From 226a142c0a836c86688a76e4d506d1525c893824 Mon Sep 17 00:00:00 2001 From: Paul Gottschling Date: Mon, 3 Jun 2024 17:52:23 -0400 Subject: [PATCH] Refactor agent architecture guides into one (#41009) * Refactor agent architecture guides into one See #37558 The Teleport documentation has two guides that explain the architecture of Teleport agents: - The Database Access Architecture guide (`docs/pages/database-access/architecture.mdx`) - The SSH Nodes guide (`docs/pages/architecture/nodes.mdx`) While these guides are framed around describing the architecture of specific agent services, most of the information in these guides applies to Teleport agents in general. This change refactors these two guides into a single Teleport agent architecture guide that applies to all agent services. Where agents differ, the guide users tables to explain differences. It also links to more specific guides where applicable. As an alternative, we could create a separate architecture guide for each agent service. This change avoids this approach because: - The purpose of this change is to refactor existing information for discoverability, and adds minimal new information. - Agent services differ substantially in how they proxy traffic to specific resources. As of #40115, we expect how-to guides to contain a "How it works" section to explain the architecture of enrolling a specific resource (#39979 includes an example that edits database guides). This approach is cleaner than using a single guide to describe the architecture of connecting to every single resource an agent can proxy. - The convention of having a separate `[Resource] Access` section of the docs per agent service reflects legacy messaging that we are moving away from. More specific changes: - Remove `docs/pages/database-access/architecture`. - Combine information from the Database Architecture and SSH Nodes guides into an Agent Architecture guide in `docs/pages/architecture/agents.mdx`. - Move session secording information from the SSH Nodes guide to the Session Recording architecture guide, where it is more appropriate. - Remove "Cluster State" from the SSH Nodes guide, since this information is present in the backends reference. - Briefly document direct dial mode for agents, but frame the new guide around the assumption that users will/should enroll agents via the Teleport Proxy Service. - Add a new architecture diagram and moves the original one to the Database Access Introduction page. * Respond to greedy52 feedback - Edit list of database protocols. - Note additional commands that retreive certificates. - Add information re: `tsh apps login` to the client cert table. - Fix Desktop Service introduction mistake. - Mention the Discovery Service after the list of agent services. - List the Discovery Service as one that does not require a reverse tunnel. - Mention HTTP apps in the local proxy table. * Partially respond to feedback - Use a clearer first paragraph and replace "proxy" where possible when talking about agents. - Use more accurate column heading in service table. - Clarify where agents can run and their relationship to services. - Other accuracy/clarity fixes, including incorporating suggested wording. - Describe example agent-to-resource authentication methods for resources besides databases. - Mention Teleport Connect. - Remove the mention of agent ping message payloads. * Edit the agent architecture guide Flatten the heading structure, organizing the guide according to connections between components, merging the "Retrieving credentials" sections into sections related to communication between components. Also clarify the process in which the Proxy Service forwards traffic to an agent over a reverse tunnel. * Edit the intro paragraph * Fix spelling * Fix linter errors - Update link target paths - Add the "Cluster state" H2 from the original "Nodes" architecture guide to the Backend Reference so the latter doesn't need to link to a missing section. --- docs/config.json | 12 +- docs/cspell.json | 5 +- docs/img/architecture/agent-architecture.png | Bin 0 -> 180421 bytes docs/img/architecture/k8s-tunnel.png | Bin 0 -> 94948 bytes .../compliance-frameworks/soc2.mdx | 2 +- docs/pages/access-controls/reference.mdx | 2 +- docs/pages/agents/introduction.mdx | 4 + .../pages/application-access/introduction.mdx | 6 + docs/pages/architecture/agents.mdx | 279 ++++++++++++++++++ docs/pages/architecture/authentication.mdx | 2 +- docs/pages/architecture/authorization.mdx | 2 +- docs/pages/architecture/introduction.mdx | 3 +- docs/pages/architecture/nodes.mdx | 155 ---------- docs/pages/architecture/session-recording.mdx | 52 ++-- .../teleport-cloud/architecture.mdx | 2 +- docs/pages/database-access/architecture.mdx | 156 ---------- docs/pages/database-access/guides/ha.mdx | 4 +- docs/pages/database-access/introduction.mdx | 38 +-- docs/pages/desktop-access/introduction.mdx | 6 + docs/pages/kubernetes-access/introduction.mdx | 6 + .../operations/db-ca-migrations.mdx | 2 +- .../management/operations/db-ca-rotation.mdx | 2 +- docs/pages/reference/backends.mdx | 66 +---- docs/pages/reference/cli/teleport.mdx | 4 +- docs/pages/server-access/getting-started.mdx | 1 - .../guides/bpf-session-recording.mdx | 9 +- docs/pages/server-access/introduction.mdx | 6 + 27 files changed, 385 insertions(+), 441 deletions(-) create mode 100644 docs/img/architecture/agent-architecture.png create mode 100644 docs/img/architecture/k8s-tunnel.png create mode 100644 docs/pages/architecture/agents.mdx delete mode 100644 docs/pages/architecture/nodes.mdx delete mode 100644 docs/pages/database-access/architecture.mdx diff --git a/docs/config.json b/docs/config.json index f2d3418633f0f..2404f4562a747 100644 --- a/docs/config.json +++ b/docs/config.json @@ -1437,10 +1437,6 @@ "title": "Using the Teleport Database Service", "slug": "/database-access/guides/" }, - { - "title": "Architecture", - "slug": "/database-access/architecture/" - }, { "title": "Reference", "slug": "/database-access/reference/", @@ -1888,10 +1884,10 @@ "title": "Trusted Clusters", "slug": "/architecture/trustedclusters/" }, - { - "title": "Teleport Nodes", - "slug": "/architecture/nodes/" - }, + { + "title": "Teleport Agents", + "slug": "/architecture/agents/" + }, { "title": "Session Recording", "slug": "/architecture/session-recording/" diff --git a/docs/cspell.json b/docs/cspell.json index 046775b6c1598..1072cc500bf24 100644 --- a/docs/cspell.json +++ b/docs/cspell.json @@ -184,6 +184,7 @@ "SLAVEOF", "SLES", "SLOWLOG", + "SPDY", "SPIFFE", "SQLSTATE", "SSUBSCRIBE", @@ -873,6 +874,7 @@ "trustedclusters", "trustpolicy", "truststore", + "tshd", "turnoffuserassign", "ubunutu", "udev", @@ -941,8 +943,7 @@ "yubishm", "znmqk", "zxvf", - "zztop", - "SPDY" + "zztop" ], "flagWords": [ "hte" diff --git a/docs/img/architecture/agent-architecture.png b/docs/img/architecture/agent-architecture.png new file mode 100644 index 0000000000000000000000000000000000000000..a776d52a459440e129e43ea1c6d1b4a4655af639 GIT binary patch literal 180421 zcmd?QXIPVW`#w&GwU4x=4xq}adqPA6Ww*9K6$Ft4WX3X#WPli%A)xkg5r#O}ql&Bq zh>RqxBrb@`h>F<|ln8;4A%-MC2>IP;pZ0maFaK}%xQ%D}+j+rz*8dfdRk@U4NtiX&ft1$^U@P}*i-aNgkXuRnuRBBUdIO^d z6md@*eR&vk?91V`&3oF5%D(SUzwp)9`+xjt-Nou$e*rMb=aZ0 zqx6EohtqjN{hNUU0tD@Y#LQiPDTqk>K`S7r4p>dQ>-nW!dxqTFWE7O*SVh%-BgTTE zRk~aPq6&00YMymqw9}oPCpzJtqtV&sWG5#|VRGfGt|Ac2wkK&b zUK6aY7tYtndk(lSa zyK`nvw!IjaxH8k&l@>uucLKRmNBG1!1V{&!b*od@3Wi{UydEjnZWsKt4X63nJ z(tH|u3ip*pxkb(hQJ0l&j@tjf7D0ZO1YcY6eukO1#Uv-tK3&lre z$vnY|R-_BFq!z7S*AYMSzUOK(CT?&;)fC$BKi)8SQvkkH58G<;fZ^_buI7cwsB3Y(#fdbhagIyP*0Fh9GZ)Q+(O1N!1`3&I-ldsPijKA)Qt zd#%CY2zOt!8-+qHJ;2;BUJMlfX&gd9WtKEUI|s?l`*m>jwG}KhV8Jwcc0okRO+2HI z{Er=*2W?JPuGLgKskw24z<1bdI;-MOmOR%4f5@nxm|8!7$%rnVEnQUhg#G&Ta)vceWV6w;TfNl_@#YA7e5oXM4cGqjYf zrpD|7$1&y}mTE$@^NB-+TltxOwDkO(pv16omkr0tiM6`+_v!VyJIQALRAx(aLvEKQ z_*Jgxt)bzNZRU2Gx-r9d$H92zR<%}5qb;?gYGp%0v>lV-J>)z z`ADNAwE>eI9v@wv1oIzH}?ryZeyk8yoWmCLV_AMJnp!m%zGwr2yvidRFdACDW884)o7mt#&8wnaDmzA*bDaf^(7Mn5@m|Q4 zEbBj(y*K!XT{q19Ll*?(c2=n!B;oyO{VyJKEMl1A;1z$8o<|HR6rVonj)y+_51yOx zcc;Bg)(0(ntH8zy8UduL+F4cJUnnVx>{>nUax}NTtk&7xJ8gwr#*EZfzjf4sd)?Ke`_gl7P8R0w%J1SlmPK{*fenK#aApV1AD?bPg^ z|NOBHwZrU|_C~h&xYp<3H1(UmJ#~hpHVHiyX%#xOdxwoi`O{lufbr*fr%+l*LY(5n zc47p!d7(!&-m#N0&MH;x>2kii3!lR{CijNfkT`AF9Aa?<<<9xkK%nf!5hXt`hdpbY zno_=FgSGnLW%LSAo)Dlr$!|y9{}3VHnW@A6Qd!6)?ohjmvq7)hpgODh{{IT>R7{rj z?&iG4YaX560B(DZHLkkg)k@ak54K|($|KoxeC^UGF4L_A8VZhDmv<*Qmw&MPHj%ni zw~JO8F_fXhFhG4l+6@93%ej}U_F*OTpzlwVOn9^6c&ETX-Ew2tBz(u5Y<0P80rjj0 zD>_o*(im$;`()6GNo<4+`#%k{h9`hq&R11$^E)~jh>w4?3!6$i5PF|rytI|XubRJ%9PZkiIdP%8gz=>g0jZaM( z==TT<+fE{+E2h+cJYj2PRN=uZu-T6BAJq6>mx@wJ3c1EumpR`D)xTSmet4G+k4KWL$obhWqn_JW!QJ| zIiG+rSNJ4`&6qc&j)LAo-X!E7Q9M^tnaK|2P28-M4$$ z0V#W)ET+uk6x7)a+m2!8w;oN!`0o!c9mn3DL%jD#tknu{P93~?k)0M6k!dcFLv&91 z;!9n!xioPmc)4Cv@lh`5Zo7|Y)C}w28Cqg;2LFx@^=Opf>^I+~7l2pHhAwnJ$?#}a zIL<&T>eMk?WZqxEx(olwpr$|wve=l|bPemHD+B)&A{RegA{=^iVsCd4Q20v7nN)0S zPwR|5I#NK5q@yG6ps=|SnZvnN3&!&L0e~((IrPRA4ykO%OR5J z!z(<>2Dnt9xs`yeJg0{pCh0WGtbyDJ*0R;A}M4DU66>ANaGwU$FV%ric05x7*Hy@Qr9SOMDh>v+O;{i;K}q{o=~?D;SM ze*Br+o>|sjJwT!RZXMa?wl?*?9)ETJZsADPu1D?!ea)_);`FZM5xDp0xZ@F^w0ZM` ze|~TBu|L)IzS|AODjT`#J*)&-u@`FzCO${7#uh4aaxP6DwRa2NnBwS{oKbKt^Y@IX zne@_Mn)6~uZ)jcwvVMr6v!S{EEmq^0RB_5b*&9Z+?kPY-TER>r3qG2%H_@``**$VmMo}Gr`AP8gl#sCkGRSO&V*GCLg5m+s62>zMdW?_5_5w6?Uj&yf~Bm>Z+(0e;Z1 zH|5vmu>B>1x)A9oL?ORh=N*I>@tyOY>)iK3@z`M}Xb3rd{huXXp_DFh>pck}hSM=M z(CA%OI#xsw?HcV{?)L&;8I(F7-PiFCVD0}3#aUw_tpeOV^2LFlI+O1R_)M zKV}h>Xv1!U*5qLaQiGJ$^{WQ2FwXGRrG8`6wQh2zKT>#0c}@g7Z1(u9ph{agInXG? z>{K0lt@oFTW8HD+fLwo)PF}c@oU{Ay=z72sgdusWwFg@bT98`kxncx z&0nfT50zGxL)jokowA}KV(8T%8fo;moo8C{kDf&|$7}@}t6d1U^X@Q{5h;H8eYHr{JP&=(>(i`h@ zHht0()puP;wgtxZ!EUi0D_dCh2 zkE5CByQlP4`)SY68^;rTwE@{9L(@*^Ce>S&zn_Ksuxx)S(7VD z*-QP)zK4aC3JcegY5!g6*dLj)=(n1SZ!f{!Dcel=O~!<{!w#n)7gAkltqsNs`O#@~ z<5jYg7q9)-#`i9?xHQyE-}~Fk)D9Nw!AuDCx@r7d5QAi&AjB3ZW0KTvPc$jufg!uI zo}VpAr3uA$XXEg;Ay^Ov1X)L?jS5B0j(>ag!BKuVviK_2{O}%=CN&xnc|jiBGhodt zqE2sGoRE%<@3jP(t>oK&zNLLxC-eIL& z+*bh2jHk2OQ^B-xmH8MzZ) z-n0DvIf20YH*-^WmH6^y0PZq+Pm=Y_oJ}K2Vd^&5TN-#>kQEiWQQER2X(3*d$>vK( zC=&A+(W`(Q-c!)&AiyzQZAsq@rBGy`UhPmbjrqpbo|S+anC!rsDyygO{6N?3TT;pt zKhUe;6}k5;6cwn7*xBJW$5zcSIBNEP8r|Oz{eS)CL7!T}GNms|L{`d=deWNG+|xuH zmh>bkJWo6OQ5Mo#byP@L0};MUm~uyD9H!!L7a z1}js62F330sIFL>7*S!2LVL1ahLBRKb0A3PP3ob2PL@hqe-uv`wOPA{lAOdQkAlV0 zrwHZ|bA2mw9x0)uK-=^g=V&$>)oJKahwossf5|1tLRUIrP348S<{0N05(dotV-$Yw zxb-i7WGe*oDxrA;pYpC~&?lX2reFMx-Mh6lUH4+H;pt!yD?YJ8{Vvu_@n$iG(GHUq zPGsPlH{3ASRxH_shpy8!A4w-l{Rf(<;@#?@v*%n4&i|_QR##@q2EzM4N^abwUoqiQ z!d7yhkB5dROkV@lvNJ~X^Fg$QiBPKHACe;VHudNeht083fcC|)Qme7Afq&G!Y+X_? zYQlf*B_sGfZ*&NHtCSFauQv(7Zy!}~7zuQKY7WW{6~>=y7`RX?qK>j(YjO<-;T7sv zy>&U-bNO9AceUqXNk|ziLole zeJ0vDpz%>J>=sM;CZ?3Em|@n+F2kr82=g7Mw}C}}!tv3vDp*YiyBxM{a}(rbW^BP! zlr!8yzV$-3dN{=6=kLROgNi9LHiMP?yH_-?g#5c)&TnxY+1xv^+O<%-T3I~O%EEON zajnt=R;Fz1(bx`YBOmA7-=?17GLy;Ol!BH7t~U9vs5;}LUW`NVTc=5|>s}N)K=I=a zHl$g)@NL`_BX}oa;L5cE8wm89lr-IQ<#;P1DsrrK1klP_l90t*ufC^wYDmlcv4Kkx zbH%gnoaBV1*CyB!SCR)XEp^=HZ!&muUUJta!YA*!&GFF4F5c|7jB<|}YuUxE5mzCM zwgY`MSo47JNu<~spFl8KQJmy&0j0x6@rIiE^OUNfFsePu#nbd(K&2|lUorC1a9sF< z%7*Q=6mu=2pz^aB=HMXzL<2VeB&w+*kw$o;8Geagnj611B91GzR^aCNwQgTcq;C7a zpsQ&$2Z*%mu}QRb z+M*#s>EyGCqv>k*Q0Jh~eet63a{An;7`dL(3dcRyyt&Ob>EXx+_?V9R3GO7O`haKX zpuNF;|3rUNP>olNX}xuGc&oZmm>-S1^PimYY8k(Hu6}{@1>45A5TCgQ#V6j5j{!kO zYZ^>;994XNCf*ZNKuGP}jxg=>vblvZEEXm)e-I#cKC+rGJE84%Ql`VMDHkUl-3bPn zgOl1#w76ndTno~iJ!t$X%+IXnDZ8jsu79|sIukC<0Rhf!s;}tDb?F;uJEY}u+C~ps zdxMP?pdn}Vf8h)3jjZ` zSAX1|;W?oeE+hUW%VVSf*H|sxMA}M5;K@U3h3RqG=T$POmM**dW9a$l6;hQgbty#x zM3erg6eARqWwpZ!!E1)@5}0%ylRmPYdMThf`HmwW>QDny2ZXl)C8gNGs|Gzf@kn5kdT5QnqiV(6kXY0W z9fC#C6t+C^_;I9_a_Kq9{#V{Xsjlm>IWjn8$GI&oM|j+0 zO-FUr@F^q|m_Ho}4al^5N7~k^mfF*{c@qzIxNgp4HdR*h>4CV_g3C|Dea(5bv>TkJ zYE3$Q4Mod#8)gnQVoxb+WT8k-o8A&2?JFh!ik#@Y5G9VMF2%ZKQWwgky3%^d&kmY^ z^a`-O8x;$kI8O2ahRmiWa@`M{DZ32@?G5U}#6|Cv1zZa3PIOW}e~mzuG18fw;1J$6 z40ZAGsOzD8$#kpnkzz=CZ4?|=HCIy0iQ5xbKCD@*4U-2=nl# z*nJb(B2Km*5nso_o&~qS`Y>cW<1MC4r!HnE{k|+Xkr;7Dv&WuQ&pUx>Dlra%F>#z+ z?9pI%<;Bk=FC zG{FR=zXEQ35x=2w*eMNp|jP&U0)YseU3m6>OosgcO2BEf`-ba0NYwIno-1orGb# z(^M1kLoR4{V+?A2;?SHVsRqxzVj<0Le@TDDR zy^#kn^o5sC)qg~rf$dGHSX2wF1D)f=7Eda9K9H*B`m6K)(kNeK^3H@Vh-YOpY&mW= zqZh7zSlp`Usz469&JO9f&eh=auLTnhKkMzgqq&6IYbf!Pq+Xm$u~ANf+S3uz^nqcsj1a^X{lhdhq5?gCQcEW!<*(u+6XA} zo?y}oo80Z8dx5NH*s$gu7TNLry-CFlPpQ=#6!0dP>GQ_C4=27dW%HULVv!Fo3Fxi< zJabgBILe{WlNKJ%J6pj<$_R_5`@S;ic4ax%_wFQ5$Glrkt}DXnPd<7O2Q-EPiQ_4- zYhMOi{vZke=oS88XMF{(H_01v0jU~xhs(wgwL0^Z-cl5%Y30+bYK+Gt#PfyX!IZ#A zDV`xCoUlk6=ODW+&1enC^Z2yLk5RPjdk-6z7X9tOo+Bv)vjk&0cO3 zTVUb$2R?Elo6v(k0&5#2`JlFFU$eqm2QxiXMH~Q|RypT+OdrGH%#XE<#~VIzMq_fnq|eg*|FQ4bH@R0 zQl=>Pek_iCz@|lZIeIaJRl(dFBloVMYOue#5hrF%L;%kYo!IwRzpRkXhkL8c?eG=< zV!+zG$N{b^<*v?+>fPi}yxNwK_%xbiY>jX~73li7JdcPcOqv`_K1U8>-vs~1C*`?S zDHX0CdOqgX@qxm8N9?buOGz%tM2UYI+QC__9&MS=3`F?{&be>TU?Xp{j=0LbLV)r! za80(4w5ZOC@riCNhSRZvXP>vDZM(GGLOia&;aJMKic>8z zu<5&_i5X*;&O(OWRpHs0HT;OsXtjx-m&N)aAKSso!P}D3S3P%Aj@rk~xa4qO1*s~g z0p|QvI31vWhS^Up7Raax`8kiDinsjbHrle=)aG^pt_RYWqp8ITfp}J-WvX2WHi!d( z6&D7dH=jsF1xDGT(7bJ_yBBmBFE92B*v?TLmQFyN^EWk)47)dT$c;Im>=F2vcecZw)jm6aqfr&{kPoOB>-@BZVdb5W6Rxt_W=I}OH z97Mc0b!h%=D1QE;XbF2gd{Q$z@%Xh^=ZL@&8g)%P=bB>pLlbwS7DrZS+iXKc?YHDv z2+36hT@m|y>E;SJ(oTVn_eGU!sp`KHZ5$XhCSVtvWp*CcKdTqxHAznN_vWQGGHhVE zYkY;ewJxvdHl1DR@(0%2{_jY$BOKLz) zpWG39EOqIIW~4-j);ILR{80W4Q$?s$Xpo{$GK{=kt|@3B?;uafG_NX@WG9Ai({deZ z5rdX0B$3Ok%O}RwLitGJB?W_lK0x2I?urA5=+u z0g7+?#JzIWdI$3$zb>O!a@QxQh7qe+glMj0=NE{%qoVHZzoV9Nkqnw;km909vj$B5s$7LGp7 zX!l!KsIu01CRh=Cv@=ua^BT5LQ!LSStEjKQSPLxEzyQ45ls9v%WS#qH^0#U7`PN5N zK`iIcjQx;9V3vTu=}GeM+LldBPm!o35uqa9y{n*MRasE)MxaAWPsBfQE5PPN zqte+=WaR$LK;!N1a%hPA^>PM04DaYVdNa6BsPau+3Y<7y9agwC>K5y3pj5=5XC**| zWwyKinKxt{o?5r!C8r#${7mCk~^-eQ&JBl2=krUi?ZB$L! zP&k$N?9y=HxJTsK3#B>pXMI{PLA#1V)i0w>hpkyX;m8AG-o>-EA1>~91hM9?%J^gI zw-4iC4-01LU|A3d)yo&aJa>$rRsjt;}#|iiI5(06g3W1+W?o zxRs2ti?4F3X?>;c=;ZL_<4ps^9bG{#s#bsdg3aQyo$kDjLU0UId}OVbcVminI>FC5 zfLclE4zi?i{nydAXl6e%7;Mpm)O1Fmo@KbE^(EDaXEZXS#*QomhielMUI;-*KBTI- zogY#gJ!d+lX-)*eiGW5J-X7v7jY6oA=$&fLhuJGenl%+Uinfulj6;A}fNhwVJw4Wm z1p`e%UD#-9wSb|0_pBE^Z7x3h$^j~u`%n$T{|y4Dn61VeE#U_J(;jy zP?tN^(1vZ2zxBzajl2Dx5KoEe`(qxS*@8I|AFIjB(kKerWDQhM;n=h$x-I2Sn!6D_ z$Wq=6S#heAzUMQ8`#qB+pDr7?UiKFHWgqT!?Q~(_PZeR}AOY_tNfj8-_(f!w4~fV^ zEAcwM3Xzx-PHh6d6BOjnoWQf~SS9%F>SlWkxnrFc5xkVDV63V|$o2-crUuBO5`|uC zIkKwfN=hpo9?=8(Bm1>U45}sxR0q^pUa5mV($%94mPzm zu(cy>V95HJNo=vJ>2oyM=1)76mNi^=BZpT4_lfGV=ZSxck3dm_{p$yZ_^_W(c|%$4 zKoP6!-EMQYl)FukXMMm1ka+BtWiGcoylSi>T9a{#$4A9`%A>#xV*$kIY%TcxR#FzczuOx0nraPx;kk1i4w2Y(^vB zRhS!`*$9K)|0KCohf5n=Ux#ediqGSt_%}#q6V1AUHrtTt%slu@@*YoL(D|Ft<3~Vs zrlasin!;B7N@_R9;w09l_gNVvbbfhWk#tcy^WLLyM$}|dcpI>_TrP1*{8W&eQ7dzfTQe*kb8(&3PF-{|yMpZcm@!SJ0^Ps0 z?%MrK&XZs~DUqDiM_#M%K0?k7!!KmXO7OA*?LP1E=50p#h4_ovMG*duH*oEjipmbp8PMw}ma)gi)>!vp0!?>3sI=P$ z8$-BZWn;>-XY@6Z*L^Sis>-lTC4x2YL(?iZ8W_Op0g&!d9DqS7FlcW$F1hL1-DRX8 z`02?MU8w8!aOx>+dqhScD4(@&4+Qb=h_@Nw|5N7H2=-IwDPt>A#euga|UTA`#ws9t7V_x315uC<;RQ- zOtpUGw*&ld7dPW^ocZ?Fm6!W)qty+v*Gn^Z8#{L>tkw9A1oowqB!dBy!z@}ubxu%O zJiu6O-6d8`k@)F7rBhbODg6-FkW<`MswfwCJ@MB zEo5tic)kvp9CiI*Y+JNq6qW`3!KJm5dyX9V{R_7P{1a_aWr{>HHdb@l%Dt26JNjfR!G6|vjIsH4D2pxC1E z89{V4xHQTei0t02h^|Bo2FwVT!KzD?JlDaxUH4KDnKv+p{8@f#!ug}B)V(O8j&S#n zsL|=#>L8!*1%uaQccqpo-U?bIsgf#c$f{+NR~VcjOF~XAy!24K#63(J{%+I$t5}#W*(xo`=2%{xjb|;6 z{_ao~-b`(6J{DEI0Sy zj)eU3p#Y%*sG5~uu$;QOd@;8g8I~M4Q|^Tde(cHngHDz?0%M8UE8V2 zcRd*npBB%R6iAj%C?W(UA1ohU*4ni$F9AA-+zeu@wj0T`q{iRu|CEKx(#~=gHh|HI z?-n7N%cBz58`>$7(bS@RxUf7+y^=YDT=@OUSVn+q>-lZu^0fljfOVC#y|GI1DOk4W z;BJEl#dt(<(zgeVZ`!ccc)#4o{rH`3}15P^;q$yMB<0Yw)PX# z<)RN4+b0pI)nO{mjqv?({;~kb)39&@M$!oA_%{*lf!aU|w8{X(pI9;B6QElYKzh)h zof})dVD3~xx-!+;D6WSgpe%DUYQph)H=~e9!8TyFR5oBlo8}d~j}ibAGA$(~^7qi> z3FT_(!%?=q^tg&I)ZrxUfEJeM9=q#}C1g0Dj4bFlz>YSm7AN@Vr4KqO-L)NWm-_dp z6V8p2>vA`HJ8ZZ6lxBi``)c#*a=ZAFMg{!j88wg3PyCvuN z)P^%}`g&OQ%9pdWd!68LXngoTIhBj-()7E8Y5`?5#<#K_D21FkRy&xn9!dwZOV^?G z1pp9Tj?Li|a$Qk?KPjGN8-(C7Pz9O^gY$-UCR?gZKW~+M4oA4V@;rX+Zts5WF?n3t z#mOZ9P|7#j^VDIt$>m^AlbGP&&n3M*5q{lsJZyJw+;8GiJZl(G63K{`c-dgRO;RB_ zVn;G)(28zt4n?1^jmOXQA=eMpr7HIX$j`=>x3iL^rIQbu z#5V#I9C(U7OIKTvuNq}L24ZbUVfQS*HK>DR=Eu)_cO+j34F4Vpi3q!lyVEj~k8A!> zJtCu{Hy$|K+zC;i+}ii_kLxdco<1FGska=2@o*ddV?EV4>SzDvj5PU)U%Kf?Tm>CwFp8|z$26&!lME;&(pL#u#sP- ze1-A!JQXo7$vD=naon`LK6Eg`>o((MNAmq7qg|y3mTN>Us-a9#^;~45ZmnJPFC28` zO6@g*3{V$cpnaJo!Im4#DN9jZ_4&p&v7rl+(hzI>r0#&W5Uk3_P=`UiQ3f zr9u0xmx$sja$GHZbl+?P<;2P-NeKM(3%F}5Ii6+zd)KLqrG~DX?@AISu#;4O%b^Dd zU>*IFC`CbbZFpR?EJ}m`WbKw%@o)R3$)fBAXbTBeAnZ)4cap!bY3PXo8+{!W$ecD^@KE+49WP5ZA)HAxyxiZj4%Z2U)@e zvtV9+DmSy>rw|b}=9^QP1$>0^zFt#l{e?K;?5GW9a^ZClO#XyyO~vNoQ)k&~=gONv zZ%W4lIo32ZHeF*Md^{zz(F@Rw8^4I^s$MRAb)BHrB){fP%IzGF*YcxJI6YRcpUTmy ztYpk{Oi4K@eR)4jnah61N;s$3NSEk$r7V-MXMA#Y|I}u@s0jc#sBW#mH%p6<(SsBh zB-DWNss^lsK2&Xvu5l{lQ75^le32R-+a#){@2U8dnMQ&}$TIdBJlL8O)>rmBGYOA) zd1s6@#9B}?uW)c3|P%iMlRU2;Mc z_``9QuL#TR{Yg^mCq;>TcIHDu;>OoDo`8&40O*M}4k1?K(51$@wv_iT)_@vpQdc|S zuz9mk<6d8*iLXH4dCe|CE;`O!_?^k$gr5GRN9ZAbJt|7?vy|?ajZv+?>clqeNf9jq zd2FpR`H_kfN-k0~CBdZ1@oB*$+cF|U6S%O1iVCyfJiUmm2bPCz@InE?@cI!4kf$)p zYcQaVLQIj5*|s&~ubtw05^6+x0AsKq6 zvodIy@^o3K4i*%U9I@cUVOBI32NC-D z^#a2AT7gF>*_PmTKu|L#Iz1kFHg0Pc)bR5BVG zwfN2)$wJyu5-q%I$?d<;Vxu$@+%kBWx_`>5mzRp64rum!Toxvj=$BOvd z=x4&A|MoRKIXYaz&0MR^n51VWuy-FDIs4WrQnuJ&{dFP!N|~3Ms`38G78O+(zfzK*D0p&`qp(cwpfeCxikB4m< zKycam$Jk5f%*LlJA%M2w5i|2BsQ78Ug`89s__({PuvLt6Y+ZAT|P1*vR#< zzWTm~a61PUdRkhN@hhnS&-QP%;{YeIG0@P~TFW2fC|k+Ft?I2fco;u34^^wyOgE+= z5mN)>buO9CoF@Myzo=r86RsLQnAyo>PIs}}L_~IlEy|~ce>c+A!mbe)BxEdan0M9j zui)4w#-jZnQdbz1MSFiX8IoqYn|D<28mlb{FA6ffgITMMk1Q?7#|=w<_UtRbaqJPM z6jsNx2COzwkx}V5Ix#yj@=EBD62Is96@OsugnqweV6PZ&IN$ip@=+ttu7=et<1HcM zE4`RQukvX&v$PY|58}tBLp;@vl9BeSXcJ&&4kHc98;AI=CBnx;NYshO--oU|g(9GG zBBx<9g0@^6eN=o64yq%_A2+(qTCcJJ1~bju7Hxqm%XPp(-7Etx!Les2cqNj91t@$f z=Z5jUXfbU=VS}t7yIaBRM56Zkx$nAwx}#P=ta<~c`z@4rK7Z4ycj3p zX6_8W(XEF5e3EvAIv*M%GyKKCKyf6|8Xf)Zb;p)+NpUhIh1A}QlX*foy*TV)&J}Og zLbuc9)sV^=e#TTk>4;SHo9D!#b=uR{P@c1c@%A>XGT}|QSut=VJbl*{kJ$i(G6x?R zHOLPkoV~Ll>kj|!Tqi&eUz_0&b$|$OGntJm6pq2jNgF8z5&p4>t2+-g>$j0(*Hcf| zo1AAAu2N5ihc#l?It5rygs=w_nd_CP!AXy^0p))z%gl4+Xj3{w+kmQ0d-M7O`*YdS z907V}!$3ho7#{#*%mKsg^st8#nAsEA%KgrK&Ma+5?(c}S%G>_wsJ=-zFII+plyA_TxXeG3feR0nV5cYNRD1_*;2i8at~nRKatwzqw) z<{sa(#wGJv=jlA57R5{-VBbdPHe6ZW?wI2PP}CfNwai0FOnx996Ji}YVPS9v-1TP9 zsvVqtx@y;y=2tfB@IA*sGJC4W(f@+yDaz;=9{2dAngc z``7uRhH4A()5rPMaA8luB*rgYtD5iz8HWUqu|Cat>t2NULI|-Q0J^g_X^(UkRLi-2mn(*Qv%HyuI`^ zpP$k9OZPH5M@YW8)1&zFscA1dHwiq6-*-IYJkW7|1ro+u1G;v}l%?`bxBG{Vj%w}~0A&Ye+?R+u{$7*-Dos)q0?@?JbL`!O>E{yO61($q zU3Z+K!JQdKcmiw*JLds6F07je>hN*38w!PG!zKU87HUhvX`UUll_Y-6$pIGT+$Np? zjtd_Zwgw#w{n8-pgtm_o{$peKgErhB>^KFn-QA?*JEVAk;$`zS9{1wo#^h0;W(`kW zq_xlWTi%fRtLS1E(n{y%N;^%W!@#AnP5W!Y55`e{s<4Roce0IKH1@W^aJ**M^IW5C zg))pO*H8PZ_bg*+56WUl%9-YOD6kJt;T#T#=8Jpl&rGB`wGt=Zc8f)3L%nAd+D+=j z=*m)tnQ1(5FqG~K97?8FX+x<)xhOM8;z|QUAh#Xn3)_GN`(&i3hjZm-HY!tn(Pu4HsqJMrUD`o1={hU@A>sw^h zb!jG@c|uq--#t*-L-{}}auEZqB2{F_eW z-LM`JpnstE3{JH|0O?a)2X_mC=1yU!s!BvG8c`R5nU8RJTS+0R>lYH2mem*z?cVo- z{$Oo(QBFpj11q7;M-PAaFyWtjS#Mr;?b;$d?h`^nt+$D=&IQ(MZW>$pU81upNs%05 z$m+S5{aRAZF7`;k6ANt$H*ebJkwOPgDOmPQ!N8Q=CqwWrTy>F;_%6hZ8CsEc^NKN+ zqjUN&D-}r}uDmL%$ld6#qB>>d;hB%%xvEuq&JyXLTUZ8PK|Jn4^2HIMxWk0Vk+;B% z1R!S5$|zjXx0^mWqOI239nTTJD)ty&jxhx2k^T``c??JzhUehJ)gL>a2V~N6D2pmW zR5hfydqbp_w-r5VoazgY#bSx6HWUw9e3Ar^vYG=-&%vO?eySteOhaOB{|A<@x(SEI z8hh?t!3E)fkY}ea-?2O{jpAQf40`W=jhM$L`ZGABw!0G!CXaV!UGd70E%a}a17`|u zVVSElhP15rl-$}M3gNjB^a5~e4(P%j_U=)9U=`Q_KXJPM%;+a7esW=Cg!x<9nBxp`9My0sR?gjCJ7AS#$VjMuj%V|IuU!TOQNWb*vrex>Tu+} zGqi!Oxz5)*mu%udOLYp3k}1RP2frB2daW2G%&7V@(zJi=Ug}%C#JUjdS4{)W>iHrp zI~)0b4T`so1^8OkvV`@kwnxhKD~Na-7hwFoCL^({cEga`P|+;=1lbi)NBO43D;K5d zxvmy|wl*yD(9$8Vk8!i@i%ZJQP={hj)NCwNr%5=aN*~duV*Cd5oln5mg&C@)jC8&! z91kM)2k(BDCj+Km?~zPim0bl3lOCN5sXTxX{8a(~f1UJzY;ivRuA@g7`6_M(4s7Z# zTlYHTt^BvQsU$xHT>_2u&^HsWV5juQ=Rbzi=HOC8|3vfVkrIbo7V$C#ECOyRE!W)o zT#UDsD? z_T;a9qh$cUsati;3+Lixv2z=W&Nqir)CqGGnmd;!<7EN!oUV;%#vHNEyIQ zsnFU4tV)7o@=Yt9A1iJT(q~`LQd-o+H8N=K9^oG0mWBkc5gS?8o@G*@OxCmu8vs{nKJdQ5 z*e*o@-R+DuBDC^O%3K539ov>p{NBe)Ss0y}S$$1T z&ib5{elK%%dYLWuOTqH40-hPvb6;N%u|i5QcF+*_x>&sPFz7p%h4ShXgX~2d5Oc6? z%YO4-Tx);%@0Q0=pwJn-_KhspN+2r@U}x+=wgMK1CXd1k2w)19@(4RinMSXDhp!%#+=s;V z7Q;#D4B80LqLs>B-le=~DN$TGRx=)sOJVM@(lN-v0%#Z@p+>~sc&P$kHPY-jWf2EJ`+ z{sijlsGwPL#o`4o!z!8|I_s;`J2ecggyVpBYLgYwPnp+*9TAKsGQcrTjO3O+=t0h# z+x1wnlfaYHc&YNGTbFMGPbs8;$RIc!v3-z!P3Lmf7v@>VkxP(Sn5^u_odu`XbfcNV z4=UKTF6W5rfSfH)FdH6UTee*T4n>)m?H7s!)Q{5(H`^cU8VT~R zzR#}vGr^Pj-r8ptVisq~P3W@R8PYJKkYMJaL~DC}RRx7e~M z>I@vnBqWJ-muUI*H31jhyS}YlFe7};unR4JLa)%DTNMJMYuj`ByTChh?N?Rt-*^63 zN{o#EwUGaM$A6LGzonc-0%fNAw1;1oq?G-=44YeAv`3tJg1<|GXX zM?-~b9c!rkVonVeJdGcRkf#VOX~}X!rlSxfwyKzuIL6x|dq^%|qy>p>FP?>AYq+>( z1>pDua3O)r0CU4uaTfEg96UICsI1E?a*ZA;sp{=H6S*xdir^?LIz2ECP%ch1smF#w z?n@{4%=*@jN+WT_a2Ko(oM`?+#rhmuunmurqAZNBuI4m=fHp4A823>ja5Q z`{xy{ioLee-_zYC9(>77b@?cBHh>{WUJkfDkGM>qJ}>%<&pp*OP`$A$7)|(4>CQMF z-)Hy$t9^K|;eJnge@!KULZpy?%%CWP470GsL4>cbo-~ro33tF+Ao0(N11VL#2>H|_ z6dLdnwp;L2KX1wSx-4pS{#rpXDaWT``h%^9mH^jR)iaWd4J)Xl7IYx%iqtfo-UvpL z-(9XO9^h+=5gx!K)AQPQPBv*w1w!<*@If$XWyTp!5|)>fZO@4z;<6K=%1S55(>%bl zy8n8X(%;XTe#!ib*gOlz&a@yYu~a=K0GhAkB-J6%r0QAXKz7SBt!ps{DEL+KSCE@K zG!_v-S+pVbJFqjQr^*ct$M*^2NMQU>_vqzo7KgyPayqa{6nyUXP!H_6n>L6*K$0|_ z!7GbEYS7L}iSn(LszboAHnU{HEE%JVke_b2OgC>MIxjoWB=|Y}HCZ_eOsea1MiPt} zgGAs9ylWOTAuIq;&7hVCzt(PzgY}Kdl+t`owH*Sikp|ecINY7aql`2NCJ*)*5<3hb zhSkpzOoFKgkW5jZTaMtS*0vCrYeM*Xw|L|^>au;0qnZU4OPOQvOXmBrI7T59BM~zR zIfT>m*)hY;lplc!_{!g^Z_1yL#v4M~=qb!zdk*B=F6L^N~G!KCsY z-Qzt$`)KN9GpqTfz15HXw;g)9x_qeZ=0+1Gt< z^vfgq5^8Gr(K{Zq55>HH%|#x;)L0CLTb@s;IiHhg!0T}6^H9^*#;}KuUOoF{?oL)m z_h{A}=X%)NKbh{&D00WrT0-VQ6Q42N<-LGt&Osdy#Gl;(>YUFq@Zsc>*CuV7yY|F$ zK?WqSySw{V;E8+A!kp#WudV^rQI5G+Jj2=A{0$RWX}ft5^s(I_zso}3UR!7qmrH44 z&e0@~rm-hDhlQ8D3e}bB@u?izX<-jC3Y_6iaQ9@j?raa?;rgi-dPYAk6f7EDoB#0alM_Hr6`#7l@~|1GT#}=6a&E`y=^yIHw>?&f zO!gJ#xgaxRG#|_l3{UOo%pUUCQBObghT)z}>9bjuxi}B-qQ*JVdd=!3%uAm`q(i>G z_NO%i*kvx_$)7K%S0lQQ!h1&sKjb60WPydFK9hbq;V}cq zpUc>fLw!HTctAC$z#S3bDgc*qxA3WpwkO>X*~x=HQk<`VKz@os{SSII;CEX_@?vB1tH#H-D*#ENDzBnv539(G+ z|KaR%UyV`^0!7|)Fqt6jH?|5{@UMx@+&7(wqPxYrItJWh1D8Sg9n&-Ujyv`X(I_$6@I5>cUIT*tFt>mS?>Ye=E!ohkjEbFX?N}& zX=f!hJ3OhbNmxp!2R)WBxw@bOe?%HTH|4@$AL)pZ{Lp>;6!O}FD$j6N_bw06V}VHh z&o(yfKOTwzQu^%KaXGSbFG#Cq!i~K%**PgZ{SpnRmhPyzS>U<1z000uPb%&URNgzO z4ooc2q?pweI#rCaeg+*s^O11ELL|E;@|j{$Z04SJO*e41>I&c-7u{@g#LVgxhDE#` z9n~xI(+qgevwk)!<1*`wFY6J0P0ZQ`GN~K-yhKwxK*4sH$dvw)%$s$|=%-h?#T`(6 zz7w<{H|q`0DHcEGmvN--FfgCAEm?bEE_2Xv_Cdkpqo6E>>Nnkkjh)K@z!H~aO1ozt zsjPs0yeNyFFFHuBct&bl@y`1;>3QmzmJP+o!LetqbtuJ92K3l+Ox6znP^9pOV)Z)` zA+q)WfB@?1Ge>DC)R&)B={p+xr}T}@?`aP|C<}7&JXi(>ETHbV)6&?bX%-b& z<`B!&SVfyQ(g_6WKA|bsQnC$AM5D{w+NF;8t5O#*rn&AnX@K9j@hakMKp@xFJPX4< z7jE?D4>czn4cGkU9^f~+pFyAnBis80)+Ir?tTLzW_NZ0TfC6t;ViN$pAN@SUl9sm<(+YNd= zWhAc1x(0E~*+T=yHIw}f4r~`iCZqO)E;-Fzzo$gY36j1-i$=IbwVE7w%RgX)mc9i1 zo1J;QCs_1#UH+r7N3_)FM@o8j7B~o!5%2{gnW72*L=Sq!;?~&R=gN018N^e4(peIa5f?h|7I>tU^eH%WZd*Bb=o|^~c&pv#07JWZ{F)h6Vh@rxd~pOI z_QPHt?bTEB@zB{P_penFc~*T#z)YF?nUf1vtl2g1W(K2!n|A#GVvfSGSxMrY)+m_9VRNt&j z|G)p5(7EJQ|JhS24+p~J+siMhQr#1Blp1w<)}zj&(*2ViURt2X(rv~892;~quPeqfmlFnyDCk*0hLAOt%Hpo05*;%m_f%OOMj5g|3b+6zPmuRhh#>^ z&e1MLtkQ&xNFIJbB|(5l^8T+S`(Kf4F}DATu0KyEfTVtE?!4cuLn0-!_3g}!PJPoY?czCQhCWr?}c+cK@07ksO z6xn!yk#t)Ap7tdRwEJ;O>)u05hYmb?WQ{Hr2EyLK{hU%9ZUl%N+@gOYQAi$D`@{ht z{N4MuA`a{v`v}eqK2f^6s{%Qt4s#&gAzF@u%^5%atOly-^E{I&_)=RO!e(y-xz5|R zjWfq{u|3J;UZM!8{E5i^yN78VOBeo6lx>YiovwJ8Gy=imL zG@=HYBHXKH@8_*Xaf{-r(u9Q;s|ag)R8+4{gM4t{NnT}x;O{4K%68x6Ic*Y$PuFP%XIo1n zFMNk}=VeTIFVC&imkxB#ve8ND(pccG+4a;NI+Xi;cgNF%u-rHR+&Mnvk5Q8ZQQupD zgty-nxhl65H|2nwZ9S)g^_4iylE*eZ<4-1+{Kf=YqFxE9hqUKzuSrXNHb7u-@FpO? za)eVzBewn8la*j1(n9st3tn-!ld8*Dc+`MDOR)t{$RTLThlH0L_DhkTIMsNd&C8(G z2vCG%FOQirc#CaU*|?k_IJKZe(1Q#SmwO%07XdY~(jq&*wdfx2R@~ny1Y{uh&tJQt z)(l}%S?O3~Yg?#5n@`qc=~QQG1C4JaLbq4yA>185+xB*2@WQ;KeULRCRc1TSnHul z*c;6!14=&(mNUxfT_WY%pBi4q+q8%LwiG?u2Pbv~o0sJZ>#byle@eOAr`l}5nU{C- zl=8kUkuf1~D51D4N2dN%XXzXk6%=*Q^PlyYlRQ-}DD`Nvvf`y$0ob-6*{OH_xw6dX z9pzlqtf`7S_5;At@AqDyh3X~|fn;R&7dNl6|!8_n0@ag+53)!3&v{hG! zVnbUuGY1&nr5O?&wQSAVnXoh9U!2tHw3m_o`N&6_H5F$so@a|sNWf(52VLi4$!W}2 zColIA^qA*2vbYI}gI|AUfqM^xiI(7I(g~OcPmH%v4useOqd%7D0Q665%&*g4{ujMu zC)ljP!#7j;rse89S#Ks2qu0EAxC2P^JZ2l{q$~0T0fJg)03I500HmE6pwCK7E8u zwlmhp2E@0gaK#jm|JZC+F{;J=)JEWSGw^g+`9jYd13Wwe>S7fc{gZ3t_EvQl)kZ5L z2rjCj^3wQ9QAN!76Lr1;O`=s22wY%XGefsj_<%JQ8_uOiCwNi+hs4|lo*kY zHT^}%>xD)NlzqAy8x0NCLN`9w73B^*T9XD}P5sJEivDIn4xMYK>ZJa-0dz&o4tn}u zNTS%(bh_b@LsI+M+N#7rp`Yh!?=OkFt#r+g*>wL^PN4Ew%)33~wxq(;TPLcLqojP6 zwm$fyCqjsT-K%)?b27@qEL&E_mhPWv^8G46sU3nZ>(Y9&2x6eF%R(<-lbk0^#XU9( z8i;TY&R)2{9u7SzWa5JH31n|g*mGkGBZn20ELUdoJ#)c)XGq;QXsnJuTyf%`V{^}YZJ&x!WOv?;k9CvvJU=EY$sBf0+I=+43ivkuEm0N{;hxsdXnLT9 zL+X4IgpuuE*nGGRYQF5#?Q)?NkXT#sKm(-{-ro7`S80TriYKFsuN<5DE^>qkc;I~Z zh=2t^6OBc`NUWUH-ap0ekJ<|hog$U&9ZUwtR+p1 z4=gsNH%iaU%es#;ohy+NIiCnQ#1`|r>wYvKBzPir8^@~OTArIx$2yL+@AUZ>V;b%) z!(Qr(i467FRxVVu^IN<40g}G1+D7}0ra!T7hO`jy$#V7YxBcO;MW5`RMdU) z40;-v)|Coj+APZ+kcepTcNIlrh$jQBi*$Sr!PMHXDk*# z&GeItc4Y?aP+YpX4^(}Goi&|MOyxqa1XojkASAX_4K?b@};_Fd*% zVOS%E1KwGRUPG*m)u9&fLU8GkDJFZN;wi0#KAi2U)5M(M_}6MYSG-G|DMna--s zcOW?06ZZaTGbQucGko?Re`W=y>{CxzII;3CAynX>_H!MA(z;!yR2QacgZlGhJO+!F zfybC&gKk0Vf9(06RP-pf`%kfn)8v6}Q@(;Hm0_*p#3*Egtp=Su5L}{~U(2sP!a| zpNV@uZYZ;9wmkdsmL|<2@C8dE?rUJ3cJ$VWqqF1`D6h?ZVYbxF=RbYK8F22o(*_?$ zaw!?w2(gP-wiLY{WEM}GgkDfvq#w0xP1qOk{-4vjhOmROk0H`bPaM`-O{?Y33D*O} zuidhT!-Uiv@7t;&WG`Oc`i%K+;*v4%f?`Z~k^ctmDzu#CywNW%{l>|q_rP!!&!TP( zaA`11v3Djg+}P@gI^W&qJNe8%@^#k<|8q>fR|q7obI%jFUj1rFts;yJ!&3-AeyhHi zrw7upB;qG2V_zZL{;-SjX4#_Q_gCiwAgLI!tq%6 zKkyJvCD)-^a?o5kMye`{p+?>>$>mFen76p$#D4CpA$b1nv0HowEzDgNG9aE{R~449 z@T~c;#x1+S9jH8%-ANWv!sCAl690fU8P{#FE-uSbG?kiUC;Qt;pRz{b4*CVaA&UX$ zbgXwGKOIl_7OyG;p9IS+VES@P-iykGg-P>wKd^LA0h=2A2T+t;IUj30@Y-kDi;&jM z$Wc%xQ$lbvJRTUaGc_`lI>5~w9>449*;UmU|%8ccgG3Rq_Z{JSQ4zf|J75RKa1t_tnHodGd`W( zKGw3B=n`{1u>YyZx*HUNJ5ANI1Uo{h=Ip22PBH&$SI(eIfo6*f5azz`^6VAvWhRr{ z6(4dgHPDbvxrT$P2nvFynX70hg4xY1T({e1$EZgniuAG3=DDA zAo^})yOqqVu_g&XVn4CkklETK2tNa4H3*l}+sA)3aaYUfi$)Xgq|co*e_|qJBb|O> z%8K)=58ux2ZksPmR&Baqd|ie!eph5!9*I9)PfoQ8VlW>QGH437p_OR4TjBgyoPWj0e7$&LhT^Yz{@SLfNea*7K%Nt+S&M-qi z3gas?Y^)xJ=Su)e=zu`mUj|(B!XT&9!$M84N>HTgd<^(L?QF@n)LE{ho3JoNjTVVC z=hDNmyp6#osotW)Il~{gyUhF4*wsOb^P=}^QZVjqqfV#Xdzl-WJ1gdJ;5ZM%a7u}tO{7j`bAU`u zbtO{9Q9utfKBcOxgH!Nie@lb8Y8$xO@c0H;!Vn*aC{exGR|qx$Tutt)Ax|!Hb&qQb zNAJNx<7D0;uFk{q63ux3ME#l{AD-UguZax_|6>&)_1MwDCsBkB3`i3>R6ww8PIuwff)dtCmD7#>YxyN2aWAn7Tk-gE9>Fk8A$@nlT?zN zPM$ShgoRvgNkolnCXl11Lihd2iyA9x=S)(Mr$4)F0GmI=Y9TeGI?nmk8|af}t|lQ{ z8Ls+IIkZd8jXT~{qd#&i#gGMte;d^{ogodz`UnmTJ;$TQP?R=yA#yCH&B||iAUz)A zocKEpHksh@pvR3i?7vPoy4YfZ*-O&y@5`?)3wbW%qk$!XiA&oz>~?IssQZns%(lLaVFURbTMteOGS9b!o>7| zZvG4%q#w4#Os-+~k z=sJ0Ipk)p^&*UfNh_R8F- zAnc7Me8?RL_si>a(*IseGP&p)^X|eVFr#HV)q1~czW;fTo8YLS-fbsQ<25f5O6QCPKa6%o z!sz<`R8rP_gR#NN+pMJW7ysmxx|qZ%dC}`%{Hs({QsgMLKXQLx%7n^g<1Z||mGIIw zR&SqEn0B-6-4be@{P2t@8X79;csGXDYokioSx z3y}1Qm;Gb9%c&Ro@aM}<{7Xn0dp$mWz?$^E^L}6QM86BnqAROk^RiN>rlB@8C+~@` zEFy_e4|f<(XkglGK6ff3hz>YjS7a)5s#zvi`sZ_i6V=_YACr-~^@nbM*wyXbeVSH* z{Xg923V9hO+P9hi3oN`hH;HgA?bpx{UMY1Pa6cn;6@rR{z0o@-A;B(I($1M?*m*3< zScCM{&^k#**kH3!_6-Evv%T)2G*MQRb<1H_iT z=3aT5jI$fYM8YcVx4{)&tdvnZZvPNyE~oEhfOxf#?yBZ=YFrSOaEH2(zNDSCo4_gg za}yLR`wSOKm*0f7NZZ{8%UEw>ks@)_J>@t<69w61!$j4LO-xRgJUY!{fUlX1wNHB! zoqcGvet;HND~O0GbePMUVC=Uwu$XqS(>wFUV_dm@Fz6{X7G2BL((jQ0BaWxVR|m2BFxmPErW1VC=}E+tLx-W&i|A)b zV-mk?hjikL3x5bp2Ycw(;w3^oUwVVkvRVl$Fj0H>-H=46-;r|Ojl%!