "pan-os", "forwarded" ], - "url.original": "srv-2018-11-30-22.config.parsely.com/" + "url.domain": "srv-2018-11-30-22.config.parsely.com", + "url.original": "srv-2018-11-30-22.config.parsely.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:59.000-02:00", @@ -4380,7 +4506,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "srv-2018-11-30-22.config.parsely.com" ], "related.ip": [ "192.168.15.224", @@ -4404,7 +4531,9 @@ "pan-os", "forwarded" ], - "url.original": "srv-2018-11-30-22.config.parsely.com/" + "url.domain": "srv-2018-11-30-22.config.parsely.com", + "url.original": "srv-2018-11-30-22.config.parsely.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:44:59.000-02:00", @@ -4485,7 +4614,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "srv-2018-11-30-22.config.parsely.com" ], "related.ip": [ "192.168.15.224", @@ -4509,7 +4639,9 @@ "pan-os", "forwarded" ], - "url.original": "srv-2018-11-30-22.config.parsely.com/" + "url.domain": "srv-2018-11-30-22.config.parsely.com", + "url.original": "srv-2018-11-30-22.config.parsely.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:00.000-02:00", @@ -4590,7 +4722,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "srv-2018-11-30-22.config.parsely.com" ], "related.ip": [ "192.168.15.224", @@ -4614,7 +4747,9 @@ "pan-os", "forwarded" ], - "url.original": "srv-2018-11-30-22.config.parsely.com/" + "url.domain": "srv-2018-11-30-22.config.parsely.com", + "url.original": "srv-2018-11-30-22.config.parsely.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:00.000-02:00", @@ -4695,7 +4830,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "srv-2018-11-30-22.config.parsely.com" ], "related.ip": [ "192.168.15.224", @@ -4719,7 +4855,9 @@ "pan-os", "forwarded" ], - "url.original": "srv-2018-11-30-22.config.parsely.com/" + "url.domain": "srv-2018-11-30-22.config.parsely.com", + "url.original": "srv-2018-11-30-22.config.parsely.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:00.000-02:00", @@ -4800,7 +4938,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "srv-2018-11-30-22.config.parsely.com" ], "related.ip": [ "192.168.15.224", @@ -4824,7 +4963,9 @@ "pan-os", "forwarded" ], - "url.original": "srv-2018-11-30-22.config.parsely.com/" + "url.domain": "srv-2018-11-30-22.config.parsely.com", + "url.original": "srv-2018-11-30-22.config.parsely.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:00.000-02:00", @@ -4905,7 +5046,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "srv-2018-11-30-22.config.parsely.com" ], "related.ip": [ "192.168.15.224", @@ -4929,7 +5071,9 @@ "pan-os", "forwarded" ], - "url.original": "srv-2018-11-30-22.config.parsely.com/" + "url.domain": "srv-2018-11-30-22.config.parsely.com", + "url.original": "srv-2018-11-30-22.config.parsely.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:00.000-02:00", @@ -5010,7 +5154,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "srv-2018-11-30-22.config.parsely.com" ], "related.ip": [ "192.168.15.224", @@ -5034,7 +5179,9 @@ "pan-os", "forwarded" ], - "url.original": "srv-2018-11-30-22.config.parsely.com/" + "url.domain": "srv-2018-11-30-22.config.parsely.com", + "url.original": "srv-2018-11-30-22.config.parsely.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:13.000-02:00", @@ -5115,7 +5262,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "www.googleadservices.com" ], "related.ip": [ "192.168.15.224", @@ -5139,7 +5287,9 @@ "pan-os", "forwarded" ], - "url.original": "www.googleadservices.com/" + "url.domain": "www.googleadservices.com", + "url.original": "www.googleadservices.com/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:15.000-02:00", @@ -5217,7 +5367,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "service.maxymiser.net" ], "related.ip": [ "192.168.15.224", @@ -5241,7 +5392,9 @@ "pan-os", "forwarded" ], - "url.original": "service.maxymiser.net/" + "url.domain": "service.maxymiser.net", + "url.original": "service.maxymiser.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:15.000-02:00", @@ -5319,7 +5472,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "service.maxymiser.net" ], "related.ip": [ "192.168.15.224", @@ -5343,7 +5497,9 @@ "pan-os", "forwarded" ], - "url.original": "service.maxymiser.net/" + "url.domain": "service.maxymiser.net", + "url.original": "service.maxymiser.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:15.000-02:00", @@ -5421,7 +5577,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "service.maxymiser.net" ], "related.ip": [ "192.168.15.224", @@ -5445,7 +5602,9 @@ "pan-os", "forwarded" ], - "url.original": "service.maxymiser.net/" + "url.domain": "service.maxymiser.net", + "url.original": "service.maxymiser.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:15.000-02:00", @@ -5523,7 +5682,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "service.maxymiser.net" ], "related.ip": [ "192.168.15.224", @@ -5547,7 +5707,9 @@ "pan-os", "forwarded" ], - "url.original": "service.maxymiser.net/" + "url.domain": "service.maxymiser.net", + "url.original": "service.maxymiser.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:16.000-02:00", @@ -5625,7 +5787,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "service.maxymiser.net" ], "related.ip": [ "192.168.15.224", @@ -5649,7 +5812,9 @@ "pan-os", "forwarded" ], - "url.original": "service.maxymiser.net/" + "url.domain": "service.maxymiser.net", + "url.original": "service.maxymiser.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:16.000-02:00", @@ -5727,7 +5892,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "service.maxymiser.net" ], "related.ip": [ "192.168.15.224", @@ -5751,7 +5917,9 @@ "pan-os", "forwarded" ], - "url.original": "service.maxymiser.net/" + "url.domain": "service.maxymiser.net", + "url.original": "service.maxymiser.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:16.000-02:00", @@ -5829,7 +5997,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "service.maxymiser.net" ], "related.ip": [ "192.168.15.224", @@ -5853,7 +6022,9 @@ "pan-os", "forwarded" ], - "url.original": "service.maxymiser.net/" + "url.domain": "service.maxymiser.net", + "url.original": "service.maxymiser.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:16.000-02:00", @@ -5931,7 +6102,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "service.maxymiser.net" ], "related.ip": [ "192.168.15.224", @@ -5955,7 +6127,9 @@ "pan-os", "forwarded" ], - "url.original": "service.maxymiser.net/" + "url.domain": "service.maxymiser.net", + "url.original": "service.maxymiser.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:16.000-02:00", @@ -6033,7 +6207,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "service.maxymiser.net" ], "related.ip": [ "192.168.15.224", @@ -6057,7 +6232,9 @@ "pan-os", "forwarded" ], - "url.original": "service.maxymiser.net/" + "url.domain": "service.maxymiser.net", + "url.original": "service.maxymiser.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:16.000-02:00", @@ -6135,7 +6312,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "service.maxymiser.net" ], "related.ip": [ "192.168.15.224", @@ -6159,7 +6337,9 @@ "pan-os", "forwarded" ], - "url.original": "service.maxymiser.net/" + "url.domain": "service.maxymiser.net", + "url.original": "service.maxymiser.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:26.000-02:00", @@ -6240,7 +6420,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "segment-data.zqtk.net" ], "related.ip": [ "192.168.15.224", @@ -6264,7 +6445,9 @@ "pan-os", "forwarded" ], - "url.original": "segment-data.zqtk.net/" + "url.domain": "segment-data.zqtk.net", + "url.original": "segment-data.zqtk.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:26.000-02:00", @@ -6345,7 +6528,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "segment-data.zqtk.net" ], "related.ip": [ "192.168.15.224", @@ -6369,7 +6553,9 @@ "pan-os", "forwarded" ], - "url.original": "segment-data.zqtk.net/" + "url.domain": "segment-data.zqtk.net", + "url.original": "segment-data.zqtk.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:26.000-02:00", @@ -6450,7 +6636,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "segment-data.zqtk.net" ], "related.ip": [ "192.168.15.224", @@ -6474,7 +6661,9 @@ "pan-os", "forwarded" ], - "url.original": "segment-data.zqtk.net/" + "url.domain": "segment-data.zqtk.net", + "url.original": "segment-data.zqtk.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:26.000-02:00", @@ -6555,7 +6744,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "segment-data.zqtk.net" ], "related.ip": [ "192.168.15.224", @@ -6579,7 +6769,9 @@ "pan-os", "forwarded" ], - "url.original": "segment-data.zqtk.net/" + "url.domain": "segment-data.zqtk.net", + "url.original": "segment-data.zqtk.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:26.000-02:00", @@ -6660,7 +6852,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "segment-data.zqtk.net" ], "related.ip": [ "192.168.15.224", @@ -6684,7 +6877,9 @@ "pan-os", "forwarded" ], - "url.original": "segment-data.zqtk.net/" + "url.domain": "segment-data.zqtk.net", + "url.original": "segment-data.zqtk.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:27.000-02:00", @@ -6765,7 +6960,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "segment-data.zqtk.net" ], "related.ip": [ "192.168.15.224", @@ -6789,7 +6985,9 @@ "pan-os", "forwarded" ], - "url.original": "segment-data.zqtk.net/" + "url.domain": "segment-data.zqtk.net", + "url.original": "segment-data.zqtk.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:27.000-02:00", @@ -6870,7 +7068,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "segment-data.zqtk.net" ], "related.ip": [ "192.168.15.224", @@ -6894,7 +7093,9 @@ "pan-os", "forwarded" ], - "url.original": "segment-data.zqtk.net/" + "url.domain": "segment-data.zqtk.net", + "url.original": "segment-data.zqtk.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:27.000-02:00", @@ -6975,7 +7176,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "segment-data.zqtk.net" ], "related.ip": [ "192.168.15.224", @@ -6999,7 +7201,9 @@ "pan-os", "forwarded" ], - "url.original": "segment-data.zqtk.net/" + "url.domain": "segment-data.zqtk.net", + "url.original": "segment-data.zqtk.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:27.000-02:00", @@ -7080,7 +7284,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "segment-data.zqtk.net" ], "related.ip": [ "192.168.15.224", @@ -7104,7 +7309,9 @@ "pan-os", "forwarded" ], - "url.original": "segment-data.zqtk.net/" + "url.domain": "segment-data.zqtk.net", + "url.original": "segment-data.zqtk.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:27.000-02:00", @@ -7185,7 +7392,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "segment-data.zqtk.net" ], "related.ip": [ "192.168.15.224", @@ -7209,7 +7417,9 @@ "pan-os", "forwarded" ], - "url.original": "segment-data.zqtk.net/" + "url.domain": "segment-data.zqtk.net", + "url.original": "segment-data.zqtk.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:27.000-02:00", @@ -7290,7 +7500,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "segment-data.zqtk.net" ], "related.ip": [ "192.168.15.224", @@ -7314,7 +7525,9 @@ "pan-os", "forwarded" ], - "url.original": "segment-data.zqtk.net/" + "url.domain": "segment-data.zqtk.net", + "url.original": "segment-data.zqtk.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:27.000-02:00", @@ -7395,7 +7608,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "segment-data.zqtk.net" ], "related.ip": [ "192.168.15.224", @@ -7419,7 +7633,9 @@ "pan-os", "forwarded" ], - "url.original": "segment-data.zqtk.net/" + "url.domain": "segment-data.zqtk.net", + "url.original": "segment-data.zqtk.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:28.000-02:00", @@ -7500,7 +7716,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "segment-data.zqtk.net" ], "related.ip": [ "192.168.15.224", @@ -7524,7 +7741,9 @@ "pan-os", "forwarded" ], - "url.original": "segment-data.zqtk.net/" + "url.domain": "segment-data.zqtk.net", + "url.original": "segment-data.zqtk.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:28.000-02:00", @@ -7605,7 +7824,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "segment-data.zqtk.net" ], "related.ip": [ "192.168.15.224", @@ -7629,7 +7849,9 @@ "pan-os", "forwarded" ], - "url.original": "segment-data.zqtk.net/" + "url.domain": "segment-data.zqtk.net", + "url.original": "segment-data.zqtk.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:28.000-02:00", @@ -7710,7 +7932,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "segment-data.zqtk.net" ], "related.ip": [ "192.168.15.224", @@ -7734,7 +7957,9 @@ "pan-os", "forwarded" ], - "url.original": "segment-data.zqtk.net/" + "url.domain": "segment-data.zqtk.net", + "url.original": "segment-data.zqtk.net/", + "url.path": "/" }, { "@timestamp": "2018-11-30T16:45:29.000-02:00", @@ -7815,7 +8040,8 @@ "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", "related.hosts": [ - "PA-220" + "PA-220", + "segment-data.zqtk.net" ], "related.ip": [ "192.168.15.224", @@ -7839,6 +8065,8 @@ "pan-os", "forwarded" ], - "url.original": "segment-data.zqtk.net/" + "url.domain": "segment-data.zqtk.net", + "url.original": "segment-data.zqtk.net/", + "url.path": "/" } ] \ No newline at end of file From dc05c45445fd09d2ea6eea36761ca6dc8ef7a2cf Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Thu, 19 Nov 2020 17:50:40 +0000 Subject: [PATCH 03/41] [CI] Add resilience when peak loads (#22674) --- Jenkinsfile | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 8236ef55cf0d..6d62d117d8e3 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -211,7 +211,7 @@ def generateStages(Map args = [:]) { } def cloud(Map args = [:]) { - node(args.label) { + withNode(args.label) { startCloudTestEnv(name: args.directory, dirs: args.dirs) } withCloudTestEnv() { @@ -226,7 +226,7 @@ def cloud(Map args = [:]) { def k8sTest(Map args = [:]) { def versions = args.versions versions.each{ v -> - node(args.label) { + withNode(args.label) { stage("${args.context} ${v}"){ withEnv(["K8S_VERSION=${v}", "KIND_VERSION=v0.7.0", "KUBECONFIG=${env.WORKSPACE}/kubecfg"]){ withGithubNotify(context: "${args.context} ${v}") { @@ -271,7 +271,7 @@ def target(Map args = [:]) { def directory = args.get('directory', '') def withModule = args.get('withModule', false) def isMage = args.get('isMage', false) - node(args.label) { + withNode(args.label) { withGithubNotify(context: "${context}") { withBeatsEnv(archive: true, withModule: withModule, directory: directory, id: args.id) { dumpVariables() @@ -285,6 +285,16 @@ def target(Map args = [:]) { } } +/** +* This method wraps the node call with some latency to avoid the known issue with the scalabitity in gobld. +*/ +def withNode(String label, Closure body) { + sleep randomNumber(min: 10, max: 200) + node(label) { + body() + } +} + /** * This method wraps all the environment setup and pre-requirements to run any commands. */ From 3f73ee095b53a4660ccfe7ad78ef945bf1b1f5c8 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Fri, 20 Nov 2020 13:08:38 +0000 Subject: [PATCH 04/41] [docs][cosmetic] Highlight the pretty option in URL and cURL (#22681) --- libbeat/docs/http-endpoint.asciidoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libbeat/docs/http-endpoint.asciidoc b/libbeat/docs/http-endpoint.asciidoc index 153bd106db2b..0f69fd1ba92a 100644 --- a/libbeat/docs/http-endpoint.asciidoc +++ b/libbeat/docs/http-endpoint.asciidoc @@ -33,9 +33,9 @@ current user. `http.named_pipe.security_descriptor`:: (Optional) Windows Security descriptor string defined in the SDDL format. Default to read and write permission for the current user. -This is the list of paths you can access. For pretty JSON output append ?pretty to the URL. +This is the list of paths you can access. For pretty JSON output append `?pretty` to the URL. -You can query a unix socket using the `CURL` command and the `--unix-socket` flag. +You can query a unix socket using the `cURL` command and the `--unix-socket` flag. [source,js] ---- From e6ca02a416701cde6eb2ae98cc5dd8ab26c55f08 Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Fri, 20 Nov 2020 07:09:00 -0700 Subject: [PATCH 05/41] Increase ES cache size (#22676) --- testing/environments/latest.yml | 4 ++++ testing/environments/snapshot.yml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/testing/environments/latest.yml b/testing/environments/latest.yml index 59dde477bedf..92ed7c91d5b1 100644 --- a/testing/environments/latest.yml +++ b/testing/environments/latest.yml @@ -14,6 +14,10 @@ services: - "transport.host=127.0.0.1" - "http.host=0.0.0.0" - "xpack.security.enabled=false" + - "script.context.template.max_compilations_rate=unlimited" + - "script.context.ingest.cache_max_size=2000" + - "script.context.processor_conditional.cache_max_size=2000" + - "script.context.template.cache_max_size=2000" logstash: image: docker.elastic.co/logstash/logstash:7.9.0 diff --git a/testing/environments/snapshot.yml b/testing/environments/snapshot.yml index 9d3555d78546..4f15ba5582fa 100644 --- a/testing/environments/snapshot.yml +++ b/testing/environments/snapshot.yml @@ -15,6 +15,10 @@ services: - "http.host=0.0.0.0" - "xpack.security.enabled=false" - "indices.id_field_data.enabled=true" + - "script.context.template.max_compilations_rate=unlimited" + - "script.context.ingest.cache_max_size=2000" + - "script.context.processor_conditional.cache_max_size=2000" + - "script.context.template.cache_max_size=2000" logstash: image: docker.elastic.co/logstash/logstash@sha256:e01cf165142edf8d67485115b938c94deeda66153e9516aa2ce69ee417c5fc33 From 95641d43d84e01114476deb4e3c7d816947c2d62 Mon Sep 17 00:00:00 2001 From: Victor Martinez Date: Fri, 20 Nov 2020 14:48:57 +0000 Subject: [PATCH 06/41] [CI] log rotation (#22620) --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 6d62d117d8e3..a5815e52900c 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -30,7 +30,7 @@ pipeline { } options { timeout(time: 3, unit: 'HOURS') - buildDiscarder(logRotator(numToKeepStr: '20', artifactNumToKeepStr: '20', daysToKeepStr: '30')) + buildDiscarder(logRotator(numToKeepStr: '60', artifactNumToKeepStr: '20', daysToKeepStr: '30')) timestamps() ansiColor('xterm') disableResume() From be84f1c26f2dfae5b840f87627f75408aff69a91 Mon Sep 17 00:00:00 2001 From: DeDe Morton Date: Fri, 20 Nov 2020 12:11:24 -0800 Subject: [PATCH 07/41] Fix docs about starting and stopping agent (#22641) * Fix docs about starting and stopping agent * Fix inconsistencies --- .../elastic-agent/docs/elastic-agent.asciidoc | 3 + .../docs/start-elastic-agent.asciidoc | 11 +++ .../docs/stop-elastic-agent.asciidoc | 4 +- .../docs/tab-widgets/start-widget.asciidoc | 94 +++++++++++++++++++ .../docs/tab-widgets/start.asciidoc | 57 +++++++++++ .../docs/tab-widgets/stop.asciidoc | 21 ++--- .../docs/tab-widgets/uninstall.asciidoc | 4 +- 7 files changed, 176 insertions(+), 18 deletions(-) create mode 100644 x-pack/elastic-agent/docs/start-elastic-agent.asciidoc create mode 100644 x-pack/elastic-agent/docs/tab-widgets/start-widget.asciidoc create mode 100644 x-pack/elastic-agent/docs/tab-widgets/start.asciidoc diff --git a/x-pack/elastic-agent/docs/elastic-agent.asciidoc b/x-pack/elastic-agent/docs/elastic-agent.asciidoc index 56df8eeca6a8..ae04a782863a 100644 --- a/x-pack/elastic-agent/docs/elastic-agent.asciidoc +++ b/x-pack/elastic-agent/docs/elastic-agent.asciidoc @@ -19,6 +19,7 @@ To learn how to install, configure, and run your {agent}s, see: * <> * <> * <> +* <> * <> * <> * <> @@ -32,6 +33,8 @@ include::upgrade-elastic-agent.asciidoc[leveloffset=+1] include::run-elastic-agent-standalone.asciidoc[leveloffset=+1] +include::start-elastic-agent.asciidoc[leveloffset=+1] + include::stop-elastic-agent.asciidoc[leveloffset=+1] include::unenroll-elastic-agent.asciidoc[leveloffset=+1] diff --git a/x-pack/elastic-agent/docs/start-elastic-agent.asciidoc b/x-pack/elastic-agent/docs/start-elastic-agent.asciidoc new file mode 100644 index 000000000000..0a094c226c4b --- /dev/null +++ b/x-pack/elastic-agent/docs/start-elastic-agent.asciidoc @@ -0,0 +1,11 @@ +[[start-elastic-agent]] +[role="xpack"] += Start {agent} + +If you've stopped the {agent} service and want to restart it, use the commands +that work with your system: + +include::{beats-repo-dir}/x-pack/elastic-agent/docs/tab-widgets/start-widget.asciidoc[] + +// Add Javascript and CSS for tabbed panels +include::tab-widgets/code.asciidoc[] diff --git a/x-pack/elastic-agent/docs/stop-elastic-agent.asciidoc b/x-pack/elastic-agent/docs/stop-elastic-agent.asciidoc index 82078c5eb783..c9a05dd84284 100644 --- a/x-pack/elastic-agent/docs/stop-elastic-agent.asciidoc +++ b/x-pack/elastic-agent/docs/stop-elastic-agent.asciidoc @@ -2,8 +2,8 @@ [role="xpack"] = Stop {agent} -To stop {agent} and its related executables, stop the {agent} process. Use the -commands that work for your system. +To stop {agent} and its related executables, stop the {agent} service. Use the +commands that work with your system: include::{beats-repo-dir}/x-pack/elastic-agent/docs/tab-widgets/stop-widget.asciidoc[] diff --git a/x-pack/elastic-agent/docs/tab-widgets/start-widget.asciidoc b/x-pack/elastic-agent/docs/tab-widgets/start-widget.asciidoc new file mode 100644 index 000000000000..886c0f079f91 --- /dev/null +++ b/x-pack/elastic-agent/docs/tab-widgets/start-widget.asciidoc @@ -0,0 +1,94 @@ +++++ +
+
+ + + + + +
+
+++++ + +include::start.asciidoc[tag=mac] + +++++ +
+ + + + +
+++++ \ No newline at end of file diff --git a/x-pack/elastic-agent/docs/tab-widgets/start.asciidoc b/x-pack/elastic-agent/docs/tab-widgets/start.asciidoc new file mode 100644 index 000000000000..d8394017d6b6 --- /dev/null +++ b/x-pack/elastic-agent/docs/tab-widgets/start.asciidoc @@ -0,0 +1,57 @@ +// tag::deb[] + +The DEB package includes a service unit for Linux systems with systemd. On these +systems, you can manage {agent} by using the usual systemd commands. + +// tag::start-command[] +Use `systemctl` to start the agent: + +[source,shell] +---- +sudo systemctl start elastic-agent +---- + +Otherwise, use: + +[source,shell] +---- +sudo service elastic-agent start +---- +// end::start-command[] + +// end::deb[] + +// tag::rpm[] +The RPM package includes a service unit for Linux systems with systemd. On these +systems, you can manage {agent} by using the usual systemd commands. + +include::start.asciidoc[tag=start-command] + +// end::rpm[] + +// tag::mac[] + +[source,shell] +---- +sudo launchctl load /Library/LaunchDaemons/co.elastic.elastic-agent.plist +---- + +// end::mac[] + +// tag::linux[] + +[source,shell] +---- +sudo service elastic-agent start +---- + +// end::linux[] + +// tag::win[] + +[source,shell] +---- +Start-Service elastic-agent +---- + +// end::win[] diff --git a/x-pack/elastic-agent/docs/tab-widgets/stop.asciidoc b/x-pack/elastic-agent/docs/tab-widgets/stop.asciidoc index 5349985d1212..cc441f9bdcf6 100644 --- a/x-pack/elastic-agent/docs/tab-widgets/stop.asciidoc +++ b/x-pack/elastic-agent/docs/tab-widgets/stop.asciidoc @@ -8,7 +8,7 @@ Use `systemctl` to stop the agent: [source,shell] ---- -systemctl stop elastic-agent +sudo systemctl stop elastic-agent ---- Otherwise, use: @@ -33,35 +33,28 @@ include::stop.asciidoc[tag=stop-command] // end::rpm[] // tag::mac[] -// tag::kill-process[] -Get the process ID (PID) of the `elastic-agent` process: [source,shell] ---- -ps | grep elastic-agent <1> +sudo launchctl unload /Library/LaunchDaemons/co.elastic.elastic-agent.plist ---- -<1> Make sure you list processes as the root user. -Then kill the process, replacing the PID in this example with the PID from -the grep command: +NOTE: {agent} will restart automatically if the system is rebooted. + +// end::mac[] +// tag::linux[] [source,shell] ---- -kill -9 90682 +sudo service elastic-agent stop ---- NOTE: {agent} will restart automatically if the system is rebooted. -// end::kill-process[] -// end::mac[] - -// tag::linux[] -include::stop.asciidoc[tag=kill-process] // end::linux[] // tag::win[] -If you installed {agent} as a service, stop the service. [source,shell] ---- Stop-Service elastic-agent diff --git a/x-pack/elastic-agent/docs/tab-widgets/uninstall.asciidoc b/x-pack/elastic-agent/docs/tab-widgets/uninstall.asciidoc index 588a6218e8c1..4b50b5b41ad8 100644 --- a/x-pack/elastic-agent/docs/tab-widgets/uninstall.asciidoc +++ b/x-pack/elastic-agent/docs/tab-widgets/uninstall.asciidoc @@ -9,7 +9,7 @@ include::uninstall.asciidoc[tag=uninstall-tip] [source,shell] ---- -elastic-agent uninstall +sudo elastic-agent uninstall ---- // end::mac[] @@ -20,7 +20,7 @@ include::uninstall.asciidoc[tag=uninstall-tip] [source,shell] ---- -elastic-agent uninstall +sudo elastic-agent uninstall ---- // end::linux[] From 0d4a830fea46210ee264c52a977834d39493c750 Mon Sep 17 00:00:00 2001 From: DeDe Morton Date: Fri, 20 Nov 2020 20:24:48 -0800 Subject: [PATCH 08/41] Add fixes from testing on deb/rpm (#22667) * Add fixes from testing on deb/rpm * Fix info about config file and reorder topics * Remove release-state override --- .../docs/elastic-agent-configuration.asciidoc | 4 +- .../elastic-agent/docs/elastic-agent.asciidoc | 9 ++- .../docs/install-elastic-agent.asciidoc | 15 ++--- .../run-elastic-agent-standalone.asciidoc | 17 ++++-- .../docs/tab-widgets/install-layout.asciidoc | 26 +++----- .../docs/tab-widgets/install.asciidoc | 59 ++++++++----------- .../docs/tab-widgets/run-standalone.asciidoc | 35 ++++------- .../docs/uninstall-elastic-agent.asciidoc | 15 ++++- 8 files changed, 87 insertions(+), 93 deletions(-) diff --git a/x-pack/elastic-agent/docs/elastic-agent-configuration.asciidoc b/x-pack/elastic-agent/docs/elastic-agent-configuration.asciidoc index 7d2531e65e6c..09f2669cd065 100644 --- a/x-pack/elastic-agent/docs/elastic-agent-configuration.asciidoc +++ b/x-pack/elastic-agent/docs/elastic-agent-configuration.asciidoc @@ -8,7 +8,9 @@ The policy settings for {fleet}-managed agents are specified through the UI. You do not set them explicitly in a configuration file. For standalone agents, you need to configure settings in the `elastic-agent.yml` -file. +file. Prior to installation, edit the file located in the extracted {agent} +package. After installation, edit the file located in the directory +described in <>. TIP: To get started quickly, you can use {fleet} to generate a standalone configuration. For more information, see <>. diff --git a/x-pack/elastic-agent/docs/elastic-agent.asciidoc b/x-pack/elastic-agent/docs/elastic-agent.asciidoc index ae04a782863a..bfe3c2b12a32 100644 --- a/x-pack/elastic-agent/docs/elastic-agent.asciidoc +++ b/x-pack/elastic-agent/docs/elastic-agent.asciidoc @@ -1,5 +1,3 @@ -:release-state: released - [[elastic-agent-installation-configuration]] [role="xpack"] @@ -16,23 +14,24 @@ collect data and send it to the {stack}. Behind the scenes, {agent} runs the To learn how to install, configure, and run your {agent}s, see: * <> +* <> * <> * <> -* <> * <> * <> * <> * <> * <> +* <> include::install-elastic-agent.asciidoc[leveloffset=+1] +include::run-elastic-agent-standalone.asciidoc[leveloffset=+1] + include::uninstall-elastic-agent.asciidoc[leveloffset=+1] include::upgrade-elastic-agent.asciidoc[leveloffset=+1] -include::run-elastic-agent-standalone.asciidoc[leveloffset=+1] - include::start-elastic-agent.asciidoc[leveloffset=+1] include::stop-elastic-agent.asciidoc[leveloffset=+1] diff --git a/x-pack/elastic-agent/docs/install-elastic-agent.asciidoc b/x-pack/elastic-agent/docs/install-elastic-agent.asciidoc index fb9064baf5bc..444bdebd7a1d 100644 --- a/x-pack/elastic-agent/docs/install-elastic-agent.asciidoc +++ b/x-pack/elastic-agent/docs/install-elastic-agent.asciidoc @@ -36,17 +36,18 @@ include::{beats-repo-dir}/x-pack/elastic-agent/docs/tab-widgets/download-widget. // end::install-elastic-agent[] -- -. Install {agent} as a managed service, enroll it in {fleet}, and start the -service: +. From the agent directory, run the appropriate command to install {agent} as +a managed service, enroll it in {fleet}, and start the service. Don't have a +{fleet} enrollment key? Read the +{ingest-guide}/fleet-quick-start.html[Quick start guide] to learn how to get one +from {fleet}. + -- include::{beats-repo-dir}/x-pack/elastic-agent/docs/tab-widgets/install-widget.asciidoc[] - -- - -Don't have a {fleet} enrollment key? Read the -{ingest-guide}/fleet-quick-start.html[Quick start guide] to -learn how to generate one. ++ +This step installs the {agent} files into the directory locations described +in <>. Because {agent} is installed as an auto-starting service, it will restart automatically if the system is rebooted. diff --git a/x-pack/elastic-agent/docs/run-elastic-agent-standalone.asciidoc b/x-pack/elastic-agent/docs/run-elastic-agent-standalone.asciidoc index 99b39788305f..51b5e1c5a937 100644 --- a/x-pack/elastic-agent/docs/run-elastic-agent-standalone.asciidoc +++ b/x-pack/elastic-agent/docs/run-elastic-agent-standalone.asciidoc @@ -16,10 +16,10 @@ To save time, use {fleet} in {kib} to generate your standalone configuration: . Log in to {kib} and go to **Management > Fleet**. -. On the **Agents** tab, click **Add agent** and look at the deployment +. On the **Agents** tab, click **Add agent**, and look at the deployment instructions under **Run standalone**. -. If you haven't already, download the {agent} to your host: +. If you haven't already, download and extract the {agent} to your host: + -- include::{beats-repo-dir}/x-pack/elastic-agent/docs/install-elastic-agent.asciidoc[tag=install-elastic-agent] @@ -28,9 +28,9 @@ See the https://www.elastic.co/downloads/elastic-agent[download page] for other installation options. -- -. Under **Choose an agent policy**, select a policy to use for the agent. The -default policy includes a system integration for collecting logs and metrics -from the host system. +. Back in {fleet}, under **Choose an agent policy**, select a policy to use for +the agent. The default policy includes a system integration for collecting logs +and metrics from the host system. . Under **Configure the agent**, copy or download the policy. Copy this policy to the `elastic-agent.yml` on the host where the {agent} is extracted. @@ -61,12 +61,17 @@ outputs: [...] ---- -. Install {agent} as a managed service and start the service: +. From the agent directory, run the appropriate command to install {agent} as a +managed service and start the service: + -- include::{beats-repo-dir}/x-pack/elastic-agent/docs/tab-widgets/run-standalone-widget.asciidoc[] -- ++ +This step installs the {agent} files, including the `elastic-agent.yml` file +you modified earlier, into the directory locations described in +<>. For additional configuration options, see <>. diff --git a/x-pack/elastic-agent/docs/tab-widgets/install-layout.asciidoc b/x-pack/elastic-agent/docs/tab-widgets/install-layout.asciidoc index 22d48b201b69..63a8d5418a72 100644 --- a/x-pack/elastic-agent/docs/tab-widgets/install-layout.asciidoc +++ b/x-pack/elastic-agent/docs/tab-widgets/install-layout.asciidoc @@ -6,8 +6,6 @@ Main {agent} configuration `/Library/Elastic/Agent/fleet.yml`:: Main {agent} {fleet} configuration -`/Library/Elastic/Agent/elastic-agent.sock`:: -Running {agent} communication socket `/Library/Elastic/Agent/elastic-agent.log`:: Log files for {agent} `/usr/bin/elastic-agent`:: @@ -23,8 +21,6 @@ Shell wrapper installed into PATH Main {agent} configuration `/opt/Elastic/Agent/fleet.yml`:: Main {agent} {fleet} configuration -`/opt/Elastic/Agent/elastic-agent.sock`:: -Running {agent} communication socket `/opt/Elastic/Agent/elastic-agent.log`:: Log files for {agent} `/usr/bin/elastic-agent`:: @@ -40,8 +36,6 @@ Shell wrapper installed into PATH Main {agent} configuration `C:\Program/ Files\Elastic\Agent\fleet.yml`:: Main {agent} {fleet} configuration -`C:\Program/ Files\Elastic\Agent\elastic-agent.sock`:: -Running {agent} communication socket `C:\Program/ Files\Elastic\Agent\elastic-agent.log`:: Log files for {agent} @@ -49,15 +43,13 @@ Log files for {agent} // tag::deb[] -`/opt/Elastic/Agent/*`:: +`/usr/share/elastic-agent/*`:: {agent} program files -`/opt/Elastic/Agent/elastic-agent.yml`:: +`/etc/elastic-agent/elastic-agent.yml`:: Main {agent} configuration -`/opt/Elastic/Agent/fleet.yml`:: +`/etc/elastic-agent/fleet.yml`:: Main {agent} {fleet} configuration -`/opt/Elastic/Agent/elastic-agent.sock`:: -Running {agent} communication socket -`/opt/Elastic/Agent/elastic-agent.log`:: +`/var/lib/elastic-agent/data/elastic-agent-*/logs/*`:: Log files for {agent} `/usr/bin/elastic-agent`:: Shell wrapper installed into PATH @@ -66,15 +58,13 @@ Shell wrapper installed into PATH // tag::rpm[] -`/opt/Elastic/Agent/*`:: +`/usr/share/elastic-agent/*`:: {agent} program files -`/opt/Elastic/Agent/elastic-agent.yml`:: +`/etc/elastic-agent/elastic-agent.yml`:: Main {agent} configuration -`/opt/Elastic/Agent/fleet.yml`:: +`/etc/elastic-agent/fleet.yml`:: Main {agent} {fleet} configuration -`/opt/Elastic/Agent/elastic-agent.sock`:: -Running {agent} communication socket -`/opt/Elastic/Agent/elastic-agent.log`:: +`/var/lib/elastic-agent/data/elastic-agent-*/logs/*`:: Log files for {agent} `/usr/bin/elastic-agent`:: Shell wrapper installed into PATH diff --git a/x-pack/elastic-agent/docs/tab-widgets/install.asciidoc b/x-pack/elastic-agent/docs/tab-widgets/install.asciidoc index 2661b4dacf81..d3d717a149ac 100644 --- a/x-pack/elastic-agent/docs/tab-widgets/install.asciidoc +++ b/x-pack/elastic-agent/docs/tab-widgets/install.asciidoc @@ -1,23 +1,23 @@ // tag::deb[] // tag::install-tip[] -TIP: We recommend that you run this command as the root user because some +TIP: You must run this command as the root user because some integrations require root privileges to collect sensitive data. // end::install-tip[] [source,shell] ---- -elastic-agent enroll KIBANA_URL ENROLLMENT_KEY -systemctl enable elastic-agent <1> -systemctl start elastic-agent +sudo elastic-agent enroll <1> +sudo systemctl enable elastic-agent <2> +sudo systemctl start elastic-agent ---- -<1> The DEB package includes a service unit for Linux systems with systemd. On +<1> `kibana_url` is the {kib} URL where {fleet} is running, and +`enrollment_token` is the enrollment token acquired from {fleet}. +<2> The DEB package includes a service unit for Linux systems with systemd. On these systems, you can manage {agent} by using the usual systemd commands. If you don't have systemd, run `sudo service elastic-agent start`. -include::install.asciidoc[tag=where-description] - // end::deb[] // tag::rpm[] @@ -26,11 +26,13 @@ include::install.asciidoc[tag=install-tip] [source,shell] ---- -elastic-agent enroll KIBANA_URL ENROLLMENT_KEY -systemctl enable elastic-agent <1> -systemctl start elastic-agent +sudo elastic-agent enroll <1> +sudo systemctl enable elastic-agent <2> +sudo systemctl start elastic-agent ---- -<1> The RPM package includes a service unit for Linux systems with systemd. On +<1> `kibana_url` is the {kib} URL where {fleet} is running, and +`enrollment_token` is the enrollment token acquired from {fleet}. +<2> The RPM package includes a service unit for Linux systems with systemd. On these systems, you can manage {agent} by using the usual systemd commands. If you don't have systemd, run `sudo service elastic-agent start`. @@ -42,12 +44,11 @@ include::install.asciidoc[tag=install-tip] [source,shell] ---- -./elastic-agent install -f --kibana-url=KIBANA_URL --enrollment-token=ENROLLMENT_KEY +sudo ./elastic-agent install -f --kibana-url= --enrollment-token= <1> <2> ---- - -include::install.asciidoc[tag=where-description] - -Omit `-f` to run an interactive installation. +<1> `kibana_url` is the {kib} URL where {fleet} is running, and +`enrollment_token` is the enrollment token acquired from {fleet}. +<2> Omit `-f` to run an interactive installation. // end::mac[] @@ -57,13 +58,12 @@ include::install.asciidoc[tag=install-tip] [source,shell] ---- -./elastic-agent install -f --kibana-url=KIBANA_URL --enrollment-token=ENROLLMENT_KEY <1> +sudo ./elastic-agent install -f --kibana-url= --enrollment-token= <1> <2> <3> ---- -<1> This command requires a system and service manager like systemd. - -include::install.asciidoc[tag=where-description] - -Omit `-f` to run an interactive installation. +<1> `kibana_url` is the {kib} URL where {fleet} is running, and +`enrollment_token` is the enrollment token acquired from {fleet}. +<2> This command requires a system and service manager like systemd. +<3> Omit `-f` to run an interactive installation. // end::linux[] @@ -76,17 +76,10 @@ and run: [source,shell] ---- -.\elastic-agent.exe install -f --kibana-url=KIBANA_URL --enrollment-token=ENROLLMENT_KEY +.\elastic-agent.exe install -f --kibana-url= --enrollment-token= <1> <2> ---- - -include::install.asciidoc[tag=where-description] - -Omit `-f` to run an interactive installation. +<1> `kibana_url` is the {kib} URL where {fleet} is running, and +`enrollment_token` is the enrollment token acquired from {fleet}. +<2> Omit `-f` to run an interactive installation. // end::win[] - -// tag::where-description[] -`KIBANA_URL` is the {kib} URL where {fleet} is running, and -`ENROLLMENT_KEY` is the enrollment token acquired from {fleet}. - -// end::where-description[] \ No newline at end of file diff --git a/x-pack/elastic-agent/docs/tab-widgets/run-standalone.asciidoc b/x-pack/elastic-agent/docs/tab-widgets/run-standalone.asciidoc index 45aa38e0d69a..4d11b322fc5e 100644 --- a/x-pack/elastic-agent/docs/tab-widgets/run-standalone.asciidoc +++ b/x-pack/elastic-agent/docs/tab-widgets/run-standalone.asciidoc @@ -1,61 +1,53 @@ // tag::deb[] -// tag::install-tip[] -TIP: We recommend that you run this command as the root user because some -integrations require root privileges to collect sensitive data. - -// end::install-tip[] +include::install.asciidoc[tag=install-tip] [source,shell] ---- -systemctl enable elastic-agent <1> -systemctl start elastic-agent +sudo systemctl enable elastic-agent <1> +sudo systemctl start elastic-agent ---- <1> The DEB package includes a service unit for Linux systems with systemd. On these systems, you can manage {agent} by using the usual systemd commands. If you don't have systemd, run `sudo service elastic-agent start`. -// tag::config-flag[] -Use the `-c` flag to specify the policy file. If no policy file is -specified, {agent} uses the default policy, `elastic-agent.yml`, which is -located in the same directory as {agent}. -// end::config-flag[] - // end::deb[] // tag::rpm[] +include::install.asciidoc[tag=install-tip] + [source,shell] ---- -systemctl enable elastic-agent <1> -systemctl start elastic-agent +sudo systemctl enable elastic-agent <1> +sudo systemctl start elastic-agent ---- <1> The RPM package includes a service unit for Linux systems with systemd. On these systems, you can manage {agent} by using the usual systemd commands. If you don't have systemd, run `sudo service elastic-agent start`. - -include::run-standalone.asciidoc[tag=config-flag] // end::rpm[] // tag::mac[] +include::install.asciidoc[tag=install-tip] + [source,shell] ---- -./elastic-agent install +sudo ./elastic-agent install ---- -include::run-standalone.asciidoc[tag=config-flag] // end::mac[] // tag::linux[] +include::install.asciidoc[tag=install-tip] + [source,shell] ---- -./elastic-agent install +sudo ./elastic-agent install ---- -include::run-standalone.asciidoc[tag=config-flag] // end::linux[] // tag::win[] @@ -70,5 +62,4 @@ and run: .\elastic-agent.exe install ---- -include::run-standalone.asciidoc[tag=config-flag] // end::win[] diff --git a/x-pack/elastic-agent/docs/uninstall-elastic-agent.asciidoc b/x-pack/elastic-agent/docs/uninstall-elastic-agent.asciidoc index 0f8846147097..a0a3081056f4 100644 --- a/x-pack/elastic-agent/docs/uninstall-elastic-agent.asciidoc +++ b/x-pack/elastic-agent/docs/uninstall-elastic-agent.asciidoc @@ -4,8 +4,10 @@ beta[] +== Uninstall on macOS, Linux, and Windows + To uninstall {agent}, run the `uninstall` command from the directory where -{agent} is running. Not sure where the agent is running? See +{agent} is running. Not sure where the agent is running? See <>. -- @@ -19,5 +21,16 @@ stops and uninstalls any managed programs, such as {beats} and If you run into problems, see <>. +== Uninstall on DEB or RPM + +The `uninstall` command is not supported for DEB or RPM installations. To +uninstall {agent} on DEB or RPM: + +. If the agent is managed by {fleet}, <>. +. On your host, <>. +. Manually remove the agent files from your system. + +//TODO: Confirm this procedure. + // Add Javascript and CSS for tabbed panels include::tab-widgets/code.asciidoc[] From d966a9845aa019e5fbddbf3640ea015f37396480 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Juan=20=C3=81lvarez?= Date: Mon, 23 Nov 2020 08:04:54 +0100 Subject: [PATCH 09/41] Enable data streams for apm-server when running under Agent (#22689) --- x-pack/elastic-agent/pkg/agent/program/supported.go | 3 ++- .../spec/{apm-server.yml.disabled => apm-server.yml} | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) rename x-pack/elastic-agent/spec/{apm-server.yml.disabled => apm-server.yml} (85%) diff --git a/x-pack/elastic-agent/pkg/agent/program/supported.go b/x-pack/elastic-agent/pkg/agent/program/supported.go index ddbe0eda4688..9e615b9c271e 100644 --- a/x-pack/elastic-agent/pkg/agent/program/supported.go +++ b/x-pack/elastic-agent/pkg/agent/program/supported.go @@ -17,12 +17,13 @@ var SupportedMap map[string]Spec func init() { // Packed Files + // spec/apm-server.yml // spec/endpoint.yml // spec/filebeat.yml // spec/heartbeat.yml // spec/metricbeat.yml // spec/packetbeat.yml - unpacked := packer.MustUnpack("eJzMWVuTo7p2fs/P2K8nlYBodw6pOg+GDre26TE9jYTekGQDtsDsMdiGVP57SgJzcXfPJZPsysOUbVpIS+vyre9b859/nMot/ddtwcpjVlT/0uT8j3//g+RWhb8ekwAuDtTWS1JskjcQ7hnySuYcniOgHl4yg5M8uBDAa2aqLYa+SnOubDdlSougxLm1Z0/HBI97VNgOgVn4nBa4jMDbo/sUaS9PyTOx9QJpRsrstH1JjolrByktWEn2x8TN9HUMvSZC3mKlhKcI+UoM1+eJbWeqBSmz385inxUIa+wY5xgulNXrsRbPXLnntSRF+PCSLbMV0C/M1C1iWy2z+X6lTN7RfCVCAV+B6xk3+uSOyp+rXDxzn13T0GK4OBCNtWK/TVtSZBkNAayJoJIEOT9h5FP0Hzd75ffhDGRdW2ZbCg6vVN7dun54TgRSHoFqF8OFWH8iT8fn1avBt3a4RwCXxH57NLNl4prGJULBUdgy9TcdY5b161Kas87H5jJZvS4zlodNDPHC7Z8xm1cY6qqI3bpdPlNbb5kl9vOVCF5PL8mxcu3wAUN/h8U9vx6fxXuuI+KXPLqm93FevLrdOttqsLbu7V5WrukNe7sTu1avqkpt4c+A3z1vMPLPDHl7jNbZZJ9Pzp2tr7c5v3x0V3+/vJiF0eBQV0nOa5FTxL48mpmSYJTySNXzGF75zXfUtpT46Zi4+SR3kM8jLWxiFAz+jJBX0Lb30c3ncPHuzu9t8VRih23nb1xuLb1ljscjqDy6TqWb/XPiBJxyHUTwqmJ086vRYnjlkRac6f6YxHBxYSho+799w+jw6DrBgtpvfexwSpyQj3Yq07p9lj7I+YnZYYO0u7WOz4kd7pmtNy+ZUZLCUJmz7mNd8e1XiQFplF85XvZ3za0Tg+EkDw2FFiGXd7rtJ3MuOA/+BuEJQ18hmte+ZAbBYj+0qSPo7zHyWwSsSxzq4m4n18YnDENllVdllFt1FCrzHB3+bl3ijaypKkLLu1oycmKHnPU20yI8jf5dVq7jcQJ1gLszb8/lvxiEi5fMSCPgc6r5uwgZJQIV326G+zYYqmeWhzu5tr/j1Gcx4FkEF+kszvv3Pp/FrPPJ8Hse92Xl2rrKHEO93UnagXBJAT+T5PjMQMoF5hI7rLEWHJ/N4N+6PQP9+XX5N/dpmURwcXBtgVdMic3ksAW8pk6oUE0p3aeHZG0aKck3SWxb7SsIF2IPooWKWLN7vSQeGDCxxdBqIpAUz5vjP/74564V7TK+Jdv4XSsSUAM9HqHNrf3IcozyMGXLsoO1zCBuplpudkncwufMCS+rnJ/I64KT3MqIHR6+QJG+Ppdr7tcWASfIOEn4z8M6gt4Jw42Oc+tEwVu2MpfZ6q37JNCqI8g4gWHNzEVFQMC/oKSitrWPG7VLHdM9uaZbBa/i06tEODEIKyygYrI/czwVv87WnghgRQwXxSq/cpaHpy8w4FERFi5XniPkKTHEaaRtHl1b+CRoV7IdhBmGlvJD6MhkavwpygkBXmM7fLilIHP4RfhbtCV6kaVRkrwUULKjWtBgaFVIE61OpvZ5SElbrxHwzyTHpxj6SgcFotUHuwhiBaMe/jvYeXTt6xlrawktBFqXe1i9g6yGwesMniKgX7ahnhL7umO2viM2b9nTCLOuaSikPSY3m+llWmLvbK0J0C/TEsYo3WNkKDKnCl+heZgStJaxj+FGfg6wJuPsXWiuSygSECXidGerQlT9FCNfmZc7V7CMy8Snxfp/eo/R53mYE83rIVW0RllHfaxwQ4Dy6Np96V5uLejv4zNtuPNz3wIVKiid1d0BAWG32n4Wt3t7YxRw8vX9PWZnXj6F4nlbcYb8HttHbtUUXAUNnEHxzS6Z15up79SUOsYIqcPz6xn31Ep+n/pb5gXmgnL21EfWyfQ81zREvdbM1FtmB5LCUi04xPDh7pwQSBzQgj0V9tn+5ZN9VOwsH10nPNDl3JaO7gbnCFTiHgm29X0MwuZunxMB9Ezz8BAjf0fB9cwEtRU5JZ+t39+/0dst8sV7j67jL8Q7Nz/8TOtiyOcIfNBqfvAeti0lCgesGuqH5mFFNMxlC/06q/GOytiC/lsDPq3yRUpg2Aosxr/Qcu/Or+Vv5AsKIPJS9BsFI293T19GauK+q6meCihbZPA+p++ommjLlkaBfyJaeGDAUiKQjNiBSpXmb1WXd8GRQXeCK9czg0FONEFBvcW4n38mRZDGcMHpWCMHAvxvAw4LugD8ywoZalT4ajSuOzInuKCJjBr3TRXmGH9SoNfjsyrFeZWOv2e5UlEUTN5fcGbjE9HoYANp18CHloptrkypFbb5SFuc9eS7r2Cb15Pf9/mpRNpy2J/B4DKuDesYjb5lgEt5+NtU2h56+ad0Wvb4zbyfSv5QBELe5QLjt5oisVb2i5/C6knP/yWaOHKpIQ49RZvElW+RpNvcLNgRw4fHOe0bz17lv08BV+ay6PGoWEnMYN8iiL9Fr/TkmkzwISGB29ikpZn8Y6CL6Tb+Vn3AF1/tMKVF0Pkm9yssetPsWSdDXes0cDoKQoWhZR3Da/Uj/ndby+yworbsO/XAB57UPILX9o7T3fE/9YztN31rqpcI+t9WsJMkM16aqynJrQJDVfSc6f5SLs3Xir7FSpLTmsjectGxHWYM0gzdjWQkZ3bW55k/imlPlTnygG4c4GuXm11e3NeJv2OAK7GlNxgyvnWWY/+99YNZ7zUaER9U+AuBZxgFZaStz6vsNOD653j6HRn6Axz+tFY/kKN3NTs7d1wzwYViPeMcssanfMX8WH4NMg2ECyr2yd8+lGA3zNm9HpIv2fLi2laNTeMYIX+F0eHoOdWZoUCs0UUdYXhNqSb86vMIefvYlDXUYBiUtKEnYasHOtz2GlGPgov7otcdvebwfKutfFt9y+gHxfUVhgrN+b4XX3sChRBROXO8MgK9SOvmHglshgJoMQpUai5KYis/KpbbWkEyL8S2FPwjEXdXLATqB/xVfVghocNPVa+Nvyfixv1R0DB4J/hsvcBCLDWLk2zGT+oBQ0/FjccEmDCb51FHwmVB0UavMAqaGPp9gRlnqgWzWV6XFB0pmc3SZvMl9YwdOXuosSmJmRAM9Raqw+xIiAThb4w2jwJoCAhkMa/yzZlqvBUgtSp4RcyFIIE30fI8zjQ+Lvhps4rh4oBRcmuKktC8ZMbtjm3XgHgd53J205ModUcd7xyBsKVAH4qHgMUuAnqN82vZiVheUxA2zNJTXAQDaRnEaJ9vvUBoRO4QOMw+c5rr1XuREJzHZ/7Nnt5ONaVPd3PLD4TPJ2JjTzRjgYB1ItYnoq47ezxzAg7v7744k4GwdMR/a/ucOhvZnAbB1Mi6KHuxOeRqN8CYiccMbe5s1YIzAteSapv5nOomyiYxmgnMX7rHEMMMQyzB7C8Wju8IOtJYyex0R/OwwCgdhgwfkPKuKWUP31agxzFtffguAfxrSeNviuLw8yb9PZHseKLGt89P+uZLN7j52yo7le991DdSccbTMfGms+VOwNURVPlcdPXEdrZ2HHgI/GbwykdCqqYxCHcR8proft7a58iAE2AgspNcudns87Ex/4y4nLz3K2L2bub91wpg+budzoL/KhF9J/7/lwXPnGOId+9zCxfeeZoLkqMIzvG+Nwx98lfE02zfMbY9AZvM3iek7mMBNbtLfcv33xJRnXAaiN7PiqgypoftRyrqzbb2MQiVGdFzBKGqOLPviR6tgu6gHxA9sebd2u8SPclSG9Xq2OpPET2pKFdvb/LzB0RvvvZTosc+I3pSwWH0qZL6PcVyB5CfqRXax8rszx0n/MJXi27Sn//99p+H/xeq5v+FepGJ/V//9N8BAAD//5HMGNA=") + unpacked := packer.MustUnpack("eJzMWUl3qz6W3/fH+G+rBxBxuuhzamFIM9khz+QFCe2QZAO2wPwDHqBPf/c+EhiDnbyhXtc7tXKMhYare3/Dzf/8UZVr+h9xmf9btX4/rt//vcn5H//1B8mtGn/dJ6vQ8Jehz2mBOU3KLYGrR9e2TuRVbTHyAEbuIkKeEkOcRtqHvxW03Sewcevg1a1c06sjOEsxCGsMZ8oyDw8R9CoMVzpzPBXLMZ+NVY/YftPXpnqKoP++hLjCMFTc7JS4mWrJz3yy/gHblhKFesscj0dQbe/X85hZeCqxw/Yl2SeuqSQ45w9I8xWahyn5uk/WmrJwzXnt2rgkTsAp10EEzypGz49mNk9cc564js+JHW6ZrTcvmVGSwlCZ87yQv5nzJAbh7CUzlDUy+PUdnBIn5LTdD+O6dawTWQ17qZgdNt3exO9Gi+GZR1pwpMVofXOeLF/v1+3m01XmGCqbl1psh4eXzKgwnBXMTvaeU/fv+Pridf4X92meRHC2c+00pUrN16/Jbg369x2lck3GiW21zOZbCsKU5v7ea3aLP/61S6R1wcp9VtQ3aRTA2Y7aekmKVfIGwi1DXsmc3SIC6u4lMzjJgxMB/MBMtcXQV2nOlfWqTGkRlDi3tuxpn+DrHDW2Q2AWMi3LCLw9uk+R9vKULIitF0gzUman3XXaQUoLVpLtPnEz/TmGXhMhb7ZUwipCvhLD5+Nob0eqBSmz345iniUID9gxjrFIvdf9QTxz5ZznkhThw0s2z5ZAPzFTty4hWSqjdzRfiVDAl+B8xI0+OqPy5zIXz9yFaxpaDGc7orFWzLdqS4osoyGANRFUkiDnFUY+Rf992a/8e1gDWeeW2ZaCwzOVZ7fOH64TgZRHoN7EcCbGV+Rpv1i+Gnxth1sEcEnstz6VjFOEgr3Yyzje9HpnWT8upTlrL2m5fJ1nLA+bGOKZ2z9jNq8x1FVxd8/tfEFtvWWWmM9XIniuXpJ97drhA4b+RqQ5/tqXgSPuL3l0Te/jvHh1u3G21WBtKIHaNb1hbne0r+WrqlJbxDPgN88bjPwjQ94Wo+dsNM8n607GH9Y5P310Vn87P5mF0eBQV0nODyKniH16NDMlwSjlkarnMTzzS+yobSnx0z5x81HuIJ9HWtjEKBji2UPp4lru84zB2d2Z7/cywJuEsLV1gUPl0XVq3eyffwxtI7jZ7pMYzk4MBW3/2ztGu0fXCWbUflt8DGnKuG4XMgY9pCHtZuy3INSu+fqrxIA0ys8cz/uz5lbFYDjKQ0OhRcjlmS7zyZwLjkO8QVhh6CtE89qXzCBYzIdWhwj6W4z8FgHrFIe6OFvl2h3FLPO6jHLrEIXKNEeH361TvJI1VUdoflNLRk7skLN+z7QIqxF11K7jcQJ1gLs1J5De00YaAZ9Tzd9EyCgRqPl6NZy3wVA9sjzcyLEDTVxjFgOeCRqd3PP2PuaTO+tiMnyf3vuYUkb7QLikgB9Jsl8wkHKBucQOD1gL9gsz+M9uzuCGZgReMSU2Bc3wA3VChWpK6T49JM+mkZJ8lcS21b6CcCbmIFqoiDGb11PigQETWwytJgJJsVjt/3ahok3G12Qd31GRgBro8QitLvQjyzHKw5TNyw7WMoMMiqLwOXPC0zLnFXmdcZJbGbHD3Rco0tfnE/VxGVsEnCCjkvA/Uhw4tyoK3rKlOc+Wb90ngdYhgowTGB6YOasJCPgXlNTUtrZxo3apY35LFX1TQVUEsCKGs2KZnznLw+oLDHhUhIXLlRvlJmIStEtJB2GGoaV8FzoymRp/inJCgB+wHT5cUpA5/CTiLWiJnmRplCQvBZRsqBY0GFo10gTVydQ+Dilp6wcE/CPJcRVDX+mgQFB9sIkgVoSq7FJXws6ja5+PWHuW0EKgdbqF1RvIahg8T+ApAvppHeopsc8bZusbYvOWPY0VmaGQdp9c9kxP4xK72+uBAP00LmGM0i1GhiJzquhVJXqWdx/DlfwcYE3es3eiuS6hSECUuKebvSpE1asY+cq03LmC5b2MYlo8/73nuMY8D3OieT2kCmqUddTfFW4IUB5duy/d04WC/np9pg1nXvQUqFAh6azuDAiIfavtZ/d2u98YBVyo8tvnkzVPn0LxlFacsfLv6SO3DhSchQycQPFlXzKvV+PYqSl1jCukDs/PR9xLK/n3ON4yLzAXkrOXPrJOxuu5piHq9cBMvWV2ICUs1YJdDB9u1gmBxAEt2FKxP9s/fTKPip35o+uEOzqf7qWTu8ExArU4R4JtfRuDsLmZpyKAHmke7mLkbyg4H5mQtiKn5LPn+/M3ertGvnjv0XX8mXjnEocfoS6GfI7AB1Tznfemru9aPzQPa6JhLin066TGOyljC/lvDfi0zGcpgWErsBj/BOXerN+5UOQLCSDyUvCNgpG3uZUvV2ni3tXUvYM0bl2ocI4aBX5FtHDHgKVEILliBypVmr/VXd4FewbdEa6cjwwGOdGEBPVm1/n8IymCNIYzTq81siPAfx9wWMgF4J+WyFCjwlej67g9c4ITGtmo67ypwhzjTwr0w/VZneK8Tq/fJ7lSUxSM3p9xZuOKaHTYA2mfgQ8tFdtcGUsrbPOrbHGeR3/7Crb5YfT9Nj+VSJsP8zMYnK5jw0OMrrFlgEt7+MtS2h64/FM5LTl+NeVTqR+KQNi7XGD8WlMk1kq++CGsHnH+T8nEq5Ya7qGXaKN75Wsk5TY3C7bH8OFxKvuuay/zX5eAS3Ne9HhULCVmsPcI4vfolVauyYQeEha4jU1amsnfBrmYruP3+gO9+GqHKS2CLja5X2PBTZNnnQ11rWrQdBSECkPzQwzP9ff032Uss8Oa2pJ3DoMeeFLzCJ7bX++KqSnJrQJDVXDOeH5pl6ZjBW+xkuT0QCS3nHRshxmDNEM3LRmpmZ3n4yQef3c3zd8wwJXY0hsMGV878yv/Xvhgwr1GI+4HFf5M4BlGQRlpz8dlVg24/jmefsOGfgeHP63VD+zoTc3+Azp603UER1AxT/72oQW7YM7mdZd8yeYn17YO2DT2EfKXGO32nlMfGQrEGF3UEYbnlGoirj6PkLeNTVlDDYZBSRtaib16oMNtrxH1KLS4L7hu0hXM1/V7Rj8orq8wVGjOt7356tvLKmeOV0agN2n3LeQWo0Cl5qwktvK9YrmMFSLzRGxLwd8zcTfFQqC+w1/VhyUSPryqe2/8LRN3nR8FDYM3hs/WCyzMUjOrJBk/qTsMPRU3HhNgwmyeR50IlwVFG73GKGhi6PcFZhypFkx6eV1SdKJk0kub9JfUI3Zk7+GATSnMhGE4rKE69I6ESRDxxmj1KICGgEAW8zJfHanGWwFSy4LXxJwJEXgxLYtrT+Pjgh+TVQxnO4ySCylKQfOSGZczth0B8UOcy97NpXW/oY53jEDYUqAPxUPAbBMB/YDzc9mZWH6gIGyYpae4CAbRMpjRPt96g9CI3CFw6H3mNNfre5MQHK/P/OFfCd0+1ZQ+3fQtPzA+n5iNLdGMGQJWRaxPTF239nXNETjcn312JINg6YT/2vY5dVaSnAbD1Mi6KHuzOeRq18CYmMcMrW72qgVHBM4l1VbTPtXFlI3uaGIwf+ocwx1mGGIJZr/ZON4JdKSxktnphuZhgVE6NBk+EOUdKWUP70vQ45j2vPumAPy9ovEXTXH4OUl/yyQ7nqjx9eJJX33pGjd/WWZVeR+jnkjFGk/7xBv3ljsDd4igyqemqxe2k7HXhofAbwbP/CpI1TQG4SZCXhPd9lv7HBlwAgxCdpQrlz37/ErMP2IuR+/9jJm96Xn/XgMsv7fjXvDvMtE35v//2fBMNYZ49za3cOEdx7kgNYrQHPfcMPDkz5inybzXu+0F2Kj3PhJ1HxuoyVkOl3z/JRPVGadB6P2oiSpjult/5KLebGsbg1CZCD1HCKqaM/tW6NE66Bb6jtATY+7GflPoSZXaqFanVn9I6ElHuXx7k5/fEXrTsZ8KPfaZ0JMODqNPndSvOZYbgPzMrdD+rsx+3WuHX8Rq1nX6879e/nn4j3A1/xTuRSb2//7L/wUAAP//S63auA==") SupportedMap = make(map[string]Spec) for f, v := range unpacked { diff --git a/x-pack/elastic-agent/spec/apm-server.yml.disabled b/x-pack/elastic-agent/spec/apm-server.yml similarity index 85% rename from x-pack/elastic-agent/spec/apm-server.yml.disabled rename to x-pack/elastic-agent/spec/apm-server.yml index c84405dfaddc..d86e77fb0ffb 100644 --- a/x-pack/elastic-agent/spec/apm-server.yml.disabled +++ b/x-pack/elastic-agent/spec/apm-server.yml @@ -1,7 +1,7 @@ name: APM-Server cmd: apm-server artifact: apm-server -args: ["-E", "management.enabled=true", "-E", "management.mode=x-pack-fleet"] +args: ["-E", "management.enabled=true", "-E", "management.mode=x-pack-fleet", "-E", "apm-server.data_streams.enabled=true"] rules: - fix_stream: {} - filter_values: From a91df7c2d8cd732a326fdbd16e910f5cf4cc53ef Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Mon, 23 Nov 2020 15:14:10 +0530 Subject: [PATCH 10/41] Add documentation for CloudFoundry application metadata persistent cache (#22669) * Add documentation for CF application metadata persistent cache * Add explanation for metadata persistent cache --- .../docs/add_cloudfoundry_metadata.asciidoc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/x-pack/libbeat/processors/add_cloudfoundry_metadata/docs/add_cloudfoundry_metadata.asciidoc b/x-pack/libbeat/processors/add_cloudfoundry_metadata/docs/add_cloudfoundry_metadata.asciidoc index e5123ae75a0c..d54a567f3f53 100644 --- a/x-pack/libbeat/processors/add_cloudfoundry_metadata/docs/add_cloudfoundry_metadata.asciidoc +++ b/x-pack/libbeat/processors/add_cloudfoundry_metadata/docs/add_cloudfoundry_metadata.asciidoc @@ -25,6 +25,10 @@ metadata in all events from the firehose since version 2.8. In these cases the metadata in the events is used, and `add_cloudfoundry_metadata` processor doesn't modify these fields. +For efficient annotation, application metadata retrieved by the Cloud Foundry +client is stored in a persistent cache on the filesystem under the `path.data` +directory. This is done so the metadata can persist across restarts of {beatname_uc}. +For control over this cache, use the `cache_duration` and `cache_retry_delay` settings. [source,yaml] ------------------------------------------------------------------------------- From 2a84d7e0ae166e6692ce39bb490d0ce765158a76 Mon Sep 17 00:00:00 2001 From: Chris Mark Date: Mon, 23 Nov 2020 15:26:11 +0200 Subject: [PATCH 11/41] Bump up stack version to 7.10 for testing envs (#22684) --- metricbeat/docker-compose.yml | 12 ++++++------ metricbeat/module/kibana/_meta/Dockerfile | 3 +-- metricbeat/module/logstash/docker-compose.yml | 8 ++++---- testing/environments/latest.yml | 6 +++--- x-pack/metricbeat/docker-compose.yml | 4 ++-- 5 files changed, 16 insertions(+), 17 deletions(-) diff --git a/metricbeat/docker-compose.yml b/metricbeat/docker-compose.yml index bb39912eefbd..b8b57664e509 100644 --- a/metricbeat/docker-compose.yml +++ b/metricbeat/docker-compose.yml @@ -15,11 +15,11 @@ services: # Used by base tests elasticsearch: - image: docker.elastic.co/integrations-ci/beats-elasticsearch:${ELASTICSEARCH_VERSION:-7.9.0}-1 + image: docker.elastic.co/integrations-ci/beats-elasticsearch:${ELASTICSEARCH_VERSION:-7.10.0}-1 build: context: ./module/elasticsearch/_meta args: - ELASTICSEARCH_VERSION: ${ELASTICSEARCH_VERSION:-7.9.0} + ELASTICSEARCH_VERSION: ${ELASTICSEARCH_VERSION:-7.10.0} environment: - "ES_JAVA_OPTS=-Xms256m -Xmx256m" - "network.host=" @@ -37,11 +37,11 @@ services: # Used by base tests kibana: - image: docker.elastic.co/integrations-ci/beats-kibana:${KIBANA_VERSION:-7.9.0}-1 + image: docker.elastic.co/integrations-ci/beats-kibana:${KIBANA_VERSION:-7.10.0}-1 build: context: ./module/kibana/_meta args: - KIBANA_VERSION: ${KIBANA_VERSION:-7.9.0} + KIBANA_VERSION: ${KIBANA_VERSION:-7.10.0} depends_on: - elasticsearch ports: @@ -49,11 +49,11 @@ services: # Used by base tests metricbeat: - image: docker.elastic.co/integrations-ci/beats-metricbeat:${BEAT_VERSION:-7.9.0}-1 + image: docker.elastic.co/integrations-ci/beats-metricbeat:${BEAT_VERSION:-7.10.0}-1 build: context: ./module/beat/_meta args: - BEAT_VERSION: ${BEAT_VERSION:-7.9.0} + BEAT_VERSION: ${BEAT_VERSION:-7.10.0} command: '-e' ports: - 5066 diff --git a/metricbeat/module/kibana/_meta/Dockerfile b/metricbeat/module/kibana/_meta/Dockerfile index 850f34e63910..1c34cfd06816 100644 --- a/metricbeat/module/kibana/_meta/Dockerfile +++ b/metricbeat/module/kibana/_meta/Dockerfile @@ -1,4 +1,3 @@ ARG KIBANA_VERSION FROM docker.elastic.co/kibana/kibana:${KIBANA_VERSION} -HEALTHCHECK --interval=1s --retries=300 --start-period=60s CMD python -c 'import urllib, json; response = urllib.urlopen("http://myelastic:changeme@localhost:5601/api/status"); data = json.loads(response.read()); exit(1) if data["status"]["overall"]["state"] != "green" else exit(0);' - +HEALTHCHECK --interval=1s --retries=300 --start-period=60s CMD curl -u myelastic:changeme -f "http://localhost:5601/api/stats?extended=true&legacy=true&exclude_usage=false" | grep '"status":"green"' diff --git a/metricbeat/module/logstash/docker-compose.yml b/metricbeat/module/logstash/docker-compose.yml index a776d6d4b665..26b6608c01cd 100644 --- a/metricbeat/module/logstash/docker-compose.yml +++ b/metricbeat/module/logstash/docker-compose.yml @@ -2,22 +2,22 @@ version: '2.3' services: logstash: - image: docker.elastic.co/integrations-ci/beats-logstash:${LOGSTASH_VERSION:-7.9.0}-1 + image: docker.elastic.co/integrations-ci/beats-logstash:${LOGSTASH_VERSION:-7.10.0}-1 build: context: ./_meta args: - LOGSTASH_VERSION: ${LOGSTASH_VERSION:-7.9.0} + LOGSTASH_VERSION: ${LOGSTASH_VERSION:-7.10.0} ports: - 9600 depends_on: - elasticsearch elasticsearch: - image: docker.elastic.co/integrations-ci/beats-elasticsearch:${ELASTICSEARCH_VERSION:-7.9.0}-1 + image: docker.elastic.co/integrations-ci/beats-elasticsearch:${ELASTICSEARCH_VERSION:-7.10.0}-1 build: context: ../elasticsearch/_meta args: - ELASTICSEARCH_VERSION: ${ELASTICSEARCH_VERSION:-7.9.0} + ELASTICSEARCH_VERSION: ${ELASTICSEARCH_VERSION:-7.10.0} environment: - "network.host=" - "transport.host=127.0.0.1" diff --git a/testing/environments/latest.yml b/testing/environments/latest.yml index 92ed7c91d5b1..d5d944f918b3 100644 --- a/testing/environments/latest.yml +++ b/testing/environments/latest.yml @@ -3,7 +3,7 @@ version: '2.3' services: elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:7.9.0 + image: docker.elastic.co/elasticsearch/elasticsearch:7.10.0 healthcheck: test: ["CMD-SHELL", "curl -s http://localhost:9200/_cat/health?h=status | grep -q green"] retries: 300 @@ -20,7 +20,7 @@ services: - "script.context.template.cache_max_size=2000" logstash: - image: docker.elastic.co/logstash/logstash:7.9.0 + image: docker.elastic.co/logstash/logstash:7.10.0 healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9600/_node/stats"] retries: 300 @@ -30,7 +30,7 @@ services: - ./docker/logstash/pki:/etc/pki:ro kibana: - image: docker.elastic.co/kibana/kibana:7.9.0 + image: docker.elastic.co/kibana/kibana:7.10.0 healthcheck: test: ["CMD", "curl", "-f", "http://localhost:5601"] retries: 300 diff --git a/x-pack/metricbeat/docker-compose.yml b/x-pack/metricbeat/docker-compose.yml index ad95961aadae..f026d2cc7cf2 100644 --- a/x-pack/metricbeat/docker-compose.yml +++ b/x-pack/metricbeat/docker-compose.yml @@ -24,11 +24,11 @@ services: kibana: # Copied configuration from OSS metricbeat because services with depends_on # cannot be extended with extends - image: docker.elastic.co/integrations-ci/beats-kibana:${KIBANA_VERSION:-7.9.0}-1 + image: docker.elastic.co/integrations-ci/beats-kibana:${KIBANA_VERSION:-7.10.0}-1 build: context: ../../metricbeat/module/kibana/_meta args: - KIBANA_VERSION: ${KIBANA_VERSION:-7.9.0} + KIBANA_VERSION: ${KIBANA_VERSION:-7.10.0} depends_on: - elasticsearch ports: From f5df6407be1832eb7f1ab726861dc4cbb9d01023 Mon Sep 17 00:00:00 2001 From: Chris Mark Date: Mon, 23 Nov 2020 16:38:45 +0200 Subject: [PATCH 12/41] Update NATS dashboard (#22646) --- CHANGELOG.next.asciidoc | 1 + .../docs/images/metricbeat_nats_dashboard.png | Bin 102395 -> 793518 bytes .../7/dashboard/Metricbeat-nats-overview.json | 2366 +++++++++-------- 3 files changed, 1240 insertions(+), 1127 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index b77935ef89b8..129ab8bc45ba 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -435,6 +435,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Change Session ID type from int to string {pull}22359[22359] - Fix filesystem types on Windows in filesystem metricset. {pull}22531[22531] - Fix failiures caused by custom beat names with more than 15 characters {pull}22550[22550] +- Update NATS dashboards to leverage connection and route metricsets {pull}22646[22646] *Packetbeat* diff --git a/metricbeat/docs/images/metricbeat_nats_dashboard.png b/metricbeat/docs/images/metricbeat_nats_dashboard.png index 04f71345ef49455b59472bc8d4095633ffa494d1..359cea905fc3077c5fafa473df5fcf0cb260c388 100644 GIT binary patch literal 793518 zcmbq)bzD?k*ES%CfQW*~O*cqOcPQQ6CCyMH4Kt*uNW;L;Aq`T}IfDVx9YYS%-QC~t z+|T>G&#m8I-{<_C8P3^fpR?Cmd&PCF3DZ!M$HyhZMMFcwS5%PELVeJnp<%N=xQ{wA zGt5ekhW1beAT6z-C@oE+;Rdt?IN6|~DTG1wu?@7lo@E+qDcT1=P{4tO(J3SmzKWos z(f#rSBK0baoA%>`;WJ{B=8r-6ro@^ao>;loWh%>~v~|yj#aK z*aS7<`q0KbPJ2bc)D;#zyf(tyW?}Mi9`_|)o9_%})UH;x7@ye>Lyk0365e;b))aL= z>ob|P+jXbvS*nO8$!^lmy;7l`h5S*3P7)F0T9Lge#lAMoXST zr6(xv9U{z@1j9iJHZTuk>y?y(>a<5n9j zRkokos0Igyg+fu2*A_$rQdCT`30cAF0Qi|Jxm)s|2agS`@veWFWId8ph9p$wM!nUR%dJr5T z$Ga3)ni}`jQS3Qp;422q1B=$zW2KLmq^}Dt$}ToAcyy}IS!0~`{#r13jN|qT_`X}2 zhk^q~>@C^8;L!OC1cgw7``pHa22uXd^AA3TBGQR%8kP^Z-~J`%(WbhGHbW5e7C|F4 z^9DF$_k6l_8z%-Q;~n-p$9J6H%SadKCiRcMe3co*qJIZ)P`jB6I2>KL)PV`H;y}jqkFOley^wcxJsliadL$Gwu`s(wz+$Aw$_s< zwN_IlX7u~_dJ+4=<{n09yK&~mmdcgV2BKbsq7jtsWaxOJ!Tc5^U#yhGTEeM{^@cQR zgmfh)W96?@#WI-+s^Z-cA_yu(%toV_MexDp10mjgck2ZeO{xg|)~i>~^uJS!hcB;e ztl$P61j<~efZBDgC24xy12@B`(D!0UDJaA)>N!871^w7F&4FJT+qI&jH9ZdE#XH9} zgd2sjabZefiR?x3++X=hCiE3F6U4lC?@7@hQxo;V1KvVaT zcj1E%J-Whk!uM^oEDB_hFonlhJOt;DSfs~kpq&DF&(3j#-=@p-(`9sWEJ+N9w8%(& z`b$X~UxRn_5oHJ{*NKl%RjM#MWsSY&F^8P~Ct`d2CK6{U^_N#MViK|=geCS6in$KfZBrd_;Cu>gxg_e zd(JAfwog_GlZXVLoDvy-%xDX33m^=$R&irGkGE71)1oSVR})v0e{;+<^TY|5O8jgMm>LZNPp0Ay>RVxZMTMWDz~ezz2$+^?N0?yr_;MFfOEK(}zHgRx3yO;40qN@|BijWeDwln|ec$`? zY{~o7QjSx3`$BrFdl4zrg1eQk4KNKpa*P|Me>n@W>9nkNGaxP%(96m%wt1KT-7U=~ zbU6qL)6LP18w)6D9@lXMZa&=f94{O97kDN>V&%z;MK%#x%sndFypw+(NXfdICH-5Mml)^DQ)F z&dpEwP?&?(K*2`=pdeoqU~g$}vj%%n@}>7n(--)gn7zh%jwkOvc77atBG_PSB2k|> zE%?px`xTCJTutX$XLl#IrkZ9|(Ms4_8x9ddt%b;$oFmL75}kV{xt818YTL@L{e~w@ zh{a25EU&}WYH_8#wu5)Uu5C9gF#d7+7oK^q9O)doN`6IVfPXC}QNb>zvky|63q+j@c(-YpBW zjBe1nqGO|TR34w+O5QS^3=!@UzI5+u1T@MsTtJ)@r&SJ9uy{rD`-ceu2=+O{O}pbR zIvdgDkAA5wECXmR6I{^xrs=S=dOAc7zidUT@=bZ;M5&MF z{*T=strcuToN>?@gN1tQ9xcCOA3z7ssSSCOKPPcQCYw748`ot+dh68;fmLA9nZ+B~ zpW)HaOg6y^x^hTq6I|rY@eV)85f>q5BI@e=Lu9;Z*s}sLU=Ud6XL6p1KZ+lIm&p;U zk~<5OPn}h2>G+nhHaG;<0*eDdOIDwC*Oj_HWlqVAjjN6TYE_id}8dmz+@QeoW zz{^ESMbW9iqnk>v!mj?Rj4UrjFVF4h=~=x^UE}5skAZHH8Z}Kswf6>6`SR5X|5)=V zaC%_I+zX9DgW_zluqLaVI#O%`)Oo3KJy0j9Pi;%V=`2OI!gs_UPS%{Nl`0aWA~Za; zh44E|8fx7Vaqz9#NS?2Rb`*C+#1LdY7aN+Rb6yuu@jbBEj2xdXWXfuq5-2WP^jKQw zZT)Z!`kXNvun>8hl56KbKqb8DU%ub6dj0{AisaGl%Kr5Hqk-rT5oRQ5oaZJEI}~%i zS8l(S=#|#8f#as*bu^dA6TVG+ln+xnr{Pr|>I%4PXP6BcaW*jhZ zWY*V8aa-HkQ@uHH9eYVa)h5|+9ecYsNq?RjGus}s9@CR$AXe6to(|kq-AN0s&)hhF?n`gfic&mV`*?`MF(Yr?xZJ3!%ZthiGOyZ!h0HMf)r1 z*NsK^MS3BjjK6>`?OxWG3-%&Hb+nCn)kf3R8nicPkD6uQL_FHWM~&T}tl^x;?L$zQ*|7JU1rF8aEv9?d=_U&5UA{eyw~#vuu7sY6E& zd(bO#VXeRkJeZjqs=UB?qhRQchW3o{?mxPs7Q-GI8hRE$$H2otRYk-K=*($h4Yai3 z^l^TJ8jXe~<|Bgo>TKg-LF41>{hKvjcA8t7(2 z!_Udb`GQUYmxhK$%+1*8VI!{Opi|Mw*SGmngoyOkT@jRyeeLUT8-g(c9_L!6H8?neLl_xE$! z_yGR*PA=~MUKVPBTz6-$Avd2 zeNX^o)OApw7y*>Z?6ZIXN#E$M4tN3o73BO8>s7;HS)w zA8&ue$QcONTQRbIY~Jupd|dXAQ3+g+#T#C=FfN<(M?d~kE($OV9O{^GeGEvU)?-Dv z;#0YW&L_VK@MDEk5QEP0UkiBqu=}NO%u+r=sfD%NK6*B|9s+dW%LCO#IntD-k*97 ze##d6V*fb;N8uLafKB>HePO7TP#C?7MV1Gm9Rm3MmRde@hM!v5D zJFy?R^2$YnbN>|NJHj_|I^{0$KFY7=t0;e;3-vI;_IILmg9a^?Qh4m`aX0#%S3PZ6 zmP@IAp>jekMz;N8Q;&=J{9xs%KTB2EDj4rH0{LJD`|d^O$C(_16+pdr{dMMnALm}< z*Hw%xyi9d0IP<|Zji;Yvk$!H=Qa@C>+yuS=NLbpy-x9zHJ9~>Ac_|LqIprp@Glfah z$4u3hk^t^6i%~Q%Twmw7>R$Ul_8e^ZEWtc+Z&{46A#dx_X0}4q`ugYG*7Ue2r!Vk{ z?=QG0Y?oy<`zxdG4hcNOcSq7vlSTAdySMg$f4BEY-mS~$103JmeadlnuIB4U;DLWh-3$JPeV_U-zt?$* z1P=qu_bbIoDb zln+-O-B&~lJ7RXzaZWR|W#bp&3(e)LW?q++bxy@OT3b8cZ5bChbY_;SM-Oj9ciFG5 zU+rS<+`D_-L@%G~{5nOSBM|dODegZSq(Z-2vqrEZjG#RKM!ghAArmBXn_7}5PThAK z08I%{xcAz7mep04ljptf%RlxmCW(+A11P2q2OeKSKDv7QaD7Di!$VRA{|gU7*Nezf zlWN%=RxO2t75Fz!n|2&OYV>`qInLfcZ8w22mSR8gh-n3al%f##QsOjgVh~*F^de>o z@=@+?k`*HR)1GNwVnOJsY!J7NZ{~B@@h;mvuc^iNg$QHCy5y&n_N%_&SFKju(?iV3 z=AVs?dlTwJN74T7!-E`y^Bzh~VCRP^(5CSA+=O&2T`q6t{o)W*YIkF7!B1!#)d-ut ze6o*a4B`I6{pZO9FGbeNqzf~Tta36VA%wt((K!DX7sh}ZCVy^xE01HTB2{I~JpMF~ zO~1TzX?-rjR;bp&$aokFn~{(@?GL%23u1IV2^w4+X2|W;BOFeeGi3CFBpE$MO;-Ii&_%ihF-NHchM-rk1i;H=M4Lf#w==i-n{ThT#8N#|W+8T8U_!ekX{1lsZ9@0*z@Gl3s?C9dSWN6=U~?TXTrtF{zq5jXNT$GTr?P z{xlg<%qtwJiBQ4Uzl`1Xep!$n2P`3@jq2BFrtq{X1kI`=ehNoZ1r27#@ZIauCqO;i z0%ran+vEX5Gb+)rZpEbd^At^N0p?YhJfk&?ntW3An!33(+Dbv{0+DcjYR>vVxH9>7 z9n<7LXd@0XXgR|+taXS|WFNNTG&$27l6rR%pi{e%8>c4S4nhbBDFrYg+&qLBhuRq)@#l zTRL?4I&N11+2XrpiQGT(wXkhc4Ean*LBSpz%t;u#@WlM%ML>r*j0v^w{Dx%3oP}DUWg}r2 z8PGM=d3ryz^wy@@X?njoU4)ocaJh#~)}>W9bg8@+#hgEu!fUtOmyL?_{fC`#;%QH3uP-T zHLmW)O~4Y4c}WGFP#7=W$29c#HW#=ZS#t#fS%GH)=U_Z`UQ4(yXU%sRiI@WbYNsH9 zhRky2)wloHFAPaR6=?7L*=L(ixp8E;8ObM?7swp7wCwFaJ|vytG8*bc|474z&N4WC z7`ICmyFg+t}eqh0!LGO#duKrv=#HiuGKDYMdZQ=nKcH`>(%z6I`zX9n@;zoNSR z`cir+H%7jrp-aEnD=x`wi(>Jh2rrS#oK`i}mn{B#Ws_@ZKD0-c1M+$|12Kh=!+Z9e z25)5m!fse~X0+vQ2D?!2yf`M$^H|3&-@Fg>%M|1N&7WL7Q()VFMsC~QU3+kxKzcH* zu(&l@-K|V{>pgpf%eOwAa-cmy<{rKKXlGfq9CVvIVBN7Rx;$T%pRbtPK}X7Plon>L z4$VS1y-4#14{jE71~ajg)oAAIz(U)6aE1->>5hG25o`V%UTeH>l2HkhNljs;L`Cb8 z7k~HfaW=LH1HPcCsJYuA!SeT>R2#-*n4ND>my9DDD_PGYCCS|? z{chZtxI8zI!)*J%U+30nF|lij^0+%T!~&e8~B*8kUUhQIwF59$+PHiUA0iR#RLi?9Y8YIc^p zG_lECplg4Tx$o)~7BI1#OJbA5O1&ZM-kI@upFl-^Brp1U#!K-sAyv7{$IES9+7R)y zU72Tsmomn0Jz9CNh`bMfM4clutGJpi!&ImJ?m<${R z5VhWOeL1yE+@xiT646exmFG=KpmhcL$b_0ycN~4%!?m$7J8r>_)q==@C|;s} zt^f_48bfnYvvO=~zYzt@fmhW`m}z7UOw~4Hxqxb`7p`j4ID%f^l!&S0xLW@L zwn7C#$IyYFfjj;cL@0^-9+Gr=LYOI}+WHTa*+9~=zhW#nmOzqQQ}#BSx7Q^}0qsiXdp}~9lgtH`B34xM{hM#Qoa>2Cc7Qi; z-}5+Ms2DbRq*(VRYqCmS6xBEl=_n;0)s&a^m~SFS5~z86K1Kd@9y}RvifHPdP?zLA z%&I<_o^L#{1tH333*?#oN1Db)hKz{o#Qk*r_EBM8ZqvlJFO@!mgez_?;C7Y)s9S3A zGF8xVqm13-*H`p&(6F`P!4IC1&%pWb^-5)_{CPdf88B#C4Nu?4xLj0JB(1s&rY(A9 zWW#}9Y20UsB*@uL=K`}*qI+hZE@1sryflVbIrnL{LP%fiaZJ`a#*CqLhMtrvSZx=a z!{&2K?S9PK!kJiVfe0g963(Z^>DL9GX^(Pj%yx#mGHrgkU_8F)@S*f59mr1&S_1lg zOG&U~rU7VmAz|RM)zg(67>9cD-g{qLPU90=(kt7*#>JEAzJOy{Fb$ccMb2?=i_Xce zBn@g)^6v+CY>XWz3I|*@_?->evz>hTE_NtsP*9^&Md+NlJBS3GJQ7$=zZ}J7CF^PM z+0PLhYlwqB9vKsJS5M*5Rm&3Q7!aF%b%Q8?TK6QXrn|leGWoLzSJ}mH@QYstC@(&f zeBV_%>Ap16=&seQ$FV+LSZJv34O(c!8G1)&TK)qS&JsM`p@gNHLSla8iTuKTrxHxN;2rOEvd4I5rpZdLAtF0@A|me?67#TSyLs3P@qYAA%= zMv*Oz`k>=2T6Kv@jT%?ds7>~&1rC(|gEa5Lm8pvNzSt9JrtsJtl>hiW$C)C$^X{BlV9arbx9~!z&%1ny(YeA3WRigm8by4y9bzEM!YLCVr%xgWqhdzobaB} zH25rW@#SgbwO;j3(ws_s?WRCCzTi@9$EI!)fS05*`-eOO14A{RgND2kv;|S&W@K<$ z`+A?}{CdDtk9`I5v|*X4*zEjCWBu8zt?@;UYoYLAQs>XUY3tiyX-L=SOIPFhx5HP( z9c3Vd_wmnxgcVa_D?KUZr)x6VUn(1=#?wygBNSkMLLF_Rhf`529o(T+sIUovB zdXr%qH#e(6!W}EBR3zJmYiy3^@YYl1Zy4wKa%16cK<=1Y|Nc7Y^k!K{ojbxTMZ`UG z3t2s2l6B!((i6iLkoY4s#^@B;caSqSo#_6Ci3aMwhwjeddA=ha*fsbh6WL15sc+Ps z$inhN-rqs5>`1|IlT24|EZ36-RJP`y#5Ta-zQM^_7iM0}uQb1XKTnCf8a zrpmR1Ld?UU$`El_PFJtE$h_eT?ryq67);?>0?v~zJBqNv2&AbD6^r@L%fOCiSEk=_ zzCCFg2Qk)SRH+oY_U}@OD7Na|&x(Wh8E+P6*29-2lQDDlK0avNbWsoLYMfD%O67J> z6ho!Qt8~0&&@@v(8AVvNTHOOB;->b~JvCUf10CSEs0d-+)1M-4%BR?A zD91K60d)zua1BFcnJL9BODasmN~+>>YgS%@&KuS&+D!>CN8UQ|^vwyZ^wpgEmnYX8 zx}V36c1Ac07iocyViP&i(z=aNnJ%5_7E`hDiqP= z2|ZdL=?V%C=>uQNTG5NvIfswwEpn0tx)LG2)R$PH{L-r9TZ2k4^`PP=++P8naRqJM zS!UBY@O1{mhNNpMldtNp5NJ_`lOSJrjX>Y2@Iw17+wZI96V)&)SmKldo}z*o;XjQl zn2#}5Z-IlX+IN2p&a}Va!Zy^d)>6q;$CTwXd(-S|ya2a^h$8S0;-O!;0o^Li3VHj= zdIukw@*~f;9M3&R^r}_j{rCVsg^$*zG!N!HayQ*T6u{O~*P87$0pofnc7lZGE@V2S zr{{utF>1!?%{(KiA4gY@ldMOXiBw)iRR=LW_go*UFl3#EDmK*m)5Y0B zLIZxOeswE%FND6y*8{nnfKodbRGfwmn&w{mH>XU5yI&XKDA)~T^5SS1{X}@}G;Tif zgqYN;J-Kcg!Jg- zQlcVvXRW}`cllUf)c3TQ2xUGf=bt8Qu6NUdOz>aEQcbT0t%LkO3ESEY$Q_b!Kqn93 zg3Cv#{;y~6X@-JoOTtfbo{n6{@BS1k!2a@(bhu~L+@HCmY^kg$gcDr7>xh)eFY57) z`A1=bVopr%GAcz~R5H!^?_|0PlfhZ`>a-w0oqb(MrstTinR+9kG3W| zbYzC1S$;XeVlKLWfi}0jRoQ-u02jF&RlTQ9PHNpCbt0u4R~!5GG}7QF!_WLt>7o&L zQI9g$T}i7#@Jf1)(xsM6TuTs8m%_V>KYXw*P@rqW(QGk0z_e$LYvRApjIK!ZfzMST zRMA|O59)*jfr|j*=i|nBU1zRV4D3$OqixAS2jZ14Eq1yZtmfsVE#r&$DLl)frm6x! z6FXL=S<|C{L$esi!Jq)W!L7)njoATXO}mRx7Ok4K+4A1L4?e%)#R_`CMd%M!zxkby zS)X@bgr(|?7Q5@mTR*K8%(d8!f=KIaW=h{bJ#_i0rsptTS~-RXwA%FpFRUJm_FALR zSQP@85h*PV&DUNOe4Y`MCkoC!Jk;6<#%>X(+iaQSEmR64JWb0ZZ~peke+ThXs>y59 zV&UHT!R&L#05gls%{fYeSNgm#a>=1RS5lW_8Zq#R2`{jBEv7Ux%;6(yLSBAf7WwF{ zI5Jh=Ts!ZQ?1Z<&<^I^!nI}cnKJzmQuJ2LyYqU3;4NNhMGTWW(xr~H+pYH0Z_epk- zl!>7fqf`I+`655Ho@$I8sG%DT8FusoOLbSRWQ|LqvBXEcRy-aL_d%F=Vs ztFs@PkZA{;v*S#dELeJ2NO>YWzkoKOVSx-ZHxa^%UTg*v8Lsl>Ex|&z+Dz4?94sDW zsZ=7GV3wwb(FNF_2PAK`?oc~(znc{6dQjqL-DY?g_T&l58tWJM%2eG_PNI*-NQfBR zS5yj4*W}ds1*b>;(w(j=Q{__dq8G~Yub*3h<`mNxrp^u%}e$jXt%Ujves;F$9h>|ub~1785~*PgIcu8qH{S6B{T zwrL#e=>rCC@oYL&by#_RZsbG+?mZX@fiU^j0B3tQ_(e+m1YE1uE9GMrGX%k@Q~-(d zBjsv;RTqbuFXdzILs>k)c>-HA`b~d8$!b2ZaNw9J_Go86XMJ6`dJNBPG%uA!+pec7 zD?ngV!l3Eh`n>ID=+VJyzqqYgPXWH{>h$J%?}3f7Axw%m5m3F7MiuXYj2Nh|1g*n$ znPJjSC<7?6xK1UccCYt5CjTrlwml26q_U$@1 z0v##hU_HQ@0S8-`T?Puk2~9zKmZcv7L;d?vPRp_xIi(HB;L8(N6hGJtDbQz|<}1f! z5PuLwJIN$+Epu&Da7t$?Fxf;9Xi{m!th$hN@|tgHmOynlg~<>fTvETDv5_%Poz})9 z-r-^@qJV1R8wMXPR%XgM)CiV{@PGabD5_XuxY!}P>K%|@KM6m1GgfWPEc|BgOXS&` zbYcWv;)UmD<#p^G-kv}Bov-HT=KDo?MWfw(nXsH_QEw2258g^2WJHfAN$=tCOEwu#pK@5rcw0WV zm6$jK00Z*KrC0T(*>9;GME9#c+IL^6RHwXisnmDY1fClb>(zp}&=S3#ufafL74TM?_Ug04H{i4mSaL!#1mb7(&}PBZ|*PN#aEEiW7~J8rj*E@ z9e-fIOvaR$Gvdlf1E6PEAI|5E`eyG-IaTXO?+-do=t-(j7+OHNQReL@_Fu+E4&tNI zQe-IXD*F0m^0}A-m}2xkKPTZd*_(2Rc{x=S`N$Dbp46o+b~;#Kj!1dOB1+3v-teJ( zS4C?0R1@2oU5?zoE9;i2dhKAjr^+3{dA=AUxjZ20-Svw$Q_jRAdumgo;)aMRdP%JC zRNmiuLA%L>yk!Vk<*_FDI(A_yarj3hF~;bk1U7n1E>b!$9${i*rwF~D9gGlH z`-qum+I$P~mX8(?EzzzHAN_2`GLBak_S}nrC$%(BQCUO?{FQWgZo_$UgSKl2T`}J8 zzyLpyqL%EzItoZ*G4EEw9JYS83gU)3BJ+Yh*2f1*3&n@T47x|wHh_UUiDi1Pq8|ZI zz^c!<&J`2cjV+L^GmRNf;k7~Q-1f-t`Ai=)i+*vq-NH^g^MH2U>K2YFjo$Z<`J%=* z(ux%Mr?dxd?uABPfAqdcz3&}OA?*SsXkaxTPn&j;3$`iOmikvi44*rwO6WO^>I5SA_6rTT)p;N& zma8tbu0=G^Wof6Y_LOm(SP5G^sao%J$kc3|soJ)W`!Jnr7awfwkrf(45vN}^o<_oP z;6b^~o;w1fNUL{(>Nmk{p8;euaEZmBMeu8v)RwbhHd}b+=E?RnjLEhjhJ+u{t^Dve z;;f79u{PRw3089)nHwe=SyfcGTbY$0`U7)fOH`F46tA`QQ)0{dlf&5OWMuHM58ruy zKnSy^Rt~>%QCSY`f}k*vZV*v3?dfNhV|0F>5=^-)yBf zgR9@}3I+G^!w%Oz98F5pVKS(?4Ox>=ro(7%t6ma)zaJq{zq!`|G;YC!JbIho~@7|hhMi|QwRUa96PS`U-JhzT=>d~J8 zvrCA)B0KdlhTR9ePe>gr>ox1Pqz|^2Dz@r>XNZSmrHsPr?Q^NP;8O^bNysTll7Kpx z3|Px`+~~f#d=?hZRLs;owmBH1$0f(R%FYuZDv40qVRuVQF{`m|M8Oe*D&Br4r18J3 zm}#QORus{O-e;KY*mR3&y zF#F9sGq3oUffAni2o~4O#qYa;9-dLrl%n&hQX9j?WixsWpNIn|nRg$a@*#5(@)hxB zw`SMk_(YA0QsL_&8z+2mD&#o*zS57@Pk;8Tv>df(QjZxW$;zZBqDX?ZJi#yptElO^ zTTbfe6#ErXqA-ww&5ttAoyO*m2^`v55*fdW!H3;=+p=K0;cqA@eN6iH?o`03A%K#&=dLq|h#^WWiz-Diz*67#Az}_z55*r(;8>1ApU;8TO!2lj*FyHY-zHT@G5*% zq>UtJl5JnskmCA9xAO3EK8ebJRO%w^_QF2JRv`VTHI zpz4&nE+VP9^BzG$?2w*Vhf5nH%8htZN_=;hw3p`41gG?;azxm-grolko^Rv)i(Q$# z36Z};J$q%x&Ah5?`W9fncB9DH0(WMtklvdI>FGkgN^&uWeB(o30#u7lhDO%beb~5d zw?XRZHc}Pk2ir%DNUB&%Wd+xhJtFPKf~XB;1OhwNs$sQURE7wW^9T!XhJD12YwyG< zufyn9;#I-KfTKV%m3z%8gKCv)TF~fj-@KmFT9G}0=nv$Ev!yKP26zPSaH?OrZZCaT zR@fp=GYLaq|K6q~mD*|#NMH52=q1%h*q1=R9-_Ft6%z<6I^b(;oZH@@MfJehQP9#> zyMmx4GvWHt7g`vq6Y6N(|H~jlF4q0~N@17b-A(vuDoz_^=;AfWq+7@7VaolNIsR$3 zkZ)6o?t^EECslbNLQ9w zy!xVJB(V*c)hGDX_wsrq62T%m~1R{BJrj3Fc zpHJawoFc&OY^apz-BzOiZtJeu9iE2b6yDW1-=-^KbSLe~88(Zs8!5MIf~AHNeQF6I z?mlJ4`o5?tyx$NBup>}znp^2hOa0X0tzFo2I(PfJ`?^AvZGEnyKGN@2`i|=X;MiU@ zaOXhXE(mfFxC;kSa#Es+=&iw*G4?dGtDcfU&J0`n4^AXOI*K9W2{+U zUDy#T>;6MBCkzH7HLz6EV)V30ilgsu9w~T<_>Og?pQ`EF*sqtT2F#U1M=Q()hhI)9 z%IcO#u-Z_w($nf4{9I_4OwKx$e^d*?XMI|H6-iocbCkT#WBo?5Bq=K=F3~V1%l1L- z%>!x*3Wkdg|K@MF;PiAHg;W!r>JzKP4%-p?&d^-B?(5Sz<^iuY1{7_;gCoC*D2LP| z0}w|NdCa_@0;!2Y{yIS_ke*Irx(Cq9Ka6K4lgM1cQ6LYTWl*ob$P)fAoKO8_;UT5! zBExRXMQ86wQUhUZO^2Q8;Q8S|2G7cfYfhM+h~Eo`cVcF(nSe@Na_Py|+n|&RE)?kl z?TUvV!3pq;S)wu>T#&8E+%z%g_BS>9jLqLjqbmH)+kHyh1~?8H$I^}yfQ3rY6q7b< z(;;PvlgLyOkRlXFh`df`dTh*oQdgN16{Q+6F zw`;GNY54sXSk8Tq$reAs#Ae_8z^`(ebn`9nG}cxle+`(u061Q24`*B1@m7FpKO<$B zc|%D487hML{u>=28Jz@c7DSTf2h46jgx%%XT&=1F!=8grN_oDVmJnL-%MHVl3WFc3 zB7JrOIhJ&M-bLOVDQjoZN`E*y*!g8v4ia#iMjy!t83E%k*Rf!A=xPwvZOKNJXr6K5{qLadrM z@)Df=Sr-OroRjw#L-sb`B6GAZg26UhXNqp)4x{zG_fC~zQ@V^ZO}F49-<|{(x687F z?}xWzAw0Z)mh|~jqdq!XW0#c#1AljO#EYS73~MS@{cpyNHk&K>5Dw!ydldQn<_D6T zcJ~o^cKpx>bqO*?&&}~@ZwyEsMJd$lL(4KCpK0Tf1i7G5&G)Xzlxl`L)C$F&Iee}! z@R6#e1~(y3S#<_4k;1M=Yuo^26|@*_IUT6(_;xU%%RD8~YZaAzZf9L{#VN8KZ_PCJ zJgo&syPa6(mEloK_)X|^SJoHeD71$YLr*`%JZ)yQ0;lNBRI;tuV?gxm-K<#ONRnrnM)7ps+1ekfQ*RGW}h;bSK?iJ$UW>w3bP$#pv9;CZUl)e&Jf3% zPzq;18FJcUy|Qq7dRmb+-e!qr5-u~9m4OVv3T&vP!cXAF9aUqz&|Jjzbz4o;vguA) zPQ4l~&nR^Jj!hlF4tx|a-Fs{E!=cNiUCF4{#g2@Uo3{ckl(oF5B;{6ar|x)Z$Ce=G!jeUOS^Nn_5pk3xVIV8dk~VHAFtEA&LbV;3MoU6T~BL&h8Z()mGJ< z&sCcluU0xXe#uHS!k>HkMc?ALZpPRTm=ICq!Qlm^T=U;8NtIm1)u$xjO!0B5pe7HO z&23HlsowL0>tW)P1%*YsR7n6MU?%AoYJ*VlcwHfo{(yx}D4TvSxS2UeIf=9DOPrPU zEKxPsYGdk@I!dIWZ*Ysq<1>AH>dCR@*@eN zq#6xN6mW4*%B6p(k6$SoGmlOtDyEXoSP0~n_DL|rs z>+(m8MBEd4dBu?XF+H(@*vY=A(8%l?1e+HFIkg zu4m-CGwG#OSXW4#Fj>8tIv!WMH6zT+;6R`tVt!iDksWg4z-M>j!Am(3QHK;=>#Mi! zg5(z*KoUpV=*0!M&lT9{Cx46rc&$;Dc9s3m=?QzWUB>Mv^lOzE1ta0YiZQ(58Q(({ z9?d&KF2&9$ITPZ6C5oLx@tZsn^Q)Y#Jarh%F5|p zjluPMdCU5kAI*X~a+WZ>!YpEo$EBmvxknX^j@D?&lPTXG_+x7GOU6T;To6Co&<2sa z$Q{OXfiD)un-zU+;4og~vf@baEw}W(LJbK8<LG4^c?1m_t)G)3`TxjbDrt(W6udxU&DG|=b>7g z%k!TB6^mWk@Y-mrbe59c+cW0~;mqB#%=Ee2U(&zxsOJ*Ps zIA-vPBwH!Q%OPJoa^tF|RMi@`W~^WKVBGe#AD`K6hYL(r*;ZPj$u4zuIHt+aaO8Hq z$_hNraGE_y6YP=&$D=s^;u#MsGY(6LEIgA(dc1tvzT2KhbC-$>1m{~Mz-E?ZvuG6DfM=h%1W&UoQ_-aLNXebOt`c#ATfCffA_}ukkwOOtdP5* z(($1@Qc4HiK%ET(*wxw#|8WdMzuKfM6zdq4S)JxS>bck?Hw7Nmj~DkeYVvSkt0(5P zA2a?}ZQV98C3c;l*e_yn{OnpzQauDdRw70hGgka;JN>#b`mSLh0&dRPdfTXcU~~ed zVqrru7s_hsLX4=wZN0W(y`V*_e?zvo<#>^z#+zL{kdklR300T$x7(T%wchlLe3)Hn z(ktDIMRjy^OrZL8QTVmR4!-KErrJRct$Z!t#`=j_Tk_Oo0Wi{X(&6}P9=9kZ-;-jC zYa^|bmjl;8+k=1hM$!ZYWnp;r{xIXHYZCDyt+x`KcGJG?Xl#{HmvY%Wnnk$mH%ezPXejzBf|lLx};ij|$Z?Ab2F4skj=IWw~W16e1o5 zE;Vnh$hJO;tR2Mbp*^=tK>L)~{JOTK%5~9}P3RXKf)r4ot-WaU>O)nbFd=^ z1l+$MbcMVWS6oD=%xszg18|SQf-N!C7jdwlBK29f`a>k;p=M;-h|o(^vo51)lSf>4 z(KgB{wn_X{z^j0Vv6as|QVJf{*sTVZ1scARw&DobUyzOWNZ@xIw_kolDPm0tRvW4E zsCnP}8-%H#jR6ow<_zpS(X*62aT?0X$VFmah*3R#YR#_!;oiuR0axG%O>L@-vsZSY zMN><%WE;McA=353C#x7^!tcWn#{syNpu}(y z3Q5=D87oj=2cP|L0@DWL@-_8Ht8D>zCJX|3GD^!}wvdF0I@m{vFZdJY5e4lW**qfbYoJ zIkx6x@XeKPd~aTtAc`e=#*w_}T+`Oh^!)ej^3{`Bs%5#UIWJuU_pw3sj(*DCa{Y=z zja|+wESEYE`Gt0Wrl{RYt;3K4s^dx!DSt6d-K5`D{PU-IM7L@J=>F!cQy1SJU>F$*7lJ4&A{3fnmE*t0x&XefgMoX<+zq+OizOP6#-h`J9#a)T3&N~L5oW{*<;WDq?-UXBozwY zsWrZ)vYi$yqTfF`Tft`)ZeFT9EbRH_heq)@`y~_m?A%qP;G-2sA-^8~bj{}ljSY@% zn?L0YUGSagkunE>I3ws^U}CJ_#^j0POS7xO{T#DCw~b!8NnL3|zA7_S>TGSU;*_Tl zpta(#_8-?uUqcA852{tt&mM`d`8V-5hLx zHBwI`5f-AV$xw`Vm3_=B92V_;N{xT)Cy@Vp#{a>)0b$SGJl#-68&H*Rj--2T?3Ay^ z010bhOMkfPV!UOf^r4`gl*{3h?AcZy#b;Z3JNZ62i>o!ewSQ(slq-sSZ%BY{D%HWi zx~b&E-0XiYWIXH*nqQfs#Y7(cc(Wu?ta%)jEg|duXuGKDaZ9#w?}`s4Tpt78G}rYn z@}!fXNJPl z0KPg#c%^sD$gtLJf8>bwU($<+s{Z0y%owF(9~db#=OX(;rXk(Dy@})nd-D za@U1^zpEM{0T{#epY$>ixb&MS&2{?8ZK?73fb@UT+kub6QT|(+M78q&w4uKfZx|c> z^WK045iD|Kl;idY)x2;WoKTcsoK@l%flck;D8F{fet0Omhk`0say1N=VnCE(MDga1`A9Nh+lx{Zru*1nhkHgDae z=nvyrZ{VZ~b~0Aq{=VmOx<{o+HD&lm2xkWCpB+u%o*a`ZnhTW13q!%DabtSwp! zBzZpcA3Cob7BFkL&4=4_ho_FuqE!1Rx(0=(uD$Zokblm0P?7+MDSKg~e+D{a=lX90lQ!vhZ!8}v_0`h7ES)GL&P zn+xgtkU2pUW`iDp=+UX2y=wNUOM&s#3pb?MKnLO2j~o1}w9?2~Ki;(YD+ zhZO>!K@}#h0WPpuuOOs}S<_ymR_npNeJA(FiU{Fi2GN673&oeDCou7f0hf_$z^*{> zr^N{)+ zu{~W5WB=P5Ut>hk;_I(hL5)ho{qz3)X#F2yB2yf`k|a}baY=zgKv4XP&qhvM|1AgQ z&pSntCa!@e>eM1tI)(o8DTP*WA%WJvy-mhncO~(PjQ(J!MxJ&ow2HKl1BC?1Uo64z8aUw3t9tiCVnqJ@YrogTOC8~VI(5L= z#ev%ZesrDWuYMG^4%H6Lj~J{EgW~gF7Me_`=`-FxFr^m{DMU;Iwa}TJ*0at7MzeN- zQ>ok1#GSs+`lmawc-tlq>QDn$P8gN5cpLieFQ&T&h-{la-{ITOD}(=K^@$t&Qr+Sl z>49+$?@=5onE!bVp*hUok3eI+OqRy~$IHC|64Ne0MwvgX9N3-OslUG(`M<7sC01av z!~Y~TaIap)`T2oZM+kwG>c6}MyLYRf+z>bs{PfCVR|fcU30wvEyM zcM@?+Az|>R{j}A#0SMmE$I+<4PAxAqW~{%h(`!h>Lf`@~9@oSGZ_vZJFwya^9@pSy z*R^PFq_bI>nu< z2n+*oBf{XQ*RX%C$4V>c6!UpV9pZ0K^7PwpXi@w(lb!KB`A&m{8>8{@(L>0F(d**T#{coXUg%Ttj+VtPz#v1(s?4R2n z$l7RL!Ym)*fAfU@ihSBi%CLVfG!qc`>R$hCNr1vjp0D4XuLLcMR3Vdje{&#p;;+JU zXsCbHK>r)O|2KI5-$wtx!TUeA)&BsMWbMnBD+1`-mI?*0thNJi~CeM;bCwj*Z| zXqJsj1Wf+_w;TE$F==F8vikz|rI>Gi+}M96S0FI5m&7|ZCd50ygWv2WrIFO6@%$tHKl zzD&VZX|cIx&)UHx=9f;P;nH-8j#hshjZw{4I9Y({8Y7>|k$kw|JgsxqiKdt&mfJa3 za-Ea(j}|#FWDNax>B*e|R2153rwQnv2iyOaqq#u=mCGq+4ds8W_JR1V{4TU<4q~i3 z9M1$0sBGo8(L<3^5I^3mM^d(b7ybmDcb%Q-b0>XuFiXboaS>%bU(=T(9h+m=6{4Ia z1O|{Of&;#Mkp%`+$j6N3XZpMW1idjp(`jJY_nBVs;pEefi%c9fiR0E_^yU6^>h)ac zr0cRbm3Sy-d>|rT|5ULSnn_~`1Jj=c2yq`&Nv)e~3`E6$wj=*1`D%rHsX_3_|67^} zlm$}qa8fTQjBU%U1b`=zP$_1_i9jKU%Lw7}xs}DyX(<0tD`j{wy7ivO0YE~TW3$+B z1~33Zuc9VfygmD(NIn6ujTCUBl*L-LHJY?Y3FSsT{R51xbO7r$;e2~!U}r2_zMjK+ zPO4P5dE>N)C=rIpYqZW%QD#m{xz*>Oip_8Txgi7=GK^o){t_d&q>PHHHH-DDYnb_NkS7l?U7@C%s;x?Ld2V}ot#S|-Vt$*h}@`u?mS}l-|dx= z9%pc6nG)g+K9W2%2_Y>TBxGdHVpgg_OmACpTKjZB+9M(&0wnsQt|VI$Xrog#ikSlR zfR(WnTS(Hjg<(ShPJ#@WR+U$Mij7cCobu8n7C)>o?nAZ4VKu~j%lSx<$ZRC>RN6hb z;TY@#ovWCc@mwh2Y?x7ySvXht(WgYW^pi@amO^GTxi0}1t>+Ur84OZpEQI86UwJIn z<{5^i0qHAIJ$eQ(u;4NSj$pvYFM6K{&p*MGnguai60*Wa1DFYrN_-bL<3(%dmcBdG3Yi?^SU0zG3Ye7 zCCX>;X*}KSGty|)6q!53P!caXO~{+p4^KZ@j>rHk!ff&j7eJ}c;JWCXc&)ymuyd{H z3;oD||N1ovx1+9>D97EY&uIt7euFmiIxrAVz4^UP)C1=i^=0>uqy#YnwEOmZl@62G zKgZCpOfKS@V@SNSs%+m2iLgrQa*hYOt-ljGHhFxG=5{pQZ&W(-;f5D<7Y=mMqklet z{QO-KC*Vjsh8QC`XFD+f3 zwX}^o|0Hcg_5EdGr_mV#(GG+iSK&wP3Ad(F5&&pyF=a&tY8k0>@M+5?iXlC9K`0a*)t;ty$EBNJcUz~RlUB%TSsPk$ycfi-`ny?+cKq9hv6Bb2#; z8I|3>&PA=XX@Ym2qWl-`LeE>Jf;`sG#ci4ElV*V)mwR0|a4gd zj(qBKMf`S@JaYe?lxCgZmr)95y4@Z9LC^ko={TMJ(oi^W`dvyMVgP*=*=SO#3j{5+SB$rK|D>SCM1 zzDb}pPP1TOD{kNl9jPt=>!IRUddeaQDr6(M!r!iv3laFF&)Ca zJ!(A8F&Ri;aXnfv4;Fd6zfSx@cZk7?IycdnP*#hGzd-tjZ4IgzKJLW^Ghb?__ zwboQA7rC`A14F%ylkYR-FXp_f$G6F3_N7_f*B742lzw-(H-qQ79elw15$crx965@$P)`7BM}8Qo=%C|*@@yw4H5tF?HvZ@IpPw;&A> z;51K%e;nI=m#@$V#F3%A5DZ#M*X2XspQ0WQxVG8RI=-b+YY9|fH1^)>mCpCJ+~oK@ zl8mQQB&P9hHK&U#&uVM5JsvuGh@Ix*)Io~J0fy#7LIvV>SP;)PdZT~RRZdqDkyn#OP_plQ3atsSLT=FU zW*WadbUu{9ZP3xl>oH;swP@6+G?gD;dL<=PQL5jMAM1zyye|T-{BQs}+_@YMnR7F{ zyG_YYd~54^l=h3|EE$-%`N@UuJK_Y4CZj2SQiJB_7AqCXX5&ZgvNzbrl^(n)wGUYj z-aD-sSQkz#8W@8gKS5CRdc-d64H0`zImNK1QsU(%;uZJ%-JYAqpcIN9)Iozo*~69N z1D+yChnR2ez&X<|XXIfnTd7dBxTzUtmLJ0cAq=1tvz31|%W&@|uiPWj_Pjo#PZ7&m zw!~!ArSrbOVz-BWT)^RVDZ0(J0&Ls_$lAththH#g>&pC}0K9agazr2&*dIzQfP;rz zwz)o99O5u){W0D09&wT$*i0oHdHgsZKAyV1bLmgP@$GL_g*u-JEaGPEw>*xE1tt?< zeG1-XeO$O5826pz;BMOTtM2p7eX8urIm*5@oaYN#ii!(Ov17@3FV&KWyo!N z8Di10quKLg*(vi-Ntw`ttu>NNk)RS->nB&uQ*C*U!5H>tNa)+^hi}p}DNIgd9zI+~ z6tqY4-ZD>f7LV%un1^?dIbvx%jNG>H@f?dXnyt2#>dgyKv$c^UcpGb<2hJ{gw2b=> z7Vj*7hTKETgUsPje>+b-LY{EEjE;g`FP(T_${xE7J( zDeCCU!kJ)I(JTa(1l$CchS5{`6L)SrQ<+gwD7K4y+btJ$0HMVQ*X!3A!1+3BRI}Wx z;}U;2{IXTIHD@Ga;>!6wGsD&~iA^zTm6Q`#o@JCnD+Pgg#Na;z^!FnB{zGo3Xg_g> zk`wP*#k&XOxstpBIwctH7orV-apk26ILRe33A-H5S@SO#b0DkVohW}5fjSqevRf6= zX!fYyWl)=LeY~2_m5!y{S~WdhYG!diGoDEK?9;pRN%4GZhyrlPTf*i*j#lA$ZF4S( z>FqX=5Cc>wwl#&t_@!F4!;Oo)M|GkZ9(y#EIyz=Rp^?W9%`YGy@?q@T=M5l7pW~+J zeuWx^D$2fEQ*e#TPuw*U3vAE&*J;76sXj}i5HZg_!EmO!*PeXWPxDw?#by8=%0DUiljW`_eum!x}lDX{SZI$6e} znHR!SidoY5*ItfOqCgbZ=#r^&H3^D;KUoXOb{cM*mJX-GNW0-s26HXrPU9GdCPzOcg?!Oc|&v2cXexrh>d-~5x?>vQ4fL3<$bcqQ+tAYjN z-GP9|h57zDMRt|-^b~%Ek80ETFmK*hw8K-WFJ)y+$?TR1PWw~xTO*l_bB@v7I92}9 zK*l%#%nTg#d^Fkx$~!T%cwn)}z912>01W9+tVGS~4}J5tt=2J-Y{Oai$z1l|q!-** zKVun>=Sah~=*U~igtTV@%07-K`@`27tq(-p4ZA@Po~ISpC=f-**f>Rmh?SfDBO^oj3GAl3q1}iQvyX8b=!0Lp*Z^%JT^Za@w=0DOlaEY?PS0?`?T5$Q0jR%X}BDoERtpV z=RfNed?{Qe6)y@%pXAy(u8$Xdpm(HvWVkPWM!RyQ@qQ|qT2Zw)JMhi)EI55o zo@0LZ5?Nv4q=NScrd|uJ++m$?F2!i>Ich(vF&GR-0cgK{6Jae7XZjm|+$|)e@e^Bo zi%RFpDK}5A@ny>}TV{1p6z7>Dx_4(4_?Gh4_*#7f-!dkeqlw^BGPct2?%rPR{`qoR zPaJQ595T;gvtPQ!>xrFOoFFmDIM!7FPO5MJ*z%b9QKw5yV~Zjk#9WwD>C#B`R9YAR z4Il7LF8(tB(&p%x?iV*s3%iT;-uh90B2Rv6b$6KeI1H#1kQL|lPJp^h9=I*PD!XvC+X%veMVH1{)4HkI1F^Vml zEH{!oA3b04JWf`{&G5d`7=z3PICVh^+kLS;sM;X}w9?MANzg++x zkhfNnfzi0so?{iMHWvq^AM*aBu==TV+an{?kO4D9+i$G0(MY2xaVzM#4MwOk_IXwG zxLFpV`I$KUvUIcs3VzS42>Zoz{hd)p@=AsZ zuggo$lrJVn16;J4em5ylJo3V94 z^oLrZ;o4%2_m_v`%1A@VYWoSy+ne=~T)XIwGyjB86Vqx=W<8J6<(>+odjzm!<#dy9&|JEgG*g@-O;r6Tb{JwV^waY$72H^yj~mMo9^bcw#Iv3 ze+tJEw7s^snLUf|H$AT`(yo>uP~C_H2=)E%78`z)+en=E#>WMlX~`Cc`fm0oOx>F5 zSS)=1T1rkacUy;!;_^C{{?Xb2idac~2hUCjJR6xf8xX)?!;tO3>vKHq6_yTqc8ToR zIKNRY)?~L>Y^YA2_q|?pmB<7QDB0PSF^@yTc8VOl^wZ8ZGJmZ~5mxSmwq#YZ&_h8% zQE1c!tKQl}q7#9nQv=d?0L?WcFI}iAL3~gYEO+&3nSnq@-E+cLSB}#8nsSa92R&6{ zx!~Am{2-<Pb26juif{Ga#XTJ z^97uZw`PVad}Wj1YA0yfbIMsJ$R+E?z@)08%k@fP-IOl8c=&Flkb^jcT|Mf&BVZ+SkioltwvehhuW+>oMgFejm2#_xjfFaE zr140~upcU%<6Y!D#%R^Ai$3nS)9=@2wNk>)J}Yrd&M8bc_XMa-XHjXh>)@RiJ6dWV z7L`ZcwL)gMF}5yqGlt(3YR4r|=$FbDM)uC-!kFye897LXuASM{%H-K942GdCH(7WZ zubqU?jXay}aio5nAoOmi*yv3c&I@0rY>eN8Ur8o#MG+Lr$@lohW=+F9F1mD0qpy0H zkz@BHr?!ykE{o=#l-HJ>EO_{S+Z2nv-YfYWj5JaI@pr|!!F2=;7Cvuug`g{fP-b}}>zBP)0 z$F*B0Lp7kG}0;)-ChP?+gAw^$XBi4{MZff6MJaLEDFF2hpoUZqTdlTJ?Zu{&P z*HTi~`Gw1V4B7v&DA!mGsxHK|ApXWB+cw`IlZFh*pc{`GBx~lZf{GGEt_laa6t6D6 zHXRJGfD63Gu#HlW548k*9^9&hldY|G`5}z0ecJrM#_IqHpo>lE_2K+T>{7YHe&!8`4=!LI%^gCuTyUj)6Dvj?n8w_`12~(T;EpM^B_dL=-rf zO;gGi`}slw-T==O_B+lt;V!icPgtqUU9v6!KbR%_ zqeGGUo7C1WwEY%6pL9y1%jZElwugra*Z#?5+HQV`)*BfR3B4B2NLuYR=ewU@(zqRW zlDI^k7V`pE;2nShH!2LDnOqfHv;~)BIpR?m@xig59-a?=LVEd|xU9U}PmBc!x81>H zY8*b}B;F$eUKbqwFX3Mh00WF3PA6o&K0&H(YE5T}#7~&FZS2BUuOo_BvT*8Y{?TMk zeSERI*}`Ua1P;}I@hjLA5n?AeMA`MH zo&z~)K7tTo0&YhYqQxR73&oFfP_X8BrT~<0!9lH2J`#Hkj6WGbi*#jM zsn%({l4_LXNgXiidF2Q(aPVkFMmEyBcr9R#Ikt3k-mu_m3yjDhpQX|P?MOu6T6R2p z&ndS^meTw9r>Ir{hW9aG8e<$Be#?AfiU&fXon=x}M7&z+T(!lZm| zrlmm}sc|{mpn*E3XEB);MRZwX;W?AD6p0WOiA@3oOIrFIkmb zZYNpE*XwLhC}<+;owc^h0@+1$npNKo#43o}bKs}9XbWmi!J@q{FMVr{3| zyr?mP_KMTh5F4MXl-%8sb#zrIWIR}_=}O6|89~41ZBH?K>s?^4A6RXp{@RR2^-Y!+r&}|a`($Hw5Z~zsXCrK)9x`Tz zcDs1Rc0!C2{Z}H3*S_mSvkhxe7I?0%CB)W5H1r6V0lhoO390r9kJxeeDuvho!c9UpZ*a(Y4(Kh?Of5dzSw~j+JpR z#n<-NftTj%AwS^_UAj~%g-I;V#h_eM>$03Nn(lKxenlGSNWOOxTo4;k&+%vm&qJcO z{I!`E`m|k&A!#x^{*y8&Z%!3=YS>apBM~oe+fi$ZAf8ClDkgo*uRjcar*3^1Ne<|{So3$6=csgEr)2K#v^|r*+W#*cxwwfEe43* zlXfiJGNN}!ct3ZG{`1CI$)?d_M_p1i=k_<7qSTn%;Ef#HcJ=!E^U@#XT|7`I7|}e{ zmb(j1sma?A0(UMKZ-K6(YmvLR!&EKPv2M9Tbz}T$60{C_110TsZNo^GRk{a`Cq4I` zRuN%@tL;`;X7k?k*rAj68h7ka-;a4(&786!hZyU}vD%dlC`o}#Z-JQ|*3ndUB|B~H z80AZPjuCqtFD3!u85S%Bq&v*i(zdBqR9H~d18qLuX$c6ldspauXXp!(nn~3#B}Je% z9N^X}-FZKTbzUhauGXR2sh)P}@(L?m>k7=jEUz6?hwVP2)ly?F4j91yT)gk`17VWe zCtD)iX_2vXS$fU=!g>Y@dgG1;Y>yly)ZnxCDb7txt-eLs%_y%sad@wrE_|PCnsdAn z6&00~N+FF2Dl&F4paO-*@?cueHy&v9;t`Nsoy|<}ZiX_ppa@CHCN>=Sr%ekyoQN8+ z+B)IGUjfG|h2e1yhat~MKHu~Z`F>v%zr^0Z^OMrI=-kS%BS!JZ4qyhp?2*F2zyNw- z0})-kj$;ud{*%s%BeqYxz7RcHHYKoYu#e=$B=vg z?*%Ult)i%Yi&TXrrGu^JbpjmCl(tT*%Y+4hy3C0q=y1 zBo}ffKT;SZe5NGqE0UT5rEKU%Y0{^eXD%`YW)OKQ4G%0lj$ag-pVP&T(kI>QlhZ-q z4D)W${LV+e7(%xdFubs)`=iD@C6+O*dWT#Pbp?yVhE%qn?Oavx!^ux%X!}4IW5}%> z+t$Y^zlfbCp|onN*>Qmn9oADt$p%6n8Ky}0>-;79I?+2RS6gn@LTx_f060fKFr3_W z)ES$F;{6SXQY>j>oO|AjVq-R7VL&Vy42_Vb$X-PxqgClRR{#kA1BKoK=&F4V?j#FI zia_9pE4+5xerDB=6#alwZL`npJ!2A;TK2Z&a1pyHS2k6%HMW4<8h0^I9%G%W*dwYN zt(iYlwbYTJJV1b<*(ZCV@GSPNG&1ke<3I@PhG~0xPZHc0p-cp9XG~Y(FrjW z-C@VOG~6aJG2N)k`3{qE76^Q9pM(h;>1;5Q-YlVXD~nv4Ukl2WUK|9nX{^gC*YeVJ z5M{w^<6F$oMg#U2b7nDg4cVn{lerU7du!c4-2-3*uw}-pH5}zOz{*!<1*~Z z?pyVVi07kG!kN2`oAcQ#<|d!-Ja(iYlp8iN6G=ijiBZ-c_3|HVgtY0kmdI?IPk+dN z^SnR0e~iC0`#P9;-*}%^O3<-?c2mhiBk-p6>ETl{oo9C_m}Fwf2=>YJciTYfG7@T4 zJ1T_$*+Lk?v0F(b2%j@ZVvVe!`{QN`S9Z%apQVJ?Z7Jo;NUoXJ3qWF27e>ITOR0#P zFZ6?SFM10V6x?vMSeU;}X1E`RpoZZ0zE;;L7D-4ohnWF1-qDIBJEFG47N`X(Ujrw0 zKG-mkn_gH5 z>>aGn10J)@kNW*pn3NCmvfLnY!3x5QBrImg6U4@%@2iD#80gKAS&gi4DmOyivr!7++$Au39M2u1Gox7qf?N)a3r|x))imG?KZyu~FW_;@l1DCmovFLKwod4L8Gj z-cfATo<@t-JgTy?|E3Ec{&eNAWx)A-+~V0ll=GI8f7Zd-UC*WS*N)AymCJlgshwf8 z7#?q2cO=Xd9tQq&)>qpCtLYJZrD2~f(9$r?xZoCHsG~Ip+LNEpdGeq~ne96zpcK+# zrZL*0OS6udB}LZdkgg>q($q{V#VgDj8O$wKb5tZDvGgm0p=*s*UA{$(sIlvlZ)H5& za8dpg(53H*6iYeC9p|>ZORbQZs%Wsw-5k*7h-BGVaJKX*D3UXaNCQuuZ)1Zbuf5@_U2(kL_^3Fo|r}JtCd!t zSkiI%uC(#H;nY`J zwrTzz^}U`%xy#v=Dbv~T2b%XIB*}L_TelSY8C=;Qu;~=0V69ifP@t%-IkFhJ{4mRz(2yuAxp6w~8ns?YjlA8j}e`Nd6^qH*T9kAqs<4p{pQ zx%a2j&k(Ha?~W3SQ`B^yb9{=f=_nwgVzOJhcuL%AkMSI8E9kUl%j_$iRGPuh?^b_8 z7uZY4eR=C*lYx3c@4EQt2VVN2TYsQtbERIsn*3^t z$Xk~27h1tXl{nnSwiD%q(W=o4RJAg$tFGDaN$0E%h!fHni><~rCw~+XZKHJ$b8HL9k+~zDngQTQ&I{G-hcqQAC z=!vKEAgzdmeLrP|<{y_mLhdgt`CPCk($**%$qJhK;-fJhf;ARew!e3(cR$-KGI_mx4u+R_BeOH7y{!WWiYk$xy$|^{Co>x977^>kkH(dGL9rrh7JtDEV|bzh z&e_ojegd27;^d)V;04yU?cgVc86@oH=M6gIYTaxBNi{*tj3rY06Lc|T>VE~$dxQWY zrV|k9DZ08vk}SAGg=4=_Peihr9oyY6H9dC$!wBn!^fnZRR|GuoyTfpdtZv)!-QW+& zTUz4Eb1Gl){al&R;>rM#^HMgam95Ess=eW#=;MdIZB7B@0IZ-w{$G5*h~iZr$F8`* zq(Bk6?wc6ZyEJ*j@z=O^jRckNA}6V=Ke+_@VSqJ3n->5)udTFmqD_|({%dR@Jg(QY z`bts=R=QQJ^FDP?Kpz_}>9wN!^W*jA^|B6!!LSQ7D7fYr(h)4F5s2l8c~EUC%E5wH zg2Q#TuprcU0hZ9LiT6_LO~RtL~d-B7}tB&*VXkG~WM~V@ zlr4e7gyf_Fkf7M6g%n8vzD)v<6e$q;KG?6r%?hj^V}evg0$7YjZO`MQ%+MTcL4I*j z;|)%X>8?P{U%-c2(X$c|nZfzqLZqX9?5O(qLmO|{G0+b-z4m9Vkn|;y9PW=Ut8`eK zbYDh>Ea}t&Pl7f`%P%cr_G8kDSg*x7!>xfEpf<_=`OA*WwOTAYBAqCeu<_SL-SNcz z&yEq=iD-|O@vF@^tKG-nrk%FEn+Fax9BN;); z4)ls)1`W ztzp*XKzU@mr>s~P%Po)XXDgzIo2MlNn*}yH2Nsp#BgA>nRL`utP~@NNJ1k3EsFC?+ z-bi38fKYY)c%2SR+bEV_5n0Wo8ZI1gwNbB)T}9#r68f>IHu;MjR5P|bXtq4BN+w^; zM+OS_W|*a-fKUhDGF~1KKxD0lVQr40EqY+v4eTiC$>xTXH!Gu=wIU0~3qGeYW_mqj zI31sc7z9ER(WXkdckHoDy zP=~1*81$G7A1oWXf88(2Du{~uv~~9joLDK*&F9H-l@!AK97-qzIFGED$V2W;9Amy? z-wzR-8*pOgTFpw+=8d65sz6|9&j+Rwum#n81$j=;u0wyP#`e+2>2!mil6V|cGi9)x zIA&dQ|O&B8cZo&`=*i<`&~D)VjH}^%!Bb5tcEc8Ae%EYgNh(It)PL)T&r$LdRVEP0# zb@{ASbYmY`^~0iWoJjn6KkuV$LKwWn8HMZ=eysZdlI(iJZH{jBg6XTH{iRMG-}mWo za(XClazo6bJyaZ%Pw!QsItFj8Ypvd1Wlq4?fw_(5Swhw4>nwmmJ7p#=QHPf+ullgP zIl)YfspC{WEUSrd6!DP0=Iz*cuuuG||A9RW2yU4&3FfyU{a0Ag3k(+DsCf1B%`ye1?UIW(wLTw&`c2K^pdxH{oiu35)Tcai;|S) zEv6F-r5EQ7YmS+q^1>diGg&4wI93y=(=EKCC*iTb&q)9_-k84TMw;#L)$IoOx ze%E|@ifOhqOajxb6G1c2kilJQIh+NaBixcuQRi6DP2x#;s)l>nhWSxYPDIDEds#1i z;)-)!(xl))=lq9=F33pCVoo7lHJjzoGwS^uR-WpKiY0=3&w5DQobIR?(_2@t()@`6L{6&S{w4fHf8?Iycn>`IzJg%+GL zO;tK4W*e1aEun^%Z&pro!xOYg3`Wpup4ah#c(;6qwBb{!oTny(rzXpr6(6Dti`*lw zTuWJ$yHrM&Iuwz%BWUq96)QjHrun2AT!qN)K-ZM;lD0b$V?yaqvhx`@1^74xM9YGigsK;PBBWD z|CR2*!MjMeOe7>E4i7RbG+YiV^H)3d&=YLB{Aq8CxI5iz;XKv5{9VQ}?mCbm(8= zw5l{!s~b2dr%=r-uG)moaNn3-lRDdaH2~ zc&;t7F3WITnaAXMqh+L1t(Rzdxy4w0?E{`0gksi#F)?ixY z;I{2*F2Rp6{a3a8uW$lS8DBLJ5!h6ato{=iN*YSJP#8caDQq4dIqSx=?IgZ9ff54m z1p`4SBe#hISTLIq+DP3xIPobV*anF8qyvGm(=G1S2sk6r;4s*pUzG`mJt9o**ap=59zkXIlrvEj$+j!jd5oD)w6SN^)|)!sU!nWS72>;gg~dP9!2O zTknkDET8Uf0*@J8yE^_!G9xs(6NEO5xkL(Bss=Rql9_srIgtV?&bY*^0T}^0Iy!B^ zAdLPv_{NFQ4K2?@$?&Sifp$KvHMB&CDgLFWp21zxggW&c+-E+J*Q0G=`FJ9U_4kMOm<$ZRbI_eQMsE;P_aEOGampDE?K6B9 zG}1G6$bHt<;?K93w&@MB+^=KQ*r2_oh&iV37V`_YDNL6HBU?f=aaX$yWEDaTqVS(= z|Mx6_-^m6T|FVj02K9kh|1(NyB(EUOtu5Ua*+|?fPK#@;Lq`5OUrpevSjvcaV3J8@ zk$SnNPsT$tI?aJH8#$z(*erxx{q~V5Fja8`Tk(zjkrfSpgCGULoZtaFfuC|k!IyYp zJs;e44{c~>vthA5>+qEQjhQYkNDxhR1WY$IaSsiqA7tC^DOCom(fJrz>o{DkEm@J{ z_ONU|gJQw>O47r{`V2M#QHu~sXT9K!UzN`Z^Q~1IOrUgsGLkQtRGeP^uwtJy0hTh6 zi?;dtY*XMI@V6%>yj~yY1CW<}v$f z_G$yc&v>4@=$-FyG9we;E%2XA=~`i}OK#bvFW3bp!_7}RYF+8%86FsOM~Brr|i8zIftn~H`dj#2DnZ9qzVHkke%rA1Dl`l&OrKiHiL-taM6jr1cgyljgIGolL`zB;L(-P#P!?cLA#3X|f2ukx5CA$vDoCh1e! zQA!XTxMdPNP&OC0XR0)+Z@x^=FxL@rxp>lHD$ZDBc-IA>)5p#7AD`n2T}W>QJ>NTg zvP!F;my`K134jXA#c1o%b|zA{H@_%Qo3!RXeFWy2*5_4yP~}p+F{^5RR;j5-}v!JM-Nv}gw~zekg;@<5_s z8%)_~i_HPYomCh+RD;c(PxsGZ7OlKCz3H;)ryDWnrA(LIf*L5e{37r9i6Zwy`a=Xt z?DbJXwPalShw?tL6uMmst?GvuomqFDWxa*6WP5+x(FPM3`#7h9$+-u%pK?3jFrp(><$rrpLU zllnA}v(h*y%>9bYp|KI+K5R{*xvi1t2WTo9VoD0pS`rvwmD|;g=Ox{Q<4C9HCKT9I z+p*C37!dnzHbqZmtGNTdK~}os{^NSg3Iu%7WYdx|ZDdtlb`)OQ?%+O-36eIGcj*J0 zM?;gZQ3w?1ww(+g_96{VCxxxRC8r8jL=SjV}t61 zh3~HpSu=v|`$N*9yOnni%e&fIK3*b+jqnjrq6%bG)njSFhizj&3*K(Tnj-m?BSWkD z1(m%n|2T#mXaozbF*U%{ZLLzM%5J1H(9+(3u&P7<#RLo#Q=Hp2RS8KqN>PTnqrq}Y z#Ok{#xolh;N42hcV9T`Q_*A#;&}lN_N3ZgM6~1ds#V4Vl_Xy@d%`1^@IS@F~ zIt6bhbs+xSR_FY~Y~785`$|YHs*ofWh}fMr+0r$lCBkF1am~_te=hf^JA5`3Kse|D zgkziLQRn4E5<_Mp_XNImEOm8MQp_O#cd%Plw5ml>0OljR+QHym!w4D&V2&3t3>(J{ zNV2RiligC4j#yS3@NKsMg%0}*_RJwG(M4@0Fvkd7)Qu4iIqNksVVimtf{+TJ#Ns^H z?hi6c%I+w6rz5REXBTtA~_2u*} zz|b@K^+V-FEd*h@J73GF)N7XMO$l%fSU{9X!EH1k%#Tn(_KYhyTU!B$w7>koAO;N!Xi_W__0S-K|(>{Xa~lE1-o;Ml;ys9VLW8W zANbZBc>~rlPnzjh-Dai^ih%+}n{7eFk!UfIRGrrK(znGF={9Rhgkh7E>4TX98m>?< z9wkKpE&+|Tr3wkGJDG!Lx1mfHsd{q79thsM^9jMB9*3ifl1b{@cf));zy*u zf-~e1nGsJ<2!w+m^#J9bd~OVfc{zwgqkRC05w)M{Z89;u0qz>b*H5dP-zwKlfRp00 z+;4^6t;vJsVj{j?L1hFOA-*<8Ki?r&xSbkiQ)kC08DmhtZOgh(TOCI+cXFEJ&>sCn zy}T25)O4r;wWE5G`gz6 zJXHy6MdM~Ds~a09EMHvbM(rnJQ)u3F@wqnUWmqbeq{md5VXr&;3{RnnCb1p|dr?Gl z5dQjBn|~wZjosH90IypRU%N(%r9|ho_a=WpI)H9qrio|ui@5qM)<5k1x%j54eyuQUg@yt({?lXe=z(3u! zENX324lNj<9545Wy|1;QS8<|?vr%-3rXoDvX*pW>I^uRS#t@^n&G|FXr{FxUxf~?* zf`LeQu}WYLrhZ)?2^;QNUljaCoa8wJn0DuFfLVNr`wNl#!1%Qea%7I|A>R6J(Jw)w46UZagq$9T>fnUh7#u zKNKGa=PY1(rEM|!{VRb>-F7tvsq$Cf%50uY`>NJFEipgAgS33-LtjW z84H=Bleeg68Q=8JDR;14j+d;_-%jm7eL}xL-oYEiS$Tx!2k&_JKUAGnSX^zetOpOS z!Gi?%0fIXT?h@P`0>Rw|5AN>n?he6%yL)gC?y%Q?&c50Ab2-nqy1T00iZlm93^5V* z5(`TYo+G*R@e}Eav5qtG#PZ;JsK2*tTqUL)0GqCjhPwv*jn?N>w&M7Z>@wQsO~+E9 zJDN{;jTO{%IXltYCyBMYLUhV(?HyO!<8hpQa4Lho<2+=>@5QGQRw;UtkwKeJo0TK} z3G$p(yo@lT-5()s*KCS?gVw zDTeIJh1S#!!_d6VM>j?sfOVnW<1#D`ZWis&q;XT4!B6@mIgrk-3OH5;^y39=lWnam zE)J^}#8~!KtMRdgXCjx8^GqAZ83un$ishZQxD*NhNp87{`CCS!H4l4XLwl~Kf=DWM1Fc|Fu5~=-gD9~P-vcLq zY^IvF-HBw8w^Tf%i7%bqf&6#YruVMX8_6?G5Z^(cR{4De*GO$g+UwEl&N3M~Qw-kX zo_Zb`G=icscCDYW?NOu4Uone5%y{f@ zH*OvdO+<2<=Czrr3v^Pfk(G{#M@o5q8TUn@z}$=N)Pfq05ehd#eT%Pn65L!Z$(bw7 zn7zSHxJa;d9X_RNSB;KaxjAta+?q*#rVroq4fA`%1S15p;p{GC$~I(L6|vyi{9)Dw53-pap%*i%f}wLu&HzGi;@ zbu*K>xC-W5K=7|th+w>WCf7fCQnb*R03@qWY}H-aiUUCpX1Fm^#k;DC6$#UY7H(YA z@5h)%SLM|oXz#>$&2QEFVvy)Y2^7zuZnzGl>BwzhY7S{oQh z&gg2PB%!>+N4H0BEhha)U{@mnYNjM`_=pfeNBJrihQk`nzNE4>Phj@>#vecLY^k=- zO=IwqVNitI##GJ=paQU&jo}-w!M4Y${9}u-=k1|7Wdi^D{jV6EGT55Ry~(OO1fxm`vus9YPmfz!W&;U&&>zmW+KLd57X0(nS)3zZco; zHo`6_B@Jj+f6;XAb)gSqPCd7ut9la4HKFOI)&5!~=_?QHmDWp_xj}C~=|j^!>RyJt z{z+05)r?`pfPuih3Qf?0jKB&eFD4?Najj+f$AZWnA(ug$z#%KrMhHc)=8k*7U$JHp zA!D0v>BtudDZrn?SileJ?tAP~FlQFZxdH(^RJ)8ziX8GmkEMSwW}^7{7+iO608)VK z0Nd{~&ZKGX7un0nMF3 zw6(Wq7g5;A2kH@3lt`R(rbLOt9dHH9dO8)+u-?DczS|ETaDnJ}@IS<|>gg$f;@JC6 zuV?=K{fYqp@53C)2Ud{eaUP7AgmzVI0&6*8Ru7O@&>{KcSv$n+|m{&Aaj7Dlm#JF$jgA>sw*iR*> zcro$Udv{~%MkMTrzMa?5Jh|b`mtoAH9TCAqf6$mhuau=z@0UjCcx8qX+D7J_v`Rv! zlzC5EsN=#24}Cpdr}21(fZg##y{p4KgSRznXQQ8gL4g>k#8WoPNa4ebCdQ`*YbQ^? zWOFg8WvDr-bX|wecQCVy8{2L*{bB4dJF6e()-^=aWe`D>(u@93OKoo7jZC?e6uyaP zP4~hW@NkH-?N#0+ty^tHn|PWARF4QiO2Ens7n_GInSH=yym z!E`Zdf#c_@;$)UB>xi~K>(L=X|6)HhR$efVb8=Y07>@ON{LX+7QdQg^%5O-B8B-K9Rf0&^%Oj$ ze|Jjy_W1kW33>L=uOU6-cAHf+cUb~6ttKZ{2A=9#Qali1ezXVbIXElm5`2mSc-Qzh zyLPbm`L1W9cZ>?A{gpn%BeJkr{%zJv%>dy-f$R3nM8NpO>prVY`j*yiWY4laMp)5xu2cvE=5Q*6~~;e?W3TM2DMie$XaJ^PA?T6 z`ltTr8t|^b_Gi?`FnAPsC ze!#ls5AN6{g|QUoe-;1Iw(qE*w7kKq>to}Ug- z%M*IduTEj$PaQmpC%j#QmPgC16}{7f^@Ryc+nmeETI+Qa1QlMGwudIAvtCm7ZlO>q zyAf(mX8P!iqkXniOxa*SqMCD7>hf)Lt6ZiR=U!J4YcIO#itw))1m z>0Ji6mTOfJbY>~RAaW&zvoyRUdeizNS0-ioPwxtXXSdPBr~)<{$qHRIMjFQaC&3Pz z72c?1s>j@o3KmW6;{2MEKEmF6;*+wD`Dory9(UdqPd&%l8BXoH zT5!tR$j?)`spxaQ5_u0C+R*Ft0HiAa?NEodf@WDNCGz6kKUQZ$szXUyvl*4*BCW;l zv2L4iw)RC0jzuW0!J~?%mwYYyC+p-vH=e7me{ABQdej@-2p#{~5M3Tw!Em#eos~50 zHusX|bOljFsl|L$fGYR`MK*mvZSEaDzdHWvn1=FZ)#6eA3Pg2Z*CV!*ne^$_Jv%;= z-uq6D38-L!=yGgZeQufXVGSPwV(|v~4j1f3!Z7h%u<-2+G2kqI{aCUAh|omd$amNg zd#q7Lov8UlDAnN4b>ad|-M{}Kd}T)Y)zW0YBfdjN)F}r5nId*HoWOyR6L8TpWA;$g zn1Fj6l19k&)0+6t-;nJs{(P`t@-O`Wx&+Q`35;6B9rej2BW{x~*}_vTNold6nP(CQUUWj;okE z+bCoHng<53M_r(dHN2;5Ct9^kb$G1!r8U`;5u*>95!BlA8CJ3oF#qU5NdkZ)t^>nR zL?k3OC8#+_LVwkCdi>L*zoHjZ%&9jJ8c#l&EhehN>JkHqgN|#mF66A+Qt{XjOge@% zV9oKC?yngSp!UHEL8wE3CJ4Igser*p*uo&onK-8G3&Zvr(7^SAHXsmY-{^-<bTwu>VgV{=?!!KW0+lEA$(`Hp9fY{ZffdCEvJ}+;f5cjw9ek< zHX!5=&c zy7qV5pU;r(_xzYOa&C#g8{%zUpeXs9X+-w{s%F7 z()`aT@uwzuAZ!w^l)xD!Oy(Ra>?%S_5SeJM7)8kZuVg{A3oIe)E0%gp_ zTKYu@4U|O<;l)vtk1p2sIIR6EPEN4 zgW(waOCvMXl|BWgC&EFbtpsxC3%dgcq_(PRbWW8EQsEp^ik1+ZOf|G`GED8rqmU0K z>3^ttWG2vUjq1%_Lw|+_Vth1Z5^tSSex` z!NY79PmGq%TD|0VU&H@%hQoZgJrv95{<}Vt$F}#kOz2o;RAH1D1{ZHM>Rbg~D{D^7 zY$cV=w|2b1^kl_~uk%jqg#BQ5eBI|ycGJhJZ|O3>bV?oIdoY8sfwph~J~v9~ledi8 zQM;mmhF-H>2KNIe){L6GiMABuj7hz-*VE&pmT%i*%556Bx4{`os5)$toE$0kNPB}^ z)F5Gpq%hxS;N0!Ix9g6#gB&56s`#HaDj6CE9pO{_zDEi|3>fFD20^|_b?2Un{-?X` z45B3iNUKrw9h%T?6iIachmy6KoUF@1t7V7(uiPnGUr_enj@7fI*53Tu4&ZhQX9>V3 zqTaFZVN%1T`>I%_!(%#l5%0{u#pVzM70Sv#$ho~ugIZIjG9-c8G9qZ+4C3c?c9%|s z8-fKXHd)sW9oa+004pKmeWNu4srQn4+M0bk>Vowv6d9Aozvhl74^sF4?2xY4e8&8? zy|lW#LPe*H;{`VD^2(J~rjJkM?*ke*t3c>EFsq zR*8W>5ns?rz6c*Ll$z!%G@LbPhRbO*bCu-U$P5iUG1p3lFEJenpJqIIz>~4Q3Fn52 zAUmtJsUB&7C?|GgVF!qepd`m$Q-^jkU=b*3EA4*%X5I4_LDowKr}Z+RNzN}NL4*0|3)+CtRWQa8~9K8K^z@ov~F{URJS%&K2p-jB|F z^bgF&(2}I|s}jS3hSjh4$$}N72L9`HUT;v>l0oT-l{pGb9H5qh_y_x4vs6LD^j5t_ zdrbFQbyRk)n~xGk*+NC)ZP|BP^yHojZ2{+R@}Ek*e~{l_&Tnjg*JU&B_Tn<>gc4&- zuGlR2#Xr~RpUxD>+XyO%r!k^ZgD_58?**^S>#^ z;7nvsuer)<(uy-^k2T#Qp(v6K`&u>lUY^3uO4z}S(YWJm#eO}|pqY53k@)N+-zd?G zrqx}O)R7;&!{gZgn+?k2#j&2u^2t$koJE1Q#=P1e2UL^s{p%|`lIX8B60?-A{3INZ z9BV>fT)Aua&SVe&T!i3QD`#ZMbQ*d|AJYJ>$}Qv`+dcofVL2p+f7D}|?;7~@;c5(a z;@5b!x4;zQHUesD>8^oppV*sVJgBGDZaF5N+EJw~9b_1iAI-*gv2y>_aIUPU#s3%D z%PpLuHJc(@zoQc<<`F0vJT0Y?DfGJXik4PZTdvFa?VUieliCL9GHb4Z!T>SKbQme8RIYnOSKUlhE+ z#3$!#$#r_ogl%yB3#(QA;RWcwMVWb%w%3nLGh`b>%s2K}7$u_wlra5cfhV zn`1XIU%{B!imS#aS7tc1dMZgkQ6~lanazP2suP z?Nq7Hqw;`1n-fMmiEm~`1Ds;boiB*?6F<&IlA;O0H9Sh>@n^3V&h~9I7pMPNe$OMxie216X^6P`R zJ&8-tF8$%Y?}JUXwI1qN*ZtE+di)=09Xbdl)T~LHf)p?Jv=ZUPcywCB~&gB*Q#Pm9o^xW6$zaIW{(!xorlmzxG3)*kzQhQ9UfFQ3nD z>PP((G^8Ezz!chWjp@%Xg9JEFfIhaBsMmn0hOahad;s*Y7W+cVxDe}jPbqCI>%I?{=~RuSZw`+ zZlWeOcEd&%zCs!DHv_dpSU`||LDL_A$t45mmmGnjfg(pHV+g!}Hl0{oM-(noE({wE zM@?q}Q9ct7jlDzBQxz_?-NWuF76%}p<2u16L5;9iZwc1Sy8RO|{os2$k3alhb}Q0n zYu$A-(mo4jv;r1ww=h|cZBuR^np=x}a*ocxebuKV1g0z-#@d{qW2s8BUc5*?(+Xq= zoKPB|j+c>c|BWzI;}hW^f2m)@ay*HCjb`t{K@fH@V+K?=dvFvm{DyJFni$FC_X+<( zEK#u#&bd<*-F{qBal7p6>yvBAg5iKi4wT8*_`O$X!WIZMJCAe4_nd6waOnmAeMA?W zr8QZ4*{`{N5E7!-u`PaRG^c4yoA*Q6O5=AP!$$9e{pm{cq6Ti418YtJF#(mc8OrPY zP8OkM3w|<=Nq!DS1a5>VTOzbHj+7T>@iu5_+GJMfy_ZlXH;KRl|bwa=f8X#&SWQ+Z9%q%Sg(( zehSeYIJ2(OLGC~jq}`e z9(%1xOU>R0Pd3u8jJ^M~({Syvso6OhES0UMg^GSmKdPh{%XsNOsc1Dli2#!9vYNhs z9EBoVzKFh1#P%6*s-E^HRao@_ZD(rO);)_3bH@$vPvdm-zGp^&KSY=%+ly7;v_Hk-zmMGR@v zL?PYA3q<+Er@!Hb2yuH?gUomE%*u9i>_jhL$#0?;etixpl(;Wmv-f_OHorPaux!KE z|0c3f#WP{~`txkPT|e=|qbfNDr9Rrrw*%hiy#=~4-b4v5(orPhS}wgY4v6ih-1z_l zV0oq3w~VAgx$}=Gf3n;oP}J4Do~FF#Wb&lz;Iji%BJU zDwh`ENM5)4hlX|4&s>An4zRbnZ}_$jg*a#NRzyU4JbbR;uR2f^{d)qf~!cF za+DV-p6(o%op;ws$be&$VKGgk)0i5-Kj>hgyUU+*bI)Oe>v=N_L~Lpbb@+ZgQck)! z>ncU_wkYgkjm91!3!W~R1_-V&XLm@n{-J-6oTb|vkz zIoQ?x{+n4g;)b{KQ+J)DJUutL%|t|8ev^M2tx@J;=7x*x#Hq?Y!^auzS`Wd}#fF-f zdLAAB=pd zZKe8$TyxHiPq$6g3jaD=Rve;*W8ML8t+2q3_Fu+%F5*Uj_P-~*$EZnH8Av8_#=9F&K=21dEH#lwB~4|D`Alv z2nLc<1pkavA<})Fg2^0_VSsC)ROcyf!+0uv>6@ zTCcj=)TMohLbNzcC1*=lz?=Ey>TdShG@EV8WJ<8*K;pK*de5S>Nw8UebJ~Z6If4E7 z*DnP2*8DBw=2&U%@R%OCN;s8GmfRu1_t| zJ)6u%*|nDB^zO*`qfYrd2|QU-rSe;aLuIi}PUhys-F&|qg?pkvtw^bh7N|n8=~#UG zgE$`>ozk!hHlJqs(#4Z~hs+a+HlKa4(>6r7GJVe*bg`C<1iN1IH-;y()IiPsHXyyQ zpo^3%?H_Qyxhp}r=pLD)dz47d>a^gL(q>DhivpX{wU^|mcm0^`{H|^Fh1Oz1+ZfHs z)fm1i9&YwNZH}}o`3s_a~}OUpMqTKMPd)A$PMFd+##w@l9g=#nQ0q}M#v`dwa${EPX;UYuJnmO$9o z^;2DZ9Dv7xic$9O8aO^P5FSb62zNSviePmjcyRaK`7m^hfcw%&y9^VfT-QZKc~jz! zUT@}SNbz{0{Rid5)Xm@xNLxo%fttuq;U@;{q=+6ao~qGs+m##eJw=Go}YoWamAUVjnXP)daSR! z7YW7Q)3>Ue9g7X5flNa$777u)Q1LaBNu*Cjfnl}j(;+%Pnz@l(mJw@B-@dgM3gu=j z8ATkiy^Ov}WG15?T339(3 zv^#(_H|!xz_-HMg z+M>_sN3Rel@N{j~eOA}Q0ESX63&}!1&E5{9YE{sxtUCB$NSr}S=Tu_D763gPq=n;lz!vE z2q|T5medi-EAi^m0> zBW)0#5NO!1djk+6*|m<*1Ojb@aB;+mD{j32gq=8^zs-lUCFqrmi=j`hYuje#F4Q1S zCSipd-OCNi!hX~DorpzS(2V~;`MBdfM|i253q0?}{G{M*X6ckFl*2=x z8g#Sk?UMrFmtHus(gpnlZj$e`OoYEmhpoSELZ*Seh{=N;+$PoTEy!FesQFJd2Xq zk(+bFV(RUJ5mkbSWFFvt+ z;SU!DJW)(s=ioxJ$XNavDHk@6Mp%Z!f4Cg>#+W3g^Q7htuW=n{$Xtv4SNCEC7Dq4f zR3$?mBvb+G4p=I#k%t3vuYF{Y#H()T3Qf5x4Ej3(=Q z8R4K$9PGf5ji+}j>RsG6sozojzQnDDQ}KSfd_E>PSHoVvIjT3A-DjF8aTXC6tI>>Y zazLs(deh28fFEHYoN?koh;hXWxOmXX1IJ<{u`M^V^VigsJVwgzl< zpKA<(Uq~d%jP3>a*p6n(5qZLq#ggEVY0iDMfA~VzGEaSQs+KHVE4Q)#HJLwG}rTC4~Wvb548*& z2_PuQ(>h-2!Kh#f7kw5BOOeq0M%58Q;_*k(p2nrc?Om)jNwL=X=)w_yK~etg@Z$^W z?5g(-Vti3K*DiqI{#`0#4D?Mm^A|9xMSH$aL_SzYGCmnsr>Y2Dt1*>&CN72ihoh^x z$-(xkh4zNs!b$PfQzuiM#$twHuyvO!bNo*PCcmhT`HJv)3?IuS#*>tJXC{^Vvj8D3 z9eK#-0^zQTIF;G(EQ8r&imODn)C}bwbWrBnK;2REx6J4mA)DtH5TRQWDRG^NTGGii z(!Nx=c1AVm!`FKUl25Yzn$FPquayfd$_*xHrWqyGV@t_B{ZR$2uG0eE%dV*v`c?3c zym#Yj`8kM0|E76N^=AT8oSKdm)zZrB-NoSudq?<1R;TteX(C4ooGvS7y2O-VL|4jW z<%|MCkus}FlWlla6=HeH)%^y@`#@cobDC}E zDQnI$P{Zk?p3i(G1|9#g6TRzQQaQEt{M@Q({|zE;ITjswZ0bKNlz7eC7W!XI$fTVT zP^xE&&WL2Wt{VVFgwDCPIt{GNoYcdcZM3Lw z=8IfZ#q^N_Has?5m94BUnY@eWj~j(-PiUMaS=#goYWw7!H8zuUshsaQhJZCKLz<%^ zQQ~KHraIJyJ&`f=O&@FDMgWrRcQqnmqxVb|#oVtB3?O=EMfpdCJ~1ox&!lj2q+2aa z8|$-W27dE)kZpa2s5EENLOym6$1YEvc_?7*e1oH7=t#uy?%p`$9|FCEC6Ci}3fkmA zv=`e`v7jV(`2cXz1FqnkiR*HWVSEoQs!UyCOhE2T>*(yh-AsS2l~e4v9-B6wP!_jO zL;|hSn)iRGCBTbX2>YKNs|kv8mNvd+QYn^Ir3icZiwg9Vnl6Ri%{9A`tUkZ2uiWjH z+S&_7PyFi*Ss9fm`)WB;5PPjGyqQ;Mhwz2&R<~Hk>xepoQ{k@e1|w!`{O^Vpah|5VFNJRP?3KbGW`T_LhyEhnCRlx zhm`+>BXSAEbq+Ow7)1alyig!|NvPAh*Y)^*8^8xz)O97mrN*v(qd@0Q5{aHIkizy{ zxnMHpJ*Fdvh9FJ#H-4F-9*;=Y;H$M^A$R|8}$=COZ^jK z9fgC~fq&1kPA-Y%xl~F_h#T z?~eM)Qv#g|%Acd^Zk-6NiTfQiQcyuGg#=;dA7D#hDU?pEQ=%E>WPTD9o${qc(4;h~x2{_nzTJ#AV=N|TEE*gl{?#THkjSK>#CTbXu z5PIvFUWa%Dz`xmqMr-=j zQ2(q~$mk&a!9jJ9&hM#|!Lq@y8)n{`pEgXlhQ(R;paQ=>1D+ZG@+RBd`5&M__rebw^qjSo_wjIv6GNJ6CAN zcWmM;3#J|PU^zD?fcQQokJIppJt#!rhS^5mg6V#gX zGG--Rs}QtVOFo%m8?w$W^`qO)-#cbr@VrHGv3$qFs%fR1@tfaX&C`M(53KsAp%hCe*KuYGsro8x_IL{ZSD3&v*c4p6*+*V%I$_&x zI-K!}VvYMB%@!|C>P=fZawE{@rJl#oszE3KkAOVmC{L ztFx6r|DOLUV+~Ksv*~uNo62{=0`t4%dwE;x)Oc!p4@4)!T56&}3kJSeWbE#Y4=y0Z zJj+M4&B*I^?LYaz5G&g*JIA1p67ZY#=MB&F< zS>SybZ%^i(H*Ht_xq@ka)?I4UpdRQQFRvz`hLvlw`_9)I^HzfjvZ_1ikl*!A&D7HJ zotLyvuv};~vJ_v|9rcMaYYyTsH>0~Mx_&nmx1bnFva`9Yx&23;Vtn&#(mXAwNZ*{* z`Y6p~a#e6K#(yx7>;bTH-|>Sf@$2s{gmNx=WMS9{*^htRZmGP5jr1=sNY1u8nkQzO zSGq^jPF@Uo=V$%W0r6JRH1!uka?U8MExU(5Li$B{Hmt1{t88$>XeSiGxre&~{UG>@ zcG}kp;dQ-oH754vU@fBPHZ^M56obR2R(Wnv3^+^#JR!2ZlqZG^;~;%%cS-oYXp9P% zCB5jODFmG~>LN*FahhotsD4{`>=*3SvFYitaqyBWA*zYnE2@~;sVq}&$#E5ao~Ycu z+FLE(^Ph-DN}iO#_92p*2PUr4zgYp-8qq{W-Zc%nR7aNYfBy3u;D zos%+2bvbPhH;Ur!8hLCWpMEJHseL6Aaxh9%18T$Dj|cjmzJtVD>LeJjq2q-RvS#?>UC`94SZ1RlXo z$UD&2{|q?hDG*hpUM{YPTIC9sVukyxs@&rzROf!n`q;L~J9|+ukuoth3g(umV+fZ! zNT!!g9bsKHb?b+F{HayK#?>xt4P54F6kUB{(X8p*oR|59(O^(oto zAx@5YcZBk&j*fPK7V8UwiD>xY8sdC;rGN>_dMfuv#yHI^pZv02x-GUc_E7tmfO*%o zIYmT4V$&777PiI=6|fpJ+?QLo<~G7UbBDFe7gs!4^rUR@w{ij{mrSGO!rwMrQX#l- zP8+gN)Ls8jMc;psD=Ra;8CJZXB?Q!&4wAsoj%kDA`QP=NReVFU(+f~Bi=NRv7~_pY zCh;NEWL+;KC9|d9MTS$En)HmXCuXlkGx|n8pB)oP1 zy|tkT{;f#!XjSFIz^6NM<8P>vc zB&ejQuhVP%8K>TB_12A@D=|5;v?+=j-~uaa;mN^o1GK+6BrkO3w3G|=K&kW*E*C24 z;u*`&BsIL}YUc~IgZ3YHvuw5j+7*LRjkM)**OQbDkUlOyu%Wxchn&^x~+eS3Kse_(oAO?-vUIej?Gv(AfYi(IPk{oPbcEf+ ztmOUXEF0=7tel65;|^#E zy#LDi3?mKs!`YFROn99R$pCs*20PMymmHVlAiw)niao2NBuE5+dR|RSkP;w#yvZK3 z(cHA1FH1~SuhME9;pPZJ4EgZ}9b-0`#pL~T!@7mPUmJ+HiYm_oqGHvTrw3u3JvXiX zWJeRN@ip+8$nXNHD&vHFePI0a>{gm=ek}P*6|3-1Mt|a4D9F4DIHIBJ|Idy$tgW*% z7#RAb$w9*8XMFE5Kvo#J*p1jDFmJR{h!y0sc<_%D+`Je_FyIU9_EEDK8KtTz5^2 zEs6CKJ_?{YbU~0^#>k$ocGxNo&~PS3^rssV{L~$hc(_4!ByoS;P{$Vo9p1`Cc?Mxh zQK-+D)2p+`Hc8izPWcb^rj34vC1DEO3nMN9aQYUyKwWbKM|oFb>|Gy zgU@v4NT2bXp%Qi+kEQ-)5N2e|2Kn&cr5Ue_TM0h)qBx7rk(iH<@Yk0w zyC0y$`~G&At(o#=@XLg;e(cFBzI(CCloCA0KX?n+9?D8)SbdpoW2rWSW5@t3Jf@>{ z6H@T>4WS}R@KM@+gw;}v$O&QfA5AAHj&L?()8RBdw)*in`MSX!??S6=H&4J=iXfkB_a zaJnBfywbBv;15sU(hVD3WZC|7I!E5&stB!6I{X474S&pp@Lq-cTOH9Z^3c>QVGV$O zCq8L)^n|9DeppSr5P3}X*4#?&pgM#u@Ap_z=s}}E`|t}~K_0*bQa0HofID#F7-R&v zazsF!jl)VcF>StFio%rW3O=wm$KXG=+4SGSV9j82qK%avkiJ3kCG`TN*Aj!>X^EDA z!y|*Ju>u_<5SoTK} zRgTwnB!Je4yi>tQFJ_N^IN>xQ-`tLc6C3x7b*{okT{)X6)+WF_ux8M!ijNcd?9#F* z=rWn*JyWDBLGbSg0qDknXZ<|@GWpv-T%>1kAYyQQG}V>q&uG_6+Aca$e``_u>Sd}8lJ37Atyf)Q4ozSx|qqU|Kg`@X`i8Hj9F4i6jSis(fe-5Lr<5hgf7JPQUfy&0njO^%DZs z!QV=%{zHsJW0mf#SGLQKM0pn{CLUA}FV=-A1VIZQjFG5onkgmi z#1+;_Z9u1vvxKm1Li0n*#;ZprWnPy_&QHpwdP+teY7|N@pN=G@57&f%zP0HXRtRq0 zn%3Fuu)1P^P|N0-$nISk^LaBF&jm-k1I|Ip4?nGHh~de$$t`am*;;3$e))&FSi2v4^2{IYmrn?GD2K`dDJX zaTsbQVs)uOXL)JyTO@!)v*jn6JKod1PMP%~@4>7qheW05)vhsB;w|+hN-;nCX!EZN zmT)9S5M>j_TeYL8>BgJ@Rw)QC1Ml`l$aC?(79KGc*qN_nexp14 z_4!yjm*YW}r{GVjn_o#2qiIJX3axGnh$|gz$|lAaJEA{PJ4-BKTnYafaIhA!CI~%+ z6`mNuJ)>7G8i4c`tRVDPp%>+gKMKph z{#4gasnfsRkN#gjtwTu28w^d47Y5_`-I$G~g;yjdOr}KPyK>n_xrfJ0lB?qw>RG+qNT zo2Sp=Fos8tKG~EH)iuGvVR-buZY-8ZHv5D;Vavr^^KfMJ}8ZuU=2 ze0#hs(BQ@A?4mQ2^@G@h2PYhq)Ze?}tTQwLa(T)qi%vsell3}tMyRj^47COLiPK6$ zzdNkIHiI-7-dn~8R4|igtNAub|MV|^(sH!Bydn6=F72}u-sy*8=W^UUy+UR&-YC|B z(U|+!u_zV7IA%g(AtpaO>$0Kb@&{2H!W^tA7`D~FzNkrlI z&CjH~LILOz_82vdrrx7KAzIKZF8)mqfwY%b2RN-%r8o-Q<@XgYfmAP7Dcc|>xC_=J z4hUr-4l#oLq4Bq09f=+nG$_Oxip#+JLq^E^24M^x$fF#9K zD3Y0VvEWnwFp-f7*DURsLg-f8p~*hVt>dR7J2_pwa@~=9oNU7q7K-*zf*7BSEYHn- z1P!Z(Y6|&ix~Xp|UIQh+M&9b`d55H+hhF~SIWj-|HWU^%)CNZ|wwQzjGAPbu0;**I zV-^b{WQR1}Y^x8%NHQeF{S{H5Vlbc_6>I2iRvM(t7#4=1K8tM36p46VPDC*_pSyF< zgGSLI;wgP2AcH9YMIx@fbVLjN*Y7*tsZ2`!U*0T<_f{}E+>}_I(6%0=V(Sl%F-hRm zlwulyRiky(JCcN_tU=AM0-ZwtgFBUF0~%K1fu_4`1{QBcv|V&FQp-tbnopAGV4=)=ztaokbLxjBhD7|P6JT} zR0f-z`e%LseQQw<2FeQ&%_vJ*ARSv3Y72;ep+G?nkjhp7Kl4{@DJ6&Lzh0S@`*H?$ zvSHqsBQA?6$k|vL5;(!cIBt=#m1FQtf~#8@xb}nx!&k`k1|yPE59OGM4Z#@`br9FV z^zIU1Tjvb$^YizcXy|>_YQaNA$PB0&;w%UcezYmcOT&Of$c%RJn}u=Iac#Eh5*k(U*m&J%ZUW0&?;DsWgTAadVgjZO?Q9J)igM5Mbz8l;gB5Rf{Aba!(|r9+UCZln~X8)>Awk?xcR z@8}Ne|%{kYc?Scr%{D2+AlKwJPo%Z%Ea)$XT9zem&h^F%% zdYuX7M3wGgZz-Md!_i`}Kn6`~s9VLaFF!fp21I&3--gkea5{?nWnfA3T`fgtWw>QX ze#7K#u=BX`p`X}b3lL)^YCl10XKhVBTS)El(l_O-DnPiU4iP3l{XPB__ure_A_ax> zrQnV@!5*UUZDR}m{j85a*9AUvSLgI`MuorWBO1~BJs3~+y>2@Je|&u03-eGd-*hd3 zCjAeq1x;`iP|S@;z!u?bOqFBv%l+XN%do0mSf#^lXyoj@=MQ&ME<-uaMDf{teUd6u zECfp%@nrv77osxUB4n|#jQu=Ugt+|p$V3Q1j#_7D6;cEv<7pKqP8Z?O(n}he5IF<* zC(i9qZZyp!U>(Mef^I5Z_k8K6pukqQAu8OpmtzKLJ z+;5cZxC-w!esh{z!Xz+bjVT{eNoxZce%kCwhBFQ6)ba;8=kg*?B7_O#f4rTl(VV`@ zN041vl1pGpP4&Ngc%~9gtRX|;gFNh6cV0v;Lftq_jkpAVfuCYW>3MK?eAqq{{znG| zl8xgJlL@L=GatsHN*5mc1nJoLot^gw^P~G|P^XX2>zh@0zJYdt_u5Z-lZrH>1{2R_ z-n&?g#NikiE+BHYb|afbVLfxFo;U5EDusbU6Z;m$ z5oW&ao^Igd<8FT3M@EjT078=D?d4AGnrH|Pk{Sjw;qFJoqY>ir@LWq|+g!Gek}*@v z3(Kiu$D!Bc9`vJ)hiJK#ox<;O5@ctNIwk6fsW9@>Fc-gf!=jvwk*{>uW$p6HNc`*S zTRgluKOwg)C-&xgDLdPpN=CCjyZwx4{_fvSG-cvIqoc3(p$_rJ@(;4Wj0$dqkE4cU z+%B2+*T!Q=uLivboXhIu#c}0?n(5&{)zCcM8Ubl0JJ6rEVk47t=-18XyDlg^790NT z9>@DiwfFeXb=vXv30e+CTiWPHqV8+OFI}^2fORBMX5L>66*PcqV5is4?@uyi^kYT- zXu}l!gFv)n}c7mu38V-v+3Fho8=UXKsL`DkW%EV?438W zI$&Yd>6XdVblTIy+~vOb%XZC9xas}VABluHFDmbXO~7jGN3;}0SLQxjx5+a-z<+fT z$s4*eunK?jh%(6_mlYHLcV9i4kzJ*87iM7%R=dg*P;-vzFjeeB!qSC{Vpxag_`H=1 z<}It!;7oV8(q3`A<$%l4sipLEBZWpBZfzhx_uF^y-Ux4{JO*@j&!8ksz}vB@a3 zxgtQmP=4sv=@d({1@_2(=efUK>dYt))zNz`VN?`kC!fvQ!lHxFD}n}D7j}Wm)vDWg zC_(N5hQzt-+sRt^pgmM6y*Ibk7lWbw2s%i!lf-V%;qKV{tQ&T0LWHvH(~ZO_&qS(U zAivw;=5!y!iPLg+{?Q(qNc2$0bt&HH%;*NtTJ;6TIDjE$^ASd3h}$jv(>oNl}0 zGRm@}xDrZ8w+_72jENFcAatU~6&QAk!#Fc4&$$Xs!(>$CWhSBQkj8$cpO4VUlf49k z1+RmNEL!=IF~DvRjY{qfEE{o>ntnx|*i}D!PpVOZGq+g{HM?0JXP`Fsj6$CXke}~S zhkA_GxG<_`*f}R7wCfA{mt;W1d&YWI^2J}0 zI5dtidSu4qQFe80%itf&j<)^nmq58s=5J383cHK3+ldn`ZWe=U7; zV%V|I_o%4U?h|sQH}L$9ll~cpHl7GA=1IH!Ons8Tl-+@(B;OL!bvf#f+8b8R>GpiI z;6LL8A(AWsceFOt^Vy!yjnT|ZaKnDwv#JmHbzNS7zIa;!?s5Daom?{of)elTRBh2PI<7%zkiTRKF<-&PWXa z1R!My*)Ebl1gM!KGZi;2?l*o@cH$|mbo?zb9g&zuA{wQxM;s;oim95{J(P&QvHjXE z&69H>_!|J*CBiLRh~L&ggGcl9CLk@mB_l7uP;!g;baRxaI+K&>CpByJ$w~S9D3^0tCO=3hzVzF^LN)N7g1MLW$chHncS!wP-6-U)4hNJ!*vgype@oI^M?@%M z*asF52i588ety2=n4tSo{#D?eqX+Hrr9W>?K$WFM511w?;u}eAWCM*miD|j&=8Bjj zlBt{JdY#de$$J{vM0GO6FnjmMG zsG+9BmbyIGob{)R{7cmK_)MWFW$g`efH}Pn6p(J~EaI4`xp+rLY(f!lbbVMEd2w7> zv_p?z14F&us6xJg89fq_ja_XfSCktFdojlQ-{0fX_1Nghuz0`1kY(dAV%QrSPA5AP z=$kt=9JLUv8+`sRD%*B?LWp}GcArU-b634xPquW$Wb zAXhqUM_Zis8TduHlrCZPX8Gj>d}kdYhz0Kg`ET00g4^FB{eQ9R%j-X&JX~g-tBg%g z;gPja5~DWONILMo#CbH-B&Ry^W_AX1={DBrb|bH~zIIkWYhGt&m#m(M{`A(x(Vjgwm-&dv@|%pMRSKSw#th zCiimA;f@WmXP5@SxW|g09N_`;=m}m|_jzz3W|+uv^LY#a2^>HVllJ%b59-8x_66^y z?5FTsa3>wfZz?ZVjJddF4X;SA&VCZ4KG%MdP)UQC7%wH>WWNpW<@6LXZ1ZmcU2tAy zPec3A+H=8h2($uVJhaGc^jn6Ii>&8sOQ56I$?Qi5 zp$i;mhL{rII_rO8yIn{CBsytCw;o6$e9?CU_rouO*b~phv&NINFyrx1MlZC5$xcQ zhU$V4Rl#a=XTfL$138BPxp2v3Ddc1Fv*>?iqBqy%GZivYq1Py;_lM*(R*%|p#WNZ| zueIf>Mz)e^=M4`wZPS`Aa)G=h^OL2i6N1K`)x3q1v%vO49N4D_Lrjw5!C{42%YbV* z*%i>t8_#z2e1*Di2AsMR-N#Dh=LL^xm+EuJ2!HEb#&vgueEA$fPbX*zjM}aZt=9y| zl?m#`>qap1UA?HH{=2)zaT|PpHkGBCgY|VwY@2BC;r+dqqPTbJ0MDS>CcnRC<^*C@ zrGx4+2QmzE`OwNmHL`VPrB|WKp`jt=h?+s%OXoK2JCN^)T;u<5om3G!694!s4?@fG zeLiLAj+w8}wXZ>vVSiHab^2PBC9&qnFS+CJ5uuP5g-F%B39qk+dzc&q+>_(xhS^S@>p< z{iHtjPQVrJ0sXpFbD$aBC{Dx*SAZR{$JAm!{H@ct91opf$~D{ZN#}029%^DUQ)g?G zdGLK~^K(1!5ahwevK+Pd$uBSJin>KK~)PYG_%Q9Y03!shsG**b;k)nV+ zl!v<^w1dgz-ihNbb=^UQsHe{(08|y-1!shqv33$kh{Ep(B)as`Y>uQwnSr-!W|jj> zaeu$C>4j9FG`e$6lA7451GF0X?_Hg8@-)C!_H!MV(C+?aRD)di_f|v#p#PSepAY44 zMG7+)p^<`wLUz7FJBeT75f3Sr#6W$iE@I`@dWlcl?}PO`3>=gcc-J#7_-lN42-=O$ zaf=)$W+{lUF`k1?xkyQuaWAAT!H~V6Qp{7XwVwRPE*x=!)9>vlRbUwT=a4|8C^o=6 z2oJBg11w9-%|xJ=oL)YLY+l>H$8=DTAtC;FotHi1ebli1y76T39AppCaMiuvzhcvE ze4WmIb_2%W_Ae~xk&wMGAYnm5L5Xw)GecikcCGkbEzz7#=K=Ek6E#>whzMjz65Nbw zP}MZ31T*J%nix2e9SNUt2Sty>>>nLQ`r|#8^0&-YA!Z*e;%%tPn0<9QO_tcmd6FD& zs_L;!IXs(LBS9c z8CTn}6)1dTYfsZU6nP2JKbv;O=;GHbE}Vk(NXaq2f;yWA?$rDu48f-0TY6i;RU`sD zgum7=0Q%EbGwJKx>{3dVjW+amW@EBF*GnnXYFm}Z#%IB_Q4Q6rf_N4hyBOvK3Ljva zLdfI|yv2%=L#V>Vs%~c{aj}@+QrOIw=H(T|NmT2+oTqZ+sIh#$H8k6f6WNMz3aY4n z;HN^!q2Nh?w-EM>W3%QFry}L}7ZW2$3^?7fjAR!(mvwQo!V{1sxKFNSoY9AsDWYuy z8j%tJ+6xGIs+;N3CE`GYaaZ26aLt(Q`&d!Ek5mDz74=Bxhi2{x34O{6FbD*mZ>XVK zI#GP$y>KyUQ?t?gxyD5!5g2~ab^H6}6U z`QSHtRM0Xo+XdsTzjBrN1?lK^uS``G51c49p(Hb z1H_VkD@*UY(~j2qg+r4eUfD-1jxBZ8`k|6?Q6OHv}> zxA>dy@k5v0E3s$TgvGMy))#v=SS3FQ=ThI5H@;SCeMS2kcK}v2_WAvpw?QMx!XCG- zJZVXJ0{p*6Vi})Pd&Ok`lEO>;d!vaw6di6R&rG*YF}=$f)BBE_csDcHA4&XI2hQCn zdD^r5b*=vQv@`EAzJ9IQFB4=KG5r>_Ne8q9gVoEh!m9w)>v*Lti(S8-I+xdeF=cP+ zn}@0^l0>5%Ex(f#=qQ~_=1eGMRF}M;`-+ht4Q7A~S#c$_m4@yae2?~4D^SB%!>`Ij zj2e^M-LmHeO7clijf2Eowv>%WUqa*?aiaW`xq(;c7#MllMt({D4}Z1M(a>_l{BAAt zTEX3(piR^W07&bJeO}puT-n`M1g`!3Ssu%i`<$GdT<^a($poH;mY?Zuu@`*hQjLitrw@&QfE9uXNZ94>q69z6%*Djqc9DjXrbMtlBtDe~ z7#A)?@1m}N5}yCQ+W@WIGq;#DZs?}4m&Xsr^tp^NG&7)vmp1lqC&u>-rz!72Va zu7SCvjPZ@)G4?+Kg{8I)`4~a?OeVC*szb6dmdo+=%e{^=a`&nz0h(;PcAbn<$=nRX znEw1q`ol4j^8F=;UU+;5rjE_bR2EE!1EF0`XbNl^V zrghy_o~^czqDsr~&3F4R=ZGhkmThF*q~GjMpN{xjDQ9dyo_zwD2l5x0MVo&97wF`x z3vU5(EwXAqj+$A_s{xenBfeo!M;6EPySn7U_nIl7k-1gr4hSlp=T4{NI za8`2uNpteLjpB=#7&tx^Mq^CS4pM&6s1nvHU6;ghzsO;?AJMGH3`hAjks z>mh^4mg%Cu5sP`Cf6y;F`7zU?-J;q%OfsLS?>%k2|6k-5en-)zfmTWXsU=V4sZ7Z1 z40x%(g}&Q;nyV6-&=TMIMc(rVMazh*J~}fAo{S`qOML;k)E1*yBxE>v*5* zgLSn=)>8vGQwKz~T%7;%lKwF9duIF&e50+x(=w^%1MmBrHo2w)j4NNHMpRXV`wfYX zWe#CkW}SWH9X%SgcT0@`Xo9$$LBo2iS3=wZ4sKaD_!3QO0PXpv#c+lvigx*Xx@C1i z+~dWDYG8i1u)tQ|wZK^TZij&oA>nWmMKK}Sexz1W_fiqO$ZNH?!2;3pN}cZQQ-LV^ zUxCos0_5@V@M^3k=sPcSK2p(e693K=O;6*qp^qtWY}cGD)nZXpP{_Hy_JsDyhZ*_b z$dHV!X0j>o-<}O}d@d^L>DrmAwy=7nNM7Fc4M*d%<77 zUPH6x!?FTyQ@N|T(UwVT?U$I(LT1bmIr$-sNImrM0%fd}gEahXoi5R{2IYpC#QHuI z7{iBVlZeS9>_@`l4&H_r{Kz|MlR|z19AyQKYO10#1bb4TT5PBN9={o=ONzf>YpP@r#mBFT>wrkVTkc7_Is zkHP}qma_bz$RZ30DRc{V^U+u(j<>g=EQwz9bH%SA_}241A2U63*pax;75ra(jNTCl zp;L1e8PRQ^TvQp#f0>@g7@C?idcy1_tl?&UB;TAO`+cp1rX=Fh9a=N(p(c8E;+)$z z%X({LikTtmnEK=8#Ez_W?I#rejaR-70?5*Q_M30OKNJj98Q=#SB~)yv!DBVp={fN_ z6#xC#O5mHJBd5Jo8bL+ytr}?uRy0?8-BcLPq{y^PPKY-2TLB>My9t8EbQ;~Z)o}n9 zS@xd{a_K#-oQf73HA@tu_gzCW#vgeP4@*8Gq^MUY2KI0NJVF1G>eu_$vU^KVeP%?Q zNS^9wV8J~QIu!{+2be-r%L;!BDb0`o3GSaree2tLQ_Ae0sd}IOq~9R7^y}ej`9pk* zYrD@Qz9@HB+Z|E!HRW$#Q!9h$^ipivSsfe4bZawrjM7k!Ze$lzbO$$pSa(?|Uq`|^ zS>W+z-i0>x@kZc_^Yv`z-2{s8&8Xi{BAs}*XD@^|N@=Lj(p=+}BX`o>PjZ@XJwI90 zS27G2H$j;BFg>(X4 zNVZI87@*{u$m*x%nAB@&GNmu9FE~}N4i}O^w%ui^70kXmOp%i{Q_=U|1L_@Bj`T6dD7RJ@W38>N4d~gn z`p)59=Gb6qH7}LYi)(iEnMbuQ(xJ@;zz8d9umFq1+bC85Q*gbIXy`c0e)01(=&= zSqZ5MxyUBb`))!P{K=4Lfb%t=X4w&hbTPy;f{IKFPkgc+J8b#Pph~owzq4c6=y^)h z@_4&HZ=+@|>4i&1#w@}I&nQtO{7rKVZkE@S$=`maw}ajs00(B)?b$}$oT=WG-%oRj z!O_sPz)c{NVw4dWH%KLE0>8%|MP?5Xw0tKwHm@-BhOB(c*!;!BA7ic!EdT3qt}9H| zB-vi2(2M(OpCeG0w2tt4mCiolUmsMVyQI1W*l=1bFWNZ8x_9SIVV?E&JFP(#yIaPV zEAMy71_trB7105-k;V_IG;G(NS+GszgY<%}L|9a@Mg3_we4ei>o^Jzf~jxJkl;oE>izM?Ph* z6BQze>%C)b4d-}RDekhv`d*=?Y-oG;u z-5dLu>M{!~6G3lBaslc!-DHP|f+-9Y4HefkfC>Ufq<$+2p~k36u`_zEV3V9#G--yF zGT8mw5H3gNY`|}6m?YA|2d9Oz0~g%$s8mMl$QP3OnAnEHdSMBcAFR*e5!vkF1RS21`b6_3$n}e)UTVdTc zxt2IrMyLjQJV0eMgF!@7|APslfhml8{^0>r#CyYk#aB|;a)IYMqkq6048z8N7ba(6 zznBruR?5fe`R*2wSycY*C1d2BW%GV+<)#fl^XBWaWYxb*eyuuirt?`J4Kz> zi&>4+t~C=$FeJX<=1y=wT2!#Nx4!`M2MOnHBcaq*-};LwCkdgoXCF<=9-{{6WidG{z{Hh;JI7YDZWIy20**M`Jp7G zzrVk;LEtuEcFYZ&Z?wm&rrMigJXDbu;(rn9jb%#)*K8vE-8))p z3Y9|3w8>}ifg9mIm&gKBcMMq*pozS8^Sn8;(7Q3P?+VF9yP|$LZu@5lxBzOmV76gM zE|Z|3&IZ!vLOT(VKUQ~QZ$Ocvz=4kNZCg4meGmz!YlsTnZ`u%g`m}xW0%Z(8tkIrh@cz=SG zK-H$))^xBOc+A{Ga9vRfYeod8HBa4=l&AWo2o0l+%YsUIoIZbGBZ(toTVPBey<9Y4 zpbi^n8+HK|?VYEej&kW*t5L8ivQtt>)*c9!9TsY=@*a+)0vtE`@VJtDeuB%0*4vaR zA1PkB%6m?Bdo+SugByp3Y*curJsL$S>R{L5VvERhO1dmuty?^v}1GUC~(DN{8*P=Ar;HGF>=|Ocu7^jF0rK^FW+^ zG~A9WkuZ}6payM5Iwo~VC-N2WPmrsZxDBZ>b9) zwu7aY*(jt^T%j*1kKh#zI_cMr7cI=#N0_1@H!WRBWWz+E@Zm4eR+%^sSIg;X6a$#r z46zYq-o;C_AifX3Le#7$=;}VYF{SJ2tEvyVy1K4>c;zM-Kb)nEM@{Qx5P%`gSH-0D z*R3!+Eomowdq07TS_YnK?(ZtG5y;!}pkJ)Sfh^;G`ZBguW!`pJ)>5agf=43P0>!~Q zJ2>|8y}z)vSW=cNdcbeZbt(1O09jm;N3v@n^|SATu74zQNlbwdUPn)9Yd0glND?uk z$6a(4NPEVO(Q~}(UgkH=mYuJuq<1f@kcu1~q9!l)FS?su5(E8zzD2TL$mh0O>OFpb z6;4PhIM}Ize&0f(C@aM~X%R`kgL9ArPzSxj{B*2f;ydkFVaPxVzXIw92=|(rI9Y5lX;Bw{0#fsNX zpTxj)RZlHrfcNP07FY;%a!T+1gD7hdm8a@vb45|6Sst(2{-McLjeeFufl7>nD9LVy z$8t`V|E)rl2Eg2zhFg&#?4bgWsv;5t6Jhs2+be)zjl@<40)arA^H&66b&yf)Gx$qg z@G3oc&ROVxcUaf`p6h6(-YJjMu-6|1bbo?Wb$t6LS_F!vpl&b*p=2a}rtGH{kl&Qh zokC)#ut!%FnyHf6E9T!g^F8*JfPe%C1L>y=(s0hoM4OcHPgL6*Vzzi?q{@5y2SH6blGQiJg4n7@QFa#n|sv<@QZ^|D}>MX5V_IZDJ?L@Glz~J&Y6>g zKT;?j{Yy1l2sL6hZo9miujGsAY75nzliP=@6{K%?!+xjT#3rZSpg)XM2?RGjE9<%F z-9h!mlWOH!YBT8M~3F$$8bT?1ROHe^uZAKXq7B6HUe{)agdZP=v^pf1;NFq ze{#ai;Nb6IJ3x&G50r6Pco>&WTBi)dIVqOWYPp^CpMo%CWDwB zupzM7eEKcAa&l^;G}vl`k2ds%iCU2iKwB5^R0*MKpXmA=hD~1Tr@2dlh^>5bDF5aS zA(h8ROi~(53bDs)QzxorqP*PPUwl;@T`-7pzs2y^7XbkQ9W|H@PjY&b)ANJ5YAJE* zmh4WRV+~bNnP@UT{8!jE`QQ8)S&rIA5nd762=kBmg>?E(bY0Sot3E$2BDW%Q?Dkn% zk?XJ(v{9_@q0SZfXj@n#Xr5%8SE%?RX*ar`tvD>JTD|{3EJ3-Aqd~&zjuh4Hp%5mT zdg6tm!g9O-F}%Jg&lsv|-$WM7`A#f!U9UDZa5?0OE0x67CrE?kb!H;e-;}r)!G#ZR zg-Q~`L)LkSc`Sz$B5i#uPq(66yh71!*^FM$N1MbjpyA^Gfz({|!RK9t*gtoY_PGWI z2>htnRtZ{&;UO=NO`T7>mtJIwUjUg+ciIB|JQCyy8J;eDxOZK>K_O*>vQT*H{6)vW zhEZ2ENQX!G-n)=5ZV%^Q$3%d{N0G0`JYK{j$6I*yya!Hxa*x3FF@n$9*7E={#{E6F z#&(JCZCe?+pInAm3!b$rBW@M9;|d@XE*H)gV>WifseiXLEC3s#_V0yD2Ur=rkQVQ{ zg`0L~9}&mou8|tY?|6=jA}+6fXt3!M%G|{i#pSh7Mtd`--1{8`eLhoszKt<)wUu1a zSQrm4=?Ntr`oZHeh6Ls8$qfAT?BjIKbFsw{>iogZ`kBnRVned$ifpf-A!ZA2W$Uhn zt9}PHU;qmh9Fs*BcSw5qqsAzocPg>Cf*R!MQJq{-|AOlwsmP`n0}qzg)!CHD`4+GFFsjexlx4q0{ITie+;1f`w~;5%f{S$F%stT4+0# z)%@=);13Z4hlR7-0@oI%C37o*kaH7ud-Ua2X;+?L|hQSV| z=6}~OI6^2x3nW*ZPyfgS*&$K%cH*&gf{sgQ?$4fPotY{sUe6QQ+A7lJGr_Q>9*}gh zI^X(z0rEo6C|WwX82r5gh1;!zzl*!Ray%==kto$~;06`X6JRi6G3bzQBKl#vO!qwu z!cvS4@4_CdG(E$BnQ zuCDBB;o6Zm(9_Lt1L_8BD-9FvM=tje>E8a|$`tD}fYuWaxtyN>tuX=#6{<)>(k0PP zh==zg5hH~}>~hvL=so$fgn)k!+McbaCnvZO1?Iog#-79ilx`D1)o`2BRa!`;v!Av3iWs*2{%qY-JwnV$qkcN$f{)GV}KQ8g|=Z;ZL z%}i1PK;eq-dy5~YB{=IgdxI0=`9@(P&(`1@kP-Ww0isO|0#8V|y`nlSb8*t(e~r`k zQw1s13ijcHlrHv}uX@8R->)O!Y`1!P<`SLP2#tY}#O&kI=>o;?e!mBm^f2BEP-iiU zvYHBlYl=2A6$LYfKGE%AQC|0;8CR(3GtX{=2Im67Fk?(td>rxnDn~&md;;vy5hZr} z8M5-hG*W#*iVm?2`oGU$@4~tWZ1P$5QAUi*)y4sN?K#-p!g0(*2^O9dZM5Fq=uSTy zC@Spy zjH^(sn1n7i^Os!LE(n=N;7HqPN&PvEP3 z!gl@FC7DQ)r4T*@-h?D1;TO_`<}}tM@00fU$`yZ-dvhwqS6|cXfAH#+vp6|s?&fNG zJ5=Bbd9V0stOf-hhuk_Dm-h3#LGBnUdxB$ysvsjh_qBT<-;&jZ4;v|_BZnI1>L=B$ zuQ?PI+tfx3WMb4I6qH9uOuNbCz1CtM(ICwGY&VP%cq-$};_vXkRuX}DJsprJw zr%IKce;tV*mK~Kud59U-2?;QKr>9i_LRu#&)2?RIQ)THjCN8XpqF-nRR@+xA(?pQ_ z%(h+vuf|mO!xnZlRO!clUSm3u4Vl4=e%(1J*7s9)&1F$!FX`oW+hq>}a4{+UaE8$V_f;W`$2|&NY_*qm7V2|J;;2md|f5f4A8G zv1SEyaakR53gdP14cSAE1C1u#=s|vn6pig-2(R#G-?p>UaB;;qdK{}buA;XLfS5~2 zD_YFV3FzdP`}lB&k&c;K@pyT6+(ryz0DC8rq7H5>A8bLtH}dkhULHq_sqP?=?aGf2 zN9@H-V%EYpHJEh*2wXs78*Piu#g$pdqPu=B5h!A3L`ZRuV98$8*&f2VrW*{~4qgV< zwRMf0jbg06hlL6@ihHTlTBT+(>Fq4jrXx$p%z}&_iGtcEb{o9Qb7*yHf``+uP~R5< zlNh$ynvDKveO_Gig#OF~8Hm(Av&$X2B+EV*Q#-F<7at7|DS?p@2sbkiK784<{JFW$Zoa5ZIU_Ubf1n2C2OU1_NdHIQEKN zA3>SM6ZDY&IQBPXB_khHe8Hk4XD#D_LqGP!vNb<7Oby1kSaaZrXLa`ZGY(@DY$reH z6d!B>*FO}HKa0?06=9?csnA4UPR2kONDt`v@s{g&BD7p=YfRrH4=c88Qbz-64d20Y!Cmh z=+qRVfBrGtG1hS9Hw)LO=A>1ca8eoDo0T`nEPgy6I4I|yar^+*16@oVm@Twp$Yz|1 zh^cV6`Szjfc`9S}Qz<19>Zyc~2b`c*|Iw6R_EnJEFQVZ!{&FH$;s>H+0;l|kj!*;D zaroTpSC(@3E*qDWopw#;Ed!d>fhc@-hjz;R4S)1MI7Ub6^>dcSKlrFa;zpB|vzn8g zO(tCWm3`Wi0AGaV-MycSB{S{wlQrcy`_VV~crQf%lKF8tCBv#sLMnl{9iI8s)PE^1 z3Dc}Xy`*>zTF%)x<{tDOI3M+e9C;&*!@f0ulmQvS7hI~N4W*@dug!?$mB2LBO@@q4 zqt88Qg%?;Qm=&q7))RLy07f4x2~I7u?7aaQ3#*%;2{L3J`;RymXvTmZ!Wa>T(c3rZ z4q{F5?>#Py{Db#Xkv8Jv*Mz?Re_jBa5=Q)fo$RlMhu&Cr@il1|Y0L3ZdtgA{)gHXb zPr@XVvK*`8#`0v$R{J3PYQK(0;d1QC2TuI~7c&%tsO5)LM7`KWT}A0b8#-`Cdapja5u^AOgBX@t{q6=Bp^k{_gd%rq zT_3F$>z(FpU?O2_%HVt)`W*vP2MUG$`U?VJ;rDA}#LMJt8SDcXy)1>uJ7~&iBp9a3 zD6-qR=wGf2|9uzy%Kzy74hSdX!Wg&FkUD33Jar+harL6@4v`sSGZz9($0uy5mvTN9 zik-L2wRaCPEj|*-jTS`Xxw2>=AWQJdZKH4OZoZ~kzF$AItF^^mAb2BCv64R^HoP%9 znr_eOnUkP|L^duE=PSY{zKsN+9e;fPiC4{uNbo~Ak_@NUf!J3m6qQ2tci28N=CHRa z_gZ5(Ngl-#>`4bDdJG(Ulhct0a5&RT$U_ycJ)A4%%3j%yHD1S$D4cACFmq z_M}pzhPcW$9*3pA*g5rP-_+f{sK!3|CfUKQtemRo9Ta=C)lLLI>69`05Yn-MF?3|^ z3IlxhJu0s#&mtkDsYy@Z%Scv|Uu5l(Qeno&1f+Ak;k;v#0l!b=S9CqdN*66XTUtcx zIV;`zD+B=kMvbEuCZ*WtLc-LSJos8An(-C-ig_u1nD2(hIL|IN+$XlXU&$h@)}WEi zh6|=EK5r(Xuc+Bki$;zqR!#bSPX*CAzqwvY9DpUE57ACp&rR~0duzt*c; z=cX&tFB&=l`GG`cKq#qHaI~63Ab0C98X?U7J(XmnMHT_L=ohB-B!Sx2jhDqNR!P#2 z4v77U0}ITE8cM&IuKKs*t;ip%N3r``b^cQ;Hmjqaw%qt7R(xWIgkp#nIn_^z7-qEp z6^(I*|B43KGm8HsIPVAJeAGa~49Ss(jxH3uh3Nnp1Qcunqe>kT~!bOs(4aR@sWb>o8j-2@iL~-ra-7Jt5zFv)}V-os7jG zz1*Ygs}|N0b6ocPbnPV=QCsDrALDIbgH8JqPEXeLnog$ljoW$-wldcEEXBx6NwQ+; z`!nGlz7Logdh^A^li}kd8();1sMa22#a}GAIDIK#-HL9tS*W!OD#!MdjinNO-3EQ& z1rieQN>~Sah_Xm+&aUaRE1pV%d=tH|_8EfKtgID?jDVFQrSuuAFh27w1K*{AdTq0e zkpQ#Y(}yxB|0HX)S3!s8vta$KOoD@eyo~W@VKo>m7u>ro)W$*H0UL|PMb1xQ2Tyfj zuD|~ySQzL9et`ti#D_59s#SO>N;ljr?LM*NtJT@t?@#brB4YlN#z#IF5tIOaaRu-* zO-C|Cp}rwpRG21Jp*f0qve7&7a#ZnuazNvhPvF?qT~E)>9s~YY^iYQBoZ15 zKP+a04HXkNyB5iRGN zBLK7<_ICeV@{nDse_h}FgLNlO@GI1ZK4i`a&7rkJ;TV^MH}srEiw)}B#bqWZzi!1} z@<#FdmRspLlrD{CfFg~rg4*$t4C~?!3SyAqM%}m0dv0lMBAIV1ttA-c>)hjb{vLJ! z$aiNAe~4UR;jMMqA_He`7cJxUqXa^)!F9w>KkdyFW2x%$!P zXzF%|b~F9h6dEPsbb>t~-=wmc!JOcuWK`O>!0`Mcw~^1e?fiz`EHrY(*DGz<&t*6GU7rD6$$y(hYG-t6X%}oHEGkb@HgAwH>C?}C z!TC-i3%V3OSp;J{3;1`JHCoqxGkE)Vzx!ddMWPpwwIX2+?qK9lQv}!Xms@-$qDXl{ zxNgIrF@%WqEG@N2012$ba0P=#SEdA6WKm34W-mxNI&;WmKcqR-FN&$-SN*_x!NF&n8kyy&D$Y`W~Ml*8qmeef!EKR=swaAEVh%Pc7YO&IW+F>hYvlMACGQ2Y2q@OC*NHzSI%}4&8 zIL41r^(L?hk;C;sli>fs(sxaCDqB zR3B8`?LjTyGD>ba@hoHAPfD3lL76wKc35y(H^)xs>%u>8PcR+8xP#x@^Hlwc^(`f; zup>Idi#&91o{8fS!671ic{y))TH`chuxc)2{?5tcn|#u#X`au4u<*P(bK61*>C7%V z0%}G6O13L9;?ke9J!E(=fbMLZ{fQ?y0Z=}>bj-FNGTZE={w1nsYB^T+EHNRaz=yoS zM{rzeJzXPsOY7%$wTu0Dz+HmnT_7#=8j`~tEbYy?pjdr-WX@%(n|nM(q;|OY65%H?EC$2RCkmaMBqr1t_z5h zw?%fU7HmZ9YW+?%^eji?!{qZ90p3-57|lzaj%g!R6)sD6Tx^}Ziqeh8ZPwQ%*vqbu z7UI^mPrsrat8EESWS5Xie0=z*nIW zjx0t2MM6*ad=hBAqi)Ni2QJ=kjD;Tr`b@ljCN_8tsL0)D|s(Owae#P$CAg(`{$pM^=68Z`0q zS&hFIbcS?wKjDBniSH^6*?O);eJ+RSegy&Yqhs)Rv~0#5)9g05pBhjrXWR~ zz)c1>+eema#3{JM;DCU8yv>;9sZeCzr;{AQl?v*7CO)8;;y)>I?NbO8ky>_{5|^IN zd~>7rf3PJ1(pLYQrGo#eCM*gHjjTkS&23}r2l7Fx8z0=iq7>$z$))QV;MD9m?{Gwl zw15fR9yJ|@$QefEfiseJ8mBR|;~RU=$4@vMRjQ(Y6Hg9=VeNqRa&to*VU*Q$g@F>t zeYc(**zCHBU#}v3BRPra+`kVt9!z4vhAQ1YKxp=b=npA&5QYT)I)8Bks< zV}oUhfxHy?PHrr)OCiylGt<6s^V7DYF?{@bWL`tekt2VztfNzzgsRwq zDwdGltf5hxdt@i+bz)kAGz)eC_or24A@0HcPk|i-J2s;5=X(UQO5n#6&)mv@2d)Es zfl@DhmLwHZrvUPcuUT)cABD;%U8Eywim;AIf^<+Dasv^j;?_#h?-!B$fCFBiewhfRNzU3AS>7+~FFMyHHNOX0mB}?C)tRk)ORt!p zk#B$B6M7d@IQljAQbQ%T@YrgiJ4?2il6gKx=tpeiK(^{KW*&>e++=Y<9jsO82ZQ9` z4v()ChV{(UN^w4^}mmo4Hf|MN&l~K~Ohv8laUe>c8C7A!~-xPxo6+gEk-A04&EE&PwM*rt-igQrw zP#A(pCEy6m$|N_Cwm*j_a&938W2Yp5LNks(QmP1)m=yK@4_{vy6=m49OAL+DAU$+Q zr*t>cA>Ab<-67o!4bmw{3xc$CceiwRgD~geea~6zJ3r3(h z0R~FKPeBD3>|M@@>Y}0|%p56>cVe`mZ(uyP9`dRaMc$oimvy06`5MOFpuIOaT5+u8 z3v!d!<5BDN`2q0FjOJzHNb;w@D@O;p9?r<^7pKH3T+B!Nqo~jU-7Ra%rjXY9(`HJ5 zVbgNd7-RKiO7GR70Ymh!svI4;JiGtMd#WVmX<%&j#Jg0>w@NUMvG8rFd45 zI6#T<*8O2c|4p>+&3JE4PEMEYTftvo<8zQX+pTL64#r^3) z<9~%!`EDzjNZ_hqJ!=W_rToh}bJHMpkn0W#=n%;1= zwG#hbGRSv6y>{TkN^&idf&Wq6{69JMT2&Z0;=eomTzKSbaITE`tWxxt+9{2r zUmA+wAZ$>$FGyFHfDR$rDiI3w+bCpyY0P@k0NU_95GG)$-LJ)S4cIB6vDU+on5f_oRKxM{Wx7cgPr?Ww6|id&6g9e9;j%*P-aT z1B!|V8N8C-?pY2eVC~QID-tk>km0GD$@=g&16WJES9$#{PZ_<2l-O*Wxo}`YiXw5z zufVPo7J^FABk0h}i+mXhYoN*w&ZlQbSsW2``B+12LumcSwP%lm!x6Ql5Y<@PdA5d9 zv&?)PUC!=bzupt-xAu_83VO~XS_}3GHqNJ1W9F!~tdAGym!in$P6hof52{}RISt}Q z&3TfkTu;qW-*~q%{AwOo?inJF_{0fA)_K76p1+f(S z8~Z1ki}wz8WA(QGpc`V`RLiv?&ha3ZCOiOY*`)TI`tUe%V?=gC$BPybh#{$Ayl*-G z5Iz3tQX;zybw~GmXl!w?E!DoRewgQ&`zqXiFZ;*AuY}XC-5F+s*S$RkAaEi)CyJ*1 z>BsSF)FQ-ROzmGO}`(B*#eK|`|%fJJ9kPc$KUIpr{MFN z0N2U<_`BQN65tkMq-){%WIr(pJo5IMF^_A@T7Cml3yEX$sbv+8vn^_KdV${lfG(C5 z*6cXIwOHj4M)q68=g!CRZu6ZlG1HsgTl>1m%SWKPX{2^6w?2eG-HBgCy z-v)Vq@#K*f<%89~yt^atqFlY$>W}6S&!`7jxEol62cnT|b_+E==-Krc)*GYi{eoAVJ_-)N=}lkBdh{so5=FhG zwHQF)Q3@GDHZp$2EvdVOS~JsA$Nh&5n?|ilUC?g9Y`GTaMUVXjGntTg{oJ6eh6e8F zy+0yx<~lawxw7y>(F6uqD28Cei`c=BeX^2bS}96!IP;V7xq&0G%8AclvD9a()Efj2=6+Q~sW%fL$qoQ#mWg$56Arv{ zM-78#U?NRPu8aihFv42(@~b|E_`18`OO)~)TMZxI!sK7!S%#1&#E^4!23)o3sD*J; z%pHK%HARESGk}TxSDaN?HCsQ6$?V>7uw6S<)&5NW&$qtN#T8*%KhFqkkNye!mxC zM4?7K35rM4X5(AfOl<@Vy3b1jA=1KlroSAsDhXYRIKNo+o$Vc5i|ifX!(((>@?>R{ zEpbSsIHU`mz=YbzU@OL^=-#Uh^Q>Lloq>%T>}Y-OR-O23PO+P~Z)mN^=-li!`yZiA|D6_Voq*DOrud8_$pw%UHS@~7{ly5$%c}; zpC1|U?8|0a)aoy_nqCP&xVfOqX_Q;@{S4aBenRQYV={y0|0xyXqcCy+l59 zJS>7vJh7I3-Vim`lBmtb6C%;zb?a|*q5~70hI@|F3*UKFmQqN5y8NQ^Km@03@k9o? z??Jp`O$q;GeoLnr)2!Z6YRj#X7+rce_sQ^St^a(%r+c|22V3N1zb&OKY>>&%{-sy9 z6F-&@Tiw~Zv+K&$d={a3^ba$V<#!^XVm$88hMEx+JRHHau?zCN_e6bkH{|Fg3F9-= zR%l;QnQ4xK`>Q8j3L|HVzJ?oHI=fXFmlbL9|Cc^tAq`h@sAspDQ#hiL6-tJSz9c6n z*ELA-N%QZq%F7o!E30=C_W8$B9G@#3Tq8ZlGY6P0Wa_;IJJ-NJNIk1Rd zaurt$B6zX+D<;3E;yz544lrou?WMvL#l)aLo_Ax|Y!4*h;^I>0kdH{gpaE;6Fnm@+ zCR!3>N%6q^XMwX;s`RKD=)6%tiOyJyRyi0^55Ba$Fj)AEUzp& zspgL7TjGbuN7Qiu1)cVLJot_v?*(8aO;gXno=TDrV8~HTAuPyxqY8id8wm61s~1X` z;@n$cqOnIIVDVdA0}=qYQ1D{XU})=92E^IR|Hr=98NhrDBHwjX0}_T|dES!Og;4js zUokzKp;pAh*)H@Q3G{s%mmQ`LhONi=Xa}pl_z~|vg)9GW3{`{o9F*;y0M#uIK*v?A zuV}jj3R`I#8y6y+hv)3;ZRZV_9@pJ3FDxYnZ|%#jo=JfonV;jEd$i!ogB3R^zi;yA zdDQ$Ip%zuBfBar^9EWo53%i$Q+q~yVfcp1H_Sqg3vtM_{djpeO$CAcK_RC~_F0qQu z)#^S#SOK@&Vfr#duy0@MRDk1<%(2&0#u^c?bf&+U#hi3&U9kT}Y%LDL@M6qahk0O7 zU$>u_*O3VEV`Qg<^Z^}f99^404)DJ)+{(0FBK|_QmzF>j$$jtO?Ty$rGT-dll#AGQ zuUKV!`S-ajmkmOh(r)gxrzxzT%k==y9`Ll^edoDW$X=3UgL~(GkUQM;v9h4L<0bhA z+b2n0^IeiI0?f%Uw; z>wAYPP-OC1!f~cB7-O~HIQAjHsK6zSBRxqO2k0`V&gpDbXy&6l#y&X|?y9FI73U{c z*y~5+FHu^~EVCUUubN61UApfa%--p#*6|33MVXyvu^7*<&8Pebdpuu=-(Pz3#v0$g zZsjI3xj`h(d8#^+>--r6@i;&F$frEohT1+R1yYzKD10M=l-HoW~EC!mhm*luq5#Ivr|W{*flQ!RrnC^ z*22u;hkmVh0|Yv1X;)UZhk6_wRa1Q*0jHZivZXpJ5pK(8^lOsU7B@@yQJ)M2v?+rD zj=f@x$$2?hIihmMPW`*%rYrFd@L9^TqGci}`zH6{Iuzw_^@zetcc0>N8q0=iZBg|R z-!Jmh-3JlB=#htoTAb?xE2CP8@r{{gO*Ak5aeGvOtNYt!9dYHPB$rs-Uv^5>t%6yk z5r|Pf$?Y`ClVxZ;EU+KiLUD-S*$`-}m_2VM`o28q`ouv3P7i-jpcu0NTF)?Qb-}#` zyG2Tp@It8FbjcgQYpv1~wZNI19sqqf=u=IF%G&RG8D9iB8#S{va}ZeI34jY8kx@se z;B^BG5%mYG&?p(XVW=Ne((T5x_|#Ptf$4g`3^0O$!G;k--W$&aWCxFOY?Q!^ANMEy zdciDy(A*l>s{sCubhRJe)L^G4n!`|G)5ia9w_D`swAT3bqtEyh$ov3VQn4{t>ePh+ z9;u4)f|n7knnla6c07ykoH~=K;nP!$M<(0-d>#RE&%vy=5uPZcK48#|P9+^P5mdVE z*JsDR!A%1b2>P1}63uX~W^giriG;-|{d3bMk(sEZ6CDlvW(jZt$uPVEs$BEPm)D&W z>wg$_|3$2Ur&+Km1wpEFWAy^pjoknS1}^A*hPh%1>#RjUby2)X21`uDi|*t5;H~oQ zsLR=TPGoSAPzz7=6^H*gnSod5Om=^|_QA-ai|eWWhleNaLh?P|0A-@}@pOr+fQRh< zu9Px(_;_R48nb?ugtcSxcKp9I83#j}wkU|qVq&l}DPrtM7-S{gGI5iC#l|NiHiBJJ zHk4T$!NCI8-GB30qt!)5pACIb9@>Q6gFc*&z`V6W^mklrHWuEXkf8Gkd=molEN z{W#unp7`!;EbF59cYivEElx)rduN5_N6S%#=XSr_n*eum=(FhndggD?}{ju2yfsoBRD$^MZ%Ze)ISDd|#_n%iS@K zX#F420Npxw_~Ih{{09-J=*`hQ_dN{EPMd%Y<7~NJ=BX8U^?-BFdN|d-fO-7eLyB>e z)Eaz_x9SRXxK#(S(;c!Z5r2($^5wGVV&*6TNy@h zoyT%H;Di?d&?PBpv=J9HOO5GvUB9e+1vfggL;+12f++ST0}fOk4d!6w!u;FIn8Q%B zx4}$iS~aH-cL7DHJAF>*5%I`p=d49WcXGLs-#sKm>}=_+LL^Z|AAxzxtv5!PSd1O8 zW*ECi6l*Vzgq72lhn^@Dy%E5sPwJ#Xepyq(&4$q2W*?uFs+a$OOWxkLCdD|gFcGE+ z(NTm(b^T_`Tpo+jp*z_B7VVlTCZYMRhR4Jk35YWOAVj}Ex##DW-cS*RIl1!faYCZ4 zTpeJQer^V{fg}yBQWS8+Z<*8FAEjX7*>z(GYK9cautyWl9UQ`&o$k13TqZDE< zArzWgOzYqH#{N6B$F$ab2o9!<`ao|YxApSy0}w+IF_B;Yc`<0O#0te2BQT!r`^|Oh z5zOSf)zC726fPF^Yv%N$(^Zeaxk?>(<(3ftGTS@D;{`LwoL3aP#hkM2f!;NZY4%po zHS@rYvuWa&Dvsyqvz~=FV>-?3A6PnIka#7GyhE{Zk`5yKeIlRcDxqm^QK$9S@d)CM zn%FnYml;=__w;g)_zR>Y!oHv01#d0>k)5p2;ba!L2H++J9v-a+<+H`%Y%u0 z_|UMhDS!_Pw&U4$8=*4hgr&OuBl@Q1qhZ~y7A&NKVKp(^U3COYz9A&4{d&I|kWTFH zp;yC1JKsaME^goH#miWxf1J`|+ExVlEczP@b~C*PQs>l$_Tjrph|N|~`Yv(8&P zO8bS;<8>c#r10n66ZxuIG78KTur@?^hy0h6{u^c&;CT)6N+7-l@b4&;es~PQyp%WZ zlJX>jOzHUeG7SB7%#tIJVcv;}%>sG4uc+H^TAfH3cR(0Hc5}L#$>XpxK=yrE?e28d zr5G&`E7@9m0pdJU+OpOU8`1SQACSjZ1g=x0r>v~5_O{U}=itH=~=fEi}c}bf*%i}f+z8no>n82b|q;GTB6KgQ;b&ZX@Cw&}bdK?eG zo10Ue3M{Gcj+{0YbxX(A`&*{i|`|0q(eAw7?>av9F!O z_b6v5Td9j8zJ(Uo2?yQQe@`wPt*67pI`b%~2=@~hV@!(()M0ogZqt}vq=-F^GtZFc z3TjS>C86)9XIO)M-TfeAWz$wDdHK2{C0tf>jX`b5P6^{JBTIEQ)A*e#RIy-Gc_Z>b zbHxmc#hTCxL(}SZ7`skeTN8j=9qDazU(R*)#OnEWMxQrR|LFl1qE)SB|?lps!KFFbBtr zSJxvh5-wl8u@^;mHw>Ra_j{wY)kMA|^{^r2dt-mkGQ&Du$5y<8byA9; zh>Abup5Gc+;c=+iD2AH(!6de;;+qRO&m0{y^Jl%R{+?o#j(oLWmLk5Fyi-FG?fL}b zNOp17L0T|X`ucaj)TA04$>YW3UwD&0K#8sQOKgoh`zS9Tb#7?8@1ss~F!WQ$Oivd^ zmUj{JsjksuvaCCDoA|FhPRFrm3M0XrzjPhm8@rM^c5J71G@@VgUkRfS4JHo&WM-mM zcuwZpdY(cP?YhdbYA9S(V8IrR;?Qs}m+gL>2iK76aF&K@+sdcugm}iqvq%2wjI2$o zJE)UGx8uvDBrEmjWcA)E6+ zhy|t4wK0Z$3!nSHB4hcm?wG|2cqiAH7`NC-1Kc7EhKlxH4VXlr&Ix}wqxXxh;;Lvd zg0v$vb&Pt8*L)TuN9vdAgMs|P7P<;=s`uOwG!&_3Av1-(1Rvk;zVW`xZrq<-!(i}> zb}OGNo!Rho15RxP(k<>=6&GjcQh>id10d$QE$+l>r!NO;@eE0N=2<*siWF>)t3lIK`QcfB=(ucAr~2#2+-MEpH5#-|Pnn1B*0R z_n=ByzzE+Oa1NURA~H?Tf@&Si&8dU8+#@;O67y6H%ozclQR%KGEfwA@NxmZL{787} ztw0S5z0w>9XSC6wL$?Q_sK&yL7zT8|F#d;kZN4tR<01YLBOs;PEVNvXlRPlzrq#f} zeUvKS_I@sQoJRP)uj$*KZwRk`iU}>i; zw8WeJo^FdvOX>Oj|9Muq0@JWwe$D6AX70}EG280463qruKIag87Jd46Nz}`U4K>oo zvQ&sv1yS^$Wm))H$-I8keSEqu2RxoBuok_XUFYy( z+B`4*{#-ZRHuX^!0xy;9GmYbBlyS_@!C%n?MWBuL;l^`QNZ?M+>!=i4>-`A=7j`OG za9E&wIr&6CAl*&=;qA3+`Zq}RO^j_j)Sds=XS^TW5wKST?^6D-6=MYYI-Se9TVl~w z5r9O+`7B3YGXCs>94BSxr#jyufO5!T^;oz|YMUCm*UB49NcZYrMMU=qXhxw}l zg7pRzNr=cYbe=q()4eOCTLdKCUy3b;Q{f`&t;WfgTD|H#MQUJx{8ROlE-R=1YVVTq zVX!4#Q*|JJj?V$t*KNaM^Efmn)mdO{Kw;R;4x3pmtMy&u;JAw-IWx1bD@^Rt(d1NgDskX3nqvHNhnM0+5oQNHQOYwC7Letg zb}pr?vuZon#W`Hy3}A&$j?_P)z(b}8HO$YBba{K#HgtIR;9!=D|e0qO{Mh<|GRC3PJ4s8-8if@ini&kE+yut*0?y z%EUqt!blK`7z!mAwUnMxY%tGQ>spcC_#gTngB%Sqy`0oYK_DEhBy}V*turnrCToPp z-AVOt!*GlByHy=`9xaja(~&XP`Rji^R?RKVFPa?Ye+e#^MQ$-0e&2OTVI=60^C`qt zwfBEDC^(m`&$6QdTNJd14sbAw$8qu-%om(@o1Is? zKBrVG9wI~HgiI^0Z%Wa7Jqg;vBcemlSX)&h*no@$Ksi7(i%g02R@Z40NF^7T9aa9u zC5Iw{=?73YDsQoP*L~|SZ}tICGRP!_Obvnlm#<4Uk}YUN=4^0kYR0#2SkosDLGNucIK`|| zxY(w)#cwN$(dUXf79jA`&sojFn>>sfyZ?UsONZNXsdk-7Ji; z44_>I6LMMCFmeiboL1lvwr;85n_{7IMkr$@vhDXzcms8mXth)-8voEH+*(F4M3(*+ z5Fl6CpM=GL9Q+T z55dD7`XzTjCZRN$Mf(#Osf*$EhHrqt7B=PE=XEpXp;j-n?b*StBGb@I-7yT8%bGZu1!^=vCORflvkVyD4E{(R?dS2yb!l2T@;Q!bZx< z)>$dN@sXi5#Y80KU0smjukX;8@~Q5 z4Y@Y~zEaByJ9Bzf@u?QMX72)4-LwPjgX1kf&c2Loc#O`jZf97@4BGoSCJ!&`W3#l_ zEjCV-4bN_l5lD(|5^0AOaO1J)%a$mTk*6jNWPifN6x^e3Xmy;<2<#C|m+eEtXPS7J zW0xVXBY?FzUa0-S`g;c%c5mtdg-PQvozNRynjsJ!6VwbXMP`QCSNJUG(B{ml=>NbXF^ z4A04KEd-A~S+}9LLlt5N)VH^%)EZS04i*^sZBQPfQ_mogXB8={6c5;set$&*(n!&G zheSM1*5Fn4Kxq z9DB$akt&zAv1^^kvV;9X9q&!QU(D$_9=wAkZmApNS76ktNH@X~NTUYrdqm<|PIe`N zJkitGR}Im@#bAY!{R%ahk3%dr;55TqKhoU#Ivzz67+b0|{^6GU^Y|uFD0}K9li+o%w?+B zYe39ZA9yen-6|-U~Lzn z_v{(maESrOF@f9UobvBr8H88pEkH&0HJrekzby(2j3@Upw+H=Q%;2{BUaVwKye-Uz z6lklRPz>d&t=BbwkgI>pA-v^1F?+^@Ks>rXHV%utykHQ%tbiXbhY_ZpmH^L?l^tL6 zF1=F)R^>YPww{hzZ=I82zxL$O2rCyrwV=O4rc3Yw|8zD zTl&z&rvp}e`|7=4(;M6|{F_FlP5&V@V=$Oq{>uf>4B;CTY5uto4 zyq5d;4flOR|MV{b{P#_$a5xs{kKUUo{lk}z9cau0P~1!WWl=KUzlQb_Re)ir%_)J= zklXxSiVPW9o&^J^Z%_J!RekI8?r{FYc+P-omA~Ym_g1V&kyd3AV1i!Y%U}En-L#bT zEWTsKse0twb7bqwk|cvR4>ZD*eC!`RZsZ+;PQyO|`{1Y3Hi^U8%EHD|bW?D<5Y%^| zl)_vVesY{I?~6Us#@W;`zdSW;BvhvmDh0RP?k7WkIJF63m*(~|Htv96$>6m~7j&4a zib_&}Ne!v_!ifCO2rPspDf=iSd0F&I?9u~!e4&8Bmu7scBrBzuhW9~nnz;GTmaa87 zc8JM_U4ISV+BZFYD#l@yDMI zS0Y?S8<-sjjhX@$%kj%QB1jb9D^^wt!$|O))3IEKaLwY@#jy(e1b=-J&S;Q+@%@v# zlkcYZN}c6s zy$}WXbvP|lc3kri6D;#5N6B%rs~wBqu0B0g_w; z-}wUPlfXGH$f+n=;13L})6HUnOHD4{=b~kml(hHu7)(#Xoa%Bz98mfpWn2^PM_G_6 zO7=S!)>PhF&*Lz*8}M~ClLE4e++zye zk^)=8sWlTJdpU+Zw<62Zldzw6s-qwL-ilK{<5A>Lk;Q6?z`${(Jp>|lRjc>5-PT+e zz6bx_jC$XdkgUS<>Rs|oeMfJ<+%PLg<4nOniY}$+>|EV;yHumP3BZr^z#1bj zeW;ghP)bcaACwTqi~|3i$9{>Lc_|hPf_q#4EdJF5s6^lTk!3G7`oKiTOmK-J|5moU zDZvlju`AM|m+^!&F@d<`4vW@oceh1nJ39&MJ)nW&?D&*ueyw;0)(py6g_3q&gVVM% zF(*UkXKcv%pQo$wWsB=llc4WYnGWp|IX<^GWo|=qsz=+~0k?zKe)vKJ0XJ?DOkc9G z`Exw~b)G*A@XMgyN{c@3q!~CHPHW}U3ken3ro|=b+%%Sdzalx_Hai!U%pZ^}%AZ!M z#7hZG*3O3FT-y14%*}Lt;V@abBC;4TunIty#Z>1B#h)+NtR(tYM^dWkciXgQv0Ylr z@#W9zlprojqz2GG37>YQ+KXQ$Cv8tc#E@KawFr#zCDXn`Z%c>%4$o%z?drtPAqw53 zOB-x{YA$&#MJ-Pvw;g9nvD=yx&!Rtlc4m3G#0fsRHvecNk~e|b<&IeVb)?-nakyxr zEO)X*XWJp`%2vQ+@@cl>fkqWY7IRRx#RJNs&~Er+T&w@BJ$Kh9F}LVFUnW%K7vk3r zDl#zn^bz42bsyuc(DnoyEDA=`$mE5qUfC3xQhO$k|(| zl|#S5mdmHpfMM8ha>^7U&E%&l5sG?zH8$anmuC;ctEJBmCMVV3GAKLjpS~ZzJmjif z9XmU#e>X$LPYfi%Sq}%Y`lF!Bvl&lxWt^CXcB_4PVv>%oO985#4b< zSap6K1~gq|2p{eMllnmdBVP)=20PVfc>ovFWR(Zm^j%0YJ?>^Y&RiG)n$Nq)!0Sb; z+(9IAU$A7EbbE9NP-rONt=QK6pDGQ>i6Lo5{yGk=7t(}$&fA6{YCGW?IttbAuPzrS zDy730$=wmfnuS%CleAivOB4TsyAdcWjwR)Jx&7DB2^COcte%#=#U6htRE(pJ zp)(P}g#}VTBL7od+Nvw4z+R3lOTvbZ?|P(tCMEXsu2@tHdW3P@aK+yt;jtPD{zyb> zQlu^P!V3G>Bd!H7XYVdVgY=WNvZ8sgMwK1vpA=@;fyV}Q(0DuV4=`K$E?mY)P;Yzv z!WDo+FX$XYmaR3DR^okN14_oqfIWyBny%XQT1R&A5!r4>QhUEO()!a?$LQkYfGY)N zlcTFEu+$AXq&Qic-s3u1d(&THVtrln^Y|8%d;W7I`zn7ZCUxDXb}r2gQg@V1opxOQiU5K3HXAiY>dA}jU9%9;qWw&SYc5z zJfADIDt}x~HWrh;mJrUAz*lDH%>){3neW4; zx3cYAg(@62H6k-$w@dQ7O!b7Xd#pL}eU)}>>K0g9SnE31E2;G!^iK!-cK zE*8M9M3vt%98!PVZzOJ}I!Z0{f4l$=p+l;X!ar7xQT zkdxgJ<6{z{QSE;%{852A^zluhOz@bp$HwlzT1?3AQX@Y!P|-kBRk>iC01>YZA#lAI zWq(}X#8e#R`ET1oF!*ECf?)WhakYN_O?H6T5oX3V*KC=2K|2k8aJ=GFV+Ej>Da5I5 z_?VpUeRF67{nHZeBFXK1)BsdwoU8`dqq&bjQfjq%J|HeX^qPwW5z8n+=6Uq)F-*2)YRX!S=-fJ<<8) zVeiQ4uD{?EL+Bd91;~f4es9$}Od@bN+$Ke|CLbcp^32^$n+^^iAV93Y!Z;T+lt$NqQ@1ofh05Pm{$K}F~w3% zILuXdtafQFPdJDm%OdfFLIFpjv4nZUY)oBr5sg%4C`gV$cA_O(bjXUtxXmwbdN9y6R8S78MZ57?6B zV~F-#eZ9ZNpnHSue4J*$^v;48*5+WU7|sS64m*sUngF&82w5hAJpgtusdJTj;p{+y zV+T?3`DxemCSVFmB+To6{3*6bADEB5wqkh`8SlQ?R-wo^p=#5Ik)q2!Q?FGsoo{Z_ z=tSBUj2lt`!Gtt!9pJIlk}^KAej`jElGrcZQSE$H&>zhoYX@%kut%;t#gQ^L+j#pQ9<} zeJ3c*n0g_zz47qReRkbqMUQy*h-vX~#<03f8xg|qd6t%OMA(dWT4z?yR z8dp-(xo;OCLaux|U0mxv^70Xbhk!~P18mEl7Q+)v_n;(W-mAL0lFJ!=jb!3<*N0EY7ED~Nj67H|Ye z1~f17TYUi^j8L&>UkOvdZVdj!PG11!=V&6$G8Tj*VI-R=Cee>{&23+daJ}R*kL#0iVa6w;9H(eD~mtq?-k}T%%_`;R_&!%Q<>Cd$pZ4_W?Z~T zT|*LO&l++Agq5p0E*ien1_8h{&UM>~1C4r2fK!pQTmJd~MqHh@-n6AyZ-ZX&b?w?O z`j&TwAJ8m%&O7DRHdn@%8x_V4=ff$#pCqbMg@xh29crT7I9ZoK>xms}QyCL}Vv6l@ z`663;lE~@1A7B&#a_c0+PUg&e#YeohH(>eQ@0ZmjQj8^BbML1P49P)aAt#PFDWqG ze*b(j43h;eB6qu|}bcoDoW+Z}Acv}0n1H;M4}j5o zp`|904M9wJ8bivkoty6?na}i=TsM;syesxJ10>O=;B78@DTTur!pWRVulE-vY(ppe zji8U(KrK=D;5`8tYQFj{IWOBc4o0)KmtJuSUYo*ne?kl?rLC zT*n6m&mR3a!SaHK049tE0IspCIPtQkG)pbKwVu-Q3Moz-aYpXLTXz8rw)l2)jNJAH zAD4_=#I3U=VhU8Y4@o-)sr*Dz+}?W(<-X+;jdL_GcyukL4aZx`EGo({yVq?z$mQ@_ z;^*5B6p@P`E*}s>df^LGd&=#N;kza8{zuJ5TVgcK<7`TMsJD;Sa@Wd&i)CIWoh-bw zjnn;c4_Sc3(`#x0Q||8h@k%ScX*o%yua*entL6y_H-J5x7L{b@3OL zRqrFBk$u(iklk$`*_z>wXQisc83k{nX^Cd{gLL)BRM+}F@F9pF!a4RqqVP?VyQKp4 z!K<&c8;vBH=@_5mnxGgGeCPgAbw?^-FZ6kaqCmRZsKfBpIn-vRG=a-*K?SH0C1$=u z-Z<`W^^^9cf!U=AJE;{^1ZW_J0HY8_VEwHT&K9?@9UJ(ncI=!)kM#BfHc}M*Dk8Sq z)O+cDKBM4UV6FuHSft?8bO|{YWle7}t^g2Ctc{MThsS9g3eG*3V4!x@pX7nLf*E5ZdF>1fQnps zF)!DWPtHVu60#J49-RCqun!n6C`QcZfJ#z(#c1^}ZEO`=S~RNT1o&mh-GQ$#8tpW3 znX+)Af?OS6R3TL@cdmTTS$-%24-|y4Dw~%gFFn(jQ^V@lRsbkyEkq-aJC9%#fq&Ne z)J{Yh>-9odrr(r^lMf1QIVA&=`+m@qd-pwCOCk2o3TPvN6<>>XJ#|c8^{HPHlR>lM zARf2vaoeXapHI}geul@tWA2uTN!W@P(TbFYd;(jwUi1kNSy&JJrRxeIVdQk0GJiNq z3f@UK`!U!QOEiEbgNt_>58~S%><}iojY}n`-M+(y{F}-6xdud3z0Ayuud&7>=U%!v za$5OQH?BKXOM`>{T*n9eQ%5mE_Awc8QER>?D}VtN6*6ifOSvqj)x*IKNwE~Pk+O7$ z3728jbm5_${N|Uzo+Cq+N``w1CqJy7%u4lrj&(g+lUc_4Ir4gA*{s)=+bvzI(*u#r zk49b_y^$Q&=XIA~B6?g5BSvt{hoS>RYPA~4<`0XX*1Wq7$(GK={V$}L#rqyQfwv#c4bK6|h*Yx?YhIRiY;9W%GX@Uix(;G5*I#o`Xo}bNUM_6^g9>_O9Mpva)bS z;T>?9RikV-wNiq`Vp^`^gs|M*&t8BA*{En73o&5J@Eul4RvJC}mAYuny}ar06OTHI z>Ot^=M6lvr77QWS*t{FX-l^4nEno8N5x8H`$F*};VD)XCX5wuRY#HXX;A^Z zLJP_KiMg!vuoBfMcvbClb4jScJK;)}IRNlpb7Bc9`g^`Z>hSt9I`^RQCE_6|OMa`X zQFsBIM4rnEU43?BFl>gbTzCpG7&s_X&(4Y*tH4dIdz_?7Fyg0NRh6>XXP!l3ADq2~ z4zxYpL5FrLp^2!%h4jx9ozNUYm;3$^<;d5a^^bN0=eJi5Sq51FFJ8`5k#zLzTfrDs zHuV-+-Ffg750eJ>lXBqY`1W25*g@s&vT$C$)zAYyweOA>4Ke_t0BkNFQy-vDeCT0ps^_Dr;QG+R!`tXr?*1$2C~{~#%?gIJKEl=pP@ zOZBRLT;7C~;9mfzdYj3*@X&@)^9MEHF|D=7fSKG1bR8WmYB)#04{K}DaR552TSLYP zKVVab>L`t-yhB1!_!X_@vNaa~5W#<(qT=eE^2Z;5jb zK9?*oNXF|IqunZkz8FCa+OkLH|3duKN z2zR@kf74Lpxs)9Sq);Gf;iLby3s$BU#OumM@wG@eBn)NT z7i}9dP=R~bcV8=p0Pt0~9?yGJeBTB+TERL=9>)cN#J36YO9p;Hj+a=-0);WM;wXFI zI@jMnGl}XXu^}IngV0r5ZU>z|SE`GvMjk2@M?DdhnW(@lZYL@4(Kkgn-;9@iN92&q zcCwi+8J#-Ze7`d8*MPCIu3R|t8^^Krp(@7Dq!l~kgS5f7ta%lOrX6nv{Zhy<{#s(d zV+;oOBRUerp55BNq(nPJ3~xa}>2VC4AukkJ|06}OH1M(LO2+Nlk$i-6|Kej4Zv>+< zhPU)t=ufvXK?8@5=aRN1IJiX45ZZX&(SLvKd*jT20NNxpU44AYW!xl>^_&V90>`!1 zn*3M+k2c*{Q9~cM)?;)j9ymGzyhuKcd5Fmjpf}z5rA=2#peN(*{jV0OSnS!D>WUu@ z`wrwZMk5pC+(Fft>o52*k|E8&KgB!N-|094lQv+=Yd5cR9L1Tm3bNsF=2Ms$52X2j|!qy`{vS)I0kUY{>8M*XRNudopj$ zt%*Fw6!3kdwirrQrTPwtUBh4Mh{ZvjriXZqz~3Q%z}D(0U=vU=VI&L+Pg;vgBJl5~ zn-u|su17MtQ2kT7eREJz9+pzOFYo|IHyx3`%l#zJ1lL;EIZp|u!Pll^&fHT!B~x$u zSnRa14t;PW^jsHQyziiwO>-+_sN|nf`C!@BBA*lBtZEHacD`q@*iI!@PX2+%dG?&L z?ybtWETmVJT?wLIq5~Eyka$`}UmeS_$4_o>F#=<64lG$(t~V$CUHm>b8V5Ej@k&9_ zJwF^TBt$Ru_RdGu$fp}iT{1Kd^;%ChkYy!l9DN;v&l%>bTKlCI9Y8RWmZY!swb!Ponnis>s|t z9B4lsS7Pz=M+YVwp4c|GU4O>VCZ5*eqn@&|eVrFVXL|swAV>_151if|IB|K}^<0M{_*? zxW^?vGcU{k@n8y&Ro1XmlEtrk?UBBL#>tSh?vuDLkg!ouVSNc<8DLa!=o4Xq4ag>Z@_#211FoHz0EQ;*SNyWE z33#I$fHyBTQqiJ<5ON)ox!?OwI$8AoklLxQ8}38WLX|&Rc~AgSn<<=uQ1|>czxj|*j4Y$*RI*tASM`lv8#*m z+E#eDTlX0LibM(y$ehrKB5|q_^xq@V;c%?`_W*(4*|$vDsX9_d9<4-e&vhL(=_BcE zK)zB(W^q^{KAu&h5=y!Oe9-JPB?7W6sTm(8<-UBJZlp$i__wni)s8^NSJ7E`G<2Oj z`k1Qdm}x!-l!>W(ZEsi* zkZuL(4rvex>3k#w1CR~{>6DTN0qF(_1xZCp1ZfFLB~_3{KuS_Nzj?FPdG~qG_l?{ntR>I z`4oxxPPq-&?rci(O;#vt#`@_w3{vCHHRQP*kt@2XWfs_Tg6QQO47&ZyoAP7yjWuF!A3P#1)V>4sZRLk8JoXF(`AazZ=&$3?a$P+Jggdv&y2})m3ZEC zvSwPNrnm}v*6YrgFVQ&_RyO4&XXuo=mdRkSOhk&Iqwo5exdZ^o6j;MPvCUI6{QF7A z00{_DTn(I83*lei(C*V`I+Jd*+j^Y(Vz*9S|254$_l zEVGI9`6OG5=Qe?~v3A}iP- zt^D2HVqL9PZzAd&Y6zQ5k_b_2NEbvLCdZP)=(9bbEa*5b!$?n8%E)CZb21ylWziNk zg5Jm`=7^x^iE0*MGTDft{>L?T=d;pje- z0gCX7@hw}=DZo$NPeqhux*MzDQZBQzM%vaqB0+R*$NkZ#*F8u5G_)h>asb7y7$?}n zzwT#*Ox3c!Zqq9V(XCGAJ!^^f6q|ML~Cx*^pPTBn%5swJob92c0luK4ecgg z`@IoY1tasBmXPJLD+?c>?%eYxqPR+39!lp`c(>HZun#;Q!7t&bY+?LL6;PDLY(Wr< zQ%^E!4$qk36%J|A%P73Q0Wjau-`FT{u!b3x#$!4Fr?xh{3l9yt^$@k?=yZENw~+<+ zheLYMyj%DFd>>CWzWN547bP&v29!N*$b`@y510B4JI{9~ZY1}mp1`AjYj!RHG6?LK zZ+i{zmhm$}+G`%y7yGk=CW#W{!xV}AZwCu3ElxH0?PoAwaiSX}2CjrXuJQEHCO{Wi z?dAz$kGaCv(ebbm=vj{(H`6j{f@Ti8=R6_RbrkO9Ybgmrij*j`~sRB9*o@92#frHH#VEciKpZ2O4le06jZ-_aJo(U)#O<@b2zFi zj+3J%Zur)m18{YuU$VjjcMkJHYwaWF{_cWSv+Q z``w$#g@Bb-2Ad|78OS!SXme1QmDIjwjuw^UZ8~;#!|xGwfeB27PR_Dry*-LLl(tu# zu{dJd@yXX0lCxy)89WxRS4!$MGW+a7*YWVB*K*Me_ZJs>&p8r9_YV8HahJY(H%agZ zR1-O}-C9gn;jfsl9MVXDC=u4Lq7&GtnMW0w*cgMR(ZpJL8E4^$#%yU%grl>49srSK zF_+(k=FZlAbuUqlsg4Hg6iw8p~cnw6W12#POdKuz;lNOWWIA1V&SkN8Wo!>XSOvDlBf$rSl zJm#;}*cb$q=|B!gmFcLdAY?z)*wAZv(D3xY*%N8mO4h;aJDuu%eF z+spg;ur_B|GR1|G;3+gmf`CbVUV_Q!2dc;Zm@?6zgw_JCgV@DvpW#V1&#bf` z)$1?@Jb->%W3O4_I$UVwIz5t)m&^?Idn0!QJ^RfL_DY*VsAv3JF5QY)(TGz`PbQ-8 zsiYP9ja~H_ZcXk+wh4HO6%+xsL)F|6rTwTkqv(*lJ$ghnmU1DIQb2C_dVlt-P2k-l&^n1k?XxuO&?DN0{N}3BotZQca^m&1*s!ijNg&Wa_!152Gg;z9-iB@MG;y~#@u^_(`Te~6 zQ@};HiVEKoub*IAP||c}hy9%;7@RHMe)}__Ucm4r^BTVC<|8*#xVM#lyZ=Cik-FUY z?9^tz@oCad+)t8N+knwaR@ue)R;d>N#;3QRd*mN25PUUbzm@mOe57=EO&s<3e&42F zkeWH?6AXA#H}6koY`^7}phWA6faEX@Etw{&C|eAz(RfA^-Ix&rfCE`*#@ps{wIGqht{!z9BL^k>_-pz4pv^{Jsdi|O`dy}CwK38 zm*L(^#-#2?_O7Zzza8IQ{Q~G@^R%@#0X)4UlCaOy%n92(q6V@r0~^o@AJC%V$Pw?7 zKzkTCJ)RUCjd2qvOlrjNOO~YmTI~w&_jicT^Y3f-$DlgN^27LXE9_11ac}0$w%oZR_Xo=LWcN8Ro@&B}tLVu~21eH70 zwgZcV*Kyz%3|c)!MSX9_%p8CYCi})ygP0vNnt1qNy!?0_9{!cNP+y)YaFix-L8W=d z;M=NGpQn$9d)fWaOp2Fx#SEYm!=-zM&YKp|r-Bwc@)+t=r{KAtVA5HGIQF(i6rJP) zW;*Br)Ys|F>BHn`Z$3!`e}giBM&$SJ3W(Jot<}vx=PJ3~${<%V=|1ISI*vs|S9}p4 zKhOw5uUK)DIPWO+z4q|h457$#e>o`#CaaysAOX^@uK5?iWR~bI>kWI$VvQRu@*KlJ zvlmrF6sks#AhL%ve$&8lrw-bgLexy4z#m6D>F`1YZbC2~c54bud1_q{G-)Xlxp(o# zRFXyzdS!v4%=1#l{U$vSt&Dtrld;JsR;T*0D-_77sosA?Z;LwN{uaSk{q_e+EBIqm znlprQ_SnBWg9;h?j+@xW6)W^&vNCd-{ormBR?2pp@|Y#i`{N1V#I!%#gm#6WP^tyrt?1XnrdO3-+x=4M&Et z97R04+qO(>>MwE?=xwi4;*rpXw;f(OBzL7EPTU$CGp7zDxa37?E5pE>odQ^6hIm%U zMzHyVZ62D^2Or)*}(cw*S4y(YAkXMzkUBwL*G@)!X{9T1@1I7&;451!{ zJh%{hOeRXloK_-#C%QJ7sCk%5-{76gn`%xI#mST+Y+Y35X1xMkAM2Gq1(d4$1lKVW5+Ryg|RDXVjEI@mgDCKil2tusc_M%}kInURNvgIKuv%kNl zzYWA+7olVnz?Nlvwm>Jb5E~Pq3VG+()wqJ0J2eoj+Dn;@uN|dK?^EeDCfgh$Vqt-# zL=Bdi$_vZL@y;+$-%<#&Yk*a}VQv3rgl8f*ub4)l&h0mtOT8hU-uJ(9$- zX{41*oi2MSP$E{&Wv=7#$?in3+omeA7J+R{QcH@_fmPLR6Fsj6!ynUFSq<+ z_>x!gM7n@?yIt}}U!O{ZgZfJp`>i)uT`=$}k=|f97ZLsMGEeJF#jows5XZ79YYdf6G zr+)y5)95i{z^=r>TtZZE;rxB zfy7N+9iF=lo|)X$Zd)1nI`-1`JY_k>M* zbX2fpc}i`@oZyi|_Zom4@X}*2Mx?z{__mQ}_WAiJ+H_Q^70TmF06*}5 z{0O*_$Y*TSYAJui8d^FHCD9HRItNjYre+j26Y=w8XllA3ImJyT;1{+YxV*HqNrpXs zr&)e0yYy2*SsZql<$>UM^lJ98nSY1@O53Ogy1*nz$4A``&i)qoGpIFrS=P0k}a$$2042@6w!(x zZ_E38>dwypM| z?Fzd9Z*yURMOVD<^Hm+Am7zVnMs&RQ*fDDn0tr_?l4GZ=V%QI0t}kdtmn?bS5P_Pe9eZ<3-&P*(5urKO?e zHNEEPk;v$w0>g}VN^wkzW+miyHO})YvM)8|E~(^7*zR$&Vxb*g{vEhm%!1WdpSy8p z`Dac_qbZmN=g59#V&SZJltMoXGu}O_&yZ^?^=P%%vOD>Vaj%=QWA$%(c}gq#m>T~V zuIy5C+A^zw9M6a0M<3r&v=JDZU>f=v_m7O&a$U4RC$ok7`j#A$YgUa5753LNEu*i{ zA7Rg{U%QhZ=~dQjgZ~)zeNyeFqg|Qw)VfxKbMv9)m(*<2kDE_|0*Hf|NDsg(0Lv~e zb?~Qylwi9I{Sl}UDomQuzv|SwJ{DWA|J&kR6p;{dDHA{+n}*mP|094D?-EJl*J_24 z&~oZMr!DFGb-O?7`PEzjlN{Q3H;3u;rSNmW*hUc<*r^llfZ4F4m-7SS>47qP&=E1Oou(o3xCa+qHA1zs=Bn&x0(jQP z)L0n?IzaT7V7)I3UJ*=oX6{~@#b({#-~@na_cUyI`_o0DPCd)aJQth#w4eXn2-~Cs^>MOdk2>`zPeg--6waY5pL@-!Nonwl=+9Ec870GHbs_@ z7U=+}{EfKq!(3KMrfeT%v+=Sr0D-76`oX4J z^CB}*AnEKKY&H8o>#Pih9y1{T8fm>&@}k97gl29u)ZZ1Pk8jn(>aYdZ!EyRwVLD?f zn67K7+l(iI4r?s&E|t~T=&j;+N#jqKZYZPHCJGk5d$5}~wR*EB_1SvmB-B3GT#N2# z4{@ir(A_@U=BaO5;_5%UBrAxbl`ENCB zozc05`<+uSs8b(fS>ZRLT=(OGaKv$>2Cy!c*j74s%9l{LZH%P{#;<^bX)nq@(Mo}g zE9MM=lv)!57{~|;T%$Er){@LBaG$gf?hWrwx99f5CF{rx?d7q#5>7ia(&o~hyy3(> zo_)l6jyh4Ewxr|A)%{SH`@8sujR6e5?o=m*svN%r2<1@Ra-<|hfN*R<%Vd-L@@+}2 zN?*48M`-CW`D!C=!W<*BpQ|FNS&Gl$hV4ofFi-TqTjTst60lS0H_d90x-gfdV|44| zI7nbs!bw>TKxRB>e0U4ODM!kg9Xr@2#r0mUDKc*!RdSlE>l@sXs6tstsHjlH2i#{< zZS-Id;`1^by2RS3wK|dRq1He;^!4Kg@NlJ(FX~mgX*|mezF81?j_OaTjft2?o9IV6 z@t;r~?ptv>NAW(OyZPu}cq8`R`H>7}+P)_06mq-mX~I5davl$Ds(cXRup?eqU zNw>xuZ?08kxG#)oDw?fnY%5kPrgVqy{z|nGsang3_^}wR<*;rrwR$rrc28nqT(a(I zMoe{23SHEFB~^gIuEmW?YcZh-;PzGb^F|Gi4Vm8m-vLqP@q6M!hdMom&zpBy7} z{po)0A@@0+IgG3JD2+0$Ib8a9S4V7i-TG$&^*D_9#@>KdOO4;Qy^7W){Uo1bBPK10 z9|O+V1q?9Tef)e8(W?uipGP6ZK11NbD2*>CvuGr(Db)5KWutWXU7KaF22Wvo-~9Kk zQk6a<$t0`m;^d4)z-DQKC~4>UGg*8rL61?N#q7}Q+S;&1)~y_fU(T)7>Zxw{Psy_z z;mO_|wC=Z0K9S+sL1McIy7n}ReI32B2q8YkV5Bltr3c1$dgB8~KSr2-Uj3L$CgwC> z+tky1=|rzPMe6!Ux@Mp&08CfrKxo)(G=X%Z@OIW;Sj%_IYKsMsdBly_IDp)+Vp#%a8U`+)jj=FS8qGuqnzbp*XUpuD2bl-S*+QT`XF84`CcmZ``8p8 z9juHAi0^hDL5|(gg7nwMyb+R5o--8>dt7N_wM{xx1xOSWhx9&A5_WZW-3)Y3mE`J@ z8!s`3H?B*G;R+OT4R|ebOpi4*Me;ej41W&HOS+Pf^nY148 zl7t2~fraUKX5KkH=M$r;{&_2S%n0CQ3r~L;kXl6;EbXm`K3W8ae*^ zOQRp&dWlirfMiCfDc9~5vl#Ons8CSC=b!tmm9m1rvDthbz}@SD{eaTv%&x#Di8sya zJImkao3abhrAzj;5FY1io!5>vj$BDoax@>@m_Wc~ssd6s^24-OU2ry}ZB~sQqmjEf zU5aB9VP7^=y;$>KJI$QgmdLg9PQG~b`@Af|uk(LXE0n|hynJw@eBA7>mZ=PoP_V#> ztOeG9N=ox;FCx^trIPs2Kr`nhW6cNE-^B{|#9^l070h}lC1cbrFlBb!?eHTaf}E4| z^s7OD_%XDA*M^Tm%Izx%2tZPAhc>py1cw8|;l$bL!pD(@CD%URq1NxfbmtMN4`{ z(N1w}xz9govJ$;H78fx7gCwj_dVb5t5j>SWRTdwM;b(Z#2 zsOQNKK3FgLCNc@o0&b+n&nlcC$#pAaj2F3wIc3gI#RCuwKRKzjB&jz@Bc0r;dYOj} zN}UGk z1VAW({Xi(FRIyQ^6r7217tH(xg%qxgRy>UO(d4=`I0*N8SvDS>Ct}~s>Qza)#tQc! z9vKeD5fnDAO>Fs8K$bW?ab&p*;Tx*3BIK=063i910Ag&#Ba`hSs3p-=tHeghzRoZ> zs4P;H!6kHoK_`^QCl3x5&RJ~XUx&3s{DYsHeA@Bzi1lNo7NVW5Edrc>$qP-LW zdY`aV9G{~hTvqrYv*hoO62wm^Ma{Tr(=rUYmDuLY!h);mx|P|m$i5{6*a#*7b01!H zX0r+WV7%Wr2jWC^G!Mjh(i@@sRNJ|f{3E<_jZfg_ev15))VP`!F}?l$Zsb!$9`qMa zgcyA!h}Jc6i3Q&k>&tg$w@Z;{AN#BpKKWOGjqR*}UYRc9{{JUK79b|Vnf1BT#3uP* z(DN*iZ`~M#Ec?5a2X}u7?5JFymE)rdpMpjLnenVJSoo-_5C-g-%pdGIaQ!@Sb!IPs z2EX9l$z;)2l4GVTPkpxu;dQ68Y|=qhMnw#*^XXTqy=L4@5007v&YXgnU&y^fMLiHMGQ7h%-d=wiQ8 zMPuIZ`N+vFLLzzCAw_zuI)6-64KHXGgj#c;s_wTWErM=UGa2C1Xz5cA;~VZ!%GK&v zw4Y0Ig)0nMfHP1=9EcsMZvFKPMg|0)L_*BlZjZEg^uT*?3L_AM1V|14GHRc^Q0OyV!_l7L-|pq0b$kI zCm=oQ;xp^|+UJJ|a7;mxx$ihj`w&5A&piUON&sKO*ww9c4iFsPn{@j9y+iuReZ-FB zOdWu@;?S&gOP^Tz9*0th5$4=w_oVpXG4)6s?UqA#qnVsPrbdK6IoaK-3E?*YjcOLA znAJLW-V6AU>_fA%Il?pmFYfem?hB`E0I489A0y~(f;Ccz{(;ptLS?wI=<^*mLm#vK z20VkU>VfmJtxNFS^q+-m^$BqOUMioPBN%Ld2-n6IV20RLVFRQVS5cRu@mn31TRY++ zM{3P&hlItP3HSWfS?QxU)7yTWJfcqPIC&ENv!7YaK(xcj;^SZY6>Np$-{zd67{FBO z+Ttjbd2E^ypgz5LE+VS{6jXd7&|5OpCPR9jajG#s@M^xMExrP;CNT|q`N)|^X_gR1 zE`aMgQYYJYkc<_efA-&7%`h!VziNW?-i58+o9if$R^`cs;Hn(|taW?)`{9-pNJK&X zTwwqs*A{f_&`aGxgbeXupT7g#Yrzbe_wJvfi_4Z-o=RPE03r^rsAr1b8-Zh9Tz|aP zQ{l3pfk51DTj2&RTxI|^|p)YU(E=~H2f&G6sjg66G65@nuZ-r@nKgj~ewngD@crNDwOE*KH;zx@xa7z^Q0Kd6?dpI_#> z@?leVYNYaULL!hMrJW>S6b0ra5DkPl-96MIL$pw=+lXoC<14s>$41 zmhVLiKC{gQ5lIoZoAAlgkSGyU{y(s1#88+e5Fuk5=Hs;$p3KTfO2vNpuqQ1hOg!y+<3dd^HSi5 zNMghPI<6wc8=cauC(E!FbTIrv(@RjsJREihP1DW4fF*T7pwl%;ukHTM%d;IZDL2Wjo5BwucNG$xA9Sbil`3$|Jy{xLrQvxD@&FKL&2rQPLVt)$HFJ{C zcdqd_wL;#1ya!@r#_tB3{;dMQ8UMel09vSwFK(C>ohLiM+=|{t-@C&*!+7@O5`RGl zviuZZ^P#Zyw^%smk54wAe1w*6$E!0CjZk@rDP{NllB;1Ygo&QqM z#P}PZCs}-XDQygBH8+vezR9=tbco2BR@kjwDY;WnzC8p14KHMfTTlsNOIIy37!mPx z(6W`BE^~7LcWsI)U&Gz^(+pR8FaPumm; zok;=~HS0-&3WYlA4`_aNBn3#!p%iT=I^v#pF7&!^(?W3`EWJ1GQQ$b!GUHaX{r2JS zA7Oi+z!|pv-frxMkFvrfL7(`XC+gPI@k7Rym|_v4~LeDY8zJ!Vs z^k0~?AR0ZtiT`!G(Ysf^7&FxQP4R$6CLYo#7C(89l$kDneKy4_yDi(LpvS~M;Wliz zmUyi&wa^i6td}WZXfe9lWx>#PZ6Ja{r~&R7>qyrw)|B8LrWBM4M|oKNT+&U~#oMgc zkX?GPoRvpp!Zm?3lj9gNy}N>O$hIHMcPHWX;8{b`g)Cz_WevU+%p&y3=dKY8&|$qb zJWPf&c5H`SMP>2<;budgyAcS6BB&_4_Mv8?9O!A5D+sspQ$fZoz`sU(591aRgXui_ zxS;D{ieY|48nR-p%)`Gxu&N-#`8ib`tnTnN0dbUdec-TB{mJgqkaCx5Y%*xjUOVe4 z$Vd@tGVlvz;mg^ZouLinl^3@B;yO&RU|kssQhagaVewUR%Gn@p+?# z$&8)O@?UIDh<7_DZXZB)Rs^X7yZ=C$&p%@lb1ctcGPLUrHxvR(K5FQQZ&|9K7#OyV6a-+Lzhg0LWA_>$sg`aV=vtid{*|!g$PL>C_`=W# zUc=hE?a{Pvn;I}!{s=Gsc=xtL&mHl8-X;3>R)_4Cew{*_NwA0U26 zCBl}Q0!lR;V5Efy?7~gQEo9mI&4m|3tc{J_ zcB0Nb1%`qeCIN@dKeOxtIA($P5#pU~Zn|?qvzPri>d*)V%4{8%h;E)b;142~fFGud zM78(*v=QCsv}jrPPF*;tSM{Q3MV#fn&5L~iCeNNbxO_vV$r@A=^4KHkz)D z1Clv<{h-JAlnFTVEN11P9YWL>9Y$eh$93)ZC#AEto*0+`vK?3qB*F=Vi}y zjW+<@tDsdsLsBRjK}0mOay0oBI!Bd2Q*~lz!y~I%jBSvY`TMJ9>%v8d*N6-}DgS6l zSGE)LrwFjjg?RC?blAURqX@%Is^DV8(n+v}#Rb%!;HUiO#!>z)cp)ZUk`Tr{mV6t6NCNQ$ifpmdE1a4Lo10Ts%&VLiRgi1|a zg12o%CduHkYf>18GyY?Bs6ce=mhA;SOV*g9*qAnl40c_? z^HGlsG$5xP-o}VlpetDL4QQiOuI0$L`&&XX?jS54K#;uN@LP%g@=_>*kN+~^5wZL>b@=rdVm1rxYR;@ z*pYWH9CN9QBz9v_2*eWvV!bjg4%fnjX*pvEA#)_IFt^VEi$|>+Sc@k0f8xkK$^zAT zJk#+WdR@QN8i@RHM(vMLft1IHS48E);l0SNs}YK9hx)4U)*%9&BPRai5Rn}dz=`4I z`&Mc!{TL808W82o_y!5!nOkgQ#OlJT!E7HKJPhz6l`0wK`!#2GB1$8zC;_Hmmcvy9 zJ*M-Vi)*Og%h6#N90W)CwbJ@6m6rKQa0AR(^&C}M|B41Mz)3eh0x}LFQegOAP!8%{--n`WyIBEu;~G%}L4A*!Lh$ zEluztJ^CP2f^VG_KqxGWUWq5dV8Q3-jOe8ceNUX`IO+vDuR>nwt(TuZCSHeHBK#$i zg~7B8CmhGJOf>fM2-(ROEoIug+`NAhrCJ#OATs-v*DJ%NI_Td)d{W?*Z6WG5BNge7 zft#GeXyOuVRhYX=xqgkAA+L%c$B>qqV%rW1&NGeW=m9o3fwZRsC2;du6|$UB+B~bT zwj$bP>;)a!10V$R&CML5Jf1NO%eyvLr8?P{jQsU<$~nUns>Zzeqr7vr>W{ZHq4}0l z^1KL+C(G7HpQ^Rj?DEEOO%t1lxBO4x5bgVS=MOB+|6JMVGlzkOGf$G`D(=3<&G8Hc zl7b*&r!Z_3z3+Z@;H zcw7j3v$Tt}S(9#pxGxPNxW=7(c&@#ijg7mlAXcLwVCK&+L_Uul#B!x6?&#Yc&Bu}( z#X$x+%rjzX*Fh`qd9pK%8B}0F$@Hq<+zHztP;Fc!;;BO3^G6%hb038CZd{}xr=+a7 znm%EyxS!KI@FYKDGX}}|#5;s+s%=@d)PI9MCvPw6@O+NGaB^*3R46rq zR_I*!|Lg*&=lnOWJpzmX4tJQ+;^lr$ZsSISh5g9Q+e|tDaS+@`5JEd%2eMO_S2~5z z8J}i}toPi`%^ho9Fu0xv7fm;`V=N6`JMqvME_-fcQhs`+%Fv>nGoO=C2oTptUfESR zryLe{*pY$5tj{Ac5x>E>%st+Ba4F&w@@JJ%pxbHweoJ^(E>wYEA5QcCYqA8@H3NgG z@(dG$fJO%vx;_C-E&oDW5oGv?eM7AOX`)U!B~fHQ3t@UVDA6(N35Zf;K`R2JiYg@h zG(7Bk?29rAMy8z}z9w#nn8nH%35unRK?2hdHlt>v1#ebx&0+!xJ5!L>BE=J8gMO&p928H@f$Drx86-x1Xw0ywdbjse48@KNo&@i92tscdjEB zrwQLV&V&btHk@#=)bHdijZ+&*U^YQF2}%*X7qQ-JjmncAe+hQ1RSm8CwyVt}4NEdEDUvD$Kn5??$t0#(10cd9|VqUtD*JFE*^c z&&)NOfq@?HA|qF6fsN|?Wso!f>uDZPZzb0R9GupEvDch_PzWbIS2T#6KFSX9e3{qA z~ZTvqf!kbm525Foll|UJBs*>+IqjCu)$%;=Lyhm#A4WZu_o1HkPsX9u^$d z=e~T>?AE&)Pf$O9oHrv4B%SwtR9Vn)m{qpvp(rIIe)NX=*<8$q9)S)TGP<*}HIO{c zuwt;GP@=(IT=R-DaujkF%oeXg!4p$L<@~EG*~vH5o*pi<1cl3c$)%1;~T*EJ24z7@5@oh;~V5>^NzG9&7 z$V-BKT1do~AZF+qr7n4{;_1H@Xg@ z_^!%t6^oJ9=$9%IcAY$0*=3HgQR+((DXorVSH1ryklH44du8&SzWdzA*5vZky^E6_ zbl$f2r%gnV(2E+tgAO_PuKhO*d+utq2Ul&=5p)T6N?SZ`yfRn1bxv1{{6a)m?$qQu zpCc%A6v?#07_MfIATqp%5W7XSOsz<%6&04RP=Kzr1k<(FEVH;vCJhY_^rVv3w(ZmBFTn0P4JnC6xRj35af~j790gOC#$h+YI$tGpP#n~5-?;OI! zaKid@Y7tj7dJ-)&Pz0ScT9f~2^Tl=8g&5~pGilW`gZsG*{D;w$&L?r7cS^ek%^e@Y z4!1FU{!^<^g|+OLW&u4L>MU>kI)62(q8qD*EBb>pVW2dB(1WksJxOZt&jhut{>IwF z5{LC?CXSD2gM*z)^V*m{jZ&T&TD~Ij#AN=V$Yj=Zu7?{5lBtK_gzAMb7KUsaL?}wi z`O&3aVw-lv1<6CeQAWgh8Q?#_#a|dmF_{jfW99p$=!?O^L@BvH9c2AJpmh`x4qekJ zsV73i@d3$r#`^+UxvAoW-SsJB+8zMAB%Vri(%Py*jYuBECef%iw_%s9s`UH0_{f9K zmV2JQ?v=_b_fNi;sL3Pak^H4cv+;DR#CmvtqCGUgsiwf@*7UAPlXmyOu;$ec`e+nK zCIECpM15Dhc)M#p{5+n!qD96LRI>egrDB z2OCmB@!>8dcTD4mT1Xcd>1UEg;wTn%K}C|YkUA~T7I=M5Tn7L7M>hSr*C^SW3>*Qhp16=rgY67%#LuCCkb|!!QD}3veXbW0B|Bn#$y)h` zrw&tM(^+*LAvo@=N<=Zh?@Mv;d8fi~emBilfTOXbW5gZ-PjF+avTSWbx`pSuMU5NHvWdsj|~&)YgVn*6%@l&I@1C zm=PRudu3QtDT)TfUr2)D{LSI51Oxr{2Uv!9_}@{ew@r^bU(m);St- zDJoy38h!X$Kl%#sS@EwvTAxJN9M8Qi0jT9Dvufz!xU=F0`+?qZv$2a?u#+GO4?DSW zUciXZf4)KFUFExBQO{H%RrnkB5UsdtEU2LurJ^kyYM0nnRgo-C7_z>(%;|lwPU=-J zf4`A`3|d+@=!5MJV5j1@jkLlalrqZj!XmnYGysym;42ofy}2Iu=3l2E$h^;|8F>fr zgl*eUymz|QbR+xRME3-;lo1o%R-KXmX{-~MzAfxDegAOW-$Pqifbe(yeXDrz}{0_sb>-UNBH+r&?$O9cx;5Q4%g{K6tP8<*k zo(`kCcuJqJQEWro zl%PW2Oco>ePosC;&2yOLmoftq{`RdJG69%KD?ATazB*+=)Y?1iBO?sk=xIe}$z4x&Fe*rnw&>%%ciPN}lL91N zO3z0%bJ{2`_5L~EbEYFvhmUJmPu9jcpYrF2OI-52$eavr z>9+$BT&-7XD3e8luB?mg2E|i*W-6QleZ@4OMx+OycNHx>dz!|2^X5HJ8LGXg-kM%x zJ7F1ndTr!}z-)`jrZ6zro5J8Y-GAW<$G+1S<9J#BOBQq8DPSnwCA(^K6C*T?aaL?f zSG+C(g-Xdy#`)RSfHeHkFAMlZoOIb#;+J+wLoCeZQ+uzKd$7s908&zBzycvt+5Ulu z&k%^%mSL{JbS#Ddj^^iQciuP)oM)#mBDUE7?K*M9o-6P-*-Sc5g&>O^mmI4yflv7^ zzfxK<;7@@10jPSb%%H84dpP3n(1!%QABO`lq-II{6pl`oOJ#d zwR8P+_1{xCy%^UhdC(?F8kY;nsUad^D-GC0x+?3&4?jfW}>^d}&ML2oWpj-hh~Jy~WkPWg?Nhic z2Dv(6pcPRBN!Eg0(201$WMmx1bC+x<$>p72&LRu?s zn7tX!5D;k+VmV+b0bd?KL{zO0|+nP;-Jhzb=@kKG!7m@er^uzV_3>r z0j`G~+{Cq{ksk@Qk`R0oF;W?LuYRDqiX*m=>7Lcic5P^J;B_8MKLDGOc>*pfOr;H! z#l5xuZ21op94ivHyr~5TkTQ5ZCp@Xc?KAZ7UUiJKQt#k{8nTc$x2 zjx(b4j@R@maua#-rI(e`hV z$=F0BUeM=Z@N0cW(4t>9gNS#~o1~M~2d_33d@!vzTHV%pXd zjr&ZO3kkB;1x^4h*hno0B#a^?0PJ-vQ79_&zu^7}3;o`;F8mumh{^)?|U(* ze|{dsAv3)es{7vQC(#BvH+;4inxpPi?(8|CQ#cC1`;6~M^9$bRi`Tgj%hlD8bJUSw zo*ZpyNK^W<#E`1Qi_BAA1Ol7 zNh0vAdaJfZhv$JKjN6 zLE`dvq3L}LW%fln(NI|ejoXy$zZT~p-|((xJ>@qV$4_Y1#CP635dJQU!8kk?ExQVb zK6*=eXFN@z4vLJDYwOYatXh4xK|}8P(UmfPMS0>MsDSL_uJ-tig7Z44qDL?TPR5YosD}y{g(@Q*WR2X z20sI<)QXRD{Z3Ylmm9A3^~kc}=V{TI8OYY@J|{psg+ln8;BBXYL>=X}EJr0|o7fPOM- z$YdM%S%*}AvYI%SkWZV#T=tjLf6aJ_5-@gvmi)W9f-+m}K;`2h40eu;0(#R%;{pv@ zkV&N3!qN++NJ>UvDYbpjFqpSwP=WpmM!)Ao#vOy|fn*8j-0>nLd?Nt$g}kCD0V&Ys zP{bYgx7M&g*hY@uuCZr&IAO9O3_Tr;uwPSK8A<+!R~bxpk9TPlSmZ7tGfB<%py~%x z%iau5dcWiHWfY~Q^C_ft{%|w=5ve=-m8)C|gw5p0)Vh4nQDr5{U*SMK{YDq9`*`+1 zQ5w669~?W}@A{^%0o0aNV)_-Qx@dWYTldw@H7zEwT|uCk7RPRoqNOt{Aa$o+6Pn_~ zCt<|_KR?1B&^3Xjfo^sBUC7dIy;W{s<5KZp0gr+DA3Z132m(P?Tn^BM=Gr?Z%|CGo zORi7iZ=@IHGmCAg>u-PI$}_OhaFiffJB;sXMHLvt|9%k?CKu_ZMJe&h^0$!naTa92 zhP=M}+Oc=8ljuGEvM4ZEaZfc3=ng7MVY|_9my;mt|8~RttMSn)yL6-y&A3F5U_8e8 zJPN0XKKjWv2)qiFEhM%;{w8d|_Jfw(!#7?(m1s1GX#XarTyq z7rlG2Z)!LFT0i!Is_B8hWl|S`Q3p3L770X-K?>$1v1T1n861!G@GB4^SOVPfGP&h& zqq6z-%UdV`;3qRGj@*<#^NaJfEp0 zyH~S+Bb*=NGEQ>j{4}4RA92YS&^tGeTrmpz4}}5K*uNa_ze=oWq5!yrh~qkcJ~nV{ z#>5>2bs#IWV0V4+X1~m|hN?n8+-hS7$pncomrGrHwRi{o#w?&+(OwXM?~O(HZ=e0i z#2GhiJ?Ky-Wr`0AW56i#VXvg(Gz-_g7M5rBR=BdN>cL61iq_qwz~rjncHR#Ox1+vk z=N20BXnA)%i^YDvaoXp;UGux4X0LG}Yp>U*&wJfL>g8P4-lWU#F9*FDLVqRx9{=X9 z`%_^L_2D$?duu3>`}Q4VOP{{)!Tbb7BK|g)SMzWC^`V|8T(B$_zntp$B+B9GYkQZ! zqzp;Lk9^XIW20i59{EqnqURoe$NT$xf6QxdEwiab*eRSvrrUVFr#hucJX>K)Z@$#X zwREmj<1P~kalj}kYBmP9Z-g8@*Y9|iezGfA-WuYi+{1#6panh4XQWX<60bR3Amx>beb6p7eR!{1(% z*eND?cKr9{8qg<%Rrr}5ThV{(*G{O zhr?Byi&PEw^1OcI_wQikF4x@hzbh#e-QVyciduPz0QGYO`SQ`J^u>ju#4-wjjCkxY zf9$YNff#HWFMc)A+;DYds#;rC%&000_PG&%0TFdYhsb**keE%?t=0BiYBNb8;TM7| zCHfJwTn)*cyCOiXp514jOby=XAm#cKPtUddz=WV90o#kQ3BsGk)L&dL`h7s>+{u`B z-B6ncB)L*c5e8MWg)G6oMyGmHD${|( zmD2SP)z9cGzhre8l0R8)El6a%{1^>7rN*QSI8B;;S&}E5lo2yiCbIg$+Im;~XCJ)X zdCTy~1b-y%FIi%mmr3zm>ou0*i*~~?7s{o-5!ekpE!(+S*L(N5|5u@3E{mPsRd;{B zIJkK{B;m&@)2+kxiat4p*VrxRRLXeAG;hX;v5VbGLHtx`wSh_6ykj^?g#n!@HcIBj z{!9Lad}0R4%{H<%AgFl^L>w;uB2eNg`IzHJJur2;E8^gYWGqcO$r1Mh*R|TX^UmSm zvK{foOve_SM)?lWX3r38?0`XV9L{4;ntrAxbx`H0KI4XUWN&0Os&6#%_9{ zwC2!@nhEMlw`MUM7PT5)3w#ae$kaCw?0mZQxXkppe(_KO;Tt#nEC{(J!I|s z^2orYncVLU4`@XW@3GO@nibc+PIq^}{37fyvC^$5gJCT{-QbDgCQ@}F{1csmEMz*m zL91Ekz5kM^?&f;!(Aeq-#c?}s{XP!&=A+kOU+<53jT0*d`Hz3to0#|lc#RLbb#Ud_ z(9Kb22Yr4|edpXj4Dd~2>STAU@A9Q(a@_l-uSZ3=5-yvYP7>cMwMaM_>E06fmQ{<{ z%=Ia6*S0I}C;_hGPWCIb`rEs!xR@?-IrT!`yp@MYUyH!+=Clq9j4dLCFSkG9U;N6%awPqLM|DWDpdI ziUcJY07X!u1PMh(vLZ;P$S9d26;M=tbK~j0=j}dyyZiq7o`)Y*bv&?Z@3rO{bBr