%NjZnlRBZ=* zZRtSd4d3^+a$?kQ4};8t%gS5R2ri+zVevkWXt$B>xshJvK5lN9?B}^H)wIAIE4G)N zc}YLR;FU~f*g;s>V!N@kgJ=Js zm=lB08!OfuxAR`kUih^q=yB6|s+Bnh0(F6R}jdFHi(bwCdzybs9<*x9R_#lUO_Rw@L0ejfoQ1{ z{jKHJgj?gU2;ZyJ-S<%QY~Vr>TY5^gP$sV7W3#s2^D6xWft9p0f6F;3- zS8pFM0R>+Pu4;RbSD?`->V4A|` zfy}~!#|1hS6GrA@r6oN6yV(qWU}6{c#DIa!&##&Fgp)dg(9oevYe=_p=1$rRm3Cj( z`-Q%arqYA`k5|~Pl(;^o2nS&rJi6J z{U)N^Hn{akDJbx3&kPWmR@aHy@|M{hYd*}ZreK(jzkfc><)%}$jR~)7caG)@BHqRH zG|Q#ORvV@zLKIG&midt|rfX4zNqlx|ec6;aO#}ZIUwvI&>zEp!fr`2C(gAD{cNPbzlwtVRT-Z=}bk!eEn~f3>GId{F}&Zavnw zd;ZC!llLL$ApXH)iLSf>xq_kF{oh*dCY52WkubW(wPsWPv#Ijv%H5@Qj1~8S>^s3W z^4-_E+9kC*HX2QMb5sW|Nz7HWtybgFP3hH;HIe8kTpTBA1)`$7D=i ztP;;Yl-tsH)%Lwn@8}GZYtvRVVGm>9PRXtIo`pI2-4gO7(hql;`Vd4<6gN#Gvg4;( zk*%(mBsSC(c>QwI_3CuXzJ8%uTYa1-SVBU(H%yP^BctD3Q$9Qy&ZAnh#bITRb4H?x z-GXg+jfVz6w)&9uNo`tK>yd>gTG92l| z1L@v}mR(;rd`V05_RDBUccC6&`Q~<*MPWIl)FQ5xJ8;sl?(5bj1Vag7GWves=?m%L z{0lDwGYQZ;wX=|wSCOK(d<7yEdJ5*iPtEDW({8W2UH*Eu*Bvj6cnBt^j^kce1i>TW3)A2r%`c(Bk-T1}&Nb>1Er* zcH9I95~2~ZSVh61gqPiA56cd;HiF+$t}(vSX`@r_FQmK1FruMW=0r0^9U9e21LkPy zr*D(Lo=KnJ+@^JYVILjdS*17YZU{M3ZL3*KN;{|)S=du^WVWt`{9D6yOG^$eKl^jQ zx2LB$PzhFanC0q}g~6MnN(D<0F}W7#X`Pm}07U%x3OE%LpH{PH zX&9eRSW>0uxwJvVhqLHQI6f!G>usZPT4Q3uJRbVKojSd7Y{bmge8F04T=>?o-|&tt za!-RSTe@c44;FxXFVAvxChV0sE+3_dm{f7nteO3usfftp-xM&H?o>h~z|hI?sKayg zKg*+mluvmr<@0;89j2p_eyHASLx|xYO5&G!tl389=+)e*d2~JRvpuG=f=m3pu@jCP zh*gYrOggOR+7WP8RxA#}VyDpA+DsWM8pF)Z08L8zDsQmEro!k~U0U!k@%#n(ZAhis z8^dcOO~T$l4djUbzA==KO?GLX{;rLFbY-^%bw&A|4wDJHUzV?DY&Wjbg2BH{?zpy| z1_s0ierBT-CvO8k9q}{uu3hkUWo>{XDcL!X{o3P9^MdBT zJcWF-9MTRz6GnC4E|GR!OZQm^^Edr5&|eeaVE(0YeT_o9MxoF-Mn-DGsQdxnz-Yqn z4Huo^AN>RO{p*WIVfU>rw$+H=2yX(C|K|p*vj)!A$+Fi)H@ickC*mGV$B7x2Xema@ z6E5_N{A)#JDez+9V+?2ajh_#1xMp*!=<5z`id8{l3oV?1uZ zS=j>ly+xW+4@T#T>mU}=hS{-6pFgkMF8B%5qfs@*cffv|Bd9tpI2XvBfbl~aePjIj z4?C%(*$rA!Opby<-<(?OpN%TQTU^fXH`2*sg}JUBCRiPC=dIGU_)34Msn*l_Qb``r0Gw^t<&(p(1q&<4m?w6-!Ei{3Q7}kYZuTVcN znm(wSUUKXdFE8dg-IIeb*l!aIi|^%4P%fon!yWW+xPDi@k3O3q7Zh`WGI{?ZCB?CA za-^dpkh3*GTXJ(4;Tv#fKkDCq$nB1kUcSp+eox!`Em~^b555co<2$N8YhsnD*&lyF z@#kxOiW7p&^mzMkA{B<+Gd^#msa;m|<|rWpKugD`TITKja&_$}4E4AJVy|09T2bhn)sdkGnD-w|6fznC_5Vd-J7g6{Cy&EYC^P8jc^x&&*D z9pVLkdu?HDOa;LX_(krOJTh>nr;L;BZHnY2pb|(u4YcOK&p19M3-NfoT^A4MSrHMP zGdimCx}4}(I}Slsv5w|szIwNrtgds2t+sbz#;~6wRn;|TI8_$<&?u5xE^9IuQ%sLl z#Li@3?v`$H5)PG>#1bDKFz#|zyLj4l?tI-}NO*<=`{nlj=>ox`z$W&bO?4`_nj^gFpO1pP6lmw$yySGhP~pX|bUP zX0q|$$}h6_D#oI|zBMd0v50(=gDFn z*8vj)#!e`x9!f_A*{T07W9Jv9VAx^zk3k$<4q^Puc%rvmIBT7WsHF5(xA zzmftYdyT>T?7q}%;0FYbZVk4~N7-M~t+s>kp)}MPWnh>)4MO{FE{e%L2KCJ^oxBt& z%YJBcK>6S)%+?M5DF%iT?!0|{nAz;Tv-CUX&Z4mknD=^@&PskIitjYvx0=v_S-W;2 zd%ju;0J_-VCp#QFOk=Xv#SDLw5bY`^X{KU!OU-ak_aj5JO;EtgmlHlYC;t%tm>`@GeS@U|<&Hb?=xDhmHqFaonu z>$dpfnhB-+Oc%ZZ!ulkB$dmMhL@X87`M2*_x77sK@i5I;V)hIcGM<*d`Y9!amPa@+iU+yQSNeEG5GU z7L>d8(tfZypC<^ zNWcO}sNXC*#3YD1)K;3ujCu8|_}H}gJ%lC}2~7!iHq6zh==_coRY09CmbxdVXMaT} z%8rjFeb;Ee$Jog>%^W};IR@>&lcL821k`?TfSy3c&7tt7Qd8@=B-%2GK% zOI#+%0k&lA$(RdgRIRm99{i)DEgS&>eyWRIA4Y^?!VIdb4ExyGQNb)gu8~vHk-%A` zyqWfDRkEA}_mRD<+T4{?f%aH-_by7m@T_luzh8d$)JaQ2FdOg%qfxod*ME7fc+Jpf zhn1haVhYBfI}kpga{ad(yoy3&F6o;FvRleNzP!9{Xqam^Zg^Yu_F8yZw#Z@{vvU_~ z-+l=niL*@S9DJ=Zopq+Htd#94r{b9mWZo`LTu=X5v7YY%Ve*@2OHl{QsH45G`4D5X#df@N z7QeiDrA@OyR>+W1a`*U~mJ*ibnIoMH-2$sEFyhF4`=wOx$n=F`(3i^_)#M{rGC`yaaxQ` z>U@5cn#Oz2z}1e^U4A7-eK3~3(8|47_FB~vmO-w@u=dN$3&_^A<_x=(cNMkAq*HUc z%4*gWdv`w%ail3piAxXJSnX55fXv)(FSv@q#6BbG%$XM zF0EeMi<8%V)K}uSxmtHIf!#OC|7r5@4ai3$mUZsT>^F5k9f1|)|APH8bqRTUC^D`7`2%ap`({?qPe9sNXHvjQ|-`b*UXZtGI-Gl%ZbYveQPY=7Un^J~P}4D*r1P z6=3E^PL4u_OtFN3W)i+eRMB9O+F9tM=q+P~OI)sRF|o5u0S*CP4dCuBAC)GTrE*^w z-*uou=b9}LyhqI&g$>Gw0LQ`NWo!m6(r+S|>H-5TuT)?$Yug(|NFMG}>{oGm6B+rH z;S0|i;8fSSp`01|p&iRT;-K0uj`Sz;gL)^8-_?C#?ilV`xESt6%+jC2Ra9==mtqGp zPa*B)j^e+J@UV%qJL$WHqC%GblI$VB!n2oN;Qh9Sbt9FRf!Dp>f{S@{(DesQ$P;p^XP64!>Sza_lP{bzp*P{u5A&HxIc0T~l zW9d0Hdyl~u&VE^s^6yxiE&Qu}Z->$E4`A2Bca?^6m3>cR9D3whbo>g(_?b`Wj9S=_&`pMPG|J_H5=p|AP;{j zImQ2LHU%~~Hh)5%RS?}`c23>{hc)vXkFH-?xcEV0qZfTlDjvwDFN3ZZ7_{iJ7Ks2D z1V&T3)3gdzC|cI5B$k}(N9udOg>px7(MT#(`m+onV+YeI#*b#h!nac~tVoHgSOT^T zxEIM}8ap%I=wW`7eiMt;23RyOlnVIyky3EeS9+L@e(D_J0stqXlT#;4aEmizuq?5T zb-lbKN6+7XsifR}-sQtWY3N8C>SD2xFqn7OB2Yp?^*MbY4|-sEYJvuvEbj?ma{<5; zU8Wn>;t-QDd-ii=VP5OUERf$Ct+u?ae~< zs(0aK^s^sXBv|NWYSd~Y>?nG*q&n9zMCOP`ASbi;h5)K9>AYY5nQcUc<;L@#o4; z$7EkS`K-+!qmR%teU>>L=hQs_mmPX%s_90uU*yk^YV!C3?e2yNF}oY8{Y0cU3XO`o zC&2ugvB2*@nr*b+5g_MOf4vFE4K_p+g8c?zClxn%?>~gcypM zybQygCr|pH&jlj-52rr4Fo;5CTt{C&b+gi@U;4#KyK7Kz6W(t$z-xRwhkoTLHMKRV zh$bJJO{NI$TEDOYn6UIX5lD0xD)%jWd+j}dmaZne1I=f8V+aqclc*JXoQ1^VtxB7h zK-5rsg$RrbpEZ|q=QhAmFvte8(kzQoh5AK&9=&V42-$-Lq-9%Xv;B8~IWNN4gv}L5 z8|T6m#=zx{a%cehqQ*ZlHlRoXSn)gtJx%r zKIyEGxo0$4z2CD`sFfRXy<6W7G)$T}fpKn3MNx$ksB)F$4wshu!vd8Tm}oo0zz>L<&~qEFUQxqxDj zoS1&ef^fgzO!BRCT%$W)D0sChbXtwS-=-%^MjHQ_VX}JcC~zDH1Pb-}BA`8d5EhOb z2M)N_S+UqV0c;(RLB?|K6kWJRJ9YgtYk zyU!<@M>mxmKnyo8YM+&mINFDF!d=gwZYv4D76Y zGe1|x2xWNs{*Q@i#txC=Apgf zu@3AJSHiKBrKIK_i6#Yd{ui#YcjCWQE$WXS^5pQ9kwS%;8*%=keLzy0k{bB-sh{8n zVQ`7-yU>lC{yl_)C#Tmxk~@6t*xY=|Gg|}TF~m_CK`UL7PV-k;W9K?9E-^? zV>{MpuK95l)eYo>WqPxF_uXb2^9P$;XQXl?eulWSZCMW{V_smhsYkp(H#wNIO~O=H zv_}$ZX8V&F5J#~9bkvt*wa>MhI2bl*g#n=p3}-1e;FTrCj#d`=r&3QzJG_(rxVC+J zra4nyr|v=nv>1J_n9xk=ONTv}7O~`aA^oQP6O##?yp0=6#-^{%WG%c|dJ&#nKwK{= zA{1Z-oT5D0U5th*v-kpYHI->Uexxu{H_5;Whr&9aVzIvk+5`wf!&gg>n$zLf2@LWz z4Qc=idI2Ncex09>VPXRFJ;%pAoPLH}sA&sIRMVUPG8N5@y9wb$@-4bq4P{U>b4iqf zOi{TeEMXNAL*tP8#V0%nnVfQillL|Y23_)`msG`EpV7gnAs@O1+` z0*(TQgxOCMDF9B4Ihmdbq-CbrP(X}R`rr%Mh8F)7^vDmwbtabM4>!IYrp_e<6u-(+ zhjyM{@ZaSp0sk#4C=#(;0_4KEvOGATnT`x;@NswJNTF+>!0dB`IzM3rZOB~L{k~)3 zraC3m1(o%jtt}kV{CnDDKQbUrQpu)TcAn*TwcdGhbvkgFUYsh>JpzF)xdQhRXb26M zzeY$p$79R#CvBbLT9_j8$E$d^bw3yfYCvc+)a2*a7m8EF+ko(K1n8}+IiL$06mHIWh7e@pln@?}EG*T#O!VVAGoW`G1bOGHFGpX+v)#_5-K*eib2`fC(hu zfY-rxuqH04R&lk@5$sFZF-Z7vN%EEYUCawzEWou58z@fN-t3i|Hq|NgIO?t=qOwou zuv&cM1Up^gl%?ex5N^~zI#Iv4x5p@Z>6 z!DS)!65q278v^_pKRu>+8k2@*Os?3E^)3nJJU4f2+d1{D?oo3wHBZA#I}HcUMSh-@ z6s>xBP!>H!O$hWmQ$16a0{-^)oZpqQXqx0o;C74Woi)cW5iOkUK9KD|TRD58I;yQu z?4d@dIR?0f=;Igs1S{pWDlq5`oP7g<>Z|UBr`XYg8;IZREwBB)DT7Hz(KK>h%hk!e z<<@pMSJA8&;N2J98s~oK?XrQs4egL>Qsp;9$6I!Hx%{TNW3Ir>n)T;j*W!U;zpFF} z>*)~Zs|o8B?Ww0=7HT#A#SET2Vs}oeP1u{7>an{E#iby>5rD(a8=4tss!G7$4zUUj zO}b{#U4uXrElipU;!H20oj7?PiU#h$W}+O*OeV+f#AE67Y?*c;%!1oQudo@52md%wYdhZZTDIR3h%jk? zw`A)xY8fz};|?zXq-Gaz4@!(;R}F2?EU4uK$}L-(00FMwTag4?brTmZ!QYtHtgZd#i5= zWo?P;8xBf~o|^?jCB9Qyonz;z7o25Unj-@fRcOJJK*v7J;E6vVs#j6r0YU?lz}0oO zWsXt+S>Pr~%UEk^inVpT+zV02SJjX}b*BI)G>ZIpjq3>Q1uz#l+T>izbW7w`s77_f zLTO3&V}~{#57KT9Mn=C!X4G55&R5=ZszN~c=Ni&h7LL{5SjMASl8Kh0R9lzJ8Q0^S z8V4-a1b3pdkW&W;6ng=ly0r7{3g3>)O0U=>aW$V9c|!2{Z_a31eRZ z`V7FWn=#P1SLmWtnKv}a<#RWkc!GhG$$(|8uA2})_2Oh8x>S)$OwO~4p zCU%~B|6N;BHoD<<959xka|A$~t4=yVeJ*(#HRHxdoKr*s$bX!=RFAh4^+Gs&Ug8SC ziZJ75Zu5qnYJejG{10$a<<>&`PhyEC`n3^1OZ5ah(V}Uy2M>A!3yaxj&J5f@ca^(# zG2JjE#%kG_n%r{5=yO7U8m==BE0P*O_l`FltaE)HuCx1RSTZ(iw|p5dZFEbKZ=4pPi1~G67hEs(1%cjuw8m_6D_Gd?5XGdi(Sr+~cU>}{jq>VMuY&Dk)l&&_1R4(d*XB<}4JX%leV9;U361`9be zIFxku(`q}}>S8wa7QSOZlOK}f}GsaOl%SmTL6yor0u2i?Kf{;AcZ7%Q4PHl zvt!LloF`VT#4J!zhQwRRI!hGtSPbH=x^4)}RWwkqmTYiZCPV_Mcy=?Sy?uNbNXgd4 zADhx!3S>tY9X?KyJOrQsr}XFUlaTp8ti5?W)a&~{KCP6pl@uYgiBd_jPFV|?LUtx8 zlu-6nNl0Rfki?WV+e}%@nq-e@?E5~9+5GNl)#04?@0{=FoWIWFam?$!?`wNr z&+EFc+r{nN@ySS`f{Kxa#~&;lUve4YiKq+~rYDRN8W2O|$)JU!Q#Jc#2kPngt>fm$ z8DL}C>YJr8n$GOl?!^sg3KTqfWO1`NV^g2^F?n3?SfbVbu6jKnjEmQu4v^WCcEI9K zJ0e1W8OqJmG6qd}iJ&FyyY|mMJl3&ztQrC9g;LBxX@;SJ4DrSlH1r23RtGr=i(aLV12rSA4zIp(_@bY8jQG z4nxO`mi5C=fdzHSALcGo2EqT_?%&6-c+5d=Vq4%BH1cdvZkywrSxHNN-F;Af2h%A> z3`{Vhr3nh3J)OeKDQ&}ykfo)iCXjHf2WwgiGOSySW1!WJx(t$AQ05*m{?Hsk5xDp%@a)(ygYWzfV`kpBxT+1bKVMwwkz!Uy=*281}6R?rXP82lL0?X}}Tm_nS< zDieHNntl3EhOCr0h6@}uLq&ei1Owq=uY{PA2pC?TIFJw~ooGTxN3B1?Rp?0>`F2XM zBriJh#N^J12>@96I5g^s9^z^9`uGXMP5RsO)V01+VD1 z=_{39_pot#0;tp)qJbq)$D6;K;`IFty`JZh_d(&a`g-CF9?O?8DS^Bz={&j!r}P7{ zf6KF4R6BE=&w+@5}Qg-%NmM^72^L<@c2cy%Xc5NAHs9y@VDAHNOab@3O3 z|16!rHUXU84}Uo$6-<=5X<2(Hxb~jCy6Zuml9`PQh&u18SVy$6(L#vC)2HA9jfL6;@B`BljC)cc7amN@yp8$OL;x~w zelVG;luAl#!3Wv}KfLo`5+=OP22u0Cghpi{Kafa@0cuj%U7tgtU7wxGwvwS=`fIwA z%%8Kf_aTy9?6K2+iK)r!C=l1&2e_KP)};va4V7n~J99*=a=#H)Pw6z%}w!?APC z_gNMg6F;VgU~me`)ODolAlZK5Gm7^kunNjAt3Z-q{UGb+P{A}P_P6TB)x1E48lzifw;hxwh+5KO4PkHdMU$DlFh zXHA|l>PwwueKwzL%=9@X?1lZ01K4u|9KeH_>Ih2>Qt&AOSjXtppFMn4H=eQ)gARQU zt6+}cTbOgu>F*ZP-5ne#{tUc zIZp4|y*JwA9;ejZTha~YW>{bok(PW(R1hi4A3K!l@EB!u zn;8scMt|(zr3$jUb&3qNx~0sPCdu$SVa$s{#(5LWEqFI$CwzSIn2xJ{sHlCwWN=ES z;76m+-iO~YhLU$9O=YjoJu{OnrFanCUx_)no>hiD%kFNV4ap0t`{3l*zC7w|I*IXY zIgXhBkkGQTcrRD#+65dE;pz6(9>eIV!F~fdlX!XKSfAtLBLYxPr zUPD85;|J=lJc*k$;5CI$ATX)Lyg;SN_uT5GtOU)EpmG@_`Zm*>PW`?#u*jt z+wM8h!dZX+z3iY6Ke45KXBqhICnp0Y8xmmj8P`O@h3l1~6&#H7Nluw}lYBFmu~Y3l zJApeiiQRe+ahE3Jje*y1;4Q3uXNu3x%Wp-J8oAH<%oB%aE*hS2cRJv4G>L0*>~%8| zmC4LO|0E{n^J*$Hz2Rm?3(V|%{J!bgM~N-ZTtse{+Zen0VC2cV&iLUh^x{#lO{G7! zd9`$paS4@5PE-yC;;e_EcZP;I7Drum5dw@4nN~1fDxW+z5-^#il5sJkC87wikbjDH zRX6MqS-oQLk3n8iZP?lr8x( zT0}p5=9`oa&y}#mOsLRYMc!+!5>fJD3uE18_2H-*$*>;QljulRdgI58a_7&doOXIV zlB4-ei;aTDbCgMK!sqkMbf$GZ-dUd3%&@mPl`m9WHXen+iigHo!Ux(0UEKGJv)+mn z1Wk)w`?942I0*YfA0NANDmub>Eb^L%VD9rGPE7@U_awbBF6XZTLSEVXITWJK2zk9< zEkx~}Vqe|#TYLGAzo_?4&3g5UJ)T-9(O_nnrp_G3qfF9hY?R-@XOY%L>Z<$LBAW)) zbr_UX!+^<%HCw}uDw7~X7jH(1S@@t^s7{wrMyEtL=+j@Otz;8>u9s)lXepEWfP#7U z9vD_Jl{EDzvb^qj9Z%-(U zx0olA^Nm=~+Yf z@Y_Wj?Q`~-Swodc*5`%1#3GbQVe6DhAYo2+R8)j;9(5ve=`-*n$ zT+DbBnMWPcq6wNZcJ--k(4yv32Yo){veiBzs)L3PTEM~Fs5t6!y4PLH!49tUBIc7a zZ;9v1dUAPU!(Dyw=vJ&{{1RtkDvWs)84(bvpOB*?ZGKbxH5-S5(F10I>fJwV$8F>7 z*Gfp~7Vy0oLkB~mm!PPH1WZHBdBkggvgnA|U z)&s#3rqfKpS(goks0sZkThx+g{asiXVx&d(0EyVXVAx9jo|5|LqQo&o+|&f~r!PZ{ zg&%&w)%#`^vCTG%Wy8S2>f1>f*gr&3=tDwY4VL9!FV;0!O#|Tm&K0HQa5sT+(gib|p-ma#& zeKHktnm2)06VFp7EeM%@m6x*0n@F;4ZtA1e?Gjz+tb`52uA0i_=Svk#2-(iHRyEOx zW0{$4mEK896sb^Yn`Jj8GIBevEv@=VF*_kqC2;b!CMTg%6IQP~QD5k=Q$t6dQ4D@S4{ulCFOM*+h zz770C2WIpIc5)X>FLK)Bi(aB!$fKgJE4R|VV)%qWhd)9w)_Xe#miO|hx|s`hsR#Du zz0~^rQRcT*a1Ra1V=o1aot5U7&L|Qr5$A^qhVlDsV7xN3ZGPm{c?7@aZC_vC$uUa1 z)`MDdTUmwt&OuqT!KkVaZ6Z0Z<=ZsDoJE8LZ z=xl0QQ2s__@lo00$whK0wP?}Lml^kklfbQHCWy=m$%x~?n)sq5-;e1zb|B)c5<|~F zP*Ek-nrW`8R{9-NTu;fuoJ97En}xwOpU{5GM_fBqH-V!0p$HQMTghn+#$_cs5@w_< zxkE8cg$l3qQR;SrC86OxA1n19@QRNxg9fB6b@dC_%tSNC*+)JL)k^}(R$*!!=AQ3J zSN=hAXV!k57&JJ9c4^r_SNy9M+NiP*+%9l3SU8j&x1(OZk-IZvzrLbE9=Y;l#$&vg z3+9OYg+K+>^Hl>c!nx%KJ935{D%mua>`Ch09cDY4*p6%kUh{{+ z(}g$~N&~MIq`#d&Jafr|T+|hH6)z*Bm&! z#d43V6Eqov&h%x5`n9DxfA_qvFY|RvC7L1`&ix5hfp&f7KnKNd+>CQT32gO|f5%XIJ? zAjD1usc?)JYe$Ni>qp@z9>@sq}NIO4M;U(J=+c^{E$;F+U@%V|fU=Gu- z5KmQ^8=nXnm)O%sn!YU0L2qq!djpWGT3!S+0@pa$ag|8Ja0!9#hd-kYe_Q7f{tTps zTDBT!2)Uud)3BBUDeP^P$zqdvqfu?ne};AbA`t*P@U)8M#?w25yly$YI-!xwNsxeE zVFUkbjaC~7$UxOPytD19Rff`Xc8mp0<`o}(0gaRjTwe{8lcN4BS-iAX4XCNSb!)U}^1x990r$oA|t2HGYVjb+E(Q zm<9w?5Bn1X3!;NI69uxZpXK;wqBYX8jTSnd+U02l$CmBT=Af%ag)qO&*fX-kcPCw{O zu~qcFQhAZesR(rO$JrOthFMX}aJp+w=uJcbW>KqScpkz5$edFTFEZY+x`|`uZ5lWw zUQ<`&?>`~4b4< zaRv;CtxPi58#oy&JU`GW6dsy_+iR46Pnk%r*U#M6JpygX^{4@{@i*d@xvq<5lK(gb z7bXnn+1;Ca`f}lOe-By5bsYy?s4-%OP~d789P;52I^WXuVQgFr8Y{hmIPXnfL1yk$ z37!_}Pjy_tuCWC;2Hp$Dw#SPKV^qX{gs!~Xvv!<_5$DT$Qc}7dADM)k;WL=`9EP*H zOYzX`uPxf;ci9($B65Z0z7x-JfwR`)-jf6{m1*aRcoU!`nw}nToJ8 z1CFOxV9{j^mYZA6i|^P$_OK!fK2%&5m7nD?<2$Ic&w99zY$1pXi9dToK9~!iJl|OQ z!}r??>Vvl-t1_$)8dh2AU$EEr5kKyE{-iu-M|JtVzI99vzLdUiGr%-p4Y`~u$!>KQy)Tnn2(jWi#I8`z!1c^mCaJdwRUGlu{BIEAiygNe^NoUF5o{0r`(525q`Z%I6=>f(# zi~G#U0X@t{z9`P=fp?{SL$PntT$l1nz-MWyGdA>#E%DRnmfs6A zqcx`!zWCq}giJLO-hEKhX=m31bX+GcJ&M_}e*2UbY?Z{QF>^^Jr!$-`Q&+6`BFQZD8ZadA2UlF$-L9%R?c~onF3UlPHWu>2oz7~-l_?lxrS)^C&pvQ4@5woQT&`tK z^lNZ!m-)%(#iXanKJ(KC;zZ|L)FrVjZ=InNQSq+JgDnL`8`(2|hcu|=1bzJ44cpH6 zF5sx`c}MO|?kR{SVO0U+wxWYb2NTlgR6RA!Itvks0`XU?cnIQvO{zD^+9$If!~ey0 zgrc?F-}y5yCeJ53K2?Ox=okunS*Cb_>;NQISB0hu%{<$al!rx4x!`oOL)mGIwz4L} z2S|66Ne+@;`Q7sJmpqr`Q`{j%WOeZ}YnXJ5(%f&cz`3B@F7>?^&;!2mkOlO6WVmrc6;cE1oHkCr@hXG&3*OObrdr%#VKEVH{e#3=p1S zbVYKO}lFauFX=uM`63 zXF@a~@>?g=#kWIvmv{vhHC#D!dt@Hs1F+d2)DKl9ImIf0GW*PnK6W{s1G{#jb~V+b znWsCCEPoO-%KQc6@=UL--aOI8KPKuAS#TGC@yJgvloBjZScxr66iZ@f>}5L_ zg)i>5G85Pv)#$OK^R(n;Jj5p@pT+jz(uN72_|DEF8Eg%^OKDjRo3hOW=p&`%@w1sX z%}7~>P7Mp2JP+;t5&_91_2VKN$3Buw^j zCk9E`Zt$On4VPY*U7n1{E0Y=ENh^L4@`Dl3c%OW2p=zu>!@YE(VdyE+%h4;3`6g&oREVWv59N}@ zsTy{&WS%Jjzggas5^36>an8)8Aos2seBT6X{M8BB-BRA)z@E}QUE|ZMsmGR@iC@_l zk9VpR2kqKzOVp{^VUKHYt_Ridn`a)lU@yu+Q5U4!q6>@{BP5lUtJDEh&QsBL{pnFj z`wpH8wN}yGJ4Ld$={)YPu$1DouPnPU;joiuhY{L>YIUMhqEN+zD;2$|tVM@r^q0(c3R|c$=zej~%V|(GSy!A{8 z2ZQqXnXghy!tw+ggO8JMz*9OmZ?ymIlB9%=%&Q;C?_L;~-bOWs}; zyrvhIl9J`Ap_{*$-r=e{VSER*aKgf(hinNtO);_@baK<5sh(bVo?nZnx=8E7$a%!` zbGraxN}8p(s=>J@kn{=!`CRRCI`NZ^54xM0P2lWLaS_S_5|P%X$qZudSsnZV#srSd ze<^|*mCBI`^G?G`-abnL2KSvJMRoD^LA3>yRhhScWk3QKIhGq}RQ^o6d;|8rE5=QN z`?)pu%nVD@S4GrW?a8w9vHA{MSHxKB`uDxxXqhtiJpny6!^l%?9;yjotLNwv+3T0+ z1-rI%!-KXVky!iC(apb<+3S|d3Yfyus?sex<-r|&nwFZ|T&je*x%nx9qrJ*~R7KMC zSZ70v&^oBc0&62)V+GAsA&G#rlxZ)Kps4l!`n%E3{NE@H1?$~rEh7)r0w){&ewUu$ z%z5xOu7mA^8fLHKH~)rk5KtCbo-D{o)5D>IcjqFtr$*4wYci12z7myIrEvOG$lw&L z91exPWNX{{cWY|FTG*UulTBpXaa0xSkDc=E0)M13@&n~C)yhjvgf<@uRqxp_r1+cJ zs^`nUQ(*S00X=QEekn`0;tK0T7p1q3i6-^xkIU`sAJ{N8qnPo~y|XY^CDii(@~dl} zuX_31eCTo~WzT^Po2EK-%I5hdns7j+E+0aWGD;hI;)D1tzf;w0#AnT_bLd`Qr_^Pu zd)a_4`gD-@x2><*Cb*0nu#Wp2?{ux-6^m39IDYwUjqe2C2ItwHxci}9Es1PkuGF&1 zfV?UxwI0UsJcH7w1JF#1WSn( zFKY0%cxN*o~tmT$0#d$cBH41Pv)ITWg7hMz_t+uaPA zW_0`jjoG?Jo=~MBn@|Y`U;QY-2wZ#Sar2V&q0>vKBjh*(#9BX9MNhj(q%R@EUokI_ zHf)=SwW<_#5%Q>WlCEoA1hqG!TQ@Qp{}z+_mGGM>GeH&zw4;ogUFcTatztxm0W-q1wkiMkI=F^P@$@e&HOo@>XG+0|fy<1q@fJ${nEaR=K< z2L=O&ORz?XTtJiCV-7=Mnwdsg0_e@41XDM7Q?r4=x#LJ|P;RLevJvT$=rH@9D|`(T z_eH+tVq4_1$bz@_gh|gVD(Ho9=LdrZl;;Agv)I2u_^^|v7;}*VOk@3o&Qj)+YBB_s z-g2-G%#@m#CMsiqd;6JCtz;B~fsR(9gco=bwbMdKGOe(*?dDu`w1v63U=exd>8q(v z(_U~n4_GL2yJq5Ygy-lZKH7=QI5yK5$=!b&gBU+N(|Gj#s8c`5iBu!$nNTTy0ps4$ ze3Ck0@Gt``D4BQ8oH2iN`07 zCJC%3*~il=8yhU53QE^tGp19QFVNFR{J~A+qnHa^*zo*=1%W;81GOA+#fdNr2Ms9Ra&qSy4fR+K4VIr4EMsj{}bJNaVYb zuAGBKbHRjHU(>QP)WaP$iO^)wwSwqL#Y+PGanYC_v+Bi7GuRCd%Uxk;Glt^$IJ{r z5*Z-{K*{$C%Cl%@90s*3C?R@U6z-YLGbVf}rO4Vsatbl#S;ezlCXwmlSuhfVrGe9} zU-1||t9m;WGdU=)rtVIx@UUlSOV?0~;j&P1`2Yv@Ej4?O*Hkji{Ht!k5p0bwj{IR) zRz%Manpf!_qp+28kOlqa3-5t}Xt+S%#LOER?Cfm^lQ90J+7+(9f5exEc3_{K^)C!1 z&VhZ^ev#*hO`aY8DUPorB!&I-pM^({E5M&zFEF>y#_OtL5S7i7v%(0%m$r&D19uf{ zuBS{&$$&yxOP-}`%QNJ|FUv9L(IjRx7p9KTS}QVbHpzqama@zMkK*R^3xNyz1*@^D zcIfh82*_mYYXx|{mU_!LF}SVoSkC+tyuP6EPectcx;T|#A>qd^nN<~v>mE3csTf|? zR}debCQZlN$87=*Xg;oLbTbYo?={jD|IyVUnY`W5$|IB040Uz4*HBL<;ZdILy^xeq z{?Tb#Z{f0_`r)$>b+~EL{#njP^*6M3jl`zsoifvsqqxHZ2nv?pGG(s^`iG^6`DQz( zubsjpsL!y~7X%lz@GaLO)9}>`8$bCk70C1fkz%(*Xdk!FkO;;5C8+y-k6Xnmq&p@t zCY4}h?*0kv#pSM6^EQfhoZ_n?a*E!=Hs_~Ptdl&~U7AIPPl@>0!#WV(9DFH)*z38<)ir&D(%FpZp-&Dh~SZzIe^BsJ)<^ zu_$$Xs(sSnsI0tzmOv~kjud)(vOIRq*9QNNi&wvA4jww}|7p*1OsjKu(zh+fy+7r` zo2kr@Nne(kY7OrG?J-t+_tg#1wJbR4)sOeiJgTvkg4eO^)$8e(W!0NsSETd}DVa;Y zZ|W1kj-1P8J(Q$8mHw(-A!{36qj5vuo!_E_GdpNEu*i_lo5eAK!r*tJW=OJx8?aDs z4k%a-GeRk-R5s(U?VZ}XdgzY|*E`+qypLG)aY@4M{@3z&#m5dWxHozBc*>SC*yniq zaNx&c8==Q?GFpLzP$L5%tK(&8%VL~vZSmlWMqHNb>Z%6{roYg zx}9iNz+W}xpYBggQbfe0UB>e8#-!C5A9ZzhJ*zwLiefL%ZdY(PdMMQDjI_%yYVy@K zJ>H&)k?Uiw(UBl{g)2-U@|Q9!6^`|j#~b;J2l{D`y(D~oq{yEfec(zN28Z-3P~E8$ zKA>J5QgW><>A|3x*?U1eloPLifQvSEW!rLH2}HGeiM0n`i{`{H;wrWDgzwhrS0>`- z`?>7fIWtfLxs&10FC2CxTHPel`(2$84dnm+Z85$#rU#vfI3hkz!~NyHeN?JlG3N@( z6Ee9jcBWDB4I@*>d+PKj@pcs#%Rn!{Nt9&L@h&e~bWe?z^bci`*Mwat$<! z+*hCZ#Bg*G`f!=!aGX4(5 za(QEs`eSq~#;nP7;tW@xpGGb)^)BvQYRhTjMt|aH`%(T3g#TEYOwQ&_MgvJX;<NKV8AEu=iQ9l;u`B&nc#Af*)ZPFQt zLfx^sH0nkAe8DAy$3T@4n~*cq8wLjb3yOj26@CLHBRHOP>~lpklcy8=#3vS8Zx2_( zHY|@)scIy}!u}NOmd0v&mnh1$pLA?Shc~iqC>DN#b8n?M)-8X>^y;AYQK$0Q9?FO6 ztv?#bz_aE{HkZe>p}5ahuh$mVJ9h3B0=U78#JG*qZq9rrKQ;S4GvgJ&Wxabs7}}-X z9(NQppmPJVr50?ndWm5<3PVsRjvYG_iOn@T`06E+iW=J}ye5mRktsCY9n^w6!gCyd z^A*qLAxdpktT>*d4h>hhF%_^pT7k|G#jcq~Q-M}qB&GZG_8pH+=c&5AEEYFuS&d#- zo|0FyxIbN&)!6>MoB$qI{;i-2kgY$RHE41JFC_jIa2~$kLT%A~LpSY6*f-KLVuk6@ zDZWGQRX$EBme83Y_zKK&do+E>^ce8PbOLp1x|MR_ntm^JZcQ;^&7wr%^WJ1=J4c0I z)XUJaQ7ecDPJYvcbc2hKC~cg)$vQ$Js4p#WhqK zVOokEjWd733P|XZ(!h^K;P1tF@MPsOcp&09`?j}0c%FgzzhQu;#hn`m>iY94WfhKc zE1-JlgFO}_RV|Z5c*x6zYq4o6ECT9b!MJzP8s$E)0;OjvB5E`T&3Yt0BRwkvti)&$UNvQ*evXwMSfZr zDQ{fw7ixyh6_qoa>OTl@X%IH;+49uDFqs+W=f7|j8NVQ+amB@BNX?sUUKdHM)1u_U z1`E|e4+ZF`{L>)7jh3Hj7$DCrA%ioGSn`Y@m`Ae0 z(ck5uU+Yh?!M~RDqKyj^-eVnY(P%rj`MJTF(x#5_wyV$Wj~98Evo12IV03KmrvIis zS1#JwDR==Ic{A)Qd}c14FhM7uJ8{$LKuz6N*QSc5!=ItN_=>%f5>TGR<^71rhhp?A<(!!bUtD-gf+e$>ak$C#o36362 zIg{N8Yw4PDtYfSCVMZOvRLBc5$^4sR5`b*{XYXUMckjLfgqpyi!#6xCbWdb%^|rDs zkw@i2H}0KGXu;VSlQ8H_e(L4)79H$j?|}tcilt&-5v^WIbUBoak}Sa-kvXPMqdE7M zEE=KFm-z>W;x8kORAb`!i|0=}*Jamz8TE3ugF1Q@=>E5pzK9-5Rd1cEGI(QQp}$r8 zK|>n8KvK?QqT$91*B2gr8sJ&!Wxax+B5t;0$K%bRoh`<3yt88GRiW-G`mN;Y{aF!f zzUQ5H zPwEn09?${f{#0`&qDCuAqDBjZD+Vk1?_4~)*HO?bc`5h-t)CmJM{jgM*Y2XE~z<3G;$ zptrGgb@A2i5UCpN<^E4H5g!=XR#H(dlQ1YGDP`8qabSRZmf*c*xvg*#Qpzz%xvjN4 zsqW>mxrb$?{r=P0)mmk=ZSe(9Eq{#jLVKvLcyy14<3cR&eWs>uHYLA$$ML;n3z1t= zN?^LRdIubnamP0C!0R;QeES_bm1`tU|PYW&Te>liKH* zoG>Z02Rg-FI4kHav7)ppQ}8(1N7CBUB!URy{eS%uxLk4GE&P7yb(xoJ;DzsHSOIKH z9*aQ1jyXQ-U5mJH^Pjxaq8CX%?z~rc5FhU0M}P3Z`%0?L??0!hETMM5Y(B%5QQ|w| zcIQ7SV0|*%MDXgnx^hjj>1^D8vn8@t9phVF?qmFjH(xjXCn-TgyIhZLJggl~b6#A2 zC1-aDEc8R5IykrPmT`pyu#)cuj(_VV20q3I?tgn4kiYo{#l*x0OV?Sg_^}9({mDO) z*PhJb_9H&MBk|t^#V9hZQr(CoB!dFfJL%+u`~;sTet6m)N_|1bD6Y(1m2>$|;cO#VbF z+m@ZnZz2FiKdZGfCdiU)qKk|*B_Dn#_+R{zB9B*}gnt5iX<;cyj=+zsc!Zao+zveg zPgo~)6cEktfZKQs8vEace4k@(Q%tn;0faV2CCf2u=I=j-L<*Wr^}DT~8g<3GC<^R7 z;qzY%>$G=|S~A#J7N|O=C@9|uT83-R2!Yo+di^r2*H2vst&@m=uk8QZuq-THG6(}M ziv;k9Z0?e4kD%*g*S1d=FHya=UUHiw6ta#etxZ``^P}y(2&a#EySaE>))Elx_o*;-JaJzF+E(L_=I&Es&q|q)uEtv}+=xx+(BaZGfAi^dTzr5f zJH`w^>~DPu|LgOyGW#Kr4sbaP(i>b(lezu?4{z-2ik(+G<)=^4svG><58VbOu1(!d zh4!s!Y;2GJ8F19fcgk;$y~Igceap0WAeU|x#Vi2XWh}m$x0Mm`KA-cIfZ`;xekTW~W&}0W(OZk+a8l(95 z>eZ_!;P+OvK3ltdFSTRAZnIL0($Cm7|F1nZ(v-j+{XMjX`* z{XK7k)BfP-&W8~i>Jio$g=07FuB5iv3v}q?AWM$WcSz%S4cyT3FRChue-z;j|nMAUwFv)=uOXiF5;bmbCg8)X`zImCax6 zr<_33`PKw+qBNNE-C>O+-<1x2Hhf_yNUGd1km-uc3*Cot+W#E$6BB#3oHw}9J$vi> z66!D0>IX9rYA>LL`njJac?TaQ%k|I!d^pLI-m9=g&&rZ#jvg6Jh>7`mJW06ZYNJ0kYZswHwhFU zMjI3##TI=eOSFt`fFbgw?rxg?q7yVYaHL4i|90EyzvVh!R&nLbJIx=v9yTWH^s?YK z3uMgVlEZkifZKtKJ7(HX-Okc{bsx-3^oFxGw?<`ALEs}$cV=ntSPACAwR%PPV$ci* zzteOJVFIV6Pb%9 zlH<@OS-$lY%hI-n8FNdIc<$XwT+8WPWzxq@F^-m2{b}`$Y^D!UyPKiN%P(ZOKX~nS zykDbnRO$nDx8r9z%glqC3rFD}9`Bja!~5oI^owtxU*TW#&+uxT(4}+!^2q?Ub7GMT z3m+Z3HD|N-&utD-hUP{6*>89c0&!o-?+QSI{uvGw0-G}j;rYDvE&Kh?BY z>rORT(bKhL;-bJ9365*qM%$5F8NbEq1yq)^GsU5tlJtk@y$x18H!zI=qVkW>NGSPv z(Z%j}7zG}h^rf!9ge=I(_?7S_(=DNYq^US`vJepNP{i= zjP_EKVZF2pGQCn}2P!$>!Y*jT{+mKVz{5xNxY=u^9&@E=?Do#}N5ub+_Mf@{#?wf> zw2B?~++VQylG*>2xEwB8A2X^i%P8(_u;rLJ_kVN<_c=R8h?-vgc+}3$ZAaMtkIq0u zC77PF~qv0{p{}^vz`RTEaq#1H%O^EyDh)IdL4}5^x_KvOd`8 z;^d;T$a+L$sVqS~>g4%BW*lWO(E88e8=%Yy*%}x!$)sittz!Jgigf|CvaLJ$WqH#r zYQ1`2rzE0+A13`FR3CT@8q;wV0(s9W96m(laA7Mz2xx1E@c&Dm+WOQbj5z@aGD2@T)Jxv2<%O?0@br7Zd>atD?_(n*z=cUT z-Yxr(;5IHH_NB+$DvM2ycUfCE(rAZ1U#gGIIL!woKq$ zQan=9Y-%%Xm6~#_tV!2@F2-a2bIfh)&BkXIq{vA2tfii1@O^9B;P5ra0a53|%@9a> zFgz=y)^!$jsr1~KrHc6VTpNIO?8^?7`( zw8{QekH7n#V~}38G42}+S4^7uh=x zuU*US#HM|SRglb+&07rhhg)I*SQOf@yc2Sxm-K>_PX=E@Eq0Vora#X9zLzC(Lwrw zlN=4+r509+M4Oy=fCV}QE~Wic9A_M>McLT{YpEX%{txZ%)dK~4A)gK0Z8Iy+Qu|DvuWI#sF@tp5)8szMh& z+xVeFI+2fYVp*J@M!^)s*)<;swY#m87C z15daAo)?AQ6KlE|vrdh%hcL7R|mg+ zuOUzN^!NAUnJ4>H6bk8-bO^Cj79%qMmcLp}|i|PIJ0h5O{Tm}` zPUMrkW^)E{3pEIVU4D9yacXJPK7nS1&BJUc@+Bu+K>G6^K&}r^igxvZ5)E5$oS!(m z*Sx(JR;&?|G%F*-`L!eLrzy(S+!qFVig#5Gyt)da=UwDxcnJBVg=4kXQd<-#^HbYf zGF}%fh*i$YiAdV7pB0tX!^T#lhZE%B7>Ud|)f_-}PNbLZ;cu0#IqcWZP&EuAy4kcC zbuyp;O(-|vN21U?KXO=aj;r^B8Ex$=AJX(Z1fua;_oNVmMoE`y<^N>_)xZdje#XrQ zOn3KJQN23t)gcgW!}0R!!a2TF?0Yqgl)<5IF8q@eCxN0pv87;p+3qroDF^&Z>;>?7I&|NSddTu-l#vIj`^7_tO~M9_`sv7HzG!$hy1g!c?Dc5Cl^4 zc~;Ze^rMZ+Swjs!waP^2_0{{9NVs;_Uf3lfKOaK)v8mk6L-BHZs??NCv<$_ETiD$F z@7+FSw&9)&KsU;mVP~6S^%~3s@6F;Lo}=dqjx|=4@Di!`#%#ee-=PEKs*++H19keB zaeNTYXLF8+pfj8yJ3%I!&LXobeE(U@!B(?hr`aJU(lDwmh}|!4Aa~Q_Yspw0c1kw# zeQ@lmPs(O5O(@dQXwNoixa;=MHcG|*p0Jziyu6f__?f~}*Dqfe+6g_bx7m8c+eo=A z@`3B;FrreIsS@U3Kr=()p;bIdE$MnYEqk^~{Dl7Y;6yz^oSrQ^EYz*8ezK&{rTxJ# z?W?=b**!5d9*7iI1jpdMD%9lbNsNerT@s5B2nFD}C1YG-!OpT_J{|?*3)lsAj#v?! zwFG&O2;lqWzd5lHJyDmju@Hsz-5x)!l!D|tbU^=7#1lQ}`MUwnBXjQDD$D&jBJZnv z)C1SmM&mDlf+Q4Ks~z%s8yx*Q=9`=6BUG>RBa;1c!Nj`^rX$MAWx5Pugepw8HZ~MA z1=Uk2p^2fl-|+tcZ05K_2lrG&?+eH;5Eg0{wJG@^;oT&uh~c${{qz8*&7&S{M{`RE zCq!`{>bdsKsz8%ALbftsGVb~OhKTKDVA!_~V?V_rv1pIlsuJ@%TWe1K;Nn^_8v22@ zdk%!}X8=N}-5=F7TWJ2F#Zy^_8j5SQOmZ5~KQ|WEE+&2As2+`Wrn`f@aApzf8*p|1 zgx`6J^n~=yy^qHQHiCLbL;I~a4>&PFIm|c*q#%erR+BZF&b950(k7;*TIl{SR;IN)uKwB*IH zaURV2^u$ufRbVa{Vjs6KHDfH8gZ}X_w@7wI*S^c_O3KQ|!0f56XG*IMOnX!nJ z3JpKfb*izz108k>ycE#z=Kgd!RX?xoW`|0=XDTxZO5vl!I#N4i1)o(;x2E?N3C1Bew@eFC#h2Q7p$ zep08c7_hnQJwF}9VGSXnOKtM6T;K3ys(-9%0(~Jzbs{3A%npCfLEIc09^nmbmi+54 zN8;`7HK&Oo80bAT@XfYgy2c7N7WGrwZ^Z%w0VFebc?5$)hi=n`#uY7xq0x1Pbo$6fob~(e>#cVhMXK6 zQzj>zEp>DUHhM>t91kSXU;(AE>98v_BU14D)*Iqh_GmC%~3$6n+f8E*)N^BPNi4QxnG>P zaRT8{RG=^<$$|i0;?INrU)#3@`OBcZ3=b>c_N#9c!OJ@FRgWBdKUzC)=Gh@!1Upp> zd(SX%>vKY0fUqf!=O9>w|ARu@BvxH`p3f;MB$RRCU;Zh0#^4D2U!Dsv{W7m6iqED? zz)aUOQvJ`LM|N;1Y)kzCAVyn&X1Cw}8AKlL0bc?C%v@Ni^g22iE6`H=?C<>*_>OXo z{y%Rhqk<3~c;k)dZhZ=+9y>MF3p(+wl6D3wV0$Vn5;_8jXq~ivcg(aGhBFKn?b$_7Yxse-^>g-hRMGK7#bstlT+ccg$k(Fuq zMeN8MY@ETObk4Q-%Fm-S*NHv01vg1q*kjC+%usjx9#k%D z;dN1+&)L@3b6hsp($c+1vTp`H{O12*+hFdQ-M78f^z?k-8q;@lCP$;8TWB46CbgBd zJ#IGi8DX`=(7ey{no+}{fqmisRzuRlnQ_iDa>DI%VVGH2Wv5e5{1qi?k%C<< zkgPSyO#@MXIaNVbEc6dY3^es2W@+$w_{c+ExTI3(cSJL}N26J#h0mxD2fRu4=^*E} zlTRR1DdaN0xCWeYnu8db6t(dMxEPl^a$#HpkJ1BD^j$YSK(+`JAk)U0dbs*F&frnx zR^CNaYUQbp(VoCG_t$=9vpEw?`Nd^pIrXRTdWBzDAbO5P;N_+@w25p7C=o9^?LLC> zc1g7`8f!5T5RUpqPcT9@k zQ5lg|TaAkxG+FG39Jk0v38V5nE6>f^4@bT?6++PLM@)x3uNGGt&yZff9u8g=CF>Wd zfU-?PZ;8@h3LgH&O0>kUG)#fc^Ot2LjderdfaV;oxFHH3aW+eNGTpJPs*Duv8lgPT z|2%*no@(}5SdeHyd^Q=GSJDF?{e{c^)%L;EQIw{kS5e<3H$(^Qdh3qPSJ6>(h08>U~|;@Amt5 ze?4E1=i_mI-0zRWbA+jLMZ)`o!*PSZLBg%y$GyBd^i;lmS`j7t#B(|%s@66LJ=YuD zkg;z9iVX(Odm3_Ms}StOaQ65f(olQR<;GpFj*7yE9Rsdn@t{`HtEP#7TM1qNli>d; z@4VaIQF7&k^zG_2gQPS)_#F|0`iha~Vf+A!<5s$5;WxyTd424UbP>G?KpZ@nDYbp0 z^i_LJ@%Ovmh7rCs$t9bXy}vsrv*P25i0U;_daqxH9NM;Y&LHdfQ$_*QCzFu0Svm_aq>|L9=NEWvPIcyw2nS3ODo&04L z-XW})t2lKoV)Vu6_fa80f_xc+2Y*m$ZvZaOLvX!sGGhI%{xjA7pFyb0vSZ&FG|9l-CGnHwBlK=Uac_UOGne zYRU4x#b;CU$jkc%PFk(mw&RdvJG(Ag({5t=G0IeU|MpO6aW*({sE;mOLmY}lOkbb{ zwPy@~$`$Fcowx{%()>9gQQHopOt(%pD7c@r#tK;El)P2?uWd44-K-ow9tc#T)ZK8N z`}!^x2YMr~IFuQu&XiqbLxM0dBB$LRX%zoDZ5{iZ@`OtW+@U@&nl;9qZ@)P!*@j?YJ zdH=!9aSo0w6|W=nH~uD*th{Rtd`CP1t*4#arxuuKX?)6C?Mii#Ep5+r@bbF^1?yIr zj$yZ8Vv>C}dDjGX@eWm;Xqm$CNp+p*o=?kamt53O%qBd*ygO{AeY$;!xQpV^>AGM{ zYzqPV=EpHzY(}(fT;R7;>oTnoU>46b_#bCY?U!H^aJQrWWS>8Nu*f5B%)meQ!uA#O zhoeqJ*(|-Fh>I8ps<{#8#`C$xUjj|OG8sJndwNV^_@aSS1(hz~MyMghG*{B#H?H7P z8qox-$KhT%X%k=F%L~vXp4dx_ev)HQUDO7DSD{d|@ptZNjz*czWqlfYBHc6mCmX}h z#Ab8(MAWT{M}U~v@ewfLtZ$zf(J|{k%V$b%X_ zw=6X_GZyY24veMj|8}O{B!|S85HG}H!FZ*bio!GHCtRBKyfl9uLF{X@%_Ip4?6F0k zr}7w?w1y#WaR9$U`w{$hO~?YnmFj5?nzZtDpz4?71H&kYFdQB|-8s9cDP@h-)sCs@ zFItsEm~@?(ss&WgOzIY3&Ijhw#?tXN8|7c z^#s5j|~rY7P^F*3;be{(`k z^EJ(N&6Srdt2vGlT&H$$8bjQfN669ctS-jH8p5U;x)61C0-^S6kRnSTc>;vuJ#gK1k=%{{nBR)jyr1Q$YEIlrK6DTBA6cInlhfQY;?e4na0qYzdVR>$HK3FuHb@&s(dtF+0nU` z9+YMR=6N2L+o5JNCF49WyxV5#O@?CJil$R4d*M65x6-3qn9Lr^%E`;Sf>-lK5%@Av zpqA_8Lpl*?8X=aXStBU3OzF0>ka)b)Aq`Divg7$mFwlc@_(03euQY$oAi(y?vx%^(+DbS z6p{VRn$k7~zdjW^Q6D>fK{I~n0s+w(+c;~-*q_a(_BWaKNj^Nd?pC?H&#B#_?(Eum z*DoHNj9d9$Ya9OXCVF^z0XJPuUkVvyDfV~QkvOyVYG{A(xQDw-XT4emZ zlYSGAO#z-;-k`bpx5j{KnCg_N_+~#EfeauQR0H!jU``oM#ll|aWb zwaKvcpN5lDTQq?ouGtE0_?C%T|H;d!TcD{@z-W(NtTfH$kxf#0XzgeLiev(kva5a=FiS1CuDa2*K3!K6|Gz%Edk?(iFIJC90Qf?wYcu}>0dMP0K| zi-?xQ&nMma%-LOM&6xAkt_GEJ=)+oI;^**4cNy|Q>4LBSOtjr{?TCqMJFclGqAr>Y zv3A@gt83<3CJvR_jn5xgx2Mt}CK){&O}|{e;9;VT2Ny+=DCYv+&)S6)1$&>2elNYt z_dng`uICyKd^5&2cgzNSibPOY1H;tR&4i5VC9o1t-SOV>n$_ltzt!*ijxiyzC|qOUn)db+-FA@PcMe%-5y#V zZRLw$pl2Qx$MD5fgeO2$PON+`>!^D!e2+`1nQxn+`1yNX#UlyK^~|sy+HfnTB@907 z1|F5Caj3&LNjJO3GdQeb2^X;nEi5I~yCr*M1sB5{F6KS6Fzxom@&|j@k!}^w%nFe? zy9lh8gj)hZFXIqQGhnzh8543(mz&%51GPpZ&o*BAcEq%`D)tA}kfKEHXMZt9F%qgr z%RdC9jk3C>NxUmY=HEj5hB|R!^ShMG!&cKfQ$>Z%CY}e?wh_3x6Lo zXY*qjRbTLX{d2}*uQM-oMKrG>VuHS!qUDWQbrvHZXz`z!;YhO9>#R; zz?+!alry^E7w>gSmM)l;Fj+~i^G2Cp@3s(#0JY?iu9AH=!_raL#*HVpHPk@(P0j6o z4D!YS_6I#EJf0IXMQ-u?hvm*@S;14IQ~z*z$l*Q|9xj{^=MgfAAUKRV2x)1Eu`Xs; zFr&Ep;}_`U`dsgs6u0)-3*5pgeIbr+sm(uCt7iIGZ< zze_ldd$RT>3SDw;Y4o)qCcHNC)uiU?YXY7y8W!JEuOw0MFsfQnzOQDa_0FFXPO_#% z<4rxzdag?!OLB+rR<)nT+fNXSzhedsx_&@$Wm!8^MZY>YRzb1fm;2E1sPWP-83b)Y z5j&R*M>c3RE42?<{liX&-VSBvC)=ZDXqnwp!9{kt5$i<7005l^dcq6q2q-|bU70`_ zq86M?|22no36yo6t{dZmq6WXm3tz3TH4#|l5G49W+}!-}1yZYm0DhvI9JSNN!6T}Z z_n)_iIaovlwmEaWwfN5tp5_!6PlP`AqagrN@`V!E>s%e)^lNlI65_HKtDvq9VvdI; zf0K;#=T@lyWvqxHn?c9yymo>9%C*gAtj(NsOpUP}7lW&#uG3_FWJ+=V#!oo!eLQw@ zno)&@h$r(>P?9kOtNHB4L6+7hF}{?v{e3}Cas}D1>D!#DV*y26CBOI2Z9XQeVVxY$VpTpW-4L=Ceus^&n7Pl@oN zy{`ynTVW<*_$wgKli{9abtu666WSl+Qx4GuDb z-+oa@va8(CTTrd0b=uip=N*UjIP66%pHNY4oj%(%tJAqMZ$S<9%HZCaAJ}gwJW`#9oV}NGJ9q=d z0+qAFR_DNAXta9%*Qk3W1J;Xpy*ipI7Lwxa(0ztMk4eJ}d^BAIhmp@?dz?=Q%7-^w zaH;eGN0O1G{JXho%`qw4%7cjr={06PLPqWUHl zl1Oi~pS^iI6;w}{m4wg|}${i@To-f!3 zMqef~bm*59LPqAn&vN@yh}}iSXiXQ-cWD#L`{z*`TipEj?U|Nv!oe{t-AMTY3VUp z^j_1*eTvFp|HC9tXss@g$^?@tsl)7BBukcZsb5g4-`az_05inky!T@BRY9=-cTT@X>rNETHc@2_cDxlJC<_N5*0^oH&O*_-L!NWc5nf0hY6DY~z0x zOL`4j<=+-P!VEM7Ou6O%1w1aJ8IjiZq9o*DF6NTavdxa?h(Lk&SGRrbG!=l@&~b<0 z^sr?ceETkndBN}{KE=HJ+l+r@9a07nI)hEYPJX*D z4Io|cJGREEYDnmI$z(B*j4xewfGVA}!68_?&vLzbPg9hK(iS}BTR>NpG1RHO<-|j# zUA7;HzAZpZoLoq3&lMjri}QD*s&18Lw5!v=?evV6GYiI0?CrjF`~+`V>g1r5jLPX9 z_}caBYK)9b$j_uF>f}9uU-RO?X^Z0On~a>2eGOE^pw(?*$Ws!t?;i5@c%B-eud#@I zFa>)KRbepiEuSwsBsfalg|@_73Mh_2hHehwtJ7MrP~qg&nzCQ3%74jD6OZ)apR<>JnF#ZUT17JRx^fRAZa}Q%=2wum zFCncubFm(S#Ux-bopYWvIwWD20rvBd7Py`Qk=@nBeOz&Wd&N4yMr`;%lI^gh8(!Us zX^)XEZUR&vGCe+v9;(W*E9!TNhEkZ3Rr*Y@{>P#NIFpEYM-2BPb%*>Ls^>c z=+BveAYCBMgl@Wf0?P(vRT%gWKR+INvKr42UYpM_?pLkar6RTUSj5|De8n#v;i(TC z@lYxp->z5_Y5GeJxJ;(T<7a_^R0cJ2KP^@vrrK1lF5)KWw|`l12Ec{9(&R*;Q~A)Q z(yv{n?GH6c-A)(awu>4#8BZ0UPUWK*y0*o0Vstv-&hCB|vv=ELpumy|*$T^J`8JR{ zYKKLjSAa8szw(XlyAOo=&8W$1CX6bA<7!HpmvkViO@JQE^|a1?R}S_?-a)GKMX9h= zeDgtRP)|njJUe5eXn-PCVo>d!ZtiCgilYY2QRlm<5>o@EfXXy4?mA&i;TBX_wsOU_ z^Dts$t8Gfr9#@i#KgkGbymdPKuEhXCzORuU@Qow#3a+h z)AE)bWFfV5!{%M%WTUUyrX!8bK*u-u@Wqb2_cNU#sW@Nm#-Vmk%&k-e2WxSmon`rb zZ&T_KNFG`k%$dCCP_9TUE&!FMMBGk|kE9*P#nN%{7+rU%o4BPG#t1_*yaW}ectk_%Y<<4GpPq;&3}b*-tz#}Mk#G3y>Ui*@&xWoar{4_9u#T-EE$z-*9kBw7z+b(-czIUnP+)HRHkGy%$qe~3gnrcqKKN; z#*B8cgvoTqll-xHh?S8!p76`s*dm!7YCjjEhi#u2Ddu9w!jjj-Kd`&?elu}Ysnm-F zu`h^M!|adgwg%_73uv_D$DhY3GBLOl78mKN`(6qoc8CbwIEt7aYpiAS12o&Y>U4+j z?Ja-qGn1#|-PU^yD??q{uajnrbm8S(-?S3kPSL9#WqxlJu@L-@X?H^k72@hHWzG$Z zp}!un#S&PLim0;V<}J8^I*_CrL$Aa${{Qa|y)e!D9T3Jtkw6YiTQ zp9^tP{kjV#dW)V|E${wLr z_VouG`qMl~s`f!viJlB*nOSg0zYa=;9%kq5ri#(r=V4AL{&aFKpb|m4e#&3Ok>BVfOw+L7V1L^<_XTwQXti2Rug8& zS$Gr`1Y<<}fcp$WrZg#rh8&ZcC*)?3A0@@0>%>MEo;z=LHDE#eO9Rg4KcqPFkSOM> zcntc@=6j~Qwq%a~MTkEKJl8X*h}*I5=;UCMu7gvME7WKU7lMO?B?q8B7a-$e1qM@H zrXYUyfTSJ1I*Bf%pH#6ChW{B;f!2GozzBcbD{62fGjw*0zwuevw20hVc>+VDhYRR3 zYY0TbqJHUTlI%C@&fOew&8isb9W}I_&u2eAkSo
+ +It is possible to join Teleport agents to a cluster [through the Teleport Auth +Service](../agents/join-services-to-your-cluster/join-token.mdx#start-your-teleport-process-with-the-invite-token). +Once an agent joins a cluster through the Teleport Auth Service, the Teleport +Proxy Service dials the agent directly, without creating a reverse tunnel. This +mode supports the following services: + +- Teleport SSH Service +- Teleport Desktop Service +- Teleport Kubernetes Service +- Teleport Discovery Service + +In direct mode, SSH Service instances act like OpenSSH servers that only accept +client SSH certificates. Users can connect to SSH servers through the Teleport +Proxy Service as a jump-host or directly: + +![Standard Mode](../../img/architecture/ssh-direct-mode@1.2x.svg) + +Direct mode is designed for legacy use cases and only supports self-hosted +Teleport clusters. We recommend joining agents through the Teleport Proxy +Service and the reverse tunnel system unless this is not possible for your +self-hosted Teleport deployment. + +