zKMuu+O%hv`(>vDux zN4^{&zs=qS=d8UJ&CWOoTrO6DfaQnV8h2{G$LV*5bMm+avKD^j$JX=wt;t~AlKI*G zVr1%{B+ygY{gHZ83Hh>qubvMeFfX`}*+HTmP$!DlT)u&(C6`HqEZuz##Ka*N!WXTq zJjs0cmXQ9q(hW$fh7|_MgljF_j}q^Kr5TU}tTcv2Zb5~!8n9sml=C9(f*6ILSmZ6+ z16(}R7VkZosxVZzsTDD%hsMe-pI$&sG$nc?ZvIjwbOtKjUTBINr2Msp@`L%0ogiUY z7rk{t@tdEChh~svIV!`f!6Z2UIj%19WuZE`!KOX8J%aw`i=QRPiNn9SPY+CUgTZju zj`NSNgbyWkm-&Qd(HN6{fwaliSLGa`s7ZIhdPVZwpIjYv%+n8S?t94+@`Z@`0(%>pjY$T$GPLhWGb? zp{?Ub&Z?21wAP-)XkN$Rx`?q0q7>WXpHX8;YnR|K*cIv-bn^LnF&*qwP^(6w7o3!1 z!Z%KJ(fn0oybUFJA|+r&I+$eSDcYvF(@9l}OT3MzN7w18hcgG2@y$8QZJ*7!pptE4 z`yGef7I1MM+oXp!61cADM_iKJ?oWTR(n})wyrP<#v!t8YV;` zxXIVvq_q3YY0&;FK5H#8!d2%;W>M`@P*d>~WW^Z*R-EatFF;;&VEPxO5-#KYNY1?~ zu8<+-z>%1?fwnL$PC0R#H0pkt>7j-bg_^V*#-mV&w8ch$aQG+G4)85BiVTZ9E$gmH zIs+}k9oxM}fzalMN*UXGa@xDl@S_?H(bCgEN`&NL8PN-sC&^g@ITo8q&7T%Jp`1dX zUANt@2RPCi2_CFdj0T990rYwHkD9bh0bsR~N^RdW><*_9z!G%VJly)75w{HtC>vB) zw|g7!Vt;FX^xSx7{9$P1pcVDSFvxwXZENm>jE=!02xLCFrS3(1W0{Ci1CIgFQ20W^o>76?gazGW{NkZRLfB-D>k+kFdsY^!EULjWU&gzgAO!fPNbv1|_U@Sg* zX5R2XS`7LwN&I-TMvSMg7xGHHG#UafV%THmpywHn`^-w+wyw9LP(?Qb$^7mvDF0^#nuA1VP$tNFez^i1 zjB~!!ve*5LYY)(t$dF%)SVxob7)K|WtO9FbmG|@^RtgZ)bYHLWwcxc8CL%*LtMJ9i zN_}p8+9ik^ioh%XMFA9GtW1b<8bAL59XR@r^g~)eWKWCpECwqvD5&ACfZ^cljm&pG zK3ii_5wftd9JYPfuyCzp{*A0(+&>P!TSeT=XT_rVxDuQ4+VCu)AObDZGQL zR(}D1opVD>*2tFF$QD03S=wD$0($h*c#1&8BCbDB+D^p3uaE(}? z4LB?(-L}+H3);2ryL}FWu_N-i^KG2A)h7UhU2|rrHZZ#Or(}wB2wbH9M-`aj^A}X4 zb$4T1wM@THb!+Q!y)ACm24(mzjM;uZ3V4_)fbR-Z$LAT1s=_obDVY>W8TyU zZ3!`P&8SBvI$fG{5mi=G;y^)?oOiVy6t|)rvBfZHy>V0my;Y)P*DaUQG24l0yM8^1 z`R*rz{78~|6cJ5ltv?>5I1$~_tyiYBxQocN1cB9xiM#_4lP%;pR_X?N1Llb>+v!MP zQGn84v@2YM$1p|!qs}(tJ~i=vh@^}12-`PLNB##N=F^X&ZZwcD2ET)m|9-glb0%r} zZXF#NT6s)gGE{+Ztv0Q?rP4(Q8AO`kWJpmn1=pJS1d$>+4l+wF_K<{i!Z1a@por5Z zXzt(AQ*a!Lp07mhLK+Uq=q15xFC9d9rtK$y*0USs1VM%|7*-6p{Tjt-Nm|fkUj>no zX@)mF#>t}H@+Ik>Me(@6ya}(AUGc|6dM($ZV@YN>E*doAw^Or5z<-;l6&Bg}`pG2CUa#zD8J=KI+vn zXrBwF-jd~lgs-SNq=d#pU+x5wX|2yNYG&BjXuolHf;bul$71GdAVA|0y-uaWseBMW zn8G!1uqzo_P@>mcU?HyEZh;{op|83^vZ9t$kBEi;V~c%s1NOy2ZuRsr2%gQb2VH*D z=;vCrb`#A7Y|RgwZG+*EyJhZ%0RT$ahX$~pq^uK(iir`HqkF*9Hi_=|qj$!bv zr=X!0gzJmUd!v#CO54*=Tj(!M2G1Z%U9Tb!yF6t%>{$S82)2gmfh+fT6bmnTpIoyt zI>#d1>09hZin_c}=jRXxOC7!ZDNP+SPk7k;(F6Jw;qe+BGNrNHk<8jZfHGF^br0oF z_x-^i%kNv8g<8%Gj7HKjp%rF#$5*B98k5F$JC;u1o_pP6@@{WJH}VkZvMd z&|nnTFPhVcpN13wKe7tff6^D+J))a$bE@uO?glgI_}4y81PMR-_ZvWR8MoaTpa~2J zaPY`vaGsE0Cq3zL z{0ZPK==~UAz3W>h@&YdwcJljF!|k)e0?p3LsAk9&Jb7>A>FxR$V!-0r6oBlcvG^&dTRidJW8~==}FU zhVxBaZUhz$BQg45gqWCdA#d>4wU1f2WP~g@1yw;!_g{dxp(5VPftTlH!+$K5+~^$9 zn~QmjQ_<$xFYw@HRfPHqwy<)I^*${BtiwyTnHOSqy>+wCM+AjY9okN)2sz3zj{}m2 zh@o)oKzl?h6+YR3(T*GjfD8|K+`-@n7KktP^DFBZEYhHWnre`A21&Zh0FIWwU1?5f z>$Cj?w_S1sP$%=-ks^M#as$W!pOZvf{%mXc0TSBll)e-$qv2lmk|MqG_HvFG{X>^J z>6y+#o8|1kgLyKqp%yj!D4@`cHOy{eq<%k8*fHB%S!3fnjYLYama;jc4JjD*fL5#Z zqhE`27CM z4)OETK*khHNS}*aKurzkCzU7+I?}$d{coGofCu9IKb8snjy;wv?;#p6r~?LY4^HcY z^_i0tgQmj(P=a}=wBp>q-caBk`ma^|Up3`_5f^mSo2cc*or1r>M%lapUAkJJ$eDST z#IM4kfXKs34=9=+_`nEeK9ljU7gdj`0=`BwjIi&vDmcx{O<0GQ6l|0|wh)RM_dk7K zigNl;_y=QA3&+~BL+5n3lU5a~mlUP4OQ)@&Z7}&T#cW}tQ7Tae@J>c13OW=M)~qF% z)RS_5I1YM{ki!mYyW*@3jdJ5$^4mkjFIjtlM+no)m^$s^KICo{;u_nH_4&dt`7uiB zuS>68GT?m;uiI~MfKgV^&ZHS&$k5dKoH1eBDRUW3Tg?u?jY5cn@&B#Lk}{=1?z*L z7|ojiRB625Fy;y%7vIxwm1lR+_GdUhb2Shx5F+Gslo)RV9L9Zk%sI#z%Z#Y_SsR$? zX)Wy&As?yJ|FE2uP9B6df$_|HLWtYrSu&0m$;j%3KV7@nqD0$G2L$-$4xkQQ_l$Q+Qs`j4D17%0dvRhE{u_l3Wd+@#shq_k z@2BAFQk*}*n}eRdSmyOVf|@m0he(cuNJV!g38*jd1RR5#MgEk9br>o+cBF8jdG+!q z7U?}g9t+}ztW}@>!-p{+Qi&1YhQJpR)4p1T5Gvu$Yz%(%U5&TfM+Puz=0H^anyC+D ze9p%kufp3~1Z4$qtz>cSKqV+<(&e)|4b$z?$B^~);dF@(KkHxLyo3|Nd>oRBB2XAj zqZpoTSv3V{gA3uiirhGeUFh5M1L_JIv4Oe|&oHS9+OPFcH|~NEJ`iaw%>9_I22fQR zdZHK`pss_^eJVf|Z)#k=26;VEWF$7eH&Paiw?gDFBCHl%YbrqV3z~7E;)x2aP&4ks zKURGZdX#rm6!c!0K9|=5bcRU17}%X78TOH92)vJLB(JeSY{Q9|fs4vY4QyY|pkXza z^u%U%d#Yj%hyZAqT9=uW6>)6fQH*iOwQjpG4lE^0#W#AYeq5J@C9MEdf&xwhvzhRT+Z`-xPPw zJH)pQ3*%fxiys_-qr{U24%iQYV~%V6j;jWJ?W`p>}O$Rat<1XwE0rg9ypd|`A<~^lS^|1HG_Q8GCcV?$n5v*%|!e(>7%!pzcgcl0{cNH3OO0GGic6jvI~_>)HZCa!UPVY@l1x}1@LTSeydWc71o=ED+zhqj?8C9Xi$?Q2JChRItLFS1Ie5MN7G8c<2qpV zGb}gM8~WndFX+@U&Xp`V(F?f~3+U32set8jO%_53`lJ3^kr)JD5GQaHAdJ7GIceU4 zwaQkALx&Gs-vILlS9pPbul6m5hZd+9>ss!Lzu$XbSX90B)BeH*gaWAWfx@`5@>0s+ zLoQG|YJi#cV3P1!{;w77c*<}G+R2T0z@2}*7j`{leUDlgd1h=65c2yH@0}>362L+q zDuIuH&@q=Qv&VBmU5@@$%43;yq5N&Sm=bLtH-KRZP?{Z*T*EHHLcVej^0)7RI|4!? zsJs@i9)ut|JT*_jZ9p-`a`gtpY+z{302Al`Jk{8skUx@kbbbU?c4yJh0hsi0)~BUS4?gpShr8Hv$NRXo~q0>`XB1q2vXKz7yKJdoF1M$}XC@`V9TN&d`wCwL;tM&os)&>}VSv4w&5cE5-7qXgL z)y!4Tdd))cs_?RQwD=JBD2I*Vbo01(_GpI8v!L)#WG;)(*NrM0n9icv`8O`J{4wwV zip!A1|1TZJw&)}B)5lx6qSyJpvY$MCb#XUAs^P#lXB#C5+6gNzXQEov&~R~I!j89A zg`H0y&cBY%mFtUTi`pjPT#dkue6CbI-6b^rDo5aXB3F!n9-&`m$Lm`|ScmCdSy^XMe z`JvK#cj;`Rm#=8HDwDx$2k{;qQQ+0ZV8BKH0zq{Ir7{tjz23^mWZBg)5KsX=*Nneh z#p2n~8wrK(sDOX&s6xE(j4pCvl+d*l_Y0#DG78&aaqLKk`v5KTI_*m{=G(5UuKryR z!vVi+Fd)RJM(jLkb7MU^g_`D;ng7CC05_C)wG+@RWhnq?`qvq3=@YK21_^r_eB8kv z5bP|0`u{}U43KHAYL`;85E>n>^q7M}-qufd%U89Q>Ft3RzV;Ghks{<7Z%swX`OZ<0X=L9@^;VGfH|B! z?*$*Jc}G3$#!L7CyMNXA?a7&$!tvFcE_JR_N#(I`k`kpyB?i0dXIq z7=3?+FDdFf2;BO{$5ehFPFX7_c3J`)Pdkgm&4OP^u(WITHgP}Zd<~{!$S&-#zT0)r z-yyz$2QlGbDA(RCWVAM4>5fP)V#=_cs|9H}B0q(YfnNg!VvYC+C~%kz?-Xm58!9^d z;;Snctexq!c)Tl_kOX3E{(EmARE@vLar#CuTT+#wB1W2lNe!@wG@8*o;9> zkf6Z?62AXrprBU^P#^DyT588*B0Lcz);fr_quF_)7(vXSFHH;I1nD98oxtG8K%bob zb@iKTP@3Ir@yWz82zhf--3|xbq|6Kw zt>r+?06GoVeSLm{d+9vFw(|jR-TcJtAV(%psb2tvhv-2t3cL{*UGpdiY~$i~$D|Eu z6(cZ7Z8!FzH z5_mj4R0QnGO?y=V!aMCoc;Sz}alZ1!um1v>y5K$$_u9_O#NKTQPQ*yM{i~%o`Xi{~ zV9}4YZ<2F!qrA5+F(9hF>ftold~N@191+N#xa1wS!O>S7@@!m|@59a-fX&(CneNsUz3cBUo^HL@@Ck-kvD;{ zV4g#sddZCwq;0juJ?D7~6n}h%L~k24Qvv17Xy^BfntNoW)Ano-(O9=}tY*7`=jX1G?iN>uU zPvPZ%!wjVzr?_80?O^lx=5ibKGsyj@n*5~1df_(^)OGzD=17CVbGJhoS*uDA$%L*E zJOj%gfzDt1Q$Xn^pOMn>4X8{u%mMw$R`|djM`pppgA2ABUvXjqTqqO`_PdpKih>(c zP0(jefcy>u)CPi)a{tWiU5*1+&o?<>g`WQt`g*|{vJDSY0QLG)@c^$QfVXz>=X#8- zFB3+&lk+T*VdQ=rmVue)(Ui^ufWJ!=ajU0$zXZ?*dyX|xlO}Cx39=)Sh0kTGT3rMW z>Y%zHfEoO63THW9xMK~#NZb!=Iubse@R$IgT3Ht<7`N%WAxt04IS`V>T0BU3*R<6xy5u7fK;e*YTAZ`mY(xU&X zD{>m3E$o7FDQ^(S|Fu<;Bxzr7Y3$;7ocTax00XQ31AxS{B@svka@J6(4Llignzqi- zY=ya+mTNPINnQUsfRJAisRltj#i1fASZ;gEt+oG!9Q=PH*Z{R&^REYY^(e-2_bB!! zohRCSupZQZw3Y-5>g3N@YRjNz^4=b3X7cuYSiXl?+LHuhyY^V1{kiGhc)9!XbiV$i zxg%Zsw8_roe9Z0i<@MHS5k9!Ab3V>go1L_khmi5bBEYs4x!f*nxd7;Xq})Kk%V7Z2 zsF0F!0i=(n`5?qXpOLs{L2lYGiN*Jkisy=C*YQ2`czYzlmT9IE?JcJWxA$8_>}ENLfGBj=kMb2cpXjqoKBOpWK4 zT@*}WL5a2VS4?7~U24y6R6Vo&^Oxk{BehZpsW%tFA1Fgvh&rMWU{bJIMkLwAvjby% zYOgl>a5K++7BS-&&UTAWF;tFV6q@|ws3Vp%?AgoasE#!3RZdUY5MyOIR=F8e8$$!v zt!u4<0b&uAupAEUi1ux@DW10bdA4RCX*Cv6as3v{NQt&6ybQ-=kR7s!p6%#y%Kb~O z`PWv+8wFykVr;34_$;^1{P#=*NU}<{{UYX< zwZRCmiapWX(d=iQzD`=G;g&5`#y{mDCQ`ofp<^*7)qLn_&aL>-pW=I>?@_Sk> zVdCF|D3>ON%H$Gl53gzzI4_rqU=)`0GYgKHF?NhR3r`1K_a zDnv9eywA&)gE+`9cA>NG_{+H1MO(^gx$ulI3^kILyHGF zDc{dd&kmMVJ$;>@$|8x!sGR|Q&G+58hSg1IraQWB=?^ zr)FP-tgKy@H3bBi4hy_NSO#3r*!|w<&j>IdvMz}c@KeC`=n?XqE5Jv}=&+9vDx-&M zia7}tIjVZD;C)ee48DXr|NA9Dl7uaKIQh4IPUzjO#qH)5d+xb{@NmUQkt9XXL8Dk)5D7nv>0G@!;I0uL#-lR|BZDpH zi1yfcOm^3PEL(wiBukC}FJ@o%C(EE=aBo!V(^9JT22Vur7I;Hjg$z;li^eTLaI^IG z_DW6^zoU-^alI`3D7cMaphEi=3mtoJl5G<}8#2IFQMI)_T#>T^F@7M>)dYastdAmG zC-GaT{1(MRn)tngNxd++bXB|eBJSb>?g-o5xFS3j^Rq(+5uH-;`@0=UE-ET2Sxz0v z{JR*z%R!$%mrN3|?v_hNP)%dsT4~RanBJ#uP4PT`+^5+2T1G4Uuo7 zl5SThh4s345|yxXrOIBlrh(tw{nk!HhH31R3Onr14+kWdx^>M(oBY!7qpSAiW>?{% z4Pn_Zcy2T%7eXZ257l80iI8NG`9l3Oz|jpK*~MfGC-u+5zD3Dm|2g6Q<^XIyoHz7e zTCd}!^^z&kFH}{a9oQZXb|85?I$F5cBHovlJk6KR$NOHSU13Z8g3U}v+E(8<)Z^vY z&()Od-_^gMXEY#-nSPR9Y)tu+k%0@GwL!)4o1<2I@%HI(%x-(8#Kv&nKZ5j1uCL? z#r+X7VxHF|^C)0{!f=y3thb?O%n3 z1{E#EHck8+t+Mx@8Y%Yx3M02~F8WQCF};~0E>lcgoPx|bh-_TEE>4)j7CgC-JMnT5 zSI>->$&>J@(>VeU63yVv{9UMS@OhC@B}`9{RIcBVA<3T2w~EBx2fI`R+%n0tXvJ@9 z%rjh0cb!_4lokX7zC7Ra!y=Pk#7+@3!f@1hT8cqNGM|Y{t-FYm>p6#1CdiLqPyc<; zhXEx~>fuMhF`OYnGBdjkK^h%C(;0+I-Ayx4>5*hF-oOtLWBxMZ5!j?#Wux!lX7Q)6$S!4!g|5OBUUhF$GDgv3+{3sa z=o_NuN@dJq*0k-*&{O{v@=b$?Q^%Q@x{1djP_cGwBo&OyPOSi-rTbiAI3$lE6~o9dSKM;rJksD`F#?WZvCtrvqDuFr zChuF<&hIncj-9`5Y!c5xYF^l{-(ThKG`C(f?s8Y;cW+F9Hoe%dD-DnEhGs&dpApzp z@u~63Np+1I817LREidAK4|$!oat{g7Q97;QF-uCvhfxSJAjyLAT-a}RB3up#1G@wU zE5%;FL=A^B$&s9AWH9=B_Iz&Vt8uIBvgS(bTL}rNxE^O{0by3i4q}HAY>t}rzMe-g z`-XD1$$7(aHx!rj&%u-04j17WZNVSnl3jfqLQhKmx`rIstnz zZz{EEglX)h%((^!g@$`u5z3qx@S|%3i3U9WpsyleyP;znqpK!fIudKpu!Ar}==<2c zM8Eau>Nx_8tV6H*wEdUEr*(NFBcqi2N_)&DHt%?YD1XctKYW7rMO^Is_9FrHKvKo4 z@nGzyi)3FAvi32f6ul5&ZpT02g22{QBpPBOw?B^Ne3#DzU7kjK^k2$GPz(LTTV6n? z`jwSU&@=c*0#ZswczkMj3&d#nw%^#Ygw#&U2^60ZvP^0J-0nOkHTM{ZDoUS_i`Q2$ z(g54IXePzWmY7|W$w3%_i~lQ++4Kv63~)7e_Y(14&yo^SpQmSYu%~c=Ph8%l&(2HX z(mG^c;Rlzi_3w&Z@EX;lo)J;UZw+}-ghLS;)IF=qxCQE|4p3144w3)~uP4~snqEKm zX||kz6m!KK3j~odBD|Q-LIF$*W!QA>>u5j+Y}S#2bjzp9yA1Ww|kE$KL=6 zqkKx;OM3fycD61v%G?fJW_ki?bc;d&-1hYVfYXexQ$iGm7`~ zE7O{Hlg;<=FLmWaDZE#;Q4wI%={|F0jX{X$$)1O|>2N*Y1i^ybBkPcf0QV|nqe^e!89sMWNGc5N4Z&H)!|R<03{v9+KWzOuCh z4m2Xjvs?=lvRNCb85v+!TEJkk;Aa2;l1rlsdq-00`3)R$S@-N-zmA`cL9m*sGGPpB z6{j3bnN-R5xV?D~if5|72<;kRMyXZ>WWADI8jJ!TsA}9arQsu|PE*x3M;XKf+%75! zsnciaWI}C;G6mfBN==3tQ(b8nL~*HCXP$Hiz8mf0x_JjCX3V0I3p$H|Qc;N-zx!3~ zt2*m!p^)S@my@kk!k+=lgw&)Xm|p1O@T%0N(wh25u4qWI(zEX$BBF(RdLc&N;(&XQ z7aRIdP#7&(gnO|HFYclo45qMLB4q(2XT&x9XW%aEL5lAB0d@i6Dpvw@20~E~lbAL9 z_aAp>pxCd;K<-1u9v%%thSeY>Bw6gV#}rDVtx_i;PsWGGzEDP`FBi)^Psp4SO3xvU zsa^q3``aP{YfihE2!KRD2cMZiH4P1;KN;E92Wu!RX|V(U=DT*3?P|BXV*T{zY+y)p`=JzJYvRm5J2MIgcx(P;?a21R(2&KA(d^HJFpy>`e~TvPN*Z$!49+E_{0IG_N{kf$1q9E_Y~h#_HDVOH1kLh6nMOBEr#r4p$NYkg4$H?vOsC^)n)5@J(tcT;T(nb_F}QMZ0~JH_-5 z^)vPcQpHK}4==q?f7g5L(sG}B{b6hjlZ#`<)#DwMq;$Mldss&U8Lta}J$12>jXV_K zPZJt|&^j=5s>_TjPQ_FI&-MC?`bxBL=u8A15`yhCx%J)_TdIuO89Bas%H%8b5MZbc0r4(u#IHXKSJvNSjUSrEg-%-l02 z#QBCo#PwBiP_>xdOOojR`hUdUIk-pa441JkF9VZ$vOkP95~GXStE)6N5-u9 z2~jp}A61`>+H@Lz6J#SxvvoEZpfWYOh*b3X2J@x3ubLpjOI6b!InPd~xmbR6`K;bY)Duvg+hE~PoxGAf4%8k6KTQvcW*`6g`o)gf7*kUSBH{yRX z`$}Ez9;*br>QzX_B`JXi)+mrkaBZ6M#e&e_8zw^U{QE?>9?behg$O9;J^uHcx6)xx ztIX->L){M?`>WPL(R1$~r@MfafzV*I?7GnGCY37Uc1W+c@}!?iXF?ot`yoHTKsK)W zhAaW(OPm#Tt@nQKiWq!kPf=8hDIxXhy58aI#B~L*1I`Eara*`iNu9Q>GL0llM0`vA z`$xU{O${Y-FJHcFdb9^!vyD!14sPCN@E8e@Mxv|; z9rY3%W76}FB8Y-Q8zRyN5=%jX=ER!vOK$EDCaM&e@4@^l+ViItmGcHo9lE)<`r}6? z;P|4$Fi}Z|jxR1dQLvB11#G}RO5W*Ih4zs+*hg3B;fkm0oId7fs?Zg{BHSwp;th(5 zFmNen!u4!l4&~c|ba!X6Ou`f-1!E=J+G3t#c`9_d1wG3kj6TDDj{=*F60qN9^24S` z;G-Z=rhH;8866kbmvQoYLiu=mira##%;pRP4*KK|t9jpl4`@7y5|M*f9c9B6@<0#w zu28s;zgr&pi{1A(-~iA0PX%c-vW2Ut_~&Ztpv;i)X%Y#bK$3{K)@nwaO|;xp*&^02 z`jHhZFA^(?wE#|id6Y0vC>aHu17a~W-}WJ;>wfDStIP`@gsi;o&M0;eSo0VD|0rM3 z?jXPvtJz+ain)SuG6)!nIyEZ^2w9Md!FFp*ZW?>|)Xxk)DpK^U73aOt)!#Ztc3?@j zZ)k%Cb>ONeSfMgF%<#ZnL(G@XVCNPRQb3X_+r4>VvHb0p?>&p1HwlbyCD6l{)=U0< zyDVvV>X(c9lj@&D)5={2t6@E7Ko3va_~JJE$BGmrj|(13*$RnpXn(Fi0Q(vAtmM(d ztrpvmMjD-Lxa_wlp%cq`eK7ewC@z+NgxZiv%a*L`K&--+ z2}%J^g8`y|y>ZR{nd&<8|6%Mapt4@Ge&GeA8wmw@kq+qw1(9wLBt%jKm6jBwk?vMX zL@6Z{5d`T_L=Y4~x?4)6dH6W)Agr{VJv0C zq~I_?eLE3WK^XTbd$iuK-ekgQeX_OphW2IupD(iy)CuBN>W_TC%_AHc4n6nL%IYC+ z%0sjYE=`Px<;_WM!ADaoCzUNFkov=efptCi2VGD|(T&bDCjJ{uD@vr&YyPgX_}V;6 ze9kUa<#m(z263po?bEVzLTrb<`C>|&R=q>+(9_4sZeS<94MF8i51lo@PpIgg<|2)G zq)vsF=n>ef`aUH{5Z76El%bj`irEW&R||x{agMVGF~kkec4yXkl(Aai<{?AYRSN1? zDpv<8ZYB=AcFgA41hqdKjg?1nGrY_*-q^X^cySRC5yQMH%hEVNF_UHr;3z*LXG`%1 zq}6lfv9Ci@U(0xCXPWzb9EO(!J{1~3A}$WhUNBbh;$p_?2mD{NZ(ZECE8 z!{$@XRj1sA2YhKKnR1rsf?Q$NV=u!vxx406F%O4XI$7C*m-h1HNRzX5ZFJ~0Y75-w zFge!J(KtE0$r8Yc;@9qb`_szS5kEMECLRNy3IlUy?ILDEdUW)KpVfEfD9XFV$uFiu zGn#9)>0H5ZXmw$*O%_vE@~VhEDo?-oO1M>fOn5>91*fd8Z;QBc3WmOKOcsHg@{)tjcTIb-!Rj7eTSLq3H+_z4;fud~^kZS6;cYh^x z+#~V?x68F2=x(ad-f(tye!lJCXKo%SypLU5yT%xlEsioxDxhIt|M_W_rTk2cGEO(` za5fow=U`=lJLEhkrxK@R{=&`6Yb|J6={s*_e@*L(7mmNhonsRVGMga7H@Lh()Xuke zOTCjx{8#ei;!Eq)NIxi6ak9pEKKht8_f}DPuV;DV^|`$VhEHPO!H*mD-Lo%uTe=dE zjL~Dzq8bJ}*y1U@E)Ej(@8Q$RSOh+Io@(>u{Y+sHEiz8jSXWM+mqjtrg_*^FGxqwA z;0Nx84=D6DAC+xJA*iGj-|p6P<5vmYHW6DHr}5qGSzTOXT7}-=bHp>#SoLarl{mj? zmGMp9t4&Sj{$>itRsWmtH#dM_9;tKNkr9jU$~|XoW+_E#{)RlD8C~k!oRc-O$Ddca z>`&!*dr(@ln>{!z)kU~k$DfM0zuB^AXW^)=B}#X#cVDRh2jma{GS z81FMG*RE1L+_PA#kvo9F*4u#p0!&%oVakey$Ei~yl2wS3A=uP+$68{$uo{cvO3m?1rFP36*5pJO`z3NY*lNz-!3f6G!a!@zAI$E* z8B{c6|LN2P_PxsuTeu7o!w=a?bK_G|v=bMoTo-N%5D6z?gp;UEq;qAt8WVR@aOSLH zDv{J5P@k_JN+qDD>S1?Xrx{a1AxrZO8U}r$+-fY{ZBZTRb^6EV zij3X2ORDb|*M_!pdK@;_P;aptd?Y2+!++!CCkW@jo3hQYHkKCt-r!&Rlz@sn#8Do4 z?MMS#U*p`dmUE(<#v3rJb5sC|m>(#A?B{f$RJpe?#ELjO`U&S7m*ME-c@ z=fV+os1w|&^FT;SP)o!UL#Hd#1GW0y=_T0pYYFXJZ#!;oJ~ZdJT`!-K1{gft=t$;n zh47Xc67;~uj_YG`1aYXbQ{iS|s~myvw+ytEmqT$_Q}^Ad(5z!8crfAirNiyhx`-Et zp5JNZ^JRh#f$aq88J9nrm@I@%2r zdFDwg=-uLEHBjxE8S#E8CU@L!^h8cZy{iJIpcR+`x`6zB&XBBBUVWAJHQ^P1?4d>^ z<2%yy?cH!N0e8G_AU-V`22@=*8;&?6J_JdFua9dD;q^ryPMU*rDW z*m?dFla8+L*&kwFjhX=D)t!EhRR?3DqrHR{`A!1NBR+)TJ7$RCnjv ztNfZa{}2Kp_u2|vw-;hD_5=<+1w;{C=L<{D^0_UoH~PDh2&UilB|Y2EXnSTOm#<2Z zcVE{{MemC5xf@+ZJc*p%o|Ye{w`*>oj_K1tL1)}!C`)PRoAke?NeZ<7l`E=d7r#7l zTl(s<&Yyp`a0+hT+RZdj4@C`vzJb$Lw_o8G{yMq5@&MflR9bm^y>XLl%&{%7g9|H(sWYTOTjJUn&|B2=)Jxu@+4qnF22X9=UoZb;V-*I$oNspv2V zgH!*besS3`RHav3xPyzF1U&25US8Rvs%_lx*KWl(TIdttZ<+~{%|`;t-ziyQUxbp> zL%2#lcHW1zrn)1)+Vz{ z?IUYML3zlqMs~*8gmRYd&h$I-b+7_%elO1^Brc4roU7IyLW=8R(>tAd>7KRmjAmu|NW5MJCaD|)j+ZE z4E%yO_O2q(Rs7CulaWko(Kf|9&zNfyMhV7Jc@m4WRu;G*mGY>NYR`|2_%FEI!ru z^Kp4Wgzcw#DxY6obRBj(OZnXy4qGlOjr6aaZdzz)yR**K?Qf`6e?nd$`PU93fi!sy zC9Zd>IQi+z^;1!K1KI{QR6pr1XJYu_%ljXs$qsmuBVSq>jvQbQ@_sR%4mrrLCh}i? zH9QaW_(g<{kY62rn^~lPZ}_|SYm4R+H*W`;HP81vR!~t<`SnU?e*;Lp2!v;Z0!oM+ zx@U0c_CQb?1}|AhW^4HrWrxMB91uFBIP=lqD6d4RM_U|&)K5p_Km)V_+cH{%Zc0g{mcaw!tY;tpWu#UeCpg z*#ZEJo^-4~sBG|f0<-EQr1Q+g)LeMb_;I35NjGXS2#)*(^P3T;e$qYW+zZsWe~=bv zfA>lTwz4c1rnTcE3>B||E9xL;Od54393i!S(_BDi#WtAa zayAlq0EaTOUhyYN#r!bW#p?#B3)0^gPDXw9(3!1|h%zgZ*H7M0-+4v>O#^;y^QmOh z=V#YH<07ITy|FYaVn*VpOk4~eBCf{#MuyyazpQZ5VqV|I<#V)Y2G6MceO22rwYG`ZauSU)#{`4{)wuQDH<}(PRWk~mdat@bJ z-4t%JQVc!$%*@P-x`BW~5WrbPkS)BTLMudw^|o-zMo>BCg%3%a!DF2FnuHQKS!JdG zyQA#fv)e}|?ijk+BE|Z1T7HL;QzUv)IYE*BTCSSh-1XESKD>TsMd`rEE3?Baj)_2? zLK6Vg{d^Vp&*9CN{Y@-h#=imLx8KSt;1<(5A!8Xs;yYCLQv0o|Q;u(uV7AG)ru7=4Nr6dW^p&ljg0#%kauh0lCQRm*-4+K({! zIC^Hqdo*~r5F97*`=>`iw4!!~1w3%dwcuf0ii~2Cy#=^KfuOt>Kwmn&(W3Uyn$4WH zUi^K?XEK{B;Cb&={};!;krSl7Jp`Jwe{t;pzr{SxUr^R_1T!3!XTGJLK*CFZ8~gUl zGJ_sxF`h>AenhVprTo)i=U&^mS6H6~DdU9<=QbXS%dne1Q_?M>E+=JXeAdaz$St}M z$jf!HkTDzeebx#gfDM=J48BHSE2B+OzBtNkdv`#Mui5aZ281udH+$tJ#V(m7^O;mR zT|}^T6Oe%C=H+v zfwGOY*acS4MF1!(`TN+DT)0PuW-|m1Vk$%e@s3GNy3i*423?@0{q7l@{cwRTWA>bJu`o* zZ3K`bygAZYPchyzb0{(+x&~ZS2L@nhSZIwOPtHlycc+2WKn0T`gQmt~l^0&ZyyrY2NpTOGHJHl7UY5YYR@rkg_05K({izE% z+Apseal_H}#2+{-E9t%Y49wN{k&0dbVpb}q5#U!WAsQ$~c4Ge!$&y4#U6uaz<#H~} zIjEW(P1w4;Lec{or~nV*7zSxi?HGJyS5x~>*R115p7hU;{9u_y&^9b!ves{lW#p^v z%&fV$%EiT%hsN#hL*}WvdwY_P2=47eiM0H+*eA%qV407eGONvJk_|j+1WOXf;A=<5 zH>NtQ03PaHf2;+?dY(=xIq3ID;?~c94H-!&wGU-*m}Q$VFpEcXtcXHs?TRCkom@hI zs#nHR|9A(uOUmd|B1K*tFUH{gBC_YfzwDn!`trZMJD(%T^|fN$^W`uTM!tU-1b|as z2_e%3*As4+P`fQr+g!;y*RgM~Gm%=&~mZ*qPWP+E!bR)#n#X20w*Z%`M;8Vy=~ z22~k#1;}pca#yN%%WWF)Pt-6rR_9#|I)RkbllFrZ&fUQRC1|)gcUp0zb3&l58uRa} zwsZ@%88k&@q{0N^wZ6uJbR(W;%_A`uK(c-kye8?}p?=%A3-tmXD<%j_xDKWh@wpNO zPmfZQYF!@V3Xmlxos(@E6KTglXd{ku=T0I!{@6<_m{}2uOX^P)7X|uaEfzT`in^fC zpfv09tD;!=VEm3m7fDve03wcr{Fp27WToEQ+YHxuDEj_7xCYpul9O>o!e`s&&#g0@ zw}FJu+}r&nk2=U^TA^sDhz(Z2kDlU~RQS7SBzcg01~NmL87UfpvBi2nJsaBDQzI2(+)(Pvf@;L|Cs~pq%AX3!{4?7cp?uBE1pUUdA|eMEnTvCqZ<}c;7A)s33}morWi2P^ z%}@Q+yr(XVUkh*j+8hkuljrXJ-9WW^-vfD&bu?2k_1^xg_yd5;IjT(g`dFf??8v~T ziDHS9Lv@^avhPPA=O3IITlRvu@^VNRUh(Pu-Tr#&fj3g##rAf|yMPTuLhXC^{8FMV zARY-hCC4*Tx!#|8{{JSZmO?9dlbWOA;NL$CR6z6kP(5-$`cVpz&X&pBL7_EzA9(un zzSAhK0xzPfB)>&Z%S?kQ7W&Ynf6eeWBsMRGQ`${izaZ!f;@S4;x#pLMWF{`w|HbP8 zv~1JfIPBIWM;6>6x|C<4^sQ#Fo|jYk4Xj?f{mB3MnaRh9zzFOIYV|R8m=s+W4%jyt z#hqk%HT{2ry2yb0T&bV=VTV=&2|2{5rq)<)SMzpM%?}0P&JGJ)dBG`*_o!`Q0H?pw z+&laI4NMAoKhHA*;#<)IRKaIpeA=pbtgSnymUL%lV`dWM^e>)Kvfrf~zq>OEbAqNU zStLflZ5Sz7`i6l|9jNgrRo{bba!LTEh?2G9*7@r4$HTne7?heyv^G8>c(QI;OG>u( z_T@S3n>E4$Wk%9%zJ?E0S_ZApVPjGRS9oU65mrVsZuBM3L4Uaca^>I7g;Xi$=T}8O zm<3{Y@q%#nnOVIlWG!hRH9G~#$ROv}Zba(~HRObxbo;WRJfEZ}qFs>g_z~XNA{FL) z_3*})e*E&6#7|4Qe?Wq$8<~qarPcBPwD@0K47bLnwdp-Dj}^K>6%t;a=|p1r6`M)& z5~9@_9RruArf=uAjX7*a@zw9^!bUD7$!(wvl!hT9`aR8sR#upC(%T**ie6Ks3U;m_ zRj}rskrdofTTmTGnqek{AJVUVY#>pvwzkfNjUE)k&;vZFZ-ZR!7O-OL5>u`s2}W1x zWqeHtQp~X$n_hfF<$>fS0vfybUhF)2kt57#hg}Hp|9*2Wa*^n0gV4QdjS?N!m?1aS z7JXnsebZ!SJ3=5ibwuXuxv1He#?zV~Of%R;Y#7vBY^A~s$N4O*8c;ozyMYCVyo)wd zTO?KnpFy;{BFo_lgf*vnD~X(GVCw1!RLT|@5U#s`Gl$@+%H)(2_N#1=EW-_y;f@aw$^CS_^38{Rt0{k445}nYcL8cT81%K5n|Oq z*b~gk#kjMGz6arMw|ioJ^$5Q-2I0;WN$~46C}ZNtRFY-FgH0dzC4#<(5o!Ro=+o=a z$Kx7n91h-c?N#cysv431usP=S7g{w0DCvHigDoVg={wIf&3Ei<@f*&tybKne`|Sut zik1PG2^&Xw$1CJKpsfUPO}gs+zdGVE@7dnpMzn&Ax04f3`OUqwL3aTV$!UFym_pS9(e-2~gt zAW*m_7xY-fUA8HPf{e1zKa;I24m#9(3hxI>edUQ8s*5`?Nr0>|l1r8#jP^^dcSr z$kc{-N*)bAh`nT=5t0u2#794l#_y)EAK-N^tedJ0BK(0n1DWER6rFlfBh*=pks&mlgU_GUpK1sX}$ zi%(P@FuwX+^Ud}56y>gkhSI2g%n zlH^4}#WB_QCQsEiG&y80ro>9d_7U*syw*`DS)`p~k7B9nwi9-0eNXOH7(*W=NQNyK z%#4vmTcPvmWX$6?r=*!w%X$n;k^d^&b#v@sfp?YqIg`@`8@ix9MPw0g=xW#K&4H7G ze^n*?cG_^$El8uTqW&Ft9N4kDW+Z_$V0Y8aVf|xwE8vgTmLS_Yi3qNfNz_*=ezrDv z;~d$$4t`Qn@l!Qr_x&|zQpI`KtBr~`bN*JBuez&Ux*$*&2cUasJpo;JF?`;mYf+xUs0d*$Jz|UA)MY9n6!vlf&37piPjCq9*ZzRH?aU&F(8l8jhM zzu&}~*rn56Q%3p0QxnR(@9La2sV?IeE|v9oBp>kedHAP0Cym{DL>Sj;$B=@IYxq#n z^+DoITfl!zj>;>*tU-+|xBF3vbwZPje$2_{Myq}t`-qcxetWe-8`Wh&L6KPI9A0eUmxG}) zVivM~^Cff8`*XH0tr81|N7x1?l*NEL3+S^cf7c6viyS3yH;peBCq8iTa;{R*u-4Vn zMkq|4*T|^K6$KT7Gs^wOIpjrP0+hv$3?1+Zl6PjB%GX-`KXX!3H+Z9@s5$fJKWL9=sDTkr*XwgbZAuud;I3}a=!W_=9 zfte~!67}s+2J%36nhLrfBp3a=C!=Z^?aIlVvSZA{H+D8wqv~GOzVJeOu0muBOwxJl z2*>=w7MUl6zKd=DIXcB6#oZIk317Y*Y@rL=6?IofEy!47?RoKe>wT(AB6i<46 ztc+grAbR7JT`*EP+0ozT^96$-W@KBFKNzC(<;EMo3pAIv^hM-9FAfP|2PG%#JP1-5 z#qtM`DOodkpCPo7@W7NHdf(aVm=V*)t}EKE?@aq#bBqN|Kd~kaHS5tzzPL3v`0Dly zR}Co3JE}XF*`_yFMz~krZkhIgR&V6noH`$1o_%7ohRimf<=w%8^dB0+*EU31uMOR( zr*fdNiv%^;`NrPC#8(EPr@e34DQX}BLIy~}Sx+tC2R!a6|6uwn7EFq;l!l$sL-d>$ z=pK~K?js`HjoQC;59!~#G0j2@%``1K(a)uR zQvD(lfZXB(AHR6cvdD0h%bELA9;NP3NE?u=kBacokb%TjXF>pZV9DhEv2nPF^jyRX%tDsvSR%W{ zA&&r|QBYFo^N=Hm^ih`3`}B?r!d@GM@Q(lh&Y(02|586IttVa+5<(yhqk z`>^S$^}f#HW(^;B2{Mq6o%!Ru)g+(B#59QACn`j4tAhQ20TbMoi3bw0_?y%`Btzh$ zna^pBJ089k|Aa_UWA;Lvah^YJcm0KXyI~06p~`!C6#%(D3BrM6Mo1PnY-izP;0}Q zp-_`+xb5XnwqSud`B2do75d5E5a_A?#K9mitj?2MM9&)*ya!D@y^JaFMX~@|#k<3| z;IaW7A!O3^gbS4Dg5K|5T z5(EyJW;cI`!RcrJ`408Ld>(a}bM8Mz)qit+8)GZ4y=^8@-acco#k?Fi&FXnDYQgkk zW5Z>^MjSH7zY|VkpVXcywu0xhBme_n&Vr}SeQU&H?!(!hJD^#JkkOk34MkJxe5>iK z+M2ZDX)CeU!Z-wRySx-L#^{|0z^&X83oS^*R^)s3FIA(~Dl#ev?ciqC9aSa)YFuQt|QBqNwJo zeNNaxf31jOo-(Z#iy}khQ|Wy&e9c4=4_UcyW8SOhowwI45cfv)kRXn7(c2w598Ad- z#fyFCHTWoRtrYU#XGCdk68-!PAxav~U^A_r|8j}+Jd1IK?F9SHwvU$@;1Xo9cyeI? zNRN^w^a}qh#CH8f?J)A|^ZI*&h}|DsnhaPftUT=897YXH-P-ZLH6@&*s}Uu`y}vO= zs;&kH8Q@@hfQ!|_tMy&I^;8BPg`UF8>{<)n(R!C@bm+3!i?LybD@>+InA1LQ8-UaTrKbyhY&8iRuGCb8cRdpNfdsx5JhPpINxmBbp z40NNEP%Jrkp!uUp!ce)$e*itl=c^okI~=kd-R<2*BHK?e-jj;VRUw6?D{4Oj@sDm? z`Y6GB!hxR)K)cR&-E@evUgk>%*p;U{@7usXt1_A~V4<`tF+X4Pj7d-oR z_Xjt^LNRtZ%)13lrEB9OPvKgIy1j0Vp5#tGkSGklFc8{c8iMqc@N#sxFZ7pY(@MEN zlWf%@#zw!v@s_rton-b8H>*|CKRR2NK`6$)X_au(o9`eEb{?=_7N3Q8N)~k=#`t3x zYL8e!!EJhl@E^TG!F`kMCyTl_mbYJ}N!XM>Gy2v{NnC32CK3!9``_nU*F_F>7vA?2 zlgVj0tOEwByWiP+_+$(qrkX1`)luHty)6Fnasq zZkZAZ;{}rnc;0qRKA9!ie=a@mHPewi36=}Nt9WthBlj{;c{v`68~u%n{^pNAGIS@& zjfHO@L_B%pg`!yYI%JG zHu`P)-W6fT8zubHsQ}e6fR8s%b0)myA-<5uF>xJ zg>K>V+fkDs7q@J|D+l7X+_IHm9ZAYeId}C0#Y}_fxLCtPu1X@CFCQTT<2_PVSwXiA z0asRHb=hz%{u?(KC9_ThHltSDBCsYWp1bHwtv=XfQXlSmAfi^15#~G%IVH>wMD2@s zC-P6AhBM`{S};@wmZj-1lz39h7%2&7xdqpIV;g^D1|XM9d0h2a?9iKRr!F2?PT(OM z@tW0c<&yVFxfV4OGY9zRu%fe31y`pN=|RcaOhK|jCx;QKG{(48r0FYt%k2jacK z&2Rj00)_#X7)*CFnVD__JZq~TOF|VlKAu7ziS(aN|kw12I&#?g*MyyJiG^B>VLkLj@Okcrr=eNYe>d^K}=?fqYRC{hj1q~+Jd!-^uo5Rrm*D`_hr*OwlhjVs+}M{<;sdq zWlnqdi;`d9?%}>yH)Wx3uX|*1)Y|+95Zs6v?{+XyL0vcC=rY_mt+WR0QS48mFYyNu18)Bjx zs(G4FyaKOXeG07jCC=9rib^n(omUS!Mfr2u!Hf%e|LzV_V~Nq8oR=>A?bMkZ4HjTn zWrkn_WTak2K7%M>T-ojzxEP8i%w3!S`#5g+fG5fY^uKQ|cbE0JpWc*mraKuar;r1izWgDVFB(S}=@iA~cF0ZRW^e{w-e)Pc0txBc9^XrYsz0+GFhe9ov z&|v$}D(MUX(>xYDU5IJ^#cS~1_GB}Q-;pt3L--2zj^Gho`^?W3UKzi$LGm4+e{27I zR(5wXlCS0K^Q$x4r=;*iZuYiN8p@2-0DTu8giG4t>PC16R;O_S9m`fWPS;V|ym``f ze-B{vFwnt$xEpg?tV>8ut3gCD7ej@)Gc7R}gY(Atsh2-`NrMc3KwgGrM-pdlL4mT> zN)MX?rf!8#x+GNnUC>oQY{7}w4DiRlhZd~;lSUzl^TvO}(|En2&v2DIsM7ZMLr@~% zMQ=0mE&dKH02Rvs4=jwnw%oZ6(wlJb4ttpz2}lvw`>`*K=kB)A-`=)=<+Q#~bvnlE zQ}J8%0vwHp{WENF2T|XkgG0jJOsZy|K6Ib}x~uaZQ|$e-ppWnm8Ui@Mm5yV)=9g}L$_Z#7Q3iC` zwMh5*ly98}C8af3S{;?>u(K#aZP&X zULeE)k^MBVZd4MJ?*!Kb%>=>u8L*n~@aV?%WT{C+uGe4s4++nWZmlJ_9uv;=I6%sTS&X7AS>Ym z_3cItJDl~ifq#fEf<|`W0Ivq!IEI%?HxOTo4Tl_Z#llWvPb3=Lb71ky~pKN%8&{{M>;eDe~}DaPF|ASA9$!uNJ!f zl_y=SCF$JN%BVbg9hQh{yf0dz7{U=7AsUJ9^JUmx=kck|0ApvE8BO`C!%e1R||H7Ptp(HoZ|sS#x^YXBTIL9f8;@Pie?rz}AMA-Dv{dL-~K@;XtIE}!_6Fqz-pYriG0U&f(%UgD&fG9+SN z2@{;za2Pi5)i1gJihA@>4@;d`;NGtm`Et{AYGLEgFNxv zKh~l5ncV2{fU)@0@hxvL#6v!z29VFRrW!o^zY?NvXOPP5Ya@yhVTWPEr^U^V0`uEj z5LlB7#)%X!2y@Pb(14N|t+Rj>t7!Kp9{&<-@exBlDjzc^!PLbH(I2}k5p*2DHlr-2 z6yT2H$b!m-DhdNXa|0GghQZ>55Biu6kSD6eFo^&>6%bA}?7R29e1sahg8PyQQP50; z9&14mIq3BDH~+vI!j-zqf1!Mc0i&Y(nNGqa5aZtgGD3kRrrkMhwF%|_RmA#s@= zOx~_5!$uhw?ipu*t4A6(StDqf#A(LN6)^M}@<31y5iP$gJgy=(wH#pnro!plhHIh1 zcpDk+R7fwkCMGWYzt1;8YC}1t&Gi|zl4@h92t0uGY??M)XMr|5rTk{$v1r5jAs|H% z?Ly#vBFhm8qALKG2zP(emB^Fkbh*sq{S$0&5~!|pz^5J?g~aiKI^!k3ayOV{j?Z_U zFu?xeD&%Nnv}^&A1H1T6R^!|Tc#2cDLnR#d4mohDG|A@eUqDipXTJZU6zOI<*eI7B zp^yLl9|Y2^_$O(w4U8cjX5+TC8T3q|7jZGak07zSvX@7zFYkD1CK*DDx4^zTBjFVM*7=0NWboE3YM|Omd zZ9fb>NZU?lhEkd^(PaXU*D|=;k9GP~G&GU9xsop&Gj`H<_4J*49*x~ycx~7b-`;n_$*w^q7H%r;abXw4#mh0ChL#%~khI-VD zs9E3~b5d< z7*(cYl*e|uJW8rq*DT?xylJR>1Rp7p@BE6tD-PQkCp56@SZNrch>kxGW6i}R*Rz+C zA2$Od6cM7K8a_COQ*=W30+y!#CFDC{j?Yv<*c!dIXV`CS2YON`To%$#a`GyFH$6T6 zm`IKwhV3a{xEr72a1!60_0L=`uQ>peqD9}}8Y^sp#jm#2yCQs8nC@>Ddivux8arTs zTE~7ax3~Pq{lGnz2*2;#REMk&dF(&@?810)+KSsaXAw8{O4Wp3_VSc(y$AUF$v>p> z(WGV9gXvu!9NaGxe;$A+)lwP{@DeJ>FZ+?HSV9ObkAT4i$I%&_IS?nI!C{obz0(q_ zxNt$8**PLq<`}O&Q zRwG6&uLI!vlZPfOT#Vl~l!@4Sc~x(($NHIYM|X6nN<4}V{|+;y35jyf8)7b5xj6Y~EUH z@jos7wq%9EKD;;c4TYyH8drqxk~j+aR1@Mw#XZ>p%($M2+bmpyRw-jw6`CKyZ2Zf| za~mN(L|oJo#GOjsI5;`&4mu}==n;62dtDk!A5A$pxm%QUianxcyJotiZr*&K*d>?Z z-o{mj>ed1ME19?Bx`g0%^%|-DPz6|T-@eILeZMmv(ktFO*_1#LbO%lt$r}U&eAzbr z!z)Dm*Fye3KcM7*&A821a7$Y((sR~HLE%W&xBdJynpVIv__AAx_{x@d=$#SR$j*xmN>fsQt&W+22cg-KLShP+;izfLyemUO@FUE5kzm4_RhL-^ zf&q5~)%XKq1I26dN;}2iMsa4v!l6iP4fbPj&*MIKPUFo$)&|%>DcK;XnSulTuMxS; z(g%pUCwLHrgm;PT!tOkCxx8p+d7!TiR{(xXyE`B^OC|cA03&6G#3OhBi zs46HZJeM9mZ1_NU)aRh#u-=@dq=aFKO+-T1MA;yFI>^qgG(@Z1>9YR>YKt95=8IiL{fs%Khi?A6&7KMB-27zNjq-t)l>PHnm_&Ib-C3HtQ;z3&KCDA$rLZyLPub0x%BlpXe z;$p~d?C)(3Ies|1J))zkRQ>iTs9z0qXIsIUSSz}2oa+P2!ZaaRLzxr{5n zwzRJ+7GA`VGHkr~?Y&C1qTb=6oUGfllcP)T2u@1q=kf5a^VnxV(u>8P$`QeC;N=0v z0b#aCbG-)nxCcBNo}75C_hQFAGZgT>bGewSk?kTj|$`{1H8h<>$m_vZOIC z9Oav~=ThR~pAyb4B2LJIH#8E#2c=<6PcGKW>tgiGwFHK!5D ztadK5Fy0lah7XQ_TA+p=v@!MWz~W^X%jw7Nhi&-BV>5u?lj=+v=z{qvvsiVtr8(1j zJ|qUxotGAH3ev&cVsE8K9NdVhHk@i0Tlubw1;W;_m@^({I6P4#WlT%=r}}8_iJE?|SDwy79~XtpJ+g*rM!>KAjmVN?YTgT5*5SXpu6o_E#Ixih z(gTCotR(R8(PrMr3c)&>Fy8XUj5)S@c85t^+G@vKl zczYErJycC+%fS&GYRW>DYf{TdzINFA%HInz(ZFGp5urQ`kb5lG`U~P ztEnP0+b1DH4GzFG)2<9uWLq%j%}2o@Fz=#3u}B-}`;)puT1#KHqMxq+b=MzdPVl?q zlYtjC0DWy|r>Ofu>wgFt{%5!(+kwCHLTdf~lV=Bi&Hh@L31U|&TXLry1ka^A%AHH6`1WuKDEbyev&POL<+jLzh>cy8 z=4c;Eg*9tLwZ0UEl&eWc<3aT)n;1~1sN9#j1CeWGk;jsQy>?)B@?B)(Zewj4N5oTm7H%8oDm@w*GYlhN|!64^-MeR96eVa{vT6 z_Oc}&Oy>zwyYFS>4)KHzuT|K_i-VTMN6ZSBa#_&U7{UGmIFcrM)C8w+fvoJTn zS*Indp#+dgoHMI4*-a~sD#Mfq>&BP=JOUJ;{U3yvA9Bw61o|${!}H}L<=}e1JQ6e? zkL4jG>w5Yeq?-`)!q&gkcUKzyK)xtQ;;tIO4cCcg!FB^cC`N;ShR6T#9_t?ip{dX<{z{CUR6OWCDje|VP`mV#oYWxGgcG$iIK6zK1frq5wxw!oRRH^zd z4;!0BCs2N}WT6i|Rd0CkB297K|J@YRAj*P&ec8w%?%_L{nt6>HBB; z!gPluHspd3$0fjM+biR|_Z5P;vO8P=4@&$Ryj_}HW7jNpy)BB)MH;ccChO&8BX$|C z`+vX`;SxJNYnQ^BfH{!r`_OBTqOOzeK|ZT%B*u_gs7_cHW|6VmNF#M0na2riVSB|W zcL(iH*|c@AJE&Qwmz}1>RtCfe&p7H`2|!JP74huqn7Y$px2^rRR$+9@J92$aiFx== z%*+MorgC`njSIn?qhH|b_nh*?A=LYT=%%yaub@R@LJ@G~OOJ|@4P~aey2-=e0WY=5 zU`ck&sBO_jxW3v?F0qdh%U)N98WBPs@l^~@aU5IrY-U*RBbGfH;}vHJp0R16J?^7o zK`#QMPOR?s9q`r`)Cshoni%TQB5)o4bxF-^7%J_qi-jr;pJ`H8kY^5J+<412tZ(iRz_z0Voa*Ev1L;^Cvaz7zcK=F5MJ>H7Bsq^d z4@4uDJ73;NVcy+M4w~6v`_q>>8PVHEY4b#kl@^fE_l-w3aGvzXtL;&XcF~8ZtjM*u z#o*$JuNn8>r95*N149-=MgF3mh#K=hc@8WKj@`52I3)M{DI zBk*871OG*X2iaCPFtkBzZmn*MBeX3sW~QdR9@bo(obkChNgpdP9ulAyZLZ>dcE4$E z@zS%i#g`U)f8geKSW!jd=3Vux*&XDvZ>2Ii@Cb1r!$a=i=1-VbQXjTgt_SsqF%T-D zIGJ+59iZx;lu#KTgh#7fc1xBXiIF=sQ6@xn>9;JuKvx@!gUCdKnz(4=!C|522?4e= z)7LB=`H1W!w2q>4{IKHVe+z~U*vF2^6lZ2mGQs*M`uSRrS&<-N$h&Np#yGXqqUk)l zQ|_{IW@JYbpAs0H=$RaXc-RC$%FhnshxluG?~bk@j;pgu*SN7HSH3op4*IwJ5F^U z_HV*04lwS!6HPIse6?$VuIlu#^Sn!O@8@T&R>Uy~n!-GdLU@S><;$>O?R27i@s;O! z(F^dRp-4VE-8vZEs-scPL0wGB_FpHOrGj*~<+&HiQ(Wx^r{~6#rnv1~$u130e{v^d zPMe=E4HEH5{+$B-rMt4)(Px$4UF4cSwgp$y+C;O$W5wv{Ra0N=gVA$fy@|OK*AJq1 z)SmdnXn+RM7-?R}#u5ST(PU=WUT;Azi5*i`{?7@6n^{srNeMRh9M8x zrmev|U)tSw5Fe6Y*~EWA!Qr3`o|4EQT+%Btq!aDI`=FISIrBa5oP82a_enfHd!mBV zyPsfW{c!dC)urs$z0xW$?j!;%1;M8h0<7NP>tOvLW48ib7VCEZQr~pxbH)7nufkbl zR7eEp1QPI`7n)DenI=5{_43Q>kdxL-OPIh}on8&C!Ht?SJ-GO@l*fS)?~uR8$}zO~Ofgjv*%x8Ka~t*c23e#<@B4Ap|nrwkKJvUe8?^ReBt zwI^T@Bm+0Zi(#BXNcdhXo6`!D*~e~~BT@DZ3yCZaCUeTF0B(F}PrY*0KX?wajjj?u zj{kn(=NIo$d9Y$bHJ&SrAJ#YK^9?C}g8d4V63&ysu6m(&&hKXgVwbg&D0{AkjA(F5 z9q~_%AxkqxaCP{;bjydj4(O5DRal4ItXbY`XsLG|V}^s3X2`D3Hej%Ba&csz;7IS( z8=1Z?`GM!pZ`6Ntya1;J+_;f|q8rHYt(i1SkxQjLWolR@I2NP}Q}uh$z3p;KcNyC) zLGuBy@d+492ndBEGDse(1(4^z{H+)SnQK)Un?I9BYm=z7G@mZrJdIQaWG6$LBJ;B| za)-xBdK>K@IYmKEdfgLT>WIw+K(0JU$)@dPT5IfhjqKV@#Bqu+=ps(@N5V`I=Z|ns zbE7q^jYCO!w2%W#9Q4A-3pPJQF}Yt^+2nyF^;&}wMOUOD{j5R#ZnEcOIQ#UgZzvY= zqf(=niURHl8D{JVZwKeAXEs~lafNrX}z&_gJ#D~z~k|-4J0RZtT@igwZ^wOSd z$?>Q&_(F#x(B}=`BU`E&%w#o+r^FTq1YGXw=D&-4-PqxVS0E;)`n% zu=wKWp#F#*q$Df~O1Admuk9dMWglX>W2}=u9Oqan&+gg3WWFRQ|90kqquj@<1W_}J z5DxO&iGBU4%=sXv&@cD(^Vg*T#vCCoa(8>`ZiZgijLPv z0OsNs&YP+A(DL8ANVxkphy#9xSAwN5e?-iFe7M(PpwPy9mkd2o9X*1%xB0zTGvts+ z=>~CRf15tv zJruJ!0jAGz){P+O*Uxs>VhA=A&6d_~L_Fi9$DLq7g~~bQpJyIDjV@@`sC`nwCpNrf z;w3ohZY{%RI?5%sX+?$ad(2z<{RN;E$>7ck9fOEA-Dj!^x#*dgE;Q})yAOCm9!?9a zUBz|}@MpwvS8DQ+UKSp>h9p2GxYOW8BhLR=?jqVt=J~hqQWn2HFD6m?@0)NYc5ZKw zDAP`z12>*zzm@YtnC&I?S?AVs#-zl5Fq=)sGQ4HVAf{L=xg_Z+W7+r;#EB`5jvDUJ{^ECT7h@Q<4gGpC{$`x41rk?F5J%+Tf&4*F zssJb+7E7!S!WI1v*2r=laQ^pPjU@9ETQ+Hp&(%b6?i{c7&`JcyU??-<2H}wYE9vxB z)tr= zrID5prKOaXk_IUOX%LkX73ofqZb1+g1Zk0$P(VsL1eKDKP64Gu8s7WC*>m>H>~qfh zi$9t1y7Xc_Ypr{Ia-do~W}MH!etAUHqA7|cKs+oL8TUOHl3`8=9~>M^UiV>dbO1MKALyd2zePAuFc!#I3;|P`CWk3`}@ZyhcE7w3+N+6 zDoB1Fabd9Zaguyw$WF@aTU%7GuCltE(^8zL=}NPHc#=wV>py4&;<;f;!WLtw-zK^? zO;WmtCsXTIp2B#xVS{o55E{bOr#3FP7Ux6GMb~)%GS#tb!R~1#i?wRf+*I`GY@kzNt8+Wa@$qQJx!62ee{yQzl3-^k#&;)?-vW-`LBxwz8xwJI`tD3ALwu( zNQFvT{DjvdLVf4qj59~TFN3>fBFy~U;EjI*;MYAewWDWGEg%)8P51C56@_L$o=Y0S ztsc3n%T!2X zrSP?tFtfHo$I`nbMoA3!lqs5k(?K*-jCJO!;)(B^Ky+E`67h#qF5 z14mv#$-Qo6E|Te{rc15*S&rBe%QHJ?E=fEskQ<(q`mSz62tvPix?s?gK|^J^4aOH$ z;UxY%41}E+G53UL`6r}he>9Xon8}->13)hyO!-H6X~aD}r=LZskffx6Rx1=l=oWc$ z6?Of8uItVb!{GgpOK<31r<(8(4Qd;0Cx%x_0arRGyM?J2fQvpCE#y7M7C0&<^!1KInqW_18@broy^=W&b z??0mF+g{tB4CDCtA+ZnC9PHA^RpyM`^ddktDvePA$)$e)V}?v8A!!9O5hAhhIY9XD z&XS$a1vlv*kb!cM`LT@eCd5|@cilP5dj22~3X^^)>q-qQgg&alVciz#?~?iY;Eer< z?ltyBxd(HUtgL&1mRiB!6ku^O23v(tF?5c7+pgK_zbOxQ^H{b0DpD;rbUg0M)iKCqxX6GAf|OE1fIW6JI=>;X5msqv zw24()|K?RLr{U3AcDDq~mIVNDhW$bK=^({1tX{1%-3Ir*yU5QDtY3W4xf9oMCF|~B z4hW`~c`i~y-Z!o>uD|yRZ&@JP0`U6ryU~?M>qO1E?h}M+7qT5;A73L;2mRueB>cl1 zYipUsoxv|CG4Xn$Q}zDWOm*hN56^?F!1+mp)H%Qe&1xQO+pZxz72z6T>$d3UhTv*Bln?z9tH_%)T9KRWzDfH>4HEs}#Nec0pvES-D zNq#xjPHuEcQ6c2Qre@PEIe1kcuuf7-ecquG60?`zm+QrHh_irZm9ICN9(aHNs)N(| zGn{#N7gIygWEh)dOi@9wYzT*ei9__!3rR`YPg|)yuJIC*yB;=2+myhH18IJ?=VBva zd{X{HEHiI%)OmamH9u6Eht#einuD2GZ{+xt2gb;<6w}D-dK+~fF2v4j!^ftGSZu(V z=;bb6C8p`Clc%h;jRS*p0?4!xH7a=W5zkfGnV(x4>&f8=$};m~X{wj=a2q*c6mh=@6$=8UC6J_Et$+gajjOF}cSpe6E+Y(P;&w z^Jy;4B=FRO`LjF63-J>!-~^kosV6@Z!=K!B?bFrA`XUtj6J}y80Rfm^APsQ#SepbR z17JR7#Z+jC(J~>B3N$`ik8`w=%Fi?qsFS%5=l2v;aMyUPrC}ZdV2^miuC}HnKvqA{ z4*!+a|F2UQHqigrY;ji1K|!x_CLvEC@A_%;mO-%3hGTl?wCBgN`Lye9a2w{vJk_@t zM8~V5ojgSIBTWn>o%rb2S5?$t>flg(3pEP~5>IPC;gTNz9+N|92N*prFJJZz+p#ae zD-C^DBIyxmn|Dq zQ&5Y{&|-!xC>)TV45Q#i%6%`KB;`|6*N#bYrjO9QsA0#SY6QmdCM17Kuh59g-iEr= z?u+<{H^>hnqrX9sK+k~W|Fr}YBx;-bb8YSFN#Y%s(Y0#ynjc`c#Dc$P?osC9S;DU` zF5QP$)~}LLvYG3Rks6ogKplQc|GkcrT6TqD{#(Rb=<~F zg-$hBU)~Z*gk6YE{bvxGc_kW0z6R^(Z6XZn9cHEy+tC}~m+!%QHNEy)B`zEWzDFR; zftv&pEzVBwNs!(a(tzt#R1$#wAS$Uhc&O9=al(B@6x+PQjx?^Df>`dR}d z^K>vOzN>U4!+TXCN>nA3gS401;e}LlF%rx%ZR9g?_zpsm_}o`b3gZI9sotaEt?-Cv zy%e;f%pEb}$vii7fujXNw={k`izouo@WiN1ebGptIHK+COh+|`pT5vkdpKOnAyg_! z3^op<2TOvxOifMO0A9@RzYak?u|sqqC8H-g5ET`b(R54EsB2hy=0Xo|%5go9WF!TH zyNp5>{x%y*366ojID5a$z&U(ua)<-3KrgzD8L>4H7RLdyo^mNZ+*zU%Wltlug6^4v zgA3@wX6Ki|c!Vf={4OAh9;CFUeTdZuwc-P@Id&l;D$=c^A{NJjg}2BpeI!1O`;*jV zu<1!P4er6AN(p+*!sn{gbD=lz)`*Q!A_bd4DmU+3JFt{n5M`7!6Mxln=E))T8^;3^2lio76N79teZEVC_)u3v6+>Iv0zEwDxJ2ajW{>Va1C(aHcAhtR5RjCj3(Z)=C|(wpbP-L8 zXY4-UmA#@I7{ji`M0%tYN~-LOD;HYGhdtb6GD1-1P&ha-#$`?Tglu|0X-?3obbDm< zolV(@M5od(33E5sd%uJq+{>!&tj=aGDRw}0$hFGEdqhi@;m+@}Ph(_Q8GCVL43#}r z^jpZf0sXjG@fsdLJ3b$yK|A*gOuxBV$)4>(9MrL98vf@*;s8b&i$aQ8IIHZ2j9$2r zoRj{kBDPYpr2mG$#TMHERlN!7G*Ss*NvNG=<}*`DS2-x{@OKVD+FNks(n=k?zVk%@ z%=B1>o9qytQImkdqSo-)m@E1f4vT;|-(-+m%+oG*ZmN&>mV=Qf#b{|S)H>UVOe{`o zkR~HG=8}Ee-jsgyUg-3hGs`V96`pji1eSefYoYoW@Eg^AM8!k-isYh5$4lYD8?`TO zBJ>mPO$P~<^WB8zu}Fg2wE@B5zv?jG%1C!29-i0Vl9_1*oi?~*5>p(eLQhyow$avi zNU;vbXeZLG#x3o?&0y^szzeNoeU&a&SvQL%=zh6{eCg^;63e=J^=gyS*vh>L2&5G4 z3>we{Pf0JJh7q>GwD%4OhGlW9cssGZBk&p?)LfnI+~S z2dfuiZnh?3vQ=AT?y7Q<_toFfeKiR=g-(hg-c-LIlae}|2353brIvl|ov;0-EX6)S zegQ;tlA?1qz5C|^_rz?5>yNolpTde#AYrf=c*yf%Gsbz4{^4dfr(i@Jy(>Mnuw}7A&lR0AtTZ zK5d!=(2d>mke$%X)8i5dqjcber0+LgUjWn=xCM);OdVeOW%a}-+$_i7gMl;*|D+?| z-Snm4nl5>Lt#R~@Ws|K8SA0zG!L9oB(g7oFUP8a^R}gMAyu94H8*%5y<@|az{?`S& z6^@g_N0;x={)M)Z7J|U`gi|fTI-VIsCxek`0rx@;)w)RUD6T?9a?=Nx2D^ zET%Xj50qSgo+r61b3ah1^+yR zWl*88+fKTkPJU8mJDQv9wXTfy%CNjN01XclBlP*y>KU-cemOD(&Z*#N6G6EIR0TmN z@EOc4ZG`GvFX}g-2*y1V7E@``fC(()pY4CInc^R7mg2{93M#ro%WR<)dh&NGG#6<7 z&0Mv|%N<_bsP+C3dRROm0)C!gz4LsHU-ufHUuZJXPf>!;X7xb*7LJmjI0Z3sp zR&CIeEaH&PgHGX14no^FD}dbcgNf;FZ?>f3G)DL^F8kS|wXDJ1rwy?rcz>t;&j)}A zDF=Yp_RPJar;?5{p=U!TN&F0DjHC61CYy1b@3$i~?%x>2a7s^Jin4(Gl2^I>@knl<&K9(A&M?Rud9Q>(z}~iSd%-E zSpZ}E)DH?Dr0@$%ZVtiC)5!6O6$iPlKT!04S*tE}s1tZ1?)d>j#lgn{w=TH&nq4L43Lh&hUCf^S$c?$D^J?DiB z+Mq*skTqD^0k!tbjl}uBytp$W_9mqwrbK}>$5Rsi`wa@qB;?XM(Pa>|Ib`{-=c=lz zyOe(@j_VarP8L$AK%UCY#LFnI zl)x2#<;p^ug@!kEO{7B_&cj6a`VA~L2<4K)@oiC2O8tm8Gkn}zaB4s0CARcl;c3k` z$44u9iJ}^PzSsCMj?$ex5BKyfw}PW)1|uwvj0hby36IlW`BTleJ!O0C*P^0YB^tD^ zTg}TLfglkO-pvo{0I3=43D41MkzFVAz!R zM1JU8f(?7=iM`LCiT2TTa|1`yD!!Y0Q`@MagAjAFWMT~EGtl5T`6``I;q_#J%nQkw zw>LF597JDz$4&M5aKD>r?J6+?2=p(M4>Q6prF;25?@}iF*$tlN`2uKNxZN7PfBZAj z*w%K>zv_9UF{fp)grc4$8?wy7zu!rJUuG8fZQr;kAgw}`6o#=ckE$Q771fI2I>Vde z+{Z>7>ob$1n5OUw&xLDyx0zr|0w51-PFW#@*g5q>inkd7&yi1Zk_ z%(kE2JrxBBsamUKEqU>yo_JSMNdknd2Q`K!dwR4gWUR#ezkDp>o?uJ02{LqpNE!bk zykAk8!2k^Ct$2X$UK@6PS-r!T&j^3s*@pKTQ+}n_ z?pxjuKMSgEZ9EbKznKHMa2&`#zhA%nIr)zMt7C+@^Hb*m{q7_7u8IHH>epsY^(;si}mv@3V%hYnsre<5lMvmW!-I1!7a) zfJ+O>B}Q(mKXZwrx{>{X#H2&z4go_lq_#4kQ(<_*!~t9Yqqg>N@Oz)b_b`w z2>pd-@v}xuMoC-oGY1jmq`y;z7bKInke#+7$h5raO;!S)>>j zSBQRY@)ot8rH+_6q#j%W%xei)`S3??UyfN{gdH$oIVlZaX&>Y;OygKxboj&h3JO5H ze$KF|q$+sXi1xo$p@LEl*4hPliLkq~%f7^nlJ^c6^=yOZAVqb(3`3xE_r3WdU}RkO zHZ689gJpJ2FRSzPo)wqWlngHxqwX_CZgjG-JOm_MxmKRS>(47CE<(H%LOBh5;dNw7 z;78}{XsyR%WIWTkQU|#Q6eNjX?w%Y^r@)_cN&U^tlP{V0W7LR*9h4 zjUubAAgiR>2hQl=-z=FVhIxl!%uDXw7Oo1zcRyyv)=Hg@FX4D)e_Sd#fBfn3O<`Ld z_UguYbY+3{ZDD0hs!_$LBko=@-Oy zE1sCpPAjk{Y`|)zbLjrko`uzN`TYNUwa6mMVT`95OdV@l>991B0>N=7Q#N?UbD&lh ze@|?sT6?)ZhtB^jvA~i12cKwiJwvclEs7#iSZog2i~;x^A!)O4oNHCb>_DVzFW?3< z8xSO=1G%)%ZJkWw@MMSsm5`NE21Abjz$I&OY;}1(+9JThvmruPMF>*LHDQ|EdNvDu zH)1N|gkwZR15`+P>klaCr^pyg9}_P9e11WHM#vxk{vrQ_c!}}t2z5{<*+Im&7JdpI zezewg4#{vhB8abZYi=O}AHs)OC11kd#Ql6e0a-D`mwqxtAWZ@maF8K;3m#)psnmeq zg6IVIqWdnFD8F3?v^J~{URe|TV@;UD6I`x64X*02P8T zG0!|`54yH|s4=ib`K_g#DV)V0FW{vTe(c(nid9-4tap)rktQ z;+VoTjhBxLg}o~(76_L0guHXgp9r8GT;;lG%z^e@N?d@JLCcd0IRhDgm-anfo;EPw?l`Z4DuJWDLcYd#1Pw01)3vn~j# zo^Ke%sM9%I`$Awle4#IQ9Pf-{$P*me6BoLD3<><=AGY%00Jop&THH+Qlrw0rF42t)i{Cq83ZWAnC3TlH>Za)akM0YD8p_x7&8ee|~p+ zf|;-vL=ud_!@SwsZ+9cNjMNU68G8J#zboNG5;(|^%gD&QyJ{1jtOB-F5z2ZW4X z1emtg!n$c8762y1xGM-<(5em*#(9z3-8>&};NEnzn1hLRQ}E8=p=GBviMZ@eC|bP= z2pYYpSbRRrtj~V>0czr>&J%a>#$xj);c2NHQ^JaNmKt{Om0WUx*YW)c*2R!SD9~m_-Q=$UlY;WFY+4fx1h65xCGzUNJ0?|2&-=AZi@ z0Zs~m+k^<-XU_zWIOrqpvFt<-sDh|adBOs|nxM&1xVm0JPui_h^l$@2P-sDG3Lv(>v-k_R!EBJ%d3-S(VcLP%KnQ}`|aIa>R z^aj^D-Z`nbubpG$D(36N^iu~cR!dZ>30+-ioJR)}O@0BC#l`8N-= z;yjh=W67NfOpo{ScdygK76;1J1)8NejzAif1HHRTw&#n@{_Qn?ofrM!7o&ZJ`&xR* z@H{PZDo>;<&Qd4HNpyj(!p}5w<2Uw2Jz;9PhKtlzenHD0FeUdxf-TZOz>*79tOn}C z-YsXzPzmMzXFx=Leue2L-_w+7IJHObK-QpcxFm>jY36i9@9z-IrJcgO>&T*kf-~@$ z0~8D?|LUDqmLP_Iko=fx4KiGY>iqM)jy%tMbMC{LZNW5o^k0>`Mi}r#06@8a(Zm!Y znS*ZIliOTVO+rp{fATu+a3rnXYf19cZp1`&<1LGZ30BpkW=}3E@99F1GQKqd#mDd$ zHzrlU{eLIGH`#9Og7noqiB`n&K}(6K&Gf+5iyu4<#Yy^7``{fpld`5a8sH%sq5QKah*VLE)|4d>Gnrh-`ann|lt zT)`db6Og9wbBMqf43=k0P^Cap^di7tk+`7@E!aVCZA48KT5Xnjl%vOc|9H_Yx`iwl45 zY0V{XF%o*2z!~A0?M8%9dH5j1Y_1vSb{0q++A?8+wFD7mfx(SWVQOEx`k4n`uOz&P z!gaul2G#f*97v?aJ70<9Yrdtd+k6)&*t78u`?#dDhLMH(QVF0cOUt#{J4HN_k)g|2xKgCzow zkLGbuGZ?R1^wzFZL+_2y$Y(G=GoYb=e%AqE;-Gq}ALvW$Tn+kk{f;)aa0|W;3!Vdj zW#RWuz%s~P`t83u0n1|ZaifzxzSHoD_qK!#3Z9cq$DwnV23oi9ZBLha!x~6=b3tF# z?l9gz0m>_vdk*ae7xtO;jxe9x z!#V;fUoH_u^LF^I;xJ~fmF0||Yq|o0H+{tPxqWsq86OK5ZDJDBHB#o25&OeL0MayFSSBR{pFN>}=^D&^VLzZ$?{=cwlpMdH-Z?Z8&C3u2}Pim}nM`GG- z30Xn}@0tjrsBhCA0(aEwXg7#_U{Mzqv)$a)yf!E!Qvw+cqRO>C$49y9DU$1=;m0sQ zEo@`;tCQ4WmpK8o6E#)F`E^Fz`8>WioN22{(w&N@lhE*Z%AhB)?GEus-dOSjQ(3H+ zc7%Z)LOQQQ37RjuQu{W5IB_LXtpbcvty!Y4yTLQB&-ag~`@f&uw|%49oZp9;3RLj@ zt|uk(d%a>C{W6}{Q^|JGkWILyAZb5qg_xexaVhVBXK4|@8h($F@=eNfISPl(SGZgk znwf6F%V0K{H_jJtRRn`lVH;TUyKWOA>+*EeRwfQq+mWJF!S1-J9rbi0d?C#w66l+F zYx&cng^;nbNptTa&Sn-|$x~HH6J84Z#Qq!sFYjD6c5*tIms@|&%NQBIMPz=~Bwg6_ z2EbZ9T-``Hz9j+q7P&x#YspY?-_r2e{bby9o%Yw+Yv>!l5G$UY^7#JP_RJ^-I$6uv z>$EaMh|7PMCS%2o8I{D-UwDApd#BX4M`#qT&Q(VDSS7n@z=uq2wG9J^PAM6^#RQ1!LphxTZQRIyr&5+-PNsZ_|8@zf~SJ1 zrYWH>-{4*Dw|mT(p=r@7I8@Ae0Umyzc z#@a}x(*?G-&M_JvYgQWw$f$Tkyo@WIbG%Z7?UM86Sdy;2fJbytTHFCtWX0!U{yAy< z1xj?`L|)bjO6AC({Uc^)V#Dfq?Yy+-!?gz(Hb;#DRutl@FKU6U{gDB`iar%9JQIWz)tqMgxwGyqk9`N^X{xL|E>feH@zs|HeZU8A z!l(3Zh3i6^Mo~i8*taYMroz{gpI&=uqslK>_b=Zla88B&!kRr`2$&VExsMA0^%F?=i9Pj~$a0{f$uP46U z2VwOO&`~;`b9J@@hqkpNW+yo>T1Yuw8KWyU->$`+Pp$KU))C{tN|CyQz$G`eCKJ@= z&$Z<*=_D9JDif#7)P$#%10cx+-vwuSBHuO|hiBcO6s!BtaKt#ejIAu>qO`)!sOe&Y z0y^3ER$(CR-LTNLplR>ncp7}RW9CCjbh7O3OY9UTR@j&iW}>$BqUa>>;UXiNHZF;G z=MJELHvORr`iI+SnSxWN#-xL`?MatUF+Q@nH(0sh%hSzX)GBRHp3ZXPqi=i`e7nV+ z@I-9te*nS|n0)n~yS;-Mhm>%#4!k%Ix3bpvO^dW;#asb4Bkd5`nq|Br4xy#J!cCAa z=nb09wcNmMq88k8D%^+NbBg0qPt-m}oXaf1^hPwH?%onIy>tWe}~4h4g5PRyC@APg2K z-ApQSgtJ)f^^d>E?fnAjUqGHff9+qWqeYiMpX`I$nbQo1 z(B~2xW~Z9{sxTDq7rd!+IJ7f&5{kAJNVnUA+$(v&Ux^GE)yy!fcKr;Aul z$^*bfChU>7p=y%Di;Lph0sm zW5gJOAyx;19ACBHSpM=!;kpbe@5$)|JS2I~-?!|T10Nj;`)c}0in_8FgjuLy@3IFK z+Il%8s*a{?XCX=1h^bTRxS9~3Z*4YnCqL$T9S;Qq7Ah|06LMLTdZIymG=j4a$+!|V z3LxAHK9rr`uP03I%vWnj_#eKnCwI}wC`r8G4$K9Nr~QgVjhW*iJp3Lz-yXVw`4K+K z3r`k(GAC{MT_P$P@|W`yk-ncTL6fUf)ki+di408SdjVksFcucS*HAz_sE z;zYEUv&z0Kix5^6D~n=Od)*(Fsw%(Ms(QFwR6|&QF?j;C+l`q7qg#-~>tDUywLU&r(>s@fE6&~KRVqpjeg!M5)+XDLFu5C(qPaSxE& z>GpF)flG`oNP|aaNX<%$Fh&2(jq?qZ)@0GO@xBEQHix^jLeOZK&gU^)Z7n|H;^Cok zV4X@km>-vG3UnhWh-%-s58(>dvG!oktuQncR*Aj%WMwrp&_PSbZ=*}|$=ynp=!Y0X zM_KIPFJ{ESM5%IGy#Is<6c^8~J~BRNC@brBXzaj6szS>TUP5*8Pg|5L9^*N}i-#z} zUXn9{mNRp2>l_#>8wk!Z5eKiLc-@;`i>KO6T1t&a*Q)jy@SXYm<>kc z*_SI(>Z&GPXzhd^TrbcO=e0m{hmt25vzMhRI=PWMn<&lLYa7QTK?OusY{6*%edIjH z)iz<FuLfXul?^jB`=uO!!+Jbr29fT1Q+jR zJc_1s9*aut^AgXVHgyzJXL$f!l|w!$kH_Y=#)`p+vY=7Sm{R~cT8kgGw$oUv*!v>B zwL~*M!WPF7jq?}PRtC(!U2hi)+A+I9wKU!NK?GW5SmQmnd!i=2RQO#Qkw_{_BEO5c z(b5l)Fu*q$8*GpUMDc`lFMaiTU1hx&14YPY=6` zgw`|w05t0bvfAEIQs$<8(&}`kI%cvK3{BJrZqnyCEY)lbKLVkPc?Iut&<7B5^Aq{I zpT@|OU3tvA9a$;oo#;a#_hcYO+JW@r`;$Y9fTx;)oD(AA++RDOvA#`Reh8+>TnTjE zp`caV05a-jK&jsKxVV*mzF>qa7N+eg(p#m?wTjls@Kj(@CHf7;s@H8T^rwafw+=$9%HGy6 zkP556Z)-0i?{XL?-ar~1{mM_^-ZsmzM2?EKZfk;Q$-_-`l5R7+cYN0G6hZ0}xoxjL#M6}-W9Z4@PUoSh+unpWd_#jJG+d3$EuecvF-DXHgu1I9 zEdwCHm3&!)A)gjHRa%NYqt1$^BPp~iuI}}rx08)Ki?Nbg-{YfKIxnPy4D;*?TNt^m z)t>URHl1YCpB*})=~n^h&Hgy1O6A%$&r`2WGDMY^idAN}${UErNP?2seYo^8XYkl= zDa6!}Jb9dVz;)Q>eGWWx`+hNnCX*0*ygDcIV2UE2E`i~(>^R+kTzSARPe_c!_y5R_ zv5dJ*_575u5H1=H?)!=C6WiV}42c1VSR~@nD)%ExZ^CU5TTrMIeP!`mBs)Q#k;4=5 zEj4_?#mImVWR<0w%^sC?vIme6k=HA9`IUYBsk;mC=ITYr^A9?CER?GRMlmEfO$+FF z=b*?QL+|<+NN#4)@z!*SQ}3IQVWiJ$eG!0_Nen53pB=tuVeV#x-3_o>L z!Mx!#GW$tPZTkgq-}8uzYI*ApKXx-ZtA(ffr^?jthny{ha=tdI)SmT)f)@7V)fCNc z=Mm7$>F;A50(!NDqbU!x1A^G(&76Dgvx}tWv6`cI%fgrjtEaSM`rqgV$o$skb(fKS z0lgg5!(yW$Umc#-R>5e)zVy2Biy29vHi?GmS7uyPdJzr0NShNx#hnpv-?Nw^~C1r-;-vDG!DNhZBqs>iW^>g(AaOEPNM2Xcp z%=HF;+S<9~2iLwNiRq8H$nk}vqb|1&mQp(uKO%|kcg7f5CUMv^I*!%K>{E51YX=R zuJNky+*`|+}Q?E8&1wJLtSYt(`aWsWs5)C z=%kBa*PKxzHN}x(0ghYZgHbshfr@~KD%D*;ml%h_^k?@T5EX74kx!im9a0m{Nj%)& zbVvriB_PoKMooA(h0jbO^~-s+qh*twTEw|C-}B`iZZ&;90hthS$diX4HqbtelB9Dz zAfOEd_(=I^^*f4DE&-@?i`-K_chjIMh)1f}G^E;bR!u#7l@7%tyNfQXjLX`+oO-x6 z-Bed;gh9ImgkxC9dEDrtdzMu8rvimnGY6oCLJ;uzs{1{zve_s_GTfrAU~Qa|ujO=B z=|y}mAy{!~%amAwOZu&6#2Fx)fRukpu?zA7OAtW4?H6}l9P}UCXc%FhOKa?!E@jb3 z{1bAnbPM#^>eH8}!SB1!Ted^+gw#kDnVZ>_0ktbc@HKc~>U~kOh8JLSDEs5273fU- zCUp&#uP=oTy4>#s=OBcl0l`};C$VIv$IsyliNN5vH z(&@&YPvgF@2g;PFXQ3@1xT>u;$OQy}WE92)iJeNB9cpJrSe$SK1@sYJgx%kD5!in$ zqw9mm*1eC(0zPJZH&3Kaw*y@6@A8OuXv(zRuNH?iMi(R#AHO^rtzV^g^}R0OD^v5- z^cVyXeV{s&M?;IE(i~(Rn~ti>ZCNsxvJWHdn?aP zBV_&J2V7C5pWK#5av;k(3RsuVTfMejNHxYsClzOu$v|4S zhG*WaK_*5%%+`7|#2DvrT}bYACL4a~uj0QQN({Re+7i={Ms!)`YI=lBd)+LC>BVpx zlmfLs0J99Ovaflz(bZw?j>PFF1Ea)w8J+Ah=lv3-jXSps)M@&a7lQn$cnCuyx_qZ+ zW9cWRDCW}ABQFC*EjW4qD@gs%8cQG@BM8&*N zzt95e`UX1Io9u(6J{NwWKLC4msSNUORXYaF-ytt=2Y@1Pb*R$3EOV2R*3iuWY)RsD5q@IgxsI4(b%c zM9}{gOX}u;3PYyfL!rfI3>wa4TC&$MI~DG4boE0)^CzJwm?m=oZQ&572eFzaWcWQ_ z1HD-u5+OW3c^=nwG*hk@gC);|z$M@pJ-X_eWI#wZ{KIqj%vxU5l(u^TUq}_^ejx@! zKof?qCKz|J)5#gmUmH_I2i_U|LXalh2>KlV2~h6B{9~&j0;I>PK`<`u;9h*_7BI3I z*e&PClz6!Udb8$^EQoeA(j2Y)ccix8GntzhF*YRq_rkw?0!vA5vtAN7KLdTKrnJ6d z3p0jm>BIrKB2<9xReU@@e>eyIQY}xI^VADJtz@$RJiaRbhRlQMyEp z%>6J|LL&M^|Gt1HPg^gS%-tX8t|2~mSqE61H~gaR5dm`|f#9#nfiX@mSzwFN654F9 zBd6T=T_OxF+`^&-7VCRZ4rTfyHaDZuW1drF2Y$VEn0{XS^tk#~4{gvgj&D58L9p59 z0yw#6R^Q5$TQE2?&n+)qDD`YqbhK_M>0XaJ2IU~Smc6S*c?=*~rK$f=kRfO0t84Ng zkx?ec+lH_m`vZ4Dgs%7UUXp@5wn83n_0%suB7+#F#boL|$kw`(eEG~WYvX8TYOE?= zIFEiAUt4d*|GceE#Cy8%D|0lWvka?O{Hv@YRYEaQFa@MbUmyN%V*bYh=3@`9G9gip zBBQeP)0sYQybK}e5L8|y}i^%O@#{sMGDzAMAj%eOC>!uB2Ll{t;J>sZwx2z~pddis6)#M5vY~TU*MU%ISdrw6 zvev|p)?h=l*TW0FIZw|(UhY&!i%k7uf1mmvf#L6eIm?QY zt1SCCN%u;iJvNd~VrYR9pHBF&s__LmhA)%|hPgdLf(vovtQhly=l{47`oFeFzN9|3 zEIbRWInzB~3H`s`Ks@@=*8^Qiy`cXkGnnX{<%4+LIy^h^r)=tFk>+k1g>e&rT^-tm zX|eMpwSbJc51wPQKVe~Xfic+3X|HA9hh3vBAIJCk3R4yQ9&GPJBL|C^1Ax?b*T;=`|7n>=A`g2fRQ`U;kNCbuzl2)Kq!& zn6&=8%(CB~Mm)up+ed=6@xC#67a~31Py$`bpK_Ex^?kV@q^fZ9S{jl1f=wnhRs96n_k!+_c5+E4J2K=vQ{-*^RVhN==>RiaLC-5im}}({FU(1fE3OJ za(MmQrVkunV7t`>;!?XvuI_`08Uq)^P?Yor9y>zkQ%Zc?1(Se?vRN1uEk8yxB3x)$ zT$+uvIPQ74Uh+UVW=7k&oNB})BUT2{2Vwl6^MKqao~rrhtr}$@T4;9*jbe~}i(PFs zK|^#mgxwNQQKqSqmT%CpG4#$nDp$WSxkOPd;Zkuj(V^&7^d12JdV%wP9Z~)sA{ul! zc=nbN(9;a@G^~={y=+f6bV)N)5#t-%AIiUdAMmog-RSAYBxo;7|KO7U6-a_`$s1hToyiyJ zDBxH*Pg^y6bnH1D_wr@UgzeqwxNut0#t((P4eKwly*KES<4=)re0YS+7JryE|9Lef zOM3oV%mHcnj57gNl;T>I7{q@KLB;os)m&S{54=~=N~tFG5{Z}ij{0tM4m!yAqSTcv z@Zf`g&3X_AZ3M@kt8Y1gG@umv#lkL|HlX?d?`!?krI7YU_60nr%pKBvxCd{(Gkp%Tr%*<$-Eh+bQknDA(5rb zDzY1wEOlEk5|ywW5$VfRqs_|Jef$$_b4)$SV~7c>+MSsbhy-Fqcmq)RslhD7`87Co zp^;eX*$Q}2bb-^)6VH;WYdIrJS27IwHX7gv>d%Teh`j0>D9Tq|xH<;VXED^_CD?dO zYW{$J94735IF|hS1VT7Tl_CFH+5ypQwqPj@)a+>Cmf4I}izq3$$AL5kS2#EW4oMsX zVu&u_Z`9ey&`kZ`9?60F=vvcS@5r;8W$DNlDHu+x*o;@J!{nzuezGn*J5G|!lKuUO zuqwrwot?i><*Qbm=i6Udo25fvsn9;(?>C_@YUH;u4m<>4qR@Fjr;gEdSEWlF))a?;d6OF(5aYRD~rKDjJieSNH>Hs(;^a@^$33vMm0r`jGFJ-+IetO<6u3Q_5@HljDilrujeZBgkB{ct7`1VTt{lpF|GgtC=6x z_MN%%kNpIQatyVzSp-$fBMqHeF)q~o!J;(kp_@TyydzSsi!T6x01w9!P128+rE(Yu z#S^8eCz@Y{-}F#TfrtO4?wuacR-Nf5nM3M80u@PiQV$*Q-Pz>W!!(pAp8809=O<+_ z@;4M};)k-^j;MS4h7Wf9P6@Z;>}#N^%^A96zL~x|CG#|CNodH*9Rxdq1xb8n!8VdI z#0ux7G1x}vd+2`yBY8HYh%pwz?V0Be++V*{`~00@F3sko&q`Vb!&9<753=ph(a?^M zOI%1J|CI;3n1nZSPS>M_jUY6dgkdr8oD9R_M>1*Y1}0YNCM+t7=KD9h`zuShL-ZJkE<;!kx@kxq6j^U^sWR!aqLCj05q<-@kMAT6Kg3rvq zPv7`M_`H6o)7n&XJ#hX3x_Sn8gT|eir7$2tQ*||0|3hxS&{L_nfHmytPci3J{2?r{ zuRxtpq2T39mByzI_RuWx<;y(uyRP1$qY@!4 zV04N74aE zAjUo@J}|lUnQZ*Iz7Y)sVAg$rq)x^13J&cl8oKmb&pOwiPd-M3DDf)A!HZ|kn}r6`^#1Pvo4swpxoRap^-RLU)ok$FktlXhHkzl zz+hrqcYB>z81F(q=5tt>6rCg?{JyARSI+t z>_j@-FyCIx`=0W+@ZFIx@y<1P5QQ9OEiz$fo#Mj4bgn&nOI0YgKvPcsfpW>WC-oQZ zO-q)2E6#B+sZC^zY4HSoOU#U3Ah|kyhq)= zD&t?4N#jnG%pLdxU1gj3u&lcpMSiH~+D}Qj#S@|;WL$G*~PGIl8 z?p76~+4P9Uyi4na%t~tOcVC3K>E|;@vS65=2~{MC&c(kwUn{aVy&9#im@w_7dspd^ zJ}TpqbHd?ET&39o;upzoW9yMj!Vr6D0=Y>G2_Fl64y_dT49p@0Fxw+zcLX_Yin;tzaV48#6T}you+PA+)P<-Teb9kx%IH(@Yiqv zIQYLDmaNq5W7Ap}$&8pujOK;=&X5;UD?TO4Nj(7OrI=af?wdw&tmo%06W{REgI_O6 z=-%-&1?fubF|Ux-61mJvL<=h16)feyhO7dJft8gb??ZA}-Fg~ABsbGccjX7~IX0p- zW`u7<;3_pT^u%%FhWhqmrJj{~xqbmdi>OPBPEdT7;su7*;}k-5(r8ED*!67Edsn2d zqI0yW2WR0biAt+@=%6wv>^Gm1kYLC%U}AJ$^ya2Qhg>kKitFZdViIzTo=qh4Spkob z<04<^M@75Cd%DC|IibE3@)>(8XUuY2MYw}tiKlvcKIoHlHLP5?-n*r2rfR4}tgh(z z*Nuv`+k767L zbTE1zZjVykg3W$G?+hPW9#2?2zu~rtts>si4YAB%{!4>w;{b; zJ)+}dmUs~?F%FQmhEwl6e6quRo2aiI+P@`3Wn^d%Gvu#dWMf?W45aZoCF7RIk5e%Q zl<5YRSN1ezkE5ze5@uZ&e9QT8YXB!@_p>?Kh2yI6 z!vZnAB3yL5=0|P3>JvNCoUCD^32X%yJ3#_D$YEk5-omf4`^h_aZ#vub=mLdY9ZGa4 zGcf7)^>rclbo)nLx@T4B)kO_r1K7gJ+p}>EXD7na$P|f4qucA>(V{D7xjqkgcbgPL zHuVGU3-sH)?2k>#9M{vxe~c^_e*F-~^;0BX7sb-ZKK^{yn2lk!(Yh-ocG}j*GFm87K}YZi#iI`Ppz7h&hwv2apP%xd_EvO^sPBK)m}I6$ zz7A3i>=~<*uLC=SQQ_@3_&VUsrLoUN35lJp6s><1r=eThXp9r$dA6->npE-Z$1xo8$uz_C!Qr=a$S+ie+X4;)4YT9Y1kZ)wE(J9<(Sc zMnrkj(YsIhO(a+qIGC{@!DHm))326hBo;XM-hL$h{vKa5JHKvl7s#fO1#YW1rFv-H z1WBwM_HXG~F8m+LzB(+*b$eR|Bn(odyQRAsx)e}CK~j*C25D)eV~|u*K@sT?kVd2% z>F(}szURerey8@izU%zs-Z(fj?-MKTb>C~j_GI5*wiHP*e9SuoYxG*G?%Ycj1qp*1 zM{*xcY}MTzv_k!Q8IFx&Z2xC*?dM(xkrSqOHHvK@bT(?2#LcN zoVOQK`+{)TPj0x0xlI9wocz1k)psL(yI-gLy@5?olC8UgO--qx{gA~l$XlJYNhwq} zqVggOXZ;>EIGQ!O+zisBrr0N~LS0#>??T$jNnB;6jYS>HdmTL^qhDV_*xo zmzX&3H7ljQJU2~t^aVYjU)raYl!xk^nWrkWIoFcvNAIc~Uhu80SPivHi$AF3@5iH< z~&{>{y9w*0pNkj6hb)fz;F|kKkzUOyKhx9 zXSZ+^Xt)IRwsZv4Irrw~}jx>v*L)ReLMRC`O^Seq4VYy^ej{1d92vshwpu@URi zpGuAh8z^x(YdGPy6(pHe#u%35buPZ)E%0jeiD{_YHA#1?T$vOp0FUO*si;yUH4QJm zggw5AgfX(@dz;O6#P1&J&I49)bU#8_#>9Ol;n&2wr@&tN@St>DnMz|Ll;Ibz8NQw| zP}aXOKJo+aI2SAsD7%L0r>Na+A+>F_?QpD~7Oz%<5%SW^CoRDWDOepc7B&znf-@+~F`MXJ$ZYu`Ap1I}n{&Fx|8_+-26T;jI9b@{PPJOrYQ!hN07 z)J#tKSN%;Icilv_{onPCulb{pS2uj@$8!m69_DsNC_QcZqRZQ~pDFw8b@_@)Fe;4( z>-nI*3bD~@bJ9J!=6y8h&ksOITZwIU8)+rQeG{WgVD63_tzj`cDII76Zz{(YGDukJ zMw)5^#wa<5`~npxKi1OWpQ28nD2SSw?DX6g5LnPaR+N`$QSN-Q5HD<64QN3;#JY4- z&|!Ii?b?U&SB~Z`|2VeoEE?Y{(n0qL@uD`*<|JoegoVwVN6j-0)^f|77%1#u=rtnR zR^K%W+Sw{;CG?LyiB8!Q(XD=H;3=OCVIJQDPAHk?mDZ0?J>x*O zkhDnx7!8)s*Q@RzN=jXqnYYT`SJP;4f!DNCK!ZnWS<)-pbtAU_P8%g9U1PFS>fBQ* zlmQuWLoT_NWj?LU1+Cg@-y5>HEpm>6@2lV0pNYNSZ4YJ?LdtTvAWpHr#S%fsNtlwI zTlxW=n@;=zOcjID?FnH@iOSnqbc5}m^67XLAx2q*z;F<1p(i;tx#rb1cO(c=qst4_ zg7G8Fbv-|II$+~#dPf!0piy$p=UD|62Fd}LqY-Wt@GRdXQ8G^L_%E~%!`uq<`+z}t zcjxJ==f}CVH9SrIk%CN$5i3}miW=a4I8hoL#+8vdBDCQ^^&6v|dFv|RSzAkL1hb{t zAg0xrWkLmy0C2I+Hj9P7C%!XzDT^McFJ*71991>z+I5H>jXU_Mc^B2^DL zPCPgxvzk<{sWY_$ZE(ROmb~g3Ol>1vCM6!YxxxGWmBFqp}hMw>pfDBm;HckCc@!xk2$#tLx2sq5bLj)MCocPT!!Bo4kG2Ne_WW2Cl4!w2>+^{Fe(qk&(r%n7d zGo(hg2~^;EGnB7>%T8*zBfI+zS=I~(@lE!J)=s-!8T^0>rg~AHc**K6TRr@2#a7Km z0hO5-GAH`~Zcc=;IouzTfWuel1-Kqq5kjk94Zw(CNBk0ldf(|7HDx;n%9*hlv_Uaj z^KRx|ZP9I!QyAb7lSyFipZEo{>_}IOb!q`PTb-|MC0X*R~Oeb&J5mtltDlpGyoJoFoi|U5) zftoL4<8UWN=5c^>B420gNiAqnpi>0IoUTwF=-e(@$0PwXyPwC@34Jk**=RV})Wnnx zA22^=hjg1`9q*#EDx$LGkDxhZ?PzCl zZoxD05Vxd;htPp%#`3&AA82X~YM8MIu%c0ef~Sy_aByH*%+A~&l1!Uii;WchTC?F9+m4lLB1UgvdarURzZgH zI=n5LpASiJv+1YmiPC-J0`}8HLXDJVbQN)Q<#@gQ1RsP)9$^2b74o-dS5qRWF2q0FHmG@JLFspfPbzX=ziX)0-2ESQo! zJatrabQ1`jLqfl;i4NxPqRg8)Me4h6eBY~jx>7tJ{3D+Ch($Rf*5u24i&ka*5Fj9M zS`S^kOW$&T4dNC;6;(IFgAk4Yt6Km14*0CUopg5ffxzOh!7Z0=NsGEYsaIG1(i0z zygwz6?s*R7G^6vkUmMEfVsEsaWt7>@NXBFOCjmJr<+QZ=PqxbScfm2Oi%_F8JO=() zM=tFV6xx@_ZJ~KL-Us0!icq#aK(pV8VbmJq6CdO6Qe{eBExtdXlSN66R4f;(EKUs1 zJAvK6JEe&f!Oa1!CEhbsxDaMngWUD|@l&!&kfc*t-nw^7mLyzxfhv}jzM(jXlS*5W zW{wF$EbLdc!5_9Ins>U3?x}=2XXwd@6KC<}+uuf_dVJ64E7GS! zv6RPrZy(>jx6g`+)Szo6ikZB+`SIDV{>#c$j)>6rZ#~!3irzMTRO=KC=NyD}TX;;$IgeUANBa3bNk)C4-}_e2)!_h9GGH$`mjt2T6H2$pD9-4_!X# zi$5H_h=t)rM@=|&( zG~gpI8L*PWa_ z*HL^bX1mW_RrpHT6!wJvNq{Ck*xG=IEW+K1%65sw3q}tlbJAQTHL)LtkgcX7y{0K( ziAJI<??q-X4L@B@ z=O#gqrA4 z7Cvl*ZH3s*FT9E1zV)Zd(EKwRN;22^sQND9Ez;XI#7Hatc*?ezy@%9J?*Q63k?gzw zVW_If+O$UUvIWmY59HwzIm5*{6Voc*doS5hiVd@#U6n>@YQn9I>dFF&zS|+ACWR7V zjg}u;Ne6-B;JFj3U#?U{ubi~3JiQ!ipypWXH{6CnINc(GCSe7ca?-h%q2Dm%!`_#) z>+QUlNQ#!F#Lla|JdNNOkJ$+>!U4zNgO_Slg@vMM;{q}@%E$0aLRs-omeq%q0v&yu zcH+piZ~DMEpbKBeK`n-jofox0rCNI%Y6IcCHSLF`Ojk)6$Qci{>p1z1z+73Nnw<1J z+o%U)Al>81{nJ6$o!`kp(xl7CS}#!+wVUV$jq6Xg8?Y#ze$lI)c5W>H*{W=e;&r~X zFQ6RNjytUG6TORWP*RUd^3pYTjhkM|dCWT}&uNUe!3|pY8nDicIEYg{{8l1tBqpLn ziDMa*jNMnQ_Za;fSYXDkOl91_kmTMnpZIP99Sh7|*@TZCi%(?R6{4=cvb?u}#Tm>Lg2z`_oy>JXzF>V*K=Fh{JLvxTIliJAl zJjkB@l4yO4Z_Kh7N@cAxS()u7vsvSeJt9x8GNP5gg?aZ|E$Q7SrfoLP&9zTKcJQ@j zN9)chL_f-rk3CCjO0eJQAWpRH4pDdQ#@O2}=)jA%?e-hoHnkIKUrP`b37EH`rld1U z*N4LF5%h!xIS}IX(}GY&`Uo_6nGjT%-3Os>&NLVX__~f5P55mwNsSjMr@?R??g+caXO;rz_gnK+Bo5pX_RE`4Lu}6+NYf zl3`XQ>*>lzI47Uf>6+6k-z&Y?)YjkKo`>A=D4F`S$!YO)SQ=r2O6vk)hZRpf?C?DV_hp^s$pRj%ziK>EK>G);TA-l_*k{ zwcs7e?%cA;)uv@+OaaQF)+C^wq<|^YQLh7YpsS+dOWKei>;1SGL^ze*T36yuv;A~G z0mqQSR*`g$_GJf<>zRbpL$M<)=$SuFguthJhHk(uF*94Zg(YK~6r;Sp-K4w7z)=)V zQdE_Ac!!H;&qZx5)A{HN8CRq3L8dc`wD>AnC4CjJIIiCfZp8qHW$?=7J|}%lbhOhiLzmJ4O?_up zq8GBjPa*h$>3M(#VA!_$CxrkJ<*>(bG2xUeH)Wtq7Coaz8|*O3#JXoDAYb(OxXZbQ z8-kev1)KVxVBhI3O?xckW-iQ5O~S2TB#@C@@J$>prtI)i+%$rFwXybdr3`l6{WeLy z2%8C~x6JP%Cdnean-XSR`VYcgZ%!12-@bBuG5k=dBh&I%#@i{qp0y3KaL(!(6B`L} z!>Se%TXfSf1>vk4nYUU6T%!i|fCUSqMM-fp363TK;~N&5+P7_7ZX#VKz|q9WIuDo1 z!N_}Gka#pFQ+967f-$w}4mu+11r13Kd*+$R_a7zlu@0LgS_ORL5BCN`c4^D@1W!r2 zQj)%w{8knQ{bW17Hk#B|F~a&DYYglHFz&fQ9xV^1i*u^KOk29IKqp>bDNMl( ziwZ|kN|>sye0(aVM?#ORFs;WIYgiv}dUHV{`;JYqBA!w$T~KVC9m(>NfM#I(C#XmJ zS(Qx;Rwo{GgC<9Q0C)c-S_2*vRYmM1L)&KDFqG97WJ9bLJk}nEkVEa>0+D%xvUDe@ z!o0-#)0X$f$=<(ER$q0OxJz(>mBAK#Ayj$lR>m;LPT z5OCmHnjkuFAt%7?e?4za0V!sY(ZGfR6fCa>sFzON?WS(>w`2+r%Y*>@wk#W(jvlcE z&Bvr_4cw7bA6>p}gd_P8G`(J=xd~x3-q?6 znuiDfb{JM@xl>_wH8*B}Hz}y~HULXsGSjxf5u~ zjY&!IBC@%4Qx1L_HFiPDAblI#z-u=;RlpF}i2&C14yXz3O5eC+YB>Qc!QP+#3We^h zI>Z7h04-3dI11O$FMJL;`%@PT_EwjP{3_N(kBcySNT6fu!~BMw!S?v;K=0Ohw2-Yh z!tqAAdoa>C`QD8tq~|bOr2B4^uk( z5!sNuw?ZJQUF+!4ZKqM(?)4u_DVs0LN|w@VPf%2w;OjDB+({X~TvB+Ce=#Ye`-*7r zAh5Pu6z{FZksC4iGtZ{$73Gl?2V?!xXwu~{bO_+`UGFhY`zqjH*CGvYT!0E0T!eb} z*D1C}(Lu$RfrTe(o;WGPCu$!FVF8&*u+SMZ8xr7eh^QO$7_AxOO28I}yl5SRDl?6R zw5b1VDmaj(6EWo1H4ng)aIceyhW0WN@^9O7k?_gnAfDIhpRg`o+j5R*R>;c4CSvE3 zI^%g~9XlnGB|ZqqTUrLt+a2AH1Z%eCOfmIwH92pmPMMz?J-SGU{`8OfEdk7mic%|A z96^s%Y*+3W^mc!9kge&e@Z5X|mGrSe(8}*%BRbq-9}P(4=Czw1hKikDRA*RTpvNohzC6tD~{|qRBk1ixPgXcm8nzP0sQ68 z?^41mx0Z%H8LE*beKA)|?}kmxCq5ozk}$?Ybcr76JY$bpt3$@>SRmoInXH-yjXInb z{JhmswKSZ}&@wNfLKHG=@rnkfiZ!iq5rQtSL8D`J4!nI}K2t5^^s{D|GVAPj0CYhr z63zjB@5gnF07V7=7Z4Oo7s}-I%stiSB?LMVGkG$yOMcSh9t?uPas9HoQcJC7B0aPn z;B++L`GiA`Fjcrk+GWW?xi)+;gAqb6+Ebo@|J4j^Q1Vh7Tvz|Tt?hMT7M4Zfpc+H^ zn_@in8!!_al4({b8KwQo(5)bR_n+Vsrm3CsS3izhNS`t4;U}C5%woh}mDL>NHnjD2vr|(Z;9VG+hkC2ufnQlE-x9q# z-sC}aK0feJ8s>J=r5pqT&e+Ro8PgoH!4*m zmH9CpsxJgdQLaLpL8|Cc!vIrFWll5Lh3a)Z?h`TkI0%u)x8CqTZu7>cqi+B@dWWXy z6A50w!M>;gWq^dXZsl}fE7Ml+uMz5?I&;&cC0hZLCUtPg%y9mGC+^~J&`~w(VucaI zLBK~d%+B!nI{h!i3{1R?$r;IdHB)wZ+DoVgZIIv>csa8Mc)w8}?-A`ur+x_}Fw zb9LjuoPr|*sG8X3IdtZ@Us;X^cN5IYuy{d@74!K@&#n=_9!URI4ZVO}U7wGVSM@jn zXsf;fJKYl;grZNc%q$)k0PxNXDmO~o$pq(^<{nshg17hL07cPZf$fJC>qYJ3!Da{# z0UXwD^N06W04G6E+HjWq7mYHyBDL6vd+!>^)W}5kd!*Q=un{4r4`UU?D}ZP91?}7> zja>mwcDHogzTNCltriX%e$@l@?PkgdKrQ_MS2IP7Np>nti#^r|@tr@-xsRo`+_5Is1Y6gG1Tu=ah_z4jg z9eN0&ru!OS$Nc0A-+^+|9e6b>NTOS0C|`N^V8{=Y-n1kFX!P^2#QT+`&Sz=>g&c^i zTqim(QVwwx7~ju)*{OU@Gl={Pn!zNODu(>9n1CZv|DLD1#ri z4~7Bd2bQ$ID)c!W0(|c)r+`YiWah{bV5a~M#QI@;OeOF_n^k*VP>64@mBMALSkNm= zLT6mNc2RMftTIcbmSj?&bzdW(Xn)Eg?*}~yf6;WFW&#yhwu&*a7&YbRkH6QafaS~g zyxb0iqW}R@ai}e*VPJw@HZj8X!d7S}MAY5H7CAU1Xr*Mz(sQpVBJnh3*D=7O+Ak})oVl0rg~`cbmbKyqIUFNH`T%N5ic zp}OeubPWv(MqW$_jeOke_fElwN!~!|AlDE=GT$kFNcxi`huikR^m^%_6Xy`q*=n@82@EO6Eb0};20(q&wA$i2t5$+$O2?e=wjnvStNr7E! zQ565c;W-e6_7sC|^BSbXeNYg{IA1=7Y(`fFNF*4Pi(!&RkCf{a-Ky9E6W8mii^aAk!&($Q>jM}Q!O6TSKa&|FJ1wtH@+Z;oiHZK+=J3s zrZe5Gp@FTA`YEnoSxOq+8pbQNH8i6B$mh(7*ub+(vhK&B;UL@^ST}RQj&!v)o)21F zy#WK0eY5i_+HiCzVRYeH`-155U|fY0nuvJF3f(cS>g1NA$i523D9Dy!K|(T;S}3%O zO3ERIcsKbJrsvD6<{z}#U7jon=M3pMD9QCasHg`qh0OE7NqiWn5c~}@+Z@Oh-v^!z z6Kv1c&Gn!gWBXtM?toI^{&lQ}DZ1bDybU-SR*q+JL12?4EZXw_q$XhF*sfg}w0F~H z*V!%D9^jZpN%PnVm&}Y5*>%e0LFmKQS1;;vm0fhRr2^=pZRSzpC^RuUB zf+FT>-hz!}8wT*gh6UYF(Z0U&vzZwDpP;^cF9%S-V(0m7GN>sRWO4+%f#*}!J(eaw zXT#Q|teU?I#rY(u+rqwt7*vdG9Fh9=t#ry=^ZmWLP9t=ig?UHYLn$Dp=y3ohSG%C` zzV;oD?o%WWZ@XB#q@5VM@A8bH-u|S@HBjdx=Up7Jm1=*eG}IMOR;$udDsxf)GH~hif;_6mE2}f0ayjFd1u!J z`d3b858HI{Fyt3wlv03ITzqr>Zg*U0PVRAKc#zKK03LYFtD(()34Vllxv0{=8(y4&zIcOzc0BG{_;fBL|#yAMVtyTgT zt}gD$Bi!{2#`7U6$^+l1)V%c`G2&AeP@29EOeOGQu;)Ndb$6I(MlJQUzXuO~T#p5# zhdFi4Fm8SG`&%?w68o%rRU@MAsg>eJi6NnN_8 zsL;Bk+e<%wZo!S?ZMh>kXV|nMs0ociNWx`R#H+!A;q|?hawT#4F#Q4YK3+61%SuMP z4N3Dhc`PWNJ^&@PQ@eQ4bileP1cvl7Chx~}TvPEEagE@cFdi6gL~v%3y`nAfQK(RP zBm0r%ktIvJY>_3~ZKPnbQ7w`ec|Sl4xa7_iWQt>P4)eZ@=fpSc_d#7<-9>Jfi@W^; z&dIliq0b#}Ov7*64*)jLtC2?n7Ab9R5f$z$pW~CR6twL4n8;gT$Ah+tQe&_K*^4JN ze5g%R5R3Gnnm%SLPTLwopwO=_m?8|LI-p{m${=V?EaDPnvGm*0H{e9Ukzh^$!_C@{ zpbQ;K3c4>Y8^%?{>CLna?uMU4aDI-*v-%Jrm$;UvEO>`>B{7UWjDeneDc5V!w29%3 z!OGPBUU}WIBgjgHTuF+$f%zaj(j0QXY?Wz20cG^pL(a402Agk}{kC}Rw*YERbfmfH z9`=4;`21-oiY-)eOVU9&eNr#uA@@4Bd&VAyhFueai(n*q`Ni5{5#ZPW6FAic+lS)| zu%kfEv3cCe)5l?MGmW1=3ioW+QOas=QkJl&yTqf$cWSd~Dht1C+YUrq9|Hj~nFthF z$%*YoeN0MqU3`y($_lELn@bps^en`S7>@$bVU9_q(lyw`X6RNLZ}trIn~Dp*J}DXd z+7siWk|KaTZQ3T9wo>v;#OZXJpr#4ez^hJv3QJeL$SxcN z&~K}nXYsj0UgBUS+=5f%eJV3ZUzXF)E-(v^cn<1o-vS||X&GkWWe+dUGQ4f9d*iG~ zQWPEJHE2s_547eJKoLt?|F`oWoMIc>W%WIsGCvWh-v7pEsGW&Li?ccX$uKS?l4*T128;|Xn9&x9vxfHw14Lu?3-Al0>HyO-j&1}$ z<%Lc)a5w?zSHt3|QHenr&D>@QptI5TdUggeGYr;ey>#ct?CmGUHT_M0IR3t? z5)nI8{+w+w1fmo`GWaElM6dJiwko~VEzEr4BK+r#3~q*c02z=%0wAaQsr zWEIqHLjT$AnniKe}iK&sF7MQaw=UZ3v#&l{xb>Ud1 z#}qm{;s%%Sw+T5Vv*OLeec+K6$6$>J4kvcrSQYSQ4J^TO$D>a7K_|16rI5a09(vPYr&=&a| zg@fECdYgpB-x;q-4wbr5u~qrLK!?4wWsm~a zeaGdrO{vtKO03Odk3cX7RT%Ju7JxP(Nmr!X-K~@mwqDS!^9?UNbS7cRswn{yI~2WN zM9TFyjWQ}gGt`bHRfDC4NJ2I*xK5siQWOXzA`Aexh~%b?*V$OIQc7|k7|w|g`dt0) zWVS=e04xWZW6)f9Ib{UksIo7$IY(;350MA05g&Kx%+l{zIR@6Mk~9F|HCePUJoC|* z?33Y#WAs~}qt%DHx=-`Bj`Esr1c#q^znB(gn{; z%%afc=_Ei(t{`4R8cu}w_|^P9O;YW9cVi6D$*s7F@5?cG-C>*{+>=gdjno|{!A5it z@oqX#viss}2{CjpjQIOe!3XULX%w-wHyk0)=^e%z4z*{_I|JYQlWLwUb3&&7N zpvZz3sxeR!$@)1Mr~E>n8f?t}GUzY3S(HX>+Hdiy22D`EG_8r+hJ-*W@i~8K9osvj zYTkY)xiYujjuhfOrY>iz*C`zllGQ37I%7^s!j(l1KD`&^MUNQHLr@rNcSa=s0dtSh zp@_hEi8j4*t47!b!W~{0fh8CctSydOhroz)5tEJtoSf>zQDv2Y8yrB|wRG>KFw(>F zSJwgkSXuAR_YJ_1rCW!CiqZE0XP+H3FJHdVjb&%c*&9e%;mYm%f;fmb!A7=XWy#+D zonLcHL;3I!3GMIkzE<*CTX(+c8N53-sx1C#Q^4S3xWmbGhfZ4-HX#ejr%O0BrOYap zOt4XTx8M>ff88v0C+FnZMwz}vvY@nh2#+sJ9|DQ=IRGco) zK-oLLi=`Rh$hdya`2YD*j1g6j4G3S2p>?F|M~~=BYtK^^%TKiLiFH z<))SRLpGSI*8^oJ=q5nQf~f8&8JE-6$|2D6)uPKE%qqPy;ReS~ZylT^0-MkD*92F< zNYjJ8I~N=sz}$^#dg+dX*i9P@GnEm4B`doB?l$;p61hZMpd1wDwoFF=j-u~#?nxY^ zETV&+histSc=NkS6#z`RS0#R6!~FccN75A;D8ng^RwaH)xE^3*Bef!@Ps`yTZovp$ zbx|_VDR0(}8djjo-}HHN0s^15`d&jEq*esu5-?tZ0?%2XQ&RzSIFu;6RM#0}3|6g# z+jHf7eVLry|fJeUls?$XdNP+tO?5R*tF#z5X?9C(p{iz)w_B_Bc z0N=jhT>=2l2voEmfi)-9xyG78Wl(6PJ|$)UK{SHAU&=27E-|Qt1&a6I0AxY2bJP`c zPzX{3rx<{R;GqCm2o@I2*+CU#(t79D+oQ^zm<3)kWCsuB!psZSWArV6e*x6abG#w>kK>YW!AS(p-7Oia{11#phznE=^53`a5AU?O-{&EkRSqyWL?!|5-l>Lxh zp{8nCmNBFF#OpmL*5R|MspQ{4Fl~N=`}ui;%^HXWf4oq51hV10z9+`*Y4Yrx)fM;rZ^~uKS2;b!b^)$cn#+04u5XirPy|TD&b% zOKlSDGZSwVoB|y1<{Ty)u!=DsT2isVT{aqw;Rk0%QHha4(qJ2#<0=)PCLk7CdyMew zndXH`dfD9n<3V1&i^MJdQWOak;wEi3m%uSTK=XiH6S&`ymJV#bU!@=uWLz&H*pm^J-LBx!AO$+F+ zG$>r{fq5Y>`EZZ}s(s%gMSkEQF=0LLbbAUe=0Ko54RkU0u5ggd5wCJTRe=vBF95q1 zNXH2ZwQMP+3BX_omV>{>jJO|)E*~H*2>jFEtxgZ1Zi5OO3CzSBEFu3n>df`YefU3~ z++c8gHgbj@{CN_MG;OOSa8N^SVhf>DTrtoDPB9=55`nv}@k!fi{4ZX7;6&A90#Y(y zZuo}mn~H!3!TEY8^4gJ*Mg{?WWX_$)Yr{zd?jyK}|9&6;c02php=*hR<#RKV)qbie zxAYYU&}WOI&|)RUc>wDI#|KvOfANXQkc6+xE%(#);Zwf}o(3Gg|IgF>>!aoyf>N&Z zpTZi6g`nws+fNj{uhf^Z`S_L+-9#{vl9rpph~_SvFY??+aOw&J4;98<7N{}?c+dRk zQ)K=jrq9AxeOCe#?dB+h(N{@Mlsdf3B7jf+(3Ex?qY@uOQ9G@av_q+j=2S0IwPV4D z$m2A(eSUWdbmJc<5UDkAg44%0RMTqT$Ge(q9DR}z-5*-HZU%Y8mf7Xd;jxz#->|$$ zj53}L1`0Cu4i<9vPU5dh)LDKhk{I$U`)p_wHcu!e{R|jkNaoxzxm%i!>82%1zAzsM zZYdr4jeDK+PFo3&FWzPQrW z)4{FLZ)#;D>>(8vYZV0}J7eFj4Ankvjt*~G)>vd?Dox-p0t)U$gx%+GN7Id>T+ikh zEG-#(%`vynZ8YFp%ae(A8t__9DW6ImC#h(*`m^VH@w>>Px1jc|BsLQ$G`E5 z0A4OC)|=t(M1HMa4GAc_|Kd@6 zEYYR!0$G@GgObX>5+DEZ;grCELyYRyR2qyY69lk-UJtw1VK_H#h~I$v!T$3L@=_ph zgQ{d1f7ECH{BN#*&qwml2jlyyvHzD9k)-5s2bSm6o&Wg9|M%S-!CC;0;HtQ``CqOU z;Yak2AGRsXCzonY7)=pmctPGgk|e$%*BRS?E=Np&H{?pyi8Dgv|J%AsQr?7QIiRbq z6h+#T&AXMS`Tyr7g_9S`p!s?%E-Rlu*BkFGRyG5M8Qp1l&3}1BntMK`_u=uO-meeW zLrGP+Ba_7>anuU`dasbE5D|51-7FYQVMKUgDmrw(|)Eq4b-3oi`Hdrmh;D(IezaBFVE^NS28N@?KixU%VNPfPi2>tsn zQKGoX{qaQAM!Ed|?fX)q_+Im8R4x8DduLI6 zWmfvvW%MJN2jooZ^BNGPI!T2w= zpIoOP|6&ENfAI7FC-bKMXyLye)bGHs{xNU;Ph}MU>ov@k{F50%<}KS>^~HaFBDB3e zlYgq9t7H$WuaULC+6PEnbe+oed;ayiK#S`pac$5JeD#ngT|t9mKhRqhEnPO8I4%)t zH=QyK2&>e7yl0V?hQdX^M7pHL`Ufbg4c&jL@8NirIow^M)a3tZBcN*AD^}xa zuu`DVmkmCAl~LHR%$|xclFBH?Nn}KB?@ul^?*)*w1YW${NIL5kA~~FH*Z-a+kzW_|;8Ok^J>lHH1Dca#a)z)z(49tpO){z+d>{&Fe@WI^SNp!O^2h~+cHY4i3 z;3$ItL%6Znmucn7kcRbcughYR+eIbJi{i6E+3?kr!$dl`=j7_Cr3VfX!w0YJkJVJn z#zc5g*@So@F|p^~rhUigasFl#LvQ2zt}U8+_@9JvAjmW{^(0VGRH&KC{bMb4x=9pK zf_9Ww^rFV1_3wTYx8;kR|7>OYlI|HgMEKl!0O@p*;y zmjsCx5bQr>$PE*b^ZZnbHcR>1;;KE>ZNWxs*ZR4;8{PNK)V3JsdJ*NR{WZ))i8Al% zKQ;hZ0i{Z%^#24cZ4YRCFcYGbOsn({@)>6yEfFep&hb%IppJ5@ZzTW)wN8 z&J9&#YJ*DwGo5WWCzY-Ih`pJvDYMXdcLcaY;dFtRAYDxmMITO z_`ino2nHNo7&sD`Hlt+b%n8`-zDcTD%^ccrD6^wcideZ{<_Y{(8c+a0Yyy)ZHOtNG z)+7w@69wC!7!2hyM&yR70!v8_zHlH?*(9T%1blevVbJmQS&(1-6=<}tWILeoOc2f3 zzxlf55or4#;4hDoMgfM;Y#srv=R`2x0+{tfo&+@5%8WnF903xE0+otG(Ii%Kio0%+ zyG$b;c>oQvqpKn}b`D}B#Kyak0#KU_Ku4&0@J(8&e9&L)tQU71)yz`y=P|dXf zDD(3XG_wg{lJNG})a4+PA>+c8DUO;#W%U53*D|UVTks#O`>~Ay;yf!z6<0N&!h~9?UH|mY3E|I_DW;EDLb>81h4S_bw>-Ao^CD}&<~u8J zp>mXQL}EWSU?R9+X1XeQ&)qHZd&U#c*nb=yI{?7^hagc{onx}&AV!4XVuAtC>_c10 zVRLo91jmBNuKZ2l*ooDH`E{!WbXZ|~{i02BO*dvGvaD6pB2%13&Fg{8IIs=9=~^BL zMs-z`VmvMR0qPsfcI(ZAw!m8pS0$9O^lZK#^Oz&C>R+^Uk6^YZNqF%lO&LpMTb$u` z&(rsNkiZJ1MQtB{QD*jqoh&FJ1B8SA8m7ZHy<)2LH`-3HJtqadxo|;ml?cDhd=f0s zTcupk?C0?e?HhNgp;>eeEb2-_9oa)V4uXrzqgvYubd^F0FnW05L!bqpe8v1Dr~v04~90u?Gy_l|%xvyV}iCQrxi zXmHi+#N;hQ zfQ++>$ZgUS1A`>VE)OU26b=F{!#j}$e_JxNT-v;uBY9@aS6u$#&CTMglhi9at7E__ zseAks2tAZdZIJm_O#rb-sXsA#TU_?4FTRH7Ugi~&Fv@8#Mc*pcNm5~;n0(5znu*GR zu?M_{-s_9LpRm)d0!ofaHL=qh#xShcxR-JSUX?RGlRpWiNc;7llPGg71IC5=?Z^5d%f( zR8Lu*4y57Y_sA{X#__s~mwP08a6abOJrb5{#x0xyGoAcX>x+JnR@fSpZ!ERB3A$=}IqvRElVBHS(+_cG&WqFPIFAh?ZD3gcOgp>`#LC35d8r z^N1%eQLlu#n!udy4ex{ZV8-%q{2;*?M~uOHn)-DqbstcK!q|nMuS8KrO=*>xdNvMv zr^4JK-+H#ZZ+WJ%y3#UvT%U&a(ZUb!6sO2-eDwK;s<gZznHX%J81g7i9yex+nwq>}9S4ZDvx?LRA)|c;@o^6#1r}U=`o-g{z zkVq&mU)ZfRFV_s`Y97&g^CrwSOP#mu9)~7OMpE27Xm(i$pdcA6+%ZdvpFCysdXOI)wSV zvqcT~!`zEA<6U@jr_}IrfepuG6vHCxXdjr^RwJ1L-fFm)P0KxvjEi6vt#O=~pzqqT z6A&B`CWeg41qX69btX=%`Z=>A;%VLC7i9!zW&;Z}TXu6rv8{O%w#%P&aZS}R)5(Ez zkAhDIC-U#G?rkWS*bV+F5I*6l20-C+00@{->Z79 zvV{HR<8$nl?q0-GxVil!9`ZB2z~s0Rv#Vq2xxl6hyggH%jBpb3J!Ky9EB7Qa?rs5V zyT;DM^FxZO9f}Bf%kEyjLbbWy%YoK&vL7b8BIQy+PD`i*Ws_k$d`H6r>=Teujkp5& zF4iMOl)O7E?A0Ya<)Dk0v&|@#+PH>So76PaRAsR{bqk$)dIJx^_G2Db?tvR1)GXW+ zxwmm$p9k}wYkUjq@4-n&?FeOUGcn(DXu2#q$53C+xkO2e|Ma;enK}+|h%-ULm)Qfe zZJ*kc9bpNcngOZ@&dQ~X6!!h@dYpj zu`ue0;7w#9Gf-_e*ZY{_;8KxN8W^DbDrkn${URuk;e_ZDc$Q@oP7PeQWUmhNuNK0B z&SfuK8k)rpIWsf7*0iVW9YY;(elnskk>29C$48|DG9e_Zdm>b}gh;`qih4M|%u~@B zu(c@FUnJ}jOqd5k6ul%)BnE*bMNgn56uOCUk|IU7JvTY<{sigR@}_xwxD*o`mVMF! zk>Tcj4A`n5@Y$*;4W02bZH2o=IPk5a)s!&HYwk0*m;m8x^0a#73~J`hHfi@pZ@J5h znwu#iq4uu<^;f752Q>pI5QQG$_~X1{O?x~SCY~DkZo~G2xB>?e43jo{wnd zV9!*iAV!Y)mcd=V61c;c5TOGE#T^Yk6RAT3YKTm}PAWhIe^SSx33}mnhc`n(T;OPR zYQE>28qm4U4`M05P$W5T_BwB-k`v>2QT1}XL0o2p!#mn*G?#+1g_DiT+FMjp(s1D< zJHKZ10BMnWk?@{%t%tVAK1Rz!!X$c?lyy?8Wq4R}SZhDgiNPHz(I)KE8^?SAN;kV5 z6D=0(_YntC_x=!rUciZyU7XV7vh*ecGxAQ)Q$mK7b^&6}KpeBkt3#Ws#U}n)lgj}0 zh9pv}B?FZ+DWU*dZd|%`dpKKEc4A-8Fi?!nZ9$gWhJ)DclA(lOqilq1>(y70dZJh|JIgzWM;K;n- zBK$S7!;K)rdWVdL^T6m5t2UfWivsMXD;~6UvvZ~6lmIj?id_P(2lh9>f2o}OzNR~< zAMNglPl`K@vy7+t%DBFyn#bJV`)V2W)C({iQln1_bkoMB>wG7Ij(Y_?$Z9Z#zbqh0 z-p6EKCRs)iL&6ZfSshy%o(vO=FNIig)^AI@Y!qB5`F(|N57k_@oA&KXJ->J%Co~7t zZ0Aa;(o?jNi?j>PzvsKBeUxsD_de_i4)^}$f@FvO4%O;jwLh01Sy2&%Esy+9WUbSh z$4mPSpaaVKx>z%4k5=F*rLB?;w>24Wi1YD4KcUdpNs5@x94hIKLB2q(e&-Z+w-sHU zMbR+c=#9ynv4Ol>qG-~Uf49%Hh`OF( zzDHriJ4c>am!|(IKfTznJ)LZtvFTj7+9>fera~Z@HyTq6Rr6!LmsFP8!?y}O2n(Z5 zkEgCK^cm1zcp*LHW2fH-J#N2mfw>sj>@>(n z8J%;j6<;U8Bv1>(U!7Wz80hrTF@M$W;I5MX@jcA%GhQbS-ZIh1Toe{MEsV>eIp5z` zS?vmy!ZsyN4Sw^!xp{sPy-O9H3P!{#qa|<|heXR2mKC6eC8z1zn~=E)9kT4d-d7&H zTaS~3Xo%W6N6_al4E$c}Y1iyFsm4malN`y@n@nXU%}>Cp&EBAbk$P+1>$2=M%-QpusIrA(ZM66C)7pm?DkWA;`0z9| zE_$zd8VVwlEABHl)yv`%FL*NTMQb0^tLA3Runq4M6!=}fMf%8o{!^RRYS~-|QzfqG zS2(*8V}>je&Zc)hdC4W8{~pEL@bhdY^zFuVV%+zA;TV@yHU zRpQE>D|UV!V?~jh{>FT+NS{wEa|Xf3);wa|H(wxf5%C5j!RgVdbBdja)g)~mo{C7Xm75ufG#C5tX9a3!_51J29Z~)t zTi+cH=htlHn~uj!9ROBThi?RtaoZ8Uq^Ba|paW-g^ifxGW-sJu$=7-P`>^FiMvk21+R zgh^ER>m*@lwTyDK_D#b9o66i|De6U+d*3-@IR+}CqW4g$lsxA(emLCPEiMOA z;wsu3Tw~+BA^3zMnXju_OU^P$dElg-8#=%9s1jyDzjp(V_9x99_8qIej+U@6lGkFj zl`ZF5SNmF&Ui1mk2sz*D3dbz!XbWm`4&HpBf=3qB9ANrOAjO@gdCMMVUc1XmqMaf% z7i>$1_Y)uTJI6&^6fbGhHyB@fGqEL9Doz&?S#T3={MbbMh@0vH1y_+XhM%m1 zFXzEiWAVaCf$_pwo{zw`ny?LX{&ow5XH3$g`l2`xEC7#|GCYQC--EM37@7$u_UAz4 zZI~BYm5Ob!&uI5oo6JVnPzlxD;pGg74s1J@&jhyXarVj=V4J3&97JJ!;p{tY5|kph z+~^hs*9erkV>TO<*-c|WbLQcUF1Ug$>q3Qqf=_bKyxHYm+VruyEIS~1ZjfgoP;ft~ z=DwAA!Urm01|;uK0sM!T^1DS;A$&@9fWs|)6!_7PoW7^kJkm`NcBhKgU=XqDWv*pZ z=x7;EAd3gX0xF|EqucO88@8WzfAHXP?(a=IiP1!xbYYFLVS%@$qvUuX~c9=V4Uz)soMW>U|VIw#& zbQ9-C#+eeoB?p14peJd0527ccCzjt}!ma1)3V%<2Cv=6Wr-Q3N*@L19+w{d=s9(%l zG>-pUN+dB>)|U_~yLZ!@<8wxw!bxRY9$nR3PB`(g0-oX(4&Nfh8dXN9uR>~%ZqUk| zYWxME#u@smffLB8hc=!hs78n$n=slb>&hMy7_5QolO7z{dYjqxz9U;{LK@uQNn4n0 zi6D!!H&s&8>fQFtZl$n zFr}s{8tQ1Hjdw`xfblZ?=t z?7LrbOdkni5AYpSRDBt_O)LAlmYJ1)BcZ5MIw;MvHS4kR0nX!o$uBes16Qr1Q9LVA z4v_AEMOy{>M#2D6)~JWDnPUFV<&~3~$jEp~SB@sK745}{UK!G1sSEsRdP9-2i+Y9z zS&y+zgR3n>!yC5rLT5bO3xdhCalHYK);51tQ2f9wqiv^bW>UH!f#;L`JEyk-@yAAX zh+7WT>Kw*ei4w;64Y5dN1cgXN{hig~v9OAV63vix1!deLy$RDGD@(HJiM;SZJDLy>j3;MqN4P0=k;FPK!>tHyBQhF4N$2X6kk zyBCjjB5bK&;kA6#j=7&7OhIc1c%a)aCZ6nHX7WO<(Ppdfhi(l}aK z=`=|#xENA$#$_SO93CN1AhlQv0D9n&*p2s*^E~t?R!*_b;!khk5TTADM!>_hQeL>A z5+`C*sb2~~E2W(2LccL*L3zGN+)EUn09$v+bt!Oq>r!_0`T^`ncRODtP--{957|L> z>t;YEZ6ZxFQ_UOB;W-s7WR=dI*E+`S7^SXc!_JnXO8$8RFwspS{5we56t~kx8k-j47%j=wJEN&(r949IVP6?N z9-TtIz^%!zdHPl+xWXy%6nGW*y9nV)f-!3QRCryal=d4>eutZT-(Iw27sV)XvJB3y z*v6Q}xK*=G+~^C6u_g}h~y0b7dObva{6kv=TuE-j&Q5%_cj%t&5(sP@_lI))159F6dN zVr0o;6UZfGDw3wHyfM&ztjs#E(iTKs&~s94Vnx!a0^;WviVTwgDW<;P>dBzMA9~)j zcMCK83SHAU8qXJyA@=w}vHWnItynTfs2X6HH8S7I*Ag`ixf?(;1(J;>cICq22mE27 z<`tFdkso-kF%$=HN6N+1Qa1J2^B)F_8=y&SLWBt!Loa)3Te58H8-cuzjwWj;ld&z6T~Hn=k{xI!;ZG=d{yV5-RGwt6HwZ~LLE}B(#4ogE zo@;@n+^~va?(C($w6h)KAIxZFCu18H?i1#JrP~}s5ng(Lh>a88u1)jcMsg!T8(Hn* zDj}62aOSBoX{5W@DHJV~sj~x?p`D~zQoL&8dLpGb+oqHePVD%O&}yPULg+W5L~$Qg zdO*xUYjWRd>WHjLPhXfCBry+{@sv2f$z8=jj@v6IcU^z2$oNBuF{0K$%}RzYAkm!ibI;pSMh?A& z6vxcAil*SK(6|V+*dF^{{)u&keu(ier0_+O=>6$?2kurb`)-R4cr~;eCY^2O&pzbD zl@7fzU0x@4NKGqDv-m1UWuATOjB&fNJVxUsz-v(QR8UlcG6?MM!pW{vTwQ;rV99X! zXhf>=$6S1S-3$H3j*;H+F{7isRYolPRz#U{um_F%YsxD)N6|}RpzT-bgDa^HupEsN(zA?-271r(;Id0#K z-Q*|*bARJD0uu@D(~rdNO6ASwe?C5>My?i~!#=m#&=r3-I^(901-i-xgX+h3D`kIU z(w`5E?;PX>ei{jKghqY!68f&QUD^y2RdyyOJFj0+G@PVE(>MYY@h7?2anWUwo-s|T zGD4=d8RCX*D)v{)SeOSY{pZ#DL!B;X$YYGg7CI=w#_V$!^o8=tZ{*Uw(KLROHIaLW zB}3V^EvpN0N$1~`c7D|Q23H(A`Wh~+I#56;zoJ^14!htTp}8&K8OdT z`b{OQ$+HHZdqv`42%DKF@5FbN6%Q@r3d)4IVQxxAu&I4aZ#9tq5>|e&oQ*S*t@&oU zR}R!dwajq>U03^#$Qz+17r&zc#*jfwzd9Ev3fO_Ia0pDZR(06Zcg*KSX@qbRbN3HFx=$ z0Mx?D?pU=lb96B9k1gSGgm<{#RK>&N>)V8w?J_ILXR)>5!blXLHzXYY;NjhUbIx<& zxkfss_nah{qye;aK2$`#wF0hDi|hEa&F7<}4XoVIJkm=Lj`q7&YJ9n;m5)0g-0jGE zTS7J=ro_CC0EGZ*BlpZl-@R-}P!3XtJmB`((kX^i4=4$HV(ST04Cz;Ug)ENF0y-GO zvK3;22?9wL%n5UPKsLICDLvWAH9; zpBuB?q_-tPx@1Aw56o)|p!{>43QeVE;}?Nu91Qd1t8@t~${-#|7BC(3b22LBqJfspggTyeVk{F#J5kA1pFvkqkU!H!Dz9@}St4y2=3q(nYBG zkQhW6!5LmHXV6?}TwiFMWk>|C%W5QXdKFG+U-wsdoyLoc{5B53WT+T5-W!UnCovbq zCw2pP%sq39EeZ+02In*+TEXKW|3r*~A^{)g9%C){d~5wmc(vInsVf_qJu0FK5;sI& z_Xlj?hR0n)PPX!CEVT2xV}oV$!;2?AgK)br8-_gA{KSN$zxB_kW1=+EY6$`edu9jxoG8JJZDvSr;94b&NJ2YVE^8M z$dKMIsY9`SsS#O#tFB6?>C?W*#9Y9t4kPb?m^qq2L^4=ajv9GuDC9{w3 z3@sJbV>{;@u%+A~QAz2>yTHHb?o>6G4_Kg+53senqE9pVTs>JCH{t9ft~pyRj6+@` zHPUC8{N2O64JlS@4#UOzROf1>lQ$|I6@TQM{H*yWtkle54jAGgV39c?m2o)PtY}K#Aw9a8gm*y zfA@_FNxBwNd%v(Z^LS;zDS1NnQW+jn`R>T~Tl^_p32+ssQ4^z|s^awxp?rQ*wGPd2 zjkf%iQ{AVO-9y{w(n=VOvsht<*~c48)KWc{^WS%?eZEFD3Qpv7(xDwv4`{n(M*;LU zJN!6-l)W&)Eceliw=DV}vQs5tVFC`(J@mTe6y2L{F>xSSA@5_#Lvsz83|I`{sq9mNANl36 zK#CMWj|^->8WJ{=106itO_tWFsF$h5fo25+ zce*H6!vNs~QrHbE)f9o76?ck%+$Ok#BqDc(%9FZsq3^pfq3X6-)N-zO5{b&b*95qb14(=;wmCpGd<#wF_KlF7dMb=v z$KT(o+#8&Pay?>p{PYjVC-Xq^sBl1_HMUdcl)v6M#IyDsqv*m7}C-1 zuVXs;)BXqGXx1TrBgfNJbCd+_>Ky_1#ak%9dAWQ<}^vLjvv*9^>UDxt{B0xi+ z#>df>pC1@M4$3BCGq4aEoD9-w3Jg8jietj=AV*JdjA^iGgny)_ii%Ni#q7AtPp?O| znvc0rPOZ|CJav(LE@`rGZ}zJ&?m9YO=7ZokM1%FB(EE-IR@PExHpo~4<*8^DrHI4< zMzEyl4>;2`PxSU#rO+d}T+CDBMf%*Q=s=cWSvc9NmHXz=GQ`uM%v+SF=GIn_*O8mS zhw0(OHDrtKS-b`*w%kv1l&^3EMXNl4DqLohVQzMg%&$1nl&>13>+^WGK!R`Prey*@Jh+XK_ESrV2dE$zF{Qyg~PdEvZUj5ei8BmViY)jD6s z&(39}^vBlBbwBv$%LjBJC1^h8jd{ACFK%Dn=)B!|mK8;6(dK1fy_tN#yy&zqf+xaJ zMU{DIxRRD-2;^7OcqhybW9)GU42!NVdy3C|egF7otbQ!j%hxJk_)2t`81LUMm^0}h zr20kReOf+d3IoueMCU2Ph=mnM57aIba(k6SdVr!^haN;+ACt6ZSGC#5kiok3=I~Jn zyTFLg$LEtV1pJ-Er_}2gh7+>8$05*L(<&eN>sh&z4~%AF*D{YEm?JEu<;AU78G~3I z8dgr4?x#x+F@Mv=9FuD6y9b>Xj2pL1XhJo9YkgGC8mYt@v_yv7 z4|7jC?|FS#UwvqG$yiEUa5cF6{_tiupV%~zQ>_;@BUd-4zJ9ZO)7`9eP+YZf>;NH@ zM^se?#+BW?qMBSB+aO!~aPLCgiOsUW$zOeEw5=%CG>T$y8@u??$nPi8id&jdK1ulI zBtv@UbZYHyAmu5pK5PbfUg$b*IF3eIpT*iUQ9d3` zd+%zH6NteGOFBbZ(}lgb{#5~zqEP)1w;i0s0U_ol|HD7y)QaaTw=b< zllLYS3y4WA1JSKuet$1yZ_>U$I~du{3?-snXL9{(fm+R_js!LM}wr%jM)REUMqnR3wH%YfT*MtT!%vJ zgvV*FxC7ESA1#hH)mG-FNV(r>uB2Ffm&_lSCVktj$wT0wVEutkvq`ZzqW;`VA)=A) z-nrt@yB&@xof^6=mod_a%>0dD+uH7pfg_g%572ehnc~s09IJNUfVsGP?p}!P%K66H zott8jf#^1drkw~)o&@rGR9dnY^atI&i?%I!p`I9iznABIEhZ8kv@}zqyDErp`A@xdi0Y&^A8<2s9<00BapK>9#hGrBMo^unKgaQ`7T>9%X8JWHbH>I*D8=!kgiexv zqU=_AWbtgOBIZQXyU>~Yfv1;(MUA2nMeNfplO6I{L4fGPJEHb9AS{snp10z7p86aq zCB1@mw}nFHF8(I}9VQQu+5H^{Z-sbfZbijU_PP0Zv!sMr%@v*z(zn%=0WDO(?fc3$ zMJW-BeVQ-lKumsiXE8d%ZbNw1Rt{AsQI$!aG}(R%q1N0Jvlmt2aW9>+%%$TZ2RMr8 zn9`-HKiA5EEw*-pFs3VGL!_#r0zvsYuU4MzDK#GVQ(cUqsCwl0nVWMImB|p?Zr=&J zZUN0*>o=Y+kiLC38o7be{;?iTkUd1ZrSj5g=0+cgvKC{_AO z0W-dHWSbMvgvAu+z75D@%!TOB0!lf9`i4nbje^w$7er?5avU z-b>Xv-s3p0s&u)T-_ONNmrJg8GHYBS? zt<;8;hng--()&Qk*j6U0yGt}Wf1@XWgzSefGCfW%Yo2s4d*DY$yp1_jlnbx|srU8L z1&BOZT_rHOWV7!^dL*&rEf{IdgMI!rkV&G~dk)~*Z`#g45++t8Po6?rZ&^G3OZ%`g zQ*`UN<}Lt>irTe0I0OdlO2f`Eif1LV+o!wXnT8PK))@trJ~uZZG&2xTlzj78P`0(% z0uTT7kt|7XSm-^eGNEEOH~i=wW_Av|0+U&W;CnX?^~qFSV=kOVUtU-Qwaz#=reG3| z5@7yPkfWi+0Vgzco9}N=-vq#AVN{WCuGU%<>bP{P9+*(FLk3%~L|K&FGg(*Bbr<@9 zp&yvZ8wx1+_vH@bHR27KW9#ER9^bex1-t&ui#^xyqxcA}qUB@mshC!T^_cBq+yg1K zcc#fj#m_&c%{zz8%&(K#^ndm6<+FNm`DVph2mIEr?V-WMhc8AIBN5H9+mi}SzX4FM za}Z@1zbL!DJ$BO&W|IwJ8ff*uB3kqw8LG6lal9IYB;GCX?5W!D)JX6uI4xR@;jpkF zx$(KbWE*7PJ{)1zU#;wJ?5??CzS2tH)3h*)7I(N|cWPIgxLe`zY@cim$LM3(w--#8 z-(Fr9%cN2+Jr*ox<&LO6&kT5|>8!=9r^5G1*0A}=v8i!vchGOu{_=%{2coQ8;IE5w zZ29hn<_o#99PS4?TYjc?jG5Q)pK^$a1ZlLdi8xNJ07rarE8ni&njqlT#yQ^~esl75 zeJ3-}uek5_cIj*N!vD{^-A2tbbVx@#ET7?>Z0|}q&hT4qzp3H=>St{zxQhinm)$op zyA(NlfDIRH)4z*&W>;(-BQ6oahrR8JkLC$%3|tX&vdZu}Ki+T~j?1uR`3|WC^0u|G z+V^6R5qeFk3x)y?$0?PslaJAZUO;Oc5d%Q*k#R-k$&IFa?4#sQwcs>C2E|=XRA%rz z{-Vu_2L~AJAHY97{6L0b3wJdNw@sR3qa%6~t8T?Z>5pOrTT6c$Zl_7`CbGCC&l-Ur z(#aB?p5^jF$>OI4UNIhvCk;FGqVQf8z^m6r@On+Vi_Hy)!z1peK*FElJ)u$vyFbUd zsN>WX$w6>8qyOACgf@(AOaW;*4{jhC#(z^^!yYR{ltZ#yD4)%7ht|MFF^};1jN&g* zZa$V|pOFQ);Dbf2;pmVmPKUv*7DRAmN=@i4X%-LP4e{6DRXyNwzgvR{Zl_MjhIHn9HVt6(UCN!or}9en3W<- z=r-hMOEmRTJdteH#!b3z6{Us6_WisDh3EyME{+rb?%?s_ zq8~kpj~>D9)x=l*@=Dl-Og>%;2?=ODssP1sdbdM5<_ORt&Pin_tk6*u{k99xJ z`9;g1%xUjuPz~+A%VWYW${eaus_e?lgED1Evs`-?A7bZxX1Gh4XVbdqE-vQ`GlIkM ztwYGzPL4D9I(#O1-TX0c@ZSp7RL&6GNmXnKM&pr+p3}oitvay_G@@PN@}h^hX9=!q zIMJgQcILBg4SZbel{2-Avxb3ukaD=XRcG_Bln!a3+%AGbW71xEi#TQiNgiABhUM>3 zXd>+51B9WX-Gm|ESGO- z`|f1>A=ad?S*=02K=@EGM|{>Ra2*?H5#%y8m+1P->o!=NCz(ZDCA=*;ASZ0Qf$O;c z1QCXJgGXqL;2u6T8Pm^UKmp5v^1{*Yo}lsG*<+J1H|f5&klX^z?rm8N$$8H5DYQB9 zd}KM3(q*e>+d+6dceBhBH`GV(3JvbJ|MRc}`|Pv*O~K(q@zEFSdc9#-{u*JkmkY)b zSi!!pJHIgg8}TpLveqlF_I`+YDE8fV#ZzlMi+AJbJA$BK*#-g(UcAH|k!s&+zBUKw z`^d*Sw%_oJVT6E}r=-k`i=pb-@A;@`g(`k#hS)*G7yUEyXD(1De3d0E$^|UumsoE& z0^1%Urac2e-emrsnAHytOP6Phy03j@E^FQ!*iy^0;KTuqPp-&)go-Q#j?mnto)(%n2uP8**EGb~9L)jCSpB+YV)^?QY* zA)e&zpO0fZ;kx}W`a7xOu58J%KBZGZS(EVdfLfWRp32ve7VR&6peg;Z*G|yqa=3)| z2wfXK3=-U#bbI>buz%FJnTLy=hA!_isbBbq64Ln|#(!A#q<4`eIh_I%t)4q6rj1(g zFY@NZsj2(YC+hb#N0T+e5mRRc&E?ygpD8c)DmK+G1rL8p8=ML8CGs#O>N|@bAD|Dj zfDd=yW7gGEzEl1<3^qdSwh&QDH#)sm_MJND{Y;m~gG+dz3Tx#0@<|abW7C>MhUbh~nv!nOkU% zZ(Vd`?;X&}MszjbAvc@7zK!I%P8v2gLYiOo^Q~*i+(My(4X7rOoqJq{hrZ+yF7iT;_Q8cue^$>@? z$g*DA=F0WBWwyR~{LLv7B>f zC3W9r@z+&}u!e(6C(na=J$C^pz-BMz%hHeibXcF!PdBC+Ifcv+%O~%c?R|my%pxkm zy}ot|fA=xyrnY&@jYaRLjif4Vy7amTXyQtdl-KxlYTZFLxPF68%Eqe0plQP{1jO@X z`c2>l46J6tD0&6re_}!}CN7S+?(lA>`!#&938+~o*8Pd|($FwjLcSUJ_@>P}G_!8j z$aCCU@w}Dfnr9ObOWUgWRGIk1z#`(7ZrXHDTF4eY3>G!4F#{+-WYqnR4JjRdYfiop z4)j*C5A>p=XgC#0)g#AX+Aneqa4B}%d0AXLIV^zA?bV8`ra&5eFAn{vHbB7EZ0nu0 z{!6{*Y3^;WadXh9c&+J_ua52vw)vC;42Y>{at*ea`q#=b!jZ|w<`eQC~nTKt{3)YZ;`F{xwt=+ z56A+oh!NgZH!a&X*Vw zfHkEw0vyu<9$0m+X`pk}B#OK4BiS^Fn#=%2_xV9kU9q5NwBb~FlP?>-xZQ;tLuMr{ zi=~3@nn;e5;CSj755LEO`u9@d68Z%b^Pl=gj<;rj(%4Av+v!~(o0#v5Noqyg982#) z0_gB7If$~Q9ByN+&5-6#<{-3u2Op<~992BMVHud9Majhq|z zC9LyhDTGN#mdvKt1WhwuL$+Nkh>(ysqT~`R{Mu zrRpDCyMTcDap@Fc90F+A(pl4oa{VHxgB6wPrJ@P3!_RnUuR!K%XNjvTN@?5s#6U;P zum>-yYmEJFZx~vE{PF_~cS#)l=Io6fxk99Y1*Ncj)w$nI{8kRJ9+l~Px?2W8fy|UZ z3$A-i>@S92Ap&2qhuStg>m33%STUrz?%HYg*0>u(Y>IsxP|dNTj6eNd_tLV3Cm?q` z&3#r)d_D$@pJW#R@!VsbOLt$%N2Jyx`ny-xQ6OoRX(qr34nLMwLQnjZPv*qM#X?mv zrUs>e{@m(!a8R5HNK^>i#lQ4=)|ja4W|O}&w|aU);E_aX!^NhvR`>g;`YdUe1j?xN1d0X-5imt3Zqm`Wj$3x^0NoMw?lr+62tBgJ3Ia&@b)UV1nUEJ1 zqPdnL9p?=?y^@sU%FfIEfogSClu6B9{qmv81hnFoK1ey{B%n1}MAHxk?GfifeL&y6 z+z}E!tK>C7e05 zCKjBHPcsA8EvKZj5dxx~PuYH1CbG2O#bQMfvzd40%}=eBI> z{r-?y1AxQ;@4$qpZ@Z-XLDf~1Njp);s((blPw8v1lBc=l-vTZUMAry*Lsec|H?C?p zKl!Z65(UC9YPW+NnF8|cx+Wnsmha_0eQ|Lz=;jPkA`f*#Dzo|A`IC_m=honR1oq%u z!|ZDMd~9m>iuWeP#Foy=F&}U3$#5h00B%@FS>WZC9`YlfYfQeW!i7K3^Q`IdW{jHi zPl5QjRq{KwG3^33d2ThGSA-aYN|<`|`5gTZtk! z2MkD_oII#$w0#1C)ZU8ffM+dV^hu8eojXA`1?}VtQLEqJyjFuC@;3M)r6hsNhzry5O-vaK6GVM9Pd$Fy5zJ$d4&S8 zdALaT4_*w|$f2?$0UH0y26_)LvOff_4c1oyMTMtodP5aYzsChlq6I#rlMNNssu|fg zM4J1>y-K~v<7z!#lBoy$(nSF`}r*z5RT=}{;UmNI=wy0{KMuEe@LB> z$Frh&>7;c~$EluKw(X&fO!g_&sMWnMI&K${_H~t&ekSnLt&yR6J;8#&x9h}NU%d1M z(f&DDp1$lcwsI|DZK7-O!wy}+H{!IaqrYn}k#Z)9z9iPsheF0@?;TtzQNB9c<=YkWQxpEIPP+?GukQ4Wj#-}R^B z0!BwM^?%kfQyzAKF>C&|C2b465B(z3$!}gOsPuK)J%3CdGRA~r+mI-7xu3E+2948e zC@P~v4>}=4@ADEky?h_;AqY3(BRV zD8~V=*AQ`(QWxF2p|j6>>EGocC))j1O(|M|+>A^o)1}WY`8=PWEWJl6OO#{sC$?># z?|z$!i$6R(tlaz)*DZnUftQGX5qy?|czD{_eO3-s=WT;fbmy;8593;Yu+rsXHVZaY zwNPiD-WDsBr!6{ut_g~IO!pmA-{nEk#oJ7r6$Z~4m>gB3SI!c1mKA0=gacVh zI^l^)$u63CZaC3TphIwxUOB=9rJAPz`mf{DjqS=rsY+9%f2_bLv`VKl;NH`uH=ySx zBhsM2p`NCrZr}d<4_zcncS{fkK9MqC$Lha2JSk$h!S= zw9J2#Tr5&qhrH(D=J1(o&%goYq&yqRE+ntX*tBF4*s7vZp==@7(tHIHPm?d|J&W)` zE4F=Nkz2HcTEBDcRHd7xljbe%k!tR*-gw@{wccU7k>=2gxv-vl&o}w}e5)e%c!x2v zV_V2N;fR!$Cgzt-O#cxzewUWO`U8cw91$ayy}gY=*o;G7Nd zL$e@e9$EkRH?yp9xW^S+rJ|FO#7pU}KhOMaciR~7yC|B*7Ku`8wKEn(yJ%xa_l|Is zXKaIZ*}jZxHK1Ccivg*>S}Jk0x?B$V#iUg^55i=}b{k|2sz- zO;i2TnLW7=*;Oq^RLuMmT)O&WPJx2Q0`%X-!3ZB&s&gA1C~tp^+W3-RS0EY`OkeTP zF>lu?o>b<*<`ar}@vI|Ww-dKG1V8sSLznnjf=HL2_p*|>zgc?FrKwQvLS^0;R+AoSH!~THhJb&kn zbFtbJ=Ju-ZKIEt^!7atu)*{y>M?r=#8A!6xE;AwAXQYBLgGRf2;|2it~#D zQ`~VLxy8`*H6_DxI{re=5F;8V`@^BqY>eAMD)RWxUMGqswd0(x+XhJIS3f?lG(Hrb zWxPBL*SGA8O}Cot*@tTrCu6;muIgO$A+nlumMj^w;!`IA<}JcpsLYJWZ6fR33!PG1 zy?!fbOzwIuf7cyez_*S zW3u3FES+kOZ0bUR`(aPuW-Lq+@xPFN4$a~Qbw?!hX*lP_LqxLToey#l%jg+%$p3b7 z9R!81B=N6g`lcb@`$y@Hr+YE(=OggxNVhs;%)%)VMlg%n)v2qO2K$Yzk4!?g2eWNh z3?$bd5&QZw*;w+LM%OvxIP5BrU1PARN^90{55mgVtcOLT9&3w@eMt$~8vYD;H1sL| zE>&tK!g!?QjduLJ=$h=X8dKT#MIRB?rHpi#!1v*L@7#;d!{r+GEM?cGz7x)FtIqXD zJ}af?80#hFWt01H+NpB zi=}8^!ln3wPDjPPSK3amcS~Qa&pvCE>HoS{`QqYZ@xpOCyFpMFG|szVk{a)JCEXa8F{{R%xZL*m|pz` zeQ0inx=slO_1Pbao>g(91O9Z;jhy&`QFu*)-^$Y}M*bX9ErlM~2J9~QN5P&rB@azv zEK2FRw|gOuGtU0b6;`rKSgJT9AmJVXp4naEZvk5x zh@6ZWod8a%R)=3J+eEf}O3aKeucd{ybC-uMfoLSq&GD8t0L$F`pC2G?yfjl`(X#DD zRik#Ls@_VPd>M9%64sTj>nQ5Rb-e!XA9BrfofJ@YxiznPF zN=#+Emke_8#36x}<7W*s&{XLlKeZc5Nb0|3K6 zU#pHcVe)F<0Ppt+gK36-2a&?`6sKm|jx{bna_l&_zh2(BG9J)XGg{~4s~yZS!O z`wL|4^E8X<{qrf2S#nNSFudOhlLt-}|2<^?^^`YS?8NNqaxeUs1^#(sqVK_gc!u9q zoyWfi`hVU{E{LvkGYA-RXFueD&VM}BoSLL3aQUSA7ECGrMjJw$7?|Q#O%J+%3__k6 zNqX?Gpl29g{{P(i-@lRjhIAdua=jem#!-=F;bZ#l(lXXYpODyl#6Kdo3>E+hg7_<_AJ z;-$ahKj!YHb{+$PtMn%nU4m&g_Qi|oU3BVp#2?Spe~h?L!Zieaz{P%F)N@#FLVfhv zKW}E>0DR%!FM%#z3HnI^SNVV3B(Eh8SaBt6T5?QMHj8ya9D6AV}`KPVjTzSflG6L)=rIYF(?{sbC z+U%$T;A8oxwjcg6MXZDZjg~gPu)V_jKX>MPTL}u|piTdueSqoK-)-X6)4tt*&J!+S z9jEsAW%0+4yfwH?sWxxHZ?LR~$cEIK1!ieyd%ngFn7#d9d+G6A*?lmPnyFdJGClf_ zuPOA1(A3AnNs&~A!T15Es)p>#FC6!lZT_*z1mk@pH1%EjHZV2C@;|!=)8*nJOZ6tt zH%zU~vZGz3-jUb^<5OSxhNFP4jaJO?(|n|*!O@gJL^Pzs^z8JI31(v{a`@;^sy#X5u~SO^ev z%g=87$ED#6_GaMBQPVk;C-s}VK!vHl1|zW^PaMSB!YSU~bL z^xs2}r%YfYi}iokpFUXdUv|M};lcIyD?TK6VPpiT8SNm1f-cXm*cGydR zundvNsZ2Sd;ZgtZ#TLSL3xa7-`+Z)tDfNe-knOF9&EJ9gLl9+ne()toLzof!; z2zTkT9fXnzkN|Y3p4WVUzVXO+*KrACz4YtP*L>v$Y|a%>iTQB4-xT^{v;NqfYca`( z`mCjsYo5ISHm@*4V7(vC+P((t(nq=8@$bX%bz6>~Zcf|yf2xVk{qHUR;u)~^{~F=x zdX8%&fYo=Bx-i@%+R{bt04mfUFn1ajkA4$x2AKw39P9uLYl1OM4?ih>ktTTH`ktED zXIaW?YbphzHx3)r5TCy31aJuL0EQ+!eUWC!K$kEBPy)IDNOR;hrxGAmCa?j3+Vdku z&J^)7hX!>pfmp9dDzK?>8D+nrz}3pbm-{P&&$i3EMaJSjq`tVvU)fH}TGTICt0v6W zgV?<%GiE9cLim{LPK|7|o~L`xH2BzMjOiN%Eq6eAFo4qH=Xb&3e6gtp;v*j?e3uT6 zbpE}#L9hSiN0?rJXmQk+3(4n6Kr;__e-zcjTuWO@wF^|K#TjZlf6-6tKk!+8ER(&P z@f^-hzXQ;a@=gIdzZL)`t(`Pfkc%C#P`CN)ZGYQ$4h6AdH|Q+C^j+(ddIK8KZP2rg zh-rI`Z&bNJWRG0^-ke|P!K%$WIlDTZ9$ zm1_tO@s8g8NO*=k9>ycf{ckI{F)WyX){)5xcE1XX|L|?>)z^bHGiKD&>wrQ9k3f3G z8Z&!!=`{v0jp57CngD!{yoNT{I@Q;xwH}N{$!6-B`d}U~1C3bkmn>BPu#B)9D*9mc zj+o7x-G9^GObsiuRg3<4Enhb9`!}toOUrpRM=VPMKx7(-RUi2DQ0uIMLHY!m?g}lfgz>Dc6-SQG!79Dv*q|H}Wt$RF%g3^ze`Z+48)m+ma z{%HMueMqznzlO{E-KbQ)+V*Rny zQx!&9eQ=oXO=igP48UH~le}HVVDQOOtKi=VJi1sFb<%*~Zs-PVk9}Hz0^7)nKMB_ullX zaXUb8x_WW1Tae1xcPLX=JuICRdj-J8AV5L#2jviULH6oI>vUtrZ(Ac;(E$Z4xa_qn zfVEo#-3$!FeCF)AjW+<1>&2LlTc=R~(`lamz)sgEu$?dJ>{{xJ*G6H(99W_x4q8o& zWRtD_0EJ|fsF`yS!_ z1{5mW05yBbJM5KUK$AIjCpq`L&|i-!>GL5VQkYWum`aE8zswpK(F-kL%VN@y^Y!Sn zw}T<$`Ap2#gN&A${$#QyL#^i3UN8yO3^he4JygW%;MvQ zu7f6k>~h3Op=RvXGtGnY&)dixrHl3Ajg^(SPr#;P&~Wvsd5cgX@X_4L1KHwfF~K7R zbu8kcUN0O(45u&8!~7>f6Ib8a5J3TRTxgfzx@;3?f0mCP=&^cr>S(yUf5N2hpoQ57 z^c&-;m7Ap?{u*laC`2Zgt@9~4V-!q}h%p4FSC^CfL6UOW&-|o?+3kAW`RPXHGEvmw z4HTSEr*l8*;H#hys-doPR{*jEdM+i~tz=&;vUV9+y6 z?Q*-=?wl>?G#cf?%55yY{n zXkrdhHR7`cQm9}p*C}Jtb zPMMTitUiU` zqY^4j!g0GRHwf<`v>=o38i~9_W5v+F+)Q2}f$IN&=B72ba7oMu-o8c`(!Q&_I0@o=0{qG~x zs^c2!)|~^_xDj+6csq!Dy>oVfXSeF3?yPxjC+N2Q=fi3 z@D?p)(MNd0BE6G?En^qZq1XLwlp|=^nW=_~`e?(s$3@X{m_W-;K^=1dn4sZUn1=n3 z3L;lJ)o`Pm9z`!NR}mh{4^aX(oHlg!?rlm~{fpV}`feBNLgJ3ZB<$|~^dTFlfi(va zd%}yA$U8|NDX{^orf=+GdiWrVH}8Rsp$>$O2V`>xv`mdlgylqOCat2h*MpDY6G!Pn z35A8j;yl>RM@#HRG>CHsiFu@isz6)g#!LZNb|DyalP*dJZ;$`(^I*2p0M8pEkr3&( zi2j1(c+sMKaC7|y0?kvB6W-+%F-SEnsO5BBU`v!hRWU=sc)s+;kC%wes{ASOjlO6f z&pC2pgua2^0{2s>o$oYoFSt0mxq;Kv1U!j&2=7dAEjr=pifX;2zsT-Ok$#*YliMJT zP5uNWEJfT(KZyz}$hAV41rft?ax2&|t@-x4k93bRIt^u?kUz3Ax~1Dr?0^#uRbS!j zk@37rh7INblu?chI6q)+(E+Vg8xgViLUCSJprRpi=~7kF?u+k& z#!cL}DBq;*!p*N4m>6hWqwfA5e8*3C28-(kRl);w56^@k=R|T}KO*Js#DtK8IHxOH z*kOsB<5o=(=#L)WfVo2iZ^{a3z9gxdJM0hOkWc}}2Wvn^imCo&yKoW$O&^io2fh2* z%$a9x4e<48XlTIAHl%7F?g(&cHEhD?+&4QqCE$j>-Xhe$y-WN^`sKW}EwTQsX7w*j z`mDQQ&Fsx4HV8Oe4pa>RgvjkOfDnUenp-6LF8Drn`(GBh^QY%ygd^e?7Q|BrwA=bG{gy^yG=qf z*Mpus2Ln>!q>4dYEXU1fcgR03U-t6^ru=?5ZfJ$UCMNG{s6Y-ZvluB2Fhe*vET}4d zL>bsc^x(a?2gp1?_w3$5Va55HbI|%TjhA5H<1H+9!jw0i@Y0Dv16;@BXWuZZoj;8= zoKz~Y1Q`)N?~aSXdA03y_@;f||cw^$-cL|wB6-`2^WW+qIp&qYzF}y0gtjUdXMG)!2 zQZNM$zG03;m00n(KHd5bF%CoBEeqJk^@OIz{QTbnTxVZ^%)oTA)~lVT%}G zL6mN``_5yl-of0Zl(Fd>kQ0oDP<9ku!^u<=#7PD@A^mwP$R8Vb8XZrnh!nu;AIj4b%3GQtvqu9FXzB z3C)jj))@8UcZ?rA=WONpjwB_aTnUuBYcznGvz1NGsM#&~(`A`Ks63S`Iz761i!vTS ziT;Dg4~1)ln9&bU$Df`f{9lxxZEHPg8N504IkbE73AJsY&IP3fM(`%OQF7IwR?!N#*|AgM& z&SDQ1bNz{p6QJiPBBlaGrjyNz)=6m$i#7@-|>>E)oP-P~4yhLO4>8_KF54!^ljyA3tQ5=}`(! zkR?4pC_w>`O^6h`)y-^wm>!8ST&SqarU6WYHlpRIRRIRC_s9Fii~!&89r4|G;N&f@ zHyR_H|ALfWk$Pm6qtM`nGQ#1(k00^waBhBkPO*ExSxAd}YS&9F%!3@v?j1zj27Cmi zN!^v{@j0(oBoN^gH|sT!6+Oo9RUNQPBUWPn5VMRJ|{{k_Ym#ZpX_G%YetvNQNa=oacb zV50e3+|Y%tnD7~{UA{*)_(il~$>Oe!{!UV*XvoI%C%?et-o@`ATWXJE%y%TPFd8XP z?rl<#+}#X>Mg5-^l#1p87h`|rP!;teZ8$z7WPraO(P;(78KhUE37%{=(Y;ypr%kvDZ|L6yn$hD_XfXTBTo@Vn+=cCU zH`JG_Ah@8LzSHB&yG;&Ss%MW-LF8{<_V*E>p`L#D@Vac5uP9$G8?<4N2M|7lduC%6)#j9_{xp#Q0OJ{VUX0InGzc?T!tieJv39L{oI$CR+Z` z$s`3D>3w_#JgjV5L&y{TCy8K|0iyrIaZ+zJ34T=ZT~hmn7(*X`wPi%3wQF_-q}}ov zN5t8}o1urJib<;U5Z9Y!54yaPizl-Ne1CbRH+IOE>!6;>(`XeN>sIGnTdx{hNjzCJB_6Me9!{$!rn7a$JhZ8)J>V*_4n(6%5A zzvNKYCZ6kt+y~#h20jG1FU7>fX0qJfLe{@IcuoNVRCX*2`G?Gpq~*3T$AlQC;YO|a zD?m^CF*GZ((Q4J%Fj2)AW4~bV^B0X%hw$Cg1nA}TK;oHQG_Rw@y;NT)0A!dy`+h;> zQq?^>W z%glW4FYk%&hxb&8dP~@iu@T+HKwHWTbI|&emfiNJM^cE7$zHg^^D^x8^3p;#xfj!; zv?YVoqp^ZCD;Vxd@SxMo_0C=oQrZ@xCT!Ky41+8=`*~JxgryA*38f6cDbryd6*){n zHrqltnC$}GsQ&w00G72HHO@@;;c%{*nFWAmc$mA5LCgsehN&7CF=gK+-?aDesWZ#v zudI!-gc}C{tQ2#bs>qKQt@yJuJQ4stm$6XOrnt1<3}!9Yl&dZIt%HP#8Jj?+N++g%^*67xUHP7AH zA9f(Ni_x&iB=A+PV40Bji2YDix>;A_Y$tCSD`j3F=*b@jCS-xy+J>tw0FcS8$SlrB z>Bus{aW=`N;_&_|vRZg6PSaXGyYD@f}#qJM4=|GwtvFy3P|s?XInyoA1oe6T?! zJphS=NjgC}D-EtjtHQ#Rt*KNBj=u2eLmby;n3~u<-gEXE`5|R<+b+e+GW6`&@})h<`TZ95G028mOzDV9I;F1rY6^1a(1N&S7XO}`;inC4eL zPokZlB=uvJU!*X)WX=66shslj`QQjp30I|OIdun(0RWZWl1LMUfqL@Av1>B z+t$U=CSx70OJ8G1T38YRL|~mvD6R^P6{PiiO;S}z8Wv7(Amz-5ldv@84~5`4a5+e~?H@OCT;#@=5&>EXmcA!!S^Xy(kEr?`t6V-qp^&22FfW_@ zIAr}9t}6v_K)G1TKKZXb1+0n>06F;%Ee8{Sie0;Sd13XW51wuCu~a3#Bn3a#=uVQ5 z9NKr(s-T+=*2?WRzRh1N*)8`yXmh&-Btd5l^ScVVAQJ!z0Vu}^0fW-X*le&jD^P*I zC^U5y2ttNTY$QZzC6>cF`xi8OZ8z{cjFVt(&jkNbcl<(6G51N{{MesJ>_=VfPg{|q zxS?h}tb}`YV;2~?e2B+ZHY9@dw+yT25y-rOlCz`Fq)OoVmh3%;hlekWCcv_Nt!G=k z;r_!&)H1>kD-8cB8MqXniq~eZ)xa0*jEco_vc?L`1IT_Kx`L+D*mMTr<(t9=^IPd-;>{M#_`GjyEE6&72wJ5rC`V6A6E22)W6HS0M2*r z3>bf)|G)p6unVC$(OJNJ@>kNjp{9I-^MBv$h8ij0V%#$s{PgFhsv!dYk&5yEe^(6< z6umrx|K>JnpQV;$^Hve1c!mJ9Age*FZ~OGG_Xmf}0xp+8M@*c5GcbNzHfmOD zk^e6Ir#kzw*&lVmpm3qVSdWsfFA84XAJ_hICkUK=@*}sy-x{J(CpOX+^Vg-oQ=?k| zX7$PzQd*ILD5eE>x$Liv{qNHXKDZs=3US3#|IA_kcoq)?m0y*I^Sd(tdMzfv2m<{Sqyo{}oqZ>-G@oe`*pnbobHz?a`l%s^8fSzup{t67u>k4(uEp z=}tF_shCu_FMLTl9+iW%AaNB^Co}WAS8|{8?>a#&J7s7y#C~&Se=5J<@TuMmijpX& zKko70vZ(w3bIf`auJo1vT8LktR`9_&gfL!SK0zyxMl1J}pE&+_{jUSLi@<$J!4gXx z&P2O8{TCB0>Eq37?C(6Dx&%K$au*kO$f;xCi=bb~w zrac1Ch<6%VL>`4GY40@Met~;Gl#{S>5-(h*_!#L~|4TPN!ZxD8d`qANm|(!Rth;X( zl?3K-YA`c*{%rvWMG%6JZvLX>QR3Jt{k6tIo}&m8{^j3AWc2u>-2Vy~P-MxJz2cI8F^;|1~~gF;+g9&PvbxN@qG8+JKd%nN`ndibq~T6_}fH#u#2Dt#QyDSTw{DG zL~Wf_6MaG5d`1M1wExs1Nf|=ao_1gAm^cXu(_a%peUm*`1hkw(f7tXb;|OZ zk-v+L6$aH(gtq?Y2bP2$C&p4?=3B{mc^qAdQy_k&dvoxc1NY;8g#8FX&B^zapIxxz z-obijjfpfYcv%0rl}QLlWJVtqN!Q)KO|vkZ8Qee4ReDWfe{}Lzb&)f|!>-{GTYn8u zHmaFByNG|Sio7o6wO!?!`E*rn(>s^j_ec?oN-Da4TlfETm(czd2tDT85z6w5o!()t zx%YVt`C-hLzk~}p|D#w4f6+omtcP-V8`fXT2hr%(g`q-nS8m!|(*IJJ@g-GJ8(nVnp@zm03B}k$Q&SBiV`J1kkBFduNJzu& zUM2VuLe^-va%s1YUHH)p;2*M|fVY%=Us*e6{H%>U^n>5uPtj{|;qQDl?OIZR%R;p4 zQv}73X`YK1@yAYH$Pi)JzZ{w}QEMY7Jx!jvI>pcLNCr5y%j+o1`3PWgKUo6@ULP2KbE{^W@UfyCo$h zui*I?O(1e3Nqg3_|5#g5xF>N2?_t1hvU>2ZXF-E=iz7VPYsRU$40_odzx(axZ!P;- z{HVCF-%Z^U96$ePuv`n*aQ~v2`s537UnlUyS1EXW->>L;jwB#J29?duL$CIOhx=R%sR?q*96ZW5=e#FKBeiXLd zorwdQsnb^#4_`AySXw>2FvQ6ZXEOdWihzgBJ*mih+5bsdo0k4&%N{Alb>0tuKWvf^ zh=)?~WraG{Jg!lfNusF<4OT+Ru8{ugst_Y)d$QhhK?0e@mQixfBX(}UL- zx**{sr>jH$$2+f!aHG2@FVC$C=9yh2_oAgr&XHa(`%5H&jHVFNXqO@=)qqzi0x6dYm zn9*lGOlSP%g$wN?sT)Yo1I=7UOUY5{$T{KG_BA3fV$8OLma?>b(aC)MyivQlw#7+m z|4aPOMBT3w4;HRvPmu01on-G>=BRur3XSN~+vwomlgS68(2c8dd@wVoPKQ_@jNAEd z1a|)8>HfB3=vtm!lhG6lpA!=yLN_lxV5CB!bkdITXeM($x1NokZvWcjO;$E}$E>D7 zU6`Qf?!VUmYRy?|4FKYII<_JQhg12t?jURH>xi$danI~A+cjMVh~ zuhTJY+SHI(+A7%wVxgni-=b_0Wi3uTl&f%9SZfcUNy8Y?VPj8^WEXzf8}yfPzI=t} zs&cD_HpE$$5Z`jQpY%MPw>!*wFu^H;#4U}aBN8{1r)-gO@)o;9iFyo z-Cws^6sNejIr*qCvd z@(S^FpV-kQWP?0)I(JiIYe_mZ-_lGgk;;oz<4UGc!(>E3EFvX@GLf|fX$=!pm(-|f zV;7R{x^WX`!7>^Y&uw{;9Zx4u$LjYs@_8*uT7${)M4Mylt%TK%cqRAEB~ZoJdS>;w zTC}dVHaF~%YCG<0rtNAKVj7V7g!PWifBa&(eEhttCz|3`gN-hCA?d3Jw&nwSg6UIS zV=um}dxgQjr_6xj#V??hcPeLgs`OgoE#@1tGlzE`&1%c}+*?I&ksod`wOKZcf>DFV zu1=e8Xq)oG%TcB7mWnt(M`oA2QLFW4=!qeck2*JthZ6n%IZz*jJcWzDpb~bI=^`_W?2`4GBo-6LWAiv=i zejuu0su9TC6|&`hIK8~6ef93vVFpQF{Q6R7gx5URCm!i+Qm6HmN`{LUBlMfs&1#t( zpX}d=EP6r00KeU7IVpPUk;?Lt(vc~G__^dIYxfGlgXc`$HlZ_jJDJFC=N3t-Ik(K~ z*F1CjR;wpNcY0^Sobwiyeg9_D9_g8ni>%HOKTI?KJfXA57g>s%V^8C#j%bH%K}@2M z6uxs_i=zv=m7-9G2)9i0MSWfZ$(QppVEE&1$6*HcUPqng=&oi-9#h21$dl@p-9 zLOv=+BZTeSfkZQTyR5e#|GXu-vBvo>YZ>+|+TFbLxwHc}W69gH#p3Rxi)G(1{R3A#vkeb;4$Jc<`6Oi2FCD?g+Nh)|dpE+9r(~nTRFAHuB^zLv|yJsyDd-rIxtGL&`QVXD%9TD>B1oL(E!qtC%!a zBE)!dtM;IAkCY?n^gBuD&nqO+2vO2ua<>ku94GdR44pdwE&jA6NkvlRb&!`4%i!dP zEMe;8m4Gd+zZ4ju6~bDc`eOO0~ciQ3bC(=WCqm;FNA zt&12dr z_Y$4bbMKR|b&&B@T%F8T7Vmvq97Q(ARULvEDr|0K?%oqx#*2V!4lW?Q(X_1G>FI`{P7D$h^S>sv!R9xKpcj6c~{jTuVMb;+)E$6E)dW6vg+Lss?B3USpWn z-$4<8nlpr6i>C9=mI#^}W|5n&bY%ew6<>JAM-{iJzoNSvgsTWzDCG1m3JbxvEBmA> zQPTFhQu~k7MOo%ESkgZVzhtcE`tsygEz?i`jj#lPjMzTnL%^sD=j+&U2^<{ih>RS+ zmboq7KHz=Rvef+}^0_0Ao#n@kCy)&*(Lfb%Au21w*O^~bnd+iA`U7U*r|+HKwtr`P z%&|(Yb&ZW-4(Y~%IYj7kQ|2|0ta!wmugq!JUNF#?aw;c~Ft;x$7Isj+o91Qkww%Xx z{g;9FyyodGw}{VflTTO*`l9h0<{UkjyW4m8-v+ZFy+2_rH^grdB{zF`65dAFVlQPG zF_~j_Rq?Q@>_Kq79cd@UQZPAi#624rLPPS=%6g%OXpF9Z)W!-wNHR_iGE+au^KQ+C ziI(Gp+B7Arv+c3{eoU9J5Q4Nq^UGQj&Q+DRfIqt=ne+t>XLi9r!eplZ%&@_BJ9s8% zx3$rBeQwQLY?tikFMIMJ;nyZa6NL3_ZJYi;F?97jy<_X!tVgE;>pRj>XM~rZEK9i6 z$qOGIh%Og~NXVKRf6_^!tCKjKzT0qmt1hypl}ExZI#Of*9l zl!GWYnG}C%RKT<>{Pw|)h*C!=yW$SNS+d6S$jqh9=ACm)(z*-CURm4k8E5)_e=+;W zN{|X~yO^ZXZ{SUmo~NeR(?*M7+?{(lLj;Gp#XD7e@jujMp*+OOKka}w{`kRr^uxy| zZl)I?xO|Avd;_~|ct|B)n@U0A(CqU4-_;7sCK9AhTUixBaZA6St)~`SU0uDAI46&k zsapSe^l8@)8u$87caeE*adyI{?Zxyk?*?;$rQ3)34BV#2v3XHC$ZZS?OZv`m2X2J{ zg_N2b`7tK=`goyXOA@C_P5TaNq}Nf$<;RP0j;L5@7z0?NIZZCXsxySInb^-v%+1mA zfVuY3UAvW<6L81t^rXIiL{76_@d23;OmbfXcDi6G-~Q~*8FK0QTp9{+LoazY$YbVK zM|FI#FFRT>izMhoLpUuWUESJ~C`$N3yzn^$)_f&qnw2)Y<4RV)#p-7H{m)?duw|U8 z6mXRftiI}?w83unK&7h3j-uyd!sMS|A~zk9j?FtHVZVea8$i8ENq5_Jm&@Ky zb>dqk2j#`B&xEIcEF0^OWqaJi`kIccV9wCW;v4d!q)XxM$Tpu-XR-ZBe_g4?NU=R{ z=iB*fo^|vn`{UXrf>MdIHBesCU|gu7v+V$_PmW$n>aLJn1BuyF^`mQZ?0Hx{%s^P-VAs)h(eLT z(_`*2ZUtSljpuNuTcA3*eo;H3&T~H&>SkL{#iG`6c}zbS{fYsNS28Jke|}-fNVT{S z{lrP|Ne1@P;ZhHqg?LZ-6eP89>&VnWeOZ$F@DEh81EJ^CaJu<)+n4|3RRFaVQ;~=o zs0(a5*G?pGbLk5#dF3emRUlBqx^gcaBVcidj9~T9T?|X-&-l5Pu2&V-d@GXhI@Dj) zJ4z=8*I~@Lx==9)qCa`2|6=Q_Q|%J7>QuDAHben``wv4~Mco?(OEG;uNe*!Ft#7d6 z^;PaavZkI1I7>MY1?shH0b}aLC~2bfWm`1~ZU8!XnN2jvMr{Wn(QnKw9J)vD{P8F^mR@+eDadKs&u5 zc$$eSerVya>pnO-O3dWvDC0gGGc-UQNE#ei#Q}GP(r-^ ztiB$3-KG}aX+TLy>5jcyNfH4~&w2G1Pq*CP_5ZcqLZSL>+I9Y0=sAjVU9lRu%w^WK zOZo)_&q#ilmO7*IwX{|5|Nb+>m4`sgjmW9rNPgQ?gRIa&a#b=pdg z8i0b<0djw4-T{;0=zYpZVy4o$u<4V4d|8HL&;2^;+mvsd1`}Qmo>hFa7*04JsaGX~ z6CHlKQa6_Bgxm{g7w#6U)$Y>D9j%Xzx5ad zRhFVbnjdV`b$(BG3B@D4c%nf0b*YawLCUlWzyisYm6gvC!WPf%*OkTo>|BBWAgKWA zPoV9lrGAV!Rcty0gtJ87ix(R3q~#B1Y6;czOq=&Dijn&P`z&yGez7Q$ay&%r|0*={XvG_D7-7f)-8CF{4sSri?Ck48oIrggEy8C z>GoeWU%An94xNY%{z>_{xDR91_eCoC*CIh7eJ7Fq_<+393N_@fwf%Fk25dn}kmm-StxQN@c;(pXcY-p399{&;ufGld-KuTAkmT|k9zy}erFmb{l2YsN=dx1n+1vXxMS_V35a}>&NX&*=9O%y z2vKSR^pUeBIaE>z4kv5cPM8~4!Fd~TlYbl;d0(MaJa0gvY8HJa=8cHuWC?0V`3G>A z>JIuhb9By`PEHJ`uu{cB@(r@lMBDMaRTsK2nqqyU0N01+a{JEt6$^nsWdtIX)Cai< zwLZn*@&bSF^@TS|bW)Y9q@~hV|Xm;>5H1(#SH*L4efCS4-J!+2cPW?N?E_!9-R9M^_M zK@!qiFZspDwRyIWuuwPpkj92qLDhSliS{ z5P?64OCT%sp-!zJXZCj`4+>X;h65l+M^Ew~3dRf|t+Przyk`sBQ2Jh3{ohIVY(*l@ zCV?5y)kcrf+nkT*Dq2@28;JJ=A`2LPnIp_N0(_Z0_hz;G(AhD6s z=ZUg9rI%cP1iQk@z5JnYSRJ?jczpTY;?!w37f+z-;Y^C)XK72BF-wz22>mZv`OkH9 z71q9j3QOYr+V$4L$tqJ{`{4w6^9Y}*>YaR-##O@vjBv+M0Y;#)FyuCnU}(Fg_LdQe zN9B{OzdX^SRG~bu^T(fy>j<8A9cU18S){|u!!l%&Fx6I1?^vp?U!mK7y}Mf6<87#~ zWw0_B-&EA*${sR2UG$j02sFnHB_3sc18c#wn}BRJhZi@QJC2h%e6i>(Y~1d&Hzh~3 zPpQktDlI8VJ33L6VtRXm@;(*%Gp<4x^;CzYv{;|6wrXrh<%T!wCV z?5ZSKX=tHAr-C$86Gs2Z21rH54+TJufiM+(7p5be&;^hZV_J2?5(l-kV7|#R-gJX6 zIYv+Y<`gJUH-LMn#CxMJOw^n;ms5xcwA|dc=8Y$U@2?{24RM7q=P&9zpRL4=G%W-JXX^N>b}mCiW82_l2tQ0 zKrLO5#im=Lv@xO0NDaaQo0Gi*^O>C(jz~X`oTnSJd`^Os^(x+e+hSa7n6Hst8w?HE zLg>M1!KhGeSnLy)Kq7wnKyrSbI9Ois0H3(Xds34jTwWO=_2#1){(b(?6_x#QE{2+u z?Hs+gTeFSL_QTS!ZnhxP)@Q+&hmQ^gzW0etl{=yf}%iQb0iJFbKjxXl7b zZ@dC1(nV5TKSO)5>X>sm^kADYxb?&f&8HQuE0&mT6t*J1Tc)+2I_ZMhZm(HK7_82{BlNKP|N3N&%uhj_x(qDc*>X8X^RuxILDoK%%`V{CcX{y z@DW7nSbQy9cr~P0YnqOyy0mV_8=wE>@pg0w`LL-y?+j{YqO*fD|Kx`zPV3mo$8NP* zay4hASucOFwO+~RX_ws3$9;AT$tRe%cFv`~oDI*s_k#h{vfcHE@wScQ=cfe~v~5zYw{|$#aMw{c;&(RKpK$O$ z$FCDowSPMGTaF>=VUqeIPlXC?UBTHG$55S>0i-mBf+LrzB2e7Tm`E&dU%KAXBgX@a zU4D+}gbKyN5gT58C-VpL~*Ve9*8Tru*hFL@#7v%3s~;HQ!hO-wswOF2+r?ryfW06)6l}0I$ogD zvmWv7K0LH+By&9F%_Ht~pX+OD;;K8Hy@AGkh?a=nS!W!R|9GtDm+Hk22dWoXOP(oI z;7pHa@Fw;etPvTWvXqpSF|l*6kqFv+@zhHtuXA=Tnmjm^bLR`xaZdM+oWQlz+}S5- z++eE7<;&^Y^0}qMJ6}9M0uxwX9sM?wzcEx@_shXTr}6B7Twg;aXtPf-Q|^JKfUfYh z2_DM1n`Tw*$a(`o!&o8wXHP5ks$%;gR+%1hFJ?BGKoMreTV^Lbt|Z!o0jo6z9l>hX z@ zK{=Iq(;%ItMphpoZk$!4#Io#{c-TwjoRm<4Pu!%7jsZ4^FCjhWJNK#~jNQz%ltZ@p zUzKJH-CAt5iKFiFJ4k2Rhj&NDk~pbwN~bd2a|C(JXx7vmMLW*=jyF)Ef&}Z=lcg(` zEdl7f7WMW{=Vvae`HGNmNob3JnmiykEr>8}WEbw#(F zdX{P9^#LzZhZANr_LgHnMdNwtJ|P!Y{EGwq6hcpk59>sN;V<45cz z5GrqMpVn@;rJ9_Epvkf6Yq9PpN%d4H>1$bQuKH)%BxxTe3x@=@OS|}VXgdIL-hmNz z3lceLMjXwUJDxC{>=M-9Ettd{Gbe%vc@~wY`P)I$70w^6#oW{QWZe{dxUCFl=XSOM zkJNB>VSY=k=RP-U)`x_)-4>sxptxXv`4&v3lkxKaCaQSpii$J$c!gel?G({c>0U7J zIT^W2%HXkl={(zccUf}r5#7LCGFX8{zRAM^m&O3*y0}TmLghIUaVe`=%{1h)B{D=e zq2%=Ova{ogFf3QB)EX2ws$E{0)a+SVMJDX>rHVS;O_`A^eWnsPBlXMFAYb9hA#gs; z<$SsY35F}%_lu-wmFG3sbvCVzO*LO;nVWoA`;3ByCP~N8Cn?BZthVox+xxT039<(I z*~iVu_nZ*bk2Bu6kMY0hC>{KS08jLbxfBv)k$ zYUUQi$Qv^Dsb-t~7ndLLLDC29k_w=WWB=2}fbpwcgkmc9<2k#A35NFmyV2(?x9ZvkD**Pfw6KgE*IWvZ|xC-Kr(9#a|PJoIsYquk_*gQ@&6pDj{-IKQ!aRJQ7 zrWN~VDE(LPtJLRHIwoD}YF$+wm}Y87N$%KCnJ=feWdty*g?`&j_L?Ml{9@;Tyv`O;%&lTPJ3?OXYacESN8 zFZKnaTMc#0Nj{fN+6?TD{^Zerl*iA?z4J7{m1||gZ4pXF9PpOdpA3&AHs~6!S-m+S z8Lo1E&GrflZ9_=9H1`&XJjq{0FUp3O$t;eU4HhK|RJ!)P z9MO#XVpuTIU+Gl3LIn)CSU`M&o<*{@+7E9vfu&Pqn+#uyrwrN;Ml z&tEj2YuPzhEH8{1Je)ik)D7N_#BDi9D9jx*NEKW^sFlv$$fJNJ9@hg?U{E&R%Suam z3cN1|b+@X~kU`t*sR@@U#OxELwlN3j=SJSiv$Ac@qu>1NZ>V;Up!siu$~?s5~k z%8@B6rTef!wnoV(3f%uh>NB-jm>(c{R5)$GqJ-{us#X*LN z_&myEPT2ZP5rO+WnD=N?jf;-MPQOlv57uRa)1OUCmWX4QWvS^rB-p6M+73#gR!G@{ zd8|h3^bY4E?^+_mKFn~?Lf&v(qQCZbD>3db(Cs5xumz*`a3^yQvI-0&Zfe0;Yj zC&!d#{`y$rTyv5Ms?dd^r5kxL{KVzq`<~(Vs(4W<=G+zW*ah|1sdW#Yn_U&FU4X|Y z=M`rQ$`rB3_2=nF%S_?4=}?)#kte5i+p=SsPC}|M(gg+ckHJTLO)mQr)GYNg@;L&7 zBqPN@#lD6)>SG(U1=8s_#^PIMJ%~Tdcb_0p*VnQ<{h~31g5~5$h&#*bOgZVn5QHTb zNJu`cZ5wn$Os!I~UnimU7wqGCgmj^Z858PVP8n~EwZnk_tG}FfO13sn2#=T!kH`z$ zamT)D5sclv*ZVxQ%nN<+`k6B{ex77DNW<9MiOg(YNTY?%&R*t&nkApj(Szw8_fw5S z$W$6x8RkYXSJJ1E?JAdezgS(@>A8YTm6=hTH5?*`z#aE<7v4$D!pEma$-WfO-O+DT zXKpWip*mfHI%2b}c$&OqBn7rgBaM!g&!(F1P>tY51=ydw*c;{0JZP&=gUycKhjolk zZU%8JT#2+Enb^NgA&|-SzI+`_Gb#&xzVx%~S@#l}@^AqDh<%FmFX6AvT#bu~P6e!bI()&AQqo z73z@oT{*UX4R#yNXD1ai zZFJU4Fs?~)N1iFSvAa#Cwu{K?m_pQL9iFgn`Z%541Z5R0kImxR*r}t`=|kBENlBR9 zmKh9H;zz2sZVvWY^BR}5dD9^iN3R`r(=BsPq%QDw#FJNx&IdczA8OHE&bEnREGW%` zfuU=+H#y%wW+Xpl6xJ*59Y*!^ zj<5uc&Kp0|K)3VLC%LoS$Lqx#0&UzQ+>34r+7mCjCqX+%x5?v*{U?TbJ?dc!a5E!c+<9b3P4zoBh=@^sdM7Q4@3rZQxQ zA2sySe}CqX5G;fn64>4otc{lr1d_5cmXHMFA-$=+x98m};1^b9zhS^+K1R=Ig?@aE zfPU`DBMCX}{o@Aah@8hvi%%)L@0vcqxHBN&AoR6Q?R-`s^!_CsH{oWs1JCLvBymXM z9zN%#;cq(Kaq;tz8()Kc(OrgZ*McN7vz$!EZmn}Ln;|QIec-Z}?MuBkbX;9xZ#&R+ z{m2f=FXZT5cJPu+C$4(ru%6q~UJl)zu4EW9{##8&+R&r0z>jrePc1}SS*x|&mRmBG z4>2(AmGSfK5=|AY?rie-o$d|vn0B%CgxDvV6s|LCEYK{zqmDDRY_}stB|Mt2uO>R0 z+tGLbLPpQasgJez;dnq7R-;)>R_34G2s~iH2(2qZ%HApqXpCRR+_V^9EUE5^Qb-#yb0ua98R=*ikD?>%S$CFZSM_rBm}?dD4U z4L5PKa1+^&*In;82=|vzsGiVNn+)9_xQ>E{tAjG!wT{e-p`u*0P&P8S?#6FfFM%Xh z#pHM_-Ai%&O`}1r!Z+8IX5BQ4wLA?X6CjBBK*87$e>+A~Wj{-=hmgDY9+6ZCu+f=`m-BRhcNm zck;w-#0v|jM|#bAAI5sOTK{oc4^cN1`lZ5Q8x0LrC+vrG0Wm|O`DRG)%=f&jhpC^A z)So}i0BNf}si5|3@PK{ITVim;Kgf?>tdO^qN{>2BJ4wX~M@`w@ zHO%3j?OLYBK~-;CPxo;PY zWw)<8Hj(=94XQ582(<41wxK3SHLEGBo49ne^%W1b*i3ZHaG8YE*Pj}>t*4Kynsz)q zmCkIGE55z>+V3jLnl~eQR=6C~v!h)K#>IxOy<6`(yMoDhpHZPtqv5B8a0e&9VXmXc zbKHC+NYD6yEChXO^k{FL{z-{g{ZZs<)kHg?hhnxvF`HG0tBt&owfTOLPW{f=4YpZm z<%b;Yc=ePl_wyz>nqpE1hnk~%UZ*S4jRK4ZISGpG(s3sepQv74IjZkYAsG?loyxw6 zbVYF8J%vsC4B;@1M|pj`QaCs?34!M6hA9+@&+V+GOP*WpzH;c{##kj9dIH*LkZgtn zlEC}q*Dc)W!3H6BO|*&j%ar92&S`zd3HAa%R#)PBsIDFuJj(|MlGTpv{;GW5%Ceyt zZx3VB;Cttc%Es)lX3-x{@i4XHJ?}|x&?ZWHO!mF})NN??z`z5N|@ozmo z|58GC!^|fT1)JePmhz|TRF6#5C{orweTkR9te6XRzbfBrr?qlRsF74Y`|3!vvk|{` z_w}0b+1x{~T(LEKzIzcI{PmtOGs;DW)`#?!dme85pL=BOl{E$}3!K-O8z&HGa#M>I zT8{RGX_bi0@Lit>=zkH)?tgtOjDXk$P0-eoamy6^U}5?(JbwoTlZYH=qojIHFpP9M zsC<&Z@R9{iN-jm*@sNv1Yhh;`x)IcEjPfSqu0nDTitNx=V;#33t&9LAD!i{BCv9-} zD23ImX{*0X)LL{tJw|eNL%}3v(I`JPCx^@#6Ors8tzZ6{9L4=4m9~cW>#9wdke%H< z(NsxBGgge-u6DXQ*@O&3-k98Aw(gV?J=*Dla$QFU=R=1w@w<;N646?|CTkX9 zsia_w`_O9|W!ZpcHqo;IsZ*gZvK+?Vw|MLIAPt2R4;PSqK=Ha7dXkVD?}YGmX_GYb z{!rOM7q8JiCb5<39gVp08}2_X0QiuG?wPyVTo>&P|VUwX@l0kVgPS_~hr*~`567y|vWRQw%t@sNZXb{pw4vJ4!9m_AF?ld@J zINL0~k*s*J%I?|7`&KYpCsjT_;%QszxW5|xn=ZY#IFLuC{qv$FTzGDG%AviIIZR)n(2%-(zZ zUC#NObJ98A@AseIux6jxqUDqp>l<3m!W-j_id zsCQXoXds?nle)*7dTZG8HahWf2>Tm5_BMJXo5QaEKqi-U) zJ}jSF?!F&T%wCE^j+mt1zkB-atHHbIE_%hf@)qY}<2;i&9;dD@J>;ac6B%1Z3hl{C z^IW&^$rpEVY5n9ky09l62uW&*L2M#|IMqitVDyZ>2FtrMzEK~K8EDFv14PFKc_JT=~iD2hPdCLGcy zl_uiM-966N=PwlyCty+p`otK-o3W^|n(M%-;`Mv|gix-~|NTMu5Ut-OC2bH!?_CMP z_#pZYE#pwbz*kxP=;_ieq{3p z#`Mh0t@huwT7*spF^J>5S+%vh-o2swiMOadkQ-b+TVhI7hPE&@D@#q(fq6G*Y%Tf7 zKAN~Wz^@y&WY4c#;t)SRmGU{+iq{swjN6%eDZomQg(gD*t4~w$Czmzo3FdWQQDC)yEC*M{aW)0-hkdU zbYjF`e^3HoJ8lv1BGVEU}=su!S)IISzU3r7;({Iqc^ z$0D;Sg>S*#OL~S&uBozI=QTi{+XTiFTc7C9?-UX7hX zx|QmYv`kH9iAd?Y#9-*vn3Xi^jGC`YCBubglyo<%q*^ws2uz;Aauf=%@deBAyN>A& zhbLafIy2wE49Yme^SeE|`$B;qd)k)k=xP>w`>Mf6o0$V2(J3p#XJ3_u!COeB0*cjv zT6u;fH0d2x5fhc#<+i&y8bJbh-bOAX7C(*u87{(Y9;T;HZdK`b$^loU^HYNemGE}U zuV5d3r9b*wFG=b6{!sz>>COED_hP4`T|e4OyNmK!1D?-jEidido8*OVNYb~_5l6k> zanVWNf7GW&mX+8Vq_0wi-RI&XXqW%G@UUokP(bkU2T4vJ!HC-=n{>Ay~`iXwuxF#dM;QmviqZ|%B!++ zZ>e#pcC|gx8ApGoUrI7OZpnDpy<4XXkNGsurqEjy`Lio9$k`dfa9gZ{O`sVSku0}2NJRTq=PZ-KVXCd?dF1n9c+ zyIlhvHS>aIlK(gYCSu?S-g-R$;A}n9z(uk9KC@?gK|8uYm%te((CId7Y)ige{}0|kSn=Fumu%uT|3Wi@NQHor)(Uqf^+9r=aI5CT6uJ0lPJZ! z<9jO9eFC+KXgE$qg>Mw7xs?J`UG+wc<=;^0J8KllnTQN}8|rE&BBF=ZDZWxiuT;OA z;)!{lYBA#BoJdw~&8aFfn(!szuTim=WW9(a(f&{a+%~87$Y1=p`|TDK zm5=}3M-O}C1?^bnz|X<6j=ZHW%GVx9k~3hWE3D3h+)A6PC@by!*ut4lNKZ;tHqzKE z@i?ZUHyP8wMH%}_WF_X20>6mo;R)nxJ((J7Pm4Uryr(9GEL@bvPPvYFOxT;6cxN-iW%68AqQvh{Rgrx3UcOsZ zha2*}3=FpT=)tBWfx|4LU!DqjSdf0Aab3_1Q_NwTUJ&)+-jY zU}sau>p#|8tk&$`I|e7sy_WvR6J$sMPtZ;v6uOB!#ok*xh;li+jXg8VK$uh6jt+lv2mMm~T zDVQ}#bs@;>-sLLS?hIY*S67}AWd*%MMejtOl=tF%aS;7%^1Z(8$Jpe{U9*u%#SgDB zzikD@zKOI_-5`y71}pw%GG;Jv|J$o1&8zL%2H3@RI3X`5Wn<4c%Y*ysvN@Q=Gxq{b z`Xg8(@o+*E;?v(>lM*Q+UtYyU_3)S=L>4X9bgq(UY{I|Ko3%c0#g*9Q=tU^59DO}K zd4AxZ_(fibKO#JCg*KMEgYLPjvdHM)mFtWiM9Ujui!|hX(fd|LSRXr!-pa~T+)LKu z&`Mn8ZYL3gzMdWm8698q$fJF@)Rg+VOrhOb>C=Gf9HoqGk}KhlYnS_6@2(i&g%nzx z4JJYs%VH9qj6AqEZ2^$7Wb9|M`G8aWbNt?hya1FK`tCsXwA z&c68gko%_E3Gu7WrBle5^`${FkrgAEy}cDPDc%Nmd(%2xR3}wWXl_Sn4W9Pq`=N-y z+?q|LmWTU7UmXHx5W?_b|A;K=SYz3DFR_N=N)}miJ;X3S5iqj1wmXX|B&lJh?g{P> zI)Yw!;x_^n-`jJ&3UlN$#bTR$j4sK?BXn$Xtxig4h!I(sbq!ZR`Cm<(2Zp_s-TjYLnysRS_?j$ETWuEY@ZnevOBu2zZ;E=bQb_bhQt!6?Ya5 zJUeF|OT6W@U7x0xGMZ)hi1f&TRjq?7qESOk!R<+HoXhUZmI$`%9-eZM4*Z z(Vi(laUPjKIiRy}#*`+VL)K_QqTN*s;MN|)__m|F`?h6iM^i?!0kd+@r64uF{Ok!en=KG%cWOz z{rwq>o?m8aR@hK8>q?ez$ zoeGGruUQ3~O|~C}3x+aa!>xB#do-FJOjC`#$PI6}+G$GL;O3n@6LYEItMjLmoz;7& z&%%vfkEtDU3_}~~HUfu@ui*7PRBXnPy@?p=iW{loAyd8?8RgK~&Rse0zNJT%M++Q| zh{&aqf%Q=~vmZ@*fc;H$+EA^?0TtU*IDDZL`$SL(qkE^X5TIQ1>fO%Iv!$|5YUD{Z-NQyB=Z zmz8S(D=haz)5g@S$g ztplwitKM`5T3d(UiE~@9+cH&!YfJDlF#>bPpk`@*dE3IvZe*8#nccB}beAXXXRfQK z)MHqfD8{s0P`p+?(mA6&kaeC>ijhbpIkKcHhP)nTTN$r@ykuxsZIs5CW*E=39?|k*j*A2h?3NhTlx0hn5k{qJM%$0i|2E-o4wAvmxJ7s zKPBK{;tsd0SF*7X@;1`)jFldjbY8N1ma6jj^&bC*CvlqjS}uLa=4%t+K*`#pxCjZI zu5(_3klXNNI+=Q4jsEnt58?>smn*Vbx;Jk&L_aU@ff20Y3Z3hnR~yHDV;-DC7C%Zr zQ3WBsgiWU7W|ccyA>xRb-)#R*U3o?OAAAl;fB>GvvK>ZM1?XJ?j>pD{*`+Z(_RH_) z1TeZ@)+Qz=P1C+WUj2+yc{*O>5DXQet8g8&q|S6R*o|7W7IMN5CFsu*?tkyRWb2zm zQ@tlAUnQ3J^OSy6i`JOd0goShmw=*{>g-hECE|y+gFb)D^Ne>lCfahl{GF{u#gmt) z&?B8Rg(lnM?C|iZsD?vKbUu=}dSg{h_XwYCD;QF4A520^Y_?~7XyvRg1 zMc@;;npK}nSjiAh9CQ3z{UhPqDt6xK>Xc2~xbZXgAYL-?sKb|inkWnpqx(iG>dXm0 zF81Nj2|gkkSlgQ3qYABY@||Yrb-B5_Q@@{ld?MW(K)tqKSh|>BsEQsI<@BiP;SSPTZqT)#l3$0gjg=x%ZJf{OE@tGA<9C`z zRc1AIQwpj-ibI4s8HnA`ZnPG)x1ZtyKd>`y6Q}3OQJX-?P3z==ti;+e zT6+9TIqC|122v@ul(WE74#zl7H|_f;23oY=yvErr9N&;s6SUPD=azrx%+?+;IdZ6~ zaG4+}Bs`4)2>!EDvlD*H1l*9ICZ>hUh~_D#LR~hZHT68XoNj?e+CY~2bVE3d8Zr)_np=j7x#PQzUVQ53h@?Fq?(S{I6Wu8 z^SZ;{3SP6cb@l9P<*$AVzo0*EDohil0fim%siVIji5&6lvmc!g#ou|r@Y-iPyU0b+ zgIHCD0RcgqRHbNup(XlCXaq;@n-@de^;S;T34T+UR`pS>#LTVBpXG&iU4awX~HtE+*FQ2S4teqxAugzI^l#KUsbt zaYeN|&8cbTnx=(u}>C^qU z17ETQ`VfAUvuKacg~bOOyfX8!`0}&sz?R137o0U5XP%-X0KKrhGn#*Vd$F&xO{a$S z`%lmS3szIAjc{E)qaIc~$>!(;O#zG-2eL>C4v8uO=E!G#ABwtiv-ObnB!pL{=;2d= zH(d814f*5JuAcQYIjR2a@7T?Hnk1ih!$dK)g6XHpSz;FXXpH+=+8Fg$rT*TWiN)lIC48ZpYJ%dw=$yOxyET|K2o}(R51Ioug?F(RfiS! zmUH^9`y5=%$JE%?qx?Ugji29(f=gOdHf z+2BR`;zO(O`r_ROA873bI;AIY{+#w`W5?QFnpCk8p!-hdW@FZ`1r$DjF(hm2_Y!ou zg4P$Lumh9D*qwOW;QWPzn@Uh3|0|nirqK&7`n~?Mu8<76FT@OVm9igOlUZ zB}S?;u>rA?5v&!w7Xl)R7u4=k#V@pDKKck5*z;RI^H!#|nM-ccCyQ?{!(SZOiCZeO zn2qMDJ7#IY<(0(7Jk;cUgMf2y$1=?Dv&tno=Aba zDI%_^S7|-Mp|yMC9cF>W@=>AoNG&rvx)R)>m1Y`sqM@M)Fsh;5a!vGwP@h$tq0aPn zt^vu--V;Utl@UAFRt)sX0fdMchz36ah z{@QP)VYX1GQESTGPf=k+(SA}89K{ZDq#@drWZul}-uKa6b(0i6( zlEI$?@MEvqR@6rV-nvugmWg^%9jd#T;+3lj0uHjE2O=@cyc?0L3A%Uy>2B4SZ;SQH z57Q7bsx6%hvxutiP{<#$T>8DGK zv4|(!|I~yCx9?0L5%I8%ZUBt>bzmp5xz?bV zn9T6kABRJJm4Yq9RQQjxCHB^YbUw?+T|eTpF}XIP?p)99-Z?QRQO`B$B1~J8h#GL$ zbep&>3n$Oe4msHy(0OdZ(Th{e)_Rv zUvU#T_SZt{Jud)qg3!XkfO(bold+-ky|r4zjjSK(3IHRZ(nu^XqcoQ)*3fu*xe& z*l%B*=**|^&pYU0sKAJz?qz_J+3{e^>&C$QjqpEz-VsQa_WU<_){ZI8Aru>*th5q^R8r2&`Bz?(Z=t`I2cJF@4WdUqF;R|be zM&9FME!IlneD}lvN8$_Kua8Z=3RW`3_P~!+7w!_e+Z+jDh{d|NMo4#I{1xO1#qSYOZisbR>uo0()<>fJw*F2BVK`g+ryF~T&;%Hr=p2)%x zzeNQl{>vjSXD0*8<1Y2xS~EVs%?g4B8aBq(%iBw%MEnmt`{%qg#ezqOFR~ZTQ3J}# zd5V)a&!UBU_rOv1w>{umA4Gli`PUyc==RssI?O3cTkBO>BDm}}XSgd~|GaC4(O{kQ z@+9%yT)pBy4A7rc5E6&Vl)r~v(Q7y$pQOi-eNlP(*Baz}Mian{vh~{i*B3Il*Y}hL z98cl)Y3qHB{m%tk9@z^Xs?}{#%yQpuXerWvu2y3F0A0yF;f@dEFL2@cQn?wz7>eT4 z2^euhQtVQefAL6v?DSi1dZhuDY{0hvFUyyP)|S>VaA6OIAR$#YYj^lgoOv*4-gSJvc{aND`=lap1et`v zC=2AP;unnw388@=FN>9s-#~7nwP^k}0WU=Bfxu0&*Cp-WpCAD;sL;cJWjky@4K9x| z&PA|kj0z^^{bp)PuCAbzFEi&?IQN#n+j4ee2zuZ~im`s!sBB2-vbWwqM$1{WeGjIEEXLD6*pyuQXrL z*&@B*W)W_w=Tg4~{1FJlu&9*RFW~VXwrfc@L9T{ESE{_P-{o=P%bzjiU(*G~ai?(l zce`Q;2?C0gKg{lJkbIm4{ly*el4QLwpqLO7CFTCF*Il2`|I_LK*2uXZbK#A>ap$r$ z`nR>< z^*(=F_{TGue+?m|>s-b2KVO|9+V=VL#ZL%%1ij3r!Fcb<2PF;Aq0lV+rW)HcH{1jp zci=2z$I-6rw^uR1Z=wtN5M!bWlz!U%_PY!)7`EP{|NM*~C~$mZ8(!~(Fi{KpHzwl# z$;g4*tQXh$UfxzX2lgH_@^!)FZwm-QiQoBtJNGzmNrbM(aa`E+GgRlBO6flx4tVdM z!~ZW|mj(r~G5#(!^S?|6ofzc;9-6}UmKiB^_7&X#b-@7uDI;KNp3Dm=|0@oqUOV4< zC*r%+H;{!d*10ZxY3dDhAyMIvGT8oM6Td|cS7>jdD<~Mx9eVGXMg7&k>BsZ@0lzc0xG3b-33mrwz7+z=Cr-{Rd1srs)9-8a6urTohmA>6i^CJdM|MS-K; zKBIc+ePKC6!g2P8#M`}2IT#ymT^K|Nk`H*FKl~_vKH3f4IX2!rkna9F)P_LL=eNdb z#I13sPHFPr0}lUlz@QurZN%&)ff@YfW<#c7;2Ur~{$JnVN5Du)`CIm5M5LZ?`(gBD zU;EEr+ggP^q$XfF%)E%%t-%8mZRTt-BjZ9C7lyKi~iTDA*gZoo5?Dt z@$R^QW!q4$=lzHEIe#b=!hhFV*_G4{-{!Z6f+b~`(EoGxOLZ5m5?E+HqUzQny?4tYoja$4EG8f;-bnZXjVxJiNYcsf6{^dVybkKVP zhXQ7RsGV|nZtJ3Phahp!^>W+0rr7QKe&6(L=7LPOZ~tzsz{p;J0vHHK!=ljqcArr= z!+01k1drCqbC)Il?C9$ip^qy63gY)5T7N{)3Lr`7N!HVy{#A4Z_U$bQUQ~7%WiFuJ z+rpX3+9Ga7y`qGbVt6f`eYdZz{+Dak4>lW+frF#5`C zbzkI5A|%!FnDnLGh21kjf7@tOZ^%Nm>NzQ*VsQPp9fXE6BleejY4=OK)D?XpB)uj$ zH@F-BnZx{@Kmf(uw~61zt_*SZc9)ALAicO}k(I>iRn|Eg`8sZ(`&D9RsTolzeVpR^QWKvkcswUXR+^jU#3Td>x!Q?=*cw;I&Ow)&U=hw zGfKU^{f6=$cZJ1V({P{ z&Z?BZe5zciCt2W^FZk@5Tb#(b^TPVi7#e!+WY1$L>3>A+x917czoRzD5q`LwIc=?! zjUUS82zy}7f;NF$E1x_VLfHNu+Com*kGtbed+|3OW~&cQgN~0?GN;D}owJ>>ogs9h zGC7Y*zHI*NkR7YElC82{NnP9DnARV6MaPK4ZM19bnxp*3PEb~mn2-i@nwX@9Ji=fv zlEG5bSl-q0=|-DPO({5Vla`SG|HftpeGp7z`Y`v&Rl`Rg6YMi9K#MZSP6_`l&C2gz z;&{I~f*$Z#4F+7s{hXaKT!5z~UfTsd5M#ko$AV_=cYlb+j=P+VjXJE=BuuA>d>Jgz z6$t*Y*yV|`MgyaR$u;WC4eIICBMytq=Kf7{^-b3ZDbdyHdRWskJ z_+9#bpujXptnIkr#o%0Dxd;yCa9S;XzoVw@WHstFmS17NyZoZka^V>Tml0{FDc0gh z&f|L)yF&)Cv1XMwlwAg&<*eI-#C z7N$mtY|hgHEkKf7+zsb``M)Aq+)vk{ryCc2S}MzVz@F3NR{+>xQdPyp1n}*3c@7e?tytY4-p`k41@Cv8(oL*^rd(0A zw$8Q>c{2|Fmk@q%ui5VwC5#5Fz}ORTt5ZVo_R(71J<#QiBUoVfUBj9$J|#D5eKASc z;|rK2^GBs73wAUY7YE!$*(y+G$U^s2z-p`WUTn_eGO4@XnW|a-v&k=ap;uUw!ts?Wk;!TY1_ZikYZkZOoX8mRQuSghy^nn6!i=IKPo&9>xI zjT+y6ns%e=xYwiSexdX%aKqw1>j#5B5_)4DbR`y^x66LNty@U_QwZK=+Aq6WC9ipz zzUi3ZI9vWN2z*-J|Fu{`Sm9)AR`uTp%?t0yqFv4Fh+Ztl-D4Gkr{v#*+&EYi==g|F&9Z0;$5JGWnIHiDeKmC(c zAfMnMvpJj&x8Hph6CWUEl-f@S;3Df+F7HZLeBVfX6-+M^*3?TCVv!Ph8@$4x-Not4 zh=t0&ue0kEElxs*f)was3GYV?F;QkCOW-Y}TJUf0?|!TjkCAw|s{ntnYW&l44{WF| z+U0tuvr`Q3Q;rXfzr{6VC44>L=5}Gx4Wv{Q(^tD+A*&E1+IcecF%WGbO51rOUh#ue zgk$g);zDlOq;!JHz|3)n-s%3Hq1@?-L-GZODK6<_hxOM40VT-~W@DAl=ev^&&4&v0 zXF<0{?ycF*@V!>+H<=>o{VAqahdttc5 zI6dzO6Vf_dW^NAr=*=(Qm##iTAl*YQx#RJ+>^4oEilyUAkFo$}7bUF(Z>XBd4sZoyZ#R~TSf zo1sUzAn+?V|7T9tLku!o0Q&@sqld|QTtqt%ojA6DO8u#4k+hF#MK^fo^4t|FYYly4 z6`BjE3zYyweJ$C@uPTB~ldpq?Z|CM? zH)!4&cb<||o7pjIb4Ozub&oDfoGB9gG0?-uT#gqV5K33Y&^EUQz9@!fh{x-CFv-41%B z>p4-~=y4-}H$@_~OY{}oG9KnUdJa+-ED_p40+gf92&IuUVgceghq8CI5{$_`diuWp zx<;{KD1*IgjT={8uEU3-oom1sn&#Cz3+u}=@YL@h?u+!|Fx-4uhAJgzVdgUbG5S4S zQFK|RM3jCgblpL$(5KXNy;%Kp`m4ZPeaw#O*G?wTH$kbSVYmI3GhD#3{Q! z+>=KSyHJ*f#UcSml5PzVmS?@CmiuJ3poL~jfULnnHik3QH5bum7Gh@)^0+k9ky0#S z4?{Tr_R_%D>h(rEV)c(}bRv~AVbZCDP$@V*Fr}95fMWM3fYZ$ctM|7_+#F%2$_=EM)!(z!WajKIHg z8~M5XWOsy7nnz4cgUdG-ZtGJ(cZwGEK{~2^OSqeXWeS<9FXW@9W!GH2-77uoK`3|| zgq5&4jEw=1+={ANogR&!#SmS4(8_^QLsz;x65#yxWVLFIJ3Y5AO}0EfV9sltWPf?e zZhCxZt?rC1@f-hI^*8fYnU-e-YB!MWo}v7I168b$4LIVd!0P2Y8d2*`e#mQ@MG}j! z$CyhuRO~x5F$)+KWJ|!N3}ZkOd1VSG1G$u3|G1Gkau8^(Dd3o|h*_FM@;$w!MBs|T z44C{-{66DQqzK9VR=EK}SO_jT8*3Zx6CZ{b5SHOg{JBy!1j2nCMM7TwbzslPp&_Bc zu>tN*$DoJwV$K%Nt6XFuX$oq3r?m?=c~2;G++8o{hVS9+uZS8(qr41pD)oT6AA$n9 zMgG!-02=~o!ELXpSnkIN98U)eMJ`Hc&1KnQ zJ^KKZ+0x{C#e!?qTVHktwAtMZT93!F)Yz}?rH0Gl;(KII!jGy?50}!6`ZAMG4n;gB z;H_%awy(x+J%-lN!R0A4RZIu-g-<2C($0&MdT;{zG&yi))kyl01`OS;J?}j61P7}4 zvP~47u*gCYQ?IbMUr0bjQrZ=ZA*tXuk`FD{dtD#YV9lbT<5GYtH~N6<72KxLXi0S1 z)xf#riNK>TvtAi)dv&}IzK{`hJN_nuv8oOx919!tbd?vHhFLbx%>aE4j)3<4JdL8~ zeo4!2*fh7nKX0|v<^Al4lGeGYCGib_N#2)_{;r0gbRoFl1d;|~vw@En5VefoBZWnL zKfj@LAjp6)l+~c~V=vicuT5^b%Aym6nYNe=7q^Ytj5{UI;A@eC7Cv#WrP4mBn~T86 z0AQAe$HNaQBt07E{ihlBSuH2asO=46gm4IEYyl|O_ySErt0AgM-UQSXr9w<~8@R>F zG#OJu-;RF%3x-QM2jkC~&~j3QxM-BqMOa82Cy?Tv#_I8(&@2S@iMn&8hLl;a{V?^$r+l6!7f(U4yFVR#?{S$KK28XNLS%<5hk|s` zu*Q`cqUw%NDtvr$xbx=W{a&g2yRVM8Rxvax#$+*3FtFF(4t6 zB!^kRTYYdPO3~T`2nti)KZ8S2LdWYKdZQ0^H?Z(2JT)`HYp|j}fhx1P951A}oivjp z;@0Dbxm6Z(a$6^RHHDq12AOF3nipvtXRf)JvJK9Idc0 z7^Vehve0edQ;1mGgUz3eS=^bIpK1wXqW%a_93bbap(iac$C5D`$TfW_lSM)YFL?d4 zy%)d1vh}$cHfANp>hi|&z}~1ua5S$)TAcBkc8z@r^v0CE7cLpGuoPhIXNHpb2%u^d zuyUs(>u=zytdI%m7GcJ8fEfir7%*SIErp?|xs2ZWPQAoS*YleA*84%)XB7r%25sEC zEEjqiiwVElZcH_A(j=Pdc?G96Kg*+WST5MK3z+5mo3&k#(*f3xbtcLXR5t*BBf3r_ z`{@v0S0@1Xb~^4OP=FeGhtyU+5NqyH`XD8_iB86eO?_$4RVrHj>@usm!Ysxe$B@f} z=)LZkc$fM!3OIdL^4a!`;XL>hoT&bekMY)z(sEHO`7b9$GOlo%|G1y=ebGQV{T7Gg z{!0%AJgr;4XgFjZk4lX66>={3JsHDK#LHn`5{!(8FgzCfP%1yy70;-Fv3k>&+RqsT z9OCB_yp5VqsQjXs`qapt7rBQd;`(F+Qq;2y(4<9_DD`l zo?Oc|*&tsNoL+v2WxrOlCno0Auw&n&f^4))SMWf}=@F_~OGmO2DWb+}oz8Ky zG6T7q;^khr@`mXTEkPwIiKK(2+h#qEg*(TRDGgT&GvV`z8E zv_<>Q?<`hoV$G}Bjrk&f#I9XCTJJ6V8k+$EdnTQ3I;o``e3j#~P7US}uJLw%&f|_l zD*9`t)|d>i=KS22IqZSH(x;!WBvGyvlXmtc;2aGdk@))uZ^Y2d1IES%07AE}fsq$+ zQ!VC(avIEmp`^7vsA&+`({d{S>ZQF{a;{_Ep=Mcatj%~-l6h46dei}UtEZ`%z*}AL zGXTIt!`UbLlY>h9iu-RR0Vm_Rb-h(?b|aQXMsYVj464$(|jMC$SKlRBqSpL)#vaIo{u2%bsn$du^o@IN&T z7Q=<#%V55N0u~e^c(ly1RgXdVE{4n4U)C)ZJFj}vfA9gEF@jY?=_9;UfEb+^ON2{S zW!-(uGc!hOz)#QNX)ek)IVA^S&5*mGPx#ac*V~ru3ZW#o;PJX>f$Gywjk}!-od8DU zF7~;w{(s0w{-8}a59O}?$ze{aR_bk7&V2rjzBHN*EI4<3JIIUJ+KK0 zIs}8-1!14Ru}JceH(0{TV|gvE|A+zpTZ(&WcV(o*K?uDU|K2E~&%K+-odWhk@L+}{ zW5VMVsK=QiTeGQ!^?e_f53@U^RxsQkl+);EB1ak;Jed? zD$=N?j^a1i%x}+&*cj`r2iO2uP}lGpd^EkGO#BB|(-TRIXZ;88(Y*q2C2&%}l%7VmBAh zY%gs4o-6Y63YgqxuEWjIiJw!Z z5-Sx)1XnYQT7(-Dw)mvupJl)Z|zn3YJI(Gu787wy|n2crKc!_-XEeJkcy5b#` z?ycj)$y08VLBz8x2xicIKXgwu@qo(_u8pVxaV`cG@lE6TaCU9M@mI%Pg!Y$qNiv0A z+-B?&bu|QmPpk>6K>2PNko(~G%91&37;XhMYkfdlFcjj_N(4m!+NtyVLYmXuNpro2 zE*Le>G0=;1a}+d)QijzjKDV~EhScRT#ak-L7~>x2wD7@}VgNB9so+$+SLkx)eBe-J zJ}x+k-ebdxZ(IOCiMG8|b>rs3$Ob;NC4%e|M6s*RwMg$Bj09zXXa3}UZzNre|3p!e zc!|W9?6^OrCn$dGM3Dc|4zh~&COa|<*i6PXtQYNn^ zH{O75^l&nWDr{hP1*8=!+{Z+fTZc%YdPZqKTi$ad*f3{R>c!Y5G?Lb#&MXZ~T$!oG z&f6sTy9dqB0`VoI$Sb*t4&%63jEN$nzKBKTiV#3B<-TbC5u|K$Zsb zqO99>L%iX6rZFi&;}_Q+=b(GF0yi!*rS z7WfJyjMS@b3pBu~iFu>*TpZ+J_%(!^5R!C9;}?kllRv zmL)tN3WqTK2Mu_xdH6pH0!e_H;h&PH75AdD3}puK zBStXpW!u?gJU|nUEgQ3rg_aEOIRoP89h+ul6Jtk(fLV%`!#Q7uBooI!DU5C&7w6~I@rejdYK6jxW@hgfwi(kw8z}HdrisnatzCT z1t~eZG+GG4f59cWMYKz$w3|&mq@+g2hdgG)cB5we? zrJF8w901c_Ksh8bH`5hALIp@zMOCHkXL!Qf6>|xc6!*xq{-6c#cb^x?nJO7!xMlI{ z4nPq;>1&5h3_mxT6iFrrm`mMyJl<)-WfqmzINK>dq5({BLkj0UwP&4;I{#ZX%}1vX zZjk>jU+nd8)qax9Ukm3*L%Si6z;Ez3i2p|dRttUbCYH4&&uAbJl1j|zsIl=Y7g*oJ zghcP{alxwg_(!HTFNh6Lm6m`SfKgTBWIrltXMIwxKrpp;N9+#lFh?QTo%iQkV1 zkW9c$T!nQhC7-N+B76?SGq1B4r6W0IW4UF$M!F);*WvN)EqdN}=Rz3uUP)I@<9=2^ z@me0l78wt)dHCC%t0t}!5jROpw**JkDejMW*Qu#vj5=<0VlCnPdOQbgbGPmP0Xzw} z{!2La|16n+5^{C!Q#ZIMTCdgjAO}&zs}N!OIEe=Way@WnxZE8KQ zz;Ufihl_ERI_~{hzWn`nhV1`DlA`}-k>p2z48}-Tw)ktmsqTQMCk2jvYjW%ZHu@js z5-`HOY~6E)z(44YLpYL;B>!f;PJ%(AleLVhU2ine+~vUf<)NYvjU@I1K);gaFV&Ds znyAI`{L5{ay9EDqAcqW)S50%gj0qG$SBklhlDqceTyJUr?GKRlO>y%YAW2U8Emuc* zRq$VpmcPP^2r;YK>CgWLFt|6y!_MfKDI!o~hdL#Ii^Hsnfyl8EMJ+ zgTcWF1Jr-epRzdn=k%w_tE492hW21%af5;nr)Cb1*w?!r9E$sL&f*K59qX<;F|%lrGAkfr=n8Y# zPp$tyzP>Ub%5H5J#sP*Nx?zAJq(h})Xi!>EkPZn!LP0>fL2Brbl2AYtqy*^>X+;D< zO1eR$@vQNE-+jKlzkSXh^M{Ymv(~z=`-*!FJr~n{dl!hCCG80hX|xjvfwPy5^x6B2 zN{nGQTfg*p_@_VnLoSVUiyO|<+>k;{YxLgX)5{FdjAnweF?>)B?%k1FC4IUe| zK+9g9Oq2RI@)`_%02b3f9x_`{_~@iO`@D;8QNJHv`FGzOB8U?F@3>dDK;2^tOZvnb z>l2G%Il&A24{7b6lD8(`ikW>0ER0t(wz>)~Z2rhal2h8T6I?+B+F0W_z*$E2Awkk( zJso53`F?G1Mas24SJqBlh3;i{F_(vgp89c~USP>#!!Ew6o-Br^M?h54@&q8ho zCO^}TJ<7WI=Ve4}$=zByuGcM4$-tx|0JexkQ5~Ft5=g|uE^|B=A~{pB1w4HNolz9T zmv4W3OdGCt_@q*b2=gG=#TamG0fC48G~6@DJpNx%I7AH$=?IDWoZs8P5wr<5KZg2k zF8I^5I5}mQFMbqGevaYuMOcU`R)8@@Z>&}=feriVN~6GOku`wgkH7!8GT_w{$Amkn z{%B>0DbI6geIJyv{ucgS;JUm!l<6Bdx&7_^@LV+WpfklB<&(d_hMF$ufXb7l%Kz?w z&Q1SVb2u_4eq)+z>w^E!8iaRZ@>1@@l7A}eDs7b*ej!6p7$Hq2IDW%k8oYNlyKz*HYn)z_O3_>272fmgVu+`v85xc4FvQrBHG6fXvZ{W72dkcvOi+*66 zH~d}py^{^qE)m%iGDtZbE>0H{OXKW>c!32mS14D zuz{EmR-(#_d=&uZt(gV0wZX$>=L)Q(YGCZXO)c(Z2*1md6+D=NA3kyks^0iHkQpo?FGt#-jjc5!3t$XE3=5Au6_37}(jEM| z!(=*gzTE&V@)@P4;)Y@`mXhOePporwRgwnr_@TB^~;^epp(B~(++!!VVgaibE ztuTX!BpEdO?r~-RtJz0k>phZV`EL3YKvf_@{cF)vq4TW=zGKX+pfK9)N+}w5gcJK! zMLWtlt0V3~fVm>o;&E0)+0R~^T%xV2VOdcOH!w}W8*m~=_V)vHMq}b4)~}ucQ-atS zb&DsshJZEYrj7@R!9J&Erp?=y%cmH7Wk`Pvth0NT09M3m)%0u1k+>6h%5Zmdi7~SY z`l#ngaMTiVY|ek(4s=hyuSJ2FpKLk&VhqW1nyh>YPU`)qfQQ0O865$B!e!$ZQ$J7-6iKgn!$eq@P7h7Kw<@E0oAjTl3L-kBvKI z!x+|)6FA75{cbNI$g%Rs7wPP>-1J>0K{_fR!Ot3$UU%-vuOcm=4G>N8+J1r6muve$ zVE5dPX_K2q@-mAXwZD=?q6*45=Tc<^5gnU3{nX?39TLWt)AiSb0hb3X2Y@el4%9rc z&p75hIgk3Uz67qNmjFJ$1QOc|>tBT8QNZNmFxRS}QV1NH!>vJKI61Wu%ujpEjH*;- zpE`qQl)!i@CBlUxh#5GI?l?E@b!%JzV>`}Ce(#gK`_X$(sr42(>Bj1q?&)P8gRNY`Opqg1zaA_jx{gvI?ki~uX$I*Huse;LrJctL)r&VU zPDdanQ$F4C-&=?l>~E(&3KT|@@#;mLf$KzRrD>#(hO(tT>R?P`-rz}W1iWhH(^son ztN3;EL(fuw)aQ44fKpG~j0jjSc_nf<$^@{&jalD=SZu-p9P>iQjuj8!TFN=c*b)1j zgCFM8dj-?PNSCoEsBgweZ431}t9t+@Pc{5`aTO&wpwWeA$h#C8UMdJ+NwY=`kbYly zQJpt{TaU$vYLA(MJgf`D4TDe(f)#{t;=3*TOC0D+EM^Zk#@z$Z(twp{4v{_^1K z85=2!R;;UMaa|R)pabY}d?Fb+Gj9`W0rQQ2*UFyg&9`bVu5& zO%L6|LM=QeZF0dWQpY~ z>~|PC#Q=zk3p(zeK` z31{^o==A4yA=#ssZQ${WKB`d#9EYOW_*($4m=|ij4wk+C)suo>sH%YeihZ%CN*w|F ztF?rQ%Xd)E)@*|WJo0h-GsJ?Pq9)TPQ-(kI#!c*i@&k+<#-g-3J z`!YIwryuxGvO>)S$L6YR2NOfR#7S~L0d@G0J4-WttW(mG%oif6`1`Z30ZguNO`}TYq&hbeR5LbvF~d z)rwS&e6?+m=fdfGshN|%}wt2yCeC42L z$45_F(fV5M0y#32x`1aPuy-+>!5OYPjtRODQ1Kw&6D!|1Roo3G5D^;Me7Qgev&mb3 zBIf(<$|wfEE9ZsWL_N9A@zawKT`||gM%2y^T*0}aH*i23m-t(%uLXLksH&tF&bh2d*1(lQ3v=> z*zT2n{TowNLdHh@A2iD1BXh8tpDXWk5)XAy?JaGP8UZr2oAa)=PQm`bVLkm%i@1rIZxEesO+baUeP zGvJnJBiF!ez67kqC#nx(lw~wHO^pz#r1(v`IAhMo*dvI zdH=Psd%2;&^>wpq8@!t@F_o|JvIKOj&uV~`G3skidHfk|C_4~r5+BGGvq6{Mr^b-* zpxV>nkMo?0OsR0$s9~<0fNjw!>2p4AicLhrIppCsVpOk{$Pt#TI6-8c@~fB_Ry4Yg zxdV*V^R!44FjX25eX{wLuWD)D#N^76X|u04-52ej`@l8%T-NV2as-wVw@Dp~)pzSF z$ePSYGe*|xbe{r2`R6r0eWu?(KWRtj6$1v#k_wHk$MVbDRaK#Hn3u?3AW1%CSBa@0 z4Kr)NkrxjfCZlc=dRvWjT!pTL+p>eA6H1Gg7K2^irpr z(rHA83f~GDiPlm6NX;;R@a*>9u}>iM(P-A(dQOgfo4hWdO< z<5$d=Ka2S4zx$DZun*pJeJ<&afDF)efshlN9hr)8O8ATXQ8JjeUUhFIp{!tYQjdJ` z;&=3cJ&3pb@TS_-(xsMZyxT2E6fzL$Om9!{o7k5bBUJq0P_$;xfz0->M^eQ8CQ-1j z^p(ffOO5;*1dWTtkX2Vcf$1ib4F;B1oL+j}IM>ABj!u!{Er#K}+YWpct-murUrX7R z`F@o7399y7%q6vkPW(=}nd!o_#ks*y#RM*TdY1z7?4>5N+7CwMhu7X?B3 zedsO(2lgd@9)x_sX5_)=V%Fa*Io`*-;LKi5h~tCzh`B9vb|n4u3KMU#PwZ9vfg8kG zdWOh2dq3;X`_4nngjkN&>T?B4iwj^cxbVNSUQRdrH6W+&uzm*lPC=`DFy^t}l=YI_ zEe}wgXb<92#zlI1!YC~kzn=+o*X(r+V~~j%1>~ewe23rBpBeU^&=L|)05-*kyPNV1 zK70hM**76R`l8)O;Iwe{CB?-iCeICIFJ+p2y7A_vS<_ST8N?;IaDo~%9(k(f8}Fro zRP2$NI#3GsK>iF5B-l%MyfTy`3{Ua`QOJlvGH?n&tu}2Qcnvi@JtT-$@4T=SP}7nH zPR*#E&pzQJM8k$FWH#GRof~WYfj*X*0nk=Lj}@aiThHlz;Zo%}8W^>+QwA6(lAICM z#AQn3^^4KkFFTGf+tA1>TNOKzCZ(W?l#n-4_?$lZC&(N9+DKdj`^?Z+J~AkbfZDXU zGz4q_{0rTu6wz{gW}`Y6FuL`Mk%I?@70sZfw*69OWO-kpiX1Tm91XZ_^u4M3V8`F; zLcFI{!cjAvw$cs1sjL%iExa|MV@W`0D9Pzno%3+h|jK_+7=T50W2z`nn zgEPONCy(LKZ&bMI#`i;a5I@&?fTo+0zSHUW+dTD9Uz_*^>g18<5)aXv1uh#!O{D`- z%AZgFv5)?5VilDSRRbU#z3BnEVd@nU?z~eh#^~Z;0#zIa{2!EmNe+Mcd{$g&+m9(YGHyoUV9aOC70o#Z_pM3gvNXXN+WY>6WGRh)Dq~ebxD)dRjJ`4#qi}_jSlnq zhUw=n%@V$^hNU!5;{-5D_sv!{Mv^_Q#0K^!a0O;q#IDi#@6Bxd3QFY+L9U`a3bj&0NAdp}7eCu9QY+!%qx8xARpCHY6cz-uO@BpTX4=4XZ+y-a7 zUFWeYG|!UrWXj=EmN0cFi#khes3W6s;Ti8VNS{g%Z-ZdyPe+&Cc`zJ*qwA)HH!x0~ z%+e{{fkg}TBM>r6ZCi@TSK{MW*rgXdO8{%q{IGhjmp%UH1lj6yi-pKnd{Qh&ejxw$ z5eNH-^j^^KxrjJsnW@M8Z{&(eq;H8huu?NfJSr?_wT4fTgzt);IE|JM*2ruubDSvG zno-J%)?hjGjhVBJy00ad%PYWCuAjMAL)FF+>AvMqwZ7vY9)W4o>+W_3;v?!4`|fwu z1CvQ!-81iELoP&KyW>oaq(HF3mWC-aCDo~Ro!G_M$ljS z_pqfJC1OSOk{9MG*|f6+bK#CehQp`QN11UO!Rsw3C-ty*b{)>6#=ZkWgMLpqLb+`R zqs-vS!tYvJrK_tUNQMg4Fd0r1+as(Hj~IE`D|_OK(C|otS3yw>r(%?dJ)cRFmd+H% zp5A9afqToFt5r!aYf-{Nl^UreV)H;`^!m^cN1Dk3Q@G>Xdd?cG5=zd&L*+!QzDfh# zT%j7C9ivJIqi{Y(dbJ1}Cc>jN>#5A;3!C(m1|U0>c;>l|xqeYt^uc%8tSWyK=`r%AETbOng#DAhB#0s zJMGCJr^l;W>hh&tkp~z+3aMrspEkpLnX#Aa6(2>&U|T6)b8O1~bO%za+-u%r+%QMc-56bTJevC$!^_WhI}qNzxoMxd%UiM|N~7 zO{;}l9eeK5^4~(ct@Sd7isQ4-Nze9(O}mB!49fk&Zzk?32W987&W%rTh#^b7@{w_c zw?GU9VsGXGtm5NGv`6jANLR^5$r!|1*&Cxdm$)`J5OYd@CV}ha4eqa&ZnQZ@n{-TN z?WrkRQcPF^!K{jgIV_)X-49&0ejQ&#n}y5-{V2n@mGA3Op?VUy?)}Y=`0)<8;O&l# z*w-}EokE6^((-jBbAz5bQ?+(8L&z3xXA-U&EOo-0eWo0M%ak3@Nx`~G*Vag~n`oT9 z?era2a_wIBB@aG&%-Y~1udZ8?zewymIOzRauBDwi(pKc5RVqS)GdG1`@j9W_M7?|r z=qSs&RC%q>wAE}n@`w(LB>hZuCAa91{U?^+$EvwE9)mQ6fJq_}m2W2Y-K*g4tV{K% z%4Lossm$ls6CE+vK9ArM^&NlyK4wF2rhq&;JH1 z>c(iT&>7hh?egX)5>7!tO^N4*MOeQ`xJ>@}5?Gtwfu0~;PWg8@1nEz@a2i(q#wMA7 zpXZS<7cMrfVOaNLIASlNUDn;bm$vh2479owte%*lBmvdu_YRufdo%3c6Rs6dAn1gWTC%nIyCe{Yk|Vh|%jv_QkAh!`+^ z>&I??dKJHT`Y4v$@wgqT+Iqx!lVNl=k(%$LU%2UTI}RZ~ANBo*gw%Yy311fayC$BU zcDqfCp9u#m%;gFXld0qqZp6B%Jh5ZjP9bO}H=B(-1AA?k;+@JK&0Tjn{e|+Ifz|mw zn!_}ZNp>ON@jn8DvEW^yPW%jbF&>l_PgpFDOeTGg2fO#d{W9KnxIyo_Q^c$uym761 z#DNk)R#QQ0m0bNSBFKABc(L`i_END*BHbJ*5c1ABz#@$o*xF)w=NO1plE+tV zico=+Y2%Ug-!R_m{1~A<^BQd*+w>Gyz$8J3uemZAUZ+ zX$4X)1<=15K6Z@E?!5-hrTmU)p@St4XgFP&6{v35{_qiR-Zm}Txq3(y2$40R$0ti3LUOq=Uu4bAP^$zkZkP;ts*R^W@p7}DVd8Ydf3n+-VvbQ z*j~4zgpU@1m_rI<0{L`fplTd}Cx@H;*mG&60 zqZY7%=j0a~F?G_A%+YiuRL#cr1SB5`o_U7K7wm8z0hNF-bzA*oe9E z8K)d@<%uG~%H*iShM{Vaxsh6f?fh3?(2a=TlV86*T0pHDNPeBdUkOLy2~#^m7G9{@ ziwrNoBsl0T4lv^9v!HoIuTdb#gmD|Un~ux`DGAsit}-nls!SfqG=`%pkEin?$hSpr zi9UDuV=HFa#srCtI^~mz4|+#-v_jRC=q+{$OSUuYa`ya`Z6I+>?j!PXm$%qaH`@#A zo4GkqR*x`9^8hK2yQaG+s~589%c?ID6SW`t*nLvu5i62a%@>Wc_+52Wgx7lzfSf&qBqq=CqftA9eMu8!>5t1opMkqG&J9~8@ys%rCjC~VZA|Oq z3)G7X>(6pOnkbfdL$>D`AKw^t>ULYYe)>*aZj?G16oqn64ipcmpea9e{~6XnE}HlF zjj**qlgn)LFFj+{igq%DWF}*+j7+7f|bEmgui&TALeFC3q^$83{39OGDun{ z4-#+b<>A3jWF4(E#z#Mhe-Bktjxm0Y7;C@mpitP$ z{Jcnbu~+#@yJ)jg%$2(%%kl89!1^NwT0PelpN8Z;KWDo5F+j(AgzVtQk9LagQePD% zVjliLBdrjsQx?l%c~l;7@sZG&4AHemz6d6(?tpySzWfi{f%N(3gkni{3H8HeW;klp zp)5n|^p0hgh0*NW0kKYw|V znTw;qre0z1Ie2~IIErN~X9278kT69Rri_F@@7n^B_znAkZkF0JM+Izh5}F;lZLW3V zcA(2gx2X3h^oz7$Hl%G{JURw&CP(Auc zg?Q6)dDui$^&grRc$g=YFP z2*JY6OZV)8vm9s$ z@;B74K65xsQw#jOJ_~{5g~1~aqBlqPBZ#6>XTZPf(+Kvg)ii*97#5Ayk@q}WXinh3 zDu&`@n?cAT@SAG~aWv}U!x11T8i3(mOk!x-p8RTaUl;Md0;JGNbtxsce_B?WTeMCZ zwgWflq-!SLiEgyHh;p=^vIcw2+w?fZfhZ1G907Jn+*^cI#$tu--23hc?fC|HSyMe+ zQ3;W4n>^;421rxT1l0$-(hxxm7B{*snoSKK=8eWro5;WA)Q@=P+r4Qq8 z1t!P1{9TN0xLnD0f1?$U0##dkS9+KNW5)~?>Fg=1U(PgxC3)%ou*t&0C&M$c&|vzW zh2;PoiL$YrSL8z(lu+GHh=IH#;5l+mw54gMnlyn+B-C?VW8X_(?H-cvS8%6DBTw4A z&V5d|sz?wFRYtCXlKtKJ$ioJ~z=Re~f4OamThy-EvYkwh(7h|7JSs+HRZvp&{9~X} zHl5SAK&jJdaXp$*o8GZdI3Z(HseCtUKDJWq4PmlQ6jkN7sgIQ(3_m}lCTwHV2#A3b z?2#(aRH|fLY`Fv+WV~s|{*Z0WK!83r<9LQ`xXa9TkWd8GOu{aa&~Uv2|3HS5z^7%Y zPu9U8OihwT2f6-TJB|ON6=m8*g%M>OZVpgdl=X-0bCvBgf7`q;?Ce;n7IrQ_bWQwb{ZIjaIbj$8l%K0wzUTnF~ zIPtQ&8!i2fss2^PP=4%a(6Joh!#^%(9Q)%nVbT2U$>q7SWpZD|W(1 z!&Ywqh|Y_?IXAo+<_Rsg3U>+JK~?Mes#abud`ge(qmB}2KDJVA#i8~C9@S+ni6zRN z4kHPtJx>^;Ffh=!aEI*N@IBt;ytMN2%PObOc@MbQFeYE;b7W4yv|A6=c_k2CB_Lsj zKcz$_td1WJ(1iZD4KdNt?j=s{Fu7tB|L{eOMh%#%P}GAYy7y>Ioy$9c_5k--AER9d z;AVvHb!GgH6g{6dxNACY&ca2)?n;PlvU|{O!I!KIr(A}?tb&YE9jIRgoUU=1?|6JM z>N%TT787x4mnJx%KD2l9&*$f!=dy}j5PWOz3(g1*)VxD*h$&<7j8dsj|KInIfJ-QkAncm0rp&1#h^F;Yh z{0Iwqz>rSK#T`iDlrxmA70@$!Br0<2=rE!_J)B5MrUb z2i$Q@uI$oZR?h~!d9I8JHl^S7=XrcM@cg+jAlLeqi?-?>c7c$LKfYJD9a7thuk!L* z&upk%_dU&fqCx7{=APg0#jk$~pt~y`i|_6uI`rIe_+*43Z;*N4hh#Up6U~4h399Gx zi6`I76x*nNNX-m6Xx+O<}(6=a&KVWWg*VH3r1sZH8L+5M!C9XB(kk!}) zn`@ViR%QdTE06zdnA%w=wRWrKflHRT%^_)S#=SuOVQ6QCJnsVlSf|)9K9^>1ra6xH zk~2ocr-^Q$MAPM_NqT8;)<~`HJCRalAYWp5l3U$sAkHW6p zU}$t>!L45hL*|ZjbLfQL33VZHl8E7cI*Y1!2sa3lQ^0jDza4F!vrlM5FfQ9EybiE? zesih}%n~o*R6|qCy$?hZjoiZcleqbwW?b4r}PFm1*fAUG~k^_ z(rjXnA1Jg@-On)kaK{YTzSg!u6JLE>HZ#hSHn!R#{|>ZMsF(Xf>o5FRt-O7-|ad z%kf&k&y_FHagAbP6wlX1Jz13Lu?sz-rR!)PxXa;Oe!QDZS9Q_!{K?LT0b!F#!s7hg zVOQ*;oSxq)@DD`d_-G>hhhhKFE7+_$voITQ`B`A4>wNn&`iAdMH|mXDnrbF}@L{7b z6eEJ;(e5EQEQkhve_DB(UAjFyLm@UFa(|M9(cO8KIL0*^`yAkR5%iL$tpea$>fp_; z(cYp_Iz|wn`5Y=+dUB1A=pmRM=&u`690yB*A9osEHNW2Y#n<(1muHuqZBQtRicgC* zy|RmUyQ9V0KRAyL_y7*t3qNT|4bt?<@bS#=fNXj1yeF$l@El62t@!go^8IR#bm(vk z@EiGN{KS`)n{-|z3ZOqX`eB)aEjLL-M%K(dYToxnV&%C#Z{k`Bv+5Fq;y` z2OzBTLuzD)2yaq$R362lJs>W~5h)YaDaWtD&k^t5QbS?`v5;5%Cxp8xV2<|{^32Er zefy7ztcm-BM-1+nfB&uYc}0wj1V?4}TDMkZKOBu!A~Nls2Ir>1;PHO@V z0A}xmo7TVlZOgEZil!z~h521zOP}Pe#FV6q$VX1uNFG!rYU;SZ%%IgElm`D51#|9w z)Cb@>yr73R)&h~^?2zF6VQ?i`WNhnv*>G#gVgsE3L)MKL4~}E!U8&fk-b_O5jX9;% zQe*uXVm>YGI zla{M{2J8)0q_REq^g;86vkG53rLS~fhutT;KmMHVcfuj32$VcB-ar3M_iaWnuwW&g z&0kd1%;oXJ_ZwAHoO=WX=L$JjvGr7X0c0RUb39AHDuD{MFc1BM;oSg+Us`($4hSYK zeh;dI$GXm{DL>JXh_z&1+5GQCP_-;;?Buqz`yIl;WGe#*BH@hI)?|67EM1b2PS5Y& zJ-N0JNFqr-{PT`(GzB7IC^g8yz2e~!d0ToLZHS5pc^5vqE)}1o5|6bp$i1^Q3vjDd zn}83k+(5VYYhz{zW7*_||y9ZXp=z-p~jWxI|TnIPB zOZg5`&DIjCD8eSM#>F*{y~1uwe(|#w2MVQ zjw83H6*)qjMk{WA&&lMm5^8zIyj2CDwb6W~^hr15Z8h=WF(Ryk!P& z{|7h^MIB)NL<20Zz^3S!a?Jj%Gi82AJ7B<>%%hU-8X9o3Sfc z&Es3U;RM7HsT~j3&OHWZJ+D!ciF6lD1fg#oh`5|>-il1;%Y#lNbft!IFC*Idl(ISo z?kam(V{`dS9NhZFwr(F>0^BhT*-xhWa&P4B{7BONg{`o8{gPXES4hpcdM5NPqoPvi ze2=l8Ar^Z>(*0Kc8u9xOCaXJ^7MqK&!Du`ub|Tk$YW(NykaNtLBNh_J3__3Cx~O1AE$AIdIko z;$sOjU1SSiso8pP*P0EhExFz$#v@eEk!`Ssr2R9PMQD;f@qWYT)>j|`ZWYzuXG37? zWdyE0V%6cqP{LFk|GU?Yk`M@nSnl$*$1Dz96_E|q8JcEU>?jrvPG`87u=DSWO@B6 z;HR(xe{ezw!?fxt_9cgv>CkPLI96`LH}$m<6Sg(EKWHYO>K^mqqZO`|eoezFA=uTM z<^d=`?Qaw?*+}9(R?~a}2L3-_E}(M53E?ze4LaA`ZuL<9oME?bI=J)V{!1g>!;#0& z*-$@hPs8m$#M+;C@8JmxItzUxf4JaBEHM;b&ww|9N1I>D?$i;d4^3f2N z1i>Axf7(?MOPd6t&Gg!Tfn-btJd8jU0HgKYUV-FfU2YOn-|G;83LWh`2#C0$1rBwr zp%)v3Df*h5Ef65u`8xRh@v-H5D??Vpx)7m4$qXvOVer9x;>nQ3;Oum)s4m7zXoLz1 zw^PdYSkxwcA^s!=sBiV~Y`~!DI`LVtC@^;nQzw_1)I!- zIca>3R%WeS0aWvlbrx3z)J6w#7d{v-yE$E7B}d8}Iopa>7TV>sP;D{-Yg<;_pY03x z<-)V>I-q;dq3^htubn6$e4vORM0;yuWQNeEIkQ&Pl5&9sW5J=(NLV%&uR?- z>BQ#U6MRV0yh4k&&t$}V$=T9T#s%M%Tsun|MqrQUH%qpdpQn%yn)+v z2HyHhsqUPJud!Iask27nBEIQ8BrWfIAlE1Oj6oDrm-c<}cX6*Cc6^$)J{}RaAajsn zzKV}taC=t(maoxS>EyCs-fiL=(}2FNfvx*v_(Rkp0{w&AkeB{Gb`iNkT8-|1BkJ+d zk;v`^O^$H;h^XJoF?`ZWS8Di5)F-Oo*Pi~gS5+|;RmMv9{asuonya3 zevkqGULP)Tefb95xmsy=yh65S8k{nb&Vb8|+=5ZscDu-8_p}F^J&Ai$SFC(3RGBRL z>Gvu=d1!pqfc&A!Y_$hFFNINhZ^bpx!dAZ@ANRmG*cqgrlqn+bkU~l^($-s5K(>F^ zB1hbZ+C*6a<`#RPJmNsI^_H{8hbsD2T$s}Rl3wVJfJaW`0tH5 z{vJU_D37qnF1qQJ1OtFa?0O5p58iANDhbg}n6V2XzOkF(>s-G?o$C#o{|J04+oC^4 z?uhKAWA%mdf~hNdeSroJP&GJ?K;0Zfa65|KSEZoWNa_;|&DSv2e73!zEXm+p_hPsc zYFiz>@{$a}Z`Sx#)u;)~U7W$jW3({XH5Qr#yfV{@Mj&Pgq9og@^}tyIYZUAvGD}EA zPI$RxKAhovL+^L*g3`&)E78)xV;^q*Bgj|2vk{X3OybCg6k>)>4Q5MCWP^FdZ^0xy z*|Awd!Nxg(mh*j1I<&o1`!xzX89+Ob#HQ#bYu`d-vZ3B>!_S7C-6* zCL7rdxIGj~`yTW-H60^Pd~oLIZ3=v*{WXvQSyLAUdh1cB{#$l-B$A8m`bQo`uz31i zKba~Z_%Wq9Wi;{>-cV%_#zF!;y6{#MypsDuVX+WhU zO9RcimGcfT#vfpzrb$AUMFnik68LD~`57#PgWa*aR2c`zf-95By<>4$QQmQlv=5hj zl6P9ZID0R>5+QZMRw|1>JK8Z%52>}T10;;IwmhOn^TuT1CGYdf@Uk|I zT-h1C$xptDH%Bt-`M}|FfUQS}PUX7@xEwW=^l*Af@a6y*1ZuWC0gJsi_%{N6Fp?IN zgz*ckmSIpFLK}vZAowx_`Z&{X80KxYF#8nD(!l_80L3?)Em?2J*=3;&&4! zk7K`CMe}DiO>~OGTzcaalf6Vc`69#MSIH#EgvUT`bmq3U%>6X4Aj$=HU_D5;%B_S? zSPaaY0O!ARLF|o3Af-?ynA9~|T*osIXp^wj+vo}y1L_>iuom&%8OQP_Y2iHAg^6s? z>Vo)0?shkWi#wPMeo(0AT(gprgdKGTXZF~h22<5VHZf$smgE|8))S2YbNbeMZNn@g ziL_~rBH@w5Op?`6Some&(X|3JO9EbCMV)jgl1Ow$M|lZk#P7I8{#X53a zmIC9?hl!uQtZ05nq+=9r9Bby_ZTCs11U-ktaIA#w0_$7r_SV?11=$L~V5Fz}Z0q^yIT7 zkwnal{3c-AAu*#?2*EJ#c93qa&X(@k3&3kO?nbuKD~1y}i0oL>j$45O!mso2-bi3NoWL~9r%gyFrv^Uok<8UVvm%_q+g`xy7&+OF1 z?PUJ|TTg}p-hun381$VFqQNBBzT@S;?J3t+Z*{9f3T=Gd?_i`cG#8Xp`}b!tJB%Q$ z34gmu6Hq{+P#35-y!iVj%=AkdIf9OSir{Yz4J_EaX0qO!fl9o*eZk2$&Jtdzg+Iqs zAyqV(Z;%&{MLM|x3|_8Mn-w8)cnK?)XFHxY@{%9{>Wj=pF*Kf0xWK<9DG6^#vIr*_$0;ErxCWbb(b+#({t_pPB$IZWqk+i;P%4rxg^%axx0};=E>bU9WFfQ#w8xFed!D zTm7ASV6=DX@Iq)YzT0gXqf8tQb|$fBz?ri5rqetH>u+JAQrQA1b8)?uwCxt19U`nF zFc@Z##WpaInF(Ccdk-RKhKyunEk=i&#m-Qt*KZ1dcZjX{EDR-rIpby~)h^-42i(_6 zGXI$c;QOF5WA6PzK?R1NZpd<71w(l}F;fN?8@_`h5cO*oWIenC()e02B=4eU@Eih` z45zIQRR@Ab@;~eZECyu!RA)^t-Re7TN&A(YEJDVip@STy23$ZG)NIeH;DaZ2cp0@_i|M56rmLV@joW&lvpJuuo zCE|c$YiFHEbL6{|c!)bs)@^kL*3nLsRO%$2NC(wjllk(h{k~0%RfM_{>2}_*(|oYN z3e})ZSPb}mHroIu^&U@vHIBLbz>aXC9rK6VU|4wrdm=kwNpcn7pS*(xrZ~F0K&?fW z!`BfnMHI^v&pc;5?&iuz_8xJPSUH9l!$gwjJNNb$dl~>CTY>Ujoo#6mywaXT*NJx; z_M{B7P0aBCmCmRZD8WPJt3P0hFi2nhs8UT(<{5$`SZyFan;^mG3RY$L#$=UU(xy82 z`|58%T_vPTg&QX55++is$n^S#!J=-U24sLw?t=OqUA`z0D_urq`;9XSkA1-*?P{DN zX&Bl|4zUUXg1KB;44aW)&*p3%^AXVs<)ON*hkn*fm>noIflT+;r4m3+6$Pu);0Kwo zqh89NWupo|x|D0ct`R`MK91K_XN*6o@Na)o8LniXII!Wx#1H*B!1g0iSp^nbPRTgQn4?YQ z{(mX5HCRz!UiO9RJ1-ZAQ)YZbLb%BmZqbp2(FmGt!o>{TyXqV>JXLx_;9SnZa@#q2 zJ=4$q@QbJy$!x?T0xieIf{D)aP5QBXcnHWc;jijM@S?eeA(+$lJxN zOQe;{U8?i+x1>Pz)glbeLSuP zf#8FPjA4X50R+-JVWZj}-yYDeYNHi|MY1e-&!}b!sHVI&(M#Z`&iopDG#oB`H!_w{ zqOxx#b0>IM_N)v(5H(>3-p|PE4Tz6kP%txb}IN_5E2k&+!lX-h7{r_y?p8$PQ0DQl_lZ` z2ApTe(;1_oYVRs2NkDzOYi~g%1%P`9*Z%<~8q+(k`LbZ4C(FL$HZkKTXssCpAR zaz7;vs}DW$rwW1w?+=XxwcY_<8PiD;G_GMjV1_#PL%_9GP!cR+V8^K$AIf~{e5L= z27rmgA>e*H;!g&p_95(;U7FN>SoL&e*!1aIkuy-N_vkE2Gt^RyCqiS@g1{Qdmdax1@ng3vysXx_qSbp z`UW5sC3vRA8;+2x5VmF8VA&tuC_bsm@ZK>X# zU-P?}T6Zi5ZZ8d8IA=2!Brr|_qS9cn-f?T=HrUJG{x}V1|8W|Qp}0)(PnvH+3Vn~t z?{Q&17mO@j#JV=1-r?x&M>g^DO)iQ*z$LNkI2XTunVQ1?;Q4GaQ&1D=)-729xA&ix z2Efs*H;k8N!wrRDNPcb*z5zMma>gGum}^!hRmhFN)a;`-nLiIe?P6mow|E@Q z1_V%GkAaND^c7O+xwrMp^yY$**D?9*29SiD0X?0WNWa75lyVFx*c_&uC8nJby6+8y{VYrTv~DNaW9+{8ctFTsD2rNw9HO!E-JM@071RIUXyD zNX@1O0})ewkXZ>}O7>S75TuK{-XQbqYsbTui(h6MyZyZ7bs+8b4bRDPF#eIDU5BTY zaa`ML#UJ`{@49>aQd9D?e3IT4X-pBfNq@ML>2A(E9E1a@;;XzTCMnz4^X^L^&a4A0 zvUmFC^2!ww@jUgTwogc(DZt^J?_nCAsA7AJ>!^<6NF<{D$wFt8Sy|Pn3WIl>UJ``i zCyw}DbDrOl|H^gyB#PHfHhtv3Pf+L-nu2)#NLWkK`8N85`4%~1uNfUV?%jCPauhgO z8XGk~ldz6Fz@Uik*bEL-|LU8zz^oveHCtX`Hs!oR7m$JBc)xPV40@*qLrCG+v09)$ zJ;RXN|2WP=ThsA!eho_a9_LY0AVB+Ye<(jGr9H8iOXD875&oC~{cEtz!4dVpjK`qA zJl$p)7hr)QPoiq`Iu)e5Q|rHgVElVtF^jHj&+lva50~=7%e_`#M0@}&cS+Vaf{DuS z3O{zh-%Wxm1zJr(7o`dOY)egG)i6EYsNMj66Hg4uFdXv)OrW^Sh|}=Lx2*8qK^1mQ z8X{^p^ixTiUc_|{rD`jN+0+Vo_n=5rDYg8JAT*H-({BttIA`T8D5|yb?uu6s4}GVl zntHc$)JBkic)kyO-;HJf-FCzdK~A{hPDB9o>hpcXtTmY1U%`HW4=Jp6eELgTD3sxD z+Bf9Pbwi zrr-iCeYxR|CL6!|7uiH=zP5c%v4Y8Xi$2juII}_hfj@kIvrP|xtAe!l!F5i{vu_)R z*A74!>1@JRz$;!=6GQN+8**RKBjefvWYHfR=wW^ZKRF`IUjH5F&#C5$>Hs#dK?ABK zR(lNf>Zj?O72tGy^QwGY?+?e8SYWYg(-fGf5@<7Q=F)UH4HW7mo-sqz4~Gm%Dg^`$1*z#_t%{12bGb1|^fzg$m|d9H>4i zT>JEjrV{zEVXJl<+(lOc+r*3k0wZ-kUYraE{JO7-qej_3Egbs2=F7d0=C@Rk`C)hI z?c+rL_zNHs8Sq{_h!QL!`Hy9=p3QctAmTFt>qt5bSc}pxUfvTU!Jzq?eEI;O7M5&* z0n!T>S)dUgkA}$pK7TAIBKhm9wJC5E`l=Kf+%f9P^#M_mX)r8c8jP~q3c(5Y_|XjT z>^D$K$D-5Vys=+qTmfT@ycL5ZQ5J?3l}G7V_D-eLqYs|exCOlHq`LBsVo)(d z$KJrsl@pM@{7HvCW@Pl;ZPWa~lEe9!6VtRG$Pdf|RZ2F@5!2QHxBvE%_{I)6Yl2C? z&%RK^1A+L8_L|scYjD}_*D3z^bNwkBIy5XZx^5j@4t8iN4Pcw(#ZeY z2K?1?{udM`jd6)*U1Cs};r~Qop(ya3w+5bKg9!v?dkG20GPacoVX+`7Uk7IJoT`$C zJ>8zJm#w771F(uu)h1)P44mO9z&G`uXE-=O*Bb)#8+-vb%QY3O2jT=GWFRE$FH7(~ z<#{OLM;s`!U+i4u!10+V5Gy0*^UKK-bPcD)(@H0t`7T*leau!_aEZ zX{Jy1g7aOPPr5z87!Gx6!(e$Q5D41F^sfuafVywPdy+2gT{--u5-ie*{PmCEC5$~n z+xUa?i>>gDdZ1DZJL(=7q>1tL<&s`yo6p+2Ms~IG{}A>a;8^!<|1K_DTt;?WE+fg- zP-b>iq_VRkDNqrA4wjp@7 z^DOV{>Gj=EIHrm`aA;{o7D7HUyGRRmIB}+ zIe`%>#c*-biJlky)080?7~s&bt@GK|6nJ9ptj^bPM2n^-98IUEve`$OU9YAKty?;{nXyj01kE*;=CYfE)4w^gRCShJG^# zfAk44mYAtPid=I}U8m2d_a+c@D=nUWgk-tsfmh83Td?w^?CgZe#W@Oo71GxqYpV`<-Dj9^PAidn~=K~GK%0% z*}kNVJp*9s!O#UIt5(0d@>cMcnn!WJ)#F~3tsl-zlY-@=cZ{+RpAE)~J`ZWgz(b)u zW{g}u^CJQ%?JcGK1(TCQZI*=Ng6!|Uw?j+Kt#*)BnXC4Cs;ec4u%rh8j0RTEXCb~B5^QSu|GXzR8Nxnb17H%GYLK`vibP5P;(+hwTsc7JVf`T`|)b2I}1!TWCunN0|~0 z?mj@=B0d5_H)M3Mt$o&M`jRVTj_r7VJoCBa@Jc?_G|SAPaX`}c)R(d1@fM3!ZbkLIMECiA6aClO?kJh{4V4dn4iaRyt$QVWw@=(2#g{tsPNhAy%r$XaG-CNu3Uk)OoYacue**(>!#L;d-L zxzQV`U5F$q4Z@A^v$bC6^u#87O!JZA<0R}uEHZ0ZZ*%TKQe4gs%!!`TRLmY9Q>vl4BF4d~_m!KwpeT zz(}bSd?j|kILx1S!5zu=0Rjwj5 zfY3Z%)8|qg(ZuLjx1g&&9P@C210GZ4)7f+~kFp>%Q|0$M>Jp&!gF^&5xK%lxiJPuN-+bAcmV&6ctiX1K4}WPc6>6ditPT%rB78K5HSx;- z;51ktK9%bK`>BLF(Pcl?6?%sG%)CNR8+jENc58$1{HN&wFoK}nc?d3|m++_k6x9nP zy=<_s{|}NL3^pTsFZ!p*{SPH11sE*#jScV@bOlobXW*@PT|lFCeRnsP7xHQ;osdft z(K-#v9Biqdg{JK6?Jv)c5{XXIcr~7}>wk1Jew`Ylzf$SI9f`^V=s(LI&>r9R z4tQ^yUr+B-*?IUVs^L*swx|4T8V;I=Fu5Gams&t@`TO=C;N9~Wd-^$snPxnlnWlZB z&eDACo3{GV+huOA*J0Anv;>SG{f8^Zn!14OV_~Z-`^CKKz1jCeC$sOsJ45fm@?F)B zF3JhokYxdZgG?gt=A?gZIRC(Y6#s)@t*GCUBH^0D>AeQZFknFAuFz6jK|{J;7Y;Jq z;dii|c++}V*wp^-!e#`>6pW8_$7QqXj8Y)(<0HJRtXvGZF`B@DOC0EoD$I`TU?Wt@ z?BIw;`VT5W&$H;VM~i&-edDP_kguM8 zhrLU?=j30mAL@Yep=gEc$AK0(mfO&;t_0H3BHM(XGpWbPrbEX-ZfOkB$~mAU&3W`C z^c)-h7i07HAR1KHF|R$mS3V%m0hV>(COpkzwFuCV@8EJD#G&42z`iSJ;ZwvU%!80M zP+o^FKXc;~l$T!Ow&pPLBF%F54jMYUx9>_;Dy`xZuD#un-W(+;?YDmW9zyv(Xho^q zxC8XyIYko`s0iZud4s50c7PO8Ja6*v&*%J~=cCTn9(yxTg#hTs-|k-3-&z>mrB-Gg zTOV>YDmAXgcO462pnn`8>{tI48pIxTN^og==^!|`h3tUx2I|2m;B1 zK`z1#FEAHbfWFq1A_=Kcxe`z%_C_D9YK6pIIsYa)D|x~Kh9M^epZo}<)|)>j9Y@~g zR?NQ0ZG#aoaR6M4(k^rF&fm`21?2v_vJJ@E!x@y848C4jl}tDEW1@C{(4)pTD{h9r z{qSUtL&mJsYMa=TOWA&Bsg0p;FPplv2U)v_57tb(%z;-aglliFA`K{qx3e2Tj5#Rv z419m|=-aP#Y|j}TFdL3<9Q=MQ^ByR|%?Rlbrz=?!}h z4F$w2@eXLP_wiQ0g0 zo3d@aDNl4)H-kOya`ipL-ERY!-EIq%=^4>Z4bJ1~0X0HA{1gwiheZ#hP3uTpK`rOm zZsgrtvR-_@^?d`gP1(uZ@`80L{dF{2eMw9PVpr0RAx2R5yh;@!e$7JtE|mZrK&nH; zqk`M;_#tg}mJ?{RpK$OG*#urCFf*^(^$?FDD4(Q%E%Vm@il`Rk1Wa^&wQQ!W!Ev{L z2HUe)b|fvqQ-q9~)^WPE7&M?=V;K1#vZrYKk+CC486kHta8SQNi_ipc@-VsiI#6^H zyMRYu8H@-#{54<&t-nC!yLn%xVG^J37bz{zrX}u`?50WZ<`0C^DReL)vtKJ=8>+~Q z7!8(&WL7exZ;Yiv$B%`8i=#!36dL+Paaer z>{JdRIBETLh2dK@Q-QQsmc+4N<=TP@-_K^f-Ol`^;P!y|>P;l9+Lv*x13^#A0{5|Y zLi1tF_^%JPa}TUVN0r5u6q0%A;mGGp{CIZXi~3Q}vpKjRqv(Gk8q}zHNbLMk_&Jb4 z_+sGw3u!TOWprmk#swhXRdSp4awX+I(~Q!h z^EV?BaT%lL8TR`s#!kI8N{5SmLLf8T@=tHU;J-Ws7X_j90JU2`GpF>m1foVNU%C}5 zL$6NNWuRz>8raZatHl&_(21e8jEIPcI`o!jL)WBa@3Qn5b576`{0Gcp)kHg(*JCe@ z(Px7do)X95z4;#IKKZ&vK+K0t@{EuDC?i4|Dz+Qw2}6Gm<^lL1qTIB)pU&SRsWlaL z2KEks=}OthRkb=ARO9&i7WeiyDmR>FJ4Z*X($KEdKFld<$xi6d5OUS%ZPl`}DPxjG zx?xuTY0?iwXCGzTK;cVek@j+nOW(BPezpg%`!y1Sk;wphx0p$W`a=*o^BQ#gBuzB+ z->bA}*O&389Q_zZzOF<~J3qSyk%_J<&?dA#6o0t70@fEtaX|`mvL54r(R~fGNuP-| z1crtU=1kxTW;N32^l^3)9Er89uxb$v#qn_dQ{_DJ7}|S`wB!a+WxRCvKtW`_jIb9n zsSR3fA_qp_JR%9U$p5rSK>f2uTT5rq&tkl-Ht?NJJ8( z4!)`htXzjl$VwhAUrV>~+sO z@yz~MEZexD6{UWc?iUmEx4STGyE;v`<&Tr=H{83V`Lz^qG{Z5s{-?+|U-JJ0XQkZ$ zn``3ZFG+q^^i|a-#}xcZQ;YCLg6fN5o){3c`fhhf;yE%flvRe|#a6kpuFfMxG|ff; zD4d5(DFS4i!&5lQfu=cR=ae95jDcMobu^+j;%|plq(VMmD4Vv_I*Dg$IdGx3Z#Q%) zWQOF{(y#mmTt^#Y=^%x&CmpvTItbb52H&wZgBxa9KP` z>J<7iWf*lWr~_|#!q#f6iIaZQ5TSxFV2|qS4c_OxXgsItc14TKKpbCO`H191#n~sc z*uLFQpJzg*Y6c`m{RkvCI`N-|%=Cp!G>emP5HSnD(B+b)rcWi|Ma7hxVrOzb4DShdsEsA6w*LJsLx;%l` zeeDfGAK9PV`!6&O7QB+O?yRHrrA50hc0)%gMwjaLWD|`{D;5A*k=}L!`!eZP^1i@W z3hq+@X`rV&{!GEQ{jaVoX3{v+GZiGUxg=3N z4;Jl2Td=C4oy58>j749G#L@{_UA~(b&PPnp9}md4=~E(92~BAVkiU5da?Nf~Q*x}k z0o3R9Ds8$YiY(gU3`Z@NjFi}$Lcw*w?kv*ZopFD4iyt>f(-#h}{22Q8{J>eqswd$7 zaW~Yy>3pCD?=D+809fTeBBViAJ#qIt5?5#_TLKN7I9g`xlVse+$&p-=s-|h$en1!J z5m4e_i2P0h>doN(xObpghp{9V$FiZRgEVBnmO>;j!*H7UAZ}HwJ51JisxT95zP(#_Se5cX|b>r2B+1FZevzGvvt z^BP|L^-KRS(GmD_A*KMfs6uAnn9<{HCxsJh49;8-2a>Fsa^52l67Ou0Vz_NcdQTPH zK){UdCaIhcse0f?A%L($BwM8F(%)KeHh|3Dt3BeUnaP)!{a9TfOpZMYJBX?lx`R|!z^?)RP1GsorT@vS!Z@$L4vNd1_P_= zEWzs)gm3hX15aGC2HA&HPJbfzy;BoNy1(NUa?E9^gQRd9!C)z`XeG_hAPq9B;HDqC zP&wls6w~*Jw9fK}`|fh1R7dPg%xB6g#*ittD>iR9z5M1ZQ#$VqVrXBkun=UXsw5(P zjU$cDF)jYG1k5k48y`pZ+KJg_KHclSs=S5Wgg8lSe3|NU5w`#xoht^%wvcVmfaI&9 zh!H{jLR#zqh4k@CdoSYdmT-x!#LC_JBdp?iON^qq)$&1RWVyW*&za^q+|DZvjh(+M z)!;c@TDfO;x$q45M2#(e%KcIR`I<~LH|~IPnx@L)4&XaX&;Htl96ILcr!J_1W6s$1 zxwnulD-~kQ9T5{`0k_)~r#F?s{$vEv&|#e?;xn&(PLa)uqUjZ@;+&(tuT8;09Z7%x zskqsfW;|zP3A;<@dW1lY2-!(ja$dG_!hfEL*Nm1AHA$bfPu+l&(lUU$yDXK#)J(f@ zO5dF%YCQdj22Y;><8QrbY^2GxSC^I<#WIHh`y7P9>nb!F&8!MHNIF6>@@F{vWz&Lj zkEg*^B;^B`aFH=;XtyY71YZkuBPY*qym%gR26k7ONH`72BP_=iZ1bv#hDA*8@|6dB zA~_y_N??@}aI{#a3ag!yUa#iw*CIXD&OqS#N6NmVgBbVM1~yhGnlzJPc5%ArSAF;0 zMtW*u!H2-`9fO8LlDqo&?c{%Nj!+yJM749sW3huf0HI-!qab2e=XxDggOItQ|9i@5 z4Pp9g%{6UG!lsUpmze>KQasIlXKVkyQ(^=E4~bsHT6}+p`VPygGTL=UDnyoO3^Vcq z3=x-5{iLJyHf4#7l9#8yzo%+Hj;h@{rc6<{v5k;E2!do_=54RLy2NjFjkn1EcvCT> zmu8CsR&hsNd<@;;9%zFUmbA4yFbCX2JeC+z`aiYJv%~hKVgW7vnxcYp^ray1%E==z z`;br3FB5WxI-DYg)Wp{%gGLu?nM6O)I`PhBf}$>{_~_tkw1<)>Nq(od|w4m z`K>up>nrXc^>m7oT2GoerzzZsjORQZD^zVu>>V%mygGDzH6-!hpa_UIPh_ZccHG^V(nB>I%W9=YuzF4z!U8a9+Qf zsHEjzz@OXTNj1e8?FHCw^JY=EZb6wO*qps#a|MrroeP#(VTm`*AwT^XZ#6X)2culK zW)9wi>ro^shOqlPaO>`K?6c3llQ7>F#APgsM~qXYvB=Vc7#@?Z%qseI=geE1tnm%cIH?dJyYHP2r6NekN)P=}j5Jk$+vDKD5y;r^ z$7D(&=4)VLG_@VJ=}rHpQ?I_9CI%yKCLK(u>E#oa#h7Xz2s zb5sGg`Oh_loX>>YS^OM%lE@BqfC+w&mjp zypm?pUaXxcT9K(MVgfUgh#0SgtMJr}ZA0im;}8foq(9QkU%IC3^R~wC*KS2^<9+!7 z*fcy`(|t55iJKN#crFt&Rtfx}dg946uu*0>6|8uT!7aaGq6lxtfs^`j^3p@UJL^Mr z9|+1N+@1!T=vdJ2T=cmLbc?$Tj|y&I;*94&Y1({J2q79M)~f(Q14}mNU8}$KfIUX9C#UY10_P~@6Uq;3`GjluHNI%x1|`fU!8xAJI0+6P@eCv=khe0BphFQUxTBOs#8gUYZSCRUgri zVHHp?GOs9TQ!VODdA2k>y{@n6XC5HDGZ^ITxzc?67}M)E6nV$3d>Qxc*A+>hJ?`nR zOM`!#_@RGWv*~VBSC|>y>2y)y0#n zr7d~v=KvZXoK{3-lO!gFewivc@yF1|QUvHQE!1Us!!6k5%=ufEd!LVst?3+cVKLL9 zrmK@n>qGrmp4!{AX}#%zW86)Pe8+3{nS$;LhymNW*8kogW`O9_eSu_8eQEsmlHr6^ zK@MeO9hw;(>tBePF+sSC<_oxh_RFb~ecsS)rQVmDP7UxN}0eK9>23BJBl7fP*&=Q}j7lZ0~iLW4$~A7hB0(|8F^U{@a7sx8TN^~8)?I2@%m z<)9n5{UU;FzR2ZsvRLCW=kBWu0NgHhluqd05x6SLN{k5~`&IL{zAAc=b0T0RRd$k` zn8s%wx~E@`O$9!Vx44(dCZ;8>S<1Eq_%Ujam9qlyQ6gnUpwD@+cik#N+hdr>O?O=u z?j2oId0iOCB5vQB`UKb*<#SbLGvNlbtX>$Ip+!gPd{;xP{}gbm1=Rc$jy0#OHi4~U zqgc}%i26;wFu$Yab41GnuB1mhb(+bTk@ZEn@-v$AHar0*xC0)7A-ypR<-=MJBx=!6 zq1IVE_;bAdeMk;`aB&LJ`<@&Z0ub%2c~f+a88!hMXj0Y4Zqe~Z$?v+GtT}NFWqKqq z**(Y9nNeT=9+Z69JBb*pLJ0cu+HKwyCuncdzVoxxX~@oF2DcMYl$CCEq6fz>Q{00M z-oAL1C}y(gmigSJa7i-+KAwerfD3zUV}t&Y5&XH z?-f$*t!C!H^P>8@+K{DgM7n`WL*mll=*;rX`y3?~euEbu{sx3i#CxO+fJvz2>qv5# z2u5{*A+{PM8g8U3j_LDfxTwYH=G*BRVZ(HH=r%*+m{AQCH|I6hgQcRbE31`?NK~vZ z&VOW#8CS^RjtO3VSi5F`>h|gY-J*aXceZlK==nrH$BP0SbscL%Uj%@pqyVq z44j|%^Phw2yFjU^U?o&AU(S9aP)#bM0*=!to>Io0qa?sv()XX!FQhyt_Nbg4@ zNG?dnU~N?}g)|T&-m{0t^~cRP9wE3JC}%!C7NuzX^)^p&%!-``>rt$(7JF+(U9p8Z ztz2douo3VnFJ1WzypG=c&CF`|Tl^9_ZiYUHH?vafLv|$6L#IszScimXg=i&zqdM_H zv08YYDVnjIl1=ja20K$S9DB*M^hcq!7Qvt4?O3FgT#`-Gda}Vnuqu4(Wbdk1e+b@B zSegC4CC1pWtVDv2%rJ~V&V>+cWhF50`0o)K%s-Hev z`{RYil%yRTcZo*`6+T7!gy?vy9%=-k)cl7s>u(AT1FY3ee^hq%TkqDtx%T=4tjJ16 zXzsWw)AbsKWD8Cq=+E|^{ zf@M87gB|2oB9Wu@^2Yyuv2cl&WApra#em=1;S5YPN$tR1G^015gpyaE^cs-olClvS z#6{cJxQlZ+h%vsv$_A8n{XlpV#H$VJK_Ba9@b;-q&lN-%J3Pbu=-faA_V?##{=yvy zy*pT`k_TgLAzI~k0Hd3c72@3&@PISN|A0t4dhzC_gTqcNkct-h1xLM~oUt<)D6#YY z)@1k_pqevdCmJ4vj^+T`(T(f`!ls6<3hj?CoX)ugeR~_NmqPYPJ`L;KA%DHHTnxRJI7+9;#yh@IKuo`-6>@$slFYH1K^hJmCgq=k> zg3>vLjYtak@hU#aAgu7S##Me(v%R*5IjoVmZV-?s+#VPodY9NFCqXRt&Rj=>X= zyu|Sy=fDFAcbW5q_+^eE@LQ{C1RJd>&gAIvy8vda-pKP8zHb=F@?2#axJMfSR75rz z*>#(eID-p)pMj&N;OGK|T<3_?NnWbFwIcE-pkTZ$D%-&5#s-L<&uBO!(YNy_u2OTv zOg*r?D#PONq$$`#m^b3_k%#iAugHE9s13)Sixa&_yVQuPl)+i(*m$M}<30o2(m1*1$GuWA{pSn^feH?(gDb_IJYW zD-;pZ#yCn*vM)}71Ka0#?S(CHU~3`yZ-T%tTz zC1Ev{R7_rN@zsSF^C|j}NAyX^vclBqmW87seg?nBB|&*$aY!R1QI{iu3|HAcx?;nNL$Iq#s`Yr<$oMQ=RefZ?g*YWK3+?(xg z4x7F$zMCTJ-WI1SP|pO)3e-qlcZhkm$)op_I440e4W9$n)1 zL>JHpuKF3~g*4KzQ4yM=V?G>nbd0@N71JkLDi+QvAE!Q|2RAAGwQbCP0CT1zb)tEL zVh*2#ZA`e}Ch#}CmmNrqJm*id%MQ;HC$6P9wJ)A6(9*UQDpW; z9M9H`#q-|H$1xZFE@gnu|Z7RI*zR1nX&nriALa$kPEi& z5yvtLmb?P?qu2{X9DD*JpLkz0RSBc~o4C&V|kx1V|uJ1Zi8?`{q0akpjaDHhNJT7oI&ZvS@N|3n^pRaPxSFp4fZ^~ zO`RhBjr+}PXl*TeYC1@789jEa?o8&G2vNVeBF^b*H-<&TuMz2A>ji#=Y^*XD&L|vX zW4RYX;F$BgBD5k;`16VTLx|>b0<7JLTYm~w)HdI)D-8AU!$i4^%8D>yEG%&Syh(l{ zdvbi{DdMcBQ)p;E>8^7PYyU>Yk%k_G?k@p=yxr_HyrW?BY~)@i*PtmTmG@PvMv@JAF}=t2b@1!0mN-H9@yB}E;}VBr=I-dtqwQJFxc`-o&dyZEb* znPX|Nm%fnvcbgpu5fiUGQ{`DBDD z4vQGV>P7Pk)*OxtdEqDBzg!^R`gPHPikkc;xb6q}4We&^#1U4;QK;#pgoaM=1p14$ ztWuLz-!gj_Im6i<_OZ7t0SJB#PaKX|ovf6A3|ZoqZ9K_x;oHSG)t>UQEWd@bYaXr| z?c~#?4la}(gkC_hm+YmX##G*9^t$4cD`%1*#o79fFl)v$!>H0H^{lc?wRVO~K4cjm zb<1D39VQ4L8S}1r8l(;w7eW&3Ocj1sITTmFey}^DSdmm>lU>1@E8HS9DF>~qthX-H zUrVzZf4c{2dTV2chqw(aiwbH~@H4Wbvq$biKb|R~>PENB+sKrigvV`rB-tE8Byz3_ zd#0T?#8&1^G*_$uZJfEZsp;2ne`q+Gl~RCS5QEF)8CNfanN2akP=f~s9phQOQFN7#CXu_^#1 z_ZYHs`b{b?*EHac?@kH%F3T0F34Q9ed{e_D%&A68aC6o)@FOp0tcaJ!dI-Z!gbvSBN{RzJu)gp@nPXV6p!z72& zjo_C?r#p{&n=s|@O1xWU<7jSZ|;>z3}>YE>8L%+IILfiK576X4bvWHyoEvr8_DtU2R?kM@|)AW-% zNu0(ioVthN*VCF*Z*%0HoxpDk5*-PnR=Ehwec%it^oMWwH{wsAA0pg+mm8<|qvJa@ z_3Kbnl1qM3zbUUKoc8K*fJLG$J032Z7{?u&f^Jgqt74u-=Hp1|?c3@ff-z*e&Q*RW zpZR!fO!l`zY3t6p+LeM~*y-3PBnp8m1C9r|VU@xV^OUoxqdCzn^5pK15knJQMsX@5 zLN+2NrNPFzFBseCPLv??Zn`Gxi=|YL5d_GT2Ou*zITG`|#;F#wh`WR(AlF5YeF#FR z6QI1%Yp(k*FMv9nRh0V+*b901u4PE;166K_?u9fo9%|9~HYe1STzCoOr3f zRB_f}gsX2s7yQ`w$Vj-~7%`jMGYFYjP#nAmiZA-%R!1D}Bg&D&lv6yAF+~Eugj2O< ze1SV!64e%Qw#B(9>;uz5tl30k)CQ{Na`(4NU*D02vXN*0tpTI7r&98dr+oVI_${ZI ziTG>uk($wH+;7w2_8!Sg81zg*f)e`(kl&;k&s84p4qBuO=}n+Zw7WbStN}r2X+CtGkTfr7eHt|E9PWH%?!?X{ms9}@S3 zh4Bs_03tpeZk0F%vXR`~Y0mar-T_;x3h$pUd)}4{h*qaF?9y8gQamH|*)CB(gZB`X&mQOQa1wBCsg|Nb--4VfKkD_!`%3N}HL#lk zJ@H9!p$t_zx`SAKam*WX6EVfHzv90*5a0d6aFLX_WKFN}sBSJ&`Rg?Q`!!=>NBQWx zr-?ZnA$EuuDex+h-Mca1a~Vi5&AR;0Fc)iZTG0tl`IQywu`SHxtO~k-VPSgzRYNZK zj1DSKyqr>FkgUred1+u8%!@+7r!9vQ>XqnsbkX7Dl#so_y91b&s`{H$xn~||#<%4l z+N!|T#X`~UoSG%Ko=!une8ziJ zZ3X=TwuA@ub@08@A*J^Idq6_m&Q;hnbp@77-5D&yX|%3mt2kwG(U)#7Nn!3SeUdLJ z0_v5RE9q}p)yt-Wh1wea%oOmfoRJFWc zY1%CVvjxW|k2=07{RDcyO$rGlVD@t1Ot=0=wQn;(r}{0ojnIC&xdmKyLEGSrrjq5N zCsMG_CsSa1bf{W#1Kt0>7(N^!E;%7+@0>Vk=a+bk7;#qux1E1?SK_DFfPpfO0s$4$ zvQ3_kgR^Z6UUOB?|9Em(YM{l_jCEe*h$j7`LHY*zl8Xehc^HuQ*-;FcY*rg%dtvQ zXN((;%Xge?iph@(IV%ck#IuM+miUvo9z7cYUx5^s=|j(5<(@}~4BI?#{dS?LH8<&&*rSCU4HRdVaN9W0wdN?_TWn23`5^`IU9rKlY-n7}`q3XNkk zk6Y!66iH%`OyP-ZuQtO)%6SIz_jpzwkBAL3gvPqr7g?y);OOj%Ey8DC&LfG)zU=k| z%{*(GFOOMHk60Qbk{w@fsu?p&bp346C@S*7-?hV{(zD(xMKf6WBjdm)LMWNjY z*;rLciMn;$*VQvstpyB_aiVlBj`ZIj-{0m~y81XQV!f2VA^f1je)Y?9dGeTEQz6@F zV^9d6jQyd|N%zs^ivGX0`~KS(5H|f!@^4&~e@-L9*6%iI6N;@*0M3ovtFTy?huqfc zK)m+=WHIAnP-qj}m&S3SO>26V-_+pO8x-JMH2gaI?SmsiJj*^hwypbVbq4WIucRz( z75un48|O@q`U(ctil<}tUug|saZr&ITO+c|^y_fJks_^*jh&3|Be>Akn(v@aCICbM?v<{X$^0d;s&L>@TBW zNBRNyz+WmCU{7;!q&V(kI?Kmb#kO&IaH$lRlXtgEa{MI-9PY*kD}ZBFobk$Ub#JFLbDeg&r(VQ+E94%s!>^0& zTL!rF7g7g>saOLa8z~LO`#m zi9A{-YQU*O>WSnwR99!1cHZhEGk;G8_~1zBOK`6i)AhxGKv(+f6rtB9@64uHL^bJM`bS1-iR z0Mxf3>|yph^ZR4c3sL=*`)fiQFwyPQnqRZ|-N7hr1g)9r0JELvu+dCJTFWBmqILyA zvo)(lFg&YBPryvQ5^+C}WMcB6lY-VLGIp<|4w6cacTz8msgHt!vq5n*+4u5FJo}g2 zj=K;ZG~xu|L9<{%D~eyBAOhD9-gIxRI|~@Hmy{PW|K^@JOz-;3%8(QPpm5SR5fLsG z>&Tj<$eEw2Q{jK4G!LpjSA~mwjflhH);~NS1YHJ!Ca_`*jsD1J*&06Rk#rN_o74CO zhB*KHS`QWp&)BkFo=2>m5E@O3Rb!T}a|i+;$7k1XC&xcsTL)Cgk@onNdxtFbqvZ$t zI}70M<>0$n%WlvZdF)t*wO2Gk4kd@A23E*sN329HXUQpLh?q5OW?uwk&42@k4=?_` ziSL=}iobeevNLUk6(>I34JcW@z&CMSBnNi?Y(TpAWY=)q@D02DztlxE7PF>ueM zUobNuvdgi0JLqRV3{6F(JtScO;)U1JPe^8~l{2Fr0n>%neP{3tJLYSF=##EM(@)n= zi~s&mIt2~~&;QfmVC4+BNZPquB4%r_T>me#HD&ZTE1``gFq|MWgP8p?smNFObI!1z zM8!VO{nyBqK-o~}9XXi$8Ssl0v4g&&V zj$1E5@CmaY^9fD(Jg_hXowDmcb=ItbBJJ~0l;){cokxFUuP|U`M9T7l@(=z)5G|rp6&YS3`(4M^umPonniQ&$7lMA(zw67O$KLq(?2(XLqJ0EfrPVBU zD&|Mknbv|;4Xwi+`2!H<-TogA0aXWEm0?~^{Wm@BN&WhjBo-+dI=w>?LVH z+f|04M)1IHI^?Y(%OzvLCq$fxB>H&a0vRc{1@@-5I^u3s22};J({HkqSOCSu6-l+U z(FP%;;iK0V*EtKY$w<2c3pSVag60JG7-(p_*v%p>!vsoh->v9G3e&HAU`;qIeWBPpWT@FJA2~whsFn?Sx+F?gJ<#?|*5X&T9XQGiihR z3W17~g=1hXmX&ku^_4rrQ4F<-^NHRc$hVB}G5y z;{|1VJ0l0{F*P9+OkXoEU;Tv0H7!M6MN7X9Ik+>+ zt8UMegiOMra8*m-cSJ(^(r8<`cm=JOrT$e7j|7RifF$(4gT#8^MXU#_ir7P_PZA6b zIv@Rqp+O%nIWN+iM6~?>MLETIKMPs~ouZo}rPg&CKah1QH2Zaz+8eq4ZG}KCSZ4e_ z^F>5}+n)lUx|o$JH_Cvf7totD^!UkrU<#5V7m4|zxM%$O_ywG2dX|s2i%8H}a?}7QCOc?Pk%ALA7{fqew^F?_;LP2EAf}t1Jir1lfKL9zT0t8Y#y-H*bM!^BRdN;C zG*85Hp#7=DS+1tTAdl1L+Hb$UV??EMRl+64hN_E`0;kaW+nGP%JQty1VlGCvcqrK@ z0a7ArP_Pn`Eos+<(C5#mWW5ImF`Ng2utT%H6W)z<)A$+R4rDxMPGD1U75k4A5!@qfX=ub5#X7chRB=Itz_UXAz<9SL)gIeL?DJ$G3h6_Q2Bs6kV z{z75Jf;M~ZXBNbqI-ZKbE$6h*Cf#93Zn5y_rjKX)xt*tb(mMj$?f8x^LVfD1KRREi z`UTDql3q2Adr_ZBYk44_@f`*@^*!B>E_Se)i;_OtDnO{BRhm4V_Tg45y>989r&v`9 zv`YL*?Gk2B7yIS$`U1-iHtz0P_hTo*D>CVM3i5OuqR^MHqZSN5w{V^kCu9q{nvB!% zGbl#g%TBu+&y6Lde5flz8Ad;C^pBLdOco7lTHtfwktQireb)FgPvL<-1yuX%Z)*mD zl^CQIe&HNk$d7*wf6{;F@U%QDHb*_{9ear2QwBnn$LLbvvHbOgvBRgsDt`3Ukq{#( z>wDlKN4n0Usj-ejD}&HG{^8M+WVjI9!LqBM$`x|3@PDUWV199HDTOm~G^cZW5<#ev|3in7l7OoGiO zb+$uB7kCRzfdR%1-$-^D!`Ys9Z`IxVw;g|cWxD2K+a#ojJIbxB ztW5UX7R+nqTnxR3{J7=4+sJG)TLwR%Chb;OO z=^fy>XmVfT#3=ZZGN z`MY8Ku8o5w;PqSik6k-br6#UA_Qax9usz7Pao)&Z5ji}Ov&2?ZKPBHw$-w*E-oe{- zl2^8XWI7g)G>p%<`U|}I@e>f|Y!iaK}8xC=ty zw|rF;jE z;N6+Jn&?;gOkB}%=)qmGxIJ=ID1L??8!cHhK7KOp$)vyC!`8d&c~%7FSczDIW3G?s zu)K^i|2V<==< zKVeXh1_O&p98pO!e0Hty*|mr|&?gqccf%dI4?hj}Q6CDy%w<$;y?7#81&((j$R;jk zktjC%JO*!x7=Sukp>Wl z;pwsx`>B@r0M{?TGK;dI#eZ`)wGTM87h4kqUTVG5^Pglg=dtO@jw!g+s`^&zT|nEJ z`EvLRNC6@kj?X0#L9u=URE()1`fnZiS7qYl33;CH$nGivX8GflxsT1Sx+Zw?7yD6_=O_ zuFNg5r|hM}BpQB`5!ZOMulkvHwnB-3^Tl`kN($Io!MSG8#qeB{`F!K8R`dG&z)OSo zcll~)&}@#E>9D#|mXCdBcehq=9qjL^KJr&F4qdpV9zuCcGo}(-HTU&p*zK{WaYB4( z54YS0-FYVRKYQLikveI%@l=O#;5*}4Td+hB1qHr4@ai)F9*D7R1}f$haJ~}2`AsY9 z##?&pV_=|lhg*Dig8hKe`rLV^%?=

msH!+;}YK?`6_R&8~WcEi$(y4}vkXs6`v2 zcbQHJ{OwYO3bdOF@vN2$)@Ca%cuNc{&g@4aAHc@drhCRLcjh0;xONe_U7(qgZG6f@ zsIuVYmVi`{OI)Moygyv}k8AK;ews@ebxcer?TV)aWGYr$3kh3L*GOefHa=HNg!h=I zTHx=8hDWOK1dmXqbAi35ogY5j^i++zu%9F+~PP&(A#MSVw5P%Dg27fRWJDYw!mjr|jU=5K%r0ttuvdled z&hWG6`%K3Vnb&UuD_`QB@M?hP5bgvm5!kdLx6q@wvw;lm?(X!Vg`UaVR+bxxWFVPAGv5-YDSrWu0Ef{`1zU|99# zn}rzz z`roE~hIgWWueLu~vC2;F1TRnlNomnnSYRmET2g()%K_IRC_x(?@!nFI#t(|~9A4dy zzpQ%BX_Fe~A8UI%DlrSn@%9@OwrAl?Cct5TbZeAf(2`WVPmx*a%c|vhqdPI(!s+;zqTn4d1LtL0~TL%#lZWO&*LX&?dipzn;EigX=hz;#y?glMHZb+DfU@r z4UmFsHc7@&TnhI7cyG*`V`uH- z4xCI)3ZpFWeaxoWi z=p~{5>Zp2U3a9>h_xIkFjnNbaRBYF$W_+&KHuw5Go;05(Afkwd=D!vEqp}Ohy~4n2 zz%8#k*T_iGwZ@eqatL5uz7N|Vl{Zw`6n7j~;Ff-T*4~iXWNB-gGqdI6*3t7)RCHKE zg;cojWM4J$!1H}*8*$FIA5W+$vYP5hIO-D7xjk88T`kttbi5OhpBm1CBUrSb41TV9 zO3oeD)7h>)XcdoJHl@t9qyj^Eb4bNK#{2&m`x0oX*Y$t4jlEH}v1DkQ=dnU&+OkPz zQiPP0N{GlzlzB=~kvX$aQYs|MP{~k;OesS$g^>6^uR8a4?z!jO`(Mjhcdc{oStsA` z_kG^y`ApA0zEsWHR|cIddfpfotH-A#MHKn{*^4yH_$#T!b{dnkwcN8G{C=Td&%9Ia z!qv`VUsIA@c*fuemGIj6z?+H)hdR)Jz18rU0d-+}8asK~mtAi1P<~zFbf0HkTGI42 zuJ*lfVD$aG6K887^!O{1a2+Bp##_e}`ddw`z|YO(j>b;Ib3YcpmP5}~F~cx-xt6~q z9PYqTxC0w7{KAH}%;-N4@7~WILe$&JM;y9AvuPXo`_uqZjvXfK89ul`9mVY?>7$7|m6V;TMQ4-X$z_Z(?tdI;MIKLxCf2AK7?BuQ@>nT6~S zy3bGhy*_U8;2KcydPkt99o`QD+(%PNY|-?~ymTz}q%fI~5Zrzgm@8rP*fRPQ3%FKDE%*@Wg={hRWVOsWhE4(zz=2nCZ+VN&{tODXD6tj=eMXWB zcrx3eV3K+WH!@yXrfkA{z;d0@w+l<0tuN8mC#Oy!g-0S6iUO641F>|J0??QRjwNW{ zrm{*ZidJ+$U#o$vYdVX-cDlIW?54-4Q-wCQkAeE|w{&46_#Tfv{J$bY$xKdyk7%6v zz?zXyeVeRHsvW0lL0)-I+)V8Pb1P<>%J^VPDXNOR8qJHoXa(UhXd9#}r{Gp{8)d0K zNEas&@lZfx<%RlM#x|R~$M=77cQ#h6Ov+Ca>aRq`F1-`$qU)?K0 z`M4K^VP5y-XE4F+*o(n(K!I83W=KlQ)83t z->c^J?yDAOn6HcEt)KDyIt6pkrRL8)ALYtS1Ap*OtOYV z_kvqqi@af49|+V8Z9XVtYq_V@|2FB+1NP|^7-BUKLh=(>KKF*7CPux7%M$6l;?IA5 zFNh^C^%2kF5=(J}{)QnN?oh5X7a(IH8^jS2jLqwSe2zdu%|kI3wzmtUg9H)H6Zeih zqY*sa-d5tY32_6d1!R~8u2PxIc17%h@ura)(2Y-8(s!d9bZcKpwJ*?luj!Ar z6f0AHr8w>R-o55o@4@b{s6h7^Hp@XG4K3O6JuuLOcdP?J!uMnj*K*Q9r!H zW#@}Wf}~m0zPmA%E#HKKTnGg@6(oX#-?{l1RC1f}@qN5pfdTY-)vzHQ6yk^%L(u79K^L?-iptA9W42jjfyenHXahj~u+joSW zC-%4DyZFnQ*;&P{?iay26OBXnPv^f6KQ;3sCQmm^K6{kk;*O0Z5U6*qCewCZim$~6 z+rBgwpyx793ZkNIhEVjv2%3)|pSMzjkS)O*T4}s1YUN)LbKEZN~L?#4gQP)S2A;%(ulxm5GzO;`B71nuv zht)w}Y~Li`;lk6e(#GfHKGa>tMM~8&ZYr#LCcEH!o;~CpfQM27<(HlbrMM3HZVI>$ zVE}ojbx1Df5mIdx$-NOl!k#w5kB^}fBdP!2ne0_roZ|4(V@=bmH z05fHgRpo2b9Rv^Q^( zhCYwqdK4O%1JO(nx4r4AbiEPT03(p9z_%@D#rg!C%tnwWWX;tD5HvN5Lh{rtDSY}K zxK2D#SF2RY@F$$lsD@1VeI)r{0)36E`f`(D1TK(}KMg^cM(3yu(gIRFg?d5rc@SSC z!x*0eW~LeA$l_YuH1{qY6_&6Y<^^V=4?%)40wjT{ebb0<@LDg_jc?kEa;o%k2Det! zJ#4?;nB5e9;;h#jfVHUi-*fT5zWFr$=<$AAApo|fxI1W+G{0s1$47YIFx{+?(Xj!W z7Phj2$HU&hEsoAu|}0x2V~ zbTGJnWDGz#YL?98F}UkX4z)2|DF|5UNb95vOCEWGdMb@^=zz=$MZG0k{Zls}FlEiD zD;hiTc05}PPWc0`#-ttN4xQa>omSdFmLPgJGPcZe60sAw&juD7- zErG?ZJ!{|?FnczX7(IP?BzvH%_TdM^I-kReCj7kKp)ra>!gq$N0iY_R)t@sAJuwEu zgIV;cH|d)8l>CJiql*M%>Y7|~*nDs+sa$#j&Ab$N-#CCnJC&(Op|Yxicf)*q6wdY+ zVRzcRr;Lv}Eb{SuEISb`JrtXWu4ezZ?{V5*0Y2X@;*ltinL*71U?cOK>O1IYdMwg& zSgHN67$r0NL@<#oEXiCR>0qS5)rAo_y$%6!^qGCUix<2MyVqKk&4=zfkT6;Oa9YS3Apl8BSi5o7tz4xUeR#xc-Hr-g-uoZ=1JIUwDNbbh@NzFZKk7LTh@+nK>{hGp zU15tW-_q8tC95eo86q|M07uad*;5)n_%fWDYmi|#>_G^jz`xG9Q?pjZEO^*|`BSqi zYhi1p(_208_1%yuun{n%1KA{g6*_G8c55c0rbNb;11H+E!y%xwA$aDa4NTXiY2cWV zT$%#r zI?S`Yukxd>RmZBEEKj)(wcDuxrGYb$_@$J|$Ty@B*bYdTpxZ?v*RW9~j!dZ6+`0yU z`<8s6OqkiTb@{f2;M7TT7ECFE|8S0O*9wwP~>%hub(0|wm(q}lRF1&to7bSDOwzpet zI75_HkxZ)d+{ZULE$I}xR|Yq5w_o6W=KerT_KEL|rySWSg*WCNNeypMy>~WeB&Ub4 z(5CdsxQ63x^gAm7qkVcILOBT?5DWc{V+c_4)JI5WUT7HyYRcL7Cd z?nhGahG`}TkjiFPvr4>`#LF2Fx#sUdgDV5K(oSBD;Al_@+-U;xr#MB3SEP2pCH<&l#$opG;;R&GY~OI|&HjLz^nT^3F9vPIYHItW79rlxV8Xvy9u) zs_cKjJvfZQo*5cWdY1RfpsT8|yJ}@6<4@L!Dy9}{Vv2JQ;d+#gjSr6d9>=?f4lL{+ zf54JZfr15?nUQvr6o1b;*na)8ws>AaFlFuCzIp0{>B)^mO&v_OL5R;*Lf{JgJ*H#)M@QUUfE#cjld&ggG ztH|4$=@(3iEhW4>b%Y7~9n93`OmQd@)Pu7mNS*UO!7VgirYlHEv*=RjoB3oGiCXLc z=hlx}wK!Sk`^h^rgHJF7i$}fk_(=$If_&|{dKN=mb!?qJyttB@C)U5_nHLu$x3ko+ zpzvzrD`)aq{W;8Dg;_z-+(!8{hY3Dd>l@==62qyuZHXp*BuW!H85Mm*(9y8C$g#Sg zyLd}O7bb5fPOtEb=E|%3+m?XGJCptY@zrX%^XfMqt*AR&^V6cZoA!kwi6v->wn>dQ z34gMayDk&hj>56M$&O3l6feZ;Ec(jg!^71T-@&mqgae$-)mHjG`^qc2o1KzFKg79( zsS<<2PYFS@IL2Hnpq}CqUpgT>dM>N?KoJK%nH-1_VDY(nCW4Pr_z}5l#~;nO=lUtCVW&j0bG&MHxQm9miTeOm*fem{$+B$~}9etdd2B zCgmES4fSR0%AQk+Xy!Xd_`=I4=if489Y~#7tl@I`G4c5ue42PJPIBe3Xzwxh#q;By zEsIB8yT3D2i>8k0oHz%!b>_DyZe@#bGZ~s^4@NSiFXV>7}9v1s}?_;eVe`eCr zC0h2dd$+T+d576nSn$T#01V`0%8tw3>!uq}25*-Ngk6O-URpFOwAgREt@&M(l-r8F z4?9uP=Dv-&yV1bw3^T>4>p;jmGa_0w36tIFE25$IipFt z(Onj~12q9Pm9ujz4?eKew#60g6VCEK@y{|m#=@kdUNmQoTpmzM03pESar{ja=Nbcj}|(wrRaV z&l{^gbVEAUEFp4X1y@v@gEZJa76Ou+{dTACw7u-j5ggg;nvg+CUdRrmJvdY1wQ;~L zH-_=cj65oN{RhwXlxyQp5VJLd1M$=EJQAhCE`nqtBlB|}{p+>MKD^FVfYCA=-%P=h z1At5!fza4^Km*3C%s<4bvwsR2JOOm5ld-JII@!{Fo8LOj$M&qSy=+1N+RG5wti>RrNUemB5hZ- z`~n77AqXKSMzh<&5Txg(e&t7BZ1#8nJI;a|KFn_&@IUkB2fCLXrCaV&h+e@9`UKsc zI;!y+M;=;mzD?CT`Qi3bm_RbTfY?Gmo>eR%izky~=d6E5avlzcKW1tQB_#e zj%?Wc$j7vRW4dU!gAauxOEc$?Q)iY200VfNEl4s@3TDcbg5bJBb$dPwVMQk2mGRsH zeSMmm`SyKI!R`=w;bd=Wcx~cKYvlqG)wrt_s2E}z_EE&Jy^qJlQvsN5@tDni9B!xG za2m5yzPQOhNX7weR3)a_vqz~$rqa?Y!?E>NICPa5V2S`?z>1IL>cLr1?6(iSph$j) zm={tV-ISdxKz~u$5$0+=^b5*<2#NmJUE|s z>0D{kIEY3jQt|J@8l?^R!u3I<^Ms1ldxYxg-hweXc%4zJ}Jf`G9YUXIy0eFg8F4Gbg?&6<(?v!|h!Bc>AmH z-O@@%dgTVyjI+FMPdzo^8So?BHm{z@t)A@lWk>XVE{oNM^JT*$5FuY5h@pyj-v zUhtj5_66vMwXoGB`RUlu|Qqum5SM=srhyK94VTL z#6N*Z57XWK84{h;;(P5KbQL-6%uT~GOZfyW;zGWmZ3UP1sS0n@-dnSCTFfHs7#GF1 z7+sgw=iJ_iUyCR+f}SIV7XYf)?z=b->2Cm3Iq8$UskX_zpffe!ox3*asBYRYsEox3 z6g?gQ#yL@2m_81&iFkofN`g|NGDM6pUm4m-M`id^uUtiy$^W?|L{>Kj^ z5{$FslDPs~d8x^xN-cnAg~?u%w7R|R5_tz<%WlCXbAuZ@byMqno$|2^xxZ6|DA zYys$#?n6xD6m*-C?l0@r$C5Z>ZGJ*JuvrMV#N(^cW4n!W-5^@NP<9aZo4l~UBbKQ* zq)fwCCK9#?&|I$U4r(%`suo~ASUGKZz1dUvNTR@rJiCj8Z+6U- z3UI~l7{jxM+-o>SDhSyU&E|BT96tnPdG7{ofyPrQF>{IdS;m2 zrXqx>boj)FrtWVz zgp+eVXFr+**hUMuImBH8ZOZIJiFIEdxPHvmzb+@nC&~9l9uzZ1vrU-nO`P%~R>ffQ z4_;Ow?bMvN90|Yr{%#qC3^h5lN+eMo_@C0x5fu1%Th!rhi}B=H@)gd7TEgUt!3dCQ z0!yhdu@8iR$-cFtNu8}G62>-*Xry$Hn0KtWH^Z}fSZ1?^`?ggf`vED9U_%DJg0TVZ zrGnwZ189PAJT_=M-x6(@JA6ThH5VkjM767%Gj1m*)oM9dTH}n9lj&GoHrS4zoBy8e zXs3`Kix~t#h{&G=A$)_!K@dWt8Z-yf5fZ&!&FTW~DUpT4BJp{F-g{RnahoqmvQ<2z zy-4ME!Q_9vS36-o>NC=}`NHx@$qcVrTK0M99(qw$u&bXb_inIk3eHa1KD5{U3VK=D z?xNqknH!~oAbv+no4hB#%lh1Y0SkdwQk2*BVg!u(fP@p9;;~!4jeaxt-n$Nr037$! z(H?__teK+oE|L3_qcR$Uny-+nVY>BO=c4@97fnX=`Qkg`F}L zT)nNOe>v|ffjE?!b2u0)zWR_Hmu3c`)ve->{1=J+-7aiuGg7AAZ};cK13QbYn!1CVF4=kc~&0$6n6) z)$6YnUP`Wp5h`$PoE?X8Z!9Dp*iukvQ0S60&1|Gcf;@LZ50(g8C&$DjRa2R79}ZZlVwk>f;e_zzx)Vbn{g`tg6}(FM_@sydz(`CGHA0Z zw%xdg_G9h_!CpjWj3dXI(0R)C#}~d~KYFYh41Z^D>yJm7#6@ezh0K-31KOn(#FG!= z@W-Nm>ol*53FA3YWYg(^w%qfYWX(LtpRp}kc&o=nu{WIoolz(`~g}t!%fudGHz(z?*Fsq z4YZb^c@yjoCtvT51a&Q@myu7vM=K=5_2csMX5xtN!_C%g3T#j;GT119B;{*SmYMzYhYy~ z`}A_!M zCsGduo{;Xo2S=dpYa1MZp?4)q=M+u`ZrQp2KMuej+SuYmiR-x*R=V=@dsyBgnu3PC;TP4X?Bv!xYks6AN*z{OHj`KbowppuM55~2)tAN?OKvW4 zett-hwn3}|m*CUmFrcvt!|f4qMXlvEH9FtU0e`1uf@cn@gpg>olO2%z80w)HPf#;y z4Uc?&%vf+T@LxigIYZdGnm@?R(;mjekIl?9JGn6Nw){-5JV3Bf^V0*i`1naoHe}vv z%)I2+vjhI0IsPg^63!D}QeQSZi4Y(4g1{d~xBG7w;M%JEVN~Qbbi)AnG z-!@47LG&-5bU1eH++58;7UB`}EVSgkQLO967tnYJfa~RLfOkJC@z-}?68^jRk4`Ia z9_mU9w7PFeKf#`wF0|mvU?8oe>4E@b;J6|W$?Vx4+xsr|i5{g%pZE2JSArOH?8UjW zUb*l9MW!dUEA0%3Lc(zHSozwSiZ0C}E$xRB0L+I^Is^Wirm!KSXCfl49EfkTx82es z#^RdOu(`rpmf{p=yzzav3_rw|{JTgA%=guQ}5dHKc54Z8tMQkV<8 z6$Hzda4EWI?Ajdpxhe-qmVj`~@28*t(q#y8>Kg?z&Bjs*i&LHjL?o{K4s2UOm;)dyTTtd3tvyyr2SB51}S2n4)4D-kMKF~ zzXI~_%s-92@qt$|(tA&)X1G9wZy4KNQdE&7nc{nBMeV?%Pa?ek<;E@p;}06YYfuq&sdj zE&_T~9|8|kc3i|_$KuAM z`&e8vy{E=$q&L0}PKoApko`Ex-mZIiePPQ_w^tK}_b*|0BAB#w%lN6%1qls3Pp~JD zr6!RFMA}iQbW`Q|hO|ebRF7rIZs{Klu3`i{)l@cI8$wJQ`q9rLpdXbFaldsaL+}@y zwrlOh*;lX=P+TX5%UIeW;X2>^JuC8;kuS5A$Zo^f2@Y@))OX_0WNiFMs!?Sk1M{>2=Ap8s4R4v2D2SC&4JZtiq+lv9;z{Duv-4#gB3JfIiFt`%-`_r?pj8|dAdgj zlGX7`{G}JZ9q*~~D6HZz*bCa2?@3J4d`LOWfVv4@jeY~nC@->SS)ul_{1Fmh_e0wj zbq?+|Shu;WE9M$F(zUc*%S2Lo>FW&70eTo7>bN(COB8evx>7>y0bs=OxB_1?^fr1% z=+4WxEXxG?sM9I?SwF03Pqf3UU9(Ka(ua}kbhLCvYR1%fcW zdNj7B?12)IE8WA)O!2#;(1l}yG%~*{G65=bL;WJNDUH_=cM7P;W`8%H!utB#ji@-? z_3T@5mG}m{96drf{+^ek`K3o>gCt$VLawf^T5A3BfVGqy&p8)Zo2eZ+0$5Q&4uAs{ zSx0R)+u5;zE|yONAS;|ZrqFID`ok)y{GE!BPotdvA`+Uuz;$XaoqW$PsX0iQp~Hn7 zNO!Ier_tH!k~D%#^Pu3$!HSZ?_{~0GREPtCvsjxk0ERj6VDOaffRv4Zrpdw+f($eY z4&0GK9_qm#sC0uT7`$tjtzRj^FtTGMzL-e4A8EqAX|EhQ{qKgmu%P10_VzyEs1hgz zLR~HRQ(X-Yya{!cV;Mgv4kgR}BC89i zmG}CsKMw`e3wsH;{#i%*2eJVEKuIJRdojK71}B!s-#& z5=z+3Zpa?JM67}q<*HdfEDk^4_%;fCidoxx=$PLifJoIg`%c5Pe>2Qn+}iCeB6L3~ z8J%sa|2W$l<~mKobhJdM+;iF{=n9QZJ@zWPp348{C#%FO7 z;oJfdqQ;pa^J8s$ifvL98)3~7fE;`X@fgP3P(8_&whvhpO%t4^tERIDb+7^?dHBd~p@q(HhHo7% z4Z-Pn-I}#dl(e#dZ3)uJFEpw^WKBKIc(3t}Rw&)Xd$&)`yGNX!^R9fl(H47}8h_%~ zK-}JC|K;Q`mXN&Ssm4cXwlWz;I zu3g!%k2Q*+#~E=m^b-+1&X1+7X>9=prucw;0479jfC<4A_yGsN1fGcZ|Ii2=NerIp zAkFiWG_`_jskCAh5#D37qd}dGDVhi~=v?+rr%rOogJC*!yq9j(kA8*;&jd8{6-!dL z=$BG80^Q-#`9zDN7V{q^N!v;x&8LPJwv0K1d|L>f>HE8<50o(ff_hS;9VwZG6DPYP zrc49P5_RKrg12_l98Amm%j&g^6CqGnG{3Luw7DnPJ=t-NmIk6{Zp@S4H@ONbrcr8Zm5LQ}7 zoAvwgEX~bzJn)v6&hDRCV~sv;wYeb$%x+Urg*Zj%jjNkexoDV#YbX$vbWZjRKM zcpBbio$!VcbPEveT>J?wFq8?XtJ}i$;tXFh^-%6ZbO)TE`ePol!q4_Vy_*n+k_)!$ z5;a;vrj1*Zpc@#Z=n z`E<<+8?2SOdAphf3O89f2Pzh)Pey)H23GK$^Aj8LFCXl(CQ`gW3xSPxRY2F%UU_!F z`hU{be__LYju>+<_Zv1^J0N<)}>m?ZT3`^$QejRY-$7+ zC81P=)dx~i^_Ao2xv0rO!|pG^*h;@o3K#cgfI#F{^)>_Rm;mbCsB7@gLgn2d!v8J2bGqvf_F#sEWN?2kaplMGZVV11zXPI%= zCtH`EUZj0H%5ap{x;I_(BJ0EF>oPyxJ`P+yO^H`TgEu(&etNeu#jPSIpPb)@lTR@W zoP4_^`uq07eWw}!mviuEGPf}GQ$E{EU~>V5H2Sy>-VMA>BdC!Fm`35hhRsZOPe3!6 z`v0E6I&B^UTMo#H??~zU#STMtN$^pQKH8Zux`6>}mx~|F=MoCsT?zP#7$(d&`+)50 zBLb(Dz{V#Fhaf*$Ij~`r0gaXlYNkHq(JRrCTxkQ|UnKL5GJ-XHv7FSsXqRYQSn?Na0&mz3=^W&qL^I!~q8bWS53hGQ;%Dkpq(r zHuILjr?2VbX`rJM+4sH#>GV0CC3q~GZSLwfu5$8Vvl9ZZTjBJy*W$CEghrR=G7iITs|d}A^u z``*m$YWSbd)4_@?^|kV0-lScOXsnn)_E`ug_?LZ_Z)T-_ykK|MrG?iwDDW&)EJFH( zRi0cu#aP|A|Mez*hfj$10%5%p%e7nXe&8?k{r;nau6yt(ICKu&!3FQorsv>*4auHS z3Zg&^RwR_SKy-z6)lXN5l>lx7zE%O`-9k+mVH3VBvZQ8hh0mC0Fyv=f&6@e3U93F3 zIHEytdOq?rn?P2_O1{j|eW3J=eMm%Y`ahY`|KcA)3Bwa~BR4`pzP{mF|1*XoyyjW4w7mcNNv8;JrND<6{AdXjZMJA<6n87KHBPDedIK+NHEL2nA2{nORmU!H3AtKiI5t`D#rY^Ju?zGVe8cC z&V1A1ZHoP94f=#l*i{!*YBFAB?nu8G`hmfqaUK2$?Rm!h4}oe)*|BR-@6ojAfED1> zm`c#V;))L5-FtqrJHrWc`7u;)Qo2PEB@UU5|`pzba&81S{o8>5U;<)oUwl3l2O}Q z3f-Bgwx(uS*$lVbg}Gx5oy8I!nxyrP0V|N-B|^(ex_7Ooko^`XZoZcPHPV>`hbF`k z9+K%VcLuSpKdoV&-Wl%#ll@ngHR-`N@L|?JqVn~h*}W%3fVAz|Zc`Su(G$|u3g71D z=ytLA??z=|7D(HT5S_@alz*ZaEnvpugB!>F87};>GzzZx!MG6jSG&5%`6fB#w)kss$)jGI zmDpqFl7!XTNFf;xzNOx=e5uTD<|(bi*qe;@vZFdzRVSqZ7Gar(6^L==jmIe40ZdQy z8oYheIRVgEJUct~GKe4zqGRv9N|t+;&EjHm>8z;|eobxWMWJPxy;5cB_d`ofgWG?G zkz6$fk|nBkPgBi)q<+Y!ap+U6Q$^f=}oy+ z4&Sy`f2+mRMS#%L@$MM;ngg)M^rKR?)z+%9AF4b|F^8pV0YaE&W;d%lI|=%b5y70)_VK`;y6Kh#!F^`gWpr#}BF3djs~^2Kk?IZwCQ6Kbn%3j;N%VN_fu`e*vkx38 z+nY>B&H5`&S-kRi9`iMqqKRpr9W7v5I=Yl5PQdZ}Rr9q0(g66KAD4E)YZ(AqD{z&G z!1ZtiGJ0BIk#UaA zvGJYNW)nTYO`aVPWsAUzbPY0}9+4wD(149?ez@uWRkl!eOFmV2R&HCZ< zQ+=Xf1vcpdzQe316sq%qbN>FB%qM@8lZQk%r%yc)9vgcIuE1FvxB5%0=CX@2ewT_$ zUQxqyydvxXOU?8vp_u4)ls(Dl%7N_Pj41NvH(}z1(%@7 z-KQMY`Y!(x)NFWJKD&dLWwIqvWg%Gl4=;=Dqw~d&VQF7MAEZDUJcrTTBDBqVHi0QV zuHBDg2<3G^l+!;@b_^IBp~QO^Erk{{*@-`g7z5%UDj^7yo&5rgGy=rcE7*v5iWEmR z*o$mVrPu_4fp@o_dX|Z1twE$oT@r}Xc(5UhauZsNd(CfUMG~v~{u~8gJWc6_h6_ti z(+`GZNGE2gP$crH45z3H(#H*2`au$Iy&ypPF4zK$ID;SOo2gBxmb+SJmw^(jhXK_%>u70B+XE{|1s}4r6gD z0RJT2H`H)-El;9%MT32$ujBhWO;`P3e1Zu=3RJl!!$jQW0*eLqxT7%sx`7Rf?JDE& z6Ch{v$C|?0FOT-FeULrdud-kj#v|GT!r!^1W_aLI@|rsiUlqjeE}O| zr!ElqIqUO}Va(ehX0uWI;Do?WnIIgJ(~n}ifFOLH7qrsCoJT$tkkZ)dP$s1ArGX>lK+*cFSaZ{9RaUl^eF!at zmgwKH>)$8>_+kCe&eLyEOz;Q6+l01$B)epN6S-|cw_>CGX{kQG)b{TCp99N~YX<%c zX}kBmJd9Fq?!OHNiKoMOa4@Dd5ZLSK<@b4q#}JS$>hz>>WkfFMiO+XBuF$yBa`lus zuqgn9{Q#&Gvp&_@xpSfD`Sj%?ZM8)dZM;Ij_g zejGmZY@k$QHqkd5!WVZPL@7)`wN#i*IJMzxh}C+@y50$ev*q)vo75O(m87d;=H=VQ z%PYMXoKT3IcMPw_A)wi68ELA8fByKM#4M;MF!j!1kfIryQj6gfU1ezA^A&p7nM=_W z?p@tjrC0y=u|qf~h#iuQl=eiYgD~>f)A66NLyPycyBDGF$q%Q0{D4$vNqvQjP0Y-Q zw^`L;#4R2TwcP(@s8vKce#kId@?;5Qw=F>JPjkG7nW9LaE5Y zt4G1i6@hrVZ~8d&o|e#iTJ@{lhP(og$lw(SVBfO7`(?}1q)nUOy|3>08s2gZlI46N z5Qz);0ioF8b;|DGP24)_s15Josl($# ziBjhG&Z{H=RDTbiI*QqDfq4`g|5&PK)eVd{p9ouk-OYV-R&q{fH`%N54K(W&XWyfV zsaU6nhgnev)Cg|n!YcG}?Wso16*189_VFBWxus7^cv9{wK+K+CzOdP~7RaNU@TxH}K{BTv;#;jvXn_Tmu1!1taicRi}I8 zQ1a3U_y@;G-QK!jrA&alHxqoc)RTD=h@>p8Du&bzvEX!7MwRbgYw;+_QPS%Ey)^mb zY5otNy9;t^VIl%=+8!wn;B|(Fm`)3q-$vw49z^a;9u4SDq_o+}{S8V2^+EtUOnq(@S(4v51;YWx&TF%HBEq?r2GKuCHH z+)*1{p#Kf=10{)PtC#oURfzL}gZ$1Ycj$%wtYIo-S|gi3A)YJ#A?Qnw?rL{n%;X~x zl+S&R>I6KatUKXKG8*e)L`ci)1C&?<`u}rHyQ_0SXFX7T^p$Qc5T_f#kl+8Esy0I6 zp@z8)s=9XcFSYTv0#`Oji}HUyD6r}(Tw4+QHI@DbHHD61-2;}xZuC4?xe?!wciQoq&7NH21J8wUtd5-C*}D`|F> zE*P0fNXt3|ZlUr0d(45rB629O6B7g+&&_!l7Or#8+L-JwL?7Y0I2)027_>rBo$=KUwOX)d2c%3=A_-9&J+3_=VRLts$zv$$V$^>_zpJF@Clq9Mz&; zYao0)ICA5`_H#(wD&UZ{|CB&}|B(wjxa`%q8WpV^qryqOl9s zP|`UQZ6fj(zICPlK)3>Sf(TumvKs<}8g^h22@W7zZh8z#vdsr(VdD=4f>fxKu|NHRuNF730WAP)K_Qr?Dku^ z*O_O$M_VX(ASx-Ol^W{{WU#dRGQclHU<^WIhGLO*<$DI|*0geg>}Pu@G=-k#cb;QE zb<<@i6>92^t!woGYH`HBdL6{f3QC3w=$xBbGDypzbMF0@b56pn?_M4-q9*_NKAkjD z+TqN_so-2xZ{*x1kcJdH-|VpeL_q%$=o&&H%1LjoxX=iJeAHUG(6b{6#%dWQ>bTNyARccB5Ezy{dw8w(E%8%640SUxW(B}UsMmrBwJ(>0wHdH->=l-JaV@9TL z<&Sbf!vGmn#{VOy|ND`eabdDylczqoZ*~N)f+wpHlD!fGDGK8dRiM3-L+)5u^LNxY zfH$2C20sV*3n6wK@~4xP6i&7acua!z$f9umwkgvuYMb!6LV&;%1mmozP9`GvA<&M+ zM)M_v>IP!l1z-}sQR}rE2w5ZwEgF^!xc%i+^F|w<@VgCPocd76Zv9kwJC2W7>!Jsh z*6ArrbKo0(^9u$ZVa>A0T_f{Uoy|WR#rHX}W|qVB+v_xVVNr%1ZDiw8@se?M0JR4- zeX?RsG^YaH+EaDvGzIHZhd{k|Qnh(8u6FnDsdLAi1VDtRpH!U%>+#}`hwJ>PFY{v! z-Ugv0EyFDzLMUx4=Rxcv47|!8N!l!UMUit9W8uz^o3%LOxt(X7w-^>D*XR3 z(XcxBFsZ^c$H4*lLnzV`AqPrdQ1GRJyrJ51HYnQm62`HZ9KnSHe?2Sscuz=a4Ll%1AfVrDGSL9%jbD z+zfcZ-Mpy$T^8cp{3kgYJP{* zpoqN91BG>7Lqrk#tpG-*4&ITD{NIX!pN<)lncI2knAOe_2F)S3`H;@*ul3jqtf86x24g@1Id@CYPH=5m_4oF*$hVTCaDyZ1w`P%`pgE!q8p>%U2`p zHTZs@5A(?^06}Y0A{0=8|8o{tlolfW&0F*Og5;hn}M6o$yDX%+b5<; zf@dAZN=3=+`@PC@x}^VwW&Ou87%<-&qDQTA!Q=@osSqp*nDM^dPwcpUH?~5QsM&P` zd57@Y{prcxN<)}4(l-x%vw-lzA1C=2$CFNx6v~+d;)uWO17SD8L!aJq8b+d*OR3XS z=`{C8#f3{o_ir5xZMX&KO8K9afwf;)atl94ZF>jckkecJi9`28|G4A=u~Be@6XHKK z@70d_W%3(_6va9f*uI0*yeMeW1n{7sZi=?J8E5Y4xU)|dEP_}lt9_(AJ;x8jtrZqQW%_9=1kQ_13(E494pfK z4b3%#)@_XI)jt=l*qExISHNhJ0QQjhH6a1*%7?HyxE_#80R&|A7J4cm@hM+v!mf9s zu6BNWboDp{L`uOed2id;k+VRDIvMl(jiXS`Bx|?uwYzWFF)AwSTldtP2Oh}N+#K*m zx{H#IFK{?w4I8bTW?;xwU0X=r;*hZmjEKngVVsURk_Jhi2k)O9 zDBxcM=|@ePR5AB|K=T+{p; zgBoAzo~;nzJ3ahfix8KTB>aByTp{gg;Z^a2<=MRsL1|eOqAuCma_}{4CBWDGyI-T; z2-+_E&dW}D3bk<%E?Iyh&uj@yrT$l6JeWpj{05pv^DIbamV|$?0vZeY zI3(#pcnotuujkC_p1_dl9+*#Y?8>r|pmVv$zhT)!X`(?iJ;nl! zu=Zk^`e}IRMFxmh2Kng!@%Vr6%E1HI(aQBXNZ}geI|jICIVh5!((MD`!WASAb$$IM z24PWvMf~@j5~5QWf$pqU)$b|RUPGaB=O-<7MypW#R938-7!sUx{)#>k_|%dFU~SmN z1eVh#l_Ar2Al#a&%8v^7Tv%Di+xAf;3Qg7Wfz-edX!P*x^q5005k z*bpol4-el3-u>@D1az4W0*LVE%k=kJ3Qfaw6em#bHEVy>56 z#SwHh`1AwY$iXHp@GnI`P&cCQ?;m~<@gnS3IjTe6&0}xk-BL@p!w9?v%r`F=)RZfC+_09&bJa zf{&zO$0j=SP41sQSdq6!{)H|pk!>QuXbqHFbvNJ;!3~6Cx2+xBiV?`wKA<5WqQ2kv z5)&oO@^ZNR(FKFquK+ZZDLhs8fYlE8bvAY5hcl0skV#L(%M(yA+x&xfZ&Nqj_k;;) zVKogrIWsqXVE0Bhpve3FQzHJS{6F)r-_Nb<0MZirLj?QZZ(o-k&{lqB5n-EanRr%R z2?@ye4ry)@&-^qx+5*q75T0ge7VNFm0KnlGY_>DW&Je{6dCCU_W2I z4THFevs>(7>h5|Smjq6Ae_uV>r=aNP-mllxyz|U-y1J zyU}wxlP<(y%lA+eGCzxl=!89&7@7<+BsT6W75F@w_(g2?V$@LKR@(Pt^D*dqB5i4rN=m}wZe6pa)PoM9@X{C}){cR1I3|G&@2h*UOFM)sCjWPGysR@p0* zsEm{{E6K_xE0VnmQDiigT~?7&L?OxE{GP8*I;V5))49Lj@AdoRzOHlK*Qvwn{Tk2b zV?Afi0|IF{<9(GrEDs(>y2rFD$o*Zt7r;$$iyK5++b-btQ&ob^*bzdmu-lY#zIElt z63cR50FfoL!$towJaHDqwg+niC}Ax+4~gl+(MX>J5NVGOxxH0QB8??A=Te*?WNx5)@)7wDH2 znxXqY@GG2Y)6nlBVpx6V4Pz>FOv&}b}T0nhR=D(1}A~c#1Df&1x?!+Wj3y;mgZAG6Vcx#SOD&+zJ#<|<& zPTv9;X!%fH^+R1ba5ABKz#Y`hjX+O0z_FfwV;?zcF6W9z61)|g!_?V~v8=wc(V>^2 z@s%6}jeeeks0R}K{1PF}g1Yz5w0K|gTl1?W_gs3}feU|NTy(^MP5~wx(23_|p5h>?THFoMQe?qloIdq~XBj4WroOd5eWv>* z(LC#|cL0$cI52MS?X9QW4z*s!Hz3p4qWH?loNZFrSKhEn*#Y`) zCtwzQNckqWO5G8Abrcw$v1g%H6U090-Xn~SV67*wfVasK8q?prP36Ga08heq3}bjC z+I>Q98e(Z)z_Vtj5cdXU#l~O4?8p#4O&u_krVCMCm53Z%BeOLGgno`s4^;@n>Nj3a zvs05s5WF{nm?@p%fjom-M@pKQnRYuulo%x$+z=|6yN-nHW|;{SFdc2V`2{<7MAR^kJ9t zz8qUL_t$&Vo?T8cwS#CUsJf56#6bmoqirJkKGgk%yR^USy}Nrn7Q7<|CAYo`bM7v1 zkbF7Ba{0lzoc0Cj$8Rw03iPsycR6dEB!1Qih|R{^;(8hXg3Ss*RS>1U^F!6Wmm8)4 zOY|E2Ij~0=tGnsShp2`G6WD}?%q0K>`)Ahx^;aCbLPJjLjfuM=>>3Ap}X0K`Dlx~OUq9jBd zTk1RZQ{NyL%n4mkuDZci%?EDLzOZK1khf3{m~<(0kzKqG%FSF$xle%~IhON&W&z}> zQnFb>W;j2!VS)DdmC&<0)Q`~ey$kX-8r~H@^u77nLQv=A@u01AnT9$&mjKt-+3fzD zhD`(Rp6fk-W+0<3?H`_@1IWM%@Nx3?HYiVjPFMQzv2uN}4jo-fW8dG1UYa{@{T6DJ zMi7vN_M7MGGFO4z$>}Lrc5rrXb#UOj>CBD`MQSC~D0coK z6-B;QqOc(vwypBW3qT^}I5>(_6FUzz??=DN$t>S>!M1e|G~ElCWmUvFqVi~1|M{e zE_6wh#v5%+?l9?aFu8d#Id!Zvlwd$u&`1ZpI`iR}Xgi`q=efarBII$b6 zuc^9ISEq;D>S&vcM7m<}I_9V$f9)vt)D=(zbTvN%6FGS%>yoeZFrZQkz)<}5F8g67 z1;HRH2aL}@#T$5x&qvO^Fu?*|7zcer{>YO(!pF9}wis?gAA|@cNqsmX#zTFY16@z! zm&$@Y{hn0>$w_&PXjg$WGu!sb70t^tFx?%|lG%Wh@`qx4Ts|1PrYmhz4EU7WDq}|t z?uuA?Hc0QSO*@!Cl~@CDJ|ARnjPt?KLGo9m+`ZUt4D)`vo!;dST$=8DS}qB36?8%* zUi3se-Lxo^ALfGO#skagbNH$05ivlwxt>1r07>G$W$K$bLt)iWhxgWam!JPSl~f4S zalbsaWKJhI=!B}Q2L6%-M~be!BbX@0q_$np=uy3|u0ZCjzwL;&QPr~TM^8Nc0;eZd8{Atrh}Zd6C$Zx$`o92w zNfG_^W8eS^_3?y=`>MGf^K58oK^I9I_{9lAeS+9;0l%3}Gy|y_roO1;mG&4ReP5-x z4fMnc$Q+E6`f=&pnKur8cLQq_gv-{_{pd^F7W9HB_=w!jv3wL4bME3TbUXev8&(sL zFw+X>_@=c`fs!Z$pBWg=is%HZ%$h%80+q~<(n%MHzh6dPU19jxG2%oxnS@o)CSGE>I)tAgLV-uj6vqxqi1ki$4Z0ofrr^ugc#q-BkIE!Nq7xR9S z#xv~-3_e?o0Sq9EGE|u(Yto~s!%)iIY|$oSJtX4b9|_orcmJBvM~;xsQ!p=LOgvyf zLV=Ijx(jqJO%ShOA_^f>iSR%z^NE!$WIbUoi?DeH$Sw5`QY!BL;#Zh`_z&b>$O?go z_7^}tI{y>-fC(Wef&g0OuHFMDk!i|{Rv*Nt)u(?C+d(sl<|`b*a*C7Ey9VK937NaS zFB6q%*nkkN;6CtxYyR_X#C@TIEeiuO4~NfunBHHbqN1!!tW3ngo5z-c4OM-%rIAxL z&9tP7Mm#D0HK$f=c!RcBId{?p9(lD(A?mc@8Q9E=6to6Y5v1W*#j7tkNSVa;jxW>o zjLNUff}eQun{UB|jq^fZWY+QuCJ(=>9Uos_w{&k{bTTeG)^w48h)tgsL!_=^3u3gV z+#jaHTyiub(|di)or~x5-Y7aL0Ci@fWpb<6or+B|Ebl8JB^xnm;lY5rHjgfzpLzy3 zZ!#?{H)HN`CriT)>*bC_><31TJ-Dq*{Nq#keF-ugui*yG0uD*cZSd*C`_zWnPcsV^ zb%Xq?^A^=r)V<9#ZKHV}loDgTx!^zk^_;;Qu&3EFIb>0>#ba(?HH!WEhTgzpWJlxq zEh0J}JU#n8so1KP?l52}18_G;@1tqp9fZ6JYomIthl?dQs;gyCB)U+6pD%Qf5{sc` zYdh4~b#aNUJ1{X^kC@<(!LLk!AzjoVz{CtpC{0Wsd^pV0hsn+Y_d%UhM3TGj@#y{Q z{8&zFv&i$t9D$(z2_gA7ipKmvAzPyWG-4(o&5jB0w17+%mv`0OpCF?rai6JU z-nrW`q)`_~UYz$CLtqF5!DPD1fKOPQ(8k7cD&Nq~U@q;+B?|dtVhV#-IgWxy=@~;@ zAcvN1G{z&3ov7eOK(k2MkczFk3VGE0x0R=SJWVjT*mwfAU)G`g8wPwO5J!xoKX>C@Hga zhEG-$tsmikSwCKkq4c_)nfUN>2fN#<36Xl;U6#2#RcznDxv~7*@KK&L&zRjFEu!65 zF)4cpFzsY)xapd}JgX71`>X6HEY7WlFG_21tx00DW*IqfTX!CY^@CYOdk4waPJe-m zEF~2q)VRMDkSP@Dvi%Fp*6wPlq1Rtf2!f3NTSd=vzrC-0+Y*rV8qqxtPp?u1x^ZP` zhNyI}KLONE=bOy5~*MEa1S+w8dM?72KON$MjoskR0bAq}$-xugMab|Dp^loA2<1`U{Zy$KC!TWH`X z@427#yxpa)=p7Ly90|@+1^^XHnTXU;n~X#v5He#+q|PKlS;5JeTV?lbt7*MoEuUjU zIAaIo{^YUOzPkb|myA~KP3aTTsM)HsO?88jxsQeNf!5Go)TF4DD)l1;@<(3b<7)sYnMt{TJq*08Cysnm4xLv~}* zwQDKDa3)yi72#KZ!4Vj_;FnxLppmQpn!&C580$%ptBt7Sv|aRsbgJZuj~mxu_;QSO z*;BGFWeyNUz&+uuk9N!h-#p7YQst!(FC5=-jNyN7HyMGq0Oy?0R+y}r5o6eP zIKuTxDA(&Vf86 zg}o)0jq^+MKqnRlJPC~NuxtswAZf)VqLnW=ZMV-0$2Linxtf_LPl(OBTtY;oP8R6G zp2B&cQinErv=uEGS^D3Xj2F&l(o=$_`t|YpCJ5YMi1evsx-HCT!g(<413FY zTUZ_8%d0L{ph)Xl^awAUX(}$EX+I#6C1)=u2w6J&?El#WjYY zJ+wkNvpTy9=~H7_q9128{B;R1hSiCRu)91@^odnD)m}>EmXwh>Sxp+%@AHNn13!Eu zQ6_p0&Jj4Yt!6vUbeHG!zEdftVxtQRxrDBKbo$@`C+~sZh7tGm3hp9&3*`eDv|Kp; zZtJ3_+ErwOyaED5>JA@=j*=RuK7?k~#c{gQn!V&4F)!Q}0XQmHA398k5?d4j`avCc zu_$o(wHa#oM-cG&HjqYP8@w6VMm=0WH_`9`0I?T;t}K-uL|!ykHS zXu9aSz2Xu9k>HQT>b3W@yi1VZg~>j>r#lK=U;;eVx!$_opk{W+7cf0FZQd7Nh&(=n1&Q7$r#7^YaD8Jv;@cYV{qgdkcbfVb882ZAJ6A5jBnjL|BbbVuTORy(AI@%?aoR8aE;LLFsWT;Z|>zF+rl=^Tm#|h zuiQFS0zQpAu|hk@oBj04SK@}$BysK>eq5+sPW`@RcU|iobm4ktF2rbvn z-yO^!6$kk0vMbK)_NT)b9uJph!fH^xEUi#u@qT)AAILfwMeURgO=BtG-3U~Mn@^LL zC+T1Y6(-U8D1~akQ4M1+wB_D!Zn@)Mhx@BMA|CN$4Mp{hv|`+n5jZRhEn`j|cx+6d zV(&68wK}N=7nc@VBha?PTzfRWfC*#h>gsA^L6#4zbY`9-jaWmWsSpI9;v(_-&qA5a z_`^a?!Y{&)afHaiFPd3ot5eIi|7C^7M92#wv1m}&r?6c^q_k)9916v~COxvV3dFg} z#0Rs5-LTazjBqjk;|`<13M;(Y!OOJ=R{-awy;G&xYqA39&axIWMwQf^)laDKu(2P)718|~s%Y_ON zH|R@Vz`w(SYdu$BOwYJ4aZHJAVRPRp;R0xL3{+vmGJX%;F9}sG)iZ~0QAKCJcM$2S zJ=cNBrzsQ{ptdCa6cW&EaL0>VE?|0cV|}vB_6f-=n*!5v$0U(P=lbD&^-B?C(=Xjm zRShS^I2{b7dFkM)3}@=jl^?wU9CJTZX`Nlsf8YZ(A}ThvV+@)8R@+KpLEl}5uIKB% zFpE+P?2(1rF{sjEgeQiNW4nr^xYomA2Gd(HEDGgIWnSp-9Ep8uMWl{-Rzn_z%wtd~ zNRW)HDW0K!lal~f+u5&g_MmVMK20Zu4%4WzyKK0vW&+Skfgpe?A{G&uRBYW{T|^D> zQT&qhCX=<0t=0%W*B0O01#7DWL(@;sPJRu*S)r=>fE8_JEyPT`_f5Y(vphS-BA-6{ z89ry}ziCD((w zY&oWWni>ib`fCJ@F*e)(cxP9+0|*)?=Wlu~!M3NF2r!Hz$lvWRTKu;TYgZsD2xhgO z^2-`xsL4^CY>g_t3WvPIRAKDIK5%547dVf!)__nn*8VJ`5*yS6Fy<@ROa6NOk(xnZM;F`Ehk_LRtu#ZeJ=Gbxl;R^>9-HrI^j^Z z?ftXTr3nnuI<(WHA(C+qOxU1a%hbAgiIN4Uk-6ayg+L1Knvt%wiep=_#M2>~E8Rxb7P=dz9o?9&4s<=xZJXa0s z{bX$)Uv?H}g|iU2jS3eKce5e0Ac+$$pQ3~K=HB!Htg!oxhMfpF4D8+$BVim(TC`ar zjh?IlaQ*Z@N){txS(Nn4XZtV!;||<5L)^$hI&`Y@jqW}LJ-(nL46z8#ZpZ{x^=r~7 zAmeyUYqnez$Z&(B8{uIC-|__al<_Q69zwqJC+8tEwP;zq}aKFVirI{Ql7vv_^Y= zw?-mZ1HVjWeNAw&_WbR=2nlFwTYE6D)^^y=&r>@TB`Z2aZ43%I!0>{riVu zYdSR3dxJ+AwkBa%+tZG&n4_sVR`%fVO6ME9^JGVCd7DgOzFlqqH7Jo21fS=QeSHqp znOH;I0dfQA9+q7Urqb7QP^MxVSXK#~8;r8cUfi!TX2qH)u{GgaeNxh>#}ZBI@E<0$ zqRNGSRVed*3vf1pg&)#iRY^Kyj=<>vu$pHg!Pb|HY?-I8DQ6$IRCE)w}(WSv`U&Wun zMkXH#Ku&+NjQHCxr}WUxIfO|9RT~Q*bf>{9B*9Q)K4W}qu&V^x`V@aA^G=Xrqe$u2 zZQI9a{J>!CzOl9t*7iQ*IcR@OJY8;sm?C0Y(;nI;JLCA3{B&qhHcjRL(jos4j>qb{{UdjbA6+wDRUa zdwbWD^{B}y59nuUw$Hz2^Pd>1`Tm%^%xl7IsbOE;9)M8qaVO1z!bce007zDNZT}!C z4O?+Jv!(A`cjnM>l;xkQn9MVu&qJmv1crr%l9EDob*#jA9Ug0&R;UmL4$H25 zEpPY$s__@E)L8M|kc_U8J+U!mFZ9|;vfl10H&}_epRL2!3=nRf$_I5qH1G?I_TVB0 zKn2^ZsRdv}!E+IqbB%NlAhL^w*p#BXSULG>V|tbp#cudIl$&2?M=ada8pLc@$lHz3 zJzbpS3HNm0A^8PCC=_y3piqFq{EtH6A?y16C)bVMmR`Dh@|~u$volj|KRHE4)~k(y za;M0yo}T2gX4_rxyd?zx?s;SX!1SAohJ>{irja##0$r>*aKlzQBlZG-xrsvGB-UeN zyssS27W)b9z9FZ|RL&ms#M4n(!oqStK)N&-i|l-H-Q=7rL&Yd0i!el-Ex*ViH|eCX zlH>z(eiEQ~Z*sl&j@x=|?66KoCCdiPmApPA$;#}cec@n0oRqETME+~kVRwkM%ur7Y z<2oXPN{*C1zWW%8<&%ywCkixTu63@yoAl#px>r)tCL0Ebbhq)V_pYc-&`20Evi4hY z@E$L|7cRx={S^qH)@q)7=mk{~89llw>F+tl> zo8{QF{c~^3D8k6I5?n-^N)BO{=WN#=*Vo0$0O(dgN9YAz^*@%tIi>6G7wULGtV(m> zZ8S;yxV9?Oq5_=vWp;oZTpe*tvghugi`Q=j&=Nry=acCPQ$ax+Y_qJzZ`JW82Bc_wf@Yda=6yypSE7Ys&o<@d2U+dpX?%Cy3{cWdkIChQy(ffd zC$Z6@jokW)<%4#UPVm<%*wtqQ#>AxqzpG-Fot{x6V zEW$k3C`GSqr`g7k!ul<$BkAYI@^h{Nvj#UQU{+|fSh2_<1(KVOvp_OxhN9<}C-%KR zcPo6?zP7~x)a2JMrPPaxXXmL8!-TQD;yjift&&_}60<%+<#8%QzO%A)N?cXP!qXd? zAT+D)%ZDk><^?_xyDJxa)Xh9;K7Ccwd`5AI;3hT;A~hsTOS4Q7?GM-f$!`uq2L$X` zeCG>aDhJWFBnxEL^DOrZ(k4rI@9{2E^4CI{1~9}ldGOh6cRL93p#^hVd( zSS@$7yugVCE2w(}(@%4v(n312|?l&PX>J zBrJVD8+38Pf2E-CU#-bn`)66-wCx9nLXVZnDa3MG0DKzQTv5ob$ zOe`lIe|{^xIijr8E|7vHJ+ZzrnFup2!yuf2p1AjX(CaaUu}pcRn6UXR-G|a@A1~Kw zjHGAR#09N$=v!!0)>fv4Zk@i5cnUPip0Tq{ZowkIu<%4jOV*IYnR!NEuP+`-PWsIq zb2(TP#l?YJ{_5Na$EZP7*sA7D%j52f6NkmMY+@PwsSXT2%>+AQ#V6!V@o1BNUUOu1RL`GZ=Jfeaoqh4E?E9c3tDyQ_Nwx{O{T{SiK8MkmEG;9P)|*o>x6O%Ga|7&S%GGv|ofg((AE6EI8hv z&>4>MOdWx8MPRv3nK+Uk*Ky_$JzzIl4wCXFZ}kT-Uj%)C5RHfUO%l~->d!({)<9VB z3F9SFoXU+ORK zdsIlo2TxSfpM|m>5xuafZ40A<<5QRA4#5GF}MGfy$Zh)^@cDaU}%iaBQ|SJ&cilYva}_6pRaBdyOhxdhIS2g9-6eXlEn| zRAz@fN#XzuZe%{&Z!6E8$J+lMGR>3tG!(e=N~J*69*gphP)#kKlRI=CwDF}$wtNxQ z3?m@~`BCcA{wHdHP*bv)5yly^f;8n!!y6cHzh5CH9lj3;*&Ki|aO@GKV{;fKT!WVU zv+kiGBWOqkppm3@)k-5a^(SmLg+t}si*Ml%`5R4~a+jX_{;_|*pikbuGtd%b{;1eg z#I=qJV6&9>N+oH)m*FOF`f?4PBmTgYzn&UAd1oeyiP0VQ0~m!Vd}CTM^ICWA!vt=oZ!pbOAQ4#VrW_af$9u41;P5NT8g4?yTPsX#NN z1*r?I4>HvALShnWxQIFzRA-`uNTdyKloez|rt-0F!x)}+I||3Ze*n-TK?I0_EGsD~ zim*^q4-P`Nhf6;KmRhxKvJ<}!FuEOCbRw1nfyGubpwfV4_7N0k3pySbtr}oVQp2vR zQ*Cdq9GxV?S;$e4^ zY-tEu=TrZub*^76E@vA(kO?EY9=1?h302zjKx3iFl2olc${M? zMGd(HyoZU^x9r%xcZ%=Q7K$C=q0ync!p_4d*+pe+X_-bfXj*zIod2AMrUm``oj4U} z=hOkfL1aU^{#}@q5ZXOblONk~xt(WC8urns)z&|{3+FAjsk6R(xzG0>kjF<%ob*g$ za_iytWXH45t;Q!KNX~r849t?Lec)&63g|iYaF)bjecqY%#^ zQJw^gXzf=8ou|y^B7&CxDBSkkRyfcokyKu^t6hb*_@$s}gkHDX6-ev5x}E^S>ZFc( z|BZ)vJM-@Y*-S4O1vgEIFN5unlb!LS6r;hi?+pa}SPZE$HIQqdsad@IckJ?KPmB)w z!O*`RbecegRkvW#+)Df4b}QaWG3&EJo|Hds;McdUPg!xY_$_|S`3fJh37Q-G%W9I6 zlBH7(KtTlU`3(h8M|z(mE{2|suS&wPX)ap@&p!AZmm4z>A{uE+6Oi#jLON-q6rh_3_Cp>+pb@)#z$IBH(Re80?vOND=l2}UD2qrE@K5cAg8*#*=!MC zjVn8tnaJIcNQClt8}L#P62pTImnRBb$hEz@Ke5#gk z1zU0F=f95fzc2K~tCF03&}l|?WNuZ5=}(OgYxJ~_{C7+MfbsqjGjxs|ue=9;=4;k!V1T?qZIxY8g0ksEfYlaT>AKx5 za%%_7UV)fDBYz*!5PVB(_riS}QOut2P}4L*oT82+M3TorY$R8#XccOh)T06Iqx~2o zNhHq!5Q1RFKWHRiG_FRvEkAA<@mhk)iI!fbHs_T2NB6fv;Li&H*`wcVlb|xubp;O# zfh)Y+f8nhCVP+upPC5>{ee`oM@sVaNcZ%OAM?2bmoa)wCNIG?*${^hyCAes)P~i_^ z3G%;mEt0T9sZ<=tqR`pKAO+5Ul)l<_1S*&Ivv_}^ip?f*8)b;wp|E;-=H9w+d)k55 zKDMg+zPyg8n@O9z?wh^J0LZ||e?tZgA)eT&$+bYmvoaQDh&RFnlB1jSk($A19c7?(>p86t>(s$E_%bV_x* z0&vTLw2Lq3kOJc(T&`TCu|;f@P;fK!K8f9_Q0`qSd;>nppy@L?YS2Ilw_`b(Z@pe% zUp{yRU}FgNv!LF|60Iqt>j6AR+0jO7qYkisWJCK&mAza=1{Z`dToAtCB2rdR?1FFr z4qQQT@%A6DQ~@4C1rkSU?hB~%!aLSvxP-~;i!!931^l5|jFvkD{Kv0&{5!zoUuZMq zyAL)XIE;QFIM_en@%U{S{pZJvr=fVgo|wqgLN|OF<)h#5nbt7+s<1JmaF{crx$o+~ zAu`1xiI)lTsl|t-y4jIosn-OgXmBf+FtF7kF!%IF#igl8f5AwF_4_pds*eydjt9)XuqGP1lBU(i7+WA z4lVfCe_rq`1nFaZ^1$7r~u}m;(ot>)0%G?*)v3)MmTbc5U_v>$*Nr4?GZ(dD6&K=HBzE!%3LNkhnBT z^|*)P?Xn!;TcO&%Uj}Yhn%0ySBwNZ-fxF!7Xd?qQ81;zFyt00(tEt&B>+m8ihr>%4 z4xWb&uO7y$5J0>K61<`zu5HVY4`BQ;HsQ8n9?Udq0&N?I=9~xm0G9X<@cbQ2SO7Oo zH))iFRaPq3NkQi$SNHj?o|6WVX;c0chR+QSA616)iHO)dhWCN)0ZET#{m_IcQ zfI~A}vqG;e&suUSZlA4&RcVo5>$|Ia*0Kp9lK*n==(hwI0yd-B68F|3Y;`)Z-h~a< z2WV|S#C&E>_RKL)!x(ceh#R2wo%ewWm{Rf{9^R@Gkw|43%HAkNnx%wulJBJW+|}LP z2)98e-(?Ggr*Wdf<1wyr2bLJg4&)?4K=;5fJ_xum{|%FV4p{F`5V_IuW-lGVM1PeL z3_9Y50%H5NNPO4um`BL^_B|kXpS9>S8x$p`0IJ&>)4kXQhJmZ^3FXeu0!bVZ%jXob zD~zd*LN$^_2;xgzq`SWl_TLw*$&-zT#*7ImlIR;4#u`bZnD&IX5@AuzCKS^V_^$Ub6>bIpwSdm`~tt`(fr_g1x9XyYIq-0Z9y5>+tKYb^N`Z zbF7RR+eq{BA&2Fx))Sb5?L18!#epbDS`d3_V)#uJ*)F1DjzZ~g`Xzd{QMDt+1X<+| zVSo?3bV-}nwNZ2TbOj5CYIqc+hpNVnedY!z;=xf-d6R*)cknzkkf!bNMLhmNQ6nhj zBz09M32W0*xm~$LpgAGQw!PNLJ;$>_!D3#oS1)nlz4zzt z4NDii$b8rD(4n7NOwuTRQKOR{LeyNivd<`i3P!@JCc(Vh-Cl2O%OFEg+-OqzbE>_3 zs%>QXi8&3+F!_4pe*Lc(3G$B^?%onOO?nLX5sY&eVnaw)j`DpemTi{a1z?~IbVa78 z4vwYMq2IIk0yT7QB0bNbb2FALysrk#^b0VoWw|Bt`{-koVZiREujTDKer#GsdaFFv z9QLdtL8$i%LLs6>V^62LBRtUqWRVmgnxv{)kpYC?*hM5xj>xMNy zW+l%fBVwb3-w-j=ABV!|*@Uc1`%?Fv>A3!j2py`D>WX5YZ)l}MssC}MWdp>V)(y*- z#!NfEe#?9fvAj_m3mfa{OUa%_JQ3h@7Oq@Y`1%Qw@JX z`U6`~A&b(SV-P?qoo9*7vR)lzXz)i=oQe~!BgqH3ZxM+IGS=}{hj%vqco81q{!{l!&zA4X@AH!44jM1X zt$m&HN6BF{#8lx!H?#Y~*V4@OBb#6v>|lkc2ghEq+bbKE?|2rWvV9=<87YQvdOZi) zkJs$ZBp6cOO+J&1P6)?;2FGWiE(xB9?6*ySbiQ_5ZX3oy=d1Bc=Su~`;IlhDoDX=R znVA|oIuW!oq|gYvuWZ10PN{>;{Hh(d!H(mAdN}tE4W9V9Gf4m=VArY{|7riyi|K$YW==o_%PqWm9o#`f7}j>p9gycnh1DktFJRixo_6__qSY^I3eLjg zBr8Kmz{kY)iGnms)drG$5O+UwkY)QUjI^+Hc8C^5H!mkFq-G4a_rVNN#BfCZT{%k6 z7DSALEA804(oIlITp`w9F6|I++t2Yw;~cKnO|h+)B0BH8F7dfxVYp`JWa-#OSJcwZ zSPrN;`i3;Kk9!&UlYWZdG@-nu`bU&23@S1Vpj_M$f1+GJDzb910QA=Xd#wxdF+(gT zR{|I!TPt4FZ>-d7K`lQFV-iXfARuEcAI7Y!lvIr*FT0){@V!?9XMN<jAE(u(IFw#DfQq%z`kiev3Er-sFM+2!;V!qijKG)gg__lkc3TJEkOCb0HE? z_2oOZ*f^#y0RrD%Ut z$hy;u&MF7#}NU>7zyHycbA zA;V42m7?(U_$)O@*K=68U{j1^3hB1P|!!nb@bXo zWR1lu-!Q~UTm=msPa&%Qr|iIQi%CO7}a zQK2#h&`FpfqY}h`LV3X=HWN zc0Si|6KTFdTZ8W5rVth1;rPShcMgX^JQ%*sa}-+LU%Z>%?+8u^7IyC@7yFz+2-o*u zlE%X--Rj+we~?+B?X3Ba+xZ+pwvp?F2fYu@0Je65=wGn4ck*v}er5q6oXr5p@U>?N zCzF228%|0#-6p}xj3<-49}|P5P9znRydDt&n_3q+7&MgZuG~YbUhH{pwPj(k3V8ar zEnm(9)RZzd39hOZcNnF}D-8;$VhzVD9CWn#lV_nZOv!MGXs!NuW!I+|E#YV+aEO|zY~PEuWdkuQ7QEM%O#XiUopVg%pAI5 zuzfaMzqN-lIAC7j#`!TmkFo2b_MhNViHzO;8Q~GfsDPv}BRUXt2yccEJ?gNkJ$?a1 zwawrLc7TwioMpI}CB;!