+ +## Agents to infrastructure resources + +Teleport agents route user traffic to and from resources in your infrastructure. +Agents authenticate with infrastructure resources using a technique available to +the target resource, often using a form of public key cryptography. A +non-exhaustive list of examples is below: + +- **SSH servers:** The Teleport Proxy Service presents a certificate signed by + the Teleport Auth Service, which the Teleport SSH Service instance running on + the target host verifies. +- **Kubernetes clusters:** If the Teleport Kubernetes Service runs as a pod in + the target cluster, the service uses the pod's service account credentials to + authenticate. The Kubernetes Service can also use a kubeconfig that contains + service account credentials or authenticate to Amazon Elastic Kubernetes + Service clusters using AWS credentials. +- **Databases:** For self-hosted databases, administrators must distribute + mutual TLS credentials to database instances. For resources managed by cloud + providers, Teleport takes advantage of identity and access management (IAM) + solutions available through the cloud provider. +- **Windows desktops:** The Teleport Desktop Service uses smart cards to + authenticate to Windows desktops over RDP. +- **Applications:** The Teleport Application Service forwards HTTP requests and + TCP streams to target applications, with optional Teleport-signed JSON web + tokens added to HTTP request headers. It is up to the target application to + authenticate Teleport-signed JWTs. + +To learn more about the mechanism an agent uses to authenticate to an +infrastructure resource, read the guide to enrolling that resource in your +Teleport cluster: + +- [Applications](../application-access/guides.mdx) +- [Cloud provider APIs](../application-access/cloud-apis.mdx) +- [Databases](../database-access/guides.mdx) +- [Kubernetes clusters](../kubernetes-access/register-clusters.mdx) +- [Linux hosts with Teleport](../server-access/getting-started.mdx) +- [OpenSSH servers](../server-access/openssh.mdx) +- [Windows desktops](../desktop-access/getting-started.mdx) + +## Clients to agents + +Client tools authenticate to Teleport agent by presenting certificates signed by +a Teleport certificate authority, forwarding traffic to the agent through an SSH +reverse tunnel established between the Teleport Proxy Service and the agent. +Clients need to retrieve a certificate, then connect to an infrastructure +resource through the agent. + +### Credentials for Teleport clients + +When a user logs into the cluster with the `tsh login` command, the Teleport +Auth Service uses the `user` certificate authority to sign the certificate. See +[Issuing User Certificates](../architecture/authentication.mdx) for more details +on how it works. If the user authenticates via the Teleport Web UI, the browser +retrieves a session cookie, which corresponds to a user certificate stored by +the Proxy Service on behalf of that user. + +In most cases, Teleport users must retrieve another user certificate in order to +access Teleport-protected resources. The certificate authorizes the user to +access specific resources, such as an application or database. The following +table indicates how a user obtains this certificate for different kinds of +resources: + +|Resource kind|How users obtain certificates| +|---|---| +|Databases|The user can retrieve a client certificate for before connecting to a database with `tsh db login`. The `tsh db connect` and `tsh proxy db` commands also retrieve certificates. The Teleport Database Service verifies the certificate when a user connects to a database.| +|Kubernetes clusters|The user runs `tsh kube login`, which updates the local kubeconfig to contain a certificate signed by the Teleport user CA. The user can then execute `kubectl` commands against Teleport-protected Kubernetes clusters.| +|Servers|After running `tsh login`, the user receives a certificate that contains authorization information for servers. The SSH Service checks the certificate when a user authenticates to a Teleport-protected server.| +|Web applications|The user authenticates to the Teleport Web UI and visits a Teleport-protected application. The Teleport Proxy Service forwards traffic to the application along with Teleport-signed JSON web tokens that the application can verify. For HTTP API applications, TCP applications, and cloud provider APIs, the user runs `tsh apps login` to retrieve a certificate.| +|Windows desktops|Users authenticate to the Teleport Web UI. The Web UI initiates a WebSocket session with the Teleport Proxy Service, which forwards traffic through mTLS over an optional reverse SSH tunnel to the Teleport Desktop Service. The Desktop Service forwards RDP traffic to the desired RDP server.| + +In most cases, users will receive certificates from the Auth Service via a +connection to the Teleport Proxy Service. The Auth Service and Proxy Service +connect to each other using mutual TLS. + +[Teleport Connect](../connect-your-client/teleport-connect.mdx) runs `tshd`, a +`tsh` daemon that manages user certificates and kubeconfigs for the graphical +client. + +### Connecting to infrastructure resources through agents + +Teleport makes several client tools available for accessing infrastructure +resources through agents: + +- [The `tsh` CLI](../connect-your-client/tsh.mdx) +- [Teleport Connect](../connect-your-client/teleport-connect.mdx) +- [Teleport Web UI](../connect-your-client/web-ui.mdx) + +After retrieving [client credentials](#credentials-for-teleport-clients), these +tools are authenticated to the Teleport Proxy Service and can send traffic +through it to Teleport agents. The protocol that a client uses depends on the +upstream resource. See [TLS Routing](./tls-routing.mdx) for how client tools +perform protocol negotiation with the Teleport Proxy Service. + +Depending on the upstream infrastructure resource a user wants to connect to, +the `tsh` client tool may spin up one or more local proxy servers. These +authenticate to the Teleport Proxy Service, then create a listener that accepts +traffic from local client tools like `psql` and `kubectl`. A user can then +connect to the local proxy with their client tool as though they were connecting +to a remote resource. + +
+ +The following table summarizes the local proxies available through the `tsh` +CLI: + +|`tsh` command|Upstream infrastructure resource| +|---|---| +|`tsh proxy app`|HTTP and [TCP](../application-access/guides/tcp.mdx) applications| +|`tsh proxy aws`|[AWS SDK applications](../application-access/cloud-apis/aws-console.mdx)| +|`tsh proxy azure`|[Azure SDK applications](../application-access/cloud-apis/azure.mdx)| +|`tsh proxy gcloud`|[Google Cloud SDK applications](../application-access/cloud-apis/google-cloud.mdx)| +|`tsh proxy ssh`|[OpenSSH client traffic](../server-access/openssh/openssh.mdx)| +|`tsh proxy db`|[Native database clients](../connect-your-client/gui-clients.mdx)| +|`tsh proxy kube`|[Kubernetes clusters behind L7 load balancers](tls-routing.mdx#kubernetes)| + +
+ +`tsh` commands that connect to resources often spin up the same local proxies as +`tsh proxy` commands. For example, depending on the database, `tsh db connect` +starts a local proxy before using a database client to send traffic to it. + +## Submitting audit events + +Teleport agents connect to the Teleport Auth Service through the Teleport Proxy +Service and submit audit events at various moments within the life cycle of a +user session, including when the user signs in, connects to a resource, +interacts with a resource, and signs out. Agents interpret the wire protocol +messages they forward to infrastructure resources in order to detect events. + +Learn more about the Teleport audit events in the [Audit Event +Reference](../reference/audit.mdx). + +## Further reading + +- For instructions on deploying agents, see the [Teleport agent + guides](../agents/introduction.mdx). diff --git a/docs/pages/architecture/authentication.mdx b/docs/pages/architecture/authentication.mdx index 19803a83c0115..39e6ab5a3c61b 100644 --- a/docs/pages/architecture/authentication.mdx +++ b/docs/pages/architecture/authentication.mdx @@ -163,5 +163,5 @@ cluster certificates, use node [session and identity locking](../access-controls - [Architecture Overview](../core-concepts.mdx) - [Authorization](authorization.mdx) -- [Teleport Nodes](nodes.mdx) +- [Teleport Nodes](agents.mdx) - [Teleport Proxy](proxy.mdx) diff --git a/docs/pages/architecture/authorization.mdx b/docs/pages/architecture/authorization.mdx index 47a54183034c5..25a9e60ef0bf2 100644 --- a/docs/pages/architecture/authorization.mdx +++ b/docs/pages/architecture/authorization.mdx @@ -397,6 +397,6 @@ spec: - [Access Requests Guides](../access-controls/access-requests.mdx) - [Architecture Overview](../core-concepts.mdx) - [Teleport Auth](authentication.mdx) -- [Teleport Nodes](nodes.mdx) +- [Teleport Nodes](agents.mdx) - [Teleport Proxy](proxy.mdx) diff --git a/docs/pages/architecture/introduction.mdx b/docs/pages/architecture/introduction.mdx index 362de37e3aea5..1cc52567a61ce 100644 --- a/docs/pages/architecture/introduction.mdx +++ b/docs/pages/architecture/introduction.mdx @@ -10,9 +10,10 @@ works. - [Authentication](./authentication.mdx) - [Authorization](./authorization.mdx) - [Automatic Agent Update](./agent-update-management.mdx) +- [Teleport Agents](./agents.mdx) - [The Teleport Proxy Service](./proxy.mdx) - [Trusted Clusters](./trustedclusters.mdx) -- [Teleport Nodes](./nodes.mdx) +- [Teleport Nodes](./agents.mdx) - [Session Recording](./session-recording.mdx) - [TLS Routing](./tls-routing.mdx) - [Proxy Peering](./proxy-peering.mdx) diff --git a/docs/pages/architecture/nodes.mdx b/docs/pages/architecture/nodes.mdx deleted file mode 100644 index 3411c9c56f7d8..0000000000000 --- a/docs/pages/architecture/nodes.mdx +++ /dev/null @@ -1,155 +0,0 @@ ---- -title: Teleport SSH Nodes -description: This chapter explains the concept of a Teleport Node and how Teleport manages SSH. -h1: Teleport SSH Nodes ---- - -## The SSH Node service - -The Teleport Node service is optional. You can use it to replace OpenSSH on your infrastructure. -Here is why we recommend Teleport Node service instead of OpenSSH: - -- The node service supports BPF recording of all syscalls, network calls and files accessed during SSH session. -- It can record terminal sessions. -- It provides automatic registration, certificate and certificate authority rotation, -- It can provision OS user and update sudoers files according to teleport roles. -- You can connect nodes to proxies with outbound persistent tunnels, for your IoT lab or remote infrastructure. - -Just like with OpenSSH, the `node` service provides SSH access to every node with any clients supporting client SSH certificates: - -- [OpenSSH: `ssh`](../server-access/openssh/openssh.mdx) -- [Teleport CLI client: `tsh ssh`](../reference/cli/tsh.mdx#tsh-ssh) -- [Teleport Proxy UI](./proxy.mdx) accessed via a web browser. -- Ansible and other SSH compatible clients. - -## Joining Nodes - -A node candidate becomes a Teleport Node when it joins a cluster and authenticates itself to receive cluster certificate. - -![Node joins a cluster](../../img/architecture/node-registration@1.2x.svg) - -All cluster Nodes keep the Auth Server updated on their status with periodic ping messages. -They report their IP addresses and the values of their assigned labels. -Clients can access the list of all Nodes in their cluster via the Auth Server API or CLI. - - -Nodes can register with Auth servers directly, or use proxies to establish the connection to auth servers. -The latter is helpful if you have multiple proxies and nodes all over the world. - - -## SSH Host certificate - -Node's identity is represented by SSH host certificate it receives after registering withing the cluster: - -![Host certificate](../../img/architecture/ssh-host-cert@1.2x.svg) - -This certificate contains information about the node including: - -- The **host ID**, a generated UUID unique to a node -- A **nodename**, which defaults to `hostname` of the node, but can be configured. -- The **cluster_name**, which defaults to the `hostname` of the auth server, but can be configured -- The node **role** (i.e. `node,proxy`) encoded as a certificate extension -- The cert **Expiry time** - -A Teleport Cluster is a set of one or more machines whose certificates are signed by the same certificate authority (CA) operating in the Auth Server. A certificate is issued to a node when it joins the cluster for the first time. - - - Once a Node gets a signed certificate from the Node CA, the Node is considered a member of the cluster, even if that cluster has only one node. - - -## Connecting to Nodes - -Nodes support two modes - a standard mode and a reverse tunnel mode. - -In standard mode, nodes act like OpenSSH servers that -only accept client SSH certificates. Users can connect to nodes through Proxy as a jump-host -or directly: - -![Standard Mode](../../img/architecture/ssh-direct-mode@1.2x.svg) - -In reverse tunnel mode, nodes establish reverse tunnels back to proxy. Nodes -do not bind to any interface on the host, making sure the connection is only possible -through proxies: - -![Tunnel Mode](../../img/architecture/ssh-tunnel-mode@1.2x.svg) - - -You can mix both modes in the same cluster, depending on your use case. -For example, you can have several IOT devices joining the cluster via reverse tunnel -and a large fleet of servers in the internal network using standard mode. - - -## Cluster state - -Cluster state is stored in a central storage location configured by the Auth -Server. Each node (or proxy) is stateless and holds no secrets -such as keys or passwords. - -The cluster state includes: - -- Node membership information and online/offline status for each node. -- List of active sessions. -- List of locally stored users. -- RBAC configuration (roles and permissions). -- Dynamic configuration. - -## SSH Session recording - -By default, nodes submit SSH session traffic to the Auth server -for storage. These recorded sessions can be replayed later via `tsh play` -command or in a web browser. - -### SSH node recording - -Some Teleport users assume that audit and session recording happen by default -on the Teleport proxy server. This is not the case in default configuration -because a proxy cannot see the encrypted traffic, it is encrypted end-to-end, -i.e. from an SSH client to an SSH server/node, see the diagram below: - -![session-recording-diagram](../../img/session-recording.svg) - -### Proxy recording mode - -In this mode, the proxy terminates (decrypts) the SSH connection using the -certificate supplied by the client via SSH agent forwarding and then establishes -its own SSH connection to the final destination server, effectively becoming an -authorized "man in the middle". This allows the proxy server to forward SSH -session data to the auth server to be recorded, as shown below: - -![recording-proxy](../../img/recording-proxy.svg) - -The recording proxy mode, although *less secure*, was added to allow Teleport -users to enable session recording for OpenSSH's servers running `sshd`, which is -helpful when gradually transitioning large server fleets to Teleport. - -We consider the "recording proxy mode" to be less secure for two reasons: - -- It grants additional privileges to the Teleport proxy. In the default mode, - the proxy stores no secrets and cannot "see" the decrypted data. This makes a - proxy less critical to the security of the overall cluster. But if an - attacker gains physical access to a proxy Node running in the "recording" - mode, they will be able to see the decrypted traffic and client keys stored in the proxy's process memory. -- Recording proxy mode requires SSH Agent Forwarding. Agent Forwarding is required because without it, a proxy will not be able to establish the 2nd connection to the destination Node. - -However, there are advantages of proxy-based session recording too. When -sessions are recorded at the Nodes, a root user can add iptables rules to -prevent sessions logs from reaching the Auth Service. With sessions recorded at -the proxy, users with root privileges on Nodes have no way of disabling the -audit. - -See the [reference](../reference/audit.mdx#recorded-sessions) to learn how to turn -on the recording proxy mode. Note that the recording mode is configured on the -Auth Service. - -## More concepts - -- [Architecture Overview](../core-concepts.mdx) -- [Teleport Authentication](authentication.mdx) -- [Teleport Authorization](authorization.mdx) -- [Teleport Proxy](proxy.mdx) diff --git a/docs/pages/architecture/session-recording.mdx b/docs/pages/architecture/session-recording.mdx index f5543ff757b6e..9535727e72afc 100644 --- a/docs/pages/architecture/session-recording.mdx +++ b/docs/pages/architecture/session-recording.mdx @@ -78,30 +78,47 @@ and `proxy-sync` identically (perform synchronous recording). -### Record at Node +### Record at the SSH node By default, Teleport performs recording at the SSH node. This is because Teleport's -Proxy Server cannot see the SSH traffic to the node, it is encrypted end-to-end -(from the SSH client to the SSH server). +Proxy Server cannot see the SSH traffic to the node. It is encrypted end-to-end +(from the SSH client to the SSH server): -### Record at Proxy +![session-recording-diagram](../../img/session-recording.svg) -In some cases, it is desirable to perform the recording at Teleport's Proxy Server. -For example, sessions to non-Teleport servers (like OpenSSH's `sshd`) can only be -recorded at a Proxy Service instance. This is referred to as *Recording Proxy Mode*. +### Record at the Proxy Service -In this mode, the Proxy Server terminates (decrypts) the SSH connection and establishes -its own SSH connection to the destination server, effectively becoming an authorized -"man in the middle." +In **Recording Proxy Mode**, the Proxy Service terminates (decrypts) the SSH +connection using the certificate supplied by the client via SSH agent forwarding +and then establishes its own SSH connection to the final destination server. +This allows the Proxy Service to forward SSH session data to the auth server to +be recorded, as shown below: -We consider this mode to be less secure, as it grants additional privileges to the -Proxy Server. Since the Proxy Server needs credentials to decrypt the SSH connection, -it must be properly secured and is a higher value target for an attacker than a proxy -that cannot decrypt the data flowing through it. +![recording-proxy](../../img/recording-proxy.svg) -Additionally, the credentials that the Proxy Server uses to decrypt the SSH connection are -provided via SSH Agent Forwarding, so Agent Forwarding must be enabled to record at -the Proxy Server. +Recording Proxy Mode allows Teleport users to enable session recording for +OpenSSH's servers running `sshd`, which is helpful when gradually transitioning +large server fleets to Teleport. + +We consider Recording Proxy Mode to be less secure, as it grants additional +privileges to the Proxy Service. Since the Proxy Service needs credentials to +decrypt the SSH connection, it must be properly secured and is a higher value +target for an attacker than a Proxy Service instance that cannot decrypt the +data flowing through it. + +Additionally, the credentials that the Proxy Service uses to decrypt the SSH +connection are provided via SSH Agent Forwarding, so Agent Forwarding must be +enabled to record at the Proxy Service. + +However, there are advantages of proxy-based session recording too. When +sessions are recorded at the SSH nodes, a root user can add iptables rules to +prevent sessions logs from reaching the Auth Service. With sessions recorded at +the Proxy Service, users with root privileges on nodes have no way of disabling +the audit. + +See the [reference](../reference/audit.mdx#recorded-sessions) to learn how to +turn on Recording Proxy Mode. Note that the recording mode is configured on the +Auth Service. ### Synchronous recording @@ -203,6 +220,5 @@ complete it. ## Related reading - [Recording Proxy Mode](../server-access/guides/recording-proxy-mode.mdx) -- [SSH session recording](./nodes.mdx#ssh-session-recording) - [SSH recording modes](../reference/audit.mdx#modes) - [Desktop Access recording](../desktop-access/reference/sessions.mdx) diff --git a/docs/pages/choose-an-edition/teleport-cloud/architecture.mdx b/docs/pages/choose-an-edition/teleport-cloud/architecture.mdx index ee051fb115a5c..36ecfc92d9d3a 100644 --- a/docs/pages/choose-an-edition/teleport-cloud/architecture.mdx +++ b/docs/pages/choose-an-edition/teleport-cloud/architecture.mdx @@ -19,7 +19,7 @@ that may target Teleport tenants by leveraging [AWS Shield](https://aws.amazon.c ## Managed Teleport Settings -SSH sessions are recorded [on nodes](../../architecture/nodes.mdx). +SSH sessions are recorded [on nodes](../../architecture/agents.mdx). Teleport Enterprise Cloud Proxy does not terminate SSH sessions when using OpenSSH and `tsh` sessions. The Cloud Proxy terminates TLS for Application, Database, and Kubernetes sessions. diff --git a/docs/pages/database-access/architecture.mdx b/docs/pages/database-access/architecture.mdx deleted file mode 100644 index f8b63cad04b97..0000000000000 --- a/docs/pages/database-access/architecture.mdx +++ /dev/null @@ -1,156 +0,0 @@ ---- -title: Database Access Architecture -description: How Teleport enables secure access to databases. ---- - -This section provides an overview of how Teleport enables secure access to -databases. - -## How it works - -Let's take a look at a sample Teleport deployment that enables access to -databases: - -![Teleport Database Access Diagram](../../img/database-access/architecture.svg) - -In it, we have the following Teleport components: - - - - -- [Teleport Proxy Service](../architecture/proxy.mdx). A stateless service - that performs a function of an authentication gateway, serves the Web UI, and - accepts database (and other) client connections. - - - - -- [Teleport Proxy Service](../architecture/proxy.mdx). A stateless service that performs - a function of an authentication gateway, serves the Web UI, and accepts - database (and other) client connections. This service is accessible at your - Teleport Cloud tenant URL, e.g., `mytenant.teleport.sh`. - - - - - -- [Teleport Auth Service](../architecture/authentication.mdx). Serves as - cluster's certificate authority, handles user authentication/authorization - and issues short-lived client certificates. -- Teleport Database Service. The "brain" that connects to the databases, - performs database authentication and protocol parsing. -- [Teleport Discovery Service](#discovery). Automatically discovers - cloud-hosted databases and enrolls them in the Teleport cluster. - -The Database Service establishes an SSH reverse tunnel to the Proxy Service. As -such, users do not need to have direct connectivity to the Database Service or -the databases it's connected to. As long as it can dial back to the cluster's -Proxy Service, it can be located behind a firewall. - - - You can have multiple Database Services connected to the cluster. Each - Database Service can be also connected to multiple databases. - - -Let's take a look at the typical flow that Teleport users go through to -connect to a database. - -1. A user logs into the cluster with `tsh login` command and retrieves - a client certificate. See [Issuing User Certificates](../architecture/authentication.mdx) - for more details on how it works. -1. The user picks the database they want to connect to from the list of available - databases shown in `tsh db ls` command. -1. The user connects to the database with the `tsh db connect` command, which - first retrieves a short-lived X.509 certificate and then launches the - standard database client (e.g. `psql`) with this client certificate to - authenticate with the Teleport Proxy Service. -1. The Proxy Service authenticates the connection and dispatches it to the - appropriate Database Service instance based on the routing information - encoded in the client certificate, over the reverse tunnel. -1. The Database Service authenticates the connection, performs an authorization - check, and then establishes the connection to the database. -1. The Database Service begins proxying traffic between the user's database - client and the database. Additionally, it interprets the database wire - protocol messages and submits events to the Teleport audit log. - -## Authentication - -Teleport relies on short-lived X.509 certificates for user authentication, as -well as authentication between internal components. - -Authentication happens in 3 places: - -- Database client connecting to the Proxy Service -- Proxy Service connecting to Database Service -- Database Service connecting database. - -Let's take a detailed look at each authentication point. - -### Database client to the Proxy Service - -When running the `tsh db connect` command, the command first retrieves a -short-lived X.509 certificate for the selected database. Then the command -provides the database client with this client certificate to authenticate with -the Proxy Service. - - - Many database clients/servers refer to these certificates as SSL which is - legacy terminology. In Teleport documentation we most often refer to them as - TLS or x509 certificates. - - -For configuring graphical clients, use the `tsh proxy db` command, which prints -detailed information about the connection such as the host, port, and location -of the secrets. See [GUI Clients](../connect-your-client/gui-clients.mdx) for details. - -### Proxy Service to the Database Service - -The connection between the Proxy Service and the Database Service is also -authenticated with mutual TLS. - -The Proxy Service generates a short-lived X.509 certificate signed by the -cluster's host authority, with the client's identity and database routing -information encoded in it, and uses it to authenticate with the Database Service. - -### Database Service to database - -The Database Service needs to authenticate to databases protected by Teleport. -The authentication method depends on the database. For self-hosted databases, -the Database Service usually uses certificate-based authentication with mutual -TLS. For managed databases running on AWS, Google Cloud, and Azure, the Database -Service uses IAM authentication. - -Read the guides to [connecting databases](./guides.mdx) for details on how the -Database Service authenticates with your database. - -## Discovery - -Teleport Discovery Service can automatically discover and enroll database -servers hosted by cloud providers. - -For each configured database type, the Discovery Service scans cloud providers -using corresponding "read" APIs and filters them with configured labels. Then -the discovered databases are enrolled in the Teleport Cluster. - -The Database Service is responsible for monitoring the dynamic database -resources including those enrolled by the Discovery Service. Once a dynamic -database resource is added, the Database Service will start proxying it. - -These clouds are currently supported: -- AWS Databases Discovery -- Azure Databases Discovery - -## Next steps - -Please refer to the [RFD #11](https://github.com/gravitational/teleport/blob/master/rfd/0011-database-access.md) -for a more in-depth description of the feature scope and design. - -See [Core Concepts](../core-concepts.mdx) for general Teleport -architecture principles. - diff --git a/docs/pages/database-access/guides/ha.mdx b/docs/pages/database-access/guides/ha.mdx index e9fbe3cfc4d42..5db3fea91d0f0 100644 --- a/docs/pages/database-access/guides/ha.mdx +++ b/docs/pages/database-access/guides/ha.mdx @@ -134,5 +134,5 @@ you're using to connect. ## Next steps - Get started by [connecting](../guides.mdx) your database. -- Review the [architecture](../architecture.mdx) of the Teleport Database - Service. +- Review the [architecture](../../architecture/agents.mdx) of the Teleport Database + Service and other services that run on Teleport agents. diff --git a/docs/pages/database-access/introduction.mdx b/docs/pages/database-access/introduction.mdx index 488217d9b1062..72bc1c109a27b 100644 --- a/docs/pages/database-access/introduction.mdx +++ b/docs/pages/database-access/introduction.mdx @@ -14,30 +14,13 @@ Some of the things you can do with database access: [Access Request](../access-controls/access-requests.mdx) workflows. - Capture database activity in the Teleport audit log. -## Demo - -Let's connect to a PostgreSQL server with `psql` and pgAdmin 4 after authenticating -with GitHub, execute a few SQL queries and observe them in the audit log: - - +Teleport protects databases through the Teleport Database Service, which is a +Teleport agent service. For more information on agent services, read [Teleport +Agent Architecture](../architecture/agents.mdx). You can also learn how to +deploy a [pool of Teleport agents](../agents/introduction.mdx) to run multiple +agent services. + +![Teleport Database Access Diagram](../../img/database-access/architecture.svg) ## Get started @@ -78,11 +61,8 @@ provisioning](./auto-user-provisioning.mdx), which removes the need for creating individual user accounts in advance or using the same set of shared database accounts for all users. -The [Architecture](./architecture.mdx) section provides a more in-depth look at -Teleport Database Service internals such as networking and security. - -See [Reference](./reference.mdx) for an overview of -database access-related configuration and CLI commands. +See [Reference](./reference.mdx) for an overview of database access-related +configuration and CLI commands. If you hit any issues, check out the [Troubleshooting documentation](./troubleshooting.mdx) for common problems and solutions. diff --git a/docs/pages/desktop-access/introduction.mdx b/docs/pages/desktop-access/introduction.mdx index 75ec0ef3ee015..e2e5144f21fd0 100644 --- a/docs/pages/desktop-access/introduction.mdx +++ b/docs/pages/desktop-access/introduction.mdx @@ -37,6 +37,12 @@ to Windows computers where you store or manipulate your most sensitive informati rather than as a direct replacement for tools that provide general purpose access to Windows computers. +Teleport protects Windows desktops through the Teleport Desktop Service, which +is a Teleport agent service. For more information on agent services, read +[Teleport Agent Architecture](../architecture/agents.mdx). You can also learn +how to deploy a [pool of Teleport agents](../agents/introduction.mdx) to run +multiple agent services. + ## Getting started You can configure Teleport Windows Desktop Service to control access for the following diff --git a/docs/pages/kubernetes-access/introduction.mdx b/docs/pages/kubernetes-access/introduction.mdx index b9145b007665a..5f68f558439c5 100644 --- a/docs/pages/kubernetes-access/introduction.mdx +++ b/docs/pages/kubernetes-access/introduction.mdx @@ -26,6 +26,12 @@ You can set up the Teleport Discovery Service to protect Kubernetes clusters with your Teleport automatically. Read more about [Teleport auto-discovery](../auto-discovery/kubernetes.mdx). +Teleport protects Kubernetes clusters through the Teleport Kubernetes Service, +which is a Teleport agent service. For more information on agent services, read +[Teleport Agent Architecture](../architecture/agents.mdx). You can also learn +how to deploy a [pool of Teleport agents](../agents/introduction.mdx) to run +multiple agent services. + ## Get started The fastest way to register a Kubernetes cluster with Teleport is to deploy a diff --git a/docs/pages/management/operations/db-ca-migrations.mdx b/docs/pages/management/operations/db-ca-migrations.mdx index 7362adac95d34..a39ea7f51cac1 100644 --- a/docs/pages/management/operations/db-ca-migrations.mdx +++ b/docs/pages/management/operations/db-ca-migrations.mdx @@ -192,4 +192,4 @@ For details on rotating the `db` or `db_client` CA, refer to the ## Further reading - How the [Teleport Certificate Authority](../../architecture/authentication.mdx) works. -- How [Teleport Database Access](../../database-access/architecture.mdx) works. +- How [Teleport Agents](../../architecture/agents.mdx) work. diff --git a/docs/pages/management/operations/db-ca-rotation.mdx b/docs/pages/management/operations/db-ca-rotation.mdx index efb304c9ddba2..4a8f1692fef50 100644 --- a/docs/pages/management/operations/db-ca-rotation.mdx +++ b/docs/pages/management/operations/db-ca-rotation.mdx @@ -225,4 +225,4 @@ restore access to them immediately. ## Further reading - How the [Teleport Certificate Authority](../../architecture/authentication.mdx) works. -- How [Teleport Database Access](../../database-access/architecture.mdx) works. +- How [Teleport Agents](../../architecture/agents.mdx) work. diff --git a/docs/pages/reference/backends.mdx b/docs/pages/reference/backends.mdx index 30a3c4065f67c..b852d7859e08a 100644 --- a/docs/pages/reference/backends.mdx +++ b/docs/pages/reference/backends.mdx @@ -17,13 +17,17 @@ read/write ratio, mutability, etc.). | session recordings | Raw terminal recordings of interactive user sessions | Local directory, AWS S3 (and any S3-compatible product), GCP Cloud Storage, Azure Blob Storage | | teleport instance state | ID and credentials of a non-auth teleport instance (e.g. node, proxy) | Local directory | - - Before continuing, please make sure to take a look at the [Cluster State section](../architecture/nodes.mdx#cluster-state) - in the Teleport Architecture documentation. - +## Cluster state + +Cluster state is stored in a central storage location configured by the Auth +Service. The cluster state includes: + +- Agent and Proxy Service membership information, including offline/online + status. +- List of active sessions. +- List of locally stored users. +- RBAC configuration (roles and permissions). +- Dynamic configuration. There are two ways to achieve High Availability. You can "outsource" this function to the infrastructure. For example, using a highly available @@ -185,14 +189,6 @@ teleport: PostgreSQL cluster state and audit log storage is available starting from Teleport `13.3`. - - Before continuing, please make sure to take a look at the [Cluster State section](../architecture/nodes.mdx#cluster-state) - in Teleport Architecture documentation. - - Teleport can use [PostgreSQL](https://www.postgresql.org/) as a storage backend to achieve high availability. You must take steps to protect access to PostgreSQL in this configuration because that is where Teleport secrets like @@ -521,14 +517,6 @@ teleport: ## S3 - - Before continuing, please make sure to take a look at the [Cluster State section](../architecture/nodes.mdx#cluster-state) - in Teleport Architecture documentation. - - S3 buckets can only be used as storage for the recorded sessions. S3 cannot store the audit log or the cluster state. @@ -755,14 +743,6 @@ For more information, see the [AWS Documentation](https://docs.aws.amazon.com/Am ## DynamoDB - - Before continuing, please make sure to take a look at the [Cluster State section](../architecture/nodes.mdx#cluster-state) - in the Teleport Architecture documentation. - - If you are running Teleport on AWS, you can use [DynamoDB](https://aws.amazon.com/dynamodb/) as a storage backend to achieve High Availability. DynamoDB backend supports two types of Teleport data: @@ -1197,14 +1177,6 @@ To disable writing to DynamoDB, remove the DynamoDB URL from the ## GCS - - Before continuing, please make sure to take a look at the [Cluster State section](../architecture/nodes.mdx#cluster-state) - in Teleport Architecture documentation. - - Google Cloud Storage (GCS) can be used as storage for recorded sessions. GCS cannot store the audit log or the cluster state. Below is an example of how to configure a Teleport Auth Service to store the recorded @@ -1239,14 +1211,6 @@ Replace the following variables in the above example with your own values: ## Firestore - - Before continuing, please make sure to take a look at the [Cluster State section](../architecture/nodes.mdx#cluster-state) - in Teleport Architecture documentation. - - If you are running Teleport on GCP, you can use [Firestore](https://cloud.google.com/firestore/) as a storage backend to achieve high availability. Firestore backend supports two types of Teleport data: @@ -1309,14 +1273,6 @@ teleport: Azure Blob Storage for session storage is available starting from Teleport `13.3`. - - Before continuing, please make sure to take a look at the [Cluster State section](../architecture/nodes.mdx#cluster-state) - in Teleport Architecture documentation. - - Azure Blob Storage can be used as storage for recorded sessions. Azure Blob Storage cannot store the audit log or the cluster state. Below is an example of how to configure a Teleport Auth Service instance to store the recorded sessions in an diff --git a/docs/pages/reference/cli/teleport.mdx b/docs/pages/reference/cli/teleport.mdx index 5c5777242d410..177a1cfb146b5 100644 --- a/docs/pages/reference/cli/teleport.mdx +++ b/docs/pages/reference/cli/teleport.mdx @@ -7,7 +7,7 @@ The CLI tool that supports the Teleport Access Platform is called `teleport`, an over the command line: - [Auth](../../architecture/authentication.mdx) -- [Node/SSH](../../architecture/nodes.mdx) +- [Node/SSH](../../architecture/agents.mdx) - [Proxy](../../architecture/proxy.mdx) - [App](../../application-access/introduction.mdx) - [Database](../../database-access/introduction.mdx) @@ -80,7 +80,7 @@ The `--roles` flag when used with `teleport --start` instructs Teleport on which | Service | Role Name | Description | | - | - | - | -| [Node](../../architecture/nodes.mdx) | `node` | Allows SSH connections from authenticated clients. | +| [Node](../../architecture/agents.mdx) | `node` | Allows SSH connections from authenticated clients. | | [Auth](../../architecture/authentication.mdx) | `auth` | Authenticates and authorizes hosts and users who want access to Teleport-managed resources or information about a cluster. | | [Proxy](../../architecture/proxy.mdx) | `proxy` | The gateway that clients use to connect to the Auth Service or resources managed by Teleport. | | [App](../../application-access/introduction.mdx) | `app` | Provides access to applications. | diff --git a/docs/pages/server-access/getting-started.mdx b/docs/pages/server-access/getting-started.mdx index 8d7c8fcc97ac8..ac21a9dda3627 100644 --- a/docs/pages/server-access/getting-started.mdx +++ b/docs/pages/server-access/getting-started.mdx @@ -389,7 +389,6 @@ further Getting Started exercises. ## Next steps - Learn more about Teleport `tsh` through the [reference documentation](../reference/cli/tsh.mdx#tsh-ssh). -- Learn more about [Teleport servers](../architecture/nodes.mdx#connecting-to-nodes) - For a complete list of ports used by Teleport, read the [Networking Guide](../reference/networking.mdx). ## Resources diff --git a/docs/pages/server-access/guides/bpf-session-recording.mdx b/docs/pages/server-access/guides/bpf-session-recording.mdx index e5928e634d60c..de8efb2b6048b 100644 --- a/docs/pages/server-access/guides/bpf-session-recording.mdx +++ b/docs/pages/server-access/guides/bpf-session-recording.mdx @@ -8,7 +8,7 @@ videoBanner: 8uO5H-iYw5A This guide explains Enhanced Session Recording for SSH with BPF and how to set it up in your Teleport cluster. -Teleport's default [SSH and Kubernetes session recording](../../architecture/nodes.mdx#ssh-session-recording) +Teleport's default [SSH and Kubernetes session recording](../../architecture/session-recording.mdx) feature captures what is echoed to a terminal. This has inherent advantages. For example, because no input is captured, Teleport @@ -73,9 +73,8 @@ library preloading, and environment variables may not be captured in session rec - Our Standard Session Recording works with older Linux kernels. View - [Teleport Nodes](../../architecture/nodes.mdx#ssh-session-recording) for more - details. + Our Standard Session Recording works with older Linux kernels. View [Teleport + Session Recording](../../architecture/session-recording.mdx) for more details. @@ -399,6 +398,6 @@ ends will also include the `"enhanced_recording": true` field, similar to the fo ## Next steps - Read more about - [session recording](../../architecture/nodes.mdx#ssh-session-recording). + [session recording](../../architecture/session-recording.mdx). - See all configuration options for Enhanced Session Recording in our [Configuration Reference](../../reference/config.mdx). diff --git a/docs/pages/server-access/introduction.mdx b/docs/pages/server-access/introduction.mdx index c2cc0de1fc1bd..f1d59a5407223 100644 --- a/docs/pages/server-access/introduction.mdx +++ b/docs/pages/server-access/introduction.mdx @@ -17,6 +17,12 @@ Teleport server access is designed for the following kinds of scenarios: ![Server access architecture](../../img/server-access/architecture.png) +Teleport protects servers through the Teleport SSH Service, which is a Teleport +agent service. For more information on agent services, read [Teleport Agent +Architecture](../architecture/agents.mdx). You can also learn how to deploy a +[pool of Teleport agents](../agents/introduction.mdx) to run multiple agent +services. + ## Getting started - [Get started](getting-started.mdx): Get started using Teleport server access

R6KbW@6xYHfH$MJOy4aBcr_e zml9k?rYZg>8U4-N(XUX|f;PZC(du6{ZAnPtefS`@G(-I{1(orUcEo-PtAH3~=PxsK<7wFYf6R+qHB5gvj@NgIj`QHK?S51lthGTjC=TQ=rS%fWa)&MSxO< zHPq1YY&UHkg_|&IBmx!9=L&b()*@J1oiopNqBH*-Yu|J!+I#rPM9LDp>w#;dnULOw z>-AXb&RyU6fXNMZv`tv(sY@I)%UNTwX7$8MIek;Wb88#FP*#DrO-GIU;c!GhK# zv>aS3N$KMx5`>{Rt`X*zNt=|6ew=3;(!`+iA5tv2EY#K0AE;M+5)2gRQS-&>9~UZA zlRFE1JKebkZ4>19^jV7MgtH=8vY~!hPI@%RP2>XGIrP)?&Lu@`1u$3 zsxqH-7leXzW>~s@q?YC!0TS+d79di6n9byxk4w{~FqE7zi)I+zwn7s?j+SPSk@a@8 zo?tKJ|EEum$H5MH_b*)VwlV6vzb-f|*7XiZrL$Kd^baPp5du7KIgXR+al1vW$gq82 zaum!Z6zUjR(uPeCjU4lp&fFdpr%L(m4 zYbb2Nm%OE|!-ixu&LSy01p>4P!I+YE)OO0qY_t8(^fu~q=f^d~TEE$EUp=*+Hp#{k z0~NXTR6uZ^zrzSWCeiT5Iait2r#?DzREWxuD#2TtxsjUO`Z}6gk+|><+Jx2}@t)dN zb>cu0d*cvfs|Ya}Zp^Chn6J^yOK@BY9e0s?q@NPC$uhQlX~D5MVstr@{fX1CQI5jkQO7VZ#q8k6o0S3VyG~73}*sw?6k^HVk7iKt}3Q#1U1xv3BVyY>&IP} zQk{6h13dUML`&*1K^Gg6)Lr>vnsz-F+Uo8YotTBjB0;Ab zn5YyX_E}PhE5pbk-r^|B`2d<%n52V0Hyb|Tlf*RmBJIBjmWTnA=Hu9b@(ALY z!>+@|d1mcab{Kog#J!0kKLnQ3k{r3JOz$Dp$|Nb1yaS_qE$be zZO5b*(hVtB7!5W9dnsbqYDf}6L&a9?C^$A}t-w(0V#v{P1-Uu?r5XXH8o||&o&7f( zGc^K`@BbDlZk_Q~1Gq6arx~9s_Y9=O5itYHi|p0Tx|sypmPdz<@BGtv2X5&^nO9Gl zq^qtpxNle0oiA{mt?*KpP{;L=C;o|q-=4*FPSwyx=PTCNYS>)f?rQD1>BCqrHY5>w zrA28&Ve$s|#18=1&&6YdQZqJxa3!$Tf@hhqtH;AvPvX`}VqjI->=BmxJjh^vm@$3( zSx}BwQi}%RVEFB!EPsdHR2F5e^XRimTW$ckfEv*rupW};9dfydJFaDvcfNJ4Gxt6x zV2cQTQfi~j91R#p5)>syg$E^i*X!VSl4&XJ;;KFWCLubfpAcx5n7QVG9!s5xU0I_8 z2cvtAs@bCSlp#R1>uz~xGZB#TTjxV{+GvLbD$lZ+gc4y#cTK=QmpFK4FXvA5)KYie zO-m}RVW`v7=Axf=?-ZBr2KKih@7fYFZVl zc6(?q&R<#<1Y5fxDe&!^UDwd^{E=9Ig|%|7Wx)9$iTfT*SX^fZjNZFpLBOV2eeyt& zd{ddL-ug1$e=e-xZl=XTX@7_TBOMcCO5o>GKiNfDWjbF&K1?7TD_bb>{8oRQU)Kdp zLx=7x3a6YzDO}Vo_ndP4s)PR$87GL~qI|=33I=8E1yBF5?sPpzdS*hIeFR!|+3cSc z%RrXff#@`h*Os{)bA_4QzJCN)yN#C%Wy-!@N1>#0A|(huuy2@UUPkKr@&!yyHi2Kv zxq5iPH3%dEXiE-Nf8G!bB;$qjZ?ZRMH1h-Vu50$*`@B{q)s~fvJOysS!ZF9}8vQk0 z_W^c)=W9-Hu#3(5NN1rr34#}O>Esfd5Huh!XY}J@M_lQ^5CqPQwB>SCEw&X+HWC9V za1Uuujd3S~Z)wBjwzB`8Q=A2cQwEZmBM4t(W9--gd|SK<_+lJE&*MnwDr2aA2TvT$sLjA3HJTL9EeAm9$XK=gun66j7=)~6!fZx6*(gSKTK zGAKVmJl+o76A^67E&0gq4Ll{->EE_NwfHtM{SYFGW&|l~c}6KIrg*eI978DayTqc@ zm{nyvs#42L2Fd{d#-7JyT(@{`IpJ10kqH>u1Kx+?vV}C77DeL&cLhU@nA-nwoD%Sr zWiTV*SZjY0!z})uTskX(c%SRkKt0_{RU2ZDHP)$v?oG~0JqiD%1QdJXSf1k)SjGE` z`>jlBydnoKOuZ}9yXw*vj?{pDhHhDzt7rU* zPfW)8j9yOCxGuVvQ#P|NQMTWO{AmQsn>|K~X=7ygi37Nf5)Cc|JKy>JeRh>*me8@s zSnnreHfk42^8p=5MK#;2nGn3=Mz17mKsK96`7dLr}@Dqp~|TLN{*8R07z zJ&^nL$k6X~Tw#K2A3!G>fxwu6BR9pIUT&?>LG8Q`cuTJ+0jdOL5%j(v3mvF6_0ZNd zRAl+K8_Q3K!(T#p%}cRf@=Z5?Qc6D!di|E6-a3=KypOeFgcz;DOT9j5Z$o#yLy)R$ zCmwq^6ZweC`a@+(C@^;SG?QDH)tZ4n$(t7KqMTT(HIznIkRK9TTvPwKH~iBu(z3Sr zB*SUot7Ky~^LkQdTir7w(E2}ERo?^R!w%Z3CA6m@RR(E~W2pjuG=DPF_~i7sK{dy( z`=X{L;Kj@Eafi9*2&=N#-!*_<%Qxpvdt~zB+V;-3CbZUTud5|rpUb{M!!;wbW4{?p z0n1I~E8w(j=9d8DoiG^USPkj9sjtD{8&;$p0%>knll#y9`;W2G8`E-06oK*0k^bAY z42s;n1Y}UV@)+3Z_c&fAn8j&BB8tebiZB)SI7X3TKl7nk$D>Q+=n>~|T^rN-s69Nz>ZQN- zTfw;)%7t?Fg$KxnQ4V~hwuSQg4Kn!I4ics;OW-BOeoQYkeh#$T2nKmu!unR$uylVZ zs?P%VXUILI0T?P zm)L^Z8)rfZcpWCVxrkDIg>3d5xk|D);&&s2Lu$r$lL|nWC1VPp<&%=aOO<}1amH(= zGs@h=e4MX0csJo0)vi8}Tl=^mMY#A}%&&_qg$YCLd+M1wkttIei(bhI;L{dKNIh{t4kF6MGSgoFESFWRt|VGE`nxH#S048oY;_=@jT5*Q6QZp{ z*dOg#-F~j1eQnBLtf$9^xwDq|_1Hm)c~N856(3T0aquFCxgt(tYF)T1Hw6BQfRIk8 zd`!(Sw(3OsV`AInirGh;u!AzcnG7wTIaM{#lJAwLbm0zuE*}YkEd@rPf`;q;l(wgd+ifvELSwpLFWhXc zt(mO1+DZaPoicvgczci!ZC^i1`zrj`J(yRUb1)W1C%q{fFYHl+-PB4};_FeOy#zIB zs&gXn9N47OmEC+p)ql9r4mO;m3rFB$bpP0)@$2Bgy!00dU6Tp|0?VG6!9 zN2XK(y0@#2#C+kB86C*g4k)0`lJb6sOxC^vuWt)42TC zLufxLOq@e_RKIZWJl7_r3wK>;sWYX8Yb+@L51J+ZKP5m#J^~d zNdYt}@S%3n&`kMi$*XPI5$*eZj^%Y(!Dw1}GgFglEJHV~FG`TCpw$V)l*x}C&=c*# z0{&vmwcj7IUAZ>RIQuZmDa(Vm=V`Y^+2>gb#-v4-iw(P2UqeIov5emwkgJaUb*p)M4;7k+wA_cjl}6d+4YQS+^XwFNb~R|dL_r#4 zXR*uf@e)0SnFA}D5`S~D(U0+ZYDEK0zzlYOCN#%*CNc*lwCQm!2jiDBA!r4AX}kY( zMuBt`(YQLd3oJvn`K4fgo#=Ox(^P$7TQ+xc+D;9UUmn+rc-YU3xfqhaFr!@_LD`57 z3f709yq?{e>wzqLQ8^o%0VFGH{bYUi*EDICGwj4tbKT(0;=_x^kEHa7euIcNgAi7?h-E z5j3$dzlmrpC2GrySd8l2shL2GpGGmP_nPI;Ln1$A-#Vb$Re|w-$aHBu5%+~ANWe9l zd??4UIwsFhDDk@EeB_g)U`ickgXUsL4)SB2)5JCGuZMVEZO(SGw8TjDkCOY4&0gwA z<2v{g9y@10e^WYP&0OZtR`m2i#a7E^BhfA(#Mlgmct30pw`CE&hb9L|->)4W$<9a>z;>UxCT)@SZeaFHnL21Y@&j$XiDp>l}_4ghJTK6GU zdahxcbvU6<5@8z0JR(AkMK>ys^Y6jI;Q>%<6jZA@HKIIOpr-%F>9fZ-52Qr1(4@PVk9J@6S~FXrVC-TM)PM@R9w_k z?T&`>Cj`3sWsj?`b!rc)hQ51^JE*u}|6LtQ*7QdT^tr3LtZ{yOS#b^sYm8$ZarfOnF+tg49iF)9$reem6781f^&O#_bay ze5z+XZ2_cJL)19$x~@INF{tVs_t3t>(FB*zN8E2XYnCw$QMz!o5t*jjzm27A@?6T= zW?fuMyejNF0fQckI;7SdrS+_mK(Inj+eoS^iYW0#S!Oz+B>MkF`ntrW-CntCycMrZk&VdQO%=+=-V; z^j>R8~gUcAK0p~aT>-&K>`6K+LdRQehvFwy8WM6{sbGc*$R)mW&Du? zN@xQD!K2HYM>rsvq|}nBjlSD*3_E5c#mA+qF8{|Pj&-e^6L)hEAudU4jVHsjpOEH+ zA5O0Q%SdmKS58A{6$41e`dw{h1Q}^#Z}R%k3%4PNov;cUq1EbpR#20ae7&h#AYG1% z@Fii%i$`)Z*dQvCdZwP`r**piJM-OONi6f7 z_R(Fstb*I4_z5X$=$*=a9Gwe5@e^YcER0sgLe zwUhQH`>~#5t;*TaUHyk;^ekfVHRTbzYdU)|mY0|P%r;mJAM|J>8lqB5lr!gdc4up_ z*Ofi1rS*cf&;eMmJ{F=Er?@GkBkJI=l#0<^_=a6k1%s1?@m3CQAy83ISL0`Ft8YNK zM^g9jwelt%JhSW#uDHj(R0{PXa>{PMtnRPw`q3652v?# z^sP+!Y^ZE^M(*Po8zh%?3Pg!=9SMO-cL0fNwd4|Yf(tZgJ z|JuP1Xl=&FaKQc!j{qCkiNRargVnoNlW*P2Ne!Tt-j7#96R{@Wxhtjkmbbyj7$x(S zj)NYWYJg6eRx{etN})SX`Rb*v{%}Y-fg1cKQQ`u*>wp1QJ#_ zPM^ILdvA9yF)ge~K)=-mUqSvlzqq1m*1shWvBOTA{&4$g?OwUu+^g^#-|zM=Ic53c zqTUrKJTA3Fr0?+l54{218{hmG|BX3b0>V7!RO2h)hq_!gb~^btE?JP)CycN^K6HwbOPgBBVK<8a_|T+wved-^RGN9$&u!0%%4?#DBoE7 zkF&TJ1g)Y*txq>D7%!})UO}Inpuk|%XNu@R5LUUsJ3@8jDai7?eQ6lbY>}h1vC_q?32C$|2hnijOsZa#~!@UQ(^LFYV-UpDx0p$DO&oK3gbP_gLIcssPx~ zhFC_SO#(sDN6&o1qRm$;e@)>2WzH=aKyivX7V}tjb-;?7>*PD9CxFoBw)f!r57$6) zaIq$=9e=d7Hi*-i`+OZdQad|BX0|G9f=PFI)CS2gvSydl#{h>etqy3RzV`aT2@i9# z?`5{Mg2{4$4(u+1=epT3VgFrCnm%nkKlWSMD_;=WlS(HoD-~dc;BDQ@#)Ze)aS^fZ zQPy>IhAHsVl}up?4r~@@YqqWbuN((E*#t*bwaX)}ez$$8oN&@q^qF$x5CR*m*+ReN z87^zmP8J-hh(;t@C8HImIHh!7rQG*E;xk4BoOTo3Y&mn-@s4M`B^>eQhJ2*ff93}H znODA8sXHGuo~yL2lvVRtiMn%Mf#2IrN^UAIAB(Z=O7XMg?ViUg`liR7T$X;d(beIk z317nS>f0^u*sv6K1(36?q)?PZR3ADX>w1%Xqi-!i)!wQR*12~gtVq(VgWd1L6W-v> ztU47atn7L3BA(H#BpIPz1#nZAo=sbr)AAtSjv@<+2PvTwyjg#g&u zWG=#S{by==QK8xL^@Nsw$fEt=d)6#K#9@`V;-Ua=l2K_inB{xAaH4!X+wD#jkT?AY zRz~oVT#5`!i3XuH^rBYlV&Z*tZAKXY6oM`N3Z*CADIF<#>GnPd}} zp6NRz%EL?mos7dUAK2HwqaA^+xwFPce*fUYlcY zd#Oq}u^P)yo!QQEr4~^4;+2Xzp@Pc6Sah-eBV6>9OtkHk185r`0Yy%!pnOBdPJ%7 zIpbE@r(u}yuC#03kn#Mr`uW#MK&lep;G4|J1mw*}a+IwKu@&B{RF1br z5kFpC6qpupZ`BJ;IJAr!aYA4*zb&Yi>*Yq)oUdQ(cxu$}xud1ek>nd??e2Qk5~cCF zJk|||)80!NKFq1^)uqKiErT^s)R(y80ticdBo@jh0~46 zl9*SY5WBDZvq-W&^>Z+)_XgUln-w$* zjoH*v1$F7vFrWRY_7>gwUa!8iooK6b3aT436QG#fBq}x+TgXJJ=0ay8K)7lAVa}rg z+;CZDjP!eY(q$$yTk0EXr(qSSfwh`R&Rx@8lW7#+u5?I(XJI!Ug+tRFuwL5y7hy2k z4;y%JxUaN~xL*5{<`L%ieTRQpH}SY(^Hqz!R<5QRq68>%Q8eJ;fU3rUQLoRd>}#5` zNGfO*Q4Y4OV#Lf(d4Cv;AZ+odSL z`%bD69XIwk8pEDpvx*T~39-cTzmBcTTq@5sVU-Cdxd{c_vTE&oh9SQ?WaM^f-RPNW zU@|TM9_SA#B?gq<$^Yx%Ws{Qo5}37m{5Uq(e(|*Y0kPTL!z#(exiq-QGNfd|I*^Mu3BIIcw!{i zvzbo(c-@nZ`-prD_D0x6Yj(j(Wxh&hMB80dh&?g72O%{0p#(?kdBA2c*Ob_Bw3cJk zd!c=j@;@JV=I!k+Mji+;s`0Q?JI3ju>*5VgR&zc=n6A{1)H9fCQV-G4#GwXIg9MJB zt}voeeCb(!cb4!958p9m#`+rd_wCkyO)!%{hjQyf4qAekMExLHyT!m|^jJhi>_$ z-1~BEs9BZwlQ;lM=1E0kcW3QQ-AHR!Fy(~O)+sldfE`J#zW6|?MuJ*X5|r3F{n+k_ zClp+6W$Go>L}h{011%Jl}ZV2STo%LpWZ}M z6IIoSFN%(<$M782 zP%J%F*-}Crl_tNle=5ARXFNh}B2_edOFFHx(ulIj@gx5Ukrx5 zz5{u;M`KBoX9QH?>vZbPgtCzI7OJSyWH*YjTjfBf`ALL*-l2znIbj=doYJo%iiAZN z(dq8&cADJnO2TT$qhf>t_xkNHYiwW$E*H+N+W^kP9ptKmsT2v|5Z8+^^t~!v_dT+k zA@2g+T|E3>fk>W_{3ZVWGp4Xogla*OECi)D2$Km)!|BKiqTC+>;!L`nGC|OS)CIQD zQfV}t%JwK1p62Y92u__dhaH9SingaC$>q#4TmL@(@$h#yW(k7I2Lw~>=a?tcm6_aPf1qyG86#P@j6w||SwhG1QFlj$$zwdv+TH)1^9(1}-jH7nqX8Tf zOyEa@+vhTEg5@g>_B_{E%pFkFB>`Q` z=N3gym>VW#>x|&iud=!!=u9^nR ziR4?ZBmGy650A)RzoqdsZfB{&_PuW0b^f#`3Y+LHm#lH2SD@k$u&=E|jE7VEP+>vB zGiujnhUw3CT6VZX~$I_2=Geo}v7u4p~3=o^6x-!>TR!wg-l1 zUXOG<3o(g|v@^Ol40*aWj)5=2TJ7FInzE3e4>7yA1a#QpP^+X&$9+A+!ql-S18)5# zbw~zz*ssMv;bH(BO;&~+;;GCU6_J`Qjl`DC;sirEZX$-Dh}^sV4Y+_HJY$O~OvO~B zc<0S!FB1sdyH=?Y0se)YjyVR6%M42uM6`<|X)c0k4mwA z-n0$B>9N8_xLW!nV-H)0OTk38e$2S7oAKlF&+#gtr+>--@P2DS>+g2QKUJl$UauOq zm2{@s+o>rEjW<9p(b|b&jB@D~uw%8!*X=)7?8r~YYL4B=7zWUhYr;ol7*X zEpM$u5fl`NP5M}cldd&=`W!FL1rOEF($f6tlvFe(|BEL(+4yirs(p&_W31JuKTvuH zIfPM{n~?wWohoty0n#Jy_AC+_RXUq+piW}lim zVEq8wsVOWPZbinG6MToLJQz0G(;mZ07di@en+CnD30f`5T#s=*sX5|TK zWsC|{H!Bg~?d0FX*;sezwHJe^+s4~QWNnVQW5;9Up_WHE*PT=^uYYS2e9=MTU-);GUDwR9>k5zW*-Yxb zr!%y4zUl^(Dbv(HHIgDVx)dapfjI$)i_$)oX8b$~+7Ac%mqO3AM>h$2q&8@vn-|9Q zqbrLx#Mi>#35zShSSK+(B+Ayo5&F=~$n84Qox*~BlRTwRSmOxG zc+&6W z`x5BBF*8@yf8DeFeTpCJ-md~;emX_RZIgGg*SQRJVat)y_G#3bl;*5b!833jPU+Pr zD5Ca!eI8h$LU?nm4B_~i7^YE{&!-}9Y7-om_j%d_;fm~N&xDCMOZci4eFH~+?qL4!bAi9#F^Yu9JHmJ1 zKa>3(z}D}?`lT{LN8LkH^4VgGr>fy;$ctbFb`?FJDU2IKA>)2M7w~%= zq-M&M0pDK1I==470@PB$O&e>|Z2lj6-yPOuw!|HmU9iyXA|+yD6$J#P2?RwK8=@kj zQi39)ARr($B+&%{MTiZeqC_kpf<#0J5J;p(=_(K;Kp<(UfjidzvubB zKkh#FpS#cUo-=c1e)F3-XC}-i8t-7RYdd*g5Wfk|bO`#HX;(*>Z(-gVcJQGhU>Kmu zyy+Li;unllQw6`D%44mp&F$V(NDQy_M3&4gpz~sKb8I}5hILDWaJz`19~E?d`q6#p zal}1!b1iY7Z0eV8Lj68cg9h)oa)Dv_Mv;KXX+3+DR!O|}Q`-rS6M~HsP3*>8^*S`d zf>rLauB|0pb>1}>g5TnN_XR`Goj3Q!cODXa-;_2jG4_V9M(j%JFVrDu>lNQp6wZZN zpGNKEXCEr``e`KK_EnZEu!b>W&2Bj6FvZgO=jp6LtmuDwDth)w3eGZ#t|rlAqhk2JY&^&HiK$=E4mB{*}bAk^`V9C@f|viAA9 zGi|`*p`7Q90dIc|$0FI}EZa)lLXhPT1KrX2&lp!nJ*-RE`enB+^Ab0OV@Cq5a;zmP zo@{#R(mpimzu^EKf{wo#Y(1BlLOXYOE|k*kd4>F)H+J8*kk142SZe87?&`kYHZ7{f z>>T^Uicsqks#y`Cfgxl8?|I2=!uV&5$iz4zWG4Yz$^3aJtIOvMF=vR0^a~#uUHhYm zYVzp!&iN^@T*WCSX&NHNv&q zG7MKnXbU{R6CswT5dVq&I7JtK5*Jki)zAGx*uQ6T&-((6xpdF#_jhuhnCEHR^ydci zZp3C|Eheny9BwCOqY_=TL*Rw4e%(bK>lVB^M`2q1Bn(+pOuF;K=Xnx%^=5u)p=q_r z6Gb9+&HUrAgklTInuqf`+^ji}MaQvMsZ8(elx`8-TQm^ev!+m;KYXv>fB1{`RUrMm zN=*Du)Lf9f=}bn-Lm2Nt|M~tSum^bD29vj@JC_*((L{QW37CpBJ{O0)+p_XwINU~zqR3*&4KYdC)?0(3*2IxDRz&S|0wKZ zt<=ZkS0PZFme4#c^H&3f5(DXew>Goep4Lg;Kace29=>M=le-?D@KeaHIidfFqEAWB z?;J{{t9hC2ywX2BFw%y2mbR1Aj2Zsz7gY#!{hPptOxn+c1HA|4LYGXkU10-FXa2*5 z*3UlzmfNrCkWq)ne&+hFaa>xAwnp%|(f&&$!<#>vExOv<1EX>WqFJyfOycl%7h8=km9uPpmfps3no9Y9|EY3Y1aVoL@nr?__hDb2_9p{N%ETmE{` z)yhJv4obsLQYqQyt(hEzvYskjcCwrdyv$9;e#|*<^vjsP%N1g8h<5)rNn^tHWt%&A zJBOH_Dn0KBKPmla{Q1konA!NkU!PjcCY=6nnZHb!`2SF8A}*4N5>coEOA!-^V?y~) zk$fs_`}HTi+S7-ef4{wE>W~jF*=?FMeU$h2x%t$6!|uaNnBm_HuKq3zPnq75-G}QJ ze>3g)yTtr!xgGcm>tBCBh|%H6$w)A~D@=hZ?2z#`n|!2z7^fj8V};w99~tPJlR`35 zz!2QVqM!Wgp7SGnuhjx(v_4g!B77QUz=(;(SI6gd+br4UF@4tW_mf3QJ@~pC`Guk| zKJle!fp;7K30thc2j5J<{Vp$>x=l-TR4W#>S5s=uI3qN0&d7+Mk&GOo1r};wfAWI7 z>4)?bvanbLd?X~{bz1?qjLNC@CJ2B}gG1(uTJr&&VY#aTt6Tw}?FdgmAajp4*p;&>or(mv$6(2mUfXkDNRoV&-;ujAJn*}^OlTeC~+ zuVY$V2!7zs}JBkniFdQ?kr(#r;;BrK8-}Z|dH3EB~5>4uJyhwQ3c9ljn ziJkmS3fdQtaH%9*d;ej*MjVk<7Kp>xNfh0w2mEp;knB`Jgnz7WZ05Oo_v3@ka>+JvHi(q7LMMwWW0 z!dc6t3s>J2zAEleYqr~d6%TzY77i#fF;}P zH~ie`vhU+!Wl_I^aI)2HrC6cPnDRry30^0KI9BGykUk}p!W;*B2iVh|6rI0ZpvqqK z$NXZ+>wutu;Qq-2bE%jm*mfLl!*j)4Ty^3yQBQ#Ify@VwIYA0ny^(5hk!+7S{zzkf z6m4@4g>OI^S*$?tuEe=9BBVS~-bCuT5&8y>S|hnys?EzryA6`fJW_v#`3egk<(XxO z8yG;cW7*mWPVaI8=S$0FQJuyz;8)iK(_Zq5e-k0(VBX$+Ph8>M@Y7 z_uA9H8Ja@9p%`zvgBT#Y!M%L4kxbx}+A7v^e3Q7_Gnkr=O*`8c2&@4t4AmqIez z#7I!a3W10NiFc(P!t1$4F)~|Fd0FtB!dnohh!~Oki87`v)wUVuS5oA}opd*l-PJ?- zHGfXnle6ha4mfl)O*Dcga<;({5@c-N5F}!YSj$KGbCxrKIHd5eR~^^HbIq+adxtJF zL)n;6KHa-rG=LQLX(Oba5#lpeTLjs!E|>y+;MteSdm)z5$({>HScPw7dQ>#0>QstfAYuw zP8Q_804PD|j25@sny8JGLW;N6**B%MZL7mYV!+;2#NISa*bEikIQgPgYVhOYPR*im z0RH0G!M}OJ3avceQ@!;sHiJ#K5MAN(t9fH?ip42^EDEgtU0i#25z&*- z>31zFY)tSb;UcX=q8_3vKeg{|ghd+xhZ_ZrK zmyg~6UUrzNkiPYk%5Nq6(j2i{KMkkes=JuEHB8&=xXS&{u+d*mIMiust;$@KzKLu5 z*%Uj{eyT`N932yLA|wEx8C+uc^CpmR6XLsuo_n(BquK9H^2Gq|~LXcZcZ5Ga#bVbEYEvq;yR zqGB`Qs6xn)%O+LSu|E|J1>vhf+y+lHXLxxHM3oHPC_(_2w}>)+D%M*WzX%a38@U2j z;3F6vlJN(&nD-LSMRdxn%YZ9%ycCV@D~vho$7iyI4CA-y_}#>fbklVyl_0 z9F|$$L+yHFjt92U`bnLC zC%42UiJF&=1)?>np9$Fgl7&a0n{J;a8Y5JV+l1y)!z z1Hq69bG;H^l-!SZi5RK0?d)o3th@+w(8}4a0&ST%#LKBIsld&lDxbRfoNtlCIy6-lgE(a<-+(j;LR(*WQyZads z@j-ic?KlcNrXk3-GTM+zhfp|*=fr4Dx=EWa4~_~9Y~9Td0shaMnz1ZR@VO``b}5lz z7!Eai_L|2GYlLTKR6|$ZHNl5~Mfpp!8Y7Rc2-4n|*#Q)djJn0#99feSk3$n4lwUgG4t zcR2~c1zoi?x-PJv3nS>C)u0_nZ#TEvSciF{yw=^FQ2Aez%^n}RUc$41z$ET)X}{P9 z-;$<$aH)@y;ZiBR+aZ-)#^(Z$Og@1DI?p z*Ne#R`I9#KC4#sstjvn`AP39C(jU6sz_x$vim4=FQ32TmI9RL6&HWHUFA6d?=h_CF zp*V>P;WmBGOoVVzBt&gk)EGMQkrYOe^7J|IG0?y$9J*3jRwRKZH071-2b80&>Bh>t z>KwQfExWuCN;l9lNC{K(<|-DKcE#YLp;U5LTB|}v0VH{oUB+n$GYFVq|C`kbZ>}b2 zl=T&*`o422b;M>L!95-%SSQ!CZW$o9T}FsghBI;7HXX=`yq&z7$?Lvg0HQ14=u>oS z=}K)nqLc5@g9LByE<6z!o8#E%%ZY1y??`63y!#N)vST!V(eq>bQ-p}lBN?Jq9K+|^cusm)DcYG_Tlv_N_z`?LRBaF=*r&mtU%Og`=dY^ z_8b$_S%_lYLN*1GbO8Lp?>=|k+c~w!r|$*~!rin+61+8Gq{tGiKwl7KJPQq@CGj5k zql+R91!?v#CaSa8SfvM*-{=fwua~$Oe2#Ub%ls+Z-y2qtDg&Zz30F9?80WUzLHc0X zyBp8id9~elH>g(VS+P7 zp?;D8W3pnnuk9JQ&>wjb^G<9;w1B>{Xe3wLDL=PmqiDO_qln5y^>h2fz*S*!25hH$Q=Rzg_y=nGz z38YcS?