{x!U7LulZjd!o;-2c!For+-O)$VL4iQqo};CU?6Ay)cYD! z2(FYDH^0=z{t7y|<+W#=5)|Xs^d2=Vx5_KONCU1eG#{6Ft#d!)+G`jzh|I7CpFhp9 zfnFiOE@TT95Bq^D%dZ@bLn zPVmWw#F_61Q|8BU!^X=bf>9qqQ$c2X!9(_)1E)!Pl%^NzC2Y&*6!7S_ZowFKx_E+6 z;irlul1Tpj3LiGBx>{CBND36qNDl}H%>v0?3rC*rYzKx4H13TgS4YhTDp>ZP*7sSr zQPH}k8qn1tgj=G#%6$hI3WT4ww!zpE9+sy}mi!=?g>G31>Nm07jl|eiDnvC%n@$JU z!Suo=$R$#ClI>8rlywT?cM)gZk}TPr%*hm0jOEw(ye|!-p+a$FK)5)Zr#fsZl&)l95H7Qz%&08tktaD!cw#@#~ zyyU0nX&qYKyo1EqDm)7f{3I#QfvfZ=WdC&J=W|c~ZBbYZ%(F3f zis<^>4iHs~wlYi-j0gJvz`P(E(*t|^`Z4ko+&7=I?mzvo#o|@VO|FR^Q&EYw$o=e8 z4mUBMh(cMZ$47(W)aa4!Mp3ag-Loeiz=uBXc1~FT$Htzezz-Ugv{fG(YY}bRntQji zVfR?LLQ4SW$XO08akk^K#ch|11{K$~%Ys^ly2|itk%HTiyq(UFew)Jr(;oJT@8CAf zr*BeD=Q|W&d`|C##SV~_15x>d9W*xvcJQ6QtJLQ-iLbwOn~!8}dX8jDbKpWpGR=#{ zABJ5zrb-%>S#<}GA>SZV2EO6_cY>zWC9T$xLMNT_2eqciLldv|JHQXN_YV(4qmzGW zwmCOa-REbUM@$z62KZHM01qwks1UG=e3IBwDrm^5;8B)#*4Ca%Mv#ZVZWaY|urv0` zp6S^6;BDa?(snwIEf&@<3mA#`Udem;1;$*(LeN^zYm=dVPe;z}MfG5eYB>)#H_+_U zBGd7=eN@KA#y$aHEMd1TtvCxf1ILk=P%7`5IMR4}a8wZcN~$QH&R7 zbYj^{e{b4%aZNniU+LtZQ6E2-cE$l5tEw;eLG~Zx{?i%dc@l#XCIRs3a2uh7vg9Pj zAmf_Mc8#aB!9?oIMZC1h`$cl-`}4*9g+Q|-I~lxvm!so?R;J7_Xbb%90N~7FT7FP) zaX?UH_|A*6cU{a_Zyrz>gJa^(1o+W+>Tk6_k=oOCfBo1TG}KdV?3G6xigXV*cU;FY zF~4odK6(}ksGPUg;Ml;e^@~X7R~9m+A|^RGSyiMPOeyjU8wk9r{HhyNrJvjd2 zVtk9FY2WgS@~V;zxD~j+d_nU2PTd1Sy7Z|)@!>L_!7J`8I!kNefEe#EHhk>_UZ`e5 z3RyOpC+bl64+k+=MWMbH4f%Eaer|Q@`S4YaYf<*sq#Ihc-7HtKIQ@tiH3A&^`mg3+ z*Ud}5S`b4`NRp(+Gj*?5Zc?rHs4-uFwwjymfli>(8}Ke)xCSF`LP}hXHwjU~KHY38 zyhB@Dpg19?ytKQgM@sn36VNDJRBbf#K|yTc1R74GuX-aPK4bSzBh`ZbBVC}8NM^*$ z-7_HuMhZ>hON|BJu+u7a)1U#GYiZ`@Ie0s$pLUqtyz%v1S$#HOUH+aHkUf!6lM?O=E8B*uPSZ>>Dt7|#k&c_dSp8q|5glhW$K zgrr9wcy0usmll>JzZMMV`ei1Z&kA0@t+%m=K~7GOpAt78s3`(?aUcfoC7v0S zB?#;!e8ORf&J)CvO%H~NBzMd{p#+!mQRT*USJXjk^b8tV!*o1v$Q?wpx>Ub(Li*Cf z>tcqmXL3w#i)n}YI#&tWF|>rh{^dv87GymP7Iz6o-)&E6@#YAo*pWV|W0sr!VB!4* zl><2EV<}RuC`S;6J_dw#QGti!I&7mH^P#4Z8x;aWP z5!HWD2>?RuGrxJ}pq;4h=2e&^l6avr*$OtcW;ja%^HWVV9?y`o!5vo1D>1RU+yEF>d@pulX9!r{HakW`7d|A_sqD5%?` zUCv4K0LV}rU|0+l*UCM_K69If>2;6m+37q|`J_9gj@S=Nmy*32CPpcgn{wR>aiaD5CgvM)B46gGHVPB{ask$+Q? zG5240+b_8$Vz=VEy1FE`-Y2EVSnS`31c&Tf>feHy8P_p?H?wC`qj%B)N)hfCCjr;V zzR@;?+72`1m7+g|<&W~fZ@nA;u=Px*^uU)CL3vC1krI-#d zQcR$6AV6XHRpe1nBFv@5qJfm)sumhp?zzXAKRUDZ$i77oToLXL*@#wsE;XfDX>$dC z#nb)uidVz3POi~n3@t5LQs`5D5)lEo5_CVCc-V!1{$ZO#w^oBvfH9NEwJSI-Qdx+$ z&K$ZA=O@eOBe`{+a&#O9$`CdK*hJLNG#n|9#o!sT|HNr~84p8N2Z$=s6$Jea6b$)m zjC7a3AXs8XB=gv$6r?UCbDo&Whf(EszP_(Dhs(>k+}clVnCE0eI7H|hX7e2UDPziH#HGx zA`FK^{NJd`m6Dfr6fL3kZ#sl%Q20bv0suGd;uz+QMQ}GcY0IuJ4xx-`Zz+bi@IIs> zNonVmXM&UXG?udOcV#BwK`g#*q#vEqN;@|bK+ z8;i+ASm^9*m8p?YEEz2d7Vz#FpDW3{mo--Gi=`U{4#;E=2-E6?nL5vd0kHe|11GHW zK`u+d^9$cBPfPfN5ZQDO)YU3;NpRweS8lg9%*S3~9%8-()oK|3A(McvTs>AJg^B(7 z1fyUCivtuj(ZXr`DeZ;Kb+&#`A(TN5m7U)4=%GyEi}d-VLGU*wab_^94J1PBamJW6 z_0oIQE(!oxOcC!{Z19&HmG?!c=Em#Dejmvr_~@6fpt4!XaAyqFM#{}!7j=W+a`!F+ zwc%b17YHwL*97Q5cNcwm4bt`YYF=5}lRos>#doHxr!IAC&{hSKbp%-kv-(|U5HBUf z(s5*5EC>12)e?c)ya1kN@mk|#hG8x>8z|8;?YGwn@*nHekeU{DUg=1z`$X0mePZA7u=Avjodutqix(2){ikQY zzS5OhP;`GyDh(*h(w^_Z3g7lNba{RK-a9#X(@*K+DacrP_IceOcJy0#X#Y9t0)?p{ zD@fzd{ru-jvKIM(NGUwTDeX)GQ03z7BX+x>8#aR5!@cj$^RDjo_C(~;fh~qS9`tr{F=tc#QeXsI8;`OYE{Q9aQmLF-Qb8{i&?|aHakXK&c z+LkH`MS*47K!nP~A2%-nQOjYn3AK>N`=JuPG{8!t$b@x3*$wk+$=j=6RgiGQlp#E> z#kikZ8ZuYdcQz7XL#WPyz424TzV~~5gF!ZfG8|}{Q^L_-Ya9wsm1cBKsxwk~3DT_Y z(PC#E2T!{3Y&wbBXD(gtlg+%rD44$k;J^E(pGIUOggO^kh+4x!$~!OI0#35(_`v=v zU*K~i;E*-RZ7~Hz%ZfhbJOp8MKS}O-RPN{ZY|wyj~j-)z;rz3uUEKq-dIa?fUYSuj~rD3_Nj(F7&tAQ_rOB<0$7wBaSd5;cQ*pVZOa%>uyUCj)!^ zcnd^G^?bnB-w=PH|ELwR9@v@oT26@90JU2}CxGi1&+KDx2qYMN>GDB_Jf(r*`+HSo z_;Gh=5u0|`d{OHxBFOJEJ%XWjtLpYqv$=2sX`oQB#lC&mETDjz0XVl;mUTwgz%bl< zEiK{Fpv6mc7=q@oLHn^eCD4%)+8j9N7q`BP5UB?#FM?ho0Ov=BvIEcj4~eh8q0{!9PMzL8MzfA%a2~+lt^c~tK^lf4A)?=^p=}_*TWJgFl z_ytEU5#%42ss>r|A1-Em+==7nr~GdgrN8A4WmDeYSYK&foI+A8_&)A@x$c5!i=2X5 zW;%y2PhA(W0VmuKK^T}XK00FSB7D6gfSkO*VxaH%5V}7OnTo)b|Dg$d-*?!E17&}1 zVJC2Go!#dm_Bmp={C*$#(aZ3+x?fU;zz6hepx?*w)&&$`_m@n^|2c#6&#XZv{v(OzLI{^F&Ig$Ey zQ<(c1Kx;u2Y)Bfl!wr5T3kW8{(r2+nZP}FEP6(O>JPk11X+DhvLpjL5gi?hzvG-q5 ztY33L0K{VA!)xjPD~LtO>xf5MT$z!G!kEb(>c>(d#Cw9tQZzUc97dqwwEmjEdkflm z0%+$s@8FMB!tcD4|LxAhGYZZkSWZ1NW=zb3J?MkL_f4h%Y_9hU%by(2|EcgzMrvL; z)JXH$0iMtS@V-PC$0>AI|bNTW1Q zi~|WM{)3Ow7Ysyo9g;625(G_yrMIrQBOKmR3V@c?w^kZM`5(t$E45gi50K3Ykg*}{?52{FMx zUj-xGF_XRlywd&xg0ubtf>k6SbmJzpaY3?L=mCq{kp_3{Z*R5V71Ii+m>9q#^1oOu z{|)5JmeK;8;h034ynZ~6{QBf=md@6bKWjx4S}S(M?8%RyC+^<8-&~L1E}H0I5&wTY zb97jLXhPqCi&J)`2nhI+g{*X>fkKKNOn@pz#Q&*fe3sMLlE&xSC5NWu?(Y56;2*GR zEeqKEQwN@FW)uAjR*j4J3s&XF2B|FFmXd!N!DYz55QKm&Er`xT3QL!j0w_vnC?JRT zbOXR(IR1ZrxBx|#Y5_W!=FaRv0Pugi#{YQ2{!j7CzkxYk)IUCUorGsV^}+=7d3=%a zG{O&o_ncP$6B-C^Z&86Ry*(NGE9T$ZRQmsRoBE9%P5<>B07?Fu8NM_Iq^o4b;mz_N zqvTQn>FvVsD_L>+RhnIQGZ2rW+b!6PoXmc+yS>4dnU%i+Jn#(bs~FMJD{gxUg0 zzGCb69S&4B2sVoQzpb6$h7(OHU?=|Plv)E9886lV*!c>(0aM;@Z`E_m)s`rrZOsI< zn7^zlG~UyIyDLB5|91(*5YIMmVG$9fdvoN6sBu&dF{2t^jp9+=u%~55@$N+L_9W(iJC=bJW>2J7 zV;TN_?~I38;x$Swgo355x3%kpVQTp8Ttg#5kN-PP4Wz|?FNVKSY6=t(5B3tkqRN2v z2oan*GuwEe&(Q$+@k|%xnF}*QMkLYtl#&(4R{#7g;PQfTb7_qXsMivI>HYJ1{z`<{ z-r!->O>IxFf4!&pWEeZaaB|~GdZ9;H_#S}0mk_CfiT2JEq7m4se5A!mP z>6wf{XX0;@sOLcBp+(ex69qXMv^qfX{ZHvGbfX!DpaTG^yI)fRrHj(PZF#|a0P6y^ zw9DVMG!QiW_damoIDnkCIdKxlLE7nWdF|8h_krISD?~vYc7h1MK#ZZkA#tJ931F%L zXP*|J@Fw>L2Gac?^Y!S7lbUNFIJUs}LHNT~q|`bZfQc>CL>9tGRlcP{$zpZ?a*`)3`ebi zHS>xaDfe16V0d5T3^2@0S?iDe!SvZGY0!f6v7v~ugNwQAS(-rL)yz*!PnJc536LDZ zy)fY8p-vU@^j9{7AjaYU_fNmVpD+H{5P(QlkEQO|Q~bw5W%zvr2ST8QK9V-a`}gl( z{1$C2x?W3yKJixY|4oquxghoC|5iP^fXs+q&=)bT<^(o9DF&P)+-b;)m^ zssEHF9c1nLDT38Z3uP}XQ_r1605|34UlD)iJ(PU6rCOAwE(k?p(z*Y_K1RL8fI1xb zxPy8=X_re5aUcVIwQ4J?%l`4yf7@;U-X(({{&i~K0}QG+!^{6=F$uBAisPpJS@O(+OD4dJvD0e>^;bj;eIYsyygI9 zVgluh8Wao$yfIVnJSythTWF7wklbhilh2qdFxtvFH~)-5NC#Ntz+Sd-d!qTO3KDB6 z1bMb$-|ivRHPSq))x>N9SFb1@L^C!)!YVZ3Y>%lY(9b^zrBCJ5X95@kuXF;yCGJgF zk5J0dcmWXXbx~K64IvAF`;%1Wziqc{ zX)}lzy1rB=nVI>Z%|R*R_6{OdTP@f696x=eh~OGUS^*Xo&jZ#QGv$SU4>oOv=pfxw zf1?mE*KjFMp1V5vasZ;BGVGLcmQBxlb$ff&)ti71Y`^O}aP$<#Q<)hI<`22~OHRu=@VUhHk_r!bGn`)kH^D6UiMLSU-w zyG;&UzLWFuAG$fjWVW3v00JgfdPEk7`{bv`q3;M)0y*5s*tSVh>THe2njcAO1=4GE zuuLoN%#;x=Oo=!Lb4`fPG{6I9{7xdJ~jlhmsHurpGt+&h$OvR>@2Fv#07a zb+**+C3Bk{z~+5tk}fM)rS|fCC{Vy%7(6t1IS=`OZq3ec&fQkDyCmkse@s`44jct+ zRa9NO8mt?Eko!UkX0r&P37&6YsECdY0pV!fkpP~ENrjgYRwnwnUJx4esDhf zOhpVv<~oAHbEKv1H-Lqh7K@jF+iFVd&d7(;0STy2=;*z(W||i<&&Bw2zj6EQuBF27 zb5A8u1EVuU#k;DhQiNc=?bVbg&PAJt=_9*i#mYJA9fEgrg@E^H zOD`okZk8(KJ~BswKnf~}F?l_8&26Pa?OF#xH_p^vl*jf;Qu zXTP&=Z%R0+s?5>v&6fxZAZ+7i*L&n#4=?QGW*^tgtK2SF_ckCXQNI(@^kulI!dOe| zt%GHmUH#809aFusz(zs$k*2H_OCvlENyN)^O$h4cpVm&!M{Z;f(s6!1 z7N1r5p$Ru`hJTbkOQ)bjsXP(uw%5Y&V3+kD#-bgInhYXDD~@SRgv4-&B`RVnxEeO+r$|VAT_5!eNlS=zD!R-z)=C5 zb$l}ZYJvW$HR?GqQPgWTCTTwFgvp(n`fgVNYYh-A`xTh8K{l-q+036hnRn1jh`;sw zpn~>+Y`SCDkKd<;f2B=)EG_!kf3ccG2#g2%`7>nu@rfPWeit#C^N8@0T8H7Rk_DVRVvd6$!v)p}P#V zp->FQ`HEok9l!(P8@L43LNCz9K0%XLq;Zz>AB8Ap(7ySVAYc!5^0P%GBvVe#xxQS5 z@|$Zxp`==OHP1x+=UNc0v3p=OACA0R_?Cuqs$s!e7jB2nJ%UE%xJ>u7pXEK*rw7kj z&ZXvm>rN>DCuJ_;@(0lTDg)VFA>hB^4N5r82SFadAnA0>)-)7V^4bFMdmb7Z+J#8s zoNi8>ob3FxJ9z%IW^X?b*aQ#cgddN@Wefp|6+4I-$IVGHn9|+_`)S7yh@U+aVqz$| zsiE2koEy2W5p&mEK-}!Kvb=bi+I-oWdC`0|aqY75Vr&pN5@ehVd%%n&uFfnVLrpe% zJS-0`vgFYpj?r$c1Z;@50P=dLiQx|#(;CYKeJff9s+fwcmku6}PS0Haf3RYq9v;mU0SXK-~9e zGT(g!7EH$d#)(@jwHc}sq!^3=dE@&km>;>_q3_KKiv7jb&P$nscAKSL(>2(toHLz^ zn=)IB9L%}Eczc7PkK@%)@@$4=r!u%zRLzt=_gZ^`c7HEfNIo#dd z4@w;UKQ>KD0=5?v+qYca$NdsAvx7`)Ap;Cx|7D}$b24c|-Jh=&n9sa0>e~CZPAE~^ zj~v|ip8xla&t-&$yL3?h_3qNZVt}9f&0R7D3vd2-C5xjQ7O}wT%jgmifsbyJD2^HV zC3Bdll##?Se-qKq5&6LF{N>3k)zBk~f&v~5gKKm1h{|{>-$I^8;qGJpRD6Y>^?{JV zwmQRr-pZ7sz3{dGx#M^Hl>wSzE#D`&Z^l1@gn$>vH*8*8`qq}hbd79kB%HqqNN{gt z0PRUd8XUYRKIeXY^JViU1vyS5D}VfhvY58brn~C84X?*dEtao> zT3sL$ABS_nis{awOw8D(u7xm;MS^hy&c~^w{qP6hP0O_74#!vD&q@w(ar+)$P1t02 zy-#uVzvp?)uiL$HQoktw@_C;_DgFXt0HId1lj9@-yfA}*K}K7eLxN~Zx5_65Cn0NG zz=28zSbciM@j^4mSJ4M1pXaULBbPubAe3kwC-Tc@3p6^w2b_*4%VS_32t$$pJ-8&e zX9?WXm%cl-ily~Cb*$(D1`ta^O2Gby*+w3+D2U8?;Y@rK83GlI`1TBK(X##Ko7?9n*_-L z-}ioc&fPl}29*J|tnF=ifmr(>RB@^U`M{WNs{t&oKEVp9P^H0265eNK8N)Sk0F{mFZ zbN^Cy(+z6;2Fs?(Vt7Yk51txVhL)YC%=$t)>8vbot72~iIAtICa~;iqT-;vBKJ!33 zZ(=#sl+HWwz3Ua2V1whg!8{&BXM8d8+wc7LQ5W`d&aSM{dgrmY8tpn@xlPO*KDqIt zavNkUkevfMnn55v$4e-daa3K>curtS2d?^L&MCrb~t1zRKzcnkM*R`Y*UEy`56T)i+lHGpW z(EU+c$WI4|ydD7o2OOF&UT}kgE){&4YU!2^^+5O|l3aHvW@Gdh&_eaW_|UM%Qvh-hNDoHtywXK#j}vT8v)7waVj>6{#qL?@^VxuB6*! z1co!+DoO2ZF0>7baoJoHE?%iQ{`|Zt*@=q9olzpu8^*Riw^BOkk4znw#4NO zuy1%9y~&-)l3P26J%J$U_80^M!TXTHCt{PX%dmcL* zaN#h5xdIfx1~92_@vX4HbCsn%n!wBb1F%|qfI>4iS6*~-L7wz%O7lB?G0S+QYWW@*QYN~uo0RXBhNi7t7Hq}KE_J{>UV!`T9aFbxNo&; z2ETH=*n!gMSA%+w62B$tIkt^Hf&~%sm*e!`iZ&2n1Nj;Qy9zuR1O;yX)9YI?z3igE zU@0ufo*1p2j-{t5jFvG9>jpPxJ{wzz+?ie&gQ1j1qW{Zfl1Xw@EG(3q3_?pHIXO9^ zM5H9JrR?@lZs^qc`s`$-_h)$z9nMViiU0hr?WpUS^JP=~EggS%HfA66Tu|`*=sx{{ zHTdD7WA%cOl-B`D;>H5*I>USjvRq~%D3*U@s$}--P_*hM(u8zk`RyaI(AULrH+^)oc?!MBwhBv{?Gygt;1(O5h+fGN6S4*t3WEMu6MSVZ%HF(t5d_W5svh z1cc*oqvI%cUmkDEeQ`wXPwX1JWf82tmCVLGmu>#HRV7^VdIAKd#&d1u-dOx)EXRE- zk0-a1+^!u2^4Zm~F3E$%ve$M^7NUP>EW}(pj9gqRCn^{ogxT&oe!nJJlD3=}>|2}( z>|1Yk|K|VU%AowFV`@$n>~;uoIuG}L>3e#f%lU(gCZnp*f39pSqN=g z)gJ9l@_G)|eXp~HNK^yrc>SV_JKyZ`_?VS>;hb&{uqKtw;>R)l3HVBJyM_aZ%)$n7 z1_&2D2&5KkqSi(>b59u=`KA=&Rm9C*XNHCI7-ikm9=awmyo^ns3{Iy^D;H+16HB6Z ztQ=8r=3)J@D#)*ITmR#vZnLxkF--Vsy#!9m9|W^n#W7}D#iC`X7|o@X{TQi6oMmDU zUPMr2uqCA>#!fl_Tj?BbijT#CL_r!wn{pq8DC{EDUWRShwwW&(g`(G03MqT)UmJh} zaeJon{#)f*Tcz9T+4il0&Pc?^%XLx~J)(4#p+<@j#BlKhzqUJd{YLFo&G@icK3*XK z5!TnLl&9!@ZsBX;eWf`Ro56n1#t|rSET;-i@~`_59jJ-Dd-0pNMSS;7^>hOHYuA*O zgAx>yBnE{UhhOD(j`dEd>=F4G?}Rt_%GoJ@`pFnc^Q|n+2N84F<;t~t)ql*V$MG#j zKqXZLu?Dl%@x~_%i`jqX4stlQJ8yN+OllgC%4AR-oNG`6rc$oY@A z9rr#(JRO0%5@s;TKs9uw!jD;*vXL;S6y-SZC0ZZ)bw6$fS_B7ny(kKbPN7G4^V2K4@+e&KJwHrCSqf7Mean?(rlVq=~WUQab>< z_R~TyfR2|;{fek&Cb>08riNxYj+$75(GuB`qB&V5SHISsSpf52S5dG9>}cygwogFC zG^tZ2;>JrmiZo|nCAzL>t<7InskV3lO3Bs7Xkb_-y z!}ws9SWIwGaXod&Hx1#t2;w{C>ZUYTi=Z6$6|Z^rel_4?Tle{)c??&|s7whlii{K% zRHZbdLbTx3&nSr*o(f)M7l-BEZ%(Y0+scJkX=!+l`&yUo zaAGFprRHuaj8&u1cf7nZ3Cx!q6+eC9Q@k>;VGFbX+h?NAd(0RDXnt6wu5-pgg? z7?mUn3iXI$xf#{9gv2tQ*T`&!H1O?lByGw^KG`x?U{5!ts=DSqY?Idw2mW~W@IuIR zQX@CNxw!u0|wre^Mvu#n;pY>jQH2B z1Oa9i9r4uIx#`k3XygdO z;TW#qbXUitX?Q9xUG6MlCoYI+qYBu&prKtxEh%HDw@@I^jkRXaWh50Yu;k1*<4(H1 zDhpw1!^sWQdhdL5FOt@bTl~hIRWuRf%P@8S$nHoGu24KG$EP#ajK#oN7ce}Hr}I{M z7}I^BskPRn@s_*d?e2SD5h%6k?BUo8evBjUz(rurg~(N1nNC`yf4}oJFe)y2B?spybbZ zdYBI%RZkUQPFIk`xLFW&}206#2=AmzKBSK?J62-e=IAySgNaMELVs=W~> z8_Mk7f{Z!FD?Gneo*jU7&ecYVi6wSI9nvBsag0t+^DNdbriC}8F~eb&b;=1$5cL92?dTSz>T62VO0Ytd?-GS& zm`OGrGA*{C5>z&6hw*h}9MnecGlgw&&%E_wY>!E%u(@q!9#=gPZHo6uyPrj#0Xu_nL;6C@DJ>3N`G%e%w}rGs`rFCpIgQ(49iLCcDFMYO$SznjHGgi z4}a}ZOoIQG#rW!ZmgP@dJ>?A3A`X_bxD!p&e$=xXNhd^&1VI+-lrdZ_yEO4aZ{#=> zKOsO+&#ns*Vnzd}sC(cRWVR|Y&f6d=Z>sb&W`m$dNj1)sKT z0hcwA-YK6GcdLa2rKQ&4)xwy|l{gZ%O=K>64_;WLr1fOmxpfLxrja1;Bf?w8WwS@k zAXur1%xd?dyN@?>GDpOT=5~yy6`$8WX0ZL67t*2j#NeSqZ98hQ{J@|WS0}wAv>LE; zuz~uy5x()!4y=9eBXXy33Ui?-kbn3t%N47F8u3cW(}Xi|9hI3a62Z6+sg4$8XlI-# zS~*QtoA24J6P?ktqZb%W5Zc0FXHE_axTAyR#aMR+O%$i%+q-el2gND;jtc0Ha~!_L zkVKIj?_E&K(X}B@)&Oxe$HGjRhCk7t`k|UZL*Zrv${DK|^DQ=4xyqZrUq*)d7icd4 zHHI4u#Y$`hGkHEb?aci21hq;P3+tcnAMrx>&-wRJ-z+y5h5?#1CF1y#8?6E&l$9cD zD_AH_crg>id4Z$|lHfbGv5QD7uu!XX6P)0CKGK!eW213$E4Hy|*l#IUu%8P@fJIFy zLmwGoQ$1&F(3VYbdYAkY!^l5Lu$e=1p>F{yx`qc^$`IEO2R|d}`$16|Ih&dIm`Mog83JCSU z8=&yvtV~3Em)Ig)U4A8xB$Hn18htAzDu!xrRcC|W!vD?$&D34D;_PD4QaAl;nYUlB zj*sG?kCNt-E5H;JX|Y?Cw+3*Z7&+Q5 zU(!-7yBg=!#@q`l<&dk;b3d$x*oX@oIMW zFQl;qU-aoc&V>M7G74}USI(i8KNRq>4Kxv^JBE{I%=nzz!0hh!X~CvAjk%H4))cUN z%pVeo?wE>AGC;P>^VEO_G z*v=#mK@+PFCLh2Rk_#dc`V}!xk4d4}hAovHx;9-1aH1VnVtDTVxQ~ z#u7e>X1zTD&ksP)wZG80RM{LrjSwLkmSRQgq1(1mp#8*nC}rP|`%2f5t{jcyGwgV^ z_1Eb3K~_K7=T{5;s=_omn3*KEtZ%hFHaD)wysVM962_AXS(8!n%9TCvLLzaJ?GRrb z+3da&OG{V&XwvvqMjB0W`b~|O_;aTfFQK27WkG~si%{c}7Vj?}y{|$`OE74D-=LhW z0W|+9?r6NBj}lPRY@Q$yr%MSnA8{3RceG^Rfnnc-=p=TXgln!Kg7k#BLr7^$eeN8X z`c^2Xf3C|bFKsnn-w6AUo}~6!%~)wkw>0rqUIwXUU8t$w+rZav8m{gNtj_ zZW}lckwpcWIK6hLe!m?-7d@FE@WU*0s; zdwwTpq@>LfEDV{`@3?)UrnXqOA7tEY0u#iHE^Gu7GR9|&7Z%NcNi)8ae;Ce<8^?^m z9!SQ#8$>ShUQbecycyh!)Q85afW?}D-06nB^ZLzb?C~2k+`AR8hN52S?w4Po7oq(e z8x>u7HQiI!fb;^G#*G~L88OdL*Q8)m$ltKzp z)7%AUe3u{OJWHQw_G8ZGLlexuBj5McpHJ<~q%1J+_*P=|EMhW2aMkv_n5-P3esS?UWiiyvdULE#OT?L+Ytu$oT&l!bK4`We; z8WKx>=$}v;MSXgp9I-u982F^|r}J$MWQR6 zUUVX3wuD;g=|=GV3PIvh!t8EiU^MHB6>=UcLHy_l1gnFCq z0s38axTz+f&$rWj9Z)~(XY6yykA%I7ZsbHGIBm~2eF=;VDgvZLmvZ?^l}pu8R??o5 z#MtxzX3i%wNi0;gn|x|KhlG?c1FOnlRc1o`9OUSL*ov*NoVwA$BXntlw>NEigj@Y9 zC*$s=6+n<>K=LcXYEWyN>OU=8Q3Cqz8L=NrN0j| zaB>YJu#)%X=ruxan=i)voTDF;`Nv@gy&nVKXX=*q>v>^&&5I|+baw@4VDJF#>*JIB zVPEgXU7;8IKwtex`8t_=nD|SjYMDHWONeP2DY`hh5geeT)nPp>V;&Dojb^1J-Xf#3 z)G6dF`N&T6=Sj1)3TAx%!QFi6GAfXymnKrzgey)+#jn@Y*1ct2~#?$J~$ z1Wwjd@y3EwzBDT;1{sYW$k+vY0UB~~WCRHf_Q5yH<{TA1`qat5MJA|x#P~z|i#n0DWwhD4DleExW`K^kd6u{0;K8ckPKlspCsnwJdNS80sVuSJ8=fSkxdXe~F? zzUU^bY_hL%R%mC8q+N57@$j_yT0E9sayH*1os10EX|^>|Dk9%!sbRmx#R4uf^*{hS z-$q!6G_y4uiH0eT(MTvN6SemWAU+$NUo6ux7^F2?BH@q7L%yXwSOH@ko`yB`ME=+< zl;e#DL1gi`VeGd))5JuI3Z)(sgmkSH$Z5L<2$@>)GCYdJ{8fpTSv)*8!bnBc{n~<$ z7PflB-sy*51S?9k)6u!B3c#MkJb?LnqiV=EzFsn-*-Dt{K5Ehs4E zTJ1s{I}cBOdcF;>UCA8K^;{;FT$;4k(e!Kop*N($n(f@jSrL0K=`F`T8@auY?Ukpl zQI1*LJv}d*NE(wmXQfldY0|q#yaC9p)#TD=HrdKW#WOmW3dU)7Tsuj1`RPX!kgtOS z@Ak35hOw*5PMK&WBhsbzjmb>?_V2p<>Iu;AV56Sf2GYqYX~Ob{`!a%q{43oFsav7+ zk)~R15}S|dQYStPZFeL|sG&rR%@^!5JcRp-XNtUctX_h5Nft@2P)-OpFb!=i^hjt| zf90s3+?;1{QY^m($FYbXd49o?x&5UX;gANbGWQ8~9J0Og-WhAdjb8bxXr7lCO)xx~4^I&sb_7(rFCJWCGOi1M8OTvd zn&sKES<~meCFOMV5vN076Ag&84gbs&!2FeBrnKLj9)k#LhG%)8l4SP2AqB@`8h14t zd;JXo?dm)1&9?q@+$C$bXBEHs1m)ajRta1Zy$t7Uj(u~pk>q{(1CvRs%{7t+YH1cq z!veoI#m&k45?w=!c7mm{uTFF(S-C5ESH)BfyzyEWlx%z46+8mF3i^tBk4HXS;2a-F zWY1z!60p3KROzx>Kjgt2w0oqfFTXj;`@u}p>UHIeLX+U3u$C5?0|oo(l)|UcYN#Kf zhbkgN>O;o$Rhm~PoTErAv--?vihRFXnbx%CS=J1_xEH$fKD)%3h$9}ENa5@jkJ$0x zqu*xcan2sJ2lJdN$_IO$LJ~8m4~S4an^Moe#WD1pQTlu;sh;YsG&)jlDnMTnItdt-1Is*NhCjc;OS3dau#wRtgHv_@U*KNwceBj*q?jiq(H z8aB+o#T+dtRG^G1ibD0_2xi@doC>z=NiQR2imHci*ZrTL9MUm92*ZcDXR$UQiJO{S zGo9tG!JibV@!=6JP!(P0=de&D`l2D|#A&2yL3Bl?@e&%Tb6o2B&v~39Q8@W>OL*GX zHNadJpoQ%!8s&6XnHF-$9U6KdZr;jpEL8urZMI83D|v|G)xdpcw)k{2bo0%hUIal| z(Y+03F2SBI6m=SdJi)PwP zRjAP2NLgp(b$9u0X-pS6E;bp4UA8(}NZnQKBlp^YHoax6;JkP#O4#C*T8RtN z!!J05kIbGoG52&6wO~UD91eV*0?so;yCk1l+n2y7y+OE?E_Yr~tH{!lR!}SR8C@M= z!H*F&TDdX;WJ1*kU)ymO7)MDDT9$qtm@O?tQ6%)E38@y#Zgt}r%E_YPRen3zh_jGC zx{HP$vKlXRMwr-w8ih#|{7CHVHFgttG6*HQ8PvZi2u;Q;uzL2!5F? zVPL1|wicl5NJ-Q&8FVd;AfSIX2t!19e3RIdj@8z2Bw%S}ypKt-&Vf4?OzvNTYZJv1 zUqRxc#Ny8}_-pt^=0ioy{QG9Oa_BZ_<(EJwQZL}EbDyG74OC&9jP3nJa?^|oM!rUh zxLw3fBulC%#7aCh65rpB;FT3)47WZtt>dgIm=WV8W zu(*nK@UU3HlObeG8V!mq4Y%Uf(r(E%^(Ax~RNVe&&lj3$0l-!*7ZqxXPQWl+%a(>j z*XcbkfA?a~g+5!VnwH#;L1#YmbGGCqg9-c%UtZU?3{t0xGX~bY>Q=jo^(EOCpR@~) z5~FHr6{ikUwa_*IQa7&)g?*`~Q_K1$IPLBKGAt~0;4@K8lq2mN>f+qyLQl1Jb#$M7 zr%g7xQ6waIIlqXcaZxI1u3VH*zJ?;r;#69s7XE4dUiLpZ7JhgRHY!|kv=6v!3)E(fE#%Yg7~Uz& zN>XRU7h>`O$RRXx550AUR+athcL6;p9Qna<@8X%aSWIp%a7ExN^LaJiDS^wx)g?0n z0tw87T21#zTBAM-qhK8r_e4Hc?FyBjf6ww&HnU4KpsVUG@fi>P3mffEzxQML&F4-} zZc}= zr?A-e&RzF+qWQyOA16#HR4j2}0%)mwukr=ls8~yCBIX+#x`R<&jd@JEL_eR2#PBS+ zzS=AxJtdDf_Mo>^jp5+~3IoaA_%%r^>?P-Wy{*rC*$uAe8sXPvA@Z*r;HgtTzF12{ zKJTRhyLngQ=s2{Sb3nWKbbn)$F7cW7Yf-D{Su0@dQC-+M7HyM&Svwy?sMqFoJKrX3 zs$rVd8PRilZ%-GFdAAk`Pyes+R0{xUA*7@d6sF5t-?52`C_K7u!J}^zw4V;K_aTs;1 zy>4~D-Z|>H{46m|oi$-HE17$~Jli53>U(R77-go$QES_D3mgJov>5fO$N3GWPb0Wf zJvp*xa-2=z!l!0QV|z3UO*89tGp*(y5#dr_7&MAFRFA_e^^ukEvb|004-*xz6brvl z!wj9}oEivgxYDsvoNbY_BGD#Myqv$Hrl*by6^ixzz#tAPprOG{#Va4->3=(L!V?9DR&i0T# z7&!KJ_({DZ%Jk-Gxtd31omXu<;3gJTdU-V>kVzK5+9gY2u4wG!2T-+02@H?<_N3!@ zE6qkmWjFnjToQ;|7;d7WmS&hzbZP%(~NGKn(B7OOxF`W47AG> zd~&Q1EPc*+rk9zDCpa^V()EPIYJMrnA1?=WNB%BZg+$U<1BMUf!j%rPNwr22^W^H zu5_$kAElL?1pr6zX(X(PJ2Ty=i3aXDM|Lk;afSrCa_?@oCi&dei0n!9MVcwH0 zH~Ok@>~XMHfSK@`f5ldlrd#Y$T`9C9KcAZVa6Hh^71Nu)^Aq0xsUN#X;^wsA0Oo^2}r3mN+J2HS0sCQ@*j@ z-=KyyJi`1&B&(HawT|{v)Jw&BiO8k=*DeEues{h{=e=pWwxH*izT_E?%;U1$!Yd)w zD+on-G}|4De!(Nqo5o@hc!pfuPG8tqI=Oh6yk3G4gL<)=1>5L2&o_y+)6gaM_G*@9 zR=h~{Q&-pZX!?;--D=Z9o!Q_YcLe*yHtH^b8l$txUmH-9-NLuyIVS%7Ny>4V4;Y$# z%58phyVPQ$rxPwv$_VF2gm@xTIJE!3JlwqVo%CVgQM3`WnM}^Afh+B^4?_iX@^x)s z$7UZ13mm91)xet?aPLHP?0z7?{FOPegZ5_D{#Buh)HDH>Ul|8n3K9=o7&Njp0un2Oe(# zU)>!eYWdRL-96#iJeS%ye{BQ9zbH>#^H0B<3nQWbu4Z%cun_iIxo7;McPsowNngi< zYWBV)%Q-%t2>+oFJa~CaPScir!S1)zM*9i}-i3yeJ`>JUD_GzKZ?LLq%H*5spHjUd zz)|+1yd~3s(ys?&W7}&|WiMdU@I3s)8ukuePG0D-1qj%0J!&{d6CNiuY800gY^U4y zH`&18xTmT!4s(sMoU%?1z7m$f)c)xd#nlf4&}*^;=h%GrExR!kW8qF$ypI$7hsv8K zJx^ldc=?dSNGnHlyiAz?$C;3H=21EI?lb-)DA1v*T?!X8~dZd(~M2T{qUhUe$P0tVBVP4UiRr_PP@^oTV@|KxBy zG@Db&zQJ(%j~nG!sbbeWJGYbRmmXF<({GD!;(S;1$>+VgewV42Zm{-b(OwX`N+}&zFee^M<(B&+EZaX5{1xIcdTFgO#6AIq61G8{|pqttA9PQx1jgv zVb4<;uNHF-vB0@0KGL1@AM-`fAjU}1Y4#jm2l^}=`(L_$e1oi1`BHk9liJNRrLzjw zXJ(1w8ImlPhB1QF#wCcRL#Ma2srOKUO5-I4170B~nk9G8-jXIg8r_rJxa--CTix;K zuG~A)v7t&9fP1DRDQEsnpEawAQ#9RQK9?va*zYy48k`spePoY?S8lK6KRI@M;wwOH zxoy*7c^U6*mJ)ax_hTruhDtcFDUc&|yN#F;Z?Vokf{o-B@#PCE?GN`#sNvT2WsWUN z8LKo*VXiTMjyGypJ#8Q0&{TB9|LZ?e{zkSMSA;E5JR{9jOi(PqzVq4nfWJG0FxaezPvV z?Qhki3PK}~d`ZHBq8Rycso+zVA*m!!pNWGPVJs2#8R0yB)0y_^Twvh#s>0_dzl_H4 zAMVROS9ujc3_XK1k*AcCTk`&soC5wNtg36ifTjMlO4YxY_ev)5COFimkf|;cF&IAk z_UeKJ-#M7_{iz7CoGbQ|RDXux$2ix@NfUP&XF#9f92=Q-nSNQHSxTrserLB@-@#n( zPF39O$EoPJ2~!Aj^uY-hGf5Tbud32)SI zR~za%RDFNCIei=~;sE~p_^10s3GD&+BRHNv-F3GwWN^4{;)|>?w122RXe3C#%WRo$ z-42k+?Wv=a%Vg}nHZYo@hREix7iUiU!Za9h>dMPZ;onl*fI;M%a>PMQFq35~FC)plhy=f1%;O1bL+`a) z-;Y9TVVASrwTD+K5)4lG?3)oMcfw8@Z^Q%Kl&e9WgKt5v2hDdOQ5GNDs9TR?=jBV* z2R9~hogV|^(Z??VY@RN}kqI0TJW3L%?y=i99*>V!eKN^01e{T-x-Y7pL1d*pzI6O9 zbFm*&Jm=<58!QShzWZj6wRL-V>MiLjjekvVoK~G zU+4p7(Zj>ky+ViT$s+okUKBwY)~GUC`&M*veu;2cjsa0l$RUVvjXmuL-Ffxv3y-~S z5G^3Y#jbUS1BVdgGeYwcucHw~RDg7O0DBL#sqEAfKp|t*}GHVn`!209E~vV)~9xS?@rPto3s~cm5WrpNlRgXXd}93 zVjWJZgEeESCVo7os=oKE$2UP|nd<2=BAg_}lfH1!$l`M4Bz?$_bqj=ET;20b*CnGS zD>;?fIYOg$;-PLjv^RkYQkcDwKVZdS{6D90!L!o2s=8^X zvqs2DjiZ8N5C1+HpjsxFPGP<{=Gmw5T`}t;w>I9$H>nsJ5BCoMVT-gJx0F>tCi(wx z_LgB$uHF0aFbptA4IvCYgn~*8pa@b!g9R9r^bmri2!hg$w4#6@B_<7u=%#CE5Rp`B zC=sMX@_*f^d+XlM@5B3k@i_J#=AQeib**)-bDe7kXejilm>QIrvg1tc3+p+a4lG4V zv=^8?*;ya1EQzKAx;Y;DwomSFlJRykg052$7*50{=*Z_X=Yd?MlbOXbdNYv`yCof~ zLoaPd!^n7=4X@=|RVx~}&&66HX@LUaya4a=%Q8Tl83k!|Dzj2Ro!*>T0D2ig_SUJ+ ztzv{kSevg0Aef(PT?92Z6zy#+poF#nN|blJe$pE_65c2BcAQ~Qv}Kz8r5V@!;7rF{ zL)YMP_eHHF?dO8&*$2))>Nz>+?L7<_!=uqM-x5X4+QqC5$OuOV>#RyPi>aQ;!d~28 z*Cccf9tR2+RXgS&K%ztNJkibXXan64X+B@+TDtOG&YNpv=jDvIMBbHK!wbV*_>Ehp zJ+(1Yn)e;b%G^bhU7~J3`cUL0*W&0iSvS{h1KCA(fAQ35($fcUcE;SA^#iIt)#5Ee zi~!q9`*L*5%MKhs3AJJmSx@eW`BXe@$5Dl)Gc#L1Y z$-3h}f2$BlbetjIPQCP*hk}PhicjCpwr5P}Z=7Pfr)#W?m_s?MV58WlQv77F#-OE^ z_iN#7BjwzRO6|C^EzA^O^5svZ0{-r=c#>7y1C&9f-j2^)SmpTr%QqrDDv#>FTJmA& z4eo&Ml8Gl)-<^~vOunvu1RK|XNCl+xrFsAFoxGpyS2#ZQC3f3&h^a`Sd|^|5*Yby3 z{?p?D{{djZPiY;=M_;q-?Ag1gR0u^l&8f(*bSir%U41H=Z2YW5B$=i}l+k9@${$z)}Svr?4Ooj-eNEPLP`qIlmOKfBNzdDwnx^-=gzPQD4?FYdfk9}vi1d2@7dMMfi{($YfwuV}!FI3#l+d;VThjSrt(_9~*PurVHGU9UUSHFb@zJ1e8+m%W8(*er;zZ{@vR^K;o^gDE< zyz<@@0mU}+ydX_>!lZlC$Df;P`33j(2nBFSj_=T>wCUUV(08~}rwLId7Iu7F9#O7u zSQehR_-)Wilh-a;((u7@4k-CIeJ#G>Hy=laTfcHLRy5uPxG_EMJN+F#)+rp0-^gtU z6ibps0qZ8%_LLEK!(b{Ib$7`b1*2PEo`kUa$o2?IMx{io^sQDrE4}nZKujd?#b6L6 z<7QD7k8XYUGa;hrf@@B*WXULO*UEo?BS=Cp5pIR{)oGyR) zsL$ikYryzRKZyeD+HxtM9(Eh!+<#L5F={_(EM?S-EPF!mgUT;E{@l}M(|my9bnE?| z78yZg<~lvxCdG^w9%}?^kVi5WoqgWJQwx8{)*zQdvK?k;sSHv3gX<( zl)~PNgHaoYjPs}&Jm!Nxv2uWZQEFkVU%y399~^2p6vy(rOdm9k(l?7>aA-+x@h{yS=nR#W}?x zg8-?~xfVs`h^jOD+zBNFY*0! z^N+>7HIYP|>)pTjes0j+xI3>Gsm5R&b_?02JI&h|uOeRg2~Fm{REH7G)Es{|kjQBF z1dyF;Xrc|hy`NT%gj>M_@&OcL0f=o8O5Y~X&=%5-`|ui399uH4ViP&{SAS?0OJQ8B z|8@E|bO`q5n!TLsB4b3|?)K?)HrGb!JJN4NUWgU#!8=J4nj?U#4MI{VRi`RolF}@_@ zz~QopB}+LI^&x^~vHoDM{}20GxFSDI66Jys9DHwDx^C7!_rX%e)}X{?P1INcB_x>L zeBvvCqqT^&gGa%~h^n5)1yDI=ij1~}u z5!5xc&@DU}j@Rf<$iZEy7r(8@G~|8Luyl4{(Ejrf{>|Bwy*K~;%~KryMK3Ot&yQeLY8Rj5vF9dOfB-*)yCJVGliASIsYIEQxQd4ky71Y|boW(L(1KM2ykiHpQ z_m96%nX7bo5_v}W^`*WWAI>QswnKupJ$Up9yGwnyzUFRm<{O*R$}UtD0Clktw_f93 zT2H`;V|7g1nYF0}*-t4&q4K zq^p9K0VxH*js}g^hO#TjjmIiePXRqCaiM}LI8RF?JD_Fl7W7*u2S-T`G?p|KaRO(` z1Pg4Q1Q}Je%TXw3#v4Z-&0slki8jCgz&rD0W zwu-5j0z#kigGDJzcr+IDexiMzcGGa!zIXMJRdtE{D^R={3`Ub@N;m4mw*CW;0ak2G z)F5O7>$AO4wMr;2ybRo#MI!fJsd0xvtWGK5LDx3M@zv7G%$nt9#aKzC^zS4b1Y`+- z??#Ls6O#XN$bz4()0n1l@p(^P`qv>Vb-z9O`!O4pMz5=x+Lbk?Umd6nq&+2QU)(0? z_Psk)VcVRT%^@{$aUoL(ZFWk272K@SLY3P~uiw3MN+8P*0)Bm84_#JHyp5GV>!_3O z)|JM)8tBUBoX#-rq7hEwKsRULx-sY*W)6`|hEZvUljj626)!cIg8PDNnQHVAkOeI8 zzT=e$nvM+@SU(nO(r9EbLg$Al%Y)`IJXAGEP$lcp=exI)o8oVFan-1ggl!{X?83N0 z!w!PO!sul;O-?n(5Dl||c8H7J)Z|FoA!D%|;!WP;Rtd)LFUlGHi*2gedz7Z6tOol+ zNH+*FoL+B_&bxs^)tf{HTlSYLEK|ok%S46qA-_lhCT0KY{y3WG>KSFTBShKmgz3ndCBpCgbHpSJ+I73&(%gTR7V?4a)4(`3g32FwnFHXwK_ zOn(ZZ*5VSm4eS0J!Z82)_R6u0{`#tGKvlpH#gJ%@=yi4kT9~?nPYz7Jj=Hj)@krmg z-|HN|#ywQ1ix0DbWn2xjZuN_MAP&x(2c1IXKLP$MbGO>wOPkBiIYsBniO0X*WVz%C zW0)wJk=Jw<$kYmmw0>y&bOESN4%C@=iWZf5@1KT?|Y}fVQ^BvMQzG0 znmwXtm0a5D?(Nuf;=K2A^GvYK`M=ulNAm%~c}Gv<8zPgU36tO5J?C=tbh$cs-;*186sV=sgv)?ao^PmwxNlR;Xy6As1`OU1 z)_t}Qw{R=&iF_;DwH)&@Rt3h};QuR0wnQ94lSuS1=BU0!^e`F7+4q4g2O;a(Ye4Tehr^L)m8-y~0C;cz>&^`*22n{AjEEYF>=)kg1fx@?@_38B6@x!dr z|4LgXacxH88ImrS1$ccj^v}i9>x!8eP3@hyuXc-GecEyHNzPH(?4+fIWVb2c)E1 zZ~NxKvc8?#vy1u@W)@T(Sv~pmDC`9j&yL`~zUqgX76#?gnRJ3YuWI>Azvjwk^c?sb zp56x`Oq3z~f_zLlI_SZlZZF6tO8kTl-H(B?3gxsv4IM6lFIJtYtm*$?{;$wNsYr@= zCckc(9h~q%_#aO%kHm3_UY7-^iN=2ieDX(XNYL@-1T0G+&1Yzhy>O{$ad%VbU*oGn z0rW-CW0gn}-;!6}raLd^erC_$Cl7PKy6113tn_0ZCde@1qVDDb+V_5=Ohc0#1N|n) zU61Xvo6_p4|9Qka8i27v4BRV#foqF95_0Zevr*Nlv=5dZ=m21;IWViV5^cvXYEXiX zki2`oS09;v{1+|@-VCdaXeI{}bX@z=>$E>t6$MwOgnn_gcO!`}V;=+GPk(_|g>IYA zVYs9`>_?U^A2N&^UQ|2zU!w`AGGO^^cFmnj!jMFRQgZX?za|cB3{`MRfsJtl_JZYh z$iTm5_7(+XGz0};l*FeobQBb;Y}d~}cVbVjHlO@8^>02W|ch7S3qV|ScE z2m4?kpFCXR2z)78!2dmq2HHpZz}dPs==L=f0-i@p1|6x=HoKqI0PPLdtCj!cil$>A z(!cNtzp?)w7_gc?KUTAvQEajP+dQ3J#-H11f3@R?Jo4lF-^Phza3k-*Y_snIls0tU zd;Ye0Yogd|>%DI`D)fPT?0Jg z(FITnkCl(~Uc(o*0Y}+-u>RyBLT#_h*){XQl|&PPk_it>rba4Urtzzoxv4~a^rz+H z#;UKCeqMvP1YW4ZsYzDCa~Dk6E9d^#Z~AA-365VBuKn9qLub=C2*;|mvi@p!NY|?{ z;(Xad-hUlF91V21*u&|h84Q6n?i4|wiwPbIwQ|U)%&+6ykD_{mhmGHat~miKvY2LX z>O<%p))9GFCM!1-NVm7E74b_8KpqXnJ*N%yCAXC|s67g+i3yK!~NLqB{ozj3|mVzbw@yKbCBcXG578V@3 z@X}oI^%e2z<$}kY)c9uVxcf}JS3kZb(TLX^^LTY9{+^y_w7{=3+W7*Uv&a3t3>R_^)!1v39L$+SOMILLy21B= zbeL%0n#$%qRw$akF^?5^kuR2Pz`|e%X+eZS-59vk?M`Kbr&F zQ-UuN?t`R}u?z*fn_okLICPOIi~%t*8p=&;ljiO2vHDTZK|!Mm7=mlnh7WmOxNoi~ z{@97PkpAMCBiIFtR?^tXhpv*Qx%>A*x;Pxt$4!)SvCszvXSJYM$=FlD;SXP+^QV1y zE2!*MxHF}$&IEtt=O<+%kV5wH=hMLra`g~&kYj#O&ksUz&DDc&L?NUB^|V*{-UejF z0XkQ8<9c>(iD4gjT|3S8erU3&)<54&vt7~MU~x0RvdmSKviU*a1Tsa5D@u3?6p>$MnfmJ5^Kxb&&P}8hH>zHp~x9eZJ#7 z5f~`n(8Jtg&Jp9s=ktuFI|-K!DaQG%v&KTW*oX7G;AL|T`E!d|1lh{lhW;|oRoYNM z2wjQM%_JHOn1+HcuA;oS0($=w==LMgPuQau!TLH@3nRF_L3d3gLdY|niuTC)Ex?aL zIb*>-OdCj(X_RV5^pBtjYC&?<>ak?v)TrsedJ+vt)3?U>=4UI~6G8C6OS7Oe=sqL^ zM4O*VSFY9G-a})@*7vq5_lm2yX8a}2%DowMlu6b>3Z$eTfqNsTGlaWIw;(lc2XA1@ zYe2Ch4VAowoRqdr3Bd)3ekwRA8d@q~Ho}Hoa-`)UnWvD)(WjcD_hET>c-4bjIEE@R zs48F99jh+Z-fb8$i1I(_O|Y{K8+X>3&*Ort)Bt_0*;V zs6>!4@|({;O2!+5FM-Lz`vHqxyQ{FPlUMmlV;e|Gy z^G8QWa|H-V4P7`Re3=#HQr4{PHXGu}LHCWEaHbx#c#6pi_;R~0+QFIeXoJ*Y{5$m6 zxu|23B$p2IKu-k@5CHG=u7H|4s3Onb9aH5&rKr|=Jl>8;dKbi!I?H;MTc77cAmYW# zdNl1;W(N>*qK!igc{MPbc$j}!^d4hO!+L*KmtUg4GQX#RJ)h}xJP7IsYdh!PAXzO9UWN|$S9hv1G&55S?8vCHJhV#J5Su1EdXV{iBB1FfCM9pBM<>PMv;5iE6hc^LAL*9)1d@vNImk9 zg8I!cX~+1M*7Km{#oI%Al_1wgW7DhDz^1y!2cz^RLZru9R-+MppxPj=5ZdAW&2<#? zZ7p!UdTd4O*QH6pw;!~KK8Iz|$|t=vwBbQfV8k?({ix25?|0CsV^#A|#dLwNo7K6? zcOj5lzk$ShkB7bbWp>L$V$MQ^=Rtz(1Xkqo$lVUcP?FhW}Mld?n{F_Q6%7N?v=nmejGhL6rx(NE*8 zr6kZneeBTbPvki*^CjzE%|$IaE6c#^eF^U_ilnjjy#wZpG*DM+34!pBpup&K0DZ$f zN|1#PdrcueLD<@v_jM}Prq@<^N-ln68yufEn?-5h@0?~Rbo^0@W>TUlq}DG_flem< z|C|E>dXJr`7yVSyWSG_QCcVeOI9fQh?1GYlw=I{`0TzroT)v#Wi8@6z);luk45Z1y z2Prf^u$=`uy>n=PhCl?rUDXJN+NANRx}PF9xxa=+99wah_%W=+fCYb&nY*Efl^uUv zpXI%CT_26NcEBRNcClk?#ND&rn;E#68?sNNd&dmPtC5~A3v2-4;J}Cc5I0shXy>j0 z2`8M9<}yef^$-(%S+j^rb-NQzyez}$EDN^`=)UY`3Y*Mx*(7KMmko((Mmh#^G30oPz(t5WNLD-ft+O~8AR?{I{-uo4G> zl%){%3%IXNaB|{r@t?m96p-vlG!O&nqLvSMx3>}*8|HXXl*T-oAAnv`gA$t5;A%#& z5G;IA86rtgK{{4_AU`N%?rFrF_GZ8?8>h4m8ch#2B&B+cQGQ^*yTMUWL#@g|r{D#Y z7+)UbNf;OaAdj5NJ5@nuwKPIHhbY{cg6X<*cs3AxO~hOB{|%;hN*yR2}%+VZvTQHU7X{6d~mx5Z0bXg^|WO-)gdpr1z^c zqjm2wupuk*x_5*vl#{@QKcJJMmloH^c`hK{`L6fO`N7f=Qxh12NyTrGAc9tJ(`Sv4xovXk;SP(17;czX2C)2m%j~TVC{8o z6w{zr37mZ&-|^}xh?;y9C^)<72NfGIM?j9?V!T8}b7hNB#ENs8&HJhPVqeE90)q#*E6mskOZ5SM|&Vgco38zFL=tb-UT_IIhAJHwn zCqr!@L3HUz%Nu-BDC1W#(QFggU8nWo@)grx)@_O>mcY2f+UQD+4^N)}Ri0#RiG!X~ z+9w#`pqz1W#MW8%ZiP8AV{O=X&nP;y)ZzYR-NLzzP{GJW?n=>aACGzE)XL;HdCfkT z--JtZg)f0o2tGT_x$W`4M=|vM1z{1@?OC#vNGyzQ9chhj`A$Ih@@1IIWnY-Lc2G8c z89(8c_a=AGL=@KaX8Agl_JlYl-*6DYxutX+oJqF*Xu}RVlK~E$t)ug`U(mO!)opY! z4-iA?!F(uN;Mr0^&WJrTW<~=`D=%9iTLNU?uE63tw(-YYcMpTbaUN7@mXw_I`W{Bk>nRH_*C z@1}4)KKCkW3dVMtAs>&xh%FZoTNX9i35iFV=8mK-cHQ#0V!ruP-$^N589H8`^PB*x zk^8>lt9pn}*Q7-G;d48r{~9m2hUkwUzdo*!4QuDW7-nI)aTpi!99Z3(SYOs^7!9pd zKhpWCw>5W4&#eb6ekyNKR7DRMpLC4C8X`3iE2xpW#je>Fsi9Uil@h-`r2GK5mmJ)A zn(N;-bh#JMsy{O0x4y{R7)s2dEw<6w_-eXmCxP+|!NQ+C=gw5Ey9UwKy?vLO1ll|W z{(?1BAy;pNa!+w{AfJzUpco@D0x7rYaF7=FIgTc2S7pKQbOzqz7Iny<-afRbsQ|MR zltO+h#t8leB?ecA@b^bQECPLi8;tN)!vp!%fP`hzBDDs(0rf>(x4yN?vJNRM9pW-8 zAgxSc+1nV0RKLrw+W30FEJRJV@7YrOD2XHB-n*a&iXpQ^iE^Jx5kfq9v}KurOQd=> z+nHp8p)91D;$$h6#L+@J(j(NFSZv{YHTLg^N1;-`w(ipfOsj_$Nhz6u76&O&1u!L_ zyRf@wIy&D0oU#wi9sm%@Y40W>q5&jdXeLx~JGm-6(%Di`xr{KI7w_*EgA*Be*LC_> zza+J8or8@tS!xXqu_2CUYC=ChV;A*JeTOy069iB>_A{z?$+`6xHv>fzF&KOgueC&G zY9YNBB5lHp!M-knAAUzxvko9pw*6Bhw_4+a-s_FT^ns)l8jz2qwp!m>VUKk@mry*H zq8C|plKj0z9=XZN2?nn!9#*sks>Nn->H3if7^dWzs5rJBha%B&q%PHAp6Y9{C}<9R zVbR)@N6|4+CZ4FW)fhh|p|F@^scRwLB5{$)L&A^3x894KKTkmFt|SC1y7sC>>QBOJqZgwIKF+cTE5~j|(*bF&n%slB z`aF@%40~-LlI5B3Sb+IB#S_IODMX{BxhN&8s1+Z&%9fC1C!XvSkx=wvI974R17IgDadxtYO4!yIogh??Ut&;A{7J zMoF98ch!pX^AfCSNSp(Hkr1W+v)Ts zI78W$RIP7J?!Z5#QO`l;UpuWb2O3T;OL5IJBYPMKuKYiY7qtVV^!Y|`Qn{-``slvx zIttk?sXG*7Sn>uBYCIQzbd_(tXv2u=u87URE8CK2KeoH>xBaO7r6Qxci!)*TUTzEz ziN22qmsw*wwQDp-!nRY{@JIPE&x{?fvT1r%Q=f?}d^;(Y&l$-rR&gB&j`n|x44-fj z^`JGPb@a=7&v+TTraFT9ba&O6^mtg>MxDUfN=nl(w+wmwT~{9KyGtcCH)9lbJ+dht z>NI>uD=(+>`}ipY(#s|+-`CSShTHpv%ih31P`YAU-+vHZA5^AA%dDj4_Utd^rs zk1~-PLwiauw zvLO#e1vvn&oMb1FM1wjNb3O=%@v-y^s%9h~tO~C#EMw2SeEy$-9)XKitlW8R-!5(4 z;dM7@t2}7sFo9HXX^#^i3b>oRu$znNNcd)xVM7|b=*HsfQEaQ%xae-v12tX}DRq1M zju8^px(!ZziGH0!YFuOy+Al0BVTU@lPEAcL;MCLekL*Mj>90K@&*#OFlXQZxddR7> z=8e?|j7uq<+6yDuJSBywPDwiy*C?^}gxcvIp23M~%Ad5p0fUgLcjy>ok#9`bYCgx- zAEU@TR*=~Vk&0MALP0Avo+cUAyx^#q1LkmBxTT6P(C z`^qYwb_y?QdyTF*HjX(Pg)M`30~Pl^k><60&+O0%?M9VV?_gCdM10P^S;nP9J=l9# zmYV}&#QB^frTbzHL?ul3>2lLnuDEY;w25GGozO);NX384fbZO(NZaekU+w9@(N2I*kN zV5D1yGg(9j7*CI(&CsuV}#-LeA5lCritapFYegz-Jpov}B+8mAdh#g_vYd z=4EU{;IXGREMM9^3dYS|y-VYV;TL%c7`wwo9?N$hj-WZbI2;i=mb7Ma0fH%dDW(Aq zjUu7SgOM=)6g%Dx&mm&wZcc}eYM2E#Z$b7j3gS11>nrsXs));fDaW#))j!@MQhTJ7_0a6PpCd1s3sDP8t`g&Ui)QSj6#Z z*PD;5c>@IYby5V9*8Bmt2Ps@)gUX72BcNKb(YgUgy>&Oz|7;gj6HM9s{N&_n*r3W1 znRu>$f{k5ZZ}qtmb!tH~fPH7t%y=vu{F+EcS(s?UZo~O0>g+&a{n+symN^Q#W&VTw zkDv%La;xfuwC@5Rx!u^Ngom;?&4UpG>+ZHK5^wnXj{ruomQ7?WK;@b{TaXuiI)Ca5 zKRW`?tz!PAMR1cb5kFGvo(rLEu@1XUU)?7ty z4%iB?uVj{^r|#I_rY84{Wj81ued=tapht~)-@ai~$myLn&dpV-f@4xT*}>F4-#Viz zH|t>&y?y^u6|SJL;}pbWva((96BHcDbUi-XRWjb67^VC1xm9};iUN==%8m&8yH zKVsD!wUQ^k5D;!8dN@;Qc~osMe2QH>9GPS_Lc#w5|A1GDi$ua1?&U_eVZ#yT=ByB8 z&VSrFn!;u!h>f2nh?L;KD2p1r$Psg$b&9wh$C)BD<+77pzlc6*X@uevq&ZKVtabp{o6qQ!0`O!mcwD^i z+VOpPO@{EeQhY7kC2wTT#UMpylX54}MKRK~^%fn@f^+JgC7b-?C|c((}q=~y~SCI)H{_l>RGuPC%fnKo;msvhLFZD@k>qT5!1T}m%LZ5b& z)u1`;*36M(foDyr?Ftllu>)0R1PJOEG|7~ZBFn&a5+qT~ChzVUKO`ZEZo#1fbs+Ab z)k#tblTTaej0Oa#@!he?(=dj_3x|Wq@u<)aYOm!f;98u2PmVQvdYIg-F%w3QQ)%?` z`-QLL@*$By4l0^-DUdSr|E313Ok){Bhm$mVkcVQDSAc+-!>%kTdDvT{lm^MNMgg29 zNJyOA9r5R)HbeOZ)hh{-D_CS44Cg@A#yPYVzkcf%wnf*UviOxX1#?DR6M>YX`8kwErUe?pb;?gl}@a1HOH>>Rvs)bRso zVi_qB_nA7{pT}KUP^}zoSv7J6Id7CwQpa$nn?azin3>)y7k;r;x#c+1KMwGl}#Hz6R<46`- z_FhG;G^tZb@H+i=kXZT(#GR5?_&$D5GD5^uif%#2Ng+TJ{u&GKmP!aaM4#ztApiB? zpx=9t>|)l8bOA>2SKqBRoF&FIt7O3?pw7!sn>?4p^ym$scnV;|=hBiZz~ z%X;94bmPJY5UiY+zVLW!7L~{m4z1F?jTt3<1v`5G4CNSd4eu zl$wX-YhjgGcXNes|&<$a;i?n$A+rfE0}v!|UomOg6qKF@RF~HWf2Q*h{!*~;S%=oA#QuB_#h5DUXDkBugv?WI z{dieFjjBpUV@dfzGO(mvh4B7RQEI~EDz#X0#7g5k=7@$wmnMm$7isGPNqBcH%pY+F zHu{PmzqeRb{AMxPrgM@^KBTzgtk$=JVp{c-k}-WgYCJ52ge}GGBzZWxo7b6Aw$ZR1 zh6)sNL{RD2AoLM3itb2fi-MpXF>+bwUC%Ea>7)eyYtl*W(%fhgRkH(cfgbsQiZ$t4 z42?kAtgVatw~d?L%==&%NVT^iQo%WNN(|8=ECuPVR5m4{2_8lLyoy~6ZX?Ui zQ6o!kVi8eqYqeFaAT4Uu;DR;gu+jvwKI$&sk^Dam41&@ zcGf9451M#xB_9fQmY=JX*dUH+a0@OCcO7yw>uem<$~=Gwe^D5fFp()%qS-5fom8qR zO>5v)33yvoLl$N^!>3QlhmJ}=4wA@KDdT*$!vVb)_Vi_KW&ZJFf4CDQhdg)>S4feb zkEK0=ILfOHjwKVJlyXv0seRE)_oCJTdRN(o2QLwr>f1?}d%iD)4494Lsfi%%A!-nt#G&{bvJ&H9G$uMyBaa5$%?yQZ1 zgfR~~Q#~l6{+;%XSipKo%6)9iFJ9Go`9jFD%1Ufxuox9XQ>W(0H?_~BtqbN-Ie*`o z&j2?H2rLLX214?zfVC8lLCHK+>EVm7Eu5&oK6J*4cQAY@lnG-*toJ+?#lj`Eix^%I z=bkD{jXUD!&tvUUqj~uG5gPr6k`52=w@6yv;CrleO9G?~91g`Ir)2YU;{)$$F^f0z zD3{vEXX|yW+=M@G?5lFYh^kItpDXK1&a~hVgHPSGT6+GjS@?VhqA^Kc`=MQW<0QOQ zo+uH*;5TmIg?D*qv*qT(Ci;Qiw7!NtAgVwYz|H;NL5W_d3%iQ_i)!g{pY{6c8IOpc$CVs70_yKMYNUdQq@7IVP?!xr#}MxzN+yd26)Xw@@nAUV;4V zHV1a38h62tnjhpcJnz@rQltGjtq2klp4=H;o78S9K_T`2CeAg0r{CIBTPb_{Rc_d> zzbL6nt5kgzW1s0X$t&NvVqd7*2hwy75<&O7W74rj(cq;$vh&xiL6r_bWn-}vy$t$ByobAJ`+jB_V^=S1A^440X9sJ3d zk*zCt;`-T5AG(w#66yU^iryv?J)slW+X?_PgoSu(;erf>?(Hw#-H83GyaJR0sgW>8o-V6RxhyQx>V=+*P|=oD9V#+x*IqVtW& zbe;z0q=`G2<65_>w+;k^dYFhw-m1GTVMBj|uoZQbL<1?YQ;w6(zHfSwV|X}l;cXa^ zC+ri5vHDbgvI3O%FPJt+Q5~Wqr*k5K6wO9Sqzu%7yF_{F%Q(81MgEthPAaCGA)QE5%V4H3(5@v0D7mH3sTT-030IOM~<-$ zBk|KrqXrwB{4w0mU4#N6M)0Z=>D88>?#w-xAz11j-7npR!1Rm&;4Gg`BfNTX9o7~9 zELDP9_lnhqcD2$f6a1Vi1_!B{oV(;EZY~Vf(oP36!b?& z`Ek{mTZ(9PXnN(WNQ?=S`(lG!2bfznT4N^wWk%cu{k1HA zL0VFLQEZETb;@X==#GJ-fx0hWRa50XeLMgLi>tFC2TQ!CFgnsBtgUQk#n_skH-ckJ zB3AV?CGK$ypW0)4@|ng{H$ha<9gx~Mq|OPhjrX)OAv$!}XY+Bwbk&>+G_?l6rn3+^p+qsf2<7yJX!QoiQu4_rio_@P?LVNC-i|tn5%7oE ztzRuBrS;KrmG13sOx#!W{4DC9`%@2ACsSwYG14(bF4-m;*}InI9anO z)!}@*Rhnz+p}|w^CUPeuj9Befg<7t#FwOK`1p)H;1rM!(k!^Xo^%QO=g_Hx)6!Wgp z>RmL}nM;Txm!PtLF%e(D#~}|0fy$#qK!?v$_u;V~mDOT$=m;ND^=Fkl`gI;tVnEE5 zjlkCz273X{^k;jDA9ohgp9jc5i!L?Pd1?G&EE@*n*!;$u=nUOte~BONCjs}}IkD5f zAdhycCz;0@GQGp70o6=exE9xLpoP$9i-mt?m}K<@N)wAWyXEz&b=3 zi=O+c-;h}Ub;q@A7}N-Jg7(djSi@$d?icAVZ*-OpwJ)V?Tbkbd0q7c>Qi;%HI+yy25R?S!Y0PL6Ml9g(I(1gdy#PNlhv_e-^I66pT0-x11^GbDQI=< zRqS&nAYK=c#(b);??^UQV2j0g-=UX*(=@TS5UTL1Dif?s3w*7sXj=yOfhV5Ldz$iN zBh94eD^p*8UjL=a9aI&mlpZN?$}|WP-jv3CJK^CXhYK@sN^JTPCX`6tLiA{(#TAjN?rFeXIu$9-5dtkL=p9V9(DN)5 zx*sJy=1EDk5H-i|5k19eX~ndo)$h{K?P^L7fu6DUCD})(QoZrC4@!n@OrOTY%GP>X zmT@W?r3BJ>Pb-6!M_Q7u^8(-hrhpYkz95OZPLiQ0L|sC`0Z0k<(Zf4`kTw|F#J>HV zv&R5_{4uCO4JZ@gHvOBjfcg3`BCAn0MC#lxy4Suv4S|&1F2lOCWo%#Oqpp&`6?VR8 z)dKS5S#&-1KG&@V=&Wf|RT+RXtr{cOw#!tGz}%m$iV!Z*&y{QyyaBixeXS>QWG55x zLfMOu=Qjw+PS@d~y1jWIZ%}9@Fc|@wZFwA^Kd4r9pjar*q0iSwl1uy$Ur-H-U#x{* zq8WRSrXfe8J8-s1o{AZL9+dE3QQ{LNrOp>Rj?2XoLb=-++oCSqfFRenX zZdLq?8uNU2*69{yUwP3nS?(B?s_Y=`NriTW%?3`imw^z_Zis5l~8tlbY6tebIT z4-rpHbhabGsyOQY2O#^6Gb1UGQz%N@@v7;?}1b~XknBE%Q}DR;>!q>pjs8_#A0qzE)#9A z!dIivk!?_F^i1*^ii56Fdh#sb5o?tKe$*Lhljhqa=UQbEd$qFk@Z#88*v{$qj~yD& zKB0_a#P?9Q)ZH8Ogj%}LuhIlO`DH1t)rN)or0_2wVN>FOl+E~j1RRWTd^MRY>_`mX zgo~{8Y(^ehVm|g$W*AXNQleI}d2wkCBqg`+C*7)|Z^^FQ(O$?8BSIQ54f({+z~bXG zon<%9rn*FrShc3IyOx0}whz|E*Q50&K3(+TB0SDRNW6_Z-Zgx%lVw^RqTBByy=ldq z;d&^?E*roFg$=qj#~%SyVahdWTDAbuu02Y-F*aUo%Xc{v4M1&rvZz)9UZITPyxyd|^YOnbPEhc2pz8#|aA-iA*sqiLvm)g> zVks=(q_h*PKA5!P+_3}{v&zJF8&E#Um5py^hRemkdL<<&c)Ash0?n+!MIq@zo5|a= z$gXtA`co65j&vBp2a?cvT}5v?+i0BP*9Q|D|%^laE?1aP13G#& z+)Sdb0o~2O+dao3))~txnF!edFH812|4?&6$>U!67`pFHQ0f?%Fv!;Z!Z_ZML6S-9 zc{#x6yQj5xa&RH+e!?7cWH;@ff7$5@v6U!zxNvXxi57|HdRNj0OH_=iU=`$xgXC{% zyB{OB0k;+jDutuT*rX9i2h=yrilTO4;uMgm>{*?LohWFf;(uARg_r+|`Ew0b&yIEO{_RB@@h?wm}eBF4}qdL5cy^;b7opk(qD z^u9#+K2Q6fk%3`?`qLjRG97X`{KnyRpj3hNe;1#cczrpTJ(1$tnrapGs9!wnDFTet zWzSa)fziLlGOC z^k5RrjY_-MUAn)f7`%uFH{`W>6@GxnJ}=)G+nUl&3&P#O$wd=#giW^wdTT&qlrH1d za$5M0F`jo@DgJwrI{BfXoSWBazas0OMAWb6hn#{Cd!TD23HAK>Z*dy0bC2pt{T5IH zbxQ*b#{kaV*nJF~;`CMI*0N>S0f=jq`B)}X*Qdf7X|5`ypMNA%m zqm%1KCHzV|(RcUzvDY`!w=N$wV*gE$5CdKKn|>ESD*ioUv3^=*<}s>K5i{v=@!5Hr z;tu)0To^o3O^2obvb{_R7t^}}irpQoU)*iGrU2&3kmQHh-u}|PVuCO?3SHRU|6T0G zD%yNIEeDq6I7?=C@9!zv-_#l?LB0bOwnMPy$cH51rxeXz9#|`<0Vw%i$B=iGrp}Nr z$DXkwqMcmOLN$_&ua8|Hr)ZBl6n=;;>YN-{QO7o2J{)X=z*9x zM3#1-?QfqMKF8$+1SpJ`!cJd2jIphp_O7p#iKPGMyEvHt_JQ%E&{DXb!`($p)NiNK z+0*=bH2BzpsqwPN5|_)O1jGNYA3i{-VG=6#Yn1y#>MTNBzYl89!Vy^yR#RP%|2_@c z#u&Y~jiRh93Vb9@U$JU`j}p9!5)1Syis4h2!$B z#|a>bHr;8 zEkc+e5+>h0E%*iVvdY;*zrQg?TMw+Dim3@d$&0*~LNR~u2{2p1{IS_a<1u_9K9gzq z$lpIfGQERdFoq?VpaH+|y!!V^5H>Pv|3t=*dA+cnSgZWokVz0TyeK^|=0gmzGrUbj zzl|58{T%Kx!Rsr;kMX2z`2B;j+1{kg#$MNj^tZXaYNb-&T*S5L! z7go%u8rYr6y?kMk7a4Sq4p`9$x32wusMGbypabUVV#N^4)^cyj0i1PMf-Ht_ zH#pQY9iE(jEVlME{OylfRQ0 zlq3FF0eypg!wU8js~qP4(^MFdk@+^dkTCtnEaK9wz+iz%WuVj${wgT>g|C8KJ~z`J5Xx) zd=6pzkm;t}RAl^{@kd<^hkxHU?MCpfJ{Lxg&v}DRLs>!bEXna{Eb9Mkb3&+BDNeCU`1`-_9J|^oTRnCDu`DaG(EPm;0tx@=DNGiQg6s20zEIod8$~ z)w!DXh(Gp(KloW_bzCSl;#sIx#?9XRwuuE9{Jri+$m*dL9`B~;{W(!>I{WXm_xn2m z`;piByA4Dhe}pqWK>b)P##Lq@d&*tc#Kii^lP3=ha7a?Y-QCI(L{`%OqwLG$q3+uM zZz54rN{TEM*+L~t)+v;IU$R${EnD`nliWx&S&}vTHg;nt*$H77`@XMP#uyC0Gu_Yg z+|>8!ets|i%oLw&)Ysur%)2; z(18C#4hc@&c?R}VY?3mBmHWcy<{GX;VyeVMNUp`T{_4rzn;lzy-y@K7rwCF77EIvZ z3x+=%qVad;(g=PAoogqeU3Yx%8YBa$yToH$j^-FBDq3H^&B4hDfA{VDaiu++2RO() z#_ff-3>!);9DhckRK+;aUZ4W|>ZKq7Mo*4H=wos%JdFthN_p;Og2&>|@_0T6A|4)C zVFuVEc!#5G>`oZOt@U^E_)U&@LFe&B_k;H+#0F5eP%r_&_)PJDR2Drq>d_LY?|pbJ>p8xKOkd5B z`Bf;TWaW${U~detnu)3WC8MUtv5!?Kr-~{6ZWJ3tD?Rx z3(=-wW)#t$?@j!J>gUNMog@tM~@VK9-7a? z59#GUyq@2{BZ8w)jOY1KzcjH~`-?}Y%%_w8qM>iJC_@UHUVmXi4s!MVTxNdi{SXR;@`mgH7 z9i_>Cczq=HRgtAS^MxphVdX&69MwSAv(#UpS4$*s|EC(OIlHqy_2K2x#-k_LHC%|N zT4hDr@g?9eXv#4(L;A3|A^aXg1f7uO{0qL{w2&{6dLocCcG9Dm|N$!GO{*8;%5 z5xDGqCLQWoXg9BtX;N%fLVuKlK?w0M;xgz`ybRCE`YIz^z{2Q@Ik25=FY-M}&DZ}9 z=81f^S#k5QgaK*{NIip6iyYY5zAuVorz!q^6|bx3fP~2??}d1t5BCdr<6nD3e_r^p z?|>AIHv+Sbph%yZcWev_(bg_P4is6?6@{$mJfz@1Litae_x4;_n{6|AW;D$~8IlmQ zh1u?3If%HS_0)FetIf1`iogTPkdOCcP=_h3*VD6j6X^Iaya;dyu!Q|B;+&mchWG!o z!{8`S;Lk>jT63gll5Yg3&U3SxPwLL4oZ1zARr?NaEh_G%eqH{4@$Xj!kXQP7qFx=5 zl)*lH4CcTu2kA2OI1qCjA&k0%HC)W?T|k&dv?CtZcwd*kf0aObmF(Ezb!7Z@6ECFu zR8)3dXTqsR-7(h|htiKtO9s~+8HG#(SdOd(!Vv*~BOL|k4Nj&=Zm zOg2&`RPhfB4=<~HqX^NqG}v2}b=j|9v%EBX;5b}jtJeP_om0E82^~K0$PXB1KT&T+ zrBj6VY%I{=1*#QRZYcFp?)`zVO1H3u9sXiNo?Qmz5s-f=%G@+F!jyNPA%a;Kq=4*x)-dcp&umX?;R zx@8k-FM=_q%Bhp$%qxLfAvu7=LtTlSKHS0%HL0W*C>+_1$f^w?dBb%Ux& z(cAW6pM)RC=@}Ew-kXdg35`=hF|On+I(h^dJlR<;$8aHb7O2nxaW=~{{544R!fAIu zeoWu#-3Y;BSh)8nyWREkyUq|?6%rlaw`gxeZ%r>1pWg0sALsT7@ltsqYiHc5mxzgz z5@D8lg9YurS*=xI(X!dG3~IFn-;T@JUJHE1;mF6k861E9yb8m>)9QOu!ehcAkg5)! zl(Nn-d(~MUVtUGtV3+}CB`IQGjp^y$DjZ(m(TR1RSh1{T&2V*Rt)P)$mAIyX)dS41 zi!rQPI)HnJfpf!+`^%P!X8epw@24+13pkUx+oJ6PvS5|QJACe!S;?Cw?W;V=yvgxm zt%|CBR|EAj;lQ=`0(U}%6f<=UN85B&>`RS>_c|u4BpAPROwjtHNtRft*p1+g;C0o7 z%VSkl)+>vus~1aT$JttcK?QM+(IT(pZ>q zIRTWgaLEm~E3$gb$ph6V`Hwnm?u0{-aqr-B15IcZH5z*>HG1aDMFCKemj{|m3}Gdf z!R~Xord5M7b@P=25z-^p8zep+kP~2aEB<12-#?dTRr=?;(x=MFCGNxe12v`?CA*WAMO92g z?bI~1&8Cf#vu6|4)|Cst1{m=;2Jaroouxkv(0>pT-w5%0nIH!JneLo89}1ywkqq@C zTc9&GK76hjRT(LOgQHpdTu9;LM}Kw|LPfO^a(eX1D#2YM49Pt2_GT^}9s`m{Dna^? zMmLby@~X`Jfcy~TIT+6&#OrDbn|{AKD!k7&sp6Nc zrebo5_2`mKrRyfOU6+A$c~_m8PC*MS5I0ZL)?cTqZ%1aFI;=HA9KEQRUs;!T-e}|W zhl-KK!8x%_R^GcF+%-qE^%+(PuUw{*rw5CGx|010KO=-#Zfa$EvyoK+7r(!K0)G%j z;{StL0n(M7BnWy?m!?4h$ZzmCMjch&j|e%)$T`@IWLm9Hi_3T2@p6e0){cVV7 zA=W9>nP}+1IN&G-o?(6FwF5j_ovOchv~r0S47d`6)gFOY4Ltg)9GYC(=|oB2lU04w zt>321le4M5I{cn@q9JYBK??(e%3W@g`(o+mTMs*pfj!Rl%?Y?YLVsOfdcq)0Fep-Z z#Ab`|Fj(IvUN_*%a3oZj;aWesV}J9!|M8RdTS(=(5R;lu)6u6clO7hRLyQvdBq}8G z+AB8Ej3Qf07ApKW$I`?iE;>y!Pq>DOngf6(!$CE3vPclmaV+Y)$F`8SjUq&VrvNOQRSM z&3Nac7w382-s8Nej!NT7$e+}_BjrsTzg-0m?lTWwX}m~|T}zN4m3ng1bSA=Juq#>C zVv-zHl=>jJ0GOmGfmlEWv}YCQx;7r>MHhVb-H>DqxAmpmIIQEEaNr*)#{lMy2}{Ks+i7*Xit&#oapm6TAVeL@Cc#$F7wRX6!3Wb5 zml3v(<~ zOHJG{U5XO=ZCkJ1V=Lf;wa6GWgff2U!^<(3C(~8b3+K2qcnR1}U6=p3msh#oP>#@+ z)Dd!h%)oveUgB*tkv-(!O8tkyAN!ZTedstFcdh*x+4234pV6L+1o&y<$J|p20T27v z%l-J^aT-6&SO+l}QEUvVRK4g$6Vg4KmSGmjsZ%xNQD`QA|Ej)3t;_s-qk1BgVRoZ# z@S>wg1BIA}-ZZoY9s1Y9*$5`CvXS7I>_3nHKKloL*nQoxeb3z=m(=euexKGX@NoL}S#@DN4b7hU zNXt0`m58v=u+J%Z)~s?;B_yFlaqsOJ?f}OpT)#Pwj3Bl8egO5nfVnh8#y19;F$~;? zOOuKR#xkM{RYs_ti+R8Qb0lHVC8hOmG7@Ge1iVP=ooAs*CyZ4^4Q6Sr(9uXbQ#u8zWL^12txMyL4Sf^!vP&Nf z=pVydS|>Edkyb_${L@U1eD!iAJug$y#9;Ln*sM@7ZN!UGx7}fkWlVdF;I{og>`>M#h$?Yt zVP+=6(&8GuOZzf9=X5`}45Ve`q)OlJ*|mf)r$jB{-zkr#t4gfEZMf@C83LBZ%wn)` z>*y`nuYa88_Zig6JWg@RtUEeEjMDc2H|ULUd64=YOiAo1>m_CeIs*A%8OC0wA0onTDArA#43wXA{u=f#BR5z6cvah2}{^V!ZsI4tHa zRMOG84Ed+%hj3MlVca{l8^wr1w`@chONp3JSY_$ZSE1T5PRj5%Hx6Bh{JI=jg%G_7 zN$i_*SULqt?)6r)XjX!BGt;mjHydxA9FOYQpL~kHJ^`s5kMLA6nzr3qZ_O#KyJ}Hp zj*^%2Vn(|oi&yn~^yOPKsF|4Yw{&eH{PqiWi`~V==sx>dv(_DwoHqxb<+lbbzBdZdmX^Ulu1@)w^8+$@F_%>8y%7dO*V8~a*wf*f1*p!=7AO3+voBrp0b;^ExXP>p>H z{2l{nO#>64a2L@k1|A!5J-dFiCG9R|(Sl?Jm8w73+SpRNQquAK0Vk8gTkVI!SjXz@ z?(1Prc8z+N!34>`Vd$`XzHiL;L4zJs+8alVtRt@lkv;$CN!ED*76n&S`(4b_h&#y2 zT@AG0rtY8&N$AW25k|?ipe~isV=6!qL+b)Xv75Fo(9MmMwP;q$B-H2)v!UfNg580P z%nO!2FN*i(>7&p+OML<@iNRtPlcUhaO1}sLJB`W_S@_W9Nh!1_E8l-Vo{+OApEU%& ztan&w34Nv`Js~;1cwGvj{ajsLR#T9`wBg`+KY8(~V&aq3uX7et!b*4qWX$?q3$l4* zTlpsUNf?SW^`pjOtFQyIAMX&Pua6$s_^aQq-md7*Uw*l?7sy>*!))lg$faLV*Iv18 z7LjW^)alp1HRuqiSA5Gj)}xtsOAqPN2^vs6iO>@$RN!`NBQG9giE|t8)v|5tu{dyd z>9;Ijd6a6Ad&C9#x47XyaVj(N#7_mU<+mP~bf>tzzzpG7#4-n*7LfA}lk&wM8)!n4 z?Dpaf;pQl=6&r9N6D-upY1=UGlPN;w>prB^nQZ}d?hK92h6n@J22CHLA*#Q*vt10T zc8jVkqj5gG8U}6cqLUKcC1?C}Z9>N}q9#`It{rr}aDH8l)LPm#49imWq`vKm0#XEWC!z;ej2KKvo z(h=m#Usc~yVAy8uN<`v3lm7TX@!Ck|u0gBGZfiKFt(Sm2$6aG|4|{%5G~@6D(fk`H!W*NUPk8Y^yL&+H31_cl*c-=q71@Lq|_%I1~oq98uqQF#N8 z*0|+@j^}*?=8m}=?KCf*5O%G)+a?7$O_4?rA)SZqb*9JAel0y6mNU^e0h><%0^vBS_T_gtEDpn2?EB#Iy4&sBynNWUOmh z7pG%W$IhT}oX3-#>NP}Ic-TknxRVh$K(q2vV=oyl5XcM;CC;`ZtVZ=$>=ng!RdiI; z!$wFVFAG057%UqM-}1|}e7S)cb>v<|87uOO;3gH9`&+1&YJ*b-V9e_8+MtL@HP46ijEYH0+dkKDJ~<5oFgmRE5*-6vY(0QxrBYsM>28kmO{dzx^FzEMz~x!nd^L zVtzSM4l%sLqA|GkD(9%%?Eg62=jkU$>7DxM|J*mePDM_C8_9ghXzRIMZBX$50L(Ip zYt?jdS$1`2{RZB39(=tb4Uv{+qq(C2Q&dNu($|}mG;5O2J5IisQ=A+8T&Rz9lJkv5^&q{8 za#P%84TvgwdFw)4bn-IZBahmzuOUgov^Ks&jtyhp*#zq$9B&mLym9FX=hS;Hw31sy zXERr`g=yS3&8gaYzB!_<)uHETop)#SMC?d+YAm+65)1md@(6k$Pxb`!k0MXwuz#Q? zRh(`dzM%gZCLsI76BCj_XIa)C!kF}@B6Y=WLeP#Zvp>0O^m5_XM^KB!3v8aCe>&xq3V4um;zRnKLakxJPJ-I}U199|U0 zd=c1fG*oQld}s$u{=>uHEpnYeI%ij3+U&1oXs)ccMME&d{Pa zFS?jdxU8%JwHt1)RSemDSW{4?oX|1G!?jt^HAz6SY2PeFcHUGeMD`vW9D*;|mGkYJ ziz%9aUU!F%iE>GU2J5|W%{@ zS5vbLeFxNem6s|v*E1ck)2Kex#Qha&UU<%U?-Nw=tnWE#LVTPEusGP(rVG=a@QG~( zzeD(Q`D})>5t>CM)k^y+w98R)PAO^3^t~i0EYv z59p>XSMvi3g|{>|iqj^ea3p}L78(SgX1fU zqUo7VsA6B8Ba4<_QEy>^g4mT|RhSMdsCO=K(#I&uuK(NCN>LPUwq7$~Br>H`9ckX} zwY$8m4MCRCl;NJ86q?BOfnQx3YJF6JwH<{wQMJgiHmHR2r`z2>%%@&GGYP@}UC!|CPq+97q z3>b9WiURDuN^NZU(=_N5cMoKHiHU4AYpqsbyoPO12E484Si7+*w~YEIqzeox_w;Ae z{}A!*Raa^C3{fFA|t&N^3mIA?B~smS31CeDj(k`_hcId-o*mfz!LNu&~m)*x7~@O2^R9 zJGjY?E-#v*6RF|jdm)zu$bz2$_FF1(nUj{wu^F4H(|CGW&r^zX7*55^qv!A>gX&A} zv=B4na=9Y6keg(tr&+%O7tQ`|mpR{6naf?)Uvo~|z_D1OBykVX&s#$l#+YadK{mGe z46$g#oC>}xbdS3#ViG^c$|3q(yR+bZM#tN~7%G1@k0}z;Fwe7UTrPIlO^Tli;o*L{ zJ3gB}UCGp#IDP5Ao1G@jcxzX1rds5CuE-f2gF~x*Z;^S#9UpIbs4L*w-5Ymoe&BVa z!9b7Z!ME;j$nTJ%)y{9-Shhk4Gyl!ZfBW2lz8mFGk+D_}^C$5T!n4K_Vovx7 z$RHx|ptYXr(j`KSrBlzHPP+H7Tp~&Jwf+)i0y6WPv#~lwFLt^%Ua`a=GAI49e94l( z&)b*q8Pn2R$~ofK5=Z>*?5*%W)W*QwfuqKB(Nau-q-AHRsGR(AZq8tXaa>1kX3oL; zsFiLP{s^L}b0J^cHsL!(fl&G#L*z*$u!IwPmsX0Km2}v%z_8Dju*8}5RI(xF82s58v?zA;7U(E?FNo^M}0&(E^@34I#2BNk@F2VE&%^Z4O zC{2rQyV#aZD9Az^2K48K*kI6V#jX|K+OV{xAP+%0ioSf{$}tMNj&whkdb>ND18&qp zQ^vT(XwSm62aAJRsWD>+o7&uQK0ul;taSg|SK*?+`*Op=v9Td=h_EwGVKK`BAX|V( z)9-v*G!RA}edHsXs~)Vt%6HeoM;!)T)SB<5wL^MZuZ3vmsOE^1Wnk@RxF0>9WJw~t zDK_%7JB_y_eI7^l-lg!<*Jsf;3D}l6*_MLly+lDt_n&inkKk>Vxpk?77;U3IsxMAlgS{yT>k5FZ-V@{jTjhs2lmmc z2PJ-Zx6-0bGe0sVQj{<0(Yp!dNb!fW`NDvVql@?YQ{)ej77s{;WQIC(oz^IKam1Qs z7d4~QHH*x1gsZhF9z5xgc{0?F#lyf`vA?!*__T?EMNA*#H@L_=3%V$J!a+uU0bX(7u(F%IHugK``+dC zf@8~Y|J71`-#a{91g44Py#?1O80KJa=mQC5Xk4ux@Q*+v+zxQM=GDD4eA}-Kb??Iz zQ`SfydbrHx*(u85c9u+C9@b<5W%^#hT5$I3dvH}F+CkIQBG*8AF64ZP;L2QWg2vX& z0FFXpVILNU78@;7MeEXQpzJOb+gH7cHtP$+3tp$fP1bA_i z00m>a`%qet=DZLVTSL+}KsPw}s(7@Zh06bafIRDiaYITO_q&Eo@vM=li6T08dmAeE zUKg1UHXN7qzr9*1cGrC9LC!7PUQN8|Vt!j>X*e?#w-k>Xp3MCu#JiVrd<^+`1V^!7 zJAg1X#QRs^)gxsfsV8(PDT#$VAbE4dO;d+gMgY2&j9Pl%QDwd1*q2>S=Yssy127nv z()5?>i+b~1Rz2!OQk|<(QyxALH8MQd$ba51-N*p?bmixP2U5?gK<{HBQ|jWIEzPGv`R?!?j536Ki%ed9Y5RjhI%?+8EH=fd%+=H z!Rk7EToD2Ve$Oo=kKq?o79ZR*m{9EGg&Tz%T>FNC%8lGfb+kp^)DfOj5u}YWUH$HZ zmJS^T^n67bsra}(;365odu0vL*-0A9&pmK(Km~F)T`^MuV%`33e>b4{mMeH%gj3+llN z?8b{ePLyxKqOgcllTxM$sy(}Er;BFsIw>n&)&@)F5#<&w$YAp&pSW>aDHk3YnX<(y z65I>apHWXGXwL5{pJLUKW2#iSV>2JduQlf~qUED^%t3pmHKz)}k#i~h?L(|UXsl|j zMTD;P1LWu7Xqq(|5e9x&YEGABdB>85sfk$4Hw%DiIg)<{9`vY9hskjDiSE@7flfLM zaN}B1i0(N-Z_ypx!|f)cFy#I47lbgViOSOtG~~!Lf^%!c)nfI%%b^Qx(!swWi4evE z!Y9JDR+YCVB=(D7b%8*2@;ed2^rwK0_f%12chxRGaE5KHD`zz}J2eglqioBk5RIlJ z4u4P*KCtOJT8YU`?-sM!0I2;|cxlWIl)6dio!S~Lb`1Sm7&WM&t{x_`rj{)4>Zl^v zlr+}7BH~~NU&Isb>F0Y^;ke~b@3xv#4U$}*4JWepYzf`1z8Ys%Ze69^HHL9JW zZ!6h7c+mH%SVdZ*c*I((C?4f`Y-eEZ7I(?i^~x1sEiP*3Z#3?J?yBXzo7WX1SM-Yk zjF(B=7(LdtkK2+dzLAP@T8|6MZe*&=rt}MyKnJFUK`azG59*f_R|(kUxS-?pnu+wW z4dt;hg`DJ376bKf{k2C_A9LC^$w69#pI7eze}>(Aq2=5l+)k6h2f_g0txX#cu6|+B zI2rL%uH0eW1CgZyHw#$9n7g*&c;~GBLgCveUT`1AzcNrH+nWT;F!`u(?Q9neJmJGv z;clqR(=KSFcuyBHI)HUXNnd}4QpxpHZSclB&m>K)5|ekhjYyBd4dq}_(N9tvRJ&O0 zJ(50$!57JXmP(T^758oB1QCgS^@@n0p?V4JVtrK5DoTF6bqH=qA0=6jSu>BSIw^J*kyWYMZ(8J3J!!ZCa0iQOPw zsM;0ClKEVEb$5otzj)Jp1Mbc$aO6K-Kuh^N)ut&N{U|o?6Fg+j8k>xp0~{9b9ksml z8zt@usr~nTS}^Nh0GPjQl#Ry{Mzl}m>fr-9Mb8n#X&bI| z2I}X1{LMExr)L8PmO zHm<{3XTHlw+s}T>=8#IB!AxVJw~MyYY7Znh|{D}hK=&pi|ADp&rhis zzj%1O1Wy1rz!qxsgW~t}+6-r%&9F6w5)1S~Y0ST}P{Tq)OPt-8Fp85#t>IegJu27q zLyL<&$$t}x2Ch*->s3VtPA`7E&)~a zF^ifBBr1)|&oKY8_=m`u*JVQAGu&j3asRwy?}#qkcx19M(_sZ;!asUme#Yn@9^EFQ ze||;q=N#N$H}$c&w`MV1;)R#%ZdOw;O`EO;5JyHH?IIe*_i`z;9 z$<_ejb-}7i;zl+Qt3w=ky^Z!K>49$uwMn`*$F0pYTrzdx^pC7`PW}O?*)P3 zvw$V7uO2Ba@be}r6%qn(!xeBok7n2Z{Cl2|vnQDFXI_nnh0yPJAytwbAx!$`Czuo< zG(wjDWBAbd51-RICx_@UKcDf-5#XSueI7A!IFgL@v-~z)#gCc&QGmd-u1ThNBtG%@ z&-uZ>3Rpa$?F?6%Dn8zf&@Hjw;y2&|VGM+1J1LidiW2|0Or%p}to3M52||^#F_$m1 z|97o^;=C{Zp(h|emr(e1suF~ygfdKwRGt2xKmA7ZAf04W0o1;%Kj-!SDx#8%Hw|ZA zIEGR!4`@3(M}iwnZE0!$sM$s^NR9vJE59EEFM|UA(;$2MEW^t5qPg5a62H6K9xih6 ztAwRMU|@|Ej$Hl!?&2A&6U2)YNF{!`|No?RxqMaDG0mwIWO_U>2OC>6v%Z;09t{Y%ti|GPm$RHkiQtfRe`et62FmQ zR&6h)wS+S)z$x{&$NFe4^Uuc$691X#K@k1yR*7cEa#lqJ$Uc;XCneRjZA^l?B@>dw zTMr7#f05Qh(gwMJAJe+0j#TQ}1C28DaXMbce}sQRDtrbyh=d2ac8<2q@;3|yuWMh{ z16}(+ERz(YCf=MP|M)ov{a2=Pm9mLS=_*0`p9(~$seanQ z!(RhHf?x%!#1#TI{dg1l8Np+L~2Zh?J3$84?x)DfK77Aio1P zFbI&ry8mgAAH_7*e-zVT_r^s1P7(=-ZWH72%pRl-;4|vss8UrwYq!J6`M)d-0TG!T zkjlSeA^(4*BvZYR6lM6^C4$65h`|w>_?LXN|6V>W;o)r@G>EMuz{tG)L8AF)j z@k%@T#O15MQ`&I6mikltpOrQdAqX7!-}Nc*{58Cd8tYvg%`yI|5X-N#CBBYNr7Ui& zgjyO;PaA1yYnw4MGh4h<#6A)#bl#3G` z290=)-F7zf6k-I`Jzx(HKmXg~A0=}Jv;U9tTeIE&n-IwpjNhhy$g08xHNqcR2BovH z1)w)uExw7hPX050e0d<~){-e`=Ka`7*EteY^vhWW&66Al1^2fnL9J$o)>en2ccr$o z1I;XP(e^H&(6ukVXtq`ycOA=hxet#)|3FnJszY$`#$qpAXUE1+4qtC|>+>;+J~Ya} z3e@PdF|1(9>HI=ea++#{c4y3oVgOXVo^;rID7N!X4^%?qJ^i%d%_Rp=5;$r00N5ptr-kkuX@LQ^5)8OlST3Dt_e63=QSM&D&0JKK$s zg|0M;?b{Sh7l<@fuynqJYZv8%>Z0F!WIlT%I3;d*5aZrk>iMq+=cwRWy9a;AXc|A-efZd>OP=&Kq_d z9me;4tv2%s!n*Qaw9x0<1I26m!BAred(d!x0DOyySmv7zvQ~U_;K;IP$<4u0fG>+Y zfUwZ9sNGqLvuU`r1!^glV5@g}a$dx_ZKWgR#D$%((-F&CgI11Fy^c`T>)Pv4QsNc0 zVlQ}vDR4tG4#D%7%+fcY$g++QXvg{j-^I4ZhlD?3m^}bjvXGJaqAN-IZg7$PqA~+5 z&%bK{^lr_H9o(J0jdoL+{hXc}yTG@B?~M*dsm_X;q6rU6(N{cGeIQ-DKYnZ%=BdUl zt?`?PN}z#N@o*rV53tvEw#{+Teg%0&x4JW>rzMvCiU?>;k(W~n3MZGhOp?8sG5^48 z9*)~g6|;|0^+mg0zuOkc!(uEM5w|zR;?N<2nOan$c_vhiTeeyT5@kd61xA#Z0}7kF ztT(GcRE3gc>NAvjAJvNOuThk54VVwN+AsBWT7s&d52SCJWKB-m)98CHD%H}W&{Qy8 zKQ-)kP=?SP+Kn%x&!tzE#9;n(`}?>9X#bKri<{>5$OB6*j4QcvU9EF7R8=9*d1EG$ zU3!5=no>nvs(8r)F|`PTodYeMlFY2)*_SiAB9EiP6Y73+Kv%!1;q6m3YOgr4`YANN z5G=RG;A{FlO!Yz0Cvm^t539y$)EC^YzdwyHut|RDb{(hai@uwKrl~QoY?|_Db}0i; zc{SUSg)?{9VX$=fF?zG^+e>2Yfmy9pwd{_MFmJT8mN~p=X(Eu@VRkpK5qLU5lW>|% z`I(KL_zLHKC#R7i(0aKy@nLYq3w{GytrF`eJF)VZgdKx8FPASnbGTefrx6p-6*JbH zgwF08#YqX(aZFL{x7D+e&FwuJC+Ly0ZU>+fbeJX4k2akaxi!aY!fCBwqY^YDf*ZnL zUF*w644-F@cF}XJNd)oC$LjmQ6kV^%$O`q&I0>_x2Qi3M_3Eio8o{nKukzRol6rWc zc5^luEyrjsq{8By0W7g+ntXeN=>|dM@bpPZ>|H3r`!{;`1i(i9^Xwq?6?oK4IfO?* z!S3v2m*qX6fmSJf)J%0MwON(Y?}6e4c&h7#~nF{N<83= zNez5^Z%Qn%vwH$^kO6y?o_XO)Ndt{JGR-9HS-JbJbU1ujU=NWW#Axkqy zzlSfm_s@sH^mIj8kMu3vyGW$pc3N?qQrUH8x&o@jNfVcxj?8?fG>AsJT*toQYp`eK zAz&*|c@OO#1d7LEe@`s|z9q&*z}CFBZJ1+mS>q1674~Y1`65a(p4lJ*#>6-eP3p*Q z5bb1@gX{n?(M!Y}!@dp^5Br?-s+K}*@7seQny?kBdzE|(^qiOT^$Na_wb?9UEtpE* znnd2jHs#1t!XivcC&Ra#dxermBt>`Tu3=JQoF@FUyKtbUZiqtmNsfa|Og~U=Ih(Z6 z%Nv(0Lpn6mI$cw1&Fv5%xNDSVL5EB6rC#sit5#os*6Mw9j{K~{P{>sDRP0R!%jp^4 z*&swbQ)BK~!ZuYE7_?_g+=+aBBfrv0dKB|rcWv;EEF?guoqM$rtNmbblK*VZK?NTjkfOYX{nq)AnL)RSN~JEBoO_0q z!7>oD1t;ZNlU()Rm>-b%ZM<9Lewa7NUMRCmUq%dCT2_a-+Kswl`pq)oGxV7W1E7uN zSPFmtvvV%rYeQmqVEeRv24)iNpNgvV<+)(zc_`+GkjNpN`Ql0 zd8U4J4%Tohb^_K@o*4-N+EZ%vXPLW~z#-!rmu|)0gD-JhS?JL;C<+K5L+w;*ue~)N z=97a2WIkRjP7hcE?LbQ^H@jpl#d_{eF>5a4;pQDhL()YHpAk_6E!w80gk||S-sj<)&SH-LNX1*I8V$}m|W9LH5%8z@1 z{^<^&(t5c)g~+B-H?P4crw<8*18N+P$!ed3vo6zWb|R|uCj-(U#|C+`(Sz zfLowwIp9ezJ}Smxz+AZ9C??`gaQM9r8?0TdiNEKw#9xgK(vieCl|Ah8ATK*m;^qV_ z!BOP)yx`>fi|CJK)!!-uj;m*@5t|fU&XzbeOfo+ri%E|3$!4%=e&~J|7E&S6N?Tml zQP4uh&SRogft=`Abl=Q4DwQ2H+YK=p_3yFCV=oMK*z z_;fq3ojQykUl|-VnS}Ucdr#!4*(LN|yhIp)zW(8E>@y7yg#{rApLS{71slKw1}_;$ zD<|H-cdIWMu}8aoqTkuXC4DmPh_z$@D##HduvaVcBu)8X{(HrmPB|!FpQTf5xiTJM z;I6fdVQf2fF65;f$^(e}ig4>5d0q7?I1@3u*(j@f+8Whj=>!*;)8_X@LGhYZ`W-r% zoYYZeJ2C68w;GZ2d-y9Zj*g1;77j}xT8qMWyKQpSjdL5YyWgXvQlx4{PIuG}tlV0B z$=S8)RwkOR=@h2Ci&6L3<@{>e9HP^pKp5U5 zWJL_FJ6k@QiRk#S`};{td`!JSE4I7DBVWc?!5+ugc!QU~4-AKHWr8Mz8YdaCGHZM7N%I_wDbXdBA!1$~0 z^LEqc)J>GXsL#Z=z%!o3L*Q@KK{)(w8cN+LU0p+~9$ykKLyBrPVTw`RPQyBqOH2(VG37M|B z0O-)V1bB^2cgEwCfV(tEl|1%8(_u=8@uc?(G9+J%-sn!fH&>b-AFuVB)qXX5#yYH_ z^t8IzS+eOLCpqziOHsGII4a!wJBVY*uGyi-mpvX{ka^Kn)WvcKw-)S?)ww%(kA&_S zNMAW+kUdZc_3cJ?u}G=Az(`II5!O3-*n#5Y1E5O(%z3pMov^QH=id0;3uyPG0E_W6 zBRN=XKf9lq9y%@kUbC;v3yr5f?8S}bWsR!dTcG@Nh6sEy5o*vS5atpC*0Jct zPHQ}JkWO-4-LivsYQf?f3M!1MAl9Ck)uKwmfYuUsDquUvIWL$k4~apnGVFDW2`Eb+ zyen+XmD;$^1D~Q)*A3zr)b+rj=a1jme}-`!8dano#Pe+Ha^|$1g(_h#&0CdgDv{#B^dfR`?{!I~bZc+-(9GDtJYm@!AZfImsO~QbcV_>Vk;JT?)@>*7id1UcRm^SBqBv5UMO~7O_$gJcI*40*>q;S+ zkrgikt@;w%t8S#hj7+=j#SSqo*9z0 z2!4;#G=tYpy$s!$j8R-og`M2H#hL~;`f`uz$|k)LEiy37>I&cB?XM4kbuzB+_l1Z_ z{XVj&okcZcJzrb1cPy^EkTL}6BMmeEu4&*l4KpZ;Wlzpve(5%vcK?IEknK0Ls(*g} zaXkuvBg-!oc^JG3A-D7+K%S92xCCd*yN3~}QdwzwcWv11ak<0t7j?ZHYH`2Q_8Xx@ zNxMwLvL;y2ShKE8lQ03wp>qF|ww-1$;m2OLNLWAb+=yKB@BsC&j;RviJE%b?&UdSx z%y+Mh_0`G zXn(?cKVGI|e-AT#$w1?qV{(-N@0{%?`ryssj2afw-Q$#nBFx8%twu*elhPyz4Pvc1 zvbJkyIglnJ-H}w=wM0zIrP=ksMt^CfWx$29-^TZ`OTP@i=l`i}W|0e{f1oq6=rec~t2-by(-?u~%r{{iU-C%y-s%ky$_Kh@%8R7$sAasQomUT=Ing59&1FU>oWJwyRGw}R9oYbi29Q}lh+ zE=l`9H{~u?)z~zCYEjL&6JMhlz803KhFw_$$u$IDa_wc9Z{Q7q zc^THK9&3whx(cN7WH)wOPL)C-U1b@436rX_5i+M*`CjFGV!FzFuDOjxg^g6k|3Suw zL{oAo1Cj#<&FYG;yQw~dp)z&lh=eL!&sa*n!bQ+5Qo}&B!1mcb%{oW?2_X!|gF|bh zN;(rks6DZsn0lvV7zOWkOWVinWtyc3ifZFKieZn{pM(>5y{2SsSX42&6ycdvXX@6D zbMuE@QCX#m6n}L0&cRXnHhKJ-|vZpxOj_6a(<%}>)0p9ZBGUdJ0`%gzTAsD>E@WxNo)|i z2K41inF-a~aj!uiq|fRr6fT-7m+m!Rp;2q@(KJ!-s`+T1JwLONnoIP>ys*U!ywd7D z&4)?mX)Pf%$oH?INgH9`?e&4F;GUh8aa_@E1=5svmZsmE zjiQlI(vmx^AVxN21h__q9kAVYgyYT^i>deNRi(}BOD|wS$%yVa z+x?18;TX-Gk?s&|lyTp&sA>duxo6t3M0d1!fw%;*m@{~H|BjB=3sR{aOZ7xOn$Wp4 zTPg8vx-9cJN*i08LY98KeWmJ`q!yKZnv_v}yXqMak6>BIOYWw)2WS6vtMu`2%!{ESM^e)xqY?=dl^C!|_&KH|Kw6HbluN~0PCuBg(wDB!$6T~~}<(pKNBk*kho z;JBD0GlMVUUJ&{%vDcr6g!w`}F{GBvTP8`F_)(m|`%?0QM@4AK$$T4tGP!s_X6eI-{2`RxKrBfONq`RcS z0#Ul8ySqC~8YB*ls5FOAQu^H&GsfJ{^Ud7f`~EkhGjPsz{eC;vUTbYHSS5tD%@fMJ zoUVz(zUXn_m}Lt?dJg=akguV&J=FEEZEiAFV4-}hOAODLVB}E!)sq3^*<&&n-(7^`S2 z4z}Drf`*1yayk8VhIF)Khx(NSpC`4-UaeCrcTees(wuTLc+1?thv)OHGWqQV_q{Oq zydwtmM6cI#6Y(P|4}Nd{lKCK4snV5|{Bwk|8t_y-UZ{0g+={as>HdD>)Sk-|eF0XR zY`rSc$Q`|zIt+IJu(-Z6;sT4eDq;iJwS2FB zFZ4avK#8Ih>hDXhQK~#rKbnJDecATO=B-%8%>dPY7@9xW;D@Qk<^$$Buo{cv5=| zZxzk?i-)rg9owsV#M(l$k=wCWyS3=#$~9`;!d!6ZBxm!9-S))gi60Z_23W^=YtVXbE)_k5p4 zY~|@$m!A01n{`kgtxTO?aJUv473?xPyQws^+E+8}BVbG;$ls+;ZcCYao7dHiluU$5 z4Oi}Ea%!^W#Z}|O*t_y1;OTveb`qO)f#){5c7${i#k~+vxy$9I>3wUO8BMY%epr{WDoLvyxEqEjqXt z7Y{Hn(A&sd);z*NrtnHJR8PV4Mox_J*HHa0j5K<*R0tq4^Okv4Fgezn{c-4KPgk9j z-_jA$St2npNibBfWA~BGHwuK8MgNI=%d4T*LgNCJ$)}O!2^BZu*=BvnOf0x1M!vi-UC5(%5sIv z0I!C-Ep9(PF$HC%+1>{YuMolv=h*Ta>vfsK8F=DP!!8oWnlPtSC;7DLEFQZ~Dmp=M zaX#})^t2s9N%ss>cV-t`;flEgYec{J8sg%J)P-Nb4fG<~P>FMN)tHBSvd5828FPWR(y*Ll@7 z>MU$D+}~&(DUn`k;><=G8j0*3J;Sp|%Fy8!d1h02-&iIu59SV*-JAR=x($8>btkcr z4zP)>a>9>imcDzj+xS}Ro?8$N&a+WF3azB=ru_-O>_=Qpynh;a8p?U91J$7cAAEp# z&z5#&D4B$^CyJYZegk%Vja~bTU^L2;%^07>=6&J;`y33> zSUg3=c=5+gWG>p8(TN=w%{2THY+B5``h9tCZsgD~@w=UdZ==g7aYY5<0&O(0FVO*6 zA|c`eowjTwEciv1{+%DJ>|xK z5fomUMSPH|N!2&YHru$d1ja&nUD|F-<4w5<+0B^=ZvbXZ7YqOBgw45qJZJDY$8CkA ze9r@ic3B%(S@EwePi$W?d{$aF5vEr8-n%w@W}GM>WD$m8b`76JI6v^kDOly&EF2iz zcF`pAKJn?gLiBpVIErR$F_caGMCSS2c1vUu`c}kr|sLD_!(e&+?;lTAiH`j+7nK za~(CVaGL28y|!6(JC20oDZ$COJej0PDZ0@l4o3Z+(TUHaEj)|hop0-2#iCU^+!OJX ztjgqeB#e^lDY9`rY$a#TWhHlptW-S|F04kdWIkWEG+Bq>Jh8H`?t2+;g80|^-_*!^ zQ7~qiW$3H{syQV*BaKFlQCNn$xQUPP^k(0!Z5r^~0`H!ZbJToGKj6%xX zVh;G)CXe2GjiT`#{vt9gwXP92Ta9&_6v6(|3uwHyc}bD;L$!@zZ5*Y}d8;k3MGDcD)*%SNCLtyey&K01deF) z8-5A=C*Ui?+h-PUmGo4p%$#EVkFhwFZ6+MiC;W%9DgG%&+>ODtntlFyhba<8!|_@n zCFM9L{_&gLFeDDvuxaDyO%^*zGR*?3lwK)`AV6*FRWzSb}xJCI%$%_{StfQj7)$JwLK016I|H(@~CghHN9iYY> z7A147=b{PM?Gg3TNs=DDrr>xAFGu*LIKH9bNTpq3U|}p5Ck#w(-?~5X4M)_eT_(Ru zx>nh7L<9mz`CA*s@2!clr+W^oP_xsdjZ+nZgInmF#&=)4X^ z>-+{FImAt;Q&qg66chG*ZCpGr|9!(}b9l?erMCKZo2z84NCSbOoJTs@IZn3dAr)(2P@k3S|vKJP~GE_2PN@)*U z5-VoD3d91Aktylb=X+cbpZ9j>dI7HY-qz?IZSBx%l#g51Hyp8oF5^ zie~;v?dW!TSd+8eh+SXALx<4Ub(j@RIP68N0=V(JyAiw&=3gwRC!U@3NOl>1lPput zes4wBe1iYjyf{kk^GlVh|JXU{qQCTzJmIC}MH#(%EtISNd=mR)BFoO{+n0B_1}Yq< zmumVmm*n^j*5`-%dhhBIlnG?AE3z)T*&bQFoatixDRrEjoLQyt?W%XSk2R%b(!mR} z5lTr1G718Y3-WBu6=_H}GEyF-;s@eNZ?&UMoBdWQ75OOPZ32AuOn;|W(o#C8E*Q#V zot{awCq2Dnd@U(9x`fpjmhs%ltXC92Cb)EiPc;=^GlKpJfsE~3=BK_!A#vl7lt96r ztNDwaGWr;la?PzQori0Sur<-1!1@h}Mv*K_WF}nGsR>PI48>@KrQ~ncKuPkBJtwu*@Z9?Ml7vjX}FJ+Q$a2)G3l$rdOlct|(s zRnqNi^CaU8V$M@^z*u&iEPV6*x5&Ije!H{row%VcNp5@V5@-IHX2aXt5IoV=HR^0k zoV93o(bb&8CujHlhbdOYFUz6gsrOr@YelfpB0C!A{5+EDj&tA#3YW{~d-Z+}#+B%a zcoxPqT7wn8SL~Qz*Sgd2;%55t zZq?{cyK5h|jK~*?iJ11P1p~74$u}MyG~a3JVB(SS^~sz<&xh~cm+`T2HBM&solDVO zyJ4^D#S<#FK>R*u#eMHvlxVu_%b9U7`>&MoaeDv4CO2t8NESyFKiYpeDs91zj6lpY zMyG2vV!@&O+Gv^8LfvQ1o#Nv+FMMx&o*k>~+ml)+9m3um=w?C?yxZQn*uBeTVfQ^n zyAjwjG=)MtQZ7BRA{BlVD-KZ${*}rzmA(A(4BRM&?H&GtFME=f$M2kO8r`~fN?ewj z3iEg~ahoBZ_8+@D+x=_HQ*a<4lHHszOl`hAI4B!l7oh_YU3>MY|f~>3H{ABBh>9+p|lno?^0& z?9v3O#Vo!b6sD6uv2hH`Ji5sdErU<~z)&F=X6bYj=IMo-&?)Cr`(3+mB~z}s^^zdf zBh-4rAA+Q(Nm^Xf3D>oyleVV%3v@NKJ&_76JyVcjB%DoUrf3T;Y30;OfuMV-Y%^g@ z`KlcuvN%t4xcLQUxG!>#`kZ1?zqJmVwVn)gOPR1AH{&v1T=%Mf%!(=i3SR478P@TD!b+O9{Zk3O^0m>%F9 zS^Qw-7wvraY|7m7+YFhm(LQk}#Wc#6@Vxv;C9RO1KzZDMsy74$k$U51Mk0YA{_%%1 zT|^(~(X)2)V*L0_h7vW!o98f?vCPT9-)Niv$>gOf5sb#ah#MfcRq&79552wTwN;_d zS56?p6pb--&+|zjYRmyOFS|Hzw#4b{r&qnez7k({eDn`Iqbz**k{3`$id>UFIiJ6c zgMa>6i4c{PD{R1o)2jJkl|nh!xy(<;F_q{pGcMo^r7+pW$wFcl`BinY`mh<4!_K=(!in#CokJC0oQMg;m?IrFYC0el=gqY%(MHyub}(S_ki*w#+`xE@dDnz5}7a3 z1mxaiFvg?74G^FH^3Ozf8oVwH$rIFn`9q(fl223;UQ_soKtiwLX}b!9TAY8?$s9TC zvNNyl5aLVDQCw+|X`es#-~5&rXLerlHlOpdzlh4f zYv=k$>C$1Eqi-`<@mt;=6I9K&3}os{+;Bq9)&F=Kzh62Z2`Z^4ay^HUV>0mUzQaHL z*YFmR1|acAnEf}VyD0jL0=*ELN>)oDnJ#+dANig^cu3(TbogHdBjSSafluIwUbH;_ zH)&XpoM$ML@?f8qyP1~Dw{VPZy< zQCEm^jLekZe75-r53FW1*VorKk9GIO7i6?`m1X8OJA3f=3OD)=8j?tiZH@VQm^bq7_jmR)vI|5`U?T zsQhtZe3R1_!`rtDjl&@5P=^I1`*PI!A~{SZcY#pml z8Uhez*Ju2`RqyXd9gd0y1lsTaWq|l!qK>DaHlRvtb44A4C#CsxiVQlAh3Ul(!_%CD zK}9|w>1x5Wl58Z6HhvfHg!RL6BXg)ki@_+IBddf-W&$YarLbdFb*R+rWYW|7B`4UF zpVxyQ_Z$%8Uex3~I>ys@@Q*WuyaJ@ZA1IXP;H7}vT6#Wn-2d1k`Sj!j$HO$&UBgfsWa(l;;$7J+i&uy zp(kMv)$eSagM(49PtsqR)*&Ec_ilaDilMvgv|@+=P`ZmA?NjAeWA~=$sDD3RR5DR$ zBnUT1qW)u(^8d(IGPt-1@IawICQOj?=h=;&ZmWSj#Y_#sjpa9akm&jNPcbblRjq)) zBoT9Ga#jHwtv63g0J+T=C1P1sPx<3~Uj>z3(Gz8fao_P|g7zk3KL5=zhUNVDO*DI? zY$>%mgL{&&Z>GD!z~2QiGPm|aO%=3*f8YK5zkOnAVS!1%!iEHmBZ7>c%Wc1ug;r>M zit3XKBH)m0_Nm^px72LN(mphG4_3SnfCqwRetm}Jl+*fx8A7e(=)FrF-L_(ULZ*Ir zyeYV7a1(S1y1wLG?U{c>WQo86H}oX$JMSW)7?IHk;ppx0-<@ncwe~-+5=7n8m(<6b zOAKo@|2;XM^p;N;CwHE)n`jO#b=kmAs!eZ{Vz2tCTGoR{oP^A3HC?{FyCkm2j|FkpYFDgS!_uPkD*ZwgvdEPq( zUx4_O$8A^Hf>^7ypK6`POJ9LpjsfC?XDjK^0NwG%z}{5JsOY|Jcoi;Q~azGF?Az+BGtNz9muYXr2512gkt;$n1;C`K7%N$wk7T zj2G%ZHp2gpz#NZ<2kDK-LjjlMH%alf^rub{%958F->HvxTEkg@nO_P4E; zpGc6pA>q`2Q#b5aqJO_s>4XoUFVC?Ut<4%qG#e_lhp7RmXC0Nctk(t%hM+MDQ;fK& z2a6%Gh#H6KZKjHWglC-FW)n;0^abZ{??~jsWWII=oWErX%7{A=Ug#_>4^%S7{aF8j zpD)_8i_lwMi&z|L5U0-=2la}D5uT?L|Kd|X&*mv6uW9EzT%pUGrB>!=GOhv}H6}Ou z(or&w8#?D`~#c9Fta_r{a(?)b(~p)%gblG*?9vjmC{JAxEV$GQKO_VRjX5N6Xt z?UuPS&_>LXd^rni)&^Vr07%YuzMjz=b6*z>GP3Z>k7F{sn_f}LFyX~IFK|a)vr4Ri z0=^VNCXi%D=3vdMsIw`YIB&_9mvutn&Ath0n8I5D54;zieCEv40>GFN4eHKq6jhpQqeG zjquH}^QB;4VUN%n4Z?ZsW|R58PPBv%L90E?|8;b4w+so#xx?4D=HxRZhFuuhO?oep z!#?}fxqWom_;X309qnwgM?^ab!q|JH{ak{_yl8qZ+eA897_mJ4nmjr8Y zaW|RY?8Qd2$@`!;YgG0CQnfMZOnkzuQQ339Bi3v)X2SE(xqNVQNTH8#vfo;pH=F*D zka3lUne>`vJU@`C#B8qCnf2!zoj!OgXdpq;+vIzX2A$?Rl6=2TzubZK8jK{|frjss3(pyh`DGYwszyq)!DGJKR z{EC2upQ64Ts;p_$!MFUvM4kNp;JxR}bMP!}ioodxOE#C8D7vhaefKk?1#yTi+-NX1 zHk(*-h5MOGm5!*tYLp3sa1%m^tJ&SQACUC0-)}twd9xP0+}-V3Tr6w{-N`0-PV6#S zc_N$P5kDSWk?Gh z3JIA${a`-X4fy@JA!(s3YNB7n&B4n9O4?bd}OrA>b`O3eZ6I! zo2H2uYCUhz>fD_P`f|-X6A}%)?Y8^y5RnIQN2vOb)Gb(W*zj!vDC@3ejbKFCAi~AY zaLp+gL4q~MBeN3?H)a%pJ%&5zLAN1 zX)*SZ86@tj^<&=f(O!6WReCJmT1W#* z!OLWXcdLlLlUE(<1(FZ0zM|}hF?|4rd&N(^L;&T5>Sd{JQU4~fSFttD>zw>WXC21_ z%?o-{gqiS#yXc3-t(G_5^Xyi5qi7nG<@T)h7&E#xRt~kSs;;D6&N~DE0QBnBaz$)E z(n|dMBdu`)0$9HSnF`SDZYFIO*k2$tezewCr_gJ8EF>J;ug zSI{7FgP+XN5VD1j`aI?C*F)G336C_OzzS^Put6FLfcpk5+?Jzm$3pBJSg2ZD5SCif z=cx2>s@MYkq>(|Kt9=RzL2Dxx;y^u{1dW;oOa8s#aw~HMl&@Y!{Sw3@pk2}u((B`( zml?FB2_{^Z;-&(rMJkE-x3?AY$abcoHA!C~RlNKqE3bBTSFaRDs zm?($Vv6H7fGY@|q);Lwu#mwuvY0EqLQg^s9;B%u78QL6_uJ+Wgjr7XLlh0WT>}}hS z5RZTu=IuTH?&*QaXLPZa%U>puR?QS@OJwTTX9?93o{^Y@xA(n4pi4ia_)>W1vz4JLp5AWnKC5m}8<_%c(`I;X{1(dd zFcfnaWL`e`Ekfh$*UnMQJ}8>eTV-T<3zgX1&$~lF;IsfCOD;B{t_$}g((XGFf4Uwb zBB2ETGy2q-%i120?oCoragf=v3z-FOdcmXG4Z zRu$D>FuC~&5eXyII+nU^YwTc&$-UaeSL>jLmLPvHf0X`#D1j2YYO?U{E>|{2{pK?5 zSGZ-AcvM0&n2(N-b{8vhd_~@`s*-mYn>QdMvRrNdTU94KLdegj{3vxj6G;$d2GZXY z_>cXSo!+%CUd?n9pLgyFl!)%h*SX~k)#KIsifPW96#P=l)q)y#|3`9^=K{*OXJLCqz!_}l^V3bS>lYF3O(x|k(!v6*^_)p57 z2m%7aHhpRS)sT!6ww;MW3#$lc9e4n%VXb^Rgf|hiPKSRG``Jdb|)iq z$bazkGGU{T$JBy)4}H?XOJp1A@EcP<>bqVnI-ZMwEsVaGNiL=~?+-Co^?+=&ReA7Y z<^xG7t0f|jkZdKg#R~V(_l~*DB2BBRYVCR$f9gL$&8(u@^jVQMvL7cJ2k)jQ^tcUB z>H1kJ4bC9FEM_CQE#%&3ZzAeB;Jt|#*kT4|O<8BxN#krbmL_^Lp(^4SPFBrRe@MM=QF*RhgOzM1hr}z61M3b8M#C8N%sU z%l~S|ve?ybFpM?$J5cavF3?HIstWVNO{f0ntV-O>OpdNJdibf4Gk z)X`9dvb@oXQ|g;=R;Q{-cT#ixYR1DBu17B)r2mB%$|UW_Ro=5mH$Qezr^5JN*rwkP zFMt>~@JX28UhZ(XA?#Cpyc=5OVw{pALb&;nl>q{$WjW)vQ7|qb>2=Vkm4(oDev{rpUrXsFp;@Fs;g88S6M1k!#JN!Y*|kHy{WjKE}VE*LAI{d>eJ2K|I1OnCtqPSGq)TzQbWlOU!m?>k ztwaLw9Te&+7_@1)``=G>re8MhSOr94Lq(+yIeILp3sDaToQT;_V(xbsJ}p4+(K<=U zIDuIV$?TJ@kuA-rgle{CMXs+xb9m?Zrg|UH(lDVWdp#^y7N!JZo?Pc8tB_pXgbGYN zoFhvgKTO^ueRgjtW<_m-NaSpw&1Lo4b+6T5mDRY`KGcp$JS@0GU~B;jVknAkmG9*? z9ORD%t*~V1PYbJQxpyrV)=sCRuaVdZR$D#(&09oL|A{+V^y% zj|Aq-*s!Q@lYr)Ze8HtqapU5w*xD7{3TasZ_AUMD3o`h)2z54NN{Hj7@{?rBid%6a zt7p?Xo;y|C3EiF+$;>bR`uZq!QAQ#b>H(XYISuQki}v+6hiH}*?Y5qsy5cE#4)4K2 z`+<8$^1cih#Br?lY(Tyl1nH1kpZqLzJi0)Nu%YI8pMd=NT=jChji)H|P|+NQgd^vr zD_!uY-Ua5mI+nX*YHd`b{JpUyoN*&_e$4x$i-CxspLiBMr)RemZyUlRyjzvyr`1EG zlsofRX6LcD@-^Rqc|ME&E;1F|T*Zc4J1*hc$s~31SxZjEI-Ac0y4Vj}iI8)e-p!5j z(O?gw;WoLwT7sSZK^jwiv&HpBv zD&y9*9hL}5ORdTStryQcMmFA)vXXO~sLkSpxeS zx+TM#H^lLkx(peRrtQ)l67WJ?Q0E1#d;aU2;|`&CnV0$@U`tXn#5m1nn6qD8eJFf0 zUIDG?zGK(d5-&`S?a7dTsDqTR1-c?b(5h>^yK(PE*W*3)RPr6ex86j#Y5cB}0N-jD z5h#whrG$Pv=*fr=1+!573Fcat4Qu(!DY0s^eR***-=UVw0j!7RyJ*LSCb5p&PMr90 zMj;J{q?jyi0D^SrfGoAKdeUS3qBu5mOW7!9@t%NcZr?qDM;k+Xz;VE%n&^n)_<3PC zWCiOUrAyIE4Qf9kP#00PS`wc4W+x`wk~q1+la;O?nZ{EHodGrGi{hli!mwlLsHaj> z$o;3n(sG}qq7{Ng1iKn#jolS7pQslJ?P>V|%T*o?%(F8gN6JvFVWS1>h>7H3!9o3S z4fPK`!be*Sc=ooJ=L2pXdsZWk8^9>9PwtUyBKAsTqdJUfv6FRi6BO6NBtGPN;nl}R z4shI*wWBE!k+KKk(=bf@DLhtQXDyank5t+H(V{$5yn9)03YQOHIQe{XdU1H~Wlkx@y;}gHSpza6z7S$lf4JuX4o5Mj#%OnY0|6%^oy2{_RdYS4 zQvh%3M_NcYZHPODP@ErSR^RH)6TIL{oEA8qTmHr8EzU>i;!=UqYpMF`#`XG5go@1H`O#&$ zt#rAam##U(L1SlkoV?;~+mx~(Dkz-3MtMOi#i9NAhIfVL^NqO)i%~jBM@&w(O@lo` z*<@m6_&3${no$aW@T=;c&G;A2*1WznXYn%&d@?dU7*(uvGSt-2};fR`0D2qu2byo>`7(B0BO_YjqD#Mc*0 zeP!!6bT*8mlyvV3?JNTLl}h9fba*E6>n`ObW<$NJU@wZX7h(%(4q$qpAoJxi&YDicbPRIo|@|a~wE! ztsZ!m6wcp2duhB8JkQ`Qz1ZMOPD1)Py(35Xj6Am@=M#4>4#N-i&>e!0htZafwoX&b z*<Y|{c=)pV@gw&)--{Kjg?tv3Rdt%skt zW@9pHVV8XOBQaN;7Y(ZEPRK_ls84vO-nqP0&wJ;xwp6zW#@p>MShnjUnb7j!_+_4{ z;N^jI+jE^oHYb2ZvX15f+b@Tkr7$H`;+Kqd znVb)rWjf^&%%G1ATtv}qWZo*j=^L5UPQS`)7~O%!5e>}?E5{LqqOO=Jue#9sv+)Cm z&re7y+YgSJ8zUeIm}^}zU#p(%Hhcg~Mfb!5J=M9$fsi2VD&q&$^^(N$gw&@k?*fMjvGc?o*ZJd709Gb zi;E`yR8i$oUSf->l+HY);obo-41T4OWy$f{=ih}Hkc3utbNIo`z#7NBpzgzFm}I#TMNq0S#N`n)sEa2tco{c zSkY7)o4yJgnQU6C&nS3oMXP*F`Ijg>k}DNPQ<>-elynjvM)&Awq{6sbKLG>^wbYr- z7qb>M?smi)Wo2UBS2{(m>NE9Qk2Wd4;;i@i6&{qH3sypS@bY0qH7$Ne=&J|-h)H_H z`i2QGqyTB0gT3_YO@6S~gD3_1a~?QbGnWU`g6GWwpq1%TS5wS-{`fhAID z#sz6H%UVx3zVv9i)#z}A&BzpU#UWl-^AKVeh4c{fttW%DSRtwyRL97S?cLKC;|)%8 zB;Eykhm)QnI<*QNLXmk?^DyLLEsWL@8FslYke9*)57)NC^~yQ!K9ei4CEE)&l?eB2 z$)s)YNBik1ck0?qa_}6q=)SJsF&qzNqA8q!i96pTFYO!55jcg+PV;S|-ah1$)+4tJ zo@!IZ<ko1}8FuX7`Z`m0Zjlp7vyRST>1DKa=SKDueAoDk}LDlhR#~am+nBemz}1 zpKNqy*f=>)V*S|Y4V~PoRH<^#K|^X~Wvx(;3fL*cr_1|DeLc|n2WpPO%@RSF66GR7 zq#nfQP~E@&;(z<6fg=d_N%@C>pwFYt|LnBZ5y9s6kl|ndeHK2VsrMDEnGNc(Spf6A zApi~J4AN6C!nDhQ+Oz|vplhdj?Pm3EJ^kZZOdTU>5kYxIbE%Spitoo{k3)N9;yt^1 zSlJgiqC5aa)DD5E9l21zOJ&e89J04 z`kk$HF0_bVFc@4I57~6^7cm6cd^9~^9>kUG@d7akEFCmvlAk(Ibib_-C^21NxEMN~ ztx~5Pa4S!z^LNE7JI0vL9_nJQtyUi#&V(9kEBqtf1|V-bvzMY@=?4AAPcR z!bz!XuX@#O+8S@Ygn$G#Iv*gnl2-5;rwY?WvgwPz8=baGI$h;h$*R9hY6i2~5vYB7 zVdNEpRj;s48G(V^8oasG*5GPwaKg$5;~2V*N&X-3Ft~REwGxK3OfaN<_~f~I#p$-b zqb*ne(Q6!0L0d6~Bnk^A{s;9To7NL?obbE8X{ZKlfi+<(hcR$ju%-5S+oqN7f(%gr zsG-fmnBblEl?XBqiOp7edEN%1-RD{2GYOqCiCqBIB67~>s>CL-56ywXBV&|&O3Sh- z=wiDe6jE+VbINF0q%CAvHo(d@qG-_C8n&H6fHG7GEi8g7n>GaH9E2uh?N}KBhsld6 zisd+t=!`8RtGqUdW3{v#??*cDl#xyB58H#W;X-6OqU*)q#u^M-u~!YX8g zuPTA1=veED(~X>;-dl*gFO&)|BxwGM?J{Hn2Oa76MA_{EdoGBvrfb37Jba%)7=g%5 zw)G~-;D|D-mD=7=f+3YyMV{L$Kn+IHWp-Vo`v^Gu>uIH;Uvh$K$;gqBnGdEH5=p1t zNe&zoV>~SO>ZO&)&8|j0Wpyi|=8*xYN9Ev61+>wdlcDGR-M4jnjFlqN1hWzF&v&k* z`R4s!d_Uq)q!9h;@qfuf6pTd!sY-WebF~QO?`&8Oe^A`2mYK)cRk)lk2fxbsFg5cg zr_hLp2MaZIUf@FgWEe`eDw;&8FV3WteHjg;g)7wZz2Yq*FV5)HZM0c1wmo-B!X`Vf zFUUTZYv+Y$hRoIPRPgP$?lYS+@K~C6{va`YoDX%(FrdsN?d{iM7}6i3l3zS#xy6aY z#Tbv3?$arqfxj;XJnb#Z8pJ*|1yt0o@F+AUx_Kg`bYQOvf*o%SVQN}rq)x_VKDTQm z0NlFiRB{euy-j6EF2>|D%xiwZzf7E|4EAZ$%}4(4NSlJ^&@j<9ftXdePl+knMZ7Z+ z7CqK_<5GMlAA6-(sTg$^y(I&qHr0@wey{+*8#!BnBIgRg+wF4iePRD|u=~r&B)ht~ z7_f!@ubp5x|?8&tvvluXYqeGnd*Lmm_i>H{eGmZFYU3`V~x_QYgOBX13m8 ztyu(@ScEL9A7vN)f?uxA@9H-{u-zXN0p(-Pa=VBQ2slyMV`~MLY|9 zAhN5UNtJUg79YJ{`Zw$PjQVZ#^CEmCa*Il{|Jo@*Eb|Gvb%$3XFx+-8{MZap+Z2E? zixU5H;|>Zp*2zjlZrrX&hHu5f%736!j#AEXO|hazqXKJ2@6Q z6vIWy6twevNjTh?^sZ_J3qK%~1)JoGy>eI9uv5(bGV^eQJ+c$@9=bVnjKK>PFrh3m z1G#u_rJczTusKZIIQm{RH}m~^N+(VtOaeK0*#EK^BP2lZN6F5Z@chxOpElX|4!gh$ zv+ok4duRTZGFJ|Vn2hK)!53u_RYMvG*V) zI*eiZf;k!AgM8?jna%B^*z|o6NVH&?aXm>`uuD|b>LiY6mN-Ae zqF$H_E0QF?ECTXw_p}Me6$UEF_0)7I%CEG~fa*X}!>+Bu9k&T)xb zw=*SE{m3RBg0lF@S&-em|Gjp4jMt@zQ0{I5jVB*grc^xVwvP`^EwP2LgXE0`Y(vQgx@!ZDi-L;xr`0rEm+l%Z@mxxA94aJ5ggx@ zt~&RY7=%{c}#5W!f2CLQ&;Nn#htyBb8qUuwMx^QKa(IWQ z6n}N7A{l(j5x-1*h|w)64>ViGc|XxQPMyI4j>x#lg^ikp1C^9-C4uT&*o#PCG^atR zt&}48HZoGvZDYcx4uee{=J)+*4+N<+bxm(HK9Az%uGwR?m);f>Nd35i@ge)r<@Nvn zBwJz*T!j2?pE#iLAW_B8|&BJyw{tan(3bbr8IuWD9{;mEgI>uK5!mg^cd(=ebw9do&&;F4P!(|A zd+Qyogv|HJd2G`GbK^`~Qe<9%EI0^$p*l`&7b$>(YhD}@$-X2~3*CqYyb+>+puA_} z>+jBbu-nZlkYCmoTsn_=xo(9UP+SD3EFZB3UIXHY(opRpl+TC^0rOJ3)tJ|k6Jgiv zA1%;v0L%4r0?2~@Ef#wGsqPa0bn_G8&yRlwmq|Id7`$tn-uqFIQ?F;L5WBFue778e z35&AET>_gPK`m-ZWEhf`L*e%QGeV#OK(!;oB>}lADx9O|UU(=BaLsC5IYdN*cLGUOw4W~tgb zr8v9;nxmEB6jpDEUY$P5H2@J~2nq)4K@VJJ4zez2AWiYbn^!-Q7>reDa#{6Cp8Ij^ zQJ%BFI@cmzkOX!DiKc5qDE4EH?tej5f5|?fSk@53TUrECs`8J+u1Vs1Wc$?bz?k1w zC#65E2U_A>;&T>jf&m*9U$QxW=-4?2^n%rWlq*`H2m1Wb-&&&+=G$sXBBJL}8A}mu zWg-l|9=3fN4g)|{Qzm79Uj@*XKvv*8V>wh8;tB_BCqJu@Iz1S#>dql_vY0wrJq6TE z-QJGH7X14h;xg+BmvQaYAG|Fis(+?O`^aJJ*rQf7gXaS5ud!VJ>eSVtRno$dL6Cs8k zjcvB$2fVrj3i@%?YSrcmBr2vAQJlYzh!tTVHI7Mk5zucYt{M-zBgZ1G86TJp>lY&U zc)wjAJ(oi4!EX6U5HQJ|6Jb`guwqRcaB>8KN~1+n8KnVLApC8ueq=wCQuDyfX%ESH z&wBh(&_}l|v+hRO3csKpSTRrqx5H%nO3|YqNdblXZC{dS0#wO=TNQKO^9O+wviYyY z85fxl@^D}KwXr`Crj67=q_qVrdoz&BFGn{kmwb49cR-`)DlMV z@+b~h)0X6KX&k!8;sV``n!jrIfBhy4VM=*j%q!e}(7D z5pgY|oP%2P4xAaOXevY`!|A*>ch^fMbeY`bKo&!Hb12gYy#sh(`kH-qDA9TI6ww52 zmR0`(%ZV!xjPmP;|DtmgrPA0}u-TsfwcewC4-c64CdkHxeUPTd zyKa6O)9$1VFGzLYcpZ13R?Y$1UumzZNrdL9l@ufNx9{$t>8eHa5TTskfU6ZDT&r4a z7`O#=x`*O<2yY+ZL<1tdxbT^GF8|SxW=g2ugJr0FhpZYX!p|#DyhG?vynf9#j=y{^ zWhC~2n6dN!eob&ZiIOO7L{ypXV;l%(&SE1rT2s0^H zEw0Z_)`Bp|fo9(B$d4!mc3{~_W5xFD{;660^VC2YoHnCXYV=pU2zf_5y$)}G5ZDdD zY|@qJCw~Zb844rp%F4F9LWvmjvyc*0e81bjLX-5v(W!2(>}r#d`G8RSwsr@>SI9wt zpf6&6HN6m@80e9T<&nkRTCS_1LmkBt51)`(iBn7eCf4>*LwF$%9`9FN+Y^VL{y$-Q zZwVVYEvX$tfiud%vD-IIfr;s%-vj=A3F5IgC8_ln!DC$A&F)m|S~YUT*WCBk-3uJT zi2{5a@RE^XGEBNDx758z5#;Qxyt#mTTI`86jj6!bVE#yLtH@k56nDk>YCEAd1iXqIMvR%fb zQk;Y|T1wqsY&y^dMU|Rk+P&Hq&irwB1o=?<&`k`wLv>nAO`3A)%%u;TL&Zj8!t+f) zQNH_*F?axvYNj^COgo|d1~@`zgF<5s?$N;9Kv53RoC9C+xlI)k6faKz(PMleMkhW@ zD^(e7Rs(RmJvfgUaJ&u@KGkJtKDaoZ?A#1tFp7_NehXaEG3!Y<75>EKzki!4OjhrOiv+hP)T{)f z#6mv@WnNic?PhZBLk7Eu*!3C-<*82pHmWG!Z*@cgV5h5<4I>aZk^Y?LI+ac0*SOm~}kwHaQKwnr6Gnl2~ zvi8smkx9QjmMp-X#cRko=-{!l-?2}Zu9dtyt%j^0nR|Rv%Dbl5 z6#iZ=#~lRK1$}XhNx1e1xy;z=-Y%5K7Ql(V^TpLp%66vf-NEDMOp(^ReBg@i`+iBT zk&r7|32bMf`9nHt664kEpU+TGo8t(AKvd8trk~e+@n` zP5kRM;0t!02C_I?6rbZ#9(hZ52(BHV)6p11KENwnVSj}^&?uB0{fEjdETBGXD?c}K z5&_Tmrwi2^t@(h448fsfg7Q^yz(q+P3RNSh*PKinvX!Ln|N0gfmVM}n`@e~NKcT0)oh{ZBeIDt5x`!YY z$CIDyR0YM35_%|?yKPjxN$J*p@K>aA>fd_y$b11iz{-h2b5FUz|G3FwZo$_ zy5-Nm_EN*@-6`&cZ>;ZNda4V8JI6UY!<7^Su1b}TJ69!9N(%I@2Ox}<4i!G>1j}6J zfi#X>IsK}Q{td2v?E@qaiUGWR%W~_NpxE;Z(LNEL;J*>W{(qWi+&%&gdJ626!lTl+ zr$NmqC*3?mWprn=S{g>z=HLhvExfh?Trvx~7~3EO11T88obpH}a09M9!mK72aC5o0 zH6ZZ^8G9q5v7N&+|+H8S6Sp9ZGsa6kACg5lXQbnF-H6!*4{g+=`QaVrHJ@YL>~na zr1&UGN2EyyQ4o>dJ5r>CfKsJ|fCUQ%5GhJmN+5yIK|)ihg7gvyQWQfA9Rh?vI6Kan zci#8ToH?`Zy=(c$Z@D7GU`*-)4uK|Nm^&|Cnk1ab-jeI@s1M=)AWlVaja1`5VJz=6)VDZN z>_Q+Az(fZe{g&Xj{CBkWUwp^euD_SOYyZh_xdMD^E5c#t@U+yWYg7NW`BpGqoOTir zKlMMN9slpi1b<7R0})29m;W!Vv?j-BB9)l7;~HKAA2qFF|E&xNSh>Kh{J#?}UT5C_ z_kFate%rpd{v*8Lx1{{P@7sSz*8j%b#Q%*s1|TpLQdFir@aN=j3~NaKH)1XQpMX36 z19s2WW~~PiuJXWZJ`Q+^W#HM40Z~{$=CVQPn(&jT2WOj8>@7f8B^d@5F0rJ3r4dIs ztfq&SryxHOFnGHwXEGcRS@L(k90>z{z9q-Qy_DkG*;E>Z_pWml%-l4x<8~_uQ#zUk z3QF=q7ADyMqY3V;w2lqhVGo9eL14xllfol+GzCe~Q zO+B181-3V35GM`=RRuH<50jwarJbb)`&-xBuNux-QTKobi zkezKZZFVyrwCR24p6N*g*1=GBNmMT{geKwPqqRq7s!svuU^ysDwCqGG&|D}qmrgYp zl7gwdAQQ@bYAxRUO`_pQ$pI2{y(w&|?Y?b-lpN=}r@jeys=o zu%wqj$k5H9ICJjF_Ku1q(Cf_?%@PLYiV`A#pQ=Ihd!9K z#sEvHS_i%!`$D_zuW+^CF}E``A=khN97gGdQwO8jd1uuiKw=imTCPZo=`UgDzVa!l z4kYXrgX4b_W*=?}sz9s3@HuV|e|(hP#;x{V!4jOhDL^yfEY&m}6qAWUiknAyy`6wy zHiLHJq3NxKK)vXVtlBFJjpa0K%Fkv8ggKp(ba10N9;;|E1>NcZ6`|n)NgMMKn_pO^ ztmb+$mix3giYxE<2Aosk&!c(RLGB*20v~k;%uIM12&%*nI|?%yYv&L97P9c&0}k>U zm4QNNee64AsLDh{t2J#cVxY#?(S5oE@v9!lME$Z@$tyrI^P&~-LIJp+G|V5+AZ3gk zDp$(HLw*Vz?mh!A>+IgnVuDMWhL8gv?f_fycbeu+UHO5;uh7-LomY+MUxllz_N;!x za+N^DB~<;!(-}z3g8+ZgU!)|#w#S?(7tL-f!x_4UNLu5uaNtr2EE|DIxhNV5o^&LkntEG zk0UhUBf01UWFHJ+l>oJCpGc{K!Hy?7PIX}go{0=s2l(~}uK;E4qMFv%-kT3riz952 z>3%P(Xr*?+6X2or2||Uvl$vo2M9kY559}0X4kvyIdzAKiwrTBbvpWSGh$duG)QG^x z-ZZhk$S)){A@Jc59m-F2zA+~Z)5uJ+9tr+U5ci#iq>kOD7X@=V_H|hGd6{hY>b0;Je0J( zL;e-G2-{Vx1;mCoU=XWlDJnGi`$#Y-{?O(`%S!E2`{%51u7N_THT6KcPJ`_}Hc5fo zk~cUbco{z&kR{Q2dahPWGBg=Cb$gHU6YvQS;Axy+^x!e`JVT_yRrv$qG!v-g!k@!(tzL7o!PD137P|+eF|MJRzP3A^J3@oC@co%f! zT5$BJlXx&DFT|Q_3O4pv^Sq^1qxeLi4u{^FvyXmw#A7x~LsSCTxrYU5Lb3XF3ID2Y~FCDNzM z9?U5y7qm2b1=8u6v`%jnVJjkIDgIlW3>FmwSqJmJUf_U8!Q9Go^QuQXaWZwNfJHMY z`DVlGDu(35eX_-jbq4NA;d=^DR;=)ZET)TGa|Z|%TZLJwMPxDuzOU-FsFNPTuFB!8 zju2Guv!2>>y^t@Pyyk7arYD+#gnVu?I*Un;JLLg3w{7{o=B}cV7LFz)mE)o%Rom*D zZ|l-KsTqlSWzj0cO{ZV;1b`gh3`xD}xg8Gp?qgQ0v7+341A~a#S@e3CAL9xw!Umj2 zW?zczYHL2HhUz+4?m8fBIEVhszmvsiFXcs7EZAx$q7nhSN6YcKZ9RO#PV=ePTku|j zEp74@B5LzZ$;8I@#LIS=utyjmrWCqt?+XX1CH9OyP2!6->s?zs5e6V_KFj1`1NQ96 zLqI-_2S`xne3-7zN95!RzWnt`wc8QQ-mD)@B9S~~F)JMrl@xps+M@XT{;xxt)xB=U za_tSrH?}VKuvMcq^tLr3!BmLp%KTm&OX@Aj9LjSB+oaR!*-mtMYrEfHJwN;c>m@Z3 zEyXNhDfzcqBGx~jP>W-@N3y>LQeD&`NkEG%V$=%PvHZPw1Yb&_RCl)5VrUUp%0LHq zYAQ;U=KSXc(jM02KFY7$)fY6tdE&xB`L*!@_iYp!gE}3~HEFw#9cWlQOQad;DLz|S zj;d1g4)G!)O)DpFV{snvL_b)Yk@Z9q?0(+l<;xSNNExZ&@D5UFpQp1J`=dYB4PbV{;6=bi`0+duMz5$}W*6Qa0SOa}nH2!$gbOz#J-fQ^LL7h*nMpVN_ z^KoGUL+|OOH;c78Q;K_RPkO7~H7bzK_EltY?3u@xFkBCG*b>j7*!m6l_ZaK&xs?wQ zX+G&%@gG&$t3TJsVj+B?t4(KQi?biV@>w#r#uGBNs^EnQnVKYTQ?IX%L>7;&-U8#J zKm0L|w%#Z|elGgPYm(+S?0K5WMVodZ6jXqM-yB zzCY=2dmSs{Ck?yQX%`up&+1klGOc(C( zh-lD@u?($Uc(+RcCW51p3){x*6R;CcM{?RQw;TICM^89z21=gp%hTY7nj+L-7c3<} zZh4M{gdV^~h#hhJIsOl6l}6E@y$beejyhxW@EPxnU^%>{$(6+KCV618nP3v|xKT(G zIJmK@vu^Zzumb=|w~9qU^eM-zQ9jW4n~x!{d=m0{2E>o$s!d+$CD8>e^(K9{-!_6I z2nCb3S;&*|vR)={hn#G33Ot`k2#n5_q^wc1v;AQ~AOLKk<=_WMgu0(&x=XqVJ08F> z5QwSg3Au%PRsH7N>4HGv=h~DxUSA^KcuoHy$1WHzzLRqI@hQJvzX(7;h9rdSIlL;f z(uW>~0oclCNJ=1kfw5{R+qQk`;{%sqsX0NS;pt+A2gUzl#VVea%K9Ngp`GPkLAUN&s$alKjJ3Fy!Dju>bh@jj+BL9b@{c6(&n?oPf1`Gar#}NMoVou2?-k36t z2#`hK^I;vNMlp3E__A=H)`g0TmtmHdm|cZS4h@D$#Ro>sa3v-uYcLsVFwgPyJfedzN)GoO3K=4AWd+tGygW1!kuEj; zdlrDIFPQ*duK7d_ls6btrZ*SlhGn9)Pnl#VCp>z6Ad}Ka{DpQBu{Si^quMhig-|tPx>p!CSamo{lYan)bN@qFVWWE>6msOu1V_SST(ck6muRhv zd(`uOB}VCx`c8B1+f+@}M0lnE{2bL>)A+8DKX!F%joTFoGb>G)B~nrD`gt-v*P5xo z14!1tm}%ZTr!&z^Hi5v-)r#x z-ew*BfJ0G!4c&iW5&!C{N<$-11I22R5nm#(LDHtGl5SQ_-|#>7d->r+sKYTH_uuYX zN~iYraI?2Q{0&q<)xU6icS)2-{Zh4K|FKe&?E)y7jg$Q=ct7Ep!nADuy_@KIizD10!^?Yx z%#SDwb-F7}acZ)wTgrMEEa8AvDgD74&Ya1Q`jZUHPI|c)ZeLH~YhFgiw}b{ve%Yc@R_ok25wDuZ zM36GeZ|VnxmeJdq4i8L*$i>`<*5V7D>xW}?X9|>28`K#}!~L)NlA6vpG&F87<{jZY zzjmhOgy>P}56@Fh-)1i`w=8_#CB!0Wqp4vn>?J4KYR2Tvd(o)&4<@}6P~KLzB%y@s zttXi3f9Zdak3XbBVQs+8e6L6C@+z<2)u{#xzu638X75sMdc}^6^3kbRc-&}M%iHex zeG7i)X+7!go)RqaF-F1W(l(cccn&>cP#xYg#wPu-;G<8=Ck9^CMHzWXgRZ7^gs(V8 zKOKy90YJ zg3*ZES=IGYtQiCx;C2%9WVl^R8hSfR4;G59v{97@c_X?|#3GAD~&YNJ=gm#xhl zl=4-i6EOtEqa(ZKL&w`cJ^pK|%)PLa?ELArbX=^KeP_43)TOl0i4`-9%ZVF!9p9yr zKY%%A?d`;f3^!my4OsxxFrY|}k_ zS$|bY`jSK5T=Yhu^mb7~HFCo^@X(0gn_ohJvG(P#;ji`Ad3G)w*B4C3w|gyaUizuQ z_DXlNW!gg>%N-k);)(67Gz|KV+P0;54hB*wu7o?iVrqtyTC-}_)}?`aE^~8(Ym39^ z7$}6w{mLxU?K-vEe*@x3u_5fa^o4d>vel!~eJ*sleQU$P7V8&--eChh!)u5ey=MZ6 zRW9QTXNT2mTCzW5hx67mHavHbezj0LPfzDT`PBR*i#JJAC^zokijpgh4Em&-7QVT? z(}$&ZMHAb0oJ!^Y3o-o{2%D4MX%Cdqhei)Q73W`o7sg+7LZ}QI_40ggS2&0}ZRbGRv^U6&)0E_b(jwbFjMLhimL z|6)Qhjwi4!)9U5XqID>hcQ{gBq3~`tld7;rc6#Tys3C5OtKQUSdUdWF>a>zlc319a zMH}90Y1wpm-Qt2*S8#Z9V^)LTF37v^Np)nu?_zki^?t}b`1daMdk6I+pR7YV#u}MA z6B%We?2H;KCFM?I^zgB>Wg&7)ram(Uw)v)+i;wPjlR;?mVr?Fl19k0f&_&+T93iB)wolXTx~b$|~9$o+~{ z&Ck6nS1x&3td5`&2|T0uZUN!NC;b&mKk-CSvZa`U7Hmv{>%Vn4wxc>BVN)Z)#L#JsEAT5nI;YeNGrGB?e^Dam=pM_(^{=r6fK|oM_G4W*^dpjGzXKkb z46!$#!^n+TlEvoQeMcWXp4=O$+3QbgZa6A9wvO4TWG6TT!*W)>YY$o+SGKkav8*lB zt0h;uI0VB>u8s{6gOGm9j27af9X!><@Z!xOwf4*+`L;=V)?|b6fmirw`?%Cc*rnaX zl2fg1KO-}UK~sH5c;?2Y=(V0|$R>ptorU920ME^2_kfbJs=sx7O7&{iSf~hyuHHBp znX}$uI($rpcxacQ;$0N)maves~iFzE1Lz`L1!%{+RY*YB&yu+PSm;dzT*u%T+=05SP#g&>WrJH zs9YY+u?pqy3t+lzDKzGV-T3h)b0NSNcc4u)DXnJs+=Z(dm2tFj$YSBC&i0Y842Jdx z6%|3o^}kM`!|4(*=l7811(c7`Nrp`FDDlLs^PHbN-R^99*6m%sAml$(ktW1@+18#S ztM7J;a*3Cq&tHbb8c%%<_#S{LxLu1e@49-N_JBF!Zi1z>o!+Nkg;$Q92fB(Br zTvBU;I{Xs_aD7_z2Xy_}Yqq~4KUqjl^G@4biRF2=z`myjy$wq0o?AClY<+6;tcvBn zfa*)Jm{7Du0N(78uUjGkFVQFRi&SwNF# zpcJbX`6Yirrse^1w)?B8ef*1L%f(A{g$uiQ#f7-M9!F)J(^qDn!J9}3-rSoP zDmw@72ufvU#ZctXWm`*oEiXtP=yWx($gez}A*Oci{dbv2rmn=P4qwfeol}5R9c)Yr z`&lYjkPk`dP2*X`N07BQ3FRO79}Hcw++4)YsUGYV)sG~xGhO%KGmi?uH}dI_Q2Du& zi{fya#`7S5pj16M$Om=4bm~mEM?Qg0x2b-X7_i(IDxpruOs%XpT%6FFYm%yozzVF$ z(S2p++ar;Gd?#X(bnRJ_1jdN)!q9p0LIyxop8gzpV{)`u(S z0o-=e(}Bs>rW~^VP#_DW?joTJ;g%+SZ&Vf^9a#qRD6iUl^M>_~C+<0llD`5Aax}hg zsYss5rL%*>Fg969OkL=aVn0&@md5f=r_zG`nFPNYUQ&XiH!OP42g_k61~-!7?8MAD zM#4}`VHapwwcA{^#9(2& zl^9XUNB^s%EzG)d*{U?1x=kJm$(w`e?H#uYO3Y(|zsrI9ls*Vmt8hDzA9{>}JJhHw zRESR3^ICQ(Wc_|pPF;vMbp)oImeC4}f47%qOC3?$d`gsG6rjHad+@R2BEzvtv+VD5 zI37GoI>UFjQH1{12lHloITpaIJ~$6Ww5Iah9{)CSzrTrZJbw&XTp~iJ%bpBX8&`*X z%I`(FZkE_op+-669@POY9{OGh-&|O9ffpT$32JN3u6FRU`1}IEyrEzQ=z%&ph_5}P zmm8>blAe-@>~=>O40lj~t6Fr!7WW*VTww^=LLY7Py5afxuMP3btXn3J7uRoFG@?6S zXRscwaU7QRhwd4>?D=ibJB>Vk6PspOi%_n*W00B3(+J@kdHC_WpzUDzVnDb=X?qqc zm-zd(54X8wX<}C{w1wgEtHKKV+l1D8BM&T_O~!rsD1Oab`I{PDw&b0VQWC^YQOY9! zaCwT_eNQioik;=AQ=DukhV!H(`%~MkFz3`7y-%VfYpg zG{}QZekG?O!X}RI@I<=qTp?+grTCT91vR4XEMzSs)yy%S4Vq($*BrQN$y@F9URmfn z@+2(Ot;P-mrC@hD-iND2%xejVo(nv%=;dh)ma?6M2jP>u(Vsk_g9@=Vp4($kx`8Gt zu_-@r#J*xVH4xAZZp?y#p>2I?^Nu|-Da$E`OL;27&&RfJj$3@1?c|;wfDXv%;Et$j z;T3ZnWMSpRpdOjW>da8SAc+x}w@O?bNwC13Rfy>wzRYONN0B_oG7%hTh)yl3PcI%+ zR~KEoML{{S>swBzaj>luOT+Q1w>EL4FRpHyI8lP}rUej%`^)L$z@Ig+X_beiR~JTd z6Iz-3cVRVm$E-_ZI#VCnCdoPw`>^3x%9*};)PLV{W>mEt4GN%orEWK+i$CmO{xAUm zNY4m~9Jgg5I+l^ja3EYSvPvq}+Uzo?R}Jl{SUw|@e6*;@*9)j^&`xqpsSBa#x$|La zgK}e+>*A6a8|C5@_aH@xL3vq+IYjmQ>05{jxKc?#dVsGbhl9LBuW2$iu!^vI0~|U} zyycDp2IowMc=2*i=kjhFioJ&836e$uJkXaqzXS6&rIMT;0=q=s48U50gTm>2-mp{t z%WC%zqxA19Z*~SnPS70y8eS^p&cU|n>5uH)1W%tO`&`l828JWzB-04VH-;N!`Z1L+fo+=BuZcmC4zhrUwU^k1HimdcfUL3x$IZ`_(e?_WfoI!V}ub)S4FJ$SVSY-Q#4K5Ndg}gge zFv4Jv$`HSVSm_*mc=4T0=J1K~bTBfywB=uY&tF%`e|C5CONms?19zXyrTX>pwdRqx z*uk>-fbijmW|aJ+Gs#08wlhniPIDhPewI7^C3l1LwKFCeM|NXxC)H3zn#`lZnkt-o@X#G6 zg>}Y_FN9_l70stt)O)B&3?>%UdpT58g+tOukbcG~r|;xB{3%-^Cx~;mZ+25o4(c|R z(zUTT95TWuEJMgP(5^WL<)X4s^JeI{g;dtW5y3+70ydjCA-v_(Ze9HW*soS!Xu9dq z%lNIg8{!1@W}vUr43+N%eM`zRxD-Ssg-%raEtiCdqG_5duZKS1|Hxp}7$7lHK55kK zXYP==>W9Kxgzz6gqf~+SZ&993mt0l9_;A-1cQ>Os^pf--ijpjWTR59D?k;ItLVMsm zLhPjiRhC2F8!o3|2wu#iBGz#_5#*8x651uSN*bA7J{QJcnYq4XQ$$>Q$R{xM_?7C8 z2V6q1;M@&2uEnSAQyi76EZ>djEGJ|zJH}(>8*VeC?+`G$^BorYf0N2_%0q2xcUf5* zIo;_wFvqFXDR={HgR@8Z zv)cG8CM8v8?sc9%a4d}5^qO=waj@+)FzpfDYB0&}YQODfm$U_ujUCK_?DKI(x1}MT zuheF`1-(btZoHKbH1U+A-k6SKSZ99eM3^neiDmH(9ZaKMd;Pxg)N_uo^ATUgH~6Nw zPB?6RIKv5-`A0~@|KqA}iXkRNTu=G_#-rN14<8D%9X}o&6%{4hqqZCjUyRwKSiK25 za$??*mcIJLF#PAK^YTAgfL|*J|9W&yIvqGwJ$HfCjc*n<3*1oXRQNTrw8)K z=yTu-?*9RZXbzgRi^r1W7#wej~{aX;?G3?xW4JspV z!v<=1ou2!Clx(9!fs85HgR{I`(eA25>j)Dbi@GP4^*=e!ZwLIT2Bxkvfp4(P4YP8; zPxbeovpY9~h)8KKYunX=*XwbkYf>t6ioGInn0@7K(LbGC=1M^-##8Q3e^vv-Pbb;i zw(J4)EieHQRCo$qI2|{*oi8k%;N6IQCnX=iwhmpo3-Z!g%7Q;g52Cd@E+5T&!aekQ zq~xlxK~R0y%oJsECmQfc?^Uq7wjjQBe2V|)_{Jb|nAF~exC=sy?t(7o^GBsmZ$hRM zO%47iyBqWoaD~ml&LHoVy5v$~mD9Gs;TYR>3WSCHJi+@pI;COB?Yw-dxZ&|2$rgUE zfodov)v`;tRiWz{6D!w~tb--@g?d`C{L54T~6pe97a1NMZ1(7y9?w5;>i?XMmQIcp$tNauCpz%s_*~c zXr^Tf^gxqj^5P=4a?Z=2Hsr!ucr?+p3js?YLHvuey*Z<_N1?~~2meo5J&7i{Qllh$U~ruq!_o}M?#RDlfYJ6sJgPp4U{fs`gN<0o^wFJrw30#-*%`OWH4T!6>nkT{`QTQQ z9HXi<1t=V=w&yADJ%{b=Z&%wc3*hLdF7BOWeCu5up!$kFQ4{*h*+?Io;xU%*9&6Cc zosn4!ECAn5g#971;lxM{U(Hh)4c$7+c>g+^2|M;EB`i|K`Tn;8V!5LM1v95T5iGF~ zVha7XU*TXnRzX-A%v9Y9UJ{bb7(DeL9H>S1PB5~ye@}BUa(u3O9D(h%n%qYMcx+I0 z6bZ_3NDE5nDNFG&Sj9?2Ho54|*j1{`(ZOi$j)Y8lxyBW1-N7R9`H*nHa&iE1PM4h0 zF4319Q51$=VV4%XYw`%J*{ zh};B{TbRq4Bk#Re)6{l#O^a90}8%cT7onXA3%Rm4A4kjaBs-1F5G^7>Su?XItj7?sW1Fv3kw@w5zs ztX3bDMzRW2o1GUnqsDYzI5HRYIj`7~71f`^Q0XkiU1(tc`3BHmLpwvg);vH*GJ*%n zR4p;}9JrMYcq-&jH3Y`IgDEg#2uk4~+I`o{{ zPOaz1{VcgJ=FM7i=VZemM~bxH66h{M<~`{(BQlg6@R>qPNg_#IW%`yEESQdq6n>rs zv05%~UK%Q&@eWINXF68!J|}^Rp+GaYCuY?Dy6BtK5h$IBLI`SH3TpXvV;JN}`G;3Y zGVO^>uWAYG8L=EMk5rNHb(`P`C34gHPDFO^v>R>i9__bq2)_^n)k4^~^!`yuU(NFY zEe>0IEHIRtxTMmjBtbq(RN_~XB)H-vl4RrpwsoT_Ku`YI;3mztQ%vNmJ zIFvlH37`^F(Shiwvd(%Y1b$1F``P}rl5}4kwH7m_ zl~nx~_PE0?hz3pcT!t^N`ybR-`Zid4@*4F%@vk>E-FWQ zlMJ6vn}J&QZ?X-AOPpf6&7VLm?V}aa?Vwe89o7@PaWgrQr)oua?LUtsYinzN0sC&_ zmivUvi*B@`Dr6py`lQ5UAiAJ zfNFm*IKY`$j~QO@qSE4#2J5*l&M>-n#$Y(aP7UN_UR*zE?3l63~e4Y&$2aA>r8*E;bZd7v%ke7 zv{{0I&tr%S7JN&7e|!o$S^#e%FCRkfYN$25@P>Q#;gc}01gs3g@tWviA!M*vu@Isc zsAWSc`QA-5U7p@7@aeuR+A0N2;>SmXKhG@ajwOZ;o5S`$R7tDdLRgnzpTw$T;?6dS zTo|%Pg%?5a>4AmeWS3A7E&WTpP37+(;{Q~1f{79K*V;QNyBgy|Gv-{Z;P4;T2Yty_ zjzgD=Tu*^DiQ6)2lsnjE>4(S6GqA-Q6A`}Gr?`1-k)CB`KihzG4SBa4eOIq+-GxVB zY6O}is_xSKQP$C$+xkwNYEtflvfx~2y9o_%tJGNpVv%@HcQC1GcZAd#^3!%cCPdb8 zLVdVu&vmo4t;{pP`%|Oz_UXiAOIVoq9iqE{oVeI{@2HXgP$f#;+jjlwJM%Y#A4fGB zI>N$@T?yf+m|?8*>aC=~t_v=`3OCivcWhIZ9=2;>5Ym0;ySc(7Z;dMfi;O~BIu%&Qdo$Cr78NR74JnH;R`F z#BoB(XPlecWMg702+EBuvWS?5H@T#inlfb5LC6mrFK>E2*?Go9J#^^4L8kM}1UMfm zEsTRYmx-9k;2~0%gb-#^~YN?2w_JSpf2&x^t3JutY63s&1E;ePeMH zbwnM`KVM%t^Io2ha5_wJwBV{o*9dG8JNqWNf<#Lmn(_$QhKf47tUEW9S1u3PLn^6& z;tbD;ZQ6JrbP1bpAtW;rUdEgt+XcjlM&2bWdmeuoPLU3_&O z(Z%#?%0}5MO^c_FY@PVsVqch8u^}!z%bWZi@+|f#Uo-cW8B4i)yCCM)Q@SM9+;jtH zs9r)SsfSD7I$x}eEHEY)Zn0qSRPb?z|A^X)kGviql*u zTc6k^Pb>03ZB8x(Mcv*}?Ft(%Tb(`IoOyE*BXTqUXQaJyvXrC4E86PAiesBU`w7!j zyDUTc<`&XlR_5wv*z1;&V87!Wr`}pL0}FSivr|eA;zLu4!hA%oTJZGAb&k08-c4<7 zBUADnWslAwLju?(k=$!G;w53&%%n=SB*w#UzFqI&Y!?l30+wW(G8F?$2CoL$1vVI$ zhiUb!_wQqy79Ffey{k2|%km3Ko`lvO9aYx1?=w#YaG)t?!g6n?y^2!te7AAXGp9os z&SWxcOI-4GoORJKD?7k0;~y%wg>so>`Zqf6s#sgEZt-dMuHO6L?yM&-c{E_Gz&Pt3 zq_;EGqc@D2Uhx!l4&64k|2vH?1twLozGp_ZpgOPK^$d{0M8Md78|+^-X&As>5A!a_ z?5cZ@ioOk}8z@g(!56^Olv@=f^3vjbiU{z~k5dUIulV^lXIArn8FB>eCFDxk?IE8r zs|tG6H@37$-cfKP&0vc*Tn_hBzC4(?W%rIraDkcKzpU4%sUtRc(hqm0?oR`Y?LJ~k z%!IzrP|D`|og;#X-@R1-G`svBYO0UZqjwhM>Aoh9E1e!?rEwiyTpnJL#K&6V!kP$d zxXTU56Dyy}dwBLeKQNeh*YlK*d1%THiVX%3sK+(o=!3|F9wy!t?foC>knh%KA`{b)qvM)3 zaHRH!&a90eAZBj=7r&!K&ZZ90WYX>Z-Lc)==nS5cY&KS^iEXkUN>qvvvNYP7dE}+8 zO${}vml5KPzH02VixT9O$nhljj{|@URaRxlbpts~pN0(Qw=#O3S$Oj4FJ~5=k0_zPg^!JGs4e_l7Tv{O zj_$mUggj&V9OO0SJdP_{O?37Zyy*aYyolQOv>!QULpdF`=3xh02~^moOU647C$Tc^ zdxo)$R=R2mmnmrQnv)ADDajJdc=9{ik?3o_Lk+RBsz-#+aXF1csXt-?U$l8E$|F!0 znp#=3Vw}8K?KVhSU=)xL{AO75!+|m0dG)r4W2knYe>~Hr7Kae;;hSq_=3uPrCM`;mCC)*V7Pu3gB^eWJK64UQ%F@MeUu}j1mhyA zh+pN;^kDDbG&JZIrgJo@spb-W^=xV)wi4caujFg6*KsVBEm}WgcVCl7awk4lpnt15 zb0a6*Ho|*iyU;ItzffFQSWJOVSABXu+_cfzvN$Jpq4kVodRzO7Tl>D1$2fsDbo>iD z7^p!!Jd!G!h;p#nF&jQZ$`V(keOmJN*+5PJse~Z9w-$KyZ7;N7LFI_pA{1wXId|^; zp0RDo;&F6Bb>5zSH?l3XF#@a7RE!2u&x_7mvk*TV12I(~R*$yEa7g$9-|(zb<%M z5i4?4Jh4==Yr8JSTtvYTRZ&Aq8FwBH9lrPZ(ZiwX+H|a9V|7t+ui9{9^JPBXt`xo; zQ3`g$nYh6|!O89Xb;Mq6?iX}i%u#0O==Cl+re9X^8suU!D0pzO8QHc}#U#BUX}fLO zf$&&@^}tklnS;JrqjHs&m#7#QcOFbqp`Zo`4w}4ToaX{3NY-boqxa31qxX*oDJ74* zos6}w)eM^0(8nFOkMo9k9kWj|TM?%-K~N+XLO&cF_5?S&o{K4&f)b!y`b)cA;9^38>p1%&Xspj(#B`@Xx1rkirr@nf-Y1uUt~%j zmD3LytTyw3DOR{=`(3$N)61k*r}SCq2hM9&BO8SNP(0?btrVijBg zc@OS=n0toGC1w@{*jMM)k7EN43L%^B^mR5=P_J9Ljj8VSNsaaN`7kF}A^7a$Mx(BWupp{Bs_us&&Wpo$qEjtT4 z%e>Mh+&{wz?uzg%eQIHq9X*N8t1 z6!h7N(S-t+NHc}}JWJ>M1&&X6lcG<;==;wcJJiT0Z#})CpvM%G&Kq`lAUxE=%&Zpn zV5E9WD>Z>ZqmnPHM)v$n6L`#)-|!zJWqay!#PG}=(u!$Cd{cEcy;3J{IO)>g;F+7! zc+Y$mG5FXPnG4$<7vmu6J&uS!+ndN68358b;=bCFyQTMDYaebgb#Gv#u5gv+IPvn9 z7$R^S%n|9YV3DsQ1dXM%Bly`%Ua9wqjXhW!G*>h0*}uk45rC8E95OKi-TT!fA>G%T z5se_>Of1O-A=bns?ACFBlzIqY?Ck==0amuC=3)|D#UJf-;{Uj?^wJiVV;YMUk9C7i zYB-@!%@5I8k{*xr_3@;WHBO|>@_t0CS^08UHX!Bh4gloW+l=Dz*e~ysKgxQp}=Z62=O-RlJY7{2D9kK!1xRxh$I= zY6?{kM~ShfwhNfTmyLLZi`%~i+AX~$DrHy8%;tPzv_BfVpc59|f z^PWC=vw=Rjs~l>W1=gCWYgFK85$W-q&?(ti8*R(@70eIR+gV;*72{YA{t*Ajwf=k9xFds z$WtlMPX{BBcE8ea&p?l9cMh!Fl{~a=VXFY)D1=nmS5)31H)3X7#|ITL{`v%M3KBM~ zHomp7IsK4dK;YcS>5unzYy@6;?A){;5ATgE@2~1$s3AVO-npYcwqRo&xH8Y<%-?vB zT`eS2=OB7Z2X0#q%B$;8%cx?#EbMWze}8QE>@kf2lHs_e+AnJ=_5B&lctBNe)vvfT z485Aj{M5D~{mt9@npY#N*;BHFpnMT(til6jI}KO9PG(93lne&m{yMt~7Fr3kpxC$o zDRy=|dePcsITIQ>_N9$D=y*B6!1i4~buV}Bye+1F)jZaG#v7(|53G4~35o+G>njCSkxzjm zP`O1T_r&Au>-(A)i|lHzLW#A#FdrJt!Kt>_9~aHNb^2#q8jbHsBA4(M9=uZu^m?w! zf=InN{(@uq{88)^0PkKS$f)f`1FPlJQ-&(iDj-aegBI!pC+h7;UeIYv@Ph$lL8*P&@W)xAm_U=9q!R_z}(~ zkEgpv()aNBubw+bexZTcKN&4Lg8}Ga7V_M2@6q-q4R#GNCinY+j0uwm=bVFQ79P@) z3p^V^VV}^QEH%{@g{mjq>6|q1>jeDbv2~r@6Y!2Znv~Y7te+g03sqVKE+>?IPYS>^Y-X&o0c6~O%E-tlvRZaI z*DN+`r+)6~u8`7lO|0*}-?`XpKc6QGNC?!CkFP&_wN{?eAbt)67yuuH*CXbPt~SL zPi$;1+01bWS?@|~L>s*rwY$A*CWXST?*8?;Gq5$y(^!9KD8Wl$KXvEBow_n!g7f?jI2v&TG?7D3r7a?7v+-Nn@_>0@p_l7lQqs z>A^#`{9`n#>A94M{*E$1laiNvU)$#**wMFP=x z0yj`%BhoMEg{wBd9tM_#*?U!-;C-5pJ;cA8Iifu2b>aQqPrreO!y=Hnvd@kvUa8)h z!&n5T=>&G$GH}gYH<0M%IBi<{s$k`NY)Y0PiPV)Wp%-F4nVOKnTGsE{pRctk=2-T_ z-Nr0%qpbg4S?cIV`EwxAY{6HVW9u1S;lFrCl%b)_{*NY~joh1NZDv%L$79ZNozL)@ zql&eF-pZGk0v<6#>A0g<)yC@kOLy}=@)s1x;Oi6Ls7tb*kz^~A4hTv9Q19``UO;xK zjmQ<-C#%&cTkU$w znhtA^&Wz?(8dNnHp|A!8#ZU2DZ$r!}e^q6C1h(Xuz&)6xb{l;XdsUq=m}yh_c}Jg( zPTM^$gucL!30sE@mrljj49g}>ST=4X@f6)zZ*5<|=0RL*C*mEm2Wv}00*`yB<Er&`Hj={@)2RhJO&TEmyUf)!&6V&Bz90zu2@!1zq9)%5W5Ph`;+qTI=k{wx6 z85_u}sH-K=g*}YCG9kCxND*hBba&a8t>YHDPjT&=yP8Z3UHn$f1`nfwX`Ofzf;&60 zM{g?PHu(kpy;g7RlxPV^=?nv~SA1HpzVtedc|4*gaJ(}Rpx^j`1u8OE-qyU0Y zOY7pk%u8*Q9jzI@HNaj9oXHD&LwfuNb{(>$hvfBpU9bjwW@_@%M(%fP>m52DS0k&F zl>|Wj2PGx_K(RO|0Yq&DycSAY;J#*(eyTG|T}L)&MNuiAkQ>&xQlXZ#V~BGshI@Dv zyoCZa6fH@)exD#^xU3q3NIdG?XBs*=Em3uC57%RO#KGo-Jnm@^W;zCs;VAdzJk%oM{A+5*Hn~Yl_ zmPP`HSjddDh0f{A5g-HJ*QNlmCx_CuR^f6aL+FyGmO5&l^>M`h5aJHUL1+QZ#2Q0) zaYBXjql@Fw)6+TGrzwxJr!S~>%%A@>f|gnjjW;WO#$dMPRQ&7@fkanwf1F@y@8PWi zUgXC6ed5sxeG_WpR%Gt!3x|V@=#dg;;{y#8osiH$WZv{yRaxN$W-h3yrfz6yO%v&U zwiI;lPo#hcsfK@ubW=}#b}=UZk?+=Hv|=9T$i5}#lU%7Mr%s0Fid)f{mB zJGbS6fSvEB5;cuJdv50>@V9JfV4f|3c!T#=d1vQGiS!1#?Z$*fa8ru$<6U|!e}JBa zJL)!gX%q767mq%P7uvNb1U}idK$>}?BR}ruKkpQjT7Jxb?|`Fp&lw}d*@;wVt`rE} z9f^~}8!}xhd_`<`r)k0t5t| z*qw*h3=mU(3BIM?;~QOt4mMGSs9;O`4NYb~vm+aOH`PYY(#zr9H5MlU8vn5E; z-PB0J-?wV0&uZte)iM}{*-q5wqv@*{u9+FG#wF#GBe@_C3)e;4y|@e8-i5v^%JbQD z?Gka)WS0!gw2FU}zwq&^HNgO?-&r_51L;C%JmPb#dQ*001s?!I9oz~}3+Kr@S}GOV zAG7~U)|-&0qS?M;c(`R~8V~y3I;Fs_mA#T~dIfaUWh7akXYzyoWO+4IbzN!g(o+(c+-9>0SPc~60Z(Az4NPNq0xi9c0E|4(H69s9&=8HXFk}C=6 zemiZXpHhq$B2!-S;L!~+vF{DRimf5s@YedPLdy=ZqhZDCtlV=8jTfCCcxmb{Nq8`YFb9@;Xi-L&58ns^|Y=?YrZ-?$`ejS&2lVj6}#PDw~f= zR#sNF?vj;F_DYf{GK)eXdy`F4SsB^mgJkbg_WE7#PxmeN_uNO$@0@?m!|6C5pZDv1 zy{_wdJ+J3=UCm78)lUY{F6PP7+#uI(WHJelXAsW2-u&IO!I1f32Q=t5;71rolo}Nu zeRr#;Sy*(OCPtsi`LvCE@i}5taXfFMAGSR+fKRlP_oTs%O>EXjM?DYxf z%1k;Y!h=h@HBLIz>%NMW$CroUS+RB#Mip`e77p51Kv4TX{yLfsFx_MkM^Jy;oBL$Lv>wa8@t_xv} zC1sXl*Dgzov5t$MC)FvUUg6%~zURtv8p9!ybb9UFXXd%XeEwr~0pL%|Cd@8jOF0E5 zI`PWF0>?&+{7Ry@Pdya1(qh#UvXSl#P2pq`t&?>bVM^RWPFH(ieY$dnu%-{4%=HdG zHhqZ$pC?MC~9$qnayqm+{p^szs)a6=XeC zCkX5MLJS<+1LU0ETnV@sp+KtX^fi}{vCHL<$IzbJKN!;ai;idtARYc@+iGW&W^41J~>}^r`1cDiv4Hqq30k7xH?xKVIR9tZ4+Op9>I8 zOJFY-b8~9TBn4-gD0AQHU;QMeOpJ0T=FrXNn0`}3JVNf#+V2yDMk-E`awrm2Rql+q zOK((3_V8)l>})#35_5ZxNlMJ6ViN}Qhp7Ale|i0TwvQ5NA2b9c$HWq%&!k-X%tobX z`79mVq@|Uu=>tznICl!k!v-p6rChlla#8pB6utOxiPdnj(IHvvXDbP)yU7dY0+XFb zzu%gfd@bDO=iePR&fGP8TQBl@^s2!TqPfSR4Sv?BI)_;=pfbW=oiisIX%e`_T{e@; z`Fv3@UGsx3d7m-0oO)LdN@P0P{g{2joWi^?k%!vGymqQxqoW1YTTfi=ke!d|ur=4j3cAy2E1$HU zu#xo8s$uaQ9%HRq#VxrWYIYvc>*o?Cmxi9?AtGn3aE##%!XUWEdF8X&t|R{St8e0F zf+_8E+a$9450Gg6$Yk_$?dU$_p|YQ=xiY42ERGL*3dR;C)m2)Dq|s&1AM%5aq|mp`Ri(50i)ZO7liV zW*rr1G7@j%y%?L`PxL^^BghHw3RV~$1BFPst}Vx5Hcpilg%4to>0Wvm`n>NX(?ODy zVr_wmfuss&G6VBV*CXR<0yoO29_0Bd)f>2m=d- z>-uQ)sVAWEg)w`2TH5JNTUJx}nc`+jRcRy7{md5X+p| zz01f};;^_yIwu|2pU4hhuyDT;6Un?T_3}+hkxQ4$&zt*yG~+*oH+0upw{a+!&mUNpAUgVu%818iS!zJEZ;c3;Xvak(0uAJqpYGvEpoU< zwf9(Z5F0ZhKK*TM5WKezX?ks3Ne| z^Z+89TP+H4DJJ;Mgh2-hpA{3MbWm{Z#hb_0 zFkE+d5B(CV(=?;>j+5<`{Ne6K3)e|43H^s^DSbg_bR1v92x4^w>4^#{k%?z8KQgI` zF;ZQGC`tVY-nF*)BCNQ%HS6$2Qn#;OA?kQcY@dx^?gvkw^^O%r$qV2LY^#dF#Q> zmlCi}Xin;9xqsVH|E2eKWemiOpN>9yIoo%;_5bPDn>1lEuBP)?mlg6#v~jH=)3~<+ zLzZENnS8}*QGf@d9((pnl};mcn|NtC>(ZB={*BuXRYH9SC^Elwca*&bLNR;Ac?Mm` zcIr|E|3v60Ox?QdDRU?=?hV<)&2ItjM=3rIjT%p2*W3whtqZzi7Q#2bH*T7BX%MzE zE_BWEYr}*O?{w%!{QA(s<@o$a-1ODYb$*~>&(*>2T}RpSvVGBKYTuMv1ZkpY-cMOZwQEgPX) zT7ia)F@QHWWFa>#V(f4y2j!}wzhmiD3eyNK&L&;BpM+^b>c3G}n$Zk*L z(spNs)1OF;oF~MSdgAnt;-w(WZ!edi$p*LEH@|^}9t(x2iL4~9UI=vKS2KXQt$#@u z`v`{0oq~bJe;lBd6}h!c_wvj)7*t3?gkDCfi9fXCVYPR1>3o_6t=&=8SGL-m1Y=N_ zBto<`Sr3t5c@4~He_c2?DJVXCVI-i`@C6YiWat_jtNdV_P!NvykE9Zlb(x78sj92M z8*a$nnENV6Y2GX*-%S`X}9|Lk-2iDStb4Qm88A4-cKlf&jf*0@c)colB+8Pt3Dstp=VL5zMr zK0YkyiOr4K%{w^$6i-@nEe=LK<}}(vM5K&29>S)4PAeUmA|Epsi$#k^)W$q4>nS$D zDTA#knx<2H4(|}MqR!1$aaOtEGsZocUTU|e z^k{9ImpE$n?@kDFYMxohumZQ4cG$84>m=MZsdt>KtI6J^@`6}8t2I={(t`s z2yVq=J~EE@AO3wS?LLgNyzcT2&LOGHC#JAvm(;5J498#9~E)VE=cduwH>|-To+Nw>Lf+T zonghJ0x5sjj#eOpBLFsY04K0y?~Y#>MT`sBh5%(EF0N1Y*Fvy=xU4aG$OqE-U@>J> z?ED^ae#-YX70Eg!c6c76G~{fn;B1SoFF(jduQ}SR&F%c|2!1?$GtbAZARubpF!gsE zQAKvL&3Ad8DBi(LJWvmjzo~ad2x~k!KL6G5Ax_~w?w!rj0~Jk_O0ChaiiNyTr zU!2u~G}aYjBAnv;J3L_;*edrNOeA(BxwnH^VR;@Rz@*y4KU3{HgY{fHx_kpn9&;I% zT32`585cg~eYHBgvp*yo;{}V1Po{%~uoF3Zl~N!^8jJ41S$oOe1c3xuaw4x5qX&eFg?zoZ{y{ycNU2Pc`m8)3rmq zz{WMf;JKHOm#TA?p5;VJ<8F>SS`73{W9p$G5`-7pvPbUqZ(b!uJrF6Y^bgwZI zI51rV`m*7mUcRkJ-@yt|>`2W*81_%@>N6pJB{F2DZ1)pee&8plY0^Xl0|Do;f;#kf zJZ~etW?++Fx4l>WCM17mIl-BaP6c|IRV(7!uR4clnvS2C@{p z!B1*wZXDCYt!%-SU%x6M@)ppD7(a6b;&^uscmMDG2p*=P-PsWu+QFNAcF6JD!JBxX zG>{&9?qJxinSEPF(|p8#{P#ZfGFT)6NFeQ+LIrQ_<=wjG+oDwrriY(90zThtf~oxI zjsO!7@ks;`WA=7N(^>9p8zGo*z_=UO@SnuAT^%v7t8ln644FF}F1Tt)H3HylZL8)e zjSH8*k1Xv1fJ|EGMp?TIJ?r}WJc1NV4Eqm2iK?uHTpg#TLy2D0j?oNB7OwJUmtp4W zuKYj+@0eo7T#88ogV{y=d5ls9yhAF5#5BvDV;T_>(@0Ujk7>wfLbA$vl3?oO4%t$! z8uBG$cY~jx(tX{SJ3;>GQD7C`e*Ua~`0!z=!KvU~JKSCP5i%r??5+!@`pArxgjW@* zgBcaG?UwxQ=G0=+v8R}V$YirMui@q2`&7fNK{2g{_z_b(01_;mvzX8S1fOrL%(6VZ zGr%MpQ^p`-Waje950Bs21`{Sn{h!CQ-5fEbyWpzvfOFX4aDj6GfZ+HHo?R#`L#nPm zny+dX07TpU`&`K2@zIZePi-`Q`l;Q65=7CdY5wW$;QDW~*Q7TQkLPueO?0gZ_z|~$ zZHfH{YU?b9nb}4D?uY3PaY7+6&D(27az+gaypCAEk7=0C1WrInTwi?$a1ERQ5L0yC zyTMNgx8p4EPu$M#9PWkR`w`DKUzqEfb)!o3xxkz7_f0YG;7u454~FJI1-y3u)Y+3*$O{!|!su!Lod+jN zJYbZ(yZoJLi-6@kd35KPb{>godv+1ikk5p@kA6VA{JY6wh!;ttM7|`foBBQNlB&6W zwYx4!`NZGzcBb7r+@rtuBgD9exHZBS=7#WW2vH^#-)`>2Fk*RTW74q`ux#qabWtw) zBX!H~ed<#T0Ymzqv46(hti;^X?dpjC6Z)0~n9oPU z?9JBSN9(`+HmNhj>F6&J9$u;z$oYF}qlWQQ{{blZRh{{5_Ifh&<_%YM44pgfc>>l! z{2#7l+kXW*7no7KUF7eKp06+rAQICCc8+P3n3(4A`PmSH%&|1D#O7U;08-epqxqN#SAFU?r)TaLH=# z?EXfF54;~PU&s9$K5M#(B#g7Wcw_%Q355bt#97m~py61s1hvfBku_KvOafcxt_})c z{(BD54G~puh;|n)`=3gmMPye?o$MT@vZ~$=28hwox&HX{Ljh)VRbC6%xh=hkZ0Y@B zfmA*foV#0!uCBgoC~{k0`C5HEAg;ueK4cSSfsKj}+IJf#gcweH&6Ry`5K4%$zIX55 ziF3-Su4r8787{FLe8_iOyML%Axbkd=c5tmp)zhaiEp%H+$H)`$E&Z;$iNsqh)%6RX zw$b$eH{A2!A>-#PVNR@fhU>KH07xWiwI>#HXyIQ6K=VTkOL}iSIcKJ+UiYZ#V>t}# zd&>v^X<5gae>Vg6KIx=g@jS`$%<}vbA$#*DXHC_V_!Qg zL!*Z#w?%`-M*qJ#_&4pWNVd5MQlQ_L8Q;r>#g__W3b~q=C0$#^#uzG3nES`bp;L55 z+j%-~0M=N{8c<#ja~zk|qmdUJk3-ZFr&~TazpD*puSCXDQJgtTH`xb!k93NTFYB>yI7ZPN^B%j~uSzO{o zzF2eTg61{lSC^lDewO95-C$r638pSr*oc&zL;36-_;*A>o^HQN&Uyj-%UdPqIouP1 z4ppOn1c)pUfP6$3-gFp!sdOc&@K@AQPx*QeA@Q@hr&=&d>}sx&64GI}Zgel25gYGg zuVp2Pj@ddaStNm(YttswH~WNfjvqf>Q5HOMOR35V${B`gBbbF!e?f5;#3pW%?grFC z5~XpS+f@{CdzJTCaFEb>bSqcMRYO%s&brPzS3bAzE7Tz2f-X4ARwYTZxpTA77HJ8K zv@PbGiZm*)@sE;mm9Nbaj@Kkbx}35gfF0v@$f(O4HVQ2J`m-H3z;YwiKg(G-DHp)d z>l{8On7`;F9qdrybnftW^Z1I7;R_{pk-q*z9Quq4gA)V1x#4x2e;hf2jI^(Wp1zLn zdy(~6F?7D|X<8lM1)X%hA}x_30-si8GVToKpkX>PmAt@k$W&RtW!sE_Nd{9 zdUh06^T_;7(_fcv8ezgJ@g!?&+UmeU7Y;TE0nUg)QjdT)&Wu%$`T7P8u9%8^U ze(9|twk>RwW9Ad8{ZGn=o_jqJ+qm}Wr38u1tte?2ZApX-C{?y};nRZ2l)ROo1M974 zJjgREDLVJq5~ge_R2OL&N4=SKTP(J05E#7+UOVSDHXc2qJ-P;)pE92N5Gs^Hp-^G{ zGz0#&Q-_$sJx9I^izYmyiYb&KsUQAU>X&w)^9qgwZl4)hBP=IeZ(aQqW|;~4uyV`c zP<3-c4P#e2^TOdUTaFo!RKGp%DQPp>Kr)f`AS!?;jPte!RvhO-Q{d?>&)}J+g5;sI zJio6*V5+1D`}?b+36wZKz00YR8M};0<4sbLA5Agth_Jj8Hmg-yz&6jXu%Of%nczdH zx6&N`7WNGm>CO`CExol|9u7C;hKU)Y-pG`7XSYZz7%)2keJpaF5G^oR<(2$%8amjW z9vRw~a#N|yGeahBcasrOmbzdpi+CDh`Mw3^M=+f+TZR*b=aFbf(*kFeH=At{P;d48+56{Y@he6-G zA8EKCs%q>9+92htA39Fbxe2?`E)qD0SKTw1p1<2ZlA+>qfG6@(Ii?TXZI##}~aX`6WU??zivCr8D26xxa4?S7~yhw#;lt&w)UKiJ& z>$%Zr!JABVmbM3N``Hu!o-r&6j?gif2CzqeR^HuZsgk}ywEXO*kLZsVneZUSmY0LF zaE??RXJfS*t_>YOs?vh}JgEVm`DUK~LFT`-B=@_rI z=|-G86WKW@R$j>~VBh!D*>I+K$hCKN*+rMvX5qVtVZ-H*--{csd8f$mu7e3;U`UCa zG=&Pg)H_&4>|97|kItGvC(^BJou_*Z;{pbe#7R??Wqc3*{(W=_69*oI4rkSI6&D~j zE8R05{FK+Qh=dP)iuSp)>wq^^5$wgzVAOdT0!x10kM}(lb#;=^?DKxd$vW}W*8>Ze0Skl(SU6;3UvVF}a6iEJ#bSF^A+Yt&+kRu) zk49KH5~8ffP$nMUZ^(}Q`3XiwICF=2%+UpJ_YDyy!ooQ3?^V`t5NUN4*_qk5Q5 z!AkYzWCPC76IstLnuqH;87Emw@X&*h*&Gswbgg~raU^rdY5jQ?A2o0!%BbFpaB!fU zhJ4Gtt$Th<9t2FqB^2k=eh+~Z@M{vv2UGX;z7DZWfSVMcv% zR>F@oDkA>*V&G3Dlkxv(y3h-)={n3+Q*py#S`9kx>+?CsWui(Kx=qa?v0>Go2$JQp zLN30|cQF`~I|IEU)p80f)vLZGj;%+Kg~)HCT+|>num>R1(W5e8ZGgvj0_6l_o}S}s zNQlf0*|F9QHoo&c=%xM&rfZB+vL6*QYKr+RUAy6WB}HF@E{z$r0y`big`-hgGH7+P zTl4p`$QV?~)2j9amE3{rVkK`{6z}!UfZSsN7UOlP*0nsjtB+Vf&SY&$jA3Kci*ncq z`-kqKFMrt#Je=SuPsV<~F9Vc^7#>ouqFDJH7R?6do?ZBL%G*!w*T32-;wZmrVEuVq z&y9*mwvLO3pql*?vRm?T^BI$@_lImC#GAL=y>l8i7RL!elLqm~ZLT_H8SN##&6V)g zmgo%%NmY@4$n|>f5OZBUtB`lmQ6b1OLCUC+E^tU-;>{k?Td$X@`S;O_qSNx)H3#OF zN25t~LnGL4Wf$2A!z^nwva*T)KQnCK9NlXea6^$!j(vqWIU9#5 zjoCLq)0$I#VJsyj_L1O82da}Nvt>J8h$zxM=w_^TZh_r#is6#!ugB=kwmtNjXjI;; zgw-@b;2$)A7U}ornwxHVip^{R6+_I`t`i zkKm3cVf!JPKh?Va@T`fN7Ti1s)C%+vJu5NGyHqd|VM^ruQQSjCV2=T=l)++hZCI@y z(t}}M9e6CB7;#79U)78Bd5N{{+EmR$Rn?4da#HyGaz;i0xXG^E4_5tl<%}3`+Az*2 z#`}%pmSLgT4+egf&<%WW5878gLKdtok&|yy26wt<8d{UQdkzabSSGD`v&$QBuopo3 zsf>n2=TXV=%i&bI4le-FFFt#ecED+VVwkBciL!Ri$QV0lsrJHUQ^$G@lce}Nohj9> zo>)oNc@&fk50CIQJa=8_3ia;!Jn`pFmaWe*4LJ%X)!(CzVtn7iaNQ!N{f8Z^)>0<0=CT2O1Whh(r=3^0v%kHF^I z_g(}>yj`BGzp7@L({!G=5H5d5kG8o$eK@XE8gq$KWu*_Py=hvWnmK)lVwj{XaUj#j zB|uXt3t5G}|K%Ax1*AX2jkRqQUA;BHl^crxf|1q`9h ztscWXZqHksxTKa>KGw2a8`A~CzkB^yIJEw#$D}eEbb(8{traICX0|=|W&NqntQjEK zINSVEGRnGvALwUSeRY;c;VI91#OPx1;0mazWS z@`d1+%g9_Exr)K+$H#kB)paPTQXJFW_8;YMG6RP#zZm2VuaCpQ9+I3oG=wD1q9&!c z%@FKT6m@yT|9aKf1i2QN0DPR412yrfbl&~x@tMQFKf|;OG1d6-9N6Ujewv1&iIiJ+ z(d8gv>!66#y*0ppX(_`4@p+Cl$7^9L{V>xb)`I{{j^=;5bR?ARihW=9ok-gYD%t1AOj{&Upt0+U~IX6%gOwOAGcpmEL<87#7YSQY4nesx`@G-$p79XgA4Qt zZ9aJ9g7KDwaFYSpZesV9^-8iL`;Coy3%5al*~-Z`9rYg@2ASwO$*5jEZUZn-`}y4i zbN7NMXG*@y+e7YogPHO{@YqcVCX`WXsh1U|XqHX&PqmIO z3=PjwRnv%|5<^@E67LVVbqcjUqC4ZRcuO z!Zm{dhCPWiO)s>bWWwGuDOAjLGS<0LRyx96x_64@n7iQ84&hw5yXE}SP!L;1Es?|l zfm2D{?muGb3uU=Wb5)+USGxd&D~2duV%zptOqK~x$wz5aJj^@(;SU|o5K4oqI&-gi zOj;8o=u#iSX0SzY-&$GcC4FC>>$wG^iwzue!?2P7p^4vUiv_vCT_Mi{~=|4Wcj0zljI+dE!P&?fqIGGw885XMe z!7s8TW*R(zM%x+RV6w@3N6ZPLN+X!av40s((+dKMWnBu=#7wO5$1EF%YRy_Q6ttsk zw#?82fA6{se+q~1pwI80?!cA37finn5D%tOM< z5oc;>E#F{c?p^O3WOkEkx{kxm!^gKt?~&5$7S(FL^lYX)#Hy%f8GCYgUaBv^ z#2dCky_J4)+Um-x}|Q;h!Z=g zy;0LNEwrbRU!3mk%Hr(o35BSmk{!Ys%qQXO4qmHPykr@Rqv@{cV^9e%Z)gF0!Q1yh zd%A@)>$jADf*M@!+j-W(&aCUbfaWy{{Dn`{KND!No9z=>OQP>BvLhY^!;5a|2Zp!h zW>g=M{WJfqhsDCNJBV0XdPydh@yAa5^Mw_~7DslKjgUX#vAe{E_(Q?5i!EkbZ=h)} zE-((81;AcbL)xenuO$Sn@V!v*(=O7MJru}C>d41-Wa#mwxA7bms4gFa(3rnw0Tk5^ zakCdF_2&0ErD*-(%S?2Z7m$yA4Rbg}ZOY}8wAT?wPXBRnU=2!ian5jmh)2b~+&_+f zpLS`1?yWc(d&w=2b7Dumx#%{ksZmYVwclI~@sjQO_I88}y2M`yN4+Dj$xOO3_| zaF_@?Yn>7wKe_lah-U!qUD8QbFeLwx7;!Hm=jD^^nX-$YYuPhwSJ=siB+LP_Hhk1n zD@c&BolPlwc&@veGv_1E(|K~jUzZNc)1=?;55e815}1c1*!GZTyxu^>r+p`hc%pI5 zFijISdvHMcg^LW6i7-z(Pm=Ma(^~*|lT0N~557pnG6wK%3&6>0AiZp3WpZXzY}0XI zEf4qn_=69RXeS#)7SXo0Gj?e!aEC}prTBVngSDK-<87(}L%%{KES~Ss6JuxNn}LY} zw~0A(70m^4;RxE0_nxS! zjT2b}MS(A}w`LUXzCk|Px~>qCSRr*K$yY$ol0>cHC-!IEQ7xX>@ znO7#+Vdx9^ix@fK33#F&8T#q{aA|OaDJD>ojQU-p@7LjQy&__+f;YXukJ+6qN8%!~ zj4C~wQz;RESw!No6fyEJXTByx}@_QvPdwQSzs?QyZ2?-Cx=4(HM# z3aH_!-4i5yjFN;PFd_&>uKJ)$zBlxoImU7mf~tI9NB8wW203SCH3vxldtsGRaHxvC zHUb1rrlgV!7uH0=%rkEK4SMlj$}42s!qgs%W*n^f&!lM=Id;JzW zc{4gAQ(MNZ%h52(wRLd0O4B^tgrzoYj&P^*lJL%dC10{UIw`{(o6NHl)lagLoIvxPBs|b#>Hth(Y5te=!rtJ;*TDJ< z@Rgn=XA%rOY%K4`t#$oY>n~46^Az=XR^l}M?mRX?Fmb~Fn;*-N7mUA(L?fh2cI(ts zxSm^~mg{_*p=9nrSDbV(8ccAc4}3_GX6R@vAnH7w`vGULaABEIXS48E50x6e$>ih2 zfyg{~h7%uY)Sd6MfB7_y%&X|@?9MLlE(eK;Ua{loaMe^#kdWC{+Tz*HgvtFxcX_4$ z2@x_AV5k$gLCi8A8@eIswEy;=su+S?Nc6LA^j*5}(V`NYBYx zAZ=5zhnz03*_6?>_c5N-U{!!UFr?C?Nxj-s2N;ra4zkGGmP4tf7b#1fn_LAzH`pMy zxpw>bhg&(GEo57Uuyl_c;}@LZ${bf%;|%F}r5C-s1ojQ>qR0WKl55dtwL8*vv_~7B z>m9L2;r9KAJ!p*DRU_X?9>3&oi4ci8!;xB2 zdspUM&N$8u6(vvfmzN8{je9F(qeGc{YqP!)wX4FU;juWv`w`2|Hej!?5SD$P4dPxKb&LxJ3_ zW2Wjd{x&mz0KgXV2W;#sm%V8K%##TGl$bFgo zb|ZEpx!>Tt^FfAbSVoIsz|Pzq`DpQC?}*|n?(#Jrhr(j`4#YW`>9;4_>qVA6d)=;gT`N~gLX>)3)+M)^(NE=Fe%t#tb-igs z$5j-WGHj4A^FZqb13-dAF#Y4sC>ov{_m7CVxiH6^R3{Je2fi7S!cv*^E@?fNZ{9)x z0nmQjW&A?fZ#19?#&q`+f9+k^m0gY0iM;))djd)}Tn<+HQ}aH17Yk6wOlA)g*LdfkN??6gUxp#BzB z43)2DWzBg_-Et-r8~LRGI@+0eM#n+nG&WSx@<`ihBF~m}skeNOSh2 z0~we0*rfmU5B^pVHwdCq4qes9<^$eah?aS!x$vU!LOvvBMF`>Z(pN!jy|w0h+mG>< z%Kp|QW%ftNg@%0xHn65isk2gD%Pg-+SAzL07f=Y4`A|#js8)UI0*Ti>E0qt{c)#+j zrpFj^BOoCYD@k(EanSmAg&S-FC}=@Z)qoITcEwqqnQv9VJZW%m+~;nTmk_l?^4WeSxy_MYm|!jI=puv^SwX1PAD3=& zfE*8otI2yWc0jn~ol3BJZqN~1E5rJ_S%&?6n~I1#oWXgql$#I8hpl9y5L4_-~hw>GyK0p)Fdb{Bj*2`L4C!oCE{yta$203zOlwVOKV1ZBSg%0Oc9~6I(mPw zB|Q5AoMlQ;U1QQ6gHbbJ!K{!OSH$*Iq*AmUdypgv4J@vzL;9dUu(X9jNX?GXk0a=! ztiun4FNIj!R0?iD+NCR)2PY23(e;afiFijgiJq|@lIn<;4S#D8qD1#F9nSxXLGI`+ zP^@{^xzYhA0FgBq*P2;1ZBxW$N?M))iVN|$5G8?Dr#2~1r9?kPz&UP zy$R876MasToP5Bq-hAMgYGdGiTg@E!WKw5Cj@Ilmw9MU@8VoEMSFWuLDj}+gj9huX zzgrnmjM&*t2KVoSUC`@A90|_fqp>qI&jwFox>-uB?ufU936?YFu%>s92caYqKOEr&w__-x9IoDs{qe|DitTSrL0!4;w;Gr?CfN`CIhVp72|}JaWcJQSC}S zf3J}1>VlmtN7lu$Q2>5lpb|wPtSQaULaJ_138~Fzrgx0n3W&D1eilqXu|UJS;HhZ- zb*AUTZW7%X+*g;ME6HFIUBOSbN47%74YIK@941E`V>9jx)SW~U$56=+39*}RUE-X^ zmOd+MYXb$pdh2jj(4)fbT{% zSw8g5P^Ra>mkv$d0B)2jU5q;xR|x;8B}&(t+`ZSXqi~?oho!^JF&hd+#R&35s^n)Q zX?bt@uR<|KnOD!$pwnqGtryq|v}T(!_g3-;)mo4lK(!V;^{%S54x3(^ca?5OXGBhR z=lM;d3v(tRyxz|_4ixHDf_;DCEzf%=pwc@3iXQul*=vHpo4h7Ks%s(xLD5iG7AVd- zBp9ri;Ji2!U-B)4lA#o+uyps$jry5y$jw29|3=IkDI68BjyrPJM5Vrj^XUtVei${~ zBL98!+^lAz=DOB8>@v6&>X_Ds?bs#=z8fLWObnQ5x9k}emtDJ8F(@PU` z2<9wrNi8UnMnU^&pYY830YY{@o~p0Sd4EU?*W$bZo=A6jM!^>%MB{%ZWu3?@S~^_S0ks2l;D3YMts5vPXqGBA9h7IRyhx-=V2&EV$g|57Su#kRk1n!*XLFZnTF9s2ONz zEUG)F$G`c9ALpUFl96VwH3oQY{3?)QZ&tQEV(_2<(FTIXudWyF6X(f`6FvDELXc|oLLQ`=Eavz$ z0diP3*kn`;#erdiB=$0dAN~5d0x|Cyt^O4t5ETiw+2}fku%z29S^cjRQp^j&F;@$y z!zWy2nzHVy#n;@N;S(%?y=XVEnh-O3;qLUct=xdIl-iGN57N za@imthj@lKDCy&ArIJdVT!GBsyx7@t$i6O(MZYtg3(Nh;Q^!xZ@BN33L%I$FO$zh* z0D&YT7@%9}uUhLHzPp&mRU{@3q;vdY@dABredXP50D?a5Ou?*g(;&%e>HzQoPG6@d7~VTuX11%mQ%1kGl{)^u!T3+kP~-dH+0h~+oe-I1)_Vu?O3iSYEtOs_9 ze*UTWu=QEn{sO8J!!_OW+Li3_pETIpUgfqQ|9Y!HU;kHkdK<_0Pcr50kJJk0#$& zJ!BrJ$^!)x$th@rCx?>Y1tdz0JlceP!al{YzyNJuzN)hbgT5JS42OdW+!;M5UixuO zAoc3}niG))24NZ}J$xn2a_|c?i*Kzz!Ge z#qjdA_v=u@wt^z#E2R2`1_{l^+Ny5P#KJLkN3Mf`Et4+Myt;tntiQXSrSWr?5n_U^ukif z8HBrCgzmZCbx`2hnx-j}sX^N2r3ZRf`NU2_gguVb_|6Esl z`fnrpcnM9HZ-C+pknk&g-v#Qh_XKi&z!$6$*;pF9-8IyiqRwsKB#zJg4MvYAB19V+ zDgEr-cR27}6-&hRZ@O0RDSJUWNyBnhz#Z7_UWBfML{`)u1kc_-G^fN?#xUA_{)e)r zi%+gUA{>4sIFWd&A0a{@pX!as4SnPQgzX;E_oke;KzlXLF|dLV@`ysDxdBKCli=cVy^w9&a}IGMViX;tmQoE6T#r z*Zrl?sX7BqEY(YrdDi2V_@m6R6Oz*a)7+do``zG6`4r8KTwMK_oRUs6qPM6l*qXD5u*wMkJq{}q7eShI zD#PmKOfk})E=)BFJtbdDdY~Fw$^XU0pyv}!hN0Xu+h*yRq=YD<#RGaCi-9nUe zPq=|TGKXTMJt&{k58A9=^G{vLb(?p4v8ppG1Z`mIPq=%DK|6I zm6Mp1&&W*HxcxB^svrIxE6uAOeGk9rH%{`)kA912ElWSmKIZ5OTVq@8EV`X9Bqn}v z|AAJe|Dt$Xp<_d7nwBYD$TXmxF41rbIkrr(@pY-$dq}lEcok*Wm9yc`+hF;vSfy+6 zX@TDOGRK^`sj2SlF=T(@On3WINP5g7e`zDs-VA2Ivg=*!{a52{j&uMyI0G#f8MfAb zdXvvpXY-saJ~@~51?NSNi8c#eJHEHrJ@R{5ZxFiAby26I+C-=|H|4#59?)?{Zs4 z2}4$>L$$*?w2CBFpSZ9HUW@B+mO9f#Dx}4!WJuuDeu-eF5ygve9e=NfFYXd&Nlh&c2G}FY zU)@joXErAFHU*`rOizb@a?~8V_LS*P50ttphr#U*f*@5~*2G#ExaK?jOz9aks~{f6 zO{Xbt?@3gOMU%^N9GD0_bzVFbadZ!??%i#5w{>5GG?F-rXMb4W@%=oC9Zv0QBY3`J zh!E%+u9+jV;KA6`voWGFagUij*t5+IJl1of*FQ!iJGB;th!>71F?#SzaWGo>Ts*2F zz8-SA829wJA~$^+Us^GvIL<}iPNt?$rP}OceJh~oj=m9GAb)9%T*Ck_t@wC=Fwf}~ zbvi9cjb%>x^Fb9}_&&15EF7GZ1<(VhMzGA$2r93B{U_S~ue%q?$C2(QbEGNpJA+l&%mr_xBb7j=WjIyjy)3K#qPAdk`uwwI5st?R zy?S95&2iEL8=HwJPQEgQDM#AH z?fxMDFU`@H`Eln zU-zhOWR}$zUVK8Hufe)1dVScW-mtIOtYoBRF{Ldn_FXf%GTYd4!g8K7Z~gHb4>pdI z@;ON!N`TyvSNSrPfkk^#ce79%Xvu9RKM9S4a}AH&kdwb*>rMV|ql7O0XQoXh1MHrU! zhk}~~0??N6+3JEW>rmSz@ehIOpgj8n%XGdj<)QF#)@rh=QA%!WgY-ge-vCSqI1HY8 z;XToufz}G_I80s3p6E&_aw9NFFQ6miO|XgG4;->#*R3x?x&OqNnj7Lk&tUgOKlki2zdmrG$UptP7ULem?x8|PcB#uu3iL!g z4x!=1-oguWj10&19COJ@scVt;;}`xL*Duuwc7Qy_uOwzZ3ldb8w;>$ZK~FkeUzG5C z4WYtvO#0+{^DPr~&BLp0NnYk?$}_EZ)CsHRogrbqpV8i8cd5)WmSCV>o_p2?MrY z?~%EXSb=oaORM*1MnPD0A}aUGH)9f${$L;S_of?6T*~~g;DcTGW|v?PKa=jNmHT@s zQ^krI!nENF`vsWZjX&4=bhs%j#M_;t+F?-91Hq&9`{r_CujVH$JT9w_BAc_%y_C z1hb&X5Bj?0_8UF#5;=BhPB_k0V>M@n-L(JiDV~)uh7;=_gVjZRD=2dJUS>6P`68ec z1zH7n@i9vXqLVxX!q=~_I4#gQ3bfdq;x@7fej|Qex%?w<12Q+`omB*}$mp5HKho?{ z1r(b^j2PcLbtl=&shG;z$qc2AM&gDo+-m%TtI}~=YfhBa>d9RXnv4;x+0%z|&)Ehf z%lld~@qeOGa&vtD*oU;2rQ6HkmWBBDB>Mw+go4?3+8w5t6AGPgwHF7jq@I?NO3aHN zef@#$TEz6R6Z%bM^u)qU_kxVn>H1XU8;K9DCpS3F$W7Bb>E6VvkM6S{5@#+|Xe~}i zk$0r{NDQqHqYu+o0DFOZY9=hj;7(!j6m0UHx zYy9YKZ!ejj3~*n&{;GgW)`Pd0qz-c2tE zHy5=B5OfL!+C%;Vpzt-M79O~}>ACFRrN`xd^3E4)rkqlC@M6&NgWZ#nASVLvY7P4oF z?CT(AlI;7wG%~VpFzfmusAPz0P@_=XoxV$K!mV|J8{B z6;3H_NKWzG)Ajqsr6?8`*|n3KrQ&<*eL;@;u6{iksMUJH^-AYW(6gZ;qKUfR=sOP5 zI{EuLrglH*7dB6h&``g|&Pmh<$3b5e%9fJhTG(6CSDI4Icd(B{`p3`aL``5HiDqm5 znD~A+GfL1dk%3)35rHFRNrApPFSDZb67b(xGTe^;bW~|@`j!cOk|$d#G)=-nz2ZiT zr4TF2-d87sb5pFk6{>ywiW;};^@a?~t(p|$Pj;4~9$PmTitiYBE3J+MhDysoeiY5M zrz34lP~%Uf#qEaU%BEr0)ib^Z;0vOrR*X1;&&fde$tI=X^rdUN`vxr z?cOH68TvMO29Ba!C4?>1+CtFFHQRG%2f2D3$Iot%dckU*;-A^X=j#VT7j6~={q3oJbKzJsimHxJ7 zhKW8wtBj>)Q2z?5n-OijazAL6R4)tqi-Z*?kx z9pcep-HLTV^9c%!UhTt)(WJPj?Q`3@{jzF^wW+~WS0dFH_mLh0*b1I7hT!$S{iW%E zAdS5KVjcQ{-jd5V5+riZO&o5kcT1#z3-V+v)bXBA|E9w|aP!Fj*;@a-_Y7ZC7BMB? z^%0cG@@*s(?#nI{34|~TTWc8=-SAs>q`P%m{d=O z$wy_L0?i>Lvi#kHu50&1P1WcHf=0YR8ZDI~cv7I}$@fRd7IV996c_W8}ZCujf!JWLzK%N5v*~f7*Vx zhWZXmW&LH;qv`N#3TgJ7Jrpt%7i+LWsbG1<;${m$y=5KP$YSnCr8Fu&zPK`t7u0A*dL=Nfj4x}`Nmh@DdY27GS=dylhK zZ8AONa&T*=^kahchkARmq&tr+UU!v0wRFe*;S<;?R8~~CMEW?j16;gpMgFY+ zVD#{NT&_;Lx~2!DKJE61OdtN~w@?1{I%MugS{-0!7HCgNN`bd}K1JTGP3`}KF zU)B?ev@ojHAwD@8Xi?V{J0~FQ8Ykwq+}<_nSSi(jpq!GX{NU?%*2bR1g`^u? zZz+_z4n$t%?@z$0lJRttI#%LqSR0#;;G`4!3#uq3-4wzL*2v#WMzS|83gOUA81uk% z`_KTCJsNvg`)y&KH)0MZC2_)V$8S>{y`z*M%u{eRF}PyCjFFXbph{x|b85ZwI-?F$ z`%ZgwGR>WNeR?R&m2M@U^hL2r7l$U(2*YzIR@4r`8QswC;y4 zjZ?ZL9MiXmhvr_(-d&7J)9ahAJVc%PZUWLHKCSA6Y^JrP#NGGof3d@k5pNJc(*&B! zSnxusA|0WfXrsg|91>IfHl+872%BGth@gxQYn`CL+fP7NEXuNj0uS1-aucf$6^50U zXh$bYW~i?%6|*tgB}#bOet9!|Jn|;RH8=ZgnkW4hC%uY`4SO~LC;H6KoK z^;p!o;-5c2dpKM6VQFmb` z-NE0gI6LI@!-<7vJ6gMf(xTbC`V~h#xxTTV105=7%%aO!dv8EgRhNy`ibveEtkBEE zt*&_?VK8S!iR_j&gSlNGZYj@wLL?U=Y#Y|sM>tXfeexbsAsUSHkure+TTNEQItduf z_ID%qXsRmm&+8n3$`{lg_tt73(B89=Y)5?Hzpd=Epp<+*YVd7|%8@>&?Jq z^(s3X+>KR~u$?hwV}0uNWkvK@+)trBYwLWNzJn3oB3U!ZHF4$RwiPZaen?~(PJ`>& zKy_VAQbO8z29DWG3Nhj4S7m8liV;OFvrI;9hG(ui8_ek&i0RyZJIgz&WP%BX6@A?| zbjbMBly)byw$~bl*#Nyo`V+!c4-qQrAGI>F(9O@qo@g_OURF(NYg6N1<`451#%u8A z!g39ouHp+Ts=l}nn98;j%ie8)%J#h9}h>Ci3AiZx<(wdDQ1_us`ZGIh+2kvB}1t-D!M zBU8keF#w+lylKXB+*CJ}bK80@G z+dVxZBfHIuO7K@W3pe=^x7Z7AF{vJmOasOimYT#7BK_6)dZ#(D&9^EYRJv7(1;#!1 z2N|!#-sl4%&=(Aq*+{i*)jV79!`F>MG&I)(djeq~_A!tm&(&SK8qoykF&Cm+#gVf$ zOAIUVkuT2|hun3*-OjCPu732bpwo)<($rG>LM+8KhIoXXrGfgMQM4Ctd1G?H{)63A z;l8e__2C~nQd}E~R`vB-?$Bb-zE!#`*RX#J{|%+Y~kP3oD*=SvqXRqMvxgxpWpJn}Gai`dLHuVnIMpUfna=GE|Kkj?K%E*RTrQiWiWmBnoJavWe^A6~ zv_@Dw-(b;OFN-w%jWggcllT_4&cPZ`VHW2V3eO{;Lp3D5wU}c5Mwu0iL4!K}jayLZ zEZQqR@Ifz z+Hn2f?cYBSx+G;-`JSyWrH&kT{?`A0MJE8Vlfm9}UH}Z?TX@=aQfM}mm7r5J4w@nY zcyA!|WeXI+$O7wLoOQs;@+2OBB85F1HK73t__Jr*C_Uy^<)jws5gtzuSto>c2#~7L znms!bS%n@tT>-$+8S-jy_c~=4KoW&o)bI~!YGRv*=j~DhXr382y>8vzOC;jagt8lf6`=OVoQ5Qa}oh*_|a%11y!Mor-?G&t?%(MlF8S<}ro*Om< zGAP#q>J-gvDETNsd=<1dQoeb}7k%vcxQznf)_Flvpb3;Y0sxA2$b)J73IJWdW!F9j z&9@ZxX4=jvej>Z5l6@l+{@h+$eJ%-TNJbP?xpNo#^~mwC$BZZUS;qRhMv$ z`xh57v~I7McJ< z{L82D2LEwbdC5SgW)+^G+Z_HqG-wobR)$%l@D$Ui=2o{0k0LWYFc9dNheHLBC}m%9 zHd>U$*8}Z79?ImYg@Lk^#VoxXwect#vl za-O2V^G5DS&`B=b!=s?AN=8D1pcy3bvA`*9_RaD*U_!k_JorU$nMG!EdWg791z0-3 z#(nITS*kfhka*FxLvMU>+m@(O+ED0A{sFV}pF+7o#alBrxj*QW45YfrRjA{z#v6+t zc0j4c#RYs^qp}G(M12483g!}S z7H(K~!!uxVc;(%1s}rA#;AOEo-C{OX^O@r~aMN`-3)D*qMp!VPLb;hHWdIjIJs?d;!G)osv61C~~7^A>SUr zCF6I!r68hbc5=@&boG_!afvpP9QwC1u0v=8!~MUBqxesV^=D{|58eHQV{*p{;K;R_ zc=+S*7FT24No28iCHaWQ0P6mEvAwkddtE&!f);Wb(|!46KwZdJ-o^P8bOCSS&^K6H zI7Dpp5{0mN?f`N|!+z~2q3oEeB~6e)n}>UDsI!mPfo>CHZ{A)|h&nF-9i#BX>^*^B zK+`ooQ8$`jQUir|RgS>M6SH>YlSiRt^7(87W2v8TFQU);f6550?>kvBcz{Z;x96vf zsr`8A#+E^&3uqMG6^X62!Mqa++aqO93_tx)YP{dO{gNs%D-~1AG5yABwnl=Yx8EzJ zwY*<3_U<}9ti`YVAE4bgp7B4*r?y7RnKLUZi^{5f_x>vWicR4di~Wlk-82Z9hEk7{ z)wCsnwO2l4tgMpn&W+|~BE5Xwx}C~A?xG1Z;@C04J-K^#)FO%&hV}s!y-iD1Jq)x* zy(swlDJ?%xj%qIWkw2Z}d;0w|bAK_iP*7LK{?nEik3uOz%IGrHf@|2BJBc5hug653 zzCS@Ut^7fF$aL;XMfTbjyi7PZ5N6cl+e%AK8TVAu3QZSn=?uqq5zJve0y zw^7V#KZFBcrfigRe0z>ix7Kpdd0B42*#+8%3|Kk^g$xnWMUWUyg^-|g?xvj^MYs>n zCEZKKc+&E#{ZjhslIp1LY+wbG&wD%$*lKnZuiV3wSQY?YRpA6tOw;R)ZwZ)S)=rI` zn`F7FO(lpb`*y^PoI*K}AoTy$he-D4l73#lNEsIQ`4O=oy3PhL6sVt{9Z5GPQUOiR zlC`)E+XUo{qG8rb{BUmkF*$rpy}V8nWn&(YG$V>8O%8fh7@EJF1v;Yryj-s>ukncG zHdE-EcbMnTza%QNvD;NE0qa5JS zKNt+JS&uxDg-06J^eN2Jqz^Onl1)mJ2r{T?+=0!VDuXAS6 zp+oB2tb#y5qZGT+duQTq=mXCZrr1Zx?k8mDT`mr!&jw=MN*g@^wd1u(tW7OcHRgsiDG|O!stI)DSw{+ zGQ9Qi#P>j%J;{2ZEIZ-^R<~HOBLN)zdFTX6CPo|U`ZNZ5^1)kIKa@81El)k7ZeAN} zZXJV9q$ohI*hDI^Yfp3Wdw7nYExGGv_kqSpEekU+21tpq>KRu%>AM3^Ktoqg+QVa< zfKzGly4#uUojd#^CyWmR5H&S(1emm)YK)@%rFYOPB`X?wyuAJ$^Jgz)Rs-lzTI zaIjlg@N)IC3;ZWm!jvGD#4-ki3=-lx=#ySL9&pW-q71LMtbwA>OV@+NHMzv3ErZVU z7TE72Y5ZaE`irX;=g@atOp_fm8m-rsVI8b3*dp=z+0bh(TN{D2hW@+QwjOY>k=Px( zJb^kDS?Hk77=p$~0C6(*zhr$E9;E7Gio(If@N15PQk-;*yx_-6pXVvki9R z7&3!MF*tWb*{t+=IS*_gtyRD-c32SdfD%$rEnGEUZ1B~ z?e>pQ6`q`*#oQ@CXoRB-=e;#h5L z)B_c4un5E(~)qG$8z(EXHYAaQ4-mS8nHWMt%Bg;zK8NYPC|F5eAR zG}%bxphS%ya9edXrkVwgR!cAZd|uL>IhYhcz-f@;w&10XqlEzYvHk)}Gdi^eu0Ze? zTbKm+jQ9-QdyGstA@i6mcgTfQM&vv!RjYXFR<_rhuZTS2ktlU6*#&N(Qq{!==;39X zIRP_es?LfZm@tq5XujOd_A_qneQrpl9NvyQ$ag|nNW(pKy8P^`AgMySq;7r6b{k(p5NSUcAp81dasE%-~OX{ zC?eh%vL%;%7Tabh?QA^T&`v1RYvTk=W(5{Uh3z^J#fr~r<`^C#LN;z;?ec2iCm4Fs zTkUC-FW@KM)DMWRTx$cliaGBe`=R)#yb?Fu$Tl>7o2E3l zZE?(5e#n9S+@{!|sQfAVT>E~n?8^0;12xY@nvDJ5sv2?*Smnk>WWi#Vqd%Oum`dYGv-&&O58^P2|^$vs=Cci@N=&uHz|@r$b(fW;&Ld5%pkYcHBu1ud6KGb!7Na%J zh}RvuQ3`YyD6t>l2_qrgLh0?_H8+OcAF(XjDNj0Av$J05yR@W4{H79Hc^9;BUJn}O z+XJbwQ5HMyxnf}}((r!q#Cs5#klUx|8i1+ZSem2wi+u`ydR_SI4t#QCQa$-FM zS+$Bmy6SRuP%{s>Z%%<2xW)pQR5_Hvq5bA%9ZKsls|Q3XFukaA4#a<)d@%%N&`bd- zpMKk{u-E@VDEyC-*1vxA9RyG$KS~L$q3vA@f zciZoVROyQEIN@E%oq7Fa+RW@lTjzcOl6d=4>^&AvcI7t#Vt%?0xJh zC}|!mcX4<_Q}0B&8;i1Txh)UOG?rby7`1W}j(5X`32O3h4HiK+#F8hiAOKu8{*^V}*E;K(K zbxWX7Z9vRx*i*IbH0m@Hl~@bc>i`glMpu{xCd;{f5wKzxzYMYO6nGf6HZ<~jK-pCB zLkMd1gPl?G?4IneAimfO=uwB_B6Y?uj)e=Kn#sz=jg%}XEzMIx@o=uf+5GK%2`YQg zD%rI)G?_3SWYk^PmnEjK8u35QCYdvR=lZf=(vX9l<(R+)1)kJ2Obe#3O>9l=CF(k6 z*A$)0sdPn9CcXycHpFOi<+@aJ8)7;)_V_ z4SE6cs1<|^3^&3i8H6va?3#JZY< z-QomXJkVh9?4(2gTgKtf<2oDpcNhY#*hZ9E@Fdte@1#ke(A{r3`_{eya5>L*TSmv) ze{{>d1qfjiIc5ztY2H96m(ZssC++Z2KUr>(?oD?#o~Vj^p_KeZJ}<*{j$W-N9R2Tz5d7Qla`moC0M7)_{t|$OY zJ-V^jHFIx6tICZy+`fp8ea6j@(u}S+2PJlSUJocxHm_ z8Jin+?LuKndN0MKzHTcZzW3}I{xDiG)Dy>j^S_2!TYbKH&G;hO+{7*>id*T2Z~X+Q z4_E4KqmmI)PQ%GO_uYuO1-@vc7}ehI5e^PgEXx{pCoo(iS%T6Vnot7<`OrXOV`olt zD{u4Gy3kNOaQO-g6;%1Bbh)a!)}$VghL^<*c!L%jC1@B@T7Rwj1(YL_hxXW3iiTFaj3?H)ftxoHvr*i!86GCxAQu=7*){9Iz7dZn0bht&GOI4a}Z zmC)3@emie9u6gWUX;A4qphF%o;eEHCOVVX zh4E@W$Uz1A7~KroPQ3o2WrBLhZWeS~hL34Cj%;u2y8D6FpJzYn2??F&WfwQDKy>>n z-wI7+((!Tfr98+$$a-!u)X!ufiY7^W zbi(cqoR=HkMBoxfez~dSlOfv90iT|#{p{st@I0pSVR2AsIyfP3vi!#{{mzj{c zJ01RH3#!(~xW(C2ZUI?)PJc!DTpFW0>O!eO3q_#(SF;%=Vm>C|H&&)x8hQ)#3)?cg z7SZfwT^LacE;{*yVI@3zS#B}7K13L5S!13c-N07PzCdTRlMyOF(=yDM_N(HP0l*~( znq3Lx<`&=N&ZsgX8V6F5(e2fn^i+kGg<&{@MLz~zDW43a`TeyCuJhb93tthA1{j^# zii)(_kcNSmK)bu2Tf^@5d{A%!X|wc-XYip1C7`68#g zNO`ON&SH;$Mk^JW2&<`T;x=u~H59;#wupwnu-RC5yw;*BwmQ5QDe)Dc35~ieH_n8& zViOi*e)!(#(3#gx#U#V0;>^0(Mh~RN+PAcSY>160K0>E{k6+93I=qT{50u z%`|4Ak;bgm_WpQzLNHlt%Vx6O`0@1g+2+*+^W+CS`Z81(=Wj6u=OL37Pk)#V+M};s zwZgW&m_gZr3f|-^^c9QOON_K*>(!A<3EIX`;l`fi8}m%>xuH4?w0e18|n`cHNYp5qvfUcaJd`udOvkR{9u<1YWm|i3xPzR`OM+p;$;5~SNR7u z35bFa$ij2WKpxLYzuMV8>9&h=lBm-eduPCjk%?E{K0`R0B7LB62Q0<6B>P4>Tc9+W ztFXH*Ki`^F1lTU3c8NPqL1ZiPngqe9FFo{C0qJ{Ypw#0qo9OUb7nlhT=Ph@?N3#v& zon#D=mA0c*w;&&63!I*T_DMAey{oPgMA$nKxYPEW0^pti&5V%%+OP?{ zP-qfVPoWju5;f+8trTe~CD1p){bU~j--OlPIn4vEH9ld_i|kjC^K8x9cl9&F=i7O< z1qB#iz_!kvJ(UDybOGsB&4^iwr-bZ$kv)3`ztQyMgh<(d1*C*!A61nzbLoN|t{~ZWBCFm{I)0@B8$XMZe)!_1J zje($q_moEi>pH?yHJ3K7bFc!ZPNWqLSVY<97kxR?Nx#Kz;y6JfM$p1OYrl{JeO@RV z2C*z2f;|N?GA9eLvb_Xm%(;dkpuYuRc17bbS=xzGfV&pOg|cT@gysXP?zrB;1*jeQ z!fWwu^9oQPWnU3p`EuF?q;sNn{c-h>@?j%tz3A_u;iKRTOPuNnq{ZKYl-R@XMb_hi z^o*O|`jpOE>W&GZ?#N9zsyrFZ$%7U+0r^$~j>XW0y6w_iO87N@s)tVrR0!$YRRoFC zq`~`F1PfPS4&as;QAmmWTOBO7_t+kobV zHsamj9V94?F;xP|EH1hS1cfC2HttDO#Iur9ucEfIgsf@@dkBgzpc!Bv+zG?L#-%wP zqo+*UWq+pm7d18Pn7bPcxDR}~f=iGd>BnZkTImgMFV$(^S=2>DJl|BYJ2A>i(7ByK z5tUID0wt!}4$x4dM);nocPR8A+z%9m%tzn#)a({%7(%d+4sjOlC_B8NMLoUQp1lhA z&9z$``ffb+i#qmIFUv=4Z$EgL9Oc&aH4oi{ASLU%uby_ZVeO6D?ndBdIgot?%2v{vXr6LSX-c+=svwy8h4Rzl`BHxq41!oBwW#LdOC0bQPfxp7O z#JpK@a;ZDp*R5RSM?iJg5IeAe>5RHdbYpFtEXD>IGhL|2v=NRloIno5PCVb!3Y269 z2R)EzgRU9CG`UU}HgkQiy+U}x#Uy$~iur+Ml<}_JX`v5@M-JJD?&WFFhr6A(w3Vcb zC{Dhhaeq;+OIR1`ck=8r!qrH!L*CZ=ImM5}mtZTmOK62(nuYa(8tpvxr$h!t+PWR_ zsQ3QM3zReNOb7Ey-j{pP!#!^H$h8UK*#J=u#Z+SlY(<#Zsw{pgN=Y=|3>~)c!Mm$| zuYb)B$oc2a1=DVcLOjmcV{Vu6mO;2OZnOk=w3LC8EnleH@$>;&2Ju6n}uhlAYad+Q_2k? zKW5@c7wmHpGN~GP@k!C!bEe;7UMm@x(T)8wXg>d(mhOK1&GgpnE`HvaaSu$TNWsuS zQ1x1}2q!r_n%6f5Pf0<3QAu>3wF2DSRNr8EIZbzlKq*Sy*YbJt!YhUyH;1mNB#62| zZq*M_GHX93MG4{nLn}|3GDHYxir5sFe8!~g%CWS=x-LXc$On-zWpNcjE zvUB8V{B+Zeo`G$%`MPv5@*dZU)x_>cN3T?pucNb`XK>O@$m<~i*H5^`E)Jy`S9DT= z^@D44A10zW_rS!X4Kww&NoLyQ&5}2IjHjgeD)ls~$)D|H5j9;}@Y{U6bHpoVK_<*` zOOoiGy-Q^5>i4bmUbOO`0o?KcuAE}0ei~v{A#P&?-FTL?+d>n-a!(psC(_7bJheK0 z>N_RadnX^0vr@yS-ID~8p z^d>#e+L=oo?_jq;w+Lezu)Lb_V3-CkWT!;ihcZjvuX&E83p$aXRp$EWivTQm5>H#) zpPYfu(E5=kyt+A8f)lX!E}c=GA0S{5hcGWUtc8d`?_L~p@2BnFTfWCq6dj8?xa&H2 z8wOVQKD~^gu)(GK^fnihM?oxM)5}Bp^?FQ5n?=C}s=M@>mqGEb-0PAm*WAw!RJ|G_ z=?%4#h^8<=NOEiSix+x(6S_Wf7e)>yX0;-jOvI*bW$P~<|k{Fru`=cVWh=8c zUkZIu%)KK>=SC{Oe*T*6@XDj4r-yg=7@ngFFD}}(@ zCc5InB?L4z<)OzUDdLBpwR_RVP4>cX}Cggc)B;o;PE!|r&_s@Ud{ zkY)O4uFH8aH2uX<KT9OTD z;td?!VqiZPPsT8vErS!2e!hGS?LEh!kBhX~yV4gwPztxw@Xn`eJq&lTv8=CpZ?^!> z-h7OfQQ+qs4T*u6!LoW+>6BvR0(TTPMz3u>7C%R zvx~f=6?-~0)gtk^Z=VQ(p`xWa_ssqlpRFFNt*j%;TqLit9v}SptJ7d5`8z&{GhTpX z`iB5a2twAUnsU>cR&hvSAj>M}RL!rR6Q?PdC4G(&5&!oOzQiY<5nm^fCE-4y%KAT_ za2+Q;6As_v;X4NY@FG`u6zzMFuOzY+vpC1S&ZH#89V@CoAC~Y%tzNuu858tId=KF54L55F&}i&wJBc~4^q zxB7m~!rSJ5-r!&F)x$|Nh|}v+pNK3k-euMP}+U5rybKnbE^P;gEU(RWAO;V;%FY#?w@3cV4-5rEyaE z!=k8~`an{!%u(z5ud$n3f>o~k<=9-Bc8;Ye*YObI4C3XA8&K$ot>F`$ltvy8=s5AC;FB7uThW17z3&b?y9SgesoRL@L`2q z9u5`OJ94*tK1qDbO&KFpeQX}Hp{rlh7TcNi`>*1B>b=qvb0&OB`Z&7hh2oz%lS9)V zmL!;dHHW0U&~KKBgmj%mz7Ok@aV+~?!{eNz_K4&K!md2??%0iiZnmSg$mxr$-LxDx zBstAl-g5r;j{WCzKFX6cfWJxmtH(P14PDXQ@oc7foR2X~N`ELdCudntj8l@+kmc>w z-;51RY2q)(*8Aw5o-o}&W(ExEX^rBM2E|+iCs@?Z6Ix~-ao6FE+xEL!7=whP?2lQ} z(2)3+Z*Litxh43dbNboXBR^T>dua3>ypp1#4jfBaM=v8Y-y`2dNedmKNR;_I=(nPy zt#I+gv(>b+VB!q5yGK9bBOl3!@4#aF1Q-S#x!A=7n+!_-i^XOJ`x`9w-&hbZf1}AY zeH)+(CA?JlyLaXD{g|*e`bw!QnS64Equ+@kCugA(pxp^)$=~%%Lj_|C+xnjz#ee@* zk9>E6!^+hNJ9I8o*!p)n6qr6nnn)!l_2@_EkbMU^^q|1i^PKz5F+xE&Mvnc3t0$ap zazrY3$ZFM&T5n$?lI_*Bi+}Z4lHZrn0k$y$GUr~dxL#bSI;XDgG&`Y8q(Veid+|48 z15>&v^B1oy`Mq_3ev}&m7fA;OwPSOnK^^nmIP`Mt)yFJWYU>Kd0wY5Qm*?!Jfn=95cdGN}cNkJQy&cp0+*vHx#-roS2O z!I*#crR-fr?R8d<%3?hxH}Wow{v-TTrpXOHD&Qp|?ov0reM|X@p#l72p+(r4aFw%1 zuij@#l5#5Ujei_f7Vm=Vj&y{+o;*cKi5$<@r=?foH$VK|iIJ-r-mXiy1r}fWPRSt3*GJ7NNMJaN`V4RU5#W-@ z?l|6wqd8(gX1+_lNi+BC)4=(MDu=lr|Gm$b1W~h!kJ@J`KIx;T;GLFlB8sD-1td=} z@2o{|{j&96MGy|q+3E`^$uPSA$RL_52$SJEYF>9_f^yoL`Ot3(oC(*c>+Myk{Qr=w z^8hc*KZzvHFlAgUWhO*h1;5Dy`A?Kb(l#g!>4NX>r)CzilN9A+eCcE^024^RGIJ_8Tj`(wswfMq#f9{`R3ZTdB=Fm@Djfqji zf9;w9!{_XG8ckY+fLwKH1>6pGv@200DUS#5J**1ey9Bcf@t>YKD;t)=9WW3b{c{=O zJwnaWpw!K%bVY&&)MY%~7eMp{Qp5duoN=9#9tLU1pml2S&gspTmZ(}ULy01$;qz?O zzA5L$XvJuCh!#JK7M)|Wdbd}YLbaD@&fv;h&+yNW{WwMCJG#5`WwJ@>i_(nkONi%q z^iO1=*Uc+pe9KrLH7A1{ORUeu0rsW=VU9@J7IeJ&_m4k5ep@~{=<8(2u=OiX|M=3& zz0Y2T48!NEIzD?bk7?_kPA2>3Kf>q-E10giHAOv`nV1wLlk^yLzIaqu?7qoL@H zb=p@Nwfjck&GUW0lW3ia66)R`>PqrjE;}biJMsFDY4~w!(=X7c2BL6L0_UP_du;=L-`4Z+~|9{Et)iJX^m$cY*Jltzoi;LM(9uY{2@icj$)4OJ!*J zuV=VXsq9!~-;mX@=xplF_Ehhk@|3e-Vmi_+h=?I7@7z+9qfRK^eP3oJSw=5IcKgm^jIvX8p@;?6c+#4JbfV@ zS=<&3?^j%RI@%lGrWkHOnfDQAIKQ>{&`*8U>EMh0PHVc{d`};g36_5kQ#<8&^if1H z{87?lr>As?Sx8zY3d({cktv?zV1({GUrp=q-@SFz7MC;(BmH3nf1~cx|4`zEyngkb z=Ne5$0oL5Ir>8&4M)P+|kdpIRC-RL~=!_bo+!E{cX5YegMR`|kHH~BZ=;LT!7a#s~M4h057BF z0e!lo$|LZy&&yNNx*%9lg)?zCtQ{S(fC8+x;ZA_eqSVJi#d*AUT^mo6jDmj={GrF|)A$drZ&UQ#jIN*fN2_WQenO#U79Jx< zb{EvUmj2ucM-&zT+zAWmO0!2Pa?{ZhKM>5N7$Q;7KOi>YG-UD?{E;$B(iUFX5gZzi3>*E5O7xiKRlsw1fr_W^~(o%mf>egAlDt{M9@o;eM%l$)g zNtOWmn}DalTHG7ShgHeNI?{@}(#Me@RF6^@B+n>%< zSg4d@Ma&%97tceR(?i>&7pGdzj(2a&T9r&DU5QB*-o{^vlbk`{Tb|e5Mmm+tg1AEa zhAq!a?){tG%)KS=7ta%JZ88(0f&mK8D2_&a19_(TQ)8xwH5_Jh><|RTrGq!}ckfrB zX2=IX@d1?spxG1oJZtO4mCJ&W`$Kz-V|ybBiMSuO_1bb=r{>{J0D<*bdK*N^vXa_1 z=eh{GB^@RvB~x!J1T7s8K+bJ=sm|vC{>EV+#S%bLkA4j>RS;hQV{rHjW5tQx(i(Zw zk!u!sn)k;VPPPdd=!PAEIW|(qsOoEJ@Yf!VmIFyV(GHJs>&E~A%3pFG^k`duwpR=L zScuu>&JCy;EVf{TQLZS{{->ny*!QuEJRG@toirK7QY)mPsxx4>Gc!5?#XOH>+Mr=p zjwUu`vMY#lBypShqW42FgZK%=iHYeh5}eg`91!P|Wa@&(fVF}4^Kjek)#S7MG&jtp z3;Z^Mf^Yc+!vnjExn(_4R4Ltxzvr*hsn=1&?_PKu5#2Ahyia-R^z;yXdYn7%Z)gyU zqU2D%0f6VYBs{j>dsKRTeo>PEUHGw)1F7XClV(Au8pDSs1gvzn0sqv?! zx$5gf`ya#$j=tn^ZB~Ph0?h%(ek-x7w;G&TPdz1G_X|}78R+z-3oI&AJc~{4H6pyf z*jnX`Bjh_XX4$&B1C{3eXVKz9NY65K8SciS630WOIttF<>vwrJ3@|F^o6w$5KMF?< zy*|q*Tm9f#-dO>3G1BG5CT(?!Qx~ld_!v1RUk=&og7aM{LkOt0VQt*vX=CMaYwjj0 z(X6|Big!sXweHzhrWOG&le1rVyg()l@FjvAYSE7CmVdi877nido_sbrH%G^%$k3X6 z+COScCFSwty;aZNc|UHq)xyx_cE;P9u!O}gO_~CoGgZ5ZJKyv?%o>KGK2*Hv8ain> zJ6LrUxLH)D=nxV~TW76X)BPHQgyYx`p5w@_%tseh;G>ynz^86iM@xA9qNwV(7xX&L z>7XZ!`6ec0|Lio+pD^ZhW8}TyfHnF%g8*cgm06ms%gjpq({;sIVw-2l$7?6N$kDt_ zpmHz~Xt#7xH{#Qr+0ohqHa68GZu5MiRlse-$CkFL!ErCNxE2yf3$-?=+*#j_ zu~eNXs3Ncdexb1r(DpwcUDti1T}S{#&@J#Wnp* z;Ctc2nftWka;S8_Q4fj(dHkLha7Fksi|@Ekr3_RtU%j?D)4luE7>O-n64IUJm)H3- zIZnd9j*_lHFzcam#+IHq;GvddRT<@D0z&3@ko$iuiZ;a`){`gX<_xH){}VrX)wDuk zu}HMG|8Jqyr%EaXzT)`vb|dNA{1{cgD+>RKCcHy{co#>&C8LHT0!wp7yj{qPgM{6j~*gh_?R>bqX z=<@Bid-DOD6`&8rGP3g)r0MyVbQ*1BKqJpA$IZZp!~bz}E*|8LmpFP@CGCnSTsowJ z{?HX~bb$Rtc*?#Ivi4k2u@0Grqj=m!aB>yocsaz2&uL`CiIhS?i6YbrO2oeG5n92Iy$#ACBEJ<(1gYAD_}jKz$(Tb>xT zK8=!oLSLdgwq23U5g}nxou`hQDJCEYSbeB~oMnhhf;sn_%vdMC#v(MCNpcb5_&H(_ z3s#%!k3piBrsnJXFz|ckN=hA`W3!;&vWIF{v=Xju3sKv>t&gDOB|dXI?oM$x{CE4n zn+6k3i1!3R+=)L4M+MGT%lSe2*3|%C+!Etwg0{9Rvef~-NRp>c5=XEbHj7GWXhr2( zbCh@&=@^e4dV**6$eQC@MU=2xg`l%VGGFit9kdFg7K!;pBP(AJ)A}%E?(XG-_Cv&- z-W?n@_!4`PoBMoX6@ghlB{W=JJjtlRSx~%wAr6ER5Z$oMXBKjEd*=*5)Vig9c_1up z{h;^JQt^rxtMScZc&+f^*QZ_nD*icwBI}5kzb7f&b9duO+PEQ0~+z*>r#<>eMSt?dV>_n5ZO*ktF!~Z&+`MyRqmSCubx`m)b zVfegr0bn=ZD$m^C%~U|#OScG*yq>_!7SKQvIm%CSOk=t*qJX#iX(5y*v_xRHmP}!J zyE;aB>(oz^3S20A{uHItu*uL`>Bq|R9?f5czC22LXi8-hlr>k1uBH#_n;JtO-VO+C z<<=|p@er;L@L|wm3>_MtzfjSS$d0Dni+Zct;E+CULn6Pr93^iG8d47#$~G$TS3FZ( ziX{O>69DjkZrS^ga)8fr&twkJMy9$RlR?rOKifC9GRl^$LyGFK!Kk=Y??p#7ibEGy zUNZ7BqIsi%@uz;Df@&e8PZs`7JAUZegya|?(k?DhgK#j z&Kl;S2WKYQg6G{YofRN@!3}VB%tr6!i)+yQLFSuw3we?{{EV^|5A3(EiRIP`-Jxs$ z*l3NPHBuqvT#tU3-Q#~<_{+0zuVwB2_iM?7K}29#cT(AH$CQO}h*{2vNA&VeD7i7+ ziz?JN<%C9mML9gK8Xp#_C|~$^t~VJbnJ3+kDqjitbTx?~kQ{b@tu7}b?R6gz-;Ai$ z$-IlY=c+!Y2CD-q~jD(Ua;-p`&sF;_Wtxo$mb7054O>vV~akS;U-gu@GVO&WtkA9=K zCu#82vl!XAWTW!U>f4jICnvmj>Wbnwt*K$GP;|s7U0Ws}Q2mRoSStk`Jhkp_!LaDk z$!%k)j+6liNgI|5y%-pQ1AGNvAMJHZ{an*Q`ob*uwKEG7+rrB)-4$(tSED?3q~-#( zuT3cVW~n;@5z;5AvunSf^`%{0dDyKz;T!o+-p6$jWPvVnMeP>Rq@T!{aO zjxt$Z>q}X8pB$^s>d~hyDc-4BBCm=V#NBu2U>4j&b`xhoDfNY_Jiq4_w)X*jAu$7z zQ5&PGrHzgZ7u=Kau{XeYJi+iE&#s0mOy|HPRS&^t2EKIqWR;bo_Gdb4Ler;fQEp?M=CPm;k2eZlzh~yo z4-&Kn30ex*sWG-luoy?K_^tcMOHed)#dF5uu<@J z2V)FZ^%3s5b8#qjLEB49MYZrsszAot6@E8N55y9LbH5Al=Kz8CHBfgElCOcu9=>mV z7kGRYMCQ8t3*Oj!LXKXJh4fAzJ;)JIbtfztca^N2NZPmn{_b|B;qL4*{+2JPa1*xICQvz6eF=s8 z&8|v&2ilnqp%-Y2{Q$5ox%)G=y5Mk3_(RDQeOt6W=80@L+9qCrN_S}nb<7B#&|^xH z>{Oc;MWn3fX)i|3R#HCCe$zvaq6SaHAVYJLSeme_Tyy?zJsXmL^$?C48PW{}7?}P$ zNxZ#y*!ylU&tgvmyk7RTxD+$IRzql@gPUNa`h(uCE)y<2!R?O5+muR?I=F-{4R`E z_`XK3iF$Sf)S5qnGc|fzUGdty?&cfY%^Lm>eQu$od!XLtr4_lo z9?j~~r^NeD8KEGET%8Zx1^Hlev@S%rv*zHosD*$zT7fI1U?*Z6w6Hu=^KCQ%N4YAB z!-r9X!nJEQ&UTwjs$kT>@0h(C zzh|M*fEA(X_6s(T)}$CCQ}IyjYr{C^)ZKm$a>|wd#0tm$5)y=5;O;QF?Aj{Q{QaZ5 zHz3?AMNc*YZERCpej7i=&F|T9n+0Fo3j0(jaGtV@+SU@;$d?X|1N@b_H8FB`!yk|7 zqfy@!0r`SR!_UaGzH)gx@85x3{y(`cuNErS>qaflCuI(^vZsdWubN6Oh0WVo{-XqV zcq5+f4;kI7joRmu8!mD8>oFG`N%GTeWiJvD6YLeTfU=cOEB|}x8e3M_4Hr^`QFGasn?JCbeXR{kYP`+M3ERb z_S<~gv74fOc4IO-o%kTPyKgDEvhTYNBK)->hZp`=*(2uO&)sdBw0T?$&KS%)|J~SR z;;r$LU3*4i&i=dYn{0SLJkq@|^^omNc7Egk!O-xCGP)~`4ejvl*Vf<2N1}HRri*_+ zkzK4eP2^GGS#|mEitw+>tc(%>(9}GjZqEG!a2|j|m2gtf1xg@sIvo`sVE8X4`d8&4 z8UWBgRIfT{iP^(-h!GM^5faK1;+pt9)$R+7+~F&-tH3&+5U9Eg`{;7{$+Stsh-2C4 zK|q~shDG`L5v&rHv;>`Cxod2ZwA|~|FQ|^!*5s(Wtf^RyD|{s`g>;YR?ml_1`Q~_% z#U(>GgI3A$LwHh>Xqq2V7%PK>yO>)sSK(o?4F*+S%SQgtE#G8VkqTQY|Y@WKADm}9dC{~Kgt&w*oq(K7W^nJ zee714tK?eC=^0M3TqvYkdxSzhBaV<3K zdZ4Vd7cBm~IS!cVddq|{R7qnRF#>355M^Xgm5$3>W*NDJ&bEKp-sf8s!+PqK_~d&l z)`Q|b%=?cSXh=d5hYo*d6qPpHxFl)63o&pxO92@iYR?B;+D=W7^pm}m>gecI6>hAVbG=f^ZRRXm6 zW6jKdYX&y=6`3XvyA5Wg_#e515d{sR=QY%s7q=YpIq&=5Hi85`YFz0Iy|o4} zYX?N%KJPDmTv;Db`TLB}requ`17;iCJG!MAlHn2-qGN`W`?O_z5A9enJ2ZoeE<+?-~H+qX&5gmr~S{CW#l;udC3aF z-(5n?kK_UM9%SPyOJRX8hPTC0%8g}nlsT4h)`vZXKzGZo7eQ|5i@AlIED_$^OWQZS z@%h0yd^n#2XucojS^L~I>dHh!&fSaX>WJ~!O!tpSH)q&J^ZpdL>g39$9_dNMZgPQ- z{@nj{hK=ONl&wD^q3*{w4W~V$inN+Dqb*DzZ?Dg}-42#{#UWi9I?l6BzFP8LH7Brl7{D2!a z8o9)(I5%)9gdPvdX*d13lV+X(0OS7U>F`E)=6*1pZ=4vf_b=5$`rGGYNT}vICZ>0l z50J)05f;yu^U_C)0{ zR(2oehsf`oMB8omag(i`Q%kFC-me)Ig_~n0tyG-BFu}>{O{1Im+@9@qxK2Bob*g%m zV(XD**pKL6JrOx(_)~~4^_})h8AzEKo1#BcZ;Y#%`YR7R(Vl%`zv^mFaoqrP`Etp5 z5Kx9_XX)W#C&xnvdp_AU{{Z@Ks?77t`%og8wQqQ6WU@8jA~o%*&Dw#>7^erWn=)`1 zU+V+?hbBa79m>W>!#+478_;U4uVNK_(9e=oh(a4_a@TQbuQWa}j!s%mA|LAR@mJKz zZjOA*@^e3g!H7sepZie&_&)TmZc|R%%lSt+SY3#-Z+@mkdsaM-H5bHEdt_<>z-xlw2 zekam9MftlzN*D`!w0n{*VHkOn_kPG8)e#zH9 z{Vte4ugNg&SGmm;b|?P`-Cpo$ww_ck;h(1$=*5H0BL4}nqC!8gS0YL6hdFHKHmpDQ z`b?O^5KI5_wUV`-q6Id{#luO^d9~r`E|v!@0b(*LP=~py_tzMp#|hO`x+Ri`&sFy4 zJoR$VR}~*q&C*ZnGt7Epjd2*%c2hEmJl`j>GX7$t!%ZDaZ=eTjm`P3}{^$YbFu`ZZ z{!H_6i%{tW4+eHebYQWrGnC@i>J_f}@(1bZIlK*;LiCG5$6L+0Vwy@$t(3BI?7p{> z0{RTrY4u2hiRlErxw>+?@n}S18D1aSYtpEe8y~TkaoJg|IC(LNMAyDjs2gV;LJtHw z5h*efX_&B$+#i$wT8G0ONHqnGGnu`y zZba(QecC*j3`PkzYSI*QDPMO~Opci?dA|`GDe7y{mG)|{qSO?Ha@K3CKb#tN+`zIC z3E!xAjOy9ig`q)}z9_})Xt&fxT`Hr~Icg{UrbBSRmO9!NDP^yHR_CS}q9`aO`Jtf0 zWR2P!OUxC;w8LI#o8^()kmsrX8>SlbDh4tJmX$Gr{S3Ine0Gw0z8uv(x#>d~c&s0tD|C{NLQ-6{ z@oLSG@HbG@tzUa#DKDxH4%Vw#uD+9}jU=GECnu!8^4y;GCfqxHccJ>x<%ef=rEe{o zAoV9Rr&dVJ(rfb9k%I~y!!|1r?*0QckGD87ruwu7Kuw^#;>MIMPbV{>OcIJa;Z9bs zMqo`7pmu9#@YvgQ@BofbCvJ~o+5p8oQxpF-w4cK+N5?T;hiIiT?f9wQU(r0So#Ids zU)DL&zF?yq)p_-7V7m6&vqN9+vG21+ml%0f;@_4|H~m9d^I=IlRE>ep+Vo8xSr#TV z8{an15^9C3vZ{&OqWr2%?J20fB9~v&o%)LM*%^hb#P$AR(|9Y{+M#WE;UyDUeg9?R z6pod@G$E6a2cHjYqMdoVhX8(e&mS2FAEiJfe%`#~-d|Xq!2)YuR1RB7Mztxh$DE8x z(@e%NR?zjk2+d!)0<5Jzk4JLWrroO+w@ljwX*Z%LD}UawgT(B=abBoa>BS3d;-_C! zyeLvfQOOeWeXSY)Lx5L;L*$t5fn3js%&;iTXe}ryHvSM}$uKE`pvj%H2!5UD<(F93 zpX2xQ4kb|rYa95l(gFO3TbkCjxvMsY1IK*SP}WKPt3pvvOeXZJE)OIfs-*&=a2-6a z_Y0D7)r;@!7G5)=QuigWUNKuGT6)XU30A`Me!Ot;+S+~{moEN zRbL4>!R;^gG?yGiJM7FTva@@XB zSsFj95F&~PXPmCaB!e(R+Z?&55XDzAS-qTGiTSA9v}0D=wR6)m`JYK1Tj zsK46wc|1maJbDsPXP4qk!uzJ$w{{*58!d`FsxyAhv@5P_dPv>GqH!jznp=;YkT;D)>&o}Cr zm^#IOLKRJg)U$aM?)J^Yw>L0^35_$zmbhftXNmQ_u4)t9CtatfmarK`qUzM>~eu& zf_EgS&&az3|Lhb`%Qw&;RKg%2Z5C7mZGYleeJ*g+ACiQI0vRTGl-}f&BPdxky?Uuj z6{oypaa%28F9=#R{^Bc~%=GturYOK-Z1yTj9Xprs33|0Xe12?cY!L;A5+`)fM!O`ge7w=U+naQ7Lc?M6-wu4+34 z?I)xsPZ@^TX+9IjGQ7Eq5~ohKTAwz!pZp3IWVHfXld+6VAO5b}JQ>ViD=i8{MDzRA zPkLZTncljKEk~@up^r5zR-vFtDH8pCcm>H#+OMQ!stj2j`ma!yC(#1@9V~L^WFNTu z;UP%E4QhQzb61W^RCzD?*@j^!s^`Hw^F7hYtLpE)PAsPqi~LF1H`OnU{dd?AUm>sI z?yMx>!)f*~9_bVZ>1xMaI5gD=ZW&W8F{{LM&4;cvAgv#YUR$A~;ZyCB+^H$Ey4c2` zw$M?$NUYyRv~+f}c=O~|ju~Ke(}4hy*VsygAhv!z%Iarg6fZrnlaQ6-G(cCVlEn}p zwK;ceQo75XM@+7#eXP#KS#1N~t+hX4u8o~aiZ`F1?9)DGFC&N>K#)khr~a}}SZznB zMFv1M^dw0J+27oWbcCK$-Z?z5cu)zv9$9MQ#e#v<-2DjdoZ?I}Ay1Awfu>jNXkNGT zx~-b?+&s_%JC)p!I*6(@Jyld(_rWAB^PF^7|2RT=C&mkOQS9_zeG|k@gWkDCt@sR- z_5=JLkeCDIEt1>K{TSyvh#6C3rlXXuQNaviLJNW0jA7D5)@y!W_cCN-mt+eZ^=8vU zLmE}zETq4F9fXx{VNo}GYKyMn0hCT4l>wqEf1vf2K_d`B=m7({y! zci|yx+~gm}S7+#APL``(NL`Gf=i|ODg5EUt$7GMtq>&G-BT`1~d5iu1XnkUN z!Fu%;b3WA@>v+PS)8pzrB`I(qOEV3Zyr?hV3CD|d`72qOjLn&SK)LBZOv#ei@|K`oZ!>x?W|MyGuzm$y`Cl^?g5w$=1c}Iqa@6B#(Z2{Zb#F}8{=ys@Dq`~=9 z(FNA<-fZWoGfc#4Ht8Dr@}`yTk5B!pOlWNE+yAf6hqp*!nmGj=LR%JwvnD?B(i(vh; zu6uerYnq}06$05>) z%;8Ii7N6AnN2&H0%Z=OjXR!aJV0JqFU!$4+yeJ=5AFT(IXtHbw1d3t2Zuu~!wy=!s z$ggd!*IE`Amz3PxbkO>izRWPt{zTiUT)!Mhs);l+-sIESzuz}yQrInGI$f7F!G!t( zz3Jnu#v(TLd%pUN1BvD452np1Lct_Kg6Q92&vZ~1E#ob;;~n}pKiU6(C$lTQQ7RC~ zE4;nWb-dh6YAxqHUvE0|qalM@;5COI0VAcsB$do`5hjHL`MZuu0WS^0?w5FhPTJaR zmv()YZ%n|p^c#n`fYEoV&D^A;4mIfxepb9H%Xwi4wjY3n zEotH=M|M3;ksdF%*mr{hyzO#CK4;AxLQXmCN)tgtiWDM-K^F%$ZVyr&Irq$?#&fSG zR{~!&?PzWJdQj+Y&#CH_hxq6Sv|2)4&?yJRuLYGegkx0{QYVT%15e+P4&kBKMYV=g z3RU>i9>-j-SHO4ji&YF0@{VdDb{{Rf5QT%}8Gmaz?iP=K zw5O}^xS12-e?rO8eu}GoXRG|5Vl3hCQ zd9lkMVxGA;cJ;E3NUj?IOGN#{H4JNPWcSvJNJ-eYH_ZHLnuBS_(|zP^=H4(<1a?tx zzq6!FX{jqzmqHygPJ7!@XJN-Y}2;{W#$cr!8BT+^)`|Lt{77~iPgkDyZ??}zc_y% z=Xs|?7ja66eeILok@Rof-W`c9AsCU-Gg+^*SMdI-wzIK;2U1n;oM_PJpzE2Y_gyAu5+$h? zf48zGR{sTcicsi%FDD_{&}|QpKaTE?7n7;>XNzHO-@o`GYk){Llrk}85b6;lgKDfq zcaI0Jp@hrBdMX*cbY@-+Ox<`Y?VOCkF&XZozvIxLS!XwWg4*J#{YHu$UA$Sd9LKP2 zq*E=DwN7;@T=8-&;);-6el1047>c{A`?C0}ZDjW%y{7?qkwzQ)W9&H@Y|Qb0*j7G+ zhxa63QTgro-1VROl6LON-1uZUNX2kAAdsBfW1mEPe@f)!F2_2>gN-GW$BDhCI9b|)oea(ud_#=yE+fsmr&9O%fwA-~4`g#B{kDi;t`2Lf zH%!-GV{U#fa`@duIFPY_knugiA-k@b5ZT$~+$8K{fdw!;q1NF{_HpVllsUTdw39aj}kt^KJW7w$44=T+%Jpe+ad29itv8x1UctKB0>_=sVItW2V7 z_1H(gv+iT+s!kr~8ILP(RrI~GCVtK9N$U{eE^Kkf_K}vK8-Y~&jkpiF9e=g1rEcNz zSiG1V^50FHG(A-HRYBL5rtshMg1O$ob!qDaSjdmWn1pIs9p*KlU=tF;5#1hz}3X@9Ww4_U~MON`AcQ*zm=7X?y!OW@ctv_)1LY z_vYGkRJib5O&eNf4l+9h_B!V#%fR+8xOfv~d1H1!EmUOgN@5kZ+n|!+81YMX78VIF zuSNrSfRE3_^0G)ymE7)(%Gbkov?2+DQIS>rmj$pa*o1+(qX;P>A)=+FWswN^`Bqu1 zGc6uo{H8Nn0*D(Z_b2<9!nz~*Z;Z3U@h|jaRbCmZ;04f!o%^e#%n`3=tnGXlBQ^0l z=kgv3qWc4stm>WqO)DuO%l=`LCJbPt)t|uozr}6XOJ4Q!tVSmNM|9dWK*6MncEZL*m1(`D&=&uh75Stge;*pSbE* zHS2zpNDoOf$jJJBYt4`Jkhfb-xym2R__}NPmqdtk#^ze3n;n^u3_}%F9<^bf$J=<D50MXBwEv>K5i!we~k z?cvW6!E2buVdtH5%GX~F*FEDXa=!Q;VpI{<-roL)?4wN)EGsKJySVtK@Gc-g91|JA zoZyeRI_jlLb4$znELB(zKb9$G1nKU|4Mj5PE~kYJMNkvVN)55Ajz$G^(;IXlNoYgl zblMimm<)HP=yZk%8{QF)S?35tI?>)k&nLw;hk_r=BAN?qGZ8(9-k?&eZ~07J934n~ z$_QklA`?DJ80k^0zG=WOgLWNRY4VRO)Zv$ed{cJchyCVp3#AM&&rU+#J{FB5SqEZd zVN=-kW4yrd0e&u-$UI3%T2QwFs-49B3yuBx+rdfBWcYAKP@rgKkMqtY8@bS4=5oB2 z7;x9UrV-aw?6606&8hH*W0^SaDbFqNS{X&^@;iA3z{QK5%>UMHbK^)t*urr_Z}$9dxHY<-uL-n+ zHyl1$)%0qhfxIl#ff?)zF}IOU_BEIg3Ozb@Kf>tk__DoID0b=YJ>-8hoK!S-p4fA2 zZrp8AT@lg77w*98(aRu1H|nbqW87*K8vwP%DEAn==3)5b4(cB$9~XCSfb6dF#X{yGiH^#tVZr_6 z5XyB#?Gdt4!z0GA#_PoI-(QJ{7_dtS-A%!q;jURiRX9p1JOTn~1I!Dqj2=ZYNsC&o zIwOWGXvxmeopcmG8)38D*Kjl1iL~KR@<;FsS3iYAW2(Z@wCJpl-+B#S#~w^+Wp?{; z0hPX8XE8#@1gP4umXbzderQHB1qTJKAK8&Mazf8@NoN)k&s22Lzi;QLa`?)k%DrpN z^0ESGn((6!1#)U)$uB;}|DZrVG{rT;Y&sRd-75HI>rh_VihxPJQ1Dzu-m7z5(!mp{2P>15=_1yBZiSdTeNqOw`HX|D~(Set- z0!b6vlJ%Sp{naf(uV(D+%)E`Hf_}z(zlez8YVZh?rTJg;W zp&1iOaA12W`sB3^f@|^!I*L{JHL#!^_*`BqKm7YQB%_@KwN5}Z(OK?BjL-_ywfIGh z5QF*)hBmNUy$17%vfjDR{X-SHi9@v94&xz=Lds=QqWIU>b-~D)93ml8 znxbcs#&InM!}0D##EfjffDLe?uz?sVmuiqP=*iKb{`;pFcT1W}=b2Hs>*)Y;U5BDZ z4hDEpmr4?YwAf9h^0O08IuUz8vN#P|NSoNvvjR29w~xI4vg>>r!1eX`eQzgpPx*ln zIgZ@jpvvf0%qs&*7t5-ixnC5xlp?zxaQ+J2fP~K18NL-GHdBAk(YaUbQ?qCw@SCVW zp5nWApI_9HLE6-CMhL9WNa}Y>#~Fo|are{1D0*mWOQ`bSRi)FjVSv&L%qPf#D?lQ~O-ZwGZJR5o7NQ+UctR@UP^ zS*yHL=cd>#^QDyz{}?iu6&zK6Opo#j(xqx(t?Mapq8PHY5Uf@8nQZ!}BcyuARHW6T zioto&F#1XnQsr?=vlD?zcvK=Wsm@in?1>g>LYb1jtm<4(ek=NbXmQ}_%bjtRCc+iU z=6LqbDHAHZZ`X$1h+V3CLN~W;kXnwj3%u51y6+h4fAR{jcsRhlZx+jH`>1{2**)^K zwO-{~c6RB}W$5WO$jh&7==dEU?~wBNuyj1RlA7YU31ElWI-t(K@(P7$I z%I&$vE3Uq$)34HrD~0w4@lVPW`>g6-1`r#P9_yokiuijQ9`uU$#sb1vpZ)q7uHCDY z?$})2TPql|Dq4aCMt+9i=WgN!wFNl)~;|ut0daI@BW^l*X_Wc`8Ld1Q!UflRk1KiL0_6P2Dw$ zHLg6M-rqbID5Y_|Y|q`hg}efFs6P?8WKfO&7|YSn@c?V1l}B3zu$#g@*W`pHu(*qQ z=VQBKUzciEe6>AtEoLE!Kj{p=K#jL`7&YPBFgw&Ny=q4|k$+HOGMZOoS?Tw&&Gqr| z`Q%8PU4Eoku}K4n6A=#ePjh|#e3|3*$qh)3wg_c zYRED7z6OY3)NK@rrA>cmwnTbdx^xz*pkj>kT23WHVkxDx>IeWmBZ$=qGK3?G8$D3w z4v4dzIJ5@++Eh|Su?guoMq6KZZWN6VT~7%X2;wO%6A3aq=XdYAu(*;SeIT4giLylx z+!CYt>idcFYwhEKz1NB?&>cszWrwAQkBSg}Q1)x2$fx8z2yqR5C&ND7H&D{&;LDpV zJ_w7|>yR&8k7#!Rcb0@bxgEwFr46bWb3QO9cV(~?x z@@i=lttoMllaEir^EU>f<5RT(g2Cx&!}2c+h{aE;J!%k@?iyf6#O=4S$;4cPB*ey@ z)3Qgc^N?<67IT}(>h~iiE$F`3o*cWfHa=urmO7{=16l>F1Kk6rsh@P_V=EM!W5(a$ zbn)_Nl)L}ZsGV4vjZN_jNOvQ@ruId=hLSTa%LJ&z)lvo;>tWpP^}3XqBQKrlH^CbX z<8SHpW7b2`oltz$Prlhw($%XytUh$D4KpGZ*nhJv_yRu9Eo`7#C+B z$6M!m%Saga#v&)TAFXV`{p?Kj)kTSQIBu7mvsAB>-4EoEbJ6$CMm>JFrd5@{#yfja zvCP1FYIJo|sP3Oo(trX^Rx727sXut7!*$EdhqsAP)KV`9zaclU_~6{kNxhQfkgB&1 z2uth&cpKqa%`mNt6}aVkqFz3lS9&b`q6|u_kW;DC!}9d>{6q6wp$p(A|A?7?2Jlv6 zy6A31p4u4$g$?sz3ePoJv($j#a4UxNTxtDP7q9q{VJ#|=$c}Pr^>J^L69|D!* zccy;%;FG13`Nbv+no-VZn(l9END@*h4h*Of0e2O-0(XyArjxf*(8#PLJOF%pTiJK4jdfA?s$R4h zbHp+b(DnJ*w+zPjOQx-E4CL1z2a$%8A4UBs$WSe>BvO+@g0Q&(dWLxWhQT2hAI56R zjGSza<7I5w9Yn(e6pW)!#TLREo@250JG1O-_Wt;hwm|7Y&%U}ve5JB`CIQE zkVTJ!L@>jL2`#beE`dClCOfdr&~6Xo+uI5eV$U-rx1uj`^GCYu-?7J~ zaVTNjE^_ZWf!8qCw&-fNUMIY7#yRngRkP?|8JBbC2~h2~R^($Dbr&rpPoq zJkakDaqt=g3ndXEnDzO^QI17W|xApoJrOCl%_M95Vsn>ixuuWw%W{p6^Zp}ue z9ux9We}AVqJ^Fv$z~so`rAYhxbv<6C18)-ek-NzQT>w`l@)t>U{H3H|bKW{d^mojSsf?le1CBHt}^8#AqrEoh=pcC~(OuRt@!HYZZ`(nN820(I5fIcw%^1EUEw-xfLjti11gVbzUKiT`G?0+d0AA( z*hUPuCK={2yLgABA<`!|asGRJsb|*Ry35qn$PV%k1ddI|y^~P%HJ$xcqYPf7chQ!) z@0Ywr#)02PZNhHD=9Aki*C-ccoC7Fq1;UhQN+?&U%kpE<>^G%uWF7P;fc0vMd`FUUp`V(! z5ZYhR)C7Lxqx?m~if4{n(TUgyWTF-PfM%#Ws_I?k?*+Q9ZA{}m|1#6Dt9zzLNHZrO zLy9*rwPo9A&*< z&OC)o4y4-$=~r;B^iF!Ae2cCA=SDx~mR8xHs^#RnSPTqvx8@~D&W&IuSbhOrA1P)V zBS`=u_<>RVwj{iVDdybR-pf}?Ly!5l$oj2SEVD|oZ9dx98V`lEt-q#iYa^2P^kmav zW?~KT2}hGFxmf3s`QB1eAz|!AWE$sKMK6#T%Vg4vSb1l(RYk8?{_{t9^@V;u7MH|n z!guCmMvL-Vu4E92v&N+q!D4pPWM2#gECe+~-WvvF8f;NQ1aj^RV!+bxDMprczZ;87`trwH zwo_6GWO=EYk|GiV&vlOQ80S_E{5&z(Z7R&v=l>69Ul~=$wrmXv!QFia2=4BX;O+zn z79hC0LlWE}5L|-0J0!TfyF+ky=j%<*x%Zy;y*I`iuYZuR>D^sjYptqURkLO@QN3NF4cxAI%)=OSTZAg$$L3}=U|npJ}cNhk>B?HT0@keGKy zV^dhkE$jRP;1B4c%!ycM{9WFDAY|r1(_bsT*ngGx;(o<*i=}>wS$Wjo1zz!B_RQw; zB-Mt1^du%79tGvPSe;>-OU^=A#{X4OxgZB#@0dTvgl-cK{C8ID0u^;Ck09m1E4x{v z5Al@r2JG^2NtDGHk!}$SG(hU_%gM(6GfKe(cm3OJXVw-SkWVu)3nH78x?rc;D~dYY zYtYOZuk>$x)hoTAb@W+7N+3A*6_UcNAXW2VR-Bko@U()%24>+JM=<3ZX(S!J=mkXd z=%l^`9yqkoh0)wnQPUmvstX7?9Wy$ef_Fb?y%#w!jQDm;r!woxuy(H%sy2}+xB&%j z2k$OS!IAS*y1QvIpKvFb-v)JjTKyzm4A@-d6LqU>j?KO^(i)OP8D8a4Xh8H(K=g#& zEMqlQ0lAHs49R5_)gJUB?UX>1qo9;N4>~aZY}7$ti^bg{I#n~xc+4Ie_i{$($)X`T zb#s$+gYCs*l_oX~@jOLx*1Po^QJ^xF;Q4JvFs+X-}$q&{Eu4n$wNFW#24d>*`t^xrX1t*K(S zX5~uZ0T{C&*7JUiG_j6a)-AERE^Eh<(~@%!zI;&9 zSN=(Vf*5z0LWHXathJgPU|gE~pKc-yn3ivtlrHeNriemH1yVyl+eRoQ=&`+EUX)>^7+SCJryvgzo1grOFE#j1t|pGbmMtky!oZf~uIP1+d#Wn%w(*5Is2N62 zIpG8oyzvlmFs}%g=Bl~GHhk|(D)1i3z!K*6cf)8P3tPQlt`6oOl|$}Gt@ob&e8Faxz|^3nQMv~ku1_yV`dB> zr)(eo;&GH3c04ZQ=R8u#FCM+ftx#F+bYC#cGRnZAhwA?6xUq|60=JrK+UqmU=~64Z zD?^nlR~;i!cLYfMy=bkLYi8H_ox%boPS;4(h4}r=ifwXV!;9{SGQ_>{_ixQ7)x@W) zj|)B7BMYi>kFA?|0>w;+=-U>8k~8t@MwY_DvFQhz^y1f8!O+T4OCSSo+%pk=K9Tw3 z2gV~+*A~6>af`nwuIu--k_y6&JxIfkglhqEWSo!rYaPDI$B1_VCN>5{N zFO*$1a{SzPC?;Lor)OF8#XU-h_#Nrc&}Oas#N9HmaK?u-S_Lr+!rxC+U#~}%Qj)z* z<(=eu&f4#D*x>Q9c>7t@o1g`QN*y<3<7z zWJ_R?<=fW!YHb&&;aca!u5 zbIRtN5+DwT&-b)`Bd#SZZG(7DE+-)y(zzm>Ag9bbru=bY?R1B=XY|fslAl@vwu0Y? z9qakIwx>Q3#Q{!A7-&}p*3;E8qtECBiZ|oy+g91Y)UUcNzY?F8UARuA?RGXDex-1I za3(JFi6t51S1P_aN*vPpPaj--SBE&hWsBXhb-)gd8AKyfU(=Os@m z{afK$>V}^{nkP zh&O5xy5M-;{wb8~mz{6Efiya9~ zE;cH4j$NLl=HzuaZ}vNT4-|NPrIpfYvbCnWGIez^!kzkNW^86O{0_J33^B7@wA~(L zu0?}ttM?QOsS?6AgYO96;VaQZsFU-jwVVd~mc%qW)Jm#4=_;B8%EvUm? zyfIwu}<6A5TH~9|e2EEZl5va5C8X%MX z2__&ql@~y%0x($s-#Zgo1|@J9sc^+}JLgf$=}g6Mn2`?a4dsoI0`)+F(ol7W!l$Dqr;d@mp22!7r#|j;1Ch7lJH&01e zt2+|#-LyZ;F=rm=eC%XRB;x;qVEOi~5Dl@!d8bQyRtXmjIW);5qRiW$`4E0?E#!Q} z>0#t`Ik2Lkjo3u3wt<8vw0zGcJu6vcO8!!S%gn*MzJRztQz&~U+$uBXIu!BzdmqpO z73CnGnKT!bdQhh|6Ef40PbAt3-g%53fal#N&rk2yIEO*BWi;=RK)>0H_+I^)b?pQ6 zRQqGC?eyp&8zMxq3xJe^AGEj%{dn}yCam77^|QxRU6XRVp0DfZk5!KR@RgRp{Aun8 ztGOD~=JAp*2H^)&ZHA<^zxxFG8xhypH}VP3W5=%1O^)!p!Io&KiF7dp4h;6JbKU|e zOfGQ591|wXvx)@HAa-s=M(O(YcRFr=D+E{njQm&-lMbaniyw&Yd+y;D4BGJnj$u?Q z9Z}@xuo3{&CpCmv%XCw;xy9J`Ji;KP-S^{hDgxam=`m5Q9_4;kwDug*$AP+W%A6cQ z%8q07kSX5QmyrUz;e0vm4s~jqQ>07cJkaZDVbYP?#LvWkr*zl59+u{MV-*%0G+L$uoB=@$aw+9TZ)4f;&=o7!UM+%oC4T8H=VfmIi zN1xC-D&0hvz%}RfVh$$X)ytd5gs{4KI0eS#KpbK%ADpHrUnc37usUWM;>lOidQ0}p z5}j_G>gT^pG}oOz^L@HA?I`VepKa^EjX^X<3GX8@+4QHvzEYUzAlQ$IuPQ>`MEHNDG^yXo_ zdF_Tj;P{Mk+{SJT<)qmCD7H_M*9%FzR#C@pE!6Y01C=#+NJW@3l}Al2puwyD1L;8j z%Q23ul{@MbiPB0aVa^)cLYCGah@U^C3oF+ShJ!JFi9`&LfwD`1&8}`38Lrsy;E$wb z4D$p}UTV4Anb*ZXf=u>e_e>90Q0~D6cX+y%sjbrfakel-cb(W=Ix}-~Gz<)~I6_1J znia%wET=YJFQP;F<4zSq&HaDZ-7+*)B_-k7+S`AlkIc`9Y;JB!c2KYuW@Nnh^5sjY zCa{2dkS$Ffx6P@F%5SrO4o{cwnlJk#G0jH(LV1;#TgK7C(y!w=2k+p*DE2v8%QgvZ zz4ynD*Ic~3(!V9Uqc?d7U7K-HhtH=_-Uu|=_LX8Vc14<1;~yTbYcYY*sGCGU>82zq zmFr)$|w(K}kc~E&h1PDa`eYg51H!@1u*UrZ< zwS*2vgB##(!=55CNCYls(l%gdQYGgS?2tP;MJ?ZtAMu1{oz^Gz{`TF5<9Yh#wLq4! z;kuLoh^Hir?BSX^3pCI*x$fOH-z~p3-VRzbaSBo()(NM0m*17>@~YvsF+ETha!2Yt zFxn!>05V&Eg>$tdUuyeya7FJect9+>5(z!*?g?2c7}sX<3E9G66|}y_zHXIIMmM73 zTTR~&n5AR*BxLRm@ePChttD%sc*+#>5*Ya=dF&HX$j2>`SBa=lwHEQ4npz?V68}Po z+K5@p{d{|8Pi(yt-l4Ifby7B>#EX$mw-VBsQIU*<8ahh2pLvIy`xnzq_R5~-c-d4T zPIPl5HlVS^Z~!Y65tABtt|XMN&?-uudgTMw%4MMO57-Mw|ByDM(W@eY-zuMcPJ+=P z;eaJqDkfepC+9II&qto%0&eT7NV0>&UcL)-pwUEdzV_S^KUVG)rImZ1TX1l=?Gs&r z!p`mqt5c6_#lQGjjmyKgOiXKN5JWY^AT~Z?_fui})55;E16W^|E9^iR9HTQnt`%^# zJm^Qm0>QxWC?Tf-4|1LQ1T^Ub=hOz|H|OLMznV4Nj?Cdl^A@(y7jtwXzxQ*q*MOvH zkY&1K_~LEwyvZu&d`SWq$cdS06SJdAQX@|8DhtM_*v03g-A-{(dB(O39{B5}Zv4n^ z%E_(I#7s-I`YIoYqjjGViTm3xU!a}-x%tPze2txdiyv#k%If&!>`Qapd<@JNu(;t$ z1u;T0V?nzG?{TfK4V%!TsHIm)WNzpr-`eT3ycew_*&l+=T1xTjL}hQS(Jy=7RK1c=Mm>F10abaY|$|` ziuG-agE+)F0Q!0E1a7bHI9C%a#2Y5_lby!9@~g%6nY(uaReV!mhEa@`tSyf$mA5;G za3Jf|O$M1W7ZPB!2PrDyijgkztVY`T4KJvk!y8gk{0KOTH&|@Pz;2;@?qZa+~8-z%Q_cbgGXxn z`T`YipSptzESSB7Gmd}@EsXaa<92kH81jkvr4+_4 zd{RgBkJbh2w|~v~;(y>KR#sVnJItd*r=ES|&yB?R+Om)Mi7md^>%xdv7Pt=^`M`%y zguR{BHEy4XxP8R@@xUJ%pOdbK5#Apr6SG^2#ppKq<9MlkF+W`hFA`iEhKV5aTo(Am zipOIfIykMMsEML{ZB}%#C(_MzlBIzbe67wNT1~Vaw+HcGocOnS089~S1>C@4&j484 z73-LGU5QfLFD8!_Vf&FEc8l=_g~xdw*TR4`loJRC?I)<8!LC5tB}jw^Hcz3udqQrj zpS2>{O>NUvQ=Lx5g?2sb7+>X?90+%RcgO+>`knjC*16pe&p6W{bYJyc-Hj=Z!k8xb zw6S!f5R2P7lgSk=*poEKSWnPR@rC{IYT*o|-$bc=w%+f&Zt zSzGDew;TXd?ZF8B)g-9j-eigjOW_s6J39%+4+K26>xS^>RHeKA>6`d{mR=W5nXS5w zCpgw%mFr2dAIctz57objk3JH^9k!MRKDGB}{rYR8mqaL~kZ(3uTypc>&lJ2b7ie$) zVXEF_6?LBCGImfDclOO7vpJoomqSQMYDY|DA!D-Ll9}4RIt@lpDCdHFDZJ+_T<-G6 z-T@=vLE!*592C-qNAsQXUfWHady0L)K$2yOg3>_MH;E}FP<72AP^w`=NT`U>Bcr2% zsjjCV=+YZKSkI9hPJtP-1xQyA7n?4+oj17I%m;X4FtOJ~tOS2vbec5i_2i(&cuT@w zqq7Afqg32ZCN&Q-u5_$N`7}GNGcJLxq>@UL0u0RCSuGSIdCGU-$MuVbX}YRS4~z_1 zBll5iBKA?WvK#G1V9t+NS@p%ooH!?O`K@1f;qX#t6__%WDI352xk$Jmse1Z^j8Zw# zzox9DM1JneBoCB?Ez?+@9D$)U1euxnvV_U*_-u%_wZyx`d+@|XKIaHBKC zixv0pBiD>8+_MEZCA2cipBsWSCZ?uHDJaAkxC;n6Ddp4oJlN6CFKpyx-nL+d=KTkh z=Kpu;LERMKSp5g;?ujhVh0__ob{pDzp=4VOBhg1?F+EiraCH*;VnPwtx~jJ<4ZIhQV{oR%}&Sd zgnqmSuNk8x_$8WEx%|&U*^xsOV2!fn*44ij=n8=Yo9+zFcdd z%u;mAr}X#JcKrz#lY7m6&P`Flx?au*H7+5)K`Z;L>8KG&BsNF_t~VqdQqp6n_84-> zmR~~}DPR0t{IL-w3S2Z%75@5;TX=fGm*>Q7{jb(i?kvqfvd(dcr1U~lp}6dCfNVV^ zKvUe+{mNcl(^IW*EkL|NH=F=bE0IM)K#8%2N*#MQ7wJWZ!CUzm>77*iLTI!cZP}b` z&~Hhvp2DM;_hjaTvd>c_a15vaNV2tHL!?Lw(GSJv8Tw}TxtszfjZiQkbU%d4i3UdY z9t|AO$bQzA92TC{UD<*OpIe}iN{RXU##s>RuBgQzU25m+3BgoJYfTyHehE5RBJqY{ z^=i3ef22PxmvLE<_!L*-S3vAd)Jp8MrbdwaGJohV(1tKCDF-tL&dPdb_88-(JC<1G}h=-cYfvCul6o(8Y(k8xQN;_ zs!YhI>@~Z-8r?gHm+zj{PZ95-M#lcZ$E8#!{Zl`=2^{);2Q|ir`InK&d5}OkeLf~> zlyA4H4!q|XedF*w^HFVhy=^+RwG(GqL^DZC-d=<=@!Tp<8y&*=J1b_695D*8ZO?#9 zIG&uBKfDKMdxUpt?9CIk+*uD?_KImu&?)Zu`X!KxF#Rn6|h|f<*f;~z- zS7h--2>LWMG+E&Gxu}P^k$dk{@!nBV2Tu0Py#dG#Yj2FTNitC)jpo+U%gML5L`|2N zj|XZnqf~?C+d#gM_DRB9Vg1CDida!RT2D;Po$>=g2W#RToFpv^kNGO2+93N#A6!AB-63J_Niq$zk&W_qUN(o<=b^>t1y z0PFySlND3u5hKzo1ck&?E(sgFZq_8E;>)WS3D3`#eT}`{sycUxvm0KPJmtx@|&q*0#k&d+$7G>DH;vKQAg06H*v5 z@>>J3xxp_;N^c-O#?GgHo7qGVhC@4YunVnLYej|4=x-iD%ndyIgD+<5>3A6g17B&hy&Gsebtm9Z8WIg>Vs$FdJZWf-^$!R zG$iNZ=Jwnj*r571ei9Ps2sN>?N>#UDLFm|XgNBA?u>$W>?;P3R=}tla&M>LF;qL#= zruetp=x<8a;>#Debz-PEtyZ8kTgf~Y^{B969Inn5Z{0Fv`T;k2*kAs0IaHLEPceQu zqVvlERleD)g-M0RmrJ8U1X9xbToT3a+ZVOtfy#qOE#h9CFB$(9K{n;R>`l)Aqo{2w zx7PM0lrTFW1^CFYb;(=(?f`?4YX7|rqg=mDnIU`-0Zvz{s{jfqqus}%glv z^^R-DjNX;d*685lhGX!xQ7HJgh;*~8m^U1oRPwZ5wi3unb2>0OJ0ZU6y4NB>j(RpxI6z}%#ykuV<3^6j z`-CNdTBZgIqgJ{@!TFFumVe|N3KFgW^Y(mX;QhtKAo~pt+7My_o+z>5?l;f#-(Zdh zNWjua0wfCJfGcm_BD$Xz&y7-^M9$QD4xDLY%!-24eiSwn1Ycvpt_M;5k(SRM7PzS_ zB=Ce}+4xBur6Te9@M&Hi$g+q~;H*I`^`d7wGVp$=zQC6$tc4_p zEeVtqZtifh-4kDJy8ZNCLEQcMe$6^{*0)DdOxZydi-dBEkbx~eowonodpTsgM9W-o z$}PvY9f_5p$m{u0r_DV3H}RVRVl8^M(kL!hGmvx+zioCDq#o6pJEQe+7pEnG5S)wkT+e*;Ae>QR+s=KOu|4E zwO%an6OXr8d@aewIBd0I;^0g#NyiW)&U)6m_+MIoMd2Yk+ykL|zh8JIUCS?c?XM-x zDum|`L#*{hbg8XMNH4!qPv~Mt2GhwQqaht+rb~2sMyrQ>BECIRMJcWa?zh;W_AI|o zg}SC{f5mSQi0}JomMuv#EcE?j2h~LoPFH|hzpBUgm@PsVVdL{J z%lmzh4ba)>1XFr`I{GBLY@St~&$|+$Fpeio7Q0{t21d52>TXveJ3z*ad8lDRaLcxG z$05M?cgzRyaI|$VVi7Hhfm!B$UfNO|F5bX&mmJJa`=1*mxEvfSW{DTK`Z!y5AfS}A zA^`b9`83I|_^C6e1Na?M2+nI0`E>i##a*cevsA%zfx7Vh0+e)(OGpZgwe*@)<@c@h zE_$Bm905xO%?PZ2`$o}H1+c~vMWxuAVqiCt`va&+UPT%Be>8f#3Ws7SIAC-l5o;Q1 z9&yIA0Up;{q(3t`ClH9cqTq&+c)cT1V8Zq9QiZuR)EOAr(Gbc^WZ!ro@{izsUI>=p z!v+ORW~(XCF*3^p)xB9+G%!ASW_73!r9vUr{x|W%VuqxAHvSdG71@>+B zEo2a${Dr=9*-n#65u9`Eo){TjTx6)~iJ3#p-bM#_?E}GtG4f6UjgZ_Bx0Xqn0B_*m zdvUpVUCS683b3k!0bv*CiMv<#X@%j2e-^m84ncAK2S)?H-<2Q^Moh`)5@hbU;Ii9t zljMQD7@Qg-F-79Y8j@Gb@;f4KDYhc6*FO>>A}~TdrQV3b9W2>(>=DMK&lQPz+@t%Z zV}z~)>(u0ZLiP3e;=|0{q2B((YtWpnT|z^}iw#VjmoHMD0}RDd{-M1{@WU;>-xsil zT|vVN*idI5$gwJ{^fyTl5WJVYpeow+FHsyG%>b)B{V&c^8A|6zg@)y(t%qK6K5GMi ze#U-f?CR?3z@VTgX=J9__0t^>#NRG{KWrxXZDHfTW`0RYNjW}0j{)y99SUjwOA}N1 zjL4^w_NdGhSY?iP=G)@?nFQVZ3Wj?Aqp)>#T*MtJDk`s;m?CWv07*yb{!T$^4xKXZ zxF~%(^ncH&(;*275-ctEzBc+deu3jJ5J)*!84;i2PND zMqB&}s4oz1GM80xW;6&0Zt{wUkk|gxA0hfDf)xk?NF3PW;`K&2(~lh(Y?d)*e5I;R zJ&1t6v6*)$ADOSBZTNkjajfHXOV<7UOi~lp2Niu}mL+D6dNfHJ)0H8#;U92v9fw}d z*M>wajb2W}jaMk7@_7sguDt0u2z{?@g|rmBd3pAG1ljoJ=$|RBzPr4h!!r^@`sw-! zXh{P)r8GhiUM&hw%a{!g;|U-MK2KkM3WsM4OR5R@Azmpc%98GNg4j0k9lzfMYpAb> z!4W~Ct(5$A(rHwJZt&Vy`?`?>I304ZQwZGeW(@#a!im57z9?F8@{^)h#}xeUKVZG* zufuQUlX`xk&gEKyFnD$bKZ6cLM4~g!$3L!b!jw6lnZ3DYUI)hmBFHQMJPG`nNTsha zG9W`n{&SHEEHZEm;{Rm^+Fn?AJ~r^lj`x&p8M^lUw{0l@|K6D!Cn+@hU+M7ukB0}} z4!;i(k3EP~aZG0lF9&r>>;J~@9?az^(FL_!eDPYS4u{mk(?dJIx@xBzAVA&o4fZlkEekDM`0NV7ttMrg{s}_2(Hm`HQ7g+! zH1^Ve@z`+D>rPu;}VFy~jKG;O-T>GtN7;T}2>cZcxtHUzhF z{7a8jSSUrOiJu58XFTHILo$T`G%{|3?2Pk1{`=1Qj~W)fT6?(C1nlbd4v^^UnE;>? z@jU5R5TxB6r}k=X6^667+JP4J->Lr_05bU}W56q)3an`d+VXI4Cojo!fpApImi7(5 z_uZ7J?=>|5U1O_3S&>qH9h%qjT(NBPWSKIck@7nt`kNBH?v%Jnj zw6W*tuMXcqpBq82bm4YvZ#UHUZd4xgmo&+AwzE7xXAo)Z#UK_U(7~|CoG$uY)BW-= znAoN9q7V2IE8|<~2plaevFireeNU4zq)8!+`^B(l^m?80^}s`IistVR4Oo8`tbJ$J zH*kb!tG|T;&dIF+WX4+3obBMkG1?$jtTNQ!!@2aizQ#fzS)jW!+wc^XrDf2yY~du9jOknRigT)c>Ck|z zRhTcnmV&Vi(q1(3P*ezIr^fKs*_0y47&m5IOJ%41J=QVsony!dXJyD&-K9?U9y3LG zRO}H)t(=M!Q$S$JE^Hk*o9*iF!SMZ->RS3pHixtb5Tc1HsoqW*W zYLGxHDX*=841e)i+J*F+k3}=zGbOfzdpwHd@QFV5$!9G2=kza|`=->GJ(p3axQPK= z3AGT~dWopG4Iyd3Ffq`a0`MhmPqC$EZ2^SY9d1DOVv_zK5I_;+$YaGCv=0eNjI-6$ zN1d~!^EJZh{n_(%Y(S`kgg!lg^^)l-I(5C9ZVj@q=}`cx&1sS6VX)|)&P(G~WP=4y2`6;-@D_$n4H9k3Xg#`JgUgzwDral~gB z-ntrK*(Ei%2$v_Vta5n#Qth{A8v1oC-+Va{ z@|y$yLt>=j%}v(aHk-q$&sPVF2@g1uFBrVW*B=QAh2jiMuay9ZYONAMMlIt{&K+PO zox^==JM7@6o$h0Ipp7Sxl;4XVg+TfJf@+}HWGrcwxEcyhQHQf5^4XX#x)I8`1?N^h zEY@^qp``*C1AJH2i#7);fM87Av}5bc9r;A1mXld6I(6FjGtg&iLP4kVQ$00fmP0o> zb?plc5HvLWV$Mk>*wh)T1ckhuS5%sWuPaPO#4g(oviH2spi(3%TA3^a!4lLrMoh64QuAF{Tt znfq1l!v?=MD_g;g-gh)>Yc3#bE`;yc(+cF=m|4By7w-uDvPeY*)26~sWqKyAZ--kn zY|}rD0wl%;H{7>9c0$r9d1rpPxk>d^J{hV>Yk05Z}Iyrwnc2V7rAPc{}PaYFZ{aDyWho zCBp4Y`Y__^u#5!<5=L==X4E74599{Io}1KOS8=6ISA#Zda6wXJs&*KKYoUq$wX}ae zbM#%*@a)8jJ;&2AH(7(DOy}~9)(!7(C)7dt`}yk5gR;(pc!AnAgN%gs|DyM3py59% zB8gTGD;6c}8uO^LqO>syU^xzTREwW~W+p=VHR5dY=R;5XRjIBsP>l=rZ220|4aqz6 zh#_w0rEGKBLmSdvc`SbFB3XJ;@@2Gr?CEQn_p7c`Sqx89>gOSv>=c?80$p_0EzmD; zs;ox%LT_PPZ>F>oN?=c5S}!aBFx;B7M*Nk)2+r zI9=L>xHL8{V+1qstu|hXN=!O*E9{vTEZ_<33h+lVV13Pnmqr`{?`F828t-Z|}6D4`mSYX294R zZff#a&8HVtoK#I_ID2c6MQ}b|2l52=2j0bylSYCfF7iiv!uzzjN+#CnAR#`=sW_9L zj~!`W5SySqlPuhlU&DV)jpc{RyBFgoM+R5+#V@zA4w`|1;dQfCeP0W zIEMR%DIbXSt##4($)mlVe#}nK&A~G=GSoT}< zl6mLBO6*>1K%<{_GSf(;jD-`{xpWX8>|)AyY1uu|p|oD^>@6dj%uXy`1DsS=9$HH@ zl@_3kmK4?vKCjM_@6xJUrNe>K;HpMOaex#1`C_fl7ek{A2TuBk=(>ltE(tWqQDMU8 z^MTfTPjs56()jrf*>9S1NSi8a8Hvvl6PqXqtiz_`F1B7qILp4%RYtv=na7E63|qt* zWB@8{tHzRi-wyzmKHq4+-*$sCrrnxPH)xL!DjYg@($I2_{gZ5#&$yGLE>mp{@_{cp zpIf0&IA8H)tVI$Q`p-@<4$!`H{1*r%AjgqO^F8SMqNj$eytD3KMQ^mVtDS>Ao*&1) z0Tm#lO4l~ep#8n!(1tdO6G{}OEBT*-cehF;A0=O`345SLqkb+i^%@c}qFT*JKHM4z zegA7@2|oRozg(5vxcwB{IX+wZWWiw2rLnFq*_N!e?)bx_-gw-kxnaZOP|;n|;Z@{n zlP`A83V%malkaC6_$9%>oO$r*42R{rpx{R=&NGW1$s3eA^X9C1nm><6r>H@>HE#}u z4t|8^JTrUwgvLd*ih21gZRTM<*3DZ z{fmZ_K~I*Xqx|-Hk}81^@V~9N-!^le$Kwky9vpYKiHX-kO-(KX<}{bUH8j^R3?FV< z*0l{P8yO3ydmXMi4Yb)nOzg7jsE=a-i1K%Iqb=Q{VZY7SK8vkJEEb8|a-)Ju&^JZf zgms3Poh}X8515NRC)2A62>cVxsc@D?a%xK%uHU>dQ2mKd^gDV-`jfmj5fczeF?t;1 z=RTANfuI-j3NJ*ej?-Cwl}5aGz>PV+!g%5Q%QW$B_Y2R0@7kIa8+^Zue82rB%E5?v z*~8y)(I#X84%>~sA$UbB!2pOf5*IFt+@QQ;=yC(q~v5~7MLG)ySit1{afY@CzH9ESGzoEp>N{kP+; z#2@b*>W0~_$OW+V8jkT%xh^84Kh39&7)j(#lx3o;L~b{ZIlR zl?bcfg!sOqS!yvbKp!0Yi?E+)avT09o+W8fvCMb>%U1| zpkKXeot?EaWb29sPGr+8T1OB6rytC44g1pq15VdIABofdg>?0Qb&BjWA0;5)Kb;v` zRL4Sie*#XVvT8_Q1xw7;4cS~Z+^b>+*i#iDwa70;kFX|ul*jH!?bYc{Mm{AgnBmDy zzQc^wEsm|KgnY3fA%+iu9}4{EW1j9iLK`x@TlEb2V(*S?=|vne|E6X9(cBDz_W4o{ zH+m4vJcFr+CBB}l8d8PMQ?)LbKZjW>fI^!AJ``juw%aD!-wm&ht}~fpU{SBFO%geLUoa z<9=F|*A(N^(1I%>{UsMKEbXB)XXz=?viX;Wkh?Lh!fdXXMPMOY)>5ZA$*xr4$QmYe zn*WDu3pZ5eY-0s%JD7|`7=?$~m73eu=HFGS?uzQ_w{VwU9|G5mIIpj?Tbc~iY;Nqx zvBk_F^yaU$%tRayU&Xj|zTWu2b4f@mtn3a0jm_vY-035HAO=$}b(atr2n>Ej7j7ss zE>MyI#@!BaoxV#`gv}F}DJPymfhNdI>D4u$!@-n5Imyq>ZFmBQLa2F8!f)4jijXR9 zs}u1Q$cx%@Oji3#YTe^hE{6&?*Td$~fC?q8sZBHYaSLI`>uvf;y= zA2i>pex7)}j)}#@rJHX!rcH!)m~7Bn(Q-L086)lGK>Q@H&db|$sRiHS-X`2RvpCVZ zry#aBdkBi=*tg|3Cn;lQn(ks%xj4jXv=dkSzNOw8VVB7id7N3RQ4&NIg}m9-i+;TvCeEs&LY#ryAtjT19_KqG9C!>Y6JU=i{Yh&!v46O|`$pP=b?R{S?HGO7& zgE@Dv)KZ8u*WyBlbn3?}h=GSh;mVC5eg6hZN!YmrR$2?{dp?2Dm4b--Mf;DVfB;Rw z4@r&b#{?F+1Vq&rd3%QeV~eg-$c^RvQDs(M(BT{B2DU}RBNa6lt$}4bYFbi|*>-to z?>K`ayaJt(KfPXlKrU+N$G`&Rt{1Uj2YIcXQWRSL3V)q+`4csE#iwB%wA#|^2KAnE!#Y3{4Vf!X2WI^eTrIg+QO~AaUW^P1IYX=0{#p@4&cDQva?+iC>r+X!1z) z&n*AIjPJHnCvIq9AmN*?=y&hl**H1H{))Ce+YV91#LVt=Vt`z$$&H9_MPfrt~T({{Oe#V{qr_6 zhY%jS4Os7}XI8Ul(yr)GYH+cap-w}q0zxybnE`koILp4PMruV~aj~e3Oz2-kUgYHD zuqY^T(r>M;855I|@RGpW!YJ(y7Zxfi*rA~zrGyhO_1Pfyb1~jHNGacU)*=>MvJqj; zEGgG#KO<_kB$P~7k*C#7ilvRGL-UHfcJ~}Aq05e zQFM{LeED)@$01Y}Tq-cp(&yVbI0$=%fQ?A>>C-b!bfw-Wt+qd}G%#hu&mQ*l|Zg09&I!NwB1;oI>pg@IrO4vmXmg!SkxxUmNFEuU}@@%8YqEktkUt_*}cM|km ztgu>ZrDVnhAmhmTT7O8XacOh@+>q7sUpIWNIDoJCd_;44F#m(opEScY5Zv?E1GFXV z2vmJ2b|`-Nm)|4k*lUG?hF-Ga=kW>v#lFjts0doIQSkIbgVefsb}IAe`-Rj;ooyzGJY)16LdVui-LYw26dwCJ4 z`l@+*O}Ht#FA3a}cS9|IL2w~^*o-i)s&OmPZd3IYIv`bp1&E!$o=vj{5@rvNhFa8? zp7P%xW?>xuYzNWUBO#};z5cKs^ySvT<)IQXT_>n8SD<^xzWc<~l=Z^}!|_35C`!O( z04UUtvg{}nt{m>2f@Cq+iUWN?BmWIwbJr%XUtV=JmX3~&U9X+2yiY6B>XA)pTG2aU zSrUftx&ahCEB;4t>z>Z|LCf9Oo`4AhvY}2ZJy)E6c78yUZ!o{)Fr+q~6pom%wkM$) z8K`Z&R~ijO;M)*NNEIj6rhHAzHKOs~k_U^uCkd8D7^U)Py(|#;5>cv>nS*6x+8AhX zS~XV+6UX=$J#cJWE;j~9w?M2lKeI;+6J4uxwUT*GG2j+n7k_XhR;%?d7G~eNi;Vky z>g2)$pQI}x6&*Ya-WQAYvA16?3%S%R7NI{{6hW>j+jcv;6U(CxsL4rN(vNJdozXhx z9Xg2jyu~ZwHb*rZ=uTg+rz&P`>Hh_XQ_7Z^-T;2#xkBwwM;2c4dm9e1X3e zWjWJuv(AiCjkP|75?80f7lZl6BB&>{tDjxH;RMoRHXiE9j|OUie4yEzo|LBf?Wo3l z_qg%dbwDlilBSu=8d@zpnrIw}hkOl_3duBPK(*vyom;hV2_c)EchBUr$zrShA6b9L zcJE@>tuBd%d=sS;uD916J~eiesP9DZ3gO#SPX>0eU>pV>$2P~&1;~^9TXnMMcLdR? z_TlKnUJrRYxE@o8CQPpF&c}C^Z+A-mgEhB5PBxpDtu3y9aF279R`L;6#tkCEY@mnx z8{An%>rQl?M+qim|500Tw$+*xtj=!uLg?AG&^3BJsf3AXvJ*ZuXD>NyZ`(agTtcKO z+jaJM=-k_`673~lsvgaCIBo+ULz2_a?gcT;C5fN&1UEQIe&VmTr5H0?)%^!( z-Kuo!9o7wS9lgP>0&O%o15w0m7rpKW5_eq5>n#t+s(Ab}ddX3?$K4+GJuvkr)cK}E3 z;|qL0wM57H*ju{fUu+d&QC5#G(DO9=vG2=Bt?Z$sSUVmZ;bdPvZ1?qdh^HB)E7?=7 zy;rX_@E^_?t!4J!a5gyND!M4eY|^UD%wvI)=YNE#S$O)JF1L1{;0oq>feeZ=z#dm> z^DnEZ1itsEiY_A=&y(Tq466=HB~WT zKlOImaXPeK8C37(=N6=u>=xb*H>c)80Eal)4jlO3=c8p*!tKT1zd+cqeM|kc%*#o;mc8n>MKo@|F<1UTjvp`k{@2TM|B;lbd@$ z4wmujf%ZD*xJ)I(#A88t^D%dd%X%6cW}9F@kvN*$Mo8QNi%`$qOs12moU?PSl(h6g zeYL5D#Xuqj1;qzt2#B`9fopPEq^chKM^#xZ7v(58JiAVcd1)U?CT=snskhtn@&n&! zDXzO06Urf9<%nUWR4AfFl{;A;%S2q7In5PrPk4ydWgg6}Bv=blSVnIISDE`5yKQ_m zGN!Y7w^E(9LeHDnj$?+DJ7HfJVB$G)$RPtWFz)cB z%uLD4tBK#(V<)Np>fx8i%Y z)w8*WbX}!nMUN}oL)u#_>xAHm>`|h$(RR_zUz-DnRc37U5_qjomEtq3>$OEibfTi7 zQRiCJZ}=f0)U_*{Y-wA$4ew!-e@>Wv9~6<15sS+BR>3wqowZTyOvOTd?R}Vba&A_) zN-0%*ZPPOc;`i<`TgEca;rZInIZ;wxvo2M78&67Vus^qQ;*>TjqMOMgG}B~VrfoVe zXa(rm<&GdR0k=H$NddRSdx=kV)a1#lk)m$kl5Ac1d)e>z!2kUTQaJ?->Vt=u!Cz2V zM8Qm{A%AnAo0>4Tk|e04bYdw*Q@>cE4Oe-}MmT1E5G_?uC(PMhv)$8cbyL-PO}Lb; zd3F%}(nI{b?Vve7wVr$4=-~13N~Qipszu9Tla^;?DZ8zgq4U5~op;}!QOvw4|D|ks z!TpACaG|RhyJhcf3q7mZP6#`;7&T+PGJm;fA7g=v-2-buZ69wHeT}NPoO59zr^Y0A z%5G?=^4=)iqMLCtL#URguE7K0mgpi_nGg_k!z}BZ$}4rdsW+ZTvz7MnDt60Hs$L5$ z`gLTwljEsMzY(2iFH_wyUGr44QPc|V^4IatnzM)6B6h>GC{jE%Wwr+DEb1lPN?w51 zebJBE7NM`>4ccakE&D-nil3H)fw}uejjfvsLeIoW#1SSuZ=UallSPwPpiX(G-O=sf z{M8LQjl=XKeZ{TT9lqlRP!sPWM>`vAxN8wKt30`IBLC>6_0nCiuwp6K;q@uWqAnB8 ze)tq$c21T<^<@{e#!lak<ZUW*1Z?4y81zrHMK9b~_@!5-G^o z)yE45dBs(?=oQ|%rH{$;72lcz%wDbEDw@5Iy8u1W&1?iNc+5&$J&Q~p2V-aD$P zHR=<_>s4%kiim)K4G|EK5vhSy|ZE-r=fN5D6ypqzbG zq?2O!^j*%34DS}W<(0)`b)AubyRx{>bmjtw{;2?U%ko8%YKMdI*Va{?4Y!r^6p;rV z0p9-S{HM=`==7e9_I%VCBOR$)k9-&@VruI4&_YaqqP=df1%FW;5#%l}=LOM=E2wnM zEy;qc6D0Z4vvKEAvw`)lhB@Rs>9bCl+orYZU`uwd=d^tFvce7AvYVVZ52uVUB&Giq-qG_ zj3u>u;)B z6F_z<17-+nGefqgF5?4DI3T-uFQ`gLYuN=5^s^gI__=fk3ojsVFK=WzXw+8^S^wQN z_NmAYHlC+^-t6{GEs74jD0Ohy3Ezmb2gBCVNLtxE2(vZB1#?#>86 z<_K=TFjFZYEi0g)ZwSx3zwm9T;0Nf8c4_F9x|e6*Gqa!As`+)~KQ@Ln^3&{XedqD1 zCe8~-*`7UIWtiM5SZ6lrZC&cEJ1y;5H4^W;Q*<55Yc7qzZE&BDOSaPU|XXEL+D z(xq*2MkOn8Khfxc@yynz+SaU9a*hEE8=aX#9=}>+VScfpkS`)R-_-nbvXon`vyxBT zr~-hl)tIY!O3)9fiRK3QnIsfAKY|Q>#OEy5w3f0M@jnR~NTx`R)uFBDC^xdQP@lDm zWh;L-aY_kO(0;h7z*l1+-@;x#a@r4R*E&$RiIV^cb3MCjo^J(B6*Q}oX;;u)%)mXL zIgrna%IgUk_89R*8Zr->j;SmML5CYP)yIy0751m?k>%~gjiqnGyvsMZJ7(dVU-5>r zO7qHtE12`h9rSa`98?6r;QXv;0T412tsG)ti4G_gdRg!aUBqhL(H>YbLdzz^x21@t=!xt;Soyf3LOg6QV~U=rTn6a(rUrCclZ+GwX=My}l&(?v9(j2H-njokj&tuz~Ti z772R+DXhdj3`@FW4k-{r1puGEK5 z7^wVUrKR$!w|x!7+6P1Pv-VuG<`ccmQPwc+N35VEg-Imj?0F)JyEy$>Ukx`%^iz~c z9q9egltQ@lr$TbgM)?j}i$cX;RyN#UTBDtk9Fi36MVL|8dakIeoL2csR|K+CpZlGl z8m6T%N#=VLt3weaNzU0aI{*7f!RauQjzX=ss6M`!dv#uFXLHT)9+*-Vy<&|Tml$_X zPQXCa?GpW2f3JPC;M-QSjI)bWAJZ?|!?*yduUX14tJxhh=0#S>)3L&ipZj_(Lf-xR z75!jvHea&NOm8gQ`)zfxxZBDr4Ma+)Xr-1>R9bR;MO6k)rY=%I{7XjN+YOOH>j#MU zB5tDXCh9kbhPc!qg_7x)ghn5R0n*$Q2|BsSAzFY4B^3Nq%`yH8t&r+AXKykWk|%JKpNip5R4?wv-f%fR0L zwl|k@tpe`Q!zsoY;_PZu|FX1#?~eFw`m$x@2`W*Gr)K$EppPTP8!mKtqrStEl ziwUWvThdTumB2%TL@kO6hYzR6Ghl`F?8-!8T}l zIQ8P~eBRSv(3a21WILNBHccg`x260@yoRZ)nQ_WNT-2D+l*aq0t?`WYRtuxAg#3wa z@$u_wGQo0(-Kd3$Bj_Tr$dMom@x#$2ZYR}IFPr&5;1B%0^0{MiJD z3g{c0v#D$ojkLO}&Fkq+6b9KSB(Xg7e1^xlEmJ?tZFi&KWg%Ol%UPAO0-DAK?B7%c z(AVNb?-_pK7wDdLNNe`tdkuPv!M#Dv_^P8aZlRahxYjnJ((IG5AyV*N5<>e~VHm-2 zoZKOG07~LI$dRfpem*~x|9{tFN?Z%A))8N1vY~95RKXP@VSHDBJTPJ~h<%tEIs06B z_b(T)XwbZu<6SE=+OsNDy<4ArSIgY;N-S~BizA0lD5)eje}VDvV!X9#uJh>{1}`)? zP;xM@|2@wTdC)0jcTyv}WQA2;S$w}DmhWJubWT5UYnD5Y%FnH_)^|1-mv(nQK^W^P zldjAU%~^S0?Rvn12On(XJ%1r`HshqVG4w}|yG@QBB7L_-3#%0!yqgqcRY)KkcM((I zjlqP_8`auAj`p$x^9@iwuLjW>#Bg`5npdMgq96_JtycvjXKA2(o|cT7-;q3V<4y#_ zZiRYdhYKiHSw6E+*A^E(6HRERuo`w7Mgm)*X{2shA_TN+@ zf2iO0=Og19ta??+`(}Fw{Okj;`pMjk=I3(`!F`CMbZ+t*fql^AVAP%5-@wzKgffp< z``ho7dWU>T(D~r%T}8&p=NA~`GWrcxddVpTTHA|EW_raciBhS&!uyxyj|*qa1JbK)3br{<#3Ja!bQW;cv;NAGt>tf zsP{NE)wlSI3%jCjbz7yZENxu&=#+aX+jKW~g3{_GuuF6L?AG%T+8&yaE2BG+q40B8 zFp%_i319Vn>g0YQe+kzkR&y82vm=t375!eq>)plH^Fj?@wob}17(E;r5E2oQONcn_ z=G2>x{b5ipohz@b?OEf##ipgHl6p5@a_^C6acJ0;ya(COpRK@?>RWx-u`w^~oGQ}* z>&vumbD!Vf$$*GR*y6Zn7-XeEII}e3=}dHnGc^9W3_TS#eSPdM8J}XJ76ZZ!7nu|d zr*F4)8>P+49-H_ua3;4#vBf#|e)2Pa_~9yD{@UbGLsW z2Sn2ec~vUimz0OZX)$^#|g`uD= z17~GYBhsAt{?6hed&4W`iL-IT!au#Aum%c`iM(&Ra4H)mJqlAP8J!~;u05sf)gn zX1*bz-PZ<~Lg3LVP!*a*Z%n0qkphkUv`e$c^-cX~i(3z*MR%I2RCXoog9w@8)S5{EKP|(Dgcva3y&1QG;~;k3nVUDnobWH6@w~ z18~htnef=NT~;qI z7&)zK>Z~O+b23or$0r_<9qFwn6NkaD=dVA$c$RIe_4L)+$<)O@<8Bo%hNO504r+hi z+2t_9-leV#NT^aroT3#odMIjkUe@kR^{gJ~4c(Yx-J7Tw`x zo)*NC{iEJu?Z-p53q z+O?n1PfFb=Y*f9dvisNGp$lVq<_%*nd)mWEeI+z&Wlrq1nEI`jbI+=oc+XOOb*Jcj zg23V^vEPKpmoO0+bl%sYDSR*G2Wv`N051wK6G2+rC!b~8se2!~*WC5sLn~Q-vy$ek zk$kmG$GpsW6>GEntFSCXFg&B~qac3cA5Q-6rk*qMyKbnLNCo zEHgtTinj8?xNZsVH1)?WdyQe$WQW?G^w*>IgNfIyW%pA}D;!8$T~%bAC1wCPS$onC zY~YlY^PlncVlR|y_>>l=@_m@MPhVljMZ>-~eEMqm{H4AoN}UlTTG#3fw1D1RtU6ao z@j|Jn#7+Vm!UIM=DdlET8S&FFaiOa-1o`eY?~fqO!&b5U?AexjdGZ)KN*62wFy5QD z89446zkxk~+3Bg~FNF2v;Jyb`cLij{{j3$sElNI1yrx;Uof$PKOrOXyqxDrl+mm#K zipn(eAJgf2jzoqyqCzAliiiBNkXceg$u}xc((U{l{ys`JzPN5lcElj~*xRP!)DMzJ zkL{hAvv|fMB2wA@p*`1+?Z`KVyYn*=Dwk)(Vkqr#_~vDr=t2|h)X@fGR{TIyp0sFQ z3fXXtpYElN^)`M;lyA|D9h*}gc@LoPJK3zlk*S$&hr!mw-a83w`zl^mCNnsA#)mUd zc9|E4pu;83b5~eq02>`AvzkGaq8WmIy_{0U&Ww@v(&NTncHjVY&t}EV1_zISy_aiE z8cXC!a8p-jS@JpwARBD|xJte>gCn`1i-oh@2DA3eTG*baph0Esn^Plq^RKHx+|tBt z_KHe?b$0enmvaIy0Jv1jfg^bl2Mv2sacmqhJe6lt+S~oG;;SWaZw806%KZI8#3pCE z54{x$ZxG79nu`0CvS6Vx?d0nbcX|#ke#vb4sPKXA@N4qz)(RB!zUkexQo%F|PMDlL zH0qL`>Jx&dRlL+s>gc_*HE%MLP;r+_L}W)Ey*nbNRor-hyUz8$(tF&(WslGH_B;`~% zP1neXcd(k2TsAt?s;#2;&b+e9Q6j*20q5k=kgxqfCG9*Msj@Sx3iuVp>NIQ(k_dn^=h_={BJBGp91+z?^MqjTikM~B2WM|Dy#%bP=Ol~o{-nC zAoPn%*$ruZN63JSuVGd}>y5;XhRNdCg3FMsxb5})VvaBUn0#bSwT36@!x#H>EIYk9 z;7tG*f#x^oP-zbZz^myYwj9D>8|#!$sC-S{i5Z35g5i}w+mMRjAN(=MigpL%zxt$8 zL#xg5ST{OZlTrioxFJ=0!V4(|ZA-tbv6K!?!T;>+Z#K-!>L&BD(C1^}^N;7^z+yb- zA&Dtz>+|p-5m$w{k3n$9>L{ICL#%e%Dd=LZhS_bJoT8$~G{9#rF+5ip81zIb{pr$G zX5r4AZGghxv5f!-3KiAVQywp6bni_3G5kNwUG%RIfob=R#l`1rLnGTcsKYPG9+{dm z$H*|HCn~D1Y~fq3w~juf*mJnJMq&qPsgHCgrj(~6@>fOvF%c;b__=+^$fn<=c3oR!B#x(A46%9` zv0iXEM!$aF56;NGy*uk>c@G0htN-X{MEy^{z?N6N15Wypl(zAmhM7+32NJ2gXOl!mIPr(NRLxqzVdAVcX8Sk7E4UU=gH*On2^uUUD|c4GZ(F9qcjGN zuD)$!V>Q^B{g(nsI4^AKIP~%+6qt8aq;ajHXY!^^+y_nd{@7Yl#6vb@x#|zhP;T^! zx)F@Z@JR6X@?6pJnmi<6@3;kh6tFHq9UG$DqeXz?rK0+qPF|JMIXmxuwOoCH7#Bzd z{N!UG4AXgEKCiY;zvh@ZGDC82=jB5`ON;ubKU84N-ivbVHWw{5PK&lZ4*Yz(nq3O^ zDhIb`E(HpjUzDU!|55L=g>Zi3iq11PSIxr4G9OM%OmOq^B60S92$_>?De8_~9K4IC zFNgm2wO8HIb4AoW&{!ukEm0`a*nx+t0+B?DW8h zA*%Xx70dDmac)hg>JxdZ zo_-XVp-39jW{>$d`M7Ro)O@kHpbqKZ(ni3gbG%gpp%f`_iqbdnJ!Ox`4G#9^#HgN% zT(Yj^KAt>P06k12Ph-X?(5WSN#~)?A8Bvg7z!Wt!W)xo77k!B**VEirE!`N^KVTTY zq4c9hEjfB}i4UKmCO084M9Z`t*rWCg5|wA@!+b}UA|t-iQg%A(QkTVEWG(J$)SQD> zsSyojA!nplc5E|M+;S^QR5cI%Mq^w)0@~oWL}GTZ*TjAIev>xg>j^&5J|}Y69h3ea zBFdqhYuD!_z@BPPZa~^yiNDABFPIO@1MJSW$RgP~cA9&2iT-q_q+erOGc>yydk)!XkrXYFBJXM1lB(N-~h_6+jf`{kVZvs0!JiG;+( z#RY!&pe7?DCL2a+?r7Gv!^^{?sIIQQwdH!}9g0F>D%{%kLe-P*z)|8?UqTFf-xKTG z8<*RT_lX*XB>z12el0gURnZf&h|l*i;vZDKx7q{lFgtV1&}X^s9d@O@6x>BUhnRq%WavDfdW8(G5kW+}CXDy+&XOL~6 z(LF^r9_p4+p^YRTa+nVgqX9IWGFQKrzv9n5w?|#lp$Yr3y8UtCx4a4ax12nC8(#k| zpzBUMK~pBt#J`CtuZTOcdVi=vP2`PTdJ>esrth}^SFF_3sw-1tfSgiLk1WmSj_R=j zQwI4xx1_>42EGvLyR&&eJ(r=4&99*QSm#`r)`&_F^FgPQCLav^1PUd5KW33n8Kroe zWsLb`-ubAP{KpcWBD~txq28`CD+fvNse1BQ47=S3|GcJyS)C05o-ycZr^KpmWR!4F z71XJY7aJ-Lfb!LZ6EB<38wUjjUbUx8<@oxh@S*p%Nv&*2L}YN!<&U8(xEb{h5z5b8^H~xmLloaFecZ4?!UzhD(=H0|Ng3 zttt}H!IPz>rB@gjo~f#~Iav~3zqi+fSd^!wYa**&5@?L+TI;%=&O47#-aS=qk{nX? zNR3~Fl$*Wo<}{RjbGX=w z^(jyO!{VK>EGxQ zeSD)6Fy)jeBr_%71lGtlBt?Ew_w#3Va_a~&B%8p*e7va=@831RY)32B-Hw+ic9Q{5 zeB@RU3iJ(QHpmD(@G#fXhQgjz$QsDbB?!hS=cKR1+Ppt-mb1)B%Ts_9Nzphv-v>rG zHgN`aPXIW`})Pj}k`A9Wn1;_TTvZxsu`7{5OtB{pX@hAP{{ig49fKd)!7yBYwk??r~o5A1f&lfX2th zS}9XV@$GDUe0*d|iUV4HU|;~hy4p~3jqgHvMFqEzkS357r11RtSLpGByZ@G<*J1BS z(v_M5j0r=I0{S)VwZP}l(CZ|Zyh3o+3?rG@x@ahTOn->P&zn$$0vxa7jR6ctMWxM5 z5fA@~l}13ti*a8w4TsD}H}>!T+vYOg)EB5H-2WrEDDC~C4Pe~{WIX`#L zEfKHt9TYS11O8D^Zj_gsTfdUB=-(I5&HpuxQOpPN@eway7CAlc<%q7qVnRYf^ah%n zpF+=38mjaT4rUx2czdbDCnswo5J%i?j-ox+KXU%>C~Md--l_Bokg@-a4KS-4fW!R9 zUsF~Tu=~#?1`zYl|EZ`#WdVTT&*hg+30M8O{!g0uL4=1)iY*b&#xtaY=VpbWBg6RT zF{+1$fYSw2;Z5%c!h%V;;4J@TS#s|~R?i{B;{R+HVPqsI<9$v3XTqioEw7?-1iO<< zcIUK%G1W-RxeT3k8)Vg7{$#SUZ~>wP$?X`* zetcx82pFNm$BJtBWJEG_aQavHf1zJlMEl2!&Z10=RUbLGa7nD~CvU66TzneU`uiSh9^tf+zi%m2Ey^@EWgV;=BnyF_leKXGNnJ}NqT z%q4Y7Q%*U%A7-avqMWkfem5`GUgPYE1`)kEzq~y95Vs;E1)I~ZSCl^w6ulADtBHswng!S&ZVTP@&E3y`9T1vv^z-K z9sdDzJwjU4h=sA^-^w>;YvaFji}pDHTK*KpjwMa({C3?9@_;Q?$J&IUjOX~rG_o}H zFu3;r8^0d&_HQ;fjmv6lEilLlD7Dkf!LTCxegpIX<-=QhI`s-3&Gg+QfNgi$ye9bKh7>8sD1KmKqOiYT!>gwX;IW~p z@Ru9;T1j&iP@FfRX*+MNG3=hW_*l`|ooS_KGoOrN9e0X!I8lFn>zuf5nNoto496lf?j;fwp#v_T@~ z9cZQ`=T~~`4L|-7t8eZiF72Rvbp*{{pQew@#9xor4UA?0nL-uuD>7z&<9m+fOR>iQq&OJovquhuh*G%fQZG=q)%_W z#oPpFJ8=v>G5)H^djhuyCk7e&_obG_Zy0M;uN%!eGc{Bd+RP-!gm`qlj4m#4sDSB_ z1oLhA%K&;M)+JXp-`mgH3)xl+dr7}>h4r&F|M_G;gofGekib9{A>;ST?skqLw8@aC z&8ImsnFL(U1cwN->*nOT_wu4)M?yKKp-q9D(afI3inrshQkno3y+bDg{xqIU7s>cA{vb7 zB~PTFt&Ze597YS?_^<=nrELf4PEDUxx$A79&oSt+3S}19DQPFchhkr{*rn3DVc5*b z?^8!ku#7^ZLVn5OwEY!2>-|hRa7I8#Bb_XD0`m}g?^2ZS(oLR+^tMKF#=u!>o)GW7 zft&IQ@2bh97?a_hmh)qz0h6!uK!H-%Q5>QZl{IXqPM$6WCFRHM!$S64RDD#-S}iL# zvVA-BEhY*$EJnHc#?i@f1{P7v=Gwa*;z6sJgYh!$Dab~6SP$fHJ+f#+>Q3Tyo<(-s z!*(tZGg{SK#eHE6vFFuMnJe>9bh38Vvn<(?uq#aH+At)72+MDEMiQ1Ac0-DxGs)nN z(UQ%M>iLabqR9QEl!R+8vT9Wx*!xdy9}tSV&`L@Rg`5rfysa>Ujp!+AX?il*#$&oB z&tq07@ciSK7Ugxy%f+>}b6-}4;K7uuE;#hRm&&hzZ>Q3YwWLo>K8x?Kq# zYP>`JtZn{pu$0h|+9ZY;F-xlnnzNz#m?lRO z6pm6paeyV58(61Db_^7HcKnQ5e~j1FD7mP0lQ(v{xTrMLNT^$Vb7j59^K})52pW| z?71RkRFv}xkH35e;%s1ys}+zjJX zIh3*7KVdmtR#UyR(g<(yLijk#_PaPqYG)}=ICRlCusk1JF>+wXibSrONpa?fjhGVG znG2+h{fBT{BYxYx_!*F{PwnZ>HWvmdAi^Q~)9o9L{Jq@%6}-*mV`S;;_o8OA^^Q?D z)JlF)|AY?5G30An_XS7^)yoGTdkvgDaXQv(G92ryj_;xok z&#oayu}G=KSh7y7C&XlQ{IC>-D6mU4jGcBLCoyLIJ*erT%PDdt=Ydl4(VV^4OB_Lb zSSWKe<3c9W`6SXfqmn4$X{TS-%i!fOr!i7Cx6@Q@53(V1B%WTY;-L!Ld+<@Nk6Rw0 zHis4we=Z_vdlZCfsObLLN@Lxj?Al6Ftbe!J3-=w^KMct%)-9b}*SES4WB)E-A;b&Y zZvxp1@p`d;n2>o{g<&r$NwBWke{@iB7`txZ?Okig#|Q>r@_kvVpcO|VZ9I2LIEa&v z7|9M0i@978nO}Y1z}MuP?r=uvuL}?z289VS-sE1`4{6voL)p@@iI)2`N%c?c%02-5wfYT*Ee3q7%}9pblPcqfR_2jfdACF%nNdv4uqm&}*%$+Xl{L@RglH7m zmj)heH*Re^(;`44{%U{!YQ2LuvtfBi59TmG=4~5^ABIWt7&j^<2T8R7T{%jw!~?Bb zwI8ni^fKQMnR=)cR`*T8BOBd5J^8%ZGPP{n$8ox3x`RZY{kDID^jeoUG8#qK3{5Ss z^{Ir%4H)~cgLnN*5S45&<<3!G zPBt>5MH*HMmj=ypiM`UkX()x-U%X0w**Wlojzg>y^(y9QCZyspt@6jC4)eI7_t z2gN*G2A#pplvu~@e_iluXKM3r!Kf}>)$bgoo<(xjW= zE5%;iulW-DZ`9&x)$)FEMLr5)nwps7)MkeWm2#|cqAIwr<>agI)8VM!PBg_KeH=iM z#Mi4tD+FL&W3nbTi6>E$Ka2XNj;gMk+ShjuSTMXP1}!Zr zo=0@t4!`#ALfb{e9riV&ZFMRe5YhHt1t-I56j76&Z4)h+6kN_s(IS4kev`6^CU;hx zewHxmo>fGcT}&x_m$^SxaIM>wxT-Z>9t9&p9~D$=U`fmuiwi6B5hy;a2xlu;MS?A% z2uuAE73D^>{AS%|Hqd{}82^PUO%b+!j(z_bS&0jZce}N>xiFTCRzpwvu zkR)C)%Im0$?{+}_*2kLV{_A0F=|J?rihML0m)7+^T`WF9_5CwbLrYs* z=bZCDl{co#%wps~{6u*C_3cgx?iL!?+?p~KYHV!=4a@n+pUyJbW(tu$B(FVLyW*Y( zCoN8KYS)zo0c7@M#?s2kJrYz|97cLGT`>z?TKf#&*g8eib@vBi?-}_^k8QSE6}D_| zod+Zi*#7dFr{aB=*P-PoNIPh<&n%mI(5X}#9GA&m@dnlaH`yDG*xTyK43qF_wpz8y zAG0WhM6*C?s4smke+CnI>>MbuWYR zUk5IGt>c+FM4cYdI zWF~spq)tp1=n_0nA7{M$?T7UD2=Sny`dY!O0(aI2;)AO}s{RuvTDHS-J#;erjnoxB zivG2@BxbHPk>#To)U!iW?2AGzVqeCT&t07`Sk#!zd`uj4>%fI-zJV&S8go_MFzBOa z^E|2E@gvDWj=4eDR`^rSwbfHdkKop#QEbNgBfgfH<-R(I26W~_RlJ>(PjPj$WYMVc zqdv$sJ{+&bYwOl^cVc^uoJSJQ!8l0vM9{}h1XZ|geQCJ&lfxD^**k_E?NUlt zYfb3v*wmHVV%=6f%o>v)OdsG@#eI92&ur0 zvQww(ZW-S;K1o%;`M)modr0M%zWaX2BM&Q1&?&kAS?1O0iTdI8Hm>OwIF<1{+c0BC z+Oqfn5r2Z}+tB}jadW;qNyT{!=-gEKf2w5zAaSNY2`u+j;DWWhzvTwy-~aEmlE;yS zQTu?PtgO3pI2^{Me`~9JZ-4*eFG|ZBU4TXNAE2ZD zxIOB?w*h<{uR235BqS6V99)hox&crc;M6r|w*y&KG=sC7D*DllFRx#pAe=fD&;jok z7OXO}v!PAzcyMPDoG?pE1+ucTAAS#^1PtNqTnb>F1+$#;K=Z;3+~8m&NGXCzGJ*dL zWg4b#hV|Z~3a;@_ZnZQw|Cn2;jJOhzf9sOa*cENapa5A8vuIVfWwPE<$J;7n{LruxS%@{ z@OuH&oA3ufyxF0~p7S3q6q7$A8j;L1i_gHd1Ti83#I9<>zUKGXV?Y_^Ab=AtE!oys z(Eh8zJCqT}>qma3Oq8*{E4_M^!63$O(dy9bNcrKS@%)Uakg?D|kp2{F?2}_8mg@U} zch^6tzaPwTS5W6IWmbNUAoj9~Cbll30qPbVT(FU)Suw2U#Ht0l4K}Kj%t? zqKhP3SpUGl^1}p#8j_#2H#}M;$$?3&{3xJ)*CvLq0<_SjmL{TFpB3Z%mRouJMo9AT zc27&*EzZ_z!t5??>pP^gq9?hJ<@3XiYm%9$a&;#=^kPWo+m2FP8EyrxEX0V_b)JOj zZwIOmvBDw6tP)=sd$ysy^y!167RdYihc2yH{X=&?5$`=GpZsA<$$2Mo=cZ*i27;)NA?2u9y&mtr zNL}m!F^tU_Jctlq2yBOjQK`IJj!8K;X01)Pz z7f1-Mf@UuoFpvWdrlm1frggLCPG7SVXq%e)5)l!xR8<9q!|Sl97Dpkw$q^Is&V*T* z>FvYYhZH6nuHL@Ge*4rSv7<7VhAcnCvxUpXM`ymi&ovUIjhu`UEe1l?7z$d1fY?fsdyf&IJx2 z8$D*~T{9ks;8+G(489ne?DsF1uSy*08kkAM6f`{SvjbCW)){HE_)fT1DKg5w6HZdk zdQBM;l~ri%5%XZmNFr% zEak`t8g_CC!Zj}*X|m*(n-QjQyz0qWWn+$;C#$pjJtn4uZ;0{e(Hlw4*>~Sqpafm* zdzX5-e2!WM@LCZXe@)n|FhLA=RiYA{25)sL!+Sz`IZ5}_^tZ!`*y(7J>$r#aKGq{T zf>jUjxr-VKdZFV<)I{>3AtVFcBGrs&Mo>6Lf7^H(wVQ$K=g@`RCTqMHp1y)qHR7Zr zv{4fnTsGZ}hWNLPp5}jfp!gOwUZ5ewR`;&?dje9Zv+#`siK_`0ZnECt>gDSDBgeqm zqydgD&t0RveWS(!^%9*tl4IEM)4hx|QDGFv$YRJWN)aSFcodHfG7x)sp zLEifjdfyDAG=J!BO_-otn1QXT?Y*-yAGf{V;E-}|3_DnruE>sP^;*Ui-5Ry&icqUJ zIECx^@xcJ+fpP25De{q+CJq~Y3aR$Y;Pm(bDTr;LXi74y(xhBta&eVf$Dm(jLolW06=Wj5pqid6 z>vumSQ93JIIQ>@{r`tN7&RQutFNDNCK0grdqC?#ROq~iV1j{0=@~a2G)AHIV zu$jym@w;?>yd3dfF#3{|5qjfg80^D)?7V_^MAeYeJSe}%r09E#Kv3V+^+|@`yv6L| zzs@3$eh^V@mm-LkEN)9ll4x?dVaortW!_!~AIHAvg_g?B#(r{-ZpJ7U)paFBXTBB< z&3W-c$=@3Fa3&+eD9_|Ywo+$g? znl`qPZN3t1=hSl&sy5!xBDcB@&t` ze(?R1yOi#s)X@!!$S!aYI^?3c_IUI0@<0>j^A(m&l0D*2DCeIPp<#-SWT2y$zNS8RQiB24TTTe^mmXmkzftVDp=cHH2)^}rOeP^6N znf970T>(8(zPe?Y!1OB_#55a_)I?QC_CG0dQ2tM(#GEHWd}BY;Ezq7^vhYCMQBjC#?k$AH&#o z70JZ#zb2}A^@?6U+1rSLB6s~oN1gP)7SwqFsbkYKGjq;W|KP2^%(atU+FYx>49_ya z7K#!!8SMVf^5<=XVCt;2u1>~=vZWv`ZIj4(4OUkz2H};)nRFAyUMp2{`+?ILKU{%Y zGC8`5TOiu{rrb9A!n_fwD3KxPqdM^|j}Y0ABNb_1H3v4h0(Gclaq;1trcKh<5sFRj z=LU^iPq2m?GOC&|G!YH^O&g3tyVP?VT0bBy1|iZp2Z^sjl6;KO>|ziWDk zI@Z3|ZA*(Y==`BG%d#PE$%4ZV*9K33n4R>COR%DJwO=^v-JhNmvbYcX@nOjpDv6~W zL375ypOKRo)1a3=P~5}53!Dx@Z2`7fjVljK-oyzfmMgQ5m-L-Uv;_TxtGg&FsVk_K z9hVFa_!aj+dprhRr$2>mY2%aMJiq;gWTMyNph}ZYlp6vG+zZQ=wS*5K({mu%EQBF_ z*D?_f^tHz>5!}+XCKhZIBaUhqY2N0Lb+0AsXUi#Bqgo@af^+urBa86^c_Xw8EvJPY z(;)OEPJtntR+6U8FKbBFUe*yE?n?u_=IMCWBz1?na_AB3Sc91svCbkgCS%!abwG}^ zg>PP@x8cR4CRS1FZmzRYk|P}1u`feMA&Kc%MnDtvOq51JG9zLC8m$Gv25lJW{6idt}$(qa4*itxe%<2k=p zF|Vcu>?Ns~&%5ygRqNVN>fe9?v%}zHHDoK4@q^A--g=pH}L` z0%cFghqCCj(TNZ4Eo&2gS|RO*sn;tmFQdTNtjLWk&oUitsb%b|))U$p3TKrEs$D(0 zq)rSKmYd}DM<=8eum#qicW5v3Oqr%Vc+RpiRvb{l#TPP3sJW5_+Ko))_T@4iNu%etGhy9kexs#Ihe7OQ~@VGSf} z?S7|Xu-%;XSyHbN&aSC3$jru-(T{z#9wzuD#U)c6V9_P>v>@`7UWE_jH{!R7h ztCC@2Z>A`p9;&25pu4AwyO3LX#bbN?oV!e;WHPUSv_!*!!i&X03oK%`@RBk~nH#Da zZ79%qWQWvPZp&!1vT&A_e=DzWUrFm_-#Bl*X{sWV-xrTCfZ!6jeHGSKo0qSoFy~#f z*9v)0yWl$R>*KET&S+aDk!AIFf{@!~iWf~$R@fR`JvJ|S*eL`c2kLN}ms0uxo$Pw< zZ!FQzXR>#9F5e(Y_FDnX;+T6|;n)>ualogWz~=sj-vqu3b2+Jv-&*8Bet|(*WR-+w zyLo#&K1D-GJGky{QJeIy5nV!T)V<^s6~oxdh`)`5LmZ8wPMrQ~+w71Z^iMh4>V%2U zdcey5!BukiYSN%|?Zyir)z**r;(tD#qWf{!#p4QZUDhXVPqfp@jzWC%v(w^cg&nq3 zE+lszcDl&-KKrQV!W_eh`b4G79Zz7z3l@K*GS&MqsSSM82FQG(EZC%KlXI`*_5N1O zQL1dpPD|lfHF(Gv$Y;7JPD!cLWs0%n=f7ZpLDZUXnRB^(>@g5xNV;lQ{5Hzec;8j( z1m2pcJC~D@Q-%Gq36=>-aN`|1l+UN7`hMb1rBtgv$ddzMk;&~%v{`#Du*)#^6O*Ab zA{*68XC<6%m{81o3OLoq&(Z0y>uded(B|Gm!$hIwA#!x@$++Cn{vT zxN7<(XyISq&QZdb+P4=+r`&k%!h#}dq6 zzozAmhSNG@_z9^gJn93BFUV^qJp|aH1*#6HBfQ~CL6I&RT5Q-J?j>URR%IfDW}+{6 z(TF|U4yzg3hZl=rk?M!?4c<*s%5fDZ3F2M z+`6L~*(P8l4YR6?b#F|eEjl1+>q5>w7hUCLe~nsoc76^|jJx6CL=j-#oC%3ifrp|}gr>_b?YcOq=Vsgg z(%`5`$7o@AG9CDIoJuK)m;TvlhZ5zv`y4~FRwrOMMAP`^w5hWiETOL}z<+3Eb_j?ff-=Xu^8eefc+} z+Ml;ogXBD6bL|X_2fsq!&5P)pnew!^n*tkC;51{($K-JjIsAa>k^fFt^cxF|aQ5V2KfPR=vZ@rp( zYm(!?@%ElkO*L)6ZtNXwh=7P40RfR-0$7pWi&PQm(h0pODvwm9MY>2$Lhl4ZPz00~ zdJ9Er2oQQ`A>>T(dFy%4TIV}I&i>(&1$*zAJu~;*^_u^cQEI?rOiWf*6TxwU+uVN zr4~C{)^d!1SyFIevwL~aR5&yoF)^NQXpgN<4wwwqbX)j5J3Bb37}iBk7@zlk+R>!K zUKqROlGa^3vzs|NBv#6haa$6&{6|Hf=itA*mqkXBurkblY6D|!$H(6eCco+`9F@ov zrHv~;e)U)Tx=eqb0c|69aAoO2y+z}o?S4J33>gy;#V=J3GqLNg^cS=2+doIg44ekF zFacA`s<>Ghsinx>g<4;?Rwk3(;V3jkGojQ@^*z1ir+q-NDv8_F!vIn%88@4ve-Yg) zGga;dpBjoy+f-g&XN7!!j5`69*ywRVZuT6X8i}#(+i%N3Pb&Q$+ta*?OtmA#=w{6s zlD_f7$vn=DZ&z4oSedf(rF2Pq+28k-j{pVN8p(16{V?Rcvck$)}YQZ z2sWf6%Pw3!CAjDyh3#M&iyc-hte_B z2XXe4AiUPfyR$bh+~dCV``~mz7ZX-JH8O>-BaY_vq}9Zs3=Wy2S8mJdSxX6L7bW$n zc-iwQYWSDyMj2!2od?$l5B7|1f~bpF%b-kdPY2CWYvhEn9re48?-GimyEkPRnVu`Z zJ_t#?HI;duM8#u*l|s8yfoY}aU|0l)*s}Gl8D2H)0((^wSX!ghAI;k= z@b;=jOmpnO1~x^#pTYSP-c=Tfmo`}p&kwnRBjjNhViN?{z3Lnon!D!JN1&e0^_4k| zLcBx%$wpUHal;UQX1)H5$WLNs2@d*>fPzCjTU}|a_G+@ezI1MP_eam)u3=x z56ZzwJ+5@{{L&#INhoR{?wJw8#oW)wGzE{@+zkp(tbSP{DwGjjbiQ(82x!lyW7ENI zznIL2T8KNmy*J%+C{4U06)YQqS)Z0axs?ClDX)E5J6IN)1fWsD>RQgxUp3Rkv<^M*v)hQ~!44Dc+UkIlr&IjFa>i}!9rdiho*xhR1H zz3y#9In}u$T9F2~#(YKq$N*1Z>8dc~13`-O0LoTdMOhe4){H-s?K>lAFdtt&XU)=w z-PvNH{xT~c5C(JT8`FGpa-6zPKq%CdT(m|c&D zu5^6={-Zzi{r0UGla&Q%YqMJ>qR_3K9+f)kvT#!S<$u&GdidW0B!(Yw6{`wAy$zp@ z%XT~MPrQ#oekc8~Xhd$yX!A@=pJd;559+2GmSYY&iU3bdKta2nWI90JO^N5vPrD`w z_5xek@x53KX&{Xx&u6Y1%~fZodjMjux7wEgo5m)q|5Al#kN5Fx@^C_i0uu2qu6^zc zk>z-ls2}B27+57ab_-`c0?sXit>*NFwj|afFGs#3^xUg}GvNbOsQTtX*S@M{(H%*@$&N&wLSo=VHu3 z$mx?G-hJSvY~9PSSL}I&dmFwxt)8@5cW%}LT{nB|xELMTQj26`OYQ|j>0ExJUwAPu zXKvTEr@9z7LQd=`1>^)RlF3ZXJQ?pkVes$3|m7nQPK`*X+c3x~M%_DnuEbDIBeFE0c7*BJoA|G)F)=zMASXX9*U1w{=NDh8?Oe8}) z1F_+lZ@fFyEJ2;ICRewo5yz~(?dU~2hG{!gf@}3cqW+VNPt*GBh+J(uS~LhnxmNqh zUMCT{zY*&p-`~bn`{YBRg3e~SvK~w0>3eG@c}O0i5a!O+z?3!4IFi{)x77P!V;LtT zmWT%w5KlXJX;T;K?Lvz|rQi2=k|Vi8k}le0Z*4T?LzVW@^Vbc74QmaH)v58L`Re#6 zJJ!XE<$Z^B801xtu!3Df5ajpLcKY4Pb%K zCn0&?@T8s(G!KBpN<$O8H>@Ux*#OEnz!7eol(%BS*GHl`S2g(+DisSBBWW^ZFRHGw zZWmU_Iy)RYYHI!n)TiJ3y>fi%KPoB~pi7K1n+VgX7z-Y+7l!A$jL8hQ5NHVlU6l*# zh^ZbG^Tk#*#k%wtzJ7LtaoO+D0m1izdb*`=v)p%gtBy7_%#MC+$rACe>a0|^c~0hT zHNor@N*ZIoaPvmP31%&SpV|tC82a~L+7hra4SKb-OI|LCM)}lr8^%xe}Ps{Um5Ia`9cLrAw zyz8vrV8qRvtsa&og#7h>VLitGEU^nlx=&m0l)}l*R8NdkwW_Cf$hqW9D|13PA}>$5 zru#f7q%CaP9eR{8X>nT`rIcZ9HoN+S>%D0VB&VnWD8JZ7x<*A(Dqmm(@~9V-kS?ed zzi@-*jBZcKt*H(ERqeWQ5Mtyt5y{{?_7Utyr5nxO@*ewZSw2Ef~hYSfIGIvnU(c24v0bYbU&Ljp3J3+-$L7Qj1 zRIpO8)>OVW0GL4__d$iO^^ULCI?-%aD{-j7f283F`Rv^Tj@d4y4|O_MsJHV~$_ME- zo$5a2LpRC|SXnNA8eKeh^-=)2*la2#U^Q04ib$mY!