|e0;?nUe{+5!uticNQa%@=N^t0HorN(Rv{z(-q4uQv;7D7y6hWrIrpMRNaG zwliR9&5fa8@ zB&f5{HN<6L-W}IkExN?cvhf+m^J-fu7es|E8R7R9WT5g*WoSQ=$4KT>Uch0OY)aD-VO_(f%xOi6%-y>iEM8 z85L08cTR!lxOj3P3$=Sl+6Gy89nqnWMVR%Mwtd@gcuRE}(FcE~KBUeVBpi;*LfT=#`t znS@JmwwF<2;H#W#6cM?M$SgWNAE2RBIM8U)eOJEk(GZNc@qZ)Cw4 z-4grCatd|Y{}Dx6GCJRJ)GatAX*IRVx3#PDTAdFe&a{W78&N+yx9Z6>bkREVWokcE zbqGB>w#a34Lj2|enI%(!E0hRydsdctie`9}fGv6#?0OH8ZiI`LVgx!B1ZipMH9lmV zKhv7!)HfR7(@HYYc%CaPBD=|U5Jx_7`vTFyW5qs=XSha~cR!>+1kKBNZcL$EW> zg^gRJ`ux0>%Y1_Hu8v!iT+1Jfo0j>bHtRLk(>ibRGdtNTWQaaMl<_Nt*%U`OxF^R) zFoix1vr*c`0F{kYax2h%BbES}_WxnLz};zcGvxSfiy@ z?*E%zWeX(~3_xDF{}lHz{Vv z%%HC35Ur`i>zi85cfy#=>#jpwf^^A*+j4fNt_z%A2K)jV-qH1tseAz-;&rM`!Gq8Z z88G12nf>v;&$&ia$|o=1xya8AetH46eBH<3%CP980QJDg45 zuKfr}YhD%XdI;{`UfB4M^!8G#4NkLUD2xZ@D!%*V6*^aRf0X24c0dt*X9^5vvrf?n zv+C4@=jg^k8>v2*Fy8%$5y**NKFxzlZP~%~wVh0J#hNT9zV&pUOEgK;HAnV|QRh@- zE0(5-(0Rho{{1Vn%I}#)457(8ks~VD+g9wu_XNHxLnac(aVcgG53Njx zb>}@?S&SNrf`ZdRbyg$pogU^*ISy_%^0XEWtt%miC5>c7M@o1=m+y00Lu1#wzy%f@ zKP+F(+fKTvOZRzh3!(4%66`K$JlLKM^aj}#D}X`w#tX|xCre$YY)@?La=KG=b4H2; zfZGVOWd~d1(IeCCD_#;Osje>yWTTdAhmLk;`)=cCK#>3;@u)P=2?s}h@hGD-sM&DY z97D5UCoQ^H;+-_CcOvH291a}i<~|phRaN6x2&4A&9g-fyu?x9*4;@>SH^G=$(L*!T zFilSXS;O4lqL8C4EATnsgTF4-l$|sNFDn{>=h(SY1-NAZi&@&;rRyT+h3nfAr%6T0 zm0EuZ?3v^^pyWCrLg!NFT!g&T6pKuK@XyrDR;9Sj003KELp8F$XD;617a?E}v@x;_ z5mT%vY;Za8h8_mCQHnwi@I6Mi!~}=N@%uVA1|)0?7v)-KyoE3!Wxm<(Lru!9_XLdQBWD|4i$C zu+52#O`;$jp$ER!nu{9?>a;4qj)K+DDx5_cYprc%R86)J3$=ZzG^FLKi zE0@m{+vdB{kvtrdNflv5z-w8B!wv_hY(@Pa<3~k{2)Hxmfy+e)m--k(X@HPV^w`@Y`S1nsTPKX2#Z*E^ACSN}0c9P0g=DX!gI^-l!ms;=ADg!cUO z%IVCueiz`bQ~FylKCKcxqq!$lDHTs;WGC|5W@x6-(0P|5@=L z1)!b(1B$P8t^WbVpB20RVeubzwf}#BVr#|Y+(XC!KVv|L;0npeHR4Jxd3 ztEowh8A|i76F9VzvUw-!9%YTAWrhmh;H%t-7li{H=9sD47@Ri5?ITX4E++(yo-9E5 z5`Dh3nz1|4+MS;I8HsmtFI?cm@^{$P4$%d21VnghpKJQiP*Z^!Cc0APQ`1m#fjp3_ zg*km*oWss6uk{{=JsfX-X`46>!Fq5RwM|0=RtqY?pXdsV@2Po26o`xRH|Ri;q=_1R z%#7%CN&jLJOQO6PQ;DPPa3CMeCO6%t#x>{1d%3LJo4;*#!~-bSMwRbqu(*4r(WvA( zsl{69#bzAF4??N9c;3N!%W?W}=P8F|KIOJLxmCZU-erg|>D2iqvl%qnJ8CU!h`!Ps zl#p;Vk=)9QhC<43pK8yI?YxI+1*Fq|jHvQ3Zf+y3gb;OKsEOd?*;&yr8!Yy?Qa{+S z_DYN?Bf-C#b7=P$t-G{C1+=?kyu9Ex1%6^zh*!>tQn zySEuLD|YfM)!ia7@-3Yi4MFz)O6C=*@Ts!DtC_B?GaK9+~~UyuV_9+Q%iz)8bd}v*-HzW z#xkM9H(_Ma)M%Vhc^i+iq0KARD2$Wccb3lBM>8_+4ciE8G=KIR-Bgm`>ddY!j|_Nf zArs#vD8-TwIA-E=GIAYKbB60}`#j<(W&TTfX3q{a8x$ZtO<~d($tyeCmJty*;8eR; zxv`FZkuL+4VVhMZA2^+6s`D$Lm+wv9Bzf`7bbQ~3ybSBirj9O_ZTGGYt}dnUxjEY@ zmG@EJ<0drj>piq>`h9_}ROq~WD}?}&-9Ag}A8c2z)dj))6MWb81SP<6rW1$?B13s~ zOi6oY=BdHeT6P;t2tIk%bQj^OQLk);O-CcIgYA^tP`$GA8EN|cj>`H}I|tG+2l~-6 zUW~k8Rhigc3IGWRsV^bKYt(D46^a1`g2wbYv^1J|f#ap&5ciS+8!37Z`zilI#rWI8 zW?1m19yVh%$3sNZ$mj&4sn;t#HIZAKscxsp!IR49xkJ+1QswmWRSL^) z4GVtg`2|$38JpK=b0LyVx?bs3)^pkg`|30`(mlSQTpw)s!ZU&00vyWA>37rLPqNOx zTxXF;sfc^tMbpQrDm^wGL~JZc<7K>c#9KLd+0#ZV&mu<7 zOl-M9AXGv-R&X7gHbHZYWDq(%qpv6XmkzQ`WqiK8%58aEVJl*rTFVg2EBuafFYe|# zb#>led;Yh7yu^{j{AA;x_j*gbaY`%|rH!V&h?h83<$8EalaBvFH04;t+pagel_npV zw&30N1i7oal)R@TeSt&mkN8L7buSRGxv{_wQm?b^vw{ih5z@~y$yT)BRDzaUK{6_J za-5=PXm*Tdv9+wN&;8830v7Od#yjpG@pKLywpg6q$9qiuc!-v_$sIzQ#==B@wvZ^@7h-iy5{sGmny99so+$D<8cKBJvIhRT7nut@Vj$7pKpp zqXMof@SN+VTrHaH;1B?yZGj2Sh4TA$w?1tEUNy1QT)qZQiF3?^62Gmv_4NhdjMXYJNk9M6BEp2U zQn_Gr=b?cu?5ysb?4st}7O(76?2k$9x7=&X2&5AmOIV}&W%P!3q=@HzvT-O|Rp2@> zfuWh(vEM?8b9+zDW;IXY7L-!q_g-J;vWT7@4x-*+AOhm zTj2YwV+D>|^jE;D1ohHaNz!LZ|luS{4$38x45eaha^mf5#jKLF$N7+_ z$-CP|=4wtq7z!@~zUoO6J4*#N?Qk{&Hzj#51!o<5vTe@~OR4wxAIHBD&?EN-D8n*5 zD($diPTVglCux~?J6O3F9L{QL8NBe_CW1q7M%c`;0+ir@{!rUEdhXi2pQ>gnjvFA3 z=Zaj}YLY9u&DwuY(COSl{iDk0=mxdEdL0kXJwd}S+wcw2=&pveKH%Y1bFJqGbH6`8 zxV0@%sXIe{J(_&5r(}WTP>#S}9Vkpjy%PINmE$Yj6;3zc$4?DkAHowEF5q941gbAu zylL!^;l4L{j9;*#On2~v67LJi6#$dWOodMu=q|N6&si%qYtIL(-o=ukeG8lv00@{} zr9{F-?u3ip;%hv`tElY%#O_{%n`v*9E8QJav@fgnxFsAEw%bg6eNylMUwb_^U z(XSV5h-_C9%@ zt_eqAu_?j_yJxAzk7Y3xs3y)=t zL5cfB96zTt{a?SbgQWPDJ})2mZii&n_=e8fbK;dDzur{A_8S4eIm?2`>mBZzHvw z>OMJ&h|WEbYC?6fJ4ZEXd^BftDxwzt)(O4!!l>IV$DY||psQns8)Uy34^e>$%Olzu zHypMg1HUvg4&*sHkaLDw4a^pig2!M2fpTxslXkwbB9R4dkIFZad=Z|c~`%qE#K zgFH&IT#uV*!Cnn^J%C(x{7W37;~C8tgECcf)Fk-b>=9DKDA@vpBAEi|(+vt&O%R1B z(?FPLtnB?eAuDXd)7sHesNV{_RpvyPY^H9y8o4moVGV?rTXo0PfRd@XhRVaBQ=v3u zx){kjBAUl-4!~CdcNkW)HM{1UefM;4@`9WZe$N>e5iuU@EPSl)A$w(as=>(iW1hcm z)52j>cW@_lCMF)!2s>JzmuKuVJI3@u$*Nc{C1);0Z?_#qq|ouQ6jBdPA4|N2B`2Z* zCTAmN4O;-#AfUr_yG{9yO$IHdIeb>2p%Avkzl@cMsni%!aY{w(?a3_j_ilvv_Dtqh zHQxCJ$m%y^W11O3H0IXEVKVT5siGEpkAD#baMRhE;1`QTOMNy%Uy5k3r65Ggg41xS zk7oN>Gpxu)3hUamy{&hBmFk`h1XRX^NcoeGKICN->Q@YT4PWoi?sKJkOeUuZ`LU|S z*n&h4aO@X$5=yr~4NWyEuOM1Gek4qqqBZ-i`3=`n-G{U~-#pJf;Q3`t{VE_tz5Z#6 zIySQzs`slt@?-n^KH!C!eZnl0VtJ)8lVl5e-)|9inqiGTd8y?QD1$I!kH;Fj+C;xH zVYAEj#aXTM(jojSer{bNJ*ZQ7u zV2hhMf4$j5y~ZZCU42Fk7!4aUy>Zl@{gAe6ppM)`@N}c`fLA+rdhz2RyLG$d3qhm`xI1Ad)&V%q)6w_=>G^t|FjG ziq!=SKwI|Ak{+Mb?aq5daAvk_+T4#+I@kAj07rax4@2 zd}|rPPvqlDZ^4wt3-m1hwp*rbAkOWa?Fkrn2cO%|ND0~9m)g-#QRm^{buc@r@7&=0 z&)IW2jY@bf4H>T;l~+=a@es*g2FLzjjE=rkph$D9y|oR9@LV8Q^V%yOo@$k)aTRHQvLu%e z(-|B*tUZAg`i@;lc}R4A zU0M%9Y-j_x`f>_8B(;#`flJ*Crm#(_xlZf$e$o@Gdzq4?CF5@{7L$zw-urn01w&d6 z&kOn4f|H$A0|{1HEcI%?OmE6dxdUiTB=BYsAg;@0cai*6p0cu9>>Ml?qVL<#j5fH} zRuafPN$%_|$7q>tO^U+AB5oKIyV$M~a^^84$NOFAwNz?{=V$;xP&3_;{z)vfsXI2) z0%7-(9UL$^a<2~x;NG2C;-1&(_kIUSKrV6ft$smB2>@OZ*D7^}np~P*u>=hK1JOfw zsn4$FMq2n+#-;Fgt2jBiu`X5c&BH()u++8p81J!Iw}JzI=vGdygMoYn7KXI)@USyI z!4$TgZ11lq7i#3O)1xf$mgNPNYE#uqp72viuXfOZ3;4Br^O>{7zV!enxHK%d+tHxA zN!eTUVb#FLqY=G=YNf+S&{_H~c zIEBlNU9IJ}#|6^WJbnabrF|HW$^=SM2`h_{$!3PcZnvX?izV+Fv?mn|bER@HSCx_y zit@uEi1rS(#~d<_<<$-z3gzgS)3ycl*CuU(!Vq4=eXI5!X`E#qm#tK@Nh-bQV@XF+ zLO!M%H1s~C^Ifoi-kRo6Mdve*Y^Wu@`|3ONU3HAK0uQ)Qy@LyU@;)_nZID+T-Ygbj zFjz%1<7rf-%1Q2*3ysWAWvx$G1@%s!_t(>1#5q8bdGM=d_A+#W4Q;g12}8P+-PWf+ zgyd)O#vgObN@zq?7Cw{Fpw~bXin#aoo31yoq_wQJaId%t>R&1O-BobGXj}U}RWFYsv6bJZFijSuv1hFL% z7&Fo6Hba+G4~3d%&_phr2MHMxwi7O=0F8JONo|$hY1_HoAjJV6X?f^7oNY8W8X5)6 zgt*L{iu&I)V#0$Zy=LEZLWwo~+yM><;!Sd?zzR^vd_IIYPSpYn+&NT3;Jf8(B3j6ZX!)pC29Lhnz1BZ zViFxD62|UV;_;%wNoyoiAxtD5E%Umn{W=Hf6I?5Pfc3aJ0T}ms#i{Ju7Gj~KIZ@E+ zayM;=!~-P)9jW5{eSrF_8q=8U!s3u17z&H-WS3!w& zS62KvKwwI(tNu_cJYRH2M%;cFw?mlg)IQ*MK=OQStot}Hk+%J9XYfv$)1bOl)4Zhf z%4?wC>Qx`myeDZ{8y;61EZWYHpXx)LIu@1vz+Bmf$4spI|044~6GeTXjhhK{)&upx zYHv9ftS_Xefh;p5)!cqhg2g=_GS>pXHGaNqJY2r?&j<7pw=b1C1@!iutmPW_li5g4 zR}q5YKoztpNdNF(!xX^cr8feNO+UCW#f~V95%;P}{95fX&=)v+nF$h)0REUE8X-+J z$Nqr2X+mo?S)jAlBt%p))g}9lnT(nw{nbK7&6|LRvqnFl&G4A?U>AX5CYdYX4+5H@ ze_&yTxFPVh$bS4Oj;`RP@V4wL`rHu@lDho)dfzDh_n{&hr2 zC#8V;z_*7V1be*sNAx9(>tg4Mw)cvgM7mn8Q?Z%7M;YBsYasy>0bKV$+Qf4drl3!QbX$z`OKTS!D@t9K zo(9f~6vE}I_PCn@(={S38A!t>nKs*qi7wB}`hS6ezdhfvAh8$mipnHXOGaYMe#^n3 z;@)Fmng&%^Q&{w)e{2%e*II>+5hy1{2(YitQ(mr7R@N%@bfN6cjKI6gyA)U;C3RzE4GL!|)J%8t;;;}5(|HKsm zZzPaNbr4K?Q@LDc&~oRYN21BL-i=%z<(+@;uiuE8;qA&1(uiE`uv7MzAL!m-RB$~1 zHU^5Pw3Pi3hw{zh<}}MdcxBGH`uQRZGJs3hR&x@zVj;Qw_7c>U?g|EMA?}yM+>sh! za=X`S&m_6OwN=@UtmL3SVlx?&nno2(v_ie&d67td*Yjr-`!CXWi}*zDK&=er8f}$O zd_vC3C7=6duQ&JxDUQ$0fHVhMTYKTNOrek{AU2%hzj3@qSt;(=pUzw~6E!ZalK!)g zC}QM<&7bjmh$NP1Vm>gkhaJIKSDhMqT*J#^zFnzz^xwI~w-(Aw(!VU84h7x!Nj*lc zQ^X7l)Q0d|88Q^LMEM`si-pq77>g|Fk#(DC059Mb>G$+81R<|!9RnBtF3x>>mMp;- z(05$&re|N{?MnxU9K2HriWMjm**{JRQs$~+eh z{VhxR_VfY-{6Z*H`8s?;7>T}p>3T(EXaLTj$HLqvp)}+NROG0DU`2aaWD-RsRKP4Z zOp3n1*amqSW9Dq@d&n++fb4q3MbdZT{NbSOha((&ut`(%F-<&m#9Zr8p1kG>1 z{FA=?v7hc-G$GxQl{&Cw=M5j7pX*+&%cisA>+`cGlf9UQY2;CIa_e(%Mr&c3JHwWG zatMy;gD)DU5562^g|KjguWZNGV|tmtwf+2zymmrE@0U{9g=Xd^I{Q~k{%K5W(>SAO zv1`}XUl*FKE>CuoH; zk5XD4dO65BewXB*bh|?9_p2hJqRt&!9lGm=Rbk@7j;GelRR?sWK#iw}H5t`A(haHS z41w?5G~jN<8pxm?eMq17p(uE~N}fJFLmsvIbg6udLnR-FI*zs|>GHaGPIh7DF=lgE zM;d$HQ*f!`!i5%h=Ykiy*kIjuar$jc=Ps@SUG{InW~IfB%mEGV!WxBG?L_L@m{%!w zNR?U~$m$;HzlRU?Z+cXCu}sw{Sl`bvJZcm#8c8j){&|RasX}#3 zr4Ykk0t=m%EM)b)g`8(tXl&C44afb?X;`G+X~Y+j&3z6C6@ zHB-uk-kmfQ73E|qoNV?x$9OMy7(qR6Hn46N)9h4T*oxJwPp2>HSabTqAoIptF#M&= zso#}AujP6E0S(%dKY{A6Ir&XI2p677zI;!;SSBh`(d|RhEf4zp4_Wtz5?5P490+u) zf$l8bV;cH|AF|53<<_=cSk0&>4|Q5qsQdXZ!sxw+=XaGhn*{pmX0f6yS=!jc zi#o^4-@LBph3}9*9TgRoxj!5gm6=M`TOB%)sun))Ea;u_F!_ruv3&vPkVZ)LM~_95 zckcgmI$|z(mDc;V;t(p;&qHD12%&D91gt?c%KZvOOHFDu%kj2kU=pLuHU zyiwOjbwdl1Y3~{`4Z4mQ`R5yj7KWT}wmMjazk2l-frbp|kaA4_E%1Zz;&$mRyLOc>SzByb+EhQJw9stws6z42dLU<2*3j@v=kj9i#wScJGnrCd4ArktpIsa#B%JX4QiT{RTica$?=2?)i>x-p{0) z`|F~A3gz}a1U{>&zA(Gsuq76}THWkAJjHUEOJkU+g|{@vcgz%Yd0lVcvNqXK1%@)b zE5?E+qvx@*`6y$tv|g0@>eb0>X9fnrPud{!NB!Hr!GpP{;_vP`2JL$Pp>d1>0#)eh z7~Vdyp9MDSiLf-JxZp1#{>(08NThk|p*e&T;II{2&f*r>v=b_we!&v-4f-yGV!5Dx-bOl}exe4u2pB{k|eYM7X_B0DywW&olD z0@*l#6YL$Zv8pTV9f+}ND=X4H&si5*pF@b9|G?qzIR910e|LW8;P_$UrEPwmYf_F& zfi6{C(-Rn^Z{{grD$;k{i`c)A@bjzA;R_a`JYWLolaI%P{HmKplauQ_nnwDA&cZG1 z2jM$EOPv4Zcbxy@+4;+$?L^DgM5Kd?dL&VWAnwe6B;`*23Jgs>8u+ih-dPC%+1qB@wXVI|6ph zB%tyBL?h%tgvW#N=#X5b^~1tbukwOib+Xh>wJhq8GLKU1 zh)ikI*t%WfjhklnM%B`P2WXk-tY;5*y~3Ucfd-w=b(b@H&w#OMDeD0}h0k4x2m%iN zjzlkmGwWrY+8hw(FAo0NaKF54Y|BMczs>`|Ob2<8xj%65ZLix@Oaj(tt^an%Mv@(C z{m_ojh@PhzIMg~6=+jg*LeR7K1KY|vsJa0KfL z@BsU1JOHs}CLevc&OaQoRkv~Kvt#F#t37HOPVFqeyS7;7vZ8vig4q3hC8p^pHqE_- z@c@bOoh6Wo~-`a~Sz>e;ge(vN(P&7_>8dF2sasmh@qV?81dx{I88H+_Ii| z^0#mlp&?ACNEUQFQecc9T(xWl9C^475b~WypSFC<>s|+f@x$-RZQ*||sO8c2?SltZ zRGm~56?YfLZ%!r3e;(^kN-E3V*?6N8jdg9jvvIadzA4{|HF_gG;6Ja+)(N&6P)XgY zzoq+YASzeNH0=KSWeYRY-$cAmE`FaqT4nq>bvk97*%pB~0^$Iw@$AW7FLofg z)%+2_ZPrWNrhZ*9>CoLdkBy$R5@B_!&D%QxWQ6&JNiEELzlMj+E8+d-$VfEMUmAZp zG}sU2UMK%FzX z#by|NxIbZz@Y4X>E!HY`$i*-E)Mk)*+WUln2QK{QilRDUQJHmH-O!=5|60nyk$z5s z#!&+q&chG|kgbmHR$gy!zpynd+9Rf5)DpY<)pRPkW77=L#Be`=beFB8Mn2EzKp$Vi zQ>ccIPD)>X4niVgL156!uEFO6Wz5}e{cDD*uOt>#oveTPU+c`+*E4iWgs0grqRA$Q z&j94t87)|_;Qr?knaFZok0YA@wWeO|dhPp>ig)8K3BBez2lVpnz*fEmjLMma@pIcw zxllJtc-X}`zdu|7q`os8oEUlPS^;qT`^i*LcNjO?WSPZ`!CAhvd?g)q$6nc0Q(J8V^7`$n)|t(O^1D6CxGGTP=7 zNbi28oNGwSKvm}faRqL-%J;iaI@=?$UU2Pw&7%jGELpL6SY%Eud{9_IMzJ9BwFZ6>};ro1(7!DlZ-q9Nqif4_W~O=Jc>QsfL>|2uB58ArPW zZLPPw0apL7?Uhtpb*ZG4%X)Ob&h%#@x9Wu8;;M`P^?p&9<+#MkQd$z{O5m_>3hKaM z~zKcAwv?WB#rcH){RBzgcQkpt<1Wbnsd^Yt*N?-Xtrp@}x!vgNP_3jEEfewPn zq#cjH%adm7e_#V>Q0K1o=M+8yb)E@}F!S$&`z*Z?;sg{XTAC9A&;HI*6!5ekkrfnv zx(YDJ{|bEhK}t#wt4oKIChuFK1|nttFX*!1;r4C!uYIv#c0ii2V6~s;|JUF?IyQ#G zo;l4rR47J+fCzHI>C6AU;K74QPw(F|J%e?)*Ql`YCoviSFICB{!?VupWZi7#j^!ev z6j%NC-ua=l$zlCzg;s5N=QG5;ANk^C9SE*HqX0pB!^>XC?xNYX=4^)3@5g8?a}4yb zUQbu-!Dz!{LJLDNp~RNh7PZTdXCNhD4Ro!w+u4V8tryul1Ul;Gvqy$KcRnV4DRUM+ z@8h*jZY#VW^mKktz`7bVW(`E)(_hNc5^e%Hcu+;9wn`@nR=XL`EC~nA-ec5NCu6O1 zY1&R1oAaSo+`L7CO2Oqzb>G&Xoy92->W-ViqYqV^wiucjr+_#9EIoVM^wHa9#6T1X z+{wkf)#TRZEKUR{529mrT-t&zCE7l{{3G^t8O6`5erF0+!7MDN^zG^sVIk4LM7z5 z#%vvwgjCX;SE<|*LXy)~$eE>Lw3N4(~lBk;rbz~4B_E!81Vt)qVP#te&LN@j^Uf{?!`Ml4N^WEwm}b-JXhCPMXs*? z6qnFox+*dWirfcv`aeCx>45WwZEP2-D6sr|<{4{-Bh~c7D|>F>3+?}Jf4bZq<^916 zJ?6Km^!6Tv6NA0s(ro!rEF1LpT9S$q6QIDZdEw~g=%xP0YJMHkWpw;b@x?Ja_*72p z=qszr7So~KsKBwXKRCww>+qPI*c=QkmPRaWkMIj&=x=bE{|x#u%JmH@dWeZtSnajj ze;p0NBEo39-ki6LU~4?adUL-;dMOL(ZST$#d2-d<};=H_-W?(T#Dx&)Lnk5%?-Y_v`WTs^uq7bvqXKd z+QWYrpBPVQP|W4TY1&f5r55b@xFnk<*Za2nwp9PG&aZ1~aFR`f@=1%h2J;nwGDE)#hfSV-q-ZD{PF7{@%lifDwmx4Ztn(!DOWGM4=9n`P47YTCD)lR z@vzG!F3P^PW&vLT!o0)g1B`K_a5xCo9#ADE)i9X8S}3>ofEFQjD%>uwWIl*l-}MCLem*hJSr60pNjncn#a(zEy9*<@7a{y zf$a56%YCg7j~>3eD8YDv&-mMH=@^w-ZC^p3$TxN%qg&O-;N#wmpVb<>#Bl5--v_Lw?fIcH@_2kAjs_oJ&k zaqEe{;#O&G69BEjuu;{S>Z8}-taGDU*{}Ghez`>(lc|QQx?x4XkGNb3oh+dhGN8(% zuAU*WSDa&h8JU-uTneWDv1xmazaY`Y2#Tp%cGaq;H?BGh8)@24eZO*UsBW=fOTuA} zQ6m!tZ%^PT%`6)1w{(rikM4cb44;fDktF3C`Qu+3_@JpP3rGAty50>apo8!Xw=&|f=`TCY|bg$%yfR3f6p?D{|8(bBBs>(E_0GVx~1`h2MaPit_!a@>w5R&)8q zi`8VSeIi|5mmmOLJt&GLQLB!MMg|B)*CM}oKRIH1PnYFOjIr!A$K!RG%v^sFV@%Gw zCpa`G#oE@OGZhCwDTt_8SXGF3`$$vDZ8$~!9|g48J=TY%giEIPm#ttRhd3xf z)&bQR7*rEc$6RJO7orbsDTe|RdVjC3Y`BQ4!y3Vt9OewM(L7Fm0`_LhR-YH~r7j~E znDV?Ao%X4wBctrN$?oq@Li<8_&L7dI+&BF4sh;o-SvPrHzitYYsp>|;{!{B7?o+{= zN^^^9^;>Lzdwpw8&Ys&Uiz{_uXyQwZ{GGcpq)SVxLzzsEt`@5=%1b!;`q3ZlzD?Z2 z#9MudN$_InQddj~HKn9e8K37r))yo&P%Rp}A=$-tsAweUz5_CGv_0LX1S-f8R)maH zw@wyYsEec)0=oG>3Bt3*lf7`x*koqH)eW}G)}LO7fQO%14?j4AO!j+KUR$!Svvi%Qk#ms$eHb#*7HFyK zUf|Tfg`giWw*{$fQ{zYE-V%rYc4A{j@uZhYmxqcOg==eDeDmh(9xr1JQ5foy_&m`Vw5_xEGc!oKjn)7cHapAA^^T zvJb0W!HyN1w&taG6=rtg`0GLPb0%!F3Br>Q88ZAXDx0yfoTf9^Ou75m;UQJ}#JUVN z5ewP$YL8e&hR*{N3Tpf+{`HXWT|rOxz)%2V_Wu6) z4Qkf|bCgII&Aa2sdz+FlusI0Ly`d@yh!3A)pd-1fNz{pt4_4*SP+padgg{}HI-+zH zi;5-NaUL!x0?VwNGbWr<6<8a}Y3qUXJP<~juN2&-!#LhW?dof3!2>!h03{_6%Y##* zU`hT-;9ZFb+}X)g$Dk6=iZh|h7fyv#hiVwxMN1E*so85)ljD=`Sf{ztX=ori;K}a) z9p=(%{3bDM?PGWCpIht4K_d43bu3^gQRk#tJt!`lVr5mS#4sJZl&!(23bPt`(J2Q9 zH<+SxgK6k)V2Bj%|8)EGxpo8JrCdm)9@t!WU^30TpLBJj=3xC0lN+SH+2=P2-Y-P> z4G`Xc+&@lJ7Bvs1{$^YbR!Xqm^j<^{nJi{{xR2XOEZL#BV$_k~++-S)%k8&K{%U*e zKTazjn{UGh!tsRV^76+U=t)E9b$ctrspQWHT9 z9=W~8cn$jEcC;YYNZCP}j(N!2;-esu^#5%YgK|u46HPRd+A!gJ2||ZW7Lym)y!XKX zqdk^Dq#G?ahUVs&bID250=_`~3=3%E6AaWh0oq+JAPjfX-)X$ZptJF7bn!-eP8#2><)J)dJR3To`xB;;O`xXA6|0I9YA2*wrM^EPgR;uww=dKj2I~#_-vRp_D z3oQ21$`0+YVHLu5)}sPGiUCs-4AQUDrrM%Ui~d3=mgQ~D5BB6qd0k1R@47|f?h9Wp zn#WT17E4cF!6GK(JqM`N^h@ zm!c*f4r+pTz5-`&nND(-zVUGf;@j0-!X7t))-9cR>OB8!5Z>^?Iw#o<-;PHR!9bk$ z|H&La-et+aAwD!ps{}?b)$Hc(n|wn0;+d zM(J66VZ_*c!r3#Bs29Gz#;M}gu)PtsMOwBvtTGT@=5J4dug-&ADW{|Yd#!-m>|@qv zKNj(--%V*9o|1%lAQ`W4R_)b6HNG3LkMy6dkSFT_iqi>*@!N@z_*4db16um<%DL^y zVKqLQ1c@&Sk~+!RmuYds=>4gu@Bs%3Yjv^tB7N?eAmyo?&UpmP0~^pRh4l4_&CatI zSGOGug8}Md+dr@mhs&cv zIIYns|JLxwd^_%$>kA-bPs|fY$7_T+B32&iw(~Ug$=vUP zKW)(oi@E$G421svIe>D?;GC$#@@~-*gvWyT-tvrfg_D$&1k%YrQNUUWSM@&@TRA!Y z`2jJ#1ZZyORIJD|>T0Hicn9R(NMv8Ckn5hgQ))K~hjYGfefK9PDj=9oaIJg38sfLC z&6}r$$&k?keGh$N#uM)Ql90~M^*LP*lys;<9lv|;gjjC{wk3fht(kV>QsXzT8qz~t zo%RB(@8=!izidX{qV$K>k$_WWmv$X^M%uz)PIyJ`W7p5v6xypt_3nx-0?t%NTDCfE zF8SCSCYlnoQWReTiX}B%vg)4gmbS};4-GV(W47zxtl1?e7FtjSHR;!=qE zKbOwK>E+GCz>nPavYy5|y7gvk?L!TA==zh6UYoHC#<(x4748c0?s z>C>K4WFgf|F!ehG-SK-JAPYH$Fq;}^zwe6~&YvJnH$rfmX4SI__|GQ0;s0QnGbi2U z_SlpVNty?fVQUa*qgiHwAc)3@x-El@O_oJf4`h^j52LV*kZrsRAh&FSRz-0w@KOMY z1N-(Ivzv$6hJi%7&{Q*RjUA#vBi1`=uRr(6wKF!ONkMSIkL(88_8s9%-N((TTc?It zB;(}k*zDsf`y{jGEh%*t7UwH~naf1Z?-k_K+y+*}aqrzVf=`9EVR+!i+}}%ZeX*mDeL8vhACN}N*k z_)VKjVs7}>37!5qurvd*D-V+6lOIfl)ySPom$iYrMSpJwat1wTS=5mtDLU zGoLeYmxnqZh76YRwi7c{*&n4EUOe&hy3(3ega9g@;&p7X=yg(R9;+&ND%@#Nc_BL$ z(t)|xQ_;rva`OW>)YSeC?u5zE8K6byI-YuQUOn<>M5wWZ_4aKcev*N@d1%zkqd-0c z!Qzv=-r44uBp0117zS2+ipO$|1&23mzzN&)6G)kE{XX6VTN8BjGo9(;7uqM07g#uX zPMB2vCTw(`wupbW?v}=RD}*I}@r0FTN6gAbovJZ6!-S2Gpq*d7t*~JD_YKq%S_+BC z68h2^MfzS0uBtW`1eL05Iyj#N|B%IfINOBpt)9Wl45<8M);+Zrh^y!0LV17Fg%y@=!o>d~KcMlGti{p`KqM zuj_%rw<5;{yspZ30^*YC#wGNv*HAql9y7G8YhG&iP|8ZiK6V~&9tguO{Rd}$1;KXa z!ArlUzX+<&xwI>b=I3ZCNVn84jP5VwqPX!q`^$q9e*$`D7`fCg3|D%q%cE45q2s>+s)5qv+M2i7`rjg*%xiZZU4ubPZ{AyfaYY!wVABoZ$AMd*E~a|L$bnE zCcvnBYBZPFiczAOJ)<49oHEZka((JMTqqVIytc?YXwxuJI1NdGJI{|s+it-Kv=Gsg zbyVu>QoTJw_!_Lt20(hN_ABvAddk-q1gdUM?*Y*02UPV>iFpck&Y?dS>3=(7sC#-Q zrveakpii80fNC+1Sm8Py_|-bMAr}q5Q1K9FUQzAvf0X#`p`6QT9I2J zkA#Ld8&E2s{qa*hxnue;&ic~9)4DOv*LiXGuDZD3TS)jsV58#XSl<;6oM8Zf{{xN- zwa$NG%iJ3VYWz6zGl}7^;#~#wi32}ZBWf~$W?vo;M;6V8q_1RguU~%$v?h);@QUzE zvzvgBqMsQ>zo`sWtmQ`)3phYI@m@SV*eJBQ7~W8u!SdT0s#P;Y%L-#>S^V(hF%)xg z%Jpx#3TFW4{(KV*Ak_F>+c)|En^IOcc0RrIs>X7CdGycm82m5s7!PD>&4^Z z2`^^|AI932`p8AYR+bDu*CLBb%l$qYLQHKSWK?vJ@+t(?c&VWhnH|&YVwY-aW%u0? zV6ga5YRn|!OaC$9y|c*4piE#t?Wen7;t-gb~5e*7<%Rh}EIr-UBL^)>6)@ zQTZ+-tvdf_q*oGI0NtH+2WIvhpf3$}Z>qopm^;rhMjQwo;i>LFYDZn^kqytJXC~PU zf$f(ihmjHj_pxJ%1NzYP<$ykr4h(!!ef?$eILrSSH$vgzyRyx<}Nu~=IPzEELFW?7p=V~&R*thysvgDf|lg9 zk{g+-A2Gtb$9slD zm&e?0@WpyEY%r3-mTw#b#bo8nPG?S-p+G6HYg$DZJQBLtNp z%Gm9?5YMeOn&m#xKm}X&g=rHbzwxn8{|>Hc|6;CtpGR#ii{alt8Ht(%ltmBk%r%7o z4$2Tiex`Kwi(tZ-~mZvwSDD3op%GSO(i zRCC(E39ch4kCO+0{w>P~a!PDt<8q%9*ZC=CW!|SRZ)BR`HUj4c<|bnJmiCl2UIXhv z2qs3p{n$cdFioOGAD`Nd^;=7DJ-5}Md_v}tO=jIq;ta~4W*j2#Ux)Z$?Xo$xdTY9U z?Xr^$bU(Tts>_WZj-S8wKUC+-3mKOv#f8pLUb8EgqIDydZjzr3f>HJh@^|@)_djoM zRxQsVJq6+0vtT?6`|H41sTE{ajxl>{dXA8FM*?@Us4S0n#ZM6#=OZBlyapmVxjYBo zbUpbNY1glS*hh>hFtqRg2;qR-1@X*>IrS#ZTi4DH68#`ievC4~iS?FhB>Hh3$Ejlr zMWsD1ZJ!6a2vC!0r$y_n|HYqQrz*$n4FbI~_0OH4SQ@Kx2 zX7vUv2ygHbl^ck3*(F=cYFSl z6JU%ey>g7aZvUGQfkXXflKteqtb3bzJ(@Ea@*Oq4r3#t>pCB&0>IH0VZ?R+pOHc7d zqh3Vd^3Ft~B;ozXA2z3jUj^Y4jg}t-c)P9xO#+Wiz(0Tyg5a$p*{Gy|B7T6t@l&#Q z5ZKW%U^1JKlWE>w5vu^Z9k68AY%uP029Sind>uL+?%UX@*Hl80PM@0x*We zQ)+1d^~9|h`*=xw%&+E_`apEVjKOMJg;oSneul1Whlv$vy z8-P>RkCt(cbt^~!YqE3nr&-th7|pt+ee0~kbiq7r@RBSrOtWsJcBE=|yZl1c|28LE z9_+21Ucgy*%%B^f~(>{xusf#v`+%-Y1QAdMS}W)@#&ClRThWr$ElG0@s0TMONCjx=Q3l2Guru8 zc1gj&tqPNkHAI-}2ZxmkWB+>z0tkX;4T6Ij|E28**!D+qX+NRGa??qVBqOR|Pz~Ji znlqkedr7!X?Hl8MV24vatdl#D&4G*PF+SPrfPF>%FVPJKKAKeud9r}Dtzh69)7BsX z*Ml&a6tha1O!ZV4cEXAcZnc;L5XO97!TpBdGhJSe-0=zrWPYNs*r6rlC8HKVYVCMd z#FBf`(~7Cf*T3H7H1`@Q0M*Wnueu61Z-@QP^*w&!wlpB!skP^-t97kL? zU_cj<@0cVm8k3)>`$3eHJRRSuS!7Q1{$=!jYdOWt7-O2;iVfiDo~-oG@aeZ#0iy2Q zq$=)PXC4MK{N0E6Fjakqpmp(8=;dB?@TCe0`ZEtWn;Q_-I^{5{F#OA03%2Ft2?esx zuIE0GgFq=Jo(dCXq~pHhm;_zjpw;`>BV!F!atQ_%#R$#v6{|Ap@n2xz;{6LyaXzgt zPjO1F`%R}(-+nXT9a}e6k>@VuOvj_bLS`{E&xH1|0C;7?j7~d)AqFAN;H^f{3s#1# ztiApO2z@cH7$ka|)KluRsT`JK9`Z6$3qLu&E|hs>FMyV7)%XO|So=r1u&q|#sKE<3 zWUe^$5@oN8B|&hVnj7osUIuW(X`Zv4#aIC3;HsDFPYscTMA+4jC-X#~TQ;im z+Y>ITBa6z~HUKvF@iN08UX5@Iu`#YyPSM+CaW3hv4MHv0Zot}S1iiyUkl5W&EPKaq zFu}s6mI#x7iO>rH#pDdeF5fVFE|O0DH0UrCy_mF$oYO!~{Q+6K`pXVl+G4v|x{xuV z3K(V@NY;#0Nz6=o2?@}GX*4Y_pF-1|n8qQntf{y}b=swiOO$A+eE|?1Pt}npZ;Tg* zrJRI^kuF{#Y0IK`54-TW=esYkS7lRkRvcF**C(wUCpsJ>`D~uOkMZR=syfB{_pchV z!n(>G4X*Hqwuj@fku=wv9XEegu%=GBg5iEpz}}_z!pP%MsI2^d#ViR4nT2aTfW34i zIUCj$CuT0dDkYb4BOCyMx5(iul-#$T+CJkhz*L=^rCy%%BhVK>fP}c-U*syq-Ujdtfwqlm6i^YC60#DhsZ&CPE>7Teu1+ZRx&aLG+y%Rn_ z6%^kf$PWr|G=6_*W#&DB1_z(#^A=@I>%qs09LI}aBC)uv!*SIaTe!|%!Sve+)hZn- z9w|RnT<>OjaelfHvp@lZkVSPVtpXrvN_Bphc+$Ma#=iF*#=pcG5l&V z=kFfruiyZh4NKu=wD>8QHXJEHyKO;?3t9wHDaLC_q{F~o&4lAuy@$S3A}*IL2rO%| z2GHA{o9PIAsY}hj2s$EDcVH|l9;Cc9tXNmW4{N*E>NV_5rpRI zlvUt7M#zPM?<+Z}-ezFEQ9&!9CC?a6uD#i|%9)z;@troeD~EFQo-PSk;My8NkKCg4 zXhZfUSs|dP{JpF(HEhtYk_SZ8{GSD52?_;mgq$A!PUSViI{I3}0YH z4$a@kZh1YWERUT@Zw_i$AbgM##%3&A#GU*R05pH3C7S_d=OBQ)giTQHqqJx`I}5gNbG$-#dvkoIX?ixD|l}b1iUg~ z@~KHC5F8D6F_|XO+$SVb`rqv{>Eeb`A3&*8%pSKdgkX-Bi`0Ncc6r*D2aUk`LH8<* zeXgeb9fnh_>!X3^36z09L?s%?vJZQ^wSOk;mDFt3r`$t_yG%cwTIZg73V2&((#Q^g zH;J?JbHvEXk0U7TW-u>Zbn>JLr>N_7EKf_x#O*5yqd89u{p+LglDNf%a+*2Sflsvo zz%8Y>;~IJ|5u;fu00xPr3@xb}&!?j22Y@)m27gBFPycRpC>wv`Au&*6yj5gsU>~f) zm~^Qh{Sx>CP%)@rDXp0!x7$9O)4QqnijDsie$ayY%Iip-!%0^ZGy%POkeG6v{h{dK zcK(rd_;dJpeXX$@^q?)y2Iq2*hUwU%Se_Jj#(8P)b9hbtvV{zG-9E9b+r)d$)1tk> z@R|=az|yT)@S$FMpB|mJneoN33cUMvNegwGL!aK0Q6wpSyED^~kWPh@}GBkrg#bvYG>sPTLa zp_#99quIJxVu-i<11}@CxlH2vu#P1;i1g-q|CjjemHkE6erk7mln!pl>K!uGXvJ)R zL4;Bjt@dH0OYP$BBR=oU0j=!S8f(g^=-TIONKBlXFb?v=)?rH}Y)E+|??@W3BUZ;e zTzQdIIJo21iOpOy8M5xr>M$_twJ+|L0`?NL=gq<>I$?cE083bv3bYpK!od>X#=}59 zYXf586zCPHjuv>}McRcZqBqc4>n!0gj$AiSGg_Jh{L)vw!@4O=F8hwi z;7|R5Kl&bj^bg&dEu-9!M@}Qc>;P_vk<+dr{Ovfypt?(WuPmBrPtK=p**|0d=08K4 zRt4Czt@GvW(J-h{$7O<9XqEUHI3>7nIhG&GkJmYNn;yBY)HD_mbsRC!0WVI;SxE)2 zlbX`zVP;xofJ^u1M6WGdJ8D-Xot64SCue~p!r3(D>5ZP3e$Q{v|I-Cby^L&M>5+)1 zf!fi&-$p<%UJn#SYy6K3Pr8}A8r-?g-mYiY{Nm$9)zD_kuWP*S?&zhy3ERH5jEPTp z%5&_m+S9%CP{P3WHM1YhBZ1obX>j~z?RNj&=jX+LjdHMZa-g)ZySpLKJFa_7%cN_3 zYY1Bvs8kJ^BrPM$z#b@aBG1ubkpEs4kcPxdArm#875j6v?A@AGo(Ol5>O9}3tZz60 zA9krKH6N-QZ7HB$EL(7Hrg%{K%1;fKd^B7ALR5W)rLDX0WTEpeWpS9k3_rf?y}fyN zU=H3^o9PXx9WH3nMa@Co`|x6qX38J>+b>gT)JJZkKFvxi>-gSv4_I*XdFHd){?=<1 z_xn8DmWf1P>T_mNmd)W6%VmYlWxb=>@X60cx4|#GLQ3y#ty?-MT%9k<0laD z&If0bqO&;Q-LR3GvD7~ldwoeC(h|_EQkZg{t0tk8!?Fy69cq95?3J6%du?t4LTOFn zQ@IrGv5> z)0!@u(5@Cetr$cm$mbNA7m^O$D-@j?@K@^Xejz}P__DO` zD@W~I?{2i*13@*6w-2Hp&2)k?*g~ z)9k4y))K1^{xnJdtNBn+M;b>6u`ciWMui2=3Di?yi0JFOP|S5;8eRXjvXp2?Pbw1? zhI9ha&DB`~NQ>e{Qd?zJTmcA56YfyYNvQW6^OHy^4bsU`k}t#Q0ADY~<}5AoE|uJ^S+D?HqH?OD~OS*A^Qt+;|7`!TIUsb={by!Gb_U-D@qFE=iN5 zdj#K^Dl9hDkil55UiV0Yt-HLc0I071=lq`{7VSl+tig=tm|7I!8S(Yqr03RgEszC| z*Kv$91uAz8&5zF9w4Pcfs9H~6;TO7vh~oMhX^9|{@_)`pvw_P$goYiR)wG@Wic%+r z%0!4l$J^h(`T=zcibiZ^wjqOo8(i%4DdSgO8YhZjTA_8J?TctH-wuw|P@B1)9miMp-)Ne- z2)FN0%T{&%)~T*O^5li@LQ#8(T%pzHd>jpZbaA<1Tieq0t75MxZ`-gNq^g|{QhOi2 zf8m*22YKMFH+gQ7u*E%_k6c$aY_D>tT6pHutHjXYx1;SI!LYAgUpgGgsA`QAobB;4 zj|@A3X*z^N<+|J++EtK>DjqFCO|17*zDdX5mVsO~PJ`KJ8_Ps`Gt6u-{>#aPgyWtX z0kPG|rki|swXBx7s<=7#Q71-5SOJHf#|a6fvH);MIzQJZ2O6LghBireSw}-gktJ~> zV-$;<_|8pXP@kLhbPd#kQlAs-z~QqksLyRxIgh3FcBF+SN8(_mrFPYFL3$@ZP#2x| zlOQtDV^nVK$=kq3ew$jn%-ODzH2F2)opCRldAjA)vaUWo&6oqpHU>*1 z9xpxkN`s{uhUOM{Hah#9!iAT`RtcT(Cs_K5s{9U)J$}6Bvv1c0Q8V21K0N%cHy}fL`dK78wtXUYHs?S;$ zsa*+t%6j0(CRM)k(!Wk=u<#vvITUlf zb&_Z@JW1ZxskX#P8+hasAW@Udp5b^|vlwuu;vQkcOTn{TvmeGInvhme`7!=U@N;Ft zTUF!&zOQU~4xv+1J5NUaz=Pz>%v<#I<=whl!$^dbt;t2`Ndt4r9KZjAO+BT^manzl z7Z6xk8k{aP^+N?cC<{bJ->;^X5fR1^3j}BgS-Jdku!#@ls8E{8H8uw_Jtl>}5|R@WS@5Jqvs<(?4)? z7+Ui>D{?uR<)4n)dza_Yu=<*jOu6Lm9^=$H1Ie?^*0}1Sqad`(EAFS&vtz*XH!@oI zIg1jC9{BJ)q;*y3FwP3W%G?7IN%ic%6Ym89+eM&$7}**=#{=Oaj#HYceNLxS$O-=E zy=-TFrtT_TrOHF}5ylu^UF-Ks9*O(ubI^;|v?6~O@8jX_ylTqN@tQ3otQL_--YUW4 z4*nEAWx-dy)#Wrz#pOjH4I@28qbrN%jSFe(W@{CHMttSaF*^x~i;pW$<-L^=j%nuX zATjJ|j>WKTEmuxHZf&REq?5ikhv;rowyhPGOGCOki;s`OZ9wSmMe-vv+ivMXNkPCyf) zmoCNq91o#3m{93!uVEmvkL9dWzK{`yq64xK9Z58oV*71fJP{iSdAL=k9PPT6e+m_N zrWwt)j@jX1<5C}Pw|FWd@TQDcW6nVnAoWTtCh7C>@`+3a6FUC&GdDetx+Hw(+tSW^ zxuP+(1wr95s89;z%>A1R2Ojh}MSluC@PW7gCOtet%~1Y%-!ASle245$fj}6_qb^XI zlvd@B)XYk=Rpp`-^u&+PW*4`iNF6G5;dV>*vaOk)BebllkH+SdjR!-XncS5TmaZw+ z#eiB^*5~C#Ws#+w533>)ZG~`K<%2D{wGrbppf&qi)QrZsH}Zn zbXbEIMGxh_QuDS1f!`-L=V%ev-`;P;L8V)%@(~-t@XCmWTGv(ScGe3d{=BxzvsQ60 zn}wz{E$yqK6H!7=#mN@Wv!kl~cTTw^j>AQUi7=dCQ0N^uQ6^W8E!@lQm(zb~nKLK= zl;#z#2O8dVf9%-~FTX;;OZmQn@6!MD@km+mPMRzZk4Sqp7K)we>vM?ZgJGG0hXeBB*U za862vUmT2hFhAo^QVyhtt*H3BQp1FAeRyIL^+^+oZ5+>X?DDsuNdiIsy0; zrB)|rM4#juAs#8k=5!57pu&bqZevz3^3Ejt#8!2!n{7>p@Z(DAvil^9e@^oOsyNN( z3Bp@4LK9q1>T})~#n1s5uCVAxvwsqBFwqyEtP`3o-_uxe6Yx`0NkWs4=|cNnXeg4i zh)1i-d&1;j`OLnuA1^-4lbK1sAe} z49S>*3av*)x9IBUS(8vW>$Be1A6A;#6!X$F5Siep$``n{3^dv)@K%Lp^Q{KPMAcD3 z+4J}>`J}>?6V3!|5w3Yy*rq%a7PW0vk*_LVS_4&PTs2JkbkiU)&U0nu(O@tpy*`;hRBI~d2?3#n8yW_~N6n24$dEXD@V?4eSwn(@29PyFvj zqXaAP7V&Os{wN?5F}>>r{}Az+wd z`eZHWd$smt8+1-gNva|*MgB~0U>E?9c7xC+jQH5ul`rDJTO6PJ_Ezm-vV=UzN7=_4yO~1_cgM9;hGDv6Z?G4#dC@b#YGb_}2u$4& z7UT6ZKK)Asqb~PUBM;hu$(>POwUSL-C+J#xUyrhjR7wjJ(f!0 z7BEo0d#2*q6+HFhG5`3WW=Cp z0gwhYnW^Um^|bq|>Z%+@&)qf~Kv6xex|EnR(h=0;oKVc*rdjad2ojNy{Fdh- zEur)z9HX1UH6R4M=rcm~KYvbrEsYZpxqzpmS^KMPVPMriOS<163B}UFPUw|9_;7Uv3NZh_I0Qi>Qhv#nISBMyxDZWF zf&F}^4ZfJyisAQF!y3bHoBi)HFwh0d$LouHO?yMGqh=$?E&2^?Fz{{5TVUKs{iye- zV7v&~)^<;c=wl!n){HUo31xO!4FqFNIer|1|5P6WxqcjbgxFJpr=ar5G~;<-Uuxwn z*vEz@1>Pw+V)px?S@f(`MmS{83Nhrj+6r1Tkb@4fo;jq8II0iiU4S>M5qpK!%lQ5WQ~oXfeIGudsP=}mg>%DwEiwKF(uMJF$O;L)h4rj?C4 z9X~6-vsC%tL(v|h8!cos-$;}B#C5-#35KR?^pK*eW6lTQ}MbXk%n-QY%|eiosxqFUBT$j_pLcXI|mb2=^Y z6PYwm@9tNwOWgrFrWFQ-K{#Xfn5yj1ul^H)eg6wm9HQS1goqr$r;6qK_))ZLil+nT z9z%NN%0$5Ja#pN2ydMN4Ew=HaKaqK1w`5E=JeNbsDTNQMAI)U(2ZB)_4^0`LfRQd^ zjXlrx1RE#`QELCIa=xlALtn{8u!x=b0NWaYQFe$E`qgZ1PLV-frnc^3E+WzCp9Lcj z9s%O_wCH&4s{uP^XDlWOj3Ao2;{mgqjqN?SZJLU39#m(CPEw+StIoZ;HM^)}`c2d| z#(Av2GAt}sDLxIb;J-`xC5ukos`_}WurGrG#L*c234~SuF55S>cUSd9mHVvL+*6t? z2~ckCQCJ8mlm7d%w^Oo>wqY|vCoM@6=k1ONg))En>8W&F_3O|z zyqRsmRHe1_6*f#nC$5+MtfvmyJ_Cy-h9CSKk$sRbAR&2A(lNjX&FGrA-Z4r~krF4M z;a29d3e%EaG>{wBqiX_Da zRK*1-=#%i7X(ADH;OErzgY9K|*gC_0co06qksPx|Fu!RCdC>iXuBc7lYQR+o#Wum# zq^B*P)+S0%PS}4d)Z0rRJH+pXn!GVvr32Ca6HdZXtIp-T+=x3J1?|{ z_?^v=eVx&~p$MoC-M_id=QgU;jf8KCjXaH7+|L}S`aKo9;yX=uHhcw) ziF>`H>Zcvk?*IO^@;yKc{%++LoW{%w6xNn75hv0p(TBZ)r9F{9K#38RRVQJv_(WUV z38%8)OpYx+Fb@Hce)v%Q0L2o@M?%b6HcXWd*{CtT*8(0gLwz7Vp4Ji~sg(ORhRU_?bR;rUNu7fn-wlwLUeI6hbs_6ftw{lk_!n`oA2L z(xVChN^c0})yg#zMVu1MUEjMFSKd%wr%wT#WxXp4wtm}hU_u2^^*S4&oTR|RkG?&k zIomwitAOLUzi+#!-JmoBW#@(uX)jw+QnFF9o5?<^8!`&?v|w*xpWQ&B7RHBScVfM- zR4=CrDzL0hf+LGyhBXk*;jRyEQ<)UAKij3KXhOFb5AgT?mh4JR$Yjsw;#R#$lSweZ zhiCOY``>z+Ut-mcJqi}haVoyd_Z~QUSeK@LtFVU z5x<}ET+Tkx(Wriq2HOcQGe!;jF?9hz;uXSZ-*)CD+V z5NT`;YkkvF|_c+qIATHA* zd*FCh!>$h^2gB5eq-5{Z*+nv4wc9&Jt>heZyn6`cUFfyz;iZPhkGE`x{3|r!0Ipyw zpwvD`8J2_sdWyG@Y-IKsIj))N1rd~ZB+AFYF6cPFYhJ%T>We)dHFCnA+v3^yB_NwpA6yW80>i=3(eSjL>JUK z@q%DziyS>F47QJ)O1A2kmH8Y{t+cgiVWT#C8x2i0x1vh9mW=r%(ajdlqO!u#+eSnF zV~x9_-IrGZt;>G|n|T0W0H~+E+$*4KW@kN%{>5uz=MmHWIO z;lY1_5Ab1r$GWh~CnDr`>LizSBPXSG*5h`{>K^VR9O_5&MK-82_{jy+k#2o{5ofFv z5*5Kz+W=iE+ZU5C>Y6fA>>Bc3Z5BH4yJT(#c?ait+nOSbVeXf%{YNoc$9)c4<}F`)F8ULb9ue!irnF|taIGiDZ+&f6l4Q89 zLuKUJvGV;cGzT1us&d}DvkgChobFh5N6$`3xH*5^$s3jDO%k<+Gu*0{&X92=UR%u~ zaQ@54l2H0YFJUJj88ZEW@Qm_rLQ#n>Cr?4)y*%OMjm8Pj4ybtvqW3YU1tXu1;k z0%`=~a>)fX`r})EH~6DE%jHrxvw)@R72B(TH>BsH$A<^?8(_GA{3%?uMfW67QqY|4 z=Ofuvg7Cdv8oKb{bRRq4x!wi$Q;sfr7#IT3C}cwJf`5gn<1Njh2 zmy$L@kNemfVRSlcGS{bwyLYt65wp_6lfe7Xh@^^XFUknVyq!;Urs3e#ow^(tKv zJHOEg-5-37f91e;7{4Kc(wZgs?K_|a0izA@JU*-@h(6g_H6Csq0#x|JxY9P6e?=#6 zApEPMZ%|5vlz~UV)sd)PSZO*3h8jCaH(4KPB?En% zkOGJ!E!u4L88XPi_d2sCKTUdJ;7Vq!G;RR+vQG_-eJ3PQ#0keQZeEa zpNu!_Le|69RKcpTNK!7P0my)W?jt=n@7jvm3;4J~l1dG_8bkWRA4+ecd}OVff)we; z7PAZF7y7rz9Pm-fA5qFgGMdcVdWhi^Pv(8G;279*K52rKz?sUnhJ}rZI;>ZPX&byu73@X;b_4rCV-Vb8E~j3dbk7Z>2if~(Esx9*!Dh8 zi+@ON$l8RnhRFQygnwmiz;B?uyLRmyZV`SC2TVt2wfG2r@DfREOnRc2SA4lvK20_x zF3#yh8#JN9A4mOzwEYFadNnX=u| z+;^SH(zhww%@xT=%}~h&5fQ1TvKhCm+_%hj6;e_Z6v|R6R5TStL{d~t5K;tGTz*Ge zrg=Zj^3M0?-}Rj5xu5&KuIpY7XJw!2Gsmxry8o92w_m1!C&u;T%r+c;O^%lO+J>FD z^e6NcrLph3ezV0q$I+>QHBNyY34g_|Gwbf9n9Akydc;(+V%R%>8Mz)$)G(zfv8mtGW6OS(RliVy+pcTWpuJeEph_oys{a z*Zw;}XRq*9%(&6?vXQ@po+VvkRYH*FM``d}iXNUG?SCEB_HfakIf>H!y??VwyXbf8 zwY-*K#W(48=*`-OJNEopq+HnkckYmg8Smm9nAz9cvGrrukFNZ)@Sbz<*T10IRX5+9$_$AKmc(aLTMmY5TEjRpEA{In-hAJA3~9McP%s1-EA;@8}8 ziAsC;v1IiP9{&440#7|4X}K>cVG4iUs?WFId*x$ITFKYqRV$#(CFKT8DufoJIJ z+aciF>%0oMa#@U|EAQC9w?C#LtgH4|TGh$v*UKM^<@5hNhQY`@ftKr%r_6rsX;Sl8 ziL+_V2^UjDMIDAc|}bd01tNs}doZuwuo>hf$XNm_4r+|49jT0XSGyV+*(SHH{`f?8E!lK7fIRR5sOq<5a-UBK2;?1K8 z`jiJ_3&jz4$5N+9_lC+^q)}>Z^Zxz*b2K!J>w6EFWxC{0+BH!9$0P-I3QtLr7*jHq zgs^Fk;&VqmC1v^~)b=0juFg#MK*@4!OosNfjG6(SD)!5m9$`P2mDWJz8R|uel$@tL z;r?p?uq9qgm*A?R1-rw-fm%_F_ar~J;;pr0l%M%PtD;2%_2HNV7|zOc6je1^htRL| zH7WE=6EULG5( zP7D7a0Z@_@)M+Kse@$a-2b$3Uw|qN&`--R&Z4}jk%R|AGaC8?~Ur8-d4ZN0`>6oAi zR{v^X4@m9*(McX0t_)+p=op15Jy{w8j5f}F1NnXCXFnhg0QQ_2IQyHx+oWF^74mUA z8d|@mUif-O%#e8mV1V%b*nHr0_r8^!es#LT*)|wpKQTEG;UAZacMEu9}S?ePXTOMkGv;9L#p-xiLeh569^u3%jzNKaJ-7LqCQ`PF!(GseW2y zU=)2hi02Kwx{uXfa%%clmWU@t#jP}0@Y3}b=RFi9ODrMm&!JDHV`$025$Q zf2HoK94?r~oZCOV4RFdz3pit5*^U2k1x}6yBF{o5TzX)G$BjCNQLk-xRsOfQCulpU zO^+_c885d51m%a6o=Wui%LDbVoB1iV$|-*ci=JL)Lx*W!#C4#|$=(^}^`-)BS=20tcj2yD;TJaBw%M0y4&vOG%d2s*1t53}P9zO5;YqU$) z^t$BpAniZ1vgZC9KA)!?dw^pFEq&?m<65Qgn&VV3Frilbm(gT-V-xMz=V?wOzFx=L zYszy@x%3S60iJw-_r2WZFK_twXFn?K`6baN)MJ|rz>21+c^8f%C)=g$+KgEeN-XDo zRaZX!apG#m5T6t3|J>Ml;G?yQHqVmT^ELn#_bHYuIrP?50C;F}I5)!I-?}^cYZ~4) zGsEtd@-aAP`yV>{OLl(rkJ6N=vC?M3e28{rH|y;5oM#WMWi6q=LI$#)p=*k-3!-H+ z)8%K}KEm~E+vxXOXmK9~ECDR@;y@~H@6r`Y4qZ|xGqpAy&o{%|e`fiWqNtf2``&rr zBSFqiHYNeP`^W~K2edF<$?WQ41Bi)I+`gRo)9+X5?~1qYzKpX+1Yc9&zH(LK>}f2%d72UT;Timy z?}Ou(uPgddsqGqYs-5w=28^De7|D^Zir3(oml#Tx&3NvoLWLt>qK}{zxeF<4yT(%_ILd(+Cy-?d1o>g7_a!>L^|71Yyk*>37a?f?#!-YdQ;0fr<$ z*ZEH#pE1>N!;X(yZDy|I_o!+=_j*wW|A#|q?}xR|Cd`4q2?eIFqo%L;L5_#I z&RX+_rTj;~Ut%G4<`R3dzv&4kj2i|hxJpa-y1a=+gEu=ciAy*HEtKp^UtPu0 z1H2{tuYjv?_RWc&k#Bkf!+p4gC8^h;Cg{%(*k3|hsExXh1cK%OWHF#NK3C!kW~0oa z=vz_tuqq`=+QRA^df<{dCli<|N*6=2UO^VJ0At*C2w5~e#=rdGfSG)8f&PryE#kkm zNL#A=uy8E4J{FgCF2{E0#=7Cx>(*nYXE?a4P;Q{tQ+%ne7Jv7Na+kJ-#!KE7rEM9Z zepu}Uw?x|y4qDWMqrI7m%c$8~2qApypr>-7uaEoDZ)PPSm;K-})U@!hw(a4_;jY*i zdMehFye=_Q>Gs)SqoJD*Ofg#;{DGO!D!tk5=2%>w9(M-fnZz4=fYV4Y8EVc0PSAHX z`it*fa0ia%mx~cibV=?yYMUcQqu#gZ;;1v*Oc||70GbVnvV&R8X^P8BX68(>XV~Qt z!chM5*bAd>JC)kj4AQUIj)F0^#)KmWq9v5A`XF%aj8OOA11w(Tmuai4A8?6kM;*g%1*3T#}PEUxq3umXQ#-ZQ;& zxZvGV<+ldvDitf%rp-BGIS&7VD(3(%>p+iAnfcyG_z`LiAx2C&SclKO(0wiSay$4c zrf1412EzQ+kG?A&x)XR4=fsS!his;U%15s34p^U1g?u5Lqg1;!Z6{YCWcU7=BH{a(t>gR*_fTPE%z2|)Rfc9Ok^kh9ytu`I^nEs}jHc>{c zQ3ltvYb6gBQRY5tnHjbnHEew3;x%2Jw%Rs~yMEPMo1y;n7pd2VBWexn(R*gW+{N_L z6Qt|{KbO4m+VWGYyO}2K_wB8gPN~5r`FmVXE%@<$Kl2MqJlwqhM%0UlvX(V3VYz{n z@oqtVjl}FfArER@@#X@wfVbT1tkwh$a!YCE?UIi-4rMiHt=RWd-3iTodnV$z0+)IX zrBg=T`*P0ic^V(%s2!1Sp$^oKt(HcA+q;Hi^%e|iSMo=^`%M;l?+@9LXcJY89Jz?E z|3ywVc<(dXvdYg9xwgUo^NE*a2|8|ltn#(9 zw!m|Z{HXqxJ>NWFCFkY?AXm2?t$7BuW+x~GOsIz*T(stS)FD_FCPWXgWV(J`Bv+mH zwgBhls*ZP!sW|*_77p8M>E5M3O}yCHbush+Z1_fxWi9<;?ZHih<%Yhz4XV|1jg)?N zq-OF@U873B*>fl!%)4g5 z7mfwzq9qL(pF%yzXSH%HzFR+X^k%d?Ys+hP9c15nGG?rI$d>{({^oXp_ccf+^2KXr z-XGJbi9nfk_M!V8g~sGf#E8Wz?KjS-*;T0W_SKn&h^m9QQ}ioOo-MoZwh8w|_8d6? zV9br4pwE}JKLl6*|NlSo;Gk?nOU7O;w=Okmfs>r+K0E=K@*s;p zP^R1UZBe5j_8E3&4!6x$12Otx-h)gdKmA=rR#qd~>uBc7kt7JRh0Cv;*dfclS+0j< z9oZyt$Ko6{?<5CCTb)hwdo@Eij=Oc;6@tC%}x z&rL6mqlC`x%;eY9mBW4sCE~1r@Ab6RVJF>ucdAnFlEus|%5W&%k1XRD3 zQA*}zl8XV>sq>_1bny=u(KbZ`Fhx~@)GR_)R6L%^v}YI#FbD!FTD4<_<@Vn|1%CE% z&cGqfhK7nd5CnV;u}o4{U0J7w{r+JBORQ6wV@HZF=8)aqdmxa}p^cF< z4@G7|*6Ew{1j3OmV-3KaIFpT7c|*R*KDEbycRgnl{D1ja*YNsfTq5u>tIWt2p^#)v z@z(Gl73GQRT!X$BdDS?BuU|{uKI|7Gv;qbaX?^ggeZ75;X9Y7rZNS+&iaw#orv0MQ zFTh@)XospUpZCb#!Q3k5XAemUNUxzX+m5TwewFLNj0zay4u`u-O4x0x-IJx@sBnL6 zrU~E+Z2v*anB{io$9Esph^B*bJ;v+qtn5w@+jn|-Qu1xr|1`b`p)U$maDEHaUb8}b zi8U-Tn%4$N&o7(2D7Ow_7xziS(wR-|aODyZKf;6ODj{D6F$0GpT#CgJh&9!@kp~A9 z(aPwpin@R3z_liO3M@_#{mYFpWRtR_R1U*Hj(TNaUs;ewXePd~h`Sx-vYS*2HJ!+N z7xrC;OS+rQ9{S3uhFox%fm&6+8lRwlw=*Nv4)~QAhBNlLUR$`ph z>S@7>sU5PxW};v*bu_xP4<0}~toVET@+^JdnPA9p)vn&J_cLH2TI$@V${Z zJv9-^Pi5GhadEALv5O$t+_WM)Tt1w`dzA|VN!8>0J@YHIy)|GHNT$?--yxl}`Mw%# zii0$x+y6d*)-w%&0Fo4u7U?HeaP1S;b%Sauvl;LPZ*IV-g{!6!kMHAdW4L-$&s$h67fagS|{nCoYQyov)&Xppo3fk5zfemIP zMHfn}M&|xlzhQzbY4*w`gKhgQnIPGu%^PmAv(UpOEmbq5P(FUMC@5hTNO*IIj{=XL2x&^jiTsfit09qNPeBPXh>y#mZYS}asD%&&lPNAIP@}so>et+r8lO5+Z~dr zX4J`tUj2j=$+X}Rjh<*q{q)OPlc36@?)Xv*~(U}}_Q*9oPMk)WdES3i(^%MzzkQlatZqrIY&C5>{Me&R_- z76H3k->Sz|uoxkobT@{DVrR=5GpQDkqHsRTw;MfPnV<79Gc06*mxNC}0=#ianmgLn zIL0;&=tMLS6G$+YQ@pBD8E3k(ff2|gJw{&~pMWl4Vc$i2PFHr^L34k>LgBZ5j}M{P zCG~$eC6^fcVK_};a|V2kAnv^oSkGp)EINZ3mjff67y%Rq@*F=XC}Zkg;v%!XU7nD{ z6G7ds%uP7Lj3YiqQ#P&On>4uOf;LR-#=<)tpj>YL%zlQ@G=YCTO@&1`EWplOc;GPT z^Oa>y2GWv3nhs05p`N^+i5 zmdza%7e}R{H%y<8LyZDP14Sj`kIw5E41zL|ut5cC#0G&5@@M784faR_O0Z-!fGmzI z`J}q#R`g%-58_>#_cf=u^M?WoV0LTcuhVB#sBTR9N$D8BK^tqfXFD=8wrtK_gSq>P z&~wrmPK0D;v*o^1zh?gTH6xJvyZfS-vk;W>0tEvgjWi!?%2SrQJQ-Q);1LJ-vAHlTp9;Zos44@6iErY1>hFRJjPz%Hz<;BWqbh5)VB$YjE<4nc)7l! z;UHdMfgbj!GI3M@lpCvVk4a=84G?D+U;uLareJ%mY3{3b+BxQur9d5T9e(B7)wo`T zZ;U5%5sxp$o%`$BU*O4se0eZbeZc=EI0^{d+#zu{Q}f^xJW{C5=6E{%d@#rnpfj|0Dy&#!5@$nlUVVqqcRRV1`Ve*9#G1( zH2!7k)7~v=aJUULJtvfmr(lj4yaNCu(wy=;8oqCp&- zD!B}lIaI-~631@~#tYBcrocTBq?wG@vzN6RD6+(VR-GLeAy+qy$2s_VVFX*eQ^=?4 z8l&Z!e&vUFh;3@6198&ggbCJ@?3H-vBmfoR=|INC+^A0r`HD*NQ1^i#0YrsA8MD4! z99SoZ+si}Q8HxV=8lv&&9ilZ@%>mf4P%-DlIKA>!2pEW z+(&w_gY*X;EPCaLe&V#-&UU?=ftEU^9#y<7b9tnyS}$O|G#5qmtt_Pn0rotxS`+!n;d1=eC{xq#!P#zO|$rvo)D zr=m32YCJ$pnfH;sT;uSA;V$U`yToF>0Kyu+ZEaVSa!dobeDDAW&Fyu<)~5-66RZ=& zhJG(_t-K%0G)O=uV{nOGc$La?12tvntW;-a}Y@ zZXl;8D%A2z;iMMc-xcB|+XiSNW0AHCXXc*r(effl+RQy2g4?a3a#a_BTg|b~;-iWN z7+J;9Vg!8+#lIo;=UqJ8c~W4hs5;B7LNgITO%IjFwYssVqYzgwO%<4j?E>P=f+5%a zqk^B5am?c1cgu!z<9(QuqBMD`eIGp0zmw6%j`dR(Ftm;{6UOimHEJWgW5zW*?r!O_ z1~R%npBMSH66fiLD?>K*xywo8I*x&eRgyH@Fg=DzEpE|pxF(G#bGlS^mg$O57(8$| zGmg~6UpLU&(~IyX6LO5KIwSu=duIh6nLe%FRvITOAcI;o_7ipq$eUm>;E93GigR&rO!B!VGD>kiIr21TH=sz#N;Kl9KuF`_ zDifUK{@_nCp9SNho741y^ru;_;jON}#{sF$tD_lb2np$s$Zeo)FP#aQc4jFcO1J4u zHO}eW_YKW?Vu+Wi^*L+s17@SDsc0Zkqm<)R2N`dyXsb2fS}^kSxG-~(cM}|Q@()Gt3aYhHUoTacIU&RLMfF4R4)#@7*r z@@&yVTjNzR)dYe0$x`t|pWw-Fj_9q!!{|PGsR+oZkSYKluzSo;k3}5OU{*}}3!hA~ z_)Zuy@>QN74S0e9J@5~7DJ0-hZ9XH;hWq7yG+Jq&55WM3Iw&a%FRfaHRN?4StHv$$ z1z6rudf@OdBqR6YGPGZ9NTHv12PTG`h-95l9*SypFVo-IAsurrBVmyTwJlZI>O8LH z4tX*(a3_qPPYQ zr?%rlnKBdA;n;a-yvc~ku9C6PB6d!wi1C@lzjQ_Cl%Ams#uDshQj*TCY=De|Q9yk% zR$mcxT7-zPr!N^UVW%-|7zS669`@|mBVLN(08@Q-?~xS&$?%tkLvs<<&}%<<2r(0c z{5^L;MsH!L%C5&3sWsrkvHT5V>N7Pq;u{lr-Q@zJNUiJ*x7m4K7n&=%|OJ92+>Nq`PBrH ze!0aNFRG$?HrtB7?Wrc9Zur+v$3GxpYt}dd{#jPTXBKZ0RoXGp)J` zqCW+|(tcVr!jglu-CekT?mX*0aAur9jsL^cPJK#$xBRhKb%Uy=JJ_p?CgYBea)A=v z*l1!12j1)B&JHc_??!ABD)jW#<;KWNK@dVyF{Q^0_*ANXt=Z-hkg(>6_PIrTA7&|x z8ycKFT?ywbXee{&N|A4<(^q~Pz9zS+Hb`DPzePDffQ17vnT_22189>V(Ct*eIM}M zuM)mHgagzW6%8yRA6f`C4+{Y4TaBPo%_?Hv6U*!c1MF}$Ko`DNerX_|RFuBq_U?<3 zZ3T)JYRr)48B39B@9XjAr;-I~vZ}PyR1X9x)bLZ^s7FPkz*UULUGOA4Z}Q=i`Q4V& zNI}aLSMW*}^VIuHP48sF6N#Uw#URw?+fK&}rK5+O0s8gPMsiLu@AtvQ!)eu(*>HlH z@r#h?Lq^8$k8;o0*{c-6I4nOGn@$E<99;g!==weh-;A?0Z1r)WQsnB zJ47DTDvgJG$~{LcjHikuFn8|M%TNY+@mpd8C>PDgw4&oq$xffQ%1I*VFDk@qceyeN z;;bu3)&^$PRdx<7kYTbq2h8VY=V7dv6)I?j_Dn5J;2ulK?OBB4J0kvhVYVxm(UtlR_$aE)y)xys$FVVB&-=wxNzm+<#Uxf}g zajMoh#+4diPjhLDkYGHhUXH!L&lGdtdC0BoOaAfuh`{SX;nG0(m4*aE93&Opljk=d z$qK9!boK)HY?T?HA2a4IF&RW{DLIs8Y_EQ~!b{Ix%6&>sRo|%Asn@Lf!Dhe>Drg*C zUmJTOb3ri^UMR5YGZAJS(GwD{0x1F3Cov>@1{5CDEjgo*+11fhEc!}45g=qb16%C> z3aje#jo3K%gCk^`w{;1vc_J7Et@KBkQt&5d@1f zu%j+*cD9*JrXQ298V_Ah4r}D}Dg)9|{Rh=EuL?=a-z)aTRd(EGXaDj=w7+w$8NZH(J(I6FRA6q5 zj|vJ}wk9`oE#&Ae>XhRuYnZ-O%U*76UM`hJD+`LO%&PrU4CxO5Fa+qFu&R&b+J3Z= zd05a)6<^w&PtoQ-){j`LXNzhBYS^elE$|NH=*YIkz{f_8?BDy-iF5{;7k|Nb!c8r& zJ^xZ+=64$`!Lsl^-t=i=B$CDB=KMQ%M_{l81$O8$mfX5ZXMmnGmu7#Ps8zJjg9=0P+i z?S)Wo#Uh}kqoN7+3I|Sbm64q450X~ang~%zTZEancIz|MxzzHh%r+^S^A*x;+Yxf{ zd#p#{au%~~k=gdM;~6`=!A~f-B#uj^^166&C3)KlMZ!I?1`NuTRaXWG9`Dl^$Nd@X z?9;Xc3VldTNSi#sTX@|y7pP2pG#|)F?0DF&;jp#QYr0y=7;7K6ZFimGDHcuNO-!)T zH@Xi31YTv%NxHrHeE^Qp7+kxZSWzRMrc{v-7wxM^3X9Uf1QU z@iw(=yFpQ#tvdUCPD~Z{>`2wX7+M}`PF%5(2q~9afCaKVy@K_sQf@n;MKksx#LrjZ zLKPiNHSjp8iGKyXOAcblJa45kT@gAjEoDnsSYpoMBYa?NL`mtx0+%%cBVg)8VCVj> z;kUOzB$Cz7FNF`zI1(Xi;nfA1dt-O{C5rUs!oT+}N&vMC^1RM%DD-yNE7Fp{mCoy* zTe5N`a!<<*ewc)ZAL~8@s$E007-u0bS<2#wLfyKAKuy#YT0ChtGtlxeY3blu ziXg3^$NE)M=spj2Pt+n8%W*A6_5sht_nmZs;;dQFh`N}8asbhVu309L(}FPmVUqmD z(PkKPXXoqC;?@h~&4NN|7)~@+giGHgj#eQ}3cP6f^vqox+ZG= zJz(fddkn$eiVYYT@2u#|pT3%NrvVsbP*QrQjNQQ?gb98~~!@sk`=y10ky@iS{`G-$Xln&3!lv z>kl=ytGcJhTf(WhQjq!563%i-(_~x93bAvf*;Jer#;9Fv*;gopiLQAtL-&IEs>fDf z!$!EL!T)?TfV>C~^dezsHUt76y5?_(UJz6q^%4E@CjKHoy&D=Ug^! zIxwoMF=;lk8lH1x!vZBG*m>t-vd>8+hu?-Lvd%I0=2Br!z5#)f!i#o>V{e_7otf(^ z7|P$D(F9s^I$SFI4`ORZkOjQs&Y@eu`lTxvyLC1q62~l+%2iFST)Sqy;oR#`;{Brb zurfzb?Z(h9H@Ys-qMv2)$rWV&jAbX8p$<7OL>e{1Q8+aUC$e@(aMSdlW+jChaxC(6 z20~Q*5|yuEV_lfB>69*w7O25 zWXhfDnBq(oB?mT)4er$8hmhpWNv!%_OO6B;rrkNDAwnJ&=MY@TFT%{K3ups5@_yS; z$`z68UQH__l%Ak%7pG^5KwW>{!0^_f`Q08q!&LX z!~O1Tyuvuin>-!v_shN|(^WUMSup{yl+0-?1{^PHG1MJ!R8|;qHhIb(B*a?=CGp&H z3#xoqxp?NUtycHl+aodnFI1A>xxZp%($>AZkcXI0lPx+d!w-OJ@0faeb-meAoK6%X zM8{jCl^gjR%KEr|{PhhY4^Zdnmg^^}JAL_D4v6st7caaHydoA)ozF-h$Mi};R5*kb znn#0{qqy2%*{bbaht~TBc|&I`5z?FuMLRdl;oDS^p0~I6PYfR~axA6_k?Txe zwi?8;$YBWG1Q9bj@gc1P?{vOJ$o*M!J!h=ZGN?@0i>^{AnxK^);`B^htK>RIwzrdO z2^V(vBb!psWb9hxmzP#U}LoC$@rqIRFwRSa zRr6WhZyY9AJ>i4|m!;#P@_5mWBUI0>{_j+%t$SQw#9iyK=@Tfu^J-bWapUmihnwl| zGs+yC{5%E>*NV@cCYJ0ExUZ+kR;-5Gh&{o~^Je#&nL&HtsQVfK^87KJVDvkfwodnpN~O%>LCPqB#t%KsT&qg z16Nm>9p04!p-SSA#X4$vIaqD?=?4JdP^k*G6P;IxS(?R_Gf>~Di7#pEzyww|u zAttv^PR!cJT;WFDRVG8oCMd)0paL43g9H#Q8o`%`E+Zry zkh^!f!%U#o+M2N}%}&SZgt8Xt1O6%czC}=uyy78*&_bmUVVqEu6mf~Q?}|sF4e$#_ zcPxQv)Oku5%=&+m;s+uvw?`g7JD9%vby{4u2}L`3f03s%2eb>^8!@>39dW^QQ>)xD zjQVJ;Oe)6h&UpIH{ZDb$MLk_$xE9s-EHSdQOZ@ONWB_Ja0Cb0v;J$8ni9H9IW*JoM z$KfDvKIEGxJfvBcI6YxD$)AY0E}8@e=L*q-0SJ%ys$mUo6QtM_dbKlDRp_=#?v^jl z(;#RxM`~4|60_cSQgT}^YvcK+1gi6W1@%{a;Zc4vq+w*xaJma%_cG*NvesJv(>RFL zM@xj^igdWjesn04dxW~nLF@#5Pwy|QfR0j5SK00T;&NGzF@%{borh?qg%m$@>}od@v;H0s3m>n6(}_5rs#A_lxuI)0R(}a zX0nn|9BZQ>!B;*n;Cm00Bm}Gy!bfZhp($7%gNV_|w~L)ch^8%r>G{+<17!vdil+?D zPpHH5rtc`6laA&G6UfF(w2^d6RNY!mvDNrQ4kstb>NLQ)UUZb*!r^s{T{>^yfwWiQ zYbSMZxgu0sGVKwB5Qb}Ri?rQHts*`7fhb-J??{3-$S?w_Cso@`yxb`p7>%C;$gif~ z(a`#*EnKE7t8Pxjj<5Lio^Ixc=G(5&NBQSgc}^8#{f=s*_JR(BWXTF+qT3M=Ju-Ko zO*hPm2=%Y^kRgzsWj1CuKmYQM!SiE#QANl)cjkn8{(?4}fslltRl+3ZadiByfwumP zTY~a)GT2@98LkL2Db)%daXo>wdz|P|C%R-q${g#Tthh;!A0OS9ZI;E+v}U{8{o+s( z2>M0RL>Cq0aPjmm;i0~Y>jhfWQnwcoT2_%D{o$xEK|E_H%SK!b_ue;!Rj8~*>2Gwc z1K2qzeX@FQ8C0e_&q9wQ2t`K8EpZT4JpX)P_)qVI+%Qd4Se4zTPmb}-vEa&+tLs)) zpz4^xju!8)-@n9q{ma1*{JRGag@iZ$j3>*ZHN) z&t_3bmZn4|Qq#;3dJwdJ){K*E+wT5iwe-oyj)Wpm{*aJqWyz`R>QCT$&>j2k7&1?+ ze*(;bpdW>vfI9M@VI!k)5h^6HjsY9zHg9@k{5Vac(~!v?RGen)B>QEmx*cYuO8d-x zqD>Onk(wH46<_u-s;C$qHJm}WOr3m#;hV#3RP!;bVlBfBB4O(3RVsd}JuStt6CS`D zhQ$bW?kBOUGQi>;YM9|q6u(PVwxS*R4hgLN*IdqMa%{u58swwu>Vyqv zEPw%J8iq+pY#Qo6144;UeA|Zg?oTg#W@=72T*2AQ*oZh^K<#@%V>= zM;Oe#CIc*FEw1I5W8FZxOMS)`RjC1BLo3o!8AJ1y&`3T`@3L)ol^S@)Y(2$zq_PATfC z`yy!C$|MpsN)us_S!j1!aK=d!lYCT%Dm>G+&dtRp$--&~+52mqD>vz}70cLCOUJ?i ze-n)gv=NKVEeL-wf`!5+vS`MOeti!zIrO^|nZLatd)yKZ+J$I233~c4(L;m7Wr3a~ zGV-KDxS&;ab)7GOaP0ejp!|@0v=jg%lqVWz&Fe4juTw7;C<6O#4y5hN=C?z_=l$Bm zX_06lTNQ!A3aH|hGhOUV?+UQUU#iZ)X3*n{e1}S{zCNnM1(f0)dhHpY0 z_cPV!Oj8x^hWMCPek|~Gq)Ys9=JDyNpYtJ})SU^&x3iPl z^{BU@r!rqdj(NnZcUS^4FJEB=C0Y?H$J<;|=6Lvuz2O02p^M?3ezMq=vzQF~Xoj@+ zWo8V-bCIp0OufpF=pYoi_FAL|ioM)wbyZdN5~hMOtz2wlIKdt5SfgBUY@J6#--vHR z!!BQvpMr1?<>aV|+M7USWu}}7A~a|ww#@R8(HOxiwb*=^BUs{>(`@xv0(1zKl$31U zzYtD>I1u=4dc&i+uO(R*UM;?CvvmV;!DUMzT5c}J-}DB~o&_|zwk{yu^poCoMU*@W z@@TaQy30;U5(UL_7B}d&z@NK)NsoI_aB}`hj+~WFjMHruPalwUw+=)OaKZjzae}m( zCd+|BW7<6|&Gi2EQifJ+%gaacp&c^gHfOjUT?i{9==lZTU5o`@NjCk-&-Czds)N@r za8I+cW=_v3gL7en3{(%dB_*GF+BZB#Aq71lja9<)r;c*;ErK}LH!AF)*5aOubvAyE zfZFq#)M)7AmUYI0{cG*mN|aY+d@d^q&X*>^DZ}fCrkUJA2zcmcqv(WvX8N|rv?&q2 za9f4w7)8)Zp}bv#E3kU>O>2c$LruNOaQTYp3Er2x8WqZNeycPyp}#Q{M6QJgY~8Ay;Q6p|a#<+C+JQ)V z+DjL-IHUbJ_$1>2gzEV-3aAcc zOH|I@PnC@Cfx1Z5r>yQm;>o4n%0?SQw$He!; z;6v2%Z-!kFR85;xKd}UE6H7Ad;)|x>>kQ6SA6^xysS1KjxM#Ehj}hP?y#K6!# z>8((EZ769gT54e2CE4^j;DA^bJAVV`xgN|BP5+meQVY^?W^p-cRWxGZ*ik%6&+8#? zt%s^$&b|V_A>qE!%tG-&+mW(Vl&@f$gwKsWBJk{$5tPGQO9LF zD+kajBqG=zkUx4vtJXwO8Kqxc;OI0;k!DgPt>r<&)_<~P#Pu!Wb`6`GL;i+z&@jpB zDPo|6K|7c)(FE0!~yY`Wf@FIsxjsywZ4`rEca@<%+;jm!htVhJWV`5|L^Xa^q+ir zPOW5@f9>Jp7|_(61j-)fUR!9jovyM3-#7XyyB)Y|#A_Uc6qwDiuuCxRLQoFOlrgM4bx1;U(pO#BDV5a}2}WaOY&;X-x79zcay9=5SaFtBC9GwlOnT1Ls~d{0s5plzwe3F|>4yVYGl zO_%M6+uohy5b0`zI-WoMT?G1vAmql;i5a!P6+DEj^-lxvgh*UG{U6EXMkfW_B8gWX zXAwf382Hbssia~TLB$4l*B7_-SEmt8;~PoO(-e5=qJ|c4_{0 ztUS9yyqcPBTz+@XW+yY`#JEbD2eCGJmw((Fhz_Fppu{PoS1=47I*d_pCr^V*!0;+( zMlRa6L=;rPdZ2^YSZ_&MP~5AM50V_$VD;^jNA+Th;X9d+zN834VIT-1PQ4J|(VVN2 zd|xNv(~It8E@Q~A%%~o)j6i%jUmTC37=@d>ez@3<>n|v;(N(M&JCq}CezbIeTNE!d zaKNn`?fiyEz1stNK|AXIWIylC$$SK}eE4ypnbUE&4XP&?83pR|VsUL$e>igxEj*2u zH}2vTdzeZ17!q3D#GwA};zxRr;?~bJknWQC zK~nXEbis(Ln&`PqopWUgO+G!&FP4*nTyBPO!MJfU$<Xfoz>AHW-?;VK4y8y$rRFq4YqI3hxLZn$q)us4XBJ#U*#eAB)%BMDDBV4bcjFe zS@638l;04Wjs+dVAkT_5+n7W#l%}sz1eDoyxTUhl(#3Yf+OanF4;0gL19U`_NWp)Y zguZJf10A0f>P@4V6={<w_9# zzaXbk1H}|N3?<1X=;=@cTUJw~nusEWh=pd>%bP62lf(rm{f7DwqL?KBXS#<`OA656 zjEf6P;mZ0hY9^GhcwHA3G2f5r>3q-4hOG{Q95OlA=$>ivYrQ(c!O1BWyCIr!LVCQ7AYj#$(5gSlVT@Jcpjx3-vFJ|0e&Uu1 zHPDJDWzr6Qc|sY=V7!yvYMB3RzJGQl!L;)3&=zG~|HtVjMPamv(%{Wby>5Pp7 z42^$d+Crs1%yF&L(*X5|@o_t+bEjk!MGazTLN2V1?&iDx+8MtIF8oi%CEt2|coehz#^6JUm4A7<$#hHYz5m>F)+Cg{7f$Ze+mlv=q6Z5S zp7$4nerfC^rG&HF2Vn?Avzn$$=kHZ@s{EGtDhF{N|F#^&RE2jW56HW9Gd>X18IF`w zt?%`AfM{3n(qJPTV-p@Cd93k36cNVd;hvP@&foeJO+9|JtSB-*F^pS*yWt*G@yO8yR6&T?r z5M^n>4XdD@kLn#fd=b`~oP8nTa{56cbI1ti`Q4M0UxnDk=Q#bXHfAVB@vCy+Ci@!{ z97*WYq~Ah+uL?!M#-dFXhsJ+nA%Nc9&r;NoP~pkJrbp2W6Tuo|A__bh8m6irMif_} z%5((-WDo7+Sc`L$B@DC+xjF}ZMdvfB*|8ZlZ(YnF4^009inwe0YBXO;vl3jIISS+4 zWVz4NL4o_-f_m&zdB=kD%g4+}o-I#PBv|Bhe<8K6a+kkQAP~ z%K}{K*;9(B@E9ITqu-Yrc;PT(_^7K@Aptsx1=P)6$VA(cLJ`ttIPy(##kkep1n<5} zj#MkIUrL~w^oP1I1?ox_T~VS8r!Yzqk(zupAxMvY?4xQspSK!R+UUMy)UwP7y6o}% z@DvZ~-m-i>gm1VRy{Uv)JO+%~B(nA?aX@`cqSZBDR0$04Flj>rA87JST`9E?spCsD zmxy3r!5gRtbxN*z4rd+BxS%aHaCyx2@#B^X!UNxvW2p>V9Gt7qOBOTzpf|EsXAiQq zSPzO;Mffod@CdNC{^yz;-9%B-TGQlEcBl_ak9Ik{s<(5{f`m<wl83J3D zR9>1Q5`wbTr;ApQIW;w4%e+h!W=u>F=w?_b%ur5AL?un8Tv2HRKgnA21wL@K&?zZX`@>dBe$8M+?m-Sbr?(_1~!NjS= z0g4^IU*8>myQtAk%}pgFPlNK!`-t_^*zu(2!Iz7+knbJ)uEL|IYSniME6vP1RJKUg z=lvQsq;i>z*`J8Qt2J>${%m!4*CCvP^1swV1y1C-jc|7GPVKfvmKh6UjQZjOylv@k zAf~^$k|Fh!N!gb&6l7WGnAJ1s02dveIfYFWT1Fy_Ma74)Jk-Js&M2|9$PViyDiV>? zE2ID159OK5r2KV=$}TarsduN8Jap|7SVB*rH;y!PP#*H=l^`P?@tG+nj5H-O=NLa_ zniPz_2dAlaV?`gLL_FAtt?5>8a)%(i&}*0nxF)PZEaq`Z%UXl@ygGEC~acQNUQ1MoQ0AikhLAf zWUM7nRKOE%E71^doLK$D9QNrkikibYk#$6mpVeo-!wLEF*(3JP6({11Nk$DMUwrOC z76sjU<5Ncq*vMv~QOywQRz?Re+vTI%8q>R1j{xWs`>gD$(%N?CAUSpPy*g6sC(_eS zk==t!L~@s$X&aF+h8m@LGx~hqb8KY^x_v;oRlWiR%Pfsz42f5m*N@--HL|j2bvh<& zeS|CScEfp(l{~WHVncdtsXkDyEMmqw+g=DcS<9nM6XgS*idIL7n<_2jx9ZjgWnJyP zBx|?npJy^63F2^KLXSCn`cm=gbXyuCCIuk>?-{hRO&wT9m+i)0(Ia{QTP7a_=ZYh* zDyyQ^P-IxF&^D|IEJ_z!duA_gkzVqs61O+wcc?zPQbag(44xkg)F}5}r}7!Pq_dH4 zKQ0kpeX<3_2nK^kVV|6cIK>nM48&_0H7Qtt^gl#Sr|TlF@?*}yi<#0MeH&pK!y;6v zFCd>MX0Gi_nCtR^e|frk(71Riagzk%^Uj-APWkM`q7`JEG`w=AkLHic9Ilmp(Iyon zlpm}k;o8&I9`t)>sp9?Dj0u0l1h0ID+x0y5nTvoOhmKTpMy$I`s_kI|UgajQkm_@Q z-Aad@6@_$4qCj3*C)gAbWr=IFJQC~@d|~K|vZlJ^@6|X}L{@X}AQ)7e+n!5W4f}W% zPE?jd%@YpkX8J&3m&9EVDpHXX5G@FeroKLL4=F1;0Gnv5iTNhyJw>)UZika+1a7mV?F9`$aq=tj&bK^%*QK zyQ@JFexY46;|0m67=LuC8cf1Zag%fWv$Nltsy7?VTATKAK4m{p$)^|86%Zs5Q6SGC zv?3K|nku0lh$%()nm}@OcP?kiKg!UgTvrg&P1(C-0sY|sSDVWo)Ao#Y<)jc|1V8*K zOTQZW`2wxs@C1EXl($YtAEq{XOtWbhd#&(R4^}GmH zj*63BWCgcWH~r#(Vaf)Jx`$jCB5Li8EZRhVBY0q(zNnc^>0l8>A7qEcRQTx*djIHy zpZR7~wB9q%c)I(<$BL`;B%`N-<lQi`~j<{xZ9uGZ)u=;|pHqa3iy zCE-E&)63TC<$4bwvyx0nqS+Pn{s9O(`GTF{^2YeB zKfD(D40uDkoN{u8K7(sl)=Xu1k@~+u?hpN`3HeD44j;CBS=F0o60!yRje#oepV#j^ zDiyUlbunYog7<>Mq(3CbOsqTZv;-FN6iy`iSR%OuTYHj&eg0Gt>=P{w*w0Tb2Sd}#Kb z*${#|0v&G4h`hCt73nx_Kn?48XaRuxWw=F)+e^KLTGoVyhY=P$+!KWx>s7%U<)SJZ zC&9w~+HXL56^29zBDOtCq+UP4Lr-9?EE_OggG5nth7ZqpvwdbE0y?<+m;QqMoS4%P z;lN}g6+`?p*D(KfBnB5rTSq=io>ewMF-UUAXZgbDtA?cZHB77(6e>}Nu*cST6oXPy z72ZtsPfymNx8A;F>|EN*Mo|LU%YKF)DJ@3x>*+{8Y9cx>C=u>iYoaJv1Y!>%P}?0it(MUysp%kDh9&8qhIW~1DZ*?@-!toTbdYF+pp zTxkf@(jim-<7lY?zfYMwi3xg^L>j8^Zr{r^Q=ZUcOzkml7o}O-uSP-7bykV5_kj|4 z!1F{&0sp0m6vAaE4Xv(zG&fwYZnOhL%6D)tLoJDDNGj9KKGtMGcQWVszsmTdl=WIp z!CXhY5k0rJg^H7MOCL8^zFUyE3xw0xVfkP<10L~XWj&A%d7;+e6L8$%uJ&5wns4yAihGHceI{hsKVU-~O2dgq6SUJP=-0pydijclZy# z-+s`>rxx9AGI_`rs~0g-XjVlEGnL9`$IcbJ^h$f+IMl zeCG6G%^tA?J7qGi1oD~ny3t{5T+|H>_$C}VyZjnyo<-p-7Bjclqh@fMnCaCfvg?iT- zK!RIfV$VYzVq3N{&O~WN(~qWSZ+fWVeiUsSi|G{oBpu3Ag$|o|{e^EH&Xqs`E}5*<_6lCdT*HAVdDExrGAYGO>` zZ`(`?q4bMmg{@Oko+J-BWW|o%ZpN24o68<94?gA;7 zxZ*KcCKgGk35^@q-;eE~2C|E9?8Ue^(u8{TDwp-gbjdC;M8#uhl+pc#7dW0LgJBRM zm8nJp3ykaZRAA45GD4?Iu(J?tZi-GzAstW>ejSSuzu75@e}3bYfgh5x)tjqu&U&`l zGfzCbD(k&IeLsr3v%%&omw%-kCE7GZBM?{j+2$J1w#dD^Eo~xroFc%m8N%{r@{T3O z-B`)CbBA=-fYgXS`gA|y_ltpjObcrth~JXeqG)npdy7`c6=W46kn>7@r%$zI`&+*3 zyTun39tW?0^NqPLvzmCA_oFpT@V_vzBTed*FtVX-i$|CnZpvK%M?;`GEh|91KAM1; zx^!KSkMUR%F+fwl6JrcJ15pPfU`ES@ym~pi&ZSV*|1Cg8F*DPqg~4chHzW$G?xQud z_$LQ~UUz6s56RL2cKE<$&I6m?l)a7EyE}Q7X0vhk6SORNW&`lV(=(E$|5W1{KD{n# z@3pS{y&?B4a24=A@xxATO24CE6X-_CrU3d3e z#$VS{F^r<@%MN=4oG-TO_XQ!1(x*hY4~FwH#3vT^Y9OInvW66_H-@C@y%gIG^+RB& zQR6;K(~cf=}519c(5 z9)(s08#?KC=C(D{f8x?&tb|x70;PG733-8 zQZ%!5j%%8Z$DC4t{MlxH7BQK`ra*Msils4O{{-dk_*(KtqF|vIGlJh|=>s@OdE#VC zgXMIR?|D>fVg`5lLkhTofi{w=P?9RkQ2Pg%TT$#bLr?_q54kfpW|}lq3gf!er+Uc?Yk#%j47E;Hkp2(1Vyhk8-r(ztr^jL3q4O=$B0PH&W z!R82C^LSfKmxx12G%lCjVH4XWxb)tT0+PS4&Xw#8Z|1HZ>~wer+9J`zxWsHmZI#pWTGAec-O_g>4J@rq%jJ0izOVOYZy%+&e8WU#~4G>6qluXES@OP+XM%_Lg{62k zcTr4=0HZT^a9@Cu&JQ4y4t+)IN-R1#3lO=b;~}X#D-|&72G}c)8t#rYbVo`9yVKb<8CEXbg*0>!<*2SM~#bkLD8|N(c63Oa74R5g|~>x6PbqrQ-)9;(elkz zMh|R&5uoU+bqHVCUSs^>TT{Ee?KGBwu7vgENR;3i1lJKkZN7_Z#KB2zlobA*V&l3h z>4SaKdn2lBjt67LcyUN4$RsEeJ+M0-09@}ucWDR=2ira3^E z7LtmwaML7?RsrY#%LdDuvf@hb*sGWRj>1vH6y`4W5$eQV|s=A+Lr zg6ZJ9y-nWOIoeWmtG9tNVrzc@9LHFb0)$Kv(w=x(6{msl?Y2IT?O3?AMM*nbFF%u``q`quk+}UFP=_c|2$a66>=-Vx0_$15RfEDawYWsA;?m zS_Xmfg|r23)X(UP1YTC&jsHt`w;y7~4ef32JsrvnzI9HYP9&v$YWNP!vEdy4!mewO zrN`qv6Iv!VRBolwXWC$+%;4LG5r2i)P=FgTo-eLtpoXmrHwb4tMwl|gO^Arys;kc3bilJ7>Tjr zO4z*SHqWb$Dn@Mw<~WnF&QSdym2)evBxq^Tf~fsi=k}_sW_0bu4w&d6d$a{=jGqo& zjRa?XpHNY*I}uZ~$S|iUI$$U=*K~u0bQiv#u5*AtWbzZImnvY_OMow4Pf_#eB*lFQ z!bb3cb6kXR3C9_Mkm>i2Bxe2&aK;m-%#=Mx3yS-+RD z7XCbUFJs8eD?EA`UFYwqyoki~_pbcCD}OEB`}+j_!L9h)uDpnk`2X7#D~<1n${%G~ z)lsvPF>R)F$9+B^S&lpt|lm6z}j&r!|f@S8Vp0n;x(;5RhjBg*nEZPpU9U zg-@z50p^fJO>hQCR}i!b{5i_3)eopB<1!r$g|p>AwdeJ4vr7;`g^U8eI3OjAyEyxt zSs1@3r01Ih&PqQ1U%7Jy12z>#TKvP>wU}o^?uy+N#o4lXv*G+KwwefBYu9$$+dC0= z6`;d`rJKy(1HH%JH`fk6Rs*9-wQqh7u<6_J9t-+!4a^FiW3-CL$SB98o0<7!MQ=^e z4g(#G@q|E=OM4&HF;T|k+*i8%rElJ3JDoeJcQY1^opt0nXEMtwa4JD$&RJKBhGgQo2XDq{5 zvLsvCh8bJg(imeM%UHhm=q#P{dcDs3^9OwW#F+cOulw4s>-o5zk4&!U?_)p2&ced7 z@6yF{W-Ki194su`P1$yVPdpzTIK;wokLA)i-D`d}Qvtji9HB6U&seH?`?V`#-tB+POY$tfeM4B@$z2t>;9GaZ+=Y*QIcG9e&*9UyA zTwj{t2&%DPvUaaroVa^kXFcZ~hX9~%>!7SH8V0 zff9T#gD-e(=fXfk$Tgqi8EzqS^q?!8E#al!DH?2r$bz)e&cj*5@`<9Aiv%)qTD>A@ zq4#4!9N2ZVM^k+wc$7d+3o`NJW?`{2juewI4#}5G5oR8m(vj&Hwo6&{t8$S#_XW%e z(W|ePB<=R{@J5NrS|DG7Zyc3c940NY?Hl*L%Os60PsbTD8xQ`W=}xN*y8dBT(QrHm zmu8BdU3AFZ$u!Z;rmB_R*^=P-5aAF;vT96$Z4jj_Pk3l~Ec?pRg9>-Hy*I7vWlzkUc7&eMo8l_49YvhC<4*QC z#3v^#2FSXUTIu=zWl$R@&?8oFKM(5bpbmZT@tm+$sqesbvYO&!r0B*xO|vpq*hGSk ztQZO!snx)24u+TXCoL(bKY8D5p@;PCx^I3tz| zlQQ)T{3GSQe*5S=+|JotR7Xxa@_x|#gEXr>djo`(SHEVMgLAwHgW&5W6W)G+y>d~d z>_^kSZ7qy&N4(!(GUn}Pcl@hof%@p!=l6o|#fH{LrWGPhOW!a>kW!Eu%A`BU{L0)# zuvc5d`v)#uTTAAktef9DbXpH8r3(xNOv}o`1)`Lk2Pf{ed>PBspDTFEB>KhzUzDYH zV=}GEt8rjSr-MERjS%q09~xRBik8Y7Z)S-tzpg>DM>=`we1^MOjC7z%`U4sVxHNm^ z+LH&@Vn&iH7$V4e#%Bd%p|}KxNWBJjmg)|*ilD`>-!F**&Nh_^zJ3%W%5}M3RiR=e zK%@TvGM2T0*S<5Erm$T7z&~xrFSVgeN-7rlqF(a8u8ubucm%Ilxj$I)KyH!ebw$6M zh_caiw(*_WlSlo28PtR&qGsd4NeJdiW<300?NP_+8Z2c+Q}jh>o~_?7E=a1>J!Jku zTgbM`NBWQ4n9{nua?&M}vsmJYje7PrEhbQFj+|sQYP`WX`!8uToO5K*CN%@Y;MD8uM2$p&sPa!RR#z66{ZcOE@`D3Y42ik zCMB^p^n^sHm%1Q)m1J;l29KOXn{xIU3GfGX0XU|fp z_mz-VjL1LC!g7D>_Ua*9x33Ll?zvY|YzNZ=v>DphsG9~v(Eu5I?)44<-geVQIx~9k zaRpMGp6~mr4@-ME8X#WDFxJ(N%>}Or+gKo{f2i(S>%?p|9~;L_c5vsopuJ3$R96gV zbv!5IAs}8ut4I?)FT6RFs(qESZ{OyTAt|{Rv`D}2NlFg3ADhMH*jUaS{z<_Ajag?P z+^m?V`)_{~$A7UM4Gd?U@8y6sm|4a+-n;=F4`yNMJs-vjPHtLB zZXdZX!_8mEBuV-wK81aCcsR614|H?pL&~(lHWrlYC69~aYivgwAF?`BP*ogcS4J^CRrwP%3Hptf{#CCkGd3yD)cf$MEtEuXI0!XPgYN*)Lp&p$P^ zHdN5yC)G^nD}F+B9?!S)o9wW5Yh6z`>w7hv)evbK+?hNSY>aP(d~7!5ytthu-~Hdo z(sVpBn)tvYvx0Fy!fR;k>A;NQ9HKT9)hLlxLBG7U&;NtuXHsNXXB!~wnAq^* zeW<{6IVGV(glmMSSrsd!>#rWhx{ZY`jJ0WlupZ;msIxfeXpH!pshG0b?_M?cN~~t1 zxjXL_f&N6SBA7G|UD_Ns5CaPF#3H52NMZ1Ii<8s$c(%7topX~3{DszKz~Fs#DuL^)bBORJ)BKh+M4u?9 z(cz?N>QbGbIVl|7D3F*SvHF}@KZaC265SdfvZ40=l2TZ@0Q!3kq zE7eac?ftguGe_VA~QjteXbC6o-l7MCIQe8EDBlg3`P zqjG|A4W~Zf#Y#62A=LZiqzx6znEXG&LSY(HnBF2-)iOn3*RMf@aBY~Szi%yW)yTzX_IoEr+iU?$6qOg^R*cBeCsWx>0t-Hk3~+=pJ=5+&l7o--V^k&PZ#uGCLAP26Tt5=V};i!Vrs z?Px-nF-<~2ml?6|u}a8&Kq#}nkj!8aVr`XfxPbRH#huf9E{W-h$;q9M?=d|WP5fG* zXjD^tu0j+>>a5(9N|WV>XTtdG=I5RsZCd{&tKL+;c5nu__>T z_RzSYQ}V#_c!_tBf?HGCd5AIaw2a?Y4_tbFBeXUYWV;*}AWs=~H^M7pq@8=%f19=9 zgWxf5FbC_2n6vJD?nIvRy;*{w^jYcz4F8gnVh(MZu&lP6%c)xH9w`yIfp7BLH;*cA zJ))#`@5xFL8wCVSFWYNXM=m`#H2p&kUc~6_laQn%E(&)Wu6NG{@EN8pf8$U+7~b6> zar5ikWZY@#}phkq2KfvY}fak+#e%QM`E&%)5cjTkBW&bvT`9jmu`Css^I50Kx;Bwv_= zW17{L@jyp?gGgKX3QyV3^9y-=gBSVX6{T>R9e5}`CV$em`1AZv{@`8tq#C&`bX8e9 zq)U55-*+UAv(s+h@QnB6yBWb7K2i|{vPT`@%>~;E@`r6^nvrXRMr4O8t{QU76yu7M zloPXT zUn}-a)Tz7=1;6zR;E?&lD^CH_6>_$i{$`8mXM$$}Ll&b~u=8gjPx0SB>F3p5?`SRd z^r3g1WF;=sKIK#;=ir-s8jzgPD_YYJXAgF`j*QP+f(vRgW0Ahly3)CmtuJm4j4vf^e63Qhf@BHm71?~n3JtCK2J&a0>}-V0tH>>; zJyNb`w4PoY+9YOQ*%ZpF|0QnRGGkIIE1J4;f0I&`rhUBhB~7I^w6*Zu5Q=ap8KF8p z5Uk~j^M2If+XgbKjhoO@42L37BDE9BILl4J_KCf}T}ekx>SPI(BQlL_+IQ#(D2%rs z$&~^I4mDqYoSQSQZ0vwPnYQoflEs##->z{cSv5dHNt zcSdg?U&`0d@{YPKMKVbQ%EnNOJG>*ftL0jQ=GWshu)b-HD%GwVQIBB>~ zo-$&3zENzob~1j0>I=*GG*lr<(V|E6>)SePR4vy~y0-^ch|(Hg%oU%?JS;SV6jMs_ z#4(U~j^ajJtKBeFXk%Z6&fPLM%dbPNl-7XnSEFKXeaA;<4jlW^`a-2)$j2h$wl>s( zM&hLOI89~xCn@zgZPBM2xYrG);N7z;>LB3ed9Rgp2NtpJ$uLLvsMDA zf>Yx8W^A$vjspRY#+oRSC2wDrI4)eZ!nn2+@t<^!q{e5v2;DD-g|W^roJtNhoM+0X zg8Ke4+GrYwVe0PzN&D#nu9u5d8A?BI`UhgajS&09K~4_=CBz}r&>AU zH#Ilju==nXC6m3HoE${ zjM58o{R@Npd60)44(^$V=njedWN|EzUnms%CBH#<`Xi0#>fTNurx)Nj9}vhHT^L-n z%jl#_st-hoj?^Y&?pnO>AaIW;v`Pt4iqAzkexRenon0J+s_WM*!xlkAFUxsnYc%o6 z2Or~WWakQdEgn*Wjy_dFaX{yZk7`G_&Z}U{O`2dtO;QY0%9P{yq7JU=kOR)U$qIct zcB65cLe)o=48--@It@j&=V)Vb9mUl4+%h*uuPa*~a_`YJ6RcLHbt5WAEK+P@x_o9i zt*O&Z2*msh)5!0Jd}c|L2IoWHI$@3ro841;f_H%hLW>!Lal)i`2QYKLEEe=w*cybV z8GXAt{PYc zLdBioX}Re4YZ4~J2@jaoL!Kb{&x8lN%JRnNmtma;xLsxC)Kbib-?~T2)LNi4QsY-$ zSLIndk_f+`f(;yU20WGISaU-=LQT&%N^ zV(&D_Bi$T#_E|I~L0tF{{}evAwOl(V-!3~pHVMTq?*28pVA@B&_h zAdkSJ8u=Uz9E6t3Jd{KD?X^~V^`_rJhmwE!Zt-6Dmo`un#$;X-_;}^|{GFw$Ju5LD z$@Ij7MX!pW@IxY3jUUlX^A0upKV*Hd#dMIvDTRX~iDlPw<2U76t24k2A_vz6L>Wb8 zX|Tg`AE2imA4P1xMtS_o^k}5wJURbvNv`z6Q}s{Go*mf_>p7r-vrjA7`+8t0Yc$<7 zm(2Ua11bU!=zW!BG2^Hz;;!e^PfpTT*y~QRJx1e#x}By~$VDe_RNg(H9I@utbsnbk zI3wVZnR1zn9ICM;PJ2F7SZ?Zs5mDP<`pJrBu+YLjHrzl7Q1qB24^uHi@eH&4pM{l^KlX5Vs)H6;z;m-d3sPc~F&8N4o5%7VR-*K<=1BQ#r)Y_r%n9=2+W)CIXT z_d9B-HmpWd5A=*D6YXWHEz3{*D)TAnK?JH`3}LrVVBV3ZCl;y248^CSv5P19?Q3Sc zoMr4SUfHu@lNxb7mo$`0qc=!VeQkX{H3VV58;)r6uEY+JgYS)+)_thSP;54-_-~R} z4e*=%9zvjXeAX$Oh)!Ee?Vo^zv6eN{{pFg=&rYaReIP#G+bU8~j@iD?+2Ym}dl(`L z#gu^u1bs0%@huWdST!Tr8k~Ek)#KSa@qMxbI(Q@n>$d4O-svcc%C{h%c50}?96ne~ zJ7z+0m-7$#R;WU|ZMizNgxY@Bsk~Pu*=@vX2$r<6(8r1LuXD76>3oFWe-n)=9*V%? zckV*1qk9PJnS5pKz$gl$_H0RL*u?ve%p2B})j?&YB}?`L<0`r`O7XNPizM6L0}nsK z{hJZHQ2rB*^$BMo_M9ho6=1yZN)c5C%~vx{(&(?)$)nZQHZc|2wWL*9tUL^_y#Vbg zV&@oFx})b5(n>BZ)~fY8>YK$k(+uA^wLcE_fqXQ=*3cmbHpKp?5HLBxScFTn5)eYN z6H(KE=9pnLUD5+jHgXY#QjV@pX>8a*LmYrXkm(1F8EwB&q83YI=;h6)@_KKVwKo8X zpvk^a3hpENnvB)||=dw9}8$E#7|OUywKG89#NDyZ07)vtJSuKfY)^J_K1m^{B$)XXQW+t0WtvSg>XCv8(>6RUlk-STV~`1Os{k81 zz(0lKTRYC0W3UaM&Ug9am*TbH7kb|Nc?s#7T#hmZg8ao`9~jrCb57z&1hX$UH{@yq<_aSEcX#KtwUOo)(OL^=`30;>sxtX* zGU5~+?SHpB++bUw)hqGd+pU?nD|7T1Cl|8Hn*kAJ>zlEQRc)Bn>&X=rlKANbK}tyu zvNyG0-Ea}zz?+<#Oxozl@=bi-QH)wIzx~K4A^b+hR+X@$N$Og1fS<>LhSWwx;L!3U zt$p4K^gEYor0H?&QbyZ~a@4S`iYwT!*FNzT&8cN_UzK%ENyOG#0;$zKy?NQUbM|t# zg~KCK@O9bJi8JOf+wVnHb;a0P=eOTf@4o5^?w3B`Uxf9KZ#dOpwOIyr*a&p}Fmlk$ zZVKdUP?(0#0h{*_B9>~BjN||Q#KVCIl_MT##wTP}in_2)R@i(%sH8RKIV5kZ!PSNi zjB{TzVOQv`wc-hGhLM4DGdV77=;Vsk$UhY)`X!n6F_Cu6BH&jKnXvc=RxktV{HlVy z@gp<5ANp59ksZFhgWh}h;HsI`Ltd1!Z)=fp6-ouG?Jxu(;)-pYDFwxwW9za*^7)f_ zzY^*D3>^0Jr=$i=i7%aB%qc3s1+CzNTVG?teR>*B+)j2Y%4-lmh0Hfc-XVsUJF{ZT z&yRdc(uck3!ojI$$)r~tMUpC(o6w%rPbQ?>s3$5#sL4>jO1?T_=SN08Mz9LlO&!^8 zj6tU_mDtCdEXPrH?$1DjoBT(zb+~1|4J6!YEpW8+<7;KreaEsMeKl<|do9i`1$c_? zm9JHGXRxFnNL z_0Z?Fbq;lnUzZ)`#P)=^5g`omV*-&8{DLlN>Qoghetogh&;c!IQ=X&~)s7)Sxm@z# z)JBl2o(mL-@3GHE!;GgxS2PKA*MM*s{QOZGHRmC3@=)BSGLU#$B+-QZELQI-YS@CR z5RQl7OA8XhRU+P=M*d;Ds#q7$sr`4*G0MhU8EiyT>c)hWZWEB%+RgL+Vxjri_(=Rbl8*5KdmtPj$M#HG-un zwCd1`^oS0`0Tx61?$>jy$!xz zgquRRaQQP%j`||d(b+k^*Svx6N}%IAw7Ywyubng;f}5mqa^9G@~Mg}4g!sa~9Ue*36Te%o4K4>u^~(jF~- zR$T+>8I|_RQG~mH_XE%p;$c7j%TdUIQ5@Cox(r+V0}DN16N)RQc}AZUrwd^akh8^!j|>tB zhQx-eIU+um6j=g%qTpBW7w?n@o9kSFL!olMpwgC6+7J3IzW3;g7?g!2krzpv+URA@q-PCI5w?@R^SMtjBpnA+@wp~I#I+=j1 zfNQSic}ga*os9{Gg2;Mo;O2zXbPMen-WlK9xiP1+C9-=~`kfY>ysgS|SC6Z(0+AVg zK)@U{5v$+z(1)*ObgAGF)EIAS24qnG&_kO^atRy6TB?=Nn)xI{(7HTB{oC;i^p_T* zoe-wX3NB+8_m9#k>`}9D;pR`>j)W&RFxwCF(}i^ZYoyIX`0Z)?pq+3_MooHMum4kg z?!DpSUFzIjoUE|3JBL^4WGP7e12@k^Y(d;vTf`&%T_xErqUTc@1;i_OQMag837S<( zLyz)lb8)0@(R~Bwoes{?ov*T|`hgDav^n|l z>aX6x|}xX>#<ucVXcYRhLFs~6~E-bMv#nTLSbEp-bHsumTK$D3N)+Dw! z5u<785xey_ztky?EtQt(a_)rjDmix^Q2Ds9$2>mNirSc^QaA9~%R?~>ro&s>1!`Bg zdQ>%(vFWgZZ9J5ia4Hu|+s^{b2F2oNp@zQTByv~YJ8Z#=p*+9OpxG*kHaS2u!{?uK zvX#fmw`#aQc?h~=%{P+V-8zqz>?6lDBtAePWTK5APe;2z5ZOfqaqMgk941De<&4u9X%DtiX7Bx8wq!x$G(eOr z8_a-@PWqBtfjrqYZd-)QE%Si75EDz^mARMZs^n>A74)o%oz*DqgB(|)OKLxvlklqL zMYX3W%)b&n)I*h}Bsj)Wd78^(j8>)KeRO!oRw5`M+>Zf*!0PEHe*%Jt3%#x`C-^$M z|Jd0(>eA*(?gVdJnQN!QG!dK&K3e9b#kuzVx=OKnk%NzJwnLK3;S2{wX@XC$AP_4fk{vj68K)oSaMsgSbKc(VxD%7V=JLQ3cr1N}UU&(ku)9F1K3aX>i z0g`hsRIm%9j|CmwECQ~1npmZheA}pn*hOm+vC)jIYT)2jf|d{I%IYz~xABq(+eZ7h z?Bf7bx8}W}h0aU~XUxX&vbGA^*e0j8Y9aqj5$j_WH3v59^N*}|FO+$+^W40df6#A|!c5A3=aObikoI;>VI z0)mV4*^4|!4>>1e@=de&azC!0ug>B7{epeElS)=)Lih*nSO zN$dc{zLj-EL8^mBT#q&R^4lsBP60Mi(SoXa)}LkMX1yvTL)|P0CXL9U-wQ9uMWZJr z#$$C1OUpc6oAaLi$QT9}q3@m`(0>IZM>dpyS3~FGK;><8o^~8P*2A?`;!U?%Tj98= z3o)YKLd-B~GP}7$WZpm^;{rA7+}no`avRFdo=jSmr&1ga7P^n)Q2GvytFqJw{v-uM z*FcR}Zwv4UCtvk0fPv{q+aQcncS%26dIbw)Ryx_+YE*+)8S@n!d>lImLizx= zGwXAoldP}kf~xyQFW>q-XF&P%5r34X4v#)vgE0~X%Q;;b2!-uEJx!+{?qbD{Uq7xC zQ_!<{y8JA{9tOo^;t=@N7HWAe>!x#kGfBeAVDG@tT#!M_;t6C5=-3eIEO#=~7_FBR zc)lyz&Z13eS}?D}clML-hDZN`vb)ZCmX&fgKvF`wd*Vuvo=kXQ(u$9%RgWv0mS4G-~?LTF6?}D*Vm*&9|`qL6)JvSneovhRb{tvso>2%UP^PP31y@;-Q%Tg!P;&V<=y3ddD(>BB709l9L z>~o%OmhN)VQ=8Pi`T^!b`Az0@0=u`aobk|XZnDMOYBf-UN@hq4r|m;*Y#2}uCsgGq z3Ee%AI`63a{weqE$?uctIPHi*RL0%z09!+fYi#>AFEQ|ZjPl~RnzUSRyNX`z1t1_9 zwgYj~kIherfl1}6_P7+Rt@x}I(Sm|29@ z3Er&iO0D1-C9Fa~rIUu1Uox31$54qVJU0%F9_lEUEods2p(ZB>4aR4oE&r@?>?Zu1 zQTpz!x-}k6I?soLniw5^NbR5@RA$IrLe=uOwC4G5Pni7yt8MT6`)~2(H<%nhydbY# z{OGXh350z0bv*BqX6^x`7d}bSfKr&39OL+oaLCZr3RI!H7s?_ssO=+y%xp~$YLPOvdgDWVUxPFzQ5u%{9Gd1*27_3u&OR_kdx(+|16(Ypi0Bi~ zb3ji`-1UT7=_swHQG=glWOlUrMwYBnucl}zt_66I+yX6U7#V3hT~w8TGj{9zwdxucM` zxGSjmL&zkD@W!W#c4&0A4>pZ-7gd$bEH=d%x2ZIo5sdU4ls^1kkC?4A-&C^~$4j<7 ze7cmaYjb)P2~s1SfF)bMsrK>UMiWw16I7X98kM1|$53#_YJ~Wh9zWd0eiVB0{yUPx z(NIAbzK*%Iw)a+^k|jBo8N~{W@=3oePz%>()n{6nVvX&!2lJ>j6e73%^dyPqVqf|k z^k>+k9C8=a$osGh>ak0cm}=_YEj$8 zL04_0SaViQ4V07P0?Qq1+@q)F!Buy67ag`~hq;JnseD$bwegg~vhBW5EfX3>*&b+g z53NGit~;rIx%g)MZwPSs*O5Bmu#fZ0g4<+-!Jziu6@-# za^-?pfk>@jNT5(0j#duqil7%_tSyYlkh}t$xi!XA9%}tqiPN{D7L@|S5kYtUB1X2R&*5R$4Pql-KHoqt@zb!#aq zwX&7N-q5vhgB(+dzY~1}`40V{BLFs46f6Wjb$d7ky3y!|q+&_%m)t1tR;r*m>tMhb zh65Nes(+W@S?$-~=RmzvzdvM}U}(HCfLG8AHk@|33L4Zo7phV15~q?6UzHE)KL7Tf ziR{y^JGQSZ@u3y1!jCzV`Oh21_1v;m6=}Z)s^;DX-(2cYfpPctfY|`_43VIBhD@OR zdPflR>rZAwwNA-}6`7IqRR+^>T=f%|VA{Hq&NEgFx@NgHxj{3gly+KT1q!;HDuVlk z`^WMRH<*^o4wd6KS$WDocKQq$aYCen&j{&i(?JQe+TCYuO($R@NbtpeOdfVN$})mH zmE-x2M#C-&c5M#;PZUuccU&k(-DwzZS2yylE#1c464T?n?Ta9sJ5y9Fx{4XfuRBJ$ z{f%HLV*sf{VG*j=1kM4grwbk;r^m>tqXT;jf;pVZbvN^1?n&c8(0A{+IH* zH;!ob?zY#R+Vckw->r79KytF<2#JZg-TYpNH_g6p&?>3DZT{uYsf!g(wq;dHHlWV- zuiU#R=PYUudld(oQf$`mo^{E6E>Y;YMRm`^^&_&PeUiutIC%2yWXK!JQ~O+O8?L{8=isoN9s5T0h)Wv{)b&vQ9@rD+81_jke?4z{4uBVy>Xj z(B54uVaGN5h`|#l4=*ZKmbT#a*%I3xinw7q&wK6?f zl2f*CH7Z+?dbTYK!CIzt4fNAxEeoucw+*G^7>zha_ zvIp+G$M~EMGfU5-M7-@dO$(4Sma}jJKt`Vnb3Q-~r^7LrsCBNCxbJh)omr2MCm-nv3P|gy?<9cXWqw8)hgg$IE@h{E+ z_}sP{V;e?vgtkBRtz+=m31hKXP5nGApY{Fv##(FNGLeHxo96eSN5z)s7}bJF>ytob zC#Ea!E;dg4k4RNXm8i=Ci+<9BNyz<7I9+V+_cAo=&M(DmCr-u{!CcON?#GO)d^?d! zkOO5CD~4?qb{0HfW9`ld?InDJ*=vPwMMFRHuHzRXdldA1lhv0pm1#nqQQq3}waWh3@fw~W~UHzDyh zE9yH%)FNKSze))2-XmJl??`IkC4+{+^ArHlv;WQ5Ch+^S_1 zYK3Q9K`RI_^}!v~Y#X%DK1OWc0oriyP&ai2sN2UsIW>L?3(fd&4PRJv;cc&1LeJyd zpsfS@jkbBgQq?{jrZ!fy1^FSKFx%tyWvU9arjU_etaaV~Bq2&qc)>aAPow1BN+DIL)BWixMn(nGJTU++V+EAg+ z1N>_R@Qt3?X!l@^-x+lmFiMHZs6rI&0`!e7%#F(M7@F-NbaLrJW^QM4nu1fDPa$zw zpAKxLiw{zJv4R(oMJY6QX-1Aw3;C~Lx-(QN&y*Dht4h+~D8#Xnx0b7#6b%^UW+(Ns zLTgiPs94o%pN6;6qfueRcjf!KQ@^ZKCl2jShyj49Zqk8JXfa1R>gIdg9oqu+yV}_8 zZI)KDkH>vamFT9;F5D8R4Yi*tna$Kir}uHw^zlCRT@9quO;l2ksA1P)=?LcMU=6Rp zR71#Duy_uYh6(+*>3zpS(+e>89&0pGJA53|PSoDk<KA;@a{L5oZfzf;EtVTz@`OPxE~7T=@vkeZejtwy2A>>w3`( zJ`e!O=jV&MH*BaFvc7CRG`%UkgM}=)0bD#}?><<^ApU?O-pWBmY7Z% zSo((upVH&W07rT12afWp#oWpPmdh=Ff>5}&V5O2}-T8Ktm{3nuU6y%??GK3BOV%<< z%UupDv_p`e_&y+gH%9Vt#>y=JEF^qsbJRQge3#kmsmFNFZXdo2WMoiuPC+BT>w_1z ze<2Q5JqPhA?k*f-;3=pqK8-&l; zbSP4L^&5J{T?q1*VJy{@ek|w0=9JENclSyEHclj6_=4?%PhxpZ)1!~LPbVI|G>rt{ z@b~KK=yLfq$8FVdqko`MO}9{~_2_U`9pA<8^}?siJx4BRx3egnFc;MiT3FCpq5b_R z>4!a{uXw{-q#IP~yO!P2Y=`n1ulGU2iMNAI?V@FiUC!xz#yD9E*$&UjAHBqcsR{#_ zYWt|SJj;tn{W(YO)n@=(NcaKh{Mu6+y24Y(b7s3zh>hPQSLXn$)?-2Z`9CFyP!@gL z5gZ13R`HeOa+-B#{M&FBmb!01S zb$}d-aM0qqzUhf7n_s|{&v(JN!v~qTV%hmO2j}VE_@5u`djXJ?F|nP6*7N>{ST0we zSef6w&P2nC0V}!m+}qd1zQ$NsYcW6naQPNX5Gv+{=!Wx=CVFu{`j7jeOEwND#M!0<={DCc`q9PaC~kjDxf zbZgK6C3=*B-@}BT7UqFwY#3`n=jaaGU@_*5&aXO5!0!s*8&z5mrBikt4A*fg19i|y zNqGm=oHfu6*>P`Mo#O|sm3h_?=Ge{p7S9}Cg9jfVCp`J5SL35_bLbM9~gGm z#MrAiYvYRfy4^_Is*zy{#=Zr~+$T%Cyq^OnmW z!^O1S*2Z`1#2dTcuc-^}8qB+?)65Y4^!K@kfAS(^ba${s+V;h-0y=&O)E|QdcFfr& z*59XLrt-D~!0{gf*dQ!-6X%>hSp~1XR?J-h&}Q{6=1|n;bz(nL;ZgYlKnB50(O`{{Zq_L zg#Z5-5z}R<4efQByRTTq_4mQOpSTAUn>pt8cfNxUNB`HH*x$7roc=#YxVD4wsVlL6 z8WY%b{(nqX{X>GRf3X=74G&5v{!q3}r$T zYC|F0-OCofp_c|WMjwz1*By+46l%pAljcL zm_+VIrZ!E`s;~V%DY?tIhB=EmF=_6-r#7_Oi-*6CH}ZkG_EXqR4dt{U4)VNcv(r5a zn8EIc4`e#_dv14lr1br}Hgl+cPIFO&%kj~VQAr0sico5)yx4xQ+ojYz>&hIv!