@)z_5Q*3kY46^xqpVizzDg~#m8r|S{Lzs&a3hEMKcV}|QO`kq_T!Xjk| z_f-4BV`NuOWdF`FrauX}Bmc^=eZu6J@h{UDKJNOj(&xbl{NSL?Fyu=2EY>i;Glf_C zrN*EAjP(YNY=0432D=EQN#p-O!3n_k~T#Si@YPHAaaiBAce$5RdOG4HI?P- zk8hm1ND|7v`VslE3T3IT{t0#4Ye{^PeDVw~In^92xPM5D zeDWrDvOq9I?60`QJ17Pfew?R;H^JrzNnEUzs7oOmFkV*c+Y$gbgV?l@nOM2V;vn*1 z+W9E$Y*LRlx1t+QYPv!d3RNm8s?T-vor3%b($}Cx$)d!$iCf!_kLNC&Ws1A_QhsQY z!c=<9T$KAX3)x%i(u7W1UKK2*V|uvicy1#oaK0-jl9uUj-&r;~Xt6gy7XS`s#iV!b z$7cyvO8OAD@9t_(Qvvfn0Nppj3HHn5T)n&`^qL3GD2G#o9i2MC#C(40Dp=(Vd#il8 zQF5NX%G*I@|D%PIKxAUq&BGB3r4nQ(s49fPZ2jk*D)Hgu6XDr2r<(ZXwSb@8=m4j+ z1TmjE)bF^_jMkHOCu;Av zj45`xykLT#-r?s*l@qwUyd{)fh6{!kjslY;L0EW97kC1#ehJeWY&}0WGO;SLLXU59!OZ@O_izz z>dp|yBWWti+-rr0kaG__^)UUZKQ8sU5jYl02tXXu^`ETe4dOcoe*@J^wmQvfXz49M zM#tE@5IKRU$f=%h?1OH`18qV)h~tEcZo$+Oxn_gQ-|pD@H7oyW`uU;f7u-A769Tyu zagm``Vr81KTyPmH{9ntnNrR z|9Qdf7}e3#Dx{&rZcDSxRg1&FPm>(NxZM@2znVRC@6D$#oU8Up&%L<6nBg{N!Xudb zg2D0+LgQKDgXs$SmvA-$(xh(T;G_AP@gb1Wd8 z5I?1<+IpY8dZzEGOKx~~FS5*E0Rw{pSl5?N>n^jOi*yeKFugE#D9(`(0`3?*8miq2 zt3ylK>Rx$;*-R1{rd0B-4{4}(u&vcH2d@DTa2fD(I2IivGi=S@gXHiMI3)AKHePA@ z+^^niw*-Cdjymjk6P7<_q6dW{<8sf#RsX>}IWnn^?(}8uZkJB|WE^o(`&g~Qy`Uss zJj-Bma%Pc@m-qWB-4tRkuRDQTWOv)hNP0!E-iug80=85?u#Lr{{U4l?@qFM4;w?p`8QM+RqZMFwn{+;)< zrRfw}q`@gPlk`!NOPj0aepnRwV8H|Zws0#K&!VAEXWW!$qIF%2aE==)7%65-iEs-^ z93+`Tf}Aa_Mxo`1@55==kND;I`^_dknSTuV{qm$Oee*pACbJWP_{n6~liHTgT0XjC zO#&n;g58Ja8`>krxx+Ex^EgS_2<10FvmLUrakaRn(?^YR(yv4o4=Ma9S0c5A#SS3=$6LGULNTAJ zz&a9g+9oVZ$HK}$Q{6lm9p5M<*!m7y*AX&mZ31>^&y*rBZ;?S@Qj4i41~(zKFgNAx zAKR`bc}F)M%Z6OanUgaL#$U`@n~nLf44M!dn4WcD%l91X2CJyK)o7r1^uvOawfl1B zJoD64Rig$_-SbAlOPw7v9o=tD%q8J8ECLDT%fJ{+>WXW) zd_DF6gb+Uyr?#Pr*4}o>a0562S&u((i8fVrC8gkC9&YW}Ck^LhHwC>tV;7!k{y5Iy z{c@dKn1gw23bVeFDCeL`Pgc&@Y&nm>szR9?h3ebOAeTbtJoW>_=3-n%Y& zA_g9lTaGzN}gaNj|fwOL|GdLere<%vHc9Tv!kq+Zg5Lk9{_GE=sWGbIrKXPTL z)d=STIP(b#QQf1Yo^*KL`LXdQ^ku%5A4~LJTR#X9`$R{3iD$H>o{(5+nVX#=9D^J| zuQl9Mj!@!RtdZK=N2}>8!95s>Dq>1|6r;^_yWYI-fb8e^Q-(Ut1EzMv$u@mCi7T_N zVA*|WhG)QQ@Oj=c-V^e;oEFegEJtZPmUns~dj>K#Z%FzW<70Sg`Xf55G;sZrP8WqVB_2W7BmfwFE^ju# zCZea=#22-4apXckonGJa&bhn^uF0#dna{~9 zhOg{D<6YK4^^9p-Qg*AneWg)Huv68%0_3QF)~;aPAPA2V=n$s#gdhK9lk@q6{>z?T zY)p{jC&pw+lG$hgP+&2|zI`7a<3UA?<`vi$M7AYe>MS;K=%8)%Rn5o$-lD2vzRGM; zpbD+yv%SD(u=)GM8ct#;+dnvxP4>29Z8aq{fI;2`p^hNJb< zKe$Cidhg%qVj*N5g5@K3{6^*rJ zy~<=>XRPiWw?}p@u;T#{&0;4uCI--=Zi5W(cOaNcp81t8#LXqFzv1f_VpP1cjlQ*3 zj`i2@-_6C7SaZ_(X$$hhR75NAUDpBjL;L||*mkKObv(tMzIu;_|K@}qah(i;X$(B6 zuR5n~7@Kv_yTe8>Dw%ngaOiR7qo%3j_WW9-1*)39n!&%q)k~HW?)LX8P%OTSoR>$% zyc$*TdeVR5P1-UY^3o(T!@;7=ebkqluXf`gwDeoyMDPOZiitrIogSHlDX!?#Qx5MCUp(3GJ==3wAC! zQZ+F7r1qjvcnY)JdB>aF-`GEnI#?)Xyj7ZTkD=FdV!c?mZ@?!RpR(MHLH<9mL7zH$QuE)h8r z^u#%H$u3x)+t1`Wh0hl^=DNqEhu1$zRoxP5LUv7t4}K|bJWRL1zkj5QY(I4zyNwQ= zE++u5tA1}aHT9>^@i7;s2mmCDga_|ko8uE07_2EboMn%}m8vtD55&)k0HRfvqEAcgF@blGD?0Mg{a0C%Ev6le*Sz#hnWO0C4wkT!o6)+Lr2TaSgYKLE zg^yWo(oEX^Ew{qNQtB)tC~Zz&m$Jm|gPc~`X>dq8R=Mgv`{z-K#t~4FKVN z+5ZEprHUxeQ)!$#BJ|?UB2cam2V5!6Be2{8s&(=E3aGFZ?rOBL-Z$gqRp1LMS^Oqt zt7im;BAE6jdAHADHYLT!SXG+xHQ6s!$JbC7_;EomUDoip={q|LCwlvjzNGi; z*3f|0?^L{23`_3JjFw$qKhiZ1wKsV8|HbjT!y>`;zc~Xq-f;%(Ju|Zy!Ib` z?Kn@2i#(G%qX!3Kb)NO@_Y5VzJAm^rRCTcdn&ej&(=bd0R9qJz0s}d-qMl`z-o)s}qNnQ}vlLA@}pNu4L#C z^NemP++qMW6*yWAlpWooE2tbjoDTV&>u}ZoLBE|O!906X6FrarXPsu+Q)P~lz!FfKL)v8r-dvS6+oBT zUQ7%(HAU!JMm6SrqbzSnc$b*@myMsjPKsYz`I#R(_Y0d=&iUugf?j&P)WQ0UoHuei$M$nxh?ag^G4CeI2g!`ta?5YH-gUXV0{any(EclQOLVaUh z6~$q!z^o`|kfqNp zk=gXpK1HMk3?$PT1x|U5;YsKXmv`%lE|qB_bQj1BmjkPEUe1W_>SB5htkpN-r^qe+d!R+|n4_F~eGL&V zA+@&AXL>IQVdLkbSNyu!?bL{T>+6s~^!1+EfvU@o8quzVx`ee1{}GhQW*3RIa&*?(y(3A) zwROWxa(nZt7qCs%e&)l8`F=j-(wm=r*eSmbQF{*@S=)r;5LKQn#wQ%ZKR99IRa}(K zp7R=h-N)#*R{M6RIivnwcS*^v%c4@o~$r$i)60X%Im!l(P2QN)g7Z6|Q`$X_^ogBEl${b@~DXClYLH1{a%e0yA zbC8I2&TzGHHX(FT$HmHImD0XrY`7UNM4(PrQ`x<8r$PuM{P!@z#H6u zg+i6sNDe8;I=T}yp1Yny9N*r84ZC5s^c!zJA|CL5xamjr(|rm$VadmB5$HCQY~J@AV?{R$ zcVj-k_``hWIbV0EZd}Y!f8e#3Fj`}h@ue*-PpZD(HcsEbASNyj0S@E+_~SKw-knzX zcRTH-RAll#CUXW9!dERAr}HNwoZ6=24U{4X1O=?QpM0jJxuxlr$yKUw9`1Cs#33Xy zY^(AmeRBw4lRL?L862khrbp3BVWJiGKT|>Zq2L(PmfAt0$w6CF4oD8v2mAiW`c)~% zoWo0g;xfcaF@`%`nG2#?z+#d7mIU*_#$9ifzz^o|P2J{q3Iw1-ZM>g4+%PT}$c9}J-!fmU)5AZgyjxHD z>3du0Sa#NQfy%4fYN-!Rf_}91!E!7Wise}p1TRQ9aU9P~fPFQW)f8xu{vqbXp%EkI zXiOL!?X+z@#*M$k8F9cQs2fD|V8&WOGRlX3we2V+P}J}iuL$pjrfx}Ca@-jG?yhb# z+DUR9m!4FqDSi1&j1&lfJDXt5ZoDJx|U?6Y97upVUFQa(gt z?DKH&#B-@W?nDUl~SITI!<^a6IdD$QSiuM&( zbgq2#L*pn9-r-fufe5T_S;|Fw%yr_2EB9*TFBo!VMW5%s`8TP#0si4nRt17~0Irjr`1_~tOvl#xG0!TAo)eLXZR#XNYGE%f>w>cq`un~?2h(a=!g?8xTKZ+4J5O3~o)dU*4=(;P_@T)W zGyIebs-j;$CFuSXuMe|1?|_Qs!o#LWJC`Q!UnQW(CD zuK}9c7P30Bz9V_3!5i<8{TM$}4gUC5xho}!xyuMcZIj&P8}TF5JL_U;N$xvF)zlx3 zb4LH0+zO&DVDI4jAG8p#4cs+raCr9YS#WSL{fM`JUY7qKk6m~9A9)f0xCS6UvHp6N z3>><4-sOYw2|f3s^2Yn6dl(yT^K|5X+76UBdt1$P{8XacB+1aqQaH4mqf;3nhcK z1b}(leFDZGPfvgs2mTjbs5b7f3ihj)d-|PonR(*dK|g`BR}qWso%4f}7FCAJek zpEXaRCfBIrQL7G@dOo!6OOo_bA`wNoswe?9RQ;&7B+Qoz-Yr(io%CcW-}?uOkF5aL zluWiDo=YolBgbz?AuRmTqK=03>r4~x9afT^wsWidT0e0gEHOu0)dCTmD?5}w02hIZBHS1p2YJCxjFwol{2-8(G7&B9ViGew9_eUuQ26Myp2D)<-_zx2S+@uz^CDhNZ=0p1& z?5@o{%#;!Bas75%xaN}{yFqyA%)AlyypdRaccv{A_I(`R~IL!WJgi>}X&Aa9dlVcCuSZOR+Ns49_0mRvsjzCmUBak;F=m&ZBpjZxuG7 z2GgxZ-|j54X(yil*mq9tfuU?5^_+7?Yq?-*$HIx(xT8PWIZ98%YcS9#r%`mESEk69 zuSL=CVDMf-_H)oN+sa8dexVni)h1N^(j8=+)L_e^)*G!KY<$-}**AIlo^-lZ+B9VHU|IFv3$#~QDGxsDB zys;)RU7NxpSSF>BQ8vr}wW~Y8M6| z_cOh_cHU>idXQ`ar|Hv5b#nc4$tartnYByY2Z2WbSgJy&fu#z*MEh^HwRCSfy5aBZ zYS@>5iMN1{Pul-_~I@0zn)&3y*A>#*wM7t`Uh_byCl;M zN7JTV`5^JoD>h!X3F6&|q9Tn|0!~zu{-l7h@$vc)1tldRO$}RH6bMOG1nqhAOdDKi zBCuJl$B!R(bgs_5DAb#Dt7-*>aX_;cv$D0-1gxI8*>BK21l>vg*BcHcYnQIQ=7r+% z_$gNj%#l4s{jSs_IXNCaK9#XCDE7?yQ28*{-vkDO4b{;{qxSAtrGLU*(>LG0f3N2ddj1znMa7Wvgd4clVnP7@ZIGJF?Ck6#vRPS*>7PGeeEjIqXUz)#y*7?z=F`8z z!y9*Jh+~yb>qB?F8BWq~`8_vv%)-k)-uFPV(Let7=F;WxFND)Xo_`z5=fAy-HU2ex zkgI>if~OULqAr6QSzSb5&b_BS_gJcCv}lUv!i?a5(K{R%BEbx~tM(dp>^|=5*^6t{ zepGa_*DTkwI~QF3et&OoZ)Q`If^vdL>!q#_-eM5QVP+T~OLLdu0_kw50h9~SwTV_g>iu<94Y4h#m{5IkyNe`M}CCtzsWsQ=~G~39u?X8e& zEL{|5m>a&%OrFv;L3obe0VT;;rHOa@+2;y~2*1gxsl1*K{?gfLCdOSE{7I~$g6iiE z_n)FoEF|p0vBvAF{`uEaIJ)KFHd^@8Y4RKVbBZ^u^h3oJWn4*Vh*D12m_RJXWtN?a zJI801WMZXi8j`FWmnSf?Oj(nWF6Jf;$ooyrqYO9l*cVIN8le`ix5~u*GO&~z8Yfc1 zG)t-;Y^4YhSrW82P%VKc=%7%x9LVk* zQrmu}1;bTZUm^@eTFY7S>i!B?KDIPMrc6Uv=K)8KgOKZ^&-*GPy!^xgYh@KZ8@Ac# zvr7n(I1SlebefHHnrPs|FUe!*)RmxGLefII(wq$vu>m#9nxKi1S;vtyuORLX2JT zWf$En1@D!=sIwoXr6@7nHW}8(qC$`VANRL@XKeI*)z7rT1u4sUonWn_73Qa_ zm&+B!y*3cXYD7aSF)t|V7%CSYZKxw6_rKR($xar2N&gvap#lD#{uw zf*)877OU)@yz`lO=pY`?!#@*({tyo%T&JyJPDot%XqoSO&fnm%v}c1atlcsJtAXmu zikEb5D(NTV136&`q9_%Eg-6XNp7ly<53y+=i>KJ~{ii zsc+OJ*~mZb`080hX+<8!uKwH{7lgfu=P`^I;7{h408{MZg@sXR#HgQ-Lf?7R2T}~$ zP&>cy7eDuaOV?N$mht(4Mc;)KG8P{HTN=5c>gMN=;+*yLNXytWGwz+56!+md*oaK1 zdh|p{z#@TKY2uOS{RHPbu()QhxL%>Ht&#dczRSE)Cw;WHrQO9TX@h4051;zWD|2;U z!Q6YkZspFCghlTKF3!;|;sPbuGhWX{kK-~;fgnvyQV^0mQNg%BK;5=r&XDl9YIIc* z7w9-DVc~3kKZQI)XLeBBa-$h@FlM7cuR1jZr7ru7{`&%PEZScfTiDen&LOojwFzL)$`a-q?Jn>_> zRl`Wsr&pR)4@j@^Zt`RcabtP^`W@YVYzbN>Z2@%J58(WI2=9s)nsp=~{ zHffN_w!QLcRdFK9lDIv^I*h8!krYXI5qgi3-?-U1$=jzGFH>eD@T)=KnNUx^2qVrf zue~~ysi{dXy~1(S%=Q}bG){jeuI0A zin1=OGbTs(LRiE+h|Gs?E>2y5np zO3s;13Am-A4R;34HjpQ3K2WYeE`EBWM%XrSpm>Q84Dz*S zBGvP?jqUr21@AD%xg)QIbqB_gXNz=SqAGF(imPU?yQ~BxvuhmLU;7YhYV@GpMejpz z4m@^F5^>HIRWqC|+3?FkOJ`KXUWxYd6QNJ}LY&O;$eWodNf!@I3Yd2s&n>Bhjbl__ z%BZI^N<&eS0-B}$pLdf8MiTlKTF-~S$-?zRTaOBHW$;AQp^g3JANLWs>nu9Rn#ns& z-O`oRGgO|0sRGxSt5=54e)W5SQRgrz34Q6mAtCa5f79B}EogE7 z+AFGcOrkTfa$rItWUY4Ut1v?5@ys|JcToFsRr)5gac9UX8k<2jeWOt$aDTm%bwcrz zmOHT|uiUVAtoRh#WxXQrh_T*&+;uQQ&&3Lrz{zPYOlf!tz;ac&B*~ezjM*N@2suCM zE3@p;aAbtChUQ(-p*c?`qq)x?Du;L+a;UK?q!k6a4_JA*LU>WFNC{74eLb~M$&n) zlj3OOwPZhPN27#3b?M6Z8vK>B&vxO8%+7QEPdb>d}Z zcTA9WIRkCvbJl~KjeI;7pE$7uVZxTK(3ETHh`>qVdD)B}9GoMJdjB z&8m%7u-e;B_FE{XOy$GVBp2@u3#|J1H0=7NVjCN-Kj_*P#x9$`G!9vQ_bTr!##i>y zn!c)KW%#U5vHL!bWV`qb#m9#lsvBXeHH!iU*^|t^t4_A#uR>HV^J#RvYfG_*P1!Q; z_}#nuEdPgiD8HDy*7WC8j@{+s=9pdIT;uL9=Y(rUU5C(2j+g0rX`N!IQ%d)i>`KG( z1B`cdgJjMz%@$+F%cD22-YJ?k0yVmnQAP4p$HqBde;NNZ>i0l$jpbSuf5P)9(xB6D zl4u>pxRB4xqWX(`)~IL=fq7=wtTV)=acfw!L1xO|WXw$zQQz}Ll3WhM)L=K1hmP#4 z{VBK!%cGIqzSqrNOfycH663w;JzKilBL{?U@?3RScAw1VOab?+6GC=PfwO6{-LD~c z9aVMUZ@DO(?9+GOWD|4krq!~5&e@tGGpb}-vQjNW{+`3s06*sPat= znPp~raO`og{ByuVShe&GX)sIkmnv&4wa~FNwST-pxi+lbj~ad7qM1vvWrmgUuQ)7HeLc* zS3t?X{jl97+IyRrRYm(_FV;QsE=H>QBO^i>P@Basd{>s`wySe=b_;QMW)b*mjr)SVO(N#AOEHteBxcQ3dbaP>m! zp;528OHWQy*C;GtI=p{>xW2wV4l$O>^P7d8okV4(x27-Eh-@yWt1gj0T%z9ekVJ$#^#3?SjqukL85hQ{CUK7 z@w@FMr5L2DFQP0fIhL}N(3JmiAr>4*7HygFg0}X#`Q7%9&$JbUL9mrf+QWvWq_T^{ zRH}p4kksSCauviBg23cCX1dj;ZLplbHW21*^C1z5n7H0@ihab!)|QEl%{DXidgn-9 zW@e_TJL3_EY&PBeIT@YB$0BN<2=KU8Adn5NItA~*JRP_9_t^MjP<-p2yw8Lls-yGq zCdP}_zYxEI3jP z`8q9NCTua!?hDIw8PJW)wDlSn;?-L#$)Ps&J#F>ZH(L;%F=lIhKo=9>V9R!ww>Ajz zEJlBKdG|2WEUG3`((Nv|vc~Y#ISH@vw<_Hgl9qHs_-;$duO2dN*jLkJq&n-TwTlq6 z>FFpot8BeZJ~$qgMQhy<>Qz#h5ZW@K87QwGhF%x8jZ-F!@N|DumFYpSb*>%itW1-G zZFV2z{d}2dbggJL#U4t0s;ug(Z?-6`Sg2~fP~6HbzJmyl?X!KAsAa5?*O0e$`ICc- zZ^AWRJ7o67YCgBUMjt(&IiKSCx$fxK%<{6hhe_N#Ji`9FK7vdq`FypVm7T0bN)wCc z6ue7rNeRovhLpx{ebpwAND9v`@fVxj;a3Ic6xSFj(7S)prWNcVANYji)r+yI=C~)Q zqRGGbhHCPctPx)148%%^w#cwr;6&LSL4wWv4b_+D55WFQ!rZR`-iGIEseg}aoCFLB zj&rjjiaWzFJdIyB4~39dT)MPq<`}f!c?RJ3=o}~MoPo4k=bY7?wh9%PtnoIQvZ&P@ ziz3e#@7t#u;nc-M*>O3zmyrfZW4(`4|FWu6ech z2?H3>d zEI)&rSrd8stoZbTyU)JXVL%W6`sp}ap_YF@2AbCE?fR1eLhW?ZJ))A>j@_AYp`y%m z*B*z6U#5>wfcks7o8V%>v}7(?y*InlJ&#yNb2jGKC9ICv+v2KCa`7g^F>`qarehW# zyEZrOOLZ+s7;XO!a~bj92Vv|&evLf0U1fU;X=UF5@5{ID`ox2_P|20q&fHxd4&?SB zu*Y;KT<7@O>iJm3xNy(&aTJJoP&Z*_TQfXM$}D?1D(t(|@C-w15cgf{GnX)Ndz<6*GSukA_cXt>z8)D%ic2DI* zYz5JY5pF8EVp2L=d?AZy~0ML0c{lnl8mK z7E}OxrMHaz$%yJ{U7tG}!|Z6yfgA;Ij7<|8X1H&psw?xar(8p4Qwy$8Lz~VCQKwD% zg(w;F(-$GKK5^*9v^xrAHLk(~_T6Az!{ayO}|^m8c@zAw*(XlgM=C7#4T?4vmz z!1+I)@?N3N^~WJ{Fg+H?#>B8g5+4P-l%N5ECMdzOnb5d-3nRqPS38B}XJdiAUDuoX zjgG}fMSl$qy<={XX+0gqar(;bY?s$^%Lk!dYiTb8tqUv&NGruA$gJM;m&?9coWOPV z061CSr-W13y=eY2S>CYw_L%WwM-L1AU{Nx?kaovj@XRA+SZ;8^ThCDp%ls8ozN2Er z1?sZWP1=|caI}4C9!_8;r{R#=W6IB>*T288D-P3+{)FWBlq0;7Y4>TYl3?F}W{7a~ zT9y_D=U}pawCD;`o2s^ROk*3gqGv{mXhE?OqdnfGA<>r!?E?vBLKZEqt>L*n^@X32xqX`Ia3nau-m>{BR4n91 z?uc0qXKsY$!BcLefdZ8(g{o_xd_(jro_M=Es5MPUTU>P9J-{<6yRmp6@RPiOb~HRA z$VfTq5Gtk+q5E_7SYYzLoD-!M1be%gxzGDe&dnPBRtM@r#Dn%#TUq+IVpeUgcc;}^ zJBa2S-PceaV~K?t@$bsxTJJ(?yL-Q`l5<&Q{HiS)mkvjLt39B1(u6N&Dz9shJ;TdG ztUzw43EDIoduvqE7w(I?=dyD7?CJR;wS*Jv)-fg%kFr+!UfL)k23D5OeAOuD_IHTA z+)>lfSi9=KvT~|z*VpmxJ#Bo%d{6KZX*cWti?_E7i|Tv(#ZeIqLZv~#0t6%^rA10Q zhZtI<1(arB06|1rT59N;VHnAwLj;z@AvmS=Q-!R_`mtD7hac_xLJGc zwf4U6`xCcXUn0}Enhi6QShjZnfik=01-*RO4_9xB20Qddi@d>W$aAVs@wNPQGrF5% zy0=e^#0eiSP5*5uEF^+y_GT!hishDXvP(E+P7b@6OE@|kjT*nE?~>N84i)|DBsx~^x^n*-+>&$o{m+(vh3<5@-19;`T$D0o{- z!|UbA;pXsWEumJ8Pwld^3cn$!ZigNof_PW&h)TSPdSSlRHd04FQEE3LPEnJvMn(OO zV;V~}XzM(Bb}d*wsmxO@oJS)nHaRLinclNhs4aOJ#8I7j@v!{kvc&gYVy}zCY?kd& zcvQ_UA;EpRjbpZ*prb<)U2#7SMLIMMa3k2!^r@3jEXOFkaNaqeqX;vn58Q=HMkYhG zES@X}fDZVoXCeYD70tfR%mt<0j3637Du&^(KE()R_SF5`z>O#Vv~51D9j|~O4yiVW zKQr;3RiQ&vy8FTPX=#hjFRHKE4K-ics#F5!@{4b|hZ+_eVNNq3OWu;T4XuUhH_Lt9 zv|2ji?r@Ko?bi$To)UuVK5ouT-;0SHC$q5Q=+f~><*n9&=@e{!TS<;p*l~!%NoQDE z*ce*8ltm7SVXokbCL$D=jz!8mrfiS~FnCN1`5qT&Edf#Hjq#4v602Z#=Zn98U8GFh zvr?n0M(o&rQuB#wdEcs3JJDzBeCaHKjp%gvGoP$yRgah#@RBTiTeW}yP&2J z-c+m~vx>)Xa)?S9>bieRv^8wMK=9hYmp%Y$HtK*knlUA;ifvHwYhfBD{$E#rTk*ah zc_3GGA@YE%e*kiwLUUlgb512(%6!VOp@liO4GlOD^^3;-J{%oa%Mh*Kv?hx&^_*3F z=1HS_evK=2gluc3uGu{2u$0s8nYOnvhq0k+y(1G+L395lEL9?Oh_bhf3vX7^z+5CY zrTmpGdSmG0Ja5(d(ftfi*pQ|3Q-`GC!e9L@ek|5@>OtqOX;%pB#{y-59Efrz@Tc4>e_y1jFrWE98CiRfu7x!+3 z{v_MDhx&+ueUcfT3120WY{e(bc&Z{TF)j)2daiNtex1>IAQ|kluY9&pO$hqkEy9*B zC?}pHutFhp+;!)UMzV~^nV(;JVXOygxDX=_;z zAG%~~ql}QTYw~9f2@+qip~i(}SGat|qjlzIZu>YOaGFpx235EzD(N1&RO;C2#Mv1LME_4#x2*h!KvuLT&@^+JU1)8t-PG#)}&_s5P445e~t z%{8ime%l9e-anPA-CI+q_v$!3N_l1Yym+^Bukd+KqZ=u_rc!UI-qX0Ay)vVH(_CU8 z!GA07-)N0Uq}$7GOath#)$%F%Kw&GqjX$rC>nSx-+?b4#zSj_e7{0i&+4&4RU9ZW0 zmYRn9ZZo%@!uD(8N$QC8;SAY|#Oo!`uX2~WZ*V-P$(s zYiyx=kE2D^46R};+AZD{JDy$ZdBlqPuB!v(2}+F4@2V6j^CKL@+t!^gaYf{1>3US7 zt()K!;HapK#YJ-S#diaR2j{hfgK=?3r(c%t(r#3;-TLM+*W$IbHI)NEf7TP5q7;jT zhnT}NQ<#^CS!|W?)CHj=OgqJUs$(KnXI`IIhECU*QBW z%G%bM!rmP>w$A5x+_Xx=Z!Z|%(uIDYbo!2zq#~_HKm#qU$DXapu2Jwu&>)_h(K(~V zv~Twt_1)exi!EKH$YvhG$U>9slcW3NI0yP=4ustvYYdR(S~q6s*{mCt>)lnAKt4aB zbw-5=Q&MZwZj9Gigan^GazvDw85SG+_DEDvWv?2I+>P*!L>3xJHhz{>MY};c-&tuL zfaG2xI$HO#j!CtTA!`7}9Ky2od+^yo&2yx|akkhLLDl_Z;X(R6B{hrBUBC8LB1=iWENfsA)WVz^%oNLe64s5 zH>kvQd}2<;l=-9kUoiDtpcOW6L1bHO&il94A}F<14P=sXa>bEFM~T^^(#oOS%yNl) zE+K>a*IUZ=SJmmo`6X}X$k|-x(2g<-UUBpTgE_Aili1io`F!UZm((^t^N+6_wW9*Y zD?I%*t}=Mz2(RcfZcqPeh&)etaa(}Rc1VDJ+fJ4`t=v6+*rHI~e(Z5mP%Y7ui^iwM zToFY+p0)=+wXzee+xM+2As#&PY~ROO;#@!642rn8npP84K_y+}dc$7F=i zo1iqMPrhAm?LwnBsz#%v(6P;)=wui+9Gc96>AG@*#}D=}Uvi}zwANDjXbI}5?ABF; z=c@wqT@kwq%Zy?YHqeO}f^T0`n1o;PjkN1r^g&#dF2;lFSAA9`>UImyU4FcCY35wz6nF{>p7*khgj_F|>8h7vqq(=>%+I;Yai!6Ws>`^f1MeWCIOmfWJ? zJ-Vg!6T`Sd-?#{ETel+@&Q=EGnAX#o*3z5oXq$`3d-QEnc}sOys)seOzsA!1V6tHm zeBVzAjq0WuEHA{B{CIf01g2pu)kpHhQZh1A4^^8vdiu@GG3?eQ!5gk)UG-5JUf8ij z$TcEkwG zL^5M**jiESQ^WUwg^p#fA9XWBf??6Sd8tHKjBoqF(tjD|hOBhBtiAJj_!>%Mn8c?_MH#dEFIp@(xfOr)LQR%YSl z_jjRp64EvVoyzi2%T#^ZW2dmB^7b(~t==VPoW!#-=5Jdq@6_7Dr*?rRx?gMMPSED8 zLIU6-R-y6OdSf~&oIwOQq|8n($mi?MM}lt`z8zGn&yTjGWY{0_8cx|+fw97B_V4sT zMZ49v@8^b6oKMk`NITakTkGkUTDCe~kU(v3$8N38+`Z!4SCIZTX&5U^cITy1?~l%R zNWFR^jG+A>PU&Je^4d-V2Iw36S#m-}KWBJers2LmcE$!yA6&^L#yLv4&5yNnSen;)`_ij-S5jhBIwqBA#Q zuTZGg%XkRWZZ8nM!&%#Sttu81I*C}aJ+@32+USG#|8R_@B0oN8xD%f+B_~+Zu>G=^ z_lb=4cydB;rM_``=u=G<{WtRQlToVZ;v4rZdGVmn_=J_BwC1OTE=G^Joyq z!xIG~+v%6nSnZc+vk7bF(u;8NsPBCW-;XaAbB2s2_rh1~i58W#AFP?6Ey0$WoJ`OIN7HGXj-DtozQKD^obnJRH zDT}}I?DnrNrJg8b-S1xL!%@#iQN&ELN^eV+!*xnhj{ zm2LgrRHuelEj}GBJg_Z}t+l9ir3AUSDr27CI3~^WGP*WVPfCS|DIj+mRr7pJSfxXj zy}$9GhOui&?L6G8o>Cab!?FXmz;nmXe6@>=#?7;7P8-!LEIpTIH}xpKV1qlAJ)V^r z6>uZ!UyVqUUe?)$l{^1)K zo@~j?xm@+;wD)Md#LIQ7Ew#QGL#=b;ls>tM4(D?>L6_X(v2P~bcz6%p0oNXO#!!2Uh*@}Rs$llV|Jq6f2?O?_XFv?J;&SyZD zQ)V$BPS3`nV;v-Zp^UyD={>3R5D`hTsXlttyekfjWclj|8 zF&x^0){ec6YgiS>=+HpSTj*+Un7dIxFKniQoiK5*EYNV|2{Wi3#0@1mg(485#!$reD&j$8)quw?XN{j2;bmy8A;xE&*NMrPC|5i^s>o%IPuZ|+6=Mh0-eJfeK!`DNUnPpC~7mPEvUN2)xvFgw?_Rtd5 zTkabcqTr(`QystWT!QJ;aczl%@#yNXp{M&>bqOdt)!#-MCg0Up-n_7V z3eF8BZif6;#b$?XWwoWh%o8u2KB|krmqk{MZ$3JtJN7d zF(5`}ngc^4Hz*+y6|Cy*`e6Pg={?)>b+J;vAC+CAkV|5eQSt=)?Al#kmqJRVL!wG8 zPZpyP&Cm`V^DvvLK#Vk@58f-ibJd&f^KGAGKCwC~efkmVAjuJChuh85B)lj$U_6a? zVjFdpJUoJ5e(~)`piV%gqA-J8r0xEOMJU~j5Fd2R#=ILoVtGQcChNIUVIN7h{{wB* z*I!!1R{ya1UkFOS-T6LlvT9D!Ay{BRX8g;Wt`TL#I`f*Vy_qL7tOul7qq*MaH zOIqq1UIE(>AI(lYd2lU@u}HiG@M^WQb+bL$g}KJoJ~Kc~ijB!44@~^)Qu^A!u>*1( zi7`l`t1#;28<5YB(3&zpYmBmqAz_?Rk^MeRZ7BBzw1Qoy(D~xZ%e-xT(XDBlhqFPF zckj~VG3b%%eTuoCU1)$xISv?)-#PdLKehc= zVp>1~=Df4-FE17r?h9Wx@+P#%k4{We&!#YeP z&DmYioSs#sE{eRAtCcysn{)A&zkSMb0mLkQwn4QguP8^xbWU3It``8Z*f><9K73FQ zPPmi(Gv=l&g|H;qy*K1$^mS7_SEX(>!Ai;QidhfN4 zCxGh^uN#45#%e0*tDyy z-&ILs>4~Um?NRRQ2%+-yPp)eM?6{^+X1eotD6gmzrMy?P)TuyrVd1E{T;44ZVs(pi z&Fw-iLHu|t-sSiR5ZZuCgg5u-c<_ufcb+E}Jr!65z_~S4_^IzDkDR-zQY$VAbL5T9 z+rOVpwk>@lEqmn-O-&rE3l6Wyj9ZqSI&ikNEm}{=N|>Hqe%S{!{dj+P?jxRygL~eh zTXeUSYlSZKDB%aKbbW2~BBI|ot^Lsy>T>7Zp-a7?jf3sTZ`S9*G(anqMP20tL8GIo zMo%iM3MSFKV^4ffdegge>sF*#9`{cHG)vrtjE(mgtYgwSewlx{!5c2K&FO18*CJlU zxM)VdcsAH~Hz&8BnRRkhhuYA}LqvE~Y{3Mq4O$!mM1BE=X<0ftA@5TQe|W(v!!(67kaq;CBx zDmQ)l^}VHE{w*a_lA&RFk87k%kNi(wPHTSNUM>o@pC;ngN)P85=`;PA3b9Xm*@T+gM_|Qv=4^JC=;qTza zmu*IZyLzmbe*`U4hf<3AUjGlwnzk}xqBgU(W{veQOcZ*o;6hPW+?gn=sEYSEie-Cu zZg>xlxIgK;(uLEn66|K}LJnfe>QY>0O*wypLG)s>97oJ-r{SQu>V>x-!XmTHLyr`j ze?K>)uukuh!h0Nu7(zJb>|SYu>aGbX0qHpmZm zkHIpsd<9&_%&#NS9-^b*m6;4KOep3(7b_n z?Nv%hWY*j-6+4mMrwD!pRw23=bGpfKWV%&}YpX+F4mnT-JsUSjF0@0OvS$`T-kF=h zg2^09{i<$d`a1OTzPep^@L7oAU(&bem6nQ%7rY1VV7BnJDJkRpZWl$%2ods=Nm1e! zjHdx-{L##+)%4NLSpm(~3GYdw5 zR0RdCy={@pG6o}AL9tayvsz7^wEPivT4qT*D>iDHC5na1+EZJrYFck&D*5m}!4At$ zAk1P$MFVd-pHp)HY>zWrtlL;CMABAXix!ZlrP%OuU?UI{+BTYg~&mh-B>(#(!MVwsc>~_Z`&N4pR zbo^W?$RG7M-GQq3BI}J-i4iVU0b8KO806w&q(pf@d?ua#IJLu@|J95E0|I?JJ3C~7 z{|3Fol}uU}PFa%p`;3fg(%k}Qs}XTeJ)&d^;aATlQQi~%mMI6ka=~>p>ifPP3$f*C zC3PQ!g0+NQ6XKM3HNsZ3w4Up;j+8qOC$P*6RgdI6Eq0GMq&pZL{n7ysQXJWc@;RCn z<~KQ^RDI0p+q;;r*b+vU3n;*6>#q{|_uLavz8RfCPWD{8=b8M7rdJaI_YZ@!`SM#A z7>_bO$jL2wZq<%%1OP)tIcjvgkr+bTqT1)}1#{=+m0im)OCoMDdiuz%Qkdp)MbE*Y zCX+@x72I>K!d^*)MXpr{R4N>5_FfZ>*~%-kdmqjUyysqN8d$*FgWCtyw6oy*&U!97 zR7cD0rb;2@vK{K$7@Gd%g8N9rRC6Npr!4cLn~{fd{_P>Ov615x($-&_7_wvVd){Ym0EJlS9_3QAIUDPE4pBV-;W3HH zTMLaP?tHuuD1&%E73Ve78&f1_OwIb_7#K;1hi8}(n_Mf~2jmMbC*EUpp~48Avt@nD zSomn3&xQ<8ow;}R)gzj*kIqle(q1>WwBJ7%I;I)1WYzY>X}4*8&}BFZa2@X4L3e`UGP(ERX%dVG#K~0mK4hBY{jp^SVn2wq){`KIp4N# zII;PePERqPecX$yb6R1C%H@_lIseAo$*#Va(W8~*B^x{JR5fmt17AitV_cE6iHV&| z0JVghR=PEpJyTfK!y~Nyb;y?2S2_w*X)^Knchit^WU+_r)9DTFC+)aAZ5C}NU6H_d z9Rph0&abZ{6V}5$Xuq2)c#Mb7i1+;4g=bm3OOGB%Qh6=n4!iH=P4o6ot zY*+FK2Ng;4H9e7JH=scN8l@nYTG9^l!eR~AsP=~HRAL=Z| zD2&n=+E!<+ds0llEGsz=U*8gdXJe8?f$b*y)jgZjK`WgnW*+*DF8>(O4=Ojy6mXb= z8+iJ=71qhHv$7awi=b^V%VLfe7FM5ynr$tr`W2i&)uJ+DI~`Wd`gBYC-evox`;+O| z7KrOe4r}w?s~%tT47)bRjVT18;}o3_H_3Hfj?a5O&5THfhbwTOU&l)eQ4BwuDDx;$ zm&3X|Wnz+)Cq>MJ;#jg@sDkJ6eL`_aMi`qs^bq%9MnvVC zQDS0>d&{2dMN@2$MY15q-f$I4Q6aS1g$o*$@ps4M-?ch5Xc$0R1wu`ZKX9Hcxn;WHikF*53;oyat zIPQ?~sReRZE?HCM=eHcf)qkG74k(jh&ENpvMN;ZLdi1tP8e*&>&b+Q(e@f`fvSQ1F)&Mst_dCvr{Ny^btxc%24!XaNUA1iXx5-EO365D7bf9`8Dp9f>4ep7o+CX)#~Ju9t6ZI z;r{0Bs^zMz_G;s`mXxF_j|o=GDZ3#-{#DpYts=0csF~nerIv_YOAB_62ktaU<=T4c zWl-mnqgiu?PNrOTDa;MPuoRC-(O za!B4lmj%Q2wHsmpqQrO}?^NZ!of8Q;^<6;{1dMwq?t-_Gf}N)LeX8}TrX()ArSQ;@ z5MIp)R!9?B z(OP5&u?B5a2MVLtIjrh3zp=by3hrxKceRCtD5{o~t|r7my6jwR>|2Su%CxNQJNcE9 zwbHlq1s7pP`Ehz6n-o{ME;7vEeW;wWsSDg~NH8EMR%pAX2nYd(Q3-a`= zRwoQ(O&-o@_;N|l>&a?mcLmgF1er2+c1UB=7cdM|Q*$7C29PQGimP8T_1ZP#L+J#& zCzAdoK9bmJZTlfZF%%g^S4*!n$GLX#{Mt0-%NtKmR&zGCbULt*8tnu@j6=TAaQ=y^ z;XqUlo1XPh(8EECpkCy!r&Gb<8kx-*%fJ!UZ^d{kS{_xJa;V>O2+?x)%yOO~yGoq# z{eAx9Ut9&myb8T{f1(0m^yK>vsW1xsgV)r4)#2$c1|tC~V10_JJCW5k-zZqPld*Iyuj<`ktGXOi@$jQ7| z{JIbVb`Z^$5Jj%8Zw_IMHaIF%;e+fhBm6tw2q6k;BihVI&b*M&O<8v^7vb|!0sNvG zZZjr&NdtM$R;Y~oBS<5;#YWx(f*+#eO-&RZB;3{8PL4##85kycCLJ6!-KDb>%=K9F5Bz8_iZPfv;0ayx@PdKTf$4Xr*8Pc&O!Ow`TY{=^1t(o_6ShPPez zUQm$zxRvfEB>dHX%LLj5S7{bg#~#0UL@p?#;KDBma;a74uy^9aBjN=eLM};)HZ?=L zy}m28ag_r!W}cI^BLzur4!`EChmI%Z^;Y6m zMdG4??`Y1vzSYn_PHTAXUVm%L(sUQP|JIg2hg7Y5vW-HFC|EG$lxj^cF!q>4jN;T6 z36$q;2_SXxPM5Gb)!-WGga0dg=H>=2b8l-OpZoMOf($<2%%HUeliR!2Vy%ZfYImyc z)33N#Hp(k|=Sa`ol*k`RLA&exyEG=fclL>7;^e{G8Opr5Dw=@!fkIVN70~}KMZb8B~d;#>SU?J3oT@o>_Y>fNWR zhCF|@(?Njbm}WA~GS)kKrPoQ(Vjb}~J~rko5e9kPJ79gG<$A;?78_Ggfnjm3lMI$u z>YL9$zm2_U`ydk*^p%O{g|gh^j7Njh)F4|*yhZIL#xXQIR ze~SbsXyq?;gPqub_8DPmE33`dbn);$6a0}V-+*`%6Y#IHqSxC)Kqd}@pJK8hVyxPv zB$`!AqLw4EhgQn&HsQ~xZ29+O5Zx0KvBfW@9V%1LW{&b7^SDdG!oRo%lqGTDZbyZ0 zlLSnW8cmdk-*|j+I9r}l&FF1BcjP~^=N!0WtowE1!bLaKrNX}^oZF0^zENN9dxXE7 z+$c1YNK$lI@?6y2S-R52r$t$8p)UJ4OnDiYqbz|RER%}V}^acIwidfRG$t zko)q`e7gESuDDAKAwbiR5u~!Xdlc%~^Xl13q{9n;UK=zN&m~(y$!pHXaObPIR!eQt zXgjd?SiaL=Q^u00Gife;5{vwXwEV2V4w}BnwtP(*hGt z2oEQ5NaJN=Q+WRTxp&W_d_V_(HlzcrjMJCDLity>C42hVFZ}~NZeToquU8gb{^|w5 zJ%B;$=-_@7AW-Tx{&;XH^#8k@H#qRcTMuQaKAK-Zb1f~t!z*ATw_5v*R`~G#XAe~zq|Dy-uuKCBR zV)mi1usi!7fa8s#};U1B76nxC1#x_KQq2IQ36UoZ-a#t?>_In6Ai(weEbk(v_wK$CwLk zpJ-17x2o2yftk~m^ak|m0cf*sc*a&j^p#1SUAQp~rhc$;W{RSn3w~&?sDIFkt9*VA zTlb{T)DLfhtcdk^bM^;~LxdD=?;m+sdeV#FHOc8i6U4azuaNV0fDOL>)$O-D$`aU; zZ$oRV`OHqm5VfbNU;z8wtSVAf7EEeEj1-;d%Og45j}wG|DYcJ-fX%!6IWBL zY{v4b=C*^aJIOG!6!@-(RoD&b;nPv#=}St z4%;C7I!3)zE@b?eZaMEY53|Cx)c=zE-vjroqX|{lH9#qeaIRG?P*TQ^WSjezny)&J z1DC~`^a=pEadt2`)9Yq5x!pVCj<8#6mD!N;%vVD$=powFEIl(@m))Osl^g@Hd1pq-yHmJk1;m*`-peXKK=Xc-c-P!dwbxT&T1Dwwis zPfS*u-#`?x9k0DQbX}l}nl4jblO?b6M>fsgJYa>%eL7hW)u=!F9aG4vO*X;qQVBOQ zi#FCO9=bRN&6WW*n^19S^yTixqvl52C%gVC-{6NH9mMl5Z}98cX__lS<@X-ZhUPEu zHTS0}qOa)-RDpCJkL9#D=br6VWk~X%)d4991Aq zhiAs=9yIJRv5`3|scVy;kIhcv-D)RB>vWSSxr*D?^`12RUev4du9Q8p;lzY@NZ#Z6ZUTCMERk3Z=T>n;lbkQ?1(1G$LeKwG^^KcR z0~|*}@BMRXZ_uLIA`CT7Z*#3Rdrbc_!wYFqwfFhyx&EvelJPn2OZQuoaUPZO__+0n z4x@q8XOKyTfYZHT{nA(LcJ?XmTi*+h?y7wcEm<4G4X_C<^*fcc(kOb$iJP4DB@R+_ zU`gw}m_^^zyCkH=I4FIsEo~Vc(3r{|sG4@v3+xeC?H*gG?YP4W3JE){->XrS>sVzZ zqdt75S?auI(7al%0vJ${wRX2z8|cFft6uM<)aL+?bM+rH9p5V@RyaigA@MWaV@B`v zmPL=?R8dg3nenP@jSLGZRsQNL9Vcm@Xqb!ou2kxKOb>%V!D$%>DFAG zeFqucZhj0%S6kfe66gH9hS!YoPJWhjmr7vE>FEjTZ*FG+O}N!}0pJ#8ZKc#J0UwIH zY$FYwVpp-G0zY(9w{ZGzcjBsTQ|dwwPToy)onWgx*T0MZUd_8-9-!deSAU<(@?;BL z=;c}4;qa>1D9C9Q(m@|9WU(6PQ}ap>Umr%#I+Ezl2tVuhB=0%2jM{{JJ4?aiYNYYVJ%Acc3soAKz0> z`@Ah`LpZKjNB?b6WF%MD|TZ%}|7P#?KF=<=5vy9gZmCwl6PkuF&<@@+S zpUM6x%g;oDc4l-lzOfGcg9H3geP$gVx&rcJDDlzzrlxOedwdvEvChxM+aDk{Mm05I z+EDvUrk?%3e+u7uG=0 zI4wBOSiWfg=8B$=;`H*6Uoq6=%ib*RHmWSRr97f!Td~fW+8cxzabbTG++rXxBqnM$ z+1t8sV)$8B?&!N+2Gf%clcdo?cvKS`aVnGk7Y0I1*&C?QP{v8oPU1TyqGp~>o7#eY zt`wV~=k0gMg3Z4@LF`4f7aH|Ob}Yp159;z0W%9W1AL%MpS;wD^yFiy<1$tz!_MEV+ zO*aFJQs$!hn`nj2zZy)9WXcPkp?S$WxEH3c*ITFSer7GBk}57dWS5$XpGpmz)7J6a zN8cB)P3n1X#c&(3aP&~m_$1DBxHhDzyiRs|aCrE#$%&HuWiV%BL#uxD9*?^p->4ek zy{$H-2ocD14pxG>E05k!nFmg4hH@n*sq4J6K4~*Ob^=L$KIwT7Zs3(h`w%miK-bCBbg<`$>M!PX#aN=~H$&EUO zN-a!DO1j?X25aCCH6-G!eRl7d!QOm()j{Z0S=}b9f06k^u<=n$BYy$ruT6L_;NnCe z|LGVd*R%bzQb0L0A&06i_SsZk^u$!!E?4%-z05FcRqGm|neE;lp5H_fq-{J}YyCqO z{2+sY_*md}suL?rij2JN6W8mBhIj@$C?eBVqH^+?-bVPZTyZFYvmqfC#g^mm+5P2w z+SL&_=8$=2xxDN~exi=PRG!I!Qt9~i4*Dw7PTq%a+wZVg9v$QvVVB(_dY}2P@Xm>F zNO#^BWKxign$p=9X@LRw8#XzVCjkQ;i-xkLsiR~#3^bu-dAD`FOl&U75 zTO;6=jtD5iI_m9r@}}=6)7@G^8Pj3vdbH?Eb zz@s?vVSZIocgW%Y!R}Tg4oDX+gI!ZALCY2L-y4@{0E(t zR|>0ZqA}eR`KwhEBB!HXy8y>Nm2NpdXnFr!peOqd>Yzg-B{%_L zZRvxYBolOA8?|JsUDg`2OvTttmLzI>sMU))s+(IP_+3>pXh|;=>V-iZD`z{7sW{zZ zS5Es?U5e-J>37;3!hdj4JUzL!%M-`Ijzk)Gb$0 zQ$Vh<|L4mAb<8g>He9fwJy06I+AJe&J^#XbqqHbkRepqBlVjP708L)|zz`)y_OMHS z$oBRl=RIvCd}Cy>ICSXu7g^}g6XkFG%6(nLHZ~C&r=f*jS=H!GY8qXN0WBmKU1%q+ za|>3KaU)C-mt&+DSr{|oVZnPGUY~xe{s6LTtK-~m+ioN(Kc!F4tB<;Ppcz8fjp(;4 zXw7{AlkO>>zWoc;_*4g(Q;Rb^8)H-%NFfvC$CC0K)aI^h?SeAh);`Eq8Yu?#cLfWB zXeNYC4n|5(^NVB)>y9BI|JD-y{VoOM(BR%r@){kX_(ItDtWj;DT+v()O_uy-Z(W%y zh6AoGM2~AOW{!KPyOa`;Ryrk<3-|Vw-c={kj`MrJtG2OCq4ssPs;Vbeqy4V@u?{KJvRRXA#v*jBr?Mo>)*Iw{j#-jow?>0C) zBjq};Vw486=d#=JJKMk<+!7Tc;WjgTeU`BOBn!L~lDoFd5&+p^M^LhWYXRN!>SXy- zW!2*K@y16`*A6DMah3G7F&C!SPF*!X8LGjM6nfC2VoR)}RO(LZw{bw?ng#TMS@NXJ_`LF-K z8&OjJ-_0TZGIY2~c1b{AiCEs^sHL9Q2RKR^|@=5fr%R)naj(hfr|Z%DrBAf?pH0QL>PyH*HP{LQxgqo)*AKkeIY+CDDhlr_ zji%;l6I7kMLJ?L#OHOdHjlb(6y~Y}7#y3+AVS_l8b>|-z_tvdYRju#_)-?3~Ke<%q zc!bZXnbVET#Jw-&7M9lfI}fhU!E{THd@iTzrz;+BRzLjq{I#dz$;g|MKt;}#hHH_k zb$_n$lO)^$N~YGGcYs5;k7rkvWWN({`2hdMSzqeIyn`%I7O6V=-KY*1RWQ z2uQ8YfJsx!|Lar${Dr%w2B_fSrnbCS=+BRPd^XQU{M{ho%$y*KcSGaKgg_6gwGNZI zy?*0Z#}XZ@Kvjp5{E3iKHyNElCt#&Ec0H!s60$)jUXJJ-o3n0ua1!O6N^G>0Cr?Q! z!gB{7*~T?Ukd)w+^|6rg@l5~&z{C4n)4~f?m^qm~s%cc2@nw-sfQuq;-?-7jF;jp| z(B`EuC@eO>?m%lT1|5+*cFRJ&*xRnhv^i5WE_^c)>O-7PqaAD$3-88X zjsPdX_ig|{&ieVL=oi*C>5@?bym)&7^UPnrUh@Xrb+9NeN5agQvxLSR*c^1?<_*0g zD;`*@wQY(X*9Gu!+NSis>H5_A63z8%$@b|~?!8od^Mzvc(}}|uSQ$e{oQne;s-hLB zvw8hp#MNonFZiww6Vub2fWK#LI&e?{+zD{e>;pn>O?USmhfizMu31i27l{XK-ILk$ zh=yOd*aN|B6ZXBM9vW{=d$4pnGKSOsllOI1AVqG=cEr6?=4 zF}IH_&!(=dfNNQ}<&A%P8v24Rg$DWy%>g<5v?3!e+Qz?yKS}sDGj&~UTU4(}!d&z;) zdL-(+RPH{rq-wlj60hUnR4)&kp)F5)DY_TkWaKlvk8Gd8l8w4-Xju#!)w_j@>n8KK zEnCZduG}{%V0`??IqD@)w%w=r>%L3m1Jq%YW(mbouG_{GwOL;OFxJj7`AD^=AVR>v z4<=X2iIrm$h&}@Z9N2*I+8;zB+Srjq(1h0d%(K15j5u4%K2CG@H%!uNsZ5l9& zP3Z3gjqAst1kv_G-IHDv_n*g=On@A-URH{X*n0R08OIMxjXV7^fN&50-S9w`nuUsk z3EEG7{aa24jsYsE`Ay&c+CY~U3m6hE&}g@|R_p+>P=P^&O%3yqGAA)ZTP=Z2S=p9N zcaeI#kB>h)ENE}4pO^C;yY^40l^W5|k>n34DXu|E-lF67EzOB#!1ZtZNsdeL!@zZN z&DH(nV&oXP*Z)a*fr|ME%6LRmRcz@$=fKX+?h;@twFc60V0lwb2*l{LN;#$If<0fo zSMQk7>MLaO{#X@A2Rufdpy6E9Q2J(uZW#~y^~BYr0^z+_;AkvaXejg#XViETco?$j zr52Wnu}4zck3>S*$wi)E2@HfOIVkI+>AJcVt#iTJnW##4SrP%+^V{-=F zE;bLXKUlri%`AI(#M8rhQ$c;6j^fc-NfDj>3)5SK?naU8_}R$_Wr0 z(?p&m%{Tysxufte5P}c9sa;nNYT5?O=Bl2JbBj1piHm3^o!;W$Fi6Tz zSblHjk$z~ehoG=#1=l&24cko?bm^mQ_F7!PDG50s5rrjm>Ci8cT9!9Ly$3+K$>c47 zM1)Q{-5(a&f)<=c1UqL8+l6EM+|yqM+Cn0HzIl#>cNjS^dzFG12h<;<2$i=Y1mr&M zq7I704lEBaN5Rhf8qq>OW>Pe_ta<`lm!4iA&zX;6Hk~78a_f)7q&_0Rpa_d}Qddkr|vyy`C{NtVc zyvML?uEvFS6kI#V`1oD>Sdo#u1zZ!UK)Nw74fPP#+GKpM)eo_2+Yss1_dEyIN z(g;REPKgQiNiF^S0y$ZyZtY!rg>?GQuE7DHm&Y#r2gMvvWj&Oo)rVvmHx-K2yp_!# zhM6-^cX*Oq@4PXe zwu}#;=q+h41k9{cG13prsovhlXbx3*l`9?gF9`b}oFMvGy(ORDMS@#1LWxx?66-g2 zQ{Y4NsV>(E_D@%k+A^0_=himbrR|OqxdPZ(i=x7PUX>DNtyRAx61X-MoW)kQRAv*$ zb5@vFk{pP@EODa`e(y{#+3c~pVWAgiPCZN=vDfgOY2hHwr9JO$c!Gb>4EWsf9D;&WkwDsRgbWZx$T_S>GRs8Yu6|IulBw( ztf_Td*QIOga*1L?lp-n%Y0{+=P!SMNkP?v4RHTLwdWYBm=}RCWHBv$kNNCbg1f+(V zP!oCx7?2hSA#f(>y8E1c&wieB?~i@Yz0aLLc=AkUGQTpvF~>K?`;IpUrtPZ{daUfg zJp(Ly$lFU|{;Kf?Jbp*K*#c-~=P_GARJ^9RA;Toft$NU5ETwg%%)9r-ILQ1*VxZ)n z%Oo{SQ)bTeCKxnX`CGHfUQE2GpISv&2ZxkjzGI%4{q7^&&A(C;yvzHU3BJMPwT778 zm)V9S{kj^cxlF^Rwfkyn^*WB%))j&fgUQPd2q?`(s5e6QB%+hUL@ z!OnX7PFLuOHxTt^dmV>tBY2>}-aa9Q6RK6Eqcs}G5b!iLe5n0s95=`r5Axg1EmR$$AF{|zqWq(`Vewdh;S zvO^Bwig%F#nIa&3IcC02w2$4_Ok3J$efj~TL+l8wK)0f0PJR2v=|KAZhqEQxVTeh- zIyoFCCE)pSEqcqZ!`jeVM&44Ny*a$9u*sIwo&0TuXw9l*v;Qgy=I=N!Vy<8;QH?p* zid*emohtzEaB5_Cep*o;r(Z=I*)w04s8zR9`SoW#J~KMZD|z!z(jDNl%F)8 zsMRs@9#*qSX-wBg%|qR%=6s?^Q-{QvIGpkDXtof$?@r% zfeVIUE|tQjX4~2IqoY7U*0`J+e5UKrg|DuZ56TLr>G3WrTK+EaqHJvQ1Rid}gN8$P z?3F3%7Cip$kJwtU{n_`CYeRaeaN7NU%+Rdb@63Y{=}_}nw*KN{hwIi-p6RT}>QwlM zV4*-IR#}NNNxPr9%*A|h0v$kU+3{-~&q%Nh>%!^3kz5%|sQr|REKlY2?uz-D$!l!p z^NuaUNO-Z=*8O{UVV6_D*k?+%vM|3#8w)IMEJHUkj;4P1v(2p`NbK8pakFNDKvy!W zG@MIppr#dC+ms}ZjwU)j-*wL0?g6_EJ?=8p;lW(lM^Latid*kx?U%lkt}E~2S}-&* z$)m54lk+B^K*~DSrP!V_P`tcuQuAOK?nDVW$@cC~H2u3?O`fz5m1H z8ny1}AfZ0t?N294IL`IgC?y| z$)NhNZ16t@)2A+nZ83@oOH&rxeS|)v zs~uFc(GlB~bhAGrX2)`2+>2yvt{-eex}i_cvW9Sx=n9Up&zJ_{z9;7FwST>NR&4$VyNR{GQ zs59u|;B+yOcA-Fewmzw@=~VByQNQk)(F*#;;)XdE$M0N``}fhd{Vso)(x>k}MLP{; zJTS$#`%avApsA}5(TVEI%pb`29?mELfBVgmPSN*Bj7u70+dAHvbC1A=kvEZVH%Sml zuDf5!?6Y-ugcotO#Ps6rtY)teciA}l6eRplKZ7m*#kyFgvkC5 z@n!f=xrJNzoZITjf6hH4+s&@le}2;&R$67a;Qa_yp%)e{xf>d_bpL2}<`go%^fsrA zV{Zl6O`&xo8DUXs4C{|yH=2cy=wi{Ix zC^Q9LiRw~UFgCXJt$0!yw&XoWt&4o&LlPLuOQrKUL{zqouvzWj{pBD34Z_?&I}VQj zHPICHc$!gpS#r}YahIY=O_!zD%2AUOR;W{#Y1YmkEO{aW4s=Jhk^s#YL9&N`Xq2zuZhd6Fk60ZH6-+-;vuhjn5e5=b?%gbbcn$%$&F3=qD3ie0flDYLr zB2`|+Kw)#a9kZ}8$Z+Y_TL1!M`vw8nAivISC*^WS-I$FZ0w*xi4lkmRJ40psX#M4HU&~i4xjBl~rfA(^!z)&u-Wm^)&YKQ+O%M&Qw;W8Cb zB;$9qV1phiG`K(OWp7i7vh)x)E(D`l(uZnUsbDHtF%Qq@j?jJx< zMRb>^pZ(@mlz>;S;()IA9_i-9$wTZM4GdQThe7A;_Qg+++lNtx@VLJWZJAEP&1OEf^gLd>dvxgpj$WbU7wHnn z!4USV!(+M)w^uzRMcI@IzvDK8NQ>|z^~UkhcqT_`;Ypw7cFWlJACXl;${*A;PmuyV z?kv;sA-|BicJvw!aDlQw`4;aFpXKnd+j9x1h8E|$ ztr|l7Zzacoq%NJs3syc3nHyTO_NsnHDmQJ$7&W(Qg4Or}SsA7{$APf*SqLKQ_Q^n> z(K=RXvz5g%+dU(`L?7hEMK_K`;qES@!KG9oFR!_NUJHteW*Fq7NmY%}ML`2_I!&>^ z%m!9b$XA7x9g0K3z?v4JE4Icv`FsxD!bUs6sUy`&Iu(U1UF)K9Miua#69JpxwPj8z zX`#wPe*pr@aw?g4ic~8%O>k!=~kccQ4j*hqM>RkeH zo+mpy%odr!BE`n)qB?EoQ|?jnhXh+2_)$z-ypA!n`ElGU^x` zd#A6ZTj+kc?RtKW;s8s>+rSNcU?r~9lUVB_eg8I5s(|K0+Ug&Cw)|}+R+*laHV$<; zK~ct~T&;n{tf!I?ty@9#2@YTxCP;%#fB;ri&3!>(gHDf|>lW~Wjz==>Te#V_5g>1U zGk7XxG>;dJ77COqS48Oqpk(zmeCk8w3imId#J5r_wCov4()OJy>1 z8+IF}Hj%ENE_RJ6Wh$Jzzs^ztM5OQVZ#VUR5PJa3Ph-H7G$dqAUE&uisbJwl!u4p?MWPPe?Kr66b~i6J0VvCK z-2%x{2(fgyt=-t7*EVkSSf~|VM+7%sz(V%4hJ_N+YRf?wuMyM141wmm@9eKUk|TW2lJmO5)9U=a zME4jgLsD+2I9ld2t@keuTNWN~G&nHe3?THI9{t1`maX5l3)SgaJ)h%QY>G({@kAG` zEEnmYQHuC{deW>Zc53W+09VteR%LFbZyghl8KDmZxNMe zFCj*a-0S-P4zm!k1ca$LBm6M`F2`omNI!h&CI1h= z7Ets~^^c1`Jjcd~eO0>jkbT$m{r{$totoXJO5#4+L4_F@3@F2;r{8vQaj|hY{joi6 zuQYPRMG9OG`V-15Tc-%+xD++No%$L+@ZQtA z0Zu$w2O?siAbU967$A~O5CJ0D(Z5ix07hKUtXHe8-S7^%G?Zv>V1-m&FM|o#fTdp03$VI!mF{5^Z~o zAqLuM&YpG0yA%{+69#G3${t95XBD|4G~#!k;p)aIX zB3nz%Pll7CF0w3j@*VI{Wn~~^Vzc||{Nj?03mt5&c*sUM!RiH5pxeJdYco<$Vu1}U zx2cSMzmPr7A|z&K)x};X8;n+q)bhNLKbDkV*lEXhW`iqD3G=5`UtHqYIjZyJVPU^^ zh={E23k|fyE!L0tP5F9;x8@)^vc=Z>l}ur2o&bSp;IS2;-0^IKVaC6{Jr;63Gfnu7 zk&Ule@uC6y9`i9_@Hvx>`vXd06Seq);c<77EWh>LP5ArE9*+ohdeF7UJj%IgCwG?S zR7m&eV+S+~^?klcm^KZh)(&{geqJ`YcG2V~!}qNV$Fs*3``mMJH^0jPJ@(FknE=FZ z47MK=rWECd zH-=JBd!aF$0c$21_PwI=t7}_`kZRyR|%jEto7Ig-qDB-R@$9JC%r`vCU_`wFQoVqGUam~}> zfNf_+cTlPL1B^(xjbPuL=++0wO6* z#`^j(^=qli-h2KlIsi`X^go4ph>uCnf2AEss=BHn6Ii_Z>k#5dtMZqgs-GmC1Jvfx8@&m0)AZ(}33%sRX|A?5p4sLv(Lw>UTcU}*R7?5ly z;G?Bfp6CEuqs%k^gOYRTj_Tu{{-$$V>%S_2SciT&)D%Jv5lCy~{{`sje$My@)#rIn zkMYlhTWxPI2(Upvj(<7E=3k*L8*E`(BY*nv9edM*ZRCDW)dgRsU4+1Nm=qkbR~A>9 z#2Z}laKz~6C;-LcfvNZn2wzwXFUmj{@ziz^d+}D~OF&r~*AAe_M!R+7j&;H^ z4`DQN?rUIG&gXN+?)hrf4h>l(qOZ4bd(p-YbH!m?ycHB0uc%`VTclTti5N#g$s$sd z8{VS_=!O0JJulY%CrYG8i z@K~Fv@!d>%kY~jTZ6(c7)~2Gt9B(tK$iyB_H~@uCwsLRS5}~RL7rueQg~j~y;vba0 zgHqf#;|(BxW+0>~)kKHH?9T6|zKe$F6)z21xR3K%`%(r%mNt}NgX7`kGEAX`Esmt$(dk|8?{YU;c&yqYP-icp zAA`l=C{*=nlEGjMEdOjWJZW?wSG`q@3JvWAF?^;i3v5Up^Lx-4kC`2FwMvUYM8i<7 zWGk$^Gf+#rB~cjB3EPj-iM##AKg)_GoToY}WDwPy5qapVta&yvSx36!pYKV>P8_ngT z;MiUGIy>THhH+#6w9_CPv%h)Nmn5ObsXskaZ&A?x#;!_u$sy1`Q-@Gtzf>lZTIXTh zk4nol)V)$djq=>hHrz9m)j`O)y}Zy|zJLN~?s*ah>me=y8t0ac%<(ueVr*%ixfger zueAwQvej?_m6T(rr;5oIvv|**QhC0??nV4ZxZri47m~a}>pt!;vk5fEeuLv@u;@-> z$QmpXLClWgomEie)9F`CGV}nM3GZGpL7et6ux;%ekVQEkJlucbxvs4D)KT9&0c&-u z!-lb%CKYzP;{pj02y=5Lu6kg@roCRVs9fli!ztx3>xkV6&J!CgwTeQufx5UHdHK$LD;47VBxE|rfgbY8 zyI~dHr&Wh2hhu8Hopt*yqEl{xNhLrvX&&SUTl!aPo4*PlJB> zAEnx&&aMbo^!^Z>-v6~jyl4OWz#0D)ruLxI`+xqQe3AVB-W~csrTBg@^#2t##OHd{ zpS*A2E5Ct%LQ@aE{+9;*b3IDkCNUEU1Pg!#fBL_s2)}>r^M|*zamArOncsVRv?bB9 zc7;bB&^J!*IE z_Nny-iDR!^74|hZ#EKJw1z!b=jyhLYmAm=tpSQH3jJ!hOy6CCoJyHjC(r*_B_>qn7 z;*yeQ(P(s=BG8V$&zd+v*CkC{EWfTg0)d!3A`P7FS2Zy)=}eXtv+4ZK{RC+3%`>2! zuk;M^_wUXraxT|eT3Rx4a|KL*7wF^s$mnSHJLJwpDc;z&yFi=+3s|;W9BIXrEDEP#I@$XEG(e7uz(`t#)f?Vrqz z)*a2qPxB~kKH~COL~iYt+fHxbJ>DiG0Ol7n|VC5MY7M~s;jNKI;g$7z2u9fn;awGX2R3umCS z|ELOV`J5DX@vtfP5 zu+Ezw4o9Q3m42@qBge8C;ChFDnw$>Wq?-;C&Hb7v25E5jZ=q=_r`YkLPB#_2Hq<+U z=Z0!+)Cvot<`*LD>>b|lbL@siy~=E>N5tJN3e=n_5{~|M@5@SGRf$AHWl8M^*<_K( z$+t1NIHWou&Hs={^hLRgpmTmdX7V{yRnKuqGOaUV06%bgku$z|VHA4et=lG%Spp+3 zh0^a~rx)5)$fXX1kP^ipJvTcB{@IUKA1cb~2us`X%Q!G+hYp!>$5!uSruUCVcfP;M iS>#>+pFas+SdldrG5gds5InJexu%-V-J&~>U;Z223QKnY diff --git a/metricbeat/module/nats/_meta/kibana/7/dashboard/Metricbeat-nats-overview.json b/metricbeat/module/nats/_meta/kibana/7/dashboard/Metricbeat-nats-overview.json index 7ff6121a2f6d..99537cafeecd 100644 --- a/metricbeat/module/nats/_meta/kibana/7/dashboard/Metricbeat-nats-overview.json +++ b/metricbeat/module/nats/_meta/kibana/7/dashboard/Metricbeat-nats-overview.json @@ -1,12 +1,368 @@ { "objects": [ + { + "attributes": { + "description": "Overview of NATS server status", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "title": "Subscriptions Info" + }, + "gridData": { + "h": 11, + "i": "6", + "w": 24, + "x": 0, + "y": 38 + }, + "panelIndex": "6", + "panelRefName": "panel_0", + "title": "Subscriptions Info", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "title": "Server Uptime" + }, + "gridData": { + "h": 11, + "i": "8", + "w": 24, + "x": 24, + "y": 38 + }, + "panelIndex": "8", + "panelRefName": "panel_1", + "title": "Server Uptime", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "title": "Subscriptions Stats Timeline" + }, + "gridData": { + "h": 10, + "i": "12", + "w": 13, + "x": 11, + "y": 28 + }, + "panelIndex": "12", + "panelRefName": "panel_2", + "title": "Subscriptions Stats Timeline", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "title": "Cache Hit Rate Timeline" + }, + "gridData": { + "h": 10, + "i": "18", + "w": 12, + "x": 24, + "y": 28 + }, + "panelIndex": "18", + "panelRefName": "panel_3", + "title": "Cache Hit Rate Timeline", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "title": "Memory Usage" + }, + "gridData": { + "h": 8, + "i": "4ffa8ccd-bd36-4eaf-973e-688b3025e95c", + "w": 15, + "x": 0, + "y": 0 + }, + "panelIndex": "4ffa8ccd-bd36-4eaf-973e-688b3025e95c", + "panelRefName": "panel_4", + "title": "Memory Usage", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "title": "Incoming Bytes Rate" + }, + "gridData": { + "h": 8, + "i": "b07d6b97-c0b5-4663-8507-8d3cc2a63367", + "w": 16, + "x": 15, + "y": 0 + }, + "panelIndex": "b07d6b97-c0b5-4663-8507-8d3cc2a63367", + "panelRefName": "panel_5", + "title": "Incoming Bytes Rate", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "title": "Connection Incoming Bytes" + }, + "gridData": { + "h": 8, + "i": "eb420bb0-754e-4544-bc1f-027568db1c8c", + "w": 17, + "x": 31, + "y": 0 + }, + "panelIndex": "eb420bb0-754e-4544-bc1f-027568db1c8c", + "panelRefName": "panel_6", + "title": "Connection Incoming Bytes", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "title": "Incoming Messages Rate" + }, + "gridData": { + "h": 10, + "i": "1ed3e570-4ece-42a4-92b1-fdc19e3e1ad5", + "w": 15, + "x": 0, + "y": 8 + }, + "panelIndex": "1ed3e570-4ece-42a4-92b1-fdc19e3e1ad5", + "panelRefName": "panel_7", + "title": "Incoming Messages Rate", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "title": "Connections" + }, + "gridData": { + "h": 10, + "i": "ed6181bc-4274-400a-a9d8-a84a027a4a77", + "w": 16, + "x": 15, + "y": 8 + }, + "panelIndex": "ed6181bc-4274-400a-a9d8-a84a027a4a77", + "panelRefName": "panel_8", + "title": "Connections", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "title": "Connections Uptime" + }, + "gridData": { + "h": 10, + "i": "7862e4cd-22db-493b-a3be-247570eaaa8a", + "w": 17, + "x": 31, + "y": 8 + }, + "panelIndex": "7862e4cd-22db-493b-a3be-247570eaaa8a", + "panelRefName": "panel_9", + "title": "Connections Uptime", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "title": "Total Routes" + }, + "gridData": { + "h": 10, + "i": "5c6f0fdf-67e6-4a39-8543-d46c3f833ac6", + "w": 15, + "x": 0, + "y": 18 + }, + "panelIndex": "5c6f0fdf-67e6-4a39-8543-d46c3f833ac6", + "panelRefName": "panel_10", + "title": "Total Routes", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "title": "Total Connections" + }, + "gridData": { + "h": 10, + "i": "258a5243-55f6-4195-90cb-ef3ec94707db", + "w": 16, + "x": 15, + "y": 18 + }, + "panelIndex": "258a5243-55f6-4195-90cb-ef3ec94707db", + "panelRefName": "panel_11", + "title": "Total Connections", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "title": "Connection Pending Bytes" + }, + "gridData": { + "h": 10, + "i": "0e68fd8a-abd9-4391-b2d0-026e79714835", + "w": 17, + "x": 31, + "y": 18 + }, + "panelIndex": "0e68fd8a-abd9-4391-b2d0-026e79714835", + "panelRefName": "panel_12", + "title": "Connection Pending Bytes", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "hidePanelTitles": false, + "title": "Slow Consumers" + }, + "gridData": { + "h": 10, + "i": "3141f1f6-d2d1-4b3f-8a7a-7d915bcb5d7c", + "w": 11, + "x": 0, + "y": 28 + }, + "panelIndex": "3141f1f6-d2d1-4b3f-8a7a-7d915bcb5d7c", + "panelRefName": "panel_13", + "title": "Slow Consumers", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "hidePanelTitles": false, + "title": "Subscription Cache Actions" + }, + "gridData": { + "h": 10, + "i": "66f0d0ac-bf45-40e3-ba8c-32d6360e8584", + "w": 12, + "x": 36, + "y": 28 + }, + "panelIndex": "66f0d0ac-bf45-40e3-ba8c-32d6360e8584", + "panelRefName": "panel_14", + "title": "Subscription Cache Actions", + "version": "7.10.0" + } + ], + "timeRestore": false, + "title": "[Metricbeat NATS] Overview ECS", + "version": 1 + }, + "id": "Metricbeat-Nats-Dashboard-ecs", + "migrationVersion": { + "dashboard": "7.9.3" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "b129b220-1e44-11e9-a1b4-79a7ae42ab61-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "206f1bc0-1e45-11e9-a1b4-79a7ae42ab61-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "754215c0-1e46-11e9-a1b4-79a7ae42ab61-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "dff743a0-1f1c-11e9-a673-d9577e5e50eb-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "b877eb90-2988-11eb-8245-71f739a9f622", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "d3142a50-2987-11eb-8245-71f739a9f622", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "5146f2a0-2987-11eb-8245-71f739a9f622", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "eeb33da0-2987-11eb-8245-71f739a9f622", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "431edfc0-2988-11eb-8245-71f739a9f622", + "name": "panel_8", + "type": "visualization" + }, + { + "id": "898d2fe0-2986-11eb-8245-71f739a9f622", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "3a670a80-2986-11eb-8245-71f739a9f622", + "name": "panel_10", + "type": "visualization" + }, + { + "id": "55c2d340-2986-11eb-8245-71f739a9f622", + "name": "panel_11", + "type": "visualization" + }, + { + "id": "68d40020-2987-11eb-8245-71f739a9f622", + "name": "panel_12", + "type": "visualization" + }, + { + "id": "84e60a90-2a79-11eb-952d-594e5c56d011", + "name": "panel_13", + "type": "visualization" + }, + { + "id": "d80d4c30-2a81-11eb-9625-31ed579c09b3", + "name": "panel_14", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2020-11-19T16:12:16.796Z", + "version": "WzM3MDAsMV0=" + }, { "attributes": { "description": "", "kibanaSavedObjectMeta": { "searchSourceJSON": { "filter": [], - "index": "metricbeat-*", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { "language": "kuery", "query": "" @@ -125,9 +481,22 @@ } }, "id": "b129b220-1e44-11e9-a1b4-79a7ae42ab61-ecs", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "metricbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], "type": "visualization", - "updated_at": "2019-01-24T07:54:30.301Z", - "version": 3 + "updated_at": "2020-11-19T15:52:48.969Z", + "version": "WzI1MywxXQ==" }, { "attributes": { @@ -135,14 +504,14 @@ "kibanaSavedObjectMeta": { "searchSourceJSON": { "filter": [], - "index": "metricbeat-*", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { "language": "kuery", "query": "" } } }, - "title": "Current Memory Usage [Metricbeat NATS] ECS", + "title": "Server Uptime [Metricbeat NATS] ECS", "uiStateJSON": {}, "version": 1, "visState": { @@ -151,77 +520,27 @@ "enabled": true, "id": "1", "params": { - "customLabel": "Memory (Bytes)", - "field": "nats.stats.mem.bytes" + "customLabel": "Server Uptime", + "field": "nats.stats.uptime" }, "schema": "metric", "type": "avg" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 42, - "labelColor": false, - "subText": "" - }, - "useRanges": false }, - "type": "metric" - }, - "title": "Current Memory Usage [Metricbeat NATS] ECS", - "type": "metric" - } - }, - "id": "30a61c00-1e45-11e9-a1b4-79a7ae42ab61-ecs", - "type": "visualization", - "updated_at": "2019-01-24T07:56:32.097Z", - "version": 4 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "index": "metricbeat-*", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Server Uptime [Metricbeat NATS] ECS", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ { "enabled": true, - "id": "1", + "id": "2", "params": { - "customLabel": "Server Uptime", - "field": "nats.stats.uptime" + "field": "nats.server.id", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 }, - "schema": "metric", - "type": "avg" + "schema": "group", + "type": "terms" } ], "params": { @@ -257,9 +576,22 @@ } }, "id": "206f1bc0-1e45-11e9-a1b4-79a7ae42ab61-ecs", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "metricbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], "type": "visualization", - "updated_at": "2019-01-24T07:57:04.084Z", - "version": 4 + "updated_at": "2020-11-19T15:52:48.969Z", + "version": "WzI1NCwxXQ==" }, { "attributes": { @@ -267,14 +599,14 @@ "kibanaSavedObjectMeta": { "searchSourceJSON": { "filter": [], - "index": "metricbeat-*", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { "language": "kuery", "query": "" } } }, - "title": "Total Connections [Metricbeat NATS] ECS", + "title": "Subscription Stats Timeline [Metricbeat NATS] ECS", "uiStateJSON": {}, "version": 1, "visState": { @@ -283,74 +615,8 @@ "enabled": true, "id": "1", "params": { - "customLabel": "Total Connections", - "field": "nats.stats.total_connections" - }, - "schema": "metric", - "type": "avg" - } - ], - "params": { - "addLegend": false, - "addTooltip": true, - "metric": { - "colorSchema": "Green to Red", - "colorsRange": [ - { - "from": 0, - "to": 10000 - } - ], - "invertColors": false, - "labels": { - "show": true - }, - "metricColorMode": "None", - "percentageMode": false, - "style": { - "bgColor": false, - "bgFill": "#000", - "fontSize": 42, - "labelColor": false, - "subText": "" - }, - "useRanges": false - }, - "type": "metric" - }, - "title": "Total Connections [Metricbeat NATS] ECS", - "type": "metric" - } - }, - "id": "4c380ff0-1e45-11e9-a1b4-79a7ae42ab61-ecs", - "type": "visualization", - "updated_at": "2019-01-24T07:57:32.006Z", - "version": 4 - }, - { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "index": "metricbeat-*", - "query": { - "language": "kuery", - "query": "" - } - } - }, - "title": "Remotes-Subsz-Connz-Routez Timeline [Metricbeat NATS] ECS", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Connections", - "field": "nats.connections.total" + "customLabel": "Cache Fanout Avg", + "field": "nats.subscriptions.cache.fanout.avg" }, "schema": "metric", "type": "avg" @@ -359,11 +625,17 @@ "enabled": true, "id": "2", "params": { - "customInterval": "2h", + "drop_partials": false, "extended_bounds": {}, "field": "@timestamp", "interval": "auto", - "min_doc_count": 1 + "min_doc_count": 0, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true }, "schema": "segment", "type": "date_histogram" @@ -372,28 +644,8 @@ "enabled": true, "id": "3", "params": { - "customLabel": "Routes", - "field": "nats.routes.total" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Remotes", - "field": "nats.stats.remotes" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Subscriptions", - "field": "nats.subscriptions.total" + "customLabel": "Cache Fanout Max", + "field": "nats.subscriptions.cache.fanout.max" }, "schema": "metric", "type": "avg" @@ -426,63 +678,43 @@ "color": "#eee" } }, + "labels": {}, "legendPosition": "right", "seriesParams": [ { "data": { "id": "1", - "label": "Connections" + "label": "Cache Fanout Avg" }, "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", + "mode": "normal", "show": "true", "showCircles": true, - "type": "area", + "type": "line", "valueAxis": "ValueAxis-1" }, { "data": { "id": "3", - "label": "Routes" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "4", - "label": "Remotes" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", - "show": true, - "showCircles": true, - "type": "area", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "5", - "label": "Subscriptions" + "label": "Cache Fanout Max" }, "drawLinesBetweenPoints": true, - "interpolate": "linear", - "mode": "stacked", + "mode": "normal", "show": true, "showCircles": true, - "type": "area", + "type": "line", "valueAxis": "ValueAxis-1" } ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, "times": [], - "type": "area", + "type": "line", "valueAxes": [ { "id": "ValueAxis-1", @@ -501,20 +733,33 @@ "show": true, "style": {}, "title": { - "text": "Connections" + "text": "Cache Fanout Avg" }, "type": "value" } ] }, - "title": "Remotes-Subsz-Connz-Routez Timeline [Metricbeat NATS] ECS", - "type": "area" + "title": "Subscription Stats Timeline [Metricbeat NATS] ECS", + "type": "line" } }, - "id": "199d3d30-1e46-11e9-a1b4-79a7ae42ab61-ecs", + "id": "754215c0-1e46-11e9-a1b4-79a7ae42ab61-ecs", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "metricbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], "type": "visualization", - "updated_at": "2019-01-24T07:53:31.785Z", - "version": 3 + "updated_at": "2020-11-19T15:52:48.969Z", + "version": "WzI1NSwxXQ==" }, { "attributes": { @@ -522,14 +767,14 @@ "kibanaSavedObjectMeta": { "searchSourceJSON": { "filter": [], - "index": "metricbeat-*", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { "language": "kuery", "query": "" } } }, - "title": "Subscription Stats Timeline [Metricbeat NATS] ECS", + "title": "Cache Hit Rate Timeline [Metricbeat NATS] ECS", "uiStateJSON": {}, "version": 1, "visState": { @@ -538,8 +783,8 @@ "enabled": true, "id": "1", "params": { - "customLabel": "Cache Fanout Avg", - "field": "nats.subscriptions.cache.fanout.avg" + "customLabel": "Cache Hit Rate", + "field": "nats.subscriptions.cache.hit_rate" }, "schema": "metric", "type": "avg" @@ -548,7 +793,6 @@ "enabled": true, "id": "2", "params": { - "customInterval": "2h", "extended_bounds": {}, "field": "@timestamp", "interval": "auto", @@ -556,46 +800,6 @@ }, "schema": "segment", "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "customLabel": "Cache Fanout Max", - "field": "nats.subscriptions.cache.fanout.max" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "5", - "params": { - "customLabel": "Inserts", - "field": "nats.subscriptions.inserts" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "6", - "params": { - "customLabel": "Removes", - "field": "nats.subscriptions.removes" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "7", - "params": { - "customLabel": "Matches", - "field": "nats.subscriptions.matches" - }, - "schema": "metric", - "type": "avg" } ], "params": { @@ -630,7 +834,7 @@ { "data": { "id": "1", - "label": "Cache Fanout Avg" + "label": "Cache Hit Rate" }, "drawLinesBetweenPoints": true, "mode": "normal", @@ -638,54 +842,6 @@ "showCircles": true, "type": "line", "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "3", - "label": "Cache Fanout Max" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "5", - "label": "Inserts" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "6", - "label": "Removes" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "7", - "label": "Matches" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" } ], "times": [], @@ -708,659 +864,701 @@ "show": true, "style": {}, "title": { - "text": "Cache Fanout Avg" + "text": "Cache Hit Rate (%)" }, "type": "value" } ] }, - "title": "Subscription Stats Timeline [Metricbeat NATS] ECS", + "title": "Cache Hit Rate Timeline [Metricbeat NATS] ECS", "type": "line" } }, - "id": "754215c0-1e46-11e9-a1b4-79a7ae42ab61-ecs", + "id": "dff743a0-1f1c-11e9-a673-d9577e5e50eb-ecs", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "metricbeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], "type": "visualization", - "updated_at": "2019-01-23T14:55:04.899Z", - "version": 3 + "updated_at": "2020-11-19T15:52:48.969Z", + "version": "WzI1NiwxXQ==" }, { "attributes": { "description": "", "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "index": "metricbeat-*", - "query": { - "language": "kuery", - "query": "" - } - } + "searchSourceJSON": {} }, - "title": "Slow Consumers Timeline [Metricbeat NATS] ECS", + "title": "Memory Usage [Metricbeat NATS]", "uiStateJSON": {}, "version": 1, "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Slow Consumers", - "field": "nats.stats.slow_consumers" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "2", - "params": { - "customInterval": "2h", - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - } - ], + "aggs": [], "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metricbeat-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "e4c53250-2985-11eb-9192-5db805fbad79", + "index_pattern": "metricbeat-*", + "interval": "auto", + "isModelInvalid": false, + "series": [ { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" + "axis_position": "right", + "chart_type": "line", + "color": "#6092C0", + "fill": 0, + "formatter": "bytes", + "id": "e4c53251-2985-11eb-9192-5db805fbad79", + "label": "Memory Usage", + "line_width": 2, + "metrics": [ + { + "field": "nats.stats.mem.bytes", + "id": "e4c53252-2985-11eb-9192-5db805fbad79", + "type": "avg", + "unit": "" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "nats.server.id", + "type": "timeseries", + "value_template": "{{value}}" } ], - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "legendPosition": "right", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Slow Consumers" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Slow Consumers" - }, - "type": "value" - } - ] + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "tooltip_mode": "show_all", + "type": "timeseries" }, - "title": "Slow Consumers Timeline [Metricbeat NATS] ECS", - "type": "line" + "title": "Memory Usage [Metricbeat NATS]", + "type": "metrics" } }, - "id": "94534190-1e97-11e9-b9e7-93b3bd2eec90-ecs", + "id": "b877eb90-2988-11eb-8245-71f739a9f622", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [], "type": "visualization", - "updated_at": "2019-01-23T14:53:57.137Z", - "version": 2 + "updated_at": "2020-11-19T15:52:48.969Z", + "version": "WzI1NywxXQ==" }, { "attributes": { "description": "", "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "index": "metricbeat-*", - "query": { - "language": "kuery", - "query": "" - } - } + "searchSourceJSON": {} }, - "title": "IO Bytes Stats [Metricbeat NATS] ECS", + "title": "Incoming Bytes Rate [Metricbeat NATS]", "uiStateJSON": {}, "version": 1, "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "In Bytes", - "field": "nats.stats.in.bytes" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Out Bytes", - "field": "nats.stats.out.bytes" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "3", - "params": { - "customInterval": "2h", - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - } - ], + "aggs": [], "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metricbeat-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" }, - "legendPosition": "right", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "In Bytes" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - }, + "id": "e4c53250-2985-11eb-9192-5db805fbad79", + "index_pattern": "metricbeat-*", + "interval": "auto", + "isModelInvalid": false, + "series": [ { - "data": { - "id": "2", - "label": "Out Bytes" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" + "axis_position": "right", + "chart_type": "line", + "color": "#6092C0", + "fill": 0, + "formatter": "bytes", + "id": "e4c53251-2985-11eb-9192-5db805fbad79", + "label": "Incoming Bytes Rate", + "line_width": 2, + "metrics": [ + { + "field": "nats.stats.in.bytes", + "id": "e4c53252-2985-11eb-9192-5db805fbad79", + "type": "positive_rate" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "nats.server.id", + "type": "timeseries", + "value_template": "{{value}}" } ], - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "IO Bytes" - }, - "type": "value" - } - ] + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "tooltip_mode": "show_all", + "type": "timeseries" }, - "title": "IO Bytes Stats [Metricbeat NATS] ECS", - "type": "line" + "title": "Incoming Bytes Rate [Metricbeat NATS]", + "type": "metrics" } }, - "id": "be1d8a20-1e98-11e9-b9e7-93b3bd2eec90-ecs", + "id": "d3142a50-2987-11eb-8245-71f739a9f622", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [], "type": "visualization", - "updated_at": "2019-01-24T07:48:22.914Z", - "version": 4 + "updated_at": "2020-11-19T15:52:48.969Z", + "version": "WzI1OCwxXQ==" }, { "attributes": { "description": "", "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "index": "metricbeat-*", - "query": { - "language": "kuery", - "query": "" - } - } + "searchSourceJSON": {} }, - "title": "Memory Utilization Timeline [Metricbeat NATS] ECS", + "title": "Connection Incoming Bytes [Metricbeat NATS]", "uiStateJSON": {}, "version": 1, "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Memory Avg", - "field": "nats.stats.mem.bytes" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "2", - "params": { - "customInterval": "2h", - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - } - ], + "aggs": [], "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metricbeat-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" }, - "legendPosition": "right", - "seriesParams": [ + "id": "e4c53250-2985-11eb-9192-5db805fbad79", + "index_pattern": "metricbeat-*", + "interval": "auto", + "isModelInvalid": false, + "series": [ { - "data": { - "id": "1", - "label": "Memory Avg" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" + "axis_position": "right", + "chart_type": "line", + "color": "#6092C0", + "fill": 0, + "formatter": "bytes", + "id": "e4c53251-2985-11eb-9192-5db805fbad79", + "label": "Connection Incoming Bytes", + "line_width": 2, + "metrics": [ + { + "field": "nats.connection.in.bytes", + "id": "e4c53252-2985-11eb-9192-5db805fbad79", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "nats.connection.name", + "type": "timeseries", + "value_template": "{{value}}" } ], - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Memory Avg (Bytes)" - }, - "type": "value" - } - ] + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "tooltip_mode": "show_all", + "type": "timeseries" }, - "title": "Memory Utilization Timeline [Metricbeat NATS] ECS", - "type": "line" + "title": "Connection Incoming Bytes [Metricbeat NATS]", + "type": "metrics" } }, - "id": "8204e820-1e99-11e9-b9e7-93b3bd2eec90-ecs", + "id": "5146f2a0-2987-11eb-8245-71f739a9f622", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [], "type": "visualization", - "updated_at": "2019-01-24T07:52:55.445Z", - "version": 5 + "updated_at": "2020-11-19T15:52:48.969Z", + "version": "WzI1OSwxXQ==" }, { "attributes": { "description": "", "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "index": "metricbeat-*", - "query": { - "language": "kuery", - "query": "" - } - } + "searchSourceJSON": {} }, - "title": "IO Messages Stats [Metricbeat NATS] ECS", + "title": "Incoming Messages Rate [Metricbeat NATS]", "uiStateJSON": {}, "version": 1, "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "In Messages", - "field": "nats.stats.in.messages" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Out Messages", - "field": "nats.stats.out.messages" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "3", - "params": { - "customInterval": "2h", - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - } - ], + "aggs": [], "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metricbeat-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "e4c53250-2985-11eb-9192-5db805fbad79", + "index_pattern": "metricbeat-*", + "interval": "auto", + "isModelInvalid": false, + "series": [ { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" + "axis_position": "right", + "chart_type": "line", + "color": "#6092C0", + "fill": 0, + "formatter": "number", + "id": "e4c53251-2985-11eb-9192-5db805fbad79", + "label": "Incoming Messages Rate", + "line_width": 2, + "metrics": [ + { + "field": "nats.stats.in.messages", + "id": "e4c53252-2985-11eb-9192-5db805fbad79", + "type": "positive_rate", + "unit": "" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "nats.server.id", + "type": "timeseries", + "value_template": "{{value}}" } ], - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "tooltip_mode": "show_all", + "type": "timeseries" + }, + "title": "Incoming Messages Rate [Metricbeat NATS]", + "type": "metrics" + } + }, + "id": "eeb33da0-2987-11eb-8245-71f739a9f622", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [], + "type": "visualization", + "updated_at": "2020-11-19T15:52:48.969Z", + "version": "WzI2MCwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Connections [Metricbeat NATS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metricbeat-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" }, - "legendPosition": "right", - "seriesParams": [ + "id": "e4c53250-2985-11eb-9192-5db805fbad79", + "index_pattern": "metricbeat-*", + "interval": "auto", + "isModelInvalid": false, + "series": [ { - "data": { - "id": "1", - "label": "In Messages" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "2", - "label": "Out Messages" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" + "axis_position": "right", + "chart_type": "line", + "color": "#6092C0", + "fill": 0, + "formatter": "number", + "id": "e4c53251-2985-11eb-9192-5db805fbad79", + "label": "Connections", + "line_width": 2, + "metrics": [ + { + "field": "nats.stats.total_connections", + "id": "e4c53252-2985-11eb-9192-5db805fbad79", + "type": "positive_rate", + "unit": "" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "nats.server.id", + "type": "timeseries", + "value_template": "{{value}}" } ], - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "IO Messages" - }, - "type": "value" - } - ] + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "tooltip_mode": "show_all", + "type": "timeseries" }, - "title": "IO Messages Stats [Metricbeat NATS] ECS", - "type": "line" + "title": "Connections [Metricbeat NATS]", + "type": "metrics" } }, - "id": "cdbf4110-1f0d-11e9-a673-d9577e5e50eb-ecs", + "id": "431edfc0-2988-11eb-8245-71f739a9f622", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [], "type": "visualization", - "updated_at": "2019-01-24T07:47:25.774Z", - "version": 2 + "updated_at": "2020-11-19T15:52:48.969Z", + "version": "WzI2MSwxXQ==" }, { "attributes": { "description": "", "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "index": "metricbeat-*", - "query": { + "searchSourceJSON": {} + }, + "title": "Connections Uptime [Metricbeat NATS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metricbeat-*", + "default_timefield": "@timestamp", + "filter": { "language": "kuery", "query": "" - } - } + }, + "id": "e4c53250-2985-11eb-9192-5db805fbad79", + "index_pattern": "metricbeat-*", + "interval": "auto", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#6092C0", + "fill": 0, + "formatter": "s,s,", + "id": "e4c53251-2985-11eb-9192-5db805fbad79", + "label": "Connection Uptime", + "line_width": 2, + "metrics": [ + { + "field": "nats.connection.uptime", + "id": "e4c53252-2985-11eb-9192-5db805fbad79", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "nats.connection.name", + "type": "timeseries", + "value_template": "{{value}}" + } + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "tooltip_mode": "show_all", + "type": "timeseries" + }, + "title": "Connections Uptime [Metricbeat NATS]", + "type": "metrics" + } + }, + "id": "898d2fe0-2986-11eb-8245-71f739a9f622", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [], + "type": "visualization", + "updated_at": "2020-11-19T15:52:48.969Z", + "version": "WzI2MiwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} }, - "title": "CPU Utilization Timeline [Metricbeat NATS] ECS", + "title": "Total Routes [Metricbeat NATS]", "uiStateJSON": {}, "version": 1, "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "CPU Avg", - "field": "nats.stats.cpu" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "2", - "params": { - "customInterval": "2h", - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - } - ], + "aggs": [], "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metricbeat-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "e4c53250-2985-11eb-9192-5db805fbad79", + "index_pattern": "metricbeat-*", + "interval": "auto", + "isModelInvalid": false, + "series": [ { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" + "axis_position": "right", + "chart_type": "line", + "color": "#6092C0", + "fill": 0, + "formatter": "number", + "id": "e4c53251-2985-11eb-9192-5db805fbad79", + "label": "Routes", + "line_width": 2, + "metrics": [ + { + "field": "nats.routes.total", + "id": "e4c53252-2985-11eb-9192-5db805fbad79", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "nats.server.id", + "value_template": "{{value}}" } ], - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "tooltip_mode": "show_all", + "type": "timeseries" + }, + "title": "Total Routes [Metricbeat NATS]", + "type": "metrics" + } + }, + "id": "3a670a80-2986-11eb-8245-71f739a9f622", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [], + "type": "visualization", + "updated_at": "2020-11-19T15:52:48.969Z", + "version": "WzI2MywxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Total Connections [Metricbeat NATS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metricbeat-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" }, - "legendPosition": "right", - "seriesParams": [ + "id": "e4c53250-2985-11eb-9192-5db805fbad79", + "index_pattern": "metricbeat-*", + "interval": "auto", + "isModelInvalid": false, + "series": [ { - "data": { - "id": "1", - "label": "CPU Avg" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" + "axis_position": "right", + "chart_type": "line", + "color": "#6092C0", + "fill": 0, + "formatter": "number", + "id": "e4c53251-2985-11eb-9192-5db805fbad79", + "label": "Connections", + "line_width": 2, + "metrics": [ + { + "field": "nats.connections.total", + "id": "e4c53252-2985-11eb-9192-5db805fbad79", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "nats.server.id", + "type": "timeseries", + "value_template": "{{value}}" } ], - "times": [], - "type": "line", - "valueAxes": [ + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "tooltip_mode": "show_all", + "type": "timeseries" + }, + "title": "Total Connections [Metricbeat NATS]", + "type": "metrics" + } + }, + "id": "55c2d340-2986-11eb-8245-71f739a9f622", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [], + "type": "visualization", + "updated_at": "2020-11-19T15:52:48.969Z", + "version": "WzI2NCwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": {} + }, + "title": "Connection Pending Bytes [Metricbeat NATS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metricbeat-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" + }, + "id": "e4c53250-2985-11eb-9192-5db805fbad79", + "index_pattern": "metricbeat-*", + "interval": "auto", + "isModelInvalid": false, + "series": [ { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "CPU Avg (%)" - }, - "type": "value" + "axis_position": "right", + "chart_type": "line", + "color": "#6092C0", + "fill": 0, + "formatter": "bytes", + "id": "e4c53251-2985-11eb-9192-5db805fbad79", + "label": "Connection Pending Bytes", + "line_width": 2, + "metrics": [ + { + "field": "nats.connection.pending_bytes", + "id": "e4c53252-2985-11eb-9192-5db805fbad79", + "type": "avg" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "nats.connection.name", + "type": "timeseries", + "value_template": "{{value}}" } - ] + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "tooltip_mode": "show_all", + "type": "timeseries" }, - "title": "CPU Utilization Timeline [Metricbeat NATS] ECS", - "type": "line" + "title": "Connection Pending Bytes [Metricbeat NATS]", + "type": "metrics" } }, - "id": "138dc660-1f1a-11e9-a673-d9577e5e50eb-ecs", + "id": "68d40020-2987-11eb-8245-71f739a9f622", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [], "type": "visualization", - "updated_at": "2019-01-24T07:51:51.767Z", - "version": 2 + "updated_at": "2020-11-19T15:52:48.969Z", + "version": "WzI2NSwxXQ==" }, { "attributes": { @@ -1368,322 +1566,236 @@ "kibanaSavedObjectMeta": { "searchSourceJSON": { "filter": [], - "index": "metricbeat-*", "query": { "language": "kuery", "query": "" } } }, - "title": "Cache Hit Rate Timeline [Metricbeat NATS] ECS", + "title": "Slow Consumers [Metricbeat NATS]", "uiStateJSON": {}, "version": 1, "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": { - "customLabel": "Cache Hit Rate", - "field": "nats.subscriptions.cache.hit_rate" - }, - "schema": "metric", - "type": "avg" - }, - { - "enabled": true, - "id": "2", - "params": { - "customInterval": "2h", - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - } - ], + "aggs": [], "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": {}, - "type": "category" - } - ], - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metricbeat-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" }, - "legendPosition": "right", - "seriesParams": [ + "id": "e4c53250-2985-11eb-9192-5db805fbad79", + "index_pattern": "metricbeat-*", + "interval": "auto", + "isModelInvalid": false, + "series": [ { - "data": { - "id": "1", - "label": "Cache Hit Rate" - }, - "drawLinesBetweenPoints": true, - "mode": "normal", - "show": "true", - "showCircles": true, - "type": "line", - "valueAxis": "ValueAxis-1" + "axis_position": "right", + "chart_type": "line", + "color": "#6092C0", + "fill": 0, + "formatter": "number", + "id": "e4c53251-2985-11eb-9192-5db805fbad79", + "label": "Slow Consumers", + "line_width": 2, + "metrics": [ + { + "field": "nats.stats.slow_consumers", + "id": "e4c53252-2985-11eb-9192-5db805fbad79", + "type": "avg", + "unit": "" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_mode": "terms", + "stacked": "none", + "terms_field": "nats.server.id", + "type": "timeseries", + "value_template": "{{value}}" } ], - "times": [], - "type": "line", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Cache Hit Rate (%)" - }, - "type": "value" - } - ] + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "tooltip_mode": "show_all", + "type": "timeseries" }, - "title": "Cache Hit Rate Timeline [Metricbeat NATS] ECS", - "type": "line" + "title": "Slow Consumers [Metricbeat NATS]", + "type": "metrics" } }, - "id": "dff743a0-1f1c-11e9-a673-d9577e5e50eb-ecs", + "id": "84e60a90-2a79-11eb-952d-594e5c56d011", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [], "type": "visualization", - "updated_at": "2019-01-23T14:57:20.994Z", - "version": 2 + "updated_at": "2020-11-19T15:52:48.969Z", + "version": "WzI2NiwxXQ==" }, { "attributes": { - "description": "Overview of NATS server status", - "hits": 0, + "description": "", "kibanaSavedObjectMeta": { "searchSourceJSON": { "filter": [], - "highlightAll": true, "query": { "language": "kuery", "query": "" - }, - "version": true + } } }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": {}, - "gridData": { - "h": 11, - "i": "6", - "w": 24, - "x": 0, - "y": 45 - }, - "id": "b129b220-1e44-11e9-a1b4-79a7ae42ab61-ecs", - "panelIndex": "6", - "type": "visualization", - "version": "6.5.4" - }, - { - "embeddableConfig": {}, - "gridData": { - "h": 7, - "i": "7", - "w": 13, - "x": 24, - "y": 34 - }, - "id": "30a61c00-1e45-11e9-a1b4-79a7ae42ab61-ecs", - "panelIndex": "7", - "type": "visualization", - "version": "6.5.4" - }, - { - "embeddableConfig": {}, - "gridData": { - "h": 7, - "i": "8", - "w": 11, - "x": 37, - "y": 34 - }, - "id": "206f1bc0-1e45-11e9-a1b4-79a7ae42ab61-ecs", - "panelIndex": "8", - "type": "visualization", - "version": "6.5.4" - }, - { - "embeddableConfig": {}, - "gridData": { - "h": 8, - "i": "9", - "w": 8, - "x": 24, - "y": 41 - }, - "id": "4c380ff0-1e45-11e9-a1b4-79a7ae42ab61-ecs", - "panelIndex": "9", - "type": "visualization", - "version": "6.5.4" - }, - { - "embeddableConfig": {}, - "gridData": { - "h": 11, - "i": "11", - "w": 24, - "x": 0, - "y": 34 - }, - "id": "199d3d30-1e46-11e9-a1b4-79a7ae42ab61-ecs", - "panelIndex": "11", - "type": "visualization", - "version": "6.5.4" - }, - { - "embeddableConfig": {}, - "gridData": { - "h": 10, - "i": "12", - "w": 18, - "x": 15, - "y": 0 - }, - "id": "754215c0-1e46-11e9-a1b4-79a7ae42ab61-ecs", - "panelIndex": "12", - "type": "visualization", - "version": "6.5.4" - }, - { - "embeddableConfig": {}, - "gridData": { - "h": 10, - "i": "13", - "w": 15, - "x": 0, - "y": 0 - }, - "id": "94534190-1e97-11e9-b9e7-93b3bd2eec90-ecs", - "panelIndex": "13", - "type": "visualization", - "version": "6.5.4" - }, - { - "embeddableConfig": {}, - "gridData": { - "h": 12, - "i": "14", - "w": 24, - "x": 24, - "y": 10 + "title": "Subscription Cache Actions [Metricbeat NATS]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "axis_formatter": "number", + "axis_min": 0, + "axis_position": "left", + "axis_scale": "normal", + "default_index_pattern": "metricbeat-*", + "default_timefield": "@timestamp", + "filter": { + "language": "kuery", + "query": "" }, - "id": "be1d8a20-1e98-11e9-b9e7-93b3bd2eec90-ecs", - "panelIndex": "14", - "type": "visualization", - "version": "6.5.4" - }, - { - "embeddableConfig": { - "vis": { - "legendOpen": true + "id": "a9b96760-2a81-11eb-8cd4-770b42226f97", + "index_pattern": "metricbeat-*", + "interval": "auto", + "isModelInvalid": false, + "series": [ + { + "axis_position": "right", + "chart_type": "line", + "color": "#6092C0", + "fill": 0, + "formatter": "number", + "id": "a9b96761-2a81-11eb-8cd4-770b42226f97", + "label": "rate(inserts)", + "line_width": 2, + "metrics": [ + { + "field": "nats.subscriptions.inserts", + "id": "a9b96762-2a81-11eb-8cd4-770b42226f97", + "type": "max" + }, + { + "field": "a9b96762-2a81-11eb-8cd4-770b42226f97", + "id": "a9b96764-2a81-11eb-8cd4-770b42226f97", + "type": "derivative", + "unit": "1s" + }, + { + "field": "a9b96764-2a81-11eb-8cd4-770b42226f97", + "id": "a9b96763-2a81-11eb-8cd4-770b42226f97", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}/s" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#D36086", + "fill": 0, + "formatter": "number", + "id": "a9b96765-2a81-11eb-8cd4-770b42226f97", + "label": "rate(removes)", + "line_width": 2, + "metrics": [ + { + "field": "nats.subscriptions.removes", + "id": "a9b96766-2a81-11eb-8cd4-770b42226f97", + "type": "max" + }, + { + "field": "a9b96766-2a81-11eb-8cd4-770b42226f97", + "id": "a9b96768-2a81-11eb-8cd4-770b42226f97", + "type": "derivative", + "unit": "1s" + }, + { + "field": "a9b96768-2a81-11eb-8cd4-770b42226f97", + "id": "a9b96767-2a81-11eb-8cd4-770b42226f97", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}/s" + }, + { + "axis_position": "right", + "chart_type": "line", + "color": "#54B399", + "fill": 0, + "formatter": "number", + "id": "a9b96769-2a81-11eb-8cd4-770b42226f97", + "label": "rate(matches)", + "line_width": 2, + "metrics": [ + { + "field": "nats.subscriptions.matches", + "id": "a9b9676a-2a81-11eb-8cd4-770b42226f97", + "type": "max" + }, + { + "field": "a9b9676a-2a81-11eb-8cd4-770b42226f97", + "id": "a9b9676c-2a81-11eb-8cd4-770b42226f97", + "type": "derivative", + "unit": "1s" + }, + { + "field": "a9b9676c-2a81-11eb-8cd4-770b42226f97", + "id": "a9b9676b-2a81-11eb-8cd4-770b42226f97", + "type": "positive_only" + } + ], + "point_size": 0, + "separate_axis": 0, + "split_mode": "everything", + "stacked": "none", + "value_template": "{{value}}/s" } - }, - "gridData": { - "h": 12, - "i": "15", - "w": 24, - "x": 24, - "y": 22 - }, - "id": "8204e820-1e99-11e9-b9e7-93b3bd2eec90-ecs", - "panelIndex": "15", - "type": "visualization", - "version": "6.5.4" - }, - { - "embeddableConfig": {}, - "gridData": { - "h": 12, - "i": "16", - "w": 24, - "x": 0, - "y": 10 - }, - "id": "cdbf4110-1f0d-11e9-a673-d9577e5e50eb-ecs", - "panelIndex": "16", - "type": "visualization", - "version": "6.3.2" - }, - { - "embeddableConfig": {}, - "gridData": { - "h": 12, - "i": "17", - "w": 24, - "x": 0, - "y": 22 - }, - "id": "138dc660-1f1a-11e9-a673-d9577e5e50eb-ecs", - "panelIndex": "17", - "type": "visualization", - "version": "6.3.2" + ], + "show_grid": 1, + "show_legend": 1, + "time_field": "@timestamp", + "tooltip_mode": "show_all", + "type": "timeseries" }, - { - "embeddableConfig": {}, - "gridData": { - "h": 10, - "i": "18", - "w": 15, - "x": 33, - "y": 0 - }, - "id": "dff743a0-1f1c-11e9-a673-d9577e5e50eb-ecs", - "panelIndex": "18", - "type": "visualization", - "version": "6.3.2" - } - ], - "timeRestore": false, - "title": "[Metricbeat NATS] Overview ECS", - "version": 1 + "title": "Subscription Cache Actions [Metricbeat NATS]", + "type": "metrics" + } }, - "id": "Metricbeat-Nats-Dashboard-ecs", - "type": "dashboard", - "updated_at": "2019-01-24T08:13:29.732Z", - "version": 4 + "id": "d80d4c30-2a81-11eb-9625-31ed579c09b3", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [], + "type": "visualization", + "updated_at": "2020-11-19T16:11:12.882Z", + "version": "WzMyNjEsMV0=" } ], - "version": "6.3.2" + "version": "7.10.0" } From e8da54480b024e281e6747f7ee0b25234475dfb8 Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Mon, 23 Nov 2020 10:58:23 -0700 Subject: [PATCH 13/41] Add awsfargate module for AWS ECS Fargate (#22034) * Add awsfargate module for AWS ECS Fargate --- CHANGELOG.next.asciidoc | 1 + metricbeat/docs/fields.asciidoc | 529 ++++++++++++++++++ metricbeat/docs/modules/awsfargate.asciidoc | 86 +++ .../modules/awsfargate/task_stats.asciidoc | 25 + metricbeat/docs/modules_list.asciidoc | 3 + metricbeat/module/docker/cpu/cpu_test.go | 4 +- metricbeat/module/docker/cpu/helper.go | 28 +- metricbeat/scripts/mage/docs_collector.go | 2 +- x-pack/metricbeat/include/list.go | 2 + x-pack/metricbeat/metricbeat.reference.yml | 6 + .../module/awsfargate/_meta/config.yml | 4 + .../module/awsfargate/_meta/docs.asciidoc | 50 ++ .../module/awsfargate/_meta/fields.yml | 6 + .../module/awsfargate/awsfargate.go | 54 ++ .../module/awsfargate/cloudformation.yml | 82 +++ x-pack/metricbeat/module/awsfargate/doc.go | 5 + x-pack/metricbeat/module/awsfargate/fields.go | 23 + .../awsfargate/task_stats/_meta/data.json | 148 +++++ .../awsfargate/task_stats/_meta/docs.asciidoc | 153 +++++ .../awsfargate/task_stats/_meta/fields.yml | 298 ++++++++++ .../task_stats/_meta/testdata/task.json | 17 + .../task_stats/_meta/testdata/task_stats.json | 119 ++++ .../module/awsfargate/task_stats/container.go | 48 ++ .../module/awsfargate/task_stats/cpu.go | 30 + .../module/awsfargate/task_stats/data.go | 164 ++++++ .../module/awsfargate/task_stats/diskio.go | 57 ++ .../module/awsfargate/task_stats/memory.go | 40 ++ .../module/awsfargate/task_stats/network.go | 23 + .../awsfargate/task_stats/task_stats.go | 193 +++++++ .../task_stats/task_stats_integration_test.go | 69 +++ .../awsfargate/task_stats/task_stats_test.go | 124 ++++ .../modules.d/awsfargate.yml.disabled | 7 + 32 files changed, 2383 insertions(+), 17 deletions(-) create mode 100644 metricbeat/docs/modules/awsfargate.asciidoc create mode 100644 metricbeat/docs/modules/awsfargate/task_stats.asciidoc create mode 100644 x-pack/metricbeat/module/awsfargate/_meta/config.yml create mode 100644 x-pack/metricbeat/module/awsfargate/_meta/docs.asciidoc create mode 100644 x-pack/metricbeat/module/awsfargate/_meta/fields.yml create mode 100644 x-pack/metricbeat/module/awsfargate/awsfargate.go create mode 100644 x-pack/metricbeat/module/awsfargate/cloudformation.yml create mode 100644 x-pack/metricbeat/module/awsfargate/doc.go create mode 100644 x-pack/metricbeat/module/awsfargate/fields.go create mode 100644 x-pack/metricbeat/module/awsfargate/task_stats/_meta/data.json create mode 100644 x-pack/metricbeat/module/awsfargate/task_stats/_meta/docs.asciidoc create mode 100644 x-pack/metricbeat/module/awsfargate/task_stats/_meta/fields.yml create mode 100644 x-pack/metricbeat/module/awsfargate/task_stats/_meta/testdata/task.json create mode 100644 x-pack/metricbeat/module/awsfargate/task_stats/_meta/testdata/task_stats.json create mode 100644 x-pack/metricbeat/module/awsfargate/task_stats/container.go create mode 100644 x-pack/metricbeat/module/awsfargate/task_stats/cpu.go create mode 100644 x-pack/metricbeat/module/awsfargate/task_stats/data.go create mode 100644 x-pack/metricbeat/module/awsfargate/task_stats/diskio.go create mode 100644 x-pack/metricbeat/module/awsfargate/task_stats/memory.go create mode 100644 x-pack/metricbeat/module/awsfargate/task_stats/network.go create mode 100644 x-pack/metricbeat/module/awsfargate/task_stats/task_stats.go create mode 100644 x-pack/metricbeat/module/awsfargate/task_stats/task_stats_integration_test.go create mode 100644 x-pack/metricbeat/module/awsfargate/task_stats/task_stats_test.go create mode 100644 x-pack/metricbeat/modules.d/awsfargate.yml.disabled diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 129ab8bc45ba..a2453a39a691 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -843,6 +843,7 @@ same journal. {pull}18467[18467] - Map cloud data filed `cloud.account.id` to azure subscription. {pull}21483[21483] {issue}21381[21381] - Move s3_daily_storage and s3_request metricsets to use cloudwatch input. {pull}21703[21703] - Duplicate system.process.cmdline field with process.command_line ECS field name. {pull}22325[22325] +- Add awsfargate module task_stats metricset to monitor AWS ECS Fargate. {pull}22034[22034] - Add connection and route metricsets for nats metricbeat module to collect metrics per connection/route. {pull}22445[22445] - Add unit file states to system/service {pull}22557[22557] diff --git a/metricbeat/docs/fields.asciidoc b/metricbeat/docs/fields.asciidoc index 5a706cea7829..4fce6fb4a427 100644 --- a/metricbeat/docs/fields.asciidoc +++ b/metricbeat/docs/fields.asciidoc @@ -17,6 +17,7 @@ grouped in the following categories: * <> * <> * <> +* <> * <> * <> * <> @@ -4589,6 +4590,534 @@ type: double -- +[[exported-fields-awsfargate]] +== AWS Fargate fields + +`awsfargate` module collects AWS fargate metrics from task metadata endpoint. + + + +[float] +=== task_stats + +`task_stats` contains the metrics that were scraped from AWS fargate task stats ${ECS_CONTAINER_METADATA_URI_V4}/task/stats metadata endpoint. + + + +[float] +=== cpu + +Runtime CPU metrics. + + +*`task_stats.cpu.kernel.pct`*:: ++ +-- +Percentage of time in kernel space. + + +type: scaled_float + +format: percent + +-- + +*`task_stats.cpu.kernel.norm.pct`*:: ++ +-- +Percentage of time in kernel space normalized by the number of CPU cores. + + +type: scaled_float + +format: percent + +-- + +*`task_stats.cpu.kernel.ticks`*:: ++ +-- +CPU ticks in kernel space. + + +type: long + +-- + +*`task_stats.cpu.system.pct`*:: ++ +-- +Percentage of total CPU time in the system. + + +type: scaled_float + +format: percent + +-- + +*`task_stats.cpu.system.norm.pct`*:: ++ +-- +Percentage of total CPU time in the system normalized by the number of CPU cores. + + +type: scaled_float + +format: percent + +-- + +*`task_stats.cpu.system.ticks`*:: ++ +-- +CPU system ticks. + + +type: long + +-- + +*`task_stats.cpu.user.pct`*:: ++ +-- +Percentage of time in user space. + + +type: scaled_float + +format: percent + +-- + +*`task_stats.cpu.user.norm.pct`*:: ++ +-- +Percentage of time in user space normalized by the number of CPU cores. + + +type: scaled_float + +format: percent + +-- + +*`task_stats.cpu.user.ticks`*:: ++ +-- +CPU ticks in user space. + + +type: long + +-- + +*`task_stats.cpu.total.pct`*:: ++ +-- +Total CPU usage. + + +type: scaled_float + +format: percent + +-- + +*`task_stats.cpu.total.norm.pct`*:: ++ +-- +Total CPU usage normalized by the number of CPU cores. + + +type: scaled_float + +format: percent + +-- + +[float] +=== diskio + +Disk I/O metrics. + + +[float] +=== read + +Accumulated reads during the life of the container + + + +*`task_stats.diskio.read.ops`*:: ++ +-- +Number of reads during the life of the container + + +type: long + +-- + +*`task_stats.diskio.read.bytes`*:: ++ +-- +Bytes read during the life of the container + + +type: long + +format: bytes + +-- + +*`task_stats.diskio.read.rate`*:: ++ +-- +Number of current reads per second + + +type: long + +-- + +*`task_stats.diskio.read.service_time`*:: ++ +-- +Total time to service IO requests, in nanoseconds + + +type: long + +-- + +*`task_stats.diskio.read.wait_time`*:: ++ +-- +Total time requests spent waiting in queues for service, in nanoseconds + + +type: long + +-- + +*`task_stats.diskio.read.queued`*:: ++ +-- +Total number of queued requests + + +type: long + +-- + +*`task_stats.diskio.read.reads`*:: ++ +-- + +deprecated:[6.4] + +Number of current reads per second + + +type: scaled_float + +-- + +[float] +=== write + +Accumulated writes during the life of the container + + + +*`task_stats.diskio.read.write.ops`*:: ++ +-- +Number of writes during the life of the container + + +type: long + +-- + +*`task_stats.diskio.read.write.bytes`*:: ++ +-- +Bytes written during the life of the container + + +type: long + +format: bytes + +-- + +*`task_stats.diskio.read.write.rate`*:: ++ +-- +Number of current writes per second + + +type: long + +-- + +*`task_stats.diskio.read.write.service_time`*:: ++ +-- +Total time to service IO requests, in nanoseconds + + +type: long + +-- + +*`task_stats.diskio.read.write.wait_time`*:: ++ +-- +Total time requests spent waiting in queues for service, in nanoseconds + + +type: long + +-- + +*`task_stats.diskio.read.write.queued`*:: ++ +-- +Total number of queued requests + + +type: long + +-- + +*`task_stats.diskio.read.writes`*:: ++ +-- + +deprecated:[6.4] + +Number of current writes per second + + +type: scaled_float + +-- + +[float] +=== summary + +Accumulated reads and writes during the life of the container + + + +*`task_stats.diskio.read.summary.ops`*:: ++ +-- +Number of I/O operations during the life of the container + + +type: long + +-- + +*`task_stats.diskio.read.summary.bytes`*:: ++ +-- +Bytes read and written during the life of the container + + +type: long + +format: bytes + +-- + +*`task_stats.diskio.read.summary.rate`*:: ++ +-- +Number of current operations per second + + +type: long + +-- + +*`task_stats.diskio.read.summary.service_time`*:: ++ +-- +Total time to service IO requests, in nanoseconds + + +type: long + +-- + +*`task_stats.diskio.read.summary.wait_time`*:: ++ +-- +Total time requests spent waiting in queues for service, in nanoseconds + + +type: long + +-- + +*`task_stats.diskio.read.summary.queued`*:: ++ +-- +Total number of queued requests + + +type: long + +-- + +*`task_stats.diskio.read.total`*:: ++ +-- + +deprecated:[6.4] + +Number of reads and writes per second + + +type: scaled_float + +-- + +[float] +=== memory + +Memory metrics. + + +*`task_stats.memory.stats.*`*:: ++ +-- +Raw memory stats from the cgroups memory.stat interface + + +type: object + +-- + +[float] +=== network + +Network metrics. + + +*`task_stats.network.interface`*:: ++ +-- +Network interface name. + + +type: keyword + +-- + +[float] +=== inbound + +Incoming network stats since the container started. + + + +*`task_stats.network.inbound.bytes`*:: ++ +-- +Total number of incoming bytes. + + +type: long + +format: bytes + +-- + +*`task_stats.network.inbound.dropped`*:: ++ +-- +Total number of dropped incoming packets. + + +type: long + +-- + +*`task_stats.network.inbound.errors`*:: ++ +-- +Total errors on incoming packets. + + +type: long + +-- + +*`task_stats.network.inbound.packets`*:: ++ +-- +Total number of incoming packets. + + +type: long + +-- + +[float] +=== outbound + +Outgoing network stats since the container started. + + + +*`task_stats.network.outbound.bytes`*:: ++ +-- +Total number of outgoing bytes. + + +type: long + +format: bytes + +-- + +*`task_stats.network.outbound.dropped`*:: ++ +-- +Total number of dropped outgoing packets. + + +type: long + +-- + +*`task_stats.network.outbound.errors`*:: ++ +-- +Total errors on outgoing packets. + + +type: long + +-- + +*`task_stats.network.outbound.packets`*:: ++ +-- +Total number of outgoing packets. + + +type: long + +-- + [[exported-fields-azure]] == Azure fields diff --git a/metricbeat/docs/modules/awsfargate.asciidoc b/metricbeat/docs/modules/awsfargate.asciidoc new file mode 100644 index 000000000000..1de246049d79 --- /dev/null +++ b/metricbeat/docs/modules/awsfargate.asciidoc @@ -0,0 +1,86 @@ +//// +This file is generated! See scripts/mage/docs_collector.go +//// + +[[metricbeat-module-awsfargate]] +[role="xpack"] +== AWS Fargate module + +beta[] + +Amazon ECS on Fargate provides a method to retrieve various metadata, network +metrics, and Docker stats about tasks and containers. This is referred to as the +https://docs.aws.amazon.com/AmazonECS/latest/userguide/task-metadata-endpoint-v4-fargate.html[task metadata endpoint] +and this endpoint is available per container. + +The environment variable is injected by default into the containers of Amazon +ECS tasks on Fargate that use platform version 1.4.0 or later and Amazon ECS +tasks on Amazon EC2 that are running at least version 1.39.0 of the Amazon ECS +container agent. + +The awsfargate module is a Metricbeat module which collects AWS fargate metrics +from task metadata endpoint. + +[float] +== Introduction to AWS ECS and Fargate +Amazon Elastic Container Service (Amazon ECS) is a highly scalable, fast, +container management service that makes it easy to run, stop, and manage +containers. ECS has two launch types that can define how compute resources will +be managed: ECS EC2 and ECS Fargate. + +* *ECS EC2* + +ECS EC2 launches containers that run on EC2 instances. Users have to manage EC2 +instances. Pricing depends on the number of EC2 instances running. + +* *ECS Fargate* + +ECS Fargate removes the responsibility of provisioning, configuring, and +managing the EC2 instances by allowing AWS to manage the EC2 instances. Users +only need to specify containers and tasks. Pricing based on the number of tasks. + +[float] +== Task Metadata Endpoint +https://docs.aws.amazon.com/AmazonECS/latest/userguide/task-metadata-endpoint-v4-fargate.html[Task metadata endpoint] +returns https://docs.docker.com/engine/api/v1.30/#operation/ContainerStats[Docker stats] +in JSON format for all the containers associated with the task. +This endpoint is only available from within the task definition itself, which +means Metricbeat needs to be run as a sidecar container within the task +definition. Since the metadata endpoint is only accessible from within the +Fargate Task, there is no authentication in place. + +[float] +== Metricsets +Currently, we have `task_stats` metricset in `awsfargate` module. + +[float] +=== `task_stats` +This metricset collects runtime CPU metrics, disk I/O metrics, memory metrics, +network metrics and container metadata from both endpoint +`${ECS_CONTAINER_METADATA_URI_V4}/task/stats` and `${ECS_CONTAINER_METADATA_URI_V4}/task`. + + +[float] +=== Example configuration + +The AWS Fargate module supports the standard configuration options that are described +in <>. Here is an example configuration: + +[source,yaml] +---- +metricbeat.modules: +- module: awsfargate + period: 10s + metricsets: + - task_stats +---- + +[float] +=== Metricsets + +The following metricsets are available: + +* <> + +include::awsfargate/task_stats.asciidoc[] + diff --git a/metricbeat/docs/modules/awsfargate/task_stats.asciidoc b/metricbeat/docs/modules/awsfargate/task_stats.asciidoc new file mode 100644 index 000000000000..9e43c8a2cead --- /dev/null +++ b/metricbeat/docs/modules/awsfargate/task_stats.asciidoc @@ -0,0 +1,25 @@ +//// +This file is generated! See scripts/mage/docs_collector.go +//// + +[[metricbeat-metricset-awsfargate-task_stats]] +[role="xpack"] +=== AWS Fargate task_stats metricset + +beta[] + +include::../../../../x-pack/metricbeat/module/awsfargate/task_stats/_meta/docs.asciidoc[] + +This is a default metricset. If the host module is unconfigured, this metricset is enabled by default. + +==== Fields + +For a description of each field in the metricset, see the +<> section. + +Here is an example document generated by this metricset: + +[source,json] +---- +include::../../../../x-pack/metricbeat/module/awsfargate/task_stats/_meta/data.json[] +---- diff --git a/metricbeat/docs/modules_list.asciidoc b/metricbeat/docs/modules_list.asciidoc index 68476e1acaa5..847a13703ce4 100644 --- a/metricbeat/docs/modules_list.asciidoc +++ b/metricbeat/docs/modules_list.asciidoc @@ -32,6 +32,8 @@ This file is generated! See scripts/mage/docs_collector.go |<> beta[] |<> beta[] |<> beta[] +|<> beta[] |image:./images/icon-no.png[No prebuilt dashboards] | +.1+| .1+| |<> beta[] |<> |image:./images/icon-yes.png[Prebuilt dashboards are available] | .11+| .11+| |<> beta[] |<> beta[] @@ -298,6 +300,7 @@ include::modules/aerospike.asciidoc[] include::modules/apache.asciidoc[] include::modules/appsearch.asciidoc[] include::modules/aws.asciidoc[] +include::modules/awsfargate.asciidoc[] include::modules/azure.asciidoc[] include::modules/beat.asciidoc[] include::modules/ceph.asciidoc[] diff --git a/metricbeat/module/docker/cpu/cpu_test.go b/metricbeat/module/docker/cpu/cpu_test.go index d14fda678d9b..d599abd19ed3 100644 --- a/metricbeat/module/docker/cpu/cpu_test.go +++ b/metricbeat/module/docker/cpu/cpu_test.go @@ -29,8 +29,8 @@ import ( var cpuService CPUService -func cpuUsageFor(stats types.StatsJSON) *cpuUsage { - u := cpuUsage{ +func cpuUsageFor(stats types.StatsJSON) *CPUUsage { + u := CPUUsage{ Stat: &docker.Stat{Stats: stats}, systemDelta: 1000000000, // Nanoseconds in a second } diff --git a/metricbeat/module/docker/cpu/helper.go b/metricbeat/module/docker/cpu/helper.go index 75527285f1ee..fcb8dc2de554 100644 --- a/metricbeat/module/docker/cpu/helper.go +++ b/metricbeat/module/docker/cpu/helper.go @@ -62,7 +62,7 @@ func (c *CPUService) getCPUStatsList(rawStats []docker.Stat, dedot bool) []CPUSt } func (c *CPUService) getCPUStats(myRawStat *docker.Stat, dedot bool) CPUStats { - usage := cpuUsage{Stat: myRawStat} + usage := CPUUsage{Stat: myRawStat} stats := CPUStats{ Time: common.Time(myRawStat.Stats.Read), @@ -89,7 +89,7 @@ func (c *CPUService) getCPUStats(myRawStat *docker.Stat, dedot bool) CPUStats { // TODO: These helper should be merged with the cpu helper in system/cpu -type cpuUsage struct { +type CPUUsage struct { *docker.Stat cpus uint32 @@ -98,7 +98,7 @@ type cpuUsage struct { // CPUS returns the number of cpus. If number of cpus is equal to zero, the field will // be updated/initialized with the corresponding value retrieved from Docker API. -func (u *cpuUsage) CPUs() uint32 { +func (u *CPUUsage) CPUs() uint32 { if u.cpus == 0 { if u.Stats.CPUStats.OnlineCPUs != 0 { u.cpus = u.Stats.CPUStats.OnlineCPUs @@ -119,7 +119,7 @@ func (u *cpuUsage) CPUs() uint32 { } // SystemDelta calculates system delta. -func (u *cpuUsage) SystemDelta() uint64 { +func (u *CPUUsage) SystemDelta() uint64 { if u.systemDelta == 0 { u.systemDelta = u.Stats.CPUStats.SystemUsage - u.Stats.PreCPUStats.SystemUsage } @@ -127,7 +127,7 @@ func (u *cpuUsage) SystemDelta() uint64 { } // PerCPU calculates per CPU usage. -func (u *cpuUsage) PerCPU() common.MapStr { +func (u *CPUUsage) PerCPU() common.MapStr { var output common.MapStr if len(u.Stats.CPUStats.CPUUsage.PercpuUsage) == len(u.Stats.PreCPUStats.CPUUsage.PercpuUsage) { output = common.MapStr{} @@ -151,42 +151,42 @@ func (u *cpuUsage) PerCPU() common.MapStr { } // TotalNormalized calculates total CPU usage normalized. -func (u *cpuUsage) Total() float64 { +func (u *CPUUsage) Total() float64 { return u.calculatePercentage(u.Stats.CPUStats.CPUUsage.TotalUsage, u.Stats.PreCPUStats.CPUUsage.TotalUsage, u.CPUs()) } // TotalNormalized calculates total CPU usage normalized by the number of CPU cores. -func (u *cpuUsage) TotalNormalized() float64 { +func (u *CPUUsage) TotalNormalized() float64 { return u.calculatePercentage(u.Stats.CPUStats.CPUUsage.TotalUsage, u.Stats.PreCPUStats.CPUUsage.TotalUsage, 1) } // InKernelMode calculates percentage of time in kernel space. -func (u *cpuUsage) InKernelMode() float64 { +func (u *CPUUsage) InKernelMode() float64 { return u.calculatePercentage(u.Stats.CPUStats.CPUUsage.UsageInKernelmode, u.Stats.PreCPUStats.CPUUsage.UsageInKernelmode, u.CPUs()) } // InKernelModeNormalized calculates percentage of time in kernel space normalized by the number of CPU cores. -func (u *cpuUsage) InKernelModeNormalized() float64 { +func (u *CPUUsage) InKernelModeNormalized() float64 { return u.calculatePercentage(u.Stats.CPUStats.CPUUsage.UsageInKernelmode, u.Stats.PreCPUStats.CPUUsage.UsageInKernelmode, 1) } // InUserMode calculates percentage of time in user space. -func (u *cpuUsage) InUserMode() float64 { +func (u *CPUUsage) InUserMode() float64 { return u.calculatePercentage(u.Stats.CPUStats.CPUUsage.UsageInUsermode, u.Stats.PreCPUStats.CPUUsage.UsageInUsermode, u.CPUs()) } // InUserModeNormalized calculates percentage of time in user space normalized by the number of CPU cores. -func (u *cpuUsage) InUserModeNormalized() float64 { +func (u *CPUUsage) InUserModeNormalized() float64 { return u.calculatePercentage(u.Stats.CPUStats.CPUUsage.UsageInUsermode, u.Stats.PreCPUStats.CPUUsage.UsageInUsermode, 1) } // System calculates percentage of total CPU time in the system. -func (u *cpuUsage) System() float64 { +func (u *CPUUsage) System() float64 { return u.calculatePercentage(u.Stats.CPUStats.SystemUsage, u.Stats.PreCPUStats.SystemUsage, u.CPUs()) } // SystemNormalized calculates percentage of total CPU time in the system, normalized by the number of CPU cores. -func (u *cpuUsage) SystemNormalized() float64 { +func (u *CPUUsage) SystemNormalized() float64 { return u.calculatePercentage(u.Stats.CPUStats.SystemUsage, u.Stats.PreCPUStats.SystemUsage, 1) } @@ -194,7 +194,7 @@ func (u *cpuUsage) SystemNormalized() float64 { // The "oldValue" refers to the CPU statistics of the last read. // Time here is expressed by second and not by nanoseconde. // The main goal is to expose the %, in the same way, it's displayed by docker Client. -func (u *cpuUsage) calculatePercentage(newValue uint64, oldValue uint64, numCPUS uint32) float64 { +func (u *CPUUsage) calculatePercentage(newValue uint64, oldValue uint64, numCPUS uint32) float64 { if newValue < oldValue { logp.Err("Error calculating CPU time change for docker module: new stats value (%v) is lower than the old one(%v)", newValue, oldValue) return -1 diff --git a/metricbeat/scripts/mage/docs_collector.go b/metricbeat/scripts/mage/docs_collector.go index b58bad3edae1..b505db79a69a 100644 --- a/metricbeat/scripts/mage/docs_collector.go +++ b/metricbeat/scripts/mage/docs_collector.go @@ -158,7 +158,7 @@ func getDefaultMetricsets() (map[string][]string, error) { return nil, err } for k, v := range msetMap { - masterMap[k] = v + masterMap[k] = append(masterMap[k], v...) } } diff --git a/x-pack/metricbeat/include/list.go b/x-pack/metricbeat/include/list.go index f4a2c1c6cfc9..15a643ec9296 100644 --- a/x-pack/metricbeat/include/list.go +++ b/x-pack/metricbeat/include/list.go @@ -17,6 +17,8 @@ import ( _ "github.com/elastic/beats/v7/x-pack/metricbeat/module/aws/ec2" _ "github.com/elastic/beats/v7/x-pack/metricbeat/module/aws/rds" _ "github.com/elastic/beats/v7/x-pack/metricbeat/module/aws/sqs" + _ "github.com/elastic/beats/v7/x-pack/metricbeat/module/awsfargate" + _ "github.com/elastic/beats/v7/x-pack/metricbeat/module/awsfargate/task_stats" _ "github.com/elastic/beats/v7/x-pack/metricbeat/module/azure" _ "github.com/elastic/beats/v7/x-pack/metricbeat/module/azure/app_insights" _ "github.com/elastic/beats/v7/x-pack/metricbeat/module/azure/billing" diff --git a/x-pack/metricbeat/metricbeat.reference.yml b/x-pack/metricbeat/metricbeat.reference.yml index 164dc564f2f8..0a6a954ec6f3 100644 --- a/x-pack/metricbeat/metricbeat.reference.yml +++ b/x-pack/metricbeat/metricbeat.reference.yml @@ -237,6 +237,12 @@ metricbeat.modules: - usage - vpn +#----------------------------- AWS Fargate Module ----------------------------- +- module: awsfargate + period: 10s + metricsets: + - task_stats + #-------------------------------- Azure Module -------------------------------- - module: azure metricsets: diff --git a/x-pack/metricbeat/module/awsfargate/_meta/config.yml b/x-pack/metricbeat/module/awsfargate/_meta/config.yml new file mode 100644 index 000000000000..b83eee4cccf2 --- /dev/null +++ b/x-pack/metricbeat/module/awsfargate/_meta/config.yml @@ -0,0 +1,4 @@ +- module: awsfargate + period: 10s + metricsets: + - task_stats diff --git a/x-pack/metricbeat/module/awsfargate/_meta/docs.asciidoc b/x-pack/metricbeat/module/awsfargate/_meta/docs.asciidoc new file mode 100644 index 000000000000..e0f7cb88e235 --- /dev/null +++ b/x-pack/metricbeat/module/awsfargate/_meta/docs.asciidoc @@ -0,0 +1,50 @@ +Amazon ECS on Fargate provides a method to retrieve various metadata, network +metrics, and Docker stats about tasks and containers. This is referred to as the +https://docs.aws.amazon.com/AmazonECS/latest/userguide/task-metadata-endpoint-v4-fargate.html[task metadata endpoint] +and this endpoint is available per container. + +The environment variable is injected by default into the containers of Amazon +ECS tasks on Fargate that use platform version 1.4.0 or later and Amazon ECS +tasks on Amazon EC2 that are running at least version 1.39.0 of the Amazon ECS +container agent. + +The awsfargate module is a Metricbeat module which collects AWS fargate metrics +from task metadata endpoint. + +[float] +== Introduction to AWS ECS and Fargate +Amazon Elastic Container Service (Amazon ECS) is a highly scalable, fast, +container management service that makes it easy to run, stop, and manage +containers. ECS has two launch types that can define how compute resources will +be managed: ECS EC2 and ECS Fargate. + +* *ECS EC2* + +ECS EC2 launches containers that run on EC2 instances. Users have to manage EC2 +instances. Pricing depends on the number of EC2 instances running. + +* *ECS Fargate* + +ECS Fargate removes the responsibility of provisioning, configuring, and +managing the EC2 instances by allowing AWS to manage the EC2 instances. Users +only need to specify containers and tasks. Pricing based on the number of tasks. + +[float] +== Task Metadata Endpoint +https://docs.aws.amazon.com/AmazonECS/latest/userguide/task-metadata-endpoint-v4-fargate.html[Task metadata endpoint] +returns https://docs.docker.com/engine/api/v1.30/#operation/ContainerStats[Docker stats] +in JSON format for all the containers associated with the task. +This endpoint is only available from within the task definition itself, which +means Metricbeat needs to be run as a sidecar container within the task +definition. Since the metadata endpoint is only accessible from within the +Fargate Task, there is no authentication in place. + +[float] +== Metricsets +Currently, we have `task_stats` metricset in `awsfargate` module. + +[float] +=== `task_stats` +This metricset collects runtime CPU metrics, disk I/O metrics, memory metrics, +network metrics and container metadata from both endpoint +`${ECS_CONTAINER_METADATA_URI_V4}/task/stats` and `${ECS_CONTAINER_METADATA_URI_V4}/task`. diff --git a/x-pack/metricbeat/module/awsfargate/_meta/fields.yml b/x-pack/metricbeat/module/awsfargate/_meta/fields.yml new file mode 100644 index 000000000000..11242ff2de3b --- /dev/null +++ b/x-pack/metricbeat/module/awsfargate/_meta/fields.yml @@ -0,0 +1,6 @@ +- key: awsfargate + title: "AWS Fargate" + description: > + `awsfargate` module collects AWS fargate metrics from task metadata endpoint. + release: beta + fields: diff --git a/x-pack/metricbeat/module/awsfargate/awsfargate.go b/x-pack/metricbeat/module/awsfargate/awsfargate.go new file mode 100644 index 000000000000..94a030b90ca4 --- /dev/null +++ b/x-pack/metricbeat/module/awsfargate/awsfargate.go @@ -0,0 +1,54 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package awsfargate + +import ( + "time" + + "github.com/elastic/beats/v7/metricbeat/mb" +) + +// Config defines all required and optional parameters for awsfargate metricsets +type Config struct { + Period time.Duration `config:"period" validate:"nonzero,required"` +} + +// MetricSet is the base metricset for all aws metricsets +type MetricSet struct { + mb.BaseMetricSet + Period time.Duration +} + +// ModuleName is the name of this module. +const ModuleName = "awsfargate" + +func init() { + if err := mb.Registry.AddModule(ModuleName, newModule); err != nil { + panic(err) + } +} + +func newModule(base mb.BaseModule) (mb.Module, error) { + var config Config + if err := base.UnpackConfig(&config); err != nil { + return nil, err + } + return &base, nil +} + +// NewMetricSet creates a base metricset for awsfargate metricsets +func NewMetricSet(base mb.BaseMetricSet) (*MetricSet, error) { + var config Config + err := base.Module().UnpackConfig(&config) + if err != nil { + return nil, err + } + + metricSet := MetricSet{ + BaseMetricSet: base, + Period: config.Period, + } + return &metricSet, nil +} diff --git a/x-pack/metricbeat/module/awsfargate/cloudformation.yml b/x-pack/metricbeat/module/awsfargate/cloudformation.yml new file mode 100644 index 000000000000..18e0759414ae --- /dev/null +++ b/x-pack/metricbeat/module/awsfargate/cloudformation.yml @@ -0,0 +1,82 @@ +AWSTemplateFormatVersion: "2010-09-09" +Parameters: + SubnetID: + Type: String +Resources: + Cluster: + Type: AWS::ECS::Cluster + Properties: + ClusterName: metricbeat-cloudformation-fargate + ClusterSettings: + - Name: containerInsights + Value: enabled + LogGroup: + Type: AWS::Logs::LogGroup + Properties: + LogGroupName: metricbeat-fargate-log-group + ExecutionRole: + Type: AWS::IAM::Role + Properties: + RoleName: ecsFargateTaskExecutionRole + AssumeRolePolicyDocument: + Statement: + - Effect: Allow + Principal: + Service: ecs-tasks.amazonaws.com + Action: sts:AssumeRole + ManagedPolicyArns: + - arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy + Policies: + - PolicyName: !Sub 'EcsTaskExecutionRole-${AWS::StackName}' + PolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Action: + - secretsmanager:GetSecretValue + Resource: + - + - + TaskDefinition: + Type: AWS::ECS::TaskDefinition + Properties: + Family: deployment-task-metricbeat + Cpu: 256 + Memory: 512 + NetworkMode: awsvpc + ExecutionRoleArn: !Ref ExecutionRole + ContainerDefinitions: + - Name: deployment-task-metricbeat-container + Image: kaiyansheng/metricbeat-awsfargate:v1 + Secrets: + - Name: ELASTIC_CLOUD_ID + ValueFrom: + - Name: ELASTIC_CLOUD_AUTH + ValueFrom: + LogConfiguration: + LogDriver: awslogs + Options: + awslogs-region: !Ref AWS::Region + awslogs-group: !Ref LogGroup + awslogs-stream-prefix: ecs + EntryPoint: + - sh + - -c + Command: + - ./metricbeat setup && ./metricbeat modules disable system && ./metricbeat modules enable awsfargate && ./metricbeat -e -E cloud.id=$ELASTIC_CLOUD_ID -E cloud.auth=$ELASTIC_CLOUD_AUTH + RequiresCompatibilities: + - EC2 + - FARGATE + Service: + Type: AWS::ECS::Service + Properties: + ServiceName: deployment-metricbeat-service + Cluster: !Ref Cluster + TaskDefinition: !Ref TaskDefinition + DesiredCount: 1 + LaunchType: FARGATE + NetworkConfiguration: + AwsvpcConfiguration: + AssignPublicIp: ENABLED + Subnets: + - !Ref SubnetID diff --git a/x-pack/metricbeat/module/awsfargate/doc.go b/x-pack/metricbeat/module/awsfargate/doc.go new file mode 100644 index 000000000000..516d3548dd20 --- /dev/null +++ b/x-pack/metricbeat/module/awsfargate/doc.go @@ -0,0 +1,5 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package awsfargate diff --git a/x-pack/metricbeat/module/awsfargate/fields.go b/x-pack/metricbeat/module/awsfargate/fields.go new file mode 100644 index 000000000000..9659165097f1 --- /dev/null +++ b/x-pack/metricbeat/module/awsfargate/fields.go @@ -0,0 +1,23 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package awsfargate + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("metricbeat", "awsfargate", asset.ModuleFieldsPri, AssetAwsfargate); err != nil { + panic(err) + } +} + +// AssetAwsfargate returns asset data. +// This is the base64 encoded gzipped contents of module/awsfargate. +func AssetAwsfargate() string { + return "eJzsWk1z2zYQvftX7Hh6yjTKJdODDp1RnWTGB9sZfzRHGQJXMioSYAAwitLpf+8ABCRKAimQsmTWDY8iwH1v9+0uPvQW5rgcAlmoKZEzovEMQDOd4hDOR1/u4FP56/kZQIKKSpZrJvgQfj8DAHhcz3uETCRFikBFmiLVCsx09xIy1JJRBVMpMtBEzc0vJCGaAPIkF4zrwRmAxBSJwiFMUJMzgCnDNFFDa8s8b4GTDIf2C2OliVarVwB6meMQZlIUeeXXAGr/PK4/8whUcE0YV6Cf1nD1E9GwQImgqCQ5JiWBKjNLxn4Dfvn748Xd+OLm+n50ef3xdnz18X70YXQ/Gj/cXo7/fP/POzP2XTk2SN8/227wz7Y7qi6hebHxe50/dnxyW3DNMoSLzw+e92BrfMhu1fYcJcd0kFO9M8TDUJSkmIynqSChQVMhM6KHkKOkyEMjGuLon8/lZDJDEFOwpBh34EDlhOI2sR0KXMjsP8ADDE6Ssh+YwGRpJcuLbILSTDCBpELiThh32GpG56qWair4rBsBg8B+O97/aqk09s71QpPUsSmDYDztoO6j0kcpNfA5VFKO9TEl5YBaE/VACoWyb3533jbQ9iWChd9H7exwOFQxlulJSlCM321uvLjP71cZWigy2wu3FzrZwtxFFp5VwtSciW7rmA9MzeHy3U3XRYxEktT6MWQ90j0jSousSInGxNpQkBSS8Zn1TMqmZXY9oV+BogwFqgZ8lYDIQ4kE+5IpkoZ5rldx7ExkDXey1NgZsBdu00ciSf1hPmEJHcZHlpunTnRa+58WUiLXLg65KW9IBQ8JuNKiUX5jFMemlB8ZaVkTbM/QwhuGyxuQ+LVApdWvpi5zwkWJOxxDD3xBmD4xao8TVG78bBAYaTAOXwssUBkFel6tuNjp4Tg9N5F12S2Nrkg169hIqhHfnqZS4swlUlPzhvDb4P2Lyn4h2Z7MrKvuLTBWq7w12LE6Npd6iCr3EKOkFtxgIwaHsYur/9EMYvpAS6ZlPzAsNfLDaTa0hWiWneLkc8XFa0+yQLs+cQzoz9MzoEXfODKLZ+8hENtHjkesW08pNdjzphKXKKskKbKMyOUp+0rZ9Qh/7R3GbOJEjpKYaa++09idhw/q62g5leD9bDsnZ/Gz7WwckvW06+wU85pM8VwyzMROu4k8Gruyc7sejNkLy8Gb2rMxMfkLg0eQ5YtxoyIqY8YZyXPGZ27C+Zvzbgdut2ThvOXuZctLZ1NCraeUezswb4FxjXJKaChZY07dqMgyVqedZ1sGXFgr2h6pGrEIDl8YT8SiLmNje3xTisAL9sYy7Zs/6DnkSOY9pPAZydzJIzpwK0qSfSMaxwsh5yYlFOrB/mp2mgNThw0cNlCoo3lNCUsHVBTBuwZoV5ajwH4iLAVrEOXubUoVWsr25fFp3OuKtYXTjFiq5i3VM9Sd27u7jVoaBvRayo1jKlGxxCydFGpQ7EfgGm6bV/gObpNVhKgh6k6uA7+rGmbeSvCucZukvd7bS7NJdS1RP9j7xBj9QYQGq1Qy8r1xXKQSoYUaoR1381yR7559zXVw9YnTIrTVI7TSJHRgWWEYpUdoUVCgJ6HcKDCBYHo+HLXpq93W+dfl5K4L/aalcIlgjsuFkKHtX4Q7PLqVGWu2/i8OjE9EETw3OPhO/pJTkZm1i3O32ygoxiluHraYN1JjElJjzPagL7fc29to5j1gv928zkikyPOT31k6q2ukOaFzrGsBHitKKeSx/wdRQi1NmZVvO4hu0InduR/j6ti30EdLvJtCz8T/OvGE90DvE2+FtL+J1w7iyyTeLsZ/AwAA//8SjLaw" +} diff --git a/x-pack/metricbeat/module/awsfargate/task_stats/_meta/data.json b/x-pack/metricbeat/module/awsfargate/task_stats/_meta/data.json new file mode 100644 index 000000000000..98a48adecbbf --- /dev/null +++ b/x-pack/metricbeat/module/awsfargate/task_stats/_meta/data.json @@ -0,0 +1,148 @@ +{ + "@timestamp": "2017-10-12T08:05:34.853Z", + "awsfargate": { + "task_stats": { + "cpu": { + "core": null, + "kernel": { + "norm": { + "pct": 0 + }, + "pct": 0, + "ticks": 1520000000 + }, + "system": { + "norm": { + "pct": 1 + }, + "pct": 2, + "ticks": 1420180000000 + }, + "total": { + "norm": { + "pct": 0.2 + }, + "pct": 0.4 + }, + "user": { + "norm": { + "pct": 0 + }, + "pct": 0, + "ticks": 490000000 + } + }, + "diskio": { + "read": { + "bytes": 3452928, + "ops": 118, + "queued": 0, + "rate": 0, + "service_time": 0, + "wait_time": 0 + }, + "reads": 0, + "summary": { + "bytes": 3452928, + "ops": 118, + "queued": 0, + "rate": 0, + "service_time": 0, + "wait_time": 0 + }, + "total": 0, + "write": { + "bytes": 0, + "ops": 0, + "queued": 0, + "rate": 0, + "service_time": 0, + "wait_time": 0 + }, + "writes": 0 + }, + "memory": { + "fail": { + "count": 0 + }, + "limit": 0, + "rss": { + "pct": 0.0010557805807105247, + "total": 4157440 + }, + "stats": { + "active_anon": 4157440, + "active_file": 4497408, + "cache": 6000640, + "dirty": 16384, + "hierarchical_memory_limit": 2147483648, + "hierarchical_memsw_limit": 9223372036854772000, + "inactive_anon": 0, + "inactive_file": 1503232, + "mapped_file": 2183168, + "pgfault": 6668, + "pgmajfault": 52, + "pgpgin": 5925, + "pgpgout": 3445, + "rss": 4157440, + "rss_huge": 0, + "total_active_anon": 4157440, + "total_active_file": 4497408, + "total_cache": 600064, + "total_dirty": 16384, + "total_inactive_anon": 0, + "total_inactive_file": 4497408, + "total_mapped_file": 2183168, + "total_pgfault": 6668, + "total_pgmajfault": 52, + "total_pgpgin": 5925, + "total_pgpgout": 3445, + "total_rss": 4157440, + "total_rss_huge": 0, + "total_unevictable": 0, + "total_writeback": 0, + "unevictable": 0, + "writeback": 0 + }, + "usage": { + "max": 15294464, + "pct": 0.003136136404770672, + "total": 12349440 + } + }, + "network": { + "eth0": { + "inbound": { + "bytes": 137315578, + "dropped": 0, + "errors": 0, + "packets": 94338 + }, + "outbound": { + "bytes": 1086811, + "dropped": 0, + "errors": 0, + "packets": 25857 + } + } + } + } + }, + "container": { + "id": "query-metadata-1", + "image": { + "name": "mreferre/eksutils" + }, + "labels": { + "com_amazonaws_ecs_cluster": "arn:aws:ecs:us-west-2:111122223333:cluster/default", + "com_amazonaws_ecs_container-name": "query-metadata", + "com_amazonaws_ecs_task-arn": "arn:aws:ecs:us-west-2:111122223333:task/default/febee046097849aba589d4435207c04a", + "com_amazonaws_ecs_task-definition-family": "query-metadata", + "com_amazonaws_ecs_task-definition-version": "7" + }, + "name": "query-metadata" + }, + "service": { + "type": "awsfargate" + } +} \ No newline at end of file diff --git a/x-pack/metricbeat/module/awsfargate/task_stats/_meta/docs.asciidoc b/x-pack/metricbeat/module/awsfargate/task_stats/_meta/docs.asciidoc new file mode 100644 index 000000000000..6d5983fe63dc --- /dev/null +++ b/x-pack/metricbeat/module/awsfargate/task_stats/_meta/docs.asciidoc @@ -0,0 +1,153 @@ +The `task_stats` metricset in `awsfargate` module allows users to monitor +containers inside the same AWS Fargate task. It fetches runtime CPU metrics, +disk I/O metrics, memory metrics, network metrics and container metadata from +both endpoint `${ECS_CONTAINER_METADATA_URI_V4}/task/stats` and +`${ECS_CONTAINER_METADATA_URI_V4}/task`. + +[float] +=== Configuration Example +This metricset should be ran as a sidecar inside the same AWS Fargate task +definition, and the default configuration file should work. + +[source,yaml] +---- +- module: awsfargate + period: 10s + metricsets: + - task_stats +---- + +[float] +=== Setup Metricbeat Using AWS Fargate +This section is to provide users an AWS native way of configuring Fargate task +definition to run application containers and Metricbeat container using AWS +CloudFormation. + +[float] +==== Store Elastic Cloud Credentials into AWS Secret Manager +If users are using Elastic Cloud, it's recommended to store cloud id and cloud +auth into AWS secret manager. Here are the AWS CLI example: + +Create secret ELASTIC_CLOUD_AUTH: +---- +aws --region us-east-1 secretsmanager create-secret --name ELASTIC_CLOUD_AUTH --secret-string XXX +---- + +Create secret ELASTIC_CLOUD_ID: +---- +aws --region us-east-1 secretsmanager create-secret --name ELASTIC_CLOUD_ID --secret-string YYYY +---- + +[float] +==== AWS CloudFormation Template Example +Here is an example of AWS CloudFormation template to create a new cluster, +create a task definition that runs Metricbeat container and start the service. +Please copy this section into a `cloud_formation.yml` file locally and replace +``, ``, and `` with +your own preferred names. Also you can find `` and +`` values from AWS secret manager. + +[source,yaml] +---- +AWSTemplateFormatVersion: "2010-09-09" +Parameters: + SubnetID: + Type: String +Resources: + Cluster: + Type: AWS::ECS::Cluster + Properties: + ClusterName: + ClusterSettings: + - Name: containerInsights + Value: enabled + LogGroup: + Type: AWS::Logs::LogGroup + Properties: + LogGroupName: + ExecutionRole: + Type: AWS::IAM::Role + Properties: + RoleName: ecsFargateTaskExecutionRole + AssumeRolePolicyDocument: + Statement: + - Effect: Allow + Principal: + Service: ecs-tasks.amazonaws.com + Action: sts:AssumeRole + ManagedPolicyArns: + - arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy + Policies: + - PolicyName: !Sub 'EcsTaskExecutionRole-${AWS::StackName}' + PolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Action: + - secretsmanager:GetSecretValue + Resource: + - + - + TaskDefinition: + Type: AWS::ECS::TaskDefinition + Properties: + Family: deployment-task-metricbeat + Cpu: 256 + Memory: 512 + NetworkMode: awsvpc + ExecutionRoleArn: !Ref ExecutionRole + ContainerDefinitions: + - Name: deployment-task-metricbeat-container + Image: kaiyansheng/metricbeat-awsfargate:v1 + Secrets: + - Name: ELASTIC_CLOUD_ID + ValueFrom: + - Name: ELASTIC_CLOUD_AUTH + ValueFrom: + LogConfiguration: + LogDriver: awslogs + Options: + awslogs-region: !Ref AWS::Region + awslogs-group: !Ref LogGroup + awslogs-stream-prefix: ecs + EntryPoint: + - sh + - -c + Command: + - ./metricbeat setup && ./metricbeat modules disable system && ./metricbeat modules enable awsfargate && ./metricbeat -e -E cloud.id=$ELASTIC_CLOUD_ID -E cloud.auth=$ELASTIC_CLOUD_AUTH + RequiresCompatibilities: + - EC2 + - FARGATE + Service: + Type: AWS::ECS::Service + Properties: + ServiceName: + Cluster: !Ref Cluster + TaskDefinition: !Ref TaskDefinition + DesiredCount: 1 + LaunchType: FARGATE + NetworkConfiguration: + AwsvpcConfiguration: + AssignPublicIp: ENABLED + Subnets: + - !Ref SubnetID +---- + +[float] +==== Create CloudFormation Stack +Here is the AWS CLI to create a stack using the CloudFormation config file above: +---- +aws --region us-east-1 cloudformation create-stack --stack-name --template-body file://./cloudformation.yml --capabilities CAPABILITY_NAMED_IAM --parameters 'ParameterKey=SubnetID,ParameterValue=' +---- + +Make sure to replace `` with your own subnet in this command. Please go +to Services -> VPC -> Subnets to find subnet ID to use. You can also add several +more containers under the TaskDefinition section. + +[float] +==== Delete CloudFormation Stack +Here is the AWS CLI to delete a stack including the cluster, task definition and +all containers: +---- +aws cloudformation delete-stack --stack-name +---- diff --git a/x-pack/metricbeat/module/awsfargate/task_stats/_meta/fields.yml b/x-pack/metricbeat/module/awsfargate/task_stats/_meta/fields.yml new file mode 100644 index 000000000000..e0099191f35b --- /dev/null +++ b/x-pack/metricbeat/module/awsfargate/task_stats/_meta/fields.yml @@ -0,0 +1,298 @@ +- name: task_stats + type: group + description: > + `task_stats` contains the metrics that were scraped from AWS fargate task stats ${ECS_CONTAINER_METADATA_URI_V4}/task/stats metadata endpoint. + release: beta + fields: + - name: cpu + type: group + description: Runtime CPU metrics. + fields: + - name: kernel.pct + type: scaled_float + format: percent + description: > + Percentage of time in kernel space. + - name: kernel.norm.pct + type: scaled_float + format: percent + description: > + Percentage of time in kernel space normalized by the number of CPU cores. + - name: kernel.ticks + type: long + description: > + CPU ticks in kernel space. + - name: system.pct + type: scaled_float + format: percent + description: > + Percentage of total CPU time in the system. + - name: system.norm.pct + type: scaled_float + format: percent + description: > + Percentage of total CPU time in the system normalized by the number of CPU cores. + - name: system.ticks + type: long + description: > + CPU system ticks. + - name: user.pct + type: scaled_float + format: percent + description: > + Percentage of time in user space. + - name: user.norm.pct + type: scaled_float + format: percent + description: > + Percentage of time in user space normalized by the number of CPU cores. + - name: user.ticks + type: long + description: > + CPU ticks in user space. + - name: total.pct + type: scaled_float + format: percent + description: > + Total CPU usage. + - name: total.norm.pct + type: scaled_float + format: percent + description: > + Total CPU usage normalized by the number of CPU cores. + - name: diskio + type: group + description: Disk I/O metrics. + fields: + - name: read + type: group + description: > + Accumulated reads during the life of the container + fields: + - name: ops + type: long + description: > + Number of reads during the life of the container + - name: bytes + type: long + format: bytes + description: > + Bytes read during the life of the container + - name: rate + type: long + description: > + Number of current reads per second + - name: service_time + type: long + description: > + Total time to service IO requests, in nanoseconds + - name: wait_time + type: long + description: > + Total time requests spent waiting in queues for service, in nanoseconds + - name: queued + type: long + description: > + Total number of queued requests + - name: reads + type: scaled_float + deprecated: 6.4 + description: > + Number of current reads per second + - name: write + type: group + description: > + Accumulated writes during the life of the container + fields: + - name: ops + type: long + description: > + Number of writes during the life of the container + - name: bytes + type: long + format: bytes + description: > + Bytes written during the life of the container + - name: rate + type: long + description: > + Number of current writes per second + - name: service_time + type: long + description: > + Total time to service IO requests, in nanoseconds + - name: wait_time + type: long + description: > + Total time requests spent waiting in queues for service, in nanoseconds + - name: queued + type: long + description: > + Total number of queued requests + - name: writes + type: scaled_float + deprecated: 6.4 + description: > + Number of current writes per second + - name: summary + type: group + description: > + Accumulated reads and writes during the life of the container + fields: + - name: ops + type: long + description: > + Number of I/O operations during the life of the container + - name: bytes + type: long + format: bytes + description: > + Bytes read and written during the life of the container + - name: rate + type: long + description: > + Number of current operations per second + - name: service_time + type: long + description: > + Total time to service IO requests, in nanoseconds + - name: wait_time + type: long + description: > + Total time requests spent waiting in queues for service, in nanoseconds + - name: queued + type: long + description: > + Total number of queued requests + - name: total + type: scaled_float + deprecated: 6.4 + description: > + Number of reads and writes per second + - name: memory + type: group + description: Memory metrics. + fields: + - name: stats.* + type: object + object_type: long + object_type_mapping_type: "*" + description: > + Raw memory stats from the cgroups memory.stat interface + fields: + - name: commit + type: group + description: > + Committed bytes on Windows + fields: + - name: total + type: long + format: bytes + description: > + Total bytes + - name: peak + type: long + format: bytes + description: > + Peak committed bytes on Windows + - name: private_working_set.total + type: long + format: bytes + description: > + private working sets on Windows + - name: fail.count + type: scaled_float + description: > + Fail counter. + - name: limit + type: long + format: bytes + description: > + Memory limit. + - name: rss + type: group + description: > + RSS memory stats. + fields: + - name: total + type: long + format: bytes + description: > + Total memory resident set size. + - name: pct + type: scaled_float + format: percent + description: > + Memory resident set size percentage. + - name: usage + type: group + description: > + Usage memory stats. + fields: + - name: max + type: long + format: bytes + description: > + Max memory usage. + - name: pct + type: scaled_float + format: percent + description: > + Memory usage percentage. + - name: total + type: long + format: bytes + description: > + Total memory usage. + - name: network + type: group + description: Network metrics. + fields: + - name: interface + type: keyword + description: > + Network interface name. + - name: inbound + type: group + description: > + Incoming network stats since the container started. + fields: + - name: bytes + type: long + format: bytes + description: > + Total number of incoming bytes. + - name: dropped + type: long + description: > + Total number of dropped incoming packets. + - name: errors + type: long + description: > + Total errors on incoming packets. + - name: packets + type: long + description: > + Total number of incoming packets. + - name: outbound + type: group + description: > + Outgoing network stats since the container started. + fields: + - name: bytes + type: long + format: bytes + description: > + Total number of outgoing bytes. + - name: dropped + type: long + description: > + Total number of dropped outgoing packets. + - name: errors + type: long + description: > + Total errors on outgoing packets. + - name: packets + type: long + description: > + Total number of outgoing packets. diff --git a/x-pack/metricbeat/module/awsfargate/task_stats/_meta/testdata/task.json b/x-pack/metricbeat/module/awsfargate/task_stats/_meta/testdata/task.json new file mode 100644 index 000000000000..652197223196 --- /dev/null +++ b/x-pack/metricbeat/module/awsfargate/task_stats/_meta/testdata/task.json @@ -0,0 +1,17 @@ +{ + "Cluster": "arn:aws:ecs:us-west-2:123:cluster/default", + "TaskARN": "arn:aws:ecs:us-west-2:123:task/default/febee207c04a", + "Family": "query-metadata-1", + "Revision": "7", + "Containers": [{ + "DockerId": "query-metadata-1", + "Name": "query-metadata", + "Image": "mreferre/eksutils", + "Labels": { + "com.amazonaws.ecs.cluster": "arn:aws:ecs:us-west-2:111122223333:cluster/default", + "com.amazonaws.ecs.container-name": "query-metadata", + "com.amazonaws.ecs.task-arn": "arn:aws:ecs:us-west-2:111122223333:task/default/febee046097849aba589d4435207c04a", + "com.amazonaws.ecs.task-definition-family": "query-metadata", + "com.amazonaws.ecs.task-definition-version": "7"} + }] +} diff --git a/x-pack/metricbeat/module/awsfargate/task_stats/_meta/testdata/task_stats.json b/x-pack/metricbeat/module/awsfargate/task_stats/_meta/testdata/task_stats.json new file mode 100644 index 000000000000..88ddceeb6b45 --- /dev/null +++ b/x-pack/metricbeat/module/awsfargate/task_stats/_meta/testdata/task_stats.json @@ -0,0 +1,119 @@ +{ + "query-metadata-1": { + "blkio_stats": { + "io_service_bytes_recursive": [ + {"major": 202, "minor": 26368, "op": "Read", "value": 3452928}, + {"major": 202, "minor": 26368, "op": "Write", "value": 0}, + {"major": 202, "minor": 26368, "op": "Sync", "value": 3452928}, + {"major": 202, "minor": 26368, "op": "Async", "value": 0}, + {"major": 202, "minor": 26368, "op": "Total", "value": 3452928} + ], + "io_serviced_recursive": [ + {"major": 202, "minor": 26368, "op": "Read", "value": 118}, + {"major": 202, "minor": 26368, "op": "Write", "value": 0}, + {"major": 202, "minor": 26368, "op": "Sync", "value": 118}, + {"major": 202, "minor": 26368, "op": "Async", "value": 0}, + {"major": 202, "minor": 26368, "op": "Total", "value": 118} + ], + "io_queue_recursive": [], + "io_service_time_recursive": [], + "io_wait_time_recursive": [], + "io_merged_recursive": [], + "io_time_recursive": [], + "sectors_recursive": []}, + "cpu_stats": { + "cpu_usage": { + "percpu_usage": [1800000000, 500000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], + "total_usage": 2300000000, + "usage_in_kernelmode": 1520000000, + "usage_in_usermode": 490000000 + }, + "online_cpus": 2, + "system_cpu_usage": 1420180000000, + "throttling_data": { + "periods": 0, + "throttled_periods": 0, + "throttled_time": 0 + } + }, + "id": "query-metadata-1", + "memory_stats": { + "limit": 3937787904, + "max_usage": 15294464, + "stats": { + "active_anon": 4157440, + "active_file": 4497408, + "cache": 6000640, + "dirty": 16384, + "hierarchical_memory_limit": 2147483648, + "hierarchical_memsw_limit": 9223372036854772000, + "inactive_anon": 0, + "inactive_file": 1503232, + "mapped_file": 2183168, + "pgfault": 6668, + "pgmajfault": 52, + "pgpgin": 5925, + "pgpgout": 3445, + "rss": 4157440, + "rss_huge": 0, + "total_active_anon": 4157440, + "total_active_file": 4497408, + "total_cache": 600064, + "total_dirty": 16384, + "total_inactive_anon": 0, + "total_inactive_file": 4497408, + "total_mapped_file": 2183168, + "total_pgfault": 6668, + "total_pgmajfault": 52, + "total_pgpgin": 5925, + "total_pgpgout": 3445, + "total_rss": 4157440, + "total_rss_huge": 0, + "total_unevictable": 0, + "total_writeback": 0, + "unevictable": 0, + "writeback": 0 + }, + "usage": 12349440 + }, + "name": "query-metadata-1", + "network_rate_stats": { + "rx_bytes_per_sec": 9.6001425, + "tx_bytes_per_sec": 8.7001295 + }, + "networks": { + "eth0": { + "rx_bytes": 137315578, + "rx_dropped": 0, + "rx_errors": 0, + "rx_packets": 94338, + "tx_bytes": 1086811, + "tx_dropped": 0, + "tx_errors": 0, + "tx_packets": 25857 + } + }, + "num_procs": 0, + "pids_stats": { + "current": 8 + }, + "precpu_stats": { + "cpu_usage": { + "percpu_usage": [1600000000, 300000000, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], + "total_usage": 1900000000, + "usage_in_kernelmode": 1520000000, + "usage_in_usermode": 490000000 + }, + "online_cpus": 2, + "system_cpu_usage": 1418180000000, + "throttling_data": { + "periods": 0, + "throttled_periods": 0, + "throttled_time": 0 + } + }, + "preread": "2020-10-28T01:00:08.03754086Z", + "read": "2020-10-28T01:00:09.044989605Z", + "storage_stats": {} + } +} diff --git a/x-pack/metricbeat/module/awsfargate/task_stats/container.go b/x-pack/metricbeat/module/awsfargate/task_stats/container.go new file mode 100644 index 000000000000..0a21b9c07445 --- /dev/null +++ b/x-pack/metricbeat/module/awsfargate/task_stats/container.go @@ -0,0 +1,48 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package task_stats + +import ( + "github.com/elastic/beats/v7/libbeat/common" + helpers "github.com/elastic/beats/v7/libbeat/common/docker" +) + +// container is a struct representation of a container +type container struct { + DockerId string + Name string + Image string + Labels map[string]string +} + +// ContainerMetadata is an struct represents container metadata +type ContainerMetadata struct { + Cluster string + TaskARN string + Family string + Revision string + Container *container +} + +func getContainerStats(c *container) *container { + return &container{ + DockerId: c.DockerId, + Image: c.Image, + Name: helpers.ExtractContainerName([]string{c.Name}), + Labels: deDotLabels(c.Labels), + } +} + +func deDotLabels(labels map[string]string) map[string]string { + outputLabels := map[string]string{} + for k, v := range labels { + // This is necessary so that ES does not interpret '.' fields as new + // nested JSON objects, and also makes this compatible with ES 2.x. + label := common.DeDot(k) + outputLabels[label] = v + } + + return outputLabels +} diff --git a/x-pack/metricbeat/module/awsfargate/task_stats/cpu.go b/x-pack/metricbeat/module/awsfargate/task_stats/cpu.go new file mode 100644 index 000000000000..e10560c47cff --- /dev/null +++ b/x-pack/metricbeat/module/awsfargate/task_stats/cpu.go @@ -0,0 +1,30 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package task_stats + +import ( + "github.com/docker/docker/api/types" + + "github.com/elastic/beats/v7/metricbeat/module/docker" + "github.com/elastic/beats/v7/metricbeat/module/docker/cpu" +) + +func getCPUStats(taskStats types.StatsJSON) cpu.CPUStats { + usage := cpu.CPUUsage{Stat: &docker.Stat{Stats: taskStats}} + + return cpu.CPUStats{ + TotalUsage: usage.Total(), + TotalUsageNormalized: usage.TotalNormalized(), + UsageInKernelmode: taskStats.Stats.CPUStats.CPUUsage.UsageInKernelmode, + UsageInKernelmodePercentage: usage.InKernelMode(), + UsageInKernelmodePercentageNormalized: usage.InKernelModeNormalized(), + UsageInUsermode: taskStats.Stats.CPUStats.CPUUsage.UsageInUsermode, + UsageInUsermodePercentage: usage.InUserMode(), + UsageInUsermodePercentageNormalized: usage.InUserModeNormalized(), + SystemUsage: taskStats.Stats.CPUStats.SystemUsage, + SystemUsagePercentage: usage.System(), + SystemUsagePercentageNormalized: usage.SystemNormalized(), + } +} diff --git a/x-pack/metricbeat/module/awsfargate/task_stats/data.go b/x-pack/metricbeat/module/awsfargate/task_stats/data.go new file mode 100644 index 000000000000..ca8cca5dca83 --- /dev/null +++ b/x-pack/metricbeat/module/awsfargate/task_stats/data.go @@ -0,0 +1,164 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package task_stats + +import ( + "time" + + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/metricbeat/mb" +) + +func eventsMapping(r mb.ReporterV2, statsList []Stats) { + for _, stats := range statsList { + r.Event(createEvent(&stats)) + } +} + +func createEvent(stats *Stats) mb.Event { + return mb.Event{ + Timestamp: time.Time(stats.Time), + RootFields: createContainerFields(stats), + MetricSetFields: common.MapStr{ + "cpu": createCPUFields(stats), + "memory": createMemoryFields(stats), + "network": createNetworkFields(stats), + "diskio": createDiskIOFields(stats), + }, + } +} + +func createContainerFields(stats *Stats) common.MapStr { + return common.MapStr{ + "container": common.MapStr{ + "id": stats.Container.DockerId, + "image": common.MapStr{ + "name": stats.Container.Image, + }, + "name": stats.Container.Name, + "labels": stats.Container.Labels, + }, + } +} + +func createCPUFields(stats *Stats) common.MapStr { + return common.MapStr{ + "core": stats.cpuStats.PerCPUUsage, + "total": common.MapStr{ + "pct": stats.cpuStats.TotalUsage, + "norm": common.MapStr{ + "pct": stats.cpuStats.TotalUsageNormalized, + }, + }, + "kernel": common.MapStr{ + "ticks": stats.cpuStats.UsageInKernelmode, + "pct": stats.cpuStats.UsageInKernelmodePercentage, + "norm": common.MapStr{ + "pct": stats.cpuStats.UsageInKernelmodePercentageNormalized, + }, + }, + "user": common.MapStr{ + "ticks": stats.cpuStats.UsageInUsermode, + "pct": stats.cpuStats.UsageInUsermodePercentage, + "norm": common.MapStr{ + "pct": stats.cpuStats.UsageInUsermodePercentageNormalized, + }, + }, + "system": common.MapStr{ + "ticks": stats.cpuStats.SystemUsage, + "pct": stats.cpuStats.SystemUsagePercentage, + "norm": common.MapStr{ + "pct": stats.cpuStats.SystemUsagePercentageNormalized, + }, + }, + } +} + +func createMemoryFields(stats *Stats) common.MapStr { + var memoryFields common.MapStr + if stats.memoryStats.Commit+stats.memoryStats.CommitPeak+stats.memoryStats.PrivateWorkingSet > 0 { + memoryFields = common.MapStr{ + "commit": common.MapStr{ + "total": stats.memoryStats.Commit, + "peak": stats.memoryStats.CommitPeak, + }, + "private_working_set": common.MapStr{ + "total": stats.memoryStats.PrivateWorkingSet, + }, + } + } else { + memoryFields = common.MapStr{ + "stats": stats.memoryStats.Stats, + "fail": common.MapStr{ + "count": stats.memoryStats.Failcnt, + }, + "limit": stats.memoryStats.Limit, + "rss": common.MapStr{ + "total": stats.memoryStats.TotalRss, + "pct": stats.memoryStats.TotalRssP, + }, + "usage": common.MapStr{ + "total": stats.memoryStats.Usage, + "pct": stats.memoryStats.UsageP, + "max": stats.memoryStats.MaxUsage, + }, + } + } + + return memoryFields +} + +func createNetworkFields(stats *Stats) common.MapStr { + networkFields := common.MapStr{} + for _, n := range stats.networkStats { + networkFields.Put(n.NameInterface, + common.MapStr{"inbound": common.MapStr{ + "bytes": n.Total.RxBytes, + "dropped": n.Total.RxDropped, + "errors": n.Total.RxErrors, + "packets": n.Total.RxPackets, + }, + "outbound": common.MapStr{ + "bytes": n.Total.TxBytes, + "dropped": n.Total.TxDropped, + "errors": n.Total.TxErrors, + "packets": n.Total.TxPackets, + }}) + } + return networkFields +} + +func createDiskIOFields(stats *Stats) common.MapStr { + return common.MapStr{ + "reads": stats.blkioStats.reads, + "writes": stats.blkioStats.writes, + "total": stats.blkioStats.totals, + "read": common.MapStr{ + "ops": stats.blkioStats.serviced.reads, + "bytes": stats.blkioStats.servicedBytes.reads, + "rate": stats.blkioStats.reads, + "service_time": stats.blkioStats.servicedTime.reads, + "wait_time": stats.blkioStats.waitTime.reads, + "queued": stats.blkioStats.queued.reads, + }, + "write": common.MapStr{ + "ops": stats.blkioStats.serviced.writes, + "bytes": stats.blkioStats.servicedBytes.writes, + "rate": stats.blkioStats.writes, + "service_time": stats.blkioStats.servicedTime.writes, + "wait_time": stats.blkioStats.waitTime.writes, + "queued": stats.blkioStats.queued.writes, + }, + "summary": common.MapStr{ + "ops": stats.blkioStats.serviced.totals, + "bytes": stats.blkioStats.servicedBytes.totals, + "rate": stats.blkioStats.totals, + "service_time": stats.blkioStats.servicedTime.totals, + "wait_time": stats.blkioStats.waitTime.totals, + "queued": stats.blkioStats.queued.totals, + }, + } + +} diff --git a/x-pack/metricbeat/module/awsfargate/task_stats/diskio.go b/x-pack/metricbeat/module/awsfargate/task_stats/diskio.go new file mode 100644 index 000000000000..c7d4791aa487 --- /dev/null +++ b/x-pack/metricbeat/module/awsfargate/task_stats/diskio.go @@ -0,0 +1,57 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package task_stats + +import "github.com/docker/docker/api/types" + +// BlkioRaw sums raw Blkio stats +type BlkioRaw struct { + reads uint64 + writes uint64 + totals uint64 +} + +type blkioStats struct { + reads float64 + writes float64 + totals float64 + + serviced BlkioRaw + servicedBytes BlkioRaw + servicedTime BlkioRaw + waitTime BlkioRaw + queued BlkioRaw +} + +// getBlkioStats collects diskio metrics from BlkioStats structures(not populated in Windows) +func getBlkioStats(raw types.BlkioStats) blkioStats { + return blkioStats{ + serviced: getNewStats(raw.IoServicedRecursive), + servicedBytes: getNewStats(raw.IoServiceBytesRecursive), + servicedTime: getNewStats(raw.IoServiceTimeRecursive), + waitTime: getNewStats(raw.IoWaitTimeRecursive), + queued: getNewStats(raw.IoQueuedRecursive), + } +} + +func getNewStats(blkioEntry []types.BlkioStatEntry) BlkioRaw { + stats := BlkioRaw{ + reads: 0, + writes: 0, + totals: 0, + } + + for _, myEntry := range blkioEntry { + switch myEntry.Op { + case "Write": + stats.writes += myEntry.Value + case "Read": + stats.reads += myEntry.Value + case "Total": + stats.totals += myEntry.Value + } + } + return stats +} diff --git a/x-pack/metricbeat/module/awsfargate/task_stats/memory.go b/x-pack/metricbeat/module/awsfargate/task_stats/memory.go new file mode 100644 index 000000000000..0dfb68d9317a --- /dev/null +++ b/x-pack/metricbeat/module/awsfargate/task_stats/memory.go @@ -0,0 +1,40 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package task_stats + +import "github.com/docker/docker/api/types" + +type memoryStats struct { + Failcnt uint64 + Limit uint64 + MaxUsage uint64 + TotalRss uint64 + TotalRssP float64 + Usage uint64 + UsageP float64 + //Raw stats from the cgroup subsystem + Stats map[string]uint64 + //Windows-only memory stats + Commit uint64 + CommitPeak uint64 + PrivateWorkingSet uint64 +} + +func getMemoryStats(taskStats types.StatsJSON) memoryStats { + totalRSS := taskStats.Stats.MemoryStats.Stats["total_rss"] + + return memoryStats{ + TotalRss: totalRSS, + MaxUsage: taskStats.Stats.MemoryStats.MaxUsage, + TotalRssP: float64(totalRSS) / float64(taskStats.Stats.MemoryStats.Limit), + Usage: taskStats.Stats.MemoryStats.Usage, + UsageP: float64(taskStats.Stats.MemoryStats.Usage) / float64(taskStats.Stats.MemoryStats.Limit), + Stats: taskStats.Stats.MemoryStats.Stats, + //Windows memory statistics + Commit: taskStats.Stats.MemoryStats.Commit, + CommitPeak: taskStats.Stats.MemoryStats.CommitPeak, + PrivateWorkingSet: taskStats.Stats.MemoryStats.PrivateWorkingSet, + } +} diff --git a/x-pack/metricbeat/module/awsfargate/task_stats/network.go b/x-pack/metricbeat/module/awsfargate/task_stats/network.go new file mode 100644 index 000000000000..80cec79748a0 --- /dev/null +++ b/x-pack/metricbeat/module/awsfargate/task_stats/network.go @@ -0,0 +1,23 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package task_stats + +import "github.com/docker/docker/api/types" + +type networkStats struct { + NameInterface string + Total types.NetworkStats +} + +func getNetworkStats(taskStats types.StatsJSON) []networkStats { + var networks []networkStats + for nameInterface, rawNetStats := range taskStats.Networks { + networks = append(networks, networkStats{ + NameInterface: nameInterface, + Total: rawNetStats, + }) + } + return networks +} diff --git a/x-pack/metricbeat/module/awsfargate/task_stats/task_stats.go b/x-pack/metricbeat/module/awsfargate/task_stats/task_stats.go new file mode 100644 index 000000000000..d4e8316611bc --- /dev/null +++ b/x-pack/metricbeat/module/awsfargate/task_stats/task_stats.go @@ -0,0 +1,193 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package task_stats + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "net/http" + "os" + + "github.com/docker/docker/api/types" + + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/metricbeat/mb" + "github.com/elastic/beats/v7/metricbeat/module/docker/cpu" + "github.com/elastic/beats/v7/x-pack/metricbeat/module/awsfargate" +) + +var ( + metricsetName = "task_stats" + taskStatsPath = "task/stats" + taskPath = "task" +) + +// init registers the MetricSet with the central registry as soon as the program +// starts. The New function will be called later to instantiate an instance of +// the MetricSet for each host defined in the module's configuration. After the +// MetricSet has been created then Fetch will begin to be called periodically. +func init() { + mb.Registry.MustAddMetricSet(awsfargate.ModuleName, metricsetName, New, + mb.DefaultMetricSet(), + ) +} + +// MetricSet holds any configuration or state information. It must implement +// the mb.MetricSet interface. And this is best achieved by embedding +// mb.BaseMetricSet because it implements all of the required mb.MetricSet +// interface methods except for Fetch. +type MetricSet struct { + *awsfargate.MetricSet + logger *logp.Logger + taskStatsEndpoint string + taskEndpoint string +} + +// Stats is a struct represents information regarding a container +type Stats struct { + Time common.Time + Container *container + cpuStats cpu.CPUStats + memoryStats memoryStats + networkStats []networkStats + blkioStats blkioStats +} + +// TaskMetadata is an struct represents response body from ${ECS_CONTAINER_METADATA_URI_V4}/task +type TaskMetadata struct { + Cluster string `json:"Cluster"` + TaskARN string `json:"TaskARN"` + Family string `json:"Family"` + Revision string `json:"Revision"` + Containers []*container `json:"Containers"` +} + +// New creates a new instance of the MetricSet. New is responsible for unpacking +// any MetricSet specific configuration options if there are any. +func New(base mb.BaseMetricSet) (mb.MetricSet, error) { + logger := logp.NewLogger(metricsetName) + metricSet, err := awsfargate.NewMetricSet(base) + if err != nil { + return nil, fmt.Errorf("error creating %s metricset: %w", metricsetName, err) + } + + ecsURI, ok := os.LookupEnv("ECS_CONTAINER_METADATA_URI_V4") + if !ok { + return nil, fmt.Errorf("lookup $ECS_CONTAINER_METADATA_URI_V4 failed") + } + + return &MetricSet{ + MetricSet: metricSet, + logger: logger, + taskStatsEndpoint: fmt.Sprintf("%s/%s", ecsURI, taskStatsPath), + taskEndpoint: fmt.Sprintf("%s/%s", ecsURI, taskPath), + }, nil +} + +// Fetch methods implements the data gathering and data conversion to the right +// format. It publishes the event which is then forwarded to the output. In case +// of an error set the Error field of mb.Event or simply call report.Error(). +func (m *MetricSet) Fetch(report mb.ReporterV2) error { + formattedStats, err := m.queryTaskMetadataEndpoints() + if err != nil { + err := fmt.Errorf("queryTaskMetadataEndpoints failed: %w", err) + m.logger.Error(err) + return err + } + + eventsMapping(report, formattedStats) + return nil +} + +func (m *MetricSet) queryTaskMetadataEndpoints() ([]Stats, error) { + // Get response from ${ECS_CONTAINER_METADATA_URI_V4}/task/stats + taskStatsResp, err := http.Get(m.taskStatsEndpoint) + if err != nil { + return nil, fmt.Errorf("http.Get failed: %w", err) + } + taskStatsOutput, err := getTaskStats(taskStatsResp) + if err != nil { + return nil, fmt.Errorf("getTaskStats failed: %w", err) + } + + // Collect container metadata information from ${ECS_CONTAINER_METADATA_URI_V4}/task + taskResp, err := http.Get(m.taskEndpoint) + if err != nil { + return nil, fmt.Errorf("http.Get failed: %w", err) + } + taskOutput, err := getTask(taskResp) + if err != nil { + return nil, fmt.Errorf("getTask failed: %w", err) + } + + formattedStats := getStatsList(taskStatsOutput, taskOutput) + return formattedStats, nil +} + +func getTaskStats(taskStatsResp *http.Response) (map[string]types.StatsJSON, error) { + taskStatsBody, err := ioutil.ReadAll(taskStatsResp.Body) + if err != nil { + return nil, fmt.Errorf("ioutil.ReadAll failed: %w", err) + } + + var taskStatsOutput map[string]types.StatsJSON + err = json.Unmarshal(taskStatsBody, &taskStatsOutput) + if err != nil { + return nil, fmt.Errorf("json.Unmarshal failed: %w", err) + } + return taskStatsOutput, nil +} + +func getTask(taskResp *http.Response) (TaskMetadata, error) { + taskBody, err := ioutil.ReadAll(taskResp.Body) + if err != nil { + return TaskMetadata{}, fmt.Errorf("ioutil.ReadAll failed: %w", err) + } + + var taskOutput TaskMetadata + err = json.Unmarshal(taskBody, &taskOutput) + if err != nil { + return TaskMetadata{}, fmt.Errorf("json.Unmarshal failed: %w", err) + } + return taskOutput, nil +} + +func getStatsList(taskStatsOutput map[string]types.StatsJSON, taskOutput TaskMetadata) []Stats { + containersInfo := map[string]ContainerMetadata{} + for _, c := range taskOutput.Containers { + // Skip ~internal~ecs~pause container + if c.Name == "~internal~ecs~pause" { + continue + } + + containerMetadata := ContainerMetadata{ + Container: c, + Family: taskOutput.Family, + TaskARN: taskOutput.TaskARN, + Cluster: taskOutput.Cluster, + Revision: taskOutput.Revision, + } + containersInfo[c.DockerId] = containerMetadata + } + + var formattedStats []Stats + for id, taskStats := range taskStatsOutput { + if cInfo, ok := containersInfo[id]; ok { + statsPerContainer := Stats{ + Time: common.Time(taskStats.Stats.Read), + Container: getContainerStats(cInfo.Container), + cpuStats: getCPUStats(taskStats), + memoryStats: getMemoryStats(taskStats), + networkStats: getNetworkStats(taskStats), + blkioStats: getBlkioStats(taskStats.BlkioStats), + } + + formattedStats = append(formattedStats, statsPerContainer) + } + } + return formattedStats +} diff --git a/x-pack/metricbeat/module/awsfargate/task_stats/task_stats_integration_test.go b/x-pack/metricbeat/module/awsfargate/task_stats/task_stats_integration_test.go new file mode 100644 index 000000000000..7193f640a638 --- /dev/null +++ b/x-pack/metricbeat/module/awsfargate/task_stats/task_stats_integration_test.go @@ -0,0 +1,69 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// +build integration + +package task_stats + +import ( + "bytes" + "io/ioutil" + "net/http" + "os" + "testing" + + "github.com/stretchr/testify/assert" + + mbtest "github.com/elastic/beats/v7/metricbeat/mb/testing" + "github.com/elastic/beats/v7/metricbeat/mb/testing/flags" +) + +func TestData(t *testing.T) { + if !*flags.DataFlag { + t.Skip("skip data generation tests") + } + + config := map[string]interface{}{ + "period": "10s", + "module": "awsfargate", + "metricsets": []string{"task_stats"}, + } + + m := mbtest.NewFetcher(t, config) + + taskStatsFile, err := os.Open("./_meta/testdata/task_stats.json") + assert.NoError(t, err) + defer taskStatsFile.Close() + + byteTaskStats, err := ioutil.ReadAll(taskStatsFile) + assert.NoError(t, err) + + taskStatsResp := &http.Response{ + Body: ioutil.NopCloser(bytes.NewReader(byteTaskStats)), + } + + taskFile, err := os.Open("./_meta/testdata/task.json") + assert.NoError(t, err) + defer taskStatsFile.Close() + + byteTask, err := ioutil.ReadAll(taskFile) + assert.NoError(t, err) + + byteTaskResp := &http.Response{ + Body: ioutil.NopCloser(bytes.NewReader(byteTask)), + } + + taskStatsOutput, err := getTaskStats(taskStatsResp) + assert.NoError(t, err) + + taskOutput, err := getTask(byteTaskResp) + assert.NoError(t, err) + + formattedStats := getStatsList(taskStatsOutput, taskOutput) + assert.Equal(t, 1, len(formattedStats)) + event := createEvent(&formattedStats[0]) + standardizeEvent := m.StandardizeEvent(event) + + mbtest.WriteEventToDataJSON(t, standardizeEvent, "") +} diff --git a/x-pack/metricbeat/module/awsfargate/task_stats/task_stats_test.go b/x-pack/metricbeat/module/awsfargate/task_stats/task_stats_test.go new file mode 100644 index 000000000000..c54c3d5efdbb --- /dev/null +++ b/x-pack/metricbeat/module/awsfargate/task_stats/task_stats_test.go @@ -0,0 +1,124 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package task_stats + +import ( + "bytes" + "io/ioutil" + "net/http" + "testing" + + "github.com/stretchr/testify/assert" +) + +var ( + taskStatsJson = `{ + "query-metadata-1": { + "read": "2020-04-06T16:12:01.090148907Z", + "preread": "2020-04-06T16:12:01.090148907Z", + "cpu_stats": { + "cpu_usage": { + "percpu_usage": [1800000000, 500000000, 0, 0, 0, 0, 0, 0], + "total_usage": 2300000000, "usage_in_kernelmode": 1520000000, "usage_in_usermode": 490000000 + }, + "online_cpus": 2, + "system_cpu_usage": 1420180000000, + "throttling_data": {"periods": 0, "throttled_periods": 0, "throttled_time": 0}}, + "precpu_stats": { + "cpu_usage": { + "percpu_usage": [1600000000, 300000000, 0, 0, 0, 0, 0, 0], + "total_usage": 1900000000, "usage_in_kernelmode": 1520000000, "usage_in_usermode": 490000000 + }, + "online_cpus": 2, + "system_cpu_usage": 1418180000000, + "throttling_data": {"periods": 0, "throttled_periods": 0, "throttled_time": 0}}, + "memory_stats": {"limit": 8362348544, "usage": 4390912, "max_usage": 6488064, "stats": {"total_rss": 278528}}, + "name": "query-metadata-1", + "id": "query-metadata-1", + "networks": {"eth0": {"rx_bytes": 1802, "rx_packets": 19, "rx_errors": 0, "rx_dropped": 0, + "tx_bytes": 567, "tx_packets": 7, "tx_errors": 0, "tx_dropped": 0}} + }}` + + taskRespJson = `{ + "Cluster": "arn:aws:ecs:us-west-2:123:cluster/default", + "TaskARN": "arn:aws:ecs:us-west-2:123:task/default/febee207c04a", + "Family": "query-metadata-1", + "Revision": "7", + "Containers": [{ + "DockerId": "query-metadata-1", + "Name": "query-metadata", + "Image": "mreferre/eksutils", + "Labels": { + "com.amazonaws.ecs.cluster": "arn:aws:ecs:us-west-2:111122223333:cluster/default", + "com.amazonaws.ecs.container-name": "query-metadata", + "com.amazonaws.ecs.task-arn": "arn:aws:ecs:us-west-2:111122223333:task/default/febee046097849aba589d4435207c04a", + "com.amazonaws.ecs.task-definition-family": "query-metadata", + "com.amazonaws.ecs.task-definition-version": "7"} + }] + }` +) + +func TestGetTaskStats(t *testing.T) { + taskStatsResp := &http.Response{ + Body: ioutil.NopCloser(bytes.NewReader([]byte(taskStatsJson))), + } + + taskStatsOutput, err := getTaskStats(taskStatsResp) + assert.NoError(t, err) + assert.Equal(t, uint64(2300000000), taskStatsOutput["query-metadata-1"].CPUStats.CPUUsage.TotalUsage) +} + +func TestGetTask(t *testing.T) { + taskResp := &http.Response{ + Body: ioutil.NopCloser(bytes.NewReader([]byte(taskRespJson))), + } + + taskOutput, err := getTask(taskResp) + assert.NoError(t, err) + + assert.Equal(t, "arn:aws:ecs:us-west-2:123:cluster/default", taskOutput.Cluster) + assert.Equal(t, "arn:aws:ecs:us-west-2:123:task/default/febee207c04a", taskOutput.TaskARN) + assert.Equal(t, "query-metadata-1", taskOutput.Family) + assert.Equal(t, "7", taskOutput.Revision) + + assert.Equal(t, 1, len(taskOutput.Containers)) + assert.Equal(t, "query-metadata-1", taskOutput.Containers[0].DockerId) + assert.Equal(t, "query-metadata", taskOutput.Containers[0].Name) + assert.Equal(t, "mreferre/eksutils", taskOutput.Containers[0].Image) + assert.Equal(t, 5, len(taskOutput.Containers[0].Labels)) +} + +func TestGetStatsList(t *testing.T) { + taskStatsResp := &http.Response{ + Body: ioutil.NopCloser(bytes.NewReader([]byte(taskStatsJson))), + } + + taskStatsOutput, err := getTaskStats(taskStatsResp) + assert.NoError(t, err) + + taskResp := &http.Response{ + Body: ioutil.NopCloser(bytes.NewReader([]byte(taskRespJson))), + } + + taskOutput, err := getTask(taskResp) + assert.NoError(t, err) + + formattedStats := getStatsList(taskStatsOutput, taskOutput) + assert.Equal(t, 1, len(formattedStats)) +} + +func TestGetCPUStats(t *testing.T) { + taskStatsResp := &http.Response{ + Body: ioutil.NopCloser(bytes.NewReader([]byte(taskStatsJson))), + } + + taskStatsOutput, err := getTaskStats(taskStatsResp) + assert.NoError(t, err) + assert.Equal(t, 1, len(taskStatsOutput)) + + cpuStats := getCPUStats(taskStatsOutput["query-metadata-1"]) + assert.Equal(t, 0.4, cpuStats.TotalUsage) + assert.Equal(t, 0.2, cpuStats.TotalUsageNormalized) +} diff --git a/x-pack/metricbeat/modules.d/awsfargate.yml.disabled b/x-pack/metricbeat/modules.d/awsfargate.yml.disabled new file mode 100644 index 000000000000..b2b91f06ee45 --- /dev/null +++ b/x-pack/metricbeat/modules.d/awsfargate.yml.disabled @@ -0,0 +1,7 @@ +# Module: awsfargate +# Docs: https://www.elastic.co/guide/en/beats/metricbeat/master/metricbeat-module-awsfargate.html + +- module: awsfargate + period: 10s + metricsets: + - task_stats From 5bd19e015ebbe1ef32b17c4ec7c96f651e4ee332 Mon Sep 17 00:00:00 2001 From: Bowen Chen Date: Tue, 24 Nov 2020 06:56:09 +0800 Subject: [PATCH 14/41] Add IO operations in progress to be exported in diskio module (#22066) * add IO operations in progress to be exported in diskio module * update changelog --- CHANGELOG.next.asciidoc | 1 + metricbeat/docs/fields.asciidoc | 10 ++++++++++ metricbeat/module/system/diskio/_meta/fields.yml | 5 +++++ metricbeat/module/system/diskio/diskio.go | 5 +++++ metricbeat/module/system/fields.go | 2 +- metricbeat/module/system/test_system.py | 2 +- 6 files changed, 23 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index a2453a39a691..2332cbb14a06 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -846,6 +846,7 @@ same journal. {pull}18467[18467] - Add awsfargate module task_stats metricset to monitor AWS ECS Fargate. {pull}22034[22034] - Add connection and route metricsets for nats metricbeat module to collect metrics per connection/route. {pull}22445[22445] - Add unit file states to system/service {pull}22557[22557] +- Add io.ops in fields exported by system.diskio. {pull}22066[22066] *Packetbeat* diff --git a/metricbeat/docs/fields.asciidoc b/metricbeat/docs/fields.asciidoc index 4fce6fb4a427..a8358be8d912 100644 --- a/metricbeat/docs/fields.asciidoc +++ b/metricbeat/docs/fields.asciidoc @@ -41496,6 +41496,16 @@ type: long The total number of of milliseconds spent doing I/Os. +type: long + +-- + +*`system.diskio.io.ops`*:: ++ +-- +The total number of I/Os in progress. + + type: long -- diff --git a/metricbeat/module/system/diskio/_meta/fields.yml b/metricbeat/module/system/diskio/_meta/fields.yml index 0aadb9ed6663..969af0b822b6 100644 --- a/metricbeat/module/system/diskio/_meta/fields.yml +++ b/metricbeat/module/system/diskio/_meta/fields.yml @@ -55,6 +55,11 @@ type: long description: > The total number of of milliseconds spent doing I/Os. + + - name: io.ops + type: long + description: > + The total number of I/Os in progress. - name: iostat.read.request.merges_per_sec type: float diff --git a/metricbeat/module/system/diskio/diskio.go b/metricbeat/module/system/diskio/diskio.go index 793d2d23682a..30578f972ad2 100644 --- a/metricbeat/module/system/diskio/diskio.go +++ b/metricbeat/module/system/diskio/diskio.go @@ -107,6 +107,11 @@ func (m *MetricSet) Fetch(r mb.ReporterV2) error { }, } + // Add linux-only ops in progress + if runtime.GOOS == "linux" { + event.Put("io.ops", counters.IopsInProgress) + } + // accumulate values from all interfaces diskReadBytes += counters.ReadBytes diskWriteBytes += counters.WriteBytes diff --git a/metricbeat/module/system/fields.go b/metricbeat/module/system/fields.go index a4f53a7c489a..e04c8bb36789 100644 --- a/metricbeat/module/system/fields.go +++ b/metricbeat/module/system/fields.go @@ -32,5 +32,5 @@ func init() { // AssetSystem returns asset data. // This is the base64 encoded gzipped contents of module/system. func AssetSystem() string { - return "eJzsff+PGzey5+/5KwgfFhm/m5E93mzevvnhAMfzcjeAEw9sB/uAw0GmuksS37DJDsmWrPz1BxbZ39nqbqmlkYMMFtlkRiI/9YXFqmKxeEOeYHdH9E4bSL4jxDDD4Y68+IS/ePEdITHoSLHUMCnuyP/6jhBC3B+JNtRkmiRgFIv0NeHsCci7x98IFTFJIJFqRzJNV3BNzJoaQhWQSHIOkYGYLJVMiFkDkSkoaphYeRSz7wjRa6nMPJJiyVZ3xKgMviNEAQeq4Y6s6HeELBnwWN8hoBsiaAIVMuyP2aX2s0pmqf9NgBT788V97QuJpDCUCU24jCj3o+X0zfznq/NW546kguKXodn3IKiguLHjVKBYfnoEZCkVoUQzseKA8xG5JJQkGTcMv1fhYP5TZ1r+0ySiSgiLa7/OSeFSrBp/2EON/bHQ31lUIksWoEpUtU/+D/IIKgJh6Ap0EFCmQc3SyARh6YhyiOdLLmnzA0upEmruSOrGHwf+8xryL9IVMtqSY1gCRKcgDGECgRGd0gg6aKtRYFj0pKdhrQVHE5kJcyQwry+XyNwnUAL4GComZHAvh0egEyyCy+OwFITL7U2qmFTM7EiqZARagx5Czdk4fShKFvML5DmiGgD8fIo8AJDcUmYukJeCWGDkSgoSM/30chgd57QR4/Cp3y+PyRrUhkXWNbMu3ZqKmNv/WFMVb603x4QBpbLU9K5H9fv5WD8Zai2X5luSi8V7GIXPLZsDkBug/PIkwwRhYiN5JgxVO2cCFjuMczZMmYxy/MZ2zTjgb9e71LJES9WabEt1jV/SrEHlW6BUs9YX3m4o43TBgUjBd3bz/E2wr4MYeU67eLkMKmK5NDsqlIvSrBVNWqpsxKyPi85smDeloFxslgsKRyepAu29L5SA1GbmPizFjbDrh7M/oBkmksrK0GTLOCdrugEboNKvLMkSsqE8w0Xz5fb167+Rf3PTfcGxW4OV89TGpVwBjXfE0CerH0z7UZkwktAoQrVztmXTHjSAxUL5U4em5INopwj0dWvYncxIRIUTWpXlRfJmpYAaUPYXwvGN/CwVga80STlcE7Ykf28N61TKfp0a8uPrv1lo11avnHL5tMcsSrNZzs0vTnsWQG7/2SmcP1cI++cKEr/d8OvPEu18Q17rX355gMK/vNtpvFsjzYUy0vqCoIkjG3fUh5gDKs7Dh39ZK9TllPxaekaD/BPrSV0kC8amqS+WkLEb/WUSctRuf5kkDd/yLxT/Afv+ZVIy+eb/TZF5qAdwmUR+q27ApXFziBdwnSdCNMQ5k8ucDQbXAdobHsPnVnbvWzmZvuQz3W/jFPQCDxMv+hDuuY9CDt8Rnxv5oZvcX2cPVZ5YPWXyuyYrxhw/2CEq5w/2P8nDh6KMbGANXv4z/ozC/jMozyfYbaVqHhz4/PEd0TG9HS9uJM9O2adsoBjlc7d5joA3EML32s+Ql7uRz2umSUJ3REhDFmCVY8Nit41Tzkumt8b0OfoeghTQeIYHHhMuHvSUKh6GncSqjJWQVRmdRVbDlxnnux58W8UMnBwgznIgQuTgYmeGn6jlrmDoSweAx2EQRh02+SDIeyayr+6IizWnIg0/UENkpPIj4WFPypnXNEGo1lliOYOfIpr9gX7oP27fDJLg8zPI4jAgpuFRPthANrVG7WcbqpXdd06o9gnjNiaIpIi13968WcEVO0iwzwbRrdleZ/HUAMMYY2n3wYdXH/oB2uhthtJW8HsG2swSUCvQ8xTUXEMUxB6KMHvAN4/qcZn7KTXBOfGUnDhK3IntFhSQ3zPIICZG4mKIYcN6YxtPllOR89KFc56asJq8ziqoEj3TuoW+QucBAjqvZKalBCXiCdiz20xAxk/lflv4vi3MTd89vKX1EkRtfDEtIXQDiq6gGtMspWpoWVAiRloP1AYsEI9Z/2eUilOxU4rFkXQ+uTQWzUSCyVc83azm1kc5DSno/Vwx4dj70orJoh5oAYZRgjb8xHTgHISDWJn1SYg45zKfVpFc+gLmnV7W8UrkZnCEWGWqulsvkaiHVx+mlcci07vpqHkMZ+7jTFkncbtm0bpOQvemeLWgIt6y2KxJZhhnf1A7LTKh/NTLGbl3H9fUZMp9REZRZgMXVzNXljxqEnGpUfT1KsacJSCMkunumGRSmbby1yHbY45PENF80PmCmUlTfwVaO7AVWRtuCeP5j4JKvB7nteUmNWwDufakUvIiZP/h9X/82JLyknGo3XwlB2UNy2Fatcvln6YoYS6IPlNOAROEeKpT4beRNuTPRKrYhnGwcQaeTeU73iwI3S3S+cgE56gkZrWk9o58eRXD5pX96+2XICI77wmg2DGaUOCr+SEMAhPu81SyjkzfwVhwYGtpcewWb8JoUFtPmDaw4xMhY9BWW+waxd+0M+cVSAqeVdv3a7VFN5+aaxV+KYBDmIZ8PxPXnIwrvNvPsUzDeRPHdsKR8J5/d2uA3lenUKiithvMUfuYVyk3UmUrq2xi+UkYXa0UrGhxFEY5dyancbml/OrRt3cOPQz5tW5+PBqylFkzMq4tnyOW9eeA2dMz8qvEgoR/MRHLbYf+uakDQd2+VRCWdJsRoFFeJRdILCPdyg4EpED2W+S9rOlD38IZiiaIZypaxMaaaAK0i+fZAOLK7QEYMs/nQ+jM4BUCTXmmkacv2yEQlzQ+xpzYkM+Okce0RxqAF7cvxhpl+ycmVvMljYxUdzbUG2eY31fgF+Emp9qQhInMQHgNv/jHJSH9h8faYXBe3F4U2tsA3DBuLEl8Lp0I6AKJWVGjMKzUsE3Oc4kirDBTUPRs2tWhVUfShB8KU3TaS8Qt6+y6hB3l7rkhWikL339sgnTF2cIQ3Ncc7v5+UucLP36zW+wgWGeMcl28Vlb6oUflZV7ERq4CyyVLYwkaC7GYiHgWFx+OpHBVH4td7k5GNFqDJlS0/a9FtlyC0uRKQxG7etbQyGSUzxpuyMWHZ4ME62g7zF9vI3mLo5UdAiHGOlLLuT4vfq+3HFwR5AweqSeows+KDj4YosAbQ+0y/cwqEYgIyALMFvxNeK/SWOVQzd14CQWbJNif5idJDCmIWOeW98MnlzdLpAISg6GM62uSohkk0RqipyJmrujwlw6VIM8fQ3l2h5f8g8FzEcqjjGNgv6BWLBVe1MvGnHXI+w38Akl54IEpgVepktGrBBImlvK6zQv7I1V1QvxaFRyGJ6VRKYwIW9ZHt8CthSoE2o697M8HQT58+i/CkFBKdJY0DWCuQ0zQCI8SchX6UMTt1/778Ht7YXspykIt/NeHqkWHeSNDTBzpNXNkYJTYPmtprdK+guEtbVq2bpuXKliyr3fkxf9Fsv5f072qp1as5uEopdtiPRWmDYu0OwIqzw8tjlo/1VybQ8nT/szHM8ftJTFDVem5zDo6PuPwPpdFLA9pR8GVmZmlrcvjAzDXMEW5E4ZDIYTUmtzM9CNg4nQAmOifXwGN6Rrrz46GgbwvBiT1AQcgwC1idM5vHwQckayrZ+zfmtXOhi3C4kifrmCOQd9h3mq+ZWP1SmGRR1rYdKUjKuZPFvaBipVzM3hbpYXa631EhXCRjJu6D2DMFEQHWoBjALp5ebNMp4oPg4GzAbOzFcmUVilFi3cGKD+jdMvsikOrIOKUJUMljWjPJ+putL1idx+Yw3LJIgYi2p3RHrm5c7SkxFCxRzPylnC5BVW1UUzELMJL3KXyWM9aG5WtVngx0shi3KYRa7LAifN5WODmPjsLgnZ8na0gpKxnd8AtEK/Jz+17D1t/4Y21PD6uEOQLMVIp+aX74r9UkkVMEMq5jFBEJTlTRKY9BBzl29RLSWt61VmxSyaKLaZRnTLTdLASKXAVys9LSI6CLDLjUi4BfRpJmc5UyrMTb659hMkNqEgmCRu9NGJY0oybUNHGYBqOWN/3bnpX6LqUahx4u3HNqvFmE3how2ghq4g+FMNW6O2w8qQRiIR4QfqY2YI1BFHFSlDOFzR6mmTqd3lgXWEN1ugnmcYr7TrlzP7LEjvLbmlahVe0AwCzlaqKaPwpnx+jcsznf1NtbFB7Hyf/OzajWDYqWc7X0wDMeuTBLx6oNsEPaXAgM3PWmsTmLW0NoqtpYSXd85wIFUTA+u/HuLRY9AST3k2oBkY49kCGnQ6JKpAMZAwTM1BKqtOwxQ3t2684REysBsjqXJg0iLgfEROzWElrrE+CiIlIJlgS72VXXpry0w7g2CkBysys5H6A1YN5pgnlW7prb5avbax1T9XWOvwiJj99uicLiGimwZ9eWddNQSqVKdM33a1sGvvRXGdJQgdUnxSbxQIMHbZf/eJ3JHeZx8W/Ky4XlBemHY/mmNkN3H9YOvu3oLjk4r+hFdH0COzh0eXMQYW7wploytk+v+uZLounnO63+/7p5pwZmHjO98zA/olZlEwqxXe/BCgtHFDXiuoor8uPUfG6/G+sy0Vjauh19YHC6+rLj41nE8m0XhfljDYtRkrNuqB7FvhqwlbuRmXxpGR7RmzIOMLRG1J143mGQzfuML1QmRBMrF6E61rTjscY+8lvf3MI9ekREx444+rwGdtfHTJjlMSciYllvMw4JzbypiK+scO7VJWRVurKuESCw33tS9BwWwjU9FC1yhIsFtKQUkX93hasxmcrIRXM6UJu4I68ef3DP8MWT4M6YCm57uGHraNoe6hY7e7IxMofWdTLQ4fODmIz3My6X86P1AAQG6aksJIjG6oYXXCf2wtqgXtQx5rQUOcqWmkWSH5WAD99ur92ZUvOyH74RP4rbDLqbxeR6XLm7x5/u9EpRGzJomqyPC37Ho5Nh3d2nyWjTr27z5IDrSBN1SLva0vbBOt6CKPTeiK0xZtEFqw7bdBMROC0x9uLLl43gV7eUX6jG6f31wtZIKVFsXuWxrhbPphKoKBZwjhVvjAqOO3f7CwFI6sTxEynnO7KSMHINDfZeTvOdufFMHM7Okl/UxyGTS39UB+5Gp5VXuJq3Tco6/0tF5khioquxCcWRr5ud6tosnhP62dyZrsQbgndBOx04pR4XW3wXvHu4ae1HqEuLyW6uO30jkFnMW3zF71yJmKHXDs1dFxQbV3+IMPrdNx54Nj9qG+/69uvnulwpNSAvE2xj7Gq7F5TXS3wddXNjcrzd3g0RN6tqVoBuTKBixTFyNS5K3k0RwVdgbKzEHfAhKXOmHD3IUyO5GXxIp/PurpLTEz3a6rS+tlOmC2TP4JmsV1an8CQT+wPmDWsRYDvMoqylLlj6YTaf7jPXH18+8vLXolEmVJ2Qu/0Eg3uDOy6UtL+a7UmvPPudZOPl7c7jWfeeMq3z6hBjuZ/eUlOp0K5/kjB91QObS9A5tNIfRi9ek3VcxljnDsOkZbp4Su2OLINR8oH3Kz6mXEoPiOVjyHyTJxz66yFQbG4DDXTFaTLQKN7d1fGenc+Dp16U5UpiKPcpka3mToPNI4/2FfiLGFmpuVydI3QUNWRS+NmySvJeqAXXndwyFo2oTJ2RAVZAInW1h2Pm5EANYSKHfptfaxY01YyZCpW2KFPxYrK2JYV+OTCAoii+Ts6SkrTkUAJLbyDl2R+EmQXEOLRZYtTNxO218VGguiPUf3kLnYlgM8ItEb03yp62Cgoz8BaTrj119xAes1SLJ1rDSikuLHs8CMjAzXUJkD+1SwamoWx+Z5Wvpb0ZF4HMJh4bXq4R8fUapLERj6OGk2o1jJimEbdMrN2bphlczj2fcCsATZxFN8bQvNRH+5dMs+3MM9Hx9GQ7vwSYXBUuthz2E9qdUNmfTom2dHza2Vej5r9Bv2vdbZwcfj32rVEch3YRrEMZzsH09o5TzKu9KubY1GalbwgOlpDnHHQGItTfI3AxTdUPxUVg34dBcd8676T22cpjJKce8u2lUXOv5hK6Wvy7udPaEA+fg4Pav+uDRWxA5O/hcF3ZEmZKofydiZV0toLJgXlgXJ85A42mPBRY552yG8r52IsrtZuga3WZkY+fq7ACI6rgHKfw2iA0mB05X32YIYm6LmS8j2sugCQyf5+f96xlZIV24CwPiqT+6puh1X5BQ0aGbBeSVMDH+7zfGVTe/YC6DAXB0Ho8ukJeTzEbHSOFjIne4mMlnrmBRYssCWjCxv3kIrzoCz8E30Ji5TMn4jA0lS5JQpWGafK7oqdQzmWfK9zO2Ek6rICLTMVgSZ6LTMeo18CRQXyCJ78nklDT8+Sz40UUSdj3EKmPHyhHCHlZpJW16jKRL4+pQC/NskV1SSGJXNuXzeXq8rR1XkjxD0M4k7Nu7cCazhXoHxWDBNrPm0J1uAVCwnxVA1e56C1Lra501hj66xynpRPFnvr2M3JNPNMce53XuT7hlilZ6t11Rvdy15lLni9Fuuym78d6xXTd2MXqjIzlQkMtS6BGXj8I8UKtEHvg4lMZtqvuc6BmWiEKPVFvKYb6OLaQDa5Rk0OxqnZVN6X8KYGy6w3lGs0OrUFYxdF3cR0Gze7tJEVwGm6/1JPm3SzVtIYDvHZmWB1RXdJdeHa03hs5AqJZPq6c9z8Os3WFT5Y254XbZo17DyDvq5phn088SG85V67VDF3VqtrEnL5AKYI7oVDzX+T4+LkW2hx0pI/H+A6+18xQQQVsvYkgl9phTx6HIyQnIbFTDTaky8eFDf5KCjv0h2o+ct//vKmi59n9qZ9BcN5vMbqW9cVRa+1XbMmoBo/9+j7qDXuStimobWgpQq+AI4lRImMu27phPH5WofzIbxyJQ0vx0BNQYUzLGR/YV3+UyuwO16zCipb1rMgWwoCNFrjRxsatmf7ZrpfxfYWL5Bx1tNfavZpYVc7/ZcBPZEBHW8oE0hmeILWeaJMhqzQvjPHEYRXW4T6w73FrjP9Vb7eNZrghH69HKLXUGQFqz0jp6bcnXddItVl6sVtMvWeh5bavJ7cxu3d2yeN1vDSl/a089V40FPx3DM9dH+w3FtSxrPT51PqZ70+cmnUKrljv6uGTF+SbavwvPxRgM23hhOst5dmG9aQ94LMi4pqhgK7UGIjLdc636+hzvGmXFsFsy7VrrTKc+xm3GZWjSl7HIljmXXxpijPJHmFazINhb0/TzK1AdLbSzJBzcWGAu0c8aoldTRWI43S06X6K76I+mRuy9Pl+y1NFvS6L52jjufMxRsTuWzwZ5+B6M4SHmI4ni7TdWnKbUrfxY49N1F6kaaiZiPsJvP53WPZL7v15tkYQi/VNFRtQpPigI3oSY4dZj2RTd+CnfDMavKpZTD6uHSwp1Fw6zKNRlOQ3YdV4/0Ll7B0HeXnVMhwK5/BDJhQV94KKXaJzHTpgbrOx1IQ3wGfA9XmRkEEwvDdDa62q/cff+tmEGfa1K5qJ+lSkyu9TiB5eT3WGNWYZ6P0MzPvZ8bhZkGjp7JsvWTO+4+/FeQeQBXy+sz0PNoNAieeWkZrBoqqaM0iyueOVfPLMo3VtHERieWwvfdUNOyo2Aln+7pPbidhl95eJrfKiGww3zqHrPPzML7lb3N8O5a0eE2kai5qK687wG2uyIM49Qxms5tTYYMa5NEB2pFgs8fLoviTf4PeUXvjIBL/f/g4bLcpntbmYJN/7Bd69iIZayNocbuiHp0axVYrUBDbT+xLgCH0kfrw31LNvwG6EWgP4eTFL/ZTL9x/arK2KiTKuys+GeDe6+E7vMNi5L7w1z13hM1U8HJNzKq3OwZqlJ53pl1OUHiGvVTtP7H6TFZe+WLuUl7e2esAOrp6xJ6aEJlVgrRjSdl3F3wQKefYFv3Rm10higqdUjx3KZrXv7wmQnbnfad1XJXWczvzxXDt10b3VbkktGBkkF/jSme2NL0YWj8Vxx4HSi8TsGGRwWffLoWoXyrp2IgKIY27q+Af9BhEaU7lgj+xkA0fUS7zE5dRtd/zX1UyU1fJHFAk46oJL0VjXRa52fYZbc0SlHLZPvfYqEywLGyBShXbxdc5OdlzWDOKTUyep+qyZMDDqw95R1wpsMzfcttVyFnyDycc67ChvFrva4+xEYzkLNq1G+/mN7QDjXeZ4XBHHr1/+WlgZ949TPFD1HrDVy5Ggy7a1gQfqD75Q9F9HQUbcixhI1ymW3grN04cYRMhqbyaUe/zMwgLi1sFSccDsYOOQqE5QHoKluQDj0Njpmy+XQHjxh2F5Q+ZLNj0EnLDjkISA52eJTE+xBhGQR7M95psQO1IJjh7Au5dHWbcrXQbllKFb8QwQbRM/F06yolmJvMmlRmS0J0PYsOkZeJJyG0zuDyeupKwyrWRtXu4EFtR81h87302oxhsrN1XNiTziNomWtGadzTa7Da+f/J3Nvp4RZOiD6Tb6rqWJDWt23lHzJs3d79xohiAgMMGwpvHwR1prSzcuHUAYQ7sRDS3sGVYTw9C8c4XItrBiRv8mjCH5ePbh3tClaI7d68yzkRMhQm/WRAz/ZQfn020jKrvWrmcrZtkz/yn3OBxhoqQ8C4D08aGzfswYQw9PUtw2LifJUvK+GRbWWV+N27//Li+9Jim+sd3eyYJxaY9im4RhbO34Zb/GF5MqzmVtAoOXlWateQxpuHJ7es3P9zY8CeHsA+eXZ8ncEg8Pu9ge4gulazwRpidtwdtYZ9ANWzXZI91VEOEvM+Lm02fYdPCCo/KNtUmtLJJSBrPj3qh4DNe/6YxqW1M++Y8erp8LxwxZbY4nkqdLW7GETnHBsnBOQP9cVsT4kmJoUmaT4hdlr0vhn3YZr5TUg4Fk+Nu76EizuOra+ej2v8ZTbK03aWt6HL/FaJ5JOOj+PTp4X+/+z/v74kdp2xN5hF+r12DxvZjIlXvlhl3Unm8zKrysuO2L7S0Z92AiKWaY1vVprEfNXucv0E4HEXR5SA4b2+7OG9tik5rrU5lYa3tb7QWpZkvewzeLB3eva/sRF+/a9k5sz/82V9cOnz+WkFoq3qgOTmWAM7wtOmoWSsVd1hUOFwwlT2h9ephHceglHf+WFSuZ503Kwblvc9dZ+Kyrx2nqhVU4RfuTocrf5isB1n3M4CDoQWn7XvCs+sdx8Nm9WdvlTnbvpW0wI4J+z+/e/Sj6NLBc1vbcTlV9whMV1Da/ZiMXzizru93PSITBLGkCWv1yRuKwH7umMm5jCifsXBD0tavi4elbv/jzez17M3slkhF3rx+fXv3+v6nf969/ek/7+/++Y+//3h3dzvOrX9vcZCHR0LjWPk+q6xoZEgFeXjc/GAne3jc/Fh8aAhtqVThfTug4gV9b94cAt9O1YNJQSINXADDPyKQiTnuqTsLyz0Bw3m+lnqMA1cA+/cfb97c3t7c3v77zd9/nIntzP9lFsnWC/09mB8/fyQKIqni4KavcpnMyAO+QCkXhmKHug2jRMEGlG5vzw+PhEv51HlY2GADGB7PU57puRz1TFn55vCh5OM7VsslRP6QOL1x6cNYYhRwBZ/f37/MPWPPCys0V10rBZBEtq9ocboAXnv37hoHsKP9z1sMu18spZwtqJqtJKdiNZNqNXth+fui+ovWgX/xhJYdIwYDKmEifyfJDk8imYDvuEwFgWQBcQwxiWS6K5Ki1LRaLOEX1sakd69epdmCs0hnyyX7ijgG6/IcX489NCRpK+d/2uH8hxY5ma61ViET1ECvbsRfUulB3P1kYN8eN/6xwb0A/GNMB4IIJGEOQzH1+4A/V94GJLWh9+KAr4c+fQlfIcqwlOgYfmDrpNEqEf7W+Ik7U2o9Uy8zzucjVKHuA3eXJnzCv5OhbwaPqEyQS/dEQe4/s7IewScIjvKg2+1YD+5l/xb1WAjnUTeF0JuT2BuW+y6pfQFxuPLFAkMedqOrvmugDQQKJCbEUkyBzk/nG8tTysU9snyobHq6WXUzZIIHVX6pX4qvhpJ5wue6bDVepmaKRqy+BhlLc11CLXVPJ/4BM/JOKgU6xaZzRua9tjTgmf4razFf6Z1+JcC8Yunmh1cmSucJJDPyoePJg+4Sx3Dj46O70PdLlwxMAEmVrun+GvduSQ9Ei4jdWvdC8tNCbFU+F203f/dS0GVDpiYgtyf9fB9mV06Az0LbZ2ea8EBbj4Dpdeug7wQAyzPAyrSjuBlxqWG+pZ1tU06CtoHQ2oh5iWQePAyr4zYsuQzYBZAhqPVOzHX42a+zgs5xDMWsIGo+9PwsmC2OIZiXTKBMmqmgs4MugIxB3cz/PBvqN0NQc6rNnEahE5izgs5xDMFsbc1ZdpB+k8fEKoS4CNLiSd3X3+7/JO6rJeQZ3dcsvkT3db90yUD39dzOXxfqPf9SrI608YDH6CzBFzfEl3onB3+VQ6xyVXGf8rmEI4/afFP6WRKuZggcDeTLJ/9q489MpJmZ5x9KGOcsXD4woJj1w6ecVnzVohyqXSqWaVC6l/cHFIq9l6sVxDd5K20NWjMpmgnkfTzuSKcdXOJbXkDzYIKzamg9nHXEvG9F9WiEyxWzlqs5xZ67bkfSfP9Tpn0Vp3thbgAHAoewR6KwXy9qhCra0CGAUK3IMTIolG9oaUr9eCKIZCElh1Z+oBeJ/RphImaRs0w0Pxnay5FjSsXCEsm73jaK/vZgiOTUWlGRhjPQcWCWsuSfxq3N6uB68jXgm6bkcZhNcDKajzxy7d1C39aOBf2ZdNkutgGo/Jf/HwAA//+KudXt" + return "eJzsff+PGzey5+/5KwgfFhm/m5E93mzevvnhAMfzcjeAEw9sB/uAw0GmuksS37DJDsmWrPz1BxbZ39nqbqmlkYMMFtlkRiI/9YXFqmKxeEOeYHdH9E4bSL4jxDDD4Y68+IS/ePEdITHoSLHUMCnuyP/6jhBC3B+JNtRkmiRgFIv0NeHsCci7x98IFTFJIJFqRzJNV3BNzJoaQhWQSHIOkYGYLJVMiFkDkSkoaphYeRSz7wjRa6nMPJJiyVZ3xKgMviNEAQeq4Y6s6HeELBnwWN8hoBsiaAIVMuyP2aX2s0pmqf9NgBT788V97QuJpDCUCU24jCj3o+X0zfznq/NW546kguKXodn3IKiguLHjVKBYfnoEZCkVoUQzseKA8xG5JJQkGTcMv1fhYP5TZ1r+0ySiSgiLa7/OSeFSrBp/2EON/bHQ31lUIksWoEpUtU/+D/IIKgJh6Ap0EFCmQc3SyARh6YhyiOdLLmnzA0upEmruSOrGHwf+8xryL9IVMtqSY1gCRKcgDGECgRGd0gg6aKtRYFj0pKdhrQVHE5kJcyQwry+XyNwnUAL4GComZHAvh0egEyyCy+OwFITL7U2qmFTM7EiqZARagx5Czdk4fShKFvML5DmiGgD8fIo8AJDcUmYukJeCWGDkSgoSM/30chgd57QR4/Cp3y+PyRrUhkXWNbMu3ZqKmNv/WFMVb603x4QBpbLU9K5H9fv5WD8Zai2X5luSi8V7GIXPLZsDkBug/PIkwwRhYiN5JgxVO2cCFjuMczZMmYxy/MZ2zTjgb9e71LJES9WabEt1jV/SrEHlW6BUs9YX3m4o43TBgUjBd3bz/E2wr4MYeU67eLkMKmK5NDsqlIvSrBVNWqpsxKyPi85smDeloFxslgsKRyepAu29L5SA1GbmPizFjbDrh7M/oBkmksrK0GTLOCdrugEboNKvLMkSsqE8w0Xz5fb167+Rf3PTfcGxW4OV89TGpVwBjXfE0CerH0z7UZkwktAoQrVztmXTHjSAxUL5U4em5INopwj0dWvYncxIRIUTWpXlRfJmpYAaUPYXwvGN/CwVga80STlcE7Ykf28N61TKfp0a8uPrv1lo11avnHL5tMcsSrNZzs0vTnsWQG7/2SmcP1cI++cKEr/d8OvPEu18Q17rX355gMK/vNtpvFsjzYUy0vqCoIkjG3fUh5gDKs7Dh39ZK9TllPxaekaD/BPrSV0kC8amqS+WkLEb/WUSctRuf5kkDd/yLxT/Afv+ZVIy+eb/TZF5qAdwmUR+q27ApXFziBdwnSdCNMQ5k8ucDQbXAdobHsPnVnbvWzmZvuQz3W/jFPQCDxMv+hDuuY9CDt8Rnxv5oZvcX2cPVZ5YPWXyuyYrxhw/2CEq5w/2P8nDh6KMbGANXv4z/ozC/jMozyfYbaVqHhz4/PEd0TG9HS9uJM9O2adsoBjlc7d5joA3EML32s+Ql7uRz2umSUJ3REhDFmCVY8Nit41Tzkumt8b0OfoeghTQeIYHHhMuHvSUKh6GncSqjJWQVRmdRVbDlxnnux58W8UMnBwgznIgQuTgYmeGn6jlrmDoSweAx2EQRh02+SDIeyayr+6IizWnIg0/UENkpPIj4WFPypnXNEGo1lliOYOfIpr9gX7oP27fDJLg8zPI4jAgpuFRPthANrVG7WcbqpXdd06o9gnjNiaIpIi13968WcEVO0iwzwbRrdleZ/HUAMMYY2n3wYdXH3R9E+8CKdMpnZcmRovDOi6pkisFup9pNqKcoQYq+D0DbWYJqBXoeQpqriEKYg1FvT1gm+UDaHr8lJrgnHhyTxx33SnyFhSQ3zPIICZG4gKNYcN64y1PllPb89KFc56asJq8ziqoEj3TuoW+QucBAjqvZKalBCXiCdizA05Axk+lD1D44y3MzXgivM32EkRtzDMtIXQDiq6gGmctpWpoWVAiRlqv2AZREI9Z/2eUilOxU4rFkXQ+uTQWzUSCyVc83azm1m86DSnokV0x4dj70orJoh5oAYZRgjb8xHTgHISDWJn1SYg45zKfVpFcSgXmnZ7f8UrkZnCEWGWquoAvkaiHVx+mlcci07vpqHkMnybEmbKO63bNonWdhO5N8WpBRbxlsVmTzDDO/qB2WmRC+amXM3LvPq6pyZT7iIyizAZTro6vLMPUJOJSo+jrlZU5S0AYJdMqO0YnuMpUmr+i2R5zfNKK5oPOF8xMmo4s0NqBrcjacEsYz388VeL1OK8tN6lhG8i1J5WSF2mEH17/x48tKS8Zh9ptXHJQJrMcplVPXf5pirLqgugz5TkwaYknTRV+G0moIJlIFdswDjbOwPOyfMebBaG7RTofmXQdlVitlvnekS+vYti8sn+9/RJEZOc9ARQ7RhMKfDU/hEHgIcA8lawj+3gwFhzYWlocu8WbMBrU1hOmCez4RMgYMFlg1yj+pp3Nr0BS8Kzavl+rLbr51Fyr8EsBHMI05PuZuOZkXOHdfo5lGs6bzLYTjoT3/LtbA/S+2olCFbXdYI7ax7xKuZEqW1llE8tP5+hqpWBFi+M5yrkzOY0LN+VXj75RdOgBza918+PRkKXMmpFxbfkcsaw/B8yenpFfJRZJ/IuJWG479M9NHQjq9q2CsKTbjACN8iq5QGIZ6VZ2ICAFst8i72VNH/oWzlA0QTxT0SI21kQToF08zwYQV24PwJB5Ph9CZwavEGjKM408fdkOgbik8THmxIZ8dow8pj3SALy4fTHWKNs/MbGaL2lkpLqzod44w/y+Ar8INznVhiRMZAbCa/jFPy4J6T881g6D8+L2otDeBuCGcWOZ5HPpREAXSMyKuolh5Y9tcp5LFGGFmYKiZ9OuDq06kib8UJii015sblln17nsKHfPDdFKWfieaBOkK84WhuC+5nD397g6X/jxm91iB8E6Y5Tr4rWy+hA9Ki/zIjZyVWEuWRpL0FgcxkTEs7j4cCSFq0RZ7HJ3MqLRGjShou1/LbLlEpQmVxqK2NWzhkYmo3zWcEMuPjwbJFhH22H+ehvJWxyt7FoIMda2Ws71efF7veXgiiBn8Eg9QRV+VnTwwRAF3hhql+lnVolAREAWYLbgb+d7lcYqh2ruxkso2LjB/jQ/SWJIQcQ6t7wfPrm8WSIVkBgMZVxfkxTNIInWED0VMXNFh790qAR5/hjKszu85B8MnotQHmUcA/sFtWKp8KJeyuasQ94D4RdIygMPTAm8SpWMXiWQMLGU121e2B+pqhPi16rgMDwpjUphRNiyProFbi1UIdB27GV/Pgjy4dN/EYaEUqKzpGkAcx1igkZ4lJCr0Icibr/234ff2wvbS1EWauG/PlQtOswbGWLiSK+ZIwOjxPZZS2uV9hUxb2nTsnXbvFTBkn29Iy/+L5L1/5ruVT21YjUPRyndFuupMG1YpN0RUHl+aHHUerzm2hxKnvZnPp45bi+JGapKz2XW0fEZh/e5LGJ5SDsKrszMLG1daB+AuYYpyp0wHAohpNbkZqYfAROnA8BE//wKaEzXWH92NAzkfTEgqQ84AAFuEaNzfvsg4IhkXT1j/9asdjZsERZH+nQFcwz6DvNW8y0bq1cKizzSwqYrHVExf7KwD1SsnJvBGzQt1F7vIyqEi2Tc1H0AY6YgOtACHAPQzcubZTpVfBgMnA2Yna1IprRKKVq8M0D5GaVbZlccWgURpywZKmlEez5Rd6PtFbv7wByWSxYxENHujPbIzZ2jJSWGij2akbeEyy2oqo1iImYRXiwvlcd61tqobLXCy5pGFuM2jViTBU6cz8MCN/fZWRC04+tsBSFlPbsDboF4TX5u33vY+gtvrOXxcYUgX4iRSskv3Rf/pZIsYoJQzmWEIirJmSIy7SHgKN+mXkpa06vOil0yUWwxjeqUmaaDlUiBq1B+XkJyFGSRGZdyCejTSMp0plKenXhz7SNMbkBFMknY6KURw5Jm3ISKNgbTcMT6vnfTu0LXpVTjwNuNa1aNN5vAQxtGC1lF9KEYtkJvh5UnjUAkxAvSx8wWrCGIKlaCcr6g0dMkU7/LA+sKa7BGP8k0XrPXKWf2X5bY7XZL0yq8okUBmK1UVUTjT/n8GJVjPv+barOF2ps9+d+xQcayUclyvj4LYNYjD37xQLUJfkjTBZmZs9YkNm+OaxBdjRQr6Z7nRKggAtZ/P8alxaInmPRuQjUwwrEHMux0SFSBZCBjmJiBUlKdhi1uaN8SxiFiYjVAVufCpEHE/YiYmMVKWmN9EkRMRDLBkngvu/LSlJ92AMdOCVBmZiX3A6wezDNNKN/SXXuzfG1jrXuqttbhFzH56dM9WUBEMw3+9Mq6bgpSqUyZvulur9PYj+Y6SxI6oPqk2CwWYOiw/eoXvyO5yzwu/l1xuaC8MO14NMfMbuD+w9LZvwXFJRf/Da2IpkdgD48uZw4q3KnORFPO9vldz3RZPOV0v933TzfnzMDEc75nBvZPzKJkUim++yVAaeGAuvZYR3ldfoyK1+V/Y10uGlNDr6uPJl5XX6NsPOVIpvW6KGe0aTFSatYF3bPAVxO2cjcqi2cu2zNik8gRjt6QqhvPMxy6cYfphcqEYGL1IlzXmnY8ENlPfvubQ6hPj5jwwBlXh8/Y/uqQGaMk5kxMLONlxjmxkTcV8Y0d3qWqjLRSV8YlEhzua1+ChttCoKaHqlWWYLGQhpQq6ve2YDU+WwmpYE4XcgN35M3rH/4Ztnga1AFLyXU0P2wdRdtDxWp3RyZW/siiXh46dHYQm+Fm1v1yfqQGgNgwJYWVHNlQxeiC+9xeUAvcIz/WhIa6adFKA0PyswL46dP9tStbckb2wyfyX2GTUX9PiUyXM3/3+NuNTiFiSxZVk+Vp2YtxbDq8syMuGXXq3X2WHGhPaaoWeV+r3CZY19cYndYToS3eSbJg3WmDZiICpz3eXnTxugn08o7yGx1Cvb9eyAIpLYrdszTG3fLBVAIFzRLGqfKFUcFp/2ZnKRhZnSBmOuV0V0YKRqa5yc5bhLa7QYaZ29Hd+pviMGxq6Yf6yNXwrPI6WOu+QVnvb7nIDFFUdCU+sTDydbtbRZPFe9pRkzPbhXCb6iZgpxOnxOtqg/eKdw8/rfUIdXkp0cVtp3cMOotpm78yljMRu/baqaHjgmrr8gcZXqfjzgPH7kd9+13ffvVMhyOlBuStk32MVWX3mupqga+rbm5Unr/DoyHybk3VCsiVCVykKEamzl3Jozkq6AqUnYW4AyYsdcaEuw9hciQvi1cCfdbVXWJiul9TldbPdsJsmfwRNIvt0voEhnxif8CsYS0CfJdRlKXMHUsn1P7Dfebq49tfXvZKJMqUshN6p5docGdg15WS9l+rNeGdd6+bfLy83Wk888ZTvn1GDXI0/8tLcjoVyvVHCr6ncmh7ATKfRurD6NVrqp7LGOPccYi0TA9fscWRbThSPuBm1c+MQ/EZqXwMkWfinFtnLQyKxWWoma4gXQaa77u7Mta783Ho1JuqTEEc5TY1us3UeaBx/MG+EmcJMzMtl6NrhIaqjlwaN0teSdYDvfC6g0PWsgmVsSMqyAJItLbueNyMBKghVOzQb+tjxZq2kiFTscIOfSpWVMa2rMBnIBZAFM3f9lFSmo4ESmjhHbwk85Mgu4AQjy5bnLqZsL0uNhJEf4zqJ3exKwF82qA1ov9W0cNGQXkG1nLCrb/mBtJrlmLpXGtAIcWNZYcfGRmooTYB8q9m0dAsjM33tPK1pCfzOoDBxGvTwz06plaTJDbycdRoQrWWEcM06paZtXPDLJvDse8DZg2wiaP43hCaj/pw75J5vq16PjqOhnTnlwiDo9LFnsN+UqsbMuvTMcmOnl8r83rU7Dfof62zhYvDv9euJZLrwDaKZTjbOZjWznmScaVf3RyL0qzkBdHRGuKMg8ZYnOILCS6+ofqpqBj06yg45lv3ndw+S2GU5Nxbtq0scv7FVEpfk3c/f0ID8vFzeFD7d22oiB2Y/H0OviNLylQ5lLczqZLWXjApKA+U4yN3sMGEjxrztEN+WzkXY3G1dgtstTYz8vFzBUZwXAWU+xxGA5QGoytvxgczNEHPlZRvdNUFgEz29/vzjq2UrNgGhPVRmdxXdTusyi9o0MiA9UqaGvhwn+crm9qzF0CHuTgIQpdPT8jjIWajc7SQOdlLZLTUMy+wYIEtGV3YuIdUnAdl4Z8NTFikZP5sBZamyi1RsMo4VXZX7BzKseR7ndsJI1GXFWiZqQg00WuZ8Rj9EigqkEfw5PdMGnp6lnxupIg6GeMWMuXhC+UIKTeTtLpGVSby9SkF+LVJrqgmMSyZc/u6uVxVjq7OGyHuYRB3at69FVjDuQLls2KYWPNpS7AGr1hIiKdq8DoHrXWxzZ3GGltnlfOkfLLYW8duTqaZZ4pzv/Mi3zfEKj1brave6F72KnPB67VYl9387VivmL4bu1CVmalMYKh1CczA4x8pVqANeh9MZDLTfs11DsxEI0SpL+I13UAX1wayyTVqcjBOzabyvoQ3NVhmvaFco9GpLRi7KOomptu42aWNrABO0/2Xetqkm7WSxnCIz84Eqyu6S6oL157GYyNXSCTT153j5tdptq7wwdr2vGjTrGHnGfR1TTPs44mP8y332qWKubNaXZOQywcwRXAvHGr+mxwXJ99Ci5OW/PkA19n/igkiqJC1JxH8Sivk0eNghOQ0LGai0Z588aC4yUdBeZfuQM1f/vOXN138PLM37SsYzuM1Vt/frih6re2aNQHV+LlH30etcVfCNg2tBS1V8AVwLCFKZNx1SyeMz9c6nA/hlStpeDkGagoqnGEh+wvr8p9agd3xmlVQ2bKeBdlSEKDRGj/a0LA92zfT/Sq2t3iBjLOe/lKzTwu72um/DOiJDOh4Q5lAMsMTtM4TZTJkhfadOY4gvNoi1B/uLXad6a/y9a7RBCf06+UQvYYiK1jtGTk15e686xKpLlMvbpOp9zy01Ob15DZu794+abSGl760p52vxoOeiuee6aH7g+XekjKenT6fUj/r9ZFLo1bJHftdNWT6kmxbhefljwJsvjWcYL29NNuwhrwXZF5UVDMU2IUSG2m51vl+DXWON+XaKph1qXalVZ5jN+M2s2pM2eNIHMusizdFeSbJK1yTaSjs/XmSqQ2Q3l6SCWouNhRo54hXLamjsRpplJ4u1V/xRdQnc1ueLt9vabKg133pHHU8Zy7emMhlgz/7DER3lvAQw/F0ma5LU25T+i527LmJ0os0FTUbYTeZz+8ey37ZrTfPxhB6qaahahOaFAdsRE9y7DDriWz6FuyEZ1aTTy2D0celgz2NgluXaTSaguw+rBrvX7iEpesoP6dChlv5DGbAhLryVkixS2SmSw/UdT6WgvgO+ByoNjcKIhCG725wtV29//hbN4M406Z2VTtJl5pc6XUCycvrscaoxjwbpZ+ZeT8zDjcLGj2VZeslc95//K0g9wCqkNdnpufRbhA48dQyWjNQVEVrFlE+d6yaX5ZprKaNi0gsh+29p6JhR8VOONvXfXI7Cbv09jK5VUZkg/nWOWSdn4fxLX+b49uxpMVrIlVzUVt53QFuc0UexKlnMJvdnAob1CCPDtCOBJs9XhbFn/wb9I7aGweR+P/Dx2G7TfG0Ngeb/GO/0LMXyVgbQYvbFfXo1Ci2WoGC2H5iXwIMoY/Uh/+Wav4N0I1AewgnL36xn3rh/lOTtVUhUd5d8ckA914P3+EdFiP3hb/uuSNspoKXa2JWvd0xUKP0vDPtcoLCM+ylav+J1Wey8soXc5fy8s5eB9DR1SP21ITIrBKkHUvKvrvgg0g5x7boj97sClFU6JTiuUvRvP7lNRGyO+87reOqtJ7bmS+Ga782uq/KJaEFI4P8Glc6s6XpxdD6qTj2OFB6mYANiww++3YpRP1SScdGVAhp3F0F/6DHIEpzKhf8iYVs+IhymZ+4jKr9nv+qkpm6SuaAIhlXTXgpGuuyyM22z2hrlqCUy/a5x0ZlgmVhC1Sq2C6+zsnJnsOaUWxi8jxVlyUDHl59yDviSoFl/pbbrkLOkn844ViHDeXVel97jI1gJGfRrt14N7+hHWi8ywyHO/Lo/ctPAzvz7mGKH6LWG75yMRp00bYm+ED1yR+K7uso2JBjCRvhMt3CW7lx4gibCEnl1Yx6n59BWFjcKkg6HogddBQKzQHSU7AkH3gcGjNl8+0KGDfuKCx/yGTBppeQG3YUkhjo9CyJ8SHGMAryYL7XZANqRzLB2RNw7+ow426l27CUKnwjhgmiZeLv0lFONDOZN6nMkITufBAbJi0TT0Jum8Hl8dSVhFWujazdw4XYiprH4nvvsxnFYGPtvrIhmUfUNtGK1ryj0Wa38f2Tv7PRxyuaFH0g3VbXtSSpad3OO2LevLn7jRPFAAQcNhDePA7uSGtl4catAwhzYCeiuYUtw3p6EIp3vhDRDk7c4NeEOSwf3z7cE6oU3bl7lXEmYipM+M2CmOmn/PhsomVUfdfK5WzdJHvmP+UGjzNUhIR3GZg2Nmzehwlj6OlZgsPG/SxZUsYn28oq87tx++fH9aXHNNU/vtszSSg27VF0iyicvQ23/MfwYlrNqaRVcPCq0qwljzENT25fv/nhxoY/OYR98Oz6PIFD4vF5B9tDdKlkhTfC7Lw9aAv7BKphuyZ7rKMaIuR9Xtxs+gybFlZ4VLapNqGVTULSeH7UCwWf8fo3jUltY9o359HT5XvhiCmzxfFU6mxxM47IOTZIDs4Z6I/bmhBPSgxN0nxC7LLsfTHswzbznZJyKJgcd3sPFXEeX107H9X+z2iSpe0ubUWX+68QzSMZH8WnTw//+93/eX9P7DhlazKP8HvtGjS2HxOperfMuJPK42VWlZcdt32hpT3rBkQs1RzbqjaN/ajZ4/wNwuEoii4HwXl728V5a1N0Wmt1KgtrbX+jtSjNfNlj8Gbp8O59ZSf6+l3Lzpn94c/+4tLh89cKQlvVA83JsQRwhqdNR81aqbjDosLhgqnsCa1XD+s4BqW888eicj3rvFkxKO997joTl33tOFWtoAq/cHc6XPnDZD3Iup8BHAwtOG3fE55d7zgeNqs/e6vM2fatpAV2TNj/+d2jH0WXDp7b2o7LqbpHYLqC0u7HZPzCmXV9v+sRmSCIJU1Yq0/eUAT2c8dMzmVE+YyFG5K2fl08LHX7H29mr2dvZrdEKvLm9evbu9f3P/3z7u1P/3l/989//P3Hu7vbcW79e4uDPDwSGsfK91llRSNDKsjD4+YHO9nD4+bH4kNDaEulCu/bARUv6Hvz5hD4dqoeTAoSaeACGP4RgUzMcU/dWVjuCRjO87XUYxy4Ati//3jz5vb25vb232/+/uNMbGf+L7NItl7o78H8+PkjURBJFQc3fZXLZEYe8AVKuTAUO9RtGCUKNqB0e3t+eCRcyqfOw8IGG8DweJ7yTM/lqGfKyjeHDyUf37FaLiHyh8TpjUsfxhKjgCv4/P7+Ze4Ze15YobnqWimAJLJ9RYvTBfDau3fXOIAd7X/eYtj9YinlbEHVbCU5FauZVKvZC8vfF9VftA78iye07BgxGFAJE/k7SXZ4EskEfMdlKggkC4hjiEkk012RFKWm1WIJv7A2Jr179SrNFpxFOlsu2VfEMViX5/h67KEhSVs5/9MO5z+0yMl0rbUKmaAGenUj/pJKD+LuJwP79rjxjw3uBeAfYzoQRCAJcxiKqd8H/LnyNiCpDb0XB3w99OlL+ApRhqVEx/ADWyeNVonwt8ZP3JlS65l6mXE+H6EKdR+4uzThE/6dDH0zeERlgly6Jwpy/5mV9Qg+QXCUB91ux3pwL/u3qMdCOI+6KYTenMTesNx3Se0LiMOVLxYY8rAbXfVdA20gUCAxIZZiCnR+Ot9YnlIu7pHlQ2XT082qmyETPKjyS/1SfDWUzBM+12Wr8TI1UzRi9TXIWJrrEmqpezrxD5iRd1Ip0Ck2nTMy77WlAc/0X1mL+Urv9CsB5hVLNz+8MlE6TyCZkQ8dTx50lziGGx8f3YW+X7pkYAJIqnRN99e4d0t6IFpE7Na6F5KfFmKr8rlou/m7l4IuGzI1Abk96ef7MLtyAnwW2j4704QH2noETK9bB30nAFieAVamHcXNiEsN8y3tbJtyErQNhNZGzEsk8+BhWB23YcllwC6ADEGtd2Kuw89+nRV0jmMoZgVR86HnZ8FscQzBvGQCZdJMBZ0ddAFkDOpm/ufZUL8ZgppTbeY0Cp3AnBV0jmMIZmtrzrKD9Js8JlYhxEWQFk/qvv52/ydxXy0hz+i+ZvEluq/7pUsGuq/ndv66UO/5l2J1pI0HPEZnCb64Ib7UOzn4qxxilauK+5TPJRx51Oab0s+ScDVD4GggXz75Vxt/ZiLNzDz/UMI4Z+HygQHFrB8+5bTiqxblUO1SsUyD0r28P6BQ7L1crSC+yVtpa9CaSdFMIO/jcUc67eAS3/ICmgcTnFVD6+GsI+Z9K6pHI1yumLVczSn23HU7kub7nzLtqzjdC3MDOBA4hD0Shf16USNU0YYOAYRqRY6RQaF8Q0tT6scTQSQLKTm08gO9SOzXCBMxi5xlovnJ0F6OHFMqFpZI3vW2UfS3B0Mkp9aKijScgY4Ds5Ql/zRubVYH15OvAd80JY/DbIKT0XzkkWvvFvq2dizoz6TLdrENQOW//P8AAAD//6eg+V4=" } diff --git a/metricbeat/module/system/test_system.py b/metricbeat/module/system/test_system.py index 30a6770edc76..65f1d08ba80f 100644 --- a/metricbeat/module/system/test_system.py +++ b/metricbeat/module/system/test_system.py @@ -39,7 +39,7 @@ "write.bytes", "read.time", "write.time"] SYSTEM_DISKIO_FIELDS_LINUX = ["name", "read.count", "write.count", "read.bytes", - "write.bytes", "read.time", "write.time", "io.time", + "write.bytes", "read.time", "write.time", "io.time", "io.ops", "iostat.read.request.merges_per_sec", "iostat.write.request.merges_per_sec", "iostat.read.request.per_sec", "iostat.write.request.per_sec", "iostat.read.per_sec.bytes", "iostat.write.per_sec.bytes" "iostat.request.avg_size", "iostat.queue.avg_size", "iostat.await", "iostat.service_time", "iostat.busy"] From ca9550f5c8243428c84d7a32843360875e6e3736 Mon Sep 17 00:00:00 2001 From: Adrian Serrano Date: Tue, 24 Nov 2020 10:23:48 +0100 Subject: [PATCH 15/41] [Auditbeat] Recover from errors in audit monitoring routine (#22673) The auditd module spawns a monitoring goroutine that fetches auditd status every 15s. Due to this routine using a single audit client, if an update fails (because a netlink message is late or other causes), the audit client can get out of sync with the stream, failing in all subsequent requests. For reasons that aren't 100% clear to me at the moment, this error condition leads to a lot of `[audit_send_repl]` (2.6.x) / `[audit_send_reply]` (3.x+) kernel threads being created. ``` ERROR [auditd] auditd/audit_linux.go:183 get status request failed:failed to get audit status ack: unexpected sequence number for reply (expected 6286 but got 6285) ``` ``` $ ps -ef [...] root 27790 2 0 12:52 ? 00:00:00 [audit_send_repl] root 27791 2 0 12:52 ? 00:00:00 [audit_send_repl] root 27792 2 0 12:52 ? 00:00:00 [audit_send_repl] root 27793 2 0 12:52 ? 00:00:00 [audit_send_repl] root 27794 2 0 12:52 ? 00:00:00 [audit_send_repl] root 27795 2 0 12:52 ? 00:00:00 [audit_send_repl] root 27796 2 0 12:52 ? 00:00:00 [audit_send_repl] root 27797 2 0 12:52 ? 00:00:00 [audit_send_repl] root 27798 2 0 12:52 ? 00:00:00 [audit_send_repl] root 27799 2 0 12:52 ? 00:00:00 [audit_send_repl] root 27800 2 0 12:52 ? 00:00:00 [audit_send_repl] root 27801 2 0 12:52 ? 00:00:00 [audit_send_repl] root 27802 2 0 12:52 ? 00:00:00 [audit_send_repl] root 27803 2 0 12:52 ? 00:00:00 [audit_send_repl] root 27804 2 0 12:52 ? 00:00:00 [audit_send_repl] root 27805 2 0 12:52 ? 00:00:00 [audit_send_repl] root 27806 2 0 12:52 ? 00:00:00 [audit_send_repl] root 27807 2 0 12:52 ? 00:00:00 [audit_send_repl] root 27808 2 0 12:52 ? 00:00:00 [audit_send_repl] [...] ``` This patch updates the error-handling logic to create a new audit client when a status update fails, allowing to recover and preventing the proliferation of `audit_send_repl` kernel threads. --- CHANGELOG.next.asciidoc | 1 + auditbeat/module/auditd/audit_linux.go | 15 ++++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 2332cbb14a06..8ca62532740b 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -232,6 +232,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - system/socket: Fix kprobe grouping to allow running more than one instance. {pull}20325[20325] - system/socket: Fixed a crash due to concurrent map read and write. {issue}21192[21192] {pull}21690[21690] - file_integrity: stop monitoring excluded paths {issue}21278[21278] {pull}21282[21282] +- auditd: Fix an error condition causing a lot of `audit_send_reply` kernel threads being created. {pull}22673[22673] *Filebeat* diff --git a/auditbeat/module/auditd/audit_linux.go b/auditbeat/module/auditd/audit_linux.go index 1586eaeaffa9..a2c9e0048774 100644 --- a/auditbeat/module/auditd/audit_linux.go +++ b/auditbeat/module/auditd/audit_linux.go @@ -163,7 +163,11 @@ func (ms *MetricSet) Run(reporter mb.PushReporterV2) { ms.log.Errorw("Failure creating audit monitoring client", "error", err) } go func() { - defer client.Close() + defer func() { // Close the most recently allocated "client" instance. + if client != nil { + client.Close() + } + }() timer := time.NewTicker(lostEventsUpdateInterval) defer timer.Stop() for { @@ -175,6 +179,15 @@ func (ms *MetricSet) Run(reporter mb.PushReporterV2) { ms.updateKernelLostMetric(status.Lost) } else { ms.log.Error("get status request failed:", err) + if err = client.Close(); err != nil { + ms.log.Errorw("Error closing audit monitoring client", "error", err) + } + client, err = libaudit.NewAuditClient(nil) + if err != nil { + ms.log.Errorw("Failure creating audit monitoring client", "error", err) + reporter.Error(err) + return + } } } } From 38f436a1f7d8977e1421124fc4ded59efd81f59c Mon Sep 17 00:00:00 2001 From: Michal Pristas Date: Tue, 24 Nov 2020 10:57:19 +0100 Subject: [PATCH 16/41] [Ingest Manager] Log level reloadable from fleet (#22690) [Ingest Manager] Log level reloadable from fleet (#22690) --- libbeat/logp/core.go | 12 ++-- libbeat/logp/level.go | 3 +- x-pack/elastic-agent/CHANGELOG.next.asciidoc | 1 + .../pkg/agent/application/application.go | 15 +++-- .../pkg/agent/application/config_test.go | 4 +- .../application/handler_action_settings.go | 52 +++++++++++++++ .../pkg/agent/application/info/agent_id.go | 38 +++++++++-- .../pkg/agent/application/info/agent_info.go | 41 +++++++----- .../agent/application/info/agent_metadata.go | 4 ++ .../agent/application/inspect_config_cmd.go | 2 +- .../agent/application/inspect_output_cmd.go | 4 +- .../pkg/agent/application/local_mode.go | 5 +- .../pkg/agent/application/managed_mode.go | 15 +++-- x-pack/elastic-agent/pkg/agent/cmd/run.go | 65 ++++++++++++++++++- .../elastic-agent/pkg/core/logger/logger.go | 8 +-- x-pack/elastic-agent/pkg/fleetapi/action.go | 41 ++++++++++++ 16 files changed, 255 insertions(+), 55 deletions(-) create mode 100644 x-pack/elastic-agent/pkg/agent/application/handler_action_settings.go diff --git a/libbeat/logp/core.go b/libbeat/logp/core.go index afb4f57378dc..7ccfacde5ff8 100644 --- a/libbeat/logp/core.go +++ b/libbeat/logp/core.go @@ -79,7 +79,7 @@ func ConfigureWithOutputs(cfg Config, outputs ...zapcore.Core) error { // Build a single output (stderr has priority if more than one are enabled). if cfg.toObserver { - sink, observedLogs = observer.New(cfg.Level.zapLevel()) + sink, observedLogs = observer.New(cfg.Level.ZapLevel()) } else { sink, err = createLogOutput(cfg) } @@ -201,16 +201,16 @@ func makeOptions(cfg Config) []zap.Option { func makeStderrOutput(cfg Config) (zapcore.Core, error) { stderr := zapcore.Lock(os.Stderr) - return newCore(cfg, buildEncoder(cfg), stderr, cfg.Level.zapLevel()), nil + return newCore(cfg, buildEncoder(cfg), stderr, cfg.Level.ZapLevel()), nil } func makeDiscardOutput(cfg Config) (zapcore.Core, error) { discard := zapcore.AddSync(ioutil.Discard) - return newCore(cfg, buildEncoder(cfg), discard, cfg.Level.zapLevel()), nil + return newCore(cfg, buildEncoder(cfg), discard, cfg.Level.ZapLevel()), nil } func makeSyslogOutput(cfg Config) (zapcore.Core, error) { - core, err := newSyslog(buildEncoder(cfg), cfg.Level.zapLevel()) + core, err := newSyslog(buildEncoder(cfg), cfg.Level.ZapLevel()) if err != nil { return nil, err } @@ -218,7 +218,7 @@ func makeSyslogOutput(cfg Config) (zapcore.Core, error) { } func makeEventLogOutput(cfg Config) (zapcore.Core, error) { - core, err := newEventLog(cfg.Beat, buildEncoder(cfg), cfg.Level.zapLevel()) + core, err := newEventLog(cfg.Beat, buildEncoder(cfg), cfg.Level.ZapLevel()) if err != nil { return nil, err } @@ -244,7 +244,7 @@ func makeFileOutput(cfg Config) (zapcore.Core, error) { return nil, errors.Wrap(err, "failed to create file rotator") } - return newCore(cfg, buildEncoder(cfg), rotator, cfg.Level.zapLevel()), nil + return newCore(cfg, buildEncoder(cfg), rotator, cfg.Level.ZapLevel()), nil } func newCore(cfg Config, enc zapcore.Encoder, ws zapcore.WriteSyncer, enab zapcore.LevelEnabler) zapcore.Core { diff --git a/libbeat/logp/level.go b/libbeat/logp/level.go index 95e7c5c77947..f1699d46e538 100644 --- a/libbeat/logp/level.go +++ b/libbeat/logp/level.go @@ -101,7 +101,8 @@ func (l Level) MarshalJSON() ([]byte, error) { return nil, errors.Errorf("invalid level '%d'", l) } -func (l Level) zapLevel() zapcore.Level { +// ZapLevel returns zap alternative to logp.Level. +func (l Level) ZapLevel() zapcore.Level { z, found := zapLevels[l] if found { return z diff --git a/x-pack/elastic-agent/CHANGELOG.next.asciidoc b/x-pack/elastic-agent/CHANGELOG.next.asciidoc index 9864728cc146..f2e702734360 100644 --- a/x-pack/elastic-agent/CHANGELOG.next.asciidoc +++ b/x-pack/elastic-agent/CHANGELOG.next.asciidoc @@ -51,3 +51,4 @@ - Removed `install-service.ps1` and `uninstall-service.ps1` from Windows .zip packaging {pull}21694[21694] - Add `priority` to `AddOrUpdate` on dynamic composable input providers communication channel {pull}22352[22352] - Ship `endpoint-security` logs to elasticsearch {pull}22526[22526] +- Log level reloadable from fleet {pull}22690[22690] diff --git a/x-pack/elastic-agent/pkg/agent/application/application.go b/x-pack/elastic-agent/pkg/agent/application/application.go index d721a8aa1487..f87cad3a09cd 100644 --- a/x-pack/elastic-agent/pkg/agent/application/application.go +++ b/x-pack/elastic-agent/pkg/agent/application/application.go @@ -31,7 +31,7 @@ type upgraderControl interface { } // New creates a new Agent and bootstrap the required subsystem. -func New(log *logger.Logger, pathConfigFile string, reexec reexecManager, uc upgraderControl) (Application, error) { +func New(log *logger.Logger, pathConfigFile string, reexec reexecManager, uc upgraderControl, agentInfo *info.AgentInfo) (Application, error) { // Load configuration from disk to understand in which mode of operation // we must start the elastic-agent, the mode of operation cannot be changed without restarting the // elastic-agent. @@ -44,7 +44,7 @@ func New(log *logger.Logger, pathConfigFile string, reexec reexecManager, uc upg return nil, err } - return createApplication(log, pathConfigFile, rawConfig, reexec, uc) + return createApplication(log, pathConfigFile, rawConfig, reexec, uc, agentInfo) } func createApplication( @@ -53,6 +53,7 @@ func createApplication( rawConfig *config.Config, reexec reexecManager, uc upgraderControl, + agentInfo *info.AgentInfo, ) (Application, error) { warn.LogNotGA(log) log.Info("Detecting execution mode") @@ -63,16 +64,16 @@ func createApplication( return nil, err } - if isStandalone(cfg.Fleet) { + if IsStandalone(cfg.Fleet) { log.Info("Agent is managed locally") - return newLocal(ctx, log, pathConfigFile, rawConfig, reexec, uc) + return newLocal(ctx, log, pathConfigFile, rawConfig, reexec, uc, agentInfo) } log.Info("Agent is managed by Fleet") - return newManaged(ctx, log, rawConfig, reexec) + return newManaged(ctx, log, rawConfig, reexec, agentInfo) } -// missing of fleet.enabled: true or fleet.{access_token,kibana} will place Elastic Agent into standalone mode. -func isStandalone(cfg *configuration.FleetAgentConfig) bool { +// IsStandalone decides based on missing of fleet.enabled: true or fleet.{access_token,kibana} will place Elastic Agent into standalone mode. +func IsStandalone(cfg *configuration.FleetAgentConfig) bool { return cfg == nil || !cfg.Enabled } diff --git a/x-pack/elastic-agent/pkg/agent/application/config_test.go b/x-pack/elastic-agent/pkg/agent/application/config_test.go index 4d4527a1e605..09acd68dd83a 100644 --- a/x-pack/elastic-agent/pkg/agent/application/config_test.go +++ b/x-pack/elastic-agent/pkg/agent/application/config_test.go @@ -70,7 +70,7 @@ func testMgmtMode(t *testing.T) { err := c.Unpack(&m) require.NoError(t, err) assert.Equal(t, false, m.Fleet.Enabled) - assert.Equal(t, true, isStandalone(m.Fleet)) + assert.Equal(t, true, IsStandalone(m.Fleet)) }) @@ -80,7 +80,7 @@ func testMgmtMode(t *testing.T) { err := c.Unpack(&m) require.NoError(t, err) assert.Equal(t, true, m.Fleet.Enabled) - assert.Equal(t, false, isStandalone(m.Fleet)) + assert.Equal(t, false, IsStandalone(m.Fleet)) }) } diff --git a/x-pack/elastic-agent/pkg/agent/application/handler_action_settings.go b/x-pack/elastic-agent/pkg/agent/application/handler_action_settings.go new file mode 100644 index 000000000000..bb0e2def363d --- /dev/null +++ b/x-pack/elastic-agent/pkg/agent/application/handler_action_settings.go @@ -0,0 +1,52 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package application + +import ( + "context" + "fmt" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" +) + +// handlerSettings handles settings change coming from fleet and updates log level. +type handlerSettings struct { + log *logger.Logger + reexec reexecManager + agentInfo *info.AgentInfo +} + +// Handle handles SETTINGS action. +func (h *handlerSettings) Handle(ctx context.Context, a action, acker fleetAcker) error { + h.log.Debugf("handlerUpgrade: action '%+v' received", a) + action, ok := a.(*fleetapi.ActionSettings) + if !ok { + return fmt.Errorf("invalid type, expected ActionSettings and received %T", a) + } + + if !isSupportedLogLevel(action.LogLevel) { + return fmt.Errorf("invalid log level, expected debug|info|warning|error and received '%s'", action.LogLevel) + } + + if err := h.agentInfo.LogLevel(action.LogLevel); err != nil { + return errors.New("failed to update log level", err) + } + + if err := acker.Ack(ctx, a); err != nil { + h.log.Errorf("failed to acknowledge SETTINGS action with id '%s'", action.ActionID) + } else if err := acker.Commit(ctx); err != nil { + h.log.Errorf("failed to commit acker after acknowledging action with id '%s'", action.ActionID) + } + + h.reexec.ReExec() + return nil +} + +func isSupportedLogLevel(level string) bool { + return level == "error" || level == "debug" || level == "info" || level == "warning" +} diff --git a/x-pack/elastic-agent/pkg/agent/application/info/agent_id.go b/x-pack/elastic-agent/pkg/agent/application/info/agent_id.go index a93483ca1cd8..f18fa542a251 100644 --- a/x-pack/elastic-agent/pkg/agent/application/info/agent_id.go +++ b/x-pack/elastic-agent/pkg/agent/application/info/agent_id.go @@ -26,8 +26,11 @@ const agentInfoKey = "agent" // defaultAgentActionStoreFile is the file that will contains the action that can be replayed after restart. const defaultAgentActionStoreFile = "action_store.yml" +const defaultLogLevel = "info" + type persistentAgentInfo struct { - ID string `json:"id" yaml:"id" config:"id"` + ID string `json:"id" yaml:"id" config:"id"` + LogLevel string `json:"logging.level,omitempty" yaml:"logging.level,omitempty" config:"logging.level,omitempty"` } type ioStore interface { @@ -45,6 +48,25 @@ func AgentActionStoreFile() string { return filepath.Join(paths.Home(), defaultAgentActionStoreFile) } +// updateLogLevel updates log level and persists it to disk. +func updateLogLevel(level string) error { + ai, err := loadAgentInfo(false, defaultLogLevel) + if err != nil { + return err + } + + if ai.LogLevel == level { + // no action needed + return nil + } + + agentConfigFile := AgentConfigFile() + s := storage.NewDiskStore(agentConfigFile) + + ai.LogLevel = level + return updateAgentInfo(s, ai) +} + func generateAgentID() (string, error) { uid, err := uuid.NewV4() if err != nil { @@ -54,11 +76,11 @@ func generateAgentID() (string, error) { return uid.String(), nil } -func loadAgentInfo(forceUpdate bool) (*persistentAgentInfo, error) { +func loadAgentInfo(forceUpdate bool, logLevel string) (*persistentAgentInfo, error) { agentConfigFile := AgentConfigFile() s := storage.NewDiskStore(agentConfigFile) - agentinfo, err := getInfoFromStore(s) + agentinfo, err := getInfoFromStore(s, logLevel) if err != nil { return nil, err } @@ -79,7 +101,7 @@ func loadAgentInfo(forceUpdate bool) (*persistentAgentInfo, error) { return agentinfo, nil } -func getInfoFromStore(s ioStore) (*persistentAgentInfo, error) { +func getInfoFromStore(s ioStore, logLevel string) (*persistentAgentInfo, error) { agentConfigFile := AgentConfigFile() reader, err := s.Load() if err != nil { @@ -104,7 +126,9 @@ func getInfoFromStore(s ioStore) (*persistentAgentInfo, error) { agentInfoSubMap, found := configMap[agentInfoKey] if !found { - return &persistentAgentInfo{}, nil + return &persistentAgentInfo{ + LogLevel: logLevel, + }, nil } cc, err := config.NewConfigFrom(agentInfoSubMap) @@ -112,7 +136,9 @@ func getInfoFromStore(s ioStore) (*persistentAgentInfo, error) { return nil, errors.New(err, "failed to create config from agent info submap") } - pid := &persistentAgentInfo{} + pid := &persistentAgentInfo{ + LogLevel: logLevel, + } if err := cc.Unpack(&pid); err != nil { return nil, errors.New(err, "failed to unpack stored config to map") } diff --git a/x-pack/elastic-agent/pkg/agent/application/info/agent_info.go b/x-pack/elastic-agent/pkg/agent/application/info/agent_info.go index b0abbe19e64b..827ae6300b9a 100644 --- a/x-pack/elastic-agent/pkg/agent/application/info/agent_info.go +++ b/x-pack/elastic-agent/pkg/agent/application/info/agent_info.go @@ -4,42 +4,51 @@ package info -import "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/release" +import ( + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/release" +) // AgentInfo is a collection of information about agent. type AgentInfo struct { - agentID string + agentID string + logLevel string } -// NewAgentInfo creates a new agent information. +// NewAgentInfoWithLog creates a new agent information. // In case when agent ID was already created it returns, // this created ID otherwise it generates // new unique identifier for agent. // If agent config file does not exist it gets created. -func NewAgentInfo() (*AgentInfo, error) { - agentInfo, err := loadAgentInfo(false) +// Initiates log level to predefined value. +func NewAgentInfoWithLog(level string) (*AgentInfo, error) { + agentInfo, err := loadAgentInfo(false, level) if err != nil { return nil, err } return &AgentInfo{ - agentID: agentInfo.ID, + agentID: agentInfo.ID, + logLevel: agentInfo.LogLevel, }, nil } -// ForceNewAgentInfo creates a new agent information. -// Generates new unique identifier for agent regardless -// of any existing ID. +// NewAgentInfo creates a new agent information. +// In case when agent ID was already created it returns, +// this created ID otherwise it generates +// new unique identifier for agent. // If agent config file does not exist it gets created. -func ForceNewAgentInfo() (*AgentInfo, error) { - agentInfo, err := loadAgentInfo(true) - if err != nil { - return nil, err +func NewAgentInfo() (*AgentInfo, error) { + return NewAgentInfoWithLog(defaultLogLevel) +} + +// LogLevel updates log level of agent. +func (i *AgentInfo) LogLevel(level string) error { + if err := updateLogLevel(level); err != nil { + return err } - return &AgentInfo{ - agentID: agentInfo.ID, - }, nil + i.logLevel = level + return nil } // AgentID returns an agent identifier. diff --git a/x-pack/elastic-agent/pkg/agent/application/info/agent_metadata.go b/x-pack/elastic-agent/pkg/agent/application/info/agent_metadata.go index c5712646cfb3..af35372ac2e9 100644 --- a/x-pack/elastic-agent/pkg/agent/application/info/agent_metadata.go +++ b/x-pack/elastic-agent/pkg/agent/application/info/agent_metadata.go @@ -40,6 +40,9 @@ type AgentECSMeta struct { BuildOriginal string `json:"build.original"` // Upgradeable is a flag specifying if it is possible for agent to be upgraded. Upgradeable bool `json:"upgradeable"` + // LogLevel describes currently set log level. + // Possible values: "debug"|"info"|"warning"|"error" + LogLevel string `json:"log_level"` } // SystemECSMeta is a collection of operating system metadata in ECS compliant object form. @@ -140,6 +143,7 @@ func (i *AgentInfo) ECSMetadata() (*ECSMeta, error) { // only upgradeable if running from Agent installer and running under the // control of the system supervisor (or built specifically with upgrading enabled) Upgradeable: release.Upgradeable() || (install.RunningInstalled() && install.RunningUnderSupervisor()), + LogLevel: i.logLevel, }, }, Host: &HostECSMeta{ diff --git a/x-pack/elastic-agent/pkg/agent/application/inspect_config_cmd.go b/x-pack/elastic-agent/pkg/agent/application/inspect_config_cmd.go index edf1ad8cdf27..f1bd2893bf00 100644 --- a/x-pack/elastic-agent/pkg/agent/application/inspect_config_cmd.go +++ b/x-pack/elastic-agent/pkg/agent/application/inspect_config_cmd.go @@ -46,7 +46,7 @@ func (c *InspectConfigCmd) inspectConfig() error { return err } - if isStandalone(cfg.Fleet) { + if IsStandalone(cfg.Fleet) { return printConfig(rawConfig) } diff --git a/x-pack/elastic-agent/pkg/agent/application/inspect_output_cmd.go b/x-pack/elastic-agent/pkg/agent/application/inspect_output_cmd.go index bb319ce15694..39c578344c45 100644 --- a/x-pack/elastic-agent/pkg/agent/application/inspect_output_cmd.go +++ b/x-pack/elastic-agent/pkg/agent/application/inspect_output_cmd.go @@ -66,7 +66,7 @@ func (c *InspectOutputCmd) inspectOutputs(agentInfo *info.AgentInfo) error { return err } - if isStandalone(cfg.Fleet) { + if IsStandalone(cfg.Fleet) { return listOutputsFromConfig(l, agentInfo, rawConfig) } @@ -119,7 +119,7 @@ func (c *InspectOutputCmd) inspectOutput(agentInfo *info.AgentInfo) error { return err } - if isStandalone(cfg.Fleet) { + if IsStandalone(cfg.Fleet) { return printOutputFromConfig(l, agentInfo, c.output, c.program, rawConfig) } diff --git a/x-pack/elastic-agent/pkg/agent/application/local_mode.go b/x-pack/elastic-agent/pkg/agent/application/local_mode.go index f0c4153f474e..b1736485cebf 100644 --- a/x-pack/elastic-agent/pkg/agent/application/local_mode.go +++ b/x-pack/elastic-agent/pkg/agent/application/local_mode.go @@ -63,6 +63,7 @@ func newLocal( rawConfig *config.Config, reexec reexecManager, uc upgraderControl, + agentInfo *info.AgentInfo, ) (*Local, error) { cfg, err := configuration.NewFromConfig(rawConfig) if err != nil { @@ -75,10 +76,6 @@ func newLocal( return nil, err } } - agentInfo, err := info.NewAgentInfo() - if err != nil { - return nil, err - } logR := logreporter.NewReporter(log) diff --git a/x-pack/elastic-agent/pkg/agent/application/managed_mode.go b/x-pack/elastic-agent/pkg/agent/application/managed_mode.go index fa31215f75d3..aab53374c120 100644 --- a/x-pack/elastic-agent/pkg/agent/application/managed_mode.go +++ b/x-pack/elastic-agent/pkg/agent/application/managed_mode.go @@ -62,12 +62,8 @@ func newManaged( log *logger.Logger, rawConfig *config.Config, reexec reexecManager, + agentInfo *info.AgentInfo, ) (*Managed, error) { - agentInfo, err := info.NewAgentInfo() - if err != nil { - return nil, err - } - path := info.AgentConfigFile() store := storage.NewDiskStore(path) @@ -241,6 +237,15 @@ func newManaged( }, ) + actionDispatcher.MustRegister( + &fleetapi.ActionSettings{}, + &handlerSettings{ + log: log, + reexec: reexec, + agentInfo: agentInfo, + }, + ) + actionDispatcher.MustRegister( &fleetapi.ActionUnknown{}, &handlerUnknown{log: log}, diff --git a/x-pack/elastic-agent/pkg/agent/cmd/run.go b/x-pack/elastic-agent/pkg/agent/cmd/run.go index b014cd69084b..95df0700f726 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/run.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/run.go @@ -17,12 +17,15 @@ import ( "github.com/elastic/beats/v7/libbeat/service" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/paths" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/reexec" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/control/server" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/cli" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/release" ) @@ -75,6 +78,10 @@ func run(flags *globalFlags, streams *cli.IOStreams) error { // Windows: Mark se errors.M(errors.MetaKeyPath, pathConfigFile)) } + if err := getOverwrites(rawConfig); err != nil { + return errors.New(err, "could not read overwrites") + } + cfg, err := configuration.NewFromConfig(rawConfig) if err != nil { return errors.New(err, @@ -83,6 +90,14 @@ func run(flags *globalFlags, streams *cli.IOStreams) error { // Windows: Mark se errors.M(errors.MetaKeyPath, pathConfigFile)) } + agentInfo, err := info.NewAgentInfoWithLog(defaultLogLevel(cfg)) + if err != nil { + return errors.New(err, + "could not load agent info", + errors.TypeFilesystem, + errors.M(errors.MetaKeyPath, pathConfigFile)) + } + logger, err := logger.NewFromConfig("", cfg.Settings.LoggingConfig) if err != nil { return err @@ -106,7 +121,7 @@ func run(flags *globalFlags, streams *cli.IOStreams) error { // Windows: Mark se } defer control.Stop() - app, err := application.New(logger, pathConfigFile, rex, control) + app, err := application.New(logger, pathConfigFile, rex, control, agentInfo) if err != nil { return err } @@ -164,3 +179,51 @@ func reexecPath() (string, error) { return potentialReexec, nil } + +func getOverwrites(rawConfig *config.Config) error { + path := info.AgentConfigFile() + + store := storage.NewDiskStore(path) + reader, err := store.Load() + if err != nil && errors.Is(err, os.ErrNotExist) { + // no fleet file ignore + return nil + } else if err != nil { + return errors.New(err, "could not initialize config store", + errors.TypeFilesystem, + errors.M(errors.MetaKeyPath, path)) + } + + config, err := config.NewConfigFrom(reader) + if err != nil { + return errors.New(err, + fmt.Sprintf("fail to read configuration %s for the elastic-agent", path), + errors.TypeFilesystem, + errors.M(errors.MetaKeyPath, path)) + } + + err = rawConfig.Merge(config) + if err != nil { + return errors.New(err, + fmt.Sprintf("fail to merge configuration with %s for the elastic-agent", path), + errors.TypeConfig, + errors.M(errors.MetaKeyPath, path)) + } + + return nil +} + +func defaultLogLevel(cfg *configuration.Configuration) string { + if application.IsStandalone(cfg.Fleet) { + // for standalone always take the one from config and don't override + return "" + } + + defaultLogLevel := logger.DefaultLoggingConfig().Level.String() + if configuredLevel := cfg.Settings.LoggingConfig.Level.String(); configuredLevel != "" && configuredLevel != defaultLogLevel { + // predefined log level + return configuredLevel + } + + return defaultLogLevel +} diff --git a/x-pack/elastic-agent/pkg/core/logger/logger.go b/x-pack/elastic-agent/pkg/core/logger/logger.go index a2886ccf28ee..3f36e2b540a5 100644 --- a/x-pack/elastic-agent/pkg/core/logger/logger.go +++ b/x-pack/elastic-agent/pkg/core/logger/logger.go @@ -54,7 +54,7 @@ func new(name string, cfg *Config) (*Logger, error) { if err != nil { return nil, err } - internal, err := makeInternalFileOutput() + internal, err := makeInternalFileOutput(cfg) if err != nil { return nil, err } @@ -86,7 +86,7 @@ func toCommonConfig(cfg *Config) (*common.Config, error) { func DefaultLoggingConfig() *Config { cfg := logp.DefaultConfig(logp.DefaultEnvironment) cfg.Beat = agentName - cfg.Level = logp.DebugLevel + cfg.Level = logp.InfoLevel cfg.Files.Path = paths.Logs() cfg.Files.Name = fmt.Sprintf("%s.log", agentName) @@ -96,7 +96,7 @@ func DefaultLoggingConfig() *Config { // makeInternalFileOutput creates a zapcore.Core logger that cannot be changed with configuration. // // This is the logger that the spawned filebeat expects to read the log file from and ship to ES. -func makeInternalFileOutput() (zapcore.Core, error) { +func makeInternalFileOutput(cfg *Config) (zapcore.Core, error) { // defaultCfg is used to set the defaults for the file rotation of the internal logging // these settings cannot be changed by a user configuration defaultCfg := logp.DefaultConfig(logp.DefaultEnvironment) @@ -115,5 +115,5 @@ func makeInternalFileOutput() (zapcore.Core, error) { } encoder := zapcore.NewJSONEncoder(ecszap.ECSCompatibleEncoderConfig(logp.JSONEncoderConfig())) - return ecszap.WrapCore(zapcore.NewCore(encoder, rotator, zapcore.DebugLevel)), nil + return ecszap.WrapCore(zapcore.NewCore(encoder, rotator, cfg.Level.ZapLevel())), nil } diff --git a/x-pack/elastic-agent/pkg/fleetapi/action.go b/x-pack/elastic-agent/pkg/fleetapi/action.go index 2329546629cf..211b9199f2f9 100644 --- a/x-pack/elastic-agent/pkg/fleetapi/action.go +++ b/x-pack/elastic-agent/pkg/fleetapi/action.go @@ -19,6 +19,8 @@ const ( ActionTypeUnenroll = "UNENROLL" // ActionTypePolicyChange specifies policy change action. ActionTypePolicyChange = "POLICY_CHANGE" + // ActionTypeSettings specifies change of agent settings. + ActionTypeSettings = "SETTINGS" ) // Action base interface for all the implemented action from the fleet API. @@ -145,6 +147,34 @@ func (a *ActionUnenroll) ID() string { return a.ActionID } +// ActionSettings is a request to change agent settings. +type ActionSettings struct { + ActionID string + ActionType string + LogLevel string `json:"log_level"` +} + +func (a *ActionSettings) String() string { + var s strings.Builder + s.WriteString("action_id: ") + s.WriteString(a.ActionID) + s.WriteString(", type: ") + s.WriteString(a.ActionType) + s.WriteString(", log_level: ") + s.WriteString(a.LogLevel) + return s.String() +} + +// Type returns the type of the Action. +func (a *ActionSettings) Type() string { + return a.ActionType +} + +// ID returns the ID of the Action. +func (a *ActionSettings) ID() string { + return a.ActionID +} + // Actions is a list of Actions to executes and allow to unmarshal heterogenous action type. type Actions []Action @@ -195,6 +225,17 @@ func (a *Actions) UnmarshalJSON(data []byte) error { "fail to decode UPGRADE_ACTION action", errors.TypeConfig) } + case ActionTypeSettings: + action = &ActionSettings{ + ActionID: response.ActionID, + ActionType: response.ActionType, + } + + if err := json.Unmarshal(response.Data, action); err != nil { + return errors.New(err, + "fail to decode SETTINGS_ACTION action", + errors.TypeConfig) + } default: action = &ActionUnknown{ ActionID: response.ActionID, From 04b064efb74d29cc45d52f6cf73f475e752fd27f Mon Sep 17 00:00:00 2001 From: Adrian Serrano Date: Tue, 24 Nov 2020 11:11:13 +0100 Subject: [PATCH 17/41] Update system/socket dataset to support config reloading (#21693) * Update system/socket dataset to support config reloading * Thread-safe singleton --- CHANGELOG.next.asciidoc | 1 + .../auditbeat/module/system/socket/config.go | 23 +++++++++++- .../module/system/socket/guess/creds.go | 2 +- .../module/system/socket/guess/cskxmit6.go | 2 +- .../module/system/socket/guess/deref.go | 2 +- .../module/system/socket/guess/inetsock.go | 2 +- .../module/system/socket/guess/inetsock6.go | 2 +- .../module/system/socket/guess/inetsockaf.go | 2 +- .../module/system/socket/guess/iplocalout.go | 2 +- .../module/system/socket/guess/registry.go | 24 +++++++----- .../module/system/socket/guess/skbuff.go | 6 +-- .../module/system/socket/guess/sockaddrin.go | 3 +- .../module/system/socket/guess/sockaddrin6.go | 3 +- .../module/system/socket/guess/socketsk.go | 2 +- .../module/system/socket/guess/syscallargs.go | 6 ++- .../system/socket/guess/tcpsendmsgargs.go | 2 +- .../system/socket/guess/tcpsendmsgsk.go | 2 +- .../module/system/socket/guess/udpsendmsg.go | 2 +- .../module/system/socket/socket_linux.go | 37 ++++++++++++++++--- 19 files changed, 88 insertions(+), 37 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 8ca62532740b..5b8d51369794 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -233,6 +233,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - system/socket: Fixed a crash due to concurrent map read and write. {issue}21192[21192] {pull}21690[21690] - file_integrity: stop monitoring excluded paths {issue}21278[21278] {pull}21282[21282] - auditd: Fix an error condition causing a lot of `audit_send_reply` kernel threads being created. {pull}22673[22673] +- system/socket: Fixed start failure when run under config reloader. {issue}20851[20851] {pull}21693[21693] *Filebeat* diff --git a/x-pack/auditbeat/module/system/socket/config.go b/x-pack/auditbeat/module/system/socket/config.go index 55ac5b4f9079..79413f7649cb 100644 --- a/x-pack/auditbeat/module/system/socket/config.go +++ b/x-pack/auditbeat/module/system/socket/config.go @@ -4,7 +4,10 @@ package socket -import "time" +import ( + "reflect" + "time" +) // Config defines this metricset's configuration options. type Config struct { @@ -64,11 +67,27 @@ type Config struct { EnableIPv6 *bool `config:"socket.enable_ipv6"` } -// Validate validates the host metricset config. +// Validate validates the socket metricset config. func (c *Config) Validate() error { return nil } +// Equals compares two Config objects +func (c *Config) Equals(other Config) bool { + // reflect.DeepEquals() doesn't compare pointed-to values, so strip + // all pointers and then compare them manually. + simpler := [2]Config{*c, other} + for idx := range simpler { + simpler[idx].EnableIPv6 = nil + simpler[idx].TraceFSPath = nil + } + return reflect.DeepEqual(simpler[0], simpler[1]) && + (c.EnableIPv6 == nil) == (other.EnableIPv6 == nil) && + (c.EnableIPv6 == nil || *c.EnableIPv6 == *other.EnableIPv6) && + (c.TraceFSPath == nil) == (other.TraceFSPath == nil) && + (c.TraceFSPath == nil || *c.TraceFSPath == *other.TraceFSPath) +} + var defaultConfig = Config{ PerfQueueSize: 4096, LostQueueSize: 128, diff --git a/x-pack/auditbeat/module/system/socket/guess/creds.go b/x-pack/auditbeat/module/system/socket/guess/creds.go index ad35ed06e935..7e3bd4791d98 100644 --- a/x-pack/auditbeat/module/system/socket/guess/creds.go +++ b/x-pack/auditbeat/module/system/socket/guess/creds.go @@ -51,7 +51,7 @@ const ( ) func init() { - if err := Registry.AddGuess(&guessStructCreds{}); err != nil { + if err := Registry.AddGuess(func() Guesser { return &guessStructCreds{} }); err != nil { panic(err) } } diff --git a/x-pack/auditbeat/module/system/socket/guess/cskxmit6.go b/x-pack/auditbeat/module/system/socket/guess/cskxmit6.go index b17efafabaab..aae0e2fd9b6c 100644 --- a/x-pack/auditbeat/module/system/socket/guess/cskxmit6.go +++ b/x-pack/auditbeat/module/system/socket/guess/cskxmit6.go @@ -34,7 +34,7 @@ import ( */ func init() { - if err := Registry.AddGuess(&guessInet6CskXmit{}); err != nil { + if err := Registry.AddGuess(func() Guesser { return &guessInet6CskXmit{} }); err != nil { panic(err) } } diff --git a/x-pack/auditbeat/module/system/socket/guess/deref.go b/x-pack/auditbeat/module/system/socket/guess/deref.go index a019b7cf7b9f..648580e5cc04 100644 --- a/x-pack/auditbeat/module/system/socket/guess/deref.go +++ b/x-pack/auditbeat/module/system/socket/guess/deref.go @@ -28,7 +28,7 @@ import ( */ func init() { - if err := Registry.AddGuess(&guessDeref{}); err != nil { + if err := Registry.AddGuess(func() Guesser { return &guessDeref{} }); err != nil { panic(err) } } diff --git a/x-pack/auditbeat/module/system/socket/guess/inetsock.go b/x-pack/auditbeat/module/system/socket/guess/inetsock.go index cc08fa79bf41..57a133d00562 100644 --- a/x-pack/auditbeat/module/system/socket/guess/inetsock.go +++ b/x-pack/auditbeat/module/system/socket/guess/inetsock.go @@ -35,7 +35,7 @@ import ( // matched the remote address. This is used by guess_inet_sock6. func init() { - if err := Registry.AddGuess(&guessInetSockIPv4{}); err != nil { + if err := Registry.AddGuess(func() Guesser { return &guessInetSockIPv4{} }); err != nil { panic(err) } } diff --git a/x-pack/auditbeat/module/system/socket/guess/inetsock6.go b/x-pack/auditbeat/module/system/socket/guess/inetsock6.go index c76b47e3d19c..37cd56b06fbf 100644 --- a/x-pack/auditbeat/module/system/socket/guess/inetsock6.go +++ b/x-pack/auditbeat/module/system/socket/guess/inetsock6.go @@ -103,7 +103,7 @@ import ( const inetSockDumpSize = 8 * 256 func init() { - if err := Registry.AddGuess(&guessInetSockIPv6{}); err != nil { + if err := Registry.AddGuess(func() Guesser { return &guessInetSockIPv6{} }); err != nil { panic(err) } } diff --git a/x-pack/auditbeat/module/system/socket/guess/inetsockaf.go b/x-pack/auditbeat/module/system/socket/guess/inetsockaf.go index ec8075060d42..2e66eb2a724b 100644 --- a/x-pack/auditbeat/module/system/socket/guess/inetsockaf.go +++ b/x-pack/auditbeat/module/system/socket/guess/inetsockaf.go @@ -45,7 +45,7 @@ import ( const inetSockAfDumpSize = 8 * 16 func init() { - if err := Registry.AddGuess(&guessInetSockFamily{}); err != nil { + if err := Registry.AddGuess(func() Guesser { return &guessInetSockFamily{} }); err != nil { panic(err) } } diff --git a/x-pack/auditbeat/module/system/socket/guess/iplocalout.go b/x-pack/auditbeat/module/system/socket/guess/iplocalout.go index 170d2bf6885d..d78140bda134 100644 --- a/x-pack/auditbeat/module/system/socket/guess/iplocalout.go +++ b/x-pack/auditbeat/module/system/socket/guess/iplocalout.go @@ -39,7 +39,7 @@ const ( ) func init() { - if err := Registry.AddGuess(&guessIPLocalOut{}); err != nil { + if err := Registry.AddGuess(func() Guesser { return &guessIPLocalOut{} }); err != nil { panic(err) } } diff --git a/x-pack/auditbeat/module/system/socket/guess/registry.go b/x-pack/auditbeat/module/system/socket/guess/registry.go index 16c583cbb9e2..66971a1f1d5e 100644 --- a/x-pack/auditbeat/module/system/socket/guess/registry.go +++ b/x-pack/auditbeat/module/system/socket/guess/registry.go @@ -8,29 +8,33 @@ package guess import "fmt" -// Registry serves as a registration point for guesses. -var Registry = Register{ - guesses: make(map[string]Guesser), -} +// GuesserFactory is a factory function for guesses. +type GuesserFactory func() Guesser // Register stores the registered guesses. type Register struct { - guesses map[string]Guesser + factories map[string]GuesserFactory +} + +// Registry serves as a registration point for guesses. +var Registry = Register{ + factories: make(map[string]GuesserFactory), } // AddGuess registers a new guess. -func (r *Register) AddGuess(guess Guesser) error { - if _, found := r.guesses[guess.Name()]; found { +func (r *Register) AddGuess(factory GuesserFactory) error { + guess := factory() + if _, found := r.factories[guess.Name()]; found { return fmt.Errorf("guess %s is duplicated", guess.Name()) } - r.guesses[guess.Name()] = guess + r.factories[guess.Name()] = factory return nil } // GetList returns a list of registered guesses. func (r *Register) GetList() (list []Guesser) { - for _, guess := range r.guesses { - list = append(list, guess) + for _, factory := range r.factories { + list = append(list, factory()) } return list } diff --git a/x-pack/auditbeat/module/system/socket/guess/skbuff.go b/x-pack/auditbeat/module/system/socket/guess/skbuff.go index 78a73de1187f..9960c036465d 100644 --- a/x-pack/auditbeat/module/system/socket/guess/skbuff.go +++ b/x-pack/auditbeat/module/system/socket/guess/skbuff.go @@ -45,13 +45,13 @@ import ( const maxSafePayload = 508 func init() { - if err := Registry.AddGuess(&guessSkBuffLen{}); err != nil { + if err := Registry.AddGuess(func() Guesser { return &guessSkBuffLen{} }); err != nil { panic(err) } - if err := Registry.AddGuess(&guessSkBuffProto{}); err != nil { + if err := Registry.AddGuess(func() Guesser { return &guessSkBuffProto{} }); err != nil { panic(err) } - if err := Registry.AddGuess(&guessSkBuffDataPtr{}); err != nil { + if err := Registry.AddGuess(func() Guesser { return &guessSkBuffDataPtr{} }); err != nil { panic(err) } } diff --git a/x-pack/auditbeat/module/system/socket/guess/sockaddrin.go b/x-pack/auditbeat/module/system/socket/guess/sockaddrin.go index c9df83564723..356442b1d867 100644 --- a/x-pack/auditbeat/module/system/socket/guess/sockaddrin.go +++ b/x-pack/auditbeat/module/system/socket/guess/sockaddrin.go @@ -29,8 +29,7 @@ import ( */ func init() { - if err := Registry.AddGuess( - &guessSockaddrIn{}); err != nil { + if err := Registry.AddGuess(func() Guesser { return &guessSockaddrIn{} }); err != nil { panic(err) } } diff --git a/x-pack/auditbeat/module/system/socket/guess/sockaddrin6.go b/x-pack/auditbeat/module/system/socket/guess/sockaddrin6.go index ffed4c577e32..8d1d0b15b252 100644 --- a/x-pack/auditbeat/module/system/socket/guess/sockaddrin6.go +++ b/x-pack/auditbeat/module/system/socket/guess/sockaddrin6.go @@ -29,8 +29,7 @@ import ( */ func init() { - if err := Registry.AddGuess( - &guessSockaddrIn6{}); err != nil { + if err := Registry.AddGuess(func() Guesser { return &guessSockaddrIn6{} }); err != nil { panic(err) } } diff --git a/x-pack/auditbeat/module/system/socket/guess/socketsk.go b/x-pack/auditbeat/module/system/socket/guess/socketsk.go index e084c82f1a44..072eba6b66b8 100644 --- a/x-pack/auditbeat/module/system/socket/guess/socketsk.go +++ b/x-pack/auditbeat/module/system/socket/guess/socketsk.go @@ -29,7 +29,7 @@ import ( // "SOCKET_SOCK": 32 func init() { - if err := Registry.AddGuess(&guessSocketSock{}); err != nil { + if err := Registry.AddGuess(func() Guesser { return &guessSocketSock{} }); err != nil { panic(err) } } diff --git a/x-pack/auditbeat/module/system/socket/guess/syscallargs.go b/x-pack/auditbeat/module/system/socket/guess/syscallargs.go index 563ec9e1355c..44796b73fa98 100644 --- a/x-pack/auditbeat/module/system/socket/guess/syscallargs.go +++ b/x-pack/auditbeat/module/system/socket/guess/syscallargs.go @@ -31,8 +31,10 @@ import ( */ func init() { - if err := Registry.AddGuess(&guessSyscallArgs{ - expected: [2]uintptr{^uintptr(0x11111111), ^uintptr(0x22222222)}, + if err := Registry.AddGuess(func() Guesser { + return &guessSyscallArgs{ + expected: [2]uintptr{^uintptr(0x11111111), ^uintptr(0x22222222)}, + } }); err != nil { panic(err) } diff --git a/x-pack/auditbeat/module/system/socket/guess/tcpsendmsgargs.go b/x-pack/auditbeat/module/system/socket/guess/tcpsendmsgargs.go index f0382ad3ed24..60bc66f7f91a 100644 --- a/x-pack/auditbeat/module/system/socket/guess/tcpsendmsgargs.go +++ b/x-pack/auditbeat/module/system/socket/guess/tcpsendmsgargs.go @@ -24,7 +24,7 @@ import ( // TCP_SENDMSG_LEN : +4(%sp) func init() { - if err := Registry.AddGuess(&guessTCPSendMsg{}); err != nil { + if err := Registry.AddGuess(func() Guesser { return &guessTCPSendMsg{} }); err != nil { panic(err) } } diff --git a/x-pack/auditbeat/module/system/socket/guess/tcpsendmsgsk.go b/x-pack/auditbeat/module/system/socket/guess/tcpsendmsgsk.go index 0e3ede37b543..09004388ada1 100644 --- a/x-pack/auditbeat/module/system/socket/guess/tcpsendmsgsk.go +++ b/x-pack/auditbeat/module/system/socket/guess/tcpsendmsgsk.go @@ -28,7 +28,7 @@ import ( // TCP_SENDMSG_SOCK : %di func init() { - if err := Registry.AddGuess(&guessTcpSendmsgSock{}); err != nil { + if err := Registry.AddGuess(func() Guesser { return &guessTcpSendmsgSock{} }); err != nil { panic(err) } } diff --git a/x-pack/auditbeat/module/system/socket/guess/udpsendmsg.go b/x-pack/auditbeat/module/system/socket/guess/udpsendmsg.go index f381b5ba95e7..de5889d93121 100644 --- a/x-pack/auditbeat/module/system/socket/guess/udpsendmsg.go +++ b/x-pack/auditbeat/module/system/socket/guess/udpsendmsg.go @@ -28,7 +28,7 @@ import ( // UDP_SENDMSG_MSG: $stack3 func init() { - if err := Registry.AddGuess(&guessUDPSendMsg{}); err != nil { + if err := Registry.AddGuess(func() Guesser { return &guessUDPSendMsg{} }); err != nil { panic(err) } } diff --git a/x-pack/auditbeat/module/system/socket/socket_linux.go b/x-pack/auditbeat/module/system/socket/socket_linux.go index 11f8a22289ef..36ae6276e14a 100644 --- a/x-pack/auditbeat/module/system/socket/socket_linux.go +++ b/x-pack/auditbeat/module/system/socket/socket_linux.go @@ -14,6 +14,7 @@ import ( "sort" "strconv" "strings" + "sync" "sync/atomic" "syscall" "time" @@ -73,6 +74,7 @@ type MetricSet struct { mountedFS *mountPoint isDebug bool isDetailed bool + terminated sync.WaitGroup } func init() { @@ -86,20 +88,45 @@ func init() { } } +var ( + // Singleton to instantiate one socket dataset at a time. + instance *MetricSet + instanceMutex sync.Mutex +) + // New constructs a new MetricSet. func New(base mb.BaseMetricSet) (mb.MetricSet, error) { - cfgwarn.Beta("The %s dataset is beta.", fullName) + instanceMutex.Lock() + defer instanceMutex.Unlock() config := defaultConfig if err := base.Module().UnpackConfig(&config); err != nil { return nil, errors.Wrapf(err, "failed to unpack the %s config", fullName) } + if instance != nil { + // Do not instantiate a new dataset if the config hasn't changed. + // This is necessary when run under config reloader even though the + // reloader itself already checks the config for changes, because + // the first time it runs it will allocate two consecutive instances + // (one for checking the config, one for running). This saves + // running the guesses twice on startup. + if config.Equals(instance.config) { + return instance, nil + } + instance.terminated.Wait() + } + var err error + instance, err = newSocketMetricset(config, base) + return instance, err +} + +func newSocketMetricset(config Config, base mb.BaseMetricSet) (*MetricSet, error) { + cfgwarn.Beta("The %s dataset is beta.", fullName) logger := logp.NewLogger(metricsetName) sniffer, err := dns.NewSniffer(base, logger) if err != nil { return nil, errors.Wrap(err, "unable to create DNS sniffer") } - ms := &MetricSet{ SystemMetricSet: system.NewSystemMetricSet(base), templateVars: make(common.MapStr), @@ -110,10 +137,9 @@ func New(base mb.BaseMetricSet) (mb.MetricSet, error) { isDetailed: logp.HasSelector(detailSelector), sniffer: sniffer, } - // Setup the metricset before Run() so that startup can be halted in case of // error. - if err := ms.Setup(); err != nil { + if err = ms.Setup(); err != nil { return nil, errors.Wrapf(err, "%s dataset setup failed", fullName) } return ms, nil @@ -121,7 +147,9 @@ func New(base mb.BaseMetricSet) (mb.MetricSet, error) { // Run the metricset. This will loop until the passed reporter is cancelled. func (m *MetricSet) Run(r mb.PushReporterV2) { + m.terminated.Add(1) defer m.log.Infof("%s terminated.", fullName) + defer m.terminated.Done() defer m.Cleanup() st := NewState(r, @@ -235,7 +263,6 @@ func (m *MetricSet) Setup() (err error) { // var traceFS *tracing.TraceFS if m.config.TraceFSPath == nil { - if err := tracing.IsTraceFSAvailable(); err != nil { m.log.Debugf("tracefs/debugfs not found. Attempting to mount") for _, mount := range defaultMounts { From 569268dd5989fe06d09b4a8fd9e9b81d69685b3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Tue, 24 Nov 2020 14:55:03 +0100 Subject: [PATCH 18/41] Fix index template loading when the new index is selected (#22682) ## What does this PR do? This PR fixes the `setup.template.type` setting. When `index` were selected, Beats based the generated index on the legacy format, not on the component. This prevented Beats from loading the index. ## Why is it important? `setup.template.type=index` was broken. Now it is fixed. ## How to test this PR locally ``` ./filebeat setup --index-management -E setup.template.type=index ``` ## Related issues Closes #22482 --- CHANGELOG.next.asciidoc | 1 + libbeat/template/template.go | 8 ++--- libbeat/tests/system/idxmgmt.py | 19 ++++++++++- .../system/test_cmd_setup_index_management.py | 8 ++--- libbeat/tests/system/test_ilm.py | 4 +-- libbeat/tests/system/test_template.py | 32 +++++++++++++++++-- 6 files changed, 59 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 5b8d51369794..e0807bd1c760 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -215,6 +215,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fixed documentation for commands in beats dev guide {pull}22194[22194] - Fix parsing of expired licences. {issue}21112[21112] {pull}22180[22180] - Fix duplicated pod events in kubernetes autodiscover for pods with init or ephemeral containers. {pull}22438[22438] +- Fix index template loading when the new index format is selected. {issue}22482[22482] {pull}22682[22682] *Auditbeat* diff --git a/libbeat/template/template.go b/libbeat/template/template.go index 0fbfa30ccab8..f6366ddc6761 100644 --- a/libbeat/template/template.go +++ b/libbeat/template/template.go @@ -235,9 +235,8 @@ func (t *Template) loadMinimalComponent() common.MapStr { } func (t *Template) loadMinimalIndex() common.MapStr { - m := t.loadMinimalLegacy() + m := t.loadMinimalComponent() m["priority"] = t.priority - delete(m, "order") return m } @@ -304,9 +303,10 @@ func (t *Template) generateComponent(properties common.MapStr) common.MapStr { } func (t *Template) generateIndex(properties common.MapStr) common.MapStr { - tmpl := t.generateLegacy(properties) + tmpl := t.generateComponent(properties) tmpl["priority"] = t.priority - delete(tmpl, "order") + keyPattern, patterns := buildPatternSettings(t.esVersion, t.GetPattern()) + tmpl[keyPattern] = patterns return tmpl } diff --git a/libbeat/tests/system/idxmgmt.py b/libbeat/tests/system/idxmgmt.py index 864d134a9c98..f789b919bc26 100644 --- a/libbeat/tests/system/idxmgmt.py +++ b/libbeat/tests/system/idxmgmt.py @@ -56,11 +56,28 @@ def assert_index_template_not_loaded(self, template): with pytest.raises(NotFoundError): self._client.transport.perform_request('GET', '/_template/' + template) - def assert_index_template_loaded(self, template): + def assert_legacy_index_template_loaded(self, template): resp = self._client.transport.perform_request('GET', '/_template/' + template) assert template in resp assert "lifecycle" not in resp[template]["settings"]["index"] + def assert_index_template_loaded(self, template): + resp = self._client.transport.perform_request('GET', '/_index_template/' + template) + found = False + for index_template in resp['index_templates']: + if index_template['name'] == template: + found = True + assert found + + def assert_component_template_loaded(self, template): + resp = self._client.transport.perform_request('GET', '/_component_template/' + template) + found = False + print(resp) + for index_template in resp['component_templates']: + if index_template['name'] == template: + found = True + assert found + def assert_ilm_template_loaded(self, template, policy, alias): resp = self._client.transport.perform_request('GET', '/_template/' + template) assert resp[template]["settings"]["index"]["lifecycle"]["name"] == policy diff --git a/libbeat/tests/system/test_cmd_setup_index_management.py b/libbeat/tests/system/test_cmd_setup_index_management.py index 234f4e76a0b8..cd6d19eefbe4 100644 --- a/libbeat/tests/system/test_cmd_setup_index_management.py +++ b/libbeat/tests/system/test_cmd_setup_index_management.py @@ -110,7 +110,7 @@ def test_setup_ilm_disabled(self): "-E", "setup.ilm.enabled=false"]) assert exit_code == 0 - self.idxmgmt.assert_index_template_loaded(self.index_name) + self.idxmgmt.assert_legacy_index_template_loaded(self.index_name) self.idxmgmt.assert_alias_not_created(self.alias_name) self.idxmgmt.assert_policy_not_created(self.policy_name) @@ -242,7 +242,7 @@ def test_setup_template_name_and_pattern_on_ilm_disabled(self): "-E", "setup.template.pattern=" + self.custom_template + "*"]) assert exit_code == 0 - self.idxmgmt.assert_index_template_loaded(self.custom_template) + self.idxmgmt.assert_legacy_index_template_loaded(self.custom_template) self.idxmgmt.assert_index_template_index_pattern(self.custom_template, [self.custom_template + "*"]) self.idxmgmt.assert_alias_not_created(self.alias_name) self.idxmgmt.assert_policy_not_created(self.policy_name) @@ -261,7 +261,7 @@ def test_setup_template_with_opts(self): "-E", "setup.template.settings.index.number_of_shards=2"]) assert exit_code == 0 - self.idxmgmt.assert_index_template_loaded(self.index_name) + self.idxmgmt.assert_legacy_index_template_loaded(self.index_name) # check that settings are overwritten resp = self.es.transport.perform_request('GET', '/_template/' + self.index_name) @@ -284,7 +284,7 @@ def test_setup_overwrite_template_on_ilm_policy_created(self): "-E", "setup.template.name=" + self.custom_alias, "-E", "setup.template.pattern=" + self.custom_alias + "*"]) assert exit_code == 0 - self.idxmgmt.assert_index_template_loaded(self.custom_alias) + self.idxmgmt.assert_legacy_index_template_loaded(self.custom_alias) self.idxmgmt.assert_policy_not_created(self.policy_name) # ensure ilm policy is created, triggering overwriting existing template diff --git a/libbeat/tests/system/test_ilm.py b/libbeat/tests/system/test_ilm.py index 3d37125f6e4a..2913893e11c2 100644 --- a/libbeat/tests/system/test_ilm.py +++ b/libbeat/tests/system/test_ilm.py @@ -68,7 +68,7 @@ def test_ilm_disabled(self): self.wait_until(lambda: self.log_contains("PublishEvents: 1 events have been published")) proc.check_kill_and_wait() - self.idxmgmt.assert_index_template_loaded(self.index_name) + self.idxmgmt.assert_legacy_index_template_loaded(self.index_name) self.idxmgmt.assert_alias_not_created(self.alias_name) self.idxmgmt.assert_policy_not_created(self.policy_name) @@ -234,7 +234,7 @@ def test_setup_ilm_disabled(self): "-E", "setup.ilm.enabled=false"]) assert exit_code == 0 - self.idxmgmt.assert_index_template_loaded(self.index_name) + self.idxmgmt.assert_legacy_index_template_loaded(self.index_name) self.idxmgmt.assert_alias_not_created(self.alias_name) self.idxmgmt.assert_policy_not_created(self.policy_name) diff --git a/libbeat/tests/system/test_template.py b/libbeat/tests/system/test_template.py index 67a344574843..35dc8915a082 100644 --- a/libbeat/tests/system/test_template.py +++ b/libbeat/tests/system/test_template.py @@ -267,7 +267,7 @@ def test_setup_template_with_opts(self): "-E", "setup.template.settings.index.number_of_shards=2"]) assert exit_code == 0 - self.idxmgmt.assert_index_template_loaded(self.index_name) + self.idxmgmt.assert_legacy_index_template_loaded(self.index_name) # check that settings are overwritten resp = self.es.transport.perform_request('GET', '/_template/' + self.index_name) @@ -305,7 +305,7 @@ def test_template_created_on_ilm_policy_created(self): "-E", "setup.template.name=" + self.custom_alias, "-E", "setup.template.pattern=" + self.custom_alias + "*"]) assert exit_code == 0 - self.idxmgmt.assert_index_template_loaded(self.custom_alias) + self.idxmgmt.assert_legacy_index_template_loaded(self.custom_alias) self.idxmgmt.assert_policy_not_created(self.policy_name) # ensure ilm policy is created, triggering overwriting existing template @@ -322,6 +322,34 @@ def test_template_created_on_ilm_policy_created(self): index = resp[self.custom_alias]["settings"]["index"] assert index["number_of_shards"] == "2", index["number_of_shards"] + @unittest.skipUnless(INTEGRATION_TESTS, "integration test") + @pytest.mark.tag('integration') + def test_setup_template_index(self): + """ + Test template setup of new index templates + """ + self.render_config() + exit_code = self.run_beat(logging_args=["-v", "-d", "*"], + extra_args=["setup", self.setupCmd, + "-E", "setup.template.type=index"]) + + assert exit_code == 0 + self.idxmgmt.assert_index_template_loaded(self.index_name) + + @unittest.skipUnless(INTEGRATION_TESTS, "integration test") + @pytest.mark.tag('integration') + def test_setup_template_component(self): + """ + Test template setup of component index templates + """ + self.render_config() + exit_code = self.run_beat(logging_args=["-v", "-d", "*"], + extra_args=["setup", self.setupCmd, + "-E", "setup.template.type=component"]) + + assert exit_code == 0 + self.idxmgmt.assert_component_template_loaded(self.index_name) + class TestCommandExportTemplate(BaseTest): """ From 96974f22dee35364b3da408d6f58855d3804363e Mon Sep 17 00:00:00 2001 From: Chris Mark Date: Tue, 24 Nov 2020 16:26:32 +0200 Subject: [PATCH 19/41] Update Nats filebeat dashboard (#22726) --- CHANGELOG.next.asciidoc | 1 + .../7/dashboard/Filebeat-nats-overview.json | 593 ++++++++++++------ 2 files changed, 394 insertions(+), 200 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index e0807bd1c760..c101d8747b88 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -727,6 +727,7 @@ from being added to events by default. {pull}18159[18159] - Added TLS JA3 fingerprint, certificate not_before/not_after, certificate SHA1 hash, and certificate subject fields to Zeek SSL dataset. {pull}21696[21696] - Added `event.ingested` field to data from the Netflow module. {pull}22412[22412] - Improve panw ECS url fields mapping. {pull}22481[22481] +- Improve Nats filebeat dashboard. {pull}22726[22726] *Heartbeat* diff --git a/filebeat/module/nats/_meta/kibana/7/dashboard/Filebeat-nats-overview.json b/filebeat/module/nats/_meta/kibana/7/dashboard/Filebeat-nats-overview.json index 3d6311c67214..0b2819879217 100644 --- a/filebeat/module/nats/_meta/kibana/7/dashboard/Filebeat-nats-overview.json +++ b/filebeat/module/nats/_meta/kibana/7/dashboard/Filebeat-nats-overview.json @@ -1,12 +1,259 @@ { "objects": [ + { + "attributes": { + "description": "Overview of NATS server statistics", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "darkTheme": false, + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": { + "hidePanelTitles": false, + "title": "Message Types Timeline" + }, + "gridData": { + "h": 11, + "i": "1", + "w": 17, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "title": "Message Types Timeline", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "hidePanelTitles": false, + "title": "Communication Directions" + }, + "gridData": { + "h": 11, + "i": "2", + "w": 17, + "x": 31, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "title": "Communication Directions", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "hidePanelTitles": false, + "title": "Topics Timeline" + }, + "gridData": { + "h": 12, + "i": "3", + "w": 25, + "x": 0, + "y": 20 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "title": "Topics Timeline", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "hidePanelTitles": false, + "title": " Bytes Timeline", + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 9, + "i": "4", + "w": 12, + "x": 11, + "y": 11 + }, + "panelIndex": "4", + "panelRefName": "panel_3", + "title": " Bytes Timeline", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "hidePanelTitles": false, + "title": "Communication Directions Distribution", + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 9, + "i": "5", + "w": 11, + "x": 0, + "y": 11 + }, + "panelIndex": "5", + "panelRefName": "panel_4", + "title": "Communication Directions Distribution", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "hidePanelTitles": false, + "title": "Log Level Distribution", + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 9, + "i": "6", + "w": 11, + "x": 37, + "y": 11 + }, + "panelIndex": "6", + "panelRefName": "panel_5", + "title": "Log Level Distribution", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "hidePanelTitles": false, + "title": "Message Type Distribution", + "vis": { + "legendOpen": false + } + }, + "gridData": { + "h": 11, + "i": "7", + "w": 14, + "x": 17, + "y": 0 + }, + "panelIndex": "7", + "panelRefName": "panel_6", + "title": "Message Type Distribution", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "hidePanelTitles": false, + "title": "Log Level Timeline" + }, + "gridData": { + "h": 9, + "i": "8", + "w": 14, + "x": 23, + "y": 11 + }, + "panelIndex": "8", + "panelRefName": "panel_7", + "title": "Log Level Timeline", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "hidePanelTitles": false, + "title": "Client IP Count Timeline" + }, + "gridData": { + "h": 12, + "i": "9", + "w": 22, + "x": 25, + "y": 20 + }, + "panelIndex": "9", + "panelRefName": "panel_8", + "title": "Client IP Count Timeline", + "version": "7.10.0" + } + ], + "timeRestore": false, + "title": "[Filebeat NATS] Overview ECS", + "version": 1 + }, + "id": "Filebeat-nats-overview-ecs", + "migrationVersion": { + "dashboard": "7.9.3" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "6987a800-41a8-11e9-a4da-b1df688edbcd-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "0b2061d0-41ad-11e9-a4da-b1df688edbcd-ecs", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "4a6d9ec0-41a8-11e9-a4da-b1df688edbcd-ecs", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "c3d1ab80-41a8-11e9-a4da-b1df688edbcd-ecs", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "7716c780-41ad-11e9-a4da-b1df688edbcd-ecs", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "3f6cca40-41ae-11e9-a4da-b1df688edbcd-ecs", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "7ed62870-41ae-11e9-a4da-b1df688edbcd-ecs", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "04083600-41af-11e9-a4da-b1df688edbcd-ecs", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "c669ae20-41ed-11e9-ac5c-71ffa38a62e3-ecs", + "name": "panel_8", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2020-11-23T16:25:23.231Z", + "version": "WzYyNywxXQ==" + }, { "attributes": { "description": "", "kibanaSavedObjectMeta": { "searchSourceJSON": { "filter": [], - "index": "filebeat-*", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { "language": "kuery", "query": "" @@ -118,9 +365,22 @@ } }, "id": "6987a800-41a8-11e9-a4da-b1df688edbcd-ecs", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], "type": "visualization", - "updated_at": "2019-03-08T21:47:49.627Z", - "version": 3 + "updated_at": "2020-11-23T16:05:55.609Z", + "version": "WzEwMSwxXQ==" }, { "attributes": { @@ -128,7 +388,7 @@ "kibanaSavedObjectMeta": { "searchSourceJSON": { "filter": [], - "index": "filebeat-*", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { "language": "kuery", "query": "service.type: nats" @@ -237,9 +497,22 @@ } }, "id": "0b2061d0-41ad-11e9-a4da-b1df688edbcd-ecs", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], "type": "visualization", - "updated_at": "2019-03-08T21:54:53.381Z", - "version": 3 + "updated_at": "2020-11-23T16:05:55.609Z", + "version": "WzEwMiwxXQ==" }, { "attributes": { @@ -247,7 +520,7 @@ "kibanaSavedObjectMeta": { "searchSourceJSON": { "filter": [], - "index": "filebeat-*", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { "language": "kuery", "query": "" @@ -356,9 +629,22 @@ } }, "id": "4a6d9ec0-41a8-11e9-a4da-b1df688edbcd-ecs", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], "type": "visualization", - "updated_at": "2019-03-08T21:49:49.112Z", - "version": 3 + "updated_at": "2020-11-23T16:05:55.609Z", + "version": "WzEwMywxXQ==" }, { "attributes": { @@ -366,7 +652,7 @@ "kibanaSavedObjectMeta": { "searchSourceJSON": { "filter": [], - "index": "filebeat-*", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { "language": "kuery", "query": "" @@ -468,9 +754,22 @@ } }, "id": "c3d1ab80-41a8-11e9-a4da-b1df688edbcd-ecs", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], "type": "visualization", - "updated_at": "2019-03-08T21:38:11.578Z", - "version": 3 + "updated_at": "2020-11-23T16:05:55.609Z", + "version": "WzEwNCwxXQ==" }, { "attributes": { @@ -478,7 +777,7 @@ "kibanaSavedObjectMeta": { "searchSourceJSON": { "filter": [], - "index": "filebeat-*", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { "language": "kuery", "query": "service.type: nats" @@ -526,9 +825,22 @@ } }, "id": "7716c780-41ad-11e9-a4da-b1df688edbcd-ecs", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], "type": "visualization", - "updated_at": "2019-03-08T21:39:03.899Z", - "version": 5 + "updated_at": "2020-11-23T16:05:55.609Z", + "version": "WzEwNSwxXQ==" }, { "attributes": { @@ -536,7 +848,7 @@ "kibanaSavedObjectMeta": { "searchSourceJSON": { "filter": [], - "index": "filebeat-*", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { "language": "kuery", "query": "service.type: nats" @@ -584,9 +896,22 @@ } }, "id": "3f6cca40-41ae-11e9-a4da-b1df688edbcd-ecs", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], "type": "visualization", - "updated_at": "2019-03-08T21:44:31.263Z", - "version": 3 + "updated_at": "2020-11-23T16:05:55.609Z", + "version": "WzEwNiwxXQ==" }, { "attributes": { @@ -594,7 +919,7 @@ "kibanaSavedObjectMeta": { "searchSourceJSON": { "filter": [], - "index": "filebeat-*", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { "language": "kuery", "query": "" @@ -642,9 +967,22 @@ } }, "id": "7ed62870-41ae-11e9-a4da-b1df688edbcd-ecs", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], "type": "visualization", - "updated_at": "2019-03-08T21:48:10.554Z", - "version": 3 + "updated_at": "2020-11-23T16:05:55.609Z", + "version": "WzEwNywxXQ==" }, { "attributes": { @@ -652,7 +990,7 @@ "kibanaSavedObjectMeta": { "searchSourceJSON": { "filter": [], - "index": "filebeat-*", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { "language": "kuery", "query": "service.type: nats" @@ -762,9 +1100,22 @@ } }, "id": "04083600-41af-11e9-a4da-b1df688edbcd-ecs", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], "type": "visualization", - "updated_at": "2019-03-08T21:48:44.582Z", - "version": 2 + "updated_at": "2020-11-23T16:05:55.609Z", + "version": "WzEwOCwxXQ==" }, { "attributes": { @@ -772,7 +1123,7 @@ "kibanaSavedObjectMeta": { "searchSourceJSON": { "filter": [], - "index": "filebeat-*", + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", "query": { "language": "kuery", "query": "service.type: nats" @@ -901,181 +1252,23 @@ } }, "id": "c669ae20-41ed-11e9-ac5c-71ffa38a62e3-ecs", - "type": "visualization", - "updated_at": "2019-03-08T22:01:50.337Z", - "version": 1 - }, - { - "attributes": { - "description": "Overview of NATS server statistics", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "darkTheme": false, - "hidePanelTitles": false, - "useMargins": true - }, - "panelsJSON": [ - { - "embeddableConfig": {}, - "gridData": { - "h": 11, - "i": "1", - "w": 17, - "x": 0, - "y": 0 - }, - "id": "6987a800-41a8-11e9-a4da-b1df688edbcd-ecs", - "panelIndex": "1", - "type": "visualization", - "version": "6.6.0" - }, - { - "embeddableConfig": {}, - "gridData": { - "h": 11, - "i": "2", - "w": 17, - "x": 31, - "y": 0 - }, - "id": "0b2061d0-41ad-11e9-a4da-b1df688edbcd-ecs", - "panelIndex": "2", - "type": "visualization", - "version": "6.6.0" - }, - { - "embeddableConfig": {}, - "gridData": { - "h": 12, - "i": "3", - "w": 25, - "x": 0, - "y": 20 - }, - "id": "4a6d9ec0-41a8-11e9-a4da-b1df688edbcd-ecs", - "panelIndex": "3", - "type": "visualization", - "version": "6.6.0" - }, - { - "embeddableConfig": { - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 9, - "i": "4", - "w": 12, - "x": 11, - "y": 11 - }, - "id": "c3d1ab80-41a8-11e9-a4da-b1df688edbcd-ecs", - "panelIndex": "4", - "type": "visualization", - "version": "6.6.0" - }, - { - "embeddableConfig": { - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 9, - "i": "5", - "w": 11, - "x": 0, - "y": 11 - }, - "id": "7716c780-41ad-11e9-a4da-b1df688edbcd-ecs", - "panelIndex": "5", - "type": "visualization", - "version": "6.6.0" - }, - { - "embeddableConfig": { - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 9, - "i": "6", - "w": 11, - "x": 37, - "y": 11 - }, - "id": "3f6cca40-41ae-11e9-a4da-b1df688edbcd-ecs", - "panelIndex": "6", - "type": "visualization", - "version": "6.6.0" - }, - { - "embeddableConfig": { - "vis": { - "legendOpen": false - } - }, - "gridData": { - "h": 11, - "i": "7", - "w": 14, - "x": 17, - "y": 0 - }, - "id": "7ed62870-41ae-11e9-a4da-b1df688edbcd-ecs", - "panelIndex": "7", - "type": "visualization", - "version": "6.6.0" - }, - { - "embeddableConfig": {}, - "gridData": { - "h": 9, - "i": "8", - "w": 14, - "x": 23, - "y": 11 - }, - "id": "04083600-41af-11e9-a4da-b1df688edbcd-ecs", - "panelIndex": "8", - "type": "visualization", - "version": "6.6.0" - }, - { - "embeddableConfig": {}, - "gridData": { - "h": 12, - "i": "9", - "w": 22, - "x": 25, - "y": 20 - }, - "id": "c669ae20-41ed-11e9-ac5c-71ffa38a62e3-ecs", - "panelIndex": "9", - "type": "visualization", - "version": "6.6.0" - } - ], - "timeRestore": false, - "title": "[Filebeat NATS] Overview ECS", - "version": 1 + "migrationVersion": { + "visualization": "7.10.0" }, - "id": "Filebeat-nats-overview-ecs", - "type": "dashboard", - "updated_at": "2019-03-08T22:02:50.580Z", - "version": 5 + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-11-23T16:05:55.609Z", + "version": "WzEwOSwxXQ==" } ], - "version": "6.6.0" -} + "version": "7.10.0" +} \ No newline at end of file From 113afdcfe9677aa63898252d22fefb2f8f73b0b0 Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Tue, 24 Nov 2020 20:36:09 -0700 Subject: [PATCH 20/41] [Filebeat] Rename googlecloud module to gcp module (#22214) --- CHANGELOG.next.asciidoc | 1 + filebeat/docs/fields.asciidoc | 6 +- ...cloud-audit.png => filebeat-gcp-audit.png} | Bin filebeat/docs/index.asciidoc | 2 + .../{googlecloud.asciidoc => gcp.asciidoc} | 26 +- filebeat/docs/modules_list.asciidoc | 4 +- filebeat/docs/redirects.asciidoc | 10 + x-pack/filebeat/filebeat.reference.yml | 73 ++- x-pack/filebeat/include/list.go | 2 +- x-pack/filebeat/module/gcp/_meta/config.yml | 54 ++ .../{googlecloud => gcp}/_meta/docs.asciidoc | 22 +- .../{googlecloud => gcp}/_meta/fields.yml | 4 +- .../7/dashboard/filebeat-gcp-audit.json} | 36 +- .../audit/_meta/fields.yml | 0 .../audit/config/input.yml | 4 +- .../audit/config/pipeline.js | 0 .../audit/ingest/pipeline.yml | 0 .../{googlecloud => gcp}/audit/manifest.yml | 2 +- .../audit/test/audit-log-entries.json.log | 0 .../audit-log-entries.json.log-expected.json | 42 +- x-pack/filebeat/module/gcp/fields.go | 23 + .../firewall/_meta/fields.yml | 0 .../firewall/config/input.yml | 4 +- .../firewall/config/pipeline.js | 0 .../firewall/ingest/pipeline.yml | 0 .../firewall/manifest.yml | 2 +- .../firewall/test/rare.log | 0 .../firewall/test/rare.log-expected.json | 12 +- .../firewall/test/test.log | 0 .../firewall/test/test.log-expected.json | 120 ++-- .../vpcflow/_meta/fields.yml | 0 .../vpcflow/config/input.yml | 4 +- .../vpcflow/config/pipeline.js | 0 .../vpcflow/ingest/pipeline.yml | 0 .../{googlecloud => gcp}/vpcflow/manifest.yml | 2 +- .../test/vpc-flow-log-entries.json.log | 0 ...pc-flow-log-entries.json.log-expected.json | 600 +++++++++--------- .../module/googlecloud/_meta/config.yml | 15 +- x-pack/filebeat/module/googlecloud/fields.go | 23 - x-pack/filebeat/module/googlecloud/module.yml | 1 + x-pack/filebeat/modules.d/gcp.yml.disabled | 57 ++ .../modules.d/googlecloud.yml.disabled | 15 +- 42 files changed, 675 insertions(+), 491 deletions(-) rename filebeat/docs/images/{filebeat-googlecloud-audit.png => filebeat-gcp-audit.png} (100%) rename filebeat/docs/modules/{googlecloud.asciidoc => gcp.asciidoc} (85%) create mode 100644 filebeat/docs/redirects.asciidoc create mode 100644 x-pack/filebeat/module/gcp/_meta/config.yml rename x-pack/filebeat/module/{googlecloud => gcp}/_meta/docs.asciidoc (87%) rename x-pack/filebeat/module/{googlecloud => gcp}/_meta/fields.yml (98%) rename x-pack/filebeat/module/{googlecloud/_meta/kibana/7/dashboard/filebeat-googlecloud-audit.json => gcp/_meta/kibana/7/dashboard/filebeat-gcp-audit.json} (95%) rename x-pack/filebeat/module/{googlecloud => gcp}/audit/_meta/fields.yml (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/audit/config/input.yml (87%) rename x-pack/filebeat/module/{googlecloud => gcp}/audit/config/pipeline.js (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/audit/ingest/pipeline.yml (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/audit/manifest.yml (92%) rename x-pack/filebeat/module/{googlecloud => gcp}/audit/test/audit-log-entries.json.log (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/audit/test/audit-log-entries.json.log-expected.json (95%) create mode 100644 x-pack/filebeat/module/gcp/fields.go rename x-pack/filebeat/module/{googlecloud => gcp}/firewall/_meta/fields.yml (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/firewall/config/input.yml (87%) rename x-pack/filebeat/module/{googlecloud => gcp}/firewall/config/pipeline.js (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/firewall/ingest/pipeline.yml (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/firewall/manifest.yml (92%) rename x-pack/filebeat/module/{googlecloud => gcp}/firewall/test/rare.log (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/firewall/test/rare.log-expected.json (95%) rename x-pack/filebeat/module/{googlecloud => gcp}/firewall/test/test.log (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/firewall/test/test.log-expected.json (95%) rename x-pack/filebeat/module/{googlecloud => gcp}/vpcflow/_meta/fields.yml (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/vpcflow/config/input.yml (87%) rename x-pack/filebeat/module/{googlecloud => gcp}/vpcflow/config/pipeline.js (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/vpcflow/ingest/pipeline.yml (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/vpcflow/manifest.yml (91%) rename x-pack/filebeat/module/{googlecloud => gcp}/vpcflow/test/vpc-flow-log-entries.json.log (100%) rename x-pack/filebeat/module/{googlecloud => gcp}/vpcflow/test/vpc-flow-log-entries.json.log-expected.json (94%) delete mode 100644 x-pack/filebeat/module/googlecloud/fields.go create mode 100644 x-pack/filebeat/module/googlecloud/module.yml create mode 100644 x-pack/filebeat/modules.d/gcp.yml.disabled diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index c101d8747b88..213de0754d40 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -720,6 +720,7 @@ from being added to events by default. {pull}18159[18159] - Add SSL option to checkpoint module {pull}19560[19560] - Add max_number_of_messages config into s3 input. {pull}21993[21993] - Update Okta documentation for new stateful restarts. {pull}22091[22091] +- Rename googlecloud module to gcp module. {pull}22214[22214] - Rename awscloudwatch input to aws-cloudwatch. {pull}22228[22228] - Rename google-pubsub input to gcp-pubsub. {pull}22213[22213] - Copy tag names from MISP data into events. {pull}21664[21664] diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 18968522656b..40f4fab79c64 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -37,7 +37,7 @@ grouped in the following categories: * <> * <> * <> -* <> +* <> * <> * <> * <> @@ -68452,8 +68452,8 @@ type: integer -- -[[exported-fields-googlecloud]] -== Google Cloud fields +[[exported-fields-gcp]] +== Google Cloud Platform (GCP) fields Module for handling logs from Google Cloud. diff --git a/filebeat/docs/images/filebeat-googlecloud-audit.png b/filebeat/docs/images/filebeat-gcp-audit.png similarity index 100% rename from filebeat/docs/images/filebeat-googlecloud-audit.png rename to filebeat/docs/images/filebeat-gcp-audit.png diff --git a/filebeat/docs/index.asciidoc b/filebeat/docs/index.asciidoc index 30e0ec38f462..69633f6836d6 100644 --- a/filebeat/docs/index.asciidoc +++ b/filebeat/docs/index.asciidoc @@ -64,4 +64,6 @@ include::./faq.asciidoc[] include::{libbeat-dir}/contributing-to-beats.asciidoc[] +include::redirects.asciidoc[] + diff --git a/filebeat/docs/modules/googlecloud.asciidoc b/filebeat/docs/modules/gcp.asciidoc similarity index 85% rename from filebeat/docs/modules/googlecloud.asciidoc rename to filebeat/docs/modules/gcp.asciidoc index bc0e62e93b85..ee700d812813 100644 --- a/filebeat/docs/modules/googlecloud.asciidoc +++ b/filebeat/docs/modules/gcp.asciidoc @@ -2,10 +2,10 @@ This file is generated! See scripts/docs_collector.py //// -[[filebeat-module-googlecloud]] +[[filebeat-module-gcp]] [role="xpack"] -:modulename: googlecloud +:modulename: gcp :has-dashboards: false == Google Cloud module @@ -29,18 +29,18 @@ include::../include/config-option-intro.asciidoc[] ==== `audit` fileset settings [role="screenshot"] -image::./images/filebeat-googlecloud-audit.png[] +image::./images/filebeat-gcp-audit.png[] Example config: [source,yaml] ---- -- module: googlecloud +- module: gcp audit: enabled: true var.project_id: my-gcp-project-id - var.topic: googlecloud-vpc-audit - var.subscription_name: filebeat-googlecloud-audit-sub + var.topic: gcp-vpc-audit + var.subscription_name: filebeat-gcp-audit-sub var.credentials_file: ${path.config}/gcp-service-account-xyz.json var.keep_original_message: false ---- @@ -80,12 +80,12 @@ Example config: [source,yaml] ---- -- module: googlecloud +- module: gcp vpcflow: enabled: true var.project_id: my-gcp-project-id - var.topic: googlecloud-vpc-flowlogs - var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + var.topic: gcp-vpc-flowlogs + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub var.credentials_file: ${path.config}/gcp-service-account-xyz.json var.keep_original_message: false ---- @@ -125,12 +125,12 @@ Example config: [source,yaml] ---- -- module: googlecloud +- module: gcp firewall: enabled: true var.project_id: my-gcp-project-id - var.topic: googlecloud-vpc-firewall - var.subscription_name: filebeat-googlecloud-vpc-firewall-sub + var.topic: gcp-vpc-firewall + var.subscription_name: filebeat-gcp-vpc-firewall-sub var.credentials_file: ${path.config}/gcp-service-account-xyz.json var.keep_original_message: false ---- @@ -170,5 +170,5 @@ field. Defaults to `false`, meaning the original message is not saved. === Fields For a description of each field in the module, see the -<> section. +<> section. diff --git a/filebeat/docs/modules_list.asciidoc b/filebeat/docs/modules_list.asciidoc index 6c862dc2c77a..d3a02fee8629 100644 --- a/filebeat/docs/modules_list.asciidoc +++ b/filebeat/docs/modules_list.asciidoc @@ -22,7 +22,7 @@ This file is generated! See scripts/docs_collector.py * <> * <> * <> - * <> + * <> * <> * <> * <> @@ -91,7 +91,7 @@ include::modules/elasticsearch.asciidoc[] include::modules/envoyproxy.asciidoc[] include::modules/f5.asciidoc[] include::modules/fortinet.asciidoc[] -include::modules/googlecloud.asciidoc[] +include::modules/gcp.asciidoc[] include::modules/gsuite.asciidoc[] include::modules/haproxy.asciidoc[] include::modules/ibmmq.asciidoc[] diff --git a/filebeat/docs/redirects.asciidoc b/filebeat/docs/redirects.asciidoc new file mode 100644 index 000000000000..7a41406099b8 --- /dev/null +++ b/filebeat/docs/redirects.asciidoc @@ -0,0 +1,10 @@ +["appendix",role="exclude",id="redirects"] += Deleted pages + +The following pages have moved or been deleted. + +[role="exclude",id="filebeat-module-googlecloud"] +== Google Cloud module + +See <>. + diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index 42b7e32547f7..720acde3df3e 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -813,8 +813,8 @@ filebeat.modules: # "+02:00" for GMT+02:00 # var.tz_offset: local -#----------------------------- Google Cloud Module ----------------------------- -- module: googlecloud +#--------------------- Google Cloud Platform (GCP) Module --------------------- +- module: gcp vpcflow: enabled: true @@ -823,11 +823,11 @@ filebeat.modules: # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be # configured to use this topic as a sink for VPC flow logs. - var.topic: googlecloud-vpc-flowlogs + var.topic: gcp-vpc-flowlogs # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -841,11 +841,11 @@ filebeat.modules: # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-firewall + var.topic: gcp-vpc-firewall # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-firewall-sub + var.subscription_name: filebeat-gcp-firewall-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -859,11 +859,68 @@ filebeat.modules: # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-audit + var.topic: gcp-vpc-audit # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-audit + var.subscription_name: filebeat-gcp-audit + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + +#----------------------------- Googlecloud Module ----------------------------- +# googlecloud module is deprecated, please use gcp instead +- module: gcp + vpcflow: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be + # configured to use this topic as a sink for VPC flow logs. + var.topic: gcp-vpc-flowlogs + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + firewall: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: gcp-vpc-firewall + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-gcp-firewall-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + audit: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: gcp-vpc-audit + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-gcp-audit # Credentials file for the service account with authorization to read from # the subscription. diff --git a/x-pack/filebeat/include/list.go b/x-pack/filebeat/include/list.go index dd98b643c3f9..48ff49e7aa93 100644 --- a/x-pack/filebeat/include/list.go +++ b/x-pack/filebeat/include/list.go @@ -29,7 +29,7 @@ import ( _ "github.com/elastic/beats/v7/x-pack/filebeat/module/envoyproxy" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/f5" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/fortinet" - _ "github.com/elastic/beats/v7/x-pack/filebeat/module/googlecloud" + _ "github.com/elastic/beats/v7/x-pack/filebeat/module/gcp" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/gsuite" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/ibmmq" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/imperva" diff --git a/x-pack/filebeat/module/gcp/_meta/config.yml b/x-pack/filebeat/module/gcp/_meta/config.yml new file mode 100644 index 000000000000..613f8b1b8d12 --- /dev/null +++ b/x-pack/filebeat/module/gcp/_meta/config.yml @@ -0,0 +1,54 @@ +- module: gcp + vpcflow: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be + # configured to use this topic as a sink for VPC flow logs. + var.topic: gcp-vpc-flowlogs + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + firewall: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: gcp-vpc-firewall + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-gcp-firewall-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + audit: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: gcp-vpc-audit + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-gcp-audit + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json diff --git a/x-pack/filebeat/module/googlecloud/_meta/docs.asciidoc b/x-pack/filebeat/module/gcp/_meta/docs.asciidoc similarity index 87% rename from x-pack/filebeat/module/googlecloud/_meta/docs.asciidoc rename to x-pack/filebeat/module/gcp/_meta/docs.asciidoc index adda332e62f1..17f989377f9b 100644 --- a/x-pack/filebeat/module/googlecloud/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/gcp/_meta/docs.asciidoc @@ -1,6 +1,6 @@ [role="xpack"] -:modulename: googlecloud +:modulename: gcp :has-dashboards: false == Google Cloud module @@ -24,18 +24,18 @@ include::../include/config-option-intro.asciidoc[] ==== `audit` fileset settings [role="screenshot"] -image::./images/filebeat-googlecloud-audit.png[] +image::./images/filebeat-gcp-audit.png[] Example config: [source,yaml] ---- -- module: googlecloud +- module: gcp audit: enabled: true var.project_id: my-gcp-project-id - var.topic: googlecloud-vpc-audit - var.subscription_name: filebeat-googlecloud-audit-sub + var.topic: gcp-vpc-audit + var.subscription_name: filebeat-gcp-audit-sub var.credentials_file: ${path.config}/gcp-service-account-xyz.json var.keep_original_message: false ---- @@ -75,12 +75,12 @@ Example config: [source,yaml] ---- -- module: googlecloud +- module: gcp vpcflow: enabled: true var.project_id: my-gcp-project-id - var.topic: googlecloud-vpc-flowlogs - var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + var.topic: gcp-vpc-flowlogs + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub var.credentials_file: ${path.config}/gcp-service-account-xyz.json var.keep_original_message: false ---- @@ -120,12 +120,12 @@ Example config: [source,yaml] ---- -- module: googlecloud +- module: gcp firewall: enabled: true var.project_id: my-gcp-project-id - var.topic: googlecloud-vpc-firewall - var.subscription_name: filebeat-googlecloud-vpc-firewall-sub + var.topic: gcp-vpc-firewall + var.subscription_name: filebeat-gcp-vpc-firewall-sub var.credentials_file: ${path.config}/gcp-service-account-xyz.json var.keep_original_message: false ---- diff --git a/x-pack/filebeat/module/googlecloud/_meta/fields.yml b/x-pack/filebeat/module/gcp/_meta/fields.yml similarity index 98% rename from x-pack/filebeat/module/googlecloud/_meta/fields.yml rename to x-pack/filebeat/module/gcp/_meta/fields.yml index 8f97f9b19c09..f574d666eb77 100644 --- a/x-pack/filebeat/module/googlecloud/_meta/fields.yml +++ b/x-pack/filebeat/module/gcp/_meta/fields.yml @@ -1,5 +1,5 @@ -- key: googlecloud - title: Google Cloud +- key: gcp + title: Google Cloud Platform (GCP) description: > Module for handling logs from Google Cloud. fields: diff --git a/x-pack/filebeat/module/googlecloud/_meta/kibana/7/dashboard/filebeat-googlecloud-audit.json b/x-pack/filebeat/module/gcp/_meta/kibana/7/dashboard/filebeat-gcp-audit.json similarity index 95% rename from x-pack/filebeat/module/googlecloud/_meta/kibana/7/dashboard/filebeat-googlecloud-audit.json rename to x-pack/filebeat/module/gcp/_meta/kibana/7/dashboard/filebeat-gcp-audit.json index b87e6793afbc..0c6cc78c153d 100644 --- a/x-pack/filebeat/module/googlecloud/_meta/kibana/7/dashboard/filebeat-googlecloud-audit.json +++ b/x-pack/filebeat/module/gcp/_meta/kibana/7/dashboard/filebeat-gcp-audit.json @@ -120,7 +120,7 @@ } ], "timeRestore": false, - "title": "[Filebeat GoogleCloud] Audit", + "title": "[Filebeat GCP] Audit", "version": 1 }, "id": "6576c480-73a2-11ea-a345-f985c61fe654", @@ -198,9 +198,9 @@ "type": "Polygon" }, "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"866b5ce1-6ca0-47db-a6f2-54c5e0dcd2f0\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"id\":\"79ec6461-7561-45e4-a6a2-9d6fbd4cf986\",\"geoField\":\"source.geo.location\",\"filterByMapBounds\":true,\"scalingType\":\"LIMIT\",\"topHitsSize\":1,\"type\":\"ES_SEARCH\",\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"applyGlobalQuery\":true,\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#41937c\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"279da950-e9a7-4287-ab37-25906e448455\",\"label\":\"Source Locations\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[],\"query\":{\"query\":\"event.dataset:googlecloud.audit\",\"language\":\"kuery\"}}]", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"866b5ce1-6ca0-47db-a6f2-54c5e0dcd2f0\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"id\":\"79ec6461-7561-45e4-a6a2-9d6fbd4cf986\",\"geoField\":\"source.geo.location\",\"filterByMapBounds\":true,\"scalingType\":\"LIMIT\",\"topHitsSize\":1,\"type\":\"ES_SEARCH\",\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"applyGlobalQuery\":true,\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#41937c\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"279da950-e9a7-4287-ab37-25906e448455\",\"label\":\"Source Locations\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[],\"query\":{\"query\":\"event.dataset:gcp.audit\",\"language\":\"kuery\"}}]", "mapStateJSON": "{\"zoom\":1.97,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-7d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":false,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]}", - "title": "Audit Source Locations [Filebeat GoogleCloud]", + "title": "Audit Source Locations [Filebeat GCP]", "uiStateJSON": { "isLayerTOCOpen": true, "openTOCDetails": [] @@ -231,7 +231,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Audit Events Outcome over time [Filebeat GoogleCloud]", + "title": "Audit Events Outcome over time [Filebeat GCP]", "uiStateJSON": {}, "version": 1, "visState": { @@ -356,7 +356,7 @@ } ] }, - "title": "Audit Event Outcome over time [Filebeat GoogleCloud]", + "title": "Audit Event Outcome over time [Filebeat GCP]", "type": "histogram" } }, @@ -388,7 +388,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Audit Event Action [Filebeat GoogleCloud]", + "title": "Audit Event Action [Filebeat GCP]", "uiStateJSON": {}, "version": 1, "visState": { @@ -430,7 +430,7 @@ "legendPosition": "right", "type": "pie" }, - "title": "Audit Event Action [Filebeat GoogleCloud]", + "title": "Audit Event Action [Filebeat GCP]", "type": "pie" } }, @@ -462,7 +462,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Audit Top User Email [Filebeat GoogleCloud]", + "title": "Audit Top User Email [Filebeat GCP]", "uiStateJSON": {}, "version": 1, "visState": { @@ -498,7 +498,7 @@ "scale": "linear", "showLabel": true }, - "title": "Audit Top User Email [Filebeat GoogleCloud]", + "title": "Audit Top User Email [Filebeat GCP]", "type": "tagcloud" } }, @@ -530,7 +530,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Audit User Agent [Filebeat GoogleCloud]", + "title": "Audit User Agent [Filebeat GCP]", "uiStateJSON": {}, "version": 1, "visState": { @@ -572,7 +572,7 @@ "legendPosition": "right", "type": "pie" }, - "title": "Audit User Agent [Filebeat GoogleCloud]", + "title": "Audit User Agent [Filebeat GCP]", "type": "pie" } }, @@ -604,7 +604,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Audit Resource Name [Filebeat GoogleCloud]", + "title": "Audit Resource Name [Filebeat GCP]", "uiStateJSON": {}, "version": 1, "visState": { @@ -620,7 +620,7 @@ "enabled": true, "id": "2", "params": { - "field": "googlecloud.audit.resource_name", + "field": "gcp.audit.resource_name", "missingBucket": false, "missingBucketLabel": "Missing", "order": "desc", @@ -646,7 +646,7 @@ "legendPosition": "right", "type": "pie" }, - "title": "Audit Resource Name [Filebeat GoogleCloud]", + "title": "Audit Resource Name [Filebeat GCP]", "type": "pie" } }, @@ -670,7 +670,7 @@ "columns": [ "user.email", "service.name", - "googlecloud.audit.type", + "gcp.audit.type", "event.action", "event.outcome", "source.ip", @@ -692,13 +692,13 @@ "key": "event.dataset", "negate": false, "params": { - "query": "googlecloud.audit" + "query": "gcp.audit" }, "type": "phrase" }, "query": { "match_phrase": { - "event.dataset": "googlecloud.audit" + "event.dataset": "gcp.audit" } } } @@ -713,7 +713,7 @@ } }, "sort": [], - "title": "Audit [Filebeat GoogleCloud]", + "title": "Audit [Filebeat GCP]", "version": 1 }, "id": "d88364c0-73a1-11ea-a345-f985c61fe654", diff --git a/x-pack/filebeat/module/googlecloud/audit/_meta/fields.yml b/x-pack/filebeat/module/gcp/audit/_meta/fields.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/audit/_meta/fields.yml rename to x-pack/filebeat/module/gcp/audit/_meta/fields.yml diff --git a/x-pack/filebeat/module/googlecloud/audit/config/input.yml b/x-pack/filebeat/module/gcp/audit/config/input.yml similarity index 87% rename from x-pack/filebeat/module/googlecloud/audit/config/input.yml rename to x-pack/filebeat/module/gcp/audit/config/input.yml index f1c71d4b84fd..3b89f0f630eb 100644 --- a/x-pack/filebeat/module/googlecloud/audit/config/input.yml +++ b/x-pack/filebeat/module/gcp/audit/config/input.yml @@ -27,8 +27,8 @@ publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} processors: - script: lang: javascript - id: googlecloud_audit_script - file: ${path.home}/module/googlecloud/audit/config/pipeline.js + id: gcp_audit_script + file: ${path.home}/module/gcp/audit/config/pipeline.js params: keep_original_message: {{ .keep_original_message }} - add_fields: diff --git a/x-pack/filebeat/module/googlecloud/audit/config/pipeline.js b/x-pack/filebeat/module/gcp/audit/config/pipeline.js similarity index 100% rename from x-pack/filebeat/module/googlecloud/audit/config/pipeline.js rename to x-pack/filebeat/module/gcp/audit/config/pipeline.js diff --git a/x-pack/filebeat/module/googlecloud/audit/ingest/pipeline.yml b/x-pack/filebeat/module/gcp/audit/ingest/pipeline.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/audit/ingest/pipeline.yml rename to x-pack/filebeat/module/gcp/audit/ingest/pipeline.yml diff --git a/x-pack/filebeat/module/googlecloud/audit/manifest.yml b/x-pack/filebeat/module/gcp/audit/manifest.yml similarity index 92% rename from x-pack/filebeat/module/googlecloud/audit/manifest.yml rename to x-pack/filebeat/module/gcp/audit/manifest.yml index 42b5c4880d6f..ebe77788fe35 100644 --- a/x-pack/filebeat/module/googlecloud/audit/manifest.yml +++ b/x-pack/filebeat/module/gcp/audit/manifest.yml @@ -8,7 +8,7 @@ var: - name: topic default: stackdriver-audit - name: subscription_name - default: filebeat-googlecloud-audit + default: filebeat-gcp-audit - name: credentials_file - name: credentials_json - name: keep_original_message diff --git a/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log b/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log similarity index 100% rename from x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log rename to x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log diff --git a/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json b/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json similarity index 95% rename from x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json rename to x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json index d8efe2892a51..8b4b2ed642df 100644 --- a/x-pack/filebeat/module/googlecloud/audit/test/audit-log-entries.json.log-expected.json +++ b/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json @@ -3,10 +3,10 @@ "@timestamp": "2019-12-19T00:49:36.086Z", "cloud.project.id": "elastic-beats", "event.action": "GetResourceBillingInfo", - "event.dataset": "googlecloud.audit", + "event.dataset": "gcp.audit", "event.id": "-uihnmjctwo", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.outcome": "success", "fileset.name": "audit", "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", @@ -29,7 +29,7 @@ "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 0, "service.name": "cloudbilling.googleapis.com", - "service.type": "googlecloud", + "service.type": "gcp", "source.ip": "192.168.1.1", "tags": [ "forwarded" @@ -40,10 +40,10 @@ "@timestamp": "2019-12-19T00:45:51.228Z", "cloud.project.id": "elastic-beats", "event.action": "beta.compute.machineTypes.aggregatedList", - "event.dataset": "googlecloud.audit", + "event.dataset": "gcp.audit", "event.id": "-h6onuze1h7dg", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.outcome": "failure", "fileset.name": "audit", "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", @@ -73,7 +73,7 @@ "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 945, "service.name": "compute.googleapis.com", - "service.type": "googlecloud", + "service.type": "gcp", "source.ip": "192.168.1.1", "tags": [ "forwarded" @@ -91,10 +91,10 @@ "@timestamp": "2019-12-19T00:44:25.051Z", "cloud.project.id": "elastic-beats", "event.action": "beta.compute.instances.aggregatedList", - "event.dataset": "googlecloud.audit", + "event.dataset": "gcp.audit", "event.id": "yonau2dg2zi", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.outcome": "success", "fileset.name": "audit", "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", @@ -130,7 +130,7 @@ "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 2252, "service.name": "compute.googleapis.com", - "service.type": "googlecloud", + "service.type": "gcp", "source.ip": "192.168.1.1", "tags": [ "forwarded" @@ -148,10 +148,10 @@ "@timestamp": "2019-12-19T00:44:25.051Z", "cloud.project.id": "elastic-beats", "event.action": "beta.compute.instances.aggregatedList", - "event.dataset": "googlecloud.audit", + "event.dataset": "gcp.audit", "event.id": "yonau3dc2zi", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.outcome": "failure", "fileset.name": "audit", "googlecloud.audit.authentication_info.principal_email": "xxx@xxx.xxx", @@ -182,7 +182,7 @@ "log.logger": "projects/elastic-beats/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 3776, "service.name": "compute.googleapis.com", - "service.type": "googlecloud", + "service.type": "gcp", "source.ip": "192.168.1.1", "tags": [ "forwarded" @@ -200,10 +200,10 @@ "@timestamp": "2020-08-05T21:07:30.974Z", "cloud.project.id": "elastic-siem", "event.action": "io.k8s.authorization.v1beta1.subjectaccessreviews.create", - "event.dataset": "googlecloud.audit", + "event.dataset": "gcp.audit", "event.id": "87efd529-6349-45d2-b905-fc607e6c5d3b", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.outcome": "success", "fileset.name": "audit", "googlecloud.audit.authentication_info.principal_email": "system:serviceaccount:cert-manager:cert-manager-webhook", @@ -228,7 +228,7 @@ "log.logger": "projects/foo/logs/cloudaudit.googleapis.com%2Fdata_access", "log.offset": 5100, "service.name": "k8s.io", - "service.type": "googlecloud", + "service.type": "gcp", "source.ip": "10.11.12.13", "tags": [ "forwarded" @@ -243,10 +243,10 @@ "@timestamp": "2020-08-05T21:59:26.456Z", "cloud.project.id": "foo", "event.action": "v1.compute.images.insert", - "event.dataset": "googlecloud.audit", + "event.dataset": "gcp.audit", "event.id": "v2spcwdzmc2", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.outcome": "success", "fileset.name": "audit", "googlecloud.audit.authentication_info.principal_email": "user@mycompany.com", @@ -278,7 +278,7 @@ "log.logger": "projects/foo/logs/cloudaudit.googleapis.com%2Factivity", "log.offset": 7530, "service.name": "compute.googleapis.com", - "service.type": "googlecloud", + "service.type": "gcp", "source.geo.city_name": "Moscow", "source.geo.continent_name": "Europe", "source.geo.country_iso_code": "RU", @@ -304,10 +304,10 @@ "cloud.instance.id": "590261181", "cloud.project.id": "foo", "event.action": "beta.compute.instances.stop", - "event.dataset": "googlecloud.audit", + "event.dataset": "gcp.audit", "event.id": "-c7ctxmd2zab", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.outcome": "unknown", "fileset.name": "audit", "googlecloud.audit.authentication_info.principal_email": "user@mycompany.com", @@ -322,7 +322,7 @@ "log.logger": "projects/foo/logs/cloudaudit.googleapis.com%2Factivity", "log.offset": 9946, "service.name": "compute.googleapis.com", - "service.type": "googlecloud", + "service.type": "gcp", "source.as.number": 3215, "source.as.organization.name": "Orange", "source.geo.city_name": "Clermont-Ferrand", diff --git a/x-pack/filebeat/module/gcp/fields.go b/x-pack/filebeat/module/gcp/fields.go new file mode 100644 index 000000000000..0e5675483bb9 --- /dev/null +++ b/x-pack/filebeat/module/gcp/fields.go @@ -0,0 +1,23 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package gcp + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "gcp", asset.ModuleFieldsPri, AssetGcp); err != nil { + panic(err) + } +} + +// AssetGcp returns asset data. +// This is the base64 encoded gzipped contents of module/gcp. +func AssetGcp() string { + return "eJzsWktv48gRvvtX1M27gIeLXH0IYMjjjZFx4LWVCZCL0GqWyI6b3Uw/pGh+fdAvik9ZtuhJBhidbD6++lhVXfV1kZ/gBffXUND6AsAww/Eafpey4AgLLm0Oj5yYjVQV/PL74vHXC4AcNVWsNkyKa/jzBQDAg8wtR9hIBSUROWeiAC4LDRslqw5cdgGwYchzfe3v/ASCVHgNhb+Gukv8cQCzr91xJW0dj4wYdr87Dzc05Rlk8bK2zbbdHLVhgjjMjAltiKDYXDRG4ggR97vfgCmxDQsyHKJSCKT+yI5oIPD1AbikxGAOUvhLNKkQvj4urjqQpmQ68AemoZa15f6mHTOlA0m0IUdDGNcZ3Asg8FwShbmD66BRKTassMpzu4JayX8hNSuWA5VKoa6lyDUY6QnFs2BKYkDuhHZHO3DJ+BVYbQnn+/AgqLaMNvdnrVv6gWgH40CmczqF4QX3O6n6544EwwfkNgUgPQyVwhAmXI66w18fsotRNgoLJsV8TJ48XmIzafabFDif0X9KgaMmxxbAtqY/VO4/LkCg2Un1Mnvuu3wP3EupzY+dyNuartxf83FxnnexLBkto20XH1mj860oJohou47xmpnPcwN8Kq2GkrSK4pylPyC+J/N9tncgf1b9n1X/Q6p+TPt5Cv53yfiftf5nrfe/k2t9nxGxOTPnpHvaaEjV3Wd44M5uA0ZzJhFxhi9O88ZRXyz3tU+QGpXZZyOGiDUlCsOoXwQrJjZyxG7fA69YvemAggNVVdCPMFzKk4uGCcpqwldYEcbny45lieAhgeS5Qq3TQmr5AnOwGhVU5CWtJ4X/tqhN7wnafpSKmf1KI0dqpJqXcIMPCR90jZRtGOaw3rcZSnUFbANE7DO4Ny7jhTRQWKKIMIg5DAz4+hZKSfR5qMucyx3mrgJajUFoNzw6fuh54dvRZCJKkf3bkqnBbOeSX2WOdVzQUmSnJxeqimk9axtfxhAw12vubx5aRiaSpvARGW8Kayk5kj69Vyj8o0RTogKpfMw74fDuUhg7MRF5i58Pd2QzwTXduSLGKLa2BvUo72GpOC2/G9S0GpPBrHf9WFhbPSUIzGGKH4nrqwQDRWcgkYtm+twSi5F2NjuFKf9MtpCZODiIYxyS/QpNKfNhZ39vJxuPQDTjMv5QBuBOKrh5vAdKONdBQvarni6l5Tms0aO1kd2NATXr3+Rw8T+kqjlewWUYSGY5McRVXcy2f8pum3+erPjDotpfjjlH2GoVFKbGFTNY6REfcSmKNzrIVmu3/DfgMUGhsUpgHiafBL4wbZyrPLHWg4aGUdecUbLmo+GMzeV8cbBsV+ymq75BFkgjZ9aLHZV0yO0RZonFhnGDM7b4O493kul5H/1vnYpyTOE0DeDDCRzKypjGiBetKjTELb3zM/IhIgFZS2umI3AsLV2lQbVi/dYXCA0On9AR7x/7+jTYmAhPJKCtW8WYr5x8XZEChZlX4XhZ7HH7tJauyrb1WVSeXVnthMcAuFWMFYbLKJUqZ6Lgo9uWVDvnL0cB9/+yHo1RO8zo/cBjTkkWIY/bf02PjdmeXQp5I1M66IWJoYkZCDjcvm+audP/VheexMUOplGzULHsRK80it0QY8cT9z2L59nDDZJ2vJNMdbQzNGqzw5IKqOQ8zjn9Fpv5MTkYogpsymdLtk5JXrfvBk1LrPATdw3h70/3V762MkG5zdOIwgm6pIvdja/oV10i36L+7fkvn7/cre5vf1tL+aJH9WrjKj+m7W+b3114E9rxPc3RvmuVQmEaXvMlEiwCdEPy6M60t//8sG1PO8Q1KtdsU/SnE6kT9sN2JexfSM10RmU1+jTDtfnuWOvOwpRbVITzSdJHYy7z8WbLhMFiIMtPaHWRmwO+ivPigyQhAlDYCraEWx+HuO9TNc0WMu+vssP+V2tSzKgKbiDHLXLnsU8bQl3YUSmpkqUhcybgsyg402UGN2LvtVu6dQDfwWqBuPTn7FuUbtqtCBbe0bT8EKpuliTDANyH88rVxANcnFpSzlC0Nx2HPZbCHeHtye9s8/i7iP2GkbyyHFdjMutdK+L2cDItifS83lJoGBUxtMQ8DDAOb81eL4+dMbqf1070+sGMYcB8GebCYficRq4drlMKg9BBp4C3iYybVvP0ldd5JpY9DVIEB03Zz5nCsyncJhAfJkU2G0bbwdEhOMf8oHCDCsV5U8mnBJJewZ8Ugti1FRGDSvQm62FwtEnvcT2ePsSlm7p+kOROy8nIHL7/mY9b+6OiSYKvc4suM2S4Ls6Ux4mo49F6KW5IcYYrg5j8HnSjbD2PLqtXtVRm+G4IjrwfehNdVoc9OZVc+5Z1mGuCM51yw78OsRwnN0gxEZKiI5RKO5imfFRSJI0XrZ6fIN/5MWKynPMYre8VNlzuPkIGfH1cgMN+iwxAl0Q9kXmGuNcsxyjcInQe/MPlLoMFEU6DIfOv9S6fnxaXTkRd3n5+XrY2amM8jclmeKvwhRgUdA9EQ4VEW4U5/OL8uFw8eo6uDfP9r5BblTYihrk9qzCotoSnueBgY5YuRE5q7eQgmh2icArTb2gJPH/+wy9ghRTZNhw7fJnj/r9Z/LUH665nzbcwYb+dvgV5Wi7dc+zQ9YFwKtaGOPsLHxPlyMk+u/hvAAAA///1JdgD" +} diff --git a/x-pack/filebeat/module/googlecloud/firewall/_meta/fields.yml b/x-pack/filebeat/module/gcp/firewall/_meta/fields.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/firewall/_meta/fields.yml rename to x-pack/filebeat/module/gcp/firewall/_meta/fields.yml diff --git a/x-pack/filebeat/module/googlecloud/firewall/config/input.yml b/x-pack/filebeat/module/gcp/firewall/config/input.yml similarity index 87% rename from x-pack/filebeat/module/googlecloud/firewall/config/input.yml rename to x-pack/filebeat/module/gcp/firewall/config/input.yml index 1ddda931c498..e2999de6ade0 100644 --- a/x-pack/filebeat/module/googlecloud/firewall/config/input.yml +++ b/x-pack/filebeat/module/gcp/firewall/config/input.yml @@ -27,11 +27,11 @@ publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} processors: - script: lang: javascript - id: googlecloud_firewall_script + id: gcp_firewall_script params: debug: {{ .debug }} keep_original_message: {{ .keep_original_message }} - file: ${path.home}/module/googlecloud/firewall/config/pipeline.js + file: ${path.home}/module/gcp/firewall/config/pipeline.js - add_fields: target: '' fields: diff --git a/x-pack/filebeat/module/googlecloud/firewall/config/pipeline.js b/x-pack/filebeat/module/gcp/firewall/config/pipeline.js similarity index 100% rename from x-pack/filebeat/module/googlecloud/firewall/config/pipeline.js rename to x-pack/filebeat/module/gcp/firewall/config/pipeline.js diff --git a/x-pack/filebeat/module/googlecloud/firewall/ingest/pipeline.yml b/x-pack/filebeat/module/gcp/firewall/ingest/pipeline.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/firewall/ingest/pipeline.yml rename to x-pack/filebeat/module/gcp/firewall/ingest/pipeline.yml diff --git a/x-pack/filebeat/module/googlecloud/firewall/manifest.yml b/x-pack/filebeat/module/gcp/firewall/manifest.yml similarity index 92% rename from x-pack/filebeat/module/googlecloud/firewall/manifest.yml rename to x-pack/filebeat/module/gcp/firewall/manifest.yml index 009ace59c235..9f2b2840df38 100644 --- a/x-pack/filebeat/module/googlecloud/firewall/manifest.yml +++ b/x-pack/filebeat/module/gcp/firewall/manifest.yml @@ -8,7 +8,7 @@ var: - name: topic default: stackdriver-firewall - name: subscription_name - default: filebeat-googlecloud-firewall + default: filebeat-gcp-firewall - name: credentials_file - name: credentials_json - name: debug diff --git a/x-pack/filebeat/module/googlecloud/firewall/test/rare.log b/x-pack/filebeat/module/gcp/firewall/test/rare.log similarity index 100% rename from x-pack/filebeat/module/googlecloud/firewall/test/rare.log rename to x-pack/filebeat/module/gcp/firewall/test/rare.log diff --git a/x-pack/filebeat/module/googlecloud/firewall/test/rare.log-expected.json b/x-pack/filebeat/module/gcp/firewall/test/rare.log-expected.json similarity index 95% rename from x-pack/filebeat/module/googlecloud/firewall/test/rare.log-expected.json rename to x-pack/filebeat/module/gcp/firewall/test/rare.log-expected.json index fb34db024222..1d799e8edbcf 100644 --- a/x-pack/filebeat/module/googlecloud/firewall/test/rare.log-expected.json +++ b/x-pack/filebeat/module/gcp/firewall/test/rare.log-expected.json @@ -7,10 +7,10 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1dobeotg13df9f5", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -57,7 +57,7 @@ "10.128.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.142.0.10", "source.domain": "test-es", "source.ip": "10.142.0.10", @@ -74,10 +74,10 @@ "destination.port": 57794, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1dobeotg13df9f7", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -124,7 +124,7 @@ "10.128.0.10" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.142.0.16", "source.domain": "local-adrian-test", "source.ip": "10.142.0.16", diff --git a/x-pack/filebeat/module/googlecloud/firewall/test/test.log b/x-pack/filebeat/module/gcp/firewall/test/test.log similarity index 100% rename from x-pack/filebeat/module/googlecloud/firewall/test/test.log rename to x-pack/filebeat/module/gcp/firewall/test/test.log diff --git a/x-pack/filebeat/module/googlecloud/firewall/test/test.log-expected.json b/x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json similarity index 95% rename from x-pack/filebeat/module/googlecloud/firewall/test/test.log-expected.json rename to x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json index 73f9e79c29aa..908b2436bd9a 100644 --- a/x-pack/filebeat/module/googlecloud/firewall/test/test.log-expected.json +++ b/x-pack/filebeat/module/gcp/firewall/test/test.log-expected.json @@ -13,10 +13,10 @@ "destination.port": 53, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "4zuj4nfn4llkb", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -56,7 +56,7 @@ "8.8.8.8" ], "rule.name": "network:default/firewall:adrian-test-1", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.128.0.16", "source.domain": "adrian-test", "source.ip": "10.128.0.16", @@ -73,10 +73,10 @@ "destination.port": 3389, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1f21ciqfpfssuo", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "allowed" @@ -119,7 +119,7 @@ "10.42.0.2" ], "rule.name": "network:windows-isolated/firewall:windows-isolated-allow-rdp", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.126", "source.geo.continent_name": "Asia", "source.geo.country_name": "omn", @@ -137,10 +137,10 @@ "destination.port": 8080, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "8vcfeailjd", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -184,7 +184,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.219", "source.geo.city_name": "Krasnodar", "source.geo.continent_name": "Europe", @@ -204,10 +204,10 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1bqgmw9feiabij", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -251,7 +251,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.14", "source.geo.continent_name": "Europe", "source.geo.country_name": "deu", @@ -269,10 +269,10 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1jrxaqbfe48bir", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -316,7 +316,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.14", "source.geo.continent_name": "Europe", "source.geo.country_name": "deu", @@ -334,10 +334,10 @@ "destination.port": 8080, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1fw7drlfe2ty27", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -381,7 +381,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.151", "source.geo.city_name": "Berdychiv", "source.geo.continent_name": "Europe", @@ -401,10 +401,10 @@ "destination.port": 8080, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1yre751fekaxzs", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -448,7 +448,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.241", "source.geo.city_name": "Vicenza", "source.geo.continent_name": "Europe", @@ -468,10 +468,10 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "5kanfzfiqepkh", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -515,7 +515,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.114", "source.geo.city_name": "Tula", "source.geo.continent_name": "Europe", @@ -535,10 +535,10 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "59z0t8fiow9vg", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -582,7 +582,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.251", "source.geo.city_name": "Stavropol", "source.geo.continent_name": "Europe", @@ -602,10 +602,10 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1y7e4yzff816cq", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -649,7 +649,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.189", "source.geo.city_name": "Viol\u00e8s", "source.geo.continent_name": "Europe", @@ -669,10 +669,10 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "lx5jlsfggpr0q", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -716,7 +716,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.189", "source.geo.city_name": "Viol\u00e8s", "source.geo.continent_name": "Europe", @@ -736,10 +736,10 @@ "destination.port": 8080, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "18ynfbufer19m1", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -783,7 +783,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.200", "source.geo.city_name": "\u0130zmir", "source.geo.continent_name": "Asia", @@ -809,10 +809,10 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "tzddthfsr6fv5", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -852,7 +852,7 @@ "8.8.8.8" ], "rule.name": "network:default/firewall:adrian-test-1", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.28.0.16", "source.domain": "adrian-test", "source.ip": "10.28.0.16", @@ -875,10 +875,10 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1k2b7kefsnhzq7", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -918,7 +918,7 @@ "8.8.8.8" ], "rule.name": "network:default/firewall:adrian-test-1", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.28.0.16", "source.domain": "adrian-test", "source.ip": "10.28.0.16", @@ -935,10 +935,10 @@ "destination.port": 9200, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1sdfuwxfk8hq1c", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "allowed" @@ -987,7 +987,7 @@ "10.42.0.10" ], "rule.name": "network:default/firewall:allow9200", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.114", "source.domain": "test-kibana", "source.geo.continent_name": "America", @@ -1006,10 +1006,10 @@ "destination.port": 9200, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1sdfuwxfk8hq1b", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "allowed" @@ -1058,7 +1058,7 @@ "10.42.0.10" ], "rule.name": "network:default/firewall:allow9200", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.114", "source.domain": "test-kibana", "source.geo.continent_name": "America", @@ -1077,10 +1077,10 @@ "destination.port": 3389, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "yot1ojetjdiw", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "allowed" @@ -1123,7 +1123,7 @@ "10.42.0.2" ], "rule.name": "network:windows-isolated/firewall:windows-isolated-allow-rdp", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.7", "source.geo.city_name": "Almelo", "source.geo.continent_name": "Europe", @@ -1143,10 +1143,10 @@ "destination.port": 9200, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "5a27u1g22jks9e", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "allowed" @@ -1195,7 +1195,7 @@ "10.42.0.10" ], "rule.name": "network:default/firewall:allow9200", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.114", "source.domain": "test-kibana", "source.geo.continent_name": "America", @@ -1214,10 +1214,10 @@ "destination.port": 9200, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "5a27u1g22jks8t", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "allowed" @@ -1266,7 +1266,7 @@ "10.42.0.10" ], "rule.name": "network:default/firewall:allow9200", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.114", "source.domain": "test-kibana", "source.geo.continent_name": "America", @@ -1285,10 +1285,10 @@ "destination.port": 80, "event.action": "firewall-rule", "event.category": "network", - "event.dataset": "googlecloud.firewall", + "event.dataset": "gcp.firewall", "event.id": "1dobeotg13df9f5", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.type": [ "connection", "denied" @@ -1338,7 +1338,7 @@ "10.28.0.16" ], "rule.name": "network:default/firewall:adrian-test-3", - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.42.0.10", "source.domain": "test-es", "source.ip": "10.42.0.10", diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/_meta/fields.yml b/x-pack/filebeat/module/gcp/vpcflow/_meta/fields.