*XnL z0`|Ic_fg@j#vC_y6EPFPf&LzMB}IwP7(2`T)_D~5+jFOknapc%e2^J2@2{Z*s%hp# zXq04XR-uJOW%cxACjTJpc{+DTLrDTIS9AR zX}Yw?$UzPn?v(TfqtD>y9!z{|1Qkqnv9R#{u|wgZ$iVf_hO&85Bkw*FX}^`M4z`MF z#ZFje@_o_(klb5+M_Osmt})lJ{9#7S-|vAT*)6SwcnM;tPJVg(!k3X!G2Bq9TNr|- zpa!N7qSTj`pvcsf&c?lIRQY=Vf()jHu7Hva%)$PXh_Ju`w#`$pBl(F#?yjQN!qh>g zNy};_lnz)3c(ZftLe0i$1sppYzhpxQ$euaO+>1pJm^w51F@HBX_rp2`o1H$%hYx+l z_?JPI)!-h~05^C*L`}S}zJ(W_7v-Pg2vIuw6g4w)+ChCaMu@qTC0%#RgRwDxmp<~t zc%o2zpYSw#W}p|oVlJEoYaxpX@DCsk z|6>>TGkM_AWXDMOh;l{QK*#&geFd&O!ciKE^vV%C%_Q|D@X7@6V{-PtE#~{w3=1`b zD1~~LL7$ST1`wtBRforUHc>NnsY{=3?cQ4YW7ZkW%dxOLX5-l240D@p1+Nm$%x z+@C<+`aa9AKeU>;(O(K=u&uKH7=W3&Y%A|~bF#1LQ2XjxOPS{OW4_fQeo{s7$31%$ z|LfwK(*9#_!dRb#*Y{6X)P^ckxs#QKnQs0iW3_Y4Z;JUs5Sj2@8d;OrsjUluB!=lY zn7^L^6VY3qO%8R>#%=$#+R!3G(Xa{mOC#H^@g;HtW5u*yQsP{%sMOZVGyA|4KFAE1 zf22p|4^Pj`5pC6jztktj=*%xn7_Xy@gT602hHMC2f!PGo%O;G;{iU;LO?CcA(6TmT z|278T(sB@vIW*4N1~S8ZPfDSJQfXT$hkanw)(I@&sUdTa{txaZwkGCYNu)7mn>f6+K-y)CfYO? zHCzUcr!9skW*W43bHrLfE5OC=hXp9{{eAH-k&XM1{#`Q=iMYrWi63SKW`O5AG}Eb2JnNC%|Eh|Kde#B_Q;#1*T|qC$vSv~%}TXIBj}IBYo2TY zvF*nKyS~4(YU0vPR*5%>?*k{k1P;Q_+j)R_f&a0$@i;G^YgF}cPF`g~#3OHT@{cVc zV5sdURjXN<1;dwJ1`v173-^?#{UTR>_ZI(ot%~J-0YWKnM{=y#>W9Ypr=BtY^Kda6 zzgbkg$Dr_fOJ`cUUZXm5vVQC5pS%iM?n~PYkGC5XMzk|9e!{btfA_;IED6zn^8p^B za$}g#Xr#_cUj-X8tpAYjy<2~G-YL5+v}ZmT9Cn{3tdd;(l|35%7nOb+nvDK=S=|cB zWy3U+;?wS+L~ZVePkwjUdWe42c;nU3?^e$GcPpQ0kI+DF0c&CP+q+zl{x4+~AckTa?;~{oS*tDysXHoZGrn zfyae^yVF`^0PmJYJbC!<$LnhnRCm)7-hgRSkRL$*P~NE>|KO>EMQ!MoLflc4 z__xakPZ>Zyy<%O?Cq%QO z=0QaN7mjPzsz%Tfj%p`nmwhfU~qH$Lg)5$GfXHupUNJ7<9t{7>;*u31`tuQ*6g z99&$}gI6#Nk^QsCG#zFlSymP@Iba(g*H$ocgE5Cs!@p>MUlNl)tho%rl(S@%Djf8w zRw@M5Kyv;cdLN1QB#xBSArrtJ?K-g`UCi{l3?ZTEw=%Ff(iY@QI2Fb^QPVN4u$;OC zRVR3kSpTs9|Fksna7;vM74#yr+S8O8T3ma-B8&h-(`^xrX=_sk((ahx@yYgyFC)T0 z-~WTdDw3ihxH$(&W@cRE^SC-ae>f;oV{yGMKFxB^cx$VynBP$@kqMB)_#XV-mFIK) z@Z<%1hL*Uh{Kz7k%Z5aY;5W=G_|vr))~G8f2%y6g^&EHKlHb@4r0@_kyEvBuP+ekGA=<$HFgusq43MI!s{i$@Iq*^ku+H%- zK6R*V>9l>#3OAg_00BvHu%0%SSLL+^5}4bPEvoU%#AC!UEl`^)(>qEn@V~Mwca2#Z zU-A-V=a}Z_A>ilk>l5~O1%f=wE4EXGX=CwrLn_h!`hq`_iYl3WL5Bl^nj!z^Zk*I~ zJF?%J$0Ii0jj8s{S^zMMT1lKf+RIIg&*Bl({BI#3vfyWWc45=)MwoKzK4a5AsW{l) zxmWpY1PU*Rn@ozR9$sO#F#hR7qi&7u-V*=33B+S1mxEoUA@jZq{NUb|6}h>!rq4|twpLJ5F=wC5rISn5(OcIkO3k@NFanEfsF48lVI&R zr{_BV>-~MGmmfAEd$09O_j5nbT6?k3Oy_9%-OyX-y$*Tx_yZ@)K0~`qhJBuSy$=tm zi|k)M*e=v{GiJ=4?Zb_~s3V8VUsH`y0148XY|&QRFVy(G^LZ0IODlB=@VK3OFQRAe zBG%5GZ47o3wKaoN@4!E=#UmMVvMk3s?{k_L>e+%O05<0P4g2Z7CR`JdNP=h~ds~)teC)=RL^fY-*(4_j>q(^IV;T z2a^))5vtOJ)F_&I|3`i~8ah}?l#)iPD=+6S%(2gxeGwfu^udhhl zBYTDIp~Iq0!H-sD6Sb8LL8Bq-HdxI`&*iwXdny9duOhG|pkL;C=1295?fLhY4&U7f z`NFKDbQYSf+fax&rf7WQ^1Bv!;x3vSC?2e7oYCK`OHQGB-!r5+~O|yg|vBv`aI< zL%@5?JTk!Sv+~3YDAkx${IdPS$U4j59Y+i+l3n(WxH6%&6llf8-g3l%lg)n7ZSnl- zS#towvA`}hP;>UNtw!c>ULCpW1G-!eA#Z#`uX?boEcPvcA-7Dx+di)mHr}}nPLT>N zKJ~+f1&Z%c?_jCmJf`N5;hz2E8es%Ho_$Oa4)uzNvPN1jS=cbo0J#4;a4^z(^OC_@ zks1KFX^J6Fj=mmWT16xN0+}{{lmt$B@ob`^OI|f=Mq>Kc=wUeQvJE zKkmiSH=i^35dpf37_+}d3LqZVO1LxOjDeK#Pd$uUJ#fGq`_)D6ZH@tz?Cc3&4>JZw zy^JaWtUL@aO$;Mw_hXbIP1Sv9J9-YPPbF9Fl_^?K=j@1E4Ak;Sb{{S4hyXRS^L9U5 zlVQeJbJ2TT@nH3A_<%XJ;$PcYY)1qyei5)BY>~f|ZMpp-SXjLVj;QGaZb6)Xggd0i zn40+~g51>km~9xydGL| z6Z%uZo5PniE}AHvY0h`Rs#f=TFz^afE0fC_W7WqL(2ky{xeGekN%smvj#>~^Vth_p zLBSiM+{rxK6f~Bbzq+iE!6U`No?dDQw58dSF2Yw$KmUPv0h7YKuA9W z6&1O-Y}VITf+a7-w!$cC0!H;tMvRpA5v9Ei!qa+vlq!%K!oE9NhFca5p8D&b=)-sr z%WkCXaa`Un5!#FMxI`rt6?VdyAItGdd+XKD_ARka{?8s%7(c7GGGz*Wd!$aQOhuQ; z_A&a(2|~Lc|GBHp`X8Gj4$bFT_jzf%X?2=dZZX?bdh?R&X~XL$m3PmS-Ckl=Rv+*W z{?-S-?F*TC0Um6iwSI~B?xnP+rpGIF{&Df_swWON1)G2RCi~YPy1&13V?FuV=Gv2# z6k%{fc$!42Z18}mOqgJXTgdPm?7lZS>kZQrTzhF@0r!Rih|7&*X=DDMJoFhb7Lqkcm?%V$$G8 z*AE(QWDhE05*8Z!ep3>j6yy7?n|pD1v#>S5;jUF6Bwwn>u%+EbR);hVy2Vj<(x@$! zaa3Ozv1yirbAh2M428B*Ep^eux60Qxm8aU6dY0zh4m(udY(|*KRupc>U z(h9rQKGFZmb6S!P(=B$oIZOBqW8GbFwu5ufD*PZKIfPzIUka%_?U+UsMG(V{c13Lg z2XN$fBMTvNRTz7pEU1zUpxE?rm42svy0hT5z5U}|5I>QL};?x4oXWGZMW&3r_ z{KdzYkXf;L2lp9PL|xH-r1r+C1L2#EGcd%hw^|O?EdMp6aeq)jf8?&|TP)&FOe;BD zVcEYCA0RB~Z!XxPDK&%7W!$q9m%D6bupjZZ#vg<+Y6vLlXVdENQ*Kg(VG@_LRG_1S zZ(%uB4_T)brS4raWqX~3nrfviAQm(YDu|+fwufwBM}X0^_KM*&AJkNV7F=|>!9OCq z@EctpcIg=HoyC-RGJW9^%a=_Hjcd#TY=6zDu?HYD7DQ>_X?^DDK*tgMyRf8pt?jP{k=Kfm)bPGR8%`F#vIwD99zpHqi*zw6#4e#R?48%6SAYdW$MwEgPHQF{2OcttULp_w-K3>C-lmnH+_?g7S4 zlgZ7qD*a?E!83emO?mgRZwouTH^0YU^XjRinyYqp=P&q@xl8zNPx_AC#RW{SpXC>t zq+=$=nq9d_yH zA?&Db@NdBU_ET-Sfw5p=i6Ym9w)Y0Xr!?d@gh@Dq-8U}m9;LMusWi3MaN46`z ztG0{GJ8ny3g?cW~G#fJmJ`T%q^hAhQF~aa}mLt&?>PpG?kPewQ%bIrC4`pHo>IbSG zGkwM*vpC%%DBz4}Q_5l?RP(LFhs{${=;?N3#4fGP4SJ`~5syxfUW`I@X!#^n+bbW# z4g^8Am(f=qilzs5W*Z^{;KV)D(t;(f(yb|@Qkq`&=lY%V(d}JtN4v*#HZ3g4oSx(p z`YV95z1%#6f9PS3IkD&Ew(VtAX6tS7>}40X-5G;6X1+_0U)o@Gskwdc`*k^C(^1YF zrZz+0|9eog*x6Xdm#BmxtHv_PBST*q{z*)W$Fv6l+n-li8WR&z zO2c0_^KE(VwmII6{Xr0WXYB>E;|B_}`$L)e64%IX+#t;Vdyl-cuNwo>$`4xN)*Mel zD1Da!SWM|S@vstIByOl4owTY+*j^)4Op|#tw`@DcXH9?ZH{Hk>isSS&-qt887$#iD#E9ZMgyso zRGT=**Whtn4ttO9IYAeQ{6S;a;@JMH&4+v|)j?zEh=DLh#4vU+@$+ZQi;RNBzQ9Q! zxD{zGJwf6{nylmBS|OhnFnn-TD^cBj#N1H4dq7n8;Z?&8@AGw`Nyo~9huAZa3GQ15 zpW(jtXm(~PDJ;cTIG13Cg<-0}c$#G%bk|BX(jl=-RQ}qxu2Q48S%GqbOAoCddx){n zgl3iMNM={Z2LUECgiRZKoOd-~G5^E`iOy_g^)9IR1z9iKaCWw(<_r_@#)MV6&AUf= zPFH>fI*vvnow$$?do|a0YSamg?Kzc5dN(0uO^~e*bze9gvG*Vpa%@}v2vKO>AN%~Z zC6+TQgOtcVExt(P2y|%L+8^ z2bh1y{0gqvQ+mh51+Qqdf^$0kFLATZYs-~YCfu#QYuzG^Gj^N4I`>rZU9CW?V4=kS z%tl>#rjx4a>!S{XkYAJ28&7BX4jHJL8L@E|xp7_@1t>Mja#K394VvR#bhoA_LjpSd z9u}xc(7`m>FEO5&1Yk2$gu;V1NNDW0PP3!Uh{SyxWK@MjX_X4g?Nw?q#Ye8N0#9i_ z#MH-mZh=ww)Cb?6fuO6nMA zxz%1=uKXiZo<7rTMU=aO%P50vCF`K& z@<%$W44uD@iAQkrs$)G(Zr1-2usmPq0>w={WaznK%k~0RU|onXz}Yo&Pn?N~ z<&mTSpG(&h5M2S0cHTJNR?T{nglXvm8b(SSZj*hrPtJ*tU3V;Td|r4kx6yxVXlZHU z5<1|BIKD;iQ_I#;k2hiRK6bbimctBX)R<{UUELQXKLRU=K}d%@ZQ>yOF_uWN(@l04 zhxxnhEi_QZF|{>T`!01mj9)0KQm0mWk{zcq%(fsjEjYAnj|uPncojl-@DEE2UiCtU zADf%At>FZC8RH=3Cre}16W_1-caEjUi1kgDL?&p2IhL`5=qnS=;ezy<*382%LQ}|| zv)c_)%@9laMcL01V>}&kKb+Cq*79gWh}g|HEoYAj_t$h8MIePA9dS(yJTjhXW$EY} z(A=MQ(r4EOET=`VPS=QWqPd`oe5A>AVKXgpF`2|mJ#lQCx(v1o;2CKW`l~#T#Pr@l z6Au3ze)!wM-Zo*Bv`hw4FiBQpw$nCrZyJ0Y2^o)W_@DgE;wAC$6f0#!#gR;$JkF}~ zR~;jh>v(nZcT`gM59-4 ztUxFIilg&A1H^6#1P2Hr_BIfvA1*%%fv?{ID|nvh4kgp?q=pf*s|BxC>DngiaJC#{ zv?(bVWhwI2x?M=%ht3IGJOXSFby+MlTA&#?4(t>x$8?HY*RR1}bCk-1lzxZ}o@3?M zvWhE$r&TR4|CDxpTxaJTaySbChpBGAH{++p)J@@s&lavR!xvUj?lo{uM>Xp>#F2@5 z18!m~u0)1)I>(q1mV_?bv+eyabOec3QOiRbWwHRlLk2r8JGrAaeJ~Rf2DsjF;GgBS zZFpbmxiy1^u3Pb~Z)y>~Qn^Vej<%^k)G;aIF3&2ST+36m8d&A{OOJq1yX(@EYk=*F z#94>~;11>KRr~D)OvN1ISVOncJ^K7-{^vS+x2t7 z!i<{b8T7Ub(W0TwjYk63C=E#p5)WSCk`xH3Hb!+6VRC~8UecEf4U+cqu^>Q{Goz$-)=)J>#EpnYr?*u*qZSu z+@kAtT|^=Y=WtDtI1Bl}{7Qy_PU|#G-mEA4af_A^n4|*C%`{+cm9_6y8X#T{mnVYzK_R|QFnPIwbYjC zTAqJLZL{5u_S%pxn%o~Jo8u@!xHw|)H6fi{ck(q8>=FV721kl~m+0#nWP62N+VRLY zm?hYKiF<}r$}IPHn?3aFj>~9oZV2TMvRsvt=+k6;PbDQ4b=Ckyh$5i{<<}0Ov%ypcHNaV z9#wA{>jM@a!fcT>`+Li6GH&7$mvn#>aPE~$P$=oe2o>Q6gf5vKUvEY|5)RTs!dO9N zQ{WO*r!PBXxQsQc*LZMX3E%}T!QzON6naoym(#T|yCi1cWFL&pZEtP6YHr`4>Y;c> zak#Ol)KhnH#mw+zk`HZ8wbYghNEYTwAhTBFQEVh?w9>`lb~OyTL9QkR*s^NV&nCn& zFgchi5BC1&p^FrH7D*nwTI{JQHlT%cDZS=z(6dFLE`n_UBpFf89ZR=z7U?9x%LRa`hs&gTA7 z%V~g z7+-Vwka@|OBzpP{^KOu_!&-ElV#ciqn{Gj?_sVqz(fH<(#q+p0GU1K>OEUxC#e8mJ zVj}&T6HqU-?;Yl8rGGyAnuhu6v07p;)@xdx4lizAu8s%HVtILt!$-*W(r7ydXVx?s z=mX7k_SKR%t+vOBWs4y%NeAk^m+2mNRrho78lbTGXz8$_@T^Zx@QmW%RXOy;uXath zqV(6xvMebl^UuHZ0j}9ls0H)3WC%$o?$XB#0=Hvj^h7zyugFwaz+ZBc zGY!+%tFki-Xucoh%B?L|+~tZ6N#XA1?on$iM$s|wwL_s~gHOUdLScP+NI_9nhbKa6 zQTHOqFd?PuE$FcB4F{M!U(*;lDZuAzvM_S9E1}%j3oDi;PY*Ax+36V}v!THxFv!dD zV9OVo2Ekq?e&-rqDkIHr*;2j_zy4`NREDbX8pr)8seT3A@v)B?cH z*_hN7W=Gf+DI(1|GLhaY-8`~mz)Rgm?#BJej6<;a281} zJv|0EI+ENrp52z|`Zq(SmK@d93GCat>w7CR6+@O4Fg@CN)(jfOV6ayq3nqmiMJ9-| zU7?Ogx!C!mK#IRCb45w|6tvD?gAcu^S12E_}rI?QQDnN@~ZX6_nYBi|*>AN)*)J~ScjSO((bWYmG1 z84cZR@;zqYz`ecWDQP|P5pIgdX3Es?dYP$yf`vy)deHRq3_Z!=;`dk(G%0GjEeS*R z3!iEPu^BY=y`K>fYg-}GSr$_pE#RLCRSU?IDCSz&X3Aed(&CqO(0kTkCk;@ z9c`VbM4Ar1bVYu+@NK~Nq3aw$H7w45S2ZKY9x`W$ls{))bn2F#R#J#DsVzx}T#L={`^={K?tp^g$6IP#vJ_j`>PXCk|n)|rv^^;nPO zK)i-;!cya#%s2Z@3kMEQ32As4v#ixruUQ-d!3$4kx&(bpoa5B7zhbN>R}h8Y>dnb6 zZHtED#cnm#)q?8Py0*5!XqNUgx3QIuu77%$k)l>)<4>;9Z9XJqJANg}y5haqo468( zn?dPjTNuV;!p1{gz+y}BX+ok8?7ccSxxwSrV4?|FbxGRLM{>ijmJBM1cdu$3H_wU_hOZ>Q$Wws$#p}sbHfqJV!=w%CUohaK^7(pvlro zSPq(I=y3QL$;vR$jQ>6R0dx1ml1#TZ1wRGqE!O}U{$9< z%~%B&;w)r}r$pJ%MTd)AZ^bSZv(JxO35E^?VFdA;9-v-A=uXq1s!@5({F1HXeio-; z_?6k^sJPi=4{2xUg`HGAtCyuKS8OkN!wU}eDHHi^`L%pzpybto(%1hO!wp;q>BKd5 zZ+TjXa9WAK%ob!ovJM}Zb)^}rb>KD;;1afZ461!g59@VfF)%2Mamd*mP*pd49XiIHZ{1~$WUX+-)gj|6>KiZpT6oJAq)3cqs9Dddxb*H4~j!98(NYSaWkOI!`6ACKCspHO|rx|a-caNeZxc7$X zU0@!$AJ(FjOe;&?)3X)>?MFKL+8EtD29wp&!!Ew;4@X|a0P@(by5(#w}1-;XSNswd+^-iTegbc{P( z$9nB}9-PPuU}_6>DN7p_Z@f_mk>I>VsmfHhq;uufXg=vCUPK3^}biIiBIfVrkjm?H3Ve5U?@hTXpfq_{qcT7@3I(&w~%8c!TKB# zam6gp*gHoW8TtYnOmD5CtS#()fiQ`9LPVUE4$aei z_Ef!atF|~j7%-bL+`gs}_Rx1u$zU=mJ$@HQ@?DRl*WtUurz}b1fZkZ(sE3+llM1wU zPQus5u9wd{KH#WHt?ip3r=>j146#T%cxvkSJ;f0srYS-YQYFCzD9@jB%N_H(@NiACu64uP#oL zSi#xL{0(Qv^CY$AsK;T%XFA)&Sd(_s%hBpp6M_;dYxI-u81YCvJ`CiP`fg@)tNLj6qC}Se zYM%sKR%Lpe_BQZ5=@p^ES?Hl!mOkRDkv4XjoTU>5e1qkv7y2BI6^k~8Mm%m=8Mn-- zZGHt<&5j-zP|?XAeRJ5d$J&yaw}(SMw6M!|p-}}osCW#x_FC&k0S9G4@$5>T3UH&} zAT~eZaI=kb3`i~Dr!|xH1 z&chl+d5V){)vl-Hoj?vfUyI;7+lGBd0h5!rI+e6}A{m3)VNywN$|O%z)4|ZP;3AfY zpYh}YbIpt!h&ji$g&s|&AD44_UkiuchuIC$><9X9v1K`_fJ6g#jBb`hbp~*Sbc}** zf;^|1OIUnto0a=G(i>~e#W{+RAg)UwHeYl1mm}6^gdQr}rZ&cle@^r~>k9M^bB2xO z@|OpCfye#2J?nXK=A4X#~!;h*=#J+hFsT(Rs& z>?x>mx}pw}^J^x3KSm?k9L1~Si4IA~*M9&M{VQLkN z6R-EUGuUbz(aF+;4c(NbMeFFtb6~DqF?Ulrm+PiGD?YAjE=HCNp#SsP7Od2D(+_49 zet?yiR$0Cz1QY3&sd+*92{0(dDx5MLD7z=309d3BYAb%nDfdqf2uh9!N^a|E9!7|} z^Cy5R{wbF8M!mQr%ZW&~&JAYo6~8(lF?W>bVWOUyNVC3hM;Df}(_GP;(496UTn9t( z^0;Ne;uniqy(=W<7Pi|f7{H%CbJ--9Ae_#;ct>4K9CZ(*^`!`2V6Bxryai{&$_e^i zrF-1ukCKe+B>G$-$F_<87#kz|Pr%;AvBz3L+0sV5hvLdEA(CO3Rw#?LYi9KiGBemc zA7uo7j;%;ZL)4{6N}iJ^+rIxD254+=vte4e%8%V&!PL&F1hu4{QqY&9DwYr)k-?r;&ZDctd!y76 zp;X-=Fua~2qI)snttxH4)&9lAFtU;_v2vaNV$D$fzM%Qf>B!Z3ApYX74sWhe3pb#h zs(2gb9veqGvF8F;l9%9dBt}D~nDatpfNi?k(6HUo=505!kgSf{Ri6ff4zYM1b)1vm z|L`JMcG*)3xu%f@4t*8fVe>WRpQ4aBd9m+foCfBa>((`bMurZ>~~6h6W2g+#$c*IvSv!g&OeU9c@T$7EbUVWQC(N>D9dmrQZow%o24MAxbH-Y zRr97>nI9|Tx_&l&;8|e7@AC-&!v}(erNIVo;BcQz0X~N8{^Q6%nTDV#Ko|gj)pm-} zFJplL)HDb5QrMB|cX8+bIK0Ucd;u8Y$~6rP%+3K^esV7`PB~?zZd4xx)x**z3~;pt zk7=lrU7;Dd#w#W{(Ud8LM|tx!kyKRAO?aA0psBE~P364{A*QY^a})l@$<%(#)=)9f@XYc3cRG zbg=6cT&eXNIvdL=?C<#{_{Y{@QklLwCA|Q(wt82m`U_K(D?kA9==;W)AI|Kem?BFVM)$(v?Q^uaNcUv1eW!y1?q0Ghmq-;gx|I|C<$%nf(_n@8A=*d%&^y*S%hGN^vclwF_4%5i6@{dHzD ztLGyV#up98Lj31p_R6eeSa<^F7^DDVA1p~!PXq+b)z5=Q@Uo}`bIuYjr}IW$cR#-( z)C~5FGF$*>?;Vae`sI)a6Mph=9D~@zhD6*tH_<6xnI%`rTzJpN#z?73%Cb-srt_I2 zdvQZs+*stT8N-nUBoer>jsx}$z|AdXIL@DG@_OwXtcL*%xWX}B?<#(*ns9PDM|Q}% zTO~-alvBgeKIMguO#VlTP7A%6SH@@Yo^_mg z*}fe+5jStRTjfcxf#t(+GX?14H0)XTc9Xuwi692#ZIZbZ937ud9^`P?15AYfM8H12 zcyAXXi!qElYQ?8CC1p94DtBm?{+l7&_cTlfSbWeEp?91rd|)P9DuPqxZ!@|}ha*o? zIY=ZUIe2KKkdfv_WUt9mX8^SVGo-8d);SaM!H8T0t|2r?h*Ef_3Jc1AHBrK#Sg{_N zFm5+6#Zjq7Ayx2lO(|xe0ivoy8v36|zL1MKS3R!eHKng3T|d*y8<`7C*{&^i<^1FT z{`Q(}!??D8W*slx^O=HL5Lv^>m^R4s6coIe#**Di8;Q zdm0$|lVYi5A&V?+QHd8QdWo>lAbsEJIErp`NRe?1U>YastK zD_@pieS8~8tLFtXUHDEcBo&b~6 z)Ixq^cD5D3p2_qQV8Z*wPm5T!%yL1&OdEmV~FGMp`nQ}5iv4y$1pNcvati-x0Ol(PY) z03>nvcF>8Xicwe=3Ds%cuK?OU?xz5o>_(7kl!O3q>alNlw6ABxRwlA>{mcc59I@Oe zF#(DUH{mCmNPi~UbsG{{jMSI^>dOaECj92@W!Q0rNRzU7!|M5@kbkntTgm%^K1H@1 zNc5SR>j5@yS!gt_sK2A@3|S;u~`C*Rk;f14}}F$c;&ni5T^KLun&9Hw1$%A#_C`AUJy} zA1n!1@9i7_B}V|ovS!ankr3Ll6g5|PvS8VWQqBjIc3xYZ8qU1sWIxnj1y{B)ZD@#c zNK|>cOq!#T#=(a|@`5o?BRm7Gp46J1{KUzzVsZ_ zG?egE@-%iKRKim>r^|3CF*UF`ZO8)U!zFa{34vT?f10u`q1#FE7@8N1>UC1Sj)Qmk zdE$dntxoc5juNtJ&;;BrCMz3Big!@yE=V^VM=1if~o#@9! z@`UmfLx~NNENm=fD;X$RI(#70vox64RiMa^lRYI46a+TIhSn3?Y8CBlc@m@>qIkr9 z9!wNLlq5&V6X(*?Tx2f z^-+$0+%){i=YQ$C`~}@$X6VShf9d+l1>Baof{}Y;uwF0AwAngy&S-GY_#z&{(rk)M z-g^Y|l+w^eNlW31A6f!eO{>dmPL-FiTTS@x0zGAV#h#!`a7h{O3&b z^)qT5nbfE28I%UA+|kef(zRCdQ=s9Id;ik4o|Wr}b-=yfG?vQAPfgZhZ^MQT2$k+Y zH+iZ~sKQsG#7LAc6(-laPjh3B<2Qi!xDW>z^?p;QaK!qkG$Y^lawjE|*Pyhww={ES z63ff&M`{~eO%JFW2J5l>-ZAi1!o`G zf|6CA3vD_Kt>Q4XQNwLKR9ZB615N!-U+7V>eZ$586Y0kI05#9ZZGXKwE$Y!%%zz_b z48(C;f?)ki*MH646a8b{mcwceS+OQtJ)$ncu+VLD!737X9hQEX4nG`)WC_I4l@z4KPiU>ol z*ENEJw?a0BFb04$?eo>r#H#M|TG@2=Fi(|4Hg5Smu)ZrVVibO6_0N;v#9;nUuK!2z z*hRUB<@lKlUQBe&fpvqf4!O+&DruXkq?qY`m^a!5nK#-9<$N`V7s&lT3h6f5BsA+% z+oIv7ITIoQ1qc@`n~yG9;6FK;0fkBWzv^EVX#cl=Pkn^UjYsdqNS=88Ka1+Wwf_GH zmj12vzqS5{>Ubg}`HY2x{p~P+JIvn>1JxznSB|?>ql% zhY4a4Iw)|DdQZmhEzJRLpOy6^t>iBjwEs!R>&p$Mzh3l)f-T515FwyTVr6!0TOfLL zP5)Tg3I>;I&-U)WvWqQo_baeL$K|AqEGyA?5$Ks_YC$1p#N~r_IV0mXl z4h*hd6euDR+zHVej59GPEq-4~wztCKS889exL4|-#B&CV!^1te2j`+%nR!ZYFBYoTLc~gvAs*FsO+w5@J3Y)W$N8PO`!2FwJo4av6VF9aTGL(vFFBT3IdH8bs-h&l{I4V4ie@?xY5P@LisBc8c*{atJ zu#$%d3oC*)Vpy!oH?Rxbz#b4raaKzQ$+=)y?(2h7wKSgQ0CMp6u*+ zPihmwRHnj7vdex+9!O~)%4HjspZ~3W`H`@^_Y!=uE8^yn(~mFDyQY5W zN{vev*vv4r(M7#5)PsFjv1x&gVT{X0(p~LK%X+d8hfYm$ad5Nee7(SM1twUl;>xs{ z^U2i4!LX5!MIK8K0;ubh_w>P)w!3b^4`q zqWe6ivsFp#567~T?k?sLXYGvvztkNF<2)}s$uAH(svZwOi#H`RVmE31ylL)lvD4OY zzk9P`-)pNI;3utVw?{qzKYiiX;CJQUtpwkn{N=H`|K!(Se%9onvaNJC+f~r!SEvH? zOqTEFPh0FAyOE^lUG2}|M|k^O_TFZpX{34YRB#|Wf%Q)M@WalaBW};3@8i!NG3}J@ z;p3<~-HE5Lzw;qayTTrm&n8Hv8p)F79|sKQ@=9lI)it7|6Ob`d8*rCkz;%Jv|49Wb zy60;S4H%X?_HfYP5!T(qEiP}Xr;^b=M=DhEH&6#36Pv!D`#wYyx8xPR(i>J$UAu{@ zW%aFDB2hGf6}gA7O7FN;f&K}--;W#ppg(gz>B2vc-v1?d=?U=DjI|>lfSzVtn zT=)rmfAW{d@BZ?y|KwSdhH?uwJ-K#syhfbbqOpf(Pm=6jGDDK!$un6|j*%&SU0t*W%uux01k>vIbL3CS~cdRT#rt18fjE*+a z+^XweH5?{?5*7cWpjl)m^rX)P5H9N}-3ozu59Wp_uYBYScZYi0 z%%chxX>HZD{owKz>*e|fWB;j6{!_=9r2aFN*!z#)0?iGN@3V&E_lHovsTv$?Ow3s2 ziSQZm`$Q<%rtfK^`$Z`F68L->T_!61KL@f2&zd~cx_FH}mr2DOQ0$DrsWE?OZvk=}L|bO65&Pe~P{Tt&9FYFvooYy3u*jsHw28oEM)p z4S$8b?_HJ;bU6a~Ur^*^6#qj$nP`Ry*=3UNw_W$%cHjYkh!Mcw|AN*_s-6unPZxMj z9j94IEU}D6i+24m3JS+W0RP%tHdIY|%4k;l!W92x4u5Lvex7mKZTPy9#~!sd|W_qBFv>PO>}bD{8y?RVImVXJ;8G($T4}Se;J|EJP*Ge#_7A2 zWbD%8lR)bKa&9yj$4*hO>8vm1@5!0#zk-EP1xx^_FH?odL;cGnIb%H6M;U2upM2w= zr|vHg`@bbHZx)f!kG6ANM%^L(d`??j;vx{ErXX)V0(o;JLUm2Z=o?>RK3{U3zo@zY z%1Hk@m4Ynvw|jqLum1xh{q5dg^8PPJ=$GPq0+E~;z!O4cl9B#X_x5e^F7w8u22!Fr z>oZBzWS@Kgmoum-dq`%IgDf;iWvHB;dbX5qtOFc!gc1O_8R0vvxE?I$S{SpgL=a6Z zJ}s|4_2~aqk^NuOv$`EoFQh~y2j)aFS-NA4hpB7RX=6MM)J7xZIELCvLhmwjJGg<2 z4nwufx#hLNHmdcGm}~iM`HP%_?_bp@DD`&=k-rY{J8N19 zjwybEFW9mRD(&5}RTq39=5E2!Uz=oK8KdKBCN}erD4%vYMq|ai*rgk0q7e?S$PxbE zUqK(8jvlhcsBpNa-vxPKIZ9l?bJBRkk5y!$O#Ejcdc$oTlKqk77-3# zm-;wD?%aL4#;&JOF`04kNx)($n89iPH&seKQD)8r8Mu{ijWt;odb?Pwh zoZw{puwHH}Z?sg;6Anp}j`SVL(E_D(=tzYMh@AST(_^VwJ^gKDbO8AI%7x*KIdicVIb_q)LZrUbYTY2%V8mvm3eUQuB2-J<&cCzic{;=kqC$vsr7vU9dS{N3F zlT??rzsQ6I#LFRJ*^wXDXRIm^+7ogX&8)585JZdjku2fSR5!hATF6d0!Bj-_J@*XB z7Kl)Ab*7~IZp8)q)oFcF)g#DRD-^u>4p4p$H1a?QH^nB234`X73fFgg>$#M4k}{n$ z;(pj*tNc*ZVDH@h5ErjeU|f<-7u|6^#8kGIXCCFmXuH{nI&VSt2BO~8xVj#_zX|?sUPuicY-)eN+D17L)>%GO@^rn)*2L7sG&TVpb zKz5;0!|=LBfuQ&qJ+htDeg)F)I&g1h=dw?5WxCbmC8M|;!~)-uZA@vmHZ;-QG+HD^VAH^2dMeomIYM6u&jMtPy4flbJu zBThQm%##;^7ehZl2~P)HBIVlMexb&V_1C9|nCflg+=!^$EHk!mx~>tH%A(y1jg6gt zs^WYlu%$OoN7I9dat)DEJ?oEPTDy2c8*z(xk(K^T-GUT)eR4!++|!PZfHe4TMcuFR z51Hx}1UGG@Y}JkZ?gll2S!#37M#bd27DR_76BVRrv88j#eeT+eJQ!QzfiSJZIT6!~ zIuhoFlF+V!;YUMyEwuBDoo$B_XC_@lg@^IQ6qlZ7JWGZNEDickJUiss&}wQI;pNiF z70F2PGpR^bm%4Qq{~aW(O?4@B*^vFst5Yv$&En3!NH(^!%ljes)xMw~OszIAEOEhd z<~gByTMm7rXAGy>Jv}8W=`;6WT%R7JGy9D6UT}I@je(}ax8YPaAun(4j^p2072V@t zlU(Zt^r=gn=evnrg09L~@Zu%2Qz3!8=UZ~D;UVjEWA|-1wtcTnMYc;%e}X6NUOv^2 z(sgntfEvbxyrHgh`#;f5bvhfz)iQc%n&PsvV5rs4elS%fL0!+Wj9GVQn3?K%>)xr1 z(V&97{q&U2`W@TAq4(nG92e(r3xB|R74j;ShfH6cx)T1eCgaEhuU8#c!X?fojOSQR z8Oq-N=XIMFYB@#8FEpIpf{FT=p0r$7E8<)k&vO9Xuz5%9w>Pky_%LI?J&>OlX?g@J z`dsVkZ567L>_uNsZo>U5^{?WEJ*EYjjP~9}9ALh3c-FH=k+j*fSk;-59%aW)8(Uu1s0=}uNy#pFiNJpt| z`Un#*E~s~2Xo8T?4}Dw6Zzz2laXEP9ONQ#hgKIi7dX+&n&N@QoJ0ocxgBH$MZR}>D zaQ8$!w;s$a_)&jm?au2OPDuIfr`TCs@d92KzH{l0vKw_|nhrZk#cG#6gzSk$^{ucREhyMW}p*aY6H zytW#eNjx<8Y<)rwc-_}t)Z4K6Xfv|^p}DZM^Zs>>97G$X;Vf|TC-i6hHwO!#$ltcq zoS=EUn+4^$1Yt;raBz|wsDcBaWVIY5Fxv?G|x6TecKH5VjJBO?k&t_yrk2@#m(WXUzsFB2Rdr_Oq!vmNFa?h^^=Ds6UNyDsscS*@ z#z5{_(4_H*XuG{&#ncbptzsk4*H*W-YnOpT4xz;v^k*lk3?!;R*^{_f4H)tOT!s0r zrZzNyeA5pXX8aOUNk@Anx)Xky+NTpfoPzQC@J;z%m z+7-y0$2XG8iZ zzCwlo>lL*=xG1Lr-O`0pK52NarE$=-kee5MC}*upEW>Kain0?i8sKc=rbDKKza|yr zXBf`Y%yvM(o;A&SiT5@ZQ4$uI)ST*F*7L!)=|Vq9FoHT*V0MHT`QAEB4Mr-2>jT&Ew9lay>ntM;J+c+A5W*vUwgp!cvvzpC_csgZ6=ud6E$}Jo z5fPgwv9eR+tVydHs;h;uKYO~jzFh01G`7P!ZQ#wmeU)g0*~{A+T=5~(aF4w}tX&3ODe6!F67Ox318a+HPcr5eIT;)$kS0(5x1hlVUj+DnI@f zX$@-)Yp!hMRkw1us3H*Z?dnB|;WfP4@vfG>ORP(7_y+>_R!~m`zWXpYF+K=`@dVtI zOhUKZq_G>WPhX5{u@2jHXe8W3+&J%{P9PRRtCGyZ)yjElql2EDY!FUWMzRO`ZZ zCsmEM)v48aE*nr?-Wz|NA9CtufpGcs9d)zXbZ`ED)V&8(Q|Z<|KBI#L5JUw+7a1!E zgpM=;0SmTKNRUpXcOoS~;0g)|2}Pwz6H!Dd5s==bC80(JAwZA-2}GqPp@jtaADp>! zXXeg)_x|ttzTcX=)>$mdT8EtX-S6Jd-uv0lskc$h2k$a0;jYbwD(W4}^nW`Ab*XGy z5v#TB&8RPeQG&`d*Vb&k0H}lj!r#}P+>?K_v~~%}3e74%(~klR2>aD80<*c@JWynY&E!@}TuX2VXi_ibA74z%QO&5HsIdl?B zyvz4Oh-Vk;%Y8%Gk#Z|4@?GipEWYm&+7;Cd3)HPR!|!j_Z08||FHDbTeVJUI1U@|K z0aW;IsJ}jLCRJB=Gxaz5$FYC3x9+w-;F96Q9bO#Dduh3v%of3R%Lt(`;<`TLXW=BN z#%KQI+v(>N3jpa@jJ7SX}FU&$0BX)1GTtxtVX7a~kR}t>lP#>H-zba9x;X?4oB+o*n16IHb zmAD{HZv?q}wS-3Ly)dQiuPe}i_K4vwj8@Z?x)Lk@nRKy?ol@0>stU%xgC!z4Sw}ad zi!35x&CVUo-|fsUQHnIy7r-E}0cW7vJfawB2cSXjaY%x0XFL8d4^)FyPSaL+i~tP4NxfY;druJYEeGug!n1+-%3K(u9v> zZZ1q+pox1e@T1vrFBc%o4tJj06drVF-p0O&F+svul_-zRW_`z8W~H)F{cKH7T)a)c zM>xj?4vZYDZU?Nv_4@FUC&b?(f#v|Ju&-VG?&wYZEG9Su2uvD6nG&%03Us_aUkv5c zb8B8S7n9gDn4hHnPv=9zW|DFNm?Fd5ooi>S2q@)mCPPS zDsreFQPf$GC!5tNW;x^EwUCn)I=6T^aL$X56Ii8QwN;q;3S_7!rYy&-21zf}&&}#VyJ>*vhtU~%)jT^Lahfnp0VefVkZmi2C|j`2pB*5K9!u*?bgj znPdkpkp~tIH=kAfISSB23v7BTQFwA;{Y&25wZ(dYy?#Ir2rM>>4ynv`FW}`e6coam zeRoxxbrwGTDj*Fswo+qqD+vgi?%p+}%hmEUAg0n;kOsTUav=KQmm+R^xh}~CEj>uB z$`^SZ%SDNe$dpI9EaFXU)mRD(TI{6^%Rhr{Z-#*!+QhdVbJ*7NBJoy0<32mA?@5_#5>Us^RlF;hq0`|Ogwn@|`xOXYYhv2`Ho8!Ci19f(2sVfs zIkQWks_iW}VUJepTHvVK_n{9wB?!U(>3&zJ2G{s7lrMuRuELleptmgiEDI3rElREp~?t5#cAQh9~08Bd^Sra+st z0}vuXaHNR0MqT~~6=EllzI{cl0j*XE*UgX3ZU7s>dC_|ixEKXP=bw62NE(7`5&ue$IIFx>TH`DJw<>#bal&#&5in+ zhZdg)GS6g412jyqjL}Z?wgxI5ADpFZ4sr`o0PMDX?AFffRK?l+-q}RLlvoa zR9C~tOU%Fj1by>!aqnw$lRj+mqg2ZiRgV>@qKOG_AVX?^lCY=>iail!d z$azCR`*Zc@=yVQjCkmXa?`aJya_<_diq}6U8Ol4y9vKqvxFgbEu>W}+XQ)IYrc0vv zg3}X9Hyf5glYP(!Vm4ko8sqsePuRvqjhp$T~g%_ADZ zj9UM>8}~;VTiG>Mckq6G;pVR$_c9RWD2p+h;re-m&czsFm1HTV$4y7$a!%}s+8&V` zPEq0sU>ob198AElaF@RT&TmYz6WUnfqA=)=r?7jc?y(V46-+}p+c~QjVUT@@%ZVNR z0TMK8oN=YMt%$O`6CEfj{vk#L;w>lu+2fNM$eGz~$sCH|<#HC_nb)eu)XXsFFh)IN z>_G2~G;c9cz|n?=FAC>=%s$Ar%(bhj9e=-HL3?TXM)7%{fsHyUkv9-Q+hUDOPiK(| zOUKg+d5l5Ta;4*mz&FodHkPF2+R@u^QZAQCQ@L9cCDZK?Z%?BLAdb@@!r}*bZNh`u zMhRR45I$#0;eCWz^CXXVFr6Bvo8R>)2U$?#(KS^JRYYMVrk9rD6{=DzfN0Jn&0$35 z8ThT0vgw@0am1g3y&)hWiXQ;&0E@r6?{C=hw_A_*FTQp~1Pc;hoxMA8zNSUUJ0Yj; z*^c(K_fIQJPzs$&j1{P{(dPOmj`pcD*S|%H(t zR&#|M@vZ5gRMJ4%Zf*G%KQq~}l9c10Vly0c-4GXVKcBzBK)Ay`m;jQ7=AER|dI_=U z+LqHsVOGR|lOI;HLc?ozShF-&_~o5J{dcmqKKO!|pkQ$&Au3VDnW^Mc#Jp2l|HW#! zYR*h!v_ewbX+XvLfWO>hxU`g5)xqqmEq>aJ0Qo>^+Y43Rs6)OU3`A#WkY&M&Oo@9p zW+w1%aQ(9Y@!M{+-SQ^nh1VSR9lU#lX?6+@0lC%z4=#1j!lB|UwEq-%%K#bFXkh4p zZ?VJ!WahGZ@dLX_+8*u%o#0x{JI^}$v!r(7yML{J{FRp)q53!D&&(yus=I3+(q`#$q(3)7OG)RziLxdZ=_U>jb*M$ z*$!rIQdRpb^G8YLj})(rVS_@0NceHiPO+GR`%QYLJgOry;`&tLK3sBWIw}2SlX;{ zoY)!s>d{-DvZse|^R}vCjVnh<8L~ESUI^}WQV8D^?AgaZ@5%>&i|L_*t5qlrD86v7 z4SZ!*gdwZloaNn9vh^KMU zyS2#N%cD7lRnV6~9(=BDGsz+cMVE?Yaj^pCtS9YhyNP;u-wQ>TOjBhZ?r{Nu!Ac#J zZdntoMtgO8XpM&|1MW90vf{%Q%vbHL*TX2lRI!i5A06IpRw_w{XJ1A6YTMeF#OuFH zjDuNW^{~eWALz@j=7?5+zsPv=RLG}md)_+-Mi%YPdsZS_;Yem+d2-jnpvVv^(EFb0#ySmGo|dK ztt4o?HhGAzbPP#zmwcpc?w~yh);4*lodBl#pJ0bdXJ=3d8z-V;-8MQG>Z*~ZZ>_cX zl#sODUN`2WkxhkbL!yXVy|PV`54N!I6iQb>1oT6^oSYq-Cz|M)sI&jO9f z@?+n{=4ke)IG!lD{XM|E{P6%!fJMYR-Ai&qQ}Z9|LOi)5TC%hPR{&CQ3iQn-pg*-M z;tr|O6F_gz)kl2{&3<7S@}$@)%IVo6mj?>t(Oj)S&awh9kB4Kq>>uo?`-zpayFJ3P z@(%D@1ZygF6}aUz^qL6R?y_;jk|qIh1@kAgpx;#49YX_BmZIM{?aKg)cX!XXfnufm z4@KSk7J1#^oy&cF2wFV3fFX1Y!yO97cR#TV+nW7C}JlDJ~ak7#tXqOcf2xUwa#C;g(%V>!69ed_W^ zY3T{yM;(yi8(muWq;a?Mzpi#)RnLy7pw3d9f1;GFmbp9oN@G){oc2p9&1q=VM3)cI z?Poc-(r4hQql{#W6Z5>ql*^7;rRsuuRy-k_jh+3|OlhJgFG8E0;;7?e&7Kz%!v}($ zwmxa;Ed~yxO^KE3eTNuX_KMWzuNeEER#=XXFc0Npb!<&7G*tsYus!9E*7i3vhd-iP zUD^)?Kq4o!-@1+nyncur7$_Sb_ZjqCg7eqi`>E~wqzCJS=3*rmA}4ONop!8kEY#b# zcjx-E?|{5D{Sab|*YA+#!&mq3-vVYbxg0Mk{9Knq*=BXckVEfiomL& zS<_HgeC-wY%;?dpjIwE3Z`X%F{}uyXFUC*`sU?>!F;V&hY!-Bz5lqDQW7ly^hHOl$ zG$pkoq1fnL1@dKpUI!uTC4p3>meWW{B>8>v)o{{TuM8j4tq4-W)1+GbKf`8OXL2xp zZ+nNl@Mlgif(BPgOMR>~w(1qyo7`zQX;b&DA^gIrl0bALSoGqYwvLlk_vCMA1^;Lk zv?#G=muWeUn!hJ611TAUg7LWTZHSWH_fyLHOC#wcP} zs5{>doL83t(eLDXrCzEhYE%d|cvN8vTGObl2D6Q0x|5TAF4#zx5RE6QeKry7Lli5K zrjY1N1;PFiy&Yj_KMiW2AhFIkI|Zh4PortY+DIAnPk`BH0c|^UpoxdmR3xHs~tt0n{)uw1Vqy}jl@`g3c zfd+^fek3PY6X=Y*Nbm8&lBMTq(;CG2;|Np6l2vN%G$vpQ+%l(isQ2a9#rC{zIi`I& z$Al}=5L1*Ub%S&qa0GK<4__*<74isRhK6|EX&%^Mo;MrLiV~%{%=5zrU(AfEpR+-N zvs0Vxz+O^iIa5;>-f|KYfxEWdh3*K0`Bu7y&1Y3H_QxT|Cxe>;MYKROMW^sRjJM)4 z2Uc;_cTPhJ1|9z?WH#4qgd;pR8$iuJGhm!b(?VCi07cJVyyc&=R)1B5|9i3J7J!eI za++QXHZ6gk=>7IO*JkJO8|##68{Q835%+bel}mZ8 zn+@-QG!IM=(~Z+wmOq!tsy!gdB*O5jcXTd<6~$^sg2o0Iz;+lo!)oik8)8K z35|1l#mjrJMVD+gU9&JU+_SMuAlHYD7)Xggm+JJYn<*v+JeP5mNI3*pw-TL$Xnf3W zOWTkxD0c7GOQ~=dyHO$kPj2^DL=#ip5P!KK{r@Po^#HAA%IMt=$bmx4(MF)%KavTM zJ3^Ni_f>i2+=~G4!uCAWFW%#i5$XTPpVslHgeH~_2b$M=mUe!9aSNVybRBDUp;7S`ekKA z$-i0Fuq2SZPjgV|>n>P(BA6h59sUGn=v2Er7G>e7H86i%)3mcc!6IK5>($kgw)}~- z$%0}eQdNOHh@T9KC!O%kY!B-yDDu|YXYJKeXo?L=!F)o~WWW9RernHTPz;Xg7C9P# z1f21;$7C~>rhyj@%r?9xCZlW1DM2|VxOOd7`2TZ?{tp&_GXwDg*39#tQSo5sgUhN?>*y2v8v0tgZ8#LW(#n6bzP4WWZfHX&;}We_4fr;(@|WTz*)2qE`BV31A|Rr(THa1r4`Sm+o^e?An}v(7 zRoAgG%r9s7KLGB>7be92CseXyIgm3#_5YfN@}G?d{M|wQGA#HfN98wI{43?6)hUh( zzURee;@Iw;QrJ)qtnt|bKTE)Z`X*0EW53PBE7@a1do)K2xE>&9Zbib9Fw`{6lDTCR z`u(zhy(&Wu-)vHJV{B`ZY;Av;?~EJ$iYIVFoE2Gh-ROolDYeU~UNuyug7!kfeG6v2AeDrsz z(_foB4!kL^J%ZD^F_ac>|J~O6UY4v|IG$$qWPOsyi0|8VhqucQQ}t%Ku?})kR(-E| zc7YJ$ZY29#RH#okoazW$6qrdO7Rqu&&-4o9e86fF3cYh;NN_yvT@>lL`>?y>*+MQA zZb^6RnVSU?fk^5G8fJiPi}<$5uTFM)C*qSSbdKRR0>h;MF0 zsDINsnRt4>tLwc#s_hOUd^$8D)RqWZ6fYTk5ir_D-%s+Nosoh2{-&t-50CX%oB|0R zGA%u9SigKv1VvXee3shia@5XLXv-;de|Q@~|7`r>wKb@*@oxQ5^Bt(Qh4-c7XRv3e z1&0lG8jHGF!*qQuzjLMs>FUw+{YDR9D;=*1Gf}L^bbPMys4zjIYrp+>QeB^3%JyEP z;$D?HYve`jQ|(2FIIuK~9nZ9Ub|6pqwXZ8%-6-7ydmF@yD=~#&v#v`=rX<=fh|N5K zU6$vO$z-e@s8!^BEfJ{dSM+?aDv`i%m~DdQBC3v85MRMJ1Y zlP#RkZa`dkB+7ew09KQ5Z#0k{Cafqw9q>7VJy0J8nJPtlO7y4t#~|9(D4K_P*mT^V&>9~Ru1fIO{N*M)KHHZA457F|wuz7NQO#bv%%=rL zvih7p+xDHP&<{%Ao#LEIfK-{-DXP5N^TF?&-MeeK3+|zsp6R-km*NEtqHc3}#g&QE ztujs0sx)D(ir8abG?4GGI~Aw2c0y5cLXG!>2Cmw7b{(sUC$#TZ&8Kk;1d9Y6vNRfz z%pbZA;qq=Zm3ZO`j^bymQ*t?4mG(|}U!uvFZS4x~FsA=K?Ex%drs$chYNfAOmFrme zK=mtMg#u$_|8@Dh4;QjlUszwdB(Kz|jKOu$<7Z>mR>@iT|hbX*K~CTKl_! zfcQrU|6kz46lfyk_z!(;*BDYuaK)ArXTjg!+WSEe=knbS>zO`5SYKKc{UW*qR0^UT z?9-RzFL8(Lzu@j0!%cJm4@iUClis^$MS~ zB4NVP#wWt}AaVB4`1bmJ49#QnVvM@i0rJ;PX95R|Qx!0EO4zKX@&QD3rTo;Xnkluf zd$xEn2}wJnEcN$#enbvurODzT&!*kfM5-TIIX~(bdhB0u2J7odow|4_w>FjpIwBeK zzOY+?Y~yt!{5k&-(-W(!?Ogh8JLv$CVe08xD^goNJLJ=uHfD0+RJ(R39LIA9dmi?{ zG0yP;E2=b;9*TOqKB$_n(0^|BS_(K{sy6iKxszQ#43>s^-j))${TP=btJMyJS>G%I z->c^@P%PL_QcuCmUgA~nQ~~$;ZUy6NX5n=0qbjjerxG3@u*jn-A{U99B3QVR+m|Ex zXoQcHgi-=@3>w84DwDk3?MpQ3Zc?BEy*#H`Ce`y}l^&IHbWkh%c<*k%!ve(nr3fU&s--RkM#4vQ9899vXKd=6RzV7JT0j( zaK1t=F_9)wW=q7=%KZ4yNa?NYSl3R*E2e{K2I0aC%ldu$5l+b|d#_<#M-(HCMig>G zMO5o#muJEUY9Ax77GIjHeo%Uf_T%zAzf-_3d^x?a<=p^#l5DLRczRU_=JpG9jQ)Ud zR)Xi)zs>{xqj5VRk*O4)jV`3&S0xF+9 zCpV28Nt*(Q_vyP)T;YsnJxYmdH!v{##Pu(ZO1{pJ_)m7aux4zK1E7%tc!(^24*ohZVLn(P@G{Jp+1k(q6!APj{}?BT=aT-Ttok>p!vE{6!tAPhNxEV*^Ra^-=s^0l?A`(UaJB-0i(n&)9tGeN!BgCx@=a}R(9P>a3o^7 z|7!7GuBIl&BCVS6U-F1o?wM_Nn!`^n=1J-Hhf-cG(ErXhkCQ6WUb57jXFvop(C;vZ z<2T~inP9`O#th83bWc*C`~S0g#s85Ve-*&_#k-Y$-J@_DgbPoT+Da2Adcj9nHUFYj z@16 zkD#p{4^OTg-XG6Jq`eU3IR)DgQZ2C%IwH@;v$MU>r_nw>A}hJei8~+rSjarya|Wj6 zOS)f*?s0fn)!(k0)2@4vU=ep$0+4V4-;wIR9tfhHDTn@_CJn!9P5p85@LTWlRn&rs zA(l+>X#6~NJJ}4#qge57I!rBvFK;AAZyn6T?AaB*vLWRQ9Heb8uBsO_VQF?^t!5~v zIzdEv7cOE34%B|yUv5qB&P*0LYn4?hD?d}KQ*tZtl>nr;dj@p9Q>o>Xa;3co#?d;b z$6(9}7`c(dA?8+r5UDI1H6KY2(OrlXKxDMH{1>Qa#I>)QOX@Z+cJ)2&XiNT1<^X46 zjO;Qe!v_el44anPp*g!5BT^rfyTo~3PoZV`jTGNiD>>{8KTQu>^RJ-8QQj=ku|4-3 zw5VzG4meZcNGR<i^b)j}cIphJ)~ZGr&^YrYuK**>=~$gxguc z7MO2BPW}~x%kPz4+NpYgJ2JAie*?1BWIy8Hv|#opY?6DFw^qpNTT^r9Pb#-RjQHr=OMIRVnhxocGY`6yj7&jH zB&QjJ(LJ{LaXGn|UJWWtyUOYuOKU`>23w&nj}mC}lVVqq-aSjDs41F{i}oRaB~1Yv zI)I~646${_av??GawZ}aP*s_!TRpdJ;Wuyek8=PlRG1nOEQFXnS%c ziI~I=mkY5fElnun4?y>&jjLjhPYYrx%(BO%IBWKGIqzW{6D-groKSfBsz|x^)=&z< z!(n3*(dide;d^REs2|H&Kf%5*EOma^N!vMjd6pF3877hdB<>H(8Yr8gd=F@+Vb`Vw z0z6+bGTm6XP@SOeS{FPCJ~3j3k2BR zPHiwdd9KOKUZR2+_>p%G*8SO2Id4{$pp?f|_p#I?+p2xf_WKS2XK;i$E4ceOM1phH z%A(h11gMGSl4Iv2`U-aH!%MdvFDKitn=Rb9@IcRnhUnYFx2~%m!=7Yv>Bh%fV7rG9 zZ8UKfm{s9eKQC96`nMC$gyh}v#1{Q}^B!=b(!BFy0oY?HVc3X~oOibE11Sc`#1wpw zlUWgS1W&m!ig#y17sQoL!bIv)JP(L)LTf?nG+Vw4W%`nNjbM47I_lIo^o{_fzru7_ zJjF38zVH3}SoYPNFF}*^yrR=r(@Q)eH6%3>6uoH7SKw2NP>D019Ib<-0K6K-*9y;e z`7Z7kGIc%jDGzW3GSb?rMR3zqw2K_Q&;@sp2dcjPwdD(vk=dDu_qh z;Tg+1y7;C@n2sAoYKBxH0kDm|>7ZQtC=%C`xN&16UdC{Rkal%Az5tyCQR(6UMXo?XATQ0AO30_wXWUl)JCG6 zZ%(WWh;-;CbbmN1f#`ecuy}dq{n7;I=ZPJdWSBKuSNVI?lg@#dAV~p z8*+|9soPO!U^50Cl*SZNl#gN$m1@thq%NDC6V^+WRh}Xl3g%4B9o#Zc;OPoE7&g`} zdrctzdK9I2oSDpO3*gaA8J#|5a}xG^<)pEa^_{s#kGopm7gQ!N>G!qw;gVL{!;-yk zu=Vf41_F7hu1sySY7k6vrh^sjCN&xMs@GpS(oB*(RRasH!)j0iXkn0*nj!C?Zhy}_ z({9`1Iwb|3D$i^aa+)8K`xG?}{J?)a_`VxyshPabQ4=;hP;I;2z^S<`! zDg<$1+%H}xw2`skH|vLJEkOdb+PaxF%9;DV86!9tYqA=;pbMfp&fKbkngjeUl0SM? zrRt-Ty(8h{|yb+ONWNG3txZa?0%IY{N~Sp7fjUX zbgi$ZiMc9guI)dp%SpoqRNuVreX(YN(W;j~Yj+kP>@?K1vM}x>>i8pLl7~Nm9&g2| zPnQpG5w0ui1%(Y4q=&MN!vayP!x~{2dh2)(FQ97)DTl@@y1l?TKoW`E(gB1Xry$cz325e^1)(slnmK z_^Hsf#!@wNmaVcPq%xNK4{WH zeS^knGUOx!-p+VMkZ>68gak7JN)E23N&^E5l1(F7i7EdE>43ok`u2i!q^$iTGoI+7kXKj_+rm*%qJdJ6Jyg>IDCHt&U%WrT&R6{woEA-xBV=>f`kQFKKh93bSUA z2bFg%l1q(pkEw9O@KNU=k=dP-c9U3$u5Ly%|9PGkED!ZncNVuf6)^fUqgOrhlU{agBB zJvz4~>I#e^OHbE?p=8;ENAX>qNYsM$`jN^VIZd)9g=m4QgTr`QhvAW@rex4^5+KGT zA~HEJ9&+a4LL6%#Uc^gz{)YbW0tHIQ;V)c$gvc>lC60qlt8Mv)k5$N)C25C;H9jU{ zyz5G$!A(+bxbsn^x5u!&g|+d+2D)To{%IxZ!sfIE4XD!LEC^WS4;?O?u{S9~dtMV(vT&6XM#mhw-v}XOKOQ^%RSd zdn7(=zIi*mtqhFiYb?M$w&aL)(j^;a%7FKh5d~Mpl7=7tj z!f~2Kfpr#oMxTNFLPz?HRe(F`Pq@YE@D!pdpME^%X5u-wuBPnL&z4d332n42O?gU4 zXJ}6Csqy{QVcJoQYQDW&5!y{72=z}PVOUf@N2pOovpWz?cbC9xA;ab8GxvYfctmqdE3D@o7;M<%yb0M1x$AlD#X|gH5_!!g8|bR z?8M$QM3SDIM95}Gf+fNIm<{;piu7C8R-j}FbOM}O0WZdwc@18$#nvx;ev-1_iaWDQ zw~_!IYg~1(nwP$V)|b*eHxrDi6?K5JwWA?1lN|W@w@G$}0?k*u^)R++WHH6tqB3L{ zbydC|!|&zXxByZz&NRta2o>FdG1tU`DT;SE3{LbW0mlMcZ8frM@vxSH<0k5kmMO?Y zUyE#h!xmBB*>(oQ?Y32PF6BuFQ|!RC6&=0Eaff@)4KZ(t?P*MFGWgl2TgStU!B}a! zTonyEcn~?|dz*8{3FXedWuq{E{P_$*Qy13Vb(2Rd`p1e)>!r&%GOM{=AJm%~+2=h; zokm26kY%DH`%^o7qy*HbMNQQ zW9N74qb!I+?d!PuD6a*(?zP9h^P)4R7QN6WsANTbESPY8C9Z@%gbyw(3WEXZhicj8(KtZ0VC z1Gct^A35Wnln^IP%P|cb4YpC9(i^>3v8?I|yodm3F${ZX2-TkrvsRtn=t^7FvF^vt z^l><_+Zxwp^wd(0r^tw5*aPk!T&W>@3|sVmRP_>(zoen!^#vHX=ID)hsfd3u;JVAz zNCv^`ZShnD8o8B(yUQL8uDnV{!pIqy;iz@cnJ~nrVZw_>$6ExB122=pNSnqSmZ!oF z;{r8Xda7h6H(X}LtS7vPXLu!uJBVmtpfNwezl$BD=9K`uqmyIJtEtAV&F6Nf_+Zmu zFv`v2{Fn{uQgkBjwhl1dAOpizS7Oj2aV4~mc-9Gmvkv9?r(3=9>-mIL`s!I>RszWvrgwRfO`P zE(!0T4_io()c3rsyoPnXnDPpY?g@$n1(M&jMYAXk{pJu%B%y6*qkE{tqBG*B9$V;-A_gYob~ z3`QZvc{a>Y&98e`DMy^*;n{TDkg#(U$A~^{NV|^je?8aixqs&1%!?H|qZx+YYHFz3 zUE!%kP!T+F;+g~ZcYK0(#;F%+ZidG%#=80R^IbeJBymFdj@i*?B#DYg4<*c1tMx&K zTv7Rt+)oue-NBU~(c+a@;sTRa$J@a!?o)dRHa52F7;32_R4s^{AtP4QH>Yp0Giz4E zB!g;b^P1CZENmLA7d%)u9lK7LtTg!WQhlL~%&h3cdOpsWk=&YAZB|pd62JqW&JeeFS%I>2zG@{a$9o`x&Ar~ZtV?j&P)X~ks z)x4Ro7sY}##ri0z-pgPi#+o}}#{lR7JjC-$63)maI&{p#)XXPydD`Q1t207CAc+>` z)J&w(UJoo^dQ(3C`Nb6cqoLp1EJ2emSvjqcu7&o~H|AX1ZaGb{bO$f9>YZXc=i=() zi!971ZoQgQzAZEHg22{tzxA-G;PE~K6|dz<9Z^~B%DVU-|2h?88FNZ1>4!OCGb+5g z%J2K8!x*$>Hn@^RW>h@h8e8dfsHc^MP?