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/vpcflow/_meta/fields.yml rename to x-pack/filebeat/module/gcp/vpcflow/_meta/fields.yml diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/config/input.yml b/x-pack/filebeat/module/gcp/vpcflow/config/input.yml similarity index 87% rename from x-pack/filebeat/module/googlecloud/vpcflow/config/input.yml rename to x-pack/filebeat/module/gcp/vpcflow/config/input.yml index 2854b8ed3321..499e13b3dc71 100644 --- a/x-pack/filebeat/module/googlecloud/vpcflow/config/input.yml +++ b/x-pack/filebeat/module/gcp/vpcflow/config/input.yml @@ -27,8 +27,8 @@ publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} processors: - script: lang: javascript - id: googlecloud_vpcflow_script - file: ${path.home}/module/googlecloud/vpcflow/config/pipeline.js + id: gcp_vpcflow_script + file: ${path.home}/module/gcp/vpcflow/config/pipeline.js params: keep_original_message: {{ .keep_original_message }} - add_fields: diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js b/x-pack/filebeat/module/gcp/vpcflow/config/pipeline.js similarity index 100% rename from x-pack/filebeat/module/googlecloud/vpcflow/config/pipeline.js rename to x-pack/filebeat/module/gcp/vpcflow/config/pipeline.js diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/ingest/pipeline.yml b/x-pack/filebeat/module/gcp/vpcflow/ingest/pipeline.yml similarity index 100% rename from x-pack/filebeat/module/googlecloud/vpcflow/ingest/pipeline.yml rename to x-pack/filebeat/module/gcp/vpcflow/ingest/pipeline.yml diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/manifest.yml b/x-pack/filebeat/module/gcp/vpcflow/manifest.yml similarity index 91% rename from x-pack/filebeat/module/googlecloud/vpcflow/manifest.yml rename to x-pack/filebeat/module/gcp/vpcflow/manifest.yml index 3ddb0800223a..71048699be9a 100644 --- a/x-pack/filebeat/module/googlecloud/vpcflow/manifest.yml +++ b/x-pack/filebeat/module/gcp/vpcflow/manifest.yml @@ -8,7 +8,7 @@ var: - name: topic default: stackdriver-vpcflow - name: subscription_name - default: filebeat-googlecloud-vpcflow + default: filebeat-gcp-vpcflow - name: credentials_file - name: credentials_json - name: keep_original_message diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log b/x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log similarity index 100% rename from x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log rename to x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log diff --git a/x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json b/x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log-expected.json similarity index 94% rename from x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json rename to x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log-expected.json index 9a71b1c35a61..b9d0250b9be0 100644 --- a/x-pack/filebeat/module/googlecloud/vpcflow/test/vpc-flow-log-entries.json.log-expected.json +++ b/x-pack/filebeat/module/gcp/vpcflow/test/vpc-flow-log-entries.json.log-expected.json @@ -11,11 +11,11 @@ "destination.ip": "203.0.113.12", "destination.port": 33478, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:45:37.301953198Z", "event.id": "ut8lbrffooxyw", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:45:37.186193305Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -42,7 +42,7 @@ "10.87.40.76", "203.0.113.12" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1776, "source.domain": "kibana", @@ -63,11 +63,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33970, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821302149Z", "event.id": "ut8lbrffooxzb", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.466657665Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -100,7 +100,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 173663, @@ -127,11 +127,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33576, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821143836Z", "event.id": "ut8lbrffooxze", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:20.510622432Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -164,7 +164,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 155707, "source.domain": "elasticsearch", @@ -189,11 +189,11 @@ "destination.ip": "192.0.2.23", "destination.port": 59679, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:46.031032701Z", "event.id": "ut8lbrffooxyz", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:45.860349247Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -219,7 +219,7 @@ "10.139.99.242", "192.0.2.23" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 0, "source.domain": "elasticsearch", @@ -242,11 +242,11 @@ "destination.ip": "192.0.2.117", "destination.port": 50646, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:37.048196137Z", "event.id": "ut8lbrffooxz6", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:36.895188084Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -273,7 +273,7 @@ "10.87.40.76", "192.0.2.117" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1784, "source.domain": "kibana", @@ -294,11 +294,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:37.048196137Z", "event.id": "ut8lbrffooxzf", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:36.895188084Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -325,7 +325,7 @@ "192.0.2.117", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.117", "source.as.number": 15169, "source.bytes": 1464, @@ -348,11 +348,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33692, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565287007Z", "event.id": "ut8lbrffooxz1", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -385,7 +385,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 186151, @@ -412,11 +412,11 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821308944Z", "event.id": "ut8lbrffooxyp", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.469099728Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -449,7 +449,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 15169, "source.domain": "kibana", @@ -470,11 +470,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33554, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565311154Z", "event.id": "ut8lbrffooxzd", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500506974Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -507,7 +507,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 250864, @@ -531,11 +531,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33880, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821308944Z", "event.id": "ut8lbrffooxz8", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.469099728Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -568,7 +568,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 167939, @@ -592,11 +592,11 @@ "destination.ip": "10.139.99.242", "destination.port": 22, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:46.031032701Z", "event.id": "ut8lbrffooxyt", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:45.860349247Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -622,7 +622,7 @@ "192.0.2.23", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.23", "source.as.number": 49505, "source.bytes": 0, @@ -647,11 +647,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821056075Z", "event.id": "ut8lbrffooxz5", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:20.510622432Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -684,7 +684,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 11773, @@ -708,11 +708,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.393910944Z", "event.id": "ut8lbrffooxza", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:01.074897435Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -745,7 +745,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 65699, @@ -772,11 +772,11 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565287007Z", "event.id": "ut8lbrffooxyq", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -809,7 +809,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 66029, "source.domain": "kibana", @@ -833,11 +833,11 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565272745Z", "event.id": "ut8lbrffooxz2", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.150720950Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -870,7 +870,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 65154, "source.domain": "kibana", @@ -894,11 +894,11 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821302149Z", "event.id": "ut8lbrffooxyo", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.466657665Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -931,7 +931,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 13643, "source.domain": "kibana", @@ -952,11 +952,11 @@ "destination.ip": "10.49.136.133", "destination.port": 46864, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:29.432367659Z", "event.id": "ut8lbrffooxzc", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:17.343890802Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -983,7 +983,7 @@ "203.0.113.93", "10.49.136.133" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.93", "source.bytes": 34509840, "source.ip": "203.0.113.93", @@ -1003,11 +1003,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:48:39.076420731Z", "event.id": "ut8lbrffooxz7", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:48:38.961050187Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1034,7 +1034,7 @@ "203.0.113.12", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.12", "source.as.number": 15169, "source.bytes": 1467, @@ -1060,11 +1060,11 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565311154Z", "event.id": "ut8lbrffooxyu", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500506974Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1097,7 +1097,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 63671, "source.domain": "kibana", @@ -1122,11 +1122,11 @@ "destination.ip": "203.0.113.58", "destination.port": 65320, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.220714119Z", "event.id": "ut8lbrffooxyv", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.560917237Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1153,7 +1153,7 @@ "10.139.99.242", "203.0.113.58" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 51075, "source.domain": "elasticsearch", @@ -1177,11 +1177,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33562, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.393910944Z", "event.id": "ut8lbrffooxz0", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:01.074897435Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1214,7 +1214,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 197840, "source.domain": "elasticsearch", @@ -1234,11 +1234,11 @@ "destination.ip": "203.0.113.93", "destination.port": 9243, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:58.716492806Z", "event.id": "ut8lbrffooxys", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:17.306085222Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1265,7 +1265,7 @@ "10.49.136.133", "203.0.113.93" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.49.136.133", "source.bytes": 173805495, "source.domain": "simianhacker-demo", @@ -1286,11 +1286,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:45:37.301953198Z", "event.id": "ut8lbrffooxyx", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:45:37.186193305Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1317,7 +1317,7 @@ "203.0.113.12", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.12", "source.as.number": 15169, "source.bytes": 1468, @@ -1343,11 +1343,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33548, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.393651211Z", "event.id": "ut8lbrffooxz4", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.147252064Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1380,7 +1380,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 159704, "source.domain": "elasticsearch", @@ -1401,11 +1401,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.220714119Z", "event.id": "ut8lbrffooxz3", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.560917237Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1432,7 +1432,7 @@ "203.0.113.58", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.58", "source.as.number": 33652, "source.bytes": 70775, @@ -1457,11 +1457,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33542, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565272745Z", "event.id": "ut8lbrffooxz9", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.150720950Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1494,7 +1494,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 281147, @@ -1518,11 +1518,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:48.537763242Z", "event.id": "ut8lbrffooxyr", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.147252064Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1555,7 +1555,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 63590, @@ -1581,11 +1581,11 @@ "destination.ip": "203.0.113.12", "destination.port": 34836, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:48:39.076420731Z", "event.id": "ut8lbrffooxyy", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:48:38.961050187Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1612,7 +1612,7 @@ "10.87.40.76", "203.0.113.12" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1780, "source.domain": "kibana", @@ -1633,11 +1633,11 @@ "destination.ip": "10.139.99.242", "destination.port": 22, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:52.361155668Z", "event.id": "1ulp77rfdvho4g", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:46.541094678Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1664,7 +1664,7 @@ "192.0.2.165", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.165", "source.as.number": 45899, "source.bytes": 1239, @@ -1692,11 +1692,11 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:55.213244028Z", "event.id": "1ulp77rfdvho5r", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:06.075811571Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1729,7 +1729,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 63853, "source.domain": "kibana", @@ -1750,11 +1750,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:20.745658276Z", "event.id": "1ulp77rfdvho5k", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:20.634435179Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1781,7 +1781,7 @@ "198.51.100.107", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.107", "source.as.number": 15169, "source.bytes": 1458, @@ -1807,11 +1807,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33534, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.597088427Z", "event.id": "1ulp77rfdvho55", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:06.075942176Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1844,7 +1844,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 252397, "source.domain": "elasticsearch", @@ -1868,11 +1868,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33694, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565117754Z", "event.id": "1ulp77rfdvho60", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.566551903Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1905,7 +1905,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 205787, "source.domain": "elasticsearch", @@ -1930,11 +1930,11 @@ "destination.ip": "203.0.113.58", "destination.port": 65263, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.220748025Z", "event.id": "1ulp77rfdvho49", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:01.270990648Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -1961,7 +1961,7 @@ "10.139.99.242", "203.0.113.58" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 106409, "source.domain": "elasticsearch", @@ -1982,11 +1982,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.597088427Z", "event.id": "1ulp77rfdvho4t", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:06.075942176Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2019,7 +2019,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 61242, @@ -2046,11 +2046,11 @@ "destination.ip": "203.0.113.101", "destination.port": 49680, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:55.705469925Z", "event.id": "1ulp77rfdvho68", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.711043814Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2083,7 +2083,7 @@ "10.139.99.242", "203.0.113.101" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 248826, "source.domain": "elasticsearch", @@ -2106,11 +2106,11 @@ "destination.ip": "192.0.2.117", "destination.port": 33862, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:11.779780615Z", "event.id": "1ulp77rfdvho5n", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:11.655143526Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2137,7 +2137,7 @@ "10.87.40.76", "192.0.2.117" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1777, "source.domain": "kibana", @@ -2162,11 +2162,11 @@ "destination.ip": "203.0.113.58", "destination.port": 65321, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.312105537Z", "event.id": "1ulp77rfdvho5l", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.843986502Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2193,7 +2193,7 @@ "10.139.99.242", "203.0.113.58" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 116845, "source.domain": "elasticsearch", @@ -2214,11 +2214,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.461087350Z", "event.id": "1ulp77rfdvho65", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:24.790136141Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2251,7 +2251,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 4614, @@ -2278,11 +2278,11 @@ "destination.ip": "192.0.2.177", "destination.port": 60112, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:18.224268993Z", "event.id": "1ulp77rfdvho4b", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:14.031541248Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2315,7 +2315,7 @@ "10.139.99.242", "192.0.2.177" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 50379, "source.domain": "elasticsearch", @@ -2336,11 +2336,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33552, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:55.213244028Z", "event.id": "1ulp77rfdvho4m", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:06.075811571Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2373,7 +2373,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 200417, @@ -2400,11 +2400,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33524, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.461087350Z", "event.id": "1ulp77rfdvho5t", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:24.790136141Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2437,7 +2437,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 30233, "source.domain": "elasticsearch", @@ -2458,11 +2458,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33548, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565451051Z", "event.id": "1ulp77rfdvho50", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.147072949Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2495,7 +2495,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 160693, @@ -2519,11 +2519,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565117754Z", "event.id": "1ulp77rfdvho63", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.566551903Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2556,7 +2556,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 59903, @@ -2582,11 +2582,11 @@ "destination.ip": "198.51.100.107", "destination.port": 33924, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:20.745658276Z", "event.id": "1ulp77rfdvho4r", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:20.634545217Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2613,7 +2613,7 @@ "10.87.40.76", "198.51.100.107" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1780, "source.domain": "kibana", @@ -2638,11 +2638,11 @@ "destination.ip": "203.0.113.58", "destination.port": 65271, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:55.318940798Z", "event.id": "1ulp77rfdvho4i", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.155378070Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2669,7 +2669,7 @@ "10.139.99.242", "203.0.113.58" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 129335, "source.domain": "elasticsearch", @@ -2690,11 +2690,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:11.779780615Z", "event.id": "1ulp77rfdvho5v", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:11.655143526Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2721,7 +2721,7 @@ "192.0.2.117", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.117", "source.as.number": 15169, "source.bytes": 1464, @@ -2744,11 +2744,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.312105537Z", "event.id": "1ulp77rfdvho5i", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.843986502Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2775,7 +2775,7 @@ "203.0.113.58", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.58", "source.as.number": 33652, "source.bytes": 75477, @@ -2804,11 +2804,11 @@ "destination.ip": "203.0.113.58", "destination.port": 65316, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.220838853Z", "event.id": "1ulp77rfdvho5c", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.565831992Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2835,7 +2835,7 @@ "10.139.99.242", "203.0.113.58" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 102119, "source.domain": "elasticsearch", @@ -2856,11 +2856,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:55.705469925Z", "event.id": "1ulp77rfdvho5p", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.711043814Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2893,7 +2893,7 @@ "203.0.113.101", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.101", "source.as.number": 15169, "source.bytes": 1541638, @@ -2917,11 +2917,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:18.224268993Z", "event.id": "1ulp77rfdvho4y", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:14.031541248Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -2954,7 +2954,7 @@ "192.0.2.177", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.177", "source.as.number": 15169, "source.bytes": 755901, @@ -2981,11 +2981,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33558, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.394676451Z", "event.id": "1ulp77rfdvho4o", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:58.492572765Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3018,7 +3018,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 248715, "source.domain": "elasticsearch", @@ -3039,11 +3039,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.220838853Z", "event.id": "1ulp77rfdvho5g", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.565831992Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3070,7 +3070,7 @@ "203.0.113.58", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.58", "source.as.number": 33652, "source.bytes": 69757, @@ -3095,11 +3095,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:56.220748025Z", "event.id": "1ulp77rfdvho59", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:01.270990648Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3126,7 +3126,7 @@ "203.0.113.58", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.58", "source.as.number": 33652, "source.bytes": 69440, @@ -3151,11 +3151,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:20.569744903Z", "event.id": "1ulp77rfdvho57", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:20.454046087Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3182,7 +3182,7 @@ "192.0.2.117", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.117", "source.as.number": 15169, "source.bytes": 1457, @@ -3207,11 +3207,11 @@ "destination.ip": "192.0.2.117", "destination.port": 50438, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:20.569744903Z", "event.id": "1ulp77rfdvho5e", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:20.454046087Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3238,7 +3238,7 @@ "10.87.40.76", "192.0.2.117" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1784, "source.domain": "kibana", @@ -3263,11 +3263,11 @@ "destination.ip": "192.0.2.165", "destination.port": 59623, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:40:52.361155668Z", "event.id": "1ulp77rfdvho4d", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:46.541094678Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3294,7 +3294,7 @@ "10.139.99.242", "192.0.2.165" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 2395, "source.domain": "elasticsearch", @@ -3315,11 +3315,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:48.538257098Z", "event.id": "1ulp77rfdvho5y", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:58.492572765Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3352,7 +3352,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 60335, @@ -3379,11 +3379,11 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565451051Z", "event.id": "1ulp77rfdvho6a", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.147072949Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3416,7 +3416,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 65565, "source.domain": "kibana", @@ -3437,11 +3437,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:55.318940798Z", "event.id": "1ulp77rfdvho4v", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.155378070Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3468,7 +3468,7 @@ "203.0.113.58", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.58", "source.as.number": 33652, "source.bytes": 70174, @@ -3493,11 +3493,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:51.355687385Z", "event.id": "bnj3cofh3cdk1", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:51.237256499Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3524,7 +3524,7 @@ "203.0.113.12", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.12", "source.as.number": 15169, "source.bytes": 1461, @@ -3547,11 +3547,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:45:51.090104692Z", "event.id": "bnj3cofh3cdjx", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:45:50.954948790Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3578,7 +3578,7 @@ "198.51.100.107", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.107", "source.as.number": 15169, "source.bytes": 1460, @@ -3601,11 +3601,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565131125Z", "event.id": "bnj3cofh3cdju", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:02.143837873Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3638,7 +3638,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 66736, @@ -3664,11 +3664,11 @@ "destination.ip": "198.51.100.107", "destination.port": 33602, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:45:51.090104692Z", "event.id": "bnj3cofh3cdjz", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:45:50.954948790Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3695,7 +3695,7 @@ "10.87.40.76", "198.51.100.107" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1776, "source.domain": "kibana", @@ -3716,11 +3716,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:42:40.888804332Z", "event.id": "bnj3cofh3cdkk", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:42:40.779893091Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3747,7 +3747,7 @@ "203.0.113.27", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.27", "source.as.number": 15169, "source.bytes": 1464, @@ -3770,11 +3770,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33534, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.597279654Z", "event.id": "bnj3cofh3cdk0", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:06.075756033Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3807,7 +3807,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 259510, @@ -3833,11 +3833,11 @@ "destination.ip": "203.0.113.27", "destination.port": 52260, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:42:11.183868408Z", "event.id": "bnj3cofh3cdk8", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:42:11.063146265Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3864,7 +3864,7 @@ "10.87.40.76", "203.0.113.27" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1781, "source.domain": "kibana", @@ -3888,11 +3888,11 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565300944Z", "event.id": "bnj3cofh3cdkp", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.140119099Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3925,7 +3925,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 65069, "source.domain": "kibana", @@ -3949,11 +3949,11 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565335113Z", "event.id": "bnj3cofh3cdkc", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -3986,7 +3986,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 60530, "source.domain": "kibana", @@ -4007,11 +4007,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821047175Z", "event.id": "bnj3cofh3cdkm", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.469473010Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4044,7 +4044,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 11384, @@ -4071,11 +4071,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33554, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565131125Z", "event.id": "bnj3cofh3cdjy", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:02.143837873Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4108,7 +4108,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 272063, "source.domain": "elasticsearch", @@ -4131,11 +4131,11 @@ "destination.ip": "203.0.113.27", "destination.port": 53706, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:43:50.822333871Z", "event.id": "bnj3cofh3cdjv", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:43:50.703302550Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4162,7 +4162,7 @@ "10.87.40.76", "203.0.113.27" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1791, "source.domain": "kibana", @@ -4183,11 +4183,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.789039435Z", "event.id": "bnj3cofh3cdkh", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.458515996Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4220,7 +4220,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 18295, @@ -4244,11 +4244,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:44:40.243022993Z", "event.id": "bnj3cofh3cdkg", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:44:40.125336665Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4275,7 +4275,7 @@ "198.51.100.107", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.107", "source.as.number": 15169, "source.bytes": 1467, @@ -4298,11 +4298,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33556, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565335113Z", "event.id": "bnj3cofh3cdk7", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500498059Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4335,7 +4335,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 165290, @@ -4359,11 +4359,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:43:50.822333871Z", "event.id": "bnj3cofh3cdk9", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:43:50.703302550Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4390,7 +4390,7 @@ "203.0.113.27", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.27", "source.as.number": 15169, "source.bytes": 1458, @@ -4413,11 +4413,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:42:11.183868408Z", "event.id": "bnj3cofh3cdkj", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:42:11.063146265Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4444,7 +4444,7 @@ "203.0.113.27", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.27", "source.as.number": 15169, "source.bytes": 1464, @@ -4469,11 +4469,11 @@ "destination.ip": "203.0.113.27", "destination.port": 34090, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:37.827345444Z", "event.id": "bnj3cofh3cdki", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:37.712749588Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4500,7 +4500,7 @@ "10.87.40.76", "203.0.113.27" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1780, "source.domain": "kibana", @@ -4523,11 +4523,11 @@ "destination.ip": "203.0.113.12", "destination.port": 34178, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:51.355687385Z", "event.id": "bnj3cofh3cdkd", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:51.237256499Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4554,7 +4554,7 @@ "10.87.40.76", "203.0.113.12" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1780, "source.domain": "kibana", @@ -4577,11 +4577,11 @@ "destination.ip": "198.51.100.107", "destination.port": 33064, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:44:40.243022993Z", "event.id": "bnj3cofh3cdjw", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:44:40.125336665Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4608,7 +4608,7 @@ "10.87.40.76", "198.51.100.107" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1776, "source.domain": "kibana", @@ -4629,11 +4629,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:48:50.757255245Z", "event.id": "bnj3cofh3cdk3", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:48:50.642206049Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4660,7 +4660,7 @@ "198.51.100.107", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.107", "source.as.number": 15169, "source.bytes": 1461, @@ -4685,11 +4685,11 @@ "destination.ip": "203.0.113.12", "destination.port": 58216, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:36.982303071Z", "event.id": "bnj3cofh3cdkb", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:49:36.865198297Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4716,7 +4716,7 @@ "10.87.40.76", "203.0.113.12" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1781, "source.domain": "kibana", @@ -4740,11 +4740,11 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.597279654Z", "event.id": "bnj3cofh3cdk4", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:06.075756033Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4777,7 +4777,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 60222, "source.domain": "kibana", @@ -4801,11 +4801,11 @@ "destination.ip": "198.51.100.248", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565335113Z", "event.id": "bnj3cofh3cdkf", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500418290Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4838,7 +4838,7 @@ "10.87.40.76", "198.51.100.248" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 61810, "source.domain": "kibana", @@ -4859,11 +4859,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:36.982303071Z", "event.id": "bnj3cofh3cdkl", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:49:36.865198297Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4890,7 +4890,7 @@ "203.0.113.12", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.12", "source.as.number": 15169, "source.bytes": 1467, @@ -4913,11 +4913,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33510, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565335113Z", "event.id": "bnj3cofh3cdk2", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:39:59.500418290Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -4950,7 +4950,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 136558, @@ -4976,11 +4976,11 @@ "destination.ip": "198.51.100.107", "destination.port": 34906, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:48:50.757255245Z", "event.id": "bnj3cofh3cdko", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:48:50.642206049Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5007,7 +5007,7 @@ "10.87.40.76", "198.51.100.107" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1781, "source.domain": "kibana", @@ -5030,11 +5030,11 @@ "destination.ip": "203.0.113.27", "destination.port": 52454, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:42:40.888804332Z", "event.id": "bnj3cofh3cdke", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:42:40.779893091Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5061,7 +5061,7 @@ "10.87.40.76", "203.0.113.27" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.87.40.76", "source.bytes": 1781, "source.domain": "kibana", @@ -5082,11 +5082,11 @@ "destination.ip": "10.87.40.76", "destination.port": 5601, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:46:37.827345444Z", "event.id": "bnj3cofh3cdka", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:46:37.712749588Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5113,7 +5113,7 @@ "203.0.113.27", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.27", "source.as.number": 15169, "source.bytes": 1467, @@ -5136,11 +5136,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33530, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565300944Z", "event.id": "bnj3cofh3cdkn", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.140119099Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5173,7 +5173,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 170396, @@ -5200,11 +5200,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33570, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:51.821129119Z", "event.id": "bnj3cofh3cdk5", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.469473010Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5237,7 +5237,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 171610, "source.domain": "elasticsearch", @@ -5261,11 +5261,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33858, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:37.933164456Z", "event.id": "bnj3cofh3cdk6", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.458515996Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5298,7 +5298,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 15186, "source.domain": "elasticsearch", @@ -5322,11 +5322,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33590, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565116665Z", "event.id": "y4wffpfk2ero3", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.147151100Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5359,7 +5359,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 208416, "source.domain": "elasticsearch", @@ -5383,11 +5383,11 @@ "destination.ip": "192.0.2.177", "destination.port": 60108, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:54.108975753Z", "event.id": "y4wffpfk2eroh", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.762958327Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5420,7 +5420,7 @@ "10.139.99.242", "192.0.2.177" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 90977, "source.domain": "elasticsearch", @@ -5444,11 +5444,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33536, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565156020Z", "event.id": "y4wffpfk2erom", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.150481417Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5481,7 +5481,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 187301, "source.domain": "elasticsearch", @@ -5502,11 +5502,11 @@ "destination.ip": "10.87.40.76", "destination.port": 33560, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565287007Z", "event.id": "y4wffpfk2ero9", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:06.075859688Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5539,7 +5539,7 @@ "198.51.100.248", "10.87.40.76" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "198.51.100.248", "source.as.number": 15169, "source.bytes": 139106, @@ -5563,11 +5563,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:54.108975753Z", "event.id": "y4wffpfk2erog", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:00.762958327Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5600,7 +5600,7 @@ "192.0.2.177", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "192.0.2.177", "source.as.number": 15169, "source.bytes": 1733360, @@ -5627,11 +5627,11 @@ "destination.ip": "203.0.113.134", "destination.port": 33874, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:37.933099658Z", "event.id": "y4wffpfk2ero7", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:20.513551480Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5664,7 +5664,7 @@ "10.139.99.242", "203.0.113.134" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "10.139.99.242", "source.bytes": 149157, "source.domain": "elasticsearch", @@ -5685,11 +5685,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:37.965119632Z", "event.id": "y4wffpfk2eroe", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:08.480430427Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5722,7 +5722,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 11108, @@ -5746,11 +5746,11 @@ "destination.ip": "10.139.99.242", "destination.port": 9200, "event.category": "network", - "event.dataset": "googlecloud.vpcflow", + "event.dataset": "gcp.vpcflow", "event.end": "2019-06-14T03:49:59.565116665Z", "event.id": "y4wffpfk2eroa", "event.kind": "event", - "event.module": "googlecloud", + "event.module": "gcp", "event.start": "2019-06-14T03:40:05.147151100Z", "event.type": "connection", "fileset.name": "vpcflow", @@ -5783,7 +5783,7 @@ "203.0.113.134", "10.139.99.242" ], - "service.type": "googlecloud", + "service.type": "gcp", "source.address": "203.0.113.134", "source.as.number": 15169, "source.bytes": 67337, diff --git a/x-pack/filebeat/module/googlecloud/_meta/config.yml b/x-pack/filebeat/module/googlecloud/_meta/config.yml index 7ca54bd84c06..2c535fb4664d 100644 --- a/x-pack/filebeat/module/googlecloud/_meta/config.yml +++ b/x-pack/filebeat/module/googlecloud/_meta/config.yml @@ -1,4 +1,5 @@ -- module: googlecloud +# googlecloud module is deprecated, please use gcp instead +- module: gcp vpcflow: enabled: true @@ -7,11 +8,11 @@ # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be # configured to use this topic as a sink for VPC flow logs. - var.topic: googlecloud-vpc-flowlogs + var.topic: gcp-vpc-flowlogs # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -25,11 +26,11 @@ # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-firewall + var.topic: gcp-vpc-firewall # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-firewall-sub + var.subscription_name: filebeat-gcp-firewall-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -43,11 +44,11 @@ # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-audit + var.topic: gcp-vpc-audit # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-audit + var.subscription_name: filebeat-gcp-audit # Credentials file for the service account with authorization to read from # the subscription. diff --git a/x-pack/filebeat/module/googlecloud/fields.go b/x-pack/filebeat/module/googlecloud/fields.go deleted file mode 100644 index 91fb012da25e..000000000000 --- a/x-pack/filebeat/module/googlecloud/fields.go +++ /dev/null @@ -1,23 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. - -package googlecloud - -import ( - "github.com/elastic/beats/v7/libbeat/asset" -) - -func init() { - if err := asset.SetFields("filebeat", "googlecloud", asset.ModuleFieldsPri, AssetGooglecloud); err != nil { - panic(err) - } -} - -// AssetGooglecloud returns asset data. -// This is the base64 encoded gzipped contents of module/googlecloud. -func AssetGooglecloud() string { - return "eJzsWltv47oRfs+vmLe0QFYHfd2HAoGzaYNuipzE3QJ9MRhybLGhSJUXu95fX/Am6+o4sbI9B1g/Jbp882lmOPNxpE/wgvvPsFFqI5AK5dgFgOVW4Gf4SzgIi3SUoaGa15Yr+Rn+fAEAcK+YEwhrpaEkkgkuNyDUxsBaq6pzf3EBsOYomPkc7vwEklTYN+x/dl/741q5Oh0ZMex/twFuaCowKNJlbZttuwyN5ZJ4zIJLY4mk2Fw0RuIIEf+7W4MtsQ0LKh6iSkqk4ciOGCDw7R6EosQiAyXDJYZUCN8eFlcdSFtyE/kDN1Cr2olw047b0oNk2sDQEi5MAXcSCDyVRCPzcB00quSab5wO3K6g1urfSO2KM6BKazS1ksyAVYFQOgu2JBbUThp/tAOXjV+BM44IsY8PgnrLaXN/0bqlH4h2MA5kOqdzGF5wv1O6f+5IMEJAbnIA8sNQJS3h0ueoP/ztvrgYZaNxw5Wcj8ljwMtsJs1+VxLnM/ovJXHU5NgC2Nb0d5X7DwuQaHdKv8ye+z7fI/dSGfv7TuRtTVf+r/m4eM/7WJaclsm2j4+q0ftWbiaIGPec4jUzn6cG+FRaDSXlNMU5S39EfE/mh2zvQP6s+j+r/odU/ZT28xT8H5LxP2v9z1offifX+j4j4hi356R73mgo3d1nBODObgNGcyYT8YYvTvPGUV8s93VIkBq13RcjhoizJUrLaVgEKy7XasRu3wOvWL3ugIIH1VXUjzBcypOLhkvKayJWWBEu5suOZYkQIIEwptGYvJBavkAGzqCGirzk9aTxPw6N7T1B249Kc7tfGRRIrdLzEm7wIeODqZHyNUcGz/s2Q6WvgK+ByH0Bd9ZnvFQWNo5oIi0ig4GBUN9iKUk+j3VZCLVD5iugMxiFdsOj44eeF74fTSaiNdm/LZkazHYuhVXmWacFrWRxenKhrrgxs7bxZQoB973m7vq+ZWQiaTYhIuNN4VkpgaRP7xUK/yzRlqhB6RDzTjiCuzSmTkwka/EL4U5sJrjmO1fEWs2fnUUzyntYKk7L7wY1r8ZssOhdPxbWVk+JAnOY4kfi+irBSNEbyOSSmT63zGKknc1OYco/ky1kJg4e4hiHbL9CWyo27Ozv7WTjEUhmfMYfygDcKg3XD3dAiRAmSsh+1TOlcoLBMwa0NrK/MaIW/Zs8Lv6XVLXAK7iMA8mCEUt81cVi+6fipvnn0clfHer95ZhzpKtWUWEaXHGLlRnxkVBy80YHuerZL/81BEzQaJ2WyOLkk8BXbqx3VSDWetDYMOpacEqexWg4U3M5Xxws2xW76apvkAXKqpn1YkclHXJ7hFlmsebC4owt/jbgnWR63kf/e6eiHFM4TQP4cAKHsjKmMdJFqwot8Uvv/Iy8T0hAnpWz0xE4lpa+0qBe8X7ri4QGh0/oiHcPfX0abUyEJxEwzq9iZCsvX1dkg9LOq3CCLA64fVpLX2Xb+iwpz66s9sJjANwqxhrjZZQqzbjciNFtS66d85ejiPubrEdj1A4z+jDwmFOSJcjj9l/TY2O2Z5dCwciUDnrhcmhiBgIet++bZu70/9WFJ3Fxg2nULFQcP9ErjWK3xLrxxH3P4nkKcIOkHe8kUx3tDI3a7LCUBqqESHPOsMXmYUwOlugNNuWzJVunJK/fd4OhJVb4SfiG8I/Hu6tQW7mkwrE8ovCCLutif+Mr+tWUKLZofnn665evt6u7m1+elXoxo3q1cVUY0/a3ze8uvBnt+J7maN91WqO0Da/5EgkWEboheXRn2tt/fti2px3iGrVvtjn604nUCfthuxL3L6TmpqCqGn2a4dp8d6xNZ2GqLWoixCTpozFXbLzZcmlxM5DlJ7S6xM0DX6V58UGSEAkoXQVbIlyIQ9r36ZoWC8X6q+yw/zWGbGZUBdfAcIvCe+zTmlAfdtRa6WxpyJxL+CI3gpuygGu5D9ot3zqA72C1QHz6C/49STfjVwSP72hafohVt8iSYQAewnnla+IBLk0tqeAo25uOwx5L446I9uR3tnn8bcJ+w0heO4GrMZn1rhVxcziZl0R+3mApNoyKWFoiiwOMw1uz18tjZ4we5rUTvX4wYxgwX8a5cBw+55Frh+uUwiB00CngbSLjutU8Q+X1nkllz4CS0UFT9hnXeDaFmwwSwqTJes1pOzgmBueYHzSuUaM8byr5mEHyK/iTQpC6tiZyUIneZD0Ojtb5PW7AM4e4dFM3DJL8aTUZmcP3P/Nxa39UNEnwdW7JZZYM18WZ8jgT9TxaL8Ut2ZzhyigmfwTdJFvPo8vrVa20Hb4bgiPvh95El9dxT06VMKFlHeaa4E3n3AivQ5zAyQ1SSoSs6Ailyg2mKR+VFFnjJavnJ8gPfoyULOc8Rut7hbVQu4+QAd8eFuCx3yID0CdRT2SeIe4NZ5iEW4Jm0T9C7QpYEOk1GPLwWu/y6XFx6UXU5c2Xp2VrozbG09pihrcKX4lFSfdADFRIjNPI4A/ej8vFQ+Do27DY/xGY03kjYrnfs0qLektEngsONmb5QhSkNl4Oot0hSq8ww4aWwNOXX8MC1kiRb+Oxw5c5/v/rxd96sP563nwLE/fb+VuQx+XSP8cOfR+Ip1JtSLO/+DERQ0H2xcX/AgAA//8iHdat" -} diff --git a/x-pack/filebeat/module/googlecloud/module.yml b/x-pack/filebeat/module/googlecloud/module.yml new file mode 100644 index 000000000000..e5d6de048869 --- /dev/null +++ b/x-pack/filebeat/module/googlecloud/module.yml @@ -0,0 +1 @@ +movedTo: gcp diff --git a/x-pack/filebeat/modules.d/gcp.yml.disabled b/x-pack/filebeat/modules.d/gcp.yml.disabled new file mode 100644 index 000000000000..330c7d375e17 --- /dev/null +++ b/x-pack/filebeat/modules.d/gcp.yml.disabled @@ -0,0 +1,57 @@ +# Module: gcp +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-gcp.html + +- module: gcp + vpcflow: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be + # configured to use this topic as a sink for VPC flow logs. + var.topic: gcp-vpc-flowlogs + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + firewall: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: gcp-vpc-firewall + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-gcp-firewall-sub + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json + + audit: + enabled: true + + # Google Cloud project ID. + var.project_id: my-gcp-project-id + + # Google Pub/Sub topic containing firewall logs. Stackdriver must be + # configured to use this topic as a sink for firewall logs. + var.topic: gcp-vpc-audit + + # Google Pub/Sub subscription for the topic. Filebeat will create this + # subscription if it does not exist. + var.subscription_name: filebeat-gcp-audit + + # Credentials file for the service account with authorization to read from + # the subscription. + var.credentials_file: ${path.config}/gcp-service-account-xyz.json diff --git a/x-pack/filebeat/modules.d/googlecloud.yml.disabled b/x-pack/filebeat/modules.d/googlecloud.yml.disabled index 9bf81802677a..6f3e6b53e21d 100644 --- a/x-pack/filebeat/modules.d/googlecloud.yml.disabled +++ b/x-pack/filebeat/modules.d/googlecloud.yml.disabled @@ -1,7 +1,8 @@ # Module: googlecloud # Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-googlecloud.html -- module: googlecloud +# googlecloud module is deprecated, please use gcp instead +- module: gcp vpcflow: enabled: true @@ -10,11 +11,11 @@ # Google Pub/Sub topic containing VPC flow logs. Stackdriver must be # configured to use this topic as a sink for VPC flow logs. - var.topic: googlecloud-vpc-flowlogs + var.topic: gcp-vpc-flowlogs # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-vpc-flowlogs-sub + var.subscription_name: filebeat-gcp-vpc-flowlogs-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -28,11 +29,11 @@ # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-firewall + var.topic: gcp-vpc-firewall # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-firewall-sub + var.subscription_name: filebeat-gcp-firewall-sub # Credentials file for the service account with authorization to read from # the subscription. @@ -46,11 +47,11 @@ # Google Pub/Sub topic containing firewall logs. Stackdriver must be # configured to use this topic as a sink for firewall logs. - var.topic: googlecloud-vpc-audit + var.topic: gcp-vpc-audit # Google Pub/Sub subscription for the topic. Filebeat will create this # subscription if it does not exist. - var.subscription_name: filebeat-googlecloud-audit + var.subscription_name: filebeat-gcp-audit # Credentials file for the service account with authorization to read from # the subscription. From 2ae52c3c6e13a1196eb1a165d477c98d56a225ce Mon Sep 17 00:00:00 2001 From: Mariana Dima Date: Wed, 25 Nov 2020 10:08:11 +0000 Subject: [PATCH 21/41] Add support for platform logs in Filebeat Azure module (#22371) * mofidy doc * platformlogs * fix * separate pr * work on platform * work * platforms * changelog * fix file * add tests * add mapping * test * update mapping * fix file name * update file * map field * update files * fix logs * generate tests --- CHANGELOG.next.asciidoc | 1 + filebeat/docs/fields.asciidoc | 147 +++++++++++++ filebeat/docs/modules/azure.asciidoc | 13 ++ x-pack/filebeat/filebeat.reference.yml | 10 + x-pack/filebeat/module/azure/_meta/config.yml | 10 + .../filebeat/module/azure/_meta/docs.asciidoc | 13 ++ x-pack/filebeat/module/azure/fields.go | 2 +- .../azure/platformlogs/_meta/fields.yml | 66 ++++++ .../platformlogs/config/azure-eventhub.yml | 16 ++ .../module/azure/platformlogs/config/file.yml | 14 ++ .../azure/platformlogs/ingest/pipeline.yml | 195 ++++++++++++++++++ .../module/azure/platformlogs/manifest.yml | 19 ++ .../test/platformlogs-eventhub.log | 1 + .../platformlogs-eventhub.log-expected.json | 36 ++++ .../platformlogs/test/platformlogs-kube.log | 1 + .../test/platformlogs-kube.log-expected.json | 31 +++ x-pack/filebeat/modules.d/azure.yml.disabled | 10 + 17 files changed, 584 insertions(+), 1 deletion(-) create mode 100644 x-pack/filebeat/module/azure/platformlogs/_meta/fields.yml create mode 100644 x-pack/filebeat/module/azure/platformlogs/config/azure-eventhub.yml create mode 100644 x-pack/filebeat/module/azure/platformlogs/config/file.yml create mode 100644 x-pack/filebeat/module/azure/platformlogs/ingest/pipeline.yml create mode 100644 x-pack/filebeat/module/azure/platformlogs/manifest.yml create mode 100644 x-pack/filebeat/module/azure/platformlogs/test/platformlogs-eventhub.log create mode 100644 x-pack/filebeat/module/azure/platformlogs/test/platformlogs-eventhub.log-expected.json create mode 100644 x-pack/filebeat/module/azure/platformlogs/test/platformlogs-kube.log create mode 100644 x-pack/filebeat/module/azure/platformlogs/test/platformlogs-kube.log-expected.json diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 213de0754d40..b691c9c49af9 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -726,6 +726,7 @@ from being added to events by default. {pull}18159[18159] - Copy tag names from MISP data into events. {pull}21664[21664] - Added DNS response IP addresses to `related.ip` in Suricata module. {pull}22291[22291] - Added TLS JA3 fingerprint, certificate not_before/not_after, certificate SHA1 hash, and certificate subject fields to Zeek SSL dataset. {pull}21696[21696] +- Add platform logs in the azure filebeat module. {pull}22371[22371] - Added `event.ingested` field to data from the Netflow module. {pull}22412[22412] - Improve panw ECS url fields mapping. {pull}22481[22481] - Improve Nats filebeat dashboard. {pull}22726[22726] diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 40f4fab79c64..5c6244588fd4 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -3055,6 +3055,153 @@ type: keyword -- +[float] +=== platformlogs + +Fields for Azure platform logs. + + + +*`azure.platformlogs.operation_name`*:: ++ +-- +Operation name + + +type: keyword + +-- + +*`azure.platformlogs.result_type`*:: ++ +-- +Result type + + +type: keyword + +-- + +*`azure.platformlogs.result_signature`*:: ++ +-- +Result signature + + +type: keyword + +-- + +*`azure.platformlogs.category`*:: ++ +-- +Category + + +type: keyword + +-- + +*`azure.platformlogs.event_category`*:: ++ +-- +Event Category + + +type: keyword + +-- + +*`azure.platformlogs.status`*:: ++ +-- +Status + + +type: keyword + +-- + +*`azure.platformlogs.ccpNamespace`*:: ++ +-- +ccpNamespace + + +type: keyword + +-- + +*`azure.platformlogs.Cloud`*:: ++ +-- +Cloud + + +type: keyword + +-- + +*`azure.platformlogs.Environment`*:: ++ +-- +Environment + + +type: keyword + +-- + +*`azure.platformlogs.EventTimeString`*:: ++ +-- +EventTimeString + + +type: keyword + +-- + +*`azure.platformlogs.Caller`*:: ++ +-- +Caller + + +type: keyword + +-- + +*`azure.platformlogs.ScaleUnit`*:: ++ +-- +ScaleUnit + + +type: keyword + +-- + +*`azure.platformlogs.ActivityId`*:: ++ +-- +ActivityId + + +type: keyword + +-- + +*`azure.platformlogs.properties.*`*:: ++ +-- +Properties + + +type: object + +-- + [float] === signinlogs diff --git a/filebeat/docs/modules/azure.asciidoc b/filebeat/docs/modules/azure.asciidoc index 45010618214a..af8c24131856 100644 --- a/filebeat/docs/modules/azure.asciidoc +++ b/filebeat/docs/modules/azure.asciidoc @@ -24,6 +24,9 @@ The module contains the following filesets: `activitylogs` :: Will retrieve azure activity logs. Control-plane events on Azure Resource Manager resources. Activity logs provide insight into the operations that were performed on resources in your subscription. +`platformlogs` :: +Will retrieve azure platform logs. Platform logs provide detailed diagnostic and auditing information for Azure resources and the Azure platform they depend on. + `signinlogs` :: Will retrieve azure Active Directory sign-in logs. The sign-ins report provides information about the usage of managed applications and user sign-in activities. @@ -46,6 +49,16 @@ Will retrieve azure Active Directory audit logs. The audit logs provide traceabi storage_account_key: "" resource_manager_endpoint: "" + platformlogs: + enabled: false + var: + eventhub: "" + consumer_group: "$Default" + connection_string: "" + storage_account: "" + storage_account_key: "" + resource_manager_endpoint: "" + auditlogs: enabled: false var: diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index 720acde3df3e..ffcf422494be 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -365,6 +365,16 @@ filebeat.modules: # the storage account key, this key will be used to authorize access to data in your storage account storage_account_key: "" + platformlogs: + enabled: false + # var: + # eventhub: "" + # consumer_group: "$Default" + # connection_string: "" + # storage_account: "" + # storage_account_key: "" + + auditlogs: enabled: false # var: diff --git a/x-pack/filebeat/module/azure/_meta/config.yml b/x-pack/filebeat/module/azure/_meta/config.yml index ab7f477b8bb7..fdea9b1f2526 100644 --- a/x-pack/filebeat/module/azure/_meta/config.yml +++ b/x-pack/filebeat/module/azure/_meta/config.yml @@ -14,6 +14,16 @@ # the storage account key, this key will be used to authorize access to data in your storage account storage_account_key: "" + platformlogs: + enabled: false + # var: + # eventhub: "" + # consumer_group: "$Default" + # connection_string: "" + # storage_account: "" + # storage_account_key: "" + + auditlogs: enabled: false # var: diff --git a/x-pack/filebeat/module/azure/_meta/docs.asciidoc b/x-pack/filebeat/module/azure/_meta/docs.asciidoc index 485d6ddcab34..ee7c5961f85a 100644 --- a/x-pack/filebeat/module/azure/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/azure/_meta/docs.asciidoc @@ -19,6 +19,9 @@ The module contains the following filesets: `activitylogs` :: Will retrieve azure activity logs. Control-plane events on Azure Resource Manager resources. Activity logs provide insight into the operations that were performed on resources in your subscription. +`platformlogs` :: +Will retrieve azure platform logs. Platform logs provide detailed diagnostic and auditing information for Azure resources and the Azure platform they depend on. + `signinlogs` :: Will retrieve azure Active Directory sign-in logs. The sign-ins report provides information about the usage of managed applications and user sign-in activities. @@ -41,6 +44,16 @@ Will retrieve azure Active Directory audit logs. The audit logs provide traceabi storage_account_key: "" resource_manager_endpoint: "" + platformlogs: + enabled: false + var: + eventhub: "" + consumer_group: "$Default" + connection_string: "" + storage_account: "" + storage_account_key: "" + resource_manager_endpoint: "" + auditlogs: enabled: false var: diff --git a/x-pack/filebeat/module/azure/fields.go b/x-pack/filebeat/module/azure/fields.go index d358caa2edd2..f37b4bf9ee8c 100644 --- a/x-pack/filebeat/module/azure/fields.go +++ b/x-pack/filebeat/module/azure/fields.go @@ -19,5 +19,5 @@ func init() { // AssetAzure returns asset data. // This is the base64 encoded gzipped contents of module/azure. func AssetAzure() string { - return "eJzsW01z2zYQvftX7PiYady7Dp1RnaTjmSbOOM6ZA5MrGjVEsAAoj/LrO+D3BwBCFkil0+rUmsq+R2B3sfsWeg8veNwA+VEIvAJQVDHcwPVW///1FYBAhkTiBp5QkSuABGUsaK4ozzbw2xUAQPld+MyTgmkTO4oskZvy0XvIyB478/qjjjluIBW8yOu/GGwOzfRNyeKp/XZEk/Z5Y/gFj69c9P9uNF99Kup9k3D3YQIZcyGQkSCIt50tE5TCjGTqbJTKjAlAoOSFiHFiv78hM9YfpjbGu9WHHLyM64VmYPvQ/VfrY43fIhTc1G6DmAt+oAmKBUC1jV81iszJYLU7dPPTVeHDIX8ZW2vTR6GeuaA/qhAUVZ4JBLrt24aB7RY+VvRA1ZHxVM7GzThhdjR2pGAqKiNlAzvCJPqF26cytmDHRZ2vGj6gCd14RyFmiqqjceVMYTOzbndmeyYKfRoxI3QvI5pRRYnCJHo6RoWchI+bmgc9/bktsaDFgqcjWLBstMHt7EOqZv87gTCYgmBMI6UHzNbh8ocTqjuRxTp0vjmAGjK7grF12HxyIbVrEz/jnqywNGacYdTdvLNGGX/6C2NleFw9iOao9r4W7Ume0yyt/831u+tzotf6SoMzYYnssZ0B8EkZMub5GoFhhekfYca3CMxka8dpqKAul7JJxTIkY9u3E6h8dOO4tq9PV3CGEZGSptkeMxW5thQ8F/OEt9CfB84QOgpOrxoRT3BXHn/jzmUt1h3+uGK3UV6f5MkucJGV7O2/x0rmgmYxzQlbnezXBvk0mprJpYhOsBt6PEdR9RxhG537xu60puz16bpbMCzLea1dwZT9fWtQ7WhEdYpNOGSz5bZKIQpTLswtyptgb00Wu4NIB3N40I/arhs6F9q1FMVxffPmduyrzeJcQyZRHGiMkcC/C5SW5DYXfh5h963CgYcKB+6mdlpKiqhCRjFPTCkhBJcSAAYA066/SKjyavlP6t211UnjPiMOuPr68P77+IytVeA7UM/YZcIbgNtCCMwUO/4C2/JtqKy+k7EjyCLPudDN9oGwAm9WzauPfab23NrBH1DIab0ajIHJvJce8yZsoyLjEpbPfdeJyAw/z1kSPsPqrW2j125/Lt9W67JMXvuTpzb7Yy0zSqjMGTmaIjAQm20jU9ZQZgFt5C8CiXT082cReihtl8lY5ys2v1rWyU9AVpaJ0JgK42layaX1ib2YC6WVUmqDmWZRS+0egE1XKBsxrBOmQPCO7ejiiChU1BFD+gtnBpC2LxXZTxWRmSog0DpYrbenCxEp6uCtRkcupdGm7CygID6WrNqR51RL9BPxZjIlhFXQPriSJcw5fWAylha+3XZ70x6QxKMNpV2JPCJJIlCadjgwGaA5bB1gDadCoog6eWMd3/kuUXSayrwL7XlCdxSTqKtmjJELXrqs56gA3hDsJ6zB5/qd7BVa8/FVgDN8jcpmxu4US+hTX/AV3LAnJKiFODbJyo8nZ8klFvKeJRaCbQLpTaNPPrh86ohsx8W+vmGAKREJzdKyBq2R+Vtn0iS3RWOwOcrWCuEbQHUl2Qqu1hF3n3lQF2jEJ4/cCNPAWp/vbBEAQx8wiGmL8tvmuY+8P974tWlOt32moLHcDoGQ8fTdjuEbUJrmBaPJt8yAf10orT0s84ghmrvKzcWYGcpcn/9oI5+mGc2Cq+fa7HuahdTP/9ei/3vicA3fMxWcgM32Ree7K88cVp7nLiP5V5nsPM3/AvpkLLBsaIh91PB2YfK2Ml5aAKP4OZBBlh81lBWJ15jhJ1L0/SSiUKszU68NSC21MCURl6ie54thW1qWPvQKI7E893NTp6QZInPkYLPf3RmmmKlIL0whcalQKUH06oMRpAvbLCmvERIWkThGKaPqlshSEdzCQQUHFri2jhM0pZrd0vdo7msgEM1FGrtTUxnRTKEoh1ULufSdBBdGW2LyF8wiKmWBYsEAe9QwUMG4I2xAaLkJ5oCQc4iZC64drZTC6R4jw933htGOceO57sHna4tSHtxAM9hTxqhEHWJ2/xZUvkQJKkLZMgv1QOULWAAGJBgekEUkTQWmugpZkE4JBQ4oA7GkEHoLq7JxcW4VWlmk3k3RBvR0AlvIyUtCZvvj352ucMi2P2D0OmlnjpEzVP9vNss+wj4KwYXtCiSEHRt+1FhgxGrlOywvic4kgEstVs1ujYn4hxJqTkeuZRedB45S4X55XvcNIjgQG3pPgr/OKd1BWP3uAPrJr1coUUijPrMAqUeN5a4OmmvaMz/sCHY5un109U8AAAD//4AUZiI=" + return "eJzsXM9v2zoSvuevGORYbLP3HBbwpukiwLYpkvQsMNJY4Qst6pGUA/evfyBl/bJIio4pOQ+vPrWR830fh5zhcIbKZ3jF3TWQX5XACwBFFcNruFzp/19eAAhkSCRewzMqcgGQoUwFLRXlxTX85wIAwHwXvvGsYhpiTZFl8to8+gwF2WAHrz9qV+I15IJX5f4nFswhTB9KVs/ttxOatc8b4FfcvXHR/7kVvv7U0vuQcPdlRJlyIZCRKIw3HZaNSmFBCnUySw1jIxAoeSVSHOH3J2QC/WGMcThbfcrBYHwDmqDtU/eH1uc6HEUsujFuw1gKvqUZihlINca/NYssycDaHbv96aL08Zi/H6K14aNSL1zQX7ULijrORCJd9bFhgN3Sp4puqdoxnstJvzkMmJ2MNamYSoynXMOaMIlh7vbV+BasudjHq0YPaEFXwV6IhaJqZ7WczW0m7HZnx7NJ6MtIGaEbmdCCKkoUZsnzLqnkyH380gLk6c+N4YKWC5534OByyQb/Yh9Kta+/IwSDzQkOZeR0i8UyWv7npep2ZLGMnEcPUSNmXTG2jJqvPqbWNukLbsgCprHzDL3u6pPTy/jzH5gqy+P6QTIltfe1ZEPKkhb5/ncuP12e4r3OIQ32hDmix2qCICRkyJSXSziGk6a/hVlHEVnJys3TSEGdLhWjjGUoxjVvR0i59fP4pq8vV3CGCZGS5sUGC5X4phQCjXnEKPTngTOEToJ3VR0Iz3Bttr/Dk8tSqjv+w4zdJXl5kUcvgbNYsjf/AZYsBS1SWhK2uNgfDfNxMrWScwkdcTfyeImiPnPEPejcN7jjnLJ3TtenBYtZTjvaVUy5x7sn1QuNqK5iE4/ZjtxmKURhzoX9iPIu2hsbYrcRaWeOT3qrcf3UpdBLS1E8zG/efRz74UKcOpBJFFuaYiLwzwqlI7hNuV+A2z3WPPBQ88DdGKeVpIiqZJLyzBYSYmgxBDAgGJ/6q4yqoCP/UWd3jTo6uE8UB3zn+vjr9+kFW1Tga1Av2EXCK4CbSggsFNv9C1ZmNFTW3ynYDmRVllzow/aWsAqvFo2rT32l7tja0W9RyHG+Gk2BDT6oHvMubmtFxldYPnWsoyIzfJy9JH6E1VPbeq8bfyre1naZJ679n+cu/MNaZpJRWTKys3lgJDWrpky5p7IX0A7Wi0AiPef5kwQ9GGwTjHW8YtPWcnZ+IqpydIQOpTCe53W5dL9jz7aE8rpS6qIZR1FH7h5BTZcoWzmcHaZI9J7p6PyIKFTU40P6Cyc6kMaXimzGFZGJLCCSHZzo7e5CRI7aeevWka/S6KrszFBBfDKq2pbnuJYYVsSbiJQQt4L2xRcsYWrRRxbjOMK30+4+tEcU8eRiaS1RJiTLBErbDEcWA7SElYes0VRJFElX3lhm7fyUKLqayvQS2vCMrilmSZfNWD0Xguqyga0CeIezH2GDb/sxuTO05hNaAS7wLTGHGfeimKM+9R3fwE97RICaSWMTrMJ0cpadw5D3LHMIbANIrxt99MYVkkcUay42+xsGmBOR0SI3Oeiemb+3J01KlzdG66OsnBShDrTPJNuCq7PF3VcedQk0xaeA2Ahjx1pe72QSAMM1YCmmzapvVZYh5f3DiV9a5njaJxIax+0QiOlPP90coQ6lZZ7Rm0LTDPjbudLSzbIAH6KlL92cTZklzQ35R1t+Y0TpPe+jXJlr9Bx1Ze53+y8y8+/2X7/BFY/ycYzXGjUtv8e/I+xEbWhvGK8ithrGcA3RbbGlgpt7ERGn0AHakuopfqIbfFSCFnnkteMAbk1LGIt53dyC11A9poThz4JGNK0dsiFsKp6jRPGUC952zHGjaFT68FyNDKh1HFPjOL65P9pxdWylRfR+tYb9TIuYHevf3d9/Xjt2T9+Dii7AhX3WlGrhLv/CKdQ8TfY6kp3WZT9DRzAVaEqIxN3cf38r8KYGNwhgbTcOGg/zN/dNDSCosf+BeuhhTZlY1pmokAxEzWUYI8TXxi7L2bgdRcI+9QKXUMoybJl6m4gxIkcJLvzuLR2qj6TaMJXEuVzFkGjrg5Wkc9siMxf3CUtImqKUifXYGktWRwc1nf2U3MvjBM2pVjf3zdX7PRGI5uqqe1FTmdBCoTDXQ2Za0ncSfBxtislfsUiolBWKGR3sSdNATeP3sIGg+e4MDQR5rw2VguuFZg5mdIOJ5W2zRtGaceu+HqDnR8tiNm6gBWwoY1SidjH3+hZUviYZKkLZPIZ6oPIVHAQDEQy3yBKS5wJznYXMKMdQgYfKIiyrhJ7COm2cXVvNZpLUuzHbQJ4OYDMtciPIjn/4lx4W2GTbPxkQtNNObCMn9NktddD6E9JKRyG4cL10AHEv6txqLrBytQ0zNK9lTASAcxlrr26JO2hfDNVU53ZfdtFxYCcVbubXdd8wgoexkfcs+NtUbzmKqv96iD74hUYlKmmtz8wg6klz+bOD5sWoiVcpo72O1D66+CsAAP//n/8+qg==" } diff --git a/x-pack/filebeat/module/azure/platformlogs/_meta/fields.yml b/x-pack/filebeat/module/azure/platformlogs/_meta/fields.yml new file mode 100644 index 000000000000..ac03e0004f5b --- /dev/null +++ b/x-pack/filebeat/module/azure/platformlogs/_meta/fields.yml @@ -0,0 +1,66 @@ +- name: platformlogs + type: group + release: beta + default_field: false + description: > + Fields for Azure platform logs. + fields: + - name: operation_name + type: keyword + description: > + Operation name + - name: result_type + type: keyword + description: > + Result type + - name: result_signature + type: keyword + description: > + Result signature + - name: category + type: keyword + description: > + Category + - name: event_category + type: keyword + description: > + Event Category + - name: status + type: keyword + description: > + Status + - name: ccpNamespace + type: keyword + description: > + ccpNamespace + - name: Cloud + type: keyword + description: > + Cloud + - name: Environment + type: keyword + description: > + Environment + - name: EventTimeString + type: keyword + description: > + EventTimeString + - name: Caller + type: keyword + description: > + Caller + - name: ScaleUnit + type: keyword + description: > + ScaleUnit + - name: ActivityId + type: keyword + description: > + ActivityId + - name: properties.* + type: object + object_type: keyword + object_type_mapping_type: "*" + description: > + Properties + diff --git a/x-pack/filebeat/module/azure/platformlogs/config/azure-eventhub.yml b/x-pack/filebeat/module/azure/platformlogs/config/azure-eventhub.yml new file mode 100644 index 000000000000..496480aa1d0c --- /dev/null +++ b/x-pack/filebeat/module/azure/platformlogs/config/azure-eventhub.yml @@ -0,0 +1,16 @@ +type: azure-eventhub +connection_string: {{ .connection_string }} +eventhub: {{ .eventhub }} +consumer_group: {{ .consumer_group }} +storage_account: {{ .storage_account }} +storage_account_key: {{ .storage_account_key }} +resource_manager_endpoint: {{ .resource_manager_endpoint }} +storage_account_container: filebeat-platformlogs-{{ .eventhub }} +tags: {{.tags | tojson}} +publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} + +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.6.0 diff --git a/x-pack/filebeat/module/azure/platformlogs/config/file.yml b/x-pack/filebeat/module/azure/platformlogs/config/file.yml new file mode 100644 index 000000000000..e9470671e071 --- /dev/null +++ b/x-pack/filebeat/module/azure/platformlogs/config/file.yml @@ -0,0 +1,14 @@ +type: log +paths: + {{ range $i, $path := .paths }} +- {{$path}} + {{ end }} +exclude_files: [".gz$"] +tags: {{.tags | tojson}} +publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} + +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.6.0 diff --git a/x-pack/filebeat/module/azure/platformlogs/ingest/pipeline.yml b/x-pack/filebeat/module/azure/platformlogs/ingest/pipeline.yml new file mode 100644 index 000000000000..8493ef886fe2 --- /dev/null +++ b/x-pack/filebeat/module/azure/platformlogs/ingest/pipeline.yml @@ -0,0 +1,195 @@ +description: Pipeline for parsing azure platform logs. +processors: +- set: + field: event.ingested + value: '{{_ingest.timestamp}}' +- rename: + field: azure + target_field: azure-eventhub + ignore_missing: true +- script: + source: ctx.message = ctx.message.replace(params.empty_field_name, '') + params: + empty_field_name: '"":"",' + ignore_failure: true +- json: + field: message + target_field: azure.platformlogs +- date: + field: azure.platformlogs.time + target_field: '@timestamp' + ignore_failure: true + formats: + - ISO8601 +- date: + field: azure.platformlogs.EventTimeString + target_field: '@timestamp' + ignore_failure: true + formats: + - ISO8601 + - "M/d/yyyy h:mm:ss a XXX" +- remove: + field: + - message + - azure.platformlogs.time + ignore_missing: true +- rename: + field: azure.platformlogs.resourceId + target_field: azure.resource_id + ignore_missing: true +- rename: + field: azure.platformlogs.Region + target_field: cloud.region + ignore_missing: true +- json: + field: azure.platformlogs.EventProperties + target_field: azure.platformlogs.properties + ignore_failure: true +- remove: + if: ctx.azure.platformlogs.properties != null + field: + - azure.platformlogs.EventProperties + ignore_missing: true +- rename: + field: azure.platformlogs.EventName + target_field: event.action + ignore_missing: true +- rename: + field: azure.platformlogs.properties.log + target_field: message + ignore_missing: true +- rename: + field: azure.platformlogs.callerIpAddress + target_field: source.ip + ignore_missing: true +- rename: + field: azure.platformlogs.level + target_field: log.level + ignore_missing: true +- rename: + field: azure.platformlogs.durationMs + target_field: event.duration + ignore_missing: true +- script: + lang: painless + source: if (ctx.event.duration!= null) {ctx.event.duration = ctx.event.duration + * params.param_nano;} + params: + param_nano: 1000000 + ignore_failure: true +- rename: + field: azure.platformlogs.location + target_field: geo.name + ignore_missing: true +- script: + lang: painless + source: >- + if (ctx?.azure?.platformlogs?.properties?.eventCategory != null) { + ctx.azure.platformlogs.event_category = ctx.azure.platformlogs.properties.eventCategory; + } + else if (ctx?.azure?.platformlogs?.properties?.policies != null) { + ctx.azure.platformlogs.event_category = 'Policy'; + } + else { + ctx.azure.platformlogs.event_category = 'Administrative'; + } + ignore_failure: true +- rename: + field: azure.platformlogs.resultType + target_field: azure.platformlogs.result_type + ignore_missing: true +- convert: + field: azure.platformlogs.result_type + target_field: event.outcome + type: string + if: "ctx?.azure?.platformlogs?.result_type != null && ctx.azure.platformlogs.result_type instanceof String && (ctx.azure.platformlogs.result_type.toLowerCase() == 'success' || ctx.azure.platformlogs.result_type.toLowerCase() == 'failure')" +- convert: + field: azure.platformlogs.properties.result + target_field: event.outcome + type: string + if: "ctx?.event?.outcome == null && ctx?.azure?.platformlogs?.properties?.result != null && ctx?.azure?.platformlogs?.properties?.result instanceof String && ['success', 'failure', 'unknown'].contains(ctx.azure?.platformlogs?.properties?.result)" +- convert: + field: azure.platformlogs.Status + target_field: event.outcome + type: string + if: "ctx?.event?.outcome == null && ctx?.azure?.platformlogs?.Status != null && ctx?.azure?.platformlogs?.Status instanceof String && ['success', 'failure', 'unknown', 'Succeeded', 'Failed'].contains(ctx.azure?.platformlogs?.Status)" +- rename: + field: azure.platformlogs.operationName + target_field: azure.platformlogs.operation_name + ignore_missing: true +- convert: + field: azure.platformlogs.operation_name + target_field: event.action + type: string + ignore_missing: true +- rename: + field: azure.platformlogs.resultSignature + target_field: azure.platformlogs.result_signature + ignore_missing: true +- rename: + field: azure.platformlogs.correlationId + target_field: azure.correlation_id + ignore_missing: true +- rename: + field: azure.platformlogs.properties.statusCode + target_field: azure.platformlogs.properties.status_code + ignore_missing: true +- rename: + field: azure.platformlogs.Status + target_field: azure.platformlogs.status + ignore_missing: true +- geoip: + field: source.ip + target_field: geo + ignore_missing: true +- script: + lang: painless + ignore_failure: true + params: + "write": + type: + - change + "read": + type: + - access + "delete": + type: + - deletion + "action": + type: + - change + source: >- + if (ctx?.azure?.platformlogs?.category == null) { + return; + } + def hm = new HashMap(params.get(ctx.azure.platformlogs.category.toLowerCase())); + hm.forEach((k, v) -> ctx.event[k] = v); +- geoip: + field: source.ip + target_field: source.geo + ignore_missing: true +- geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true +- rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true +- rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true +- set: + field: event.kind + value: event +- pipeline: + name: '{< IngestPipeline "azure-shared-pipeline" >}' +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/x-pack/filebeat/module/azure/platformlogs/manifest.yml b/x-pack/filebeat/module/azure/platformlogs/manifest.yml new file mode 100644 index 000000000000..a67dc604dd24 --- /dev/null +++ b/x-pack/filebeat/module/azure/platformlogs/manifest.yml @@ -0,0 +1,19 @@ +module_version: 1.0 + +var: + - name: input + default: azure-eventhub + - name: eventhub + - name: consumer_group + default: "$Default" + - name: connection_string + - name: storage_account + - name: storage_account_key + - name: resource_manager_endpoint + - name: tags + default: [forwarded] + +ingest_pipeline: + - ingest/pipeline.yml + - ../azure-shared-pipeline.yml +input: config/{{.input}}.yml diff --git a/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-eventhub.log b/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-eventhub.log new file mode 100644 index 000000000000..13f18cfe2c2f --- /dev/null +++ b/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-eventhub.log @@ -0,0 +1 @@ +{"ActivityId":"30ed877c-a36b-491a-bd4d-ddd847fe55b8","Caller":"Portal","Environment":"PROD","EventName":"Retreive ConsumerGroup","EventProperties":"{\"SubscriptionId\":\"7657426d-c4c3-44ac-88a2-3b2cd59e6dba\",\"Namespace\":\"obstesteventhubs\",\"Via\":\"sb://obstesteventhubs.servicebus.windows.net/insights-logs-operationallogs/consumergroups?api-version=2017-04\u0026$skip=0\u0026$top=100\",\"TrackingId\":\"30ed877c-a36b-491a-bd4d-ddd847fe55b8_M2CH3_M2CH3_G3S2\"}","EventTimeString":"11/3/2020 9:06:42 AM +00:00","Region":"West Europe","ScaleUnit":"PROD-AM3-AZ501","Status":"Succeeded","category":"OperationalLogs","resourceId":"/SUBSCRIPTIONS/7657426D-C4C3-44AC-88A2-3B2CD59E6DBA/RESOURCEGROUPS/OBS-TEST/PROVIDERS/MICROSOFT.EVENTHUB/NAMESPACES/OBSTESTEVENTHUBS"} diff --git a/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-eventhub.log-expected.json b/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-eventhub.log-expected.json new file mode 100644 index 000000000000..ca2c95be8242 --- /dev/null +++ b/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-eventhub.log-expected.json @@ -0,0 +1,36 @@ +[ + { + "@timestamp": "2020-11-03T09:06:42.000Z", + "azure.platformlogs.ActivityId": "30ed877c-a36b-491a-bd4d-ddd847fe55b8", + "azure.platformlogs.Caller": "Portal", + "azure.platformlogs.Environment": "PROD", + "azure.platformlogs.EventTimeString": "11/3/2020 9:06:42 AM +00:00", + "azure.platformlogs.ScaleUnit": "PROD-AM3-AZ501", + "azure.platformlogs.category": "OperationalLogs", + "azure.platformlogs.event_category": "Administrative", + "azure.platformlogs.properties.Namespace": "obstesteventhubs", + "azure.platformlogs.properties.SubscriptionId": "7657426d-c4c3-44ac-88a2-3b2cd59e6dba", + "azure.platformlogs.properties.TrackingId": "30ed877c-a36b-491a-bd4d-ddd847fe55b8_M2CH3_M2CH3_G3S2", + "azure.platformlogs.properties.Via": "sb://obstesteventhubs.servicebus.windows.net/insights-logs-operationallogs/consumergroups?api-version=2017-04&$skip=0&$top=100", + "azure.platformlogs.status": "Succeeded", + "azure.resource.group": "OBS-TEST", + "azure.resource.id": "/SUBSCRIPTIONS/7657426D-C4C3-44AC-88A2-3B2CD59E6DBA/RESOURCEGROUPS/OBS-TEST/PROVIDERS/MICROSOFT.EVENTHUB/NAMESPACES/OBSTESTEVENTHUBS", + "azure.resource.name": "OBSTESTEVENTHUBS", + "azure.resource.provider": "MICROSOFT.EVENTHUB/NAMESPACES", + "azure.subscription_id": "7657426D-C4C3-44AC-88A2-3B2CD59E6DBA", + "cloud.provider": "azure", + "cloud.region": "West Europe", + "event.action": "Retreive ConsumerGroup", + "event.dataset": "azure.platformlogs", + "event.kind": "event", + "event.module": "azure", + "event.outcome": "succeeded", + "fileset.name": "platformlogs", + "input.type": "log", + "log.offset": 0, + "service.type": "azure", + "tags": [ + "forwarded" + ] + } +] diff --git a/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-kube.log b/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-kube.log new file mode 100644 index 000000000000..7b8930fb3416 --- /dev/null +++ b/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-kube.log @@ -0,0 +1 @@ +{"Cloud":"AzureCloud","Environment":"prod","category":"kube-audit","ccpNamespace":"5e4bf4baee195b00017cdbfa","operationName":"Microsoft.ContainerService/managedClusters/diagnosticLogs/Read","properties":{"log":"{\"kind\":\"Event\",\"apiVersion\":\"audit.k8s.io/v1\",\"level\":\"Metadata\",\"auditID\":\"22af12c3-a1fe-4f2c-99a9-3cdde671dbfe\"}","pod":"kube-apiserver-666bd4b459-hjgdc","stream":"stdout"},"resourceId":"/SUBSCRIPTIONS/70BD6E77-4B1E-4835-8896-DB77B8EEF364/RESOURCEGROUPS/OBS-INFRASTRUCTURE/PROVIDERS/MICROSOFT.CONTAINERSERVICE/MANAGEDCLUSTERS/OBSKUBE","time":"2020-11-09T10:57:31.0000000Z"} diff --git a/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-kube.log-expected.json b/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-kube.log-expected.json new file mode 100644 index 000000000000..fb95fe0ba809 --- /dev/null +++ b/x-pack/filebeat/module/azure/platformlogs/test/platformlogs-kube.log-expected.json @@ -0,0 +1,31 @@ +[ + { + "@timestamp": "2020-11-09T10:57:31.000Z", + "azure.platformlogs.Cloud": "AzureCloud", + "azure.platformlogs.Environment": "prod", + "azure.platformlogs.category": "kube-audit", + "azure.platformlogs.ccpNamespace": "5e4bf4baee195b00017cdbfa", + "azure.platformlogs.event_category": "Administrative", + "azure.platformlogs.operation_name": "Microsoft.ContainerService/managedClusters/diagnosticLogs/Read", + "azure.platformlogs.properties.pod": "kube-apiserver-666bd4b459-hjgdc", + "azure.platformlogs.properties.stream": "stdout", + "azure.resource.group": "OBS-INFRASTRUCTURE", + "azure.resource.id": "/SUBSCRIPTIONS/70BD6E77-4B1E-4835-8896-DB77B8EEF364/RESOURCEGROUPS/OBS-INFRASTRUCTURE/PROVIDERS/MICROSOFT.CONTAINERSERVICE/MANAGEDCLUSTERS/OBSKUBE", + "azure.resource.name": "OBSKUBE", + "azure.resource.provider": "MICROSOFT.CONTAINERSERVICE/MANAGEDCLUSTERS", + "azure.subscription_id": "70BD6E77-4B1E-4835-8896-DB77B8EEF364", + "cloud.provider": "azure", + "event.action": "Microsoft.ContainerService/managedClusters/diagnosticLogs/Read", + "event.dataset": "azure.platformlogs", + "event.kind": "event", + "event.module": "azure", + "fileset.name": "platformlogs", + "input.type": "log", + "log.offset": 0, + "message": "{\"kind\":\"Event\",\"apiVersion\":\"audit.k8s.io/v1\",\"level\":\"Metadata\",\"auditID\":\"22af12c3-a1fe-4f2c-99a9-3cdde671dbfe\"}", + "service.type": "azure", + "tags": [ + "forwarded" + ] + } +] diff --git a/x-pack/filebeat/modules.d/azure.yml.disabled b/x-pack/filebeat/modules.d/azure.yml.disabled index 0c7eb3d6e010..dcf5b1764d72 100644 --- a/x-pack/filebeat/modules.d/azure.yml.disabled +++ b/x-pack/filebeat/modules.d/azure.yml.disabled @@ -17,6 +17,16 @@ # the storage account key, this key will be used to authorize access to data in your storage account storage_account_key: "" + platformlogs: + enabled: false + # var: + # eventhub: "" + # consumer_group: "$Default" + # connection_string: "" + # storage_account: "" + # storage_account_key: "" + + auditlogs: enabled: false # var: From 0619788ce117d09aa292f2d38654b4ba0d8e31b4 Mon Sep 17 00:00:00 2001 From: Jaime Soriano Pastor Date: Wed, 25 Nov 2020 11:23:18 +0100 Subject: [PATCH 22/41] Avoid sending non-numeric floats in cloud foundry integrations (#22634) Cloud Foundry integrations are sending some values as they are received from the Firehose, some of these values can be floats with non-numeric values (NaN/Inf), that are not supported by JSON and Elasticsearch. Add defensive code to avoid sending these values to the outputs. Also, add unit tests using mocked cloud foundry hubs. --- CHANGELOG.next.asciidoc | 1 + .../common/cloudfoundry/dopplerconsumer.go | 2 +- x-pack/libbeat/common/cloudfoundry/events.go | 2 +- .../common/cloudfoundry/rlplistener.go | 2 +- .../module/cloudfoundry/cloudfoundry.go | 13 +- .../cloudfoundry/container/container.go | 21 ++- .../cloudfoundry/container/container_test.go | 163 ++++++++++++++++++ .../cloudfoundry/counter/counter_test.go | 96 +++++++++++ x-pack/metricbeat/module/cloudfoundry/hub.go | 43 +++++ .../module/cloudfoundry/mtest/modulemock.go | 94 ++++++++++ x-pack/metricbeat/module/cloudfoundry/util.go | 27 +++ .../module/cloudfoundry/util_test.go | 70 ++++++++ x-pack/metricbeat/module/cloudfoundry/v1.go | 4 +- x-pack/metricbeat/module/cloudfoundry/v2.go | 6 +- .../module/cloudfoundry/value/value.go | 24 ++- .../module/cloudfoundry/value/value_test.go | 131 ++++++++++++++ 16 files changed, 686 insertions(+), 13 deletions(-) create mode 100644 x-pack/metricbeat/module/cloudfoundry/container/container_test.go create mode 100644 x-pack/metricbeat/module/cloudfoundry/counter/counter_test.go create mode 100644 x-pack/metricbeat/module/cloudfoundry/hub.go create mode 100644 x-pack/metricbeat/module/cloudfoundry/mtest/modulemock.go create mode 100644 x-pack/metricbeat/module/cloudfoundry/util.go create mode 100644 x-pack/metricbeat/module/cloudfoundry/util_test.go create mode 100644 x-pack/metricbeat/module/cloudfoundry/value/value_test.go diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index b691c9c49af9..b2a7a61004e9 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -438,6 +438,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Change Session ID type from int to string {pull}22359[22359] - Fix filesystem types on Windows in filesystem metricset. {pull}22531[22531] - Fix failiures caused by custom beat names with more than 15 characters {pull}22550[22550] +- Stop generating NaN values from Cloud Foundry module to avoid errors in outputs. {pull}22634[22634] - Update NATS dashboards to leverage connection and route metricsets {pull}22646[22646] *Packetbeat* diff --git a/x-pack/libbeat/common/cloudfoundry/dopplerconsumer.go b/x-pack/libbeat/common/cloudfoundry/dopplerconsumer.go index 10ea50dd9280..96349eeb7ea2 100644 --- a/x-pack/libbeat/common/cloudfoundry/dopplerconsumer.go +++ b/x-pack/libbeat/common/cloudfoundry/dopplerconsumer.go @@ -111,7 +111,7 @@ func (c *DopplerConsumer) firehose(cb func(evt Event), filter consumer.EnvelopeF if !filterFn(env) { continue } - event := envelopeToEvent(env) + event := EnvelopeToEvent(env) if event == nil { c.log.Debugf("Envelope couldn't be converted to event: %+v", env) continue diff --git a/x-pack/libbeat/common/cloudfoundry/events.go b/x-pack/libbeat/common/cloudfoundry/events.go index adaa944773c6..4d1a67e2b1bd 100644 --- a/x-pack/libbeat/common/cloudfoundry/events.go +++ b/x-pack/libbeat/common/cloudfoundry/events.go @@ -461,7 +461,7 @@ func newEventError(env *events.Envelope) *EventError { } } -func envelopeToEvent(env *events.Envelope) Event { +func EnvelopeToEvent(env *events.Envelope) Event { switch *env.EventType { case events.Envelope_HttpStartStop: return newEventHttpAccess(env) diff --git a/x-pack/libbeat/common/cloudfoundry/rlplistener.go b/x-pack/libbeat/common/cloudfoundry/rlplistener.go index e80db747c8e0..0c08b12a7fdf 100644 --- a/x-pack/libbeat/common/cloudfoundry/rlplistener.go +++ b/x-pack/libbeat/common/cloudfoundry/rlplistener.go @@ -79,7 +79,7 @@ func (c *RlpListener) Start(ctx context.Context) { for i := range envelopes { v1s := conversion.ToV1(envelopes[i]) for _, v := range v1s { - evt := envelopeToEvent(v) + evt := EnvelopeToEvent(v) if evt.EventType() == EventTypeHttpAccess && c.callbacks.HttpAccess != nil { c.callbacks.HttpAccess(evt.(*EventHttpAccess)) } else if evt.EventType() == EventTypeLog && c.callbacks.Log != nil { diff --git a/x-pack/metricbeat/module/cloudfoundry/cloudfoundry.go b/x-pack/metricbeat/module/cloudfoundry/cloudfoundry.go index 961827469dd0..1486c9b14c0e 100644 --- a/x-pack/metricbeat/module/cloudfoundry/cloudfoundry.go +++ b/x-pack/metricbeat/module/cloudfoundry/cloudfoundry.go @@ -22,19 +22,30 @@ func init() { } type Module interface { + mb.Module RunCounterReporter(mb.PushReporterV2) RunContainerReporter(mb.PushReporterV2) RunValueReporter(mb.PushReporterV2) } func newModule(base mb.BaseModule) (mb.Module, error) { + factory := func(cfg *cfcommon.Config, name string, log *logp.Logger) CloudfoundryHub { + return &HubAdapter{cfcommon.NewHub(cfg, name, log)} + } + return NewModuleWithHubFactory(base, factory) +} + +type hubFactory func(cfg *cfcommon.Config, name string, log *logp.Logger) CloudfoundryHub + +// NewModuleWithHubFactory initializes a module with a hub created with a hub factory +func NewModuleWithHubFactory(base mb.BaseModule, hubFactory hubFactory) (mb.Module, error) { var cfg cfcommon.Config if err := base.UnpackConfig(&cfg); err != nil { return nil, err } log := logp.NewLogger("cloudfoundry") - hub := cfcommon.NewHub(&cfg, "metricbeat", log) + hub := hubFactory(&cfg, "metricbeat", log) switch cfg.Version { case cfcommon.ConsumerVersionV1: diff --git a/x-pack/metricbeat/module/cloudfoundry/container/container.go b/x-pack/metricbeat/module/cloudfoundry/container/container.go index 4f8c62271036..50287ef8c49e 100644 --- a/x-pack/metricbeat/module/cloudfoundry/container/container.go +++ b/x-pack/metricbeat/module/cloudfoundry/container/container.go @@ -9,6 +9,7 @@ import ( "github.com/elastic/beats/v7/x-pack/metricbeat/module/cloudfoundry" + "github.com/elastic/beats/v7/libbeat/logp" "github.com/elastic/beats/v7/metricbeat/mb" ) @@ -41,5 +42,23 @@ func New(base mb.BaseMetricSet) (mb.MetricSet, error) { // Run method provides the module with a reporter with which events can be reported. func (m *MetricSet) Run(reporter mb.PushReporterV2) { - m.mod.RunContainerReporter(reporter) + m.mod.RunContainerReporter(&containerReporter{reporter, m.Logger()}) +} + +type containerReporter struct { + mb.PushReporterV2 + + logger *logp.Logger +} + +func (r *containerReporter) Event(event mb.Event) bool { + cpuPctKey := "cloudfoundry.container.cpu.pct" + found, err := cloudfoundry.HasNonNumericFloat(event.RootFields, cpuPctKey) + if err != nil { + r.logger.Debugf("Unexpected failure while checking for non-numeric values: %v", err) + } + if found { + event.RootFields.Delete(cpuPctKey) + } + return r.PushReporterV2.Event(event) } diff --git a/x-pack/metricbeat/module/cloudfoundry/container/container_test.go b/x-pack/metricbeat/module/cloudfoundry/container/container_test.go new file mode 100644 index 000000000000..46b1206f1b38 --- /dev/null +++ b/x-pack/metricbeat/module/cloudfoundry/container/container_test.go @@ -0,0 +1,163 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// +build !integration + +package container + +import ( + "math" + "testing" + "time" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/cloudfoundry/sonde-go/events" + + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/metricbeat/mb" + "github.com/elastic/beats/v7/metricbeat/mb/parse" + mbtest "github.com/elastic/beats/v7/metricbeat/mb/testing" + "github.com/elastic/beats/v7/x-pack/metricbeat/module/cloudfoundry/mtest" +) + +func init() { + if err := mb.Registry.AddModule("cloudfoundrytest", mtest.NewModuleMock); err != nil { + panic(err) + } + mb.Registry.MustAddMetricSet("cloudfoundrytest", "test", newTestMetricSet, + mb.WithHostParser(parse.EmptyHostParser), + mb.DefaultMetricSet(), + ) +} + +func newTestMetricSet(base mb.BaseMetricSet) (mb.MetricSet, error) { + return New(base) +} + +func TestMetricSet(t *testing.T) { + logp.TestingSetup(logp.WithSelectors("cloudfoundry")) + + config := map[string]interface{}{ + "module": "cloudfoundrytest", + "client_id": "dummy", + "client_secret": "dummy", + "api_address": "dummy", + "shard_id": "dummy", + } + + ms := mbtest.NewPushMetricSetV2(t, config) + hub := ms.Module().(*mtest.ModuleMock).Hub + + go func() { + hub.SendEnvelope(containerMetricsEnvelope(containerMetrics{app: "1234", memory: 1024, cpupct: 12.34})) + }() + + events := mbtest.RunPushMetricSetV2(10*time.Second, 1, ms) + require.NotEmpty(t, events) + + expectedFields := common.MapStr{ + "cloudfoundry.app.id": "1234", + "cloudfoundry.container.cpu.pct": float64(12.34), + "cloudfoundry.container.disk.bytes": uint64(0), + "cloudfoundry.container.disk.quota.bytes": uint64(0), + "cloudfoundry.container.instance_index": int32(0), + "cloudfoundry.container.memory.bytes": uint64(1024), + "cloudfoundry.container.memory.quota.bytes": uint64(0), + "cloudfoundry.envelope.deployment": "test", + "cloudfoundry.envelope.index": "index", + "cloudfoundry.envelope.ip": "127.0.0.1", + "cloudfoundry.envelope.job": "test", + "cloudfoundry.envelope.origin": "test", + "cloudfoundry.type": "container", + } + require.Equal(t, expectedFields, events[0].RootFields.Flatten()) +} + +func TestMetricValuesAreNumbers(t *testing.T) { + logp.TestingSetup(logp.WithSelectors("cloudfoundry")) + + config := map[string]interface{}{ + "module": "cloudfoundrytest", + "client_id": "dummy", + "client_secret": "dummy", + "api_address": "dummy", + "shard_id": "dummy", + } + + ms := mbtest.NewPushMetricSetV2(t, config) + hub := ms.Module().(*mtest.ModuleMock).Hub + + go func() { + hub.SendEnvelope(containerMetricsEnvelope(containerMetrics{app: "0000", memory: 1024, cpupct: math.NaN()})) + hub.SendEnvelope(containerMetricsEnvelope(containerMetrics{app: "1234", memory: 1024, cpupct: 12.34})) + }() + + events := mbtest.RunPushMetricSetV2(10*time.Second, 2, ms) + require.NotEmpty(t, events) + + for _, e := range events { + memory, err := e.RootFields.GetValue("cloudfoundry.container.memory.bytes") + if assert.NoError(t, err, "checking memory") { + assert.Equal(t, uint64(1024), memory.(uint64)) + } + + app, err := e.RootFields.GetValue("cloudfoundry.app.id") + require.NoError(t, err, "getting app id") + + cpuPctKey := "cloudfoundry.container.cpu.pct" + switch app { + case "0000": + _, err := e.RootFields.GetValue(cpuPctKey) + require.Error(t, err, "non-numeric metric shouldn't be there") + case "1234": + v, err := e.RootFields.GetValue(cpuPctKey) + if assert.NoError(t, err, "checking cpu pct") { + assert.Equal(t, 12.34, v.(float64)) + } + default: + t.Errorf("unexpected app: %s", app) + } + } +} + +type containerMetrics struct { + app string + instance int32 + cpupct float64 + memory uint64 + disk uint64 + memoryQuota uint64 + diskQuota uint64 +} + +func containerMetricsEnvelope(metrics containerMetrics) *events.Envelope { + eventType := events.Envelope_ContainerMetric + origin := "test" + deployment := "test" + job := "test" + ip := "127.0.0.1" + index := "index" + timestamp := time.Now().Unix() + return &events.Envelope{ + EventType: &eventType, + Timestamp: ×tamp, + Origin: &origin, + Deployment: &deployment, + Job: &job, + Ip: &ip, + Index: &index, + ContainerMetric: &events.ContainerMetric{ + ApplicationId: &metrics.app, + InstanceIndex: &metrics.instance, + CpuPercentage: &metrics.cpupct, + MemoryBytes: &metrics.memory, + DiskBytes: &metrics.disk, + MemoryBytesQuota: &metrics.memoryQuota, + DiskBytesQuota: &metrics.diskQuota, + }, + } +} diff --git a/x-pack/metricbeat/module/cloudfoundry/counter/counter_test.go b/x-pack/metricbeat/module/cloudfoundry/counter/counter_test.go new file mode 100644 index 000000000000..a315709878e1 --- /dev/null +++ b/x-pack/metricbeat/module/cloudfoundry/counter/counter_test.go @@ -0,0 +1,96 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// +build !integration + +package counter + +import ( + "testing" + "time" + + "github.com/stretchr/testify/require" + + "github.com/cloudfoundry/sonde-go/events" + + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/metricbeat/mb" + "github.com/elastic/beats/v7/metricbeat/mb/parse" + mbtest "github.com/elastic/beats/v7/metricbeat/mb/testing" + "github.com/elastic/beats/v7/x-pack/metricbeat/module/cloudfoundry/mtest" +) + +func init() { + if err := mb.Registry.AddModule("cloudfoundrytest", mtest.NewModuleMock); err != nil { + panic(err) + } + mb.Registry.MustAddMetricSet("cloudfoundrytest", "test", newTestMetricSet, + mb.WithHostParser(parse.EmptyHostParser), + mb.DefaultMetricSet(), + ) +} + +func newTestMetricSet(base mb.BaseMetricSet) (mb.MetricSet, error) { + return New(base) +} + +func TestMetricSet(t *testing.T) { + logp.TestingSetup(logp.WithSelectors("cloudfoundry")) + + config := map[string]interface{}{ + "module": "cloudfoundrytest", + "client_id": "dummy", + "client_secret": "dummy", + "api_address": "dummy", + "shard_id": "dummy", + } + + ms := mbtest.NewPushMetricSetV2(t, config) + hub := ms.Module().(*mtest.ModuleMock).Hub + + go func() { + hub.SendEnvelope(counterMetricEnvelope("requests", 1234, 123)) + }() + + events := mbtest.RunPushMetricSetV2(10*time.Second, 1, ms) + require.NotEmpty(t, events) + + expectedFields := common.MapStr{ + "cloudfoundry.counter.delta": uint64(123), + "cloudfoundry.counter.name": "requests", + "cloudfoundry.counter.total": uint64(1234), + "cloudfoundry.envelope.deployment": "test", + "cloudfoundry.envelope.index": "index", + "cloudfoundry.envelope.ip": "127.0.0.1", + "cloudfoundry.envelope.job": "test", + "cloudfoundry.envelope.origin": "test", + "cloudfoundry.type": "counter", + } + require.Equal(t, expectedFields, events[0].RootFields.Flatten()) +} + +func counterMetricEnvelope(name string, total uint64, delta uint64) *events.Envelope { + eventType := events.Envelope_CounterEvent + origin := "test" + deployment := "test" + job := "test" + ip := "127.0.0.1" + index := "index" + timestamp := time.Now().Unix() + return &events.Envelope{ + EventType: &eventType, + Timestamp: ×tamp, + Origin: &origin, + Deployment: &deployment, + Job: &job, + Ip: &ip, + Index: &index, + CounterEvent: &events.CounterEvent{ + Name: &name, + Total: &total, + Delta: &delta, + }, + } +} diff --git a/x-pack/metricbeat/module/cloudfoundry/hub.go b/x-pack/metricbeat/module/cloudfoundry/hub.go new file mode 100644 index 000000000000..5057a7bdbc55 --- /dev/null +++ b/x-pack/metricbeat/module/cloudfoundry/hub.go @@ -0,0 +1,43 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package cloudfoundry + +import ( + "context" + + cfcommon "github.com/elastic/beats/v7/x-pack/libbeat/common/cloudfoundry" +) + +// DopplerConsumer is the interface that a Doppler Consumer must implement for the Cloud Foundry module. +type DopplerConsumer interface { + Run() + Stop() +} + +// RlpListener is the interface that a RLP listener must implement for the Cloud Foundry module. +type RlpListener interface { + Start(context.Context) + Stop() +} + +// CloudfoundryHub is the interface that a Hub must implement for the Cloud Foundry module. +type CloudfoundryHub interface { + DopplerConsumer(cfcommon.DopplerCallbacks) (DopplerConsumer, error) + RlpListener(cfcommon.RlpListenerCallbacks) (RlpListener, error) +} + +// HubAdapter adapt a cloudfoundry Hub to the hub expected by the metricbeat module. +// This adaptation is needed to return different but compatible types, so the Hub can be mocked. +type HubAdapter struct { + hub *cfcommon.Hub +} + +func (h *HubAdapter) DopplerConsumer(cbs cfcommon.DopplerCallbacks) (DopplerConsumer, error) { + return h.hub.DopplerConsumer(cbs) +} + +func (h *HubAdapter) RlpListener(cbs cfcommon.RlpListenerCallbacks) (RlpListener, error) { + return h.hub.RlpListener(cbs) +} diff --git a/x-pack/metricbeat/module/cloudfoundry/mtest/modulemock.go b/x-pack/metricbeat/module/cloudfoundry/mtest/modulemock.go new file mode 100644 index 000000000000..22b5260fd663 --- /dev/null +++ b/x-pack/metricbeat/module/cloudfoundry/mtest/modulemock.go @@ -0,0 +1,94 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package mtest + +import ( + "fmt" + + "github.com/cloudfoundry/sonde-go/events" + + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/metricbeat/mb" + cfcommon "github.com/elastic/beats/v7/x-pack/libbeat/common/cloudfoundry" + "github.com/elastic/beats/v7/x-pack/metricbeat/module/cloudfoundry" +) + +// ModuleMock is a Module with a mocked hub +type ModuleMock struct { + cloudfoundry.Module + + Hub *HubMock +} + +// NewModuleMock creates a mocked module. It contains a mocked hub that can be used to +// send envelopes for testing. +func NewModuleMock(base mb.BaseModule) (mb.Module, error) { + module := ModuleMock{} + factory := func(*cfcommon.Config, string, *logp.Logger) cloudfoundry.CloudfoundryHub { + if module.Hub == nil { + module.Hub = NewHubMock() + } + return module.Hub + } + m, err := cloudfoundry.NewModuleWithHubFactory(base, factory) + if err != nil { + return nil, err + } + + module.Module = m.(cloudfoundry.Module) + return &module, nil +} + +// HubMock is a mocked hub, it can be used to send envelopes for testing. +type HubMock struct { + envelopes chan *events.Envelope +} + +// NewHubMock creates a mocked hub, it cannot be shared between metricsets. +func NewHubMock() *HubMock { + return &HubMock{ + envelopes: make(chan *events.Envelope), + } +} + +// SendEnvelope is the main method to be used on testing, it sends an envelope through the hub. +func (h *HubMock) SendEnvelope(envelope *events.Envelope) { + h.envelopes <- envelope +} + +// DopplerConsumer creates a doppler consumer for testing, this consumer receives the events +// sent with `SendEnvelope()`. +func (h *HubMock) DopplerConsumer(cbs cfcommon.DopplerCallbacks) (cloudfoundry.DopplerConsumer, error) { + return &MockedDopplerConsumer{h, cbs}, nil +} + +// RlpListener creates a RLP listener for testing, this consumer receives the events +// sent with `SendEnvelope()`. +func (h *HubMock) RlpListener(cbs cfcommon.RlpListenerCallbacks) (cloudfoundry.RlpListener, error) { + return nil, fmt.Errorf("mocked hub doesn't support RLP yet: not implemented") +} + +// MokedDopplerConsumer is a mocked doppler consumer, it receives events sent through a mocked hub. +// It only supports the "Metrics" callback. +type MockedDopplerConsumer struct { + hub *HubMock + cbs cfcommon.DopplerCallbacks +} + +// Run runs the doppler consumer. +// Only supports the metrics callback, what is enough for Metricbeat. +// To generalize it a dispatching mechanism should be implemented. +func (c *MockedDopplerConsumer) Run() { + go func() { + for envelope := range c.hub.envelopes { + c.cbs.Metric(cfcommon.EnvelopeToEvent(envelope)) + } + }() +} + +// Stop stops the doppler consumer and the hub it uses. +func (c *MockedDopplerConsumer) Stop() { + close(c.hub.envelopes) +} diff --git a/x-pack/metricbeat/module/cloudfoundry/util.go b/x-pack/metricbeat/module/cloudfoundry/util.go new file mode 100644 index 000000000000..4775ac539beb --- /dev/null +++ b/x-pack/metricbeat/module/cloudfoundry/util.go @@ -0,0 +1,27 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package cloudfoundry + +import ( + "fmt" + "math" + + "github.com/elastic/beats/v7/libbeat/common" +) + +// HasNonNumericFloat checks if an event has a non-numeric float in the specific key. +// It returns false and an error if the key cannot be found in the event +func HasNonNumericFloat(event common.MapStr, key string) (bool, error) { + v, err := event.GetValue(key) + if err != nil { + return false, fmt.Errorf("getting value for key %s: %w", key, err) + } + + if v, ok := v.(float64); ok && (math.IsNaN(v) || math.IsInf(v, 0)) { + return true, nil + } + + return false, nil +} diff --git a/x-pack/metricbeat/module/cloudfoundry/util_test.go b/x-pack/metricbeat/module/cloudfoundry/util_test.go new file mode 100644 index 000000000000..3570607707f5 --- /dev/null +++ b/x-pack/metricbeat/module/cloudfoundry/util_test.go @@ -0,0 +1,70 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package cloudfoundry + +import ( + "math" + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/libbeat/common" +) + +func TestHasNonNumericFloat(t *testing.T) { + type caseKey struct { + key string + expectedFound bool + expectedErr bool + } + cases := []struct { + title string + event common.MapStr + keys []caseKey + }{ + { + title: "Empty event", + event: common.MapStr{}, + keys: []caseKey{ + {"", false, true}, + {"somekey", false, true}, + }, + }, + { + title: "Event with non-numeric values", + event: common.MapStr{ + "someobject": common.MapStr{ + "inf": math.Inf(1), + "nan": math.NaN(), + "number": int64(42), + "float": float64(42), + }, + }, + keys: []caseKey{ + {"", false, true}, + {"someobject", false, false}, + {"someobject.inf", true, false}, + {"someobject.nan", true, false}, + {"someobject.number", false, false}, + {"someobject.float", false, false}, + {"someobject.notexists", false, true}, + }, + }, + } + + for _, c := range cases { + for _, k := range c.keys { + t.Run(c.title+"/"+k.key, func(t *testing.T) { + found, err := HasNonNumericFloat(c.event, k.key) + assert.Equal(t, k.expectedFound, found, "key has numeric float") + if k.expectedErr { + assert.Error(t, err) + } else { + assert.NoError(t, err) + } + }) + } + } +} diff --git a/x-pack/metricbeat/module/cloudfoundry/v1.go b/x-pack/metricbeat/module/cloudfoundry/v1.go index 7d9daf24673f..db7f6b500fa5 100644 --- a/x-pack/metricbeat/module/cloudfoundry/v1.go +++ b/x-pack/metricbeat/module/cloudfoundry/v1.go @@ -17,13 +17,13 @@ type ModuleV1 struct { log *logp.Logger running atomic.Bool - consumer *cfcommon.DopplerConsumer + consumer DopplerConsumer events chan cfcommon.Event subscriptions chan subscription } -func newModuleV1(base mb.BaseModule, hub *cfcommon.Hub, log *logp.Logger) (*ModuleV1, error) { +func newModuleV1(base mb.BaseModule, hub CloudfoundryHub, log *logp.Logger) (*ModuleV1, error) { m := ModuleV1{ BaseModule: base, log: log, diff --git a/x-pack/metricbeat/module/cloudfoundry/v2.go b/x-pack/metricbeat/module/cloudfoundry/v2.go index 5cf7de6c103e..d2987f3c4013 100644 --- a/x-pack/metricbeat/module/cloudfoundry/v2.go +++ b/x-pack/metricbeat/module/cloudfoundry/v2.go @@ -18,8 +18,8 @@ type ModuleV2 struct { log *logp.Logger - hub *cfcommon.Hub - listener *cfcommon.RlpListener + hub CloudfoundryHub + listener RlpListener listenerLock sync.Mutex counterReporter mb.PushReporterV2 @@ -27,7 +27,7 @@ type ModuleV2 struct { containerReporter mb.PushReporterV2 } -func newModuleV2(base mb.BaseModule, hub *cfcommon.Hub, log *logp.Logger) (mb.Module, error) { +func newModuleV2(base mb.BaseModule, hub CloudfoundryHub, log *logp.Logger) (mb.Module, error) { // early check that listener can be created _, err := hub.RlpListener(cfcommon.RlpListenerCallbacks{}) if err != nil { diff --git a/x-pack/metricbeat/module/cloudfoundry/value/value.go b/x-pack/metricbeat/module/cloudfoundry/value/value.go index 55cb6ca689ac..de2b3d60a694 100644 --- a/x-pack/metricbeat/module/cloudfoundry/value/value.go +++ b/x-pack/metricbeat/module/cloudfoundry/value/value.go @@ -7,9 +7,9 @@ package value import ( "fmt" - "github.com/elastic/beats/v7/x-pack/metricbeat/module/cloudfoundry" - + "github.com/elastic/beats/v7/libbeat/logp" "github.com/elastic/beats/v7/metricbeat/mb" + "github.com/elastic/beats/v7/x-pack/metricbeat/module/cloudfoundry" ) // init registers the MetricSet with the central registry. @@ -41,5 +41,23 @@ func New(base mb.BaseMetricSet) (mb.MetricSet, error) { // Run method provides the module with a reporter with which events can be reported. func (m *MetricSet) Run(reporter mb.PushReporterV2) { - m.mod.RunValueReporter(reporter) + m.mod.RunValueReporter(&valueReporter{reporter, m.Logger()}) +} + +type valueReporter struct { + mb.PushReporterV2 + + logger *logp.Logger +} + +func (r *valueReporter) Event(event mb.Event) bool { + found, err := cloudfoundry.HasNonNumericFloat(event.RootFields, "cloudfoundry.value.value") + if err != nil { + r.logger.Debugf("Unexpected failure while checking for non-numeric values: %v", err) + } + if found { + r.logger.Debugf("Ignored event with float value that is not a number: %+v", event) + return true + } + return r.PushReporterV2.Event(event) } diff --git a/x-pack/metricbeat/module/cloudfoundry/value/value_test.go b/x-pack/metricbeat/module/cloudfoundry/value/value_test.go new file mode 100644 index 000000000000..2003388e2283 --- /dev/null +++ b/x-pack/metricbeat/module/cloudfoundry/value/value_test.go @@ -0,0 +1,131 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// +build !integration + +package value + +import ( + "math" + "testing" + "time" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/cloudfoundry/sonde-go/events" + + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/metricbeat/mb" + "github.com/elastic/beats/v7/metricbeat/mb/parse" + mbtest "github.com/elastic/beats/v7/metricbeat/mb/testing" + "github.com/elastic/beats/v7/x-pack/metricbeat/module/cloudfoundry/mtest" +) + +func init() { + if err := mb.Registry.AddModule("cloudfoundrytest", mtest.NewModuleMock); err != nil { + panic(err) + } + mb.Registry.MustAddMetricSet("cloudfoundrytest", "test", newTestMetricSet, + mb.WithHostParser(parse.EmptyHostParser), + mb.DefaultMetricSet(), + ) +} + +func newTestMetricSet(base mb.BaseMetricSet) (mb.MetricSet, error) { + return New(base) +} + +func TestMetricSet(t *testing.T) { + logp.TestingSetup(logp.WithSelectors("cloudfoundry")) + + config := map[string]interface{}{ + "module": "cloudfoundrytest", + "client_id": "dummy", + "client_secret": "dummy", + "api_address": "dummy", + "shard_id": "dummy", + } + + ms := mbtest.NewPushMetricSetV2(t, config) + hub := ms.Module().(*mtest.ModuleMock).Hub + + go func() { + hub.SendEnvelope(valueMetricEnvelope("duration", 12.34, "ms")) + }() + + events := mbtest.RunPushMetricSetV2(10*time.Second, 1, ms) + require.NotEmpty(t, events) + + expectedFields := common.MapStr{ + "cloudfoundry.envelope.deployment": "test", + "cloudfoundry.envelope.index": "index", + "cloudfoundry.envelope.ip": "127.0.0.1", + "cloudfoundry.envelope.job": "test", + "cloudfoundry.envelope.origin": "test", + "cloudfoundry.type": "value", + "cloudfoundry.value.name": "duration", + "cloudfoundry.value.unit": "ms", + "cloudfoundry.value.value": float64(12.34), + } + require.Equal(t, expectedFields, events[0].RootFields.Flatten()) +} + +func TestValuesAreNumbers(t *testing.T) { + logp.TestingSetup(logp.WithSelectors("cloudfoundry")) + + config := map[string]interface{}{ + "module": "cloudfoundrytest", + "client_id": "dummy", + "client_secret": "dummy", + "api_address": "dummy", + "shard_id": "dummy", + } + + ms := mbtest.NewPushMetricSetV2(t, config) + hub := ms.Module().(*mtest.ModuleMock).Hub + + go func() { + hub.SendEnvelope(valueMetricEnvelope("duration", math.NaN(), "ms")) + hub.SendEnvelope(valueMetricEnvelope("duration", 12.34, "ms")) + hub.SendEnvelope(valueMetricEnvelope("duration", math.Inf(1), "ms")) + hub.SendEnvelope(valueMetricEnvelope("duration", 34.56, "ms")) + }() + + events := mbtest.RunPushMetricSetV2(10*time.Second, 2, ms) + require.NotEmpty(t, events) + + for _, e := range events { + value, err := e.RootFields.GetValue("cloudfoundry.value.value") + if assert.NoError(t, err) { + assert.False(t, math.IsNaN(value.(float64))) + assert.False(t, math.IsInf(value.(float64), 0)) + } + } +} + +func valueMetricEnvelope(name string, value float64, unit string) *events.Envelope { + eventType := events.Envelope_ValueMetric + origin := "test" + deployment := "test" + job := "test" + ip := "127.0.0.1" + index := "index" + timestamp := time.Now().Unix() + return &events.Envelope{ + EventType: &eventType, + Timestamp: ×tamp, + Origin: &origin, + Deployment: &deployment, + Job: &job, + Ip: &ip, + Index: &index, + ValueMetric: &events.ValueMetric{ + Name: &name, + Value: &value, + Unit: &unit, + }, + } +} From 144e94b408cb998d1d5c4bf0ca726a2564c95759 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20Fern=C3=A1ndez=20Haro?= Date: Wed, 25 Nov 2020 13:15:36 +0100 Subject: [PATCH 23/41] [Metricbeat/Kibana/stats] Enforce `exclude_usage=true` (#22732) --- CHANGELOG.next.asciidoc | 1 + metricbeat/module/kibana/stats/stats.go | 45 ++++---------- metricbeat/module/kibana/stats/stats_test.go | 65 ++++++++------------ 3 files changed, 36 insertions(+), 75 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index b2a7a61004e9..fc4a7096d2df 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -854,6 +854,7 @@ same journal. {pull}18467[18467] - Add connection and route metricsets for nats metricbeat module to collect metrics per connection/route. {pull}22445[22445] - Add unit file states to system/service {pull}22557[22557] - Add io.ops in fields exported by system.diskio. {pull}22066[22066] +- `kibana` module: `stats` metricset no-longer collects usage-related data. {pull}22732[22732] *Packetbeat* diff --git a/metricbeat/module/kibana/stats/stats.go b/metricbeat/module/kibana/stats/stats.go index a6e19d50f42c..0335e814fd4a 100644 --- a/metricbeat/module/kibana/stats/stats.go +++ b/metricbeat/module/kibana/stats/stats.go @@ -19,7 +19,6 @@ package stats import ( "fmt" - "strconv" "strings" "time" @@ -38,10 +37,8 @@ func init() { } const ( - statsPath = "api/stats" - settingsPath = "api/settings" - usageCollectionPeriod = 24 * time.Hour - usageCollectionBackoff = 1 * time.Hour + statsPath = "api/stats" + settingsPath = "api/settings" ) var ( @@ -55,11 +52,9 @@ var ( // MetricSet type defines all fields of the MetricSet type MetricSet struct { *kibana.MetricSet - statsHTTP *helper.HTTP - settingsHTTP *helper.HTTP - usageLastCollectedOn time.Time - usageNextCollectOn time.Time - isUsageExcludable bool + statsHTTP *helper.HTTP + settingsHTTP *helper.HTTP + isUsageExcludable bool } // New create a new instance of the MetricSet @@ -157,31 +152,17 @@ func (m *MetricSet) fetchStats(r mb.ReporterV2, now time.Time) error { var content []byte var err error - // Collect usage stats only once every usageCollectionPeriod + // Add exclude_usage=true if the Kibana Version supports it if m.isUsageExcludable { origURI := m.statsHTTP.GetURI() defer m.statsHTTP.SetURI(origURI) - shouldCollectUsage := m.shouldCollectUsage(now) - m.statsHTTP.SetURI(origURI + "&exclude_usage=" + strconv.FormatBool(!shouldCollectUsage)) - - content, err = m.statsHTTP.FetchContent() - if err != nil { - if shouldCollectUsage { - // When errored in collecting the usage stats it may be counterproductive to try again on the next poll, try to collect the stats again after usageCollectionBackoff - m.usageNextCollectOn = now.Add(usageCollectionBackoff) - } - return err - } + m.statsHTTP.SetURI(origURI + "&exclude_usage=true") + } - if shouldCollectUsage { - m.usageLastCollectedOn = now - } - } else { - content, err = m.statsHTTP.FetchContent() - if err != nil { - return err - } + content, err = m.statsHTTP.FetchContent() + if err != nil { + return err } if m.XPackEnabled { @@ -219,7 +200,3 @@ func (m *MetricSet) fetchSettings(r mb.ReporterV2, now time.Time) { func (m *MetricSet) calculateIntervalMs() int64 { return m.Module().Config().Period.Nanoseconds() / 1000 / 1000 } - -func (m *MetricSet) shouldCollectUsage(now time.Time) bool { - return now.Sub(m.usageLastCollectedOn) > usageCollectionPeriod && now.Sub(m.usageNextCollectOn) > 0 -} diff --git a/metricbeat/module/kibana/stats/stats_test.go b/metricbeat/module/kibana/stats/stats_test.go index 56cbfc17e1f2..a7b76603352e 100644 --- a/metricbeat/module/kibana/stats/stats_test.go +++ b/metricbeat/module/kibana/stats/stats_test.go @@ -23,7 +23,6 @@ import ( "net/http" "net/http/httptest" "testing" - "time" "github.com/stretchr/testify/require" @@ -31,7 +30,7 @@ import ( "github.com/elastic/beats/v7/metricbeat/module/kibana/mtest" ) -func TestFetchUsage(t *testing.T) { +func TestFetchExcludeUsage(t *testing.T) { // Spin up mock Kibana server numStatsRequests := 0 kib := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { @@ -45,17 +44,15 @@ func TestFetchUsage(t *testing.T) { // Make GET /api/stats return 503 for first call, 200 for subsequent calls switch numStatsRequests { case 0: // first call - require.Equal(t, "false", excludeUsage) + require.Equal(t, "true", excludeUsage) // exclude_usage is always true w.WriteHeader(503) case 1: // second call - // Make sure exclude_usage is true since first call failed and it should not try again until usageCollectionBackoff time has passed - require.Equal(t, "true", excludeUsage) + require.Equal(t, "true", excludeUsage) // exclude_usage is always true w.WriteHeader(200) case 2: // third call - // Make sure exclude_usage is still true - require.Equal(t, "true", excludeUsage) + require.Equal(t, "true", excludeUsage) // exclude_usage is always true w.WriteHeader(200) } @@ -78,39 +75,25 @@ func TestFetchUsage(t *testing.T) { mbtest.ReportingFetchV2Error(f) } -func TestShouldCollectUsage(t *testing.T) { - now := time.Now() - - cases := map[string]struct { - usageLastCollectedOn time.Time - usageNextCollectOn time.Time - expectedResult bool - }{ - "within_usage_collection_period": { - usageLastCollectedOn: now.Add(-1 * usageCollectionPeriod), - expectedResult: false, - }, - "after_usage_collection_period_but_before_next_scheduled_collection": { - usageLastCollectedOn: now.Add(-2 * usageCollectionPeriod), - usageNextCollectOn: now.Add(3 * time.Hour), - expectedResult: false, - }, - "after_usage_collection_period_and_after_next_scheduled_collection": { - usageLastCollectedOn: now.Add(-2 * usageCollectionPeriod), - usageNextCollectOn: now.Add(-1 * time.Hour), - expectedResult: true, - }, - } - - for name, test := range cases { - t.Run(name, func(t *testing.T) { - m := MetricSet{ - usageLastCollectedOn: test.usageLastCollectedOn, - usageNextCollectOn: test.usageNextCollectOn, - } +func TestFetchNoExcludeUsage(t *testing.T) { + // Spin up mock Kibana server + kib := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/api/status": + w.Write([]byte("{ \"version\": { \"number\": \"7.0.0\" }}")) // v7.0.0 does not support exclude_usage and should not be sent - actualResult := m.shouldCollectUsage(now) - require.Equal(t, test.expectedResult, actualResult) - }) - } + case "/api/stats": + excludeUsage := r.FormValue("exclude_usage") + require.Empty(t, excludeUsage) // exclude_usage should not be provided + w.WriteHeader(200) + } + })) + defer kib.Close() + + config := mtest.GetConfig("stats", kib.URL, true) + + f := mbtest.NewReportingMetricSetV2Error(t, config) + + // First fetch + mbtest.ReportingFetchV2Error(f) } From 113703276df1471ac05cf6ab487d01a40a0ce92f Mon Sep 17 00:00:00 2001 From: Chris Mark Date: Thu, 26 Nov 2020 10:42:45 +0200 Subject: [PATCH 24/41] Fix k8s watcher issue when node access to list nodes and ns (#22714) --- libbeat/autodiscover/providers/kubernetes/pod.go | 4 ++-- libbeat/common/kubernetes/metadata/metadata.go | 9 +++++++-- .../add_kubernetes_metadata/kubernetes.go | 16 ++++++++++------ 3 files changed, 19 insertions(+), 10 deletions(-) diff --git a/libbeat/autodiscover/providers/kubernetes/pod.go b/libbeat/autodiscover/providers/kubernetes/pod.go index 425459308845..6e96666161f1 100644 --- a/libbeat/autodiscover/providers/kubernetes/pod.go +++ b/libbeat/autodiscover/providers/kubernetes/pod.go @@ -88,13 +88,13 @@ func NewPodEventer(uuid uuid.UUID, cfg *common.Config, client k8s.Interface, pub } nodeWatcher, err := kubernetes.NewWatcher(client, &kubernetes.Node{}, options, nil) if err != nil { - return nil, fmt.Errorf("couldn't create watcher for %T due to error %+v", &kubernetes.Node{}, err) + logger.Errorf("couldn't create watcher for %T due to error %+v", &kubernetes.Node{}, err) } namespaceWatcher, err := kubernetes.NewWatcher(client, &kubernetes.Namespace{}, kubernetes.WatchOptions{ SyncTimeout: config.SyncPeriod, }, nil) if err != nil { - return nil, fmt.Errorf("couldn't create watcher for %T due to error %+v", &kubernetes.Namespace{}, err) + logger.Errorf("couldn't create watcher for %T due to error %+v", &kubernetes.Namespace{}, err) } metaGen := metadata.GetPodMetaGen(cfg, watcher, nodeWatcher, namespaceWatcher, metaConf) diff --git a/libbeat/common/kubernetes/metadata/metadata.go b/libbeat/common/kubernetes/metadata/metadata.go index cf1ae9452485..e1cbd0e86293 100644 --- a/libbeat/common/kubernetes/metadata/metadata.go +++ b/libbeat/common/kubernetes/metadata/metadata.go @@ -60,8 +60,13 @@ func GetPodMetaGen( namespaceWatcher kubernetes.Watcher, metaConf *AddResourceMetadataConfig) MetaGen { - nodeMetaGen := NewNodeMetadataGenerator(metaConf.Node, nodeWatcher.Store()) - namespaceMetaGen := NewNamespaceMetadataGenerator(metaConf.Namespace, namespaceWatcher.Store()) + var nodeMetaGen, namespaceMetaGen MetaGen + if nodeWatcher != nil { + nodeMetaGen = NewNodeMetadataGenerator(metaConf.Node, nodeWatcher.Store()) + } + if namespaceWatcher != nil { + namespaceMetaGen = NewNamespaceMetadataGenerator(metaConf.Namespace, namespaceWatcher.Store()) + } metaGen := NewPodMetadataGenerator(cfg, podWatcher.Store(), nodeMetaGen, namespaceMetaGen) return metaGen diff --git a/libbeat/processors/add_kubernetes_metadata/kubernetes.go b/libbeat/processors/add_kubernetes_metadata/kubernetes.go index 90d4b393d65a..2ca864a5bcfa 100644 --- a/libbeat/processors/add_kubernetes_metadata/kubernetes.go +++ b/libbeat/processors/add_kubernetes_metadata/kubernetes.go @@ -220,13 +220,17 @@ func (k *kubernetesAnnotator) init(config kubeAnnotatorConfig, cfg *common.Confi // NOTE: order is important here since pod meta will include node meta and hence node.Store() should // be populated before trying to generate metadata for Pods. - if err := nodeWatcher.Start(); err != nil { - k.log.Debugf("add_kubernetes_metadata", "Couldn't start node watcher: %v", err) - return + if nodeWatcher != nil { + if err := nodeWatcher.Start(); err != nil { + k.log.Debugf("add_kubernetes_metadata", "Couldn't start node watcher: %v", err) + return + } } - if err := namespaceWatcher.Start(); err != nil { - k.log.Debugf("add_kubernetes_metadata", "Couldn't start namespace watcher: %v", err) - return + if namespaceWatcher != nil { + if err := namespaceWatcher.Start(); err != nil { + k.log.Debugf("add_kubernetes_metadata", "Couldn't start namespace watcher: %v", err) + return + } } if err := watcher.Start(); err != nil { k.log.Debugf("add_kubernetes_metadata", "Couldn't start pod watcher: %v", err) From cc95cdaa03c4ccfcf091b8618af439a78308ed09 Mon Sep 17 00:00:00 2001 From: Brandon Morelli Date: Thu, 26 Nov 2020 01:26:23 -0800 Subject: [PATCH 25/41] Missing `>` (#22763) (#22766) Co-authored-by: Dan Roscigno --- filebeat/docs/howto/howto.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/filebeat/docs/howto/howto.asciidoc b/filebeat/docs/howto/howto.asciidoc index 14675aae3cab..bd4774940b2d 100644 --- a/filebeat/docs/howto/howto.asciidoc +++ b/filebeat/docs/howto/howto.asciidoc @@ -5,7 +5,7 @@ -- Learn how to perform common {beatname_uc} configuration tasks. -* < +* <> * <<{beatname_lc}-template>> * <> * <> From 6106aa7c568aa2bc57b6eec6c42dc53b11e28587 Mon Sep 17 00:00:00 2001 From: Steffen Siering Date: Thu, 26 Nov 2020 15:01:01 +0100 Subject: [PATCH 26/41] Skip flaky winlogbeat test on Windows-7 (#22754) --- winlogbeat/tests/system/test_wineventlog.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/winlogbeat/tests/system/test_wineventlog.py b/winlogbeat/tests/system/test_wineventlog.py index 363e90edbd25..8b06841ff708 100644 --- a/winlogbeat/tests/system/test_wineventlog.py +++ b/winlogbeat/tests/system/test_wineventlog.py @@ -1,5 +1,6 @@ import codecs import os +import platform import sys import time import unittest @@ -250,6 +251,8 @@ def test_query_level_multiple(self): self.assertEqual(evts[0]["log.level"], "error") self.assertEqual(evts[1]["log.level"], "warning") + @unittest.skipIf(platform.platform().startswith("Windows-7"), + "Flaky test: https://github.com/elastic/beats/issues/22753") def test_query_ignore_older(self): """ wineventlog - Query by time (ignore_older than 2s) From 50c17459fbf799ab3a5872dd417cb953a1031d45 Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Sat, 28 Nov 2020 08:15:50 -0700 Subject: [PATCH 27/41] Fix export dashboard command from Elastic Cloud (#22746) * Update kibana config to include username and password * Remove return error from InitKibanaConfig function --- CHANGELOG-developer.next.asciidoc | 3 ++- libbeat/cmd/export/dashboard.go | 8 +++++++- libbeat/cmd/instance/beat.go | 9 +++------ libbeat/cmd/instance/beat_test.go | 3 +-- 4 files changed, 13 insertions(+), 10 deletions(-) diff --git a/CHANGELOG-developer.next.asciidoc b/CHANGELOG-developer.next.asciidoc index 0756e36fdf53..edec465f8542 100644 --- a/CHANGELOG-developer.next.asciidoc +++ b/CHANGELOG-developer.next.asciidoc @@ -57,6 +57,7 @@ The list below covers the major changes between 7.0.0-rc2 and master only. - Stop using `mage:import` in community beats. This was ignoring the vendorized beats directory for some mage targets, using the code available in GOPATH, this causes inconsistencies and compilation problems if the version of the code in the GOPATH is different to the vendored one. Use of `mage:import` will continue to be unsupported in custom beats till beats is migrated to go modules, or mage supports vendored dependencies. {issue}13998[13998] {pull}14162[14162] - Metricbeat module builders call host parser only once when instantiating light modules. {pull}20149[20149] +- Fix export dashboard command when running against Elastic Cloud hosted Kibana. {pull}22746[22746] ==== Added @@ -102,4 +103,4 @@ The list below covers the major changes between 7.0.0-rc2 and master only. - Update Go version to 1.14.7. {pull}20508[20508] - Add packaging for docker image based on UBI minimal 8. {pull}20576[20576] - Make the mage binary used by the build process in the docker container to be statically compiled. {pull}20827[20827] -- Update ecszap to v0.3.0 for using ECS 1.6.0 in logs {pull}22267[22267] \ No newline at end of file +- Update ecszap to v0.3.0 for using ECS 1.6.0 in logs {pull}22267[22267] diff --git a/libbeat/cmd/export/dashboard.go b/libbeat/cmd/export/dashboard.go index 9cd63f03366b..5d3a782f1ad6 100644 --- a/libbeat/cmd/export/dashboard.go +++ b/libbeat/cmd/export/dashboard.go @@ -49,7 +49,13 @@ func GenDashboardCmd(settings instance.Settings) *cobra.Command { b.Config.Kibana = common.NewConfig() } - client, err := kibana.NewKibanaClient(b.Config.Kibana) + // Initialize kibana config. If username and password is set in + // elasticsearch output config but not in kibana, initKibanaConfig + // will attach the username and password into kibana config as a + // part of the initialization. + initConfig := instance.InitKibanaConfig(b.Config) + + client, err := kibana.NewKibanaClient(initConfig) if err != nil { fatalf("Error creating Kibana client: %+v.\n", err) } diff --git a/libbeat/cmd/instance/beat.go b/libbeat/cmd/instance/beat.go index b873ddebf953..0ec0bacc7692 100644 --- a/libbeat/cmd/instance/beat.go +++ b/libbeat/cmd/instance/beat.go @@ -774,10 +774,7 @@ func (b *Beat) loadDashboards(ctx context.Context, force bool) error { // Initialize kibana config. If username and password is set in elasticsearch output config but not in kibana, // initKibanaConfig will attach the username and password into kibana config as a part of the initialization. - kibanaConfig, err := initKibanaConfig(b.Config) - if err != nil { - return fmt.Errorf("error initKibanaConfig: %v", err) - } + kibanaConfig := InitKibanaConfig(b.Config) client, err := kibana.NewKibanaClient(kibanaConfig) if err != nil { @@ -1041,7 +1038,7 @@ func LoadKeystore(cfg *common.Config, name string) (keystore.Keystore, error) { return keystore.Factory(keystoreCfg, defaultPathConfig) } -func initKibanaConfig(beatConfig beatConfig) (*common.Config, error) { +func InitKibanaConfig(beatConfig beatConfig) *common.Config { var esConfig *common.Config if beatConfig.Output.Name() == "elasticsearch" { esConfig = beatConfig.Output.Config() @@ -1064,7 +1061,7 @@ func initKibanaConfig(beatConfig beatConfig) (*common.Config, error) { kibanaConfig.SetString("password", -1, password) } } - return kibanaConfig, nil + return kibanaConfig } func initPaths(cfg *common.Config) error { diff --git a/libbeat/cmd/instance/beat_test.go b/libbeat/cmd/instance/beat_test.go index e302bed17116..a0db00c853c8 100644 --- a/libbeat/cmd/instance/beat_test.go +++ b/libbeat/cmd/instance/beat_test.go @@ -82,8 +82,7 @@ func TestInitKibanaConfig(t *testing.T) { err = cfg.Unpack(&b.Config) assert.NoError(t, err) - kibanaConfig, err := initKibanaConfig(b.Config) - assert.NoError(t, err) + kibanaConfig := InitKibanaConfig(b.Config) username, err := kibanaConfig.String("username", -1) password, err := kibanaConfig.String("password", -1) protocol, err := kibanaConfig.String("protocol", -1) From 3a1d1aee6d2f144fbf57f16713f870972169a73b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Mon, 30 Nov 2020 14:23:13 +0100 Subject: [PATCH 28/41] Add support for reading from UNIX datagram sockets (#22699) ## What does this PR do? This PR adds support for reading from UNIX datagram sockets both from the `unix` input and the `syslog` input. A new option is added to select the type of the socket named `socket_type`. Available options are: `stream` and `datagram`. ## Why is it important? A few applications which send logs over Unix sockets, use datagrams not streams. From now on, Filebeat can accept input from these applications as well. Closes #18632 --- CHANGELOG.next.asciidoc | 1 + .../inputs/input-common-unix-options.asciidoc | 9 +- filebeat/input/syslog/config.go | 33 ++- filebeat/input/tcp/input.go | 6 +- filebeat/input/unix/config.go | 6 +- filebeat/input/unix/input.go | 22 +- filebeat/inputsource/common/dgram/handler.go | 102 +++++++++ filebeat/inputsource/common/dgram/server.go | 131 +++++++++++ .../common/{ => streaming}/config.go | 2 +- .../common/{ => streaming}/conn.go | 2 +- .../common/{ => streaming}/conn_test.go | 2 +- .../common/{ => streaming}/handler.go | 6 +- .../common/{ => streaming}/listener.go | 30 +-- .../common/{ => streaming}/scan.go | 2 +- .../common/{ => streaming}/scan_test.go | 2 +- filebeat/inputsource/family.go | 36 +++ filebeat/inputsource/tcp/server.go | 9 +- filebeat/inputsource/tcp/server_test.go | 30 +-- filebeat/inputsource/udp/server.go | 121 ++-------- filebeat/inputsource/udp/server_test.go | 2 +- filebeat/inputsource/unix/config.go | 43 +++- filebeat/inputsource/unix/config_test.go | 65 ++++++ filebeat/inputsource/unix/server.go | 149 ++++++------ filebeat/inputsource/unix/server_test.go | 213 ++++++++++-------- filebeat/inputsource/unix/socket.go | 95 ++++++++ filebeat/tests/system/test_syslog.py | 91 ++++++-- filebeat/tests/system/test_unix.py | 62 ++++- 27 files changed, 880 insertions(+), 392 deletions(-) create mode 100644 filebeat/inputsource/common/dgram/handler.go create mode 100644 filebeat/inputsource/common/dgram/server.go rename filebeat/inputsource/common/{ => streaming}/config.go (98%) rename filebeat/inputsource/common/{ => streaming}/conn.go (99%) rename filebeat/inputsource/common/{ => streaming}/conn_test.go (99%) rename filebeat/inputsource/common/{ => streaming}/handler.go (92%) rename filebeat/inputsource/common/{ => streaming}/listener.go (89%) rename filebeat/inputsource/common/{ => streaming}/scan.go (98%) rename filebeat/inputsource/common/{ => streaming}/scan_test.go (99%) create mode 100644 filebeat/inputsource/family.go create mode 100644 filebeat/inputsource/unix/config_test.go create mode 100644 filebeat/inputsource/unix/socket.go diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index fc4a7096d2df..2839e40f5280 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -731,6 +731,7 @@ from being added to events by default. {pull}18159[18159] - Added `event.ingested` field to data from the Netflow module. {pull}22412[22412] - Improve panw ECS url fields mapping. {pull}22481[22481] - Improve Nats filebeat dashboard. {pull}22726[22726] +- Add support for UNIX datagram sockets in `unix` input. {issues}18632[18632] {pull}22699[22699] *Heartbeat* diff --git a/filebeat/docs/inputs/input-common-unix-options.asciidoc b/filebeat/docs/inputs/input-common-unix-options.asciidoc index f73278944a66..9f97d84017e5 100644 --- a/filebeat/docs/inputs/input-common-unix-options.asciidoc +++ b/filebeat/docs/inputs/input-common-unix-options.asciidoc @@ -14,7 +14,14 @@ The maximum size of the message received over the socket. The default is `20MiB` [id="{beatname_lc}-input-{type}-unix-path"] ==== `path` -The path to the Unix socket that will receive event streams. +The path to the Unix socket that will receive events. + +[float] +[id="{beatname_lc}-input-{type}-unix-socket-type"] +==== `socket_type` + +The type to of the Unix socket that will receive events. Valid values +are `stream` and `datagram`. The default is `stream`. [float] [id="{beatname_lc}-input-{type}-unix-group"] diff --git a/filebeat/input/syslog/config.go b/filebeat/input/syslog/config.go index ff009bfb1dd0..ff97abd8e149 100644 --- a/filebeat/input/syslog/config.go +++ b/filebeat/input/syslog/config.go @@ -25,7 +25,7 @@ import ( "github.com/elastic/beats/v7/filebeat/harvester" "github.com/elastic/beats/v7/filebeat/inputsource" - netcommon "github.com/elastic/beats/v7/filebeat/inputsource/common" + "github.com/elastic/beats/v7/filebeat/inputsource/common/streaming" "github.com/elastic/beats/v7/filebeat/inputsource/tcp" "github.com/elastic/beats/v7/filebeat/inputsource/udp" "github.com/elastic/beats/v7/filebeat/inputsource/unix" @@ -59,16 +59,17 @@ var defaultTCP = syslogTCP{ } type syslogUnix struct { - unix.Config `config:",inline"` - LineDelimiter string `config:"line_delimiter" validate:"nonzero"` + unix.Config `config:",inline"` } -var defaultUnix = syslogUnix{ - Config: unix.Config{ - Timeout: time.Minute * 5, - MaxMessageSize: 20 * humanize.MiByte, - }, - LineDelimiter: "\n", +func defaultUnix() syslogUnix { + return syslogUnix{ + Config: unix.Config{ + Timeout: time.Minute * 5, + MaxMessageSize: 20 * humanize.MiByte, + LineDelimiter: "\n", + }, + } } var defaultUDP = udp.Config{ @@ -89,32 +90,26 @@ func factory( return nil, err } - splitFunc := netcommon.SplitFunc([]byte(config.LineDelimiter)) + splitFunc := streaming.SplitFunc([]byte(config.LineDelimiter)) if splitFunc == nil { return nil, fmt.Errorf("error creating splitFunc from delimiter %s", config.LineDelimiter) } logger := logp.NewLogger("input.syslog.tcp").With("address", config.Config.Host) - factory := netcommon.SplitHandlerFactory(netcommon.FamilyTCP, logger, tcp.MetadataCallback, nf, splitFunc) + factory := streaming.SplitHandlerFactory(inputsource.FamilyTCP, logger, tcp.MetadataCallback, nf, splitFunc) return tcp.New(&config.Config, factory) case unix.Name: cfgwarn.Beta("Syslog Unix socket support is beta.") - config := defaultUnix + config := defaultUnix() if err := cfg.Unpack(&config); err != nil { return nil, err } - splitFunc := netcommon.SplitFunc([]byte(config.LineDelimiter)) - if splitFunc == nil { - return nil, fmt.Errorf("error creating splitFunc from delimiter %s", config.LineDelimiter) - } - logger := logp.NewLogger("input.syslog.unix").With("path", config.Config.Path) - factory := netcommon.SplitHandlerFactory(netcommon.FamilyUnix, logger, unix.MetadataCallback, nf, splitFunc) - return unix.New(&config.Config, factory) + return unix.New(logger, &config.Config, nf) case udp.Name: config := defaultUDP diff --git a/filebeat/input/tcp/input.go b/filebeat/input/tcp/input.go index 96c6ce990222..598650d2a9ce 100644 --- a/filebeat/input/tcp/input.go +++ b/filebeat/input/tcp/input.go @@ -26,7 +26,7 @@ import ( "github.com/elastic/beats/v7/filebeat/harvester" "github.com/elastic/beats/v7/filebeat/input" "github.com/elastic/beats/v7/filebeat/inputsource" - netcommon "github.com/elastic/beats/v7/filebeat/inputsource/common" + "github.com/elastic/beats/v7/filebeat/inputsource/common/streaming" "github.com/elastic/beats/v7/filebeat/inputsource/tcp" "github.com/elastic/beats/v7/libbeat/beat" "github.com/elastic/beats/v7/libbeat/common" @@ -75,13 +75,13 @@ func NewInput( forwarder.Send(event) } - splitFunc := netcommon.SplitFunc([]byte(config.LineDelimiter)) + splitFunc := streaming.SplitFunc([]byte(config.LineDelimiter)) if splitFunc == nil { return nil, fmt.Errorf("unable to create splitFunc for delimiter %s", config.LineDelimiter) } logger := logp.NewLogger("input.tcp").With("address", config.Config.Host) - factory := netcommon.SplitHandlerFactory(netcommon.FamilyTCP, logger, tcp.MetadataCallback, cb, splitFunc) + factory := streaming.SplitHandlerFactory(inputsource.FamilyTCP, logger, tcp.MetadataCallback, cb, splitFunc) server, err := tcp.New(&config.Config, factory) if err != nil { diff --git a/filebeat/input/unix/config.go b/filebeat/input/unix/config.go index 4d4400cb9740..e1a24ff3f179 100644 --- a/filebeat/input/unix/config.go +++ b/filebeat/input/unix/config.go @@ -26,8 +26,7 @@ import ( ) type config struct { - unix.Config `config:",inline"` - LineDelimiter string `config:"line_delimiter" validate:"nonzero"` + unix.Config `config:",inline"` } func defaultConfig() config { @@ -35,7 +34,8 @@ func defaultConfig() config { Config: unix.Config{ Timeout: time.Minute * 5, MaxMessageSize: 20 * humanize.MiByte, + SocketType: unix.StreamSocket, + LineDelimiter: "\n", }, - LineDelimiter: "\n", } } diff --git a/filebeat/input/unix/input.go b/filebeat/input/unix/input.go index 3f5be8c8b87b..7346521c6c83 100644 --- a/filebeat/input/unix/input.go +++ b/filebeat/input/unix/input.go @@ -18,15 +18,12 @@ package unix import ( - "bufio" - "fmt" "net" "time" input "github.com/elastic/beats/v7/filebeat/input/v2" stateless "github.com/elastic/beats/v7/filebeat/input/v2/input-stateless" "github.com/elastic/beats/v7/filebeat/inputsource" - netcommon "github.com/elastic/beats/v7/filebeat/inputsource/common" "github.com/elastic/beats/v7/filebeat/inputsource/unix" "github.com/elastic/beats/v7/libbeat/beat" "github.com/elastic/beats/v7/libbeat/common" @@ -35,8 +32,8 @@ import ( ) type server struct { + unix.Server config - splitFunc bufio.SplitFunc } func Plugin() input.Plugin { @@ -59,12 +56,7 @@ func configure(cfg *common.Config) (stateless.Input, error) { } func newServer(config config) (*server, error) { - splitFunc := netcommon.SplitFunc([]byte(config.LineDelimiter)) - if splitFunc == nil { - return nil, fmt.Errorf("unable to create splitFunc for delimiter %s", config.LineDelimiter) - } - - return &server{config: config, splitFunc: splitFunc}, nil + return &server{config: config}, nil } func (s *server) Name() string { return "unix" } @@ -83,17 +75,17 @@ func (s *server) Run(ctx input.Context, publisher stateless.Publisher) error { log.Info("Starting Unix socket input") defer log.Info("Unix socket input stopped") - cb := func(data []byte, metadata inputsource.NetworkMetadata) { + cb := inputsource.NetworkFunc(func(data []byte, metadata inputsource.NetworkMetadata) { event := createEvent(data, metadata) publisher.Publish(event) - } - factory := netcommon.SplitHandlerFactory(netcommon.FamilyUnix, log, unix.MetadataCallback, cb, s.splitFunc) - server, err := unix.New(&s.config.Config, factory) + }) + + server, err := unix.New(log, &s.config.Config, cb) if err != nil { return err } - log.Debugf("TCP Input '%v' initialized", ctx.ID) + log.Debugf("%s Input '%v' initialized", s.config.Config.SocketType, ctx.ID) err = server.Run(ctxtool.FromCanceller(ctx.Cancelation)) diff --git a/filebeat/inputsource/common/dgram/handler.go b/filebeat/inputsource/common/dgram/handler.go new file mode 100644 index 000000000000..a9fa50d8f194 --- /dev/null +++ b/filebeat/inputsource/common/dgram/handler.go @@ -0,0 +1,102 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package dgram + +import ( + "context" + "fmt" + "net" + "runtime" + "strings" + + "github.com/elastic/beats/v7/filebeat/inputsource" + "github.com/elastic/beats/v7/libbeat/logp" +) + +// HandlerFactory returns a ConnectionHandler func +type HandlerFactory func(config ListenerConfig) ConnectionHandler + +// ConnectionHandler is able to read from incoming connections. +type ConnectionHandler func(context.Context, net.PacketConn) error + +// MetadataFunc defines callback executed when a line is read from the split handler. +type MetadataFunc func(net.Conn) inputsource.NetworkMetadata + +// DatagramReaderFactory allows creation of a handler which can read packets from connections. +func DatagramReaderFactory( + family inputsource.Family, + logger *logp.Logger, + callback inputsource.NetworkFunc, +) HandlerFactory { + return func(config ListenerConfig) ConnectionHandler { + return ConnectionHandler(func(ctx context.Context, conn net.PacketConn) error { + for ctx.Err() == nil { + + buffer := make([]byte, config.MaxMessageSize) + //conn.SetDeadline(time.Now().Add(config.Timeout)) + + // If you are using Windows and you are using a fixed buffer and you get a datagram which + // is bigger than the specified size of the buffer, it will return an `err` and the buffer will + // contains a subset of the data. + // + // On Unix based system, the buffer will be truncated but no error will be returned. + length, addr, err := conn.ReadFrom(buffer) + if err != nil { + if family == inputsource.FamilyUnix { + fmt.Println("connection handler error", err) + } + // don't log any deadline events. + e, ok := err.(net.Error) + if ok && e.Timeout() { + continue + } + + // Closed network error string will never change in Go 1.X + // https://github.com/golang/go/issues/4373 + opErr, ok := err.(*net.OpError) + if ok && strings.Contains(opErr.Err.Error(), "use of closed network connection") { + logger.Info("Connection has been closed") + return nil + } + + logger.Errorf("Error reading from the socket %s", err) + + // On Windows send the current buffer and mark it as truncated. + // The buffer will have content but length will return 0, addr will be nil. + if family == inputsource.FamilyUDP && isLargerThanBuffer(err) { + callback(buffer, inputsource.NetworkMetadata{RemoteAddr: addr, Truncated: true}) + continue + } + } + + if length > 0 { + callback(buffer[:length], inputsource.NetworkMetadata{RemoteAddr: addr}) + } + } + fmt.Println("end of connection handling") + return nil + }) + } +} + +func isLargerThanBuffer(err error) bool { + if runtime.GOOS != "windows" { + return false + } + return strings.Contains(err.Error(), windowErrBuffer) +} diff --git a/filebeat/inputsource/common/dgram/server.go b/filebeat/inputsource/common/dgram/server.go new file mode 100644 index 000000000000..ecb4844ed673 --- /dev/null +++ b/filebeat/inputsource/common/dgram/server.go @@ -0,0 +1,131 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package dgram + +import ( + "context" + "net" + "time" + + "github.com/elastic/go-concert/ctxtool" + "github.com/elastic/go-concert/unison" + + "github.com/elastic/beats/v7/filebeat/inputsource" + "github.com/elastic/beats/v7/libbeat/common/cfgtype" + "github.com/elastic/beats/v7/libbeat/logp" +) + +const windowErrBuffer = "A message sent on a datagram socket was larger than the internal message" + + " buffer or some other network limit, or the buffer used to receive a datagram into was smaller" + + " than the datagram itself." + +// ListenerFactory is used to craete connections based on the configuration. +type ListenerFactory func() (net.PacketConn, error) + +type ListenerConfig struct { + Timeout time.Duration + MaxMessageSize cfgtype.ByteSize +} + +type Listener struct { + log *logp.Logger + family inputsource.Family + config *ListenerConfig + listener ListenerFactory + connect HandlerFactory + tg unison.TaskGroup +} + +func NewListener( + f inputsource.Family, + path string, + connect HandlerFactory, + listenerFactory ListenerFactory, + config *ListenerConfig, +) *Listener { + return &Listener{ + log: logp.NewLogger(f.String()), + family: f, + config: config, + listener: listenerFactory, + connect: connect, + tg: unison.TaskGroup{}, + } +} + +func (l *Listener) Run(ctx context.Context) error { + l.log.Info("Started listening for " + l.family.String() + " connection") + + for ctx.Err() == nil { + conn, err := l.listener() + if err != nil { + l.log.Debugw("Cannot connect", "error", err) + continue + } + connCtx, connCancel := ctxtool.WithFunc(ctx, func() { + conn.Close() + }) + + err = l.run(connCtx, conn) + if err != nil { + l.log.Debugw("Error while processing input", "error", err) + connCancel() + continue + } + connCancel() + } + return nil +} + +func (l *Listener) Start() error { + l.log.Info("Started listening for " + l.family.String() + " connection") + + conn, err := l.listener() + if err != nil { + return err + } + + l.tg.Go(func(ctx unison.Canceler) error { + connCtx, connCancel := ctxtool.WithFunc(ctxtool.FromCanceller(ctx), func() { + conn.Close() + }) + defer connCancel() + + return l.run(ctxtool.FromCanceller(connCtx), conn) + }) + return nil +} + +func (l *Listener) run(ctx context.Context, conn net.PacketConn) error { + handler := l.connect(*l.config) + for ctx.Err() == nil { + err := handler(ctx, conn) + if err != nil { + return err + } + } + return nil +} + +func (l *Listener) Stop() { + l.log.Debug("Stopping datagram socket server for " + l.family.String()) + err := l.tg.Stop() + if err != nil { + l.log.Errorf("Error while stopping datagram socket server: %v", err) + } +} diff --git a/filebeat/inputsource/common/config.go b/filebeat/inputsource/common/streaming/config.go similarity index 98% rename from filebeat/inputsource/common/config.go rename to filebeat/inputsource/common/streaming/config.go index 2ae5bf52e35c..5f48ce003cd0 100644 --- a/filebeat/inputsource/common/config.go +++ b/filebeat/inputsource/common/streaming/config.go @@ -15,7 +15,7 @@ // specific language governing permissions and limitations // under the License. -package common +package streaming import ( "time" diff --git a/filebeat/inputsource/common/conn.go b/filebeat/inputsource/common/streaming/conn.go similarity index 99% rename from filebeat/inputsource/common/conn.go rename to filebeat/inputsource/common/streaming/conn.go index c6cf86d22921..e0c2b3e90380 100644 --- a/filebeat/inputsource/common/conn.go +++ b/filebeat/inputsource/common/streaming/conn.go @@ -15,7 +15,7 @@ // specific language governing permissions and limitations // under the License. -package common +package streaming import ( "io" diff --git a/filebeat/inputsource/common/conn_test.go b/filebeat/inputsource/common/streaming/conn_test.go similarity index 99% rename from filebeat/inputsource/common/conn_test.go rename to filebeat/inputsource/common/streaming/conn_test.go index f5e41a58c63d..6e93e7a06538 100644 --- a/filebeat/inputsource/common/conn_test.go +++ b/filebeat/inputsource/common/streaming/conn_test.go @@ -15,7 +15,7 @@ // specific language governing permissions and limitations // under the License. -package common +package streaming import ( "math/rand" diff --git a/filebeat/inputsource/common/handler.go b/filebeat/inputsource/common/streaming/handler.go similarity index 92% rename from filebeat/inputsource/common/handler.go rename to filebeat/inputsource/common/streaming/handler.go index a55ee1755d5b..69ae5aedc9c5 100644 --- a/filebeat/inputsource/common/handler.go +++ b/filebeat/inputsource/common/streaming/handler.go @@ -15,7 +15,7 @@ // specific language governing permissions and limitations // under the License. -package common +package streaming import ( "bufio" @@ -38,14 +38,14 @@ type ConnectionHandler func(context.Context, net.Conn) error type MetadataFunc func(net.Conn) inputsource.NetworkMetadata // SplitHandlerFactory allows creation of a handler that has splitting capabilities. -func SplitHandlerFactory(family Family, logger *logp.Logger, metadataCallback MetadataFunc, callback inputsource.NetworkFunc, splitFunc bufio.SplitFunc) HandlerFactory { +func SplitHandlerFactory(family inputsource.Family, logger *logp.Logger, metadataCallback MetadataFunc, callback inputsource.NetworkFunc, splitFunc bufio.SplitFunc) HandlerFactory { return func(config ListenerConfig) ConnectionHandler { return ConnectionHandler(func(ctx context.Context, conn net.Conn) error { metadata := metadataCallback(conn) maxMessageSize := uint64(config.MaxMessageSize) var log *logp.Logger - if family == FamilyUnix { + if family == inputsource.FamilyUnix { // unix sockets have an empty `RemoteAddr` value, so no need to capture it log = logger.With("handler", "split_client") } else { diff --git a/filebeat/inputsource/common/listener.go b/filebeat/inputsource/common/streaming/listener.go similarity index 89% rename from filebeat/inputsource/common/listener.go rename to filebeat/inputsource/common/streaming/listener.go index f4890ccc767e..cff66b28b6c0 100644 --- a/filebeat/inputsource/common/listener.go +++ b/filebeat/inputsource/common/streaming/listener.go @@ -15,35 +15,21 @@ // specific language governing permissions and limitations // under the License. -package common +package streaming import ( "bufio" "bytes" "context" "net" - "strings" "sync" + "github.com/elastic/beats/v7/filebeat/inputsource" "github.com/elastic/beats/v7/libbeat/common/atomic" "github.com/elastic/beats/v7/libbeat/logp" "github.com/elastic/go-concert/ctxtool" ) -// Family represents the type of connection we're handling -type Family string - -const ( - // FamilyUnix represents a unix socket listener - FamilyUnix Family = "unix" - // FamilyTCP represents a tcp socket listener - FamilyTCP Family = "tcp" -) - -func (f Family) String() string { - return strings.ToUpper(string(f)) -} - // ListenerFactory returns a net.Listener type ListenerFactory func() (net.Listener, error) @@ -51,7 +37,7 @@ type ListenerFactory func() (net.Listener, error) type Listener struct { Listener net.Listener config *ListenerConfig - family Family + family inputsource.Family wg sync.WaitGroup log *logp.Logger ctx context.Context @@ -62,7 +48,7 @@ type Listener struct { } // NewListener creates a new Listener -func NewListener(family Family, location string, handlerFactory HandlerFactory, listenerFactory ListenerFactory, config *ListenerConfig) *Listener { +func NewListener(family inputsource.Family, location string, handlerFactory HandlerFactory, listenerFactory ListenerFactory, config *ListenerConfig) *Listener { return &Listener{ config: config, family: family, @@ -141,7 +127,7 @@ func (l *Listener) run() { l.registerHandler() defer l.unregisterHandler() - if l.family == FamilyUnix { + if l.family == inputsource.FamilyUnix { // unix sockets have an empty `RemoteAddr` value, so no need to capture it l.log.Debugw("New client", "total", l.clientsCount.Load()) } else { @@ -155,7 +141,7 @@ func (l *Listener) run() { } defer func() { - if l.family == FamilyUnix { + if l.family == inputsource.FamilyUnix { // unix sockets have an empty `RemoteAddr` value, so no need to capture it l.log.Debugw("client disconnected", "total", l.clientsCount.Load()) } else { @@ -184,6 +170,10 @@ func (l *Listener) unregisterHandler() { // SplitFunc allows to create a `bufio.SplitFunc` based on a delimiter provided. func SplitFunc(lineDelimiter []byte) bufio.SplitFunc { + if len(lineDelimiter) == 0 { + return nil + } + ld := []byte(lineDelimiter) if bytes.Equal(ld, []byte("\n")) { // This will work for most usecases and will also strip \r if present. diff --git a/filebeat/inputsource/common/scan.go b/filebeat/inputsource/common/streaming/scan.go similarity index 98% rename from filebeat/inputsource/common/scan.go rename to filebeat/inputsource/common/streaming/scan.go index 636530062380..de2b342049a5 100644 --- a/filebeat/inputsource/common/scan.go +++ b/filebeat/inputsource/common/streaming/scan.go @@ -15,7 +15,7 @@ // specific language governing permissions and limitations // under the License. -package common +package streaming import ( "bufio" diff --git a/filebeat/inputsource/common/scan_test.go b/filebeat/inputsource/common/streaming/scan_test.go similarity index 99% rename from filebeat/inputsource/common/scan_test.go rename to filebeat/inputsource/common/streaming/scan_test.go index 5e266141193d..eccd2b663007 100644 --- a/filebeat/inputsource/common/scan_test.go +++ b/filebeat/inputsource/common/streaming/scan_test.go @@ -15,7 +15,7 @@ // specific language governing permissions and limitations // under the License. -package common +package streaming import ( "bufio" diff --git a/filebeat/inputsource/family.go b/filebeat/inputsource/family.go new file mode 100644 index 000000000000..025cb59ff086 --- /dev/null +++ b/filebeat/inputsource/family.go @@ -0,0 +1,36 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package inputsource + +import "strings" + +// Family represents the type of connection we're handling +type Family string + +const ( + // FamilyUnix represents a unix socket listener + FamilyUnix Family = "unix" + // FamilyTCP represents a tcp socket listener + FamilyTCP Family = "tcp" + // FamilyUDP represents a udp socket listener + FamilyUDP Family = "udp" +) + +func (f Family) String() string { + return strings.ToUpper(string(f)) +} diff --git a/filebeat/inputsource/tcp/server.go b/filebeat/inputsource/tcp/server.go index eaf83c8526ba..270ebc9c0c57 100644 --- a/filebeat/inputsource/tcp/server.go +++ b/filebeat/inputsource/tcp/server.go @@ -24,13 +24,14 @@ import ( "golang.org/x/net/netutil" - "github.com/elastic/beats/v7/filebeat/inputsource/common" + "github.com/elastic/beats/v7/filebeat/inputsource" + "github.com/elastic/beats/v7/filebeat/inputsource/common/streaming" "github.com/elastic/beats/v7/libbeat/common/transport/tlscommon" ) // Server represent a TCP server type Server struct { - *common.Listener + *streaming.Listener config *Config tlsConfig *tlscommon.TLSConfig @@ -39,7 +40,7 @@ type Server struct { // New creates a new tcp server func New( config *Config, - factory common.HandlerFactory, + factory streaming.HandlerFactory, ) (*Server, error) { tlsConfig, err := tlscommon.LoadTLSServerConfig(config.TLS) if err != nil { @@ -54,7 +55,7 @@ func New( config: config, tlsConfig: tlsConfig, } - server.Listener = common.NewListener(common.FamilyTCP, config.Host, factory, server.createServer, &common.ListenerConfig{ + server.Listener = streaming.NewListener(inputsource.FamilyTCP, config.Host, factory, server.createServer, &streaming.ListenerConfig{ Timeout: config.Timeout, MaxMessageSize: config.MaxMessageSize, MaxConnections: config.MaxConnections, diff --git a/filebeat/inputsource/tcp/server_test.go b/filebeat/inputsource/tcp/server_test.go index 032f7d33e29f..2d05ed77d570 100644 --- a/filebeat/inputsource/tcp/server_test.go +++ b/filebeat/inputsource/tcp/server_test.go @@ -31,7 +31,7 @@ import ( "github.com/stretchr/testify/require" "github.com/elastic/beats/v7/filebeat/inputsource" - netcommon "github.com/elastic/beats/v7/filebeat/inputsource/common" + "github.com/elastic/beats/v7/filebeat/inputsource/common/streaming" "github.com/elastic/beats/v7/libbeat/common" "github.com/elastic/beats/v7/libbeat/logp" ) @@ -69,76 +69,76 @@ func TestReceiveEventsAndMetadata(t *testing.T) { { name: "NewLine", cfg: map[string]interface{}{}, - splitFunc: netcommon.SplitFunc([]byte("\n")), + splitFunc: streaming.SplitFunc([]byte("\n")), expectedMessages: expectedMessages, messageSent: strings.Join(expectedMessages, "\n"), }, { name: "NewLineWithCR", cfg: map[string]interface{}{}, - splitFunc: netcommon.SplitFunc([]byte("\r\n")), + splitFunc: streaming.SplitFunc([]byte("\r\n")), expectedMessages: expectedMessages, messageSent: strings.Join(expectedMessages, "\r\n"), }, { name: "CustomDelimiter", cfg: map[string]interface{}{}, - splitFunc: netcommon.SplitFunc([]byte(";")), + splitFunc: streaming.SplitFunc([]byte(";")), expectedMessages: expectedMessages, messageSent: strings.Join(expectedMessages, ";"), }, { name: "MultipleCharsCustomDelimiter", cfg: map[string]interface{}{}, - splitFunc: netcommon.SplitFunc([]byte("")), + splitFunc: streaming.SplitFunc([]byte("")), expectedMessages: expectedMessages, messageSent: strings.Join(expectedMessages, ""), }, { name: "SingleCharCustomDelimiterMessageWithoutBoundaries", cfg: map[string]interface{}{}, - splitFunc: netcommon.SplitFunc([]byte(";")), + splitFunc: streaming.SplitFunc([]byte(";")), expectedMessages: []string{"hello"}, messageSent: "hello", }, { name: "MultipleCharCustomDelimiterMessageWithoutBoundaries", cfg: map[string]interface{}{}, - splitFunc: netcommon.SplitFunc([]byte("")), + splitFunc: streaming.SplitFunc([]byte("")), expectedMessages: []string{"hello"}, messageSent: "hello", }, { name: "NewLineMessageWithoutBoundaries", cfg: map[string]interface{}{}, - splitFunc: netcommon.SplitFunc([]byte("\n")), + splitFunc: streaming.SplitFunc([]byte("\n")), expectedMessages: []string{"hello"}, messageSent: "hello", }, { name: "NewLineLargeMessagePayload", cfg: map[string]interface{}{}, - splitFunc: netcommon.SplitFunc([]byte("\n")), + splitFunc: streaming.SplitFunc([]byte("\n")), expectedMessages: largeMessages, messageSent: strings.Join(largeMessages, "\n"), }, { name: "CustomLargeMessagePayload", cfg: map[string]interface{}{}, - splitFunc: netcommon.SplitFunc([]byte(";")), + splitFunc: streaming.SplitFunc([]byte(";")), expectedMessages: largeMessages, messageSent: strings.Join(largeMessages, ";"), }, { name: "ReadRandomLargePayload", cfg: map[string]interface{}{}, - splitFunc: netcommon.SplitFunc([]byte("\n")), + splitFunc: streaming.SplitFunc([]byte("\n")), expectedMessages: []string{randomGeneratedText}, messageSent: randomGeneratedText, }, { name: "MaxReadBufferReachedUserConfigured", - splitFunc: netcommon.SplitFunc([]byte("\n")), + splitFunc: streaming.SplitFunc([]byte("\n")), cfg: map[string]interface{}{ "max_message_size": 50000, }, @@ -147,7 +147,7 @@ func TestReceiveEventsAndMetadata(t *testing.T) { }, { name: "MaxBufferSizeSet", - splitFunc: netcommon.SplitFunc([]byte("\n")), + splitFunc: streaming.SplitFunc([]byte("\n")), cfg: map[string]interface{}{ "max_message_size": 66 * 1024, }, @@ -171,7 +171,7 @@ func TestReceiveEventsAndMetadata(t *testing.T) { return } - factory := netcommon.SplitHandlerFactory(netcommon.FamilyTCP, logp.NewLogger("test"), MetadataCallback, to, test.splitFunc) + factory := streaming.SplitHandlerFactory(inputsource.FamilyTCP, logp.NewLogger("test"), MetadataCallback, to, test.splitFunc) server, err := New(&config, factory) if !assert.NoError(t, err) { return @@ -223,7 +223,7 @@ func TestReceiveNewEventsConcurrently(t *testing.T) { return } - factory := netcommon.SplitHandlerFactory(netcommon.FamilyTCP, logp.NewLogger("test"), MetadataCallback, to, bufio.ScanLines) + factory := streaming.SplitHandlerFactory(inputsource.FamilyTCP, logp.NewLogger("test"), MetadataCallback, to, bufio.ScanLines) server, err := New(&config, factory) if !assert.NoError(t, err) { diff --git a/filebeat/inputsource/udp/server.go b/filebeat/inputsource/udp/server.go index 9df2e57904a4..123c54ba67f9 100644 --- a/filebeat/inputsource/udp/server.go +++ b/filebeat/inputsource/udp/server.go @@ -19,134 +19,55 @@ package udp import ( "net" - "runtime" - "strings" - "sync" - "time" "github.com/dustin/go-humanize" "github.com/elastic/beats/v7/filebeat/inputsource" + "github.com/elastic/beats/v7/filebeat/inputsource/common/dgram" "github.com/elastic/beats/v7/libbeat/logp" ) // Name is the human readable name and identifier. const Name = "udp" -const windowErrBuffer = "A message sent on a datagram socket was larger than the internal message" + - " buffer or some other network limit, or the buffer used to receive a datagram into was smaller" + - " than the datagram itself." - // Server creates a simple UDP Server and listen to a specific host:port and will send any // event received to the callback method. type Server struct { - config *Config - callback inputsource.NetworkFunc - Listener *net.UDPConn - log *logp.Logger - wg sync.WaitGroup - done chan struct{} + *dgram.Listener + config *Config + + localaddress string } // New returns a new UDPServer instance. func New(config *Config, callback inputsource.NetworkFunc) *Server { - return &Server{ - config: config, - callback: callback, - log: logp.NewLogger("udp").With("address", config.Host), - done: make(chan struct{}), - } + server := &Server{config: config} + log := logp.NewLogger("udp").With("address", config.Host) + factory := dgram.DatagramReaderFactory(inputsource.FamilyUDP, log, callback) + server.Listener = dgram.NewListener(inputsource.FamilyUDP, config.Host, factory, server.createConn, &dgram.ListenerConfig{ + Timeout: config.Timeout, + MaxMessageSize: config.MaxMessageSize, + }) + return server } -// Start starts the UDP Server and listen to incoming events. -func (u *Server) Start() error { +func (u *Server) createConn() (net.PacketConn, error) { var err error udpAdddr, err := net.ResolveUDPAddr("udp", u.config.Host) if err != nil { - return err + return nil, err } - u.Listener, err = net.ListenUDP("udp", udpAdddr) + listener, err := net.ListenUDP("udp", udpAdddr) if err != nil { - return err + return nil, err } socketSize := int(u.config.ReadBuffer) * humanize.KiByte if socketSize != 0 { - if err := u.Listener.SetReadBuffer(int(u.config.ReadBuffer)); err != nil { - return err + if err := listener.SetReadBuffer(int(u.config.ReadBuffer)); err != nil { + return nil, err } } - if err != nil { - return err - } - u.log.Info("Started listening for UDP connection") - u.wg.Add(1) - go func() { - defer u.wg.Done() - u.run() - }() - return nil -} - -func (u *Server) run() { - for { - select { - case <-u.done: - return - default: - } - - buffer := make([]byte, u.config.MaxMessageSize) - u.Listener.SetDeadline(time.Now().Add(u.config.Timeout)) - - // If you are using Windows and you are using a fixed buffer and you get a datagram which - // is bigger than the specified size of the buffer, it will return an `err` and the buffer will - // contains a subset of the data. - // - // On Unix based system, the buffer will be truncated but no error will be returned. - length, addr, err := u.Listener.ReadFrom(buffer) - if err != nil { - // don't log any deadline events. - e, ok := err.