~NtJM+kJqVRy4TaDbgDZF8-99fq79)mY6!9c`A5$7JM-$p;#1TG6zaF zazd_JRmVjFkM#`v=0MNgLqA>UyU8wm&$ln$qI2-WMn7FJyQ5Ebp8V+&-6`8Ae*WhR z1br}lHuk3r`|hI3?jN?VUFOd;6Mw$G-u$LA*UI+Y{`GzSag(q2SxO9?idj~K_`>mYkEeRRYiG(DnZEXZ)@%BxoEcf~f?7wJYG_(JO=aerZiWm%WGOFxQ1k5R z#CHpk3Mu)uQ8F7BEzL2**$$%+8bp!6z4EPkB7}jbzBLP{f-s@wXWI5n@XnBLD9kr^ zQ_}^P6WlX=MIOLB)%au?n#yLrm@)h{SC!PIq2V-#QM_CD%DhaUdLeVb#cDZ5)4n2X zAc&#^e_`w3v7#ILDT$Di+&8HhXNkG2BR_nCKaPGV|;A9>~~J1g9E}Sfc%E*S0j8rdlc2!v{}} zKZ|v&x{R(&7cGss)2+8@Tx^hM_gI8x5^AV&(YLfG*o6ER+NKf191ic!>x^cZ!A?EC zEKOf9ce-+;VOc@B&~nTwHoVGrOfAP{Ja#J~n5LVPoHS8=SUa0pg1t-;CCcp!xo(^( z1v}a_=k9D6M?C&OV_LVs^g_Az`74&oyI}&cXU>Vqm`mG4OM4COG8?6g+Kh%|RBP_a z)ljf?*W5%%qEx_F7%X3T%wFtWipTxxW4FR;N(NNV8wz7cZt@*CL$mr2>Y1K-?{fNM zn8?O(Nu-9t7mH;>nav!y@mtjq5ct)!Dc0>f^)O~;Z`fWlq9%#_VLp8>m_{G){c)U? zD-?&9#pU)i)X1CFUK_}lM0N17>W9<5TyHP!Dc0K9w3;ZdkBPy<4a>*f8O#s8@Xx)q z&X3hnr3kP1+xr5{7i+?~bRQ9(COw?#g-T7)Sd}J8go!a@F5<^-N^VYZUVKe`CEsnG zfWbGnoiAG^5hXpz(ztBoqjYp~sK<*YB~+i`@_-wM;on$RNfpfu`Gz%g0(*~mC2>{s z{5(0vb@Q3E_mxi1;*}B6JiwKzK4My?gVnEa2#vgOi`!cUO5%+wqa8=8ezrQ@1 z^@w2wLAS=%M`Ky`$Fb$5DI`^~;|+d@k3EdfNi!q7^(LPN%5f)pFsoqK$s7q3Nl5xUS*>@T2Q3+y z;y&za^0WHPz!-l!cF5`(o18kar*e6sRYmRvPhf}zr;K2q*||hQ2KtpGN?MTBTarWL z&6zSfcP?92!8^`&63M7Z%E^6A8<*6Y$-X|q(XL&W<_N@BmPZgaWZxfB51F54s`b-o z8!?ua3(hwjyo=A4NgvgNEtI?z6_6UNGLg@idFKA%=#WLfxlj0!jE7FJ05$WWggWY) z^?^KrLONxraOJ5|&D<>eFwQg3GZlBGapiTx`_Y`f!TP`-Dx_CkpG%;ZuZx)ji5dKJ z_nmIvE`~F;+H6DFL522cSk)ldGq$l4sV=*^M-vcmMsHl76LhTh?%X6jpnDXdJEimd znEsID@)obmVAK~2@I?an)?BgUP+&cOLg$h4#*io%A>O`!GaUbuSN*ea|8KLF;7FEItkkAao0G~A@Z0& zWpuZi5!}O|kmpV%?SzW1d4`D$W3pyd?d`56kq%vaX{T75AmU)D`W3iEp6@}_kJDhh zZ*oUzk=mTGV`86bDlC3$_| zAC;qh^L$=3$vRPDXY-HGjb0O^bocJwskM5)yBGVxMVmfUaCI+XN;_>L6LA^Jk4?nY zNT*GRNd@9*%W5Zw$qlSHxX1s|5>BWLeJnUixxKL&QWXpwy}%z z%dF+DZC95<$kVw= z=Sv7%D2D8)jGUuBae55dzg#?Mr{z8(ISO;#nik8$dlbDv=W$+_5*oEczuI7`=5US( z_C@V6rf+4)uGNW=rVvkW*I@QYdgkhpvVE!yE@zO^N)@F*Y@~3C+e^uccJ|0 zD8;;dT#TQUw|h0k$q}5W{!JRqL%N5ndym)jZKtXI@||L%-Jebuh!!0bPOU*I%UpM= z($Qf&!zfjw$JMD$af^00$9kXnPC0uAd{MiY!47?Ug0SpNinuOvyK+cZ$;*#rmYrUI z@*z8dQsYJwcug1g?94b-9$=0@;av+i)0Xw4qZ?a&6uv(%;J!NA8>E&HFijg-3sf`ku{JAC zwP>;kNp~(J2~=NkiKWq9!rv;ar%sv8)UR#T6F{*m(-k-3EF{HLy61{qL*6VrfjYM| z7TAeVwk*YDwm>t8oa3tqahl~+UV|CRPZHG^leJd51-FakwiyqnORSCDA5R z-_1r|^Y-knx2V#vnZn)C^7ZuDkc5nx@KTR?{8OoYlvK^eL$=^o;TXg*H@HoD^T0utlIj=6Ib} z2f96qdOAD1JEw+h)5{UXzMS?ZN~RjwSb~YXx7zWysEIxhuhX0Zxm}}RJ)USINU*R- zxA=c%>i>57^}DnwwxRs{o(R8$pWyAPr@?A*0V>Hs33p%G2%6=;TSS z|64|~VKrh?R zi!5h+@>{DW)jpNJn{!eqJZ~mDL`gkzk6ku%h2r_EuZ2y z&-#Mz`@6q(7&Mhmx5~+zNr+MID&#$W+rQ{dQ}7&*8S+LJxeMlqIZ=MFDdtAwSov%B znlBjRE5u965mRQ^kzK29h7Inr=(kvgXc&4tACGA|uXBMaR9b#4+3PK;E+b#6vA+iVV03}#4)tmcnZTi0OJoM5L@ zA?+&VKX_r#4Ine7-oD5@?bqO1uejh)owop5_8 z6*4O~6fiDK@*u8m7*=lUBZ$TsQBSsbDKX`K%2rIpd;Se6|Krm4RWDQS4Oc2Ji~nTweh)+!MkFMKw^0TDyQHF2fEyyFKb2Y zdfq2mSgLG3)O52A{~!`TaY(LUE_2 zi3f#Gl>6=JuL?F9oAZ_>10$Z#w0a3t4wNQPL>7?mq2P}sWOy{d$~op=vJ>E=Nfx)f zcvb$t_TD?H>1_KOzH=Qrh*)T$C@3gM4K37BA=m&>X&OKYh7Ll85~?F3B2`4B1sFx? z1R+4^=m1H8Km>%)qa+aNCLx4CfaeR&y)*Ydzi0ja_`T~{_kGvvS}YeK-}60ZpS?f3 zoW1wCc(}zIG%4Gpt|SKriDGHLGAB72H#lX)A-b5ie0#;j9<$wZX4cfwQ~!iOWQ4Ne zT-#9M3tBVMJATN!-zVhxsAGGrdZt`x{Pc5aeLokfbt!Bw|NRNFDARW()Ut$|bqxk) zo)lyhUYVz+uDJe{?ac5uQ8W{EY*{*NxTFY~ADcXa7Pd18| z=G7VXOzGWw0VJFMbcFN1#&is^{#NOMkEb_XtT2W(D&`hGG>u{MQ2gZzlO4L5;uaod08(_`kRJ|LTAK3mW}vEc@+{{?)Zlpau`teDAqcVP4eA z1h5%pm7d0|00FG4F43}TOr)AP_*x&O%L4VeWC7+C;a~X@l*>h z+s+C1(R1Ey#T&4nLQC#`Qa{GQ^qjUD!a&4aNqF=GrH>~BPn z@A0rg&dco`c|4Y}yX6Xd40-gwhUow26#f5TM=OF}o?`9E+-)oy`O#?Yvwqei8{=o? z>EcINP->wO7%}xs@`+l6rkh8G_;a_B&smH_G0>y&m1W|F7_?c+O+rdsSE7X#S59?l zXJNeQ!$rXMXhWp6MiNFW5H#n&#>v~1`F$&0#Idw5s0@R>ze1Vhnc%Wybj>U~TMX$) zoPIa9gbfQ(GqMi19df_=_ zjlUSqQpZ;qRe3-tol%w#sxBhH)erU=gm;K)N$dY9AvutW#g4gmz4hl!fWUwh>jS~D zF_;O-WaMQ1UvQfL2e@UsCcW~>MDt*?^T4_E?tN)u(un9ErH$){31Lvq+YhRsoM0~m z^tb)L$SlgJYyYUfAnxaGjF9^@zu?Fhcgn2m@e(0{deo%@X~*cziM5=VM%O)9Ihs63 zI%%1s$m@2es2!Zf>GjO!u*I58@3w!fKS~>Ol5Ef{OK2m zefbd2z;Rv4WQ$-Y&bcW^2LFr6b{;iNXRPtxItc?OeJOspB#z(z8+N4+r0*ds(|>Nr zPU~Qw*HQOS`SjJp2HFc3u3?=o{bp6@dMu`~^|SEQx9(f#3b-|IJJZ{QnC|tn8HR3d zMI?w>yx{pyV8(b!tH26eRV5iSd$Fd1vZvX-MB)w#j?>Gz7imMM0T+9wzkQo=>R3f= zNKI|qP#m&kbvJ74S6yh-tirXDbZK!NO<@QBZkqrhJLvJQSo=t5Gm5{gy@`Ysd+L0) zn;%F)aYjfwGJOwi2AYa()nfGtcgv}Hd~NB=(ou4)9yFqEmkaWy*4BNup1E%K`Icc= z@|Q3Q_%!RbV6qr^pmx7ogv*`ESAjnZ?Vq%3%b^wTT@q~4^B)6zM9L}qvshYkP%cY;Db47QDJ>7MWk> z+^%WZPdT?Zfc`Ld?r!FpmTvul0KCv8MJxUuDdn2rRUcPxD*Z|fl=>xwV%PSN z9cCn5JpEO89y=&1T(YV<_whxC@8txxTp|;fuJAfXb5|e#_{>n6pGA(&9khSutn`g! zcH&Bn-{Fel>E*-gX_V1;^h=ss+cpR!#t$2mmufIr~ae8>-o3Me7sL4QAzV) zgvsV_P2s;8${NjM;`gS?8b`cu^0-t;I&RqhWKQ$hJG6aviGhaxLZZ-0C`w9QTT>B! zOC;ff95nxNsT+9oNO;Pq`i&R8C6tWrM^+5P*wZac6;9)#H9|r0+C_+imWqnFjy_zc zZ^|=}BO&02j<=g3- zL-(MY#hcZY)|lST>f;jKr{!LkyCNMVWfCqYwkAUZU<+M^WUsLMl^GQUF~}U`a7*5b zExl@h^9lZ4%IB*|kMup}$BZxLF`hDhMVto^dwtAf+xZ4g$ORfF2=#S!yd&m6lTH7F zJ=CVgg$NEuJCm5@Cc=+#z}{6`f2S{S#xSoHbMmCorzLU2$&1TsPPeGC2#6f}-u;-8 z7=vOQN~>DOhI7sMgE0JJUaBSA@ql8r&eADqZgd&@G0hR1hm?a_H<*zJ6vGmd><(7cN*tPc6&th^`(uCVLKZV}P6)Uionl!+(`us$e zCtP$gL9WQl0aA+}!6fK4Ic;zLw5AKfD;_>jE1TEs#eFtDclK+0Q}@()`e>GGAg1F) zfrER{Ken_%^Psk~q{+A${FmtwM*RP_r*%o3$@Vy>-;x(0|G7@Z2@Wd|q(e<=@!KVG zd3#sYtlIW6PfD2C#IPqXF1;j>=pW;4%u7thU!&EUOFsp;gvG!Y3RIH%MtVn@JzP4N zIqe>8S|cB0LQG&tr<<6lzI6!{E;3mmfxf_HGAc!`C0FOV>@!MCn)7OLbH4^mG|3}J ziqX>B#;v{vLT((m{)N{ll|ZCv^d*k0!+Ou1k(Kq&1wzf+dQ~>*m-Tf!9UYye@D*(C zhPGgUrTu@ZBxdePx%@3ul_R~>AZvpC+%IqRU@2p_X$U=+jc!^{+m~V%0sd5M54gA{ zgCGBWm77L`aiXe5K}aO~!`1Ml>G}fs|5ODb@Q4~wq}uXH!7uCh%xn8^?s@jt6Q5C! ziOIiL6G|i+dpEJ)FOsUgFO5q)P|A<73!AVwn2jxi&S}4~kM>>cs{QcpcCp)tiPDbvGPS?uZ%~-v+ z-pYE0_@G9g;;Z&*30ML2JeyoDBn*);YB4bU%T%|8kO3r90c7#a!PUgX+^hoE!bpvu{FrHhd-IznKyr`2?IY^tE+G zO}+ij0lB2rCDOdej9m9N%NJy^s(HImTQvPR}6)w&ErEtk809-KIs{jPxkp`vo}8+ZSC8_by#n zzL_Txs^l#+V&`l;y<$2ZY|t~DFnYkN%fncENXKk)_^zYU#@MVA2gz6FB2%O16Uo-t zyD!Eusn@HJgEi9L0?Ft|t>{biWZKOsaXJKv>rrA%4V5Og=oWP9Y__zYXrm<*8{6Q` zXPe#UB;BKd*GxZLt)Knn?qxW z`vLy4d^$X7+tc2Oc-DA%;@i`15n+_0uC0;N9~=kC*bN^S&40;Xd7V?qe6{w@&}eyS z>Zoz|aOhy;`ZKO|Jz`&chLR zzkcv@$VPS;^f^m#yt$bk22d%Dvhoa-g7VqS;RI@YA-T}PK7-G-&qi(z)DoEjP^7~f z@r9GPpS>+&)49{{2G;GD#9tK!ZR}R!`k`QB<5aEfcp!i<-H%wuh*{^9vVQbG#QJ@! zG<;C|A?8(T_X~0TtYwy3TeQf!wvskuB!5k74d!?>D_58j<2PCxZ%&R0U6^H?DbCNluCeAJSu6n&!;fi#6FzSm@Y64DuWS&Gq^~M!rojgP;;o5*!AK0S%+B18s zP7z`RB24bBb;$uox!SzxqHDkp?8do@hp$XTjBLbTO6B| zZ03%2(p$(Y<^GMu>gXghYT2ivSgZG%2IYN)n@!DcL!x~hsjSsH(9u8983L|2d-!0R z$Cvak`Qkd4q`|!_G3R};OYtV*C4%RluX|N>d{g-X#hPD-xkl33)C5c zvrBL%73NH+*3`xV=gr)4u(TZW)p;M+YLu$wKhVnp@!_`(FXsqpAE)$=&h1 zU0J=ejBL{ybcbN9jZ#0H>UoOH!z5es)8NrGmCr+-z$s(XgoIMTE9RLI;aKD-hk_}S z9M$ca3kb-4IGsKCq!&+oBLB+6^2G-7=P|5`*;)q0O{tuNlynWh5O2GV`ectDjusxi zD~dAB=&iXf9cne*(|pm#Ogg9+uN^%}MI9=?_SnxSqCqK%Ay!e2SnotNce39nquyku z`AaO)%=AYBUW~rCtKN*!1AbZvJTK}MzMXGkg|wATRWkbrf;8<}e-HjX2E_it%y;tz zv8~r-Z3b%Z8@a^8{*V#i2;JX?h4XVg=%!*)lJGm> z%BWt2I|rC1o@YCwYagfhly3U>sKG9NwFpy@N_b;r8;o~kF^uSM3U z(s*}muZ;H##*XQcOfk^G-i0HiiQigRf+Ob3E@NN44(Tb)A;1@?U8(?HX|FF&oH+K8 zXwr)B(Mw;DheS6u<-w$>ZiB@8w*q_~w9HD(y+BjlBuigrx1`_7xQt-Bl9XESy;uK$ zEA&H~j!dL&AiTTqFMEe*dL^@ju*QLs3@0dQvgRUKz?K606g92npWqi+l`DR8`e^vT z90P5s8cm5uVnpY{_d}?I)5Bt&@Wy%-5Nb0%3|TMP(hK`w)PW*ls_|aZMJs*IV=JtK ztN?@J$abwsohZMo){XPT!ouf@~qi zLF}qO^?lD3$Ga;cX@U{(;Fp^fhvTLO^F837}I zq$|R&L0*zO-|873x&mfAB^Bn{QwG9{^>$NY!GhPYe%OmWI&GUL=i?>N3BK<`-udXa4PqJesgSrpza!aJYXHCAf!T?@?9^NpLp}ISz+8P92<1n5%(k~5Kei7F z5=eSH7LDsQqm29*?nCdcxJuIoA4JrCIG!1PN#6H&p%5rD4(^v=FvxRx>^6F459?<@ z75k=SWo4;K4Q#tMY3vZ*R<2@Sm}0?xqm3EM$VW4Ux~j+AQ4vY0VP+mv%q3Oqrf!!6 zvv{%PdUg2kgt*FvTg-?eZn}?2D#3yjrHI%&qS9xI{T#N@QBB;J>9T5&O?frIjD^`| zK2}^E%jE_J4t~G}x`MBg1x%u@nX15#2}x*$_=$(~!8WE8!A# zjwDZ;Lmh||1AHaV_q0r+I0nb6NUazf@+O~tfbRW^FeVBPIM@gxbVbSD2VlXInu;=_Ku5kJO>C?cam8jd_tr#9)hq|6t z4RJjto{)c)_L7mG+E{xTGOCuMGraMe z8NCQFIVa=+rx_>uHK78q1q~aUq5{vsCF)(+7Rz^SzYP}Q_T5Wmmn&d zDe;q*;2Y?!#v-&4Sg}C1MN7HB_{b7WVTJK^C}w;Gb_Js_8a`9Y;GixWlQF%dD7Zy(me4qQJn;rtwONyTzirSz$tAmxNL!2a9 zfc%SibfESjL_nq#nI3$LLe!dVw^PI4(tcTKLAok!90b4qFC;hmPIA%?$yKN8K9&;? zZV^TZb%MTmNeGa^jTD_QRiKYthcDm~isUcs1jzt?~jrxl>tv(AoL_PO1se4TiJDMZqJON`~ z@u!)iMWdaoBzhIrPc4ozAB+f0faN)+#UF332++a!M=aw1aC+EGboZkL#(`1%m2*au zEfwht%GzKa->w#qxS($=G7Sq$smVwYy;lJ_%D~GOO^Nc5M-`4TOzL$NBKy@@32W7Y zc{aFV+>(UVR?J0o>*@pAJ(Ci%PpX8on>NZnSEeqj@wlA8WdHkx_+ALS8|jl#xohU#dJVNHND}+ zxbS0GIl4AU+f~Bqi5pyN6G6LQ^Wmbb4|?zGv0=&MjB35=pPAG`Cw|#LLwf+{&R}ng zw^59rxCi?~X%ZWjHa9Ul!iuGN8&rFqjf7WAWR-A)SOIl?d(TgVP08D3!IA5EMplf$ z{Eu!E_W^$95?iJ~nF$RsL7RtVo#5E|1_FTB?tLS@F>qOh^vL1p_*>pYWAR*9 zn31jIx^$OZHoKnF{jKcLtKiWS{aUXv*K(_zy&Cg60fT#o**LBS*eTZ;afmVios?G} z&a_DL&|}TnEY}4e&n$F)nK!#$`PfVd{b%gT!XNy`9HaJ`G{}w@*G@~c=Q0tFa_T;L z{)+x|@zy=$ zaj{Q-*g!dX_Rsb_t%-Tsen>Ryq|eXR_=k2cRn8i=Xdp*n5j|x7-k79?;_DL9zBhR`V>N>Yeb%1PSXqA!OYF!$ytIi}*{@dw?*2 z_StKWPjom+H2eD!qv~l*8hzour#CE`!9E@|>Y4JsyF;35XD5T%C;AEGBVY&G6q6gf z?3=#Vb^;+bb}T&K{(28k4ZX>}3+J}3pkI2nr3RcCF7kXIa1+yN!Bbl3nd?W?#D>vY zyh4*49h3s$>T+r0U8?2blXY815Wv0D?J@R{Qv|JT6T%AgJ>`5a;b;1tg{kflz=|-I z*!%lRyxrx{GTo%Yl{-Ps??QoVD16HiPdp+Lw5M9E*HIL-8G?osT|7P&KH*6yC;aa^ zuAxHAue*^hIhJsKCnPA#pw(sUt{aNkEvIAW>?bMnlAxZc$C^|;cJOAzN9p???OHV+ zp)Ie99vpq?#830xTP$GWb<-0#5HsOb2)|$#i#*W;w?i-WD9j!UKxfFf3Cy;i1sur| z!KY!HUaurbeYW9d#m(@hC}5DFH%o|RkB5(=1thsd7d00Qn%bNEs#GTVY@t}8f z*LfJI3o-^C?s+>K(g7Tr`Yyz8)dWM0tT(Z>3u#c9fKQu-@Ael~udK;VbX;Ckw5i)LLD;wzU~Ev9zGF z0?}Ujq1rT>To-21LmJ682g76*o^{=ABwDnTJ?mPWvdxG})R@~Emj0rM_1A!vOgEF} zGCh2MA>k>#x{Fn=Cep@!4ji!rtY`ds<6gginxgHfJzRNc_<4Vj4gT*P4zSQ4Hu5O0E%IE$1IGfDFj!%wZt$7+rIjmCUO?tQnI ze*43xWsZ>^p{!)$F8TZ|;q%{7RfV+C=wkC1Xj{%N5mBIgSe4%o*5YglzR0N=<;wk{ zEmm-mpIX>e?G4cE!T{cYQ5y?+0_7wmSqG{7p)=MGa4hVTv zF z#HaFj*Hm{e3an-g+|%zHSGA2^7SLu`-(R4HhH9K{@0#I5O`;Qh6UvXF9nC)dD{{;2g+c@>%5 zpCKwhv=C)3v*5Zyj!CV;GEwHN+qJi`T%xy~)J2NM7j4#r2R)nX23u3iCKqjDLU#i(GGHTf>o)}{tM3Tyw zzjWTJCUhofT}9RBqRTCtXmzQ#Wn#+jI~L{pic#KAhNpMgCkS?H$G7+Fx!$Z&-n(ek zB+%s?p2)tKxR(&uT%PfAK_`kh_0 z$|8-*Y5s+Ic5Jq<91?bGMkz0NQ|+G1r8j;RnNBE~lF4@$+M=1AvFWy4O!oQ_0=R<^ zvT&N0(>HoJ$6@`$*PQorQRD;QRg#7W=gLY?_1Av) zq7nexk3>#|QND?%k)MG5ZyUu)J6KLJD8Yf4!5^4o9j;+7$sCiVgZg7#`-L${nUfI1 zS>f2Q*WFf0#pt`YoHRlbjW4K#zL04N9*(0TP-89REVhsgwU#lRkOW)T4>P4lRxh;B^%J3rlr26P@Y^TFJ5fuG0p z0~Nu`v%~Ng5jcynk2L&X;W>@j2JyVz!O@)TfwRFeIv2aOWr!Bpp%tI;Go%wK@ah`` zaljRonW`-%84lkiti(H$>VCsz3=%;}V?+>O+kqH$MoOTfF;dsNaIAXDus1ozKqTl^ z#?Yg2-culP45_wuUH!A<5$3FS@R14I;)rGhKPu*Y)l*Pm-DU<*alxq{!Kt<;yvy?v?wh8z)%T<+=P_30 z=#{QKQ#A6L?1XTaU1VFGwakNTY~NOeJTbcZ47jhRIdQA+Bfhz3ioS*y^F`4&o?j=& z|E}e8CaH;-vandKT#&)h>bPH3Q>9B&7yFhLhH(%ZEzL2K5KuZi%1$A-$! zyY?KEv+47?PP&ll@Oclyc+4!lCh#TcZZ;kjL=qfwQyE8PP9o*Mp9iX9rJ5xMn|s z<@T=bM@;q2r!TDw2i1Vv!cA5TzwjEu<$ZG-)C+fxH|b#p3fRwH_cY~HrAykcn>yA$ zK+4KAxSZ6!^HZ{8-9Yq*V*hMt!1zgqah#>v72`X1ZR1%WDY>*ZI0u&ai$~rI7xSadqyk%kP1D|js-6yT--i>r*-LnM>Y2^af z!P*DRvWQI;<58d?CHe}tIbgJ5@5f8Gla1d!4L#k#C42f#nnqaX(koiKsZxGpiHQls zfI@8=+t25PHWWT}W0$V+t?^z9NxJSI?(|;_5hVftw@e=$s`yTtLL7f_!{l4{M(&Ab zrIg6>h}c@U(I!5~dYzSZsASE?uk$awv?q^IR3Xi4IusH25;rn zJb5jd*>*|Nmpst@aj=bFDeYmow6AVHmG3qoR&+bAbR}}$w0m;sR+G76+R<7bSe-M7aC4Sk*^P3N0QYZ-?bW$7f}dZRpNvVi`^fxRmMbV|I)9)_Q|LZt<)=## zcZRQ7!=Q9z5aIe8r!tCH%VVe7LkTM-8fiUp4eYxwa3LEuQ(A$uhH*~q^J{dwjPCuf zE`jTFqOyZ~roRE_z+spdSJ|tV2Ero)$H7Z-8}hzs|FYwE9ZA5Q;+GtMjTd>9k$hR1 z5!7+PtLC9>lfNs-L~bgKMYW~f>g{R)dRiFO)ITIK)TZ+)iG@pu(wwU)LkA>v#v1j1 z_hSD7lS}j>Bqow}onlbt@~&c(Bfx>jXklKqrR#<0*fIReoN(|Q?I9?QCpnF4^$CU2 zYy49TTZ&H1HuyVm@PR@r>;ompA9cnqD0$zd(z`#x0`H${++$_tvpH>7X&ORqb-7Qc|y`*gi2LKM=8)INyE!VQ*~yflP@5xj@!&O?XJgecA)55Nq9 zyv^G+ltSd+uEh z_-vUu8m3q-3wDDAU-sh#=Oj@Cs_o#(Jym&L9^L>zMTRgmF zprswWR-2kaXg^JhsH&0VAU{=8$oj~Bj}bTcrzh~!vlSlE2SO15K z+tviSbdX&%I+h@LHxuWdXr`FF)X zd8y9+Fu^9ZgIA6(dcD*4hnJ4{ko38>4*z>d4euw6uvtwM9Qnqx3X(QHmj~n4_Shxm z6q~15#j`7hF2N(@lC2=e>k^d1KjnsFFD#)~gN$mnndp{x)2|ali^-#v5>HYguete& zsd~FnY;7t$Xf)_pM3z3~B(7w`t2?&1dlH79O+Vz^+`%DoUx#f;g^Ph>Pct$c{2Npf zk_`;PazyL2f!Ob5lES_yvHo^yIz|KVgr~v}7Yl@3rp{#y7l+xlg=q{}u1~zt9v|D< zKk4Pd*CluRuEj-)5+c{~e|n%=4p=outx?)+=XUd6*QV8#uWcKSEpd`lkgVMxW|%k` zK2Xn`H_6UhOe^h3q9-R@S0b~<6halNhRWJL9~lvIaL|b#T=3iUiL{jz*P*;l4d1Vv zuf+5+SgxfmFrG|jvYkCC)vSg+zH@8YOqE%`gw0@L$WqVEB%V?8#kejDFGST)2krCX zCgx92zdIpmKRkb8c;5%1nb4}`lMz|xWU`cfpnHDN)nRDm*)F=>^m)QxxH=f{#L+M` zzRzhShy?UxieK}=&(=xqQaZR)zyh~vzG+%W=zs;5C)p(Yqy!iUeh>BoVZ)G(l(}ue z_9lW520ME~uW`(@{TSzvBD%xVh#zkTWiGosRHT$&l}bozB_VA77Mj-Gwfk#EZw|7 z&iHY<@g*m9zDtTp^+~WE6e=^hBw-dZg<#vI>m^o#3Z$DtR>a;?%Z>`VY5K-@0{N|3 z6(K6!@>spyX_>A{fjWUfvj(xIJx}t-p2(+lhiKWv-!9oUus$E5(E)6nxO0o0zucJx z)snb&N zPGS0@&o^-EtE46k4pWReDe8Mb65Ul3IQKhFc_ktiQd{SHp^=MhPsn;rwsFobnv~{g zWD~6bUr(4-e<-HVo6SH*k`SuPx}Mue+WKm&kPbNg|Mn zNm6B3pRpnS%C1KdpVYUu=7BCMN}3~!Ml={0%KG*Xn(AYR00mRH?dq0lq-ouBYOGEo zI06Y33E{`Bo2_{bW1km(DL-axY_PU}65ph=(WG&>*>AC=Woua>77WBfoMubrQ}SmE zQu3}%gSHuTjw&s5JSaIDaUOEPK#rkxg|9zo#)L_eS6&78^pL+Qk!Sp+Fm*m@6x~Hr z6S{+cP$cDhxYNQX_o=-a5t=#lV@3vEL$km4LGml!YmEhZBO*E~`TSkVPhdrzER3v; zKGR*z!g|z}h$>B&hAuc~i?s@@V`dpv_AZ}-z^po~?zH*9N8;U9Tuk@Ky8{Uqz=5-B zv2x}rzQ~KbWaI zLM*43L-8sSl#Ci~f71`->;#48sj9RkMQ=>3ULxM&8I4%qr-piZUN22O3#Z5mONF;M zyW}PucZ|dGfref4IsJ01r`k}eUug&DGq#afy&aw;IPACvVB~NKjXN>Ty|FYEMm$H& zGpRFezIQ@$^G840^k&xPJsoy+7s4c_CaI}bsy&_o#UlhAwz`Ft1-~rST3n~nPkmF0p>yhJM)-(u){|_dL6>LD}!`=C0_ODezdM= z*?Vp6_S%HGQ)_ChZtinO{ixv$;{wol7SN4_cc3Y-jMR>;(D0-I;XZ~L$~t~BWTE{G zSt%JRy~n644weNRM+A>q@5KC^RpM~-$K9JL;7_}ic+!t~_&Y!H`rqqFf#Hn}W!(Dj_HX9sTvn8`7`^`LWPXwBrB3&M^1Tv{f-k(t;pUu= zna;i5Ry6XgSm2DN@;h=ZDm7`LYR+M0Jl;)i?gh=P|9Ir>H${}7;fKM>LoK{5cg2nw zz$B44d57ocb6ga^v=0L0g-JB|`g7NwKy&XRL0eHa zyk9OevTi6@`>_Ejbx(@5wG?(Z89p=@C1ryT+|3}u3OvxgVo;>-Qpnvg*8qCs@hR!I z^-korKtwTrBpu^yGoHm_4mS?uWtIe&*_Otq&Ke!wqBacL`7H4r>u>@W~vFHOY+%VkbZUN51g?zjYiHn2>l$ILNmYu8pBMM`M;iC;XQyQ!1 zRQ4c2De>9GDf#DWeMq5W|l#tSiRdDfVkVsWJD~i@HU&GA^GcJy2fkZB|<{k)-)z^_;FW)cDs~ zkIE<}mPI0|(X!DLjs4pGAOy#wZ8f&aDt9HY>7|)i36x@rru5lBrTQ8+5p0ttU9fkAzLcS;1(@Dm@tkR*67w-DJ<3=|H2ihR$G{416Hz{yl+neJ_p8 z8dH{jm}ET62(sZFZA-AwUp$s?lrQxAPsA!!j&=T=u*uCrGtzMFs!XG^+p;BFK${40*k+jtb)fs5smUoo zC==i3QpQoExiO_XG`N^z8{=+McQ)P?uzgEN_pR&kvt;2Q*0>e!(1*_p4_k9j_}nr+ z%fIsWhi}snSq1qfH&QdGoxwM`!_RL^i{it@kjW$?3hAz3BE}PxLg!}b@SnaX;|v3hCxN82{pL=UU6z|) zWPBrexm#Z>3Ee?kbl(gU6U>kQ<-4V3=*E1=n7R4f^~R!d&2{U>t~g{z_)aQsm^136RCaLB(m{~*h!c?hJWuHz8MDoz9k@?~kx8?hp zt16{I>!HWV)=fPd!DFEdqD9}ACM(Ml`=i)E8z>Zwjkz=lgtC_wNlvep_+Nxjc64cV z3+G1ucJ}_Fa+ECV!JiEPzn2rJ|MuNS^ZIAG;<5j)eFdUyyxD8%6S?FW8Bp+D7UM*z ztCG1h0A%KX{tsKWQ{|Hu$qd3dg)zHxXAi0x{hVSAJYe|e1B>u&s6{^w26t?&U8Qb1 zjbvTf7AX@t?B5E82oKlowx!NhHu9_3ksX0R?v$I*js7v5MORYfa!P|?+18pu?K+~rjPKd}Z4#8*$!({u4j50B-P~Eug!*@G zwut>hnExyR+R-{aN#AAr--}dss*M0bvcK0O(ck>rB>(#|rJV{|i1GjbdJ~iXYs3c< z2mzM=g5$ve4rIZ;_yg=ag74=6 zog%l86R?eK)^&w^AO8uxd*CC3y1tgSx-&)e=Lj3IxgAcVOY&FEj8SmaI5K;ClB`3# zNmnEOl?Xd_!JY4;?}~h+yKKzYY1z7LMA>dWsnGl_!#5&h-M-o3J0?o5oN6l1$Tx52TdbG7#azDf zO64C?mZ;je`fZm{)ke3|mSOI~&P?daESb%XT;Z+|DoK#d9gunzs;I}rf@Lkr6nw1jMkZ7qL3THj2Wu z+m8k*%gx;Mb)vU6l244{@b;skl#~YDlD12ZF^=d`a{0cIwdlU`(>*77!}l0+Rvg&UsyDFqB^%thB&R zcm!?W-X zgv>59OdIB)a?ew|sCQ7&y=MRclx5Y%;9iC?+n-RIxp%pL1L!j@Su5h|O|8~823FNm z&%3uisOz~tHfH|>c(leh8&`>{E-IL4{#dO$XSjLW;OBJ!_gjT_?A8572Cx*SGi&IR?ex8r8NC=>gx(wcHI6fFgF} zyh?z&k>4V>K1U)PlD-;m=0-B-fXT15Y$k0jMY=j9otbO{=qqMhIwuT}`*Au~9N5>O zZrAj!nU<}=tu8*b8Z+GdBs`k;ZFEyF8em=trOpgB>T3c! zK8JdNty#J)#0O?2BmQ8Cv4y$6v)ak}dk#sz1MgXVmc%hQ08Gt`s^?4FMRnMICooMk zN17ZWJ@sltls0*rs}6851KOCZGvUIz9(vny!~Pq<9Kh11fE{?16QByb>DVaO=jXD3 zo}1KiEU-q3htqpte1MJxn*zw$m3C0GG5d?HQ(^_z&W5(N7lV?Nb`ubK|2N>@Wm5|i J%!Rv;{ueHk7V!W8 literal 0 HcmV?d00001 diff --git a/docs/pages/access-controls/compliance-frameworks/soc2.mdx b/docs/pages/access-controls/compliance-frameworks/soc2.mdx index 594f3212f0caa..cc3daec8da838 100644 --- a/docs/pages/access-controls/compliance-frameworks/soc2.mdx +++ b/docs/pages/access-controls/compliance-frameworks/soc2.mdx @@ -72,7 +72,7 @@ Each principle has many "Points of Focus" which will apply differently to differ | CC6.7 - Uses Encryption Technologies or Secure Communication Channels to Protect Data | Encryption technologies or secured communication channels are used to protect transmission of data and other communications beyond connectivity access points. | [Teleport has strong encryption including a FedRAMP compliant FIPS mode](./fedramp.mdx#start-teleport-in-fips-mode) | | CC7.2 - Implements Detection Policies, Procedures, and Tools | Processes are in place to detect changes to software and configuration parameters that may be indicative of unauthorized or malicious software. | [Teleport creates detailed SSH Audit Logs with Metadata](../../reference/audit.mdx)

[Use BPF Session Recording to catch malicious program execution](../../server-access/guides/bpf-session-recording.mdx) | | CC7.2 - Designs Detection Measures | Detection measures are designed to identify anomalies that could result from actual or attempted (1) compromise of physical barriers; (2) unauthorized actions of authorized personnel; (3) use of compromised identification and authentication credentials; (4) unauthorized access from outside the system boundaries; (5) compromise of authorized external parties; and (6) implementation or connection of unauthorized hardware and software. | [Use Enhanced Session Recording to catch malicious program execution, capture TCP connections and log programs accessing files on the system the should not be accessing.](../../server-access/guides/bpf-session-recording.mdx) | -| CC7.3 - Communicates and Reviews Detected Security Events | Detected security events are communicated to and reviewed by the individuals responsible for the management of the security program and actions are taken, if necessary. | [Use Session recording to replay and review suspicious sessions](../../architecture/nodes.mdx#ssh-session-recording). | +| CC7.3 - Communicates and Reviews Detected Security Events | Detected security events are communicated to and reviewed by the individuals responsible for the management of the security program and actions are taken, if necessary. | [Use Session recording to replay and review suspicious sessions](../../architecture/session-recording.mdx). | | CC7.3 - Develops and Implements Procedures to Analyze Security Incidents | Procedures are in place to analyze security incidents and determine system impact. | [Analyze detailed logs and replay recorded sessions to determine impact. See exactly what files were accessed during an incident.](../../server-access/guides/bpf-session-recording.mdx) | | CC7.4 - Contains Security Incidents | Procedures are in place to contain security incidents that actively threaten entity objectives. | [Use Teleport to quickly revoke access and contain an active incident](../../access-controls/guides/locking.mdx)

[Use Shared Sessions so Multiple On-Call Engineers can collaborate and fight fires together.](../../connect-your-client/tsh.mdx#sharing-sessions) | | CC7.4 - Ends Threats Posed by Security Incidents | Procedures are in place to mitigate the effects of ongoing security incidents. | [Use Teleport to quickly revoke access and contain an active incident](../../access-controls/guides/locking.mdx) | diff --git a/docs/pages/access-controls/reference.mdx b/docs/pages/access-controls/reference.mdx index af77e79758a97..b716a6808213c 100644 --- a/docs/pages/access-controls/reference.mdx +++ b/docs/pages/access-controls/reference.mdx @@ -362,7 +362,7 @@ unexpected changes to the configuration or state of your cluster. It is possible to further limit access to [shared sessions](../connect-your-client/tsh.mdx#sharing-sessions) and -[session recordings](../architecture/nodes.mdx#ssh-session-recording). +[session recordings](../architecture/session-recording.mdx). The examples below illustrate how to restrict session access only for the user who created the session. diff --git a/docs/pages/agents/introduction.mdx b/docs/pages/agents/introduction.mdx index cfba5a0fcf913..7da3a2440af5e 100644 --- a/docs/pages/agents/introduction.mdx +++ b/docs/pages/agents/introduction.mdx @@ -12,6 +12,10 @@ your infrastructure. ## Architecture overview +This section provides a brief outline of how Teleport agents run in a Teleport +cluster. For more information on the architecture of Teleport agents, read +[Teleport Agent Architecture](../architecture/agents.mdx). + ### Services Each Teleport process can run one or more **services**. A Teleport instance runs diff --git a/docs/pages/application-access/introduction.mdx b/docs/pages/application-access/introduction.mdx index 0f9b11c95f22c..420554442789e 100644 --- a/docs/pages/application-access/introduction.mdx +++ b/docs/pages/application-access/introduction.mdx @@ -20,6 +20,12 @@ Examples include: If you are running applications on Kubernetes, you can [enroll them in your Teleport cluster automatically](../auto-discovery/kubernetes-applications.mdx). +Teleport protects applications through the Teleport Application Service, which +is a Teleport agent service. For more information on agent services, read +[Teleport Agent Architecture](../architecture/agents.mdx). You can also learn +how to deploy a [pool of Teleport agents](../agents/introduction.mdx) to run +multiple agent services. + ## Getting started Learn how to register an application with Teleport in our [getting started diff --git a/docs/pages/architecture/agents.mdx b/docs/pages/architecture/agents.mdx new file mode 100644 index 0000000000000..297fceea66917 --- /dev/null +++ b/docs/pages/architecture/agents.mdx @@ -0,0 +1,279 @@ +--- +title: Teleport Agent Architecture +description: Describes the architecture that enables Teleport to securely proxy client traffic to infrastructure resources. +tocDepth: 3 +--- + +**Teleport agents** route traffic to and from resources in your infrastructure. +This guide describes the architecture that enables Teleport to securely manage +traffic through this pathway. + +Teleport agents are running instances of the `teleport` binary, and can run on +any Linux platform (e.g., bare-metal, a Linux VM, a Docker container, or a pod +in a Kubernetes cluster). It is up to Teleport administrators to deploy and +manage agents, including on managed Teleport Enterprise accounts. + +A single agent can run multiple services, and each service can connect to +multiple target resources. For example, a single `teleport` process running on a +Linux VM might run both the Teleport SSH Service and Teleport Kubernetes +Service, which can connect to multiple terminal sessions and Kubernetes +clusters, respectively. + +## Services + +An agent can run one or more services. The following agent services are +available: + +| Service | Traffic it proxies | +|-------|--------------------| +| SSH Service | SSH traffic to the host where the service runs.| +| Teleport Kubernetes Service | HTTPS traffic to and from Kubernetes API servers.| +| Teleport Database Service | Database-native wire protocols such as Postgres and MySQL, plus HTTP-based database protocols such as DynamoDB.| +| Teleport Application Service | HTTPS and TCP forwarding for internal web applications, with optional JSON web tokens. Signed HTTPS messages for cloud provider APIs.| +| Teleport Desktop Service | Remote Desktop Protocol traffic to and from RDP servers.| + +Agents can also run the Teleport Discovery Service. The Discovery Service +queries service discovery endpoints to list resources in your infrastructure, +and configures your Teleport cluster to route traffic to these resources by +creating dynamic configurations on the Auth Service backend. Agent services +listed above can then proxy resources enrolled by the Discovery Service. + +## Components + +![Components of a Teleport agent deployment](../../img/architecture/agent-architecture.png) + +A Teleport cluster where an administrator has enrolled resources involves the +following components: + +- **[Teleport Proxy Service](../architecture/proxy.mdx):** A stateless service + that performs the function of an authentication gateway, serves the Web UI, + and accepts client connections. On managed Teleport Enterprise accounts, this + service is accessible at your Teleport account URL, e.g., + `example.teleport.sh`. +- **[Teleport Auth Service](../architecture/authentication.mdx):** Serves as the + cluster's certificate authority, handles user authentication/authorization and + issues short-lived client certificates. +- **Teleport agents:** Agents perform authentication against infrastructure + resources, route user traffic to those resources, and perform protocol + parsing. +- **Teleport client tools (`tsh`, Teleport Connect, and the Teleport Web UI):** + Connect to resources in your infrastructure through Teleport agents and the + Teleport Proxy Service. +- **Local proxies:** In some cases, `tsh` spins up local proxy servers that + authenticate to Teleport and forward traffic from client tools (e.g., database + clients and AWS SDK applications). +- **Infrastructure resources:** Teleport can protect access to self-hosted + infrastructure as well as infrastructure managed by a cloud provider. + +## Teleport agents to the Teleport Auth Service + +The Teleport Auth Service runs a certificate authority that issues a host +certificate to an agent when it joins the cluster for the first time. Read [Join +Services to your Teleport Cluster](../agents/join-services-to-your-cluster.mdx) +for the available methods you can use to join an agent to your Teleport cluster. + +All agents in a Teleport cluster keep the Auth Service updated on their status +with periodic ping messages. Clients can access the list of all agent instances +in their cluster via the Auth Service API or CLI. + +An agent's identity is represented by SSH host certificate it receives after +registering withing the cluster: + +![Host certificate](../../img/architecture/ssh-host-cert@1.2x.svg) + +This certificate contains information about the agent, including: + +- The **host ID**, a generated UUID unique to an agent. +- A **hostname**, which defaults to the return value of the `hostname` command + on the agent host, but can be configured. +- The **cluster name**. On cloud-hosted Teleport Enterprise clusters, this is a + subdomain of `teleport.sh`. On self-hosted clusters, the default value is the + `hostname` of the Teleport Auth Service, and users can configure this. +- The agent's **role** encoded as a certificate extension. For example, the + `app,db` role would authorize the agent to run the Application Service and + Database Service. +- The **expiry time** of the certificate. + +The Auth Service also generates a short-lived X.509 certificate signed by the +cluster's host CA, with the client's identity and routing information for an +infrastructure resource encoded in it. + +## Teleport agents to the Teleport Proxy Service + +In most cases, when an agent joins a Teleport cluster, it establishes an SSH +reverse tunnel to the Proxy Service. As such, users do not need to have direct +connectivity to agents or the resources they are connected to. As long as an +agent can dial back to the cluster's Proxy Service, it can be located behind a +firewall. + +![Tunnel Mode](../../img/architecture/k8s-tunnel.png) + +When an agent establishes a reverse SSH tunnel to the Proxy Service, the Proxy +Service identifies the agent based on its certificate. The certificate encodes +the agent's system role (e.g., `node,app,kube`) and a UUID for the agent. When a +dial request from a Teleport user reaches the Proxy Service, the Proxy Service +uses the address of the destination resource to locate the appropriate agent, +then proxies the user connection through the reverse tunnel associated with the +agent. + +