(net.Error) - if ok && e.Timeout() { - continue - } - - // Closed network error string will never change in Go 1.X - // https://github.com/golang/go/issues/4373 - opErr, ok := err.(*net.OpError) - if ok && strings.Contains(opErr.Err.Error(), "use of closed network connection") { - u.log.Info("Connection has been closed") - return - } + u.localaddress = listener.LocalAddr().String() - u.log.Errorf("Error reading from the socket %s", err) - - // On Windows send the current buffer and mark it as truncated. - // The buffer will have content but length will return 0, addr will be nil. - if isLargerThanBuffer(err) { - u.callback(buffer, inputsource.NetworkMetadata{RemoteAddr: addr, Truncated: true}) - continue - } - } - - if length > 0 { - u.callback(buffer[:length], inputsource.NetworkMetadata{RemoteAddr: addr}) - } - } -} - -// Stop stops the current udp server. -func (u *Server) Stop() { - u.log.Info("Stopping UDP server") - close(u.done) - u.Listener.Close() - u.wg.Wait() - u.log.Info("UDP server stopped") -} - -func isLargerThanBuffer(err error) bool { - if runtime.GOOS != "windows" { - return false - } - return strings.Contains(err.Error(), windowErrBuffer) + return listener, err } diff --git a/filebeat/inputsource/udp/server_test.go b/filebeat/inputsource/udp/server_test.go index 766f7d0b7aa5..0434c836ae64 100644 --- a/filebeat/inputsource/udp/server_test.go +++ b/filebeat/inputsource/udp/server_test.go @@ -75,7 +75,7 @@ func TestReceiveEventFromUDP(t *testing.T) { for _, test := range tests { t.Run(test.name, func(t *testing.T) { - conn, err := net.Dial("udp", s.Listener.LocalAddr().String()) + conn, err := net.Dial("udp", s.localaddress) if !assert.NoError(t, err) { return } diff --git a/filebeat/inputsource/unix/config.go b/filebeat/inputsource/unix/config.go index 5051ab86e756..f6a2e4fa83a8 100644 --- a/filebeat/inputsource/unix/config.go +++ b/filebeat/inputsource/unix/config.go @@ -24,8 +24,24 @@ import ( "github.com/elastic/beats/v7/libbeat/common/cfgtype" ) -// Name is the human readable name and identifier. -const Name = "unix" +type SocketType uint8 + +const ( + // StreamSocket is used when reading from a Unix stream socket. + StreamSocket SocketType = iota + // DatagramSocket is used when reading from a Unix datagram socket. + DatagramSocket +) + +const ( + // Name is the human readable name and identifier. + Name = "unix" +) + +var socketTypes = map[string]SocketType{ + "stream": StreamSocket, + "datagram": DatagramSocket, +} // Config exposes the unix configuration. type Config struct { @@ -35,6 +51,8 @@ type Config struct { Timeout time.Duration `config:"timeout" validate:"nonzero,positive"` MaxMessageSize cfgtype.ByteSize `config:"max_message_size" validate:"nonzero,positive"` MaxConnections int `config:"max_connections"` + LineDelimiter string `config:"line_delimiter"` + SocketType SocketType `config:"socket_type"` } // Validate validates the Config option for the unix input. @@ -42,5 +60,26 @@ func (c *Config) Validate() error { if len(c.Path) == 0 { return fmt.Errorf("need to specify the path to the unix socket") } + + if c.SocketType == StreamSocket && c.LineDelimiter == "" { + return fmt.Errorf("line_delimiter cannot be empty when using stream socket") + } + return nil + +} + +func (s *SocketType) Unpack(value string) error { + setting, ok := socketTypes[value] + if !ok { + availableTypes := make([]string, len(socketTypes)) + i := 0 + for t := range socketTypes { + availableTypes[i] = t + i++ + } + return fmt.Errorf("unknown socket type: %s, supported types: %v", value, availableTypes) + } + + *s = setting return nil } diff --git a/filebeat/inputsource/unix/config_test.go b/filebeat/inputsource/unix/config_test.go new file mode 100644 index 000000000000..c57e654f8127 --- /dev/null +++ b/filebeat/inputsource/unix/config_test.go @@ -0,0 +1,65 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// +build !integration + +package unix + +import ( + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/elastic/beats/v7/libbeat/common" +) + +func TestErrorMissingPath(t *testing.T) { + c := common.MustNewConfigFrom(map[string]interface{}{ + "timeout": 1, + "max_message_size": 1, + }) + var config Config + err := c.Unpack(&config) + assert.Error(t, err) + assert.Contains(t, err.Error(), "need to specify the path to the unix socket") +} + +func TestErrorOnEmptyLineDelimiterWhenStreamSocket(t *testing.T) { + c := common.MustNewConfigFrom(map[string]interface{}{ + "timeout": 1, + "max_message_size": 1, + "path": "my-path", + "socket_type": "stream", + }) + var config Config + err := c.Unpack(&config) + assert.Error(t, err) + assert.Contains(t, err.Error(), "line_delimiter cannot be empty when using stream socket") +} + +func TestInvalidSocketType(t *testing.T) { + c := common.MustNewConfigFrom(map[string]interface{}{ + "timeout": 1, + "max_message_size": 1, + "path": "my-path", + "socket_type": "invalid_type", + }) + var config Config + err := c.Unpack(&config) + assert.Error(t, err) + assert.Contains(t, err.Error(), "unknown socket type") +} diff --git a/filebeat/inputsource/unix/server.go b/filebeat/inputsource/unix/server.go index ee9a0f4564d7..e85ced4cf49e 100644 --- a/filebeat/inputsource/unix/server.go +++ b/filebeat/inputsource/unix/server.go @@ -18,50 +18,69 @@ package unix import ( + "context" "fmt" "net" - "os" - "os/user" - "runtime" - "strconv" - "github.com/pkg/errors" "golang.org/x/net/netutil" - "github.com/elastic/beats/v7/filebeat/inputsource/common" + "github.com/elastic/beats/v7/filebeat/inputsource" + "github.com/elastic/beats/v7/filebeat/inputsource/common/dgram" + "github.com/elastic/beats/v7/filebeat/inputsource/common/streaming" "github.com/elastic/beats/v7/libbeat/logp" ) -// Server represent a unix server -type Server struct { - *common.Listener +// Server is run by the input. +type Server interface { + inputsource.Network + Run(context.Context) error +} +// streamServer is a server for reading from Unix stream sockets. +type streamServer struct { + *streaming.Listener config *Config } -// New creates a new unix server -func New( - config *Config, - factory common.HandlerFactory, -) (*Server, error) { - if factory == nil { - return nil, fmt.Errorf("HandlerFactory can't be empty") - } +// datagramServer is a server for reading from Unix datagram sockets. +type datagramServer struct { + *dgram.Listener + config *Config +} - server := &Server{ - config: config, +// New creates a new unix server. +func New(log *logp.Logger, config *Config, nf inputsource.NetworkFunc) (Server, error) { + switch config.SocketType { + case StreamSocket: + splitFunc := streaming.SplitFunc([]byte(config.LineDelimiter)) + if splitFunc == nil { + return nil, fmt.Errorf("unable to create splitFunc for delimiter %s", config.LineDelimiter) + } + factory := streaming.SplitHandlerFactory(inputsource.FamilyUnix, log, MetadataCallback, nf, splitFunc) + server := &streamServer{config: config} + server.Listener = streaming.NewListener(inputsource.FamilyUnix, config.Path, factory, server.createServer, &streaming.ListenerConfig{ + Timeout: config.Timeout, + MaxMessageSize: config.MaxMessageSize, + MaxConnections: config.MaxConnections, + }) + return server, nil + + case DatagramSocket: + server := &datagramServer{config: config} + factory := dgram.DatagramReaderFactory(inputsource.FamilyUnix, log, nf) + server.Listener = dgram.NewListener(inputsource.FamilyUnix, config.Path, factory, server.createConn, &dgram.ListenerConfig{ + Timeout: config.Timeout, + MaxMessageSize: config.MaxMessageSize, + }) + return server, nil + + default: } - server.Listener = common.NewListener(common.FamilyUnix, config.Path, factory, server.createServer, &common.ListenerConfig{ - Timeout: config.Timeout, - MaxMessageSize: config.MaxMessageSize, - MaxConnections: config.MaxConnections, - }) - - return server, nil + return nil, fmt.Errorf("unknown unix server type") } -func (s *Server) createServer() (net.Listener, error) { - if err := s.cleanupStaleSocket(); err != nil { +func (s *streamServer) createServer() (net.Listener, error) { + if err := cleanupStaleSocket(s.config.Path); err != nil { return nil, err } @@ -70,11 +89,11 @@ func (s *Server) createServer() (net.Listener, error) { return nil, err } - if err := s.setSocketOwnership(); err != nil { + if err := setSocketOwnership(s.config.Path, s.config.Group); err != nil { return nil, err } - if err := s.setSocketMode(); err != nil { + if err := setSocketMode(s.config.Path, s.config.Mode); err != nil { return nil, err } @@ -84,68 +103,26 @@ func (s *Server) createServer() (net.Listener, error) { return l, nil } -func (s *Server) cleanupStaleSocket() error { - path := s.config.Path - info, err := os.Lstat(path) - if err != nil { - // If the file does not exist, then the cleanup can be considered successful. - if os.IsNotExist(err) { - return nil - } - return errors.Wrapf(err, "cannot lstat unix socket file at location %s", path) - } - - if runtime.GOOS != "windows" { - // see https://github.com/golang/go/issues/33357 for context on Windows socket file attributes bug - if info.Mode()&os.ModeSocket == 0 { - return fmt.Errorf("refusing to remove file at location %s, it is not a socket", path) - } +func (s *datagramServer) createConn() (net.PacketConn, error) { + if err := cleanupStaleSocket(s.config.Path); err != nil { + return nil, err } - if err := os.Remove(path); err != nil { - return errors.Wrapf(err, "cannot remove existing unix socket file at location %s", path) + addr, err := net.ResolveUnixAddr("unixgram", s.config.Path) + if err != nil { + return nil, err } - - return nil -} - -func (s *Server) setSocketOwnership() error { - if s.config.Group != nil { - if runtime.GOOS == "windows" { - logp.NewLogger("unix").Warn("windows does not support the 'group' configuration option, ignoring") - return nil - } - g, err := user.LookupGroup(*s.config.Group) - if err != nil { - return err - } - gid, err := strconv.Atoi(g.Gid) - if err != nil { - return err - } - return os.Chown(s.config.Path, -1, gid) + conn, err := net.ListenUnixgram("unixgram", addr) + if err != nil { + return nil, err } - return nil -} -func (s *Server) setSocketMode() error { - if s.config.Mode != nil { - mode, err := parseFileMode(*s.config.Mode) - if err != nil { - return err - } - return os.Chmod(s.config.Path, mode) + if err := setSocketOwnership(s.config.Path, s.config.Group); err != nil { + return nil, err } - return nil -} -func parseFileMode(mode string) (os.FileMode, error) { - parsed, err := strconv.ParseUint(mode, 8, 32) - if err != nil { - return 0, err - } - if parsed > 0777 { - return 0, errors.New("invalid file mode") + if err := setSocketMode(s.config.Path, s.config.Mode); err != nil { + return nil, err } - return os.FileMode(parsed), nil + return conn, nil } diff --git a/filebeat/inputsource/unix/server_test.go b/filebeat/inputsource/unix/server_test.go index fc9545100d5c..460b85b8b1ea 100644 --- a/filebeat/inputsource/unix/server_test.go +++ b/filebeat/inputsource/unix/server_test.go @@ -18,7 +18,6 @@ package unix import ( - "bufio" "fmt" "math/rand" "net" @@ -36,15 +35,17 @@ import ( "github.com/stretchr/testify/require" "github.com/elastic/beats/v7/filebeat/inputsource" - netcommon "github.com/elastic/beats/v7/filebeat/inputsource/common" "github.com/elastic/beats/v7/libbeat/common" "github.com/elastic/beats/v7/libbeat/common/file" "github.com/elastic/beats/v7/libbeat/logp" ) -var defaultConfig = Config{ - Timeout: time.Minute * 5, - MaxMessageSize: 20 * humanize.MiByte, +func defaultConfig() Config { + return Config{ + Timeout: time.Minute * 5, + MaxMessageSize: 20 * humanize.MiByte, + SocketType: StreamSocket, + } } type info struct { @@ -52,10 +53,20 @@ type info struct { mt inputsource.NetworkMetadata } +func TestErrorOnInvalidSocketType(t *testing.T) { + config := &Config{ + SocketType: SocketType(7), + } + _, err := New(logp.L(), config, nil) + assert.Error(t, err) +} + func TestErrorOnEmptyLineDelimiter(t *testing.T) { - c := common.NewConfig() - config := defaultConfig - err := c.Unpack(&config) + config := &Config{ + SocketType: StreamSocket, + LineDelimiter: "", + } + _, err := New(logp.L(), config, nil) assert.Error(t, err) } @@ -72,93 +83,82 @@ func TestReceiveEventsAndMetadata(t *testing.T) { tests := []struct { name string cfg map[string]interface{} - splitFunc bufio.SplitFunc expectedMessages []string messageSent string }{ { name: "NewLine", - cfg: map[string]interface{}{}, - splitFunc: netcommon.SplitFunc([]byte("\n")), + cfg: map[string]interface{}{"line_delimiter": "\n"}, expectedMessages: expectedMessages, messageSent: strings.Join(expectedMessages, "\n"), }, { name: "NewLineWithCR", - cfg: map[string]interface{}{}, - splitFunc: netcommon.SplitFunc([]byte("\r\n")), + cfg: map[string]interface{}{"line_delimiter": "\r\n"}, expectedMessages: expectedMessages, messageSent: strings.Join(expectedMessages, "\r\n"), }, { name: "CustomDelimiter", - cfg: map[string]interface{}{}, - splitFunc: netcommon.SplitFunc([]byte(";")), + cfg: map[string]interface{}{"line_delimiter": ";"}, expectedMessages: expectedMessages, messageSent: strings.Join(expectedMessages, ";"), }, { name: "MultipleCharsCustomDelimiter", - cfg: map[string]interface{}{}, - splitFunc: netcommon.SplitFunc([]byte("")), + cfg: map[string]interface{}{"line_delimiter": ""}, expectedMessages: expectedMessages, messageSent: strings.Join(expectedMessages, ""), }, { name: "SingleCharCustomDelimiterMessageWithoutBoundaries", - cfg: map[string]interface{}{}, - splitFunc: netcommon.SplitFunc([]byte(";")), + cfg: map[string]interface{}{"line_delimiter": ";"}, expectedMessages: []string{"hello"}, messageSent: "hello", }, { name: "MultipleCharCustomDelimiterMessageWithoutBoundaries", - cfg: map[string]interface{}{}, - splitFunc: netcommon.SplitFunc([]byte("")), + cfg: map[string]interface{}{"line_delimiter": ""}, expectedMessages: []string{"hello"}, messageSent: "hello", }, { name: "NewLineMessageWithoutBoundaries", - cfg: map[string]interface{}{}, - splitFunc: netcommon.SplitFunc([]byte("\n")), + cfg: map[string]interface{}{"line_delimiter": "\n"}, expectedMessages: []string{"hello"}, messageSent: "hello", }, { name: "NewLineLargeMessagePayload", - cfg: map[string]interface{}{}, - splitFunc: netcommon.SplitFunc([]byte("\n")), + cfg: map[string]interface{}{"line_delimiter": "\n"}, expectedMessages: largeMessages, messageSent: strings.Join(largeMessages, "\n"), }, { name: "CustomLargeMessagePayload", - cfg: map[string]interface{}{}, - splitFunc: netcommon.SplitFunc([]byte(";")), + cfg: map[string]interface{}{"line_delimiter": ";"}, expectedMessages: largeMessages, messageSent: strings.Join(largeMessages, ";"), }, { name: "ReadRandomLargePayload", - cfg: map[string]interface{}{}, - splitFunc: netcommon.SplitFunc([]byte("\n")), + cfg: map[string]interface{}{"line_delimiter": "\n"}, expectedMessages: []string{randomGeneratedText}, messageSent: randomGeneratedText, }, { - name: "MaxReadBufferReachedUserConfigured", - splitFunc: netcommon.SplitFunc([]byte("\n")), + name: "MaxReadBufferReachedUserConfigured", cfg: map[string]interface{}{ + "line_delimiter": "\n", "max_message_size": 50000, }, expectedMessages: []string{}, messageSent: randomGeneratedText, }, { - name: "MaxBufferSizeSet", - splitFunc: netcommon.SplitFunc([]byte("\n")), + name: "MaxBufferSizeSet", cfg: map[string]interface{}{ + "line_delimiter": "\n", "max_message_size": 66 * 1024, }, expectedMessages: extraLargeMessages, @@ -176,14 +176,13 @@ func TestReceiveEventsAndMetadata(t *testing.T) { path := filepath.Join(os.TempDir(), "test.sock") test.cfg["path"] = path cfg, _ := common.NewConfigFrom(test.cfg) - config := defaultConfig + config := defaultConfig() err := cfg.Unpack(&config) if !assert.NoError(t, err) { return } - factory := netcommon.SplitHandlerFactory(netcommon.FamilyUnix, logp.NewLogger("test"), MetadataCallback, to, test.splitFunc) - server, err := New(&config, factory) + server, err := New(logp.L(), &config, to) if !assert.NoError(t, err) { return } @@ -234,16 +233,16 @@ func TestSocketOwnershipAndMode(t *testing.T) { path := filepath.Join(os.TempDir(), "test.sock") cfg, _ := common.NewConfigFrom(map[string]interface{}{ - "path": path, - "group": group.Name, - "mode": "0740", + "path": path, + "group": group.Name, + "mode": "0740", + "line_delimiter": "\n", }) - config := defaultConfig + config := defaultConfig() err = cfg.Unpack(&config) require.NoError(t, err) - factory := netcommon.SplitHandlerFactory(netcommon.FamilyUnix, logp.NewLogger("test"), MetadataCallback, nil, netcommon.SplitFunc([]byte("\n"))) - server, err := New(&config, factory) + server, err := New(logp.L(), &config, nil) require.NoError(t, err) err = server.Start() require.NoError(t, err) @@ -269,12 +268,12 @@ func TestSocketCleanup(t *testing.T) { defer mockStaleSocket.Close() cfg, _ := common.NewConfigFrom(map[string]interface{}{ - "path": path, + "path": path, + "line_delimiter": "\n", }) - config := defaultConfig + config := defaultConfig() require.NoError(t, cfg.Unpack(&config)) - factory := netcommon.SplitHandlerFactory(netcommon.FamilyUnix, logp.NewLogger("test"), MetadataCallback, nil, netcommon.SplitFunc([]byte("\n"))) - server, err := New(&config, factory) + server, err := New(logp.L(), &config, nil) require.NoError(t, err) err = server.Start() require.NoError(t, err) @@ -293,12 +292,12 @@ func TestSocketCleanupRefusal(t *testing.T) { defer os.Remove(path) cfg, _ := common.NewConfigFrom(map[string]interface{}{ - "path": path, + "path": path, + "line_delimiter": "\n", }) - config := defaultConfig + config := defaultConfig() require.NoError(t, cfg.Unpack(&config)) - factory := netcommon.SplitHandlerFactory(netcommon.FamilyUnix, logp.NewLogger("test"), MetadataCallback, nil, netcommon.SplitFunc([]byte("\n"))) - server, err := New(&config, factory) + server, err := New(logp.L(), &config, nil) require.NoError(t, err) err = server.Start() require.Error(t, err) @@ -310,55 +309,87 @@ func TestReceiveNewEventsConcurrently(t *testing.T) { t.Skip("test is only supported on non-windows. See https://github.com/elastic/beats/issues/21757") return } - workers := 4 - eventsCount := 100 - path := filepath.Join(os.TempDir(), "test.sock") - ch := make(chan *info, eventsCount*workers) - defer close(ch) - to := func(message []byte, mt inputsource.NetworkMetadata) { - ch <- &info{message: string(message), mt: mt} - } - cfg, err := common.NewConfigFrom(map[string]interface{}{"path": path}) - if !assert.NoError(t, err) { - return - } - config := defaultConfig - err = cfg.Unpack(&config) - if !assert.NoError(t, err) { - return - } - factory := netcommon.SplitHandlerFactory(netcommon.FamilyUnix, logp.NewLogger("test"), MetadataCallback, to, bufio.ScanLines) + for socketType, _ := range socketTypes { + if runtime.GOOS == "darwin" && socketType == "datagram" { + t.Skip("test is only supported on linux. See https://github.com/elastic/beats/issues/22775") + return + } - server, err := New(&config, factory) - if !assert.NoError(t, err) { - return + t.Run("socket_type "+socketType, func(t *testing.T) { + workers := 1 + eventsCount := 100 + path := filepath.Join(os.TempDir(), "test.sock") + ch := make(chan *info, eventsCount*workers) + defer close(ch) + to := func(message []byte, mt inputsource.NetworkMetadata) { + ch <- &info{message: string(message), mt: mt} + } + cfg, err := common.NewConfigFrom(map[string]interface{}{ + "path": path, + "line_delimiter": "\n", + "socket_type": socketType, + }) + if !assert.NoError(t, err) { + return + } + config := defaultConfig() + err = cfg.Unpack(&config) + if !assert.NoError(t, err) { + return + } + + server, err := New(logp.L(), &config, to) + if !assert.NoError(t, err) { + return + } + err = server.Start() + if !assert.NoError(t, err) { + return + } + defer server.Stop() + + samples := generateMessages(eventsCount, 1024) + for w := 0; w < workers; w++ { + if socketType == "stream" { + go sendOverUnixStream(t, path, samples) + } else if socketType == "datagram" { + go sendOverUnixDatagram(t, path, samples) + } + } + + var events []*info + for len(events) < eventsCount*workers { + select { + case event := <-ch: + events = append(events, event) + default: + } + } + }) } - err = server.Start() +} + +func sendOverUnixStream(t *testing.T, path string, samples []string) { + conn, err := net.Dial("unix", path) if !assert.NoError(t, err) { return } - defer server.Stop() + defer conn.Close() - samples := generateMessages(eventsCount, 1024) - for w := 0; w < workers; w++ { - go func() { - conn, err := net.Dial("unix", path) - defer conn.Close() - assert.NoError(t, err) - for _, sample := range samples { - fmt.Fprintln(conn, sample) - } - }() + for _, sample := range samples { + fmt.Fprintln(conn, sample) } +} - var events []*info - for len(events) < eventsCount*workers { - select { - case event := <-ch: - events = append(events, event) - default: - } +func sendOverUnixDatagram(t *testing.T, path string, samples []string) { + conn, err := net.Dial("unixgram", path) + if !assert.NoError(t, err) { + return + } + defer conn.Close() + for _, sample := range samples { + fmt.Fprintln(conn, sample) } } @@ -374,7 +405,7 @@ func randomString(l int) string { func generateMessages(c int, l int) []string { messages := make([]string, c) for i := range messages { - messages[i] = randomString(l) + messages[i] = randomString(l) + "-" + strconv.Itoa(i) } return messages } diff --git a/filebeat/inputsource/unix/socket.go b/filebeat/inputsource/unix/socket.go new file mode 100644 index 000000000000..576dedad5645 --- /dev/null +++ b/filebeat/inputsource/unix/socket.go @@ -0,0 +1,95 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package unix + +import ( + "fmt" + "os" + "os/user" + "runtime" + "strconv" + + "github.com/pkg/errors" + + "github.com/elastic/beats/v7/libbeat/logp" +) + +func cleanupStaleSocket(path string) error { + info, err := os.Lstat(path) + if err != nil { + // If the file does not exist, then the cleanup can be considered successful. + if os.IsNotExist(err) { + return nil + } + return errors.Wrapf(err, "cannot lstat unix socket file at location %s", path) + } + + if runtime.GOOS != "windows" { + // see https://github.com/golang/go/issues/33357 for context on Windows socket file attributes bug + if info.Mode()&os.ModeSocket == 0 { + return fmt.Errorf("refusing to remove file at location %s, it is not a socket", path) + } + } + + if err := os.Remove(path); err != nil { + return errors.Wrapf(err, "cannot remove existing unix socket file at location %s", path) + } + + return nil +} + +func setSocketOwnership(path string, group *string) error { + if group != nil { + if runtime.GOOS == "windows" { + logp.NewLogger("unix").Warn("windows does not support the 'group' configuration option, ignoring") + return nil + } + g, err := user.LookupGroup(*group) + if err != nil { + return err + } + gid, err := strconv.Atoi(g.Gid) + if err != nil { + return err + } + return os.Chown(path, -1, gid) + } + return nil +} + +func setSocketMode(path string, mode *string) error { + if mode != nil { + m, err := parseFileMode(*mode) + if err != nil { + return err + } + return os.Chmod(path, m) + } + return nil +} + +func parseFileMode(mode string) (os.FileMode, error) { + parsed, err := strconv.ParseUint(mode, 8, 32) + if err != nil { + return 0, err + } + if parsed > 0777 { + return 0, errors.New("invalid file mode") + } + return os.FileMode(parsed), nil +} diff --git a/filebeat/tests/system/test_syslog.py b/filebeat/tests/system/test_syslog.py index ed8f5a58f2f0..272f0c5b81db 100644 --- a/filebeat/tests/system/test_syslog.py +++ b/filebeat/tests/system/test_syslog.py @@ -127,6 +127,8 @@ def test_syslog_with_udp(self): filebeat.check_kill_and_wait() + sock.close() + output = self.read_output() assert len(output) == 2 @@ -135,13 +137,28 @@ def test_syslog_with_udp(self): # AF_UNIX support in python isn't available until # Python 3.9, see https://bugs.python.org/issue33408 @unittest.skipIf(not hasattr(socket, 'AF_UNIX'), "No Windows AF_UNIX support before Python 3.9") - def test_syslog_with_unix(self): + def test_syslog_with_unix_stream(self): + """ + Test syslog input with events from UNIX stream. + """ + + self.run_filebeat_and_send_using_socket("stream", send_stream_socket) + + # AF_UNIX support in python isn't available until + # Python 3.9, see https://bugs.python.org/issue33408 + @unittest.skipIf(not hasattr(socket, 'AF_UNIX'), "No Windows AF_UNIX support before Python 3.9") + def test_syslog_with_unix_datagram(self): """ - Test syslog input with events from UNIX. + Test syslog input with events from UNIX stream. """ + + self.run_filebeat_and_send_using_socket("datagram", send_datagram_socket) + + def run_filebeat_and_send_using_socket(self, socket_type, send_over_socket): # we create the socket in a temporary directory because # go will fail to create a unix socket if the path length # is longer than 108 characters. See https://github.com/golang/go/issues/6895 + with tempfile.TemporaryDirectory() as tempdir: path = os.path.join(tempdir, "filebeat.sock") input_raw = """ @@ -149,9 +166,10 @@ def test_syslog_with_unix(self): protocol: unix: path: {} + socket_type: {} """ - input_raw = input_raw.format(path) + input_raw = input_raw.format(path, socket_type) self.render_config_template( input_raw=input_raw, inputs=False, @@ -161,15 +179,9 @@ def test_syslog_with_unix(self): self.wait_until(lambda: self.log_contains("Started listening for UNIX connection")) - sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) # UNIX - - sock.connect(path) - - for n in range(0, 2): - m = "<13>Oct 11 22:14:15 wopr.mymachine.co postfix/smtpd[2000]:" \ - " 'su root' failed for lonvick on /dev/pts/8 {}\n" - m = m.format(n) - sock.send(m.encode("utf-8")) + sock = send_over_socket(path, + "<13>Oct 11 22:14:15 wopr.mymachine.co postfix/smtpd[2000]:" + " 'su root' failed for lonvick on /dev/pts/8 {}\n") self.wait_until(lambda: self.output_count(lambda x: x >= 2)) @@ -180,13 +192,30 @@ def test_syslog_with_unix(self): assert len(output) == 2 self.assert_syslog(output[0], False) + sock.close() + # AF_UNIX support in python isn't available until # Python 3.9, see https://bugs.python.org/issue33408 + @unittest.skipIf(not hasattr(socket, 'AF_UNIX'), "No Windows AF_UNIX support before Python 3.9") - def test_syslog_with_unix_invalid_message(self): + def test_syslog_with_unix_stream_invalid_message(self): """ Test syslog input with invalid events from UNIX. """ + + self.run_filebeat_and_send_invalid_message_using_socket("stream", send_stream_socket) + + # AF_UNIX support in python isn't available until + # Python 3.9, see https://bugs.python.org/issue33408 + @unittest.skipIf(not hasattr(socket, 'AF_UNIX'), "No Windows AF_UNIX support before Python 3.9") + def test_syslog_with_unix_datagram_invalid_message(self): + """ + Test syslog input with invalid events from UNIX. + """ + + self.run_filebeat_and_send_invalid_message_using_socket("datagram", send_datagram_socket) + + def run_filebeat_and_send_invalid_message_using_socket(self, socket_type, send_over_socket): # we create the socket in a temporary directory because # go will fail to create a unix socket if the path length # is longer than 108 characters. See https://github.com/golang/go/issues/6895 @@ -197,9 +226,10 @@ def test_syslog_with_unix_invalid_message(self): protocol: unix: path: {} + socket_type: {} """ - input_raw = input_raw.format(path) + input_raw = input_raw.format(path, socket_type) self.render_config_template( input_raw=input_raw, inputs=False, @@ -209,11 +239,7 @@ def test_syslog_with_unix_invalid_message(self): self.wait_until(lambda: self.log_contains("Started listening for UNIX connection")) - sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) # UNIX - - sock.connect(path) - for n in range(0, 2): - sock.send("invalid\n".encode("utf-8")) + sock = send_over_socket(path, "invalid\n") self.wait_until(lambda: self.output_count(lambda x: x >= 2)) @@ -222,7 +248,10 @@ def test_syslog_with_unix_invalid_message(self): output = self.read_output() assert len(output) == 2 - assert output[0]["message"] == "invalid" + expected_message = "invalid" + if socket_type == "datagram": + expected_message += "\n" + assert output[0]["message"] == expected_message sock.close() def assert_syslog(self, syslog, has_address=True): @@ -238,3 +267,25 @@ def assert_syslog(self, syslog, has_address=True): assert syslog["syslog.facility_label"] == "user-level" if has_address: assert len(syslog["log.source.address"]) > 0 + + +def send_stream_socket(path, message): + sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) + + sock.connect(path) + + for n in range(0, 2): + message = message.format(n) + sock.send(message.encode("utf-8")) + + return sock + + +def send_datagram_socket(path, message): + sock = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM) + + for n in range(0, 2): + message = message.format(n) + sock.sendto(message.encode("utf-8"), path) + + return sock diff --git a/filebeat/tests/system/test_unix.py b/filebeat/tests/system/test_unix.py index bb9b7f25bd56..bc506b47d7b2 100644 --- a/filebeat/tests/system/test_unix.py +++ b/filebeat/tests/system/test_unix.py @@ -61,11 +61,44 @@ def send_events_with_delimiter(self, delimiter): self.wait_until(lambda: self.log_contains("Started listening for UNIX connection")) - sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) # UNIX - sock.connect(path) + sock = send_stream_socket(path, delimiter) - for n in range(0, 2): - sock.send(bytes("Hello World: " + str(n) + delimiter, "utf-8")) + self.wait_until(lambda: self.output_count(lambda x: x >= 2)) + + filebeat.check_kill_and_wait() + + output = self.read_output() + + assert len(output) == 2 + assert output[0]["input.type"] == "unix" + + sock.close() + + def test_unix_datagram_socket(self): + # we create the socket in a temporary directory because + # go will fail to create a unix socket if the path length + # is longer than 108 characters. See https://github.com/golang/go/issues/6895 + with tempfile.TemporaryDirectory() as tempdir: + path = os.path.join(tempdir, "filebeat.sock") + input_raw = """ +- type: unix + path: {} + enabled: true + socket_type: datagram +""" + + input_raw = input_raw.format(path) + + self.render_config_template( + input_raw=input_raw, + inputs=False, + ) + + filebeat = self.start_beat() + + self.wait_until(lambda: self.log_contains("Started listening for UNIX connection")) + + sock = send_datagram_socket(path) self.wait_until(lambda: self.output_count(lambda x: x >= 2)) @@ -74,6 +107,27 @@ def send_events_with_delimiter(self, delimiter): output = self.read_output() assert len(output) == 2 + assert output[0]["message"] == "Hello World: 0;" assert output[0]["input.type"] == "unix" sock.close() + + +def send_stream_socket(path, delimiter): + sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) + sock.connect(path) + + for n in range(0, 2): + sock.send(bytes("Hello World: " + str(n) + delimiter, "utf-8")) + + return sock + + +def send_datagram_socket(path): + sock = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM) + sock.connect(path) + + for n in range(0, 2): + sock.sendto(bytes("Hello World: " + str(n) + ";", "utf-8"), path) + + return sock From 24a4da8f1c2cd1e04eb488dc97e458d620e19da2 Mon Sep 17 00:00:00 2001 From: kaiyan-sheng Date: Mon, 30 Nov 2020 08:22:14 -0700 Subject: [PATCH 29/41] Drop pkt_dstaddr and pkt_srcaddr when equals to "-" (#22721) * Add painless script to remove all empty fields --- CHANGELOG.next.asciidoc | 1 + .../module/aws/vpcflow/ingest/pipeline.yml | 26 +++++++++ .../test/custom-nat-gateway.log-expected.json | 1 - .../test/no-data-skip-data.log-expected.json | 2 - .../test/tcp-flag-sequence-skip-data.log | 5 ++ ...-flag-sequence-skip-data.log-expected.json | 58 +++++++++++++++++++ 6 files changed, 90 insertions(+), 3 deletions(-) create mode 100644 x-pack/filebeat/module/aws/vpcflow/test/tcp-flag-sequence-skip-data.log create mode 100644 x-pack/filebeat/module/aws/vpcflow/test/tcp-flag-sequence-skip-data.log-expected.json diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 2839e40f5280..c94dc62b826b 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -335,6 +335,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix handing missing eventtime and assignip field being set to N/A for fortinet module. {pull}22361[22361] - Fix Zeek dashboard reference to `zeek.ssl.server.name` field. {pull}21696[21696] - Fix for `field [source] not present as part of path [source.ip]` error in azure pipelines. {pull}22377[22377] +- Drop aws.vpcflow.pkt_srcaddr and aws.vpcflow.pkt_dstaddr when equal to "-". {pull}22721[22721] {issue}22716[22716] *Heartbeat* diff --git a/x-pack/filebeat/module/aws/vpcflow/ingest/pipeline.yml b/x-pack/filebeat/module/aws/vpcflow/ingest/pipeline.yml index bd9b1d32769b..a8a6e5ae7262 100644 --- a/x-pack/filebeat/module/aws/vpcflow/ingest/pipeline.yml +++ b/x-pack/filebeat/module/aws/vpcflow/ingest/pipeline.yml @@ -28,6 +28,32 @@ processors: field: ["aws.vpcflow.start", "aws.vpcflow.end"] ignore_missing: true + - script: + lang: painless + ignore_failure: true + if: ctx?.aws != null + source: >- + void handleMap(Map map) { + for (def x : map.values()) { + if (x instanceof Map) { + handleMap(x); + } else if (x instanceof List) { + handleList(x); + } + } + map.values().removeIf(v -> v instanceof String && v == "-"); + } + void handleList(List list) { + for (def x : list) { + if (x instanceof Map) { + handleMap(x); + } else if (x instanceof List) { + handleList(x); + } + } + } + handleMap(ctx.aws); + # IP Geolocation Lookup - geoip: field: source.ip diff --git a/x-pack/filebeat/module/aws/vpcflow/test/custom-nat-gateway.log-expected.json b/x-pack/filebeat/module/aws/vpcflow/test/custom-nat-gateway.log-expected.json index d508bd634792..6b9e4382bb50 100644 --- a/x-pack/filebeat/module/aws/vpcflow/test/custom-nat-gateway.log-expected.json +++ b/x-pack/filebeat/module/aws/vpcflow/test/custom-nat-gateway.log-expected.json @@ -1,6 +1,5 @@ [ { - "aws.vpcflow.instance_id": "-", "aws.vpcflow.interface_id": "eni-1235b8ca123456789", "aws.vpcflow.pkt_dstaddr": "203.0.113.5", "aws.vpcflow.pkt_srcaddr": "10.0.1.5", diff --git a/x-pack/filebeat/module/aws/vpcflow/test/no-data-skip-data.log-expected.json b/x-pack/filebeat/module/aws/vpcflow/test/no-data-skip-data.log-expected.json index 22705d87101b..e8224ee08b11 100644 --- a/x-pack/filebeat/module/aws/vpcflow/test/no-data-skip-data.log-expected.json +++ b/x-pack/filebeat/module/aws/vpcflow/test/no-data-skip-data.log-expected.json @@ -2,7 +2,6 @@ { "@timestamp": "2015-05-10T18:02:14.000Z", "aws.vpcflow.account_id": "123456789010", - "aws.vpcflow.action": "-", "aws.vpcflow.interface_id": "eni-1235b8ca123456789", "aws.vpcflow.log_status": "NODATA", "aws.vpcflow.version": "2", @@ -27,7 +26,6 @@ { "@timestamp": "2015-05-10T18:02:14.000Z", "aws.vpcflow.account_id": "123456789010", - "aws.vpcflow.action": "-", "aws.vpcflow.interface_id": "eni-11111111aaaaaaaaa", "aws.vpcflow.log_status": "SKIPDATA", "aws.vpcflow.version": "2", diff --git a/x-pack/filebeat/module/aws/vpcflow/test/tcp-flag-sequence-skip-data.log b/x-pack/filebeat/module/aws/vpcflow/test/tcp-flag-sequence-skip-data.log new file mode 100644 index 000000000000..2ce24460ff9f --- /dev/null +++ b/x-pack/filebeat/module/aws/vpcflow/test/tcp-flag-sequence-skip-data.log @@ -0,0 +1,5 @@ +version vpc-id subnet-id instance-id interface-id account-id type srcaddr dstaddr srcport dstport pkt-srcaddr pkt-dstaddr protocol bytes packets start end action tcp-flags log-status +3 vpc-abcdefab012345678 subnet-aaaaaaaa012345678 i-01234567890123456 eni-1235b8ca123456789 123456789010 - - - - - - - - - - 1566848875 1566848933 - - SKIPDATA + +version vpc-id subnet-id instance-id interface-id account-id type srcaddr dstaddr srcport dstport pkt-srcaddr pkt-dstaddr protocol bytes packets start end action tcp-flags log-status +3 vpc-abcdefab012345678 subnet-aaaaaaaa012345678 i-01234567890123456 eni-1235b8ca123456789 123456789010 - - - - - - - - - - 1566848875 1566848933 - - NODATA diff --git a/x-pack/filebeat/module/aws/vpcflow/test/tcp-flag-sequence-skip-data.log-expected.json b/x-pack/filebeat/module/aws/vpcflow/test/tcp-flag-sequence-skip-data.log-expected.json new file mode 100644 index 000000000000..b28207021b6a --- /dev/null +++ b/x-pack/filebeat/module/aws/vpcflow/test/tcp-flag-sequence-skip-data.log-expected.json @@ -0,0 +1,58 @@ +[ + { + "@timestamp": "2019-08-26T19:48:53.000Z", + "aws.vpcflow.account_id": "123456789010", + "aws.vpcflow.instance_id": "i-01234567890123456", + "aws.vpcflow.interface_id": "eni-1235b8ca123456789", + "aws.vpcflow.log_status": "SKIPDATA", + "aws.vpcflow.subnet_id": "subnet-aaaaaaaa012345678", + "aws.vpcflow.version": "3", + "aws.vpcflow.vpc_id": "vpc-abcdefab012345678", + "cloud.account.id": "123456789010", + "cloud.instance.id": "i-01234567890123456", + "cloud.provider": "aws", + "event.category": "network_traffic", + "event.dataset": "aws.vpcflow", + "event.end": "2019-08-26T19:48:53.000Z", + "event.kind": "event", + "event.module": "aws", + "event.original": "3 vpc-abcdefab012345678 subnet-aaaaaaaa012345678 i-01234567890123456 eni-1235b8ca123456789 123456789010 - - - - - - - - - - 1566848875 1566848933 - - SKIPDATA", + "event.start": "2019-08-26T19:47:55.000Z", + "event.type": "flow", + "fileset.name": "vpcflow", + "input.type": "log", + "log.offset": 183, + "service.type": "aws", + "tags": [ + "forwarded" + ] + }, + { + "@timestamp": "2019-08-26T19:48:53.000Z", + "aws.vpcflow.account_id": "123456789010", + "aws.vpcflow.instance_id": "i-01234567890123456", + "aws.vpcflow.interface_id": "eni-1235b8ca123456789", + "aws.vpcflow.log_status": "NODATA", + "aws.vpcflow.subnet_id": "subnet-aaaaaaaa012345678", + "aws.vpcflow.version": "3", + "aws.vpcflow.vpc_id": "vpc-abcdefab012345678", + "cloud.account.id": "123456789010", + "cloud.instance.id": "i-01234567890123456", + "cloud.provider": "aws", + "event.category": "network_traffic", + "event.dataset": "aws.vpcflow", + "event.end": "2019-08-26T19:48:53.000Z", + "event.kind": "event", + "event.module": "aws", + "event.original": "3 vpc-abcdefab012345678 subnet-aaaaaaaa012345678 i-01234567890123456 eni-1235b8ca123456789 123456789010 - - - - - - - - - - 1566848875 1566848933 - - NODATA", + "event.start": "2019-08-26T19:47:55.000Z", + "event.type": "flow", + "fileset.name": "vpcflow", + "input.type": "log", + "log.offset": 526, + "service.type": "aws", + "tags": [ + "forwarded" + ] + } +] \ No newline at end of file From 4d53320d24daf12b0542f8dc05028ed37cda45e4 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Mon, 30 Nov 2020 12:38:02 -0500 Subject: [PATCH 30/41] Make monitoring Namespace thread-safe (#22640) Add a mutex to Namespace to make read/writes thread-safe. Fixes #22639 --- libbeat/monitoring/namespace.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libbeat/monitoring/namespace.go b/libbeat/monitoring/namespace.go index 5f6d2ed4ae05..5ec11a626e45 100644 --- a/libbeat/monitoring/namespace.go +++ b/libbeat/monitoring/namespace.go @@ -23,6 +23,7 @@ var namespaces = NewNamespaces() // Namespace contains the name of the namespace and it's registry type Namespace struct { + sync.Mutex name string registry *Registry } @@ -42,11 +43,15 @@ func GetNamespace(name string) *Namespace { // SetRegistry sets the registry of the namespace func (n *Namespace) SetRegistry(r *Registry) { + n.Lock() + defer n.Unlock() n.registry = r } // GetRegistry gets the registry of the namespace func (n *Namespace) GetRegistry() *Registry { + n.Lock() + defer n.Unlock() if n.registry == nil { n.registry = NewRegistry() } From 5038ccf12a634e24899d066d6ca7cb7014e91569 Mon Sep 17 00:00:00 2001 From: Steffen Siering Date: Mon, 30 Nov 2020 19:27:16 +0100 Subject: [PATCH 31/41] Skip Filebeat test_shutdown on windows 7 (#22797) --- filebeat/tests/system/test_shutdown.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/filebeat/tests/system/test_shutdown.py b/filebeat/tests/system/test_shutdown.py index eb4084c5205e..8f18337435f5 100644 --- a/filebeat/tests/system/test_shutdown.py +++ b/filebeat/tests/system/test_shutdown.py @@ -1,5 +1,6 @@ import gzip import os +import platform import time import unittest from filebeat import BaseTest @@ -11,6 +12,8 @@ class Test(BaseTest): + @unittest.skipIf(platform.platform().startswith("Windows-7"), + "Flaky test: https://github.com/elastic/beats/issues/22795") def test_shutdown(self): """ Test starting and stopping Filebeat under load. From 09008c8d7c278d2cc404d3d6d73f35861c0814a2 Mon Sep 17 00:00:00 2001 From: Vijay Samuel Date: Tue, 1 Dec 2020 03:38:09 -0800 Subject: [PATCH 32/41] Fix polling node when it is not ready and monitor by hostname (#22666) --- CHANGELOG.next.asciidoc | 1 + .../autodiscover/providers/kubernetes/node.go | 11 ++++ .../providers/kubernetes/node_test.go | 59 ++++++++++++++++++- 3 files changed, 70 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index c94dc62b826b..6cf5d840158e 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -537,6 +537,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Added Kafka version 2.2 to the list of supported versions. {pull}22328[22328] - Add support for ephemeral containers in kubernetes autodiscover and `add_kubernetes_metadata`. {pull}22389[22389] {pull}22439[22439] - Added support for wildcard fields and keyword fallback in beats setup commands. {pull}22521[22521] +- Fix polling node when it is not ready and monitor by hostname {pull}22666[22666] *Auditbeat* diff --git a/libbeat/autodiscover/providers/kubernetes/node.go b/libbeat/autodiscover/providers/kubernetes/node.go index 95e23b33d2a5..0f37ade6b5a0 100644 --- a/libbeat/autodiscover/providers/kubernetes/node.go +++ b/libbeat/autodiscover/providers/kubernetes/node.go @@ -168,6 +168,11 @@ func (n *node) emit(node *kubernetes.Node, flag string) { return } + // If the node is not in ready state then dont monitor it unless its a stop event + if !isNodeReady(node) && flag != "stop" { + return + } + eventID := fmt.Sprint(node.GetObjectMeta().GetUID()) meta := n.metagen.Generate(node) @@ -237,6 +242,12 @@ func getAddress(node *kubernetes.Node) string { } } + for _, address := range node.Status.Addresses { + if address.Type == v1.NodeHostName && address.Address != "" { + return address.Address + } + } + return "" } diff --git a/libbeat/autodiscover/providers/kubernetes/node_test.go b/libbeat/autodiscover/providers/kubernetes/node_test.go index 518a01215781..6eb22b185e14 100644 --- a/libbeat/autodiscover/providers/kubernetes/node_test.go +++ b/libbeat/autodiscover/providers/kubernetes/node_test.go @@ -156,6 +156,12 @@ func TestEmitEvent_Node(t *testing.T) { Address: "node1", }, }, + Conditions: []v1.NodeCondition{ + { + Type: v1.NodeReady, + Status: v1.ConditionTrue, + }, + }, }, }, Expected: bus.Event{ @@ -183,6 +189,57 @@ func TestEmitEvent_Node(t *testing.T) { "config": []*common.Config{}, }, }, + { + Message: "Test node start with just node name", + Flag: "start", + Node: &kubernetes.Node{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + UID: types.UID(uid), + Labels: map[string]string{}, + Annotations: map[string]string{}, + }, + TypeMeta: typeMeta, + Status: v1.NodeStatus{ + Addresses: []v1.NodeAddress{ + { + Type: v1.NodeHostName, + Address: "node1", + }, + }, + Conditions: []v1.NodeCondition{ + { + Type: v1.NodeReady, + Status: v1.ConditionTrue, + }, + }, + }, + }, + Expected: bus.Event{ + "start": true, + "host": "node1", + "id": uid, + "provider": UUID, + "kubernetes": common.MapStr{ + "node": common.MapStr{ + "name": "metricbeat", + "uid": "005f3b90-4b9d-12f8-acf0-31020a840133", + "hostname": "node1", + }, + "annotations": common.MapStr{}, + }, + "meta": common.MapStr{ + "kubernetes": common.MapStr{ + "node": common.MapStr{ + "name": "metricbeat", + "uid": "005f3b90-4b9d-12f8-acf0-31020a840133", + "hostname": "node1", + }, + }, + }, + "config": []*common.Config{}, + }, + }, { Message: "Test service without host", Flag: "start", @@ -221,7 +278,7 @@ func TestEmitEvent_Node(t *testing.T) { }, Expected: bus.Event{ "stop": true, - "host": "", + "host": "node1", "id": uid, "provider": UUID, "kubernetes": common.MapStr{ From 0c67e9f7a002d2eb8cda9d74f35a6a2ea27d7e26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9mi=20V=C3=A1nyi?= Date: Tue, 1 Dec 2020 15:02:56 +0100 Subject: [PATCH 33/41] Skip somewhat flaky UDP system test on Windows (#22810) --- filebeat/tests/system/test_udp.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/filebeat/tests/system/test_udp.py b/filebeat/tests/system/test_udp.py index 844aa38a6053..7a8b73489bde 100644 --- a/filebeat/tests/system/test_udp.py +++ b/filebeat/tests/system/test_udp.py @@ -1,9 +1,12 @@ from filebeat import BaseTest +import os import socket +import unittest class Test(BaseTest): + @unittest.skipIf(os.name == 'nt', 'flaky test https://github.com/elastic/beats/issues/22809') def test_udp(self): host = "127.0.0.1" From cddf4d49a0122e75c1ba00965010a71bd34de4fa Mon Sep 17 00:00:00 2001 From: Shaunak Kashyap Date: Tue, 1 Dec 2020 19:35:32 +0530 Subject: [PATCH 34/41] Fixing logic to keep list of unique cluster UUIDs (#22808) * Fixing logic to keep list of unique cluster UUIDs * Adding CHANGELOG entry * Use common.StringSet * Adding more test cases * Adding back logic to broadly override cluster UUID for all pipelines, if set * Removing ToSlice() * Fixing loop --- CHANGELOG.next.asciidoc | 1 + metricbeat/module/logstash/logstash.go | 10 +- metricbeat/module/logstash/node/data_xpack.go | 13 +- .../module/logstash/node/data_xpack_test.go | 328 ++++++++++++++++++ .../module/logstash/node_stats/data_xpack.go | 8 +- .../logstash/node_stats/data_xpack_test.go | 273 +++++++++++++++ 6 files changed, 620 insertions(+), 13 deletions(-) create mode 100644 metricbeat/module/logstash/node/data_xpack_test.go create mode 100644 metricbeat/module/logstash/node_stats/data_xpack_test.go diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 6cf5d840158e..f76acfbf3138 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -441,6 +441,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix failiures caused by custom beat names with more than 15 characters {pull}22550[22550] - Stop generating NaN values from Cloud Foundry module to avoid errors in outputs. {pull}22634[22634] - Update NATS dashboards to leverage connection and route metricsets {pull}22646[22646] +- Fix `logstash` module when `xpack.enabled: true` is set from emitting redundant events. {pull}22808[22808] *Packetbeat* diff --git a/metricbeat/module/logstash/logstash.go b/metricbeat/module/logstash/logstash.go index fbc030fa3103..abd737f3ed4d 100644 --- a/metricbeat/module/logstash/logstash.go +++ b/metricbeat/module/logstash/logstash.go @@ -57,13 +57,13 @@ type MetricSet struct { XPack bool } -type graph struct { +type Graph struct { Vertices []map[string]interface{} `json:"vertices"` Edges []map[string]interface{} `json:"edges"` } -type graphContainer struct { - Graph *graph `json:"graph,omitempty"` +type GraphContainer struct { + Graph *Graph `json:"graph,omitempty"` Type string `json:"type"` Version string `json:"version"` Hash string `json:"hash"` @@ -74,8 +74,8 @@ type PipelineState struct { ID string `json:"id"` Hash string `json:"hash"` EphemeralID string `json:"ephemeral_id"` - Graph *graphContainer `json:"graph,omitempty"` - Representation *graphContainer `json:"representation"` + Graph *GraphContainer `json:"graph,omitempty"` + Representation *GraphContainer `json:"representation"` BatchSize int `json:"batch_size"` Workers int `json:"workers"` } diff --git a/metricbeat/module/logstash/node/data_xpack.go b/metricbeat/module/logstash/node/data_xpack.go index 96fc252158c4..66d3623c7de6 100644 --- a/metricbeat/module/logstash/node/data_xpack.go +++ b/metricbeat/module/logstash/node/data_xpack.go @@ -66,21 +66,26 @@ func makeClusterToPipelinesMap(pipelines []logstash.PipelineState, overrideClust var clusterToPipelinesMap map[string][]logstash.PipelineState clusterToPipelinesMap = make(map[string][]logstash.PipelineState) + if overrideClusterUUID != "" { + clusterToPipelinesMap[overrideClusterUUID] = pipelines + return clusterToPipelinesMap + } + for _, pipeline := range pipelines { - var clusterUUIDs []string + clusterUUIDs := common.StringSet{} for _, vertex := range pipeline.Graph.Graph.Vertices { clusterUUID := logstash.GetVertexClusterUUID(vertex, overrideClusterUUID) if clusterUUID != "" { - clusterUUIDs = append(clusterUUIDs, clusterUUID) + clusterUUIDs.Add(clusterUUID) } } // If no cluster UUID was found in this pipeline, assign it a blank one if len(clusterUUIDs) == 0 { - clusterUUIDs = []string{""} + clusterUUIDs.Add("") } - for _, clusterUUID := range clusterUUIDs { + for clusterUUID := range clusterUUIDs { clusterPipelines := clusterToPipelinesMap[clusterUUID] if clusterPipelines == nil { clusterToPipelinesMap[clusterUUID] = []logstash.PipelineState{} diff --git a/metricbeat/module/logstash/node/data_xpack_test.go b/metricbeat/module/logstash/node/data_xpack_test.go new file mode 100644 index 000000000000..17ae0aaaf912 --- /dev/null +++ b/metricbeat/module/logstash/node/data_xpack_test.go @@ -0,0 +1,328 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// +build !integration + +package node + +import ( + "testing" + + "github.com/stretchr/testify/require" + + "github.com/elastic/beats/v7/metricbeat/module/logstash" +) + +func TestMakeClusterToPipelinesMap(t *testing.T) { + tests := map[string]struct { + pipelines []logstash.PipelineState + overrideClusterUUID string + expectedMap map[string][]logstash.PipelineState + }{ + "no_vertex_cluster_id": { + pipelines: []logstash.PipelineState{ + { + ID: "test_pipeline", + Graph: &logstash.GraphContainer{ + Graph: &logstash.Graph{ + Vertices: []map[string]interface{}{ + { + "id": "vertex_1", + }, + { + "id": "vertex_2", + }, + { + "id": "vertex_3", + }, + }, + }, + }, + }, + }, + overrideClusterUUID: "prod_cluster_id", + expectedMap: map[string][]logstash.PipelineState{ + "prod_cluster_id": { + { + ID: "test_pipeline", + Graph: &logstash.GraphContainer{ + Graph: &logstash.Graph{ + Vertices: []map[string]interface{}{ + { + "id": "vertex_1", + }, + { + "id": "vertex_2", + }, + { + "id": "vertex_3", + }, + }, + }, + }, + }, + }, + }, + }, + "one_vertex_cluster_id": { + pipelines: []logstash.PipelineState{ + { + ID: "test_pipeline", + Graph: &logstash.GraphContainer{ + Graph: &logstash.Graph{ + Vertices: []map[string]interface{}{ + { + "id": "vertex_1", + "cluster_uuid": "es_1", + }, + { + "id": "vertex_2", + }, + { + "id": "vertex_3", + }, + }, + }, + }, + }, + }, + overrideClusterUUID: "prod_cluster_id", + expectedMap: map[string][]logstash.PipelineState{ + "prod_cluster_id": { + { + ID: "test_pipeline", + Graph: &logstash.GraphContainer{ + Graph: &logstash.Graph{ + Vertices: []map[string]interface{}{ + { + "id": "vertex_1", + "cluster_uuid": "es_1", + }, + { + "id": "vertex_2", + }, + { + "id": "vertex_3", + }, + }, + }, + }, + }, + }, + }, + }, + "two_pipelines": { + pipelines: []logstash.PipelineState{ + { + ID: "test_pipeline_1", + Graph: &logstash.GraphContainer{ + Graph: &logstash.Graph{ + Vertices: []map[string]interface{}{ + { + "id": "vertex_1_1", + "cluster_uuid": "es_1", + }, + { + "id": "vertex_1_2", + }, + { + "id": "vertex_1_3", + }, + }, + }, + }, + }, + { + ID: "test_pipeline_2", + Graph: &logstash.GraphContainer{ + Graph: &logstash.Graph{ + Vertices: []map[string]interface{}{ + { + "id": "vertex_2_1", + }, + { + "id": "vertex_2_2", + }, + { + "id": "vertex_2_3", + }, + }, + }, + }, + }, + }, + overrideClusterUUID: "prod_cluster_id", + expectedMap: map[string][]logstash.PipelineState{ + "prod_cluster_id": { + { + ID: "test_pipeline_1", + Graph: &logstash.GraphContainer{ + Graph: &logstash.Graph{ + Vertices: []map[string]interface{}{ + { + "id": "vertex_1_1", + "cluster_uuid": "es_1", + }, + { + "id": "vertex_1_2", + }, + { + "id": "vertex_1_3", + }, + }, + }, + }, + }, + { + ID: "test_pipeline_2", + Graph: &logstash.GraphContainer{ + Graph: &logstash.Graph{ + Vertices: []map[string]interface{}{ + { + "id": "vertex_2_1", + }, + { + "id": "vertex_2_2", + }, + { + "id": "vertex_2_3", + }, + }, + }, + }, + }, + }, + }, + }, + "no_override_cluster_id": { + pipelines: []logstash.PipelineState{ + { + ID: "test_pipeline_1", + Graph: &logstash.GraphContainer{ + Graph: &logstash.Graph{ + Vertices: []map[string]interface{}{ + { + "id": "vertex_1_1", + "cluster_uuid": "es_1", + }, + { + "id": "vertex_1_2", + "cluster_uuid": "es_2", + }, + { + "id": "vertex_1_3", + }, + }, + }, + }, + }, + { + ID: "test_pipeline_2", + Graph: &logstash.GraphContainer{ + Graph: &logstash.Graph{ + Vertices: []map[string]interface{}{ + { + "id": "vertex_2_1", + }, + { + "id": "vertex_2_2", + }, + { + "id": "vertex_2_3", + }, + }, + }, + }, + }, + }, + overrideClusterUUID: "", + expectedMap: map[string][]logstash.PipelineState{ + "es_1": { + { + ID: "test_pipeline_1", + Graph: &logstash.GraphContainer{ + Graph: &logstash.Graph{ + Vertices: []map[string]interface{}{ + { + "id": "vertex_1_1", + "cluster_uuid": "es_1", + }, + { + "id": "vertex_1_2", + "cluster_uuid": "es_2", + }, + { + "id": "vertex_1_3", + }, + }, + }, + }, + }, + }, + "es_2": { + { + ID: "test_pipeline_1", + Graph: &logstash.GraphContainer{ + Graph: &logstash.Graph{ + Vertices: []map[string]interface{}{ + { + "id": "vertex_1_1", + "cluster_uuid": "es_1", + }, + { + "id": "vertex_1_2", + "cluster_uuid": "es_2", + }, + { + "id": "vertex_1_3", + }, + }, + }, + }, + }, + }, + "": { + { + ID: "test_pipeline_2", + Graph: &logstash.GraphContainer{ + Graph: &logstash.Graph{ + Vertices: []map[string]interface{}{ + { + "id": "vertex_2_1", + }, + { + "id": "vertex_2_2", + }, + { + "id": "vertex_2_3", + }, + }, + }, + }, + }, + }, + }, + }, + } + + for name, test := range tests { + t.Run(name, func(t *testing.T) { + actualMap := makeClusterToPipelinesMap(test.pipelines, test.overrideClusterUUID) + require.Equal(t, test.expectedMap, actualMap) + }) + } +} diff --git a/metricbeat/module/logstash/node_stats/data_xpack.go b/metricbeat/module/logstash/node_stats/data_xpack.go index a6a9867b7cde..e5d82365b534 100644 --- a/metricbeat/module/logstash/node_stats/data_xpack.go +++ b/metricbeat/module/logstash/node_stats/data_xpack.go @@ -219,20 +219,20 @@ func makeClusterToPipelinesMap(pipelines []PipelineStats, overrideClusterUUID st } for _, pipeline := range pipelines { - var clusterUUIDs []string + clusterUUIDs := common.StringSet{} for _, vertex := range pipeline.Vertices { clusterUUID := logstash.GetVertexClusterUUID(vertex, overrideClusterUUID) if clusterUUID != "" { - clusterUUIDs = append(clusterUUIDs, clusterUUID) + clusterUUIDs.Add(clusterUUID) } } // If no cluster UUID was found in this pipeline, assign it a blank one if len(clusterUUIDs) == 0 { - clusterUUIDs = []string{""} + clusterUUIDs.Add("") } - for _, clusterUUID := range clusterUUIDs { + for clusterUUID := range clusterUUIDs { clusterPipelines := clusterToPipelinesMap[clusterUUID] if clusterPipelines == nil { clusterToPipelinesMap[clusterUUID] = []PipelineStats{} diff --git a/metricbeat/module/logstash/node_stats/data_xpack_test.go b/metricbeat/module/logstash/node_stats/data_xpack_test.go new file mode 100644 index 000000000000..6593be725347 --- /dev/null +++ b/metricbeat/module/logstash/node_stats/data_xpack_test.go @@ -0,0 +1,273 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +// +build !integration + +package node_stats + +import ( + "testing" + + "github.com/stretchr/testify/require" +) + +func TestMakeClusterToPipelinesMap(t *testing.T) { + tests := map[string]struct { + pipelines []PipelineStats + overrideClusterUUID string + expectedMap map[string][]PipelineStats + }{ + "no_vertex_cluster_id": { + pipelines: []PipelineStats{ + { + ID: "test_pipeline", + Vertices: []map[string]interface{}{ + { + "id": "vertex_1", + }, + { + "id": "vertex_2", + }, + { + "id": "vertex_3", + }, + }, + }, + }, + overrideClusterUUID: "prod_cluster_id", + expectedMap: map[string][]PipelineStats{ + "prod_cluster_id": { + { + ID: "test_pipeline", + Vertices: []map[string]interface{}{ + { + "id": "vertex_1", + }, + { + "id": "vertex_2", + }, + { + "id": "vertex_3", + }, + }, + }, + }, + }, + }, + "one_vertex_cluster_id": { + pipelines: []PipelineStats{ + { + ID: "test_pipeline", + Vertices: []map[string]interface{}{ + { + "id": "vertex_1", + "cluster_uuid": "es_1", + }, + { + "id": "vertex_2", + }, + { + "id": "vertex_3", + }, + }, + }, + }, + overrideClusterUUID: "prod_cluster_id", + expectedMap: map[string][]PipelineStats{ + "prod_cluster_id": { + { + ID: "test_pipeline", + Vertices: []map[string]interface{}{ + { + "id": "vertex_1", + "cluster_uuid": "es_1", + }, + { + "id": "vertex_2", + }, + { + "id": "vertex_3", + }, + }, + }, + }, + }, + }, + "two_pipelines": { + pipelines: []PipelineStats{ + { + ID: "test_pipeline_1", + Vertices: []map[string]interface{}{ + { + "id": "vertex_1_1", + "cluster_uuid": "es_1", + }, + { + "id": "vertex_1_2", + }, + { + "id": "vertex_1_3", + }, + }, + }, + { + ID: "test_pipeline_2", + Vertices: []map[string]interface{}{ + { + "id": "vertex_2_1", + }, + { + "id": "vertex_2_2", + }, + { + "id": "vertex_2_3", + }, + }, + }, + }, + overrideClusterUUID: "prod_cluster_id", + expectedMap: map[string][]PipelineStats{ + "prod_cluster_id": { + { + ID: "test_pipeline_1", + Vertices: []map[string]interface{}{ + { + "id": "vertex_1_1", + "cluster_uuid": "es_1", + }, + { + "id": "vertex_1_2", + }, + { + "id": "vertex_1_3", + }, + }, + }, + { + ID: "test_pipeline_2", + Vertices: []map[string]interface{}{ + { + "id": "vertex_2_1", + }, + { + "id": "vertex_2_2", + }, + { + "id": "vertex_2_3", + }, + }, + }, + }, + }, + }, + "no_override_cluster_id": { + pipelines: []PipelineStats{ + { + ID: "test_pipeline_1", + Vertices: []map[string]interface{}{ + { + "id": "vertex_1_1", + "cluster_uuid": "es_1", + }, + { + "id": "vertex_1_2", + "cluster_uuid": "es_2", + }, + { + "id": "vertex_1_3", + }, + }, + }, + { + ID: "test_pipeline_2", + Vertices: []map[string]interface{}{ + { + "id": "vertex_2_1", + }, + { + "id": "vertex_2_2", + }, + { + "id": "vertex_2_3", + }, + }, + }, + }, + expectedMap: map[string][]PipelineStats{ + "es_1": { + { + ID: "test_pipeline_1", + Vertices: []map[string]interface{}{ + { + "id": "vertex_1_1", + "cluster_uuid": "es_1", + }, + { + "id": "vertex_1_2", + "cluster_uuid": "es_2", + }, + { + "id": "vertex_1_3", + }, + }, + }, + }, + "es_2": { + { + ID: "test_pipeline_1", + Vertices: []map[string]interface{}{ + { + "id": "vertex_1_1", + "cluster_uuid": "es_1", + }, + { + "id": "vertex_1_2", + "cluster_uuid": "es_2", + }, + { + "id": "vertex_1_3", + }, + }, + }, + }, + "": { + { + ID: "test_pipeline_2", + Vertices: []map[string]interface{}{ + { + "id": "vertex_2_1", + }, + { + "id": "vertex_2_2", + }, + { + "id": "vertex_2_3", + }, + }, + }, + }, + }, + }, + } + + for name, test := range tests { + t.Run(name, func(t *testing.T) { + actualMap := makeClusterToPipelinesMap(test.pipelines, test.overrideClusterUUID) + require.Equal(t, test.expectedMap, actualMap) + }) + } +} From e3906585c1641ca9a52b9ffca66f9c91eb3330e0 Mon Sep 17 00:00:00 2001 From: Chris Mark Date: Tue, 1 Dec 2020 17:00:49 +0200 Subject: [PATCH 35/41] Add docs section for ECS EC2 monitoring (#22784) --- metricbeat/docs/modules/awsfargate.asciidoc | 11 +++++++++++ .../metricbeat/module/awsfargate/_meta/docs.asciidoc | 11 +++++++++++ 2 files changed, 22 insertions(+) diff --git a/metricbeat/docs/modules/awsfargate.asciidoc b/metricbeat/docs/modules/awsfargate.asciidoc index 1de246049d79..86dc52fe590b 100644 --- a/metricbeat/docs/modules/awsfargate.asciidoc +++ b/metricbeat/docs/modules/awsfargate.asciidoc @@ -33,6 +33,17 @@ be managed: ECS EC2 and ECS Fargate. ECS EC2 launches containers that run on EC2 instances. Users have to manage EC2 instances. Pricing depends on the number of EC2 instances running. +One can monitor these containers by deploying Metricbeat on the corresponding EC2 instances with the +Metricbeat Docker module enabled. + +In order to achieve this one will need: +-- +. to ensure access to these EC2 instances using ssh keys +coupled with EC2 instances (attach ssh keys on cluster creation using `Key pair` option) +. to enable shh access for the instances with the +proper https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html[inbound rules]. +-- + * *ECS Fargate* ECS Fargate removes the responsibility of provisioning, configuring, and diff --git a/x-pack/metricbeat/module/awsfargate/_meta/docs.asciidoc b/x-pack/metricbeat/module/awsfargate/_meta/docs.asciidoc index e0f7cb88e235..0f307ec2b503 100644 --- a/x-pack/metricbeat/module/awsfargate/_meta/docs.asciidoc +++ b/x-pack/metricbeat/module/awsfargate/_meta/docs.asciidoc @@ -23,6 +23,17 @@ be managed: ECS EC2 and ECS Fargate. ECS EC2 launches containers that run on EC2 instances. Users have to manage EC2 instances. Pricing depends on the number of EC2 instances running. +One can monitor these containers by deploying Metricbeat on the corresponding EC2 instances with the +Metricbeat Docker module enabled. + +In order to achieve this one will need: +-- +. to ensure access to these EC2 instances using ssh keys +coupled with EC2 instances (attach ssh keys on cluster creation using `Key pair` option) +. to enable shh access for the instances with the +proper https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/authorizing-access-to-an-instance.html[inbound rules]. +-- + * *ECS Fargate* ECS Fargate removes the responsibility of provisioning, configuring, and From 658a822afec47c48e9c8a028190adcb2165e7e4d Mon Sep 17 00:00:00 2001 From: Brandon Morelli Date: Tue, 1 Dec 2020 09:56:47 -0800 Subject: [PATCH 36/41] docs: fix setup.template.overwrite typos (#22804) --- libbeat/docs/template-config.asciidoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libbeat/docs/template-config.asciidoc b/libbeat/docs/template-config.asciidoc index 9c88601125cf..bae6b3fe9b0f 100644 --- a/libbeat/docs/template-config.asciidoc +++ b/libbeat/docs/template-config.asciidoc @@ -60,8 +60,8 @@ relative path is set, it is considered relative to the config path. See the < Date: Tue, 1 Dec 2020 18:58:45 +0100 Subject: [PATCH 37/41] Update Golang to 1.14.12 (#22790) * Update Golang to 1.14.12 * disable extra platforms temporarely --- .ci/packaging.groovy | 8 +++++--- .go-version | 2 +- auditbeat/Dockerfile | 2 +- filebeat/Dockerfile | 2 +- heartbeat/Dockerfile | 2 +- journalbeat/Dockerfile | 2 +- libbeat/Dockerfile | 2 +- libbeat/docs/version.asciidoc | 2 +- metricbeat/Dockerfile | 2 +- packetbeat/Dockerfile | 2 +- x-pack/functionbeat/Dockerfile | 2 +- x-pack/libbeat/Dockerfile | 2 +- 12 files changed, 16 insertions(+), 14 deletions(-) diff --git a/.ci/packaging.groovy b/.ci/packaging.groovy index 02adc1a06b87..53d7beb733f0 100644 --- a/.ci/packaging.groovy +++ b/.ci/packaging.groovy @@ -135,9 +135,11 @@ pipeline { 'linux/386', 'linux/arm64', 'linux/armv7', - 'linux/ppc64le', - 'linux/mips64', - 'linux/s390x', + // The platforms above are disabled temporarly as crossbuild images are + // not available. See: https://github.com/elastic/golang-crossbuild/issues/71 + //'linux/ppc64le', + //'linux/mips64', + //'linux/s390x', 'windows/amd64', 'windows/386', (params.macos ? '' : 'darwin/amd64'), diff --git a/.go-version b/.go-version index 52e779f28fa8..4ed70fac17d7 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.14.7 +1.14.12 diff --git a/auditbeat/Dockerfile b/auditbeat/Dockerfile index 0db572a2d1f9..c6d4c0c0735c 100644 --- a/auditbeat/Dockerfile +++ b/auditbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.14.7 +FROM golang:1.14.12 RUN \ apt-get update \ diff --git a/filebeat/Dockerfile b/filebeat/Dockerfile index 7a25b9906af5..d9707991a5fe 100644 --- a/filebeat/Dockerfile +++ b/filebeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.14.7 +FROM golang:1.14.12 RUN \ apt-get update \ diff --git a/heartbeat/Dockerfile b/heartbeat/Dockerfile index c0d8abfa9c8f..f0155d342742 100644 --- a/heartbeat/Dockerfile +++ b/heartbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.14.7 +FROM golang:1.14.12 RUN \ apt-get update \ diff --git a/journalbeat/Dockerfile b/journalbeat/Dockerfile index dd1d377f88d8..6df4d47d8857 100644 --- a/journalbeat/Dockerfile +++ b/journalbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.14.7 +FROM golang:1.14.12 RUN \ apt-get update \ diff --git a/libbeat/Dockerfile b/libbeat/Dockerfile index b72fbaa58b5a..b7dde2b92cfa 100644 --- a/libbeat/Dockerfile +++ b/libbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.14.7 +FROM golang:1.14.12 RUN \ apt-get update \ diff --git a/libbeat/docs/version.asciidoc b/libbeat/docs/version.asciidoc index d2c668c73925..906aa673a14a 100644 --- a/libbeat/docs/version.asciidoc +++ b/libbeat/docs/version.asciidoc @@ -1,6 +1,6 @@ :stack-version: 8.0.0 :doc-branch: master -:go-version: 1.14.7 +:go-version: 1.14.12 :release-state: unreleased :python: 3.7 :docker: 1.12 diff --git a/metricbeat/Dockerfile b/metricbeat/Dockerfile index d3255cfb2fd7..324f98c8d6de 100644 --- a/metricbeat/Dockerfile +++ b/metricbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.14.7 +FROM golang:1.14.12 RUN \ apt update \ diff --git a/packetbeat/Dockerfile b/packetbeat/Dockerfile index 52a31a9e99da..2b0faecc26fb 100644 --- a/packetbeat/Dockerfile +++ b/packetbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.14.7 +FROM golang:1.14.12 RUN \ apt-get update \ diff --git a/x-pack/functionbeat/Dockerfile b/x-pack/functionbeat/Dockerfile index 3abd7b67c5eb..907a989eb4d6 100644 --- a/x-pack/functionbeat/Dockerfile +++ b/x-pack/functionbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.14.7 +FROM golang:1.14.12 RUN \ apt-get update \ diff --git a/x-pack/libbeat/Dockerfile b/x-pack/libbeat/Dockerfile index 40977aa6cf9d..06ca7a1ffad7 100644 --- a/x-pack/libbeat/Dockerfile +++ b/x-pack/libbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.14.7 +FROM golang:1.14.12 RUN \ apt-get update \ From 15f351427f003e9466db9bd003a590b2f34df713 Mon Sep 17 00:00:00 2001 From: Andrew Cholakian Date: Tue, 1 Dec 2020 12:48:11 -0600 Subject: [PATCH 38/41] [Heartbeat] Fix exit on disabled monitor (#22829) Fixes a bug where when `enabled: false` was set on a monitor heartbeat would refuse to start. Fixes https://github.com/elastic/beats/issues/22665 --- CHANGELOG.next.asciidoc | 1 + heartbeat/beater/heartbeat.go | 9 +++++++-- heartbeat/monitors/stdfields/stdfields.go | 2 +- heartbeat/tests/system/test_base.py | 24 +++++++++++++++++++++++ 4 files changed, 33 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index f76acfbf3138..533d7a495fd7 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -345,6 +345,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Heartbeat* - The `service_name` monitor option is being replaced with `service.name` which is more correct. We will support the old option till 8.0. {pull}20330[20330] +- Fix exit on monitors with `enabled: false` {pull}22829[22829] *Journalbeat* diff --git a/heartbeat/beater/heartbeat.go b/heartbeat/beater/heartbeat.go index de63e60253f7..e944798887e2 100644 --- a/heartbeat/beater/heartbeat.go +++ b/heartbeat/beater/heartbeat.go @@ -21,12 +21,12 @@ import ( "fmt" "time" - "github.com/elastic/beats/v7/heartbeat/hbregistry" - "github.com/pkg/errors" "github.com/elastic/beats/v7/heartbeat/config" + "github.com/elastic/beats/v7/heartbeat/hbregistry" "github.com/elastic/beats/v7/heartbeat/monitors" + "github.com/elastic/beats/v7/heartbeat/monitors/stdfields" "github.com/elastic/beats/v7/heartbeat/scheduler" "github.com/elastic/beats/v7/libbeat/autodiscover" "github.com/elastic/beats/v7/libbeat/beat" @@ -127,8 +127,13 @@ func (bt *Heartbeat) RunStaticMonitors(b *beat.Beat) error { for _, cfg := range bt.config.Monitors { created, err := factory.Create(b.Publisher, cfg) if err != nil { + if err == stdfields.ErrPluginDisabled { + continue // don't stop loading monitors just because they're disabled + } + return errors.Wrap(err, "could not create monitor") } + created.Start() } return nil diff --git a/heartbeat/monitors/stdfields/stdfields.go b/heartbeat/monitors/stdfields/stdfields.go index 784b84cabd7b..433f62238636 100644 --- a/heartbeat/monitors/stdfields/stdfields.go +++ b/heartbeat/monitors/stdfields/stdfields.go @@ -28,7 +28,7 @@ import ( ) // ErrPluginDisabled is returned when the monitor plugin is marked as disabled. -var ErrPluginDisabled = errors.New("Monitor not loaded, plugin is disabled") +var ErrPluginDisabled = errors.New("monitor not loaded, plugin is disabled") type ServiceFields struct { Name string `config:"name"` diff --git a/heartbeat/tests/system/test_base.py b/heartbeat/tests/system/test_base.py index 854538253297..643f9f31bf76 100644 --- a/heartbeat/tests/system/test_base.py +++ b/heartbeat/tests/system/test_base.py @@ -32,6 +32,30 @@ def test_base(self): self.wait_until(lambda: self.log_contains("heartbeat is running")) heartbeat_proc.check_kill_and_wait() + def test_disabled(self): + """ + Basic test against a disabled monitor + """ + + config = { + "monitors": [ + { + "type": "http", + "enabled": "false", + "urls": ["http://localhost:9200"], + } + ] + } + + self.render_config_template( + path=os.path.abspath(self.working_dir) + "/log/*", + **config + ) + + heartbeat_proc = self.start_beat() + self.wait_until(lambda: self.log_contains("heartbeat is running")) + heartbeat_proc.check_kill_and_wait() + def test_fields_under_root(self): """ Basic test with fields and tags in monitor From 8425e41d9ffc649380f19d17f6034e52430130fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20de=20la=20Pe=C3=B1a?= Date: Tue, 1 Dec 2020 20:54:32 +0100 Subject: [PATCH 39/41] fix: use proper param name for e2e tests (#22836) --- .ci/packaging.groovy | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/packaging.groovy b/.ci/packaging.groovy index 53d7beb733f0..2eec1486ee33 100644 --- a/.ci/packaging.groovy +++ b/.ci/packaging.groovy @@ -346,7 +346,7 @@ def triggerE2ETests(String suite) { ] if (isPR()) { def version = "pr-${env.CHANGE_ID}" - parameters.push(booleanParam(name: 'USE_CI_SNAPSHOTS', value: true)) + parameters.push(booleanParam(name: 'ELASTIC_AGENT_USE_CI_SNAPSHOTS', value: true)) parameters.push(string(name: 'ELASTIC_AGENT_VERSION', value: "${version}")) parameters.push(string(name: 'METRICBEAT_VERSION', value: "${version}")) } From 4b30d9ae3bd9faef10d067b12b436033dcd25e49 Mon Sep 17 00:00:00 2001 From: Pier-Hugues Pellerin Date: Tue, 1 Dec 2020 16:10:59 -0500 Subject: [PATCH 40/41] Fix local_dynamic documentation and add providers inline doc. (#22657) * Fix local_dynamic documentation and add providers inline doc. Fix issues with the configuration and usage of the local_dynamic provider and add inline documentation in the yaml files. * Update docker yml * enable should be true in the yaml --- .../_meta/config/common.p2.yml.tmpl | 2 + .../_meta/config/common.reference.p2.yml.tmpl | 2 + .../config/elastic-agent.docker.yml.tmpl | 2 + .../_meta/config/providers.yml.tmpl | 42 ++++++++++++++++++ .../docs/elastic-agent-providers.asciidoc | 24 ++++++---- x-pack/elastic-agent/elastic-agent.docker.yml | 44 +++++++++++++++++++ .../elastic-agent/elastic-agent.reference.yml | 44 +++++++++++++++++++ x-pack/elastic-agent/elastic-agent.yml | 44 +++++++++++++++++++ 8 files changed, 196 insertions(+), 8 deletions(-) create mode 100644 x-pack/elastic-agent/_meta/config/providers.yml.tmpl diff --git a/x-pack/elastic-agent/_meta/config/common.p2.yml.tmpl b/x-pack/elastic-agent/_meta/config/common.p2.yml.tmpl index e88dea9534ed..4a2fb93d10f3 100644 --- a/x-pack/elastic-agent/_meta/config/common.p2.yml.tmpl +++ b/x-pack/elastic-agent/_meta/config/common.p2.yml.tmpl @@ -200,3 +200,5 @@ agent.logging.to_stderr: true # information. Recommended to use in combination with `logging.json=true` # Defaults to false. #agent.logging.ecs: false + +{{template "providers.yml.tmpl" .}} diff --git a/x-pack/elastic-agent/_meta/config/common.reference.p2.yml.tmpl b/x-pack/elastic-agent/_meta/config/common.reference.p2.yml.tmpl index 55ed22e65a3c..53c90a7f7835 100644 --- a/x-pack/elastic-agent/_meta/config/common.reference.p2.yml.tmpl +++ b/x-pack/elastic-agent/_meta/config/common.reference.p2.yml.tmpl @@ -200,3 +200,5 @@ agent.logging.to_stderr: true # information. Recommended to use in combination with `logging.json=true` # Defaults to false. #agent.logging.ecs: false + +{{template "providers.yml.tmpl" .}} diff --git a/x-pack/elastic-agent/_meta/config/elastic-agent.docker.yml.tmpl b/x-pack/elastic-agent/_meta/config/elastic-agent.docker.yml.tmpl index 2f8187a16049..bb77ce3947ce 100644 --- a/x-pack/elastic-agent/_meta/config/elastic-agent.docker.yml.tmpl +++ b/x-pack/elastic-agent/_meta/config/elastic-agent.docker.yml.tmpl @@ -200,3 +200,5 @@ agent.logging.to_stderr: true # information. Recommended to use in combination with `logging.json=true` # Defaults to false. #agent.logging.ecs: false + +{{template "providers.yml.tmpl" .}} diff --git a/x-pack/elastic-agent/_meta/config/providers.yml.tmpl b/x-pack/elastic-agent/_meta/config/providers.yml.tmpl new file mode 100644 index 000000000000..02d81408cb0f --- /dev/null +++ b/x-pack/elastic-agent/_meta/config/providers.yml.tmpl @@ -0,0 +1,42 @@ +# Providers + +# Providers supply the key/values pairs that are used for variable substitution +# and conditionals. Each provider's keys are automatically prefixed with the name +# of the provider. + +#providers: + +# Agent provides information about the running agent. +# agent: +# enabled: true + +# Docker provides inventory information from Docker. +# docker: +# enabled: true +# host: "unix:///var/run/docker.sock" +# cleanup_timeout: 60 + +# Env providers information about the running environment. +# env: +# enabled: true + +# Host provides information about the current host. +# host: +# enabled: true + +# Local provides custom keys to use as variable. +# local: +# enabled: true +# vars: +# foo: bar + +# Local dynamic allows you to define multiple key/values to generate multiple configurations. +# local_dynamic: +# enabled: true +# items: +# - vars: +# my_var: key1 +# - vars: +# my_var: key2 +# - vars: +# my_var: key3 diff --git a/x-pack/elastic-agent/docs/elastic-agent-providers.asciidoc b/x-pack/elastic-agent/docs/elastic-agent-providers.asciidoc index 868c5b2fd2ea..44125efe3495 100644 --- a/x-pack/elastic-agent/docs/elastic-agent-providers.asciidoc +++ b/x-pack/elastic-agent/docs/elastic-agent-providers.asciidoc @@ -172,13 +172,18 @@ defines 3 values for `item`: ---- inputs: - type: logfile - paths: "/var/${item}/app.log" + streams: + - paths: "/var/${local_dynamic.my_var}/app.log" providers: - vars: - - item: key1 - - item: key2 - - item: key3 + local_dynamic: + items: + - vars: + my_var: key1 + - vars: + my_var: key2 + - vars: + my_var: key3 ---- The configuration generated by this policy looks like: @@ -187,11 +192,14 @@ The configuration generated by this policy looks like: ---- inputs: - type: logfile - paths: "/var/key1/app.log" + streams: + - paths: "/var/key1/app.log" - type: logfile - paths: "/var/key2/app.log" + streams: + - paths: "/var/key2/app.log" - type: logfile - paths: "/var/key3/app.log" + streams: + - paths: "/var/key3/app.log" ---- [[docker-provider]] diff --git a/x-pack/elastic-agent/elastic-agent.docker.yml b/x-pack/elastic-agent/elastic-agent.docker.yml index 2f8187a16049..6028291bfc62 100644 --- a/x-pack/elastic-agent/elastic-agent.docker.yml +++ b/x-pack/elastic-agent/elastic-agent.docker.yml @@ -200,3 +200,47 @@ agent.logging.to_stderr: true # information. Recommended to use in combination with `logging.json=true` # Defaults to false. #agent.logging.ecs: false + +# Providers + +# Providers supply the key/values pairs that are used for variable substitution +# and conditionals. Each provider's keys are automatically prefixed with the name +# of the provider. + +#providers: + +# Agent provides information about the running agent. +# agent: +# enabled: true + +# Docker provides inventory information from Docker. +# docker: +# enabled: true +# host: "unix:///var/run/docker.sock" +# cleanup_timeout: 60 + +# Env providers information about the running environment. +# env: +# enabled: true + +# Host provides information about the current host. +# host: +# enabled: true + +# Local provides custom keys to use as variable. +# local: +# enabled: true +# vars: +# foo: bar + +# Local dynamic allows you to define multiple key/values to generate multiple configurations. +# local_dynamic: +# enabled: true +# items: +# - vars: +# my_var: key1 +# - vars: +# my_var: key2 +# - vars: +# my_var: key3 + diff --git a/x-pack/elastic-agent/elastic-agent.reference.yml b/x-pack/elastic-agent/elastic-agent.reference.yml index 08a12d7907a1..022ce746647a 100644 --- a/x-pack/elastic-agent/elastic-agent.reference.yml +++ b/x-pack/elastic-agent/elastic-agent.reference.yml @@ -207,3 +207,47 @@ agent.logging.to_stderr: true # Defaults to false. #agent.logging.ecs: false +# Providers + +# Providers supply the key/values pairs that are used for variable substitution +# and conditionals. Each provider's keys are automatically prefixed with the name +# of the provider. + +#providers: + +# Agent provides information about the running agent. +# agent: +# enabled: true + +# Docker provides inventory information from Docker. +# docker: +# enabled: true +# host: "unix:///var/run/docker.sock" +# cleanup_timeout: 60 + +# Env providers information about the running environment. +# env: +# enabled: true + +# Host provides information about the current host. +# host: +# enabled: true + +# Local provides custom keys to use as variable. +# local: +# enabled: true +# vars: +# foo: bar + +# Local dynamic allows you to define multiple key/values to generate multiple configurations. +# local_dynamic: +# enabled: true +# items: +# - vars: +# my_var: key1 +# - vars: +# my_var: key2 +# - vars: +# my_var: key3 + + diff --git a/x-pack/elastic-agent/elastic-agent.yml b/x-pack/elastic-agent/elastic-agent.yml index 232ff03c62e5..6134c396036b 100644 --- a/x-pack/elastic-agent/elastic-agent.yml +++ b/x-pack/elastic-agent/elastic-agent.yml @@ -207,3 +207,47 @@ agent.logging.to_stderr: true # Defaults to false. #agent.logging.ecs: false +# Providers + +# Providers supply the key/values pairs that are used for variable substitution +# and conditionals. Each provider's keys are automatically prefixed with the name +# of the provider. + +#providers: + +# Agent provides information about the running agent. +# agent: +# enabled: true + +# Docker provides inventory information from Docker. +# docker: +# enabled: true +# host: "unix:///var/run/docker.sock" +# cleanup_timeout: 60 + +# Env providers information about the running environment. +# env: +# enabled: true + +# Host provides information about the current host. +# host: +# enabled: true + +# Local provides custom keys to use as variable. +# local: +# enabled: true +# vars: +# foo: bar + +# Local dynamic allows you to define multiple key/values to generate multiple configurations. +# local_dynamic: +# enabled: true +# items: +# - vars: +# my_var: key1 +# - vars: +# my_var: key2 +# - vars: +# my_var: key3 + + From bb481b499a418412f0867a1ad7505b6849a1a068 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Tue, 1 Dec 2020 17:05:55 -0500 Subject: [PATCH 41/41] Fix version parser regex for packaging (#22581) This fixes the version parser regex to allow it to handle double digit major/minor/patch values. It fixes the FileVersion added to Windows exe files. --- CHANGELOG.next.asciidoc | 2 ++ dev-tools/mage/common.go | 2 +- dev-tools/mage/common_test.go | 2 ++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 533d7a495fd7..000eaf8415a1 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -215,8 +215,10 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fixed documentation for commands in beats dev guide {pull}22194[22194] - Fix parsing of expired licences. {issue}21112[21112] {pull}22180[22180] - Fix duplicated pod events in kubernetes autodiscover for pods with init or ephemeral containers. {pull}22438[22438] +- Fix FileVersion contained in Windows exe files. {pull}22581[22581] - Fix index template loading when the new index format is selected. {issue}22482[22482] {pull}22682[22682] + *Auditbeat* - system/socket: Fixed compatibility issue with kernel 5.x. {pull}15771[15771] diff --git a/dev-tools/mage/common.go b/dev-tools/mage/common.go index e4b93625b75c..dd0a2fd56c2c 100644 --- a/dev-tools/mage/common.go +++ b/dev-tools/mage/common.go @@ -782,7 +782,7 @@ func binaryExtension(goos string) string { return "" } -var parseVersionRegex = regexp.MustCompile(`(?m)^[^\d]*(?P\d)+\.(?P\d)+(?:\.(?P\d)+.*)?$`) +var parseVersionRegex = regexp.MustCompile(`(?m)^[^\d]*(?P\d+)\.(?P\d+)(?:\.(?P\d+).*)?$`) // ParseVersion extracts the major, minor, and optional patch number from a // version string. diff --git a/dev-tools/mage/common_test.go b/dev-tools/mage/common_test.go index e4ce81505ad0..8b6ac8bd7323 100644 --- a/dev-tools/mage/common_test.go +++ b/dev-tools/mage/common_test.go @@ -33,6 +33,8 @@ func TestParseVersion(t *testing.T) { {"1.2.3-SNAPSHOT", 1, 2, 3}, {"1.2.3rc1", 1, 2, 3}, {"1.2", 1, 2, 0}, + {"7.10.0", 7, 10, 0}, + {"10.01.22", 10, 1, 22}, } for _, tc := range tests {

>A zTb|D%Q{TMg)y7%!{n4wjm6W?Xub@FVI0;H<5Ao1VLytXYu)U-~SMcGAyq{p@S)~!- zFoKN04IFCu9_kKdQ}K%-EN06jyoO_A3m0VG^w~mzv>(s%Y<8|Yw2k`6E_*k<9G=cF zOs*e=l62aV$)}pzB@&V{T;|C)CR?k3I4(t89>#;@|8db&-}a#@^MU&@Dp>&Aq@%q4e6g-!SmscEF@Jtrq9sbUIT-k4|j zTb#&!`i9G7QBH&Oyb9^zG!=e|^I1$@O=y|^b8Ll#FWUQNAnm@#C~#?cL!MYdybAl; zKU;D`fjSH^NGLrb+d(rp86E}UY*T#MaDo%R{BR?-94_3);(#ByVZY*hUL7tes&5QL zz?G`deX*+gGJ-XdpV|^iWW-B`?uHbk55L=JZ;8-k{SMra_`9vmzR56E=Z>O&vBjMp9 z$)LJ2=k&{dg(Je{>Z$mUpUa&m6GBlT4Q4>1ICJvWjQiCa$FQ={C!Ha<0Jp+S`myb~ zxl04nB4XJIn3O-SsVVyDnf%X}!8jMn822F;wI=rLtw{wROlXD`F@saih<#!E{w>Mr zhR!+2S(@#Z)I_=Z*FCU=kdJ|r@TFBZL+DMG zpxZBgYDkQk%km{-_iCSYG?QV?5Ty1;oH$=kjCzv`YJ)+833JoLllEwRT~jM2Yo93O+R_NO8k*ivRm^f*00;@QLHzCu(P;9DlE&2xJMp zp^TxU+g(i~6lrdRKdyj0)y${pS7y?-sura^H&N&)YtVT=xE3rIi+u?!q$hh5r-B9=jslEoVNGV;bG8h!Z4bXz(k%`%3@m z!S!FjbF3J}98#H->|Rse=D}ioeweu1J^o>vY3sD`JXH30sYJTo zjsux%ck1m#UcBP=>Bd40STyj{!+7hSKQ;a-w9afpjopGyC+j3{z$(){m_iwIbv{Iz z?+Ez2Mxtv5GmJ;wf)7eL1MUhZM3OaJwISm?IHAwro((al;d=f)I#zBKD|+Mcvyaf# z+M^0s_2X1Ai5_DIdqe~@IVi)sfA9h(p>0W79kCox*U%4kIBz&%>=d9;wlgrC%je z?HupYF;3--Nr6m&R(JOMTOF5TJwiOuvEw7|wjBW%NYd?D;V^F0>Ucgs1eejM4WI12 z(25GOAG-Gp0Y{h8wu&Eq&7QHkD4}NLq*ka)(X5njchLt^k)lkv+)GKFtN@|}-l3(U z?2$BX$ZIAAuhmN0HY%NX>h{y5({}MJd}BIXF(InjV9H!H^IkaZF;{OgELOfa4(*cW z#XkS!;S@SYM?K*<5>PSwKKt{q2U_u3Rh2#u0hX9e^^urL*yyh`0}e%t`^J!}uV7nJ zA2-D(Gnuj`_ux48;50h@_Sj|18g%~QnfBh*xEr8M#3M0o%#EFNxGTpT5(to zIh}SL$+CDSMy@B~X9X}e+-xI#57E=v=DY7Fw0ZWTm7FrXn@y@1jbZ7lJuC+Vro)8mE$kJOp)(93}M?K zk`&Nuvutci61?cU81O6-c~RP|7ZaHj#Xt<;JU>BaneIaL;gK~GJ^{Q_<+@>0Qk1dj zgQ}2{!`ysUNpWso)K4poy}+XGIQOAs z$2D!F-F44Ccrw1$u$WDIKvf0zWT*Ob5Q6C>v8{N3FIf;^JK zI6hHjcHyY2pz>cetjdVL*0OU=hM5~7(Kw35P=#C~;q5%S<3sT>6nKuP4^8YD3l$7p zY*fC?j4_eAm(nL-VP{Ruy}UwoXhQ$7Mw36Ro~GV2E>x3)!U9jDQB#F2YKjjszE(1H zeJ!SZq{6$G#pJ@b`oG-fQ#6k*TzyjV;>Asa>mxx5kPx8GI(drJ5R;a2N$@!HUvjpJ zGY_(k2L@F+twO-ZOBbpy=&n*XllC}>7zaO04;V?E#m~Y8<9ew0^&>Qu=2Vf_;XdA5*^C-| zX$JUN)lCij?0J4z3GYM$PXTm^VBiWlRdk(;i&&pnRZN=ot9rn*4|kBg{=aVebQhIV zaEg5xrzTM`AEx$p%_NCKWAdE{f4X4^`*0Mz{_PU1+on=FJK@zbo?JmuYah{B)v zV;VV`QYAkT-5%ND#7>Zld>2=!`tD$Du^ep>63%#m8wEC^4_HBhbRhGTS+*9%x!JCa zaKZtC9gLUzk>tOA31Dfg`})l5N+j`pGPXMp?1~y*kc1o)gz5^;p=|543B6fgEmN93B5R6-XyOVI}P96 zu|fE+o|nyf$tev5wTU10Zbkyc`fe33Zaei;Ze=^*XzG_nU4>XK$D{P6{lX4SJnfW& zIPAa9gEqs@K456JjYHl4R{0bqrxylT?2aZ^Bp?851Od>}fp0H*XtFtW7|6dd)eBIb z2Xo?gL>H>VM{>`fXy*R^eM85df0WJ02{!slp4uAm-mfg)SMc!+HS^ zv;y0Qpw%iFGxaMSWMuW`=|kdtB-D*EeS{2V@fwuM@lO^SIX>3KR#Y)oT?>g7$WlwO zrM{itz#Q)VTA=MZNqT9V*uPqhfj8GnBv30GgHGkpRjDA87#Hz2_5SR!hg#+M?KyD^ z*IkJD?obMG4~~R_XkzY-U|&&gfvc7wO#4^3H+<)H;LkEHR&2GxG9HF_`(G^M{M)4J zK=+ojkbL+&`@Z>c>*_G%(~ESZM?n8_gqns$XbQXDk#i&7xG_8|-rUct1gy$C1}^|; zTWvxSODS@i01Md;4TA=e&I))>4qc$3)@Y7JXgs)tq=bXcbq9C-P`e9GN2~-pLey_( z#2Mb*15aC9wbbHkGiKJ2r+vI+njm#vpi|+#whgK5xS{b4CZ|J4*^wjUh4$(K)Hk7(>|7FPjzX?T&pw`=x3dBepneS{yuOpJnBD|Dd;k0e(Zyv}Cn zN&MNUlpl-Wf`v9G6&}iI$Za;lA31A@h+%+rs@vIL3N2*IJBI-wjD)JGNZen$wX`pQ zEIby;CPqrC^P$~}Gtl7cZFC~T&{<~@vibGoWs~{*rlV%{hlI^r=;UFMB{}b|Ccu&J zifqg&x;pEtZEGDBpli&>Mas)rlVU^lI3^B@hHESZ}wV z?p=HRnp&*1`a|)+9VM&jV;>=lt+4i!S>(CQ^=wtcfEJAh>1o%fDpZ^TaJu3pjd_-ef33R`d zsbY8nKj;-7xCN&Q`DFw_P9`^ZXu*s5y>n*o6KG_trH0T00rZ|uBM-H>RX)S$=L+mC zkVY;(h<5caUv+W>vTcz<85`&g#kE7wfOl@6o}sCWss}VaDTQpicZZGglBFf%h))sR z{%z@#IxkK&FBG(jIYQaiMr}HPvD)zGeI7XM3Jqajcud||rwE@9i&lOb0f%B8ns^qtju1XS0JaZJ9_WynfQ!}1vRX_`YR%;{BO`LrGhA|Gz_Xt zd)gBv>mu1sHj3Xd`NB0GN~%sj=8nm^!8@5tf&j%7U7m*0$wITAxnAX=#x}mkJJx*>gy`D01cwahKxdqpM8|r>t&y`n>IHB(e?R;Lyu? zbdKlI3^@VsCJ55FcPT?Dy@#T^`(Q9cbW6CXlT^9wJMm#S)f2$oFG1uowU%0u!G**P^dYTQ&IkfC)_iQRCsROoJ%OQJ}Dk?EqY*@ z1Gd zZNFGVUC&(uiHA=ftsW!R=lIxS0I1E25}_b+RyfvJSgzlD!kOEdEc@MeXAr&Nq_W@c zh2*Z{=Fr4ZKdj|u%977ptFI>}E{{uG6`6)wwhg6YIElV}B7Aj0xf|}h{0%JYDZZqI5*-u1SC&?*8SPnbt zq{#K;N({lMffA76ydVA;u*+Sz5QXEx{#yI4;{nY?v;2eUJF-BaDUKl{RsoJ{9mT6H zH~a3*{-{joR6asMxd35)5h-yPvHnu-VUk9gMG9CkW?_Lj}Br69wuh(RSwzKLSSSIK zPVw@T5TvrE2#I<&a{TfcAe^KIu`=P%)6a((MYeLJ;@d4C4;{g7pW8>boK4qRla$eG zY0mM?c+QWgXWfr~ESL5d9(v#(44~+RDzTNHx7X)PHW5 z2tlb!69LzDva=LPteJBh_b#~Gx_Uz{@dZ~iVQ8_=Sx>E$Qsu4R=!AO_wGoN?nJ-+Y?M6_dNn5h0oes3 zk9(_&S||-d08!SJ>SWUE?SoSHrU3oKQ6a<#`jt^5li-ED+02gLM3IxqFB)!txDj{4(VP|ou}a?kpzA%dbXGneE{pzb65 zHc*H+8yaNUk_vtbPxx){)AL&SC6$caZ|xi$dssujyj9+9UO*A>W~4W2`AF5*^!lp! z8m;>5a7afEa~i@qCW7QlNLu=fdYKTr#V=kbrjv!#${GgWmmOU&ktgYGG{)TPnJrnvq>1L=Oj-sb^E27rp>mIPytvU=c~(D1 zqdlfro_B6(@Nw^H`PajOSIChJPuG^@_PBp7&*?}|Q&R0dmNimLVOr)t{kYaDZ=XoC zHNi>vX_RBh#KAyQ&ZsR@vjA|@5jdblM1AmQF9jnBnmwwb`BCp(P8g)(*TCWD4~DJX zq{q(J=ylKQc0y@3?p6E}Fk4ecuE}(JHk4$*tj}KhA=IxJt>K=D+zltS6U1L(%)(e> zH0KfoL>bg}{*l-XMq889VbYQ{nf?TP4~OA;)d4HXdPKGSs+V@)6kDEpx9$;nYMEc^ zwhnIm9Ze$#Ub}SMa!Z_@tqXDfG_bHs5_iEw&DqsDkLskj@DQzq_7XGdq^~l0+-LAV^bb_)9Y&S8#ezL4M@|&A9M3-V zKuKgaNEax2n!B+1?>6kenSYhp?FJf3cN4Id~FPLeKK<*@%1&y7raF78Fk*NcN_ynA-DoE*7f7dL{wmA-DlkeyW? zo)PU+c0WXxer|VoR87QRcQ@W#EMNLejrR;R@rsK(l1&c-kbgPCGusdzk$4_ix8L#` z49~RQe5j18q0pHah3VPQoV~IxyyB|f44m3-=-ow+UAsyuGb?`%`--qI9}mEKs23-; zMv&YJItF0QzPm3&?;Hd<)yVO!ft!eAR4iv1(7_(VcjsMHTJp)Bm4eE4Yz$HJqjbVE zqGO8L&X5kDJ^ZVrJuA~H9V;5(hhzqLxZV1(^Q)XP(C`GEaPbBjS+1;AXz^;HDVJkE~{k602Mn`JYya%C{e zU;kkue_kaW@fL)~BGyBKM;T$caCw7woCD&)WjfY}BCG`xNlV=0?lvNb(DD2AG@TS`u}R9`*`txowiFzLpW!$S>0Ls2cGU|qAAbNSkhZ8M+WdNswhSRuQI1K0 z;!f&3p2=~M#-9?I9HV5$DG5K`Amdx8qny?09|dA5&oBt1xmbCw-h!qj>pZ*|)%v2P zs-0~jK2o)cl}EmW-6el-J%-nUL9Uc{#yv3&-x}FtJY&1SL4bab%f|!b#@s(J*}A7L zh?KoWbjK7}N}xNIS{~8>Rt^%z_qL7n{~#S9e2{8Dy<4*T!0i#IfOgKRuz0lRz7xV2 zj63%Tw$9`!9>0m&LFNCV3gA`=QHcW=#b>Bv`{GbK7V1a*w6H_2HMhDP?YFaK!CtS{ z=dE_c?aDJBuW(nzr=;rZFHO;|>H&umr1AToj*#nlcPP9a%a-OsmJi4Y2#j}r1u#C# zB1* z!bV*<20A&chF8;}&sfnPdT<_&n#}0lyp(gqU03pk~>&&hy9^$RuODUPfLdJm)=X2y%dY!qwQUQgw2ejUUK8J(|K7^ z;?czIu7s+|!Z(Ge=@)iBMD(viApswZWRq&VuliS|c%SmdA8N?d}z%)S!z zTbS+n>+byxA4cT$z^APFzVnmZPuHO9hkZHYY3!H@cS zR1;H_B1jz=HF=Gy^>;*6F|%jNs%Bu-iaFt!_>gE}Op=ax9iAyNb-mjy4x&cfH+nT3 zh|s7RaK$^bMGw}6EG2Ng_oh8*?l7PE25nhJSzL|5b>(}5amJRdTDhMuYfUn@QXB4U`9+@ovFvgbkxI;2LtULkTo=K9Gkwi|g>8D9 z^4YZ3MeoHj+p%_y$s;ErLdQDJbeJIYzs`S0|ATWOMN&nm;_Iow9F2(l4wJCQ`yNYN za#rF#bhbh_8T(=A_=`!+81kn07LSn%FMM*(w25ixH9W*i=xC)RzW3ZFjw4#{-42_X zP`!83Tn3$R5s+Cu_@~GA=mI@g{xz}Jul1?)=>15U>Bbfs=Udqm!9VB5`Lb3rf(q%- zg{p2o(JC?#Y)B{igw<|!gAZfdGt6XowT3WRw zd{Xxz!PDbJ6z}^~c^*`ve;^}5(`ssxNXJ0$ZAlH|__)rVz4gH23&X0wWcX5O2|s;# z4O#>r@GfkH*?;xI9DaAF92$FlUN#iKR4dn2QO4K$h!U=*!QbZ@+**x;^hgfQ6(l`E zDE#|Cl>QqE{|%`+_dy31O7(y%Do__nLj9UxrSECsd={v2|161?l6H~$ATrXr6DShEh}udL_fs~2 z)5?h|My`rRBThw9EaTlhoCgD!o6nI$2|zPh@oZsDl(K7>lh*d>TLCwv9L_RRz9;!b~j>tgiwQbcQzv{FCpsKL`AKW8w4@uRZ5POWzBg`Pi z^ClhYd!@HW3G~32$qmrDwnq|^dx+zxpZ`;iPHm7 zmjX{_=M+31w29SXrpyU5*bh?5lZD@6q1kULWOVR@i8SYdLra(1pCc=H{o`MV%E$_+ zkV^$8fj10b8=mhkMB@KYo@JdWy2^K#3hCq7#M;I{k^$8SLk=JeIYMmB%YEYyyzdd0 zw~B%G4{!!>#vsIdI%|T@k8tEQ%hm?QNbs4uQZ`7ai*dM~FbzJy>kn1<0k2;`aIWlt zA9#d@pt15eISt3p$k%KqZ(n>V=bszls>FBV!0{q1N0y;RD54;1cwa>!;P^9_LY^A__{j0z9Fy$J;oxo+AS zpsvhFW(7DiJe6y;q=zR{y{6eba4Su{4Y?q4)3B?`hXd6tPh9L$N~-Qabf>A4f$P&g zv&ZLd=wt+RM_oT;+DGGgjK)AhZNK_LA1LVV)!$!1qO7H*f{!olA%LJ$im(KT;O6%& z9&sW=TaONh;{KbC2&qOH0|q~NLP?wrX0jO{c@c&Xxghkh?~!$QobNp4-KG)0hcANO zw1u8nnPQB^_mJG=U@OAvZ{=W&!~w}02_Am}NZx@eeMK$A7Rgqg#4f;`$5QCW^c|RV zG-#8Xn;G{({=&61K)RF+oteznp6)H`a_#CpfK3TI|KBS4w^T=>ZVMuIMDQ{_-_$hU zekxv%$h}5bMerKVF^E7EZ|e4KD@25nkFNj0X$va<_>ToJ&CRm-O+~7uL!SNRI`mp~ z{HDs{Mj1iJg(zW;-?gOO`WSG2P^%)}cmpXzM2kC8DR+WqdtY}kc?NNx-v_GwzdTPP zlkH&+%6CwqKDz#mJ{D)nK4k7S6{qBR3nb9TX8KeyuX!DNsrC#H2jS@XH?|pooNyjy zrXT_c8D}l1>PyrskVbC>ya2)bE27|jqlP7Vuii~L5RR@Vh#%?S9leuIVJ0Qe7{m>3 zb}8c8#D%eTVveLeBmwy^a-?T(WpwBxy*eL-9X%3O##XSI> z29;e-Jr6taJqT+5=}ts^9{~JTM+nuN(iYFLPG~CXzKB7jW$MJ~5u`uJ9E=ZEvmoI! z9A-OpOSk7LR4IOVAAM%js>aHIGZ{m4K#Alk^Fq}-SLzG}^>Qzg1E*a4pl;CM{Clo| zb2LrPFpu!Pj7Is1M>j)qk1F1$yud^{dLhXKR)AZsVNK+9`dW-naEktYlC{C2GVo2j zRaW@_sRW~f~=0ZLSp|I`?dk29osa^hkla_y8T+8W?Bmq8ZOw(^gE&m9z+vQUvpQfC$WbfWU$apT&f^CySoliazCxb2)rG$ufKz;To%VOpz?#`WGbp*ek!CxwWet5Aj$p^ia*0HI*I8u3E zS~hG}jPSivDUIW0<;69_BjuaQo@nZrir91ed%BmEv;~g9-Lmd=&F?gt*7UWAT~bH2 z+|hg_Qtoc7+c#Kf1O(HIipZZBNWL`~)h7a~*)+!?tafo&`|Lpfkk2r)Zmaq^lacAS zv~iHCH;7L|YMV0$V~=~@wvQWeUCrdDx|C~l!o&-3fN=lY-fWJ@`>D~fE&^x7BA!py zW%-IuQOz`ubO#n^~ya(P|!5wCp$&Cad;x%)XPI=7=w&DH7zK2)?xf6Qi_Q!A{*X&>N z+Pz*c`=DqUd~7P1X!EfsS59JpPd8P@DBEM5!I4`DX-`jkTr4#z)hVJ=_ZtWt7M@*N zy)5{w{=rY=g?PlwFQYv6^LQI$n-8Gv~Ghe_lS@}*Qn?2nr-~is(A*{Df^H(ZpBV8k<5AScr z$7CM9D}%Ny>DJdYaJ~9{DLiHs9GmN#$DKqjYv=^na#%QmYkdx@g|qJNs5FBx~a0E$ay0gr9{E=8Bzvsr1S*za7(VxXPHuJL zBbmQCkBo(0gx2DBlk5w^*p+-dFA_6Ug(7s+0#rLWhKm+|@xy4l^GQ;*rC{^@7(_lk zqa{JQn5Ol^MemVEP!@DjDClcZLsLUcRK?`K`|wJ;6O{5CBCOfvOX5l{&B5ATr>0 zLQCCzXP_7NULGkT9=!cFW#|IC!?QQ~#V8>FT)!b02QV{#!e9UM_GT1GkQHL&&_($90eIlGY_-Ez-2J~ zeZ-t!<&Jm_rU|mGR4q}zCq!AyhgxUAAnPUd2@4?XnyyG1WI9v*KUww`$vFUHr=Gn> z+fKJV$49Cm#x)bDTO5Yk>jlbCC8#W@aE_PeI>;(fy&@kbO^m{{2%9atK!Q*XQ!hVn z$GUg%+Ap3bN%t{$326U4tp;Em#Aye7)8F#;zkh(bpP!$PcH(3|8`nuFmnx` zoRah((&h~fZL*VR2m}TUeH|>UN<>Kpno@lh`$}Mf^{M180Lk_T)sbvT2GIJSY%l-w zww;3v!M1PrAT2l>UUxsPm~cv-e-+v9pFXO}S6w=a)Pguwtc02$bOUYI1Io?p&V@UG zaNPIuX%3T1j^;7=zp2WE3$=H+_+Q=&oGnWPw`w-+kI{owd^^vGnkT;c zyYWDhV)_-iaKuQ9d^2m!jz8Y+ebGM|fPo^|kBvcPtjsCX8r^agge!j~RV4&jx_RE0 z)_B;1Sz$k>Vu-R%M_1rr|C-$y55KD(utpZH-~j9V?EtnyL`rH;&wsOLEeqYVmi^zq z7o=jihUlZGVZl#3ke7YF3si?8Y+IKt$Q=F#hyQr{+ZPU>C*&e0d+I#!Epa4F{7%c8Zeh5X49|k+zZ%BFYz)HFU zRT4fu6d4Hl_q$}{Z>HwIe_&qO*9YDlTu&szDd@8AsWs2}AUVEOz6cCnODGaD{Kj`iH`h7%2OPmE(6J z@s#LT+B$q6@FD*F1OIg^YisydM$*4?(>>T=t0AiLViQk+FC}hWqmJ$^rYs5v{;z)- zq3-`g;Qzzh=WoD&V~<0MNK{tAYabxQuQEHFt+smhdz>0SJiIFva3lYtFA|u8XKrvk z<(TyI-S5RC_nurM4ZeMssT{@x^0udbTdsR2iy9ujky@9yuOn5AhU>4NPVhH>9=^Ja zL$<-~Gg8|ZAihiPeJ!IGzvEU?v7IV%rF=*#9r*@1>Hb~@^QX6MddPb7L+YGfdQpKt zUOk|@V&M(%M|hH@-Tz^DW`ND?GFM!9{ds!|M5Ejnko=mjpSg`hBcKN0&i}y`{LcqQ z;{ULN5jj}^p{E8u%7fLTfE$)EyL1#h&OaI4|L5&VHAq+cvA=`>22S%!xO5%zU#SbF zafhBwZZHkkg<7;IhR^}n>(0o=H+mxobEdQZS#)xtN~c1ilgpg4j?vA%=#*uc{D1gH zh~4%77?XIGM=EHu8MxZL3HxXrs!!~a>X6>ifXDe_+?4AiRSdI={&%G6;#h~_^NRu9 z`_V%MAk1-^a1Q<{uR|OV1RtD#(jw5~-3ygZ_;|==uK3a%0iO?LAF_Mm zgn9^IRh;dt_;6Aqpqu$s)D~>RsIieB#&GMxb$9)t^c3IrJsHY&PCc6~kB*E4{#h=V4C7s?QFt zLKeM#T1mk6c4@vU&Xcbg<4Vbb<7O`)h6}B`jbuuH%Zy@od=L zh9q$~Jo0DEx+)kh&I)5P|K&HTW{g3p9z63;58;pR zn@ZY+eN&48xni#p>Ypz}Gp2;p+qBxP~Hx`zxRG$(Ql&<`CerH7td`k@kK%6Tkbgg`7=x)DGg!1_Ql^8^u>R@JgXVi8JD^J z!w-l5(`EnuA}Sv!_cA^Jfd6V=80?wu4XF0+d#69#_xEzqFrxA=Ru@om+`1o786LSu z+k-Cr%V$X!xTlkR?j}k1&QzF=9=u)ub=mW;?k(hul7SjDkMxBxQLswho`zMTbxA7$ z%u#<82EdWKCyRN-Z>#>*gFxbz0}^n?zWw`v!@!jl`H#=~kDIoR?8DUOQUAC>|8`Hl zXd|xrHiNzLKqOlJ(~mxVqSC4Z$~-qUyzIYtp8r1%Hy_nUq4aw-+jw)fC%eZF9A{a` zs3)Y*%mfNyOm+=tqYN+Jd@s4YRAK(4 zKi+50#0IV;Cc{yh=npeeH@pbDn}~eJEVBUPQE(ohaX1wwn~G-}ix&4;QBR%(1ytH& z(X<5mH6=_QKB{uG`$pO4`_TDi7)-stKD#d*K5Dq>FhJs_Zv6N=P^ugRgdrZdBUnV= z7k5XnVasrv-SOGOV!Q0JhdY;>ihcq6{LtLviF2e(WCWnR zMRbq)@uKc-ntKvCBmmxwZJo4D5MsTh8m7jQpM_NgqcLBnHC(=WAiM7CQ6#{xsqra!iFKqAve^A6YzV`N zyK37yyS>SztaZ-{e%%&~*j2yXSRSFuhI)3mE{4Ka()xXIt5$3ItsJv*_Bx{y? zq4j-Hc4qg!shTh)*qthuXz!!hVGw9g;$XMK_`b-eDQ3F`1J{?dyE5 zFXgsU<*cC_JZvtlbLtDOGOm+6IROn3oZyxbX4@lAf%gJZr_jQ=MP{M zpV(&He|_l(vs`Oo;KuC*F_DvlqBgJI#+IkCi6MnAoA|JM%8zXT{9OmFKp5Zap%Kv zTY*cp#e+WzOY{{DTvH-{_+^*5F9;*ijSi0C1ukmhM$WZY4HM4Wwm71;@0o0KCk3jT z^gE(!uReA?G+5Vgx80^k>$Mo^`+S)4d@ib% zvYacL+NRaTtkJ`{!8Ucgm?gZmtDi6}_uNjTij#H1`r(tuGw(I8pWNJEq1mAFYydUn z(anvIy6c)0=fg0CnU6rb<}S}4n{IZEv}Ij4SoC5rbNb+^ceKN3*7%ES+_nzmDt-Ki zLWd+@qxTNA&u7ToJx$!LGVlRA^grs`KE=^)?yov9|3km?bMba=M^@9^TyD^}1T~ZQ{GrmO;+v{kS?zw|(%nro$|eAVSg-Mz z1XO9K(r%kCuDQt(D)&~sLiW7@v(LbFw;qE<=oY+&V$nWiFQHP3D`*{FWBcyg6vaEm zj>d*6ONX{bN{{@676P)$iJ8G8P&G9ykYumlMMPB)S47%RFIQ2VGh5p>1M3hXrePG^7oYFZ_6;FzWv(z9oX z1`2ysBu?K5Y=_2Tiw8Y0FpMo_2(+c$tfTjTawC;+p4u||dQF@Z3EugyET8>g#d5s5I_AeXa`F|lAGO8ztS zILb3Py1pHJe@ZF1hnRvx*O{-s^0B0v_k`II#rs7jQ25F$bU0AXRNPHPN#^1$Y9F53 zGH@~~P!Aj;?*J?Hq9K?N$S`9b7{n({y*Ue>Okc&k)$1O^Q%FT9c7~G!=^VG?T_s9U zOCtFG8%y3^f2gG+sU>_@hvAt=&Ft594O&J@63q$ALJ5vgJ?4MO6J032OK}Nt2tQ@p z`6~TYDT`v@P|Y(1VW@WU@<(IlUmmOr+hzk@*Wc`}y&50KAPPvk8{xYlmai z*3C`m?6Rf8Qi|xzjwQqHCe>7qH;OkfU7F%$NKr!7#^#PWVcV!PXor>Jm_t-mi40V3 z+u^+~`kx!-UQAE96cOP9#-97}MDX`-Lq$NSNVqrR|(UdWZ&oPMv z$G7z7cHiRdlt|Vh{kOlT;cS$w4{7#gV-K>TB&2FbnzXA0j%g#UA&_e9-O_+!Ra7Td zKKW9$*&8S2$(VC3QM@Z25+hzv`LWvK&2gtntZXvvQ3HW6J}dF`H|Z^ zaqOXxfexvtH8s7E3Qs_=%V83R*+@AYQu5gJ0_QNX1|7k%jH)}HOC5iqnUg}>5eA7$d~T5QX=iUwnLLk;Sw78J&U^W7xom=p~M5G_IMVL;qAX4 zmF0Ahy%e`dKnm-Ikt%7iQKdXv-NTmVo>BK5C(c#d7TwxZ9e!n9wS3vCWC*IQs&c3O z1oLb_UlQv#Jbrx>;tMBwI`2l7<^V_M4O{~>hEcRk7FkA$KLY&vZU3~=%Zq$K$LB^_QwtRs z^TsZAAK6?*d}ymRO%FPwY%>)fig3=-p?|@4OetE`QFK~O!Bk{*FBu>8+L?T@tR`8E z6h>SYGCMtSLjK(q#W8sWFi_aD5Sj}al+E+g^7ICsvcr2hk#iy@NX5`UoZ06hamg8v zd>0;HVWoo%zBn`i@1dOgNGDiQrkEC$aQID98d(~N_1!|3$GakMhpXhlT6}rSSVnvT z{k5}JL2#+A z;}7Q<@s!)fnysw9q2Q#6&JLBAEasUqaDAK zcQD`btapfah+L!cjg8`|Z$fF8GcT>+$3RW1biRmHTAAS~erfhjaQxHq-~)%$eP>bL zF8(UM`$6@ zqEj5JFBpg8t!Iw{%TyCtsLQpf)Yt}W%ev0mQrzO3aUZ!I^w2(LBX=-Ju;8*9R>|h2 zZN9`jT_tNIN;{rkHdaC7)|~u&E2lJf*;ulPA?lk5Z6nLn_KwDG!V$Dk+S*LpnXb-< zE1$8qzi({j2}zsRB!=NrXP)p+pY+GXruC(Tbp8enA(x7{5e()AEj~DznEC(IQ{=we zuEa?P>7&HtVh3#K$Sp5P<~xz_$>|-qao~8w36cc=m2h+H8Ig|15|%y^>a`a2TsHbK zfg=0Nf`nK}8HFM(t6zqXzSM72Ks}+|H}WP*u7&+D%#qHdwO5v)7gdCANM<(YMo*Dr z(=WzWT#oeBl)YAa;>Ue<7qSi#@@>+X!GKUZuAdymupl=p={K5`@!!S*kXrw1Y&Yh2 zAcVEhK8jM>zO}S$!I`Z4=!Ua4J@%XuYX#}j>LwJW8B+%3&+)uWv0x=Bc2TlAbYdCT z-|08q=?jgt?^{DfLGdb@G5zdyUZ4`K^3(vnTHma#ErXd>b!kVLSzkVC-D{C(L3u#v zK!P)!(+$;^HT9DAl*yy_Wj3B&)?RUlIAfka`mT>lK%9KENcI5nz;P0C@+=Nb#jkkE zcU*Y^&9@&gN}ODYjuYGv45bXBoqe_wjJd{U=D+L4=@U9ZoxgvR%^~WddjwX(rIN+W z^A-Cu8U4~|XD+0jLY0HXq(mvrcV)tsj{gWJ0oyck<~B-?95YrHxEi%R;Y2<(gdSq= z<{Tv5=&#g>QQqkmUg6*^4ciH}W!=0Zr1DzHI4o$16$=wJ`|*CbMGw^A`$w132^%G- z^+pA4j|dfxmPd}agh|yUh;_>A0&90424cUb;ft80PfQs<`X1nY^kIhVF|R1@+1E;K z5~_)HzFOCNcg!+!C@=itvA2! z&U~RxVx+$r*U)QPIRHk!oDW_`%y93LXAjwZbNgdZx5|cN}N$8Tq1O$FKJ_>CvIsL3F2tiY9dhixm!sqv`YK8y&8S6 zhp&>}XtSIOnU9dfdJMTVZ8h7~Lje=y$~!tO)qE!znN;M{6w^6Ei|AbvfSo_)C z>I|8yq4@&VBG?mVwvu#>aeZNw<#}W)GjuA|R~gv@eBKRK@cZni)VFA^XPP?YP2wV7 z6+zfR5mpx-<;(SkEF2|^q zY0hxMXTt5e?pQ60@tt7tDz!$Om!^VK{)ZK|g38(BVQCnD628K>d9wMvl}>YOY2`KS z2RD?4makzybh%BK@F|lXaGu87K6!{VA8u=OGI}pKe|(lqxjX*iC{>l%#*A@(<6%3I z7$Y_Rz?5j6eVlCL%*vMOZClpU8ocP%suj-? z9;JmV(V$tBjx8qK?es{M_qx=^ODA*2{A_tpQvdQAJNBt%Yaz3I%G^Wcbvl8@{aEd- z6!*tE-B9V9)VC&*bAi1MeTg$nH%BHW=jqa+9h5$bC0T(-i)$EpSOkDW)X zl<8f#>VvP$qG~bsHWu!#*SZ;t9O?8Q7kacbTJ_rO@h)!!?IY28|Ho+|wg*Vki&JB{ zQ5w69?*9A)%S0Vpw3PBuNiS?pU0=hUY3iS@E4Rm@c{W6nd&m0KcAC^eJXzCDONKK$ zv7gB4MkgeR=i#$G%>>&@PC6uUCVMK3Kd$w>{*l+gzq3lpyoR-P{H#M&&<=&a8=Nnt zsF|bLr#cEko@ywf59?9V81X|I;R8&3^!{9~KkSRs{f)X@>IpP2I@szuNG>Ou+LAEs z3s9k#)56~@cp6|E#qUhfb2|3Yy?1IHE)S%S_9ZkM8um8`RTI@;tqZUW2z^4oKjvrA zuX>jkE*!C)_p10>Lg*f9AE}`VTvW!5(N=OlaHUwGJhQ@ax$}G;BROlJ0ja(Z}d5YIMPj5<#LS2+(o%qY>z zV2t`Zp67n=_j~VifB(#j7jw=&`|Q2e-fOS*{%l?ALAb;T_~csr`&%HX6G?d z^HHehL#(@Kp@UqEvZ&tz9{qY~dQfM&t;z4V`GH2s{)g$tzgbgvcJ;2W6S*>svV`BK z6k|*sm)z}&`JmI?u~EZlyX0j_euG?dCecC;OF$IExG*;yLrpT+#n+)!pj!jREgXpR z#uA=;Y%!GBB-2FQ#5-L4Siz9Opg@lL#S?5+%*acqM-VT(our?-FdlwW@q3YtgdLgi zA|N7GNx8~4#I>I1L%@5#lIjn2wLO+0by8Z;&i>i4p3DIa0A!inqqelK;fJMRTRayDQfU?rfP{WvcKcDtF{P49? zeo#kAw_7}hSp9@jovicmkeeIveLNbhNZ9=ux?G3UHrx-lv-83COl=tR*?Ww{?g<3H zJ7Q{xvGiO0_|~PMnVaX=bE$kHvA52JahS6um^~^|F~sKuo_4$qNx%nv+ptiyza*N$ zR=)k>FSf}D-_-${pKHqTa~+_tyJ!M>v>|GiT|;R{&1^qnWvglutQpvG)CnzUdwGUH zFe=X-tl5dMY+V22(%i)m2Zf1IE0Uae?+o}YjS>=Qq=kyzML+F{jB$4!O!}eOrVH1D z#&^ho(fIv{hHy<+=F^wFk4`ylzCRa=t+|6%262e7MTwxLd2$4)V#Qd|jy)o~FUm>5 z5CZeBq@mJua-?$EH9SYV`CKGnfjMHFsn0j{Iih}o;!R%Tfg=d(?R){o?g|2{+~Ubn z&r?rVf6YhE=fynD1uKs+V~JhcBUcbWYq@9HE!ABo`m&q%A&1n_9h3ydcNAbJN}(Yp z7SDz}*7N_&3Ez@Ru+A`eO6rYvRUD9GX>^%A%K>@X5n^v1n zDTHeytqz%h3WXgF!$dbS(_BhXVuls{+F6q>fCEfNTBA1mpjy4Di&Dv&`V{4ay6A-o z`d*^1qvWTJk45^(E=iVG697H z(S{~lWYjbh^!+W0sOOpuM%7^&4d!>jJoZTi`S41D?%7wjx*82y3=9zmrwL7Qv-AC{C%p~v2lc~ zp2EkAfeTQ6ETs45kR8fDjwB&4{fPNSvUO|_rQ1wa%a6D=f5qtYmY*OOCM17Ho)Irg z@BMd@`saJ`J#fU%K~cd@ny0&d+I}8tsw>mvBl5nL@34NAdZe$pVXJ; zQQ!}c6~uVD;18I))I0B|*jE-;!$=w&-ybg&KW^7-n-d@bE@uxubs<7 zNjAeCL+OTM;gQXQuAReS3SnFC)Pe1J#?x4OJF}h|@X2UW^N#`ZTNvGAGlnADOxw1u zxW*OF=29nwJtBWPSL|>=5L0UQupPJM;B05k(WdGxFZSB9 zXd6R~*mTQrc>gcf`e3$(`mf}>_kthPe!gL_G-`9=5@waIjY26E- zzQb$OMq<^Flr=zcu5gSGs7$|fsG>qD1-8%EXJsAT>+9N+FIhkw+6b6#5)D_WeXjZ! z3xEb@JUxgwTd-^Y+M~Fu91&^NP;qgMoyOzoT;>Y6AgK^qGeF%%RrMez->N{q76i*# zVm*nC5h}cp4lcV8pp1#W(5;~dF#PYP7{p$5@RGhG7xXYMS)kf zO&pr$c@Bb(YhkH}yB}(HLz@jkCMF@Fhr|cyW9$AO8zc5qzA7wyvCw$QVd;>_gsy-B zz5YXN{QbL!R{psn-^cV+z|zB1JyLX4+R$$3jOV$+xlS?e2DIp6P2>;UVM-n@`0RYF z#L#NF=h<<`fC6&=5Aj!^K;0QiP%Q{BS_f$I!+HF2Ic^cX&meK=;SUofy`GG> zK?&Wx&Q67pbbDky21Am(>kWOLs?ESg&`u?9jiTiF@a!jTi3XoiXZ7>XWJPS@QJV7g znhf+y+9P;Tcf#)oaN-S+2mvG)wQ=fL4pJ84#gM2Dh42LLNz2}#VHJHysg~j81*3?q%FkX^L+u-$-Z*}>c@lNq&)fK1L zfh_{#th9}2kI<;)O7K0TOZ6hryhq=)EYB|dRq{kU{LyKiWa5%6?k3B4LjrOx7%6#* zhizvM(O5YV0uv&OvRr0a$x=(}RCr^9;7yc4;Bzt9ZAPdNU#hZRs+Px83(|7@YU#%i zsU|LPMkq=TX~xWm$~#26t2}pf39Z+#X5GR7m~V`ERx+2vM5 z$DmsVNkBUXmjeOswNJ0i!eoY6@Zl<6;dtt z)9o3tq%Mh0_x9M9BcyuLWopVd2}I(#X8x*@CL?w%hPwqQS{EAXLd&e$LTeF#KU>v32R03Rvq- zb(%fDUTLCrG&(LY;dC_jB5mW1K&1}L(eQD;aBhLLah7;NuJmw2TVu)bEKQ;=%XRtL z!GcaT)|*ldDb9sGMnr{_D4`oMzx{}4OzdyIfWz!0^Q;k=$B`r2MbW=?2wo+{A))en3dO|03DR-J=h}Z>7%xU? zN895ZpTj63=K5a0SMNbusDg%-9yqZo1o0f-Cn`Y|ck>iiet+0hDFh*%5^LwIcw|3@ zbaw5bIlvH5C-cT)Ombd2Yf>o|?#c7wM=ZR==OW`;NmcU0uUJ&g7dvb}CcTK4V5EGv z+v%({Kk=p_zT$h!pu!K6xt@1NJb=xwCfsH27&fYWzR%PepS}Cc03JUpC~ZlKj1%l~7=#jz=@tc)6E4%H!x;D{`jD!xaOuUyypt+YPvyq7;;(|jqE6XQW9*fWo0TVQ@I{PhhwVCzqK6BAr>19LVu`r= zW0T^KLR-|B(epiQ&pW7KjPg}AWHpQf7E-5Z&JJFuVb(L2+~N6$x%DtVqR|V-UaoE8 z{er}>q}SKlmD2O*@0%fGBc2|Bu|rAYG~{#{|jPwa&JxlvFXvD_r9YqcAt-`Y)V%C-jqb?47#GF zdU~eG5O~R1ZM`pF!k7XJr;(j=+_*>dF;4_-G8cly+c?GerUPAY(ba9^2p6i8ojG{rIZQYMql@4($PC2AmKaKm?o3p_QH0q z{oB+S(9p*2?^Ul)m>`I-q6@-dsf#82CmD3#6C<0O<6%^MF>q#*TSZMXOutPE69HUo z@z#z|R2&efH-roV|Nap=q$jHQrli$S~H)D#2iHPN#1|Od!0pj=nE7; z^M)aI=vjW!IYj+Qu8+3qZ_)gG(!n7)X#+i+7Uov!bmuXM-&lbyvSXK^T^C@OLm7Q_U5p^A2`6O37&-b2S% z?Jgb1qH~V>00DNQ4Yt1(9!L|23%TCNxzvYcd(&?Lg6PPc7=Pl$XqlcA*kH|Z03$Dc?w`BAc zH`O_^etY@I_m1jyT`ZsNp{O^C{76!j0 zu6~GZ=}*^1UgcRT*>nC!es^%}^^89I5FdLq^4UP(h5u^P3t~YtDvr_2I}dw}R&?tQ z_TrPW+@Fv2(=99nFiN4o)@SxX;%FwGP=Dr%UtRI4+5p#yF-X?!go7RQZ8j$~>vdOU zhmS4GE7BZVcFp6w^Nf;VK;;EZJ#baj^{-b|7QWGUAHaaBH*?lH4Eq=zy5rx>9 zj&Qd>dvWyIL_fZ`TC9)QEGa@a{D;=A0`w04zEE`tk}YvOIHs9UAaro*KIMayCo!gn|i7@q=>+@K*4(fa+hSQoWM zmj?y{#xTXbsrD?-ne!h6>@Kk$5-utB*M|vb^u9-g$X4bYIe=Cr^(c|$k?@Ff=Rvl5 zGn0`IxR$x|q&#JR6}dO7^c`Ahvqot{AmjeWS|JF0G7yj6Zs@Dy`_`)0Zl+Gwj*E`c z30O!CznqaK6YQX}V#dn1+J2(kclrb)Vd=244^5qrJ5;vllo~#I!jDHYEX(tC&%#rv z`YNA+o<0iFwe@(I@wBDkvUX<+6ikc_A?+w{F>I?1t%vPo=+7%^lbY?ejDGD%vljtG zgq&)vn8|3Zh=(a>4EdBk2l=g_f^7w@-QXExle{;jPrF;?dY~t;l3owNth?BscQ+Xieu92z8sl7N8K;m(l5mUvkq04^lSmp=rr% zXg&h1!Ms_B1rwOeOW(%bAxj#}bfNJR%#}?_*%S#FLagwDlS^zi;R3eEitQ z@jDrFe4~6%>9psdHn8KGbmPCo^SMz^Z)c2eH~YCr&P#zdleOswBya^AMvRGi`L&}V z?e|ON3j|O0bjO*{9Q`p(O=Jy4jEK_f-e!@u$O|b9rA=l;*oD;@iXQ5kx^JVO`B|>? ze%vp<*7~6nDZrtL(sJw#c3yPyJ{J?N&no|A=F=j`@HQ&**9^jH5p-A21*c%*7m4$V zR!xvr(E!A;I9@G{zaDlPZ7(0kTjO3PB!4qn>l_bDJS+hDf#`M@@u;dU zC2{`2{#>3qCVd|y7Od2!9{khj@`b-dr@cpuyRLjrOy=UR2jIlui0K9`VDIQP=L>MF z_5}`emjWM~orB2ejrZACe!89De!e(G!h`_(VNZi0oFHvY_QVi&+Y7>`YLKzqcB3yN ze#g`Q*@+7}OFs#OJ(}=syb#zd+RV+vrTX+A?&sd<&2l_F-JQ|?VO)KUI*4BE+wsTP zXLio&=5M?AQ;1t1_CIpXeL6%rgh^O6g`F?l=KPCO#CE0FWn_H1#|y8gy*&Mc#tEIB z?x@3SA-jv}LSD$z{1=^8JJ`zZ29@Fc0e~jJzmwFRKkL}9u~II$?~np} ztsP-&w5&|s&?SE~`y-g=4oh&$ZgpBrwJA-st~N^gm6#hir_RH_TUSpSqX&w)N`HL)jc^d!Op&fMOR;Xx zcpkC^PQ4|3qm5gyK4YokX$4Fyl6|9AnK{3;QA%S@sR{GN8tA9&H~E^#3-sw zKfa}ND)#NKl$aA!npICSmlQy$dyf((FW|ot8H-N6)pjn^wX^szP>);-u7Awz&)rFM zNq)1fYE{yO$3N12F|F_8@P#ah_>-Gg^-=&R{41(O%%+n7>3W0l+>Mh|XBRhGsl|;R zKDUpR>~7IOs^Mrt-<(gVAluz+vdO@cj^RE%_hV1TXD?FYeBFDW_bWO2c>LGfs+rJh~~p_m%s^bo=SaVWP$a?^fQ${1_nOv^kJn zuCzHzf7%{@(e^mZ_s+Hx>5iG--f+tA)Yyi;)_wRvH%m@=>yu+P$=xvK^QWIX4HuEfTw2Ww|SbQ?=WN>|A3H!+{2et%IX4BFRLWiX(%ye&{YVBlD*EKjb5e zgS#*Cci!ulfQ9NC^LwTfYo4G+M3kQEXjrivEuUQ!U7kMDZuEGM19c)(rGk$=Kxpxk zZQCYkQqxLlMFHBw-e8xS zqU59wPoWtDXJo7gwU5%DjrM4@Uwo8`u_MEX8eVQm+Ik-t$R)v(r(-z_s3iNmwBNI&NrPM zwWs^$0;`wdxHbnnn@(`oea>eiCA)Pvgi0WF8)v-?Hn2>ssq*zDFX+vMKZq?Z=+U|& z33ly|%b9W?NZY)=UcywOH{!F_g<3zD^~fvAf-8t@9;*)>bk1~R1T-8?QGk+VP^K#+4EB=R`8 zY*u{OS58tNe%!nGQc`{^y*_L>dX+FJrOtllRU-iw$in;H(a1Uebnvy zbjbG&d%1aACIPo8UE|qvC_b{d_*KsfA98s2A;Ncp!d%Eh-!QZI2lIss4;@)GaPlk#Dt}N!ds9Qw z*;V*V;oysCM8LX_ zbiqm*>xu*1*C>3HZtTb^!xTkpe!9_LCN*dR9$e!BMNvzgJXTlvSMa z4Ssr5|09Y11QqKTDl#m*9#KO*oQ%SS*%EbQWRIE-MJB|C@6CXNjIw&3?w;2D435N! zcS_Fr8%6GYJAebODp|P`hd7ruQi5Ya# zK^)XvZ%bRuI+d&uysuHYsb}tV$>3O0mwmG9&0FS&CxUbw*&%!^e)kw6_4&#RA(A%H zcs8V?6nY#DV%8K%H4FA?k~U$)sc;=G(?UJm%||3rtk*5PB=2dQ;D(1CZjrz2{kbtt zen*bIN3bya(tbyAVM(x`I8k4iG&%Vi6GsG-O6EL)3aJDwNLC|Gi!|mWwkAek4bJ2yG}W?c<9bH%Tv@j20jpF|(FepXS?kW` zX)9(^9+T3Lej`*I|FwU~-Fdt7UobN_f4RkLzLtS!HNC5EW5WF{OOrM~t*caru@@WW zX?4i0GaaVi+%9*z+wJgmFYxWf_GT~b()aMEuNOXT=c=pbTEFxL6vK8*ZZs6@v6&xy z*trYUQ9XAqbNA2<5!^XY?ZiJ#UXbXhksrxm`bxn3?c)<(j^g*3@*x_$GE7`QS?f!$ zPY^1m-tdlAV)UjLSm!v6Zd*Huwqg6e>II1ga;OLWS*#56itzgO@C=Wb2Q+(4jzFhx z6J;DvYR`rsTnuSaX>RjeZ-uy{V36XWrNrIu?Edy%k) zUb&Y!ALR`61)%SjOy$_E@6;*mJKf3{N;3J$3W<{w>18j#)WxwXtaEXA2z4KN&p*mJ zT*w{boMQD?clp38`S|zBQ06bb;ZMP(DASy&>8K|Rei7^mm<|1TyO{|e?Qzc_&DoS7 zU{g%^9HnBvwPeI-0K!F(&E8qUEmo%ER%|Hrbk zYRr}MKIj}bu;kf-*{AD|TF%vSqD`JDDp4F}NV82fB$$5;9_dPPI)#`$Ca#C%v)0ER z-RRTy*NI@T^FDvCXzUv>pxcmGg*`86QC85aQTVWG+BS*hhr1brOB77j zlBK1ESdt%qT;`ptIc@|8k8iBK#TdD!w~8RfH&~^{R+$gQy88_AX%6EXn31bbj7@yk zy;?Bh9?9}}vBRE&Kz6Jxd@$OCq<3&#Wixgo!nDTFHby89yN`K!D9^mOvrfRZZvSiJ zGvxde7F0urD#l6R_ufeyK#YFU)~{&$IlG3u!I!V}3=b{zqB!>^9+Y?hlNxu=b-8e8RQN*xDhL(ew8 zalqYtgDeN)Zg$lUJYHlmcrkm_mt z2728`{8X$hN*lgGn)H)(1NXbtxhcWKz`L3Ikg_8W>3~s|7G1?IK$0oQ9rY1M{-ZF> z)4XHisRcx&gYRyOX4}U8se@L-_gNtYo8W4S+VPK|?z}dTBI|VM!H-Ty4GOWg znGm^P<>$Mc5P>lR)ZmJrmNr5A7fz55C28wwnGoH$z^j@9X^qYJWAac}G~D{NZ*7smLVvA$pVya+;lcVRk%KJn?{P!$4yHZ=rsZ#@rg zddjxEF>MGdk+x*BT4sR3&0^g?!}k@F>gwB0d|4}d_m^}OyY_14cL?i-uoZc2uPU^C zp$Qm!Z~Vt*Ls(qB@ug))^O`ZjS0sHx{azcDnJpI?+jTJnRn6b>uxy zm6chhU_6ol$Cn@!$sO`bi1^?Iu#wW$!YmgJjO9-)rTzw63nvG7io;{A@RckkDAoJfD0A+IPve5?--ce*eC_+fk08ct3#v8|0*Ow8sX^WHB$YNHr{4$_r>LHtfXKwtR>Pl!_UqcR^(EM~ zi4eSArFCgeTe}{yFfT$M+R22&Y$JjiJ_25xoW5|J+iMhf;tMeQA7EPSfK0s*bF*b$2tsnP2Y2Vzil&8T?_K7xb|(Mr5!6%OEt_tOtBAZKJ{K%$6*|T zl|v@v(Kloi2xU}C7@F|~!F=vaNt$Pl`z+4LaXVn1RW=#gYPZ5g3oF_Wc_JMf6SZ9) zRW?<>^!NMHrn%cM_X9Mbp0nQ22HM$V@rQn&+N5s&Qu=e z^kZTYQMw7$5~G#<;-0{c_4UZpXU+>ielI>DR;bT8QEyq4iS*&9D%K-4FT&(v9fM2c z_-ZO%f4oD~=@Hhci2CCH*$z^49BoH5wF{}7$HLE5a}>Kd$B|_e?^dROLdPGUK*`gV zi4>4a!$s+=nIscYiY;tyo{))cINl-<0?ZCLX9vKQ_9A}8O>by_zoxkQ0Gpef2>D_EeyBgjc|{V*aZ(P zN>!{&YoD}4g$g{oIn|yJgbQjyceg(mMpxj0B z;$hypw0HW6u1?rkh7Z%YmvjGYQgepZOdEt9cYc9FNm(b_ubpP26z0xj&a-EV%Yxvx zdX7+q-1$Z0CY+MUPbX=v#hTiYHN8TRDqZjUG^rOCMdo$k!N0W=F@MaK8NiRBxR zhcJKO#XA3K#8&CNNZIc^`D`B6)tbVkt?gr#J<48KJ+Q9YQgV(6GTJ$tn8ET1wec!^ zkY@W(HgVFjFoD8W9W-e{6*b_CHGuy~iSrk-kaFKdn`97C4`a1kFhNeMRS?#IPA^*n z!0NlmAXka%pj8W5X(vzbZLwlb1xge(9WU#B@}BM-XHCGF@5aXD+KA=BHmYEj8=pd#(=eq|DTe%J*hy3>DcBngPP zLq+q3J+i9_5FIfvpNIgoD53x~nqc|o{<{SYrQ{EySKK>Ec_VDPq9X4!+=kX09gKnJ4AH~k~7}pf-GETCwb7tP0Jc# z`+E~mv4+T_VmLbiNjs)DWEBSDEUF%NlE&%r-c-uZinYrWp`D_M5$ z=q=1SqV5!MlC#N69{@V@w4t%p=SQ>AfOY}5Uff~7KotuBY#cEl*j1s9xuL78ThJgH zo5X&$KwRWFipN148Y9gQ zs)q*?cKKzF3*D+2mvUs`TdEA8az>i{3@Djvub#Gzlc@5wSF~x0ThQl|eU0e;eDT1J zhnC)_Tg=hNimf`{LXLo?G7Y&fSS0_ycQL|+bOHCR3v z;iJuakJ^umvM{d#f_#K4oBi8T zs(PSavKpurC0ZF!w6QWM-GCTJ-(+QK`&14(+SG1s+U(Vp{KW;gC{Yx_kF;qI!3*6n zHeD_3pn7BNEMH%9??G=)gUb#;K}LVO)sc4GawQsy_N^d^c)+~Q=biFRsf9nxXz#QE zDDp+@FrN|xC#KUTn)%(LIP-%DhMCkUTHVm#%nXwH6Nx}kk zzR5>+7;?EiQg2eJA$_2@SJnL9Mt4owpK^vaUY7ApKpy(|9L-|PLXs5waFwj1mgn!8P`EmoD*&t z1K5Deb4tFUt{u_`N}RN$-ispGOK!m?^W`})&!z8vXEFEp*$HV4@}o)2MHf#RxT80} zI(f`(GFMSJ7Cjo{T;;ft)I)zK@^X-#4_X?(Wm-wiZ{9Uxv=Wf)C9p+V`Jlma5i%%2 z?!sDG70WonwgSl+>N58on_qaxeXFu$2zMf5b5?^^g|ceO ze{Q|B%iYP?4X&B&TGqykc_8W2HaFBM@}Y3;(<49vs-d--LDbEKywP~{01}KK~ zZoGmtMy;5B`SYCijb6Lhd{^C+>_$1Lr1-aTQ|<=ON*4s@`XwpG>B$c7%#nFq$6=}k$Qgf+dI}J{zaae(+L2wMC!Q;)SnYBf6q%y})AQ2*FtDWeyjqL4@q~Fn{S(CT5+Oiz*Dt zK4P!=+DzqJDAbLOMk{M0gA?@;H%yFeoe|;FI}<=zR)T5Fnn7@e2_)8i@K`H11%C#?#X=too|tu=M;|MdhkqNa2|W_MEkHS=*I zu$6e$<*SAKQ4b^F*tY7ll8-zy0iUK{fz}DAIyvhD z6w6)Zd#cUXg^_qDG=dk`>aMsTr|P(N4D0=aj-WWwm%RuA>iFVU*^QDg_j`$kcymi) zEezaZiFYjqhp}rXA>aD2Azr_yYtoV5q}#j{QE$V3G0C$O(Ka4}q!)^%D@|O&kZz^NTY*j6xq4)Qf|e z1g9n?{l^Ykn0`U_?GansqQM`evRRtX&8=HdsYUZ9fH{nCQXT5+4x!ld1y$i>Dpj#O@ytSoQnb`o<_n;d(H@}>G^ToYl_>jKs z=P0~r6fNi+Y^E(FGUw>)`9ss3P~?a?$hiUPR%T(k6)6y;+;G9w(^)4vZ?Yd4cz7X1 z7rqYxPHRIRI zp1i+hm6-HEMc1o2T3QS_K)Z9>D9<*#EQxHZe_~z_v%#N~OJ6!%wnMZ^)yjKtUQ`X1 zj-nPR38pIE#N}&zj&lJYk@m8py3TGYL9)-gd{d6^pJq-od)%?*hOoyp-D5@4Yh`1M zbE~7z3|p+G1zRZ(>IxEV5i%d@j!E|HE3d~eKE;lI^v+#s(y$VPf;qPHP#=D-@*Y{W z>^!3UMM38L@C}+eN6%yAAP{dAl*l<@c4Fh%T6NLF0cZ4ZJUM*ds$(udor=P+kgXMU z`oq1X#ik)`?ygn7tyR7k{Zj?J^7_3&m0tT7-++Y`Z?tKfF%_}BB@0}7^$T1&DuGGj zE>sYVoN5}<^4QHtbaP~dT6A20C= z6`<2-SzYwqpN1LZzakH9nlL+L8|_EdZ)MpHj8j}bzijy>yb{WIn2IQG7JiSruMhc1 zhSX(A<)$Af+a41WxFp}`+Y9I5J$%caJMNnw(3-dBtBrixN)PFs=8-3P|NgLi-m*2R z!KTMo;%DS@EgFU%al!GL6c=r8sV&gO3d6&euBfT;d%vs*rnBfN0>d)bT87*|){$>c zSJond)wbL5{O<2|VHYd!JZ((5k49Byo+2xIbw#CHIb|qaD{+FmtM%;14azE;_JEWK z#2&%dCrQ&p7y8JjA4(=XyW&IGF$F{WdHP7PbsV z%w|T`a$#SIpFJ$fFr9k0_AZOvukm4t&|n>?c>f$C#}>}Ir848Cqu#`6vBL|R(Y#Jf zPX4L?UKrfxw##u$%8 zaT#?}hW3@8yla{F!LV)7%?#8EV7}#LCE;7^!@Kn57D~tX+6c%sYcq<(s|bp%YJ=WR#jQ`;-F5?kC_&3VD7*~ z)H*{OlY)Gg@5zagkuxAU9PSE#w*VQ0U3;h*t) z%=)!tEQAd3~Cch#lFZg`xwHtMNeM3u~~J%+HdiSm3Q28{NU{O7_PZ)=TU1pY*+r*do*Y^ z4I*P~(7V?5WCt6z)DA^RTjcD?o`&1qUWKf5)Tz#7I{tEOtDXy3JOaD)tvYt z>KDf|FbeQRzX-2;`k31`a65*o@hUzGI}G#?2lIAZla2GAl4}(M$Kl`L8+nHR0`&;@ zEh{9=>DU|(SR4Z$;ol!xq-mr|RD;F4CZrL=q=p~n*{zuG2Rw%yTrH#j$A1F9hQ3h> zL<@mJ2{>MHb5O8N)cKZeMK<;88vXC zQ&=NBCE)`9zQJEVjWk`|MF+tDdLt@~|8eJjX|>tdJuU6SM#Y31p?6#KVzZ`1;O2dywNs+S;y7b9aB?|Llps z8~OU_Wz5dZ6 zK5qAphz;~>VB7hLRHGP?tMSikl!{n47q=$uTt&D4b2eQ4`nvqD0jKu=9dP&XNYs~v z9;~VT?{5N~Oe;EX``~}S!mA$qqZ4{>uM`rbqtq_}sr<)XiwXXog}T`R!MT@Nqnz48 zy|MqtXMq+-wsVrr}ic^T>+(R0PL5|&!@%|W^OIs43f?!7;yz$ zpFRM)+Wp#gF68{Vk7seWi_&d7W;XTfFBikVXLsnlfM`$;vx}C}J25XK1e4@zjhzQx z1Alc7lU9BmLoWd30@<+uq0S_+#ESZvyXAnyDn%Vd+^ZK*02mid%nlJPZ#`LGJVqxa zk@m*DdNySI-@|+XsLA@v`0O4<2YvXj@v%kYw~}q&={;pZe-)Cf26S>GftaGy@G2me zal`kwx3TrREA?P%&W90zK8-Lri*&XBJJ`t*AhL54fFnWu0HM{+QFV6KN#Ido-^yGw z|21_+J`t{W7kOrlk!oByFR;|hgYRb;#lLLSpGf@pav$KUQ2>61)Ad|p${ZxOz;%Ph zUATF-a~HT)cP0Z~Frb*cC&3mNfIIF5vwhIZV*+SvU)_NQ&&ZUN?6`l`|LfsGErkIa z^~gzWJ~ov{y=D*HbL1%_Wp(wpd};#II1h7xL+NoXW1WGxCJE3JEufaPd0W|K4=9_9 z`tL7EfA0qrv(Z-}%Lm`&?f*R;45+QM5MIgjRCiVNZp-wgMMxiuB zt<{GKSb0bS-p)&J`+iy$7=4&Y2tZ-9Z^{hWPUvUVv& zI|@)VJYyBmsE!!bAc+$EGI)=St9zGe$MBCvCu=;zd8YqzB+d%p7hVbUlEhyOh^NWp ztzAh8PTRwSP#XlS42O}_wj|#-0j}#}9FS0qKadC-x{ThkVZ8+6w>>XbeV=NL*Hl)u zT?EWo)`#codD}2ersIH6dBe-<=&cudfCgd0pN{$zzI3hqc1fXB^+|qs;#ziwx2**c z1rx2QmXd9dWzgZzhV#LaNvPHU_R+rv;vZpr;Ka}z{K#+Vo#WA_OvkZ`@2@YFCBV2D zX~eg&b5n`8hj@q&?A&3oMhq7wsKipDVVy&E&0|`8)GMH%L0LA^{*;o z8{d&?AQDY@UX&GQd~CFIg#C4-`M0^LwP^R#p8ataaW#^au=E;j+*FwyFO|!~83<~k zO~VVR3~wtcH@}xQi5Vg#I9aVv{Jp(DxF znSeAv=JRW66n#fp^iH&`d5Kixs_YuS=o-k}I>H=Z`s~MsQ+drp2xO{hK0R1o(f;?a z;_2otV5^An840)nIjo%adg_RR=3`XcA_jg5nY$Two4`^}dNG3Vq4Di%<%QKNx&wKZ zD0@8`z)8B^tULqyIwsa&FzE%gHIu}vC(;1?%{Dpe+O47~Dz(Krz@l->AB?DqX{av5 zj0QiGj9h;Eq&oog{`T|%ASEa4PRtc%XL7b14JLohR9LMexK{l{z>k*quSoS@HaS0( z5Ei(&+~5N&R7}j94il!t%f5I8EcNo^FPWaoa9OJ7#WSY#4z*%1UH&i01_F!*cDB@O`>L>xUO=xIgdV>bV^dz`G5L|+LF`YWF9 zv;}i)r#_tQUIersAIGPUJd5<}0{E9*CE)Wl2DCMs)o~|%XRYISXH72~b7}>E%WU;? zowp9BKm{UV`E=rh#BTKivR6!4RVXo+EyI<&VA;x8Joo zy<2V2<6@x(ElQ+hDjs)G_CN)2tK(ioEjR!gI4&PUb{$PKC9@E6eT>Va^}yq{e@p|J z@7&7HQ=@0a{_oV;{JDDG#S}b>QKwd&1u%R+TmrCJ^M#ulo8e?4&7wCa zyS`zX3}*B<$*#78e=j+du+u1Kc;UTFT-2uZxhRb}w!kFo*xEqnrkM;a<8fRSbc z6jYJ&rZ*CxvhPJd-pDi2Xx1cEskGQl`xgsA?>F#b3DMHk2|(a9$CFlZbTcG2=&-c?G5v; zV$~Mai`PrYvZBxdp5i6S>LVXo!4aPDkP*#y3Uro=Heh5eQK$|c`MZZkh9unH2Fg2F zU-9{Q3#KS9wtV1_IZ?kz{2?=i_xL?1!wf$_*6n9A)TpxBG~f4$Sb;~h18Tx;K|m-V3zV+d0lPDv8sgEk`c$^NI5woA*M9IhF-Y~Cl_2`77 zZ(!af?i_ZL@>ZkAd^+CT2q-$uim*9FzV2)DwC|<%^85_G3F?=+YwuKV7T|`*-)hoS zU3%iH5o-3x0%u_R7~E#aG36XXgu45RlKm=U@E;L5MF3=r>28IqIK|4<9k>yu15E0R z2W_WXSh^LEPXV*_Wf2T=C`)mc@@tHZNvsB;csM?_=j*1ee8|rCd~2{0rThe(gwS;& ziha#{hdo7=x{b>w2>=-cqS9!EmLzt^I~sWxRJBj%+$uo5)+9z_m)3TYfk8|w;i-xS z_f!{C4w6S(Z|edWe(cw#kS*-d#jcf3$#12_%m1r;Oh9j|L6df%}B7LNodXNCuHgx!}!w8sG2)lY-5aN6% zmu)vWbzU!_C0hdnuTnQGZLpPo{Yr!({RGnkT1%EpH~i{{*<7{*AYFU#fsi{7&HP?5;AGzUWmarKF2+q# zSbF;#cZ99TiizXs{!`%L_$8S7~AuU#yy(|^7;BeDbT~_7^;&9x@20cI%FZj z1W@jQ*~Rfvs~s$|>U^+C_ogh;u+U|&G*gRYk-n>*8zvuF z>8Z9Wx_GAr*8rPR`*6}0bJOLp%0BB&vS};Oj1m!89FOr{LeGYH4~%>Bp+|A4NleP= zO)lKPl00`}x%An8>8MI!Ye6&WW7i3tav9C_a0lyLiNf`4n`l7WObu~Tn?&dJgmKJQ z@8tl|3Gd_HRxcL@BTkP|FtnSepa;d-DP19vV(#$~mWNJKG;}sKN3OV&k9|5k-N}4t zepAxjJr!*#ve^es#YA@A)~P?_wP<~cH52A`(^gsoij>fK ztVv-%9|orG-WWUk&VeDmKu_`2Npe=(k%^9=Ag4(_db7z7cdj)5;;d^4Onpx-uaONQ zB-a4AfNU-`LVk8(MB8(}(NBQMJVXD2Azifk-8?G_xz-jPM&lV6roBR>CgobR(PZFD zU*OtL9;zyFfWUzf{>7I!jO&q+XO$4=QQ)JWV(>WW9CkgZOg4_|9;+3|F0N~pCqfIB zAfygJP=f6br54knBsd9p94xr=jfgOr4b?mt4=Gs~$(C!jTX=7Y3fX&}Hrx*E_PK=b z>(nZP;qfM@G#s$=p?ft^&ay1ub2j$f>@`iT%*OyuLD%Wy0~0?zY_a4zG>^s5(Dxg3 zau$OWj%(OR7P?ze83_)z87{DVv;}~_so=xvf|88*glDyyT!D#)o{I< zat0Z_U(wF;Fx^-V)8QZ<=X}%cpGXQaG8gv$oiJ3Ph9D!LWV!DRrD<0Q>#ra<%9zcD%J6ot;=lgad7D6EXhf;7VMhBe-eX zN)~MvLz+%lvD}yoSsb4D<_Xr5HdNXHvy61Wm9stWaQ93AS6e69H@ydU5%AY))sRhv67QGN z(tMu=FlgCK!Sr8q7x-tlj*2M3nWU_Tx;5)_XYFkc3um(f)RX#j@;Q^-T*^-v+WQUm zH7r&MPAD{2{VjH(lIbc3>JFCNq!B3jHW@3A4+M>Kmg4f~V8}3mfcloGwb9G1A744r zzs7q&GQTDuI^&fEBvGJhX8wGd>jV&SkZsMI`Y{ldF;5`~{|m{9uLj_62PgK-J#Gqx&^Ee>Oymf#$=oS;xMtgQaeH9% z)@Ak|rGiTND{?{ApV=g<8mQFH%8@Wdd(xUz$x_2Sz`>$TH0yZH-iGk)EM}3Q z-^xTg6`y~(*C3;$UulU9#}8aau$bR|`%9CerX;NN0~&GjWZVuE=Is3XH7OCDK_ZjO zPVxYvF0U{pkf|x*BaaV}yhX$J@G%`d{5He**Sj~5%&H9eVL2?&9$<>2Gi3SpxiP_K z-RyqZ>dP01B@3n=tLPw6!3u*6rkU&~V8x9N_}GcSIb( z(eJ;RojnDGO#*>iXCMm`;NjZaov{l?POc=y5e%*yqM34!9uaq0O5)Ox2?3^BUSPd= znklRafU~G)Z#(6};Z=>-$KZd}F#d!$O7t|UIs!z!*b#?KK z-@zDcaAR#EQ^iPW=^yp5L-y+C3N#5oir0t8ic!}#Oi!T4rqaz)0`T@Kmo}J>Mm|c1 z8~j7ynHJbY^IoFJGH_KxOEjvj9F1l;PAD{=HnQwRgoLbwMj#gG(Znd;AJ1hF&JlcT z?N^j7atftl_jD;-sq7w_J6;}DiwI@pV43F)Q@|hHAllS6!$%BH!#b24NUf!vi2o=+ zp9Zi)7@5U4>NGb{^xJ-*qu3+?5fG&ecY-0>P=6@M%$AK>Ky~8BUXIQ|gJ?~iE7p(c zEDu?VILS8Cqn&;59*=VN9^7<3IrK6UzVp3-MqsDgI?R6%YpQ|Uk6>*%PUabfiM1FR zA{WIb7@FOE%{lVkyEVbo5j|z3BDd`1Ft^WU?l#!cMXa1*otiN4ujShtrxt&h?JvO6 zhv`j(ZGKzY!r%4i*V!hCG@?RF45ZpW>pe-N$ROnuDBp3DX2RX4o0026s+O8>H%r0! z_EebfkFSpiHSo0bxNyaVw5?veBN^7P)$pOGN|P6$8^oG;nW{PDCxBoKWk9B&rzFgK zVLyjJ8g8cXvZ^Z?(2WDEd(ML5c6ZgGt@I>bL z=yMoNSr+>So+LaRlIej&iyrZ#iOVVSC0<#L&~7KEZm93;zN~av*nSY#5|^2StCkCB z@y1)LiR`1n@!s?aCu@;@EP0I`6IweJ_R-Y&AT$B7i`Dca{Y@3s-l- z-Cc%g{li0=Sx&rJOembGM&;rN{*qVA-=atK!}B$ku4DnpELq2$BH1`fxM(xpPvGt< zP7~hUdLN=*C{!pUXnQzu!(V`Bz}>SI1YZ^4dAn&5=-UxRJwgIg)G-1y&fp@D;MI7X z&=HLA*bx^Uj)|u+>#v+|(J^30{85=HR!EZd!35B~X#XGR9>f-k6G|i-RZ9UHBuV*C zASsQY5`mADPJet0oyHN|UedfQxtE-XXlukkU;#QX}QG`-|$45+$~ zjY@OF?}DM}jjuh&Q5Q(F6Gg-lWk#(}0hl@WiTHiA9lEWuj!;wVt)>oDc|!nwtO^9f zqabySl{n)%^*=z)uf-m8z?>ABbVi(ib$BW2N`_PNqB6xc&iywEMd1Q-Ex&N}>ZA8jbQT!$Y`wq+H!1g>eVJe&Z9I(ydQfhjCWSAMgBt+Hv0v$QJz9t8?=2W2_l?tda}#yJ3;0j=6lvZ{RsSE z7r(g=Ez0WNYyex!61+D68}2mWAK0nPnofGDk-of0nQ0>at;M}^@aa8vDRTedD>WV? zNT^AnS8h7gg4cf{fOb?7aA1seTTvLiT~V`g;$tPV9#nMqB;x1pHDToNDHroMH(S!1 zr9|WDS45Tss2Pz{n@eSuHSms_;obza9>$J^OfDxLNQAw~BbR|L?)EyK7|;8Vh&wXO zY;*`T9&oqv5j}{6rz#CFV5e&NTDbhM(Na7mZ4RBb^R7Qz{Qb{MjpX6AyYZXwi0(|5 zNOb%K7Q_1D zy9m112#)g;NsCXy7=G$G^i<}yj2oeHIJm2#>c|5CS|4FMza0WtCHkmY&`&Dt)gvQc zB5W^f1zTHxw%^B^BvOWzNf^@3oAfsxL!~6hIncZ`>tHEs3TDp6kP@P6VGn0@M-SH^ z(&nXa1!?GDfj~sDe7BeIDPOW{hQ?-Eg^$gvQyv?}e%P>TvVxa;_WbpS#gNdO4@G8< zml8wr3IvCI#>IE5E3x3I^BXkcB-y3CJSoJ_>0gT4gWNl8N^5F2dv!}`f0(ztV5d(N zav!l@y~1s)k(r@>D@__IFo1_TKLX_jg?K!*$U`J5oKVP!m>Ydif+e`Vr!|<1PKx99 zHn?tUPO_1Xi(V}}_-0ct(`|Yx4q7OrI_C>UMg5 zeft^J`I)4ACAh*%r~k1-q8;isA)+hwM_&O)PD;cEDKFI?fINujH0fTNM;UD-JftD; za(C;4z5W_M#rt50N3TVFXCB%A_om`d_}(!x3qJuK(PBZ!qhZoYEI-@PlJZ z$eM!ShL3F%3AzO=GwoMV)x9@-jx8kUN<9=cKBMkxtJ%++NLz_~X6^JbfS@($bKME4 zmvuyWKyBhKClZjF1t8YaEph2|kA7$=CBwL9=Pd9SB$k90UjZcUPq5H{LgE&DU}Qng ze6zU0VWA_ zG%G6o@iQn^k@c2r)ntU+`fcvbm>SM=n7UbW<_=spvWgD8JD};b$}$l!dcl^d^jAs= z=tC^RiuDouRDZ0Y_c(ML_Ke&?@BYS~?(YN~IFm=rkJB#|Y7rTz7D%r65|v?Y$dZ%# zdKI64<#RFd%3n6@n}5L=HB|vLnjaU|5zyo8#skL*?mMiui(2YdukBF!8Rvq;jUosP zxY`rU?q9{Zm7?|Vskx7BKmPoaZm=~P(14Nm7t5_T2p*tHa%gI@yyZ)7<=g6bbKV!u z|Kz}~{%}$(Dj+HH(U|g1x8>GCHC_s~g^wS3toiq3qIz+31bYCcJr_Lp0PHPLQdrN|KP3N8UW?mfDgaZf`2SD<%(|?^*>HXKcaq**tD4G zYDdj4z>XRWSj4IRC+qU_rJ#Wd3#@Ta85#vwQdw_#{GSr=bIk!FP=(Y|UxrU*Qr-+n zgtB0NX5oHsEU+MK1et_xncOs+fC-l}1ZBb%#KiuxHot$g_zo0_o!@&=x<`Kf1V!A3 zpv0veg(!KELXXGYi`V4*ILxFZ~pC3@l4Q4SYF7_O4xsIeA4@R1l-(^0rJA>T)>FMvHS}o zHmMfq?TJwBmuo@@R#|XWCBXT`Ci%U&&`(#q#cDVuCTYe$4A4*6`Q)}u!2Is|)+LGP zU9kpNb^q7?{QpXSOxo6wE@MiyQ&?p2=cPx%+YBmhR*!!|eeC(H5=1?37Aah!c@u)n&0 zDK)SKQW1Y4D?1d3sKH|Q)NEP2Cn=thwn zQsNhW`eXICdIJ!~aC|{2dJ99cru=Tj@}K{CWks<7xj_~C4+rtf!SRbFv6yET3jr#A zs)0S%Uy0>4s!1&FzISizCVlYo8Y+_`pZ7uM- zD)9U9pW(-Fe55H^04GPTLl?LpVots09&}QEy1&x$Nl~z@AOjgau!a{$5d#gl&6n?i zxSYUlKD|`@2eE7=-S}R#V|wj<9w$lMw0a7q>fir#QjUFXUy?)&+`WRt(hxpeonpcN zY^tb15OU~`S}_5T(c0eWFZyNY0}Q)u=+WOya6Ju{>ImPH7xcKH;hxZz*Z(&Dy`SnE z5NS-xjo-!{W`@Oj18T5$dV2bz!0j{vW_zSmf@A0F+5@H~ogTP0)KmO&Q*6rq6zg4KdD78``tya3d;a& z|8=VOvDd864TMG1YEGE1@u9a(3ADXF5otv$EO=a3z{k>nx5~uuH}OS`y~l(ubh$z zpW*R7zqYf|s6?hratoe++f;I@tImM*H?TOkow2-Zoy-&!aQ$(kmJMuqm&SIxIb{uD zJ{$O;-z2u@FRcT;0q|3|XW^sN&6QQNT`$e*N65vdY2>kRLs2|H3&9<#J|(A_%*H7d zI#zBL_8ixLD+kz|nx{W<%HH_MFicfHh93Xk(Ab>KU;L3Vp}q_d_`^zMNm)D~PXbiu z8B5qy8WS2wb7q3<**E*csy8YbpuL34j&sEL67NCl`jUidBDtyC0Gn&&@ zUiEFS+nfB+<|M}R6Nik2H&}_+_Dv)YS9Jsm$Q?93n0s8e!tP!;`i6qHS+eC}aUwdI zFHp7R`-mZ3vo_PIq%7QaRHmMO5iaEEJ<<4y8LptE4W}iL;^PGx)Pa`IlxB6gW-!WU zpjv|@`~7?h_>hQQ1vCmwK?*y;Ej#v0vmg8J!#xGJ?KHQlf7mA%^q_*o>9eB+bmfK> zFm7~6!_f{%Lme68r6Qg0QG8O@uG}NwL&^sD`2xAf)H8%ByrQyh9#V z8ECF+4I!YyU?NrXazF|a==ichE zVJ8UPNn_mrAb9L~{W7{$07zu=xhxXdtpfjTG(vh?J;3PZ$Naws!r}^^y zbl-S;Lt^=KTFFU!Y~T_lM38@-d>cW)!^TLj_ip^sh>E;QR)NjV+L?Sp0xh$3kL4@f zL|VB!p9ht314sl4GL7!9fA++QQah%w&r#cWF>I)uCx@*+@9=}$C@t6leVk)BpPbyZ zK-gy=_eO~F5Zvm6Gz>76>`U-HEqcWeHhkpO58$u@hDn#pAy+#97lK5Ac^g)f@flfV zhkbI*_N~&w5AbvhOdIc>(2;ks@Dqo5?maVSq`OGe5KL67PTX<1!&}wlz2S$f^iEM)H0HjZ3Dul|iL8h}Zm8oErVkX4 zmf8NGGW_S)lLSyZdv5vPlWg8ipOsP$vl=V|k^bs9-lo$NDWTi2Xe_TOyQW>{P$w&B z$~Ugr(OzxvPW*xW#Mf{wfCBHaAoX@nKm%R2{FKx!2AXC88uN}6=@rG@_>dURFli&t zi0j&|i<(+RS>sHaO0%44!AOS_tkkdQU}UTt$X3iSe|r4|<^TfRJJMJ~{7WAmI(@JE zcBT^G2RN_`f=59)hEE-eFA_53xMI27|<+;tZ zudO5hCc+{T?V_!(z2k$48_Vl;V>_KkqH4u)&wd)?-w#dz&NQJ+Ve)Tbco+gd1I71r z_|zuFNyS?=8^1_8znt-&mHPoB#nTQVtxSUL>&Oxk50$bd7uzp?Sy3*IzLwx;4P?n< zhG+b!3wc`;Rn$)dj>`V+9wsGz#Fz2B-JA?=H!0foDpZos_-|+k-eyu60Fc88)7+AO z|2D`NXdv(lQIzz8Jm!b~{lBHJe(lD8slm0qf~v+40s;SxHf(=237c!(hm}zxts!px zV+W*K`f}e6uPr&r5g>@=sned4zjVu1#)`DIri^`Xd$Nqjl~=WV#Vh~sb>{cNI*TUS zwlI!ytIVOU>+FhMJNe!@kZIj3*H}UPiw>c)^w!!viNy*1EP&XIm%1pJy2yy$HQ#>i zN5M?JMLkk{Ow>j45;m-_;X!Q0&C>?g*RurLq?hea2U-4-Y9V=^q&uq!!rH~B4oHu} zq-Xo8^IyU$1;4)gx45%1s{UP;xcOv2)a;k$^^hIg)8cI#$ri#&6*)8G>km$W-|=lf zvnMfKzNNnOn_2ryEN^XLxCe(w02J6RfK;HQy-A*+=u z4c3%PWl!RAX_5o>y<(ug{f_MYqg}WVuTu)AYKzBh7n4RQC5?-uc>`zCdh%t@3nnTo zmjKXSe1=H>v5w$%L};aDZ;!;LqTbyoNkCnRg z=&zotNv8>sifxV%IjDSR&P!(AuV5ZG4cLh(EL+!t{&Un2^2ipw2I}}w#G=qwb821? zRZdhf|7fnee}Ag~>C&wzwJaS?%l$w@)>X^(6Qk^;S)J@8y(X0Go*_N>Y^3!(q|&9^ zHl<4h8jiU%*_^O0)7eNG&oLd;stajLZM9D>i(}m0+hUxI<6ho8JUb3!x9hDp`{q*B zgpo~`#t`Y?Cex9OhLzIJ+v-!C-3x1S zx?&&rjb*`G!>FT5^Ka+Y=g!i0KY(_oexMVEpwC0rXA+kb&jO* z_hzRP$V|7#G74jB4wi|Bg@%?|KKHbs+&*noebD2JubP#zaL0aA!WCkb8j?0 zBdCn)8M?XgbsOd$j1Td*d$MxL`FcgGVeax!cKJfs$etNl^20o>I8(yi{fn&-y#!1; zO5^e=-{7Z~CfDr>gL^lcNGd)pwn3XaTw}zejOeP%JxNvL5BUDU9I-r@kNf*?-CEv| zXdw(w{Y&uf3#&nFO3eP!Px7u__XK;@k#O_#e%+F&?Z~&-f3ynzGQ^dMA}TE@V`G;{ zlLUY_2Wd*B>H-8vbx<4i;hlD3c7pWQh+eulS4}6F2mRYVKpwzqV7s}6$g{!u)1`K} znmbmL_J2Lyz=5{NgfE5{1i`1FBQht09vtJ>_mn`x|1OEn_~OROj;F)IKp933e3#28;>cY zW}o|FH#XW&pDx1YeLwYhl_JGEiO+cNtiCVVbhjwVFKsmPK~ zA71=>dVok2axpi|SAU_sUfP+WL;>zNt67Q0-sFx}Yu6bsS0Br|U5~AjqBxzm^ocyu`5fV4dE9uBTQv;-sUvue?~ctA#%n$b%Tk4D$M;!Dm6Z@ zq<`~~X!BR-%%%UvB1w)nt*omT*5Okp1Iw&JZqL2=3tk1JpP%omag`Qr1=3Ko)QO?I zQ7PjVZ3s@@kcIy>_M4U@Lhq__d9HQ2PzFyU!HP!4D&#q}hdEVd6o3&*Bw zBEj_O>2xAW)mo+Q$eYzeR(9hPS_G=}9w%CW`SUE0QlCLZhVK4f0tIX!qf>x*h%xG_ z@_&=$7yc3~D=xwYoM6C))WFV&G;DwMEQaJREV(CxCg(jD6VM>=zm}l{^X@6NJ;XC4 zk?fh4vz@ub9DSo0rf@^Y_U1|zWizk8tB_4YoAy|7#%v;~Nxn-ohvl22!#XXrCFf02 zZAkCJz^ks1O*9d+CEB~8ZzpfG9f@+rDg2jGLXRa$8@iUAZg{#m7Id}e>Kxbf<8cxk z{M+Uf{*-Bj7yEb5UHgj#OG81nQJ&K@f!uSWdN-GSJu9QZ9chga5rZsx{8}2$ofS6| z-%XNvceE#g1lRY4G>`N^$$_L&f6@aP@4Wc)54N&n7CzB5BUrd$qExve9JN~*wKg?d zYr=`Bhr(NuBX7QRH57_XP3GDkQD1vKkTCo*$5OQPWXSlR^xJ!IY-PpO!vq`gQxvAl z>*IB1C9Mko&L!nTerkE-#ms`xfE=WcxVr%pqx&gEQGS=kSR0~K5A zr5J_tTASIl76mIs;?2A|A=+#{BYjoJuJ4Vf2P5=%YL9eKOL8V>8WWHEN3|C_p94Ut zf|3z;G_#T4o_j4env{laYZq;Iw;kv^X8ax}9#A%6wwu>Dc{oK_b`g+xY^Ms`KrB5` z^kUTT6yBxKqKA*?%$J=0Gfl@tuCaqMTYZ5S=C7*)D+6^wnYe))~lf+Qk@VWOUiY@-5;!l z>u+c#+&F1WY`|C1s;cKt6^?xVCd+JAB4mTZ79r*+V6|a0V~Uh_Q%%n`>t4l5HKisQ zh2!j|c9n4{nh#mA?U>VF%#Q~=P}#zlAj2GqF_vS_Gf6*ncgEka;r`(i8^KsqxCz=G=9V zi&-3*6T&g6UXI+;(`UMo)p=LIFy_Tj7wO~u)RZBnva@g7tzPInb_#Y!Gj-lyaxWg) zEvH4zDY3DxzjTkXemkr22lM9wYT}Ut!?nH%|`go$mySSi{hCF$ZZ{tQ}!` zIUf*5XaMiltr3-uF4k!Gf>|HqjMLaI=d07+ptZTnmX2D(aUFezkx*S} z*F+kyQHl$03HEEg-GpHTM#ijsOHZZ69`N(jj0qyi_}I^m*)Y98+e^vO$=3I07>us7 z<%qX&p6pH^N8Ig@9Vp{5 zHr&iOKKk$X2XqSs9Ds#n^cbj!O$|EjIvN)2H$zS= zbkK*%%Sd|;oxHMixy3lsJw1&N+Tvz(nikL-D5^G}$?k^D+RTAD$cvpHaapS&;q1r5 zb;!1p`#$*xFATjD1xzS|g-x7@K+|&EVs=pvvWlj)wdxnUkm0)R9Lu@0mcUWwxZM)Y z#?649c-M=N1}zFZb~5v$tim zBHN}J^LW>TBALcH1wloti81~-=OLBG7lygSQBtj+H(fSQXJVv=2~wmLP#rf497imB zCL2{0gp2IQc}HK(9SNRCFm|O5=hhuWX@kbkAXlNwvt8|77Q*UX`2@GUc4oVCzB8Nl z%~_3%Qish*?ai82PfX{nbpeL^s(hNR=RxkTvzbC#e$E0Yn5qhyVhJQEaW>CL6N{DW zkZr6~=h*(d6)TYL2}qB1kknF#iIxa?!DI;0Q)2g}?0kXoRF zfqZ1xssu02qfRe~BI-wcgh5#UX<*#6f%3x4mTLR0&w3eZMx2w*~%qcdBXIZ$7Qj9KwE{o~0rs!n^ z))6OCqvhqg!x;(}PXJ4-tD%QcouFHA)euZp`nX;5z#|e3Ow4d9w`|Xwn|?hp=lMr# zFI2s(lA!99xc@pz3!jzkB2WJI$p|uID_zP;6|wW_#HJ50#?8_C?-wJ&KLED&k5658 zW)2m{1+p;jf)Vj33>YKa1{01N?oD54+ntQMHrvOa`RO(S6*5TJjOsahW{J~JoRQEU z7iZa%c!85Xb)EsxgP!QLPH#ksKeo2*q(N2wLClxd9!;Bt)U6C*FdYK4^?5nB24h6z zR&k%5Hb*st%V3}(tsmCrH@_h*G2mx-^Sn$x0Vm<8&R_;wM0%?7oFj0`-Y37$+q6v0 zynH)y+7pS=g-h`8tgg|GKJunvpehU5#f5VtASR1eb||XbZDYcf8kJvEYM+Jqcq{iD z+1Q=$FKc&kd;5e?s8o>d>@9OPl<-bbTpS!l%zy*N>|iT18u@X5)zi6Ujo{<}G@14< zNlv_YoAp(@J>J%5`4OotWT(T6wv`<3nWllN`b0-wHHpjNX;q_Gh#&zAWUqMUWYsfX z!kDzY;9=gLHAni zc;?oia00sP`8e*QxN;REMzoYL*nB*iB z7puB6Eo!c~bLLIeQ)Q>!+G+SI`a)c0hw0OoGgDh38JEPvxdDnvIjKun-p-7pswce5miPt2gRC zKe#vZ!viC*jbc-Hek&TUxE{Wla&z1;WGjL)ky3!&c_tvkJMsLie?>}1w6i3_1zP~e z`CwNI1=pW0{Dl`?yyJ!4CamdtVTb(8Qj|K;uyMfQGaMKB(;dRb%OYDwGoBBwWUa0T z^rs}F_{I-2L(>Y2la!u3q!yi5xFza|^N8kQ>%IA)VsRRxPO3mz0B(tC`v`beN=ApPJ}iwUqP_k%zP~{V26U3U&F&t3|?X z@;1Pre%W<>tiAdeb^cgfE>2Et@-2+fa^XUMRZmrNq~T42-NaQIrv(0uWS)5p*qc;t zFh9Rw$-%ncrkbc4%2zCWr6VTUz0>;kKDilJ%5>D751^#mv1c&N|L9TKumL3W(79uR zQ}Z?zEJEnJ9IamG;?=H zbEZ=GwhQqvd94~TY-;61nE0ek@6)M;!dQKZb8J+q@^G!iMFRqp>JNtHy}C$?jWc`u z!}Ad58+Q(Qn&o~-i%Fl1#H}l($udQCN%m|=g^ZW!>ES+;X1za6jAy1*7G19_FxTSw zYa9OA5D^{1q+0rU6y<3g+kKX=@Szs3dfp0T_kAJAbdg#087p>DoZ^f>waYQJ81_28 ztTAlm9di$HydBDxXSLDW&iZ2S)Z%z2Hf!U%jpk~qrfW_KGW7ylQ82=vI}UvmowfVc zN{UY9WXRk`+IfibGt)UPx6~B;nr(53(PD$5Jxcc8gecsX#C-bsPV8p+8tGpX^;U-? z6vTrg^XiZd(DqMf5eoGVHM2}brTLd_@@!q?7BBAhl;ypV(|TX#xQ}HEvs|IK+MyeA zp9U0bBhhh|OBICoQw6sllH2E9BH6s6(Ay?D&ZL$eX!?*|gJ<1m za}6R@HmNARIhLd}Jyj!{l4RLmBf+M1v~;>z8)mW4K61C4%~pSLRBxp%HLted%TUg9 zZO2=z%DL705GgUKU=LgolD!#;oeL!D`{QV*cKPIC27{R#HV^40+u9fEI?5t4Mqa+3 zO5`$s$Fi$=dAOb_?1f4gZmuidwuMbg%Ti>wjkA1gLwV0)-WOQ{J=7n+y<=6QaunO& zYI=1zmpz3hC$fdjn@hgGb#%D|qi{YX?bGo0j|XdG3^I{t)cXm@72bKpCQNKKgH6Hj z<~;|6h=ra|aJv_sA&7}b_J^hKP1vrF(X;Uwn>eJ`KHx8QefsuE-s0NOR3!_y)6=m) zp8chCxw|vFel`zpv+PaI=RJheXHhHrP+~YV8ulL1Wh-HA+O;0OgreZo;CrE0^-yyB z*-nR(LEjF3mC;dtNNWE%KE2^k_H6Scv0sNtCmTGL2+WP2U#Mc>8@{-i*-+jR!83ws z6Rw|MQ!}-;B8!(#yhr&Yr1~pj=)tVlYb1!-v)$o5b8XTE|q|n6gMqvuJiS z$}4s?o_-z0?U0)bvCtFHP%UtJ&WZ8_`{RzTn$u5z_%l(pS1FDZmKeAK*Hc?lfLZcC8D{Gr&JVGFlEw7WvBeiLq?=ayP8bV4b zpXVz$qMUXotprX=SRE%lJqly7>uZL1D^@$L-W%tr#T} z;BGkUK(}$Rd}mg~Kwqhr{!#ILpBdWLaSU_mX=@)Y$C>9W-TyWZFtDsY)z%V4bL^7u z^*)b0oTQi#37vJK(?o)Tm#YLp|Ksprn$)kK9tF6R1sU;Vs~MAWk_#M^Aul)?cMNAM zYP>n)8u0WMbmva;76r(k~Jv&+p$mX&Y6#iz%q8TxvA=c8S|4FJXp~X z+_dCqO!6?7bBAMj%hQAS{)6wqASdN)pzm_V$cB&A*GKiHwfp|gR|(qn8A`_^>haKq zOZADv%LyYP!x%+RtN#3O??@{P-UP_u0ckq#5Tz3>mBBZOM()-Np^a7U(rjednj@#0 z$Kzfqxiduy(x=_jHe=uBrV6R!!;Ov&GmOqG1MXi4)M!TCt2<+;yQBJQ(^h|6-5-zj zrNpBXgCVDJWNGT%(YhyX z*oi2pNth1~#_z3>-gPMC!Ro^bFN)`Zx4(=xDUGX=c)_Avt*W>@#5})SaS-ijTA^fN z876A+#o$T!J!Nr6Czor=H3C&G`chcQ!Lp|5lgLcOP!#-5M)Gm5VkYz9Q$e-7;0dkT zxTO;YTk^50bRlNl7POto!9-{47n9R=Pc4?(nJkys3dx5dhVN`lEEiUuYQ@KS2caz1 zwbiQM;j&hLu@u>7mA{*t6`?Eo+YJ8m$-NiW9r(hO$q-9|f0Sy-62{=`>{FYn7u>hY z%R;PbUj#`k^a%5gCPC4N56Wt1w9wOy+s_*|Qf7A9+RqT`q{C>uUeCO%P&zBc;c-){ z=s(|CXxhFJl0rLtb~I;IWilL`!;_k7Yqdv)jW3M*tv8i&J(8HbY zGBF)J4q8?DnBd3Rv9~OIEMDPv$L&eYiI`0j)#TTm1?Giq#>CQ75^js~IDTts&DEpI zn!E>}q(9sqvnO}YoV*lmco2pVx_1;&cdFSEOlsPwcr3dRh*K zGjK&Ls@ED|>iDgV*x1VKq{ixoM)ek1dGuep3KaGq?=I1@Sk6Nfmj^2X0Lyc@26eg` zF;v`{za_Xl6}8NG^d*T*TG8tFX5vvPILVyxVpKb!?ry856w|r{eK--e68&Y;2kkYQ z5_Ih!X|32gH(j=$vnsr|5&l)EoO8u`9>IN=TaJIo*hl3 zrmQg)iXcRJ>asFuaMxmxZ~4%KjY)Af`0;A>6A^e6Dg?DUv+rD*`omcn_YWr1q$LMh zk{cfrvZ}wIW0W6zEJwh((wp}NFNHF_r*y%3kOF-O!gU(ub=P|Aj=*Jm2iu5SPmDF` z`gt;(7D=c0&z=x8tk&o(&T-vU0Pt@%!bQnrl^}jY8&WTEsiE7)yXBP8v9m>^Y z9WBx;ihcBCahHuj`tk;xam7%MW@&OJIw`MoUfJo`YZAbMJtQRFa*+(_I8n7KriqU; zOxYz7IeGcx<+0foRt+=Bki|P`8~5W6OqSw(t*HZT5sV9E(*zwcC9CrpiFzmE4=u!{ z3PJv50fS18NLZZ0Dd{uU+lj&8&eTUP3ELh9g0>m@KUNlXsDmI}(S!Y-#h{*nVZT_h zv;gVT4MPllXKtHFx%*#0y?!6%NJWJ2l$1|DGh3@p5pX6K@1R(Jp-v5>ZEdgICtcgY zS>${iKp@xP84?#1!)5%sQG$HzlF+Qr`kyfAlTzK*L6yhCR#?ix`;&t;vbPTt9*7Bl zs4LwpT;(q_Wnz?12oKX`7(2D5bXBFu#_4DJR^C$=w!l0*wop@L`yRlq8PXeV2C~V_ zDL5hyxl?of1%{MWo8zW6kGMkTh4Jr%D%2+O4Dc3)B^bK9I=(yC9lc%QbnFj-NIeR` z+nb}m|xx72|F1;N`-nWGNXr}4hS0Ha6v zYJMb?zryE>$_F)ng2Gl?7kW-wlhwjkZQ=I<${+np2Vri|{?MYtS6g=>b7EU}jVp8@ zHHDLOp0-!;M!#%I_~LDs;8b6}U1q2j*kW>Vuq(wkl8jBEsIIr`n8~c_R%e|Rjn{2ZE3v|YsUOrLv#D@Y~-+aPt zY-CBSfj3+!D`3?RE61aN#%h-ZhEr%|d-4_NR@OPMj}JvYc$%leE*v|sHQPGh9c#8) zN?oR@{|+KDGFsAzPb#73K!FhSFAcrb*@=j2`Y1zjuO9%J0N8q5RA;|g=X`q|ov5`i zJuSP@N&TQ#ZYDdTO3}h<{J?`p${lxW#^?O>)~f5t-<^1t=I3UtFQYXBBnltY!_v5o z9O#icw*0}bqm1G??DRYuwDILL#7c^vRZWuJ>xgBH+gR+|^$( zy5qRAOHM9$bfd55D>z*u!Q|Syl_`B009v&IUVBM#c`BXwxjM+3cBzW%27;ywX*d<` z?bmDRAVOA?aDO{mZr3k}#O4Eb>AAzjm5v2=-}c2gNzbsM)~BZ}3fn*9mn)u66YH0{ zg#FNfzk2L7c}7oe#aW3QD^`gb_Ex+9l*OVNO2?*CR@s>*bN_5?S>c>08osZ)_H*y# z?Tsw|LScJ0^DFukh>$4L?6L=nhlt`Dl-KD%B(vp4amqOp=GdN000)(9p z^5@!Ol=V`Hz9j$CSxC^r{d^%>Qg$wq4&;ZToX6Y1Wk6u=loCSjn;!-XHFa*@eY7NI zEL`S)8-LTF$y+yt&taMJR=c5EfVgI!H{09mx5CjF{n=52aC)A`^Om4>O=5gPsG!p@ z$Az6fN_EJA1a-Tnx|UVPbVG&S$B*?r#Dq0^?YEm$Wqi!uvwX2%?rfStKG2jj>f{r1 zo3p0+xZhYva&T`=cojlrCilc}z~bbt75P3GU9dqf8+i~}Bs_qju{HC3?mN>@JGFM| zUsJ~GJN+23MqhJ(8to-Gl_8XGpYt1UFZM7KJoS>g2srjN09&W2>)K@@cr-w?{pu&h zIW^rJlNyFRq5)YNpmetGrN6X;XR>A~o1-vgvVkgh;LsZ+JLrF_f?;)jc12@-^4#;I zs|;d$CSAzIy59F6P`Quwmoet_cP(7rOkuRSS~&isizy5}yJp%v>5?82zf2v_mQ+N3>k72U=NAaQUjp1FB# zyH&w|gZ^#-?=xvi$=7cl*1cNnHgpY4mkuKv`xt^NWj&nFvC%Zpy2ny%)}0~F+1SM* zCVskG$%(!5>&nwLOSzg!J%cbggn(C@#jJSE&hegYP0g%WDy@U7S7)~a@{QD zU5!)F3nrh#gsv1(*+{Bm{X(r$hVP*h4@&f!tvjtA721y0uQlx0tdDy%sR!hyepV}} zSLo0kaB_NkT-1g$aAm7FBTupA4UQyE^wI7*tFn=;ty`v%sAm(q?@9Tfr`0vZ070Rn z7~FE_Bl`}m!|7HlZZB84`Dl(J!(*=HvHGN?U^yXa?FAUQe?cBOj@1uU@zGgJ+NHN- z=`{$28U#i^m?`z52QrthYBv2vI+nvw$YZxJXpPTBrW)v!w(~NdcaeodvY<_M<2z4i zk#@?o6>(Gx*=9xtBAv4a!sd<8!s;x3=e*@;u!gwI$a{@!bk*EN)z zH~yOxyO64kf)V5D$BiO(iVZk-(CfvD}@~ zV=QdvG12Y2t$~?|&*a>%k3YL~t?mK=ccusw+BpOq^4YAHRp;rf;b}8d{gjivT6nI- z-oCYAp=aSM-u>Q0hDLAwMxSX<;#2AZ^{4Cg%yX3oOFc~Og?yB@TOiC3PCdkuo9`HB zq|n~hQ*rx1PjLFkq}0KEwJVvsW6hi)GcUt^Fuf?T?_=*lNSxVhhW=`>Qk@bd8K1*Z z+FT=7&199fu@BGF#Ik2LotE$OWs_WIu>UKvZnW*B7IFR-{$UroI$1eopZB6zUx~Al zGsQ{OLB^<`wbwNhOAbFh)~hp-o66TVNs#GN)zJ8grMggoew++i>WYHWB@g6!;ekTd zfQ3|D(LX{GWzK3s!iICeCYzpNyXD|9A*-?LRIl}A8-_ndsjLG;6AgDl7zw`G{Aj52 zNzF%?`%`2hEN=LxM}fn2EwTj=)@%$64GW%@+a@R-Yzx;rF#EyW0NU(?S3O%UitB{3 z<&Eo?#t#CHk-hWp4ClpVUSlWB7rW1oJbh#_{V$Rm%(k2pd#1Hm<=@|zEz6)&YEZ4g z*l>DR$hj@hvLZFJP4k@&gLa~EowNLKsi6bK`D%>*PdN!NDn3#C*}0jza$j>KjuA#l1T)2}M#Q7#<|*8v znSTr6Asg^AS!wp8R)L1}CuaQTIjR|AN`jp0MCjCr72AtCME2`6gD+aVXVN$iSAMB9;ehg0iNe$00;K$HhMg+7q^x2^v#h(IfY zeZl>3V9DKNK(j}F^R3y+Y?|-S>1671`VpzLW-JcWT-2bkaL{v(ZcN>_P>Yq(Wo7VO zln`O?5UpJL^G*7Y5POM^LMp#I980>VRQlpjU@A*FE$oY&} zxxl_=DZZXH-;og05+D}+2Is~nGUkp$-O5F|yl%s;rKfZWu zJN;=%)6zC7Uh{X6(;&Q-i}hveS&e-_L*G0*C2vQ9aFU_-LGKHYI?CVms!7796Evf* zM{8gbc@Y7k`lB&c-WdWx1b>6 z!ueOkrHIj9LUd&Zs7>N6Hl5@bIRhO(1;`Row-;`$<*=|Sk5!*CQl6h^IxcpzgFrOq zuHYSMHdaGlYPSCrkZ<7<4{s5!^H>g4XRnTw4>ZbMC*xpv5)?>%i&e`X!_D#RcyxU? zdFL^@O%a0?gXt0pB0+0(4e&8xNw_r52gID|_qS#kIE-uW>DSoTEXIyG^T&(oC%V5j zO2huoul=3>bSJx3Eq1@|!aObg%RJ%H*7Ci-MELk$!`8F;nrM&cb34?vHUK`TPgKyFQ`8RIU;__X*)RhPj1++4U%4g<80tbS{ z9IP*b;*E{2Ybh5YV!m;3SkZSbqW{Py{k|(&ZvO+di#kf)LnS*adv zNf;-Q&XUG-`Oa=%kPj2bkw_S(T$bmJvj4`a<4Y-h!;bmsIiEH!q;Z zQ5PXkgdC9D7Lk8`FrM76lfxU1d*ii_@aQ}W{60KZ!t&&PU3lpv&v9ldKo%;haM}2ZO`IfQF#P)&4>S4A4L|?q{rY1weGttANL`)7sE)MgF#~wAyutF%Rhd-CF3C-? zguze^p~MW{ACAPJ?Ek6o_mLpd*Zw587?`S9*-R&voubF4d>8R3gKD}#ETf`%l3)#X zw1~RKwM*Yec#ZMZQJ2SxzGTR&tC#;OLCb{Q06%|CgK)xF?izJ+trw}Stgrcl499-( zOS&E`fyuB!7W*siZBY27D@n)JE}eMUIibPes|MbtFS7Ng-y`u^^|RtJ%{~)gHpzKl zP7bY?Ztfbx3(S8@C&M%|J^|IGAAXM%B=se!weMY4iEC1oeo03x`*eR)eGLB(*#DK0 z#g2Y6lk@POVsnjw4wDmKY-y7bPn6C*|B|%$Nj$)l8U%s%^*;)|pM)9~(Nl?DS|%2S z>;KdUKM7(oTEF;j85knom;90hZ6x+R>+@ML#vV)_ zephdf4$OEU;(X~H!D_UH7guo4)Qs`c0crgt7_f+{&R;vM2>S6_b=<8t+>xo87~_e$ zbfxmoXtVx(>6_rvBQL#!==#5GL|}2T)IS`|#mitR+N?eCb>%;qly`mWlXuVg)Gq<{Xh-;%}gKk5!3a4iXELt-WW zaH}l-!JcV3O^l?s+%6F<;3TC_et-7*|9Fu9^|LXt+j#Z)#vZ#%L#De0%v<`Kw`JM@zo`vtGaZmtG_PztrpIe;8+=^k?QXx{Ka#K4#c_0Az2eXIh7>#>EGL5`VrHY(_%$3*_)7 z3-$*C@)}&X{0ZLYua|rsueb=izz_}>AN2E2tOmYhBQ!X+9190$DWH7vPw7S?}eWq?oy5(DTS z8X$bxTw!2wG5iA9^SJl_i5s=(POr4~aI{eU;`s+>AwgUGxuZ&d^^1P!Tv9x%rrh>i zJELxescW*6B1G|-K;nOt7XG)pl~Vp~57YlQdx*ssoEbo(+Hm zD*r6%57_Kl;H_u1u3?7miZLg#+-BG1(?x0-6cf8Rob0a*)%2#*7c(keMirRY_sA|x zRwLQ}X0j;0xo5!$FB|FSIQb6KA^&YA{=;+-reYbbWREXC`Ll(^{vD@y&fzPBf4OY$ zB%c2lDE~;Mc*%$Yc$URMs1AY(qd$u)!2I_L{p5=AUv{U9vR%D-H+r@;N)fD-1@V&z zh@TQajI&&hXRaOGAe7i9n-;r#Nd6(+4W+f(?8?uvR2zKcrXvta_2v2xK-A#wkt^Dz7m=q{Z6n&3<;diKHP zEAtP$|NHnR3eK3YoyDHc;S&8E_pO;&CS{5#lObHm3rZ)BSycgS@MZ)JVX^n5uh*Y} z(hkR^Ub>5VT+{Bf(LIASkU*$k2YD*T)e)|-4=ez4yXsGfUAThNWFAnA2v}0~(F(I0 zZp}!NioM`8emgzYGqN;gY;bEy9w_ZAOfLBZ1S{$a=WgDnLs7WHX>xuS$X2wC(v71qu~wB)kCs zp;gomWM%ogc;0XrW|m9@MZ2=V1Vh~vn9e-5sR6c`OMjKS#ikvayNk3eM8Z*{y@^G5_FbHe?n6|Lml zrok{3sGgDMGGqNzl=#_*HuZ|nrF?eq1{MgSh@ArNtOZI1$WaQ|!>Q82A$~-L-<>L> zTnze$lmYh3m^O>rg2V};c+$+BMt50Hqd)zQg2ZQ}NF;<@SKr?q@s+rFSA-VSOQCV1 z)6_$q1L>$Ba$eW!UQNH*T^-e=;I(`%%hw+h3<^2St~}QB0lU~^#UP#@V2$}a$hMVF zXWx?!eI`J~D&GnEOLW09T29?c^D6p#%RW6B;tu=S^yE-sHx(w;^wqJA1U8+y>?ko1 zxK_wDf@GtQew8&N&UMm{$3roxaBoDZ;Tntbdf2y149FHhS2$8H?FqBdghJcpk!fi_ zlM4*%tEq5UM^G>{jzv#8zAKM@5YeuT?SB|s2@#^+jkSLj%zgn>18Eb!%_XtAFqi-0 zVETwb*y*7Lh}A0kJ7C|JjjPtZwU~oARWTxbLeayyI2A6BFoki`^Xo1Y(w7WrXglmm1WruCVJ@w}BPw=3frxg}G_K0(^$b$RD7i?iqjVA9y?=g4iYYG<+_AhTEgRs`f@|#*>xnZWiBRUL;BgSaDJf@H=A6#l=p3L!u^pnu72(*jHz_M<;P6tv#w>j{&+!GUBIoZ*-0MfWaOZI z19k+Jh3OA>2UHnB4yZp%`UYU}%+v^2?_)Ad$V@qbrS5|HCepGmAk9Usi2Zt{a{6E1 zKjc#ROCagryVc|N)Zqd5N`wb`z6re%96;XyMXMdI3v*_wU?XQnJiGp|qPo6}_zf%C z-KD8$~X6Ve9n{xi|s5@H?!SiuM#&{ z`n~ni$5OHjM^Z473YBJ>UWCYL@dq>!vub)g*pxYTW(lp|F_ioux@-~DO6~PP0WDfL zwTUdj5xU*^QpXQPQa{;3t$c2eMk_ZHWUU!~^yD&5N0IFOKsaHSTpe!C2q!0T6K+Rw zz0?P6lJRfM)idIR0kBbEA4#$=hP-&OB}M^AJ#BZfZ6u-R^mpIpE`ZLsiZXCxeUoUfk!&S9(xavbU-?{l#E zqHi*K3~n{6pEqXpus|w=*tNM%MOLlfY9Lpc-*2#3mxnTO+ivc)42|r=xE)+E{c775 z+uQcKJ3g9wRJAOEmASF-g7X_*ORsln3UH&xBR+P$BtJQ%K0F>Y^C;H1SzBY8`)VH= zuk$DZ!~WCsyJr>$tp)>IG*>) zJP*A6rar&>JY1`w|9!{KFN$?sH`q5_q}2!!**On!ou%nH&qL)Uo%cJk82;}s2&c@l za-roCU^1Qd(hL)s-Q#Q*M|z8J|Nf0C=((AH_237n z&)I-0n;u!2W|j4jx7{k(LomrL78JxxBA)03nQ3*ow(;QFr@+6xqyl?t_522GE?hcjz7Fw{boik^g1a`)YEAFeu6T^aBX`HKF>McQjmR#v$N;$ znS*jyk71qr(@Cplshg`}CIpH1U9KM*XK*|2tkGrGz84Qb3BS3J)*$Mv?1ekFILTth z3*OC|K1b$326eB7sCivdNHyk$i!~Zd`ICj{<~n1M_zsDBJ+~r|@{G|XX$qC^sWF#3 z5^RPW=0s~59Q;3#GqTrlwkLGz%(rq1D5iTS&o^B?Y$hyrFgWYEwr4P_e_@9$qf_uM zLS)+F3ql1FF(mH*#n6y+AOvk^FURDXz$2@6(_0&qqWnq5qV_p5ag`VMI@@iC;x$_7 z3^U0Q5={S*W(6Ru7_6QXRi#=eF_*giNv|Bx7?*kT!#O=JK85MI&RkE1ak|F>d5^!a z-M1`EhLX}Ki0EEV~mc2+g zgeHOl>#VmiP{6_y-;ygtv&-)~j#Xm-E4wm8u>Sh$@hRk$SKcoAI>S6Fn~LBO`Ub_F z{+n=UOvLUnYLlr%7P0ZXO4Gm&5yz^@)W>goGz*VG0RA47kUm z9~;?jXTjuRzC^0Pj4f*{`y?ap3cd`G0(B0Rjie|tbqdmc0$$+fV?ckrB3Qd_>nA^b zo5O%b{QRWSc?~(_vz+rAQolty00!P zVRCkI$nCXfyF65+lOOYDoQzFq5&hcQlGUO+E#1v)^&4X{7o=u&!cp>U(oII?%!JTLg!`0rT&a~yH{o;BwV zlv6*t4&G5mh6&uex|bGX|8uc(sK}g!frn8sT`2|LtaxACfcCKg`C@HecJI=ZsOBpy zBpc*Dcw8yG1)_GJ>_=aapA2i%IttDm#+JQe^2j}0bL^xV?b~u$3NV1daW5UX0?BkQ;&SSeq2Ra6n?GvsKZF|_K-7>aI;uvAh*wtrrOKMivb73>_ zL@VAlR^>BFC&Ps08{fWfo@L*f2%=%X>uF-y*%nMtY7cbhTv_v(o^zn-=}WB*0DBD5 zy|?9$8LezZ*sjrjf9H52_-+SB3{?D2^1WUmO_L!kcbog>1q0OyqX-p9;Qo|v^V&iC zd7t%Xi2&SM$N37(D{E`RozA~LV;+JXjvdb@)~tw$Pao?WRP^>xDjv?8pwIs)KiquqHp}UbnoYw zVTXmbm?!WOLomWZ8s)Rg+|XyuHx7dapv0;msjilBA|8(ChO+L)H96Ut*Ft8T84=7X zhxDS4)>!T_h7MpEWIURW+WmzceUC8<1P$Lbf0NXzf)}>9#roqSC_aj-b3q|FbIrTn z(;=Vb0SNE7&_#X$%*Uo~3tBi`@z5BB#sABmv@1GkoA08iJ8j9z)N@G~f1mkme22!q? z-pArK)jkdR(!ZHNj5kyFsHYJ|EFt8(9tu-V>c>{ga`oVSu2uz{}B!_4hF43=L}m7A6Amr&7CBEy;R_Q{8T8lc~&; z4i4y1LQ;Ienf_wD{DYcuA_=|IV>nO6szmo4Y8Ep+69`xNX zAFPsgocpCK@B8HbvcUS|_V~Bz7H?{efN|`*ZkQOF+)F)v5%j;g1t{Ib$8-f#XR}n)GA7R3tXXN13i(J@k9~CGTCTyv4s?Mdz?qQY}*j;utM=ALu zG;WDS23Zi-lxqzw7#OoNwaA>#1+CLR5TB)GGZ3CexotS^kdSefI>pT+;)Z@lX~Uh9fghW1vId}r%h!bpthtpU(H~(f!j2e+O zQy_|0%#?h)>VtNlg6u=fY(W?Yd-*-owHd&Xq;iv1q|<;Ci@~RlYonSybo{x`vE*dC zg>{r&j99dxbta*8c~W+u9mptCxnRT*RX z4L+S=9U-xGAJwgT@iJZqeMv|28_oBYqCAdG4}{rPUw1z3W@E1(r@HSAV-srTHNLqa z#E8>{l3qNUC$W|LA=W16vwV(wYMgcJIWkPuS=B-*8nwoMV}A3j@`Wn|Whe;yj>=)w z?;bfcCSJhK`t%D<{-VsdRl33fVKqffU99z zuGx*s#Rqt2es>tK==g|Em`f!RGlAz8yWXIy)cp7&zc+vo4hLe7O` zTj`a;F_V^Fg>W9r{e_Sf7qI#)=L_FqZ!9ZQKbkb6R1Xr!0r+8f+EO&~Y>7pdLL#)( zv&wF)dejwyqA{AKe41oPg{0Kt1e$>A(v zfasC`oyFWya>iuX57@~-;0oobKx0$w>sY&@i;w&P?uCG&q4bAO>Q_f7T}?gg)Iy4*83*ELpOOP8u^GFK#6ImKwwj3YbUBtSKnu zRJ1_koN2_%yHPufGv5_sS>yKAPaP5HHJ7if++0XwHtzy%x6us0d=Qz_0{Rlw-4>( za^$G{O(MvL9(dGg#WpL5Ss9cClXfRfHn_gKIhZEyB|QnTi&;HG!5~J?G~Ugm4TIJKXCb{lir(H%#Nm5a>n!bn&^eJ}rce8`hbAj-hsO{&{%gHs~?xG;Jws zmIsYOIg)RWVb%%9^TYaKqlQo(Dr~szX!oey=P@jtZN-eq2?(m`%sh1Y{V(Q9L!JV) zGovX-i(Hq~n;Hx28vVsqCKfS`r}iCDxvgh3^O-?~9obRCyih7T_d zhqecK3tSJ-CByqCIX_LBisqoXeRg;|I7$lj_UIHB?pMDEjcX-%2*eF0cq{7pzBp0| z!4ovx5miIW%Af)^mo*3N`;lZ?&Gu>k8ASvtncyKMpUo$pZVIY z*480V7U`pvi|rc=T=r$k9>?F8QN`Rw-%Yiv&(4A3K>U{AEk}!N)(La|<^rV=}xM3VtS; zuFD&9)-{bP?rn(EPSiJY)QoEkHX^&rKo8^*!GRhQ?xDNRO6KYu^pNtT{?}N$rt(#? z0kh3tXJS1PW>I%VnV>>$l|?d96!(wj(~VMfkPWx>uKAS{`uh(zgABmjwz9G^Dayfpa zKS5y~4ng60&yVDrM5zJ}_AC191eF0`e|tZ!eHDoeG;Ld@CHg2)SQ(j-v8u7ZgyH9-32I(Q_RMo$Ct1rnaLMIhA96HGtZUo^13w9$uCU zL=wU5^Nx2ikZ>z{w<$;suN{(iu#iHH0egNy^-iLRYf@(kB5(HmX-==pt+ z*Z0i(5Co=cRm1z`sv=u~maW-bd_)qVtfL3D#t>B%3|1eb)B{)T5V~K)Q%c!8-ozc~ zz8}4GYvdfGelgYAPLi@mKJ*RpCQc+kRi9LHrMBU~60X$#x<{<5N5L)NHYJsKWx z1#<2=W>@ppEd?`aM^J=Tu|c;D9U_o)?^j4~b)8Q~oX!u^)A^e0*cSeGSw0d2{ zgkq>9iHA~hFS#pF&)V&ietL1bj^qYkfiYuDc92TvhSR>>8g5PN{U38Z{GCx54%MLZ z+=#0^ew8M92d(YZEWg;Vk>h#xOf)0^ZkNY8<6De=P9}^;KARMs&iVy+w-xp)VsP=r zJZ+MT^&HjCxbPcX`adXzc3CmHL^{WEJ5jVB^ze-~Z+~1u!g09eBZ&obWWF0{jB>Jk zT8MhW4MTAEsaH}L8_H2M>-Deq9J+kRzS*ig%E;zB%C=a2X7?oA@ahET;hQ@J?V~!9 zwG&p z_FLWuI`-+xe2W!0~S`}u5zl~L9X?XLRJf<-JSZivbEfnpS%`2 z6_#7X`aechbU@(|GW>_9X1-%LE-=gqd^U*AUb>C3&tcSVquUAGJ9(@sM59$UQ4PJY z9IM_`y&sX(=0b99v-*o&U1@web^F&|tJAnRGNFh465rW?o&!q?*ti+RQEB`{{eFs! zg5dmD|5K$a$@gBAhE+C-?ST=$or*sx#x{|WRP}Soi$?IG)~MreWDlG=P-~!leJ-Xo zo%nR7RCXVcGi*XouVcL5kls@`luLrsY_*r>k?Yn>vOV@i_XU{AL)`x=Muq;Jucf53 z+hO(a^Jv^|u{)0j(<_aP@k^xn3*NrllZhgC2vf<}E1Bc%nb^$bV8X~*EFGAcGFJrU zti-#vFk)CIGm)akBaX=8Wu=9e4Q z!NWyXPeMVCN)a^C*nRjuI$R3@@x0w^)cQodaM)auu}@5?VSUO`Vg-M1wo9sK_gP%} z{$PP7aM{`eR;>ipE$`N4WyJ@7U&bIU7yMP)^DjHA1yzaYp<3DI?HiW6y3+QC|1l2*Z=IAWfAi`js77 zN|dFV;uS{<1GlTSD}x0loxIkAaz-BWw=6V;Dc*p=9rd81=RWFs>+~D6sZ$Ctfu@=7__&8QOv`-51J7-k=(_!;+(aqOr z8QVH@KFE+IQ*HJdq6?M#Z+P7~^q^wt#wZV*T%xIb#+`pw_ zsB7zbl-0rlp6`Ym+MBn5y6fBG=6?ilFJIcr5`{nUW(T2NnGVxj1Bi0ur%aYUQ|qbb z`kO;}(~38!oM{R3G!qDk9GWN46hV?2hD}1UhM0& zi_~K=F-G)j&*V@LYM)0i(OBH5NuOgoeVRNMcfI{Q7l$KiE!16?euVLwsa*5%;9{Up zMnMl7B;AtA#@*ke#9`p5{x5Rw5u5B5#)xU8cSz{SO5Zy^{tMoMf?82qp zJ^?;P%|zbn{+-p)$|i!$y7kUwFS9cp{ka)`9#4eIt@LK)6j5KN_s`=h#aJh;8@F__ z`P&+3+}e*x3gv%1C=lf_sNIe#h>p}tQw(6ZQqP$X!FE$I6wW#iEhh+x4CdW~MyH#G z#dk1@;*KvK8q5@a*rDSqzZzYd?AH_Iz@AXWbZt(FV2JfWPj$oBh7g7I2ip@X=u`7u znPfqadc#C|2i$g7FIPd&p}=URI}Z~M3)JqXj(h0~k#7&*AFZE-vnL%+rZSl24r-J; zyL!Mh?B$dA-yU+$rtEszmD`RT)Q~f>RW)oqmaZ*$E;Ci`Y@TPedREYsxGKn=hoHVq zMVKGP>edMzl}u2ybX(mQS}1?yYi9A&=GP=up6TAcu<6jo)%n8mzK^odci*$tG7Fr} z5xz-^WTnXGnuy0>hTmRq3nu=y(4;PoGJ^c)lYX*OTxI9Qvm4Z3 zZqPynA@WFZVSS^urz#5Z_{;6QXJVo6MS1XPPDN}oc)gjNOWN;rpfG$8f7q-< zP}%M4zg{L^IqWzXXxwyepM{@&K%*1DrJPb-FT_ zgo;;OjjqV;kMH}5;^4a$C<3_lwwXNHD-hS+%D@0J*|{8kUd$enX)y}fM^K`segDC zqdjAjQ|H5#*BD|&ugV#xy?`QP?S_eNtZ;Fgb<91O;lF!9#rcP{dZVZ0z3u!p3*jb;o3I^ONeddYGk{#8KT66v>ipY>Ao+bR9R&M{NUocVtrm z%-@&?H9mMdZrqR~XJKT_J22p3R(x4b5X8Y1hIx(cD@hAy_)6m~w zdS8s#*HmXM7RX(pmFNL|n-8?nO-1U0;Hg3CD9@7x4V$)fRymUV>T+ zJ1?mT&jfG`sF(A$-7;!ptLvr*)nsVTC0Na1jZ~8R_-YV_#`q`ZZ`nT<{S+m4!`Gc6 zQK;MebJClDn~|~ zYHdOdt@&e`J!I)B=aCas9}mh9$4AZmhO&3^ zl|GyvT#a@X7m_wJj)6Y;FngSlm)Ivy<6wXty(?NV3|aP)FA;uv6=HxakHGccJ(h1= zK(<5-i$iw%WSczuK`|uqSkJ968)n0-hLn$Vy+7xzGwp5@BwyBeyZSUvY_De0vlA@o z+aOtJ@MTCBn@DP}W~4h;qi|zkBoNd1eCA&#-e$->9pol!n+O%ROY-Fi z;*HkX)2D9ZgbGcVdEOzQd@m=N#5nk5=;4#8y|B42wQT*nRrN59pIDj0L2io`cr>Tg z+wVnQsYY&wN_{#RA7$%rnzpTV->V>f5c9+nznIoS=~I^SL^Sn;{lo0p-SgGQJ8#tr zukDi{*w7gPV*A7ZH-p4hf7$Fy9xPz|#PDqf-3xYdiMQ(p zo7hhpKDu`U3l5A)ct%#gEZQ3y9bawe8gI(>@adO2b8m*N^f@Af_A?SN9Zoo8Zw7`N z_1Ed^vg(Y6QzSjuUFS5eW3ox2N-Pi1?j+x#Nbd~)Jm~byOn6&sDRy$hkiTp!;DitbcRI;j}N3b=C-s9^e9&5 zM$FIORvs_HeaRLu3bdfmY_@g`OMJ913K8By#-Ys3A8Bs5l6|o65`}(R+%S5%Xd@tZKgTH7sg*ibl#)hYbK4=_5 z=wrztLe4f8K!_?DiD$-%js5amLD1#8N?B>SFK)<2FfzMwZ=p}sX;q!xKl%su9BEw1gw2Gf`73ftJTCxnI=6JR8^=nE` zee*FXP9?{a!OTr~1FkP%_ACSVkvoMuIG@g!xVoFFbe^4Jjgv38>Xz1k!I`{j+2_rC z4B6TDKygbu+3nYRvp1`k@)eJaK1lduaXZenJ$%7vLD@J&bQ7)U&73wvm~}ZAxj5-6csFvA%u^l-^5Ie*A;4WIm-_lzmUjm1Uf%z6y%irLb&tm!e}| z^v-fD%I2zan3}{L+jT%DpB>B+SRqQGOX#OH?^8haNWAR{5^#qHE}}C#qf4l2AB(IP zM7amdgk%WWsi>u65h@pnMYM0$4&=2Iz9L$*5I5YJmu{^=Izv;1>Y3Eo_nbN&?ws@h z+>R?avtNb9|4}PPY$6=GNo^x(0E&{PblACo&s)u=>R)R6MWifry(*HIROza;O5-~O zaCrwp8r8#NmJ(85r7!4n2RKDu_@oS}grlTVkLZ5dY1hW2ig52h48xV79!tT+h6(h8 zIs@V1{yN*Whph!Vy+_3Osg|GhPzmq=>b3F3Nw19|W!q>2)K|E@6zZk(oFx=4Cc8g> zGX!;3Wu$^)gQ}wk5IFr&qdh{yImGu$R&a}MV2d{K%?4kIkR)jLL z^TXT}{e7)D#|X$W%M3mR?_+ck2!w8be{zH&37@HM>f)ps2 zR)hZ}!Vi||0ckjL%SOj>^|gG^Y=$kO<BvQpJ*72JfAwYxF3i22X-O1YCqDUC0_Xz+Z#kKLJ?kH2$FhYY zdTK@|Q-(6U&Z@-6H=#*jxLC}rIRoi_e9kj|54YzY@<~i@yU}`%L8hLH2Nz+0{y)NqQ3TXF2LR9=Y?-ZMlgru9e-O z)@mA>$B;vwGdJ{q@pKk$QM_;8o~64}VritiYZZ|c5RmQ==?0NnKtZHy0ZFB$8>G8I zX^@g`q?U$vzQ6Z4o09@? zzQL3E`Nu_3M`=bYMdzeQKaD{<(sQ>08o>fl^7g@vJnW~tQ%Qforj$F1 z_j-%Ql3AVh%WxkW1l%d^z~4< z+#*FJE3d?px8}Sww};3a!;N5Fg*?mMe>oEg11NEAS^v^nB;Kb=COmMgsL`{d<8Fxg z>H~`W087*mpzYk6pC-LjR+5%2>ii*G`ofyBslv)H+Y2Qr!65gt?RIQce;XAN2eL*I zFrvTiTh4ZiqX8WGFUzS);IxJM00~eS4)yKQ6pX#L&Kpa+m#TQFn4OF%>Ghhq!y--i zq(-0N2|Lk%0l|vTkyiMZ=A-0q@)%FpIJU3NAxb;P!I;fTc`=!_;pmR@?(Ny9$K8j?nKT!PFh!c>6y&RL-G%^KXju0jDHDLTd-gW(YdN{JtX;i3zJ7r&ukb7TU%t z)d~iby2E1QPRw2jj_5C&a~f@J24YyjbF!KIe*$^K(^tLwCcuP(i81bqF&wtmAZUdU z%28jNWw=fr2sin6F-Nud3`wN4`HKd1S8?w7eohy*c)KaC7` zxpevF+0j+PRoQV2-^uJXn5}bwVU2Okzl$Dcqq${N@-KHoYzM}+V^|6U~MlnRf$tPQVgm~*$|>R_*Y)%hiqw3P2ZH~BXQ0S%bkBcavL z`0usJQ*I9T2aWfH_+*Un)Iz?gn4s@^6 zcn14v55-EQg?#r0I-L6(OA{n+N71|Os7%Q5Wk!R#%Gg441=y&lGo>g-b0y3V)v(t*FCr|-V^)%n(VN{by zfvy}%7k67o+o8A9kw%F3hyT{RglP`PyZ}sOr}>-Hg&WWSq$4lj-zzamq(9$F9tfj# zGP>v&m$ruGaH9cT1xjfL5J9uh*H|=+&jW$4bEJ;HzkebF<5F|M8F)&i;Z0#0o|<51 z(Zi|e(ZWa}7ER=1u;1ZAU5IIsoL|BK82)quly)%a465q2ffo;{(@r@INBCQgE>*z@ z^Hwlf5m-7oH~N0ovIe&xtBRN4Z>;%UP)090K5QssaNYB$W$r%k!XEyqSPme;Q>tib zHzlZ$X6Ub{6%m`?dk~zcw%Uc`iqA!7wb+JbNPIBFNg3h{SpHG?T2QOcaDc}s;KlNB zv;J7tKk)Q*Z?v<1s@J=^ z@ZD??q@gowT>-Fs+vt7Uei)mHRnX4)X<@WiYMM_xbJrW=+4lG}_=$|E7dK3~*$77^ z#?ek8=t&hub%2xx%~mEB`joXMvLvB_EOBY*BWb{D-iz`HcQV?^S}(Vz%M+YO)7|UO zTHfigZOd#%KE6XzK{pw+sBlj~Lr$G>p7B;wDczfr!~QuR-JuL^S!IhD#Cs{n1c=z9n^OR}QGl#Z6nPR4tN-`w|F0pQ(x0>g>E=Nt&$yW_qmRd#K z+I77}jT?$*&%HZ7q+xN0Ie+Vc4QPFxvfI3{r5r?#(r+PB$X9hs)pU)}FDGL${2_7X zQZ!Q@-yBW-=Au?wF=mqmlM}$o(fFZ>d+N1HWruKIrI;7qV*WvhQY_;|-gi``bXt5N zAb~FXeUR8?yr#OngkJyMNX=%+j|5q_(}X)c0voH?C25P-NIt znf9=+3OCWtZ1GB;SVr&w|JP2O6O*T#4^}XfPe`v&RduuqTx?tDU;i=l?oLtT@fogs)3(@PEVAb#Vl*%L|srUap2Jy&|>1c!=Vfhg{*t& z>+6q*`+h1(I*9ZUYm;B;p*owbFmn-n%iKvV-iheLz@?$0+KrIiIs}|1CFCL`!?guN zP;p+L#e-#T)d&*S5ueNKApFMl$e<;bDQX}8i1xShj&BnuI2>#HFs%myvDQ%HG7Qz` zjt9x%Js2`M@#cBXOFy+LOk2$pz6z@=qSL;FlmN7hI2=gC6%aQ-)Q@{`$G-}=1}lWW zD|*Nnny2l@2H;Wu9kQP@Zq_3C`rxkbP3LRkq{wq{>NtOgDB6ke(My zgM_x^h58I}e7|s!6z2rLBIF9uaADOQ3>mLnS1X@4iF1Ngxk>Ras~ac(x(WYGR>`Kd zlaf=|nq{!3*1SiJ13sQm7MWPu>|I%8Dz$V<)k7i6*0R>Qh3*^L{u!ktLA>w5*K2ll~!FgIudwO-N51%M8L$m&W~LPSCae$0`>o5`ia46vlenfKU=(f{Hw@tDWy_mXuOxb zrFx6?AW3)QXHz%WcY=t`9F1#UfJ4`#N$&1l$I(hNz#@n9vnyPFS~f~P$_4PMiscU! zs4x#4&8B;7bx8>fwqo}nlubJmSQe_ zc8ka+!4HJ>QyV*q#0RZr_`8cp<%O~&@Bl7d$%q1Pts!u(xsM^_4znG)L{R}z{@Bin zFewLI%R_7+49<^+<*ougzymQfS&PG=44fP+hgXiTf@eP0FQXM(j1EZ>He=+FbZ~oT z;{L-5V=HWpl%O}KM4`5juNH*@Fz?66OV-N}bu9gl=C+nG-7YcAJNTkbrxt-&JK?QD zF-CqU!Ir>E<;+WNzz)Pd3czSn{eJ~dhAGA|&x{!>2BfA7xYXgzY?ns)P5t~_kC|1HF_f{#gOXF+3;u*Bi7)| z%1vL~+27^x(H&ghGt+aiYCE3c`U>FnRCI@4tq=c2t#8$P3mp@o z5V?grgcuH`D{#viDPU+R|a`~dkL?#(x&Z% zS(}t)`F)iiQxDJ3&Qjtk@_-BL7-Q=>IP7}Y_(h2jqjO9X<%*9%j~>t6 zZ8X^bE~F66S%S^oH+|8@PJy=L$DH)zH(~4pem)vU(NNYTX}c zRr}5=OML6-)P`eTC}i{4e(=3&`f++sNn^9VC*Nlv=aY6oV)CooGhXq}_G|PXzCsK7 zsMLvxZp^a-Q5;55Vdd?`IkY2j>fWP&IJTL-v(&^8o)6!BvZ{fWt&nh772YxP?`gkIT=nhr-qTEz>0s0%s}Q-&TJ znb?b-^Cw<4d++z<3hD*>Q48iFJgK#m!=mi0XP}syAFJ2$HFXP*=79|BPQj8AP`JY2VjAVmiIo4m~VSdDM-4DVkA1PrF|2W72u&}wL&(J0^;!r`X z-P89PUeT6nRH?Rz23h#Og;{ z1 zAHSYQ3fCzzhg@&YQlCx?qi#m@Lz6L&+S!+Zyd#+p`+jRh7R-i~u2s^LtttNEdvwKG zP2Y2;BF%U@?EW4LS@Qe?ufI>N%231uAKVg}w%{R_&f1!IYKkV3K3@iD0g_`F*P9QNTVte?xB*srd!#6fIxVt^TUvAQFtGt@LW3|~4%i~kUKe;u&wnMw0u%h(Tj zl!z!>NN+im!;PtGzpg#pw3b_I#Nb^25x6XmBw>@+y!Q zaEly1a9pUSDgVq_*%2UlZEO*$Qbu5Fl~jk@tqcB&8QHqBB41DAHrl7X9J%9cfSom zx2lZLNYWWrAu|I=acPIy&rvTo_h30bA1DlN z{8~TgT*Uc>eo+U{6kC4Z4H$w_LT`TJBMPiK03DN&mMbG9lpr9oZ8(GYSFueD(-1cS zzxeEGYKRBk7+u>IVodsR--oK)Jic08V$6SMRvhbFzox2tO#?p#q_Rr=btxv%mckB& zA`4s|-r`Co-@vc-_r*)OfeeY7h#oazTbPolCS-gCTmv^E^fLQ9Ei8CBMz$qU_WoSE zo9ela)eOxYF;#G_IK#;SaASSnNriS*2}Z-eIU8nQ3$Xh@lw{wm)1Obkm)bRo1jb9m zFKwkoh*ppmW<_Ov@K4N-^A zRt*qW{T81WUffKevA}asuQA~aok59mDP?bgTq`$k&AvSR@2ovMK#7w+^pF5pQWMvz zV_)OcQy#F4!Nma!fX6RXVGV_0-t-gx=5}@v0?ZbEbtB>@f@MDcgfq`lC0iyF=EVYY zU3Mw8fUH#d^w!Zf1gm3_ZIFdvR>@-Ib+r(!5;5dpLjC#K((2ITWA26Ff^(4vPo&uX zwwsk6_DVqkm8noTJz9I7^W0-4)Sya~%N9oANB7J=1MrzSDjoe@HZ3-ygmnm{Vj3lB zi^uR5GtX8d`S!5hZm7}xIHu51fF*!YD5`X*gWDWvZ2w*!DXe;Ze!Q~64}-{BJwzNv z`Y=M0f2B0c)psHy?|-Mvt;$;UMG=Qoh@+=7i|QV*b>Ua{;WOoa{*v^`&x5y~A&DZ4i$V6{JH?&fRC5+%@Sg zw2Raiq>T-??tf|{pAN9u{2-ffP%_~#>GVl*&CpbQHOHCm^PbAK16_wRQ{l+vjd;<` zj+BN0AUZtt+u_v>MgwJX_|G?Anvk`U6_3YNP3|y=7WL`d1fM=(EkuH9rzQYz`}$M+ z!PrmdE0@x@h!8Ro6#`lb=HtMVhNP!tY=n1y*(h=LH)l1@6!#TkUd1~32t3#wPM#Um{VjqpW-fb=NIUGTPDQ*+?dcE0K|$y%p! zDAy@+NE*F=^xCrZ1ys@|Av(i7(t7HHNp!W=GZ~kQ6NZjS%0Z@N^0?VL`IA(mPR*-% zsS@ipK};Jh_$Zw42`811{K$1<+ufPZM>YDIF(B4a?xo%m##B=EGyd6sc zT~4ArCw6zzXAsd&Fwhyqgb(ZadOlbf!)Vac!kO^FD(<<8R?O}lFazjsJ>M2qHs_E zLmL-{LPknVYzKb>|Iq?@o+TJ1yYztY9|8*h)SAc`HYe!2#g z71{BA+U-alOcT8d-8bNITlU*(Z-DFmc4#)SU|^NeW%$Z1*K3`-IZO3DkRaDFwm0pt z`AsqF*TZ#Et&>M#Q+N*sL%>6?-szDam@lu&6<$-b(+-CL|E&WWrYrLgEgtE`{>OKE zRcuWjF9y*eJLNV3v;dp6`zVnPt(j@;LHwwDZ=Ea%VA=067h5?Lfh&F{8uprb zHi{Alh!NLijlMSn7*AK1z`Qa0x+4U@S`BVMLt!{vsc^8IzIUi-eG9`Ia|nen{MA40 z!sScdsfDX%SVEMY}rs3#7(Mr-Nz$Hhzl6>PWNjdmce)GDl|{m(5k5irJ}A$y$% z$zPufR^Pz|WmeMEV)OTF*Eto}?st{GCP#%{mf+beD%U5Lq50Eu*Yc)BhW^L6IjwA} zHiQ4#`_v@VwpDl!Ewr_>!zMG=^&jIGR}jSztxa-?TJ*Us(mCxlnFUjOSz0V)_3 zfvz}uG>zC8oIHYLw3!~s&GZyi#~X*hEXm`z_44bxv3g^DJ%|*FV>jc7VAfwxu$L!@ z>aB)n8%PP?aOAo4W55@`JVwp;7&oED?*T8x!4&3bHN-j0Tjt)&2Ng3wB=-PT2XO~8 z?43VbAJt}ssot9S{_|!0mRs|@S~YLC>0XoY{`_xTe#=hTTqTc zuAfQaJ(8J{;^?4j6SHm>c%2X7l$iW@BZX7~oY1sF@&~`v1z5&bo~bTmtb+qv0%*dh z-Xaf2TP=g&y8|5O*eG-2hw!m8q|}JToOI@a9x?;}I~qT?>_zQt_>EB9V{A>S0|p$8 zGp^{hbcUzv_xZV^H+Ur6IWVf|G-@2<^ znyTLzRmi_3ogIuw+_vsXG4fQCWR5Q(R5}licGBXCTSwBI4dTz< zV$}N53?Mi>MsF*4gw{jeXnX+|u&9pSxy!doPy8&73Bb{Oh5$unQnHU>9f2RMZjEgw z(ysm*Ml5{Gd77NE?3B~dzREO_ikmPX7X>{=nsE*XtytNUnKHNMy>6{{GS#%#9eU{_ zbetwf_D zcXb=uRGd6W=UO4d%KA5N=lwSR2@rN`ZhQe(hCgC=>r9*V8wbIPsI}{dQjRM`*D>KD zr{C4FH299uZ~xFv1?^VnB{m=Nux^%YCDh^wOL++z&NqJF$mSugwmT#?Xx^%P;UKrM zK=oTTLC}d)IiI1x6USOD<&x<$o0`FQ`<+y+AFfXZ$q=UBl!~nv^4e{(1iu!OzqVg_ zqouVy^0bb;ROg$Hxk*n_3SK*{OrBN1O7H2aP;$P0+T3`Y7!VvPJs-Gmz1mHAG(L6;Qd}}D|km7$jV@5*fHFn;5 zw$QMv@k!Mt`GI+_e`Gr$*J7&(1=k|Nu&Gn%=*D6D3yyBveP2t03|4_^dbk)WNq;O| zWL*6rR8tYIrgeD3iIGQ!2kcgmm*jb*I8PksFaPZPGeYKe##5HB)q9Ep^ckgkbVqp{ z%Q$WBI-6K!g0}6~s|ztf>z!tM$6pd<&O`bT@mkAG`)*gAR}g+IAdg0PsifjPMSDe? zs6J(%+^~_nsdizABvR`Pdv&Wjwr`->g%Dv_$BVL%5do^VeNlAm$3g$9{Dpio$hhNH zd<`-HmMoW`14Zi>O=slhB7R%31=$++Ha}Yyk466T(S7#@c?E1*kvE!Yr%SOoYqba7 z*{Gychuh5kBNlupQLgH+NB*a2G^q3B;(DT}PFuywSdm$F;l;OVWKo{U zdP%!CIJdm}Lll6*U~Uy|PC714dK=)N+HE@c7LVA8m=>+74ud2^L(FB_F<})iN?V*j z29%GJMV%JVeoo00{x`q$9Ao@9y=1N@_4h&j#Jo`xX+IMUusK$OdVR>W&d!8^qRIk~ z1hzMJhqQPnCP}LF+@0;Xfd0v5QAbNQzB8Osyg#we`R-Q5Wq8fx%b6?;pLWj;4-(fS zm3r5L&d)azDh>sHxPDpsi23<-seV@ zO?f;W=EEpLlP5H%<`NI$XJ?cwUvhaX-CY$TW6#u%k_2Ro`uCbO>sR6f!nCxdt~?%G zg+ehhwzr?Wm^wQ@ZJ&TtNWl(n;H`L(J|>kdeJ$zz%q|&dn>%ip(u%j-N~wwd#|?$F zLlD(nsRU>7d_eLm`C2{X)UMHs+}=Tqsxcuze}@_PbKG{TWt2R+?Jmdjo=_2_X7MdN zmgdF=^zk;(9`7g801=n`0odk*>+$Fef198E5tJn+r-862$`w?c(h?J=J%r4)0ga^n zw_xizU8(m)-AnVkHHkA*m(}-u5>glfP^(f4J~9TzfQZurDohWq9F9{+Ued3wj71xm z$~zwR*t^!tP%37M3wml@>(W>g~7xlO2vX@L*kioeR-2 z*{~3k0ua*ThVj*7%i{2fx}O5WEtROGqr@!ewUu7b98+%L&k$G+W1+#ij>4BZcehZ>H`{n2`km^f-sX2I}K)@dNxO{8Dwxk9~6j?VB4;2?l{_4 zz1t+k0Z0OJK)4~>6^W?8%OA zPV^rEQVB_?pN%?Ftxq^q9i=@dl)=3@F&~c-q;8&#V`Ufp5uV_IqAH`nMfb z>D=7bx5C7E2Z6hP69wAD*x{Y=DLwzSwL4Tj{Uxa}Jn6YHP(?cgsy$-V2Spg>1}MA9 zX>2z-p&0Klo?}$>5P5dM)424?Rli7qBE6^6MUBLRezv{VZQmTmjViAz?VQiQ+LrI| ztaU#bZfR6m&8=AJ;t`o~GfySifH%wuKe{*YM{$PbWjMKN#@(oYIc2@zXjWe^wm4lF zxJeM&SLoMNoWVXNN9G2P-|?E5m9kCmv&S6WFJYA`@^Rb}I|{+kZld2Y?0UK!o$o&N z-45c~IQCM+yB#rF|Egl|)rdq8uRkDonx~4s5j^1k*iM>PB}ir2sksf!X9=KX$T=J; z643l}G!j3lRr#L6*GotKn8|vre}7{eJALHjv`l5_4ClSukQ`19m54=phIeJgq7GNe z;taownqUVO`?Q_38U!naIf!d=vfs=lQ3xmMxw^A7x2?D0kc1a+_}|=sl>Lo#joIPf z@~<)OAXqFC*ij;(A9&*q(_@u~@a*y|3iqe5+dm5!LSVseJ0bPmC&@Ul-=d>MH)Gmd z*)Q_`ooC|U;O)KlV-&GASxAYJ^@0q(w_}&&H-~(ft31_=dNN5l#$+)RhW6_)CjC_T z-d+N2h9k#Sx{?HTdk?vWIsW!2}VeNc=?4Z^_f#2?1z^)NG&+1|ptG0bNugBj--(a`>%Uvm!H6@*qI{(2^ptM%9 zEn}j7n~!33XC(lKG0 z7wWN`{EUO`qS}GA@)?2nw$ovkTkD&aR+2I+Bf~@0>oe=P!ec%7R}`+y)7kF~-T%@qkncaf2U34y=1)3ae^l+WI&(gZb~+z1C#~(*2;F1GjB!1Su*_#}8u@Ki}Z) zE|n;j`e(}BLE;d1RccxOdlJQOYJRqyA#+qIzPW)hg)AWr)18Y14J7l><(qPJZT!G9 z@@V@5H@2JWZM$mkr4P2rUd#udEo#0y+mQV`-5|{zmHG>&>GXzHE>NBpsU)ii%y#gj zn`8Z&=vuMuajfk8GPM>{zo+I7{x?(lfwuK|N7$QYZ+x$U8+nYjn*?De_uO6RGM-XP zF8{lapG-Whb7eBQb!tt(%I=6iTS0YTTZ_QER7pnvW75jA(FVDvBFGtiy(2kS&FD90 zc^07`e&kM^4s>7kOG52|iGK}>U$Lsjp6gZ^*e;;{(wY8|oM$kZKC%m%;VQ#3bUl=* zL!b=XjwuK;Uz7(&7<9O>PiOX)e&k!P(ZXB4hbOKOrIXqDY5z~SL`ruvRwGQOlA_YI zFykg^eDlO!W$*DU84M*`W?$d!FRdg-oPB|4;dc9^NYS5w%g2qCdeD4@%u5JN+R2Utbp%tQNCkQqz+$&h>PK`>ye6i`HRFE zgL%ndco%%`@*#4^U=uCDDnm3cq9; zyK%JaUa&$30KXKhTg0+DnK$zi4IFJJ%sVW9fa5@>S_8)%j#c+rtn!m>g5Yn~-`YH2 zuPVCMetIwA-S;s;@O$8n`||k;z-j6K41THN1w_5IU;=AxH1NfB+fbeP53v>h$y%vh zz<_9aibI?p)%d%!xJ}3Tz!U1i&^m|NC+uVy?xm|q9U0jC=sE2BzZ|Kv?t*nPjHtJ&E@ytdE7}<$E3J{-kRO@vLd33U+2DL`%!tQeSdo?79Sh{saP8l zNAJ<98PE>C)j#}J0G`K}0JaEWr`~erf7HR`r6B5Dz>4?`zfZ+q3`pwJqoP@7E=_5q z?Azz!k=9dkM#UddEJR45kpl(QipR60SbiIfz4) zjE~1tGcoR4h>ZV4L0_af?Bt?3P%y?n@2O}wJ zwQ&%PBV3Q>h%={FDWV^ojA;@qR|!jo0W9U+W1m`4{j%!xD%&yWzx!Pty)8S41Z8X> z?^U`e^&fhGX)n04o^=58>@PUWUOks zb^APUD{*h>oUAt|HRMF}iP`-~&a`gOy)_r6^x8WxKD`>3-9G1W3^+HC5{=si*8@E1 zjv`Z&Ntlqw(mL+(YF*>Jvy2N|EgvD{WCrrm!e!id|CW3i_qQt-?H-e*YV;$te zBte#gVpg-mmuAihh)V=whA>IF)RK<_^Vckw#(3h=9=Cc>W1)ku-NMiJc$=qpX2?M_ zo7iVZJNgT7l8iJ*z181RII!oZoJ8OILs@O6ddjM=vq>>%Cy)pft=y2ul%_W3&Gi!_ z>rPt-a%tE99HhM3$@()y{+ai%A1dN&_x#Xi9Odn7T*ka~D0LJ^F1t(0D;!SLxCE`+ zE^4?9hl1hMAcx<@a=oKCr;!-FNR(kf_^cl0zex4mWgGOHfYT`nYDw?Jj-wnMRd>rt zVu^dc8uc4ByL^X={ruAEJiNmiCDC$8ZV7kWxXx^`-?rTK9v^Z96K|Az1G!6Fs&%LIqGaq+pLc}3-yT9ZbT|rWbqYDMelN~X4r*T_Gz&s?0$oT^YZ@S= zM2qR;eEj21@9RC?`>n`rw#*dqu(%xxgin>yzoU@O>d74oZ%&nbl|RyX%VK?dlz6&a zbm49ujCmbsbgMP7_18UcSmOt~F7JE=o>GufZAh~qVu&~2ev_Q`&aI?%Gfa9S&)L~Z zE$WLTv%DWqq7zMQnvt)Eqm_+8bK~F57P$_S0I6|e*k=y%qC~}DrqLr#Ui`0=GvK;R zSw9$cIFQbBvtMaJ$GoC8^figqLf!5cS+VHTguZ>+mno?)1^Ef_ZRzq^p%XLpUDG|+V3(U zetFX$$T+Fk@;Nu-!WzgB(nDXiRqLO=xBvZx`7{<8&rEEKh7{$BVr3_L;p2Yn=JC`c zS(+qEt_JV@Ph-4w#H;j0ISWskTO`hZDby|9NlvRN)#I6z5Cxg|d+{Co|1*!+?prl< zlH@3llIw<~m7r8N3Z%-pBX9K5X(!!+^4couxr|nJ%M@7^o}f!OWWV$DV6=1dfDDoy z`LZ8sYx3j_wo26)wq7wAHreCkW0o##SoEHFwGyXJqx!O+j}qQlTq|N6{J}h*{A;RlZU}ob z1L^f`QIha+YTDgVW&( zp^>VF@OBO_``Ow-tD6wMFm{r8_b@^~`FFN?ezD6h#Y*Q3?j;o__7;07QMF>XO_O}j zD8UrU=#=O|nG<$1DYu67cticWTmq3M>$^q)$Tl3rs>JL1EQ1`iX{`^k$LZ0XI%6j; zn?FQO2XZxrFpmjS_DgiVGfw>R(O@AG4i|fMT>*ZPhuz>zw!C|FKfk@c*-8u@3b~%N zk{HqFpT5*)E2=SaHcMd}sDfc&-N<&a-%|owT0WnZiC900YlHcD%TH`42mkdV#E7gA zxGh zbvt})D18*e7qPPUKmDgBaHHw%kvy3yJj&7eYy=gC;!hRD-^MWWOd{1`Q8=X#(ie!_ zPAEYY8pB0X!7(b_)^pu!u&A#&M`F2sqg{UOw3V0zn2w1B2MNXt8v@zjG+#-$_W3V9UKJ%o z+HyUs#ZBi7gCRa9Ks(E-Lma@Vbctj4vaFa&Y0U?rZv`5EsrbQQ2`Yu9aqnNB(CR~A z>TlazXx)f>y}CaJ3PY9Yr-1l2T=Bk?)?P|5KGYjh42%MC=d6pA#9D57z&~^J@J&qe zM)~aTCY*XRtI?7(5XZk%j*4SD5A}RksK;}G))1vB!fj(mR`GiM?FjJj?cDj;gq9Nn z((j()dRn29Jqxdu>33a#x#*@6)`MOW!!5BL#D-(3;k0=O-fZPEJ) zXRP%8Bq_sAFRAN|0SkIb}@DM*FZM=e0i*9kHS6XUGuEBd3!+iv!q!RHCix zLP7}V^Y^;u?3SZ2&v!tC_ya@fZvaDp(440O>gY0ag3-s>2eHjwmz;}r6$F!_G;+~^ z>AC^4%MG?wv5lFHqph)Jz+VUBTHmYNji#7b{unntI8k|RqelVP5=!u}E#BF3JE8w4 zKT(}09mMfI^vB{zt27^hhP6pqv9_VE-@igk0qT>CvwrFR>xWaXGQW`qj8tYoSAnWK z6ymbrhCo)1Ww&|w#F}E`Hy(Ph*3$c@)e;^4eRggDR&+Kv2NhLsK(0b@jl zL{fMTsx;^Sg^_&eMW4*%UoLvYS}^e~T@LFw#{XXosW?$Vf*ron_&=3ECUmCvl$bAv3Qy)!n?)H?D zS88lECUhh0?uKrATyIs1>*tjQbTq{3|i?pY z2+`yE<`yBmXJaEpIY@O{(wEhxvjfZ6Z2HDxi~joUfM8P&H|_M^cH(Vw^6Su?ff5a# zxWsr{mi%g?sMJMcLF@Auh$p9OmIkfX*@Hh!V)r)@TW!&2Z9_j7ty-a9S^d0e^^m!D zr!Q9Q6V`AbI)R!*QyT(V@7^gS(d9K%8|LY42VgKpQT;B|9YgvLMJtS=hOp5dY1@FcDesVA!Z z>F0mGctFCeYEv zJF?bz(7(JzY@1e)dO(-A@9)DzHl+@&&Om&(0^RAjqbw7}oLAs&8|{of9Q?qn8+kqf}X~n>i|% zS#82@NXcTQ@+P_7A*o&=6eD%$r*lOff!X4R_} z@)B)zQD+0SBTXVr3iOCx))Fy=fd(OOTsR)?d~qHyR)7&yQvSlih8=c(hhL8UE= z{@cCCjm+Sa^j;2l{%aTBl-?R2Z1a2{wq@?gws|JNB|h9wC;kS6AN|*9O-@wMe)q)6>~=? zISo(}VN{N6oB6Z0^XXgbn>N-z;Ctc!>lJLByE`aEcM+$Klcf?dd>MN!jZtJdxiG%6 z#lz37Rzc`*kje5Sf)60EgQ#BYKmM$B@GJD(y^C9%%KJ3hwY^Qa@=8-NY%weX3rI)? z>8>h=h9XmGdEcvVg->_YE4&aah<67&+g|AgaHROwN%H2PoggY!ll`&OqAXqUsvv=a!QpN>Kcs< z>l_&aKA1&uKS_kO&;1k+Rt0JRMwz=`_dmAP*{-Xsh$qgs5Nl{zZb4@vhgWXdMSnRf z=DhvO6~*lS6x5Xut8*0DRHs>;$yajw2x>y7nbc?}8RfU#`budP=rbGfG-uRw4u&e$AiDqUe@zM}i zt!fY2BG4oswxh#!65P{J|HU{vMX zX0nkV6G+nQ^Y_yTnqfml*GLDbZTN3>Ya>GMHw`$ z8LAFs#PwFKEj|f+197z&E%NjaePLjzNy0<=K=EK71?`kI33r|F!ut!l_FvCV=|0N$ z*op>yWu2jzW+;_?*PoguK%T!EO`=$^pxqe=`yIU67qWBJk&>Izyt56nZYH;JQH}-W-Cefq2XRAl!pc9n%4LbNX$z$y z=wNmo7W!*OJ#+182y+;p%&(W?%>ZxL{NOVC7{gS!ZN!86eV_fRrtMP852CX~A2B%9 z_enzBzkpIf@*BOtYfYO*mlaJ)(W%6(MA6dPZ$DN2F>Fn+P?C7p7tJ(L+%en_@ z=xr*xhdC|-@TI{#w}YbR3B43KSUv6W-Fk9$T@zEgHr{73erC6SDBb5zgn%AU^3xbt z1V#j4HRC>)bbPHLbCE>tAmM`gQ~Wp*PFtE-<`m}uF|e?;;ECcF+ncS(uJXGY?niMf zJ;XAn40g;wmV--GR^}QrY%Gkr9^_Xkx9WGGw`BDsX#C{$PXVbDbOr$^AQh}`F49jC zN7U8EG)L@LQOk3P$}lJ!IdZv+3J)VX!cM10Vme@U#jN6{21#P0}jt}2%@X%mC7X{5>zPr2EBwz_saPgz^c<1c!%`~y#+W}6A zik!S^uQO#no3X0X+bFuz-|0bLv!kVw5HXoUd)V5~E0+V!_YeH&8+-`{U{giu zR*{M9z)KY*5G4d^Jg^Zff|ZhLt(MdON7q{g#np9Pqm3rGYjAf6Zh?mI;O_43F2NcP zZjEbj3n92m2<|Sy-2%ZK&gT89{<~A$G*kn%t82|Q=a@spJ`ZK~!m$CMD`HwC`S+AO zdPiQkRevQ7XqF?pt!tE^+Zrg=n1!*VyO16a5^C&~%dNmysA&zQz1Hd~mPB7_d#M33 zPE@NGcn7r@l0zBgkPicLx|BKtj+F$wo?>7`Ivz}@hYlmY@7%w$91dEghX+YU(=(44 zAaiPW(W;7M){jB6w#@4V!_Rm&sNEoe%lSmO2}v?y2#gv7kI=+mn6@d0|3ZBuF}Sdv zkNqvW_`k78mqMSncGh#pVps$`eyRyZ6e&YAZ&+*q^N)hs!ylhGk9aUZ@c-UXBly9giudM-5^EQ!A0Et+RC%PDOOwwzD`>32Euxb0{h z@9;u-p91A}hSDlNK&b513-KUz8cUMds+FpqHih;yH#&&=oEIakwVQ2Yt|CWOP}T5; z{q?HC=W{A+U|FF0gq~lR7L0#u_p0H4 zRW5RCb903MF8v0XOSb{S0Z!i`nC}aQ--i(d1Op>Xn3=SAN`)))Q5F-%kGzG87N~T( zw(^U#z}9V6mBX{5=zTTjp9;a9?#k)+n2>Ozm-^2y`ui~6i!?SK`V49;$t!bJ5c7E} zko8 z_9-n5Xz+-v)*z*SxPg8?04{UbUHd-q^@7yDeQ`wan@=Sj&c5jycN_f+$A8RM8zi#d z`G=qJ$a=kJhV!5>7W;fbBvQn0xLs)akZ`cWa8l$@&RY}4245Mmc0dR>jrQS`yb_=_ z3;gRCj z%OB~QHnLV3p19tqb*N{-!=5bv-UwNv{f%vs@iW1RE<{_>w{@#vct?T`z zr5*GljTbrqP-__)GOjLb(b4%qw3ecB51BH}#GIah;AQeKO@Wse?3~G}oDca~`7liC zOWSH?2G=WW^K<>dH!qp|K1o!umGIDo<#$bdO}Tl9>^;-OC%TX5>VS)bcSq0L&1|>t zhJFmc4Ij79Ph59Mz%n=q$U>CPzDd8aWWM!V9pM!{70P($EJu($w<+q{Gs!R#dVi};K7IGRBDIi?o}Lc8`{Pc&Z3 zQM7sTncEC3xv2i{59ItkI1@pR*LHT$ooCph6UJB5w5mtva;7N>78Kclw-x>0c((Ja zfePB)pRTTgl-6OC{d=>uVRGNu7*>AU3whJDf3)pzgvobiN?EtCXO8o8ch}Aqg`=L}T-+iM zp$k{_@u$mV!00Wu_yP3>!NuP7UA2KC(PDCXJl&0MoXb}aAq#qFE}InlOSJ_l#G$+P zcEDJHv|JkjbZh> zF{arRaz&z_z<@aJH!`T4`S@$?N3!y`jPpdd{ZH)tD3GX$hMpqQ$-uA^-BzX9F0I@X zBQZ@D5h}O9<#O~c#@!amh9dLwf9dwlBmpI>EZf5R-wZ{3+O7KF-@)d@c2cl=WY9<8 zK818YaP35Ype?Korzy!+Gw#m%ggw$aYD8LJ(k?9^i`yF;mk^3?{0b#6wr7U>+af5SBbIp4xhhtcbP9VN+<8d`O3*& z^5*)AR6aNevbl`Q=?$xyy1vIjQ$Bo}5I;S!*==miuo#?? z8~e1woGoMM*B0l^@Gbgk5iEUzRCHlzZ8rh`jgZSojkpWUmhl(SQh+)Fi`l&kR zJflo9Q*nKVKpO5?-g17PR7a=yi++ugD+9P}VR9Kem*?hrTsgI3sF06vuck(Iso3uJ zLbalXp2>uwBPOR-kC(9-b+Au?r%o3TYT>4K@XPI`>^nS$MlqO z4|-WN5;_awxsVoTn%`@>_0}pl=OYXLdJxdm?$1hWOk_|}*Zm#fqpr|tKaJT}4XD%l z`yYBSMAJ`9+{+9*T7ML*n7!I|lNw=nF*k3^J-Lt5odIgXv6W~aqFE z(`TX1no}=Y7w!$%1Z=4ZN5*PIeKZ;;G#W1uwkK7AMDLeS@^|7J+J5XHvR;z#K!kis z*ybd3%Ss@&gwPl?6`rBD=_^)mMbh-I!I)GG*V>+*qbd@}+AgAP-F zheM)7#QyKcR+|N{>oW7o&3S3ZBso3yD7@fU_#|zs9^MCkD4+tZe{p0T!bRBk zBx9T$DHbM=d2!!T9qd1-T9pVoa;&CwrBh#3M5KX;OAG=bM~|^$Retvu{U8g@`M}ARp0B?V z`R!%K{iNbZY^c~lx>QtfsM5T!vp^aM8mS+U^lG-4YMVyZh_JTw~{=!q=63oX=rv75h-A?=X?nb!i z?Phc4P%z?=Bx({Vfc*Qu3XT-3<7ZyJ1}BsGl?2aP?*wjpK9;;ET5&6f5eZEhqD*lb zWc|>{oFI4XWjR9`xk6@ATm7d9vhu}9hUlY7DJXO>LGgH@Gash7${;{`Nmz4;$ihh` zOC&|OBEJs0G(8gUhQZ`bDPNI>kw#(&Mq9z(XBVQHAt1$4=^pqgdON&CU3#4%%Sf8X zWVL)+4@)KT8juG|CEQ(`gfKHawfoLIq|vM7ANRDsG0%`5gQI5#;VR7(yBfV?GI`h2 zpIJ7$;+5$ZJ4VK&iQBz<)VYQBT`3x;IQQwF{~1~oM?Rn2xBVC6AQ5%GYkzp0nestt z5UTTt=BrpIC{ScLCr3(2|5U4l|9TY4Z&2XuI`LsI4Q2O1n zTj|s{d(F$_Z{T-4Kipi#=9gV|wHP@0# zi)8z_vsEAQKQ`sr!qqHf$m8}E#$#qgGb2Z$=){=le7c>wiigWhwJ@=!+yngMLT10p z&@TSW<{-NF-*cu2Z_MIFV+>0+6T`uoyw|*TJ~NNt+a+Rmina8;ZMvq z@`9;e8NfTL0@04!i9fFbD4A}djF9O6P_y3jUCuYuEHN=L94+@JUYk8IefwED!ob2O z2lwQ5D{y4rxzU(p=L-AO!US(=e>J0;n*O;;#ZQ3!yn^=%u*nHtTV=|)-u8)O*q;)8 z2tM32t$JqZG;J%#Ebfb>ll;AVW0g;7T2D6vqrkz`Sl=9^GRRI3ZU_xhZ`=cmLqt@f z%Dfl_qTG~LR89lj$bXM+X7FvAqkq6^Bp?iakNtt{6loZ7;{eEb;s#R}ATCsDO~BJq zIL+h2ha*V;7AO$oil{-a2S_TBNXR2=QD~f>NoAo7CPxX{VwUO2fZ@p>>XivFKtf{+ zs&_jl*+zC#dGYT2S%|#@KZ&&+EJ`_u+lh6eR_EAF*V7F5k3m`8H7oCrh$arwD^dcK zVy9jQAOLS&{d8N{L|UgyQw#nhl2+Ie+LiioZamNLUWLXFZ3P?F2A~sxms>9O^+D4q zPH;_#Zx_&SCAhaf*$wcFfeIu$Sy@|I%A5=JmleyUWtMdlMq~2U&?{t`r^haq^_R^x zIT?k_TT&zEV6dd=Mvk% zik%v1y)rn*x!vaA-IMX<{D*B$`}Fs&2n~ikW7xp^e`BI}`86}pi!Lw6ge{9t=v$52 z%SeT0CGupA89XECg9&TVqldwLoO00v%tH$^o>}YH6?+Nu3KvB0o{i{Uzu%uGh4?B} zBW;uES91J{Me1K!EL>8 zUDu>rWeG1mwNaHUaz1L3>lYrT$~SXM8&$q0SW995&ATBt&Zn6%SM`j1MJLgcD#Zwe zh7rx-^6rAnj~;tZ2Sa~8#mHw;ZJ#qN{d8_JLG~$d;wjhVa}l#FNuqr6lFTbM@lP9k zzslLZYK(#palZj7%Ek%Q z0J-FF`CB^dCfj!mf0N;~texNCpOXxiv>s3^>BFG3$F>QD5rsP`rF%o0aLD-6R*Xu8 zzoxgpseS|tEVlGN*L>Dw1Y?xz(N@;m>VrM)BNN0v5imh$bZxnn!<#w@sM!MnHw2Zb^+oSkN&NcT;r9fd!2&AJvewAUkd`aZm1CrR~KyqH(kTKE@1cpk=n z(zflg+X6~6 zq!LC8F3pyL5H8f9@*;}Cf<3ML139*y5FRNI!SXRu!dVm1f z-a}i(lLmncLL%0Y?yY?37ZPiCx)!!vs`jBA=6+!^v#Q~>eLNglb8UEVbFOQzY~iEN z`sxs{251L-;{QB0?N7o55b6^U7{7mvMU&WLX7w-*q#(=>Vim>BTgd`gD`9lWfn;pm zeSsg$oIu9#lV8v9{eG8{vilp1Ee4GRiTeE}wBqm2yY=2a{<05vJ!UUUFP_C@+%0|# zfYpz+GdKV+kH$}Id|pldY+4~mz8xseGTP6Ej;DbAV>Keq%@+a)wC2IX&5LKlmg0)| zegEr#j&1Ebit~a#oA)7DAEw@8U4Avkh{i%u9v&}IO$Rcwy68C zJrCqL+3*g-&_4s_n7_jLZ6d#jnUfS0ivJx8j__MjkGR0&r8#Je9M<|Kj&Q#bf+4>Q zWOEPfpnT$2@x}f;`EE)oaxoFJ_CK8uYhQfINnQtfr%gth|Ne}c-m5mfu^QcPpyzF6qs(#oU3ueoDS~{*Nq7lRL;@o|Ds!)7n^E^Oe}EqgG;dc z8yL6^K7ang3Pn4@&66elQ#a2>L7*rpw?pm=zY5E8_+rZnCr*{8HhjV9eqt$5Fp7IW z%lMS>PFB|TJ3*CvUT2*wkzixima3Hu{Ss7TuRXU;+#rilPwucFW4A5C7k9-)ew-0b z_IK?kMBx+xJHbQI+92}@yblyD{`xeE-$Bg&C0xfY5aA`x($s+XS2{rbK#aK}gp-8?!R!u#YaL7eO0AM4 z9wZ?wRgMQLdnAs^YNp7z5;&SHNZ@3#h=N%H(fK;9th@44=^6{S0rn4!l`PglJK1|Y z@Y?mR$t_zT=YnjZm+lQlw1g1_o-521nP&-2p0 zgMRpfIXy9n_!M5U9zsPEruV+rlrrDlAn^gsbHZlTCUmLGE97s*rJ4A>E?f^G#R(!i z;8h4pNGkX|3h2u%0K+3X&T2GJkQ=j@+?U%^QaO5f9wH!7+=Pd2nJsIIm)O#euf)uP zB%U0YhslOz5oHYCXmJH?=cKwhy?*eZ$ZJC&Q9R6gyA$4*7FO>$hKOsl74whHT6<^6 zPy!;NV86pjCw>{X>F@VA8Og`ZYrg)6l_z%B=|Y_}0V8eyLmApp8e#Xeg(u+AO@w(Og%U|#lBSXU|n{!jX-A88i6TLKsK zRkR>nlMlw95@_Y{;dp3`D#_AHp=hQX>K`4cEIYqiC# z^esEIeT?Vp~*XC|p^&^;7|!(LwhT3AHZ0O%{)xWm%Wb#_3weAAS~>Y(dOKoCKT? z){&G*Xkfu|aHv*zbvw*Tbz?5B;8aMfmsRAqugF41n(5rPw*=aX+_Da9{i zVeB#lSU$4jInk;1I_#Wprlb;v{$FxsP$0<4QwRtPpaNG}ZExL{2+~jhMnhlS585z2mF zq5fAV-KV;lWYmMrg@2mn_C?r#S$(?JMWkGXG7ILy|L$6I>DvjPbRn_8ZezHQSuU5` zYQdmY`%gxX$2!aL-!YYHsC`=b3>-fj)-Y{&8akSrWF2S5wJGj39a{O&i<6LBT{%} zIN%3F!6`1YSj98_Q_YK(^3_bqM6S9>H2}!cLU}fVh=YN}YR6Q=0q*CdQ330|4lOKM z+a~0GmoxoIQbDcNCjGXf&+b59(LL84I0N1}R~urYV$WLQZ8jF34)_on-afPKG= z@Iyb~aRZavWlI8%uuP>e+^8EQC}o^6pgBVP6VQaHHvcQ;<(lqs?gI2TLzz64Fcdli zl)*|SzI_?*jjWq?_zcz(0- zZ-D>X@QN*;ljKW$qCT2D)gqeE$&P=tQ%!LD@>Z0cc`#!TgI(^7t7HBRJyDe-`XTKF z{J7>G9Wp>Hvg;s#_j-Nxcok`0Nj7A%uZQRUIV!m#dh_wc+YuJYQ*Xo;9*nS&*ltcH=XJsWr~+b$r5WmmaAB6 zuEefkyPue)i*pWZq{SRlv9QSd!DzSctKgPVwmk>zu#CM`>JI^?8G@6vx@FNgR*mlP zfM5ORchPf2(k=F!zK4`Lb&TRv4P!B7q|dYC?*&?367F@1)HN+)E2xRM3}&Cc$ zvY6JSA$!by&LyY#CK5lI+94DtSK;j6Up>LhQ@NLL(}dq% z#G;+B_G%kFxu1B`gbUsBna*-~H~*tm0eR?+djV{#c=EfT!(X5ck^wTMF)~W)M&hoA zTu(DA9ks^yCjN%wA23w`2XDfSsT10FSNC{~+3bbFB~@BA6bQ_{xX_{n4GXQIzYI>!9)%23wWX54C} zbg~`_0D3vmwsaZ%-+5L-1KcJ41xVe=AEAGojlULBtoFS*`Dk45$FYr-ZsV)Q$kpMD z#olPfbiIvQZ&A!==93|NQy>@VKI!U4FfebC+1M~HURkT!jO)|SFjp6lGpRR@(&Yh3 z8{Q3dAbNYGR+e2MO+U+g-@L%?a`SO$n_PAn08t6`Dr11kzg!=Qpwyw##zYobRoP7D z2brYbdceqELokg?oPa(JRoi~PN~hMO7ZGQu8OW8h^eg;`|_MJ%W_Pe3-iG|k*5=Z^jzP0EpOv8Y&Bfe-g2qdBHDzv z6}!hg$?WlN#$T1c(_#c)r_ny6T((#?rAR)5GobQ6QCAr0fH}85C4l|jmqlTWpbwD) zU+bSI1EuVo?!7h)FiR_cI+f9at42(!L44zW171b{&t%}tbN~AEwo)Aq@ce#oTUEIS z>%P+E)u6vn8!Ei8bX&kK3&Z!;+0#>x6IwaKC;9R=36;rFvAyehd*fv!NZ108a+~*Iy1!1DVKtsc^dyF z=#v{|iaB+PY+G28*5WT4Z#_B#oL0TnA4Jdfs?-kWe4YcH7SdpKF^phQrU8aCv1B2M z?f~2oD8Bo*I-?ihhSw57NtaX0lcEe#b#sVb`LB1^%Ysw4RDbob9*whP_SJ-QjKu$BBK3I$YGf7S*NMX;3~0rke$_exUde0AOR#k?L`o&NcuUE|EPB7x{2tD>K|6}7S1EB_)A5E43_bePacTK zGk)a9Fmidxx$h7~YPU*VFnndq;uQF+rO8xu54iuzUxTX;K=pmY#f8%()S5;^bid6p4S=nV3y+fLPl0|>63TX1)oj~uyI_k{_Ex9>uA7KZloF*-25 z$RYWhyi+r=wPfL>HI~n8dSKf$SO(_6;XLXBwVU~|TkF3u(FI>QJvh}C0>bb>Ls0QK zmtvT=FJ>O&aS$az#;R_TcUe%CGhL7x(Qf|Dzuj7$AKtdK%CA8 zHptC)p<6BVCA_2Vsx8n%gjbV}_~~A|2?_SA4CU}BKMTRXrJi$7k^6@Sj^r?|vWC2H zwC0!tLWmR{#*(SGJx=AyL)<4{4W=0&`)bGBqXfg?Ov?4M!hI!i1~W}9V!j`>(idC1 zdN7SJBayfq*)(3Ua+FSsjCn90VzRI=*oCws&d=_KuqT@ogv*TCjtT3#-(y7pOU)FH z(?4ViUdjg_NQG2{5ykxn&{r(dRr;Xq0hhUS&xbNWJ>-WqI9#9AI-+dK-Ld$VTQ7JW zj1Fafyb582SNQ$6Qf^q8eI+8MpE+jSm>`8}xxKB>Ii`T7yU(eS!XGDdbXwS1f4RtY z`iBFVzXUE6bagSaQ(Hh%hrqu%R5<#=8JIM#gVUX|%<87ReMH`4*Jxkcfog7-9%eW2 zRC)EH!B7{_SDJBb8|XP1Ezoi9Ac3O2Psm3h6J7M}t{hwKtZ`{5glH%RDW=fQ>r;W- zf*}^!k|5snq+T9aw{Al)o;Ak9yp8d6LK~GucAUlj=e@weB>$5eYQoNVq0#{+T;kdV zAwo|b%6zfuJr(D9B)sK|un(E+OxoHvOvE1ux&HDQ8UN97sQAG+%Z|ku`*)6sA#J&B zi`0SH_dwFtYY9E{L$}#^);1&6_vPaYOQLR-4qDGGX7M(HTq|N*973A4swY>Yw=$j> z1V^(hTz#+c*GC5}R`mfB)G+yIJGWYdTv0Iaf>*cG?yrg<)^zXx+6M&D7)+DqCI*<5 zK{CB}FSd)kd_21@b4xqF`}XV2Z!~(A!+v(TJg&^v#NPiTUvS%Ee!p=%6Gn!QYT`YoIu& z0~l?E!H4y-&3%RR&xOyS0AET~37Cltu2N$@PWkw+gTUZ}83FuxB|z&pN8jSI9que1`Gi#~uYUlvHBx zMP}9sPq9?3u8{;hIAj_;IthWL=!*$R)rxd-?Ss%Xd~4j}HU{d1n@7Nr0RPICFXrnx zYn*^ESZZ;21JpkpzA6_SRf7O$I}BwU8XHqs6w6s+yP>^~|F{|$Iq(+d3$|}oV$!OX zFWK|8B|BZ|sC*b`d6a_DSAXSiLd%#3l1=hFVf@CUV3G3r! zM5yTg2*Dm)-SZtjeNl29+Lbix5BSegJ8YkClWZl9 zXOOvbDCsba_ydNSM8-5-L8gTo=QdIZtSNnw7HUC|+BNH$*3R|^aT8Q!5Vhnwx&VA- zLdUXQg+7N&j>r{|kUjU1QSQ&aJxo479c&qCQJ~~eKcKRD9JP$BaaDUYtPWJ zSwLiGTS!}beb@SR1pU^Avw8CK88{Jrl%TgX#j2zfeygcmG`&dV%TrQ--f%Zowa`X0 zx;bKMSt1v6f?kD0Nv+_n%K_Xd!+yLd{$Drdyhy=@AxG$HFFt`WJKU0q<<`C3Fv6F8 za+XX14-Hn!Q_l6Y#^zilR%#9kX#b6{yb^gAevH|quRh{R>{)XBRwg06v9$jVfjkP| zgDM9cdXK&)YZvqP9FGifACjab{w5*X3u#%hr>fhHPHq;A3Do|u@1tbl`=l)Y&B>NN z(EKAAe()XfZ*|_L?Fb~5L`s)ojftlI6EdKgrA*C%xY0G{juo3FoY#b3@+-X|&_eUx`ZI3d1p|@oGKzI9f;< zRA^j-INH3INCkhbBfQquc_EY4NsX0(htzbvejswR5iAzO$h?O$ZR7hR_R5*8DHwn_ zFj_6`vfZbe=o`Z*N2&(gRm#LQ`9TLem_YOo8<1EB3VN3QKtv9S$7j`@e7HVF$|pZD z`{ujW?(<8GY?LG@CQn$sv#<5mVh+3l-$By6D%%8VUt!<#cUI2+YI5*EFG&LY z_}^1l0XzT(rCec2<^&K-HoP&?sLbi<>FiIlf%k_nh<%Hwj7FWpDU528d3%5!Cs+&# z#ShTe6zI3GyyKj-iZcguys63~26_k>&gCN7SI?h$#wY0WQ18+Z^Wi$X0K$8AF zTgvR*nGREqsRnq6To5aRiUyD6ci$dNnK*%%-}k&^aV%vuBqMFR=2^5+gfPs#bAS&4 zUe5~sj*8f(j~s%Hc>vE+5*~aEXAHwjY!K$&Yc^fT6fiyYSI9snvBr zt@ZRe%Fx$EXJz2L1+_*Wrg@|4A}9q@&+QV9JHpp%K$rdD-wRxyivl>K!dtmXQ-?9O z&13v7u|w0BXwcE;-PG)BPT_(VoJ2CB64UXlzsvJ4wM@Y+sPUt0x&RTa35P{vj7-_P z5Knoem~xJy+;$TAKN$B&$|k9^NQdK!PRQQGRJDCFzfO3Kic7tpSln%LQ-~a6*fS~4 zUy@(kCvJHfs?%g9AZ8VgZUcD;?RYHaXLn>ts@2xAw)(8A^g)^CM2#z3Z^fZ?qLol| zhbD~kA02u~TR(f5xD8kOd>-o`tBG3lXSY23i$`qs&QPM{B)MEDbZ)eR_cZ=Ps256t zxfngUDns3t#rWYcgo;!f$LuonKaC~u1cfFwtO0wLN7#*hEAu#do@P+(zCyLpZ|(BOL6DlrP?}hpZK*wnc+{GxvIqqWguzvza|Yfs&JzWPP(4o6k|7Nw=OMg;{Hy zqir>S8I-iDehfumhCsI45X@3d!L>PSG3MTO>?KG8RY<#MX0I z29R>Fh=GVeqUEl@E`G=Nwimaz1oxW<@Rn^r+OE{#5A*}>{Ch1mA-TNE0MSW+|_nMOcYGdLX)Vl_Qj_-DLpwd$jaqaroZ)>f?x88A8 z(4-KCqtdi53Yc7IO-iTcQAmBhe3=HgVG_F8l>lr1y*bDk4ubuG&yj|Mr2tL9bqDhr zba(Q;hp)vH>>66q^(1)G5I{~eHYh;T=ON ze&Mi>eH%t3o;88;=In{4z5QC)frtQ}wxve=D})SjKb)7-y}ET^(x1&)=DEn{ADuLo zUF&*H3$Sj9Uh6YY7@>^oUomp%tSe@!HX7Kqa^=}yKj^IREA zCV+JB_7%Q(97ck>{ARv`=4@?OuzsoEr^dZ@^hJytVPNJ*C;So2S1Yh*WN^9Jd8nF{ zZ{RF1cQ@gaJtwz=BcZKPwt5eqwt9#WV$X}1u3>vDpIB6dQX3&x>cZ;XrNVVW`SetW zGnRy%k?kqga@lS6TZKjs&eLNNUsb>Vs8g$CyRWK}+h@7j81l{Rx)JFJyiPUD{qoyi zezw9cpki*c(cfO9uu2-fr1H9r{No_)M}G|tgs_i`_B}G?pkKW@ruP1=ZPCp5r`p)fBPAS8yXy z{!fhpo9(g~frfDUNQV#KSLBb|*{L?i!$g6Z!aL1_Nl7qrcy_+Zg^exdSa}|8u00;h zEqje1TCK9=jLu^e<=R81uYjs%rir?l~WnyDA zZ8J#sBWW-z>ZXawnaytar!DP$Pqg1Ra?c@l;_!x`gbfO(5w8^590pJlE!uxSE~i`I z6c^&!CkoQ=sl9l-JMln_u7X@?x`KE>sswxnrv+!GJ__byyARiDdwKNJ3qW3%sEPf% zR2MOxC(1qyqs$FZ6CXG?+uwn3_R;3F1e<#KmSdS)i;+0=ze&CUJWz3&nNlT!0l;d6 zxf26ZxWwU4BNUi@;$?R}Eh_I#pR6;I4M2Cr&wv%h{z7yuvmm5d1OB4L{e zXQD1i)SkD6{Y|Q9ks;>t%tz^OkIiM*P5esk@QC++6UQ0wIgxX{$XoSi$&YCcs00p?8@tl55I5bbW$tU&Y+mUtxEDQ`h8R z{YD}n^9(+>nMZcIxb;c@i#yI1cp_#sYU!l|5QCCYdoj_a z(`3i$T0twZLaj>HDMG!5(3r?+2bKZGWJnvyoQMsqD{F45DOZ+!lT)pVCr&;lw;^l- zCd}`VeI8creFY~XWde5Ym?!j0{$2{so`C*ai5cQUBo>Ldq-Z{)X--6meoG3=0lExE zFU?CZSgJv8K4gC$8-!$2%6?viV#kk78vi-r{IXIxoCS+$?zas6Ylw^KloP=r2iN&I z(+671)bBJ;xfQCzIY*lEcD2{Wq7N2p3dq|}GN0FgOyG!zdgJhil=W}MV!D5P?e!5j#r1}TBS9T+no&5FkksQQcBq)%U7u@W9YIACOAE-5D}jcyyH-4K_qkviF9Lsmx0s~NEVuLHjl*({NyyhE zU}+#Xoc^(J3bp|h)Ej|;LxM^O!5` z@>ST25^%s_z~QM7e`};on-L3yKuGzf?Z?M+mGt1g14l?8NaS?6ff*(Se&cgI*{9z* zkZr(okrwh50F_gVnW5J}QOJrY{YLh>B_azP(VH zy_5NEg+t6^iwgrn;K1Gic0|F~UjVnq%{`)8VLc}RshuZ|?c4>X2QoKYVS;Hs1kZs| zr99+Gtj>-xq+IG6;+}xuZUGRZI1of^C-2G>cRC@i6f7A&08G}U!4shq3bLaQ@?roM))-i>=vLzR%J#!J^jAYBw#|-)-4uoxUD3sVDUqZ_6S_P(~xW8V3j7udOv6@qX9y`^-_(>`hY$4+`h7 zQwGqG^kSCIp?PZHpju3V~*zZ5U8d4)tD ztn=D6-X$ZD9#o|eB5$d4DDv%&!K%m24h>{;9T(yLFYgi856z58W&5V3+@9RMw zj;w<6)RmA zMq~=(uq69z2`9C;=G^)Q02F@tU{3vpK}21yN{w_0#B58-(cUFQAG0K!J}U{N-^u(RKaM&c=;Bov~j zU+TxN{r54ZHugVNNbOikv|rhTcFS^H?R94%Fv*QI!eNxV4yo@X(FFC4EY=QX%};c) zki6*CZoB3DsM8xYW9+GfC?73Y#ygM3<2UI?5f_iuEF1VM?vR1x{cqfX4Sb*WAFt84$T~XDp)VGbco>+tX+%BxD8-hb z97oDeFirzEqXTAf&mi?1&IFixUb_~8oOixxA^#s&XBAde+eYiT7Tw(`AR(R7jdX`} zcS<9<2np%#Zs|s(5s;9Q5+nqXmhRe<@8A1mA8^6}7hG#H-}f2MJ;tB_2W$zrAXZwB z^U97^PtoR+-d4Znjrgh#S6VajQ8juIgwwkhMxVlFYqa?w(p=hggs`v^kuW`9diL`Y z*xRF>?*r5d34)x1X4F4lUvOzO_?I1_Xl}_~TzBI=rlb#x8AdmuTS_&p{ z7=2a#6(PSlOn7xam>h`TFRqVFoM3pf0PI!UZA>Hz>M(TeG z!Wj>?<^e0aaVNHtG^kpJAfPCfnW_v5;$*~HPv$9uZX;~Wt#&jHEWjN{94mu1A}kDf z9s92nSV@K%`DDsAGYW5DcfD3dP-?0si8&w*jY#SDl{;X+-=JIkv%f0oG=w-{bw~ z#SMe+DZQ8Q`LC|U3fbPieJiqqEFqdAJu7Z`$6$`K_pRI>xVivkQkhE-!B7X?ZZwOk zrJ>#MV*&O?ukr(U3T}r*eOt6EebU$O00+FdOQ)7OUg>Q&aGvl!8hvb#76#tPzkGge zD8Nk=KpYO#m%N6+tT+&em1!m?eh0__sckW>D8sp6wh*{mj$h133M;ms$Btf5!>3*IN4p$U0CJ~FlPcqj~Tg~Z%Jarvj^H^nM5NM4c?;|FLK)_cU{ z;?qcQH75fW?J_35-4h$^jQqD z*T1n*>2vIMUM5UGxbbpLU%^F7XPlENRs(WF&E_kd!gU<;8}HHmsG^6)J5(f8jWyRv zOw`49Uy!g#%@1yfe3jPNXXJ2cK@!<3vn4weD6VE5@{N6(c|S;HO|H>R*piOl2;I z==vK``UH+w{m2#$dY>O4hYxp%U1vecyTVB`s>!2jT(8empsmiKm8XE{Qb&JsYmKEi z4ICaWeVihNFHspQ5!?<2_r#x(tQ0}M@8r(+94u&?Lg=44CKR`Olhci-I*hPT#AQU~ zb~PAE{;gRSe?@n8YYzMH;PCcXU#k{rvW6EZ+4nY{?!Q>Y_jw@saLNs5y1g!MMTeOS6Z^omwk)`KILcShTr=IZKv848NxbdN>ux+1Kw9iBdly>^P5G8-L?Asn8_5xb|X)}PRY?*dviG|JCeaV zK7aa^J#6S)RI+bUl2K9gHR+9?-U(~OwhqaJV~vw`-m}Q5G}T*Gfc@AV*^To)w*d>h zkCXTf20Cc~kh|S^t&y3s0zj^e2mkY?%|uQinCTwCU0C7{Xkfw@N&e1e_tHn<_RC@^uJ#Ut9WaUZ&yT+%OTTBB8=j9A z;4&5Z+DYmzdOs}S4mDLj{WCHc1jNw+C4IG&7F$ z4lkr_Be!uCBg<=g`$g;Xyo2~f{6)ttIn%V5&(r#{c%w#8oL7Zl?DO|syZFb{frR70 zM)-A|R&JYJ&N<9y%%u|I{wT(U(aH&hg$-IuHv~^3Ct3)Lh#*iSzoAuPd%QnWm1xLi zP^E-OK1<6fOOZn;$2c)6y6gR45n!}xu0-s{IeDT1uLyhVZR4Ie5(?u$c^6fRie|GH zJKPPY1#j2yeCNds)c<@^>`4vW*hnvdl27D^a~heCws*tMcX9C4ef4HF14D;?5T!j|FVW`wTzLQEN7rgdK&5>s z%WSvJi$KZh{gAeUZ!0~A&c1^as|~-abBAN|L;`3t1d=$azD9T-F=hNzeV%?a)83YU z9gnn(1@Df$`doR4lU4B4X1L9EN3?<-w82Y$~Qr|qAQHq^Nt=Q#@aN@m`F$^D=Sn7Qv2 z#xjj|zIUZVec+ACM@;h$2V+K^ycEs{%f3LdaS?kFL*ui8^5aia6%><+{66}=!dI1# zC80J~iGd`na)2CMs`oA=l#;q-w6rj5D@MpLlUb-Ef8cpu+TD$AJKqm6z#m;t>~)WC z=zsI`w4}gHb1cHIJ4estXf?3lS*Y1WlE4>|FnnfawycgVw*Tr?JM(4yC_s|aZ-d7l zzC(C#9H=5T31)9*+Bq!u4L9cpcO_)`PtM&Q<)NYb%0^6z7LT<-N1kLV__1IbbzVQ2 zltMJevz8I5kZamPR-s)w$C#;VI>Q%@ljg+`Yhuo90Qi9it2+g_p$-` zvrcsS$J=74p<11B&SO4Z`0|PCnE%GNt3+D(@1(w_CL}?rin%{C;0|kgV=zcFeS)IW z|NY8F9pCgRfrIVBzkp_+-{h{kW$AXuM!E&!qOUYcunCy;Gd)B}# zOiDpXJB{)UYM`{zt@QNXDOZvHhl~2~-|x%2{expE+_HR_jB2r2K@Zac%B^OjDJUtU zBIa}>4PsBPU~N(n=L_jkxr*s^Glf#JyT^$Z_eLjKuXGs4qKRHsO5Qa7p3!?1G`sV3 za!<>NLAofLKdF&@f%3H67vkIVC?(@D`Lij|Mk@8+ie07ifWv^~rgv@!86kUMJh5oT zwum6&%s;Wq;*G(NYUM{u5sG(v+SnKC?x0j#6i2ZXCd3dFb8|zKXVO)&rngqM6mdrT zCJrx==;?JJeyPG1Ta%FE7sng>rO)p1)3@elSDT%me=t1;;Y8G$^vI(Tv6lX@nK=7J zFFIFYoZ8{Fi~a90;Cd?kFT1W15xdb}&X-}MDQxn&f-U7rB%Tv!Zi(Eei!=SXIedIoHy-cwqYR_cwfJ^Pif`q$&HvN8L4Jhq6L^_j-Z@cZ zl7YaJuW8PdnbwGmov_|F+J{kq(oV5?VTX2=P8hYy&{u3~4sia&AxBO8)|W#UiqPwY z=0&&oeKeh&Jx39J46JzPp;$-W!CrJT3)RL|2Wgh53Oqk5@RE8#8ov1ljG>ec2VF%t z&`x=Yuzk&P6_j^qu-LL8g3Q%-{)xkL^MU`{Z4<^NKVM)~j(vJaP*(#?cXiv}74pCQ zG3FuYrwD0n!!In7i4M=M8|A6*qItJ*vN=4+tyLfnIial4smW5WXWIj{_a@-t@3+Lz zLss71{kopCK@=O+W)erMp}c|ophvw$1N1%soXoBL#$Mp8Wze#)n$0Ee?0@Gd$qH_-zx(j;?Il}o#xYm0~QTH|2(LLfg*aTH+s@-%jJ@(%kFGt zvf0VT)$#9vK|$`o`|Hhk8m=erwE!YE)}`R*$D$C7m3e+F#Pb2Z0_Fdn2-!IN%QWz} zk9Mgnl#0**M}3qYWt3YStH7s+t0J-H-ReX3KYfd_7p}mRtFq~f-j4SmrO+bt@gV|> z>LXCtPK8sCcSW1QezFn)yf3pHj-%Kxz^2w#1hh1*q%ZlqnZcG>Meqx6{}CA6cwe9X z6(7LOBm2eu?ptUs+(Xpe)YzC}%m*KO&PzFLE@Cx^_$%#CDL#bjCXfPLU?idE>CxcV zU3+{>h-o9h@cUSC_(J@J-+1&1)tY_=-sVc24IH>DjC*I2jr;5AIKKZi9Jvw1*WKM6PgDyv z#Z19ro~o@p=)*-#WF`}6p<(YPfp9=WTm9MPoGRY8&xW}>Yd`VZ^nBBihef0QdBwY7 zXfP)>F-H|%(~t%k;mE(O0XL%sJjb6wO7ux~nXd{W$NYMSyh*Ulq2T+I%)!7^)Cgsa zazWVFeteo0kE2y1@`#3R@OmF2N%n?~IJ43EyMk^zsgPH7!D=n&xoOvto)0bbT&y>P zw_u?^=U^;0BsXcXPvyY2aKjqFkNFC)oAp0|F%*%4S-cMPqpWXh$+c_rwNuapPpaP5 z;l@nGMN)5610^;P7rXIwJp3I3>hl?p19+vy^_^kO2AnmE2Y;}ksHqo`J8QLTAnwi3 zM1zt!TEI|mp~?1IkWlmf?gy)1Q@#R{3d?GqSQ#q0P($mU$g*0`F}vEoiRa7K z!CNTI{5e6eRjQvM#?R$s<|aIOu!(8-Ms3%g-#yNDItH^iKfNJS_zI-0ilrB&qPL!0 zq8IR^huqzM>Ff_SvGzUY5Bpo&tq4I6MC~|Ged5x^n7Jr7*J{-8O_VJgBy^Pj`qWHK zfB4?uaQTP0*Igio5S>ZUy2B&Bm;^b5bRgcIdSa{zSRQ2s!U*JJk*}HSX zG}elwsO1L|Ck!#L#b0(FDiA72u-e<;+o`oaZJO%$T+`<+UWwv#;mLA)jKaII6EAkZ*J(1{Nc z=CSuR&~=0>;5(_dfUhxE;6&(d+P0H1`myPnXc$P?h+I>q7QE!r_03v1A zI>KVHtZL-x-v>@*SbB+QoAa^+@YBb~vg8x`M}eS68aVOVDQ}A9X)Ghp3Gzma{r0Y* zUh1`gH7WeIcYQ2+)fIIvK}OBbMqM@YxC4*%g1DPzoA}z=7zLh;;`U6v$~RflT8;V%+eYds9GUWoHkqLiMF>=l|6m=A*{2| zS>)D@;gtl%}%WcZ(U{Cu0kRPl84#79s|lU^e~6<`Y2hl@PoEaX&;{&_`*Q+@QzW zha(_u=}iwhpd{oc{VWOH zgQCTAxp`utk;r5RC`@Hf^++$h&QFcruFmfm_yyi`F@DB?xt}-Lph& z-VK+A4$pqC)#tYlMjzl@5&{(HYw5sWXjoWp6m}-%e!3|O%!uGf3|>RJUb;HgeoQ?7 zd~YtA&9J?f48X(Rw#rN}ejCEPJwa46&I5kO$B43!{XZn@+4rr!EbJj>si73G+7?-dC?(p{YzJ?_nh`|P*P#V^ z(tgqTfOebnivD?V!zF|tpeRBIqaiQ@uKpQ8b|j2+7x*q$!u$cV0<0;v1H~w%pgstt zDQ&e=NEhye&J@%9Dra8koCfNUPj%fUxwtzJ4Hp*Xhu#C8eGAAF16=HRaKcyyZO*)? z{>i(JErYxS81I1+W&#z?jp7DUjV zjn6;ZT&Te4rVP;G&I-ew67he<5f0lzus{=!RJ5g~`hQsf?KW!jvz3|%x+t4u|2Sj( zK;8g1*gTPN(+V^upiDADXK5(nl=Fo3go{m8J{+QMALpW*;L1jVilpS2i5JCn+Mr0> z4X0y>8!PE1>pwkBXfMvH1M*Ca3-p=?Qc$RCs$|DvKYX}rg42>F^Yn{&;pBVB4WIa@ z>%h5>SrHB`zy0q(c&ARanN8zAxhN;AhhZGom4N;!mc>G9}8$;*ybhaByt8 zsrB_AGXCc&*=j_A~Q|yH_@Pg^l@D5gy&DaJKR=1JnrgkBHV0S76lQXR-fMesQ zP?Cxz11bQCAr8u;q?i{FdVQD?LE1X;^8Ah|D3B^JY5g5pbSA~GQJW${Pi~FM{-Ip* zz&!U*%A8|@^^}qkys0B*`(voJkByV2Q^wtxfME9(WY9c3GG&WGnS`FIr1Ee$mCMS+J9_Y9o^am1&TM#@Or+S(m2%xCS4&hYBAM%3d{ zALzOWQtm@vy#pCV0;c3N-*_gb+wVU;L;aj@4w#i#@uQOnNJ~}OJ zGsB!(6zI!+>ee&{mwwvrLn!WWR%I}%%4jvkDPzons{gn~_9Y}x>06iPWE!3C!7c7j z#oaY~eqa!>Kx9A1De+gvvOjhD$Jq3u@E#-Rq-~LlB3bhuKk8eloc*KmM_D6%>nMC` z#Wh=I@5k#0+}y=~tQuEly>@Z_@?X96J>aN~1TVsL#=8`NZ}te|?rR?3Rb>=pDI@71 z?2K4S;>irLXs=f@LH;Zxh>hde;y6LQ^Lp#e*<(hn&3WS1YdgdIK+<2TCVa&1f?j(= zaVYF|BSm88>zQe59@v-|4muB|s>?yW9DVv82j853C(w`aIEKzfy^z};QdWi9G9ooG zea{yPCHm{JE>0X3&h3B&yuiz7Dc5fqEkah@B7-JW+ci0owN7cLQ~9Fx&JRR%t3#=S zUw%?tFy^tDcR3)|)-q6T4{!%c4xbK+rY-2F#z~SZEu)Snw1NEJl)ASI!lSv&Ht+y0 zj0+Aa9vi506^o|^e&opC=ZhBmUi8ra3X%$(5s-$w`*5e~m(O;6#-8;$2&cxlC9Ki% zvLLhR@3e{H+XO;kk6SRUWV%W0fv2L*l$y&k_od=noO1AnJRT=;)t_qiD!##sRFOG< z7-K&z`fga4)PS7Z29|Jy>Bwn=2)^OmBO5-%IU0pSsekGhPZ;Gr!_z?=)-vJK%m14$ zSqW9LA}KKoU>*m&ov2bU04f2V!;1X*H2GCk6GPz^{1GnRKvs-^@PGhX+-w3kK585; zwO~|f_UM75rR%*Dh*0i(VqS)Vo6{)tcZA`znfO#xR5<9Ew_knHp`)321K`?2-*bYG z6c&qrCblS7T%051tpXFMpRXXOCZXYYk+Ve0jH?#nZwk%gu}fN=2(~B# z*%-^zsOw_k0A2M+e;-v0Ju)JStS#~$gd1fsvv&sW4ZR##C^g@#hkw6DwS&r{05}%1 z7emGS1=(SGrjDFQ(%eYm{T-(noEFb!l@JuUWgV0biDN~WC%R|+HU^BCe+|k{59eSH zkuy!a*)5L@wx)ZBc3}sROFU%%g#@^L<0}$&adA0$h}ed9gqsGCUXgb%0DRNXWV%J9 z0V+(3+RN)0ZIimt|12a$U$y&Q$({ z4u8Hgyoh(diifs?{HQYqzxO_fnS<_>78P)b-`k8he)DAOK8Ot9(vtuLeG*8B^!%>} zd`!w!C_>Z;aQaLcQ=n3W=o*o&p=SV@d;um+1nXa9^+I$?s zE8wU&YCc%>nm#u&um#Lr*!$U3E_zE`B>18qE9NAPaO@nx-s=xE>uL|sMWa;@)#1-S%5@?p$nQoYNw&Vxez7{9%EtC8a%{_A?Zhnh`4=_PQZbR(W;{5n zRcnh{rI!-ZB2Sw62b$QxvzOtDvA#NR7Cy)&{c+%^1}T5)_onLZR;6r+9rA-gwWIy0 zHpk0SrQ}FM5+A~Iu9UJ^VMS5n;E;d{_2nF`av8qO)Z=N3ZIh{1DOI1~m|(oNJk6bl zbQ-7olqg060xUkA;o|0hC%ao+;({Hk(Y>vI5=BTZ^3_7T$b;SttKMo-!xjApsqDEK zT^Mj{Mn&DtT1q+kLpSNq5iLqZEXPZ#&X14bpgW)RhJR^&`D{l)HvjZz+QIr&ha$qq zFPbk9Pj%7od01p0SKGfPL*%>%bs@0DD>yXu#|=Sh1o!X1?{Sat;!H$>FszwGrYFz2`U z)wl+o)md7Q?XT;oX4eNdOu7U%DDs=KWCJN+#*)o_zcsfxyzgbD#)l{4z%%-k?!!fG z7E8q;x=K8Yg-F3>fQ~rpzjJGqxn|i5SFrMJ8~uZzt9=R}C*<|7FtKQ@!7S>`?!{5M65lj?^%4P=?f%* z-|pV73Waifp^ku`m-MI5G=XKP0kT2DZbc=FUb|t0x0XW)d*R5Fkyw1$ea}= zr~)>*>%;8@kH?Oh^{P`v-H<+j%LP!w*C)Ui0XynFfdPGNVZ5qR64b+BZS!t0d&WYj z1k!${DN_GEDSY8Iu65!u>-=0n>gM3 z5Wb{K-|FJcZa5Amkc)-2)hB;0kbuc z=eXL`fB2U!Gy$FDJZ9_d@If&Igp}fqYnTZ53ZCH!7m{jb8pd|M^^&XzgW|!-^fwoi z+dsN^c@?QB#}8X3Q+eNOliocq2p>GjQ%N}@hOdHulMBDH`qcS9Ug2`~KhWv6SOh?! z`os}Ndy0>)6Y1~%aO;V~S^`S5<_$}eld7=b67w_`JsPljVSg30q7*Eoq5T4wS&ch& zr@RM_qY%PC*>beHKLbnZRg6BzPN;}HD$QXp40C|Fh<%+L9g5wIGOiHWpDf^RojJJ2 zT9hyS<`0rEI^HGzY$y>^3}rZGN!gxAAZLQkWXGGMjJbXhCmK@07W_d~>}4&tJ_S7=X`EbUiW z!a7HyC`u^40{0iiX|786NEW701{zwdu29>d3N(0Z_+HtXz;EAK1gY{@Y#>LrzY$GP z&F9NHev*i6O7j<(zqTGo=EXJ-3W}_wMv_ zTvkM|Qfp3jVeCO`*jZCo`0Qo=1?1zV7c^09{q|dR8fpaA9*yNW{1-WodG92&62Isw z?9GbVw0noQI)BEl6uEqPfVJB!20cqO`=VK{sDziU#Vzc3*#@5ibKO~x?`e|ieXrl+ zOky=&@P&wuqn{L9S@;1wd-Ij@U4EW;(=1hUwsImt2MUKvtz1iSm}{QJCFEV+L+A2u zCO6j;%q(`UPc)moudGi*lb!ewIym8}Ask^xe=2*P%$wtWx)V-qyd2xv`Mq*q8{>ep zUV=bP!a60FZ6!F;+~of=pM3g^RQcLU0X)2HUoWk7Enj(@%n&H_BW`MxcAH0Z@1ft` zA-96Jbjjsj7(9K66q46*(*PVN+M-|Yzu9tcZ~F&jcUPsVJLT+Fl(Yh8F^}hk;K#Fx z^Wn88ra6Zx!+L_?7G$^Mb)3G%Fh8U_n@OVrE%L90pj@d{X)cibJ?Q&d;n`nS8V*U; z46$TXf^iqF8sP@dWy~rN-dSQAn{p1y7mU`aHmpM0u$%m8zXn38dG5%qCXG@tH6GSg zZs7G-C+nVTwC^6O!dQ>NKML6!n~HhRkK$D1r2eVW114fn!+VBM;KN>Mt}TQE5NU2% zeE&uKL@X~OWSZ}^3ZGxTd08(?jmnmT)E8;WP8M;M0xDwiGyZh?sShCevsp$(%8Ui3ZO0+75YPEg1aJH?m}Qb;ey`a9;#! z`aV-A@h9S-Fhcl|4rBpSSOeU|Wdhg<$uSRTg^I`6vg^7&@7G`=pf4tJiUq}gcNMI- zc3BhcfBzmRzyT{p%=>PG9h;b@Vqd`F63dvnBvPB{)&82u1Vg{ypcQbgE+;~$N4U`2 z!kyB#8?4bTbHNB96hs0*si+?o=2iRvPMO7^5E|u2HGKssm<fIHYL4y(A77^w^=E7!%`S&oJ&4L@*`I*eszIr$7C6rVnUX-YKRr zwGkt|6Wi3A;xhRCdMWzuRFiy*0!2KjS_Q~}D6u1)an~OMQ{Wy>=>6hf19u#-bX=-l z`;subYPAqyBij&?K>o=sLMPk?e@&YB^)VHn2rLe$9k^Ra`R3^hL?4R+**FK1z$d$5 zTFsj|*I@^c_a(1$cZxM_4HKh+7xlZQOb^*s`*~9WigBPb|K?VDnFitAwEe)%CAcs% z$+tBqdA8M71U%ar*d_i0=Idye;1YUILkF!{-VMM$MhS|eM9RSzv(uB5tLB#drVZb} zfVR?=ROvPpae$U=ItB&+HTVTexGu4>1R6U=%QYh<$N@)I+^j={7Toc9?$fv|hR|^u z@X+Ns;`-HCf|YgEOuGFAFv$7UCO^`h=`}qZKZf#-oZGF|yV5f5q;>~BppYH;k4nGb zV2laJ5>S@NnyM*sDR*||&b^Tq2%?Wd`{Ex&xHf{!N_sKAs74hGm z=er|q(vkZ&qgk{%PX0BDw;iK;yAyD1(1*rUcLmm zX~Sq5gMjv@LkWRX1Eg9*5P(0_4|;np+g3PO;d2uo&N%Bj%#cA?`$g4-M0dVjU(lMj z$*|VY@bwVPa?$xhs1xyz5L~#2gLqXk(F%Q!O<@W{G+L?eSsEYPoD4#>nh>7nfdRk& zZm)#W-EHi$Ynm`ii+w%QQi=Na{ zEjzG|(bJ<1>p|d#W^n6-W9#iMk8JDN#L z_P}ZL={h_P9YDD_-{X#yG>(|Mf6u*h@bhf8Mpi6Kz=A84Mg5m8cdtsb?{`E&SI4^P z$E7bs3O7Ta3kFzuek@p*_+ErTkEMhY!1GvEM>~7P!#U$i>ER2(e zeMu;&5BISrqt!{T*d{LN5KeI(gk&n^5+&iim~B!r4Oh>no|3&T!km zu__$C*}JPFv}^{LbQ$!J7z&?YbFnwK5z_YtONa&DOMB56=a6LlP1$Jjg+5d?O44G7 zinp7;dvosEylbKlT;9OJPYUW{m6)y|fy-@AQ%AreMu3ytWV}>++p!p8M++LW=zz`o zZrfONN?~0NWW8iUyJi^f;ueHwB#|}(Xfds&Bmr(XX|LAvtw7$Iy~<}KiU z3c+e5NrnURqNh-9o-`%;N9leuZm?#?FWNy|^iTQ%4gr7*C@~_fQGn@^<={rB;cy*A8=Rg& zT$;hrx?&mp_&`9K#`bR*3ZAs_9|$e}V`#7fSIIZN(3cJ%ZQ|&{L^D5-Xv~ZYgP&Re zSr_6Gk{0 zB)tzl2a65JUUKIzGjiY6T;hTwNV;`yl_7$-TkT`Li~~pbh7bWYt>X#VI&J5d^+!e|Sw}pW<6*ZL!3m+MG0kW=X5R z#XvFcN|zd@jvanUF!omMigE=Zmk%9~!zvC0XIvTSGH?=f58HR^H$#16D82Z#KbR+` zUpH<KssaEuWj*%imX(&QFN@6?t3l2AG zXa$efa@B-tF5|uE<}0J6J((vi>!>!Tvq(`r-oY5!3dKmT;3b6 zNvSB@HxzO-80sHCPG?+xr%Jw}%yZq9izXkQ5G(flLY4VF2S)LGd3H=%_Vuqa3qQ)p z=J(O|K!Ra%i_jMJqF_|d;M`uI%Zh$Excg|p; z7~jIyV74v}o7nZ7kYLAf#5`+9Asl|=$sDV;1kXJ5pH`&4FN_-kC#od|NR)uW@maCeJub3tn{(4V3P^Q0|Z2gp- zn3-B_gCpp3%jC3r#QdqRYxN=9F$LBKaxjCPRm~1H>HKpQPHgtSMB5rH3FE($`-M-C z2TGr0a87h7`TCN*#@re|kQ8ekx94=x!t1m!HM`RB+gTZV4eebFl5|zbe(^r+!=H-z zv(Kk42Ay!-8Ey=!NYp>>~jXxMH_NWhq&T9-_Y{uNrBPzbZD@M)lV1Cc9R zx)1IN4cb|im6kGWa7;8MNqTlOB-2C!uRmQj*v`{vv_4e{i7UbR$3f=?BxP)0foa3i1d$54w$^y_+cJ zMlXXyu5jBzosIa}HB+u?bMmSNLY-+}ZuT3uq8ve!q^x1k<^MWrwLvG1t7O5+4HivWorJcl&RDpZOpGz{zm)5AVXIDSikwqrB7}Z>rL+dSfaO+>3)B zSA$H9fMlzACR@K?(&?iPe<>koA?~VfivCy(0_xt~{{iaaNHgy#Sja0igDmMIR>;Aa zjm+Oa)2NX&OUdHc%VsJ!TYmsU|8~B?!diqo7pif9NJ~JRr~leaq-k#9wJuBq$ZFZ9H~(9cIY`NtJvS#;Ca=0nh{4>wgLV z9UzN}9Q0NMmxL>VaPx_ULG`3B80o))c4|JPYE|$T$N(_={onu={u!`)UOVWa@jE~D zA#1yAZ$}9Mcq3``-oaN=mWd{uyF%%;0W8c!47vVyX5g%2UZLCqu+zHkTZQu~_+$&E z;g0R`Om3?*IVW&vkt91A&*yigktCZ=pZW&V4a`sDR$F&@g;Q#!NPESDM1iM37_cPXd?M1FSjd|RI$8)7LBwLgLngksYt!)F-Y z&+b2a|B4P=LQ;pWSI0cz0n44wbgf=fc&%}lf*!vc5zRYrH)BA&V#X3-M$$_y-74$B z$j;8*K#jSMT@>xO(vgbogu2b49?VHLeQtVy$SQ(<36h@pZ{BlILL6s1JRKU4G2z%4 z6BCI%&8NxN>4>obOUV)*Vjr^<@z3A0UlXY}kQWNsAWRoHz;50@9)Z39ysla{3E1>||*sk?k`(#jq^BSIeGfXq)X zP~c)owUv~!GfKA~57Rpf2(w8WlSMKJB=okOAAP|(hpZFv+4@+jz6oVW z#TZVp)D4{4=MZe4%bp+ap;rlBsam_%K>y@g%Q+7o7Ry&5cB7HWzU%W}dp>FIdHkkm z?Za*IpCCBxzDO#T2*AF5Wh_b&@L*)DkUk=FkBN@_(j=c+u=Nf?v34b1pZHsPlqbq= z(Pir!Yl~}Fpy^N*2|7$L=%9hI+@gm@t8zki+srlLsoJJ~Ngc7~rG@E#)cNOd1jRDW zU*<}~cao3_*LlmJ2H-_`QfxGwhg|=?g7WW%m) zEN>5b@%^Kk9WSkxn$(9oQ!AalNLRS))PcN~@4ge8OV^(TFBvi!tQxOp>!dKjO`4d) z7HhoCna*127c3J^azuE(s?0nE0@TUdi;&?iJR*~+tt$4NzbY<$JBaJ6ivp?NM3PwK z%pq9S`eRV_g7l(gA^xMwt_iW1Y`0tFU!-()>m{xXP_$hX~lQg$ck z*CcI)b?m3x4XbQO?`>+ZLhhGKIx(>z{T6eaQhAG8Ap;W_7%m0z;&Wb7c*^GZKp#Uj z7&n=EQ3Ls*-c+|dQ(p*Ip+4YyySbDLdKyu3XRF>uzlpt;_Z!{m21ydl!&$=X>k~Zt zMShwLh3p}nyLn>jJpeNjAL)gOaDjCsYx#f-JVwhSO7A77bzZy6Xdi3;{C$l=mFL&Mc?q{I84i$N~TlFyxqEW?i>N87>LkTbf*Ni9UROZEGkj_vup55 zni(KV8pl50CRuu~h0*(llmY@S-Rg)62prBsyea1&stHgS69KwEQd5%k*RWs&N3r&! zm)QNfzD`D_O-$hW*wp43@4}!E)aog#RE`Mncj%Y@0iGN4$`Cq*e9=Kns` z3t$IIjRE5wvb;In;sKebKHo4KO4AH(n~6w=*Gln6aQQ(C5Pf81iE!Iw6Xa-NFwf#;`Drg%YJ_v`0TzVfYCW6){+FG>ja-~d3 zkmM^C@w@a-Vx0&7WIduhsl%@LlNzupGzkSG+CL8OOh8d2oR+hbfUdj zRPY;1-%b z(-{a*uT#-w#;)gw32@#=vOwa{#~QD0yUYUiy#Ig>PX@Q!Mp^sC;LfhDL2ksq%AieD z9V1T_9!xM1^|KY(v-uEcQ3o4{}OWIb;~*Vaj|ouPlX#ECM}thG@xq>jK8%fxO{>XTc{E3$i9g~46LB$w5*n@W z@7HG;TOsI|Pz2y&OOxDV+uXaJV7R0he8}gRU*777gwfOtI zX{C-E!n#g6HC>8e-pt1}Q)4JxGUrJEw)8-T2!eQc7)g>wlK;PcGcp!(=Ywk}G%)@` zb)hJygcO>v>K?Rm9w^iI;x~!ArLyyaTz+zG>OOMQ#*S`qB z@aj2kjdF<0^-cV@b+_z3CJ2Xob0BP6o)Suh@i_Dxp{JEODW|Y=n-3 z;sX7bZyPAWZJ@lH+e0Zn)_RToFG zn6r${;f$7Is9^1y!t;Wq=P7xpe3ar;{YyAbpGzVWo?VcEe>SD)G%Gqpc(y^_dNfayJGvD4UZ#WZuc{+)mHplvls1+pfUX>NM1^nxRRAPXTi{*i8^MqIDvT_h>Q#6NX5EnGezF zmCqoU?;q?>25n`wQZ<6g6>5F=Ja!xH$WHxGlNM5pO67gR*=#+ll55e+VoZu4(_QVD@R?eX-KM zJ2JtPyoghb*kXUvVoL9O{w=-L*_d^P>_=29t_47+=v2E_|G{)>B>9e3D3ywP561e+ zVSZez#{T8r%;(}fu+6{$4c-6cKX;;Zx+QvCm??POnhLG0hET6`Z_3mxdlV(oBD(h? zutS7}+MlQjx%Jv-zkec#mif|kv{FvU+Cwm|?!K+GiR|HOH8a^NW5Q$q>thzLlXNK3 z1`1m3x^+L(zwe?OrUlfBjGXukApZXNm`ti6R@d{|j=$P8%Ao?n%2 z=>U-7tBhtQ#$ov79ZJVD)5^B5x|Yb;y=_#0oT&?t4d~LD4jVOEM%fZ)Kum{uU*_fI z^*^FAC<6&4M)O*?89x7=E}s9LF8o6Su9VO>_)*lj7bMZ>XD`GKSWShKOo_q{?iq zXvX0M&ygY(@_;{maG3gIFe&EpVny)3 zDM-EMIa@Ze;=kYk!)MMJZ3u}O9RU|+*{=HmiyjsNsBl@2e}xjnDTdbQL~-z}i^Xhl z?Ij3PrMg*>TrLU<0lO4UH0V^W;rA25gz0M?vJ#(u@>j`dUyEUt=99GJ`-rKP9P$@1 zYX2XmzB($(H`-bdr5ow)PU(gLhL#3Nr9)b}q=y`al15S#knWaF>F)0C`d)tb-nG8v ze=L{IJG{?x&e?mPy?^Du_SG94L~bHS7*F3cy0}>Jy-U{n(m&Y?TE=AUelK**huBlAyi56HSPD5KZp|oZ2GoV>C_5!(*@qm7$IiqXcl=Q0R4I{dGRL zoL_p&%~_+A(S4vEMiH*q8@C*d!vK-PYvzGE*htqtG#8x z`0SQsj7UyH!NGdfm4o4ns?jxv-A?AOQZEtazED_q`guISxc@_@6gELo2O%T3-JVuQ zjRc0yT}^oyTNn?qN^!TEc7RI+SS0ejIUFhqCbZtHof1)?6-e z@`4^ToHslpBmSBevaIs~dc)+WbY+e*GD}?Fw+oN2#&}w>6rjT)LZ`w7w66K*#aB|S{yP%SVh=nf17EI)da;_KQs9|iB;>vw-kzhconOI9h?=NZ0WfxGGwsqE%DZJb9>}$c4_!udDMb}8|(NFzwk`#`{hq>XI+C2md>F`$|4NE_GUOJ zw0@>&37`n%*vn0D)vb%2c@x^zFuVJS(Q}m8^F^=9|98-#TN`~m6P4EzzRrrkLGMK) z6o?`tH5xl>ectF2AX}e05Ja^)g_*;fAY{iS)QZ$x9f^hyXEsWpZjInk(xtyX$#qH2 zB=zMC$7laO6qSdaH9q~2VO+0Z7$c`fqRtHUu_OK@%X z`Ynu3H8YAR3t!)^g6jYi-5tCmcC0@)Mu&os)r;@|KGGMHx_(jNH@4IoEST-S)bXw;>6NQ>lK~la??r&V+(|<6W^Wo zQ1ngf5CC}?-RgxZY;Cv&!z9A&aCE@MI+h{g2|J`}zSINkH&;9a9akja7;k|z*^qOd zOr`)EU~NbWU>0(L_1oQn_y97}S0_5M5n;K!ZN9G%ICRSb4%r5cp8T(dU#mpqSg+H` z4KoUo3(EC@W!nM*k+y>2x?VAd>TnHg+iFW7C{e;kC}7dbCqTWUv| z8yA~j{xmoKx<4E`QgT-v8RrpQoV?Ve!&*8P@S*L;L?D^w1rjW=bd9_ZdFziF_LWo= z_u8q}g^!y|GaaZ&&YGmPsn;-rrNiHcw<6FQ@1YgZmA9A&6&p3rMG@Fc{-Prja^*B7 z@GmWKKVAxb4{X|c5cm#Q)ZZU9u4A|QP*FM^ZkPhB6i!@bxXC8-(GdZX7?51pu;A1~ z=5(zj1&{N{oc9x`Y{cC2^A4?F`rYLu&T5-I_@+wq85aIxrC|YwNeD!f?YlefG%QcT z6C0|V$+6se=M>Qt_1ckn^19t zVz^S8A80;G0lqy$b@AR)!}rS`>*%;CwtEvrM#yDG5m#Ql1VNZ(GBeJ;JOAFp!*q0M zt|(2NGbN(~61bIvF^CPbqwP9f95R&0_%egV24(pIkz$|PU{Jf|btZ@GdugC_Sv9{m zW`&;ut4>toUDeoPt4O%?pD+J9#V`Yt4W=Y{8f1LXv5$D})ts5twd$R9( zt(gqD{xpsKv8EntcVloKB8eU0#hpCBIAzp-%%N6U{5Zuy$zO9K8YrQDsSdBMj^rt3 ze=O>c3{LPEt>13Rs?ygk5w~dB9>|bCBXy!aFMgC$5vG46IyX;biQG=;A^%C)6$r9B z@u6dKp`Adf;IZWBXE3&dUas>uHn)lBSR{6IIfKvl73G8QWqj$~)Cl9^#coEZ1-`n21Kl?1nu$f&!?oK8^Dz9@J8s)GH=-#A^f?fd zkx=c$?FDh)9_YPdjDSqvKUHm_vAK*`EuL-Uye4Tx75U@FLR7nkgUz!(;bT6iNc|I? z6oNXvr;0FkHskid&y z*NkA*rjI&%ck;z9a*X9SJ|~~Vi5}N=&v~feAXcK#DBV{xHDAJ%QbmRsS;BmIdLd$W z9G^&KW)(SFsdy}h61$^`1yB*Hm6kb8w@7E}UEG_j~)U`=@)3}n{DGCiS40BXJf&gN zfA127?2I}c_Tf*g_}%nQ8wq`$J00b%hUHm9gy={W(>hvF7y0=%;FKb*nF-t^gz)3L zKp&TsVwoWU*FRb=|qFW?C_yqWCZD;YBZ3rKENnnuP=+i4dj4rVJZM`=F$|CFW zh3^p8lhvwMYC!ApS8BblO`9t9)#pQJ4=$&<6thyTcX#?kA{!(w%kS-UM?l_pZa0iB zC68jh%O9;6aHCK8!+yT~bWpz}nm|9n&0|T&(W4Y>(5mZpQ&) zK|RuXj3%<@hx3uG25@9Mi>$#^Z+`*$q&716hZG<8z$Uo{yt>DHsF)%;ZeZAL7=@qJ z5*#7Bw8UAJZU&T6LRf;b14?YFiUx!HI{_+ATL0IBnNbkliKa%BexGW6GzmXn_h{x= z!Sv%?YjEpkwf`x)3z{SqtwdB?-FbP>Q*?l>Vp}g+;OjsqKVZS<@CRr<_)#$jp@C)x zDbE~!jKcrnQ!mewM9?dQ_P-QPz>9b5nfwGeENoc<_jxBZHEZXdehra2Lc=Z)mC`*5 zNvMz^Tz3nn#QFfR$d=Tb5-L;`7@^b9MBq)a9OJp#s9zThLQ?-B6;kJX({XMw5Srdu zsF27UYK4Ftyu*tX3gJe;o=qf#@7rCE73bRyREiqqn-0VJv7H+$7D3~A13Y`-@Rk|- zGwT(fRIKR6NcE?KyR}FTVgt5seX?K7P?^xb1%NcW0d8h?yz>i{l0FW>;TI<&0mtnB z?@f{oW-qfGsK>#9GOo{BX1xQaFEC(P2^0#$<5)jhb0Eo95gn?$r|aK-TFY$S&h*{@ z>VF}a2D(b_wL>M%oP)`rfH%rgZ?CvwdLZDiB=T)R27&YB)6#IY3#K%@6yY(pIpn7T zs3({bsbxWR!4_#9jHG4S6B8X7YJzcdGO~n-wM(eMP5#DICnp)R>n4#_6dU@l{GUbB zId)C~PI<>LQJJNQ!AJw03bKGb*$}spfa6L4=C)Ev4^$5`r# zZ;bq57-Zb7yBd%i3uH?ROQdHtemcq!td-|?L*9X>$ofYtB(uGHGYgXe-b1hmO5U97 z$~>B@FnuYYnjP)S+is6v$=~AVi<>LSW<_LRnIhgfXM`2{%zOO)Rujwbs{TZ{PJ74S zt?cHLbXGk^tcy_P%Zd|MuLZAeRueg;fc*gh_CKY}J_{MV9Q!rOoXqnk6QlI@(wkW( z;7u)qvB@oJ2EyH{&>=xC6bYqH#o3}yt z0-jH>+r@G%?D{R6gpn=F)O!M(H!0`g{cUmj8?g@0&fw7U@9>{z`)~8Q&_~rv6~u7K zm^A{_K6GO)Q?7>!kNg}LE3uDC^3E)_p9|mNfyVO{#~6Y<4mN+21!{aAiPm?^Ncdsu z*2@&en8?K(ggaYYjK_4s0qN5ZVu9-;5n75pUAU8$$f^34TZ3{KB62O^$#hUPt``<1 zozQSdVw$zw=%tx#E1bw@4gZKpbd{S-Ffh02KQQjV3njjM&9j#&X8+sgItBN#XICVG zmxum~oDS5lN+RuzkCui8fjB&3QNYdQ~WzmURHI%}zD0_|W^a`?%RMD)l5P{B$WCnq)Q zY6Pt9NnYbe8B?)-(%fXK2(u;Xd$f!9@q)kv9pV`X=E3 zt4RF5t-P7}%LjASzk31~u@UH1(iuHEYrW!Fb?`bg_W7HBO+LaA+99$na*Q0pXc;vP1x)W!8Cj9XXO@rd2)vbQe@IfY z;X)-QeFw~>{e_jB~q}Rf$1k@zh<-PrYn9S_v zWHqM6yl_^g9u!UGMP&OPIpl)JVlccB-*MeD%xtXH|G7>uQT*kNI{3(-IO9Yx)SYD; z6d?UrkDmw7Trn-1o;*5L+d+66^2^*nf=Qhx{<%t&1+bOv!}Fs&tMESLDMk!;Z4}r~ zjVc#Ka6}SH!b7}8!chl&6_gTK_PXnk)kl8+X%G1*lGzgu#YAN#3eSpQdr8x5*0a0ktChGy+(ZKc{#wBG>!GTKC3;; z_N_m)3ss&mfU(v;7sZQrG~NUM0k_(BJ5eVIczKRbjW-&lwN>A6pz3L&h%?U1E|?O* z>xU93v*(01B!^tu7p)$4){`j3+MM_74W zG^^xVmolj3*PJ&}br?DFR-U+NlbrLKgP z9AE%L0=XR~0LbTIZnXvi9^43$N9D8AP(A{!&ik=ZcRbcO6^R_dr~5f|y;hSfGe@){ zadM}Uje73Ld2OLx5c{3S4E-#ZcWt`3kAm}NA2mgc)p}ytMh&Iqc6xr8S(UVbK>br0 zaM56_X;e47$v3LZQO{Abzim3EsIa_us{iGPQJ>=_=>dk(xxDo(ku$HPQ{@C9gTLik zF%$vcqyW#`$7SUix_v$h0_ru&nJgXlG)3|Q(xH*}EUO=&(HSi|eq>d$?8bGhI{d7( z{EJ4~5yEDFO?pTFT5dcN5D1P~M=_NqOA{7trmz1=4BHr=P9l_&Oi{Sqn0!*k&0z0_ z+`-4Kw*mf%ni=eek@6YL&+Kk={ZNxIEu+d_V)kPz*&5J|JWfL{a9>Ft zwKfy<-f4v?O=Nl1>Lie>&{mru8BTEUT+43)3AR$ZEb)f4aVtCb;b(67(n8J*{>7ry z;z~<2+hk|M<@w$jmbb8t!FWBRuhfY6tf_wulj?lso&{&Sup%@&Ey72#4?0Q`iaM%>OCt z&Zd_;Dhq&e);)|28AmSsScU}VB$vFA0%kvT zLvh1#piFqLvZ)Vka<_KX34KS1(9P&{GMzb& zv`=^UFK(f8FvugJ7Q!xK8tcrmHErqkpjW?OYwsA#y80XqaSG*d(cYQ>QJ>1PZWD)3 zbfsqP>y8?cY&+8-{(GKb6wDl(d2F#SVxYzDMQ-=8U&s(|#)5h*udlojMKPnCLw`ik z9VYw-w@~``0ZK(&Ke<67xNx?5j(WxhTC;NNPkc zVzfJt$@7p#Iv??@J$auVW;%6l_FR8cdx||SM+F088}Y&#RkPY`94K|8ZWAx|1B&$(tP8vduI9V#zhjF5rd0b zAe~-6hJEG`q*2d`uKzAs&gkbMn%`qBKK-x1`xM1->$VvEUAWt8t3hL2az{$eWAf4& z{SzFlT%Hv~@apGYx0?k?GHdy&N0@k~j6(oO_6(l$<`6`n9rl`o1f2iPTdc6qV2z^- z!+rPLd)mr0;n=@KT{Xs$u@}GOPOgQb(vVw#Hbz)D5!Rq}{^lKJuk5i{ZCe77q1Ydh zdlhM-yFO+;K8Gx-cVgG}G)%_4VruINxPsdx3}>TLi{;o~Qzu#!?A>wBcY zLdr>%Dy}Uo>F$c&4E-ZtFm;?n4Pnb80-jkrA~Ng(c|TdWW%`CjCX!;lM9`;d5`K2@-K-1lF-ex+7H=4NkPCJinw)Y$TF1sD^&-)|&;FN0M ztU1gv8?l+7U&=-wZQJ8d-;9qF98^dOf9|b9TX5)4&IihsT%RBC+rE9in9O&+St**S zIXbAiq z4IZ020-wz$D&fPN>A!x`lRk#5C`4XU^C&IA&)W2gr?uPhO}j1~DXkzKB~cv!?{5+8 zAijrJze!!#!{a3W%4>#Zj6OD;@=yG8TbO3i8i>Um?Lh?jk!j6FvjGSuTffYD^ypl! zbIQe94R9h14POd=BZdUNzY_Ec7);3r0#lY?g#)H9Fv9GAFv1-M5|}Uz@NqN}ay$6W zNTZ8m9qdl4hIUl9juD#&atB}p_^)ywu)!P%dD(#lAt{2u(V48xi%I(?SXHBAHD@#X z3%y_k#avNHD1y=S0C_5W@r)calk=By&6QRNfZs1pFu6}x+JlC8R5t*70eBn`?F9=+ z$c)r~JHtH{hcXdLPK|v}MJuUE{SjS?md}-Mj1{_DFj zR1{Kprf%aeFm_4 z^4?trdJDlXYaemHQ0Tm;J{CTv&7_!g0vXL)MdQKAw28vE%skg^X~M%;hEr0-6$uNvsZX9X&YPIn1Yv$Ne@$p#~2V zx9Uq~O%ra~>f+5gUJ?5;@(bIwW^byfJRP0BfXU?YTG=G8n)IV#+_rE1gY zKO*mW`a}eH?g>0TMN+(vLz(np7_>9=2QB%WxogO7bqH=gS=tB%r_F?v*9FF(hPb~) z)mo*dRMT>#c=*dVy9#ytoOGCs%4M0c&79lBn-_w|x;FdwaAdhS8JUK^{~d-PtInYm ztPqUhd2q$8UbWJiIUElcGNQ*J&{^?x%$ls_a`jzg@mWLPkEmSl>X6n80zQJ(=TCl# z`Jpl2)`M3-`B;d=2pxirv_PNXuJ(%KQ!DyQ z8{mwl*b_x$dI5qG0E;z;d^EIl-FAdYqYNjdt_;A;<-Y4`e1c`t)Gt7wUQ~D*$+G(1 z!*U7+yz~;-U|}SWbAhzE3%1OUK=cR`xBHO+u1rihQyfdU%|x*tk0)@Xfrq8v628?F z4-`N+C8Wl8d4mMzn_B|*b<6?X!r9pXN00Dgv0kMTtrn7u_V?U}$LnPvI#K`j>Hc^# zPL7;QjX-et;aj*o$dtvfp=t=Hf^E748~PNI>`ju9YAnvG396A?QHZgO zc2x|-yC+_rv&u8bm50W~asP<#X8wdCERX&c4pN~i6sMT<>^TV9K4BnM>F~-=S_Vdn zPdCpUVYcYBdOX6k2-~yG%nlYs+G4f08~xadJ2XfPO+*e)|S{9_`3QC5*7+q>(LVcp0{Zu;S(~r690+qJgg*M(UL=8^h+u9*>AD` zVv(;ze15s`DB+Ko?yUoU&#cL1!<)_7XWN_O7TT7flq%_#TaQHf#6oSV-O=0#P1eU_ zVK&HtJb6td*D5WgS`nMDYJb~tZU3wR2? zqcuE%Jzk%@wK7Vd`bQymVDu&9E9MbCUN2?H~&BClEq>#kAJ7t2C&t(miOM8(* zDY1x{7{2MfWAP|vLjQXj!a_#4K8j9t_m6Z)!L5%8lvpBzR5mf>qH}mi^5?0xrKh@e z!hx?`?3&VPfZ!m$?gK(P&EML}A8YJ(%UQi&nRaXa{=EIEcFF5Emv&W;D{#*z)FHl{ z*{@MbfHSdeH~8z`1Xp*@kuv~`Pl9A~{dWM<o~Kz_3@Qw!pxRsmdk~ zfVpD~@YWdtodyJmoIBd#;2{BIbv0mhdvhzzAxX#Bcd}_2;t`xJ{EZOQNwaj=WJ`&$ zDgd7X5TU>_Lk~!ZTlnevcst9VFLXy$^ip%d9y~}`=)#Vqknp-3dA8a%S#V_0eVGl2 zagG{T-zVq=J%y7|Nc~i?F25^s#Buva#C;qTU@tC!@QH##HJGL>aAQyax+CjTh8nPv zK1WS*J9cy>R!+-ed}ft;LX~}pD^~0)i2EqeKp74JqEk2@Umv5Vqs_X9a%=*Bfl@;J z&mk^(@oPcU!@u5wx;5_KCM3^2WP$dahcC`C`0A5SM#ADBhA@RVNA!<~FSnI3(#_}R z^$1|3GWaLa*A=`N%I+>`hG+EPwq1mtkHmp?)`07<35z|iXPGwCYoF^`$$(D0K?&xA zq0Z1wYe=@b>-3)OHV)>y@2VNv?_B&T{E?_q6&Z)?E~fXa*)Vw{ z?pt^ux9O^6-%8cc_;q4DH8M4~L4&KFo50)Y*Q95-V+Efi>r3@~xPt_tgZ_*vYQ=QC zSn^xeV`gsN$GfzQWn1R2l(O&vPrWuZ{SYu1n4YtLV`&w;mXik7@3}FYq2*EfZ^Z0J z4oqsD6LqxZq9Ff%Jt_u%QohDx-(R6sdsv65o!iI8 z{&nhGDznyeRbWVZ#kD`SGh^ju^yrq+x%PJ#>$62mTeEJD?dDa`KJ$do$4u|KoQ)BJ zM$Rp^KYw~WEFF(S(gHw_794`K@moj9e_M}Xk%j3(0-#K>EF+qb$ZaLfM^m|Bg^^N? zp{JkeDRd5hKRb^M(dBFBi$KOgO?x$NP2>9Pqy-82>X(VgN!4;_F)=e^WkJHag1PP}Rj}sUC?jX=_7_?@{FzmxE=v` z_4V#(Q5cc{>YW1ZCr}jJ>$l%Sj(+}RbRqS%0bqoD0QK9dt@S758UBt56ut!o>Q%F%f0c+8$r_|#QUZ93%` zyL)guzJ^c6WP0F8%vmTydYKAbOO(De&?#gvD4RY<4cPh32R@TU%RS)8-v2`DAxR2Q zQwB1d!qL*xcjqxMW82CD2|5r0I7ky>Uj{=dc zcUTDqG?ZVKTNcx|0alE^^JkrsnBR}gC!{;>1Ew({ILLn0zOG$+A5Ki2pF>Ae`mNyp z)Q&7A8TM*;Nd|-0Ko))sQ#)OSzS=xP#avj6Ip9(&8#W}ItDdi*;0P(EkI*5x@EM#< zq{PQe3cr=SXM|(=oJyl6Q{{^ziK8ZLMFC(Vn(Q zdd$c|uk_snj}Vz9+Wm8f4bSa&L6-t9^8QTGu*&0)OxnfY<%g+}ad8v0SfySJ!*y9} zBcgz2egMdO92^Kd8G4bqL>ihE7~t2bW&S|22FxSUw@LfWKiL86v0EaHQ=HBy1lW-F zm)`x*r5EwJUVQ39_ER<8#^_QtX?iv>#OG#+eztt|C#kWg1iNt)?dZF+{>Wqgq+*r# z2^+mAVKeVPcc@7F^`@}pni3jH^(RI-fJ7gX4J({|ixG3>99Y;k6}!YU)6eId7?T64Io*1wpY*EVeS4Kj}X)o}>0&Yp;3CpO0{d@5O_FQUCSrig@G(Ogd@+#+%!8^U0Lyu*ts( z*;;(BQg`af=|hgQSyE1kLjS(1CWcKXMWbUp4gxJWSi0vZK@0VI0K$v$ZQ3*G=vYf5 z)li2Un{{C8IR5Dm2k(7l(lATcJ|2vKqLdN~Q$tGo@vElTk>GTBRII3X0ZXNP>E4?S zlrSGn0DRl^`NGAtbHT(6;3?TacLu>ek%4Q!C;K!Y#fp%J%V3)Oh{xorwI-!uh3WDX zM|M(Rsz0omS3-zMAUyx!AdvvL7w3;{IlRX<#~a^Y)qVUlWCo>i*`&l>z4+ zKLW1!GRfh3m(LS$(*_9GGtP+x;K`tV*t#uVx%D?^<_ZGC@VSHD!+YchQyDFE)w3>~ z+F=0*keQZ!{x5U1%YOGIR0x0%S07a6sP)+|D2$GERX4y20vNOKBGB$TR{K9csn0JN6_24?YkFS4O2@T}|xIX$Z(1KU|k+OXmxptA^j1T+`PQm90v6+w8 zFjmI}I5)4Q+ceVq`>GA5RE;H)F#~S%VaoVza_FwhRbP3R_vV-&11!PxU}1gp_X}0f z7kX4IZAZxUDfyxLvd+Lc!Bl6fj}_C6oi60ulGj{1)x$SHTEWH7d7A)T_t9t$mHrnhJny9ivd>>45`?uo8%d+II5G$B6|Um470!0CGIeJ zrLgK_&RBsm*Y3XxaEIBad*7WMLC>d_6zAOuK}dh1p7S&-?d-W(9R1hQ_rBm6<{Sof zfCG}Dd`GRZ z{bECk%+Lq^!WYop(Jb*l&^>ID$z%bqxL*F|4>k92cuRs9ZvEAqZS$U(C^n$?m*6f7 zY$uY9kcp%(dEE)cBx4JV!QWP6ex}ZT9B9=I-cP&YXrXGh93j754WkGS@tQK#m2+Y! zZj{i3*Kz0ssXj)s;hI{aB~4;~m!ZAYr=z5!kYu^3O5Te`a!+&v%Z`YN@Uvr}WPJK}haA3@DA@!ia&>)liamuBuU8 zyMpA2Do8}+P5ouCe`p%)_~}>ge zgU{*FSeBxeea@A?{p^Gn46IG#wVmo6;AmwH-U>CjSP8-;rbD{d!}DH)FeqKnG@Y-+ zA)eu&B)!1@F0MxlvkCKg^0>Hs>CV6;#p3^TTL=IWJ!l_h2o&VMAmni@8NXm%uopBL z^)WRy99LS_A)dyc98j#Jb8e~J^R>1lEZm!+LloXRwY@t(Ctx3#S-$Fp@yel%GA83{ z?JlJ$Dx}~DnkC{Encv*ZAjy9r#!uK!edjzxTy?Aw0fz`9 zsGrG*F->Hwx@w~rUr{AOabueR5a}U*S9H$QU;5onODRe1yMAe2VcKrwQlQ_cl|*vP zcX{fkyC#^Ih1+Ghne#a8%@8DV;;LL<@C7+Ggv^=x ztEm66t8~nO_Lf5Z^(gb$T6aYSdzd}Q#1=M_wvd#{q$+3nb=Zv_;&cP@|1q`_po zuxa2JuKP$PHS?V9 z6$?93zUcF85b+OYh|SI?U~c<>pw0{5qnfUAN$z=C0XSOyD0BSqOOt6;02PI>(G>hG z`5`!P6ck4-(@`<=a%1ik9xhKo<ldPv8%fCvmF$rlnG!hT$&sfzFo z@RA|1RN?N@;n(tl)MaXf#<*>jj{y$R(EZ3iMN z`8soela+eTldQ3(fF4$tPemDKNv0>vBh~+b>YUf{W^ZxIE z<9u1UiTE*@9Y@)28`gwSc2^vl=_1g&rbPjfJJan2JHgU5vTq4St=C4vqQ4Gt z^{(51;Gw9$TsB?8baPZc=EN8(Y<^X%iOQQTzgBR>&egF{9**%Xv;O=Ls!PplN-Bo+ zYc_PCC&9I7~iH$+RWK%B#uriU_)1lSxBn1{hGdG&Gn`&H4H*hiGaA(nw;@`Uf= zSAFI^j&)W=24{DcLu)yy2&j!NF+bkNL8rbzqJv!%agmGCaFMN7BmB*lBL2dd_E0=0 zA$|#qBUZ#MQ>w_|7V1QSjEp>HI3_N>mIL`A6z&`bbh1Wic7rC?e4xr>eoNp7&vN`3} z72Iq4e_eG8&5H7WU3J<=^v^zW)ILm!0eE7?G^_@PaOJWQO6X56k{PqhogrtqarS}hV63E~u(*nW& z5V|s?JOX%Fv(XX}NIV!V`0x#ek-;XAs@;u^)&pK=jM&q_VPqNA;6)LrnrCO@t9Msi*gd3WUD?_ z9ooMxBJ(!h`*XOCs<5gky(|N=pP~gCN`}k*X?|bWmGr9ZYvYkTFC61Ig%sD_kd+Q! zs~)kaAxEj+nJ~=t_c8Z0Q9=JcNvCtD<$!v_r*`vwAKJxWW5D|b`zXDi1N62}lq*93 zyiEF^)H1{VOw>mear&X?=sp1MwbG6Sei0R^q}W`Qb-c*=Adl0u)CToi%xGd>?$ugg z?mrcXO-;ERjZ z%X1ZoAklu}+Av9ke2Ic*Aop&rzqu63s%G=oTlZ%!K{3xWvkx?sYC)G6Oo!__N&UCd zj6IE9vM{lhAv;6cCYM| zYd8H))~NMr*PsTg3-Mk0i7@`m-&=f!&TgNJdpsyDRjz4&ZX_Jq8r>}sp*|;3i0LvB zsAk5K0?@G{1z!?1o$0=-)icxXc`vD;`&Ev_R>SI*v$Jn_4$|F6%Q5Be^&^lP`mr{u zWb+{ym)cZtWGVz_2jjn@HYNzagomZgG?L{02y{*6!-4PKmXpl$sciSY@w=Ux`Kz;j z-!_sUz+h@9yrk@-c^wQ7cOomEjjbT{t@NI|L`4!Ad~|whc?^s&!AP=5w1I$5!)x#e z5>VxRZI8Pee2wHhsii|ittOQ#sru&mVq8^L6?jLC;yLKHl`{9ftKV1qBa5HC)HXpi zlme9un<$-K;c(E33MILuL|`~*LLrB)9v5g(m4&VTQBoq;yfL2tDLfVt#mm9Nz1Xo;02ZS>rJtj^ZXgY(Dm@-!@e+i!2sB$Z zP4|FoksGFPf(1U@ziyYN=2jfLf;73M0P4IKsthZ(Y&hQDl`TG&Q!vo@z8SJD6KyT6(f8&$pdvFVitXl!`nue{l z;XB~-z57pXu{-t-4zeR7{&bToa<`M~gsKhV>PSO3qhtx53GFlZt<9FgYn$}4u*=Sj zZI%z@2Py!qp*e8k)B&qi52MQ^uYEQE{wz9JZZ!s?2hDOAW}T5QhuU6`;oy={vv9Rb zo@~gQ(RBn=e%Sis$nGD4?D$jkhEr`tgfRui6DRC)7uYoA`y*Y1ToJ!lU8FXB(PaTt z`Exuk+jZY?XnEk8&c~_PFVc-1-}T>C`%G|l_-h_E zhlSDOWidZdwSiC%Ie`(sR!4psFEM~q;YVsn&;Nk@p>^@njN z&e6D9NP0q+t!OSM@PB=(QTrlCv=c~~NFT$!uuo4O>c>MLwvIA>9Dn+tuJ+#>$MbS@ zq6V;Qn)azEizK5gS$#!wfbF(81(IEWXL)kV8|e@X#DT(MA7A2-7{R>&Gx0?v)th+| zSMrr9Hqu)+u4M2f7LHE_ze<*vp?0zEr!9qzzllk?gn=&iR`+5u%{F|$qMS?Y5XoY>tC&CBLp-pA^Hr95>d2E>cjU-J|s z6mo%$>3ra3r;-6m7F7uU8j7U|E;~GqEjT^)`u#Zzcwr{R#KX2nG4oZ$x#|AsGAzdN zA{&PsAz=lFJpHw3WQ}TeZwUJ`p!0e$E}{1_0@#{2zUs~gQ&KwP7lsvk^3;uwCFqzg z_Y*r+?=mpgGlNYjx+P}1JaO!r%aSW8Tvgl-f=nfJ^f|k=5#Y)w!WVoj$ztyt0aHKc z%SoM{f%V;{rz6$F!}a6Kf|?89Gk;+#xYPo^Q~D0P zo<#3ohAY;9^^|xBT5HM0@$xcZ-b+bmjkr9R<%yZ8vKS&J5_HZJxn6LAiwpdKe@nB1 z9fJgR%Qk(d{xre$X|Da*kSfyh5V9C8QyJu5u3oV|*id-et%*`fmj*<=H4xjqwT)et zT9Kac z>5yYyzkgJpw2Z{sQ??zFtjCR|iuoa?hmJSyl%nHO8zKz*+|)LBe>g6!w&Ft9@qem| zB$cz`C{SH$zL^A=l5Wv$_9yaSFaT;E&%@3}1u{t)qsAFxJ>iH6DT$nx;;h+n%$o8j zPr_%;tuxxFa-w?)Zj|nsu=5}DIqV6_0YMV*I3BS39-9ru-BS-tCZndh(=%?56BC}>y3=lwe89PGti{*c zdMpp3w(~M)9_*rE@c-BY(&) zi`+*wsPE%BhF&dQH%O>qdkf~gcOi4@IY(aaxLffu?_}2fF5Vc(VEP&TB12l;s5d`- zZCd$(@!9LzfHG{VOBU_m+**T4hiar- zTk&3~QHTdqQf7#`sEK)eDYDb^`)Bg+{*hk2=%d)~sC7lUON{worhG%|ti;}A6ZZ)T zeYl_&7cPjin(>7Y)&an#fEB}tviw%9pzkXS)WA@K5mS_p_d)>V?^L?33JcUd-|hdY zu+PAKGl@+qw8}OX??H|94<97)d6f`|L5ZodU!2q6f?PQ)HfX(Y1Xt@|W+5RVwbY9S z>HFl9+9m-0`y^)GkN4^DZL>h9q(kN<5I<=*Wx-ev=xywC(>?c$dn>KS>0j^w&0<|O z`-WY5w;}{MIDoi^1F=cHAc3OrOCrO+TIdcJ$ouFhoj6Pk91c-**Q;e~371W8cH}8> zB$+=e$5abWC37~hspo~?9x`PesS+WK_22pSXA|62+S~_|oBEHmiD1Fw)HvWTS(+AuxnV3f1P&LNOjb#t#u)Bo|3Lb$gy%`_6n7 zS}Ok3PxVdMXBnNp>LI~|ZH=XAl9|@a<6SJ^4ErxJsXj$X%1MU?Cb%uz&z8BiUg=il z;pH6O^~5pg6A<(NRY|=#C8!kj+5NCHm0zXCM0(rj94jTZW>olUj%nG4OtFc1XT|Fw z{@3qehD{Q(6X~tkM+8L0SDs1XH{a%Uel#XHF#= zXwZ-9@5=3LGQo#K7Kg9+bS2osSE`r{ooJ??Ur1paWMUxfwD~=z=ii`_lWPh8^epI& zUZeAVq~7#&lZ9{w+`MB5ALbV>$cg;nu>g8sgxR&K0+n@_SCdGHI`phg*T;J-;+WaP>AiEDft`^nW8=| z#A92g6@5GaDWfX28=eZNF4FO7$j4DdbMb5+fx2F!G zUc`n0_birXvwQWi?-uH#Wh@FIMwSnpRDt#jH8%5gWg#rD#0mU`0-q8!tyEjjPIxk~ z(^3=E5p9dTH}XRZzz&qQ7uuS22+LE;m9nm)cp?FIONXsWn&8SgXKZQ*eyPAqTv*## zyhd{0K+uhnQ`q!Vp7=dX6h=Bor(-C(W~Efn*_m_McTmHIHUFO)j`O$f_(%;!sXMnB&u@f3 zu)0@3IVnQ9HLJu)ujp4ppi^r}RlQuO&2r=-)BFP=N|7&~((X*fU4`w_yu9amnvJ*) zhi_lzE$=Ftp2t1L{VjFZzx+K==tj(q%2KtAZUR}3ko@G`s9@n>SZ5)fV@)Kku5hch z4zA)@@l;L1nKxVAK;p(qQF!V`cA*=X+@QiVV1MI(DcAw5)9sDg;MM+DwF=nCKF>8X z{sZ{i<6lg{pjMD=p6N!fT==Kd#1?{(J94;C|I?&1EMD|Y` zkM5`*7vuZVcO+BzFJ^X}zTm$-4ft~T`QpNi=EIKhdOV1^&79`#_(Cp_S39+xucr~AkaseRQ>)T!IP!72L4p$Ts&$sZFMi>~ zFOa;m$vO9uaIrbDHo_aq>F4LEz6sCG=Pn#N(1?Rj_4pPsgotL!vJey{#F@H6q{{*a ziZ>F{j)dB8htILiYQ+4;WR6fSqzu=-DxLh~-Ti&9_cE{hQ-0Z@@=v40a0RiG*3|vx zLQtILG_qQ%una*Td65V2w7mtF0pIbuDRl?OUFtYa<`?8}f~aw;uiKGS0db;;n=s$y zP};$=)9`KoJY@;}zF_jP)~b@vJ&l*gu;UW1hFr9QMt_M*BJak_w6IXEFZ2gVqP1Nz z63h@3i!1NhN>-U%E;E>wU{aFl>BZpkjf%piKmSH?L(uR2!eTz-@Renscf_4Ws(F1K zvmT~)%cAJs#OYQo8`$+Q!Y4112k=j&6kY9HOqMN-SGB^RK40=ta zQFRmN*!Ye9000zf5niSS$-pxf2EIswx?%b6aF(XOlZ=e&UW~de^bokx&$Y67{o4|l z-kJcOlm3AwM#xA=!<}{LH`I$BLSK`}tR4s0g*q~&WqmlTzWG?q8JDgJHF8a2D1_I@hUi!%eQrWPDc*J}zI_hpcTTR6;JEpUN`ToStXSa++1QAh8mvU7R>CB;A|)4R zBU8}D?|ZKR#p96(e(Y|y%i3KLYn!x2L1AM$E0e*bb9=$8bEyRfjc8ohLJltf&BVmD z*G4u;)8`L25UfFiB&k*&`!%Vzw1+s?E;no#n{HL#+i+eB%dgA?(J-vPy5>!f2=vd3 zY6&jKq6D%*feSzDu9OfgTB{xx=evC5&(!` zc>>Ii|5LwjVK#I25-r4)lHt$#m=^_P6{D?lBJ@E1OWOgz!|_6JoNpJucSf_mx4Ug> zn7>-dNAaCIWl3j`1bI>Gq;dUHZpdeyYE-~+Ou>wTDtZ)sZa0vwoc@~e<2o)K84dmh zNgwpq@s;LmU5d#iuSAM|76b|{&nIoqiALd-UXz{St|pPmC?7rQf1IV$!jtd zY6OrPKkP7N99%{}LbJw(eUGJ#m2L_H^|{s^VG7bX&2rM@6z*B5jlatY-(PJ}8k@|3 zgL1aNR`=C=SrT&A5L zgSeqNYfh5ohELz9s1|{5nVw(y3CA{zZi7?$_@4kQ5k|nD)^w+`9_AT#2KToIJdKh> zT)Oe3@Yv&wPwFEAONMwr0;Ib2fMVDHa6UO0qxlDAx1cTB5}#R=RzeS?8Y;`y`8YgA5-&`dw}6*uXZHBvLzT-bwb zjfV=b;1)Go9l~J|M5TUbG};kz&Pq+nd2viIi`)@Uep6O$OerT@G#rh)crlV8sPt3) zhu&hOe86~gyJeQar1YR%B>2|i8s~bzr{D^pWTO1-j-(*wAWcK=rBVXP<1S?H%a2H= z^B8%xlUog*L09g1`C`y4I|1_TW8=H)soU|$x6k;N_f=8?H6Li}?3~;_N-Bv_8;v_I zZViM9_tL%HWW4I4>e%Q@oHfoDb^8?dU8imt8-~jBoa(`=sKEFrDdo}4rKoxSvWs>g zqavKHAi#I%KZ?;9Kw>~l#xXZ!G_OW9!8-vLz@Q{ulziEZ!>L&xF z_kpS>?B)AcDQv>`Q}=YYC8c)}wkbY;S3`oEFo}^t`ca;w;`@%3l(ST>Zhg_C$=2-0 zLB4^UB=DiT9b1a-3K{&Cu81sA{!>}~&w`fVjt8gktu};K+vg^8tNC`ncKI`>58yrE zJaC2kx#bQxP|HbRu6zUtMdA()H^6&Q0n#c4juTy{eZX2}Q`ox`gO|v9Pc%|E1f7`r zpF{hC)&aLQl@#_+Qo9r<@aYfH1dbcM(r4PiB-VHhJvX|3&QM`lhnmQK^Wo2?k@mWS zt0Ytenxpqbi(InR!F2?@(?b1srI5T0YNEMY3!6KUst-Y}PBvLb#s|B^Za&|^x$CnX zaJ4ycd;5carDX#L92{`?rboVoSjr+CBgVzvarBh&z{pN%w_(IL8>3nJ4j^Rmq&%k3 z9pWLnJ_^D_i7NQVnZkOWgbCH-ez>8%Z2G*+3lRARsq$xd6bLoeKN`JS{XdVBpaS0$ zUT{$ic}IO$ipuS1uHD7b_<-TCI3Rw0$pZ}1=qlbtrZRCK}0LkGdT$exXfJ@;-Ct+B1*+&yY`zr3E z4_xzCFnv#FF?1Y$1BA3`f%yuFxca$CQDpq87kjhDk!n!r@4i@?r7)p$b|B5=gh=n& zC(Atrr!u3GHGCk!pc5c=DmlW}>C}%9cfx!(=GKTz+1{6lg}M&tSg*ACsRH%l&R9-> zyz|-i8%eTaa8QiD1+YilHNAZJ0Dndvvn+qpU_YI|*Df~-;(s!ZY$$Z`OG6*UDo0BB z7VLq310@oVBSy3>K$R`GCyF^_atb*FJsVPDU`pqddY;b4;nVS#pyCamG>Y6RXmE}@ z*Ub+pLEIrVDtzM?hdM)-W}}%l=ns|VqikSPtF%$o(Te->69@d2<`_r!)?C_S{2;h_ z@A;ja8B-5R&RKd)i*08|*6A8!KJjTUek>=lkV|#lTQNBAAo3JSMR)1mT&-f+#aQx7 z6GhIVMEcwvD7gdR9JIzWPkN}AsB=UA<&khXD#f(Kna3Z=Hq2X4SF<*S;MJY)h0Eif z5d{}R(a?DvIP1;IeZw3Wn_`fF@qM)4krWegV&UrP#_lvBshGoNKlNj8%PoTRb=lGW zc-?{&<2SS1@|91E2fWCI@yti~#uJ}J&M@C#X5bjnR@+gN+oadOeaFrZ)sQlU;qEIA zrZpEg2y1XS%P=GCEs{BDu7^D4)(&PiW5I2Jlj+h> z4oDLd)U}nyniatUEc(orqijgiO72hpdjT~qM{?l)?#y3Ipeeb{7&l!2{+#IKHPEzd z95fzYXk|0_KT2hxLKxjB(XPGFQtk*~IeUZEheC9;Dz5wg?kwV7Z1O3SzW4x>e_y1U z&-caHmLKGcQ(H}a=Nz8`bq55|dJZagXb^eoyqve0b_IPi=?Ae_#4@saGCDEwfr=W#b-4~>YiC%QHj zrs?qKUwI7SV~4E|Y~U6~@s-U3&iFQXyyMKXyrvGg4j+K)ouqRVWKa@Ozb!ZF9y$gv zjW`!C_U&LYJ7qG1nm$py@mI7R#(J5r{Uu+(`X<8Q!|Cp|*N0=Jk2`ZB{n8vxSDMMb zkw9Gbef{-jD#;a(lk1H(*n`|kvo!7C&Al-gecT_4wX3$Ro$~NSBZqYnC6Go=#uK`P zy*e)A^lGO(rtv!1lJY&9PTgyw03*fV%tnwZ-Y=lraUuWC@H785{8jiL@PtkOPtEcU zAo$V`d0&8NOMyHJJjQMF{r{)n0IP1d=lZczTufjOJ0i2ywm?Vd)5xp6Wr_)jaOo`t zwPPF7=mAodAs}#mHcUrO@s)+QhB2KnV>j9u*e-iJc?OT)64H81F}i)XvbZ{|JpElI z*-`ZAt)|=U$OaR(&S>J1M; z0L_%AQ}1B!=6Tog>F;wLMG3^}R#ON~GYG5kGuj@=_R7u8T|2lM%aB*Zga8Sn*lRQu ziY4wDD8QDJd~w~uUx8lG9x`<_DKWZ+f-o1tFDR98CM9zmC`-E+^1_dsaZlwhM~xv_ zPs6hYDHp_?C%HIX)HPBC!FE!43L<}+_z7Ox>42P-cKmc8{Z3#EuNCwZ-me_Ry5{(0 z>L$VT`{I;^Qv?J)GjE5uCH;l<2uRo|eOU(F2LMg-|LSi_@&CX6*fxQ-hyxwo^*(NZ z1#p_5C~h4jj*?BF$5kpI)bIL*!_|B8 zdMkT$AtoJrUi7*xI;pgqD@^=Xqr?_&UQG4Xy5FBR)1sk3#cAT|gnU+0KZAs0tM6`)paYaF`BW!PGP0VXY&+xk=~8 zV3-8ZF6!Hz;zWw^nc}h^_Hj0FlggXT0YiHvrRdVo4iyxiT~A1lLgjAo`g}L&>(h5o zw%BDE)v}vUyP}AIdZ6SU&H+2va9?Qy;7s4N3aX$Z&u~w0Yt{Us)M)z3uS~i%<1=}S zm`Lz@wI6!I7V|YF^=$XecNgQN*)~*iD%%!Zg6r84 z>j*8xjy&R7E>y{?t7yIc^V}F6dHkyJu!S23X7||_n+n+5qtO6+PMO?0&EE9*4kr>b zZ1Y)P{VjhCy9HRbpeZoL2b*VnVu?KEJa`wz0utD$zX{_`^^`uA6ryurQ!UYYiHE>z zsC7r~4Y9uYO2KnGGtbRMV3>|Hjx5Z^Be;!D{L^kITF}P5v6~_$R7T1^&{~RA3pZ{~ z=Y7JOZMy>y2UY;Tfn&CqA7XGIG;%I;glv=Nr<|RJzkyw*VPq zEHCYCV(b)hXXALzuy6Wa5N8QHb@4*oP~)2`oG z_dFN?3emDwP?j^H!39EqWR8A5N*BOOZt^rZ2aaf>behb!FR8fdJhC8q4s-v#%eZpN z&d3s9main)^cz@g1d@^(DM6s`3X|x^*u#)pi;FEQRSAm5)+V*k=)+X%H}vMcNDOo1 z*}(T%BV4$KDOp=zq>f|pZu+6SxK1MOFK$1C){bJzw%TMgRkJ}vjX&%;%7fvzls6zT zp?sQ~88pa0GHrxNkVBV1);k+Zj!=I0v#$nSszs`FF&KdzM2GbuSd>YiXQ1dgXd0j- zgV#VuPPWG_MW17;(<*y}v*RZ{kd&e=_ji)g2v9@E%?)W?*Q0pdS;s&*n|0Wg0R3w&uaoVg_q-r*D z3l{n*p)%M>u9w_w1{p*&qqePg?Q|!nm0KRdUsb0B%R89=S;2vOz!eb`rvM>`W{df8poOHC0$6TJN8N zFvA{A=6f13ZR~oyTg^l9kZuNSf6o1$8`*uGTicM=8*P|mUPPnBlygMpXy4<@dbZ>n zoOafBU|qSZLA0ZE~C`#ah+H#|`EvuNWIZ6q>o-rfWVNa=$S_;QC#`5p9G{6YIP`*Ubuh z%Z5iPv_}O*xxA5^b~v%F{hURp)zpd%s0D71?*Tsb&EX#X2EGBkD)=UT#W?{@iYn9a}^K~T-(rQoomj$%+T8yk0>TgtrlQ&nz^0Kk01oSOQ zU&4v?V<((Iht5XslKp>cKMxP~l_t~n_#|n}xU|`Q^Cw&wb^JOwmN|mkn$x%4%9{`3 z^*9dfD(%wQmiUQw=Z-%%J-((fLH4Z$_J}7x=Ka;PeiIP1x=e@~$%SH8m<@kEZc1%@ z9(j*{{LBr~DHRDhF5dY8yu-2}zs{%vzQ?m~(DxaXx7vXdn-P`|0ItH2GzY~?TkqWs zmFSraIkWDAy*Ge0n$wE4)C~+sL_`l)=HE|=Cn}>QA$elg#M7rcm+u*r6vQS3;U0-+ zej8LUJ!Cm4kqzDZE4(($@E3o!bSP1UF1!z^(?j3bm_}P*0%+(X0EUMq#1r&na#_B z#f2@J6ICfKjkmU-RFCulL;`(Rd0QHYp&1N469ioj_&nabTsdX=Adj)NKHN7_eS^hU zcZ0|5CW_PM3m_fKu*@toX?l*auRgrpTm0TaoG}*H;zIJH0E8k)q1mK$ZkK>BLg9oxVM}}nf5b;@L_6%awI6jY zW-Ici5dj%xUGVrRW{UKCf~LE~?g+xcg?dLN9;Y&J3;nz{^hK&3*!J^&yI_|$#?-`~ zfI94!)G7dE6F;<};QIYt$!Fridb5+s)<`1Gj_)Y5RbWnk7Wo;Ckj>gKQrTlBot&|*+Dx0Hof^Gb3B)6j~8teCetN|)LSg2UVVySEim>wo5oPM4#1%f zzDMmX0q69)LIi>sa`IDRl>kNgukv@yp^hh%ZMC7WexeGG`y^+D8+4QfzPiXCNuFy> zAJR06gY27HFP*JbKBO!z({MM+qXXzQxy%YPQ;4tC&B|-NZc)g47vuZk5KfGd^S=g! z5z15XzSST|z2UJ5&5b?z<0A4P21tBsR<%s}(F}4zm1MK~Il4FnbqaefTq)hJC`sAv zx+r2Sq#>m5nG!PgBs0()MVID~G`)1zJd)K)opL)7-?=K zw6xM49JX9$*cs^`p8Pmi0{9bupqTeTt&djP&EBA?xByLa0bB#anEL4B?cd{`T@0$) z5CN)|H#%?F0v*WYQB{v;z=i#eko_F{hReuzj*+VpwdH=_SAXJs51%*s-xCm}S_<4&6VO@{0zU zvnw^!5az$NkoK{mpJ>wfsKYjLH_Vd^6M!7P*U{;YjN;H+8}Y1e36K*L7a|;C2UeV1 zURD5JN3l(6hh-uo@?f3XKw_%z!>y$7k@KcF#+Mx?v_Jr7$8zpJXkyjHmEJ6luA(qz zTEP=w&#Al?>a@w6d7V5eax?Uuu)bh_B0oY(R<`kA;t&BUmIa35N4`H<{=G4L$SnHJ z<14RQUZM0FuqtpQ)yRZ8?*Hc2YKf7DI(~h8v>By^Ltm(1vDMBy2 zDq)?Cbseb;)1+n9ox-Qp(S`(}Uw?AK+#TL%o&Pmjc|NS(ZA#gf$e7(>d4+Kf$h6j3 z3E$-Z@Nv7Adj~DyYpYF#f6qWZwTo`Vlf#zMF2~Uz!s7HcTIj4}TqPPz%5i>15H@CQ z(F*(uBojpDzR%v}E8ydewIy>~-u(5Cd$33$Jo3yj?@C&jJ3NVW3#aJObWJ+h945U? zH>^}}N0t=|$jsz^u=@I+`v4i^U)^T%1GgH{dvV5GJX>(eE&VB((9CN0qfTmM1#JKA z4S7-EcsZ2-`RTFo&}aCpT9YdmAVvdK&o$KKh5Old9mg`+Mn0w=@(<6Z&``S#t&i~C ziMRkx0%I)*xuYk+bweQ@@%IE^1w%gEE9cptLL8Vxn4R4~&10e{AlS+j8YDtvLg@F| z>&ro{XtSds#KR;&1I(>xuuv@sOHoQ|k(Fs_98#-#zq4?1u|hEN9$K@M%%+=^S*sKe zcrb;ewff%|vfmU2pCH|~e0AJn?+2`e;z4@qM)`dF#mw#{iVoNN?l^Y~2ZZk4AH^xh zIE+dK@Tp1+@qZIiCYB|{!kq$$$YQKPhyV>j*wqV6St#`?eln6`=|0Fcd!eua;kY{c znbt9#x(^-Aqn|PS$1!Xq`K6@30u!?BdCsNbJ1Glyjc|i9~D6I-1ko zki4DRmxhA`tJc8%c!!r^-?_Q7YIp+9*kM#qa&axQy%l+DH5#Wm_=1V&D=ZqZTCmEU zMK|pz(Dmf<=M*q;gaEN}?{)!WtXu})Snl!(*#0k#9ebnieUHLFM9O5nNk1NP!<*hh zzhO~4SWk8QIrpJT9zf|JO%SXCT+57{sw0I3H{+C1+~_RP^*GZ@_PG1H@5qXJUV>TMe#j z^18Xe7jo}-y;Nh9CUkf9)4sO_=r~VRi}YJtP;T}u)2qDi+=)dz>x9n6B<5;$MnMy44;7`C{3>Ux|3>C16 z`d$L70J1-M5^Y%YB~A1um?2DC;ztw3{*?OU!~hR(R^P{5dd{9Nhd;o>ABQvlivDg3 zAEBo>l6XAU9ru@^n}p0Ioab`~P(A>w=NYoL6QrnpRngs6LuGn21!Q=*NyuI{QfKd8 zmVS_0agm!ish4ZUUqUqJb!_R%^$fp+tTKizPq}5(ZoNX0TYCM=7|s;+|I6kr zarw*uHSCgv&^|GRZ_qgGefPMXwqL^&8PKngZPQ_X-_c2VhFk^O2I2W&5L-9k*yIhN zdLCN~C_*lqxfkp8@qG&K{=a+~%T3=yGfjTO(~K!ZQI^Abk)kyZz2FmF*!MHAqLBlv zxHUmmZ3q_m1wShayPyyHJCtKW1;gC7!L;O366?P)FD_Xrbwf`n1w9Tqw@-OyPFpw5 zVgtIJse5-EcYQoghqMA-sjFUvWT~?qFE~5|X(?y4FxoaX$SB+J<65OpG!{=l$CR6+G70m-qN+#&GG1yjhL+OE?GqVqHn=~=P7b)YM24mMi>-*WtL^&%#wj%IS zfrX6__u%3>?MmqIE+O2vtG<~y-o2!W;*1o5fGE}6mE_xB-E1>CT!c);&F4xbPvbiB@g^<0tlJOwXpQkrcG zKidy)6m$fAr@UehOmyvGxGlm0zWm6)<8f}5fV0s#%gt2T5JKDSyjxD2tOVP~Dlf}; zkhk}Bx1fBjZ3VEqnJdj3VU^$8_hZnNA}Mm)~vUcw9pO!d2UgT4V7Px-kA$;iXzT%uxr;0&78%N&NDf^lbW(OfB3q;PGRh% zDrD?Ab}r5*;Chr@KJT0*8EI4G)zkL*TqBb^RMxLF1O&z6%{A!5*P!J8)}Ws*Q+?0w zW_IY8J1?E=hAEGiHQ$qf#f#zN_48=y=TCkdHl0R;2)v)@9Z77O%wBpscrL79et5x- zFXULkf$`?6-D<}spA?l4Ik>x|>-~52DHAwqyWqZCvPty&0@x+6)0_{NY?|nf<`uvJ zz^HO$oH&^%5>tXvmU0Wwbl|rN-45!v5UG)lJI-WZn;4dvj2^1!`AihlhWU%m{EbU; zHhrBJJlc|tFB;W+$uS0aVoz(&t9(>0{nrjz!RARKNhm;YwP3tq!5(kCr1WZ2C($Q! z;;HdNo1wPJ>?LVgcoOMHc81yo{qbjl*MqGle^j(F5Q>a$KDf1*pCHS%f3;FI<=AW| zdN2P?o+|Ngo%#^)9&CHia+)>B!iRGN4aj{~GcQ7NZr{Yc=8`yVd^|c2&D5l z=J!scS)yIX) z(#ab?5N;p3sb$=C`us>B$f+~X^*~R=#ZQdGY=~(0!G6=}sQu}dXWc7^UpkV6PFFUB zoD+rm*_+*j^z*Gh`fGP|Uw!(ccu7z98pnLbo-RB6RH{eI(+Q%*L<#E>%v5k6nr!9B zN)z#F_$>j$cIm0_13blyAqlU#L)d-pL zOBdyh0AI7wp84=lre;l`mw!xM2ae#AKG|)BaCtrj+nCxf1~%-7ssaMtSNF-Sx7~7b z*k*FK1TaBowOfKR!=9z&WxtKn0Q522n{7ifw^7$#zN}qg)#-c+v8r0LD1gko$@ILb+qus`)@8_Cd733nc=dO%AA$!W!8!D z3b|EtNbLYE$jC@`@l{|7b{IHdVDT_NX!eStrDuSd3Q5z+?R3OFU`T>RF1I%COyOjy zA|*QB_pJYR_+VU6)XC@OzID+sgQP+5z9bFdayPB8F&~YG7@?>)F{JU^b*-{cb|mrb zg_Ia7J2R76hj9V!zt2z&;=lwYT9zl5G=s$Aen>%a4i9dqWwt0ea_v* z##-WTz$BvSk%366Y|k$ndbqRJ_!EGS zNZ&4U_NJqbrZ>ynI1todT1#Jmi>Ixa=2~d~4K6|vkN4w0`VL>B^)S|`DfEwD3}h;g zRRP_7gsQxElSbv`+S`JAQ*dVQBZwkP`aSUchtrSdi_bV&9D8-=Q`%@oA65?a!(>g0 zzNRKJx(Qc;Pd7+R43a02{a)Zx**hGBBBu@YG}d4DUN*T|4@+?>-jSBiWoth1StY@b z4(wfh&<6B2K2i}uV1klJ^;kk*ZJgEe@ z707sgq;!d+`{yr~8_NO~j|;H%0yLPMD=V`^qb@qecD-ZUAT8z-2oSRabd8fMe~$;l zo)LN+lvLNDpUy1h41|);NySzuCb8J-dz~l7#uK$cxp26SzkZ3X@QZb4uUkQM0m7uh zfx-`2(qhacRY)Z>?8=}(u)gW%g@gJNRFD%Vz~EIVpD}DQSfvJYJeiyAIz9C6^5N3O zWpKsfKvcuVzVWa;!o$QfYyZi_2*!cntj*2C{ibtqWu@T5gR{MP=9wgImz~Np+mAiy z-X7G@pkCeZ%A=H`K=5%%Jc11Tf(D-pxCg4m-0<;;$A|^e@C0(azXLzJ^++$#0tmL! z{>clzp-Ge>$a3Xv=_zR(z3VRY;LV^u7C^#*SqAgFPuZ{cq%NK3MzC>hsnlBzNn!UT zitbedsrqvHPRRWQIM@^eOMWxu8IfXllk3ahY(72MNtUz|P0hVcMtwFg_WuCwN5 zB=HE?9;HW30x^~&WUDg&lKt$I57r5LdoN=Pf0u|N2b`l8u5~EP&B=fL$R97nQZ;m+(Be6cO8Oi>Q_N?-Vz$J!}u5>`b^Wm^BdRRP&%vQvE#y!u{aTl2i z1Q$NadU!1+x`3pLb<8zxp^&vX>35upYF2Q47=x&oZySQpI=>@|Xjb3Ug&HCxS|g>C z<8p=l=Pj+auzf}{xwMX)Ml03~w=8W6B2TZB)PR(Xkyo4T4#1!+?oj_fB`gQTORP(r z_bI&|X^hd{!U;==*6p+3&ZTJfWP}lzyfR|-YQ~m9wYfXoo$3`| zsV<|yFxtn28?--eI}|DPU|!82t*pUnsi}SukB)eHM()c}C#K*KV28gH>kX=P`3NOb zL-BD|5Y>kR!@9$ei>M8&``vV z=f3RhB@@BKE&>* zk9$e{r{8M`l)ze74*x_lG7#}Wy-+DwS5fmv^&BEVaWLG`2y8wSNI_X+q} zlO0ySNqK+tG|jOBtJC8ks_N$rVUPMj=MpTYDsaon*0sm$?*7f#&GY4GV0Onxu#kOq zri2Vi51YVGhr)bNdU?%;b8{ra>eR6ZD>sqCz6*z^pcU+l51KERDmjDhPEJPzN6AL~ zf!px;@G3%ZYUI_7R=Vq2*e~Q)2Iru=6V0YHfyfU2ZgMd9o2B^;L!3#0-MGf1#^Pts z0iMPN!qhD_H1+)%I~F+FF#7m4tA3KFrRF34k6E_l_rO(K507)`q3Q_+e=EDJO@rD8 z$Vq?U*d>}4<-U>9t_{Z+)Afhvk@MJS6?9HHnQD-BWZCokn8W-86WLf6i*XG=sy1_; zez;eamxsK8iaoxt%#ZsZYW3*el_C?T8R|0>4^Egcujzslt9om>A>$u$U={KzTS30q za?FV0dp@f3dYlkiiqGOh=Vfv!2VU?0`6Ibtw4*X9m`Tw_){EsubV()9x zk>xH7s?Ss)d0L1qNgoHV{p&LUazbg_eI_MVOuPxM@z{f94W}2g)T2<*dT^OYwVY?| zVO{jTlZS)!rKL$A!Wk_dd`p)B@^mMH%$Hw?CDzD#+D{MgQWqc-6bc<;v?`HZ ziB&OtCJkFAsj-B-{{Z~z)IJ{D;jXPhIWfn0p?@W6toYH^ErDDD5vnOCOhMcEJX(-9v(VKO?sGly;d!(8~Oh*I0zi zn5iIvzSxiaps2__F1WHdF!XT$TRem!C`ZyOI%?!DcIF>%u@Q>QX7Kp$hk2K)hMke+ zfGuo9(@;PhYQBj~2(Am;1czCx;l>sv2#L$ME{I7_wnF@ivQsBpH-hojwU^Y-BxT7z zCG5^tnjauqXk>XD@Yfo3qjJl%g%X{xF*WZ;5^|T6*9g8=6oX=^9$(* zYAW!Bpq){ZgEyYC$B4g`#f-?j0Rq-9SECS{k2yE;0R*T_;8` z+R_pw5Wdsk7!uw8`Szm$D45jw1zfjtLaZ@44BC9j{|S;jfKqvJ)cb;)o5ehGt%V5W z1pZP#09r#H#Ahb76JQ+K({o)#av2rAoY68183;d;hU8KEY89wkf~V3y5&l$q?%G|i zf~sr_{UL-jE-3(1TymXv8@Xi7rdJzy&6`7X^;xyu>!B1Kc+q3h8wx|@V}z2fV#|*V zqe3-dR0D}s^n&3!t)X+Ro4-3VS3!=+-sP)rfHOvq{F-Yoef~;1;4+fG_MvkX7Go); zU7yL6FN<{=NV8OJ#Lqf787+|kKC0Jp#S{P$tVuva?^GQttmtuedT5spv~O>J&4Z&Ws34;FGi<%E zp>aIe{mGq=R=yI+VOq0;Zhx3BvK;>^Q)2|Ym{k9#n2eh^y{?_+$pVjlg4I?!egPiD z!7SPi=kSkfV3#6wAmh$_`VRYhMdl8zKuWbPYJlAzhm2!&WdrS}KrXS<;gYb6U)49D ztZca1s~jETM?2(yf|_@BkAyW1Uup|eER|4^*{h%@%e#gN10rIt@?IKfM~bMS(w)lr zpyII+D>qqqurWU_dNxkq3KUdcWS-t}#<%28?(q{{QXzf<0eQK&oCL-uu06!&Gdg!z zK7Rv+RpS`QR5FETL53h$vHf-FRN}<|!*c4+lx!Ok% zEdoA>5O#G=8bnnmGIdqZ_y!~a0Q&FQa-Oegtykp^mCrQ+T`*TId>TH?gxJ)4ZdMkD zuP3}!<_y?apmT1z2B5GGDA)(l@l|Pl0Qe2=@i|E;QfD}h@Rx%1@x@h)&+V6; z3rxP1M-d6ZTk82A{sAE-5@%*Qc+dR$%nNP&DF_DhFE@B+Kw*9X}HpwK}6MCGSIdHEYB8eeqLA@QMZL6=~#_wZr$WQq3l68B~c(0M%<;ADQAwkANB;7d!IUq_pJ z1Nt@$%MW_}by7e|OhNjKzet3y8c7ELzYXarQa)fM%@Z~yWA94Vj2Mqpqsj-lHBtm> zin`de%NiaKGjhlouhBSt|6=;iYd2<~Q1{PWK;v2T$U&a5rO(e0o=rt+=x<5JoAX!U zseARGq~Y%b6f%MH_kdly_W8HLX&T$>Q~K3LWI1`5gr^O*I8@~OT}G2~yKVT@sX(yg zqtSA}y;R82V#8+IMiVDc5bIB5>MuqF59?w?uKRd2En;FKaq~+Zn7-W8dCM2WO9|X# zjPwm$#U95x8Y7`+1v1&@qYgBJRT6MvYIC^6)%^jH7)O=b-T3;kt(}nPUprYR+DPd2 z<)JOkLdSx>n~xOeL&$QXYdI?a@DB$vg!8X~viMr4cjGhi7K81(8RHn@Ria#+buMM} z_p)Nh*FUrFH%5d`Urm>2^Lo6yh=D@I-x*QHhsp&!#VX~(^Z{pqhU{*$?su|SS|50U zbFkK=AJ+xQFRtHy1R2fI$giYyfc++r;SZg-8b~Cl2YEX05>c)ZjJL|d>J@OwXk9zs zM5-mm1wA?xIB7R{e{WxN$3sPXRBhQ~W6;qN{OyxPDeaLQNLq0yZMg2d6R$Ha{f|TH z{p4`_Z}3gxu?`Lk$`=1KqK9*s6T3MeG7KTiVO>8YC zsR_yZQ1@ow;o=zr6G<@q35Zhl&Vj>bIM$Bvt@1qgX;{8n##-?4x${!*bg^nGY}~p( zIPjHe)W}dgdHUn^&$Sm#39pC74*MNdT=&!@;Dz=Gu^vP)9nwah)#iV|HpYUL`A|dY zUO}ZlMk6CiKjD)+2VFxjoFMxDRL|HNg2IRmx_3ZCb#vR$Q$cosQ;U$C^ zlV7z)@<4?l{A*U=a9flwL>X+zTdaOD>!?|xcf)fvD8AjC?X1t$+S>BII@I?JUxc*dcy8=r5NG6x{KnTch75b3Jb@(Zji%6!4I`K4NVj~h zA##+zSURBwKwPZ0r*3p%i%W=S!()SHUDt z!l`+gvA2?1vyS{mi_Z4;XMhW;{r=Im7Z7@A6!AlFBB_(+^5n_2PA+mNXkGq*e*~@T z#dGj*-GW&>Is;j5ynMa6gcWgO`QcvlfY8Nrn`cN*|NPN8=2EZlk=*MK61OFM z`U+D}baPPuH7RCvKOI!$A48jRK4=I#5vJeJbCk*F-Vvz=dFbH4P(w_aCTab}ZdFeN zka$LpP`^II@JrTn?`PF(n&G+NJQ}SXPg2GXb)MeKhZ~WCL;4af_JDY9mRq9_|D638 zP3una<4`iY{z0bCy&E@RTyU1&cjkeJ@H)5`C6YTV$qoQ%?c=k1Q#ij2jure0l>v5v z(lk!vU}6S)9~}J7>{eqv9GG*Lu69#HFk>f7Bq!>payUQxUU~9c~_^E3j1wuTh^(kenV^1B}BL(9*4#ntc zO>z^2AYh0SO3ka0JCT>B(ah>B?bOtO$G7tkWRnW*LcozU%6JepPHL8*7d8BoXT(e(yQ1pA%Rv{aT{C7ElpG zJ;^+d7UwY<39V#b;*R}L{O}HBE)*wE5`%XpP;8$XHV8N=Q)*~_?i+D9wTWRE;rmQi z**kW?q&BX@MMl=TH%=9{A1a$-3ow$nRc{j**QCXA>99mE>TmvDv3q}*R3543Zz&>m z(AXj;O+V-)g8yOb>?WMPd|v}k2KzHe-alA$20Gn;un6*hVbKGiY3uRl zg;M~J*@h!eo3+*H5mV*uZ%wt2+WS6?B_JG@J@T+yB$FtoZ=>Tj~ zYqlXxh4A!zUFiNF@IWj87HpXD3MPqZ?{#y(@|wNb#|^CK7Xg$S9wW?+<*mp7qgNV8 zh~J5?e?WLj26KMug%J+mzId#v$iH9DCkS(pZ&$n|vpbM@+YI|2Q=3rbDy4s#(lm2@ zMN6Ga{=#yyFOtsVVowvF6=mWW=m~A~M(akJ4BLDWY7Ts*0>`;<;@(f=D23TmNZ`70 zDhF>!IYDx3DxBL55glLlaP-L;hK>EABi@Sy%Q!n#Hgk$IFDb0mSRsgseymXHUjk{( z5J`VJfdgg1eG?OcbZrBJA8JI9(EBZUY3yjI7w5;y!`1$>)Pq1FJC;BeqUErLZ ztj@tfxe!+v) z?;t^;*<+x2R|#%gy@r4}H2nYJ?YrZ--rN5pg_4~SGP6oTWMuDAGE-J&Wy{_pn`|Mg zL`B&lSrr*skwRAXCSe6zV zFF33-iS(^Mrs&7#b!wHvl9q@S=Y7s#FH?J^en#DCQ%WZDWIr9{t;fM}hbCvdt%kt! z;%3npd4E-J!};WpD=GJ4#13)L1sPW0+OM1Uw(6+rk58N)KSRpt^cA|&75`z>tcZ1A z5$&ETDpQf&Wy4k{dCygnTMGD(9|r%4cM>$|0{Gr`41erB3>1rmqOTq2kH)f|Xt=q4 zk*X)u3a288|7m&N^6Dd%1-Xn6n;3BgxoOL-`&2Q_HGCR$!jyDaeQGj|=ObhJV~AuV ze%+~x6U4gJK0nN-x?*B8KQ&>0S+!yiwA=UMUZl(8#fxL0L$w!p*rbOi3%u9PYP?$* z_rBJ?pl@rtYH^s4vfzm8S801$=mHWEuyIAxsF!TkqdE4Bb`8t~i&d-bd>uk6zDVQs zq;@NUQdQt1q(I$0mV-K}stGmjh`+JLIHbzohihZ{DkyxK)Zm2G0QG)Pbl29Zsy5v=(AV4MmDW;Rcy<&CtI1)N3k&)YB@RS1v5(YCpLxlvGK-?F7F}j z%;z!^oNDjCN|luQ7#@Ed{3d&x4Et45iJX40bgUbUZfS<9>40HV#BfheCU!6A#ChnG zE!AHd_B8P!rtPKw^pJtn?ZaV9H>SMDL_d-`o~V@xJJnpkYl_UgAV~3&qWQT_6U8&A zsmJa=wIBi5L=4Bj_aLk6855p@>l5)>c;MB2aV)Rtn&Gy2f47^^rURC$7tXbjKB884~AUFPPjmpMI|J!bX85GmLmIGKM+xsw*UQbz*}R|=%Jf} zll5SDzr1o|*u0V}<5dZd&yQN#xwrIRE^HtEsHcvTHSMd+Lq;c(Kn~<%F$rF#Z?vR} zy*D#(DY!jZ-)1ja+j}yz;VvsQ|AwK5ruFPU1PqZgVFlq-#9o^2_1YM8FbnrQK?m^q zw*|q+Qu2QXp&Li~K@4?{2`eV_g21s9XftdHC)iyeaveIs&NaX;@_U?cB|daS>C`;2IW7+@?~gHK#I@MJaxK+#IR#!>6Q#E_7o622z$ zy_TDzI56k>3I{>t#~0bGb3Z}jE@X9BQKoOM^Jy?1&s`}d|6?*wp`Fr+XZ|+)3U{mJ z;b(iYHoWJ{yGC`Piz&69+jUk>v!3>-Kee~x(#(rheG+}{swny)T>r`m&BHP=p7BAP z`$iZ81KM3NneYR^%Cb<-I4$}h2Pn#DbX%MfKd883k&HLC7x^GhnY+4s(5Xj1^1=C9 zMo0y741eed%~BJOw=UeEPOp;YrQ(Y~6UA0;@;{x?~`n5QnP!FTNU(R;SVlna0EC6iv ziv-yW;XyRn*Rl$4K+PNB8L!T}f=$Y`zs7uga3wME=Gehf9oyS7+;1li7)mvP#+rWj zZwCQ&FAU`x~Ouqt(`&Yw1s06Bksb2)sN0IU2qXdOw?4>@* zfAA0U?!we0)#Q6Pb#G{)mxn!R|pgeD`e*OgnB73IELBSV(RGXg7IQe1rg? zywvxaz8!03qv0*}sd+Z{6aH|Y!6Nf%T@a!$#sKX70Rl>m9U=;ot8d zl$y54t)am{{p5JPT%355?9O6kL7%yC+zijF98cas-Kk^2sJRF>mye3IwB zgECcQEP`)Du|?8GcxW(kSFpK(BOisumE+_obgpfvTrd!@$U= zg4CnY9F6*x$c?fxe1(GAjZ&JO&wAw!X=wwt^uq5Kbj8bq7pGNqH)GL%r5Tny-J65Z z;)Dkh#7A((L_(jkF>o1dXQ$11nu>_b8oHwPAnFE3BH%RMGj6C(@Yn78;hw&re~x6- zzG<9J%Iqb70z)*H>Xmk~J{;rs8^b4w#aqJ0kxh}MDwC@<)WQ9wmbd3r#98GnwN{kfVoA1NbLo}|+J?X5 z(UnS^eR`@WztNy&?s|z3Yi^EbajERo@%!kQ+&3w*i17>yv@)7KiIsCfFqZ-y6M#zr z?YHFg_q_-@xN^|4xPTrjWvU8w0eEs&r%BxI03;{3yZkPi{-HMnxD0{{aR!WL+nkx7 zAt-%7LsfJF^6}>&_k0!tS;nu5?>QQF@2!{DIyKUMajFcix&n)IoED#@*yO&I6C!vC zDXVwZpm;nei;)WgkGU2}3b-QmwOFTdS$B+L>3<|`Qt}mDyY-~apQ+zCGiif+?X74G zmMXE*2=R~dU?$%y6P`!Uk67eK3{dU;us4N0TX_+<=YMDvs~rkGX%+_XU+e{Q&q}kD zowdP?3jKp8kvoG+k@xzYLe9ipG?$^&s^O7da&WZ50LCkF2rw3VSPzs#ENmLqy}^g8 zU&p)gR3+8nHc9lSok1lZVG;lXIrd$K?kaG4->=$qIae#&^2DaZ)GCpq>x zvy-Uf$YQ*fzy0uaV|UMiEErq&$o*ksq4KpX3$~1L4Uspv6_$)Z035U>@zl*r6h3{w zNEAGgeO1aB)^jp?*Yzq%363^-Uwu~3xAQ`7`f8|N6|6*}UStL_; zU<&5DDUfB2!NfCTQ!(+7Q!m8*wbPtoxyOh3Q3J0vEoKIO@EhfGL)!pxhWd^%%*CYP zVcl)B9*Y%?aO7H=MYjj1cMv3_z@1V z>cidVPyQ-h)^|``t~`THiho-fHZ&UyDZw%Dcf~2X1sE=Z|DVyc_rKunc#J@~m*`Oe zo@$=Xj2jnQo!tLY`*)PARoTfHOl#ae?s?!JLrxOOAY^pW89-NU8r{B)WSET;zz_d2 zye2r7CZ?+zsQ#HxSGl0$e7sJAXZ-Vhs(*cvCT&f(SaGuzmczZ&Gp-)-->uGg%&{zl zc0VI89@fQ4obP2B2^){Y;V`w4e)4TZFc)?{nxDkSpAvw~nKsWa0qJI~%Q(!xOn&Xi zTwIwew`yx}J-s8fF3CVEd3l8;>(T7X<7YCgtb4W|F~SLJ`+3&+Zu9eAyq;IyNY9j^ zbR3KEng>Q6W~~MCu<0gP{Rqs3R{Ff)M#sT!$6{98)#A1@nY4p&Y05_GOMyx1UCD6% zez#1`30jc~kS)^KP%*;h38TB4KS$(X+b-jpaZRcJhO`Xm)QrP8Fufu>r`r(4+0NxpOvU@uRls-6zr8ZvzkJDcy~wf*acp z)~`huC%+;m#NufBFp}`7ANDA?SmatM=9QC*tqw^=p1F5}{BWF<(J$C6t=}@~G^nWW z!$41&J7nB5R+lcnd`@$|>`b*chk5LI#!@6E$^vu|>;2}{(IhbJ2n<}BK zIK3_MdvuYjytLYz_A^N)k)h+JRY`Z2t6nv3ns7zL5vmH0I+WFKHr3#bGkvp%tuEzF zaU|;W`1&tKjMSwg9@K#f0ky_VC+t?iao`sylkgxE^mczX#&@ke(ns z)e$zGy*(}Ju2T(0eLK_y2I8OIx)z~kORESfw`=)Zq6o2lf{`5lIq?3TX;N^oyHeDIs1y=37v)I@$^&pCUR zOblOZ2)ePMG0J4bK(Y~VlRnLm+GQz)W(x5_#+*Zb}ih>T4%LXW&hTQb%B zj-EKBDXV=70`_=zc%+PPy*qn4jGJ{aIwh%)%$$6J0*9GgJC#P%{k85}$DFU>yy3iH zVR-Ex>iP?$p5IN=t5jZ8u%!&!vyeoON>og4Aaz6#h93WOTAKc%Hp%{*Yl@SQxLGqP zuK)5`_EZ`SK|gDS45h-TqXHr^xB3p=xVprJnm9q^Bvi_kB$zY(E(lwGK-2Un6^CWA zMfLJ>Kpp#$G3|6vbls_?PxusdXzuu=yA`%Pe|@_T<%EK)uggu6Xmt|&gRQxO+Op~8 z`1yf~5|N2`jTLPvaTQK&92UpQY0J)oOy-7A&1^ORRt~VcYfT$d#bEx)g0$#2pusZh zNS*owt??}nK3F?$2Q^;pWO95B9TSs$h%9kLmxjfGQ@5IYMLO)Hz1_KS2#E3QVfgzT zy2TL=_e6@}gr5=ZUZ11I; z<@iQ9IS$h_jGnpI(Hr+1^TxT;wV%e$(o!hyK5_Rs7|jIaPLdt@cHJPVZadk&BQDae zeX+5#TfnYeoHXXo77~Wtt;Am~Pezl%^yRhm!HdhvF(Oo!)tqev|v?750yU^3{MOfR#f_;p3)C z{~f-KbLL%APt2z=P0>L=K)L^%w*>HUvT6_Ze9An&^>b|B?^egaz}z2I9OpGLVhXv( zdMAtx+-J_{w%iW)t(O}{O>59uK~hHX)g%ad7bgtd;^$d>TJXZK);r1gNb}s%!Wzwy z9L0HTU-UYTA;$txnNrU9VAcz*MAT2s^^k8A0^@z(qPSgEn-WJ%y@$|L2o zbMb;CS6M$@cTvU5@+&{(e-X1pwsObL|NMCB(Zn$1?OPk3V9TGu$K?TuBM&Z5!~~Ul z6s=I#8Z2J1;zW|b^Of_wfG_Hnw73E#b#9w;Ji9v}t#K?$eDNp&)h!$rE0#^d&d?Pk z=-_fclEqBAkp|&gJ6{XDPlhi9;VI;FbxrBv-8m4W6fX6-vXbLPZEA^SV)lgYgxVCW z2N>MlTD3mcuunW{!D#)HYWN1**r5mF=~$wX@dOMJm+dP-49=1%z>w8v z56`Usuri#wOfXzs%n=h;iD5NW#>o+`w%IN>5ctoJ#~C{9z32d)zVfR>Ib!h z(n%*9O#af?%AiavS*Aho_d{Cbpz6K2J+r zrxIcKfu*os!fdH}gHYoYgIn^FyGfV7<_o12rbCmvcjLIZHIKCXm9L}i&8=(*R zX(e!SP!2C4X%~Dlv{Rex~LXR%q9krus8Cpb1 z)a@vy$5NK(Ly(}%MT<|5GmNe-IWfyf1Xww?aFx&7omFVoyMIRpTO{*l31!&%DWnpr zdruG(uK?!7R~ru#5f_1=VZt>GPPQq>kg0Wcqje{K}j z*(r=XLu&h3M#yntNFc%soA!ycpz(loa5Trr`1?7o3T~OF&~*3gSMjZ@OvJk8>#Qh_ zmOM00sXDFfLDn3fJ|3r1v8fH|m@%K#peIzv07tVWQ0&9xj(AaENX$jRvn3dathnk?_*Pj<801zR#*~~a);(F#8_xGggIwoALRIi8cxp|7Ms*q z^%dtf-DOL)^LLACPZ!xpm}p7V)o)Ea4>po;JBd($9x7ms=^&mg6|Kp5DhG+05zOi4 zRkAhE0P$%Eq_z0LyRkcz&D@3+dmi)oR~W7>;;^hUF_PyQ)($brU9h?3ItW~VJo!^F z-1Mx0(TejCXTuor!;oo-A%JD5?3-wA)*?g^Vs4!v!M2C6iL`SXdRP~*g?oJ6;xTFH z)fs*&Po!HeVQK+O(ew>VEfPxSo{R70pg!s4C!D=^4uOi7k9(L};d6?3kvfWOr0O^h;!5&*o^u0dUB5kQ!qUMmN z<;SJv>yo0mp3s=!B^Gqmy!{R}Cbi)4gsVS(S_~%W?d1wJ!Ya-AM4QKlNz6q$UXl;5v^Q)eNuo zWPRojxI^2`8uRrHEI9_%?jLKkO1G1d(XcdJSdAR#T}s92hK}s2WIb}bFwLAEj>6D_ z7nGe6tlLfCbh8NjL-&$V&a{0~o##Og!|BhqartjXkMTLa=03Tt3i@>a>j$xPtAI1S zfx_Fz`wL(QI=AtdKEA1n6$pN<=zJ{#11HZ49N?a4QOnuj0g=Pg(j)^-kR?kK&Y&&0FpAC zBW3JSnBS4oVUl7D^4uNKe79tVBoN32;ZVE%wZJ)=pff7O-yKrTw9=-;pqF;&7Im7{ zWacGt3zZ>16LJ;)ycL$9XVyx7Odq00!pb8)e#4@!S;ZZFBY75~;k~7R>05u-`ZX*a z<}=vjVHQ=rQd6=hNfbmDF2$l6pPBbc@kTkX9Jz*}c8Ifl-qYTd(C_CHcCfIx>HCJx ztWq*=v1pvH(SkHjrUQ?9N5syQ0Tgi%_r2jAPFD3S#jr1HsnNEc9^kN?=W7CU_2FA9 zY`1xG`DYqI3kxO%5KTGGyV@e&Far_Pt6|h=fO-*&Dl_X}%pY+y1@~T8yOY=ouJpB? z*vCHH)xTn?D+fGR+qCjN=p5izS9rex1*d1rnYB;E{hyZg0P#??;p9vL?$P~OBN5ZKYz-S`3V9IPglthcv zww4e>vfk>J|3h&bssz8ZSth##Ih*7;rdYGR?X^6jrpe9YnWTG1jvD+r3B6aVgS`G# zd2sYO%KXyD*j#A+Za7frPTtqOG`x7OFjA;(rJa2j3503qg+jE2Vf18Xu%8F#qR7JQ zF9bx6jL4ZT0_~19H~xp^$CCH;06SgShE1#wF30C~j9}w1H>@*C2kD6Ii-OEWZX4xj z(}2)wumIjO=d>3Q#L*#1GOx1>n_F1#2sNl=3Y{^k0hH@n&c}?X;gc(VzMAcg|UaN&3|Ni4O7?7tr)$suKGuV>6C zJ~WEvO}fu%*Ny!r(At;c6f2jp@5HYa{K9Yg;MZ&10R=eG1% zyZC`;57;`Z5;8f%!VQBoXmNj`GlMID+S2K5xcc#i!(Bt(8H z-6Mae&DMMDs_2>~>Va>Nbz(_I)PQTsBvh(3HC0HN6w2;&+`B6rZm7$2<5jed8IKE- zD;8@kC44RpNQcKdRoX!zeQ}%EDqZFwpDg#aS?UqIQMK%i3j1cZ8?~Rh?mj@E%~=H6 zEaMbe5k|)jx|d#sWoi84D0Ph)82$%XiTdjgw(Rpry5&L+5aEH_c z;3=FA{V9(=`G>JdWsT^~S_YE=Z$>=9mlnnDq=$PII51NY|JrtT`c)|2pQgUiB^F zo`HpMF0kGAQ@T*c$!#(w22A0mln}t)k*D|SCa7T`C+WKb*loMc7m!K}LWmVtK~oqt z<0lVbpsR>E?qep=v)GaZVpKf}v_2Q?_EVJK)+PSJ4Z5(qITqDF^E6WU6OVIYkZ*uz zpIM?%g9)Czr|q{_$s}>m5gM}?M{J?MeUE+SNWl+G^wzzF@AW}wA`q%H6~EGiA(i4K8d5J1 z{;1M%uQB}u+O=nTo-a-1M`9Ev)qej%Mq))_8daVg43e>SyZAzia20w1Vkc#dX1WCTj_Gjf6ZZm*Xd|hkcG&6eFu@G~ z9A!~a@MbhjVyJ42fdPq|jUp6gf%2Y%m(DA{+Xp1|iB;Q)^GV4@m<`Z6P9RJcNF$SL&4PHB3iNcZ3w;p}QI@$T)stDnL?*S>5&Cyb>ajYW z!ew!j(kS5v(uxWnWHQWm&4*-6weUX4L^4QyMvnOPArIU8gdaMy6ys=xN!RaJx-2as zGOx!oO)Pc|DKO>^t&4B;nh?p8LzUIlHE8gdWF$_%Q-`3jkWBK#`^qHIDg@h;Gr8NL+=-T0Rj%U<9SgD&pAJW#2bers z2j^bjL6(5<1+2TRo0nb@xgP@B2={1$?ARaTRO0yP<{_aoXYlI)krqrCX z*=Fl?rJkKA@?0w}id^B;sGiy27B*7S{m&d~XOYhz^5a+jmiZM8 z5Y)+SYX-uE3wE@S$Xq%BUO8vBG)MIz=L84zxGH0AVdDduDUbo0Q`-QszCa@2(wr{z zE&-y;-$1>((GECem-SFpU-jl__&SoTJ3+%P_3dWO-nuR`14**qi(?4f{8sfgni}ND zyknUq7?6trPv#6mLar$8c4nS#Xnu9L>~n=iycLqwZ}9RDLM^>2qGxU+d*hqU7M}FJ zSa%!;_Z-Q*q%-VLp<7g&=e|tiK!m3aUWnLu3we!x>#jW?841|hVH{Jh8mmg0y&|3R znou?0>Q3@_oYhuSq|}O{0Cuwt$aI?@M%`qCdj*3ae8`8ng4kWDLJkA)a126=u+VGD z%BA<_bJceV2`0p1!B4%7T!r1EH~uEXS6^{ojsUWJsscugFEy&*@2LicX+7Bi5nz@O zkjPOhcChQP+ACenUgy5CXl=l+rnl90zRHF-8HF+oR!pT^o_2XfBD)WjGY0GYwKXVt zxLw@p@a+Cm@&_g@VQ*9quZETU!I*=4{cqU`3AvIHq6$*`aD|8^>$?d^aE!5qCj>xk zj;(%-ol(5zSC_KQ^5{qH*&rGlyeuezz5!RAdkc-eosT(|N`0^Rp-e%VO)Itf_@~pv zSZmzLe%O>ugd}dhdvX1?wW1CU#JBs(87;79QXSfhM3dpK-B`0R^W{0Glz*DSPHJ3&t3Q>2WU9*}Rm<9Z>_yZ5~qubnfX zi&b4N%)8rmGq{KR{piC)&#-XYE0*9Ezd~}(#;y7Jo6T>poq?JPd;AGeQ@X#YDGgbY zXn-ciPrHqi@Yw{(;9!M1SP74*1zr1oR{ND5A{n8nb4U|*x`*HjlKAr#ueexnuy*|tq|!AuEI|F?QrYBqo;u2Ksu~uPE`qYk zMgFu~R?Oqx0M)$2=pO@@BEf=9%ignl8hw|~|NW!=C3Em4Ft$+L2WJp$pv%8#d);4c20-uo;~bfXfKC1fe*1%zWia^>u2zu7d;)!$QQ)l4;! z_D1h3^pq5RTW{y`TT*%I`(QKkTY#~@DiJRbV2=Wpz96#03ynzIO`4^n0WZ)Bf?EsC z?j^j{a59pQX-9!^N#Yz{YwDgfPHh=(Y47QiFCt?cL~jhxCu>9tei~6eXUy^a3UvRc zUYlJnT3?FeQg3FfSm_kLTv7bQ414=>n1T|5l|jy)Qwg2a04T_Pw>p-A%kLXc+MWpHPI5@QLjc>pIYiilhF} zyq#+FTxWdmQ${*~&gCRNV9{|HnhK0xgw3@ZpuWDj4?V6^CD!Ko^&1EN$oG07HC`D_ zBGJeFz;I9fQh_$xwmHyvr2wwIC-s@^!0)xHVJy7m(ksmo%B1ZUbm>47+uk3Kqf24Y zi=mSx&5Eu*5v%HK6>A5^RTc$FYlO@bVAQ8`FR8G*pp_ki?PengR_S*{a#NCM=!z#d zk)r72dE#(TUrx3Qju9|(6;U6t4|#1jB6SJ;OfDd{ty~^!to%1gkuXIfO5dr37Pi84 z27qFIB3amXQRWW1Ve@{Ku~9I<47^Z#N;|b%?ai*0dVtXbO7#FU?kKbOKlLoXa_*pBvYO`AYunq*uPmYpAD@iIf-+2lbh%wkIFWR%1QDbMS zl(4{ydfdWqJnnef_gXOi{$~Q~10%)(-T<;dz@b_dq{a7UR0m=4h*?bdWvsivmJ_PF z68m@}la93`@~KuMzyX$e6)+v+x=~y&y4J0c56hKpK%JHk1l}U-yV;N(wDsB1b!p|% zFZcM;KMoC2dEHTwi3_h5dyAfaZDFO1d8iOh!IjG-PzsMsZp~wQoz@^l;#a-C{V>ba zksnV>48*pEB0P9bNpt!bXVsw;$6XLvmw$-CJJ{SW$Hlq}y*QzvWMCqL1&x6yLd=fI zGwqI*sJ)}Ft@aEe7_sDDA~mRZ4fng{r4^1EB$9g~T7o$~f1YWpfnbtH2{j1t>eC@N z`nC>oqvx7Xt%0;(E#_?7J#-f@)e3-YItH7S9R(QWM&D0xmWXWRoE z#%<`4*#4%;23%U*8u(rPrPlodw$x^uB+$Wl*Gpw!(04Twcn&!4WotzW2|2{GM5p!9 zvlcai`yEHdPBC3YU6*AmD>LR*$IW0i<RnGlvaFeEm| z2H#|c=hz!Fc7G#H@_l`MuuGE{z|W7FCnSF{W|DlO5h#v?umi+!Z@~AhOgMY}t*%W) z_OV2^bk`5ogWEj|B(ZPbpb~(mU@%hRx@^qMFhb`5K}K?{v!EW(>O-0wNgLz)qG`SL zlLCj2XJvC}JbR;w-34BA+IqH3t`RRjt8M4i@+V=tdp`T8k7G5fI+_-eC|%Y{KG~Le zEbKGAPFCi)U(>bbbSvq@8?{HW7{bF+`M5t(=^~{FfXD%ACUOezx{57Z6%Mo1U-$N~ zdSyn#=bG^wa76k55QMk3pxmc&>zx$cs$a??JzGuA&fT>?;mVMoE>Sg`Zgx%A}CeI*6rqm=qwU?CZEY zTvM$)=+Lak)Y}Jr=l5-R2I{F2F<;)E2~F$Nb6w6GCowHV)JBg$Mm@RiekR!-#SuP zn$z=Vc-t~!2e(&jL6%`f9qt=%we`XY!);-}*&N`mi#ksfHF{V+F`42EV-_gxy~Fyc z6B=Y|mLvJ%yFcs91--xDeO}Rc+M~6~5e38AA?sVjI~=3XHj5^yy`7Cq%nkz0z|R=C zd^~xbYHJ!2!1|sH;nI7478q0&+Ztb36RSz{{S}oD`Pte_fQOETG+czu>pD!7pS7!w zxf^TEMrB54lwNy5{fH{=={(E5L}bskB_aZ0Nnl;%fO>RbV{77%G_w+ruth2SWM1Nm z!R}+vH6`kPPtwox98W=Hlw>l6oX_a9x&ch10q>&z#E1~T&FOSMiJs&|wd%jxBOFY7 zG=7ck)cQ1?{h>gEG6-9WeDOVpZN-^-c#b2^#LiO9HQGccX*xuRJ4?TIvQ4@{8}TaLVZ z5Ux}m_pDXOQ5(HL3^>J%*Fv``9OV%3L+|<14|Is$x63Gdt%)D}{CmI+JeJ=d*EOG8 zKPmV)FzJX$v6cD`ZYNbm2beXh zrA0q(L)cYOG*_)V@}wjqPfFCck>-RGT#&`YMc=2UAl59$(3b}kaNmmB90KYhC5XK= zEii}Vy`K>w8B-UCun_*C54l}s@`A$O1wJhM2g{3QG9k6HK*C!Xl^Krh?Qhh&Kw)%1 z`kJqjPtwiT{0s#o)woqvwR3e;bqz`7P}imu6mG zVU?VP9#Znya;YSMfQ9QWV09#kzRWZdDd@w5P1>+Ctz|z%&H@D-;F#DQ=*sm$>K)-r zo@iu5OfcFGmTa4PGo82-_UjrUzB1z1n(jygj_yDYQIdq^X54sFj$5Q2%0!oc`cg|5 zB|3DSP>`yE`c<|1rlh$I_n(q<^iD@$er?`q{y)wl$bx5 zfLzgnzHkY#M<7Da(=F_wf>|38LxX^P-`U_;hgTx(f!$Vj0lX3|m{%feO8I}7TRA;| z^sQUj0yVFFbV!H|NH|UO@f6u#_R4_Vu;3ggY6=_G3D?p#GFn$aoJ6s1Gi1m=j z@~7b9um|yoR)o^sUNxKQKAYnl`CuJFN^e#ZC;Z$Lf|=-LVu(C@$!yby57l%Nx}M`zBPDUAy=mH-i45&V8wR`ePRfpN`dsMh+79sc~vOS z;Z85g0f3g6gnX!Z`SfY@#oeLjqElN0AjeWJh>A(u0#yIC<6mn{8&bWfnVvtnUe~k< zCZE<+p7B4Ypwe9OPLd0(=G^QG7{h!>*t?;27%k=zbinX2{*SNP#+FjWbB zn9!(2QH$L7*uS4f+(~k zz=;k;idk8VycRg1kENKxIj-hlm&^Dg@#Ay}5hq>KokZJ~2Cql^M0u^-$y#tJnm1Wk) z`BY5}ad92JuO9QmVgvF>lEid=FTgYVdP?Ft z&IqM$DC`s*KuR0%X9kP!zNdrKvi#c}=|@@DsepZPf8BDvGU-7Be~+F9zZe-7KK2(F zHH!{!w(h~uFdIZbt?slB0oBf+)5~iUdBe8m>d#w7FZcwR3)&i<=3a{tgAst`R!iYc z#QVQMy#G@t*L!BtEi4(PE%MIfFhY|kIL`s3Tjtp`<}cU|Rspe2XN_+XMilEq8Wjz%FgI$anxZ7K0bp!mRv&?v^Bid>43@Mp zp`JKdFm--OrKa_mFFJb4BT=u>@6Zk-$h7!JqodS+LE|m5AEFok$iQ=1*5Q-~C@wV9 zf=nZx>ddmjPIDI8ud#weSa+cYfx8hCk8+ESob}0drZB6|TZ&0<>n4ww#Jc3tlvS-z z5@C6>!9drYL#Aw+KPsx|_U+sji*9~XFwfy&a+z9JY9&CBu4ktF^XFje2n^Q0TiMC%EHkFLhRm3$`;&`x@+)?z4=XzFAx2tWH*lU zj=E9`otKci?C;|D;sOpQ#91fm+=jK{K^#-54p(2LK*-=ktkRY~8Q5Nu-I493v#`;Q zm+M$Y7a>Eb`phAm|1fY;vo%GE5!Oa^kM>~;C> zp2w1h!+mi`I25*l?`VroUiNiHt{w%Ri9Td^+NQ?zI+++F?%4rk#GQKOWaSxX;)O^g}xM3(EVVv$O zMxWUM-Nnl$D&pYV?Wr@6OtRm+vg3o=saAdfl(l_6J%EsH1R}x}vo8~%x_IZ>*WLTh z5bmf4&jV6VNQl(2jLQSR{Nb^-o7+|zlx@8VWoVF2a7l|n=WtyP?iXAw89N9nc_2}& z3&83hYCSYUBDLQCrB2Li;HP^51%cSa!+8~Ut}3@G{xK*y6#QWfsWe+X@ySy_4093D z;}Uo{@?bK_q$M!!A{j|W&^Dju`)d#RaUuC}%*K7+*pm_~hw24u`Bf5}(ZmNB#_Plm z$|Z!_QnbwO{Q;j12i>x+u59H&q^N92AwKqq-;&~m*92yUQAab(Dgb#mad0lHOA`!0 zE#$jR;6_nriWh_2yRpO}u1ojZ`;lH(z8fbs;d8#yBDa(j1QqMNi#Nm|L|6zRYLOf+ zMhK0~z?)pQjic_wfe?r*bqTbiD1ip($VZwuyi-Wh zy0kz1Yvv2xcvj`&+m=*fy9}ecpkzs5oabo9(07|iaOVEx38qmSQ28%HI&yYDsIooz zWkq<|Oi5(97M z82_s}8ZU(5n!?5VUnfvOI#PF5vwL@g-au3*j z7~0OZTn5mH@+AU|d_e8I2sfMO`9z70ahLV-1dgh#uB zpqQZe7~K>g=+7ucI>A7K%!~Pu{!hq;hdSGs1hnsss*XCGY6oH}t=&{b7B2RHED2@! zZoob;!4>;OFvIYztOCkt^Y&~$k7^B+tC!!kTZsUGBLnrU?!VNtcj(gf`abg_zBq<1 z5QbBn*g;{EXc$B=tnn-!PSJrP7w}V@r%wI?6L}YL8C<7{aY{_E+O=cF|KSy6`*`DD zs?kSfv-2!4azm%EH5mdA}keu%g$1G>lRTmg>M%u8;_c3bN=f zzZ+#%$+CjmXzuG&3U!rXVPZN(`q2&ssInSCz_|0+)d)i~dm(q5nFi(Lo}jw$ZjuZd za!#257FuQEyLTZ)s@L|Tb+a+#iKowj>qK|!TkvG>*LZS(Oo|H z+vz9Z#@v=>rJg#IVcNu~arQM~M}X43c15w~7};kJnr#jzAC|T2`^1s&Fx4*k==wu9B<<7&JdOu#*-C++80vip<%U@)nNLno z7H9s1jl@$~vJ%V{wcN>HG91$fA9a)cwZZ zgqZ;ONrDEE3Bbb%;W}V-h!l#w0m`n4L3o4n^5M$gH29?@$nit0`^0j{_T_KMrkYJ) z5kE=Vwvvx=)f6By|NqmSLG2x6rfbaxGB6n3@wc~3!bxuxsW!TjRLtL|?4kAuvU?W! z^OPnIBMGjbP|$4DWyJ@h7T(}gQTf#KUoDe z0bqArudIuY_qthoh_{$7w1(Bi`dw}a`H_%iX7Exr3(XJ`>U?xcz)EM1h!8&_-f}m8 zO-|eHFiK+`L4}>@t)r}PqGxP46m!=9Of+RiDRF73;jjpV>u6rQ^ZD_k_eYNtUY;r( ziD^zc{M4ZRHm~rlV%h3s0p*pi$|*nJ#^nrYN}k;2+c=}=R&?^l&8Dv^_YjBIaRB-B z{}b_Av(xe|3^wR+u1OI`Cmkj^!=hr`Ucaf;G<`^NslzjIopf1)<223%IpciX$z(_E z<=2_Ti=$J)&<0*vgy>*rc&tl5AiWO)6Ao(y)Wm99`7_J-qnF@Y28u=%*&2^KTv|ZO zhcvLcvxdATV!*R(K;CMv_s1iYde=UC`%cRjRIP*!xSsgZ2S(+C z&JG8gQ3pDraqXrc>xqo7<~f6Y>c63)`$UfTNE;s_sDG8vF!!l?&25-O4f`mzn_v4F z-jO-33!YP*%g1lfm}Dc1+v`FnMX|t-C7(;(L?5oR9(w?`<2X++AumTbll_?mP-FoF znNCwK!u7%)U@~t!t^*KJmuf#|V5eNO`C;Mp>ecmK*G}laY0L{jc%0rIXzC-wXvFght zKM_`yX;kgGbq^(R=#K2~?Npk#J^D>XTz!E8+d8KRMdmNKfZP74g`to+f-p1@gt3cB zmh65cU~S=XE|BFJae_5OJqQFLYjtFesEYeYAf*+3FfVa5ISB)mJ5wHRoni%iPGan2 z6k9>YIpGm0Q~_^sf#>lpQ^=}dc@$Wnyuxw$SzxZ(+)pXS8>#Lr8KXaLzPM>7ug1<2 zt`Rk^L92IM3ruN&QtE5a^%GyhnD+XCcDQK1OQUV`*~|-e(AVDDF&#-#WxX12kZpIO zevi}u)>6Q`){HRSUsaOduSa6)mev~gR~~sv%#MRVv^4<`=t}ozr&1-a zL%~Q3M>+#gJ_p!ZvySHFq-HWPXhptS%Yu?cej0;9lufZ;4$Ibf3d&06m)~u2)|V`G zu`8Cix5gWu3lvz;8Kg{4)s~OP(Lep($_VVBjQBzInT%bkujYiHh#>PC)P>^rhyjBa z3;{)eEWjA94`Gh`BO~HF^L*iAj=+djpa_bM%8Y~EDI1W3+FLn_uQV~|L$E<;UEeUkvTK_ z)Ii`Rq4=&{t`qD`E+feR$+JOuzfEOdh4DV55+_YlQNpUQFE`sa$CbM$9wAgzn!l z(iBkYh2TuzIm?gU)0J7nT$38WYa0!Y<-m%Vd`PVR%J=nWE3)HWU)T!Bn}v{GC&5H! z5}p&dPD)z{vJ#j3gbBuO3W7PgFPfuc6|UQJz3^pCxNb*t17B*aaL_&s%vXf##(cAP zn^`bmfmMkK0<+uFL(fW>_CqCFTtQMBE38TW@DC@MYR`zfg;GkkR0DhSsYWkMbE< zz%$3D|EI6x_eoCTC{HPy4;)0Io$qf-K%o6}@i&?`L^F4vo+SFzB^%lonQ!nEUiHJa z*>oy4O_`E{KT*7#$SsgswF=Q(?-hY1($Z@x{Ff2K;Gm9s_p;SZXu5!>oO;y@XKV`C ziqmCbVXZLW%7*C^K|+s&A90e9N6go5Kqzby^=Fg3-lI6TsofZ%BM7*+?%$vM)I1U{ zsuzf&%cXGieH%ezyYx`DVhQt>k%#PWbByxzH$?MPpw zYrqyPD4}}o+}bj_2{C3aP&YkZk>EI6$q!hk2vy7dL<0k}$4 z$}uq%EHsE{pPWDmro15>5h{>h_|HV1u%JB<+m3_ojZU|p1iuC_0Y6UY@#`Dtak8Lh z-=yj6{1-N_*_gWT?|mQVZV~WA=!OyONDvdM3XTMP=I2@ZaF=cdFm$KeX-?YH!kk5L zuM*guey`Gzg8;6+d!6MME*S!IvI91JT6foPgo2hIbI#7d->9T1dtUcjf#GmI$=!r{ zZ@jBV?Bpt;eR_-5feq3d4OPPO#g~@Ac9yxXg97v=uGdMY&quqUBeoPEPoFnq3*U?? z^Md>?zn&|yR$j%`zm}bJ#UCo4Q_^aqaTNL3Lf7Qx3F3j&p zS64iTh8`!@T@ct3j*@jggkIsMmf>e2V4?9Im2%P_|KYXX_k7laN38JL53$OHvXqEs z=0mNlbUwVSL`3Na3zDYMBd)Hy*DgGLHw+JY9cBJcQf~*k2~Ws&o4~HPetvmq`$X0~ zw=%)>!(E&-Hde2}Huo-yx~e>x{5A;HufI8#0QCmc7>tOu{oEKU80M?_h8~QMfpx{? z7NqbHb8MBuPL$36!XrP*rs$OJs(AVKju^`#>mFlD{r5J=5F*6`2{wq!N6oEr8THLhm3?P~L-c8m)$#e_O#p0eA_p!yW z!xBX2P+!Y_2(t>n;1?`v>izClZKvuj1S9#NB3qiNz)>Xn*99+D9#^3dWLO4^fF9?o2-$)T{)QRo)UKx}+tJSpBe6$i(A8|9z!!60=JN*Q5I-*ba!d5Xwr{l>Eyrt% zuepcRTMYy86t;NOBk75MxU}zclwDG4mWBx1bQRC=*Mu7iEUWCleKkyPTv=k>;yq(I zD2F+L$Rrg;#t2RfX5#e_3icBWt)(AKNT&zxl$Ysy`IU<(knG}N_TK>;a_W!AkeuyG zsMDY9zCblFHa2Fcwr>E#f9j8v4XKzw-ecL_FvHFvA5{Ol1_winYP282`d%79wf%Em zo+4N?^j9imKW2EYgfdHgfrJevYC=9nqPPp{4JOfS+JPK2tOXRuj6Ub4Uq?zC(q9n= z3r`$DJjZS!J{jjfFMsZXx3NQ78@50XY#s_ey~Jf|g#IC=qb=#Zt!kDQu>McU`Toeh z43Gfqj-1##?^DdaHu9iH>;pnH-J4*ni2ANafA(E@5GDD#6b#Id38P0@7#`4z50T8I z2gI>|dy)XmbRS zQU$8lm&D#eq#DRL{1JNd+4{%3QUDS#T%6_mq?V!Y!0C(?wj=?OTnQ@uHr6qeuK{rM zMUfLL62uK^^H6?m+l}bKfb0T+|8Gp9M4fS6A;9HqWe4&+qj03g4YW85z55WM`9&>K z=sRHC3qw9YH@5cmU%52+8u9rbQX#)LEYQa7>r2G!YW$o2<3A~q|9DQ0sYrZ(X>&K| zhMfJ8&=(+nScLhy^vXFVh9^~T=ZjlfMVin$floPOks|Gvr!T|QnD4Q%NSOI~$>+dh z^`W!@s}}ov1@^~314@9^*KjAvr6CeUo@<7-Tbtg0;6A2cH4WnvZWn(g;`NtT|0iBw!VESPU=meOp7Gt~F75@rDdzq@wSy06 z359E`Qbhm?dh5UlV1qg=JP>;5n2)j^QMN~!yt!pV-~!tSpZtdK|9r&f4H&e)$#>6boC@O(LQ@U zKBZ$%f=^qlMQ6PAUJf^`FTM)rvOneV>I|~)po#*>#+j(@ZvYsD$*qV1;1Q>25e~bE z{`M1avBcyGHBhW7^q0rQyfq{;uVe%IpPEc z$rBLrJ$q)f6KSJPOEk9xJn~qCjxlG2<2%S_!;V@@o`nZNIQ1X1^z@g$bAbJ!)gdsZ zoxWr!1qvXUO?V4Ncr@_Q&;QV$QXjB`_3Z*ffCNt-j^7n0GO%{6!g30d%foXkh&+?_357ToD z<@`V1-a4wvb?Y03#R3-HU5k(sq@-)nC`cM0NJy!mgn}sDAV{ZxfMB2^2uK)ogCJOx zbSX#+DD}-7_de%5=j?Ny^Nw%4?_YZ?_t;xl_jO-$&R@-XoeoVD9}dMweH%BtBU&Y} z3vMQdfl`N3kmxb+anDSs?oFy*duK+zcq?>MC-QCG8^!Y~)SrX4NUs(l(NVro1w25v za0su}(|5cfOjuA-6*r8=zXqDcljOHq(ja)PNVV9!Oq=+=mVV^hg{b8Ktz-QGTQ{il z6X(l)Hm_VpE#64q;R&3)1dAM4otp;ac1tPFYHV*gCD}yVa5dH9Uf)vXuf@Dm@gK2^GRe)nYrO7b#%xlA8%$@ zJukzZeB+%ObJU}7$rinhweg zbQlAwd1$RRr=*~&?%>qY(*TQ(VP z2@kBS@rE9LqOvMHuK{CtPONp;IB4m0GyUsTTp})gJe;-Yf)dP*-$`pLZI)C#_&6 zjVJw7J}g0t#V1Bj@ZcI0DPGexTqU4gOq%J+;6)tkq``>SL>}x&OqBTmP&4bm!d1hhoyTFP+IGLl=d zNwbV!?f1p#lY3w?#n^_%cf}J~PRg=*mgp;@6pE^~gkVcO>mOzyi}WtNy!I_uZ!g*) z5LGbOwJJ|ch*~Ui@+F1;!SftgzvVJqWlXFRj8_PzzdX{%k8#+Ohg7d1YgRL)om2f4 zcGuqnT6@H}l&Py?!Fo6|aaWIL4VapX@5E}}J}7zkc()VU0nY~yT*&Uzex2GBAdO!g z@^?`tiN{?b>4y)ZcL`9|n1o`Ws7nU|uvkPFNE&Q)W14|uY8`IaGa+L)$!)2LsOv;D zpp#1=jqeJ4f;7c8sp`X~XgWtpU$FT*bfrru{E{2FpUbYaWGnLlpa&fQIQbDI-q8Xw zQ@gU{O+ox+AQ1GeN?;UrqJAQdrI0Li`4ahX*+08o73CYSlyf3j^qybv(VeriSF5Zy z1V>p1A1cw*sz}8)i1{SDQhYbP8)==xjceFd1JUBnC1wi^lVNS9X| zF1G22=R&yB%A^~*_wm|exjF2;hU24=D^1Q7{(Kf*4`oFK#|6klA&JK$3B(B#qn|D5 znz7=W)DSk!QF?E{{ntaDI6Y&8jd!R!c1u=;kTgEAj%4K{q`>CoC&)T~(s#n4TEz<= zqk_ae(=VScwh~1=QvTo;dI*el;|~3kL)%Q7GmiU-Z99;jn;<*ltr6nGZKnCoO~&NZ zb{d!vE(9L+eSidjb*IMP_F^>2pvN*KN>_`)FZ7J0Nh=Vo){9(YM4H1%8at@oUP#k8 zWrhx-4b`BgALks0R{I@G>=kf=Aqkm9rTrKCYs~H!{Z9c;$+e6c^+LIHfK4 zV-q5JAE^v+>rw{?!}R)~dwH_>6ayyo@l@+=aSb}hOX>{^I_ZQ$u~ECxK2OR5j@eVL z(4ayQ%x6~%7V6N+w!M4!ctZ>}miF1$4~Ibdpc-{aSMnWreG7jspMmR&7W~$eT6#Zb zDI>}gSfy_vmT!}yv(mfWBJPGkp$;{aTfu=!k+-l44cnHMiY2fSne4~S=pL{Fq>0sR zsXHA;MZgSm9O!V*Q6|x|e6Z%#NTr{V=Ru9%_M*dS4MZ8uzzKGU<4aPEVpdNHsB?XX z2@o##SA?Xj>xhV<>Tdbi&A8CnbOh`k(4D5o3VH33sRb@AY2Z4>`O6I{#~&8n=^4L> zH@yXQrIkq6RC!Xc53ggTr`#}>BL2Zm()d2Si5@sRBQzMgeL9z;|M6*fw+E#WdVc#L zRC_>#7n&Z35+B~gm$DW)nI%#Bd@?^3?V_fa&Q&{T9iCnUS)mI-X0e18YiRFt2 zh(M>^N_?m^z}@xuhFDaW#FKiEgA@S%#cE_}X_@s$by3>`H^qfO50D*C!~N4^)Ja;& zyrrwBr}t6kY?V*DGA}+{%L}x+(i1M+KP|-9df}ouX&-8Sk{e6Pj|p+xAAv=g3~Yn} zjk^orvk`ckDVqj63y1?Am&7_J4KOang^(yo=&AwS%V!ZhXX97zxzHHPp@`mOt~Mwk zG`XQteT8X$R0qEPT@~63Tmj!3XWarWhottZ_zy+6)0fAMqIa%v5bDCGBKTn*>0mO_K*JixgnG$_$K`(kA*ll*a@|A;+>HmBG+FR%2|LzbUt9{{^jF1Y!%7h%QC`7c zNF1lO6xm~asMj4?!z}PsveQIH;|b|_zbQ;b@ww`c`)NRv<4V`7vNssfGrl)SB%1HH zQ$aN;2p0g!))xiRc=%+YgW@wvz@=~H*c^eD^62?;1AG&I=1jO}6*D4ELS1C;Q*&&k zs20SPIz_C(|Jld?;CxMX{qy-U2~4h@3_}%kJ@1N06r^@@Jv3^D9A7 zxW-6}yj?ptH~oilkZ#YHa`Usy1(xrVm43`RYTH{U>Xtqk2ToP`^((+vcnjUow2!_T z#)$oR*dQxh!3^_xE$*O0kUHoPI8C7P*y$2yKv#DUX$!h7;Lm>^G;y&~K3-kNV61UP z*|Jkt)$rP0MC*2*ehRGt=X>L{n%$u{K9wJyowK-g>z0WO#dewJ{Asnin~?o=Ekja+ zD4+mOC`5cMSCAAv%+|g|FNnL<&AAr}nX+b5UU1vNMgRI;n7uld`eo@GwtLwZTtNzm z$m%a{?+QB1b|PJa#jV{=|Cy>BWP6prJB&%4^0QfG`>o`~4)+3(6%ErM^8Ju%TfyJ8 z+Hz7JpEO?BsnHs~FkLK1&=0oCZ~U-?S@$-pmhe02^Eb-$XIyQSbQDVc_YCk8bG%lb zpMv6^e`=#LYGa_Mp;B5UV%ssHY2%$rl#=gulN{-&NMb+dpg=-|YmOjp^(~JJ6?7*G zC|hWf9h$TQ%dgHF41kxAh!}*Hy4E7Ft-;#7t}tX2L=qy6;IW6mK`30KY8Bf;qn$xqlER=5at%|kQm@4=IaxcDC* z5X(P5ps2ly@^#`BX{;ld+9d&N9e8dRaVrW6$00Chj<7A5<_G6}es=CKFasZbm=@S} z$QvW5&eY<8Laaqc4=SUhMcw#Dof^tA7P6HfCc}|xfjmkSb^lBVb zs`qOqfB`SWD+FUGGxZui7WU}@(u0`-<8_)H#ivM&8xx+uj#bOSL6p?~#Y49WIYca};u>C)9NitWrnu z#S5Stw(^5t(URfQYV+L%wp!r|R=fd1l?U4ZTr7ZuDoMcce}ZrFepQv(aw0p=J%~Fn z2_avmb?HbJLbXyI8KkD>el%A{Kt*rKholxVh~=@PPfQ*%hux3TW*33}M@Ic30t4Qu zYKTED9|j-Ig%aA1I<71^UhNp81e15T0i*-5u$Qtp0`siW+yB&qNZ9>tg7WgK6h(RH`8?x8*W* zhzWHE3g)c`kV`uXxwPrCm5IEAxflxpU+sgv0_UjK#OR<`{E>bcpcg*qPTto)5YIdY z=K3zf=jKR7ytE;>JA!M>Pf= zd=s^dBt__e$I@}>fmFk$SX+|)iXMU*xt6r+AB_W(uk&}Bhy2`AahlUOrN158keqaT zi~TO$Lf+x~e(L!h?cp)`Z6q7-Qud-KVW<08(#1+XH>A zAoHm;pkzOJfa%CK+m>Ydr7pk?xt2c^kXmx#zj;-0kSpAQA2hE>o2o+G1WFkro$}VQ z0J!;HyroiJkM9Prtg(2#tN4{+IgY9VVEtdZVsf?W+DHVla(g!Fzn49SawhZWmjyq} zW0zrurpIbIQK?bwJkvEMSeN3aj_jL&^ae7bs0I-)2xj@D28K?t(8~jWbntAa?RIgi zG$_;4E>?<*TUMCx|61%;*$JBlhtgaPjV!1N)Vh9p)nCOyVOJc)+$ z$iowv4|2u@Lng`cg=Ag&jlkklFl`0yWd%Aq(mhB${8l(VAn7VjXBU8gleSrM6`vG~-w(}8tAI7sx?E146n|LmaM zeWv%2^5y#YD74Rf>G&)JX|O-_OlBxcJRY!R$dQcm z1ZQU?BCwV`lfND^xY}Zn0bJrP!KU_dEm+I6CxzS$DHDpTWh1C&;6WjuEK) zh|_ri1)6nkRtR_elB9n|DBkF(K+r_*nesTD7QxT-DiLV}69YPftx_S$&Xj;#;jb+4 zexJ-x>yVB>6?ovb5}?An9*ozEn)PJy!HUtIa&Fj-Al~`X&Li(LqOiijxorh2hPTtc z?7y%;v`h?awx@aI%HzkTZh{+T8dfPK$X}glLzbDz!>+6or+-2qdGSwb+%8h4U{%+X z(oxQU9e2+x+tYlJ=~rH_XlEyou!)$LYTmsu!;-CB2%M9{jfQ7q!3>AEby+SqksA%@ z`x-rBJ@>kxF~_~&bWyqYbjx#M0V=faGo8o6=sxO`=g}pIAE04T?hEmn2S@AOCwM0x zDyBDgbV=t!Gno==pVs_st>yysU?mir;+=(mMrHZ5S-qGbp4k-~vAsTi3R2295>$vg*=u450d>E5Q5?Rp!nNG_c0g1#bK)YfwrNpH@U<}8Y!f-a{!?>f2$ z!>45UO4s$xkJLJd4EqXvj36kFyo`&^c$Pq&poBV+ZdWIRiI;Kd&)r>s>pAC?o&Dp0 zAdDYyJ-@7`??oT!czi+l367nfQk7xxjOkC^uRdNjnA2)drPB~>F1Yvt)KY~iGEG(Q zhv8=ATMA=2L3MMGJ8rU1c3v8mR1`|EF_SZrtT3kEN1`2}XRc_2H-8!k-9(^A`1(0E zUq>z>luwHnf>13-)SrJY>S*6ocQk_Y=A#PRpR3azU@n^%`AkCS@Ra~s9+X93v&q;* zrSU}=s6yr`LZ7l*(~s7*O(EGrA6W>A8Na<64`=H#yhC*_CqGW*Y-h78%;tTgu*Aig0b4KR=x8C_ z$$XyBQ|nk&P%D93h4s_So6FcU1LbqZgB+EY$Em~K_r}z5RPGjc>`nAHMmu0wm~$Dj z`Lqd}F?W4Q*t0ph&37cQQVNPzQun0DX2zs>b$JJGzH}xEtLydlaE1$ii(0TCFdgzf zoNYQ0XBul#)Y zBpX$5Ep$r}XdBmqnQw?48s00XSJYXg7}b^m6XKGGK0c)ppg_-!yfJ+(@Q3e2;(J{;<5d8MXo-0S_S@N;fA0K7XdU^AV{Ra zvpw!A*A6h>OzA*s2Pwt#VBAANl2{SB&oL#!$43N*R@Jyki*5~h$VA`LZ}1PXqoPuS zwoSK@{x%+a*H}x!-F)}PPyAS^k8^i>^=|7>uDNyfMl3A6bq6Fd8N}$F;u|@yU7cF&F!8h$?;nIkP9)*HwD#wvRHo!TI2~!yh?& z?#%U+Rw_Eu-vLUF5idu`F^($p-7HT=jkJr((D!#aymd4+ap3JZ!z}crV%WE%b+7r& zi~iaLyI3EVVMDc0#E>!{=sHlY{oof9xf$^|&teGJNNM%P&zmW-a0xB3G}2CbL3u^+ ziN`cfYt5r3?!_Ac1icjJr9lXH1OZ0(0@Ep*jO%KH2Od%>%;lDvk-NbDI!C<*A4uCk z?}{&f$GL#2O!j-R{Sxb4<7Ku`ZC#s9Sgi8R$6kqeXId=4xSr0@L_IhFL-012JuNlGU*BB=o`~IE<{?$jgVEtp{2W-H6AnMCQrGFm zuL5zm4zMMM?OI}JFezAULz^7tL+eu=WV?kWNaz&4$g(>=utdK=($c_tbyyx0#8Xg< zlN3t3Ty&6<#xw$bSz1y?a7hj|*1?C5Lq!m6SUES35pRfo2?MQG5BnPXOn(R_6uKf} z0uKA$j0|>L?aiY@9vQlLv!afqnk6iRTv09!zW4Bi$nQ@Ly^~1FBC9=wfOOZ;4RQz6 zRG$+*V*NT=We-Mr1-4ZvDA%TjL8fdCj*tf-F=HxJL1Octi__p{w-hgHh2XGzJg3oh z*gy{6^_S_pKrCLqK^Q2K~gm(_xi!%Vqay%PsU+g!hj1& z0baCl6r+yXx;&YRP>*ukX?|S*v_3`gWo^R3?s(X-;P{a_I1*Q=ihhK$z>FuR*#5^rht&^>rK(&<1=fQ})HD7UQ@%mnSGZAB9X8 z8;?V!*0(dGw$fF@=5Y8STW5==76%EJ;YUMpn_=R0P7$A$#w`au<3L*g2 z+v&VxOhL8YG!SETz>$_-iqZcemVOF9sJCQNi|HJnj7w+KtGL27SJ^v2Q2mORC|(VAWQNt00WQW+sSnU=aoYZkie0Y9O95c%@b8;Ec}7*yYQIcn-S6NlWR@oEQH+{XiWv)fRBph+XW@B*M1CU4IE z7^~46_4hl)9(u77nfqk*yuS`2RS<+!_s_n#R0=zVG5`&-B6oWq-5X027;0?2j3Ugp z_lNr7K=qTEq zZ$K}(@u2=Esm{@Ep>9B0cnNipD~TSvz@}XzO;a<)Mr+2&O(2Qa0Q=pe*$Cbyf(%bSc_LL=v`B% zfci{R7tG?!t=X|b-l%3kk0rcFzo&p80|!KvmQ&oA@|I?TxU(9D>I#@fBU{=3KWQIGsIzTfDBh@hRy z25y{_A=JHbSw-e9^jEFuPp-p{MFpQ(I2HHj>K3O(is2+X?e|iBV`c-nh(b^{b)TS@ zm{YFK_%c1ZzdL##G;Dn!O#5ds=~#qAQ`KGnn=jY)Jfj7?|Ee0lE!oukET z0ksKoUE2%QUx;R3-w1H+rl}OQxm*a+m%_QJJ=rb4ceAE}$vzf*&iLPxVs5F9)~m$i zFSl||Tc~d*3ru`=>JFSrQ|@PlDzScWN$ClBz0~o^fJq=RnvGVnn)5ifR(24v_Hnaq_ z(bC24C66{MJ8Kup?Z2>>IUyI5| z98?=;W`yYK9q7qcJmZw4(GA)8XIZ5$(Z7t>CqXxyhRr@V8ED7Y5o^x1PrpiTkU1!B zh%Jh??>TU-0e7j(C}M`4bCMunX&N2Shl&GN)Pr53oipGJOaS4ba^~Ca`BI>MoY$VO zz`G{TPt6oS7F^H0uJ#fJ%w}?w-Ll;$wc#>rDATM*_rSh3SN9yTl#Ja`a_VNUS0DGCgVseVo(Lx+ssAqg>tn3gE(R^ z!<{1a?=ha3zhON6KX&g1b0vJ1)iVv8%G4?y;v_|vcFLN6ZFz{pH<45*tVP6z)8O~` zbemf6f;O*Vw)1E)GT#)E4Y>@K9}7c2s=U55!uph1#x>6cX(A5|KohwK9?JHK=I9r3 z%#g^)_x#@NkCGp2>s-S!-dDJe9)T>c63c77S~72=v^YuQ&)YgK^1(4l{RaWk>|~%A zGajRQE*t~CuB=-%yz*4_gfj*O@9v$8Om)_o%o$&jlEPky8NJ~aHZ0F&p6BdXU-V;ba zT#k3KBj)EF*QsUv`W?$2Qxqak8Ha1?f03tj|AjoIZ#Cu6uXAYz9M{?ddPxwL!CYlF z7ck2oe_)n0>DDHt#W}UpsTKuLdjD*RVa2QwcRge#OhJ%a0vOxE{zrEM=?JIY7Nud@ zC)7p4haXEIFNA-RfMF^?ZzRF_0ie9q{5D(qGU+Y@5PD8TwpZadT)h=ogjZ-ZDUVfY z@N)*rP!o8s+n>B zJEz(~g2;MiV5;~(koEl4_hynu)HD~X@C%*}@4LGvHQ-j)_!7-w~pAGyHPU1GjMA3r6sJL>vJskObJ{q9cq=0)mPGEN&Krrl2%U zLWnz%;y2nKesmdzC|QARrUV2Agg_jIJy7q9!nNo4i6WtWZyFpENuc?*9#R6&9V{w5 z_h~36jsb*rai{GvLFD7hE$%Z?Gq1nInSEdTHcxg+YnRBS)T)QLhD3szt@HA)ybuAY zXlyk?W;}WS|4MftiRHiAN=B%gVV6O5$QU~|a{QpS9NqBd49B|&=#m02#*rv0QBsH+ zV=8tx58Oo}kRFqYT;E`jWaPI{yW9wMMSh?*QpCE(5?KuwHVQ%TUt!hb!8b!##%0UM zR{(V$%Kg{Ge>xPSm;zS!)IG-0rw*e~YZeBYMFo)S#r>b4gTK07Xc3i9mlnQBymrhd zXdkHTK!WHhuoizDl%pC7ZGR!?y_PjlW@iAU+4}(GK?oG!J+8xRnJl0B(})%k9@-xe zU3PI!iJ-x014lps$YnjC(EfQo>{|FS@!0goXNvD4&4q0#!v`7U)kxZnZi5AF(?AKC zY$3kUHLYItfok;r zO7#Wl(b3u9n_CJObC#c4y0*`{eQwJCsI#p(IepW)#kh)}vq)u7fK}`>bZAp|H&5I-n$U8aEzLd9)CuaU!k`26hXoJ=gX%@m9{B(oxfD3VbL%s0 z(W+8!?*jl9j0vf-Fq{puTsK1YSHuiUGxVjxiBu6i@|bz;@zKF z04jYTRnYq5ot%7$uKxf9u>cO92VhcR?Wc`~5H7%ALyV{R&Bh%OtJh}Z8jmpb=POM4 zx0#ZEAWg^aWe}uIH;{>Sd9AIL`ob67=i+h{a7!oj@49`7aq@H?$*9KRJXZ#<%Ukt?Tx78U0*hQDX+H z&U0XL)z4Nq)rpgLn}}hSP}e$sq{<|4D%j)WJdA*M^ZpwN=>Gs3F!8BHX8EI@%KY2; zU!1iFx8hI*sH2x|ox6v_5@w0){(eCSUV|CnNB)(eiW49#6M!>z>m&}CV%x+1kmlq7 z9PP`W(5Z`nUIml+0$YI$elhM#)+PILOP`(&Tvwg@_PX=he(8gvs(8jdq$R(-6PKW36zPKh;*d&EKL(ij>6CvHycJ}h8Kl`SXG+o7z`|-Lduu|yr@>=PL{9YK_zu+ywb&A4QTDJjHd@c zkyELRP%(6yAZ`;aD@IUC#`AyC$^5=*7y#yGKL$BKSx?WsI!&nR{qr(fcWV*UX2XZs zzj6EhT2BB(>jrG0n*uSw0Yt{>KW8g6INy&fWV&?=(SA?M-dw+sq3ly3VpVRYeNO5) zrQ8@EgQV?L4fOF=1dogjp#Dt%DG2~`Fcva&OFxA$opiH8*2J7$1Rc`TZjI!59?)L> zcTf3`j^OW4*&z?zv}FVRuWw24D;Xo~SnP|!1KpIQW`n4Nh7ytGV2$4^cCUV04|tdn zom-QqGZGkOQ`~Y4vM`uAS}yb=6=76 zY^*R*;(_lx4Hk$zaH%_uUJx}a!66a0 zZwLmHNs0WLyF$`~s7Y?XJ^X;6UOgRIGIIN^pz0&M#oAOc>m#s+v-fhsCam{JN-|J5 zrlsc{djqml?Sbt6_6pe&`ry1W;_wIaR6=+s+w&2g*L` zzf|@y2b>f?BZAh&w4JMQsb1W?nshe_EFF*Z1J{9_`5L|Qr#^rS_W3|J5lhY@skyft zq55d6O|Dejl-8;MG7yU-Aspx8herwBk)g&O;;WP$_4?Z0RiTZY$z%`v5wQ(KM}Fv4 zH9lhX?8U|R+Cx8}wfMS$0NPC5BLC=B`HxeI)8D2Po6nm*=cRdysZImLNPM`;nE>jV zS>_$2Mds7s8>aQ63ngSG{{}&)$?%92EnB!MJIZlb{b^uNlfY#C^+9?yXNZ2Y5Wje%Kf+aqCVo zzH6Z6>V%|{d-+p4>km~^Ab0+=eah(m-sT-D{13?By7TQ!t?)KQtSBZy{4i|?vIxX8 zRLLbU?UY-tZNZ7x-qCm58krDUKmX@ZkkK8lXhR4s$GpE=s+HVp4{f@+^TKCpyI$WFWG|-?^8qc>R<4SblQy#UNbz%TaJGsbP6(9VMQx zbcPqUen#5fO8wz&rmlFRJf2@s2wB{%w5Bhh-3E7e1~amct?=Bd3QGI5@0%h9ScfWF zXsF1On?V%cbPJb-)~$MQ1WNPhR~|2JL0p4!BOr{@rwNGh9F2Szp0}cTcwTSA&+v?r zZwM62$|~Y*B1CZ<5aracvI^y+4dj1^z!DRE^vbXqF)cfYGiwOmz~Pv_Ub~%b3Dm8y zwz@VsyCQ7vtA@ZX!VnXCMbLd+ZU{3~Aw1$gl!y#j?g5}&mE1n7y}fmrn>7AkG`xQ$ z4C;CHV-6*U{o`3-m?$_9 zuLbM4nq28cHSJoRwU1g&SBB$}s5@CnbtE0zm;WLiqW@lMiV=>)3O^zSQ(+|0{Kbbl0gdK2XZ}G5q0F`A}~A-uPTUI3mc7%&&N! z>4)&8urL94wEIt)9)epU=|%r(xFtsaRR7fQ40G8M-Ge>xe3*D-wqy{2%|JRQ&_T3l z-Si)rCGj&wXAk9T-xl@}2sXcMWZ*VtZoe}$y7$1H1L0#j^>5=lNdz`PM2P^RSV;xt zJlihE^m!Zep&+|XVUp@#ACK~8Vl}A|D&BDpfusPmpxa6he?4QbiW;kbQR}Y!u$c2n z7x334L>Z2zZ}oxKOMIhSpmC?4aj;b*AALs?-vp2742*KCw-9aMSZtG3;8C9qmux>l zIa3<;GgY`8?}?~ybEMsY=)8ALQFIOvzNEmhnV`d2`2H%}BhY2M>W*9o>V?Enk2G}~ zZr?{zl1fFIkZ{O; z%!QFej>oU=x7x>>rVChZU?jZ>D`gtglmg*&@Fn?Ye~wv?F}YmttSzii7yx&Jn?#50 zH^$Wiug7vGV)yxF#wW6pb?)r1kS$i~kXd_jqhP$7k%kg<9`5e$CR>o~Q)tr@L_plZ9l<`aXS4cR zn>1cYmO2xp^<&aOawPFF+z3IL0XY@H0CjazGK=Gg1Dd_OuSaD>Q;!C2a#MHW0_}G; zna%J5(yIm2kqHzDk)3{!c|~}eHRMBTa`J@%Bo8Om4&A)PiQ?-j`0(7WwN%OWj2lHv z;#gd8RR?(_+acEnm0+KGuPJqgb5YTq(k7mMizj1;2lrczBZ2>`%E~P_Z}pnTe#S=o z8w!&bb^XK>_AMj#c~UY*FXRlnQCS>bTyqaV){-ZidtbTV)W`*=#RG>}gG%I|Ghty3 zm{FJ}^9oV@gf|Ug9yR+JWJ&}{p0Wq*Qb>M-@qtw**A$jO7&wPfq^73eQn7R`6~D=) zJyCx_&P`u!*uJB=8U5bB(cSZtxl?=2-nu|G?Q2+pd5KD{acmgYH@(X0q7U5-Y}C_bj--NFzQ{$_=^3Lz1{rX3ZHKq#TNj67&??!y2IDAPf^k^Y_2 zPoWPXy34*qw4V_?nCRM}-(Vj54ymG_HibY|nu@H-jG~eJQj6YxCAYz08x!v1h(25Q zx#4fN+=UxU&fz1<3QM=y1p5GD4is>V@*(9D86VxaQO9)o!kvJ2v~FbC9I%%Ibwu6) zXnfj5uCYqBr;UFhJj#<9_8F_;BB;N!-X+!32KDMbBs&FXBx%R8n|oQ8LgEtxcKj8P z7iQh61cTOOC*Cb8u)`qnab=scJ++8~qjQe$nzGzmDiX~ajEI(b0K_1WgMOLUqMq{+}HM+e?N;G-`zLeu_~N1(i3 z3yeI3(~m!^fuB_4KLT%E{r?QStyk8N#*aWmJckV$#nTlT6WZ(MZXMHmE#x9-*jAyj zo+oc{Y-)OV_vY~sEl6Za@#1@8V_t#S_7gjMe36DF^T26vTe(Sz8av+1N@T78J8XCv z;*n;ygQh7`gG|?P>S3aki1_L94Njsyt_^>0|vlYL>iCKUJ%ho z(>2qS3lXK_ba*;t#9Kkh+d`vI;HLJQ`eH6SmD!=AI5o(OMCv&YBf)2$CNBgcs6=*kz{+qv;_Mq>Yw%R`CC)PidVC6$!=|GQ{*8XC zpj~yft7yAn1m4kv=gpD?2>R)Tpr1|9l2~^xI3s?muz&BjYBqq8<>#0JyOH-X#PrAE zC$`0Q#fw`rIG%feOhPVHyjk|a_7T-De8EA+R{-M^7G*lmFC}SMGUD12oyVxI3n*t(cf5@lPhy-%{pi!sayW=6p+PJi^t9SW8#-%Vvh#w z`TksPq?)c6y7IoKeb2V``0?XM@m@eMF*3z{yYRBTqG&-e*;ejU#fhIwG#5gYFm>+P z%=+K%Y}GiCyUnf@DQqk zyr&X$%Clid?g#TFUTK9MS?$q=z2+jC$&p$mP*<~3lh?~?Dni%nc|H(2jOF^=+97aG z-6}*f2L-kh3{%E9=wq)BTi6+?@FNH;;%}ee!~KF)PE)Yg z+)6Mp>sA1d`b+UybGkf<1S|CQeR6RCPk!Ac)YOa|ufs_&o1F&_k#KN0mShM92DACc z#`)p7i%eGDYQB=~Q> z8a;HGXK{PPckRSa`1jJfgcH2z5)j^8*AzdITps682-(QBf&> zk($iq_Xg#0IbIS)aCgR!C4#cW8WS3|PqGL!%-`JO6i$LDd}MVZ7sbY-l$IzQeqy%q z+(8J2oD))t5A39hUTtB{M6t?ieO)yLThj%0{QfetoInZNhl6ohvj*K{qxl8yAc3yH zqac(phY~dG(J4w&S7M03a$w$Z#_K|OEM$wi_`JLN19~nujs~fl$)Vr5QO9NUt|oi9 zR5U9SXU&i^zsPe+YaO0lIh4bpnrS(+M_up4%#k9*9s~}wHlUTIajSr|f3T@_li$3Y z0yl8~OOVgpy)WLUFvuZ5gTI|tqH}DfBKqon@Z?*}-eAS$!_>krj}OdQi(AaVlDxuK zc-#t(p63S*>xPRTybK^AN?+<}m;U{Rs;^eQyYm$Y-{iYAmHj$@wi@w^7wie@<{I9NM;2slzQ|K=v=mN*ceseeuIB7>avMBz*kw8@*5%N z`sa`YCsZq9B#n>FnCnUpK@jO+^dBZUWQ3mvECk%hFlc&ia{4Z-)jz5N5S(=JnF~PT z;x|>Ts<1|1rXN*3;NIVARlW8CQc`CQJL#cY#;CS?ro!>OC#{Mh;ip^M#;eR}@6&l- zQgZ!B$9x!_j$=nc1D)F9xf2L=wPVbIhq=IT#(f_25&DGp=hk|!NZq^15dAiK0b!kl zx_8MOdAuPEnEoa>VeT8|sC1LZ-`+#)s>z5KU=#oR<3>uwu7SNN4Xxz_k565`CG0F*-m4$f@F$ zXCA#O&vbQ)1-g62doNb^sBKp{ao*Q%G1knR_O}>pRbCU6HVLE;W2^-A>vGhAi%wAp zN7@(JtAM11xIkt3ZvTJoU&EbT2UDaj1UyewO~xhx&Yl5@zzE+FatuiiN9s6|@&M!N zA;kB9jFkAq?77$Pr!n%Z(VqBfDu3S zW^{j)se!!K5_k4@BhHh67H~30odC1eaw;%hBX{@@Q^06-*o>^y2qC_oBE)yp8l*~` z9vGDzbW$bb`pm2|{x^qkt2BV~<*=p}Owr*7-{KxnOF~jJ&NT^*#OSrF%7)0>z!eS& zD+h|Ae_y-PpZ~7ie0ZqBzniPiq|RMGr{MYSzSutEW`V$lc(`xomCpeecOSNV`Z!&G zoF~O;dvp*sJ+*^q>M-KRxx(b4i24j?^pd*-8;DocR>Nu$K{DGx7D8{o9e*_;86&1j zEilwy;&?|mfXcf_EXY&P7J?1=>Gu{FJNIJh&<`k9II+Q~~q{=gi*an>^3$AqE%W}fvoI!wofuSM_Ze8*NDbNlgWNf+s zmWCa15F2iIN&ZIz-rvPpe;V+3ajWuJA~h~>>1TsoWO$xMToBjSC@iy&9JEWn51J2# z3@aWeMkGZd4G^yh{s0*1F4lqF%^q6az7ksv1}s8szy#BeOfXU{)d8>><;+y4SnbKV zGv_>0ZtYo`W7&4ed;`5odS{w)fy0BnH6wfzGPNsm~{MRhVyV41%8hFdu)C;QkkavsY^B&>0vgfyx zLPA0bK-IO2LEIf_*)hlWtOMVy5ij%)hZh%m)wko22+ymstB>I>S?#by$~+Ldi226i z!z-QHH)WDcU#00j8}gMky%UNOhX~I9wE)32R0%o^$!l}(+SKp5kf8g%Hv{S{3Wnf3(ud+#>3qxo zc#)pLv0$Xe!peDI93W=34^729R{EOy$YzVR&)=#-N$qg8zQnR z$^#m)o377c73~`$B+qAABvE9%<~m$`r8m|b3$1Hwa7vaB4LH8g?+GUdRZ;LMQ6U@Q zx+i1=aV85pOu^u!j0j9_JaHk1y}{7b6TZmzHY+nugRN|)e3vnkf{Eu>W}u5b_yo}5 z^JP6K=5ZuQvm=uOqDYE}`NOB5zGJ#l^=^!cCyItwTNm8P+2z4V_|6kc5_lak|CM_k z5_J9u5a}IFP2IyH_TD9JO0K^SmC~|P1=tp8hKSbTo~o-66tX}CUAtWO^hEj_Bx4H9 zjwq(dM1=adX1UF@<%7kkySYLcMw}Z4<4#WkGJvr_mKHtFQWMR_2WP2HWG%E^@wl7t zHQ#q!hro$8NMO!$XY?)xy`M7&Chs+dWYZd1wb1?P*65h2ntltc#VqW>qo#ul*0SJj zLUP7v77A_=6rm04=8xyi12*AIS@aQclE7PI3|AnGDXt$WGUF z>RBiZ4x#^X^!u}XtnmLi`oUpe^oEP)s>oU%A0p%U9l6os4~|NNw3%Drr^cpG?dY93 zTY*M>{kDrtRzL)#fLioI9gns~oZfj*1N6Cnw?+nUL}drGgWezA%fT01zi=^Ki{djG zTDbLCT{>vovG;kKMgb1f#VQ{}Z-i#VEY|M(ADDRneNKe9&rWE_gh97mk>%DvLc#*B zYb@wrk`SH{p{(j>5n~P1Y+(o%`0QJy^J?af^U*7I3;oX(UiE=aGu_CbLIo}f(bBLp zN07VI^x*FN0e5FKUq#Huv8nMPffnPfzvp&PAnx=VZni!9{uzXKy zYpgVcV)m9N>U*9a?TxJsfSyN18aCkPE8wN(-xDw+LW)`Jr!!B@xWT1QA9E*!X;oJ* zRm5256Cf{3Q->G`bz@`BHD7{T0DD*TU!;7%IZ{)r~hATZR&1l{Dwo06J(DV{Qv zB`izdD2-|xGlS864Au_wk_@Wv!c#K2J;6&)LBXVO*noSAtVhdu;WhH9|Tfewa@bwwhUv;J0&P3VR#LMy+JS9nX{b72F*ANy_`f`9JJmJ#$&qdDbDL9{z~8W#;i4 zm5v@ z#MY*G<&^EIR_6fQfh3>FR6JkF^b>+Pw1ZvHqmPB-xX;;*8`_i#h{G$s-Gu<+I255i zR=+NyI-r^Mb3QU*84%Ri5bzXv zAbzNV+w<4lYh!dsag)OEZZjRoA=q>ep41Pq+8q&Py_%#EE1o*^*IO5)1*y*~_2@LiXM`tT3@~Anzs|%;R-d-4aE#EUcXO;ou zH&z=7`Fz*PV;kjDP(|2ezb0O?LSTPSxoS30`DdvN-O$=X@d7iHjhiaixTGYF#wvP}Vjr%<@fy)F)x1;Ob#jU+p zc1+CPnjJU|W(L8dT6i6qADEtfc>FoLO$ej-+3Vr2ScNmI=g5;N@N+1@5qx65A56p5 z3S|E@7P9f6zSwObXSA!Fjed!T)ttVgA4`;S?wiBBV-WuqoZhZ|!EX?O5 zs`2>>?xn6v#%O0%+YJ&AB)9&)$&GG-8eA0EGcm{}8}3@J$4GmBSnNm!7q|QTiRWM* z+q?52%c1ypk4|2adInd(Sj&?C^~?3;B@ZKCj7ud*6JFqcLrkZ(!XH_!+9>>heFHdj zEI(ob)Y0JR_xj5eOi1ZpLQQmST~s7u&6|E7lwYyd%zQ)pcR>UKaE(%gRe9rU+V7-Q zR6K)+zl~1NU&s1#+!Oe1K~1WHqb$7RRc-MS-o$&pUq8Z%COYgvHqH`A&iXyWi(tf~mn9knm=si1hW+l&%5yp2SI6=PML;GEvy33~5h!Rb>;Ra_3Ect| zP|F{k#WBt-6@Sk<*r;@zaZ>2q*AB#i9V|{dn>xwk2#cqL$(`L}&1Rg-1;YFk2Q10p z_hqzy#apZzX_^-lJ^0+@yU{>Q*x&^qnbYr#9bx z@S4Ijt6XgXDXim^wPKDC_dDCBk zH%-K;zG?OY=)fu8vwh#)6S+}-;>pdPhc>j}Z0U4v0|8)M>^(#VNJ|lwl4d_IQjEp{ zyHX|~uW{-SpBJ-vu$S{K@Eb@^f-UWSC=O0_IyR*%>%1ZuDw6kFjqhv!c=Yq4h3w7`T+z{uyZp7cWStsE zdIR8BIfyhEt`9-4`m+<_4Z&@n*KczHk=g624ATA?W5u;tMqKKXZSo?A=A=7-5piK=`*42;ALzUm zekoBpuc-N%y}7Ud8~1}S+XI+I8PI$IA*RUni&&{9vlEu*Pf_`+5bMGE#}Stcm+1TV zo;AQFE|(;Hv=#@5-6-+r={POYZWqEwh2h4bUUOOC;rB;DzoQfHfXn`6O8=ql@qwhp zv9xWYLb>;p@#fzXEn0A)_x}NNRAt=l*05Hrt0OvuS3#$y6SX0M{U-4f!)o_Jsk4*q ztNDJi^;pE}On_|&E6V~EsQJ8D8g4&{G4iy!{eZR{qcc>-)H+*qvK%zOZJ@n&8=z} zNW1Tgg4~<5GZAM690@RNCv*~c?-#?f>3^FTpgzp&;B~2L{7&IueA(;cJWi6X0U|FW%#S!8Rs6n@Il*kL90S|J)$J7XPb4{UHIk zvHW9|9wWX7h6?`kJSoTlZie8(ImOI~ox``Vb68lQ;opX%{_6fOHK0>ot303G)&Lm2 zDFrUew5X?u33gzoS$YwyKH#$%$O;be;7K9L*e6}!+MJNV_V@XpQ0P7Um%8j9PPU$( zX8r+JgSP>fzbZip)}leRg4+hbuY??_bplxT@YMG=Y`{qd5BUhB+TXt9F@dq;f!iyt z;sVuWwpS0eOysdkRuh+^?i?P8#Ll%3q~|2~Sy$;#u-2`^v}AA?aI&ZSvm68dZ8`ei zS&K^ptff(Bfc{83_XA{IRqR}=EU95ojs%q-H~_X615N>pZWeLBCce2Nzljq$m2v?Z z+*|J>Pk36cXX(}-Ljj%6EQQ4m%SVW=G>F^n=x2CK=EjC83ZF~ zc01r>1O)k5)yEaAma$?Xf)rvb%qHKj$F|9e!>;{1`wd z0l0#%+-!h6Yy8vs+Nme_x52`<9u-yy1)t0V>6_PFE^x#Gn`-BTx>(t-a_Lks4C?u zxb|ma{SyPg7g0&)%jq9$@juIn;oPXD`k!-pXxBB69`gd~9}qV2Y5wh5$#Wh5Ymg{@ z2(rE3u3hAu48*U!jI2Qn(*T&g=%J}T=w$5m{=5P0034NvOkly|E|uR{NS<^r6~_uf zHPH{6cYfQ%x%HkH0(P_+s&f>%1}ID)1uipi8K1B2RIKSXqtp57{vUk~8aKpn9{v8I z(wr|Z)U|(nh5;iF-}J)zAlRO3o}Pz!f6{-OS492)77BFP!HHn%BFJet*u>d;frVLj z1uWP9Cu{#7&NFZ{cp4`N-3Iy`w%Fulj_?oX0W6YQBLkxDr+F*B1QH9vRC-C)2RooW zRll8D3k2ntKczFCH|OzYItDOyO5Sjf)nnti*4sA_EIuIn!6|7Y<#2XUs(` zLl?PPN(t2msEz@I6Aup2fXo-O(=+fCSKagBXaK>ZdX@9@6EAi*|Nl5t_l0n&@lCgm z0SMMog8`8No%sLPXsP|P+WpuG=z2bWypCyeCnPjtv%9=0U;xM+coRLp)=}bn&--(4 z0VYM8H~8>+#|X&mY*&{S2s3er*<1H!HNg0QC=<3u&%tciy^pqs$S8^vFrw9jqlo}kBe@)6S3=}`QATV$;r`2J0W>H%Xn zkkS#ni%#A_RKSq&?q|QF?>-lnQ9sHaErw%vsY4axz3P1zF3fK5EGqjSub0=shJ`!NO&v}C zhV)ewBUs4)`A6Y?f24^lY~cC-`ii@Ljxn9Pz8i1>BFTTeNFMx&uBoa{?0@+feBlur zSW|eEKL7dMKkxjcK9BOBu_@F^iN8Ij>`g4~4(w$2T0*h3j{khI`GZwQDt6%iw-2$9 zs^Yo(L=Gjd>}Q>m2xFPQ_uBVZEU7>Ux4VeeI#LhVhBU>pxF!Al|Kz5|YPWoJ|CZY$*2ha`Vn|D=G>-t z6`TP;Ao%OZz9;zu0fpWVVf^b1!rsPA@MOd$6`frFXz~Bj@Aatj#4RxNB(!q)Ye%tB zW6c(czTXF9hrKNS$IBF36C;)tXB6@G#{9f=zW;FkuR;88Ggc5Q0eG+ESK@6R+`ZJD zEgzEYIPlkB1sn9AEGu`>%-z3s5O{Oy{BjhHMe~UM{@+}`1d^nWIAu*`l{l(LWB<}T zET{v{WbX?rbN>D_lYiQ00VoCk{cNDWNOOVaznKdDo#&as^3}1l;(tGify>gp>6zDm z|6N&7Q3IQ&x`NH4{5Q?JcL^B98Oti&j2wOQx3>8a0K6TmZjL6$ZT-J%3)olv0$Klaj{bS4=>9oR zdFfmL3n87G_Qa(ImOHF7b*Ia9=>RDL-e=JTL0B%#%-QMsSvsK4(fTM3I;;ns9VVZ> z@9tIyV2Sc!@{aJ5>>=dv@eynZ@B;?+ICw09aiKaW<8_Oh`^jGM_If7@fTd4BnIxK} zQ(*K1ZNQpWe!yChoM@lo2W*3+Qr<{(Id0hxd*B&D`NIx4ZK#9I@xrQ{_@d2ATZ2#7 z2j~}VKsA`T*Ea$CbduA^7tGCM$SSZ=a$%%bVl1hU`)18IYbSu0!?1*n$IvL{YJ(5J zry!|U3mW%90b~fax}#OxWa1B2Wd3K49+p9&AwhCiF@^3VGA%3l$m)f#PL$dFDga_4 zt&65pyqU!&3JecnXr{&m9Y>i@iUo9o9Mkw^pTd-NkU0~D6Ji#v`;7~*dMeC#-AP+r zx-DggIFs*!d?4w>lvvYY@{0QfyM#QnJk+4}#MozGIj+JYrCrP-yfqoH;#CzQt%+=+ zRt6ROxSr1<&oZhkj9FXvgInU?!0-_2<`}Iasg~NDUqplb<<<|2_O>Olb0zD7zW}Jk z6A@l;zwQ}Og51_Gd|0>asia`I1>GaTTF0*ww@$48_Ix|F z+)rR&0tmOBi_fkns40I!JyzA`qgfkrgs7u<#HLsn_6=r}5fP>3MP9Zx?~bKL1A}f6 z@6SD&9SK}F)@NeZs$spSTd6dtz|=GAVSMJ0$UgNoXj6^{K`pa7WVkZoj#9?Heu__QM>#LkgmFV783-03u?CTY(x56 z`IR|c8QOst^Zx6(fvb(1D|bBeul?c5&hdU?iaiW)EC%g=BSdnZZGg7)i--ZENr+=(>0OUgJq1UsS zR}kU>#At#L_Vgf|dcNVU={b%`cpW!hN9>!8zmL7KRvupPeV69+N|W==4}&L-+kAOJ zvlCrYLs#}gO<*+YhlCEcDtpyQho4a85q-sjZ_M_UX4~%9xU0nf;tHDJ_UgC^Rler!YLc9lXqk-p&b{pBP?MHy56Lw6QdvNi zC%JI;O=>%18Q zN7^jtT~vXJ@oj!@Q?6my>;QS~MKH>$IV*#2`()QhK(}fOQ`LI%W|H){UUU`_(y~`s z^3t-`?5}-|+0ntf(vrP!`E3DTO zNMdmS9jE|Q=UFY_>I>PAOS#1VezlKv3&yg8ov_6R_^USpYA1iRcY_kH9KfKDa`sua zs@m(?!D^4zu9$(>JKO z1KazbmlT*%l~X{u8qH5C34DE@b$Vj@j0MephF{>%RTHrD#5!aEAbX%1(DiZ?flkMh z=4CcJ*LGlAZ1i#suumxhwu6Ve`M!qQ&q3v)HDVTIeJ1d4 z^jtB~mBAJl#ug0#dgga)1Hd5eHjtUCA%FS;fkPW)e}$}DVLZ9_Fc_3QVxE21l_1R2 z*cQV-;Dn`D0&KgR(Yb`Cc@`9w+%ch3t^lmKB}d&C(71M~1I#7Rgm`{Y7YHL9s_?faPq<_!}JSCXF((zuN zQvCkiZ!VLdW_kZKPBV_oKH%gZ*S0233__UljU84?2RJqNz-HA7+|$z$^5)m?7c`6e z!N^3#KoWHZs5{kM3pN26>o(NqFvAJd+^*bXuZW%%n({tqgPvXoDy1vVD^v96oGl>m z>$4`3nRb@|Ro=L5xeq{D9qmI<{B7tfv-@v@#KUf-8VlnDK+p7E_dqyy!>BNGpepkY z6JZ^&iD+ejC#KGG+JsC~H;WJV0Pcvbvw2xoNh-q$?)=R>$BH#T!EQIdk*`g^0+RHeC@eL{e1t%!0J3o088q(DNMSyp5qS(q`E9;u+jVWC`NjJ;)BmRX)pjX&yU4HN}mw@>QTkR_GAbYTka4cT8~)+2HKx}XV(Xe`K2;Vy=VyD9_vb> ziJ=Bqe~$dd2Ka|bqi=ieP1szTO!M^J(dkKD7IbX|yb*D6>08;xjY$@oeY?Zx0{)7a zdSP4?dw7A0J5e(Ne~ql3X&>$WP|+3o3XW&ko&)s3Pe0gJy}xAOD~| zR8J!QH0rJU`}7z9=h47FND(lnN{8Hi{OpNjZtrjvP#lpNG;WfeT{yWd#^pd2 zI!&{p#@7*Nwg^fza~BKx5N~T5Xe1H0wC*2PnPJGpPJuJL&YE$E4AJQo2Nh1XC%}e^ zDhMuL{p|JXqd!A|?vavMUcCR7f`HH}KvPa4OHH$a{_Q2w!j~j5AN}O+kzC}s zE35e^jRSS;Lnjq<#|xO%B**>wb?fX-vbfhe&|34>m5!I9cA@Cv{*46%$k!;95r=-! zrEM*?@UMC!qPqR7{4G2P?OonHgkBzV>H0w3>8`d)7mdK4L6?`6)^awpOTMIjo!IMi zI~`wZXKN-r$*-(QPu0%~-g`rI`|qk_e#fD1&+~kNZWw${>=}U^b%oi%V4X6d!cRH( zaxi_5m&m`yov3BDBj&4^4Y49Zce3l{=t#apzb)vlx2K2sj z&&&?vioMikxICqmxtTTuwk5VayPem;ica+*fhL_+di{d22)l#`92VQQ=zSiqtbS2D zFEuazF2ZXMK1Y`>vznZ$yPH1I(Vcb#%g@}elJFHf>-llW`Kam8YNF@F^aG?vvA<)O z*rnG>B7NNur^XX4Da6-RMZ)rlU-g3EE{uYUfn1RL#+HBW2n1TC$!S5 z(Dc03=h^6Hko}5qd&kW>R-f8E6S!E1$XTSW>+5-Mlw(87vfgrXO!uY3+)Ye|$5hkn z-(jNSqMG}4n$nAL?mY?PnpLGbwRJ$(HYz&e9cvD$qC`)YI7Y2fMp9h6htb9?xun~h@TIEyzgYEeQ?Hh%cmJx&jJ3{0rh@|{=8XgZ9JhX+IzIQ*rcN8K?B3K{!lu(2shw^*rOzO!F`!tQgmS`)tzrI!Xr7?Vkks9t5?^wX8F1)Y6Yy7@V%HpW2ZbP2R7+ zBwI^wd1bPTD-pW;S?5mBb!CgZu+%38GdQy+T#6^c)`euCyIXr@hg* zaH$u=IP(REW1m+FQM5x|XL>3riQ?A+UA4(0z+`<$+BjP6W0L_$Hj( z)8IHgk0wiYW@_iRr&x!;)meOYLl(ylSPIRqfh6%k%Mj_&^xEhB0DYOg!mvBUx0p-l zswW9oHBk>J*@>3L6CGlmSht3Xr57jXDm5uzNO{jQl;?MR^rQ6VX^ANZ%J|j8FUCPf z$c63KcdJdr7PN^e%4^%dBxpbab($Y{2C$KaP|))Q5Q5W#k zuJl19C{PcQaFlN>u~U9PnC_6(Um7)m)?pIr4ilPmD?P?otL+Y2axiAct9NTR+XYn@ z$7~^J7}Qtdli!5_Sf>HYXNX}0+#u++JSQ2Ut!|%T%2KQ-CWyr&9QcvLx;vg z0|i1h(w+C^C}|`CimT(x64UO0nfmDok)(12tzUX=Z}#rzc8~sIRH@;R%kAsO)<)a$ zO}IK8{;hSM^33%NB$B&C^Gdi}dz+(cYZB;P>MiN=VSQX3R28?E`{%ZTqUUk0g!44Y zVkVOF`un^E58@g~);&3;i}4UqCe5NLsmv9?Kwx4RZ$Pc3n2!W~DBz4(Qkh*VE3dJg z&N#6e5hM7_9wqJ4k{;;9?5tDsc{++zuA}vxXf9rO@6#n&7htg^++npTT3*@iiZooh z=2AZGUfVZ;!1?f1$d94s@uMXtI2qXZVD7+*31unw(GK+Y7JJe;u~DdRzWO% zF#Z0Ubeogl9veYFn?D(!h`fizj3KXXvyW+@)$)$U5EHGRneiK2w#frOd`e5o#9=Sd zF*DZeBUvnmub6^>pkQ-1EYGcG`Hok(Z6l}2H010Mo&2^w{o=3=K4(YUYqPXPM$3H2 z*88v$ACgsBhmiHpDnh${IS%ZMA*;cJ`VS^b@WPi)hcu2BSJW_k4Kgcdwf6N$j~_fn zU0bj1O!2Nr4blKaidna@kd{6F)HvhUVGbXHvoRc*?ca>_b`Tzxo)?7u%T?#+!I>; zefUds2+82NPiIKMP}RC{*L3gJcP*M%---sH^l=}(@bef}^O*PO>OcB&vZ)Qz#i zwIP9Dq;l${htLaQRoW9hCWEO>xS>$*U9Y8jidR@L zG8p_*@{)_5V?eGiMBYdq(iH=7cX zLCbNABW6aW>#)I$sCX%sW$%u1LiO4<6}rRmigWyu_r0lx&)@!6V-+hRcp?ex_W zhf}?#>%AV{F`UWCGw8BPSC1j$;uk-+*3;mHJkb|qherCOBCNC}n^fNBldY;6HkAkQUxVhz@WSDp%vNy4P_n&dJ*sv1 z;+vDq1C16csSuaRR-&}cJ*!I34?b-~(_YVlq1WmLWyCvfAIC*!hbS@X#3dSJL+r+b zWJzAuKOz0Kb+#B5g_DkIB0``^XGbQE_BPtL>xNzu-FqZ%ZB19a6~Pd>j2}K)H*`7pA%O_xw8it; zUYjdwa?lW^eH%!}6LN?Y!;7_d_%-!J4U7TK^uZF}iB=2Tf72un9tdy>p@-lGC1<>rM~_>_WWl2kIS)G)Q{{fmEOBFfz4BIG^LpJvY=NqJt zs0mDHS!TnXq0IUl=`WKd0t4~qY5m2Qf~T9}D1JGxUDDYQAq#_1-{^B(qBbqDt=mzo zD={>Fa=giR3ghgC_|7Mn7f)u&@X3uh|E|1ZxfoA+uhrjA4IRAoalGNf_Ont5^sH%M zq(&3x!~B|X^69UQFQAx3R7ML9hg>Y4nN(Y=HS45VKM6hy>TsZLZMSh;XRu1ptpSDa z5+qg8^3<;A-D6u{_XcfWx1|Y+iNiIw;R`ZgXYsqf+LDhM&M)fTQ!Dxm0&A{N><%M(7j0*)pekmlp?JabIU97smlkKPldglmN6WM8HrXo1YL&H z@dK91ZMDv!MA9V;iAXoN`ue~Vx7HNgf(x?OO-&vssqt~_7E?;X4QBltvt7G|Gx?5( z>wIkwn(o$heQ%S&34XRHLs9GSEXhWA6fz=T^EwKyU67e>cPC{&PHeX^lX4z`sn&)Z zDA!uHl`ao*y}~XcPj&%CKUMoDMnfr%Z-#a&?Kkw!^jS3-ziWTS;XtTF7#6sR-&%Nw z8DGa3ImcU2S(1rAcG$UG(#E%H>y1%FC?F=N!Wz15F1x-vRb%!0-qGm>0aau4ecvJO zF?O;#8rs z&GidOFlIBzUAP&i8rV}SUIMNu1+>3d4dg>D*Ratt_k|;x*fPq$JJnMc5`D@p z>tJd#Q22;dZXTDsz9WeoA3@8|1h0&`PSZ&FS-r7*3e~!Wpvf{#%*VPl@lKumuZq5g zweFOWDi~(U=SxC7eqZK~9_Xq{i%0=|E=-_l$uVx*|pZ?VFj7UG#IW?qfxBXI{wzjzS8Ty3b_W@Ax}GN0$4dQC}K zZK3e5-u8OH9VEPpFD-iO{Fp@JPr&vibF|uf{grT;s4AnLr|cpz=cUe=JD)za-+9!B(>~UIh2EgVKD0nn z*?2eD@jPxq#OB&`%JOZaK0qFrjtq=tZ13(;p3%YPj&9!(oUPuS@$5P*Yk!piSYcz9{uoY6V}S|2Ff7D-Y4T$)CE3*=$9m%@-2~PZ{^(_fSZM z%#RT|IMn0(o?Y*TKjMf$j#B;TTxeNQK8fwcf;r5>wetLsg_OYI2ku58!5bP{@OEqX z25I6Qz6uO;-YRdaaFts;zzxG8Q70eEdxD45nkJA;%|}O0_T=`_m=#G;TnhDLVet-; zb$40{Ta;r|X%bK65x7?O$r?wWsrVwCiP@44@~Fxtn0$(vkSI zL2ZNK+SA%R(Jp=x+cD}I)%{;fGg9*viSdQ^vj`@&u*e}v1NA9s($|y=79Wno_c>a{3 zD)Au)uBgxQSBfJ2soYkAu4lSUWo}1mYXt@Nn~s!8SDMwLr6-y(sw>~)!&@)O6Dtt^ zIE;d|tQ(ZW%~ZtnJnT4TKT+YS#Z>qnF2$)LN4CD) z=@L`9e46oLeiul4jZCFD$4TUc@-CE6D4X@gq>EWDl7rv+6(hRY{&cRmS+l2WTQ!4T>j}_Rk@Uzu0q3n)aoOJF9dgt(X za#{75#n?(p+Zc&_loh(Vqd0}n_9F4;C9^6SX4hR~XssKagvUH8*nFv?cI6VwXiOPW zBY#M-7lRjE!muQ3n;|OyS!#ov%rbi`)kZvePdy=(W&7mP(y#9;;#vb%`cmtOID{d6 z#kaC3-IV%@@r102;O6=@TqK_pQLc27^9>ycuQDkwTECY(o9~O+z3%JhK%RAL&yeYdCDmu&M-^OK zLCe6Lr}TMNm!?N1LVm0;?U71$`Pk4M{>+PnAmytBJ2fL@H76@DL+mSVxI-8-;k=1@ zQsT=U4c0eq%~J<)V@N6Q^xYNC%B;JMqsX$5Flm^>--%K>2w>$q!pyGRCJ7tkVx6IC z_jkUdug|JKbXx&#KH_XfO@(e&H;}%oC{5f^tZk8*QIhl@zD!Yn~I_uBx9^<4tZD@2@nTbGY3VOe*%Pi9@6`Sg~(AIpn=f=tI zC^V4#Y@`w0*Q3?kb-LpvI51(jyqdLTDCJt_(~#J{c&MsEn)}6(1mWx=j(C<}{Sm}i zB$K%4bBxfJ#Qb!hR2Z*T$I$JiTSxZdI-O721@c0}xwPtj;+KWae;K~wk#3tB)S|Md z{*>s`sz5M=Y7QR0-h3s2Mv*%CD(0+Y~$=xneOTi{19-PNezj0HWfU%a2 z-iM67y;sm9z8PeiBQjs=r0pS%2Q9g$dwPoz?H%uJ>%N=_mSsazCNyyYIA}@x;sOor zPu85SZgvh>#tOUt{R&?5{e_rY_(+qGHpkul1Kk4W9Ej<4#o^c0FPQJJdUte>a$qlW>^)>l^|UKCq@|VXlsChR(>Iz={?A=)d6_vPU?W2)Pv3`VyFX(2 z!Mwi2-Lf+aw;8H41|Q}-Y7ESVNwW;yK}x4K$^4}mOXW$0R3(fV?P6=`l)C1!7s-8N zWN@s~7H|DPpmdZlcOS|PbnF$0dJa@4k3w`uis2;P{aLEadLaEb6Ha`lrZo+*x{c z>Z(L0>E2X&IA^RXFEE7Zfw5xY(aAO{IVL9I!e~v zn^{9CZ_7KIPTk(?3_7(G_!{omA)tDnEqjuHA}5MT3`JAP5xV#edh&Y}pd(_nzEfn- zLGqld^gBt)g!7D)4T)*uQ97m~q}0X$e8NfpN<>MO=yim{(Zv4A;-!Uvfp^!BM*niD z0*bliaBb6P0zwRL2X#yh78b6`MsHlM{-K)|^8M)uzD*>?+<&A*S z+qlbat>HyWiLK`AlNv~O1RH)=hfNQGIv#U#Y}M#2Unug#T;vI@NSDmY9E9M3oI41H z%NEt9b8#C6f(C>J7i+k0DdMrbc|$9EU41-7fXk-?PHj|nOXHc6Vxmf9&Uo<0JUMYr zPo4={V|G>&5{q`;=C4-GV|^o1bQtajiT(5|DE)y~%u_}~IoA2sTPx3AJqY@;#9|&c zjn}{`++p+mVn-B8{xQRL)svSdvx9r5m0ELecxr_Uj5@S^_DAY4Bkh6?Dw4z(1ZLCK zW{LTkb&5?dR=PyGR7WO!E&sZH+UNHsrM3nB7=d2262i&$QKU~KSEc5dyNWsPdKB>^#tR{r1=1u0Xzi=NhTcsVY z-wNHa@h8j-L9ymm2`_ODliW;)YP5oel22QXJa` z`_f@G!Y`k7ypu2E0qA@=wEi~kJzoXxOFGFyl!8^61d)Lv2}R&Q%9Qw#!gZPI(7S$N zBY*66YE>RGG@l>J^SxDGH1E`3=KfGUQ%Y$g0!N*>F=xAwio#gSlyMn9dwK zhURSAx}OzvC;tdTD8swvQy&*n4GkXI*C5(uez@Jr+d^c|*Lzs(#vCmh@~%5-uIL)3T{j2c8H@R14HZCS2N0bh1peW20jx$ zDpu>0)C#h~KS9;N?p-ZYe45_Gnep^)w z;MjAUE_Zt?u{?{)Q|o*(rDgklH<6rVlM~?SrRl4`vFZ7=>D}!6Q_G>aBdQgK!*4{U z_Fa}r+C5yJsM8@QSE@{%W?>e~E$QYZ1S`{o;|_XACn_XxQL-pIdI?@(=ep(jv`WZ# zhIfKag6pZW%;uPwUE*XmC-09ths7@z0L#VtdVHw)AeB{^C0#mkbe$EQBKe^AGz`{9Mq0%(Nl4V?{%J^5xi~BVBWZojEhud2FJvj%*k#=`h$20pPUKs9)K{yU`^QINy zx6@hopV?KvwY`h3Xf0W8Ed!U7i_b{?bx$D}M^VH&s6$@Qm^IRB98>)~{5M-~gKo2Z zCP*?6{eF?Z`P;8;!(@hR1(!Y zaPY6+{~~Jc+p&#gXY=3O=BeA_86oc;vYWjy!c#Bj5NLfV^82+3@!N~H9HT{VS{7X0 zmVVzW7=io9qIyn@{~Hvpj`P9G;fyw2bKto-74phjC3U7JGmr8txoq}*Av~(I@sJ;h zdpzQ0IQ(_lMPGW%pvdFzVhsubk2y?P(%x^X2n=gr17luW@%PFn^A8k~itjy`8Yo?g z^@@Ijq?J`KCL`+*kSyV#S1^7l8xen}0;!hY`ko;s^2TG7BgYG$4qBvKZY~?k0PjT9 zw)F1kSLLKR04EE)ret^@Jrx!t(Nz2fZhyd&cD!0O;jqFUX87V$cbqn>=lEzEdJVn( zB{0jVcW9kiT`ZoYXewM+86K67r}<)%@T%5E!gASCs6@AL5m%2H&Ig9=F|t%-!IDQ~ zggc+?LrEdtRZARo!kgK2PwI78V_hCNBup~RCTM)&@N4>2fB*RO&>p(h1nIL{!4DTp z_tY+B2=FJr?6GD5|MF3Il{)5vYdeny~eSkx~KJt1VG_o26wOEt9lqJdaz;k?~JEkkfixZ4!?Jp5} z<3p8s8Q~GZs|n3qdt&@W^gZ+K!p-0j8&gs3p{6!*Fa5kfetc+_bl zHS9NeK{Tw^XpwJEu-@zy{h_8m{>oK@U0W(cQ_0izK>)~ znVs*{DHD-ou?nQkJKWS^8OuMtcI+m!p$K^`s*Th>_(?pg1$o@f)$OaHa=Y&=R;zA7 zQT(iAzP`*!LbpAUE8n)rClxZ8ht8_bq3Ydk6$&jI(6{L0Kk9wKNK=%Ruv4YPnU<#} zLpY%|Y`NQ3Qcte;(x(j9RL*(H!(6RKpxrTh@F|f+@80aNnqGDFB7S(Tg;M6ex5JTv z%IZQ#KmQM{!@jj$B>rxaPzPn#T(?oLT7*aW|BTy?yC7~`i3}6P3#>l&lCzFNFU5@e zY#J159Ip=Bxu((15{_6&iVZ#)hVPLzhmFS-BjOfh#sgu;sTb0}3#ZyUyQE+@5V z%;$J2KoVsXsj?qS9P{Yqp$zOLpuX#EH4{;X?EDA446G?CTC%UBrj8tsX3*W0CBl0R zGiqEeKaYGWaneBuzZ~IVR5~&o2=1q7&bqJc&4mI-pOA}OCdpE#C9b)9sV#8*AyW)7OWW|uO>S6djV;91z`SPW@fth0UZXF@HlM*0cxe1Y4$rD4s$Mjlt$Xhu zlhHx9#$MS&9X7u$Pwb)gd@mP%=)dK!7O6+iyhQg99_t!3UElLZC z+X6>{0Hrsd-L}PxCr0#1HFQmrF+Wy);1h*~`lF(vO=Q!#HDoZqpTEma+r@B71&DZg zL;Oj}#ud{nzX}lDx*gJSoh;4StLjtX6!gUI1&$Ftq|<^wlj>dbw* z>T)?iZ-|NF=Z{rbXGef{WL?_L!L96CCdpE=Y4R-Iu;(KvcbBs?fg<jlQ;fPZ$n0?f|*R@%M$^Tlo$4p$uNH?4N;j8845jv?x z@SA=ZdbUbq){tIOE$!vItphXLQbhhG-pmiCqm!psX20<5FgAaf_bJcpSsGenptQQ@5e&)H087#~TdzYWKG2Xg1C}%XIg_n{C54d?nZrts9ixz zmrcpp;bMUc{O?Bgz9%^9juWmN72V}C8EaKG41=q9T-6!={8R(F$@1XMkM-VUn84C+ zxc#_Sx0k-5DCK>dV#JGQdJf}Vy3ZYt2U~2>MR0d=JzHCQgzm0w^8D`Dn&<9G2xT&F z*m7c;L-*1bL7Xg6UU&X{uH=y)%uRQfxOUy88)J*%OT`F5jm*!*M(VE89jLwe%G_|;#?)Jp|-c7gFS2z&_?7teoHKiXTj4TjRPD2!R8>bd;VersW2no;IQ!$PsWi=4C~zct@31DxMO&v za)sZMx+cAZV`Qgz2v&T=U|ou?CNYn@3r_ok6@6~b4BkXD{wG~-xsfNgs7LCQ`z2#C zJLYW$d-jeTM_Y29<)IS$pa$VDzK4#Nf@h* zSNf|@cXy|mb}?dyUEjp4G!dg~F8$kTn1kK)0Xt&jV2WYW_~5ci>WTM{nP2kvIQj5J ztkNe0By)t;P@hS;zCKy#adK^{o({kW4m2J=X6};SR5ZPNm`81UX+YPi2sLBf!e>FF zDdhT~XY~$zf)@_qzniDtj6OeEt=#nYIPqKO zIVn^2zodMaMKo9+k)AeH)q<0>H*0qih>u^ux-#qj&EwOCu7poGS_~G=uYjsr7)Gt8Zjo*=o=XK#3nuS@9JLRV|V+a#`#p<{ZGazlUG`OW? zTJ7jCot0kQde`p?0N{dbw)S;;g@GRE8Vy;Ged`RNp&g8vQ1*s?tH5h(Gi^_2vv_1dbmrIR>)pI@VqY~7e2 z(7vHQPqSfAwY50J+gvZv@dQ95!jyIgl|(Ly=`5N)ZK=c>tB(t*V>6Mtdl?;dRZ#Js ziZzfIu#&3kvoOAY!lc7x6BA@u%7EGBcCOie_4P@O4&YH8w!;o*bEjfk>3rxd!69wYA{ADK)ejDx3vV}wBcMO%3G2%y`%t17IZniYIZS;1I?8bG9tIlbsm=m{5=TX zERcEe1zP*%*{H96^a+qL*|pwrDOopHv8-xs8sP8oi3&xp^=T^;IjcA)_FIf3BR;J+ zG+i{{tK^%{^^wvKADh1WK_=L>M5a8{dLc~aAw(dE)$3bX(bFbcMLh^Ut1E#dm6z+s z2^~}+^PpD=5mQY*DaX#@P|dTe#!fZ}>9Zk-jiSws<0Tyu*>I}MKpShD8-$~@`y-PdjU?c9)5DlA-3Zx88p%U#Lh@vw0T8hw2w!AVh ziwgWfX2@hdRsAa>bC8f&j zd4U9}s5<6j2=_9^xFERLk}88YOQ!@TB3ixCXvnYJ#h&*XYL z3_3Bt+mBqc!Km9<;eh6?4ntj4cl-K|`-l#F()#&(&iPX-+)tyOS9y=sF#OpuC51Ia z(A{@mpCoC24e>Pc>Dum!vbwkk|BfhKrZbfygRUmKNwp)I@om;*ifo#~iUw03BFIlb|p2FYBz;SwE zCuDYo<%lvNYfHDbD6W+_V?C^3amTRrN=}QFB28Q$+LEqR`D~^2M39ru_j$Drs(Z9m zf$gx^J2gJnjZY;BJ!HkWLyK-Oi!VndW+*&majrp(M;*!s&XzxGIq-MQEoqohd9Qoq z0$&Y0{fUKJ?(zaaed*Q@GnCHN%kAk@vY!Rt`3N~q!@P5!M40niN*;*}ArDcknxPFt zG5jB-cD$^NBw^!@4X&LoJMehqqh`dO*lV@nDk(wIC`avV{(b4UEuQLCjV#;V+DEf5gYMik4ncV2_GXsGrMQ3K>BO?OvCY^(cQ!1_79JygEnVuBL)h$nD_wEe(Jj$ zqQF-2G&YUP4L$F2&-g_oeG_hb8A0(4){HJvD|)yO^WKE-nMoaH&ss5QeCN|$W~BIB z>>g&}S!Xnv%v#0t@Q3ket8rkjGvf3OHZ3JJbB&6@&hedo2?E1F9Qs=A&+m^u|?%TbFHXmwf~E~w~nf6@4`j_QBqPx z=|)NEW>ZRwA_CG#cXx}FNO!l0bazNM2-30X?%FhWZ8+yW9?|#x?ily`@1C;<17We& z`qhkQK6B2fN6$rOXHJIeT&f5=b1%+%FP*Ato3S?**;A9*K0R;QE&`nvHRhN)uh|?H z>Oc|Vp#`T?a@h#P^CwRK)LC*%mqa8xw}?Y%O(=|r#krj_${MR2>7`c;aSC8?KKl~ zgph{;9J4;K1Ftaf0AcHR*A}2hD{&IUS9q-{FL4=Xn#Uy`HBq4fxlp!Bl}>R2Wpr;d zl>^akH3F@an0S^2&<$`jR?JZo_tU8Ero!@licfE8>7Uze+}#G)y8cRp{JplVV%J@jn0u{kKU@bo@C_f0(Vl{=hh6aqwx9AQ{VK`0;3 z#ZI7UXI6m6)<#*vo;gfyK?Oi|9xZ)h`ta?=BvXpBMZ$Nn6oOXEt-Wr%rx zR1V@FpQC|4K}dKy(u&4jJ#*Ll`=g9Ok&dYmeLd~lx(m4S2X0*35^5(hnwz#A#g%fr zOVvQPf^)9|O-?(TJcq$7G);t5x+mx5t-QG#++6AK|pavI*T zfn@DYSM)!3ctO6PYn5xbk+z$*Q3Rhy5zMQWs_^tve7lC#)5%2(5#6a7Aalp`AekYI zNV~Jhsr~@{VeS3`LrEon?CAjLe1OjMM`)@&0-K+KF~GgE=OHMo|~J zE&Ss;%zCCY`Y0j@2RaC=riD-VfTnzCM*M6{Nt5UISC6#07_ zHPi58nO{25P%-dYzHLVF~Vwc8HXBK^M^<$$u!97=2W z&Sua}*@`X#3aJvqL~MA6PE1x)swOu~r1s2dwO#Ss3@iO~)1`OA>GBeGCA(+2(5C2* z0oJoJ%@)-f&VkzrHiI=+jzC2k^D<=Ban=rKWQevpo4$(Ei&*oL_gQ0~%W~?#`(@t~ z+1+u+^X9k8!%F9~E-lk3a#P|suS-RiYUQ@{hQrjHb+{r+Woz6^&SVhY;NEIfjDOL% z0d=lQ*^p3GCt@LmhdEwi!GU5kA8!d2G9)TSu*E-PBH(LmC&%_`w~G2ZIg zt><)qtMRo+>VeP&W!}7=&yL^G|O2uOZp@H{U z87ZY0Vu6r)*-BvBz$!Y2_eCsYVJ&D@dAF}(S>S}e<>(V8*KoFrm!V>wzWk!}Li~~s z<*dC%Rfl}9@UHH$3~LTF--l0ksVK!Hgvu&_uUiQkU&+(WpEy;C2BliM7>?@|t`nTV z_)CCaiC@r0a)SzQhiwrQpr0^Ht_B@UJ|rI4U2K-b4>=pNe)}$<;Nw!0%$Z{dW2&|u=Yf1 z0F#l$M%M^Q{z7KVc8-80S5+j9MlME98W-ge6^&7?a7*FxQOjJ1tNzpuwZmk#d3dE) zwHK7M8Gr>KbQz$-30Ton)5(lWm8m=-xI0D<*+2DRMF901XE}N-biOCy8nHg58#Sr- z_MyOJu!1|Af}s_0!xD5hHS66$g~#Hjeq^_+=CNLeYvYby${EmO&l$YjwNidMRe~)1 z)xDW(YSV>)Y!K&e!-e8Q)ZD>yMEv^P&2bpqM*bzScj_a<>T$*j_jI4%&HaQ6_pIQ6 zo0N1$aA~B1@o@B_w7rNcvFTMcj)YGc1@8qGEJZIreiDg4YXr%Lh}pCFtaI!(JFY9E z^IhQRwnl(zA+$$QYV@abn>~<@hu*i|Cw}mAIz+8NA7160;U`@&nn_nioF6#0lun?5 z%)1W4?s{3`y5J95ZHCDsq1TzK_GVg8qlYo{mhb904koT550isF8ZW%!o+do;AbP;n zj^$#VvkHPFt=otH@T}chvl?e?hN3`Y@L#-O;-`Ty$+cnC zg;fkt+j39WIo+6heLA*u_-vFFegtGhV(c_p)suGj$Hm%kzU?T^`r}gF(W5c`4KOWU zUG5m)dQ>|fQf%rv!8z8_4;ur968{>4H0NOx13%|sh}bHR;X=67d;0?v<+57XSa-T_ zHa3AqsBF#)*xb)t)V0;J_l4Hw**;ys1ndr)kKokm`q{Od)F$-ycpDyM5&!{pqkF?& z@yiKIy9|~!*G2i(EDMgq#tYXR0s?%o9ZT04@fU&%1Mi=r+b-00B!M%_%w!Y7rI*wV z<%mQtTbQRu06+_n@rQG)`yz?Y?Hfy?t@JSX>+PvQ?(_BV4pshw3E?5`3e5>w=t5gB!4;Oyj%6yTIbkN&eeBw!lx4FAc z$zCDm$d?~%n!s%BuSwThlB>`AgJDzU*c@y{jAVPOXIH3BiC4xrb4wyCHd}sh&8kqf zDF2dYL+@a6@Y%_F!Xsm^d559b+z$3X7|PqY4+07q0;$`%5AMYx2+=P19%=%97r@qa zh*-*0`?ytXk(2ld5&x4Z5Yaek!?s*PN`V zA+T!t`$p}*YXOJ>$t#tzu2nq+gleNPyGbW?n+0W-dII~mk6)j>uZ@~#@0YO&ym-hh z4|)dnppyvw!k^K8;j^ah*Dm33=QQ(#4ZzDbfHZ|fm3WYqOmA|5L~k;m$VyUs;sVNG zu|vi%Groq1HDBF7rR()KL*-Pp#k_C zpZl2Q(+v_#WLqD7w3lxF8v2u{7wUxGfs#i|@hYWI9rL@-I>%LD{}uLsdlEp+Y$DNl z_PEIMcQ>iOLj~|J?yACAoc=N&fBiGx8xfk-!=MjvxUj(o-wvzh0y!%$ov%`UZoHI{ zI$ROF4-i9!vOu4&^?8^Sx@Rs7L4D<$A9Y7KZd|u}t^pfwbtHcGa=`8D&#owHB4RKy z(qz!ouABFf6IPFaVWfk3g2qVG5F7v7YuGRVPP}naS5MCG=dzxf^l9g1MqL*?@d3*& z-*28Gs7?>WvZGO6+guq~Hy5qqDjaGICPM>hjTCCF>g3vvAu8%!uNee(K$ z9W_yye&xr%KVtldMnc4}qT|zT-Z$s@`X?&F>V%hx7e4^z{YIU2;)U(+CobO|sf&zX z5{3Wd?5&#q4>azh&v;R)CcM8}U}E@EDzi=dr80jd$hhqwsbNe1JOGfQen?PiG-?P`+}TSZkUi`J z*i#%$X)xC(d>s|mxD$Ln3BC)o!rn9k(ynaEzuh&-@1ChWEXli@2o&1#w(Q~5Egve$ z9c1|kGzK}zi67HxwLY5BBsv}0zJS!#O^y~N9As+%jl@*FZKIWbl3WK;zyVw1cD1y< zKIVqr^|VBfT$r7NYmb^4(10c*mxKFH_?YA?I^GQR+}&&nuicB^!tddj`!wS)Ts36| zc*rJ*lg3nL3mN|iiu_e59y$R2S(H5uhgnJh(&FnLxg5y5mN+wD_y)aPX~LGq2eQ?N zQE}9q%*UIK0qnD8WxFu4#^|U$@vME!c(OJD=vC9GpApYC0fkOfx8LIkE59w{jK@Ry zTca)`HIaP&k3O&RbE{9K;+a8el&?D(oEdi681{m$nqS66moDExG0Led2Cd30yUQHA z7x&aofZu7(Fnb(G^{4@-bR0XaWUKZxcUY<0`5ysWUrAxs-=0z8$UVC)#5B`c*}X8K za3y`~4XB>3knI6!<%Z<|0$F7@>UyZ_%2s_cm`6xoxtvmJoL6&*YvMGA$4(TTrLtjg z^{`&2MP_ewmu-(m>C1g-bZF&;JCJL_>)#^U=6V8E{?P?lac+;~$YJ?(WRH7nYnjhR z0?$W&JTgWig?nGU33M^^EBby~V|*cDo!v=al}(Ukd^ST=$8Nbv#kb=-0|h44)5$W? z`A-1cmv3TC6=E=MYTv0;TA%h>nzsarPVN>d&kxiiE_hjl97tfV{)hC!w}(nt#7Ge z+7B?|&Zf+n_RKK5t}HL8uBvx{Ixnx-BIFN8(j!&bv~H&z1f5nug}eWYqhOAhXZTw*B``^0sQjE~W`5)?~&! zguWZ<-3eg!6WL(4&z+r7P~b{fv&h!3d~Zly>I&4rU}S}9XI#NfkCm*VUy}Ig*kCB| z!qb;;hX4t73F~d)*NS+Z1TI}5T&+Zdnlj{GF={wR6hwcJT2$ z6^Qd}1AJjT-V1St>4(D1GYODt-P2Kb1VRpIg`!(T(I^bnX64}X&0)&cmEK7rFlT(@ zapYcbGLkV+GAj1;i)KY+|9C`y=Blz4nc_GQDC80EOa&cxv#9jc)-s&;c8m|e1x-Yr z7J<4AVazs~(<0clk=PB$lIz8icP#j9aRajDyyfT(6u_Bm1S)i$&m?)E;a>D! z9)lWz*6AhP+23sLDeoV(^15&=Wi1th2NQwVw3MmCYo&A1zFy$=wKE;^wHC1}3*DwJ zduFM4lX^!Upd*jc92ccL;pkyN$~6L<_d2?dG-Uvi=Ox0s`bx?tAMAS8>Wa!>-!9<= zNIxK0`8M|iXnTogVi`OBLnG!^H;wAf$I@y`&i)AidN$?}@2X!(XK-F|19DrVj~|Nk zh=4B+%f>sNEhW0TjO#>9LyO-?-DA{5vH3vY+Zdqfe6g2kS`C2yRp@a^C-;MV=mCEx z$JF@6D?aRUm(3*?6AmDsHUnAMk3Ee2C(-vD5wJ9Vz(mO3l1JiKB#VyiM1{(!NAUYK zK#~LwI?#U0W&rbAy6#I~{=mmT<6h4n@}^(9d)kk%AI#~qtOVXLvBh%%BuVK(>p>2I zgv09VM6T)`e^aCJ+YdJCE-%KFoBdSxQv@(xC7!^f0mG8mm?-`L)e;03OP6Pfjjcd6 zlv2eIa37TkprRlk(=AR7j@PMJQWT+8@1AUmx~b8NN8ra$1j;0vymG#es(#)&Lv z4pULe7c-xB-O-(r^buHml_po^q?W!6CKD{tnc7QOiYGJl$+)a$xELIztDU6Jj1AY? zaQ6U3*Lco=5|#F`Zz2Qc>~hz>%GVfFMfTgoN!JH&O?nuXDze5u|9U@2k08%!fySG` zX$Hmbq%+x@aO{1_gvb>T{+BUZzY6ruN*j!3sQ7xlX(vUdp(UKWGeGAn8z0Vu^_Z99 zZB_Sz3rI_SEol0@rQ5cET9xR~dX-a$8O;g;r+^C4Kb0Jq!Ljtfn@}%rrZf3YSzgiW zyve*xxAJ-~_z_k4Olp4yK;SFg177s&3fBTzBg8Xz;fUo65XebfcAc7X-HQbqft{gM zc@)vkKgl(lrd#D-Y5Of8<(hR;3I>ZPT7+j7vk|C?R%^!t%U7Jh+{2N2T-W#c2&E!1 zCVSYKBjA3MzQud@qd9!nvmLs}ZHz~=M;99CjtVH{C(!f5h8f`NeHDC?ub#a>&bi^Y z0WAf}cE0697Vr@0$kt^H7c}1pH2&I|ff^b0Wn!~rdu|9kNw*EPJ=46%uhQrxQtf5_G8WrJDyh{p# zKqCa+8>%a$M!sk|Q0QUEaiB(PNBNK(z=}%Scf9thyF9HkeZd;{k^BWczV}s#3aAa_ zTD~kiP>X+wcx2Akfc(9|+RSGr>?FvWC+)VPd6PX5qZ@_`n?Mj~uomrgz1Tx=2e}Bb z%S4uEHWL`XbUn|zWIbCnz0k2lb(kk38a@0r#JEnQAm-5L zLHHxrcZBTWN_J6?!FYTtt9&I8ksO1IMx=q30-bQ_74RX}EX7MfoAFHwzseo?%b9rIV{zts@)@yt5|FU8z;$KM2I0s%P>pPx8iX0x018)@@6&RC3M_-OO7ip!JHnGd&iG%}LF90}Qo+ zLoom{K55_vANRD3Zc!Z|)unbLzCZC)JMwIKgcIX~q><(bEJCAY!d~37*055>pSBD! zyd2bt%ZbTu^Zbtnd+!fFBpQl)Z({*knghiI)2RvU5h!`Pa{D-`W;>V>vlD7z9@bHY zB$pr-CQBdaKOu?+W&tQSHMTv2?rMie^eA)-+Fwv=E}1Ht{Ij%^tdl9JG9Oc}N6P{i z(NR4D+vNj3rZYA8lRgIrqG<3*4%h(FF}#QaXk4Z3;JL^<+OF6WeYIw(Wk~e9&Rb-b zOWa`lqj>Ofyp5_03!HC z_he6$xkWGjk}6k@ayA#--qGbg4zDdt|Ai7W-aB;qDZT;E&v0iSSZ zBW6t$D*U1aiyz1S;3I!Z%BWG{zE9D%YEVPfbzj8wN1XY@Ed(NW<_jXA-fq7{ynzY9j(PKTJB**Ih%t7i*#(Fmi&v?V2Ay|52gK6rKp+LuF41n*cY{kJ z%$z_+<3ZQ{CtaS@jl?VB_BA|^AMvwiT;@FT4HRW>M#tP%a#hRaIe9&1GGI(xn$MvY zpR}Ir$1%V!_fd1;nzi*oT-P;;#^FNuoAn=@EEnG{>X(DT@}FxX3p8r2T;kmt4Pf?X zaBeb{i~>^iFusxUH~4rg7xXOgiGo4z*TGg5|*YH)s4cruz@DQEB*!E8B+ zQz5zS7@m^%=o>oW1?2JqY)l#v^TAWqEXPpAkYh1QbIe}ytigTm$7^ZhF_>0V+&c&l zLd&P$Eh<8m3779s(woQQGr>Qcq54jk{qWh=H+hGHEH&PVbscuYo+r7!s_&YOXkNWN z|3ayf{3hzCxkQvD1t@=+mJ=ncX5Ni2JfZe)eME8v2KbFuf@@O;wpF{o4{N=bsd+J= zG~4?fV?p}b58xv0Lm+RfR4kvSNRPlzNP7COo!Im!iZQSo zs{xT?ctN=xHJ$FHg~qj2^vWxz=Htew8ipr;so%DD0}eyb?)+-RV4 z`K=sF+3XR(57@LJtjmHSAKs{4k#%xA+HS+KS5K#|m;@6zFqp2{rNaBm15kZrbM7L|G9zgTDCFwfLYR(-WD(JekAiyD{|{VOG*LVfqsjMuhJ( zgJQcEDu-)Kl#o6?)uBjB`^TVGSc8ATbzE$NB7*NCivMoNL1*z=&)kLwlA^w`opi(z zN=|><5tt4@lB`Cq#>61UXkX7zyV#8!r{;e__0YTM8DPD3j~ej8+32JL#WwVa;LIh9 zWzf(Age)<>XqKcvdwqg8`*f^W=V+zeu|3tPzi~qC;@E(9ca%au_EAqDh#=EYM$&6i zkT|>c+z$~`lZ<rs=ZT{@gl5S*ZRVq$4 zpVq&Tw}RbWRnBAaB`Fd=*W4%O2gh8A(@$`bjT?4W1Uq+35IPh888V{#6}Q5!P#BLRrkH)Om~mu_;z`veD5@s%|9qBe}>{UOQ!i= zC5s42Yc^4EE^|&XTIuEe_%`^8El2Qa%;9_ycqi4ouD_A+FrSSi7wIF>Zjd)iPL~bW zeJ{Y^KHTo}<}0qrgGqz>8^*J^r_nrZA9&Iw&YRWFp6zw7P!%TMJ-N%90~a&}lw%Hy?O^?W{T3r?Vf=R=-}rN2 ziNRwwgw7Fh_K15Z0ZDomwB~f-QJ4Ewa~f z##!}?ZJ?g4u_{%)@uYxdjl-md5hD)ZPgv*&9$kzWfV-d|LqojM7^@P|Gkx0LW)B@k3Uz+67S5D;P^^j+Km#BNE=(wfGuVwRGG6}m5j zU%MjwG9u#1wl`?PDnfCzb)LR6eM;mrTo8U_!Y+U|I6OxZILn; zLy#i@13PcoCu>9l(~c}1XJZ0|q{1_@wSPS zn~n6~0HDQ#a6f6$492IP?A*{@Bo64)2;K>>Ws%}f95-l@DYX4u9wx?cMpORp^D1!^hoBvw&tA~^4}fCv&Kro!$|r2$G=Af=kI^=iPd?<9Hl zH7U9O2|RzX`ru;d3pd-|#053uUutHIuZHKP|>?&+^q=mVq+xyvHXN z*^H||#UZ=F$#vT*1qQ6VTIo>pW4;{D3Vsz)r;s#Q_JTz&$%YV?$C;Wa+Vv#E)c{sD zHxeBQjI~md=WIM+x2*Ku8cI{6y{Kk+46D#1wKP*S%R?EFtohxMJhVqaV`3*~%6ON! z-TtWOs<7<^yWD9m40-6-t|EK7D2D0yAlgCHp<>!CJgxrc1^o5x0BY< z`gUuw-waT{@KARrSf4ZaXJfVUsKE0G?yy3f-jY_hsj1 zD42f&IIr8j(oQM2!PNi*(b%0W!jTUs0u^H>Xom67YPX$=opBmkE7$UQMKvJ)fo|kw zqgLJ7y8w!iiA2zZ9KbD%E-2Q$sub4cCV7w4CCa+Fi%Q2~N0pTDZAY|O!*_3NEE1t@ zbPb=-F6PAJF893vM;gr5{%$CsU9et_-i{?>h0`R8KEenb0B6}N z&}BcBj>9k2v;AEU=<=)-IfS1!<^yduPZS=gx(h2xnaKExfhZaZz&7TXSZ6I} zSav+gFe;OIIkSy-L3gI6C+?(rF++5btj~4Gh*W@Na@;-AnpUd1!cBQpup4x0MMPP? zLm<_IEEKRbu^HQoq0*(rxlip7^d=(CulFNA35~hZBgX`oH1t3kk?*HRXA1t~A6f$_ z^u&Myems&+LSQDOAS71+#lyJ^%}5w?k;r*CRonG1JL`?mRbjDUB>q+Xd1vTov)=*Y zETohCshQ$TpU?=$;fQ8z5OKLzz4`;SqP>`k<}R{+6@Xt#sf>65-OwD_W^LxqaF+1* z&Ew3abddR={!_&%2+j`?OXn6P{}F>;#}>Ya8>yc6(|42)#;>qF^9p?$?zjGJy8{85 ztQ7B%gPXhP;fj1H-Uq@9V#+8l&6{_5odKwAA!lO`wwv(uS2t3~T#ONo_ZVPTq+z%y zdxyusD_}Y)HwLGs%5Z`XB!7;j58=97_Hx&$>_P)y8woWr=ki%RLp0oC)Q;`QqUJvO zqPy4mB($*3O78UdkI0?XPCQ2CC<5?L#^l)h^KdXyd+GHSyO?{8#yR<_p{OiaMHN;Q zPKA@Z?-{wGhvfhvhsckv@{LZS3v+*#yWb@CLlcjq6Cc$A*Op9^w5C!aiesf|?c%hX zcau7{Q$(U(A#esi_HS2qLDA-t!)>nNik_4QmecMCrO|fh5nkpkk96(EIgl(;^!x7W zamp3tzID>ganpLP){phIBDrUmaAS2Y#{pZT)SU6bb32@hMBZH!$~VUMvFA6 z45*qNsRV;%ybgf0>U;NRJl>@!e`C+}1tEb$+qDW6FPL2%6SwYAuBPAL9c0w#0Z{9z znZZ04>r>}{11~SGfERh-F#JV0sHdg`jLAtr*qXx9y|+qB4dkor-hC&h5%1KA8*6+7 z1Qv8oU4VEcAt7)y*peIhbTl#_eeB+4>fP-J3MoK~b_NVHFc{y`X!V0r zPn_AVb*R?*w1}ZKLHvCrN1xeIFdx92MulRJIFWv(8_-+?IPW)s_^sB_?ooC!?X(>| zrVk$Qtj}?Lh!HOX_Q$w^7``#0tPWLaQ^{KosC!X5*;Q-A7Kt~x{M@h8OsQrW5PVal zO2e!8I`$;0oah-ev%TJ}qv|K*50R*b6aEE0@xA8~Z(Herx_6cWr=)&QkK2Q`IoMv;1v!2v66MGIY*h%9yqDgmt=qz` z!-v?`!y@d*?)^;nQ4hz2l5y(h{{^Q54zAg|L)D_>sP7+&I<%Ooa-v;0@2qrTtJ-KY z&Cz3inARM+*U(}i)`tO}G!1D%WZIXcMbdi#fm?}D_mBDn&1ELEB)Pv0_LS4F#auZK{e)Sqm(VpR)(h7Tp5 zfS`~QQhz~5aI_pn50Vbo26hHQ&qK=dr*qTN6%{zVMq1}>ET1$QpCRQvKTJ^0qLPAUk0k; z&xEulNA?A+FO9_y&{q7*odV#W+c>HrfEbJAtth+}W0U-V7;}J@MVISmghkB}f$7p( zb=Hy;=I#})4sBIv*TqFwd+?1NC_p$PFH|*aDhP_%53X1*>>M-S5Nb>&k}`PdB&Vka z=PUV+c|(=J`$D+a0-uj5lxwgWVrZdG6U*Jpa-J7JHtl<7!Qr@V#CCVg5PZeJzP5(} zElGGSabka#I8PtBX|cxt%az9%c@4jaNsL-Arpjrn=CGpO=(}~IK5lcyC{i|jhID09 zDk#ANNvd7-F+Uw_C<117j0JF)7CMM4A8u27%0jzS5$A5xKmhNHAaqt;FE*(7f5g~MPd2w+6MUl#i zudi5&2h*FcxtyXYm9DcIO;y{E6zjhpm&+U2j{s<{hjHBp*QAT=Fc_j}py>bW4P7TK zXxJrZA7d2sua^>3N4px5_kUpoE|OkJtaE5(5`Z-KjP_5YIU~3|4kut5*&3bj{`J!T zO!ZUHHLr`}&%7=gQnPQKk-%-9H5LArWXX>x31wNXC>Q?hvj1(_LeIJSFc#E(PvnFZ z<@Nu|r}>37s(|VK7ET!GeSq1qj{m!t&Ho175gs^h6E0Wc`R_CFpHK+EQz!zMc@i<) zFe}j1#PiJ~&45kU#NYE_@uGkdY|zz@R^!R|&b6NuYou;aad5r*zkVG_s1LY9-27h| za==VN%TT@gFZ8tv#5l*PW1yDf=?1saXyI_a{obMm&^yRjspiH1BIN=Td^c*PV&T_U zyPn1ok1OsY1H+#uILZ%D+KUZg@&7Qj{!M(;Sq!BXA|Bf`S%g{&ugj6UsFd-{}D0&?A+@(&oy-v zp1AwJQAe@dith$E{j%Zy^UslIS92#F{~w`xV{2XWMqx$&Kj4k_61Wv#4mqEI7q0xC z8#8x@65tX6bl(+d2E;39284;a!++VAP~pR7GHD9d=!~fG>W*bck7YA97+9kO3!&3tDBNBid?5FT2a_}hpqWKY^HH^HD+5WVaE?06*MB=|O zo&VYr|BW^d@cITSwEn}r`emu=b19%iXOQKecT7Ghl*8TCRz(^%`df;-x(7BelsgPC z73Y6AY(iJ0?MN0t>p=DD>Euo;{^TX!@A=zoPXWQ!1aKcw7%I!ZR}Qh}R{me-i~|}1 z%Je-i-7MS6*X~qpTCF@Sx;#_?xyhI3_ngRK9!IRT~Q2-;4badveUC)-|)o{v?t0L|?|7y%;5jS+N?cY)54gg}?UAEkq9 zEHxAt_~Vwn5q~&Idhl{7Lib|R+(ds?p-x zH{A^@1CS}6K0<{~PNpvU=ogV$xX7oZ@&z=G_9BbTh#r_{& z#vk5B&ikuGJm41}9>n}f8`j?;$uANFB9d&P0`11Xl~`R;(9ws!;LC|$``e1@{eu;i zzk|4*jrOJq$XLmAuIa&aD}Ji%u#zsM^LVr1x0ZpC5!^U3hEmJ@AU3)pIGKGrtjI^mQsP&Mxh~iIXlKr)r6ioxOQrJn4SGozAJKy>lX8z~Y ztKY)rSeYLfn(S+l_`W%F`?a{aRIx{%n7$K9dWuGv!I za=Pr7z|o!e)KCP93#Bux*JyVh>1!MXURJ7?FAiQcR(<#;{M`JET!4#BRydv7X8pbj zp3nWYkKrZn-a0Co4+qphCQG(fU7yh=y;E8LSo2OuKA-Hdc%ImztE+AKTxX{wQ>bJ} z`}}E`J+rCmd3B`LRJ7%$ikvAUu^S8=;=jMpsZP)JQjV={IlaruE`D!Zv~a@Ntkkxo zw-bpD^UJlsKl$Tt7q(v_(exI=JkbDM>=)G>jXAnh(6PU59a6}tqAU0i;`I=N9|jiw z=PyYVh+inCkkni>bCeh~vhv2db$SwXwbQlfNj^7;OGxkvbl(<5ie-1L^>vi7uUP(Ng70$H5bttDUgPb!Ud^EK+`+JDjSHj^>2OL!Elt&% z>Mk!hO1E`%{>ebYqRiYR!eLRa3Ri|IvswroPA-lLk}`ra!a)U^NgZToo*`^xu8+jy ztE5IPIRd>hLnT%@S~=RP1HrOoE?;X4f^*Lxc<<>`HJQKv)Zda|y|{6)bUuV2r^GNW zEjznQ{47wzcMbN*@!ms1Y-HLWSZaOv6RBo_{SSu)UN`5CS)&`F_hIRUb?u-yN6}^WN0sRYwdkq>ltqZ%rGqQzrZeTpQgm6(~AibdpZo;#{uQH zhM9+p;LFjzsv$_3_h!_nSG8My?*o%fe_{riwj1&Xj$Tx2$6jI&#TCGaF_VY96_k7X zR{yJoOy62Y=D>PZo@>6EYrMYm@TL?jmZvn`MGMd#avK$eIpu=7VC)bFhK?Vn zuXaTZ0vTwj8J4C(THc&3^!Gs`j$g>Ub8b(x2pNm{{OYq&9_S+X!6tZc+g3)CuT=-a zDJR#Ip2p9UqLAwm@j!mjE)-OE_dL2RGp^{|sKKdy&8@f3$!jPagYTAHxznd(lm}y< zqAhd$*Q^zJrI*O2WF8;mdtO+AW$V~SP0TM<=Fco#DC({Ic=9~nReQ`2p(;Uh2}jDLPjgsf;is=iF98seaSrraqTJsd(v<1cKdx&Ptvq! zxm4umG`6?J!c80=%gD%!wO@o3qu%=U)FQIj!VV_}`{9!ZrZia_%dTFOSlkwoC|3lNucoV;IrMhHF2LX-0?>deTX3~e?Mw+ z{o{Ki;qtOEiqo0)WP? z3D#n?mnme^2Zp4JWF`d4gp0n#hcEiKSc8fx4U`X4fi7Ej+V2xkI10*qd-a$Ld2S5N z>qyX8usZO@Q=T#KSEnyaGa~rh_?5Wci`>6!0U+KBgTBk#`@}2LLLot}xx=|QB`5e0#lhW*BuO*bXM84Y=(eWW?k=A06KP3D0YW_|vpXag5ORq;=v z1kN&5G~tBowG7uA{!98_DTAc^+l7Yp>H4#Do^-8KB)<+Em~xgl{>j-_*3|qT35B(_ z_utqh*u1j~{msLQ`SnX`Xma>6$9O7U_#9@()jsr{im+tWcDeD`$FlCLDq@izR>>i9 z2exajz^VKJ4r0BrS76|}<&zu=rJeU&S7qJ8_?~<@E-YNSG5bL|{F93ONQRd+%RaLy z>J2xK00tt3XfkDHE-CP!HvtPjE5U1>=pI4-vg|A|4moJn{VO=s3tnpWr9|Zfhupv4 z-93Udzx;gCfNp0I=#0{Op9x9M@2PBTkiOXG8=D3O?lvXH%Gl%G;)wWc*9lLj07V~r zyqoK&_X_T~{j$9h=1FiD)^1Zf{~OY`7GZ2ik2jhgSUYei{QC`H;bZdnW2_#sw@X`h zZ$AgqwWqwD0%NOwZAEc$Wzc(*NLAhVoAEzJa~HLuXj1McP@qK%HF+RKmPi(gI)M4B zNdV&>L5txlaN7&R?_+a3U{idjE(DhTPS)qMv#d9=vI>DFG-KGk0Y&YvKYOZ(`P&kW z^j6xe#5wSO7F~4wTSW)Z@QnVYxDgrrk3;U2o7G&4-7me?Np*}TcvwXH?9W{d8|t0J zkd(_+ttiY0%m{ugarG6Jfltey4|*jF-FXw;;v|N4_1ogKwIogNLpHlSg6zVSLUB+V z>unOI0|%CcC9twn@`OX>kzhg7U5A|yAJwdu4L9t_za16 zE6|Wn6G9%o+XX7_k-ZbSwgh74tY3D4zm@6Nd@vp`y`^N|d|$bmLZy+G72+k#C$ej* zTnaI4cA^t|zqNGilCW0aHZFdlXtYy@UXCECis*E>R8)7ZAm7!ZSs6J|k=?FMg=&}} zm|=m#VF8t0*ATDXNu%g$NCkBWKjM^9LcjNYuZ zzD4G+B)HdW9b|YRz1tQV$a?5@PwJjbuZT1V;-zNbCpA=HJ-n{H65^Lav&4Brq_KRe z@2!*F3NF_uomXTqpQJC-pB#%YyBsUkk00yWkG9Nqt}69Ylb8CivvELq3nlaTz+#o5 z2}g#QN8lIh7smZPmR^WmCzgc5c&V`rn%{#r<;nIhd>1)b!&6p2K~^(sd?@vC?xkN!FKG#$U)|;8PbG4QEjVekW*S_+Pguja58X ztvy=hjy)Vl9d>Mw380iJ6iGvTvhM<{P_oLib@Ur^M;ufG{AFs`<=+0DsbVYI2J_-& zQy{q}tc)mXzc>vIjq&{QlF>}VGn*0jsxhpbj@h*t)*E+WN#TDDPi$pJ&1A6kG3a6| z`BHIhNMdBV=0r(fe`WT8U8pZ3$!83XhBa}>ha5}-&lTu=G1q`pp}3$FF10~uRjFM8}1WR7@d5IzOWvqk3Ww>_*FV$=yAD!M&@7k z886k>Bzs;rjeZeyZew#>RNUp2%qKjS7jpQ=k;zA*ue{)QZksmTG~w=j<|k=Z62E7< zBiWvk8m2%FeL-Fq6FjE zYDX$Qx;Mu5QWWm?ebXnFo+6oc64i+9&5HQ=fGKWukk4@AS~vbp;NrlK^Oy60MiG2PY{p`o+9 zTN_q>N9|n=@v##cpcqs2>9I;b{(F+3hSB^h;$b`4+Fh3h60MHQ%qbdM3*Qh=Kk6S( zUxbsWy2+}(GGVAWtWDH~xSxOR>O{FY6eoA(TNq=FJ9D4{4c$c3j0B5n>y^Uy;FTw@ zKaW`tgWpA}*(4uqRJ|BNC_J->Kd&xY>?)Ge&T&E))zF}5Ia2pPdHTUTeeL{9bzy@l zWi3Y3Z){a}qQL*$b+AL z=Zn+g`3Dur$V+Tf463dyb2!p=_!cD1$jX00xhFHaZ zHcMmF5tg{I82k0m#_9;OHQGUd3ldk)LH$#MM~ByYJd$Ih^}CuwSf1tNq1{xnh2VbIER5LdHv==kPyiT-4Z z+yUj z{Odd$UKVauu8pj7S{kkXNZk00msd!yB8OO%-U2@7=mu>KRK=DU40edC_*H9sQFNPk z09ia@q~@o#1$Lw5Cx%bX7xx`^2H6|FG6!7p>`Rx*4AVaX_qO86gSVw)`7}T0EIRmc ztp}Ym{3(>Wpx5`+y2eT^A%VL20Na9i}?|6%L81F3%7 zH%eAgGRjuAkgQ~;LiUz{s$0&Ozk$J3)?9IVBWf!vd%HCui+wal$ec#{vI{kT^ z&-}m#hE_4YVSk<2$Lyt{wBFf@;Opo@1x9&QPRwK*Jd*OnK6>e)YS_}Fn z_VexKG~=2TJc@!9`YT_oryN{asYfbNgjH6xk0C4Lx$f4vt)oY@(Brr;k5{1(n4Q^3 zrH$zVA+i}cVf@SK^mxJA$XsJ*$rLi=MdML6A|wLOH%zdB`{b7nEEnJw=8YW5U1awu zLzjD+(kbq4Fh9&}JHzvnGN798e;9(r5K9NpYXK|crh$~bp#UD^25eZ#Af8Am=~+-B7=n^tTeeMNdv@4Gn>rvQ1LrG&tboQ z6Y7(`hhl5qbvRX684n;<#3nLibk+5D<=^y6Auw`!n#kGMbuoMFJu85t;5TeZCC0n_ z+V;fFK)Zg0S@(ZYa)1x4G+M2dR%AzW_n2DUU zzKKXQ)3K?}p)Q)FvGuP-6mW3OwLT##A{>M;7ml`!&4wjNJuDj(y4A3e%sW^#tf+_=3WIe zPRJLi{C2de-@95HaKWC5f5XiPk>Zn_P{fc1XpbLJ{}90aJ94_Zdq&9fT<5t#Vj@N4-8U`;}LLl>yxw8~&ktUynrI6N#1V>OM2KGG!z2aba17r)r{jG^tD)hAqqI~6 zbS1V(sTbaZO{bzA^1DV;i41l`r7bkOZJ)LuuWScV3*wuyS7#7X5S8y_^C@CZJU zJd&kv3YQ9JO3-!uKAERiQ;}m_|3R*8K*M`yn+rMeS##o5h;Ca0#efq>`QBnh$qL?5 zNFVpBWm1-2{sz%!EyF((Iy`pcvNAvUPm9UIZ^^*-75GQ5w&;x3mehrol~=IwQynYGGEll>(T_dG+> zL=QQOB$8u2@!PW&!+ck?F2BBM9prOtP%;D;@Ei)?qfH`%>W>~7 zOqgNzXz0A2rX)M;-eo)8Vzz7C`XH3VbF^}TN zN1huO!Tb?!?o3E`yjTSjwhm)Ry<>JU^dxwL>WQhHYHUHAe zhE7sey<%JTa9(n|d8V!bn7F%s%j57<9)TvnRl{w~vUGN<{$ zsyoeYWx|?~vZ{f zpS0_NICS-o36cBw3A5{@8}RLc`#C>ejPpXAPdYM-uaL4*i|o8v8L!FmqV{@t95{0< zoR#Dz@v-uJDf9FxdGk823ybOK%@Cw!8Iz)pT^A$!n09AZY#eA$N}!v_pq!&c4*v00 zkfoCY<0>_=2AHLn~k*dVrj!t8rVFR|Dk^|mm&Umfza)PdUC`AyJH z#q|GPFuGRWlI+4ys&mkwkuW;pzB>Csy(CF-B~H+?LS)&E<#3FzHccXxGzRjMfAke} z)U{=8$H^jaW0Wn|p&Yt5)a16is$rDKq$l?(rsAN{Yi*nB)U-FNb7xd7)VOopx$Hr# z(&wq;kizn~*Iv=T%VwjJRvBa8q`i;={itjRSTzL%qrbBfgg_?Q2lf?3QDoG*Q^Swe z-G)qZJ3K7wJeg=N>UG)g&N)*WwsgUs^qf>bL8NXQSJ2ZEoDBG^y{_xp zXb#KC+D+sOdLHs$aF?dHJLO0h8jY|wA4&$|-CLmuAGYigr`#Rl;on_=$f4Gc*6I?h zOS;`W-G_f>#g%?f2wX@gvm71hyT1PIXk(5tE}xZ&Wco&K{zz}Qb1^yLL8#F_DW@mc zNYA!aUe}%IAMKQK9qXpXZoH9WQ;L7EYpV03NoK%-`^&eZYcjiw)O&RmFM@wAJxPb{ z*cJ+MqOzO|*F|H}Uc_A4_0CAny(RaE+%RDOS?k?u!=qBuIv&4i^I$7ub4 zZPc8J^c33s^0u~$^%*@{n4;JAc9=~)s!4_o?AnOzu7+?%Fb#WmcL&hU4hqcYG!^P~ zPFq$B-y!6xZjO`^+bi=bIDsz5k*oO0#%I@N@F)m23-~9>-?JJi>|LAFoGjYpT#z2j z6Fw{`_3so^IlY1A9uqQNkC5Wim{5F}>~J8K`kN)Rp_al_&$})H)fU(uBxsezW7a!ZXhN_sm^jB>+_Z$#)We+mZFimi&@siak81V+s2PF zH@rSsY3idQ%32)uBfnJ?TMlb+uoEGV{mZr&KRK>my@l7F((`oH-?G520M^se20qTDa5%vHP}lyTTAkvG@|{ThFy5V2 zL@)$Kp>likmr>5zQ&^(i@%zliSTo^taK2*ZfNpvN!hOwf)TWnf<)ANk?X%`&qRgG( z0@?fynkq<%-K6%uFdnB4!*?PD0h+>JcP`3ygF$= zYj)ekD1uYN^BC~iX=lS;410Sp(N^`&+ftS14>wV+7X!EA)>wYTHV1VW&jA-Z&Thua z(A^e{PPg5PBj0}*jQ>btO8&R<@oaA=a)(R(7I0+S4zCzkh8R6H!h#PH5w`p9CPSMy z5p)cr2PNMVvRNmeZu)MYxdo3OcX}Cz;`zBejaX+Njmx64JP0@PH5z=VirI5FLev^O zFCMm=-EggJS1-LR&dv;8Q1y1>ql|52(MEZb3gAoKoEvlFiv?<~1w)z(Kil@--mOcO zv~ZgI>@~3Bg*pM3Zq$7@OlM=)KTbnhTA6M<7E*U**Td{7gLsvCO&oab&CIfjYB=PF z6rLQ8I%wWCc`+ZcHm{jxuTq+&Ltte zXkq*=C9F*sHKVx`-{zl-aBZ#@)~Z{o)x zoM=;2eH?kkF}60@@^jS(_G#DUVRBtr1{>|q1W~N!+371HOZBn^+amNiq_-HepWZa( zjUWz9d&1jgKSY02JpdB4LRw}fTm(o-RNp+wryHy&WV;@Gr5&uw96wrWQ@D`|#ebVx0I-kdu`+yXDiwGEP4SD>-_Uv5@3~&r^7Gt@bDBJf*q4;$U7Ozi zxzogMvBpPInCQIsUDQ8CKhmaZP9ZjM>qCCk^p?}=`+!fxG=292{W}E4yZouD6xo*U zFl6it+$Ca8vPDGDJ3x#XkJ`*zo=xPOI-I`6c4{6bKN4_&iOr@!bywi_t3Cm=s1>Dm z_m+1BDLR#Gx{p??L!d|F5jmfNrdb*k&g=)aMIJ8WO_oOT=NaDJrQ&TaXFF=v`QEI_ z`3U7;If>Bw2o*9r6M=F)s~q2@MIx80rHdovxWioJX1_@_?`xQs7v1Yu?Y>*!r@d>E z|F|NaCd!0YzDX&!a9~tY^?Qtz=C90M|9^mnrPA!I1;XiLnft!sTR0{xS& zSgp9*?QuO2enr_5*nGL~-PX0y*T#jldzmZwZcz|>GjaYun=x=cA+NS4nBN69u1C}k zIS?kcb`V3ksSa+dWPVZ#l=5{^6rH&RB}2WTev$6Vx{UdpJC#fK+7D_}=HX) z|KY(&Pn)x<8BydXH-QoBtkb=q75b%9oDX%c*u63*$tX=pWtBr$^X$2{S5#7aXi>u* zWSqK-?pgTQhJekOPstTiP|paG>wOHKT&-%L&2z8(xJFO@PQ|F6;?Sn@W5nPAc?d1A z{oPA$1yw`u185?b>4h6lNGNOC51vwEx(Bw~qM)t6!+u zkV1rlV-0l4&ve+dpotzko0p}lBrd_GUth$EaB!^xKlWlqPq5~>Q|(s9#;+pvluZJ^ z;dRX!x3!IAA#yWD&tvoBUgM{L`n=3JzA=y9jkc@_2Svom6#1Fmu6m75u7>ezoj7-K z71^?&EBC~MC!_*s!piKsY5e~C$AD# zr|}`4eBb-ra<4G9Cjy-y=ixJH=}jBJj4G(8<|7caUIjG1uWj=;EN+#pV8B+>7rI^E z5-W&06h}ttJ{aN~N}Hx8q&FcZ=1Q}Th@Y?7`H}!-FOhjTY`s8z44;SVzn8F)44^rd zf<%+urRW1o3wzxQo*Rvze#bJqhsVC%g@`r~) zHS^7*!u_v>P?dUDUTfafsj$7u_vvtIU-1Oq_dCQ5rhJ!c0pgJl%Nz40Q-RvySx{c0PJvyvY6xuKTV@k@ydFqWRtt}G3wCs-FvjNCSopl>Fg76E4NsR8i! zmfQlhNBKy$O$QSq@FB_W+{1T!3WU~P=If=iQ_#5E<#mP)JIw6Lb0-#U@HMH#IE3x_ zKa2=|w>Jh&feebEM9kQ*dX#i9RpeJDTlrY1eyW3k1N4`q+H%=4r za@I0%6*`$s&GdgqQt7rDbav>d=kjx@fIB`XhbAIi*ug7SsH_08w^JH$e3|Jj?!wALpD*wXmPY8qdGqHHFTnD?Vy3IR>#ZY>-Fv z{Xa@3&Ejz!>GQo?#MY|>jLDPMBHY(3My*SY9f&WQuwZFARUk$g!m-kH2_mPlt88A;nRd+IVq1D5LIF+^xu@m=nl4jA$)iY1-l=C~u!afIkJ zosP|T`LTt*$ARM{d$fL^hPPVpVNG@NSM}L+gB8z&5lpYK1~J&Qn+~n#LD;ElVA~%< zB0}eP=MLYsjG<4#Exg%-jJv-?pv`hZrnWv^p6(m-l!LCop|0&OkAlSda{u1Biept^_WMSY7dGFLp)MeWJLiSJ41!r5#-hIwOl zu_xt|fUEeUKU@=YFwAEgB5J(*bv&UmPw_YglA#lG{FZx(YSRjtjbzvyB(+`NzO=3P zAMI3RCA*4}zWPy)@mx>O@|M&3oM_xLY}HsoS`+KhvSKR~AI1He_FauWpuMpLDe72N zyeFaoh6Q{3=l)8QC+&cKX@m`7Gcr&(J2tz*dUT(a?dzdOz2=_S;3Iq7yrnQ%&V7RX z;-~E{{~P=w`5>N&;TvA8pvSFvFwBWOt|#dR0g%yiuL*~mcjy`rf}aRuD1XMu0EwKE z;hsMWzZ7ixMHUfroZFGy7n09-DAZIjge*nwY}qNWQivAs)U(zgjUiDYc$+ zFEzq8%8DS8hHBThZs!N3=cp95Q;Ln=Ao2}SXDIYLjdOmV#gI`YwRIC`+flRHjvGwG zxq`Z4Tt<;&x;TuIZadhMTzY9j=qt;_M^!z zFWl<7KNV8Ax&ZMk-&-4vkNVKl#LEleWlHC{~7lpwT|H9Z@$H1F0e_&gb-yZU-%c>iZ$IQYiIjPpq{o z3$_pxNM)NR!z7Q(Z6<%7x-Og@%%zLyO$r!B*KH2Cd%8jKBl&f`sD-SD-XN3VApZhC zvMkChQBlM!C*U4oDtB_f9@o%voo@A0`pgVe`evOOk@Rq5{UffLGL0!O8qrgSw>5i6 zN87AU)v(FzO4g=CG!tru>*KJQ-Q0SF*FxNRW=@7Jy#c*Hv3`h>_PQ!Vr=rq@L+fcM zGuB-MM7*JMx(4q)YoSIRm|xNjX}*MGHFN2KMe)-ola2#rM&ZIkCY^DXULt3~YWGt( zv89)rwer6RZ#q2SmI)Ha&oHhjBnoru(f62hL_$_jdZU#)59V`<&voK`a}e|!=Qbbp zs`({zE@yKgR0O8*AF^thk5O)D+)LO8Pq}xX}MO1J8=kGV$xEU z>Zd{67DZ3rMUh6AUFRS^-0t=&QFq^cgIb;(4f8^db_%#mKCbA{NEkM~d1_jDybbZx z257&$s})x0YXG=WoVJhp)KB&T>|b3qQ50;fwqe;2VCPUSHHI z>EP)&?K@%-g~RO|<}&=_YP)p~@gmwX~ z20jhbR`LA*utY;2ku=f+YTR% zGnD)BuKIu$wLdKI!iJg_oRUy85sLCI%e2gs3a3!3a`3fJTA*k;8H5rY-ipo~%))ry za%Dpa3;wC;~y>MFbQyc1$nqX%bEtPIihp-$z7v^BO-LS|f zv&>Zi*GGF+{0PXaC9*?~b(V{lZjoE+^ze~T@eyse7#XmsxgR3A4qZOrPY&3+%68jd zFQ7--p^sImxG+us3s$@EYr#p*Rz&L+fv7s&zsBC#jQQ&m}33Qo~8xs}C=xDLeW zMsDHSq0ahFn;%Y6XrvWDiwD%bIJD4ZVvBX6ki*Mgimc3&JGac2^S~VL46(>j*c-Ls zQQ3Z_i2r^g`@)}33iO!4YHIL9_c(5a~ki6Gsy1gehRL3yBj%#`HYHQO5UJMm-I`JKEQPvxZPBJwn^KPcu zD^?oEKHrOqjt@f1l$w1`M-yR@R|_jTI(G?rWA7Tomm)48_76)N}RxSgAg{Z8PZJnFWKsmwBs)z`YeYmEJ~WL$G?VMZ~0_xXL9X~CCB5fApSYz!lI z+hMwjitb0dnZQvmOONrU_1Y37Apba!N|Sb4HCQ0ZEk$5?HsNtpr`9PGKVaIQ?DWa9 zTymS|Lh=AfmUxwBD6O6u9;062vrSh^cfDS?q!`~%F3+zMm*O)pSa)KmMEp^DHb3A* zu)}RG&k~B|p;zg<$502{;Kk(QQykiI=ZTZn7Fsoo^ojQ*0xru)t_=K$zWo-UxX%uf za)~bw8<7gl%o?R76m01}C+Dg=^oK4{Fn8~fBrbvY*Qn#Ky;FqfqtZR+MD}3(=Y$q7 zp5>2xF_U?c>C$YhIXV47N#YU%h=4dMoSJ{h!I|68BM#Y9w2d#F!OW~Tii zQDKP1eUApNpu+`w;iIuO#N&^^y+z?wjja7Y9)AU0u9n5f>A;rVUqruf!h9aMK?gLXr!e3msPrIM@;_u!g8N@`1SJq>!@psJyeB zwxkbZ`F!qrDi5K>v%|_I9uEu#26f~3*rf}>mJSFVjdvhTH%RdqO{}(G1<5_(3O^4H z@R*aQ+_2VP#zH&|%8h3*1DlsIb4J25;vzesW$S~Ev=iOCbX0W_8t<5?bsx*|PDGmA z)ROPvcPK=(_sFUbOTzuixn%BH3>H|!D=A;a6DwqPe$uieC>RmI{v?sA1W)=-(i_-G zSrHfZ++*0GFiR1(L}_j=SLtx{jrV`kqkN|S$frhRbbdTp$-X8v`X({@7T@o)&Q!5Z z-x_XoFKhTQwK$aX&gKo{IOeNhyw3>&leVD_qpc?K)3QIvl~=Px-)+f6BYSfE$3DRG zym|&Fhof`EbXErPp*AzxQe|JI!**Y<;U_QiEY^;@tmq-W(dIAgd;}6^!kP+ zR&AZ|s-eLk`HiUMa)i??=C>m2<_jZ=`wEcH2#ZjFq+*-Luv!pl>&i&A zjQwe#6M8|Fzb>8kH)K9`q{+FI`>fF~$}%pKdHXsdC;(z8w;!X2ol+VuwIL z2W>^#+POKh?l5tX(@tXs0yivrHpOROLN|KwVhiZH`p$zt-^($AJi;>(cG`P;XKQXF zo-0X2!f)LwG~P+3Rx--huGW_>tMBYI_I3`3a3R6ffSst(#Zn7Jp@aRqC-!J0#%vvH zX<9k#J?iEdSe&lx;>&%-dP7%?{&%)OW`dcaj{|1lB4^!cvkpIC*aa@xv9P>5X(3#Q z9tDv(7s~rDj~4Sh5i14ACUCGV7h+M`Mj`Rx_lhyYQj2YWY_Qru?_!qwMDyOFm$1+& zDgA%v-oit*$9~?kt1}&c)0VWiD=?`kxOZOd)^Nr<1aKgqt=ArEJN0=`XMY$}YBR2J zWzj6S`~GkgX}?&+BuproM;B%Nz9MTs)3&6^tL(eC<+_p9FgOtACd4IYsXs@ko(yD)AJiiUUZP3~A9$IT3Cd(qNr@Cg&P zP>=BDT9qNPzvR`@`oJ60w?3k7hSMdVeW=9BxRKs`XnmFX0gF`#`Xc0g{}p77T7yWH ze3@gZ3&x#Mnm?M#2G6D+laQkodU4N#bE%GT5Q||;@Ij&y6IyC6C`95^V%f~@!r;c1 z#`gSHSu~HN^sR$ytwHF9tR$*!`&(In|Kot73oYYZ6Gz zNM{lMvF^c5e(~!Ljh7R(2mGe%V@#|Phk(sbAt7k(bLSGhE8=m=-@We$cUD;$oh1*S*W2G}#sjqsMqm zB;7GxR{Y`OjL<24#iE}8-NuA5I1&DDr_SqGSnl{-kHG(fmGL5`1*Xd&4eN%jEerZ{ z$bHV&5LQOD{lY=V4M=v#qc*fQi*pnBy2t{DV%DByTm4({g%suU-xD%lpH_AS*wAmC-DZVW6ua!!%al`;LO zkc#l)M}C-9H_L**?7RjwZ$2Up&L~tY>E1Fm~!(U;`(drf&KdY`7rD9HVOhEO{NRz1vX_$K3b&d%cHT}E zp*Kat=XUA5ww6}h$C#LXUn10Ev$h-&J?u#}H7Ifn{*Fec&u6h5-}eu12)o5MVB@eD z`MCUb;%#(mVvOsH@w7sOE{y6VF@PS?^`L+#9K90Cj=c2`4Hyg4x|jlfzF>bj`$V2S z!R*;!5`KcVScD0DF)m|EyZReDqAl4jLu@cl#aYRhq%Qs+sD6A(Hw%nXAH%WLML6&Q z#YY?IT*sJuOXD5?%wq77hrI*(3tX_kI!Wf!kwAaGcF9+8tibV<^J>?`x%KOdD!dX- zePILoTp_MHnP@qQ2g%|X*wTcr+AYxM#~9DorR}^d>YphBwPj;sCz^K%L>Po+>cfbG zWZ1b1i_T4fIfw;p8KIG)Kgrvzl3>+JoDux5HKXOS3s;7$HG(eW34;<`;J$meR$!Q~kGY=S z58~p@D(ygAgfwq)Biw&O2ygSS0VUd?djs{y*F|lDAo7u;m8OR_)s2hW8@KP@Z^}_v zTPYJE`^)qM>(Mpp*l~#8fu#=>UJbth_vh1Tb_*aQkiiT*wAj(!@DPCETPy}nwCWEq z9G?FG?g^C^#f9lU|41kF=dr9pT=Qtn@_Fo;)m zXh8;n(uD}iKY-lz63Zx=dSS568c7H}RWvuxX~SgO?5%$Y-#jlfBJRd>OO|F}HrEA* zILytF?)6lmPONH(R>@&Wf8ps8*d`sxu^@G-wY$?b2V}{YD{)`@OZjoO)=LoO)6mcW zck(cbPBnFKs;_<3UzX!d0^dItdjDyW>&4dxEB~sCK>QBq2Xdoj|Ce@CCcUsiw!@f8(-G3>~m+?@)hqkpCi}mv7WW(i)9RRKLxpEzMGrJaK zgeUV1ZoCGCnUpUpwHVPJ!^`|HF7o+Nxs5`=cXSlNzzSmmeFc%T_nqBlS%HLTBaVUf zjPd`Oi1K6G`)FNJa{jZ+GvGQU3}|hjqw~4`kNbM9fc9^Ffdd>P!IpOHHoA@Wb*l`3 z!W0Zvc778y5Wu|r0N>Yz09*QYkjo|X)gVq6fkjXA3{!;$oKb<+Dm79UP&@Bg|Nj8; zMYQ%WudpNi10Zv3Eyrlx2Ik%I#;xtuhsYsNNWAkO9->Gvv*;#E#`#71Df6Q1o%e|u zw#LSvKgMbf$<9omO4me-ARbO=VQX)30@6=>?)nO#(n?Bf;WJ>neG*L%tL^S71`iL3 zcswJT{ROt5{g2_)B}8igKw3b(F;(8(C`H?l*Ubz7J18%@`Ev@*$YEf~-@Cr$1=z{- z&2RG;U&$irgAzTgr`3Q>jOVH6K1j#Nxz+ig1^wU@d3te771iugd9)shr_ABWB|qq( zbpYkr&~vlTu|e@G@Zy`y-uR4eK*wxmKz$UzpI;+Ze<3n&#RDs^PUIp%`LC9_d64B! z(@C!vBXQT0dR2xomiO6ZTU+>)+!lE-euq{%vH8DI1PoB*0yx4s;ffBU*hcpo6tFfi zE{o93HMX>)4YId5AJ}TZSEL}k`EMxu?n`StfGv^IEq|Hp5s^88z0mhS*eBBASl7GaF`H68muaFjRn3GcuA|IZIw z|M6Ok8Kw!*R|AHRFu)XmMy^kd)zMm|r2Y$pz4r0`-)Z@B_#6K(uTZCB@BlNIOSSzM zzX%sN|LvtS$A+VOqg@MU(J?V_suW@|j?nZK4y~%}J2#S27J{DIMKzz7kptiNTzKiM zIQr_jIgFMWj)BFY_VOP|<=l0Mr2xgk1f(q!#|yibbj0(uY3Nw5-~`8vr!0bQOE zXY#r3ZMKdr%_d60ZRjf>&-*<_%j7o1EMxj^(^WOIodzPYA@CH_VCL+QCB~Q+_17N$ z!dU6g)nuah+o>~-#6a9ou)6n`T|lQK^~Wbux%#F%?HRvG`z;WLjgbHTOvG*H_xGnH zbWJHP7aag`!ap=-!wEPr^8kz4hxGH4SDM%d!UKg#5#+`PQ9Ld4+@vU@LHb_#EYf{d4Btc*`LxGv61 zw)`KORZ3Na@=jwBkH2s57W(@ePQ}^j(a}u2C=@>KG-_Qj>pkrg*5I|H(|HOYt z+cJM{@@%J9ac#nVqrCLzqqaU(Vst)Arvw2=ce_^83ml?R+S5Zkc|F)&ckH)pNjJH5 zi@qvvT@F}lBjuLxuu@}yYbo9UUH>J$BfKMiSdEmK^IP<>B=DL?fx77C zD}*u?RL4U`5pnpDaHq9p)LG32V*5Nb+Ac7^xS2wbwm0-PkDY#|dag#n+)PhmtkHkt z9KJj_CMz}R#vb4h_|N|F5ZRhN!X*TmSO0cCMmwNlA5mBt3e+K7n@35cT*AJyaj&8tn8mL2iZ1r(#Q=Vr`5$EP%FjH&YSlF~4zDQ1=s681R;o{8gN-9c zBSZWV=gAE2y%$Aaf3&sL3Hh0Z85O{I^j6sRR59;>Z+;79+9uBEXjQ#QJ)`bLKn=*R zw4iFLks3xOhty9l8HYJDtsDx?S5A7CcBe~?CJNe9fKsNRnDdL($($Og&ONxuq<<`= zTId1Qa1h_R?vLG1VAXRVkGH~VrYI^hp(TCeQa<2!<6O4GL&I#H_NsGWrQ@p+M;PJ<5AF{?>-XI#=FM+*dwazpaU z(2jHMt+SZHH$&&^9o)UJ$$}qQBHk{AsX~^J!ykgE>Ipb##=o=pB=PmVeU;LYoa|oT z$iRBqg-4s}I?~Dby072|`4t#9AK##$9H@oB)F8fXgfaWDJ9woh;68cTc};vy1wYL#!Ko(pK1q$5q7K zl-R2DvQOP9>(kAIFH~ljb-$eDdK0gn=yfBTgOvq3l*uME4yG$NJD=-$wzMaUjFQvJ zCkqd6{08V_ypmt3KeOS%Gm#dY{jpV9b@huoYQ1A0ci8cKS4{z00)jsNJO!Qc2@ga+ zm?O&-f#K<4U0rJOgh*nl7(l$@_7o=LzR+I*X*+nN>pNEKUJ&;+z9XF%(RLXj7NP-lq_dllm37g z8B{A%gY2AE2rO4i zvnd6zNgbd)ALLGU-(?jj`X3T3j;P(QyQL%h1$oW#9Bv*Egt|HMR$&`D82MennH0x5;wVorPQ@?8-jn{PSr=5;5 zU~u<1Jm-=&4H@g+(@Np%e64I?NUjf1XvVK>+&Vd-7IMmig1Zz&{rl6Uh(?_!q2|AH zBmU1anU>N= zz^h>bAgaHLGA5xT-P?^d-vDtF2G#xE(&{tl;ZhcKBH@%K7l#2q5`U)F#C{#$NO7ft z9FWY8{Od7nevZ^Zx6tc=YoTn0y`U>h)}c_23yS zr!O$nP(YTWT+QMA759ng%{V!n&roo>+Xn>$MXtT02Vl024%^C{!8VLyJzgpwKU*FX zJ^tMwN~`82RXO@v2-KL);h%ja+c4M<1@IU=-~{0D`H!M>@E_jhS3ZOs91(-?!#C_! z&O6@XAO6cvrj<@*#N`WmEg~R;sUm`z;9?6V$r-Dj5I6`2+=R(s_69#-WgNSxct_K= z6vg}khtOQlnf!#6F?Ou)GKF2UknC=?*p*tbJD{Vf^Frk9F$#HBUb7BwLz2%E@qA(a z?l`D7$UpS*(&(E8!d|BJ6`K)RuDVw?wVVER$6IZuZF8O{hkwkRWkGc&nZg)(cojQA6oq|H~3XJq^>UNKjkq-M)0kj~XtWRkoD>MO^ zrS)3*V1X^7S3#&_0OAEj>X9nx+IR4&59}^w!A3|mbq#X!N`jq(D*3-~(QqR64Z%ge z;I_+sXjp+b?49FlM}6=VY8~tH{^PxCqWdp(zzORodF4su2W!Z))4g+|4LLj1L~_OI z+C6vRQBPjc?&WjnQ-yZNSfs76z)ZN*aM)Dnk*4ouWHbDog?ja(33Uj;s=!Yp%>xz+*BN>&kkTb z!-N83k&grjt2?d(l^rKTf!0|yko3D0yEQO~ED$Ll+t($T*DpEX{c;LQg1^TkEx;qG|tekLbYcVCE zRi^hQKH}?hf)u*O%hrCbIC7^BnWhbn=p%{E;iyoO-i&!ey;e07j`((!+6X?y<#iCU zv5We_URcJd2jADir=RE<`kn!wAZ_UDY>W^)T{IE|qzGn>IG9%-()ZYW=DwI3Ah)1h z{2d%u-gf00)eGZff0y^b!AhOCmrH!uyV(f ze_1{5XB($`9&!3$O%GVRp2>JaE3>qUBS;fNvdeT(U(O(^U`mvZuh<*5 zSeoG9eA+&Ai=jNJrgakb$V=!nkgrdU4Fmg*yg5zhd0_4~V1 zC}=?e;?QEU;TO1uGRAG?Edl3mR6!1&c{11@9H*XIHg$lS@3r2I*!LHXR_&{_fd~QH zWtHSO@VxYuoyyS0;#Cp%y`5sQru!1FRd!DNJqtVt<~mr&rBJJWyjLmt+chB2U5jc1 z!nz2!mPd0fd9uCo-<1KpAbp!+FzB$ z0k+|-^hq;ED#lW7Az};Cw=8?99JhM;OYXpJdB2Asud8}#K?_pb@}XGmcgh_G(i}6~ zZT8K_&)8&~4z}93pzqtj0$D}!h8NBN>QsL27-lwlkvqCg^{)uMMqR}#U}&8bZGI(3Dx zlzwMQ*ndj{eV@w(pLvJ)?Fl@g6Vcq?PXvBzN8md}SEW3LqKO{9v3liMg@Aw@09e}6LxQtRBrQB z1z5?|*N&Jb5s@ad?x$uDm$y>Ts*z-^NPVLuwO|!|mY*&~Pz^50B@*k5q<`X(LYMa> zD3ndS$L`XVtGFMwMPn?>FqHC}`6X8z=`obA0!c}X)m1n3tJIeR(#;L63sM2DW|qOOmzp9b4|Y&Mafib9?T02^BA2(*?oK(WV3+&-7=axy%GGNiYvx4Q?4y z9?&u@^V?0-ltyOflx?P0RM|WFc~(&t`4JRkGWkJIj7Mq=xx{-G458NsCie^}Eo#pC zoplcj*stnX75km7bJue2fRr0QPyYuSFhoc{P<>6(C7@ZKkX%3(RVsv!p)9v%zw;Y4 zUqz-+V6Ovzd7WLW_9<^cl)R{#!;@Hjw;US=4emJ8WLGBjo%Ab$I|47>iPEzFOi9cF z<{^Vj^G2|z6x*QmigKQUU;W`&nq-2yeadvEL)cSGMg!y%MD#jOv~$MVm;Hq=xdmUM z2BSvaToP3_x&z#6_m8@;D`UC}xir9?;aUxz_n#|!`=~vyll#XQ*$Yry-6eVR-5C!>P?&7_-P0B&%Ra?9u}c2(Ck3`{B+nF<3*XO%gkiiY zB0D@i7^ipQI99uQy7=$DPpPL^-+Hmlmyr(!etG@W>wb*Yd8~W&u#Q#H{}^}CK8hf5 z*3=lgf-IIH>J8*8lP>r3k6!DtlfE@MIlU9`32)+c0++MS-OFlg3x|g*g{Td`j{yhB zqxBjm$Ne*KguRCG_`3h2;!e>chKfngqeh?zQky7->81Kj z7Fa6t@NpbAGG5t75drZ{Y~XPE-2k-v8Tn_X8Z1h&LiVwoUDKb8%lobXkNf+!7832l z#hUvrqn;vh8o1$D8H+kO3nMsdvi$D`vQF$d{F!vGf8!#aT<;V+Tb&$yA@1Gl8Uk0eLFl#^~@H?n8$X9r>kbs>|~EC{^0wcj&S-!)sCzM zgFsl;eUZ>oZoF-ayh+TFX0fw_&c#`_&Mf(a`31be0D|Lva4H@v-y~|%3-*XfZ?OBZ zSip$?IyR*pZsruY{n@5`rqPZ6i*jz#cKOptZP1fKu| z39V$&NO70cj8>VGuy11Vgs-pkLSt{OcZASSq&(DK|-z3W=(+)f}oy_Q8DGen>ErEAMV5jWy}yCC z!Kk~bSx-uHFudcwxLVq&-~kvOUehwkU0XuE1IOxtcb3}f`jeLDaB-}3#8lKpB54hwuZs>U}wk7<--n}f^)Z@&8X+ZZ67lvpQTr+W-|v5-d^GZ z21gWgI4>M4!zvozndaPcdA&oB1l$#Of3fHT9s4$2)hbcTBaGe$j&@?pO84KHt~)Ko z;3h9k7-_F#;X9EU6{$R)ahXy+E=QzvIN}NvXzJSfA-~zyovLX)10`_U(gGUr=XN3+ z83U=5B7@q-Up_JI`nwaq{y)CHGOWsI>sAnDgLHQ{($d`_(g;X5NK1EjONi1T-5^Ly zmo!L7cXvqNwLNja?>Xn*zrX{$d#yR=m}87N-<}EVh{mSoM=i@N61f(|e67{zZI_E# zPB`B44X=E#JYa59+pcBfit(Lap7-PlJvqz5vPaJ85hFd>0vgNWm_YUuSy`fYu8qqX zh$S7jV{4Ha1x~+9hNxPjeBdoe$8|Lf7u{fztdOT!a-Y1#Bk{d+5PlPm{!YJkMkbu$ z8@6Te#iV(um2$LhP-bWdvj`$`5-`4H)+FCo-(Up7=Iysc7!DgLn9!}Css0Rq6TC}u z*cNX7>JXm+@D@E&KYgs2Rw9@7ISI^%=X`n#*`9NbXWyDmN0^8q{OqdO^|g(-{u^pR zEO#6W(@n`5_ui#OuqWj6`eqCw?-fpxbr9p;M>1i(2Vr&~HYR`P#nAILCD@3OKpImO zpn8m@r4X+&6RPP{kEA>j8^tP-ZiiRje+9It*2>6E=#CuuH0~W}vz!Tms?CN)wqxFX zfusJF?d3G$2eB%d=`$}W{(EA4&@*;iD5QL$#Uit8BzQH>_i$O?cAa8<{!W1@ZUfW% zZQn*F;>Z^Up@f|{8LuHIIRZeteA`pt$GF>LZ4GTCW!MChuyu_YY^vSeCu?@Y6;@4; z_W+ocP+3Y7&RU`LzJXD3+?DRQ9 z9FowEikV0mO7(daBWel_O}b6QI%!t!Sy6Zu=M=mklJWx$5vcF;cvXdBHj!_M+qhA# zg~z^!_|PtS?3EP>P;6|_4WmC_sM*8QVHs;xM(d6|SEM_|R<6pPmlEcMlNzQQ_mo2(bQ*JhT7k_o^0{pt0&p3YGTxq*$wphf1l z^6mT3RsJve_lUjOo~$;sUzWbklkn0N6lC*#8oNnq!X|yCdyDz}z}#u6!)asetF};c zW~@UPu%Kpwtq*cu*ea#MH1(7|5j}@J9nN;T|2D8WU3ek5eoPyOkq^BCXI zk%!Fj!WUd)?qp}!qAjsQso#LC2X6?fFW>s2sne!EPf7&#f22Qt7Rdu$g6aZK@hyMI z4FcQ<3NfE1V9W2{_Ka@^=;qrdIeV{aJ-(oD+r2RLMfC3U9*jJLeHhS5hfzZSA?rVV|Z6`KbbO4PJc z=Uo?^HGYGFy`Pt$aJqn8@_HFlfu|jXcRh~bECg4Y$RWsie`d_K`J@L_`b@V~1V??L zTbrxhsgeOtzTV$9_2~yyy(F8q=TK7jB2(}Xa1jh=MU2|69OiR9%F@IeO%lm#pi$8` zZQXw1th;Xu8N!}Td0~;)*gYk%TdpBgK9#gh0qAd+nbzCG)Vfp?;?NgQQf@I?=RQ1+ zEV};~QdYlz%=c?0kbxIN5KM&o_{2X5hZV~|2u@NA9pjry=B6zOU>ydea$77$R^UI_Cfg|%e>P!x0D>`Z(=%U!oEf2GV+TRs@P7{Vb z(VRht*ucN+_cV>W)e$fgx$7rV+=pkGkIg|)a?|?0HIGz4v>*K~9}j$n$1Z)*R$*?; zhm1dz8%F>#UQh@s%irWr?@Z`<9#Bs^r}5w_46%k2yhtaFx{a46!Dm+KNp8G;@vHw2 z+cd=a&1r^qdh9;+Qj1ZCyEx>tqTUI)^d`c6KjqF*J7GivI;E6T=>YH6P(t<9k~yyM zUlbGt9ri91({TI)IC1I1JLiXs7B9Pbx5v`&=Ux&&X%8iOhJwAD}xZW7N% zgqLh8+n-+?4yW@^y9XkVDQ3kY?7ol4u`A-{+Ctr)AM4J(y`C%(+JI6~?eHzJ+yM@O z@TleWeF?_%V2Q)t^)4>^P1a5Fz1bT~VzbAGdlUWc$H$mO(}v;TU5O(V#&W?>Zk`W- zIlGdCZ&~!%Ll9d`>32V^_zk)pxL#K4yXS%pug{COcSDc~X|zUZp==3M94u?xEzU7M z?U5eF>?XS5KL518Qt)Qmd4g(A+I#y~UG9P;X@F6==cvFfQ zXeBAAKS_D?R3*vR)xlU}l1+AwIfFirq4mg`IN1pYi-q*aA%k%yLyhgE$ryP-exw1s zjUcJ|cJXt}3@+z;0pmz!x;H8&hq-(OW%s6T+w-_{&s zFowSEf<)~Gfcs2#F}+_}?@xHSgiZjeQZ_=cOsH?p7uxqC9q82p(YKrVv z9TdcJI!3aRthCE)Pf7py5I>1qv@W&|08$6r4a;CEFT z9<&(#lI5X$;d2~F$`i$m#>z?FM@}UCcz1>pfaVRg5$MGTh#BP^B=(v~vKm&RNsFwy z{-oiTpnV9Sr-zXZ7o{Ub+vZeeLG&xDUwnrJzgQA_w#a(^A(rwvCOnB-7NL;WcgO^g z!)v1~g@GaI!TesSG!S%X=HgcqFLKHP3WfhzCReIHr94`yBt;s3LVuN@M`nm6B{D zlKUH{M^B|gXj-6G-NVgZq>j3zamt;tYkBcrO7*Tb*&D;!C7E*bHDY3f8$Sb;YxW2~ zH7@VhDzGY)3u0pzOvUwQ8Fs{c!bhU&=U7qnBjT;G1e|h6tgXkvEa#)n68JpZIu=2) zzix2KI7TSDu%isz6mxy~07cXdLC(!~91*Oyg~PDMbc@FoRQe^0EHsW07hy5de*0vB zdR^+goXV+UTNRKZ^gVA3@5o--6BqE|aTm2GVZ^bzblA%!#6p;FB-0+PzpsRN@SULd zl3HTyS&&YB%~kLnuMKUkMG&;ZHf6Z9bwbvalqOf#<=7$WsS6Q&=A4ngRbp?l|K~v6 z;Yiz*P9}XQDtVAAS>UXq`Bcu~rb}oY2%qY8%&)9js+oFvl#ibFIInaB8yS=aA1`+O zse4(p3rDr+s{Sq0m?c?FGCi`abKn$iXF*{RK|o_b?#IqTZicyAK9xfqyljy*!e$vJ7AkGB@6!$xu3qt2FMZQ;x?-YBvNGCT~=72n8-1Rw>~m=Ps7 zee}v3&df=35HA%YjYPp|Vmg0Q+SwaR$}(iCkcHZwzXLoyM|74d7s{V8q&G8Yx$xBr^^D%D`OAAYvM-R{arcgw9l~8snt~8cg>DL`GEY-D7FcX9fmC zZRxKU{MaD+zr`3H4>MrI9Ri~B#0Y)geBK;x%BFsS>+nOx8N+u9GK?`uHcACP#MGLq zfSRmIcH{<+0yTqqX1Vui38L!CbBk-ppeRgJyeN`0*$=UvWfJU^&LB)UUM#jR$A_Zl z83uwL(Uhsb-Ne-u+uE(XY$Zfi1)m-oJa=hN4D#!`pN|CI1mPK}-HVmDuQC};RDFWV z@o9-Vc_9*VNQfA5uL96B-l{nqcf4RZKkW;!kNHTR;?(Tay3JVz-~C+bS*=zQd})1n zQ1IvoUiQ9>7?=T)Wqi)Yr=f%=YV?9;lgu%)A@US15YipZCP5!m{Y>)N0EWQe`Zw9~ zHh4<1XVRs2naWrMFhzH3Df#f~++wnUk{Rv^wgc<4`Nh*;Pr(fIDY4}uv zt&M=Ors`f};}J!?{>WMeTWJXxMI|C1FnH1_wE-lFWc^MCJyrE-Hq)tkiT;Zf`Y?eJ zyC=MY092^8h#tS2J!g`I$P78XkeseBT(oTucxGhnkN#BI+ij^N5G$=!WLriK`V7Br zl9!1F_c(5davXAnyT&ja2@517uxKL^3A*8a2a=$tWAm7$PcBn3!4wr<5=n>z{NVx` z&u7n{_%a{xjH`P6$x)7ssOb!J0*5gc%;S`>Bt<$b(9+p^*6}En6$@0kFE|{$bKjuF z6*m@Wnew*me!y?^Srl!*kNobgQ+KAWd&G`{=X7daP5~3{iWE|kS7qG$tH0_)4(wxh zf16V@Z=^V^Ozjuos?ZHbD_)B9*?$3-SG+5I3k%c#%TUrc;M|tfMWd9XL|&x0n1tXu zeVboaW$vnFSADYe>t{hM8xivmUHMTM_Bv(>VX?ZuAvzR^0?&(k%6f*yjwX@Lb6Q)M zO24R=|d2{Wg)5q}JOkW1KQ4~!|g5b8587A6yht2EE_eoLXluqYu# z!G;i0@7p#dp*sFuNksJe@i$K zhVfYMmpqA>R_;KNrtagje!2FHBV`rIs8&8hxZOf3PWsrs-FsJ36+s5?ca~qMCblG6 zjvm+Zlj87WWEeU*wy7|`^VLWeM2GOoACrXg;QG-KwEpR4iKxejA`Sp4i0&zCxuK)) z*$_7_xe#4gu07d}GAm*NMqr|hc*E}4pXRgS61$t+b){Uwn*gzZ%Vk}S1S3+((Q%I- z9)nEvSb@mR^=UvMyB2T)n+UCnabXlsq6M8sxNgs zf6!<>#l}tC3*>iFTpNX7h$HB>@N|o{Zo9wy zh3o>MCYBEdSz8Bl3m5dZ0F%?vD zKJEr~xG?ebOFrfff36x7+l+ZV(~vbSDTT_1KqJic4$XNqRtSi8Inq?`CV(M_NGoj@ zrE_CcYTtiU7rhLDpFqgiDj(dg_pUwe=U>t^U@>}C6$RC0-s(t8_jA0!P>l1FsFj{W zlShjqGq=3iVDY7wpuW$zh}6q@x6A<+pdaNT~{82aExHwcl@qWog#4p1119kx%jUm|jTL;?OYv&aH~iQ82X zIDU>aFE!1cXK8+=%K$%Rrc*2<;sI!0ViJXfJgpkDDOqaSQ)z_q*U2v(fTrGNO|~W& zD8K-b+L-n@Yx&Uckb@MSL>Dwt>b%r1(IJ!|Q zLW^X$$A@+|!{g=lISJnP5bLNave%a5O0&vv3`2qSI0Cio^%f-u5n>(LZ)C#bF+N?EZ zhZ{B2gv&G0RHxQZM|O=A5>j7OVr00?AK4!6Q(G7<<1gf@NHUK?kNdKgXbOV)r*W(x z4f+SI)EGQAvGtNHf5+sDtEuYZ#u)mN){Ta(3`ZWn@Ps{1c7?lL{931{q>TdOOogCFh6%%|m=&?fTbd!!yu5VFWPX6NYVa)=z$m z>Pt{jK{&olj?xrPOj>CXO)cj#fFr1ny8<2o1P39%Plo5-+mvhpJqYL-31gBUN0&tN z5q5WYP{$y;xNG_0g0wkr*@Q%UUwgD*_S){6uil8KM)_fdDpZYV=rVJ_s#I<1>+HD= zpL&(QgQF6-5dWc!G1wPR862cf{W};0a4-Hi%l(#jw&j$%2DUlTP0O}4G5^BEOApV9 z+KRE6uk;0l?$Lf~lkt{|281}N`k;$#7WO>9pi zCHy3HskHsMYGKxC;tlbU`kT@Mx1(YbsS$1pvMQIJ;h?_OnJl=3kG_>d2zzXOxKp+* zqzh=5FK5;b_=6Xp@)u^^W4UW#8oti0W8Q8D@0e#{%7=$R@MJ89TDuN0Gyg~kDjtjL z@M@vOX=3gJZf&&>j*yP%i{Fd7x7)l4XmJ*d3PrI(Hx>?bQOFv!necHLAxQWt_4F#G zF@l$x;R9uGrF5_u?%@iOdQJ{A8_pEL2fp^FIaa2EmxWiEj~*pB54XL-OQk1QJ;D#_ zp7%$Og-qTT7jw;4wn@T|opdIr!lz%jt4rPOtujnCJnv3=jeqZm7yr6Lt#+BSESPGJ z*BN3&H9m7$?O?2ER>^H~r+zdjz9!Ytn^JEjVM&~77I}N^vpFW(7FWV1Ea<=*yUU;- zy4pXcatoo$&>OXDV`UWe+0rZ0;1H7eQ`^E2ty_wv_h4n*(8Zvr|;ftvyX;&HVcCXIb6P)1mE0M}~n&El-6+Hq zdvKFgrY07bB!8qM<_R*tr#9`BfmF@BFxzn-Q>d1|!f!C?bHqt2Z-F>ug zI0=ky2jQb;x$5%#p50wd-A{dA=UKvUZA`jvZ+99#4eFEFl&BC3zbun50dB1)Ky!@ zAqAWd0~w8=@OQ>=oitVKlISFDIQ5hde83;sTW%GdCt_Z^W~gv=Pd=7MXp0@>QE2C? zIXrn@|Lp}!v(m#%=zC{W8co}Hq0o&bgWsCJ-3r1k9s&bt%iwFU9ym_Du&>TxTE}Lv zeGD*O#c>Mxs>|1*Fdh|FOZAJ@y<~t@pBC45-$)W%w7l^_B?;uBk?oZQDa0G$s%KW* z-Mlu3G;FR@8kZXw7~FfT?h_+3{5?8k55m0iGD$vZrg~r2WMcouT*OtTFJJiSu-l0e z250Lf4UZ!)^v-1{p>Z9Hi)I~R&2{s$`G9*1svu#VrYJ9#C)J#s@Y;Z(pwxA7Q-@i2 zbpV1k^(h>t4(f1~k0-DMZgAX>bzP%+Ek6xt$jJ2;C9EtwNTRN&CL6K^N-x6y~Rr@EAZbQMUV2la#%;gj_&_dz*F}7o*cxf z65X%c+qGUNr+W6o^161lb9Br$JuEyHcGc8zBRTGsHH5^CBhG+mvjpM>6(yEfthO{DA8sg!DS(e2xUBDoqgb8%)o&u z@_tD#dQuCKnO*L0BB-FjfuYwHV1iZQa%1P#x_UdLt%6a}%wayfk6uNCkP|InURaMb zfFLc>QPX?8(wUBHPkn>DNa#l6Mm|^uOmi2-?hhCpGcTGk0+P2S+^CxXnPhrEvZeKE zfRaUzGyFz8@ryXBV69%L&!|%WWcMFw_m9W0nG*Ny#?R4XHEWbMRfU313xqC;WKi*% z4(d|Rkz>i+uI|P^wNg3$d@&Pa0eCk8V6#3$L8sW#&4tJ;uSI)xd6sEp$avNYd*m(J zuTyU}(4zAyB7Fc`=W!zB&Lh#rB(mlldWrY6nlYcXqq)DoT5xq;>y5>&$aSOIAR3FI zQOwX8scl-CV=krb&tUi-3jK&A+=w=1X21d<7Op?4jkM4K>(qc`v9Am-m9DMWL8J$0s}K zVaplyY=(ktBiMy)cZGL@TVy?5B?{*v`t31Nk7M1A_bH)W5_r8pJn80S7tj^#>k~;~ z1&m+9s`$96svhG9?kfgq{yKp+!*XyTwR<)Vvkz8bB1wPyeX`e;c5)K9>mKJAeVf}7 zGxY+1^`wrFaWhbFMUoO>C~5tw43|gs53phfKb3DhmZFMc`w$rB4#%h|o{7p-QEu;F#$(Xd5SV)#as&1dM50-`eehINY` zR<6K}$fxL0EX@%SsS~94JQeTTvrZgDUHtg4N}Fu?oU z3695V!1NPuGKi29y;a^xBv$E{QxO<4pvBi4`aqwduKtUA&-d3fXqA|9BK~$s*ufgu z2r^lLqL2_Oyw7l$h^9e&YT=R-CQj2MQ>3qL+Gg^z#MO%3e>3s3B=>s zuO4Jhi+R&Wh$fAehu+9(D6k^<4&ollzM7~N4Uq}53>lU1T;+O}gJfh8_^~MNv)6h? z-^Hh^hXb>bjDyzOg`-Adml@GiX6Zz7Iz&9&o|IRh4aRp2Gy0-N4&%QysQ*x%ap*8v z2N(Vt&)tAW3}RtVLoPotLU!^}KtYx@`z4mhqGK2y5k*40l8`}VM>8_w&sr;BWn_*K zq2|7QbR*eIGbshuA1uzyyLDPg2h1LSwwyLPcu01cWBkJeiO=gr{>a)`rIGeJ%Z2Ee z8_#9PNyUULHroA7w%_PnGGS*Jc~nWiJs+oJ>c`#QNB5j{vV~Xji0WCr1Z>B+qp%1ssM!La4df9qWW*1IL+Vd%h z8BQF7Xhr_ZE7{>95{kkrx`5W;Ee;QKr%!mk2HRN&8oeyLNcr(A(N65`zCr_yXleF% z5@N2Q%1Fae_HrU(c2P_)J!H+j?H7ThcUgG*LCBsPAxMv)(Frjy(^P||k_FbzX&#dZ z-`3p^;Bg~_;d9?Grm^#AT`H2 zs^d~APRw3Dpp{Oha*VG^RunfF1*VBgg%TEH+9A<%x2S-RXy$!Hjpf)L(YJ+m$8DZv zNrUO0@1|__nKKJ@;)CkI_hwCUMAevNb&1xi7OrD#DIjGIjMI}{lNDI4kkPt z9sz-p^Vuiaf!GV6h>o$vQAV7CG^g17+PEuN1l19FO;{kHfOCIW*{y>`N<bI`D?3d!)Z!yp*85mOyKWh+;HDn`KS63yXq%n(G! zX_if3qT0M-waRDJNKvtup?_EX%5~IpY3-K%N84JoU*6huIHhA3L?&IN?z`#R1^fEK zJ`H#Avci;-JDZy*FX_VF5ZmjV&&^yJYyczi>S?V{nj=}+(u`oqE8t!q-6CqKW&>sZW z+O+10=y81EwtJ?os=}Dl@8`M%%6Bu&k~YqZ2Ti3!B5tQ}ZoNQ~!*hr7SFi$?vUq5e zsp2B53wlX;r*?@k$fxL3RLzG8Zg!Qup&S9#RFq^%rgqJzDe)vCSXq@Fj6CNGHh|5hF28Pck<;2%KQs zJ;YK--$u0}IM!%=O}lIH^=IWh>J7`cvnk`sc{vG@jx}@^elbhSLMc2yx6Ke;Jb7S= z`9wL1(?!+%k>mRKU66*wjG<*xlDq*@=Qx#^8F}SO3w>-*2UfOdRe$adIo`~}8X;a;)-%48=|Ac8+MSN9c-;9Z7*ArumNjMxAUv!AT# zPB>3`6AkxL@C^2A$qgWQun1^M-h)0h`Tainz!K55-1&GEi&ZJG`zjN%u2f=Jar_s+ zD>P7|WROeWR&YR^phrwOX9AbU;}qfj&!i*xxcW|m6BgrkSK^5`a7cC?K0P|&VWve# zcIpa4cTh?^Y#wM+_VA)GSdDusu7M$U)pRro5_vJl&t!CWVV- zpqUWYa8N5#3=uI$SMpArdpt*g9S7EJdTUmQj2u}bph~E_eu2S^rKb*X5igj(i@-%H z=Ss;YQt8ovG0zNsaMM%?4{E|;v+3UC2tAw{Rh+QNuBV z2Fdzv;6q@TkFU~So+~f1%+(Ge%J+nA*Re<=DNyUeJuvTK>%Lk< zLlye7JV1a8M)RDa>te!tx`zp1!QYF6gPE!aayY`f>#d!9ADZ&||Hfs%hof@Z;g!N)rvB(!*M>EUwEKn4Vw`DR-2`n7Z!pTKV%bEUcKt;{3HigOpb zvl}Qo0ck{ox{Gh$W=$k8Bv;&Q82*Ud7)a zrg5iFRz?4zg!>g%io~5@_x-&(e>J&3IlSAu_oOhJG**o~0ck_Cmuz*=pvw9J3BpDL z1bLtagDsqJT5=Ypfg=&@cnX{G{O#hE&~?ZZ`8={)}!OL5_~vo zo|)wRS@3eE)26zgW(Toqz6ib2S^jVe<+O$zK4(z1k*R zUefb>X_5oGq8RApV*8}P~S>_@oMc=rw)UnR9a-OIlr9J4Ey zL7y+H^5D`lrBeEzE5dOvj{H=lbgYdnTD64B1K$Y(%(C_SDwTgEKoVHPXA-kOuRluR zFpr7zA}3+eYt~HrR7oG6y$e==tomG(=r*OQtYsAMs#O=$Pv}rG0uHJ;$ZuC0YUr>YQT}=Y4K@_%|DFKHIj40fWAbM;mMja> zB_2^>!tV`Dx?~e*x6&m8#bOb3%2pfu?XhsU`^m8<7!IPLl^@Rx1c*S-DsnO(QU z7jFwJ{W2Ug)(fctq1Z{MMFHcj5Bs2JW&Jo2P%d zwpI<(7Upwr&7a%K}(^K)1)67UBJ;lQj84=dH6Q?+IjvkA{S>$p}=d5D^YI zwIw4UK*%_6c|Ze3kn2CuFE#A=Ab3gU2l9Iz<7iHz;hsu#XxbynO9SZ#k)9qglszMI zqH4uDS||ZJh{g*YDgH1IMq<0`R9dm_K(52~@*{XP0+B)fLI39~&;fwgYdK-$i#hlo z8Yr`F3WX#^U^j5}y~dzv+8LVM>dwI|s;2&{kyLI)q)-Uq0L?^4@Qb}vg~~s`_w#wr zXbvLN@W{+wHVP19dr?OPR3cM@e#rm))S>cO%)1B>3sjPMEkIVB>l``c0-@R(`2+jR zE@4=4!6k=w9qCv>^yXH$I}nvqqon`wLGuiq#wx~jW;tmw_cNk%*XRDb>oejY3XDA~ z8EI=75}!XShrgE|>f&PE9&_wT0jVP)M!;ilz%NX;c3V_ z<|lPZ;ey8Ro-hS!7u#+p!$=U*cR*x_{l95s@3&W$2O20C>01C3v+e#&RmSqS8qlOQtC`88;pkXI5H zOGYkgAnoCGYy{c4+t0 z4qqsG7UehjBrQO{_|zvHh_FJ}rS8zW$Pa6HoB42G^{8e0B(K*X_vZdg-_G4JD+9qW zpmttl+vbS)kg5K-ZsWz+PLs`V4oCmiF+H4AYZ_!c)-1z8r5|KJG3VG=jLB`{K=&B_ zfdm}P!uO(oxeTDKJ5MGit50{C>xc514M)$MTkE^a$ou(1kmXYkeL)Y8u0(Aw zU2i(lQ=BK?Z&YoC9oe{-SH?Vm>qDc=5it&ceN%n0=NEM@ud+rRkgRhAsK>uOy~i8# zAB`@n>_FVHWmdAi^aUgCQoRBaZH-`{z0VU{@D^-x;`_`s1B@MXamnp}Rgp({O;7>CG6(vVd(L=@aXGc^U1A{d;0 zlPRRzOa*oPLib|~We92`@j;Q(><@v%?`!jbN`6F^=}@$`&zG%@cEypZb*KH+V|_^8 z^f}wYXWMH12{0*!HUJyK+uGF##!U?e(u)2JwuR46@ETjLH&aioj}%_qn3Xjvy7wf` zhLsdj_Imk%S?+nTLWSCqP`nz{m5Dd$eCoegKv{BK|5$1amOv%i<(6{&g%WZhBJW^7 z&N{Ah`~X)Ie#?LfoDqO;_IZOBTGLH4W@=38!G7oCuUQ&^WnGI%0E$SUMr?MqyF;=i z0Z=SX!BQ+&SMbCis6&)(bUL`i!PI(*cCAJHxdY(oTq1ExJTjuc(d^Sb~pJR|K3B2+?Q9sp_Dt+UzE;w}HzCKpRh4bUy&KWk4Dq!2b|ACBsm?+cul_Rt+c z+5mmbLtVpfb)D5uBKpjz(c^?}#$pi>!pA}i;ph>>KHBQ#e}0D7pD(*!50SA%WAxQ) z#^pGy3mLY1$yPav4CQ@E4;g$@g(!u878MQjs9aNgF6Z*@!Ru!uwjKJgmhSm*cYQeG z`%ts?S&WK5M^lU@bpP4mWt3%zQQdSxsd3ay2Gi!-F97?ip~8U6>L?Gg!{c`~cVrt- z>9$nga=z8dFGqxt&3#ygGXdDLlplS~^{Q9+LHQvC6*@bi4F()*z7Xg#(aQDqG!WW; zZ*Kv!8Wf}>X}l9Hz=MbJETYG@Zr03pEt>oAeN)0)P(t%$uvszz)5A?8tF87oG(HZ) z4nj+lH!{q(N6`DhNH0QUo)INty#aikRNA%KB(+P2ucVn zjD|f?w3x8Js8XRQj7EgI*%~e{NJQ%&7fTEx(B|e2mnnMW9ecGd{39Xi_EvbPEA-1* z-QC?$ETP@FXu1420s5G% z+o=kljToR-bAxqNLvvNe+{ijkHrCZry&>Gy%M66<5-#7#XiJ*2-=c+ia&~60wUG61 zNC2qt0j4Tg&aFoztO_E-#>zY~$f5Sci@{`vt!)pO> z1c0%I+Kc8ZeDAHoeXydu*iHJ->Olhj4*1~(CY|p}0y{O9?$f%ivO#&VUh9<1s7D72 zuk6{hD0$A#Zgot>L++I1^;H2*9?y**A^wlTl6W9PHlhzE&;g&2kq{7yOt^VD?>IuT zZtvM+66roZZcUtkMgR92hKSe!lvce|YH3uv1ay$2tZu*|MCj- z`(c6R=ggDCCLtnFG?$+B2Jl7V1v6XVh(IoxIb$hzRwpA9yg#4FX)A~Y0g|1{YADvy z1k%ul3I}ETsEsKU?2U^(TSe08+kgUUfIvN4*f>sz{2H=Lv z)7<|AZ2w=F9P0<(!dBlPe7Azy@*JbW56nVbQI+^t(_c-hD#}U}03<4xm)E@5`}YiT zr)&E*g76PFVI3>vikq{4mDD`rH5^GfM1o%a|BI7f@shYL!?=Rs1-V2@q$0E7w4G5- zc;MCxuvovE{l#`|Xv2vQZrKIs?!a6^1aI8}*c3u8_Fp_Q0}3KJ_i>R>!F^}7yyrjN&^ibH?F0WOp!$Z@&A}3AURGZ$O-ZKiY*MBV4r$a9t^+X)_ypS-TM8!L>{(nl zDvKpj37~By0Y{@zwUl1&d<_Z5{6V<1-V*pMlW{{V_o~e0-*r{@>x0hET4|sa3u@cm zS$eqS1|@Ba_m|nW^yPx9em$6pJ1_q6kF*n1X8gf_mVpf*@Cfk#C)dJJ)ok^di~S|Q z#Q$6W=K_m??h7@BkmI9My8?(T*jU`w1m2g?SCb&Xe^8qsLA)Pd6{MfDz692KXhCFV za7A7P*uy=C5|`)p7gHLzuy64jft~el>+Y<7uyEw#>J);J`OR6=9UinJ8^rup4N$7- zIn0!_se;HmOC`k$hjdGyCAul_T@rKfT--hkchENOZy7cHw-xWNFb?f8{(@I&#%|Eq z-u&&c^~uSct@38OevBsfy>_PshEORlcW<-rzlrC;&kKWk*H7yBUM-Mt-Rbo;xdFhu zl|I0_+N~MUmzW27+wgWxwVlhTaIvpvTh_!A?onk>exr~Xw%AVgwFpDCApA`fc*6b@ z6x#7ujnObqpG%-nc%DE9O14EpP)QE~>|-)ngLYH8&Qt0b*Kvdnh&7-LHbI;Fzeoiv zr3!n=vX=n8%@^HB`fG9Y5C3c_9*Cme8v>dDSV=!X5sQ-zaL77=OQ{!YyL)s9nlk%1 zN4HNRA{{H5v#N=AC2q%yd6|?_QE|3QYchBf)RIY@V{1eWFh~t7+wx7w zxbeA+|6(H!{DlbZB8B__i2?kw9W-lT2p^ZyZgG0X@+W{9Z&FyZr!9>39Ds48k@|Hq z4+Xox)x4t-&u|l1>XPXS*1S4E+b}|Qldv`2r})=^g>|Sg8~Ok?KdD!o@;T(B-hBT4 zFiI2oA3i*gV*kidk*P7Xl+72uL=Q~8Ip7A%Fi1q2ZpC^4i{TfkcV3A&o< zBxs_|*H??^sIn8K+7AT0 z{0I&h%rFi7>lZgw(ledd8wNVgTT%2m-o%fe03P}u6;}t?F|YZYe~0T`k}NNs06*sD zviQ){`_nezU(F}xZ=xjND@@{Xu)e;M=6VW@C>44fb#uzo;{pfBA~I1+>>O9ah1F;3jsX zD+R_Dqs0N-%N`nkWiE7v&uuYE#^%;~wdlE^(RMSXrySXL3nchPFdQ>qRyX%P#tT{i z`PbvbgAAU+>B=*eRQepZ(IQPaLz~AYb0I02DmH;-^_*;+)N5`w7N(C$Xu6J52U*KCE>@5WN!G~ z&zfNg$%K%W16e-1hT!@I+O7Pfx-z23bJ7<-N$2=Bc(x0Qs|O>2L?Al ze_jRSelGzv%2N+Evo%5Ych~|LZwu0Kbr#Cz!6Z0+XT({r0ni?~@cest;D5IDpzqKI zvwQzLRWid?v|e7R{lnYxgKu>i-y63U$7As?!SxQW63LdWa{)=jIy(%AGT)v^GuH#d z9BzuIdd_ohfb*WckyZqcFX%SLVkj>KM>U?GYP-7#nC2#_5Eal-pq{-ws&kev>6`Wb z+nnDK`cqf5G9P_^xW5f=4}E+j?qwNFZw0=pw#f*a5r=VE+6H3RdF2NSjyfW=aHu-p z6GJ>mFI%d}tLQ{YK_bfKbJeuO6rTXiu$5;J%((Acw@Z($5~_2c)B9E!LjrZc@8Q{i z>_x=aEj04ih4K?3)1Be#P{zmsvlA~(f}pgE7Zk6cqbc2Hg1_y^qD6MkkmHYr9!-W$>^!M#o233W-X#ODovTA& z&KhN#jYLu4BnZlGc3TYtPGt{r{RZy{x)u2V_}2wbU3LNP;S07F+5k0>KTZ7)IA*RC z258ayXOKgAH|5vL;DGbOYFz{r z!<#cJDFL-LBm=O*%67FY+*wiEBc1Z77QAt|5xSCY0oZ@5dzQeaDM^^&M!~c~=)}7# zl;z+dn*msA9uU;pBl$KwfLNE1D%5w|>f~;_eiNPswc$7PQa9VEJOY-4f^gAI4m$f= z;ls`N2=@Ki-{}D>$9IqGp*fwAKg009vNCVyw@fIneIKuUO>_NT5AC8{MMEl~*6WV$ z!K<}c;YFyhe2TA_13+=`?Y6Y=93{)aGC?X^D2azftkq30U-&reqQk-3&2;M}XYbKb z8@wYJF;!Nclq1VZXN+JKvca6GP&o*G^X|9vF9H!jYq^g!l_Ri({?>%x6bXKixS1f zm#zjA{|fdadfYogbS^27BdunVE|>vg8}3sFk~M!ASH;vh{t(-)1PbT(qT+vxE8jvX ztXwH5k7K&5I25)g-5APEK+6X$mUS_*u@wU&>67)%Kp2FsAi%u71fUk<8b=Ubfxy|9 zbLPX`C@&k6ICcE(ONK~tJVxAB$ANLqf{%d>HsV*}kFf2AZ02}sh!tajnM;+rqwS1;Mk zDMMjQiB)BM_c?$^-EP_R0QW#D1T;Q?U`h^1%+cf^iLnfl< z^K_jT>co&;7aUUkWemDmJ?uQa%Lp=pomQMZv&whCqPiilrhDF%5?@?67(vjK6D$4Y zQvI_4@RGga$kucR183ppJ~dmOQ|qBdL+n=3-bwV4yDbE`1-0LUA!r8oVV*T4a+V!rx3-XDb|BS|ch3XP`VefEvxk;U z9y+qjI{!;48;KgxH#f5*J~Yw~xk3U@%fhS$Bp9jBItyhA}7i{7cs{ zc#;+m%kfJvZSW=&V3!0Oi}OB*Hw5F!S+O=Y8mM41qjK%mMxch(;Ng}zEg)&=YK+Zk zOkEyl$X3&i^}^^v~TZj?G6>yd1XhYdR1a69>W=^@CQej9W7R#HsELBnn`w z=2Hr5vuZdY`u>|EA6;%%e~)o51w637Uq-5pZWDcvpIEg;>9bV!GENW(WTeAe^5d%SDxJ@!9q2s+jc*SzMO zXB@}xT>65F!ZS(idhl6$yVm9h3$RF$;iaR#4F)lU@){f-BXxlp@DO2BWHAg%D8Apt zU9_zF`I4aB(za)I$R_x5*yO1y?E)atFbPO^KiklGJ2ljPCh+WOS7?grNrlnw&I_$^ zxnJ$hxkQ)(KZ_sssy7z0!V`UyG1U*JFn8OVCv`S_cUXz`%S7tUe3bxu0yE9 zUYfYiiYuvX%5lhx4#N+Q+qOvs)?b|wVQ>9oY;tIo_ca%vyy}o#cqNhf**v;n`c~Sl z+62n0NkH*%lK>G$sDg^jloCzo?QbkZl=Q191cg9e8CAitOB%i%!4UGz+-rLoEjjji zIEmrla0v&;%?Tz%T1q1mV6Cu22lB%|Tx0mSXiy_mG0t+e&zW(_1UX#?Ccf#vYTHxLTpuGV%!D>@m5ec`>EecW<=-dfqPz< zmQR`7bXF(*tPEn-9tdlMc{P?$Wpxj6kU1pDpDtqM%My{jxdDSd_35A8dY+{Dbm`H+Ve?F?>R0FPfRskzS|Va3tb08cCv-r}E5@J{(CVabjd z4DvXX-f{!II0WI5m9Np=*F{U)3ORh)I?E{#@KrJb$Q1~)r6nst{D$eFBy=DtGxnMm z9w{o)Jb)eXHDfT=o(AS)PJVCx96Wz-L|EsIg7$@K>8tavev+?PytC4=(=Y1#LTsVP^@Ti(8gPsid-rDRU#5TEP85sql)T~%+0s4nGrF~ zNKG@R&8NavEWSzsk}LJsrwiK0;TzSm!1cM0?X|({e&u)yG>l@?VelNz^eHyPT8`;S zzsEd4bx&6Y3TJz4qyyXeIoq0jm{i3jKFXTn23t}~tvtkE9~NEaN4w^lunMgN_Phz* z^_pOF5`P($!Q3rUJ&{s&rKoP@mP2d)=q$6!z$dRegr5Q5{OLR7?8@;_sQ$!d!*V6)BAxm@A2p*Qrz0ia9Vq7w0{eJ#7 z)fc2v!o;y2PTJyPv}Gj^W{Eo^U@oEj&tZ@7ZR$4AlF{>nE)Mr6iQFEJR+q#JOHUsL zMT54z)PoRPvqj-=HuM~1yS7Cpq7JIUl~3v{s7zQ}ar4lj{-lVwSex3DHi{rqbpahh zf2((smRM2(TCt#{s(kRmcXSI-;jI8;Hr8=giS?`;PBK1esAN<2vmWQ}Co~9yjYA)4($~ zA{L#>|FCi%Y_V~R@REK08|~W@ZRgMAMyzhWt`g|)+h1`qw*JA;KJ#{Lk5Rl4rKiR_ zL60PrR?#(}(x;;3w-S~WlNZ#&4TA8of#rnJ5qCZ~^Q@E@nuHP2kkKr&pLA~D2#!FT z++{%h(ALNE_&b3zzmUcP$YKr~wjRS94LThmhF+geb)d=$a0xi-6SRW{IAX1*)DgDM z9C3{_vrZK22#nX@l}}z&ro3&zujIT7WEYi14IeU>P9Q0k<8wbUQ$H|~z^>iM_^eNb z+9dSoegsY=%%u}1&U`7PuGJN-vfxb~`~yptfMmlzY72dAL{@c9>iJsOqYH5OjP~vs z0oTUNS2sSl&$Nq@L$RNlS3&G*4;8c%&8lBFS&oxIs9wpm4?=Qai#>c@{yo|KV$&Ry zZEc`xc#}4y&cW5?e6#C23#ylZdK4vm10|DORsSTD!_-z+sxC8qp%!&@aSy|JDXsQ{ zo!>TG!yk6@H6LJE>1Pin4Qnsz1m&6X2mSPYb`Ozm{=naP{q^=hItmQoTt?&&ugorh zmKv`pi7Bv^N#V^0#?ZSGojpHQS%HVGJ(~ z(rxSl#rJ4o$)RfMq1z=U%om(WH)Xd%c`$F@ENFs$qiCQuJOEOsXY)cj9*FAxEDuJxsvQ9XuPs7527@1 zNpD^wUKAdjiW|q$P;_*JFlIrmz|bAjgQ2ic3CLsS0ac+Z7=hHAzYDgX|IV}p!@ zl=|D=tOeyy%puHg$5KowQ_&x?OO<*}D84XG10=ugK$P!;8@I!#RK+=%@_Y#thVbmQ zR<4D-T&ZA0{@HhDNnStpT|4!~5mpyHRNU8cFiEL|t-mr<`2#d98bbs(zj{P@F2ewzeKo28LctxDfiDz>D*6I}bEcWhF!44`HNM!5?*ktPGZxsA%MO9V~5Xep>Q zuS;kOJp&iMlo$!SFTdlM7?N64$gx~-2eFc@6S?T+)X;dS=*?LIqv_8|jyIfVPRnrD z)4w-_85Ev~KUr4xxQI%+1X=Fup%SwkH_@Aeu+@4#&OGf29OsfS5tvi>fp?Dud5=@m zZXnM|pHWw#`?4UF@F=(iB+7<`F24H5=U>c_e&I+R*2jEz-8ACCOU zdB(@*ff?zZQybjTKo zxJR^B9aivePi>s)#ez3B(mQkkB3stm@rH*Jb!i@WO$x0$Pl_84dlMWE)g*3fK8|E0 zgt^0x;AV%}tmnvNF@oofR0jk(3!GFVHpCnU9oN;Xz+Ef8dwUqyqS*k9cPkZq3B?DR zm!O5i_8V~=(<$rDNG+4-$o|p}2e=`f0Sw`f>l?TEu7T5xq>@ADI776d=<=Ro5n8PQ z8OE>g03&|%rnWAlMKE-}HEFiJArGDT;jPHc+488U<$?YI<-21%zu%4rZ`mZ?i?#&0 zThE0S^8BvRpSw zqM-t33=^t!TYAS&fl^}fD6iXRgA7T9@OZXm#o3pv{Ov3_@#V!6#;v)b9QCxw!i{z0 zTKj5=nBMz&M!$&Ka06S)5HxwLrWKhifbaSIx)Ck4N-pC?xAQj(A;IYoMy-=tvY!l% zt4rq>K=Jw6bs?Wvy?4&z_BuO2Co$1!#X#iOW*-@Tz(ju@??;OHfHojZ$qDTN{f>pv6AG!5no89?BrHgpg&IPIYZsV4uBK%8Ziq>HGRm{88}AIX~!CPGX|)+BgS9pVMU3(nZ8&evpXXeQI!1%hcBjLgVf|$$s(N zN1*MY_3V8pUMqT0mK2r&o&0y`Bnvr%h_kwiki6}qZlQC;EdlB-4&?r zNvnCflhiAb^0%DhQZZa|8i)Gs!^_cKl+LeGP~`3nFHoEVW~a1FOSTZ|&;M-F=sKH!XY z^8orya^z1yG!#o0#Da*9D*f;&T0=;g>J( zEw^6mH$-W;*oAqvz1aEs^vo$jr=SUsSt0!wocEOZoQJ-jQ}pK-q4T*|?qE+y6v6qZ z$W3NZod+TE6mxSBaPK5N#i->oU*M3%LE}tze{0{?AB{xoFY~j(qxm3?ckvU}fxC(;18v5{>T;VM5BXummom|MJMM$nbv~k9J4jV$+V64m`!m@ z&XgjEz%@g!qi+jH`ky7xCl|`jSSEJeulLekbLQ_nf3M-~m-^z7;63 z&{d{vBG=mob;a?lg=?6$QFAGcru?(1I9cK&d6o@o>Hr z{MFT9lep8szA2T0{BxlS<^g%#u7=$*N!2I)%X@NKFjr(mc+)g`rd6X$5PO9cN z_-0pU!Hl&xM=J#9UnepSfAfS^{vf08W>&6_aB=g^)QP1`6+H-49&6O|qFg^a1UJOE zD`D!iI0^-9C{f4ngW3K_sPUB%D4vVFIO;^asG1lNd>n3XEW7(*)g>&2XPQDOWZD(r zbL1#QMxS5v7IhI+J10xb2g)xtORX-(w|#M67hK5KM((q4T_!u(Q=w{vSEE3&ctM-G zK9ssZS6Cf?Lzn5~BTkwN6$)fTsD8fOJtdPYAJ4fdaoaJ8^gkE7gyzaTa9ginJQ>?l z7SuW+yGJFIpSjj_AU|~>q@y(&`f}oB%hf7Jw$Pg0Jeupb{2zAy5}daHiScuo?%}PA zT4<6B_+mWPX|AoXZ$9tZY_q&^F;CIWU9Dja&G+4ASaHbPYhl~$5x^mt^Kr;h^Gb;> z#LzK!PIU#d<+#q5imDE@$_#@uA{OxaTjy0DAvPYo8i=AX22IvmwIkT2KHn#6aQz_4 zDrpzqF?Bj*5b#MO+{W@&LRweq9Y#lfThq;b>b;V)!#7%mx;M>h$>GPw1dNU16_rym z4qJ9jDv8e)B1@V(WWM6f$v@|K30$bvNE>flkN?#7*#|JE)4N5KiPhLd%ouMy&AnBH#Ly=)EIDUVTAOSOt_Ab_K-b>WhO0$ z3My3`^Os}mWiH4JZ(4y-q>&e!%7lvusu-tE$}PgX%NQ-W)Ki~qa4kOivy|PQb%~Bs z4T(~$Ao+J$A{gYqSN1>$O;(~Mps*edrtDBGnQgR76be# zHR1?mH@m!$T7RW$hhGRLz8~Z4Jua47Cn6Y_$1Wop=^D&bD~TvtuSO5=`~8v1v$7inEe*Y<7enx$g3~lA&)mUl(QwV$|)wJlz9RC}Ikg4_ra>=J&